From 8a86b40171e16d41d2af9136a3c6d58b76235715 Mon Sep 17 00:00:00 2001
From: Lucas B <lucas@jito.wtf>
Date: Thu, 25 Aug 2022 17:18:46 -0500
Subject: [PATCH] jito patch only reroute if relayer connected (#123) feat: add
 client tls config (#121) remove extra val (#129) fix clippy (#130) copy all
 binaries to docker-output (#131) Ledger tool halts at slot passed to
 create-snapshot (#118) update program submodule (#133) quick fix for tips and
 clearing old bundles (#135) update submodule to new program (#136) Improve
 stake-meta-generator usability (#134) pinning submodule head (#140) Use
 BundleAccountLocker when handling tip txs (#147) Add metrics for relayer +
 block engine proxy (#149) Build claim-mev in docker (#141) Rework bundle
 receiving and add metrics (#152) (#154) update submodule + dev files (#158)
 Deterministically find tip amounts, add meta to stake info, and cleanup
 pubkey/strings in MEV tips (#159) update jito-programs submodule (#160)
 Separate MEV tip related workflow (#161) Add block builder fee protos (#162)
 fix jito programs (#163) update submodule so autosnapshot exits out of ledger
 tool early (#164) Pipe through block builder fee (#167) pull in new snapshot
 code (#171) block builder bug (#172)

Pull in new slack autosnapshot submodule (#174)

sort stake meta json and use int math (#176)

add accountsdb conn submod (#169)

Update tip distribution parameters (#177)

new submodules (#180)

Add buildkite link for jito CI (#183)

Fixed broken links to repositories (#184)

Changed from ssh to https transfer for clone

Seg/update submods (#187)

fix tests (#190)

rm geyser submod (#192)

rm dangling geyser references (#193)

fix syntax err (#195)

use deterministic req ids in batch calls (#199)

update jito-programs

revert cargo

update Cargo lock

update with path fix

fix cargo

update autosnapshot with block lookback (#201)

[JIT-460] When claiming mev tips, skip accounts that won't have min rent exempt amount after claiming (#203)

Add logging for sol balance desired (#205)

* add logging

* add logging

* update msg

* tweak vars

update submodule (#204)

use efficient data structures when calling batch_simulate_bundles (#206)

[JIT-504] Add low balance check in uploading merkle roots (#209)

add config to simulate on top of working bank (#211)

rm frozen bank check

simulate_bundle rpc bugfixes (#214)

rm frozen bank check in simulate_bundle rpc method

[JIT-519] Store ClaimStatus address in merkle-root-json (#210)

* add files

* switch to include bump

update submodule (#217)

add amount filter (#218)

update autosnapshot (#222)

Print TX error in Bundles (#223)

add new args to support single relayer and block-engine endpoints (#224)

point to new jito-programs submod and invoke updated init tda instruction (#228)

fix clippy errors (#230)

fix validator start scripts (#232)

Point README to gitbook (#237)

use packaged cargo bin to build (#239)

Add validator identity pubkey to StakeMeta (#226)

The vote account associated with a validator is not a permanent link, so log the validator identity as well.

bugfix: conditionally compile with debug flags (#240)

Seg/tip distributor master (#242)

* validate tree nodes

* fix unit tests

* pr feedback

* bump jito-programs submod

Simplify bootstrapping (#241)

* startup without precompile

* update spacing

* use release mode

* spacing

fix validation

rm validation skip

Account for block builder fee when generating excess tip balance (#247)

Improve docker caching

delay constructing claim mev txs (#253)

fix stake meta tests from bb fee (#254)

fix tests

Buffer bundles that exceed cost model (#225)

* buffer bundles that exceed cost model

clear qos failed bundles buffer if not leader soon (#260)

update Cargo.lock to correct solana versions in jito-programs submodule (#265)

fix simulate_bundle client and better error handling (#267)

update submod (#272)

Preallocate Bundle Cost (#238)

fix Dockerfile (#278)

Fix Tests (#279)

Fix Tests (#281)

* fix tests

update jito-programs submod (#282)

add reclaim rent workflow (#283)

update jito-programs submod

fix clippy errs

rm wrong assertion and swap out file write fn call (#292)

Remove security.md (#293)

demote frequent relayer_stage-stream_error to warn (#275)

account for case where TDA exists but not allocated (#295)

implement better retries for tip-distributor workflows (#297)

limit number of concurrent rpc calls (#298)

Discard Empty Packet Batches (#299)

Identity Hotswap (#290)

small fixes (#305)

Set backend config from admin rpc (#304)

Admin Shred Receiver Change (#306)

Seg/rm bundle UUID (#309)

Fix github workflow to recursively clone (#327)

Add recursive checkout for downstream-project-spl.yaml (#341)

Use cluster info functions for tpu (#345)

Use git rev-parse for git sha

Remove blacklisted tx from message_hash_to_transaction (#374)

Updates bootstrap and start scripts needed for local dev. (#384)

Remove Deprecated Cli Args (#387)

Master Rebase

improve simulate_bundle errors and response (#404)

derive Clone on accountoverrides (#416)

Add upsert to AccountOverrides (#419)

update jito-programs (#430)

[JIT-1661] Faster Autosnapshot (#436)

Reverts simulate_transaction result calls to upstream (#446)

Don't unlock accounts in TransactionBatches used during simulation (#449)

first pass at wiring up jito-plugin (#428)

[JIT-1713] Fix bundle's blockspace preallocation (#489)

[JIT-1708] Fix TOC TOU condition for relayer and block engine config (#491)

[JIT-1710] - Optimize Bundle Consumer Checks (#490)

Add Blockhash Metrics to Bundle Committer (#500)

add priority fee ix to mev-claim (#520)

Update Autosnapshot (#548)

Run MEV claims + reclaiming rent-exempt amounts in parallel. (#582)

Update CI (#584)
- Add recursive submodule checkouts.
- Re-add solana-secondary step

Add more release fixes (#585)

Fix more release urls (#588)

[JIT-1812] Fix blocking mutexs (#495)

 [JIT-1711] Compare the unprocessed transaction storage BundleStorage against a constant instead of VecDeque::capacity() (#587)

Automatically rebase Jito-Solana on a periodic basis. Send message on slack during any failures or success.

Fix periodic rebase #594

Fixes the following bugs in the periodic rebase:
Sends multiple messages on failure instead of one
Cancels entire job if one branch fails

Ignore buildkite curl errors for rebasing and try to keep curling until job times out (#597)

Sleep longer waiting for buildkite to start (#598)

correctly initialize account overrides (#595)

Fix: Ensure set contact info to UDP port instead of QUIC (#603)

Add fast replay branch to daily rebase (#607)

take a snapshot of all bundle accounts before sim (#13) (#615)

update jito-programs submodule

Add 2.0 to daily rebase (#626)

Export agave binaries during docker build (#627)

Buffer bundles that exceed processing time and make the allowed processing time longer (#611)

Publish releases to S3 and GCS (#633)

Rebase from different repos (#637)

Point SECURITY.md to immunefi (#671)

Loosen requirements on tip accounts touchable in BankingStage (#683)
---
 .dockerignore                                 |    9 +
 .github/workflows/cargo.yml                   |    2 +
 .github/workflows/changelog-label.yml         |    1 +
 .github/workflows/client-targets.yml          |    4 +
 .github/workflows/crate-check.yml             |    1 +
 .github/workflows/docs.yml                    |    3 +
 .../workflows/downstream-project-anchor.yml   |    4 +-
 .github/workflows/downstream-project-spl.yml  |   40 +-
 .github/workflows/rebase.yaml                 |  180 ++
 .github/workflows/release-artifacts.yml       |    1 +
 .gitignore                                    |    5 +
 .gitmodules                                   |    9 +
 Cargo.lock                                    |  837 +++++++--
 Cargo.toml                                    |   19 +-
 README.md                                     |   33 +-
 RELEASE.md                                    |   90 +-
 SECURITY.md                                   |  183 +-
 accounts-db/src/account_locks.rs              |   17 +-
 accounts-db/src/accounts.rs                   |   78 +-
 anchor                                        |    1 +
 banking-bench/src/main.rs                     |   14 +-
 banks-server/Cargo.toml                       |    1 +
 banks-server/src/banks_server.rs              |    9 +-
 bootstrap                                     |   26 +
 bundle/Cargo.toml                             |   38 +
 bundle/src/bundle_execution.rs                | 1237 +++++++++++++
 bundle/src/lib.rs                             |   60 +
 ci/buildkite-pipeline-in-disk.sh              |    4 +-
 ci/buildkite-pipeline.sh                      |    4 +-
 ci/buildkite-secondary.yml                    |   62 +-
 ci/buildkite-solana-private.sh                |    4 +-
 ci/channel-info.sh                            |    2 +-
 ci/check-crates.sh                            |    3 +
 ci/publish-installer.sh                       |   16 +-
 ci/publish-tarball.sh                         |    8 +-
 ci/test-coverage.sh                           |    2 +-
 ci/upload-github-release-asset.sh             |    2 +-
 core/Cargo.toml                               |   16 +
 core/benches/banking_stage.rs                 |   24 +-
 core/benches/consumer.rs                      |   28 +-
 core/benches/proto_to_packet.rs               |   56 +
 core/src/admin_rpc_post_init.rs               |    8 +-
 core/src/banking_stage.rs                     |  115 +-
 core/src/banking_stage/committer.rs           |   19 +-
 core/src/banking_stage/consume_worker.rs      |   20 +-
 core/src/banking_stage/consumer.rs            |  195 +-
 .../banking_stage/latest_unprocessed_votes.rs |    2 +-
 core/src/banking_stage/qos_service.rs         |   75 +-
 .../unprocessed_transaction_storage.rs        |  469 ++++-
 core/src/banking_trace.rs                     |    1 +
 core/src/bundle_stage.rs                      |  434 +++++
 .../src/bundle_stage/bundle_account_locker.rs |  326 ++++
 core/src/bundle_stage/bundle_consumer.rs      | 1584 +++++++++++++++++
 .../bundle_packet_deserializer.rs             |  271 +++
 .../bundle_stage/bundle_packet_receiver.rs    |  825 +++++++++
 .../bundle_reserved_space_manager.rs          |  237 +++
 .../bundle_stage_leader_metrics.rs            |  506 ++++++
 core/src/bundle_stage/committer.rs            |  227 +++
 core/src/bundle_stage/result.rs               |   41 +
 core/src/consensus_cache_updater.rs           |   52 +
 core/src/immutable_deserialized_bundle.rs     |  488 +++++
 core/src/lib.rs                               |   44 +
 core/src/packet_bundle.rs                     |    7 +
 core/src/proxy/auth.rs                        |  185 ++
 core/src/proxy/block_engine_stage.rs          |  571 ++++++
 core/src/proxy/fetch_stage_manager.rs         |  170 ++
 core/src/proxy/mod.rs                         |  100 ++
 core/src/proxy/relayer_stage.rs               |  515 ++++++
 core/src/tip_manager.rs                       |  588 ++++++
 core/src/tpu.rs                               |  113 +-
 core/src/tpu_entry_notifier.rs                |   60 +-
 core/src/tvu.rs                               |    3 +
 core/src/validator.rs                         |  100 +-
 core/tests/epoch_accounts_hash.rs             |    2 +
 core/tests/snapshots.rs                       |    6 +
 cost-model/src/cost_tracker.rs                |    8 +
 deploy_programs                               |   17 +
 dev/Dockerfile                                |   48 +
 docs/src/cli/install.md                       |   37 +-
 docs/src/clusters/benchmark.md                |    2 +-
 docs/src/implemented-proposals/installer.md   |   35 +-
 entry/src/entry.rs                            |    2 +-
 entry/src/poh.rs                              |   29 +-
 f                                             |   30 +
 fetch-spl.sh                                  |   41 +-
 gossip/src/cluster_info.rs                    |    4 +
 install/agave-install-init.sh                 |    4 +-
 install/src/command.rs                        |    8 +-
 jito-programs                                 |    1 +
 jito-protos/Cargo.toml                        |   19 +
 jito-protos/build.rs                          |   38 +
 jito-protos/protos                            |    1 +
 jito-protos/src/lib.rs                        |   25 +
 ledger-tool/src/ledger_utils.rs               |   18 +-
 ledger-tool/src/main.rs                       |    8 +-
 ledger-tool/src/program.rs                    |    1 +
 ledger/src/bank_forks_utils.rs                |   22 +-
 ledger/src/blockstore_processor.rs            |    5 +-
 ledger/src/token_balances.rs                  |   55 +-
 local-cluster/src/local_cluster.rs            |    3 +
 .../src/local_cluster_snapshot_utils.rs       |    6 +-
 local-cluster/src/validator_configs.rs        |    5 +
 local-cluster/tests/local_cluster.rs          |   15 +-
 merkle-tree/src/merkle_tree.rs                |   46 +-
 multinode-demo/bootstrap-validator.sh         |   34 +
 multinode-demo/validator.sh                   |   40 +
 perf/src/sigverify.rs                         |    2 +-
 poh/src/poh_recorder.rs                       |  141 +-
 poh/src/poh_service.rs                        |   34 +-
 program-test/src/programs.rs                  |   18 +
 .../programs/jito_tip_distribution-0.1.4.so   |  Bin 0 -> 423080 bytes
 .../src/programs/jito_tip_payment-0.1.4.so    |  Bin 0 -> 430592 bytes
 programs/sbf/Cargo.lock                       |  670 +++++--
 programs/sbf/tests/programs.rs                |    4 +-
 rpc-client-api/Cargo.toml                     |    3 +
 rpc-client-api/src/bundles.rs                 |  166 ++
 rpc-client-api/src/lib.rs                     |    1 +
 rpc-client-api/src/request.rs                 |    2 +
 rpc-client/src/nonblocking/rpc_client.rs      |   53 +
 rpc-client/src/rpc_client.rs                  |   13 +
 rpc-test/Cargo.toml                           |    1 +
 rpc-test/tests/rpc.rs                         |    2 +
 rpc/Cargo.toml                                |    2 +
 rpc/src/rpc.rs                                |  481 ++++-
 rpc/src/rpc_service.rs                        |   13 +-
 runtime-plugin/Cargo.toml                     |   22 +
 runtime-plugin/src/lib.rs                     |    4 +
 runtime-plugin/src/runtime_plugin.rs          |   41 +
 .../src/runtime_plugin_admin_rpc_service.rs   |  326 ++++
 runtime-plugin/src/runtime_plugin_manager.rs  |  275 +++
 runtime-plugin/src/runtime_plugin_service.rs  |  123 ++
 runtime/src/bank.rs                           |  105 +-
 runtime/src/snapshot_bank_utils.rs            |   16 +-
 runtime/src/snapshot_utils.rs                 |   24 +-
 runtime/src/stake_account.rs                  |    4 +-
 runtime/src/stakes.rs                         |   12 +-
 rustfmt.toml                                  |    5 +
 s                                             |   15 +
 scripts/agave-install-deploy.sh               |    4 +-
 scripts/increment-cargo-version.sh            |    2 +
 scripts/run.sh                                |    4 +
 sdk/Cargo.toml                                |    5 +-
 sdk/src/bundle/mod.rs                         |   33 +
 sdk/src/lib.rs                                |    1 +
 send-transaction-service/Cargo.toml           |    2 +
 .../src/send_transaction_service.rs           |   36 +-
 start                                         |    9 +
 start_multi                                   |   30 +
 svm/src/account_overrides.rs                  |    6 +-
 svm/src/transaction_processor.rs              |    2 +
 test-validator/src/lib.rs                     |    1 +
 timings/src/lib.rs                            |    9 +-
 tip-distributor/Cargo.toml                    |   61 +
 tip-distributor/README.md                     |   52 +
 tip-distributor/src/bin/claim-mev-tips.rs     |  190 ++
 .../src/bin/merkle-root-generator.rs          |   34 +
 .../src/bin/merkle-root-uploader.rs           |   54 +
 .../src/bin/stake-meta-generator.rs           |   67 +
 tip-distributor/src/claim_mev_workflow.rs     |  398 +++++
 tip-distributor/src/lib.rs                    | 1062 +++++++++++
 .../src/merkle_root_generator_workflow.rs     |   54 +
 .../src/merkle_root_upload_workflow.rs        |  138 ++
 tip-distributor/src/reclaim_rent_workflow.rs  |  310 ++++
 .../src/stake_meta_generator_workflow.rs      |  973 ++++++++++
 turbine/benches/cluster_info.rs               |    1 +
 turbine/benches/retransmit_stage.rs           |    3 +-
 turbine/src/broadcast_stage.rs                |   51 +-
 .../broadcast_duplicates_run.rs               |    1 +
 .../broadcast_fake_shreds_run.rs              |    1 +
 .../src/broadcast_stage/broadcast_utils.rs    |   55 +-
 .../fail_entry_verification_broadcast_run.rs  |    4 +-
 .../broadcast_stage/standard_broadcast_run.rs |   24 +-
 turbine/src/retransmit_stage.rs               |   15 +-
 validator/Cargo.toml                          |    2 +
 validator/src/admin_rpc_service.rs            |  111 +-
 validator/src/bootstrap.rs                    |    3 +-
 validator/src/cli.rs                          |  203 +++
 validator/src/main.rs                         |  274 ++-
 version/src/lib.rs                            |    2 +-
 wen-restart/src/wen_restart.rs                |    2 +-
 180 files changed, 17957 insertions(+), 1009 deletions(-)
 create mode 100644 .dockerignore
 create mode 100644 .github/workflows/rebase.yaml
 create mode 100644 .gitmodules
 create mode 160000 anchor
 create mode 100755 bootstrap
 create mode 100644 bundle/Cargo.toml
 create mode 100644 bundle/src/bundle_execution.rs
 create mode 100644 bundle/src/lib.rs
 create mode 100644 core/benches/proto_to_packet.rs
 create mode 100644 core/src/bundle_stage.rs
 create mode 100644 core/src/bundle_stage/bundle_account_locker.rs
 create mode 100644 core/src/bundle_stage/bundle_consumer.rs
 create mode 100644 core/src/bundle_stage/bundle_packet_deserializer.rs
 create mode 100644 core/src/bundle_stage/bundle_packet_receiver.rs
 create mode 100644 core/src/bundle_stage/bundle_reserved_space_manager.rs
 create mode 100644 core/src/bundle_stage/bundle_stage_leader_metrics.rs
 create mode 100644 core/src/bundle_stage/committer.rs
 create mode 100644 core/src/bundle_stage/result.rs
 create mode 100644 core/src/consensus_cache_updater.rs
 create mode 100644 core/src/immutable_deserialized_bundle.rs
 create mode 100644 core/src/packet_bundle.rs
 create mode 100644 core/src/proxy/auth.rs
 create mode 100644 core/src/proxy/block_engine_stage.rs
 create mode 100644 core/src/proxy/fetch_stage_manager.rs
 create mode 100644 core/src/proxy/mod.rs
 create mode 100644 core/src/proxy/relayer_stage.rs
 create mode 100644 core/src/tip_manager.rs
 create mode 100755 deploy_programs
 create mode 100644 dev/Dockerfile
 create mode 100755 f
 create mode 160000 jito-programs
 create mode 100644 jito-protos/Cargo.toml
 create mode 100644 jito-protos/build.rs
 create mode 160000 jito-protos/protos
 create mode 100644 jito-protos/src/lib.rs
 create mode 100644 program-test/src/programs/jito_tip_distribution-0.1.4.so
 create mode 100644 program-test/src/programs/jito_tip_payment-0.1.4.so
 create mode 100644 rpc-client-api/src/bundles.rs
 create mode 100644 runtime-plugin/Cargo.toml
 create mode 100644 runtime-plugin/src/lib.rs
 create mode 100644 runtime-plugin/src/runtime_plugin.rs
 create mode 100644 runtime-plugin/src/runtime_plugin_admin_rpc_service.rs
 create mode 100644 runtime-plugin/src/runtime_plugin_manager.rs
 create mode 100644 runtime-plugin/src/runtime_plugin_service.rs
 create mode 100755 s
 create mode 100644 sdk/src/bundle/mod.rs
 create mode 100755 start
 create mode 100755 start_multi
 create mode 100644 tip-distributor/Cargo.toml
 create mode 100644 tip-distributor/README.md
 create mode 100644 tip-distributor/src/bin/claim-mev-tips.rs
 create mode 100644 tip-distributor/src/bin/merkle-root-generator.rs
 create mode 100644 tip-distributor/src/bin/merkle-root-uploader.rs
 create mode 100644 tip-distributor/src/bin/stake-meta-generator.rs
 create mode 100644 tip-distributor/src/claim_mev_workflow.rs
 create mode 100644 tip-distributor/src/lib.rs
 create mode 100644 tip-distributor/src/merkle_root_generator_workflow.rs
 create mode 100644 tip-distributor/src/merkle_root_upload_workflow.rs
 create mode 100644 tip-distributor/src/reclaim_rent_workflow.rs
 create mode 100644 tip-distributor/src/stake_meta_generator_workflow.rs

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000000..99262ca894
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git/
+.github/
+.gitignore
+.idea/
+README.md
+Dockerfile
+f
+target/
diff --git a/.github/workflows/cargo.yml b/.github/workflows/cargo.yml
index 37096d3be6..1c5b4941f0 100644
--- a/.github/workflows/cargo.yml
+++ b/.github/workflows/cargo.yml
@@ -36,6 +36,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
 
       - uses: mozilla-actions/sccache-action@v0.0.5
         with:
diff --git a/.github/workflows/changelog-label.yml b/.github/workflows/changelog-label.yml
index ffd8ec2103..3da79c6e91 100644
--- a/.github/workflows/changelog-label.yml
+++ b/.github/workflows/changelog-label.yml
@@ -13,6 +13,7 @@ jobs:
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0
+        submodules: 'recursive'
     - name: Check if changes to CHANGELOG.md
       shell: bash
       env:
diff --git a/.github/workflows/client-targets.yml b/.github/workflows/client-targets.yml
index ab15b9786c..9c0f73b8cc 100644
--- a/.github/workflows/client-targets.yml
+++ b/.github/workflows/client-targets.yml
@@ -33,6 +33,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
 
       # This can be removed once cargo-ndk >= 3.5.4 is used.
       - name: Setup environment for Android NDK
@@ -63,6 +65,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
 
       - name: Setup Rust
         run: |
diff --git a/.github/workflows/crate-check.yml b/.github/workflows/crate-check.yml
index 8eda27d238..b49196b8e7 100644
--- a/.github/workflows/crate-check.yml
+++ b/.github/workflows/crate-check.yml
@@ -21,6 +21,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          submodules: 'recursive'
 
       - name: Get commit range (push)
         if: ${{ github.event_name == 'push' }}
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 2118a713cf..b599086a77 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -23,6 +23,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          submodules: 'recursive'
 
       - name: Get commit range (push)
         if: ${{ github.event_name == 'push' }}
@@ -78,6 +79,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
 
       - name: Setup Node
         uses: actions/setup-node@v4
diff --git a/.github/workflows/downstream-project-anchor.yml b/.github/workflows/downstream-project-anchor.yml
index da5e3e1600..29473c16d0 100644
--- a/.github/workflows/downstream-project-anchor.yml
+++ b/.github/workflows/downstream-project-anchor.yml
@@ -42,9 +42,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        version: ["master"]
+        version: [ "master", "v0.29.0", "v0.30.0" ]
     steps:
       - uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
 
       - shell: bash
         run: |
diff --git a/.github/workflows/downstream-project-spl.yml b/.github/workflows/downstream-project-spl.yml
index 42b1a07776..8ddac5c2e0 100644
--- a/.github/workflows/downstream-project-spl.yml
+++ b/.github/workflows/downstream-project-spl.yml
@@ -41,6 +41,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
 
       - shell: bash
         run: |
@@ -68,7 +70,7 @@ jobs:
         arrays:
           [
             {
-              test_paths: ["token/cli"],
+              test_paths: [ "token/cli" ],
               required_programs:
                 [
                   "token/program",
@@ -78,14 +80,14 @@ jobs:
                 ],
             },
             {
-              test_paths: ["single-pool/cli"],
+              test_paths: [ "single-pool/cli" ],
               required_programs:
                 [
                   "single-pool/program",
                 ],
             },
             {
-              test_paths: ["token-upgrade/cli"],
+              test_paths: [ "token-upgrade/cli" ],
               required_programs:
                 [
                   "token-upgrade/program",
@@ -94,6 +96,8 @@ jobs:
           ]
     steps:
       - uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
 
       - shell: bash
         run: |
@@ -129,24 +133,26 @@ jobs:
     strategy:
       matrix:
         programs:
-          - [token/program]
+          - [ token/program ]
           - [
-              instruction-padding/program,
-              token/program-2022,
-              token/program-2022-test,
-            ]
+            instruction-padding/program,
+            token/program-2022,
+            token/program-2022-test,
+          ]
           - [
-              associated-token-account/program,
-              associated-token-account/program-test,
-            ]
-          - [token-upgrade/program]
-          - [feature-proposal/program]
-          - [governance/addin-mock/program, governance/program]
-          - [name-service/program]
-          - [stake-pool/program]
-          - [single-pool/program]
+            associated-token-account/program,
+            associated-token-account/program-test,
+          ]
+          - [ token-upgrade/program ]
+          - [ feature-proposal/program ]
+          - [ governance/addin-mock/program, governance/program ]
+          - [ name-service/program ]
+          - [ stake-pool/program ]
+          - [ single-pool/program ]
     steps:
       - uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
 
       - shell: bash
         run: |
diff --git a/.github/workflows/rebase.yaml b/.github/workflows/rebase.yaml
new file mode 100644
index 0000000000..1689555d81
--- /dev/null
+++ b/.github/workflows/rebase.yaml
@@ -0,0 +1,180 @@
+# This workflow runs a periodic rebase process, pulling in updates from an upstream repository
+# The workflow for rebasing a jito-solana branch to a solana labs branch locally is typically:
+# $ git checkout v1.17
+# $ git pull --rebase # --rebase needed locally
+# $ git branch -D lb/v1.17_rebase # deletes branch from last v1.17 rebase
+# $ git checkout -b lb/v1.17_rebase
+# $ git fetch upstream
+# $ git rebase upstream/v1.17 # rebase + fix merge conflicts
+# $ git rebase --continue
+# $ git push origin +lb/v1.17_rebase # force needed to overwrite remote. wait for CI, fix if any issues
+# $ git checkout v1.17
+# $ git reset --hard lb/v1.17_rebase
+# $ git push origin +v1.17
+#
+# This workflow automates this process, with periodic status updates over slack.
+# It will also run CI and wait for it to pass before performing the force push to v1.17.
+# In the event there's a failure in the process, it's reported to slack and the job stops.
+
+name: "Rebase jito-solana from upstream anza-xyz/agave"
+
+on:
+  #  push:
+  schedule:
+    - cron: "00 19 * * 1-5"
+
+jobs:
+  rebase:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - branch: master
+            upstream_branch: master
+            upstream_repo: https://github.com/anza-xyz/agave.git
+          - branch: v2.0
+            upstream_branch: v2.0
+            upstream_repo: https://github.com/anza-xyz/agave.git
+          - branch: v1.18
+            upstream_branch: v1.18
+            upstream_repo: https://github.com/solana-labs/solana.git
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ matrix.branch }}
+          submodules: recursive
+          fetch-depth: 0
+          token: ${{ secrets.JITO_SOLANA_RELEASE_TOKEN }}
+      - name: Add upstream
+        run: git remote add upstream ${{ matrix.upstream_repo }}
+      - name: Fetch upstream
+        run: git fetch upstream
+      - name: Fetch origin
+        run: git fetch origin
+      - name: Set REBASE_BRANCH
+        run: echo "REBASE_BRANCH=ci/nightly/${{ matrix.branch }}/$(date +'%Y-%m-%d-%H-%M')" >> $GITHUB_ENV
+      - name: echo $REBASE_BRANCH
+        run: echo $REBASE_BRANCH
+      - name: Create rebase branch
+        run: git checkout -b $REBASE_BRANCH
+      - name: Setup email
+        run: |
+          git config --global user.email "infra@jito.wtf"
+          git config --global user.name "Jito Infrastructure"
+      - name: Rebase
+        id: rebase
+        run: git rebase upstream/${{ matrix.upstream_branch }}
+      - name: Send warning for rebase error
+        if: failure() && steps.rebase.outcome == 'failure'
+        uses: slackapi/slack-github-action@v1.25.0
+        with:
+          payload: |
+            {
+              "text": "Nightly rebase on branch ${{ matrix.branch }}\nStatus: Rebase failed to apply cleanly"
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      - name: Check if rebase applied
+        id: check_rebase_applied
+        run: |
+          PRE_REBASE_SHA=$(git rev-parse ${{ matrix.branch }})
+          POST_REBASE_SHA=$(git rev-parse HEAD)
+          if [ "$PRE_REBASE_SHA" = "$POST_REBASE_SHA" ]; then
+            echo "No rebase was applied, exiting..."
+            exit 1
+          else
+            echo "Rebase applied successfully."
+          fi
+      - name: Send warning for rebase error
+        if: failure() && steps.check_rebase_applied.outcome == 'failure'
+        uses: slackapi/slack-github-action@v1.25.0
+        with:
+          payload: |
+            {
+              "text": "Nightly rebase on branch ${{ matrix.branch }}\nStatus: Rebase not needed"
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      - name: Set REBASE_SHA
+        run: echo "REBASE_SHA=$(git rev-parse HEAD)" >> $GITHUB_ENV
+      - name: Push changes
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          branch: ${{ env.REBASE_BRANCH }}
+      - name: Wait for buildkite to start build
+        run: sleep 300
+      - name: Wait for buildkite to finish
+        id: wait_for_buildkite
+        timeout-minutes: 300
+        run: |
+          while true; do
+            response=$(curl -s -f -H "Authorization: Bearer ${{ secrets.BUILDKITE_TOKEN }}" "https://api.buildkite.com/v2/organizations/jito/pipelines/jito-solana/builds?commit=${{ env.REBASE_SHA }}")
+            if [ $? -ne 0 ]; then
+              echo "Curl request failed."
+              exit 1
+            fi
+
+            state=$(echo $response | jq --exit-status -r '.[0].state')
+            echo "Current build state: $state"
+
+            # Check if the state is one of the finished states
+            case $state in
+              "passed"|"finished")
+                echo "Build finished successfully."
+                exit 0
+              ;;
+              "canceled"|"canceling"|"not_run")
+                # ignoring "failing"|"failed" because flaky CI, can restart and hope it finishes or times out
+                echo "Build failed or was cancelled."
+                exit 2
+              ;;
+            esac
+
+          sleep 30
+          done
+      - name: Send failure update
+        uses: slackapi/slack-github-action@v1.25.0
+        if: failure() && steps.wait_for_buildkite.outcome == 'failure'
+        with:
+          payload: |
+            {
+              "text": "Nightly rebase on branch ${{ matrix.branch }}\nStatus: CI failed\nBranch: ${{ env.REBASE_BRANCH}}\nBuild: https://buildkite.com/jito/jito-solana/builds?commit=${{ env.REBASE_SHA }}"
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      # check to see if different branch since CI build can take awhile and these steps are not atomic
+      - name: Fetch the latest remote changes
+        run: git fetch origin ${{ matrix.branch }}
+      - name: Check if origin HEAD has changed from the beginning of the workflow
+        run: |
+          LOCAL_SHA=$(git rev-parse ${{ matrix.branch }})
+          ORIGIN_SHA=$(git rev-parse origin/${{ matrix.branch }})
+          if [ "$ORIGIN_SHA" != "$LOCAL_SHA" ]; then
+            echo "The remote HEAD of ${{ matrix.branch }} does not match the local HEAD of ${{ matrix.branch }} at the beginning of CI."
+            echo "origin sha: $ORIGIN_SHA"
+            echo "local sha: $LOCAL_SHA"
+            exit 1
+          else
+            echo "The remote HEAD matches the local REBASE_SHA at the beginning of CI. Proceeding."
+          fi
+      - name: Reset ${{ matrix.branch }} to ${{ env.REBASE_BRANCH }}
+        run: |
+          git checkout ${{ matrix.branch }}
+          git reset --hard ${{ env.REBASE_BRANCH }}
+      - name: Push rebased %{{ matrix.branch }}
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.JITO_SOLANA_RELEASE_TOKEN }}
+          branch: ${{ matrix.branch }}
+          force: true
+      - name: Send success update
+        uses: slackapi/slack-github-action@v1.25.0
+        with:
+          payload: |
+            {
+              "text": "Nightly rebase on branch ${{ matrix.branch }}\nStatus: CI success, rebased, and pushed\nBranch: ${{ env.REBASE_BRANCH}}\nBuild: https://buildkite.com/jito/jito-solana/builds?commit=${{ env.REBASE_SHA }}"
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
\ No newline at end of file
diff --git a/.github/workflows/release-artifacts.yml b/.github/workflows/release-artifacts.yml
index 1966d59ab1..11d1d1a9df 100644
--- a/.github/workflows/release-artifacts.yml
+++ b/.github/workflows/release-artifacts.yml
@@ -22,6 +22,7 @@ jobs:
         with:
           ref: master
           fetch-depth: 0
+          submodules: 'recursive'
 
       - name: Setup Rust
         shell: bash
diff --git a/.gitignore b/.gitignore
index 3127645a25..c775b49cc5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@ target/
 /solana-release.tar.bz2
 /solana-metrics/
 /solana-metrics.tar.bz2
+**/target/
 /test-ledger/
 
 **/*.rs.bk
@@ -28,7 +29,11 @@ log-*/
 # fetch-spl.sh artifacts
 /spl-genesis-args.sh
 /spl_*.so
+/jito_*.so
 
 .DS_Store
 # scripts that may be generated by cargo *-bpf commands
 **/cargo-*-bpf-child-script-*.sh
+
+.env
+docker-output/
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000000..e31fc7fccd
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,9 @@
+[submodule "anchor"]
+	path = anchor
+	url = https://github.com/jito-foundation/anchor.git
+[submodule "jito-programs"]
+	path = jito-programs
+	url = https://github.com/jito-foundation/jito-programs.git
+[submodule "jito-protos/protos"]
+	path = jito-protos/protos
+	url = https://github.com/jito-labs/mev-protos.git
diff --git a/Cargo.lock b/Cargo.lock
index f085b86024..20e82680f9 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -158,7 +158,7 @@ name = "agave-ledger-tool"
 version = "2.2.0"
 dependencies = [
  "assert_cmd",
- "bs58",
+ "bs58 0.5.1",
  "bytecount",
  "chrono",
  "clap 2.33.3",
@@ -297,6 +297,7 @@ dependencies = [
  "solana-rpc-client",
  "solana-rpc-client-api",
  "solana-runtime",
+ "solana-runtime-plugin",
  "solana-sdk",
  "solana-send-transaction-service",
  "solana-storage-bigtable",
@@ -312,6 +313,7 @@ dependencies = [
  "thiserror 2.0.6",
  "tikv-jemallocator",
  "tokio",
+ "tonic",
 ]
 
 [[package]]
@@ -398,6 +400,145 @@ version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0942ffc6dcaadf03badf6e6a2d0228460359d5e34b57ccdc720b7382dfbd5ec5"
 
+[[package]]
+name = "anchor-attribute-access-control"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "regex",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-account"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "bs58 0.4.0",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "rustversion",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-constant"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "proc-macro2 1.0.92",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-error"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-event"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-interface"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "heck 0.3.3",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-program"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-state"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-derive-accounts"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-lang"
+version = "0.24.2"
+dependencies = [
+ "anchor-attribute-access-control",
+ "anchor-attribute-account",
+ "anchor-attribute-constant",
+ "anchor-attribute-error",
+ "anchor-attribute-event",
+ "anchor-attribute-interface",
+ "anchor-attribute-program",
+ "anchor-attribute-state",
+ "anchor-derive-accounts",
+ "arrayref",
+ "base64 0.13.1",
+ "bincode",
+ "borsh 0.10.3",
+ "bytemuck",
+ "solana-program",
+ "thiserror 1.0.69",
+]
+
+[[package]]
+name = "anchor-syn"
+version = "0.24.2"
+dependencies = [
+ "anyhow",
+ "bs58 0.3.1",
+ "heck 0.3.3",
+ "proc-macro2 1.0.92",
+ "proc-macro2-diagnostics",
+ "quote 1.0.37",
+ "serde",
+ "serde_json",
+ "sha2 0.9.9",
+ "syn 1.0.109",
+ "thiserror 1.0.69",
+]
+
 [[package]]
 name = "android-tzdata"
 version = "0.1.1"
@@ -428,12 +569,55 @@ dependencies = [
  "winapi 0.3.9",
 ]
 
+[[package]]
+name = "anstream"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0ca84f3628370c59db74ee214b3263d58f9aadd9b4fe7e711fd87dc452b7f163"
+dependencies = [
+ "anstyle",
+ "anstyle-parse",
+ "anstyle-query",
+ "anstyle-wincon",
+ "colorchoice",
+ "is-terminal",
+ "utf8parse",
+]
+
 [[package]]
 name = "anstyle"
 version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3a30da5c5f2d5e72842e00bcb57657162cdabef0931f40e2deb9b4140440cecd"
 
+[[package]]
+name = "anstyle-parse"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3b2d16507662817a6a20a9ea92df6652ee4f94f914589377d69f3b21bc5798a9"
+dependencies = [
+ "utf8parse",
+]
+
+[[package]]
+name = "anstyle-query"
+version = "1.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "79947af37f4177cfead1110013d678905c37501914fba0efea834c3fe9a8d60c"
+dependencies = [
+ "windows-sys 0.59.0",
+]
+
+[[package]]
+name = "anstyle-wincon"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c677ab05e09154296dd37acecd46420c17b9713e8366facafa8fc0885167cf4c"
+dependencies = [
+ "anstyle",
+ "windows-sys 0.48.0",
+]
+
 [[package]]
 name = "anyhow"
 version = "1.0.94"
@@ -449,8 +633,8 @@ dependencies = [
  "include_dir",
  "itertools 0.10.5",
  "proc-macro-error",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -523,7 +707,7 @@ version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3ed4aa4fe255d0bc6d79373f7e31d2ea147bcf486cba1be5ba7ea85abdb92348"
 dependencies = [
- "quote",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -535,8 +719,8 @@ checksum = "7abe79b0e4288889c4574159ab790824d0033b9fdcb2a112a3182fac2e514565"
 dependencies = [
  "num-bigint 0.4.6",
  "num-traits",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -571,8 +755,8 @@ version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ae3281bc6d0fd7e549af32b52511e1302185bd688fd3359fa36423346ff682ea"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -632,8 +816,8 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "726535892e8eae7e70657b4c8ea93d26b8553afb1ce617caee529ef96d7dee6c"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
  "synstructure 0.12.6",
 ]
@@ -644,8 +828,8 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -727,8 +911,8 @@ version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "648ed8c8d2ce5409ccd57453d9d1b214b342a0d69376a6feda1fd6cae3299308"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -738,8 +922,8 @@ version = "0.1.83"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "721cae7de5c34fbb2acd27e21e6d2cf7b886dce0c27388d46c4e6c47ea4318dd"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -888,8 +1072,8 @@ dependencies = [
  "itertools 0.12.1",
  "lazy_static",
  "lazycell",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
@@ -1029,7 +1213,7 @@ dependencies = [
  "borsh-derive-internal",
  "borsh-schema-derive-internal",
  "proc-macro-crate 0.1.5",
- "proc-macro2",
+ "proc-macro2 1.0.92",
  "syn 1.0.109",
 ]
 
@@ -1041,8 +1225,8 @@ checksum = "c2593a3b8b938bd68373196c9832f516be11fa487ef4ae745eb282e6a56a7244"
 dependencies = [
  "once_cell",
  "proc-macro-crate 3.1.0",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -1052,8 +1236,8 @@ version = "0.10.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "afb438156919598d2c7bad7e1c0adf3d26ed3840dbc010db1a882a65583ca2fb"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -1063,8 +1247,8 @@ version = "0.10.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "634205cc43f74a1b9046ef87c4540ebda95696ec0f315024860cad7c5b0f5ccd"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -1089,6 +1273,18 @@ dependencies = [
  "alloc-stdlib",
 ]
 
+[[package]]
+name = "bs58"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "476e9cd489f9e121e02ffa6014a8ef220ecb15c05ed23fc34cca13925dc283fb"
+
+[[package]]
+name = "bs58"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "771fe0050b883fcc3ea2359b1a96bcfbc090b7116eae7c3c512c7a083fdf23d3"
+
 [[package]]
 name = "bs58"
 version = "0.5.1"
@@ -1172,8 +1368,8 @@ version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bcfcc3cd946cb52f0bbfdbbcfa2f4e24f75ebb6c0e1002f7c25904fada18b9ec"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -1323,8 +1519,8 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "45565fc9416b9896014f5732ac776f810ee53a66730c17e4020c3ec064a8f88f"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -1423,7 +1619,7 @@ checksum = "71655c45cb9845d3270c9d6df84ebe72b4dad3c2ba3f7023ad47c144e4e473a5"
 dependencies = [
  "atty",
  "bitflags 1.3.2",
- "clap_derive",
+ "clap_derive 3.2.18",
  "clap_lex 0.2.4",
  "indexmap 1.9.3",
  "once_cell",
@@ -1439,6 +1635,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c27cdf28c0f604ba3f512b0c9a409f8de8513e4816705deb0498b627e7c3a3fd"
 dependencies = [
  "clap_builder",
+ "clap_derive 4.3.12",
+ "once_cell",
 ]
 
 [[package]]
@@ -1447,8 +1645,10 @@ version = "4.3.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "08a9f1ab5e9f01a9b81f202e8562eb9a10de70abf9eaeac1be465c28b75aa4aa"
 dependencies = [
+ "anstream",
  "anstyle",
  "clap_lex 0.5.0",
+ "strsim 0.10.0",
 ]
 
 [[package]]
@@ -1457,13 +1657,25 @@ version = "3.2.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ea0c8bce528c4be4da13ea6fead8965e95b6073585a2f05204bd8f4119f82a65"
 dependencies = [
- "heck",
+ "heck 0.4.0",
  "proc-macro-error",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
+[[package]]
+name = "clap_derive"
+version = "4.3.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "54a9bb5758fc5dfe728d1019941681eccaf0cf8a4189b692a0ee2f2ecf90a050"
+dependencies = [
+ "heck 0.4.0",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 2.0.90",
+]
+
 [[package]]
 name = "clap_lex"
 version = "0.2.4"
@@ -1479,6 +1691,12 @@ version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2da6da31387c7e4ef160ffab6d5e7f00c42626fe39aea70a7b0f1773f7dd6c1b"
 
+[[package]]
+name = "colorchoice"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990"
+
 [[package]]
 name = "combine"
 version = "3.8.1"
@@ -1559,9 +1777,9 @@ version = "0.2.34"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1d57c2eccfb16dbac1f4e61e206105db5820c9d26c3c472bc17c774259ef7744"
 dependencies = [
- "proc-macro2",
- "quote",
- "unicode-xid",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "unicode-xid 0.2.2",
 ]
 
 [[package]]
@@ -1816,8 +2034,8 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -1839,8 +2057,8 @@ checksum = "ab8bfa2e259f8ee1ce5e97824a3c55ec4404a0d772ca7fa96bf19f0752a046eb"
 dependencies = [
  "fnv",
  "ident_case",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "strsim 0.10.0",
  "syn 2.0.90",
 ]
@@ -1852,7 +2070,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "29a358ff9f12ec09c3e61fef9b5a9902623a695a46a917b07f269bff1445611a"
 dependencies = [
  "darling_core",
- "quote",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -1876,6 +2094,17 @@ version = "2.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57"
 
+[[package]]
+name = "default-env"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f753eb82d29277e79efc625e84aecacfd4851ee50e05a8573a4740239a77bfd3"
+dependencies = [
+ "proc-macro2 0.4.30",
+ "quote 0.6.13",
+ "syn 0.15.44",
+]
+
 [[package]]
 name = "der-parser"
 version = "8.1.0"
@@ -1902,8 +2131,8 @@ version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -1913,8 +2142,8 @@ version = "1.2.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "62d671cc41a825ebabc75757b62d3d168c577f9149b2d49ece1dad1f72119d25"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -1924,8 +2153,8 @@ version = "1.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "30542c1ad912e0e3d22a1935c290e12e8a29d704a420177a31faad4a601a0800"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -1936,8 +2165,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "40eebddd2156ce1bb37b20bbe5151340a31828b1f2d22ba4141f3531710e38df"
 dependencies = [
  "convert_case",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "rustc_version 0.3.3",
  "syn 1.0.109",
 ]
@@ -2025,8 +2254,8 @@ version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3bf95dc3f046b9da4f2d51833c0d3547d8564ef6910f5c1ed130306a75b92886"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -2048,8 +2277,8 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a6cbae11b3de8fce2a456e8ea3dada226b35fe791f0dc1d360c0941f0bb681f3"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -2113,8 +2342,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f86b50932a01e7ec5c06160492ab660fb19b6bb2a7878030dd6cd68d21df9d4d"
 dependencies = [
  "enum-ordinalize",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -2154,8 +2383,8 @@ version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "03cdc46ec28bd728e67540c528013c6a10eb69a02eb31078a1bda695438cbfb8"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -2167,8 +2396,8 @@ checksum = "0b166c9e378360dd5a6666a9604bb4f54ae0cac39023ffbac425e917a2a04fef"
 dependencies = [
  "num-bigint 0.4.6",
  "num-traits",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -2466,8 +2695,8 @@ version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -2773,6 +3002,15 @@ dependencies = [
  "http",
 ]
 
+[[package]]
+name = "heck"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d621efb26863f0e9924c6ac577e8275e5e6b77455db64ffa6c65c904e9e132c"
+dependencies = [
+ "unicode-segmentation",
+]
+
 [[package]]
 name = "heck"
 version = "0.4.0"
@@ -3096,8 +3334,8 @@ version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -3176,8 +3414,8 @@ version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b139284b5cf57ecfa712bcc66950bb635b31aff41c188e8a4cfc758eca374a3f"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
 ]
 
 [[package]]
@@ -3279,6 +3517,49 @@ version = "1.0.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38"
 
+[[package]]
+name = "jito-programs-vote-state"
+version = "0.1.5"
+dependencies = [
+ "anchor-lang",
+ "bincode",
+ "serde",
+ "serde_derive",
+ "solana-program",
+]
+
+[[package]]
+name = "jito-protos"
+version = "2.2.0"
+dependencies = [
+ "bytes",
+ "prost",
+ "prost-types",
+ "protobuf-src",
+ "tonic",
+ "tonic-build",
+]
+
+[[package]]
+name = "jito-tip-distribution"
+version = "0.1.5"
+dependencies = [
+ "anchor-lang",
+ "default-env",
+ "jito-programs-vote-state",
+ "solana-program",
+ "solana-security-txt",
+]
+
+[[package]]
+name = "jito-tip-payment"
+version = "0.1.5"
+dependencies = [
+ "anchor-lang",
+ "default-env",
+ "solana-security-txt",
+]
+
 [[package]]
 name = "jni"
 version = "0.19.0"
@@ -3380,8 +3661,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5b939a78fa820cdfcb7ee7484466746a7377760970f6f9c6fe19f9edcc8a38d2"
 dependencies = [
  "proc-macro-crate 0.1.5",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -3798,8 +4079,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "22ce75669015c4f47b289fd4d4f56e894e4c96003ffdf3ac51313126f94c6cbb"
 dependencies = [
  "cfg-if 1.0.0",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -3819,8 +4100,8 @@ version = "0.11.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5a7d5f7076603ebc68de2dc6a650ec331a062a13abaa346975be747bbfa4b789"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -3952,8 +4233,8 @@ version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -4025,8 +4306,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "af1844ef2428cc3e1cb900be36181049ef3d3193c63e43026cfe202983b27a56"
 dependencies = [
  "proc-macro-crate 3.1.0",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -4108,8 +4389,8 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -4321,8 +4602,8 @@ checksum = "99b8db626e31e5b81787b9783425769681b347011cc59471e33ea46d2ea0cf55"
 dependencies = [
  "pest",
  "pest_meta",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -4372,8 +4653,8 @@ version = "1.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "069bdb1e05adc7a8990dce9cc75370895fbe4e3d58b9b73bf1aee56359344a55"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -4489,7 +4770,7 @@ version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3b83ec2d0af5c5c556257ff52c9f98934e243b9fd39604bfb2a9b75ec2e97f18"
 dependencies = [
- "proc-macro2",
+ "proc-macro2 1.0.92",
  "syn 1.0.109",
 ]
 
@@ -4527,8 +4808,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
 dependencies = [
  "proc-macro-error-attr",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
  "version_check",
 ]
@@ -4539,11 +4820,20 @@ version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "version_check",
 ]
 
+[[package]]
+name = "proc-macro2"
+version = "0.4.30"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759"
+dependencies = [
+ "unicode-xid 0.1.0",
+]
+
 [[package]]
 name = "proc-macro2"
 version = "1.0.92"
@@ -4553,6 +4843,19 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "proc-macro2-diagnostics"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4bf29726d67464d49fa6224a1d07936a8c08bb3fba727c7493f6cf1616fdaada"
+dependencies = [
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+ "version_check",
+ "yansi",
+]
+
 [[package]]
 name = "proptest"
 version = "1.5.0"
@@ -4590,7 +4893,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "119533552c9a7ffacc21e099c24a0ac8bb19c2a2a3f363de84cd9b844feab270"
 dependencies = [
  "bytes",
- "heck",
+ "heck 0.4.0",
  "itertools 0.10.5",
  "lazy_static",
  "log",
@@ -4613,8 +4916,8 @@ checksum = "e5d2d8d10f3c6ded6da8b05b5fb3b8a5082514344d56c9f871412d29b4e075b4"
 dependencies = [
  "anyhow",
  "itertools 0.10.5",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -4659,8 +4962,8 @@ version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9e2e25ee72f5b24d773cae88422baddefff7714f97aab68d96fe2b6fc4a28fb2"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -4737,13 +5040,22 @@ dependencies = [
  "windows-sys 0.59.0",
 ]
 
+[[package]]
+name = "quote"
+version = "0.6.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1"
+dependencies = [
+ "proc-macro2 0.4.30",
+]
+
 [[package]]
 name = "quote"
 version = "1.0.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af"
 dependencies = [
- "proc-macro2",
+ "proc-macro2 1.0.92",
 ]
 
 [[package]]
@@ -5213,6 +5525,18 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "rustls-native-certs"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00"
+dependencies = [
+ "openssl-probe",
+ "rustls-pemfile 1.0.0",
+ "schannel",
+ "security-framework",
+]
+
 [[package]]
 name = "rustls-native-certs"
 version = "0.7.3"
@@ -5266,7 +5590,7 @@ dependencies = [
  "log",
  "once_cell",
  "rustls 0.23.19",
- "rustls-native-certs",
+ "rustls-native-certs 0.7.3",
  "rustls-platform-verifier-android",
  "rustls-webpki 0.102.8",
  "security-framework",
@@ -5281,6 +5605,16 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f87165f0995f63a9fbeea62b64d10b4d9d8e78ec6d7d51fb2125fda7bb36788f"
 
+[[package]]
+name = "rustls-webpki"
+version = "0.100.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3"
+dependencies = [
+ "ring 0.16.20",
+ "untrusted 0.7.1",
+]
+
 [[package]]
 name = "rustls-webpki"
 version = "0.101.7"
@@ -5466,8 +5800,8 @@ version = "1.0.215"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -5522,8 +5856,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9d846214a9854ef724f3da161b426242d8de7c1fc7de2f89bb1efcb154dca79d"
 dependencies = [
  "darling",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -5572,8 +5906,8 @@ version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "91d129178576168c589c9ec973feedf7d3126c01ac2bf08795109aa35b69fb8f"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -5840,7 +6174,7 @@ dependencies = [
  "assert_matches",
  "base64 0.22.1",
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "bv",
  "lazy_static",
  "serde",
@@ -5863,7 +6197,7 @@ name = "solana-account-decoder-client-types"
 version = "2.2.0"
 dependencies = [
  "base64 0.22.1",
- "bs58",
+ "bs58 0.5.1",
  "serde",
  "serde_derive",
  "serde_json",
@@ -6087,6 +6421,7 @@ dependencies = [
  "solana-banks-interface",
  "solana-client",
  "solana-feature-set",
+ "solana-gossip",
  "solana-runtime",
  "solana-runtime-transaction",
  "solana-sdk",
@@ -6314,6 +6649,29 @@ dependencies = [
  "solana-vote-program",
 ]
 
+[[package]]
+name = "solana-bundle"
+version = "2.2.0"
+dependencies = [
+ "anchor-lang",
+ "assert_matches",
+ "itertools 0.12.1",
+ "log",
+ "serde",
+ "solana-accounts-db",
+ "solana-ledger",
+ "solana-logger",
+ "solana-measure",
+ "solana-poh",
+ "solana-program-runtime",
+ "solana-runtime",
+ "solana-sdk",
+ "solana-svm",
+ "solana-timings",
+ "solana-transaction-status",
+ "thiserror 2.0.6",
+]
+
 [[package]]
 name = "solana-cargo-build-sbf"
 version = "2.2.0"
@@ -6413,7 +6771,7 @@ version = "2.2.0"
 dependencies = [
  "assert_matches",
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "clap 2.33.3",
  "console",
  "const_format",
@@ -6740,12 +7098,13 @@ name = "solana-core"
 version = "2.2.0"
 dependencies = [
  "ahash 0.8.11",
+ "anchor-lang",
  "anyhow",
  "arrayvec",
  "assert_matches",
  "base64 0.22.1",
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "bytes",
  "chrono",
  "crossbeam-channel",
@@ -6755,12 +7114,17 @@ dependencies = [
  "futures 0.3.31",
  "histogram",
  "itertools 0.12.1",
+ "jito-protos",
+ "jito-tip-distribution",
+ "jito-tip-payment",
  "lazy_static",
  "log",
  "lru",
  "min-max-heap",
  "num_enum",
  "prio-graph",
+ "prost",
+ "prost-types",
  "qualifier_attr",
  "quinn",
  "rand 0.8.5",
@@ -6778,6 +7142,7 @@ dependencies = [
  "solana-address-lookup-table-program",
  "solana-bloom",
  "solana-builtins-default-costs",
+ "solana-bundle",
  "solana-client",
  "solana-compute-budget",
  "solana-compute-budget-instruction",
@@ -6800,11 +7165,13 @@ dependencies = [
  "solana-perf",
  "solana-poh",
  "solana-program-runtime",
+ "solana-program-test",
  "solana-quic-client",
  "solana-rayon-threadlimit",
  "solana-rpc",
  "solana-rpc-client-api",
  "solana-runtime",
+ "solana-runtime-plugin",
  "solana-runtime-transaction",
  "solana-sanitize",
  "solana-sdk",
@@ -6837,6 +7204,8 @@ dependencies = [
  "test-case",
  "thiserror 2.0.6",
  "tokio",
+ "tonic",
+ "tonic-build",
  "trees",
 ]
 
@@ -7184,7 +7553,7 @@ name = "solana-frozen-abi"
 version = "2.2.0"
 dependencies = [
  "bitflags 2.6.0",
- "bs58",
+ "bs58 0.5.1",
  "bv",
  "im",
  "log",
@@ -7203,8 +7572,8 @@ dependencies = [
 name = "solana-frozen-abi-macro"
 version = "2.2.0"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -7251,7 +7620,7 @@ name = "solana-geyser-plugin-manager"
 version = "2.2.0"
 dependencies = [
  "agave-geyser-plugin-interface",
- "bs58",
+ "bs58 0.5.1",
  "crossbeam-channel",
  "json5",
  "jsonrpc-core",
@@ -7277,7 +7646,7 @@ version = "2.2.0"
 dependencies = [
  "assert_matches",
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "bv",
  "clap 2.33.3",
  "crossbeam-channel",
@@ -7344,7 +7713,7 @@ name = "solana-hash"
 version = "2.2.0"
 dependencies = [
  "borsh 1.5.3",
- "bs58",
+ "bs58 0.5.1",
  "bytemuck",
  "bytemuck_derive",
  "js-sys",
@@ -7414,7 +7783,7 @@ dependencies = [
 name = "solana-keygen"
 version = "2.2.0"
 dependencies = [
- "bs58",
+ "bs58 0.5.1",
  "clap 3.2.23",
  "dirs-next",
  "num_cpus",
@@ -7438,7 +7807,7 @@ dependencies = [
 name = "solana-keypair"
 version = "2.2.0"
 dependencies = [
- "bs58",
+ "bs58 0.5.1",
  "ed25519-dalek",
  "ed25519-dalek-bip32",
  "rand 0.7.3",
@@ -7471,7 +7840,7 @@ version = "2.2.0"
 dependencies = [
  "base64 0.22.1",
  "blake3",
- "bs58",
+ "bs58 0.5.1",
  "bytemuck",
  "criterion",
  "rand 0.8.5",
@@ -7485,7 +7854,7 @@ dependencies = [
  "assert_matches",
  "bincode",
  "bitflags 2.6.0",
- "bs58",
+ "bs58 0.5.1",
  "byteorder",
  "bzip2",
  "chrono",
@@ -7831,8 +8200,8 @@ dependencies = [
 name = "solana-package-metadata-macro"
 version = "2.2.0"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
  "toml 0.8.12",
 ]
@@ -8001,7 +8370,7 @@ dependencies = [
  "blake3",
  "borsh 0.10.3",
  "borsh 1.5.3",
- "bs58",
+ "bs58 0.5.1",
  "bytemuck",
  "console_error_panic_hook",
  "console_log",
@@ -8200,7 +8569,7 @@ dependencies = [
  "arbitrary",
  "borsh 0.10.3",
  "borsh 1.5.3",
- "bs58",
+ "bs58 0.5.1",
  "bytemuck",
  "bytemuck_derive",
  "curve25519-dalek 4.1.3",
@@ -8376,7 +8745,7 @@ version = "2.2.0"
 dependencies = [
  "base64 0.22.1",
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "crossbeam-channel",
  "dashmap",
  "itertools 0.12.1",
@@ -8396,6 +8765,7 @@ dependencies = [
  "soketto",
  "solana-account-decoder",
  "solana-accounts-db",
+ "solana-bundle",
  "solana-client",
  "solana-entry",
  "solana-faucet",
@@ -8408,6 +8778,7 @@ dependencies = [
  "solana-net-utils",
  "solana-perf",
  "solana-poh",
+ "solana-program-runtime",
  "solana-rayon-threadlimit",
  "solana-rpc-client-api",
  "solana-runtime",
@@ -8441,7 +8812,7 @@ dependencies = [
  "async-trait",
  "base64 0.22.1",
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "crossbeam-channel",
  "futures 0.3.31",
  "indicatif",
@@ -8486,7 +8857,7 @@ version = "2.2.0"
 dependencies = [
  "anyhow",
  "base64 0.22.1",
- "bs58",
+ "bs58 0.5.1",
  "const_format",
  "jsonrpc-core",
  "reqwest",
@@ -8497,13 +8868,16 @@ dependencies = [
  "serde_json",
  "solana-account",
  "solana-account-decoder-client-types",
+ "solana-bundle",
  "solana-clock",
  "solana-commitment-config",
  "solana-fee-calculator",
  "solana-inflation",
  "solana-inline-spl",
  "solana-pubkey",
+ "solana-sdk",
  "solana-signer",
+ "solana-svm",
  "solana-transaction-error",
  "solana-transaction-status-client-types",
  "solana-version",
@@ -8544,13 +8918,14 @@ name = "solana-rpc-test"
 version = "2.2.0"
 dependencies = [
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "crossbeam-channel",
  "futures-util",
  "log",
  "reqwest",
  "serde",
  "serde_json",
+ "serial_test",
  "solana-account-decoder",
  "solana-client",
  "solana-connection-cache",
@@ -8663,6 +9038,24 @@ dependencies = [
  "zstd",
 ]
 
+[[package]]
+name = "solana-runtime-plugin"
+version = "2.2.0"
+dependencies = [
+ "crossbeam-channel",
+ "json5",
+ "jsonrpc-core",
+ "jsonrpc-core-client",
+ "jsonrpc-derive",
+ "jsonrpc-ipc-server",
+ "jsonrpc-server-utils",
+ "libloading",
+ "log",
+ "solana-runtime",
+ "solana-sdk",
+ "thiserror 2.0.6",
+]
+
 [[package]]
 name = "solana-runtime-transaction"
 version = "2.2.0"
@@ -8690,12 +9083,14 @@ version = "2.2.0"
 name = "solana-sdk"
 version = "2.2.0"
 dependencies = [
+ "anchor-lang",
  "anyhow",
  "assert_matches",
+ "base64 0.22.1",
  "bincode",
  "bitflags 2.6.0",
  "borsh 1.5.3",
- "bs58",
+ "bs58 0.5.1",
  "bytemuck",
  "bytemuck_derive",
  "byteorder",
@@ -8795,9 +9190,9 @@ dependencies = [
 name = "solana-sdk-macro"
 version = "2.2.0"
 dependencies = [
- "bs58",
- "proc-macro2",
- "quote",
+ "bs58 0.5.1",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -8891,12 +9286,14 @@ dependencies = [
  "log",
  "solana-client",
  "solana-connection-cache",
+ "solana-gossip",
  "solana-logger",
  "solana-measure",
  "solana-metrics",
  "solana-quic-client",
  "solana-runtime",
  "solana-sdk",
+ "solana-streamer",
  "solana-tpu-client-next",
  "tokio",
  "tokio-util 0.7.13",
@@ -8961,7 +9358,7 @@ name = "solana-signature"
 version = "2.2.0"
 dependencies = [
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "curve25519-dalek 4.1.3",
  "ed25519-dalek",
  "rand 0.8.5",
@@ -9104,7 +9501,7 @@ name = "solana-storage-proto"
 version = "2.2.0"
 dependencies = [
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "enum-iterator",
  "prost",
  "protobuf-src",
@@ -9430,6 +9827,44 @@ dependencies = [
  "solana-pubkey",
 ]
 
+[[package]]
+name = "solana-tip-distributor"
+version = "2.2.0"
+dependencies = [
+ "anchor-lang",
+ "clap 4.3.21",
+ "crossbeam-channel",
+ "env_logger",
+ "futures 0.3.31",
+ "gethostname",
+ "im",
+ "itertools 0.12.1",
+ "jito-tip-distribution",
+ "jito-tip-payment",
+ "log",
+ "num-traits",
+ "rand 0.8.5",
+ "serde",
+ "serde_json",
+ "solana-accounts-db",
+ "solana-client",
+ "solana-genesis-utils",
+ "solana-ledger",
+ "solana-measure",
+ "solana-merkle-tree",
+ "solana-metrics",
+ "solana-program",
+ "solana-program-runtime",
+ "solana-rpc-client-api",
+ "solana-runtime",
+ "solana-sdk",
+ "solana-stake-program",
+ "solana-transaction-status",
+ "solana-vote",
+ "thiserror 2.0.6",
+ "tokio",
+]
+
 [[package]]
 name = "solana-tls-utils"
 version = "2.2.0"
@@ -9682,7 +10117,7 @@ dependencies = [
  "base64 0.22.1",
  "bincode",
  "borsh 1.5.3",
- "bs58",
+ "bs58 0.5.1",
  "bytemuck",
  "lazy_static",
  "log",
@@ -9708,7 +10143,7 @@ version = "2.2.0"
 dependencies = [
  "base64 0.22.1",
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "serde",
  "serde_derive",
  "serde_json",
@@ -9932,7 +10367,7 @@ dependencies = [
 name = "solana-zk-keygen"
 version = "2.2.0"
 dependencies = [
- "bs58",
+ "bs58 0.5.1",
  "clap 3.2.23",
  "dirs-next",
  "solana-clap-v3-utils",
@@ -10134,7 +10569,7 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d9e8418ea6269dcfb01c712f0444d2c75542c04448b480e87de59d2865edc750"
 dependencies = [
- "quote",
+ "quote 1.0.37",
  "spl-discriminator-syn",
  "syn 2.0.90",
 ]
@@ -10145,8 +10580,8 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8c1f05593b7ca9eac7caca309720f2eafb96355e037e6d373b909a80fe7b69b9"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "sha2 0.10.8",
  "syn 2.0.90",
  "thiserror 1.0.69",
@@ -10233,8 +10668,8 @@ version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e6d375dd76c517836353e093c2dbb490938ff72821ab568b545fd30ab3256b3e"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "sha2 0.10.8",
  "syn 2.0.90",
 ]
@@ -10474,9 +10909,9 @@ version = "0.24.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1e385be0d24f186b4ce2f9982191e7101bb737312ad61c1f2f984f34bcf85d59"
 dependencies = [
- "heck",
- "proc-macro2",
- "quote",
+ "heck 0.4.0",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "rustversion",
  "syn 1.0.109",
 ]
@@ -10493,14 +10928,25 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a7973cce6668464ea31f176d85b13c7ab3bba2cb3b77a2ed26abd7801688010a"
 
+[[package]]
+name = "syn"
+version = "0.15.44"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5"
+dependencies = [
+ "proc-macro2 0.4.30",
+ "quote 0.6.13",
+ "unicode-xid 0.1.0",
+]
+
 [[package]]
 name = "syn"
 version = "1.0.109"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "unicode-ident",
 ]
 
@@ -10510,8 +10956,8 @@ version = "2.0.90"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "919d3b74a5dd0ccd15aeb8f93e7006bd9e14c295087c9896a110f490752bcf31"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "unicode-ident",
 ]
 
@@ -10527,10 +10973,10 @@ version = "0.12.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
- "unicode-xid",
+ "unicode-xid 0.2.2",
 ]
 
 [[package]]
@@ -10539,8 +10985,8 @@ version = "0.13.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -10649,8 +11095,8 @@ version = "0.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0ee42b4e559f17bce0385ebf511a7beb67d5cc33c12c96b7f4e9789919d9c10f"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -10708,8 +11154,8 @@ checksum = "54c25e2cb8f5fcd7318157634e8838aa6f7e4715c96637f969fabaccd1ef5462"
 dependencies = [
  "cfg-if 1.0.0",
  "proc-macro-error",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -10720,8 +11166,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "37cfd7bbc88a0104e304229fba519bdc45501a30b760fb72240342f1289ad257"
 dependencies = [
  "proc-macro-error",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
  "test-case-core",
 ]
@@ -10765,8 +11211,8 @@ version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -10776,8 +11222,8 @@ version = "2.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d65750cab40f4ff1929fb1ba509e9914eb756131cef4210da8d5d700d26f6312"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -10922,8 +11368,8 @@ name = "tokio-macros"
 version = "2.1.0"
 source = "git+https://github.com/anza-xyz/solana-tokio.git?rev=7cf47705faacf7bf0e43e4131a5377b3291fce21#7cf47705faacf7bf0e43e4131a5377b3291fce21"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -11093,6 +11539,7 @@ dependencies = [
  "percent-encoding 2.3.1",
  "pin-project",
  "prost",
+ "rustls-native-certs 0.6.3",
  "rustls-pemfile 1.0.0",
  "tokio",
  "tokio-rustls",
@@ -11101,6 +11548,7 @@ dependencies = [
  "tower-layer",
  "tower-service",
  "tracing",
+ "webpki-roots 0.23.1",
 ]
 
 [[package]]
@@ -11110,9 +11558,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a6fdaae4c2c638bb70fe42803a26fbd6fc6ac8c72f5c59f67ecc2a2dcabf4b07"
 dependencies = [
  "prettyplease",
- "proc-macro2",
+ "proc-macro2 1.0.92",
  "prost-build",
- "quote",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -11166,8 +11614,8 @@ version = "0.1.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -11285,6 +11733,12 @@ dependencies = [
  "tinyvec",
 ]
 
+[[package]]
+name = "unicode-segmentation"
+version = "1.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f6ccf251212114b54433ec949fd6a7841275f9ada20dddd2f29e9ceea4501493"
+
 [[package]]
 name = "unicode-width"
 version = "0.1.9"
@@ -11297,6 +11751,12 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1fc81956842c57dac11422a97c3b8195a1ff727f06e85c84ed2e8aa277c9a0fd"
 
+[[package]]
+name = "unicode-xid"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc"
+
 [[package]]
 name = "unicode-xid"
 version = "0.2.2"
@@ -11396,6 +11856,12 @@ version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
 
+[[package]]
+name = "utf8parse"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
+
 [[package]]
 name = "valuable"
 version = "0.1.0"
@@ -11493,8 +11959,8 @@ checksum = "5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79"
 dependencies = [
  "bumpalo",
  "log",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
  "wasm-bindgen-shared",
 ]
@@ -11517,7 +11983,7 @@ version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2cc6181fd9a7492eef6fef1f33961e3695e4579b9872a6f7c83aee556666d4fe"
 dependencies = [
- "quote",
+ "quote 1.0.37",
  "wasm-bindgen-macro-support",
 ]
 
@@ -11527,8 +11993,8 @@ version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "30d7a95b763d3c45903ed6c81f156801839e5ee968bb07e534c44df0fcd330c2"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
@@ -11569,6 +12035,15 @@ dependencies = [
  "rustls-pki-types",
 ]
 
+[[package]]
+name = "webpki-roots"
+version = "0.23.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338"
+dependencies = [
+ "rustls-webpki 0.100.3",
+]
+
 [[package]]
 name = "webpki-roots"
 version = "0.24.0"
@@ -11902,6 +12377,12 @@ dependencies = [
  "linked-hash-map",
 ]
 
+[[package]]
+name = "yansi"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "09041cd90cf85f7f8b2df60c646f853b7f535ce68f85244eb6731cf89fa498ec"
+
 [[package]]
 name = "yoke"
 version = "0.7.4"
@@ -11920,8 +12401,8 @@ version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "28cc31741b18cb6f1d5ff12f5b7523e3d6eb0852bbbad19d73905511d9849b95"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
  "synstructure 0.13.1",
 ]
@@ -11941,8 +12422,8 @@ version = "0.7.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b3c129550b3e6de3fd0ba67ba5c81818f9805e58b8d7fee80a3a59d2c9fc601a"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -11961,8 +12442,8 @@ version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0ea7b4a3637ea8669cedf0f1fd5c286a17f3de97b8dd5a70a6c167a1730e63a5"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
  "synstructure 0.13.1",
 ]
@@ -11982,8 +12463,8 @@ version = "1.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
@@ -12004,8 +12485,8 @@ version = "0.10.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.90",
 ]
 
diff --git a/Cargo.toml b/Cargo.toml
index 043685c764..33cfcc3cb1 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -23,6 +23,7 @@ members = [
     "bucket_map",
     "builtins",
     "builtins-default-costs",
+    "bundle",
     "cargo-registry",
     "clap-utils",
     "clap-v3-utils",
@@ -49,6 +50,7 @@ members = [
     "gossip",
     "inline-spl",
     "install",
+    "jito-protos",
     "keygen",
     "lattice-hash",
     "ledger",
@@ -98,6 +100,7 @@ members = [
     "rpc-client-nonce-utils",
     "rpc-test",
     "runtime",
+    "runtime-plugin",
     "runtime-transaction",
     "sdk",
     "sdk/account",
@@ -198,6 +201,7 @@ members = [
     "thin-client",
     "timings",
     "tls-utils",
+    "tip-distributor",
     "tokens",
     "tps-client",
     "tpu-client",
@@ -223,7 +227,13 @@ members = [
     "zk-token-sdk",
 ]
 
-exclude = ["programs/sbf", "svm/examples", "svm/tests/example-programs"]
+exclude = [
+    "anchor",
+    "jito-programs",
+    "programs/sbf",
+    "svm/examples",
+    "svm/tests/example-programs",
+]
 
 resolver = "2"
 
@@ -250,6 +260,7 @@ aes-gcm-siv = "0.11.1"
 ahash = "0.8.11"
 anyhow = "1.0.94"
 arbitrary = "1.4.1"
+anchor-lang = { path = "anchor/lang" }
 ark-bn254 = "0.4.0"
 ark-ec = "0.4.0"
 ark-ff = "0.4.0"
@@ -340,6 +351,9 @@ jemallocator = { package = "tikv-jemallocator", version = "0.6.0", features = [
     "unprefixed_malloc_on_supported_platforms",
 ] }
 js-sys = "0.3.76"
+jito-protos = { path = "jito-protos", version = "=2.2.0" }
+jito-tip-distribution = { path = "jito-programs/mev-programs/programs/tip-distribution", features = ["no-entrypoint"] }
+jito-tip-payment = { path = "jito-programs/mev-programs/programs/tip-payment", features = ["no-entrypoint"] }
 json5 = "0.4.1"
 jsonrpc-core = "18.0.0"
 jsonrpc-core-client = "18.0.0"
@@ -348,6 +362,7 @@ jsonrpc-http-server = "18.0.0"
 jsonrpc-ipc-server = "18.0.0"
 jsonrpc-pubsub = "18.0.0"
 lazy-lru = "0.1.3"
+jsonrpc-server-utils = "18.0.0"
 lazy_static = "1.5.0"
 libc = "0.2.167"
 libloading = "0.7.4"
@@ -443,6 +458,7 @@ solana-bpf-loader-program = { path = "programs/bpf_loader", version = "=2.2.0" }
 solana-bucket-map = { path = "bucket_map", version = "=2.2.0" }
 solana-builtins = { path = "builtins", version = "=2.2.0" }
 solana-builtins-default-costs = { path = "builtins-default-costs", version = "=2.2.0" }
+solana-bundle = { path = "bundle", version = "=2.2.0" }
 agave-cargo-registry = { path = "cargo-registry", version = "=2.2.0" }
 solana-clap-utils = { path = "clap-utils", version = "=2.2.0" }
 solana-clap-v3-utils = { path = "clap-v3-utils", version = "=2.2.0" }
@@ -564,6 +580,7 @@ solana-rpc-client = { path = "rpc-client", version = "=2.2.0", default-features
 solana-rpc-client-api = { path = "rpc-client-api", version = "=2.2.0" }
 solana-rpc-client-nonce-utils = { path = "rpc-client-nonce-utils", version = "=2.2.0" }
 solana-runtime = { path = "runtime", version = "=2.2.0" }
+solana-runtime-plugin = { path = "runtime-plugin", version = "=2.2.0" }
 solana-runtime-transaction = { path = "runtime-transaction", version = "=2.2.0" }
 solana-sdk = { path = "sdk", version = "=2.2.0" }
 solana-sdk-ids = { path = "sdk/sdk-ids", version = "=2.2.0" }
diff --git a/README.md b/README.md
index de84929320..c254405c2e 100644
--- a/README.md
+++ b/README.md
@@ -4,12 +4,16 @@
   </a>
 </p>
 
-[![Solana crate](https://img.shields.io/crates/v/solana-core.svg)](https://crates.io/crates/solana-core)
-[![Solana documentation](https://docs.rs/solana-core/badge.svg)](https://docs.rs/solana-core)
-[![Build status](https://badge.buildkite.com/8cc350de251d61483db98bdfc895b9ea0ac8ffa4a32ee850ed.svg?branch=master)](https://buildkite.com/solana-labs/solana/builds?branch=master)
-[![codecov](https://codecov.io/gh/solana-labs/solana/branch/master/graph/badge.svg)](https://codecov.io/gh/solana-labs/solana)
+[![Build status](https://badge.buildkite.com/3a7c88c0f777e1a0fddacc190823565271ae4c251ef78d83a8.svg)](https://buildkite.com/jito/jito-solana)
 
-# Building
+# About
+
+This repository contains Jito's fork of the Solana validator.
+
+We recommend checking out our [Gitbook](https://jito-foundation.gitbook.io/mev/jito-solana/building-the-software) for
+more detailed instructions on building and running Jito-Solana.
+
+---
 
 ## **1. Install rustc, cargo and rustfmt.**
 
@@ -25,21 +29,27 @@ When building the master branch, please make sure you are using the latest stabl
 $ rustup update
 ```
 
-When building a specific release branch, you should check the rust version in `ci/rust-version.sh` and if necessary, install that version by running:
+When building a specific release branch, you should check the rust version in `ci/rust-version.sh` and if necessary,
+install that version by running:
+
 ```bash
 $ rustup install VERSION
 ```
-Note that if this is not the latest rust version on your machine, cargo commands may require an [override](https://rust-lang.github.io/rustup/overrides.html) in order to use the correct version.
+
+Note that if this is not the latest rust version on your machine, cargo commands may require
+an [override](https://rust-lang.github.io/rustup/overrides.html) in order to use the correct version.
 
 On Linux systems you may need to install libssl-dev, pkg-config, zlib1g-dev, protobuf etc.
 
 On Ubuntu:
+
 ```bash
 $ sudo apt-get update
 $ sudo apt-get install libssl-dev libudev-dev pkg-config zlib1g-dev llvm clang cmake make libprotobuf-dev protobuf-compiler
 ```
 
 On Fedora:
+
 ```bash
 $ sudo dnf install openssl-devel systemd-devel pkg-config zlib-devel llvm clang cmake make protobuf-devel protobuf-compiler perl-core
 ```
@@ -47,8 +57,8 @@ $ sudo dnf install openssl-devel systemd-devel pkg-config zlib-devel llvm clang
 ## **2. Download the source code.**
 
 ```bash
-$ git clone https://github.com/anza-xyz/agave.git
-$ cd agave
+$ git clone https://github.com/jito-foundation/jito-solana.git
+$ cd jito-solana
 ```
 
 ## **3. Build.**
@@ -75,7 +85,7 @@ Start your own testnet locally, instructions are in the [online docs](https://do
 ### Accessing the remote development cluster
 
 * `devnet` - stable public cluster for development accessible via
-devnet.solana.com. Runs 24/7. Learn more about the [public clusters](https://docs.solanalabs.com/clusters)
+  devnet.solana.com. Runs 24/7. Learn more about the [public clusters](https://docs.solanalabs.com/clusters)
 
 # Benchmarking
 
@@ -107,7 +117,7 @@ $ open target/cov/lcov-local/index.html
 
 Why coverage? While most see coverage as a code quality metric, we see it primarily as a developer
 productivity metric. When a developer makes a change to the codebase, presumably it's a *solution* to
-some problem.  Our unit-test suite is how we encode the set of *problems* the codebase solves. Running
+some problem. Our unit-test suite is how we encode the set of *problems* the codebase solves. Running
 the test suite should indicate that your change didn't *infringe* on anyone else's solutions. Adding a
 test *protects* your solution from future changes. Say you don't understand why a line of code exists,
 try deleting it and running the unit-tests. The nearest test failure should tell you what problem
@@ -116,3 +126,4 @@ problem is solved by this code?" On the other hand, if a test does fail and you
 better way to solve the same problem, a Pull Request with your solution would most certainly be
 welcome! Likewise, if rewriting a test can better communicate what code it's protecting, please
 send us that patch!
+
diff --git a/RELEASE.md b/RELEASE.md
index a862a0e410..9439ca3aa3 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -17,9 +17,10 @@
 ```
 
 ### master branch
+
 All new development occurs on the `master` branch.
 
-Bug fixes that affect a `vX.Y` branch are first made on `master`.  This is to
+Bug fixes that affect a `vX.Y` branch are first made on `master`. This is to
 allow a fix some soak time on `master` before it is applied to one or more
 stabilization branches.
 
@@ -29,7 +30,7 @@ release blocker in a branch causes you to forget to propagate back to
 `master`!)"
 
 Once the bug fix lands on `master` it is cherry-picked into the `vX.Y` branch
-and potentially the `vX.Y-1` branch.  The exception to this rule is when a bug
+and potentially the `vX.Y-1` branch. The exception to this rule is when a bug
 fix for `vX.Y` doesn't apply to `master` or `vX.Y-1`.
 
 Immediately after a new stabilization branch is forged, the `Cargo.toml` minor
@@ -38,10 +39,12 @@ Incrementing the major version of the `master` branch is outside the scope of
 this document.
 
 ### v*X.Y* stabilization branches
+
 These are stabilization branches. They are created from the `master` branch approximately
 every 13 weeks.
 
 ### v*X.Y.Z* release tag
+
 The release tags are created as desired by the owner of the given stabilization
 branch, and cause that *X.Y.Z* release to be shipped to https://crates.io
 
@@ -50,11 +53,13 @@ patch version number (*Z*) of the stabilization branch is incremented by the
 release engineer.
 
 ## Channels
+
 Channels are used by end-users (humans and bots) to consume the branches
 described in the previous section, so they may automatically update to the most
 recent version matching their desired stability.
 
 There are three release channels that map to branches as follows:
+
 * edge - tracks the `master` branch, least stable.
 * beta - tracks the largest (and latest) `vX.Y` stabilization branch, more stable.
 * stable - tracks the second largest `vX.Y` stabilization branch, most stable.
@@ -62,18 +67,20 @@ There are three release channels that map to branches as follows:
 ## Steps to Create a Branch
 
 ### Major release branch
+
 1. If the new branch will be the first branch of a new major release check that
-all eligible deprecated symbols have been removed. Our policy is to deprecate
-for at least one full minor version before removal.
+   all eligible deprecated symbols have been removed. Our policy is to deprecate
+   for at least one full minor version before removal.
 
 ### Create the new branch
+
 1. Check out the latest commit on `master` branch:
     ```
     git fetch --all
     git checkout upstream/master
     ```
-1. Determine the new branch name.  The name should be "v" + the first 2 version fields
-   from Cargo.toml.  For example, a Cargo.toml with version = "0.9.0" implies
+1. Determine the new branch name. The name should be "v" + the first 2 version fields
+   from Cargo.toml. For example, a Cargo.toml with version = "0.9.0" implies
    the next branch name is "v0.9".
 1. Create the new branch and push this branch to the `agave` repository:
     ```
@@ -85,7 +92,8 @@ Alternatively use the Github UI.
 
 ### Update master branch to the next release minor version
 
-1. After the new branch has been created and pushed, update the Cargo.toml files on **master** to the next semantic version (e.g. 0.9.0 -> 0.10.0) with:
+1. After the new branch has been created and pushed, update the Cargo.toml files on **master** to the next semantic
+   version (e.g. 0.9.0 -> 0.10.0) with:
      ```
      $ scripts/increment-cargo-version.sh minor
      ```
@@ -96,60 +104,82 @@ Alternatively use the Github UI.
     git commit -m 'Bump version to X.Y+1.0'
     git push -u origin version_update
     ```
-1. Confirm that your freshly cut release branch is shown as `BETA_CHANNEL` and the previous release branch as `STABLE_CHANNEL`:
+1. Confirm that your freshly cut release branch is shown as `BETA_CHANNEL` and the previous release branch
+   as `STABLE_CHANNEL`:
     ```
     ci/channel-info.sh
     ```
 
 ### Miscellaneous Clean up
 
-1. Pin the spl-token-cli version in the newly promoted stable branch by setting `splTokenCliVersion` in scripts/spl-token-cli-version.sh to the latest release that depends on the stable branch (usually this will be the latest spl-token-cli release).
-1. Update [mergify.yml](https://github.com/anza-xyz/agave/blob/master/.mergify.yml) to add backport actions for the new branch and remove actions for the obsolete branch.
-1. Adjust the [Github backport labels](https://github.com/anza-xyz/agave/labels) to add the new branch label and remove the label for the obsolete branch.
+1. Pin the spl-token-cli version in the newly promoted stable branch by setting `splTokenCliVersion` in
+   scripts/spl-token-cli-version.sh to the latest release that depends on the stable branch (usually this will be the
+   latest spl-token-cli release).
+1. Update [mergify.yml](https://github.com/jito-foundation/jito-solana/blob/master/.mergify.yml) to add backport actions
+   for the new branch and remove actions for the obsolete branch.
+1. Adjust the [Github backport labels](https://github.com/jito-foundation/jito-solana/labels) to add the new branch
+   label and remove the label for the obsolete branch.
 1. Announce on Discord #development that the release branch exists so people know to use the new backport labels.
 
 ## Steps to Create a Release
 
 ### Create the Release Tag on GitHub
 
-1. Go to [GitHub Releases](https://github.com/anza-xyz/agave/releases) for tagging a release.
-1. Click "Draft new release".  The release tag must exactly match the `version`
+1. Go to [GitHub Releases](https://github.com/jito-foundation/jito-solana/releases) for tagging a release.
+1. Click "Draft new release". The release tag must exactly match the `version`
    field in `/Cargo.toml` prefixed by `v`.
-   1.  If the Cargo.toml version field is **0.12.3**, then the release tag must be **v0.12.3**
+    1. If the Cargo.toml version field is **0.12.3**, then the release tag must be **v0.12.3**
 1. Make sure the Target Branch field matches the branch you want to make a release on.
-   1.  If you want to release v0.12.0, the target branch must be v0.12
+    1. If you want to release v0.12.0, the target branch must be v0.12
 1. Fill the release notes.
-   1.  If this is the first release on the branch (e.g. v0.13.**0**), paste in [this
-   template](https://raw.githubusercontent.com/anza-xyz/agave/master/.github/RELEASE_TEMPLATE.md).  Engineering Lead can provide summary contents for release notes if needed.
-   1. If this is a patch release, review all the commits since the previous release on this branch and add details as needed.
+    1. If this is the first release on the branch (e.g. v0.13.**0**), paste in [this
+       template](https://raw.githubusercontent.com/jito-foundation/jito-solana/master/.github/RELEASE_TEMPLATE.md).
+       Engineering Lead can provide summary contents for release notes if needed.
+    1. If this is a patch release, review all the commits since the previous release on this branch and add details as
+       needed.
 1. Click "Save Draft", then confirm the release notes look good and the tag name and branch are correct.
 1. Ensure all desired commits (usually backports) are landed on the branch by now.
-1. Ensure the release is marked **"This is a pre-release"**.  This flag will need to be removed manually after confirming the Linux binary artifacts appear at a later step.
+1. Ensure the release is marked **"This is a pre-release"**. This flag will need to be removed manually after confirming
+   the Linux binary artifacts appear at a later step.
 1. Go back into edit the release and click "Publish release" while being marked as a pre-release.
 1. Confirm there is new git tag with intended version number at the intended revision after running `git fetch` locally.
 
-
 ### Update release branch with the next patch version
 
-[This action](https://github.com/anza-xyz/agave/blob/master/.github/workflows/increment-cargo-version-on-release.yml) ensures that publishing a release will trigger the creation of a PR to update the Cargo.toml files on **release branch** to the next semantic version (e.g. 0.9.0 -> 0.9.1). Ensure that the created PR makes it through CI and gets submitted.
+[This action](https://github.com/jito-foundation/jito-solana/blob/master/.github/workflows/increment-cargo-version-on-release.yml)
+ensures that publishing a release will trigger the creation of a PR to update the Cargo.toml files on **release branch**
+to the next semantic version (e.g. 0.9.0 -> 0.9.1). Ensure that the created PR makes it through CI and gets submitted.
 
-Note: As of 2024-03-26 the above action is failing so version bumps are done manually. The version bump script is incorrectly updating hashbrown and proc-macro2 versions which should be reverted.
+Note: As of 2024-03-26 the above action is failing so version bumps are done manually. The version bump script is
+incorrectly updating hashbrown and proc-macro2 versions which should be reverted.
 
 ### Prepare for the next release
-1.  Go to [GitHub Releases](https://github.com/anza-xyz/agave/releases) and create a new draft release for `X.Y.Z+1` with empty release notes.  This allows people to incrementally add new release notes until it's time for the next release
+
+1. Go to [GitHub Releases](https://github.com/jito-foundation/jito-solana/releases) and create a new draft release
+   for `X.Y.Z+1` with empty release notes. This allows people to incrementally add new release notes until it's time for
+   the next release
     1. Also, point the branch field to the same branch and mark the release as **"This is a pre-release"**.
 
 ### Verify release automation success
-Go to [Agave Releases](https://github.com/anza-xyz/agave/releases) and click on the latest release that you just published.
-Verify that all of the build artifacts are present (15 assets), then uncheck **"This is a pre-release"** for the release.
+
+Go to [Agave Releases](https://github.com/jito-foundation/jito-solana/releases) and click on the latest release that you
+just published.
+Verify that all of the build artifacts are present (15 assets), then uncheck **"This is a pre-release"** for the
+release.
 
 Build artifacts can take up to 60 minutes after creating the tag before
-appearing.  To check for progress:
-* The `agave-secondary` Buildkite pipeline handles creating the Linux and macOS release artifacts and updated crates.  Look for a job under the tag name of the release: https://buildkite.com/anza-xyz/agave-secondary.
-* The Windows release artifacts are produced by GitHub Actions.  Look for a job under the tag name of the release: https://github.com/anza-xyz/agave/actions.
+appearing. To check for progress:
+
+* The `agave-secondary` Buildkite pipeline handles creating the Linux and macOS release artifacts and updated crates.
+  Look for a job under the tag name of the release: https://buildkite.com/jito-foundation/jito-solana-secondary.
+* The Windows release artifacts are produced by GitHub Actions. Look for a job under the tag name of the
+  release: https://github.com/jito-foundation/jito-solana/actions.
 
-[Crates.io agave-validator](https://crates.io/crates/agave-validator) should have an updated agave-validator version.  This can take 2-3 hours, and sometimes fails in the `agave-secondary` job.
+[Crates.io agave-validator](https://crates.io/crates/agave-validator) should have an updated agave-validator version.
+This can take 2-3 hours, and sometimes fails in the `agave-secondary` job.
 If this happens and the error is non-fatal, click "Retry" on the "publish crate" job
 
 ### Update software on testnet.solana.com
-See the documentation at https://github.com/solana-labs/cluster-ops/. devnet.solana.com and mainnet-beta.solana.com run stable releases that have been tested on testnet. Do not update devnet or mainnet-beta with a beta release.
+
+See the documentation at https://github.com/solana-labs/cluster-ops/. devnet.solana.com and mainnet-beta.solana.com run
+stable releases that have been tested on testnet. Do not update devnet or mainnet-beta with a beta release.
diff --git a/SECURITY.md b/SECURITY.md
index b1c8981064..a98d681f51 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,181 +1,4 @@
-# Security Policy
+# Jito-Solana Security
 
-1. [Reporting security problems](#reporting)
-4. [Security Bug Bounties](#bounty)
-2. [Incident Response Process](#process)
-
-<a name="reporting"></a>
-## Reporting security problems in the Agave Validator
-
-**DO NOT CREATE A GITHUB ISSUE** to report a security problem.
-
-Instead please use this [Report a Vulnerability](https://github.com/anza-xyz/agave/security/advisories/new) link.
-Provide a helpful title, detailed description of the vulnerability and an exploit
-proof-of-concept. Speculative submissions without proof-of-concept will be closed
-with no further consideration.
-
-Please refer to the
-[Solana Program Library (SPL) security policy](https://github.com/solana-labs/solana-program-library/security/policy)
-for vulnerabilities regarding SPL programs such as SPL Token.
-
-If you haven't done so already, please **enable two-factor auth** in your GitHub account.
-
-Expect a response as fast as possible in the advisory, typically within 72 hours.
-
---
-
-If you do not receive a response in the advisory, send an email to
-security@anza.xyz with the full URL of the advisory you have created.  DO NOT
-include attachments or provide detail sufficient for exploitation regarding the
-security issue in this email. **Only provide such details in the advisory**.
-
-If you do not receive a response from security@anza.xyz please followup with
-the team directly. You can do this in the `#core-technology` channel of the
-[Solana Tech discord server](https://solana.com/discord), by pinging the `Anza`
-role in the channel and referencing the fact that you submitted a security problem.
-
-<a name="process"></a>
-## Incident Response Process
-
-In case an incident is discovered or reported, the following process will be
-followed to contain, respond and remediate:
-
-### 1. Accept the new report
-In response a newly reported security problem, a member of the
-`anza-xyz/admins` group will accept the report to turn it into a draft
-advisory.  The `anza-xyz/security-incident-response` group should be added to
-the draft security advisory, and create a private fork of the repository (grey
-button towards the bottom of the page) if necessary.
-
-If the advisory is the result of an audit finding, follow the same process as above but add the auditor's github user(s) and begin the title with "[Audit]".
-
-If the report is out of scope, a member of the `anza-xyz/admins` group will
-comment as such and then close the report.
-
-### 2. Triage
-Within the draft security advisory, discuss and determine the severity of the issue. If necessary, members of the anza-xyz/security-incident-response group may add other github users to the advisory to assist.
-If it is determined that this is not a critical network issue then the advisory should be closed and if more follow-up is required a normal Solana public github issue should be created.
-
-### 3. Prepare Fixes
-For the affected branches, typically all three (edge, beta and stable), prepare a fix for the issue and push them to the corresponding branch in the private repository associated with the draft security advisory.
-There is no CI available in the private repository so you must build from source and manually verify fixes.
-Code review from the reporter is ideal, as well as from multiple members of the core development team.
-
-### 4. Notify Security Group Validators
-Once an ETA is available for the fix, a member of the anza-xyz/security-incident-response group should notify the validators so they can prepare for an update using the "Solana Red Alert" notification system.
-The teams are all over the world and it's critical to provide actionable information at the right time. Don't be the person that wakes everybody up at 2am when a fix won't be available for hours.
-
-### 5. Ship the patch
-Once the fix is accepted it may be distributed directly to validators as a patch, depending on the vulnerability.
-
-### 6. Public Disclosure and Release
-Once the fix has been deployed to the security group validators, the patches from the security advisory may be merged into the main source repository. A new official release for each affected branch should be shipped and all validators requested to upgrade as quickly as possible.
-
-### 7. Security Advisory Bounty Accounting and Cleanup
-If this issue is [eligible](#eligibility) for a bounty, prefix the title of the
-security advisory with one of the following, depending on the severity:
-- [Bounty Category: Critical: Loss of Funds]
-- [Bounty Category: Critical: Consensus / Safety Violations]
-- [Bounty Category: Critical: Liveness / Loss of Availability]
-- [Bounty Category: Critical: DoS Attacks]
-- [Bounty Category: Supply Chain Attacks]
-- [Bounty Category: RPC]
-
-Confirm with the reporter that they agree with the severity assessment, and discuss as required to reach a conclusion.
-
-We currently do not use the Github workflow to publish security advisories. Once the issue and fix have been disclosed, and a bounty category is assessed if appropriate, the GitHub security advisory is no longer needed and can be closed.
-
-<a name="bounty"></a>
-## Security Bug Bounties
-At its sole discretion, the Solana Foundation may offer a bounty for
-[valid reports](#reporting) of critical Solana vulnerabilities. Please see below
-for more details. The submitter is not required to provide a
-mitigation to qualify.
-
-#### IMPORTANT | PLEASE NOTE
-_Beginning February 1st 2024, the Security bounty program payouts will be updated in the following ways:_
-- _Bug Bounty rewards will be denominated in SOL tokens, rather than USD value._
-_This change is to better reflect for changing value of the Solana network._
-- _Categories will now have a discretionary range to distinguish the varying severity_
-_and impact of bugs reported within each broader category._
-
-_Note: Payments will continue to be paid out in 12-month locked SOL._
-
-
-#### Loss of Funds:
-_Max: 25,000 SOL tokens. Min: 6,250 SOL tokens_
-
-* Theft of funds without users signature from any account
-* Theft of funds without users interaction in system, stake, vote programs
-* Theft of funds that requires users signature - creating a vote program that drains the delegated stakes.
-
-#### Consensus/Safety Violations:
-_Max: 12,500 SOL tokens. Min: 3,125 SOL tokens_
-
-* Consensus safety violation
-* Tricking a validator to accept an optimistic confirmation or rooted slot without a double vote, etc.
-
-#### Liveness / Loss of Availability:
-_Max: 5,000 SOL tokens. Min: 1,250 SOL tokens_
-
-* Whereby consensus halts and requires human intervention
-* Eclipse attacks,
-* Remote attacks that partition the network,
-
-#### DoS Attacks:
-_Max: 1,250 SOL tokens. Min: 315 SOL tokens_
-
-* Remote resource exhaustion via Non-RPC protocols
-
-#### Supply Chain Attacks:
-_Max: 1,250 SOL tokens. Min: 315 SOL tokens_
-
-* Non-social attacks against source code change management, automated testing, release build, release publication and release hosting infrastructure of the monorepo.
-
-#### RPC DoS/Crashes:
-_Max: 65 SOL tokens. Min: 20 SOL tokens_
-
-* RPC attacks
-
-### Out of Scope:
-The following components are out of scope for the bounty program
-* Metrics: `/metrics` in the monorepo as well as https://metrics.solana.com
-* Any encrypted credentials, auth tokens, etc. checked into the repo
-* Bugs in dependencies. Please take them upstream!
-* Attacks that require social engineering
-* Any undeveloped automated tooling (scanners, etc) results. (OK with developed PoC)
-* Any asset whose source code does not exist in this repository (including, but not limited
-to, any and all web properties not explicitly listed on this page)
-* Programs in the Solana Program Library, such as SPL Token. Please refer to the
-[SPL security policy](https://github.com/solana-labs/solana-program-library/security/policy).
-
-### Eligibility:
-* Submissions _MUST_ include an exploit proof-of-concept to be considered eligible
-* The participant submitting the bug report shall follow the process outlined within this document
-* Valid exploits can be eligible even if they are not successfully executed on a public cluster
-* Multiple submissions for the same class of exploit are still eligible for compensation, though may be compensated at a lower rate, however these will be assessed on a case-by-case basis
-* Participants must complete KYC and sign the participation agreement here when the registrations are open https://solana.foundation/kyc. Security exploits will still be assessed and open for submission at all times. This needs only be done prior to distribution of tokens.
-
-### Duplicate Reports
-Compensation for duplicative reports will be split among reporters with first to report taking priority using the following equation
-```
-R: total reports
-ri: report priority
-bi: bounty share
-
-bi = 2 ^ (R - ri) / ((2^R) - 1)
-```
-#### Bounty Split Examples
-| total reports | priority | share  |   | total reports | priority | share  |   | total reports | priority | share  |
-| ------------- | -------- | -----: | - | ------------- | -------- | -----: | - | ------------- | -------- | -----: |
-| 1             | 1        | 100%   |   | 2             | 1        | 66.67% |   | 5             | 1        | 51.61% |
-|               |          |        |   | 2             | 2        | 33.33% |   | 5             | 2        | 25.81% |
-| 4             | 1        | 53.33% |   |               |          |        |   | 5             | 3        | 12.90% |
-| 4             | 2        | 26.67% |   | 3             | 1        | 57.14% |   | 5             | 4        |  6.45% |
-| 4             | 3        | 13.33% |   | 3             | 2        | 28.57% |   | 5             | 5        |  3.23% |
-| 4             | 4        |  6.67% |   | 3             | 3        | 14.29% |   |               |          |        |
-
-### Payment of Bug Bounties:
-* Bounties are currently awarded on a rolling/weekly basis and paid out within 30 days upon receipt of an invoice.
-* Bug bounties that are paid out in SOL are paid to stake accounts with a lockup expiring 12 months from the date of delivery of SOL.
-* **Note: payment notices need to be sent to ap@solana.org within 90 days of receiving payment advice instructions.** Failure to do so may result in forfeiture of the bug bounty reward.
+The bug bounty program for Jito-Solana is managed by Immunefi. More details can be
+found [here](https://immunefi.com/bug-bounty/jito/information/).
diff --git a/accounts-db/src/account_locks.rs b/accounts-db/src/account_locks.rs
index fc2fba7292..6a9bb5568f 100644
--- a/accounts-db/src/account_locks.rs
+++ b/accounts-db/src/account_locks.rs
@@ -24,13 +24,26 @@ impl AccountLocks {
     pub fn try_lock_accounts<'a>(
         &mut self,
         keys: impl Iterator<Item = (&'a Pubkey, bool)> + Clone,
+        additional_read_locks: Option<&std::collections::HashSet<Pubkey>>,
+        additional_write_locks: Option<&std::collections::HashSet<Pubkey>>,
     ) -> Result<(), TransactionError> {
         for (key, writable) in keys.clone() {
             if writable {
-                if !self.can_write_lock(key) {
+                if !self.can_write_lock(key)
+                    || additional_read_locks
+                        .map(|s| s.contains(key))
+                        .unwrap_or(false)
+                    || additional_write_locks
+                        .map(|s| s.contains(key))
+                        .unwrap_or(false)
+                {
                     return Err(TransactionError::AccountInUse);
                 }
-            } else if !self.can_read_lock(key) {
+            } else if !self.can_read_lock(key)
+                || additional_write_locks
+                    .map(|s| s.contains(key))
+                    .unwrap_or(false)
+            {
                 return Err(TransactionError::AccountInUse);
             }
         }
diff --git a/accounts-db/src/accounts.rs b/accounts-db/src/accounts.rs
index 6afb3b7ce9..4ff459fb71 100644
--- a/accounts-db/src/accounts.rs
+++ b/accounts-db/src/accounts.rs
@@ -1,3 +1,4 @@
+use solana_sdk::transaction::TransactionError;
 use {
     crate::{
         account_locks::{validate_account_locks, AccountLocks},
@@ -37,12 +38,12 @@ use {
 
 pub type PubkeyAccountSlot = (Pubkey, AccountSharedData, Slot);
 
-struct TransactionAccountLocksIterator<'a, T: SVMMessage> {
+pub struct TransactionAccountLocksIterator<'a, T: SVMMessage> {
     transaction: &'a T,
 }
 
 impl<'a, T: SVMMessage> TransactionAccountLocksIterator<'a, T> {
-    pub(crate) fn new(transaction: &'a T) -> Self {
+    pub fn new(transaction: &'a T) -> Self {
         Self { transaction }
     }
 
@@ -570,7 +571,7 @@ impl Accounts {
                     .map(|_| TransactionAccountLocksIterator::new(tx))
             })
             .collect();
-        self.lock_accounts_inner(tx_account_locks_results)
+        self.lock_accounts_inner(tx_account_locks_results, None, None)
     }
 
     #[must_use]
@@ -579,6 +580,8 @@ impl Accounts {
         txs: impl Iterator<Item = &'a (impl SVMMessage + 'a)>,
         results: impl Iterator<Item = Result<()>>,
         tx_account_lock_limit: usize,
+        additional_read_locks: Option<&HashSet<Pubkey>>,
+        additional_write_locks: Option<&HashSet<Pubkey>>,
     ) -> Vec<Result<()>> {
         // Validate the account locks, then get iterator if successful validation.
         let tx_account_locks_results: Vec<Result<_>> = txs
@@ -589,21 +592,29 @@ impl Accounts {
                 Err(err) => Err(err),
             })
             .collect();
-        self.lock_accounts_inner(tx_account_locks_results)
+        self.lock_accounts_inner(
+            tx_account_locks_results,
+            additional_read_locks,
+            additional_write_locks,
+        )
     }
 
     #[must_use]
     fn lock_accounts_inner(
         &self,
         tx_account_locks_results: Vec<Result<TransactionAccountLocksIterator<impl SVMMessage>>>,
+        additional_read_locks: Option<&HashSet<Pubkey>>,
+        additional_write_locks: Option<&HashSet<Pubkey>>,
     ) -> Vec<Result<()>> {
         let account_locks = &mut self.account_locks.lock().unwrap();
         tx_account_locks_results
             .into_iter()
             .map(|tx_account_locks_result| match tx_account_locks_result {
-                Ok(tx_account_locks) => {
-                    account_locks.try_lock_accounts(tx_account_locks.accounts_with_is_writable())
-                }
+                Ok(tx_account_locks) => account_locks.try_lock_accounts(
+                    tx_account_locks.accounts_with_is_writable(),
+                    additional_read_locks,
+                    additional_write_locks,
+                ),
                 Err(err) => Err(err),
             })
             .collect()
@@ -646,6 +657,57 @@ impl Accounts {
     pub fn add_root(&self, slot: Slot) -> AccountsAddRootTiming {
         self.accounts_db.add_root(slot)
     }
+
+    pub fn lock_accounts_sequential_with_results<Tx: SVMMessage>(
+        &self,
+        txs: &[Tx],
+        tx_account_lock_limit: usize,
+    ) -> Vec<Result<()>> {
+        let tx_account_locks_results: Vec<_> = txs
+            .iter()
+            .map(|tx| {
+                validate_account_locks(tx.account_keys(), tx_account_lock_limit)
+                    .map(|_| TransactionAccountLocksIterator::new(tx))
+            })
+            .collect();
+        self.lock_accounts_sequential_inner(tx_account_locks_results)
+    }
+
+    #[must_use]
+    fn lock_accounts_sequential_inner<Tx: SVMMessage>(
+        &self,
+        tx_account_locks_results: Vec<Result<TransactionAccountLocksIterator<Tx>>>,
+    ) -> Vec<Result<()>> {
+        let mut l_account_locks = self.account_locks.lock().unwrap();
+        Self::lock_accounts_sequential(&mut l_account_locks, tx_account_locks_results)
+    }
+
+    pub fn lock_accounts_sequential<Tx: SVMMessage>(
+        account_locks: &mut AccountLocks,
+        tx_account_locks_results: Vec<Result<TransactionAccountLocksIterator<Tx>>>,
+    ) -> Vec<Result<()>> {
+        let mut account_in_use_set = false;
+        tx_account_locks_results
+            .into_iter()
+            .map(|tx_account_locks_result| match tx_account_locks_result {
+                Ok(tx_account_locks) => match account_in_use_set {
+                    true => Err(TransactionError::AccountInUse),
+                    false => {
+                        let locked = account_locks.try_lock_accounts(
+                            tx_account_locks.accounts_with_is_writable(),
+                            None,
+                            None,
+                        );
+                        if matches!(locked, Err(TransactionError::AccountInUse)) {
+                            account_in_use_set = true;
+                        }
+                        locked
+                    }
+                },
+                Err(err) => Err(err),
+            })
+            .collect()
+    }
 }
 
 #[cfg(test)]
@@ -1258,6 +1320,8 @@ mod tests {
             txs.iter(),
             qos_results.into_iter(),
             MAX_TX_ACCOUNT_LOCKS,
+            None,
+            None,
         );
 
         assert_eq!(
diff --git a/anchor b/anchor
new file mode 160000
index 0000000000..4f52f41cbe
--- /dev/null
+++ b/anchor
@@ -0,0 +1 @@
+Subproject commit 4f52f41cbeafb77d85c7b712516dfbeb5b86dd5f
diff --git a/banking-bench/src/main.rs b/banking-bench/src/main.rs
index 57f768e277..fb4d55b1b1 100644
--- a/banking-bench/src/main.rs
+++ b/banking-bench/src/main.rs
@@ -9,6 +9,7 @@ use {
     solana_core::{
         banking_stage::BankingStage,
         banking_trace::{BankingPacketBatch, BankingTracer, BANKING_TRACE_DIR_DEFAULT_BYTE_LIMIT},
+        bundle_stage::bundle_account_locker::BundleAccountLocker,
         validator::BlockProductionMethod,
     },
     solana_gossip::cluster_info::{ClusterInfo, Node},
@@ -37,6 +38,7 @@ use {
     solana_streamer::socket::SocketAddrSpace,
     solana_tpu_client::tpu_client::DEFAULT_TPU_CONNECTION_POOL_SIZE,
     std::{
+        collections::HashSet,
         sync::{atomic::Ordering, Arc, RwLock},
         thread::sleep,
         time::{Duration, Instant},
@@ -58,9 +60,15 @@ fn check_txs(
     let now = Instant::now();
     let mut no_bank = false;
     loop {
-        if let Ok((_bank, (entry, _tick_height))) = receiver.recv_timeout(Duration::from_millis(10))
+        if let Ok(WorkingBankEntry {
+            bank: _,
+            entries_ticks,
+        }) = receiver.recv_timeout(Duration::from_millis(10))
         {
-            total += entry.transactions.len();
+            total += entries_ticks
+                .iter()
+                .map(|e| e.0.transactions.len())
+                .sum::<usize>();
         }
         if total >= ref_tx_count {
             break;
@@ -476,6 +484,8 @@ fn main() {
         bank_forks.clone(),
         &Arc::new(PrioritizationFeeCache::new(0u64)),
         false,
+        HashSet::default(),
+        BundleAccountLocker::default(),
     );
 
     // This is so that the signal_receiver does not go out of scope after the closure.
diff --git a/banks-server/Cargo.toml b/banks-server/Cargo.toml
index bb36365c34..bd8619d1c4 100644
--- a/banks-server/Cargo.toml
+++ b/banks-server/Cargo.toml
@@ -16,6 +16,7 @@ futures = { workspace = true }
 solana-banks-interface = { workspace = true }
 solana-client = { workspace = true }
 solana-feature-set = { workspace = true }
+solana-gossip = { workspace = true }
 solana-runtime = { workspace = true }
 solana-runtime-transaction = { workspace = true }
 solana-sdk = { workspace = true }
diff --git a/banks-server/src/banks_server.rs b/banks-server/src/banks_server.rs
index 46bdfa6c5f..ffc3bd3901 100644
--- a/banks-server/src/banks_server.rs
+++ b/banks-server/src/banks_server.rs
@@ -9,6 +9,7 @@ use {
     },
     solana_client::connection_cache::ConnectionCache,
     solana_feature_set::{move_precompile_verification_to_svm, FeatureSet},
+    solana_gossip::cluster_info::ClusterInfo,
     solana_runtime::{
         bank::{Bank, TransactionSimulationResult},
         bank_forks::BankForks,
@@ -431,7 +432,7 @@ pub async fn start_local_server(
 
 pub async fn start_tcp_server(
     listen_addr: SocketAddr,
-    tpu_addr: SocketAddr,
+    cluster_info: Arc<ClusterInfo>,
     bank_forks: Arc<RwLock<BankForks>>,
     block_commitment_cache: Arc<RwLock<BlockCommitmentCache>>,
     connection_cache: Arc<ConnectionCache>,
@@ -455,9 +456,15 @@ pub async fn start_tcp_server(
         .map(move |chan| {
             let (sender, receiver) = unbounded();
 
+<<<<<<< HEAD
             let client = ConnectionCacheClient::<NullTpuInfo>::new(
                 connection_cache.clone(),
                 tpu_addr,
+=======
+            SendTransactionService::new::<NullTpuInfo>(
+                cluster_info.clone(),
+                &bank_forks,
+>>>>>>> 1742826fca (jito patch)
                 None,
                 None,
                 0,
diff --git a/bootstrap b/bootstrap
new file mode 100755
index 0000000000..d9b1eed6f4
--- /dev/null
+++ b/bootstrap
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -eu
+
+BANK_HASH=$(cargo run --release --bin solana-ledger-tool -- -l config/bootstrap-validator bank-hash)
+
+# increase max file handle limit
+ulimit -Hn 1000000
+
+# if above fails, run:
+# sudo bash -c 'echo "*               hard    nofile          1000000" >> /etc/security/limits.conf'
+
+# NOTE: make sure tip-payment and tip-distribution program are deployed using the correct pubkeys
+RUST_LOG=INFO,solana_core::bundle_stage=DEBUG \
+  NDEBUG=1 ./multinode-demo/bootstrap-validator.sh \
+  --wait-for-supermajority 0 \
+  --expected-bank-hash "$BANK_HASH" \
+  --block-engine-url http://127.0.0.1 \
+  --relayer-url http://127.0.0.1:11226 \
+  --rpc-pubsub-enable-block-subscription \
+  --enable-rpc-transaction-history \
+  --tip-payment-program-pubkey T1pyyaTNZsKv2WcRAB8oVnk93mLJw2XzjtVYqCsaHqt \
+  --tip-distribution-program-pubkey 4R3gSG8BpU4t19KYj8CfnbtRpnT8gtk4dvTHxVRwc2r7 \
+  --commission-bps 0 \
+  --shred-receiver-address 127.0.0.1:1002 \
+  --trust-relayer-packets \
+  --trust-block-engine-packets
diff --git a/bundle/Cargo.toml b/bundle/Cargo.toml
new file mode 100644
index 0000000000..7b2860e44b
--- /dev/null
+++ b/bundle/Cargo.toml
@@ -0,0 +1,38 @@
+[package]
+name = "solana-bundle"
+description = "Library related to handling bundles"
+documentation = "https://docs.rs/solana-bundle"
+readme = "../README.md"
+version = { workspace = true }
+authors = { workspace = true }
+repository = { workspace = true }
+homepage = { workspace = true }
+license = { workspace = true }
+edition = { workspace = true }
+
+[dependencies]
+anchor-lang = { workspace = true }
+itertools = { workspace = true }
+log = { workspace = true }
+serde = { workspace = true }
+solana-accounts-db = { workspace = true }
+solana-ledger = { workspace = true }
+solana-logger = { workspace = true }
+solana-measure = { workspace = true }
+solana-poh = { workspace = true }
+solana-program-runtime = { workspace = true }
+solana-runtime = { workspace = true }
+solana-sdk = { workspace = true }
+solana-svm = { workspace = true }
+solana-timings = { workspace = true }
+solana-transaction-status = { workspace = true }
+thiserror = { workspace = true }
+
+[dev-dependencies]
+assert_matches = { workspace = true }
+solana-logger = { workspace = true }
+solana-runtime = { workspace = true, features = ["dev-context-only-utils"] }
+
+[lib]
+crate-type = ["lib"]
+name = "solana_bundle"
diff --git a/bundle/src/bundle_execution.rs b/bundle/src/bundle_execution.rs
new file mode 100644
index 0000000000..dd8b6d38fc
--- /dev/null
+++ b/bundle/src/bundle_execution.rs
@@ -0,0 +1,1237 @@
+use {
+    itertools::izip,
+    log::*,
+    solana_ledger::token_balances::collect_token_balances,
+    solana_measure::{measure::Measure, measure_us},
+    solana_runtime::{
+        bank::{Bank, LoadAndExecuteTransactionsOutput, TransactionBalances},
+        transaction_batch::TransactionBatch,
+    },
+    solana_sdk::{
+        account::AccountSharedData,
+        bundle::SanitizedBundle,
+        nonce::state::DurableNonce,
+        pubkey::Pubkey,
+        saturating_add_assign,
+        signature::Signature,
+        transaction::{SanitizedTransaction, TransactionError, VersionedTransaction},
+    },
+    solana_svm::{
+        account_loader::TransactionLoadResult,
+        account_overrides::AccountOverrides,
+        transaction_processing_callback::TransactionProcessingCallback,
+        transaction_processor::{ExecutionRecordingConfig, TransactionProcessingConfig},
+    },
+    solana_timings::ExecuteTimings,
+    solana_transaction_status::token_balances::TransactionTokenBalances,
+    std::{
+        cmp::{max, min},
+        time::{Duration, Instant},
+    },
+    thiserror::Error,
+};
+
+#[derive(Clone, Default)]
+pub struct BundleExecutionMetrics {
+    pub num_retries: u64,
+    pub collect_balances_us: u64,
+    pub load_execute_us: u64,
+    pub collect_pre_post_accounts_us: u64,
+    pub cache_accounts_us: u64,
+    pub execute_timings: ExecuteTimings,
+}
+
+/// Contains the results from executing each TransactionBatch with a final result associated with it
+/// Note that if !result.is_ok(), bundle_transaction_results will not contain the output for every transaction.
+pub struct LoadAndExecuteBundleOutput<'a> {
+    bundle_transaction_results: Vec<BundleTransactionsOutput<'a>>,
+    result: LoadAndExecuteBundleResult<()>,
+    metrics: BundleExecutionMetrics,
+}
+
+impl<'a> LoadAndExecuteBundleOutput<'a> {
+    pub fn executed_ok(&self) -> bool {
+        self.result.is_ok()
+    }
+
+    pub fn result(&self) -> &LoadAndExecuteBundleResult<()> {
+        &self.result
+    }
+
+    pub fn bundle_transaction_results_mut(&mut self) -> &'a mut [BundleTransactionsOutput] {
+        &mut self.bundle_transaction_results
+    }
+
+    pub fn bundle_transaction_results(&self) -> &'a [BundleTransactionsOutput] {
+        &self.bundle_transaction_results
+    }
+
+    pub fn executed_transaction_batches(&self) -> Vec<Vec<VersionedTransaction>> {
+        self.bundle_transaction_results
+            .iter()
+            .map(|br| br.executed_versioned_transactions())
+            .collect()
+    }
+
+    pub fn metrics(&self) -> BundleExecutionMetrics {
+        self.metrics.clone()
+    }
+}
+
+#[derive(Clone, Debug, Error)]
+pub enum LoadAndExecuteBundleError {
+    #[error("Bundle execution timed out")]
+    ProcessingTimeExceeded(Duration),
+
+    #[error(
+        "A transaction in the bundle encountered a lock error: [signature={:?}, transaction_error={:?}]",
+        signature,
+        transaction_error
+    )]
+    LockError {
+        signature: Signature,
+        transaction_error: TransactionError,
+    },
+
+    #[error(
+        "A transaction in the bundle failed to execute: [signature={:?}, execution_result={:?}",
+        signature,
+        execution_result
+    )]
+    TransactionError {
+        signature: Signature,
+        // Box reduces the size between variants in the Error
+        execution_result: Box<TransactionExecutionResult>,
+    },
+
+    #[error("Invalid pre or post accounts")]
+    InvalidPreOrPostAccounts,
+}
+
+pub struct BundleTransactionsOutput<'a> {
+    transactions: &'a [SanitizedTransaction],
+    load_and_execute_transactions_output: LoadAndExecuteTransactionsOutput,
+    pre_balance_info: PreBalanceInfo,
+    post_balance_info: (TransactionBalances, TransactionTokenBalances),
+    // the length of the outer vector should be the same as transactions.len()
+    // for indices that didn't get executed, expect a None.
+    pre_tx_execution_accounts: Vec<Option<Vec<(Pubkey, AccountSharedData)>>>,
+    post_tx_execution_accounts: Vec<Option<Vec<(Pubkey, AccountSharedData)>>>,
+}
+
+impl<'a> BundleTransactionsOutput<'a> {
+    pub fn executed_versioned_transactions(&self) -> Vec<VersionedTransaction> {
+        self.transactions
+            .iter()
+            .zip(
+                self.load_and_execute_transactions_output
+                    .execution_results
+                    .iter(),
+            )
+            .filter_map(|(tx, exec_result)| {
+                exec_result
+                    .was_executed()
+                    .then_some(tx.to_versioned_transaction())
+            })
+            .collect()
+    }
+
+    pub fn executed_transactions(&self) -> Vec<&'a SanitizedTransaction> {
+        self.transactions
+            .iter()
+            .zip(
+                self.load_and_execute_transactions_output
+                    .execution_results
+                    .iter(),
+            )
+            .filter_map(|(tx, exec_result)| exec_result.was_executed().then_some(tx))
+            .collect()
+    }
+
+    pub fn load_and_execute_transactions_output(&self) -> &LoadAndExecuteTransactionsOutput {
+        &self.load_and_execute_transactions_output
+    }
+
+    pub fn transactions(&self) -> &[SanitizedTransaction] {
+        self.transactions
+    }
+
+    pub fn loaded_transactions_mut(&mut self) -> &mut [TransactionLoadResult] {
+        &mut self
+            .load_and_execute_transactions_output
+            .loaded_transactions
+    }
+
+    pub fn execution_results(&self) -> &[TransactionExecutionResult] {
+        &self.load_and_execute_transactions_output.execution_results
+    }
+
+    pub fn pre_balance_info(&mut self) -> &mut PreBalanceInfo {
+        &mut self.pre_balance_info
+    }
+
+    pub fn post_balance_info(&self) -> &(TransactionBalances, TransactionTokenBalances) {
+        &self.post_balance_info
+    }
+
+    pub fn pre_tx_execution_accounts(&self) -> &Vec<Option<Vec<(Pubkey, AccountSharedData)>>> {
+        &self.pre_tx_execution_accounts
+    }
+
+    pub fn post_tx_execution_accounts(&self) -> &Vec<Option<Vec<(Pubkey, AccountSharedData)>>> {
+        &self.post_tx_execution_accounts
+    }
+}
+
+pub type LoadAndExecuteBundleResult<T> = Result<T, LoadAndExecuteBundleError>;
+
+/// Return an Error if a transaction was executed and reverted
+/// NOTE: `execution_results` are zipped with `sanitized_txs` so it's expected a sanitized tx at
+/// position i has a corresponding execution result at position i within the `execution_results`
+/// slice
+pub fn check_bundle_execution_results<'a>(
+    execution_results: &'a [TransactionExecutionResult],
+    sanitized_txs: &'a [SanitizedTransaction],
+) -> Result<(), (&'a SanitizedTransaction, &'a TransactionExecutionResult)> {
+    for (exec_results, sanitized_tx) in execution_results.iter().zip(sanitized_txs) {
+        match exec_results {
+            TransactionExecutionResult::Executed { details, .. } => {
+                if details.status.is_err() {
+                    return Err((sanitized_tx, exec_results));
+                }
+            }
+            TransactionExecutionResult::NotExecuted(e) => {
+                if !matches!(e, TransactionError::AccountInUse) {
+                    return Err((sanitized_tx, exec_results));
+                }
+            }
+        }
+    }
+    Ok(())
+}
+
+/// Executing a bundle is somewhat complicated compared to executing single transactions. In order to
+/// avoid duplicate logic for execution and simulation, this function can be leveraged.
+///
+/// Assumptions for the caller:
+/// - all transactions were signed properly
+/// - user has deduplicated transactions inside the bundle
+///
+/// TODO (LB):
+/// - given a bundle with 3 transactions that write lock the following accounts: [A, B, C], on failure of B
+///   we should add in the BundleTransactionsOutput of A and C and return the error for B.
+#[allow(clippy::too_many_arguments)]
+pub fn load_and_execute_bundle<'a>(
+    bank: &Bank,
+    bundle: &'a SanitizedBundle,
+    // Max blockhash age
+    max_age: usize,
+    // Upper bound on execution time for a bundle
+    max_processing_time: &Duration,
+    transaction_status_sender_enabled: bool,
+    log_messages_bytes_limit: &Option<usize>,
+    // simulation will not use the Bank's account locks when building the TransactionBatch
+    // if simulating on an unfrozen bank, this is helpful to avoid stalling replay and use whatever
+    // state the accounts are in at the current time
+    is_simulation: bool,
+    account_overrides: Option<&mut AccountOverrides>,
+    // these must be the same length as the bundle's transactions
+    // allows one to read account state before and after execution of each transaction in the bundle
+    // will use AccountsOverride + Bank
+    pre_execution_accounts: &[Option<Vec<Pubkey>>],
+    post_execution_accounts: &[Option<Vec<Pubkey>>],
+) -> LoadAndExecuteBundleOutput<'a> {
+    if pre_execution_accounts.len() != post_execution_accounts.len()
+        || post_execution_accounts.len() != bundle.transactions.len()
+    {
+        return LoadAndExecuteBundleOutput {
+            bundle_transaction_results: vec![],
+            result: Err(LoadAndExecuteBundleError::InvalidPreOrPostAccounts),
+            metrics: BundleExecutionMetrics::default(),
+        };
+    }
+
+    let mut binding = AccountOverrides::default();
+    let account_overrides = account_overrides.unwrap_or(&mut binding);
+    if is_simulation {
+        bundle
+            .transactions
+            .iter()
+            .map(|tx| tx.message().account_keys())
+            .for_each(|account_keys| {
+                account_overrides.upsert_account_overrides(
+                    bank.get_account_overrides_for_simulation(&account_keys),
+                );
+
+                // An unfrozen bank's state is always changing.
+                // By taking a snapshot of the accounts we're mocking out grabbing their locks.
+                // **Note** this does not prevent race conditions, just mocks preventing them.
+                if !bank.is_frozen() {
+                    for pk in account_keys.iter() {
+                        // Save on a disk read.
+                        if account_overrides.get(pk).is_none() {
+                            account_overrides.set_account(pk, bank.get_account_shared_data(pk));
+                        }
+                    }
+                }
+            });
+    }
+
+    let mut chunk_start = 0;
+    let start_time = Instant::now();
+
+    let mut bundle_transaction_results = vec![];
+    let mut metrics = BundleExecutionMetrics::default();
+
+    while chunk_start != bundle.transactions.len() {
+        if start_time.elapsed() > *max_processing_time {
+            trace!("bundle: {} took too long to execute", bundle.bundle_id);
+            return LoadAndExecuteBundleOutput {
+                bundle_transaction_results,
+                metrics,
+                result: Err(LoadAndExecuteBundleError::ProcessingTimeExceeded(
+                    start_time.elapsed(),
+                )),
+            };
+        }
+
+        let chunk_end = min(bundle.transactions.len(), chunk_start.saturating_add(128));
+        let chunk = &bundle.transactions[chunk_start..chunk_end];
+
+        // Note: these batches are dropped after execution and before record/commit, which is atypical
+        // compared to BankingStage which holds account locks until record + commit to avoid race conditions with
+        // other BankingStage threads. However, the caller of this method, BundleConsumer, will use BundleAccountLocks
+        // to hold RW locks across all transactions in a bundle until its processed.
+        let batch = if is_simulation {
+            bank.prepare_sequential_sanitized_batch_with_results_for_simulation(chunk)
+        } else {
+            bank.prepare_sequential_sanitized_batch_with_results(chunk)
+        };
+
+        debug!(
+            "bundle: {} batch num locks ok: {}",
+            bundle.bundle_id,
+            batch.lock_results().iter().filter(|lr| lr.is_ok()).count()
+        );
+
+        // /// Bundle locking failed if lock result returns something other than ok or AccountInUse
+        // fn check_bundle_lock_results(batch: &Trans) -> Option<(&SanitizedTransaction, &TransactionError)> {
+        //     self.sanitized_transactions()
+        //         .iter()
+        //         .zip(self.lock_results.iter())
+        //         .find(|(_, lock_result)| {
+        //             !matches!(lock_result, Ok(()) | Err(TransactionError::AccountInUse))
+        //         })
+        //         .map(|(transaction, lock_result)| {
+        //             (
+        //                 transaction,
+        //                 match lock_result {
+        //                     Ok(_) => {
+        //                         // safe here bc the above find will never return Ok
+        //                         unreachable!()
+        //                     }
+        //                     Err(lock_error) => lock_error,
+        //                 },
+        //             )
+        //         })
+        // }
+
+        // Ensures that bundle lock results only return either:
+        // Ok(()) | Err(TransactionError::AccountInUse)
+        // If the error isn't one of those, then error out
+        // if let Some((transaction, lock_failure)) = batch.check_bundle_lock_results() {
+        //     debug!(
+        //         "bundle: {} lock error; signature: {} error: {}",
+        //         bundle.bundle_id,
+        //         transaction.signature(),
+        //         lock_failure
+        //     );
+        //     return LoadAndExecuteBundleOutput {
+        //         bundle_transaction_results,
+        //         metrics,
+        //         result: Err(LoadAndExecuteBundleError::LockError {
+        //             signature: *transaction.signature(),
+        //             transaction_error: lock_failure.clone(),
+        //         }),
+        //     };
+        // }
+        panic!("fixme");
+
+        let mut pre_balance_info = PreBalanceInfo::default();
+        let (_, collect_balances_us) = measure_us!({
+            if transaction_status_sender_enabled {
+                pre_balance_info.native =
+                    bank.collect_balances_with_cache(&batch, Some(account_overrides));
+                pre_balance_info.token = collect_token_balances(
+                    bank,
+                    &batch,
+                    &mut pre_balance_info.mint_decimals,
+                    Some(account_overrides),
+                );
+            }
+        });
+        saturating_add_assign!(metrics.collect_balances_us, collect_balances_us);
+
+        let end = min(
+            chunk_start.saturating_add(batch.sanitized_transactions().len()),
+            pre_execution_accounts.len(),
+        );
+
+        let m = Measure::start("accounts");
+        let accounts_requested = &pre_execution_accounts[chunk_start..end];
+        let pre_tx_execution_accounts =
+            get_account_transactions(bank, account_overrides, accounts_requested, &batch);
+        saturating_add_assign!(metrics.collect_pre_post_accounts_us, m.end_as_us());
+
+        let (mut load_and_execute_transactions_output, load_execute_us) = measure_us!(bank
+            .load_and_execute_transactions(
+                &batch,
+                max_age,
+                &mut metrics.execute_timings,
+                TransactionProcessingConfig {
+                    account_overrides: Some(account_overrides),
+                    check_program_modification_slot: bank.check_program_modification_slot(),
+                    compute_budget: bank.compute_budget(),
+                    log_messages_bytes_limit: *log_messages_bytes_limit,
+                    limit_to_load_programs: true,
+                    recording_config: ExecutionRecordingConfig::new_single_setting(
+                        transaction_status_sender_enabled
+                    ),
+                    transaction_account_lock_limit: Some(bank.get_transaction_account_lock_limit()),
+                },
+            ));
+        debug!(
+            "bundle id: {} loaded_transactions: {:?}",
+            bundle.bundle_id, load_and_execute_transactions_output.loaded_transactions
+        );
+        saturating_add_assign!(metrics.load_execute_us, load_execute_us);
+
+        // All transactions within a bundle are expected to be executable + not fail
+        // If there's any transactions that executed and failed or didn't execute due to
+        // unexpected failures (not locking related), bail out of bundle execution early.
+        if let Err((failing_tx, exec_result)) = check_bundle_execution_results(
+            load_and_execute_transactions_output
+                .execution_results
+                .as_slice(),
+            batch.sanitized_transactions(),
+        ) {
+            // TODO (LB): we should try to return partial results here for successful bundles in a parallel batch.
+            //  given a bundle that write locks the following accounts [[A], [B], [C]]
+            //  when B fails, we could return the execution results for A and C, but leave B out.
+            //  however, if we have bundle that write locks accounts [[A_1], [A_2], [B], [C]] and B fails
+            //  we'll get the results for A_1 but not [A_2], [B], [C] due to the way this loop executes.
+            debug!(
+                "bundle: {} execution error; signature: {} error: {:?}",
+                bundle.bundle_id,
+                failing_tx.signature(),
+                exec_result
+            );
+            return LoadAndExecuteBundleOutput {
+                bundle_transaction_results,
+                metrics,
+                result: Err(LoadAndExecuteBundleError::TransactionError {
+                    signature: *failing_tx.signature(),
+                    execution_result: Box::new(exec_result.clone()),
+                }),
+            };
+        }
+
+        // If none of the transactions were executed, most likely an AccountInUse error
+        // need to retry to ensure that all transactions in the bundle are executed.
+        if !load_and_execute_transactions_output
+            .execution_results
+            .iter()
+            .any(|r| r.was_executed())
+        {
+            saturating_add_assign!(metrics.num_retries, 1);
+            debug!(
+                "bundle: {} no transaction executed, retrying",
+                bundle.bundle_id
+            );
+            continue;
+        }
+
+        // Cache accounts so next iterations of loop can load cached state instead of using
+        // AccountsDB, which will contain stale account state because results aren't committed
+        // to the bank yet.
+        // NOTE: collect_accounts_to_store does not handle any state changes related to
+        // failed, non-nonce transactions.
+        let m = Measure::start("cache");
+
+        let ((last_blockhash, lamports_per_signature), _last_blockhash_us) =
+            measure_us!(bank.last_blockhash_and_lamports_per_signature());
+        let durable_nonce = DurableNonce::from_blockhash(&last_blockhash);
+
+        let accounts = collect_accounts_to_store(
+            batch.sanitized_transactions(),
+            &load_and_execute_transactions_output.execution_results,
+            &mut load_and_execute_transactions_output.loaded_transactions,
+            &durable_nonce,
+            lamports_per_signature,
+        )
+        .0;
+        for (pubkey, data) in accounts {
+            account_overrides.set_account(pubkey, Some(data.clone()));
+        }
+        saturating_add_assign!(metrics.cache_accounts_us, m.end_as_us());
+
+        let end = max(
+            chunk_start.saturating_add(batch.sanitized_transactions().len()),
+            post_execution_accounts.len(),
+        );
+
+        let m = Measure::start("accounts");
+        let accounts_requested = &post_execution_accounts[chunk_start..end];
+        let post_tx_execution_accounts =
+            get_account_transactions(bank, account_overrides, accounts_requested, &batch);
+        saturating_add_assign!(metrics.collect_pre_post_accounts_us, m.end_as_us());
+
+        let ((post_balances, post_token_balances), collect_balances_us) =
+            measure_us!(if transaction_status_sender_enabled {
+                let post_balances =
+                    bank.collect_balances_with_cache(&batch, Some(account_overrides));
+                let post_token_balances = collect_token_balances(
+                    bank,
+                    &batch,
+                    &mut pre_balance_info.mint_decimals,
+                    Some(account_overrides),
+                );
+                (post_balances, post_token_balances)
+            } else {
+                (
+                    TransactionBalances::default(),
+                    TransactionTokenBalances::default(),
+                )
+            });
+        saturating_add_assign!(metrics.collect_balances_us, collect_balances_us);
+
+        let processing_end = batch.lock_results().iter().position(|lr| lr.is_err());
+        if let Some(end) = processing_end {
+            chunk_start = chunk_start.saturating_add(end);
+        } else {
+            chunk_start = chunk_end;
+        }
+
+        bundle_transaction_results.push(BundleTransactionsOutput {
+            transactions: chunk,
+            load_and_execute_transactions_output,
+            pre_balance_info,
+            post_balance_info: (post_balances, post_token_balances),
+            pre_tx_execution_accounts,
+            post_tx_execution_accounts,
+        });
+    }
+
+    LoadAndExecuteBundleOutput {
+        bundle_transaction_results,
+        metrics,
+        result: Ok(()),
+    }
+}
+
+fn get_account_transactions(
+    bank: &Bank,
+    account_overrides: &AccountOverrides,
+    accounts: &[Option<Vec<Pubkey>>],
+    batch: &TransactionBatch,
+) -> Vec<Option<Vec<(Pubkey, AccountSharedData)>>> {
+    let iter = izip!(batch.lock_results().iter(), accounts.iter());
+
+    iter.map(|(lock_result, accounts_requested)| {
+        if lock_result.is_ok() {
+            accounts_requested.as_ref().map(|accounts_requested| {
+                accounts_requested
+                    .iter()
+                    .map(|a| match account_overrides.get(a) {
+                        None => (*a, bank.get_account(a).unwrap_or_default()),
+                        Some(data) => (*a, data.clone()),
+                    })
+                    .collect()
+            })
+        } else {
+            None
+        }
+    })
+    .collect()
+}
+
+#[cfg(test)]
+mod tests {
+    use {
+        crate::bundle_execution::{load_and_execute_bundle, LoadAndExecuteBundleError},
+        assert_matches::assert_matches,
+        solana_ledger::genesis_utils::create_genesis_config,
+        solana_runtime::{bank::Bank, bank_forks::BankForks, genesis_utils::GenesisConfigInfo},
+        solana_sdk::{
+            bundle::{derive_bundle_id_from_sanitized_transactions, SanitizedBundle},
+            clock::MAX_PROCESSING_AGE,
+            pubkey::Pubkey,
+            signature::{Keypair, Signer},
+            system_transaction::transfer,
+            transaction::{SanitizedTransaction, Transaction, TransactionError},
+        },
+        std::{
+            sync::{Arc, Barrier, RwLock},
+            thread::{sleep, spawn},
+            time::Duration,
+        },
+    };
+
+    const MAX_PROCESSING_TIME: Duration = Duration::from_secs(1);
+    const LOG_MESSAGE_BYTES_LIMITS: Option<usize> = Some(100_000);
+    const MINT_AMOUNT_LAMPORTS: u64 = 1_000_000;
+
+    fn create_simple_test_bank(
+        lamports: u64,
+    ) -> (GenesisConfigInfo, Arc<Bank>, Arc<RwLock<BankForks>>) {
+        let genesis_config_info = create_genesis_config(lamports);
+        let (bank, bank_forks) =
+            Bank::new_with_bank_forks_for_tests(&genesis_config_info.genesis_config);
+        (genesis_config_info, bank, bank_forks)
+    }
+
+    fn make_bundle(txs: &[Transaction], bank: &Bank) -> SanitizedBundle {
+        let transactions: Vec<_> = txs
+            .iter()
+            .map(|tx| {
+                SanitizedTransaction::try_from_legacy_transaction(
+                    tx.clone(),
+                    bank.get_reserved_account_keys(),
+                )
+                .unwrap()
+            })
+            .collect();
+
+        let bundle_id = derive_bundle_id_from_sanitized_transactions(&transactions);
+
+        SanitizedBundle {
+            transactions,
+            bundle_id,
+        }
+    }
+
+    fn find_account_index(tx: &Transaction, account: &Pubkey) -> Option<usize> {
+        tx.message
+            .account_keys
+            .iter()
+            .position(|pubkey| account == pubkey)
+    }
+
+    /// A single, valid bundle shall execute successfully and return the correct BundleTransactionsOutput content
+    #[test]
+    fn test_single_transaction_bundle_success() {
+        const TRANSFER_AMOUNT: u64 = 1_000;
+        let (genesis_config_info, bank, _bank_forks) =
+            create_simple_test_bank(MINT_AMOUNT_LAMPORTS);
+        let lamports_per_signature = bank
+            .get_lamports_per_signature_for_blockhash(&genesis_config_info.genesis_config.hash())
+            .unwrap();
+
+        let kp = Keypair::new();
+        let transactions = vec![transfer(
+            &genesis_config_info.mint_keypair,
+            &kp.pubkey(),
+            TRANSFER_AMOUNT,
+            genesis_config_info.genesis_config.hash(),
+        )];
+        let bundle = make_bundle(&transactions, &bank);
+        let default_accounts = vec![None; bundle.transactions.len()];
+
+        let execution_result = load_and_execute_bundle(
+            &bank,
+            &bundle,
+            MAX_PROCESSING_AGE,
+            &MAX_PROCESSING_TIME,
+            true,
+            &LOG_MESSAGE_BYTES_LIMITS,
+            false,
+            None,
+            &default_accounts,
+            &default_accounts,
+        );
+
+        // make sure the bundle succeeded
+        assert!(execution_result.result.is_ok());
+
+        // check to make sure there was one batch returned with one transaction that was the same that was put in
+        assert_eq!(execution_result.bundle_transaction_results.len(), 1);
+        let tx_result = execution_result.bundle_transaction_results.first().unwrap();
+        assert_eq!(tx_result.transactions.len(), 1);
+        assert_eq!(tx_result.transactions[0], bundle.transactions[0]);
+
+        // make sure the transaction executed successfully
+        assert_eq!(
+            tx_result
+                .load_and_execute_transactions_output
+                .execution_results
+                .len(),
+            1
+        );
+        let execution_result = tx_result
+            .load_and_execute_transactions_output
+            .execution_results
+            .first()
+            .unwrap();
+        assert!(execution_result.was_executed());
+        assert!(execution_result.was_executed_successfully());
+
+        // Make sure the post-balances are correct
+        assert_eq!(tx_result.pre_balance_info.native.len(), 1);
+        let post_tx_sol_balances = tx_result.post_balance_info.0.first().unwrap();
+
+        let minter_message_index =
+            find_account_index(&transactions[0], &genesis_config_info.mint_keypair.pubkey())
+                .unwrap();
+        let receiver_message_index = find_account_index(&transactions[0], &kp.pubkey()).unwrap();
+
+        assert_eq!(
+            post_tx_sol_balances[minter_message_index],
+            MINT_AMOUNT_LAMPORTS - lamports_per_signature - TRANSFER_AMOUNT
+        );
+        assert_eq!(
+            post_tx_sol_balances[receiver_message_index],
+            TRANSFER_AMOUNT
+        );
+    }
+
+    /// Test a simple failure
+    #[test]
+    fn test_single_transaction_bundle_fail() {
+        const TRANSFER_AMOUNT: u64 = 1_000;
+        let (genesis_config_info, bank, _bank_forks) =
+            create_simple_test_bank(MINT_AMOUNT_LAMPORTS);
+
+        // kp has no funds, transfer will fail
+        let kp = Keypair::new();
+        let transactions = vec![transfer(
+            &kp,
+            &kp.pubkey(),
+            TRANSFER_AMOUNT,
+            genesis_config_info.genesis_config.hash(),
+        )];
+        let bundle = make_bundle(&transactions, &bank);
+
+        let default_accounts = vec![None; bundle.transactions.len()];
+        let execution_result = load_and_execute_bundle(
+            &bank,
+            &bundle,
+            MAX_PROCESSING_AGE,
+            &MAX_PROCESSING_TIME,
+            true,
+            &LOG_MESSAGE_BYTES_LIMITS,
+            false,
+            None,
+            &default_accounts,
+            &default_accounts,
+        );
+
+        assert_eq!(execution_result.bundle_transaction_results.len(), 0);
+
+        assert!(execution_result.result.is_err());
+
+        match execution_result.result.unwrap_err() {
+            LoadAndExecuteBundleError::ProcessingTimeExceeded(_)
+            | LoadAndExecuteBundleError::LockError { .. }
+            | LoadAndExecuteBundleError::InvalidPreOrPostAccounts => {
+                unreachable!();
+            }
+            LoadAndExecuteBundleError::TransactionError {
+                signature,
+                execution_result,
+            } => {
+                assert_eq!(signature, *bundle.transactions[0].signature());
+                assert!(!execution_result.was_executed());
+            }
+        }
+    }
+
+    /// Tests a multi-tx bundle that succeeds. Checks the returned results
+    #[test]
+    fn test_multi_transaction_bundle_success() {
+        const TRANSFER_AMOUNT_1: u64 = 100_000;
+        const TRANSFER_AMOUNT_2: u64 = 50_000;
+        const TRANSFER_AMOUNT_3: u64 = 10_000;
+        let (genesis_config_info, bank, _bank_forks) =
+            create_simple_test_bank(MINT_AMOUNT_LAMPORTS);
+        let lamports_per_signature = bank
+            .get_lamports_per_signature_for_blockhash(&genesis_config_info.genesis_config.hash())
+            .unwrap();
+
+        // mint transfers 100k to 1
+        // 1 transfers 50k to 2
+        // 2 transfers 10k to 3
+        // should get executed in 3 batches [[1], [2], [3]]
+        let kp1 = Keypair::new();
+        let kp2 = Keypair::new();
+        let kp3 = Keypair::new();
+        let transactions = vec![
+            transfer(
+                &genesis_config_info.mint_keypair,
+                &kp1.pubkey(),
+                TRANSFER_AMOUNT_1,
+                genesis_config_info.genesis_config.hash(),
+            ),
+            transfer(
+                &kp1,
+                &kp2.pubkey(),
+                TRANSFER_AMOUNT_2,
+                genesis_config_info.genesis_config.hash(),
+            ),
+            transfer(
+                &kp2,
+                &kp3.pubkey(),
+                TRANSFER_AMOUNT_3,
+                genesis_config_info.genesis_config.hash(),
+            ),
+        ];
+        let bundle = make_bundle(&transactions, &bank);
+
+        let default_accounts = vec![None; bundle.transactions.len()];
+        let execution_result = load_and_execute_bundle(
+            &bank,
+            &bundle,
+            MAX_PROCESSING_AGE,
+            &MAX_PROCESSING_TIME,
+            true,
+            &LOG_MESSAGE_BYTES_LIMITS,
+            false,
+            None,
+            &default_accounts,
+            &default_accounts,
+        );
+
+        assert!(execution_result.result.is_ok());
+        assert_eq!(execution_result.bundle_transaction_results.len(), 3);
+
+        // first batch contains the first tx that was executed
+        assert_eq!(
+            execution_result.bundle_transaction_results[0].transactions,
+            bundle.transactions
+        );
+        assert_eq!(
+            execution_result.bundle_transaction_results[0]
+                .load_and_execute_transactions_output
+                .execution_results
+                .len(),
+            3
+        );
+        assert!(execution_result.bundle_transaction_results[0]
+            .load_and_execute_transactions_output
+            .execution_results[0]
+            .was_executed_successfully());
+        assert_eq!(
+            execution_result.bundle_transaction_results[0]
+                .load_and_execute_transactions_output
+                .execution_results[1]
+                .flattened_result(),
+            Err(TransactionError::AccountInUse)
+        );
+        assert_eq!(
+            execution_result.bundle_transaction_results[0]
+                .load_and_execute_transactions_output
+                .execution_results[2]
+                .flattened_result(),
+            Err(TransactionError::AccountInUse)
+        );
+        assert_eq!(
+            execution_result.bundle_transaction_results[0]
+                .pre_balance_info
+                .native
+                .len(),
+            3
+        );
+        assert_eq!(
+            execution_result.bundle_transaction_results[0]
+                .post_balance_info
+                .0
+                .len(),
+            3
+        );
+
+        let minter_index =
+            find_account_index(&transactions[0], &genesis_config_info.mint_keypair.pubkey())
+                .unwrap();
+        let kp1_index = find_account_index(&transactions[0], &kp1.pubkey()).unwrap();
+
+        assert_eq!(
+            execution_result.bundle_transaction_results[0]
+                .post_balance_info
+                .0[0][minter_index],
+            MINT_AMOUNT_LAMPORTS - lamports_per_signature - TRANSFER_AMOUNT_1
+        );
+
+        assert_eq!(
+            execution_result.bundle_transaction_results[0]
+                .post_balance_info
+                .0[0][kp1_index],
+            TRANSFER_AMOUNT_1
+        );
+
+        // in the second batch, the second transaction was executed
+        assert_eq!(
+            execution_result.bundle_transaction_results[1]
+                .transactions
+                .to_owned(),
+            bundle.transactions[1..]
+        );
+        assert_eq!(
+            execution_result.bundle_transaction_results[1]
+                .load_and_execute_transactions_output
+                .execution_results
+                .len(),
+            2
+        );
+        assert!(execution_result.bundle_transaction_results[1]
+            .load_and_execute_transactions_output
+            .execution_results[0]
+            .was_executed_successfully());
+        assert_eq!(
+            execution_result.bundle_transaction_results[1]
+                .load_and_execute_transactions_output
+                .execution_results[1]
+                .flattened_result(),
+            Err(TransactionError::AccountInUse)
+        );
+
+        assert_eq!(
+            execution_result.bundle_transaction_results[1]
+                .pre_balance_info
+                .native
+                .len(),
+            2
+        );
+        assert_eq!(
+            execution_result.bundle_transaction_results[1]
+                .post_balance_info
+                .0
+                .len(),
+            2
+        );
+
+        let kp1_index = find_account_index(&transactions[1], &kp1.pubkey()).unwrap();
+        let kp2_index = find_account_index(&transactions[1], &kp2.pubkey()).unwrap();
+
+        assert_eq!(
+            execution_result.bundle_transaction_results[1]
+                .post_balance_info
+                .0[0][kp1_index],
+            TRANSFER_AMOUNT_1 - lamports_per_signature - TRANSFER_AMOUNT_2
+        );
+
+        assert_eq!(
+            execution_result.bundle_transaction_results[1]
+                .post_balance_info
+                .0[0][kp2_index],
+            TRANSFER_AMOUNT_2
+        );
+
+        // in the third batch, the third transaction was executed
+        assert_eq!(
+            execution_result.bundle_transaction_results[2]
+                .transactions
+                .to_owned(),
+            bundle.transactions[2..]
+        );
+        assert_eq!(
+            execution_result.bundle_transaction_results[2]
+                .load_and_execute_transactions_output
+                .execution_results
+                .len(),
+            1
+        );
+        assert!(execution_result.bundle_transaction_results[2]
+            .load_and_execute_transactions_output
+            .execution_results[0]
+            .was_executed_successfully());
+
+        assert_eq!(
+            execution_result.bundle_transaction_results[2]
+                .pre_balance_info
+                .native
+                .len(),
+            1
+        );
+        assert_eq!(
+            execution_result.bundle_transaction_results[2]
+                .post_balance_info
+                .0
+                .len(),
+            1
+        );
+
+        let kp2_index = find_account_index(&transactions[2], &kp2.pubkey()).unwrap();
+        let kp3_index = find_account_index(&transactions[2], &kp3.pubkey()).unwrap();
+
+        assert_eq!(
+            execution_result.bundle_transaction_results[2]
+                .post_balance_info
+                .0[0][kp2_index],
+            TRANSFER_AMOUNT_2 - lamports_per_signature - TRANSFER_AMOUNT_3
+        );
+
+        assert_eq!(
+            execution_result.bundle_transaction_results[2]
+                .post_balance_info
+                .0[0][kp3_index],
+            TRANSFER_AMOUNT_3
+        );
+    }
+
+    /// Tests a multi-tx bundle with the middle transaction failing.
+    #[test]
+    fn test_multi_transaction_bundle_fails() {
+        let (genesis_config_info, bank, _bank_forks) =
+            create_simple_test_bank(MINT_AMOUNT_LAMPORTS);
+
+        let kp1 = Keypair::new();
+        let kp2 = Keypair::new();
+        let kp3 = Keypair::new();
+        let transactions = vec![
+            transfer(
+                &genesis_config_info.mint_keypair,
+                &kp1.pubkey(),
+                100_000,
+                genesis_config_info.genesis_config.hash(),
+            ),
+            transfer(
+                &kp2,
+                &kp3.pubkey(),
+                100_000,
+                genesis_config_info.genesis_config.hash(),
+            ),
+            transfer(
+                &kp1,
+                &kp2.pubkey(),
+                100_000,
+                genesis_config_info.genesis_config.hash(),
+            ),
+        ];
+        let bundle = make_bundle(&transactions, &bank);
+
+        let default_accounts = vec![None; bundle.transactions.len()];
+        let execution_result = load_and_execute_bundle(
+            &bank,
+            &bundle,
+            MAX_PROCESSING_AGE,
+            &MAX_PROCESSING_TIME,
+            true,
+            &LOG_MESSAGE_BYTES_LIMITS,
+            false,
+            None,
+            &default_accounts,
+            &default_accounts,
+        );
+        match execution_result.result.as_ref().unwrap_err() {
+            LoadAndExecuteBundleError::ProcessingTimeExceeded(_)
+            | LoadAndExecuteBundleError::LockError { .. }
+            | LoadAndExecuteBundleError::InvalidPreOrPostAccounts => {
+                unreachable!();
+            }
+
+            LoadAndExecuteBundleError::TransactionError {
+                signature,
+                execution_result: tx_failure,
+            } => {
+                assert_eq!(signature, bundle.transactions[1].signature());
+                assert_eq!(
+                    tx_failure.flattened_result(),
+                    Err(TransactionError::AccountNotFound)
+                );
+                assert_eq!(execution_result.bundle_transaction_results().len(), 0);
+            }
+        }
+    }
+
+    /// Tests that when the max processing time is exceeded, the bundle is an error
+    #[test]
+    fn test_bundle_max_processing_time_exceeded() {
+        let (genesis_config_info, bank, _bank_forks) =
+            create_simple_test_bank(MINT_AMOUNT_LAMPORTS);
+
+        let kp = Keypair::new();
+        let transactions = vec![transfer(
+            &genesis_config_info.mint_keypair,
+            &kp.pubkey(),
+            1,
+            genesis_config_info.genesis_config.hash(),
+        )];
+        let bundle = make_bundle(&transactions, &bank);
+
+        let locked_transfer = vec![SanitizedTransaction::from_transaction_for_tests(transfer(
+            &genesis_config_info.mint_keypair,
+            &kp.pubkey(),
+            2,
+            genesis_config_info.genesis_config.hash(),
+        ))];
+
+        // locks it and prevents execution bc write lock on genesis_config_info.mint_keypair + kp.pubkey() held
+        let _batch = bank.prepare_sanitized_batch(&locked_transfer);
+
+        let default = vec![None; bundle.transactions.len()];
+        let result = load_and_execute_bundle(
+            &bank,
+            &bundle,
+            MAX_PROCESSING_AGE,
+            &Duration::from_millis(100),
+            false,
+            &None,
+            false,
+            None,
+            &default,
+            &default,
+        );
+        assert_matches!(
+            result.result,
+            Err(LoadAndExecuteBundleError::ProcessingTimeExceeded(_))
+        );
+    }
+
+    #[test]
+    fn test_simulate_bundle_with_locked_account_works() {
+        let (genesis_config_info, bank, _bank_forks) =
+            create_simple_test_bank(MINT_AMOUNT_LAMPORTS);
+
+        let kp = Keypair::new();
+        let transactions = vec![transfer(
+            &genesis_config_info.mint_keypair,
+            &kp.pubkey(),
+            1,
+            genesis_config_info.genesis_config.hash(),
+        )];
+        let bundle = make_bundle(&transactions, &bank);
+
+        let locked_transfer = vec![SanitizedTransaction::from_transaction_for_tests(transfer(
+            &genesis_config_info.mint_keypair,
+            &kp.pubkey(),
+            2,
+            genesis_config_info.genesis_config.hash(),
+        ))];
+
+        let _batch = bank.prepare_sanitized_batch(&locked_transfer);
+
+        // simulation ignores account locks so you can simulate bundles on unfrozen banks
+        let default = vec![None; bundle.transactions.len()];
+        let result = load_and_execute_bundle(
+            &bank,
+            &bundle,
+            MAX_PROCESSING_AGE,
+            &Duration::from_millis(100),
+            false,
+            &None,
+            true,
+            None,
+            &default,
+            &default,
+        );
+        assert!(result.result.is_ok());
+    }
+
+    /// Creates a multi-tx bundle and temporarily locks the accounts for one of the transactions in a bundle.
+    /// Ensures the result is what's expected
+    #[test]
+    fn test_bundle_works_with_released_account_locks() {
+        let (genesis_config_info, bank, _bank_forks) =
+            create_simple_test_bank(MINT_AMOUNT_LAMPORTS);
+        let barrier = Arc::new(Barrier::new(2));
+
+        let kp = Keypair::new();
+
+        let transactions = vec![transfer(
+            &genesis_config_info.mint_keypair,
+            &kp.pubkey(),
+            1,
+            genesis_config_info.genesis_config.hash(),
+        )];
+        let bundle = make_bundle(&transactions, &bank);
+
+        let locked_transfer = vec![SanitizedTransaction::from_transaction_for_tests(transfer(
+            &genesis_config_info.mint_keypair,
+            &kp.pubkey(),
+            2,
+            genesis_config_info.genesis_config.hash(),
+        ))];
+
+        // background thread locks the accounts for a bit then unlocks them
+        let thread = {
+            let barrier = barrier.clone();
+            let bank = bank.clone();
+            spawn(move || {
+                let batch = bank.prepare_sanitized_batch(&locked_transfer);
+                barrier.wait();
+                sleep(Duration::from_millis(500));
+                drop(batch);
+            })
+        };
+
+        let _ = barrier.wait();
+
+        // load_and_execute_bundle should spin for a bit then process after the 500ms sleep is over
+        let default = vec![None; bundle.transactions.len()];
+        let result = load_and_execute_bundle(
+            &bank,
+            &bundle,
+            MAX_PROCESSING_AGE,
+            &Duration::from_secs(2),
+            false,
+            &None,
+            false,
+            None,
+            &default,
+            &default,
+        );
+        assert!(result.result.is_ok());
+
+        thread.join().unwrap();
+    }
+
+    /// Tests that when the max processing time is exceeded, the bundle is an error
+    #[test]
+    fn test_bundle_bad_pre_post_accounts() {
+        const PRE_EXECUTION_ACCOUNTS: [Option<Vec<Pubkey>>; 2] = [None, None];
+        let (genesis_config_info, bank, _bank_forks) =
+            create_simple_test_bank(MINT_AMOUNT_LAMPORTS);
+
+        let kp = Keypair::new();
+        let transactions = vec![transfer(
+            &genesis_config_info.mint_keypair,
+            &kp.pubkey(),
+            1,
+            genesis_config_info.genesis_config.hash(),
+        )];
+        let bundle = make_bundle(&transactions, &bank);
+
+        let result = load_and_execute_bundle(
+            &bank,
+            &bundle,
+            MAX_PROCESSING_AGE,
+            &Duration::from_millis(100),
+            false,
+            &None,
+            false,
+            None,
+            &PRE_EXECUTION_ACCOUNTS,
+            &vec![None; bundle.transactions.len()],
+        );
+        assert_matches!(
+            result.result,
+            Err(LoadAndExecuteBundleError::InvalidPreOrPostAccounts)
+        );
+
+        let result = load_and_execute_bundle(
+            &bank,
+            &bundle,
+            MAX_PROCESSING_AGE,
+            &Duration::from_millis(100),
+            false,
+            &None,
+            false,
+            None,
+            &vec![None; bundle.transactions.len()],
+            &PRE_EXECUTION_ACCOUNTS,
+        );
+        assert_matches!(
+            result.result,
+            Err(LoadAndExecuteBundleError::InvalidPreOrPostAccounts)
+        );
+    }
+}
diff --git a/bundle/src/lib.rs b/bundle/src/lib.rs
new file mode 100644
index 0000000000..a93e0d3d17
--- /dev/null
+++ b/bundle/src/lib.rs
@@ -0,0 +1,60 @@
+use {
+    crate::bundle_execution::LoadAndExecuteBundleError,
+    anchor_lang::error::Error,
+    serde::{Deserialize, Serialize},
+    solana_poh::poh_recorder::PohRecorderError,
+    solana_sdk::pubkey::Pubkey,
+    thiserror::Error,
+};
+
+pub mod bundle_execution;
+
+#[derive(Error, Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub enum TipError {
+    #[error("account is missing from bank: {0}")]
+    AccountMissing(Pubkey),
+
+    #[error("Anchor error: {0}")]
+    AnchorError(String),
+
+    #[error("Lock error")]
+    LockError,
+
+    #[error("Error executing initialize programs")]
+    InitializeProgramsError,
+
+    #[error("Error cranking tip programs")]
+    CrankTipError,
+}
+
+impl From<anchor_lang::error::Error> for TipError {
+    fn from(anchor_err: Error) -> Self {
+        match anchor_err {
+            Error::AnchorError(e) => Self::AnchorError(e.error_msg),
+            Error::ProgramError(e) => Self::AnchorError(e.to_string()),
+        }
+    }
+}
+
+pub type BundleExecutionResult<T> = Result<T, BundleExecutionError>;
+
+#[derive(Error, Debug, Clone)]
+pub enum BundleExecutionError {
+    #[error("The bank has hit the max allotted time for processing transactions")]
+    BankProcessingTimeLimitReached,
+
+    #[error("The bundle exceeds the cost model")]
+    ExceedsCostModel,
+
+    #[error("Runtime error while executing the bundle: {0}")]
+    TransactionFailure(#[from] LoadAndExecuteBundleError),
+
+    #[error("Error locking bundle because a transaction is malformed")]
+    LockError,
+
+    #[error("PoH record error: {0}")]
+    PohRecordError(#[from] PohRecorderError),
+
+    #[error("Tip payment error {0}")]
+    TipError(#[from] TipError),
+}
diff --git a/ci/buildkite-pipeline-in-disk.sh b/ci/buildkite-pipeline-in-disk.sh
index 81b084ea75..c5877ee6f5 100755
--- a/ci/buildkite-pipeline-in-disk.sh
+++ b/ci/buildkite-pipeline-in-disk.sh
@@ -289,7 +289,7 @@ if [[ -n $BUILDKITE_TAG ]]; then
   start_pipeline "Tag pipeline for $BUILDKITE_TAG"
 
   annotate --style info --context release-tag \
-    "https://github.com/anza-xyz/agave/releases/$BUILDKITE_TAG"
+    "https://github.com/jito-foundation/jito-solana/releases/$BUILDKITE_TAG"
 
   # Jump directly to the secondary build to publish release artifacts quickly
   trigger_secondary_step
@@ -307,7 +307,7 @@ if [[ $BUILDKITE_BRANCH =~ ^pull ]]; then
 
   # Add helpful link back to the corresponding Github Pull Request
   annotate --style info --context pr-backlink \
-    "Github Pull Request: https://github.com/anza-xyz/agave/$BUILDKITE_BRANCH"
+    "Github Pull Request: https://github.com/jito-foundation/jito-solana/$BUILDKITE_BRANCH"
 
   pull_or_push_steps
   exit 0
diff --git a/ci/buildkite-pipeline.sh b/ci/buildkite-pipeline.sh
index 7f7063bc2e..b28a4aa183 100755
--- a/ci/buildkite-pipeline.sh
+++ b/ci/buildkite-pipeline.sh
@@ -350,7 +350,7 @@ if [[ -n $BUILDKITE_TAG ]]; then
   start_pipeline "Tag pipeline for $BUILDKITE_TAG"
 
   annotate --style info --context release-tag \
-    "https://github.com/anza-xyz/agave/releases/$BUILDKITE_TAG"
+    "https://github.com/jito-foundation/jito-solana/releases/$BUILDKITE_TAG"
 
   # Jump directly to the secondary build to publish release artifacts quickly
   trigger_secondary_step
@@ -368,7 +368,7 @@ if [[ $BUILDKITE_BRANCH =~ ^pull ]]; then
 
   # Add helpful link back to the corresponding Github Pull Request
   annotate --style info --context pr-backlink \
-    "Github Pull Request: https://github.com/anza-xyz/agave/$BUILDKITE_BRANCH"
+    "Github Pull Request: https://github.com/jito-foundation/jito-solana/$BUILDKITE_BRANCH"
 
   pull_or_push_steps
   exit 0
diff --git a/ci/buildkite-secondary.yml b/ci/buildkite-secondary.yml
index c43c7ee449..627a73b2c2 100644
--- a/ci/buildkite-secondary.yml
+++ b/ci/buildkite-secondary.yml
@@ -18,34 +18,34 @@ steps:
     agents:
       queue: "release-build"
     timeout_in_minutes: 5
-  - wait
-  - name: "publish docker"
-    command: "sdk/docker-solana/build.sh"
-    agents:
-      queue: "release-build"
-    timeout_in_minutes: 60
-  - name: "publish crate"
-    command: "ci/publish-crate.sh"
-    agents:
-      queue: "release-build"
-    retry:
-      manual:
-        permit_on_passed: true
-    timeout_in_minutes: 240
-    branches: "!master"
-  - name: "publish tarball (aarch64-apple-darwin)"
-    command: "ci/publish-tarball.sh"
-    agents:
-      queue: "release-build-aarch64-apple-darwin"
-    retry:
-      manual:
-        permit_on_passed: true
-    timeout_in_minutes: 60
-  - name: "publish tarball (x86_64-apple-darwin)"
-    command: "ci/publish-tarball.sh"
-    agents:
-      queue: "release-build-x86_64-apple-darwin"
-    retry:
-      manual:
-        permit_on_passed: true
-    timeout_in_minutes: 60
+#  - wait
+#  - name: "publish docker"
+#    command: "sdk/docker-solana/build.sh"
+#    agents:
+#      queue: "release-build"
+#    timeout_in_minutes: 60
+#  - name: "publish crate"
+#    command: "ci/publish-crate.sh"
+#    agents:
+#      queue: "release-build"
+#    retry:
+#      manual:
+#        permit_on_passed: true
+#    timeout_in_minutes: 240
+#    branches: "!master"
+#  - name: "publish tarball (aarch64-apple-darwin)"
+#    command: "ci/publish-tarball.sh"
+#    agents:
+#      queue: "release-build-aarch64-apple-darwin"
+#    retry:
+#      manual:
+#        permit_on_passed: true
+#    timeout_in_minutes: 60
+#  - name: "publish tarball (x86_64-apple-darwin)"
+#    command: "ci/publish-tarball.sh"
+#    agents:
+#      queue: "release-build-x86_64-apple-darwin"
+#    retry:
+#      manual:
+#        permit_on_passed: true
+#    timeout_in_minutes: 60
diff --git a/ci/buildkite-solana-private.sh b/ci/buildkite-solana-private.sh
index c412c93257..252cbc43ab 100755
--- a/ci/buildkite-solana-private.sh
+++ b/ci/buildkite-solana-private.sh
@@ -254,7 +254,7 @@ pull_or_push_steps() {
 #   start_pipeline "Tag pipeline for $BUILDKITE_TAG"
 
 #   annotate --style info --context release-tag \
-#     "https://github.com/solana-labs/solana/releases/$BUILDKITE_TAG"
+#     "https://github.com/jito-foundation/jito-solana/releases/$BUILDKITE_TAG"
 
 #   # Jump directly to the secondary build to publish release artifacts quickly
 #   trigger_secondary_step
@@ -272,7 +272,7 @@ if [[ $BUILDKITE_BRANCH =~ ^pull ]]; then
 
   # Add helpful link back to the corresponding Github Pull Request
   annotate --style info --context pr-backlink \
-    "Github Pull Request: https://github.com/anza-xyz/agave/$BUILDKITE_BRANCH"
+    "Github Pull Request: https://github.com/jito-foundation/jito-solana/$BUILDKITE_BRANCH"
 
   pull_or_push_steps
   exit 0
diff --git a/ci/channel-info.sh b/ci/channel-info.sh
index 2bb8083656..101583307f 100755
--- a/ci/channel-info.sh
+++ b/ci/channel-info.sh
@@ -11,7 +11,7 @@ here="$(dirname "$0")"
 # shellcheck source=ci/semver_bash/semver.sh
 source "$here"/semver_bash/semver.sh
 
-remote=https://github.com/anza-xyz/agave.git
+remote=https://github.com/jito-foundation/jito-solana.git
 
 # Fetch all vX.Y.Z tags
 #
diff --git a/ci/check-crates.sh b/ci/check-crates.sh
index 4f407824a3..802fe7b63c 100755
--- a/ci/check-crates.sh
+++ b/ci/check-crates.sh
@@ -31,6 +31,9 @@ printf "%s\n" "${files[@]}"
 error_count=0
 for file in "${files[@]}"; do
   read -r crate_name package_publish workspace < <(toml get "$file" . | jq -r '(.package.name | tostring)+" "+(.package.publish | tostring)+" "+(.workspace | tostring)')
+  if [ "$crate_name" == "solana-bundle" ]; then
+    continue
+  fi
   echo "=== $crate_name ($file) ==="
 
   if [[ $package_publish = 'false' ]]; then
diff --git a/ci/publish-installer.sh b/ci/publish-installer.sh
index f7d98ffd5d..2caf990037 100755
--- a/ci/publish-installer.sh
+++ b/ci/publish-installer.sh
@@ -26,14 +26,20 @@ fi
 # upload install script
 source ci/upload-ci-artifact.sh
 
-cat >release.anza.xyz-install <<EOF
+cat >release.jito.wtf-install <<EOF
 SOLANA_RELEASE=$CHANNEL_OR_TAG
 SOLANA_INSTALL_INIT_ARGS=$CHANNEL_OR_TAG
-SOLANA_DOWNLOAD_ROOT=https://release.anza.xyz
+SOLANA_DOWNLOAD_ROOT=https://release.jito.wtf
 EOF
-cat install/agave-install-init.sh >>release.anza.xyz-install
+cat install/agave-install-init.sh >>release.jito.wtf-install
 
 echo --- GCS: "install"
-upload-gcs-artifact "/solana/release.anza.xyz-install" "gs://anza-release/$CHANNEL_OR_TAG/install"
+upload-gcs-artifact "/solana/release.jito.wtf-install" "gs://jito-release/$CHANNEL_OR_TAG/install"
+
+# Jito added - releases need to support S3
+echo --- AWS S3 Store: "install"
+upload-s3-artifact "/solana/release.jito.wtf-install" "s3://release.jito.wtf/$CHANNEL_OR_TAG/install"
+
 echo Published to:
-ci/format-url.sh https://release.anza.xyz/"$CHANNEL_OR_TAG"/install
+ci/format-url.sh https://release.jito.wtf/"$CHANNEL_OR_TAG"/install
+
diff --git a/ci/publish-tarball.sh b/ci/publish-tarball.sh
index 4746e9fb2f..abad4f4209 100755
--- a/ci/publish-tarball.sh
+++ b/ci/publish-tarball.sh
@@ -119,10 +119,14 @@ for file in "${TARBALL_BASENAME}"-$TARGET.tar.bz2 "${TARBALL_BASENAME}"-$TARGET.
 
   if [[ -n $BUILDKITE ]]; then
     echo --- GCS Store: "$file"
-    upload-gcs-artifact "/solana/$file" gs://anza-release/"$CHANNEL_OR_TAG"/"$file"
+    upload-gcs-artifact "/solana/$file" gs://jito-release/"$CHANNEL_OR_TAG"/"$file"
+
+    # Jito added - releases need to support S3
+    echo --- AWS S3 Store: "$file"
+    upload-s3-artifact "/solana/$file" s3://release.jito.wtf/"$CHANNEL_OR_TAG"/"$file"
 
     echo Published to:
-    $DRYRUN ci/format-url.sh https://release.anza.xyz/"$CHANNEL_OR_TAG"/"$file"
+    $DRYRUN ci/format-url.sh https://release.jito.wtf/"$CHANNEL_OR_TAG"/"$file"
 
     if [[ -n $TAG ]]; then
       ci/upload-github-release-asset.sh "$file"
diff --git a/ci/test-coverage.sh b/ci/test-coverage.sh
index f4288285a4..323241b294 100755
--- a/ci/test-coverage.sh
+++ b/ci/test-coverage.sh
@@ -40,5 +40,5 @@ else
   codecov -t "${CODECOV_TOKEN}" --dir "$here/../target/cov/${SHORT_CI_COMMIT}"
 
   annotate --style success --context codecov.io \
-    "CodeCov report: https://codecov.io/github/anza-xyz/agave/commit/$CI_COMMIT"
+    "CodeCov report: https://codecov.io/github/jito-foundation/jito-solana/commit/$CI_COMMIT"
 fi
diff --git a/ci/upload-github-release-asset.sh b/ci/upload-github-release-asset.sh
index 229fb8993e..fb4de1af9e 100755
--- a/ci/upload-github-release-asset.sh
+++ b/ci/upload-github-release-asset.sh
@@ -26,7 +26,7 @@ fi
 # Force CI_REPO_SLUG since sometimes
 # BUILDKITE_TRIGGERED_FROM_BUILD_PIPELINE_SLUG is not set correctly, causing the
 # artifact upload to fail
-CI_REPO_SLUG=anza-xyz/agave
+CI_REPO_SLUG=jito-foundation/jito-solana
 #if [[ -z $CI_REPO_SLUG ]]; then
 #  echo Error: CI_REPO_SLUG not defined
 #  exit 1
diff --git a/core/Cargo.toml b/core/Cargo.toml
index bba797068b..be605f925e 100644
--- a/core/Cargo.toml
+++ b/core/Cargo.toml
@@ -15,6 +15,7 @@ codecov = { repository = "solana-labs/solana", branch = "master", service = "git
 
 [dependencies]
 ahash = { workspace = true }
+anchor-lang = { workspace = true }
 anyhow = { workspace = true }
 arrayvec = { workspace = true }
 base64 = { workspace = true }
@@ -28,12 +29,17 @@ etcd-client = { workspace = true, features = ["tls"] }
 futures = { workspace = true }
 histogram = { workspace = true }
 itertools = { workspace = true }
+jito-protos = { workspace = true }
+jito-tip-distribution = { workspace = true }
+jito-tip-payment = { workspace = true }
 lazy_static = { workspace = true }
 log = { workspace = true }
 lru = { workspace = true }
 min-max-heap = { workspace = true }
 num_enum = { workspace = true }
 prio-graph = { workspace = true }
+prost = { workspace = true }
+prost-types = { workspace = true }
 qualifier_attr = { workspace = true }
 quinn = { workspace = true }
 rand = { workspace = true }
@@ -48,6 +54,7 @@ slab = { workspace = true }
 solana-accounts-db = { workspace = true }
 solana-bloom = { workspace = true }
 solana-builtins-default-costs = { workspace = true }
+solana-bundle = { workspace = true }
 solana-client = { workspace = true }
 solana-compute-budget = { workspace = true }
 solana-compute-budget-instruction = { workspace = true }
@@ -76,6 +83,7 @@ solana-rpc = { workspace = true }
 solana-rpc-client-api = { workspace = true }
 solana-runtime = { workspace = true }
 solana-runtime-transaction = { workspace = true }
+solana-runtime-plugin = { workspace = true }
 solana-sanitize = { workspace = true }
 solana-sdk = { workspace = true }
 solana-sdk-ids = { workspace = true }
@@ -100,6 +108,7 @@ sys-info = { workspace = true }
 tempfile = { workspace = true }
 thiserror = { workspace = true }
 tokio = { workspace = true, features = ["full"] }
+tonic = { workspace = true }
 trees = { workspace = true }
 
 [dev-dependencies]
@@ -107,9 +116,11 @@ assert_matches = { workspace = true }
 fs_extra = { workspace = true }
 serde_json = { workspace = true }
 serial_test = { workspace = true }
+solana-accounts-db = { workspace = true }
 # See order-crates-for-publishing.py for using this unusual `path = "."`
 solana-address-lookup-table-program = { workspace = true }
 solana-compute-budget-program = { workspace = true }
+solana-bundle = { workspace = true }
 solana-core = { path = ".", features = ["dev-context-only-utils"] }
 solana-cost-model = { workspace = true, features = ["dev-context-only-utils"] }
 solana-ledger = { workspace = true, features = ["dev-context-only-utils"] }
@@ -117,6 +128,8 @@ solana-logger = { workspace = true }
 solana-net-utils = { workspace = true, features = ["dev-context-only-utils"] }
 solana-poh = { workspace = true, features = ["dev-context-only-utils"] }
 solana-program-runtime = { workspace = true }
+solana-program-test = { workspace = true }
+solana-runtime = { workspace = true, features = ["dev-context-only-utils"] }
 solana-sdk = { workspace = true, features = ["dev-context-only-utils"] }
 solana-stake-program = { workspace = true }
 solana-system-program = { workspace = true }
@@ -132,6 +145,9 @@ test-case = { workspace = true }
 [target."cfg(unix)".dependencies]
 sysctl = { workspace = true }
 
+[build-dependencies]
+tonic-build = { workspace = true }
+
 [features]
 dev-context-only-utils = [
     "solana-perf/dev-context-only-utils",
diff --git a/core/benches/banking_stage.rs b/core/benches/banking_stage.rs
index 0f449719ce..ffe5692c1c 100644
--- a/core/benches/banking_stage.rs
+++ b/core/benches/banking_stage.rs
@@ -25,6 +25,7 @@ use {
             BankingStage, BankingStageStats,
         },
         banking_trace::{BankingPacketBatch, BankingTracer},
+        bundle_stage::bundle_account_locker::BundleAccountLocker,
     },
     solana_entry::entry::{next_hash, Entry},
     solana_gossip::cluster_info::{ClusterInfo, Node},
@@ -54,6 +55,7 @@ use {
     },
     solana_streamer::socket::SocketAddrSpace,
     std::{
+        collections::HashSet,
         iter::repeat_with,
         sync::{atomic::Ordering, Arc},
         time::{Duration, Instant},
@@ -65,8 +67,15 @@ fn check_txs(receiver: &Arc<Receiver<WorkingBankEntry>>, ref_tx_count: usize) {
     let mut total = 0;
     let now = Instant::now();
     loop {
-        if let Ok((_bank, (entry, _tick_height))) = receiver.recv_timeout(Duration::new(1, 0)) {
-            total += entry.transactions.len();
+        if let Ok(WorkingBankEntry {
+            bank: _,
+            entries_ticks,
+        }) = receiver.recv_timeout(Duration::new(1, 0))
+        {
+            total += entries_ticks
+                .iter()
+                .map(|e| e.0.transactions.len())
+                .sum::<usize>();
         }
         if total >= ref_tx_count {
             break;
@@ -110,7 +119,14 @@ fn bench_consume_buffered(bencher: &mut Bencher) {
     );
     let (s, _r) = unbounded();
     let committer = Committer::new(None, s, Arc::new(PrioritizationFeeCache::new(0u64)));
-    let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+    let consumer = Consumer::new(
+        committer,
+        recorder,
+        QosService::new(1),
+        None,
+        HashSet::default(),
+        BundleAccountLocker::default(),
+    );
     // This tests the performance of buffering packets.
     // If the packet buffers are copied, performance will be poor.
     bencher.iter(move || {
@@ -304,6 +320,8 @@ fn bench_banking(bencher: &mut Bencher, tx_type: TransactionType) {
         bank_forks,
         &Arc::new(PrioritizationFeeCache::new(0u64)),
         false,
+        HashSet::default(),
+        BundleAccountLocker::default(),
     );
 
     let chunk_len = verified.len() / CHUNKS;
diff --git a/core/benches/consumer.rs b/core/benches/consumer.rs
index 3a89cdfd39..6d6d6f8c4b 100644
--- a/core/benches/consumer.rs
+++ b/core/benches/consumer.rs
@@ -7,16 +7,16 @@ use {
         iter::IndexedParallelIterator,
         prelude::{IntoParallelIterator, IntoParallelRefIterator, ParallelIterator},
     },
-    solana_core::banking_stage::{
-        committer::Committer, consumer::Consumer, qos_service::QosService,
+    solana_core::{
+        banking_stage::{committer::Committer, consumer::Consumer, qos_service::QosService},
+        bundle_stage::bundle_account_locker::BundleAccountLocker,
     },
-    solana_entry::entry::Entry,
     solana_ledger::{
         blockstore::Blockstore,
         genesis_utils::{create_genesis_config, GenesisConfigInfo},
     },
     solana_poh::{
-        poh_recorder::{create_test_recorder, PohRecorder},
+        poh_recorder::{create_test_recorder, PohRecorder, WorkingBankEntry},
         poh_service::PohService,
     },
     solana_runtime::{bank::Bank, bank_forks::BankForks},
@@ -29,9 +29,12 @@ use {
         system_program, system_transaction,
         transaction::SanitizedTransaction,
     },
-    std::sync::{
-        atomic::{AtomicBool, Ordering},
-        Arc, RwLock,
+    std::{
+        collections::HashSet,
+        sync::{
+            atomic::{AtomicBool, Ordering},
+            Arc, RwLock,
+        },
     },
     tempfile::TempDir,
     test::Bencher,
@@ -85,7 +88,14 @@ fn create_consumer(poh_recorder: &RwLock<PohRecorder>) -> Consumer {
     let (replay_vote_sender, _replay_vote_receiver) = unbounded();
     let committer = Committer::new(None, replay_vote_sender, Arc::default());
     let transaction_recorder = poh_recorder.read().unwrap().new_recorder();
-    Consumer::new(committer, transaction_recorder, QosService::new(0), None)
+    Consumer::new(
+        committer,
+        transaction_recorder,
+        QosService::new(0),
+        None,
+        HashSet::default(),
+        BundleAccountLocker::default(),
+    )
 }
 
 struct BenchFrame {
@@ -95,7 +105,7 @@ struct BenchFrame {
     exit: Arc<AtomicBool>,
     poh_recorder: Arc<RwLock<PohRecorder>>,
     poh_service: PohService,
-    signal_receiver: Receiver<(Arc<Bank>, (Entry, u64))>,
+    signal_receiver: Receiver<WorkingBankEntry>,
 }
 
 fn setup() -> BenchFrame {
diff --git a/core/benches/proto_to_packet.rs b/core/benches/proto_to_packet.rs
new file mode 100644
index 0000000000..87f85f9c7f
--- /dev/null
+++ b/core/benches/proto_to_packet.rs
@@ -0,0 +1,56 @@
+#![feature(test)]
+
+extern crate test;
+
+use {
+    jito_protos::proto::packet::{
+        Meta as PbMeta, Packet as PbPacket, PacketBatch, PacketFlags as PbFlags,
+    },
+    solana_core::proto_packet_to_packet,
+    solana_sdk::packet::{Packet, PACKET_DATA_SIZE},
+    std::iter::repeat,
+    test::{black_box, Bencher},
+};
+
+fn get_proto_packet(i: u8) -> PbPacket {
+    PbPacket {
+        data: repeat(i).take(PACKET_DATA_SIZE).collect(),
+        meta: Some(PbMeta {
+            size: PACKET_DATA_SIZE as u64,
+            addr: "255.255.255.255:65535".to_string(),
+            port: 65535,
+            flags: Some(PbFlags {
+                discard: false,
+                forwarded: false,
+                repair: false,
+                simple_vote_tx: false,
+                tracer_packet: false,
+            }),
+            sender_stake: 0,
+        }),
+    }
+}
+
+#[bench]
+fn bench_proto_to_packet(bencher: &mut Bencher) {
+    bencher.iter(|| {
+        black_box(proto_packet_to_packet(get_proto_packet(1)));
+    });
+}
+
+#[bench]
+fn bench_batch_list_to_packets(bencher: &mut Bencher) {
+    let packet_batch = PacketBatch {
+        packets: (0..128).map(get_proto_packet).collect(),
+    };
+
+    bencher.iter(|| {
+        black_box(
+            packet_batch
+                .packets
+                .iter()
+                .map(|p| proto_packet_to_packet(p.clone()))
+                .collect::<Vec<Packet>>(),
+        );
+    });
+}
diff --git a/core/src/admin_rpc_post_init.rs b/core/src/admin_rpc_post_init.rs
index 364509a63b..425a4375c1 100644
--- a/core/src/admin_rpc_post_init.rs
+++ b/core/src/admin_rpc_post_init.rs
@@ -1,6 +1,7 @@
 use {
     crate::{
         cluster_slots_service::cluster_slots::ClusterSlots,
+        proxy::{block_engine_stage::BlockEngineConfig, relayer_stage::RelayerConfig},
         repair::{outstanding_requests::OutstandingRequests, serve_repair::ShredRepairType},
     },
     solana_gossip::cluster_info::ClusterInfo,
@@ -8,8 +9,8 @@ use {
     solana_sdk::{pubkey::Pubkey, quic::NotifyKeyUpdate},
     std::{
         collections::HashSet,
-        net::UdpSocket,
-        sync::{Arc, RwLock},
+        net::{SocketAddr, UdpSocket},
+        sync::{Arc, Mutex, RwLock},
     },
 };
 
@@ -23,4 +24,7 @@ pub struct AdminRpcRequestMetadataPostInit {
     pub repair_socket: Arc<UdpSocket>,
     pub outstanding_repair_requests: Arc<RwLock<OutstandingRequests<ShredRepairType>>>,
     pub cluster_slots: Arc<ClusterSlots>,
+    pub block_engine_config: Arc<Mutex<BlockEngineConfig>>,
+    pub relayer_config: Arc<Mutex<RelayerConfig>>,
+    pub shred_receiver_address: Arc<RwLock<Option<SocketAddr>>>,
 }
diff --git a/core/src/banking_stage.rs b/core/src/banking_stage.rs
index 49ccdb6ae1..270f855a21 100644
--- a/core/src/banking_stage.rs
+++ b/core/src/banking_stage.rs
@@ -25,6 +25,7 @@ use {
             },
         },
         banking_trace::BankingPacketReceiver,
+        bundle_stage::bundle_account_locker::BundleAccountLocker,
         tracer_packet_stats::TracerPacketStats,
         validator::BlockProductionMethod,
     },
@@ -42,8 +43,14 @@ use {
     },
     solana_sdk::{pubkey::Pubkey, timing::AtomicInterval},
     std::{
+<<<<<<< HEAD
         cmp, env,
         ops::Deref,
+=======
+        cmp,
+        collections::HashSet,
+        env,
+>>>>>>> 1742826fca (jito patch)
         sync::{
             atomic::{AtomicU64, AtomicUsize, Ordering},
             Arc, RwLock,
@@ -67,11 +74,16 @@ pub mod unprocessed_packet_batches;
 pub mod unprocessed_transaction_storage;
 
 mod consume_worker;
-mod decision_maker;
+pub(crate) mod decision_maker;
 mod forward_packet_batches_by_accounts;
+<<<<<<< HEAD
 mod immutable_deserialized_packet;
+=======
+mod forward_worker;
+pub(crate) mod immutable_deserialized_packet;
+>>>>>>> 1742826fca (jito patch)
 mod latest_unprocessed_votes;
-mod leader_slot_timing_metrics;
+pub(crate) mod leader_slot_timing_metrics;
 mod multi_iterator_scanner;
 mod packet_deserializer;
 mod packet_filter;
@@ -364,6 +376,8 @@ impl BankingStage {
         bank_forks: Arc<RwLock<BankForks>>,
         prioritization_fee_cache: &Arc<PrioritizationFeeCache>,
         enable_forwarding: bool,
+        blacklisted_accounts: HashSet<Pubkey>,
+        bundle_account_locker: BundleAccountLocker,
     ) -> Self {
         Self::new_num_threads(
             block_production_method,
@@ -380,6 +394,8 @@ impl BankingStage {
             bank_forks,
             prioritization_fee_cache,
             enable_forwarding,
+            blacklisted_accounts,
+            bundle_account_locker,
         )
     }
 
@@ -399,8 +415,31 @@ impl BankingStage {
         bank_forks: Arc<RwLock<BankForks>>,
         prioritization_fee_cache: &Arc<PrioritizationFeeCache>,
         enable_forwarding: bool,
+        blacklisted_accounts: HashSet<Pubkey>,
+        bundle_account_locker: BundleAccountLocker,
     ) -> Self {
         match block_production_method {
+<<<<<<< HEAD
+=======
+            BlockProductionMethod::ThreadLocalMultiIterator => {
+                Self::new_thread_local_multi_iterator(
+                    cluster_info,
+                    poh_recorder,
+                    non_vote_receiver,
+                    tpu_vote_receiver,
+                    gossip_vote_receiver,
+                    num_threads,
+                    transaction_status_sender,
+                    replay_vote_sender,
+                    log_messages_bytes_limit,
+                    connection_cache,
+                    bank_forks,
+                    prioritization_fee_cache,
+                    blacklisted_accounts,
+                    bundle_account_locker,
+                )
+            }
+>>>>>>> 1742826fca (jito patch)
             BlockProductionMethod::CentralScheduler => Self::new_central_scheduler(
                 cluster_info,
                 poh_recorder,
@@ -415,6 +454,8 @@ impl BankingStage {
                 bank_forks,
                 prioritization_fee_cache,
                 enable_forwarding,
+                blacklisted_accounts,
+                bundle_account_locker,
             ),
         }
     }
@@ -433,6 +474,8 @@ impl BankingStage {
         connection_cache: Arc<ConnectionCache>,
         bank_forks: Arc<RwLock<BankForks>>,
         prioritization_fee_cache: &Arc<PrioritizationFeeCache>,
+        blacklisted_accounts: HashSet<Pubkey>,
+        bundle_account_locker: BundleAccountLocker,
     ) -> Self {
         assert!(num_threads >= MIN_TOTAL_THREADS);
         // Single thread to generate entries from many banks.
@@ -499,6 +542,8 @@ impl BankingStage {
                     log_messages_bytes_limit,
                     forwarder,
                     unprocessed_transaction_storage,
+                    blacklisted_accounts.clone(),
+                    bundle_account_locker.clone(),
                 )
             })
             .collect();
@@ -520,6 +565,8 @@ impl BankingStage {
         bank_forks: Arc<RwLock<BankForks>>,
         prioritization_fee_cache: &Arc<PrioritizationFeeCache>,
         enable_forwarding: bool,
+        blacklisted_accounts: HashSet<Pubkey>,
+        bundle_account_locker: BundleAccountLocker,
     ) -> Self {
         assert!(num_threads >= MIN_TOTAL_THREADS);
         // Single thread to generate entries from many banks.
@@ -566,6 +613,8 @@ impl BankingStage {
                     latest_unprocessed_votes.clone(),
                     vote_source,
                 ),
+                blacklisted_accounts.clone(),
+                bundle_account_locker.clone(),
             ));
         }
 
@@ -587,6 +636,8 @@ impl BankingStage {
                     poh_recorder.read().unwrap().new_recorder(),
                     QosService::new(id),
                     log_messages_bytes_limit,
+                    blacklisted_accounts.clone(),
+                    bundle_account_locker.clone(),
                 ),
                 finished_work_sender.clone(),
                 poh_recorder.read().unwrap().new_leader_bank_notifier(),
@@ -645,7 +696,12 @@ impl BankingStage {
         Self { bank_thread_hdls }
     }
 
+<<<<<<< HEAD
     fn spawn_thread_local_multi_iterator_thread<T: LikeClusterInfo>(
+=======
+    #[allow(clippy::too_many_arguments)]
+    fn spawn_thread_local_multi_iterator_thread(
+>>>>>>> 1742826fca (jito patch)
         id: u32,
         packet_receiver: BankingPacketReceiver,
         decision_maker: DecisionMaker,
@@ -654,13 +710,22 @@ impl BankingStage {
         log_messages_bytes_limit: Option<usize>,
         mut forwarder: Forwarder<T>,
         unprocessed_transaction_storage: UnprocessedTransactionStorage,
+        blacklisted_accounts: HashSet<Pubkey>,
+        bundle_account_locker: BundleAccountLocker,
     ) -> JoinHandle<()> {
+<<<<<<< HEAD
         let mut packet_receiver = PacketReceiver::new(id, packet_receiver);
+=======
+        let mut packet_receiver = PacketReceiver::new(id, packet_receiver, bank_forks);
+
+>>>>>>> 1742826fca (jito patch)
         let consumer = Consumer::new(
             committer,
             transaction_recorder,
             QosService::new(id),
             log_messages_bytes_limit,
+            blacklisted_accounts.clone(),
+            bundle_account_locker.clone(),
         );
 
         Builder::new()
@@ -816,7 +881,7 @@ mod tests {
         crate::banking_trace::{BankingPacketBatch, BankingTracer},
         crossbeam_channel::{unbounded, Receiver},
         itertools::Itertools,
-        solana_entry::entry::{self, Entry, EntrySlice},
+        solana_entry::entry::{self, EntrySlice},
         solana_gossip::cluster_info::Node,
         solana_ledger::{
             blockstore::Blockstore,
@@ -830,6 +895,7 @@ mod tests {
         solana_poh::{
             poh_recorder::{
                 create_test_recorder, PohRecorderError, Record, RecordTransactionsSummary,
+                WorkingBankEntry,
             },
             poh_service::PohService,
         },
@@ -904,6 +970,8 @@ mod tests {
                 bank_forks,
                 &Arc::new(PrioritizationFeeCache::new(0u64)),
                 false,
+                HashSet::default(),
+                BundleAccountLocker::default(),
             );
             drop(non_vote_sender);
             drop(tpu_vote_sender);
@@ -960,6 +1028,8 @@ mod tests {
                 bank_forks,
                 &Arc::new(PrioritizationFeeCache::new(0u64)),
                 false,
+                HashSet::default(),
+                BundleAccountLocker::default(),
             );
             trace!("sending bank");
             drop(non_vote_sender);
@@ -972,7 +1042,12 @@ mod tests {
             trace!("getting entries");
             let entries: Vec<_> = entry_receiver
                 .iter()
-                .map(|(_bank, (entry, _tick_height))| entry)
+                .flat_map(
+                    |WorkingBankEntry {
+                         bank: _,
+                         entries_ticks,
+                     }| entries_ticks.into_iter().map(|(e, _)| e),
+                )
                 .collect();
             trace!("done");
             assert_eq!(entries.len(), genesis_config.ticks_per_slot as usize);
@@ -1040,6 +1115,8 @@ mod tests {
                 bank_forks.clone(), // keep a local-copy of bank-forks so worker threads do not lose weak access to bank-forks
                 &Arc::new(PrioritizationFeeCache::new(0u64)),
                 false,
+                HashSet::default(),
+                BundleAccountLocker::default(),
             );
 
             // fund another account so we can send 2 good transactions in a single batch.
@@ -1091,9 +1168,14 @@ mod tests {
             bank.process_transaction(&fund_tx).unwrap();
             //receive entries + ticks
             loop {
-                let entries: Vec<Entry> = entry_receiver
+                let entries: Vec<_> = entry_receiver
                     .iter()
-                    .map(|(_bank, (entry, _tick_height))| entry)
+                    .flat_map(
+                        |WorkingBankEntry {
+                             bank: _,
+                             entries_ticks,
+                         }| entries_ticks.into_iter().map(|(e, _)| e),
+                    )
                     .collect();
 
                 assert!(entries.verify(&blockhash, &entry::thread_pool_for_tests()));
@@ -1205,6 +1287,8 @@ mod tests {
                     Arc::new(ConnectionCache::new("connection_cache_test")),
                     bank_forks,
                     &Arc::new(PrioritizationFeeCache::new(0u64)),
+                    HashSet::default(),
+                    BundleAccountLocker::default(),
                 );
 
                 // wait for banking_stage to eat the packets
@@ -1223,7 +1307,12 @@ mod tests {
             // check that the balance is what we expect.
             let entries: Vec<_> = entry_receiver
                 .iter()
-                .map(|(_bank, (entry, _tick_height))| entry)
+                .flat_map(
+                    |WorkingBankEntry {
+                         bank: _,
+                         entries_ticks,
+                     }| entries_ticks.into_iter().map(|(e, _)| e),
+                )
                 .collect();
 
             let (bank, _bank_forks) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
@@ -1286,15 +1375,19 @@ mod tests {
                 system_transaction::transfer(&keypair2, &pubkey2, 1, genesis_config.hash()).into(),
             ];
 
-            let _ = recorder.record_transactions(bank.slot(), txs.clone());
-            let (_bank, (entry, _tick_height)) = entry_receiver.recv().unwrap();
+            let _ = recorder.record_transactions(bank.slot(), vec![txs.clone()]);
+            let WorkingBankEntry {
+                bank,
+                entries_ticks,
+            } = entry_receiver.recv().unwrap();
+            let entry = &entries_ticks.first().unwrap().0;
             assert_eq!(entry.transactions, txs);
 
             // Once bank is set to a new bank (setting bank.slot() + 1 in record_transactions),
             // record_transactions should throw MaxHeightReached
             let next_slot = bank.slot() + 1;
             let RecordTransactionsSummary { result, .. } =
-                recorder.record_transactions(next_slot, txs);
+                recorder.record_transactions(next_slot, vec![txs]);
             assert_matches!(result, Err(PohRecorderError::MaxHeightReached));
             // Should receive nothing from PohRecorder b/c record failed
             assert!(entry_receiver.try_recv().is_err());
@@ -1397,6 +1490,8 @@ mod tests {
                 bank_forks,
                 &Arc::new(PrioritizationFeeCache::new(0u64)),
                 false,
+                HashSet::default(),
+                BundleAccountLocker::default(),
             );
 
             let keypairs = (0..100).map(|_| Keypair::new()).collect_vec();
diff --git a/core/src/banking_stage/committer.rs b/core/src/banking_stage/committer.rs
index 3722134294..80959ab6e3 100644
--- a/core/src/banking_stage/committer.rs
+++ b/core/src/banking_stage/committer.rs
@@ -12,18 +12,20 @@ use {
         transaction_batch::TransactionBatch,
         vote_sender_types::ReplayVoteSender,
     },
+<<<<<<< HEAD
     solana_runtime_transaction::transaction_with_meta::TransactionWithMeta,
     solana_sdk::{pubkey::Pubkey, saturating_add_assign},
+=======
+    solana_sdk::{hash::Hash, saturating_add_assign},
+>>>>>>> 1742826fca (jito patch)
     solana_svm::{
         transaction_commit_result::{TransactionCommitResult, TransactionCommitResultExtensions},
         transaction_processing_result::{
             TransactionProcessingResult, TransactionProcessingResultExtensions,
         },
     },
-    solana_transaction_status::{
-        token_balances::TransactionTokenBalancesSet, TransactionTokenBalance,
-    },
-    std::{collections::HashMap, sync::Arc},
+    solana_transaction_status::{token_balances::TransactionTokenBalancesSet, PreBalanceInfo},
+    std::sync::Arc,
 };
 
 #[derive(Clone, Debug, PartialEq, Eq)]
@@ -35,13 +37,6 @@ pub enum CommitTransactionDetails {
     NotCommitted,
 }
 
-#[derive(Default)]
-pub(super) struct PreBalanceInfo {
-    pub native: Vec<Vec<u64>>,
-    pub token: Vec<Vec<TransactionTokenBalance>>,
-    pub mint_decimals: HashMap<Pubkey, u8>,
-}
-
 #[derive(Clone)]
 pub struct Committer {
     transaction_status_sender: Option<TransactionStatusSender>,
@@ -144,7 +139,7 @@ impl Committer {
                 .collect_vec();
             let post_balances = bank.collect_balances(batch);
             let post_token_balances =
-                collect_token_balances(bank, batch, &mut pre_balance_info.mint_decimals);
+                collect_token_balances(bank, batch, &mut pre_balance_info.mint_decimals, None);
             let mut transaction_index = starting_transaction_index.unwrap_or_default();
             let batch_transaction_indexes: Vec<_> = commit_results
                 .iter()
diff --git a/core/src/banking_stage/consume_worker.rs b/core/src/banking_stage/consume_worker.rs
index 815c51b9b6..bdb1a2421d 100644
--- a/core/src/banking_stage/consume_worker.rs
+++ b/core/src/banking_stage/consume_worker.rs
@@ -749,11 +749,22 @@ impl ConsumeWorkerTransactionErrorMetrics {
 mod tests {
     use {
         super::*,
+<<<<<<< HEAD
         crate::banking_stage::{
             committer::Committer,
             qos_service::QosService,
             scheduler_messages::{MaxAge, TransactionBatchId},
             tests::{create_slow_genesis_config, sanitize_transactions, simulate_poh},
+=======
+        crate::{
+            banking_stage::{
+                committer::Committer,
+                qos_service::QosService,
+                scheduler_messages::{TransactionBatchId, TransactionId},
+                tests::{create_slow_genesis_config, sanitize_transactions, simulate_poh},
+            },
+            bundle_stage::bundle_account_locker::BundleAccountLocker,
+>>>>>>> 1742826fca (jito patch)
         },
         crossbeam_channel::unbounded,
         solana_ledger::{
@@ -850,7 +861,14 @@ mod tests {
             replay_vote_sender,
             Arc::new(PrioritizationFeeCache::new(0u64)),
         );
-        let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+        let consumer = Consumer::new(
+            committer,
+            recorder,
+            QosService::new(1),
+            None,
+            HashSet::default(),
+            BundleAccountLocker::default(),
+        );
 
         let (consume_sender, consume_receiver) = unbounded();
         let (consumed_sender, consumed_receiver) = unbounded();
diff --git a/core/src/banking_stage/consumer.rs b/core/src/banking_stage/consumer.rs
index 2c8d46d46d..7eb4e54d5e 100644
--- a/core/src/banking_stage/consumer.rs
+++ b/core/src/banking_stage/consumer.rs
@@ -1,6 +1,6 @@
 use {
     super::{
-        committer::{CommitTransactionDetails, Committer, PreBalanceInfo},
+        committer::{CommitTransactionDetails, Committer},
         immutable_deserialized_packet::ImmutableDeserializedPacket,
         leader_slot_metrics::{
             CommittedTransactionsCounts, LeaderSlotMetricsTracker, ProcessTransactionsSummary,
@@ -11,6 +11,7 @@ use {
         unprocessed_transaction_storage::{ConsumeScannerPayload, UnprocessedTransactionStorage},
         BankingStageStats,
     },
+    crate::bundle_stage::bundle_account_locker::BundleAccountLocker,
     itertools::Itertools,
     solana_compute_budget_instruction::instructions_processor::process_compute_budget_instructions,
     solana_feature_set as feature_set,
@@ -27,8 +28,15 @@ use {
     },
     solana_runtime_transaction::transaction_with_meta::TransactionWithMeta,
     solana_sdk::{
+<<<<<<< HEAD
         clock::{FORWARD_TRANSACTIONS_TO_LEADER_AT_SLOT_OFFSET, MAX_PROCESSING_AGE},
         fee::FeeBudgetLimits,
+=======
+        clock::{Slot, FORWARD_TRANSACTIONS_TO_LEADER_AT_SLOT_OFFSET, MAX_PROCESSING_AGE},
+        feature_set,
+        message::SanitizedMessage,
+        pubkey::Pubkey,
+>>>>>>> 1742826fca (jito patch)
         saturating_add_assign,
         timing::timestamp,
         transaction::{self, TransactionError},
@@ -39,10 +47,16 @@ use {
         transaction_processing_result::TransactionProcessingResultExtensions,
         transaction_processor::{ExecutionRecordingConfig, TransactionProcessingConfig},
     },
+<<<<<<< HEAD
     solana_svm_transaction::svm_message::SVMMessage,
     solana_timings::ExecuteTimings,
     std::{
         num::Saturating,
+=======
+    solana_transaction_status::PreBalanceInfo,
+    std::{
+        collections::HashSet,
+>>>>>>> 1742826fca (jito patch)
         sync::{atomic::Ordering, Arc},
         time::Instant,
     },
@@ -92,6 +106,8 @@ pub struct Consumer {
     transaction_recorder: TransactionRecorder,
     qos_service: QosService,
     log_messages_bytes_limit: Option<usize>,
+    blacklisted_accounts: HashSet<Pubkey>,
+    bundle_account_locker: BundleAccountLocker,
 }
 
 impl Consumer {
@@ -100,12 +116,16 @@ impl Consumer {
         transaction_recorder: TransactionRecorder,
         qos_service: QosService,
         log_messages_bytes_limit: Option<usize>,
+        blacklisted_accounts: HashSet<Pubkey>,
+        bundle_account_locker: BundleAccountLocker,
     ) -> Self {
         Self {
             committer,
             transaction_recorder,
             qos_service,
             log_messages_bytes_limit,
+            blacklisted_accounts,
+            bundle_account_locker,
         }
     }
 
@@ -135,6 +155,7 @@ impl Consumer {
                     packets_to_process,
                 )
             },
+            &self.blacklisted_accounts,
         );
 
         if reached_end_of_slot {
@@ -483,20 +504,26 @@ impl Consumer {
             cost_model_us,
         ) = measure_us!(self.qos_service.select_and_accumulate_transaction_costs(
             bank,
+            &mut bank.write_cost_tracker().unwrap(),
             txs,
             pre_results
         ));
 
         // Only lock accounts for those transactions are selected for the block;
         // Once accounts are locked, other threads cannot encode transactions that will modify the
-        // same account state
+        // same account state.
+        // BundleAccountLocker is used to prevent race conditions with bundled transactions from bundle stage
+        let bundle_account_locks = self.bundle_account_locker.account_locks();
         let (batch, lock_us) = measure_us!(bank.prepare_sanitized_batch_with_results(
             txs,
             transaction_qos_cost_results.iter().map(|r| match r {
                 Ok(_cost) => Ok(()),
                 Err(err) => Err(err.clone()),
-            })
+            }),
+            Some(&bundle_account_locks.read_locks()),
+            Some(&bundle_account_locks.write_locks())
         ));
+        drop(bundle_account_locks);
 
         // retryable_txs includes AccountInUse, WouldExceedMaxBlockCostLimit
         // WouldExceedMaxAccountCostLimit, WouldExceedMaxVoteCostLimit
@@ -528,8 +555,9 @@ impl Consumer {
             .iter_mut()
             .for_each(|x| *x += chunk_offset);
 
-        let (cu, us) =
-            Self::accumulate_execute_units_and_time(&execute_and_commit_timings.execute_timings);
+        let (cu, us) = execute_and_commit_timings
+            .execute_timings
+            .accumulate_execute_units_and_time();
         self.qos_service.accumulate_actual_execute_cu(cu);
         self.qos_service.accumulate_actual_execute_time(us);
 
@@ -566,7 +594,7 @@ impl Consumer {
             if transaction_status_sender_enabled {
                 pre_balance_info.native = bank.collect_balances(batch);
                 pre_balance_info.token =
-                    collect_token_balances(bank, batch, &mut pre_balance_info.mint_decimals)
+                    collect_token_balances(bank, batch, &mut pre_balance_info.mint_decimals, None)
             }
         });
         execute_and_commit_timings.collect_balances_us = collect_balances_us;
@@ -672,7 +700,11 @@ impl Consumer {
 
         let (record_transactions_summary, record_us) = measure_us!(self
             .transaction_recorder
+<<<<<<< HEAD
             .record_transactions(bank.slot(), processed_transactions));
+=======
+            .record_transactions(bank.slot(), vec![executed_transactions]));
+>>>>>>> 1742826fca (jito patch)
         execute_and_commit_timings.record_us = record_us;
 
         let RecordTransactionsSummary {
@@ -786,6 +818,7 @@ impl Consumer {
         )
     }
 
+<<<<<<< HEAD
     fn accumulate_execute_units_and_time(execute_timings: &ExecuteTimings) -> (u64, u64) {
         execute_timings.details.per_program_timings.values().fold(
             (0, 0),
@@ -801,6 +834,8 @@ impl Consumer {
         )
     }
 
+=======
+>>>>>>> 1742826fca (jito patch)
     /// This function filters pending packets that are still valid
     /// # Arguments
     /// * `transactions` - a batch of transactions deserialized from packets
@@ -895,7 +930,7 @@ mod tests {
             transaction::{Transaction, VersionedTransaction},
         },
         solana_svm::account_loader::CheckedTransactionDetails,
-        solana_timings::ProgramTiming,
+        solana_timings::{ExecuteTimings, ProgramTiming},
         solana_transaction_status::{TransactionStatusMeta, VersionedTransactionWithStatusMeta},
         std::{
             borrow::Cow,
@@ -945,7 +980,14 @@ mod tests {
             replay_vote_sender,
             Arc::new(PrioritizationFeeCache::new(0u64)),
         );
-        let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+        let consumer = Consumer::new(
+            committer,
+            recorder,
+            QosService::new(1),
+            None,
+            HashSet::default(),
+            BundleAccountLocker::default(),
+        );
         let process_transactions_summary =
             consumer.process_transactions(&bank, &Instant::now(), &transactions);
 
@@ -1120,7 +1162,14 @@ mod tests {
                 replay_vote_sender,
                 Arc::new(PrioritizationFeeCache::new(0u64)),
             );
-            let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+            let consumer = Consumer::new(
+                committer,
+                recorder,
+                QosService::new(1),
+                None,
+                HashSet::default(),
+                BundleAccountLocker::default(),
+            );
 
             let process_transactions_batch_output =
                 consumer.process_and_record_transactions(&bank, &transactions, 0);
@@ -1148,7 +1197,13 @@ mod tests {
 
             let mut done = false;
             // read entries until I find mine, might be ticks...
-            while let Ok((_bank, (entry, _tick_height))) = entry_receiver.recv() {
+            while let Ok(WorkingBankEntry {
+                bank,
+                entries_ticks,
+            }) = entry_receiver.recv()
+            {
+                assert!(entries_ticks.len() == 1);
+                let entry = &entries_ticks.first().unwrap().0;
                 if !entry.is_tick() {
                     trace!("got entry");
                     assert_eq!(entry.transactions.len(), transactions.len());
@@ -1269,11 +1324,10 @@ mod tests {
                         let timeout = Duration::from_millis(10);
                         let record = record_receiver.recv_timeout(timeout);
                         if let Ok(record) = record {
-                            let record_response = poh_recorder.write().unwrap().record(
-                                record.slot,
-                                record.mixin,
-                                record.transactions,
-                            );
+                            let record_response = poh_recorder
+                                .write()
+                                .unwrap()
+                                .record(record.slot, &record.mixins_txs);
                             poh_recorder.write().unwrap().tick();
                             if record.sender.send(record_response).is_err() {
                                 panic!("Error returning mixin hash");
@@ -1310,7 +1364,14 @@ mod tests {
                 replay_vote_sender,
                 Arc::new(PrioritizationFeeCache::new(0u64)),
             );
-            let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+            let consumer = Consumer::new(
+                committer,
+                recorder,
+                QosService::new(1),
+                None,
+                HashSet::default(),
+                BundleAccountLocker::default(),
+            );
 
             let process_transactions_batch_output =
                 consumer.process_and_record_transactions(&bank, &transactions, 0);
@@ -1338,9 +1399,13 @@ mod tests {
 
             let mut done = false;
             // read entries until I find mine, might be ticks...
-            while let Ok((_bank, (entry, _tick_height))) = entry_receiver.recv() {
-                if !entry.is_tick() {
-                    assert_eq!(entry.transactions.len(), transactions.len());
+            while let Ok(WorkingBankEntry {
+                bank: _,
+                entries_ticks,
+            }) = entry_receiver.recv()
+            {
+                if !entries_ticks[0].0.is_tick() {
+                    assert_eq!(entries_ticks[0].0.transactions.len(), transactions.len());
                     done = true;
                     break;
                 }
@@ -1414,7 +1479,14 @@ mod tests {
                 replay_vote_sender,
                 Arc::new(PrioritizationFeeCache::new(0u64)),
             );
-            let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+            let consumer = Consumer::new(
+                committer,
+                recorder,
+                QosService::new(1),
+                None,
+                HashSet::default(),
+                BundleAccountLocker::default(),
+            );
 
             let process_transactions_batch_output =
                 consumer.process_and_record_transactions(&bank, &transactions, 0);
@@ -1493,7 +1565,14 @@ mod tests {
                 replay_vote_sender,
                 Arc::new(PrioritizationFeeCache::new(0u64)),
             );
-            let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+            let consumer = Consumer::new(
+                committer,
+                recorder,
+                QosService::new(1),
+                None,
+                HashSet::default(),
+                BundleAccountLocker::default(),
+            );
 
             let get_block_cost = || bank.read_cost_tracker().unwrap().block_cost();
             let get_tx_count = || bank.read_cost_tracker().unwrap().transaction_count();
@@ -1656,7 +1735,14 @@ mod tests {
                 replay_vote_sender,
                 Arc::new(PrioritizationFeeCache::new(0u64)),
             );
-            let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+            let consumer = Consumer::new(
+                committer,
+                recorder,
+                QosService::new(1),
+                None,
+                HashSet::default(),
+                BundleAccountLocker::default(),
+            );
 
             let process_transactions_batch_output =
                 consumer.process_and_record_transactions(&bank, &transactions, 0);
@@ -1861,7 +1947,14 @@ mod tests {
                 replay_vote_sender,
                 Arc::new(PrioritizationFeeCache::new(0u64)),
             );
-            let consumer = Consumer::new(committer, recorder.clone(), QosService::new(1), None);
+            let consumer = Consumer::new(
+                committer,
+                recorder.clone(),
+                QosService::new(1),
+                None,
+                HashSet::default(),
+                BundleAccountLocker::default(),
+            );
 
             let process_transactions_summary =
                 consumer.process_transactions(&bank, &Instant::now(), &transactions);
@@ -1990,7 +2083,14 @@ mod tests {
                 replay_vote_sender,
                 Arc::new(PrioritizationFeeCache::new(0u64)),
             );
-            let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+            let consumer = Consumer::new(
+                committer,
+                recorder,
+                QosService::new(1),
+                None,
+                HashSet::default(),
+                BundleAccountLocker::default(),
+            );
 
             let _ = consumer.process_and_record_transactions(&bank, &transactions, 0);
 
@@ -2135,7 +2235,14 @@ mod tests {
                 replay_vote_sender,
                 Arc::new(PrioritizationFeeCache::new(0u64)),
             );
-            let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+            let consumer = Consumer::new(
+                committer,
+                recorder,
+                QosService::new(1),
+                None,
+                HashSet::default(),
+                BundleAccountLocker::default(),
+            );
 
             let _ = consumer.process_and_record_transactions(&bank, &[sanitized_tx.clone()], 0);
 
@@ -2195,7 +2302,14 @@ mod tests {
                 replay_vote_sender,
                 Arc::new(PrioritizationFeeCache::new(0u64)),
             );
-            let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+            let consumer = Consumer::new(
+                committer,
+                recorder,
+                QosService::new(1),
+                None,
+                HashSet::default(),
+                BundleAccountLocker::default(),
+            );
 
             // When the working bank in poh_recorder is None, no packets should be processed (consume will not be called)
             assert!(!poh_recorder.read().unwrap().has_bank());
@@ -2280,7 +2394,14 @@ mod tests {
                 replay_vote_sender,
                 Arc::new(PrioritizationFeeCache::new(0u64)),
             );
-            let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+            let consumer = Consumer::new(
+                committer,
+                recorder,
+                QosService::new(1),
+                None,
+                HashSet::default(),
+                BundleAccountLocker::default(),
+            );
 
             // When the working bank in poh_recorder is None, no packets should be processed
             assert!(!poh_recorder.read().unwrap().has_bank());
@@ -2332,7 +2453,14 @@ mod tests {
                 replay_vote_sender,
                 Arc::new(PrioritizationFeeCache::new(0u64)),
             );
-            let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+            let consumer = Consumer::new(
+                committer,
+                recorder,
+                QosService::new(1),
+                None,
+                HashSet::default(),
+                BundleAccountLocker::default(),
+            );
 
             // When the working bank in poh_recorder is None, no packets should be processed (consume will not be called)
             assert!(!poh_recorder.read().unwrap().has_bank());
@@ -2464,7 +2592,14 @@ mod tests {
                 replay_vote_sender,
                 Arc::new(PrioritizationFeeCache::new(0u64)),
             );
-            let consumer = Consumer::new(committer, recorder, QosService::new(1), None);
+            let consumer = Consumer::new(
+                committer,
+                recorder,
+                QosService::new(1),
+                None,
+                HashSet::default(),
+                BundleAccountLocker::default(),
+            );
 
             // When the working bank in poh_recorder is None, no packets should be processed (consume will not be called)
             assert!(!poh_recorder.read().unwrap().has_bank());
@@ -2533,7 +2668,7 @@ mod tests {
             expected_units += n * 1000;
         }
 
-        let (units, us) = Consumer::accumulate_execute_units_and_time(&execute_timings);
+        let (units, us) = execute_timings.accumulate_execute_units_and_time();
 
         assert_eq!(expected_units, units);
         assert_eq!(expected_us, us);
diff --git a/core/src/banking_stage/latest_unprocessed_votes.rs b/core/src/banking_stage/latest_unprocessed_votes.rs
index ae13c37caa..2b13f6c7e0 100644
--- a/core/src/banking_stage/latest_unprocessed_votes.rs
+++ b/core/src/banking_stage/latest_unprocessed_votes.rs
@@ -151,7 +151,7 @@ impl LatestValidatorVotePacket {
 }
 
 #[derive(Default, Debug)]
-pub(crate) struct VoteBatchInsertionMetrics {
+pub struct VoteBatchInsertionMetrics {
     pub(crate) num_dropped_gossip: usize,
     pub(crate) num_dropped_tpu: usize,
 }
diff --git a/core/src/banking_stage/qos_service.rs b/core/src/banking_stage/qos_service.rs
index a29d49ed6f..6d57f490df 100644
--- a/core/src/banking_stage/qos_service.rs
+++ b/core/src/banking_stage/qos_service.rs
@@ -6,7 +6,9 @@
 use {
     super::{committer::CommitTransactionDetails, BatchedTransactionDetails},
     solana_cost_model::{
-        cost_model::CostModel, cost_tracker::UpdatedCosts, transaction_cost::TransactionCost,
+        cost_model::CostModel,
+        cost_tracker::{CostTracker, UpdatedCosts},
+        transaction_cost::TransactionCost,
     },
     solana_feature_set::FeatureSet,
     solana_measure::measure::Measure,
@@ -43,7 +45,12 @@ impl QosService {
     pub fn select_and_accumulate_transaction_costs<'a, Tx: TransactionWithMeta>(
         &self,
         bank: &Bank,
+<<<<<<< HEAD
         transactions: &'a [Tx],
+=======
+        cost_tracker: &mut CostTracker, // caller should pass in &mut bank.write_cost_tracker().unwrap()
+        transactions: &[SanitizedTransaction],
+>>>>>>> 1742826fca (jito patch)
         pre_results: impl Iterator<Item = transaction::Result<()>>,
     ) -> (Vec<transaction::Result<TransactionCost<'a, Tx>>>, u64) {
         let transaction_costs =
@@ -51,7 +58,8 @@ impl QosService {
         let (transactions_qos_cost_results, num_included) = self.select_transactions_per_cost(
             transactions.iter(),
             transaction_costs.into_iter(),
-            bank,
+            bank.slot(),
+            cost_tracker,
         );
         self.accumulate_estimated_transaction_costs(&Self::accumulate_batched_transaction_costs(
             transactions_qos_cost_results.iter(),
@@ -95,13 +103,21 @@ impl QosService {
     /// and a count of the number of transactions that would fit in the block
     fn select_transactions_per_cost<'a, Tx: TransactionWithMeta>(
         &self,
+<<<<<<< HEAD
         transactions: impl Iterator<Item = &'a Tx>,
         transactions_costs: impl Iterator<Item = transaction::Result<TransactionCost<'a, Tx>>>,
         bank: &Bank,
     ) -> (Vec<transaction::Result<TransactionCost<'a, Tx>>>, usize) {
+=======
+        transactions: impl Iterator<Item = &'a SanitizedTransaction>,
+        transactions_costs: impl Iterator<Item = transaction::Result<TransactionCost>>,
+        slot: Slot,
+        cost_tracker: &mut CostTracker,
+    ) -> (Vec<transaction::Result<TransactionCost>>, usize) {
+>>>>>>> 1742826fca (jito patch)
         let mut cost_tracking_time = Measure::start("cost_tracking_time");
-        let mut cost_tracker = bank.write_cost_tracker().unwrap();
         let mut num_included = 0;
+<<<<<<< HEAD
         let select_results = transactions
             .zip(transactions_costs)
             .map(|(tx, cost)| match cost {
@@ -139,6 +155,27 @@ impl QosService {
                     }
                 },
                 Err(e) => Err(e),
+=======
+        let select_results = transactions.zip(transactions_costs)
+            .map(|(tx, cost)| {
+                match cost {
+                    Ok(cost) => {
+                        match cost_tracker.try_add(&cost) {
+                            Ok(UpdatedCosts{updated_block_cost, updated_costliest_account_cost}) => {
+                                debug!("slot {:?}, transaction {:?}, cost {:?}, fit into current block, current block cost {}, updated costliest account cost {}", slot, tx, cost, updated_block_cost, updated_costliest_account_cost);
+                                self.metrics.stats.selected_txs_count.fetch_add(1, Ordering::Relaxed);
+                                num_included += 1;
+                                Ok(cost)
+                            },
+                            Err(e) => {
+                                debug!("slot {:?}, transaction {:?}, cost {:?}, not fit into current block, '{:?}'", slot, tx, cost, e);
+                                Err(TransactionError::from(e))
+                            }
+                        }
+                    },
+                    Err(e) => Err(e),
+                }
+>>>>>>> 1742826fca (jito patch)
             })
             .collect();
         cost_tracker.add_transactions_in_flight(num_included);
@@ -702,8 +739,12 @@ mod tests {
         bank.write_cost_tracker()
             .unwrap()
             .set_limits(cost_limit, cost_limit, cost_limit);
-        let (results, num_selected) =
-            qos_service.select_transactions_per_cost(txs.iter(), txs_costs.into_iter(), &bank);
+        let (results, num_selected) = qos_service.select_transactions_per_cost(
+            txs.iter(),
+            txs_costs.into_iter(),
+            bank.slot(),
+            &mut bank.write_cost_tracker().unwrap(),
+        );
         assert_eq!(num_selected, 2);
 
         // verify that first transfer tx and first vote are allowed
@@ -756,8 +797,12 @@ mod tests {
                 .iter()
                 .map(|cost| cost.as_ref().unwrap().sum())
                 .sum();
-            let (qos_cost_results, _num_included) =
-                qos_service.select_transactions_per_cost(txs.iter(), txs_costs.into_iter(), &bank);
+            let (qos_cost_results, _num_included) = qos_service.select_transactions_per_cost(
+                txs.iter(),
+                txs_costs.into_iter(),
+                bank.slot(),
+                &mut bank.write_cost_tracker().unwrap(),
+            );
             assert_eq!(
                 total_txs_cost,
                 bank.read_cost_tracker().unwrap().block_cost()
@@ -825,8 +870,12 @@ mod tests {
                 .iter()
                 .map(|cost| cost.as_ref().unwrap().sum())
                 .sum();
-            let (qos_cost_results, _num_included) =
-                qos_service.select_transactions_per_cost(txs.iter(), txs_costs.into_iter(), &bank);
+            let (qos_cost_results, _num_included) = qos_service.select_transactions_per_cost(
+                txs.iter(),
+                txs_costs.into_iter(),
+                bank.slot(),
+                &mut bank.write_cost_tracker().unwrap(),
+            );
             assert_eq!(
                 total_txs_cost,
                 bank.read_cost_tracker().unwrap().block_cost()
@@ -879,8 +928,12 @@ mod tests {
                 .iter()
                 .map(|cost| cost.as_ref().unwrap().sum())
                 .sum();
-            let (qos_cost_results, _num_included) =
-                qos_service.select_transactions_per_cost(txs.iter(), txs_costs.into_iter(), &bank);
+            let (qos_cost_results, _num_included) = qos_service.select_transactions_per_cost(
+                txs.iter(),
+                txs_costs.into_iter(),
+                bank.slot(),
+                &mut bank.write_cost_tracker().unwrap(),
+            );
             assert_eq!(
                 total_txs_cost,
                 bank.read_cost_tracker().unwrap().block_cost()
diff --git a/core/src/banking_stage/unprocessed_transaction_storage.rs b/core/src/banking_stage/unprocessed_transaction_storage.rs
index e86780002e..dd2b77df34 100644
--- a/core/src/banking_stage/unprocessed_transaction_storage.rs
+++ b/core/src/banking_stage/unprocessed_transaction_storage.rs
@@ -15,21 +15,40 @@ use {
         },
         BankingStageStats, FilterForwardingResults, ForwardOption,
     },
+    crate::{
+        bundle_stage::bundle_stage_leader_metrics::BundleStageLeaderMetrics,
+        immutable_deserialized_bundle::ImmutableDeserializedBundle,
+    },
     itertools::Itertools,
     min_max_heap::MinMaxHeap,
+<<<<<<< HEAD
     solana_accounts_db::account_locks::validate_account_locks,
     solana_feature_set::FeatureSet,
     solana_measure::measure_us,
+=======
+    solana_bundle::{bundle_execution::LoadAndExecuteBundleError, BundleExecutionError},
+    solana_measure::{measure, measure_us},
+>>>>>>> 1742826fca (jito patch)
     solana_runtime::bank::Bank,
     solana_runtime_transaction::runtime_transaction::RuntimeTransaction,
     solana_sdk::{
+<<<<<<< HEAD
         clock::FORWARD_TRANSACTIONS_TO_LEADER_AT_SLOT_OFFSET, hash::Hash, saturating_add_assign,
+=======
+        bundle::SanitizedBundle,
+        clock::{Slot, FORWARD_TRANSACTIONS_TO_LEADER_AT_SLOT_OFFSET},
+        feature_set::FeatureSet,
+        hash::Hash,
+        pubkey::Pubkey,
+        saturating_add_assign,
+>>>>>>> 1742826fca (jito patch)
         transaction::SanitizedTransaction,
     },
     solana_svm::transaction_error_metrics::TransactionErrorMetrics,
     std::{
-        collections::HashMap,
+        collections::{HashMap, HashSet, VecDeque},
         sync::{atomic::Ordering, Arc},
+        time::Instant,
     },
 };
 
@@ -44,6 +63,7 @@ const MAX_NUM_VOTES_RECEIVE: usize = 10_000;
 pub enum UnprocessedTransactionStorage {
     VoteStorage(VoteStorage),
     LocalTransactionStorage(ThreadLocalUnprocessedPackets),
+    BundleStorage(BundleStorage),
 }
 
 #[derive(Debug)]
@@ -62,10 +82,11 @@ pub struct VoteStorage {
 pub enum ThreadType {
     Voting(VoteSource),
     Transactions,
+    Bundles,
 }
 
 #[derive(Debug)]
-pub(crate) enum InsertPacketBatchSummary {
+pub enum InsertPacketBatchSummary {
     VoteBatchInsertionMetrics(VoteBatchInsertionMetrics),
     PacketBatchInsertionMetrics(PacketBatchInsertionMetrics),
 }
@@ -149,6 +170,7 @@ fn consume_scan_should_process_packet(
     banking_stage_stats: &BankingStageStats,
     packet: &ImmutableDeserializedPacket,
     payload: &mut ConsumeScannerPayload,
+    blacklisted_accounts: &HashSet<Pubkey>,
 ) -> ProcessingDecision {
     // If end of the slot, return should process (quick loop after reached end of slot)
     if payload.reached_end_of_slot {
@@ -181,6 +203,10 @@ fn consume_scan_should_process_packet(
             bank.get_transaction_account_lock_limit(),
         )
         .is_err()
+            || message
+                .account_keys()
+                .iter()
+                .any(|key| blacklisted_accounts.contains(key))
         {
             payload
                 .message_hash_to_transaction
@@ -276,10 +302,25 @@ impl UnprocessedTransactionStorage {
         })
     }
 
+    pub fn new_bundle_storage() -> Self {
+        Self::BundleStorage(BundleStorage {
+            last_update_slot: Slot::default(),
+            unprocessed_bundle_storage: VecDeque::with_capacity(
+                BundleStorage::BUNDLE_STORAGE_CAPACITY,
+            ),
+            cost_model_buffered_bundle_storage: VecDeque::with_capacity(
+                BundleStorage::BUNDLE_STORAGE_CAPACITY,
+            ),
+        })
+    }
+
     pub fn is_empty(&self) -> bool {
         match self {
             Self::VoteStorage(vote_storage) => vote_storage.is_empty(),
             Self::LocalTransactionStorage(transaction_storage) => transaction_storage.is_empty(),
+            UnprocessedTransactionStorage::BundleStorage(bundle_storage) => {
+                bundle_storage.is_empty()
+            }
         }
     }
 
@@ -287,6 +328,10 @@ impl UnprocessedTransactionStorage {
         match self {
             Self::VoteStorage(vote_storage) => vote_storage.len(),
             Self::LocalTransactionStorage(transaction_storage) => transaction_storage.len(),
+            UnprocessedTransactionStorage::BundleStorage(bundle_storage) => {
+                bundle_storage.unprocessed_bundles_len()
+                    + bundle_storage.cost_model_buffered_bundles_len()
+            }
         }
     }
 
@@ -296,6 +341,7 @@ impl UnprocessedTransactionStorage {
             Self::LocalTransactionStorage(transaction_storage) => {
                 transaction_storage.get_min_compute_unit_price()
             }
+            UnprocessedTransactionStorage::BundleStorage(_) => None,
         }
     }
 
@@ -305,6 +351,7 @@ impl UnprocessedTransactionStorage {
             Self::LocalTransactionStorage(transaction_storage) => {
                 transaction_storage.get_max_compute_unit_price()
             }
+            UnprocessedTransactionStorage::BundleStorage(_) => None,
         }
     }
 
@@ -315,6 +362,9 @@ impl UnprocessedTransactionStorage {
             Self::LocalTransactionStorage(transaction_storage) => {
                 transaction_storage.max_receive_size()
             }
+            UnprocessedTransactionStorage::BundleStorage(bundle_storage) => {
+                bundle_storage.max_receive_size()
+            }
         }
     }
 
@@ -341,6 +391,9 @@ impl UnprocessedTransactionStorage {
             Self::LocalTransactionStorage(transaction_storage) => {
                 transaction_storage.forward_option()
             }
+            UnprocessedTransactionStorage::BundleStorage(bundle_storage) => {
+                bundle_storage.forward_option()
+            }
         }
     }
 
@@ -348,6 +401,16 @@ impl UnprocessedTransactionStorage {
         match self {
             Self::LocalTransactionStorage(transaction_storage) => transaction_storage.clear(), // Since we set everything as forwarded this is the same
             Self::VoteStorage(vote_storage) => vote_storage.clear_forwarded_packets(),
+            UnprocessedTransactionStorage::BundleStorage(bundle_storage) => {
+                let _ = bundle_storage.reset();
+            }
+        }
+    }
+
+    pub fn bundle_storage(&mut self) -> Option<&mut BundleStorage> {
+        match self {
+            UnprocessedTransactionStorage::BundleStorage(bundle_stoge) => Some(bundle_stoge),
+            _ => None,
         }
     }
 
@@ -362,6 +425,11 @@ impl UnprocessedTransactionStorage {
             Self::LocalTransactionStorage(transaction_storage) => InsertPacketBatchSummary::from(
                 transaction_storage.insert_batch(deserialized_packets),
             ),
+            UnprocessedTransactionStorage::BundleStorage(_) => {
+                panic!(
+                    "bundles must be inserted using UnprocessedTransactionStorage::insert_bundle"
+                )
+            }
         }
     }
 
@@ -381,6 +449,9 @@ impl UnprocessedTransactionStorage {
                     bank,
                     forward_packet_batches_by_accounts,
                 ),
+            UnprocessedTransactionStorage::BundleStorage(_) => {
+                panic!("bundles are not forwarded between leaders")
+            }
         }
     }
 
@@ -394,6 +465,7 @@ impl UnprocessedTransactionStorage {
         banking_stage_stats: &BankingStageStats,
         slot_metrics_tracker: &mut LeaderSlotMetricsTracker,
         processing_function: F,
+        blacklisted_accounts: &HashSet<Pubkey>,
     ) -> bool
     where
         F: FnMut(
@@ -408,16 +480,63 @@ impl UnprocessedTransactionStorage {
                     banking_stage_stats,
                     slot_metrics_tracker,
                     processing_function,
+                    blacklisted_accounts,
                 ),
             Self::VoteStorage(vote_storage) => vote_storage.process_packets(
                 bank,
                 banking_stage_stats,
                 slot_metrics_tracker,
                 processing_function,
+                blacklisted_accounts,
+            ),
+            UnprocessedTransactionStorage::BundleStorage(_) => panic!(
+                "UnprocessedTransactionStorage::BundleStorage does not support processing packets"
             ),
         }
     }
 
+    #[must_use]
+    pub fn process_bundles<F>(
+        &mut self,
+        bank: Arc<Bank>,
+        bundle_stage_leader_metrics: &mut BundleStageLeaderMetrics,
+        blacklisted_accounts: &HashSet<Pubkey>,
+        processing_function: F,
+    ) -> bool
+    where
+        F: FnMut(
+            &[(ImmutableDeserializedBundle, SanitizedBundle)],
+            &mut BundleStageLeaderMetrics,
+        ) -> Vec<Result<(), BundleExecutionError>>,
+    {
+        match self {
+            UnprocessedTransactionStorage::BundleStorage(bundle_storage) => bundle_storage
+                .process_bundles(
+                    bank,
+                    bundle_stage_leader_metrics,
+                    blacklisted_accounts,
+                    processing_function,
+                ),
+            _ => panic!("class does not support processing bundles"),
+        }
+    }
+
+    /// Inserts bundles into storage. Only supported for UnprocessedTransactionStorage::BundleStorage
+    pub(crate) fn insert_bundles(
+        &mut self,
+        deserialized_bundles: Vec<ImmutableDeserializedBundle>,
+    ) -> InsertPacketBundlesSummary {
+        match self {
+            UnprocessedTransactionStorage::BundleStorage(bundle_storage) => {
+                bundle_storage.insert_unprocessed_bundles(deserialized_bundles, true)
+            }
+            UnprocessedTransactionStorage::LocalTransactionStorage(_)
+            | UnprocessedTransactionStorage::VoteStorage(_) => {
+                panic!("UnprocessedTransactionStorage::insert_bundles only works for type UnprocessedTransactionStorage::BundleStorage");
+            }
+        }
+    }
+
     pub(crate) fn cache_epoch_boundary_info(&mut self, bank: &Bank) {
         match self {
             Self::LocalTransactionStorage(_) => (),
@@ -494,6 +613,7 @@ impl VoteStorage {
         banking_stage_stats: &BankingStageStats,
         slot_metrics_tracker: &mut LeaderSlotMetricsTracker,
         mut processing_function: F,
+        blacklisted_accounts: &HashSet<Pubkey>,
     ) -> bool
     where
         F: FnMut(
@@ -507,7 +627,13 @@ impl VoteStorage {
 
         let should_process_packet =
             |packet: &Arc<ImmutableDeserializedPacket>, payload: &mut ConsumeScannerPayload| {
-                consume_scan_should_process_packet(&bank, banking_stage_stats, packet, payload)
+                consume_scan_should_process_packet(
+                    &bank,
+                    banking_stage_stats,
+                    packet,
+                    payload,
+                    blacklisted_accounts,
+                )
             };
 
         // Based on the stake distribution present in the supplied bank, drain the unprocessed votes
@@ -611,6 +737,7 @@ impl ThreadLocalUnprocessedPackets {
             ThreadType::Transactions => ForwardOption::ForwardTransaction,
             ThreadType::Voting(VoteSource::Tpu) => ForwardOption::ForwardTpuVote,
             ThreadType::Voting(VoteSource::Gossip) => ForwardOption::NotForward,
+            ThreadType::Bundles => ForwardOption::NotForward,
         }
     }
 
@@ -924,6 +1051,7 @@ impl ThreadLocalUnprocessedPackets {
         banking_stage_stats: &BankingStageStats,
         slot_metrics_tracker: &mut LeaderSlotMetricsTracker,
         mut processing_function: F,
+        blacklisted_accounts: &HashSet<Pubkey>,
     ) -> bool
     where
         F: FnMut(
@@ -938,7 +1066,13 @@ impl ThreadLocalUnprocessedPackets {
 
         let should_process_packet =
             |packet: &Arc<ImmutableDeserializedPacket>, payload: &mut ConsumeScannerPayload| {
-                consume_scan_should_process_packet(bank, banking_stage_stats, packet, payload)
+                consume_scan_should_process_packet(
+                    bank,
+                    banking_stage_stats,
+                    packet,
+                    payload,
+                    blacklisted_accounts,
+                )
             };
         let mut scanner = create_consume_multi_iterator(
             &all_packets_to_process,
@@ -1015,6 +1149,333 @@ impl ThreadLocalUnprocessedPackets {
     }
 }
 
+pub struct InsertPacketBundlesSummary {
+    pub insert_packets_summary: InsertPacketBatchSummary,
+    pub num_bundles_inserted: usize,
+    pub num_packets_inserted: usize,
+    pub num_bundles_dropped: usize,
+}
+
+/// Bundle storage has two deques: one for unprocessed bundles and another for ones that exceeded
+/// the cost model and need to get retried next slot.
+#[derive(Debug)]
+pub struct BundleStorage {
+    last_update_slot: Slot,
+    unprocessed_bundle_storage: VecDeque<ImmutableDeserializedBundle>,
+    // Storage for bundles that exceeded the cost model for the slot they were last attempted
+    // execution on
+    cost_model_buffered_bundle_storage: VecDeque<ImmutableDeserializedBundle>,
+}
+
+impl BundleStorage {
+    pub const BUNDLE_STORAGE_CAPACITY: usize = 1000;
+    fn is_empty(&self) -> bool {
+        self.unprocessed_bundle_storage.is_empty()
+    }
+
+    pub fn unprocessed_bundles_len(&self) -> usize {
+        self.unprocessed_bundle_storage.len()
+    }
+
+    pub fn unprocessed_packets_len(&self) -> usize {
+        self.unprocessed_bundle_storage
+            .iter()
+            .map(|b| b.len())
+            .sum::<usize>()
+    }
+
+    pub(crate) fn cost_model_buffered_bundles_len(&self) -> usize {
+        self.cost_model_buffered_bundle_storage.len()
+    }
+
+    pub(crate) fn cost_model_buffered_packets_len(&self) -> usize {
+        self.cost_model_buffered_bundle_storage
+            .iter()
+            .map(|b| b.len())
+            .sum()
+    }
+
+    pub(crate) fn max_receive_size(&self) -> usize {
+        self.unprocessed_bundle_storage.capacity() - self.unprocessed_bundle_storage.len()
+    }
+
+    fn forward_option(&self) -> ForwardOption {
+        ForwardOption::NotForward
+    }
+
+    /// Returns the number of unprocessed bundles + cost model buffered cleared
+    pub fn reset(&mut self) -> (usize, usize) {
+        let num_unprocessed_bundles = self.unprocessed_bundle_storage.len();
+        let num_cost_model_buffered_bundles = self.cost_model_buffered_bundle_storage.len();
+        self.unprocessed_bundle_storage.clear();
+        self.cost_model_buffered_bundle_storage.clear();
+        (num_unprocessed_bundles, num_cost_model_buffered_bundles)
+    }
+
+    fn insert_bundles(
+        deque: &mut VecDeque<ImmutableDeserializedBundle>,
+        deserialized_bundles: Vec<ImmutableDeserializedBundle>,
+        push_back: bool,
+    ) -> InsertPacketBundlesSummary {
+        // deque should be initialized with size [Self::BUNDLE_STORAGE_CAPACITY]
+        let deque_free_space = Self::BUNDLE_STORAGE_CAPACITY
+            .checked_sub(deque.len())
+            .unwrap();
+        let bundles_to_insert_count = std::cmp::min(deque_free_space, deserialized_bundles.len());
+        let num_bundles_dropped = deserialized_bundles
+            .len()
+            .checked_sub(bundles_to_insert_count)
+            .unwrap();
+        let num_packets_inserted = deserialized_bundles
+            .iter()
+            .take(bundles_to_insert_count)
+            .map(|b| b.len())
+            .sum::<usize>();
+        let num_packets_dropped = deserialized_bundles
+            .iter()
+            .skip(bundles_to_insert_count)
+            .map(|b| b.len())
+            .sum::<usize>();
+
+        let to_insert = deserialized_bundles
+            .into_iter()
+            .take(bundles_to_insert_count);
+        if push_back {
+            deque.extend(to_insert)
+        } else {
+            to_insert.for_each(|b| deque.push_front(b));
+        }
+
+        InsertPacketBundlesSummary {
+            insert_packets_summary: PacketBatchInsertionMetrics {
+                num_dropped_packets: num_packets_dropped,
+                num_dropped_tracer_packets: 0,
+            }
+            .into(),
+            num_bundles_inserted: bundles_to_insert_count,
+            num_packets_inserted,
+            num_bundles_dropped,
+        }
+    }
+
+    fn push_front_unprocessed_bundles(
+        &mut self,
+        deserialized_bundles: Vec<ImmutableDeserializedBundle>,
+    ) -> InsertPacketBundlesSummary {
+        Self::insert_bundles(
+            &mut self.unprocessed_bundle_storage,
+            deserialized_bundles,
+            false,
+        )
+    }
+
+    fn push_back_cost_model_buffered_bundles(
+        &mut self,
+        deserialized_bundles: Vec<ImmutableDeserializedBundle>,
+    ) -> InsertPacketBundlesSummary {
+        Self::insert_bundles(
+            &mut self.cost_model_buffered_bundle_storage,
+            deserialized_bundles,
+            true,
+        )
+    }
+
+    fn insert_unprocessed_bundles(
+        &mut self,
+        deserialized_bundles: Vec<ImmutableDeserializedBundle>,
+        push_back: bool,
+    ) -> InsertPacketBundlesSummary {
+        Self::insert_bundles(
+            &mut self.unprocessed_bundle_storage,
+            deserialized_bundles,
+            push_back,
+        )
+    }
+
+    /// Drains bundles from the queue, sanitizes them to prepare for execution, executes them by
+    /// calling `processing_function`, then potentially rebuffer them.
+    pub fn process_bundles<F>(
+        &mut self,
+        bank: Arc<Bank>,
+        bundle_stage_leader_metrics: &mut BundleStageLeaderMetrics,
+        blacklisted_accounts: &HashSet<Pubkey>,
+        mut processing_function: F,
+    ) -> bool
+    where
+        F: FnMut(
+            &[(ImmutableDeserializedBundle, SanitizedBundle)],
+            &mut BundleStageLeaderMetrics,
+        ) -> Vec<Result<(), BundleExecutionError>>,
+    {
+        let sanitized_bundles = self.drain_and_sanitize_bundles(
+            bank,
+            bundle_stage_leader_metrics,
+            blacklisted_accounts,
+        );
+
+        debug!("processing {} bundles", sanitized_bundles.len());
+        let bundle_execution_results =
+            processing_function(&sanitized_bundles, bundle_stage_leader_metrics);
+
+        let mut is_slot_over = false;
+
+        let mut rebuffered_bundles = Vec::new();
+
+        sanitized_bundles
+            .into_iter()
+            .zip(bundle_execution_results)
+            .for_each(
+                |((deserialized_bundle, sanitized_bundle), result)| match result {
+                    Ok(_) => {
+                        debug!("bundle={} executed ok", sanitized_bundle.bundle_id);
+                        // yippee
+                    }
+                    Err(BundleExecutionError::PohRecordError(e)) => {
+                        // buffer the bundle to the front of the queue to be attempted next slot
+                        debug!(
+                            "bundle={} poh record error: {e:?}",
+                            sanitized_bundle.bundle_id
+                        );
+                        rebuffered_bundles.push(deserialized_bundle);
+                        is_slot_over = true;
+                    }
+                    Err(BundleExecutionError::BankProcessingTimeLimitReached) => {
+                        // buffer the bundle to the front of the queue to be attempted next slot
+                        debug!("bundle={} bank processing done", sanitized_bundle.bundle_id);
+                        rebuffered_bundles.push(deserialized_bundle);
+                        is_slot_over = true;
+                    }
+                    Err(BundleExecutionError::ExceedsCostModel) => {
+                        // cost model buffered bundles contain most recent bundles at the front of the queue
+                        debug!(
+                            "bundle={} exceeds cost model, rebuffering",
+                            sanitized_bundle.bundle_id
+                        );
+                        self.push_back_cost_model_buffered_bundles(vec![deserialized_bundle]);
+                    }
+                    Err(BundleExecutionError::TransactionFailure(
+                        LoadAndExecuteBundleError::ProcessingTimeExceeded(_),
+                    )) => {
+                        // these are treated the same as exceeds cost model and are rebuferred to be completed
+                        // at the beginning of the next slot
+                        debug!(
+                            "bundle={} processing time exceeded, rebuffering",
+                            sanitized_bundle.bundle_id
+                        );
+                        self.push_back_cost_model_buffered_bundles(vec![deserialized_bundle]);
+                    }
+                    Err(BundleExecutionError::TransactionFailure(e)) => {
+                        debug!(
+                            "bundle={} execution error: {:?}",
+                            sanitized_bundle.bundle_id, e
+                        );
+                        // do nothing
+                    }
+                    Err(BundleExecutionError::TipError(e)) => {
+                        debug!("bundle={} tip error: {}", sanitized_bundle.bundle_id, e);
+                        // Tip errors are _typically_ due to misconfiguration (except for poh record error, bank processing error, exceeds cost model)
+                        // in order to prevent buffering too many bundles, we'll just drop the bundle
+                    }
+                    Err(BundleExecutionError::LockError) => {
+                        // lock errors are irrecoverable due to malformed transactions
+                        debug!("bundle={} lock error", sanitized_bundle.bundle_id);
+                    }
+                },
+            );
+
+        // rebuffered bundles are pushed onto deque in reverse order so the first bundle is at the front
+        for bundle in rebuffered_bundles.into_iter().rev() {
+            self.push_front_unprocessed_bundles(vec![bundle]);
+        }
+
+        is_slot_over
+    }
+
+    /// Drains the unprocessed_bundle_storage, converting bundle packets into SanitizedBundles
+    fn drain_and_sanitize_bundles(
+        &mut self,
+        bank: Arc<Bank>,
+        bundle_stage_leader_metrics: &mut BundleStageLeaderMetrics,
+        blacklisted_accounts: &HashSet<Pubkey>,
+    ) -> Vec<(ImmutableDeserializedBundle, SanitizedBundle)> {
+        let mut error_metrics = TransactionErrorMetrics::default();
+
+        let start = Instant::now();
+
+        let mut sanitized_bundles = Vec::new();
+
+        // on new slot, drain anything that was buffered from last slot
+        if bank.slot() != self.last_update_slot {
+            sanitized_bundles.extend(
+                self.cost_model_buffered_bundle_storage
+                    .drain(..)
+                    .filter_map(|packet_bundle| {
+                        let r = packet_bundle.build_sanitized_bundle(
+                            &bank,
+                            blacklisted_accounts,
+                            &mut error_metrics,
+                        );
+                        bundle_stage_leader_metrics
+                            .bundle_stage_metrics_tracker()
+                            .increment_sanitize_transaction_result(&r);
+
+                        match r {
+                            Ok(sanitized_bundle) => Some((packet_bundle, sanitized_bundle)),
+                            Err(e) => {
+                                debug!(
+                                    "bundle id: {} error sanitizing: {}",
+                                    packet_bundle.bundle_id(),
+                                    e
+                                );
+                                None
+                            }
+                        }
+                    }),
+            );
+
+            self.last_update_slot = bank.slot();
+        }
+
+        sanitized_bundles.extend(self.unprocessed_bundle_storage.drain(..).filter_map(
+            |packet_bundle| {
+                let r = packet_bundle.build_sanitized_bundle(
+                    &bank,
+                    blacklisted_accounts,
+                    &mut error_metrics,
+                );
+                bundle_stage_leader_metrics
+                    .bundle_stage_metrics_tracker()
+                    .increment_sanitize_transaction_result(&r);
+                match r {
+                    Ok(sanitized_bundle) => Some((packet_bundle, sanitized_bundle)),
+                    Err(e) => {
+                        debug!(
+                            "bundle id: {} error sanitizing: {}",
+                            packet_bundle.bundle_id(),
+                            e
+                        );
+                        None
+                    }
+                }
+            },
+        ));
+
+        let elapsed = start.elapsed().as_micros();
+        bundle_stage_leader_metrics
+            .bundle_stage_metrics_tracker()
+            .increment_sanitize_bundle_elapsed_us(elapsed as u64);
+        bundle_stage_leader_metrics
+            .leader_slot_metrics_tracker()
+            .increment_transactions_from_packets_us(elapsed as u64);
+
+        bundle_stage_leader_metrics
+            .leader_slot_metrics_tracker()
+            .accumulate_transaction_errors(&error_metrics);
+
+        sanitized_bundles
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use {
diff --git a/core/src/banking_trace.rs b/core/src/banking_trace.rs
index 6e0797c8c3..1ad6e4a933 100644
--- a/core/src/banking_trace.rs
+++ b/core/src/banking_trace.rs
@@ -321,6 +321,7 @@ impl BankingTracer {
     }
 }
 
+#[derive(Clone)]
 pub struct TracedSender {
     label: ChannelLabel,
     sender: Sender<BankingPacketBatch>,
diff --git a/core/src/bundle_stage.rs b/core/src/bundle_stage.rs
new file mode 100644
index 0000000000..a5bb2ec515
--- /dev/null
+++ b/core/src/bundle_stage.rs
@@ -0,0 +1,434 @@
+//! The `bundle_stage` processes bundles, which are list of transactions to be executed
+//! sequentially and atomically.
+use {
+    crate::{
+        banking_stage::{
+            decision_maker::{BufferedPacketsDecision, DecisionMaker},
+            qos_service::QosService,
+            unprocessed_transaction_storage::UnprocessedTransactionStorage,
+        },
+        bundle_stage::{
+            bundle_account_locker::BundleAccountLocker, bundle_consumer::BundleConsumer,
+            bundle_packet_receiver::BundleReceiver,
+            bundle_reserved_space_manager::BundleReservedSpaceManager,
+            bundle_stage_leader_metrics::BundleStageLeaderMetrics, committer::Committer,
+        },
+        packet_bundle::PacketBundle,
+        proxy::block_engine_stage::BlockBuilderFeeInfo,
+        tip_manager::TipManager,
+    },
+    crossbeam_channel::{Receiver, RecvTimeoutError},
+    solana_cost_model::block_cost_limits::MAX_BLOCK_UNITS,
+    solana_gossip::cluster_info::ClusterInfo,
+    solana_ledger::blockstore_processor::TransactionStatusSender,
+    solana_measure::measure,
+    solana_poh::poh_recorder::PohRecorder,
+    solana_runtime::{
+        bank_forks::BankForks, prioritization_fee_cache::PrioritizationFeeCache,
+        vote_sender_types::ReplayVoteSender,
+    },
+    solana_sdk::timing::AtomicInterval,
+    std::{
+        sync::{
+            atomic::{AtomicBool, AtomicU64, Ordering},
+            Arc, Mutex, RwLock,
+        },
+        thread::{self, Builder, JoinHandle},
+        time::{Duration, Instant},
+    },
+};
+
+pub mod bundle_account_locker;
+mod bundle_consumer;
+mod bundle_packet_deserializer;
+mod bundle_packet_receiver;
+mod bundle_reserved_space_manager;
+pub(crate) mod bundle_stage_leader_metrics;
+mod committer;
+
+const MAX_BUNDLE_RETRY_DURATION: Duration = Duration::from_millis(40);
+const SLOT_BOUNDARY_CHECK_PERIOD: Duration = Duration::from_millis(10);
+
+// Stats emitted periodically
+#[derive(Default)]
+pub struct BundleStageLoopMetrics {
+    last_report: AtomicInterval,
+    id: u32,
+
+    // total received
+    num_bundles_received: AtomicU64,
+    num_packets_received: AtomicU64,
+
+    // newly buffered
+    newly_buffered_bundles_count: AtomicU64,
+
+    // currently buffered
+    current_buffered_bundles_count: AtomicU64,
+    current_buffered_packets_count: AtomicU64,
+
+    // buffered due to cost model
+    cost_model_buffered_bundles_count: AtomicU64,
+    cost_model_buffered_packets_count: AtomicU64,
+
+    // number of bundles dropped during insertion
+    num_bundles_dropped: AtomicU64,
+
+    // timings
+    receive_and_buffer_bundles_elapsed_us: AtomicU64,
+    process_buffered_bundles_elapsed_us: AtomicU64,
+}
+
+impl BundleStageLoopMetrics {
+    fn new(id: u32) -> Self {
+        BundleStageLoopMetrics {
+            id,
+            ..BundleStageLoopMetrics::default()
+        }
+    }
+
+    pub fn increment_num_bundles_received(&mut self, count: u64) {
+        self.num_bundles_received
+            .fetch_add(count, Ordering::Relaxed);
+    }
+
+    pub fn increment_num_packets_received(&mut self, count: u64) {
+        self.num_packets_received
+            .fetch_add(count, Ordering::Relaxed);
+    }
+
+    pub fn increment_newly_buffered_bundles_count(&mut self, count: u64) {
+        self.newly_buffered_bundles_count
+            .fetch_add(count, Ordering::Relaxed);
+    }
+
+    pub fn increment_current_buffered_bundles_count(&mut self, count: u64) {
+        self.current_buffered_bundles_count
+            .fetch_add(count, Ordering::Relaxed);
+    }
+
+    pub fn increment_current_buffered_packets_count(&mut self, count: u64) {
+        self.current_buffered_packets_count
+            .fetch_add(count, Ordering::Relaxed);
+    }
+
+    pub fn increment_cost_model_buffered_bundles_count(&mut self, count: u64) {
+        self.cost_model_buffered_bundles_count
+            .fetch_add(count, Ordering::Relaxed);
+    }
+
+    pub fn increment_cost_model_buffered_packets_count(&mut self, count: u64) {
+        self.cost_model_buffered_packets_count
+            .fetch_add(count, Ordering::Relaxed);
+    }
+
+    pub fn increment_num_bundles_dropped(&mut self, count: u64) {
+        self.num_bundles_dropped.fetch_add(count, Ordering::Relaxed);
+    }
+
+    pub fn increment_receive_and_buffer_bundles_elapsed_us(&mut self, count: u64) {
+        self.receive_and_buffer_bundles_elapsed_us
+            .fetch_add(count, Ordering::Relaxed);
+    }
+
+    pub fn increment_process_buffered_bundles_elapsed_us(&mut self, count: u64) {
+        self.process_buffered_bundles_elapsed_us
+            .fetch_add(count, Ordering::Relaxed);
+    }
+}
+
+impl BundleStageLoopMetrics {
+    fn maybe_report(&mut self, report_interval_ms: u64) {
+        if self.last_report.should_update(report_interval_ms) {
+            datapoint_info!(
+                "bundle_stage-loop_stats",
+                ("id", self.id, i64),
+                (
+                    "num_bundles_received",
+                    self.num_bundles_received.swap(0, Ordering::Acquire) as i64,
+                    i64
+                ),
+                (
+                    "num_packets_received",
+                    self.num_packets_received.swap(0, Ordering::Acquire) as i64,
+                    i64
+                ),
+                (
+                    "newly_buffered_bundles_count",
+                    self.newly_buffered_bundles_count.swap(0, Ordering::Acquire) as i64,
+                    i64
+                ),
+                (
+                    "current_buffered_bundles_count",
+                    self.current_buffered_bundles_count
+                        .swap(0, Ordering::Acquire) as i64,
+                    i64
+                ),
+                (
+                    "current_buffered_packets_count",
+                    self.current_buffered_packets_count
+                        .swap(0, Ordering::Acquire) as i64,
+                    i64
+                ),
+                (
+                    "num_bundles_dropped",
+                    self.num_bundles_dropped.swap(0, Ordering::Acquire) as i64,
+                    i64
+                ),
+                (
+                    "receive_and_buffer_bundles_elapsed_us",
+                    self.receive_and_buffer_bundles_elapsed_us
+                        .swap(0, Ordering::Acquire) as i64,
+                    i64
+                ),
+                (
+                    "process_buffered_bundles_elapsed_us",
+                    self.process_buffered_bundles_elapsed_us
+                        .swap(0, Ordering::Acquire) as i64,
+                    i64
+                ),
+            );
+        }
+    }
+}
+
+pub struct BundleStage {
+    bundle_thread: JoinHandle<()>,
+}
+
+impl BundleStage {
+    #[allow(clippy::new_ret_no_self)]
+    #[allow(clippy::too_many_arguments)]
+    pub fn new(
+        cluster_info: &Arc<ClusterInfo>,
+        poh_recorder: &Arc<RwLock<PohRecorder>>,
+        bundle_receiver: Receiver<Vec<PacketBundle>>,
+        transaction_status_sender: Option<TransactionStatusSender>,
+        replay_vote_sender: ReplayVoteSender,
+        log_messages_bytes_limit: Option<usize>,
+        exit: Arc<AtomicBool>,
+        tip_manager: TipManager,
+        bundle_account_locker: BundleAccountLocker,
+        block_builder_fee_info: &Arc<Mutex<BlockBuilderFeeInfo>>,
+        preallocated_bundle_cost: u64,
+        bank_forks: Arc<RwLock<BankForks>>,
+        prioritization_fee_cache: &Arc<PrioritizationFeeCache>,
+    ) -> Self {
+        Self::start_bundle_thread(
+            cluster_info,
+            poh_recorder,
+            bundle_receiver,
+            transaction_status_sender,
+            replay_vote_sender,
+            log_messages_bytes_limit,
+            exit,
+            tip_manager,
+            bundle_account_locker,
+            MAX_BUNDLE_RETRY_DURATION,
+            block_builder_fee_info,
+            preallocated_bundle_cost,
+            bank_forks,
+            prioritization_fee_cache,
+        )
+    }
+
+    pub fn join(self) -> thread::Result<()> {
+        self.bundle_thread.join()
+    }
+
+    #[allow(clippy::too_many_arguments)]
+    fn start_bundle_thread(
+        cluster_info: &Arc<ClusterInfo>,
+        poh_recorder: &Arc<RwLock<PohRecorder>>,
+        bundle_receiver: Receiver<Vec<PacketBundle>>,
+        transaction_status_sender: Option<TransactionStatusSender>,
+        replay_vote_sender: ReplayVoteSender,
+        log_message_bytes_limit: Option<usize>,
+        exit: Arc<AtomicBool>,
+        tip_manager: TipManager,
+        bundle_account_locker: BundleAccountLocker,
+        max_bundle_retry_duration: Duration,
+        block_builder_fee_info: &Arc<Mutex<BlockBuilderFeeInfo>>,
+        preallocated_bundle_cost: u64,
+        bank_forks: Arc<RwLock<BankForks>>,
+        prioritization_fee_cache: &Arc<PrioritizationFeeCache>,
+    ) -> Self {
+        const BUNDLE_STAGE_ID: u32 = 10_000;
+        let poh_recorder = poh_recorder.clone();
+        let cluster_info = cluster_info.clone();
+
+        let mut bundle_receiver =
+            BundleReceiver::new(BUNDLE_STAGE_ID, bundle_receiver, bank_forks, Some(5));
+
+        let committer = Committer::new(
+            transaction_status_sender,
+            replay_vote_sender,
+            prioritization_fee_cache.clone(),
+        );
+        let decision_maker = DecisionMaker::new(cluster_info.id(), poh_recorder.clone());
+
+        let unprocessed_bundle_storage = UnprocessedTransactionStorage::new_bundle_storage();
+
+        let reserved_ticks = poh_recorder
+            .read()
+            .unwrap()
+            .ticks_per_slot()
+            .saturating_mul(8)
+            .saturating_div(10);
+
+        // The first 80% of the block, based on poh ticks, has `preallocated_bundle_cost` less compute units.
+        // The last 20% has has full compute so blockspace is maximized if BundleStage is idle.
+        let reserved_space = BundleReservedSpaceManager::new(
+            MAX_BLOCK_UNITS,
+            preallocated_bundle_cost,
+            reserved_ticks,
+        );
+
+        let consumer = BundleConsumer::new(
+            committer,
+            poh_recorder.read().unwrap().new_recorder(),
+            QosService::new(BUNDLE_STAGE_ID),
+            log_message_bytes_limit,
+            tip_manager,
+            bundle_account_locker,
+            block_builder_fee_info.clone(),
+            max_bundle_retry_duration,
+            cluster_info,
+            reserved_space,
+        );
+
+        let bundle_thread = Builder::new()
+            .name("solBundleStgTx".to_string())
+            .spawn(move || {
+                Self::process_loop(
+                    &mut bundle_receiver,
+                    decision_maker,
+                    consumer,
+                    BUNDLE_STAGE_ID,
+                    unprocessed_bundle_storage,
+                    exit,
+                );
+            })
+            .unwrap();
+
+        Self { bundle_thread }
+    }
+
+    #[allow(clippy::too_many_arguments)]
+    fn process_loop(
+        bundle_receiver: &mut BundleReceiver,
+        decision_maker: DecisionMaker,
+        mut consumer: BundleConsumer,
+        id: u32,
+        mut unprocessed_bundle_storage: UnprocessedTransactionStorage,
+        exit: Arc<AtomicBool>,
+    ) {
+        let mut last_metrics_update = Instant::now();
+
+        let mut bundle_stage_metrics = BundleStageLoopMetrics::new(id);
+        let mut bundle_stage_leader_metrics = BundleStageLeaderMetrics::new(id);
+
+        while !exit.load(Ordering::Relaxed) {
+            if !unprocessed_bundle_storage.is_empty()
+                || last_metrics_update.elapsed() >= SLOT_BOUNDARY_CHECK_PERIOD
+            {
+                let (_, process_buffered_packets_time) = measure!(
+                    Self::process_buffered_bundles(
+                        &decision_maker,
+                        &mut consumer,
+                        &mut unprocessed_bundle_storage,
+                        &mut bundle_stage_leader_metrics,
+                    ),
+                    "process_buffered_packets",
+                );
+                bundle_stage_leader_metrics
+                    .leader_slot_metrics_tracker()
+                    .increment_process_buffered_packets_us(process_buffered_packets_time.as_us());
+                last_metrics_update = Instant::now();
+            }
+
+            match bundle_receiver.receive_and_buffer_bundles(
+                &mut unprocessed_bundle_storage,
+                &mut bundle_stage_metrics,
+                &mut bundle_stage_leader_metrics,
+            ) {
+                Ok(_) | Err(RecvTimeoutError::Timeout) => (),
+                Err(RecvTimeoutError::Disconnected) => break,
+            }
+
+            let bundle_storage = unprocessed_bundle_storage.bundle_storage().unwrap();
+            bundle_stage_metrics.increment_current_buffered_bundles_count(
+                bundle_storage.unprocessed_bundles_len() as u64,
+            );
+            bundle_stage_metrics.increment_current_buffered_packets_count(
+                bundle_storage.unprocessed_packets_len() as u64,
+            );
+            bundle_stage_metrics.increment_cost_model_buffered_bundles_count(
+                bundle_storage.cost_model_buffered_bundles_len() as u64,
+            );
+            bundle_stage_metrics.increment_cost_model_buffered_packets_count(
+                bundle_storage.cost_model_buffered_packets_len() as u64,
+            );
+            bundle_stage_metrics.maybe_report(1_000);
+        }
+    }
+
+    #[allow(clippy::too_many_arguments)]
+    fn process_buffered_bundles(
+        decision_maker: &DecisionMaker,
+        consumer: &mut BundleConsumer,
+        unprocessed_bundle_storage: &mut UnprocessedTransactionStorage,
+        bundle_stage_leader_metrics: &mut BundleStageLeaderMetrics,
+    ) {
+        let (decision, make_decision_time) =
+            measure!(decision_maker.make_consume_or_forward_decision());
+
+        let (metrics_action, banking_stage_metrics_action) = bundle_stage_leader_metrics
+            .check_leader_slot_boundary(decision.bank_start(), Some(unprocessed_bundle_storage));
+        bundle_stage_leader_metrics
+            .leader_slot_metrics_tracker()
+            .increment_make_decision_us(make_decision_time.as_us());
+
+        match decision {
+            // BufferedPacketsDecision::Consume means this leader is scheduled to be running at the moment.
+            // Execute, record, and commit as many bundles possible given time, compute, and other constraints.
+            BufferedPacketsDecision::Consume(bank_start) => {
+                // Take metrics action before consume packets (potentially resetting the
+                // slot metrics tracker to the next slot) so that we don't count the
+                // packet processing metrics from the next slot towards the metrics
+                // of the previous slot
+                bundle_stage_leader_metrics
+                    .apply_action(metrics_action, banking_stage_metrics_action);
+
+                let (_, consume_buffered_packets_time) = measure!(
+                    consumer.consume_buffered_bundles(
+                        &bank_start,
+                        unprocessed_bundle_storage,
+                        bundle_stage_leader_metrics,
+                    ),
+                    "consume_buffered_bundles",
+                );
+                bundle_stage_leader_metrics
+                    .leader_slot_metrics_tracker()
+                    .increment_consume_buffered_packets_us(consume_buffered_packets_time.as_us());
+            }
+            // BufferedPacketsDecision::Forward means the leader is slot is far away.
+            // Bundles aren't forwarded because it breaks atomicity guarantees, so just drop them.
+            BufferedPacketsDecision::Forward => {
+                let (_num_bundles_cleared, _num_cost_model_buffered_bundles) =
+                    unprocessed_bundle_storage.bundle_storage().unwrap().reset();
+
+                // TODO (LB): add metrics here for how many bundles were cleared
+
+                bundle_stage_leader_metrics
+                    .apply_action(metrics_action, banking_stage_metrics_action);
+            }
+            // BufferedPacketsDecision::ForwardAndHold | BufferedPacketsDecision::Hold means the validator
+            // is approaching the leader slot, hold bundles. Also, bundles aren't forwarded because it breaks
+            // atomicity guarantees
+            BufferedPacketsDecision::ForwardAndHold | BufferedPacketsDecision::Hold => {
+                bundle_stage_leader_metrics
+                    .apply_action(metrics_action, banking_stage_metrics_action);
+            }
+        }
+    }
+}
diff --git a/core/src/bundle_stage/bundle_account_locker.rs b/core/src/bundle_stage/bundle_account_locker.rs
new file mode 100644
index 0000000000..82070e3d3a
--- /dev/null
+++ b/core/src/bundle_stage/bundle_account_locker.rs
@@ -0,0 +1,326 @@
+//! Handles pre-locking bundle accounts so that accounts bundles touch can be reserved ahead
+// of time for execution. Also, ensures that ALL accounts mentioned across a bundle are locked
+// to avoid race conditions between BundleStage and BankingStage.
+//
+// For instance, imagine a bundle with three transactions and the set of accounts for each transaction
+// is: {{A, B}, {B, C}, {C, D}}. We need to lock A, B, and C even though only one is executed at a time.
+// Imagine BundleStage is in the middle of processing {C, D} and we didn't have a lock on accounts {A, B, C}.
+// In this situation, there's a chance that BankingStage can process a transaction containing A or B
+// and commit the results before the bundle completes. By the time the bundle commits the new account
+// state for {A, B, C}, A and B would be incorrect and the entries containing the bundle would be
+// replayed improperly and that leader would have produced an invalid block.
+use {
+    solana_runtime::bank::Bank,
+    solana_sdk::{bundle::SanitizedBundle, pubkey::Pubkey, transaction::TransactionAccountLocks},
+    std::{
+        collections::{hash_map::Entry, HashMap, HashSet},
+        sync::{Arc, Mutex, MutexGuard},
+    },
+    thiserror::Error,
+};
+
+#[derive(Clone, Error, Debug)]
+pub enum BundleAccountLockerError {
+    #[error("locking error")]
+    LockingError,
+}
+
+pub type BundleAccountLockerResult<T> = Result<T, BundleAccountLockerError>;
+
+pub struct LockedBundle<'a, 'b> {
+    bundle_account_locker: &'a BundleAccountLocker,
+    sanitized_bundle: &'b SanitizedBundle,
+    bank: Arc<Bank>,
+}
+
+impl<'a, 'b> LockedBundle<'a, 'b> {
+    pub fn new(
+        bundle_account_locker: &'a BundleAccountLocker,
+        sanitized_bundle: &'b SanitizedBundle,
+        bank: &Arc<Bank>,
+    ) -> Self {
+        Self {
+            bundle_account_locker,
+            sanitized_bundle,
+            bank: bank.clone(),
+        }
+    }
+
+    pub fn sanitized_bundle(&self) -> &SanitizedBundle {
+        self.sanitized_bundle
+    }
+}
+
+// Automatically unlock bundle accounts when destructed
+impl<'a, 'b> Drop for LockedBundle<'a, 'b> {
+    fn drop(&mut self) {
+        let _ = self
+            .bundle_account_locker
+            .unlock_bundle_accounts(self.sanitized_bundle, &self.bank);
+    }
+}
+
+#[derive(Default, Clone)]
+pub struct BundleAccountLocks {
+    read_locks: HashMap<Pubkey, u64>,
+    write_locks: HashMap<Pubkey, u64>,
+}
+
+impl BundleAccountLocks {
+    pub fn read_locks(&self) -> HashSet<Pubkey> {
+        self.read_locks.keys().cloned().collect()
+    }
+
+    pub fn write_locks(&self) -> HashSet<Pubkey> {
+        self.write_locks.keys().cloned().collect()
+    }
+
+    pub fn lock_accounts(
+        &mut self,
+        read_locks: HashMap<Pubkey, u64>,
+        write_locks: HashMap<Pubkey, u64>,
+    ) {
+        for (acc, count) in read_locks {
+            *self.read_locks.entry(acc).or_insert(0) += count;
+        }
+        for (acc, count) in write_locks {
+            *self.write_locks.entry(acc).or_insert(0) += count;
+        }
+    }
+
+    pub fn unlock_accounts(
+        &mut self,
+        read_locks: HashMap<Pubkey, u64>,
+        write_locks: HashMap<Pubkey, u64>,
+    ) {
+        for (acc, count) in read_locks {
+            if let Entry::Occupied(mut entry) = self.read_locks.entry(acc) {
+                let val = entry.get_mut();
+                *val = val.saturating_sub(count);
+                if entry.get() == &0 {
+                    let _ = entry.remove();
+                }
+            } else {
+                warn!("error unlocking read-locked account, account: {:?}", acc);
+            }
+        }
+        for (acc, count) in write_locks {
+            if let Entry::Occupied(mut entry) = self.write_locks.entry(acc) {
+                let val = entry.get_mut();
+                *val = val.saturating_sub(count);
+                if entry.get() == &0 {
+                    let _ = entry.remove();
+                }
+            } else {
+                warn!("error unlocking write-locked account, account: {:?}", acc);
+            }
+        }
+    }
+}
+
+#[derive(Clone, Default)]
+pub struct BundleAccountLocker {
+    account_locks: Arc<Mutex<BundleAccountLocks>>,
+}
+
+impl BundleAccountLocker {
+    /// used in BankingStage during TransactionBatch construction to ensure that BankingStage
+    /// doesn't lock anything currently locked in the BundleAccountLocker
+    pub fn read_locks(&self) -> HashSet<Pubkey> {
+        self.account_locks.lock().unwrap().read_locks()
+    }
+
+    /// used in BankingStage during TransactionBatch construction to ensure that BankingStage
+    /// doesn't lock anything currently locked in the BundleAccountLocker
+    pub fn write_locks(&self) -> HashSet<Pubkey> {
+        self.account_locks.lock().unwrap().write_locks()
+    }
+
+    /// used in BankingStage during TransactionBatch construction to ensure that BankingStage
+    /// doesn't lock anything currently locked in the BundleAccountLocker
+    pub fn account_locks(&self) -> MutexGuard<BundleAccountLocks> {
+        self.account_locks.lock().unwrap()
+    }
+
+    /// Prepares a locked bundle and returns a LockedBundle containing locked accounts.
+    /// When a LockedBundle is dropped, the accounts are automatically unlocked
+    pub fn prepare_locked_bundle<'a, 'b>(
+        &'a self,
+        sanitized_bundle: &'b SanitizedBundle,
+        bank: &Arc<Bank>,
+    ) -> BundleAccountLockerResult<LockedBundle<'a, 'b>> {
+        let (read_locks, write_locks) = Self::get_read_write_locks(sanitized_bundle, bank)?;
+
+        self.account_locks
+            .lock()
+            .unwrap()
+            .lock_accounts(read_locks, write_locks);
+        Ok(LockedBundle::new(self, sanitized_bundle, bank))
+    }
+
+    /// Unlocks bundle accounts. Note that LockedBundle::drop will auto-drop the bundle account locks
+    fn unlock_bundle_accounts(
+        &self,
+        sanitized_bundle: &SanitizedBundle,
+        bank: &Bank,
+    ) -> BundleAccountLockerResult<()> {
+        let (read_locks, write_locks) = Self::get_read_write_locks(sanitized_bundle, bank)?;
+
+        self.account_locks
+            .lock()
+            .unwrap()
+            .unlock_accounts(read_locks, write_locks);
+        Ok(())
+    }
+
+    /// Returns the read and write locks for this bundle
+    /// Each lock type contains a HashMap which maps Pubkey to number of locks held
+    fn get_read_write_locks(
+        bundle: &SanitizedBundle,
+        bank: &Bank,
+    ) -> BundleAccountLockerResult<(HashMap<Pubkey, u64>, HashMap<Pubkey, u64>)> {
+        let transaction_locks: Vec<TransactionAccountLocks> = bundle
+            .transactions
+            .iter()
+            .filter_map(|tx| {
+                tx.get_account_locks(bank.get_transaction_account_lock_limit())
+                    .ok()
+            })
+            .collect();
+
+        if transaction_locks.len() != bundle.transactions.len() {
+            return Err(BundleAccountLockerError::LockingError);
+        }
+
+        let bundle_read_locks = transaction_locks
+            .iter()
+            .flat_map(|tx| tx.readonly.iter().map(|a| **a));
+        let bundle_read_locks =
+            bundle_read_locks
+                .into_iter()
+                .fold(HashMap::new(), |mut map, acc| {
+                    *map.entry(acc).or_insert(0) += 1;
+                    map
+                });
+
+        let bundle_write_locks = transaction_locks
+            .iter()
+            .flat_map(|tx| tx.writable.iter().map(|a| **a));
+        let bundle_write_locks =
+            bundle_write_locks
+                .into_iter()
+                .fold(HashMap::new(), |mut map, acc| {
+                    *map.entry(acc).or_insert(0) += 1;
+                    map
+                });
+
+        Ok((bundle_read_locks, bundle_write_locks))
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use {
+        crate::{
+            bundle_stage::bundle_account_locker::BundleAccountLocker,
+            immutable_deserialized_bundle::ImmutableDeserializedBundle,
+            packet_bundle::PacketBundle,
+        },
+        solana_ledger::genesis_utils::create_genesis_config,
+        solana_perf::packet::PacketBatch,
+        solana_runtime::{bank::Bank, genesis_utils::GenesisConfigInfo},
+        solana_sdk::{
+            packet::Packet, signature::Signer, signer::keypair::Keypair, system_program,
+            system_transaction::transfer, transaction::VersionedTransaction,
+        },
+        solana_svm::transaction_error_metrics::TransactionErrorMetrics,
+        std::collections::HashSet,
+    };
+
+    #[test]
+    fn test_simple_lock_bundles() {
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(2);
+        let (bank, _) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let bundle_account_locker = BundleAccountLocker::default();
+
+        let kp0 = Keypair::new();
+        let kp1 = Keypair::new();
+
+        let tx0 = VersionedTransaction::from(transfer(
+            &mint_keypair,
+            &kp0.pubkey(),
+            1,
+            genesis_config.hash(),
+        ));
+        let tx1 = VersionedTransaction::from(transfer(
+            &mint_keypair,
+            &kp1.pubkey(),
+            1,
+            genesis_config.hash(),
+        ));
+
+        let mut packet_bundle0 = PacketBundle {
+            batch: PacketBatch::new(vec![Packet::from_data(None, &tx0).unwrap()]),
+            bundle_id: tx0.signatures[0].to_string(),
+        };
+        let mut packet_bundle1 = PacketBundle {
+            batch: PacketBatch::new(vec![Packet::from_data(None, &tx1).unwrap()]),
+            bundle_id: tx1.signatures[0].to_string(),
+        };
+
+        let mut transaction_errors = TransactionErrorMetrics::default();
+
+        let sanitized_bundle0 = ImmutableDeserializedBundle::new(&mut packet_bundle0, None)
+            .unwrap()
+            .build_sanitized_bundle(&bank, &HashSet::default(), &mut transaction_errors)
+            .expect("sanitize bundle 0");
+        let sanitized_bundle1 = ImmutableDeserializedBundle::new(&mut packet_bundle1, None)
+            .unwrap()
+            .build_sanitized_bundle(&bank, &HashSet::default(), &mut transaction_errors)
+            .expect("sanitize bundle 1");
+
+        let locked_bundle0 = bundle_account_locker
+            .prepare_locked_bundle(&sanitized_bundle0, &bank)
+            .unwrap();
+
+        assert_eq!(
+            bundle_account_locker.write_locks(),
+            HashSet::from_iter([mint_keypair.pubkey(), kp0.pubkey()])
+        );
+        assert_eq!(
+            bundle_account_locker.read_locks(),
+            HashSet::from_iter([system_program::id()])
+        );
+
+        let locked_bundle1 = bundle_account_locker
+            .prepare_locked_bundle(&sanitized_bundle1, &bank)
+            .unwrap();
+        assert_eq!(
+            bundle_account_locker.write_locks(),
+            HashSet::from_iter([mint_keypair.pubkey(), kp0.pubkey(), kp1.pubkey()])
+        );
+        assert_eq!(
+            bundle_account_locker.read_locks(),
+            HashSet::from_iter([system_program::id()])
+        );
+
+        drop(locked_bundle0);
+        assert_eq!(
+            bundle_account_locker.write_locks(),
+            HashSet::from_iter([mint_keypair.pubkey(), kp1.pubkey()])
+        );
+        assert_eq!(
+            bundle_account_locker.read_locks(),
+            HashSet::from_iter([system_program::id()])
+        );
+
+        drop(locked_bundle1);
+        assert!(bundle_account_locker.write_locks().is_empty());
+        assert!(bundle_account_locker.read_locks().is_empty());
+    }
+}
diff --git a/core/src/bundle_stage/bundle_consumer.rs b/core/src/bundle_stage/bundle_consumer.rs
new file mode 100644
index 0000000000..b8d71edaf6
--- /dev/null
+++ b/core/src/bundle_stage/bundle_consumer.rs
@@ -0,0 +1,1584 @@
+use {
+    crate::{
+        banking_stage::{
+            committer::CommitTransactionDetails, leader_slot_metrics::ProcessTransactionsSummary,
+            leader_slot_timing_metrics::LeaderExecuteAndCommitTimings, qos_service::QosService,
+            unprocessed_transaction_storage::UnprocessedTransactionStorage,
+        },
+        bundle_stage::{
+            bundle_account_locker::{BundleAccountLocker, LockedBundle},
+            bundle_reserved_space_manager::BundleReservedSpaceManager,
+            bundle_stage_leader_metrics::BundleStageLeaderMetrics,
+            committer::Committer,
+        },
+        consensus_cache_updater::ConsensusCacheUpdater,
+        immutable_deserialized_bundle::ImmutableDeserializedBundle,
+        proxy::block_engine_stage::BlockBuilderFeeInfo,
+        tip_manager::TipManager,
+    },
+    solana_bundle::{
+        bundle_execution::{load_and_execute_bundle, BundleExecutionMetrics},
+        BundleExecutionError, BundleExecutionResult, TipError,
+    },
+    solana_cost_model::transaction_cost::TransactionCost,
+    solana_gossip::cluster_info::ClusterInfo,
+    solana_measure::{measure, measure_us},
+    solana_poh::poh_recorder::{BankStart, RecordTransactionsSummary, TransactionRecorder},
+    solana_runtime::bank::Bank,
+    solana_sdk::{
+        bundle::SanitizedBundle,
+        clock::{Slot, MAX_PROCESSING_AGE},
+        pubkey::Pubkey,
+        transaction::{self},
+    },
+    solana_svm::transaction_error_metrics::TransactionErrorMetrics,
+    std::{
+        collections::HashSet,
+        sync::{Arc, Mutex},
+        time::{Duration, Instant},
+    },
+};
+
+pub struct ExecuteRecordCommitResult {
+    commit_transaction_details: Vec<CommitTransactionDetails>,
+    result: BundleExecutionResult<()>,
+    execution_metrics: BundleExecutionMetrics,
+    execute_and_commit_timings: LeaderExecuteAndCommitTimings,
+    transaction_error_counter: TransactionErrorMetrics,
+}
+
+pub struct BundleConsumer {
+    committer: Committer,
+    transaction_recorder: TransactionRecorder,
+    qos_service: QosService,
+    log_messages_bytes_limit: Option<usize>,
+
+    consensus_cache_updater: ConsensusCacheUpdater,
+
+    tip_manager: TipManager,
+    last_tip_update_slot: Slot,
+
+    blacklisted_accounts: HashSet<Pubkey>,
+
+    // Manages account locks across multiple transactions within a bundle to prevent race conditions
+    // with BankingStage
+    bundle_account_locker: BundleAccountLocker,
+
+    block_builder_fee_info: Arc<Mutex<BlockBuilderFeeInfo>>,
+
+    max_bundle_retry_duration: Duration,
+
+    cluster_info: Arc<ClusterInfo>,
+
+    reserved_space: BundleReservedSpaceManager,
+}
+
+impl BundleConsumer {
+    #[allow(clippy::too_many_arguments)]
+    pub fn new(
+        committer: Committer,
+        transaction_recorder: TransactionRecorder,
+        qos_service: QosService,
+        log_messages_bytes_limit: Option<usize>,
+        tip_manager: TipManager,
+        bundle_account_locker: BundleAccountLocker,
+        block_builder_fee_info: Arc<Mutex<BlockBuilderFeeInfo>>,
+        max_bundle_retry_duration: Duration,
+        cluster_info: Arc<ClusterInfo>,
+        reserved_space: BundleReservedSpaceManager,
+    ) -> Self {
+        Self {
+            committer,
+            transaction_recorder,
+            qos_service,
+            log_messages_bytes_limit,
+            consensus_cache_updater: ConsensusCacheUpdater::default(),
+            tip_manager,
+            // MAX because sending tips during slot 0 in tests doesn't work
+            last_tip_update_slot: u64::MAX,
+            blacklisted_accounts: HashSet::default(),
+            bundle_account_locker,
+            block_builder_fee_info,
+            max_bundle_retry_duration,
+            cluster_info,
+            reserved_space,
+        }
+    }
+
+    // A bundle is a series of transactions to be executed sequentially, atomically, and all-or-nothing.
+    // Sequentially:
+    //  - Transactions are executed in order
+    // Atomically:
+    //  - All transactions in a bundle get recoded to PoH and committed to the bank in the same slot. Account locks
+    //  for all accounts in all transactions in a bundle are held during the entire execution to remove POH record race conditions
+    //  with transactions in BankingStage.
+    // All-or-nothing:
+    //  - All transactions are committed or none. Modified state for the entire bundle isn't recorded to PoH and committed to the
+    //  bank until all transactions in the bundle have executed.
+    //
+    // Some corner cases to be aware of when working with BundleStage:
+    // A bundle is not allowed to call the Tip Payment program in a bundle (or BankingStage).
+    // - This is to avoid stealing of tips by malicious parties with bundles that crank the tip
+    // payment program and set the tip receiver to themself.
+    // A bundle is not allowed to touch consensus-related accounts
+    //  - This is to avoid stalling the voting BankingStage threads.
+    pub fn consume_buffered_bundles(
+        &mut self,
+        bank_start: &BankStart,
+        unprocessed_transaction_storage: &mut UnprocessedTransactionStorage,
+        bundle_stage_leader_metrics: &mut BundleStageLeaderMetrics,
+    ) {
+        self.maybe_update_blacklist(bank_start);
+        self.reserved_space.tick(&bank_start.working_bank);
+
+        let reached_end_of_slot = unprocessed_transaction_storage.process_bundles(
+            bank_start.working_bank.clone(),
+            bundle_stage_leader_metrics,
+            &self.blacklisted_accounts,
+            |bundles, bundle_stage_leader_metrics| {
+                Self::do_process_bundles(
+                    &self.bundle_account_locker,
+                    &self.tip_manager,
+                    &mut self.last_tip_update_slot,
+                    &self.cluster_info,
+                    &self.block_builder_fee_info,
+                    &self.committer,
+                    &self.transaction_recorder,
+                    &self.qos_service,
+                    &self.log_messages_bytes_limit,
+                    self.max_bundle_retry_duration,
+                    &self.reserved_space,
+                    bundles,
+                    bank_start,
+                    bundle_stage_leader_metrics,
+                )
+            },
+        );
+
+        if reached_end_of_slot {
+            bundle_stage_leader_metrics
+                .leader_slot_metrics_tracker()
+                .set_end_of_slot_unprocessed_buffer_len(
+                    unprocessed_transaction_storage.len() as u64
+                );
+        }
+    }
+
+    /// Blacklist is updated with the tip payment program + any consensus accounts.
+    fn maybe_update_blacklist(&mut self, bank_start: &BankStart) {
+        if self
+            .consensus_cache_updater
+            .maybe_update(&bank_start.working_bank)
+        {
+            self.blacklisted_accounts = self
+                .consensus_cache_updater
+                .consensus_accounts_cache()
+                .union(&HashSet::from_iter([self
+                    .tip_manager
+                    .tip_payment_program_id()]))
+                .cloned()
+                .collect();
+
+            debug!(
+                "updated blacklist with {} accounts",
+                self.blacklisted_accounts.len()
+            );
+        }
+    }
+
+    #[allow(clippy::too_many_arguments)]
+    fn do_process_bundles(
+        bundle_account_locker: &BundleAccountLocker,
+        tip_manager: &TipManager,
+        last_tip_updated_slot: &mut Slot,
+        cluster_info: &Arc<ClusterInfo>,
+        block_builder_fee_info: &Arc<Mutex<BlockBuilderFeeInfo>>,
+        committer: &Committer,
+        recorder: &TransactionRecorder,
+        qos_service: &QosService,
+        log_messages_bytes_limit: &Option<usize>,
+        max_bundle_retry_duration: Duration,
+        reserved_space: &BundleReservedSpaceManager,
+        bundles: &[(ImmutableDeserializedBundle, SanitizedBundle)],
+        bank_start: &BankStart,
+        bundle_stage_leader_metrics: &mut BundleStageLeaderMetrics,
+    ) -> Vec<Result<(), BundleExecutionError>> {
+        // BundleAccountLocker holds RW locks for ALL accounts in ALL transactions within a single bundle.
+        // By pre-locking bundles before they're ready to be processed, it will prevent BankingStage from
+        // grabbing those locks so BundleStage can process as fast as possible.
+        // A LockedBundle is similar to TransactionBatch; once its dropped the locks are released.
+        #[allow(clippy::needless_collect)]
+        let (locked_bundle_results, locked_bundles_elapsed) = measure!(
+            bundles
+                .iter()
+                .map(|(_, sanitized_bundle)| {
+                    bundle_account_locker
+                        .prepare_locked_bundle(sanitized_bundle, &bank_start.working_bank)
+                })
+                .collect::<Vec<_>>(),
+            "locked_bundles_elapsed"
+        );
+        bundle_stage_leader_metrics
+            .bundle_stage_metrics_tracker()
+            .increment_locked_bundle_elapsed_us(locked_bundles_elapsed.as_us());
+
+        let (execution_results, execute_locked_bundles_elapsed) = measure!(locked_bundle_results
+            .into_iter()
+            .map(|r| match r {
+                Ok(locked_bundle) => {
+                    let (r, measure) = measure_us!(Self::process_bundle(
+                        bundle_account_locker,
+                        tip_manager,
+                        last_tip_updated_slot,
+                        cluster_info,
+                        block_builder_fee_info,
+                        committer,
+                        recorder,
+                        qos_service,
+                        log_messages_bytes_limit,
+                        max_bundle_retry_duration,
+                        reserved_space,
+                        &locked_bundle,
+                        bank_start,
+                        bundle_stage_leader_metrics,
+                    ));
+                    bundle_stage_leader_metrics
+                        .leader_slot_metrics_tracker()
+                        .increment_process_packets_transactions_us(measure);
+                    r
+                }
+                Err(_) => {
+                    Err(BundleExecutionError::LockError)
+                }
+            })
+            .collect::<Vec<_>>());
+
+        bundle_stage_leader_metrics
+            .bundle_stage_metrics_tracker()
+            .increment_execute_locked_bundles_elapsed_us(execute_locked_bundles_elapsed.as_us());
+        execution_results.iter().for_each(|result| {
+            bundle_stage_leader_metrics
+                .bundle_stage_metrics_tracker()
+                .increment_bundle_execution_result(result);
+        });
+
+        execution_results
+    }
+
+    #[allow(clippy::too_many_arguments)]
+    fn process_bundle(
+        bundle_account_locker: &BundleAccountLocker,
+        tip_manager: &TipManager,
+        last_tip_updated_slot: &mut Slot,
+        cluster_info: &Arc<ClusterInfo>,
+        block_builder_fee_info: &Arc<Mutex<BlockBuilderFeeInfo>>,
+        committer: &Committer,
+        recorder: &TransactionRecorder,
+        qos_service: &QosService,
+        log_messages_bytes_limit: &Option<usize>,
+        max_bundle_retry_duration: Duration,
+        reserved_space: &BundleReservedSpaceManager,
+        locked_bundle: &LockedBundle,
+        bank_start: &BankStart,
+        bundle_stage_leader_metrics: &mut BundleStageLeaderMetrics,
+    ) -> Result<(), BundleExecutionError> {
+        if !Bank::should_bank_still_be_processing_txs(
+            &bank_start.bank_creation_time,
+            bank_start.working_bank.ns_per_slot,
+        ) {
+            return Err(BundleExecutionError::BankProcessingTimeLimitReached);
+        }
+
+        if bank_start.working_bank.slot() != *last_tip_updated_slot
+            && Self::bundle_touches_tip_pdas(
+                locked_bundle.sanitized_bundle(),
+                &tip_manager.get_tip_accounts(),
+            )
+        {
+            let start = Instant::now();
+            let result = Self::handle_tip_programs(
+                bundle_account_locker,
+                tip_manager,
+                cluster_info,
+                block_builder_fee_info,
+                committer,
+                recorder,
+                qos_service,
+                log_messages_bytes_limit,
+                max_bundle_retry_duration,
+                reserved_space,
+                bank_start,
+                bundle_stage_leader_metrics,
+            );
+
+            bundle_stage_leader_metrics
+                .bundle_stage_metrics_tracker()
+                .increment_change_tip_receiver_elapsed_us(start.elapsed().as_micros() as u64);
+
+            result?;
+
+            *last_tip_updated_slot = bank_start.working_bank.slot();
+        }
+
+        Self::update_qos_and_execute_record_commit_bundle(
+            committer,
+            recorder,
+            qos_service,
+            log_messages_bytes_limit,
+            max_bundle_retry_duration,
+            reserved_space,
+            locked_bundle.sanitized_bundle(),
+            bank_start,
+            bundle_stage_leader_metrics,
+        )?;
+
+        Ok(())
+    }
+
+    /// The validator needs to manage state on two programs related to tips
+    #[allow(clippy::too_many_arguments)]
+    fn handle_tip_programs(
+        bundle_account_locker: &BundleAccountLocker,
+        tip_manager: &TipManager,
+        cluster_info: &Arc<ClusterInfo>,
+        block_builder_fee_info: &Arc<Mutex<BlockBuilderFeeInfo>>,
+        committer: &Committer,
+        recorder: &TransactionRecorder,
+        qos_service: &QosService,
+        log_messages_bytes_limit: &Option<usize>,
+        max_bundle_retry_duration: Duration,
+        reserved_space: &BundleReservedSpaceManager,
+        bank_start: &BankStart,
+        bundle_stage_leader_metrics: &mut BundleStageLeaderMetrics,
+    ) -> Result<(), BundleExecutionError> {
+        debug!("handle_tip_programs");
+
+        // This will setup the tip payment and tip distribution program if they haven't been
+        // initialized yet, which is typically helpful for local validators. On mainnet and testnet,
+        // this code should never run.
+        let keypair = cluster_info.keypair().clone();
+        let initialize_tip_programs_bundle =
+            tip_manager.get_initialize_tip_programs_bundle(&bank_start.working_bank, &keypair);
+        if let Some(bundle) = initialize_tip_programs_bundle {
+            debug!(
+                "initializing tip programs with {} transactions, bundle id: {}",
+                bundle.transactions.len(),
+                bundle.bundle_id
+            );
+
+            let locked_init_tip_programs_bundle = bundle_account_locker
+                .prepare_locked_bundle(&bundle, &bank_start.working_bank)
+                .map_err(|_| BundleExecutionError::TipError(TipError::LockError))?;
+
+            Self::update_qos_and_execute_record_commit_bundle(
+                committer,
+                recorder,
+                qos_service,
+                log_messages_bytes_limit,
+                max_bundle_retry_duration,
+                reserved_space,
+                locked_init_tip_programs_bundle.sanitized_bundle(),
+                bank_start,
+                bundle_stage_leader_metrics,
+            )
+            .map_err(|e| {
+                bundle_stage_leader_metrics
+                    .bundle_stage_metrics_tracker()
+                    .increment_num_init_tip_account_errors(1);
+                error!(
+                    "bundle: {} error initializing tip programs: {:?}",
+                    locked_init_tip_programs_bundle.sanitized_bundle().bundle_id,
+                    e
+                );
+                BundleExecutionError::TipError(TipError::InitializeProgramsError)
+            })?;
+
+            bundle_stage_leader_metrics
+                .bundle_stage_metrics_tracker()
+                .increment_num_init_tip_account_ok(1);
+        }
+
+        // There are two frequently run internal cranks inside the jito-solana validator that have to do with managing MEV tips.
+        // One is initialize the TipDistributionAccount, which is a validator's "tip piggy bank" for an epoch
+        // The other is ensuring the tip_receiver is configured correctly to ensure tips are routed to the correct
+        // address. The validator must drain the tip accounts to the previous tip receiver before setting the tip receiver to
+        // themselves.
+
+        let kp = cluster_info.keypair().clone();
+        let tip_crank_bundle = tip_manager.get_tip_programs_crank_bundle(
+            &bank_start.working_bank,
+            &kp,
+            &block_builder_fee_info.lock().unwrap(),
+        )?;
+        debug!("tip_crank_bundle is_some: {}", tip_crank_bundle.is_some());
+
+        if let Some(bundle) = tip_crank_bundle {
+            info!(
+                "bundle id: {} cranking tip programs with {} transactions",
+                bundle.bundle_id,
+                bundle.transactions.len()
+            );
+
+            let locked_tip_crank_bundle = bundle_account_locker
+                .prepare_locked_bundle(&bundle, &bank_start.working_bank)
+                .map_err(|_| BundleExecutionError::TipError(TipError::LockError))?;
+
+            Self::update_qos_and_execute_record_commit_bundle(
+                committer,
+                recorder,
+                qos_service,
+                log_messages_bytes_limit,
+                max_bundle_retry_duration,
+                reserved_space,
+                locked_tip_crank_bundle.sanitized_bundle(),
+                bank_start,
+                bundle_stage_leader_metrics,
+            )
+            .map_err(|e| {
+                bundle_stage_leader_metrics
+                    .bundle_stage_metrics_tracker()
+                    .increment_num_change_tip_receiver_errors(1);
+                error!(
+                    "bundle: {} error cranking tip programs: {:?}",
+                    locked_tip_crank_bundle.sanitized_bundle().bundle_id,
+                    e
+                );
+                BundleExecutionError::TipError(TipError::CrankTipError)
+            })?;
+
+            bundle_stage_leader_metrics
+                .bundle_stage_metrics_tracker()
+                .increment_num_change_tip_receiver_ok(1);
+        }
+
+        Ok(())
+    }
+
+    /// Reserves space for the entire bundle up-front to ensure the entire bundle can execute.
+    /// Rolls back the reserved space if there's not enough blockspace for all transactions in the bundle.
+    fn reserve_bundle_blockspace(
+        qos_service: &QosService,
+        reserved_space: &BundleReservedSpaceManager,
+        sanitized_bundle: &SanitizedBundle,
+        bank: &Arc<Bank>,
+    ) -> BundleExecutionResult<(Vec<transaction::Result<TransactionCost>>, usize)> {
+        let mut write_cost_tracker = bank.write_cost_tracker().unwrap();
+
+        // set the block cost limit to the original block cost limit, run the select + accumulate
+        // then reset back to the expected block cost limit. this allows bundle stage to potentially
+        // increase block_compute_limits, allocate the space, and reset the block_cost_limits to
+        // the reserved space without BankingStage racing to allocate this extra reserved space
+        write_cost_tracker.set_block_cost_limit(reserved_space.block_cost_limit());
+        let (transaction_qos_cost_results, cost_model_throttled_transactions_count) = qos_service
+            .select_and_accumulate_transaction_costs(
+                bank,
+                &mut write_cost_tracker,
+                &sanitized_bundle.transactions,
+                std::iter::repeat(Ok(())),
+            );
+        write_cost_tracker.set_block_cost_limit(reserved_space.expected_block_cost_limits(bank));
+        drop(write_cost_tracker);
+
+        // rollback all transaction costs if it can't fit and
+        if transaction_qos_cost_results.iter().any(|c| c.is_err()) {
+            QosService::remove_or_update_costs(transaction_qos_cost_results.iter(), None, bank);
+            return Err(BundleExecutionError::ExceedsCostModel);
+        }
+
+        Ok((
+            transaction_qos_cost_results,
+            cost_model_throttled_transactions_count,
+        ))
+    }
+
+    fn update_qos_and_execute_record_commit_bundle(
+        committer: &Committer,
+        recorder: &TransactionRecorder,
+        qos_service: &QosService,
+        log_messages_bytes_limit: &Option<usize>,
+        max_bundle_retry_duration: Duration,
+        reserved_space: &BundleReservedSpaceManager,
+        sanitized_bundle: &SanitizedBundle,
+        bank_start: &BankStart,
+        bundle_stage_leader_metrics: &mut BundleStageLeaderMetrics,
+    ) -> BundleExecutionResult<()> {
+        debug!(
+            "bundle: {} reserving blockspace for {} transactions",
+            sanitized_bundle.bundle_id,
+            sanitized_bundle.transactions.len()
+        );
+
+        let (
+            (transaction_qos_cost_results, _cost_model_throttled_transactions_count),
+            cost_model_elapsed_us,
+        ) = measure_us!(Self::reserve_bundle_blockspace(
+            qos_service,
+            reserved_space,
+            sanitized_bundle,
+            &bank_start.working_bank
+        )?);
+
+        debug!(
+            "bundle: {} executing, recording, and committing",
+            sanitized_bundle.bundle_id
+        );
+
+        let (result, process_transactions_us) = measure_us!(Self::execute_record_commit_bundle(
+            committer,
+            recorder,
+            log_messages_bytes_limit,
+            max_bundle_retry_duration,
+            sanitized_bundle,
+            bank_start,
+        ));
+
+        bundle_stage_leader_metrics
+            .bundle_stage_metrics_tracker()
+            .increment_num_execution_retries(result.execution_metrics.num_retries);
+        bundle_stage_leader_metrics
+            .leader_slot_metrics_tracker()
+            .accumulate_transaction_errors(&result.transaction_error_counter);
+        bundle_stage_leader_metrics
+            .leader_slot_metrics_tracker()
+            .increment_process_transactions_us(process_transactions_us);
+
+        let (cu, us) = result
+            .execute_and_commit_timings
+            .execute_timings
+            .accumulate_execute_units_and_time();
+        qos_service.accumulate_actual_execute_cu(cu);
+        qos_service.accumulate_actual_execute_time(us);
+
+        let num_committed = result
+            .commit_transaction_details
+            .iter()
+            .filter(|c| matches!(c, CommitTransactionDetails::Committed { .. }))
+            .count();
+        bundle_stage_leader_metrics
+            .leader_slot_metrics_tracker()
+            .accumulate_process_transactions_summary(&ProcessTransactionsSummary {
+                reached_max_poh_height: matches!(
+                    result.result,
+                    Err(BundleExecutionError::BankProcessingTimeLimitReached)
+                        | Err(BundleExecutionError::PohRecordError(_))
+                ),
+                transactions_attempted_execution_count: sanitized_bundle.transactions.len(),
+                committed_transactions_count: num_committed,
+                // NOTE: this assumes that bundles are committed all-or-nothing
+                committed_transactions_with_successful_result_count: num_committed,
+                failed_commit_count: 0,
+                retryable_transaction_indexes: vec![],
+                cost_model_throttled_transactions_count: 0,
+                cost_model_us: cost_model_elapsed_us,
+                execute_and_commit_timings: result.execute_and_commit_timings,
+                error_counters: result.transaction_error_counter,
+                min_prioritization_fees: 0, // TODO (LB)
+                max_prioritization_fees: 0, // TODO (LB)
+            });
+
+        match result.result {
+            Ok(_) => {
+                QosService::remove_or_update_costs(
+                    transaction_qos_cost_results.iter(),
+                    Some(&result.commit_transaction_details),
+                    &bank_start.working_bank,
+                );
+
+                qos_service.report_metrics(bank_start.working_bank.slot());
+                Ok(())
+            }
+            Err(e) => {
+                // on bundle failure, none of the transactions are committed, so need to revert
+                // all compute reserved
+                QosService::remove_or_update_costs(
+                    transaction_qos_cost_results.iter(),
+                    None,
+                    &bank_start.working_bank,
+                );
+                qos_service.report_metrics(bank_start.working_bank.slot());
+
+                Err(e)
+            }
+        }
+    }
+
+    fn execute_record_commit_bundle(
+        committer: &Committer,
+        recorder: &TransactionRecorder,
+        log_messages_bytes_limit: &Option<usize>,
+        max_bundle_retry_duration: Duration,
+        sanitized_bundle: &SanitizedBundle,
+        bank_start: &BankStart,
+    ) -> ExecuteRecordCommitResult {
+        let transaction_status_sender_enabled = committer.transaction_status_sender_enabled();
+
+        let mut execute_and_commit_timings = LeaderExecuteAndCommitTimings::default();
+
+        debug!("bundle: {} executing", sanitized_bundle.bundle_id);
+        let default_accounts = vec![None; sanitized_bundle.transactions.len()];
+        let mut bundle_execution_results = load_and_execute_bundle(
+            &bank_start.working_bank,
+            sanitized_bundle,
+            MAX_PROCESSING_AGE,
+            &max_bundle_retry_duration,
+            transaction_status_sender_enabled,
+            log_messages_bytes_limit,
+            false,
+            None,
+            &default_accounts,
+            &default_accounts,
+        );
+
+        let execution_metrics = bundle_execution_results.metrics();
+
+        execute_and_commit_timings.collect_balances_us = execution_metrics.collect_balances_us;
+        execute_and_commit_timings.load_execute_us = execution_metrics.load_execute_us;
+        execute_and_commit_timings
+            .execute_timings
+            .accumulate(&execution_metrics.execute_timings);
+
+        let mut transaction_error_counter = TransactionErrorMetrics::default();
+        bundle_execution_results
+            .bundle_transaction_results()
+            .iter()
+            .for_each(|r| {
+                transaction_error_counter
+                    .accumulate(&r.load_and_execute_transactions_output().error_counters);
+            });
+
+        debug!(
+            "bundle: {} executed, is_ok: {}",
+            sanitized_bundle.bundle_id,
+            bundle_execution_results.result().is_ok()
+        );
+
+        // don't commit bundle if failure executing any part of the bundle
+        if let Err(e) = bundle_execution_results.result() {
+            return ExecuteRecordCommitResult {
+                commit_transaction_details: vec![],
+                result: Err(e.clone().into()),
+                execution_metrics,
+                execute_and_commit_timings,
+                transaction_error_counter,
+            };
+        }
+
+        let (executed_batches, execution_results_to_transactions_us) =
+            measure_us!(bundle_execution_results.executed_transaction_batches());
+
+        debug!(
+            "bundle: {} recording {} batches of {:?} transactions",
+            sanitized_bundle.bundle_id,
+            executed_batches.len(),
+            executed_batches
+                .iter()
+                .map(|b| b.len())
+                .collect::<Vec<usize>>()
+        );
+
+        let (freeze_lock, freeze_lock_us) = measure_us!(bank_start.working_bank.freeze_lock());
+        execute_and_commit_timings.freeze_lock_us = freeze_lock_us;
+
+        let (last_blockhash, lamports_per_signature) = bank_start
+            .working_bank
+            .last_blockhash_and_lamports_per_signature();
+
+        let (
+            RecordTransactionsSummary {
+                result: record_transactions_result,
+                record_transactions_timings,
+                starting_transaction_index,
+            },
+            record_us,
+        ) = measure_us!(
+            recorder.record_transactions(bank_start.working_bank.slot(), executed_batches)
+        );
+
+        execute_and_commit_timings.record_us = record_us;
+        execute_and_commit_timings.record_transactions_timings = record_transactions_timings;
+        execute_and_commit_timings
+            .record_transactions_timings
+            .execution_results_to_transactions_us = execution_results_to_transactions_us;
+
+        debug!(
+            "bundle: {} record result: {}",
+            sanitized_bundle.bundle_id,
+            record_transactions_result.is_ok()
+        );
+
+        // don't commit bundle if failed to record
+        if let Err(e) = record_transactions_result {
+            return ExecuteRecordCommitResult {
+                commit_transaction_details: vec![],
+                result: Err(e.into()),
+                execution_metrics,
+                execute_and_commit_timings,
+                transaction_error_counter,
+            };
+        }
+
+        // note: execute_and_commit_timings.commit_us handled inside this function
+        let (commit_us, commit_bundle_details) = committer.commit_bundle(
+            &mut bundle_execution_results,
+            last_blockhash,
+            lamports_per_signature,
+            starting_transaction_index,
+            &bank_start.working_bank,
+            &mut execute_and_commit_timings,
+        );
+        execute_and_commit_timings.commit_us = commit_us;
+
+        drop(freeze_lock);
+
+        // commit_bundle_details contains transactions that were and were not committed
+        // given the current implementation only executes, records, and commits bundles
+        // where all transactions executed, we can filter out the non-committed
+        // TODO (LB): does this make more sense in commit_bundle for future when failing bundles are accepted?
+        let commit_transaction_details = commit_bundle_details
+            .commit_transaction_details
+            .into_iter()
+            .flat_map(|commit_details| {
+                commit_details
+                    .into_iter()
+                    .filter(|d| matches!(d, CommitTransactionDetails::Committed { .. }))
+            })
+            .collect();
+        debug!(
+            "bundle: {} commit details: {:?}",
+            sanitized_bundle.bundle_id, commit_transaction_details
+        );
+
+        ExecuteRecordCommitResult {
+            commit_transaction_details,
+            result: Ok(()),
+            execution_metrics,
+            execute_and_commit_timings,
+            transaction_error_counter,
+        }
+    }
+
+    /// Returns true if any of the transactions in a bundle mention one of the tip PDAs
+    fn bundle_touches_tip_pdas(bundle: &SanitizedBundle, tip_pdas: &HashSet<Pubkey>) -> bool {
+        bundle.transactions.iter().any(|tx| {
+            tx.message()
+                .account_keys()
+                .iter()
+                .any(|a| tip_pdas.contains(a))
+        })
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use {
+        crate::{
+            bundle_stage::{
+                bundle_account_locker::BundleAccountLocker, bundle_consumer::BundleConsumer,
+                bundle_packet_deserializer::BundlePacketDeserializer,
+                bundle_reserved_space_manager::BundleReservedSpaceManager,
+                bundle_stage_leader_metrics::BundleStageLeaderMetrics, committer::Committer,
+                QosService, UnprocessedTransactionStorage,
+            },
+            packet_bundle::PacketBundle,
+            proxy::block_engine_stage::BlockBuilderFeeInfo,
+            tip_manager::{TipDistributionAccountConfig, TipManager, TipManagerConfig},
+        },
+        crossbeam_channel::{unbounded, Receiver},
+        jito_tip_distribution::sdk::derive_tip_distribution_account_address,
+        rand::{thread_rng, RngCore},
+        solana_cost_model::{block_cost_limits::MAX_BLOCK_UNITS, cost_model::CostModel},
+        solana_gossip::{cluster_info::ClusterInfo, contact_info::ContactInfo},
+        solana_ledger::{
+            blockstore::Blockstore, genesis_utils::create_genesis_config,
+            get_tmp_ledger_path_auto_delete, leader_schedule_cache::LeaderScheduleCache,
+        },
+        solana_perf::packet::PacketBatch,
+        solana_poh::{
+            poh_recorder::{PohRecorder, Record, WorkingBankEntry},
+            poh_service::PohService,
+        },
+        solana_program_test::programs::spl_programs,
+        solana_runtime::{
+            bank::Bank,
+            bank_forks::BankForks,
+            genesis_utils::{create_genesis_config_with_leader_ex, GenesisConfigInfo},
+            installed_scheduler_pool::BankWithScheduler,
+            prioritization_fee_cache::PrioritizationFeeCache,
+        },
+        solana_sdk::{
+            bundle::{derive_bundle_id, SanitizedBundle},
+            clock::MAX_PROCESSING_AGE,
+            fee_calculator::{FeeRateGovernor, DEFAULT_TARGET_LAMPORTS_PER_SIGNATURE},
+            genesis_config::ClusterType,
+            hash::Hash,
+            native_token::sol_to_lamports,
+            packet::Packet,
+            poh_config::PohConfig,
+            pubkey::Pubkey,
+            rent::Rent,
+            signature::{Keypair, Signer},
+            system_transaction::transfer,
+            transaction::{SanitizedTransaction, TransactionError, VersionedTransaction},
+            vote::state::VoteState,
+        },
+        solana_streamer::socket::SocketAddrSpace,
+        solana_svm::{
+            account_loader::TransactionCheckResult,
+            transaction_error_metrics::TransactionErrorMetrics,
+        },
+        std::{
+            collections::HashSet,
+            str::FromStr,
+            sync::{
+                atomic::{AtomicBool, Ordering},
+                Arc, Mutex, RwLock,
+            },
+            thread::{Builder, JoinHandle},
+            time::Duration,
+        },
+    };
+
+    struct TestFixture {
+        genesis_config_info: GenesisConfigInfo,
+        leader_keypair: Keypair,
+        bank: Arc<Bank>,
+        exit: Arc<AtomicBool>,
+        poh_recorder: Arc<RwLock<PohRecorder>>,
+        poh_simulator: JoinHandle<()>,
+        entry_receiver: Receiver<WorkingBankEntry>,
+        bank_forks: Arc<RwLock<BankForks>>,
+    }
+
+    pub(crate) fn simulate_poh(
+        record_receiver: Receiver<Record>,
+        poh_recorder: &Arc<RwLock<PohRecorder>>,
+    ) -> JoinHandle<()> {
+        let poh_recorder = poh_recorder.clone();
+        let is_exited = poh_recorder.read().unwrap().is_exited.clone();
+        let tick_producer = Builder::new()
+            .name("solana-simulate_poh".to_string())
+            .spawn(move || loop {
+                PohService::read_record_receiver_and_process(
+                    &poh_recorder,
+                    &record_receiver,
+                    Duration::from_millis(10),
+                );
+                if is_exited.load(Ordering::Relaxed) {
+                    break;
+                }
+            });
+        tick_producer.unwrap()
+    }
+
+    pub fn create_test_recorder(
+        bank: &Arc<Bank>,
+        blockstore: Arc<Blockstore>,
+        poh_config: Option<PohConfig>,
+        leader_schedule_cache: Option<Arc<LeaderScheduleCache>>,
+    ) -> (
+        Arc<AtomicBool>,
+        Arc<RwLock<PohRecorder>>,
+        JoinHandle<()>,
+        Receiver<WorkingBankEntry>,
+    ) {
+        let leader_schedule_cache = match leader_schedule_cache {
+            Some(provided_cache) => provided_cache,
+            None => Arc::new(LeaderScheduleCache::new_from_bank(bank)),
+        };
+        let exit = Arc::new(AtomicBool::new(false));
+        let poh_config = poh_config.unwrap_or_default();
+
+        let (mut poh_recorder, entry_receiver, record_receiver) = PohRecorder::new(
+            bank.tick_height(),
+            bank.last_blockhash(),
+            bank.clone(),
+            Some((4, 4)),
+            bank.ticks_per_slot(),
+            blockstore,
+            &leader_schedule_cache,
+            &poh_config,
+            exit.clone(),
+        );
+        poh_recorder.set_bank(
+            BankWithScheduler::new_without_scheduler(bank.clone()),
+            false,
+        );
+
+        let poh_recorder = Arc::new(RwLock::new(poh_recorder));
+        let poh_simulator = simulate_poh(record_receiver, &poh_recorder);
+
+        (exit, poh_recorder, poh_simulator, entry_receiver)
+    }
+
+    fn create_test_fixture(mint_sol: u64) -> TestFixture {
+        let mint_keypair = Keypair::new();
+        let leader_keypair = Keypair::new();
+        let voting_keypair = Keypair::new();
+
+        let rent = Rent::default();
+
+        let mut genesis_config = create_genesis_config_with_leader_ex(
+            sol_to_lamports(mint_sol as f64),
+            &mint_keypair.pubkey(),
+            &leader_keypair.pubkey(),
+            &voting_keypair.pubkey(),
+            &solana_sdk::pubkey::new_rand(),
+            rent.minimum_balance(VoteState::size_of()) + sol_to_lamports(1_000_000.0),
+            sol_to_lamports(1_000_000.0),
+            FeeRateGovernor {
+                // Initialize with a non-zero fee
+                lamports_per_signature: DEFAULT_TARGET_LAMPORTS_PER_SIGNATURE / 2,
+                ..FeeRateGovernor::default()
+            },
+            rent.clone(), // most tests don't expect rent
+            ClusterType::Development,
+            spl_programs(&rent),
+        );
+        genesis_config.ticks_per_slot *= 8;
+
+        // workaround for https://github.com/solana-labs/solana/issues/30085
+        // the test can deploy and use spl_programs in the genensis slot without waiting for the next one
+        let (bank, bank_forks) = Bank::new_with_bank_forks_for_tests(&genesis_config);
+
+        let bank = Arc::new(Bank::new_from_parent(bank, &Pubkey::default(), 1));
+
+        let ledger_path = get_tmp_ledger_path_auto_delete!();
+        let blockstore = Arc::new(
+            Blockstore::open(ledger_path.path())
+                .expect("Expected to be able to open database ledger"),
+        );
+
+        let (exit, poh_recorder, poh_simulator, entry_receiver) =
+            create_test_recorder(&bank, blockstore, Some(PohConfig::default()), None);
+
+        let validator_pubkey = voting_keypair.pubkey();
+        TestFixture {
+            genesis_config_info: GenesisConfigInfo {
+                genesis_config,
+                mint_keypair,
+                voting_keypair,
+                validator_pubkey,
+            },
+            leader_keypair,
+            bank,
+            bank_forks,
+            exit,
+            poh_recorder,
+            poh_simulator,
+            entry_receiver,
+        }
+    }
+
+    fn make_random_overlapping_bundles(
+        mint_keypair: &Keypair,
+        num_bundles: usize,
+        num_packets_per_bundle: usize,
+        hash: Hash,
+        max_transfer_amount: u64,
+    ) -> Vec<PacketBundle> {
+        let mut rng = thread_rng();
+
+        (0..num_bundles)
+            .map(|_| {
+                let transfers: Vec<_> = (0..num_packets_per_bundle)
+                    .map(|_| {
+                        VersionedTransaction::from(transfer(
+                            mint_keypair,
+                            &mint_keypair.pubkey(),
+                            rng.next_u64() % max_transfer_amount,
+                            hash,
+                        ))
+                    })
+                    .collect();
+                let bundle_id = derive_bundle_id(&transfers);
+
+                PacketBundle {
+                    batch: PacketBatch::new(
+                        transfers
+                            .iter()
+                            .map(|tx| Packet::from_data(None, tx).unwrap())
+                            .collect(),
+                    ),
+                    bundle_id,
+                }
+            })
+            .collect()
+    }
+
+    fn get_tip_manager(vote_account: &Pubkey) -> TipManager {
+        TipManager::new(TipManagerConfig {
+            tip_payment_program_id: Pubkey::from_str("T1pyyaTNZsKv2WcRAB8oVnk93mLJw2XzjtVYqCsaHqt")
+                .unwrap(),
+            tip_distribution_program_id: Pubkey::from_str(
+                "4R3gSG8BpU4t19KYj8CfnbtRpnT8gtk4dvTHxVRwc2r7",
+            )
+            .unwrap(),
+            tip_distribution_account_config: TipDistributionAccountConfig {
+                merkle_root_upload_authority: Pubkey::new_unique(),
+                vote_account: *vote_account,
+                commission_bps: 10,
+            },
+        })
+    }
+
+    /// Happy-path bundle execution w/ no tip management
+    #[test]
+    fn test_bundle_no_tip_success() {
+        solana_logger::setup();
+        let TestFixture {
+            genesis_config_info,
+            leader_keypair,
+            bank,
+            exit,
+            poh_recorder,
+            poh_simulator,
+            entry_receiver,
+            bank_forks: _bank_forks,
+        } = create_test_fixture(1_000_000);
+        let recorder = poh_recorder.read().unwrap().new_recorder();
+
+        let status = poh_recorder
+            .read()
+            .unwrap()
+            .reached_leader_slot(&leader_keypair.pubkey());
+        info!("status: {:?}", status);
+
+        let (replay_vote_sender, _replay_vote_receiver) = unbounded();
+        let committer = Committer::new(
+            None,
+            replay_vote_sender,
+            Arc::new(PrioritizationFeeCache::new(0u64)),
+        );
+
+        let block_builder_pubkey = Pubkey::new_unique();
+        let tip_manager = get_tip_manager(&genesis_config_info.voting_keypair.pubkey());
+        let block_builder_info = Arc::new(Mutex::new(BlockBuilderFeeInfo {
+            block_builder: block_builder_pubkey,
+            block_builder_commission: 10,
+        }));
+
+        let cluster_info = Arc::new(ClusterInfo::new(
+            ContactInfo::new(leader_keypair.pubkey(), 0, 0),
+            Arc::new(leader_keypair),
+            SocketAddrSpace::new(true),
+        ));
+
+        let mut consumer = BundleConsumer::new(
+            committer,
+            recorder,
+            QosService::new(1),
+            None,
+            tip_manager,
+            BundleAccountLocker::default(),
+            block_builder_info,
+            Duration::from_secs(10),
+            cluster_info,
+            BundleReservedSpaceManager::new(
+                MAX_BLOCK_UNITS,
+                3_000_000,
+                poh_recorder
+                    .read()
+                    .unwrap()
+                    .ticks_per_slot()
+                    .saturating_mul(8)
+                    .saturating_div(10),
+            ),
+        );
+
+        let bank_start = poh_recorder.read().unwrap().bank_start().unwrap();
+
+        let mut bundle_storage = UnprocessedTransactionStorage::new_bundle_storage();
+        let mut bundle_stage_leader_metrics = BundleStageLeaderMetrics::new(1);
+
+        let mut packet_bundles = make_random_overlapping_bundles(
+            &genesis_config_info.mint_keypair,
+            1,
+            3,
+            genesis_config_info.genesis_config.hash(),
+            10_000,
+        );
+        let deserialized_bundle = BundlePacketDeserializer::deserialize_bundle(
+            packet_bundles.get_mut(0).unwrap(),
+            false,
+            None,
+        )
+        .unwrap();
+        let mut error_metrics = TransactionErrorMetrics::default();
+        let sanitized_bundle = deserialized_bundle
+            .build_sanitized_bundle(
+                &bank_start.working_bank,
+                &HashSet::default(),
+                &mut error_metrics,
+            )
+            .unwrap();
+
+        let summary = bundle_storage.insert_bundles(vec![deserialized_bundle]);
+        assert_eq!(
+            summary.num_packets_inserted,
+            sanitized_bundle.transactions.len()
+        );
+        assert_eq!(summary.num_bundles_dropped, 0);
+        assert_eq!(summary.num_bundles_inserted, 1);
+
+        consumer.consume_buffered_bundles(
+            &bank_start,
+            &mut bundle_storage,
+            &mut bundle_stage_leader_metrics,
+        );
+
+        let mut transactions = Vec::new();
+        while let Ok(WorkingBankEntry {
+            bank: wbe_bank,
+            entries_ticks,
+        }) = entry_receiver.recv()
+        {
+            assert_eq!(bank.slot(), wbe_bank.slot());
+            for (entry, _) in entries_ticks {
+                if !entry.transactions.is_empty() {
+                    // transactions in this test are all overlapping, so each entry will contain 1 transaction
+                    assert_eq!(entry.transactions.len(), 1);
+                    transactions.extend(entry.transactions);
+                }
+            }
+            if transactions.len() == sanitized_bundle.transactions.len() {
+                break;
+            }
+        }
+
+        let bundle_versioned_transactions: Vec<_> = sanitized_bundle
+            .transactions
+            .iter()
+            .map(|tx| tx.to_versioned_transaction())
+            .collect();
+        assert_eq!(transactions, bundle_versioned_transactions);
+
+        let check_results = bank.check_transactions(
+            &sanitized_bundle.transactions,
+            &vec![Ok(()); sanitized_bundle.transactions.len()],
+            MAX_PROCESSING_AGE,
+            &mut error_metrics,
+        );
+
+        let expected_result: Vec<TransactionCheckResult> =
+            vec![Err(TransactionError::AlreadyProcessed); sanitized_bundle.transactions.len()];
+
+        assert_eq!(check_results, expected_result);
+
+        poh_recorder
+            .write()
+            .unwrap()
+            .is_exited
+            .store(true, Ordering::Relaxed);
+        exit.store(true, Ordering::Relaxed);
+        poh_simulator.join().unwrap();
+        // TODO (LB): cleanup blockstore
+    }
+
+    /// Happy-path bundle execution to ensure tip management works.
+    /// Tip management involves cranking setup bundles before executing the test bundle
+    #[test]
+    fn test_bundle_tip_program_setup_success() {
+        solana_logger::setup();
+        let TestFixture {
+            genesis_config_info,
+            leader_keypair,
+            bank,
+            exit,
+            poh_recorder,
+            poh_simulator,
+            entry_receiver,
+            bank_forks: _bank_forks,
+        } = create_test_fixture(1_000_000);
+        let recorder = poh_recorder.read().unwrap().new_recorder();
+
+        let (replay_vote_sender, _replay_vote_receiver) = unbounded();
+        let committer = Committer::new(
+            None,
+            replay_vote_sender,
+            Arc::new(PrioritizationFeeCache::new(0u64)),
+        );
+
+        let block_builder_pubkey = Pubkey::new_unique();
+        let tip_manager = get_tip_manager(&genesis_config_info.voting_keypair.pubkey());
+        let block_builder_info = Arc::new(Mutex::new(BlockBuilderFeeInfo {
+            block_builder: block_builder_pubkey,
+            block_builder_commission: 10,
+        }));
+
+        let cluster_info = Arc::new(ClusterInfo::new(
+            ContactInfo::new(leader_keypair.pubkey(), 0, 0),
+            Arc::new(leader_keypair),
+            SocketAddrSpace::new(true),
+        ));
+
+        let mut consumer = BundleConsumer::new(
+            committer,
+            recorder,
+            QosService::new(1),
+            None,
+            tip_manager.clone(),
+            BundleAccountLocker::default(),
+            block_builder_info,
+            Duration::from_secs(10),
+            cluster_info.clone(),
+            BundleReservedSpaceManager::new(
+                MAX_BLOCK_UNITS,
+                3_000_000,
+                poh_recorder
+                    .read()
+                    .unwrap()
+                    .ticks_per_slot()
+                    .saturating_mul(8)
+                    .saturating_div(10),
+            ),
+        );
+
+        let bank_start = poh_recorder.read().unwrap().bank_start().unwrap();
+
+        let mut bundle_storage = UnprocessedTransactionStorage::new_bundle_storage();
+        let mut bundle_stage_leader_metrics = BundleStageLeaderMetrics::new(1);
+        // MAIN LOGIC
+
+        // a bundle that tips the tip program
+        let tip_accounts = tip_manager.get_tip_accounts();
+        let tip_account = tip_accounts.iter().collect::<Vec<_>>()[0];
+        let mut packet_bundle = PacketBundle {
+            batch: PacketBatch::new(vec![Packet::from_data(
+                None,
+                transfer(
+                    &genesis_config_info.mint_keypair,
+                    tip_account,
+                    1,
+                    genesis_config_info.genesis_config.hash(),
+                ),
+            )
+            .unwrap()]),
+            bundle_id: "test_transfer".to_string(),
+        };
+
+        let deserialized_bundle =
+            BundlePacketDeserializer::deserialize_bundle(&mut packet_bundle, false, None).unwrap();
+        let mut error_metrics = TransactionErrorMetrics::default();
+        let sanitized_bundle = deserialized_bundle
+            .build_sanitized_bundle(
+                &bank_start.working_bank,
+                &HashSet::default(),
+                &mut error_metrics,
+            )
+            .unwrap();
+
+        let summary = bundle_storage.insert_bundles(vec![deserialized_bundle]);
+        assert_eq!(summary.num_bundles_inserted, 1);
+        assert_eq!(summary.num_packets_inserted, 1);
+        assert_eq!(summary.num_bundles_dropped, 0);
+
+        consumer.consume_buffered_bundles(
+            &bank_start,
+            &mut bundle_storage,
+            &mut bundle_stage_leader_metrics,
+        );
+
+        // its expected there are 3 transactions. One to initialize the tip program configuration, one to change the tip receiver,
+        // and another with the tip
+
+        let mut transactions = Vec::new();
+        while let Ok(WorkingBankEntry {
+            bank: wbe_bank,
+            entries_ticks,
+        }) = entry_receiver.recv()
+        {
+            assert_eq!(bank.slot(), wbe_bank.slot());
+            transactions.extend(entries_ticks.into_iter().flat_map(|(e, _)| e.transactions));
+            if transactions.len() == 5 {
+                break;
+            }
+        }
+
+        // tip management on the first bundle involves:
+        // calling initialize on the tip payment and tip distribution programs
+        // creating the tip distribution account for this validator's epoch (the MEV piggy bank)
+        // changing the tip receiver and block builder tx
+        // the original transfer that was sent
+        let keypair = cluster_info.keypair().clone();
+
+        assert_eq!(
+            transactions[0],
+            tip_manager
+                .initialize_tip_payment_program_tx(&bank, &keypair)
+                .to_versioned_transaction()
+        );
+        assert_eq!(
+            transactions[1],
+            tip_manager
+                .initialize_tip_distribution_config_tx(&bank, &keypair)
+                .to_versioned_transaction()
+        );
+        assert_eq!(
+            transactions[2],
+            tip_manager
+                .initialize_tip_distribution_account_tx(&bank, &keypair)
+                .to_versioned_transaction()
+        );
+        // the first tip receiver + block builder are the initializer (keypair.pubkey()) as set by the
+        // TipPayment program during initialization
+        assert_eq!(
+            transactions[3],
+            tip_manager
+                .build_change_tip_receiver_and_block_builder_tx(
+                    &keypair.pubkey(),
+                    &derive_tip_distribution_account_address(
+                        &tip_manager.tip_distribution_program_id(),
+                        &genesis_config_info.validator_pubkey,
+                        bank_start.working_bank.epoch()
+                    )
+                    .0,
+                    &bank_start.working_bank,
+                    &keypair,
+                    &keypair.pubkey(),
+                    &block_builder_pubkey,
+                    10
+                )
+                .to_versioned_transaction()
+        );
+        assert_eq!(
+            transactions[4],
+            sanitized_bundle.transactions[0].to_versioned_transaction()
+        );
+
+        poh_recorder
+            .write()
+            .unwrap()
+            .is_exited
+            .store(true, Ordering::Relaxed);
+        exit.store(true, Ordering::Relaxed);
+        poh_simulator.join().unwrap();
+    }
+
+    #[test]
+    fn test_handle_tip_programs() {
+        solana_logger::setup();
+        let TestFixture {
+            genesis_config_info,
+            leader_keypair,
+            bank,
+            exit,
+            poh_recorder,
+            poh_simulator,
+            entry_receiver,
+            bank_forks: _bank_forks,
+        } = create_test_fixture(1_000_000);
+        let recorder = poh_recorder.read().unwrap().new_recorder();
+
+        let (replay_vote_sender, _replay_vote_receiver) = unbounded();
+        let committer = Committer::new(
+            None,
+            replay_vote_sender,
+            Arc::new(PrioritizationFeeCache::new(0u64)),
+        );
+
+        let block_builder_pubkey = Pubkey::new_unique();
+        let tip_manager = get_tip_manager(&genesis_config_info.voting_keypair.pubkey());
+        let block_builder_info = Arc::new(Mutex::new(BlockBuilderFeeInfo {
+            block_builder: block_builder_pubkey,
+            block_builder_commission: 10,
+        }));
+
+        let cluster_info = Arc::new(ClusterInfo::new(
+            ContactInfo::new(leader_keypair.pubkey(), 0, 0),
+            Arc::new(leader_keypair),
+            SocketAddrSpace::new(true),
+        ));
+
+        let bank_start = poh_recorder.read().unwrap().bank_start().unwrap();
+
+        let reserved_ticks = bank.max_tick_height().saturating_mul(8).saturating_div(10);
+
+        // The first 80% of the block, based on poh ticks, has `preallocated_bundle_cost` less compute units.
+        // The last 20% has has full compute so blockspace is maximized if BundleStage is idle.
+        let reserved_space =
+            BundleReservedSpaceManager::new(MAX_BLOCK_UNITS, 3_000_000, reserved_ticks);
+        let mut bundle_stage_leader_metrics = BundleStageLeaderMetrics::new(1);
+        assert_matches!(
+            BundleConsumer::handle_tip_programs(
+                &BundleAccountLocker::default(),
+                &tip_manager,
+                &cluster_info,
+                &block_builder_info,
+                &committer,
+                &recorder,
+                &QosService::new(1),
+                &None,
+                Duration::from_secs(10),
+                &reserved_space,
+                &bank_start,
+                &mut bundle_stage_leader_metrics
+            ),
+            Ok(())
+        );
+
+        let mut transactions = Vec::new();
+        while let Ok(WorkingBankEntry {
+            bank: wbe_bank,
+            entries_ticks,
+        }) = entry_receiver.recv()
+        {
+            assert_eq!(bank.slot(), wbe_bank.slot());
+            transactions.extend(entries_ticks.into_iter().flat_map(|(e, _)| e.transactions));
+            if transactions.len() == 4 {
+                break;
+            }
+        }
+
+        let keypair = cluster_info.keypair().clone();
+        // expect to see initialize tip payment program, tip distribution program, initialize tip distribution account, change tip receiver + change block builder
+        assert_eq!(
+            transactions[0],
+            tip_manager
+                .initialize_tip_payment_program_tx(&bank, &keypair)
+                .to_versioned_transaction()
+        );
+        assert_eq!(
+            transactions[1],
+            tip_manager
+                .initialize_tip_distribution_config_tx(&bank, &keypair)
+                .to_versioned_transaction()
+        );
+        assert_eq!(
+            transactions[2],
+            tip_manager
+                .initialize_tip_distribution_account_tx(&bank, &keypair)
+                .to_versioned_transaction()
+        );
+        // the first tip receiver + block builder are the initializer (keypair.pubkey()) as set by the
+        // TipPayment program during initialization
+        assert_eq!(
+            transactions[3],
+            tip_manager
+                .build_change_tip_receiver_and_block_builder_tx(
+                    &keypair.pubkey(),
+                    &derive_tip_distribution_account_address(
+                        &tip_manager.tip_distribution_program_id(),
+                        &genesis_config_info.validator_pubkey,
+                        bank_start.working_bank.epoch()
+                    )
+                    .0,
+                    &bank_start.working_bank,
+                    &keypair,
+                    &keypair.pubkey(),
+                    &block_builder_pubkey,
+                    10
+                )
+                .to_versioned_transaction()
+        );
+
+        poh_recorder
+            .write()
+            .unwrap()
+            .is_exited
+            .store(true, Ordering::Relaxed);
+        exit.store(true, Ordering::Relaxed);
+        poh_simulator.join().unwrap();
+    }
+
+    #[test]
+    fn test_reserve_bundle_blockspace_success() {
+        let GenesisConfigInfo { genesis_config, .. } = create_genesis_config(10);
+        let bank = Arc::new(Bank::new_for_tests(&genesis_config));
+
+        let keypair1 = Keypair::new();
+        let keypair2 = Keypair::new();
+        let transfer_tx = SanitizedTransaction::from_transaction_for_tests(transfer(
+            &keypair1,
+            &keypair2.pubkey(),
+            1,
+            bank.parent_hash(),
+        ));
+        let sanitized_bundle = SanitizedBundle {
+            transactions: vec![transfer_tx],
+            bundle_id: String::default(),
+        };
+
+        let transfer_cost =
+            CostModel::calculate_cost(&sanitized_bundle.transactions[0], &bank.feature_set);
+
+        let qos_service = QosService::new(1);
+        let reserved_ticks = bank.max_tick_height().saturating_mul(8).saturating_div(10);
+
+        // The first 80% of the block, based on poh ticks, has `preallocated_bundle_cost` less compute units.
+        // The last 20% has has full compute so blockspace is maximized if BundleStage is idle.
+        let reserved_space =
+            BundleReservedSpaceManager::new(MAX_BLOCK_UNITS, 3_000_000, reserved_ticks);
+
+        assert!(BundleConsumer::reserve_bundle_blockspace(
+            &qos_service,
+            &reserved_space,
+            &sanitized_bundle,
+            &bank
+        )
+        .is_ok());
+        assert_eq!(
+            bank.read_cost_tracker().unwrap().block_cost(),
+            transfer_cost.sum()
+        );
+    }
+
+    #[test]
+    fn test_reserve_bundle_blockspace_failure() {
+        let GenesisConfigInfo { genesis_config, .. } = create_genesis_config(10);
+        let bank = Arc::new(Bank::new_for_tests(&genesis_config));
+
+        let keypair1 = Keypair::new();
+        let keypair2 = Keypair::new();
+        let transfer_tx1 = SanitizedTransaction::from_transaction_for_tests(transfer(
+            &keypair1,
+            &keypair2.pubkey(),
+            1,
+            bank.parent_hash(),
+        ));
+        let transfer_tx2 = SanitizedTransaction::from_transaction_for_tests(transfer(
+            &keypair1,
+            &keypair2.pubkey(),
+            2,
+            bank.parent_hash(),
+        ));
+        let sanitized_bundle = SanitizedBundle {
+            transactions: vec![transfer_tx1, transfer_tx2],
+            bundle_id: String::default(),
+        };
+
+        // set block cost limit to 1 transfer transaction, try to process 2, should return an error
+        // and rollback block cost added
+        let transfer_cost =
+            CostModel::calculate_cost(&sanitized_bundle.transactions[0], &bank.feature_set);
+        bank.write_cost_tracker()
+            .unwrap()
+            .set_block_cost_limit(transfer_cost.sum());
+
+        let qos_service = QosService::new(1);
+        let reserved_ticks = bank.max_tick_height().saturating_mul(8).saturating_div(10);
+
+        // The first 80% of the block, based on poh ticks, has `preallocated_bundle_cost` less compute units.
+        // The last 20% has has full compute so blockspace is maximized if BundleStage is idle.
+        let reserved_space = BundleReservedSpaceManager::new(
+            bank.read_cost_tracker().unwrap().block_cost(),
+            50,
+            reserved_ticks,
+        );
+
+        assert!(BundleConsumer::reserve_bundle_blockspace(
+            &qos_service,
+            &reserved_space,
+            &sanitized_bundle,
+            &bank
+        )
+        .is_err());
+        assert_eq!(bank.read_cost_tracker().unwrap().block_cost(), 0);
+        assert_eq!(
+            bank.read_cost_tracker().unwrap().block_cost_limit(),
+            bank.read_cost_tracker()
+                .unwrap()
+                .block_cost_limit()
+                .saturating_sub(50)
+        );
+    }
+}
diff --git a/core/src/bundle_stage/bundle_packet_deserializer.rs b/core/src/bundle_stage/bundle_packet_deserializer.rs
new file mode 100644
index 0000000000..563902722e
--- /dev/null
+++ b/core/src/bundle_stage/bundle_packet_deserializer.rs
@@ -0,0 +1,271 @@
+//! Deserializes PacketBundles
+use {
+    crate::{
+        immutable_deserialized_bundle::{DeserializedBundleError, ImmutableDeserializedBundle},
+        packet_bundle::PacketBundle,
+    },
+    crossbeam_channel::{Receiver, RecvTimeoutError},
+    solana_runtime::bank_forks::BankForks,
+    solana_sdk::saturating_add_assign,
+    std::{
+        sync::{Arc, RwLock},
+        time::{Duration, Instant},
+    },
+};
+
+/// Results from deserializing packet batches.
+#[derive(Debug)]
+pub struct ReceiveBundleResults {
+    /// Deserialized bundles from all received bundle packets
+    pub deserialized_bundles: Vec<ImmutableDeserializedBundle>,
+    /// Number of dropped bundles
+    pub num_dropped_bundles: usize,
+}
+
+pub struct BundlePacketDeserializer {
+    /// Receiver for bundle packets
+    bundle_packet_receiver: Receiver<Vec<PacketBundle>>,
+    /// Provides working bank for deserializer to check feature activation
+    bank_forks: Arc<RwLock<BankForks>>,
+    /// Max packets per bundle
+    max_packets_per_bundle: Option<usize>,
+}
+
+impl BundlePacketDeserializer {
+    pub fn new(
+        bundle_packet_receiver: Receiver<Vec<PacketBundle>>,
+        bank_forks: Arc<RwLock<BankForks>>,
+        max_packets_per_bundle: Option<usize>,
+    ) -> Self {
+        Self {
+            bundle_packet_receiver,
+            bank_forks,
+            max_packets_per_bundle,
+        }
+    }
+
+    /// Handles receiving bundles and deserializing them
+    pub fn receive_bundles(
+        &self,
+        recv_timeout: Duration,
+        capacity: usize,
+    ) -> Result<ReceiveBundleResults, RecvTimeoutError> {
+        let (bundle_count, _packet_count, mut bundles) =
+            self.receive_until(recv_timeout, capacity)?;
+
+        // Note: this can be removed after feature `round_compute_unit_price` is activated in
+        // mainnet-beta
+        let _working_bank = self.bank_forks.read().unwrap().working_bank();
+        let round_compute_unit_price_enabled = false; // TODO get from working_bank.feature_set
+
+        Ok(Self::deserialize_and_collect_bundles(
+            bundle_count,
+            &mut bundles,
+            round_compute_unit_price_enabled,
+            self.max_packets_per_bundle,
+        ))
+    }
+
+    /// Deserialize packet batches, aggregates tracer packet stats, and collect
+    /// them into ReceivePacketResults
+    fn deserialize_and_collect_bundles(
+        bundle_count: usize,
+        bundles: &mut [PacketBundle],
+        round_compute_unit_price_enabled: bool,
+        max_packets_per_bundle: Option<usize>,
+    ) -> ReceiveBundleResults {
+        let mut deserialized_bundles = Vec::with_capacity(bundle_count);
+        let mut num_dropped_bundles: usize = 0;
+
+        for bundle in bundles.iter_mut() {
+            match Self::deserialize_bundle(
+                bundle,
+                round_compute_unit_price_enabled,
+                max_packets_per_bundle,
+            ) {
+                Ok(deserialized_bundle) => {
+                    deserialized_bundles.push(deserialized_bundle);
+                }
+                Err(_) => {
+                    saturating_add_assign!(num_dropped_bundles, 1);
+                }
+            }
+        }
+
+        ReceiveBundleResults {
+            deserialized_bundles,
+            num_dropped_bundles,
+        }
+    }
+
+    /// Receives bundle packets
+    fn receive_until(
+        &self,
+        recv_timeout: Duration,
+        bundle_count_upperbound: usize,
+    ) -> Result<(usize, usize, Vec<PacketBundle>), RecvTimeoutError> {
+        let start = Instant::now();
+
+        let mut bundles = self.bundle_packet_receiver.recv_timeout(recv_timeout)?;
+        let mut num_packets_received: usize = bundles.iter().map(|pb| pb.batch.len()).sum();
+        let mut num_bundles_received: usize = bundles.len();
+
+        if num_bundles_received <= bundle_count_upperbound {
+            while let Ok(bundle_packets) = self.bundle_packet_receiver.try_recv() {
+                trace!("got more packet batches in bundle packet deserializer");
+
+                saturating_add_assign!(
+                    num_packets_received,
+                    bundle_packets
+                        .iter()
+                        .map(|pb| pb.batch.len())
+                        .sum::<usize>()
+                );
+                saturating_add_assign!(num_bundles_received, bundle_packets.len());
+
+                bundles.extend(bundle_packets);
+
+                if start.elapsed() >= recv_timeout
+                    || num_bundles_received >= bundle_count_upperbound
+                {
+                    break;
+                }
+            }
+        }
+
+        Ok((num_bundles_received, num_packets_received, bundles))
+    }
+
+    /// Deserializes the Bundle into DeserializedBundlePackets, returning None if any packet in the
+    /// bundle failed to deserialize
+    pub fn deserialize_bundle(
+        bundle: &mut PacketBundle,
+        round_compute_unit_price_enabled: bool,
+        max_packets_per_bundle: Option<usize>,
+    ) -> Result<ImmutableDeserializedBundle, DeserializedBundleError> {
+        bundle.batch.iter_mut().for_each(|p| {
+            p.meta_mut()
+                .set_round_compute_unit_price(round_compute_unit_price_enabled);
+        });
+
+        ImmutableDeserializedBundle::new(bundle, max_packets_per_bundle)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use {
+        super::*,
+        crossbeam_channel::unbounded,
+        solana_ledger::genesis_utils::create_genesis_config,
+        solana_perf::packet::PacketBatch,
+        solana_runtime::{bank::Bank, genesis_utils::GenesisConfigInfo},
+        solana_sdk::{packet::Packet, signature::Signer, system_transaction::transfer},
+    };
+
+    #[test]
+    fn test_deserialize_and_collect_bundles_empty() {
+        let results =
+            BundlePacketDeserializer::deserialize_and_collect_bundles(0, &mut [], false, Some(5));
+        assert_eq!(results.deserialized_bundles.len(), 0);
+        assert_eq!(results.num_dropped_bundles, 0);
+    }
+
+    #[test]
+    fn test_receive_bundles_capacity() {
+        solana_logger::setup();
+
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (_, bank_forks) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let (sender, receiver) = unbounded();
+
+        let deserializer = BundlePacketDeserializer::new(receiver, bank_forks, Some(10));
+
+        let packet_bundles: Vec<_> = (0..10)
+            .map(|_| PacketBundle {
+                batch: PacketBatch::new(vec![Packet::from_data(
+                    None,
+                    transfer(
+                        &mint_keypair,
+                        &mint_keypair.pubkey(),
+                        100,
+                        genesis_config.hash(),
+                    ),
+                )
+                .unwrap()]),
+                bundle_id: String::default(),
+            })
+            .collect();
+
+        sender.send(packet_bundles.clone()).unwrap();
+
+        let bundles = deserializer
+            .receive_bundles(Duration::from_millis(100), 5)
+            .unwrap();
+        // this is confusing, but it's sent as one batch
+        assert_eq!(bundles.deserialized_bundles.len(), 10);
+        assert_eq!(bundles.num_dropped_bundles, 0);
+
+        // make sure empty
+        assert_matches!(
+            deserializer.receive_bundles(Duration::from_millis(100), 5),
+            Err(RecvTimeoutError::Timeout)
+        );
+
+        // send 2x 10 size batches. capacity is 5, but will return 10 since that's the batch size
+        sender.send(packet_bundles.clone()).unwrap();
+        sender.send(packet_bundles).unwrap();
+        let bundles = deserializer
+            .receive_bundles(Duration::from_millis(100), 5)
+            .unwrap();
+        assert_eq!(bundles.deserialized_bundles.len(), 10);
+        assert_eq!(bundles.num_dropped_bundles, 0);
+
+        let bundles = deserializer
+            .receive_bundles(Duration::from_millis(100), 5)
+            .unwrap();
+        assert_eq!(bundles.deserialized_bundles.len(), 10);
+        assert_eq!(bundles.num_dropped_bundles, 0);
+
+        assert_matches!(
+            deserializer.receive_bundles(Duration::from_millis(100), 5),
+            Err(RecvTimeoutError::Timeout)
+        );
+    }
+
+    #[test]
+    fn test_receive_bundles_bad_bundles() {
+        solana_logger::setup();
+
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair: _,
+            ..
+        } = create_genesis_config(10_000);
+        let (_, bank_forks) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let (sender, receiver) = unbounded();
+
+        let deserializer = BundlePacketDeserializer::new(receiver, bank_forks, Some(10));
+
+        let packet_bundles: Vec<_> = (0..10)
+            .map(|_| PacketBundle {
+                batch: PacketBatch::new(vec![]),
+                bundle_id: String::default(),
+            })
+            .collect();
+        sender.send(packet_bundles).unwrap();
+
+        let bundles = deserializer
+            .receive_bundles(Duration::from_millis(100), 5)
+            .unwrap();
+        // this is confusing, but it's sent as one batch
+        assert_eq!(bundles.deserialized_bundles.len(), 0);
+        assert_eq!(bundles.num_dropped_bundles, 10);
+    }
+}
diff --git a/core/src/bundle_stage/bundle_packet_receiver.rs b/core/src/bundle_stage/bundle_packet_receiver.rs
new file mode 100644
index 0000000000..c99d9aa020
--- /dev/null
+++ b/core/src/bundle_stage/bundle_packet_receiver.rs
@@ -0,0 +1,825 @@
+use {
+    super::BundleStageLoopMetrics,
+    crate::{
+        banking_stage::unprocessed_transaction_storage::UnprocessedTransactionStorage,
+        bundle_stage::{
+            bundle_packet_deserializer::{BundlePacketDeserializer, ReceiveBundleResults},
+            bundle_stage_leader_metrics::BundleStageLeaderMetrics,
+        },
+        immutable_deserialized_bundle::ImmutableDeserializedBundle,
+        packet_bundle::PacketBundle,
+    },
+    crossbeam_channel::{Receiver, RecvTimeoutError},
+    solana_measure::{measure::Measure, measure_us},
+    solana_runtime::bank_forks::BankForks,
+    solana_sdk::timing::timestamp,
+    std::{
+        sync::{Arc, RwLock},
+        time::Duration,
+    },
+};
+
+pub struct BundleReceiver {
+    id: u32,
+    bundle_packet_deserializer: BundlePacketDeserializer,
+}
+
+impl BundleReceiver {
+    pub fn new(
+        id: u32,
+        bundle_packet_receiver: Receiver<Vec<PacketBundle>>,
+        bank_forks: Arc<RwLock<BankForks>>,
+        max_packets_per_bundle: Option<usize>,
+    ) -> Self {
+        Self {
+            id,
+            bundle_packet_deserializer: BundlePacketDeserializer::new(
+                bundle_packet_receiver,
+                bank_forks,
+                max_packets_per_bundle,
+            ),
+        }
+    }
+
+    /// Receive incoming packets, push into unprocessed buffer with packet indexes
+    pub fn receive_and_buffer_bundles(
+        &mut self,
+        unprocessed_bundle_storage: &mut UnprocessedTransactionStorage,
+        bundle_stage_metrics: &mut BundleStageLoopMetrics,
+        bundle_stage_leader_metrics: &mut BundleStageLeaderMetrics,
+    ) -> Result<(), RecvTimeoutError> {
+        let (result, recv_time_us) = measure_us!({
+            let recv_timeout = Self::get_receive_timeout(unprocessed_bundle_storage);
+            let mut recv_and_buffer_measure = Measure::start("recv_and_buffer");
+            self.bundle_packet_deserializer
+                .receive_bundles(recv_timeout, unprocessed_bundle_storage.max_receive_size())
+                // Consumes results if Ok, otherwise we keep the Err
+                .map(|receive_bundle_results| {
+                    self.buffer_bundles(
+                        receive_bundle_results,
+                        unprocessed_bundle_storage,
+                        bundle_stage_metrics,
+                        // tracer_packet_stats,
+                        bundle_stage_leader_metrics,
+                    );
+                    recv_and_buffer_measure.stop();
+                    bundle_stage_metrics.increment_receive_and_buffer_bundles_elapsed_us(
+                        recv_and_buffer_measure.as_us(),
+                    );
+                })
+        });
+
+        bundle_stage_leader_metrics
+            .leader_slot_metrics_tracker()
+            .increment_receive_and_buffer_packets_us(recv_time_us);
+
+        result
+    }
+
+    fn get_receive_timeout(
+        unprocessed_transaction_storage: &UnprocessedTransactionStorage,
+    ) -> Duration {
+        // Gossip thread will almost always not wait because the transaction storage will most likely not be empty
+        if !unprocessed_transaction_storage.is_empty() {
+            // If there are buffered packets, run the equivalent of try_recv to try reading more
+            // packets. This prevents starving BankingStage::consume_buffered_packets due to
+            // buffered_packet_batches containing transactions that exceed the cost model for
+            // the current bank.
+            Duration::from_millis(0)
+        } else {
+            // BundleStage should pick up a working_bank as fast as possible
+            Duration::from_millis(100)
+        }
+    }
+
+    fn buffer_bundles(
+        &self,
+        ReceiveBundleResults {
+            deserialized_bundles,
+            num_dropped_bundles,
+        }: ReceiveBundleResults,
+        unprocessed_transaction_storage: &mut UnprocessedTransactionStorage,
+        bundle_stage_stats: &mut BundleStageLoopMetrics,
+        bundle_stage_leader_metrics: &mut BundleStageLeaderMetrics,
+    ) {
+        let bundle_count = deserialized_bundles.len();
+        let packet_count: usize = deserialized_bundles.iter().map(|b| b.len()).sum();
+
+        bundle_stage_stats.increment_num_bundles_received(bundle_count as u64);
+        bundle_stage_stats.increment_num_packets_received(packet_count as u64);
+        bundle_stage_stats.increment_num_bundles_dropped(num_dropped_bundles as u64);
+        // TODO (LB): fix this
+        // bundle_stage_leader_metrics
+        //     .leader_slot_metrics_tracker()
+        //     .increment_total_new_valid_packets(packet_count as u64);
+
+        debug!(
+            "@{:?} bundles: {} txs: {} id: {}",
+            timestamp(),
+            bundle_count,
+            packet_count,
+            self.id
+        );
+
+        Self::push_unprocessed(
+            unprocessed_transaction_storage,
+            deserialized_bundles,
+            bundle_stage_leader_metrics,
+            bundle_stage_stats,
+        );
+    }
+
+    fn push_unprocessed(
+        unprocessed_transaction_storage: &mut UnprocessedTransactionStorage,
+        deserialized_bundles: Vec<ImmutableDeserializedBundle>,
+        bundle_stage_leader_metrics: &mut BundleStageLeaderMetrics,
+        bundle_stage_stats: &mut BundleStageLoopMetrics,
+    ) {
+        if !deserialized_bundles.is_empty() {
+            let insert_bundles_summary =
+                unprocessed_transaction_storage.insert_bundles(deserialized_bundles);
+
+            bundle_stage_stats.increment_newly_buffered_bundles_count(
+                insert_bundles_summary.num_bundles_inserted as u64,
+            );
+            bundle_stage_stats
+                .increment_num_bundles_dropped(insert_bundles_summary.num_bundles_dropped as u64);
+
+            bundle_stage_leader_metrics
+                .leader_slot_metrics_tracker()
+                .increment_newly_buffered_packets_count(
+                    insert_bundles_summary.num_packets_inserted as u64,
+                );
+
+            bundle_stage_leader_metrics
+                .leader_slot_metrics_tracker()
+                .accumulate_insert_packet_batches_summary(
+                    &insert_bundles_summary.insert_packets_summary,
+                );
+        }
+    }
+}
+
+/// This tests functionality of BundlePacketReceiver and the internals of BundleStorage because
+/// they're tightly intertwined
+#[cfg(test)]
+mod tests {
+    use {
+        super::*,
+        crate::banking_stage::unprocessed_transaction_storage::BundleStorage,
+        crossbeam_channel::unbounded,
+        rand::{thread_rng, RngCore},
+        solana_bundle::{
+            bundle_execution::LoadAndExecuteBundleError, BundleExecutionError, TipError,
+        },
+        solana_ledger::genesis_utils::create_genesis_config,
+        solana_perf::packet::PacketBatch,
+        solana_poh::poh_recorder::PohRecorderError,
+        solana_runtime::{bank::Bank, genesis_utils::GenesisConfigInfo},
+        solana_sdk::{
+            bundle::{derive_bundle_id, SanitizedBundle},
+            hash::Hash,
+            packet::Packet,
+            signature::{Keypair, Signer},
+            system_transaction::transfer,
+            transaction::VersionedTransaction,
+        },
+        std::collections::HashSet,
+    };
+
+    /// Makes `num_bundles` random bundles with `num_packets_per_bundle` packets per bundle.
+    fn make_random_bundles(
+        mint_keypair: &Keypair,
+        num_bundles: usize,
+        num_packets_per_bundle: usize,
+        hash: Hash,
+    ) -> Vec<PacketBundle> {
+        let mut rng = thread_rng();
+
+        (0..num_bundles)
+            .map(|_| {
+                let transfers: Vec<_> = (0..num_packets_per_bundle)
+                    .map(|_| {
+                        VersionedTransaction::from(transfer(
+                            mint_keypair,
+                            &mint_keypair.pubkey(),
+                            rng.next_u64(),
+                            hash,
+                        ))
+                    })
+                    .collect();
+                let bundle_id = derive_bundle_id(&transfers);
+
+                PacketBundle {
+                    batch: PacketBatch::new(
+                        transfers
+                            .iter()
+                            .map(|tx| Packet::from_data(None, tx).unwrap())
+                            .collect(),
+                    ),
+                    bundle_id,
+                }
+            })
+            .collect()
+    }
+
+    fn assert_bundles_same(
+        packet_bundles: &[PacketBundle],
+        bundles_to_process: &[(ImmutableDeserializedBundle, SanitizedBundle)],
+    ) {
+        assert_eq!(packet_bundles.len(), bundles_to_process.len());
+        packet_bundles
+            .iter()
+            .zip(bundles_to_process.iter())
+            .for_each(|(packet_bundle, (_, sanitized_bundle))| {
+                assert_eq!(packet_bundle.bundle_id, sanitized_bundle.bundle_id);
+                assert_eq!(
+                    packet_bundle.batch.len(),
+                    sanitized_bundle.transactions.len()
+                );
+            });
+    }
+
+    #[test]
+    fn test_receive_bundles() {
+        solana_logger::setup();
+
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (_, bank_forks) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let mut unprocessed_storage = UnprocessedTransactionStorage::new_bundle_storage();
+
+        let (sender, receiver) = unbounded();
+        let mut bundle_receiver = BundleReceiver::new(0, receiver, bank_forks.clone(), Some(5));
+
+        let bundles = make_random_bundles(&mint_keypair, 10, 2, genesis_config.hash());
+        sender.send(bundles.clone()).unwrap();
+
+        let mut bundle_stage_stats = BundleStageLoopMetrics::default();
+        let mut bundle_stage_leader_metrics = BundleStageLeaderMetrics::new(0);
+        let result = bundle_receiver.receive_and_buffer_bundles(
+            &mut unprocessed_storage,
+            &mut bundle_stage_stats,
+            &mut bundle_stage_leader_metrics,
+        );
+        assert!(result.is_ok());
+
+        let bundle_storage = unprocessed_storage.bundle_storage().unwrap();
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 10);
+        assert_eq!(bundle_storage.unprocessed_packets_len(), 20);
+        assert_eq!(bundle_storage.cost_model_buffered_bundles_len(), 0);
+        assert_eq!(bundle_storage.cost_model_buffered_packets_len(), 0);
+        assert_eq!(bundle_storage.max_receive_size(), 990);
+
+        assert!(!bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                assert_bundles_same(&bundles, bundles_to_process);
+                (0..bundles_to_process.len()).map(|_| Ok(())).collect()
+            }
+        ));
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 0);
+        assert_eq!(bundle_storage.unprocessed_packets_len(), 0);
+        assert_eq!(bundle_storage.cost_model_buffered_bundles_len(), 0);
+        assert_eq!(bundle_storage.cost_model_buffered_packets_len(), 0);
+        assert_eq!(bundle_storage.max_receive_size(), 1000);
+    }
+
+    #[test]
+    fn test_receive_more_bundles_than_capacity() {
+        solana_logger::setup();
+
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (_, bank_forks) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let mut unprocessed_storage = UnprocessedTransactionStorage::new_bundle_storage();
+
+        let (sender, receiver) = unbounded();
+        let mut bundle_receiver = BundleReceiver::new(0, receiver, bank_forks.clone(), Some(5));
+
+        // send 5 more than capacity
+        let bundles = make_random_bundles(
+            &mint_keypair,
+            BundleStorage::BUNDLE_STORAGE_CAPACITY + 5,
+            2,
+            genesis_config.hash(),
+        );
+
+        sender.send(bundles.clone()).unwrap();
+
+        let mut bundle_stage_stats = BundleStageLoopMetrics::default();
+        let mut bundle_stage_leader_metrics = BundleStageLeaderMetrics::new(0);
+        let result = bundle_receiver.receive_and_buffer_bundles(
+            &mut unprocessed_storage,
+            &mut bundle_stage_stats,
+            &mut bundle_stage_leader_metrics,
+        );
+        assert!(result.is_ok());
+
+        let bundle_storage = unprocessed_storage.bundle_storage().unwrap();
+        // 1005 bundles were sent, but the capacity is 1000
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 1000);
+        assert_eq!(bundle_storage.unprocessed_packets_len(), 2000);
+        assert_eq!(bundle_storage.cost_model_buffered_bundles_len(), 0);
+        assert_eq!(bundle_storage.cost_model_buffered_packets_len(), 0);
+
+        assert!(!bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                // make sure the first 1000 bundles are the ones to process
+                assert_bundles_same(
+                    &bundles[0..BundleStorage::BUNDLE_STORAGE_CAPACITY],
+                    bundles_to_process,
+                );
+                (0..bundles_to_process.len()).map(|_| Ok(())).collect()
+            }
+        ));
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 0);
+        assert_eq!(bundle_storage.cost_model_buffered_bundles_len(), 0);
+    }
+
+    #[test]
+    fn test_process_bundles_poh_record_error_rebuffered() {
+        solana_logger::setup();
+
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (_, bank_forks) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let mut unprocessed_storage = UnprocessedTransactionStorage::new_bundle_storage();
+
+        let (sender, receiver) = unbounded();
+        let mut bundle_receiver = BundleReceiver::new(0, receiver, bank_forks.clone(), Some(5));
+
+        // send 5 bundles across the queue
+        let bundles = make_random_bundles(&mint_keypair, 5, 2, genesis_config.hash());
+        sender.send(bundles.clone()).unwrap();
+
+        let mut bundle_stage_stats = BundleStageLoopMetrics::default();
+        let mut bundle_stage_leader_metrics = BundleStageLeaderMetrics::new(0);
+        let result = bundle_receiver.receive_and_buffer_bundles(
+            &mut unprocessed_storage,
+            &mut bundle_stage_stats,
+            &mut bundle_stage_leader_metrics,
+        );
+        assert!(result.is_ok());
+
+        let poh_max_height_reached_index = 3;
+
+        let bundle_storage = unprocessed_storage.bundle_storage().unwrap();
+
+        // make sure poh end of slot reached + the correct bundles are buffered for the next time.
+        // bundles at index 3 + 4 are rebuffered
+        assert!(bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                assert_bundles_same(&bundles, bundles_to_process);
+
+                let mut results = vec![Ok(()); bundles_to_process.len()];
+
+                (poh_max_height_reached_index..bundles_to_process.len()).for_each(|index| {
+                    results[index] = Err(BundleExecutionError::PohRecordError(
+                        PohRecorderError::MaxHeightReached,
+                    ));
+                });
+                results
+            }
+        ));
+
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 2);
+        assert_eq!(bundle_storage.cost_model_buffered_bundles_len(), 0);
+        assert!(!bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                assert_bundles_same(&bundles[poh_max_height_reached_index..], bundles_to_process);
+                vec![Ok(()); bundles_to_process.len()]
+            }
+        ));
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 0);
+    }
+
+    #[test]
+    fn test_process_bundles_bank_processing_done_rebuffered() {
+        solana_logger::setup();
+
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (_, bank_forks) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let mut unprocessed_storage = UnprocessedTransactionStorage::new_bundle_storage();
+
+        let (sender, receiver) = unbounded();
+        let mut bundle_receiver = BundleReceiver::new(0, receiver, bank_forks.clone(), Some(5));
+
+        // send 5 bundles across the queue
+        let bundles = make_random_bundles(&mint_keypair, 5, 2, genesis_config.hash());
+        sender.send(bundles.clone()).unwrap();
+
+        let mut bundle_stage_stats = BundleStageLoopMetrics::default();
+        let mut bundle_stage_leader_metrics = BundleStageLeaderMetrics::new(0);
+        let result = bundle_receiver.receive_and_buffer_bundles(
+            &mut unprocessed_storage,
+            &mut bundle_stage_stats,
+            &mut bundle_stage_leader_metrics,
+        );
+        assert!(result.is_ok());
+
+        let bank_processing_done_index = 3;
+
+        let bundle_storage = unprocessed_storage.bundle_storage().unwrap();
+
+        // bundles at index 3 + 4 are rebuffered
+        assert!(bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                assert_bundles_same(&bundles, bundles_to_process);
+
+                let mut results = vec![Ok(()); bundles_to_process.len()];
+
+                (bank_processing_done_index..bundles_to_process.len()).for_each(|index| {
+                    results[index] = Err(BundleExecutionError::BankProcessingTimeLimitReached);
+                });
+                results
+            }
+        ));
+
+        // 0, 1, 2 processed; 3, 4 buffered
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 2);
+        assert_eq!(bundle_storage.cost_model_buffered_bundles_len(), 0);
+        assert!(!bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                assert_bundles_same(&bundles[bank_processing_done_index..], bundles_to_process);
+                vec![Ok(()); bundles_to_process.len()]
+            }
+        ));
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 0);
+    }
+
+    #[test]
+    fn test_process_bundles_bank_execution_error_dropped() {
+        solana_logger::setup();
+
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (_, bank_forks) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let mut unprocessed_storage = UnprocessedTransactionStorage::new_bundle_storage();
+
+        let (sender, receiver) = unbounded();
+        let mut bundle_receiver = BundleReceiver::new(0, receiver, bank_forks.clone(), Some(5));
+
+        // send 5 bundles across the queue
+        let bundles = make_random_bundles(&mint_keypair, 5, 2, genesis_config.hash());
+        sender.send(bundles.clone()).unwrap();
+
+        let mut bundle_stage_stats = BundleStageLoopMetrics::default();
+        let mut bundle_stage_leader_metrics = BundleStageLeaderMetrics::new(0);
+        let result = bundle_receiver.receive_and_buffer_bundles(
+            &mut unprocessed_storage,
+            &mut bundle_stage_stats,
+            &mut bundle_stage_leader_metrics,
+        );
+        assert!(result.is_ok());
+
+        let bundle_storage = unprocessed_storage.bundle_storage().unwrap();
+
+        assert!(!bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                assert_bundles_same(&bundles, bundles_to_process);
+                vec![
+                    Err(BundleExecutionError::TransactionFailure(
+                        LoadAndExecuteBundleError::ProcessingTimeExceeded(Duration::from_secs(1)),
+                    ));
+                    bundles_to_process.len()
+                ]
+            }
+        ));
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 0);
+    }
+
+    #[test]
+    fn test_process_bundles_tip_error_dropped() {
+        solana_logger::setup();
+
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (_, bank_forks) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let mut unprocessed_storage = UnprocessedTransactionStorage::new_bundle_storage();
+
+        let (sender, receiver) = unbounded();
+        let mut bundle_receiver = BundleReceiver::new(0, receiver, bank_forks.clone(), Some(5));
+
+        // send 5 bundles across the queue
+        let bundles = make_random_bundles(&mint_keypair, 5, 2, genesis_config.hash());
+        sender.send(bundles.clone()).unwrap();
+
+        let mut bundle_stage_stats = BundleStageLoopMetrics::default();
+        let mut bundle_stage_leader_metrics = BundleStageLeaderMetrics::new(0);
+        let result = bundle_receiver.receive_and_buffer_bundles(
+            &mut unprocessed_storage,
+            &mut bundle_stage_stats,
+            &mut bundle_stage_leader_metrics,
+        );
+        assert!(result.is_ok());
+
+        let bundle_storage = unprocessed_storage.bundle_storage().unwrap();
+
+        assert!(!bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                assert_bundles_same(&bundles, bundles_to_process);
+                vec![
+                    Err(BundleExecutionError::TipError(TipError::LockError));
+                    bundles_to_process.len()
+                ]
+            }
+        ));
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 0);
+    }
+
+    #[test]
+    fn test_process_bundles_lock_error_dropped() {
+        solana_logger::setup();
+
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (_, bank_forks) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let mut unprocessed_storage = UnprocessedTransactionStorage::new_bundle_storage();
+
+        let (sender, receiver) = unbounded();
+        let mut bundle_receiver = BundleReceiver::new(0, receiver, bank_forks.clone(), Some(5));
+
+        // send 5 bundles across the queue
+        let bundles = make_random_bundles(&mint_keypair, 5, 2, genesis_config.hash());
+        sender.send(bundles).unwrap();
+
+        let mut bundle_stage_stats = BundleStageLoopMetrics::default();
+        let mut bundle_stage_leader_metrics = BundleStageLeaderMetrics::new(0);
+        let result = bundle_receiver.receive_and_buffer_bundles(
+            &mut unprocessed_storage,
+            &mut bundle_stage_stats,
+            &mut bundle_stage_leader_metrics,
+        );
+        assert!(result.is_ok());
+
+        let bundle_storage = unprocessed_storage.bundle_storage().unwrap();
+
+        assert!(!bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                vec![Err(BundleExecutionError::LockError); bundles_to_process.len()]
+            }
+        ));
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 0);
+    }
+
+    #[test]
+    fn test_process_bundles_cost_model_exceeded_set_aside_and_requeued() {
+        solana_logger::setup();
+
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (_, bank_forks) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let mut unprocessed_storage = UnprocessedTransactionStorage::new_bundle_storage();
+
+        let (sender, receiver) = unbounded();
+        let mut bundle_receiver = BundleReceiver::new(0, receiver, bank_forks.clone(), Some(5));
+
+        // send 5 bundles across the queue
+        let bundles = make_random_bundles(&mint_keypair, 5, 2, genesis_config.hash());
+        sender.send(bundles.clone()).unwrap();
+
+        let mut bundle_stage_stats = BundleStageLoopMetrics::default();
+        let mut bundle_stage_leader_metrics = BundleStageLeaderMetrics::new(0);
+        let result = bundle_receiver.receive_and_buffer_bundles(
+            &mut unprocessed_storage,
+            &mut bundle_stage_stats,
+            &mut bundle_stage_leader_metrics,
+        );
+        assert!(result.is_ok());
+
+        let bundle_storage = unprocessed_storage.bundle_storage().unwrap();
+
+        // buffered bundles are moved to cost model side deque
+        assert!(!bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                assert_bundles_same(&bundles, bundles_to_process);
+                vec![Err(BundleExecutionError::ExceedsCostModel); bundles_to_process.len()]
+            }
+        ));
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 0);
+        assert_eq!(bundle_storage.cost_model_buffered_bundles_len(), 5);
+
+        // double check there's no bundles to process
+        assert!(!bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                assert!(bundles_to_process.is_empty());
+                vec![Ok(()); bundles_to_process.len()]
+            }
+        ));
+
+        // create a new bank w/ new slot number, cost model buffered packets should move back onto queue
+        // in the same order they were originally
+        let bank = bank_forks.read().unwrap().working_bank();
+        let new_bank = Arc::new(Bank::new_from_parent(
+            bank.clone(),
+            bank.collector_id(),
+            bank.slot() + 1,
+        ));
+        assert!(!bundle_storage.process_bundles(
+            new_bank,
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                // make sure same order as original
+                assert_bundles_same(&bundles, bundles_to_process);
+                vec![Ok(()); bundles_to_process.len()]
+            }
+        ));
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 0);
+        assert_eq!(bundle_storage.cost_model_buffered_bundles_len(), 0);
+    }
+
+    #[test]
+    fn test_process_bundles_cost_model_exceeded_buffer_capacity() {
+        solana_logger::setup();
+
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (_, bank_forks) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let mut unprocessed_storage = UnprocessedTransactionStorage::new_bundle_storage();
+
+        let (sender, receiver) = unbounded();
+        let mut bundle_receiver = BundleReceiver::new(0, receiver, bank_forks.clone(), Some(5));
+
+        // send 500 bundles across the queue
+        let bundles0 = make_random_bundles(
+            &mint_keypair,
+            BundleStorage::BUNDLE_STORAGE_CAPACITY / 2,
+            2,
+            genesis_config.hash(),
+        );
+        sender.send(bundles0.clone()).unwrap();
+
+        let mut bundle_stage_stats = BundleStageLoopMetrics::default();
+        let mut bundle_stage_leader_metrics = BundleStageLeaderMetrics::new(0);
+
+        // receive and buffer bundles to the cost model reserve to test the capacity/dropped bundles there
+        let result = bundle_receiver.receive_and_buffer_bundles(
+            &mut unprocessed_storage,
+            &mut bundle_stage_stats,
+            &mut bundle_stage_leader_metrics,
+        );
+        assert!(result.is_ok());
+
+        let bundle_storage = unprocessed_storage.bundle_storage().unwrap();
+        // buffered bundles are moved to cost model side deque
+        assert!(!bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                assert_bundles_same(&bundles0, bundles_to_process);
+                vec![Err(BundleExecutionError::ExceedsCostModel); bundles_to_process.len()]
+            }
+        ));
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 0);
+        assert_eq!(bundle_storage.cost_model_buffered_bundles_len(), 500);
+
+        let bundles1 = make_random_bundles(
+            &mint_keypair,
+            BundleStorage::BUNDLE_STORAGE_CAPACITY / 2,
+            2,
+            genesis_config.hash(),
+        );
+        sender.send(bundles1.clone()).unwrap();
+        // should get 500 more bundles, cost model buffered length should be 1000
+        let result = bundle_receiver.receive_and_buffer_bundles(
+            &mut unprocessed_storage,
+            &mut bundle_stage_stats,
+            &mut bundle_stage_leader_metrics,
+        );
+        assert!(result.is_ok());
+
+        let bundle_storage = unprocessed_storage.bundle_storage().unwrap();
+        // buffered bundles are moved to cost model side deque
+        assert!(!bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                assert_bundles_same(&bundles1, bundles_to_process);
+                vec![Err(BundleExecutionError::ExceedsCostModel); bundles_to_process.len()]
+            }
+        ));
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 0);
+        assert_eq!(bundle_storage.cost_model_buffered_bundles_len(), 1000); // full now
+
+        // send 10 bundles to go over capacity
+        let bundles2 = make_random_bundles(&mint_keypair, 10, 2, genesis_config.hash());
+        sender.send(bundles2.clone()).unwrap();
+
+        // this set will get dropped from cost model buffered bundles
+        let result = bundle_receiver.receive_and_buffer_bundles(
+            &mut unprocessed_storage,
+            &mut bundle_stage_stats,
+            &mut bundle_stage_leader_metrics,
+        );
+        assert!(result.is_ok());
+
+        let bundle_storage = unprocessed_storage.bundle_storage().unwrap();
+        // buffered bundles are moved to cost model side deque, but its at capacity so stays the same size
+        assert!(!bundle_storage.process_bundles(
+            bank_forks.read().unwrap().working_bank(),
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                assert_bundles_same(&bundles2, bundles_to_process);
+                vec![Err(BundleExecutionError::ExceedsCostModel); bundles_to_process.len()]
+            }
+        ));
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 0);
+        assert_eq!(bundle_storage.cost_model_buffered_bundles_len(), 1000);
+
+        // create new bank then call process_bundles again, expect to see [bundles1,bundles2]
+        let bank = bank_forks.read().unwrap().working_bank();
+        let new_bank = Arc::new(Bank::new_from_parent(
+            bank.clone(),
+            bank.collector_id(),
+            bank.slot() + 1,
+        ));
+        assert!(!bundle_storage.process_bundles(
+            new_bank,
+            &mut bundle_stage_leader_metrics,
+            &HashSet::default(),
+            |bundles_to_process, _stats| {
+                // make sure same order as original
+                let expected_bundles: Vec<_> =
+                    bundles0.iter().chain(bundles1.iter()).cloned().collect();
+                assert_bundles_same(&expected_bundles, bundles_to_process);
+                vec![Ok(()); bundles_to_process.len()]
+            }
+        ));
+        assert_eq!(bundle_storage.unprocessed_bundles_len(), 0);
+        assert_eq!(bundle_storage.cost_model_buffered_bundles_len(), 0);
+    }
+}
diff --git a/core/src/bundle_stage/bundle_reserved_space_manager.rs b/core/src/bundle_stage/bundle_reserved_space_manager.rs
new file mode 100644
index 0000000000..24cca76aa1
--- /dev/null
+++ b/core/src/bundle_stage/bundle_reserved_space_manager.rs
@@ -0,0 +1,237 @@
+use {solana_runtime::bank::Bank, solana_sdk::clock::Slot, std::sync::Arc};
+
+/// Manager responsible for reserving `bundle_reserved_cost` during the first `reserved_ticks` of a bank
+/// and resetting the block cost limit to `block_cost_limit` after the reserved tick period is over
+pub struct BundleReservedSpaceManager {
+    // the bank's cost limit
+    block_cost_limit: u64,
+    // bundles get this much reserved space for the first reserved_ticks
+    bundle_reserved_cost: u64,
+    // a reduced block_compute_limit is reserved for this many ticks, afterwards it goes back to full cost
+    reserved_ticks: u64,
+    last_slot_updated: Slot,
+}
+
+impl BundleReservedSpaceManager {
+    pub fn new(block_cost_limit: u64, bundle_reserved_cost: u64, reserved_ticks: u64) -> Self {
+        Self {
+            block_cost_limit,
+            bundle_reserved_cost,
+            reserved_ticks,
+            last_slot_updated: u64::MAX,
+        }
+    }
+
+    /// Call this on creation of new bank and periodically while bundle processing
+    /// to manage the block_cost_limits
+    pub fn tick(&mut self, bank: &Arc<Bank>) {
+        if self.last_slot_updated == bank.slot() && !self.is_in_reserved_tick_period(bank) {
+            // new slot logic already ran, need to revert the block cost limit to original if
+            // ticks are past the reserved tick mark
+            debug!(
+                "slot: {} ticks: {}, resetting block_cost_limit to {}",
+                bank.slot(),
+                bank.tick_height(),
+                self.block_cost_limit
+            );
+            bank.write_cost_tracker()
+                .unwrap()
+                .set_block_cost_limit(self.block_cost_limit);
+        } else if self.last_slot_updated != bank.slot() && self.is_in_reserved_tick_period(bank) {
+            // new slot, if in the first max_tick - tick_height slots reserve space
+            // otherwise can leave the current block limit as is
+            let new_block_cost_limit = self.reduced_block_cost_limit();
+            debug!(
+                "slot: {} ticks: {}, reserving block_cost_limit with block_cost_limit of {}",
+                bank.slot(),
+                bank.tick_height(),
+                new_block_cost_limit
+            );
+            bank.write_cost_tracker()
+                .unwrap()
+                .set_block_cost_limit(new_block_cost_limit);
+            self.last_slot_updated = bank.slot();
+        }
+    }
+
+    /// return true if the bank is still in the period where block_cost_limits is reduced
+    pub fn is_in_reserved_tick_period(&self, bank: &Bank) -> bool {
+        bank.tick_height() % bank.ticks_per_slot() < self.reserved_ticks
+    }
+
+    /// return the block_cost_limits as determined by the tick height of the bank
+    pub fn expected_block_cost_limits(&self, bank: &Bank) -> u64 {
+        if self.is_in_reserved_tick_period(bank) {
+            self.reduced_block_cost_limit()
+        } else {
+            self.block_cost_limit()
+        }
+    }
+
+    pub fn reduced_block_cost_limit(&self) -> u64 {
+        self.block_cost_limit
+            .saturating_sub(self.bundle_reserved_cost)
+    }
+
+    pub fn block_cost_limit(&self) -> u64 {
+        self.block_cost_limit
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use {
+        crate::bundle_stage::bundle_reserved_space_manager::BundleReservedSpaceManager,
+        solana_ledger::genesis_utils::create_genesis_config, solana_runtime::bank::Bank,
+        solana_sdk::pubkey::Pubkey, std::sync::Arc,
+    };
+
+    #[test]
+    fn test_reserve_block_cost_limits_during_reserved_ticks() {
+        const BUNDLE_BLOCK_COST_LIMITS_RESERVATION: u64 = 100;
+
+        let genesis_config_info = create_genesis_config(100);
+        let bank = Arc::new(Bank::new_for_tests(&genesis_config_info.genesis_config));
+
+        let block_cost_limits = bank.read_cost_tracker().unwrap().block_cost_limit();
+
+        let mut reserved_space = BundleReservedSpaceManager::new(
+            block_cost_limits,
+            BUNDLE_BLOCK_COST_LIMITS_RESERVATION,
+            5,
+        );
+        reserved_space.tick(&bank);
+
+        assert_eq!(
+            bank.read_cost_tracker().unwrap().block_cost_limit(),
+            block_cost_limits - BUNDLE_BLOCK_COST_LIMITS_RESERVATION
+        );
+    }
+
+    #[test]
+    fn test_dont_reserve_block_cost_limits_after_reserved_ticks() {
+        const BUNDLE_BLOCK_COST_LIMITS_RESERVATION: u64 = 100;
+
+        let genesis_config_info = create_genesis_config(100);
+        let bank = Arc::new(Bank::new_for_tests(&genesis_config_info.genesis_config));
+
+        let block_cost_limits = bank.read_cost_tracker().unwrap().block_cost_limit();
+
+        for _ in 0..5 {
+            bank.register_default_tick_for_test();
+        }
+
+        let mut reserved_space = BundleReservedSpaceManager::new(
+            block_cost_limits,
+            BUNDLE_BLOCK_COST_LIMITS_RESERVATION,
+            5,
+        );
+        reserved_space.tick(&bank);
+
+        assert_eq!(
+            bank.read_cost_tracker().unwrap().block_cost_limit(),
+            block_cost_limits
+        );
+    }
+
+    #[test]
+    fn test_dont_reset_block_cost_limits_during_reserved_ticks() {
+        const BUNDLE_BLOCK_COST_LIMITS_RESERVATION: u64 = 100;
+
+        let genesis_config_info = create_genesis_config(100);
+        let bank = Arc::new(Bank::new_for_tests(&genesis_config_info.genesis_config));
+
+        let block_cost_limits = bank.read_cost_tracker().unwrap().block_cost_limit();
+
+        let mut reserved_space = BundleReservedSpaceManager::new(
+            block_cost_limits,
+            BUNDLE_BLOCK_COST_LIMITS_RESERVATION,
+            5,
+        );
+
+        reserved_space.tick(&bank);
+        bank.register_default_tick_for_test();
+        reserved_space.tick(&bank);
+
+        assert_eq!(
+            bank.read_cost_tracker().unwrap().block_cost_limit(),
+            block_cost_limits - BUNDLE_BLOCK_COST_LIMITS_RESERVATION
+        );
+    }
+
+    #[test]
+    fn test_reset_block_cost_limits_after_reserved_ticks() {
+        const BUNDLE_BLOCK_COST_LIMITS_RESERVATION: u64 = 100;
+
+        let genesis_config_info = create_genesis_config(100);
+        let bank = Arc::new(Bank::new_for_tests(&genesis_config_info.genesis_config));
+
+        let block_cost_limits = bank.read_cost_tracker().unwrap().block_cost_limit();
+
+        let mut reserved_space = BundleReservedSpaceManager::new(
+            block_cost_limits,
+            BUNDLE_BLOCK_COST_LIMITS_RESERVATION,
+            5,
+        );
+
+        reserved_space.tick(&bank);
+
+        for _ in 0..5 {
+            bank.register_default_tick_for_test();
+        }
+        reserved_space.tick(&bank);
+
+        assert_eq!(
+            bank.read_cost_tracker().unwrap().block_cost_limit(),
+            block_cost_limits
+        );
+    }
+
+    #[test]
+    fn test_block_limits_after_first_slot() {
+        const BUNDLE_BLOCK_COST_LIMITS_RESERVATION: u64 = 100;
+        const RESERVED_TICKS: u64 = 5;
+        let genesis_config_info = create_genesis_config(100);
+        let bank = Arc::new(Bank::new_for_tests(&genesis_config_info.genesis_config));
+
+        for _ in 0..genesis_config_info.genesis_config.ticks_per_slot {
+            bank.register_default_tick_for_test();
+        }
+        assert!(bank.is_complete());
+        bank.freeze();
+        assert_eq!(
+            bank.read_cost_tracker().unwrap().block_cost_limit(),
+            solana_cost_model::block_cost_limits::MAX_BLOCK_UNITS,
+        );
+
+        let bank1 = Arc::new(Bank::new_from_parent(bank.clone(), &Pubkey::default(), 1));
+        assert_eq!(bank1.slot(), 1);
+        assert_eq!(bank1.tick_height(), 64);
+        assert_eq!(bank1.max_tick_height(), 128);
+
+        // reserve space
+        let block_cost_limits = bank1.read_cost_tracker().unwrap().block_cost_limit();
+        let mut reserved_space = BundleReservedSpaceManager::new(
+            block_cost_limits,
+            BUNDLE_BLOCK_COST_LIMITS_RESERVATION,
+            RESERVED_TICKS,
+        );
+        reserved_space.tick(&bank1);
+
+        // wait for reservation to be over
+        (0..RESERVED_TICKS).for_each(|_| {
+            bank1.register_default_tick_for_test();
+            assert_eq!(
+                bank1.read_cost_tracker().unwrap().block_cost_limit(),
+                block_cost_limits - BUNDLE_BLOCK_COST_LIMITS_RESERVATION
+            );
+        });
+        reserved_space.tick(&bank1);
+
+        // after reservation, revert back to normal limit
+        assert_eq!(
+            bank1.read_cost_tracker().unwrap().block_cost_limit(),
+            solana_cost_model::block_cost_limits::MAX_BLOCK_UNITS,
+        );
+    }
+}
diff --git a/core/src/bundle_stage/bundle_stage_leader_metrics.rs b/core/src/bundle_stage/bundle_stage_leader_metrics.rs
new file mode 100644
index 0000000000..97bbe7ac29
--- /dev/null
+++ b/core/src/bundle_stage/bundle_stage_leader_metrics.rs
@@ -0,0 +1,506 @@
+use {
+    crate::{
+        banking_stage::{
+            leader_slot_metrics::{self, LeaderSlotMetricsTracker},
+            unprocessed_transaction_storage::UnprocessedTransactionStorage,
+        },
+        immutable_deserialized_bundle::DeserializedBundleError,
+    },
+    solana_bundle::{bundle_execution::LoadAndExecuteBundleError, BundleExecutionError},
+    solana_poh::poh_recorder::BankStart,
+    solana_sdk::{bundle::SanitizedBundle, clock::Slot, saturating_add_assign},
+};
+
+pub struct BundleStageLeaderMetrics {
+    bundle_stage_metrics_tracker: BundleStageStatsMetricsTracker,
+    leader_slot_metrics_tracker: LeaderSlotMetricsTracker,
+}
+
+pub(crate) enum MetricsTrackerAction {
+    Noop,
+    ReportAndResetTracker,
+    NewTracker(Option<BundleStageStats>),
+    ReportAndNewTracker(Option<BundleStageStats>),
+}
+
+impl BundleStageLeaderMetrics {
+    pub fn new(id: u32) -> Self {
+        Self {
+            bundle_stage_metrics_tracker: BundleStageStatsMetricsTracker::new(id),
+            leader_slot_metrics_tracker: LeaderSlotMetricsTracker::new(id),
+        }
+    }
+
+    pub(crate) fn check_leader_slot_boundary(
+        &mut self,
+        bank_start: Option<&BankStart>,
+        unprocessed_transaction_storage: Option<&UnprocessedTransactionStorage>,
+    ) -> (
+        leader_slot_metrics::MetricsTrackerAction,
+        MetricsTrackerAction,
+    ) {
+        let banking_stage_metrics_action = self
+            .leader_slot_metrics_tracker
+            .check_leader_slot_boundary(bank_start, unprocessed_transaction_storage);
+        let bundle_stage_metrics_action = self
+            .bundle_stage_metrics_tracker
+            .check_leader_slot_boundary(bank_start);
+        (banking_stage_metrics_action, bundle_stage_metrics_action)
+    }
+
+    pub(crate) fn apply_action(
+        &mut self,
+        banking_stage_metrics_action: leader_slot_metrics::MetricsTrackerAction,
+        bundle_stage_metrics_action: MetricsTrackerAction,
+    ) -> Option<Slot> {
+        self.leader_slot_metrics_tracker
+            .apply_action(banking_stage_metrics_action);
+        self.bundle_stage_metrics_tracker
+            .apply_action(bundle_stage_metrics_action)
+    }
+
+    pub fn leader_slot_metrics_tracker(&mut self) -> &mut LeaderSlotMetricsTracker {
+        &mut self.leader_slot_metrics_tracker
+    }
+
+    pub fn bundle_stage_metrics_tracker(&mut self) -> &mut BundleStageStatsMetricsTracker {
+        &mut self.bundle_stage_metrics_tracker
+    }
+}
+
+pub struct BundleStageStatsMetricsTracker {
+    bundle_stage_metrics: Option<BundleStageStats>,
+    id: u32,
+}
+
+impl BundleStageStatsMetricsTracker {
+    pub fn new(id: u32) -> Self {
+        Self {
+            bundle_stage_metrics: None,
+            id,
+        }
+    }
+
+    /// Similar to as LeaderSlotMetricsTracker::check_leader_slot_boundary
+    pub(crate) fn check_leader_slot_boundary(
+        &mut self,
+        bank_start: Option<&BankStart>,
+    ) -> MetricsTrackerAction {
+        match (self.bundle_stage_metrics.as_mut(), bank_start) {
+            (None, None) => MetricsTrackerAction::Noop,
+            (Some(_), None) => MetricsTrackerAction::ReportAndResetTracker,
+            // Our leader slot has begun, time to create a new slot tracker
+            (None, Some(bank_start)) => MetricsTrackerAction::NewTracker(Some(
+                BundleStageStats::new(self.id, bank_start.working_bank.slot()),
+            )),
+            (Some(bundle_stage_metrics), Some(bank_start)) => {
+                if bundle_stage_metrics.slot != bank_start.working_bank.slot() {
+                    // Last slot has ended, new slot has began
+                    MetricsTrackerAction::ReportAndNewTracker(Some(BundleStageStats::new(
+                        self.id,
+                        bank_start.working_bank.slot(),
+                    )))
+                } else {
+                    MetricsTrackerAction::Noop
+                }
+            }
+        }
+    }
+
+    /// Similar to LeaderSlotMetricsTracker::apply_action
+    pub(crate) fn apply_action(&mut self, action: MetricsTrackerAction) -> Option<Slot> {
+        match action {
+            MetricsTrackerAction::Noop => None,
+            MetricsTrackerAction::ReportAndResetTracker => {
+                let mut reported_slot = None;
+                if let Some(bundle_stage_metrics) = self.bundle_stage_metrics.as_mut() {
+                    bundle_stage_metrics.report();
+                    reported_slot = bundle_stage_metrics.reported_slot();
+                }
+                self.bundle_stage_metrics = None;
+                reported_slot
+            }
+            MetricsTrackerAction::NewTracker(new_bundle_stage_metrics) => {
+                self.bundle_stage_metrics = new_bundle_stage_metrics;
+                self.bundle_stage_metrics.as_ref().unwrap().reported_slot()
+            }
+            MetricsTrackerAction::ReportAndNewTracker(new_bundle_stage_metrics) => {
+                let mut reported_slot = None;
+                if let Some(bundle_stage_metrics) = self.bundle_stage_metrics.as_mut() {
+                    bundle_stage_metrics.report();
+                    reported_slot = bundle_stage_metrics.reported_slot();
+                }
+                self.bundle_stage_metrics = new_bundle_stage_metrics;
+                reported_slot
+            }
+        }
+    }
+
+    pub(crate) fn increment_sanitize_transaction_result(
+        &mut self,
+        result: &Result<SanitizedBundle, DeserializedBundleError>,
+    ) {
+        if let Some(bundle_stage_metrics) = self.bundle_stage_metrics.as_mut() {
+            match result {
+                Ok(_) => {
+                    saturating_add_assign!(bundle_stage_metrics.sanitize_transaction_ok, 1);
+                }
+                Err(e) => match e {
+                    DeserializedBundleError::VoteOnlyMode => {
+                        saturating_add_assign!(
+                            bundle_stage_metrics.sanitize_transaction_vote_only_mode,
+                            1
+                        );
+                    }
+                    DeserializedBundleError::BlacklistedAccount => {
+                        saturating_add_assign!(
+                            bundle_stage_metrics.sanitize_transaction_blacklisted_account,
+                            1
+                        );
+                    }
+                    DeserializedBundleError::FailedToSerializeTransaction => {
+                        saturating_add_assign!(
+                            bundle_stage_metrics.sanitize_transaction_failed_to_serialize,
+                            1
+                        );
+                    }
+                    DeserializedBundleError::DuplicateTransaction => {
+                        saturating_add_assign!(
+                            bundle_stage_metrics.sanitize_transaction_duplicate_transaction,
+                            1
+                        );
+                    }
+                    DeserializedBundleError::FailedCheckTransactions => {
+                        saturating_add_assign!(
+                            bundle_stage_metrics.sanitize_transaction_failed_check,
+                            1
+                        );
+                    }
+                    DeserializedBundleError::FailedToSerializePacket => {
+                        saturating_add_assign!(
+                            bundle_stage_metrics.sanitize_transaction_failed_to_serialize,
+                            1
+                        );
+                    }
+                    DeserializedBundleError::EmptyBatch => {
+                        saturating_add_assign!(
+                            bundle_stage_metrics.sanitize_transaction_failed_empty_batch,
+                            1
+                        );
+                    }
+                    DeserializedBundleError::TooManyPackets => {
+                        saturating_add_assign!(
+                            bundle_stage_metrics.sanitize_transaction_failed_too_many_packets,
+                            1
+                        );
+                    }
+                    DeserializedBundleError::MarkedDiscard => {
+                        saturating_add_assign!(
+                            bundle_stage_metrics.sanitize_transaction_failed_marked_discard,
+                            1
+                        );
+                    }
+                    DeserializedBundleError::SignatureVerificationFailure => {
+                        saturating_add_assign!(
+                            bundle_stage_metrics.sanitize_transaction_failed_sig_verify_failed,
+                            1
+                        );
+                    }
+                },
+            }
+        }
+    }
+
+    pub fn increment_bundle_execution_result(&mut self, result: &Result<(), BundleExecutionError>) {
+        if let Some(bundle_stage_metrics) = &mut self.bundle_stage_metrics {
+            match result {
+                Ok(_) => {
+                    saturating_add_assign!(bundle_stage_metrics.execution_results_ok, 1);
+                }
+                Err(BundleExecutionError::PohRecordError(_))
+                | Err(BundleExecutionError::BankProcessingTimeLimitReached) => {
+                    saturating_add_assign!(
+                        bundle_stage_metrics.execution_results_poh_max_height,
+                        1
+                    );
+                }
+                Err(BundleExecutionError::TransactionFailure(
+                    LoadAndExecuteBundleError::ProcessingTimeExceeded(_),
+                )) => {
+                    saturating_add_assign!(bundle_stage_metrics.num_execution_timeouts, 1);
+                }
+                Err(BundleExecutionError::TransactionFailure(
+                    LoadAndExecuteBundleError::TransactionError { .. },
+                )) => {
+                    saturating_add_assign!(
+                        bundle_stage_metrics.execution_results_transaction_failures,
+                        1
+                    );
+                }
+                Err(BundleExecutionError::TransactionFailure(
+                    LoadAndExecuteBundleError::LockError { .. },
+                ))
+                | Err(BundleExecutionError::LockError) => {
+                    saturating_add_assign!(bundle_stage_metrics.num_lock_errors, 1);
+                }
+                Err(BundleExecutionError::ExceedsCostModel) => {
+                    saturating_add_assign!(
+                        bundle_stage_metrics.execution_results_exceeds_cost_model,
+                        1
+                    );
+                }
+                Err(BundleExecutionError::TipError(_)) => {
+                    saturating_add_assign!(bundle_stage_metrics.execution_results_tip_errors, 1);
+                }
+                Err(BundleExecutionError::TransactionFailure(
+                    LoadAndExecuteBundleError::InvalidPreOrPostAccounts,
+                )) => {
+                    saturating_add_assign!(bundle_stage_metrics.bad_argument, 1);
+                }
+            }
+        }
+    }
+
+    pub(crate) fn increment_sanitize_bundle_elapsed_us(&mut self, count: u64) {
+        if let Some(bundle_stage_metrics) = &mut self.bundle_stage_metrics {
+            saturating_add_assign!(bundle_stage_metrics.sanitize_bundle_elapsed_us, count);
+        }
+    }
+
+    pub(crate) fn increment_locked_bundle_elapsed_us(&mut self, count: u64) {
+        if let Some(bundle_stage_metrics) = &mut self.bundle_stage_metrics {
+            saturating_add_assign!(bundle_stage_metrics.locked_bundle_elapsed_us, count);
+        }
+    }
+
+    pub(crate) fn increment_num_init_tip_account_errors(&mut self, count: u64) {
+        if let Some(bundle_stage_metrics) = &mut self.bundle_stage_metrics {
+            saturating_add_assign!(bundle_stage_metrics.num_init_tip_account_errors, count);
+        }
+    }
+
+    pub(crate) fn increment_num_init_tip_account_ok(&mut self, count: u64) {
+        if let Some(bundle_stage_metrics) = &mut self.bundle_stage_metrics {
+            saturating_add_assign!(bundle_stage_metrics.num_init_tip_account_ok, count);
+        }
+    }
+
+    pub(crate) fn increment_num_change_tip_receiver_errors(&mut self, count: u64) {
+        if let Some(bundle_stage_metrics) = &mut self.bundle_stage_metrics {
+            saturating_add_assign!(bundle_stage_metrics.num_change_tip_receiver_errors, count);
+        }
+    }
+
+    pub(crate) fn increment_num_change_tip_receiver_ok(&mut self, count: u64) {
+        if let Some(bundle_stage_metrics) = &mut self.bundle_stage_metrics {
+            saturating_add_assign!(bundle_stage_metrics.num_change_tip_receiver_ok, count);
+        }
+    }
+
+    pub(crate) fn increment_change_tip_receiver_elapsed_us(&mut self, count: u64) {
+        if let Some(bundle_stage_metrics) = &mut self.bundle_stage_metrics {
+            saturating_add_assign!(bundle_stage_metrics.change_tip_receiver_elapsed_us, count);
+        }
+    }
+
+    pub(crate) fn increment_num_execution_retries(&mut self, count: u64) {
+        if let Some(bundle_stage_metrics) = &mut self.bundle_stage_metrics {
+            saturating_add_assign!(bundle_stage_metrics.num_execution_retries, count);
+        }
+    }
+
+    pub(crate) fn increment_execute_locked_bundles_elapsed_us(&mut self, count: u64) {
+        if let Some(bundle_stage_metrics) = &mut self.bundle_stage_metrics {
+            saturating_add_assign!(
+                bundle_stage_metrics.execute_locked_bundles_elapsed_us,
+                count
+            );
+        }
+    }
+}
+
+#[derive(Default)]
+pub struct BundleStageStats {
+    id: u32,
+    slot: u64,
+    is_reported: bool,
+
+    sanitize_transaction_ok: u64,
+    sanitize_transaction_vote_only_mode: u64,
+    sanitize_transaction_blacklisted_account: u64,
+    sanitize_transaction_failed_to_serialize: u64,
+    sanitize_transaction_duplicate_transaction: u64,
+    sanitize_transaction_failed_check: u64,
+    sanitize_bundle_elapsed_us: u64,
+    sanitize_transaction_failed_empty_batch: u64,
+    sanitize_transaction_failed_too_many_packets: u64,
+    sanitize_transaction_failed_marked_discard: u64,
+    sanitize_transaction_failed_sig_verify_failed: u64,
+
+    locked_bundle_elapsed_us: u64,
+
+    num_lock_errors: u64,
+
+    num_init_tip_account_errors: u64,
+    num_init_tip_account_ok: u64,
+
+    num_change_tip_receiver_errors: u64,
+    num_change_tip_receiver_ok: u64,
+    change_tip_receiver_elapsed_us: u64,
+
+    num_execution_timeouts: u64,
+    num_execution_retries: u64,
+
+    execute_locked_bundles_elapsed_us: u64,
+
+    execution_results_ok: u64,
+    execution_results_poh_max_height: u64,
+    execution_results_transaction_failures: u64,
+    execution_results_exceeds_cost_model: u64,
+    execution_results_tip_errors: u64,
+    execution_results_max_retries: u64,
+
+    bad_argument: u64,
+}
+
+impl BundleStageStats {
+    pub fn new(id: u32, slot: Slot) -> BundleStageStats {
+        BundleStageStats {
+            id,
+            slot,
+            is_reported: false,
+            ..BundleStageStats::default()
+        }
+    }
+
+    /// Returns `Some(self.slot)` if the metrics have been reported, otherwise returns None
+    fn reported_slot(&self) -> Option<Slot> {
+        if self.is_reported {
+            Some(self.slot)
+        } else {
+            None
+        }
+    }
+
+    pub fn report(&mut self) {
+        self.is_reported = true;
+
+        datapoint_info!(
+            "bundle_stage-stats",
+            ("id", self.id, i64),
+            ("slot", self.slot, i64),
+            ("num_sanitized_ok", self.sanitize_transaction_ok, i64),
+            (
+                "sanitize_transaction_vote_only_mode",
+                self.sanitize_transaction_vote_only_mode,
+                i64
+            ),
+            (
+                "sanitize_transaction_blacklisted_account",
+                self.sanitize_transaction_blacklisted_account,
+                i64
+            ),
+            (
+                "sanitize_transaction_failed_to_serialize",
+                self.sanitize_transaction_failed_to_serialize,
+                i64
+            ),
+            (
+                "sanitize_transaction_duplicate_transaction",
+                self.sanitize_transaction_duplicate_transaction,
+                i64
+            ),
+            (
+                "sanitize_transaction_failed_check",
+                self.sanitize_transaction_failed_check,
+                i64
+            ),
+            (
+                "sanitize_bundle_elapsed_us",
+                self.sanitize_bundle_elapsed_us,
+                i64
+            ),
+            (
+                "sanitize_transaction_failed_empty_batch",
+                self.sanitize_transaction_failed_empty_batch,
+                i64
+            ),
+            (
+                "sanitize_transaction_failed_too_many_packets",
+                self.sanitize_transaction_failed_too_many_packets,
+                i64
+            ),
+            (
+                "sanitize_transaction_failed_marked_discard",
+                self.sanitize_transaction_failed_marked_discard,
+                i64
+            ),
+            (
+                "sanitize_transaction_failed_sig_verify_failed",
+                self.sanitize_transaction_failed_sig_verify_failed,
+                i64
+            ),
+            (
+                "locked_bundle_elapsed_us",
+                self.locked_bundle_elapsed_us,
+                i64
+            ),
+            ("num_lock_errors", self.num_lock_errors, i64),
+            (
+                "num_init_tip_account_errors",
+                self.num_init_tip_account_errors,
+                i64
+            ),
+            ("num_init_tip_account_ok", self.num_init_tip_account_ok, i64),
+            (
+                "num_change_tip_receiver_errors",
+                self.num_change_tip_receiver_errors,
+                i64
+            ),
+            (
+                "num_change_tip_receiver_ok",
+                self.num_change_tip_receiver_ok,
+                i64
+            ),
+            (
+                "change_tip_receiver_elapsed_us",
+                self.change_tip_receiver_elapsed_us,
+                i64
+            ),
+            ("num_execution_timeouts", self.num_execution_timeouts, i64),
+            ("num_execution_retries", self.num_execution_retries, i64),
+            (
+                "execute_locked_bundles_elapsed_us",
+                self.execute_locked_bundles_elapsed_us,
+                i64
+            ),
+            ("execution_results_ok", self.execution_results_ok, i64),
+            (
+                "execution_results_poh_max_height",
+                self.execution_results_poh_max_height,
+                i64
+            ),
+            (
+                "execution_results_transaction_failures",
+                self.execution_results_transaction_failures,
+                i64
+            ),
+            (
+                "execution_results_exceeds_cost_model",
+                self.execution_results_exceeds_cost_model,
+                i64
+            ),
+            (
+                "execution_results_tip_errors",
+                self.execution_results_tip_errors,
+                i64
+            ),
+            (
+                "execution_results_max_retries",
+                self.execution_results_max_retries,
+                i64
+            ),
+            ("bad_argument", self.bad_argument, i64)
+        );
+    }
+}
diff --git a/core/src/bundle_stage/committer.rs b/core/src/bundle_stage/committer.rs
new file mode 100644
index 0000000000..03db5694a4
--- /dev/null
+++ b/core/src/bundle_stage/committer.rs
@@ -0,0 +1,227 @@
+use {
+    crate::banking_stage::{
+        committer::CommitTransactionDetails,
+        leader_slot_timing_metrics::LeaderExecuteAndCommitTimings,
+    },
+    solana_bundle::bundle_execution::LoadAndExecuteBundleOutput,
+    solana_ledger::blockstore_processor::TransactionStatusSender,
+    solana_measure::measure_us,
+    solana_runtime::{
+        bank::{Bank, ExecutedTransactionCounts, TransactionBalances, TransactionBalancesSet},
+        bank_utils,
+        prioritization_fee_cache::PrioritizationFeeCache,
+        vote_sender_types::ReplayVoteSender,
+    },
+    solana_sdk::{hash::Hash, saturating_add_assign, transaction::SanitizedTransaction},
+    solana_svm::transaction_results::TransactionResults,
+    solana_transaction_status::{
+        token_balances::{TransactionTokenBalances, TransactionTokenBalancesSet},
+        PreBalanceInfo,
+    },
+    std::sync::Arc,
+};
+
+#[derive(Clone, Debug, Default, PartialEq, Eq)]
+pub struct CommitBundleDetails {
+    pub commit_transaction_details: Vec<Vec<CommitTransactionDetails>>,
+}
+
+pub struct Committer {
+    transaction_status_sender: Option<TransactionStatusSender>,
+    replay_vote_sender: ReplayVoteSender,
+    prioritization_fee_cache: Arc<PrioritizationFeeCache>,
+}
+
+impl Committer {
+    pub fn new(
+        transaction_status_sender: Option<TransactionStatusSender>,
+        replay_vote_sender: ReplayVoteSender,
+        prioritization_fee_cache: Arc<PrioritizationFeeCache>,
+    ) -> Self {
+        Self {
+            transaction_status_sender,
+            replay_vote_sender,
+            prioritization_fee_cache,
+        }
+    }
+
+    pub(crate) fn transaction_status_sender_enabled(&self) -> bool {
+        self.transaction_status_sender.is_some()
+    }
+
+    /// Very similar to Committer::commit_transactions, but works with bundles.
+    /// The main difference is there's multiple non-parallelizable transaction vectors to commit
+    /// and post-balances are collected after execution instead of from the bank in Self::collect_balances_and_send_status_batch.
+    #[allow(clippy::too_many_arguments)]
+    pub(crate) fn commit_bundle<'a>(
+        &self,
+        bundle_execution_output: &'a mut LoadAndExecuteBundleOutput<'a>,
+        last_blockhash: Hash,
+        lamports_per_signature: u64,
+        mut starting_transaction_index: Option<usize>,
+        bank: &Arc<Bank>,
+        execute_and_commit_timings: &mut LeaderExecuteAndCommitTimings,
+    ) -> (u64, CommitBundleDetails) {
+        let transaction_output = bundle_execution_output.bundle_transaction_results_mut();
+
+        let (commit_transaction_details, commit_times): (Vec<_>, Vec<_>) = transaction_output
+            .iter_mut()
+            .map(|bundle_results| {
+                let executed_transactions_count = bundle_results
+                    .load_and_execute_transactions_output()
+                    .executed_transactions_count
+                    as u64;
+
+                let executed_non_vote_transactions_count = bundle_results
+                    .load_and_execute_transactions_output()
+                    .executed_non_vote_transactions_count
+                    as u64;
+
+                let executed_with_failure_result_count = bundle_results
+                    .load_and_execute_transactions_output()
+                    .executed_transactions_count
+                    .saturating_sub(
+                        bundle_results
+                            .load_and_execute_transactions_output()
+                            .executed_with_successful_result_count,
+                    ) as u64;
+
+                let signature_count = bundle_results
+                    .load_and_execute_transactions_output()
+                    .signature_count;
+
+                let sanitized_transactions = bundle_results.transactions().to_vec();
+                let execution_results = bundle_results.execution_results().to_vec();
+
+                let loaded_transactions = bundle_results.loaded_transactions_mut();
+                debug!("loaded_transactions: {:?}", loaded_transactions);
+
+                let (tx_results, commit_time_us) = measure_us!(bank.commit_transactions(
+                    &sanitized_transactions,
+                    loaded_transactions,
+                    execution_results,
+                    last_blockhash,
+                    lamports_per_signature,
+                    ExecutedTransactionCounts {
+                        executed_transactions_count,
+                        executed_non_vote_transactions_count,
+                        executed_with_failure_result_count,
+                        signature_count,
+                    },
+                    &mut execute_and_commit_timings.execute_timings,
+                ));
+
+                let commit_transaction_statuses: Vec<_> = tx_results
+                    .execution_results
+                    .iter()
+                    .zip(tx_results.loaded_accounts_stats.iter())
+                    .map(|(execution_result, loaded_accounts_stats)| {
+                        match execution_result.details() {
+                            // reports actual execution CUs, and actual loaded accounts size for
+                            // transaction committed to block. qos_service uses these information to adjust
+                            // reserved block space.
+                            Some(details) => CommitTransactionDetails::Committed {
+                                compute_units: details.executed_units,
+                                loaded_accounts_data_size: loaded_accounts_stats
+                                    .as_ref()
+                                    .map_or(0, |stats| stats.loaded_accounts_data_size),
+                            },
+                            None => CommitTransactionDetails::NotCommitted,
+                        }
+                    })
+                    .collect();
+
+                let ((), find_and_send_votes_us) = measure_us!({
+                    bank_utils::find_and_send_votes(
+                        &sanitized_transactions,
+                        &tx_results,
+                        Some(&self.replay_vote_sender),
+                    );
+
+                    let post_balance_info = bundle_results.post_balance_info().clone();
+                    let pre_balance_info = bundle_results.pre_balance_info();
+
+                    let num_committed = tx_results
+                        .execution_results
+                        .iter()
+                        .filter(|r| r.was_executed())
+                        .count();
+
+                    self.collect_balances_and_send_status_batch(
+                        tx_results,
+                        bank,
+                        sanitized_transactions,
+                        pre_balance_info,
+                        post_balance_info,
+                        starting_transaction_index,
+                    );
+
+                    // NOTE: we're doing batched records, so we need to increment the poh starting_transaction_index
+                    // by number committed so the next batch will have the correct starting_transaction_index
+                    starting_transaction_index =
+                        starting_transaction_index.map(|starting_transaction_index| {
+                            starting_transaction_index.saturating_add(num_committed)
+                        });
+
+                    self.prioritization_fee_cache
+                        .update(bank, bundle_results.executed_transactions().into_iter());
+                });
+                saturating_add_assign!(
+                    execute_and_commit_timings.find_and_send_votes_us,
+                    find_and_send_votes_us
+                );
+
+                (commit_transaction_statuses, commit_time_us)
+            })
+            .unzip();
+
+        (
+            commit_times.iter().sum(),
+            CommitBundleDetails {
+                commit_transaction_details,
+            },
+        )
+    }
+
+    fn collect_balances_and_send_status_batch(
+        &self,
+        tx_results: TransactionResults,
+        bank: &Arc<Bank>,
+        sanitized_transactions: Vec<SanitizedTransaction>,
+        pre_balance_info: &mut PreBalanceInfo,
+        (post_balances, post_token_balances): (TransactionBalances, TransactionTokenBalances),
+        starting_transaction_index: Option<usize>,
+    ) {
+        if let Some(transaction_status_sender) = &self.transaction_status_sender {
+            let mut transaction_index = starting_transaction_index.unwrap_or_default();
+            let batch_transaction_indexes: Vec<_> = tx_results
+                .execution_results
+                .iter()
+                .map(|result| {
+                    if result.was_executed() {
+                        let this_transaction_index = transaction_index;
+                        saturating_add_assign!(transaction_index, 1);
+                        this_transaction_index
+                    } else {
+                        0
+                    }
+                })
+                .collect();
+            transaction_status_sender.send_transaction_status_batch(
+                bank.clone(),
+                sanitized_transactions,
+                tx_results.execution_results,
+                TransactionBalancesSet::new(
+                    std::mem::take(&mut pre_balance_info.native),
+                    post_balances,
+                ),
+                TransactionTokenBalancesSet::new(
+                    std::mem::take(&mut pre_balance_info.token),
+                    post_token_balances,
+                ),
+                tx_results.rent_debits,
+                batch_transaction_indexes,
+            );
+        }
+    }
+}
diff --git a/core/src/bundle_stage/result.rs b/core/src/bundle_stage/result.rs
new file mode 100644
index 0000000000..3370251791
--- /dev/null
+++ b/core/src/bundle_stage/result.rs
@@ -0,0 +1,41 @@
+use {
+    crate::{
+        bundle_stage::bundle_account_locker::BundleAccountLockerError, tip_manager::TipPaymentError,
+    },
+    anchor_lang::error::Error,
+    solana_bundle::bundle_execution::LoadAndExecuteBundleError,
+    solana_poh::poh_recorder::PohRecorderError,
+    thiserror::Error,
+};
+
+pub type BundleExecutionResult<T> = Result<T, BundleExecutionError>;
+
+#[derive(Error, Debug, Clone)]
+pub enum BundleExecutionError {
+    #[error("PoH record error: {0}")]
+    PohRecordError(#[from] PohRecorderError),
+
+    #[error("Bank is done processing")]
+    BankProcessingDone,
+
+    #[error("Execution error: {0}")]
+    ExecutionError(#[from] LoadAndExecuteBundleError),
+
+    #[error("The bundle exceeds the cost model")]
+    ExceedsCostModel,
+
+    #[error("Tip error {0}")]
+    TipError(#[from] TipPaymentError),
+
+    #[error("Error locking bundle")]
+    LockError(#[from] BundleAccountLockerError),
+}
+
+impl From<anchor_lang::error::Error> for TipPaymentError {
+    fn from(anchor_err: Error) -> Self {
+        match anchor_err {
+            Error::AnchorError(e) => Self::AnchorError(e.error_msg),
+            Error::ProgramError(e) => Self::AnchorError(e.to_string()),
+        }
+    }
+}
diff --git a/core/src/consensus_cache_updater.rs b/core/src/consensus_cache_updater.rs
new file mode 100644
index 0000000000..e1dc137ba0
--- /dev/null
+++ b/core/src/consensus_cache_updater.rs
@@ -0,0 +1,52 @@
+use {
+    solana_runtime::bank::Bank,
+    solana_sdk::{clock::Epoch, pubkey::Pubkey},
+    std::collections::HashSet,
+};
+
+#[derive(Default)]
+pub(crate) struct ConsensusCacheUpdater {
+    last_epoch_updated: Epoch,
+    consensus_accounts_cache: HashSet<Pubkey>,
+}
+
+impl ConsensusCacheUpdater {
+    pub(crate) fn consensus_accounts_cache(&self) -> &HashSet<Pubkey> {
+        &self.consensus_accounts_cache
+    }
+
+    /// Builds a HashSet of all consensus related accounts for the Bank's epoch
+    fn get_consensus_accounts(bank: &Bank) -> HashSet<Pubkey> {
+        let mut consensus_accounts: HashSet<Pubkey> = HashSet::new();
+        if let Some(epoch_stakes) = bank.epoch_stakes(bank.epoch()) {
+            // votes use the following accounts:
+            // - vote_account pubkey: writeable
+            // - authorized_voter_pubkey: read-only
+            // - node_keypair pubkey: payer (writeable)
+            let node_id_vote_accounts = epoch_stakes.node_id_to_vote_accounts();
+
+            let vote_accounts = node_id_vote_accounts
+                .values()
+                .flat_map(|v| v.vote_accounts.clone());
+
+            // vote_account
+            consensus_accounts.extend(vote_accounts);
+            // authorized_voter_pubkey
+            consensus_accounts.extend(epoch_stakes.epoch_authorized_voters().keys());
+            // node_keypair
+            consensus_accounts.extend(epoch_stakes.node_id_to_vote_accounts().keys());
+        }
+        consensus_accounts
+    }
+
+    /// Updates consensus-related accounts on epoch boundaries
+    pub(crate) fn maybe_update(&mut self, bank: &Bank) -> bool {
+        if bank.epoch() > self.last_epoch_updated {
+            self.consensus_accounts_cache = Self::get_consensus_accounts(bank);
+            self.last_epoch_updated = bank.epoch();
+            true
+        } else {
+            false
+        }
+    }
+}
diff --git a/core/src/immutable_deserialized_bundle.rs b/core/src/immutable_deserialized_bundle.rs
new file mode 100644
index 0000000000..aa1c395f24
--- /dev/null
+++ b/core/src/immutable_deserialized_bundle.rs
@@ -0,0 +1,488 @@
+use {
+    crate::{
+        banking_stage::immutable_deserialized_packet::ImmutableDeserializedPacket,
+        packet_bundle::PacketBundle,
+    },
+    solana_perf::sigverify::verify_packet,
+    solana_runtime::bank::Bank,
+    solana_sdk::{
+        bundle::SanitizedBundle, clock::MAX_PROCESSING_AGE, pubkey::Pubkey, signature::Signature,
+        transaction::SanitizedTransaction,
+    },
+    solana_svm::transaction_error_metrics::TransactionErrorMetrics,
+    std::{
+        collections::{hash_map::RandomState, HashSet},
+        iter::repeat,
+    },
+    thiserror::Error,
+};
+
+#[derive(Debug, Error, Eq, PartialEq)]
+pub enum DeserializedBundleError {
+    #[error("FailedToSerializePacket")]
+    FailedToSerializePacket,
+
+    #[error("EmptyBatch")]
+    EmptyBatch,
+
+    #[error("TooManyPackets")]
+    TooManyPackets,
+
+    #[error("MarkedDiscard")]
+    MarkedDiscard,
+
+    #[error("SignatureVerificationFailure")]
+    SignatureVerificationFailure,
+
+    #[error("Bank is in vote-only mode")]
+    VoteOnlyMode,
+
+    #[error("Bundle mentions blacklisted account")]
+    BlacklistedAccount,
+
+    #[error("Bundle contains a transaction that failed to serialize")]
+    FailedToSerializeTransaction,
+
+    #[error("Bundle contains a duplicate transaction")]
+    DuplicateTransaction,
+
+    #[error("Bundle failed check_transactions")]
+    FailedCheckTransactions,
+}
+
+#[derive(Debug, PartialEq, Eq)]
+pub struct ImmutableDeserializedBundle {
+    bundle_id: String,
+    packets: Vec<ImmutableDeserializedPacket>,
+}
+
+impl ImmutableDeserializedBundle {
+    pub fn new(
+        bundle: &mut PacketBundle,
+        max_len: Option<usize>,
+    ) -> Result<Self, DeserializedBundleError> {
+        // Checks: non-zero, less than some length, marked for discard, signature verification failed, failed to sanitize to
+        // ImmutableDeserializedPacket
+        if bundle.batch.is_empty() {
+            return Err(DeserializedBundleError::EmptyBatch);
+        }
+        if max_len
+            .map(|max_len| bundle.batch.len() > max_len)
+            .unwrap_or(false)
+        {
+            return Err(DeserializedBundleError::TooManyPackets);
+        }
+        if bundle.batch.iter().any(|p| p.meta().discard()) {
+            return Err(DeserializedBundleError::MarkedDiscard);
+        }
+        if bundle.batch.iter_mut().any(|p| !verify_packet(p, false)) {
+            return Err(DeserializedBundleError::SignatureVerificationFailure);
+        }
+
+        let immutable_packets: Vec<_> = bundle
+            .batch
+            .iter()
+            .filter_map(|p| ImmutableDeserializedPacket::new(p.clone()).ok())
+            .collect();
+
+        if bundle.batch.len() != immutable_packets.len() {
+            return Err(DeserializedBundleError::FailedToSerializePacket);
+        }
+
+        Ok(Self {
+            bundle_id: bundle.bundle_id.clone(),
+            packets: immutable_packets,
+        })
+    }
+
+    #[allow(clippy::len_without_is_empty)]
+    pub fn len(&self) -> usize {
+        self.packets.len()
+    }
+
+    pub fn bundle_id(&self) -> &str {
+        &self.bundle_id
+    }
+
+    /// A bundle has the following requirements:
+    /// - all transactions must be sanitiz-able
+    /// - no duplicate signatures
+    /// - must not contain a blacklisted account
+    /// - can't already be processed or contain a bad blockhash
+    pub fn build_sanitized_bundle(
+        &self,
+        bank: &Bank,
+        blacklisted_accounts: &HashSet<Pubkey>,
+        transaction_error_metrics: &mut TransactionErrorMetrics,
+    ) -> Result<SanitizedBundle, DeserializedBundleError> {
+        if bank.vote_only_bank() {
+            return Err(DeserializedBundleError::VoteOnlyMode);
+        }
+
+        let transactions: Vec<SanitizedTransaction> = self
+            .packets
+            .iter()
+            .filter_map(|p| {
+                p.build_sanitized_transaction(
+                    bank.vote_only_bank(),
+                    bank,
+                    bank.get_reserved_account_keys(),
+                )
+            })
+            .collect();
+
+        if self.packets.len() != transactions.len() {
+            return Err(DeserializedBundleError::FailedToSerializeTransaction);
+        }
+
+        let unique_signatures: HashSet<&Signature, RandomState> =
+            HashSet::from_iter(transactions.iter().map(|tx| tx.signature()));
+        if unique_signatures.len() != transactions.len() {
+            return Err(DeserializedBundleError::DuplicateTransaction);
+        }
+
+        let contains_blacklisted_account = transactions.iter().any(|tx| {
+            tx.message()
+                .account_keys()
+                .iter()
+                .any(|acc| blacklisted_accounts.contains(acc))
+        });
+
+        if contains_blacklisted_account {
+            return Err(DeserializedBundleError::BlacklistedAccount);
+        }
+
+        // assume everything locks okay to check for already-processed transaction or expired/invalid blockhash
+        let lock_results: Vec<_> = repeat(Ok(())).take(transactions.len()).collect();
+        let check_results = bank.check_transactions(
+            &transactions,
+            &lock_results,
+            MAX_PROCESSING_AGE,
+            transaction_error_metrics,
+        );
+
+        if check_results.iter().any(|r| r.is_err()) {
+            return Err(DeserializedBundleError::FailedCheckTransactions);
+        }
+
+        Ok(SanitizedBundle {
+            transactions,
+            bundle_id: self.bundle_id.clone(),
+        })
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use {
+        crate::{
+            immutable_deserialized_bundle::{DeserializedBundleError, ImmutableDeserializedBundle},
+            packet_bundle::PacketBundle,
+        },
+        solana_client::rpc_client::SerializableTransaction,
+        solana_ledger::genesis_utils::create_genesis_config,
+        solana_perf::packet::PacketBatch,
+        solana_runtime::{
+            bank::{Bank, NewBankOptions},
+            genesis_utils::GenesisConfigInfo,
+        },
+        solana_sdk::{
+            hash::Hash,
+            packet::Packet,
+            pubkey::Pubkey,
+            signature::{Keypair, Signer},
+            system_transaction::transfer,
+        },
+        solana_svm::transaction_error_metrics::TransactionErrorMetrics,
+        std::{collections::HashSet, sync::Arc},
+    };
+    /// Happy case
+    #[test]
+    fn test_simple_get_sanitized_bundle() {
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (bank, _) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let kp = Keypair::new();
+
+        let tx0 = transfer(&mint_keypair, &kp.pubkey(), 500, genesis_config.hash());
+
+        let tx1 = transfer(&mint_keypair, &kp.pubkey(), 501, genesis_config.hash());
+
+        let bundle = ImmutableDeserializedBundle::new(
+            &mut PacketBundle {
+                batch: PacketBatch::new(vec![
+                    Packet::from_data(None, &tx0).unwrap(),
+                    Packet::from_data(None, &tx1).unwrap(),
+                ]),
+                bundle_id: String::default(),
+            },
+            None,
+        )
+        .unwrap();
+
+        let mut transaction_errors = TransactionErrorMetrics::default();
+        let sanitized_bundle = bundle
+            .build_sanitized_bundle(&bank, &HashSet::default(), &mut transaction_errors)
+            .unwrap();
+        assert_eq!(sanitized_bundle.transactions.len(), 2);
+        assert_eq!(
+            sanitized_bundle.transactions[0].signature(),
+            tx0.get_signature()
+        );
+        assert_eq!(
+            sanitized_bundle.transactions[1].signature(),
+            tx1.get_signature()
+        );
+    }
+
+    #[test]
+    fn test_empty_batch_fails_to_init() {
+        assert_eq!(
+            ImmutableDeserializedBundle::new(
+                &mut PacketBundle {
+                    batch: PacketBatch::new(vec![]),
+                    bundle_id: String::default(),
+                },
+                None,
+            ),
+            Err(DeserializedBundleError::EmptyBatch)
+        );
+    }
+
+    #[test]
+    fn test_too_many_packets_fails_to_init() {
+        let kp = Keypair::new();
+
+        assert_eq!(
+            ImmutableDeserializedBundle::new(
+                &mut PacketBundle {
+                    batch: PacketBatch::new(
+                        (0..10)
+                            .map(|i| {
+                                Packet::from_data(
+                                    None,
+                                    transfer(&kp, &kp.pubkey(), i, Hash::default()),
+                                )
+                                .unwrap()
+                            })
+                            .collect()
+                    ),
+                    bundle_id: String::default(),
+                },
+                Some(5),
+            ),
+            Err(DeserializedBundleError::TooManyPackets)
+        );
+    }
+
+    #[test]
+    fn test_packets_marked_discard_fails_to_init() {
+        let kp = Keypair::new();
+
+        let mut packet =
+            Packet::from_data(None, transfer(&kp, &kp.pubkey(), 100, Hash::default())).unwrap();
+        packet.meta_mut().set_discard(true);
+
+        assert_eq!(
+            ImmutableDeserializedBundle::new(
+                &mut PacketBundle {
+                    batch: PacketBatch::new(vec![packet]),
+                    bundle_id: String::default(),
+                },
+                Some(5),
+            ),
+            Err(DeserializedBundleError::MarkedDiscard)
+        );
+    }
+
+    #[test]
+    fn test_bad_signature_fails_to_init() {
+        let kp0 = Keypair::new();
+        let kp1 = Keypair::new();
+
+        let mut tx0 = transfer(&kp0, &kp0.pubkey(), 100, Hash::default());
+        let tx1 = transfer(&kp1, &kp0.pubkey(), 100, Hash::default());
+        tx0.signatures = tx1.signatures;
+
+        assert_eq!(
+            ImmutableDeserializedBundle::new(
+                &mut PacketBundle {
+                    batch: PacketBatch::new(vec![Packet::from_data(None, tx0).unwrap()]),
+                    bundle_id: String::default(),
+                },
+                None
+            ),
+            Err(DeserializedBundleError::SignatureVerificationFailure)
+        );
+    }
+
+    #[test]
+    fn test_vote_only_bank_fails_to_build() {
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (parent, _) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+        let vote_only_bank = Arc::new(Bank::new_from_parent_with_options(
+            parent,
+            &Pubkey::new_unique(),
+            1,
+            NewBankOptions {
+                vote_only_bank: true,
+            },
+        ));
+
+        let kp = Keypair::new();
+
+        let tx0 = transfer(&mint_keypair, &kp.pubkey(), 500, genesis_config.hash());
+
+        let bundle = ImmutableDeserializedBundle::new(
+            &mut PacketBundle {
+                batch: PacketBatch::new(vec![Packet::from_data(None, tx0).unwrap()]),
+                bundle_id: String::default(),
+            },
+            None,
+        )
+        .unwrap();
+
+        let mut transaction_errors = TransactionErrorMetrics::default();
+        assert_matches!(
+            bundle.build_sanitized_bundle(
+                &vote_only_bank,
+                &HashSet::default(),
+                &mut transaction_errors
+            ),
+            Err(DeserializedBundleError::VoteOnlyMode)
+        );
+    }
+
+    #[test]
+    fn test_duplicate_signature_fails_to_build() {
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (bank, _) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let kp = Keypair::new();
+
+        let tx0 = transfer(&mint_keypair, &kp.pubkey(), 500, genesis_config.hash());
+
+        let bundle = ImmutableDeserializedBundle::new(
+            &mut PacketBundle {
+                batch: PacketBatch::new(vec![
+                    Packet::from_data(None, &tx0).unwrap(),
+                    Packet::from_data(None, &tx0).unwrap(),
+                ]),
+                bundle_id: String::default(),
+            },
+            None,
+        )
+        .unwrap();
+
+        let mut transaction_errors = TransactionErrorMetrics::default();
+        assert_matches!(
+            bundle.build_sanitized_bundle(&bank, &HashSet::default(), &mut transaction_errors),
+            Err(DeserializedBundleError::DuplicateTransaction)
+        );
+    }
+
+    #[test]
+    fn test_blacklisted_account_fails_to_build() {
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (bank, _) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let kp = Keypair::new();
+
+        let tx0 = transfer(&mint_keypair, &kp.pubkey(), 500, genesis_config.hash());
+
+        let bundle = ImmutableDeserializedBundle::new(
+            &mut PacketBundle {
+                batch: PacketBatch::new(vec![Packet::from_data(None, tx0).unwrap()]),
+                bundle_id: String::default(),
+            },
+            None,
+        )
+        .unwrap();
+
+        let mut transaction_errors = TransactionErrorMetrics::default();
+        assert_matches!(
+            bundle.build_sanitized_bundle(
+                &bank,
+                &HashSet::from([kp.pubkey()]),
+                &mut transaction_errors
+            ),
+            Err(DeserializedBundleError::BlacklistedAccount)
+        );
+    }
+
+    #[test]
+    fn test_already_processed_tx_fails_to_build() {
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (bank, _bank_forks) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let kp = Keypair::new();
+
+        let tx0 = transfer(&mint_keypair, &kp.pubkey(), 500, genesis_config.hash());
+
+        bank.process_transaction(&tx0).unwrap();
+
+        let bundle = ImmutableDeserializedBundle::new(
+            &mut PacketBundle {
+                batch: PacketBatch::new(vec![Packet::from_data(None, tx0).unwrap()]),
+                bundle_id: String::default(),
+            },
+            None,
+        )
+        .unwrap();
+
+        let mut transaction_errors = TransactionErrorMetrics::default();
+        assert_matches!(
+            bundle.build_sanitized_bundle(&bank, &HashSet::default(), &mut transaction_errors),
+            Err(DeserializedBundleError::FailedCheckTransactions)
+        );
+    }
+
+    #[test]
+    fn test_bad_blockhash_fails_to_build() {
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(10_000);
+        let (bank, _) = Bank::new_no_wallclock_throttle_for_tests(&genesis_config);
+
+        let kp = Keypair::new();
+
+        let tx0 = transfer(&mint_keypair, &kp.pubkey(), 500, Hash::default());
+
+        let bundle = ImmutableDeserializedBundle::new(
+            &mut PacketBundle {
+                batch: PacketBatch::new(vec![Packet::from_data(None, tx0).unwrap()]),
+                bundle_id: String::default(),
+            },
+            None,
+        )
+        .unwrap();
+
+        let mut transaction_errors = TransactionErrorMetrics::default();
+        assert_matches!(
+            bundle.build_sanitized_bundle(&bank, &HashSet::default(), &mut transaction_errors),
+            Err(DeserializedBundleError::FailedCheckTransactions)
+        );
+    }
+}
diff --git a/core/src/lib.rs b/core/src/lib.rs
index fc1473e125..d4c2879f73 100644
--- a/core/src/lib.rs
+++ b/core/src/lib.rs
@@ -13,20 +13,25 @@ pub mod admin_rpc_post_init;
 pub mod banking_simulation;
 pub mod banking_stage;
 pub mod banking_trace;
+pub mod bundle_stage;
 pub mod cache_block_meta_service;
 pub mod cluster_info_vote_listener;
 pub mod cluster_slots_service;
 pub mod commitment_service;
 pub mod completed_data_sets_service;
 pub mod consensus;
+pub mod consensus_cache_updater;
 pub mod cost_update_service;
 pub mod drop_bank_service;
 pub mod fetch_stage;
 pub mod gen_keys;
+pub mod immutable_deserialized_bundle;
 pub mod next_leader;
 pub mod optimistic_confirmation_verifier;
+pub mod packet_bundle;
 pub mod poh_timing_report_service;
 pub mod poh_timing_reporter;
+pub mod proxy;
 pub mod repair;
 pub mod replay_stage;
 mod result;
@@ -38,6 +43,7 @@ pub mod snapshot_packager_service;
 pub mod staked_nodes_updater_service;
 pub mod stats_reporter_service;
 pub mod system_monitor_service;
+pub mod tip_manager;
 pub mod tpu;
 mod tpu_entry_notifier;
 pub mod tracer_packet_stats;
@@ -65,3 +71,41 @@ extern crate solana_frozen_abi_macro;
 #[cfg(test)]
 #[macro_use]
 extern crate assert_matches;
+
+use {
+    solana_sdk::packet::{Meta, Packet, PacketFlags, PACKET_DATA_SIZE},
+    std::{
+        cmp::min,
+        net::{IpAddr, Ipv4Addr},
+    },
+};
+
+const UNKNOWN_IP: IpAddr = IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0));
+
+// NOTE: last profiled at around 180ns
+pub fn proto_packet_to_packet(p: jito_protos::proto::packet::Packet) -> Packet {
+    let mut data = [0; PACKET_DATA_SIZE];
+    let copy_len = min(data.len(), p.data.len());
+    data[..copy_len].copy_from_slice(&p.data[..copy_len]);
+    let mut packet = Packet::new(data, Meta::default());
+    if let Some(meta) = p.meta {
+        packet.meta_mut().size = meta.size as usize;
+        packet.meta_mut().addr = meta.addr.parse().unwrap_or(UNKNOWN_IP);
+        packet.meta_mut().port = meta.port as u16;
+        if let Some(flags) = meta.flags {
+            if flags.simple_vote_tx {
+                packet.meta_mut().flags.insert(PacketFlags::SIMPLE_VOTE_TX);
+            }
+            if flags.forwarded {
+                packet.meta_mut().flags.insert(PacketFlags::FORWARDED);
+            }
+            if flags.tracer_packet {
+                packet.meta_mut().flags.insert(PacketFlags::TRACER_PACKET);
+            }
+            if flags.repair {
+                packet.meta_mut().flags.insert(PacketFlags::REPAIR);
+            }
+        }
+    }
+    packet
+}
diff --git a/core/src/packet_bundle.rs b/core/src/packet_bundle.rs
new file mode 100644
index 0000000000..2158f37414
--- /dev/null
+++ b/core/src/packet_bundle.rs
@@ -0,0 +1,7 @@
+use solana_perf::packet::PacketBatch;
+
+#[derive(Clone, Debug)]
+pub struct PacketBundle {
+    pub batch: PacketBatch,
+    pub bundle_id: String,
+}
diff --git a/core/src/proxy/auth.rs b/core/src/proxy/auth.rs
new file mode 100644
index 0000000000..39821e12ef
--- /dev/null
+++ b/core/src/proxy/auth.rs
@@ -0,0 +1,185 @@
+use {
+    crate::proxy::ProxyError,
+    chrono::Utc,
+    jito_protos::proto::auth::{
+        auth_service_client::AuthServiceClient, GenerateAuthChallengeRequest,
+        GenerateAuthTokensRequest, RefreshAccessTokenRequest, Role, Token,
+    },
+    solana_gossip::cluster_info::ClusterInfo,
+    solana_sdk::signature::{Keypair, Signer},
+    std::{
+        sync::{Arc, Mutex},
+        time::Duration,
+    },
+    tokio::time::timeout,
+    tonic::{service::Interceptor, transport::Channel, Code, Request, Status},
+};
+
+/// Interceptor responsible for adding the access token to request headers.
+pub(crate) struct AuthInterceptor {
+    /// The token added to each request header.
+    access_token: Arc<Mutex<Token>>,
+}
+
+impl AuthInterceptor {
+    pub(crate) fn new(access_token: Arc<Mutex<Token>>) -> Self {
+        Self { access_token }
+    }
+}
+
+impl Interceptor for AuthInterceptor {
+    fn call(&mut self, mut request: Request<()>) -> Result<Request<()>, Status> {
+        request.metadata_mut().insert(
+            "authorization",
+            format!("Bearer {}", self.access_token.lock().unwrap().value)
+                .parse()
+                .unwrap(),
+        );
+
+        Ok(request)
+    }
+}
+
+/// Generates an auth challenge then generates and returns validated auth tokens.
+pub async fn generate_auth_tokens(
+    auth_service_client: &mut AuthServiceClient<Channel>,
+    // used to sign challenges
+    keypair: &Keypair,
+) -> crate::proxy::Result<(
+    Token, /* access_token */
+    Token, /* refresh_token */
+)> {
+    debug!("generate_auth_challenge");
+    let challenge_response = auth_service_client
+        .generate_auth_challenge(GenerateAuthChallengeRequest {
+            role: Role::Validator as i32,
+            pubkey: keypair.pubkey().as_ref().to_vec(),
+        })
+        .await
+        .map_err(|e: Status| {
+            if e.code() == Code::PermissionDenied {
+                ProxyError::AuthenticationPermissionDenied
+            } else {
+                ProxyError::AuthenticationError(e.to_string())
+            }
+        })?;
+
+    let formatted_challenge = format!(
+        "{}-{}",
+        keypair.pubkey(),
+        challenge_response.into_inner().challenge
+    );
+
+    let signed_challenge = keypair
+        .sign_message(formatted_challenge.as_bytes())
+        .as_ref()
+        .to_vec();
+
+    debug!(
+        "formatted_challenge: {} signed_challenge: {:?}",
+        formatted_challenge, signed_challenge
+    );
+
+    debug!("generate_auth_tokens");
+    let auth_tokens = auth_service_client
+        .generate_auth_tokens(GenerateAuthTokensRequest {
+            challenge: formatted_challenge,
+            client_pubkey: keypair.pubkey().as_ref().to_vec(),
+            signed_challenge,
+        })
+        .await
+        .map_err(|e| ProxyError::AuthenticationError(e.to_string()))?;
+
+    let inner = auth_tokens.into_inner();
+    let access_token = get_validated_token(inner.access_token)?;
+    let refresh_token = get_validated_token(inner.refresh_token)?;
+
+    Ok((access_token, refresh_token))
+}
+
+/// Tries to refresh the access token or run full-reauth if needed.
+pub async fn maybe_refresh_auth_tokens(
+    auth_service_client: &mut AuthServiceClient<Channel>,
+    access_token: &Arc<Mutex<Token>>,
+    refresh_token: &Token,
+    cluster_info: &Arc<ClusterInfo>,
+    connection_timeout: &Duration,
+    refresh_within_s: u64,
+) -> crate::proxy::Result<(
+    Option<Token>, // access token
+    Option<Token>, // refresh token
+)> {
+    let access_token_expiry: u64 = access_token
+        .lock()
+        .unwrap()
+        .expires_at_utc
+        .as_ref()
+        .map(|ts| ts.seconds as u64)
+        .unwrap_or_default();
+    let refresh_token_expiry: u64 = refresh_token
+        .expires_at_utc
+        .as_ref()
+        .map(|ts| ts.seconds as u64)
+        .unwrap_or_default();
+
+    let now = Utc::now().timestamp() as u64;
+
+    let should_refresh_access =
+        access_token_expiry.checked_sub(now).unwrap_or_default() <= refresh_within_s;
+    let should_generate_new_tokens =
+        refresh_token_expiry.checked_sub(now).unwrap_or_default() <= refresh_within_s;
+
+    if should_generate_new_tokens {
+        let kp = cluster_info.keypair().clone();
+
+        let (new_access_token, new_refresh_token) = timeout(
+            *connection_timeout,
+            generate_auth_tokens(auth_service_client, kp.as_ref()),
+        )
+        .await
+        .map_err(|_| ProxyError::MethodTimeout("generate_auth_tokens".to_string()))?
+        .map_err(|e| ProxyError::MethodError(e.to_string()))?;
+
+        return Ok((Some(new_access_token), Some(new_refresh_token)));
+    } else if should_refresh_access {
+        let new_access_token = timeout(
+            *connection_timeout,
+            refresh_access_token(auth_service_client, refresh_token),
+        )
+        .await
+        .map_err(|_| ProxyError::MethodTimeout("refresh_access_token".to_string()))?
+        .map_err(|e| ProxyError::MethodError(e.to_string()))?;
+
+        return Ok((Some(new_access_token), None));
+    }
+
+    Ok((None, None))
+}
+
+pub async fn refresh_access_token(
+    auth_service_client: &mut AuthServiceClient<Channel>,
+    refresh_token: &Token,
+) -> crate::proxy::Result<Token> {
+    let response = auth_service_client
+        .refresh_access_token(RefreshAccessTokenRequest {
+            refresh_token: refresh_token.value.clone(),
+        })
+        .await
+        .map_err(|e| ProxyError::AuthenticationError(e.to_string()))?;
+    get_validated_token(response.into_inner().access_token)
+}
+
+/// An invalid token is one where any of its fields are None or the token itself is None.
+/// Performs the necessary validations on the auth tokens before returning,
+/// i.e. it is safe to call .unwrap() on the token fields from the call-site.
+fn get_validated_token(maybe_token: Option<Token>) -> crate::proxy::Result<Token> {
+    let token = maybe_token
+        .ok_or_else(|| ProxyError::BadAuthenticationToken("received a null token".to_string()))?;
+    if token.expires_at_utc.is_none() {
+        Err(ProxyError::BadAuthenticationToken(
+            "expires_at_utc field is null".to_string(),
+        ))
+    } else {
+        Ok(token)
+    }
+}
diff --git a/core/src/proxy/block_engine_stage.rs b/core/src/proxy/block_engine_stage.rs
new file mode 100644
index 0000000000..caf45ac0d9
--- /dev/null
+++ b/core/src/proxy/block_engine_stage.rs
@@ -0,0 +1,571 @@
+//! Maintains a connection to the Block Engine.
+//!
+//! The Block Engine is responsible for the following:
+//! - Acts as a system that sends high profit bundles and transactions to a validator.
+//! - Sends transactions and bundles to the validator.
+use {
+    crate::{
+        banking_trace::BankingPacketSender,
+        packet_bundle::PacketBundle,
+        proto_packet_to_packet,
+        proxy::{
+            auth::{generate_auth_tokens, maybe_refresh_auth_tokens, AuthInterceptor},
+            ProxyError,
+        },
+    },
+    crossbeam_channel::Sender,
+    jito_protos::proto::{
+        auth::{auth_service_client::AuthServiceClient, Token},
+        block_engine::{
+            self, block_engine_validator_client::BlockEngineValidatorClient,
+            BlockBuilderFeeInfoRequest,
+        },
+    },
+    solana_gossip::cluster_info::ClusterInfo,
+    solana_perf::packet::PacketBatch,
+    solana_sdk::{
+        pubkey::Pubkey, saturating_add_assign, signature::Signer, signer::keypair::Keypair,
+    },
+    std::{
+        str::FromStr,
+        sync::{
+            atomic::{AtomicBool, Ordering},
+            Arc, Mutex,
+        },
+        thread::{self, Builder, JoinHandle},
+        time::Duration,
+    },
+    tokio::{
+        task,
+        time::{interval, sleep, timeout},
+    },
+    tonic::{
+        codegen::InterceptedService,
+        transport::{Channel, Endpoint},
+        Status, Streaming,
+    },
+};
+
+const CONNECTION_TIMEOUT_S: u64 = 10;
+const CONNECTION_BACKOFF_S: u64 = 5;
+
+#[derive(Default)]
+struct BlockEngineStageStats {
+    num_bundles: u64,
+    num_bundle_packets: u64,
+    num_packets: u64,
+    num_empty_packets: u64,
+}
+
+impl BlockEngineStageStats {
+    pub(crate) fn report(&self) {
+        datapoint_info!(
+            "block_engine_stage-stats",
+            ("num_bundles", self.num_bundles, i64),
+            ("num_bundle_packets", self.num_bundle_packets, i64),
+            ("num_packets", self.num_packets, i64),
+            ("num_empty_packets", self.num_empty_packets, i64)
+        );
+    }
+}
+
+pub struct BlockBuilderFeeInfo {
+    pub block_builder: Pubkey,
+    pub block_builder_commission: u64,
+}
+
+#[derive(Clone, Debug, Default, PartialEq, Eq)]
+pub struct BlockEngineConfig {
+    /// Block Engine URL
+    pub block_engine_url: String,
+
+    /// If set then it will be assumed the backend verified packets so signature verification will be bypassed in the validator.
+    pub trust_packets: bool,
+}
+
+pub struct BlockEngineStage {
+    t_hdls: Vec<JoinHandle<()>>,
+}
+
+impl BlockEngineStage {
+    pub fn new(
+        block_engine_config: Arc<Mutex<BlockEngineConfig>>,
+        // Channel that bundles get piped through.
+        bundle_tx: Sender<Vec<PacketBundle>>,
+        // The keypair stored here is used to sign auth challenges.
+        cluster_info: Arc<ClusterInfo>,
+        // Channel that non-trusted packets get piped through.
+        packet_tx: Sender<PacketBatch>,
+        // Channel that trusted packets get piped through.
+        banking_packet_sender: BankingPacketSender,
+        exit: Arc<AtomicBool>,
+        block_builder_fee_info: &Arc<Mutex<BlockBuilderFeeInfo>>,
+    ) -> Self {
+        let block_builder_fee_info = block_builder_fee_info.clone();
+
+        let thread = Builder::new()
+            .name("block-engine-stage".to_string())
+            .spawn(move || {
+                let rt = tokio::runtime::Builder::new_multi_thread()
+                    .enable_all()
+                    .build()
+                    .unwrap();
+                rt.block_on(Self::start(
+                    block_engine_config,
+                    cluster_info,
+                    bundle_tx,
+                    packet_tx,
+                    banking_packet_sender,
+                    exit,
+                    block_builder_fee_info,
+                ));
+            })
+            .unwrap();
+
+        Self {
+            t_hdls: vec![thread],
+        }
+    }
+
+    pub fn join(self) -> thread::Result<()> {
+        for t in self.t_hdls {
+            t.join()?;
+        }
+        Ok(())
+    }
+
+    #[allow(clippy::too_many_arguments)]
+    async fn start(
+        block_engine_config: Arc<Mutex<BlockEngineConfig>>,
+        cluster_info: Arc<ClusterInfo>,
+        bundle_tx: Sender<Vec<PacketBundle>>,
+        packet_tx: Sender<PacketBatch>,
+        banking_packet_sender: BankingPacketSender,
+        exit: Arc<AtomicBool>,
+        block_builder_fee_info: Arc<Mutex<BlockBuilderFeeInfo>>,
+    ) {
+        const CONNECTION_TIMEOUT: Duration = Duration::from_secs(CONNECTION_TIMEOUT_S);
+        const CONNECTION_BACKOFF: Duration = Duration::from_secs(CONNECTION_BACKOFF_S);
+        let mut error_count: u64 = 0;
+
+        while !exit.load(Ordering::Relaxed) {
+            // Wait until a valid config is supplied (either initially or by admin rpc)
+            // Use if!/else here to avoid extra CONNECTION_BACKOFF wait on successful termination
+            let local_block_engine_config = {
+                let block_engine_config = block_engine_config.clone();
+                task::spawn_blocking(move || block_engine_config.lock().unwrap().clone())
+                    .await
+                    .unwrap()
+            };
+            if !Self::is_valid_block_engine_config(&local_block_engine_config) {
+                sleep(CONNECTION_BACKOFF).await;
+            } else if let Err(e) = Self::connect_auth_and_stream(
+                &local_block_engine_config,
+                &block_engine_config,
+                &cluster_info,
+                &bundle_tx,
+                &packet_tx,
+                &banking_packet_sender,
+                &exit,
+                &block_builder_fee_info,
+                &CONNECTION_TIMEOUT,
+            )
+            .await
+            {
+                match e {
+                    // This error is frequent on hot spares, and the parsed string does not work
+                    // with datapoints (incorrect escaping).
+                    ProxyError::AuthenticationPermissionDenied => {
+                        warn!("block engine permission denied. not on leader schedule. ignore if hot-spare.")
+                    }
+                    e => {
+                        error_count += 1;
+                        datapoint_warn!(
+                            "block_engine_stage-proxy_error",
+                            ("count", error_count, i64),
+                            ("error", e.to_string(), String),
+                        );
+                    }
+                }
+                sleep(CONNECTION_BACKOFF).await;
+            }
+        }
+    }
+
+    async fn connect_auth_and_stream(
+        local_block_engine_config: &BlockEngineConfig,
+        global_block_engine_config: &Arc<Mutex<BlockEngineConfig>>,
+        cluster_info: &Arc<ClusterInfo>,
+        bundle_tx: &Sender<Vec<PacketBundle>>,
+        packet_tx: &Sender<PacketBatch>,
+        banking_packet_sender: &BankingPacketSender,
+        exit: &Arc<AtomicBool>,
+        block_builder_fee_info: &Arc<Mutex<BlockBuilderFeeInfo>>,
+        connection_timeout: &Duration,
+    ) -> crate::proxy::Result<()> {
+        // Get a copy of configs here in case they have changed at runtime
+        let keypair = cluster_info.keypair().clone();
+
+        let mut backend_endpoint =
+            Endpoint::from_shared(local_block_engine_config.block_engine_url.clone())
+                .map_err(|_| {
+                    ProxyError::BlockEngineConnectionError(format!(
+                        "invalid block engine url value: {}",
+                        local_block_engine_config.block_engine_url
+                    ))
+                })?
+                .tcp_keepalive(Some(Duration::from_secs(60)));
+        if local_block_engine_config
+            .block_engine_url
+            .starts_with("https")
+        {
+            backend_endpoint = backend_endpoint
+                .tls_config(tonic::transport::ClientTlsConfig::new())
+                .map_err(|_| {
+                    ProxyError::BlockEngineConnectionError(
+                        "failed to set tls_config for block engine service".to_string(),
+                    )
+                })?;
+        }
+
+        debug!(
+            "connecting to auth: {}",
+            local_block_engine_config.block_engine_url
+        );
+        let auth_channel = timeout(*connection_timeout, backend_endpoint.connect())
+            .await
+            .map_err(|_| ProxyError::AuthenticationConnectionTimeout)?
+            .map_err(|e| ProxyError::AuthenticationConnectionError(e.to_string()))?;
+
+        let mut auth_client = AuthServiceClient::new(auth_channel);
+
+        debug!("generating authentication token");
+        let (access_token, refresh_token) = timeout(
+            *connection_timeout,
+            generate_auth_tokens(&mut auth_client, &keypair),
+        )
+        .await
+        .map_err(|_| ProxyError::AuthenticationTimeout)??;
+
+        datapoint_info!(
+            "block_engine_stage-tokens_generated",
+            ("url", local_block_engine_config.block_engine_url, String),
+            ("count", 1, i64),
+        );
+
+        debug!(
+            "connecting to block engine: {}",
+            local_block_engine_config.block_engine_url
+        );
+        let block_engine_channel = timeout(*connection_timeout, backend_endpoint.connect())
+            .await
+            .map_err(|_| ProxyError::BlockEngineConnectionTimeout)?
+            .map_err(|e| ProxyError::BlockEngineConnectionError(e.to_string()))?;
+
+        let access_token = Arc::new(Mutex::new(access_token));
+        let block_engine_client = BlockEngineValidatorClient::with_interceptor(
+            block_engine_channel,
+            AuthInterceptor::new(access_token.clone()),
+        );
+
+        Self::start_consuming_block_engine_bundles_and_packets(
+            bundle_tx,
+            block_engine_client,
+            packet_tx,
+            local_block_engine_config,
+            global_block_engine_config,
+            banking_packet_sender,
+            exit,
+            block_builder_fee_info,
+            auth_client,
+            access_token,
+            refresh_token,
+            connection_timeout,
+            keypair,
+            cluster_info,
+        )
+        .await
+    }
+
+    #[allow(clippy::too_many_arguments)]
+    async fn start_consuming_block_engine_bundles_and_packets(
+        bundle_tx: &Sender<Vec<PacketBundle>>,
+        mut client: BlockEngineValidatorClient<InterceptedService<Channel, AuthInterceptor>>,
+        packet_tx: &Sender<PacketBatch>,
+        local_config: &BlockEngineConfig, // local copy of config with current connections
+        global_config: &Arc<Mutex<BlockEngineConfig>>, // guarded reference for detecting run-time updates
+        banking_packet_sender: &BankingPacketSender,
+        exit: &Arc<AtomicBool>,
+        block_builder_fee_info: &Arc<Mutex<BlockBuilderFeeInfo>>,
+        auth_client: AuthServiceClient<Channel>,
+        access_token: Arc<Mutex<Token>>,
+        refresh_token: Token,
+        connection_timeout: &Duration,
+        keypair: Arc<Keypair>,
+        cluster_info: &Arc<ClusterInfo>,
+    ) -> crate::proxy::Result<()> {
+        let subscribe_packets_stream = timeout(
+            *connection_timeout,
+            client.subscribe_packets(block_engine::SubscribePacketsRequest {}),
+        )
+        .await
+        .map_err(|_| ProxyError::MethodTimeout("block_engine_subscribe_packets".to_string()))?
+        .map_err(|e| ProxyError::MethodError(e.to_string()))?
+        .into_inner();
+
+        let subscribe_bundles_stream = timeout(
+            *connection_timeout,
+            client.subscribe_bundles(block_engine::SubscribeBundlesRequest {}),
+        )
+        .await
+        .map_err(|_| ProxyError::MethodTimeout("subscribe_bundles".to_string()))?
+        .map_err(|e| ProxyError::MethodError(e.to_string()))?
+        .into_inner();
+
+        let block_builder_info = timeout(
+            *connection_timeout,
+            client.get_block_builder_fee_info(BlockBuilderFeeInfoRequest {}),
+        )
+        .await
+        .map_err(|_| ProxyError::MethodTimeout("get_block_builder_fee_info".to_string()))?
+        .map_err(|e| ProxyError::MethodError(e.to_string()))?
+        .into_inner();
+
+        {
+            let block_builder_fee_info = block_builder_fee_info.clone();
+            task::spawn_blocking(move || {
+                let mut bb_fee = block_builder_fee_info.lock().unwrap();
+                bb_fee.block_builder_commission = block_builder_info.commission;
+                if let Ok(pk) = Pubkey::from_str(&block_builder_info.pubkey) {
+                    bb_fee.block_builder = pk
+                }
+            })
+            .await
+            .unwrap();
+        }
+
+        Self::consume_bundle_and_packet_stream(
+            client,
+            (subscribe_bundles_stream, subscribe_packets_stream),
+            bundle_tx,
+            packet_tx,
+            local_config,
+            global_config,
+            banking_packet_sender,
+            exit,
+            block_builder_fee_info,
+            auth_client,
+            access_token,
+            refresh_token,
+            keypair,
+            cluster_info,
+            connection_timeout,
+        )
+        .await
+    }
+
+    #[allow(clippy::too_many_arguments)]
+    async fn consume_bundle_and_packet_stream(
+        mut client: BlockEngineValidatorClient<InterceptedService<Channel, AuthInterceptor>>,
+        (mut bundle_stream, mut packet_stream): (
+            Streaming<block_engine::SubscribeBundlesResponse>,
+            Streaming<block_engine::SubscribePacketsResponse>,
+        ),
+        bundle_tx: &Sender<Vec<PacketBundle>>,
+        packet_tx: &Sender<PacketBatch>,
+        local_config: &BlockEngineConfig, // local copy of config with current connections
+        global_config: &Arc<Mutex<BlockEngineConfig>>, // guarded reference for detecting run-time updates
+        banking_packet_sender: &BankingPacketSender,
+        exit: &Arc<AtomicBool>,
+        block_builder_fee_info: &Arc<Mutex<BlockBuilderFeeInfo>>,
+        mut auth_client: AuthServiceClient<Channel>,
+        access_token: Arc<Mutex<Token>>,
+        mut refresh_token: Token,
+        keypair: Arc<Keypair>,
+        cluster_info: &Arc<ClusterInfo>,
+        connection_timeout: &Duration,
+    ) -> crate::proxy::Result<()> {
+        const METRICS_TICK: Duration = Duration::from_secs(1);
+        const MAINTENANCE_TICK: Duration = Duration::from_secs(10 * 60);
+        let refresh_within_s: u64 = METRICS_TICK.as_secs().saturating_mul(3).saturating_div(2);
+
+        let mut num_full_refreshes: u64 = 1;
+        let mut num_refresh_access_token: u64 = 0;
+        let mut block_engine_stats = BlockEngineStageStats::default();
+        let mut metrics_and_auth_tick = interval(METRICS_TICK);
+        let mut maintenance_tick = interval(MAINTENANCE_TICK);
+
+        info!("connected to packet and bundle stream");
+
+        while !exit.load(Ordering::Relaxed) {
+            tokio::select! {
+                maybe_msg = packet_stream.message() => {
+                    let resp = maybe_msg?.ok_or(ProxyError::GrpcStreamDisconnected)?;
+                    Self::handle_block_engine_packets(resp, packet_tx, banking_packet_sender, local_config.trust_packets, &mut block_engine_stats)?;
+                }
+                maybe_bundles = bundle_stream.message() => {
+                    Self::handle_block_engine_maybe_bundles(maybe_bundles, bundle_tx, &mut block_engine_stats)?;
+                }
+                _ = metrics_and_auth_tick.tick() => {
+                    block_engine_stats.report();
+                    block_engine_stats = BlockEngineStageStats::default();
+
+                    if cluster_info.id() != keypair.pubkey() {
+                        return Err(ProxyError::AuthenticationConnectionError("validator identity changed".to_string()));
+                    }
+
+                    let global_config = global_config.clone();
+                    if *local_config != task::spawn_blocking(move || global_config.lock().unwrap().clone())
+                        .await
+                        .unwrap() {
+                        return Err(ProxyError::AuthenticationConnectionError("block engine config changed".to_string()));
+                    }
+
+                    let (maybe_new_access, maybe_new_refresh) = maybe_refresh_auth_tokens(&mut auth_client,
+                        &access_token,
+                        &refresh_token,
+                        cluster_info,
+                        connection_timeout,
+                        refresh_within_s,
+                    ).await?;
+
+                    if let Some(new_token) = maybe_new_access {
+                        num_refresh_access_token += 1;
+                        datapoint_info!(
+                            "block_engine_stage-refresh_access_token",
+                            ("url", &local_config.block_engine_url, String),
+                            ("count", num_refresh_access_token, i64),
+                        );
+
+                        let access_token = access_token.clone();
+                        task::spawn_blocking(move || *access_token.lock().unwrap() = new_token)
+                            .await
+                            .unwrap();
+                    }
+                    if let Some(new_token) = maybe_new_refresh {
+                        num_full_refreshes += 1;
+                        datapoint_info!(
+                            "block_engine_stage-tokens_generated",
+                            ("url", &local_config.block_engine_url, String),
+                            ("count", num_full_refreshes, i64),
+                        );
+                        refresh_token = new_token;
+                    }
+                }
+                _ = maintenance_tick.tick() => {
+                    let block_builder_info = timeout(
+                        *connection_timeout,
+                        client.get_block_builder_fee_info(BlockBuilderFeeInfoRequest{})
+                    )
+                    .await
+                    .map_err(|_| ProxyError::MethodTimeout("get_block_builder_fee_info".to_string()))?
+                    .map_err(|e| ProxyError::MethodError(e.to_string()))?
+                    .into_inner();
+
+                    let block_builder_fee_info = block_builder_fee_info.clone();
+                    task::spawn_blocking(move || {
+                        let mut bb_fee = block_builder_fee_info.lock().unwrap();
+                        bb_fee.block_builder_commission = block_builder_info.commission;
+                        if let Ok(pk) = Pubkey::from_str(&block_builder_info.pubkey) {
+                            bb_fee.block_builder = pk
+                        }
+                    })
+                    .await
+                    .unwrap();
+                }
+            }
+        }
+
+        Ok(())
+    }
+
+    fn handle_block_engine_maybe_bundles(
+        maybe_bundles_response: Result<Option<block_engine::SubscribeBundlesResponse>, Status>,
+        bundle_sender: &Sender<Vec<PacketBundle>>,
+        block_engine_stats: &mut BlockEngineStageStats,
+    ) -> crate::proxy::Result<()> {
+        let bundles_response = maybe_bundles_response?.ok_or(ProxyError::GrpcStreamDisconnected)?;
+        let bundles: Vec<PacketBundle> = bundles_response
+            .bundles
+            .into_iter()
+            .filter_map(|bundle| {
+                Some(PacketBundle {
+                    batch: PacketBatch::new(
+                        bundle
+                            .bundle?
+                            .packets
+                            .into_iter()
+                            .map(proto_packet_to_packet)
+                            .collect(),
+                    ),
+                    bundle_id: bundle.uuid,
+                })
+            })
+            .collect();
+
+        saturating_add_assign!(block_engine_stats.num_bundles, bundles.len() as u64);
+        saturating_add_assign!(
+            block_engine_stats.num_bundle_packets,
+            bundles.iter().map(|bundle| bundle.batch.len() as u64).sum()
+        );
+
+        // NOTE: bundles are sanitized in bundle_sanitizer module
+        bundle_sender
+            .send(bundles)
+            .map_err(|_| ProxyError::PacketForwardError)
+    }
+
+    fn handle_block_engine_packets(
+        resp: block_engine::SubscribePacketsResponse,
+        packet_tx: &Sender<PacketBatch>,
+        banking_packet_sender: &BankingPacketSender,
+        trust_packets: bool,
+        block_engine_stats: &mut BlockEngineStageStats,
+    ) -> crate::proxy::Result<()> {
+        if let Some(batch) = resp.batch {
+            if batch.packets.is_empty() {
+                saturating_add_assign!(block_engine_stats.num_empty_packets, 1);
+                return Ok(());
+            }
+
+            let packet_batch = PacketBatch::new(
+                batch
+                    .packets
+                    .into_iter()
+                    .map(proto_packet_to_packet)
+                    .collect(),
+            );
+
+            saturating_add_assign!(block_engine_stats.num_packets, packet_batch.len() as u64);
+
+            if trust_packets {
+                banking_packet_sender
+                    .send(Arc::new((vec![packet_batch], None)))
+                    .map_err(|_| ProxyError::PacketForwardError)?;
+            } else {
+                packet_tx
+                    .send(packet_batch)
+                    .map_err(|_| ProxyError::PacketForwardError)?;
+            }
+        } else {
+            saturating_add_assign!(block_engine_stats.num_empty_packets, 1);
+        }
+
+        Ok(())
+    }
+
+    pub fn is_valid_block_engine_config(config: &BlockEngineConfig) -> bool {
+        if config.block_engine_url.is_empty() {
+            warn!("can't connect to block_engine. missing block_engine_url.");
+            return false;
+        }
+        if let Err(e) = Endpoint::from_str(&config.block_engine_url) {
+            error!(
+                "can't connect to block engine. error creating block engine endpoint - {}",
+                e.to_string()
+            );
+            return false;
+        }
+        true
+    }
+}
diff --git a/core/src/proxy/fetch_stage_manager.rs b/core/src/proxy/fetch_stage_manager.rs
new file mode 100644
index 0000000000..0d26c001a7
--- /dev/null
+++ b/core/src/proxy/fetch_stage_manager.rs
@@ -0,0 +1,170 @@
+use {
+    crate::proxy::{HeartbeatEvent, ProxyError},
+    crossbeam_channel::{select, tick, Receiver, Sender},
+    solana_client::connection_cache::Protocol,
+    solana_gossip::{cluster_info::ClusterInfo, contact_info},
+    solana_perf::packet::PacketBatch,
+    std::{
+        net::SocketAddr,
+        sync::{
+            atomic::{AtomicBool, Ordering},
+            Arc,
+        },
+        thread::{self, Builder, JoinHandle},
+        time::{Duration, Instant},
+    },
+};
+
+const HEARTBEAT_TIMEOUT: Duration = Duration::from_millis(1500); // Empirically determined from load testing
+const DISCONNECT_DELAY: Duration = Duration::from_secs(60);
+const METRICS_CADENCE: Duration = Duration::from_secs(1);
+
+/// Manages switching between the validator's tpu ports and that of the proxy's.
+/// Switch-overs are triggered by late and missed heartbeats.    
+pub struct FetchStageManager {
+    t_hdl: JoinHandle<()>,
+}
+
+impl FetchStageManager {
+    pub fn new(
+        // ClusterInfo is used to switch between advertising the proxy's TPU ports and that of this validator's.
+        cluster_info: Arc<ClusterInfo>,
+        // Channel that heartbeats are received from. Entirely responsible for triggering switch-overs.
+        heartbeat_rx: Receiver<HeartbeatEvent>,
+        // Channel that packets from FetchStage are intercepted from.
+        packet_intercept_rx: Receiver<PacketBatch>,
+        // Intercepted packets get piped through here.
+        packet_tx: Sender<PacketBatch>,
+        exit: Arc<AtomicBool>,
+    ) -> Self {
+        let t_hdl = Self::start(
+            cluster_info,
+            heartbeat_rx,
+            packet_intercept_rx,
+            packet_tx,
+            exit,
+        );
+
+        Self { t_hdl }
+    }
+
+    /// Disconnect fetch behaviour
+    /// Starts connected
+    /// When connected and a packet is received, forward it
+    /// When disconnected, packet is dropped
+    /// When receiving heartbeat while connected and not pending disconnect
+    ///      Sets pending_disconnect to true and records time
+    /// When receiving heartbeat while connected, and pending for > DISCONNECT_DELAY_SEC
+    ///      Sets fetch_connected to false, pending_disconnect to false
+    ///      Advertises TPU ports sent in heartbeat
+    /// When tick is received without heartbeat_received
+    ///      Sets fetch_connected to true, pending_disconnect to false
+    ///      Advertises saved contact info
+    fn start(
+        cluster_info: Arc<ClusterInfo>,
+        heartbeat_rx: Receiver<HeartbeatEvent>,
+        packet_intercept_rx: Receiver<PacketBatch>,
+        packet_tx: Sender<PacketBatch>,
+        exit: Arc<AtomicBool>,
+    ) -> JoinHandle<()> {
+        Builder::new().name("fetch-stage-manager".into()).spawn(move || {
+            let my_fallback_contact_info = cluster_info.my_contact_info();
+
+            let mut fetch_connected = true;
+            let mut heartbeat_received = false;
+            let mut pending_disconnect = false;
+
+            let mut pending_disconnect_ts = Instant::now();
+
+            let heartbeat_tick = tick(HEARTBEAT_TIMEOUT);
+            let metrics_tick = tick(METRICS_CADENCE);
+            let mut packets_forwarded = 0;
+            let mut heartbeats_received = 0;
+            loop {
+                select! {
+                    recv(packet_intercept_rx) -> pkt => {
+                        match pkt {
+                            Ok(pkt) => {
+                                if fetch_connected {
+                                    if packet_tx.send(pkt).is_err() {
+                                        error!("{:?}", ProxyError::PacketForwardError);
+                                        return;
+                                    }
+                                    packets_forwarded += 1;
+                                }
+                            }
+                            Err(_) => {
+                                warn!("packet intercept receiver disconnected, shutting down");
+                                return;
+                            }
+                        }
+                    }
+                    recv(heartbeat_tick) -> _ => {
+                        if exit.load(Ordering::Relaxed) {
+                            break;
+                        }
+                        if !heartbeat_received && (!fetch_connected || pending_disconnect) {
+                            warn!("heartbeat late, reconnecting fetch stage");
+                            fetch_connected = true;
+                            pending_disconnect = false;
+
+                            // yes, using UDP here is extremely confusing for the validator
+                            // since the entire network is running QUIC. However, it's correct.
+                            if let Err(e) = Self::set_tpu_addresses(&cluster_info, my_fallback_contact_info.tpu(Protocol::UDP).unwrap(), my_fallback_contact_info.tpu_forwards(Protocol::UDP).unwrap()) {
+                                error!("error setting tpu or tpu_fwd to ({:?}, {:?}), error: {:?}", my_fallback_contact_info.tpu(Protocol::UDP).unwrap(), my_fallback_contact_info.tpu_forwards(Protocol::UDP).unwrap(), e);
+                            }
+                            heartbeats_received = 0;
+                        }
+                        heartbeat_received = false;
+                    }
+                    recv(heartbeat_rx) -> tpu_info => {
+                        if let Ok((tpu_addr, tpu_forward_addr)) = tpu_info {
+                            heartbeats_received += 1;
+                            heartbeat_received = true;
+                            if fetch_connected && !pending_disconnect {
+                                info!("received heartbeat while fetch stage connected, pending disconnect after delay");
+                                pending_disconnect_ts = Instant::now();
+                                pending_disconnect = true;
+                            }
+                            if fetch_connected && pending_disconnect && pending_disconnect_ts.elapsed() > DISCONNECT_DELAY {
+                                info!("disconnecting fetch stage");
+                                fetch_connected = false;
+                                pending_disconnect = false;
+                                if let Err(e) = Self::set_tpu_addresses(&cluster_info, tpu_addr, tpu_forward_addr) {
+                                    error!("error setting tpu or tpu_fwd to ({:?}, {:?}), error: {:?}", tpu_addr, tpu_forward_addr, e);
+                                }
+                            }
+                        } else {
+                            {
+                                warn!("relayer heartbeat receiver disconnected, shutting down");
+                                return;
+                            }
+                        }
+                    }
+                    recv(metrics_tick) -> _ => {
+                        datapoint_info!(
+                            "relayer-heartbeat",
+                            ("fetch_stage_packets_forwarded", packets_forwarded, i64),
+                            ("heartbeats_received", heartbeats_received, i64),
+                        );
+
+                    }
+                }
+            }
+        }).unwrap()
+    }
+
+    fn set_tpu_addresses(
+        cluster_info: &Arc<ClusterInfo>,
+        tpu_address: SocketAddr,
+        tpu_forward_address: SocketAddr,
+    ) -> Result<(), contact_info::Error> {
+        cluster_info.set_tpu(tpu_address)?;
+        cluster_info.set_tpu_forwards(tpu_forward_address)?;
+        Ok(())
+    }
+
+    pub fn join(self) -> thread::Result<()> {
+        self.t_hdl.join()
+    }
+}
diff --git a/core/src/proxy/mod.rs b/core/src/proxy/mod.rs
new file mode 100644
index 0000000000..86d48482aa
--- /dev/null
+++ b/core/src/proxy/mod.rs
@@ -0,0 +1,100 @@
+//! This module contains logic for connecting to an external Relayer and Block Engine.
+//! The Relayer acts as an external TPU and TPU Forward socket while the Block Engine
+//! is tasked with streaming high value bundles to the validator. The validator can run
+//! in one of 3 modes:
+//!     1. Connected to Relayer and Block Engine.
+//!         - This is the ideal mode as it increases the probability of building the most profitable blocks.
+//!     2. Connected only to Relayer.
+//!         - A validator may choose to run in this mode if the main concern is to offload ingress traffic deduplication and sig-verification.
+//!     3. Connected only to Block Engine.
+//!         - Running in this mode means pending transactions are not exposed to external actors. This mode is ideal if the validator wishes
+//!           to accept bundles while maintaining some level of privacy for in-flight transactions.
+
+mod auth;
+pub mod block_engine_stage;
+pub mod fetch_stage_manager;
+pub mod relayer_stage;
+
+use {
+    std::{
+        net::{AddrParseError, SocketAddr},
+        result,
+    },
+    thiserror::Error,
+    tonic::Status,
+};
+
+type Result<T> = result::Result<T, ProxyError>;
+type HeartbeatEvent = (SocketAddr, SocketAddr);
+
+#[derive(Error, Debug)]
+pub enum ProxyError {
+    #[error("grpc error: {0}")]
+    GrpcError(#[from] Status),
+
+    #[error("stream disconnected")]
+    GrpcStreamDisconnected,
+
+    #[error("heartbeat error")]
+    HeartbeatChannelError,
+
+    #[error("heartbeat expired")]
+    HeartbeatExpired,
+
+    #[error("error forwarding packet to banking stage")]
+    PacketForwardError,
+
+    #[error("missing tpu config: {0:?}")]
+    MissingTpuSocket(String),
+
+    #[error("invalid socket address: {0:?}")]
+    InvalidSocketAddress(#[from] AddrParseError),
+
+    #[error("invalid gRPC data: {0:?}")]
+    InvalidData(String),
+
+    #[error("timeout: {0:?}")]
+    ConnectionError(#[from] tonic::transport::Error),
+
+    #[error("AuthenticationConnectionTimeout")]
+    AuthenticationConnectionTimeout,
+
+    #[error("AuthenticationTimeout")]
+    AuthenticationTimeout,
+
+    #[error("AuthenticationConnectionError: {0:?}")]
+    AuthenticationConnectionError(String),
+
+    #[error("BlockEngineConnectionTimeout")]
+    BlockEngineConnectionTimeout,
+
+    #[error("BlockEngineTimeout")]
+    BlockEngineTimeout,
+
+    #[error("BlockEngineConnectionError: {0:?}")]
+    BlockEngineConnectionError(String),
+
+    #[error("RelayerConnectionTimeout")]
+    RelayerConnectionTimeout,
+
+    #[error("RelayerTimeout")]
+    RelayerEngineTimeout,
+
+    #[error("RelayerConnectionError: {0:?}")]
+    RelayerConnectionError(String),
+
+    #[error("AuthenticationError: {0:?}")]
+    AuthenticationError(String),
+
+    #[error("AuthenticationPermissionDenied")]
+    AuthenticationPermissionDenied,
+
+    #[error("BadAuthenticationToken: {0:?}")]
+    BadAuthenticationToken(String),
+
+    #[error("MethodTimeout: {0:?}")]
+    MethodTimeout(String),
+
+    #[error("MethodError: {0:?}")]
+    MethodError(String),
+}
diff --git a/core/src/proxy/relayer_stage.rs b/core/src/proxy/relayer_stage.rs
new file mode 100644
index 0000000000..0c8ce22877
--- /dev/null
+++ b/core/src/proxy/relayer_stage.rs
@@ -0,0 +1,515 @@
+//! Maintains a connection to the Relayer.
+//!
+//! The external Relayer is responsible for the following:
+//! - Acts as a TPU proxy.
+//! - Sends transactions to the validator.
+//! - Does not bundles to avoid DOS vector.
+//! - When validator connects, it changes its TPU and TPU forward address to the relayer.
+//! - Expected to send heartbeat to validator as watchdog. If watchdog times out, the validator
+//!   disconnects and reverts the TPU and TPU forward settings.
+
+use {
+    crate::{
+        banking_trace::BankingPacketSender,
+        proto_packet_to_packet,
+        proxy::{
+            auth::{generate_auth_tokens, maybe_refresh_auth_tokens, AuthInterceptor},
+            HeartbeatEvent, ProxyError,
+        },
+    },
+    crossbeam_channel::Sender,
+    jito_protos::proto::{
+        auth::{auth_service_client::AuthServiceClient, Token},
+        relayer::{self, relayer_client::RelayerClient},
+    },
+    solana_gossip::cluster_info::ClusterInfo,
+    solana_perf::packet::PacketBatch,
+    solana_sdk::{
+        saturating_add_assign,
+        signature::{Keypair, Signer},
+    },
+    std::{
+        net::{IpAddr, Ipv4Addr, SocketAddr},
+        str::FromStr,
+        sync::{
+            atomic::{AtomicBool, Ordering},
+            Arc, Mutex,
+        },
+        thread::{self, Builder, JoinHandle},
+        time::{Duration, Instant},
+    },
+    tokio::{
+        task,
+        time::{interval, sleep, timeout},
+    },
+    tonic::{
+        codegen::InterceptedService,
+        transport::{Channel, Endpoint},
+        Streaming,
+    },
+};
+
+const CONNECTION_TIMEOUT_S: u64 = 10;
+const CONNECTION_BACKOFF_S: u64 = 5;
+
+#[derive(Default)]
+struct RelayerStageStats {
+    num_empty_messages: u64,
+    num_packets: u64,
+    num_heartbeats: u64,
+}
+
+impl RelayerStageStats {
+    pub(crate) fn report(&self) {
+        datapoint_info!(
+            "relayer_stage-stats",
+            ("num_empty_messages", self.num_empty_messages, i64),
+            ("num_packets", self.num_packets, i64),
+            ("num_heartbeats", self.num_heartbeats, i64),
+        );
+    }
+}
+
+#[derive(Clone, Debug, Default, PartialEq, Eq)]
+pub struct RelayerConfig {
+    /// Relayer URL
+    pub relayer_url: String,
+
+    /// Interval at which heartbeats are expected.
+    pub expected_heartbeat_interval: Duration,
+
+    /// The max tolerable age of the last heartbeat.
+    pub oldest_allowed_heartbeat: Duration,
+
+    /// If set then it will be assumed the backend verified packets so signature verification will be bypassed in the validator.
+    pub trust_packets: bool,
+}
+
+pub struct RelayerStage {
+    t_hdls: Vec<JoinHandle<()>>,
+}
+
+impl RelayerStage {
+    pub fn new(
+        relayer_config: Arc<Mutex<RelayerConfig>>,
+        // The keypair stored here is used to sign auth challenges.
+        cluster_info: Arc<ClusterInfo>,
+        // Channel that server-sent heartbeats are piped through.
+        heartbeat_tx: Sender<HeartbeatEvent>,
+        // Channel that non-trusted streamed packets are piped through.
+        packet_tx: Sender<PacketBatch>,
+        // Channel that trusted streamed packets are piped through.
+        banking_packet_sender: BankingPacketSender,
+        exit: Arc<AtomicBool>,
+    ) -> Self {
+        let thread = Builder::new()
+            .name("relayer-stage".to_string())
+            .spawn(move || {
+                let rt = tokio::runtime::Builder::new_multi_thread()
+                    .enable_all()
+                    .build()
+                    .unwrap();
+
+                rt.block_on(Self::start(
+                    relayer_config,
+                    cluster_info,
+                    heartbeat_tx,
+                    packet_tx,
+                    banking_packet_sender,
+                    exit,
+                ));
+            })
+            .unwrap();
+
+        Self {
+            t_hdls: vec![thread],
+        }
+    }
+
+    pub fn join(self) -> thread::Result<()> {
+        for t in self.t_hdls {
+            t.join()?;
+        }
+        Ok(())
+    }
+
+    #[allow(clippy::too_many_arguments)]
+    async fn start(
+        relayer_config: Arc<Mutex<RelayerConfig>>,
+        cluster_info: Arc<ClusterInfo>,
+        heartbeat_tx: Sender<HeartbeatEvent>,
+        packet_tx: Sender<PacketBatch>,
+        banking_packet_sender: BankingPacketSender,
+        exit: Arc<AtomicBool>,
+    ) {
+        const CONNECTION_TIMEOUT: Duration = Duration::from_secs(CONNECTION_TIMEOUT_S);
+        const CONNECTION_BACKOFF: Duration = Duration::from_secs(CONNECTION_BACKOFF_S);
+
+        let mut error_count: u64 = 0;
+
+        while !exit.load(Ordering::Relaxed) {
+            // Wait until a valid config is supplied (either initially or by admin rpc)
+            // Use if!/else here to avoid extra CONNECTION_BACKOFF wait on successful termination
+            let local_relayer_config = {
+                let relayer_config = relayer_config.clone();
+                task::spawn_blocking(move || relayer_config.lock().unwrap().clone())
+                    .await
+                    .expect("Failed to get execute tokio task.")
+            };
+            if !Self::is_valid_relayer_config(&local_relayer_config) {
+                sleep(CONNECTION_BACKOFF).await;
+            } else if let Err(e) = Self::connect_auth_and_stream(
+                &local_relayer_config,
+                &relayer_config,
+                &cluster_info,
+                &heartbeat_tx,
+                &packet_tx,
+                &banking_packet_sender,
+                &exit,
+                &CONNECTION_TIMEOUT,
+            )
+            .await
+            {
+                match e {
+                    // This error is frequent on hot spares, and the parsed string does not work
+                    // with datapoints (incorrect escaping).
+                    ProxyError::AuthenticationPermissionDenied => {
+                        warn!("relayer permission denied. not on leader schedule. ignore if hot-spare.")
+                    }
+                    e => {
+                        error_count += 1;
+                        datapoint_warn!(
+                            "relayer_stage-proxy_error",
+                            ("count", error_count, i64),
+                            ("error", e.to_string(), String),
+                        );
+                    }
+                }
+                sleep(CONNECTION_BACKOFF).await;
+            }
+        }
+    }
+
+    async fn connect_auth_and_stream(
+        local_relayer_config: &RelayerConfig,
+        global_relayer_config: &Arc<Mutex<RelayerConfig>>,
+        cluster_info: &Arc<ClusterInfo>,
+        heartbeat_tx: &Sender<HeartbeatEvent>,
+        packet_tx: &Sender<PacketBatch>,
+        banking_packet_sender: &BankingPacketSender,
+        exit: &Arc<AtomicBool>,
+        connection_timeout: &Duration,
+    ) -> crate::proxy::Result<()> {
+        // Get a copy of configs here in case they have changed at runtime
+        let keypair = cluster_info.keypair().clone();
+
+        let mut backend_endpoint = Endpoint::from_shared(local_relayer_config.relayer_url.clone())
+            .map_err(|_| {
+                ProxyError::RelayerConnectionError(format!(
+                    "invalid relayer url value: {}",
+                    local_relayer_config.relayer_url
+                ))
+            })?
+            .tcp_keepalive(Some(Duration::from_secs(60)));
+        if local_relayer_config.relayer_url.starts_with("https") {
+            backend_endpoint = backend_endpoint
+                .tls_config(tonic::transport::ClientTlsConfig::new())
+                .map_err(|_| {
+                    ProxyError::RelayerConnectionError(
+                        "failed to set tls_config for relayer service".to_string(),
+                    )
+                })?;
+        }
+
+        debug!("connecting to auth: {}", local_relayer_config.relayer_url);
+        let auth_channel = timeout(*connection_timeout, backend_endpoint.connect())
+            .await
+            .map_err(|_| ProxyError::AuthenticationConnectionTimeout)?
+            .map_err(|e| ProxyError::AuthenticationConnectionError(e.to_string()))?;
+
+        let mut auth_client = AuthServiceClient::new(auth_channel);
+
+        debug!("generating authentication token");
+        let (access_token, refresh_token) = timeout(
+            *connection_timeout,
+            generate_auth_tokens(&mut auth_client, &keypair),
+        )
+        .await
+        .map_err(|_| ProxyError::AuthenticationTimeout)??;
+
+        datapoint_info!(
+            "relayer_stage-tokens_generated",
+            ("url", local_relayer_config.relayer_url, String),
+            ("count", 1, i64),
+        );
+
+        debug!(
+            "connecting to relayer: {}",
+            local_relayer_config.relayer_url
+        );
+        let relayer_channel = timeout(*connection_timeout, backend_endpoint.connect())
+            .await
+            .map_err(|_| ProxyError::RelayerConnectionTimeout)?
+            .map_err(|e| ProxyError::RelayerConnectionError(e.to_string()))?;
+
+        let access_token = Arc::new(Mutex::new(access_token));
+        let relayer_client = RelayerClient::with_interceptor(
+            relayer_channel,
+            AuthInterceptor::new(access_token.clone()),
+        );
+
+        Self::start_consuming_relayer_packets(
+            relayer_client,
+            heartbeat_tx,
+            packet_tx,
+            banking_packet_sender,
+            local_relayer_config,
+            global_relayer_config,
+            exit,
+            auth_client,
+            access_token,
+            refresh_token,
+            keypair,
+            cluster_info,
+            connection_timeout,
+        )
+        .await
+    }
+
+    #[allow(clippy::too_many_arguments)]
+    async fn start_consuming_relayer_packets(
+        mut client: RelayerClient<InterceptedService<Channel, AuthInterceptor>>,
+        heartbeat_tx: &Sender<HeartbeatEvent>,
+        packet_tx: &Sender<PacketBatch>,
+        banking_packet_sender: &BankingPacketSender,
+        local_config: &RelayerConfig, // local copy of config with current connections
+        global_config: &Arc<Mutex<RelayerConfig>>, // guarded reference for detecting run-time updates
+        exit: &Arc<AtomicBool>,
+        auth_client: AuthServiceClient<Channel>,
+        access_token: Arc<Mutex<Token>>,
+        refresh_token: Token,
+        keypair: Arc<Keypair>,
+        cluster_info: &Arc<ClusterInfo>,
+        connection_timeout: &Duration,
+    ) -> crate::proxy::Result<()> {
+        let heartbeat_event: HeartbeatEvent = {
+            let tpu_config = timeout(
+                *connection_timeout,
+                client.get_tpu_configs(relayer::GetTpuConfigsRequest {}),
+            )
+            .await
+            .map_err(|_| ProxyError::MethodTimeout("relayer_get_tpu_configs".to_string()))?
+            .map_err(|e| ProxyError::MethodError(e.to_string()))?
+            .into_inner();
+
+            let tpu_addr = tpu_config
+                .tpu
+                .ok_or_else(|| ProxyError::MissingTpuSocket("tpu".to_string()))?;
+            let tpu_forward_addr = tpu_config
+                .tpu_forward
+                .ok_or_else(|| ProxyError::MissingTpuSocket("tpu_fwd".to_string()))?;
+
+            let tpu_ip = IpAddr::from(tpu_addr.ip.parse::<Ipv4Addr>()?);
+            let tpu_forward_ip = IpAddr::from(tpu_forward_addr.ip.parse::<Ipv4Addr>()?);
+
+            let tpu_socket = SocketAddr::new(tpu_ip, tpu_addr.port as u16);
+            let tpu_forward_socket = SocketAddr::new(tpu_forward_ip, tpu_forward_addr.port as u16);
+            (tpu_socket, tpu_forward_socket)
+        };
+
+        let packet_stream = timeout(
+            *connection_timeout,
+            client.subscribe_packets(relayer::SubscribePacketsRequest {}),
+        )
+        .await
+        .map_err(|_| ProxyError::MethodTimeout("relayer_subscribe_packets".to_string()))?
+        .map_err(|e| ProxyError::MethodError(e.to_string()))?
+        .into_inner();
+
+        Self::consume_packet_stream(
+            heartbeat_event,
+            heartbeat_tx,
+            packet_stream,
+            packet_tx,
+            local_config,
+            global_config,
+            banking_packet_sender,
+            exit,
+            auth_client,
+            access_token,
+            refresh_token,
+            keypair,
+            cluster_info,
+            connection_timeout,
+        )
+        .await
+    }
+
+    #[allow(clippy::too_many_arguments)]
+    async fn consume_packet_stream(
+        heartbeat_event: HeartbeatEvent,
+        heartbeat_tx: &Sender<HeartbeatEvent>,
+        mut packet_stream: Streaming<relayer::SubscribePacketsResponse>,
+        packet_tx: &Sender<PacketBatch>,
+        local_config: &RelayerConfig, // local copy of config with current connections
+        global_config: &Arc<Mutex<RelayerConfig>>, // guarded reference for detecting run-time updates
+        banking_packet_sender: &BankingPacketSender,
+        exit: &Arc<AtomicBool>,
+        mut auth_client: AuthServiceClient<Channel>,
+        access_token: Arc<Mutex<Token>>,
+        mut refresh_token: Token,
+        keypair: Arc<Keypair>,
+        cluster_info: &Arc<ClusterInfo>,
+        connection_timeout: &Duration,
+    ) -> crate::proxy::Result<()> {
+        const METRICS_TICK: Duration = Duration::from_secs(1);
+        let refresh_within_s: u64 = METRICS_TICK.as_secs().saturating_mul(3).saturating_div(2);
+
+        let mut relayer_stats = RelayerStageStats::default();
+        let mut metrics_and_auth_tick = interval(METRICS_TICK);
+
+        let mut num_full_refreshes: u64 = 1;
+        let mut num_refresh_access_token: u64 = 0;
+
+        let mut heartbeat_check_interval = interval(local_config.expected_heartbeat_interval);
+        let mut last_heartbeat_ts = Instant::now();
+
+        info!("connected to packet stream");
+
+        while !exit.load(Ordering::Relaxed) {
+            tokio::select! {
+                maybe_msg = packet_stream.message() => {
+                    let resp = maybe_msg?.ok_or(ProxyError::GrpcStreamDisconnected)?;
+                    Self::handle_relayer_packets(resp, heartbeat_event, heartbeat_tx, &mut last_heartbeat_ts, packet_tx, local_config.trust_packets, banking_packet_sender, &mut relayer_stats)?;
+                }
+                _ = heartbeat_check_interval.tick() => {
+                    if last_heartbeat_ts.elapsed() > local_config.oldest_allowed_heartbeat {
+                        return Err(ProxyError::HeartbeatExpired);
+                    }
+                }
+                _ = metrics_and_auth_tick.tick() => {
+                    relayer_stats.report();
+                    relayer_stats = RelayerStageStats::default();
+
+                    if cluster_info.id() != keypair.pubkey() {
+                        return Err(ProxyError::AuthenticationConnectionError("validator identity changed".to_string()));
+                    }
+
+                    let global_config = global_config.clone();
+                    if *local_config != task::spawn_blocking(move || global_config.lock().unwrap().clone())
+                        .await
+                        .unwrap() {
+                        return Err(ProxyError::AuthenticationConnectionError("relayer config changed".to_string()));
+                    }
+
+                    let (maybe_new_access, maybe_new_refresh) = maybe_refresh_auth_tokens(&mut auth_client,
+                        &access_token,
+                        &refresh_token,
+                        cluster_info,
+                        connection_timeout,
+                        refresh_within_s,
+                    ).await?;
+
+                    if let Some(new_token) = maybe_new_access {
+                        num_refresh_access_token += 1;
+                        datapoint_info!(
+                            "relayer_stage-refresh_access_token",
+                            ("url", &local_config.relayer_url, String),
+                            ("count", num_refresh_access_token, i64),
+                        );
+
+                        let access_token = access_token.clone();
+                        task::spawn_blocking(move || *access_token.lock().unwrap() = new_token)
+                            .await
+                            .unwrap();
+                    }
+                    if let Some(new_token) = maybe_new_refresh {
+                        num_full_refreshes += 1;
+                        datapoint_info!(
+                            "relayer_stage-tokens_generated",
+                            ("url", &local_config.relayer_url, String),
+                            ("count", num_full_refreshes, i64),
+                        );
+                        refresh_token = new_token;
+                    }
+                }
+            }
+        }
+        Ok(())
+    }
+
+    fn handle_relayer_packets(
+        subscribe_packets_resp: relayer::SubscribePacketsResponse,
+        heartbeat_event: HeartbeatEvent,
+        heartbeat_tx: &Sender<HeartbeatEvent>,
+        last_heartbeat_ts: &mut Instant,
+        packet_tx: &Sender<PacketBatch>,
+        trust_packets: bool,
+        banking_packet_sender: &BankingPacketSender,
+        relayer_stats: &mut RelayerStageStats,
+    ) -> crate::proxy::Result<()> {
+        match subscribe_packets_resp.msg {
+            None => {
+                saturating_add_assign!(relayer_stats.num_empty_messages, 1);
+            }
+            Some(relayer::subscribe_packets_response::Msg::Batch(proto_batch)) => {
+                if proto_batch.packets.is_empty() {
+                    saturating_add_assign!(relayer_stats.num_empty_messages, 1);
+                    return Ok(());
+                }
+
+                let packet_batch = PacketBatch::new(
+                    proto_batch
+                        .packets
+                        .into_iter()
+                        .map(proto_packet_to_packet)
+                        .collect(),
+                );
+
+                saturating_add_assign!(relayer_stats.num_packets, packet_batch.len() as u64);
+
+                if trust_packets {
+                    banking_packet_sender
+                        .send(Arc::new((vec![packet_batch], None)))
+                        .map_err(|_| ProxyError::PacketForwardError)?;
+                } else {
+                    packet_tx
+                        .send(packet_batch)
+                        .map_err(|_| ProxyError::PacketForwardError)?;
+                }
+            }
+            Some(relayer::subscribe_packets_response::Msg::Heartbeat(_)) => {
+                saturating_add_assign!(relayer_stats.num_heartbeats, 1);
+
+                *last_heartbeat_ts = Instant::now();
+                heartbeat_tx
+                    .send(heartbeat_event)
+                    .map_err(|_| ProxyError::HeartbeatChannelError)?;
+            }
+        }
+        Ok(())
+    }
+
+    pub fn is_valid_relayer_config(config: &RelayerConfig) -> bool {
+        if config.relayer_url.is_empty() {
+            warn!("can't connect to relayer. missing relayer_url.");
+            return false;
+        }
+        if config.oldest_allowed_heartbeat.is_zero() {
+            error!("can't connect to relayer. oldest allowed heartbeat must be greater than 0.");
+            return false;
+        }
+        if config.expected_heartbeat_interval.is_zero() {
+            error!("can't connect to relayer. expected heartbeat interval must be greater than 0.");
+            return false;
+        }
+        if let Err(e) = Endpoint::from_str(&config.relayer_url) {
+            error!(
+                "can't connect to relayer. error creating relayer endpoint - {}",
+                e.to_string()
+            );
+            return false;
+        }
+        true
+    }
+}
diff --git a/core/src/tip_manager.rs b/core/src/tip_manager.rs
new file mode 100644
index 0000000000..397dfffea1
--- /dev/null
+++ b/core/src/tip_manager.rs
@@ -0,0 +1,588 @@
+use {
+    crate::proxy::block_engine_stage::BlockBuilderFeeInfo,
+    anchor_lang::{AccountDeserialize, InstructionData, ToAccountMetas},
+    jito_tip_distribution::sdk::{
+        derive_config_account_address, derive_tip_distribution_account_address,
+        instruction::{
+            initialize_ix, initialize_tip_distribution_account_ix, InitializeAccounts,
+            InitializeArgs, InitializeTipDistributionAccountAccounts,
+            InitializeTipDistributionAccountArgs,
+        },
+    },
+    jito_tip_payment::{
+        Config, InitBumps, TipPaymentAccount, CONFIG_ACCOUNT_SEED, TIP_ACCOUNT_SEED_0,
+        TIP_ACCOUNT_SEED_1, TIP_ACCOUNT_SEED_2, TIP_ACCOUNT_SEED_3, TIP_ACCOUNT_SEED_4,
+        TIP_ACCOUNT_SEED_5, TIP_ACCOUNT_SEED_6, TIP_ACCOUNT_SEED_7,
+    },
+    log::warn,
+    solana_bundle::TipError,
+    solana_runtime::bank::Bank,
+    solana_sdk::{
+        account::ReadableAccount,
+        bundle::{derive_bundle_id_from_sanitized_transactions, SanitizedBundle},
+        instruction::Instruction,
+        pubkey::Pubkey,
+        signature::Keypair,
+        signer::Signer,
+        stake_history::Epoch,
+        system_program,
+        transaction::{SanitizedTransaction, Transaction},
+    },
+    std::{collections::HashSet, sync::Arc},
+};
+
+pub type Result<T> = std::result::Result<T, TipError>;
+
+#[derive(Debug, Clone)]
+struct TipPaymentProgramInfo {
+    program_id: Pubkey,
+
+    config_pda_bump: (Pubkey, u8),
+    tip_pda_0: (Pubkey, u8),
+    tip_pda_1: (Pubkey, u8),
+    tip_pda_2: (Pubkey, u8),
+    tip_pda_3: (Pubkey, u8),
+    tip_pda_4: (Pubkey, u8),
+    tip_pda_5: (Pubkey, u8),
+    tip_pda_6: (Pubkey, u8),
+    tip_pda_7: (Pubkey, u8),
+}
+
+/// Contains metadata regarding the tip-distribution account.
+/// The PDAs contained in this struct are presumed to be owned by the program.
+#[derive(Debug, Clone)]
+struct TipDistributionProgramInfo {
+    /// The tip-distribution program_id.
+    program_id: Pubkey,
+
+    /// Singleton [Config] PDA and bump tuple.
+    config_pda_and_bump: (Pubkey, u8),
+}
+
+/// This config is used on each invocation to the `initialize_tip_distribution_account` instruction.
+#[derive(Debug, Clone)]
+pub struct TipDistributionAccountConfig {
+    /// The account with authority to upload merkle-roots to this validator's [TipDistributionAccount].
+    pub merkle_root_upload_authority: Pubkey,
+
+    /// This validator's vote account.
+    pub vote_account: Pubkey,
+
+    /// This validator's commission rate BPS for tips in the [TipDistributionAccount].
+    pub commission_bps: u16,
+}
+
+impl Default for TipDistributionAccountConfig {
+    fn default() -> Self {
+        Self {
+            merkle_root_upload_authority: Pubkey::new_unique(),
+            vote_account: Pubkey::new_unique(),
+            commission_bps: 0,
+        }
+    }
+}
+
+#[derive(Debug, Clone)]
+pub struct TipManager {
+    tip_payment_program_info: TipPaymentProgramInfo,
+    tip_distribution_program_info: TipDistributionProgramInfo,
+    tip_distribution_account_config: TipDistributionAccountConfig,
+}
+
+#[derive(Clone)]
+pub struct TipManagerConfig {
+    pub tip_payment_program_id: Pubkey,
+    pub tip_distribution_program_id: Pubkey,
+    pub tip_distribution_account_config: TipDistributionAccountConfig,
+}
+
+impl Default for TipManagerConfig {
+    fn default() -> Self {
+        TipManagerConfig {
+            tip_payment_program_id: Pubkey::new_unique(),
+            tip_distribution_program_id: Pubkey::new_unique(),
+            tip_distribution_account_config: TipDistributionAccountConfig::default(),
+        }
+    }
+}
+
+impl TipManager {
+    pub fn new(config: TipManagerConfig) -> TipManager {
+        let TipManagerConfig {
+            tip_payment_program_id,
+            tip_distribution_program_id,
+            tip_distribution_account_config,
+        } = config;
+
+        let config_pda_bump =
+            Pubkey::find_program_address(&[CONFIG_ACCOUNT_SEED], &tip_payment_program_id);
+
+        let tip_pda_0 =
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_0], &tip_payment_program_id);
+        let tip_pda_1 =
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_1], &tip_payment_program_id);
+        let tip_pda_2 =
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_2], &tip_payment_program_id);
+        let tip_pda_3 =
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_3], &tip_payment_program_id);
+        let tip_pda_4 =
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_4], &tip_payment_program_id);
+        let tip_pda_5 =
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_5], &tip_payment_program_id);
+        let tip_pda_6 =
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_6], &tip_payment_program_id);
+        let tip_pda_7 =
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_7], &tip_payment_program_id);
+
+        let config_pda_and_bump = derive_config_account_address(&tip_distribution_program_id);
+
+        TipManager {
+            tip_payment_program_info: TipPaymentProgramInfo {
+                program_id: tip_payment_program_id,
+                config_pda_bump,
+                tip_pda_0,
+                tip_pda_1,
+                tip_pda_2,
+                tip_pda_3,
+                tip_pda_4,
+                tip_pda_5,
+                tip_pda_6,
+                tip_pda_7,
+            },
+            tip_distribution_program_info: TipDistributionProgramInfo {
+                program_id: tip_distribution_program_id,
+                config_pda_and_bump,
+            },
+            tip_distribution_account_config,
+        }
+    }
+
+    pub fn tip_payment_program_id(&self) -> Pubkey {
+        self.tip_payment_program_info.program_id
+    }
+
+    pub fn tip_distribution_program_id(&self) -> Pubkey {
+        self.tip_distribution_program_info.program_id
+    }
+
+    /// Returns the [Config] account owned by the tip-payment program.
+    pub fn tip_payment_config_pubkey(&self) -> Pubkey {
+        self.tip_payment_program_info.config_pda_bump.0
+    }
+
+    /// Returns the [Config] account owned by the tip-distribution program.
+    pub fn tip_distribution_config_pubkey(&self) -> Pubkey {
+        self.tip_distribution_program_info.config_pda_and_bump.0
+    }
+
+    /// Given a bank, returns the current `tip_receiver` configured with the tip-payment program.
+    pub fn get_configured_tip_receiver(&self, bank: &Bank) -> Result<Pubkey> {
+        Ok(self.get_tip_payment_config_account(bank)?.tip_receiver)
+    }
+
+    pub fn get_tip_accounts(&self) -> HashSet<Pubkey> {
+        HashSet::from([
+            self.tip_payment_program_info.tip_pda_0.0,
+            self.tip_payment_program_info.tip_pda_1.0,
+            self.tip_payment_program_info.tip_pda_2.0,
+            self.tip_payment_program_info.tip_pda_3.0,
+            self.tip_payment_program_info.tip_pda_4.0,
+            self.tip_payment_program_info.tip_pda_5.0,
+            self.tip_payment_program_info.tip_pda_6.0,
+            self.tip_payment_program_info.tip_pda_7.0,
+        ])
+    }
+
+    pub fn get_tip_payment_config_account(&self, bank: &Bank) -> Result<Config> {
+        let config_data = bank
+            .get_account(&self.tip_payment_program_info.config_pda_bump.0)
+            .ok_or(TipError::AccountMissing(
+                self.tip_payment_program_info.config_pda_bump.0,
+            ))?;
+
+        Ok(Config::try_deserialize(&mut config_data.data())?)
+    }
+
+    /// Only called once during contract creation.
+    pub fn initialize_tip_payment_program_tx(
+        &self,
+        bank: &Bank,
+        keypair: &Keypair,
+    ) -> SanitizedTransaction {
+        let init_ix = Instruction {
+            program_id: self.tip_payment_program_info.program_id,
+            data: jito_tip_payment::instruction::Initialize {
+                _bumps: InitBumps {
+                    config: self.tip_payment_program_info.config_pda_bump.1,
+                    tip_payment_account_0: self.tip_payment_program_info.tip_pda_0.1,
+                    tip_payment_account_1: self.tip_payment_program_info.tip_pda_1.1,
+                    tip_payment_account_2: self.tip_payment_program_info.tip_pda_2.1,
+                    tip_payment_account_3: self.tip_payment_program_info.tip_pda_3.1,
+                    tip_payment_account_4: self.tip_payment_program_info.tip_pda_4.1,
+                    tip_payment_account_5: self.tip_payment_program_info.tip_pda_5.1,
+                    tip_payment_account_6: self.tip_payment_program_info.tip_pda_6.1,
+                    tip_payment_account_7: self.tip_payment_program_info.tip_pda_7.1,
+                },
+            }
+            .data(),
+            accounts: jito_tip_payment::accounts::Initialize {
+                config: self.tip_payment_program_info.config_pda_bump.0,
+                tip_payment_account_0: self.tip_payment_program_info.tip_pda_0.0,
+                tip_payment_account_1: self.tip_payment_program_info.tip_pda_1.0,
+                tip_payment_account_2: self.tip_payment_program_info.tip_pda_2.0,
+                tip_payment_account_3: self.tip_payment_program_info.tip_pda_3.0,
+                tip_payment_account_4: self.tip_payment_program_info.tip_pda_4.0,
+                tip_payment_account_5: self.tip_payment_program_info.tip_pda_5.0,
+                tip_payment_account_6: self.tip_payment_program_info.tip_pda_6.0,
+                tip_payment_account_7: self.tip_payment_program_info.tip_pda_7.0,
+                system_program: system_program::id(),
+                payer: keypair.pubkey(),
+            }
+            .to_account_metas(None),
+        };
+        SanitizedTransaction::try_from_legacy_transaction(
+            Transaction::new_signed_with_payer(
+                &[init_ix],
+                Some(&keypair.pubkey()),
+                &[keypair],
+                bank.last_blockhash(),
+            ),
+            bank.get_reserved_account_keys(),
+        )
+        .unwrap()
+    }
+
+    /// Returns this validator's [TipDistributionAccount] PDA derived from the provided epoch.
+    pub fn get_my_tip_distribution_pda(&self, epoch: Epoch) -> Pubkey {
+        derive_tip_distribution_account_address(
+            &self.tip_distribution_program_info.program_id,
+            &self.tip_distribution_account_config.vote_account,
+            epoch,
+        )
+        .0
+    }
+
+    /// Returns whether or not the tip-payment program should be initialized.
+    pub fn should_initialize_tip_payment_program(&self, bank: &Bank) -> bool {
+        match bank.get_account(&self.tip_payment_config_pubkey()) {
+            None => true,
+            Some(account) => account.owner() != &self.tip_payment_program_info.program_id,
+        }
+    }
+
+    /// Returns whether or not the tip-distribution program's [Config] PDA should be initialized.
+    pub fn should_initialize_tip_distribution_config(&self, bank: &Bank) -> bool {
+        match bank.get_account(&self.tip_distribution_config_pubkey()) {
+            None => true,
+            Some(account) => account.owner() != &self.tip_distribution_program_info.program_id,
+        }
+    }
+
+    /// Returns whether or not the current [TipDistributionAccount] PDA should be initialized for this epoch.
+    pub fn should_init_tip_distribution_account(&self, bank: &Bank) -> bool {
+        let pda = derive_tip_distribution_account_address(
+            &self.tip_distribution_program_info.program_id,
+            &self.tip_distribution_account_config.vote_account,
+            bank.epoch(),
+        )
+        .0;
+        match bank.get_account(&pda) {
+            None => true,
+            // Since anyone can derive the PDA and send it lamports we must also check the owner is the program.
+            Some(account) => account.owner() != &self.tip_distribution_program_info.program_id,
+        }
+    }
+
+    /// Creates an [Initialize] transaction object.
+    pub fn initialize_tip_distribution_config_tx(
+        &self,
+        bank: &Bank,
+        kp: &Keypair,
+    ) -> SanitizedTransaction {
+        let ix = initialize_ix(
+            self.tip_distribution_program_info.program_id,
+            InitializeArgs {
+                authority: kp.pubkey(),
+                expired_funds_account: kp.pubkey(),
+                num_epochs_valid: 10,
+                max_validator_commission_bps: 10_000,
+                bump: self.tip_distribution_program_info.config_pda_and_bump.1,
+            },
+            InitializeAccounts {
+                config: self.tip_distribution_program_info.config_pda_and_bump.0,
+                system_program: system_program::id(),
+                initializer: kp.pubkey(),
+            },
+        );
+
+        SanitizedTransaction::try_from_legacy_transaction(
+            Transaction::new_signed_with_payer(
+                &[ix],
+                Some(&kp.pubkey()),
+                &[kp],
+                bank.last_blockhash(),
+            ),
+            bank.get_reserved_account_keys(),
+        )
+        .unwrap()
+    }
+
+    /// Creates an [InitializeTipDistributionAccount] transaction object using the provided Epoch.
+    pub fn initialize_tip_distribution_account_tx(
+        &self,
+        bank: &Bank,
+        keypair: &Keypair,
+    ) -> SanitizedTransaction {
+        let (tip_distribution_account, bump) = derive_tip_distribution_account_address(
+            &self.tip_distribution_program_info.program_id,
+            &self.tip_distribution_account_config.vote_account,
+            bank.epoch(),
+        );
+
+        let ix = initialize_tip_distribution_account_ix(
+            self.tip_distribution_program_info.program_id,
+            InitializeTipDistributionAccountArgs {
+                merkle_root_upload_authority: self
+                    .tip_distribution_account_config
+                    .merkle_root_upload_authority,
+                validator_commission_bps: self.tip_distribution_account_config.commission_bps,
+                bump,
+            },
+            InitializeTipDistributionAccountAccounts {
+                config: self.tip_distribution_program_info.config_pda_and_bump.0,
+                tip_distribution_account,
+                system_program: system_program::id(),
+                signer: keypair.pubkey(),
+                validator_vote_account: self.tip_distribution_account_config.vote_account,
+            },
+        );
+
+        SanitizedTransaction::try_from_legacy_transaction(
+            Transaction::new_signed_with_payer(
+                &[ix],
+                Some(&keypair.pubkey()),
+                &[keypair],
+                bank.last_blockhash(),
+            ),
+            bank.get_reserved_account_keys(),
+        )
+        .unwrap()
+    }
+
+    /// Builds a transaction that changes the current tip receiver to new_tip_receiver.
+    /// The on-chain program will transfer tips sitting in the tip accounts to the tip receiver
+    /// before changing ownership.
+    pub fn change_tip_receiver_and_block_builder_tx(
+        &self,
+        new_tip_receiver: &Pubkey,
+        bank: &Bank,
+        keypair: &Keypair,
+        block_builder: &Pubkey,
+        block_builder_commission: u64,
+    ) -> Result<SanitizedTransaction> {
+        let config = self.get_tip_payment_config_account(bank)?;
+        Ok(self.build_change_tip_receiver_and_block_builder_tx(
+            &config.tip_receiver,
+            new_tip_receiver,
+            bank,
+            keypair,
+            &config.block_builder,
+            block_builder,
+            block_builder_commission,
+        ))
+    }
+
+    pub fn build_change_tip_receiver_and_block_builder_tx(
+        &self,
+        old_tip_receiver: &Pubkey,
+        new_tip_receiver: &Pubkey,
+        bank: &Bank,
+        keypair: &Keypair,
+        old_block_builder: &Pubkey,
+        block_builder: &Pubkey,
+        block_builder_commission: u64,
+    ) -> SanitizedTransaction {
+        let change_tip_ix = Instruction {
+            program_id: self.tip_payment_program_info.program_id,
+            data: jito_tip_payment::instruction::ChangeTipReceiver {}.data(),
+            accounts: jito_tip_payment::accounts::ChangeTipReceiver {
+                config: self.tip_payment_program_info.config_pda_bump.0,
+                old_tip_receiver: *old_tip_receiver,
+                new_tip_receiver: *new_tip_receiver,
+                block_builder: *old_block_builder,
+                tip_payment_account_0: self.tip_payment_program_info.tip_pda_0.0,
+                tip_payment_account_1: self.tip_payment_program_info.tip_pda_1.0,
+                tip_payment_account_2: self.tip_payment_program_info.tip_pda_2.0,
+                tip_payment_account_3: self.tip_payment_program_info.tip_pda_3.0,
+                tip_payment_account_4: self.tip_payment_program_info.tip_pda_4.0,
+                tip_payment_account_5: self.tip_payment_program_info.tip_pda_5.0,
+                tip_payment_account_6: self.tip_payment_program_info.tip_pda_6.0,
+                tip_payment_account_7: self.tip_payment_program_info.tip_pda_7.0,
+                signer: keypair.pubkey(),
+            }
+            .to_account_metas(None),
+        };
+        let change_block_builder_ix = Instruction {
+            program_id: self.tip_payment_program_info.program_id,
+            data: jito_tip_payment::instruction::ChangeBlockBuilder {
+                block_builder_commission,
+            }
+            .data(),
+            accounts: jito_tip_payment::accounts::ChangeBlockBuilder {
+                config: self.tip_payment_program_info.config_pda_bump.0,
+                tip_receiver: *new_tip_receiver, // tip receiver will have just changed in previous ix
+                old_block_builder: *old_block_builder,
+                new_block_builder: *block_builder,
+                tip_payment_account_0: self.tip_payment_program_info.tip_pda_0.0,
+                tip_payment_account_1: self.tip_payment_program_info.tip_pda_1.0,
+                tip_payment_account_2: self.tip_payment_program_info.tip_pda_2.0,
+                tip_payment_account_3: self.tip_payment_program_info.tip_pda_3.0,
+                tip_payment_account_4: self.tip_payment_program_info.tip_pda_4.0,
+                tip_payment_account_5: self.tip_payment_program_info.tip_pda_5.0,
+                tip_payment_account_6: self.tip_payment_program_info.tip_pda_6.0,
+                tip_payment_account_7: self.tip_payment_program_info.tip_pda_7.0,
+                signer: keypair.pubkey(),
+            }
+            .to_account_metas(None),
+        };
+        SanitizedTransaction::try_from_legacy_transaction(
+            Transaction::new_signed_with_payer(
+                &[change_tip_ix, change_block_builder_ix],
+                Some(&keypair.pubkey()),
+                &[keypair],
+                bank.last_blockhash(),
+            ),
+            bank.get_reserved_account_keys(),
+        )
+        .unwrap()
+    }
+
+    /// Returns the balance of all the MEV tip accounts
+    pub fn get_tip_account_balances(&self, bank: &Arc<Bank>) -> Vec<(Pubkey, u64)> {
+        let accounts = self.get_tip_accounts();
+        accounts
+            .into_iter()
+            .map(|account| {
+                let balance = bank.get_balance(&account);
+                (account, balance)
+            })
+            .collect()
+    }
+
+    /// Returns the balance of all the MEV tip accounts above the rent-exempt amount.
+    /// NOTE: the on-chain program has rent_exempt = force
+    pub fn get_tip_account_balances_above_rent_exempt(
+        &self,
+        bank: &Arc<Bank>,
+    ) -> Vec<(Pubkey, u64)> {
+        let accounts = self.get_tip_accounts();
+        accounts
+            .into_iter()
+            .map(|account| {
+                let account_data = bank.get_account(&account).unwrap_or_default();
+                let balance = bank.get_balance(&account);
+                let rent_exempt =
+                    bank.get_minimum_balance_for_rent_exemption(account_data.data().len());
+                // NOTE: don't unwrap here in case bug in on-chain program, don't want all validators to crash
+                // if program gets stuck in bad state
+                (account, balance.checked_sub(rent_exempt).unwrap_or_else(|| {
+                    warn!("balance is below rent exempt amount. balance: {} rent_exempt: {} acc size: {}", balance, rent_exempt, TipPaymentAccount::SIZE);
+                    0
+                }))
+            })
+            .collect()
+    }
+
+    /// Return a bundle that is capable of calling the initialize instructions on the two tip payment programs
+    /// This is mainly helpful for local development and shouldn't run on testnet and mainnet, assuming the
+    /// correct TipManager configuration is set.
+    pub fn get_initialize_tip_programs_bundle(
+        &self,
+        bank: &Bank,
+        keypair: &Keypair,
+    ) -> Option<SanitizedBundle> {
+        let maybe_init_tip_payment_config_tx = if self.should_initialize_tip_payment_program(bank) {
+            debug!("should_initialize_tip_payment_program=true");
+            Some(self.initialize_tip_payment_program_tx(bank, keypair))
+        } else {
+            None
+        };
+
+        let maybe_init_tip_distro_config_tx =
+            if self.should_initialize_tip_distribution_config(bank) {
+                debug!("should_initialize_tip_distribution_config=true");
+                Some(self.initialize_tip_distribution_config_tx(bank, keypair))
+            } else {
+                None
+            };
+
+        let transactions = [
+            maybe_init_tip_payment_config_tx,
+            maybe_init_tip_distro_config_tx,
+        ]
+        .into_iter()
+        .flatten()
+        .collect::<Vec<SanitizedTransaction>>();
+
+        if transactions.is_empty() {
+            None
+        } else {
+            let bundle_id = derive_bundle_id_from_sanitized_transactions(&transactions);
+            Some(SanitizedBundle {
+                transactions,
+                bundle_id,
+            })
+        }
+    }
+
+    pub fn get_tip_programs_crank_bundle(
+        &self,
+        bank: &Bank,
+        keypair: &Keypair,
+        block_builder_fee_info: &BlockBuilderFeeInfo,
+    ) -> Result<Option<SanitizedBundle>> {
+        let maybe_init_tip_distro_account_tx = if self.should_init_tip_distribution_account(bank) {
+            debug!("should_init_tip_distribution_account=true");
+            Some(self.initialize_tip_distribution_account_tx(bank, keypair))
+        } else {
+            None
+        };
+
+        let configured_tip_receiver = self.get_configured_tip_receiver(bank)?;
+        let my_tip_receiver = self.get_my_tip_distribution_pda(bank.epoch());
+        let maybe_change_tip_receiver_tx = if configured_tip_receiver != my_tip_receiver {
+            debug!("change_tip_receiver=true");
+            Some(self.change_tip_receiver_and_block_builder_tx(
+                &my_tip_receiver,
+                bank,
+                keypair,
+                &block_builder_fee_info.block_builder,
+                block_builder_fee_info.block_builder_commission,
+            )?)
+        } else {
+            None
+        };
+        debug!(
+            "maybe_change_tip_receiver_tx: {:?}",
+            maybe_change_tip_receiver_tx
+        );
+
+        let transactions = [
+            maybe_init_tip_distro_account_tx,
+            maybe_change_tip_receiver_tx,
+        ]
+        .into_iter()
+        .flatten()
+        .collect::<Vec<SanitizedTransaction>>();
+
+        if transactions.is_empty() {
+            Ok(None)
+        } else {
+            let bundle_id = derive_bundle_id_from_sanitized_transactions(&transactions);
+            Ok(Some(SanitizedBundle {
+                transactions,
+                bundle_id,
+            }))
+        }
+    }
+}
diff --git a/core/src/tpu.rs b/core/src/tpu.rs
index 091a5901c2..7c242718c2 100644
--- a/core/src/tpu.rs
+++ b/core/src/tpu.rs
@@ -6,14 +6,21 @@ use {
     crate::{
         banking_stage::BankingStage,
         banking_trace::{BankingTracer, TracerThread},
+        bundle_stage::{bundle_account_locker::BundleAccountLocker, BundleStage},
         cluster_info_vote_listener::{
             ClusterInfoVoteListener, DuplicateConfirmedSlotsSender, GossipVerifiedVoteHashSender,
             VerifiedVoteSender, VoteTracker,
         },
         fetch_stage::FetchStage,
+        proxy::{
+            block_engine_stage::{BlockBuilderFeeInfo, BlockEngineConfig, BlockEngineStage},
+            fetch_stage_manager::FetchStageManager,
+            relayer_stage::{RelayerConfig, RelayerStage},
+        },
         sigverify::TransactionSigVerifier,
         sigverify_stage::SigVerifyStage,
         staked_nodes_updater_service::StakedNodesUpdaterService,
+        tip_manager::{TipManager, TipManagerConfig},
         tpu_entry_notifier::TpuEntryNotifier,
         validator::{BlockProductionMethod, GeneratorConfig},
     },
@@ -35,7 +42,12 @@ use {
         prioritization_fee_cache::PrioritizationFeeCache,
         vote_sender_types::{ReplayVoteReceiver, ReplayVoteSender},
     },
-    solana_sdk::{clock::Slot, pubkey::Pubkey, quic::NotifyKeyUpdate, signature::Keypair},
+    solana_sdk::{
+        clock::Slot,
+        pubkey::Pubkey,
+        quic::NotifyKeyUpdate,
+        signature::{Keypair, Signer},
+    },
     solana_streamer::{
         quic::{
             spawn_server_multi, QuicServerParams, SpawnServerResult, MAX_STAKED_CONNECTIONS,
@@ -45,9 +57,9 @@ use {
     },
     solana_turbine::broadcast_stage::{BroadcastStage, BroadcastStageType},
     std::{
-        collections::HashMap,
+        collections::{HashMap, HashSet},
         net::{SocketAddr, UdpSocket},
-        sync::{atomic::AtomicBool, Arc, RwLock},
+        sync::{atomic::AtomicBool, Arc, Mutex, RwLock},
         thread,
         time::Duration,
     },
@@ -80,6 +92,10 @@ pub struct Tpu {
     staked_nodes_updater_service: StakedNodesUpdaterService,
     tracer_thread_hdl: TracerThread,
     tpu_vote_quic_t: thread::JoinHandle<()>,
+    relayer_stage: RelayerStage,
+    block_engine_stage: BlockEngineStage,
+    fetch_stage_manager: FetchStageManager,
+    bundle_stage: BundleStage,
 }
 
 impl Tpu {
@@ -120,6 +136,11 @@ impl Tpu {
         block_production_method: BlockProductionMethod,
         enable_block_production_forwarding: bool,
         _generator_config: Option<GeneratorConfig>, /* vestigial code for replay invalidator */
+        block_engine_config: Arc<Mutex<BlockEngineConfig>>,
+        relayer_config: Arc<Mutex<RelayerConfig>>,
+        tip_manager_config: TipManagerConfig,
+        shred_receiver_address: Arc<RwLock<Option<SocketAddr>>>,
+        preallocated_bundle_cost: u64,
     ) -> (Self, Vec<Arc<dyn NotifyKeyUpdate + Sync + Send>>) {
         let TpuSockets {
             transactions: transactions_sockets,
@@ -131,7 +152,10 @@ impl Tpu {
             vote_quic: tpu_vote_quic_sockets,
         } = sockets;
 
-        let (packet_sender, packet_receiver) = unbounded();
+        // Packets from fetch stage and quic server are intercepted and sent through fetch_stage_manager
+        // If relayer is connected, packets are dropped. If not, packets are forwarded on to packet_sender
+        let (packet_intercept_sender, packet_intercept_receiver) = unbounded();
+
         let (vote_packet_sender, vote_packet_receiver) = unbounded();
         let (forwarded_packet_sender, forwarded_packet_receiver) = unbounded();
         let fetch_stage = FetchStage::new_with_sender(
@@ -139,7 +163,7 @@ impl Tpu {
             tpu_forwards_sockets,
             tpu_vote_sockets,
             exit.clone(),
-            &packet_sender,
+            &packet_intercept_sender,
             &vote_packet_sender,
             &forwarded_packet_sender,
             forwarded_packet_receiver,
@@ -193,7 +217,7 @@ impl Tpu {
             "quic_streamer_tpu",
             transactions_quic_sockets,
             keypair,
-            packet_sender,
+            packet_intercept_sender,
             exit.clone(),
             staked_nodes.clone(),
             QuicServerParams {
@@ -230,8 +254,10 @@ impl Tpu {
         )
         .unwrap();
 
+        let (packet_sender, packet_receiver) = unbounded();
+
         let sigverify_stage = {
-            let verifier = TransactionSigVerifier::new(non_vote_sender);
+            let verifier = TransactionSigVerifier::new(non_vote_sender.clone());
             SigVerifyStage::new(packet_receiver, verifier, "solSigVerTpu", "tpu-verifier")
         };
 
@@ -249,6 +275,41 @@ impl Tpu {
 
         let (gossip_vote_sender, gossip_vote_receiver) =
             banking_tracer.create_channel_gossip_vote();
+
+        let block_builder_fee_info = Arc::new(Mutex::new(BlockBuilderFeeInfo {
+            block_builder: cluster_info.keypair().pubkey(),
+            block_builder_commission: 0,
+        }));
+
+        let (bundle_sender, bundle_receiver) = unbounded();
+        let block_engine_stage = BlockEngineStage::new(
+            block_engine_config,
+            bundle_sender,
+            cluster_info.clone(),
+            packet_sender.clone(),
+            non_vote_sender.clone(),
+            exit.clone(),
+            &block_builder_fee_info,
+        );
+
+        let (heartbeat_tx, heartbeat_rx) = unbounded();
+        let fetch_stage_manager = FetchStageManager::new(
+            cluster_info.clone(),
+            heartbeat_rx,
+            packet_intercept_receiver,
+            packet_sender.clone(),
+            exit.clone(),
+        );
+
+        let relayer_stage = RelayerStage::new(
+            relayer_config,
+            cluster_info.clone(),
+            heartbeat_tx,
+            packet_sender,
+            non_vote_sender,
+            exit.clone(),
+        );
+
         let cluster_info_vote_listener = ClusterInfoVoteListener::new(
             exit.clone(),
             cluster_info.clone(),
@@ -264,6 +325,13 @@ impl Tpu {
             duplicate_confirmed_slot_sender,
         );
 
+        let tip_manager = TipManager::new(tip_manager_config);
+
+        let bundle_account_locker = BundleAccountLocker::default();
+
+        // The tip program can't be used in BankingStage to avoid someone from stealing tips mid-slot.
+        let mut blacklisted_accounts = HashSet::new();
+        blacklisted_accounts.insert(tip_manager.tip_payment_program_id());
         let banking_stage = BankingStage::new(
             block_production_method,
             cluster_info,
@@ -271,13 +339,31 @@ impl Tpu {
             non_vote_receiver,
             tpu_vote_receiver,
             gossip_vote_receiver,
-            transaction_status_sender,
-            replay_vote_sender,
+            transaction_status_sender.clone(),
+            replay_vote_sender.clone(),
             log_messages_bytes_limit,
             connection_cache.clone(),
             bank_forks.clone(),
             prioritization_fee_cache,
             enable_block_production_forwarding,
+            blacklisted_accounts,
+            bundle_account_locker.clone(),
+        );
+
+        let bundle_stage = BundleStage::new(
+            cluster_info,
+            poh_recorder,
+            bundle_receiver,
+            transaction_status_sender,
+            replay_vote_sender,
+            log_messages_bytes_limit,
+            exit.clone(),
+            tip_manager,
+            bundle_account_locker,
+            &block_builder_fee_info,
+            preallocated_bundle_cost,
+            bank_forks.clone(),
+            prioritization_fee_cache,
         );
 
         let (entry_receiver, tpu_entry_notifier) =
@@ -304,6 +390,7 @@ impl Tpu {
             bank_forks,
             shred_version,
             turbine_quic_endpoint_sender,
+            shred_receiver_address,
         );
 
         (
@@ -320,6 +407,10 @@ impl Tpu {
                 staked_nodes_updater_service,
                 tracer_thread_hdl,
                 tpu_vote_quic_t,
+                block_engine_stage,
+                relayer_stage,
+                fetch_stage_manager,
+                bundle_stage,
             },
             vec![key_updater, forwards_key_updater, vote_streamer_key_updater],
         )
@@ -336,6 +427,10 @@ impl Tpu {
             self.tpu_quic_t.join(),
             self.tpu_forwards_quic_t.join(),
             self.tpu_vote_quic_t.join(),
+            self.bundle_stage.join(),
+            self.relayer_stage.join(),
+            self.block_engine_stage.join(),
+            self.fetch_stage_manager.join(),
         ];
         let broadcast_result = self.broadcast_stage.join();
         for result in results {
diff --git a/core/src/tpu_entry_notifier.rs b/core/src/tpu_entry_notifier.rs
index 583ef34351..97be3e9995 100644
--- a/core/src/tpu_entry_notifier.rs
+++ b/core/src/tpu_entry_notifier.rs
@@ -61,18 +61,14 @@ impl TpuEntryNotifier {
         current_index: &mut usize,
         current_transaction_index: &mut usize,
     ) -> Result<(), RecvTimeoutError> {
-        let (bank, (entry, tick_height)) = entry_receiver.recv_timeout(Duration::from_secs(1))?;
+        let WorkingBankEntry {
+            bank,
+            entries_ticks,
+        } = entry_receiver.recv_timeout(Duration::from_secs(1))?;
         let slot = bank.slot();
-        let index = if slot != *current_slot {
-            *current_index = 0;
-            *current_transaction_index = 0;
-            *current_slot = slot;
-            0
-        } else {
-            *current_index += 1;
-            *current_index
-        };
+        let mut indices_sent = vec![];
 
+<<<<<<< HEAD
         let entry_summary = EntrySummary {
             num_hashes: entry.num_hashes,
             hash: entry.hash,
@@ -87,19 +83,57 @@ impl TpuEntryNotifier {
             warn!(
                 "Failed to send slot {slot:?} entry {index:?} from Tpu to EntryNotifierService, \
                  error {err:?}",
+=======
+        entries_ticks.iter().for_each(|(entry, _)| {
+            let index = if slot != *current_slot {
+                *current_index = 0;
+                *current_transaction_index = 0;
+                *current_slot = slot;
+                0
+            } else {
+                *current_index += 1;
+                *current_index
+            };
+
+            let entry_summary = EntrySummary {
+                num_hashes: entry.num_hashes,
+                hash: entry.hash,
+                num_transactions: entry.transactions.len() as u64,
+            };
+            if let Err(err) = entry_notification_sender.send(EntryNotification {
+                slot,
+                index,
+                entry: entry_summary,
+                starting_transaction_index: *current_transaction_index
+            }) {
+                warn!(
+                "Failed to send slot {slot:?} entry {index:?} from Tpu to EntryNotifierService, error {err:?}",
+>>>>>>> 1742826fca (jito patch)
             );
-        }
-        *current_transaction_index += entry.transactions.len();
+            }
+
+            *current_transaction_index += entry.transactions.len();
 
-        if let Err(err) = broadcast_entry_sender.send((bank, (entry, tick_height))) {
+            indices_sent.push(index);
+        });
+
+        if let Err(err) = broadcast_entry_sender.send(WorkingBankEntry {
+            bank,
+            entries_ticks,
+        }) {
             warn!(
+<<<<<<< HEAD
                 "Failed to send slot {slot:?} entry {index:?} from Tpu to BroadcastStage, error \
                  {err:?}",
+=======
+                "Failed to send slot {slot:?} entries {indices_sent:?} from Tpu to BroadcastStage, error {err:?}",
+>>>>>>> 1742826fca (jito patch)
             );
             // If the BroadcastStage channel is closed, the validator has halted. Try to exit
             // gracefully.
             exit.store(true, Ordering::Relaxed);
         }
+
         Ok(())
     }
 
diff --git a/core/src/tvu.rs b/core/src/tvu.rs
index 16e5be3634..ed37b3a330 100644
--- a/core/src/tvu.rs
+++ b/core/src/tvu.rs
@@ -164,6 +164,7 @@ impl Tvu {
         wen_restart_repair_slots: Option<Arc<RwLock<Vec<Slot>>>>,
         slot_status_notifier: Option<SlotStatusNotifier>,
         vote_connection_cache: Arc<ConnectionCache>,
+        shred_receiver_addr: Arc<RwLock<Option<SocketAddr>>>,
     ) -> Result<Self, String> {
         let in_wen_restart = wen_restart_repair_slots.is_some();
 
@@ -214,6 +215,7 @@ impl Tvu {
             max_slots.clone(),
             Some(rpc_subscriptions.clone()),
             slot_status_notifier.clone(),
+            shred_receiver_addr,
         );
 
         let (ancestor_duplicate_slots_sender, ancestor_duplicate_slots_receiver) = unbounded();
@@ -571,6 +573,7 @@ pub mod tests {
             wen_restart_repair_slots,
             None,
             Arc::new(connection_cache),
+            Arc::new(RwLock::new(None)),
         )
         .expect("assume success");
         if enable_wen_restart {
diff --git a/core/src/validator.rs b/core/src/validator.rs
index a846684aff..e52756e674 100644
--- a/core/src/validator.rs
+++ b/core/src/validator.rs
@@ -15,6 +15,7 @@ use {
             ExternalRootSource, Tower,
         },
         poh_timing_report_service::PohTimingReportService,
+        proxy::{block_engine_stage::BlockEngineConfig, relayer_stage::RelayerConfig},
         repair::{
             self,
             quic_endpoint::{RepairQuicAsyncSenders, RepairQuicSenders, RepairQuicSockets},
@@ -28,6 +29,7 @@ use {
         system_monitor_service::{
             verify_net_stats_access, SystemMonitorService, SystemMonitorStatsReportConfig,
         },
+        tip_manager::TipManagerConfig,
         tpu::{Tpu, TpuSockets, DEFAULT_TPU_COALESCE},
         tvu::{Tvu, TvuConfig, TvuSockets},
     },
@@ -112,6 +114,10 @@ use {
         snapshot_hash::StartingSnapshotHashes,
         snapshot_utils::{self, clean_orphaned_account_snapshot_dirs},
     },
+    solana_runtime_plugin::{
+        runtime_plugin_admin_rpc_service::RuntimePluginManagerRpcRequest,
+        runtime_plugin_service::RuntimePluginService,
+    },
     solana_sdk::{
         clock::Slot,
         epoch_schedule::MAX_LEADER_SCHEDULE_EPOCH_OFFSET,
@@ -237,10 +243,14 @@ pub struct ValidatorConfig {
     pub fixed_leader_schedule: Option<FixedSchedule>,
     pub wait_for_supermajority: Option<Slot>,
     pub new_hard_forks: Option<Vec<Slot>>,
-    pub known_validators: Option<HashSet<Pubkey>>, // None = trust all
-    pub repair_validators: Option<HashSet<Pubkey>>, // None = repair from all
-    pub repair_whitelist: Arc<RwLock<HashSet<Pubkey>>>, // Empty = repair with all
-    pub gossip_validators: Option<HashSet<Pubkey>>, // None = gossip with all
+    pub known_validators: Option<HashSet<Pubkey>>,
+    // None = trust all
+    pub repair_validators: Option<HashSet<Pubkey>>,
+    // None = repair from all
+    pub repair_whitelist: Arc<RwLock<HashSet<Pubkey>>>,
+    // Empty = repair with all
+    pub gossip_validators: Option<HashSet<Pubkey>>,
+    // None = gossip with all
     pub accounts_hash_interval_slots: u64,
     pub max_genesis_archive_unpacked_size: u64,
     /// Run PoH, transaction signature and other transaction verifications during blockstore
@@ -286,6 +296,12 @@ pub struct ValidatorConfig {
     pub replay_transactions_threads: NonZeroUsize,
     pub tvu_shred_sigverify_threads: NonZeroUsize,
     pub delay_leader_block_for_pending_fork: bool,
+    pub relayer_config: Arc<Mutex<RelayerConfig>>,
+    pub block_engine_config: Arc<Mutex<BlockEngineConfig>>,
+    // Using Option inside RwLock is ugly, but only convenient way to allow toggle on/off
+    pub shred_receiver_address: Arc<RwLock<Option<SocketAddr>>>,
+    pub tip_manager_config: TipManagerConfig,
+    pub preallocated_bundle_cost: u64,
 }
 
 impl Default for ValidatorConfig {
@@ -358,6 +374,11 @@ impl Default for ValidatorConfig {
             replay_transactions_threads: NonZeroUsize::new(1).expect("1 is non-zero"),
             tvu_shred_sigverify_threads: NonZeroUsize::new(1).expect("1 is non-zero"),
             delay_leader_block_for_pending_fork: false,
+            relayer_config: Arc::new(Mutex::new(RelayerConfig::default())),
+            block_engine_config: Arc::new(Mutex::new(BlockEngineConfig::default())),
+            shred_receiver_address: Arc::new(RwLock::new(None)),
+            tip_manager_config: TipManagerConfig::default(),
+            preallocated_bundle_cost: u64::default(),
         }
     }
 }
@@ -402,7 +423,8 @@ impl ValidatorConfig {
 // having to watch log messages.
 #[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
 pub enum ValidatorStartProgress {
-    Initializing, // Catch all, default state
+    Initializing,
+    // Catch all, default state
     SearchingForRpcService,
     DownloadingSnapshot {
         slot: Slot,
@@ -416,7 +438,8 @@ pub enum ValidatorStartProgress {
         max_slot: Slot,
     },
     StartingServices,
-    Halted, // Validator halted due to `--dev-halt-at-slot` argument
+    Halted,
+    // Validator halted due to `--dev-halt-at-slot` argument
     WaitingForSupermajority {
         slot: Slot,
         gossip_stake_percent: u64,
@@ -544,6 +567,10 @@ impl Validator {
         socket_addr_space: SocketAddrSpace,
         tpu_config: ValidatorTpuConfig,
         admin_rpc_service_post_init: Arc<RwLock<Option<AdminRpcRequestMetadataPostInit>>>,
+        runtime_plugin_configs_and_request_rx: Option<(
+            Vec<PathBuf>,
+            Receiver<RuntimePluginManagerRpcRequest>,
+        )>,
     ) -> Result<Self> {
         let ValidatorTpuConfig {
             use_quic,
@@ -984,6 +1011,19 @@ impl Validator {
             None,
         ));
 
+        if let Some((runtime_plugin_configs, request_rx)) = runtime_plugin_configs_and_request_rx {
+            RuntimePluginService::start(
+                &runtime_plugin_configs,
+                request_rx,
+                bank_forks.clone(),
+                block_commitment_cache.clone(),
+                exit.clone(),
+            )
+            .map_err(|e| {
+                ValidatorError::Other(format!("Failed to start runtime plugin service: {e:?}"))
+            })?;
+        }
+
         let max_slots = Arc::new(MaxSlots::default());
 
         let startup_verification_complete;
@@ -1471,6 +1511,7 @@ impl Validator {
             wen_restart_repair_slots.clone(),
             slot_status_notifier,
             vote_connection_cache,
+            config.shred_receiver_address.clone(),
         )
         .map_err(ValidatorError::Other)?;
 
@@ -1538,6 +1579,11 @@ impl Validator {
             config.block_production_method.clone(),
             config.enable_block_production_forwarding,
             config.generator_config.clone(),
+            config.block_engine_config.clone(),
+            config.relayer_config.clone(),
+            config.tip_manager_config.clone(),
+            config.shred_receiver_address.clone(),
+            config.preallocated_bundle_cost,
         );
 
         datapoint_info!(
@@ -1562,6 +1608,9 @@ impl Validator {
             repair_socket: Arc::new(node.sockets.repair),
             outstanding_repair_requests,
             cluster_slots,
+            block_engine_config: config.block_engine_config.clone(),
+            relayer_config: config.relayer_config.clone(),
+            shred_receiver_address: config.shred_receiver_address.clone(),
         });
 
         Ok(Self {
@@ -2025,6 +2074,7 @@ fn load_blockstore(
                 .map(|service| service.sender()),
             accounts_update_notifier,
             exit,
+            true,
         )
         .map_err(|err| err.to_string())?;
 
@@ -2805,6 +2855,7 @@ mod tests {
                 tpu_max_connections_per_ipaddr_per_minute: 32, // max connections per IpAddr per minute for test
             },
             Arc::new(RwLock::new(None)),
+            None,
         )
         .expect("assume successful validator start");
         assert_eq!(
@@ -3015,7 +3066,7 @@ mod tests {
                     Arc::new(RwLock::new(vec![Arc::new(vote_account_keypair)])),
                     vec![leader_node.info.clone()],
                     &config,
-                    true, // should_check_duplicate_instance.
+                    true, // should_check_duplicate_instance
                     None, // rpc_to_plugin_manager_receiver
                     Arc::new(RwLock::new(ValidatorStartProgress::default())),
                     SocketAddrSpace::Unspecified,
@@ -3027,6 +3078,7 @@ mod tests {
                         tpu_max_connections_per_ipaddr_per_minute: 32, // max connections per IpAddr per minute for test
                     },
                     Arc::new(RwLock::new(None)),
+                    None,
                 )
                 .expect("assume successful validator start")
             })
@@ -3143,7 +3195,7 @@ mod tests {
 
         assert!(is_snapshot_config_valid(
             &new_snapshot_config(300, 200),
-            100
+            100,
         ));
 
         let default_accounts_hash_interval =
@@ -3151,62 +3203,62 @@ mod tests {
         assert!(is_snapshot_config_valid(
             &new_snapshot_config(
                 snapshot_bank_utils::DEFAULT_FULL_SNAPSHOT_ARCHIVE_INTERVAL_SLOTS,
-                snapshot_bank_utils::DEFAULT_INCREMENTAL_SNAPSHOT_ARCHIVE_INTERVAL_SLOTS
+                snapshot_bank_utils::DEFAULT_INCREMENTAL_SNAPSHOT_ARCHIVE_INTERVAL_SLOTS,
             ),
             default_accounts_hash_interval,
         ));
         assert!(is_snapshot_config_valid(
             &new_snapshot_config(
                 snapshot_bank_utils::DEFAULT_FULL_SNAPSHOT_ARCHIVE_INTERVAL_SLOTS,
-                DISABLED_SNAPSHOT_ARCHIVE_INTERVAL
+                DISABLED_SNAPSHOT_ARCHIVE_INTERVAL,
             ),
-            default_accounts_hash_interval
+            default_accounts_hash_interval,
         ));
         assert!(is_snapshot_config_valid(
             &new_snapshot_config(
                 snapshot_bank_utils::DEFAULT_INCREMENTAL_SNAPSHOT_ARCHIVE_INTERVAL_SLOTS,
-                DISABLED_SNAPSHOT_ARCHIVE_INTERVAL
+                DISABLED_SNAPSHOT_ARCHIVE_INTERVAL,
             ),
-            default_accounts_hash_interval
+            default_accounts_hash_interval,
         ));
         assert!(is_snapshot_config_valid(
             &new_snapshot_config(
                 DISABLED_SNAPSHOT_ARCHIVE_INTERVAL,
-                DISABLED_SNAPSHOT_ARCHIVE_INTERVAL
+                DISABLED_SNAPSHOT_ARCHIVE_INTERVAL,
             ),
-            Slot::MAX
+            Slot::MAX,
         ));
 
         assert!(!is_snapshot_config_valid(&new_snapshot_config(0, 100), 100));
         assert!(!is_snapshot_config_valid(&new_snapshot_config(100, 0), 100));
         assert!(!is_snapshot_config_valid(
             &new_snapshot_config(42, 100),
-            100
+            100,
         ));
         assert!(!is_snapshot_config_valid(
             &new_snapshot_config(100, 42),
-            100
+            100,
         ));
         assert!(!is_snapshot_config_valid(
             &new_snapshot_config(100, 100),
-            100
+            100,
         ));
         assert!(!is_snapshot_config_valid(
             &new_snapshot_config(100, 200),
-            100
+            100,
         ));
         assert!(!is_snapshot_config_valid(
             &new_snapshot_config(444, 200),
-            100
+            100,
         ));
         assert!(!is_snapshot_config_valid(
             &new_snapshot_config(400, 222),
-            100
+            100,
         ));
 
         assert!(is_snapshot_config_valid(
             &SnapshotConfig::new_load_only(),
-            100
+            100,
         ));
         assert!(is_snapshot_config_valid(
             &SnapshotConfig {
@@ -3214,7 +3266,7 @@ mod tests {
                 incremental_snapshot_archive_interval_slots: 37,
                 ..SnapshotConfig::new_load_only()
             },
-            100
+            100,
         ));
         assert!(is_snapshot_config_valid(
             &SnapshotConfig {
@@ -3222,7 +3274,7 @@ mod tests {
                 incremental_snapshot_archive_interval_slots: DISABLED_SNAPSHOT_ARCHIVE_INTERVAL,
                 ..SnapshotConfig::new_load_only()
             },
-            100
+            100,
         ));
     }
 
diff --git a/core/tests/epoch_accounts_hash.rs b/core/tests/epoch_accounts_hash.rs
index ae1a52f692..874b1be7da 100755
--- a/core/tests/epoch_accounts_hash.rs
+++ b/core/tests/epoch_accounts_hash.rs
@@ -443,6 +443,7 @@ fn test_snapshots_have_expected_epoch_accounts_hash() {
                 if let Some(full_snapshot_archive_info) =
                     snapshot_utils::get_highest_full_snapshot_archive_info(
                         &snapshot_config.full_snapshot_archives_dir,
+                        None,
                     )
                 {
                     if full_snapshot_archive_info.slot() == bank.slot() {
@@ -564,6 +565,7 @@ fn test_background_services_request_handling_for_epoch_accounts_hash() {
             info!("Taking full snapshot...");
             while snapshot_utils::get_highest_full_snapshot_archive_slot(
                 &snapshot_config.full_snapshot_archives_dir,
+                None,
             ) != Some(bank.slot())
             {
                 trace!("waiting for full snapshot...");
diff --git a/core/tests/snapshots.rs b/core/tests/snapshots.rs
index 11855f60ac..6f640e7b35 100644
--- a/core/tests/snapshots.rs
+++ b/core/tests/snapshots.rs
@@ -789,6 +789,7 @@ fn test_snapshots_with_background_services(
                 &snapshot_test_config
                     .snapshot_config
                     .full_snapshot_archives_dir,
+                None,
             ) != Some(slot)
             {
                 assert!(
@@ -807,7 +808,12 @@ fn test_snapshots_with_background_services(
                 &snapshot_test_config
                     .snapshot_config
                     .incremental_snapshot_archives_dir,
+<<<<<<< HEAD
                 latest_full_snapshot_slot.unwrap(),
+=======
+                last_full_snapshot_slot.unwrap(),
+                None,
+>>>>>>> 1742826fca (jito patch)
             ) != Some(slot)
             {
                 assert!(
diff --git a/cost-model/src/cost_tracker.rs b/cost-model/src/cost_tracker.rs
index 3ca2c84d04..887186e2bb 100644
--- a/cost-model/src/cost_tracker.rs
+++ b/cost-model/src/cost_tracker.rs
@@ -141,6 +141,10 @@ impl CostTracker {
         self.vote_cost_limit = vote_cost_limit;
     }
 
+    pub fn set_block_cost_limit(&mut self, block_cost_limit: u64) {
+        self.block_cost_limit = block_cost_limit;
+    }
+
     pub fn in_flight_transaction_count(&self) -> usize {
         self.in_flight_transaction_count
     }
@@ -210,6 +214,10 @@ impl CostTracker {
         self.vote_cost
     }
 
+    pub fn block_cost_limit(&self) -> u64 {
+        self.block_cost_limit
+    }
+
     pub fn transaction_count(&self) -> u64 {
         self.transaction_count
     }
diff --git a/deploy_programs b/deploy_programs
new file mode 100755
index 0000000000..cbdf837e92
--- /dev/null
+++ b/deploy_programs
@@ -0,0 +1,17 @@
+#!/usr/bin/env sh
+# Deploys the tip payment and tip distribution programs on local validator at predetermined address
+set -eux
+
+WALLET_LOCATION=~/.config/solana/id.json
+
+# build this solana binary to ensure we're using a version compatible with the validator
+cargo b --release --bin solana
+
+./target/release/solana airdrop -ul 1000 $WALLET_LOCATION
+
+(cd jito-programs/tip-payment && anchor build)
+
+# NOTE: make sure the declare_id! is set correctly in the programs
+# Also, || true to make sure if fails the first time around, tip_payment can still be deployed
+RUST_INFO=trace ./target/release/solana deploy --keypair $WALLET_LOCATION -ul ./jito-programs/tip-payment/target/deploy/tip_distribution.so ./jito-programs/tip-payment/dev/dev_tip_distribution.json || true
+RUST_INFO=trace ./target/release/solana deploy --keypair $WALLET_LOCATION -ul ./jito-programs/tip-payment/target/deploy/tip_payment.so  ./jito-programs/tip-payment/dev/dev_tip_payment.json
diff --git a/dev/Dockerfile b/dev/Dockerfile
new file mode 100644
index 0000000000..012ca45974
--- /dev/null
+++ b/dev/Dockerfile
@@ -0,0 +1,48 @@
+FROM rust:1.64-slim-bullseye as builder
+
+# Add Google Protocol Buffers for Libra's metrics library.
+ENV PROTOC_VERSION 3.8.0
+ENV PROTOC_ZIP protoc-$PROTOC_VERSION-linux-x86_64.zip
+
+RUN set -x \
+ && apt update \
+ && apt install -y \
+      clang \
+      cmake \
+      libudev-dev \
+      make \
+      unzip \
+      libssl-dev \
+      pkg-config \
+      zlib1g-dev \
+      curl \
+ && rustup component add rustfmt \
+ && rustup component add clippy \
+ && rustc --version \
+ && cargo --version \
+ && curl -OL https://github.com/google/protobuf/releases/download/v$PROTOC_VERSION/$PROTOC_ZIP \
+ && unzip -o $PROTOC_ZIP -d /usr/local bin/protoc \
+ && unzip -o $PROTOC_ZIP -d /usr/local include/* \
+ && rm -f $PROTOC_ZIP
+
+
+WORKDIR /solana
+COPY . .
+RUN mkdir -p docker-output
+
+ARG ci_commit
+# NOTE: Keep this here before build since variable is referenced during CI build step.
+ENV CI_COMMIT=$ci_commit
+
+ARG debug
+
+# Uses docker buildkit to cache the image.
+# /usr/local/cargo/git needed for crossbeam patch
+RUN --mount=type=cache,mode=0777,target=/solana/target \
+    --mount=type=cache,mode=0777,target=/usr/local/cargo/registry \
+    --mount=type=cache,mode=0777,target=/usr/local/cargo/git \
+    if [ "$debug" = "false" ] ; then \
+      ./cargo stable build --release && cp target/release/solana* ./docker-output && cp target/release/agave* ./docker-output; \
+    else \
+      RUSTFLAGS='-g -C force-frame-pointers=yes' ./cargo stable build --release && cp target/release/solana* ./docker-output && cp target/release/agave* ./docker-output; \
+    fi
diff --git a/docs/src/cli/install.md b/docs/src/cli/install.md
index d2d0cad8f8..d09e453045 100644
--- a/docs/src/cli/install.md
+++ b/docs/src/cli/install.md
@@ -20,11 +20,11 @@ on your preferred workflow:
 - Open your favorite Terminal application
 
 - Install the Agave release
-  [LATEST_AGAVE_RELEASE_VERSION](https://github.com/anza-xyz/agave/releases/tag/LATEST_AGAVE_RELEASE_VERSION)
+  [LATEST_AGAVE_RELEASE_VERSION](https://github.com/jito-foundation/jito-solana/releases/tag/LATEST_AGAVE_RELEASE_VERSION)
   on your machine by running:
 
 ```bash
-sh -c "$(curl -sSfL https://release.anza.xyz/LATEST_AGAVE_RELEASE_VERSION/install)"
+sh -c "$(curl -sSfL https://release.jito.wtf/LATEST_AGAVE_RELEASE_VERSION/install)"
 ```
 
 - You can replace `LATEST_AGAVE_RELEASE_VERSION` with the release tag matching
@@ -38,7 +38,7 @@ downloading LATEST_AGAVE_RELEASE_VERSION installer
 Configuration: /home/solana/.config/solana/install/config.yml
 Active release directory: /home/solana/.local/share/solana/install/active_release
 * Release version: LATEST_AGAVE_RELEASE_VERSION
-* Release URL: https://github.com/anza-xyz/agave/releases/download/LATEST_AGAVE_RELEASE_VERSION/solana-release-x86_64-unknown-linux-gnu.tar.bz2
+* Release URL: https://github.com/jito-foundation/jito-solana/releases/download/LATEST_AGAVE_RELEASE_VERSION/solana-release-x86_64-unknown-linux-gnu.tar.bz2
 Update successful
 ```
 
@@ -65,16 +65,16 @@ solana --version
 
 - Open a Command Prompt (`cmd.exe`) as an Administrator
 
-  - Search for Command Prompt in the Windows search bar. When the Command Prompt
-    app appears, right-click and select “Open as Administrator”. If you are
-    prompted by a pop-up window asking “Do you want to allow this app to make
-    changes to your device?”, click Yes.
+    - Search for Command Prompt in the Windows search bar. When the Command Prompt
+      app appears, right-click and select “Open as Administrator”. If you are
+      prompted by a pop-up window asking “Do you want to allow this app to make
+      changes to your device?”, click Yes.
 
 - Copy and paste the following command, then press Enter to download the Solana
   installer into a temporary directory:
 
 ```bash
-cmd /c "curl https://release.anza.xyz/LATEST_AGAVE_RELEASE_VERSION/agave-install-init-x86_64-pc-windows-msvc.exe --output C:\agave-install-tmp\agave-install-init.exe --create-dirs"
+cmd /c "curl https://release.jito.wtf/LATEST_AGAVE_RELEASE_VERSION/agave-install-init-x86_64-pc-windows-msvc.exe --output C:\agave-install-tmp\agave-install-init.exe --create-dirs"
 ```
 
 - Copy and paste the following command, then press Enter to install the latest
@@ -89,8 +89,8 @@ C:\agave-install-tmp\agave-install-init.exe LATEST_AGAVE_RELEASE_VERSION
 
 - Close the command prompt window and re-open a new command prompt window as a
   normal user
-  - Search for "Command Prompt" in the search bar, then left click on the
-    Command Prompt app icon, no need to run as Administrator)
+    - Search for "Command Prompt" in the search bar, then left click on the
+      Command Prompt app icon, no need to run as Administrator)
 - Confirm you have the desired version of `solana` installed by entering:
 
 ```bash
@@ -108,9 +108,7 @@ manually download and install the binaries.
 ### Linux
 
 Download the binaries by navigating to
-[https://github.com/anza-xyz/agave/releases/latest](https://github.com/anza-xyz/agave/releases/latest),
-download **solana-release-x86_64-unknown-linux-gnu.tar.bz2**, then extract the
-archive:
+[https://github.com/jito-foundation/jito-solana/releases/latest](https://github.com/jito-foundation/jito-solana/releases/latest),
 
 ```bash
 tar jxf solana-release-x86_64-unknown-linux-gnu.tar.bz2
@@ -121,9 +119,7 @@ export PATH=$PWD/bin:$PATH
 ### MacOS
 
 Download the binaries by navigating to
-[https://github.com/anza-xyz/agave/releases/latest](https://github.com/anza-xyz/agave/releases/latest),
-download **solana-release-x86_64-apple-darwin.tar.bz2**, then extract the
-archive:
+[https://github.com/jito-foundation/jito-solana/releases/latest](https://github.com/jito-foundation/jito-solana/releases/latest),
 
 ```bash
 tar jxf solana-release-x86_64-apple-darwin.tar.bz2
@@ -134,10 +130,7 @@ export PATH=$PWD/bin:$PATH
 ### Windows
 
 - Download the binaries by navigating to
-  [https://github.com/anza-xyz/agave/releases/latest](https://github.com/anza-xyz/agave/releases/latest),
-  download **solana-release-x86_64-pc-windows-msvc.tar.bz2**, then extract the
-  archive using WinZip or similar.
-
+  [https://github.com/jito-foundation/jito-solana/releases/latest](https://github.com/jito-foundation/jito-solana/releases/latest),
 - Open a Command Prompt and navigate to the directory into which you extracted
   the binaries and run:
 
@@ -242,9 +235,7 @@ above.
 
 After installing the prerequisites, proceed with building Solana from source,
 navigate to
-[Solana's GitHub releases page](https://github.com/anza-xyz/agave/releases/latest),
-and download the **Source Code** archive. Extract the code and build the
-binaries with:
+[Solana's GitHub releases page](https://github.com/jito-foundation/jito-solana/releases/latest),
 
 ```bash
 ./scripts/cargo-install-all.sh .
diff --git a/docs/src/clusters/benchmark.md b/docs/src/clusters/benchmark.md
index 35978cdd09..424262caac 100644
--- a/docs/src/clusters/benchmark.md
+++ b/docs/src/clusters/benchmark.md
@@ -6,7 +6,7 @@ The Solana git repository contains all the scripts you might need to spin up you
 
 For all four variations, you'd need the latest Rust toolchain and the Solana source code:
 
-First, setup Rust, Cargo and system packages as described in the Solana [README](https://github.com/solana-labs/solana#1-install-rustc-cargo-and-rustfmt)
+First, setup Rust, Cargo and system packages as described in the Solana [README](https://github.com/jito-foundation/jito-solana#1-install-rustc-cargo-and-rustfmt)
 
 Now checkout the code from github:
 
diff --git a/docs/src/implemented-proposals/installer.md b/docs/src/implemented-proposals/installer.md
index c052aa7b4e..343fa67fc3 100644
--- a/docs/src/implemented-proposals/installer.md
+++ b/docs/src/implemented-proposals/installer.md
@@ -2,9 +2,12 @@
 title: Cluster Software Installation and Updates
 ---
 
-Currently users are required to build the solana cluster software themselves from the git repository and manually update it, which is error prone and inconvenient.
+Currently users are required to build the solana cluster software themselves from the git repository and manually update
+it, which is error prone and inconvenient.
 
-This document proposes an easy to use software install and updater that can be used to deploy pre-built binaries for supported platforms. Users may elect to use binaries supplied by Solana or any other party provider. Deployment of updates is managed using an on-chain update manifest program.
+This document proposes an easy to use software install and updater that can be used to deploy pre-built binaries for
+supported platforms. Users may elect to use binaries supplied by Solana or any other party provider. Deployment of
+updates is managed using an on-chain update manifest program.
 
 ## Motivating Examples
 
@@ -13,16 +16,17 @@ This document proposes an easy to use software install and updater that can be u
 The easiest install method for supported platforms:
 
 ```bash
-$ curl -sSf https://raw.githubusercontent.com/solana-labs/solana/v1.0.0/install/agave-install-init.sh | sh
+$ curl -sSf https://raw.githubusercontent.com/jito-foundation/jito-solana/v1.0.0/install/agave-install-init.sh | sh
 ```
 
-This script will check github for the latest tagged release and download and run the `agave-install-init` binary from there.
+This script will check github for the latest tagged release and download and run the `agave-install-init` binary from
+there.
 
 If additional arguments need to be specified during the installation, the following shell syntax is used:
 
 ```bash
 $ init_args=.... # arguments for `agave-install-init ...`
-$ curl -sSf https://raw.githubusercontent.com/solana-labs/solana/v1.0.0/install/agave-install-init.sh | sh -s - ${init_args}
+$ curl -sSf https://raw.githubusercontent.com/jito-foundation/jito-solana/v1.0.0/install/agave-install-init.sh | sh -s - ${init_args}
 ```
 
 ### Fetch and run a pre-built installer from a Github release
@@ -30,7 +34,7 @@ $ curl -sSf https://raw.githubusercontent.com/solana-labs/solana/v1.0.0/install/
 With a well-known release URL, a pre-built binary can be obtained for supported platforms:
 
 ```bash
-$ curl -o agave-install-init https://github.com/solana-labs/solana/releases/download/v1.0.0/agave-install-init-x86_64-apple-darwin
+$ curl -o agave-install-init https://github.com/jito-foundation/jito-solana/releases/download/v1.0.0/agave-install-init-x86_64-apple-darwin
 $ chmod +x ./agave-install-init
 $ ./agave-install-init --help
 ```
@@ -40,14 +44,15 @@ $ ./agave-install-init --help
 If a pre-built binary is not available for a given platform, building the installer from source is always an option:
 
 ```bash
-$ git clone https://github.com/solana-labs/solana.git
+$ git clone https://github.com/jito-foundation/jito-solana.git
 $ cd solana/install
 $ cargo run -- --help
 ```
 
 ### Deploy a new update to a cluster
 
-Given a solana release tarball \(as created by `ci/publish-tarball.sh`\) that has already been uploaded to a publicly accessible URL, the following commands will deploy the update:
+Given a solana release tarball \(as created by `ci/publish-tarball.sh`\) that has already been uploaded to a publicly
+accessible URL, the following commands will deploy the update:
 
 ```bash
 $ solana-keygen new -o update-manifest.json  # <-- only generated once, the public key is shared with users
@@ -65,7 +70,10 @@ $ agave-install run agave-validator ...  # <-- runs a validator, restarting it a
 
 ## On-chain Update Manifest
 
-An update manifest is used to advertise the deployment of new release tarballs on a solana cluster. The update manifest is stored using the `config` program, and each update manifest account describes a logical update channel for a given target triple \(eg, `x86_64-apple-darwin`\). The account public key is well-known between the entity deploying new updates and users consuming those updates.
+An update manifest is used to advertise the deployment of new release tarballs on a solana cluster. The update manifest
+is stored using the `config` program, and each update manifest account describes a logical update channel for a given
+target triple \(eg, `x86_64-apple-darwin`\). The account public key is well-known between the entity deploying new
+updates and users consuming those updates.
 
 The update tarball itself is hosted elsewhere, off-chain and can be fetched from the specified `download_url`.
 
@@ -87,9 +95,11 @@ pub struct SignedUpdateManifest {
 }
 ```
 
-Note that the `manifest` field itself contains a corresponding signature \(`manifest_signature`\) to guard against man-in-the-middle attacks between the `agave-install` tool and the solana cluster RPC API.
+Note that the `manifest` field itself contains a corresponding signature \(`manifest_signature`\) to guard against
+man-in-the-middle attacks between the `agave-install` tool and the solana cluster RPC API.
 
-To guard against rollback attacks, `agave-install` will refuse to install an update with an older `timestamp_secs` than what is currently installed.
+To guard against rollback attacks, `agave-install` will refuse to install an update with an older `timestamp_secs` than
+what is currently installed.
 
 ## Release Archive Contents
 
@@ -116,7 +126,8 @@ The `agave-install` tool is used by the user to install and update their cluster
 It manages the following files and directories in the user's home directory:
 
 - `~/.config/solana/install/config.yml` - user configuration and information about currently installed software version
-- `~/.local/share/solana/install/bin` - a symlink to the current release. eg, `~/.local/share/solana-update/<update-pubkey>-<manifest_signature>/bin`
+- `~/.local/share/solana/install/bin` - a symlink to the current release.
+  eg, `~/.local/share/solana-update/<update-pubkey>-<manifest_signature>/bin`
 - `~/.local/share/solana/install/releases/<download_sha256>/` - contents of a release
 
 ### Command-line Interface
diff --git a/entry/src/entry.rs b/entry/src/entry.rs
index ee1e7eb2c7..e94ceb2027 100644
--- a/entry/src/entry.rs
+++ b/entry/src/entry.rs
@@ -218,7 +218,7 @@ pub fn hash_transactions(transactions: &[VersionedTransaction]) -> Hash {
         .iter()
         .flat_map(|tx| tx.signatures.iter())
         .collect();
-    let merkle_tree = MerkleTree::new(&signatures);
+    let merkle_tree = MerkleTree::new(&signatures, false);
     if let Some(root_hash) = merkle_tree.get_root() {
         *root_hash
     } else {
diff --git a/entry/src/poh.rs b/entry/src/poh.rs
index 2573c59605..b0a180f3ea 100644
--- a/entry/src/poh.rs
+++ b/entry/src/poh.rs
@@ -73,19 +73,30 @@ impl Poh {
     }
 
     pub fn record(&mut self, mixin: Hash) -> Option<PohEntry> {
-        if self.remaining_hashes == 1 {
+        let entries = self.record_bundle(&[mixin]);
+        entries.unwrap_or_default().pop()
+    }
+
+    pub fn record_bundle(&mut self, mixins: &[Hash]) -> Option<Vec<PohEntry>> {
+        if self.remaining_hashes <= mixins.len() as u64 {
             return None; // Caller needs to `tick()` first
         }
 
-        self.hash = hashv(&[self.hash.as_ref(), mixin.as_ref()]);
-        let num_hashes = self.num_hashes + 1;
-        self.num_hashes = 0;
-        self.remaining_hashes -= 1;
+        let entries = mixins
+            .iter()
+            .map(|m| {
+                self.hash = hashv(&[self.hash.as_ref(), m.as_ref()]);
+                let num_hashes = self.num_hashes + 1;
+                self.num_hashes = 0;
+                self.remaining_hashes -= 1;
+                PohEntry {
+                    num_hashes,
+                    hash: self.hash,
+                }
+            })
+            .collect();
 
-        Some(PohEntry {
-            num_hashes,
-            hash: self.hash,
-        })
+        Some(entries)
     }
 
     pub fn tick(&mut self) -> Option<PohEntry> {
diff --git a/f b/f
new file mode 100755
index 0000000000..e5fe635508
--- /dev/null
+++ b/f
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+# Builds jito-solana in a docker container.
+# Useful for running on machines that might not have cargo installed but can run docker (Flatcar Linux).
+# run `./f true` to compile with debug flags
+
+set -eux
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
+
+GIT_SHA="$(git rev-parse --short HEAD)"
+
+echo "Git hash: $GIT_SHA"
+
+DEBUG_FLAGS=${1-false}
+
+DOCKER_BUILDKIT=1 docker build \
+  --build-arg debug=$DEBUG_FLAGS \
+  --build-arg ci_commit=$GIT_SHA \
+  -t jitolabs/build-solana \
+  -f dev/Dockerfile . \
+  --progress=plain
+
+# Creates a temporary container, copies solana-validator built inside container there and
+# removes the temporary container.
+docker rm temp || true
+docker container create --name temp jitolabs/build-solana
+mkdir -p $SCRIPT_DIR/docker-output
+# Outputs the solana-validator binary to $SOLANA/docker-output/solana-validator
+docker container cp temp:/solana/docker-output $SCRIPT_DIR/
+docker rm temp
diff --git a/fetch-spl.sh b/fetch-spl.sh
index 17f3c68a86..ce42711c22 100755
--- a/fetch-spl.sh
+++ b/fetch-spl.sh
@@ -13,8 +13,24 @@ fetch_program() {
   declare version=$2
   declare address=$3
   declare loader=$4
+  declare repo=$5
 
-  declare so=spl_$name-$version.so
+  case $repo in
+  "jito")
+    so=$name-$version.so
+    so_name="$name.so"
+    url="https://github.com/jito-foundation/jito-programs/releases/download/v$version/$so_name"
+    ;;
+  "solana")
+    so=spl_$name-$version.so
+    so_name="spl_${name//-/_}.so"
+    url="https://github.com/solana-labs/solana-program-library/releases/download/$name-v$version/$so_name"
+    ;;
+  *)
+    echo "Unsupported repo: $repo"
+    return 1
+    ;;
+  esac
 
   if [[ $loader == "$upgradeableLoader" ]]; then
     genesis_args+=(--upgradeable-program "$address" "$loader" "$so" none)
@@ -30,12 +46,11 @@ fetch_program() {
     cp ~/.cache/solana-spl/"$so" "$so"
   else
     echo "Downloading $name $version"
-    so_name="spl_${name//-/_}.so"
     (
       set -x
       curl -L --retry 5 --retry-delay 2 --retry-connrefused \
         -o "$so" \
-        "https://github.com/solana-labs/solana-program-library/releases/download/$name-v$version/$so_name"
+        "$url"
     )
 
     mkdir -p ~/.cache/solana-spl
@@ -44,19 +59,25 @@ fetch_program() {
 
 }
 
-fetch_program token 3.5.0 TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA BPFLoader2111111111111111111111111111111111
-fetch_program token-2022 5.0.2 TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb BPFLoaderUpgradeab1e11111111111111111111111
-fetch_program memo  1.0.0 Memo1UhkJRfHyvLMcVucJwxXeuD728EqVDDwQDxFMNo BPFLoader1111111111111111111111111111111111
-fetch_program memo  3.0.0 MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr BPFLoader2111111111111111111111111111111111
-fetch_program associated-token-account 1.1.2 ATokenGPvbdGVxr1b2hvZbsiqW5xWH25efTNsLJA8knL BPFLoader2111111111111111111111111111111111
-fetch_program feature-proposal 1.0.0 Feat1YXHhH6t1juaWF74WLcfv4XoNocjXA6sPWHNgAse BPFLoader2111111111111111111111111111111111
+fetch_program token 3.5.0 TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA BPFLoader2111111111111111111111111111111111 solana
+fetch_program token-2022 5.0.2 TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb BPFLoaderUpgradeab1e11111111111111111111111 solana
+fetch_program memo  1.0.0 Memo1UhkJRfHyvLMcVucJwxXeuD728EqVDDwQDxFMNo BPFLoader1111111111111111111111111111111111 solana
+fetch_program memo  3.0.0 MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr BPFLoader2111111111111111111111111111111111 solana
+fetch_program associated-token-account 1.1.2 ATokenGPvbdGVxr1b2hvZbsiqW5xWH25efTNsLJA8knL BPFLoader2111111111111111111111111111111111 solana
+fetch_program feature-proposal 1.0.0 Feat1YXHhH6t1juaWF74WLcfv4XoNocjXA6sPWHNgAse BPFLoader2111111111111111111111111111111111 solana
+# jito programs
+fetch_program jito_tip_payment 0.1.4 T1pyyaTNZsKv2WcRAB8oVnk93mLJw2XzjtVYqCsaHqt BPFLoaderUpgradeab1e11111111111111111111111 jito
+fetch_program jito_tip_distribution 0.1.4 4R3gSG8BpU4t19KYj8CfnbtRpnT8gtk4dvTHxVRwc2r7 BPFLoaderUpgradeab1e11111111111111111111111 jito
 
-echo "${genesis_args[@]}" > spl-genesis-args.sh
+echo "${genesis_args[@]}" >spl-genesis-args.sh
 
 echo
 echo "Available SPL programs:"
 ls -l spl_*.so
 
+echo "Available Jito programs:"
+ls -l jito*.so
+
 echo
 echo "solana-genesis command-line arguments (spl-genesis-args.sh):"
 cat spl-genesis-args.sh
diff --git a/gossip/src/cluster_info.rs b/gossip/src/cluster_info.rs
index a1ec2f2191..edfd53bcfd 100644
--- a/gossip/src/cluster_info.rs
+++ b/gossip/src/cluster_info.rs
@@ -305,6 +305,10 @@ impl ClusterInfo {
         *self.entrypoints.write().unwrap() = entrypoints;
     }
 
+    pub fn set_my_contact_info(&self, my_contact_info: ContactInfo) {
+        *self.my_contact_info.write().unwrap() = my_contact_info;
+    }
+
     pub fn save_contact_info(&self) {
         let nodes = {
             let entrypoint_gossip_addrs = self
diff --git a/install/agave-install-init.sh b/install/agave-install-init.sh
index cf2d1babf3..8fa5dbbcdf 100755
--- a/install/agave-install-init.sh
+++ b/install/agave-install-init.sh
@@ -16,9 +16,9 @@
 { # this ensures the entire script is downloaded #
 
 if [ -z "$SOLANA_DOWNLOAD_ROOT" ]; then
-    SOLANA_DOWNLOAD_ROOT="https://github.com/anza-xyz/agave/releases/download/"
+    SOLANA_DOWNLOAD_ROOT="https://github.com/jito-foundation/jito-solana/releases/download/"
 fi
-GH_LATEST_RELEASE="https://api.github.com/repos/anza-xyz/agave/releases/latest"
+GH_LATEST_RELEASE="https://api.github.com/repos/jito-foundation/jito-solana/releases/latest"
 
 set -e
 
diff --git a/install/src/command.rs b/install/src/command.rs
index 014753128f..8c9f1b3d51 100644
--- a/install/src/command.rs
+++ b/install/src/command.rs
@@ -567,7 +567,7 @@ pub fn init(
 
 fn github_release_download_url(release_semver: &str) -> String {
     format!(
-        "https://github.com/anza-xyz/agave/releases/download/v{}/solana-release-{}.tar.bz2",
+        "https://github.com/jito-foundation/jito-solana/releases/download/v{}/solana-release-{}.tar.bz2",
         release_semver,
         crate::build_env::TARGET
     )
@@ -575,7 +575,7 @@ fn github_release_download_url(release_semver: &str) -> String {
 
 fn release_channel_download_url(release_channel: &str) -> String {
     format!(
-        "https://release.anza.xyz/{}/solana-release-{}.tar.bz2",
+        "https://release.jito.wtf/{}/solana-release-{}.tar.bz2",
         release_channel,
         crate::build_env::TARGET
     )
@@ -583,7 +583,7 @@ fn release_channel_download_url(release_channel: &str) -> String {
 
 fn release_channel_version_url(release_channel: &str) -> String {
     format!(
-        "https://release.anza.xyz/{}/solana-release-{}.yml",
+        "https://release.jito.wtf/{}/solana-release-{}.yml",
         release_channel,
         crate::build_env::TARGET
     )
@@ -900,7 +900,7 @@ fn check_for_newer_github_release(
 
     while page == 1 || releases.len() == PER_PAGE {
         let url = reqwest::Url::parse_with_params(
-            "https://api.github.com/repos/anza-xyz/agave/releases",
+            "https://api.github.com/repos/jito-foundation/jito-solana/releases",
             &[
                 ("per_page", &format!("{PER_PAGE}")),
                 ("page", &format!("{page}")),
diff --git a/jito-programs b/jito-programs
new file mode 160000
index 0000000000..d2b9c58189
--- /dev/null
+++ b/jito-programs
@@ -0,0 +1 @@
+Subproject commit d2b9c58189bb69d6f90b1ed513beea8cc9d7c013
diff --git a/jito-protos/Cargo.toml b/jito-protos/Cargo.toml
new file mode 100644
index 0000000000..f9f0b5baa3
--- /dev/null
+++ b/jito-protos/Cargo.toml
@@ -0,0 +1,19 @@
+[package]
+name = "jito-protos"
+version = { workspace = true }
+edition = { workspace = true }
+publish = false
+
+[dependencies]
+bytes = { workspace = true }
+prost = { workspace = true }
+prost-types = { workspace = true }
+tonic = { workspace = true }
+
+[build-dependencies]
+tonic-build = { workspace = true }
+
+# windows users should install the protobuf compiler manually and set the PROTOC
+# envar to point to the installed binary
+[target."cfg(not(windows))".build-dependencies]
+protobuf-src = { workspace = true }
diff --git a/jito-protos/build.rs b/jito-protos/build.rs
new file mode 100644
index 0000000000..30ece1620a
--- /dev/null
+++ b/jito-protos/build.rs
@@ -0,0 +1,38 @@
+use tonic_build::configure;
+
+fn main() -> Result<(), std::io::Error> {
+    const PROTOC_ENVAR: &str = "PROTOC";
+    if std::env::var(PROTOC_ENVAR).is_err() {
+        #[cfg(not(windows))]
+        std::env::set_var(PROTOC_ENVAR, protobuf_src::protoc());
+    }
+
+    let proto_base_path = std::path::PathBuf::from("protos");
+    let proto_files = [
+        "auth.proto",
+        "block_engine.proto",
+        "bundle.proto",
+        "packet.proto",
+        "relayer.proto",
+        "shared.proto",
+    ];
+    let mut protos = Vec::new();
+    for proto_file in &proto_files {
+        let proto = proto_base_path.join(proto_file);
+        println!("cargo:rerun-if-changed={}", proto.display());
+        protos.push(proto);
+    }
+
+    configure()
+        .build_client(true)
+        .build_server(false)
+        .type_attribute(
+            "TransactionErrorType",
+            "#[cfg_attr(test, derive(enum_iterator::Sequence))]",
+        )
+        .type_attribute(
+            "InstructionErrorType",
+            "#[cfg_attr(test, derive(enum_iterator::Sequence))]",
+        )
+        .compile(&protos, &[proto_base_path])
+}
diff --git a/jito-protos/protos b/jito-protos/protos
new file mode 160000
index 0000000000..b74a23ff23
--- /dev/null
+++ b/jito-protos/protos
@@ -0,0 +1 @@
+Subproject commit b74a23ff236c0c223b1bc56daf7c5065bb585428
diff --git a/jito-protos/src/lib.rs b/jito-protos/src/lib.rs
new file mode 100644
index 0000000000..cf630c53d2
--- /dev/null
+++ b/jito-protos/src/lib.rs
@@ -0,0 +1,25 @@
+pub mod proto {
+    pub mod auth {
+        tonic::include_proto!("auth");
+    }
+
+    pub mod block_engine {
+        tonic::include_proto!("block_engine");
+    }
+
+    pub mod bundle {
+        tonic::include_proto!("bundle");
+    }
+
+    pub mod packet {
+        tonic::include_proto!("packet");
+    }
+
+    pub mod relayer {
+        tonic::include_proto!("relayer");
+    }
+
+    pub mod shared {
+        tonic::include_proto!("shared");
+    }
+}
diff --git a/ledger-tool/src/ledger_utils.rs b/ledger-tool/src/ledger_utils.rs
index 58c2a54f72..952ea246f6 100644
--- a/ledger-tool/src/ledger_utils.rs
+++ b/ledger-tool/src/ledger_utils.rs
@@ -115,6 +115,7 @@ pub fn load_and_process_ledger_or_exit(
     blockstore: Arc<Blockstore>,
     process_options: ProcessOptions,
     transaction_status_sender: Option<TransactionStatusSender>,
+    ignore_halt_at_slot_for_snapshot_loading: bool,
 ) -> LoadAndProcessLedgerOutput {
     load_and_process_ledger(
         arg_matches,
@@ -122,6 +123,7 @@ pub fn load_and_process_ledger_or_exit(
         blockstore,
         process_options,
         transaction_status_sender,
+        ignore_halt_at_slot_for_snapshot_loading,
     )
     .unwrap_or_else(|err| {
         eprintln!("Exiting. Failed to load and process ledger: {err}");
@@ -135,6 +137,7 @@ pub fn load_and_process_ledger(
     blockstore: Arc<Blockstore>,
     process_options: ProcessOptions,
     transaction_status_sender: Option<TransactionStatusSender>,
+    ignore_halt_at_slot_for_snapshot_loading: bool,
 ) -> Result<LoadAndProcessLedgerOutput, LoadAndProcessLedgerError> {
     let bank_snapshots_dir = if blockstore.is_primary_access() {
         blockstore.ledger_path().join("snapshot")
@@ -145,6 +148,12 @@ pub fn load_and_process_ledger(
             .join("snapshot")
     };
 
+    let snapshot_halt_at_slot = if ignore_halt_at_slot_for_snapshot_loading {
+        None
+    } else {
+        process_options.halt_at_slot
+    };
+
     let mut starting_slot = 0; // default start check with genesis
     let snapshot_config = if arg_matches.is_present("no_snapshot") {
         None
@@ -158,13 +167,15 @@ pub fn load_and_process_ledger(
                 .ok()
                 .map(PathBuf::from)
                 .unwrap_or_else(|| full_snapshot_archives_dir.clone());
-        if let Some(full_snapshot_slot) =
-            snapshot_utils::get_highest_full_snapshot_archive_slot(&full_snapshot_archives_dir)
-        {
+        if let Some(full_snapshot_slot) = snapshot_utils::get_highest_full_snapshot_archive_slot(
+            &full_snapshot_archives_dir,
+            snapshot_halt_at_slot,
+        ) {
             let incremental_snapshot_slot =
                 snapshot_utils::get_highest_incremental_snapshot_archive_slot(
                     &incremental_snapshot_archives_dir,
                     full_snapshot_slot,
+                    snapshot_halt_at_slot,
                 )
                 .unwrap_or_default();
             starting_slot = std::cmp::max(full_snapshot_slot, incremental_snapshot_slot);
@@ -350,6 +361,7 @@ pub fn load_and_process_ledger(
             None, // Maybe support this later, though
             accounts_update_notifier,
             exit.clone(),
+            ignore_halt_at_slot_for_snapshot_loading,
         )
         .map_err(LoadAndProcessLedgerError::LoadBankForks)?;
     let block_verification_method = value_t!(
diff --git a/ledger-tool/src/main.rs b/ledger-tool/src/main.rs
index 4580c0b773..ebb6b22584 100644
--- a/ledger-tool/src/main.rs
+++ b/ledger-tool/src/main.rs
@@ -1751,8 +1751,8 @@ fn main() {
                             Arc::new(blockstore),
                             process_options,
                             None,
+                            true,
                         );
-
                     println!(
                         "{}",
                         compute_shred_version(
@@ -1815,6 +1815,7 @@ fn main() {
                             Arc::new(blockstore),
                             process_options,
                             transaction_status_sender,
+                            true,
                         );
 
                     let working_bank = bank_forks.read().unwrap().working_bank();
@@ -1886,6 +1887,7 @@ fn main() {
                             Arc::new(blockstore),
                             process_options,
                             None,
+                            true,
                         );
 
                     let dot = graph_forks(&bank_forks.read().unwrap(), &graph_config);
@@ -2074,6 +2076,7 @@ fn main() {
                         blockstore.clone(),
                         process_options,
                         None,
+                        false,
                     );
 
                     let mut bank = bank_forks
@@ -2546,6 +2549,7 @@ fn main() {
                             Arc::new(blockstore),
                             process_options,
                             None,
+                            true,
                         );
                     let bank = bank_forks.read().unwrap().working_bank();
 
@@ -2598,7 +2602,9 @@ fn main() {
                             Arc::new(blockstore),
                             process_options,
                             None,
+                            true,
                         );
+
                     let bank_forks = bank_forks.read().unwrap();
                     let slot = bank_forks.working_bank().slot();
                     let bank = bank_forks.get(slot).unwrap_or_else(|| {
diff --git a/ledger-tool/src/program.rs b/ledger-tool/src/program.rs
index 463d017b17..e240f9d845 100644
--- a/ledger-tool/src/program.rs
+++ b/ledger-tool/src/program.rs
@@ -85,6 +85,7 @@ fn load_blockstore(ledger_path: &Path, arg_matches: &ArgMatches<'_>) -> Arc<Bank
         Arc::new(blockstore),
         process_options,
         None,
+        true,
     );
     let bank = bank_forks.read().unwrap().working_bank();
     bank
diff --git a/ledger/src/bank_forks_utils.rs b/ledger/src/bank_forks_utils.rs
index 9f0b6d60bd..04c8f99061 100644
--- a/ledger/src/bank_forks_utils.rs
+++ b/ledger/src/bank_forks_utils.rs
@@ -22,7 +22,7 @@ use {
         snapshot_hash::{FullSnapshotHash, IncrementalSnapshotHash, StartingSnapshotHashes},
         snapshot_utils,
     },
-    solana_sdk::genesis_config::GenesisConfig,
+    solana_sdk::{clock::Slot, genesis_config::GenesisConfig},
     std::{
         path::PathBuf,
         result,
@@ -99,6 +99,7 @@ pub fn load(
         entry_notification_sender,
         accounts_update_notifier,
         exit,
+        true,
     )?;
     blockstore_processor::process_blockstore_from_root(
         blockstore,
@@ -127,9 +128,12 @@ pub fn load_bank_forks(
     entry_notification_sender: Option<&EntryNotifierSender>,
     accounts_update_notifier: Option<AccountsUpdateNotifier>,
     exit: Arc<AtomicBool>,
+    ignore_halt_at_slot_for_snapshot_loading: bool,
 ) -> LoadResult {
     fn get_snapshots_to_load(
         snapshot_config: Option<&SnapshotConfig>,
+        halt_at_slot: Option<Slot>,
+        ignore_halt_at_slot_for_snapshot_loading: bool,
     ) -> Option<(
         FullSnapshotArchiveInfo,
         Option<IncrementalSnapshotArchiveInfo>,
@@ -139,9 +143,16 @@ pub fn load_bank_forks(
             return None;
         };
 
+        let halt_at_slot = if ignore_halt_at_slot_for_snapshot_loading {
+            None
+        } else {
+            halt_at_slot
+        };
+
         let Some(full_snapshot_archive_info) =
             snapshot_utils::get_highest_full_snapshot_archive_info(
                 &snapshot_config.full_snapshot_archives_dir,
+                halt_at_slot,
             )
         else {
             warn!(
@@ -155,6 +166,7 @@ pub fn load_bank_forks(
             snapshot_utils::get_highest_incremental_snapshot_archive_info(
                 &snapshot_config.incremental_snapshot_archives_dir,
                 full_snapshot_archive_info.slot(),
+                halt_at_slot,
             );
 
         Some((
@@ -165,7 +177,11 @@ pub fn load_bank_forks(
 
     let (bank_forks, starting_snapshot_hashes) =
         if let Some((full_snapshot_archive_info, incremental_snapshot_archive_info)) =
-            get_snapshots_to_load(snapshot_config)
+            get_snapshots_to_load(
+                snapshot_config,
+                process_options.halt_at_slot,
+                ignore_halt_at_slot_for_snapshot_loading,
+            )
         {
             // SAFETY: Having snapshots to load ensures a snapshot config
             let snapshot_config = snapshot_config.unwrap();
@@ -224,7 +240,7 @@ pub fn load_bank_forks(
 }
 
 #[allow(clippy::too_many_arguments)]
-fn bank_forks_from_snapshot(
+pub fn bank_forks_from_snapshot(
     full_snapshot_archive_info: FullSnapshotArchiveInfo,
     incremental_snapshot_archive_info: Option<IncrementalSnapshotArchiveInfo>,
     genesis_config: &GenesisConfig,
diff --git a/ledger/src/blockstore_processor.rs b/ledger/src/blockstore_processor.rs
index 19cafec5ad..c99d11c407 100644
--- a/ledger/src/blockstore_processor.rs
+++ b/ledger/src/blockstore_processor.rs
@@ -160,7 +160,7 @@ pub fn execute_batch(
     let mut mint_decimals: HashMap<Pubkey, u8> = HashMap::new();
 
     let pre_token_balances = if record_token_balances {
-        collect_token_balances(bank, batch, &mut mint_decimals)
+        collect_token_balances(bank, batch, &mut mint_decimals, None)
     } else {
         vec![]
     };
@@ -210,7 +210,7 @@ pub fn execute_batch(
             .map(|tx| tx.as_sanitized_transaction().into_owned())
             .collect();
         let post_token_balances = if record_token_balances {
-            collect_token_balances(bank, batch, &mut mint_decimals)
+            collect_token_balances(bank, batch, &mut mint_decimals, None)
         } else {
             vec![]
         };
@@ -903,6 +903,7 @@ pub fn test_process_blockstore(
         None,
         None,
         exit,
+        true,
     )
     .unwrap();
 
diff --git a/ledger/src/token_balances.rs b/ledger/src/token_balances.rs
index 2d2ec4f65f..1a80e2399e 100644
--- a/ledger/src/token_balances.rs
+++ b/ledger/src/token_balances.rs
@@ -7,6 +7,7 @@ use {
     solana_metrics::datapoint_debug,
     solana_runtime::{bank::Bank, transaction_batch::TransactionBatch},
     solana_sdk::{account::ReadableAccount, pubkey::Pubkey},
+    solana_svm::account_overrides::AccountOverrides,
     solana_svm_transaction::svm_message::SVMMessage,
     solana_transaction_status::{
         token_balances::TransactionTokenBalances, TransactionTokenBalance,
@@ -40,6 +41,7 @@ pub fn collect_token_balances(
     bank: &Bank,
     batch: &TransactionBatch<impl SVMMessage>,
     mint_decimals: &mut HashMap<Pubkey, u8>,
+    cached_accounts: Option<&AccountOverrides>,
 ) -> TransactionTokenBalances {
     let mut balances: TransactionTokenBalances = vec![];
     let mut collect_time = Measure::start("collect_token_balances");
@@ -60,8 +62,12 @@ pub fn collect_token_balances(
                     ui_token_amount,
                     owner,
                     program_id,
-                }) = collect_token_balance_from_account(bank, account_id, mint_decimals)
-                {
+                }) = collect_token_balance_from_account(
+                    bank,
+                    account_id,
+                    mint_decimals,
+                    cached_accounts,
+                ) {
                     transaction_balances.push(TransactionTokenBalance {
                         account_index: index as u8,
                         mint,
@@ -94,8 +100,17 @@ fn collect_token_balance_from_account(
     bank: &Bank,
     account_id: &Pubkey,
     mint_decimals: &mut HashMap<Pubkey, u8>,
+    account_overrides: Option<&AccountOverrides>,
 ) -> Option<TokenBalanceData> {
-    let account = bank.get_account(account_id)?;
+    let account = {
+        if let Some(account_override) =
+            account_overrides.and_then(|overrides| overrides.get(account_id))
+        {
+            Some(account_override.clone())
+        } else {
+            bank.get_account(account_id)
+        }
+    }?;
 
     if !is_known_spl_token_id(account.owner()) {
         return None;
@@ -244,13 +259,13 @@ mod test {
 
         // Account is not owned by spl_token (nor does it have TokenAccount state)
         assert_eq!(
-            collect_token_balance_from_account(&bank, &account_pubkey, &mut mint_decimals),
+            collect_token_balance_from_account(&bank, &account_pubkey, &mut mint_decimals, None),
             None
         );
 
         // Mint does not have TokenAccount state
         assert_eq!(
-            collect_token_balance_from_account(&bank, &mint_pubkey, &mut mint_decimals),
+            collect_token_balance_from_account(&bank, &mint_pubkey, &mut mint_decimals, None),
             None
         );
 
@@ -259,7 +274,8 @@ mod test {
             collect_token_balance_from_account(
                 &bank,
                 &spl_token_account_pubkey,
-                &mut mint_decimals
+                &mut mint_decimals,
+                None
             ),
             Some(TokenBalanceData {
                 mint: mint_pubkey.to_string(),
@@ -276,7 +292,12 @@ mod test {
 
         // TokenAccount is not owned by known spl-token program_id
         assert_eq!(
-            collect_token_balance_from_account(&bank, &other_account_pubkey, &mut mint_decimals),
+            collect_token_balance_from_account(
+                &bank,
+                &other_account_pubkey,
+                &mut mint_decimals,
+                None
+            ),
             None
         );
 
@@ -285,7 +306,8 @@ mod test {
             collect_token_balance_from_account(
                 &bank,
                 &other_mint_account_pubkey,
-                &mut mint_decimals
+                &mut mint_decimals,
+                None
             ),
             None
         );
@@ -438,13 +460,13 @@ mod test {
 
         // Account is not owned by spl_token (nor does it have TokenAccount state)
         assert_eq!(
-            collect_token_balance_from_account(&bank, &account_pubkey, &mut mint_decimals),
+            collect_token_balance_from_account(&bank, &account_pubkey, &mut mint_decimals, None),
             None
         );
 
         // Mint does not have TokenAccount state
         assert_eq!(
-            collect_token_balance_from_account(&bank, &mint_pubkey, &mut mint_decimals),
+            collect_token_balance_from_account(&bank, &mint_pubkey, &mut mint_decimals, None),
             None
         );
 
@@ -453,7 +475,8 @@ mod test {
             collect_token_balance_from_account(
                 &bank,
                 &spl_token_account_pubkey,
-                &mut mint_decimals
+                &mut mint_decimals,
+                None
             ),
             Some(TokenBalanceData {
                 mint: mint_pubkey.to_string(),
@@ -470,7 +493,12 @@ mod test {
 
         // TokenAccount is not owned by known spl-token program_id
         assert_eq!(
-            collect_token_balance_from_account(&bank, &other_account_pubkey, &mut mint_decimals),
+            collect_token_balance_from_account(
+                &bank,
+                &other_account_pubkey,
+                &mut mint_decimals,
+                None
+            ),
             None
         );
 
@@ -479,7 +507,8 @@ mod test {
             collect_token_balance_from_account(
                 &bank,
                 &other_mint_account_pubkey,
-                &mut mint_decimals
+                &mut mint_decimals,
+                None
             ),
             None
         );
diff --git a/local-cluster/src/local_cluster.rs b/local-cluster/src/local_cluster.rs
index 35fcc5f2ed..85a19e69bd 100644
--- a/local-cluster/src/local_cluster.rs
+++ b/local-cluster/src/local_cluster.rs
@@ -351,6 +351,7 @@ impl LocalCluster {
                 tpu_max_connections_per_ipaddr_per_minute: 32, // max connections per IpAddr per minute
             },
             Arc::new(RwLock::new(None)),
+            None,
         )
         .expect("assume successful validator start");
 
@@ -559,6 +560,7 @@ impl LocalCluster {
                 tpu_max_connections_per_ipaddr_per_minute: 32, // max connections per IpAddr per mintute
             },
             Arc::new(RwLock::new(None)),
+            None,
         )
         .expect("assume successful validator start");
 
@@ -1095,6 +1097,7 @@ impl Cluster for LocalCluster {
                 tpu_max_connections_per_ipaddr_per_minute: 32, // max connections per IpAddr per minute, use higher value because of tests
             },
             Arc::new(RwLock::new(None)),
+            None,
         )
         .expect("assume successful validator start");
         cluster_validator_info.validator = Some(restarted_node);
diff --git a/local-cluster/src/local_cluster_snapshot_utils.rs b/local-cluster/src/local_cluster_snapshot_utils.rs
index 3df5b61d3b..37aaf9ec12 100644
--- a/local-cluster/src/local_cluster_snapshot_utils.rs
+++ b/local-cluster/src/local_cluster_snapshot_utils.rs
@@ -91,7 +91,10 @@ impl LocalCluster {
         let timer = Instant::now();
         let next_snapshot = loop {
             if let Some(full_snapshot_archive_info) =
-                snapshot_utils::get_highest_full_snapshot_archive_info(&full_snapshot_archives_dir)
+                snapshot_utils::get_highest_full_snapshot_archive_info(
+                    &full_snapshot_archives_dir,
+                    None,
+                )
             {
                 match next_snapshot_type {
                     NextSnapshotType::FullSnapshot => {
@@ -104,6 +107,7 @@ impl LocalCluster {
                             snapshot_utils::get_highest_incremental_snapshot_archive_info(
                                 incremental_snapshot_archives_dir.as_ref().unwrap(),
                                 full_snapshot_archive_info.slot(),
+                                None,
                             )
                         {
                             if incremental_snapshot_archive_info.slot() >= last_slot {
diff --git a/local-cluster/src/validator_configs.rs b/local-cluster/src/validator_configs.rs
index e90475aad2..bde7ac0cfd 100644
--- a/local-cluster/src/validator_configs.rs
+++ b/local-cluster/src/validator_configs.rs
@@ -73,6 +73,11 @@ pub fn safe_clone_config(config: &ValidatorConfig) -> ValidatorConfig {
         replay_transactions_threads: config.replay_transactions_threads,
         tvu_shred_sigverify_threads: config.tvu_shred_sigverify_threads,
         delay_leader_block_for_pending_fork: config.delay_leader_block_for_pending_fork,
+        relayer_config: config.relayer_config.clone(),
+        block_engine_config: config.block_engine_config.clone(),
+        shred_receiver_address: config.shred_receiver_address.clone(),
+        tip_manager_config: config.tip_manager_config.clone(),
+        preallocated_bundle_cost: config.preallocated_bundle_cost,
     }
 }
 
diff --git a/local-cluster/tests/local_cluster.rs b/local-cluster/tests/local_cluster.rs
index 7f847d848a..4e8a266b85 100644
--- a/local-cluster/tests/local_cluster.rs
+++ b/local-cluster/tests/local_cluster.rs
@@ -850,6 +850,7 @@ fn test_incremental_snapshot_download_with_crossing_full_snapshot_interval_at_st
         validator_snapshot_test_config
             .full_snapshot_archives_dir
             .path(),
+        None,
     )
     .unwrap();
     info!(
@@ -889,6 +890,7 @@ fn test_incremental_snapshot_download_with_crossing_full_snapshot_interval_at_st
                 .incremental_snapshot_archives_dir
                 .path(),
             full_snapshot_archive.slot(),
+            None,
         )
         .unwrap();
     info!(
@@ -1032,6 +1034,7 @@ fn test_incremental_snapshot_download_with_crossing_full_snapshot_interval_at_st
             validator_snapshot_test_config
                 .full_snapshot_archives_dir
                 .path(),
+            None,
         )
         .unwrap();
 
@@ -1098,6 +1101,7 @@ fn test_incremental_snapshot_download_with_crossing_full_snapshot_interval_at_st
             validator_snapshot_test_config
                 .full_snapshot_archives_dir
                 .path(),
+            None,
         )
         .unwrap();
 
@@ -1126,6 +1130,7 @@ fn test_incremental_snapshot_download_with_crossing_full_snapshot_interval_at_st
             validator_snapshot_test_config
                 .full_snapshot_archives_dir
                 .path(),
+            None,
         ) {
             if full_snapshot_slot >= validator_next_full_snapshot_slot {
                 if let Some(incremental_snapshot_slot) =
@@ -1134,6 +1139,7 @@ fn test_incremental_snapshot_download_with_crossing_full_snapshot_interval_at_st
                             .incremental_snapshot_archives_dir
                             .path(),
                         full_snapshot_slot,
+                        None,
                     )
                 {
                     if incremental_snapshot_slot >= validator_next_incremental_snapshot_slot {
@@ -1328,8 +1334,10 @@ fn test_snapshots_blockstore_floor() {
     trace!("Waiting for snapshot tar to be generated with slot",);
 
     let archive_info = loop {
-        let archive =
-            snapshot_utils::get_highest_full_snapshot_archive_info(full_snapshot_archives_dir);
+        let archive = snapshot_utils::get_highest_full_snapshot_archive_info(
+            full_snapshot_archives_dir,
+            None,
+        );
         if archive.is_some() {
             trace!("snapshot exists");
             break archive.unwrap();
@@ -5142,12 +5150,14 @@ fn test_boot_from_local_state() {
             if let Some(other_full_snapshot_slot) =
                 snapshot_utils::get_highest_full_snapshot_archive_slot(
                     &other_validator_config.full_snapshot_archives_dir,
+                    None,
                 )
             {
                 let other_incremental_snapshot_slot =
                     snapshot_utils::get_highest_incremental_snapshot_archive_slot(
                         &other_validator_config.incremental_snapshot_archives_dir,
                         other_full_snapshot_slot,
+                        None,
                     );
                 if other_full_snapshot_slot >= full_snapshot_archive.slot()
                     && other_incremental_snapshot_slot >= Some(incremental_snapshot_archive.slot())
@@ -5297,6 +5307,7 @@ fn test_boot_from_local_state_missing_archive() {
     info!("Deleting latest full snapshot archive...");
     let highest_full_snapshot = snapshot_utils::get_highest_full_snapshot_archive_info(
         validator_config.full_snapshot_archives_dir.path(),
+        None,
     )
     .unwrap();
     fs::remove_file(highest_full_snapshot.path()).unwrap();
diff --git a/merkle-tree/src/merkle_tree.rs b/merkle-tree/src/merkle_tree.rs
index 2eb6c3584c..0da3f89656 100644
--- a/merkle-tree/src/merkle_tree.rs
+++ b/merkle-tree/src/merkle_tree.rs
@@ -18,7 +18,7 @@ macro_rules! hash_intermediate {
     }
 }
 
-#[derive(Debug)]
+#[derive(Default, Debug, Eq, Hash, PartialEq)]
 pub struct MerkleTree {
     leaf_count: usize,
     nodes: Vec<Hash>,
@@ -36,6 +36,14 @@ impl<'a> ProofEntry<'a> {
         assert!(left_sibling.is_none() ^ right_sibling.is_none());
         Self(target, left_sibling, right_sibling)
     }
+
+    pub fn get_left_sibling(&self) -> Option<&'a Hash> {
+        self.1
+    }
+
+    pub fn get_right_sibling(&self) -> Option<&'a Hash> {
+        self.2
+    }
 }
 
 #[derive(Debug, Default, PartialEq, Eq)]
@@ -60,6 +68,10 @@ impl<'a> Proof<'a> {
         });
         result.is_some()
     }
+
+    pub fn get_proof_entries(self) -> Vec<ProofEntry<'a>> {
+        self.0
+    }
 }
 
 impl MerkleTree {
@@ -95,7 +107,7 @@ impl MerkleTree {
         }
     }
 
-    pub fn new<T: AsRef<[u8]>>(items: &[T]) -> Self {
+    pub fn new<T: AsRef<[u8]>>(items: &[T], sorted_hashes: bool) -> Self {
         let cap = MerkleTree::calculate_vec_capacity(items.len());
         let mut mt = MerkleTree {
             leaf_count: items.len(),
@@ -123,8 +135,20 @@ impl MerkleTree {
                     &mt.nodes[prev_level_start + prev_level_idx]
                 };
 
-                let hash = hash_intermediate!(lsib, rsib);
-                mt.nodes.push(hash);
+                // tip-distribution verification uses sorted hashing
+                if sorted_hashes {
+                    if lsib <= rsib {
+                        let hash = hash_intermediate!(lsib, rsib);
+                        mt.nodes.push(hash);
+                    } else {
+                        let hash = hash_intermediate!(rsib, lsib);
+                        mt.nodes.push(hash);
+                    }
+                } else {
+                    // hashing for solana internals
+                    let hash = hash_intermediate!(lsib, rsib);
+                    mt.nodes.push(hash);
+                }
             }
             prev_level_start = level_start;
             prev_level_len = level_len;
@@ -189,21 +213,21 @@ mod tests {
 
     #[test]
     fn test_tree_from_empty() {
-        let mt = MerkleTree::new::<[u8; 0]>(&[]);
+        let mt = MerkleTree::new::<[u8; 0]>(&[], false);
         assert_eq!(mt.get_root(), None);
     }
 
     #[test]
     fn test_tree_from_one() {
         let input = b"test";
-        let mt = MerkleTree::new(&[input]);
+        let mt = MerkleTree::new(&[input], false);
         let expected = hash_leaf!(input);
         assert_eq!(mt.get_root(), Some(&expected));
     }
 
     #[test]
     fn test_tree_from_many() {
-        let mt = MerkleTree::new(TEST);
+        let mt = MerkleTree::new(TEST, false);
         // This golden hash will need to be updated whenever the contents of `TEST` change in any
         // way, including addition, removal and reordering or any of the tree calculation algo
         // changes
@@ -217,7 +241,7 @@ mod tests {
 
     #[test]
     fn test_path_creation() {
-        let mt = MerkleTree::new(TEST);
+        let mt = MerkleTree::new(TEST, false);
         for (i, _s) in TEST.iter().enumerate() {
             let _path = mt.find_path(i).unwrap();
         }
@@ -225,13 +249,13 @@ mod tests {
 
     #[test]
     fn test_path_creation_bad_index() {
-        let mt = MerkleTree::new(TEST);
+        let mt = MerkleTree::new(TEST, false);
         assert_eq!(mt.find_path(TEST.len()), None);
     }
 
     #[test]
     fn test_path_verify_good() {
-        let mt = MerkleTree::new(TEST);
+        let mt = MerkleTree::new(TEST, false);
         for (i, s) in TEST.iter().enumerate() {
             let hash = hash_leaf!(s);
             let path = mt.find_path(i).unwrap();
@@ -241,7 +265,7 @@ mod tests {
 
     #[test]
     fn test_path_verify_bad() {
-        let mt = MerkleTree::new(TEST);
+        let mt = MerkleTree::new(TEST, false);
         for (i, s) in BAD.iter().enumerate() {
             let hash = hash_leaf!(s);
             let path = mt.find_path(i).unwrap();
diff --git a/multinode-demo/bootstrap-validator.sh b/multinode-demo/bootstrap-validator.sh
index d21ee1aaa8..6629d2316e 100755
--- a/multinode-demo/bootstrap-validator.sh
+++ b/multinode-demo/bootstrap-validator.sh
@@ -106,6 +106,24 @@ while [[ -n $1 ]]; do
     elif [[ $1 == --skip-require-tower ]]; then
       maybeRequireTower=false
       shift
+    elif [[ $1 == --relayer-url ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --block-engine-url ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --tip-payment-program-pubkey ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --tip-distribution-program-pubkey ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --commission-bps ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --shred-receiver-address ]]; then
+      args+=("$1" "$2")
+      shift 2
     elif [[ $1 = --log-messages-bytes-limit ]]; then
       args+=("$1" "$2")
       shift 2
@@ -118,6 +136,18 @@ while [[ -n $1 ]]; do
     elif [[ $1 == --wen-restart-coordinator ]]; then
       args+=("$1" "$2")
       shift 2
+    elif [[ $1 == --geyser-plugin-config ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --trust-relayer-packets ]]; then
+      args+=("$1")
+      shift
+    elif [[ $1 == --rpc-threads ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --trust-block-engine-packets ]]; then
+      args+=("$1")
+      shift
     else
       echo "Unknown argument: $1"
       $program --help
@@ -153,6 +183,7 @@ args+=(
   --no-incremental-snapshots
   --identity "$identity"
   --vote-account "$vote_account"
+  --merkle-root-upload-authority "$identity"
   --rpc-faucet-address 127.0.0.1:9900
   --no-poh-speed-test
   --no-os-network-limits-test
@@ -162,6 +193,9 @@ args+=(
 )
 default_arg --gossip-port 8001
 default_arg --log -
+default_arg --tip-payment-program-pubkey "DThZmRNNXh7kvTQW9hXeGoWGPKktK8pgVAyoTLjH7UrT"
+default_arg --tip-distribution-program-pubkey "FjrdANjvo76aCYQ4kf9FM1R8aESUcEE6F8V7qyoVUQcM"
+default_arg --commission-bps 0
 
 
 pid=
diff --git a/multinode-demo/validator.sh b/multinode-demo/validator.sh
index c97812c6cb..b3db930111 100755
--- a/multinode-demo/validator.sh
+++ b/multinode-demo/validator.sh
@@ -85,6 +85,24 @@ while [[ -n $1 ]]; do
       vote_account=$2
       args+=("$1" "$2")
       shift 2
+    elif [[ $1 == --block-engine-url ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --relayer-url ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 = --merkle-root-upload-authority ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --tip-payment-program-pubkey ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --tip-distribution-program-pubkey ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --commission-bps ]]; then
+      args+=("$1" "$2")
+      shift 2
     elif [[ $1 = --init-complete-file ]]; then
       args+=("$1" "$2")
       shift 2
@@ -188,6 +206,24 @@ while [[ -n $1 ]]; do
     elif [[ $1 == --wen-restart-coordinator ]]; then
       args+=("$1" "$2")
       shift 2
+    elif [[ $1 == --rpc-pubsub-enable-block-subscription ]]; then
+      args+=("$1")
+      shift
+    elif [[ $1 == --geyser-plugin-config ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --trust-relayer-packets ]]; then
+      args+=("$1")
+      shift
+    elif [[ $1 == --rpc-threads ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --shred-receiver-address ]]; then
+      args+=("$1" "$2")
+      shift 2
+    elif [[ $1 == --trust-block-engine-packets ]]; then
+      args+=("$1")
+      shift
     elif [[ $1 = -h ]]; then
       usage "$@"
     else
@@ -262,6 +298,10 @@ fi
 
 default_arg --identity "$identity"
 default_arg --vote-account "$vote_account"
+default_arg --merkle-root-upload-authority "$identity"
+default_arg --tip-payment-program-pubkey "DThZmRNNXh7kvTQW9hXeGoWGPKktK8pgVAyoTLjH7UrT"
+default_arg --tip-distribution-program-pubkey "FjrdANjvo76aCYQ4kf9FM1R8aESUcEE6F8V7qyoVUQcM"
+default_arg --commission-bps 0
 default_arg --ledger "$ledger_dir"
 default_arg --log -
 default_arg --full-rpc-api
diff --git a/perf/src/sigverify.rs b/perf/src/sigverify.rs
index 5394d0462b..bd86ec0cef 100644
--- a/perf/src/sigverify.rs
+++ b/perf/src/sigverify.rs
@@ -107,7 +107,7 @@ pub fn init() {
 /// Returns true if the signatrue on the packet verifies.
 /// Caller must do packet.set_discard(true) if this returns false.
 #[must_use]
-fn verify_packet(packet: &mut Packet, reject_non_vote: bool) -> bool {
+pub fn verify_packet(packet: &mut Packet, reject_non_vote: bool) -> bool {
     // If this packet was already marked as discard, drop it
     if packet.meta().discard() {
         return false;
diff --git a/poh/src/poh_recorder.rs b/poh/src/poh_recorder.rs
index 8b95ecec03..54b8ff7e48 100644
--- a/poh/src/poh_recorder.rs
+++ b/poh/src/poh_recorder.rs
@@ -60,9 +60,14 @@ pub enum PohRecorderError {
     SendError(#[from] SendError<WorkingBankEntry>),
 }
 
-type Result<T> = std::result::Result<T, PohRecorderError>;
+pub type Result<T> = std::result::Result<T, PohRecorderError>;
 
-pub type WorkingBankEntry = (Arc<Bank>, (Entry, u64));
+#[derive(Clone, Debug)]
+pub struct WorkingBankEntry {
+    pub bank: Arc<Bank>,
+    // normal entries have len == 1, bundles have len > 1
+    pub entries_ticks: Vec<(Entry, u64)>,
+}
 
 #[derive(Debug, Clone)]
 pub struct BankStart {
@@ -92,21 +97,19 @@ impl BankStart {
 type RecordResultSender = Sender<Result<Option<usize>>>;
 
 pub struct Record {
-    pub mixin: Hash,
-    pub transactions: Vec<VersionedTransaction>,
+    // non-bundles shall have mixins_txs.len() == 1, bundles shall have mixins_txs.len() > 1
+    pub mixins_txs: Vec<(Hash, Vec<VersionedTransaction>)>,
     pub slot: Slot,
     pub sender: RecordResultSender,
 }
 impl Record {
     pub fn new(
-        mixin: Hash,
-        transactions: Vec<VersionedTransaction>,
+        mixins_txs: Vec<(Hash, Vec<VersionedTransaction>)>,
         slot: Slot,
         sender: RecordResultSender,
     ) -> Self {
         Self {
-            mixin,
-            transactions,
+            mixins_txs,
             slot,
             sender,
         }
@@ -160,16 +163,21 @@ impl TransactionRecorder {
     pub fn record_transactions(
         &self,
         bank_slot: Slot,
-        transactions: Vec<VersionedTransaction>,
+        batches: Vec<Vec<VersionedTransaction>>,
     ) -> RecordTransactionsSummary {
         let mut record_transactions_timings = RecordTransactionsTimings::default();
         let mut starting_transaction_index = None;
 
-        if !transactions.is_empty() {
-            let (hash, hash_us) = measure_us!(hash_transactions(&transactions));
+        if !batches.is_empty() && !batches.iter().any(|b| b.is_empty()) {
+            let (hashes, hash_us) = measure_us!(batches
+                .iter()
+                .map(|b| hash_transactions(b))
+                .collect::<Vec<_>>());
             record_transactions_timings.hash_us = hash_us;
 
-            let (res, poh_record_us) = measure_us!(self.record(bank_slot, hash, transactions));
+            let hashes_transactions: Vec<_> = hashes.into_iter().zip(batches).collect();
+
+            let (res, poh_record_us) = measure_us!(self.record(bank_slot, hashes_transactions));
             record_transactions_timings.poh_record_us = poh_record_us;
 
             match res {
@@ -205,14 +213,13 @@ impl TransactionRecorder {
     pub fn record(
         &self,
         bank_slot: Slot,
-        mixin: Hash,
-        transactions: Vec<VersionedTransaction>,
+        mixins_txs: Vec<(Hash, Vec<VersionedTransaction>)>,
     ) -> Result<Option<usize>> {
         // create a new channel so that there is only 1 sender and when it goes out of scope, the receiver fails
         let (result_sender, result_receiver) = bounded(1);
-        let res =
-            self.record_sender
-                .send(Record::new(mixin, transactions, bank_slot, result_sender));
+        let res = self
+            .record_sender
+            .send(Record::new(mixins_txs, bank_slot, result_sender));
         if res.is_err() {
             // If the channel is dropped, then the validator is shutting down so return that we are hitting
             //  the max tick height to stop transaction processing and flush any transactions in the pipeline.
@@ -782,7 +789,10 @@ impl PohRecorder {
 
             for tick in &self.tick_cache[..entry_count] {
                 working_bank.bank.register_tick(&tick.0.hash);
-                send_result = self.sender.send((working_bank.bank.clone(), tick.clone()));
+                send_result = self.sender.send(WorkingBankEntry {
+                    bank: working_bank.bank.clone(),
+                    entries_ticks: vec![tick.clone()],
+                });
                 if send_result.is_err() {
                     break;
                 }
@@ -954,16 +964,23 @@ impl PohRecorder {
     pub fn record(
         &mut self,
         bank_slot: Slot,
-        mixin: Hash,
-        transactions: Vec<VersionedTransaction>,
+        mixins_txs: &[(Hash, Vec<VersionedTransaction>)],
     ) -> Result<Option<usize>> {
         // Entries without transactions are used to track real-time passing in the ledger and
         // cannot be generated by `record()`
-        assert!(!transactions.is_empty(), "No transactions provided");
+        assert!(!mixins_txs.is_empty(), "No transactions provided");
+        assert!(
+            !mixins_txs.iter().any(|(_, txs)| txs.is_empty()),
+            "One of mixins is missing txs"
+        );
 
         let ((), report_metrics_us) = measure_us!(self.report_metrics(bank_slot));
         self.report_metrics_us += report_metrics_us;
 
+        let mixins: Vec<Hash> = mixins_txs.iter().map(|(m, _)| *m).collect();
+        let transactions: Vec<Vec<VersionedTransaction>> =
+            mixins_txs.iter().map(|(_, tx)| tx.clone()).collect();
+
         loop {
             let (flush_cache_res, flush_cache_us) = measure_us!(self.flush_cache(false));
             self.flush_cache_no_tick_us += flush_cache_us;
@@ -980,23 +997,37 @@ impl PohRecorder {
             let (mut poh_lock, poh_lock_us) = measure_us!(self.poh.lock().unwrap());
             self.record_lock_contention_us += poh_lock_us;
 
-            let (record_mixin_res, record_mixin_us) = measure_us!(poh_lock.record(mixin));
-            self.record_us += record_mixin_us;
+            let (maybe_entries, record_mixin_time_us) =
+                measure_us!(poh_lock.record_bundle(&mixins));
+            self.record_us += record_mixin_time_us;
 
             drop(poh_lock);
 
-            if let Some(poh_entry) = record_mixin_res {
-                let num_transactions = transactions.len();
-                let (send_entry_res, send_entry_us) = measure_us!({
-                    let entry = Entry {
-                        num_hashes: poh_entry.num_hashes,
-                        hash: poh_entry.hash,
-                        transactions,
-                    };
+            if let Some(entries) = maybe_entries {
+                assert_eq!(entries.len(), transactions.len());
+                let num_transactions = transactions.iter().map(|txs| txs.len()).sum();
+                let (send_entry_res, send_entry_time_us) = measure_us!({
+                    let entries_tick_heights: Vec<(Entry, u64)> = entries
+                        .into_iter()
+                        .zip(transactions.into_iter())
+                        .map(|(poh_entry, transactions)| {
+                            (
+                                Entry {
+                                    num_hashes: poh_entry.num_hashes,
+                                    hash: poh_entry.hash,
+                                    transactions,
+                                },
+                                self.tick_height,
+                            )
+                        })
+                        .collect();
                     let bank_clone = working_bank.bank.clone();
-                    self.sender.send((bank_clone, (entry, self.tick_height)))
+                    self.sender.send(WorkingBankEntry {
+                        bank: bank_clone,
+                        entries_ticks: entries_tick_heights,
+                    })
                 });
-                self.send_entry_us += send_entry_us;
+                self.send_entry_us += send_entry_time_us;
                 send_entry_res?;
                 let starting_transaction_index =
                     working_bank.transaction_index.inspect(|transaction_index| {
@@ -1355,7 +1386,11 @@ mod tests {
         assert_eq!(poh_recorder.tick_height, tick_height_before + 1);
         assert_eq!(poh_recorder.tick_cache.len(), 0);
         let mut num_entries = 0;
-        while let Ok((wbank, (_entry, _tick_height))) = entry_receiver.try_recv() {
+        while let Ok(WorkingBankEntry {
+            bank: wbank,
+            entries_ticks: _,
+        }) = entry_receiver.try_recv()
+        {
             assert_eq!(wbank.slot(), bank1.slot());
             num_entries += 1;
         }
@@ -1442,7 +1477,7 @@ mod tests {
         // We haven't yet reached the minimum tick height for the working bank,
         // so record should fail
         assert_matches!(
-            poh_recorder.record(bank1.slot(), h1, vec![tx.into()]),
+            poh_recorder.record(bank1.slot(), &[(h1, vec![tx.into()])]),
             Err(PohRecorderError::MinHeightNotReached)
         );
         assert!(entry_receiver.try_recv().is_err());
@@ -1481,7 +1516,7 @@ mod tests {
         // However we hand over a bad slot so record fails
         let bad_slot = bank.slot() + 1;
         assert_matches!(
-            poh_recorder.record(bad_slot, h1, vec![tx.into()]),
+            poh_recorder.record(bad_slot, &[(h1, vec![tx.into()])]),
             Err(PohRecorderError::MaxHeightReached)
         );
     }
@@ -1524,18 +1559,26 @@ mod tests {
         let tx = test_tx();
         let h1 = hash(b"hello world!");
         assert!(poh_recorder
-            .record(bank1.slot(), h1, vec![tx.into()])
+            .record(bank1.slot(), &[(h1, vec![tx.into()])])
             .is_ok());
         assert_eq!(poh_recorder.tick_cache.len(), 0);
 
         //tick in the cache + entry
         for _ in 0..min_tick_height {
-            let (_bank, (e, _tick_height)) = entry_receiver.recv().unwrap();
-            assert!(e.is_tick());
+            let WorkingBankEntry {
+                bank: _,
+                entries_ticks,
+            } = entry_receiver.recv().unwrap();
+            assert_eq!(entries_ticks.len(), 1);
+            assert!(entries_ticks[0].0.is_tick());
         }
 
-        let (_bank, (e, _tick_height)) = entry_receiver.recv().unwrap();
-        assert!(!e.is_tick());
+        let WorkingBankEntry {
+            bank: _,
+            entries_ticks,
+        } = entry_receiver.recv().unwrap();
+        assert_eq!(entries_ticks.len(), 1);
+        assert!(!entries_ticks[0].0.is_tick());
     }
 
     #[test]
@@ -1566,11 +1609,15 @@ mod tests {
         let tx = test_tx();
         let h1 = hash(b"hello world!");
         assert!(poh_recorder
-            .record(bank.slot(), h1, vec![tx.into()])
+            .record(bank.slot(), &[(h1, vec![tx.into()])])
             .is_err());
         for _ in 0..num_ticks_to_max {
-            let (_bank, (entry, _tick_height)) = entry_receiver.recv().unwrap();
-            assert!(entry.is_tick());
+            let WorkingBankEntry {
+                bank: _,
+                entries_ticks,
+            } = entry_receiver.recv().unwrap();
+            assert_eq!(entries_ticks.len(), 1);
+            assert!(entries_ticks[0].0.is_tick());
         }
     }
 
@@ -1610,7 +1657,7 @@ mod tests {
         let tx1 = test_tx();
         let h1 = hash(b"hello world!");
         let record_result = poh_recorder
-            .record(bank.slot(), h1, vec![tx0.into(), tx1.into()])
+            .record(bank.slot(), &[(h1, vec![tx0.into(), tx1.into()])])
             .unwrap()
             .unwrap();
         assert_eq!(record_result, 0);
@@ -1627,7 +1674,7 @@ mod tests {
         let tx = test_tx();
         let h2 = hash(b"foobar");
         let record_result = poh_recorder
-            .record(bank.slot(), h2, vec![tx.into()])
+            .record(bank.slot(), &[(h2, vec![tx.into()])])
             .unwrap()
             .unwrap();
         assert_eq!(record_result, 2);
@@ -1866,7 +1913,7 @@ mod tests {
         let tx = test_tx();
         let h1 = hash(b"hello world!");
         assert!(poh_recorder
-            .record(bank.slot(), h1, vec![tx.into()])
+            .record(bank.slot(), &[(h1, vec![tx.into()])])
             .is_err());
         assert!(poh_recorder.working_bank.is_none());
 
diff --git a/poh/src/poh_service.rs b/poh/src/poh_service.rs
index c387abf2f9..b8b586bd29 100644
--- a/poh/src/poh_service.rs
+++ b/poh/src/poh_service.rs
@@ -192,11 +192,12 @@ impl PohService {
         if let Ok(record) = record {
             if record
                 .sender
-                .send(poh_recorder.write().unwrap().record(
-                    record.slot,
-                    record.mixin,
-                    record.transactions,
-                ))
+                .send(
+                    poh_recorder
+                        .write()
+                        .unwrap()
+                        .record(record.slot, &record.mixins_txs),
+                )
                 .is_err()
             {
                 panic!("Error returning mixin hash");
@@ -255,11 +256,7 @@ impl PohService {
                 timing.total_lock_time_ns += lock_time.as_ns();
                 let mut record_time = Measure::start("record");
                 loop {
-                    let res = poh_recorder_l.record(
-                        record.slot,
-                        record.mixin,
-                        std::mem::take(&mut record.transactions),
-                    );
+                    let res = poh_recorder_l.record(record.slot, &record.mixins_txs);
                     let (send_res, send_record_result_us) = measure_us!(record.sender.send(res));
                     debug_assert!(send_res.is_ok(), "Record wasn't sent.");
 
@@ -376,6 +373,7 @@ impl PohService {
 mod tests {
     use {
         super::*,
+        crate::poh_recorder::WorkingBankEntry,
         rand::{thread_rng, Rng},
         solana_ledger::{
             blockstore::Blockstore,
@@ -451,11 +449,10 @@ mod tests {
                     loop {
                         // send some data
                         let mut time = Measure::start("record");
-                        let _ =
-                            poh_recorder
-                                .write()
-                                .unwrap()
-                                .record(bank_slot, h1, vec![tx.clone()]);
+                        let _ = poh_recorder
+                            .write()
+                            .unwrap()
+                            .record(bank_slot, &[(h1, vec![tx.clone()])]);
                         time.stop();
                         total_us += time.as_us();
                         total_times += 1;
@@ -500,7 +497,12 @@ mod tests {
 
         let time = Instant::now();
         while run_time != 0 || need_tick || need_entry || need_partial {
-            let (_bank, (entry, _tick_height)) = entry_receiver.recv().unwrap();
+            let WorkingBankEntry {
+                bank: _,
+                mut entries_ticks,
+            } = entry_receiver.recv().unwrap();
+            assert_eq!(entries_ticks.len(), 1);
+            let entry = entries_ticks.pop().unwrap().0;
 
             if entry.is_tick() {
                 num_ticks += 1;
diff --git a/program-test/src/programs.rs b/program-test/src/programs.rs
index f4d773fbde..23d2db7c08 100644
--- a/program-test/src/programs.rs
+++ b/program-test/src/programs.rs
@@ -12,6 +12,14 @@ mod spl_memo_1_0 {
 mod spl_memo_3_0 {
     solana_sdk::declare_id!("MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr");
 }
+
+mod jito_tip_payment {
+    solana_sdk::declare_id!("T1pyyaTNZsKv2WcRAB8oVnk93mLJw2XzjtVYqCsaHqt");
+}
+mod jito_tip_distribution {
+    solana_sdk::declare_id!("4R3gSG8BpU4t19KYj8CfnbtRpnT8gtk4dvTHxVRwc2r7");
+}
+
 static SPL_PROGRAMS: &[(Pubkey, Pubkey, &[u8])] = &[
     (
         solana_inline_spl::token::ID,
@@ -38,6 +46,16 @@ static SPL_PROGRAMS: &[(Pubkey, Pubkey, &[u8])] = &[
         solana_sdk::bpf_loader::ID,
         include_bytes!("programs/spl_associated_token_account-1.1.1.so"),
     ),
+    (
+        jito_tip_distribution::ID,
+        solana_sdk::bpf_loader::ID,
+        include_bytes!("programs/jito_tip_distribution-0.1.4.so"),
+    ),
+    (
+        jito_tip_payment::ID,
+        solana_sdk::bpf_loader::ID,
+        include_bytes!("programs/jito_tip_payment-0.1.4.so"),
+    ),
 ];
 
 /// Returns a tuple `(Pubkey, Account)` for a BPF program, where the key is the
diff --git a/program-test/src/programs/jito_tip_distribution-0.1.4.so b/program-test/src/programs/jito_tip_distribution-0.1.4.so
new file mode 100644
index 0000000000000000000000000000000000000000..29fc1a0eb5b8c419b67d124872c814948cd4460b
GIT binary patch
literal 423080
zcmeFa3w&Kwl|O#c_O@w#v=na}u0n4G+7OM?qC$v+q#zJ7K3d??5<zksph-JIZZD7Q
z9_MF*N=wC=7J0-tqq*rT=s0%9`P=H~q(0E<I8JqZ^!HPT`ua_AM606I2b16WuE#k$
zCpS$}62$p?K5h10`?2=gYpuQ3+WYKt&RZ{i?Pb#{DgwKv2TuloI`5af1}&)GIMb>G
z4MANngZ|D5W^>&Xm1Gq~GF|p=lm>yN!8``J9WbuEU&@ndXN%Oc)NeO~injbx+9lJ*
zw@5ont=%-rMt=vNkao%RfHVs%tyFk$iTnsNbwl_SHZ@9G-@xhMfRxXo28}~QLoP3H
zy5jU;I{n;7d;x31%r>sSZ<dsYn|cJ#rY(Z!VacC0I|%j@p22>FiSR9ew+mcFNDqBO
z#(<o65I?uPKL`d(TAw;=K>hm!M)?mv6a?wu49*zbq4fyQajI8E^`HA-jBg+HcRp3A
z0+YWP=U36stOo<{8{aGa6PlrCVw@Ys80SGA=X@SuD)=7rHKuET;c(MlP5U?<JOSVP
zz{eBt{o3~v-@ApMKEL-3qvI>w&s5UUI0_xRnU0qzKMpV*t|a;vW>zXJdKqTcD6D#!
zX;E1C6lU5KRz7Ar6jpv_IvMu$a1i|S^mrxog!FD1Q3U<T{{3*hMY&%e^8odskEoxa
z`i1;T9*^5o$Nl9h<_NrY4X5d8)POFRZ{ZZ}NyWMSRX0-p+78Z->vfK(_j;-adEqK9
zkp2eq0?(rSRrE6zoWmK<CVu{E@5K0djOrKijWUiA{FHIWd=mcp{5*&G*~abTdL0b=
z_0Af`PwCI+=M~h#m%HhS$^BaxSAo$6gKH%P{yzE%z4#`TKOos;pSwg4FOZDbev5uO
zAvZ`@ChfE6waGoqm|lzi5AG3sv&eoY?K9g6rLUZQ{@VM9{_WD<^(%cvfkFRGJEz7z
z@97o(&@}Sw^VE%V-x%X;<Z&+Kft!7HC9^ME)Sj4q5xe9{CI_)gmsbV>xhRrfic`0i
zG5|;Oo)}7(uYX@__5APxE)Jr3yFl8zlJplYkoK-5{e=svxIrqAh7+aN<*T{<<zzRQ
z?h2!O8Ry4z*D>tV{mEf;3!a#6X&=)q?PIzd7@sSN-j|y<9ed+>GbrXP7&QJoB;&Su
zS4G6{)mROPL1&gy=<m-6PmUr&T&Cy9KeH2h{Z7tzW$=B!H;ylSeE&)K(u|$(dGoFX
z{z2y%;*`PXNdI5FjqLh%q1VlqG^{!N-{{!QCqn27YYr(a@(ybb3VaF|Q+#%SVZ=k{
zeqz?=k^9sSFM4U1ITGc+|I)2Tk-zHaYih#G(J23YpZzVegE^bOu`bLUi}F8v=UnFI
zSHAMQzYa6UIp2@J4*WNbC(liT!HtrFZ+F}Z|FVuVe1FR0_u{%MiNE<$3(uQ0#qj7X
z707_xjt-qqZIVh@6u47#{F(hsPgt{;Q`aN;u3PAUpQC>P_>2_zaRJ8V)Zm7~?jSd9
zUgT$CZ!iv|`TiTF{~b!lPNi#?=w;ZfX_MrK^-{03M%uM%9OC;2=0jfSKtHcyeytF?
z?iYDG0fVu|5jOV-AL<7rZR(Ts1%f{}t%Apu3Vy)jC~U9cf-uv`^$Oc%;)Izlg{!rE
z3&U=ER^e>|+dL?7Hq*!B=~tNeyO;C=<9d88@%dqu@9YYmVX5G3uIR_Db;M_%KW%{3
z-(X&yMJ<5u=O3myqkIEj>L}mhR=?ikRFCWi(_36{F8Ak3GQQ%1<qFIAiVK!0EaM9o
z==kr*YQFMQ?Pz#65keQ)DaIeF{e|C!1qsdm^ou;)Vy@17f<A?+$0=T2#p8iqepc;4
zBiRFs2mJX1K7|?SH_0!5{Qn9*d3J~AsVAR%!QX<=g?7{(^Y?QJ{$fVCe(BH0|EWa1
zmr^~O|31D?P`&U$>Bpa!%m<ry6*g}rg<Pdv;9P~;<!-?PK4s}A`auoo#WCnvN#x{|
zzq6<w<5B+Srv0nh5$z``*M6pbfy;rvI)VQOgg+HL!sSoL&z!Zlyq~$|&Xe;q8NxRa
zKl2pDY$N?lwem&uI;_bK<5O5uC9s%f@-y=o9_eS6Mft=1OkI>e+|M*b`NRE8Bj@{m
zW*+o4PeP%~^bB%;_?GecnRgI>Pu|ZQka=FSU+mu>u%Eew`L%-i=qBuE)DG5*zYUwz
z-;C*Jx|naVpAoxT*p6Ao`%1#s?OBDz-bC?MiL=Z4nf>Z#PA8i?9zVl+)UWtxo+tgx
zN-Bb0ot?06un@kVv3gmm7yFgF7%|1SJf7l$ZiU6K6c=<UEaM9oQ1C-nct?lkD?b;s
zN&ej}ny-9cu!iB0en#YRGJYl`dr;2LfKOpY`Yq>YZ2STE<oTI{hzC9X@;cM=GmSI?
z@b}k$N9}Yz!`_3xu3!3tT{rwsB<g_!Hvdu2@coqPJrjQB%(alW$Z0D4%tFFH8GdFp
z$)((S=AJv?FSfHDMe|GLgZ0s9>zUUPzI3pd+xhZd1G{YUrS`U-SytB19Fln+t!EA@
z4C#~nY7Pi|3WMZl#NLkdGl#hz@`wAGBT@cvKXWw7AMR(4aeh({eZK?yV)_QX{nncy
zANoU=AD1y7?i0FEZy)hFUs}U{Y~;E|*AcqzF+GacH8P*W8r8Fj`kVWOj(A;j$|&oa
z>zF>bL*jF{Q|a2J>zHOun<PK1mwK%=(ymqaTSxG(U;0P<1-^hE?`OVU#s%&n%Am`s
z-i*1vX;OPxFZLmn?H5|FP4c?tJra<PkgGSI0rfXm!QVvkeHo9(U(c}Kc<p$7w4JMQ
z+}cM!!Iw1&`-Yj|`x&cu71e{?r+@MKqMHD^;&@r$+$6-)cjt%8hr~D(@x7v!J8}h?
zw^9EK1<qB-deXNG)zrd|*EbRV6tC)Ny!0EF`2l|&v}fbUahtyidpl(QKCJC$)4pcH
z|BS}>bH>T{v#4IYj{GWj6#M(HD7=N~C@wgp@HU3S1qT%tI>QAA7!L2)FX`QTwcO%?
z0fwXfThcLH<`+lz@86MlS=fG3`(N8>oaOw*XKp{ab;)MJH<5M8dXn?Vb&0M!B7Y(4
z4mV%)EUc*%`xW_%fZ>t;A{*ro_ZQVs{&0U0uVaS$3t7kb{s9Y2(_i0DEMR*#_Wsw;
ziNAkbmylombJ&9wqVNBM)+JBDPmE*#i}lF!7s+)=3vmYi;=T`!w3oiWuzK&Jda<37
zz$9Lmh$EtXcePvFgzwRQ))t1tJGwMq;*e;)a(9R3t3THD%4Dufjuy(VOTecStxH;n
zGVtlm;L{1#B?mEYsSjN6OLdf@-OXkAYxWoQTC`q1QLl~iZT|cCuA_R-#JXe~5jK_U
zlD8B7$yk?smiST5&-{uuAW!B#%f|`dMEuO(kjzK=8Sw-0eHQT-v7b>tbP5TXu4mK!
z*A;9x$M!R4|IyFz{C@ubP(Rap>iGQ3c=x{^`P&ownUypTU@s3)z1Yv(#q%TfGu;ZC
zpXpNA;@wV$f1mqbFC4|sjCcR54}3a-pBZic>pf-o>-!nw@BN8-YlvgMpJ^l*a`-E%
z_e}Vi&)hJzer6xxpA0|qB=Mu1pE>6w{mkQpZz6u?P)9jG^M|{hdCLaKWo$pQhWPu(
z^-K_~V1E72ThGi+kI&DHcRh3bgD3VgEo$F>LG@xk^M|*dc|F;K2WTv~{Qbr8u4n!o
zd^&-j8ErlDr84~W{Y(qd1OM^)M7`10GoPk<&xD`()tjc)&-{q+PllhV8O6_BNB2KY
z<~~c7{mf#h$uN13cAsT>SwC}#*Y)vw=AgorjQ0=WKFi;&hkV{Fd?<0k`@_lmEL(}s
zf4t8U-)Gs#eEXkspXK0u*nu^?Pn)iIndrkw?DxMUVc#$l{C%@Nf?)@jP`zjJKFhVR
zbGi=|-$&tL2DwSN&+<C9b2vRm<IM}+a`#y_-8ypI=C7X4eU{&SU}V4L`2Hl-`~Smz
zmK#aG%B@Qt+<0>PU(JMXBI}Y1NzNnpzvO;;>@UoJn7>f}5$%7;efp92S>pTe!|$^k
zW&eZv!|$^ki}HuxXF1OK{(Y9w&KW<}KE8FyBgEg6UzhA>dj2PzGyXf~*9tZS6F>i@
z`!>(QbH+2TC%qoWeU>`x`=8)Gi=8vRDPgy8f55j}R<C84-8xtJ`UiB*_@8bmzb*lv
z#&gcN0ete-CF4D3d_jW0ur%e)8NVV?@1>9f&1GD;&qCV`?6?1f>OB+dl2+*16rM9)
zP55nH;?&+EF8S7do}Bb~-og3IhB#i)`{L300lROm^?W()_wIj{d){k7Pwcmi-=O1z
zq%S!>h2qh(L+F@A@;FX-VdqcwdECd|E%GEZLxXz$VQ{hFNB?KH5&!Lc3+;L1Lci2y
zu#b+3BTY}oUxAUjY4}U}v0T#JjA>jC_|T7~ZaQVq<z6B6W+}dX^oS4RouPR3k)QAq
zsh3OHIiz25oa$y&ae+%^IW5epmb6k1XcU4PhKn;by<75&cSybP8fh0^CV0a0gf4r|
zAXNEVd{&N6!5{e)jE7G(WJ~_2Ppppd{*>7lJ!fa@2F#N`qvz#wd|EfQ56FKl=ga&^
zS-Gxj?72PEdw^_3DwxF`+WmLGyp_voLeo{Qd~jE6cf!m;o^OM@xq2{bCcRexb|Wt^
z{KGQ(iGDXcO!!J#kI2M+8P2=bdG7-lY?X4<|Eq`Mer$fZd?i<~^O_@{FOhNCedD-X
z+U4~5&T`MM^jt@Jn5T~EnhgA~Bp5$>#(3@}{7HM^@@vrDr1Y01Jbr)wi^tPKxs!uG
zIi8JW$I~`x{bdQ0Kb{+TJROsUKRKQ?WydoxY5gU~)5PQ1J8Afn<9W3=9@FROIbnT%
z6a0n6fPU6_^`A*SJ%{<wGG%-?o$)tv1Y&%M?E-g8=a^64Zk)pSS56xKq#RR>|LCOg
zCrg<8dG+fz!tNcLH2g{WA7}iCNGHb*WeJZ@|92UGcGB=C>Hj+8Z=5vzN&3IQ_*YIE
z{v`dMWc;0zhCfOF-!uNMNyDF{e;46@ChgHfJf0TPvdPic<apl6__s_N{w!hg=fhhW
z|F%iPpQOLY`1em5{v`eD82^Du!=I%8jfDT1)Th_+cv_}xJS!Og)albJ8UNJj(>c$u
zJYG1(@|er`k4~DrvxLc?-_sfY)cNZtn-LF8oxlDs#y@rb`ccCFOwRAG@OWA#P2Nd+
z^$6o%Gim-csZSph`X>#4lKu}d{;9K1CB{E>_UQq_KSH0@f{V1zIgK_b>9Y4TEu~e!
ziwVYj1w*l}dKc(hTZd}i`=uHf_Umo&`pN5lahjg5d_L8*{%v0)J?$yk=RAcvpv%Ye
zR>G4Cel7bl_Waru?lTlHzI+SQF&XQtr2gE*_@_>Pu4VjFr$4V_{QD<ueq~kOm6Sri
zRxthplZHRZ|5pnAlP2FJ{pSe%lZHP@|LKhX=%nFK(tir$KQ?Ljlk}$uzs>)6A5`qg
zWX!kZc%Hl#^SNQl#`9l{zjD&>C+UBb@rzxY4E`kL@$ZEHnUu#PQ!I~<G5*Q3e@S_K
zi1GJKn!J<pC^7!2)29a*|J3QzJ%oRxKCPKFekJ7*@_1S%4S!M|w=({z^LMR`f9m|*
zYR121()g3)|DQ4b$(wIU{$C{gpECMiF8rS~{7L$kGXA5JhCj*w7c%~1lZHP@|6Ia9
zaz3|BT7Sv$RPcB@CJldbJijDUG?n*VA7lJeXJ5a=`0FN(KS}<7h4D8`8vZ2zA0hlB
z^{H~w`b&;yACG71<nckqUpHm+zn}3pOd9^AJl@Ut+a?WvmN5DIdz%^m)XnFR@%Ky_
z{kJmyzDdKM<bNyUKR9XlvxLd#|7ym6XwvW}>HjmrZ}XYn|1A4BwokLRf%}d3l^Pkw
zzETza^69*o@PzA+N&9>coxGv_rHV_rzT2Vs=WgSCSJx-ym2v<NcyOikecS12uVxtE
zAHjJ%oR7hkuKW{D2bXdZ<fc;vy7n<Pp$8ie_C1n_?o$r(euUj;xANSy-!Z-I^FPhy
zwQJ>oWmtcl^X*(x`vQsY{PCVe<HdXP(XjnKX>ac*u3akxxzk!0Z+f<llg0r`(zE1T
zAir0Z@>0PsxIb&}c1Ztro)hPofG9mn-s`lEV6e>2LC(z+K$r2s*?5UQ@Gm{<8zPqx
z`Crv>3LoP07{mFM)BQcepW?61kRM(s<Ma7a0lpA@=-19`rEzc)^x61l%J|~(|4Qg9
zsh-RqU<StW+skk{z5B&#qNAjGE8>%WsD)40PpF>hc|->ud{Mfpi8jCfQL2x-4*!_=
zj?7D_KF-Hx59^^%g0b)Q-FHdK<F@%Th3CV*hH+2f`LKhGzYgq~lJj7nVEhe}hCgZ7
z_A>sqNyDEdOul~XWc*X-7ke0g&y>-BFXQi<H2g{acM*P@Z%*Hbo}PL2u>RbsG;!!k
zPjBEfI;WlyJ7DKFBYUHE5$C%x&oGa14LVKL4yLEqbB5XRK@dlm`JvqO*$nTKgyjlL
z5Y|h-`zpCOzMpbR7R5p2KeRmdAM?4q_CDMlp?-A!r)QqeFz5t^bR}0~`_x50+fSRv
z8NOa!OMHXhLqYpm!E1b|y-(Ul{vyxlgTaR+HGgFLvgyj_a=|+C1MDyKKF(Y^<BZGv
zpj!g!q+jqA-yy-}ZcgS~|LQL)GF)#d@v(}2&E3u**$ZJ%THl{;&llSJOfg<yg57)-
zjW-p1mhFG!f2?2P8|aDr4~+wt`DOd=jq%6l<1+A3{oml-(k@*Y`yq@hJ?lyC7xL*M
zI2DLrHoYB9Zhk*!Qa=;%6EE`pgv!G$R(@5yh6#0N3cYTL&X1WIKM46mr~HWGB=U9O
z6X?Q~o~d!t1p?=02!7LRdoIHCKRsRWxl=k=z|s8D`H`D$angD&uf0ngZP=8Eld9Ud
z+~?2GH6#bZgM#*r(%#~N+Pm1TM{z`Y*4a!j_zp_av*S4F5W$h&7i3&+XChA0d6S;4
zaT39-_lu?e+-^yY57BsuKJYI++u|hULzJJ0lco!!qxJ-%eQvtk2OUqG^lk7(<!1cw
z<0Kxx7bnU1B~J47lk3rUG;o1$sOR(l->9F7=;y(E<2VNRaD~c0zu$8CRt{URsb$tT
zQRgc!S^lWyn_Vg>zFfs~P$h7SPvbOPkmb}ZR{hfNYq-Uth|zb97Rz|;`IqE-22+9H
z^`CEQA^8}eF|KcrZGipx&N}iRdG0oPjtueLPy6Ed4)X<LLjAw|`OuJ!$A2CRn!8WX
z#C}hPLGOnf|8ogzc1-NKgtu&u{p{d*I*w{d-9k;B*b#fKd=a(5bzxq{Xne8f8U5!T
z{+)Q?qV{4(%+3$qC3yV$4MhLkcF7O*z0OI#*!s=%!TMiEV$D+1J2i!zx(KeFFMieZ
zv9(6*5yM1Mt++|D4{54R{3~!0tR_4c(a*~%?V_}pk@<Ni$sU&Ha!L;%f0N=P7%HFQ
zr$lJnYn5+#%B1W1`NRymOkbc6uLFOgddi>0TrDUn9f%u<1bY5R@TG!Ras{Ka+_=%A
zcD_8&wwmbTaZuVtEsL9m*l*eT@J_;y@vNql>ru+}YW{mfJwyZ}>nUG|NVp{Mjk;pK
z9iz0EiTN{w;8Y-S#Yno!_jftba|C!)Zjdk2ODWS!X&1^>K8Q=eY1cNK|BJdQldcO3
zs<(N8BR!;df8c^#-U7Kq?Nu(?-hbZrcd!dyyQBT2zny}|zUwnWe-ra;a1!R(&7gMz
z^X%V2=NR)Wtlum0H~P+2ex4=#aEo=Enf+YPZIt}<v`e`l+|(!es>fl?HiqdrU`-E5
z+H_db=0lv?^Ionb<>?C9&#`?A*Dv;P?po;|@ge*teXoq$yBB9EhwLelgM9nG4&n$<
zNZ&c*dhKUwe0;v(SxR~XJ01282tD;jlpgUP7FQ!KJW6<h5B1#+sh6hj3ZY}@KN_Yh
z#4lO=m<oQ#_{`3xXMLYxw_W%;coj9Gt9BKW9}LR$4F<^v<65*pQg@&5d2ofm(AP6}
zP=DMz*%wR>y4b!UCEWnV+)Tl1ao#=x!5_C%`0sWJ|KGe;z7spR99S@4Wqj^o;hQUo
zyfI!}Mu+Q{eCrQ%eLhEeb`MvheHPKD;%P5nLQ=sZE{NjD8NXqEq^L(+gKeAyZcm@^
zN&8RFkhm^48{DUQYoy-bWs+iCS^AIhgHxd6ABhfoPe!@&S#Obg%nze;p3oU~Nk3tW
z$jQbZ&J#HR9|p8xp6HYDJ<JL{;X-K_LV@TCmrDKvlJN7^h&XDOi=XnJD}<i;&oico
zPFFh4{0QxPv%8N8fA$>ZwA}dar}4WTqSraKzp3Cqxc*>^5CXDTpG#72P=+1M6|#fc
zR#CukjgF^L3L<`Jefth9=)e_9^(a2tLvjJ1+qdidOG~}EXG<E+5q;aRGUg{dM(vg7
zaD~BDQV)Cv-w<yd^Paneyf1kumgnF)sgHRJk_I~jw(-tYIv2G{epr8i`LdMoVo2s6
zfcFjk;J?h1uu2BzN-}@Ks`C7>xCnk68Wruks$DcY=5|QG=;vbeqjtsh%e=AuUE8lM
zE*AZ?=hZh{ApD~Dv57t`7W!ZxF~m@x-%kaCFI?Xy^4I+jTW48(cls(~7+r|}ix0`1
z1Ps1cBcJ$lIKlVEcY1u+@hzqH%tw6=e(no^C6+@tr$y-9b5Q6xSIavk#k66*bqj3r
zDx4xPeP>YGuaNPEnJo&7JR-la!s>TQKidU1`sUhtdiN12&r3P@2TW$4O)tV`nJ19f
zV<ob4JyPG|JG5iE?~;6*f2jX`s_*oBEgKf9+)5%3`>v$vt;KmphkeI#Q2Df!<iY$^
z|1fun^w;ime$@$V{;Rf!2%{_72Qht)zVoX39DN6NKl8)BLzoKGuj#m~|GA5$AJg|m
zN*{f9M)-NAlpFtiyY>U-ht8{U(qZqB7%{K9r61$dT&2V3|2NQ|eGjz%fY4|2ak;gZ
zc~V@i^Njp`1r=?0NaeLd^ejDXJGYPQoy9{t4|2YJchl_=y>bJpuMdkJrYoM{4hOrW
z-+emO!e-(7;O&wh)(ao$y+K0ngOZ;LWJ1~bz)<C~;l6nwH~J2W&F|U=#m_n&x6^T0
z9FU%N=Wx1}UZc;(F&bS?$2F+*r7I3Ip=NJF{SJ`%m-fqq&h~qRuizu>dbm~fQ0+tQ
zb~->#*NOb&;t=!dIMZ+IX1C{<jOXE_oVMQ`_tQlf{W#&nR}YU9lI7C~Kjts|SGZ{n
z<BQ}j<|lfu&mNkW?B}|59%>vt7mkOn$j@~sJyf6l+(rrDY~G*9&)rNsj_B!?`D1d9
z?0A9MM)UnLrq}#g(yqE4(tfV$zs*z3FSdVY3EgvFA?cLa-;&G|vv;<>GI}uHSCwLW
z>%98Dy|s3z|4ORw`bD42e{YyCe7E-PRVt@$86Wzmf2<!Ym%C(QLLPwO|0)yr@m}G{
z!}SY47pXlyeF3n+?xsZ_HIBA^==)@xzmDt-p^oUCdmlHW_fZL7{QdeYp@e*p+WN@!
z#@|;-muMW)ec;qC**fdOZbCqp+3yRhWSnlm_$7Ltu6Q2T8&p3R?UT*t>|h<C0o}&;
zxoYp7`2iirhWRqz!AFo(TlG_!M?wbi=W)@~ZowPr!NmeErFv!k-8)o%S7<x6*R|Km
zz+-=>b~N%cd$~W`4|M8>V}B?2Da@}~|Hdzi3l?1>{f6}-chgt%bAzj;9Qru31Uoe`
zI-+??<7YizEck3c&FwhI<B0v8(1HGr_mN!GkC^;jf6FjF&s`z-EUp~fEHL6`=+~g~
zANofBqID_up#fjGR@N_(9+*E>ItSk^_|}n<u%2ub*yv62(dvb|FMx48+DClTb*hbH
z7O5+d7ky`a9Ra{USM9AUb%=Zw-mpgW<ihqvoWG8iu}n|5(z8NR=v_7aC;uw#>$gZ+
zbAVIKr!M;M`;Y&mHN3sgDixg1^<4ipX_o~T<9TT7MOz=)ya>Tey6F97+|JeuW+&Y4
zKEby@>V-2U&b4*e_49@C?G-Z4vn%ch=1|o^#S8g?65C&xMS}-n8<y$(k#HhdN_^pY
zrt!$!OQk=zQ~7WyN{P;$!jJG$5)fVC147TBY!3t$?-$=Lag^;VL~>I55vo3HIA82T
zD9exNoPv$t_VH7}LV2&_I_@?)Ph<1V=ILO!meU~FkG)M`i$CU8D}2A!Bf7zl+IDcw
zo2SuwZ?Et_TJN<f%+&)MU$joEka4H<JzW;J8hw!+QTw=Pt>6i3j)?rv6gaXccWHT3
zJip)4H*q@6z9-{=xi)Xxq#v_8wjRYiyoLK~Vfu=q29e#jd29HseWZ7J!5hhcvA|{r
ztRKSzxkIzi?+xg8r;K~h<f!x-K3f+>>p7eM^P%;m=a-0{BTmAUxbUIVSdSwAxg52~
zekh&jA9f&$ug{h84I4#IQ4YPb{e@a*`&iFsyjVY9l2|`4qxy&+1`_M%mV4rO4(&Sb
z*U3lqVP~@1?m(j5wO%{hU$k=zw!aK}MgQpj?p*pC1UJo`#_=im`XKEAAVs`7*v`el
z9^wz+J1M=0vTR*zeh~GqAbU3mq;y5!RnH6T*L$yrKU@fIk)6<aYx?2GD?{%`IdwqS
z1N@izsgobc`#<SQou|6~Pgk7672U<sPi`6wfUfi`QPe0t(s_h&ETeIxS<5&+<N6ja
z#r8(xA6w5w`ga>wXa2o}@rdEF`y6Q~8eQf3UCi}`fp$*C?i+-62>m8E+ZV<C4aV0c
zX?Tb5$^1Y}x0FZxQ-6VZh#n0up3B8$?N$?roLt3OobU3S1g1ypsDG5#F2!FO*HTV`
zvuPrLV$g@w;=nzm=d4GRLXXlFvc7R^b$n`X?L0uJ=Xb)IqikPNJWFHx!pw2b_t$~^
zp0=Gr2aXH!zNz{X$QSRYw0$~@%kBMX;T_V>;y>e;>lgcrc`762dR?cV`&;fmHx1T9
z=FQ7I{YHNmda&K696#Ty8Sg~+PD5tCbE@>>eRSS6qjsZ=!uJ2o53QqmurlciQ7m_(
z%7rq~B5W3ZuOk5UBKb5uJ^6r7@0en_{I)Z;Yv^xI8MzFeC0w#~t<8(ti<MuJ@O>Tp
z9CKb=E)51R7rf8rd6Ao9{{KsY|NqB>&7Qb(RNshg(BInar!nK4uAB3%!bkHzWM;Tt
zIA8K%UU45b)ca!T={InJ?K_5>B#wq$yQpOFd}$Zf_whWgT`uy1-Qseh5!X5*3;J&H
zqpeq=N9(UdoR3|q^5viO#tA>(_YGi@3+*qVwV2u4$REn|qdwPi#c<96rZ3#IpHuXY
z%kE!d-38T+&Liy{;Ch2<z}&+!zEmLVSKI%!^@PpmL9!RP=AJ5Pd+EoFXTzzG2HtZn
z^BmuV!)5pJ!c&FdVo~k6?IWKm@rBvj@KjlN6?C7bc<Lg?1NyV{%j}|!%lHlYP=2ST
zwWrY!x@cX+DfpMAU$v{2GVJTe5$MB>oE>0&$ne#oXKvm9<?$6-f5K@|&+CVqjxp?Z
z{ESn(|DD%yx7G_E+D{R_Y{&?oTweAs!i>bFE-&W-!^~mnCoktMiW%`I@jC5ax!m_-
z{2t|Ng>L9c9gQO?Pp5KreWD+BKRgwDhVg+f;FRfAtY?If^En|truj!X{roA#G}g}6
zp`o73jMt~4m+5KP4Ws#@e#GwE`}cuo(tL^cUk);zF<zm|+F3uwC!6PyUp`ahnA3A~
zm=~X<sR(|(glvWFYt16PCiV@5=c?S#WHN)nS4fIDVHy1lFV_5XB?X>0|I9n5b%Op*
zpQQd?>YWR-c)`wf=F~6y`i&9!<9;sD5y@TSyi_1@C+sEjLFMO+54z4lIrBm7sr6&)
zDDdNl9)0cv{P^wK$>IOs{37Q6NPfutGdg`f{1^9s1q*V-xX)2JZ<ln$xCb<!n487C
z>lPT}U(`Z&?;(McaXj=qOGT*n^Y_6o$b2Z=C-37<PpjjGZoBHC+7sv}v3}I|jK}X6
zui|>Z4>?*oI10Vs#{r!WUm$+CLKXLK_Q(|o5nYkJDhOTC{gMI~Q@Pj|-##7D{-3&m
z{N4_!hjAPLzw!dxdJc5HmES)v_TRl*`aSvgp+72i<9->Bdmzgl7PeJO+9LukE|G~`
zyjv8!ICB}7hu28G@G@x^o~L}#ePDmR1r4+PU$Z+lKJfQb#NSl#_e_tie@stdPru(A
z`+J*5zMg!D^@JElm+2Gu^)ljDns*~*K9{4zsl41c^~i1HZpMCJeevnaN6zKA+f+Wc
zXSw4-hsvi@<Wq1mFN(eO%)jE+3nZOW$7$HSOwy)mN$azcW~wBuna8QGmusMZ{W4C(
z6ZqaL_?f*q{+?H^VsQY|=pJt4_D=7=+rEzfd;u_p^((dCM(wv@M86Hx57t>LJ$XaU
zm{I8eh1ZdM0nnAMT*Rr_mDQvt&;UD!3A+EA@S#2Z3~J9@!S&M>4V>D3yemlD713Rg
z_<|k{;C6`f2+fcyYCZLT>1i)#JgGp=_vibs<MFs1Et2k3zU=B?*zVJYO_CqhOTE?_
zY1f)r!}WZ=vmDe8VEjL#@u$cl;<EK7#<>h|iL?3sH2CPxk0;(3^DU?QJNd#&ZqTad
zNt5k;I<Ou9KFlAc!^4-ZJe~23Uk)@7y3!RI*LElP-#wiF?rl;Y$syuDq)qzQ%}L;1
zE_gxT_h@KF59|wOkgrGofpU*u;4|udLhbx>*Am`6B9AmVHjFzJyoft;p1-T0oKTim
z6vxYaGChJ^2<=d~n43MV_edWkdR<B8?dbShMej5&iTjrclbdz}mt&mOM3T>sPZ0i8
z@J7+UywD4Oj+VY2w5T5RP(Jv4+uzXmb-(BL!Ixd*;>*Qj@a5H`^5s3u7qP1+<Cp#q
z@yE_dnqLB62`%%lndbA@{%H*hWc>aK*hwzpu7gp(r&4U;dM6)0n15;$JhyjnTIlGM
zw39Z6=qk8PoIVr&>9sdKGyW+%ihsI%m|a}N<2E}qwts5o`f0qhg|4UXpI*y&Qb8l9
z&xC(k!2anL?$5Wc@JHsae805V<5#ZoENQ3l73^1*a*}xb_NNVNulBjnz<A2-Ycn1F
zT+I6<$JL&}&cUAH{k#@m<SJzW*Ip3*Z78!(J{mqEo$;lH;X^NSU#p4I<hXqPkcr^-
zPmxL(J<moz`^z^Fecc!p`4bv+($D@3<s~VH-Anq}Mfqo!pZylmJGP%~8pEGlHmX1Q
zH^QF^#2?xEXFPs(^I!jd{p|j6@#UN`_;U8BeED1E%VI7+89)0t@u!@h?IYF0ynZvy
z!?FGB04wVF{VcGL$ItHNdQaca?iW0_AK<jmaZu9EFG%XX$muiTXK%Rinenq#qxjk8
zVRms5kK63f*nV~o*H2gMmUf#tp?#giI%M4I!1pkMl-^l?Cj2bki=PVqN$B_N>u7%V
z6&}BGm9ima{$@OW_NBwxw{yQv*N^Fn3(C@gb^Pf)@xBfGHn{+vk1rmE?*?h_`F%vZ
zzTd#Oe7~O=)_yg&cLj+%PsZ=h8;0+7im!{)lfgH07`{ss-<Ffc_d5y+Ee^<43cp=p
z+ezd5xrZ-ZIh*mMf|qfc<U8be#wc=p%)^tbT*B?$(}=(De%^ST63?|4dKmA?#9v<@
zhEL)-r}5m$$n{@_;fv$BUZOC`H=AF+-hakx|7?us{^|8Jj&5dm*?4Xr$~}9NjOTtx
zQ~BAnZ&D(9$ByTo;&Wy8o|KXMCcozLa{DF^5Po`3371bKo_pPUf4}kE{~8xxzC8wC
z<h$hM__C4t@-=QB*66;~xmB!KVU6tnx^pQoqbsaw;JDA}zFt^Ur!W^&x$Iw?e8QS)
zDVOO?<+|^t_Z`wR#oprlA-oUn=fm%~J<=`}oXLoNJ?<d?V&`yh-!Drw%s$wA`270I
zxc(8Q!=9_beG1>-+5Mowhq*g`@5)|k=kKQ-0<8OquoLu;{bM)nWBC1TL%sV15AVBC
zxhrjx{xiy-QjfyQzfzyV%3nJlpAr7^Idnpaa|1^Re|o0a+xY%g8@G2GO-?NW7sc*{
z^=kyCd)v6erj^>?7D;QmB(3k1w5fwre_Y_B&yNm*eLugE=E<8YzgV{2MC1j$so)EY
z$MsinYVWgKNB#|Z;!2_)zP&z;^f*bc>(6p~pU&%vPCK``k8nZX?72h0xT5=BO9i(3
zThKRLvA!K+{HAxIo^$Z|1bNwhqE83D^P1+<>9Ws|CA{NlcPY1n_R)MHda&PZ_v=!6
z|IF+g<~uIv;Z?NtAC2pL$sd$3Ah7e`KK}xu8|^mVg7rhd<IGjm@_nRmYopkkQl*Z6
zrNZ+RUZb$cFU+(sY;*x{=i1@&T1hv6?3_Nzuh>B4qQ24jTjV#RorFO_ZBH!^WYIl3
zo&ia5|Dg|j@78>3gA4p$Mk(;zM}fd--@EnW0jqy6>X#S|-?ssO?0&DE-yOVP%7OoS
z`swxv-{Sicf5sI|ZmwVWXy-ia99Js1n(O8JU&Q=ut?3ee?y%=EItAYOT;X?9hrqjL
z2;AJpaBD{T51Tc=N$b}Op4J+{@9Q0pOZkRzY^ONL^vaclUg#C69`g~ml%o5xYUg9W
z%)@wE_fy_SA->(WAN_uctp`P6;{FA;^RDIm-+jP8h3}iZoADDP=^CAWIk;keb0q!3
z*mCr5BK#@-y3lZaZo_=)7ybiZCG<5fFy;Xwb;x%)>9rdWx!Qb*_PM-yWA$G`^}|lV
z6WNn11P<#Dv;HN|-y2@^_dTM)-qTUr{$g$zZaO6GN`eRdA0c|ftp_FlF3Csxr9@L+
z&(pzfgLA2Xl#s4P4{}2OLF}^YKg#W$bQ6Ts7MCvv>MD9qm)oQC%d(sK^Cgeoxr!h2
z7wu|W@K@|G($$*p24p-rq7PRpz%DY4yPFe^*HMD;^pPuf12WE3a4J`b{Kd3*p1qgq
znVj?eKag?l(DCim@$Nd#`F3tOY?Ay?&+oO?NW0ci{FFT(3cBXgyf?axFH<?s7f<m#
zPXm9q*aKhwq-K+H-*-0SC&tk=I)3ZFyq&V=5zO9}oA1A)TSd{lD{*)1k1$`%Z$W;a
z&X=1fbwb}s&JXijVU_edmHO}~jdLu!?{>?)naFpatBG{jKS%(4`YQUFLi_(Y#y^%`
zJR<XXl=A@TY5&aSDLQQi&QI0+H~R#>+_#4K64|9L?$_dAJD+KMtUXl%GPfAiQM*$l
z#q%TYeeMU206OD0U%KmbJ#TL3Va*?*KMLQ;z7ezNvV7?O$Ml@XzfnMC_ecFW>=5Za
z_Pu(%{b%6oy-w`%$F=<<)P7LHg!sIuK5t|1VG4WIe)fu8_0Jh@OZZcM&Ze8m<>%QB
zCC<68-c0w{Du&Z#@gnH^FQO-H=je9`9-Jq{It%Tdn|OaVLiQ>I``+_!cw9Z}!N6Pd
zHqmQBL(lz)9||)oMZfHQJ$io0p8u!#oXcA`$$WBp?mf)3X*=~J_THuFJrkW=4!b}i
zp!d*;o&bhMwCeg5FqRr&rh)5Yd}};;g_%0e4||t!>c4+7$#?L_{3FI&PkL(lV)hSu
z_X!U_-a|=CXP)mDlHelyc_wAj73sC^Yn(kzG!%5hP5@u$VXQpmLchn~<?(sB<Ri|)
zed@3#;Bi<SMe9Y5$9=u!c&y)RNBRZ4FQqJ}>#AIZ%qtt8;q&9VdDI`~;Yw<U_D}YR
z-Va|FX1OD`XP)r4#31{P7PKe2|4HY`TFeuTe^%4@3H1ri=~0JtMd!oDxG!Vp^01#l
z-45A4QuO{}?bkmab_SUQqX%@t^_bnkcrz&X_=xcszfiA_>Z9J*h%b@cCEO0&+2V&$
zFH7}muOg#C*WgM{0+<W<)o_~Bb4w+EQ1?-Ajy_9Sc8=Z^pk;K9rt|rn7PqQBQ9DyR
zT@c%I7WO_a^wU89LmD40d#@YTu?NuqUD|(#EZ7U~Wn8al_G*sIPuMZkti9(FE_Va^
zJjYhCXRfn>^TVx2L=QR{<o9Mb(ocJTj^F=&uYceNiM990212_-E27uKgGjd=o{xHX
z?0Xbp?_r_CF&f@?o14J*Cj{d;mj4g!>%~45iV{!T`zFFGg+KP52h_((JG@fxwr|92
zpy!{LJeSk_Moxm(CDN{NA1Mf3#U&zOd(U9FWD)1P`#7QZkS^pO`HKZ^T~f_I+AlWz
zn7uTARbJteixlRB+6&(bcS(Qt-kIWgLTGV;>dj1%uRTY!VS(yRNyZ;80GD7VM6Tfi
za0#%;HC!NaDK5F3^I^wu*>kk8zscvaw%tPf()TH#KAPCR(ujGpSomi1@I?MU*HHKz
z`u@?II>XriOM9EAn4jQ4ime#wQywiy?nDG?`f<RQX^N(TE4bXZr=!II?|I|!IN-C?
z{+WyeuDScfaRAN<PemMX&Rw2=`aQ-0XON_xi8$bb)g$%Bj|V=ThzH;Tpm(qOPx61G
z>HC?iX5)$vwk6_&C+>~;Z_gb<pAjD*9?25w+84ZlJ8;XSA6Fsszc5`KRI$E|?W4tK
zZbzQsd`jj|YqQ+fX-|n=+t94{fl^|p!sY|AFPIWL7B(MbxR4S%S8P5camm@zKkVjV
zqObO9B9yLFP|ayMdohRXh0UXIlf-ZSe1sqN<BHXoch91@;#6`FMo+o8VlK+_Jp9NG
zCF2Y~zBu@h*cosxX*b;rvFC-<d5o~wta5E?VR^b;D%V-U@77HcFSgGTf3jiI??jHX
z#D9dFjwpN);|n((6}iq5dtcmijN$aOgF}s=r+Giac3und*FKVu?XM%wfJH6LMs4zg
zz4HE^^z0Q3r|CWU7*{IT%rN4BEd8o=pAh;}Z{YmGY?_306?@lke%QQ{Q@`JbpcmAh
zx}^61IHLTopnq=o^F^R{^RRXw8qw~p-0lOCPxW!3-5N^W!>c$y?A<GTo88Xk^uA+;
z!{#lLpArQPoBI^*mU_)S3QM38Hg99N{T}uEy?@I1^IN!j(7ILTL!pxl3|-D)w3Ob-
z3BAWj=m?uH;&yJA^j~b2^X=iLbxQB8oEEprdkOP<E@8NJlRQ6=-_xM5>5=s7_H;=5
zP1T&bJ*sb;vI<N6a8nh-kO$<8^~;^aN3ic6`fvJS^0WJKw!X3ZYhg{L;O&?GLVZpN
z^NQuXQRp{&yqfZ9xigfWcH0ojEg${=it_hS9=FTNIMTCj9hy&h?k@U67rh5k_`g~C
z+BJvs3tLc&zL(K2c5p+D%B5fIWUJn<F7zMb_EEgoe~{rQ-s=~;Y4Kirzs$c4OJqLg
z`(=Jw{8#8druZ)B{%PM?@m-{_%vX#5Tz|m)3YWBLx$rMs(xLD?EtkN$m{Gl`7kvrO
zv-nTsZSU_W-rdjbH{8)DcuJzT;esB8w+USfwka%n9xm9T@PL+gF&tjgBI$#eMa1`+
zD><d-;I&?(!uu7LIJ9_~*t<CHyq?DcKXUX|ax!{__8e77GT<N2C;8icMdX+Dy|%u8
zS;_Uf7%%FP>d^i|XVg!l=a21u(MFH?Qy*U);Y-?g#0Os>k)T}_;WvFo{uQ(Yv2(2D
z%Kw_$p&p^7eV9g(=RC@w%as}wR{brh9Hp51Lu6q0L$UwRnAl&sfc$SNn9F#g{fi02
z<qP)x`fotXlQ%rr6369YIL+^Y{?}8T6Ya}gNAdMU_T`o~3qNgN?n-KJaRm5C|45F<
zcwDecxF&O7?gwu_aXj8h^h`xOzOT#IheIO&-^0G#yNRFAL_Ci7-<uwpeTN<&PQ>A~
z?Zorsi$6TMeYpW|o<m>X@y?jf>1hq@N8Br^6S@j3Wxf^XNPGi*gWagDID^Y4YM*@j
zk+esm$6Hj+v0du%_G_PxT{^F$yj}X}6|hSZ(3i7Iv#Figr9oZaVBh&kvQwy^1wWRb
z#{6(siJvK4y^!Hz;(1tme-QS;zDezCSBU?0J0+fVtHd7^R-Z5JH?=80B>u4b#E3ul
zp?@+zkWlSrnfQMBhk<{y?5|log7|I^+EF8J*9mFT{H6DL<ta@C%NZ`We%bivD2MjJ
z9#6h~e#e_*yEdNn(MQNG+InO)$$>=jd);@vmGsEyDYrh_fN}{pIBvvx&*r<oE;{=`
zZ{L;fDdWO>iy&ctpAr6b5Su`BAr3r;Qi~(~{5r~adqlrNi*HvGF{rQctXsWG;jH)(
z(i37S%?tb`T@yDKxRpXsIH!{96>`uTiXXRWTt7$S$8DS)wCZ#Eg)TBQbQNbV<<xaS
z`>6k!ixlRBV3{{=K;pUfF2y@j<H#<l*E+LW+GPa}_4|h|Yj`i>g2IcnU)|R$)@xkY
zq;cV88W;9!JfZuW#XDqNMUCfNzl=9rB5_?5$1hnabm+Oea7m-W)y$u8iN<#e;`k0D
zvh{8%_%zqE_x%n^^B{UJBZP|jnJSJK?K~y!-}&#2u>E-0sdc13Ieni?xOE=4qx;Us
zfXCvo_&ZjMkv;63R+bhTsCOgf+kJK4Zd>^b>I?l{O!Lr{vfK~e>xl8eE@DT9)<2xz
zDrS!G$q)a2)q%u)Lg0_)5l!ko!h?Q3{Q%La`yqgTPDj4{`;9!Gx~Vc<=0E*;^>J!X
z&#?<1?~;1JbH?g;zPa0jV<@qGCx0G6vkF(qM4<0|K81RPtHi#B^#S88TqUu3SYIjd
zO3~lKYFH=KC&nVx{h~sS!QiIU3xiAP=S`_s1{YGAPQ9K_=%iB>{04?pa6ebf&3JdP
zg?{Cx-xnOB)ZUwzo4zghXTZ`8mH%b%7X-T<LPu`;y}>US7CLj&xAF-aw?oE}o?a1r
zpUQ2&g4V0dhcF|0la&A9E~-qIo!hnZd~T=c8~A#ZrdBGD{f?VbF6gKF=~Pp28K)IN
zC#9)C_6Kq^I)g!ibJOqSFGj@Ux;^+P<;UYH2DcI%kE_5Q%k8jn-5Pv^%j0pulcoZ4
zUUW^yxOP7m_)0u))2YjYR})^yse#f|a0C6Nam;vA@C4H7*9V`VG#<|zdED`Mt_}83
zc|4xg!D9^Dcyd8I!|`~qa!>K@|KyB^Zp#wB%{-pmjLU=f5uBTTS@1hbW4d3%@`>rb
zm`~!ybT<T7QT<pBuMWP&a7=eA!KvU?^mlUTzWI5;*P(PTWB;F<{wDz~^E|q1c^<`d
zza;oPmB)0S!}BJldui~mTprWCm*5n?J#TX8Uif_AyH@EwE%+Sa&rPoizCmfs?*+l9
z07vur1;N(|j_IBsyq{sylX<M+{(Sx_m8Sw?5?zy__p@kD+w;BY)XZQ9;Z3Jr6nvP|
zbAumHnzR$}BR5fgDv<X~<YxSK2;<C6|IN@K>KEw`UAgJUhhS3T@&0P)mjuV-ePRgn
zD3;UDhfZNQmea=wP6hgYy-BcNUt&3(rE>bg5XPCC{{5jhQySC#-JwN*BRM@f1dhja
ze`lzNVUyFhhTh9?O!wmir|2#MC6gkjUz33#xidcd-de8WOGEH4_P+64#TSL&>Q8eO
z2Zs=$*g5}P#pi|)5z@H|_G7t<&kp?y!#a+NPY?AnEaS*k92hzs?Mw8BF8EK26TY1S
zJ-=Z*gIO*P22YbTYzo+ql0SvH3EV32H|YvcLvT*~kj0<=d*~^A9`gM&bxD4en+3(D
zAs+utGtSU`t|N>;J!1t|NYBXfNz?R<3NB9x863C3W7jS}gX`h@y1;Aw=dT1ru*#dx
zi85Y$uV#8$nk!g57d9Q_@^H>!smG=Bg6KJdYDO2-b}L>EC#XCx`ItW_fj|Av%Sr$E
zt;odZGUczhC0?iAG~>G*hoxssuK=kSC&oqJ=cB(8pJgev_nD@G#mMIKSIPU_A6ZZR
zA^4%o&bv)`y)^~zLHZQ&!{`B@s)#<w1*C#spG5g~P)+$%elw-W|1pK|so<k5LBy%3
zU%UJW>q{#5HmV11^(;;ct0;(}tC*2_5N;CvcLNoy&xKW4E~n?ASiWu*sGxbA5xsEN
zP=|CC783z<6*Cg=w+p+24f@`^_Ej1uUdal;@5e;TH)y?7@I`J<@4M%Iu>bH|=>P4U
z&F4L6n$dTHl+N`MhlT5fUejMXA0c$^RK46PbcemiIN#m_xmxv(&SgveJ{eDL+E<uw
z_CDUh2c>`au(Yqm#sOWafRu)=)7Qy*?!r4{To%9EcNeg~)#mN*Kt3<OC)Q*8uH&Lk
zMi<n+P4GwWcNZ|Q?+}D@l+MZvdET6U$ESr}1W|MqbiG_uzT*BZP=KGXC&r&ta0%D9
zc{Uf$hAx|r;d<$(R=?AOd@iS90#8oglWzOWweq?0z`pNk@6D(C9?ahh*IvZ!qw%U;
za3zu7BBj^9PkLcDIVZY&dmGTY$?%2sq9@UN=VjT>`oH^$xSr`#^xjz23*&?96Mb?I
zi$0luF#Wdg$?PLqz=GPY7lSN59|b-bUq;Y#4Oe4&ZlR@3M8{2%Pv2`1y;FUSzY8k-
zvVQHow8l^K2Pf+9*YA$|qvsyDpTW`keTUGq=xvgwD__JvOpl}Qyz6|aUD(5R#KxTp
z9%T6RC9H<5KR^)a-)zypuvgdV%J1a7N(B!w9=BWMk)FAT5xSDjbF()CYM=UKo)=1D
zZ;F}kar^et0ZupQ^9*Jeax*UFvwNiXTn@XKAv#UpF)vSnJ(X!p--i`@Rjytu1xTpR
z@+UmE-$v)i^!w^C4{h07Zw3#t?YDH;_Y#nQ(~VhPq}_DOy4&pj9P)Fw+{ClL<EB>1
zM@yoM@?mK~pV|ATE+e_B9m)mYfjW{M5_zR(yqJE&51zs2T7h@v3e=FR+<8;bPxn<M
zZYfDU#5Kogo`sn#=YtOVNA|v&VcVwx{yJ};J<N!lP#;&A5jpwucivNE&-<ku`+1np
z;NuO%&vN5^l*XG2SX^bx&rQfd{M>YI;MBep`c*$_R6q1Pe;f3BGOLMRVneWw+#&e=
z1~KPByPlidka;f0Z-tVyFJ_+4@J&%%B?kAV8GRgoSR9m|@dU5e%<sf}+0XQanY}`1
zzwpVvZxcT^dW_3`eholgHM(En@$m@f&pQUr65l!X`3^q&@25RZFNBQtH&}~k?4<7g
z_f;U5Z#O{Sgg%`2kof8^S;GEv(Mh>hqCbmEXcliFx`6LyvP(W)qGxKy?*sLu2VVUa
zs$VDxzoWRKB=WGhg3hzEeJf@j6@He)eukNE3ZK{io1|Mm&uQzX&v5F~k>t+-;wOFY
zg7Jdx{iIm*+$QUP{M_bl;X_I2#=K!Xo?I|Kw?pg{@HAf><FR=h<7;9>K3!;!c5nGH
z@zd)E@<u+rYJFHf^dlAA#u81>_%!27&-fwF-)F1-*?fuaYnRc(cQ(X)i}@uRj5fdg
z{noPjSYUPx)2|mmA0L){+<ySSO>h1ERny<+!>>mAbx8H=pz4?S9bZo6^vd=VA-}&P
zn=?|c-Z){snp;+{K01W?>Oaq1mM{63FFo`Vbp4FxqVWNGP3j+5Jd62h^?pqCLfPIV
z-y;jh^o&Q@55@W>cFgP=opTXCqTh|P_iRV+Tj&>h;2*@UjkI@|pL8GS7-~+Iy)(a$
z@qh3_$XV#jRs07N6t0(fJQ05Gr<TC?dGK=&qv7*stY@l^K3}c=r%>OU@2p1~rM<<w
z!24bj@JRiEw92&i_?om!PhRBX`7(dWej?*EefR+AR=a;9z1c<eOmF;gn!WoP*}GKm
zaUO>&Wo7>)Iww=5u#A)9Lxs6I#|baM_(^|ol{+W%wRXf!vcCO8(^JU(#TSrY9FTY{
zSNS-vOMH1f2|MP=dl|tgKD|eL*LCn8+PMAs*}H<q|FDjKcB%rR9&7xz&V~Kzqx#_E
z)ue~EK1%Uj2#G_fnC!~4%x;Og$9i4HPd3r5hmrPRK3VYL{29v+Y@zz#&oa#Cao8=Z
zUxWIi*e&4u1g)(`(kBBO(azIfwwG_iD1@#r|EZ6s>7?z|3qbEU>=nK_d?I_*_+OY`
zXEA+$X!8nk`R7++9%y`9@jV`gKcB|Zmp+xtkBFDXPv5Uu`Ts?^ryua+=)dwO!{b<s
zZ~GqyUr#@2{XI<m(R-F8-q3wWXXjrt61UO!&^gYx{f=^e%k=xpj8EI?Ix>8S*%gFK
zxABi~A-o~{%gY7UeYA=2)A~Cw4*HGXC!%{_Il47&3(rxyPZPR*`IsEOMso1;vCe?p
zZlU~i<zqZfi;L}fX4qK>4)u<{2K@K|*P93*EUtJz=pRrybu*gy`HQsz`*G=esJ^|A
z#HZWhi?9A@_;_rb`$ie(D%Qg<jY&VpY5AC*YWj)sZzg(1*ip~EodbVeh}*&BqFoop
zT{@)tdxYa0+P75rD8v5vF2MfE#*ujLBs|5fbtCFCy~;oI_xMTLXV?dSom*W`bVuvu
zUfwtG<<9op8$a(CcziRtw}5Z-A6Gg3wt8=*I_2y$=)$-@NAkA&=;MjwN0a00K~K^j
zdgB;Pj+axrvE)e4X{ub0shp20EcYMBBj<YRr`TIw&aPkAFRjAQ!M95a{v4p6vAk@b
zN6s<${Te?%K>p6pH#`1@#Qd>&^%%wTw%?KBQ<%iZ-O@kaUpJP2F?)Ch^U>`20I$1a
zd%l<96X}cLNi!a)@A?Ig=}*!grUH2{_C)C2PeTJ=E2$r!PptPk-(at--t<I0=pWku
zC2i=Al*=q;oR63F)zd?>bElv0w?9?)?_R@t<&S5)^YJI!2;T(k@KLH?&JLR%<vDJW
z_jmf^G5SyC@-&Y(Y^mfF@fG&%LtPKr_u`R1*19j<M)D9ebZ$@MooOrB|C|3R_uPWf
z^BlG#BsjW!dTl%xB>alaiyx1&e|I<KgYFp^&uNS{dLIGDk)#85KW*6kbIP~-KVh@%
zcb+{{p2xHM`O$i3TI`2^c?tH@sYANxy;3~x_<pMJ!|s=an{+>)+T)7uSM8Sm?0%Mg
z*V*oy+4tLv-O>*GIOvh~Ygq4aJ{z$4yLAL)3BFTPw@dbOYvq^$(J72My{PvC^HiBG
zyC15bbBp5F>*vdNEPeUdeEQTe_$k@fbv6#W4`=rQ`-RR_@I$sIxX+P1FYuw8%jwba
z--0eXPvXZv2Z`^g;0Z3L?>LLT*?la%-{tgvR(j@7xn3&R$@Ta?PU5@gFQR_1uhEsb
zul#X}>0mb~JY&5AJ$9cC_4g;97dqnA51YCqKBz-08s9mZ>irPVaou}yhe<BrJ)M49
zf9~!BTwwOskN>k&f_lfcLH~$(bh(oB7jEhhf7i{~wC?T{I!Xe=?>CY?#Cc%<{sj1o
z%YVP(ds=|EMg3-<;4Q6DxJTiY3U5=mQQ<8N7fNjkw=wMN5$N#uRkl!k0lqHv`9hO<
z4(M73>L|TQQjC993+`t~fA)S+y1&aa%=Ih(mG9V(eknDD9iV?f?S1$g?@ze?ywF*5
zK*rI3t-|{iUZwC}g|AR}fZ^4OH&^lBj5s+?&^zZwye}-K7q=!;!MRL_D;XaT3jT=C
zhZHtB9A+5fn75S1v0cYO;{)vXdl2y}t+jEX|9@#2Uj8JN)B98vzsRSUc~bCG90AO9
zZh_&jx9S-1gqyOG&XN6M&;j|_xnJnDFTZm8$;Uz04q%gW6a#>FDopZ*9@zaf*Dv}D
z`q$@4AKxYp$1T_T)F1te-!Dsa;|foeG&ggU?^_n69P{om(mCM2^=ioD5ul^@f8EIP
zrT2nLT(sjlk+;6T*X_JoV119T+x1$3^|^C;{!3xaZ_@hpf~U1c@ca6Y`QS=2e?ial
z-vD|(!t}VeQwCjb1t%Q8qX6_HHT^gH6vBDag>xk+PX&5E?;T>0+$t^}6OZd!#udXk
zD_IW;T{Q}?5qPsqu);mnobS4_lHOe<^(5Tz==d`8Gh8qF=DHiCUPk7tz1IwO3UrS)
zKDS%y+x`7`oN|9UoYTVexx3pKzsqwnj`6l|#c)nm$J?xMwZhjbyiDOW3fD=0T`LuC
zP`FXyMutby`?sQBT^(G{VbFAqHGX;yNAQVSc>L`be4Be1k5fG#6JPH<q4%C`+%D`D
zzh1a!tHR=E3-{cku<Rcc?%AU7aq+|VbSWGtzD|WJg<kc4vApgTdhhAuddctRjVAwa
z&VKGMTz^3N?NfR8iC)orIHbHu;vaf%s=yNdc>H<`_g{GX$GQK)-5-<mZTp3uyY@=j
zJs_!wiO;@3R3XJ*xb~4N2b|`=0wX_1=lqeM3gkTlPS_i_C%cVn?Dq1$f@0G&rnk7h
zLehFU&=J-g7ki`UPr}}#0^55mN+M7CPA}(Md|u3aRbi25G4mCLMV`gXA%#VrbbnD{
zm1pLF!YYr<euYIYbS^{TtjIqzpl~(A#Z14#GM|c>lEN~dikUuz8?=3o!i@@VQ@Bgv
zEefmrGhGUc{i1kC;WgU-MulZQ6*C2eWj+)$9SXN7{x*eG&-A_9c5Z^6x7Tvjx6Dd~
zJGFfy!@i$B!hX1t<!SK=o&RCj_YZiV-HFcSw^6xYKj~*V-rA-5Mt+w5vERe{=<=mD
z?k|4d@2y<XrxWerm+qu>nQvDRABQ%tD=N92y|)y0N6IB1&wJsr^$O;9mSDu6r~&-1
zy_m{36F?W%H_IsX?E>Sod2Ib{7yMCwrzQH^&gj^mRMSttzgMHbl9Z!8^GWypK+mbG
z%f)SC*IX2*iT+s}XYZ%A@BT*bU)1k6jOedl`zL-ZqXDAdZ>^wlKP>tZpBK85EBgBl
z4OHKk`%1*sdBKNqo<%=_@5o;cA1Cz5UsqVYZ&5vqpWR}mi}=EPpD%Fqo!R+SoDqH3
zVm@_5SM(hUec!4*XKMbP;ziN#5?5z`m*o2sbmntpynF>WaC>Z?>HIRfP7%4=dS*P|
zS>}E{{xe^8C|$%q@E831ZUgZ}-{b8b?%?^HuC)EVR&Id#3k|pZ2Y;SWQDF1Lmp|qy
z@Lx;s$w~!sKs(?6cIHoO%^FVK4)Ieq9=G#0&JUX!rF_?)3*6kmX=_I2bJ(o;O<KQR
z@U+$leqV23Km7RfpI<jzUu^zA`PkIX|1YgL(R{y*`E1|2A35J?GSg-2X4seHd_O?=
zQ~cB<;(UqE-44~GovK&6biLKAX_Mp=|Ji=G)<`>x^L;*oPd*<XAU@i6u}@~+wqxGz
z;bE~oOxpR|FyC!GL;89fRfRsS#XKGmJ+<c^z%R^@a`XN=^wX{VP(7@d{rew=cQw@u
zd!*i2b|MvsJ@Ch!q(5n|fEx5SfgZKn<><D0mx3M%OX+>qG5s`zXujEV#rB<(rKA@x
zrgEpxA;VsvKKgyj3d-+a#&V9{n_8-4*spgd)q6m?<L6*jj<T<Gz&qCq{I`+`M+$pd
zD9JuTQRl0_E(V{lo?h<nhY;N_p+0fG^tgw&isH{?Kk3f6pTP@+P<yX~J!b&?E`k4a
z<pb!;7xr?)T!p^Jq0q+g_`eI;!u7-DoX~TwGb26&zwsgRS2VsKkt~q^7gu85{8aiY
zc1ZdP!Grf<5b1H;Oy`GjA&$lsuHP^5)+GYRak!jAakmk3=yJDraa!ouBIzBXNQF*W
z_Y}8Ed|F&DacOam#G|3UuPkiZ#(ELfOWYZ1ycyPXa=vfpJ2ifKBuD)|Z9dw%;u~WB
zC(55W2S(w~mjvIq`ExPXFRou9=^XJtVRIeBVbd~6>#HTrWF^(_RQdd=Qhg{9e`>d_
zB26GZ?G`#sKNi_~iAs6@%l7doA8_>j2r7q0)aF$$7#sFOW^q3B{vQ+X|K@o`x|f_s
zzrG`$M`SOUev9w09}hha7qj{>ex_UFp12%V7yVNQbd`&HA8(-X>UWnW1AjI8q3+N#
z=F@i>zpjTgUW)0XN_0)+J^xv%@8kb^1L&7|FctKF0r)3v-spOKqVs0`X!GVK(Tm^X
zys4*oW8ZC>N<HmiIm>(=P0nt&*k3mw{F;bfCG~bI^;g@Y^M>Xv$JhE?Pl~-Ejk^@^
zg*d_N$cyq=KUA??ausQLzlhFX+Q(q~XY-BDODnAQDsz}&A208x-zEL<e7c_c)%|AI
zS;qyoE&?6&Z}k03eIc!V=OZ`mRIX3YA2Gf8{#S6?S|k3&?RY7}=4aeadCr{fGqIm>
zyQE#%EPkgoBjXO6HNQ#g*9)H38o}?!t>By4S&Z-1uZ`myS8R~+sUII}d|~|n^Do+m
zkM^Mh9!H^|`>ML{TPR%1_`}Q=ZdWL*QFt4}_I=$j)1z>smiIAi@h|8;@6X6i==*ye
z#Spk)=U5)3Mo828yd~@xF57nv&lWgG?>9lcRPZC=?{q>;mphk}7@x)=5k4p<U14u0
z(-od6aE{^=!FNRPxi&6v_eps~-)Q(U634qj3pWTejf}rgq5JWfl?tDu<!cniY$AFx
zEeyMgEI@+W1m>r-2$p6PpBbJ1B6JoyxV}HnnUAB<IcFK;CI2t!)&@z}S4*1NE9qiJ
z>-G0Z?yqo%#9f8k@8JrC+qOvm8@nX!khsm(1+I#-`T0@M6?O}3`)F97;{uEe-;2V}
zRPbRLUrFdWc|5xr5AatK-Y_~B*~Q~5X8wWoo&2K0^4?uKN2%~$Ef>8GGXn~XUWb`J
zg$IOhnI46eubFKMtG?-bJd5i$a(=P7AgSJ`3Tt#<U`~s+Q+eonLc`vbn%}7XH7dMP
z>6Lho_PrFAxX+bZ6mHP^ZQ5SqKv!C(u-aFR2VF_^MB_qRH`8;GjK|~_Ki9IK^ON_l
zDc<IMiod1*NsANKi=Iq0PPhcxM*0@*|I7X5@vl36!{aEf|FxuZj?4I(k4f5eRMPq*
zl4cG|T62g~-)|k#xO&mmWWRP)vm9!dy`RS=PX!P6pIE0P{Q~Uj3c4TZc8h<B{QAsS
zu|KABl-#dxC;YhB?G`<oNF0zQ{`v9cJr_~``W)$K{Y(TuETfPAFMxkLWzq%z#`Hgp
zeda9T@$nacKM(94evM;twvU~M74gdjj`q#9eYt(Dn}Gjm>;0?MK0b%_!{2wpeF|SM
zx)S?NJw!M3<kWkKj)DEGXa0T?M&j=$S^eix{jd$ArgmfK(M05%C44^rSByh{PDW3w
z6aBnmiuI`agnIM^u~(z&(IX;P)uU9<LevxApSFE_gylV^eY;clRW?oDzCk&AWzY5D
zI}o^_m&dQddO++~e4i`B<zuavY(4XI^zUb{hJIHMp~KPbSF6Zx)cu1SxV+r_{~_T|
z1#jf?eE<ENw$>aMx$L-?;jsRgz&qbAaMMwNcfCd6<|7QZ>V49%S@WB;e!bvntr7gb
zJ%AisN#;HH{m~|jH#^37=>{M3L+o6<A0hCG_Deqh>hbV%9gl1D@4gDZ%klG{2tU1_
zkK1Fv=)uH3>3Kvq&Z{N&i!Pvza*QAT!{2B9QlkBfsJ+!goC8(0^C7mcTyDSi=n3%n
z>!1g&ApQ_uTu$%Pxl@TSz%LN~M)%_uws3xUd7Gr?cSyQa;_XrC0~6>nI_>^C_%-9N
zbu*UA!QV8cHr{Z(u3OuLp1kX#Qo{2fC&ApiB}Km&LT$SY#NxqR#l-jVx;(jnKFCLU
zA^cThm+X0)bwqEL3h&g^)*E&ncW}P6OxC+z^RJ)(W5(UOu!}3&eQZB2+XDZ&QSg8-
z*RXw({j*#}m+n{S`d{q<zMF@AO7H>qXUgf{DP1w2F`vFh<GgUK$imk5<=Rzy?cAOo
z*84>&kL&N2ftkM8`*aW|feyD@<=HNJW#<mf4r6@t-YIlL&*@wr;}4Zzqu#e!OO@$L
zPovE(x=aqKU=_o3-j(tAd_73x#roj>-dO+8|7%_^{Xa5W_;V}8v*DaJZf|;K&(+88
z#n*VdSK@3x9%A|RGa0-eaD@7``3L?czgJn|NM6J*pDthi4-h@&-iv=6<DqsZ`@PDq
zd3x{c`)2yxNIJK|dTQT;u=vZq8{zc)Zfmrzwe?1e*me6pn%=*%??U_UT_;h{d(32g
z20kw$xK+PX3HU66?R*5rIo-2wVP=`o*DHSWMEtMz_z!u1ANEiEz43XlRpjMAue1Dr
zli%tWJ#ves-1fI3{Vb_|tG-6}1-<hIL^|8ICoYWl&HVd$Cdbk4=T-ghSYPS86HJIJ
z^~pR@e#Ot{)G7bPJ{X^D|DE11#N~ef;1BpaTK|W~xS#k=PmiMaP18LWT!Xp~1N^5Y
z?7r{kTwW@M3&pRvJPC@faA60h_MPBxq4*(NFNNx#pfBtvwZF(up2N+f?}&kpS0?Dd
zQVx1SY#7Qv)Wr>2-C<76Ucp{&p&Z|yY$H33cKuf(eiVM^D&ETWIb5&zJM=kNS0(oE
z?8@oG?6mn6`@T5Nqc5X=T))b<M)hj}lQW`!qYrd+52NE2^%G*REzTK_pLp$CV}3+_
zVx#(rg3wXUPqg~&Xt?k%?qL~6?dCb$5YM5pU(opi{D95>*!xg1p4XA<HMzQe;it_z
z`>s3fr;f1m*w=ua?@HMD&2-)Z_`axi{vXKh+de(==^xn}vFm_w(fho3zL@>@-(v&$
z`*H43>eu{GIXnLvQf=s;PnR#h!$eOxJCAc;Xm_%9exWx%$F}Rk?Re|@gFJpZ7pi<{
zQ&|1q1inkWi1_J$|3vJ21LMQ^hTC_sW3e2>-uvf8lKcmsOpl;HOW4kf-q^Voi#zN)
zvZ#04Vd$yo(P;ZTbe@Iv%q?cM;C&z>IWT=Rd*ez2YL^?8PdbmsX{UX=Y;r$YyL`A9
z&trR!?4TTz3Zio#)iNH^dww1Ya(I2hJ}#sx;1jWT$lWgQ34&a*lwZ3l%?RlGYRB*+
z`VQ~L=W~9srt5e3LGeGQ_Fl!+G(Qm+rKdfQ@wk4+<?gm6+^$f3nY6Fh_D$NJVqsjX
zDUO2QOixb*4FnH*`7|vle_GH;`FNi?EjMYs2JMsimwe9b$PLt9mYWo>3Lh+9TTSDn
zu70oI19|*UseiS*STDiF`TJLop*)Y#Q9hO5Oey45MfSw>GHg1`@-_R4_mm=%uz7%U
zGg-hL^oK66<4@>+IOm8wPuF~uQ@2axMBg<O`1S^>MfI8wG2DJTxDNOr!-d<yeZU8_
z9A28<<Jf#1?<eGMXE11OUc<0^B{>ed!sa*dJSx1B20~Y{d9}>HmorGuWnRv3{t|)P
zUn6*nnKv<>4Ncc^d29U|PQ#iTI6thpNbu-=3W_fo_Wk;CdLgcF*Xu~3z;9?K_`2yH
z_-EluVX@MeStk0sSn1DHE3EWpvJA)etdU{*F1w~{G;QIO?tci~nU#{izC+U9Hcowd
z>*zg$_MDZUzmoIic`UNu%>Q!FU15B_-D&gRTS#NYWq!)^1$@Yp0vVm@3UTOu9KI&8
zFWi8BOpl45eS{ZyR)U`;op&42o9K5Rr6_+bl_$rA{9EX|RenDBfc#3zPX&E!e<woE
z5$*5Q=x=}ky6}CZPVl2!U|TOhAC6EK`m1C5>qI`0KQy_@`o@(^-d#*rxOJPPy<0e?
z`&-)H{Hw^>zL!Vu-_ml6?<*A+zvxPV!qtjTo|C2biz+PhHOySDu-JoQ<}!xcOE2Q~
z8#1q9n9fHqZ0j*s$}0XhX!~k~S2J8FEn~Qtxk1Zi{+nL9lFWa4e&HB6NpZ-D^|2qd
zi2r2ITF9RJ`k4j1Q_E@EHvrxxFy!$m%5%GA{^Vvpht~zZo+R~><@@fq{T_NA-tJ@O
zNUvd8=>0WJFP{4boMLN0da_5_VIL=nH>vMER2B67d<)?lP<>au!nzWc!`CmX|6{6e
z_d!y6U*7MR=dZ^vrlZU}`#$0E`M`YD`G$D)ANt~TCicf^s7&un#7DbZM6Sw*^vwT|
z_a16L5&a$=Z6p`W6C20BV;t**Up^h+Klt+JM@Wt(DF;5-FXaF12bj-Gxc|XxwEY#D
z)@iy_(lE3C*Z74v=B7j(Q%m{4M`R7rdh!_R!Cz)6t(`CH6L+J=F&AU>^c?Xe8pqUE
z{{}EU&%mjDKVUVD&*F_NmE-=wizz)(yz$jHksL^0aMAq(rq}G^vmxGi^i@Qk=@0Rz
zis*zKp`YO2w@{u3^~2+hIkdjAcw_JqDYrPo?OH7SYu?M_ZEwhOg>cRQ!_jxR&qFW7
zclG=EONaov!uoB}PVt8IJ;Jvl7YBvQ!F8&)sZa9HmwdNF`U~qT#6C4Ui38RbB%RaF
zX|YD^XQ5y0YOzMnDYWZz#v5u53!VKP8b=&bSnY1j0fqH^L(M^kp<lSdnqv&pdkHiR
zRG%t2b^UTqf}Yot^4=;b-#U*|KOQ;qYdr5Y@_n7hIe+x`b+*7C?+|(*mwCU5?WWls
z$d`_s(ep(IIR41Zo<HKfhXMRyzv7|sF<#RL!rMnhz>}l-PWOFyJhuLV9$EP+D);9*
z=tsLE&38W^<3;}S*baO|?7(jAAJcRUdRi)ko=Xz_ZArv=2Q|*?RQfMO{Q>Q#lI#Td
z)h)0;9>ae=)en2S*iX=T1d(GD52)OAzmwt}El<P)n=Bqs`A7Swq6cw2u#MZdX6)RJ
z%!dupI#cv9RR2!<yV~FD)jx~=hM8*^ZZC;`Z^*n!_*>F(6Yp5QzP#aYJw1Z|bvp+b
zzuP7A5Au2;{P2M2b-Hq{_~8@CtquB_mwtV}@m%7o+oO7v^fzlq)}IMEY?k~~a3=ro
z^(m<@%b*8pM?m-e?Eht6=jf{^;{T=p*#BcyO#0!CC&?%7#~V){)d&8c6Ky^{?1yz6
z@WVe%_+i*zv`f>6K4U*D^rUA#K4CxnJ?g)lABKLTpNGCn{P5&&^D^N1C-3#Q??)#0
z6X?8^#)Vy+!Vlk<@WZF+c-Rkb7CRPhI>>g_Z4v()Zau)TPe%vV51t+#AbkP7zohpX
zQvA&JDqZm+!cO|4=aEdG#`3FfkI-9tCLyFNU7`Ezd2!TsU*6^A-r&2a&NTY(TBRKO
znmnF!$xzT0-3L(lyO#@I(EE#elE3K%AxZkzpQ7CJzc&*;v^(Rqh$|jq{C59>?x!%H
zeLihT*h8Gh!F*~|JpCm9cpZ8~<#kxoW11f4)c8vKpOU}6Qv6?UFhV|us9%fseR_^^
zzWSw2B459p<?7j!0Cqs*dD@rbexvp0+j;oRk0Ue%jlO98>CH#zhp#U<hY<0d_|d2Q
z=puf&lE~k;>sJ02D);Hdcp#7WeV_1o^918ZejVkf0-4aheHe?Ly-Lq5=x=}ky0HG_
z_qKHl?9*rU+nD}CDmPmnnmilS-kY2o84kCuku*BjsdCl(YOW;mwfjZ!`c&2d{<sn6
z`+SD}`TBNsf`7?*jQdZ%KY=|2AK8EGk$Ih)HF6!7<R|mVTgUwb&!d*aj>PLYk#lUv
zmoQ@|BBvf|0s1Zg-v?B0R6fx<NW{-^v(<k&)wlPwMe8_EUz2>{@tK|Q^tC3z&!qnt
zZ5{WzZ}|R0=suZsTn6J<r~2sWzrCOBss9*0FKoVGUPSAIG1qa2Iqrr3_+Y|+oUZ(5
zdpqHE+(DTqH3!75P^^n<HSt&Wlcxn)g7F>GYD!PEjyvsony0g<5?yY$&}(*kEPpe?
z&lChv<Yx*AKU0))>@)DVlYU11h3{vUB>YIy&%8L{hs@8cqUR(cIb9;-i`Q|VV!pYC
zEEj}x4zZkE1Gq(cG3Ow|?G1>UXrFh^Yd9XxH!w)wac+?Kc$vV3^JpT`<z7yPj;><O
zWn3QCf0O-7as8v5hRv5te)H!Ap7U><x_-eIM(^i3Eaf%Fg|7ZX3LjHg;tX1cDJ=GZ
zz6--}yk46p{nb=zn$@(LQ`c|pswBU+PSUN*IQ8uzKCo79y;jBfqp#O^{_kM6@OQ;H
zPF26?uh%|EChSD(wF6|2eR@W-EAPLX@RU@KJ^R&1B*5Oim&$#+5Bib+$?pxH?-(!g
zS5rQHA5Yd3yLB8h>0I0x^aM2L(f(bD{u&eQlIyk2s6U|nkUBLG9p%<*hQFKYhrJD=
z&!s@*7p>P+?$LTp^+BH_i1u%z^_t2*TCa&7#OpQD$N2n==wp1oM)Z-M-!Xs9`bhT&
zgnuO+7x5<P_t^e>deT4!!tK;~xl86F`1udhNxu5rUAgsGQZD>lTVDG0*JI7ZH@9cF
zy*rWLyBd7nEO^ST$CCXXgWSCJ*!RSbvz+4fnDig}@saDXB%in+Z#;cO68O>pz47>)
z^rxe($6CMc`%|IkWY%NLz@K%(AD<5BFX;QLgg>=;_j;aRO`;!bw7u<%o~Q6qNlEXR
zfAFUVPvB4Eb%Cra=y@=1N6*h_x`osDJdwobVQ-I=uiwV0KaLifx8>Fa*!PX@2XyN?
zP`|6?-ac}jz~|~bJ>Ld<p!P7_v{L%j{cP~<(%JZaMZo+iw~zIoiS<Dx&6{%TgWtUa
zc2W4}$KQR#TJ&?A%Kh=$el~q7Z`k?(d_etwr1f<wpv4?r5nj)3^<iB7T+H`Bc--9r
zV;*+WPvChB{qEL!GwFU*VmuXz@$Aud-{bKNFkk4oH1VUQy$b6(ytH3o@t+h&D=hxi
zAMa`C*Yg+F&)2D+VsDk=ZxQ{_=aK0Apu$HOZ@j)ZD*bFduK6NYJC{S}+_c>xEf;;W
z=fHfrm~S2*4-!AXH+;#{?U8dK=~<_Y*q2K3aa&^DXz~2Vz{dgA3zg4_?BGYJzQzAO
zosf5m@3st=C-NixQ2v7cbDu-?@*;P@pZd;lJv06LBI#Ka$Bh|px3Ir~efVL*K2)pT
z5c{J0CTCYH;xhuMpFB_T(Kix(vxL6!$HS*^gLDNAh_1mqIHBjF1W^<hC-z^Wcv$yg
z+&JRm&(slqZ-1qVy28Aokb&nFz6t9}!VmvE#ZSn#rueJyRIc}l;&`!B{B=!-rdu@K
z#;NN+s&QzS<oEVTy0wQ>f4;ZTK3utYv5WIZj~9<(9(wk%2m95#gpYo_h))aC`@?wt
zl(UOizx(tsUe!17sZaTIE%aac<j;RA&r!Lr=b#_@dMD|npO5h({}jrn@4_>|zFixO
z9@~GvJkj60#5h)x{`&TF1?qctcL4nA=I)2R2g&fiit2~Gm27{=eu?}dd!};N@1fHE
zoR$x_XW^z}YPVGW8M9-e2j%P-^S_K8yM^tT=v6s8mgL(p=!YlA9+hL3#zp(|qK7*E
z6WOs0_|U0*DoKj^;9ogAhWw<SK;DnMkod3k0RC#ij+wqJ_wCqf>5ty8a~!`$o@49b
zeAuPu{Y^?L(_hR}oKQhOY{%}9cq2XY4P3|Qz&KEj`mhJJ^Jy_mSGaWx<8_@9mlV1=
zo6fa$2^~5Pw11M?ySwNI+SPP&IqjcHJ#B}26rND~Ba&a@>U^%S0dn%>eS|h9K=%Nh
zYjJxT)SotTnyz>iH>7=F#zXHJ6g!h?V>piI_A*S*k!yND(}SG4lHjHL=L!pd>Aj#*
zulEqA{=DrYy2{0M`#E3j)cTQe9FNblQ-`R&*(tYsi}bTr_~D<&A0mBm4=+=@b>4{k
zk}I)p@c734<OPp!w?0jK$P`Bm>&GwuXDau{iSdB{M~)DFPfi#=@;6a_de)iT(K>Qh
z&^n4|1iyEliA2u&_lxsU=X9=L&VPQnnfjlw|0F`_itbxX!G6-WiS85m&BIh~eD(e2
zEb^OC9OCg0@(MGeXGyt19><7b;P1T&c^rnF_T*fL`AYRWY5b^vH|l$K9rMTRy6czz
zeEeNhKkU`@a;cBy7Qe5-=F35~+k3TK>~^?S;#d0Kjh5?t$w>T6=bW_uUM+7^*y7s`
zg^zK0xJmqluV+bnu$RVb^9A3XKMH%ZL+p^-*~$38hwa1@vlsS!OZ;6|Q83@nf=?zt
z^XI^`kW}03W4ZVCCFfn^D1PQD;<FpjdDqSA%JvR+*7}27dQ^_DgIqeLp3e`^3A(QS
z*6{gg^K=8v$5bHi(->T$?H5Yw+LrMTx4eqeuu4+5oDk9#R!QoXgDSw1+I!{gy*zG(
zl~;2;x5C;h{uPG5PRlt7+?8S%i`9BAwkj*-tHd8|sA?4WO0k<^bpyjV2lq?W^IuU~
zduE#RvCoX1;<GDGmG}I6e9cmgI6f79qjM;tXEhp^==Zt(`9$pF`Gof1^KOzunxlP^
zlQ-{B&*l~6X7&5HJ`qM&6c3ab6#oYNG#*^Q|6y9Yx`!K>uH0<7-wwYugUao_sHxz2
zT;HG916Y@N^fV^u=~4VMh#s?B@Vk(lJ$K{l+tAynzlXS+fWMc7dU=6C=O-Wa)>9&;
z==s*wL@eas?hyI6uaye5XOYvQ%ihlvHp_DaWcTEJ@1`D32iHkISkH9PPhZ~~FfMOj
zWBP?LzvB1*%KFLT`mk4?J23h&?!AN;<49jj?Un!byoxWsHsV)WzXxOA^@F@{5)SPh
z$t%ToM?}96#~}X>&Oe7Bs<XS1<>{YOOv(%KxXA_mZ&N&9CONnP;g9JT=%+4*osYEo
z2O+mMNR?6uoi3-(sip#%_(^_(-n&*)y^`o%x?+K}E3K6IVecpJmvMwO@?3}8v4+dt
z&K9j_<$@<{l5%?=udknwqwy2{e;smAI(_>3NUu@8llJ|f5A-wAU*!L}r-$xg>CbPU
z)R#{-V4O<Vf@<O<U>)aztin2u1&ByuzJv?rF}&gK0ZzjQS4z1)kL4DlHt~JIGRa@8
za#&EOFsMg)gTiVT7c>f-Z{Tvfzdsj2I$h8QPN^0u)}F)F<8uq=wQvUPAAT4g@g65!
zDYhOMhv*UX7bW1|V%F2Iu>Ab_fsv9Q<@s1V?*oh|T(X8!w8ur~^F;0^VMm`LJx$wt
z>GFaPdJWF`dUAyH#GjA9;&x|o1DD^+^w@Lzp}hw>dcU^F)t>hYYecU0e0I6}3CVd0
z{Q;l8bT;_6U+h%oD39Ci*{gQzi14ozkAvy<_}sIK+V{)6vGXwge8)i0&vx3YHhWL;
znc!DF@b%i}#R{4i6sK@KvkR%<uSd{>ahTlD&-W-+asxWwE59M<ruHcPG|!TJ_<!WR
z33yyrc|SaIGPaUZa1tcTDkO4NMG%k^NQ8i(kOYhi)C80W7l_7+iDD9>$v8n*H-O~O
z#4(#4Xrj-gMI+gg%<8rj%xagd4iqp2QbS8|>GF43TK}OfE(P-ae(!ScnL9I*yyW@%
zJl{M{uHJjkdCz;^{Vexfi6=f!1by^)(hYe;)8?NFY5%GD?x!g~FaIo*kMGrT`P`V&
zd4<9_w@&-pq5e9$xKkeNH9yAvAEUTak*A?wuD2e?*uS10l-nlNEApu}+~V^OgN`Pj
zXAI=#d~*N(S@LOG`P94k)nZAJeE=+8uJ#)hfe^oVxnBKT|Jcsg_xJW=ZuY`2Dz?cr
zUar@u*lw_1qhhDQdX0)*2J1DtqetP3^?FNjmB4RUuGi}Ph`YU+7d>6`BI677r49F8
zFHXds?-70yTebbV96~#Ovy^Yu^3!sWJcInNCC|k@z#GU(^mCooqdebrg7$g-0`2pu
z74~WRYW7)cJ<s)tl#<R8^=ZcJZpk6FyP*Fy?XIBx4DINvn}BCl+Yj@CMii|ze)tl~
z`}o1%ubwL(sb}w>nX6sP%R)Lo&UOctet%Ej{S^7J5&p}^!|_^Ohe*$h_WUs87cT4+
zgnJEd;uiw{b%=Uo{wnkfpM3%NbBof$_sb8EUtaD3y&vjn`vUz$S0LBkB~KPV5$Y@T
zfc@>g9&$_ath1%TB>#Ba@+{>a+n>FP`GCgH(2p)u@9v&U{_9fyjpI+YcNgV9toQNV
zIqR?HU(q^ALvWt5o_8Lt>uF#Ce)ovKyu58nekuL*Q}oOE92R}>i`E^H>m@6^Jdzo?
ze>8L7-e(E$oQe{8nKi4#{{-A8-M>MBTKal+ps((ysL#7mkMxm}_(JWM=TCkfYJ8y{
zwCU?I@rBH?(9Wf35Wo0B%Qr7=F}O{i`}_VEGCM+f&kHWp{5A347iyjvU#NUM5r6&&
z<kpna@k=%ztL4wXAmz^!x<kJr{@m>gW%wh1UkW>n3Tw1K$@fu)B_D{A{B6i!dNuIJ
z&gD$=w|;pZ+L`FF`60G*%?ZYZ!W!~>{=9ANv%|d2{8bVcY~N2=x>0l7znl7I<Nl`8
z{^q#zu}1JXn%4G1{gk*+!#^)V`S?MlE1xSXKQB~xuMQV;(Jh^FBjocw^Jky#MSHd$
z-rI1Il=Jg(q6ZELoZ9E5isu2j$a+34Ae_e_UXN##-;x&q|F%O?A<gr3+>z?Zk&K>L
zetw3wgLQ>!Jz+b6K9*EZq+D{I?CfrZw~SZSA4h$+chdQkHK5bJ>zw5GW7<CB2^F2?
zngTsZ=W|q1((@>^-Dq;Zw%;);*J$dXUUz7Je0>c2{j}U_eI9oo5ID43;j7sp>G(fA
zsekqO$Ntc>^7-qakG1A~-hy?hKh$pJd_EETx+HJ+`NZ(MRHG;xo)a?u8}NObBJlA6
z+xyCuC};fgywu0RVLZMZGOLxh_nSOCZ-0^4llq6=)Am-yW0q&T1ERlLE?F-q4=F$W
zyKa+%3U}<+eohSw9PJpja{gTL#H;mr+^u**Ij~)<{|O$p|M4Em;giA;tdlC<O*+m_
z?Z)EW*dD4;Zo%Ib*|b~A$14SW-S3JxJ(NEqCFwdF{LAMwF^%ror|mvV@yz>Ok&Zs;
zUwpN-o1E`^MEm!){fh4o4#>4QdQh+Te^;-Yz9-jG#{+_=w0)aiPq*=Kk|$bz*gdT6
zCEua5_FD(#zUw#p^)D|0{~9!&ESQhr3x6pe{d{cuu85y|e!~2*?~0tN@juG9NxQ|<
z+V#3f<8d+9A#myR&nsU#{z9+Y_bDIN?$PUNo1f^`_yxZv_c8ya&uzRN`gQ7OsIP;x
z*C}aE_TAEc$;ZwA0zKYkc5|A4->X{+hIUN<9wqjp?I!t3htX&AiLs6Q<BoBmFQkL*
zhJN7B$LI&HtZJ_l?afv1BT`Q%974Y&{jTAcu0RvfnA%Yqf5ughlRRas!JemVR`?9%
z8`i}YPWV0{aLD)l<g>*^^7r-UquugBlatA9_JG1$j6Y?Q3;Hblfu7<|vES8L%18W=
z@^i(btD&>$d{e*T*Kh>;*F*sOJA_{Bo0R8aycW7AjSjRwMEwDe`J=qH;>!N~=P2lz
zQT%R?J`VIa9G3rgmUn(FQ@-N+@xTW82K}boT%Xv^eP}b)%P(jiH7nKR{h=(qgBg0q
zQIvRoFj|{lQWDbZ<-d#abFG&=^mjqrd^M2Zw|A9YEziRD0ENGijc-erAJlR|e{-Oh
z^u6O%<WElI(%Ycpn|RAot#9A+h}IpZI^=x4^O6-R*y76X3f`uMvlV|)E;4?>FcxyR
z_x;L^s<)F%^*Ys}*BxzgjaMrick6TP)6)B`N>^xyq}%0A`v2wywet^z9pV4WDaUE!
zhuMXHm(0IwcQf>j^iprwQR4mA%WCH>HwXNWp1le+f&Uf!Kgy#r>r;<-<+%m?xn4yR
z#)r#$q+Z-4k1<YNl(dWPiClP%p0!5tU!~>d!ym716uDJ@kNQ89-z$#@L7z}F0DXc!
z$Gv&{asJ~dO2lh(il_Cc?0acyxI>=D8x9E^pFW}2kt1^5d#OB5^6+S->WhCrq_}c}
z_P2G9lrOHl#o&Dg4;pOyWLNeZZ10(L@0N1W%09bq`(=Z9nouwB9*UHw95+87daLP&
z<e?IW3QBL7H-2|D<b=MHHOaYjW$PF2_rtGx{vU5Rp!_VWop|2L`fXDGpga%T75XL(
zA9`^B^7U~Q^^P4Qz25{K;kb8#<;<>pK91$SVDxHx>QAv>TjWMM@DKf1C2$LXv&X67
z`onsK+z<U<8{<YmUysE}r|WZQFWQEN@xyn9wg1~xk&^FdY;*h?m!h#2D}Pwak9qw=
z277(wSG;9b<viwioX=gRkLEYZod&DFz&YOrn|;}L25~Nv$|2Abk$=$7P;bcBaq_>c
z?bF_b|3P_?Tksym&+-0tuW*|_MEi$xp%VQouL9rd<cZO&+H2x3@O~VBiN9E^bR_xW
zqO+x?d~QVh75H1O<frpcYL~>b1ozpm599B|56)=2@cY6y-v`Y3e)^qwg|?f{pWQAu
zeEorZk#ZJqlJ6-LRi5c{g_G|o1oXB8BlVsoNZ)heZ=<sN8-4#GpR;q3jx{g7+UQTl
z3$Idr%jUyNNCn<!IIS`tjwaPll{&tn_3XX0QpY0(tDh=$>^Io_l#QRGN%c>0#~yhe
zZ!vqBHNU!LR_o20Ki#7CQaatfL$ckzLo#wy>(BQc67xr)-ilradMkQ7rF`Lght%U}
zTK(7FoAf^AFv0zh_I^jY4?^?YXjc93-un&DX}XSv`AyOHxMiO__ym-Wnp_&z{2(6O
zFZZ+b`TlLT`>p3u{%YUJdRSTQJ6R92JR(^Sv%JOE!$P`xKtQ&=Ffaa6*j~#Xp%3SQ
zDZg8G8?62$ZkaV${Yl(1Veq*1`+&kz=D#lO6nL-M(US@SV&5yd0==hE;&+4bsh0+W
zUp}YnSW#K+H*fQ%zV4jbC#{C_+wT;5Y3FT#LwourVsburzdR4)N!I^0LJvH?u>Lsk
zP#&A#3VF;b9iE4iOt$QCGc3Oe<&%9PmT%>Af1`f+EagXZDXGN1gJhl^4dUnhWk2u_
zblW_|N=;1IE;+>KyyDz2;d?f}y1|~OeoJFs(m#97{{0sIc7K@9>G(H3OWTVsZAUBB
zbcT3Hc|P}F!ry32^Eu{E6Ce=wF7&12Jd0b&IM3pioip$GZaN=rajPt3NM6}SIa&Tn
z`fr2&hWgz@d$#u>`1}^p?<7A_JqYk+^??3@_0B(+@))*wdQkhfYe?bk2dePUkGNb|
z|7|Zr{mDTopNtnRFQC3qek}K9=x0bj+m9xdZ+yN1aW$G%KBV9MW>yb9022P?^PZ_3
z@0WJ>MpCRIkIMG9p59;lR?ubi&ZY0?qg?VG<V4>iZU0PbKj8On<8S%J)Vn>(*IA1n
zyY?wOxm&Mg<NK8IJMOl9i><n!G347J;Prj0d*5U2zD=*>V>{mS{DguyPy3MIZ)*50
zJIDH{z&`&AJ2cqnNzNxWdab_ae<2;-zvsUkd^ug?TT|m%((*;Hi%$Ht_aP<3_h03O
z3h=}7g8F%gI?VchQ2hw?kd_<z!A|HI+hhB*PwH!LqvC5?Z1f?|68cQ;o@a-6E&?9k
zFBuh;Z}sW@XO*MbceUUC2YF6<+cNaFN;}`z`V-1WpC{)zM*icU(Pawp`_#En{hRlB
z&H{gXZ649jjXOuXn{$2O_nTSrlB>16f6tlr#UH<?#^2tRa>?BXdilF?g<g3cI9Mt_
zwtLB$Bm`&gSULX9`?1>t^pQXBk6-s*p!fYd9~`gvPx^U=LM_aPNA+*%r;V@uyDvVT
zI_D}alk^kfCd%ad#47$A-*e{A<FDi4+z)>@Vvh!Yq^F{v1tdOpU;e=Vq@M+aE_oGO
z1K+My*y-}~lxdd_zXi|x^?AYvlTY3LXXWhuf3mf6m0r&=c_saKIbWr8C35!uyPTV~
zej?`!6|U~TGB8VLZ2kBCQos3QfB(5ge|>$7cn%_7`Op1P=wBvaxBmV>cz>VVSHG2x
zd)==c7CR#TuHbtQK8|-i$M<NZT!?p;esxkQqW#iuupcY>=)cu2v2Rc9bW;7J=Lal@
z;*T{gR(tUKp<kgSL=PaVME=JA!U}D7eZx}OS+>66T*-@?8r~=mni?J!edat4XV};e
zxq?o|`)=U%_g!4S^SSp)ee&aFh2g6S+*-Khws=`8&ufPV*7N@Qn@TUs=QMv`kM-Eo
zd9UGGv4f_D_sY1E?UQ7-FV~>`x7KX`+e9t)bo-re+{nMLDQqmn%edNR_cyM;ihmCb
z+<s?l^R=Y+C2zc|!27q}a?|zs+?V+$=(#}hfTo65iv5wEr{X^8k!wKDZ8honqTnI^
zH(oU`K!9|`%bJq=>+almi`++nco_tXAIsk|bdB6EZM@@_kj`s|hvfbp>u-7$-j|T_
z>+#)K?gwdVc)4V@q;ol7(ka(~&c2#-BB`?SH{n`Z)*>+Jxc&Bxy#$7Cy&Zf^>0AG@
z^>^_88*W{HT|V~?{)zT4M+`%|X#WgeQD3e>`>SfUUuJbFU&6H%v{SgFa2ubk-?;t`
z=R;m*>)BqHypPBB&bRt<4chCj+1?dIne3-xJUJ(L?=YX!1h1*#S@H%0@sq#ok6Z)%
z&!~z2g@T{uZy8yC)4(zyz>oaweWRY9zH#t&e4RtvA%1e4<>eaSKeqz^a|Dl<%jaT+
zQJ*1@_vISYZ>^}W>t0?ipCh+X5A_)ucweqT{WI&-XSsat4XiHpMbA)Qu0j3NE9&=X
zc`KLCiAhNPdh%OTQD0n&(8==nKAz$O{q_9RFFQj&b(NI&_gmQSdi8!@QSZEjZkG3R
zAXvYiUi`SCepgbT<@32~1Qx&WqJr4-t#{tBKD4g_91#l@Hr{f(>pjcEjoi-ra3k<j
zU=Dti+j@xd4WZo(zx+-<yY1z--xSub^uHIgh}6I3HtH#Rr+T`+aFZzK)o|cp{TJQ&
zMxm>8)veIq6-oJxw+u)&a>pIF!%kCwf7Kngh#wxjZT-f4?sud-=>@qJeg<LUm3+9d
zun~Sa@H1E6D*Y|3zxvjYjx~3z7r%hwphL@h9Hc#89oRGTZ0ZZ+Vf1G5U&sGqk8o^k
zw{X*X@F}JHIygSwe>wc0zn4I|@3{T;*N65T#EmsRUX1U8V&E6wt91E3a*xBr!+7TV
z1_?8s<R!YQJk9_dj(d+@uk<tS`}g@gpBxzZiH-})sDvNKm0MYE)?kqH6VAVHQkZ=B
z4d>rc4*!z*cEbGOePYQweBM1=e`Y=u<}H%PY}0zRzMu0NxCo!$3FjBiMU`6L%{c<P
zD3{~?ZcgXTDWC8jiS=Wt=27KwgIf%qFu2WN&AZa`6E*)zzsKc#>5}r~7gP=3L+dd-
zM??-Uh8hhmLylqROojYn|2%)C99AJOb-mcDZYEct@bO!Zd3~nP>v66r+i7Ze25;kf
zspe;BpCa@1B=W8CdyK&P!~C}VvA*GnmR~*D@~dZRepRFXY>>z1b1$~~XIUO}iRM8y
z>K(4A*JJh0w7leLnwQk5H&{_m<69H*nbUwF)z37~-ds`sGHIu&;bPcM?ehC8%3osT
z+cmD&pl4M@`HQ4{EjrpO_)KlC-F{0&Ia+z`a(gP;)%>egyGJX^omCg#a78)Ie{10z
zuP8^Z*QW1aMY&V!mg@`3`8bGrIrQFCFa2B~(!*c+y{-ddN1?rNT;%fuw3oMFh?3X~
ze4^A}-SR75{agv0_b)K)R_~XknE1tgw7&-wCcgi{K0$o9?g;PTTq`N>-x+`(Q21t@
zAH)7pv2T8_lpF}hbM3@Csdzb_+Ygv=XB4;C&Ij(Mf5#vAh3mHc8GkDD6{MKVGfm)6
z)}KWEusvB%U8m*d`VPdGzRG#dHl@4qQKfrY>v7*?XXe}r=||B18f*UnwD0fbVO*_z
zv3=@@69!L6JD9&S*ynkV{tsJ>?7NFtH?`-Rt-PMk683Km&w;W2k&jNt*xkgV?c+N@
zhDY1Sy0gLBKGvrN4)JE?{|M!O9CF=ie7PO;<Ykm|d~&@R^+Woya@{kL+6}+&!Tgc>
zuqBXdI)D8&vbjRP=991Y<N6F8a-Lbhe=qk6l*4-Xuh@>CBa(jS#_XuZdC|i6ovelW
zGi_4e*Li$iIohFi%>F$ILzPr6jSIH7PT*(#=aJ4`s&{!A6;<+Op>}r}@XRHjFJ|P!
z@fX{_K9G;ok;>`EWJ86V<eZ;Lxh?x#vUceGT9Kh=AMH1glb3r+rX2grym&D9E-3Aa
zE;#%?)T>@fz7JbIqx&LoE{egOVz22wyLN;7?Ya7y;`FG%pFkeO{DppAu4td_kv}hf
zCdR@d)!NUu_i8ziEqUrKH)DLWG>tn0x4-fA1Hi){zWb}~j~JaJN>AvI*?-qt-)BZT
z+P{nY+ce(ddv}5--G`$1d><FiRkY{UZmYFZR+xErR<CH!<Z~N}u)PxXa#rI~Q|?x&
z7_Og6{i5Py{{JX=$a=j!mHHy~RM2v6M{~u2Q>l+9*v}~0_oDJm_r+{hz9jo*wi>MZ
zgMC^8`#6An8U^X$eqHIe=`s8JYuLZfZ-w!4K7Y0bcv=55m>N0ucr|PBNY{U(@@|85
z-$?pib<XtO<CprwG`^{Si)J+b;rydtQBvW$-)6$r-!Q)I6uK?GEkD9)=!eC(<wp&+
z__kckN$d-%f^|`&Ys%=~p>&s)4@<rH{!zU~2jvQR3SIH?Lwf%u+yxDLdQPKWFJ|V(
z_RZffKTHsE`HEbRMJ`)WgL1i_{hQgN{96EDyxu0%izB7S`$50LetZ9-=|<^KG?SBS
zKKDmLXH;(dHU9|L)7UZhe@*rtA7TFD6?*N(_b6G8bkh&{75iEgpUIE;-kkU@bbP)a
z|3B3}7%cE(ec~_9Tr7B#_7}nU@mt8cWE;wnehl@6-ao=nF)9GSkM>6VF()1HOZHP0
zSUP;JaI&Au>eCOkqg;r88}R#lOH)Iq;0g6X?0HgdOaCNJ89wr{(1rTpbLM;AUf?gk
z2Dvxo-dr2Mmj`{{0;`huny0N@1f7M()yvUN=!dg@rjPl(`(@BKh$h&NXHuURpvUA8
z%U{fPY`%nY*@OG;zsX<6dp^o7T+b;T;0gLI{15nZz~aa|UVw6AQe5<6l=apr%=l3+
z-+bOzG!BE+xl)Vz6MUbj%C1DuRw%yS6VTslslVj|bK=k1`?0i_)#oduy=p&kvikEh
z!Eb&eWB12n?^*iKA%4@(#NIIn#b09Y$FP604fR5MKa2QHpA!5h(Vr{<ejnFI_8k-V
z*LZJG<3+NcX}`fRDE#7%0}7wfqHya$fvfBx^f%0#tv|HOZ(vDiZ&|9R^8{uW<U<=C
zvD|ZEmrc2gq~NjO|8q=a6lZL|T+r^--{d)j=PJH{J{kXx$!(Ft8f(8iLc7p$Z`?v}
zLAXcbc*~H%s|;2<t+Mx^9gg$Zzpbdr{{12Fhvk_ORQPG|jpaM7{JVu7jk|G6zqPON
zH*V<@I38ak*L>~^ng`C|r~X#__=b7Qxj*~am6i04qNUKE)f%7WbL$nqiZQoW)h3B&
z)Nl5i{Fv?ne=!fspX=j%@jlXNwE6Q0-*<eepqDs_W^)|p^P1!(I_$~C=V`g#Q!Dcb
ze2+l=<i^8NAbO#eOX$QDLIpmXQYd1cl|RgrN&O<`Q5Ehom|lj@dlY{|8$rOU3|7WP
zLx=SK`ErqcJ!~(Z(|t(s>Frwnjw4bax<JeE97O3a;<V6b`$T--%-*e9F5c26_2cUl
z?p^Ht|BlEpy7Q>wy-U#Kio=?}79+gyhhOncr^~f8vR2BMw!d1h{yn7)YXpwhuF`8q
zk6u^nJbyH)^v4~YazC0>ew8}57_9s%b*Ozulgh7BhmDISm0xj(j+=a(>F?bJ=f7&Z
zr&o_F<vjDiZaWc}vg0S}>jd@H&d*{VN7cdnpYV_QGT~Uo2Kk&#_Eh9O*}P5K4f37|
zlxI6j=_kspt@)$mS$8NrR~~WMBN&HHA5ncUx|$aMr0N`j?00#O(q9L3jH4;i@fcPq
zLw`j}4f824_e+%X^Ibg7?0t#SyZ3Uv;=MNUo5^_smLK;vsKI#q^bc%@dGTkllt?-X
z@I(3B6{2VHh>b(++(?{n@jq-Ky3W3r(6Ln7iEhw&<uslWE6Nq*0y{e__4vFKw>*Cj
z`7ZKWr{zh<jW}O3Dy#m~ny2n(o*n4XAoM8o=idRJl6mS`#mjw-J(>A!X?IMYv;GAB
zWcy#EJjzxNboa5nO$t*l{$WCS$vgCOPsEk=j_e2Bb}oN!<M%{Q3+1;9p9btZ?8WlC
z1unIoFV|vui(Ii@DSRrH?>Bg#!J7@<ul%>~#bG~|!Nd0apus~1A2E2)V2x+stHFot
zxymt}2UR)y_c7uc^Ps}Foyw1B#`MkX#^<H>zE_`<FBc&%IT3ljPvm)qAPn=Bn({1Y
zyP-VaQ%jzvZ<Obw8F_MLopgUZkY_sY`Dhg#hiKP<K8k(@baWcNO&L1csaHlvsK0N{
zlw&_h&#PVr8!h)pUKs6C`Eq|hQ&|6A7{2!|&#@jQa)w_vIH&%~-}7y46gbp#wzH7=
z)miwQ<bB~*i;GD+>ZemWTC82A8+s*h(cVvHoW#GH^Q-TBI_Fngh2OR2U;hoUlzid%
zrZD*$>E}R)&3{h4O8af+LPR@Ws_<%?|J-?v!fVyf;Cu51+x^v6zFYAObSQowuX*0>
zel(Q7%WDvEjCA8);`j2o=O_J{dp_9YxWVMNLFvo3<LegTcZ*(+@9kCDiRoiBtNz&i
z8Tq#gu_MI0G#FP<FWW#d%Y6)biE)kSRa5Rm(vNVyLG01v+oE*d_d#?yq(}UR(c^KB
zc3AKGf!D$g>$Ma1<C*9O=J`awke`S=qq6EF&Z#$8^%3*n2CF{$`>A^wZ1IbBY5WW4
zIT+d8UPFHOgmPXk)pP!y72eM<JM7f!nfl!4%i<LZAIrGE4OJ)?(nGm)!A^WU73TM}
zixmHBrJ?%saIco<wdTp54*YpoB7bQ-J0yHg<Jmt6oW>W83s`57ekbeFWsgtJ7mr_-
zUnKEO{adl@@lW+OjgK0?in}y^hWeGA_mb~5nZA*4gXjnOc3>EJb=l~iQF)h^y}<gZ
z{To>JT!F*9sRwsl4?=uj2ENim-BKRk;g<MXTJ{`+mHyH)C<}ggk3^ow%Q_9VxVx;~
zVC7G|tj%DH)3&b_?*S@bZJ$|uAGIOyH#TpQ<cYy}b)oU<L+DRvcQyIy_8#zcC+gL*
zAF#ZFZ|phc@P4+ljnr!%-h-?Ag^<77Q7*ne(@(QEkB5o9jS*WgFWjPVGLJN-c#^!;
z&Rb9BjjcZIp$%0-d;7}M(7%9Qu`{Eiw?WVM_4T#{znxFo+we6RA9;Uk+1uxUKcCyL
z<EW9{q9;B+Aiw^n2kkSV#V@kFD;Xz44h^`UjJpBz7x5;3vCS9MT^CqPDWSaOCG+8p
zFO=fBUc67kCh|BfUg|GWhDWEgNrB?2?Rw4Y_&hyV=X>HeN^8HX*VPB*igUH}+Oc1+
z8%+N<>{EEe>}6z+!mYdI8uIC^9_SI13;dcEKU=P$K1&>$l-s&q&3w%CnS5T4Djr|L
zeTWk0#<U*G^|PGS^YYY}HWcCWuR(8{Y=60*qZ#I1N6{|zpwG%5UIl!ZL*nlOC=mI|
zb!c9rY4e+t>Q64Yk9W!UAIdevo3(T1o1~}kb@a0=#buswDe^wN7b$wi=bP|6Dx}ZZ
zLNadSrdRyVxks<0o6mi|=aLd3h2?7e=X?);K2FWPm)g5%yWq*^KCJdpmf}KRmOoz%
z_!IV{UVpEy(O;Jn`+F1n>v4LMwQK!~Rc(_zF0m`^4(6p@?;ljXe;`v|)qMf=-=+Ny
z{IuxVWQtGvS5TPx)sH_(|1aJIeuJJyz!+~!UPG8a>{AmM``9es*`sl(^?L^EIJ4CH
zU4!@AbDe+2`h~z4Z`$*N2JaU*_H(ed*m|hNJ?x*7=b?PMn2*@GSfmdu27Nu%@`gTQ
zUzFVE{&aQ)=U!-gTb5RpZx_6cS{{Wt9`|!CxY~MW#kn3wtsm-FOReoy_{1-)0}}i^
z&!c|RKBJu)cggqb5bANxlGJZnvJ5j-C?CjA<_!Y*4T4S|H&A}#C{H|lA-{#hOE3RP
zl#e4y8`t~g0{j0N*;Fxa(Qo6q-P_ao3byy3pqu>9<8Q)k&qF=4(@<W+b?QI#HTWyk
zr~FFxJqg0=@!x=*TSfSMJjcAQ@SAct<$Wm~e(nm(@drJSaswMw??OIi{j}IcLF<wJ
zJsiKxD9ra*vvwon?7**o;91pt3jN<Sp5xpR$*(+~FpiVsp7*(4u>E~#pZ#E0(s{{!
z1ar}G`-3N_Ue3`k@dwtg&>!4c!yjPZ$Kzu6J|4vUmD!c%y>9=hd@KDB_FE=;QMs>n
zLhgrpDDt;F$LE*G_p1W?>s|6oohQ!3#}Lm^=rik0Lw~dRjps2g$NGNW{N!=V^_x}w
z8)V)Q_zBWUd3Hj7Nbhqi<at2!GUe+*9S5}Tmuo8L&l~Li-M*h*cK^Q5p1XhFW3c=8
z-2%tkXZ5;a!k)W)#{~}gtNy)D?vp<Hhg$xfdYkxn%WLA1er;#usOE8HT94-M>fevZ
zed1OBepujY|E}XU?0YhOulDa*|3E)YetZ7)r7qgP`lEE-kF$c6euMo8{l@Q8uL@F3
z@)nSq<V{JwgZ}c@yW~vq7x~<~tMq~T9=EnAe*?W(WqRRp;OJfT<3=>8^}{&xGnDu7
zQyeKBo{#2pPb0Y};IHng>PJ?u$*)ka4}l)aQ}dSpy?U+sm(^=sN2}I<)i=-AQ@z&p
zxv>0=BIi|^yhZb&YQ45~yhN{Wtjb$z>2)-vdO$z&t(toMccKU(UDUr&uTT3+z_uRa
zc{25x`A)5KBD3=Z%zG&JQIsbgWyn2jZ#VRU_q%C7Gn>V(!+juBOdn??c0}ibUo<r;
z<^8?2-bH7bU7fG`802GF{zzOYC?3)`fj>#dJ84%oALQe@Z2X^VzVf4ALVrOt>2|vE
zxxLa*v}>#OZ<~OLpQzVAKewqD`}>G5pF2(Z6>rzPDjr#-aJR}i?pD85EPp`xV(){L
zS~p0!;_NQDU)pku!sS^jchvmlpxjT+tFrYwpC65;$F=;1J}DQ<k^Ck9Fvam$Q{!i}
zzZSQB9>M1yoIllZ*8Sp7q@6GiTxdSsOZnB9zXfSY{ucVh-$QxNr=2e6dp>uc_T#wY
z{kNnaK2Kk2)%Et$7F%a8JKr~pJ>y(F8()nI9B<I|jClKyJvTYqzU_EqQ0|9vpk7lB
zKYu>>aLoL7J^PH(eT@B%PuIAcj*I^+(|^@N*FT(Rm(e@#f4}HgY<iZ}_hkOF#yO2y
zJ#oGKCHPS&s~@KyX%>4za)n<srTIt5$D_y#aNd&8M}GeMi=aO>#z~HU@~<lARa_45
z$NlX5B=>*tm(SfJ*HF*1eoDqK1t})}>0;n3&ZzzRc#`xzfcs5L?v;WIS*N0(4*l}K
z-AVqmN!~Hg{AYrvSk`swQu8O2PNReVa1ZW;c`NB8zE0dHJ^uuJNj}>Ar&1s9!>GKQ
z|HNR+N1JyWZ24&OtihI#Hcto~KgjF{_ImGDx%xbN+`L&}+An`TUxjs1(Z7(t;`cLo
zmGd$53x7rWkHL?88RfJ2mB&lh^Lpzu*pDrIKaq8yU$leXKt6B-$$n|qzutzANIQ5x
zQ20bSYB_~_8$KY<6Mi7h0&T_o_m6NRpWCVBvhmg0XFT)$ZOt-Hv+=ZzSC1v0e(8&~
z;;Bx!;~X`iBkr)ge`-kKZXF*KcDzR5Xs3-Y*6MX&wcf{kh1EAa-CBPk_Cr5IJ^vu)
z3zE1&r-EPTN8CT0UB^HCP7VK%&pk!)%)#I9U@XD*fAk#4{W$ZLyu6JEdgo}z<@o&t
zwo`9E#XD-qG2|2d5&Lr%_>s@OTI7=KZ$j?MAI6Qp<kj~bU9e<D?p(mkmnR-g=a-0Q
z<L?Ik+Vt`Ul!J@P`8it5OOUoa#(W)r<}SJD4E!JS^$kFPpO25CF&((M{YGQ_>MC+Y
z{KtBH50!Ql-DBl0ReSRD{oF32%M>r^8-pE%cGdzs^gpc0=WoXIXj=OlmV3QD{~+WM
z-_?&ErTdPtzfbw|3V$EC&0yQN)!Hs_$oD<`e)%S1(RPd2Kj415x8W+u^TYBok2$I3
z$-jN5AI6aj;0Hr}%I<@c`X&$7>$7&xmUwYM^PXh?%0Yv3mPZ^ixY6K!1~1iqmiHUn
zQq|9Ke!qL2(jB(@Bx(1k`hnI_!=vrRt(y(j_VE2&g>C(?so^z(kn@h;hy3}Sv-5B#
z@vHtF=P_*;`>dospLgPx&lh6fg4|E{VX55a+J_}_+o^c5pHu4Zy+`42|J9C_&?B4w
z>uq@1g5^p2sE0q^NPmC5AP(ia8HN+af1xLk>x9++N7N7XN8+!^VXkr1V)%<_x?kkk
zwD`~G-CrqsW$`7H@3+uC)-g;kRL=O`gTeLm>aacEBYF{>`)Ke{d%oXb*E_R6Kd*Au
z?APR<#68Q)LpnbvbebL}``}FvTZV=I{vKG|GHS53KWTJM?Gt)@pJ+VZFXiH{t$J<W
zELX;7{L97d>ObO^ak(Frm44rspU-WSe%A6szHhV@eu(i;@HHzwj8k!^(hn?DU;bzw
zefjNj>gTyG!;nio-S>r5UwRjRU-dkQYs}|Eea-qI*Y|g3+CP%<8(wa+$m{X5+uWt0
z-BzF1P|puLeH%evt@rvDDu-J$e8}4El8hV>0!0q*rW}%WF`p;;1=XP<E-X|Yzn`I_
zjq%F-2kpoEdwr%{Hm-g9J7HWqc7CotL4Lk4LtmDk_4XC7ugTA!95+8#X6RT`ho4W+
zl%w9z&Q4jyapGnfpQqz!H8kJ1AGeOmIM2T)i8yMouJ0g@3LM50;m4$OOZH=k-B~<g
zyO$x3g>hskuuDE4yOR0Ru*T<^A&rM+!v}BV^#ApXX;&%zERoMWkJFjB@AUOaenG#+
zd<^U7N^gLVc}?7E<I@ox$1)FnZN+-?9;t`#VaS#EnCIb~&MJJh?2`J8f4OLf`epXB
z>za^Gou5egJS%upIZPO={l$Ci0vBgzb^b2!kJ5etjp4_A!2doG_*oD^y4n6WzePJz
zzvp)7c?X|2<9)DDt|4BGQ&cV%|5*NLC*&H)eVqDebg=(z*6vNv$7J8>EN<e*ZBT-L
zOku_~KX2g0U6uYO%uhVuW&TmoPiTSn^S?e1I_k9J`_oAOA<*yZO^~bb74N$XpVM_w
zm4mN~LSFV<<q*wSo?!V)Ex!I7@gRw_%RJ707ClBkXSDy!Lu>lgATI*BBFEj>%M<o5
zo2T=;i@yF%ISg98U8ooBGJ3aJyA8HJ9^^IN&J^1T%0Vp2zN!%KAER8-zvY&f+@kn#
ze!1E8QoUM#l018vmP_{coxppdU%wFjGyO~O+qk~B;X0LX-T9N3t6f=r>SH@dV?Uv)
z!uQVue?IpTDOZ@>A=iNp^$*e1!ve?M>QAB_?^SrU`ip4iI}~24er2H5?0T);Uv1^P
z70*D2;t%bM_L9x#sK*b4`jzByMb)psPt?>e?=Sl4a=+;~_3O2B>DM}yGx_Q5+^|6X
zx~`UfMT#%0U-{ha$KCI1kF(!b9%H||7TE90j;Y^W+V8URh5Emld2`^e--7qwd|ixs
z^Do`7=fzqc?>UNnHZ6Xt+z9<kHoi+9H>UN7=L!fkJf~6oy7`T;eSSK`{gR)9Mtx`l
zD&l!R`rDLykG3E5W0dn0=p9`;%YFK4;Gt3CcL83vL|5e;S6-uC+K)>HKh4L;EBeG=
z<9!<Q+d1hc=FeEXA}`6d^AWa#d4X)XtR0abr0Wv$H=w&6c}Cd(m-GF@8KWoggF-+0
z$7}UEsnP9zvflU9ru(&@1*Mnrp9?R(yC8gsx7#?#{baIU`EwaR7Rw{Xw}byp%*AqK
z@F9bT4L&R|&TBIGh{1yf9~C&%t0Uykq|uB1OWru9F!}itoYNHYvxj-(ru2FD^C92a
zRniZ97h0}idFmnYy!}NeSCu!O1<m7q&l`1JHmu)<`q-B#<MQzS8o7T^$Lrg593SL|
za=%7CDfd~939G-y65`zhd-e6&c#H0<h{~$ZrPelyAFNNgVt=UOgMQK!;_Zh74*4r~
z81Ps0*7!@i>qkBEXBs{t-rgzlCVu{WpHF%osmj09dalkZlvVzv))fY;{6VL|Du3*U
zF<9k~c`<?G4UKvo$=P$$$5!3v8T3>79rCGP<x+j0d5`HwG^KjYc?SB8XlI&-pZRRS
z$vAgi_5RO{UUIyi&kYM_LONza2lMUhKFxi=Px|xVE&2Q7%b~~SXT$pY>eOGiU)N3E
z1RMjwzT5LfF5}W~>R08y%&m!jsQfg)7}%il@bAX>e0gc)pz<%s53+t<^rt{<+K){u
z(GM~cza)PT^eY<|HfHRX{Bplfz6{}cHXp5(KffLA#!)|d%>3(>at--d&mYI&V^}Wh
zk00i9)0cDB5xdHb4bVP#y=0R#C$K!Xp%veo;LpGB5lxw2M=r*n@0-Z(lZbYhKVNP7
zex8<3*WIsCdzdkQzQ8yUuQmJXHh-SP3*Q&;9J4d`$L^oqU#tBV%kIz3zwc6iU!2xB
zFqi!6`IlDs7utjPsaEwfr48ywO55FkxIc0Kq4cEw!~Kc*j}i4B(X{n<Lw!F&4rl$D
z@2{sFRqkUwJda;dK2v`WKP&Yky-VIC^V~j8_B<riKZ$oiKK4@RUu1gc`VwEL`r!UA
zt3RopJSKETQ>G`d5&q_l`x}g3-OBIyEUlOBQ~D3Vo5p?D3y=FMhg46LAJHz=qi9z3
zE1XAQ9IcA;1#Opn{CAwc6Y{A)Ge7kF=aJ8Y8t13`tKvN4Ch@%MT9hm6e7fgRIB$Is
zTf#bm#7E!P9=6B&h;uS;6yDc3-y-)BujER(aGnA0DF|F0=XD)`<?6+G+KI<`zDJFs
zxp+gTwbL)xkPeM^I<FOvES2X`k{4)y>DR@+M%t?C4`$*S^)MWVO~c2;BL}1&>E;jf
zV*=xQHP)WT_s<)wdQfWp3xib;O0D~}-u45M@5S5qD7@vM!v6iZS<^rNF6u7R%k2|}
z&+~zCfkS>|^BT^7us;k<)Prj-qrPbTYl1;g4*A^O>{f-IQ7@y(M$sqM`yTg8Zj)k(
z9r=DT*C#(8#_c;j59Xa}j}}i7du~^J^V{<usNV_W@jQ03Ib%0#GIsOmbHRt{KDC>f
zHFfRgqMCNILo^|^n^C2&obsoh-Hd{6_-&Q@$nn}u^*%+l8_m<5pMHK2?5Rpm)PDPv
zjty!zrR`=fusgAr4fERz^(3^H9@@)>lWQ;Fv)YG!M;hy#2Jcq--A<DA=Hs)IXe!Nv
zSJku=O&qfJ7TU@0VtzFpPpuV&2>pFFkK9T<E|?v_PABju?QI$OSa1GxuKC^WeVQNB
zvB$}LDiGp#EOd;cJn2|WI_j<WT70Jby?hSksejUbi{_>Aury!cUpW6l{14KvWadFb
z{&F3M<+jOw?RFV2`+gPr5ez?q^8n!J@vDCx00_m8^CfM(0;HZ3e+LE-SSLPd`03h0
z{AUaPqv~(Y#6$c}CjDm${@gtDUncfapFhu(=e6c{7Xv@ur;z8Nd}RG$GVKrbnf*S1
zTjcBKhAQKV%l!t*b4K^AEqq^mpXMo5`Mbs0U4!yG8>iSGsASdrk;ktzzq5F}UB{8}
zh>jcMZuJXsx5mw4d6Uv%`;JPjf2w)m?3mmyZTS<0lXD;1MD8Vfe-!6<TYZhM{@z$L
zt^4%i4La`<@|kg+{OknZni~H=7=HZwpx>u@@IWdz@+ZDnVUHj6^XvC$ee<`~`@g-v
zn{8a>{TvmzdjGfacLDpqFYAJx+BhM}BQ9Df-FF{XzvI(2-%7_9rA+@-{x0_@$v=0C
z9$<fq$lvAc@{Kckmh4lp^^Z{g*>x<}hi>o#`@e-A=3$(w%;#Pt42h<y<38tcqe<-#
z_34>c!9Ef1`3u`~{6GA1<vao77wi21_tX8}uh9BIewNKcW&Wce#l$bX0riVBY9}85
zi1*vL-?Ze_iZAdh+~<~E-=UxBLrK<KIYj?Gs(fx9l=_In2IC=qSU)yc1CqDPabfm6
zP5QOak6i#1Vfj(u%Z}Svz7zLJ&pDa$yEEm<kFfmmO!-5Z@{EIF`Lj?S?+aLe`cazj
zQiI7A>cQU#9L9Z-i^+k0k^5lt@|7#ppBxlD!nt_jpQ5QDg}ZZd#lB;?V&AdeU#nN_
zI~ExGj`e<r;px`;A)lznSvitlPsMy!k~i2oT`hgwT1Ow>iTinZixP6l>S54d-(UPX
znV;xV{vc=J&*#_X%CDZd7jl5UfOScJ71Bw)VSgSGdj3hr1#{5j`;cEc4?VT^CFOHJ
zHUBy*?WE`D`Mmvp%?Fb2!R#~G;+mb$7oJy1`Z;c28NAm{J;CuUIeu^WVDO!amOS=t
z1m96&zyA!T%PaFT<mndYR1ebelIllP*7X4&pWr<TE3bMK(nY<==YEpuZ<qO3?{BBU
z7Qb8D4fg)F2^`|(_{Gmd-K%Dki&yLVfuHLUcj!8YpFbDMdmr=nb<`g1_dnr0;b_eF
zDeJmJbieLXj_y10?-jlGcG@c#j9)n4NWUD~nb0*R#Uu}%z@L=MJ5WEQpZ)iF-nsUz
ze)MzbSMt50kLo_eS;a5&-H=b%emn67?XR)+??(HD@|4KI{Y9}nBXFtJ{7dp3dex8g
z`wgm3KE8s!tDmxSRk2USV3+?Mfs4sH)^3B#(w=`WsaT#gcvhZ={ApyrHfcZUf4v|4
z+M~za0h{kCmX-ce>#6Dox0~F{st0rJdlq@^)OMmt)i*yEAljk&NckO<bJ6w*y|vB}
z6~0fJTwu5RA%`$-yj1k(3@H%$$(s68Nc%m3KiU2@we-jIpZarNX8$CYh*|IEK!4Kr
z&v!`!AsyLuPw7uUN2lStEJKInM@C23-)CgXdH#~Wn)2%xf0E`+IxxfeZkngIZWcMF
z-`Uw}@UT4}S9r$sa-O_2npJ(x=GD=z3DLXWhE^G;kYDtlel1MiE$t0-92B`nQ@Vc{
z=SeBN<5s0-^?rqS-lXta)sq3wtJm87)mFY+@eFh*{%HEB>c8=uc@f9Qp<O%wF2ekp
zj}!d8H1A(z{K)5S1_tC6oB029-6!VY7(cI{<wu%l|Go4h93PS|{{HdF*cbJ*b3xyj
z(!>4={uYH3{Ptc%`kY+h`TYop_$7XBQT4v4bAaFXi8VF+RLURw_+>!!BA@$=@FTRB
z&9(e)L7EZ2zXpF&kG}TCh4@|1BaWD!?-qSR+%tHO!8y66epCGu#<lib{a5O@Ee_f~
z1I(X`o~8Ra)h^Qgp6d5gzpZ|~xJ&(ZG-G;dc^l<|E++X~=%+s-{nmV9VA<P+F^QjE
z_HKcrvi2`tHg2%?FPc<7lpeZY@7sF_r7JcYtaQd#j2f){h_4tnSo;}YF=VjCfhz_L
zRzAg7^b4GvcL+a<F6H7Y<TlQ?+p5o(O~@7RZ3zEL%eDxNeO)YGk@qgtk8S~f!hM!m
zeX93;m3vSR-%nG2u}#R3b%CrLI`N45_hz;el<OhA<}WEPa)jlEQO@5tb^qY=G}Zp)
z=csie{^dILFZLa$QtOXIe@ol{Rj%0os(iNd$9(-PPR<=uy@Woi-fuB~oaD9Yf8!DL
z%VA!@c+dVW5B5JCyI;txUmv%hU76v7z0beh-{*He_<YVD;S2V|TRrE4#l<Z{a^K(M
z5AuAuAM!!+&q)!Z%!hh>IR|_x*mup+_`F)>J*9blh)48xo#G*1pZo&o7n2YCJf1%u
z^Tq=!h+q4AGVr&9UfM$=uI$GRg5To0rY9$L-uQO~zv=Bsz@Mf61;F2{uT5dxay`XS
zG5%oQ#(wfV-ediqM-1HjCHd1STP#lgjo4!tC#hFHf0NF8tkU|Eooc@w7WbyQ6z<lz
zP}rg8u0%Uk@8Y$39aydRaSp!KH$2^1e<Ar4^`HI!HTs|UJ5J)^_ju~<6GZNhpWfyK
z|Kq2(|ItSN%%``yP*8up<1FDb^&zXbhk-wzdy+h#OOJd$>B*N;53A!L?bzoB<{Dpr
z;WIj~)PV9yyesSc+R5-M=uU-S`77LjeraC!IN1F@;t%q(lbyGJjQGdUDg4sBTw%Ts
z%wJSDZ-0qApDS;lZKM3Jk#f-qpC5d!_=n<>ixuBV;5W#tkmm!q5fub|$`A7+$vCD!
zZ4CI;tZ*`pvHG>_;odgrvB|Tk;atJ95dX&clQ18D-ffKQI-fkye2?HMmUX_Q)O?@7
z?x!i&&A1beKN&BGuM_v_H!lS~{|;xVd6U#HJ*bM2<ZsQRazDx6nk_%~`NrlUc^=<8
zXyq(#Z|*nP^8DsLf$69D^KtJVDp-+!*NQi!_uVT&Z;kN_B@z0Gdh;k(hJM1<LGeDU
z=-1vCDIsykex27|u5i?+^NtrZUYNslf6a3xF1{M=FV^zT{~ORxu=;<+xe}MRfsTUG
zNBwNUpJASKDW3=P?6Vvf2jyRn^5p-G;J=SUoZrMVVb2fW3b`ixX*Y<ZabBeGGfK{%
z*kiDtKe1b3YtPS92=mhe+}GB<PvwGG!5`^4o98s!{<~W9d4tSbCbc}*I}ZX6=^eHD
ze+_z*_n~)Lxzn)Ui~SGkv3>7%*x#?9en_Y2?E{Kuu6Xs+PlN7cpSbTM8<&cl4?YUI
zd47oKbwF1q=?LhO{%zCtNEa=PeE9_E0$+3-Vei#qJ;C5{TgNzL@Pxtp{JF{_IX7cM
z`Cis`=vR(%KbZA1Y<E`L-75Gn&NDpP9^Q8_Slh!sS%X#n={XmwAIW_07PY^S&mxax
zzE|xvnlk;kN$DgXUW|}&Jo?dTe0<jl>c_qF=*QDD^Sw>h?yj2pVc#bX^kFO3o95C7
z@5h}PI^_NCKz?3sC{vDh5X~50?@0OjRi4Xe=L9x249SDge~29fdb&IGCxO3M$M$9v
zFW*z8eR`a9|3W*e_df31z^AZXu@Cbj;rz&U<Lj%?UZJe}4+d-=qF8>D<Z-1|U2iPT
z+@X2htokj_bDSRPyW?98e2iysExF>P)-OyQ((#P#-zp8WG~T!9dY@cN?eCXsG_7_O
z&5WBJ*gpR=<?%@!r`~lA?Vw-nye|HSl`i`pX}Z6PUI^pRMe3hw<u@CEKc9QAl&g|Q
zpa<fwOg^FCSOGpByT3YY{!00sp2u=n_>Xx>dw#^={RW%ANX}!alr#NXm`{XsK0)X-
z|CXG`V*V{TkH!33%c$@JbZPsOM(32$=llBN@qQ_{@bg%d{`5SSH%t90I|}$N_GkGg
z`*Q#_=pTRf2Gw68@b$p(eM_+?i!Zh8=|`wPpFLr{QtWBK&VRsqrP<rtL?4S~wKsg9
zN$p@}SnaPoD%bS9C0$R#yqVdHt|#GrH-pEme80e$|2DYK;IhGM44yQ2mB3+q5x*Mv
z$L+?izmoo{9PysD(XV!2YJG>=SNZXaXScPd@hl!061saEuGID9GNq{FlX`iN`}sdZ
zKk~U%Qa-fTn(-vCSFis;)DPFsvw2Cqa{_jtUbM^X&Gf34y?Hx-%yxouU7$EzPaXtJ
zJ^p`C&i!!g=LAI3J?vA@_*t_9wtKS2)sLKw{u#d#{3mf7`B~sk#!ErmteLM`KWXn1
z#;1+sXP_q%r!B5C&el6e>7h>{-tV&YUd%_H3Viw8r-Z?w-#LW&xT<_4pu^=lkfCFg
z^^6YE>*ZdDau|n-o<AP>;iG{)ah%V7h5VV%j#iUC)8~9n18ZncHRTf6(*)Y1{$7>g
zhsb4}us27!)Y`wqdN)xnvnm&-Bi$eHX+aRuQ&T<xJ<j)MX6V^X`4~N+d^%VzJ8lf(
zj^vq!pY%q5!F`M06u;}^OWyx1?nkrg*PE7XotJLWmjLgjkYgyf100_iy~IEIZ0gYg
z(W7YcpkAl8s$O-kk-UKYYCy|z_qf2}KBpVuDB|v|Nx4QTr|UUkxiwO5G%432<pu?&
z94pQN>Q=eM_I*lxk5I~C9a!ipwc2^^0e`c8R`ev0AN4odq4@#(z3#b{d=Y&N_;RQ0
zBcBy{r0+Am2Uy6j-4-908eMw~ZZUYD!94=U$@|&+?fxpe->&8D{H3T!t}x%w`cV;t
z3at1eJEsNb;s_p}2gUwhfkQcG?Q1FcPdT;$AN$`A{cOs8gXpXE)cLk3Js;@mXIAp-
z0LCMDPfg_E`ZU*g<Y%9R9w+@9)_y1bGx;X{Q@u$0XLejxey8h$%5UUBim%*eeBElW
z@)zeg2^{)k;m?$GKeq&Y5q&X#98IQr@*|9s^SNhK@oAy{V%G-nEr>^1J(YYQhyxzC
zCs8lTjI-v-2OefSW7eMr?4P7ugSg>%A40h#AMp2R#<gBmK45+)+O=8aoX-ta@j>_)
z=!@?={WVw?_M7@rYy4Vooc|%{i|03CKPEr{_4h4dKP<1w=dP@xZ=rJ9Nd6s%oNi;i
zZPKjFkJJCTJ%sUKFjKCcd<JUt%fDMyPd<71dKCRqrGLS`*9t#`d1`~Z%s$+Yb*g;?
z{#4`@#H$0Dd5U3^!^=P~zF#c$<K=C_h^TCSZ+VNs+Fra|{Tbdzu=3<qCI8w9n;$0s
zyq%s}e6c(>^m~lQ)Q?B^!QW)_Thn9T=lOW7f8F|2@?)!xYc=gTq4^5(gM1*T#BURS
zpl@*NkNLV@vL3Td`I_X}$@erF1yg==zM>6qi2qf@ANUc$uVTc$w6BZ))L;Mliad8e
zRBJwD74YYCUs62w9z`ezxUO8h0{_F0eu{AQKE6eApZp+wem(yEfd6Iou*&j_zc%`G
zd|YZhV6cv#)AzFnrM$=Mc#Fkpe?P?HbUdQ*IhtOh_%~RdSC(#y-=H65Ki&$x_581?
z;T9>7#!cPVmF5My?<>s<bbTp}o4Rjot~@lGFaG30=tn@8_<_J4+dvWN?1Mcv<<<&)
z$AbSU=wGcow;%VLmb`Xee3EY$q?pk0)4jFvT`&0h6<^@TWPaZ4hkD<K670{%z-oLS
zLFKu8Q0n3PA_fl`e8gaSrPPjSXQPCJc9`E2e<$t}|19u_aU%O(5a$<Ie!G>QM0uPW
zD)S}-%Rh(~cn*}#qm-6^RNz8+)SmyXJ=b}o(()e&9JaR`^+Wn7_mIB#X6QSVDNnwK
z<=-XzGJ9G6J!uc;eF=X`%fD-|+0XKW2AlmXKVY!g&+`2O$M^5E`<so=dkh{jc(=he
z4p{yHgD32HKd7c0#|@@*>2H1|_FJW=1$iv*?dtnV<{yJNn9Xng7IX2G=RaHmeg^qM
zz5J%u{Cqz5j}jl|qlfK$dx7oLnxDw$9$j!df4RVRYK^z^xkt2}i<F;xEnaxONBf}u
zu|JQjgnTfcz+cwyQ@<$C#NPwvFFH-H9vA9<kNFfd!19-Bd4G@7zqgy<RWaw{^Ryhl
zx65|@d(1emME(6n)4vyH@Z~df0_LyS&>>epAEDTAvB6z}uh`ITaF60|Xft?~!OFO3
zNcB8EUmoXr^G@GCXx?;syOzJh?BxP2x5Vi3^G%vik3T;@WA9cihjRy|etez6>3JI8
z(KvXg+GBK=+G%lE?Y9`IT^HY^_FfuUE9FbuU#-_IeM;YkHF{lZd0~g;gR3p?oK*Vp
z{RJt9^Z13HQitvjjV6^}r4HLCI;s3Bb=Wv>Qu!5kjA}cr!+Px=Qha5VALhUH{^|X4
z4ddEY&f5h3x)XUsIA76kdBsNPwC8i&&qCF~`$|GD^Ap0c>3cqRwlFmG3&az)BkdNI
z@6`7R{7Jj`Cxo1kKG|n&<F~oS)l2p;&po30V01Mt{>i-O{~u*OAJ8#wbbO0+j46G|
zc+==0y<YC?DCg(qC-bh)(RzE$55%oK|IItmD|DTj`5;aCk~4>;VAQAYvqjh0eus`u
zDbIF)0ls0~MPV?R_2Sk01rGT%m|6GV|KFNNy@}^OP7lg{V(g=pYf}R@^$<^MyWoj8
zbXDP#dHx5an8@WniKlGqS|dxPd~d_OBKHb9GIAcbcs>eLl<zG08pI1ZcQMdEnNJPm
z(P#C_sF$w)X?#uhD`<R0-lBTms__-$K7-qYUW^M3ZmH_;5%4P<UwgX`NW0n|_Msad
zZ4dhw47PaQs^=6{@Pl#*_;^_OsPbrP*dYuK<6qWJhFHHK#bkUkVf=V&hL7a4>#>g;
z=dzdbCs00!?;;0lC**^-S0o>1RFAXmg!X$Y$|dtE%Z@;UQEyuHE83-ehu=`Xjqz!)
zU#>;rWc*fle<8h1YM-^nZx8<t+TEu3Xh%@XV0?&|An=Rojt`O4<L7x}t?}Dd;LqpQ
zOSu-{&wfYf4OgQ6VtJhGtGWT@7|QE^M@Zv#Q-kh{jS5Qyf#(NNq4N7d(SSZrz9Y1N
z?*~PoJJBcjA+ntEYs8iIc_*I-dLe$LAY@2>_<Ach`E>Aa*7RXapS#|L`p^M=h=)}V
z^0{lJU}*nYza@Sru>T2bZw2s#b|rQa#DzbdK+v}z^Bl6C{kaBu9wpy{8LEm03-v!|
zp#5X_KZniV=zCk~{)17;6Vv?%n+<mVr2aoj_8(O8xmG-KfAy=INvHX%WdDKrt7QLy
z`Kx6AfwezrbWSOK9@pmIf1vV>)9=BEef$0cxBsTaDx;er9R7vx0Z6$}Z(t%KxAUQg
zNjweoQT$vGFS7pefYtw7@FCPQk+bPl*xrPd{|?F*$^#M~2U>MJS1jKwaH;jBGLAw&
z1jf9cTyYMc`Ttc0HyXUg;3G$Y9{uby_^`mma=*cc3@#Xa(BO3j9}qay`!!s*3i1%A
z|Fe|4`Lm{mr?Od`6SiOKr~Z#t&T?|$`bzS=6SsW+4C_PMj~UH7Fi$D4udl{i?EU+Z
z>V0=&zdIFwG^u&QUR^Fi-f~phqh0o$PrhhA(cAFk1?Lf@ll9+^{`$EZbNMU(-p~{1
zuNDx$-V40h_?6E!Q!T6gVxWi8Z}*cyKD!0@Livf`TBrPBd|tJ^(r-~h?B9n!p8Boc
z#XnO11a>f-$=kF0rkqbBnf7~_?^^rx(_ZdQlsj2+j&`JS{<jJ_&;R`#&ljDpb)YNR
ze;f3_X56U3|FxO^XZioK%>GJBgZzIp`ETpy>3aFnDm_@J9A1*4W2lZCuE~_k=HZ{;
zpXT8U+0UHiXV(exvok|qmY?;$NA${?{G?~9w5x^k^PCJF6Lt96nkh%Up?v>uH~qcm
z;eM{u$4L(CK*vcKcj<UCIZy1M!K3cK1rGgBHlGlCGreTHD_{?yKiI=@huI^a-@X#<
zPwz4RyHBr^>c^uMEkYmm!AV{btw06*l6?Uy)W7?9KUyJ=@w|H6Kg)Il|3x{neeU0n
zN34GvhNYj(Z?6jM1o-7X*8eRoY&Ce+;LQTlk3K=^6FBU*=ylLO<wAdif7qX(aYOip
zceJsO_<z_F#9Page1G^+lZWlEY_;*fk5gL@%k$#QZmA#2N&JV&h3Ba63G+t~LAu%g
zr*O`Y`$d=2-V&+N=a1n#TlMfFf0K9@j{pAQJjg%j_hIU-(ZT+=8QzycZ+)E9l=}jk
ztByZj5A^%@i=O#3l$(*_IqsJhK4<bC#+{1(B476Y{{5d<_DAg7+6nuyAN`2RDi7aR
zki6&Lx>fbFtnx_rC8#`n-$J;LRODfKiRU+a2ecoQ!}l&gd()N&XXpvX8xOxeh~Le%
z$DjG!OTmFkKGpO)#<ws|ZUz2uUt`wZ>+Ng2ANBB^2(b?zSJukoJ3$xwdk@<&ez05@
z>D@%Cb-ae*h?ILv*x%)rhu<Q_>W{l;JWsX!^-L|F?&ntcM7}Hiq2=hW@h{0g?R~1=
z2D9U$`m6N0!o3Z)PT~BAez$`p%7G=wp9$d4=YApfU6_2E_?H3OClyWIEpY7fpgT4y
zyjtf$qn)=ZyjK0<fW7|`uYIrjnbi;LwR?wL2Rc4f+kXUh9Oi$d?{@0z0`kolh4Pzc
zz6A5~;KcFi?Q^J4)2xm8mc{nHlYoBFTlXj6^B~HxAD5!uvFPp7*-ln(*GaP?KgW9!
z$|ZTW>+Sto&c};Y^F^k&`P`A?=0gkVo7Q%Yg%4+--m&oEx7f}C_^=q|j-L;lnPR-w
zd^?P<jT|2Y^Nuh73}B;&a{V~hxey=t+dHn;rX^2NIN(n<PD|cudO|!)&O`lOTA$xB
zuJGfV^ghciV!0ZAyA4J7{C4o6$wvHPKe*q9y>z{K`{lrccKEvh`;6flbDsdr>m|{b
zc^iIj*7AZ0x#D|z5{Hv<Tv>|AeuFIjw-WzieIC-0jSu7l>Hf{9!PfxaEcqVv`yB8c
z``477v9w*%%YO07^EdcYX@dSKqq{|J<Gq?X`#ffLD_--H^rLg(jk}c(IPYKcH224u
z?=GeLqh^I~>Het+fs4uhs&RuKF+OiKSogmm?h739hx&nin|gmz`^UIL{?fnq;}-ck
zwH|T^^sp<lu8_^EKYlLCmkl47(3i=pPwk{$^hv+5PhGE7d9}TVljPO*o=}okAJY7D
zg|_48(uD1<%H-7t(J%JrKQjA98#y1{Iw<(!?Q8V9VU=9dytzl<>ik>JzhF6}Zpe$<
zB;N|@=t8^x{SuaA+{F8mA}7N9CFkU~HmV+#RbHjmMFy)pORWtCtGr8g9$!>eeeiP|
zk*AAX{rgby$YG7MTMo$;dS%abe-7y&DHy+K|LwfNupceLr~Oucjp}V{zm&&*JA?ZS
zJ}UT2t&LUupdX7SRqvuH)ql<t)2~E3)A7dNUj%qY=cUs9&P~EGk4O33g93+iZiZgh
z`X1A}+SR}3p##)|PhMQxzf9Dr-wFRhK7AYi;r%G#17Qp!!MAjLR{1?99lxe>*6|wl
zREiw;-jB-oeF91W)612%>=C?G<A%UK#jl&6VL#S@fY3f=oDh`H#)%hZ>~oa%9K@$9
z`Fxj<m8*&)Hs2YJ2W0+m0po#I_>uTt8wdEhldVJLbAMSS$9jJLs(JkUIzG4loMZI5
ze$%h9p-Uc+<|GedPd|~@{#Jj_$>PPO`rP+#B>OfL4aUh9CsvzXA;$8Tp6_ShU7EEx
zF{aPwjT39tPH--}+E<I#>rLXsGi-dfNAwB%?#1rrjT18(CyLXyKQb%tKz~FImal|y
z;m}QLPoY06ZBTzz8aYlswMG3@G;RIeP~TsX6Is9M??uv2SANe){Z{BFB%d-piKdj#
zw5N~I@66hKc%yz7E}FIZgK{c2#*;9=I173gt+VHg%%5JUu<KtmrG7E1KdGMRcbB4L
z%_r*S5qi#Bnn#%5P4;1{zNC4C=M|nujEg=MXH8Fn{tspH0P=(S(TOgTj}JpXLccU$
z-tf^CC?DV-&*Tl<zaLGHYre2+La$YMgU0W4K2GC!l;jN>$J6;Zjo)Frn=^Ssm*ovV
z<@*BxeVRASYP{UORj(U1%a!uh`L<DktMdk3-($H`!LM3*1MRLlZ#XFS&U*Y|--E!=
zd%ccq6?w%YyVWnum>rGGDxAdq34wiIR=i=i(XZq3u%8<Db$pI>B8&4AQXc!(4IVeR
zGVaG)ERWgp6>DGhsnq(2!K!bi*8K*1-m=eN^M9>-1P<wvI2iaT#y#pE^9btSsj$7s
zzLU|Eya#!<@GZnc`9_m!->kQt@9Aaoct3|V86ViV#PbmFMfl#k_&kX(`CKgg2=zZ3
zmu3C5Amm6K8aKM14ZF#%=QB>w&-%P4`|0JMX?_?k2m8Kk-f39z=5ybZKSDaH#*xT(
zd^{N9J)d-B=1u0J<Lr<Qn?H#kaylN7KYag$$I*C&K6n3E-!HyG`B~QTq$BHpD96zM
zJOT8C{iYs=^S#+|%Q>JW)QjPa|G7>4&#?NPnbCUwNA)%tx2!Ul(xbih7_9y9?-7RW
z4rcui=%!x2HsgP8#Qo$u8~**4<MuyGtL#htPovzYd^FC_?SJ48#12ZWC&%91t}sqj
zz9sA5vj*>x_He#=LMKQCpUt1ye#?-*>bKpW4Q2e<U>$#E?{}6}Zq&b8{wJDRD)lL^
z@5{WS=KJaR1&JGezMc@$MgI``p`DojkAic%Per|a?kpi7te2hl9t0lR!B&(c9UmO1
z)N9U1@%}aRbN*fIf}oXo7!p{2K4gu~$NGEni(1UzeP72j!8}1N{)B#J!svU5^vziN
zm<JR8Wd7Iv-CXM=pZrtyqeuAe_<h}ieDHR*pdIS5_(@xj$jfX#<Aj~JVtFp*I~N~(
ze@2>ze^&GF?K%#OH`uzR=k4992kG}TRZmK-56F10IIG{)EN$7QaPs|CkEgz_H>CWx
z{UVsxk@C^Zpx(Fj!cadb2g-Xf<lWTx1!44jd1|#EeyPb>$2p;2U1(fe3;rKVJb6_p
zFOMhpsh%Wp*T#`ye_g*1f0BC9C3+Fre05lk>(u1SKeAkTSmYPRCz#Pm`QF;yu$9Qp
zM>!ez+ra|rHT^N^9}@hl9yj`L68vlC!9SyVSob`lDS1x6lBK^7`185<YkeD!CHcX{
zD)0I8gO@3NWw$Fk*LjPd>+E*4+2V%gd%pe|kLWsnynQGWXEaX48wTZms6W(u^8a&q
z#p2lQ$={#2T<Jc>e#fV4+)Kxemt^|?De(uTEuWMt)`KlB?=jf>zuWwVt?O^M_52OG
zj_>R3IOk8wh5gU^clvGe<4fR2^?r`$h#;dW^@|}M&ihA`+8@^c)MbbVmS2bE9RF>w
z*YLi}VFT``-|1Q{?S<vs4^CZPi@w(>eaU_k9T&nch+ZOZll&8QY_N?h%Q^KgXR4ki
zdb>j5`g;2Y^QZqM_(FfW(ENP&I_O<y-|t-c`3F!wiGNk&gzHtmv+=uN{ea!-`)KDW
zpC*kj9mc0A<4d>lsjx%Wb)%gY2iNL2cwqJ2!pDJD9skB1I$p+k9h%=~+n-GN%6!!0
zJN4va;Bhvdc)k$E{kMnxwm1^%h3nP1b@b{S+|TEpEQEw|68#VO<L4tEx$wmDnfL$6
z!t$A+uwTBvBD1eQ>?iX?^6fd&pQnht|2MAJb8coKa$OVl-{hLl{lNUU?W;IuyL7*N
zkH(|&0rQ)hr{TR8gFPQRY~v5h!^%etR(rtr5XC?E`aop<0_!Y>f4`O2{4kn6sQ5Q%
z9vI5c{nyv_q;}BM@JY4D<Mu<|-}Oe%iSq3=8NS*3b7kvStH)#KqsL?C<EY8c`KWO@
z<)g=E=bMe=rqvJ66{jCTF5&C!#~-hIP7<H4$nZ(yb(HYQ<F@n3<F@lj<2K%7F#XZ^
zo$^WJc&cw6&z)}zkLO<n->T#J?W%V*;yLGGeEda!v+vTm<9UhtTsA-7fOTiftA=nt
zjpwhg?SF&#ke$z2f%?T6vm^7<q-Q<uH!ZnkUVPbgv!CJpm0I|IU+~?k_yT(P9$R)?
z%DB{rlB8n~Xo9@eKP2DrJY?{Y;KTd=1`jKK>j&ff1pW)>v(~`BhjH&iC|fA&`x67r
zZ&*YG#j?IXQEI+jV2`K7H;U&WKE?~;+lu?7cM|x*@=G)Alm9H=Y2_czl<&!uCx658
z4`#{_Wy*8B7M9<N@^}wO{bln8=}%%m&9@kA_R~CQu-Q*@zrkid&3y)&ziwV*u=$nd
zRR){=H1`<XV)E%nuSrjv!IUy#9e*}8JS6w=9<f|+Mr|%R`g=F|+%~yCSAL=S*J+A3
z$-fS2UYg`zhXl^&zEL}$0?+v4ILz}E?&n;{{7da~1N8er^U+QH`Pu^8sr4R4KKFO?
z_Q%h8+PA=VYQ1le@U2Vv<nImd#Tb=8=J#TEWrLxkLpGoG?Jsg3VMyrYxJ>8k&~g02
z_4Mp~3G4fQFzWXN%9CHuf~-Qn$Z?XdYtQvQ=?%L<$F2i19_&4>N$BAE(?169xA?jx
z+iSD-cB8#snE^z*!TQG`d)|qHy}46>33^*R%u6oP=}0-Rj1Q7?4YZiRQtpmJyyW7Q
za>@0cx-`e~>?h}0{2J<E7yCP@<;nMhgpDrJJ#O`%1iC}N#CZ{qKViAkQ7(Q^@!|Wb
z@<&uUqE~#AmcJzsn)D;D*Cw39z@P6Ah_4nfIRD`PXuh&h+)ysMQ>y2RLyc0gIE;lS
z{EE@(axHD|mhz=7x*wo)dY8cQ+D^T$Zr5vfn_gR6^xCmhuAx3;^=PT_ahb$x&5L>)
zR>*g<qg|di={$zdLq%thTj(G7$zN>eE5@y>tlgffc6-nc_t!KA`o#LgL^+;$4*0KV
zb4`tHM4P<7e*?I{rmEh%#Z92hU2@(Ki(?<2<`;W?zORUhVf+%hi<R%+@*IBZQB<;W
z$@{nKq+UMvI=L1m^}CSKl<{GQ@nxsY|E#s^YP}zKYq^0At>@pD4CNs9J1OYJKTs~@
z!y)h?pSwpM6pP=LYpJ!bCO<<x??Zj^lL|vThtE#=+1rT83;bNaX&0k}%e)KyMJ39I
z_1gdo9ToMlh=gBQe}eEF^$%9m$KV#fsJKtA@iFwr_2cUm_?{woqT>GJ#`nbvd^+HZ
ziU*Dx-=`|@sUpjH_rRFtlk+i@*PjOUn;M@gbolud^XoqZj$iWL`B+Bp$13$cx<{WU
z`k&}M6aYUzH!ZqM@lqc?0H5vjFb`-!xzK*6`8?1E>NCrI=C@RzzI{IMR(%h{<hV_m
zP1ccoog^x&A9MSq-U97OnP1-udXaaDUDe0`bRn$%_p#dLd9C^Bw*kMOXBhHD=A$O9
zzvz#zyLnuCUO)Wlh~@+So-gea|I+t+A4k62wjjQ^ewm&pa#6T<k?K(`z7zz%=R2oJ
zp27J=<~>#43z{)Lp*iYP=<mdT2624?MX9Gx?yuBC$$#!pJaerFUhz@HfmzLeni_vv
zb<V&-^NLg1enH!#+{ls8-d)a*-H86)tL3V{uRf~t=IXX{I6qk7<yt<}r!~xP*6Drr
zzl-NAC*M~el6uj7_MPo9ecv1Vmi4}$FSK39^$U3)wGZvl?nlui+xr*vqt^G<+nJvR
zdM<R1DV?l8VfFtW^~3&%oHuDX%B$YF5Dg+P%U2q=iT;G|b?xT<l%RduS>nHdx6j)D
zI@(Xqg;@G4wv6%MW4vM?mBEJ$ZZmkF!JCzjyY>ql_G35JHNt$^+uL^|@oPJH@6P0)
z?O;EG!P*Y?X$TzR6}|@YZl=7;?Y|+tO$|5%8^3T|m9?8r%Ek0El*5NXSC~gr&Ym~B
ze$6$0_{K+2ep;HB_mhPG)=sGZ6DUHxc|ZAJ`?Ry|gmi63Ir@i1sE7Sj_>25Az6bNP
zCo3*|4LC!;D|pTBdK=V{_&E)<Z+&ilui=d(FL`gMmjC+;;LqoD9trOasC;)xHQ6^U
zd=K<i<Yn=Zd^v!k<lmbpuUV^y=7ry53j263<YN)#3+3}fPX<~WMURW+iv%vUKEd=_
z-^WEBZ+e)M=Xn3v;6{V{3|?w*kHIYlcL`jy@6+NOIfZwvkmtqnxmK=S?uYully<vG
z`w`OrYS15#m>(;vU-R!r;X93j2k#djVa*Vq_??}KFPbzzI$-b)^|R#XH=jbi()H@z
zhRfBTl(ih?EdC>qi~GS&6k+{qL0>-CBNeLbAgCvJ3W}HgbHDI>)IWAVboeo10)OS2
zo=?+d@KJl-W3c)u?EescCFj#*>@bO2>#FH&zmasB|5`RA1(2tS{>00M4L1L^Y}8<D
zf70ljQu^Zi<Z&*3s9*kwuh^>Bi#E%Z_Je=;zPH+a`u%aGKVCK{<!YTXQ#1Yqe4ju~
z%I%5hPpB{AFRkD7ch?2)&2ydtY9jSk!rw(z=S!$!h4SxY+?f<IWt^9lf2ZO5_3J9>
zpkr~rOFi*&M>FNvPxj**m(spH4)}QpXGp_Xk2ibUZFb&e@E(J8{T1iQC_H2KuI^6g
zh6zv(@}oZ{9L=g9sNVOZ`@2XN{i9zClh;VQ10939?_lbAN=J9U!aJU&@ajH=cRpR=
zwQ83Gt=hkMt=(U3<+~NnK!@TF`Az;r)0*FS+#@|d#}F%tE6o;HtUvjjm`CpT&tX2K
z_GbBM5-0q9y#_dJ@~`gu)69mU51!w`2-*Ns4_K4*ABAXroR;8k!9)Cx=lr#H)C=+d
z1o(Y^v8mz1g7?_JzrI2ko6mht_;EaTvHf+RV@8^n^ANIm-8k*U`2_yZBalDuLA_{~
z$$gvEhtiUNwe0GhY$qt!#d4<q<cs6ojB<(IELXir&b8mQM*XVk5yra$=W|~b0*+sw
z9#nlQYrHJAj);Afwnu6w<xXj*)N1?D${K&MUTn{M<T>(wf#WS^Z{<~XU+pU%QM(KM
zA>$|c*^Vh3-(Pd=df@BDZ`OWnGI>C+=|^HJAAasvs{M)Azca&!>wd#}rR}=U8-C9C
zutx4<9mV>$%3$Y%`MWLV2S?OD;(bIbuYM-vgT#fvkGtP}2KZ74_S<sGALmn$EW8Ii
zsCr)(Q06y8f7dBYzMjYTN*5~}w&(aC{TTE+sPFRl7Vf9(oHq!9(7sqd^n(&l3TeAH
zqJDA4_QwbJ_v3!kl6NV-puZf?Wc?`Z!t<94U>7*ATKSi(OHLR(B>0kZVC?(C?vLre
zcB4c{FY`d+pTK?cX*uv0%9^(hG{>mHbxF-zOU-W;IK(%K=OI4!pZGd)pZK06^qM_2
zk4XK}gOOYlJ!&2{*z~BGtBdTX=~45b!12BPcE8{H+h?%pQ}Y^w)j!0|{X_#io4vfi
z`P{#Vo>s}RAdhAJP1p0DDmS7@n{W2>ho^=`-{Nk~uL?VC-g>9%VZ2ta1FI|NrQ;5t
zx7PY0->COlxs!jt1ricJXz?@DQ`g_O)Y0D<_iKGWUi3ETudg@0^jz>Olc%~LpKDzD
zs}Di$;Qk_TEEzv~ep7B#e}XX?f7$uP$o%<<oTG9I;wbXvIomlF{B)JnW5zMc;TQNX
zeD4V2dd%NDO7egc$TNOS{A1*ft`i9UB+q!F=xhD&Xq>M4Z1ro6hkpS4`CNWMdM|o6
zj~>*@*OUCi;*77$eqxF8k@`V?l0N(?eEkaO>J_a~J?HbhyqyO<T1*JnyW}F@3%_XR
zq3087f5+P&i&2-q_%8i}_&J~q@qZ4Fd|y#77ZCBQRc`4ON)P!SjVa^fWqQRtpVW(&
z>DA>BFH`zlZmtjRA4!Mw7kbnN4CL!CKMVW?!?RB7KgsMODp|XiTDv7{_fjigGJe=P
zLR1p6a`B~lrGIBTakG|B@--SI`2sq~BGU0k_%9jHwc{p!3z64*QSVsf^`Cz{HbC6Z
zyXn!tTZp_i1OGzg^*zklvLBDPyuSFqL|!+C^0M(^A}^=~HKUe&y>21$x|b5dS`(CG
z>xaI1J^$W%!>dY(yzT`O{A$_Fb$I0K$-RyB?Q2IUFaNGvi|M(4*R4g{@$p*RqWbQB
zH`e0t!(Bp8+@ja0*lDm{qoOKw+@ja0*k;f58WmR=tk<Zx#$dfh#U6w88WsBt)@xMk
zH(0N=?0pa=sGoOJe<(csqC%rwpJd~xaQ@B9|Lbeu|KTqQyI)J@(`(rA`9Pi6@iFMd
z@1Wkib{y!%>;Cm8D@pvb4*mJeLiFNEz`qc^D4bNiXd{Vu&sMM1deCXl^_tbAT5{|`
z4a)KA1<KLO?>0FSUWgoj{G{WP;}22qSmgL$<14p=q}*x0x4e5Ha(oo{7b3^@|3z}l
z+HWnnt^yAz*Tx0P)yv;$awWVFx$Ztrxy~G;TtD;fpZ+uDy6@vV?plak-?u=y{`A>F
zoIPQ`-9{207yJCiXBOsXd(b}R{=8$f&o_l~)G)wvx_`y~?1k?07k3;H80S9d{j%O?
zUbc_(1nU%L`xDf=Wc~QCl#lMWb(i~eeFf*lNWNZcy*NAXupjuD-;p%pZ+i{%X#9a+
zxPHZPW;pH?y2hlK<cAaZll5CrKOASak^W6uj^n^LX6EY=vZUT~KZt(Kwkh3>dLDPN
ztn)`$ca?q?%Q_!|@8TJ(^GH~S6&UkFQXlV$8*KAPtv-+L^XdoexzD>FG+5`Ae4ah*
z|B+u;_WzaaSJ3|ptRF{zpX144qhnm~hWt2%c#I$9yVv`_s26Yd^)r>Lub;&=&Vd*H
z?^M1<ld3;{eiP0Imv$+S4OkmJ9)0Mv{`@`YO3nwL)%LhAX`%Y?DC&p(&+5Z@8GSg-
z+Wqejr23Ga4}Mq(m`g6A-+^4bA79GQ(Vmfmm)rL^$>H@ap&Y8eb6(FbovsgqF6{pm
zxz_s5c};l~R9@7x3FGUI3?D=u=3i)^cV^@P_a*lEmw`N-j#Mr}R>i)Cti4G80(!h(
z4`k?(^>w3%bbGmXvj4MYr)EE#4{88?^UqJ$Ip6UCRK_pCbFso4uMltjd2aiT=a`m1
z8S6W3K*j#Tw1nTgpNRej>m3}g`o6nl-e?<32lGC2e1Eka<wE>Bh`+3Uw5j1?!4s9+
zbp4@K&jY}^vBBeV#XOn8TMceBc(Yu?c~Q};NkJ?86?-cvOuuw1>>>0En`w`M+}lu;
z<qksbO*xsKtB6O9EI(uT5ky4)ZG6P}lW*c4>woebv@>nxFpn>O)9CQ^qq*YJAobqo
zb^Kg-pV#s4#gC~RuzsWSh^7~=uh^fV_mlk=qXv7t*=(@Kqpb#eyc$<{#_|K}C-sgk
zXTK-sd}RM`Y^DF!?~(aFr1U&VZ%^X~)?+MgY5c)Fy1^bFJ-(_RDwaL|svf2BS=Xu4
z_`OFQL@0->e~@@;a-p7jTzn$!K8dHh6;B{{(VIZeMj4k~4}hl!{2?Fm#Iwuz7ueNv
z$-hAFyxqsv;(kzWkmc^c|L`MyJ-8C@FHsKX^b1|_@_yVUto<!5?>1QZQCj{SgOy*U
z<y{6VKjY<{1}neg<+NJjQ+dS8+YCNp?ZJrf!#My3gCP9k`&A#^kGbE-`}x0tJ!Iuj
z&rg4!{FsC9eHp%!U*ylD<WCL0lhTmy>^aLHU^@Zddsr^uyW{;T%GK+q$0xTxe@`IP
zKk*l?Z;SLjc(#ApIiR<motd7@<u87?OV=}Cnq1G2UsSgB+%px<u45d_`a&B}gns<T
zzfJkuevP{LFH}0}p5t+@Jg48J#)bHQ0Q|}KCXYjJ9z0IHdG|5u&HW41o3|Z<-e8?k
z<6K?7BFNxZfB!ig1%Bjf8?OLqnbfn7iQKwQ8vd-@W{H0cjp6rr<R=dke_*F4J3rY9
z{60S!O{)J)zt3_|;!=7Z<N<@pUD#dgeuD)BtmEM-`=8Y3v`5K1%^y%ceX!jyKasp)
zotCE@+wdpLeG&T9lzV|Z2+K3y;qzPIqIK08V`H?l`@MNZg8zqjJ}r0{jnHmjXW6_y
zOXpkhUSM%X-@o_yDz^It+;3WPrQoaO&)&m!g8p+{N_ss0okM$?gAVr3+he^>;A6Wj
ztXGz1Menv|<_$=HSpH0wFQ(-w!7wiL118?zMmg+X&^Whjk5q`t69Si(Jz%iK)n%%f
z*w0|kx7u@y)5|s+tZ_QFeUR}(!*V~qZ^)jj-uXU8S;xQ=_v`uG2PH47;*;qS?VjK9
z&gY&rZ@F)w9Q!$NHu|}M_)}}#oX<UT-gf+b+UpnCPOb4^K6kFRbCIwqw^!4U3ORP-
z5&P43F7;pSGJKDx0ne!iye8u;!2JDx_Z{v*ZU2RGNydeIPqczgGvSl>9qxW<aQ^Rb
zn_kjL@jH3n;a0tm?iv-m#bLFNVsyX4Z`vZ)|37?(`xNLh&Zm_4@pyiRyY%WxKPh?m
z9m3|^T>0gLvlx$_#P4vgBOPPfZZe)UI%uEcctksXEz0@#N<A*`y<Y3Zt5=Di-P>hw
zM~}exzP;Wrr}$-jwn<^){W8uk#J+|jyn}O7rF?X=&4U(nJ{$Yz^?rHO<Wl{e!^4b6
zlh)3nTy8VQBc#6%x7g0Lpg)<{4&qu{CO!#$1;xYq6ITEE8F?LId+W3u<@L7AyxC%_
z*H3xvIwW~s?`f0z-a^p+aE5N_N6^00e@UkOKE8)x?T7tr&y>sZdz}0}0X{xO_;`kN
zJdAq_<>Qkx^kw<DCBsLsR^)d@z{m95XVt`zj)n5`lnfo=zR!@KzkvYK_gYjxeO?~p
z1JiTW(=hK5zVB51h$ht@_TFRg4z(BR<z3D6H^;8moyM0RfxcvZKG3U$%HxNqAJUzb
zN3A@Abmu9LS=H-w9(Yzd7|Nq@9{u)yd^1DGs=&S|4=?vuD2MU1`hzo-pFV%fat*kZ
z%_rg&TCVq$I`hCYgNo1m-n{rM@8NeP*dD$cCizg9-*7xsoE}sC@b(uW$;0n>#*6=k
z_q2UKOER9b`GsUY_!#yPwu27xs}Wbq^M}Ci`FvBui%DjMUTmhnnUUMF&*Tu{AWpR5
z5%HW0yK2gPObUj2Ao^I)`pk=&@8)w?YPkS!P5ZU+L1>q6r@jRGo_+72hx1Y19{SmX
zmPp^*s6Vq7m&TMH^0NznhW$Y?DgPF>6O`M^a)ICNv2qd0#p9iTz*pcy7jq@sM}%{L
z<bKG%h4%A}Y(MB{)}HG1^JdgLmVOo%*w5F@+0WN#KLdKRa`*Aam!AUqW=swyU&?_T
zbpFm2SMQwBc{btmGHNsM+53T6J522V1nloEw7;^xe^DR*`ASFKdA2rrUTdE14&cwr
z+iU25U=LY&AEsXn?1B8EUSFKildOKVWb9$k>YYnH*=2H2HI;FD7oLaq;O#tx?F8kB
z$K^%)biB(@F20|&0((g2vvu5EpO0`3_#Ka*e2K_O$L%KrKQ$}#lg}6Y)$xb^{$%Lc
zO2KdOD2Q*zi$6>M1;Fq5yRTD(e1Zwq9hWElOX6O$#=TkN_a;g$T~8(7h_5OhlPLVs
z`1#v);^%iyTKrs0zK&_TN&IY4IEkOOj+Z`flmZ+F^5=1&mi_+nbUZIeF}&xm^LUZ(
zdup}yQs1xIs_Ui6e%01dod-6%#<`*bhkjr3vPs3y{6z92YmfH-`6r|OvORCW_x>{Z
zQyU(!+%sU8O}S@D!4QAePy71m8SvBLehbNK$Fv={d-~~mdHcR;<cSF%^u3oT;X|j&
z-SU>WwcTLF@88eC`K-bZoY$<+%ZCkKW$+P$*BE@%;68<?&A%DHk~lM^?JNQP(tp!m
z@@Wt9@+6KotHS1UmkGYP_~!BLN52DoTR?oP#kYL!JZ&eCC*@7L-roegkS~98%_slg
z8z^U0@K7(-z>$RGWR4@lys97d!tzM-E6Ov^3d^r$`E0zeqo=Ib3A)*jSE3%`wb-}o
z5uYEj=f8*N`P_zi`R((jpIIQkYmH}+zstPB-Yd{JetXS7`968t8|e=DvJdf;{aA`~
zm(%@K3qK!_^*xTV-xI)3e4XTHAon(wdjJpdn=2oBCGBiio6e7%cCpMeaG%y@)C=)R
zyQb&ich-M_^G?%#)IRqopL?3n5#}fT8T}CaL4GoU8thk7t$x|~VJ`pC#eUhoz*^`2
zY^I+J^i9^UgZ9U*{XE+b>>sSD$Zxz{4&~Bwf3OI}azQ?}(Dr_Txv_<`_cN4>ACzX2
zxa@ittt6F*lOBJJe#W2ABA$`2uZ7;{bKjD3(Hfmci~4N-tXJnHl6ZEO;)|}3;#KqY
z@mYF5-lFy6(`{aEZT0-dZtA7YZwMWTKiCIRcYaRt&p=LlP(Snse0wCBpPN-WYV9+W
zcE|L2Xg80L-+|pMC4Hvn)UR50Pr84ylXkPz?B>}zKNqy0jl0s1p#4seLOh?$v@h}5
z+7J8ru}nGI59_~OzOSJBg!nzOX5h`kgY$>=eer|XA1rYV=aCw$aS;1s4AwXp@<Hs=
z?2PSv?(ACcL$eoYJDzu6u;{rtX5x&4)Ex40-@!bK%8&S_e^>jDZah|)yj$oP=&<$I
zsf|ik_y5b@n*i2zRCnX|NqMrfP%p`oZ9(vp9ovc$ft<y0972>B9LJENEQ+15RI(!M
zBoOqh5c_KQKu$vJ<b&2qAaM;Xl5EE^@D)=iaoL{BYFbL2l*K@4%x<>gvb2U${6D|5
z+&lNa`xMEs`RM=SCf2-}IdkUBIcLtCnL9IA-oJ)BUL)}pdzs(iPC4i5ZV|n)dl=m<
zn!ZBemk6HjX2DP6BiHZu%S<_Wb^t8|z4w9to_y2uq~*{XPrhrl-2XzkF0Pj6N8m@+
z{Afc8ZZY6IJurNI1ZVv|AH19qpRju@y?(~>SGv*u&7@NK;9{;X92GqZr*Sl}u#l_c
z1fRc*$M{)8-@ziq0KR{00KPc_KP-4)Z@8a&diOo_Gqn%UZ+O(v_ZPf!+;2Vl%}%T$
zc+~e&;#)O8J{+AXdbKg8gGh<ab)sH8u%CFs?b7e<d{{@#c|2c1J<w+hEBN5i$L%z}
zc;ombo*tN<j5U709Q^U<M*T+D$z0dyrVZCmzpeo*KyX#pHK^hAWX+3K68^VyE|uRU
z{)xYiIhK6vJ$py=UEI%${peTw_n_LvC2ivGFA@7$8eYPBK<|?{y{|#OS5Vr0DW~^s
zll>B<XuqTE^XY5Y%=l?tU&}Y?JR-ecv#9A}chmM3dh;-yYcHHC9pL!y75OWnNBfbj
zOS=WaP}pVgFPdK?LJ#h##?O54n6}6G@HK7!S2?u(O??fzpJv$FdqDH8onp^jzuNI(
z<+pv0??JKWJ|EC8z=yY=O>)17$%@{mKmC4fqyJBjtNre@nJk}}4{uKKLBAuVdJyx$
z<Zpa1xf>sJoK5K;?UPk~5dHJ{kRD%PN5PkO5MR3V`(&_7^(?Q2%&2ht0ORxVV0;Tl
zq+KY#Wj>87(k&BykKtcR`sbH7d9+b_2MjdVcPWQHoXs<zBwuhm^UQO|&SmX?O7HuD
zU56iJcKqQEqJI}x&+ij>eDUlm`%j)-Z6#2&`z<KfrRAs@>2Y|o!fhfr^bd?Pc5i7u
zxRdpuqF$?q#s#^*g9bHv!ja7)*JfQ;*e>fhZi%cbbnSQp=Z8B*UhWnN>3c|=PTxb)
z@``7Pl=tT=tRLDQwC`=HbsUrDsa51zN9p;1CIj@0)h@fI<14db{*7l`+PovFN01}v
z{7*Wsl@HE;T7KI6e1DaCv;6XWa76H;Q_wTk{JTis?}+EE=2sAb^i=S})30jt)HdkX
zFc)V(kLTZNf5#fXyNORWPwkjoZT@`x^U0Q{(R-V}HW8f7U*9gx2+HVm^hD<lrQ3Vw
z4yUr7`t4@^JS62H@4*kjKe2rphk4y5ykF;;C*a)SG@^Sv^FO9*qtNBg|4s#e(sI*r
z2Xf0=XG6QrPsr^M+l%<z!a;6le6Hb;#@p3D(DxY8xkFtCkIqf(7d}OPMj-Yg@-HT9
zyh-sLV0eFi(wkb}sCMq~2RD+vN}rSP`0;GuQGS4L^N59L|F@`|yItjI=L{ND&f`6I
z_^`;sKX>@@>7Ymag^8R)ZB@GdiRjAO*N`43SRcA7_2IKrzCs^X3mo(z%kF?5KinSo
z<9J`gzj8r;oii<$YUd_Cl%k^za!@+_b%FP%;L`o?`RIQUKPP^Ea3|ppM@9dh$@#%|
zrsynUzU=Y!n?v#X0Pf?YV`i*pW$@Mff2AY-e)6xGzwvpaA?+8-wO@>C-1^-fi9fcO
z^TXZZuZO#&AJO-+B%gE;Pvkc@N*sL8(a*?lrZ}Fe`$M$fM0lD6zB(TBU-g`zM+eXA
zl#XX|?&H1W`&FASo{0BZLxkVmepKz3*uD6ipv)&+!vU2`D~Gi2UgJ#~->31S#`kjQ
z_aoMy5#cBJ%l$+9Gy3D2X~}-PH`RZNR1|RkOnO-e<a;c>{VW1L?Pq%ap1tS#;7qE=
zdynDU72i*)HjZ>dzmNNzp!CZVcTP~pb8RQwefE>LE1yZ<*^X+z1^;d#f4}map!TC^
zyb?O&bAqNHZQ4(dsJ>Xg6+a<9CurlRo#VIh)z10r_~*$XZD*^U6Fe36EgJu1-1X(o
zdgJNY0PL3O0r8_v^(X+I-O9f~<rneqGWuzD&L2O2eFLR?aBBg#PRaqUjedf^za%(2
zZyTQzl=jBw1ce{*IYHr9d`?jK8J`mre#hqoMILTekqHQgRj+1|a?@jW(aj=)=&5#o
zE+5DTlKlRVmP57i?jZQ#^|v(NSEcw4et|zvfIk_02c<sWTNVBvQhaX%oX2;=`x%0(
z)=nD_!^cF=?cR64-P}*q9$|gU-tRt-SQ_rC($7{CG4zb(cYb4p=EI~{^nY}oq}q9^
z@G+5VWY;Hf?z>3%p@-=I;PZEBX*bmNMDK-kp4E{9caaZh8aIhJ9<S;p-jS2<t=RlK
zYrXHQgg+lF;PUZ!-mBw)*#(&w)4HbGjRDP<@w@8z<WU*#efebSm$nb>Ha&PV^vk~2
zu6pL8^S3%rkIvr;z1FY%{@q3`^Yzj2hpcBsX}9_}bl*GMLl^Zw>z~kSl6xq8jr4%#
z$av@;6XC~6@EdkQ{!g<{&icbd{F5f4+t;(LW9pf-ySkp~ejAe`^}AvU|6726BPG%k
z>8Y4GTK{|vr`vstalX{skz338(R&`kpQe9+^|)K$hB@GR;Gdu$-8qfwpWwMB*C=@6
zeNTTa{%f7+L#TGc{7mpOM@7<ps+*t2vzzghCd&mD{(i0#<!`>~1j{qc@9PP_$s_ts
zN(SGrV7^QH$J+lgi2iQ#jNk=aAbd>ib(fTfUOY@c{q;D^lfieJAOH4x%J<-*K|Vb6
z0r0S#(2Ju4Pw%;;|Bj4GxP3^%9eddx^ex-M1cW<ud|xIGM7ZOi=0BwQd&GV$+pF<?
z8sDsO@pIg=0gk)-H)y(yXKq=q#>LNY%hqaK?a;F2Qtpv93GZIaA?9s(+%gRpwM%^d
zDhca5IgHkq9^)u~SEkx{xqJrkWgO#WwR!n}4rh#)(R_BMtQU?!hpj_i@(k$62a_w-
zCBX@QodNR(=)qg*{^WSRUTr<_Y-XJAFERf{l%Hgmcpg%cIP`3Yeggk{pqF0%D8jE=
zCvao=9bX_m+B)Sk*-!Hh)SvDbT0iLAs&qa=a24y3^v(c}TT$eGVf(IJ^GuG@K0rzL
z+Q)oQ{AmBN4^TUzb7Ru4!`pNnYpv{8iTPi7UX1-$kI(ywf1n#04*YK-x}){Tv|f4T
zm@egmFQ4^PzCu2$x!Gg-h1(z>y(gw4_jqbOQu=Yc9x44eo?nUmi0?rY`x5(MGJlBY
zZ!$lK-*<}Li0_FJ|Hb#Wj$l6RwZGbYY$dh7Vm{`{^FrWJet>UgZ`-L{d=Hw))y`YF
z2P^j>G5>c8UqgLAX8YR09im^5=jZ4mtK-p!R@H~gSs!Tdp~vS(W`E7lhl`&^AFA2C
zRf+y;?>D|uK}T9H)#hjCr07_cl7qE(Ho=9vR3FxHb@4iyxcB^iEk{|Ae}V`-;cnHd
zQPIziT$OWI4+*^aJ5Jn}s(9n~xw@{Vb}{nr$hPB&=1CJc4^^ac&_j&x(3iG6wL^yG
z*uPZ&Ji<SLd00~l|3!p9_IE<cg?_fH{Tt%Y<^l8_I*qq!{uYfd*7#-)eZA!I!0V?h
zXVpuz?>DqC>)R*Z*XZ@fBGCi5wWJ4y;Nu`Kv2SWI^d@Z=P48>s`?s#4xurk8aer00
zS^pnvygE8W_V75@)lSrUTKax1vX8=V?HAThz^{L&fB9eq^D7+D`E0Y;p>RajscoDK
zM`S+hnsxjd(RH+D?RO(OUv8HER2tFwa<kg~5nV@X7Q0>=(RH+DvHL#X)Aj*&+cl_t
zS9$n$_+8hLK8|kSd4(@$))P;!2H<y?+^PSxQOm)HM^S#a@@bIS!Tsn$`e}ZOU*90X
z`}6Ehz<K)EMseVM3&FVu#1Ex&0pc&ux`1-ge}oTxvlePx_|zB8>xGXtuaDQmiVCme
zO*CIue?-^IXk3>5ruXc{^Ls8%av$IyKEJB@!`~}_UgeLrbF6;wDEh%kyhmz;eEz4u
zN9r8mQ`LQ7Mb6J!7kY&7XPs|L>m`p{B}T*cxRriF?$<&;JbRPYLta<(^bj*0lv_sS
zvh)yk-q%B`rw#QCO8ppD76Z=HL&JL+!NuQ|61_4z;O}qa`S%GNmtG4wdGs;<Xk0=o
zkdM}R>mt#;kh*@S<+J3}#d4AX-X9+@et@4ZgC9kF!86wUdzkoB2xc=}_?YUs$_ISy
zrX1gogg@xpgDF(r><ZvnUL%Z-{SeRtc$3?y1Rv^smacxY)H^Kxa$mg&u<w2$fW99q
zc0=c}W=CAT*%h%PuD+e|xJQ;tcz2uP6}#!`p&ga`jK(uBw)tpJ6+4jS59Wh6R?I)q
zeqT-)Um>TD{Wa``y?-~qkum`9t<PuruO$ZK{x?KFf$tmb$$Hqo(D839yA{B0MfW;a
zn+G5NzL>uUU7lXCo+w?=kF84orwOiN9xCDs%C_!$lg=Ag>N$$*^c;kKchNOyykGZ6
z+&=bv#5M0_J##Dea0ov3P*Y7VZrdoQAJ6`X_fUJH`RQ(v*Cg6&n<>vh$p=4%lpou{
zw_z<u{fp)Kki;R+_iiHxRUfPe(f_OmpLrL_GdgE<AE$Q>-^hMKcf-qheC*PDy1N@z
zaXg-X9+C00LHcDpPnG`IH7w=38~%a$(xvCEyY;^Bc-}h1`SHAUtH$m9!Df!f^WrU<
zzmLO-$}t=fImY*Q#PU4PljrfsaUIKX8gsgQ9CEz<Y2^6U)O{*7D#y2aa*Xd&5dwTV
zGRJ36pIQ~)%_%zgehAek-%j61aHRhyTn@iJBkotnBZn)Au4uo}ameA)RQuEYX-Ad*
z^omS5Orai0{nMjkymDwt(J>YCv<x}SO~GN@u>E1MQ^W7~$B)YIEmvDVYgK)iLHO-^
z%jy0f_xq!n_9AUh;`J!eo4DUgzl`mI^vlwy%#)7CUkr$Dx=&Z^)-JKn4wo6wL;k+l
zFEoyx$Ue=G0VuLxGj8R4+g||xWi6#-`H??+8Ql}IsgvQOdxU3*zhUR|-HbNP*M2iY
z1}^s~xGnw%`gNb)gOLwDSD`=S9TyG}J!6dv)%JJQX6o^mn7&y4ZNk@RzvOa_+k4=4
zjqAL)VT0Ojoi{fONPM^0`IBKsN(nnMpT{?!A5W+Edx?K}_DYG5-h3sq|BBiq<~e)7
zf6qV5oacD{8T1PMbvKm@M@3(4T`6n+0*wLucGR<x#l!P*)=$rGGQ59DaMkX$2_G90
zdF+z$Hy^APz4PeL)H{#<A*E*!^bE)Jr2Wf3OO0cbwA=^(GWIXy{hDP)<nu9;{~jI2
zmw^-=yl&?4#o!#lg`?tE7#|C{p^AFb?dNe(>xCRXOXt2ykLmrbUi#^D?zvF+8NuiA
z1^6)U>P_7v3&2p{F9PplH1(qOcb+fMIVkqe;&Y?YpW<_+)}Q433f;TF@TJG({EN>=
zZjaIlIuhd=`Hki$UhzI2KUhC(o?Y(d=CJ<Vhw}_x|48$R$E~gy{?*hk{rMv6hvvh-
zC=w{z{Uphy5H#mdvKrl(_kNia2=IS%Cc$}h@HnV=jc)kEiFQ&Wt(~`${#Dd7g4$)@
zDYwIu>$PlO%)V`9`NZSd7L7-Ktj0wiu0hWuW%Tn_s?Ww3d;fv<{RzJFkm{%5Zn3M_
zcS5Z2?x~V{K7D><_8aAo@7K*jzw!G0c<t77?nmRdTW6r2jo_}VZ&b5elL&77cIyL-
zFCM34oKO2H@qVR1`;*D3ieIuz<m~e^lP?}W&F=p6kI{d%9+kJ7*{O7jf8u7Q{F0gN
zoL|A8)tt=ZjN$(_;ddLBD?ag~+{`wOtDm9YNgO{P#Zda~<$i7LBV~J1``t3?ccJ=M
zzMtgl@mTZFU;c&c2Vnh;{GR7C{eJ!9)!)A(ejJbfei(Avt@=C2)$@1?56$|c-%mb>
zdOWyl`uje}r`r8lRr+&2pi2Z$uV>HF{I~s!_27RMJA&`-g0DtD<WOxM`6-e^--afx
zx0;;^PvW}uKjhF)){5Uaoyp+!K^i8H>pm{D1oE0pA?#<F@vGl?0`M18_&)&ro<1<$
z(RwbZK)!_V=Oka^(Y+vAK5IR97t=rUgz=|H^!WUF2jiFbA}3<sSyKxCpE3T!;%A-&
z{@=^^kDM_4Y5La#e~B7JPb9w+_&(qc;O|P|kM{G5o=jw)Wt#p!A^cU>vq!XEG8XJ7
zD;?-Juc32wrCoB)+SX^0zK7Balb*)~Z5=**OzfwtFKYS$mWQjK$#E+W{_*(W)eC>x
zx3807Up;<w5(eLIgg@rP*AP67``kZV{ixP2^HNv8N8>Utb@h8W?&IG_DL(%6dx`(J
zmi(*x!Bx~F^CkPvcJw_1-CrFJZ`O7*IIS<}I_SuL(a-JTx4A__3=nP?yW|#a<+yuf
z3y0nF&y}$Ld=B%$XW5S&Yh3t>j>|VtAFDPl_~Svf`B)8&2l?Rr>>s)2{amkWILM)W
z&wb{pLD254hlLlDV$c&_B>L)>91y>EAt%$l;D-gzibEXc`BWMBDd|%h1<uyFY@HVR
z_8H=T`F_c#^&2ifMf*o#@)XXP@_^*e-lTYX6n=-)SC~YLy!4c>m-Ln!Nf8mhO5*Mo
zJ+FMF#Ah2l8zkOR`XSeA-$}>^LU%YU?Q~tz{(Nvb7r^%hiu5boE&Qu!uks~oZ=ckI
z_Ku>xTJMy#l3ti3_@~G=lOWtF^v-_0<VXCm_U5&{-ICvOtG0Kk!dp9yj+K&bd}z5&
z+pBi2qP-ify|cL>y|-ijbWJOAyu0By9EZMOp5^N;b$8M)p|3*ztGRekepo{A<9_gC
zP~uZIN?17ckNC%wM<hP`Q3*{xq48mo=!dO~w%n(DP`Q_l4~<%0`P)+ZvB+D;@q8fs
z2uD=j)201n|D>HYLGV$%&+FUMVtbp0$9xU^2uGxx)A2AL{7ULmy$&0tAK5tFawc^+
zlv6tGo*(#iGncI{BX7wT_m^icqzdTC^Q}+Bw=RydA4F!7(qGC6mJWa8Z<X%P6W#e>
zx#SN^IoRt1BrmKJZ1ws(<nk!}Lwi1~<v&5??LG^n)Bn`(MNc0W@@Ze-QEsQ(CjG}h
z=eGsx*CSdl)pwZcwRsTQdEm?O`z+LdBOU0%ck6w+OwPzZO!O4&UWM(7m+-WrJyh<D
zM`C>7!zBbV6T<mQoIVr%*oy=20s=%xXz2Z{>O(_2x6AawHLTLO*dN=+)ZH)r#PmM;
z-k{nwXWt_nRzB(X3c*hzG3e9v1H@-jyt`pJ*Ms;u6u0{|(Z1Su#O<K<BZhO^S~>LR
zNol@=KQ^C3J1@byO&1}j$6rr*B(<J*8s!6i$vcl7i~NnbTr7z0!@EHAdR~oaDCkBC
z<eR>i?3Y)@d@eT%9_Zsyq7Uygi<H!I*4dm9UMTtDLa_^_i=-p<tynAV*6%m2BqqZC
z6l&`Eyhu3G#ra(qH8Fy&i-o@1TB*_W+;Lhb=a*U+aJ;Wh!mxEV$6cL-;e}!--69Q}
zySZFn!)gw@ZxXyTkK(wi7yMnrYa}0&IeNO62_4`IR58ByL>LLV4yF1*4P{xs^VeT7
zZ-icdMEhqu`e%u&304vwVtG*Z{Bi1j>{mh0TIP}<=_%yIeugD7<n-A5AS@kYy5CA^
zfDij5e-Z_R=2)n5F4UkF%GY|s3k5Iq1ROAWK<7+~o4rFmIOf{}w8!)ia6^<2xKF$^
zwzr7?@E>FSL%ik-$#^amFQ(#~=EeBR#9KUeZ<g6z;GHukhNE-S%nyH@gWdG$Z6!P?
z_g<pcm(zZNgMHomwYa~QySZA1Kd>aO$NH7YA>!{e(J%0YM9bw45#9)%WRC~+Q}cqy
zITqu!c1@%m4^OZik9+N~@21;5t)X<AAPk8>dQ4wt4+^1|cL{GyUn0NB<I@*VE-Ekl
zn4;xvT=4noi2f<J34VvcjGi=K%F^8<`(^d7Ato0Ie!Yg!-vNrZOc(ouIG*li^@9*6
zl3J!iIv8gQ92!3K$15o1Y6=G^>}&XM)~EH<pX!iK;Xb7I$9@%1+Iy;Sweqct66ty6
zbW#L*O#dKvNAVa=`P0Z?L7(=|Xdm}{!Dsgj8l73~hQ_r_7yGr6=;U@#I6$cT`o&I|
zomo#rqdhArWH<^LuKBmzULWp^OgQBW@d>62e50zEZ$~KXOZlC7wlV})L05KtR}(#l
zfJfy9`7*r}GQAWIa6Li?{9AB3T$|+o?2VL2&*df6+b)Smde|p%$YnkKjLWNBw7hTs
zFmCzp1?ED3b)Mkvm-;L8cahfHq~QtZXK2bq`q>|ir=KlW`W9%YesEzjyb7xCN@-sq
zCx$G%O8C@KBaUTZ5=M`BJTX3lzn2r=3W1cje)o8e!D)Q8be)e}Dd{%<EZ-$@;91Og
zNZ|CCUKOxmiyrGAe!b6Qc&RAQT10(N<>c-b`auUE^7J1b=o6mu00)7)Tj+CjF+6h2
zFEIOV{+0D#!<#<Wu~O^n$eqI#*t%0$^<oXx4|-Y_;4jgk@|ZU%$Kx^R10|-1yGZ$|
zna9>si2h;sj)tq1-ctl0-CM=|+vWqV`7p=x>^)Gsr8@Fo1<oHIc^usVYN)RhKAsn>
zlQ`r;*Itt!evt9me5*tK4tKY}IbEMIeuX3Am&5PWssT7~_67gNcsgpx5YPksm(hTU
z5bZ>`!iyW<%filJ%0*l(I{(sgm0-8_jhp`%2<RzaE%<()`M>!j^Z#^@-{60P7l+>z
z{7YV#M1NiLD9aD&N51Z-4@K!~6Y2Xn9pg1nMeAM7qEEj4g+Jw*Wxi+QyKCMP;oZLg
zBY`}wS@n2C;^>z{T>eM|zx4uAW__$b(EZSy@9X~_)w@3>l`#EvOQfByS=vSCiv%yh
zZ1&sNpzWh{ZlC(8ww~wL!|iL(_KEsYf7JF-Jkh?4e#-6B`99_;Q+4b^6K(y^uWu{(
zF-CiP35T`U`dQd04C}}VudQG8)e|s1`2Ze@w@$C~n{b}kqp)4VLhwq43$Fuo5R?=y
zlAFfOo;uPwJY_JE9;6fb$DHCV)ZD=MO6uR0#T^RpT?*#=#Zs=UDuQ&(x17#53$-ti
z@@Gl~<+B7H_6|kdi?zI}4AN;C{Fr;Ow&#?kQvNKdz}CTV|2m4eH*0wT50DOj!o69`
zPrgjb^8yI9Q`fyPyrCC46+~Hvy8!9`h4OFL@~2)X<!1q!%IkQ7`5^o!_j*o_=BY^k
zHOjwU%TGE_%Fh5a!S_o)@$pcROgz6z;F+U%01Z4c&iHsxV-`JFSBUAErFeus*RTE3
zYZq9Nh37vLc%~{IVVvt%yW-)2hm(cpKN5Io0H&ujL;NAvFa6YS7ftgs@%%D@hnMvU
z51<KN*Q0zq@Vm3<`9%WHFS&ea2B3jQ?2L~G9#s~epC|DAn9G-Di2vpK_lo`V_=6c$
z7M`Ca@O)eG$o$Loi{0|+!AeFJo_|l^`I_R9br07scGky3Lr^B3BMCfDC>}r)e81Rf
z9}hg)EP8&Lz_Xvrmu86H>-xpc`*>igvhe&{0#8}-h+%X6TPpYrla+<%CkZ?sQaobd
zT>s_@JTP5Zcz&F~^M4eN7&_NKP=TjV1<#KXcy=frKvTW_8!GT%Dv?Fc4-<Ia!R1Rc
zWa8oUerTW1P{}MjKS<ztNb!gQyZ*Hm^kAlvg$I6ZY=0h5JTk9w{hbwfV4}0|d_RF_
zK=Ft{cm1m>@HAAx^SuO~^@<13RBwNK1)gUkJ;Tm_H-YC)E?=4fXy931f#*3$&%pDY
z1fCu)Uz!1E;AyMCgO%YdJl{^>c?Fj*&5(6u*T1*|&vUEb`BnnY4T=ZQpr^G0&upY;
zwCkG*JS(_7Mlbkdr5Pwi<?=EPVH7ALF6vJ20S|FKYiQU7guPdIndR%e2wo8^QJj82
z%27HrEKc7ar56+F`=azFFTL;XMv9?cX>VVBQRBkLzWUi37y0zn3x8-|9^>n)*Y*41
zc8!ZX>3aqm7d^3c^S*k~Kil`(S1)>P`(pcazk%(W?W>o5NcV;*KIz}|o?hd^DEeNw
z#>F1ddwq?Ioul{u8W;N+4v%VF?6SR=?$dc@-y`CG^xZH1Oy4r`i~1Ic1J^fS{4_eJ
zpm@aZgFj3E2j<Vx`2o&{{8}kJmeZaneX*DBZW2Gk{9;>I;P*i+iTIulh{9i2ka`8^
z?Fwstx6x(u0mJVagg)0G{P5o^?IZp5=TD=Emjp59-R<6bH|BL;yM+A4F3Gp|Oi2G0
zrDwgz!@QH<hxqTIh>Zl!@9_pa{CJNy<i&yauP%(|^(If(@Mp|dI>*7GYj{-S*3Nfv
z{BaU1`WyIAL`d}_4!l1l$GU^P?(F=l=En8*by6XEOdp-Nixd}qbW=s1rjKr_>6_5u
zrpovb$qULrkIBv5zLx3jr~!3C&wirWr}wK&?^~<ppYPG@9^5MYxEEOBd60k33G-EZ
zU+<cw9pDSbe_P)QM}?o*?~kYaC<j5uWa&4M>(UYFGspqG=TQi~8TID3!25{{Vt$69
z;DKD4sEpsvk5W6!(*1&tQ{+b$+#mVvy-(T+dE>d`)=x0O?$%BY?^wG};>#s&?S`F3
zhMU2~=$<5LZ#XLayKST3DdcWq0Jlx-k?lu7dDKkbkraN9i2W^Z5`36H9iV(4el5fI
zGQ3+M_KxoN=K|q~;1735`YWfufzxlhO6ZtZvoXNTViL8J&;<6r6?TVMPT$!Pyi>#+
zM)}sxJI)e3;ZCuWPKLu^4aopfEH9-$^h_b%;<5ENH&^sG+7F@c9c>-Y%@w^3NA^p*
zw7k710DhrQ_+<DU66v{Ps>-KL<YWDOiVPb(4=xfM_=%b@uSNT<zuh)X+GX#XTDqu0
zdfYaVM?TQ;Ue}$%lE~LJ2p{5mPY#J3b>EDwzu5hTbPu!UGkTJ{v^VUNxW8@!KQSDM
z`_)FocORAVx}Pc>I>PY+w+1pOa~%2(z4H6T&D{UdYQViIf<yd{snUKoRrr?=KBV<X
z`@@m79Cy)vn7tZTxtSf6VUzHSK7x)c{I}gB_2E4xo<dC{hZe_PUOdn{=zICi8Yd+~
z{I*G2p1L<?xGi@{0joEZ?iQ5QPMEy!*rIaQ^fjahAi>sQro2t+akomihV+H?TJ6b{
zyCgl_B>L>`QoY_p28tecmxSRa;fuRV`J?^WY57Tnl=YDQ6sa86iO_<U3%;X#SAH*4
zyn25n<cY^MN@(K&?C6szJK9Phu%pG49mN$au&1O>Jgz3rClUUlmRp=EH+`JtCa21s
z?v=Cm3<X`+E9B1Pc9(mlJ^5fG*bszw?;*}pSdxLxH7x&?#L+6)%QlTSX?(H9iyCj`
zcve3+N()+L5lf^W9h0BO<qSR_$U0m6JzUZE_<Oi}L{23^WPXvo&yMUuME^mBH~Q5M
zl#G7010|zh`d#VneLNzCrB&K4<3qc~jStH;ZhUCdxbVTZE0}Ni{#q+7tU(`MO`H$!
z+AQ_08_;@(IHddKj{>1<J|f|Y!yFcJH*!5;A8wJQeq4K#$Zy>ij{EgmJ%?#QG>^l(
z^q8OEHgrn4VWBtvo|?4B%@jV<{$G}>n@I%IL-Pxb&*V7d2Sj(wRC~4-)`H*$B|oyq
zgHk@S$GUGnvd4prj`U3J-{2}vu=iHspwMscxxzu?|6!5yV4K3rcu*R|X%6VE@G%_R
zp!q7#!CsB4JO|fmT;(~~sqspAwpEem`PB08p?%Vi21m92Lq~xq930ZP$kA;RxrTqf
zpVJ>F7;wCB>PG?2`|ob*=;*+23i8MYV_OE9z0rP(mO(L4(5ELFV>@Gh-vYu8NvxrN
zu)Bpx@1wtDe|5f4p3l+1opzAvv~_sk+lYR<TJq!ZZj=+OJoy(~4)9NU_1idPc7yiG
ziM=p=YG~59>RUrm<EoDhGdXVa6}%UK#M1hW@oOq+KI%W8R3a>mazAhlf#56c(fDMI
z@74HJiQnDH?Fl!C{B1sJ`~A$XA$zFfgxDb$?Mu{gIog*fb|>;LqkW9MT3+l<ygyO&
z-S#osyw%=2+5FcvY|-+f?=JctpXj@te`I?~E%g16<s`=r)*g(lGJ^T`i1k^fL(zU<
z@D-c^UvtD)_ki%n-6s6<{c)Dd2(yvj-@xwpa{1NOB$r{;`&nx5hSjdkQoA=S@^-Vt
zj)lXb4{ny&IlAY7<>h9HeWd%zG%oTDheh6QmdHOG7WukaD(`JlKk=9KwQtrw(Sv^N
zhb6VAxfgRo!tI)Vfzq>B>McxO$ob|s(f0s2UZ{B?hj{;kao+rf!sO?3y7jY;S^}WQ
z_U!@>dbG`h3N?Z+oCa@_{1noA#>do>EvS)wO1DiHd)xAm%v;?OX_xI!zHQb%E)V>u
z5pq10^uXpJx2;pZOzl9+LsCIFqm#=OCcO#OvmSwxLftP}|IjYX|MJ1lIUd=8?NYzZ
zAI$$N)O~~DBEPSZ(FV4E%=i$sm&ibS3w2-Sa+T>%a(bTLvH?@PPcO-@jvC!Zq<ph|
zBGx{iFW;jVX5b6zwe}S7B9I=mSK5D+>x<j3_iU;jGaTXY@qV4~hC`xvd3-zr_}JQ$
z9b+zId=mR<`#vD2htXelnO+WXIT|-vZ^P1NjqjKEu=W3Tv1d9@p?%UCKf-jAebKnI
zgY1vS&0a0n_yL7))416yvD0*~gyxH#CjUU=y$UaOlI)+x+ckec<Eu2jnd4dZ>aU4!
z{yNWo@Rj6XdYmU60-so3Bg~G-?vz#Dw%!GKbP@>Q*RmZFzPb9fT#)veGap?&phzxV
z9Pm7-mwuvNJiv1*;Rc@1Fdnrd^<qb8pN!(s@#Yb=JCBGxGC#@Hiyd+Ii@k})$$GPU
z;xEuWZQPQwkQv+0`T<T4*X?CZitI&6{Eh`g?@XoF`1K(1)ASncIY=daJ-r|K188Nu
zFM#!#bhJ<>ii$X|`*`-`O;m2I^`!RHyktXbEVr@B?Msy_dF5=s1NesaMgCwDV$^RI
za6sodzy<dISl<e{CXSmQh5CK}D%>vpqD9Yn01i*fLQw$7eP=PIKRlNb=&}8_3rH%c
zaSi<=77^cAOp!jBU*%4d{s?>>#6PRI5S&Y;h+fS%`+)g4YAVy54v(GR!8s^A_MK?h
zS6D2Q<CHC&9fU$g(8b)M_3!H>y*sCNpiAhPy;RasAKGE#PWe(vx9?pPCdvD4%+tBP
zjgoJEny*)vQTuG2+~(VMe}2m)KVZ4oKEQnNeU4jy2uIY<iPk@aPB&fUZ09(ptDL6`
z9pc>(AG#zSj>P<aV=<PW&5Lb4*FP`QiE%*N1v!0@UX9qi)b=5worI3<!J4Z@?uf6a
ze+WBtUu3kOQ|CX}KLxu*APC>oGF{$>r|;2)ex8?FUqDN-jpVSm-j4P6gQ@=V@m8;$
zU8qUy*cVA=XwMQ7VLo^T)gbFV_+j5Y3Lh;ZIS983UjcuV+VA__LpV=#4}(Sf6#@4P
z@M-(#Z@K))5QnsnOTs04IfQ(nH!TaL-OvkKCOg*EDEOShLH__}<qJ94e^AKX5rE!8
z?lRv01G|KHUvnq()ck6nUdR*l%_ILO&%KlQNQKZ(@yw%t$bSm$6!jwh{2Ax@c=k}c
zZC-$Opk6!w<HNE3jBs)8N7&yA{MS?cB|WFokrM`%hUJ{hO2t>m$^9(h@a@{3nH+{A
z>m=S>l=$|3i7#oA_zpP_<5p}{e)lT;S_$=>j!)+XqU&*OFZhTDdfi4L=>5U6q}=)b
z7q4AtC*W5p{2K_~J=iYwJt*Tm_{8H4;YU@#`yrYi*twdHNxhUx^(tIGc#`8jozIl-
za}#`*1@ub3GubrG8sEi_iTN(=3M0Nt`@$68!yT%JD@0DlU-zKM$vxOA{8^GMANSw}
z<==pYn>F0Rq0g6U@>on91fN%sJiynq|8#$X|F2?x=L1=f^YK4ZzW;*kf2{B4a6OfL
z|01XV|B3I<uEO_~3BJFK+imj62l7H99F_ixbo!s}>koxL_vpB{k)tf%7tuyV>qj<T
zp&ygz6aL)_%*P2C+f#W>Py62mU!HG)CA&SWc4LO%H-8cS03iMK0_dIJ@Bf>o%x;sc
zZ=oK*yBTX4k=xYCp^pze-nTdB>bUfB;+ySH2uG~HNk4?&z<93~Ki6HN>uU>S-P+9%
zf4FaxtowluJhYA?_HdJ|v&Hu=PQ1O=ub$%eiXR@gce&KJsf|Owz3r5eXm6eL&&#>J
zVh_R*u@B*PweLH`?!(XHcCXZV#U`0gxJ@#@=-VXo4|lc97u+Q>k8lfQe&J@wd;@fn
zYS6ego9R0qd0YF-C#d~r|Bl-al`wq(Ke(TG<I=ZjqpFSn9h1>p#D1pXE+!VjzS8h_
z%x!>ly#6zjqilEa3*Y6ylMgmk*l!*`seU_0I*DEsmo_qZ;`}J;L4TueLgz<kF+d?l
zia}4Pb^+&ZIj-+P0gsyPd&c&D%=B_4WfBO{H-+I&#yQlFfS<a)1pNnVKo>X${ymO-
zZ7=eRsr(Nhe}oe0fj`K8RhPtpXNZ0R&ud8^L-ns=uUIbnT>_gAK;C%Zf46$)8f?AH
z&u>fQgG-_Z2vNT1<>P&ye@+7Q{3qF4dY{X7XRLFszo8Cg^hI#8oJZ$k2@yS^o<9ZN
z|M1}Ly~%ja#a=`F@yGT3#31IwH$;a}kAHsiwHL;8jpsb<8%a*q4hwBwW%uhC9-CLX
zM$}6BR|Bo4cIvz?&X;~==Z&)T<8@RoedkKca}dp2j|YDfq44#yoADFV={XtnuVnmf
zCk%g@{+D=iiR7_H_*Iy6rqsJu_>A{Nt(1cGYe3`!vnLF8LfW6E?-HU9^>MvaKhC3d
zOj3PVE%g>^WMXf6v;h5=vV1u`kMKnIo@_kIcDA~_zN`7t?n-_8Cg*4ATO-#a>)EE~
zfWu?@_H^l%4_nyZIq54X`^0$*pR#m2FOL2`kMe9CDxE)({{OibO|1X_gw~p@K3m^9
zk>|;OK<$dwMf82Xy$^`i6}rJ0vG4CE`u|@#PyPtC`w!>IgJ6L8(AWR_bDsPm$R#?D
zF80IjP4fK|tY`V}b8d$IZlJ>S*g55NzfSivJ0B7E6DdD?P{Q%t+kl;jae1Xz%V+ho
z7mcT%Et2}p9vGeQpWtE@>SSH7r>=(mFxat=(^hnZ@XN}#N%>v0UXA#A3a_9fTd%eK
zfPgR2fiGJJkM48q()u9`dI0xH55Jos?R0A-KdYS!sGUy7!N|_ZFdv=Ew(;^roReQg
z?KlzV<Zoa+GCq#yocuKm52;{0r%5M0rhhj7H@Vq5ee`~EfWiN8PM+8YzofiF`0;<^
zocv9mena1TytwJ<AI`}i6u(aIk+XTjiMXd=zQ=Fy|6(s5&D%2OYi*Z!ew4V=L06;b
zQ4h`Eu`j$QcPg*T_2j0D{mcnK+%Ma>0N`L*d+44HoD41Gio6dOaERxF%jmD<!$K5t
z&!sekv$^L34(a(o40um&D&O-`$eqppKHxF+1ROl>e6W!IqWsysZiIYHb&-Dxh54Wb
z*_@9PrpU(|8svk{yuQyYP<vpJ3%NM~nR?DgyYuYbBE2!dOa%F7X?}t88|g27N2C$8
z(S1Ml5&}P-d_Y2=2XVZS%m;Fw330SLAILfh;;?-AU<UmacoHGSQH#XU?mSZ=ak%vM
zy&IHAyYt*C$wzx_zG35*t&?Itf%ZaA_7RCF55D;849Jh{E#-qR_Ff9`;76XdLCS+K
z-Ksy)c%|`hp^SHS?+EtOe2f^<z3naBAN+a$7TB>}gp3|cv)+REI*Ef`tRSL(`k&Ux
z_Q*U45svTWxb3_3-<R$Ko)LjV`}sW5Mu}s6WWTpwf_j#dYT3Gwjn7E`2GLXqF6M&%
z`_NT{AMfiP*%7Z-VBSUDi{FPH_3-0;=uB^219+c9s)~@%9E;Y6&J@0d7YLnpE(7_k
zl;mW3O#28F4nm*@_8%<4x-7!NDflaKgyCHLrSexw*paXDecyA4AbP?V3mo>RGhT`^
z-n`<K?7-b9Kd_GvIr%{LV}<iDlO#OFB8Q~~O%gVpE8(1G4*TXyL;LQRe%*IBT1j-)
z3B0?hDDh>2&+hMWi=_R~3-my{A17KLu=7;W{fb*vPd0EE@28aaS>dqiQT=kRFFFra
z-=^_VDPJ!R8T=6vHTfZ&9r=mY-+aA;o?u-7ErYy&cop@7N49dozPsBwwEh#$5qzPZ
zlW_}`k9tnV={bN<&&fFLXI3sf-?wqN)F}Kc<U|pyd?;!iJe{1wbA&EC=hH#0hrCUH
zEez*T1L+B+S!~+@2Yw+e@L!1o&XIoM=^(}-KhmF~wtGPl*+J>)^rpU*;oRM-H+4mc
z-z0e4BB9GItEM+g7#?=&6US+%eok%qUD&A)P*bz))N-~{7<DLrI|qE8<eA#3O>~4O
zlJD<vzk1Uc{mS~mi5!>y=659T*H@AEX)JFU08XU5ukqwP(Q(QA4(LlS*}eY>_IUB{
zSa0t99qG;Us_4xp$)7qI{!Gm?(3?N_Gu6f=aj2v7;lGFe%z-Pb`!i*-19;58Da&vi
zy*~)`KB~~}v&5u>p385Nc~bd0iO=qm(EJGOyMVvYavlECxC<u`p_cDZ|F<k?f|iE`
z&i0Mcxdib8H%hrFT@u<pRvYikp4oeV7QJ`O)}vOcU(+$^JVs#W(H<9cwC_;rdF7>2
zzwrTn!gB})^9AIfzVFe6OSVtEqfQ!>1-F={ltv%&U;XNyb=`Uo2IeE{*S_vGsJ^GT
z`t{~7BmH&7^*pP(?XI4p-H(X$S9jee@V6H4GCvx4Au7-Z%|v}q5`F&u_jLX|k1p34
z>oeNvrivms)d%3m%-8lGV?NgF&6iN$r>KH_@Ku%*=sdJjokgV!cu{U3HLv<OO)ZQ+
zWlYBCv2!k_f95{{?h?`&yXVa0jr5C<J}Bko>#ni9TI9O0X#Wh}7ZZuRf3xASB%RO<
zo^Ph;-0jgB_6fhj3xq+1no2+J5RIqc!`2iZPy+jJJ3aiEZ*KMCXwM%LA;uTTmCzk?
zcK-e%>6lLElcCNtF#e-m?o6S}-gkx?FVsGBI`^dLyws!9HEO-OpBnQhJWl7wwjTlW
zd!|$2O^(=4u*duEBHI6M$aPropnc%0ohLN>W={bB8iMcA^DG^?8h!%}{Y4M8_3r3=
z+{_{)j?Tx;6u#O$J!T*1`}H!P)bp&sN2Jns{g!iiH?xUDq@&5vIaqx!S^YgS86<j+
zXWzmq>fd&*`9$DH3;g%tF9rTC)${30<}=zCQB2`)WBjHs&m4c6{)-5|+3)E65*G33
zp>xq9&)bh^cvwS`bF@!?MBt&X&^z#_NJ-GM(v?~J^+n-*d-YXfp^X#ePQhn%0pF0~
z`$k(l?#Am0Mam`ph}IKSKcn>o<=-3zqx}OSFW3wEKj>>*&KXYE6OhjO*(mTvhv`p&
z?$t#;+IKbSvfclSeh17*e=&ttF0#`Y9Owyk{UbWBt#&CoudVAJw(lU6Wh7cB+{gS6
z7Zw?h-8&jCY|^;MCtTR7agkfNaIwZkp1z$JfSnlOY}VU-D!(>LLOb3^Kf*4_$Gz2P
zcd4tL6FPEOU8elit2m6#2X=LG9C9O;FrM$zg^A(n-W1%13b=0(9P9(i_0>x~X7|8f
zxK4RqMF$-sx0nurkLeJ)d^*0&bgWI$A$0k0PbBD&dVD&rAq+m>z(<sCqjd0XGyO3A
z_U-VH=HEy8k$%|va#xXZX&#e%zJ_a=5B@qb);-dAQQtRlFHnh#as3~p7X$9J{j4t-
zUpLQFXOckdoIlc^?tWYBUo$-e{E?!M=b+jHvkwP29@%&O&Wo>ac)w@owE+ig_PrS3
z-}0}qpJC@q0EfrEN8{t;^>0sq!5{GBES!(oCF`5v=pN}eBYQcteUN}7aQY71>luGO
z=;hGoH@}ZmzM33S?gJ@)-#;e5hq&HKes2+ahPhfk2PypC9Kk2~JrJdD>Gk>4D|otM
zJm~SpKh(QtHF~Z*cK+SnzLm?l+c#8{hea`dga4?_^v35u_-*F`0f(W(&JCj8)`UD|
z+=%5V`r_kD%M<(uzrRLvp7G05-p|?lH^1LXyTp!;N6vSr<b2JTau#`3%30**w^QUS
zd<T3|&LU5DyXb-4e+IaN8FKXT!hZX5lm2y7<U1_#haFAJP2_u+;ZV;Z&wsW4e>`&A
zJ|Ve@ZL$7o@5_9<{9LljrLHz^h@F35StH{$#$`Mmbguw@MfSCelevGvlG`|nbLgFj
z-@ZR;capz*D)=V+9j!=*-bQwfd~0GM-LEBbciTjs;Ol`ze^|?S;&V%@D)6%X$*^x5
zz}LqPFnqY{poIE80Dl}Hvgmxj@-=10e7^piE+Vefugdm|-j3b=tacyDXt&dIYrg(g
zYws-+YOnV1G1~hjYHvRH2=fi?9!kw`(I0Gl@a@NynvPFJqTJ3@IoLld2mR`zxRpox
z^XOkbc(2Gg8utl^o<i<i4R4WgABE{be-(RvB%(KI{|^g34}L3^vwjOYxAgk<U+jVT
zpGF_*DRMc{EA)4ivinZba*Fhw;L_vx&{O{Sq<T(pc+5We_|kUY#_?xQ$bPJ0{P|!t
zhkm<+e_N~YX|u;ypHD-a9<{%V(Xu>>^wZie{Po+rMa%V8)HjpM2|rLSYh3o}p3LxK
z7a$L@(;`2ge`$N39*5f!@;JnF9gjW#0X1O!<M72qJ!o#_u(DnIEBGUF^5x<4RqUyc
zXDeY&%E6akbvYEdTr7vA-R~5-hM8>7FN@`HyyNPTgdIG7IqaQ~9G-q$y^!po&FhY5
zTwTTd+{b)_-RnjCf8e<KR`B%%j;oV@&&So*O{l#hU-K_)KIHomKco*49M8CV9q9|k
z#}(vXk7r!P&~A1B<(5*pXk497ne>D*9MC?D`8<w=tBaiO^uCgCH8q}|XgyZHKWFPh
z_WdW<$Y4R(4Xp;=wG!S6t*7{H?HrcY!n>q+R}+U<lf8x?TA=-e2*cH_oL;bVSY3-b
zZtrc3kL6{Y%>39#{4C!paeMD#{&7c+UQW_ez-2k~*gd+ouiN&y8(#3~L%`R~;B-IT
zIZ|$+#LeHfbE{pew{ix`<LOqoZrvwn{EXLIq}_gfqf}qGTG|=IwJ|;)ZacwUP0PH@
zFWR^x{F=;gaXD%LJ$|`&QaQ6*@j8&mB`()lQSR+bS1+f>a2qP%wh)}nBd{)r$Mnba
z#`MMX#NaE|{ZzmF{d}F|pPM`(AN;d^h4oal*uR&W{o_F<gZa=(KT&4M3!!(yuW+^G
zyXN2sez}Ip9Qyvk9@M*2;A~%@y(hHykidJ_8F){yhwXax_XIMIyBS4B7~NYnW2VOU
za(Op{5YiLvL(}sE@I%1bz8T9o-_1}xqI9U9-9H_U3@{$MhiL&7n#1_SU-0$fX2^GB
ztHO%{+x|Eo?nc1bch^qB`u%doFXOzeA49H~mzlmy<Xk2=1NtFp$ma!w-|Qg#_g+o^
z=}~Hzu8*FGdW)%gThOkqc1k6Ao&dh3+to<;pGiO3OXI=u^rI&(KRNyA^#7s#=*W@r
z^`jpF?j-i3rx^dq>qq}g__O-a{U^B}eG2V5iT!9V;g9-JD|gp;-+;Z3>XwXX+*qOG
z#w|K-j7m8^KkSbi8x@~SFW4Tvg*M>(<JA!0b-c3v2>XQ^VZXYmzgar$BGUbF>HwAZ
z;a|!9b1hdKuI}V;tZ{C@r}rKPkMDIOx~WR0<57C$-=*JIsXorhcoL6uI=_s@IT?rI
zaZbi7J0~~(ajw0}IH&VZ;vboMruz-hAHBam@?(a3xx7ElttU92uaFD)e-!8bx`Zzn
zKZX?V0@i!+hfaijFA`pV-0A_{T?3SQa>kFF34f&b7jZRDtM|TN)(XAZDCNMX=VCnB
zEpgnp`gD3dd4hUfbCUG>1^+|!x)J&@4!wR3!DZ?7UsTcS&r^EXb@KF@u9Q5fdi`7a
zu%794*BsHu9{PUtcWLg_Q!_32GKa+g*A({DTo$~VKngXF1(-q>YIX-b6k`8S=X(f1
zAM{J?JIe<}m=!8FmCrTx)I2xXPrBYyvpDz^g@u}(!S@J%p=LDrK83(DZ+8+8brZrf
zL-Cx==Zt!476o7Bayx^sXnEXIhw`s`cd|UTYSH;GE&rV0Q>4E=H5Uc@C`A1q=WsMA
zQ;715{e5H94(h5@9+nK{E)1TedU|SB1h}aR<*^+P<-VJ$SI(KSSta-jg1_Z@mj{n?
zeIvo=sQoDS!O<kWaDDS~9X6F)7<`lKTNXUU^}Q?jR|-+CCRLxb^JgHF%C!djxxN<#
zpW*u68GM>Tlxux^vc4k0=Yt=i7?oQZ9HurGYPRuRsDQsHC0C*Ey9$3*@EMll*5K3H
zo@1%@6bLdOJf-kg24ClPJQ93O+p#>=4w3g)6~2wnnG|Z?7W|#kzdutx|E%y=1h^-&
zQ1ejm&x-$ZnfU)v;a|x2Hx+8O1RqxX%Tn}X#+eU3tMHcx-)8)O8hlIf@66QKzf<@Z
z1gDS!6>8oRd`|H%*_Gr!y^bLKA7S`H&HoObP`sm=?fj6!Js9j&eElhUrQf|@;T{MM
zDZal?(Rnu4`(B0H9DG*s-I1b?wmlGiyA*Cy@B`8h=tW(oUW_Q*{lRBdAHI^J53i{5
z!Cxrcn}dH*`p!+sNzPqvRk-_tPbz)yOVKC#^{~R-8+=LeJ(j{JdiAFYcTez9#rK>P
zebSE}P`Hi3cNAY=ihs0?m)dck!VLs@k~8=+B}E^0G|~5i7!LW5X7bHN`EN+&OFiqO
z{F_sBh<y5@{EJfg^C%}Dye`UrD8(0P?;TP8y{UZR+nOl<^c26QG5+o-|KC&X7yAAr
z%KupkztsQoDE~8=_*X{x^{MhW>X{F2i1N3k>KFZZS(Lvl#b2TCB~kuaDgH_Ou8#6o
zrs@~_ur$j5YN~$8zaq*%m?|&h#AQ+bt5WTk{(MQ4|G^Y}(w{Dj@^8qj|M^k==1jYC
zUX=exs{ZFvPCi%=<$pg_zv$=ODF4l=`i1|qqx_jE{!9CSMf%TAQuWJtBNI#XpG#8w
z6Zt?3r2MBc>xULg{@<j^i~f-@(EQd^{lZ@|0-FD)srG|1JO2&(W~J(Hq<r}M?c^uE
z9Z2Y@IPW3sjlNIV-GARPh8t#Z_C7Xa{@~4<??e0^$p`-ZxYv`s6#AdmXGgg_;&|*l
zxP52IpLgs9o)Lk=eA%Ce@P7Q%d4tX868#$m-rftKevBts-=m~y-!nS@{R%Q*z)xss
zJxJ%vdX6<Z?^BP}KCA=le7U};@ge4e)APvD_h9PVG+)-Cot|gzzFWqdXkM-RMeV$Y
z$*&7aM^6v!S7kq$zRSgaa_$`QlXFYOPtJWp{N&tc*iVk-bC~JEd#T=U$NoS*csWZ9
z_etO$fS%kO@t1RL;x7|E_Lm7C{N*fsTfXVzlY>7!xkmAub1xLXIrmBNn{%I)`<<y)
zRP67w8~B!wXSvc<6#qH*0`Z@7pA!E$x1aszEP93x`FO5SJeP?dP2YKBKRWkm_M@}P
zPfhUW5-q<({Av207W>o07x>dz<y#Z{c)pguRQ&4P_2O6O%IsHXl`kgvut3W%7XLce
zF8+1yqwHU2m2XS5f3}u?nfTec53`@0RjxhJZfFYh;g7}N&h2G?JF8r8qP^3!+_mC&
z=RU-KcUHO1L_1H@axWGCJNH5Mzq85>B-&T2<z6Cwc<!&+56>!hAW`3M&^&723h~Et
zd)Ob(Dt9DN-!HY?HR6}&{)+wbta67EeEBymw_N=5+<VzS&ng!r>ia&IE9Bn8etH)C
zkwm+`sqpV+e?1F+YJ#q>EBtQu+q2+<1pY56{3!eHS@6XK{r{x!yV#G<f^SXe-RBhk
zG4|)P;M)`Qe^TLTUR=dKwI%5Pn8NR1|2_+UXM+C66@EMW`C0IL68PV*@FVQ+XTcvx
z;D3+853}E&1-~!R-kl0R#QuL4{2_0jR6ckY!)L*5N$`DJRk(o!oQz0W`1T~|+)@?a
zPy+6MSBFdR_5P}GTM}>^tHSL|@cj){;r1lp)>nlqCit?hDqLHly|1kb*P3XDydTKo
zb9;im?yC4Y6ZE~RD%?PVzMHGU^(N@Mu`1k_1bs3O%4)}<1ilqj@dXL`UR)LKNCK{{
zD%{ireKHTqqAy7BZ&6iz#YDXetHMo9v{&}MWYyc6pidn2EV#A=eRHbT+nJybUURnJ
z(w?9Xv&d|?-UNLz56Yr%UjiRiSF-UPO5h`>stVkJL_6e#T~@tEJp1SGA8zvIq5gRf
z)Mw{H?EIR4Z^r@5R~i9D^N<T9#Qb3RJa2!#Oh@VdZOOOuul{}9FCmeeKX3bLLQLl9
zvG-TNJ3@Fncy~lHeLJVKyA$Lszog|?ONjE<T!i@{4Tkij_qidzp7U#~=ATEZ9??0D
zcHPzz!(01N&#6?8;ju8f@1={Y4@#J9(_{DI;rl+AcVYhyTF`P4Rx7cdDL%cOpN;OX
zpGFnYWA6#0`|EXIj<tU!u?;OgnfKR!`^TgwDi7?lLJ#ua7d}P#p|%_O#Z>;+DL>-V
zV#=f^{oSb(alh#2sh$&YzvyQfkLa15w=UqtBIq`~yoaMapZ*xblOX8%{kvcET&Bz9
zW9Nw1Q1d`>i%i2JdCa5NGq6CoZ-PToF2G?u<~{Fz_q&0Nf|{0f(q8BR9^0R|fZ$pw
zzJ}6~Rmce+!&@f<jPHxXFL%pPp0}fVz?<E2D`Y-z=XPNS@t7U+-zT#D+9CONA1V6h
z2Y7wsAma~D!abOuroN4O(4P^0(TkfM_<#8x(tA%b|KINM8~oql#eF+{11$)f-SPKH
zK&8yC7HX1u+)*3ft1*NNxAcKs!}==L@%DNC3F?30oLC<w5!_h#S5kT8cht&vW5*Bw
z6V~VP!^?LB#}6;}{f{61>l38sOB00urwPJ;Zi4WioFM$iCJ6ud1mWL5LHPGf5Ps(b
z;omhu_&=W@{KFH3f9nL{<vT;;*XNBB#P22u|N05Szixu?w@nbfdxG$<oFM$l3Bq4D
zLHL(U5dOszgujB}U84*D(Ks?q{1}@DVLX5z04NIH)H3&UF5u6z?7htyA4-lV@S|~$
z(vUZv@OMnTIL4QG-uU9rCoqmg_p_cU^V+bLtB=mj#B>uPdQK+YM^beEkw<qpwaE2H
z^vqFu=1K@Y&}+Atk4tr4G)Kx|yvF-OJLh8OI_$gi=;y#>=RPoALlWH;@;mu_nEahs
z&XC_vhz5kvlW>~0hiHTR3i@3%S&fbT6|@)hhjUcl^q%C7QzY)|0a}E4CGfke5R3H!
ze1T>dztVg(dBpWe`B3YFJ|^UHV|M*^AM}Z?|75k-{PeIW?X~YmPNL}wQo@|1cjTaT
z#9tB?^H=Yc!@U5=3G+o{2WMZ5-3Js`ee0U`8`fo8SD8&dDju89pgiQ?asmEQy0A6q
zm@IKymq9vKqM*;YCW6=RgLTWYafHv#;n@3gcel`w`nVrRGh%-@C-%ZElzEtIErJZX
zH&4<p*Y?=GhIz(9^SlcfESP=0gmxY&Y6s~d9_SMuD{uNb<vK}6d+=Dl0G-^wmCjJ-
z*)$zxKE>@5zc!qv_Rj9Dw)+*;p137PnE!U~v|A$c%5aX<>zehv!icut&K>G^vdxY}
z-`}?T&-EUM^te#54?(8gL8u+9BQNIwt=+C!=ySIS9pD#K!05~e@}3y;aA-uu{QG*O
z5}##y9kg683<W>`o&FhLU4y*GFRx<oU;$OqN<T6Ghlt!Qqs%8;e~I=ZtP^<P8U7*J
zt(^+T)L@-MY+M%n&%FA}y@JP`Cj3vg7y5(8tq^`#KXBV*KY@MEz|K$FdV$^JI7R!F
z-KX9+y_xaZIk&#)y8bb|pWE3tojMWfyPzoHJ=zae6Vddzb&vvu4{<=}4*rYFbx%K!
z6H3D}M)ggXeL#`jQ~Ja02So2iW&Hu?G9amNx3s6_%_2AIPyECBQ{<;oDl(#ZselJ7
zHN7J@ms9NA#*~FZXK9**?m?-ykh?qpA+{bniPR6O0zCr)ce~KpvRW#z{<>20J8IA7
zjFz(`KOfBDALZpzPgOZU!RQJ51P<$-C}?(~Ag{Hf`%^>hC+-q~?>Hs<p7#oQ&lh>w
zxtNH5T3^IJisNzfB`n`3VF%Fxy7Ix#SYB!TrAE;s*RYrKON~OP-A`lp+ei1n%`GzG
zuu1Kb-naP5v!vhn>sE(oASquZbhrm)Url+j#L?gG#rKTwm3TNR`PTo!A?Ziqjw4K0
zK6t0l-ze~AFHO#of1!Mc<@*yZ;8yID^76Wa?{6PVUMs1;BERF5A9H!T?-b)^q8tdJ
z$NG0gxz}?xe+K|2!1SX9imq{l73JEID!N>xFe+!?iBNk|QBKTnfPRoD*Ex25?lkEq
z?iSI5^4q9VdZwHsVaep!ta4PlVRot1C~&4HRr_tjR+a<C!6FsGIDwwT_WTF92bU6%
zuKBi)Kf>3=+0pn7I6QU_F8dFN7o~r?B67(-XgP=rInjN?QeCi;LZIrXc>>^p-DeBC
z26)5UvQa8T98bEOJ8g^Tnek_xz}dOxDXM?rB1!LFEg{;`L_dKS^?@J%MEo#+tpgn&
z`3jd0e!=mGFB>^Z=akjXuPJgu#2-EPZ0&GrzuW>T=ko`IME!7w^qX)<?Wo<;T+#l$
zjL7yEnqHuO`afuC!e5~u;Yv;KpnXYr%nyWoV84-%`K0ylmg!o)qJPVbqU`nSguE7N
zxe9u<oc1$2r~Nqf8<a4=wZqm;fs~$bM8;S99*nz1;vIVLm+6ITmUQ=^=zBP#{YIxu
z5nk=D?sm<8#OjfLIAy-XZQrEHValnJZhQ_&W_axW+gF|?1Xs1kOGKW~vnT0(xoA9B
z|HtfZ+8;5yoE}GPpJnWqNc&^IMA{emCHEAWUiXmd>pCKYo@jrj`u}b<Cr97mG5;wa
z9O3UR+y2e+#R^CKP00U-YVv<07cjm~xj@Q?b0sWaFQKJJ_IIA*tFXV03mD(rmC~+o
z$6>Yy?n-Unjzbz3`8d5dHL?#kNWE@hk$+4vzhO|)Z61r=ebv_Oi>Z0})w5$id8~4)
zzN^YfRY5P>ymB^<V;!hB1-Hh78w>y96kQjMvs`<sT+2Aitxc7iKhAOksdBT&S#E2p
z+{|&7+mk9cZJg!yr^=l+&T@xR<!Z-S?r5sqZ)l@G^aSe#W66DLN?(3C&T>tua{o5Y
za&4({-ydhW&8c#S##wGCRqm@^Ie$DqpN<q5zc8+$hue3i((~;2UTL)>Hs9BKnxpyt
z(|xCk_Hf{_b)d)}XgGQd>CyY>2DMWSVxRnVUH0P}0Zn+WlF-^=<BjcikM3iy7yB07
z*IuvoZ&>Tq?<$x*D_<>m?Y<xzKkYjcsBb5Yd3H|UAJ^a~*gkZO+h-7}l8&3M`JlA3
zU&gzhx(j(m-&0r1o@Sv=Y+j-6|M0k<4`d*~eU&64`o8Vwcz-}Xka;lpcNV4RgHa|J
zaSR2vPsyhXd;{Ir^7yKJ)p@M>q2`aZoJol2G5^8;?m;y>pMF34pr?1?h_pML+r)V7
zKDB5(qsF1emPV}?jio1^FCJmO`F<HBTFoDe%l$ygO=om`pLe2MMSYWbrkoGH#pQbH
zF5~gLQ0Mp_-$Gr#%;$C9m9-9Y`(ex*q#gNSEw?1rb7@DkF7u$sp{H&->p{3(_|#L^
ztNO5;2`|)rkulo3(>z+Q1Y-J5B;%jbEA2x)a4ow<z4<$ftPlNCul0}FC4mp^`+8Ie
zd}*036GZ!7WlYbx%7-5+AExpSlbD{#Oix<hOn)FJ&;kAX`~QM}r}|*?>Rm#g-wx1I
zwH>-1ID1{P9W9No<OJ*YQ?#9~OW-hH23|V92{r{ib+6*@pcd-Z@OLoB(|^9p^iQ<^
ze2_i&eDJ91)%9Gj+qRG6g}P_ajcBCL_=6CW4tioae}m~Qd;PVI@@<{O=i6zNZhW)#
z4a^&hl#cfM`e5H3#WpKwY?^O<9^a7fRF67NJ%jO8=+j~yA1)OIoR@22JxS|@?OTFg
zKpxPGP2j8QK|YX<Y5mK-%Tuy-YFp<i$v80<e$Wm4&eyxB9+6{O?)hLd^Se;DIEM~a
zsJk-<zL{LC-^`mlY212$2kIX~-(mSpZfQBC`8+ST{TNhatack;Uy<OetXmc8>iNwA
z#wWBZAM~gm{z(q+Ev%if{yoC{@bwJiT0Xc5?B#U;)+-yYhmlJ9M!7cbypj1o(SFmT
z{ic=a3+EOYuip<a{#75hK79-X=7T0KkNGs7xP9ZdTNnEJQ$>#5oxon%&(iWU{Q=#O
zQ_J*q%-?kXOWQ5$f0g*GzfI!tX*_x{%WseN2do>T2UnxR_-A(1=%KGkGyRr-Jp7&H
z(^G}N=%<ip)K7?B#MAx7_A6uE5&7x%^lhX>dQcAe){a8m*K$RQn||5%!b)P+2#@IR
zD@(s%eX7Q1Tc0)m1or1gzozxGK0;1UZ0COTjP>#m;jK2F+Is-M-=Ygd{HqubU{#1O
z6Xx3oaz!e4GWhnXlf<{bogm-9nG?^qx12P-{l!>(tMD_%ZwDV5gKs8(*!|_iuPpxr
zRU03D|D=i1EBmo5q@Fncq)4?;|63#-dS32J<F=Q5Xm{i{e1Y+tNdIJw&)29Pu{UY^
z<vja^@x$zw*(dYwFW2`2`QWc$<|^!<tvA|xFW9MvFQoS@o49$={)h<w?tL;2>vv-!
zJ4-~Mf;64g{KvxNmRynGZ9X?e+f(V^jcsRr`+5cVr*y?~`Z3dMes-mQJ$}8v(3ekY
zeDd|ao!XV9_wXaL^uCqSPrlxxcR}xq9L}S2#;|AA#xLJ5KP#d4ySV&`)ceUkUsHM?
z`w`>!vw!=mvHfiLsU`>Gdp?kJ%W-|<*NY>lZyfVk-Va3m3y;+s^(*x&tlw7phnHve
z-*Nkgi;G-uZ1=|RCw|dypUNlQ&&O|%pmo*t&bLFK&Zrmu3^ds-(e;C2ng7{5KU$Bw
zm#g7<->+y1&DNhHyQcF1<9}qwChYgTEhwTrjZ)w7`is6DdkpQi^|Gixh#fm#zK3eJ
z<MH6XnBX+NEdD(~{4>58ztZDOMDKizMzn5`s~fj{*^Ks9)2l8<7mY*cH>e?^;~9@b
zuSm*oqty3I#-Te|etTt{JZbX#dnR-|^854SlHd64Lwkn4rs*2Dozne96Vacx|Ev0Q
z)(O|2`D5tMMCWB4bu*Yg>#w%2vQYDY=+BP*qNhv6A9j~Y7%r88%IP{@xK#SJyHvt(
zsq_<fsf6K<1B%Dei~J)l*Q9a73$KUzakyN<bK4}GwV1=`J&dk*R=2C);Cie1F<JBQ
zU(*Yk%6a$~g?_WUy1#Ye?<u~{7s1#**EC)5ug@m=Vz)<*{@K1ulTRV{Yc6l+MR$?C
z!~4wj6kb8_whyQ$cZA;J$orfTax8!s@yHI_I@xq)XE6TvET5G68>L+IUWmqB(3{@(
z(ouW!e<M8~d{oK}$K|l@m%08={IBLO<%92y8_(a3iKpSeK}nkbS@i4$o|HdN-^<D@
zpS5ni$EPE*_xF!k-uH7xQ9dg7lHX?0omDTrx{Uc4mH)_?<^6j9JW=m&$6fBBM7ig4
zzlq*AZddt}zCivnNjbimI?s6?f#BT9Uhh3MpTF_q(C5E-cC6Pn-!MKP|3**mP5;eq
z*#1hlM8;vePtG;(k$&FT%7lj3%YE*yc|g*y*L&WZH*ma=yGGzfv|N+eu?5twIh2#$
zU*?*{AGLkZfJ04ojyfC`deE;95`XM{cXZFdYQb;k-QgD&sXW@(OyfA#L2&*W;{fp5
zy$&Va@Ys=)dojW;%B06Xca%6!a=}v0&-1N!gy+;F(th=)&z>p!aLbz*EWrCCv^U&+
zRNx*H_&n{314Oz$>`%heQFA_rW=FAYkeU*heRNlGHhl+(Dxk-{S8e;1^TD~CZs!=_
z|8sfu|Lxoh@M7cwUlH2APuF~a>B|S-5js=#RGxpDC-up)6YtBF`nGcUN;-x(y|Vtz
zobH;paF`Etd>P&#=?$W1;jrjk^gWuLTs^I$j51tkdbfSA#C888^a1V6^XU!Z+la#J
zJkm`E)s#NGU+Y)Bh~N$i9TA-Ii4+XwA~<Pxj8EES=f7e&;X@23?RL6v4(s;RU4w2N
zkK%r+?O$Si5&YqG+AkY=rQO%rcYD?f-OWN*sQuX9|2W+b>>8y0LXJ8OJy`c468Jk>
zpZeq{KZ!I7YQx6_uB8jP0*BD{U$%6SV$lPB{|&uZH9Hfk9VoBi>|g<n&vWQ!VG`cH
zl3mdE&bGdWa%;Xr{rxoIQ-P_0{A9mJ7W`hXKDSNEfsc%TwS;HSkQbuicFDK>yruh!
z4B%FbGQUc1Zsd44z(G*HOTuuI_PYmEU+#xiQUB@I@L@@JeFA6uVjT5DJbgDP-W^g;
z-_jzdqaT7FW;f73$ZQ?!sFD2`;VzZmx;BOn?_SQK$*EAM^)?IMp1K^D&j(-N_LSE$
zc(9Ae0^ao$UO`E=Z`kZI_`aC<UKX{E^t$6zF;H3X4|sgH{mk}#FyQ-XE9r;65DIOd
zsPZQ?zU~xxxLfuxz2Q#LGuzMZZrR7_Zrgqd^<0R%{h-8G9FkDaPetdJbf1*(*X*J8
zha(#pKHNSa;f}Qu?(F5z^tOZF_L82He4shu$Y##Bere~}qJ69+H#{hRCxy1YTKT;x
zX{W!AaXRtc?g5Fv!y)bU;pzy^>_L~>hn|``-XGCZb2?MpQ&Z19rcfi}!AxDh0c{{L
zA6$>0bpQM50c~reu)zDS01vz4!{fwYK6okp6*%g;bna&X_e8)0wGU6KMS08UFW}D#
zKqBCYB@~_;Ory|;$Iy`v+UPIxn`9qPO*8Kk@Zr$&^TA~bcWwZ>3N_~iu+%;r>ap*3
z7YGmNDbTnImG<G#&U_#fCg1@bg_;)LALheB?)gB*Wj~!%BIr6(`bD9(iDJ~B7I8rE
z^ZADle+H%GgSi#y;2(WAp&}i8Hh;s%1ODX$++v+<5BO~RkbHQUo;<fI2@lF?KNS5<
zrh}h(=4vt>dSd4*ef;37-G}9;!?K&b_S0qmopcmGy+H6Cbk7v(kMEfh!x^UTnL_{C
z`E9aOodise^#|K0iG9xYz}`jcjUw*A&Ks;JxFP|rAz>nXndbM<dK~EQ$(<qnDK|^{
zQ?8X#$sSNSDnjR?U%_EMXy){u+_R)V5j^Bw$hB~P!uckV|2&36d5Pbs<!15vAHLrV
zJul>%W#1T;6Fs2Kf%Kr9#INOe51o(Y{*{|A{VTVCC5rldeLy*hOTR4S&XInWo5%eO
z@V-6(UgB+BPa!u)`de-;%LnkjJ^)_gOB8;A^t)UW_dCG*`T%%|U!?H!r2kPnpdSTl
z2lSzPzVt7^<H-ll<Iv*WizGiEoEN1_zZSa(II$ZGqI~IZu^hx+%#HG;e>FyNv6r)>
zI7qR63H)LoY4Sx6-iJUw7%w=a!q5}w>$Rk>9onz5@`tD+*|-C|Vn;!p$X)swdWXct
zZbFMBF8vBzl{olk{Sx)v`MULYc25QMluz-FJMW-4M+0a6!`<q~+>P1=4{GdIyB77c
zm7E=vuhDR^hA@`&0DmKeErZg}5vTu&9<&1U85u{-kAwfi;|_tp#lL@o$VEHAm)=&Q
znYC5$=Lq%=t<UVI(|y8`pYWjg4XD3}dK=VV(DRZuZrgq7_CCw?ALVi0*3Di2VU3HQ
zk@hFj`>o+$gVQF@kQN^(O7)L&7~1)5^}oaIihs#g$+vSRE5r}#yBnpce7)Sq=jMyu
zc8ips%fMaF4z_VL-Zu_qq$k}D*RT9gzJX65pszvhH7f7mVtjsw?=jn{aq3k6<k?j_
zA6ypoirQ`W+?o7spEuSyW_}MnQyyCnLHgtm`{_r7Z;?C>aNOrV=)$@4CJ!I@{v@e#
z%zx#t?pwF@Ll^C9S3X4h-lZPf7hf6{e)QEBnc%1&sQ%5XJ&o<Jz1PNg0?UMRW{nh<
zr5N3RNE!4*@6RZDgy;|9_|pS1p-Z;B{@2`2<D2QZ)f?;Se&vtox$EDn@jb$)oxn<X
zi4OR^HV#JeS}OTv8HOT$6?pVP-?Q__YIlfUw4hJV5%xv>&)&BwJ*ua+uH))OUu`|d
z)r;On-*Gj3s^_+!+}iK!%@J?i>*@3c<?+~hQgpxQu%yH8nEnJQ{dv&SAJZe_zpZPS
zzk&JM0HHK`TjcmV$5GQtst2TW<jz4f2yf*evEB+juyGA~g9r6~=lmFNsP{lb=MRCD
zo*4gZj@!8nl>dAS)z>BZW#|5ozJ!L-G6q9>Y+c>vced^exSu?q;M9ItKGJs+-q&sr
z0?L9unopuXQgc`bj~)BzQov6}eM&FZ^O4`9{h>SnDq{NuJ5cT1L|aNun0f<0@S)tk
z)cR>7;e|iADpl?kUOBsez}_QR{}{hq7cl)cpY`oiHM#DdkX+{o{$a6)Xzw88TB?-m
zF-ni*RpMgNxfGQ90OV=%(tM=9j><**eN;}b-6%h7J;286Ecrsup#Lma)^@6AQ0u1v
zm@c>T$C4cR?GusrJWp;Dk@s`Ga^;(Z09&82eRbt?CEYc&v+kljFQOz{F9V;>`WF1S
zQy4HSe+}^#aNq;2(;fj}*rn^24-*mexK;^6TQ6#*0`!Cri(p)<gyF-SOz;wh_gY-_
z;a-E6`A2xK;Bl=NFkpDE)hB*A><hZw9j#Y!{vEAF4$bbkCB58kw`8q`of@v<Fg!=`
z={lL+zvNa7X};34Vync3O!D`(2p+xX#q|$xywBD#>7$1r1pKU_Ft*n+Zu{S>Sw(#H
z{jCj%@8D*zpF+op=({l@Kgi*HdVd(%?VAP8?gw#81kUdHbq&iSI$jNWh#2TC@O<f;
zRFB%r4mw|k2lS@l77z;}`41M40M0eEGTv}-rp6a*e5%IVB>u4K%R{O!x^CvoZz&NW
zz-NAo_J3!7i}q*pTf!aEzVJ#eM&(2x;gu?<des{}-|XsDZ}j|gS>IQ?deNV7qm_Fp
zBMdhhJ>o!w8&yB*U%~nAL9KtI)F0{Jq9P}--VqP)Sag-Z*Q2))U#S{O4(_=BR*54*
zkJI&S*P!~@p!(S$`dK(t91_>u#Qf|zwTAm4<ne79!%QyaM+INS`(m|M{(G}WAa`jt
zt>+2ej>+P`n0@o%zwg(h?Y4DoZa-BGI^IfnZQUSxU#I;Y`O9g%3`bON8iihaPZKt(
z92yRY-ZZKlbbb>ysvPuuNjRc%i13VRIfL7$al^YOg?BH<qx%qsMStzyrf^vF*EI|X
zoUXsSZCf~wenO^)<`o+x|Mnvi>iVqtcN6dD%NY;&^*(yf+HvX=9FO|@CBnCIlZNWA
z+PXRDLXYtK`6`l&Z{O4T@A2dt>AT)X7WD_ce=X`SQ-!bLMxn!rxY&NMJ)T<R4A6t;
z>Ga&z(_O<Lw>LDq(C~o9O^$M3sNGZM8bZ$R+op0*yX&?c<#f00FozSBgYOr<k>n8Z
z|7vMZdVDp%8SO=n_xazH;(t2d`TQSL{Wbm%YCkak4=Nvw|JuKe|FJyOE}DIts&>)r
z+f=oSX5XgjcnW#ZzdNRi{X%<=N1iqwqI?aZjQWYm=Na}BUp^~*`5Z_8_{E{I`^VM3
zd?J2{oPJmR1AK(!BR;CX;f$XrP~VFlKfACfM^8`fWLZD1ox+}CPwjJgJS)`7fNJw_
z_|f<5)yW=}!}uWUsGAhe6j@KMJzLh3YcJ<@GQa#^*kn=57bvvvkM>YG5=T&|y^PWj
zUcobazx)}g`XQ-&u%7;+9nX>VWvUlFt5AC-uP^)M&q>vfo@C!2E!4KjI&<xd*#7(F
zu1?h}>zQj&E!DGB)|+du<`q-FTz9HIS@-PHa@WebbM1A!(&(4_hs<)fXt{P-f3Cfe
z*Ps1z-$<=T&ZiRg{ZXtRoI-K)SA9Q})FN7Mft>$3RX<!w?Bm&znwR#@2L9ztmruvu
zRC(doRTXfHQhc385c%Np3b=DpaPod&aRuD<sd@$9g%xniQgB$Aw)J|y9j{5%iy=AM
zx6;UH`5wtzQgA}wITiH|X4XqgqzCeW9T<;%)@R_EN%HAU$>#+uA7~xTZ#{Z{o+^)(
zT6>S?!#$OP6a7_x(!+Oe3Jxo9wvWWeSDS(Z3iv~h(<`HB9G**w^u+Ir)jrjzeWLHQ
z6RYU`r`RVR$0%-o8RpqXz8~AEeDLQ$NAGvlKGmpws=1o&Q&#z@iSjZK_fR>uPc<*5
zwxRxO*gj>I-;yZ*fYz_}iRxwhRPz$HPg&*nd2-AL8@YU;W`)?Nnm=aylvyrOZ@-qi
zR_s&Fb!?xq${k76*Qe$FMC?;dH`}MIa-E6#UZdq!>-*_fvwg}cw<l3w50{JW(|-2r
zAjjZvEJs^E_1CNRlHIa>cIkSoAK7~p;5+cQKE4A{J-zlafU30nDE)f&b3J<*p3cQH
zz3KXZzdgZ^6;<K(B;a0L6>ca2*H#toP=cSb?;wl50|~fA)$t|jU04<FKmv{y3F*nI
zH%P!OU^t93ZC<+V8#Mpg_FKAU@%Mc{pXJ^x^D@BWvHgII*OzCr%oqLgEYD_<XKZ&x
z?`*$9Ryzhfdd*&D!SyEK#9n5>wI<*&I%o5*=)qY(fWBqDe?mQYV*M9A_uG&62=@L5
z_V-!7{gq*h$F(ef&F;mu?+_K}77bJhzWd{<eQyZqS>s;$N+y%-|9_tC*?*n)mUl`1
zBr>`OiQZ`4za;4<cle=Al!SKtC8?mT`yx)oXnqW<P3c`6MB}W_5617|c^=`h{U8<P
zRNsLAvvjY4t^c_D1%EV-X*(bf%*gt5Uc`1yK=HTDw_jVI6^~=S{lPk6+#b=V=sm5i
zx9NI&wBDxseQmuBbbzF8rOWn%S^NC=E$^jvSvw%VXKlY>0L0>Px?Y3ygBQPw2a6}B
zF8z(&?~U{~TzfZb(U1Q5V;``4@{vBNYdJ|e2rj<su8+7z{PN@uXO*6;@7#TwO4)vB
zqZj=645w4W=&}6+CVxBc2Dtr%+umbl<v+^#qyY3}<-dv)%=lsN)9kxQwh!C?e%}p#
ze;T7*@2=9W_l&b$znC|6yFS7B)!X%4uU*z2@auFcV(s<Q|IUNAd<(1HFXykH6p6p+
zx05MEJ;77S`FT431{$sbhkoojQA+G1!akIz$LcR(l0i>T?X%cF>ZvX2JeHV1Pi*IP
zJlVm?ybgbq@cVx1@{du)`oO*bHT&0|Kavk#%n&`bb>a`wd>Izp$MYW_P2y>w{Cpte
zUxDVkbrdhuHnN492z^ha@B$C$o0_0c#_dAwv)OO->6(+#KHGOU5jtL;!b75!d18W&
zBBdtz@{<((uxMHHg|DRGV7j0W3#otD{&>&}3t;2jSo7M8Q}mi#+Y|JjM%X5%FH=)^
zG5>=+T0Oj=`$3}H^fj_0x{u!PXaC^A#d>`f_nRJ)Cwg=bty7@gh1!?XU$UFiq<=*F
zgD4a7@aIK)eh}-U`4O>SqWxl+(Q$v-hkn<feikaD$Mz*)9GhB-@#TYUoDcfWpkF<;
zSMj=1p>|c(`NLF?o_z2QE#IL1X@L7vc&4<=_Ep;b3vS7t$bawj@Km--)`=tim_Yk_
zFF=o$Cm+0#f55(Aep{&B$n&b0e^L+la=?>&J{aI~h1wTre{bXdo>i{ZYezl^wcHiF
zu7-6cn7r^zF?^xjyWGfNiTg7D@j2)p|4YkX$$Bsz{n+BwU&+Ub>&J#y`1)~^($iLT
z-hCv&x0@NhG>sTaPhW$`8+=Ra^??&i_dwC7`wFf<OI}5<-h8mMDqMR4?uAw1+7fWp
z*EjYh_;gWKe0vgbw3&jQ@#w)GkB$?e2YY*ceio|I8+i5RgINsMHBI_p_Zaf;^~#+H
zdJjK8rq|wM`u_MHwu>^aw0-7T`f<qPztIKz(CLjAmG)Konb}!?{{YY1tiNMYK@Y~2
z4(jjGxN?r9M|Kl~5k3BV>lzQ<_DR@2qPG$(IBxjX5WPi;uh+1LZnMO=*^`^WcD*Ne
z4#W54F6Qy*amvF}$h}QN+m|QnXvim2WS_Qheh=LuNy8oCYvglpJ-G{bA8jG`a@}8@
z<9I%hbu^TR2GKo^TK-x5UbH8-Fqn<J+)V+w-xTIJo)7L}IFv)at*7<SzIWL1o?I*2
zqeAXF8Lz0E?8|mhIf=`98sO(qP9b+~FqgwW4#0BMhxB}K7yTtamHtV*kK;YL=ZpQ%
ztsoeIhu@ax(>DSy@z+N1@D~fYW!w{hU;M|loDcjGUlYM&WGLjWlJSDz5vTLcoDX=3
zcX7OsyMpa#A=k$K1n@)d`9StV0AAwaU*P*U@V^SV7X~vp%;`BrvFm`B_c0yx3vidQ
z-V|~#2pTz_V>#u6cFqU<9Qv0JUdHi4?oxSglv^U}l|+xMBkMXEK}q}?g};PPt`u^M
z*`o&iO^okFoDcjG7rR^_{lrQ@A-9PAD8P%~srH!iBz`%UFXS!^p3U$V@pozg4?WEX
z^4<aXC4Py*FXZ)HoJ&NP13dbP-SZ51iR*eA#brHR>@xD9xA}lJr_qBrJkjX90R4u(
z+4~3NL+@-pfjIOk&srztVL|O25Ax-G9i$=o7)SHmD<odaakNU}khgs=3gu^TT<kL9
zMUEp?;DI^My;I`w1MMDKz|-;u#i!9<$)C@0P$hB9jPeX6amXvOuk?E|#~~%jhkR^a
z5By}-C=M=2K5DXc4&*~FdA2^1e=fz%&e`{jqw{R)Py72|&i_WdE@JCX>2-{1=~fT=
zNPp*~uTT&?ao)nGEZyeGcK&fCH5T&dnJnvT1-g$GPpMP*Wqc`2uH$}e>mp{SF)l2p
zamx5n>O}8H`_ZduJm}&evg?3<8!5y}N`_-?p`C;62$ryBVVr~AK|ARuk3W-$FSd`f
z10V20eg@pl)F9MDWF15P>&aB!q2H0gxVX0Xx>uuY@wPjAoqk6K={>g=UxW0XJJ;Oh
zW<U$b)=+xKojn`yySJyC((y~`1&{r8hM)gSa-AWazs#e{^$LEY-@f-_`!JA>erxMx
z*snYFhoW<+AMN`t@<m*M?U%wl73cIp7y4a`p3g2!7I}tUQo!^u?2<jn7>@xTc1u3)
z2LS)V3xv){U%Lnha2JZ4LC2S=-6m($%k3t5Q4;x2BEOf5#r;6KC+BY@nj`(3D{yw+
z&7ZISk~*Tng)nmTgkt819-%Y55Vg}@GWtg(MDP{+nYA6DZyDjuTKBt}(}_5G##;CL
z3DIo!A!}Xl!<-LlNM0olqI>^Qe|cU^XVgCRry{;**oj@lSA&n|`Gk-j^S^=r3m)J8
z;AhFXs(jGTeENf*^#?x-itsr7`-7haJ0=4h_|ZuJ{-^p`uzMI{BKvp=Md*pf0U0LP
ze@KthzyA8z<M_2S#sNRZ$G!ovw>F-;POgUM02n!<`r(Aq6TNrRabP6@VPxpZ&0#+W
z^9(#TPGCI8$Zhj<yr)FHc5cyMFTndd*U)qX<>9wX{!#2N(0+SPhhKqI*C6}w0eAYx
zeK^^VkMzTyzu_8WU%p=-)(Pz18Q_IS=JZ~g@=j1e?dXya@8$AdJ@9wQ#o&9K-nlKV
zAAG%y96y`S6ml1_UxNF~iomCQ1KfP7e<h{CkL=U$J^Jr+!4HGC_jK^1KIqkldxk(a
z@C{PE{`*>92hsXaZmq`;!0#j<#LjOaKA9Xgo5z$#2`N1|#>jMRl(<jFkG=I7&;c$0
z&kH~Y`K);0=2BAR-+_-lzraV(kM{s+`hG$_gwcm`|L)gE<>2XAJt)69)xPg~<w4i0
z(Ow7*<vKZt^xNdq-T!%rBk<+m^U-hr(f^OVcLC4py3T};1Rr3x>4%9wo6t~wvXCLP
zUyvPNfJU`|U<hpru`P?ZrIHX-#*S-bIhK!4Q-rUH`={euY{pOf4+0Fh)4%c4{8PJs
z(-FPQ;9fHIlX)g}JJSj2^y1!0(xh&inE!p(TJQOejwG-Xr=3o_AJG2xZSA$!UVH7e
z*S?%0K4=6`wD!N9?LXr1+5X=u^dsAGu-Jcv_8%|d|7qY)zFZDaqf7q8@hZUm6T(G0
z-5a6nuaGW52i`lSp3ZvA2Yv)edX1FiNICu2kdgU-hOJXZfA~Wm9Ex+=9DhGjAN>$<
z8yea@n#Fl-#^1ho_Z^HMymQa(S})}1c<%|jUfj<v($V;EkR`pnGw}oY;KdRhkCgbJ
zv%m+<_aJ}C=&O5{#r5oUphG431xsgpKa2X+Zu-An2v05}cAzKvl^VUyf$VNM|E%^v
z_TTCPU({MA4G!a1Jj0RYj&M;W#@a7hMAI%<w{;8cdo`rgT5hubWckmR<d)m%J{je|
zHSB_2X5px{^qGBy<wgtTD#_18{<1yr2D85~|Lv1g@pQY)(I_W-;B{dS>@~X#%QXu1
zuzha-_;*oG_Q2~+zA*p4E!D$$GC#lAvdY%ov{TXo!~Flg1fLp0C3!rDPkPo`w%R<!
z{O_C*K38PS_x(1`2_L8${7;qgbH1x24>3FPZwq_ib*7mR{-;a$cz^7V{O?cdR_+GV
zUzmSmDL>d3@UzH&eb@tUG`cbW_m=Q+dfHF~KD}WN+-`D(`4^Vpd;Z%4eqY!FZ!&&n
z{<~-7$32n%17Q#RL9;V4|Natu3`gKU6#0K3?14XIb|>b4wUpoOYdb7I)BmEB?)I|}
z<mp|7ainvIESHw(;&i_*FSoV?*VDg0PyhR(yhrDIy4zg||EEjvy`9(Q<$q;H`0MlZ
zYf9z4U2b<J{NF33JKwL(%l~F6-TCmUJiTWMUEY<)zg)u0?Ypb;^x;yv<Mo|+`u0+~
z*UMSU$H&eRUd~?~dHVKJy338WJpGaqe5X5%0&t|u(o#C5kk$cA|5ypW<Ihp#<?k=0
zd;8f6Pycr%_+Fk^c>3crrek7_^tYGbJ6}+Gc=>NDrPF?2+=qG<3cmDk%{%3=;^lMw
z!ycF|ALrpeFV+h>y%YIa{!5t8>0c5)=XZv2?KVGOC%8rX)^`IY>!mBF=lg>`9oYAE
zOs^XB{FM7$_{n-YfOt_)e-ZVvA6FFC1I72~Hr1N->Af!957c@kO#v8A_vYFjwP4ac
z=yO)CXFulgMfl{$W_h>M>3eK?XRnz5TY!Jn#bJ^?<@J{7lH0LEU#MQ;^->SRzofCA
ze_b!5-xu-udlQ3<1)VsV!3~4mtlTCqr+e_7Sbz~@>Us3_?(;FwoBcWl{~E;C@IDru
z-XWzvPe>UqmoZ-ZuR3q6bF0MH)2E+%u>LLRtERu*;rZFmlx*q5%LZTX<n^}txXAAE
zd^(qz^HY5Hkn5SKni<EJUj7dTN8kM>{C*_RXFKWtNFglx^F0W{5#4L{wY9H<?#mq;
z-8=u^neLQq-%Pr973fU5UsDK+KB9jO=Y;6eb;t-;YjL@ruJ>`)+e&HJ><^A3Qo1&u
zyMW;5Sl<@+S$^+#o9pIU?2}bYJ8r_!`QJ?MVgV@O>bzXK&cNsI!fBn!_Izdve3oK4
z&I%YOC3vbw`%oG$&2~(cKgD+Z@|1e~J3xY$&2#z)p56!0I1xV=&$VqY$j{<Ai~5PC
z-mY<;!_Duh#`*XOYo?uh<M^grzPSLG^!X_;7=4X9Qm7dIS+q-Gy?3m0vFRn=uJV52
z+4cwKV7;w&pDo{iD$JvtZ|Gz{;gu^=q0#9HHN3w`iKz8lZ|ed}*ZFPXn+2b!e)b<7
z;j`Vci|C!`Vm#qf{`?&XRY~GIPnWWEQ?93jKpKwk_0gp}eVh<3-7qTQPqmxxLz9B3
zo8gk`X68aYh-XPm2lhVI<oy<n_lx{ps&sILMbuhc@9A7H*VaSgQ}KiPr-t`P=`{aU
z9X*qyjL*vj9U3c04W|qJzKHLQ@vr$hFX!2lTD;4!d%?Ho{B$JbIr%Hk?`#A5csqoz
z<as6eGn*gOKiP7pV;1jpX<szEC+@)<BbJ~S=1uA!k~6aZuphgSPCkAM`mCt0oIw6*
z`pT$*v;3FAkkV_b<^tdD_w?fUU&rwu@x8FZF^9s%e2=3(ji=%{D4y4*p7*}O_+~k3
z{(Sd)yfAKQH#t}c6W$*c#&KD0iyq{^I^d0kPx#{qHx`B5Mwo7B<yV{ZM_=hX3bM}&
zULW9azSsnR9RBE%uUR?T=Qv(A!9T(HdjcN9tfFGQ(HtM?AR^&*EJ8=Y$&Sl*k&!fx
z^o~}w-LfU4F`q~;$l`k}mE=mxAUtPkH%EM9k*_QIfS0uc{y0jG-sAh!dIx?CNV7eC
z@GT#F%eV41Yi}_hXO`*tf-ayF*At{0sxrErhCjNbNuRk0Ykr!J*Ua^80zRh*C;E;3
zYxu%9eBqBXJ^F|GB`KZWOaj9nG%sn}?|yfjfmT0AZb%<xzx)(7{+s1}K<m4BMZ5M_
z(SK9Qbwc01+v~|5^!g=_r622kkaUH^O`~6H^L*akJ+Jw$%;MsBigu8%(PSIH{{<JJ
z^nO<P9qnSidJ#^nH}ZB5IlgT71HeCf%JIsE9sg|D)76gRItyU)@vijp_$0rOA8M_a
z8lZIWp!t+r@4&CdTRGc79wXlh_|&I+{>I}NPrQB%^D2GT$8vPi&xTPB|E%201^H6#
zux!a7g$&#zjmB`pU_$1X{H(6G=;k|h10Ig$ShC88TT*?%<A=7n&o+^t$AD@bKJDwq
z58DxdtIcIEk>9`K<H(0&Qme2OzsvPLTNe*qXF;0}SwimzXICAx1dVf!EA~vS#m{@?
zbVOr}j*C>^XRW>_onn5B`iDWkDeb@9s>#>Ole;}Uc!T@PiSFmWT&X(R$<RiRpO1Dk
zY7Bqs@Hwwr`+E?8YkoJP)c&~+sI#Tv?GO4>A7Bg4)_!titpyb`-=KMBcUkev9>*BA
zo9!dNTm;p;NWVJbXDZ)SDo+eq{@Y6BduA!$Qz}p1VEK8a^5e6V|G`pu&R8t}8oHWt
zl7y*|;BduuKT#^j6${Jper9=J>1^Zc4phi;9A9ajwV*!R`GouoIaOP*l-+~x{oVZc
z^wZE=YV+GIUM8IChnVX9z=Xy&OSXPtd>{IUF}-uVTw}p<%Yb+B3@-cc0;FeK1}xmz
zu+q|XMYuXjD1Z;+SPy*i9r3QsS;^>RGVB-ROBUR^!J?<clRsvPXTQ%B&v7?XJV-WU
ze7z8VEbybA(+h_r^Cv^DP<{~4{*6q*ndj@>Xa0A=F+^YQrS-qp)5idp?dXs8Ro8g@
z<m1hBwny=lt5rCr((jM_X1{1@F&e{bSrzePpf6Q-;vvUO>>v7#kZ%kVk3E+zwrnHq
z5Y}+`?uYeXwsznj7#=$Rg!eBq!!_pmk1_nN<G;@54Xyk&%U9H6U&MDw$-i{0?*M%A
z>qVUi8|J_>(wWEbyVoP6r&4dIBW-BO2OXb>Z#JLhJwN|CJeC}WlF<bp`|@99d=a0$
zxNkcXK63*fLLyz|4F2d;_$LFt;50@9->^%KAy@~1p_La}{X_RGG#~fHrs1;~f>&^g
z^!ehlsd#^?l<y}2pLG07=G*Dmwms(la@4>6eGA`5y?uP!Ti?Ujx8i?wk*AAp*^=#F
zW6aQ!7Yr}qovqyN{q4<8ZX0wvb&-xI(66eOcnrRMD!w;^&c*Z{rSyepkIu_JM5Pc;
z{U-Vr>w5wDi}0=oy!2U@GwD&sSLxI%*#9TP=X)fSGq0zfa=U&X`eYH0a=U)Fl+Jbu
z57{@1<=GC>>oe3-kNWs3rf&zHMLm`HkS`9RJuJ5w{hi(7c2c~PZ2hMC8u5;*^#0D)
z9r$vFk2`qK<4h!BT)g1pbda$~=R5^hT=!W!j(9xvBjQE-2A$qx7`orXTOV<s`S8!=
zy7|aY7Sj3L#&up%AL1;&!^^23WzWNV(1u^HaV_gZXTuG$Q|Vvpel_?;=eYUCY8^>q
z;Y(lF`hLgFtQGCGzdk=RMtc9`gPuS>tmEfc_&Xl_1J}zSSLrJFDjWUI)_dkGhcCNH
zuAd!Ys_T`cTW*&}KeE1|nCIq$KN(i}Y;E-GaUYk`^Bb#~3;Cq)0nR%RZgc<u<J-*x
zULUg`>0y`O#E0|1$?&ta5szXlsq^~818j+T*z0M2cf}`^B43bybN&1ZUmq6Jt-T$N
z&)}7@engOvcWiX{qCfc>)t+f={A<^<5vHpoe`#ULuT{SiOow>NNpgb8=f7yib6j-7
z1WcdsSnhjE<*0eH+~QKX?<keKxl~T|b(P9pTq<{esT_AqS>NVTxrL>2|6i%x)lqJs
zRPMY|xi6H;HKN?zrE;x>a-=t%zB`moxZITfj`_gGT_xFN`O5s09&-M<?Q-W+_J{G|
zPI43YaL_#T-@840$iw6>$uY*%=Eb^Z$kR1$^nK0Zc^xa~*^<GH{$n}1p8ILlV1c1n
z?@0dS>pHZTd_B3%%Qg8s)-_RozOI}1tu~(Xbsfe(Iad2}(udMRu2+zrJ`S0SeESp5
z$A>Lwa**?d?5w%HbD5_PLr9Wx)eRn=d?w1FT~-eD(+vjxlr`4w0med(MEmpg9OCNu
zPdZq;qx`h>Y}8*fX-zryd3=cp@X#K*TrNevY)iBk$Xa_BdByC1&M)Ni^16Q?R7#D<
z;(W$=CFjGInb)^7@qv{y>_Cr={^L#K11d*wIUlr~aC%(l@fsib`gU#1yT>AZev%A)
z4SaSq!l1k9D`5xJ{LFSAL>AIzYX|1>hm+S>LhD@8lbpo#tFa(VH4hZ(SwMZ`EO6gr
zaF0)eOFkpq@0tbfbLW7&#^7#q{*L;IFPda<+X?ru>oa;+SnnQXEAKYBqVFH16CO^F
zyFBS^`S~-Zrw~ave1FjLr-ytV%vK(cu+t0Q8I7>F6W@)oF!dPnXC*ml12S9U_z+L1
z1i5`ec%?_YTw{ZeUwrq);507wa3wkH?Y)p#HSJHexm^~XJZPTT$S9|(JsvKOWA;}y
z_*LU_u-E6sL5xzCSX%kA`Q4RO2B6mB=VCNYq`ws9qVd5qULVIl>(~99p;*Unjqxw}
zAo(~SoyHbU4tV*-Woqxm79suW7|L@#E$c&r+r3=%X7}}dQ=T8FBWf)C=TV-JcRb|q
z8K&#Qf5udik8bjA_owM^h_>=~|B=y$bfBvw|I5O)xxZ(=+T9oRiLb;Dz4-2-mpfrU
z#21^u7Z8;*@P+eNlP@Bi^TmMGTeeHS5x$_j_-62h$)SJci#Ny@AD+S&oc}0_B=4K@
z!sSqtFCv`t#nNw>FHFDwCddn$kN%Y}-XLGBoyHf85MSV39G`~{A25IE<3}xjI&rgw
ztCvygxIV=hW3=6ZNqW@vDSVgM@@f6n*lERcJ-Rs$ea7Z<$?a^d&yT~%PCm`oaR^iI
zt5qD1?t^PTzNm-Ud=>Vf!AqvE<EVe?JGg`Iigg@>B_Z$7cZ?`J;b<4&JkjWgbzJbT
z)^V~M@Sc92A3yLNS8xA>McY2gx$GY+E}@>`bj#PvvV+9>xbar6r)dXyx9O>xPjfrS
zEqkqg+6m~2>)5l~Km2^d&@L~xb+7xy`IV&Myh}{9&)2w)T1a#L)4E^wkMg{g9(DX?
zwS#Ona7op{CbQWuI1dsJ=@B~~boyvM?L+$+Q+?9m&1O&8ar5VG{16^p1&_+n?`-`*
z%X0W?kJfWVedX)2gB)@BI=P;;z}|6%<1IT#dc^ssvE1V;$^SHa<}e0@j|*o|%5#nj
z<!`P7U9qddK1f&W|8I_+<F9;vpwbLiN&Ne0O}-@7;O}ETzAMRpu&~<Cc9}gV{M%Oi
zKb{_ZKRx|fOHYsZcxh~M_&OI{NjCX9;gDssb)T)b1Hanbiyi(3PglRrv_7+Pp6yLv
zp9%lTz(eaag*)ebZR&n3@Fz!Tz22apgsUWfZv0V{gHzV$^JpakA3S7UGI=2UJ>kcA
z9|l{IlG=YR>igf+b^FHykFa-4el)_NKTF@u*Y%ZCP8aX?raX%BTGuz{naVVNuywZ&
zBkaG%dcCwBnu!ipF7*93-F^}E=k09yjj8QKceBT(pJ!WQy&m&1zVmHzzq}spZ26<F
ztw6c-kdMD?rO)evqkgZ=bwEWvviWp<^hZI@;<|cPJ-<G6{l|4GU3cX>tsn5cTk{pq
zdDPl<*z-{zuyy;92&12fht@;+{Iso^&aPxR^HHC{16;a>Z|h>5EVi)h?Z*(}{5}l7
zj{jrf4{pK_xO^RVmxs&i#eCkmi?tQ(@6n#>jb2XgpG;dvM!p@xu?`G;wGI@0YIA=#
z^t(Amw?2SnjT#rd$=7WB(>}cUGXaF@pu-aQGug3jg29b;6Kg-{X7V?D$>|T@=W>Jm
zVd>$2`2N_}o&a#T`KZ_AWYC>({~n~4og<xadxiQzdLi+92g*0kyFD^Zj(rOKUYx)F
zUrcz?4{LZojBc{iyrf!lU;FLV7*E8H^W@-rJbkd&{iQejt<kly5eUO|r#`TAJJe&I
zkMw)FWPg4Qb%}nk3)#4n-TBsdmnFNy6&UHwS?Hx9?jU!77+eLXPU)x5__%C*V0Ju?
zm+<(@A|6LvKi521eLtasKG(Wm4L;VqJb7Kj$2?nWz1a9c`laSWjw|xX$R(b?*81uh
z?x0Kte60uaa_c?c$TDvq^+*01je8sH4|ILfc)x$YO7uw&dHZ$VP;iz1Sl~gv=|XwZ
ze?>d#=kKm_|CbVMRC2TubX<o>IKsg{8y74;c|BttPFs7E{@qX2EuQe0Pv3o2{|b)w
z6{ruhJ(C=maFyieT_1YX!}=Z?`RI{S|J4fPQ0sBFkMeq^aa%3s5Bi@i|9QpyXd~U(
z^5fIKIbY8-4o;Nt|Jr$l{DbF)|F?zw*-ejpl_j#Z2h2~|Xt>&fhe0XyM~9D}+MIvm
z;W|1Tu9iGu;mHRqnD3WJ9yhk5<KP&kW4AD-H_A2cd)mrVe)b?<=R~wGNxho<UTa;6
zRP<|ydC3?`5zf{aFU5HF|4i{<{TbugvYGO;g)_z13-QMSKk~<v^E)92xlcqq`>(_w
zxV9MQ%s=J)&T>!hzuNsVz-2r7qkYv#*Z2OI&h{vt=Ub+n---N;=eZq1wevd>KQ`az
z5qw9_`+duC^Et0_oDn}c7ABw4HSY5t>L21!NBqesm+yy%oN3%=RondnmK=K6&w*rH
z;#|nePg%Xi^9d&~L8v~;#{(!w`SO#fsF-gT?3=}WKN<NbGP0-Ljz9GDfX`z$BN49c
zZugg?(`P)tg1M5eSP$1}`F?-U;kK}&$SzXMPy6UYF7BqEH`(d%*`E2ROLXMAigZ62
ze)_EU$L`koJ`ddM<sL#hT{(ZTe&RdRxe(&TdjAdP@$_iy3r#pY%F(i2g!xJTgUG^i
zl{)Bpi|e^MAHsb{h^Z;-+8Z!l^?l056K_W<<cI7hi!6xqtrxq!1mlBxhw{T-W&BXn
zeJamx?Pb$-Z?bx+Ck(@@<NqLkz{yUc^B`A)&y(MH`n!i>zFi*Sw!N0!)}z!%dRzTo
z3+eE;2zO%0Ks;jp;3xzB@%`&Yr?01_H|f4q<3bdKt0cc=Jv59Uf7rRR!Z}Qxj~ZNN
z*?A7wMw-6=Kz=4Y8n0vj^K+P6*)Kph9|yG-M8IiW2oIenlwL;usUx4(O<N6X(3g>L
z*Yuc|@Bglfa9iXfok+K)-t;Bcn}SZ5pKaVppOik*+4{2Y!-agQwNgs}Up;)#`d#}s
zMLpB(%111l?K_iCW$)Abl0)}<y854b4*oUQAt8tLo=D?5AE26#G=FH^rN<qgS?yx)
z_4=x05;(2nr|mC+-^dx9|LE^Hz`uq05NI$a-{*SJl1*;Z@pBC6^mjby`%#=H=_-la
z$vRu_vwdXYKMcCEi@ssISd7Db{d(BPWzL_MJ0nO>sw6*c{jd6UUvf4)itAd+nQF{)
z)NjdGvKJ4&C)Tg)WB+o!GtPX-Z_-Wgoz~{~J(C>2{Ji^9uKyh()xZxxoBSlbJGVE)
z{=D!PK1KYkoP&AO?N74z%kI?Ka^pG92l)8XcwxIq51nV_xbH&vWcWC*W#fzOv-t2e
z?rw{B`P+Or!v5{~+g5vn$=6mc{Knf@Ta)j57rfiTq$}l@<h|_VmE?!LAC6fzyRWAC
zg)y`CL+C@rez0;5W=cO`i0As}*L_}R+BuC*?*|GBILbY?T>X`;^?5Xxcd^f{aUps%
z>9Enq34m|}>3nJ~Pv<&+_d$3uV{Ps)nDSOhzGMWiwLEKnSw5EcQOfkv`g?F=?6Uwi
z0qwZbz~%Zm=W`6dGmR_#eB303C>-pXhIjVx-Nr}7cem`Ez){aPAM%R*BR-tzT*_C!
zqsbrHk~l}Q-^+`SIj{Y%i;(Yl=qUxhIoCOo(}1t<e{0=DxTH7XzB~(D(|<-BkD2iP
zBZKSb(u#1|V}$!@z?EDn(ua1EqJH*+pby$@bj<BC$HYf*-ek#kPmk}(<2*rxy?%U$
z+`=6H9B<h@E}zABjZ3{>ai8=xwn+R+`O1`R?OreM?3UjjrhSQYN{{;dSF}4*{w=*?
zivh02dWP`GBC_MuDu3tWyaSPN=@G|M??j}Br{dkXN_bx7<*x8@!UO$ic-H3nJ<Z93
zp3Z5I_{?-3#`b|WMm`{iY-eUW52JH)*_Lsur?HJvg#7LklJt!1CQomkb9<-dtJ!J3
zroNTiPmfq~uCJ8OZAot&LjTci-R?fe59yifFX#+XNbBoH2UD?*j`>gh-@5?J2Z#5z
zjG%)(7ECy7IG%^$*YSTWeCf-%U3D)K;L7=)k9v0O^?qWQt}pbd>NXEc-=5X3IzP@g
zJ9&YppKs3A#yp005;V?TSwH0aZ^xXk)8ozu(sR-y1KwX@$4U=JIOnIoaK10`(@f`Q
zX5*u?+SS2TY<crsmGet&&UYC>C~xT4Kh}Q*elYoU+|#MYu>Rbh9`xP1yO};CKiuf)
z($Dmckj^b01D&nk;n$IMEd0TTyj(TrGrbo*t>2NKc<23&FkN4?r#fK4{M`Mtevf=R
z=7&8UVLI8<o9C+h-iP=pE%kTK-}!lieq%)OO?t@rWfSO4I+gjS$uBNXn{p_^IlmnJ
zhWX`<ox^+m{9^O#zw(QXH_6S{&o8d1midM201naF_@!}&v045OQFERebUumsZy4i(
zaB6X`Qtwq%Z$KnmdeG;2$w}I$Z9ekk{GQ3u0pI`7J09Hwub)3m-+I&e!wq5oT;z%9
zR;y@#j#jDWJXMw}y}3O3Z<cQ+{vZeB{1NlW(np`N{Ma9{`A7Dgbi(Bj_4qF27+qx9
zO#V|pYg|h%!92dsJjlUcbGzh(hgpvEfaZ<bT%XU2=Q0RE`!Qwx|9J<K3<h5=2cMAw
z`Td31Uy;71`GDhq{FvWgXayp0`Mvb@7HpndpL?(GgU5ac^%Ry6p19X%?ZWwMqfdI+
z^~}a)KV#!Y?Msh(dL>z7@#!%SH%5NiDr`LUv*s_oc)s~%dh1<<wpg#p9!L13KlSm?
zF2(pe^by13)_9Lb`+$|i2PpM*;@=zlf70K1cAl<J>2o$%SocrZUz}gNAN>J~FXK1T
zZqfOBX#9Q-UH2ZJ2nDCOANAZ{#w3e;#D54pM4$Df6V7jXC!)#;8&3Exy~+t8J6m<9
zrwdQ%{UdlRk14g*zq5VA>Y(Qv34SF%kRCcmsC7`Ai=+JBM)yu{AmKAV;S<jy{f~nF
zx>rZNk){Q`W1;;)(Jdb@$jAPx&6{s<)o#_Jdop=_k-u2)Q`YYXt>1@(AGjaibS?Qk
z)svB)PCVlIk&pGC3?KIdEdImoXdqnolPCZ;8hRA<b%H)yzrI-N*A>Nn4gO3gyq<i&
zdM6qNr}mfktJz+TZ|>8)QhE>PM}d?0M&m;7s>se><h$__es>njKW1oHJqJqpZZGCr
z=lO`&iomOUUx%zOyx1SJ-Mc$o+Sk0QRBpC=cMD4Rttyq9?cQCzRBlD7+-&#mR+q}P
zm&(m{?`~VE+>%nceWi0Fxb}i^<orjvz20*ryt^uTYu}Lka&xKvzqz20Pxg;OznAmB
zRLHOIcBUQP|JmBRUB1luqz#njzVQnl&fl~7B@Z9;{F5R2s=I@aAoe+~^7kQp8nE{+
z7~ebpQ(pcVFW<QSmo5A}-~hd(vGG4oN!R%wz8^(7#aiICHEw*-^6hzt>pL13l!K>`
z!DE>_@EKt3nD2r<dJlzqU>)%drAIsT-pzdAf12>nCryWUm~ISs%RN@}@Gyc9{mt}k
zk$#8!#P3zYL%jvp(g?jq{jL3uVbn{BlBWkA#r7e2q0a9}PtDuY>9uG+pj_p8D^K6)
z>DiV8M%&`M5J>4!yV#95u6Cvo=TQ`&E!k}4pf{K=JG9ns!{A#~ndIffZ%baV{CIc7
zeAx{s*RMhTWAIVknQ9#YxLcn-;rX8Q@T7~`q%G({I+^?rpYn|Eww({#FRp(Hm+^$V
zZ>J^a=MwruAIaAGIT+2?jdr%YS$}%i+nKF({3WORFLQW$hqn82*JC+f(&;_KqCL^x
zeLLjo<ck-8S5ZIY`-hYR{|&q%c|dpv5#P4o%MBxJ?GArAe6k$p-RG`vvG#sHXvOk}
zagdGtS;v39>(BX;VcC~RpZ6o&XmtivnDXaTN&Xxy;FTT<J~%wJKh=+8fJ^${9{sO<
z&D)6(9NR&@<i2bDSG{h=H}!O<`|X2_1^&@r<gYryW8tTlG8O52+#fzK(!-y8!sA!P
zx?l{I))6&^`srs&yq?KN5P(|+y3u9lZ#VwS9zO1T82ne>H`IHGW8k+s%1!QKX~2p4
zvMq5>a)Za0@vpA-c%7>%r_YK%NLEMD?53dqqYh^kI};9eXv3Ryt|P4WR@X5Vc;4wg
z?YDLO6kR4i?(wTOy07)e7={J&W%nF3xT{i67v02X;w!DAC3gjH@&+$gt~a+22Y;-(
zI^d5+{!+i|oZFr_@01?#e$x92*%l9zkKxAcFaC($DqrpLls%XD_{~;!d4KQpc#Z#6
zmwQ<Kn;s52L_h2Nd3MVRD-V0R)9KoPbHw>cbjG<FORp}A^h3@k95;1DWh*_b^lZys
z%dh^xIWP-Pen{oLzw`39Eb#Q8=VZvyY^CSZc_iIO5nS0D#m{5ld&B49)n32GS4+e%
zsat&YV&UO*e+ccM>w|v{e9AHWOKxvxEcx>zR*v&6<0-!&=CI$=WAWKN<L2*MZrSs9
zEi_*a2c6Vj?hh<PUhLO+`I{D--&p1Yn(003tNFa7_0HMgp$OiuI%sfM{vhtkG?sb8
zo<|y`R(5`*<2UPXEOW+XI`iwDN0#4(xW+Opdf?7hFKZ~)`wDotST9++Sg*rfL9n(z
z$ov)iD#O|9;d^kJr)8HWo)BeI>K}jdz?AyYWmD>Ry1ItKb~C@;J)X6l$j5$Xee~7d
z&em2t&%<~+#WTzi+F0gxXx77U#d13wis)i~o+m2O4Xir_?_&E2kNMLHA7|+y=Xcq0
zvL%XlzLfrz9`7;!=zo9!AYX>u$2!&GwclHP+~YY8=+Yz3H+^UqGYaqYXqT01+hy63
z$#=M)tzGEx@vfKbIoTG^KOc=VIzH|7_J7pNX}^Nwi|NDoU&nvF)1~n<$w;`X@t<_1
zy~60-;ScR%{crUzUG#Q>$;+3=;cWBDHOp8E<<`5u%7;<XhA~5z9(~T>SKXXu`)U-;
zqai<KM=H;c=^-EQxt<a8X?44Sg<Z+%(YSZFMWlzE?mHI!zSYNmXM;o^wKF~HaMNSn
zztTVTE?alI8=}&Kfp_Q)vgc`@+ZX-F{<8M;7#c}`$Zgd-IqvZ!2kEYN;+CUdtsg#M
zWCy>;y|IwzZ8v&3o;P9+*wL(A-LbFCcskA7>7l)ro*o-FU-TD0tcrDu)<f0kr)*`E
z3;2zl{w_gV4&Uk3{UMh_Wx8bNdp`(2eRmFacgKT5hj`u+cx{XD`FC5o_)~ht^5D-l
z_;faY;p=>U#i#~&H+g^O<Mo)+Cp{MU-m%EarxCC7hRWZ4m+1Z$&v(?z%Wfw=X<X{}
z24OEXe7UBl%Wm;;lOFYUX??5y%KPP*=j-Oe1};6~^zPo6c{uo%^C>avZ5^@rifQuT
zU+@>_&-59m^XNujJLl&x10SxtjZdPz-FN+W!<X@NmBj7xlW+5|<ch|H&O6FJMg8if
zzly>r!ga?lgA`i73?r_N|6}2&6HfQrW4uUCYJKy3w69xs-kkq}j<fM^VZF`vQLiw4
zBJ_yvyKg}(=8uJY%+FRP*6!@-9`m)HO%L5{;kI_mhVit*!mFH3^7{(;e*E2$Z(_UU
ztNJtud*HTGc=eQU)rSe-4_JJg!V`-<9B`WJp}Ln3JlY~%>yvb1!IX5Jdy$@-9$)C`
zQI7KvNh`WbA1mKaNsl`ps$CCpl7-72_ITMVvwOUMw2zTKJ8t!*#}1m`{peLzPIMC=
zRM}Z@(%W=ywR?dlRFYMeuJbY)FI8uMoICP*8jD>J<@g3YB}X;htFdnBj`N*5m#Fch
z`6fO75vNzc(Rl4%5a%O8?&*Al)^Cz;)eb`&_mo3UZt!qhtbe+%aKMxIc|7IWh4`5s
z*=+STu15sia?tx_Fmm;P1(WXW9xpv2V<EVTS#v4>yR7`Jq4#DN0stJ&`B{83|0Nb*
zz23ZBKhKtUKk9q!N}pWq`O;^53{H9|F~55SXD7n<a((DF_MG-<DyB_BF7LN&iTb;-
z$nnxRYrEIeyLFx#K**ns{oY>53C@??2kYJsfd?l#$Q~j4yXs9RoSr#d+FkHuj|N>1
z1zp+=T>jk$wMY9jlyfhX<lOy;lbmDvE2Z@DVmk1C<i)0(q@1IOWx0c;a_=jZo6Y|I
zYRNuR{GK}P&$HRz7nbU~rc~c-_V*Q~a;r<_X0yNdl*(OJDmR<`eS4|g%2K)6-o4vf
zD%Vje_d}(AXhc7Jq*U(hrE&*OOzl6e<cu#$`#QBkx$LG_eB9}~M{7@8So3Qdd{=AP
zg&uQwoVWNJUR&cbf2cA&{Hn#(=G<oa_H?))mmPIJ_~{f16z#dpsQV7eSGJ?&>0w`!
zeUszN?BLBN0~*%9aSm1abZ>MR!;vE^PnTUJ<}2c7c5u+9;9B&4j>ehx-G@;>M`)hD
z&Px^BhnR)3JI@DP%7wf=9iCrsxlW<P$kPKaj+27xk-o(JLbHFjdj`czFXlNafXwen
zD_-;NNff&V>Bry$tutEJP+lEGxNXpDWjnj@llkc{hrbQ}eE4O1?w?*<Sid2ij^*m`
zrC(95&;<B;?74q|ypmtTfJ6GsW{*|7jv*i0GX|gSyB#>u&9?4K)emvrLHjSVH)&sC
zRgZzm+c5_E))BQT)=AP!h$rJ&KYh(7vIkF+h;Xa+y03bqm#o_0@#5PtG`fzc>PC+*
zuP>!P$<A1HHO9t0N{o9cl)ub>aov1^{X67g@lB3z&Exm9`@A_h;Nd=ar03*z5AXBo
zDUp6q#*6k4vv)mx%H%@h3O{$tc(cdE`zX4<U%bCoM-^k}d-~LCP{iyoZr=i7Bc4N_
z?Qy%7>tPJLU5irF%k6^SxWX3<XRC+fh4{HWt62{~T0I75*(C^h*zH(#3(pFd$WO6j
zxgcY^xa47dZog{Qha{`d?N+Wpv0ZMra=|cbeaJ^h(g!<n4hKv0{M}^MXY2K4jP-gL
zt|YA0^Ra80&+Su9ybKPBQD_hGVm{_)&f8fIZZh;(zSlzrXmj!>-2dPZm@3zBjv~@e
zM!LRJEIH0`#d0UZzb)>KRO}T4=;!f0@odWp<2UKc*_M|rtbK~M&_}f|&{hXfxMBP^
z_~EA$KA$z#dHd6Y9_GFsXTR*07YwexE7u?6hVqlH59DNq?EDwK{-BHSdLD2{_cZRg
zEnRdQizSi|#HWt`lAE*j_cdf%IN2Xou@P`>F+S6SKA%??dOYVjW*Mz}c<F_0_G9VA
z?=pWr@MjY=o;5FPJZe6>8vSm3l;02dV{0e-bv8Y6^Itb7Ysz&#%`f?$ZSn8hUyUq;
zo89E!ug_L4I8DTG57&I*HHP}@h`*iu2bZl~Z0WjZkWRSVNe_AZrJopIBY!37wsPr&
z^GmkG>rW>_A6jzudee!Qti88~UZVQT`){|q8kET1mp$z5Iv1Yl5$7ANn>cT>U(`S8
zQRhGE0i5s1m)9UYJ?MC;e0uz4!&CPgMThRoI=%gegFm7jxqXlVA8wzE1+!OlAv`*2
z(TVKI%YhgBOL#54&<lu9_6>Rd+8nP(<0FmlS~k~1{#~MGe|UdpE4^RD53}{px#&qg
zYX>SHcXY5G^zkhHi+b`vi9i1b2rmBAIAy-OOZk4MkdOR7+j=M|l{-=@_vMn_zYMst
zzQv_-KUFICY^hv(l<O*$d$LeY?}toY?F5k>e=_(ry)MSX`@J8!^<A;xleP{o*Wls>
zPW_ri`JB$zJHMwl#CY1`e316~c-DJGZK02MZ*V)M&f!vT2imabM1LKy>hk$T?{jGX
zp86Z}Polr++P1l`eaOkDBK%SJ)8h`eyT|#j`*N3KYM;)JbjLe=mBj5U-NSD&0F#3O
z?+*9bU&l*ye;2ZfkGhAyf7Wu3l*)Zqp`7Ng>MpOx=3V@hopb3`Jl%zGtQ%zi<+!AL
zm=C;2mpAX+<~yxEjeEjpJ(N?F6X)tL(&JX}%DMWbVxt!P1-MjUYx8`fCBHE|8hV53
zt<Af@`~OixFPBS`LlK?@&+KWJ`_fx-zS`{Nh;J|ORXsYNU&cRu*5Qb+$d9DQG<_%Z
zg_DuqeU~c;>4cAuVYH9sPKJM5&G!{$f1io(PL%lP55dynyIZ%T0dU#Pt{7x7jw;E+
zHb0C~*uZf<A)i!|FIs%>9GB<Be>OSua;e_)kXQAN)Cm=I16=l3W8U{!INj!Qf$?m4
zW8SuicR7*Ehiff*+WQyMZ*LpE*fL~wZx`diD#@*Ty<8uFQ(x0My<(@%9Urzc8(3i(
zd7f_nucI@<Wdn8lMf?ojK$nGY9RL%+=^eSOzS_cB&qDLtHkg-WT|M@L_<-e-?(0`t
zxa~^wK;I7gq4MM_x?AfGpX=OxMSRpg#2Y?!$0v*Tb8f9$@x0#2ogRLOnc=c}-TWp#
zUXS(xbNRd88M7_ck=hT^cT~!FW?j+lkl$I4*Hf#wJY{~PbG^svXS=4*Iq1iH_=om;
zyC!4bFdNur<(l>SfMh$!H`z$=Gb@4nxO+C<-d&&{%eNzq^7(X$Uq6X>@hka!N2%N;
zQEtKMCVw#h&lJjOzfkA&n0`LyO5J<xwbP`~&vYJp5QX80Ptk6dh5e23s|)pIYh9m}
z+}C@u+1i(EoT{Ge;gDm89X{o<&h3o@{hCo3a(CR*MKA70k&?2bh=16QFJMm5{<6O7
zOYZ6Zn=@9+f4uwGuM(V;M26FMbJJx_e*R>UuE2{D?PK`QetbRU|6{2<EehrG#P`P$
zPoMKquFqVGNVt?67WD57{#QSMKR#E2PYxD*y+_oW?C|pYQ2|`7g|G2}4`W|~{PW12
zO+L}SQSqGR0pOJ_IcWV>j6Z1cO+A_8q4+)P14VvV68wPr=&~ij2UtHdDtkKgr4k>M
z=MB=S8|d~X>kW?P+f@3|{-D>QpjXVRqzmz5dtY4g>a#3-#RrdlbjL!Ukh7-`So@g%
z>OV7je7n)3&L$=4{%CjTRa`&QgpjTDbtC23BYO+|z0%ih*~%BZe+%WvG1<!JoGvIg
zP^8Ps;}-vV_yR)*{q6l*<d2(Q2Y-~$^UlN%|9}Chb9b_nXna!skiSOb`%l?Q=hq@0
zFU)`k`Cy8iTk^8gX9B?Bs7G=ik^K0{zj7Zz`yLJJ%k4NvEW4d2p#4AF;(SlL`xN+F
zVti1zz-3!pF3LWXtrYzn|Kd120l2bz5TDN@EO~Oaa>S=tj(Dpa<@w7+x=3yZJ+rk=
zk8JI9`EBi-CjW!~P<{#@sb7}N+%DpCa!Pxq@*VqWa}m!aUJvzcj(43W&t~YqQ-GVx
zAvWIfKR2zPi*k<jEsSp^dw%sx&|$*B7=Ii$_};I@{(7!N_kTa7eJ{qi@^%#8Pk4#t
z1|7cojr`q(DAH-~MQHCWu8$JWmkRr6*%H@Z8UM-@dd0f-P~Z)s89x>H*3Q{K<LO#A
zlRt`ZSU*7L{FAL+?d^#3zuA@^3#Zq4ec8&*9=<Ww+t)eXeE`CQTFZA>g|(Kt!6n{*
zU6}9iT~sSie4q-TpSL@_b|3=R+%Ipl@Z>S`{QVu$am2$#`fUdNSkH<t6y#%J-r~@d
z+>ksg_Uj{nn*|?>PU0`Z9e6DUx50^ij_=v)d?)k0T4<-<vt#^M3h~AEJD-=^AMeSd
zToG@=xp|iMp-Xc){d(I~%-3V>_wmDelHz=!`zmpsxLB^s${n=+W4S5vA@r1D{%w~3
z5zAkUxACzP^}>-Ki4T2vXYk&%<;V9|-H-F^_})Wa@9`;gIbreaN2jmG<;xadtoM}R
z^HQFl_2YY_Iozpqcy(I&gI4}@o_}ilUzwKQ`RvrR_~!se=k?g`I>Ktd_B%8$Ne{=n
zrv@im>+Qw8PY;JaApKqInQUdyFYfs;p7zwCm5xsu=TLBe+~B04PvARM9=^cGr_M)F
zPo?Afh)(B^DF?_x_>Pp7(|fw<M8Lh!^&Fiulir)%;`sI2i>u9jjr54Ovv>X$t4HVe
z8}D6jVckE_x#G!97M-*`;Xe6*m^aq3wa_;v%**Ax=s<eEA6axhNatxM@ACZG*X_mk
zLfO7btg|F9MCaOEx1Z=7q0VdRJ!R%&`4J~){thzVZ6}6;GasUi`E(ATaf5%KPxO#o
zwYRn1@@Zd7^pSm~;m_UX_ktSNy8W&KEePPzUgw)?=-cYgkqelL`uBu?v-_gg(sp7;
zI`})3_)eI?Q@P%F7hmU$(<9!$vS(;NS9T21ap~sg4NgwCcCUBjLO%<_e5|=P_vg+S
zy&MhT@tl_neAx~r>AaM_qdK|S;q6%Wr<VVD59a(k8=q4DzW?dw{KD}?`7Hjeg}s*W
zSg-Wh$rWCK>d*Us(APV{v$w_9dm7gxJAHtq(VoFay9|)dt@K6x*_IgBH#z-#=X|H<
zYxjDI_xJop6Yp9JBH$SR?m|4<!+AvSV=~N~Y4An*gyWmO$H%YQE&SE4^l*&VWCN>d
zmVYeD$2wj6j5!=sM!E@JZ}Qz|El>QfEa6Xl1us49^icl`zb1U&$4}oC>#oPFIx9~)
zD8Jr`s@SV#pik>}Sw_Jby=T(+D2?*z<KE8Vdv=qYC$>0$W^0dIe#z_fF&6~s;~^KH
zs2lwB<15S`e8df2BmZ`_g-2t(J#@a0yP?oqn&+!rp67c0%9pG@&d)DSnI~Vg_@X@Y
z`Rs(p-)q(3T}AIt%Ex!29lf!CUoJOWf3Vzgl&eWzMn8{U>ij)=SI}#~>(jW&`L4t_
ztmo=dzq7y8@9G!zUvJo#HGcHoyW~~+*69C3UO(5}CxEZ`hHweLH+jYAl1@0?(tI9s
zdJ(U+CA<)o<JIJ&&pCaev(k-(9ME{zeo}8M48m}I_|F28d%ZSFJj`_E7u_U(dRu$~
zPj@mG-n(me`OybHpxo+h@rgSPIWdzRZT$@G$<LFXrQEtwIaHa`VRWANcP05lr-QS3
zBKbHn=;NUl_{koY4zd-n2R!NN+7HTtjygXiI;6Wif69$=xWN%`zxJ*A&^e}GhaT12
z8up}zU7oT(uPwBr#zO>fjGrPm!NzPK<t2U1FM4+`m!q+6N$+%g%5qfaf_vjTjyiWM
z{uDpz9+~(ux1a1McASs>9)sqE-q1%<)qh9SU$B?Hr_fH}n~x{8kBx)tO@7<@P4ra%
zj6NN5@D9(Hj(R<>TMpjg{hE%39K5q`fYJ}GFn@4w$icCYgZI2@czm<vV7VWP?*LOy
zsNd8dy=L8}-tl$H2^WjG-cm^>e4I#L#JfNm4?1tz+v0P4ABHsx<Z^%mCBpPIJ|ri5
zTi?!T$b(kn-;qIA{1~Q7V;?VnS3JUl`+Yn~p43`gzfOY>(|f1$*>i<;u*Qq{O!9H`
zF6V<v;``&X!4v)*kDE&T%N7f6Exw!Hgsbt<^ABtv>>cLoTms&8@bHsN#rY(NVZ!75
z$#bxb!>PukKl+35h>rMbqJ97Vi<uMh;DGzQKTHnpgMS8nR9isl<8bYV{aKi3y|Gnt
zE%YzF-@*CxD-i9R57<M!iR&Y>FR?%HPv<fN^yz&n-+#GB)wn=_tL5)!`Ft@S_<fq+
z=LT@XITrAAKZNU1)~j+1vnA@!sqcH7-naBRLIE8%n3wFHGuO%!f6lA5ITu<z3=>Wz
zaXe~s{^|_Vi3jVOdfs_qvh-SqD?Dk}YPuezvlQwb@>rhdVhOIxeiQA>%Om_-{I25z
zo=@%7c~zZ5y*18-$PTS~vz4wFWVf6$9^n3N(LPMN(2XwndrPljUM6O^S8IIM+v)?J
z<?bzx4@W<_?J@sRhC7C0*8q<0Vd`Av>w$A$v7Vrd=0)m1<a2&c!03fAo6rZJ4cOiK
z7K^X7UWE|aaoop?`cwCVIW8V3)Pwhbt^Lf$7Tp@}GBC_~igI-T^;eQx2_AfQx#j0H
zPKk3ee2)LWK|YqJyKTS!U_2$^s)sBZboO!HIsZe+<o7hk`xx?(-?$%HgRk-bP{?0{
zJKk)czCUGlk8#NT35QSdN_>m>pJMoMq=R?^;4j$^^sWTQ@$df~-nm76)~@i=i2<Wi
zZ`e_b^_=)R>sj(8($n`3*)H~Hv7bKj2Kp(##}7EgeiWUxK9U`Y<Am<kup?1kPdRU}
z()mK`E8RPn{WYENbnOR-K3VJ+>^b7=8=l`XI);DS6F?A7cAE6?i$>S<&<XR4bY=f#
zaSoI8Az#Suo=(I(u_Wy669(4oN88x1&v=;qc?@B^t8U{O-}Q3;u#a=$LHIM#t+&+$
zKF7`dv-Ag&&>o*y&XrI7TjWc&Q{z?pDp{-#_5M$GOVH;~v=hi0-|cU<^YdUJ=@D<V
zpJ&A@r;~rLgzfwB0v*Uloj`$dzFyb|A>BWM3orE1Jgl=<SpQ~g>)y}raJ;i6T^@eY
z!*6(Ak9oY`)zf^QryQ|)9lp)$Ja`R9{F@H*`hy-i+r0h{P`$(-U-!JeV3v6u`2CBV
z*FWTRpEj@edHk)hjyUJM4*E@**PYBW%<Il~`Mi#DXPwteaPxUR_%xr_Uk98i^E&V&
z3%>q&eO}D#&fqi66UF&la;Vn&?IzF4^0X*-PGMXY=fkZCQ*Y!-gX8usU!mL_u<_a4
z|MPXp8=Vg-32!6%IQqusxs^Gbsq)(8OAU5+s|Sgs^Ba|e!m~&>le32mti4-$F1j80
zOVBOmGtF<B4~uXIC>Lj)-$Gu_Fu$#4zZK@U-{g0=CVH%&^e#-!pCH27=B?S}{<L}M
z7N4iH*k3L35$TgoxEv?nEG*1J(zA!w`aAc!7eKwg4w8<APre&RxN$}3LloE0DH~UO
zJAPoibeNalODUFPPdBb;vkcUSufeZP@W<hguJkpa_V>pSPZ2Ra-)ly{Vm_Y#nx4<U
z55)SpBI<(=5s++xe;WR1wDWm{*#zBh8(rz`XFU0`V%lx9U4&zJ!yh*|QBUB@_MBjR
z0S=-7hgi;p=gjRPoKwgzIAf^K=rK$E#25djtOIzDmHph0AGyA<#Q9^k^A&{C1vo6X
z5riv_1D=PV{@L|Kt`OX5eaQTK5T$xjH-i|Qt%dp(&wA+omEZo)<F^ZD=x?n*UJu`W
z1-$b{_>PiDd`J02)*4;6n(Q^j?omfLTSxB3{Ki2Km#wSQgAWF#e;I@s{dV(mxY{>N
zFZJ|vxu+Mu`(x)Y_DB5X?ia_?e`mW!B7JB0_qosULwPf;9dX~kXuqi=Ul#XsxL&8r
z?m1<0F}ugtbD7RJ#yT%`a=>2qg5~R7;OC6et5#U~+Pn{%pH6ssy0~s(!KYn|EvMd3
z(xq>6dd<hWoAK%6mObg6!&Xq<QCcCsY{z}f?asPCCOczqa+~MhAL&7t^8Cg8?B8Cy
z3F`I-)=2z_5%Dn})t`pEs?B>pVu_D`&njI*Y+<uF&+qpX+egi9Im(k%IUO#Fb^@NY
zbBLu;{~VrbF63KOxA5S8m-9nQe1CCdzn33f;_VuYbGq7h%<Z%HdwOlI+kqt?8D{$`
z2@a{lO{3?|+32~!@~hp1=WrbUFaqpH-QUvp!qSaSAJXFP!5Ad?y`w^^W84Isbe#ng
z$@5$fiSv@_{?o>1>HV*mUyJXYHQO~O@Ns$xuHM^v^YL>$bUt6_g;h`fK2m$ME8YX0
zo&Vg9K>HWzO8z6?&@3!I<a}A<B^$U(@`BSt<Ld%a7<$u)(*4{E--EF6mFIK*$=@l8
z@Am0@(KLRDd$P@OMePIqW`Bu?*T*n_N#0EMcn00`OF!V}5^Jr&k5=pg*mb;L2RC(D
z0m-vIq%(`o&(vC+kGKxvi3*j|yXK5<6ykGuv2G(B2`_zroSW2n#85qo^^#sXcah)M
ziF;yc$o1Y9r*FF1@k*~nAvoFnb-zaED$=-bt9QyNpN}Cw<puHTjrXK<?>Bv~_h<K$
zzV7NnKGsy5&)lT@M)P&gd?e;4-3KB59AUZ#(MDwoj{6;q&z^R<UR&@37GGP?=kz{c
z!DI~iSQF(ReXfJ)t6cv53q;l#ANTEbKc&&)`0Lz|?vdy{KeqpS(I?u+_(tgXW2nDL
zM*xLO?~nQiEeN}_&u8gjAGhLX?Q@a7Y@fbomGdzp;l%HvXU>nFoWCQb`@)htddHV`
ze1c;4VHlt3ZE-xS0}dd4#^tWwTb~?{_#-ddIIkq1Fn?s3$J4&L8b42lFL}3n?ibEX
z0>0#8CHZSBH@MFCYh}mfc;Sc}x-j-}gMXw~iJqf(vKG*Doq2gbr|X^X^Ygnmc)HG4
z&BX8TMV8*=Glq}&QT#=pbg7*e_1#xDfV!{!Jm^P!oAdRr2VI<QY!98<r+vQcrW2Nr
z@|0PcbntTNwcd`D$ib=I%y0OF{VpA<Te|Mus-K(q_&GV<lM)=^Uu*d!@VFqqx2t<r
zqEmXr@l2ob^%TcP2Wsq1e#Y=mcLhH`YG};L&%Mb}%g_4h(&IkPwJ*N(?r85h+M{`>
zhS!k@hhfq~a#HPUEIu%$zDn|>;~V2o?VoM@^(K#a{&=rI^Uvtw;DdN?VQ8`QsqUxh
zo}kW`YQIS1Q*wv%aUJ-Nh41HBE=bZR7>n_~-@HWY|6DF0Kb__^?Y~P7^oAUkoJgOD
z{t>)8yu8-4f?G-A`<69NPv2j+AL$L~a5$b*Vb#4Y3(eQPz%2Ck?55DmW1o|9p7|@u
z53xAjt9AJ{xyypk?|gohKE`oGm%o!yTVY|HZ<QR+<+7{03GVTGx%YTGE6KYoO#OnA
zY~(5jtoJCk4qI~my>-sN#rbF$;HatT-u2dxdj2%z9p|yrh-xfo>M>SN7olJt!~bjW
ze{1kL``PR=Bu4V~Wb4KB0skuZSwBQ&USDlK`RjtDE!I`KH(xvNN{d&&kuD|&DsG=z
zy5TYd7{{0L?-#IsLOdD%Zs-R#UJCV-LL*ljg7!`f@z?hc`Vig5upfJ}_j1_YtttM%
zbwX}_4t^!^bF#&D5u(l=RTBSRqWDeo3H!zJ4Ind|_;%?AC)9`!ul#)T^!9w%+Cw>e
z3gsK?GJ>)F5$mUQj_62yznJY|`v`~qJaT352k2?>@U49@4o3L+9-PW;jd;#;*01b5
z_N%KsNpIy=gfWieJ&*jn%d;`hKk0l*eCx=W9`|w3i1k!@EXK(Q65*t$QSPn=ZaVjn
z%dK|LS3Z}Q9&$L6;}zVxWlqTn)l*yG<45ti+zC1Hdi90w0bk#YJW6i!`HFt6rRw7=
z_+Ib6e7*X@Z09|7-c9GlE6LAUd-eU3K8#29WOmET7GIn1`aaLMpevHekPBnT$FTJB
zvEWaYE9&*ghI!rLseJaZ_owD5&C7#tb4G67pYZuBb#}<Vr>gm^#vgFvqx7wH3+Mgw
zm<0=ZhtF@7#J{)5cLJ<kF)!Cz9z(mEe5rG(f>-7jjnm%b$DMCDDB#j#(ca+CrNdB=
z7$5w8E<8ooTHwjB$)iC7lhdJb@sCcax02jr;q;l{>v%`1*6MuMsQWnOxT0Gc=Vf%?
zMDNY&omu4@@#(_s_$DU-hCc0PCxF;(@h+U+)6@EEvd&u2|L1#u=kXyQbk4ex{Fvdb
z{epbmnXlKbvwlj~IU`6<OfPr%>FSu@uJ(C2y(;qE;{21{<Mr#FeHQn0M&8R-K(E~3
zd^Z^OK*}*flzl8e|NXS<dD)g14c}Ue?~kSH3`~-42t2Ov`Zdm)d~&U2<bHN>|5M-f
z5xsT4j^|_8Rk>azxdHljAzpfQw$k}+=&~3;hh2_Ik80cR_%T1>HA2oypU`@vH_org
zzN!0BoX_d>{l4YkN4Ai|k4eOv@9GgAB?jT`q7VMyJAe9KKzcVK;q<N+%NrcPdj)*d
zI}Zin(nF4a<K9awtb2j_4)&hC-mkUf%ia&zH8nbgeq2euWbu3U`Z=*ii%mfGt^<EH
z=K8vd?ZR|{|NgyuhK)Y0ZXaZrGhbs)+;2gc7*>)$G5A_XssB0uth4lxOGlkg%I`-M
z_is<3-7L4(%6b3w;WzQnJkNQD;R;?Og_pG5%fFa!!5_p&{IUByx9I3yi`sc%uK|7O
zq-SfNk@hIIuaf+O!Bx8K1zPuxArtEtT&?@k#UKb=8uM0j9q1LN_th<3>yGr0^C`yz
z@$QXt>soh}>7sJQ`JJMpH;L~oxLD2YHcOuje9lp?@XyyrfMfDC<^j>WaS>Y$KDNJT
zr}{JOYNHpewiMZihc5E|tKhaa6ZF1yey%a>W$As6XYZVkSos|OevSs}1Edh@`>4ya
z<v@ceI(I7jq~us}ALVb+5WV|SYw5Cn)B9_h&(g;oZmRnrvCfd3l3pu1^tQOZNV*Y^
z9N!7o*OtC*jOZqN@_E$hCi_Ktz}rhXu@3nf`(1G7cwOx6)_RBgikp9vBhww_Ne_M!
zKaQ;F_zfc#X{d(tQRjlMoasThbHNhRS1E6c@T&Wn8+z>p?oZd3-<nJUPPrWATMvpz
zUg|w5p3}X%un)@dd<24qKERyW6X#AP-$$4DI39|9fF|7>A-+!nlyiH-d<58ImBim!
z%juTioALRrOt<p<Go5a14dMQp@oR0tubQv>jMB?kKYLL2eYT$?yzy3_$VnIW7SEFn
zl<4p<;&M7Xj*M`cFB+G5A2Uq3tofpGh3hMfXAbGt4C9~WqhxDb;c}Mogv|20ES}K3
z9#oI=Q7;2<)VJw0&uQPI55;)$;A;4UKe^GeCCh;X!)@1jcyhP<)zD+OKi`F@(N2#i
zz1Z*iE{*ga%}eF}EAA`2igFqUvyVp?e3j&5)?a0K>AjA}x!}}V_F8$(GwFp<?gAgL
zY0bx_?#&V(kRqR#(u*SB#a?c<{ZH}>=|etvH@3=hxxO>X-RC~jcNX@G2N$xG+Y69n
z@2awAg>Nyv9_dB=G+*g`r!?+|sa@$H3c<;Kq;vIZC;5tQ^kS#?C<P2$=He#DW12n7
z$%c1mf<79j`>l9>pCX69#O+F>=ZC%;>!WnY_dC*E@xIz_e<z|yXYOlieWLXp>G(7l
zDc$MsK*Iicnl-1pR=B^r%Y2n%{wI)sB-SS*hr-T<c)D7vGe&bhSY+{Oywf_^-euuF
z(2M=^Pjw%z4|S8FNmq8=x$gJn_Qw^-45xc@v-MlfC!?NU<8ySL6DoVq`&<1=xkx;;
z@53<N=%p^_b>B|>JdKZ5dw$uKQhi@S{1o$Tj)(Z?X`c_K;St|I$?;g}{jBvy@tg(q
zaq*MvY2=eHkxz~~pGxl3T6~{Nc5$t%bq_E-=J@bl73ncD;q}&9Tp;WIoA{^J;^XaX
z_w3Gk|0(oct!rn4BRn~8p8ejFe;=z4aE-sv2IH@J{0n}wzfHL$y+ZfM^d2_r`AA8x
zp}f+4uwuSPX1E_u`geV;aDFS+vD!~fuXaRIom&aJOKxu%@pSh8CHSfRKJpKHLgPmK
z(3`y78Yn(WkGsBCTktIwulYsiVypK${4CzZ5})Z@yzbX>o~9cC9&~E=bUm!Y=TT<|
z+s|Z?k)S*K;~JLlAQa3KXha))t$PWNtgv;Esn7?pzWp5hO7iU%9!4V5M=Fj;A3B5Z
zw%%yTxm}ieFX>Z!ua+8$_KUZ^-}Cc6)M@-|bh>_#!+*@v`%sO+ztqD#Pf1Biyv;ru
z_U78Wml4K(Q=#1?nd*~$t(eXZ5gp0btthYk<t*$LyKxVgc+;-X1;5s^27l@Qg1t9S
zJ%xHs#b$ZW_aheebxp11=aaWs{?*1mwU(=sA4FL1XGl(wPwxUC>5tma=(X9w^?>Kl
zpy}xofQEQK-eTu7tzDN}w0&QI;jJAWmOLH<UD<=>c+&gynKmm&`jyjJjuN{Z&vF>)
z`<RZV<mt!IPY{dwdtpo`KFr?>*CxE2thPRX7u*=i5hVMW;cBF7Jx4giulf%Bf#bTq
z3b!173mn(u+`(Wx`R5pXTL)dl-0Z)5fCucB&%AVo;l{>~(o6K7XJb2|!`}A*dzbzD
zfcfe#t-m#&SFf|=WF*={KIK$&GW_R(?+MW1w#$FiGU_}}WAmLBUV1;N!g}sDU+(~w
z;b&W3FnpzVwOw!7Vb6Hk;<a9tzNmSwH}Up0?KkhUg2Nbpb^IC&e>cW8F{xF2KThZD
zUG86C_A2Aw%~m|$zo}KOvHp_&Pq{#Zc2|~KJnN++9X<?S`#GX#t#WnL>*x7p|6;v1
zu7kfx*E(XzAM_<hb?;s9dgnBd3Ve}|?U5X&Tpnlmh|@7W^qlv9y9*NLC*PU;2F{K4
zcOir@;_=Vp0kIMK8{^3-mE@hw2D)8r`D&H7Sv=eA>2I@i;X8~<SP#bmHG!g>tRt-c
z*w={w9O+33N%~O^asDJ{Hny>K9#36Pd`Njk$NHH=^wz#nzTVnw*?>PPfMb5*#d>JL
z$k&00xAr6cLx>kV(OdkM9)8v6NxozLUbE66|NRKSNiWLf*p(j7eMh|1mdgp!r;eDh
z@H<<78lz{S-Jd1gN^;!lsct|3PIgz>_4NIV^xz54$4-FL_wJT1<SarsHA^SGI1($#
zhx70q7S1f3kHhsWh57Fi_lc*C^YC}Ke#FkB<n#Q!o=^J(w0k^KTJJxAvXuXnleyjy
z_UIb!E7LVr`vA~9z4Sisca6^+KW|pjw%F^PO)iw}9KC2co%)gee+k0n{>;wTK8gF%
z!_{7We`h4{DAPyy?{59mnduaKLOLBU(P^MSC)pn~o&;BNk@Wlm?n4Scos&pIk4W3W
z&}`pZ>*h;OV7r$iW_CR<^z!5hE5~yo)Efp}ye7NP3w;6LIZkWmbz8pLd23u>fc<!i
zzJPqLFOZ9v|0>rP&b!R;sGZm4`a-N**sc-qYTjRk_@BYR@N+8AgAN!t<f9x!zec`I
zU>lPM(LWqt3~z0>Y`HvTJpRoXPmY`^KPjqs>h0uc{-u+C(%<3XG2n`(BwH`@@G&4k
z{#SnruRg#rJwf;dU-zLh(-TmRRrSF)Jt5MyP9H-&@zr-TS<dtX_@*boH$4IVHOO}i
zzUc{1IbM>BqNnso%1M_Or~r=PJLsctIFfW;@paFysFeE1^Jt9CukR&P&@I}-`H}6M
zKEL`)*SWk$CYxVlUDGVT%KEuhd8@(6=T|ls^{RhnonK4%^v>z@a)T`I^Tl%b)8&Pa
zms#gW(2M<3v9B<qeFeE;{fa-|l=%_;MMt`^2laiBY4c;WTYSL$#EbnjWqw3FSlZ%k
zek{>n@}*3lUV9xJ^}9Gp^nGpduk?a*&yPQc(NmlsU9Zu1kt7EPLyt<^Ir<=P@XiX`
zpSIWW7h?@}35GQf4TarZ@|Ek*ailjcT#CQQ$Ib&S8yEV0h+;lcwsGMy%hw0uaC~io
zKMsF%ZQNH2d?*jt^-Mo)>2B{AUoxGl;B+{C|BK_C>om#%s|Wr#;Vkj{WzVBLQLQA7
zXWEVcT=RTO-NITQQGfCL-p=BEH-HA5n&%JsHCw&Ho9#M*5=A)Vqx@bQ(x=iV?zI)@
z!}bx*sRA6f+voy+wsxaPQhWyq=HfG2_sZVRdF5LQ^X2od4&>kIqL|=+>X@{*@90{G
zUx3?Vo~6;Q+NgY&Md*G_eqJ`_UD_YcAO}AaO!>>q^jF<w#q7S(I2=RtMIYJmJ~8O|
zWS{1C>Y3MGdyTR1UaLOj>6%aaM?Bo`=z_o9&cN}+5zwf-#WLvo#MKXY{xszOCx$&N
zy=Yo}`#t>_+Jokw(YrhSn>=3UCiDGooo6}Xa<Tgc_8#c?e$TJ|;J(m_lK%4!WXbhJ
z)JG>f!qOWq@o<lM`S*bI-C)j7bkf_a4|;gyhuzmZPCU=V{#kmL^EdSgI-2p>S*ouw
z?(c!>UQJt<Wy3iE=0d(6^Ds(&k>Kq7jro9QaIW<9>TdT(dfnG~YR=P!#{-T4&+}Nh
z;LFB<pGVR;alN18`VZ>A(cxvWe~|?reB7grj)W(A%Knzc_X@a=`Er5&dhg?T#B<#0
z+<1OYYr+9@U3Ch4pz}7&Pp9>K(O!Jq@;M){zSsLc_(3ao%II2z_Z;FSzu2zjc%Vk@
zqfb;6o~gaB{xfgyd2g`2i@y}iWc_o(`4mL@=hDA_j(2s`pW27vIN^w)oTZ%BzH6Hg
zXV_UEL@MmMl?Tj@r}5Ud-J;FTK~d4TZ@)!ooyd8YaH;pu$sWD*A}Bs^vQxJWSTIi)
zUXtTgD$Q^j&xA?7)Vp<hr?@uf0%pt4sd61)?TL0&J1sfKr()6^Yok3LKMb^1<LAln
zB^P#|2O9(EBDtn>Ox0)?=LO<3AMHi9Gre=1N5()D&ZBxixIBMVl1*0eNXQ-9v912_
zpGPX;?w<EWuitWW{`c`;TX2cRqz`z4<kuL=<6m+NXb>OTg-EllyFFk3hujxE^zNPZ
zar5$MpOuGi<#$GTE?VGZH%iG+a9@A@i@p4%<|S{me$F#>6y34d&nxM@s$sO7^p}1q
zK9Sw8?SR+UhyJ#FogU_UWM^z9alb$4HU>J7&-;T8YCr7`e#5~1Ro6Kj=I0bAKB=9D
zis0C<bhSC}GGFIahtb)@L;4TrffEQf*7>=5jvt2gZi3Ez=615s`)YID@U8Nb??oXv
zeXo`4krN1Oecy+AzKXEMsp_w_eAeWf?(xtrGlib*C{!q?b6AzQkCV5vb-CxWzr_Di
z`=xeQ18?b%eP}1^;kkDDoac&qUrM6F>D+$KFNiaKg>U>ifFE%E&Ynqin}<10*^l!9
z-{b@Ok52EO>ih`nE%L!6k%8-%evRM84}u?f8NN1hgC8P&4EdR*TE`za?MLSK-`GyX
z&j+2^4xJN~{xNc)6*Ib+oB;mxxlUoZ-E+U<aw725JLl8p@hz*ZU$eDcK7XMswdzJa
z^xBKOp6WdJNlW50^25IVD$A+e*e9Gsy7o63t*)3ZjdQLQNNT$5{LNOM?!)T49NChd
z91rFzzZ;mHzuob@Wt;hpj!T#=X)J4Ze*;@jdVZhzr2oxR=IKWqKH@<#jIRR@Z-(zf
zP#=;$*VMztEq_sO+GhDqSv>2T={pKD>3Ka??xkt)R$Kgu9NtvD?nR5w;=2|_Ji1U$
z@A5P{oDQ;QW^4E6@K(=453<UeM-Ok;bb7oT_<K8w_&YsjYxfIQu9$zX(doHq@#Bau
zevjh6d~v#-BYxKUWjY@(Fh1sZqMIbMz;XOM1^CjNYIA%*H!kPs$GWHE+sxN_Q1N+@
zuPI{4*MD3%mrzNLcsoKqNDjoZ!(LmkagMS!&QbmZ@VG7Z<(vIH;Bb~18cBCYyZzAj
zvN?XghH}!so(CLqN~6p9g<-m0!Hsqo%QI(pk7v|5HQiI@y7Scnf00g4;z3T)OZr^(
zTB|0}y@P7h)3(dwIbX1SdH$<BUV0VfHIgBRJigq2w+*~%bYOnsJ9&lY%lA#!yPaX_
zGH-Xqq%rz$S%+n;uJimOA^&vFro11qyS3qXEOI#1Gp}KNLtdVGZyUp19v+5A%5ANC
zxD#~#9DY{pbwJE>D9`kfh4=y2hyR4P)q}a6aTpy*dyeM)t$PuGqh5L%eq%V!TL|6-
zKm?BSyTOy46w&-iJncNh<@B3y{hizkfS>Er9M8W|`i?T+7tsC``}s$T<1OY#?X%5x
zuVwd~mu$WgA8UVx@ZN!b&iQA6*rA=kgA^Y+|AS{NjCPLWN28S-?&&0%=`k3ZjaFwc
zmSa<0zkz)*<|W26N4CY~r20Qwa<{=}yN?(6THo_wIgaNyPi~&h>zg`{I6v#0P*D!{
zfIhm<LOfS|#@h<CfY-|gubAKEW>Y?&S{X`@<)1E>KWOk@zg!+be$2mKuWwu99SJ{2
znV*}wG2XYBvyy1qJtv@^pQq72p!CmlyRmitUa;{iY8XRjQu0c_%(k4edUfwedR5~x
zx5G|uV{Ne8h8=C`BG;!!ma}%$AEc<px@e@`qD>DYKP`=WJe9Zy)7a+vb>o5Wv5b;q
zwfR%^d)~VNS<V#oY$7_cIpCwqh{2A<-p?HO3`^h3@jl}1OOL-|?QFKg@z=ZKqz7ZP
zuUc#IdpnY2ir2jc<>&f`n%(mz56Ih;Mv!5#Zs5AOjxg87^ly9o&kT=a_|5v3Ug~(s
zZlLw>$Sx$pX};k4#^$r|Z+k1Li}YCkR+29m+#Q`ho@bLgoNreAO_P5qC;sObn(~6{
zhkby{^#l22WRO@wo`(KBAI)RUmH2Lf&g)BmApC_T_@BZAn#&_sZ*hOh+dWhM1BLwJ
z)8al=9rcd^3Hqcv{YJ-f{B^!2#*Ak>8Xe0RJ!PM(j&QL&d!o_d^4j~c6=83;^h55i
z_Po@jTei~2Bjw_+AZxbL$1B6X2Kd>^7=O<o0LSvne!E$o^>9YzJ6S(kh}XSZ=Ku1i
zoB50Ntt!>mX5s1eJ@{MA@~m$~)c4s!Jo{w?<18OH>Sy59cH!5~kPqr8Hx@qOpgKDj
z(uN6@?Pa*Jk$*i*f3n8ESdRgPKd1l>{5rz4r_g7={sDedud?zwSA#H}>|5mK|GXLH
z;n(qhEPU!+9BEwlTKUkwv<@zo|DnrfE>F#~p>k*!-Eg#T>y;4>{I;%-FxrcM$<|H}
zi$8lSzhmQ1e9Cp`fB1{9o}qqHN7f?00p(o&HadJ>DVE#zKV~ks?f1_wl=JsVRIU&8
zoI*cNtIyHI`S@QwbLwboJ`R|l@4nBT|Ci2u#|y1iAL%<Ee-^&>g)@{xb%e*l?`(PD
zO!YO-$EqsH&pRDr9_wuVN^%A?oD6!g|JnZZk%P>R{ffor%O0Wcf>S>Qib?fJOHTBT
z4)r*Tf6C*@A85uI&KKNgqkN*z{TK4P><*pD@7wtfy_-}G{kE|g4S}m9zhnO3o#rJ&
z*SarwIehR3>#NOaF<*89j*B{qG&+953NlPL<kOv<>%9iyO7d{TJEJq-0Ad;)4_SP(
z9Hp<1k8${oW%n@%c+_GMk8%g$H#)}g*TeLO)?h%xaa^5%-&ppe3?kkKHp`ttxY3a^
zI-j?O)_6a#90ycm*@rBBXbn#Tc)mL0JMPHC{4unq?qQVcv2s6R;h{ClJRbE8SUJ9@
zP^^!=<9Lo+xnT<rt)W!(d<U)Et~|^iLu<M`jQUPkxd96gt?>@E_F1_do)7iY4Xxqq
z>GhF;8p}Rl;h{C}_ITv0Grq$o)Mh{Qcsko><*tiz@5##zSh=lvm_LTrZ1yn9ja#|z
zweZlI@AG)nchJg3z8ueOdASo-&g&Ukb3<P4l$BeThxub@&2|r?J}T^uW!)AYTJwV*
z&-O9CV{IPhkD)aK9!9wyD|eNJht}-!c*G4@xp(DZ{uo+wvxiY`+{&%8@X(qMdOYF|
zTDfL_GGS=VUQb846IRaoU}%jGJnKIz=K`bI4|nI~xbTquYG{q~H}lmQ-|-!u4`I5Y
zHRI-!uY0VV>#sv=?)P})8?bU0=VAUBTJsSPBW>Ku`NC{y&Ht6>J80!%yyf*hl9xMS
z<-XOzLu;PM%bl`vPzd3g?K|LMq(MlaeUy^K<0s9x_A$N#oe#%#6e*{3Pg?)=p?n+S
z(?<{DFXU(FTeZ2)|FR#*9?*&S<;cf*o{;rj?rIMLaD$Mibb|j7@q<%6dM{(&CXd(o
zky_kC>um9Jb()Vk%B>!6Zc<&~<%Ya_^K((ML*(xh;j$QWa^7P5Ci}b`<uXW-bYFa-
zMd<w1FyOKto&TwN^KD<<<_D0U^b@|UkMm(;4WW^)K7rkSsRfh4@i-q7{k(63$8Q~S
zf2ahX^CjmA&1;R3FB<;TgAA`{y**mrsGoFR==P3)dzt%Me`IevXc6kCk9%^yPSANd
z?c2y+OnxCg&!cj-n|gOoNl*Xi>875}^~283I1jQ4mg9<WrgAqH%4r`%=Nn{?Dz2vo
z0uO@=JPzUq_0T)fm+2rwUf(<5Hx@Y#XTy6DI#lb6Om^<Y?=d*y1AULBdcQ^E9M%K&
zL;4f-HTHbAa)tHN^PUa%fF2909nwokPda_iT6zZcNA_>=zAW2Ym7OT~UGEqy-Q@GI
z?pY8I4zbB`{DA{W46i|-j_o}Qrq?Qd9wgh+W%y<HY<9ev2$$Wm+VQ^E!|CB|7Vc~v
zxA8uBwa2fDaWwd-hxLw^_Kk<$>+xKk6SU~W@xt&J{?r){Il*yN3w>JesHO3Kyy%=B
zb-ZeG0T52_CTLyV+4@13N1%hzal*2h{%Le<_wdj<_tQh(U%J<Y@3B}r_5Ge~rH9jF
zPM`FM)2ouW{!D$=>e=b=gopZH=K_^4TM~5L-^2?bzz21w_im3rCx1*d%Uio*oQsbn
zr<ZnKX&Ge)pj;u{WgpG?BkTZNZ!x_#FZd()IeXaKExDk1Cq3@%5ub~XI$PfDeB$a}
zvMT5^82q5`FIPLf9Ya^R&v}LQ6Hn5G@|oc=@JpRx@W1g%-1E%&<apq>ADQ6PU$r^T
zC*mW$i_qD!!ubT1SpOaJa^z2==OPae#kfl+ynoU|KAx-Xo}L~GehGWD#<TcJ-w!SK
zC*={{(oH}BuA+0LB|OrjKJIiLm2^Ld{FGO>W6X$Ovx^vuejP9`w_`2c<aQ{HyTMUU
z7hP*};$4*J2aZb&L)_1gc3tM@wz9PzmK{##5zi)9PyTgNuIhY)?56oWb=~tFbi8P{
zc)B=m03V(J)cMZ*{`f7YZM=xCqjA4{CVQ>j^DWTz6xzpmXnSe?x)XM+kwdQ<T;2N>
z-nACD?`!|&U+TSIt;5q8AA{F-S;zH(p5$b`7uk#Vh%9^qwFU5H=#k{x&w|dmo)PiX
zuj!cnY3yf6FOi(l{yY2I?_;>WR)xHxn>=Wq&3EJIU+w3OZrf)G;_LExe68m>4-tjV
z%6Z0bl5><p<A^7I`{6e({1*Im{bC$G`Dk(B93JuiGko`iKF85y4>G}Vnj|07zSIT3
z(ejG(FTzZd9a;50MB>5eJ1j;0$J!V2UifAD9?LUct~fpkig*qczk7-HPy`Xr{~PD<
z{yEe8Q*V&oSEJqkl=R*^1HA{Goo!v_{9Ut-e53r$byyuG#pkq_S@;G6XZjYhyeWMC
zvDZcSKPmCKzyJA9!RPD#525=Hy+OJ=zyH(GebEebPo2FB{O%LV8|C*RpBrCeT|hZ2
z{*rub%5S%)P;VJWzM16r<wg3&xS3s!$GdsC9Cv<K{r{M9{Eu+HxGcy2ccydY>!h>u
z^FJM(UntO7?{W-Y&RHFNx6C}VZ((XpdgpS5<#wk!e0>L5?-TZ6a;AVJKXRVteEbT0
z+2yoOApiQj&_Jr^H$RVOZO}2mhji2Qp}IvUxjuyYOh1Wn*oSh&Lwed6kO64S6aFHb
z^oi-?soenQ_p2O@>H5xG|4t|MAMZck$A0tijq&ej**bC@7&gcMx%Ic7!*_Ob{cYCv
z%%Z<Vz2_YFCH$u8Z=v6bFV3dF{qP&&M=ToQ`q2M%_)UKFc-6=DKZW#4vH^c*;<uHv
z#B)~^eAr^%?0mRzpJm{>)c7#g0dJh|TyfHVvCeJu5eNL|dZ7z`V{W{Eim>yazkm9T
z<9RNAJNJCEtH^IL9%pYy%r|HU+o*eL8lV4|e0T91;=9@8pc^#vcNYtCaFexfBmOq|
zZ~A=po##joete^H(W|xd1||pRzFs*P{CG~iA^0(uhry5EFrMEyKQ1cr<2l<gi~iGY
z-IDxc^5cIh+6~ZY%gHyOC*Nmo)auSB>`XYxi>on?m@fPLa)?0-Z}WU@1MX`drVr^n
zuXQ#2U4%32>C5MPxNUFbKjuE|Y`+TuSKZ`c+W%2y!h5N^3+wUf&7QvJLHBPR?yw)j
z_{;np>%3vibIeo9AxyVtz`W$v`JMKIc2wF)J1c*1=FF)tR~TN7l+Kp(lOgz|3-yUc
zjnFAad|#9KOddaD(RTjE@ZT6=WT!kG4LPOrO`@mi5u^{`8-0R~teat;HKH4a&!2tx
zW9`E4DeYRwT(I{7AMUFa?H`8EI#1u@UUDme!AXD7`7+hRdqPv-2ma@T-|KL1jrnOd
zJT!lEzF}M20>9jT6ZF)&fb)6reRS$4bewlTSm0ynmwIonI6of-T|Vx`^7r8eFYpN2
z|Azs$jwr2@PJ#{$3(oF}pF?4o?j-VG1OF3&zuG}M))7AzKJk3~EcFXM^ZmpO`D8zo
zzN~sRkCp2`7J9-MeBwvA_ss-1+Fz{y#|rt<b`*wdz9X>M!n8X-Te3TYRJq+*bk;nj
z{vaOvz@SQ(y*SSocGBL~nCAwqx+H%ueOa^q7iM@5QFiZ&o!)Hji@Y8?`bW+J@6EKM
zzxoAI${p$P<A3$9?`J*_a$u<B_c|D+qa0_v_(gmopY(gEz)!{a|5}Xq<0N>mI`}H~
zQ6yi)H>yYDihTaD!aW$;*AZpo>6eRgXBi^l($e=AwU0<Vf3c9i{GHf*d>?l>+_!rP
z<52sdthWnEgmV#o>%9h@m)1RIroS8e1$jG!SB&$s;diWnpT?!e&3tqMDX0CSv+YOy
zY)LL~M^W^pyr<LtQ+Zq!->t_nhcm@@Jx(z^=;hfj&zI`qN|p20g3|cP@E!Le9NXV2
z!1<LD9O6qjcbE3N?f{&BY40Ixo+JOYgD%B+lJwSmITrIK^(5xg`|P!Oej>*7K*aaX
zdz;%$VxL(1th%40_ki?nW}~wOr3la031h&6G1>>$zC86lj!Wu$zg6f@-J=^EKq4IT
z8Q$>g_&*lD?$7V&@%nUsp8J<zyEBcse+(@R?Z1nEiO(NenEPZbp?4`dTh|y|oyQrT
zA9#U2MZCyg#jx&kkj}qD-bTG`fIGO2wK<+O_%+-gs>7FlOnTF4yz*QK@f{pRg>a;o
zm-8_7Y0{~>%aW79jqbZ1+Lq{^ob(6Lxi;q_%h(or9naBk`>#<s;W>EIlbNxs|FAuD
zg0Jthb+*1G`7999yD*B^`-8goulo+e$Xf>->NWHmi`W{>^MK#N@Q{D!r8>aa>GOx=
zI{BJ(re676X`Fxd&kOdfc8A0K{Aqe<DgR4_{MlN!bLk$D>MPSj?~Ic_>VP{IzU=1W
zOTCx1D&{YJcXgGkL3zKAq5XujiVO~?@9<SW>S4-V{Db`V{d%6)X1MVb|AOBr+~IUS
zPWbBGu<FI0-WYXyOO6X(eqL_G^Nm4>*71|)!RT*2fIo2hUhAqWJiMwi`~ml?<KYKi
z>OOz99`P|AvKB{J^W5{EjPsg9_DlCEDVNwny$iJUTF<EWhndb6%@j|To++L+&lHcT
zcgFa7A^sTpiQ|*q$9MnWnP0?*`1Z$mY72ZRFZli+^V3)U{;)T&|JjcIIG3dHt@n(W
zPLPVHoa8%!gh#)B7k`1j!H3273s&9f@qCA&2R})#)$nVr9hRVTb?k4W^9qa3`+G9@
zkLgC|;Dcg3@e+R&<BiTU<TpCc5MM9AIflZda}l1=6?o9KmCE<~@pSu6ve9w7=hOI^
z3`QG6KNuY&fBzoOx5|$d+IN*#6aEt(uXQBlE7xJ-!`q{u$hX9ca-4qSQvUTY{qp?U
z7X4j@dwYxvod>-=@Yi>tx-W;IgUi}URrp>_u2<_`q3kxAzjiOU!00$1jW&7)KlXut
z*dF11`)&i9e`i|d+aB_G-J9DzKi1DEPp7c*Z;kl;I|BojEoqFpT;+K?;!&IX7E7R9
zW>eHo&YyIWqk7*LZ0+Uj78B@7K4-q**XrFYh5Lf{`S-yl18=<((TDb1|J~vF_N{ln
zzt8>r`>1<8T#4@@YhKoSZYNP`5zZ%Kz1tSP^xHh2i?ietA^+Pn4@`JHASYhf@%gGB
z{wG2|AzkPsmvtUInw8wPldVVlIhf$ea+LaY)1AJivB)bf#cyaV@(v>(qxv&UcgQS#
zdS7Ev*z*IJ^g`7;jCj-Ar_`5>Z>@WQF#x*)KiMAMU=^ME5GEb>)$s?ejDHR1Dd}|H
zTzaF<#cmD#Q}!aJ6NQ=LO+L+#-{jK_@g|>Uh_4smOTVH%F=ZZDhD>mpxBA(5xVH7~
zQ}3EG4|I5Z{|5KR&<M7pKk`d|lYYu{wny>ouPO6Dz_WhDL_nyV4^~Ay=|uT<`(;eQ
zI6{~ximrsu{+z7i4_sT9`)cnnAYO^6V!yB-`vZPkz-7NPz8d_=^YKmh(gww=-$_UE
zAM?Q5*B@~DqaP$^Nx!B$y^r#Opd0JG0*2}G_lG=~Y>js0^&wvMF$?Esg;~Ga*MGeO
z;C$P37#Bl}Ehu}Q=5fXf4l^`%`MBE}e86_l)#f^3#J~L^7k1B?XXVRqZfmFY8siB6
z+0v!$5P)#nSD%)DkrS$!-|3UzZ?MwnfB1F$KN-I0LpuaZD4ff|Aw<GSo=ue}$+-AH
zdh}GfRukDf`mb|1T91l;+FzhPO_KG&KZF0er^0v6EFQkaKj3gQuXI*AldmB^^&Ps&
z54qn=Z?|-=LriWtSv*q$xwXiDPVMi7$<|#SU$lo)Zj0YIkJ6EDW3XH4ozLo19xpvO
z@9&_a<U8+2(rJHz_%TL&$Z^Z@B>Bd1$aL<vv|!^SJ?Qf*=i}E9r+3$<j=R(QwmRD(
zeKSgf??ET=tMPr!qLcpUc;|ADv-zNMp#}8*NdM!W*2wX908{H-kZkqkXMSEgx9<Yi
z)+zY^=^5hx|F`!h;B8db|MzIIEjv!4up~|(WC96sLSoB_V=EyLIU6!$5wQaX0+wPc
zk%(;xOHOPkMS;+|g@RZLDyyI@1_GFt7MBKaTNcw&FiVTs4TaV%Ex43YQxft&cV@0M
z=Nr4w_xJz5&;Na%cX-J7bI!fz?(584$#&fw(__H<hlz^p7sNb3)Q1go^mybbs`dx3
zmlXa?T`$M29PO(fO1~~P{vEz(Iz1l{mpm_p>qjm++@>4i_Nm?<tDAW6pmgf*QO}6!
z`q{RrS~-ex6ZtOcw<uTH4mQlv-9_U1UG&c?{VB>{+%GcvMR~r!MRJ^~A|+jN9wz5s
z@>~~@f2J$3piJ-3WIvxhcS5hoB3>5qFtJtlCHsv$Sua&xZd4OxdZzsKhIdfD(aTT5
z$3givQ@4{jH#bv1Kh@mJdVP3~{yo^?HvQZNIS-fZoYyy}vfxyTC|wHzi?w@>vP-ik
z`a=)>f4KcPO)lr*J1N;Bz4CmR4K<oN^Sc*9FD#BG7d`E0a&3MwiXD-}(cG&h`Q21r
zqJD_}lg%$&<cO}F^uLI2y-yI0(?<Cow9Yi#OLw9kiFC+uO};lSzoQX)ksc`*^@hza
z40}S()|sYwxyipM7cq03Vf4dPowRww>2w$MJt6|3Ye7JyLbSJadijuD5AoqvqkN7L
zTD|^j<ug-fc`m=Xf7HsyXdh;|Rz9Q1welH7?xY|_v#*-ucT;4v@}c;$^3l6L?L7(+
z-+I0JDVcpYDo-~5JCqy=cSb!C^Cqo)PSxe|yh8b$L+G{gG5m>o&&tOnXXRtaMfr;I
znXyE-FZMr06i=tSRxU<=BEDY}<wwuSwQ`Z~3z+w1$V=us$~hDddX3_MJXdG7r6}`0
zk_btRk0QSpEEc0KF}c_7Bo~+bjz`W5Wj`kOtvW=7r|W{Key3qhvnR%NVQN9G{@u=n
zWx9R2zaqcSlizX3-}jW~Imc?V_Jp10L-qYNx$czfIWew_@|N-ZzV0pa9)-Dlw0zNr
zNo5WdmX<GKkfLk0eWsQ#Cv2IevCL1gJ{9LfURbWLi)DP}yhVm9+L0EIO3k|>_Y>v%
z_X%TPW1_L2ao!Jfcd?Xym*Y<JNya`Rg{zfIxv2G24o1AizJ*AK*f$XIlIP0GabKRd
zCCWkMTgNQno62XUei!3}@F(h*b|*(7-a*U14+!^PH-8_Y@Wpjd{V~afUgpn4k09bX
z`d#j`A5?$Hzesnc{+w#mpK|?o#AUh5bGl@COkAzo&D0;Gor-)C>1tjn>(3wmAGRC)
zeJ0sHX4?w2Z+tE+(>qeE*Rff8d}KK^AF6-fCcifl>ueDbnVvE0@oe4B>C~Qtd(p43
z{=?|kWV{~HooC($lI`>Y(ZSP|X`l4B$d?6nef-aShhp@LVqDeQi_s1bZZFgIenc3h
z>k*o^h;ozlVnKz`pBVKa(@z=YFMprDBdmE>&i;<>P&{wY%AXpPb~nmz!D{_?EM@(_
zuw3srWqp<9e4%VF#(Zz$8r}X_^+cW{IQ=xep3OMTaPQae@*FIgu7;D1@8|E(^&(vH
zev>S}Kw8&tBehEZKV#fwza-{gqP@{gyZAcn|6kt*;_+Z}G_J-YYM`-E-5HLD)X0ut
z>(-`-Hqr!Qv0!UF9BEOv2Et9j#-(bwv0YuJuB`G^t*ov+qe_j1x3vUY)rLq*EZ!Oj
zx5U+*ftb1@9BB%~gN-uZ$GTUwsF9uj!GBYDOKYIDqqHH?8Z3>qHk8Ji!VSUF=3sL}
zsI{au7H(+_wyTl0xEk52Zi%$DG{%;y@la503bv@>m|E4)K*IR?NW3Z*i!_8qoN6Q6
zgDr-_*BaT@8faeK+8UuW1lnT3Ms-Vv8qmEhRcp!Aw(t%zW{8B*mPlM}Zi@%DGzCSJ
z8Yw=JMv9D{MItY^hMStyouNomP~FnDb!)J-G!$tLmbSLFP+CiOMq0O*Mk#-`Mp~N}
z#3PZW7$T*JT*u<2G6Q1qMlJo}NNKn^+7zSU0_v)8jLdYXLK18aw!{NkQMCr+ZLKYo
zl0b_Z)Kb>g5^RqK8z}Kj9slE~1e%&6R1l&t;;rG9Z4{O2mK}knFl8O3MQsg6TZ1tf
zo28VkO;mGK|AwfD-O{CPEjwES(c-y&m8w-h^{<b#1pO)*Xbb*tj9Wv5LTwNs#!9!u
zTZ6&UmPlhzWZOYiI@q`^SP}|`w}s;B2`8wrVAEEK3)HfM-BZ#_sD2gC6|Ng&aUK58
z#yzkjyp1X^#eY+#EGf@g!vSh>S}RzpS`=9hdR8A)5+z!F-WqO=#i^FZgH(&fUqRKS
zQuQyZt@hQgs;;TsSiNFXZS{ur^;IiZZrHTGcIAfkYpPF@bb@}ZSbb9UdbMWt%1s-o
zA1JA<t5r`cGjvKzpgE|V9Hy2~8;*)<N)=^Gn^rlE7N<m8Bj-~2)VH-ZDWP~g8e3Xg
zdM^1WX$i))2BJ`x5)U-QV@j}@`ktk+wrDic8uyqTDbWb^2OSv$+o=C)+fvdHY1V8l
z*eZGitx@Pqfr{oHqtJuYDqDk%^-Y16ZEb;VK?<ftiACC48-n!>R8#(Yn}+As;Er&N
zs-1FDb!~l(x2k?!bxlq6`je#b)?iaG5DRMRjjPwxudiCSI^)L3z}4$ljg_@}PdfRL
z&u{)${dIn|Sd?Q--Q+p%>A#%Qe!-1}_YNNQ@8>R#1<z{>wloA+1p|%LTDMaNxJKkf
zZMZquxS=iH&=d$aQ`IS2v*n4U$qR0g8B-b$M;A1j%FAfydex&dX=(bU(p5v<nY!!*
zHQw45e2Qd`()43HRYQ?;TPStGmbT`tt&!#&nogfWa?!?DMq0Lpw^4;K*9W5?UMb>J
zL;Y7<Y~kL#XZC-veEzMgzdLm5Cw22~dGZUT;M>37_T<iqlV5ys-%bBHs?=YKHr~<@
zinJ~bH#W)6XJatd))dFir$zNs*Kc$_)nWu|)4GhMYIS4N%GMwy+lU}4$zJ$;siZ0v
zs23wnEEH*LqJFn&XP_e{8rF%FMKpvov{7B7hAIb<STxWOM3XC<A~9+4Ae|PM71~&W
zy3<?3@q>)j1mjh0ams{nyaPRuZZu0R;dq#O@$<n}Mm&1SG2@$}lodungQ6)CXj~U;
z-QE=37>UH0QcJk01{|#X8bNFReXZ12(BK!;OpfkrU7-CmF<1rSk=B)w=H_rrwAMAj
z;EHH$b$dfF*cfcw)DqA$?|d4#^chac`iR=B#b0fu1gIgJ<!qsPuC_%*(#Re4cA~8H
z>B8t?m#h;V?#@7%W?W*55Qx)6B|su-9%?WeX$Yx-t#O)82}5z}I?YWnQ+vb&t3j&}
zTA+FaG%uzImSm?crmW4_Fs3nNrLjZAoa$<WsDF(nf1{^C&VWYon#tEW6v0f^s?;G+
zaM1`&4r7@ihvrT(iZe}7Xy~EdD$pb|Q12&XOvzMppuJw3Ux*^3&RLdO{g!B~WQ{g2
z6@D9O(m~^)sKHuhhykN1Oa-$eLPMQwdZMkG(n!4t%^WFuVSNfyQX_pC0yP?-5hF;2
z64ShG6?06LW^P&-dSUCc&_GM0816>t-KetcpcpjiS*F#R2GQYto!l1nj3#ek8mqMM
zDKo;&ZOtlmuv@62P~<gJv22A58kKkq=XwHUk!!IS#qa7CZQ>lHV8t|&CK~Y&<wCeY
zrS#JrRxT3s31*4WOB$;LF_{w$jM^2A#iG~O;#eQkI(YNn_0d2F6<Vf`X^nNnXhl+Q
zbn?^$>dj4{-Y7-ANoMPWC}F8HT5i0<$hCSc!BV?&ZB_NU`kLCR+D$cD*m{$x7j3#;
zZ%OqT3o^7wQ$1C#c(_GNl0KuSu_YccqDg~=kpce~&B<kT(^o1TG&iTEz|LT!91;IN
zIvxLiYnm;aKUK1};8JzIXoT7dO7;|DiMfrI%l}6s)EtP?bS5+95%qk5Xhr&BSfA{$
zRRB%pX<8PhCHf+LHlv<Ke#FcwSXN(FUSC$GFY?P&nudxcBf4_cFI-f=_$wTN`v0O@
zZ)`O9g005DzAD&4V}P+R^6B&c>PFh%ptjtyO&^t1e~GGZ0j$@0)urlOTD^<;9IY;d
zD}PmEW2@Li*g>O>SohNyMHwfyJG_C|hL)ggY_gGM^)=f5NGq)}XoRN`LLV!P?t)C}
zdbvOHpY~(KihE0RYyD0!-xHf3LLf#%>SbGF|3$NwiCsyP^`)w$bu=K;I*0^DF6lWE
z4^gi{dnqmIQYMcyXp`DT>0LLrHn=subfZ{FFV+53^}p3BZ9=YF9A%rutj-2#mX03W
zDzVkjKy|yZwzY!_sy0$hLy1p}DOE8ex<*#73evbkqgkd3tP96zuGkQgdg}bc!qi48
zOj<I<47q{&%rLe#+#HS@nwpLnH9asxC2EAQiY6L{OA?BB>2s6DtdK0wV7Gxbz@UPz
zZVxu-8%%~{&CQCA(_14g+jzRj_B!U21gl#jZQDYp1UqCRR)uK=7O#=hBg3dJU6q|S
zW#qAjR!S%hcM(h<&2F+fvZ<{qNAp*u&vt07v5{tXG<`WK9z4z170gILAY!~ecpgX(
zmI!yN(b+))X(rniVGmH-2sCmt>u4P{>d`ftbaa)G1JyBOp=)#wG{tBz^%cT2)k9i&
zH^q2>YiNUtmXmVD#+Aa`C@L)`qGHf8M)pRUOt{aA&J4CjvLre(YUo*kzWB-*$YznK
zu~}zXc~+*4Dp|}{+N`XGmQ$v{HqwAY&S=Lu>jYA;F|aeMqnf>%Heb!l#hQ5Amh5~>
zRCcn~K@!ud5qo>HPV=8#=|jsf89AtRm~?BXi`Wv#ZmXD7)F05U^fs~js`6FSx=M^6
z+P*R^G8!}e6-}yXWvOo$v_#Y<YS%QIr&XA6dPby;c1>GaBJt9U6S2!DyAW;Zq0L@1
z%NklG1k|WLyh)*mL!;5{WpuPl+Zdr8BQj14E9(C=W3<mER$$UVxKa2G=)2(BhJK^$
z9vii_Pc!YulSi?7qm?VIYebi+&5q3;&2pMQiM6#@^99v)Rdw~g)f?AU*Ve9HRllmL
zwyM5*{mPB2t7=xOO`?kxR`j)1v~3IZ%j))E$7u0x)%zC8O06@_dXsTC*0~~3+Q>DY
z0MKfY9s$Vojp-?yp<>Z!b}sWNGbfCPC?FZ8zP6H6f^4yAnL6szgoqdd#DfPBPkjj_
z%i`eJHBu3Z(i4jyqxZ@LZ6r6C89$_h>Q!1X3V-^7Qk%;jY@7^aA`_tP2l4Pi>|Dtd
zYh^Bzy`HQEwXr4>0V=1MQF4?GB01q~W6Q49`AXf$xU3qN@`eMqzH3b@!t5ACan!Rz
zugp6`w5K9ANV0KMNA)J$Xxqc$DTIip5r)VTS&%#+;X@W`EGYJD$X~YDtEd@h16}<#
z+HRoWML$a`U@bN~jFHdm=&Rj`%&cz-p7+%*zm_A-+}E-8HQbCDC2Ce<v@@gC$(q!V
z8FL_qnrZm@x^7uR{<@wrorWxDxtn8(5|yhM%IW#07{bSTyji7ck)=*n8`HnS*;Z|k
zS2NoSU*TLc{WToxc_3Qtn2%wrjI7a2no=pMw5*z|<@)w~nlOyg1ZWOIWvfpg#*VqR
zi8!X3RSwZHem$3C#5g<q*H>@z)vdu`lPa>A(kq^RHHos*9%{$vfd#cz8jFKXw98Hp
zMl)UHm~o&dfnvZKBXrS}siKk{nt+IQKDN8S&astZe@~2|WBR83o3WIluaeD46eTSN
zqv9#OmSpiz+#eLPrv(ksu%Gfq+ZnH3wKh|@^6{TY0X;<)Td}mar{|q`yfL4i?{sMU
z!Xo3e=Z41ADif?eoEcrcux;w@zcPBXhh}ykGkc)zM|zT?jdOC@qIJ`9$5r3ApnM<Q
z6OJGUd6QE(m9_`<$HcVB8Po&RpEL#=je*0IBzpaUGBmt3OxYyjM!CO(M49&-{?qzh
ztnp3yW_lhKjy84Z^;7Pr%4Pi5cwQyPBHZ8;+X6Jc8ZRXXGWxmtaLd++v2Q@BXzkFp
z<PCu-ktEsFVmxl8%H(U?LL-N^b{EEILPkh#eEMv26&25pV570HpeHA^JtC^mR@&*H
zIq8nDCXm%sb|72YnxlIAB9o#ak--&hVagIYr-_MYB`ax=Xlte=RCBZ~9^6DdMvR`{
zRA;9YwXM{|*J?X)^5G3RsM2SyF>MW=nVM!E?^M&P0owvi+RDR}Qhh;h_@%i`cD1r1
z(i#g@N3=XJT7a=HV34-Xp@7Am$7Us^BGPOaB|Eg6qR(?E0DYZq=uV-*o)Vau<jZ{m
zLv5_5tFwAzrLobN0*j3#y@k`(Jw0x0kQ))zw7C$YCx^6^Mfto&Jijn(itMS4L~3X~
z+GHfeq%kC>%ogsYyVh+~E-myRQ7bdq9~jSfL}x~7twW-6qh|(GaE57G1!=SCY_U)u
zsy}wq8n}GGA(j-hU9Cn%k3{=tF<PTgbEjITwK(IwA!EX8I5rigu_6#-ma&Y<EPJ%4
zF~+>LDbOt5DxhVF_6$ta#07eno(V`F1sWq-gQrOywOi3wQq>kuIpmP2m%4Z!6Q^ET
z_z_Q)=;a=5ZKo}oWZmBuq@h|{ENSmJ%e_Bw7w<fqFM8cgd#}xA7Si9QLJ^rmqnxoD
z{oiDzQ6PGGu(g^POv3sDvFZ)_;JQ@JPS5pSPRar8Eei3Tfylm0K2!0|&&-tNj;QFS
z!`XH#=8yVzI^_zjYa=bR{FD~NL{$`A_T{t))dJd^6LaoBwnS+$qCJRhnIqm}p%tCE
z^_Yo;ED|SPPtxLiu(52+(W18E(wdkyW6ew>>CG0cZfMI1kxrQoxirx#oTwI=M9c0l
z+?cJP^rUl3fL=!tQx=M%s5-PmNl%F>Z^g*oL=Pdg%4Nz%=38r5%<I8wYMF6LdrS+$
zC}MJDGD*?U42|YeOPta2>4~mvilXpk4`4Q>?xe*d3ABcycZ3;dLGfbRQdO7MP#-3$
zk?8Wh^sH2GOf@tG(KcMoTa+yw)NzW3wA5-d+orXFZQ_AtBTZ9`{%K_>&<dgz^l}=A
zHpREPGolE!EA6eQKx-?#zM;JfB44qJ)AmPDLQ8OGyd#=H(YZ+#J+F~k-GK2Xmi83M
za7fRSNGE1g4HQZ0)u@B>`)Sb=6k9-k@eW-upud?y?+5C;@*B(}vYuyJ25xE*Th`m?
zH4l1IVFOjMR(iQ-!`5{{+MwykzA3gkvbCD*x3;!LDbuQq5?o8~`B3-2miC^ETw6o4
zNAd0!N!JBhI@X3;w#QbsM(B;X*eZIhsUb*1sN9(rZdbI$I%uY%y)`BN7BXQm(7G)s
z{?@lLPHl_C19Eg0r56lt7n6b-+Fqt74r|()nzVOV#7?CV5z|Oh-9ke@Z8bIp*XwVF
z3Bz96K5H@su{IKk(umx+p`}TSgdXrJ+IDWBKtz?%w+UlaW?2?a7qiV3;!P=IoL${c
znG;*lDmIFI;iwFI6)m&GOsBeKQ!GeUX@1h8bz{aK)Q?qBk4KqoM0QgPb*xm*lw5Bl
z7B^wm2jyT;S|S4*gImQWpf=f9O7EPAqNGkqZm=28*yqc)UUdh?_#j^w)tqbZZnXw>
z*6#>5(DbSyKucMA9VqjHZ$OMnv~8k22%}Mis_|F7NqVsTt<7TUMr(d}Pnce#X`)Rt
zdI8EMJ!M|vrFR!f8^ay-+EY04t-l*DzU&nf=^+~I#95r_Z&?)2iit|%I{Iki-GAmN
zzrNvkF+Pe<Gy3TN{yZ8R*VA`W<84Y}_fhn6J^g6(FFzcoT)UXwUH(PnlW!eEuITqW
zKHhWbSyjyoJ`#heaam@Z`$Xg4+%12*{_fX5{e1bKZ5za!;{39l`2CXnAG~AR?>>BD
z>HG0x{`$`sUUs}`fAaP2-|n4y(W1L-$IkfkdK|F135_h@C`q05?Ux^Kz4f($Z<ii^
z$kV>Jw?|t}eqrLk_kY)N-j9y$-um?Yvnmdse&)+7mQAQV(9j#(^xTw>KM#IVym!;T
zo_RCz=HFUAeg5M&>;F}gql}uBTbtqwX$wNUjw?EYj?zYIR@y_sgNvoHM7;K=o~XJ;
z)rDKyVq+<zO=IhX(UOKxuwgsBQb{9vabt;aKDQ(ss~1b};<=*+XZ96q+d{r*hvF-|
z(d!q++qYD=#71%ry_>qKn%=goQIvO9PdmZ(!n8mB;*00L6q*0)r*C*>%9qjm-u&Vf
zjW@ix_wjuX?L6?=7jJ4@`1|cuA76Fa<CFHiuko^d7bWkX(f_^q`~Ir&B{ys;E8cwS
z%WL+1s_{>rz3cuf_ndcgVBbECe{<PK$Lu`%roUXU&#rxA&|K5*xvKiP2d>*!sPXB~
z|McvRLzZ3q(7wYot~~9Fbrsh-fBBnzM{2ww<#k8?a$WL|`(|nU%+iZz|K`&8tIGcQ
z8h?8I6W9Otg>R*g*k7*k2YcpCNfnfTym<dIjj#C8;(1?ebN|S<f0f3^FMs-_cV6k+
zy?wv_yYP?x_T_1FR=xGqrTc3&{dLdI{`vE_ZoekIf3wEB@7!|XtfoD0Ji5P8<Ii5N
zA78iiz90T>f0M??{{2^PUo-OFKR(_c*SIHf;NGtLfAW)pFTbJjWhZ~5DW`tRw`YI3
zTjLtnFUtJ~_CCA(%gZ(1bnK&7U4H5M>(2c0T8$t3=G^G4ou9uG|MDh{uk87t=hnyG
zx$DX=@6h<#3*((H)Za65&zE~Ne&NQhE3b*J`q`6TKCJQf!zVs5GVJ*7J74bA_@`xM
z!A-NffBX5DPinm9q6_+;esB2?4m<Fi#<|BIH}6U3=J!huyrS{TSI5FXm^JI(>H}|T
zJmJ^MC7=A{+xr_1ysz<x(<WWr==fmoHxK+(<L5ekk^JZOUjBmvpK3fmIQ6}{DUZDP
z;{*FN)|<QMrsu_v6&siH&R2$p4(R8F(2QcwQy;e9Z!^w)+ns;yNc)oIyN*(h)Lj4g
z@VsX)c>elcw=zrP=;ps%@chDWURk64%D19~5`Vt$4);sHYu3K*R+QC8-!SFaIU8>6
zRF-M(=X~+xD`mGg{OxvSmBwB7_g(G|zTN$pvR30ag7;0k!tu-{1B(7((GAnjTk-ky
zv!DD#*{td7{&d7$^TX?|9&c&X_%Gj!PHX(g^7<T0lg20S{P>0+{IL1<6_&Whmu|oC
z;S1XHKiO>ghQ>RK-s-sR{o03jT6Syv%cpKU>*{Zv^{uNdmuq~&+1K?wRkOHnkL6m8
zf1JMl-<uzv_x)!qH);Hb`t%PTyLHXm?^^EAc=qK>-YEa&jd$*|?9q7ht*IZj-thEi
zldTVH{QTp8uC00E%}2_tdo_Nq>gZ3V{9|9|TI-V<-`T$T<r|+@pWAAEPUClKW?t}*
zGbg8ZSzpn3scXjdZ~i3x-i_8bHNNi0f7o2};%i+$wZ5<MvQ>BA@!B_T{G#9bSB;&k
z?znsH+8sat(E6#y({A$o^y4e;yDZnXPviN!Pru9g@r-`eW*47#DRaxN`tt{OIBz`O
zR;cmKg*V;y#f{ECZL%Gv>pwky%WG=!o~Z3ejW2!S?(@$%WmV!b+boS2ytT*Xd4J{;
zciQG_eC2^v=ak;G?TTJoxyDsJm)~^rltr(+Zd<1DJxBcE;j7=6ddoj;t2BOX=R1$K
zJaOHJ6YXm?{(9rZw$^a0ZPZcR7%q-e_5Pe*D=IEimn~B(%I0e6H!aZ`!(v@79%6|N
z<b%8WnWE#S;XvDLES@Vjy1vG1Xb0OeqGgKBe@v+UdCtLRC`M<w&ZhBh%jP+*&2tWR
zK<|FWW7*NB+*MMt;5Zj;qpc6DKiD-JnP?k>=F)RZO7uM+Z8oR>DIRKTU*(8(qgWN{
zuLRL<!P01;B`k(e@nZ0tIrH@gw87X+`Yhn!;QYl+^tO$vwu;wn=K2d%+5@1sZ)hzs
zzd#p?zv=&_s(L}e{DS#(Q!i96EG{UXe^7SOG_I7UWmE}V?Jk$A%(c+9$W`uI?5c28
zy4<cMWv;TavV~=f%F4?YmsONimbuH8EOad_TexuHqJ`xP7cZ<>Sh>)>aLFRqqOwH`
z>C^7=MT-|zEUH}OUbLj#RbE!UuzXQ@dHLe<it@^GclnaVuEk}G7cO43xP0;A#TAPy
z7rPfPsc==4RV=JnR8d~BxT2z>vcg@lq|#McR=KcpQDu4M;>wE3%1U?T61U4;=3eMt
z<SutFc2~G7-EQ}iB^1Ra6#No0y@b3iA<?Lb)awEz@qct}r8hWeQlr1tMK9#F8Xw`P
za#pTu#DgX6i#4$?WbDxBte3gwlb$M4DT>NK?}uq{R!K?8+1gT6cP4g{#CARz(Z6vM
zfBClrx6w8fz3nGnD=U_-We2oXrS6WtoI73>vwE?c6BDg-uIBTgjG>vMv0Z$SiWaTn
zqmI%jtyr~B-o$*}V#~?N&9&y`I`Z--6&yKkYT>l;&IyGR?M~Yvha8$e*)qjmWSMH4
zmUo2ZNb8Krs_i)2f^j7lm#xgY&~mr+9_zjK`yBtaevz}^`lana{{8J8mwoSc*Xeba
zU7kGhtqBuPS^LGllG5dy&#r%O_xG;2>gszQdi3W{J^k#j-+rHd&B{LMkhx{$l}nF5
zq59;rcV9uuhadg<)4zWHh4(*D?BgeB+NH;@UQ>PYIgP>HSKWB?v(LXUe$reLRiA#=
z=5y#x-tS#?4|#d&*>~RmV0iqb)zyu`#O@#Mef){vy*m8&OD?_aj=LUz;;Cm|c>N7;
z>apKG{rn5n>o=T!#yR!hx#G%)e)`B0zj*qYS0_!La@OY0{`KX7MDuxXzcXP*OXSGu
z^%s8gfd?=8`QFJ>j+(LNr1cx>&fI*?H!u3hQ?LB)&EdcQvo&^QyzRPUOG@v4@R28;
zdEwP}Ztz^6a$Py&rB|LmuztgtXXQC2I_H#r^l?k1@`U9pRwu8j+1A$gZ2yY`ul<RR
z$ye)-zW5#c#j6}g*mEcC+A|?>U(SsDT}RlaIxO~5d$~Q&X35LVn^fSNcu3x+Je&Q<
zf_$69mS?ltY_>vsj%{47Wy0Y(>+_DtJ3Y^uJEhQPUuj!lv)Cu)PApt%pFX=@ZML5~
zJJFYOakp(+?#26UXXH)JFUmix@UX&ja|?2(<(`puT+W(;`SwD)#a1?MzI|HmI9p;5
zsY=V%*%Eg+mf0rSmgTt}$K_mnU{aBzbkYLb%!xB6CN8&MeErmMhj(6^Q<`&po^?V|
ze&X??<AsUePb<tx9LPz$Q~1fvw#xinn-5F$I1<0fDJVMLR*>s<tZ@|P#>X9HJJWtf
ze&Uj%BMT<yueB$>n|t3Kg;VThx7l~Ser#T0PEO)3=dOR|S=4#Cr2U>f@wn{>+r;ro
zuEj!$v*zUGSsjjiYeCL9>jb;gGRb;K&Y_bIvm9=nVx2nv$eihp8J1a=bM4!$5858G
z?zO&PebM?#;qUT)Z++GJx@9ouUF)ChL)MSfVf%>n-?lF-g>#NSas7rXZ@J~x3og6n
zy4!#B=(irq&C9Pi;l$Ja(f^|Tu%e2}(@wwW-Ul9hZ1LbB-~P@Ow`3}#sEg}2GzK^S
z^pPWu%ySfsJ8VkDlBHeu47`?KnY^kiui*F-w}!90dQznRiH|-$bIYgu4%F1%aAQg7
zoZ?M4r*He=9d~!#|LEQ)bH^1PK7Hx()u-Nd_jA8Z=S`h<^z0Lt|LLzEA9(6%yL!y*
zV~ZELmwHcL>#Nyxny7pJhTzuivGxlu`tBX~KG@yc|G<MSk;kt&=jaP^Z1x4Vtu{+(
zN#f$^wz7#w+Gph-m2+IqD*J?aiF<Qr*=N~{9p&TJuiRCcKe@nBbo}ZiwgyMOYjVy^
z+YvbykK2AqPN}^hFF((t&aoHfSJ;;3Ov|$u=J~2C7mZ((SK=txb?nAdj&sbLJnh&c
z51W#|o&s1kerjGpuGcXqzir%#6X)d~pHq-~YOW>6Y0F7mw&f_VqabnDIY+M^SCBjY
z(51Nr74z*=5<gqkSX1cDFIcns2(P1Ne05$y;<Ggc(`_eJSK1~x3UZg^73`{*ns>bI
z$kQwn7mmN=#;tAR5>I}2ZNvE8F6ZPc@4fh>+kSTOlDv8L&AG=GtSKnYIrQT0vx2AC
zm*h?Ih$?aYh-3Hf=jGr2r(KICTBhetuse2L{vG@Fobk5&Jm=N^lk(%s5}y^s9MQwq
zoG+Tf>G@L=-`;hS?a~z!58v&Zk(-<N-Elc5&a^}q*rwU7yF4={EzPm)>YsP<9~1wY
zyVhP{w_Y-7)!Gvhzg(7Uv2V&bqTIS`!hCyU;b{el2i()g&$s7Oi^xsfaLIsul5M<g
zr@cOx+SkNFyPFbM>^OS;uG+%s6qgFe1ag|6m-x->g59}ecF;ygT`x9osgFL$o!E5Q
zLeGe_LH^*`L`y{9sXtiL7^crEV>I<EA7#%VBK91`jsd-ZyM{jaqisfQa-;pDZLf-{
zj<x|zpI6k!BSFF9V>#`>gG=nHa#fCBIs4GGa>x{QMxpAT@$vlhar0d2{K#E{^Q~R}
z1xJ11FHyc!D{eX9uh?&Sx582|vvSt>cPsCk5Li-LblVcwkpb^Nj=F8Fr##>rKKHg$
zH$-M`ym{|!8<iIVHNh8et5IH`S*r}byXk@V0;m7={h4R<58ZZ#s(f_Du;rpNl_(u6
zv4Bo^u+o1P?>N`tPD_ybNUPOiKgM#@5oe8CnxAhevRm@0OUXITw#+fF$f8z~2fKs%
z!n^|ObjwoV-R>YK1=eX6t91$WJ$5Vgy_Tb_Hp@7{Ipn}{m~}GsOyrtuJ1lv&0_#zh
z<H>I!`79>$WYv~K9ao-poMu%-i2}6>KGM2`;wM9yZt+^|7BX&eSWdNA^9mhXEY|#S
zdDYe<$ezVgIl)39=8Ut<%C~H_TXHE<)~Qyz&1oM`f96`~*RO1fZMyX+`p;vv<T)(X
zarqV+5iD)iqb)mZc5A*R*Y*Zw0>w5@ShPBF3#=B`j5526ILA_)Uuab+krtbql;qL2
z)M2%zY?kqsJQ1MH`m{%}{A#9R`<}(GD!E~+Vz(5iR-cvT4ixvP)*Q?A)@g@~w;b!3
zI<Ca#qO@79b1W+<=dIR4N>{065m~ibb12>OtPaaZBHJvAMR7Wv^q9=@p5^;=xCf=u
zUQBDRJITIc_1V^pE3;o<shBvI(pg|DBb#}a6Ku0`ERGW`h1T+XYLu3Go5)Ja6wA#P
zo8xdTXDyb=mI-;boL@OaVy1{(rLq$4EY=SxZn<<n!n(;JB<G6!AZ^e_g_@(}Tde=2
zlBXJBNm6)ri&{{etCdu))mB0oPKSVy>y48sDrDvSTnd2loNAj0%A!!|mgnS%zbv^E
z6&fZL%X0gvBv(qTQ|Ry!n?1+ju;v|Qzt*Ny+7~)36D*T+EECD<B+X(@qa{s#POwuB
z<Td9h{=~4hG*i;6v*)^rvpwY1ex_afb1Z$@&`Wp4zo)}V=<=VZ-IRoJ_ZjZI2Dcmc
zo2g**)86QuAKi=gZx6|94gQ4g`UyX@&pSpu{X2BWY1$ta*GQFq?<e>2(iXV}xX;t$
zx$?SfIDe*ZlP4H@;ZNp+ybINcakg8?xOW=&B*j<8@iuZd%dlgX-$OFvNEqdM3U|8U
zM%>;ZZZ!D2v`<V?(Jr(6iZSG`)442qYPg-vRCLBsE6n~)Ci#um=O`f~thHp{W&CYR
z$zOZY1v7|e7&>t~5x9+5=AF>j(eKI}EB>HMq($bvS$@<Q@@q_T+l@JyycFR}J3iXK
zRf)xAE}vnQ5=WOPKj~K9h1_vmRxemwW_|aWdQL{Kl{u=r*><!1H3pq8Af_NPS1<AQ
z3@OTSx5(2PbzuYX@h1H(#BmcJa%+xurkE6+L@e8dkZmD8QYz{GO=8M|%=IGif(+5`
zVG);_ctJYH*ag&uVPdmBMXdk2m##PG`=yjYQs*zWWzK&z=X>XTdJscb-(3AZJV(FR
zk$ZWW^I5jPS8p4={Rw~4zPt-Ns$oBA*zGp%V};{-SugLF+q3QKLQ^|3%gyc1EH}41
z>kmh7FXxh6J6PUGYzMJ^%91YF{T2FaNZ(-i{haR0jla$EqbLJQ4Ebl|UbG)^9ZGW9
z)(*QPCsRH`C-Q}kRnRVTKK8lwe3?(~rC;G_Bk^qAx%Tf)VspEXHjG~Wvi~1TkK=^z
zO}%|}ZPn{XpK+JtMAG11<35(%fpc~LMIrs}p!kU^ZQRA*qt(0LQo7{$V(#~aKbcSR
zE^I`%>2?Q=_-KbflYFdjqDH;jcV~_=Nf@9@v|rh;kH0HBUI>{=|BK5k7xhPu7iPJ5
z_IZMEOqY+w9aZ~F|7SJXW&JRPFUw!Js3E<KkKjgPbN&R0rwD~{eFOCWQ~MW^y<?<t
zy4U@e@w<=w({Pu$9wMekyP2zp*j!)#r}2H2?8z}y1oFQ-KmJDckIuyYzt4|*?#s#4
z1!3lo#3z~TE!YG7KJgNh{&wOuCLSWLH1Ul4`M6X|Y#ui*AvTX|j}w=h{C`3$`zaxI
zK9Hl#H0jHT&H4?*vhNelqENrDAibQU2>s*4=JI}v*lhnxVsm^JKFIxVAvWj7jl|~u
zua|h12*|kJC!QyP?i0GX`$fcaP5RBmX8#FdbNp^2t}?lQk9fX`Cp^USe<iVboR1Ql
z(|;xL9FzZ_5}V8G1Mq*yk9hnmiOumni`ZO0F9g1o*c|@j#OC}NA~xse_#fveOHJ`R
ziP)@fA~xH*jJVk3zMtl0s)>J0dh<Lw3HpB0oAdkc;C{lxynd`8UT(6#i`ZNq_Y;?y
z^luXz$1-ZtLw~~C&&kB*{A?jM=TE0RM3{VAOm^kGW!6u#{kd2N$?;<$$qzN$i}pL!
z_}eT$i)7M`S>9lhuO>TkJUE6TAnlvwb4V`NHfH&8W5`R#kS`uX?jA#a{221(W5`#I
zAs0_K<(OuUzmSiXu61L`X`MZ)`*X&S2S_gG@aAyCB-dv@^o-t=|4k-&lIn$=f5^Ki
z;-aVYdB|zx?+_uN>v8fY>sW~7GOa>)5wT38=r^UG+emJ%$7Xl$kUdp+rt2kgC+D#~
zV)-}9#hgT3qCU&`%Da$<9@pbNmOf?Zuj<KBjuRe?YcH{Re6s$GxAz&uGEKru8L_#4
z*-mWk|85{Qw^zrbd>yxr*xVnr63es+``;iwQT$<Cj}n{5qrVV)q>}FQex9RjH1Rix
zk2Ue_#Ag355u5Eh_wxR*l-TTl6S28Jxrlg~$^OrY&GQ#mseRP)DK4>VzQ)og7W`*@
z-B<W8qHx7EmVL$0pZi$0zZ34;iDms2d?~Scopmj7p->oC*9|$ewUxcnq}OYnE-NOz
zxnBN|^yc~ULtyVQVsrWXfuA8Z&p)3hmTg3Y_!==ar_AMr`7Y{TC-<@s7M@W5hp*5p
zC)zXXKXW?e`fMycuFr=5toKk}vL~*PahK~em%)DHuCB0W(rHewx=!~m^iItZ->*@t
zvU*u=@-CdW8~S4MFW<T}r>l<S;u7|yT;7G;VX`mf@-FmVL+_{^-G7?o;&K{ymvLX#
zn;kcWUL}_MGr6?CAp3V=S6=3Pk^3JB@+Z^PNd8pA@lQxT)A)NW-DRCH%h#La$}hA1
z+)9$mb)#9{MsgW1vs`SQjwatZhP-_YdB+&?^T&|?g5)w?=J<S0a=A7)%l}RCOkZG1
zuZ1#p5$UwcBrhQOXz3a^hP-eL`S>y96ULCALh{TU))b#0$w!O-c_g1TO8j?_e6)PH
zgyb^4uD+bip3sG4LzcT)eh<lIKA7eAjv>Eq4Edfh<oAyue_#yxgJZ}=dC9q`Ii4c_
zWj!&=CzE^y*%Fso?is`Vn<O7CAKn^6{`MI1W2l{u7SCfzK3Y6Ck0IYna=BJF$Ny!L
zpQ0y=rRyD&`>D@n_fhteTbVAi{IN0QkB=e0i0sSy`4HJB%v?@bhd)Pp^Smq7D`TL0
zd7Jc<eVGgSL(u<~*gQ@r1EcqwMaI4wh9}(1eqG*0;C(SYUSsKp4E?_;e7S}a{to>$
zPv2}}^E{)B*c{*g)_*zqH|GzgXEEu``7h!x#|d-#ir&`q$@95>FaAQmkCoo`^Yr}i
zl6|>02~v6w6N#p4EPqMEZkKUS?bpLuK)(|&?f7z)%wCRJelp1y=;jr(yptM>-1{-h
zuOzvgvkqUIUGIm;hTPk@lEO9DzuSn9Ho_3M9++pL{#WE)h9TU)Ml9>T;17w-^SIBz
zJ(geLb9^3oIm|;t5Fhl9;Y}lZ=6Svo=B*ymQ?_O<w6})zvRuUPO2|Eu0Lf<?zQnv%
z&RNXzX(X>O+{}9^yFa&w?8rJhRy}dW|8sjw8THRfc8iTL#JW=cZI*8)xhNx9NAwz(
z?Rz~VdRVd^B*g@TF1hC+=bQgNa3CV&RwKh?zIFan_b<y?wl7^uzxneo{VzHH&oL5j
zt~bK&XxAn5JoF-&S)(~1nNS}>|E7PSJ9HZE#d<`@+ppCHbw)=Z`lm_M)3+P(mgy7q
zME*^GX0G}4*JyIF{vAzTHHLiM81i$+kc)ZdX!b82Lw?m5@~$!DzZye6FoyiEW5~rk
zbF_FW4cce;blfbx&Z^J{u*TsBN{l{d6lY}D$J^sdKzzDK=d?G~H$}G9Yk!DenuvB}
z{-zK0^uNhKy*S}Oo>VJ7dZKT`W16Q}D6nvGMaGbLBP#>?@d+Bzhq3f|VZAuViN2Z=
zKlh-C^`o6fHN1_2rxR8hw%5}Kj&%5-=3WTJck5;uMZ1}fl*q)pp*dPlS)+6t_0b_f
zTt+>VEPt0yaxv&rz{aE6%sAa`44~4#&sa!HrZ-izOL7lzAF$hSDBTwu4OenIaMCDz
zsUHL$F&etmdyS1X$;C#eD!Cmvc?^&LAn?dsuJ_L4?00eQ22L8Cv<!a`*mDB+p9Jm#
z?g4hM;QqZK&VJx%3)go7JI~|#Vqi}z*Y^W=U%>Uw3pp19r!EHlZqB~TIfsBdfz!ag
zYq|g7>o|LE;_SMG^T6$#`|sfFxtFth59g8lIroZ%6<xAE3_Z-b=a-z_q9dhCy7vKh
z0;hqyfkRJndwsw~PjUUwvz&W>&DrxC&UL^^;4a`E;OKMQ-T<)sw_IQJJZJwaocn-N
zzvFt}?>YAa4*{#Ma`$dvFR&s8Ji280`GLEEmDj*M@WAU_?|y@G``euRhd6sa<lOTy
z=b~ZGLx1NS{gm^-XPkRSI48saPM1u7yVxKyaq0`s{rfrh<mv;Q^iOYRY7QhPfK$MI
zzz(s2L6`L339O2ZCzF0qY&e;C;0Vscz%KnWz>Iw_a2;?GxN`=#p9c2M<@z4_MBW^~
ze&7*c&qD5g2-vrX>qEdk{j<eP`Z|F_;sGLEGJl7Fl?twR1N(se!1Ss%v#*E;lcw;B
zfD^ze;4a`n;Ls9ozkMm^ZeX8yAZm(FKkyK+x{SMb1ABp$6S(`L6FIwpJ;0s7q2=6v
zVhv~CNt_3O9qU04?5*YcqD`FBz^SviKD3#0r=N2Vuup8@n(}{S8)wI5oV$#5ovg2p
z8@RsjX3nYGI6HsHxehoAoB&SV!Tt9GJMQFq4{#JX4crer0<7M}?R$Zvz$xHf;2~h=
z-Q0dLaAz0S`|stfhz$)>d3FOQAK?1_hdHNz#<}P*&aNjoE5G3E{3YkkCpiy35BvgW
zwV!hcIPntK_rAh8^(trgYn(d=IS;+d+4mmjKH$V3xxRadv->ZcJ3r*?`y1z?k2otI
zb58$@bLZ!r`+${ybG>&z=gtG1d#zShUk2@*Jrg+h1A8WNeI0NJ*gc86Z$FfCO6A-;
zi?ceLvv&^X&|J>Rd7MYeI42izu3OAmt>o-m!r8Tga|&2l$@T4PICoWZcAmmHDL!B@
zwP&yKd-k&b?c2!pMYWuVH*xMijdQQ~VPKQ}Xn=E31Lr#6ByiC-?!JpYd@|cFZs9x>
z<=oT3Idn1Seqi?{Tt5O_yqoLWzr}gva?V}i#dx}8{<@Q#i@(pg{}#>zY2ZDahaTYE
z-px7sW6tSEI1l`sv-&vaPGIGiT;KgG&LdB9?tGfF<2RhU`#BH2$hr6>&UNC!pD90!
zUg10p?0c2#Qv;j_-r$@Z<Q#pE^AK?A4_xp2fV2NkoO^~ir#|G|_c7<<e{vrAjC0~&
zoIN9)2S4XL`~~oroJTA+mcLzg&Pp!lZs3H2>%9e>`^RxkP2lXD#92Lra~E*(P_B1O
z;hZeuoIZ;4AaMWDT<<%Ea|k#M+ymSPoS4P!4FbDnbA8>hoL$BSvFuMqfJ0^6eF8WI
zJPfQZ<o?@%`+=23+`YP-a|k#AoCNk%asPF|ool#04crSn06YThJc-*&)^P3u?gJhK
z9y*QtS5D{b1omv<dOvUiI0@`+;QqbFH#o9>bjP@U1lSqpdKI{?o$J%UJ-~gy-t)Qt
zBybmS4{+ie+<zbNAn-7-XBYSH2W|&;T+H38z#-rSa1z*g3Aa}a>;_H&_kD-^9|U%O
zm+Paz?#sB|2TTWLvHm^<+z0HroV!=Q$Jq@W0!{*t01scm?fI_cJPhnja{UmndKK5F
zfct>mS9ABnz{S^ay&t#_I6)toi!0L}fro&7-{<bV*KzIw_Fm8RX<$!^>)U|`?&f;6
zi?bg%4LktsyodYu0w;jGfd_$|_i}q4;3#k!xF1-#kJ~E-_5rs8r-A!`hk=Xs@bEmq
zA>br%5AYzcazD4P0(*e{zzN_qa4+y6u<`(e59|T<11Esfz`ekOz{-OVKClPa51ar_
z1NQ<C0xQM?dfC2JU=Oe#I02jn?gbtM?tX};e+1b1Bd%A0oj>M!KX4cDFtF=k?mr6L
z4Ll57{1fiq51az-2X_3F`}Y9119t-t0y`f8d%#iPG;lw#(!=e!fc?Np;9lTi;G&;#
z`ySvBa1yu&co5j}D7Wtdt^-a0cLDbUj{vJb=izyQqrfTPUf>~M=U#5#4eST*1nveN
z09GF3_KSgi!0o_k;6C7CV2ANdnCyT2#<y>h+kv}(!{gTnJOCVej=N6)CxN5C<?cIy
zQ@}-UarZ7@A8-gb3EU0b2RsC<yv@T`f!)A$z)|2Na2IeN@F1}A4v$X}up8J190l$K
z?gH)w9t0i%E*j+Va{>E+L%^NDX<+3K+<p<T>j2k#f$M->6YOmMUF78K0uBND4&m-Y
zz+J%Z!?=4Na1^)`xOg)6?*aA$w*#v)xqm-!8h8-6=xFZW2iytV3+y<C`&WUzz)|27
za4+x>uyYm<&kgJc?gH)w9s+jG2K&H%;67l-vE08GxD&V+cm&urhuaGQCxHinM}R%W
zU=KJ6+ygua?3l~#xq$0{qriQ@>O5}G3mgSb0e1sCjkB%f_~-$y19rH0_$sguxC^)!
zcnH{4#_fB7L%>PkLEsT!_d;&p2RsPuTEyK)fqQ_R<=nj&I039I=I(vK3E&=JM+Nuq
z0<Hs20CxfR13N0Y{W{<Ta1XG<I5SGtFCTCS*zMurg}j`Tz+J#2z|Ly!KLOkW>^Pab
z_W;)cw*#ku9jAaj;5y(Ga5r%0T5c~5TxWbcE%Q4H+zmVgT(q9s_W>t>yMYIRog274
z4{#JX4crf`__#e6upc-9oCfXz9snKzE;^Nm?*^^|ZU;^Q_W<_;4+A?l^6*{2KHw;D
z61W?<A9xtpSp(q%`+)m^+iSW1o-;W213Qf~KxKU{KAXGm2JQnMKn`&K&MllBjhwx}
zoxpv-N|5_^0~fb&y$9G2+zy-q?gs7$9s+hmc=#%?2e=Nn|2*zLv72)Wc;Hg5_kWAC
z+R51moB-|y9t3uNhuiDCf^$D`_w8KYc?ahq;Nm;E-UpljP6PJ<4*(AXJMZG*6$5*L
z{lE#}6mSpl0Prwy(cL^gUf|SyT(9im-1`XUuDzW5fQNvU$GCeH*bQ6<90g7ScLDbS
z4+1NX^Y|12yMcYcQQ%JCF5q6^&@XuSNnqDAT<--QdY0>*zvk=$_5z216ToTU9$?pV
zJiHKa*YjNOc!9GDJOtd{&)xf8<lF;HKeWL1M}~nNFLAvexE<L0GI!qzJOu1|1>6IB
ze#iAGVD<N0UkBU;?0S{E_X2kTdk47tH1II6|26L3@j7P}I0QTZ?0JLxPXYG=4*;ug
za{rycy}<6bxcek<FL3%@?!N9l&QW03AGqHCKIdNG;txO%octr#_W>vW#Pwak?L%B2
z`ZMPt;K9Fez57GXeShPue8gD=_5z21`+?hsxxFD^$0uCx0`3QP{)4+O22THz>j!{G
zfYr~qdk=6L*#9r?egL?4gzH0Ja30*x*=NzuBarjwVc_&3T;Dr|v$Ke^7dQ$$0^B~8
z`%h2jJODg6gX>)?=M-=+aA+=fpPUE0h_iDs=LE1)!Szw#VPJnHcVBlR=M=DGIoH<#
zcL5i9xO*S4tBUI#D>x6W<UF{Fvu`!$PT(HkAz;6k`)>yx0CrS!_uat5z>br-dllFZ
z+zy<m<^I#aJ;3fw+<o#)&I7=nvp^4AyqW7e&*tnphw}(<x}NK!e$GV!&O^Y-EnM$y
z;5-7{-N^O+AZPD3&cnbxVXhCI%h}t+c?7t(8T7#YEnM%4aP9^68E47J{;(fdZRP$u
zfmP$|C+R;5>^9D_k@`>@x7QCm1YER(yLSP10}mnZ<o*-woRh%54z4dcpR*TO{#J`j
zpXc}B9@q~Y0*(T=11Eqxfs?=~;52X#a6j-6@G$TQu<|NTe-W?>><0D$*8%&1L%<2(
z6mS=CFYo~HFtB5Qr%wfT1ABq%fJ4CTz)9dP;9lSX;9=kqVCQQ*Jw?DSU^lQAxDGf3
z+z#9coC59w?g8!t9snK!9szc|4(SIj26hAcfJ4Ah;CA2ya0)mL+ymSXJODfhJOr$~
z!PD;mR)O8XKHv~=J8&m(3b+fn7kB`87+86er>6*51$F^@faPzj$o@S9`Y3QGa1uBL
zoCfX!?gs7w?gj1x9t0i&9tIu(cD@Dq3G4#)0{ejLfc?PjzzN_Ka5r!t@F4Iou<|xf
zpA%RGb^&{UeZYR;C~yKe37iJ*2JQv!2Ob0-23FpI^aHEFE?^I^57-YJ1x^4bfz!a<
zz`elzz=OcUz{((`A6Nx;0egUbz<%H;Z~{09oCfX&?gj1#9t0i+R^Em51FOI;U=Oel
z*bf{9P5>u?)4<)py}<pzgTTYU%6pK0U=`Q}>;d)x`+=jt3E(7f8n_#{7q}mI5O^3^
z`2(aMSOs<gdw_kwe&8r@0yqhr2JQjw1s(t%26nv9)2jlzfqlRs-~@0AxEr_+co295
z*!cmEZ!xe3xDGf9+zFfp?g8!x9snK&R{qH2TLfGT>;bL=jskZACxN?wyMcRw`+*06
zhk=zp@$@-?RbUse2iOPf2aW<KfRn&!;BMev;C|pi;9+282+|K+4D15-0{ehNz)|2%
z;3RMta5r!-a6j-M@G!9QXGlM=3hV;*0Q-Rbz)|1?a1uBT+zs3d+z&hmJPhpk3#1>o
z7}y2u2KE4ZfqlSrz<%Hma00j!I1Std+zZ?XJP14ltbEAx%K@wc7Xy2My}&-;I^Ym+
z0yqVn2JQjw2Oa`e{>sx^1ndI#0{em6fs?>pz`ei&z{9|fzw!90z;0k4a0oa7oC59!
z?gJhK9szcK#N%5G>;bL=jskZAr-6Hb`+<jmm5+J+ihy0fUSL0PJ8%-X3%D0}0C*VK
zG0fwu0=t2|z;(bO;CA3n;1qBda1U@l@Br`-u=01FJ_oQ0Tny|6_5#-dhk)CGJAqTc
zUBErSeZYgjL%_qpBf!p2c>WXtyMVpGKHxfFKX5y661WSv7kB`82zUh8@efEJa51nO
z*b7_-90G0!?gUN&cLDbR_W=(84*`z=J3r;=F9!Ai*8xX?+kun7Dd28k`MVQxKRH>W
zzn>zG)fXovdi3MAwBO4UnnB}yexVoaE2Mwul3WMeWBibZ)b|1xPv!nyz&_(gx1|3%
z;GWsse=o2)pX-Z(lMA^%1>EE2`d;9E<9vM?Klh2;y$9I8oa;ltogS`F0=I{_K5d-G
zFT?j3=kH4%>EQ1BjPv%T-ea7vFIl~qyYB|}?B@E!<(zwfM}X_T$KAV=oV~#PS8@Fy
zu<shK_XB&c<@(eOoYTNV#`*p-KZb!jf5`nOfrszq`Vrv1Uva(bDbD@I`Svn=pK*SD
zhK=*+CHsx@<0bbQ=fg`LdX3vp4sotC&UcsYi;VN#C8v$^-6eM$=c7v=1a22U>_(T=
zCx9JCa(xuoF`et3z&*zK=F<L<abCIPgmM13<dAXRxa2f&yK!E))b|?ac}q?j=XFc&
z1NIx|ZA*QfabC7$|1O@M5O8-V*Y^NNZ|C}yaUOKW{{37(^bqG^VArEu?*{HQ&M%hs
zm0xrB4q)Xo&;uuo^KYfS-ox|(MRFf-@&v9=0Vh|29=N@p>l47e#(Aij@PR|uasN@^
z?%TND|3l8sJ2@BM&3U+sbKkw3>mK6l2QGSo>s4U?Gh816?l#U7mFZ6y=ZQ-01Wx>!
z+v@}#*vIvQ$j9jCA4vON<Ge`8{iR$#2<$84dOvX2a;{fBocn>J#`%mg{9fQ5<Ge+w
z9|kTq&R>*z^%Ndn8rZRs>w9ZBj{qlXx!!Xc=i<{jcltT^Z0B6m#CfEJvm?T}J<7Qg
z*d6Ek9^hW!ksaK<vXk>*JLmrMIXf=o+zFfnjwZN!hjCt_EUzT6+c^JF>brn_#`%U)
z?>5e(lAQPz4=)L<80XnY_fFs>@UU^7jdb5-oL3{c+c=L#vicGaKMg$i3fB(-dyVsD
zq`d@i7w{l(k#Qc3^zQ@i1nvbM0d~E^;~N4_0}lW@2f2SQa00joxF6W{2W~I5k8|_@
z=OnOV&#tG$Us2$p9Ikhb=bUhI?mdKa=rGP{;JV3Np9CI3E&}({IFA4i9Le={M{ypR
z!8ujRIkcR!Vw^7^>r>xJT<<i#r<Zz%@qN7HBH)y1Ju57wfqQ^^fro*WS{|S7(>V76
z7uRvU8@TvP&;xscJ2!Lpsk1o`0}uJR-er7WE%Pe@+zC7k><e;xbuFBez<t0<gu8bG
zM}ddV<L<k6a~{5wbNjbAyN&OUWqL!vDd0Zf5#VCu`(<fw=n5WQpYgr2)Ti&@dgV^e
z9^epg3b-HGVSN89!}9>Q19t;E?&k4v0sDcAjPHkKc-_DQk8pdvdpQpR7d^)HKHyH^
zUf>a6m+}3rj9&;i4Lksx_yv!T{~6AT@qMhcUkvOAP677=dyVgDrM(1j@AEu-_Y0hd
zjPGBifAuA<?|GSXyYaoKbnh78dJpgbaF6l5sPvzBo%?sb1^hN=&p$YK7U}z;(q3{Z
z=fqsjUGsn!aULn>Jg}Ja5O7}w*AD>qRC0ay37pd&&cnd!3a)pq;_L@bdbxfWSgq#z
zR4wOzVBaRL?>dun`fSe5dd{7G&dL_f{szu{jhy}4IQNG+`<pns&gbk0RtvKG4Z>xY
zY5z#D)A)TlQJ)0Y0V}5cA)y~J?e_>yEaCRkru`hD4;jB_ChZR!zh5TVW&A#w<iuvM
zXZ-${)Q5sx-+lw<!S810mm>V`%Q=Ux;M{v9=k6qD<tol@;I6Ade=X<U?{hA?p0gvx
zxeho9oG{I=MEd$K%K8_->7BSjNcH_h!F~N%y?7Miy(+60JTfuczldiVsduyP=_lwF
z#iSRUGR@aTne>_F*W-wLa<lddiMuCdc|39daao=~oSvWMiNu3fX5;51c3hL?NyJKt
z`~m6`@dMN)@u2v(v7;pxZ>2l^aCAv)u&JaqqG)$g=-Q5E?H*_jH;{=CxsC_6kei71
zThqeu|LhWR7d27-uDYsMOGVyYMml6D^7)bE^@e}ragXA=R!_IQzgi_->UWVh=4(2E
z2vRRS`Yn0myDoW8A7yr(J+EF$kEcIG+@=4%PxbKSz1whTJkH9TcQ4~1!ZwF5pOeYE
zbZ3~!_?Nth{t)#?-yKsF`MdP;E`NtxgfGI8`By}Li|cUuU&LMdm%m#t?>WMg=>k;d
skxtZa>EAP=r(fQa#&aQAzA}87u2tk$=A9`RrT;wL$7yCE{f*)OFZ|gnfB*mh

literal 0
HcmV?d00001

diff --git a/program-test/src/programs/jito_tip_payment-0.1.4.so b/program-test/src/programs/jito_tip_payment-0.1.4.so
new file mode 100644
index 0000000000000000000000000000000000000000..49e574ea8cf71011124b4b139bb5f055ed85ecb4
GIT binary patch
literal 430592
zcmeFa4}4rlbuWHpdu`bitT<U)*%G|YKPv)(l29Vl2IPb!M({uh5fKI&$x5&+2he&Q
zN8?LDvK?DC5M&b)J<%4e<k&KW;uhM77P@K+t%1^-mIp57kD;L$9)DcQA5#MQo$vW`
zcXW4UNsg3;_v3zS&7Qe4XU;iu=FFLM=gxiGO)tNBL0MT~*TUeZ0if<JlGmU&dfv6z
ziUbWoU9gD$E(?}&*#zB5D~h7@%eYJTH4Q2l3{V^x8@?j<<7wB;QqEGp-Xglyb-B<J
zPsci?o~2fA0cE4cvCE`hJRO&6fu-dN=dY9>VXAHdzrx1#lGZnHnje+>OQ^#7iHQl<
zCUCOsl3*eIe3TdkuVJd6%RjnA?uR=D1ka8>!E;pdmn;o}F~XA{R+tFy1AIW>N<!N5
z4B-Je_mey?{9q8|b6TDnYe4yf0^|N)JsJeb;8~oJAJKAz=PZ@0r1Fn{Rr&yT9;NoK
zqqLHQ+~>7ZNkv9I7<h-?FYObWi6?{4pM2oleCC+X70h5F_=d=v_@jR$|526qF-?c2
zmHQCncn-Ng26}qAxxklq|0Fs-H}7=(%M^6Hjp=x{%43}Aa5>SpFx8~6=w+B{QCRgd
z)vB<_DNJ=Jta40sDXj8Lbu;YiVIK1H^tcInLV8zA6hVJp^cR!+6Zie{7zZd1eMI>>
zDxYa<Vt(9_I&QDIY?;6tTR2TFpbB)kwpLD2AN`N|OWscT8@o8aP_DbE+yW{Gea4kt
zDedLk1YSb<x6;o<a201fmE?KREamwOmgjomqez~@cR@}fUtgYI*$;VkaQ#9#k*{Cw
zB$X@3Q`+<8`BK8*_q*wd_5060O7}C|OpxCwDew=`PxR}L>Hd2po9uIs=-~?`qhP;9
zKb?>pB+KLWS@hcI3{$4pqW}3Lf^P}g@3?(tJE8QIvd?#7e5xIB!%AOP@PYnEj?IsK
z{w~caz)!=-v(NL#=MB^F*~fgYV#duryPVmVKD8%iU&JoCob`j)rCZ8_fTk$wzXYdl
zBV_=N#yv4im#=?)s(%>L;Yz+8MB{d))OR^)FI*}0T~68yS5|U`L?9JsORsCI;`+Bx
z<4kv%(Ot{=1-k1P_UX<{qFeA3=$85gx}|=B?gqx^a-#R8#?1rXxXFt-3-TtPhlOt&
zca=o^kosys3_8=4Lcf-i9cd<y5SQsW@>e_zy(VKymn(s<^BbPu;o(aVz9eHOeBQWg
z#r&Y-41P-fY0~~j-%a=r2)%BFq+#{RUvj%Eh!DEM>Jth}e}~n_1-^i9lYcPIF#Ms#
z?_YX5a^K!`OJ|rm73F_^<Ih$jf8R)1Q<yp(<zIW{D?f$&Kl(pw3D21*KYjFbHz5Do
zTW<Jym^#b(zW+7;OX8;uC5V@;l0t5GKY;mVljP?lAM+0L@A-A>NWN{kRvtG=^5M~S
zi9i@~BV9V4IwTdhC~y}j|EV#iC#*iksT+`d*IQ_hnq+?vDe&Wh+;KTIxS@zUXkJhe
z&9ksKW_Q|#?~?XMl#WA6*CV2r;Ra0`B|of}a_!YpuU-8Re|}&&v<V$(r<&!pPUw12
z`r8Q@KyLJJN<P9310sj|QArzzB)v%RH!mpT`ibB%<|A{Uns0=uZZ4NOAOj~%^(ZXk
zG)(m|><*;0e80dp4swD&>epd~NxsKOFThuBAIbTs_V3a%9$|^#3NDyGs^yoGUxabt
z)$ahT^9{!7<x~{-Dlm_>X+0839sM-F)i3unDo1vM>CLXZhAX(7@RwbAwZg(*c4e)?
z!e6*j`QM(_e3hr#(QpqDLKoR7#viKv#k>m(64~cr=?}Mti*r9huR_)11h1|N{6H^1
zq4wZ9vIpi5`2Hy56sDxzxV(J+|L+*#_3RFhQ%}C{fP6DT7wT=JpOEiksOQNSBgzd+
zdp`cJ#mYU0%Gvn$@qLNPg%3$P{<vg0R7!qxnT=aXp-*yO;N~*5%e_(_a!S)rw1X0$
z`w;XjC;jA9zDuYa<5?s1niqUl?TEG$-Pd*&e2VV_e^m_s0O3yrpXB@bwSq62XS#(E
zTSuL1p1FbaGMZ;p{-FORl2J0ahY`CH_@<g?>Ih#n&x{IPSjVT)zn;8op84)Ul2b<L
z_2wCsi|94YGn3>*^Nhe32!5Jp7%nl-MES9KCd!Y^Gf{qQp5gpS^9=ZDQ@QVy6mlDQ
zC;DYQXZYiU`QKV7w~gf6mP<3<!aVZ~F5rf%INxPRaCEsOC&3b$+RNzYqx2tXGJ(GW
zBXuLSQV)X%@TF2eyj9?43f!Ou=!70x+BST-)Em)u4=J8U>Nr2#plPGzhxJmfy;|zE
zr-ToG{4>98(k|L*Wx0r*b@xiYx+b~5gc8v8D3Oaa$$te#iBMgd=5m`izQuH1u^<tk
zF6<mQ#X8~m1(V}AYmXK9bz4=>y3$md*1g?TlDexTy-(($?DlII&OUUtq<d;P4HrxK
z@XEBnuNHjf--b7X3ZZ9`-4!$idwU@lBRwI4=`ua??d?7q7m>Xc^3KbT{JSx4d>@c@
z(I1~8<mcl@evI%%<NJu<!}_fi;~^t3_^|Qah4EeFM~c3<$d9ZP{aYdO3#%&xzCiGW
zsd9#k$G7Mq@+XgP(NpA49^azJ$e%pE8yLSozRUgb?Ty=KvL0_@!u;{g{1dOZAm6hj
z-}Cn)$7LR`9uxoOSJ;pI`a56`*RfpOto=y!bLz#P4ja{<oYs%*VYwCjNb##O2Xy?V
z)NeeHX1dIOiPlp&&gSvT{W`2L>GhcUkxRQtuV>&#vL1Q$<9=idp@zQvJsEYg1MoNM
zDBt%Zt=!*Gxq{z#4HHJ|SLV0iM+$!hKhpd{<v;QxRh~tDq{@9tKT`U`tx>rUy_ipC
z;zxd;Y*1v^JUK&7VM^Nd=Ml&YewFb*3^{pr=Q!4To_xotd}N2HUIUQ``Mx(MUsxJ9
zEbaODABvT0rE<O>*+4Mx9iVbgh9CLbKJ>Tr(|q`muO$3);Ya?A<Wb6xeEdPo7jGk}
z5g)VgBY!~nqIqVNs|WBSc|7(C?9VeJq*uj$<SDVA(L8ffVM0V#6u*e(nd5vP^TXtL
z#px)2@;q}U%AY*XoQ?7)&oe>MJj43iCj8`gN(%jYCELx{az@cS<IP9UE;-Mv;Ce3C
z#qCktmFaQ04u(yS3UP~Zz8~6r<3v7=WQuFL^}f@%Yk0Ag|DTLoT*z{JJ`>`)Nsx5;
z>pbe(spA$Fuc+i|6n`;)^FLT_nT*9LdRShWj5uZ%m&jzQxFS856nSUT3XA<U{fz8f
zPTDCIudsRMAMYdjkF;|8Nh%1xG7*TNpXfYb>(g+h(z!<%4<Aywsoj}6o^by2K+P2M
z0LBA7S7iD5cHQQI0pcIy<LiGudA@|kI*o6@o?E#uQ@L<E-Nb!QpJ|$yi1gLg`v*kt
z(I0YO;Ap+C^<j6?gwJ2^AKp7z&$zznQQ4Pd-1WxrR~r5=@O^)MTouDVNca<hJokJe
zapjlzc3Sy?Ja1t;J^Q$Fy>F+zd715WhL`{!BrjVJe7_(4AcFDM`!Zf4JAFc7k<U{(
zt~^L0n@L=GJIVL_*8^iLkN+3q%6GE7*0Em9emx*|G&DQ?6pAaqWe@4~4AuiPjVs?2
zvu|}IF@HU9Il&mW4OH$|Ij(#U*@IH+ftkjY(~y&AcV-$_zBnddSejCC<%?qFo`Zf+
z{|okioA$$UD)(fp2mTd$Hji=T&l3J<J@5qLPWO>KqV<3`&+MS*2<H=bdL!YB)&pLD
zPc_f1DLK#l>c*WuOV6!mGS3_(`JVqg6I%!T3dfxevb@fBo*9z)_9+;5YQ1-6^9<rC
zasSzWe%YdStNYK$p0yD`7yRD%JY(guRPKqcH^S{{ZpY#owhyH6{8HsU4{@jWy{q&*
zGt;=!s~{)O?#wjq^zxW|Wu6f}{kYRDv2v{>DSw`6AQ<!g4OH&Qm}h>2=b8D7I|bf6
z<1QfPl)s)sUO!za`FROv6!!h<bAo7JnXMbNoZnAl7zerzDYcL6A?j1pf0H-l{4Ua$
zW_=Fz9w8&}pAVcRyoeK>?>^tl9+CdUI?<ln=GRC=XupN*xU+TXg_6I7{0(X{c$9(w
zNRtckS74-$)>*j1t0iq-w1CS2AKJ0hEu;*(oP<e&C5rD+eZH7nq<HnYTX>`5qvwsd
zlL&q+>)Az>e8VNuoMx6_)k@FR%Jq3#pwH75Yr04Bv)iRy`06y54{sJc;R}Q=i#LSY
z|B?Jxa`C{I(_?+VmQ#_OY}~9;d9_K3{{PdX&}&$sg5D$l!<;Yup0N8mZfu_$%6;QQ
z=>H{Bzr_7xe4i8*_)FaX_@5NUcbGaZagW1XJXo?g2u@%;D7~<cwR8*Zj(mjh<+L1;
zd7R2&U&FY!e?H$X_fh^z8rN~Xahrs1*Fgp7x}^IePFHtx5?n{O(cW53@mv!nqkW3X
zkHt@m_j8C`oZ6?teQCE@_fsMsQbl<E_|fm)PxCKTNBf9#Lk`X5if<!j(v@7Gaosi<
zFKY=8%KLbl2~Q$;I+u5uvocQAE*9wF+Z5mYrrsC&3iplPuk-y<@vimU&R6(;k(}G4
z{#?i@9pmqX)UInouTVNAU+3QsHH6>zG5pbfQr+hVd1ItN&(?b7t)AI)*9Hxp8#>d3
z$M5G#mP2~Z@K?p~{|4iqzkUoD|NQmik9I>(>WHiPk^gDN-!NzR<MRJ9<L{U={At4E
z>(2?s-!*6W<Me-m@ej-y{y6<(jDKj(@W<)@0OLPCXZYjv4>A4|bA~@o|AUPG?403`
z)8EJV*$mE$9exYruY#GK6Z~=dyBL4%oZ*kl|1QSgGH3YX^tUkn);Yr;r~l=Qzi-a)
z$LVii{QYx=KTiMi8UNUv;g8c_#rVhP41b*dXEOfNbA~@oe+A<|GiUhY^e-a(#s1Lz
z@$-{inD6J0pYJgK@&K3lg#~|^v&o;Hx!;+lD*k-@RmMMm{?I=&{`vEV{*LiCups6_
zK5>2e3&!6uXZX{E$(R2hGyeJWhlUyd{P{x<G5(=BlTTd!`x*c7Im4eOOuqcz%J}Ec
zAKJ?J=g%K{1LL1Re`o{apFe--6^wuW{Gl5d|NQwwFJS!h=MPmg{`vEVp2hg*&mUUB
z_~*|bTFm(8&ma2lou&MV^>Y^gh})y@QhTngY0mJ+?dd7TUp{a4^z)2={``sKjDP<8
ziH|Y<hB=c@T>i%xf5)8RPZK78K0Czt=g*%QVEpsvPrQTi56zi;;_~ld{Kw}Ef0{7)
z^54ez=g*($VEpsvPrQ!t&!0ch#Q5jWpLhx5pFe-1j`7c*Kk*#KKY#v2n(@z{KXDP`
zpFe-1obk_}Kk;}k=HL1AC(bbb({mR8h})mX82_0$!ymVwCmH|zJzx3<#y@}0m&OTy
zQG944q=@I7i#WA&UhtgrQp$mShd}Y%Z4C5n6#pZ7KG)X3_55-l_S$LF=Y>gnuLEyd
zTl@CBHo4#z@;vkc@tb@+?<YKo;Aecl@O*Fn{GZ<kf6C8%#8dhie>ux*F7T%blRy9N
zX8a<@xxgRS|8Bx>{r6<_N9R2E$L})!{(0+<+Zg}c`HS)XxS8?KpFY(y{`u3V=Mw&6
zed?IE{zx-FU2}#%-X9mubAOc2bALSE1N%3B_Vo<oZ<sgvKSubA^=bab#}}x*`P>)t
zX~sW){qa|fzahXiAM?eZ_CP-KH=YkO{`nivgN%Rf>~}htJYPS+_=hNWe&oNi2l78Y
zXZX{E$@e$5GyW5EhCgmkI|=`jIi6p~{LJ5c*TneeZ#=(*@izpx=3_k9^~~>heh%ZG
zzww-A{PQ=SFJk;d0j~Lwe|b+~JUD${Bf0qYN$t4{MSqhE8#q7Oub(<2>!>!)rgar<
z{H4o{$bMDqbEoaE6WDi(EAKSb^2vquoDtSb`8)<IU2a71HZNSt@S~DM>&CEN?&F*(
zT+ur7f^->Rd!BFin-@IJbZ%a;g74QH)bqJ?A9`}}b*RSgHv>bmoQpBsLq9iPT)`Q>
zo%;IQWPdMiY~Cn%ZNGEPL8+ez{%ewa@(*(}ygwKvY`v2#{|&yeiMAb($O3y$V)<4n
zZ|9=BE0sUu8*;@tuejVB;`!FT@SQA6ak;f5$4dIO`~ZWbPa?pio==DOhLB_DN%-sL
zza@SX!6%rXXq|5DQvZUUW?gq1y|%yH&J{NK_;MVB9Eoq#&+ieslI0RN;Qh)(Q*y~q
zxn02M4|{LH?08fz)^C10e?;w6Qr*2@6PckU)O$9ic%Niox#%wP5tkVHLrIw~jW@V8
zDzCDapjhB8<0Nob>iAfEHD}<x4qS;qek2#Xh+*uD2R_h+E4lc2oaSH1NzlAV@SEP+
z`yr<P$%TT?UC>3GklY9l<J0lcywLQ#lkeB;ynqphjWWKhKQ>o(@O@uCd(jVs2RAlv
zmHM{tzh<Y7>s75>FS+Cj#tZp@lH^i(j|A`uf+M}RefEcRe5)L>FCK`JOJ(2rCW0Xn
zdmm(ZFQeyk<nSxvm*@k($)$46LUH~-vz{aZ)%%4a=%}2^t9hZshaS}~kL;H6=gZ|T
z$VL0j<dMXSHgrY&FBbj^{QrdM@by#V1g@nX<m9(=2emUB{d~EnpJ*3XxJFXH-BS5>
zAGTme>yj^`%;%nc_17%l>{3SYHJ3dNMFO`*&MUEVM%)_JFFkk4tr11EbM)LA;n&^+
z!n^^=**T_(K=AtSd9_minw-Jc7sxj7c<dwnXk#*>_vtWh%fIQ3XF{H&A}GJ{M-vlI
zWq$Td!Oy*qmF8#tQ=FfBrr_rzQ}FZLr#L^iO~KFmrr_tIr#L@#Q}FX&Q}FZO|Mk=!
zKhK(ipHEG}&#9+4KZ~Z|=gl#GFlE8M{oPZXpYQA~ZLhx?<Hzjv2cF{moS1^2{ZsIB
z(BsE{FB+cHqcV*}aR|FVoA)Spe30au6GZUar+bg`7w;>q^YSl{deM4omB7x4AM4a_
zTYW(CuWyq%$>wD{zs7%0bBN~RLj7{CXzL6+56>^Zk?3E(S@4GsOS^Ho#LvUF_BRo~
zX{vgkrtlMb2(DQn>pJs?+N;G6WSB^*k!2eBr_ef*pYnMJ;dwE^w@}(cX*MPP;eF(L
zV7%Qz={WLtC_aMWawYh!P2zi_%B_tu>3aPN@jK05!Fc^&kWW-j<+Dc0XO#}DTZx1q
z)b&In_$@AAbe7^9HELGKi{*C^UCaliJybKhV`2gbY(04&;Rio=P|D>f?IAc@{mY_q
zSdkW&Q@Ie4aOEL4YKrA{26$2h`79zh5y-l>n6A?8-9q%70v_!*^e@v(Dbq`75AJLK
zV4Vp`+k3#SjR3k<_ey$wM)g+nBR$N@ee}yq(J%TQvD5cmZT;b&yYV>uQm@`J=x?{+
zv2!nq^fxxn@^diGt_8i(IGui+{rCgZkF&7;nDoEVcZKTn<$~X>Q9e^+T+VHk{N#e0
z_(r&6Nb*&W!|Hy9={#Od$0cn%Dd~n2oZ9>8E+_YsWwK7*M4it4IxO#%FW)Hb!_Hy-
zXXnJbOVgA?_LRs$zMZFsbu1{f^W`^Rrtz8U1kYO18?1f8!BL^7{*=-q>la&}A}(>7
z@B$yoyAdgur0)ixVdy_9Cd*`9WbuncAn#+FolP$JcgF7yh+OlpqDpkt+{)w!c^SSz
z{?(GdTH{jgpvXDDPV%9zH<8}ix$1cg4!YRBAtj*!WAkFc3mDg<1VTRUkjURXBJzLZ
zM)?k0{%R?g2!ua(ROIe*(%;}0m(k&dCEwZuU2pq6(zAVn$G%IHz4#&~BoVCU8&Mo%
z(SNJFb$oVcy(2>+Cv88uNa703OCfz~zeURBZ<Z8%K?A@)Bn3L|Av)~5s#5nqJ1FH?
z9{T;HY=zJn_DDNntMrrcA67^|03R6IQX%?eau3r&Pq<3zg-{^6!nKlb>rm9kinr!!
znWy~u8+zuS&+r+d)8)>xJVN`P+~G4KpChL^Eydr<iGMdDdflw{HxYc5%ja8#9+1WQ
zoRe~SVLMnZWCu0vqJUwG^0QuUMDoz`_MJD-fh&~a(fa%d^$X;@`GAf;nRbKaS7`ZV
zqHkN83i8B^QFGf>Tp)j|l!KfhH>~$NVsW|~4i)+{ze&nt+=8Thm%zsFa;0;1yX1%U
z<1Cl8gcmH?`~W@5kll1S87E<-Fy?YHenLI(GcFJFi!hHvqoR10+C{TtZbaHeJ9nWS
zwJUD;nDo;Dp>KJcq}es1pLTA{mKTb==-g{A@74%?u#aFd)N^zaf#3@}I|Q%B-!0B(
z{@o?FlECOf{ORUXGA02-?p4Sq`837k{`h-6xhsEbsXoi``KV3y;37$_AHrp=Lhq5|
zLeDjNzgtoa8<tzIz}8=x3k0U`2ub~Q!Y`fItFY*2G%u{P^4-#o%G2muZt>j1r{sQ{
zwomi}li6p}i*SRC6ZF^9FrN-cdGqfeccy!%<lFc|`2_2c@V#Y~_M4vHY~PJCy){1%
z_&|q!rz)><T1)-G^40la`IXY%W~bw;PGFnAY6b`qT^9F^^f~&Do9eSZ_lfjb@!R>t
zHZH9F<!huJ)A!X%Usx@2%3mh;O@6*zTkMak8PZ|rITekoUTMeVv|Q=%<$v~%3UYMA
z<I>-%ugkBt`Z7+kSL-;V`5uzn^04;Ti0D~z!2zxx**o)x4jt!ww@&dL5xsJwJ(7P^
z^e|cWBQB8dk#abv30JsbOz65-;d+rHof9kh4@rI^kO5`S0YlZdEe9(=E}#1by|M9K
z^N`H5#<x>G%nwK|xNkDuO0Uu9l#l!rbUEcKuk<C$PBNipZ^8{-LO+z2uFW?KotyWG
zTx~uK_p2VNeW*D=8$0Pb*Zlac{|)<mmhs!V*&R6}{2V>a>E=C!c6tb-?<Z_}%Va+x
ze*ZY($N0tk74B$Zd{MuP`H9YPJwoG>=eb@Thw4W!$HYTdX!Bf`(nIBcgYs*(iUVik
z{#^6i-6I}7gD03C>*vUhXIN}B-f!mnHg4l~)s0Af(|;SM7+-AvE@!fX<!Z<0&Hm<O
zoS40{^_9^B`M;jVui0DYmG|wf)kFC^Fy4nnpUmEE(dWKae{-ewQ?Kxe_8~dQpZjH}
z3`~PD|MkS?ziYkzaKj?c)oPC~S!w-{<bE)_YVCw-H#U)-A=DAQ%MS`Y?x@Jce_os>
zl;|I%wmvew@#8Aj5&x#APVJJdv##$Y1az7Gz8)X0rpt|*yhP8FWl!h)`~WAUPfrtg
zg}|E#4d^zxFTYIkoy`Nv$Cec`-XTXwq^9x*GLD1{!uvhZ(_X0`>A?*GucdM@9ripb
zn(yw{{(Gs`Q+r+W8noiicWOtYdFB|mXV0VTI|_y8QSzMJ<~3{I<Yj)r>KmoquwMGz
z^ws9M{2g*1`d9^hR6jd<E@t0tjpp4BrAz8X<CgemJzpdF7Ef~{$GLoAz7smoUW(c?
zdu{#ihFd4edHFiQXMSaVufXt|p<j8GKlF|MMe9;L2L*inMp?f^dSLUZ(wTp^;M+t>
z!g{h*V52uKM=KX<TmXEOL2kNEH9qXSX?FhUCZZMims{MzzLTNwmKM>I>o>1v{x{Jw
zmg(tLde%t_y{n@CG`~te)b~kRJ<ch{QxE-z9>YF@zW0TgKPZ!~L~tFKbHn{oFAXUc
z#-XhjZGB|pB7`vMqVuY`o~;+mPPoHEf=~Uia4}kkK8<ny>sN^2H<t;YSCnlJmeKvZ
z;zj>~5{oY^A?88YmRcP@>YuMAx$rnse`NVhXocE2q;j}PCUAF1<PqLP0-!5=kI<8+
z`nb&B&+ZmK%Hj%9KdJo)RUfuoC-xzf<wvyd)%dsZk_cA)68Ozej@EY@kxOT{5uZ$d
zufV9!^VlwdqxEf-!VhXWq8sw4*$k;cuA?IFXuYTQB3kct=zT687=O_^txWh%=y{pu
zw;Fws9Z~zZTImm~Pchyizj>#$6E+sc_aDB0_H>$kkNW}3ZQOP!KiZzHN1^Ba++Hiw
zmlZXL?7od#!|&TI*1I;r8}<Jhfz1wBJBA1S2F*gdy=eE4@SV4QRC*1ct&5`doQ?k#
zXr1)@M$vQlNu(md^$%andKAr{SECf^t<s71VFx1r`Wm^vWoyj8CVfQ%HO}H#&tSY*
zKd(HcgNW|KUer<w{~;aoA1?CZP^j1He?OY)rL|sNtlrbTdKO=_=QtK$hP|SHw7+OM
z{iSavFJ8d@DdhUPfr1~I-^{mzBP1XAulG^<V#>00t<8g|S4Q?O52SQO-%)83*e}=S
z;SX1deF!&cIn^)UUs*%_9B!fp=(0FjzD~=p)l}_YvV0k5I9>lI%PtW325F~x0Wm;V
za)~Hv<R59f;N$cT#80I?dk$p&Qo-Jc|6}X9NdLAmde+Z>XFOuK>^VmgibhwdcK?;j
zivVrEkv%sEw+sE&ZwZ=FaN+p|E?bX<+l6kM2MTmcxk!F0FW7&yXn66y94@PO2Z6|G
zF1wub?fHr6(I#pi_iNTlJ$oK^1q~EX4Em6oA9#fHob`xO=uxsv);IPYdfU%t`_bro
z;A~gI>eHOc*WU~D(RaZ)-(Lsvxw3}{IbGO>#c@-ePtd<OC)(n4=9k-ft@iyO^Z!g<
zZdmLu#;I`1=zA`?=I7jg^8ykiUBLgNhYRBe@Ip`D%}>pXIHUEG$-m|X!9HvG-=gxr
zg~<q>%JT1<XZe33CjWo&V0W3?0p0fp`}=WPx}cv<?t-5t_u&UYPs3{jc9)4<^Sa)J
zUe!`oc!TEaJODfw{jjhv=3MQ4dXC!r%Ne%!u{mmQhqrIR^x5{k#_hf@-w$y6FJ*yY
z9%cFJ{$l+sZ(x2q?z4PXsC-8yg@2N!iuV01$oo_e&BxToxZ-vd&!5tik8<BQ3V$4{
zcZ%H~tmZViKqeBW-ve{{oDKbt5oPu$e*Svl-1SN>2mIj2()<+kLLTF)Z+y;{eh)iL
zon$-WGK7e(FeQGCeHS{4U#Wj%actl2oznLIs)yt-!f1H^?>OYuCb0QmptIqv(Dzk*
z!@XPDJ^yp!zb5oQDD$d&Pnz*&`l}=zxQf&4l`>GWd&IHIF0SSL@YPZ-yg4oK3j~kN
zxBmP`LoeDNYWCUqgM9y*<eLcoMCOIHj4p}~z>o63XKwzXuP1-NdO`|7m+2Ga^#git
zmgLo;%s-{*u>P8<9yy(t3i>p~IsVxv+CO@Z|2FNPd(+Hcrc3*$Tly#CWL#ti>sfx;
z{V$YsSskb0hFVD*t0b*YOPZ>bRKMr!>tze{Z<w3o_*8}J>DTw*`!y|GueoeZ0GGra
zmGzU$$$G;4Z2x@&U<&J-wB7aEZUd)&yA9M1PE9!RAD+KW-C9od(Vt(Y_--BmUCHv*
zoSI#M-vbS>eKGKp=yQd<FQ0w}HJ2UW^2xG(skfIC`Y!1b{t?lgk^MFAq+Ha4{US6I
zF018qen~Fa#q|>U{nWPM*D*hCMCEWu<?=|E@T+n2uu<~EdMVdlE%n+{B3EDT+z)C8
z!2chSJ|}`lxLsR^g3nsYiObO+AAjb_t+{+dQT?WA>VI%j{oA;{%XD#C%AZ3&`h4Jf
z9H7Vgabyy{^+oh_PeBiLG3&v5C)IB#s*gvarQ~7t-#w{*T~U2<>(5#L?UU+5`cz)+
z0{VlNRp+d~Yf}BHqWX0Eob|&=_0vW5NlngKKRc<u*cYFEnr6;ff6Ju$6-Dj8ZJPS+
zlj=h&Xq?gT>Y+5=Z$=mN$NKNJUj1bGC8!?E+ztr6$ue0-yWZIN@0~pU-7dKw*@0;M
z!`hJj>*XYH*9u;Y(@Ii6qX+XFB<$<|MYx}ndhnYt&Qb1T>Sz4kPQrUc>_OqXvd`oS
z{&!L#5BpB4%ZWWVI|e-@v=iYPY3GTYfBQ=skS>=N`?f;qF2aAI-q-$&?hD+!U^(9h
zpU`+;9zP`f^gM#^n_mFApr&s}TGfsWP(I{*(J1l1UFi9rkjuZ#NG?C*IFh}WSLhd$
z%lG+yDY^U;%jG+K-`45ozt6-k+ClPZR{zKMi~fPe&;Rp&(S7O{?YM#UD!YH3q|3zb
z2shL*95$+dR9_`<O7uLemht3|Q|O<skCg;N5C7`^!gu|e%NoTm8kKq9o=4fZEcT0J
zoQEm(kE+E#^4ncc?Z7WOK80WOQN;1YOi`TdSv(-Dzo++$B;J-R6Z>WF^ST2uyLe!-
zU4*?RvL@WSwOrgT>bl3bi}#W~8(pRBVg~nfGM+L1dAt+fW*5KI3%e+OQ^77uKbsv!
zJ^B}fm1-BJwOhugjK|{fDRv(8rU|8Qw_Z#1x}4~Z^>3lRwBNko-K<wrkN<b^{Zixq
zm4rVLyq)j24c{erM#O(~hg82F>E`@!gQks=AJ$8`_G+ouo)WqF`pf#<CUioN?<BjB
z;HOR051L=f4tG$$Lk<H}74_PWcy_o~@I9IRP(7o5Q2A;6qR>xfhebZ6`r%pJ58|hv
zj~)IL$)}VZ{>}eC*x@H}efo5^!(vb8bA5Vd3Oig5J1pvS9_!O}JaCd_4V>EZ`}1F)
zUdwnAfxM6YWUNoWNc<;A({Y*Kj&W8CILFz%pRGadN1C!=KfX>2E|XicJ`ZZkG;xJ?
zeg7n0-?w9Uj|27y@g3m%qKEIPxITFBKH^vHWT|<uANM_Z#n%Tv>v?Le4|Wi})2|QO
zW&WDd{@%&=OWEHy5&lH*TE2g-d5Qf6Z(iy@?9EFO{$c$qBRzRC)=hWJNG{@^PVFDO
zXiB-fjO8M6KZ-B^0t3eOjk_zw5V=c{OZ--!<@@%&M%Y;)>k3`Zt+jF5F6C|i7oE$(
z^}_mcE}ty>Q!Ze5d_DaHjYEoyb9p}>&+{lgUX=eB=N~W1&rsklOr7R@>`#LINa*uj
zmuq1<ruMgH?$1>bUf-WvL-Mrt;NPNMmlOUkS#^;4_V=ssb4zcWripH|d%z3)utzT@
zJ<N2R<$i2yllSS`Q@_c4w6)2(rR}Lok#G4PjywADTMxX$+`Q};B-qD)E#c4Z?-G1D
z!Q+NSe(l=7Z8>SL-QHvL=srdL06GWXg>}p+rn9;1GG51ogQvJ3Xn(1sS5rZ{Xg?;y
z_FjU!TJ$Z{@$Ie_dP8mBtx-5N%J}X1Q<yrYu;8_Ql>YM==D%0!gHAjb^W`&2^xOU@
z+~4vJy1!J)o1I1eAEKU+8Px16;{x`+r;o3k@WBq@LcKR%O#B`dIV1vk;N*rxZ`&4B
za=G^Elfs97zt{E=Iz9g-Y&<UaHMAXW7-zUWCGu`h3!bo+8l)?1P<b{nIEi1-=j(&@
z-?wPqbED;qx4HafJRiEz3WjYzhrQ1gJ-<FEawvX&{UUDI<(gQprXFwa6uzdk>-+dV
z<e4Un{&@Q^#cmS8{d|A*Krx@_cgTMe`c3<@X5iDpPfp5XodN!Rd04#<Qa#gWyqAIJ
z6}G-vy-(`X_!jzyPfL2K<cBicqkTj0V<4$;jn<3w;qzRtZTK;%KcaXJDc(n9+=m-9
zZIt}5UdpvsOFh$rxE}g^SwFv@`Z*DNP})1J_PI0Qe)8*|{e{Ty!v7?FCgR~A(R%|r
zZjDdTvqT^RHdH(=C*}Nc@C+IUiQodR7?nG$`bBFTT(FznF?)qLNwn@?Nc+#I9QyV5
z=~0F|D((2sk?B_CKSE!u{6kbe+^pjw>c8pqbLR6wn%edC^G?#w`J8WFMfgkg*H_LI
z_9NK7<NSIej;?5b*i{0DI&YZ#5GV4Vmx7-(6@|RdlKh$j8A#!Nng8ke=NVu^KSQ#G
z_vuB^efluJq1;_mE@5%S9BNa)lYZI#MbsABJM=b^-(j7Pa%tAj=CXyXhtNliM|~}k
z@X18spBpqD(<7c=Gu#~a(-8ecJFg<XOuqo%4*!2t${}vw3jOO9*q@)R{>xCmP4DlN
z6nJ`QeQwXI-MzsX+yS3wf$ugc2fF~dWnLwEM(5t~_{zMB92dI6dKs6QS0xk{KPuCN
z(Ma{~pbkR%Dnf+xc4`2rETe+E6E6+^nBZh06*O>K8{EWcS+IxFM6jOzQok;`C1^sr
z@aEu3N^SpE^TL+|7%F*bhVI|MPY~UR(9yiGfnvebPa{HS^THPeTNxHUu#W=Ivl78?
z(_iAJTI3L>L~r8yktbQ=viZjL1-e6`Z;<O!+KQJ5KF0Q|c~NcfBP!p#@Oi<<P%n$x
zfNKH@yLfazJAjEP(0x_#ZHA5RwZUeF3v@3dI1yY<f9HnoI~m_2O83P<JHgEhD_M^V
zbgv9<q5OipFXA^X3UsdszD4&7@~#M8&2WKka>Iyj*{?Vk@@}CmG>PB=raPHf9DIoI
zClk*M9^<qo_$j6Fe#AJxo9Wo2{Qi6b^_my{_rx1fKI*5l6RQD7`t_3uP+s8oM-!OZ
z3;h0Y;=K$P`28Nii9p^XnG1d^ct1%O({1m!H<$hU1jdc+?`|&p`UF(f>_&6h*Cw6|
zScV_%pZv<itpvNAj+3%~oA?aFs&8fgIx)zw@X=iM#feK$KSzJ)^6lZ56X5UlD#w4G
zcqZL%Uii6*zoxVx$A6kYe-z~S*@^22F39mS6W?dp^!-yTcQ;ayBTQo=_&aWAF68(C
z%kdVGW15iDl_wtnSJ)VcA5nkyalr0Yu?NXANRi-Xu@ljLS8<!8^9_Cb36W=R=W0Q=
zQJyp0z35rI4hmDJ7=LonIxdi0lqOG(^mkDi-%kh`y#EyzwdU$)aXFj=h;r6`+iiek
zen(3F7vr^a8Iuc=T)^gA^4Ix(xa_2q<GU3>9>$d}+n-(2t9YqB>~yzz1mg#HVDC2E
zOa0BeXQ^Hr%E^3d_y3H1O_ZZ)W#aBdU+4KTxo9EHl)@+YqH`SRFV&+;X-aFZMs4J;
z;S|pUtDeC`FbsUpCqrWE9h?8|pmM-F^*$M@NY{KmAAdf{!{~vWu=4T!u3Fqbz+|vr
z@&@_|eg@wPe*c^;4dj4%x8`bDKP7@Ma|L(D5>7L>F6T6xlJOhvka6Qi%h(Ue+?wY5
z6qn%sb+>{F(u<Vng?qKgA+v@Eq$`{H8y*LnMcl!bl&s%2--_NL{k=_Ozln;Y<}0;a
zBKS1lr}rYb9qd#5Is6CW5f|QnqJQ*0snV%&8S}4Ae`)`-(0NGpa=*|W4xZusg!*-N
zsNT6z<!eazX<qO-mYeMZxA%M9QK?@81)?hvbaHyhrd6C?zg_q;J8AF3VPEx`n7)0F
z47=%ZzJsd=t1*ewRkKU*NACd$7})zN;WDMO{CXZYmu&wVp%;@nT^aSavMN`5Z_M`n
zntT$$ja=Tw+42h*WIaNYVW+fHqwjM<|8T)xVEi@fetLV(UL(h<26hgNy<b7`6_)$;
z8(+-zBYvwGq<KU1ZMD*C=h$4|`wS_clX93R0`hYWUsx}C61|`B8Yu_4KKH*1<xHRQ
z?~(iTKAq@?>B*4jlRGMYm(6RY-}c_&qf{LtsOh<s5!pT$lS>gja8~F7Juf?i`AO-$
zTk_*{SiHgIL|)dey{BRFwE5s%?R{aS&>pSZncw_W?cOi+tllMQvizC+!}QqBg94xE
zf|^wWJid+ZMDP&9mt4te$oc~Wk^U{!c)*~pqg3AUag_)jW<2h&^ha{>YDVaCQqTIs
zjjDYbl5w8NiM`3DzQOf3>v>9BG+tzOp?T3wd|nsnz0gn0q=-)A3;ncv8`)DC#&nL5
z*elr2c)7>O=Gyqh{d=k27Ci?R=Ak3~<~KkF>CJEIvVFeDzx%HAJ;=ZNO`Epadl<-X
ze$(AN`n&FKr+k!<`HSs6$sP6^?R8N*W`~-CuRtBi4oQC{7hTHsF-iUaSODIhT9lBB
z_8+o6_x&!6V|ovzDE|zNvoMwBeDFvA$lg~mZ0l&?Kjyuk6{e)0P##y9l78~rtDrcG
zAE&{124AO0o~Re+_cr3UIpFRpdH=()evo-?q3Ds?m&~y0N44sQo`bPP-#fg6+9fdr
zn`k;j`>zyp9&Fb5?v~VV$T~GA^|PsGFno99SBb&Bd(ja4BjyJs7yXF+2b*^aav5X#
zqImAG$jRP=Bt6&r694k$h4^h)t?S8Q7Bk1WPjP<58I?PyzT6>af8YFBdJq_`KUs^2
zcT#u%Jv{WwE8hft6Z(=%%a}h}A8`-ok81lgzT^E`j`pZ;aKT^cqZIgV9HH@*<81c(
zMbFeOl5dC0FMmCi&*VhjkzbLM{xH9S&N*QFmQ8(4`d#g3nEIl~vGboK-T(KTw(s~`
zPJKG!@);+2(tA;i7j%!2V!0zK2bzdr84|%^k%Pw%<MH|h{J9aaQ^51tHy7~OI4<nZ
zX=MI=x=<hW8tFY4KOg;#{Fl?YyM8|OBN1%l9!)O#8^)Jh^i3YWPgVW1@nX*<O6lP*
zX(3%Ke+dBD`10dnCG|1G;+Ujg|4Du2>oMeQdh5r(On?6`mACoX-eU<nkE?!(pX>KW
zDZR3I5Bl$q$>tRE_1anM)y|T7_2(1N)BIuK8_(-X%B8I!mjU_-y8aPz(eVqvi_||b
ze-`7@%6*E;g-+@x0$DgF7k!QAp@P0?9AE94i|n1q%ijMndHVKF>{_wC!}tuV=hoiY
zybu1LwFUhw<Gs1;tIS~7DdTuH@*Gon9)diNh@24jXFXGW^yO;h{}AQlc4e#7H-8s&
zzLz?<Sbxx4CF&DST!_QQ?NaBY@%4{<;^A!gG=10$x@Vv_JE@%MjnAjqyDGAGiQq4o
zUYAQt{G@^yri=D(D=d7Hf2c6uW<TK~`We|1($^DDhesqA<ktKE?6<6Mf7SF9^uOl~
zG%t>dKh|9SJ$Vl9jq{(vj(PoEOK^gt+az~g2mh+^?T^o=lfBCvRsNSI%1EUr*|}2u
z+d3EaYlzB2j#rb6Y<-mAsJQr{(3I%??5B#|5_K==bqRm%;~k~!!3vpAJpGt%9_Ul~
zJe}k-6T4;Qm!SL<b_??U7!AYowO78~TSuXn0-nb6wpag2w9dp{eV59e%U-Rd=f?K@
z<X3H6@i=J5I8gt#>>E)3N#kiceHo(i!1MQ>JpFmi?*A?B(|=s>D=?3v-hWNu-@cRQ
zflH|5?C3Fl{4;9H<@$BqD*lGc4Ja&r8=afSe!j&!O8Gm6?~fRt*3)%l_%Ns={aD*C
z=_<^Im|w0HSmS83nNO{~KbQgi=h9!p^I$2u)o%;0Qo1h|y8ZsKbw)ncKUim=-(Exc
z$?|VApXL|ad)TnEWpoGSUQ519f}f(zt{=^>cnjzs)qd*b=2(Bq>8Gz}R(?B`54)wD
z&yV>RL$q(e&o@4Yr{ME<SP%b!5uU3b+23!IcENuY{RIDa5j{nAlx!s~_+wXLzV_B9
za1~MS^;D16x2mtF*w3N(t-`Wz&FABVh_9%hi1rQ7?Sv=0zmDts<(b}%Oa{02z4Nrs
zun+z^_r05l?r6O{$m?ZaZs-T!KjC<RCpYWI>mj!p_>*;1u9STSU6A90)Zd9fo^#H`
zkDsa^pAC8-RJtNReg^$`In|r4AL)EX?N`~SMB_<ed2Z?V+f@C$irUEzmhNZThbVTA
zY(1|0Zb>1Zar#;4FN<%;J_f&CljkpE<HziHeQf;LxcWTJj~4Gp1Z~`~uMgABFJ{Mn
zJ_I?MJs;(Dcfp<?leo?~^u_S}knu=)H!OHef8zF#&iNL+v+$qBh(pNro79dkKh}F4
zZy29e?o_NC^bhqPNR;ZAC4_x4Ue;Gn56#Z?-{sf8P~%oFVZHL@KhyE}8KQGGcKDN2
zzLXs{J^C{qm%k8tNOy5z{x$kH@%<#{hpn*o;-4cPAL@G0&J~2;HQl=JA?$Y*G_=1@
z{hbBtcwE^0W&4EU{f7Sd*B`)+P{+~b-#31iOffFLNc!)Ww{em2_8ZzhdwopB>sUM>
zwdZM*o}W{`J^u+e$n&Br=(`6b0)9S+G+OU0D9pnhG{+RqZM=~AE<8^adD!!kaEHe8
zsXnggdDUTQ&z@)5`Cs<jZ21}~pY4?t^Bd@)cn$Y6>?YHv^W7!_(schmP3hcArmIG_
z8Ia!~8!0Zy>hr)h!E4V$^_Us53qt?vSA1W_Yfj2RpKLt6<tLb@B(Cd>4|^VH&jE*p
zPWz4po^!<a3q1GjrS$0R&(WgogYo^J-zHuY!H@Vpo%bdBX3w$od6(1YS;@se;BtxJ
z5SK&y4YBj_o=NTCxpKMp`~~_6R}Lw;XS|OU^w@Jcly8VVhkm73K5Xm}|DX=Fh`*~e
z)#o9g<E!5wgQOSmUP8aEJ-26^@7R3p`(<gmgL0o8g8sdM%ekDi7w+idcI~~?Fx4$|
z<hU5y1ME}Aeog=R1mue=|DdG6f5jfizm@eYObrQMeGh`Z$D(kP-tSj<y~2GAXL211
zcQEXaThQVAEq&x)K(0r9xzM_N8R*(1blG!P(D#-5@jOG?v-9ui`7VzzH>~nkx#Kv!
z=MW0mHToCWcXa{da>H#xXZ5)7G5i{Z#}vL*;bRKFRN+yE?@+wWWxr&MaXvxs@9o3B
z@B+PfG?@slk@j`JJH>AWe<bG<3R^#%WEgZ;tR+4U2m^R82C(1marmzX89nRE9n_!x
z{h!i(+UKPBrGK)ip9=oPYG*o6GaL?9o&lzCM_STl5-$cF=pWmc3BC6FkDgm{dB0uk
z5BHy+jRHO-bmF`;=z%>?bHk#)kl#<BkGo{TvG+V+k01f-fBOz=sQbQ}7f*5SmfA~<
zyKj@u0skdC&>x=!x`5t$=KgK3?h(Ie<aN^D_1yv=x?Ny>@7X=_a)CE=@cs6bj)M)F
z->Bv51rNO+&E<Xl$9Ql#8NZ<CWAwZ>5qy~Gal0vlF1L;o9>=(0&)XyZS^KF!FnQC3
zeI+QD2=sa0{bG>Zt$cf0JWd~ahs&B+4>CQ~TrphMBJf@rV3~bYobP(llJ2RLa^h}y
zbo?XBhtBoq`mVP@%B5ty+V|_MU#H^F9hUO;e80e_JfEiTg9!dT9YRkVCo|x;Rp?ok
zR(>}qT&1vVj0u<3D%_&?>!iJ&CWRXmUa#<ahKuR_fap_C7ngJBEV`!SKip9%_(Ux{
z`3?)dy#tKLzP~puzQGEicV9o(3kPLh&+OZ;u*|cWePqPwvbc9<U!THfWggzwqi~@3
zx)m-LdUgIQ^w&Ft-hD${E`FZMRQ(?=8{_uE&T(mXNc($8^eWtNT<$lD{}a~Bdd>X8
zLi=yw_A|TX`ABBZN12Yyt}&r!=P^lpM<tbR;=M2EDm!l)-`@b7<i9j7b!u-;*!X+1
z@G0Ug)F-=*Yx??|xPG>Afux;flGX>D(tDO-e{}yzICxs%9j7>@^{~hzCGigP&$Fq2
z*836<%BDW2u=Hm(bwXk3Pnw?;*8WV5E3EyI8dF&Mh4y7AoR<DijVfHla5gopu#Bf{
zDyOiFr)+9S;RdZgpzwNy`xWj{xKCm2|5T5{V!y~AQn*Fi->R^Tr)(;tu#AUns!QQk
z#owW@>RGB)Vb!x#i^8gJsV0THwf=gB{rT_|&%@>1kC;zcuTm8Z`||_dzdP6d>JGZ^
zmygf0>~B4y`bP6C{o{G>`#a&6$h=i}UyU9L(dE;L`k0qC(z?yJEAWp)8`ov!T+hxo
zgx!(*k{_M>>CL}sssaBKC4fIqP1`vHSl`rAzHb*8pDbf&zr410K+>qai(~B_AS86b
zo>U?A+WQl<m*d-PcUevv_X9nD{gzUGo7gpbPm8`M#r+$9Z_&=(2~%}CPHUxK<LwP=
z`$S(YF^G0wL3FvJqA!L0Lice&Ki<$l<^6tdf?wSx_`v7o^b`0#{)dzKgg*J}3M)58
z<;;I}Ym}}s?Z*`Y+xo(-sN{^WI?a4J{a%=zV`T4_(|T3zUm*3#Uo0&LPwvAd<^EDe
z;Evch)A40=T_F8#>zSFH|H%FA$)DviB6MP(FXRjP-H!cRqtYMlXczZ)vfSc(?OXxl
z7vsw28GoG6t-!{KuW$CgWbS*2huq6}+J<+teA=s9L~bK8PZ>Y%&^FEw8`sPINA3}L
zLj$MnDH+e<2F-8O^7VqJy;|`5dIS66`=9sFyEZ<ZHvYfy{rMgLFNWUhcrA=)77LB{
zoB4;G!&|s-<NXG{Z|mk#<NaE~p9rp3Ig5YpMpTausa`!Ic0JsnX`|$m{MmlDS4%zf
z^L;r&PQDy(Bsto7DCaY7Z^pPiBK*T1#_jwzjCZrAq_4DW;PL)qjN?(!Q+w|L@`9vF
zjr$j(onCE+%3;0iKmRbi&!=+XfRvlgPT2VgKHqWr<Ms-uG2YgK9#0SAbX&PgL65kl
zbgpWFet*2V;mTj)PI3W8r+nw*Qc9h^9}0Vc@@V%580W*aTAprjxjKgZa^InH7GFG9
zTxmQOSNiHZr5ze>6PcXE5wbd7{dF<q1iT;i;~_LZJe%mjzP_^_UVMHj-p<7j6xzwZ
zkl6@Iog?-082(GBDC7Y8+A_zuVsjb2ltq`zbV#b}>*>zFc3WGye0Vh{^uFlgNY21-
z?L_kx@%J4PIr5*~jdAk>X)oI)>GK5-;sofg$Zw|o!??`v4m-!#K8H7Qc2Mxc&xpO;
zM#$-M_x5m_>FSeoyC_noTh=|<{o<cyJH;=}E*oM!2saE!+So5?eV?T2Z-&*~4Ey#I
z@27*WY&aKkv~|T7grC{UXW94^^7)5Z%I5|ypY43&=N#I(hOZ>~)b!s<nm}?oEOeTF
zthV(M-R1b#LG5?S2fX|t?#3uCQq!jQ85`muOIU9(uJ(RS7im-l^8}A8(!KaN>hQ)Z
z*$a`6`WuMHLyyBX((V&E@3a+mXWDc9Xab<i{Hj9xu#VtQ>{Y3GkNuZi59{UB=W5Ix
zf128ZJw(gU>-9{(jDxwrUlqguJHY>h?T?KcU60Rp+;mPgZtngcA2;|Ojh$CApL+VV
z8R)4yEcVxpio9ksF5><E3))XxGoX4+<CgtveXl3Mqn7y2k+RSQ|HkadyC`1Vrsoqk
zmnHdqd6P>a&R)g+X6Hn?oUG4EohQZd^qtZU^!<&ys9lPa<8s|~lJ;^kZT!x;S}thk
zg*Gp^knIw^f5h~(4L_gL_G+15+{kl;PMv4mq00qs)bad?)T8q_d3@8kPI7;P<~M5j
zdco6PE%<%EmCs9Q6Z*m5cgdGB|Hfq-_(nYL4m(34FT~#o#ue6&%KTz+_$Ur7@v2Nl
z<EpxD&SW&Mn(E_vnM{k|N%b@A^jyB^xl?An-XG%o=Kq53$GWIL60k~?-o^><3j&?y
zza{m3OTf4+?iyYpa5J4hf%1t!&Ovs1zLI^H(w@Uc-~BLr;$BjGRO3CDDL(Q~1m7vK
zzpjICxPx+kT6`(-<6WkeD}*VDe`U%v9-nFwxs_d|_gfUkXrlf|wTc|e(f|pT_?6?g
zv<Q}J<ewRxpAkCsynWxEvmDj`isWc~Yh0YpIp+4l{SA_KR!N#VCg~a`!)x#3++Jq8
z_+6QM_i=&DwmweX)*eZ_#BZ~8fve<f{$2v;3VQ{%I2zXHxB%m7E;If<B>d%sp7Y0Z
znDGEVG|s-aV$Wl<sXyg$=yIah*_3>5g!bLA9I|!}S#Ch(Gpgl9ufx=k!lQbBKw*_@
zs$XH%H~o%zwsR}zXE$UdwexwaH7;P^Pgnj!{SHJp*rfQ@YkTVz7X8Ym#NVU1m(nkO
zA3Y~lSmF<K{<PMYxEI+~h1I_5xz{eIdZOoF+q#+Fi{y5#-wN-wjB$Sa`8E05oKJB$
zp?A*wgig_u+4>1LvbuTe4tc)pX1wl@?*V2z<($6kva`b9hBJ~jo|d%!l%)Dyps@M`
z!~T4DLf2WJb!6v8s<<C&YTw6v$y>pb=g(5-Xu+=jfC2#Su*@&fyuSFic|MN5lQxB4
z><-H~n~fikCK3An<>U8I`}!WKZ;#H`|AuAs@t*<y1JZAWxRSu<6K77x@IMCpZ87}n
z$3*zsU`51_VZQXczERv<>zDHHPXhlF*83OfJoPlz4?pgN=M=ub&=ZS04G`VXlQZun
zI!4D>&-{22IP>F4R{lFwKI{P3R4;du^>;4%H%<8b{{6@d^yhr^G_FTS=2?&4drm$2
zl-R2&_2`q*uc}9hpp~RVa(}}1?UUT!)7rQDG_GRbN0@`SK`DD>@3+7|!v(!OO!luW
zC-$rGoGZomZCx;x-r0KQiP*2ZSpTY~(eHNYzZGf+qWFTq%?s}2`=!Qz3*o2piur!q
z@PnMT>-oEG<Q)v#xw`JqZh;$5OTRtx7J)aMVz^zOlZG2KzfsHA3!e6B!SCAx^aFiQ
zn(IT}cXeSrr>Eif{NoMvGm_^f=4<MBiO9Q@JfF+*6nP_FRQd0d<3%qZ&B1=Pc)Vzo
zR2=-ne%pC2sQ-#s{b#CPq8$7jsH*J`v2|Cecx~r7@c8SX8}S^4@Zz%PbnZeT4Ddyw
zPqyDCT-D0?;Vm7KUPqlrSGZRE?J4Pl5a=>G?fE+R-4mlTN##r~VW+NJJA|G#*8?;`
z{vl3+<+OIkg?7P0&1PZ5{K4k3*~jsI;PngWgWS0h;I9<BWbfN-qH&j|{QESu^@i=o
zwR5cE<zBD;&+AuwmvOhR>LDyNpOc!`QtJC<eV9MD@@<yOBDPNwKWi@Q(RhWf|J5E`
zu|Ogoki&DRYAOBu%)x@3v9A0)@p=75(Orw9ma6v+ubw+Hz~g4M_Q&h@2xF!%cAgIW
zB+x<ov1FX-IjOeq(Cje!{d<GbpU`vK*C+Ny&`$l_W~0a_xuBVUSU)6!TN$SPu8hZ*
z>v7^2>w^z?`iJ&^NYCLQw@*^681N<cl727i;QFR#c3y~`Gfw-QxF5qo@w0t@i2H9?
z=!2Y3QM)$&Am5hQ{@|BU92t7&)8+U7jYLn9Pi-VU8Bx512j_mG-s4}LY=5q!B6tqe
z=e2|9K%*WEK2Lgj?{de5pOmfZWW8YD0W$x~)`PT;WBIh}xnt&kQ#^t3&^{u?*P*b=
zE7ip?<VvEUbIfFY1{k4+_EbZ3e>K6jKLUL2_nt?Esah@<4pwn`F8Nn^@(14sVE=T!
zH#yt6p#J+hXTC=B*0AW2TSLUq1-+(!L1_9Ji<>7k&TjiV;Af&d+TFCJ5H~B;k5fI*
ztE|vqBH>8{%jqxZAChsR@+!QaQ^)csyuTxIqBw(=S9y7Q1o=R|Q?-9`n&*k{^7JS=
z4|pw;8RRt%1N<kvaff-;pXXeg6bx6%yyDtOV04A6x;S;}w}z`^9<ue4%}>xDo+q`v
z_i!y5FB-q{=iBeb=(w25qJKyX6KxOoaLsmil2fx+7{`5-<J*&deQwu8B)94NQq5&=
zWBVL-ioC5~T&2vbSClX0$TaAMeYANc5j=z2!+!Ky`sIeTf2-AguH@TA?Hhfd|9O+>
zc$3Z(Vz155naMn{*t7T1Jh4^h35xyVDm71B;@2Z~F~7K@!bi>CWn2&Eqwu_-;|KUz
z4sCopI)4=WR8N{0RDZQzB533a6i;Qn_WK2K4cPhL_xc(5eoO8Ar`684QryDg^ym-z
zNA^bS6kuHTJyEm&{y8@2f8WnNP3_t|RLagj@D8!_K3#tQ?IC(f*?H{y!uUB~JO7*B
z_@wtE#ct~N-HPqH%x7lD+x6U?>Fl}7X&lP4=hOvc-+Q<{$W!e5`Uqal@)dgz{wCXZ
zv15gP5Ig4Y7m3Rsaxy;#{r!3GxuflCF~1{Evc`pS*M1FpDta_koQL+au%5X!QZGIa
zn7whiQMI$e=WOk?KQCCnpRZm1^1gyy%eM&K`I|L;p`^5L^uO_o_T6!cen>nv*`L4`
zPRNPGJK^@qIYHr$7B27l<UNjXe-p$0IBbo@g_`KRNZ{H2biAJ<ap7bcW&yHyM<gz6
ze$pL82Th$*o(t;^3%xa$5kk76^I<c#Zsct8AH|m^7mNK3`))G)ZszA2vCGlCt@h3T
zPGDCj(V_X6w<-yjA3wSW_uHgB+<yc81fO3Zdy@#Z^NoTYr&ZpSn$~Js$En53=^Q}G
z?_4kGU<0SVd@D$v_I{0@U&Z-)Zqp9wAOAl0i#Pu_Q2D}pHKGr`ACyCX9qr@wd-Kv2
zEJuGF=5fy5u<#Fi-j9Aac~B<~sXV&=H~bdqHye+TqusxU?)!9t56JQNzeD(Pil6iX
zd?Wt_lyCEZf4)BS%%_L>?UnjyuS)6pU9@*t@zT6B7UN@IjE^H)?~WLqX*xjHZ?Bf-
z1++6jw1UoCW91#_+gPB-@V=bNWe2-e4=SYJHGWU$F)1wenc^o3pB8(*U+k~TN&neA
z=5ne(DY5%5CwgShO?<h=$1B!Lp#M1W;f~07rSG|LyU8UL>~Eb*ejPFS4XFH{2YG0J
zz>Z=B`tq=H)l{z3d(G(I1ivXUx&OG|6|do=bKaR=@bPkTG)yl6|L~iW^~&_^6{J^Y
z&m+6}Qt7X_e;cMoe}+4-o6n5dO}K1m2X>|~{>QmIeOE}+6PljnwD3Iaxa1F>mbCK}
zr+$AO`&sGnf1LAW{JUPY*ZRJl+g)rAYSB+4!XNhSouc|?55gTo((YEd4}LDMfjwxM
z(jL4kHjY@Y+N8ce-oH;BP4lJT_r}8z6-7JWq5D3+;0yVwm_2|TkpGcyLoZ&&4MliI
zrCppOd<J}Zc8d8{eevzWzoA{vF7(Ctc}+~OZTx;dM(=pc4&nW1w1e>kdjBz2{^BX@
z!l$TQc2LH@%N-Mai0p#tk=X^)ub5ppBK;Wd5dW6^ImKgkLG-JXU0^wRax=T|A>zf2
z%JbV~`2|JxATGDMnB0ghmcs|>hdZKrp!4jx?7|T$AMTZY_4Nb&TgomVKhg))GyBc~
z`r&iGJ=re&FZvLikJt3>Go)WLw+ri8zOW0|#O%Vel<&!Qp;h~%Mbj=#yE!Gh&f|^t
zXGs2FpQN2Voci=O5x=GUf)37~xm^ficA<yr7wkfVwCmZ0qrU^YAkUFY`3ZN%#u4jP
z3A?Zb`j8X(nH~4-#wNP&^9#Pvj}KG-`1z0n@~@s`7Zk5&7y7}Mr{BzX3A@mOc0Ie$
z665Epn0}jGxHU#^Ys@a3pnBl%tlEW_#mava^r_yWoZ-Eh%4G*-{L}kIq7RW>Fg-H6
zVEPre3(}7TyP$d%`3s_7rR)OB$&;Jeg;rWV(D~u4ucholTyEttxe;4z7pm!pJEHwH
z1G{iJl`mx%(7&bZ0`lW}=G%o~n)7{s;U_VF!SrsuZx>#zc4@t)FVu9cq_jVa`w4cT
zDP|Y29)`ZcE>OJd3~F3awwgU1l#ic}@#&pJ-x9%V>yzo$O*NNYz!jqJtIP6)_8$l$
zd(P?FCa;^K^-{Z*o58y2QyoO#Io3^|r28g+f8F#vvMGt6o9T3SiNE4*7Cuo9S6Hq3
zT&;Rut@g57?d7oA%jymp7yDJO2SuO#@eVst>b!5Zm*+bF_8j)n;>zgH*HWm8&Jh)V
zsl0goG*i2H{NaMUe0wlN@<2PEp!>f4GyVJ#1*ZIb@Qd;fP`>#~lj2%*-<J=M^8=8&
ztb3~{Mg2dg_QFoFALnBi|2RhPbartxR(>kGI6~#J`_I!Z4r&}L@{?3=&eI;c5s?q%
z^>bQd&V^mvOZ?5oF7{ISxwMNDWZQhZ_^K)F;v=MAk-u~$s}IGQj`4ccZK~yrybN>R
zr+JKQoUf;+$PQY39P;}MinBy<##L2p3G92B;i|O4I=`(#1Q_LI{tH)CFnlije>@5Q
z`WXI(82-A+_;-xTI(${Fw9_X1x{a0mBh>G)CKoK_`|xjxC6dRG$V1FB#r;nT9@RJd
z{;YjZhxSqMeLA*D+8-HbcoX>r^pENvXL$KF(mvY3d}4UqrD@8calAALE~H=f{V2rc
z%PBvsmin8k<UHGOzu;d>H^GU~f#(!Jgmo2l^91VSezJ^Ce5Mrh5C}<@3I8bnU0VNy
zgMu#+{D<&S{!LEpc@NITB2+>CLi$5j%_?9MyMz4Is~8O2Mo=s3?l*h$DD>omr0;g#
zg3XUMZ@_;7#%2hHF2J0EUb^16^)aT$zRQ*fz9IDK^HF=gozecHedl^#`ppf?dMd1z
zelmHvVePjCC%9o3?>EDLwa|k&8t5@R?t)mqA-F(S)Nd*6x61#yeoGQPrTPu|rTXpO
zSifz5Qv0ocmi;#L>wcqtgde&;)^9I<Qv0oMmi^ZC>weRIdta>I%AeGJ>zQT0HE6$y
zU5n;7{qEHA^R|;R|7?!zq~M>s`AzVhYkr%po%~3w-#+)ye9Uhmm*V-YdzSrH@#}um
z@%E`$zYRXA{nj<hemg}}lm9sK>+$y0SiiMDsr}Y5%YHld>wY5%z%Ti)Sie2zN$oeW
zpSGW-;P=aVAh}@Y6#XRYhT{25>P3D(t&4cQb}^#~u%6=en#OylozJK~40E(zqx$Du
zuTgnkukDy(K0AQbE3KbsQ8sBlv+tPFx{Ce&m0T=v2Mg=9@^2RQmtej2)AxAu85VhT
z6|L9k+-1&>uh%wCwO&)XX1H2l>oq%vJiDS**3arsWLMm&u#CU#ir-aO>}Yny>lK#y
zFuUS)3X5NpUGZ9l`*{3jS8PzYU*Xp%JfLt3!_jl$6-^N=`=F0;xxzlvA%-EZRsT_l
zt3dCkI<Mlaw{H~nR@`5RFQ2R4saU<I&9L6_SiMCvtamI{?-#pgM(04R-cM#&uP0XT
z2Q#eK5vzB4hV`0a^}asCdUdgSU-IhNdlj~?)pgg(_#l1gq5l{^7;)(LFWgP>4t_dI
z`6cdOx2qs;w_C=kTPNcNVG{Zmotsj0o@}S?n<E^!3g^o%;Cg5uaSTh{9?GE0wQ&;d
zrv|-frwG5=kHWc}KbCRPDEqQ$e}e3{v-1yTdyefsky|)e%Xl*Ts+q8GuukEt6mC$s
zO5ybkyM1Yen-rFKS2)<ha0nwvSAqVoF#T?K1Lx0J&KGfU56|ZXPj3g`pg5GYuW_mA
z`pxZXm3s97*URkMpm4duuTi){;TDA}rJY?(3a1rbuW*&XBSKGf-g0!#!^eg0U0qy$
z#^*+8Jg^|gk0}2G(r&6>+MOx?d;6u{juZS`CbM_H!Y38pr|>C-`xHLSu-n_C@EL`>
z6+SEQ5uwM<^()Z*2SWGWAujK9ewwboit#+ic*4e3;k);^v~TB{&QuP&$E9B5knpMJ
z-G+^$3V&4Z%X`|H-D3)m37@-<DLk(5sKUnuKGehX73_kYv+x#?!|oGY{`|*5R`uYl
zw43UfogVBvBlQNmgx`JNQMg;-Z!6rR@M(qngui{K6z*5}q{0IN9~FA++{c0*yiVxe
z$7XNR`{n1fw;MVbZ!x~x1mFEts2;dmnT+Y}YiFy_xhKu_!p>TTGka1B*C~9l!VL<;
zgCKj~xnAqbx<Bk}Qdkby2s>LCF1CZe!}Nwbs<eD9<D2Qc;EoK5UKPy`R}0?ywBX&_
zB6w#w&fG|!=+CYu;jdoKKhErGR9MbG&g^=r!U4CF*|lEba%p#0gTfUG*C|}daPfFf
z3Edm?JmyCIenoF9*R$vHcrJhpdybK`^JUa8&XX^V%N<g?aHvc8In*ukS|j%h=h!?=
z^k!#=w6m*=)6DK}N%zT{qM5!O3}<^Z?U(#)gOm$vrCyj8JYj{<9d@bwb0WvELgY%%
z@g4^y*$R=X?QhCfh+Ju(Fv}@hA#yEze^lgJ_&%x1wY660xAUwksuUJ|4lB|Mi#}&7
zM89c2thOWiP5TiPuGI3P&-5J}g;k#`${7xuxI5@MqmJ_mu|v^$C9>U$?sqF*u`kg%
zFco57=>06cFZRXGfe9;4afi`+M0`K25c@*=_gH>mh1ySj4=t>ad4S$K(DLJ2e^l}R
zg~G=a7W;1RXJ;$M^!~Wk7yC}{2P!P~ozA0Ecu33Zd{;4`@Cm)&ukcBRvlTMW(sNmb
zWu7H|6z<dVXS9Bg!e<rkRyeJ2m%{3ARCFjDh`v{}DqPNRwnF?I(kF$*&mnzMxJApS
zwSJSrRSK_HSjJaa(V%dL(o?5!t(LD<xK8m`E8L*)RSK_HxJuzBt)Eu7Md3<?TeZCk
zg}d~Axx#%4Gf3~Vp5bv0{~sla-fPN9Irt&#$zS*Pf8hBp{PzT%L+lQ(XFSb|lf0sE
zN1Mcc93JBKT!-?zyN4{*<mdULcwg$Ev=cpdO$ZG9;|FAYf`R3Rk1;;Xm$+=5d<TKZ
z!Ff%%=({eQ+WVXqHvqm*Q!F77Xn!9OI{o(q#z4<7SLbuUTEKU&z@V?6ege;H-c9uA
z`$6`87vw~@qWAaw@~@)up_6_HHw!-d-WBb0Wxn#;CI332@h<vV^UylZ2=|K~=Lh8e
z>JCXS(f8cx95~K^Jh)!w9){gfsfW1GF}i1Tg8t8S5lrzMT+25}iu&{~sOiGrQu2Ks
z=jU^ruphyCq5TKE7t)+c->u>PFFrS;Mf74=_2W{(6K<6>KA(kaB;UU0>GRV=B>Mb3
z3Vv9-h@YKOFXAUX6+faUp`M#}F22qZ{sLbs`8~?E;g<_PBg)Sq<?oSJ&ZqOBC2f>^
zJCB>rgXVlX51Lb7-yl!ZTgbDF`r5vGX8FE8cag3*9cOs%PgN%E!}<Kb7ve&64i~rQ
zV)Az*{bCocId?x4^h@MP-<uJ9`u@M|Z-YO={c}|CLH}4!Xe{FbUpKyi;*O+$td}{-
z$N1^McvF2qxffBnu(O}r3HM7J&F?23ub%!byPf2bJ1+d_dz*Crl)(E>i@d$|PE&gp
zXFz)=XbjT63@&f)fBEAdoTJ>ab{QXw2rfFGK;OeQdyoj^J2tb4&kPg(bH!&C_WJP|
zF$^<aFGca0einRT9X3^bW{AtVHcqBrKNR`j)5T|w3;tVYhTrWQ=Yoa!jQB5w_>8Vk
z2W39Z>>JbaGM~DA#}t<N)a@HpSm)Cz<1;6?+>GTsWqjtWv^VSc%o(W{#b<O~T3^ok
zn%VVjy<eg5X@x5pcDqg~oL2ax!c_uK8=v9nA$a2P8S%rzS;uF@kcUxxCWYZh-x(7>
zGP76LqdUZp%<L6^J=`IFq}wb0I_+y`KZ)L3)%xN`x@qGxwOoGg;xn=iqH_pE{ugj}
zOgp~Z?k1r-iqGgeG>XsYI<!&z`ONP1T7FFU-rb<^xWc+#YCJCRwDFl%k;A%~(Oa-D
z7U!|}OrOv(>-bEM)QjRXI~49_`ZKyd4F`J^?$-N#!r#6wh5HrmP<TM#Y2!2fT;6{#
z92qu`6veBjjn9k;z8TuTFpAF{6S|}L%=;Ct6TbHxRk%UnQH9qFpL>QBZc=za;TDFc
zkI#&A`I*iOGmp=l7QC66=~p2>b4uus;xk`T*y1z)s&F9k*mY9ja^Zj1356>ZKCW=3
z$YYhzQ;6416`wi7_2T~Q+{b6mN;|t`-*0AjIeWmFeX^f8)3=P_U&m)upMM>n5k0OL
zVnvS51NwD*M&(h<^Ke*Et8g8|*@|D?_{`_%z37?8XO6MG$mf`S_CuzN&%EPZvJQeF
znv3|%L$shu1b2x1pFn)(iUUN?EaEe(seEyK<|d_Ml=YxEKJy~JKl}KM1YG=hMk`_R
z;~9TI=hVzTK7&(}sGiq<yzcha$6q77g*ZkT$1xItOl(ud2d0nDNL<LywZi)Ne$Y?r
zeq77<NgBmt#C<9ezmo-1oPIYv!14#)zn?_^lNX0MLHi}n6^D5->Fv4VFe6`|J`NLV
zKgIoqa7{sechS$93`QI1c~s&VM;YY(Uw)j$&SmuDDHjm}#9dmciZADQ++{hHn@!y1
z-^h0@in|=uxXa-5ahKdS*pD&p=P2$%V-lD7P3ZsLHk1>6@ZVGFBFlxi6D+sS7vzC@
zKc;w!%V|7rWhLV^eGgYs0lMgYX^AuGIokBxM`6Cr`bynAgLuzhOTWB8>gB5>4fo5s
zo6hlJKEuvRPOn(Jl;gH;FQ^xLiWLsl6XgVh{#N3<S<i#RIEvr@>$eu-LD+vsMVQ`Y
zNC^*M;JJhF*tl$7`h2=my4<54KDTWE#b*3HX_xKi@`ZKZ6mg|{hq#<0-NA);8Pl!w
z7OkU-;xZansy{3KdgeIe2~!gPu=7W!!|Sr+Qm=l1@no_ZPpThMSmR0hosvv;Ov}sq
z+GUR^JSKExM-?6yctq$a-uI&WezGUH{Q1XKWZzF%f12A18&65QnX^JiO5#H^mWMkd
z^#(f_PsVAS$=2IW<4pS9l8ig8<$I)EcS_+tg-<H1>+PdLPw{?*zvOY_vaAMAAkL)U
z(a2Omo#?q%z~gMj{BKK3y~aA>e_Kl728A`w)VN;ZO1-b^=xr4Ww+R2+$`x)E_>j<3
z7#|iFd9U!lt(ME5f1L54*sc2G(q5)T+E1Mk_yX>ZX~&z(Hc7qua;}%j+J1)$g*DDp
zU#akVEuWTlvJDDXDO{&;t-vEfPw}|ep?c8D<<Eay$oEWKrcc^Uos@QG%71r{)Z2fO
zpQ~rOcPK3TF*4mwVR`PJ>F!oo_BFWfE`=rj;JP~$4up<Tp{MX&C)0xs!hfb;%BN1u
zitccOd|%o<BK3;nIIj@=_l`0Cnc82s{g}|xIV$qlZt<pL3R}EsOyN;2FW>ie+lLfB
z&i9=g5V**$*9(2y$N9c%o0-1adFX}sjP3gwlJ>e!3%=f&;d3LWRZq`Knmxt!!}>1a
zFZ(5hyA`(hQjfwX^?skUpFN>)zrx2A9$>gw4=!do&~rq&-`FAbGH1A6+)p$=Y3lty
zY7Y*b5`GS;AF@W|QP}^pOys}ythAHW_|i6wFFB1b-KX)TE*TfunePATX%W0Rkz-;1
zkI1pG|3~Cl*#9GPEbRXgInsU$#iw$tsAD*c_W!8-qWwRkBF||5&oPDz`+vq17CY~9
z;|f=5JIA$tg|yRDuK7CNDguRdd`J6#PHH`wUunOK;+6T;_U~k){Xb{)zRa(-KdP|*
zN9;&p|Id)(SAQa>_BGo7BX&Hj80QYR{ZrWr@po+hRJOwQ|A-wg?Eeuv9#$OF`n9Y_
zVTJfRwBJeFAJY3e&qeX2IxXL?_Zt{4?EhJ>uq+tKA6K|f%eQF#9)(*K?p9dzJFMtZ
zSpAG>|4)aOZ`J!<ieLAGMEkL9|4)zJZ_)C7TE9u*eudX7d|KfKh1Kt?s8e`A@7F3k
z#Bd?LG^+4bdjFWhRSJ)3{j|d43Rfz8Lginf@F~4tuJBof8KnI`13b>Lo<IpZcY>bF
zaeh80<={V`itUT(*LBtXrx9N|#r{>2-p9fEDB6E><h1x*htra7R=yuBjx*tWOk1bI
zj^VQJ^J3ldVmhqV;s<WHj`7WWACTBNtb=d?-%IItBKSQSr=vore_nh;jNdbWGg2S)
z^(&r}574^ksNlEw4dg{lO!|J2mH%fdAMTU>DC`63WyExD9`lvoBke@{fVRJgGr~d9
zr@WK<t2aw}$tGrl_<1I0Ku)xL4{Ca8(My**BK5HDuO-;{fE=1=t59CZ36^(o@kq`!
zJ%ShbaNR*Eem0jC$C+3^ynP!732$3Y^@8?gVM{<E&U8lfVOaI!QeY>!?36S<uZ3$Q
z-@e~z`}9D69q1>%a4mmWQqz;E_c0a6nLxiA7C8a$j!E>d(EUD-3Ed+~_aWuuk+Ym1
zZqT$*@@YNB`R&zGuRSI5@b~+0yE)Mxw7ZMCED^kz8KM1@T;JE*A5sS-0y><KE;{E%
z=!wfw`(Y|M7W4zX34F5d^7WtlQ}x}Aid_72cRtfb>vhtbTB`5c3B1_jm-{;^7j{;$
zJqZWXMRujZ8~5P<;48sblgQJ~Q8}_+;2p(w33kYjZ?q8aZn%NVM{y)?+=64)n>(r8
zVdZNhq#*I5R!V(-AP1EHAn`%-uh6k_l&l9}k$<>yNMY&kaOHr)(%<3AeuXQwzSuwX
zgT#}hpTiZv3cAu<E)mE&8|Ch%_~Vv~WuU?fdFh+B6GcIA&*r;swsmyasrH=WKe)oq
zA(6Z8pYr>c<vuLs5I2Jy%`TKWr~acoWPho7#FL_ORPPe+y-nCf+=sk=a~Iy<l<&a%
z=g2<M?~}abt%9G(<@0kh6uPGGPpN*DOS->8(|}WY&LyyZCz9gS3X49{zG#I-Pa$t~
zSXRF$0{9TY?J4Phz^e(S^OU)t&>xe}saHMdl>YbiDK2-@uQD3<w%<6^?{cCY*ztBf
zFW=v%+DH7;K6P$CS#}|x^JH<qu=51-Q}`~;N#SqsIH$fIpncyS9iK)Ix_c&%j~<lw
z?EW*}j(!*Wnh3^)4vk07CtY_>L)XvugDzS4CxQ=(JUUOST+V2Eiqmt+=hQUvxgB)$
zQm4`7%OzmBSo`w6S2z#tzoe&h`)8PcnYR<cJDE?4*9+g#cVR_u;^$YHUl^U6mKxRi
zDnC2FEvIr!jfos{kb=Z@zZKInw%cScYUw`g#fQkh^T!F>BhNlTPhnrK)AC2Dd`7>o
zV)oJ<5j)yk1}jA4NuLwgJYe5l03I4z-0pq9i*m<g9NBkza$^kp<+f5ej7MBq-M8k`
zdw}Rm1l4^1sU+9kvy|&wS+0G||I~8rkI8GGNM0`|dAZ@ySUHiiFV|bBTtTkVt}oYp
zQ|OK9K?nHr^n~rJH{TCYk3hfLsa&c3(Y0SKJeRZYwE68Hqw$XV$F>kZhefa5sEiwT
zRO}n+kB$eivu;GkQN5f~TI$?owj+<Qx&(Q8HvpIaeTDz?Ez)<%h9AxNlVwk1Ka~6s
zhVA^_=)A+|yIVFcm0mmVP{(O0{;J7_hs$JKC(AG7mT~?O#%KOvAq49O5(W8-vccE(
zLHd3siEAQUBjsoF{mUw<0=<BT19>kZy|DEP{LB-Cx4B##{p4b$kLDGo?|`(I-zce%
z=jX2ny-(*GE+cZAnqED3P`{rCzexB2RkZF|@O73u{LM7MemmdicJz79kjU{ps6-e1
zDZB8~T`Lg2#}@R+Z{#QGJMy^l&*vn_-ze#7VK*>+z`7VEYi^YCwobNj)SOT}S4;i9
zL@%y8*GP&}Foh#IAF^fz2q8MP9Daiy^GEaObh?ZmOY>JqzKt7+j!7Q#Dbrn034gSw
zkZ;fR?3@BSH+1znDHHKY-3?A^+JqmR1BnZM4lX;d(eUg=qjcS=&s{;!BtF}g^8GlS
zVH;-$HMdJU`I`hby7I3Q7<&1ocToSd3LMEn`zMaqo;MZsv%aU47dI)$uM>Q$wZ9_%
zt)JHkT~R+9|JKhk9D}HzuM~X6{EGnNbQ=H0ufN{B4E8m~ulWPOQ(Gf#;jh^v-@XjN
z9;jXN^T#<~`~~POIE=r42K*HlD6@QD?4ap+sOO>jct;7ZKOewupx+jTu-`H+-4V6d
zdj6)ZXHbrcPb3%1c(8omu7FOI>!R@<_5WJRq|5Zs>LDzXru_RfweNPrFJDgi;Db{d
zcl1-{DZ*><m}dHZ0xm0O=ar*AJRIb6>eYYkr24`~sd9h0L)rtsxX<fL{T?0U?yoNs
zWI=Huf7|AE9vxe^zIkg{S<t6-TQ_e*nT|K!z0ICu05AQceieBG#%1Tu(sxqWp8EX<
zz3}@F{aI=~`mMK;oHBwhF6U%fif_d6!oE$lUcIRo`zxegxW88B*TFhXt2lKzp*M`a
zuPA)c`R#gN=3DzdCisO(&8AuePpX{LTS#nOtH>wWF~qRXZ#npH6TYBlFQVU(p5-JT
z@kPi9{H%?wzoAd4_v~J*cjP=>fBg;o=*RQ@Zrtr}Dd>&qySq%RY;xfpOrTpMbY{%H
zC6#WqXW?xE=YOk^Ph?Gmw<(^)EBHo+4m8GP^AEHQ@(l5Zu6(Ve$R{^(B3z*LgPZwA
zra}tlN!GaFPw>2^>(%^qg?u`;eIned^_RSeZ)8@<gks;Tgdc(tWpT>9g!MTNMxT9{
z2zP4za+!cKZ1{=Ji?tmZw-`yb&ny4JLOy*iY9iG0u#!uk%QwPC@mDez%lNbTVhIre
zs~FxO_03;EK7B@FBD_KASaby!$Xp~gG;BO0`lkJY@{nCAJapW<hv%7!2c@Ze<LM$i
zXt5L?#Cr<#$V7?n3H_AvGx}ZW@EV~PdW{*{{EqC+fXHs^cVn~BzAWJ*yHe=MJ|z5Q
z_lTUb+tEuj?iNe`WnV3NV19Gf&Lb1`qCSy&7#H#HDGY5VdKL?PX3w%Z-$vt7)GaW5
zGJSEc5&!>+rB|^ZQVRcrgx|h5Y2*G5q63thUj;uD`VIdFoYbrpIVQ_ifXyJkkCPzZ
zA*t&XxtO2pdSl;hAaN183Aanjsr;jLa+~70mJA79uqOv!N9|}n`~y63^8McjaDRY{
zPx>Cpfd3s2s`m!P_v5>%e6N&8zhfx-^X!n8`vApFvfWi&Fu|orA2QM($+Am1Kiq%z
zC-~uR*YDUg%Xc#D+-c|=_zka<daj$R1^FIHAqBJ_ia3Jih0ov{{`U*we0=<AB9|`{
zAMS{>Z}ZW)_&G@YMDxNb<4X)AjZfyor<?7X(rxQQjN4Ywdkd2p(M$1S8JCA8AM4$z
z=>Fsk<^L9+-b$g@^gdj6x`<x3qegF!(m_c-{V&LuI-IUV@Gnd+?N=+p!}iqh?B?PD
z_#UU91-=c>rv=ZllSO#gt{R>m#Y4#%;EDR%@W{T+u<=9@9=5B7$D=1rRg39SKVaGM
zB0OwY4Ub1p6Yvz#^C6YbF~Q^6ZMLhoh(6o*OQGjIz@zh8^CIKxu*zqE@q`=3B&{Bo
zw0?+F=q>DWxJvMb`$r|8z+=F>SLEmWRcG<NBb`rSCyvuTXR@=8qhxd05}q&p@~yG&
zBjGzDup=0MsQ+Bjw**HS$R3PJdzg1wkB1c|JHqYu3XJ+g^b_^3r22k){9U1)QVxFP
zpZNX~=@Uje>OK2&pu0us9%H)k-a6!gafF%3r>8&meMjcYqsREUC`Jzu+Ve4=@8wjE
z&RdcGNQwQTxQ@bN*TO-WPkjDZ4vz?bZdm%$zE_mLOY*_rIK@-`KlZ)_&Z?^V|3F?D
z%?cj_<1Ka2v=K80Gab=%d?Tr0i6WZLfF+U@<J7OY+%$$tk*t7Bk*wwpI5VgfX(?(7
zrWL(Ov#4M7qb$R+A}yUP^S_>Fue;AV_n!M0AV2^6QSR)0_t|Hywbx$XwfEYOTG|EY
z&oeTA9<hslyL9q<ZM!@J&s(~wU1o7PY?s@;cFDj`NcS)d;BrIUE{(9v2AT}$=%WWM
z9kK0U=+O4~tw%>IwujJR+v8VWIn+O-XDW<xI_2CQcfQ5BL=Vg_zkq+_vmMXjH;fk~
zJx9{Ko+F=~M`<e$tRMaPW;5PJdPZSAtGHe9{cGo8y;{!_?>&not#mAqw5&VH_E5TO
zHLoMF^0PRBblCedkPheq)E)~qV?SX%Rk`W>CDQlJUx7Rakb9nQwe{wP*q*5VWBJjb
zmv;QqgY9A3tr_aUa&LnE(HOv>4?Z?NL-orz5dD&$f(^y;PlE1SI;fvWy=t#e?~3>Y
z<x)OZgWlQqkiN=$Ed76k@ixR4Nv^PNhU^EN+azgTuLkEjNqT|&&h3!T_E6f|72>Ct
z*bMz4?a#>9^%ukY28PKlsGLH7V<A6h``t%Dk3)ZBTniP*1ZM*0pvV1RCH<T|aURpP
z@^;qO$-Is$w`vuqr*`n~x7^I>ncN>C9!mN7ng8bRsXNK@yV3XTiF?tvZ3p77pXo%u
z*0u}sHyin@z@M69`3wE2NyMLhZ>)Wgahb}|_WyTa{~r`OL8q3ZUK+ZWAdact!Q19Q
zQKbJ|crG_2?IZ1o?Sn%_?JxE{)9^i}9M+@yiRHB3w?Mi4@>U`!6a3&m_(xg(I;lAM
z>G&klcVd-%9fN$W7QU8py`}hi6TZikOX8~)`I7TiLp|NQg<g;e{skHW^%UIuIuLgk
zavJ$*ehktgKTO|sDcXsns6c+#CEQO;JCeScb|m{R?TF9gyq=Y-wO{tV@5XZSoNd=;
zcr(`X1>mbOxQXZ}q961K?bP{FZtgs&2lNX+2ZBIH!8eZc@H;oa^ygQwA8_cUn2Y#F
z&0i!JU%!zrq+<fgr$CR<djItxKZwhbT=4hdpTO_pzwI}R%V9g<n^6Do`_L=!Ury6E
zf-rn=y)b^(y_UW}?;FU@<)nSEe`ASoJu(-E`vd~EhuqBIC*DTobbXkmx5Jay$wpqb
zToV7IV)(c1xC!_V>F#AdP_L0xY$yEIcm<~M6Vi`^VE9ZQov^=YU@Xg{lgpK>H$Qn1
zwM%|}al1#?wLeY%JggUCIc9t4xm=-H((@?YRcMj)98Rx3n9^N?6Y1N^5A__*A)#_b
zb`JCf^`HY-Kz+Fv<{D5x8XyhxprnYH#t+PcQaYb)qwntdhx7M}N%RftgQ<R4S0ibr
zQ}@Hc`BwCMKHE&c>;Aa>;;~X*<Rkl;Ed8xOC&Uj3Z|(--u&MHk+x~@g*>YQ{Tr1_P
zp6mV~h|>~|+437;;0M1`K9<Mv0=$Qw$N8Kijo%9Efhb@7_U`P4=l%Di{mJ#SoO3I=
zo$rSJg!UkJi}UlgbV7QN@wIWx(W9`-S-V93NI%vNeikwd?PqZer(&?ZJ__xX#%^o*
ztDt;7*NW8!-PfueKAAM%%4Mzis}Dbpo;rW<eIK92`jLUZF@4u;pc|bk_}J(1ep~c2
z{pU}I{)lpZ3d+yUvY(6T{U8nT0%~8Bd+~ZJ_II%yeqj9ym76`6^$g=B$UyfBUY~8{
z=;ML4_elR)7XjS{KYY3S_%U>0F`qru-b19<Sl=rAeTc}Ud1HECFQ*kptiN|IyuT8E
z?^I~N?i;k-UP0}atJV%p6+1MJ>2v#PW_k8U^f|OY+>f38QG3Mp2kxsTd33E7J7nZb
z^5_@&0QF?o1!t`tIvDuG_J*zw?ag+mdj;DYXJ^#z@cW(JQ9IKjc7^FrYj>QU727+t
zBdDJpzjFOT?UL1h(mTOjwF9Uh8#-OTpFU<!>i4<TTS;E_d9-5|$6tID(gT9OPzQd>
z;Z2BRk@h`^+jmItt2bSJ`N^U$Auj5Ew%2(2!gf3t>I=)?>5J&kpx~A2Nx{)E$D2n&
zd7yr@LJ^eX?-yD9;C&IU-8PXuhj=x8cdz&cf6srAz7>bMv+E_T`mt8hibHEC4fACD
zJ-1JO7dd2?Q`)v$E8))!%Gde){QM|Rq2A}Sf>WU6qkymcVjhRV`y#l;IMo;88spUR
z1e{t@7N`7vh;|R<tA6W=9f&JzXB&6Xc^R2EH|>OcSUtV9gr0_e7Itd*<od-=oG9{C
zJ%zY9$|Do}nEG!id)}9Tiv`e+G~+bI#m_={9e=ra1TRd1_3`9S<$8(ivi&X}=^wn_
z(D`%q?;qF>wtw^jKhA#cIQ@h5*zX@3BYqV3BlfS557Y;kcjJDTof7FEc#kyTgx5c~
z-$ng6?sv|Q>xjHRu7AM&tz@Us{+!l<`X&7%oVVN!$t?1NuwU8!u`AAZ$~-jo2lV?g
zvYy)75q~}c=by2Cp;^iPodSQ@@;Girx*o;;H`vGeD!5u6CzezB{A9)<cTWA@(hoZ#
z{V+~G)<5kNI$M!Wga3q!-nhEdJlzpL1b&j{!vtSZF8aRxMeoTU4ClkP05xdOhFC63
zDOtWB@6F|$UvxalA-_WAedn`Zs(Pe;X;<MJEYIu^=}UL^8|1Hc4LwNt-HRXObYZ=e
zWBUhqMENlPD*1{-YdL>l4d>5gzuC4wwg<NVr=k5D8-7BB=R`g_PS3xN`O*I5kK3n1
zycrcZ6YL*pZ`5NuZcG}FJbg`NcK0bLpEvgyQM*YTG824-`B=tuhkP7djt})qb|F4s
zo?hBvA=!`a#l7?m^SYA1K+-Dj9=0=cdEPX?Lgq`ucn#aH{Cu`YwjEGT*bbfV1ip4<
zzoPPXQ2PJI?OrwiPl`S%|NB$Ad+`LxSN@wNt^7ApIzM+Tf3IlZ@A-k06FVXE!<K*F
zE?|F0dCUQMMB^$S<@R04{m9mX^Flg~#^;ZDFW8Zoai-RP1n9keUfW?3<WHA-<TAkx
z^gdfo`_0S2CPnERV*0|kPxCNlxVTS?q%~gCN@>4-90#|SiTmW<gY{}X)4cagku=K*
za8A;UKQJFd>8?Sx6V_j%_UI%wX#KCfe;e&4u1rArp71NgrM1)_besz3=yJN7pT}|^
z`vu53DgM*Hh00^Ohh{>1_49MsZ`&ZCZSkR5-uo={|Hj}(Drj+n=oXx?ai3d(7yEu}
zf2~*NIT25a_ymwuKIi@b$`1-%V}bznMCW;PhW^`te%Pl-a&>VZZU@-ECH8{b0p`^t
z&FxT4+-LfQ@V+FRTgdcg0@yqWp9ud(&Po38@gV0)=82Am@;YzdoonIu7U+v`Q~ix^
zJ_7PH`8qHC4KE+#;;0wvARo?^Xa6lhkFdQrLfd45*U}5Ye`5PHQRd%PN<W#*^K_l7
zIBu1@Mf%4~9v97?dOf{oc9zFO`H4J!%1@T@mH&PtNA#yvuaNHDuzf0sTkQ_=L!1Rx
zf^LahSvjfQ`kW^xwOcDlPP}f&wzuuiD5u9jPDtNr*e?d9eISqeh4dfo&!zmVG0-m(
z^)JTH`p4CVKk>6Hf9SvJzT+J+4*AFhm9^*3EWcqKlJ|>PzOi5A2G|a&+_8PW4eL*=
zKE2}-Xs?~Qy&88ulKzOapV3Eu9&$X|SB9s^JfpQ^dtf=$gN6J)wENBQC(?B)=xJjN
zE;fU`M*V7#a=QaQCB?B^-0FFHft3gKBaaV!?{`ri#%^%j%Hc-=e;2*mZx&Tc{Rz5M
z*|-(lV@Eio@vHnqPKR+Ik%Rh^z8@UUo9TQPn?HzS4T*pJ0NHy>zb~&p!TAEP--_|m
z@R=l!p)&ILF#I0U-^=nSKdzJc73HIepL64xTZoT}=a0wv_1w($gz+lzd&Bv^g!$qU
z^M7dP0B2c#Mt@L#sJ|UR0_xEv(l3#sNPJ4>i@WF7Yo3_>Wr!p3_{g+tE6}C$z#|!-
zdIj;xxQFu^C#Q%{xp^R-N4I*5IFajTIp<cgzGA!z`@M}<ExU;9CAD+om?Nu>SG@t+
zs}et?1<FU`RVR$b_O^Vi1$~K&H@)d%#;FYG3hGNo2RtWs*FK*VuX+aNYfyeWO1x?q
z?YY5u^cSq3?c>DTU_#gO*+cEUh58lB<1G9=0Y?<SY`iK!+$`g#+WDBRAG7f)K2NN6
zd-F=q-iZE&_J-|GB;HWa_|!b&zn1vaW5Ac+uUveJ>+jC0-C_IZ;!{kYi;FY;$?>UT
zyMyn=k8kg)k56&GM}2s|>F3kO?7{uq*txCf-<WaI?Kq!VZCq+Hzc;%6;SuuNYoB-j
z4%ZXn63a0c>Iuu;>51q~30x`{ms%!z!R@n&^fWmR#qV=*DAj|tqTkx?NpUEV-*${c
zF&^=FD~d<)aVXbsI4)uB6OC^S-lKg(d!l~mUoS-b;CYYoaj7k#ojb3Do+ihoM84yw
zy9Kyk6T4m}xQg`3j>`~7tsPDpho1%dQAu2C3X~tYxYRpGynm>_)(Ub%`|^e&yUFeE
z?Ai9~FWV|E#r>s?<R0xWwa2CYj{PHbT*~#2W4;e|JVjh;2F~M|{;6>(ZQrLqTI_G=
zJkbK|e}f%7Zz<!^^5d5oJpYy$mwH8{AI8}a9d}#5<X1?i@uR5!>Nt58_xDosh`;$R
z;@&XX7p))pK{@ES)xPgX@IKUYbX>b5aj7{hm!<sPa&po0z}z_QDH?c}k4r6Nd1krY
zU0kY{@?BhNfs|wW=i*X5lCQYL^Ub+|d7NJ&F4Ye0-`Ma&VzBafh{mOUM0{Gii}+ym
zF)1$f1(1IwcK0SIKXP%YyNHimLEFKPOR3y-URmYc!~R4Kaj92=Zs&JhM0#6!J7`?$
z^Gtu$aj6?T{{6U=^4~1+Cgs10=Yi`OmudugMB_eJv7W}nrEs1{$IFOkTjoN4j~P#*
zJ;C39^CQqt<3FRmV*alo-^Hbt(EDsTv}0IqEzG+`>08P4g>k7x)c;&uYKf#Zp0u3O
ze*HLJZZ8v;Itci4ajCW5d)7!=<5EMCX8#P%5utRNxYXj`Wr!#I2koZDYyR?c#HI3a
zsl$H;avtC+{C%;x{>`BuIPW}YuYM^9{P!iqrB*`!Zwy$$Elv==2u|3z)Oj#&vhOE6
z>E!n)9w43+@wt=Zb3EXQeGl0+d5@)k2G9@kAi27@6t{zmOL056xD>ZTHF2rYFh7up
za|@ZjOmI5=5#is;8T46k65Dq<Jc0WC)JLHH6#GuJ{1Z?<O<d{<=wF%O&txwxUDSTk
zE<0kJY26HvM+I@Fhd~~pUr{2?G%djnok?;^A7^_09iZnm_)YhIr!v23$nqBxXF`7z
z_2>xV<IB|EJ7T=)qZPL6wU+NN-o)o4Sv$`0Cbn-nUx)I@!MZ8!Z<u}+=)B@oHSwnJ
zoD0vd=KhZRrl}u^ziRE%!&px2);jSIu)jA;e;)?E;^Iw<pdD?z>7mP@o-zDBf8SI!
z@um-<JPJbpDA+Ge^H>fS-j2Ul9dBYk&c&NJom(yIwLL#6Io`y6PyS%0)5V+S{S$L6
z{l2_D2l5KfYcPD`_}k*0#^-02k;f$XJ)~dSx!kzK#m$6|y@ij_>NlQ8eAGVwdluId
z&g(5=e>R-g<9RhVuP5;*o!1*m+8@P!rj?h@UvvN~*pJ3ZzeLXb`Pc5nvL7mpH&r?B
zE9b!Ly0x<LCg_jg$^>vfI**4<`{R6VxXv8(9{vNmga0u74UCVbyuTmHk2jrNmv|G)
zIk%GgNnE_?<O>J~iN3}$hg2PJ+6+EQCF8zdKzSYabuZ_@Zzebr#aq<>)+WT8{s43%
z9%n#TP+#^yyo?ziB*mL<fpr-8{EiZDx)uFpgZJc@_M<d-Uz#6p+6nEy(Wf35?^t{Y
z@b?PhO?RNbn>5b?ZG|5@&(aThZhzE^AW3|_!hM?K@G0E)sdj7qFs5^%y%GHl?G4)>
zXK&R0XuL`6kJ=q0Pr^|nPqNp7pU77SychN88sH1{0_VZQ{ZL|W+<q2~H}U&jyou>^
z@g^NlH?tj(dkXdb3E%GEd-3DjJGCP?k6GD%DDL;j*FmPAPaiWTA>QP0`XXAVROLRX
z$^71Eyy>IdzN<w~QsP~79xm_c$&iOjEO)0T+%8>1vJWa|-)^~h)5)S2+&<p?`Fz>;
zv{?5&@%vo7N%cVEO-wJG=SX%J<`ell-1oGF_<?oq5!`4coS8xSs4t^QU!r(~`W@mC
z;1;S@eg&_ihWADA%is6p$D4}rsQ&S$!uine2PNJF4iF64A^wxJ56bE3E+zCdj5h)Q
z_{oL)phUiEe|Fhf;!UljS9Tmr^9#mqV7w_4tmOJ?*5m!F)8i8Um9NLB2Wa0~fnu}+
zf9kdNtxQ~KvA>^h<n(%b#f6IXy7suxS5S{r$Az384{yNvH}2P^_A9N&c{HPseq89w
z(7x6$(74c>v7ZcXV0{zZD?iR)JWk%P^xfyMBiR1p<1G0xozz{5{D&1tr@?3HXF`{b
zuS?D2eg50PPm;eP<4fzWTqk;u_A(k5+Q@RL8jn_!9LmRq{z&i1N8&<HQof4|ZIN=U
zA1*GmS@IP>G%mD>^Gn2qUVyk`?Qx;&BJEA>YxFTGE_5NtzmoC6xlmrm2a0pub=$Ah
zO?)KBg;eeu7gBlm2u{!A?<)2yeGlfZ^*o*G<3blO{oZ_s&S#*!;J?UuG1FlmB<5#=
zw|o5iaUtbj<3h@R{o_K9fIOmcm#fHN<YMANI3JViXMYOu?3PQxj>L@n(4OG$p9j6S
z_7L?I^FIsuY2rd3fVfPQKEeMmF0_^UpNk6(OIqVX0nMXWI?zsHTxeRExX|P8f_@Y3
zS8A5|7}=+hZIZOcg~m!+<3bITP7@dULPA{Vwx1#{m5&Sk759ZD#)USKKZ|ld^c-j}
zV=o%uAWxk?MSI;0Esy0odMk?y?FHi-`+mZcPEw<AodDuV5uYY5^pkG^9R`oct_dFH
z`W^j^K!2{l?cm}<+zu`-#O>hXLfj73#D&&PhxaAn+(PEBmblRB1yFwlaiNt^K22Qc
zFz8>I;5o9Bwq3|SkapP-<3b-oc~=k@>IHd(_*5b;^oj&Kv@6LeeO&17nYH;%9|S#5
z)TbD~>7ACpn79!7qu5{n_C0Lxd#Js4#JJE26}IcCmhZB0A+`_dx1v0b1bL`k!}Ryf
z{A3sxGV^m}uZ&%!`983L_`&C|emk`LYEDPvLe4(*VmWy(E-v)71@UpAtzKMc0pO0_
zpK&0ZyD$n~jr%R|`_MV~FZvO*yrgKnLGx-JA4vbvD31a?M*A8$F68JQi@%FK+iw<^
zQ$GfAf!@22--~Jd;CwcI;2eFzm)he(?Dwc2<>EqzQvH^GUtTjoUX{d!#+Q-DUvS-<
z#<fz8OI%z?_}H7}<K|cQB0g%Lr+qosQ|UZyiTO9g1vr<C<!tmv=Px>d71X0gKg{+P
zIrHa9!*lW$*K2-O<XCPW(l(3>T~wF25X-q#Txiq`!a=g<wZw%!2klkKxbH?Nuj9UI
z;zFx{ZnPU2&=u5|ADs_&Y-iLK_%`+@DK0b%`W-&Mqr`<SMSt1%OHKdq<3bO<t(eaq
ziVHbAdq4heaEJV{UXhR3UAqtIedzC&@jvZ6%f--s^^Xf(`46Np7up-q-!LweFy9~U
zLs~#~B|NXw=ikVa@Jr-@e09KkQIAd*y8{sD;zDvRXRg5YyM0KD=zT6Or1SrJP9D=A
z*@qOyql@hh>LY%9dslH>Xd&05{T}&x{5<NP)X(8wz=XJv)1Oz<dhB|~g-+o1t$9AZ
z&C?T>V=mMamb;4!iQZH&pT5<bPah?E!R@n&<QVQlip-z$`&?W|^<XVM2lv8~-uySk
zg^Ka0{&As;&PDx{xKMchS5jQa>FKv<{ad`ARvs7n^WU+3?Ksx=*XtV>`agP~vv(==
zxP*UIE-o|#Q*LNy*uIsC3q|6cBd6CzaUmdXG_*s0asAJ+<9MgrFI248wa10ti+UW1
zZzi2%=k)k%-^BU1@^PUSoJTV_=EsFDhxWDpkH&?b$9^){%JYUY-&H;?)I#Nx<3iU&
z`V09PhCZ5K>%?9KdIvb$2j7TC=OLZO-=Tgcbm{oI)I8n=4_7w7ak}U|>Qyu@)W&j2
zIsS^SQ+OB2p?qBEZ7k17T<C1dcX6R<QjYC`iwjMWeAXMd7n1gG<ObR~zeHRJ*9q4i
z7dk!C-qgOPy_4cXdxQMr=G)q!J+!@1KbDJr><Q)b*R(>4?G?3KI6w0h%Fk6D7ikr{
zyG8srf4`8*UE@M3@7m)+i(vj*&oQY!F4V;ISIz%ekN<LUA?3gRaiLFvJfd+IXngp@
z#f5M_#-9H<>k`nPm~kK46SOlIfZkhsi2928Gax@rT<Gvi<LFz-^o4Pu8Pxw=T&P3R
z8W);FX-fy%NsJ41l!*)V%?3GyaiK-tdlpDq<3c@>*0|6-N~ehneKjF2Gza26Y2re7
zZh`fi2nWRO=lVBNKSR0yaT>Iju^00a;zIj?3RJRR=*KX=vF|55k@xF5bi|V)K22O`
z=|e!j!6UM3f=8DAM}U5~uZZO8;zHaGE-u9F;Nn8u4%NhkJ_O_Va^vz^;zIAb66&uY
zF4O_#{qtk2UaP<H6s&XkZ;T5ajq<J_E_58o1N~`>PgWjkhrSE)u=#3-zD;s!Bzt1@
z*Y+QbpXs@D??*j1dP;g;f!}ll=y{?(T|s0N`Dy!G{$k=n=#OH*{u1%A<Hm*lb9QCz
z`ZCLR=yxRT7h?OSehkXv8CbVu<3iVBJWp_{nz+zOXg3q%Le9P(hvj;?9pmCcR{&pe
z`-NseJKFt1ZwB0{XI$u6lt+Q-!f^-3g&f^Kz~2}0?>k;x=#Nh$WtM(lUgJStmBfX9
zQbr!P!SD5t3;me*s68&Uf$OPsp0>oi1=_oOmi<iYANX;hB_CpYi|yghlSbo0i^RXz
z`;(SX+O6BydAX!@`#Mio=6t$s7#DhXUE)G4XPqC8+b{IMIb<(szOt6M&`fBrO5#H2
zK>1qYLY>oDKQds0(GFjCF7(@&@j+5tXg}z8J5pTewSZd|@5wJU{<9w!x(bdowsxwA
z;zG{O&d1;VxQOD#EbLYAyE&iw^@y7l#D!i1?N|S}&}7fvi2jzF?+@cbYzJzI3ylK4
z+`K8D`>6H?#sgw!G#<@%#>Iuy&S+dn$J6QT4!##ZzP+nQT&NHG`OxscvHs+^kkg+{
zw5}+Az8(DsBsH9OhctfNdW9`)f5&mYTd(k+zfrlG<3j)7dO}?C=hIp4E-u9F(p5uT
z=z+Y&qfI2o<hT&O&&7pQ57yFi|BZ2>VmzvUT<F!X&MAFd$m!`vO6X~*pMcw>cV+hr
z-Aa08$7eL|GIqGWaiN>5)8i8URk^s(J4KJHiwljMUT?3sP_bUu9v3<U^*D80$m#JF
z-@y5|8Dt+&Z*eJH-2FyN%EW~ZhW537fzH$1js0YBInNt*aepWu7h1yeUy0|)ogC>e
zG@oJm3;8jf{5~5O+6(DSF~5;CkJt2IW%C<5i{2wtMdLz!ESII}<Pwbw9YAs@9~Zh;
z<`Wqo-8pjiP`--`t(9^bpIH9_QU>$Gk{{v;=MM~Veu=mct`n|3F0^x`y?sA5DK7NW
z`PeUp$uH1zPEh}n;zApt{K&<H{=AjtsqL`s;zFmudba$o-0!Q83q8j4FB5$QrAB{D
z*SVq}iE015l<DDqp&xksZ@;+E86b~J;zBqdW9RAj>jXOzGwws&#&Ka2=)JXvsIQpc
z2>EH^LVtz%o+y1QN$|NaF0`KdpNk7^khI2yHd5Nsfp!w(Li5VRh2GIY{hs<c+@tKh
zXN#mYF0@(F8W-9`=`?Yn?<B;94#e|EQ|uSI4ECd1zsb&P=lVBLzel+bo(b(`@L?0;
z8MGmO5FeW18_WFy`hO*Hp-;m2#=alhU+cATp&~v_T<EOzP~PAX*|jdD3gmC-{}j-l
zD{wowxDdC4iwki(xVR9vLp5=sqhTChZd_hVT<8F_%N4|h_CdSs-GgoQTK$dHu+HVb
zF)sA%Ss;%XoN5I<(0PCB$NVeD<3jQ)O6(W92IOJoq;}||B&YOop-HIcMo&r4MNgH!
zQt{8ft*gv$`ajEGOk4>4QS7hpCO&rDxX^tSw(EM!ciFfQ+c%Xz%3}?zTT=Uj=~FSD
zS3_JVK)ab37jpLXUuQtMUNT!jTwLfdva2^x0jrPep&e~p==qDG9vmdXryl!-?nHSM
zxIPyba&#}o-xu=lJ6>F9@UKW&5&fRLegg8UBrdeHj6CMR@AZ!heUkX7JudVyt|y#-
z6MwecJZ*`2i?nf}Go@c*d-(IDI#1gj?iX4@en;~BEYqEK-M(%ARyvPonEbN4w_#kU
zXB)+Z@@Eqc@_a-M=g5tR_NpW<v^$iqB`&n@+Zc~CU~|##o{sw`W5x$baiL$rx``br
zF7z9;`v&jHFE#$N9~U|X?Z2_JJroymcJ?Uzy@I&Vlj!eO5EuG+&q&0Dp8E^-_grXi
zc>W_7+8gf2k@@~GF2r`AmblOZz*llyNbQWqg@!!4qjqM;iwnI2`+3>8kkg;f(7K{}
z$A#|W_N_TCbcd%W<>Er3H#NkC@}d`vN9E!|{Jxh`T&Nh2>K_-{gyY}T`-PmIwwKV;
z%Hu+pl3qpT7mOXQZ(Qj7>h!pTe^o9nw11I(t8~B6$m#X=iVGF%b?tGXEvUz-<3di4
z55w_#in!1)&Z8N9^!E!r@xfxhK<8=RkNsqj4}QqWJVN=n(C|OW-X+F`Mn(Ed+PKh<
zkxt|9B+YLm&Eq|Ge`WI<55fBo*GB_G(YR2<^T=mzDgF!R_Ch)MFGyPd5RD6M{xd#T
zJ}$IBy(fB(+yu&ZaiL}@=f{PbB;St<jph6jaUonMTzg#TA>z~8N8e9PiVJ-j<R3TR
z)&_FZ`4qcf=o3(W<l;iN5+CW$kyCm1&^Rey!~H^|VLe;zaiL{Qf7NlJ#UB6LFD|qT
z$RiqeN!~An^H(-5^vidE{=|&?(4OG9@G*$D+i?==E9O4}`Dx-pw|B(R=f{OwsQ<aR
zP^+XhF4RV8ONYjV7L<t#Wr0742TNRNhWDOnlGeD;6iI7bsGZVj;zGYphztD|&bdkx
z7di;<=NUjN2=)`&qc|?KCX5SRG8Nj(;8*+e@LVT9XX8RQLjSKMF7y@{-`MvPo=Ckm
zE>y&)i3`0P@WkQ~*)_q*T)(6L44@xyn&j%@Lfj56F2wEN;zHaG)x?FKeG9y=%(%Rk
zxX|YRf%+?m3;hDhr-=)_3;Nf8V_fJ?ly?Pjp|v27(61;F7dkn?4xK=9N*@>c%QVpQ
z8vLd&eZ4Zj>1NAcOk4>4QM9Km#K(>s7wW07U9Yr!myHXteNaCJ<?$X^x1@Fr(=Wq#
zp5Rn9`-Sd59iC5&3px9=7R&XrJ&lVCJq3Kl?H6hRJ8a`ZcV7tg)G;nJ59Lu{x?Ehy
z(R~{JzL0<4@!~?4;IUFg^R2$TmV&%0i3^=oMji*k@AZ!hy@mLwJuY-2*AvduZhRKy
z<K}63TpO9EEirGAHZHWQ^h<nS`MA&!(dFVoOqbg)#B~2R#f3h$jp9OWXAut4c&Bm9
zu~pwM^pg)jJwwCP4r-UM|0j+6ehB5GaiN>wiQ@jZR@PNL{J6Up6YcE(0^Nwm8TcF1
zJ5Ph>V#WtaaiN=FeGop63O+l_emAD~BYorZoAExE#lLm$g?l_XJ_z~vf%`uwJ$o+i
zQ`5L%_lhl)AMsO-KWzPGr2q5iFB`lkztoiX<3htzisjTpaUo}C|Bk;`5EmLif47YP
zY1hfz0PW}Y3(X>l)NXIS`X`iY`nZtVAH83Q?LaMYp*-+~dVr7^-Y*oMBd2yo<3jv?
zXLr=j?09jZEcWv-F4RTq(JfBnxoLL%^ET)oxq*7eg?hMsYmN)O&(o8Uj|;VlUZ8%$
zepj-W$@_&^4_-=fp<+C$e_ZG@XP|zvJ#8#|j-0b|FVOn8cs;E=F7#T`t5SBG<3g`M
zHGuJSwfAJ{J?`To@AK_`(md-E?}zutj9-)Rb~BVuo@c$4`3e2Jl>MoMpI0tE^+TY?
z+1ZzVe5w`j8Svy^C}`vxH7K8T=h+qaFF!ujO7_OuYw{nAe}H<ETe+V6FZ3s_$Nm(F
zPhCXqZ0n)t%)HnC-Us!hh);Fke4cr~AD>zV?Q7qo@u_CSmBBeYf0;Ty)xq;{iSel~
z{t+3o{WeZMI!?EK%#}!|@w<jWj=G;k$N9MaHfcVw_g=(F@q0T-ycAbzMS8B_w0+<E
zMDIt#PcA++nF{7s&tth%9iO_6<WN37wV34@InVA|%6IXpMN-a>Pc4vqjhCz?e>XSK
z!}%rRQ=7qFH#VSm1^OxS83V#V2QvRU%BKE->F9o!y{TL#cwc;bi~MnZW8)ayZ?}mm
zw0c49YxEZFxz&s1@C5ds$<R)f%$FVk<<rcUt_S`z!SyV!s^dCuCH}WZTx$^K-)oO+
z9mVul&HrH@|JyIF^(Bx;G_Lh7(!02G@NhoK#<hB9f}MyNx1ye+9?l1Sv33;gHRgX1
z@?BgDf++B@<<S0NxwGF9N8dF}U%20C3H4hS*IF)VjYsuS+OHq?J1r>_*IIWz^rJAY
zwcdNrT1jhMYmKBet~EsIG;ytG65?9d;Q6U3_B(wK_mvHhSYqN@%R^k<<us79u^&T-
zgKBroey3x>9yA93Lls(lAzTvNLp$|Tuv6GhThD}g&HKqtNxh0Ah(kqunz+`Qdw`BX
zp&#l*Jy9IX^*j3ib}F_9w}XpoaXYxU7Po_oYjHbN6W97I%tIvN<3gr4L$_Z-xqi7f
zYvNY&lX5FX|0WMpx^vadY&UNaeVMtO@@G%Ip1-p^F3C^qqjY|<+@osb>iY$FPLZ}B
zw!=K6H^#4S1ya=?uz3CfICBO4IcUnDyF^@QR7^hx9M~BpVB4MOQ+<L;_58ToQ9n%k
zl75IDDP5)fl*>Us65AohPnl`?l6X)i_%PACBi<i$bcOA9oaHZ!`^@I{C}6Ab`XKaM
za|7IeRL-a;Z+M_sZyufo?L$vPzu);tdfv{zQG4}Mc7Xm4&FA%U8tc32RCqoy?&JDz
z4$H}NadDq70$+{6@%(<n#}cqpHty2{cDa1q=k{nl*k3$8kp4+15A(kDC^utw8u0gp
z%<q1)_#68T{73sl@%zwiet*!};!hs<BvNGQ_vQ6AkXI#fpI4QU#}lv)p?-0n6NHc5
zB7Ce(m_L8!Eo`?k(015<`=Wgj{k3vPnm_*v(2wo6qs*V*bsErb>?7fyr>BaC$nRL}
zM+Izk?&m##msVeQ!{3MG_Xb(#(#vVJ1NOYF2jKmQ_Eq%W;>MT2=DPXwucP_{?#O(S
z*!8mO6UQ?>(?{<r?f?BPRL_9a)5*V=t!JFp^Jb~%A+9H!586cjkBj^9{HBZh`Sb8R
zKi4%d@j0wHB1h9MgufzJlurkg$M#ta@<IIq(Yty0xrhG;lITwoJ?=i23g_YHH&H$L
z?QoyV!O-u(zo7Y?>0>TSn1^@vz7y?4-R9vhm-fBJYhP|p*S^}GE!2K+-wDaPtHgXC
z`YmbBfqbj9E4E|#xUROdo&(8r?Z|Omp63gweNlgTo{#-kj3+KD8Q0}`K40&xokBk%
zC-<G^R&Jqoi8}}K%BfDz8o>bY`9p6)u@~7rw3F8EU4VXKWd85C$a5QT+++H&KmWG}
zw6mpK=l}Xpp9eScI4`B0%dOl%<)immoFw{uDCx8Hqka3IG>`rQ&`?R-`Z*}CacgX+
z(I6Rj@Ab<d2kR62+e>0Azs|gg%S|7BxbU-Q)%-kOAwRz|{J8tvXnG|&E-~#*^6g~0
zEv`KZ^;sN7eO265+$=SY{n_219~I1}eiPmownI2hd4vedt=`0Xwlrls?5*u^hP1<P
z|A0BU5C>DnMRfn!YQevPd%qtS!MH2RuN8_Q?%gK*;1iKJ<BD&PUFn|xAbsZwY`0U#
z85a-HbNRV_@;uuQSjRwV+h1FOu6%X|<=;Jq^*leH;}y0X;&(pF@d{l3fE^&eqJ!VF
zLdM^Qf3}Z2K6mz!$MI47$m983VXNT1Zyz~sWa;t8_o$~RU-TnTz73~i|McUGSE9I!
z>=p85?c%(zqh8h;XWUox>PFJ5^7Hghv)zl#)Bla~-8}tPDd*4AZ;^cV-`u@3n>oM4
zJpG@5-^PaBNiLPo)4xjioX`EIYQOfCQcoAvW9_>?Pr~#4d!qUUmESM(R(a1QOmC(A
zUHzgI{T=nn_V+`jzoUNUv#ih9FYuGt{})%;|L0fG|DoT+^#24q;rb=@|E%=?>=c@Z
zv;A`{*^A^jXt969cE$Dov61@X`n!#TJ~PGk_s#!7KgjA4;gi9&q<GNqJgBFF_47|d
z`EvKL!+DTM4&V#h;qL6VJGbt=upX%PIL?2bAo`c#zc7vlXNcPWU{0eRV>%kg<NK;J
z!L$5)$p7|><9q<*QAr#J=Z9<@XUch?S35J`R^L&-5O+=hdusC$moWc0$WIf;X_^^F
z-!=3?cW&J<*>xAk38=rg_)9}<|G_v;Uzs@0)#sv~YCNb#>XrHWY_p^_j?*M*jpJ~?
zO%umyFykY%la0V3%IPeK&!matEQ9@zwtrik$o2P;AA$94JPF#%^n0{R8VA7lHp_co
z2KKp<IL_TL?y~PE`_f6x6s`wA|F?)w6UX`BT|mbmmmf36kK;J{*8=^y0=I*U<8V8;
zI1aaii{o%RR1?RUbqc&M$uD2X^zKM;oTHH53gS4&&NJhP5^<aj_eJ}0CYS*&THNkd
z?{MB-<2c=@AEtdtKS0Om`C0s3YJBuY(2vA+fH60IP=EX28})pG<trQ?okaBRh;f{t
z!gkA8{=zuU>$p7%C=DCO;r^rJP?XO<?sfeh(;qkU;MK%&PB{tMceT71#zUkBOF3=r
zPdk?D<@~rf&ijF{xH!(R7sojs>~cNhIKwCpBR7uYIJ@&B{9XF{ju*#y>h~y7OTRC#
zy+K};#BqLFMjl^;-|HX8c{IYuT9{u&oc8xY+zb9K`dJy!UDV&-!}vDN4@rvS^Z@<%
z{EiaGx$<P7-`Gd=lPpgA`yhUHVsU%-KzZBG9>w2>xSx%IK^FB#?RT@J|3S<YKPbPC
z!TS^K>q0JP?du2LHxhB2PgDC>zn?<mIE%TSa6DUS9A_>0OSQyt&Ib9Qeu3y=JS+FF
zgmE0M|GzPgv-LFcFK9fR9LI5Xvjy!$!u%2X2Oy#f?qAV3&RJgj@_b+}JV%Y=B`!`U
z?Wyw>gVFg(>>p|3IOC*Uu}74T<7hjNKpY49dp<i%>w<LuRenWVWS(Lx%{%z>6amKp
zvkj5*%~Wr49OnyWoC4=~%XmlUDVwQ2U+;@>iR{!S>R+YeI42uDD<8*k`nEs%i7DbZ
ztvK%K$5!O=yC28-`Fo4)tHyCIMSULR`QY^D47HM+lH)jk{~gj{$4|cfPm1F_40Ki!
z$9VwCk9-{G7gh6fYlZx*GW^sdj<W*lvpAeIPDvWae*UXy?}kagbzF_>5L&T)W5y}h
z!TYekfGITV;x&%L^M#e4+oW-v)zl8T5C=DNzYFao_d{nV*^Y+yOQo3CMf-w&0rH1_
z#1+C1B$MZHw?!O>>{uj@6R~$otbK%W3*u3!I1by#KI+fdZXD-!ahziNxTK7ItUQkM
zqf@ZIr;Xz{yLc3>gREB^=OWUp@^PG*Z1*B@obxH)#c^gxIo3~z>+yQm!ZgWeJ#}#$
zo?p+Gh~wM={MH`FIf466&2gNzh&?2Kyc2r~^nd959LISjs$UIpoI|SX@9Gz&=<nEH
zY=8gzd#s<k<HT{epZfj3CDQ*nF6;aj>i;f|6DfZl*_HOt&*A>heiz1Zi~B$OT`rDu
zUZg(K1LKDv?%O!dy+!@K`Z&%yXs1fzIQKyL@^KvAXS6-yIB$aWWVOd}zWI1{{Y~RI
z_w(~RKpf{-kViC*(}C>4eU==bDDuOf2R-X&yhq%A)j8mwl!)UrfIYR(qn_e(8OV2W
z9CmQ5AM5Kk&0~n&!{@JE`{IjTgAbCuSAPlfpNIU$F|hd@KK8vmFBbdl%b#O=v<S-K
zbF)BiOTB-_Fg!2sw|49Te6B#RqjgIgU_5BY2kYTETYkD%e%LFI_srY!Z}rNz{HM5n
zynn=&Kiw-o!z+*HQrYq+dF2;*<#FGtE&pb({93O(u5+{HkMhcI@yg?P%9fwxm2dLe
zEs%C=m3BMCD?i06k9uS4KM>023gTza;&#K|=Kz+X9!!AWGr_=b@RuE7f6Y!O0v#2^
zWp)Aj!*M~0xXfqPf*u*Y)qc4Q@-xByB$!BlQ2hs4X?*5*7;jfQ?#TqZm3<HTH`p$R
zr+m-tW}X4pd1l}Z`25p%R5rfae7TWh%=vDpw^;Axo*YsCG5<0zANvvJzl-EMna6oY
z5&OZq7Wp2>-?%Pd^QdCGvL5;kK7S{kS6o<6^Duay9k2*I!VmDVag+|PAK>%rB(8$`
z-UsEezK4KMs|U?kZW-1FcgI1w_t|}d@G>;@_}m7R=W4#!dHOE*Mb>50`xa6)MfYq!
zfcLtD^snOQq#W(@fk!MoRF9c&zN_eY<$rg2Q8oOpEW`g|kAID?4;lU&cTqZ4Fdc@U
zjxzk*T*S{?Bl1{M=K1T3o>w}mmq%|Ic_iIOdUdQkdLr^zUxuIgMf@BWk;m3D&tFmW
zeC_hMxQslK&N;XwRvza@<k1|{&+R^$8AbdYO7g(C%(S@YV*1;(qUX<{=Mf*!Zsf(@
zWP)i-mx;rswI9cnk<S+r`cHe2d<rkJ9Xq^gIwqE(Bk8>K!;0v*L+F@LH644Gp(ANO
z^1elMJS230p@mO1cCDcd9Un+&msb?gaR$+0@qLl+uOeP_5t+1(LeGO3emBtF$@w^s
ziSaBukE!LJfpYm9xZG#>tH_^-)kE{XK6nQ4=#Tim0#|_VBOK#l1>soIyz5`T0(dmU
zIM&#3bJhI*A|=0%A-`8MotfY_FXCUg=N~`$snh<6-|NIL$WNR>>3nt$=NtYA7ll9M
z|13CXHn()_R;njEh05n{XrMIA15188=ZE+^hV84Vw*|&$cKosd+86x=9Vgun^w;8V
ze9dnsd|wKG<6dqjng^NQ@FAw#*en132jXKXN(1~jL;o$_`{%)UNZ)VE^?BuddGCbs
zu0oEjKo7Rp^(4pYar!!sKAg8wKG1JV>fcLIj;ndz%K0syBRO>z-cItJon1idBD)Ga
z@6?_BsHERUzeD_P7$4{=oGs~LNl%k>AbK`M(hZX4`LBF-tfYDVE1&I<G|zj%IZvD(
ziq5<F?eHj`2U|ls%&xH=E-2FuN&aI;Y&$&WwZkH>9j^1*VU5=gYrS?@Pw8Ai+hK#G
zwH-D}THB$;Yll`zb2~tso61`|>$gXts6Cof+ZXK@lc+r=k{s;#Gq!(sQn8}`eK0%^
z>uyy~DGmVZU{y~!Jt+26a0Kz94XV<0Zq^R$NA(T!bNw8*4$p;yel{AO>pqGHaQWA*
zCxY_hH_&$`xN0~2qZ<4kTSl*v{Hn%Sz4|lJ<NEg!Pp_``^lAaMv+LiBB(42>38kH0
zEtj<FRiC6)ubMo)YWDPMh{~7Jt8<I=O2!2#a7*>-iMfbdQ#?6vdpbM!chMKsci%2C
z9_I?m7vpuVpnMDNhW)Lb`0OgE+}N%;xpM#N8e+RzO5bsQM*S(&&pE&e;>h=audag7
zEqdKO{!-zS`I|j{Hl@{1Lw(2Rt-fo04?=z2*UX~wxdPMIJ-$=YOn>+I4oNeA`SCL(
z&HU%bPm?suCqJI$4(lsO9{KU@@;l2nKfaC9`5Upd%)CpuKJ|r{V}3RLXb||ZdgbF}
z(s=gvHE}rkB$5I1<%*Nby?%7F*N>)=Uc2_5A!*fz4obUzG)K~^PxB<L`nE;VtzyqM
zOIr1{htif`-#-5t&l3#svb|#ad?odxsh%9l^&{;!O1JhK<xBgG^38hX<Rbkf>_;uq
zuhjo&7JI__R7-#A1peyTpU#8&Tz_Kvas{T>^(*Gb^(*Gr^{aO2H`=eXpJ~6+e%4Oy
z;`&(|rIY*B{HpuavA~zrGrwOYjkiyT?N`4iI&J^n3iGRW9OC=)XerSC9pcf^2lK4z
z2cw<TatC?k{C=^xs9&5|algny{h8nl;=|d8k?t3)M-E?_ynZpZZvEmvm({ml{2l6x
z_6w%h^$X_5^$X^Ar29o~fcs-^HTT0z@WQUxuvR}~=OxT|vk%Ine*O&jEY(kv<_~}Q
z<v9F#6v-%}BW*wVmPg0Ngnsg%SI+Mz2Nv~{lPm5gUxWHH!CAz|w(BRXSFWElc>N@(
zTR*u8_^T&=d<yCd`^gaNf3DCW^fKM9zc62}zcAn1y1(QGx!=P0r|Nz)&(lL6Uy|lg
zKM>n*)>YkaF81gM5SL`W%HqpRubkg+9$07nu9k}X%~?=?CODk=7@#jYcQdyCv%5~?
zV#U8xk-kBB4q~eQc$&r+G9I?$i{s(B+|V4-H{E{~H(u8F9F6bkmG|g4L*^-My+=T~
z{BnHC`1?&Ql!p0O)^E=aJH6VwYP~uT=_}A{XuXE7S4s246Jz!2+f<Roh1m8mxS(>{
z%cG+;L9bqga+)jixP>Vs7nncWiZ6z7r=)p)*YZXBcMJ2G>u3L4<4U<z)95+Gr#~Nq
z^=Le~a=rW)3><6G%V*&EYV`6cc&-w?d;;H-LN9*<<*L`qhju}UTYX6DCp?1mmC(y|
z-ns^ySR()8OL2a}1n7CibfneG2R%A)|3aL-`#Q>L1od)7je0o*^wpx5eJF=2?Bz}H
zTqSz>X?#x#z5FDUt6nePQ?*`x80jmam*4aB@)e?&AC1+^zoJ?e^^dfA`CgBXB?)?Y
z8Omt{^)h>GZT50H&{vCIo{4g(LN8B+=PJ?5c6?6?y*viWRj-%hSuc%06KgL!No~lV
z>4QJf?!6xA^YxOaEh*l+$<s?+w=^kMFYl)p*!kC3y)<+vj=$QY1NVR1c~vbp&MSv}
zA|D?)8|M={C=QJG@8FV*Oz@osBq&#yL;3madYbRc73N8LgQR;Ty^+$mt^@vq{WD`}
z9@5HZImB`E*#^qTa<8Ov0i|*M`H@Cmus@LegRa6B`tHsyr}bu5KIAv`BbB@lj@Ffe
zUy1P$J5P=2+$#1zkl(Q|^s{tPdrQ0F@B7}1cqZ})*HvAIY#DiM^5n7ElSe>lxKCd4
z7l@o1B!4UCubxNz={_llLsGfiQW8JNk>w9@b$mUfS^l}DO_FB$NBA*v*#z_U==V0m
z6Ug7ipa+e?5_;bDW0HgV-yk$S=YG!<L0+bRkYCqHkB93iO0Cm-^ot<RkY1i|b^P#r
ztmBvGk)1r6MSd)A*pDn}mN)EUl{CvapPeRYmam?N72$Iw(?15~f^iMuTl)>l>E2_Z
zy$596A^hUFqZJ;t>qz<_jpc8>)Qls-b35|XkXC+a`*k1GXX#EmUb+dMtHjQJ8sF0^
z@&NuoJ&O3lH1hXJC|A9my|ijMe7H(E^i(K^D^kkgJvGVUq^jj`QI&EyuR=MTol*{G
zl#)ZjxLL>5nP5MXLw<29$Bzbj*bbV02C7K=%kW#D3-5;m`-C4|KRA8#Xu=)TQ-C$X
zHT=%4TEO+5z~!<3+Il1P?ZxG$kJf!M|6sd4wT<Y^PZj)|E4a9V?R8gS1-%FC4}EuM
z7t?cHgEw({{<WMgESGXTZtl)5VtZd$BKcGJJz2(!Tw#%xm;88pk9^+->*n(Fd3@eD
z=BLC+ZkF&3@<P7z2XR_)dL6VOe*E*^as$jSuJ6X@GQm%n&NB7+^|<H1FMO(eriz_r
zdb_iyOIqckc3tJ6cE4TZAaT37j34<Gj1&3!j2{*c(Y~X6u09#`NalgUbMIb9?9+Y)
z<TIK6uU5r>e%BVF*U8~FPY!=1zXsxrtS8wgC9QJUqQ48@oAq}|Z=!U5?neHezk$D3
z@O+Au1L1o=^Nai=j-y<z1Gz-~Kc2YBtz<p7^{fYZ=K7g0eE#Ay0WZ+Gg-=mAsecCO
zrOns&m`>|FTZwPC59{toJxDjc=MB^1==?U7cYf-y=#l!Vf$YasKed6<s{d*HR2)y{
zv(8UFIo3~oQrfS6e(HS?%CmB#_LKgH@;D9laYX%8UbyMxF;@6jc{F+Q2uNOV&$i_I
zergNn4~d=bZ6bNYd33DDy+8=bNBq)WGV9K7?WLa~&2}=vkI~1mu&&qosk?%0Y77Rc
z0_z8n9Af;`2iieiDg4x=b%|Hq4)P576F)WNPyE!7KejWukUzFRxdO}E`Kc^#=clrq
zouA6`%>=hfzb=-4uAq9$?c~N^vK}lPpK+Ww!oQL4BIrkUT+{=SMLl}^yTC3M8o1xc
zJbS(gIvad)1<{YDDU#;*=9}6j&F{@OwNcvokuxAi{b_7hecvhYKJ_EJds^tZOfYT?
z{$c5-cJ8E~!+qvRZ*M!4W3>qIyhR$1c>a5-@yH3-&K3CehXK84FTiAm=UlkB>?oo;
z*Dw7mya!9#ExZTo67Dazh~F@i?aAz^|0cUJTgJQji99~ePnPks(Pxr}X-^sth<s2k
zufqAtn01A%DA!pcM`(vW_!G<TW%-KPr>FSP2kZH4zg7GFIa=q(_B#`7-WlIes{M4o
z-s$bNwcjokw%>E_jJ97U_%6}g+5aJGm)R4gzps2hrSp@ezpuKS(^I9t-@@&fpUM4w
zc9wBAKl5S6-KpQ_@5w)*@7WW7N#7B<n0B<|X>6CDPOhvS|JU*tu2=gK@s}IwApL^%
zg8aP)wvsvbcLJvs50m|$>zR*UE}yHqo{v*KaIU~G)}($i*cri3^@kfM4d<Y8zbTBB
zwDhaRf;YlfI8RbwoKn1j^KAG%bJ_p4dW`)E<$W^hxAddNQTGyqwae?hb&}URJ$b3$
zEPRE2v&wIZ_&+MYc1f%J#BW|K`W?!P^%>5GVmX)aqxU%p`Y&l0=xNpd^wc`Z=LAna
z>QAeD)Sp)Qs6VapQGZ(HBmVSa_NP@3;NEz7kLp)?|GF9E74@%IFmA;7*TXm;CH5Ni
z6Yu>}d0YKe`}`EFXS4ZgpPz($=T~1sdTq<8{yzlsp;7vFVfzvK7p<Nj+2;9??UYtK
zQjK4IcC26hN3jd({A%sT=x>Y$j_thf*(k>XiGkwogr`Q%pT>JkBJ;jCdUBZJ$zhr&
z2l1D(GbF#*p98zZ`Td*7F6AaP5ka9pJpmdVKH)s?1kaxqd#&~@!jHj~DV{&w2RP9f
zOrrX&|3q?#@u$x@9^^GZ#c7>~#VMWtL_aHOf5~3AfjlF83eJXniX9616r2tD6uVSl
zxjVm_<?j4ymbde(S<ac@c#^l}gZLGD@6Ip6-Jiw$`sLJrnS^pl;eRHLGyZlfo^No3
z=m+~x)#GVF>S>{VQhhzkrJgk&F0Yrg;_?PcJ6zr<X&Da|n2u0?W&OUxXV!bw-`v1j
zuD=96Pec1A?bSHy>(oxVFQ9sU=hsPYU7p+&pM|dwpH+^E&nid7XO*M$k5G<^(<(Q`
zY1W%k^Ia_`f}Yll)6?rDr!zb`DNd`L6sJ{Aiqk45#c7oj<20P7FMgrowa6vJYn5Ai
zyq*Yhi{jxb#(@~TZpHn`21j0)>f~<iv*Pu$u#U^-D_%bX`DyU_2Qc3jrEkv+b__S~
zGe_jD^FH$=t@8;zl&%G@FN($MKh+JdFF-jKsJqAF^{er`)CgV|JUJ}z<gmz-gW~lP
z$@lSE>|*~A*{PAl>jfTO-wG~UV{jM=z~W63USD(^$SVb2C+*wY7jOyA8}j(97Oz?E
z4zF464zF3>4zF3xnSkQ}mJc6?`MkmOczq1YB?VqvKPD6GBIC~H8gccDGX83+v7S{@
z&jQ9vi7({}OC+uMyqwYwpZg@O_{?-Td}jU}K6Cp!d|t%$m%!%>(Vj){xmLMdT_?F+
z>B&v;S@;U^S>>qsta4O*Ryis@s~i=dRc?yUBG(e*=p#;WI8psLy0cDln&HVw@mb}h
z_^fhLd{#LrKC7G*pH)tZ&#G@ao>sY~$LAwKZc+SO!*)LgpXYe^yh|B;9-V;CFT%R5
zH2C~;h}%Tz+m8&E!{<H^mxerCT0`kt@cG@b`21Ae@cGiyOXKq^z7~hiU-aa#)|10}
zPY#OD8zkSy=Z&1--$Qn4B=LEzhtGG-t_+{&zBwH}C+!EGxEk@<=d)UTX1P0jX1P0j
zW_de&W;thq>9jw+p7?wk$|VIpTfZd}G|GJ3W^VVY=cDf-e&8I~8tYjj^-N>D4Dq=`
z(u&V>DDCiho}?9@nGT1~%%8(&Zhwc*Gr0Z|_&f*fmc!@!$e+v=YL(lvI?3%?Pi~6O
z!dHmTDo4d<m80Ub%2DxI<*4|qa#MU3xt74^_V#+<^Ly$fr%OCJDL$*56rWX2iq9%1
z#b=e1;<L(0@mb^&j-OR->GAnQkXsc0zRq?(2A}EvPBVUPL|l=13p@VP@$)NDpUt>X
z$ImY>!e=nf@Ui7^9D(!czlV9?D1C>(Or{+_ZxX!G@$+U$>-c#KrE9_Go>+YTbKUT{
z8$$Lz|8}0@QoQdWGJd|tlfza|4#S=t6rTgJ$38wcaQ^B(TIcQ7^>*<1s*dZNw|e;e
z4bZ8^;0@TUMfj35e*T|hp<IgbbJDp2M-G8JYhLHf@^-k)@^-k)a(1}P^34RZNWPZ-
zTF1@jpgdCGvh`Qs++NX-A)*K9<Z<ur)C@F_GYbApzCVe}=lA6D)5CR`53~LZtl{s@
zboIIQp}LOoKBjA~#*gKFvd%squIK!&&_6}`qps)t4&`@;>p3@QIS=R8OMbhD_iH7;
ztqAx1eu{Rg3)ao&=eN`Q8^?T&7|s<$o>luhpQZPgTNj$V4&c-Le7Igw@tWy$>o})~
zJQS~04vN>xKjU@YTgRCjly)hB&u2g!M%PzXKYq^DD32~r9*WB<55;AbhvKrzLvdN<
z!MLpJIkmkt{+zF1UFX>#pD50KkL`O54sQbcY1ehW7V)D54(|i{Y4uidI1Bl1oSclq
ze}{2+l)lNMQPJHvd92`y;&79s6^ENCT?-C>EEb3VQa2o4cpAvj_$y?WjlXm2opCt4
z!IMLaCx=!~4vNEVlJDbiJLj+7$ojgJ?PoZSs3Q*J{Q!0y=a0cwSAxSIJ0=|tC!Jez
z%3wWknC0zonC0zonC0wnnB|)Zx=3&8iNmu|9w~6x`X!lQlFa9AqV}#I4nIo#<pwsh
z9#xIQ-=%u;WpVg<q2I^he^S1~VZKKl+Q-A;t@6CuTkaPy-j{r}yKGPVeu_A}0M;AU
zABS&cIf@+!_ahv{{Zj2&G7k6i^E&_zUvOMKaClLT@>t->W5>ba4v<e2=YGNVJqCxz
zg8j5O{6@r&5;**N&`+zkio*v(ei|HpSu75pKB^dprwFbn4o{P`;_wVgtKL?#{%ct*
z4*!+fHSPXio#%>M|F!hg(m4EX+K<BHQg<%#&pbJFcygHI$w6^=p5*&D+{5{+1D?+r
zK^*SzaCmb^WjK8O<a9WkbPm!v1NFdRmbb%Umbb%Umb1fQmTx9lKsZoO9KHhOkphRU
zUy=#r9?U`mwRin+__xF#+&9g7R5cF&oa!l$!xM#mABPX7e22p=TF%4aX36()xJmNM
z<M5|oJ)y(lk4V3)bv%3z%du)4{t7?81K=>mmuepm-&mtOKIO?{$HC$EfqbGk{3Pp9
z3=U86aQH;Tj}kb14CrSZ4!1$R!{JHvK3h)brT2h&?<jpU$RTv&;RPQ4Eb{PY38hQn
z@H*hjp2OkqZ!EqCa+vV9tFTpYcpcSm?JD{k>-yPmML*W=ONztczEeu$@E)|U$j9L)
zJUJ})<k08IL2-CU@_ig$!}+UQ$^MMwyfmJBV#mXOy%=$rhG#{1k~A;9^5}FpoOEv7
z>|5%A!z^!y!z^!y!z^cq!z|xS@Tupp;daD*RtFye^Gp@&mwN-W8}=)7+`DC;mF@%7
z^9gLf#&dXZ{J0j^)#-T%axSGUhv!IPxjUhp&Bt@kFn^7g-zxcE^zsAAztzjfb5^mQ
zK`$TADaQO&ke^$*neF!B)Xf6y#}F=iF@FH3H9kIlG#!@|<PPV339cNcr;ny(IKjF}
z{2b2nH^ZN(|5yUw_e)sPsP)<P+w{H({M_`>W9X0E9^QLopTP9dP$7J<{ucZ;^>4)b
zd+BG2H&DGzoSr_4>&x{@z0jWgJEy0Ql68ghd>s7`WBpxT{o}p*yS)0xd-conarCdn
z`ej^z=T#7WdwccEe4YE<t6!dvqyKiSztf{%?%@jM)9KMa&Z}RZkE6d2>yO!QSZ(_@
z1F5!suc!Ju2#-cWe-=^wJ$0+!r~gA#zsy&dI8L?lY4PMU59-%@ta627+}jrW$*;W#
z+rNS5AH}}9`xpe5!}}OyKY4f`gX|}l`xx|GCe(BEgfxDQ`p^Suv?qCZpPnzD3EuJ|
zWEaJ830IB2R=R%p&Niqo#kkLogEK)d>rbIg#y2xKy*p9|`)`3C_^(79l*>ospa&41
z<_2V3DSVZyFB%8UQax_mC+~~IL1zm6JkHYnx?O|kQ@$Jb&5&{$_tN!F(<GngW!<``
zDO!FQ<)QoEitrCQ1h(%+Soh}6wfQs_2mKOxn*M|G%uk@7Q=I4W{IgWgEG}R9{Oi;F
zyu@R>vl<80@o|05v&jugyOfB7-gXS|y(^EOtB-?js!<+%AGgLUyR$m(Q+a3{RP|$v
z_~oh>n<cID1Dh!A;-IRZ8#up$IOrOXPjp;0ks3bke47O{?qhkP{(a<R=>H|geIEk-
zw0f)auQ|wf<GvH<eRkYLcB$X#ANqSbe~Iti1nWt<24&y6^mELAFVx#O=A=k{eRz+Y
zu~V`2i{F9u95e~|l6rMNC)(9!s2P8sc@d6NqVMtT>7(GPWr8;mJv+iV7+(S(wi3Vo
z&Ub(v9#!nu+xFCTXU8YB^RbW*=ggB{M%q{8i+)n2xbwTC(&3IB_ho`R$exy?gY+w9
z{c-0$!~Nv(?=kv};~Ld3eBV_G`n(tEGXrCU?h^I=uodJ}AhjbrU61-di_=z*N0A;g
zP(<oC?ZbL3{{Mi~3;o{LcWg)GXH81^#hp(K`chVYIDWM9%O}Y1Dadae)64xY=3JYx
zpnG<H2Jf3h`7DAbkdL>6{&yAle#P!_;5@>ov#@~TqqD~yLg}so-}~1+4hF&W`y%=M
z0{NZqZ|ffSDfxYg{QhxC^F39w$K5C8`JSroaqB3pe4-z-9&#+bI8H@+p}C3PHv_%4
z{8q0#j(2VOqrCFX@D5u)j+<@yNnUxn=h)~Wj=ydBL%i|}y!z3u+wuo`<=1%SvESJ8
z`+4Ozd*xA2Z27&RJm4_tSNFJkK|16wN%|g1cSw4zq~}mNKW>erWu5T2AxUqM-}@xZ
z^9A{F%O%|-zb}#W0!nv}TP*2ClD<~bOC*h2i1aO&=NCx2PtrY-ZX*9VKW?6+n<YI*
z(nC_dL(*#~-92umq}NLNd`YjD^bARFpmcuRG)Zri^b|?A$otwQ-74ueNpF(!t&-kK
z>F#mjXB37deX#r<(DU7LPArU<q`qePeXOLLD4oB0tmL;zeuJc2<-L>y9BxmAL)h<|
zQrfS$bF4GL6VKrr^`78$E&Tp<GLL}%G})a3=TpB1zY5=b8?JW>?|abu(V4$$?k%|Q
zLZHLEry1U(_XU(X2W)*m(6PFi<TZVl`y%(DAnvbQD13GEH`0F>uA2_&U&YT!Ipn()
ziduT89`pQ{ik?^g1^-ryykMHm_ur_VrTjbg_dfU&>G^CK{_Vcjy8+%B<+(n?zl(RT
zpcg3L$WI64l;Y?5B7WW)k;jrU&tF&ceC_hcm63;CuWaRURjfREBJx;YhMy~n_>p@;
zjecw`^ZeYR=WCb8d1d5b<JDFk7skrt+=x5~Pfh>x^?h0qKZlZji~;jSxavPAa?*QZ
zP`{@XJ%0{8kN!G(YC5lx38pb!RrH@XmXVL$cV^|&RwSPS-P<1Ct55|U`<J1^uJ5yS
zysn6jJA{r2Rm)@dGIZE^E=$L_B03%tI-mjJQ;l5@%FvN?zD}lyjx&f3J1$;?`+@t3
zEQ)jBdR3igM7z2ienP$53a+j7GZAs^I9bd63CiVf;QDml)xIy*j(2f+YsY_!?=$_O
z8R@!$%OQ^0ah{d?9}0j+LyTjM4L4WK?;|Ps{Q>fOHPe*|e#7&v=W{wgmHnP|ZIYhI
zeosEj{-WiN?1c1pl=rE){%R@TD+Tu^3}X$s8|2=p8~J`Ihr44KXN<f$yg2j*kRQr-
z5!8eA-vxAMg6j40OJ4iXePzp-&r*KIo!CCBXZ#yWPTyrA({1d-A{@6GeIz~%&MW<&
z_ue1ibMk)6=S|o?;r%l#M_7-y72ltqU+$hRZm)G8!O|fARotE^zaH31RgL^xp&oqx
zYLb8Te$G`M|Gxa+@C3&mk#6iC@Jf2`M~wWPpL0DHE3!*;ziWwhP(I${(J>aro3<Ua
z+?)|=htq0ohv_x8!<iocemfkO&<<~lZHGImZiiz%I@%N3;iwU6hjB&i(45*HseZhc
z+JVQ17B6D$fx!#42d{zWA&yRVC7*4fZ#Y*~(z5S)K<sWOiJ9if&@?NqSi7+Y)hEyO
zbA9<6kXnwvj)w2<BU>n)KWIIFkJ~`snP6X<II9NdUk2~BxZvwk-255ZlZIG*`ZCdD
z=}6nJpN6RdOUJwfefqOk&d0H{as5&_K74J(dhr{mKNGWWHI@&f7phl3NBV|H3<3Jt
zzCJBMob2V_vHj=3pD52q;JI81ebM)PAKzp23hU8vqpkPbP%hM?QN`zIXM%M=0X%2$
zFxFo(c-RN!k>0Q4`wRFq$5Va1N%9XL>~nbR@PPHEv+!~1KeMyEU%9LBDN1)|S3QsK
z=_)Li{>AfCU4?5U&GS!Pg+-EH!~RQQfuz?;x<}GH{{-i`OL~+1K1b3UCEX!uo}aS(
z`g%9IM!j1G@~lPg7Grx<p?4pF=PJ>=EAc%k^sWcWCF|Xcs`c(Y`2G@lmo(pUMXcUE
zh-y`&|FQkt=)d;A3q3l9671D^UO8WH?t}9+Yq3{vf%<FFo0E{fD)i=9c&-w?ITGKK
zLT@HPxn#ZhC&FM+d!@Bk2jTlm=uOf*!y&PH^AM6zL`Pb^Y4qsWl%O|by>h<ZyuV0q
zWS-0Lmoy$z{oM)b&jeG54`+AT?{Iea^<@8Y1+{}bK7sYnVi$RQ;_Rr58w+Y@)vl@?
zX1nU_G}~2Y$Js7-4Y8ds<(CnT8vI54LtJ_i#=>0%p<D2@d)%eMC-XOZ+-yom^ijt9
z7C-+F>g&FG7L|v7O1RKHjukmqVEVhqb;$3`Uw+&SNi+X0uEFxjk7K#(IsEx??NXlQ
zn;+Lk>EwQ}pz40`P2i_gKS-LN{q7gyaQil*)A|o-`@vT|IvOC37B`OjvRBUU2YVLv
zgM%ve_f|sv8HyT!T+I57SU!xtX+Qcb(pQE3ydIvb#D0Df-;=_AUJK=t^d>hT{c(`>
z6z+kmT8}=2^cZ{N`+rIErM-35qj!6Bv?b`#yS#F~9(@<i9dtNcxgO1g`fJgnw;_F1
z=+Rr?xk~it6nsw#J!*$?>GkN*QD_LP9Y~AIZ$x@Z=uuL9q%BsDs-Mr;-=kwrf*$ST
zmGkwew?;kM9qO+|k9I-&s?ej+@LVN&^lyN;G<x(LluNHi*Ho=Xe?)pp=uuMK<gcHP
z!?oX6jcY&m=vbbhM?dk(`Fhk=qaJO5`fJgn^+;b8dUOvwSBW0oiSOwoant<R9JC_~
zIc@#0FG0EVdUQ<HdQ?DqO6XBi9B3d`kM65lkCu3JY)H_fkE2{hAl~ri*F!so^Jtah
zVGqz%i~h|+{;SZx%iy_6^lvu4Cx!l91m)7}-xh9n<4?xoq46jC;0YYRoQ?GO`X}QO
zjB~}U2g2vhMg1G#I9KD&x^Cgd2pwtt+IEkQVbnh}K2rbp7$~Rfr*d*`9Nz1V9T4L{
z_}%z2{Fl@Co$KfISNTbpg1FpH3HJxD<aJm%*ei&iF;d^%5Ne`&canM~^prn|%T3Sd
zd2@V!aM!Ad|HNOqr^-2Ut9U(G_f**@v8tJV&rjw3I=NM{-fgO!uQ6HA-Izo1*8D`?
zAKNu>FxOk+{MVtCus(EW09W|f@rADs6vq;M!1io_=eh=D{kh5iJk^)0xV{;%l+?yK
zTQPoV^sgCe#P^~-X$%@kun~H-Jd7H6z3$}^I@0Rb-_HYjs_5T;hUY5j-+#dObP|~*
z@#VKrE`9&LtZKd=tCH^@R>=2;lzcx_5#Ogp_$ECzdZFvH|2?U=eaXM+<#tdzk`%Yk
z1P4dnlUA=*S1I3ql<(@z!}#KLOPNkwH`#{i7`t~fzQ>eH@>_01`Cf+B66_z;hXd~J
zy;~@q37Y7;R6kRBK9W+NNpbjPpF?~Q{!D*B%B;WD2Whke3xMvBURft=aS8DN%k2jC
z$e&lR<<M`za$}&J%}2i&^LO&{aomOZqrCh!$^Q?mFS7MCNdCXPe4JOsdWOAxoTtb9
ze?Wdc_YpUP+|XZb5cwSjO`J1whV67O>Uz0)?DIVU>o4>?53dXAu@AQy>aq0W7JJyg
zTDSV4x}y4DPW4ZzTm3%$FTM`xpH{c}efpoF`kU%jzfb=ksQ%`<)$h~)zf?c3dmjn?
z`4QDG{@WhV`0&B?%+wDiaJrUr1|EX?)2#QSbtzr^KJ53uf^`dVepNTvgT|d-O$8(N
zxSyX#`e|K)sqfK*`YxmT_NlnO17Jyt_0y&$_-W^YeQpf)jjvzm!+me;rvc;eiST90
zDb8djLAfC+PU{zvaNDjkf_1mN4slSP8zbxIW9t8BYr6X5)}3U6gZMoKdCw?*54LNz
zJ#L@rgRp}P?ST00*<p!isXrgQz`yG`dJU9D+=KsMUvwY&_ZDyPJehoUIpt$HKEG!P
zrJEpqa?v?@izvUVkfZPL96ci^nm0H4h3iG`2CAXy0_&e+I=71BL&)#ovG98Vsps_<
z<cEo$g1^5J_NBr7(<HCP1|1J#%~l>`g@2VtlP8ZhiSso}zMf~$F8M8--_LQdk-Yz9
ztarZrv#=DtF*pd>DbiPxLoa31{{EkWE}}ecZH011?xfeEpX&dhKbo{|W$w)&&j_Eq
zek2#(r^<2B+=K=q0M7SieVf4a<g+|J&lOniu<xFKFR<KUf4-zy-udhzNwb{u*(H>=
z{ge1z$@Sy7oAgQeSHBhcp9bSUSnosoZE^*U|5&>}3aZEpovQ!I=b!E>^+-I)*!Rln
z871}fk>9Q78{`UWB(3KdtfjO&zkuVgdTv3kz;w8KTbMt0Zwu>Zc;52B5Z7N~-2N4?
z>pE_9_ny`&x5uR))hf4NNIfdIg`y|ISGHHuDo52Tm80sN%2D(<l%wde#J5Ae9T2(B
zWxclc2lWp1?AkX%KZ8DppWH0|M%*O5;O?5@e253?B&V-=a?*1VR8D#>g33wHMNm2E
zxd<vJJ{Q61+s2~)r02xzx`2FkJ^gOwME$kj$p!5Y%I)JIx9B+udy^#N&Pf=?b%e&=
zUv#XKyM3S5e;(>{LEa0Eq3v}J<WI+eE_^b<CG>5}A-zc78;*~o?=hNrbNJdS@>V=)
zleFS%JEhgWRD-X@_mnHX&aXSZ-ggYh)5we3&B*%&Jm)-uuix|JF~yU|G*2FF)K8&*
zNxqM-9h^Tf#N&WYY98=Q7}s-hPE=^;I-#N96WYPfCP}mWBm5XW^zSR*mGG7Kqet+j
zm#Qto*9V|z8hlM!pLf+~L7pMKVvj<8#2$tG3a*Com?8F#<?V2l<?V2l<?L{k<(moi
zO69+1Xmv?3pQIPY&((X%Z$^2f@T24WjZE+zZug-z-0mW8?56Nv;<-h6ZtlR{+tSGO
ztX|9YEai49ThHEH&egLU)stT#{d%$Z({ou5y9$p`{rT)x##On0t!wbdl<&?d+9>6=
zNIAv#4U)f{@(s>Q{u0TL*JHF#_x0g93|}F_a|?w}#T^{{!bj~+vS0I8)}v)yKEy4a
zj!g0VA4CsT4vfp)^A(SkZ^dKfSMgZ+Wc|;tV7<@JW&O@CPR898heN;LbrH#_dj5Y@
zBmdv__-DNBp07Bo{435X|BAE9znnj`g7G!KSk4`qn;uUKAde`X9>(LJnDb`w9`Rg1
z%MbPG{b>KikFj=B@$@~QZ#G}?bS~tl!PAqEi=*#Pw2#B#=^XCA1;x{Ol2$zJp|t9C
zHF#QlkGSG#zV3MX<H;b;g7hmeVq`ZBo-W1n$|HFC8&4h!Jb5hg<e_-FMDl$+UC#Lf
zo5-%@I+>o4z*GM|@#g6`UQLguKY{&CY49{@-SYJ->Vc;$Z-=KWZ-=KWXNRXO-%K!(
z{a!QPruH^CiStdB;OQMGj}&+s=U-%k|6{u}w3*wz*XbdsVg-152-mZE3)fRMp6*Ze
zB;)Dme<6iYJRL>(4o~?W1KqFNomD&?Ci-BW%EQyGlCO3)8Bc%wg?iv=hUHZ?p1wf*
z>N@G}?6$+xHIwRrr@v?VtLFb#9{<}9PwxhKMDg?#9`D59Dc<{S@pSRz(s=q2&^L<@
zil+-8KMkJFd~+Oqe4wzy(>}ok#nT~4E1s^QbS-#VeDAm7>4)l$r++xQG@gC}&mE88
z>2okcXy<>|dh%HB$wTpUgXH^ox{>n-8dy(95KsO4zmGhpGCcj`q3Q56Y5&8mH`N1A
zS>6s$S>6s$S<VhmS-x<t6v^581GVDm29!q%JdN`&GQmH%y@$r~chz`$0zbc+?;)}0
zZkNR6$oN#w`Ar<39!~Fx;^`#HcX-+=<#e2)c-kWQKA!5mD&_I?53oM3_VMYfiH=;=
zc(NxyU)V~1!M4QHZ?)C~PyfY!SJnJK!_SBOZ$CW!0mvhYrx);eCk9XPo^Fe$eQ5tn
zj8AU@eT&1>8z4Uop3XZqj=u38eryt4P(0l%X~okml&%F&i|^@HJiW5+c=|$HX*~Vg
zsyIA-g(r`#o;-#<c_^L+5;ySiw1M*n*q)8#_|(6z`;50&hNnSFJWbjMwtjg%@Ra54
z@Ra54@Ra53@Ra473C^W)Nj>rO*RWnb4W7pN7n$JYY?p`RT=}Z;^gOn2tEX^%RgX{4
zqI#0Yr?aU3D4upwzQfZFDd*#<o>%YVsh(F~9#3ERTs`n~QjK_Wu!kqxZhVUOxYR!1
zyL*lN@8a>l{qXd0kVh0xyVyR*;3?m??dE&$Li=9=PrnTM7Kf*|Lw*`Oz519q`VNH%
zg&mKL6<km}ZIZO&X)~p3!PDaVwiQpWsym+USq4v!iN(_cJbAQu@@Vzsp?KOR`97Yu
zbN;{_vO^<@r~bX$v))!2o{mHOF!QBJ>ywi9!~XQfdf+L`+u<q8+u<q8+2JY6Hxpb=
z^0oBWIzIh7?pH}MK8^D)GQkA4OGERx-K)ma_fWsct?uD^s>ahxsGejzT}Jgs@pLKW
zJ3L(?<$OF{B>6s`E|C24c)Dj@@bom6SJmUQ<N5h;e75cI^l6AM)Q+dGtC9cxJpQ*I
zp8gZ$5yjJM*gnVLDc_sz@bvpfmB!O=!g|U$JpBgbr@_;kC&$ru5>6YL^}bU){Fvt9
z#|%o>f~UpzW-Fe4nA)+P>wOPKc@~hn`1QUogZ(nm`QD>Fd31R4nB&Pq@pPW#`*_;J
z`2)+zu8bs}cEGwg+>g=>{9-)5=j_Vx^!11zDeyGuT!5!;s0W_1yd9phyd9phoE@IB
zd^5p9!Y@mIt$4a?N<5A8FEYVVY?p@mxZQhE3t10Q!Em1eem9Q7e>sic(e+3lp?SyL
z>LISDYCN4!^(5ozHw5=|o>TVy4n9cv4o}xhIUi5gO1_V$Yb3uso*oQ#tZ~efD2AZ=
z^*HZfc~y<4)A{-BfTs<0!P7U_$p4!>{<j~VzA6?^KSv!VZhbG`f9>$}w?~%7)BlC_
zlNKK|e!2<r9iHAy`e@6cT|xVL$I)?kdOquKxPNAWhaZbP{8&QiQh3VuUnlRMDZc+&
z@pOUUsoZ~U>^kyk_e-VSKXW|Fvq0?8zHqXyS8y8Tf$RUHc=}dP9?Ly>^m+17JROpJ
zA5YhC{=f#ZD<g@g{yo^AoQ8OMDe+^+StN&EmIK;#-9K|8?n^UrPa2;losTlQE_llF
zc6iG2c6iEic6iG2%>=A(?jCGeU%c}DwC*=QS=JY?x}4KfWqt82mvDOK44N;VE$jL7
zGasgQ%TN72e^34ieb1iwOZv8QB6;?+JaIj#l^g2WhSvf<B<;%<ear-Bh#f1|A9tTD
z>lvKG$n<7giC(wvp(QfkO>`K#7J(hG`^|cQWTbB$sC=%_&h^Ru`260WJn(^ghABV4
z_Y_I<d-Hp@OPb%C-@A>{cE9`#$kF`^=;!JCz5?&dU)xIMyDw{@Z#YM082^aKwTpfx
z|D)3NWLscOuhn~!hv>c1h5Nzc{KHJpNc7}}Hgdm}=gO|DZen`fy6Vp7FekTq6W3F<
zKQx2tN%n`Hruy^QVWM02S#=Hmjq;s8v{lNf-=y*HEt1cE67)CHvs_`b<g1^Qyq;_f
z;85e3|04lZ?++cr@~YY&dLuut_kl&$lPTZ2K3n<ik^ZE7R=z&_37Fr@@5+8-_58oO
zM*jEo`1k!G<$nv=F*x6z^abt@k+kx^iPHHR)@T12<Pn`;$g_UL%r7i}@nEi><%f1@
z{hOfwj-ld3IF9`of4>LTzgm1(f9NjAcm5D7QpBzpyNKsps9nT*C&Tk``^RsC{KlPm
zM|zw+ZwK3N{S>@E1nu4;U;*ph1MFTYI_&vC_*|<z_i}vB_%Tb+jvM-M|GO=p@yf6F
z%H#faTmHqfu$}lkc6WaypU0l&{zyD;!`Al?s89D*qP^S-d{}z%+zwm*uU`3Pc*d5;
z^FM6)C%y9i{gHT%h%NuPSAKz4Kb}Wo%m2zN@82J}+$;Yxul#1O{taIFAA9Bf`$JJ5
zEj`~e<rTN^_a&kq--h3F1=%MW-bXpaI56%WD22bTk@Q+gujPIp-bX3>AH(}7H_7jP
zQhuYPmrHtsq>&0-=lxx_JN@FHOk}?xw^HI-li6?RT*dxY?v^>?ck#aZ*;B70|9^It
z#{>C^?9b&V%l>@hm-_w|-M=7y0`{{N2LQii{4JDUAJC2EzX0;X@eFj|K<|sR{Y~x7
zAuHnTO$+41IX}dIq<`1ozib58D2@LT=Z|NC7oG)nqV~q42l;;}<$LV8beZ5=T>nw{
z7I+W4ae=*`lI&rDe@8o@ay$>$t%m0g-p}VbFO+i72&hrM{Ox^pSKvO9@OeG=02smN
zR?}B7W*6CiV(cWoU;R_t{ug8aGITa$Iq^SAofmM)^*~2>zvWjWe5^-$Ouh8}Zl(|A
zetr=jmqni6TITt)i=J0G>`pJJMh?f7kwe@%QRL$!BL{cihv2ShSF-CR<Z)CHKQkio
zh`rCy$n&tG=WCb8Ys$zYE-s1km=G(EdE72W9)v?B<k48f&uI~P5H6K?{uM>f*DjCe
z&n(twzn{d7qfj0%e%kdDryn3(_~89HgqJ=aA}8DLpDD5%^}na`*Jb#N+joTgJzm7$
zHF7WG;oRO;*rOkmp(Ad68Pf4c5gp5gjtN!M@%1uv#KjSijt7hASS@tG5AdnRF5Om!
zj`#hJwy043cpfQk07W|16w&d<s_$+5EWW>!s;7BGP}!n+4fKfceK$b4dfZd_i8y|*
z;P)dQ#o;}^e;M*yhkGioOv!H#@_RMYRnL1W|AukS5xl3e6X>qxp33vR_M!P{<1ZxX
z<3*&8JkMCmJ(Z_>?@zj?@?>nE5jZ#cfMy&|tf%>b>7&x$6WS{MWD?20dOzi0kAGkO
z>&*FFXb*Oi_rAf%-{Da8_f$4{bkO)+^uUha_8g&hczVCu+99a19fr>+_6PiS_`G*d
zCAK))sTY=^KfwLKwZk3oYcW2=o(H>>iqScfs!xCL=t#P!^0!cKB>KaHMeR`eJ(WKK
zx?n#w^KZtv{=I^9-&2?4e-ZqN^87YD5A%3DPhW?7D(|QIB)+f>@2UI}yw{GGe0}<I
zf<E0Dt508Mc^dyKtv-Fuql3<ajOo|Qy>c|Z6TcPP<==SzY-lGdzo+s#sK1tb-#&`;
z4Y9sda!=)z@Lb&dNgGsU=byCyeGuPc{G&NoPUL`g5Ys4+E1+D``P;SJQ+X-A-;5u8
zy@@-22kE)Igx<LO(s*9f-IuoG-&6U;8ujkYAkSL#?oHSpRp{Lt;JHflt_9zdLhlZM
za>;r(12h!sF?PbAU!;C*aHmi7xe4E2Lhq8si~Gdt-GfL*5glpm)fkTsoR8P}E9-}h
z_R9J8>RmPJ&9iT*O>h1J&sU>2e}LyI(VO4kds67lFQHtr-c)~2<&W|GCG;j~p6#bg
z<NT(Fs@9wJ9vw;dRNm*6^Yv!GBE6~np2{yn{V&CPDz68=>UmG)VyN$>bWi0xPp^F3
zPMYWXKx{v_t?GVou}25S8{_QfOs|~Z4<5kvWTC%T`F%=fLH)Jdr*taPR|W1K56@L%
zKaa-uq_CeyK)EFQ>E9<&%RQB^LwZWs)1-O&*VkE(#(8vL96C;qcK6Epdh~%B^(X`N
z*P=%+Os!6jo`vTs(W9;So)miYCn%R*kE*|?^4CaD2|Y@h?|vK>WYlv$;|CrcxIQ6H
zk2ZMad_8)7je7KTsJ|9H`YO^_g+2NrJXeVx4dQ!J=utnEORq=QjPm{QwBv%$AU!4Y
zC@D_1B36%nUp20M)T0B}t;FfkhrM#X9zEVy8?JRj{k7=PyOF*s^ym_Jt`a@E2;Y-J
zkIsj3>Gi1kdn(UBdP?X~QXJ^)SUtM0YCSr}qXXA7#p%(JD3=k4H*DDl+OY<|>Hwgt
z7X5oQ@?VAi?FG+OqJOW%_oUFjU7%cg{oBIrZswI^?U<QY?t>?2{_^w~{kwvy3os68
z*8|zO>nPN}I^I+HCyx$X9~U<d`2>{v|MyhNeUip*V0&YGzWp<}ewFw8MAoVGbGzdH
z1-lLvpSu&*v&5~3J)P>y(Sw!L_cG|uc712kJ(Xxrw#7Y_UqJn;qJJ+(eT!LVm^4qm
z4BwNYe}4kXrSIRDMdTklZ)o~=D?EYix&Y~^g6|wWR|((U_?{GezZc4-=liq>-(=U6
zPtaq%?`rUXVm`^g>7~cRcm~?DxVU{S_f(!!rF_ps`BrdG<!SgHnV-gWmUDo$xcJM7
zDBn8VQ+Z`dc_zi--~1`Wht0Hp*y;u9rKP(M(x|700Nth5=OP|pxw~=Q-2ks!&JFT<
zW$Qno--6}tfO0k;{bJ1jvX_tJF3i8(%WsqX)n0ys<PUiHdQas_FCXXWvHm{DAIW<v
zf3Y{{lj(l|2X(!t@`qUe2;Niq4XS?upZBr{C<S~Fr-+XUoUY}b!Mmvbk-MkzR;qvG
z?y3Ad)jx9gR4$|Xn@3FkS5y5B|HPKG_mx%KzRge%#=RQg8~fLMs(<9}seCWgU(G$0
zi(oxcoL{vs*n`HMcL(ah9+vRi{d+Gry&B3JKQ8HB$(MsYZ49_0Md~;B$@faqaivi@
zOgY8bd-sR;8-F4RXXDldWrAaAKS+cg!w;>)koRJ{b|lE}S;%kP8Bq}EDbQEA{~MqC
z@uawYX+Pw9L&AOV!?GVx_uB^EIiC%bF0~JSN4ZDxqBlh4pyMZ$#~<<B>&Q9c4}0<$
zEBvcGnml>5$@-&a$uHi=oX@s!e&l{d-XG-dSLFKL{ffL#C?|Ga@A2^4)#|-}kK`Ap
zpuWT9Yp4%KKgnP0W&N=G;5$)|O}`^O7QIvd1pURNbtMx%3G$5a$@@tipL1BhcEEci
z$LxdiCEug<omLJ>{`D~_`+eN{txRyg>^o(D&D#G_&@_2zckO4%_d4w&^@#sx{DjKt
z38Ws`Pbc?Wh5P5i`!{6&T)0nK_RnQSpTm0=MW5w9&hQ?$@ZQA^vU|A{_f=j1c1``|
z`rTLgTj{U0%I)V;kIIeDb;}iGAL4erukwutLVq5^{X92|ztMjry*NnvKO``ntY7!n
zNlst&<iz{4ot*R@E!nS`)qUEkZ@N!g^^NywkHmeIZvweR_iv}auM*D(Qn_1ujrJ6A
zXB6slLD~a^kMV!Z{|~H>a{IS0p#ruX+952rsWpzim+pO)?>rRbY2-!rSmt9<9)qzs
z{?fUx@~bfAQ_1~Wb0(z2@uYQnEuR1!-){F+j*0h&J-@q>`?XF*c^LmE$v=<tYcc`f
zTav5!zRJDW{?&Y6<;$s_<nvIr|9zG31UpvyeIS2fKXIAZNyV*$IbGf_dP2rATWP*+
zTiyq9@@v6=tNFglAJ)kKw><v+^HBKwlkN~_my?{_c_>RHUHf?`ZvlBk@ihH?mHVRo
z7eB`0fa2+R&^Mc}c)C|gJpIdIarC`(@2kwezBHa5gZEcN#>Fq4`zpVCYGrtORdYH#
zO<KQv+;#Q9(*<nzvpv$U7fD*rb6O(lMe_S{N@s$7QjKRT!P5&-9x3oN&cDb6zh?Ss
zzOQm3*HiO-l@q9*WIWye_f_U$y=Lurx)aN*YCQcnorktP?yH;$aktv>^mj~u)%^d`
z<A3|%X(z}dil^!Ct2_eje+fK26!a|)PbWftn(^sQv3UB@y{~fVA*J#3D7?QSf~U{H
zOe)3?<vghDTC&&foXho+mUE=CI?pWQk%B+ZyphXqhx;lwpHdl~UcX;DJWbjMan8r<
zfu}5Qcit+?+nu+{a(3sfvV1ea8%fUP=7%f6(<@LODeyGTzsLlCXS-DMeU<H8PtEsL
z9!2#e<LUOluW~7@)2kg%vn;Qw@njEvemk6BJ`ds+wd3jY92c*e|EKx+kpJz6rym4)
zMDaBJeU($u{+GbhlR)3%@U$KB)8J_q=98oJjrZ_llZPLhJ^a{0X`MI8XXSiBGp|}M
zZo94Ss~ntI8c#oq=WR#u^rdrO<+CSOhNrjgn+{Kt_Jhq`Tn{|mO8VvSbXd|lKIQnL
z!_x*Dmu7;~X<SlIJY9tHNP(wu{zWF(mF;rP_f?+D_O0goD$k^PlJRu=-&Z*Z>l$mv
z)7BdCq{YLNZFj%c)ev8(9Z$#B$bW;!|MtVvPk=n4c$NOX$_}*uCGhlo(6=}|Js0xR
z;Atz&Cr9af>E2g)Kg3L|y!`m-?_obf6i;6|_f_szA)c<^Cmo(9?TcM-Z9VX`h49hg
zX{)3aPunD|^S$kq&IA_|e$^9CKacWAfv0i)MJAB-vo+sWc{#6>t@*yn*;G$5o^Jp9
zD({DNbhYE@sVuLm$7jd!^Wpex+u`ZW5MQVrPY<e*|9w6Fw;!Ia1bIa9>KcfM!~9{)
zeG>kCmH&hGzXYDX5A@CAgT_xUhx{~ndMeB(N9lX%-dFi(OKCj)BJOL6j89)W_f_tH
zQf1@QpS~s?o+h0Sa06W6RQr0Q4i8V~cz8O`!_ywY(+`keT~9pyD#{}Tp2qnXnczsa
zOEuqDxscX()P7%Oj@OB-koED4C7v;t*Y|c6w*P&VkHUJk+V88pkmXf1o}R<cZwEZR
z1L6y{<LR+A@_&TK|MtVvdq5shyh?vx<#lNPOW^6pK;Po<bRpzBJiQs=J2EcA^{f}d
zd~%e&^QpXx7cL<C<l=>kB(3qnC6q2T-@BvSSNY`YqH?hNba4HD6i?x@C-^vdEcfKm
z=gC9kr$dtO$4~h_#oTtdud?k##M4WOABzh#PVc2`x(872t9<I!Ag@8r9|L-rv`;7L
zoRr(IsRy32yxsVe<?Z69EN3_0%ks?xA1D0U5$~(KVjSpG(*Eo#Sl*f7En>%t^=Dh$
zS9#e9sPFAGU#|P)NAkYP3*ddx`zjA3{;mFzp4PBFdl~9;3V$fhKg<MsaeLH!Uu6g1
z<5ly0mFH1C$@2@_|Gvtvz<R{m@2i~5@~YY&I-H;14);|q*%$pGUf*2(eU;f7`QO9i
z-}i@f-TD^6D_*bd)@SQ_?M?K1E%#O42=a*f8+kH#aq|lcU>}pcuW~NpH{cL{tly*S
zvuA_8*?gT}=zx6Z53wRe>`Fh^i~H8-{3Ee5=qLRS)&a%sBcG1?UBi8qUvDqQSF&%0
z4tq|JJ!krB_*_Bg9R>Hf!G0~fKi9vn^2=WN^<H`0_igK64dv^3U*#9@{hf~9t?;L%
z*T1jwCa-)m@Mz29IUttaPkZId-B<Yuulxe9ems}N)_;vxzTAD4y<YjvUi}-q`tx4-
za`#n!z?4`273p0P@Ocbf@cZ_^ukt%=cXojLDo<`K?{A^}`b2)GgZywj1E!$leU*=a
zU9kO7?ad>Qp9#hj{}DS=ga0x=3;iI4{}ShqXM%sHzOV8<Dc@tyr^^K2<odz4#gCpZ
zfO2hs^r3t1BKh<c<aXz8+~@z<-EQ5CsePaS{=$7Gf#Bhj3E0r9-9S5xH`>8H?)1Cn
z<GBL&yqxv^T%cReIk)Yy5$s(Plw0$7hMvWLu)Ya<b35NF&!2&O3%<DV?A8~t{M}4`
zkY6!O>HLZ<^ljT?3EpdI?DrP5v%UCqK<D|*cqJYAKxusc{KFw1*tK-&`3Ly>6+lm8
z0K~y(-Aeij#(=z9kso;O-@kVJpd5~ZB27ENeaPlLO;BXWq_N&Ht;|1E1LtXPWPY;K
z=o|JqOL~T+H%pr5*=En*Ao<L{+i%Zu%4g@v?;<DJuOId&+0T#Z9-w)4b_$ip^nO5p
zKHE-d<ZtnB9e??38|CL$w9>cjSH9d)KK8!p2loQ`b+Y`_UZUO&d-vU7>!5rd``C*w
zhUd*3AkV2@ACB4_1P6|04Mn;!2kTq2dvW`I92x}cBRNl^$AWc03x38xJK=NrsSV7}
zfs`GL0hWj1f&9#|l#l(V8GbtS?MG07T+=J*yQ`52>Yh1=<+7ODCpXwh>CRKASTK7g
z%k#36;f3&d_tcZ=_uO9NDV?9%BI*4k&GPNq3!E+ZbWdfuuX`;eiSA86-=Qb%PZ_zr
zVbLIby7oMhzPl&0-sD$I<9b(}P2Zh+w$SghCv$sWwkHI0;PdXuXK=YaQF}oilZB5x
zkC!y_*R|(ql<uB9kIJu;b~z8^gYs&8+1OwTK0h^}-_eg-1Npf<F&FC{X8&~}%N5UY
zn}+$>2ClC_#poQHY4Duw#|@Cic0BV=@B<6XSK}y_Pi~O;)pgjYw=G_OJISmw$<J?!
zybt|8?7#Pk9l9UvlIrhyP#>@utlLBAgK}VI$UlKUgF_Dh!r;?5>Q(fe>tX|@=X~V4
zUZnSZ0)EBvxo-X)=X0Q%7jvS|jid1`@Vnqs?u}e8@_iiquk;|DO;AqlI{rQxfA6Qq
z>D(~nNBbL=>w}-L+(pN`bDS<Ku-rQP&msC|AM|#rptGO#W%fbSB+dFedm_v2vVPXz
zcTao`J=fLWM&JLBy?24Lt18dN_nB~#fbb;*&Lj*%&Lkum21h1bLI@%QD8zUR$dHJl
znG7Q#C}bER+1XZSKq26z2`Hp|ZJil%nW(L?T1l&R;)j>m`qgN)Vyzl42wJtNwJl!x
zKhJyFd!2pGnaqTwU;F!a|B_i}?e(sAz3aWLcdfnl+I{m)9>eXDPv*~-`th*pcQRk~
z{ib2nx0~my{&fwjK6cMn{fviI|C0HtkMXeTUo!s^!Pjf?OyB$~CEs`7>Du1L*^<V?
zN@w4LY8UY%s*lMcysUyNe#G=}k?JM+L(5Fme4?8hR|s5khsraVKUMO@=yAdC-+vzW
z_zHP_q4^hYCXxd$>S{Ty8488V$5;9<Y2W<YSmWzj=;cJl*Ylw$#P8$lD(bbWpWG)U
zNz*~;*U=bX-vggJ*7(YE(T>LWdMZRseHZ)se>lFr8?yh;7+=4366D$?YE^OG=kIdk
zD?>i=<wtK1##c4l^t<MdLfxtHKCaT=P)}IzgD{Cs@nTtdQNBJ2J({d`;@?Z9+&}z}
zzxocTTHSlr1qtf&O77Ml#81T!@xLGVM-@%fIh9tS?d0K}f$K=++e>c<yt6codli2&
zOVha5=$fUe``1Ll;cq*vep%AEcd_L=EZ=T<y&w0sSYGePy=BYm{kV6j<u!G=u%A;=
zLVvRyDe3<K_Yd5NAGqQ!mPXMu^Zy=)hVVOHh`0sz%lgS3TF>KK;uk&vzsqYq_?gC0
zD~TQTmOU-&%A@A*lGcNg$9j|AA5u7u&+@!swdP6h@!UT+F#Vw5Y0~d8#`jK@e0)!&
zX?l)%^><TSa`E{-<k>%xM*R1of9ZE?M~n`zMaHvX%cGw{*MR0(e-J-e|4!5o=N)CX
zcc;QJKAiR>f;+o-o;O_~>)iu;@b3zDPW`d?<KCgGHC|~N6u$HhU1j-wmS1l95y{6x
zOD(_K@*S4nWBJ9F-*5SL%Rg@U7R&FId^oQ;_}j{O=vC}j(EoYXkJT@P9t~|UJX;k{
zAkRs}WBefByxwb2FL~JHn0{x|<h)Vk8uC^6zg-y_53Bx+c3Xa%>KFNX0%E4@T>J6s
zL%a27Dd;Lj^jeVXVdz5#>W6ga^`SAR51e9>?iUC8P@3xBm4B*=j=Wq%zXQ2=KhDn4
z(UOyc!?hkIIUEZXW^$M+`W^D6o?SX!GeK9pOZB$s=W6Z{c0^M!<*I3)U0NR6=l{y_
zLFBPo;b@<;bMk=u5_y~y$iwN#<RWSwjRy48luJO5_v<$oSL(+~%Ejm*-46F3fQv`W
zPR)MO^VM3cpM`qot2LzlnDGepOX3n;2A6mpRigxZ_jqw!WWN46ZU3%u?tp;He2Msc
zJnJmLVd9DhG^HQca?N+@>)BE2KN_N_40!gJ5TtK6rnvDIWN@YR5v%b^@o&lDKP89X
z>T_IbLA?<FHsT*rKUymMq2P^&%D?3gyssu{JT%MlTP;7`@|!I`)$*Gp4dpL-H7sa_
zzhZA)nrHu}!5%{W-;|Sk8K8u_4EkEq=|hG8nM(Mbh9857=zp)~+21eY9_#-CQ=X76
z@ta0RxDHZpT>98u9B*d{VmyC0xdSn-be+fKoUQ{6NO7vKex4}!`#Y`IuXu)hyxC-V
zACER$-p8x0n%`;hf%TJmL5YX!V#0^j+CKaLF#LZpdXwCU)An?Hh=;sA9Y5kBZ_nb2
zAs;`@?$Ys9{SejxtUo>;`}nNmXEuKC5eE^<A@3h#JT<vcPkmh6a544N$J5=4Cy=}7
zO`vD}9G6`WfTsgJCm(Jlo?XVjEy^GA?;`vR{f)PK6X2`PyT48Ak-iT6B;Ff@KBX%;
zWt9NLL)zcIQ<hj>`O$aEg_c)-^_^nz?2z&^Ii=momEXxJv|9FG<&m6Hw){ciLvo7h
zWjyq><v|dx<X-gy?#B}I8%2vm$C87LLxCJf5&L;1`7s9HSLXP>#_Dy{;X5e}`R?s3
z$??5|Z~@;P@A-hM*H0gxe7q<|uLBm~3C1U}6Ypn3_8o^?;4k8OcD7p3$U0{|fAM_y
zi<Ixc#Va0K^;=0{i@Z2)$#~GL`H7q>Uq+SCkN?vN#J}bc_~%PQ@eI|AtbNUQHq4Ro
zTI0lbfWH`>F6ANr^7dO#Zz9U`F!bh^FF?O)*lRt#`B%V)_Syl8Yw69;05@K}fqy&%
zUoptws?S$A3S8uCnJKd5IPK|UBDcjy41Y@w{|NC9;3lp#eo%Lj#ShOSKKVo95B#X;
z^AU_sHUq!Uo8w{ipK-HxAZdDB#+~e(>;0BjeNLM8Szh~}H0_mqsJ~+W!&**zkhs(Q
z0p;^+u7eC&d7*M1PC1rQM7ZZeze~|20vN(G-eLJR{Etze7oWckeygY%{0;HU6FeM^
z&~DyOjX~$Tu)nZ(r+ts9OR5W9bFh!UH06bIqn1B=fb9f$IWHwWKK|WHdm4id_Agym
zLA`e1V}I{ty&<K8dbb&h5w=4<vmJ+j3*qze%xbMqxK)OCJ>cS@t-oPOGII|T<Oe0+
zH}ihW+qgPY6%*$jTlr=yw{d#rCd=zMoy_c)eDcr+P48J}<*Ikd%r%mi^)mcQ%&!-t
z4@z8C#V3;k?f#o^5yj}dL&EVp2;|=%V+}eU$M{og-dv2%K4d%o9fd99Y^T<Iuo%tJ
zb`}U*qEYiJp&VVl58(N2Tu{68=P^ESqkN$v**pt*Ua>!CZq|I~q&o9AJns_ta}+Mc
zi*=<6yt<4TC36kmF$F0vM*k-LNSc<bAAYmSIle514<=iI&rG<tfQMSRk|rG|dJ8&%
z#B*A~*IQ_@@(#scC|iE1<&|;qx>b7r3`wHSqSN<XrSG^Fg}=@8l17S)&q+zwqmzw3
z)Z@iGuhGq#CimIA?rP0<PImlX6a4Y*s`v37{Q}UtVUwouy_&ASPtv}P*9m;z!>`u#
zzLiSfT74dvT&K^GlGYBrZ_iEf{7L9fTJ^b9JgofcYrRk4;$h`iU#t4Dcv$(>*J|^k
zVdYoSs`DnFhb8tLG#*m<`TQ$6Zk6Dz@I#DG1Aiya#~+by$$kQk2edyv=Zl9n%Xq<g
zI#mbjl0rZ2pLw6>r*Y9v!vh=6k1O(A-uxT&eGs5*=UZ^~A$<~0-KKcPS||P90Oq4R
z4yryFU8TuCd4_a_ah8l{L4Tj7zYgfwYIJ;&bPQ;_>3q`YAiWOvdB7!V9_hF|dac$=
zmMs-OJG$8NtsRnwUFrRy48P3J?$kW_a1PFmjk|n3d$GXBH`+RAm#%xlzV!Z3zsaR~
z9rG#nFX-<k$eZ-9L{n_%!=OK1*AB+Da&CMQ`nr_9P+mK8@;bowRx2Fk_59qr8BLJw
zeu(ngbwK3RdF-&R`vvW9$k8qR2-<i0AIi1QeOBIn*w6cOaCv?oLw-LCKHe>SJW)Cx
zj(g+f<6Cp|<@tDCj*noi@bRvIkELUMJy;{ekdE>4^G!KAcGuzO8o(tReO+GlGig$N
z#r(kZyn20J_`Y5BBOX?J7`@B#+tgmDAEzMBJREtn8(*$@mhyO6jt_Zx)QU4m_f?d~
zi0XB=4m=_q4COKP5c=)?xF|=*(!jo`-wwA3aF|c4KbWEXOvin|6>uwEx25vnN}4sT
z8%OM1qxj749TK0#J)M($9Mw1?jBhv}>fJG*`r++2V1U4NIP=AyVPA|tH%;er7Kf(m
z!S<XrE1xRurR&Y^{~M~;gTDv-9?zEwS4zEbeA-0&*eSQ=`R4)VgK?saBI?DvAfHn7
zF|8l?Iq?tf*U-Lx_e<v|A>Nwy>vTh&?hpSBOKYK?iTwutzk}nww}*NiM&Hj+FCMXR
zX+X%7`7wvCus`0;Q*0-I+f2CCT910!fuHR6_W_q|rIsT8D%if+SuK(;Mq4C3oPIu@
z>u27c>h<%>6YS^TjI*Dg8?&FU)qaj4cb|V0N|3`&lY_~ZdP@#Ef5#eEKi#kEYz=_#
zo2h*EI52OAsr^3-`+F<xZ)l~)U4h@BooDzpfUj@gW#Lb)b++4pzZgAN%0oTL%lj$%
z#lRlOFY4a|IX%hS(X5<3tg(9UqMqzBIjEY}v<GkJZnhJ^5s%A@_TYF2s3-TbR$ve5
zdbZBHkA|FHB68As`;ov;&0@c%A|;<M7W~!YPo*9lzMo$x_-#C@t7qfKpQnEw@Tco)
z_M9T*6HHM0%e4MD>f>Ic&fi9i-*=)Cu0xKWBnnqHex9Isa{cYy@r@%keoiJ|2ejRE
ze4M5Ebo`vadT5@nzd8<f(53iF1q_0?V&50lv|0Uz?~7{MWO-^8?4+sR@{&b<gXF{U
zP2#d)Ehm2^KC<?xmpxc74aaM-|J4dl{Vn4s;kLpqOOfuQ4)N#5XMcYBvXg;##M%Y9
z64x3Z-R|k9>&5NI!%t^?SgdkR`C#h-zCWy~#mcq4q^Yd=A&oN=+ZT`LVZxup_RZs*
ze9P-P1fGXkUe_n$9p>MRU+FmWi1my7fdTuz9P;U3@q9cT#~Uea`sZ_np0W7m<J&y&
zZ9L;!Exr|_x!TT<(N|D;ldgZ@x;yf`##&E)jmTLQJk*Q)zHZJVsUIHi{52j?hVUcg
zOQ3g*vqJdK5I#TN2k@buvR*srW<NfKdKj<8zFm)4e!$BA0_DYM?IHQ?>!$y4()jpY
zYd(W@Kv`E9y#S5l8dY(p`!Q*6q&wuxUW}*g$LnN1t<M)a3qCJJ0pWK^5>3H+=BgYY
zS>MM|_InVZ#P@KH|7F76uXx6ahu;4-t}~Q%edO3PWu0LP>~#~W=IM4lAMI1TZ1=?#
z{g@>6)AcT_74s@aXGt2yCpG&O#3zHOLHuv4)vwzGojgyiWe2SHcJ^yT`&F9y)2el@
zO}Y7{JckV0-)imO%Ju{M2Wu+geTQ2MINv{8j9_ep3+6rJZLe#b?Y)-mJt)nj<8r#c
zeIcpjejl#xW%M(C{1nDB@@Fgbz8L+Tl*h|$U1FuJS9I#SL^|G`r1)ajbK{fy!vwf^
zCHHCl<TzWGyRLeDV>k8E);CB8S%vSH)?J^I_%rYedr&|02N!`4>H6G=kP%UT^ZF(2
z4rqC3H|LVyLsk#|aXRU{Q}eW&T6Rym7mM9YH@i7s*XM%v^W(1cBWS-JO%TuAT>Ikp
zto^W`r|00<Kh}TeoLcXNW0Hg`J9kCL!R#Cw9S5`XFmxOY`5^o=J7YV)ge_OUf6iWH
z?fCp<Uc*JQKbL-hnnOPBoi<ru`G@#^imFV}jc2lRM(p|PBX1V}oh(uR7;k%{=9lde
ze#hHy(EN3(H{DITZl7Fd_m>&`62;Tq`WAu5_$V}lc3D$SfgfNGN$1ZNLr((v=I2RE
zsW*Xq*I2zLS+7f)mH83*5v~_F{_o}Bkd0gqsRxelTPSe5FGjBs#9hPMZ$Aeh-nLHq
z8*krWe6n<z-cOdSk^9}PTF?0xj@Kf8qnrJI40c+K&X@M$5yO9?WYhOiO9hp2$X~(Z
z{A|GU3rs<XZ>snoC@-#1@5D|6y*r0?X8xg+j*|$Ia`nV+hvl}+Biv7{#4Wb>aqz8P
z93PL&QoS<y(XZiO`hEl3<wgI=D}F@n-k;}mHk>8!Y=`>nX%!y=`lO%E7sz)Icv)`<
zbh^H{o{Tkq?|dux6VT1}ovx#~uF;Ly<k0IHhd<w30sQHFbEl5u;X3A6^6}^Foee(U
z{G!^yM$>;k|87Z##{2f(Wbe=t(F1=D+h^a`?%j2v-0yo>pELHR`yJb*eqZ|C?RKl*
zV)F=n?wIYLEZcpx$58KSCzSusu@9_ttQx@KpL_DBYX4?OKCey|P<wTLLjI-mbX9M}
z3(l_{T7Sr%uQvUI_5T}^`u?Uq-%m5-{oQZn-cR-C$wu?zL&onW_1npP>d!+y&@RY_
z{TRXyzyI$!to|p*%@X-!e0WEW5Bl8M^&sPeJ#S9=;Bt39nE%b`AI^y~ebDhM<U@XZ
zasBvv@TF@==lS$Y46%#RLW&iBsbBDgcsRb{y-K-HzV135{zc8Q!tXl%Vd!62-{tXs
z+|SN|K`??Vgk#)7{3jd_I!vF&nrFTTey-O3r~JMj`gM+f?#F+N7<4SZD)Cd`SKC1+
z>H2rp>k_hSj>DS_?q2{`J%71H^q{I;ZwKQ7=kLX+Ng9ZUH>q4(m#h9fqU$(`z2Dun
z?JZIsZ&!IG*J;|lOz(HwI!@ARc$R4WaC{d1u>P=rUjpAldAK~+)RAWo?ic-hgq_A0
z^nvx#bz=1EYq&@JGiGG`8_&4()!(bsBg&C@u9bG5cSwHv{CrZKc5B7u#ps~owRz`Q
z^Y2@rXxV!;x%qdVAHldS^KX}XFm8W<`Zbj4m(0J-|Bf|&e;9o7d1~j>dh_SQpHDt?
z2)*BGdVfFQeE#a=?kJ58SNh(enthbLcR0Pu-w1#1*LsxqZ~2|_{CkIY+dT6Kymy#@
z?(xk3gsuUlE1duJ)sowt3P-usTVL2vA-4lE|I6N6cwE+}viA-TSbn*Tk4cj~$4K9c
zuyyeCy@`DSpS@QRslQ0yyO?Tue-C88u7`~%-JJifgFg=aMZNb9Uxofxy(baq@u|dP
z{2<@vp$W?MWz?6ozQ5rqY2WuZB;$SW@ByVa4&FQb9oEA$yR6=?BkMGQJ?^vdq21`Z
zQ1szMK^(3xieC%ri9VSB4E14QEqz$6bW$H``5p3OQJ@dmzJ_mC(UF&n^e3Rh`%%u(
z(Lp&F9i-RcPR+sP?Qa+DFMY3f;_nYm1O9kK_3zodKR7u@XBl$y{*bR9d7`LH#$UeQ
zi)D1tv*(bn9{(F1B}~w`vQ><JC3O%-nOzN<T`aZyh~?exc58meVkwVzwQIUl?I<2H
zyTX{mD~+3*HBY`5@H35@k>^!+f5@F$p5kfIe0@9~f7^S40Ua{0GdiBldmkUdcwTS5
zcqE=@4FZ3%_G$B9>i4qu1a&@<H0?LJv`dP8_m*$5{9enKEx$+7(4Iwq0(%zwFgv0>
z9>?cuL&kpyZBNdA$|xe-#n8)AbQ~Z6ANbEQ;q!5TkNXYTdxHNA93fqyUkT%+dgI84
z-@@^67MthuJB=3yfK>9f&QkY1LAA>x_nx4Q=hjcIgJ38b^F6`$VLiF}Jwdahbi7hJ
zv+>OJ!|nE<>5JQ~jwjiBf<AuwdxAc``g{I1{sqsI@_x47dxCw7!tqbX-B9kLH-Vn@
z({H&R!2UbHAL`Ls;@M^V+k%_8$Ui>Obw5YD_wn-v!25F?!mS~k#fyaNK%RJCFZ3y0
z*?WT8-|Rg><wy3Opz<qwPteBa^gTi4clMs3$|E_Yj8@4H)2sA7L6v86is@zD_XM#)
z9#?1&c{$V@?=B-h0(;BzePxdC<QMsKQ60XM(va`%27i8z?;V5-`0jYy0ay2ZFB^yA
z9m<ztbQ7>t_FLkOF1ao1hW>o_CJ+|ytYc@Z6@IL^^Gx^)&QHl`U+1d#K2^L!<(m5S
z3B31R27c-x?Vo&p0!zEG^@sW@<543Dadj5RU6vDC^<K+0-&xS}qI~{cYai1$fWH_m
zkowtpzRt!0_Y1o2fptwA-}|jx$M2*``-^oMD>uI~qT_w2mo@dv`p15|9{lt9v<GX)
z>^n){zg2p&_ivS6x2w>;JJ7RGA07Yqfj_yoto?Sq8gl#8aiQux-B|gW>cJ^e9ds^L
zejJ6kVLRn-?@NUHe!{rK?O`JENef61^=#{ydZzuZuV>ZIJIUD)|GS8PK>3yGv9cL@
z{6;CLfBwQ6DNmpCG*s`0?H4`nR=A<89mXfLqg`A#pWu5<Nwea~_C5WX#;ucq5Law|
z!{bc$w}AWkI5n9s;KBZ>U4o}~>X}kdPp%V@XBn76e!uPr%QLSpR|CJxqf~$~;R@qE
z=le$CyA+SP|K-=Tcb{iOFOUlH4)fPtTAzBuscSgD<~*7G_VIlU@VLJtJT*6jCtZZ6
z=cHb&X1hbX)qaOZG<{@H(`|bsKI*$-vk(w(v+?~34K(6yk6ZcuR=!*E$rXDnzt{4c
zEN}6|75$P=?%rVcZJfVio#ppiJ=J@krzck|)p`$hXnMzDNjY!hm0V%zqUD;Ozf#l2
zRg%6>{(>Jn^hbIQjq#V`gO8VY@jZuejF<K1<(DTl#!HiLF`A|8g=5g+>yWoS3p$F?
z)T(t!aw61I&Ksx)->jIg*IN%fO&Ax(OEuRwf;e>$HHg1Ny&RJ25}(RE%Hp4~;*KWp
z(bp-T&3>99+c!C<b`iv1Ta8XWYOY$3yjJN>mX*aWeBV{lI!p3NQ;XgY`X}=-!_WTT
zjPs?l_r}z&<C|<9YmM$#$<|B8zy3rGC;lIu7pzC-^=jDo4*eFoT;Jgb2Ce>gQNKz)
ztF_)(^7-LL^vlkP=`1{&TaQ#b&ekI}PRiz2>OZn`(A2+VahT2@viVyie9q!5^&8o9
zPK{qe`##9|bkP5L^RZ8(|Jiz^`l*l~=Ms<cBlNd_iF(;NXe!rqJ@UTleMrLp?aEhw
zKIZ${;%%y5l;<1axDQ7k+D)E2MITO-hC+VSwAUK?@cu*SLp{H@jrx%8fAjUSuUFBL
zmrK3**?V$ytjx*5`+G0o;+>`sW_KQ!BpTk=Jtr&PWqLKD`q^2i^ZxezDz_A`hA(yT
zX3ukNUCsPr8vo5yeCa%C0`EhWQ8kQrI*RDO4$I<SB|f(JJjFkOd00yh|9QZl#XGSO
z?s0i`{?=0Shg;1~J1oE1@{29MNzza+WjqM%ROD=WNqczzluG|3`x*m#BtHoE73e`J
z`YWL?TvuC6y~+DU*ZYQSUG42y01n4Du~(Cu+y7Yp@I}=B!(3N8QtN5?^R?g~mEUF;
zZYSi|^AMjFqh%`3VVlpksvnAnZ9Z$`Ts*Av*`(FRuVGt9Yc;zYw)t|a+Eeea&6iuv
z?+@ELTC4i?-eFruYgNA=@;&b#=(ln1u*8MoI@mmu`?0kDkqt7h2<0q#66jSw*K=I%
z82>t~eu4FO8J_|>Iv3^PI*qsYYZQd@>{Wyd^sxhZ^7r2Xm)xsyXgp-`^C{<`6z$nL
zS$(H0w7l}EFI_KFKKi`gpA%&3Wj5ZV>tz;?*m@bpWwkduXAkckXk2Z6p&0c`yCJ{o
ztsgbZ`FqA6>*rW@@co!^!76G0Xw2`15%VAV9H}#uuXWFnDoc5-b)g4=zt;P0dA*cz
z%ltz)uX>dF5%`<D9?H66pog64P+xYVUM)RDI8dR7?FRpWoE|PFT%d=Jcf05z3UQ_5
zosXAB|Irwi-b6VC_Eb48u@@|7?}GKa^jt_=zq9(a<kTf{(g8k<*EoKVpZ8(h7|*_-
z=g7D*Tj+>)n4X(_$d_)EgmEO}!7vVtDTe@F<TWhl<ar+H3H76oa<=m<lg3TjuAQsb
z*Qf&QyIT?B`yOJqeT}OOPW?#I=zc~0Y0|h{%996|YI;Y9!JFMTQacbgpg&++l-N4z
z`{XX@5A-$f2Yfy{DEsEC{XngFuo%6yYW_)yhjQZhN;y3T-{s2UU5^`4K=_@K$a~y1
z<JZ9c1_4TZS5h8BRuBD^_`=4&vHaG{=(j9>JsSIB&a0&-Mi=#CtI>Zp;Hu`KD!ypc
z*Ilo*dE*LukK!twPvZPA_47@Z-)QeetQ~tklC<v8ddqf8N<L1VOg+_ol*z**a=)`M
z{`qOU^{0gXr2A!dnOqQi)Rd>&doVvep_V-FS3H#G-rzeyTo0mtll~c$XZoJe+vR@O
z&@~b#bT_?5#-}bjr@OmprH)tWbNz!lem3owerNMkwa2a@t>4}BH&WhZ?^|~_>HIO9
zw+>o;e?G9)^8Wl_ljO5`@n$POJUPb0D#z^nj!d3^%Xvb&FJt0z{6~Z?>G|4+A;+(x
zewAGYa=ajSo=Sts@f#a5IcDdnC;{PnYc<E`K%ZP6AIs4p=R+7Bp`ZRMz=2;P4}5p#
zAT=%-r#+1&hd+9ja`+(VdNy)+B-elOkJf+M(<kfL(@0G@OoNAoTmyX=uN>~r(J`I#
zG@~Pw!@F~E95;M_814Mjd&BW#k=S{tXA-9c<MBS!5AhEGe=+J{Hz4nHe}MS|o7Xfw
zUDIFW{YkbSrFxUCSE*fQenIWBcSPq&;rKh=cyTT0_V<V5o$8;HnI0FI|C+g6`jz^p
znO&AQ|26Xl$@{#D@y;6DsTD`Q7VY)jvr6Fc+(7MOrp6n7j&L%w!^+KWX6nF|JVfi$
z_=9%s=U^10FI4Hzc*lihIlaj1alQRrudJ!ZUlaN=`FG^xztr+Juk~~I()ThpnBR6k
z->>;y>gSJ!A33?gkIbL2-p>)eSGk1xSJQq~ZDievHE4HD<bM#K)zsS{KBHc--bttz
zkEp)-x)Sw{niA@rw{rs984&Tv`j+VDZJMVYJKm{)t9PzVykk)1u~Wz2VzgTIE}*}r
z-UajzqDj*K>xH0aD5EDIUtX9S$1n|%dJ*-mYJGH65QTiK$^U>3=gW_CbjZ3{z!!&m
z0&ww&#ud)TQem*F-F*LLT(oxC@2_GXNUiVcuKhiJSNC&@FW?LD@qLU{xpQO*7~Atj
z;vL0WDAwO)zJT|jBtFaD8&!MC-Ya!`viC2W$^zfJL*IW1`6&G{`bkH{xCXuPIPo5S
z_uj^NU+)?1mhOn$zKHKhg!Yl=lZ;zk8T_%Z%W%FZ`eEhN*D^ra?-xK{OHpfqHS5vM
zdGFstfe3#P``$u2WE?cSPWM>j_wM!R#~Au9{RrfJ5Dd!3tF0oRY&_d+`81BTyvhUT
zglN8oowu{UtJ!O$eVVd=4|Beev(tE&`c=+b!HTFaJ*VnEsTlI3rrj8S!twqt*h9#N
z@%pW|px#9M)*WnTK>L@DtATyG-|7Y2`2E&L1z|Q$={TRwPc%-+_A5nZPcElAammi=
z{Yo|Y67bXMe>M3sWbK%|lUb{bPNgTAm5WPeEtm2t{+M2be*NX-&xWOjPvfX$R)^&+
z&X{F!MxArb@_JQ_R1l&5h+TXCpln|;yBmPrd3+VdNueH(H4nWMc9-g}o&SaNkG227
zy32U=_blpFV8=D()GO#^ymmRAK{@TRad(TBk2UU|&UOMg;&DF{%7;tXb<fYLW6#B?
zwW|Ml{`-E6tH}R4e&kWeh<?HS3FT049yuLy=-bdD?dJ8t{Y-om*RB7iKs#BZapVjk
zL)Hhw{cIE2_r#u14pWiJI4bxp?mPnc%Q^fXCH_DkD%W#K1<N(1UTL}J({n+rey#P~
zokIVtBgUUH=n47rzXiWO7daBoC0cU$e_!xFrE%s_;Qw8M|KJhBpQnF4@%N%rxKjBY
z!RORB6Mt6@f4ZMn^<*OZEc5ig9{B67XAfJua266L8y&Qp82gNRcj|lAzK+lP(-7~L
zraWIN`Z|2P!{*tIWxKy$<dHPalDyX^|73g!+GRXVedK-OzYRY^_*J+c#*K`}LijfV
z9^<~)N76VV?P1)v{BFxHxBMQ-hxqs6PKZDMTw)dQ_uWmdvK^f-C5_W9uk)s)(d0C=
z$@(qDct70ML5KILem<gcTe4_S>p!A?DOt2t^2vjnCGDPnrlyVhyr&p_UgE~F#^tZu
zxcnZxZ&Pnv2*-nZ^RZXl!S|6rBJokux=-50_c|oyxWb;!Iu>zv@LkmSeB;M?%7<jh
zevNZ62J%Xpo>Dx^4oF&*x5~&*y+5s4;e4IT*J-H_?d_1y-CB<4wNihY*+*$AHUr|C
zcCVJtzDLv19!=wI+Fogjy|;U{-fz1Giim6UGR-H~Dc;dbH9y<w*`WEh-XBZ5{+)zk
zq;#j>o$u2A7x}RqT#sU|Q$`x^QvOx-*Z7k5H;DIVu)o&sv^B(r`Op-_KTWrpMDcc|
zclPaCp7O{0TeSXmYkAuZ*5Atw-uvlvtkC<;hqkM%zvkzv`a9tLoh=pd+)nt@bz)ia
z-A%udJoSb1$xv@$?$9r#uS))_rFt~_fTooHL4<@JZ%rG}`=w*~RwCs7pyp>kq^Zj%
zle_ANuZy<5-S}W~uadX%x2^XlD(`e(fbt_AR=rMUX#e5=w4V)_M<X61y{E(e+~4Nm
z{W)Vito0Hb4~x++wLR18aeo&Zesk6pt4G=UC7Y8!K5e1)&%cZ9evWj#0x)BJ7kdim
zp2&BxzXDTdfBd`HzlBfm^DKCulpM|PVxKh!eMcj^gLQeAGy6Li{W%)n#ojYp<;*xP
zwg0B&B0txMq-mw))&KZDrtXbuC$9JYy$kni>GueSo|gLl9wPY(6^r_8{eXFn5dRt9
z#l8&&?0V$$9L^^?a_f0ux9I=fw+G+Fo{O8f((~}n(eYtkgK8-I!8<Zf%$-a2f(03$
zN1FwW#9vQ??|hzF#;vxKPm==fHQ*I5RKL)Bo*Gi$vNguXRg$g%6X}0S4UJI?;fK5A
ze%E=-;XIe~mA;$WkC*(-_8pSmb`XQBZ?dLw`)tW4lQoUcRY#dDvb42Z@b)#WmbCj?
z#fy2A<da6l-!*ijmN%Xx_`0u9I>;CLP2Z2;=cQ5KTmBaogzTc8PsdRwZg=7OE9Z@z
zPkh4s(mQFN7RRmt9*8g+4dQV;{*kzfde$}<h;fw)>ObRNIC5M*KZtvu5xU=vdxVes
zw4C472AXGLlXIzot)Sf6jn7rQq?;UYdPwIi<imLhITprc74u-A9Yi_tJP+f8`&;H4
zhco?S{`t9lTQ2{yT>gE}&G3zy{`z@(@rh{E+I?bP4LB>0eSA1k<xV=j6Tss=YvErw
zF75~4+|I)Ib~?wuA#IoO^FF|F-FEMcOb<r8wVdrd(45ib@=E1k^bkK#3IDzce9k{l
zQ+u`d2ptdi`2svRFWvP*`<az%zSHDS`IgaMDBmvv5BC2H;YR|0OAh~D!N2&3;V<X#
ze@yUq95MWP`gv||l{{`#ewC)Ezlhf;pBF$3?VyC`jS!+Jr%}P~286uSZZrAl{b#eT
z@?Ox#_M~03PyOwr1HcupR{W&~bud1ET>w2Ge5eO_4J3;P2Xx%4uMba%-MBqw{ZT%2
zHt6@ZYU$fsrJZj{edjCTcqOnIUWdBx<@8k>S55gk>wNjFh2Qb}p?`q6M~@N!SH65A
z_P-fZ?TOg`N$88WH@ZmM_w$fr9iE~%rj}%WdG;2CySS?;Kin^;^OL~8{D}3^`pWld
zR^Q{V&>w98{nKtz{K-SwZk{ir3$)z*j<<hfLH)*hODV5@fVR!hao*+E-D>j<$`d5D
z%|HcQMMQwS93RKMOOU@3X+P4wrr(M_tcTjtn_h`@FYj;6<}XB96s@IR8{fKc6W8@K
z;7D<~-=_cNlq7>Q{xl0%)Yq#i^%f*V$$Z7<=XpAvwffB(Z8OyFSAb6G2hx7v>BAm-
zV)pTTJ@B(XE078t(thOoT7Ops$8oqC&iDc%X~E<hni9SpB%a*-t|+59;Hv1V-QJa;
z=K%4T+$dk67pc&Tv|rj$IyjFcr{gu1{GUC5o479SHNEZ9e5!|inx|au$Iq<3$;Il2
zaR%eV@cCPr`fKy?<Zf-hN`G^9#%H&@GCR@yMC|M>74;8oXU`droz<c9QScl8qS9oI
z_j)Eb$T&~For!peDcJJNsM+yO#FEUfM@o6Q{=2^*{NHjv5|QFc*SWhiAHqF9z@N<2
zekL~>+?|#N{^w_Hup1i(Q$MG}e3bVirKy~iKn|Cx+)4!v(BjLqoz4by09R=WJ$mLR
zTz}Y)KSw`GGOA|&g#6;=>wxKc#-)1S*RMw3ta;+$`Hdy9BI42bzr=&(ak<@x?d}kG
zZKx>Lf%Z)Qk~@@sms=4SdC^XIjrL0tC3k4QlgSx8OMG6D@~=_h-7h)b^u2ZK?+T>+
z*;zP4D#Tq{&-MLAw9oRk1^f#-7Dy7!n^KT@9_b?`ZeKfL)S^d7sYiZpalG2-Jx1~2
z+&l4GzMhb@J|+30%s$X>Z4T=V3Kx!-5?60iI;H^MQ`F<zG*7wgLEh)>zFy;TYjTIe
z`TDN&D<0N)J?E{~Gy(fhJLlIzS7!qp94_Mj^r@NsFuy;@r{kTnGn$4y_q?3{ZI>x_
z@87uj&jAkC=#`TEm*)Sbqs;#;0l&%r!62W_?@)j%4(4lTLMAS6ms3}>^0TK<jObZ<
z3dcrJDWo$*4@w0EaQXTENy5>y_Q3zp@=JxXocKvN=8JMVk(R?mP=2~tbg3{~ET3?^
zUyRg&_Y|hfxLhinCZ37#^lXIVc<txVvYeX8a;U15lip$kCyI;ZT#02lBP!M>okdw)
z;{9f^*HU3lL{G(X_PZ#jD`+_*5|*EA<s~U^#$T+bG_y6VQ#ESJ`n-yfuG=t=<q6~=
z6kN>HlNBRfcx9e(K{3(+m3d0a<2vTq?_#8J5%cV??*nF@{Vqzc6hHgx{@TYaxF_i+
z{U1FK_2ev!ORP`6_<AbyEKmI{^5jcVT2XjXQWR~_Jo(aX{xz>p@j~@;?oS^DGJY4L
z`{8$q9|`>!j!CW9r-au-D*RX(j3Ryb2S2!5>NC#^=UhrYX&O<yBYL0nx4pzOY<cvb
z^G@G?LjSfhSZ5$#-ZC40#p2j-yt*9<TC#KL!}l#$0w33{mWAtuXy*bnISXpBDZoDq
z!XF9pZ0|Uz3R9qYhH_$>_;)bQQM$wR!FJs8?_l^kdQ2hUqW>pL_<V+GNsq~rJj>&`
z{EPaRYT8+>^WO6rAP86dVuhPx_!t)oUjL4>7Dvf7`lA!2EcfqL$MZDqh|6UG=v~mF
zY0H_K&S{mjZ@zZ4@9u?~zk|I5os$(lxwfqND-@r{CCMTP7#H<`7U<)Cx;`+p+4N$a
zr1(C&<u_P<(DMD3H$7@xDtNKqS<4$cEU)^N_<L2*35XhTh!m%BqT5@jchr+`-RmRI
zgB?7$RVwz~v0PHOpLmYqi|1N@7aAXJ-7;Bd@|mmsPt4A|Uec`f9iRL6-e%=zsi2Aw
zTmATag+G*><1-X4d6lM}=so4_`s-;t&*;-`iEk$y<0Gae`Kx(iN}yl7c<wjLQ~fDh
zzZaBQ9Q7VbZyMVLF1bVdnM^Kg{#xVXBBd+2Litv$H%kPbe(L`mrk{Ez`tqOQr=C2$
zwx2oxKUwR!(6jYZw+HhWe1F{R=D(g@T``7Txg8wIap~p%N%EHS^lOYu!y<1T0FLCi
zbU`5RiH=JichDcKgWvn_;E$g<tG+)TRkxAF%j!<j_0RYn>Q7={KVi^>>*8xQ&Ktc-
z^Rv4&bw9}GeDrs1SMe|W1_v>wR=?B6Z-4)@?E!@wy-?wjB~R<PHK6%vU7Cjb3m8wh
zJbWFqt<l<pKjyW<{Bq|MFacLGOFPW*o>%;cwsZZ3TF=K7`Z=gc`u!Tp`-50u8ih{s
z>YS_{ss;BPJlFH_g5_^`L(gs9wx5de)cQ5IzL7Y3%Byep@t*f@Ew7i^?M-j)Df_&Y
z_utTUlfvInezV5`#7j|e9hDMddk=xWPKg$9zef4f5Si1Jtjfj-_A{BTd`UEs`ZIBV
zltBP4#*<MlzIzA&#poL%C(?N!7bg-g>rFq&n1(#te_J?@y8t(Fjn22!^v~l|!e0QL
z88y9edGr2xyuU^3>05i5yxL9yLAb~tUVL7{JEXJeDI1iLXE`-P;^iEjYXdstKC^>!
zltHBi45GL~zjOflNc^u0_E!-<YcO6u81Rqra!angZ9#jiNBvGLE{e~yao*zL*y1Gm
zFZL@rN$K+EHL>MOlb$`D9XUFGKcF*dwsvPIeT)NnB^KZN^Hg7-a(I^`pN9?x@6%AO
zAD~=^6c77HzWV+*$M61x@NWcs*O0F3@Vp~V*{J`tP+zaZdxbi#&ngSzbl=7-r90i%
zVg3Q<n;3j%Cm<E?Yb=%eiM_YMcG%_gdr`fnCo=@>S?z}|14a0}?KIeTY~OFK|C~)7
zU;XE7Dj@1tOAh~u#D5f@8y5w?>&vs}PoDl?{yKQ>O6P^^QFA>wPhI7?_MoM@4w<Y~
zIs12V!+8z$j{GkJ5A|#ij^alAW`4b;owj}u`m1k11$>+sT?If~>9_)XgUA!#@xbTz
zv-waNrJT<ypOSQbq<WRkkLCy%o`33n%2V{Sd8rg6HXq`B(a&auPuny7EMdKq<)r6I
z=(4ZN((Z_v_g{?E>!p6$_!}F2zR%SC63(X=K6^as&rM^U24h`gua%d99rn{?a#+}6
zd6iGRu-)=1w|L=V%d0#?KhaM=F)YPmcY95K9k|7Qd>d2pxJ%3VJc0f0?OHB3ItyGK
zL;32JlBWAEx>iY^dH|LPo)1CK;??VNa2u-Nb^?z6f%W?AJQMeO<S#=fKS!dsOXZf)
zp>$<*C|w~P|6Ax-lcPiF3gI5CphMdU>39h+gnT0(S-%7K$+t(rH`njb4-Z=TM^T>Y
zhpm^zU1gMFzE;2{7)jR%AHw&1IB(12WqU8-d-J_gP1?U73!BMt`$S(jz8*X^8^8Uz
z0q;LP8s1m^3H4(i+H*Z4{K}aj{Nv^q+&`%PrvBab?}hmId?MWE$MMGZ0TO@t<Sg#-
z{er~D%l8?E_+<Sq&|mV0{CIK}^m6Bj+RMmpO^5eL>g#=k1332g-!Axz(K<;(e#`R|
z<EzV&_2m0B0l#k;li!2VZZ*F*D?LNftnBwwes4<QEBW1@-rrpzw{?oAE5oxGKb?PU
zcg^)0dlSO<XC`a6O1)(5hN}AXD9&&4pHg?d3HeWc`*SM7QF^}ro$c-o;vm<fOrEMQ
zA-=pk$$#?uPbMVKi$DcwUL<K~x7siDqvMhDw=w>PcC}zkIjcOY<*afG`>AqPz7xJu
z&MMDjt?EItc1<ex%{Am0;-&u%<)-%aw90o#*dcnBmz&D>skEJSM@VjWOh|63qi&!6
z+%ojb-~Scf)9LC^x!QQVqCv-Nj?26{3on*&J@v0$a$EXMPwwNWod3-H+I?xiEBU*-
zif_u_k*fRD+tjZiwuVS?F09Hud06F1Ij^ea-=->k$$cxU@QVMb;on|LzV6sB@bS*a
zHMQrop}vAFyq9l$&H1sAuY15((s!u-tKN>?|62WCSEJt(>2KSF`fK(*Mt>hhe~Zy4
zgm3KkU~Ya(d+_lg^dFbneNGiwZ+osD{h!yPesv-5^?Cnz{4YiyQaPvNK7eqQ3TIk+
zosRpgjEiy4Vx;b8*>0u(SG)Cg2)|X}52XEDdUNRi)gO5L8P+RHJ=H7vX~uj09)IX(
z4mFOqmyXOh{xihP;~&R4(;$CWOB(h|`L|X1-X+DtSLM^DI(!<G`)U7!dS#$+d#{$q
zW~--mAJQ>P>a9uJt2Hi%@N^BKKR?`Ycz=ccsa_n;IQ+>8$>V%bPkFRUTHUXG!iVs_
z$|;jarJna!!K?f>r2MSZ^ZIfqgQ74#s`PuSw4EU#Tl7Tz-b%Soz8&tk+JA)P@XiUz
z;n3si)4$}nx?JUS7~|?n;pblA5B=Uc=KmXxtE<S@BRH=9U+|Uwp;Etg*U_($s{3JF
zaWux&%O=!cm9NJaJ|7C>h!3N`hcm8T1%2W8*n;?aJmV^dcJ~{s*Nl4UxH=z&xMCd+
z@Em!*jAQZYvfNLa>4j0gT2o(N^?l5~KIHrIl4b#q;%;g+@vhPI25LR>H!YX6cMYRU
z<hxoVy%KU~L|VdrD5ml1cDY}|x;n48Yq6yM+{XDhdWGB;e!K(x9KAvF{@lgmWB<NY
z=~x|W{ryhgZ|eKu9WVKm5MQ_AD@{2=evB^EyvN(cXtvzwTD?_L*5}o2aNV}g$@!VB
zw`jk^_TGf{;?>&E46Z})g>Y*C$NlKSFKj$eeoYm)tR6amE3DUrdhWNfbs&{XR&P~R
zz3YUob#gz0+fW792{@lea9xm>>yPV=>x=7&!&j~Q*?#))T>4dr&t0CBPdEO%U2*-N
zJr2)Rl=;9GAw&4kj-RY|6Ih?FL$B8Iq*c#*^>Zu3_-!}a-L7!HugRYi`g2I)z4~}Q
zCs2P?|2ct<<H^jjAjCOZ;>VJivn;>I^6U-h^nEn8|C!?{S=(pl2qrU4k8oe&PxvTa
z@o>N3DK+SLwg8pp@cxj-3!z?|PWcXNyqC&%Xi(~haHkN?-fKP*&j-q&hxn<v<lhN`
z|A4f6B=D0nA^rmJyB}oSzs}lS!FFwZ^hmT@&b9mVr-^?#?t=eE;JHn{Uq1x?XJbbX
zVmvq;JK_VLqhUus!Xw51j&}6tl=C?3XgA@Gq8)7${727@wgP`GJNg;hJ&Ja8ui!s=
zcJzC|pW0Eom}|Cg!2N2s7Q{YoEVFUrIz8_=9Ix8Labv*nsXG>bw-y_S!|`g6@HSq#
zJ<@-%Mf%747gX9Q?}y_Q$GZ^zU4W0f)=0zg>Q$1CHO}>i^xi4p>3JI*=P-l_9k+{p
z>iANBoYV0n8|Q3(nT~Th4ka_uF<kh5r;U44B|rXgZh4(?&gP%sA6&iAeJS;4c#Xkx
zv}C*MBu~CM+zS8~@|AKS|5x#TmsFE^?jU~h{_hiSm&QX!!oQb+HypQG1%E&8g5IMr
zew+^csotL_%^XtitMq(8>yaP7nV?=@FhRXuc$D<I>A$I7|L{M?r`O*FTrIsW*3s+p
zj<Q~ViF9}Mi{cy&y?zY%U9Y<s{Nn1tdwow#VS1vR6Wh~Jj=qV7!k&hUqBo$t)UYGE
zLDF4O4^r+QTJ=)^*hRbKzO!Ofrn^AB>GEDiPs8caK0M3lX;>V625G5bd-OxJQ)(EA
zo<vGK^Zuz455g|snQ3@Vi@qgvEsDM&^|nV}xB8D;{ab%hS)W_A@cxR`e{S>{=x<NM
zdC^{^Z2zw$9f?Mfvi+YuQCXj!7w@lF{d48~&Yp&4@?B5X|3`qc-V?cY^*tGJmuT;t
z=r5$*rO~6(-f;8<^q=)U_T$R-=(=#85&n|Sh0%AVzgI-xk$%2E`nL76A=jSv^XFEt
zJ=!Pjy(s#ewD*V6XOXhK^0zD7E2Bm+`X{S*dGr)yS88}z_Sg{qyqsK>z9$U+vgmUn
z$F0$4tv}D?`co48-!b@0qi;$-9*q9M`mr?E50&>f48BA5$(I`58-3d7e^0ot545U$
z{?6bpiM}fM?~nL>8PflSn)v^(!M{+>cPTY&mUEa0e?^Xd&Ny*?oWWlleP8guC;Fb@
z-(FK+KW*?Yh>ih)rG|G!UoiTY{HT)u*bWN(pAh&`!#krd8{S)L_VeQgcVD!}@NLY|
zt9JJhgS$66VEFzzM<?GP!}^xNZHhi`_-@Y8hi$Zg+i7t3L_Y%0$*0LR^<voI?v6fh
z`tbD}eSAb!jQ+^r-Vyzy(RXG}PWs;1R)c$c^qA52;T(OcUk@1EUD4MJ-;NwU)vNay
z+?{gX82j<u9DQm>_Zr+l^aI1!m*XF{U!osxH@N<&2ssnqv>bih(Nv7yCU7i&s3zZ%
zwEQi(a&2dQTK?)B9V(x`wEVnW`8<>qqg&JR`*VEJ{@$FH-<2y@zTKFXKPShp69s>F
zTK+G&{wsa2Ps@Lv!>{eXCN2M5P5dj;^2S{KlTcEOUX_+VoNHh8<CSUo6*>MYeJ@SR
zPtNgA`*&qpz9QGY`iINY@^9qY*YZo!^2c-ab)2{;Eq`6E|7y<{q~#yW(WmxwZd(4T
zn(d#RmcOE=UpXr+e=yfRUIPMu7o_D+=Gs^NoST-vBiFw2e|B0vE60EBAF-(Y{503T
zjyF27r2Slw<DbfhTA=kmQ?q?)v6laNuD<FYoQsvW=h|2P!U<UUdvg6JW&Zvu={qIY
zelyA$@9zoXtg81tl)dRWZ`~W;{tVj-<Iqi<caHEbp5J5ohtCI8e6L2nKZ7WRfr`JU
z%K0HLf1efKRaLyZ^gfSI*h4(SmIwXe{95+o2m9sOk29dqzP{|w1$dw1Nv-$75FS6P
z_gDW63Pk)sgY_VrFWY-~>3d?0Ez$vBw@n($me>CJ`;_s}i1a^c?67iOhfeH$%<emM
zyh-QP{{1^D0j~FH5_M7OaP?rns>I2KlQd2)oS|`Y;c|_W3;##s<ih79P9|QJ&r?DN
zpG!rj=(85$D@LyoiSd1SzQ^2Cn4|G>p+n<k;FEY6_!uwO!dIRd;?oy@dJ4@NHy2*0
zadY7@jhhRfj~F-C!ZUqVh-azMRo3{q@B)pW3!l;Wxv)>-=URB$8$&#o7@mtXjxJoQ
zadhFc5=YmnKUhJ>1y+BF#?yssG@b@u7*E%#zqg|Ov#tJx8dn#t*0{PbDsgqK`nxOm
zxxnf#*7&-xT;uD)CndhFReyi5Zw1f6to|!C&My3=#M!m#9jNHHXbSY<6&i0B_DH;4
zt6o$=?}^sl%QfyUd|cx0TJ;WA)H}}Vy-efp!p9{3u2pY(1%D@5y_aenUidSK!)w)B
zRnfoSQ2o)rWg3qcc1t{7t6qOad;ezjUZQb%;ZG$luT^hdMgM+g^_FUUUigs2=e6o>
zu8`l8Qm<6_pv395;QK53^<9JifW+&y;0G)E^G$=_C2@N#_{|ml_?p3wNc>(4es=}^
zUo!Ze635qq-&;Zd7Yu%f#PhY_4^+_qn89OST*t5Mub}@^2ER?>`&#%9R?z>b!9OB#
zel7Tp3i>}{@WT@C*MeVFLH`F0en{f}TJXy&=-+PegA)JOf?rob|N8~L7F@Yv9C)}c
z-1G`K9g%9`>!_e}b6tGx6>#sY4_Cq0yX(T0E8qs|!Y!}h`&;V5byUEuuM4-kqTSo-
z!tJlX_oljVdn@>|rY_up3i)=|g*#Y5-|OnaO|NM8)pg;b3Vhepg)3L|SLZ>s^krQI
zzGZdsZLYxg;<|AC75(U_3pZH7Kb;5FqHl8reT(Yi+g(B5!n$yS74$u?F5KP<`WDoM
z+h0N7oVsuaE9hg?Tsv+#P(dGOk+tEX3Vb>bs>Q$M74&g+r8d5G75ETT)qz`8L7zUb
ztJQ9Qz(0RqgVD_6PiE_2z7Lu8dHH)G{{C9{ey{9TX;!$=b2OFt0a)bmd3r9D#p(Y3
zYj{4@A7bGxg`cl@{CrP;enq@IN~u$JUtr$Tm9<xp`$}-p%X_ulpG&g-yJs`5$6$yn
zzt4^3*Gc)Ly5(i`HKlW|fZ?1iOKY5y{FhkJaCnDfJ1<8&e&5sdyb9}AFDKi$oPSe5
z7Ux}juE`#>org~2D&hQbUjBY7&jXkIiDVe`3iZgDqMW7$INO)w{a=AX_P7)0V-xOZ
zoR2;73(RXx9^7X|3kshXZbNx&{bqSNS3ZdHluwIMh|AC8bG{vk^AWe8og;BR;=2To
z>Y2Z9J=Xb%cM3eYPdVuv?Z3|Xh-V62E}!w7k4O*1b1x({{o{Jf2S4zE4-grWhPK<Z
zztjU>zCV%szS@z$5%*bC!uQB|#W!G~1sBh|;;-bor=MY-vp~YT-%6J0eBR&N&HJ%%
z9Y_4vHe%89w4Q=}(LO&a>l=>?{-be@;#T+!wnKYnx--bTK98QEbp8MF9L2kiGXK{E
z{3id`2l>!X{~G%v-S33Yd#SnZSJQJvO^-V#W#?)P{zo>h(ywuSmFsxRgL#AK0erpd
z!xX@cg?|O=v%GWCzlwg2AO5Ekgnx2^@OobP`04rP1o3}ug79COAp9352>;jw;XgG&
z_(vxQ|B(s8e{h2E+b0PB{t3eW!35zSm>~SSCkTJf1mOoJ2%k(4{`LvN-#S6~n<faa
z--Q{!y<a~;{3|91f7JxxUphhf7f%rW5`j;ebsSH}5j&UH=Rq6~7zYpv$=llI>hrH~
zp5@PNj(@sxJYgKobClYH@r36ntqJlRSCU|S3Fi|WN7D0CP9iqMS?!YGJqT39mC>#F
zqe*vvj_w-*y5s5PN_yrPJ##fBA8^cg#>dN*SMeOJ$MKpoBY)4u-|Hw!l#2Kd<1R6I
zzd2r065UnuJNkUsn&ZReAs<e({(v^huT<b)#3S-IlNb9-`r|noH^+9)Yv(bV5A}dO
z;=Gc2m|Uj)bG;y6s2R?$JRe;@vi6KW)*kh-LN3?TZr{(dJ<{zTt^RtP9+$Ph{@to6
zn6B_nT+sWS1)Yy`9wPj;bLAcd8(0z-%lM0Dw&!#A0rIAAT{wJ-d0$tV4ISX+^BLBs
z<lD|M`72wa&Z(OBbA$=Ul_=_Sp#|_W6tG*DjZ=KdOk(H!6N-b&&)a8vVh7rd%pVlg
zUnC249+tG1wcd2Sf3fw)&owLxmY_dZ3%KZAML(d2yr@sSyuRz}w5#+!`@_rQX3{D4
zZFKr~y0}}A__O|LTpOQg{?5<c_45_YpCn5T3jh7w++>N)E8{uRY?QPf(DGsHzrS}l
zto7WF#KT(8?Z?mC&yNdL`w(>69mQr~okd+2@O~$)*3NZG2l++GI-U6bA-kQP!&^1~
zzFLaY?<}-ktqdhUKZ7kA&ex=Alj`A0?e_vS(vF`uLeD9p<hl_l_w|=_Kf-MaPdsn<
zIo5Z!8=OdkdZzxl7W`*}_D9z#p5!>=W3IpSTfCBG$`9(h<R9KGboqJg{{Ez|7x+1j
z)6A~op*;fMHv@+^;qv#~`exYrhkX~cZ$^uhC+Czkz0>SqH9CqbxlIX3?w2gy3;MO-
z?VfR#+~^(BF{*FI*^*EFp3xsavR~li5nX@a{t`+m-lhF%dxy#m_9Q>tKcsOO?y?}A
zmnyh?_l7?^3v=a;zqc`Mp^y>vo~UVZpSD{nTpW=Qf6s9W)Q>AM)H5PT)+(KCtF-~Q
z*A-UYIq5VhXggWUi_skUF}hUSsVfI67_PWa;kfR}ij*_cl0Mc>&rglbPLc~0zVn#c
z=Tuk8d%nuc--}84XYHl@L!MVMU(?aIYuX7qNKY~PxyUPzzqeWS$j__qZB|14d>TKW
zJ3R+(Zdnk=E#{Z(yv6HJR=Ww;tqx!yNx%1dpYE#}U95D`-tOXgVRvah9?^2Qzj#pX
zDBgBZ=q^TosPs20y!%U+a~fY5A2Rv=R4OFP_G*27+z}m0UMozFoyYt{>W`Y-IBr(R
znS|hS`>v{YyA(%L;6~^ITtC`Y9HQQGtB0f<*7I}ji40d&d+L58+CdrRX?v^2ZZA1b
z?IgKQ{mbZki5+`W&(O5@GEI|KlcV_!_e;IaR_@<f+@kp^yKUMka^N^v1_;LqS`zi)
z<Nv~QaMizix$omo{Xm!EO>F!o94|iySK<fe%W9uVnWgX#R*&LhNqXL}HYeZXBC5`Y
zFB3fS?;6vu5#I5(4QPWtzO6w0uwHW9X4Nz2&uxM(ecx-E>0i7^?{}}(l>KP2cGw>I
z@m}!5<F!s2KFbZR82v)>DPIO8i}=C({EcO~k@Cmh2lIX;=D(5!S}){}ynkxrV7yK3
zCLT0D>gP09@okSF^7pu1FW5f*MQttotMoHnVfQ<+FNv4Ofs_yZH_JJnbo=)2%Q4R@
zvu~YIj0SdHAuszrbG5vzp4pkdU-~HQhLn2T+S$OI=9$LB`&55n&n!u<)4YFw$lFQ3
z<9?s&dpvA*qu~Vf%<!7MCTp$yLAJtn)DEZ3*SznWbU92rR_{BXV=50WKmYdnlgS0}
zbx0C<8>PY@+xOzBXJ6s@u0Ecpa#z2bk4M}u=f@G>XPLz%%9kuI(f*}z$(>~(EV<wG
z^)?WKE8U-I@qc3Wk&i!$(ZSy-{3f-x^QF4@*$Vl;%J^KRuWywK&ev(@X#IGurlVJD
z>i1JWI?wP``QJn;_;{6Es{M+$Jtg!dms<bqd-2JoDxbv8P4#mRroBqrO%|5r$25-{
z%%A!^me0fMt=sR;&C92vY08=Ny0Pj#)nv+umI=?Pq1W?qoa;c*sg-ao0o+*l_vPsN
zw;+BVtKNZJy`PP<-qX2yPmZ(R^c)`!jI&-#uHHAsS+65k?<?c1w=!4nZ^l_~U9Mg@
zj~Yu3n{xF&HO}@1bM-zx&U$-t^*%h#di!(rM#fohR!*;n##ygDSMTAV9>)V(y4Vqx
zPEvciQp`K@^KpE<@b4-R?rre#zAq&7;~W?Ld{d57c>EXj+BlK4KCb>|qmI`-lh2hI
zY|rFL5?Pfd>i|@m{3kMg6(e<gJfD%KU7Gv_iBpTw*+L-4@00PX7>%TPx<22R6Vk=;
zg>>I4<H-T_%L}ENj6dXq#~*DcRr=-dod0@$E&n|7O#z?dVeNN3w?!KC@3N-;8=Yf|
zZOzs$JBuruAK7@<toJ=mtQUV|^?s!NoMH7$-f6w6_NL0ruo!($>h(;%Nc5vLIguR|
zrO6w0{%Z4#TI&v19b}xW{U}Cjq$iXUuXKNbuS49Ya_E^nL-ZhiMETS+d7bIQE~!_V
z{8hoo{Sdt7VSSE>@m)8;KW&}dmiUuHX*cA|i}NAThmFcVk3VMjYI*G6!!o|K&Cm&v
ze_t-6=S<_nkBtx0Wk*Fu&s3o&uWuf2k>8|)`u7u_uWkMGcqQJc^o9MPKGyAront!t
zw#t6AHD50`{JR6wte;7j!jT`ui}w}Drl@D~>*V`=rO7wSck3vpL)p)i!?K@`NkmzU
z9x}bUTG~w>-Yfai<P&fL80?RKm{!U8TSBj&!$tk?0GzK2gnT;=_nmJ(pXWTOjQe?g
z@b3ijy&<4Pe5dh{^R2H7H*xvAIx#)!Job3OSEWyjEv~vy6>wgmMf4=E7rsx2dO>+m
zFLqHcOb?2Y8m8Nqe}|^m*JXWOqgUx23qSis{C^bcUD}S?UtaFTXp``}G<k7>23DGU
zOM!afa&fzvH+9Om_5R&#-`7oQ=sP{X%PlXbJfG(k9(jf;GFHExuWzm3tFF_OCO67T
zI>#sWs~Gi|9=^W7b$ah-=4T!heuR3)ajh6#OZJN2Ih5TD3jZfM?(~@5v<rRl+%lVs
zLObC2SAX34>@y^=7_~@!&L4SY{TsjE>J0U#jvTvJ5qq_r<>lx4<MBt^jN632dHc)z
zEw{gFd~R=3WPBQrUR)IR$MliwZnWTfbU6Rqk2*d0`m50I<%h%HGedgn@RxQ<d8T#(
zdYRALi|^0nIvdOL{plOPO<Z}uR+{_|g);8De);#YdeyA~kLvIBy}uBBs>f$vkMuZ$
z{^tbr&%g7W`MH03)_U162H$)gHMCorK+3;dd~o=D`{+^Q+YfOL_tD_nH-Wca98!yK
z^tVTzZ|^#4d>b8$Z&h)|`2FC=#^9UV4daug;8(5qgiSji!}z2H_p9w#7Y>hHd{Ra$
z@CS?3pyw67Hg13UKK46}8~#@C9Lf0P-jJ_pJL+%p{woRm7sq+`!|tCvzQ5Sk!;8_M
z(hXMmL0@0<=REXNKfo(2)9#V($vP{4rTBO4)p6L?KU04JBG^El&U*1<X=+=c40vBx
zo@V{2j_=0yv!Q?OBL9r8Oin)$dOgmrj<3hB_no19a^q8|_sh|*T6)hovX<Vr<Nndt
zds-LuzAWiHyjMHk_;FE%-tUz9M^f)wL%!zpK8qv9A7__|FDIXH{9~Nza&W#EBYjUd
zYj6B|F(agZjCN)J3+#)Rx0~9P#T9P1)$!rQHSKrY@!{gKw43?8@yCh(&U0dYzHai#
z+xhtY5w))Vye0HQPu6Ic<1#flSz_x+x%q0k9(R{CBlEsx@MpgMl=?NB2RQ#zKQ`fb
z@x4)*{b|<r4mVy5{n$SC+t<rddr&`ixO|VzZ)fAduZ7?|zFPd76O0GWulzWZ(mS7{
z5!R;)lgI5}KEVFg)2l8)myScU8@7<r@vO(8*H+4JK-+sZ<IrZ2-yR(&kDC1cS_mDF
z{C<oVMqKYxzUBRm>su<n@%x9{YUpd8u5tS*+fOqQ{aOA0RDVuB;`+064E>qte71A)
zOrg*1)%OvW8tzs7*|tyh^m2`dlM6MCFV}%8v30!oa<%K^LQUh#)lQNNHI29JH#~m7
zEI+b(EtYq@jCx?l@ls9C?9lX-#gh7SRFA9b`_*qryAzp*KNtM1o=<*N>32J@{hSkj
zPVr4S_{8^h=ILU5eF@s<?uG*X`#wXLPpR-LsqgPc?u5VNbK&(!F9E#od+8}0#45Bt
z&v^(7zQoIX>W6)u%$|FU|2fNJ+J3W$A$u-_ahLSw_jz<qdi8I4zZiW|>kVb~_`Ip+
z`ad3!rSU{AUMfaE95<ftkBO)0x1=P`|626?1MyVRvASmcTI<$d3F%1v{oP~M596G_
zX8p9@OJ(0gp6*)hK322cPmEbVZ1)ot?f!1u^*&Zn?`*M~^m*eWCV%J)<v$C`@!j0}
zi`>D=_biqM&t>I(lORuhZo>kz>$T4}oDaPJl0fer&i#h(Crp;;IPB-AC9S*F&YRnX
z(D-USzdUK}*ZWu7x#q1KBws4LMB#?5UW@v%1?bltl;rnQC9V2A!uS0WjxG852l0^7
z!}XEJ!5@Dfn7&uPTJfjvxr2{o)Mx*a=VIP~#S^}7%yEEt{Tzc{+u+w(&~qT-E)?Pl
z-?OQBf8w0WrMxJoyaCU#2etnePoFlcRmw;2kwng?V}IjaPb=IGg)c^y&$Y+>IJ`O=
zo+qjMQErn%SJHj&$z@WE@7_$6AO3x2-=ABI&eZyI6^`-0)VKKG-}4||j$Gs`Q{NAp
zwC)#ri_s61?p!<7@B7Tt_JaLt+TK>F@9z&}bPUS<>h?Fu{iJoXq{Ya_m!S=Mze)8h
zJ^#JQ&e7kl{q%F~V%NJz_DDV7??-)LKa29V0_Qg)T5fS&;^#;V>G)oZOfOQn$CZv0
z&iMod!<FIFerNc!U;e&R2B&<;;I!X~?Gxj=z07}YJj(1;?Jim3d{O-IRc4n>>$G22
z`FCp8DBZ0}S8R6d&wqUXYtp3cmkQ@df4J@g66Cv4pLy)D$9NOTq<DwIwRN!+<FR%h
z{a5^LT~I7s<o5?q=6)tNKQMZu6h{j%KF`6=(iAu)TyDR<zQ%g5_zCR&IOS7GsG<CH
zzeg?jKMC4P9@cu~qu^hy>1i|dfoS}QmizwI-nW+pAXzpd{OWy2v*hD`Nutp=YZ~8U
zc6Tqe9CE*#S_S**w)6qLpY$o*=#^3&C9p$YeXlaS+q9j&%gb_~c1V8kxwE7V8lQAF
z=zffNr^)ZO4uOyFSSqQ@sWjQzZB@KIlM52x6r;bD{*0~>@MtIS!yP`e9_b~x<@;pa
zFO%=H!S~Tru8OboSandf;NKeX-S_YM_ppes<5cj;9tg$0FVgrEJ72e}Jd*2n3%&7n
z)id9}om{t9?k5lL)70LBNY*~C`DF(*wfBY6_jH<`miu9Rup9l4hd0Rm_>q21x2@51
z`#MQoZ#(5_FZ3Mpq2|QHo20zk?9$)c@^d$RA1UkKBJg_zzWV!0+Rtzu<LCcGy7n8q
zDokwtD1`ed;M^Z{867<hlVyKIPs4MB;vSqw1CsGR%9;2JJGS*3{)TG7imv8QoUi_z
z2-}X3mSo=*;pulmc)lT5j9!Mn3J22#-UVWbgeU3{9;$`1EAW@_C(8*qgr|lQ{zRl9
zJco{A)PcV&Z_#}`4Xv_IAcUjk7o&>|?#zgEl^V_xPaVRs9sf>s33y0P3F9hNI)r0C
zi;-^VA|BFFYG{-FVIdslUW{~H4)2q{T_>qslqR(x2YXs13E=0;j}RW=8Sc-mx=;S$
zI{{Vq$!Cu@LOkSOF~T87xWfBX1>c7h-lrxNrB{{kq#XO9@VD|lM?N3_LOj$Hf1fbC
zPrmy3PvL!fcK6reecgXYEv#&}gnTE?Rbu<uxk_dSxpS3hU+;n)jIIJOF1H7NKUDVh
zYLWQ6biGl<9r^zH^*~<++>H<>(^pz~57y&Ie^23fwI>{Q1rWUV+m65R2dJm{*GgK9
zH2&);oS^muc*?s}XcK$l`#dWDd1-ykUnBV*z>8fK&IHd`uT}Srp`Pl&>1jR9zufB0
zQu`{*SNkd~5Q(zAP#;LI=G87sg)`L73iHIy2p{SL;WghO?UV|0)ZPknMLvWN^?~r3
zUt;hJ)b0u`Vt0fO^?~r3KhNOjsr{iJ)Q=MSL4D|+ul7ZFUd8D7l6t;-k(L)D&XQCv
zYS-%b2&aByL0Yc%mdQc=#oV-9?W;M>tG}F`=1Gd%CGo3&#2|-@&qF95ju(=mGWCS|
zdLHz()8fin<?n-|@^OcF)sK=o?U&jatwZzbH>pLMSGyutHBbJzU9!DfZe4#%_jFQ^
za^yR2xfyxMMv2D{{J1=><PNs3c-UgM`L)!}R!DI)`VvbQTS{k%i};(7wrx>6XCD7R
z4|~D+jE<uo$1(nqaR=b<3eQ^rx$Fn|@@crdPSIAyUjXdQ)}H&%#P$iNal(BXH?aLO
z+ikLVp-IPOAGiH{aDSeaY<ybAVPF4EHa=x}jWhD`M0jol=kbiM$!V8oJY@KqMg&jn
z?<=<sYW@+!zhtZC{k@818VB{=0c5z6Mm>KnnXi63S!DdYg4_-KV25PW^VG9`RrVv<
z__*~;;|}tPH~O0N9G}r`iihv3$hlqHEf1sm68h<W)!&C5RrN~y?dQ6={C%G{*EvRl
z^$TAQ;r*$<p~dRu^ZiU7N@vJ_(#7|z_XPOJ_df?~GX7h?8&$u3{V-`%1Mu(cC5@{0
z@sPHYn11yRDL?ue%R*Rc2Ub3B(sAN{ef^c=2|W|fO>0Ivs@3owFbZ&`&(DxO$as{2
zKQ8(VQq*?)uS71+H`jA-H<RZ+lb`B&vT={)cT4KuBjx*=jC-r(bvauFeL4)K{3^-l
zL)-KBZO!k1UiP5R-ka-7?a!aL89k<_zOIurs=oSqPSU7)n|`;{@tL0cesb@Bs5kwA
zoDZcptk28WlhX4vhx9)Ej_c3n05A3CO@aQn9y$MgUBlxIu4nWErPJG{uX{_LEv-O1
zB&D-(2D3O<Pm+rDR_cL|Yt$QFZ1*QKGrX~#dyu|wN2Iti{Iew=4;>Wwv;J97dH?=q
zI6rwO?vHXX#O3SiKELyIU)Fyi{I0*Z>E*mX74_e=K?xXD^-brKv`2JDXn5wCf4-dX
zuV#BjFW2)~-edMK+D|Gn|3yDg@4borIXPVs$cgp#=GIS}ftT^%Q@MJV1oixVdw-7L
z{%rhmT_E)Pd^Yq?_2l}I3CVSi;t%9{5cT6;Wqc^t<>WIR2`(RBLwO!UdAhuM6^`=x
zThgOund<GE22^0a9^m+D$@et0OZ^wQingPjEsCG=CZ>!1eOtYq#_bc4_tZdc6OlJx
z7+^n1-{`eUfUnQ^zPiyf^?uT{Ty&THc@b{;dKv5g`bUi8juF6G<*x<ry&bI69wcDg
zW$Tv@fJwNLc1>enFKP#3T=4@cn513P_yM^McunKGJa77Nm&5D)Bfd-VB<<%2V0@Ri
zr*S#`3r+6k_RFOF=Jv9r?st+U>!jbwk~NmDvUH`SF+YBS%h$>Le4}KU#W80XJ<BYP
zQ8E$lZB{&Xu1T`7U-Esvj(ME=EAq2}_-)<B{eJj;mX(y>BSMCpd$57|ZI*{vc%EoH
zr1GO2o`>g$so#FJ!ufd^$r6S0b8VBRr9v0!cmqH~xqlLJcYoQ5_se+If_rW#|1IT%
zgiD&*m491iS$?tQr(3>5^ADK5+;93~>t>0^ExqUv@p;^0_MgTrX3rkC#M`ug@ugA?
z^-OR4eceXW8+)HOX*9jD_kBn0d3DmL`V$YBd>daT2;%{#M+1m>!1SZ>wNjqkXYCJY
z`>FmdD$5PgJMjAEMXHZU<BRk@n!)Yp=DTmuJTtfwTi;HaOh21UKburPOUG(JlC-u6
zKYNaC5PPQ{JdUx>?Q--X#aH#b*!)%a-0b%#ckMRT{}gX0oe(bfZz23YhV59teO+7n
zk9wrz&A{vH2I=!Uvv-#N0azIio8B}_bLjs*)stqEL(_iCn;dL@6Wh5+9v{WSCWjQy
zh}AQBHSNve-JQd`NAiik|39Sq>*o~3L#n??Q@_I5`g`*5X35h|;Ce8x*r4TW4{G|X
z?R=@=A-_J1=d7K_ep&LVy<ebw8*Q=F;#FTaCtb9N(9SQ(`S*PJU?AUA-|hU4)E?}-
zvD99stGwa?r6W;siT@CPJiROhq=(m`^xW6elcp`w-`M>^)4i5={m}C<{ami3DVFlS
zhfNOVcaw*omix)WPf0pae;dYyZ-pFE{$Hv6$&ardH?zOA_>lk8a{SMiuM7FV#q`(t
zzs2mp`M<^Z;QTlHcK&DbFu&;jZMykI_ixk9FS>u5ZsRHCh5t8CSO3NS9F9DFJY@X_
zpiJ$=<?}4<B$UsxP(FuYAK%0P8^%9*`*=YppOjxJr~fSbARj6Dl#do~B+kzxsPE-~
zpIuy(!__lss;(bTnkJEA&!p33JS$Do0oCW>jHB=TRkq&2@j=&7?=d{nbUk^}X}X>~
z>0((Y3+w;UFDvVpP}9G+*@JorM{s`EMYzZG5}DbD^^ecBPe~P{_4vzvJXhD3(Jn2k
zH0e@VUk>Y^k!zp&;NROUP3q8f=1DIS{~y-7GS{xIXRcwhXy<ZWZ=Q6eteA%Nx^wO6
zx@VWwd%3PVPr6E08pC>jQ?uT6R&TkkKTo<w)}O<A-^#5=&PNUZ-X_-%jzQkz)i4f)
zTBPeOl=GkE+J~7$+{aUXE`RC8aqJ+Lba9TL+z9E|ldG@%x~vLrQI4-C0-_jQTm^SV
z4o;sBEUtpPI@hk^JGTn%iX5Ci-_Z5?upe*CwaXzn-M7*#XyrSy*X7`pzB8)Y-BPpN
z*#bxT&<~79KI?1Xp?sp8d_F1iq1GY(3+VmVTz#(8`g61p?mIa+)nAJz1AKSo;J5<k
z`$$53lX7rGK|Q(vbf)9*T-?N!Juf!@)L{Mz-z5jD@cdK#lZ<1?`}~XZ?Ecd-JuOCm
zKy-M%YyPRh{8Ph~;-6~O9}M_djC3IGK|S$L4KGID*#1kzKh>&Vu4w;WYv246+7<uQ
z@KW(lwdyagXn#QJml~F-e`<Jz_@|onD%#y>^<J+2so^T|PqpgxSG3n>^<J<3si9l^
zQ>}UjE9$+`>aDit({B*}RI6S`MZF%Wm-#21H&Bk7gZ}vZAY8B71Ha|#?)i4yj{G?a
z@$LULC8w9Kuk!v=AE#&Z`#Qe}+u0}W?2&jA@5KvXzCGeOP|>etb>TXKeifq^*M)1Z
zfa|CWx2~dH-FHxnzEu@)i|XU6Xm?><xK$N!&#Mc!xuV?#0>^P?e{kRTReOBx`z@1J
zjrYSiU*z7Z^D@Ho^8J9syC;-qtI2a%;kZsJ@@!RkW`0-o&i5<S;@|X&{#HI`2>nk~
z0jK`57QVef|J`5Kg4-RyxgAj7YCV5qeO{UV@2{FC@i~G&|DpeVHy&uF{#S=B8P{sX
zYkm%_e|M*ZQ#9Bl`5um|{(T+ZuQl$CUMggY|6d=r@AF<D<xHl}<`e91aCL-szZDO*
zo&TZTa(#{cLxOpL${~He>FZRsPMxk(**;lcry@T|Qn%6N`>1@L60T=|7Vqn)d}Q#2
ztJZhQZbpB7f3M>qoo|%;+EITV?(5k8{ube`L4e`U<!Y7Bm2$3PVBGJOBt6fH^*19R
zOX;-n*1v1x`-;Qwul*#H&lvq$UZ-DIjk90<2-wEz*DIvFe!pH5^vnCh{?3OEdVj<F
z{~W-3xu?A-<JB|i1Q~C8CY5boG*9kle#89JHn|<~`Ex#=UW(N-zc_CqYKhlQ591Ua
z2YMz=*7ySRFOEuK{Pgd?tHjfUa{u0Y3G*jnD@|&aIAtRAeL07hcu3!1g&)&#pfu@J
zi9<rV=G5q)@8g;X9k0pZf!K83QNgD&?pE^Ur#bp*>F!TMI=`NSqe)Xgo;;55YT%@o
z7U=$Sta;M;IeJ~L2P*gm<hUlnhv_-IoKH|5djq_ryCbm68$om#aO*AY!9yg{(^Hr!
zp0B5HhUimI;e6@eqbTE5D!kWHe}2A2@+>DGiqU4t_u#ar)9{PmC+EDor*Mw!cPSNK
zWBZ^Ak}pOY@3MXg|8d?D{u2HKS-<QlEQ~ngDdBtK+$qNWR?HWpJMkCmYxuAE0m*Z}
z8AsZlLc7H4rNULRUcq|kKI$a`$9kIAxR>zraIaK&x$I;t;d|U1+E|bGi_x3$SKHHk
zpX7TAXR96I`_^E&z|$UzvP)LsHUFj*o_1I&T*1#z3cT8-t`Cqd&EJ^9Lv(<<Ox8<C
z5A(%nwUiTH^IeiJ6)w@ZztACmi173a#Ymr95MJ}IG5Cu`lS}x1{7l>-ysnd6E9HdO
ze5b)*6qWI-gzv;ROIi>)6{F=+PWU<aUyNQU`BLFR+b_7p_SqFgKE=r5T|nvl?<EF*
zf$T6X6&6Q~{76p=(xR-UDnB)Uxxt^W^Q^)moqqsc?fHdLPI@%2>jb63xzVY(S1Oz*
z-%lfc>S;03^#Q_b{sR0W+`<UM2-0(Oy$JBM6F-lU@S0bD$Gpya&&DsMmwH=_+R{8N
zJl)ra-*Y8@W?D|Yb3aXd)T^Rsq2kl|H*0BL*VQNu&C?I!d-Q33lH}PdEvM)5?-&sO
zOvw|gmY0$Gep{9kb5X2Q%Q5{%p1sz*?h_=JG(R6{QM6U_lw(n(ulXsGr}b%ms^lpp
z%~L);uCsl-?u0zKpyh1I<0_WZ-xbCCXgN9Q<FbEeuhc*;AilEiC56wcPXA#Rho$oa
zWoL?~-hFR}HnMTml&`amFQ2vWJAU7v2l#smE6`a|(lb@#;1bS_<JG&0Qe;1rFQuuI
zb=>Td+o_+XA76_2)cMi7iq_A1v}%lVHQ?V1g;;^IXYk+C(HjZPxN?bT7UNd>9iLCJ
zonJnIxL?VOIvJ?2yawE>(ILV!Zf5!IaFsXP`R0tn*OYI41M8M=x@BEr=bQ6>&kbc+
z1n9Zt#y2N3sRi&gxZin8&j$Wp*VB#r{H5)Z$E1&tZ0`xs7p~Xm%dZINO4ccUr{B+^
z_va<NPrLQ_ocn541#yJ5$8zI`KiA|q&G+d@7wxXi-lHl_Re8o;TEX=&?$W(O?*=U4
z<8CeIdwk?ye2&tY>T4H(2zRc^nRM)<T<kvEm41U>=gVhUzE1189)@x30BH96zTeCD
zrH62Ra8wQ#tGP$9x;fCJbjIhhb<7FzA0(vkRr`*NUef<%n0l@G%va<-h{HA3eCBn)
z;r^l4eB~@DCpC~)uOt=oneW1Zc)vV#`J{ZW;V1q8e0BJYZ)gmc`xW-@WdYy*C(inx
zIE(th@859T{hv5%G1(z;`~SpQ^kX`}Jqn&Q<NtrxIE#LdaarmgFF*!YIu7VCA@PHZ
zR~WZ^y!y!x#vaFC4p`#n_}JI4{?^CyWR)}{a{!JUY5NR9ai!~NHV&)+5J!fd!W@Yh
zInUtb;{?ZZj@-W9&vS;@uD>UdUoT9WS`M;4<Cc}PF^JoReQ|Q1aRnpSq)GS75$-L)
zd_8H>eRI6OxT3!9p9|aLI&5O^hZ8R&vc%pWAKk7EdtAVE)H{N981IrgzUTh2?`tg0
z8szIQAPAq&a9)I}(R%c|jMVu;xcO**1@1A9?6dC>jqXGS7x~2XQ-}BUN5)b6g7$bG
z0O=;a=VH7M*Xd=Q+2q7}dvftt3&{3;)~x?d<b579IwE95eBD6k7|?u3$MqpUKm@r!
zJfBA$e-D~rE^b90-;s|YzsN_@&-Il&ed|!*^s(ORuszfRi_&&j|M6V^)&%uQ*N>Pt
zmCC;l=<?~__(h5%3gr;;G3@_MAw9rNIkO$UI~}fDeKC+D`>`jKU(o-jbM!9<PU__X
z;O%RAQt8@8>d<$TJxRPM=QR<&z8H0#4}3p_aXQ<P6!Z}#`_Y~ABl+^r0FZDXL*^-c
zZ@B%9-L{{K_IFFU?{?DG-QCld*uE;>zja;DZM@(0=9_Ny`9iwiW}~j>rv4%5ujpYH
zYifUM=>zp(R$%v}Zvp#@c6l*B67)Yiw@JVM?e9Z`^Vt`H55?#&g#WDn_lAf4X8ub-
ze)J5s0)9fSP=oZleLaQaWQJdFJ&^J{@IzXVUZujQ{NVj>Kat%hUNi|?`-GHd>w;yO
zw{U&0gpyL>I*}*qUoD<Wz=bYdr~9bYKi<{_+hv8LR9GSFf~@z0K);L8hYUWy9(awc
z2MYbUc6424ht>1-z^iRNuv69pS?`a7cGy2%|9HRE^Yy@2iGLydad_v}FT!)2O!pZS
z&X##M*D1LIL-^<B=wgIWj2;jaTyG>lONCd;I7RsP=in7TXJmwXh1faqqiMn4mZOK`
zT`{_c;DBFlaq86)nGpXAbNE#r0|tLpRF-<zNc=+hkLUQqsiUvEmI|-3^}uU|Z-oD3
z4!`nKOcC^S+Irwh@hgNM$l+J`TaBI-wjOw$=riF@5A-zC$D0iP)wUk^T3Kfz{Lgdv
zb$zMZ;9q0wfv=NwC&J&9qhHt8t`~TgU!N=2^|M!}<&OvS`F;V`(=TiYSYQWNr}aLV
zqf_PbinRRZn&r#V@>6qqp#8ieEk8F$x8lDnE#I9h*M8}`E9rk}4!`Q<lC=H{a^<Rr
zi_-F^D)@44dS7?aNLKiQFar8@c3S>;uHQ=6S!wwfa^>1CM=iCFzsvPY^=ocg{)Jq*
z`i<FX`2#up$~UfRD*pH6%IPhA9zeeRE{9*~rxj`af6J9?|Je&IpPnn%`lLe3kEvOX
zfz`_2ohw(pp!d-FZ_AZ){XTp?e-}`B9M18E<4!*B_dVtOhZ3j<$8q?zp}v4m&j&o~
z|ErB_b1Y?hypPvo(&zb(H(cMk2sqg;uY9?`k1(pkfqbV^;;Jr%ryps@Pqy<mFer@E
z_n}?NaYHb!hv&xND2TK@KUc%|@%wxwj)54L?{A;IMY7SwT{^a=arXUsKg3Uc%<6Mg
z$DGFM`*}Da{EeW0n!3X%c}UyM^Cex!ws>LMd4g8rFt9OdyNrJ|E@Qd^S>8$C3+>`v
z@QH&Nt{b5vEN{D#e{ugxNuqg}fRSRxc})F$#+~3d<+>i}CAeQQUGVe5{JVb%Hh~k9
z@AvS1LB79)aif;obNC_6bKWQN-DY{jToS+Crg_Slp3UE<_Va8y?YTm7hr;<jkW`=S
z`$U}2SknaTKkXd-j<bJ{lK5Yb0;cRI(_4bP^Pl^Xh==`PT9U7#90uPPC^i0m*nefd
z)3Y5-zPAT_Cf})FE(hn2^S^}s9lT<DudGy1zaC$vcGlTIZ<xu0b|i9|!l!`H=Uz!F
zp0j-Md)d6XWY5Wp5*=rFe7{k8euc^3_aVfW8eY>gpU<)%pQ*sFaxY3020QWdFbto!
z<IkboUb22v`k(N5(MK!V(ewHpUou(w<M{kNKDQIsXWy4ae?JoV&u|~x=3pFfJ5TYZ
z?~~X*wjt$<+c*94o&YcT^G>wo@@9%`MSc+d@^U|yFj=VmiRWmVG;2HFpRt|~@Kv1g
zz+Da>=x`iwc=`GX-=n7_+U99N3Fl;Smf`cc&W5Q{o;0IFxSZbPQpsj`!4F=<&wdj>
z@%nj=;eFz#|KYfb?;4ArP1pC#ug6`w(8qIic*XV|d*bDFBO2jP=MT?MBnM+%hKr^x
zB^27heNs-j9YlNSchU=beni~WB5<XG#y#_<9wYN1*HhOAmrn`jhVk<8Z<>-Pew6pq
zdd7$JJIKiMT4DD)&HjD7PV13*xJvf^WY5%7Q$N1V{5g{9^M37|Pp8-Yc`^F2@R#<*
zD_LN2wDUClxoEP{_N(qxIIhDn{%}9z>pzrZJ3y$%Hz5!Y<CVRDuZmat6d&P#g1VhD
zYtHo1*T+KpKbQ7Dp!GU2dh(a&L%0Xfp4(ISzBBj1(e6JL*f;Aj^5?qc{=jazZgMcl
z6W<!tP4O;JI^1tNKd66Y6s@<E`1_G>n_+(2_}$(5n~eWZP(Sb3*XJGI3gEc}^{+%q
zJbg{Sm3myCqrF^-bT993G<?XjiK0j&vyZq7H*sA*Llw@~aoHa#lG~A=cQLJ5z@t7J
zPdqM2?A-KXbiM#MowfQ+i*K8u^NJOqOZtJdA2s_n>T_y8uXR0$W`9;76*!~<*ZMo@
zZwSZvMm3!A1$;udDe)ni622Wo+Siov=NRODe5$6ac6(QXo&&^Va-)2OUZg@V(tehk
zd>CJn)A1TI7-^Rz(d+?DFYcumg#Oxn_ZuFMQZ9dl2me`pdNIV&{~vpA0ua}6r3>HQ
zpg{{rc3Vg`=3+?}merz>5FosPR&Z?5mW078-GUZi0o~AGXcI>*FA0w07(0p0I4>Dw
z%NBMPlS~pbNyhM!IL5Pu$)AN}CNc3O8S-W(Av@WucTQEE+qVuN%US-sd2h-V)n6^A
zPMtb+YQ6WW{Pulqd_lK8->)EVR-Z_2^uJw}Pj;T>$MhU;qCnD3sCM<Gp>*N=A}#g&
zcaFV3DSlC}9gq(BocIoukBdZb{C$`9bf%roS=I~R0h;}fOTPM>CI9`+l0MbLzRm)&
zR)42>K5ihNSHsi_-`9eC*NR;h>>sNBs$Mvc_QF_4uD@K~>lfjsJ$y#!CE7i7{pD(1
zpuVS0<@CQ(*{P>wIvjU!9f15?55Ik)w}KudWjyhZb{09K{zY~c^KFEB&~x=Pj^e0z
z)z8j|QeNzPrG)4t@+Dmwr|3NtXpc*5^~8GM3jQJZhyCMR@>jC_XyJH%<o7`cM<3gX
z-YcKD6av8|HYxdc%W<9h1M+u-(MQcB`lP?Lu=^$GoPYwr`5bu52-;)akZ2#Y_hp}#
zeNBdsNPBWpBopKR5b)K%Zg@fXun1SrbpRb;3Fyl9M7k|@eORaT0m9MI`5y5}&xzZ|
zBl~*a{vL!(Xp357m!JdRCl!9;0pS_+Tzq1+l9%d7C>P`p`I=le|1731Zae+JZQ1hP
zUH=m)c?|y-lgBJntky8GN>G1QZ#44Ya9qN3n11zK4eHJ4xUIc6Pl|T!SI^hbID+|5
zW9U8Yn9pmMi+UgMx#$Hn7qqwP|2F+7I|uzZ7k!un-pIa=4?<z!sDEO=MU{(_{ZY>$
z+4Xc_5k62)G&`r>e_@}uO@sbpzkLY?80x>NeUNF{Urq^j#Q7V}qx-Lw>mr;_Y4p{5
zhH0MOf356C*8B6-b5*q7vhy(kbm_fP$OjBJ7C-bn)?)d@yndVH5A&g%s2*s~N9=MT
zyRGC&-+k&YmwejWNz}8P+y4n64>3;I^@!SKowOsoUdYeOT75>OzAAf!?UZBZQ@w8l
z=kuTzpm$2Y7iqs4Y!CIG6HJee-q&d7!*1uWylH#?VR~)PHzMduIoQKTA>7_xAJXb4
z?GU{;o!*DkUp_45hvokX>WlRn`JBxzsCwD?=5o;Nf$G=x^n+)s|3N8lY~KfM_2>Pk
zU+G=HdVghqxzr=;{qo9g(L4j^Q|PSsLY2$*$8g-2ZQLx|gYH{e-<weOvR{2~BB9<3
zOz)w=aS9#IThY<`MsfWC{~L)@1EPK6XlxOmObVPhU)tk@`rZJI&;54{iuhV_BN*o6
zKo<iNr)2xrrpt4p@y7%?!(Y8i{7BII<=-R2Y2P;Qy%M7ygGdd3CDs<~;z{9&aUAuL
z<bZO=ITXDok-i@=uJ%!B|EkuxUDS`>=S=;C<m_|Ha}9d0AU&s;b%QJy)1iFSYh;XZ
z74Cys6mm#(@I8{4j?OXshkqgEr{podPtvP(=8JS$a@aOVKJ+~%|9f$?0XnTRy?>wF
zAN0UiJ}@M4a#;AZA5ZN`&q-1~x-U-h%FRdau-)ap3%%c!^3^)z{zl?SNk4H)wr`ef
zHiN$RlDAusvGzT3t6mWNSaQpk@tx<(^&iR`OZK@xen!YkvH^UI%6zJxSPzU!oRsBS
z>+UK^@3u<$zJJ^=K}Y(#l%C>vKm4yLdw~55=e?xAKI1h}KJCBIcuV^-RKC^zVL6W_
zK5HFvUP}GC^N8$V300r)BLTrDy-&MNmEW)4TibuL>~FQM%VoNJ;feG0x7y~#J_l3;
z9M<P9TR7GS{)hRn6ewa$nNah^#Cz4edynkDRBz&+>Xmp(^;csz7L&^VsLHS2Ye(x>
ziw+cqB@?|`_5OLQe3l>ik2C&}U!s?IO3H)UpZH7BFGTj>-ng0{J}RKdk8+^&bibb7
zn}P4QM@Mwxca4j7PpJI#UP1f)rE#?T*Gm2DFCP)<$zCTOMe787sP`2n-fK$yz5?Ng
z2j#(5=U<cw9Dib7<ZsNB{jO2X6Z&tSm2|D|GsymJJy#CGo!7?6Ns-=e59N3^A;a$x
z#TnF|XdkyiJ!-{m2HlQgzNOj&^KF87pISeYT;rEY{f?{setw_qZ0+8|+8x`A+MU{k
z%Bh9h6Ic`KKOWePL`?Q7ah_`bCoxp64<>+L(i^0U^lAT)z7vre$E3Wl{(X!uyFRA$
z=v66SX&#MEWe2Fgk4trc_w&oWgE}Z1Gmzb@6}?1a2sS7^*&DJywGKIeCyrn$sDFMy
z_;sKMXt!z|a^Ozni(q51^?q`Z`gjb<*V*zNXZf&SQ~Si#xeI;wh}*}`uoM72pHJ)I
zL|F0}e@w>XK0MN;bDIVF)1>OvEbUIXQ`Vo>b9K--C<n5)wNAC}eWx5Rus!dy)x+n;
z)?CDHf*K<qXfM&H_g(tjh-5hCq;vB`_u_Vx_N8l$e^vS^?I`Id=_9TCNiVH+-U(40
zjAQ>S^3%9btL7tC`CYml#(Lgkt0&ogYA=#M&2wtuZRA)I$&=#aPbfRsCHY9ucX>`p
zjQ1_ap<gX&2d(eb$o`n<HburnkFtX?We0ne9lY!RA3K;hskeiD9~JEcwHvhuJxBC=
z+X-nFt$B;bI4R^!^M_7#entI(&Vy?ma&A(m=FOHJz>WeAF*?gmsQFQ?6Q5>8d*BrM
z+ZkSEVf>M3k@`Z<^AQf8(Cvv2?q`bhN)HqFEY!2@OwW)r(lfG;@jGSzhVL!Pey{{R
zvh%3F_n(EX&-hP4Cq-BG57cvXjpcHmpU(f9A>4%UUghKZD+$<NEcXe;egss_Uo7X*
zXUm5c!C#yQxfeTskn>qu_x3_P(6XXkx(0kaKS+Wfr}K<$0Kj3ovz})F-)Q;kz()(e
zAN)D+<EoxmZ>SR33E9u+d;-I<J*@Mj^#H&j9l;OyNx<=Pb#9{gMLs7moX)2p9RvX#
zc`k6S^+7r_HafjPN62G|@{wQoU%Ri5=NdTQSPSPMr02BXaW40!rdI&HlRy+4b{jmm
zMEwfo%P|kb?e~;!0ZirC&lfUm<x@EFi|)VmO`WTOJpOOdx4-*cO5dox-;CZp@Fw*R
zdlu;(+9Oo0c%>W{aUYeO2|xNPrJWXbOJEGeaA{|)dl>m5cp+VNe{BKXYv+VrMLUeH
z|E?K<t?$CnK03YcSh5H6tuc|V)+_HHB}(M@?n`SEbm+Ski5yd4qL0@Ma71Z_u837k
ztd;!ZcSkXt-rrv9LajpkBm3-varjX=Z%CY!^L844YK?Z0FL6S}-z%VIUvRv~^eFFI
zqgf=tJtHg;`9qG7AK^psxbN#rlN&r9<KIQS6Y4wFzKjDRzrB8FkvBnp6qO|h_5N|(
z&k^-(6xobgm%JZfrCV)^i0}z%cN^Eq^<k$v=c4yeh4HcvI9fN-dwCQ0$$I<TavUdn
zg;@4ec`m;|o=29F=WbCB)f?$aI+8w~|6@DS{h%z`C)_LfLs<;er1o2G^PtpI^Xx>W
zfbg8N^yxi$v_G0SA@wtHpIjIF+^PJS1F_^s%Ii<hpIV=*a{xM*A~|Hq<(grwtJX_7
z@cCv+|JI0#+w~9i2K9vW5XUcH2G$b$!<f`R^_}0uDwHtHV>&5b?prp4K8yZkrIY<E
zt5YO566Z<2==t;o`mms1;cOr^|Fpjs14|}5HeP|LKp#jCZj$fk_c@h53N}~4d4z1&
z@cw{IulT}sEheG;PoG2biR%{J5u<$8dpaQ8Zwt5Rsr_ZzKTTNQca`?d+Sj#}i}Ip<
zGy3izz2BSeW!5^Rd=phle)}L3I6A+k?*h@jSmG&JPdZw`dCh4^PxIbd^?ZTHC=hfK
z)v`UWdQ8se>!2O6B%hl9(|a2GGv)qAry4Kl-U0HDJ%rBN^I8R2qYj8*c>fbqLVtW-
zob>=*Z=IC)kbp)nq(k|m{X@T3`IOIN92N<&Jxuu3f9<rONB1E74#_|5`_g>{djAF1
z{}m84y+`H`k>lH-{FEG_!+=ZNr^*it2;T#c?VV8H3&VaV>=nor9m*H$$=_>1&&knx
zi{xqPqsR^UPRJkhogt69&z2?CTAWiOeQZAH#%F5P9ki^F%J;OiyW^65>pn>0l$5K-
zcwWf2bAwFZ49u6o&zF@?_AcW7@tJX;Pxjtp{7B>rSIYIa{X7s^Ydl|ulm5^=hvXUW
z#!^6@mBO>yneHRgxwob7Qhi~caiP9f1BqJW%Yq-$N766!Q7*m=Ro=a(D3IQd_yU+6
z<Tqt6UlDZZ{tNAAQ2oY-M0SI|e~aTe%0DFsDeuHShya&B=D<<CF}>gi-jjna(P#>v
zzFR@<oZ?5Gb6ET+eIovSj=utaSEastaYT@_<diri=P!w;Wq-#0u^y7t8Xp$*Of==N
z@)y_VTH_g!9_xWFF(Ugp>1S@As_z@rhsGhF`tCYnln32MB02eUhP3iL#$%FS)&Hpe
zOZC56V^F3ak$O(!PdrEIf%=|YV~*5QkJ|rT@ExMdWPPcBlHI}a*o3HF<;#7@RR-<L
zlU!)sZrKG?7I4<Si#lf^J5a0aFpYPK_p0_eA@k9`9<48lt_N;6V~TN~OqaO96h9J&
zp~1o7J|h-g>&O;9-9NLQJGoi5J3V)Tb{^AvjN380k$6VVOU9c7gn6gzhcq9<euOTe
zzTckk6$nh{lVry&yL^L)HWG)G-t3X}^oU!t@;MvqA)O_Xa2<ea0M|6jeDwSgj=%Qt
zs2RxNOl>?N)73m6eX@5rj?F=k-<z7ph;jl*1?)Ba6Xhs9$95L`Bq$7c(z0d^`ar)#
z`dB`gN~=6yI_lRdBTwzaWU2n>%h(~psohX6!VY-keo^l3B0*4XKU>dHWBEw&W#va;
zejxgbt$dVFXQ^ONj5o+XjW2Z&oQGJQ`!<6;#QN4K`D_Hc`6^(KA<sGO^+JlYZ|pI?
zcLrc;9}bCt!*&trLIPUzwA|fNP@S@SS?ALW>vOlL58BxoAmOj<7laUtcB+(&b{1hN
zP#$<#Kcs{0+_^*P2gp-|gD>i*`ax%rYFCx7Mup=zC)yPo58HJw`p`c-$KWsYWA%Md
zYrpbYWfvcldW!s+kTNkM`+;ArrxK@CKT-2Onx~=N{S>g`5v4*tnm6PF5u~G@$Dn(Z
z^t?QccOJOiiRs8rP&q!Y>^~H4*_|#-jpfOC@f*z-t_sQZP3I%1ZF0OqAD>eY{Y&XR
zy$|pAoi8kPUT4|0d$CmH`{Sa%bXC3%`Xll|-<S8L%X;~s142_6^j^4LNQao_<-JNj
zDW82_56NJ@FUJSU-~Ue8o-|I;xEx+96*+bPMUC@P9gG)LIW(U6@CP{3qr`cpz*hS_
zDxhuNA;&k5@k`mx)UO_q>3ohyAv~p*bgoGBxW3T1Pz$$&kOK0DE^%7bSLtUi8Uzei
z`u;|Il3aa?PsG9=g#{T)4*oT7)ynl4cL|($TK12`u#~gUDfP~8V(S8**m&S_osuuQ
zZ!vyIhG(spKBep2E-~)M3p=TN+{c;##@dS|!SNepI$D2?n-bIeFsyK8ALyLiW4ulB
zeZEXj?@LSgWW&?F8<aPg9?SkE=)1M5-`L;tG6j55yWxB~0Qt~9tbiej=0S8Xo9@40
z{G+!0!*Dj{lH(ObiLb+;DSICVg0sh)fP3Meoj-n$ou1F2dRga2+aM#j@!is=dXoI(
zYh*jcabgRO-=|+NpHltBx^GPPyiTO(V?8YT>*Ty9o+<kq_0L437#`ret?K)H5%u1o
z5lIKx!F@H7Guam*M|gjE;)r~I5zN2mFh`<Ez7Hu8k?%jEe3<@SkiJv(kIpC6JPU;m
z&gYbhf%X?Q%{ot4-;@47<vhI(ctb@-xe7kT-;|vB{Q$Zj$IsoDYB!qa((@u@f8uFU
zQ2lRL;}jN-e88}cKWX2A=8tjuj<&k@K>EBukFc|Yqj^n2eOHX^B8@W^AEZA|NV`M&
zW%1#aj9GkamhDXUo$cp6v#3{Ue5Lsu>dC*Oo;;(*1@(S?pF{4mP=BUzg6<I{PD_69
zToyU#JSoe??+u`%^Yc20#D3w!kEVh<+d2JN&rj7jKz4O0I>hH2pPT+r*vC2?2Y@fD
zAEYUH3T{(&iN1e9`)r9)nINH_OQrGH8i&+4h3#?)B&B^IY*&;J=`*!ct#OeknA$fn
zBIj*B?=lfi>lV7-k#&zOzhB+Ur}n4&P}DEzT%;5DKu7OeUpSv#FULdKOk$r4vvewX
zpq#G3{Ogel*l(yr9{BckB{oq_7-Qj?9C%LtRq*M3Va*VU@tq#YNF5k;q*rqz`~gSv
zb=>zr`Hb%n!A3Kr6YC;Hw?>VJxKB9;N&Fk-^QabmH9x6?Vg&t56&)bD8h#?*V&1IQ
zA-=R}z_1Ttt2gQ^?OW2k%N~ynLUKfXb3%UFckF*+;tWK?`|i>O-*|r{02trPjn3!z
zYw><;9Jg^MNbeQKbR7cA`I^u1De+`FzAx_*k*`#|QJn6@lKsH`y9`Ve&G%@XOYiB$
z_+wC^h4CkWDul~p4{?qz>ZQibUXUN+n)M=?L3R?u;r|8UDDSy5dE)#Y<+oTqw4^*7
z^Fa?hj&y-lEB-XJ6PPRO-aN)5KbXE2TpsZy#cI@n{I-MZg?va7+Zl0|il^_UA|2!}
z>oWKQ4)bM!+XTJ?Trc>zvc+)JpVQ#ujF|4H_#AfuA26SNdP=mjfA0ej3+?Jr^TB$g
z4)ehK<vibG+%GV-7wv~7)Hs`UP(&M@sy++mgTSwt4{m#_NJ!^A{;F<)bMHf`pdR%J
zpPpyn^!u+J6a3PAC{N8xt@k{r`3%kDX#A<A?*%~PL6?Jn*NbwnUz+f%SNRd>*T{*_
zBll_O{W{VfuM*?ttq@Q5$4DMNk9>dr_+E$vhjsxOjd*fJJL0|vx)(qWcY{ys{8au@
zRj&N*1--`@%N6}v={L&Ngb>sZ^vRBLerjEQhy{Kj9oC2JFxurL;!{$Ni6=*8`{zqT
zg6UE3g#8Ad{rPf&kKypYnis--nS8VcfFTey#UtLTgK}FV()m1VML5=5#;+CWiQi@@
z1k1sGfFrcsPMUzJJ&tb#01oAe782!$CF3}Un&}T>?PNI4u}BYJ0DVV?<zotxH|-~+
zL!juFRU#Si4+Vh3^vD;MgF7MC`(Gej)E~loAe`t?`;opSo|5wq8XxgJ>FDS^1T<f<
z?3fxKa6ig`J$<rIC?69-dX>M?`5dsDZM*>KkPnYBBHAr$Hvn+fdFshY5uQiurD18u
zvt)OMb*9Xhn~kFg((#G(C@<`Z9^-BccM04tu+<NDVJ;Z|E|EU+iBrLsl^<~qh;s^S
zoWDn=qxB;`e?Mrur-OFA0`j7d?P1Luo|1OS=aP*3%VY<jaXR;2+3wUoE&gP+jJzCK
z?oxJv)^#cSAlskX5!?R~Ai>+SKa<wa(x>?`)i<k1mfNZL;PN5<BhDWzE~oosew5P)
zlhcJZInjAM^(UfBb`j;d)wW)x{d4R2+<Z`IaMnC8EX&1uZ-Spo&-2uL*?6zWfae7`
zZwSlb!-!<4`2vu~e(KA(N~H5;?3D8bIOo>p3y@CE7f_2ZeTkeeWE2TLd>H{bUwA}B
z3q47LGHXFo(NRCb`l4-==NB*!8j|U2)%P<f-F{FT)Etr<_AkUW`7*sd9HJHtM~z%8
zJxY|qao&y^jepV6{G?&M#J#{Pux!*QeK`$G2z#XThWM%jI%1wc{3*SzgTll-0rFu{
zb>NG6f{Lg0b1#G=zgf0?Vx9o`#XJFgF;4*h8c25<d@)aW8~`}7izH8)N1~mS_5un3
zhZyYz+7WCSI>$ce@f8Zi`3UNt7+<TAD#%Uo?emn1dM+Ga<&*Z7y@&i_d{yh3RQ^KI
z&OXn1f{r!5Vr8LRYM&*?SH@4RYop8;#{6=;*aZGUdm;PFlH()D3){yd-r||kOSBuJ
zUE$B4WPF77LWgq0793adS};DUdXpYtdgKe+NgE#_98_9_i}8`kpVlE<KDFw*CF9bZ
zSnq8k{iS)q8;_44XXB%s*U&yE*=Za<(T$^V0*B3y|LWl1JW#kTPzk>vzCw5+4)?MA
zo-HDvU)`s(&d1fd4A+&|*>ivx_A5+`e&L-Wn|KdR5*#A*>E12vn>?@dh~DFo1MPF>
z_19m=^x(ao^$z?6{SzpoooMKkxIwZD`(ASWh;l-^;`gi&3C7jBA?qfYKJmEppKq2v
zjdu&mJ0aswLw!VfYb0*iFMT>E^}ySiF~r)xJ|*@2s>5R9YCShOzDwrA=cp&xxON#t
zS>r#HhmO{VxrZ;2xI%bFUQqg3YTl1_2OZ7FvfeIn=TYg?y?Z>rKt^-#^oa-@C(z+O
zC5Y52&!3dfZ_;;)@|2$V)pH`G7e3=NqTX_T4tfvt1f3m%tdSLwerK)pX&(>mw&3G_
z$pG!=)BPcTNS;5?y^yT?Wqymk+Gpqw%Zm3aJs|x?IU*k<Puf?Z_Z{H#($hBi_x}l=
zJICjBX@5zSN0kG<sNc|jk$qopSmc`#a<zw#LO9Kfv0nf3%hY=U&ZWNd|HbS3;+w2*
z&Ly(%q2~NoY~Nv9eQCb}`w8|Kw6kcZ$5sEzlieBi&)$yJH8y(g7x(F?zvb17V6jfc
z9^=3Fgb1Mde;wE(q>JMjI@)K<y#NL@aJ2uJ7ZT8lC%(vzXW?WB9Q9|UiT#kCGot6p
zeXdoQ%zB?3&hJEhR6VjbifD@;kFe&j-fETMcwATpKVMcp*@Z|3tQ|ovWY;|Ed73O$
zFB}(;pLD1%Bs){<f&g&6AQT+8>3MHHetC@jB3-AlJGeh7%2)mi5Q}spX+M$Wi_|!u
zk>h~REA4mUei=dM2)&RW{x?no8^{l?_fcjw5t*)`NBSfWdQOSX&8+-TKan4Nk^hLw
zkCRbwv>%W_LjmshFJDeXf8X+PoH3#N+j71o?VB>#%}{TYKds+LPiQ|UZwMm6)j@lU
zbQ>kk0pXnyBZ>4Il-znj4yfl1N)A+iTu;gyMba-kDCuB&9O6h%d>K#>IBZvRK9}78
zq4B*L8XNf_JC5u13BdkJd5=b%`vRutmgt<<+W(Ntc(@NGCnl7Cyc#lr^H-uaLHWSO
z1o*UW!}ZN?F&y|sN9Fq*Ula1AdwV!<*5sKl(^I~2R9<lKo_~?gs;6_42q)|@E)|&S
zou&Au`C}bS+OZtG$AUhNbM|>(0)+~W?tNPN3SmND!58`(f*;@-q<R`zL5Z=SVmqb-
zePJJ<{m{|#svdZIHDWB+t_S1D47dixZ!i27`atv*UxHuJbCo`*cubE;vP}2`j-Ds9
z?yq1yAv_)AjP<Bh?-5q&Y;>M4vI)5eI|2NokNbp}FXH}%v=fR?dN0L-as1jcQNRB3
zfYnYotM;2}UVDKoCky%kI+P{y(|J^`xw)N+!1>QO#M8dD-+6<`m#g^qfTc#)pIIf!
zqx<jun<egFS7Gsi>9GH4??K9}m;Bxl6uy7`C78_cZ^)PaZmd1Z^E%<9{9CkfdQj4b
za1a^j_mHHwZbbNeK1B05>_6!G*CiLE3qpPE@4sE_y*G5;XQy8w@=YzES0=(IL^$%V
zzfWjVg!iu-TaYgx<en?|^sko;(>_&ydCa0$wuC%TRsMMLko7|Tb$LuH{$)KD%44Z|
zFRX7&$Z2$e9Fh<|uIw)A`@O$N&0}dkLHbPVmxX%l6?%;Q3Eem<3pk|rIM7EQyfZ!*
z`~c@y--XOwFP}s5h_B|R^xUr3Xkt*WUxjajlk*s-WIZG~gY1A>c8I5|L_dcNqMt+7
z2`Il^owugiIV9<9kd&`lpD%vc*Ws{Td4}d+F903X6n{YK3u1J&L|4_@o*z?QRUs47
zy&!rn0oR@LHvK|5JqFKzlDsVW?-RvX&$rONd0vwY$MFH{XQeNZ;WV#8dkxWGhh#W!
zzxL3)kOQVie#eVtI_o@am)vK_-5~2t?|aSNuwEq0s+8$FmHnf84Sb(D;`B>CR!cf{
zV6U&i@)~7+ocHD-4oKV#9!jpplz1b^`BnHy-w#Im7~h!<Kfu+&KcrV9p|yY142Bp_
z5NX`6i2(qI^U^u+{mmB&Y|&c<jDW-OUC>)CpxDdBpU9^;=iVm6iLQL#@had?&Zk9x
zb|Qz;;dp;J{G@XSZ0Gg%{-(x9IzL(J9$UmUCB`e#W7>B|dY3^vTly1H<w8AB;*FVY
zXD|f$NP_Qo;s^y8B2i>wJ^}-?-zgOt!?CI&94PqJxP;-DqW@ZHC#n7W*YyedSnm;=
zUeo*6Fdz2kKc3y3v&z%$rqt)f*7Fr0AN%+-VtY<-v2jP*&6Itfd6$~>h<Yrv%WZ=G
zx!dIsq=)fW)Pv6L5;w?uYqVdHxKTaN=GqLU$}<HJrFBn&&Ua}3nW&fd;Ktu0l1qJs
z5_+LAao&aY0$o47??=5imgZIdA~`OO2W2{%Z|1I+^Xbk_SUQxiM3JS|MV<LFJ<h{W
zpK{gxY>)ACQ9plB&aeIVUo8@n9rLB@^Lx54YoBK$fzB#LACwO{xGhJvGxmGLG~cuM
zJ~boCO^nP+U)|TsRrZJ86M^!;{B&OCb4Y&4j!`&0XG!UC{ev?*8u#eA;XJi&z;&?+
zba7pbe*1gmd(cnAZ!9nOQpp$X8_;^Vvk4->(RhLD8!?_Kzx_OvF2t+#ugCbYsNZcH
zWq)4E?%;S+us&sv&`!MP=P7%E>xbh&7uOG{C!JyB66~p(Kc_=hEZL*pGegf4(EI`E
zXEXYrg#pyEM{;@#_uOT@7fU~6OHX=A=U-@_O(?%t`6ze9{`H&SuheVg7{jq1{`DI$
z*g98REI+n{f4#KVvK^g(WxYLy><4&mwo^Tuh4lJ2%l?RV@pF*0f3xhbh`%7>RsVY$
zQ^WiP!gEo0%3(P;qT+M$J+^SVM~~@$=t-rwmsiNj%M*BEdB@$U{8(OrD(_3SaBP=O
zus>G6p>_to^3MO=8Po$4^7Seo=|FMfygv^HRID#z|6cqnG5Ykp5$f}69-srh3E{Y(
zf<CtEYw#QARU$v#mjH~8_P0=*zgPwN!8hSwukvx;g|)+VugI_FU$hRk=fAyZ@%%XR
z^iw{l7rJIuznUEiEB<PBDGc?6|BafB5|e(`dcH3DAL%LDzfb<hZ_g~IZ@{u;fBoy_
zxMI&2{FlY^1;3SP%O{^lq<nQy-VC(kg7PGra3A^eXJ(#pTKxdi!!+|O>Hp@;#bZuU
z9?CZz{$#)Y<1=W7Ou)U$-{=@Sll8hxhedhdYkBC?eiV(f);)5%*B!=GvR|yv)b$ik
zjOhM@b-()#InLw!0bN|(|6Xi-7x!?Vl<BY?P%da^DwtjBgLzlylXCn>sC&7@H+=_(
z=KKGz-piHt5Nw393n+hiPeKM{p)!LT9~Pe2??{5YX+0JXq7?@H0r^Al8GcSq&+(#t
z!LGm2lOgU?(Y_<<T@u34PMiSWf4+P^5A6<yW4l(_&QZ{wecbl`XgU|GgS6tF7VsND
zIu1GhpuNC2ng>w1?@)S1-zT=OyG8wqAQL#^Z^3tq^JP5QN96OQeH{Sxfhvgg@hqGx
zkp2CyDDV5;q`XU^-hWPce|iylhZpF#Pc-10)o&UvNzZA#`%~z7?K#O^o`a|KTt2V)
z=g{*9|1XjIrEgO1Qs4i4a=&#ExhJH0i*>)W=W>JN&FZ^d&%vY_8{KbYzi}4^?D<*j
z_pjl38Ed_8SR}XZy)3lj>OIVs9hdt4=g{xM|6+3fhu>4qQlI~Pa(3F}OwY@Nx8bM`
z^N<ZvU+O>^VJcwMy5)Kp=es80)c43#IE?c+VWn{z_3keK(>*~9M~Cwd*-!iuF9^rd
zV2-iWe8?2hhBY68{9-<&`e7a9Lq6zvRGeRn{^aq<`H-4V(0n5`ACeK)dlw}eVosyY
zcijIW=H)mJ$o7-_5Py7rRsUa--#4DW-DTIyCF`@q{7senhVwVZ--7v@n%|LLoNfL#
z3hM}(zy1FDh`TMY|0K5|G=1C;;andV+Hc%dmU@i-!gzVk@}}E+FH)21cA<~%bJa&V
zp`v-u((`cne$|v-%J<y;;e5W49=`E7beUZbf8TNF&!CUD+w>9b#3pDzly5ft@cT?`
z&eVM&Wq(Q?GM>(lHo=k{)6+gG-7}(l19cFO`<|uXHvv6*Pr{~jiSuHj7-Rgj^l?A;
z8@MjqFL5*EgCY&Q-}#hnU6j=#<6GY@{bSAR#gAtAi|KLv$1mpLd7zdLFuK-|@Qh>W
z8^sSi_k!u#nT;O!nB&aPJ%~3!%tm<Ma3lCA7qshsA5zDDCik~7ov_bOi(muyu>}8n
z6^7&i_!(F7qkTf!_o{>RLO$RN`2=M?EE_TI*`aF&AAi=tA5ky(t<_7}Kja7ZYwYV#
z!A~VpfqF~NIEKW)(Ktf;v{Vk>x6$Y;{@;*(t)zSG2I()w2iZ~FC&0SqDgLZ=^wTQ8
zvae`Y?e`T>U(w+>?6K)F*;V>J2-#&!_Y}zGeKMQ%{H%HnwRK+F40KIML-W;_K@NzC
zPQ>F7?M>tT%aHyWh<{%3PxU}KVm=(7(Z}-f`=3jdPxLX}yBA5fn7x0%mM)PGg@EJl
zfx-RZZEW8Rs$}h(5kEwq<c55F!}fk*+V8T`sdG;J-mWM&EWFfr3peD504)FS&+<JJ
zk2tN6`y(JKIPX*EFzSA=^*p|!kMvHRh29@?AFzP!7ya_5|NVUa3(!W`PIQj}F*>xj
z7|!(x_2@O59wpSdwe=npdfrv_bK1`(I`n)uw)@*{_d0O@3xY(yYPI+O4G;*9zdw}D
z$B>^!Tl&PMN`KJ^VLqkT=kmUl24H}mKcMqJx|fUPeD`Oz{!V<UdE43etFiG%{f_!Y
zItUp#rv2=*?U$Fbeh){BR=-EPi;nikdB3s0$9xX#jQu+^Gl;`7KekH+D+g!pIDU+o
zYOn>2^7!|k=yb&XyN%9U7#-vn>4eyR{A)nx|F!q2(0GG-pAT}O_t)Zhh4Q9xs~4~d
z80RaPj^5wpOOrPO#e59HYtz=sb)>qNg6AI&2&eld^xRV3dI$vP--xkDPtMnSfe#F!
z_bJ)$;b6bSdDmfEd(yqIa0nv7HN!u_H~1#}>s3D82fwXCmPhx&@q7i;?u_64eX%~J
z@1@cAU99^^sy-W?I|W^Oeg^OL2);l*cD_)*?3nH+pq#%B8L-?u;4K`4Kj4s0AO3^;
zFedmkPepm7qyCCVwa9Nc4h4ckdC7bd<GdF6$!ZeOMtHCE<$N&DpnG4ZAraCcIs07l
z;#8iRU*Wm%v|Y}Uyl8)<$mbzgA9O^Y-Y>Y(xx)Awlts@uQ8+y(P50R8{GOj5`d4FZ
zU>pbf*mC|xdA~O+grN(^2eRv^*C=P4-wm;T{;?n1_V@B79ZZiuF@2Jy|Bx*`eIJwV
z#ZY-%9`v3f)DIKr_9~y&p`@4eUZO%Ze$jh_3*|J&YWH5KKhh~g1qVm(k<5BPVzj&P
zKiF@1o`}zXA@)Cxe?i~maAe&ZCw}Sq#;i3Wnc<I1d6OL{dUXGUo~!BwBWgmHW}u6H
z%@F(nNADXhES9)%qw+)2&q^v^=_TDy&oWiG>JR-6$uN!AFUV+dk3szeZ|)lU-a3vK
zDL1#<zgj9J=0iQlcqs`?HFw;<TCKlTCbDOAZjWLX<BdkwNYXvPULb~5M7_bAM0sj_
zuLF$p_Twh}0mu3GIj$7p^jt03J32?NQFeyb8yJr)EEbMka<Oof++yJ{R4y8B+QP{$
zU_Zd;t07AGw6BTd0LrmJwQt@oOac7{!tpt4{Ea^G->@4)K>wi<SdRvkp6m`izlQNx
z9}36z!soFuFZvDZ@fVZ>;r8bV3RO7D3GXLG)qD@{Q6P&XSEP^aN%ti40sz2KeX&36
z0Bmm;Y)2|LPtnD8$M7r^COEw3lyXzMDV*9JyD{n?rNME5F!;x*yoN(E1&(hi2YT8l
z4FSo&;jl^v9?`)Nf0HyIHL6{xzxdpeQL8<aor%Dl7xQ!e+VgQY0`waGVbyZ;!Ek}|
zh?8}wFZ{Nb+rAoG&7NKggq{;1KCnNT@b6{ilYDUghB*k+I7jz!pI7|q{o6=VyO2HB
z<(g&Cyt&~Z5C=!|8j>IF7olB7k=22J2L91=@%a3g2nSz;-!I6BeHg6&M$bm$caR>R
z$3ZvVBYoVbk@5K=9>+6bN2FL}A{b(7l)cc~JKLyfl1c3Q8#qsX0rVLi%?D6!_&q~<
z{yFP$8Bg}qYVSrBuHK96b5Z-qdu7NUhL9d&KSKQ``+@xe<8lAY0UKF~VY%-eNp~2p
zLm0hhMDGW4$7@vo@EBEsfgF$%$^`*<$7!FcK{dS8a*-7NfZlt~7l8Dj;XN|WZ}IOF
z0eZP!qlWH(hh%zd9{_lDYW)A;4Dye1#rn0!B?oBtQha6^4ay$lIF9;Ivx(@M;)kx6
zP=3CQr*VY7Z@}x93;R9j=pMNqKY!fkl7w{np!b(b`p++@r@TL&7nkuHU28=<V!L5|
zP`|NVsUOsAkm;h`(not~!cS~}^p7ihNB1s|)3{U#k>F_lOYa+``|c<|n@jqOq(LLQ
zo4St+9R(cn<p4jcOF)nZBG5O|OH)A0KIB^MFFW1>xp{sqbZmj#@+BSXeFBz#s_*|Q
zz4m$J_cnbld7qV@pQnDV>sz+rzX2Ep=MV1?zQ;Hr%166b0snmN%SAZt`}IP#v4(VS
zzUGjKw%+rE@knv8aJ00Gg^Tfi5jt4K#nPL$@Y71)(SB;<eE<@H>xF;FZ$l6f%yU%x
zVtQ@7SLrDo>Jiq1#x=T+MbF`3Jl2Q8QE#;IUeUvFZM?VfRR;O7U2rCsr|dAOlNiVA
zz(;+LVj<xC>K-w?-%Pd-(5--QpHsEZdQ2ttU$l?X7kUqk-9C!;QT@XnF4||2aM3=C
zgl9u}i_tf2;irKa?7t`nt$n2V6Zcs~`$+XOto0jjpYwnyIBE}^$B6d1L59<FoOEvi
z<3;<Ze5m(Y``E&@_EF*3zSur_^18jae}^pALAYoaWl!+hJ+>d5dx&<S^B;Qt2j`oR
z#kz;S3HbOG$b+6Y*yzZS_v#=V9gdGEZ~qP)bphML5s!!PFVqEv502~@t$z}z@ZkDm
z(uZMA(8F;ZN%;@U_fXtjB<a)p80mWh;~QnZEY&{ro{RY56g{NVex6*X(R<Wr-wVfe
zY;WT8eKMQ%enNZu2)W2%(%1xY5^}*o3fx9_zL3jRM>Ysd@~ne&_}uK>#p-!c#V^fU
zs9fwvf{#*>-Jo@8R-eK*Nk1zg{Z72J04_cxeHwS#_p9|Nlq=e$SPGuTA>3cWdZa79
z=y`h@_vtw#YzLHEVuPgLzgv|9N{scveH!6IBIG;b`1Kh~f3EU<0m?_WK!0rE7*F!a
zsz7AZpZyXq&>zT;^|tiq2Bkm6@;f!u?)3bUr9XQmJxhO7KSeoVz1nw^{(S%U>^Jg!
zn)=5^*K#q#zq?2pQm)tW4U!*fhxYS+Bg&=sUg5eI1E@Yr>ao(dI*&|`c15!vs^1V_
zFUVr8^Ihtv{b=C9S^X1!qg?!MIsRMsJJINX!*Nyg7u63J_Lp2~M`UubKZor`df_io
z_C)D}Wv4dD3<=dQ=zI6KJs=a}zLjWy=upB}?dRVs-=|Fae|NDooTRVR&UaIPQS-g5
zeX_iz^n{+T%)L?SS>BB*eMtKBd=S;E@ml#kOZz@No>x=*g@<K)Gh{d6-^<D;yOaYM
z`x|(|>FconUf+hhyCdzfZnHaThMStq-q!9GGkRyF>u6h4j5OhRJkr(O8tpKThFjYr
zP32~5Q=fUIxw|r0xx4!CO_gT6wYekGWj01T;@w^0){btoHyk(bY>l>syCY2`_oe*G
z4l~+&mi%q4N4mmYiNeNcSEMlB)mRvBYi*1awny3<Te`M(#ala?B7J7Gr`wDkHIGDl
zI-26;W_L@(Y>RZ5t#Pxmu@M5h4@A2w<MC)?EAn(WdMwhRB7$Af=B{x2-mb1F)FIpx
zk2IM_5@uLtD>n}Vspi%@ftU(Hq8-t0v%RM~e55UcEHwc?(I#L<iU?(Sw6(3x>}`p*
zMa&~TM~_Cj3R|M>k;1N?4ybEkZ?x-JVGQJRG}_hf?~X>>;v7PaAa%UEkOUC#ZW8rx
zjTW}H$J*jhT-e;x8V5276GI~Hk&f=LXsWJAcTZOb)Fj+tMnuheIwF0sNF!9fE%67l
z5^igYLPKC<ba%COGy^M*5C-LiYGTMhd3jGqZ&x^0a9PL%%?X>K1JRC1$h<S$))V<7
z7T*|!QX8?vc;S)mu1KV?Bia-}$t=*?NK<oUYfGfHxux5@>MAoHX*){LZx$^~54GD0
zDpYV8rf!ONOYo=VJ$z?tGw3JqUu!iN$gHb144q0SdO2_-+^)U*s}Gom_U^7d2%T{2
z;rheojYTTX=m@t*jB8s#4G*`*%wRZynqewUH)37UJ3wd+JzZ@^OLuoHUS3#u2PEFw
z5$P6+X+T%*4mWnkjYvE6`SN&AEEetRuCOOEVo~Ua35!58*o~eeTN|V8f|ma%_C%qK
z5<{Wb&Eimc1bRbPq^Y4T+|k?<ZjL}P9Y#Fb)72PhXoTi_^E6fFuE?FOanJ>0fA!&p
zLsgXx*H<4pRDEDS5$}q$MZ)ojh(5S?U&DdQ>-Sn|l<f8%*t3*W)1J#X{9thZ9bY-}
ztGoxEas;<uTJy?>zPiaUpZ%v@+xPGK4OOwQyEW#INui5Q0zDX2vZJvj+Ew1#)JA>f
zU?kqt*3J7$hZzE6r20xV+SDGQ;pJv^Q`_#Y2q=g$T|5%#wcbUMApCFx+Q4{Aw5JU$
zL0fM)5jT%S%&V^w_OY=CS^?C8%vwAaZj5k}yW661qPQSV@Ulx-Hy&5l)!H2~{uZWc
zCb&aj`phe@GG7AxX_%%Q16{_JJ_4<Av@6=~fhqS}APkKJr*tUNUD?wOl56cwEE2a^
z@g1$*t>HEhg_eGITe!6y`a@g~Z2>KeK=8pxV+726*CMgIz}g+#)zjM66zPJlakRA=
zTDU>AaD$RxLtwGMqQwHYEf%<avB2WR0(UGHSh84PX>|u!+}5Ujkw_)TucbZG-P$Nd
zy4^Jg_Eqn1sNB7~ruM+$!_`6h*$}XUB0Jb-2ixtS*ba8sL5Urdg2*CW@kAVE91W_s
zAlqF^^hZ$64M(J)<*XtY>1uC{W2fE|>1d5KsR{+9HK}geYKrQZ2YT9%M7qk&%V5k!
zod??l<B}PwY-;Mlq5n>>V>ntz+nO5eMRr7bHN4xJ#8idjH64*~8z^~G0wxwPiuOjD
zQt^kxtfvdL$Bc9|N%L%*ZOC{mPpcLds0Ek>M-ttUxcN%{&$?&!gbUuk{JEKnfBpCO
z?16Go9>D!Rw55kz+apaiJ>5C`j*OQN_J0sK0YyCA8dK(7*#xDHVd^sRXj?;5B;MWH
zA&jw{i+~O4j;aO#qe5B#&zViwCW~jApW+PUNbG1sFIpR%3}OHbLG95F0Ayy*VM;=3
zv>S|4xk>2yNIVYX69g!Ile*U30;&LW%MP<#3y(GmlWOUtBz9foXm|NRoOYCppQik6
zR*K<3Qe0%(X^&17Xb)YyxIGaVU>n6Gw<`f%;Bd4W%pvGVq^mNn*j4SlC(_s!hJjdx
zRySSW8gCDGH?~lGPYk*dkU9w608}xq!WG=x*BFU3#jk5^Z|znwhZ1p^tuQj6z^a5j
zFeIsz5Quz9Gu@O51PWjrYG6UYy87O}NTZx^tHdJBu0&l|w4+(C7tp?5O9}ydJEA?!
zEpLe=s1kcxVYKN!6oI)FjueWh4BZofB@YXaH+Dfqp%X=U{a^~7iUXRWw_5aUah1}R
zz<_oz(%IA671`e%xlyf>tPmD}93O~uve1Pgm~JmmwjhAWq^uZQ6N!b9l4dH=^{}Q}
zJVt~r9;GBu9mhdEMe7jGGExvpgC4fFhuh+M=suXuL%Wb2(<3q4B2j`9RE(}vauJ5<
zQ$aUJx}qtBLj-j6RDhWCq+m)!sIiNMr@{`w`pZ_kl+xOgV5dpJgD?eyWUvBHg|QkO
z4ELtuK(qJ4VibChH8DKY-E$;m#ZlRTS^`3BY52Hlj}!S*<XF$J5n0eXY;pU*L>vjH
zhAUeX*aKLlH{(LOGFS~WP#l@XIvZBfO_sfawQ3VhRy(3*8}w_~Re<>_CcP=z1B>&H
zj%atGn$N;dFu`O(#Ee!<FRb}2>_LRhn4Bn3Ao9?p%$^n3+GI9GVFX5s!u|<ju>R=@
zx7iY5-mu&i5E~p#WFDJLSjC&|us;DAVZjahZo;eqO{N%g?HTRiW<*+0QQY;F^$o$j
z2d}R_e0cAkhCP*sD;ug0>^``+^3Yzh4NWXkk^2y_o+DtF&0~?oVtjW=+XA8##yFLY
zcvssO-B=xKM+CMkU`vGRw`8W2Kyi6tPfmiST?VKW6hvjhN)#HBCR3?qYg)3TC=LO*
z5rcfnDI>MT!aPmTgxGpGXH?e9Dq2-HVvQe^pn8vJM$8AQLVPbI4g@S_!e&z|Zsy>+
ziE1p`oU$JPY7sHkSPVcr#Z}9J7_d66sm``f?5W{~ku~IqBua3pXqdy%m}E~-1|sSP
zowkobfTTF2GWWKG<&Ip6M|06^xN9et?YL!wd@3eTB-D_4L70OYH6DQ-ILw!7_Dbjm
zVxVhi1|Fe!w6idk*Y*ePiQYI33bUaj()q?I&nb~0cP`Y<A<dF3LAP3>pQ&C)n$&15
zKA42sVfZ@Nv|2|#*G!htpms)!hALoV3ECBha@g<1A>1Bg-|nq61+!pe#hCsE$&QLa
z-n3RLZ;)J&K8M6o2H0zt+?K9Xq7fu*wY1k|ui7y+?}7=#B3%IHAkemQ`mi+Tjktxf
zWVEInXc*5e<q{mHX8&?syu~~kiL{w0W~eW8N7yWewiBEDaoCiB-U?%Jqz(3XV58VF
zkxTLbRtjb>OGgXC2y|cqg8h66E}_eZdzX%E0jq*z=#sf%=Y6S2v{lrduqk0N7{gNw
zQDr<N2t{!A<Zq0%hCnu9*d~uu@43!u+;-S;$Ds;q0K4iin0LXZkCYv5u5B^9yAmcg
zDGKgrYgZg*Vq%ZQDpn5C%G4umo4J2O_F!dhPan5ufO8Dk#}nh6HWbJLmnbEbiH{%)
zve6XIJlfMC_tZ^T9?Amc4sfJN4IH+@;5Y~b+IqAV#Du(o^zVcq>)hvT>vvq{+v3|{
zH?%d@me3EOXc>PFyQMT1$)lOnt_^Mr!0@RKX%Hzp*U;K=G^+LupcY+;SQJdH3b0iY
zLTWqIHaI9#u;&Pj9AfQ`#9%@O5YhzYY;zAZ&z+GbwXmq|z>OzVp`)<H33JjrTSWk=
zDH)I>J?$~szknomBp`^Jj<9v3=*F)H?c5E6L{B>`GTLK3-H}?b81d`FebuQc#o;dK
z;@3qwn!8)%5<Suc2`c5xH7?fR*3>jkDXQTdr8(RtRvxyR$_2g33v-*)YGqfnE8bEa
z6*5pgK<x`CbO<d46pX&k&2Fegv|SMeI<T7}=Q&V-T&JtJx4>Wz6|^S#v`?U-)q1)*
z6|Ytr2h|i9x8P(C?|{=o*cPFUh-%neh{L`$Y!ZT;_u-kLqKV=;9E~1=^=O-_h%H8i
z*o2MgDP31Hv`a^~YBRD2aX2Uhn}Ws+qJ=?%b~Agh;S_0D1&P^os#(Am<K_ye8V<tk
z;l9@Po_3gO!I><C#n2+b&SM<bC}3tmJ4BCD=csDJs}kE9Q>_Sa%u>r3YuVEhz7uyb
zagW4o3%BEGPaHKCEFo&5Uz&8QAUO&&MMZ~)NgecCw3VRRxZ6xaqHJ|Mmc>e79y~gQ
z!%nfb6N@I&{pJV^)nc(E?tIy{{}y1pwP3<Ompu{uwlxY02SzzK{D402rbMY4M7D>v
zR>Q%hRa*M$8acR@o2lu!+#d!Bh|{e|2NVzDv*ZlTyTzI*(_S*#_SRIt#rdN+phfw?
zx;EMY%TJ<!6IE=u)M0%Tv;a06aLyf0wJ0n`x=k2BJ2v4k1}i#y@3AATWUO2q+F9_t
zkXVXyPEoA5L>Ch?R%;r01V&mM48(E*>q+&XrHN2DR12%pWDZ-KQVO~W&a1+3Oo&q!
zU=dXZb|~Rs9b}6mds_qqfK+T^)N+e{rDa_h4L!3P>K+$Gs3wL~Hj==GAhcLYQ90G~
z<JRCO1W6XaPRi_s#UliWjv@`Al`Mh>_2s4vJp?uk)d)>~74%NonGV4eL~OX)w<tRj
zU^oxa2(7Hq;c)X_uzF1}O;I7cTf$u|Xct^OU_rIrN6V}rY2MrAHh7JF2$W0;j%zz`
zkGL5Q=<b383TTZkIHjmLdVK_TL=vfU?7h*W)gb7uuAUfNLa0<CyRJ13TZ_@_V6#WD
zxeummczz9`*M~b2*R^&Wi|_7=!g+pt51j8dMqtdMtzb;Mt0$g-sew2?#@`r*6vJK3
z5&SLp4sPg)c86)OLvckS$8Z!r1pB$L#lNqotxX(R;?|&I#Ae#7J7BDZy}h=`0eM7@
zgsWh`s?Ao!b<rpsB8Ho4I@$yivfw?i&)W!vU>nJOxp<{LECuRtdMAz=)xfs54}=rn
z)rC7V!PXd+y$9AcIJKzmsEtQ}DohAEgxyd-z;IN8i2)%iW@|gZk~Owqb*rNBZW~PH
z00~Bj5)e2TIf}b(VstMz;jRr-Kny=}M@wA=+CtZEWCCfB>ADJzKk|+UO!gb@j5NY@
zrZEglM>xl|E*OPz6o73CnBz2~)rRHI8{K4CNdIU%PL*hycn+sMmu=lDryZhx@+a=A
zii<L6x}-_Ldqpr{mB+#zt&PWE^a9hmY10-nRBoF6nOicqfM?!q-d&Jcu!Xp?ZYcp%
zg&jTZz*wL!5C{|nwgt8aiUT_WC4tgFSzu>Tps1*5ThaES;-VczB}Ju0Wkox;1-2D!
z+qP}{w&HC&wv}uv-Bz}3=k~z%qV3z@B75=n9otK`mu@fHzOy(`TvWWRczbbi@s8q>
z;?m->;+;DJJBoH}+p&E|@s1rkN_Ld)DBH2KBv4XRvaMu$NpZ=Jl9H0rlCqMWrGe6-
z(ru;NON&c)l$Mm1mX?+7EDMwsm2E5AURGSTqpYN?w5+Ub=T2a8CltRENbiJfJ0WP%
zO3I5*1((T_(0F&aOI=klNjqc=?kI?>TR0(5L$k!<Vv8wq!gf-(2^Xet6Ajjx0B+g3
zb?a?nk4q-Q7QuC#b=eDlg^om;Vg3O(4DckjfNp4oP0)JSLKat1x)N8Is9rdX$6<j2
zN5z<PL7iY*U9A%qM8TX5Z!HwY;Lek{`vt9QI9wi2TADLG&6}RFD)XXcYnQKEk-c(x
zmOI<Edi8l37dY0qa~x}3>(VcDT;$BVz;s>i@-N%!2)K%z+Z?Bz&pMxTf5`i5=Wjf}
zbH466lkt(h#Dfn#8K|p&@Lhu!eQRabTdw=fZ?_g+bL(vluif|1yB~S<*^hntGcSGd
zmB0P=cj0x3?p3QVD=IE6zv8OuYj3;n-4OYSPk-i%fBTPL`tJ7(_llJww)~2{`>L<K
zy(x0vBk%vfEC2YV6{{|Tpz69?ZoM52h97$5S;+FzE3ba{dvhyR?X7N#B=7t9XI~uu
z>euIfeDD1ao_glR@t0oy(l`IPYUpqN;fw$HrRoDUbvNDK@W8tt{@ABp82_JNeEI9E
zE?9HRt-tu?>t~Yfo!@?SWnM@0qTGhN-}cexkALQ~7p%EBZ{Pj{HT5^&di&dsfAXcT
zeDz=Ee*E*U_`}^jk6pU8@bvR9jKBP)ufO_4#p6SPhx5Mtm47^QpyuXV(!E*Pn+kvU
zqmF3lRoCp=JNU?<=AOw{rv7RA8~+CH|1ldbx#v~)J$t+ty3<yj`0&c)hdg;1CoXiY
z^*Y>z?qYYk%aNXzzA7`AwK}~v-Q~V0GsER|rMsLimutD(<64&HSn2Z|NWU<>F5Q{7
zW_i%P+XatoxmTrSEiZTHZfr2y-FIwEPI~Scb*)Rg=Xb7~(l5x!$vA)c`OEJ}%S>CB
zc2oN0o_(2H+{@h#SJAR9?saL)T*(hZRAJHeuH-52m98w;mFZ>P%RTp;S(W20T;+G=
zXXR%l-{rpN@wLl*1Ml?|dag)!uFT0uzIaLZ^5oanE%zkPc#^L!|H%hjr5Pt~JwG|-
zP5zxHGv^9dW?GqdpLcm$_p*y!H@k1jNZy-sQRW31*SVALO#9HO<!jtUC*3E$d1?A`
zk0<#|_KBaTJIu{#5c`lj`J(GWSJnz6&EbH`IX&s=POmq^ndw>PT<Oksta7gQoVV(H
zhtIjjxpu`xo?LI9V}s)k_c7=5u8%oC>->`QpPXM={?&}HIlu1wrentQ9p}HfXPrMZ
z=iKwoU%P(eSib3ss}IyX{J{_YW&eZkdF;uLfBNkoOH0ovx$5d0e>(L~?(=g>N^h(?
z{@h2O|C=2%tKad!yFX|tBkJOTnx@FDpL*fKi_*QB%g$d@va@{T+39a&lny>JlAd|R
z)kj+&esoo|Vf=?by7|b@etYK7;V0g|wQy5G?FWWWK6UE!$VWc?*)OCmTkgv(zh>_Z
z&z%1Ie;7_*yY7;WS6}mQ|M8<UFMZK%uHSfR!S=H9s%x(c9;&?&buZKyIeIMKclYsk
zo_g;2(TS;#KHm|2@jbU+((iG({jQ@fN8#4wJ-M!;tc%<mGA{O9?%CsBxjFe<+6MOq
zcY(Kf*@4|BN;59V^yXZ#cc-h-n-RFclkd9F<ESWezr|DN&P>lpuP`^cmuHl?%027S
z-OJO1)ur24Y){|n%{+1G!M9xQ-F(5iOD{TqO~wHzV9$!R>6vL&-c1=j%XVG8IqeEh
zX4(yD4o|krlYH>V#Z}(S<TJNlvUgc#+KTha(=to8xYs2A`pTw5%d0Xn_wBu~%6n)<
zb$Vv<7yB}EUHhv`T`RqrX*<(1Pn4`pzruCVjgG8sEAD;&(Vk_=FTC@*#ufJkvM+e}
zxqJ4X{Ofymrf+uNns#aCzRUv8dH0Oo5_yYzXZorNREfvuz4v`>bH<bZc4B*$BR6fO
z+k4_&54ewcR=6_KvmXuZ&*;7~`HRfBH|E=S7j}iZjJ3&koY?QWe^-|8zF=NjTJo!x
zd#=uR#Qd&xZs&=LyjA5M$BC)U_k2J3%ge5FXS$vDuG(|mRmsm?ndWfUdM+$>o>;lX
z-L(A1%;ZPQa#w6|XF!igOFnV$w0o6ng{#-ykOuuLYq`4&Dp%mW<iLr;%X5L367Nb#
znvtITyN#Lmr7dZom7#9HSv%P1!(EAeaLWv)pJIp?f5bc&2YfLTZ|I3NbVnnI@y;AB
zF7I`l#v`7Paoc&r#_Ba@-f}aP_oFStmv0W3TcXd*Y;lf+{1^WwwAFasEcxJ>P|5Ec
z-zjlq=9g|*@tx8Stqkuh%sII;a8bDGrx%~RuA(>`oV(-X4K>mHgCF?p$%Dq1!iOUN
zbn=k#&HTg0%y()(`dYZ|KfarP)70$An@r<}H_bVY-)zL-aR)y<dEkWq997E#zHCPX
zOqSE>aIbe<eBmw2$}=(?Ic`S=^l;DRt}DHpa~x(VWN>@IG^J-ca~<WF-R*@Wna*_%
zr*kKm0=E-Pq2pqw%drfx2NF2WcU}O70#XBQuOr=+>Acu+1>{{0ISYV1P<460j-)%6
z3985v6zW8Lk#i^TN2TOCsvK?y5O;VTH#nT>%e_Y&&WvU0)y@lnp2JbP(g7uUmN_<L
zIF7m<X~2|ot<&wwcCUb+X^t!h$ljIfycqtga5~bx4(GBA2N-BakMk18oi4XC!;$9t
zXAlB#n~oHn-n2}oBam0*4gmHz3Nn^EO{k>9RR)oe(N*qsI)_}26^?W)(B=GMh2i*o
zzTtYv5i*UmR;S^1WSY*P6NYl&eXY~uc-*;e^$N$O-nGlNx&lx)r*o5IH%Q*;Tn_ar
zbZiHzPNxUzz1it?{1C;4pJ>d^&W7y@$7_!F!9yodOLu|G?RXmK8_u9>-?AcizoR7U
zGN@;!s|aYOJFaqV@Ho6zJC-|(GoX(+8eAw!5Q^gi4wu&_B<pZo;8>aN@_gQlm05#Q
zg|@<U4(GoEZ)xCP=&bc($Q>vTh>f_QQ9VY6!})V)dC&;QAe85Jn3)A>qNUQDuB{+&
zcsK=8AG`oq0V;Q;K>;9h&^9c}VL<B^dp!8dk(On^sAV{=ao+&p##ZMVcqqo@_ISO{
z^o!l^bs44ZZC=Mp#|0kvoOL>kFG$hT<QRrLSGhp~>Fw!8C^;wB2$S38bNYzznG<pY
zRqzlDxTWGpRXn8|T_K;{oj4*X%qTyk(v2uQt^9|+?J?w2$ngA`%p(4dK)8DB#`p<@
z$S2R1=A)uRW=<ZHet~*+avthM4xjb0+=Q&x_E%Ho`~dF4$~TU}b77E=<Ul^=oxVd-
zs8W85@{_<X@puxFY>>$ed-$^urXE!?J`UwJsWk6&8U_?CoIU*AON4(DL@c?7?*`cD
z-0C(A^~jGF{y%Kt9Wx%IMU{0O&=08JUxRS@7D*ZKPWaGCo{GB+e3IQzjoj<QD7#$h
z*GP^~Zj_dMOdHEj#Un;%k01N6jJKD21*Ex7q%;hBc=;0H_}J)T>C2V~FI^(MWQlNm
zENn6Q`1s^v;i!6B;UButx2VM=F8LmPJy7C3fJuKa<OYUsXZRSyeGK2v@S_a>CBt_4
z_JLkd+t|Y&vV|Ai?iTO$Kwj;7Kz3lMcy2FdR!Msi3WJh@ODdo2MU}#R%3q4^U_|Dh
zIwJjv+oWF)e3GL&39S16iGN$X|6@L?7x|d4K+zvk{ER7osdDCmvfY0R<*ZVSTm(M#
z_Z73LcE>PNrLl+OQ-owU?BV#<m8(?x3a~$>`i<URpi8z4@$1muaHZdJhajH#!N4ZK
zcKJjAudz}a##>qZA4>mjpts&e|IPCEA;>Q^M-urM;B*_kF~DTMF!&GU_v=89Y%9|H
zW6R?|f&L{(Sh+VVk7xhWW9b5t_&(tML=1fY4?V_}Hrxsr?IpP<0q-LK{w!d$kL2=x
z<Pq;kAbc2bAp!931&sEZ+>3zKW91^~Cx9=eNbs}gJVw3^7Xh}%*8sl879V2z{ceb-
zu?v&E2-x1<-vVr>|2kkhKiht+=RX42E|2#E-e@a-0`LYK{x0CnHoWpDdiw2vaoi+#
zD`0#6Bw#y#CjnPdV(?!Byv2rB{#2L$Zoqz9d<?L?{tpA*WQ+e4V0(LgkL6$eGoAlZ
zz;=Fb0c_XLyBYpV!1nTA1Z<bjEMU7lSNz;#;5bfhKVW-&8(=%V2LTsQV(=$mJT-0j
zuOME&ok#{IS^N~l+vWXZmVV_gbp6-`_!=Ai6M*gQ@e#mkiYZck8!*lf$es5~z5iSb
z*e=fwz;^jq4~+u>2N3~(G$_Z94f82`j`Lv}Kej>mc`7~j-?i$uJ^U63qcryLMqBt^
zphM%qdSHO)+ru|OIL%S);g>HFj^F%SEd7op!poKjzha5-YnBM#y+rtR5Kd#7oqr5p
zjL++r2#597qUmp6B0LP?w8pWQ+X~^bbzyw6$-m7O?tNkLdC1^r-J+#$gnX-2o4*M8
zNXJ?roa&0v#{p9v(QZ<nlMrs#V|%(+fu4z(!F?Ih$+sC8Mi4Ol=HWOe5pD^-XFe(U
zMt!Gw75SJi`%^OhkzaenH-{xL!}u&<`}hRA^ICt;159<oJVk)*_T?C0yZw6tu)V)}
ze@kDhkR@IZ*lv%y09$o~ByR<LwM;7hej2cSJo;aND{S$bf9Ej{+VEQeUuwfo0=DP>
zGGIIX?ALXBSP0mjzZS6Fo*V~kAMZZ{*gk)0+2C1J{-O0!BbSOFyX5TggKv;O2<4(%
zihh}j&)(uW>-u7;c)q@<xHwIeR}b{i^(jA8C2@tqG35sWsd+G{zvTi~$n+SWtwQa3
z8z@Z0D-DM&mXsS%@nw)7-+zJ5p1%dc(II^bCm+LeZ1gFde2lMG@j1H|&p!&`=uG8T
zDF4HbG|TQ|{2*XlpP);F^`6WH<*W1<ZkLOp)=_hikLuL~`Akd*t{A?P0Wjsht&iI^
z5O43d_U|fSrZB|Y%j39%#YX|dR<Y%VYp4b~-$Owe&dbB}Bv<m0*x=_DPalW!?DfO^
zBnNx`ih7xUC?fr2v-FoLuR_W7?LeQ#jtKB^zN*<$`DPVeqear6YnA>ncy}k!8Gyl^
z=Gyk~hasG7#LTx+?bHHg(p+)?=-Auq3BZ>qp3r;S_f!1?F^~T&q^B}4{>y-ATtfU^
zz%;fX{t-*x#oF5g-vzd>b4UJ_z6OrDVLy-Y!}Ig<&I5XOyE*~+?d`Y|;-y8A^f|q2
zAfDum?-`;w>CF(nQDzb22=y_0IPSlds5DEp@3hjxrQ$<MZ+?@JX3dvzye?35?cujV
z7`6rJ0@*8?2hLwAYf9}MKt%vYb4jv;zdmy&is473s#)@hZIJn?J*i))WQJGKr*U--
ziGZ`~hYVTxcW%aG++{Zm3zG=Du^Rpk$7I56l^*p4!~4{SXX;f4#<}w<!()UL-&8-;
z2l{O<2G;|Nh2y+pvGB?z!mnQ<{Ej8UdzJ{lXNmAfmIxnNBK-49gnxaB@b4}WZZwK(
z#qe4NxTRshg+6te+la$$F?@MMLw8@d5yqQQ@IH{XhPG&PgZP1O5{f0P-*68~{ssaK
zcw?L1RM4O<tBOqVmhiS6B^Dt(XtaR54lZD8$DMF{s{x-&gBPCQ>wH9TBV5Spjx0*J
z8H&d%w+(Q844$PH$$`UmcqNm?Vq<%(!5CHgW!Vd*SA^;PqJ#@r{1C$hY9OQZqYMYt
zh8M-d$&PS@#~7YuxJ)Ia^aZLT67FMoP$@OV&oJDl3<Jf-)L=z;g5ha2c;G0$Kp9TL
zNmE2y@ly=XV#fqW>B~0hc*w8gS%ztIp7Lj_&3eKuYGFips)5mCICeyjA7FU6QIC%`
z>9``I<Lsk4o?&>jS&vV)=s4J_V-pPuII7Pm!-H`>ey&@`UNk)5D1YBwI`+O*$ASBF
zT*Yt;!%2omAJX#=Kdj@)$8<b4q~qZK&~e2Fbv*N&j;BAa<El^Uc;c^hY<^nDbDz<1
z--|k)nb7g%=X5-Ph8G;kH~9q}55J`2>6djpF{NYg|EJ>thKCuRVmSLNdj3I%3%;ty
z&wfqEGvCwkJi}$**W-f>hZr7Wc<={${t<?QKh@(Wexu`QhK=9q@l_1ZF<k#UJ$;Pf
z`q%aNL55>z^!Pc3y=vt{`cT1eJ;N;w7dYgAMET)Df+&!%$?yQf!wioyJj-xQy=R-~
zC*cYPI>KWN*L(E%X@=(*E=beUS1=r8*ozZzTluC}$7KvxF+9ld<O)6i%qktvtM4&V
zeG4wo<12D?Jb$r{M@=2KT%u!hgN~;+>Ua=0Xl?bax=hD&n{`~VMaT6F_c1)k@F>HR
z49_wQcc(P|Ooq!Cu4g#L@F2q@3{NsV!?3Yc=O>5ZWRo60!te~k^9*|<dj3&{2af9T
zX0wh*7%pgG@oHT|`sVG_<Fn&Bu4lNQTaOPh+{f?$!+pJa{%MBm@7Ckz-lpUE<2p_z
zb=-17$0H9g{7xOuGHgDm$4@+@<KUo<WAD*%_WN`^_ZK?udqT&d_v^UtgF3D{rQ`ai
zbv(rI6vLqrJ^l1^I`)24$0N_{c;FK{&i<s1=NX<E)8ohRfWc;8CdYN`ozQUw!&9Hr
z<EviMu{o*ZiC1(y{Es>=_>zvZr*u63WgSmV>v-lHIyS$l<9dc?|3!}v;Q@(F9%ZlT
zc=}&;JT|N2iXZ5>;D6~j`#*I&`x70{|5V3iKhtrHVdIy2eBZBh9Q>`0=YFT-DW_bZ
zlD(;S>A1qJ;{yC3hfO}l3LR&!)NzpE0fuu{>FEd0({alMI`*msH}N}rkscq*)p7mB
zI<Cmqan2?k7pMh1(QjdRnBl<Xdj1i=j=e=X9@(bjiBcU`mFYOJQ^&z8blh@{jz<`t
zVR&qpo_=nRj_3F5IQv?L59oM6efNaqm3>f;pJzCyR*w(dq~jRFBMc{R)zgpNuH%WY
zj;9+LZr1TwhmOstj$<)~J9V7w(($1BZXU^Fv|Eoa>(TK9!&P_c@n!hIGFyL}>C<t+
zT{<4^*Rl6)Iu4%D@yLBTo_dFly$|X*gck;F{LDYB<H1LDT<|^}*FUD?9JN74@-j~9
z@e@z#c;u9hTb|Kz{fBj&{ZSnkJg;N#Cv-gVNgYprO2;Fg(Q)W+blmr%j;lVeW8)<q
zXMa)0Q-7=Dfxp-B&_C$7{>wVf{)&#xuj+W_8#*5PXC3GKtBwbMpyN4)1OLwAf28Bl
zIfj3%<B6Z>c<QG*p8J`O`+lxt;}<#}V7Tv>dVJ2WbUgHH9h<+^aqM*+kEoMK(pS?Z
zH*g8pdvqM~>Ubnm$8*bdT$ZKd<SHE-=j(V%eQ1lyH`nR$1E!8=86M8p<3sCpY+R<}
ziOo8mx?IP>fR3}b>Db(^<Ka>rhj!{XR<7f@t93kDq2q~49arqru~DVt>}nkkUa#X|
zjgCV>9nT!r@$ij0j@_i=z!4n}F+AAF;+u3l64CM4Q5_F8>)343@d(3#Rz2RlL&p=x
zbX?J{<H-&k=XB~g7}xP+kB*H#9eewA9K2h{L&tSIb3(@j_vv`#?K<vzP{)(+((%lr
zI-Y%xjz`|7<LSqAJo<he$3CFr<Og+ZJf-7_Q#zh{TF1fXbe#QR9h)D~@$koV9QrFA
z$3CIsxiKA&ep<&9pV4u}gpQ5R={WoIIv#vk$H7;0Z2rBDXTGB2s;}yJp5eZ)>G6XM
zPcl5i@EpS<U)Sk*r*&M<aOj&X{#!bpW_XU_f^X~TD;N$k?0r>F-@<U;YkK^^cXgce
zeH~~2K*tsTspGyM>v-a)IxhH`j)#A#<KVA!JoIZF7yMSoBkIN#jc>s;w>JMAzz-zZ
z=A)Ag&wKUwu?!s#X6kruxsJ<L>bP%}jsq9yI2%8JY~yEu;j*=Q{M<Sn8@W2JzgWj*
z`8sadsN>1aIv(1hW7DtW8HSUEdi-D!!^JutD%EjSxsHdg&~fle9h+C{c=j3{$0~JP
zwnxXK`*b|9U&mEdIu2Cpc;q@A2M*}C;;@dB49DvA_&J8XH|g;e4A(Q<!mxR>o<GU(
z6vOkk=;;mhtQ7ShLp|$6xTQl+Kg#eV!_y3B$MyX6496HwGHmqd`KuTXF&txftWVEB
z&F~z<$%LMMh~XKA=Nb0irRN`Dc$nc)hO_(i{1qp3T+i?T!?O&J-lONAWO$z8?0fa}
z6%3CtJanI)ew5)EhQ0Ue>0=DHyj_o<WVq!Wdi(^#p#eR9h~aGYy*<+J3Wi4+Zh5Cp
zZ<yg}hASS_)6X+p@Gd<*#PB4;6A$U>&3Ef~g5jKp_4qM{=NJzDrJjC>;c13*hV}G8
zh6fm)V0fP4f|EMEdWHuW9%Fcx;hZORdQ}YfF+9xhB*SwI=RBp;uVA=^;X#JS7@lF+
zdrGGtV7Q*)K8A-F9%Fc#;dzF0p4Q7RW4NB-K8A-F9%Fc#;dzF0o?+!PT+eVH!$S;@
zF+9!iJi|GsS@{gtGu+4U5W`~(PcuBvaLx!TpW%9j3!c@}#~2=9c!=SF=k)y344WU)
z<69UWVR)9|f)BI&3=cCr&2aWd^!!x}Cm9}Nc#h$MkLvX586IGGjNw^^bDr1fRWaPh
z@Cd`x40}g)dSwi^Fg(cc7{fCRdq1Yr4=`NMaFXE>hNl>wXW0C>US1W$F@}d2o?v*E
z;q1TC>6bAaVt9bzQHG}(Ha?-#FJL&xa390N3{NsV$8gRk_3|nhZecjd@U(hHkmfgY
z3>SQ!(Pucw@C?KA412$z)0<`3cu9}XW_a)`di)5(lMK%=?ER{qzkuNihC>YZF+9ZZ
zD8o|>&ob=&n$C~Oa0SEl4EHfS$nYq`lMK%?Y<!*Z!*ChH^$f=t9%Oig;Yo&P7&fML
zesUOY`Gy{!WO(T3di*HE6ATZzJ=%UtGEK)r3{NpU=GD_rF`S*D#}8-fc#Pp`hUXX_
zT(0LIVR(|^8HNYcJ9()8PcrPy(dkz)oMd>6;W>s2*6Q?P3=c3o%J4M9#yXu|0mDIt
z`xqW(c#`4l3mJWegADgEJk0PU!-0!*`Z0z_8J=UfAXm>HVt9z*DTe16uDY1fV|aw&
zDTe16HuH3PRSd@%9%6Wc;c12grcQr=;ZcUC88-6u{5cHwF+9TX1jp*xWa>}T40|`~
z<%JmTV|bY1S%!^Eb$TYlRSXX?Jj(DK!`@9g{i>}x?kmypFvDXEdrS57Cc}daPcocS
zrsoeb+`{kx!y^pm>}2#9Zee(Y;R%L^%5{3947XgN$0r${V0fP4f-Cj>A%+JTo?v*6
zVe=}TUXbA=!=nt(Fr0n0POpOD7{h}Mk1{;T@GQgLYxMF87_MTth2a5)M;M-Dc!pu4
zLNDKBxPsvj!%2pR8J=KxhGC<UmCtYm!y$&J86Hs2@RR+T+^^H0Vc1mfNTBp(Z_(3F
zFg(rhEW<PES$v{5&+sHYlP_jz@Z87^dU-7jk235%sHdM`IOmWaKg{qn!v%-+^rH+<
zGF(urr=Milyit#jF+9U?s7_Bm#_%k|leg&Uleg-4h~fI%^!S0>bv(;(uz|%hJQmX9
z=NKLf>+w?z532{rNk0Y~_4L_II`&3%9AbE)S&uKfgW+}^Pc!UI>hTo}SKXt>4>8>G
zpdLT?E*-bLN5`}8)p7m%bUe*))nj`6B*SHo>+yjP>Nv*m48wuH)YB&!o@2ORSWoXg
zspA=jC!W&d$4=?E;AtI)7#?JJg5k0eJ%5nlQHEz29(Y#IKgsY6!}AQ6J*VdnGCcEP
zJ-+HAI-X%T@KHV9d|t<s3=fX#@ns*=vG?OT9%VTBS9*NGCv-f+@Zcx)_^MCoc%I>z
zF+G0ZuXWt=86D?*R>w08=lqQxKgV$JMLm9o;hYIQeu&{&hJ*i8Pe03W+2{258HTgJ
zpvU(yJjn0_!_y4czogR}<oJtve8I~)E@OC};fYB-{T##e?q{;!lj>d2gr^vuWq6L^
zd4`RZY1;mcm*H%Na~L)mE?~HV;d+K+4EHgdWO#t#VTMN-o?v*I;TeW!8J=U<o2ARk
zWVnpsAj2&TCm9}Mc$DD@hNl^xV|bq7>};L?9EJl7moXe<xP{>)!$S;@GCaxf48!vb
zXRCJ`lm43w2N<qkILL5_;TXe7h6foQW_Xn0Nrq<_o@dxt&Dw`yli>n}0}PijT)}V^
z!$F4Y8ICdB$8eJ20fvVe9$|Qb;c13v7@lQ#j$!Y4x;(QPE?~HV;d+K+3?~^LWO$h2
zQHCcNo?>{0;W>tl^I82EHW>~uT)}XV;Sj?yhLa2rGCa)iD8myBPcb~h@EpU2kJX=H
zli>iv6$}R%4lx{KILYuJ!@~@ZGCaZX6vHzN&oOLV!0OMi$#8(-3WkFWhZv4AoMd>A
z;bDeH8J=Kxis2cC=NLBDu=+D>G8|yIg5e;;A%<fNCm9}Oc$nc)h9?-FVt9t(IfjiK
zR)2;~h64;&FdSq!#Bhw^B*TLY4>LT<@C3tC49_q;$FQ-M)t_OL;Q+%`3<nu*VK~X~
z5W}MkPcl5i@I1rW>-72*FkHcKJ;O1E2N)h^c#PpGhG!WzF4XzUVK~5W6~iHhTNq9<
zJjn0}!($9jF+9t#aS`L6VUyu9hAS8jG8|$!#&DA1L57DJ9%Xof;VFh^7@lL;$kpqg
z&9KREfZ+;;gA9iljxn5Mc#z>?hQ}D5V0fD08HVQ>Hq^U|Y5kDHu*q;4!}RWB%3sgo
zLk#yZoMd=_;X#In7#?PLgyB(!#~7Ysc$(okhUXd1&eQcLhv5LjWemet^tAnkdWK^R
z_c1)k@DRhp43988#_$xwvkcEM>@{`%a~LjQxQyW{hU*z_VYrXs0fvVe9$|Ql;VFiv
z8J=Z$p5g3#R)2;~h6@<3V7Q9m5W{^8Cm9}Kc#z={h9?-FW_Xt2d4|3JyR>r&k)w*j
zaDfjhXp#<z(mRW|DFvHB5enS25@ZkwgJ@`7Ricp&noMVABpq<kNWzpDlV13!MFK6j
zsGYr%K@n=%5f{A?8z0as)9wPI6k@=-UFV<b|KD1Rx%Jh5&bd`R)sMQId+u?$e&J9!
z5?&YX2zQ11!ijJyoC)s<PlRW}3*kbz@i<?9DBKqA2*<*G;el`}j5@;j{2e`Cji0)*
zs;;t5yDAs3tOxBf+2&TC)#;8m9xnfs8@MApvck;JGvVP;_D`*_GVDjfz7?y6-Vn}?
zbG)%|;|bQA!lBhyMf{;~D!gY4Ho!g?_G0dDbcT6$kvZFD4y>Lj;(J!l6g(6T-e>>#
z3Uewv6OOL3eKTPWh0_mN&xHMJtT%)^*IAE+d!Mu37cOqH?%iTetzIf#uh{CPf&;6U
z3eK!vDtOQ8je-}#16Odm+@L4Ijo(@C3peht-W1ONVEwMu1Ksb>>Un~DR=*RR2@jU<
z>iT>qRv#1g>HSqbE$~#hYxOIk$3ENlteztDOn5Hbw0eiI-w;lObKydG&FUi}ULrgf
zUI>S6zMg?_A{@QK_KEOJcrF~AW&iFL^T_HM;(GRWS<i(>H>(e9*k{7?W7T|g=nLUw
zm-V5rZ}kJ<-?MrF;I7T*2d~dLUSad|p?h~&-?RDl&~st$9^3oE8;9JtQhk31N0>w5
z;4#sK`%kkzP=1~D#T(4Mx0$EH<8!R%!fWra-WI-lf%V=db6<FTk@Y>{ber|$J?6zF
z=7G&e#{bK=`NiO|aA5O?p-+UzHs1?+@eTLqf6Lsr`694Sg#GW>zH9SAU?1504{&Jn
zJ;3R0_HTaA-1&hy7S3({2jUgN!H?|U5grOpggu)-f%uVdPdF2v3pZ{41LAE6C&IaK
zA-rbuB@l02IJNl_(7iwT^_cy|TnKmnVSOgN@h|J?ef95Krz{?14i7L-ZN3A}&wq&Z
z+~zYtFNEWRY#$$HE*i}75$5($=KL6Q{3vt(DdvXdOXK`z&$1p^elYZ=<@<s|;cVsk
zz`cHB;fe56*n5HdZwTinSf2_<FS5Qa9IcBk+!0P+V*AYUL2>=w%d8hCncJ2h3j3jO
zDjZopDC~<@IbQM_b1vLD#d>7<m53L0SRYt^AN1^+=$79HefkOO<4>7$;n8QTkA;Vp
z--r0gEw=AlJ|6UmaPbA(FDxGq_R*KDcQfXRa3LIh#rB!yqal7^`DWnM^3A}7<(Glu
zuQ^^}`D4%rmM;dLP1xSQ%^cc#2F~6o<CW(J$4#sE4?Pz4SDp`+k*)qc>=WT^<@da^
zpC7D$Z#pilo;>^;RzDuxxBA}T&Ik49uk#PDFwd_tN4w0S)x$u%zVKK$u=*CTAAiL0
zqK}z}*O>=5n5V-2koDop=bO8}^-HzxMs|8XxuezZQOE5`t-GO==;vB@9It#IxiOjU
z1GRpjWbg0V-(BO{%J-F9!z#E}>uxBf>DT@TOKu;p`B2HzS<Qz_E`F(bxpYno3n8`K
zLP)Khv+nO(moIGZY?W=ffKhAf?7OY4O>fzjLZx0lzidyRKli5B+U}OtJEzZ-Hk->e
zkIIhz=jP7U-I?w+bz4x~rgi&kbsd#jukQdpS?)L&8;<hYzg6~VH`icUwYH4V{y{hF
z<ov6rk@9_Md4OnjfiR4(A;5Fxjyv~#e;bz@qcuZ!Pq+>KI1ktNYX2C=Lkqj5^NK(C
znR3V7FV)jxd7s*PVrWwryxd&>ZWsMyeY8i)WA5DHk9E?}-YvD&&BE;;da~Se_cQ#l
jjvHF6<A(n)`p0#hD1GtT?FTJ)!W)&xsnvt!zV`ngUf?T|

literal 0
HcmV?d00001

diff --git a/programs/sbf/Cargo.lock b/programs/sbf/Cargo.lock
index 8a3b37e656..0fbd071bfa 100644
--- a/programs/sbf/Cargo.lock
+++ b/programs/sbf/Cargo.lock
@@ -132,6 +132,7 @@ dependencies = [
  "solana-rpc-client",
  "solana-rpc-client-api",
  "solana-runtime",
+ "solana-runtime-plugin",
  "solana-sdk",
  "solana-send-transaction-service",
  "solana-storage-bigtable",
@@ -145,6 +146,7 @@ dependencies = [
  "thiserror 2.0.6",
  "tikv-jemallocator",
  "tokio",
+ "tonic",
 ]
 
 [[package]]
@@ -210,6 +212,145 @@ version = "0.2.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5c6cb57a04249c6480766f7f7cef5467412af1490f8d1e243141daddada3264f"
 
+[[package]]
+name = "anchor-attribute-access-control"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "regex",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-account"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "bs58 0.4.0",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "rustversion",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-constant"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "proc-macro2 1.0.92",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-error"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-event"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-interface"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "heck 0.3.3",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-program"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-attribute-state"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-derive-accounts"
+version = "0.24.2"
+dependencies = [
+ "anchor-syn",
+ "anyhow",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "anchor-lang"
+version = "0.24.2"
+dependencies = [
+ "anchor-attribute-access-control",
+ "anchor-attribute-account",
+ "anchor-attribute-constant",
+ "anchor-attribute-error",
+ "anchor-attribute-event",
+ "anchor-attribute-interface",
+ "anchor-attribute-program",
+ "anchor-attribute-state",
+ "anchor-derive-accounts",
+ "arrayref",
+ "base64 0.13.1",
+ "bincode",
+ "borsh 0.10.3",
+ "bytemuck",
+ "solana-program",
+ "thiserror 1.0.69",
+]
+
+[[package]]
+name = "anchor-syn"
+version = "0.24.2"
+dependencies = [
+ "anyhow",
+ "bs58 0.3.1",
+ "heck 0.3.3",
+ "proc-macro2 1.0.92",
+ "proc-macro2-diagnostics",
+ "quote 1.0.37",
+ "serde",
+ "serde_json",
+ "sha2 0.9.9",
+ "syn 1.0.109",
+ "thiserror 1.0.69",
+]
+
 [[package]]
 name = "android-tzdata"
 version = "0.1.1"
@@ -249,8 +390,8 @@ dependencies = [
  "include_dir",
  "itertools 0.10.5",
  "proc-macro-error",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -314,7 +455,7 @@ version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3ed4aa4fe255d0bc6d79373f7e31d2ea147bcf486cba1be5ba7ea85abdb92348"
 dependencies = [
- "quote",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -326,8 +467,8 @@ checksum = "7abe79b0e4288889c4574159ab790824d0033b9fdcb2a112a3182fac2e514565"
 dependencies = [
  "num-bigint 0.4.6",
  "num-traits",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -362,8 +503,8 @@ version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ae3281bc6d0fd7e549af32b52511e1302185bd688fd3359fa36423346ff682ea"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -423,8 +564,8 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "726535892e8eae7e70657b4c8ea93d26b8553afb1ce617caee529ef96d7dee6c"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
  "synstructure 0.12.6",
 ]
@@ -435,8 +576,8 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -499,8 +640,8 @@ version = "0.3.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -510,8 +651,8 @@ version = "0.1.83"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "721cae7de5c34fbb2acd27e21e6d2cf7b886dce0c27388d46c4e6c47ea4318dd"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -660,8 +801,8 @@ dependencies = [
  "itertools 0.12.1",
  "lazy_static",
  "lazycell",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
@@ -753,7 +894,7 @@ dependencies = [
  "borsh-derive-internal",
  "borsh-schema-derive-internal",
  "proc-macro-crate 0.1.5",
- "proc-macro2",
+ "proc-macro2 1.0.92",
  "syn 1.0.109",
 ]
 
@@ -765,8 +906,8 @@ checksum = "c2593a3b8b938bd68373196c9832f516be11fa487ef4ae745eb282e6a56a7244"
 dependencies = [
  "once_cell",
  "proc-macro-crate 3.1.0",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -776,8 +917,8 @@ version = "0.10.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "afb438156919598d2c7bad7e1c0adf3d26ed3840dbc010db1a882a65583ca2fb"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -787,8 +928,8 @@ version = "0.10.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "634205cc43f74a1b9046ef87c4540ebda95696ec0f315024860cad7c5b0f5ccd"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -813,6 +954,18 @@ dependencies = [
  "alloc-stdlib",
 ]
 
+[[package]]
+name = "bs58"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "476e9cd489f9e121e02ffa6014a8ef220ecb15c05ed23fc34cca13925dc283fb"
+
+[[package]]
+name = "bs58"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "771fe0050b883fcc3ea2359b1a96bcfbc090b7116eae7c3c512c7a083fdf23d3"
+
 [[package]]
 name = "bs58"
 version = "0.5.1"
@@ -863,8 +1016,8 @@ version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bcfcc3cd946cb52f0bbfdbbcfa2f4e24f75ebb6c0e1002f7c25904fada18b9ec"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -967,8 +1120,8 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "45565fc9416b9896014f5732ac776f810ee53a66730c17e4020c3ec064a8f88f"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -1270,8 +1423,8 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -1293,8 +1446,8 @@ checksum = "ab8bfa2e259f8ee1ce5e97824a3c55ec4404a0d772ca7fa96bf19f0752a046eb"
 dependencies = [
  "fnv",
  "ident_case",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "strsim 0.10.0",
  "syn 2.0.87",
 ]
@@ -1306,7 +1459,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "29a358ff9f12ec09c3e61fef9b5a9902623a695a46a917b07f269bff1445611a"
 dependencies = [
  "darling_core",
- "quote",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -1330,6 +1483,17 @@ version = "2.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e8566979429cf69b49a5c740c60791108e86440e8be149bbea4fe54d2c32d6e2"
 
+[[package]]
+name = "default-env"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f753eb82d29277e79efc625e84aecacfd4851ee50e05a8573a4740239a77bfd3"
+dependencies = [
+ "proc-macro2 0.4.30",
+ "quote 0.6.13",
+ "syn 0.15.44",
+]
+
 [[package]]
 name = "der-parser"
 version = "8.2.0"
@@ -1365,8 +1529,8 @@ version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -1376,8 +1540,8 @@ version = "1.2.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "62d671cc41a825ebabc75757b62d3d168c577f9149b2d49ece1dad1f72119d25"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -1388,8 +1552,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4fb810d30a7c1953f91334de7244731fc3f3c10d7fe163338a35b9f640960321"
 dependencies = [
  "convert_case",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "rustc_version",
  "syn 1.0.109",
 ]
@@ -1468,8 +1632,8 @@ version = "0.2.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -1491,8 +1655,8 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a6cbae11b3de8fce2a456e8ea3dada226b35fe791f0dc1d360c0941f0bb681f3"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -1550,8 +1714,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0f0042ff8246a363dbe77d2ceedb073339e85a804b9a47636c6e016a9a32c05f"
 dependencies = [
  "enum-ordinalize",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -1600,8 +1764,8 @@ version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "03cdc46ec28bd728e67540c528013c6a10eb69a02eb31078a1bda695438cbfb8"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -1613,8 +1777,8 @@ checksum = "1bf1fa3f06bbff1ea5b1a9c7b14aa992a39657db60a2759457328d7e058f49ee"
 dependencies = [
  "num-bigint 0.4.6",
  "num-traits",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -1883,8 +2047,8 @@ version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -2120,6 +2284,15 @@ dependencies = [
  "http",
 ]
 
+[[package]]
+name = "heck"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d621efb26863f0e9924c6ac577e8275e5e6b77455db64ffa6c65c904e9e132c"
+dependencies = [
+ "unicode-segmentation",
+]
+
 [[package]]
 name = "heck"
 version = "0.4.0"
@@ -2437,8 +2610,8 @@ version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -2517,8 +2690,8 @@ version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b139284b5cf57ecfa712bcc66950bb635b31aff41c188e8a4cfc758eca374a3f"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
 ]
 
 [[package]]
@@ -2609,6 +2782,49 @@ version = "1.0.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38"
 
+[[package]]
+name = "jito-programs-vote-state"
+version = "0.1.5"
+dependencies = [
+ "anchor-lang",
+ "bincode",
+ "serde",
+ "serde_derive",
+ "solana-program",
+]
+
+[[package]]
+name = "jito-protos"
+version = "2.2.0"
+dependencies = [
+ "bytes",
+ "prost",
+ "prost-types",
+ "protobuf-src",
+ "tonic",
+ "tonic-build",
+]
+
+[[package]]
+name = "jito-tip-distribution"
+version = "0.1.5"
+dependencies = [
+ "anchor-lang",
+ "default-env",
+ "jito-programs-vote-state",
+ "solana-program",
+ "solana-security-txt",
+]
+
+[[package]]
+name = "jito-tip-payment"
+version = "0.1.5"
+dependencies = [
+ "anchor-lang",
+ "default-env",
+ "solana-security-txt",
+]
+
 [[package]]
 name = "jni"
 version = "0.19.0"
@@ -2710,8 +2926,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5b939a78fa820cdfcb7ee7484466746a7377760970f6f9c6fe19f9edcc8a38d2"
 dependencies = [
  "proc-macro-crate 0.1.5",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -3174,8 +3390,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "22ce75669015c4f47b289fd4d4f56e894e4c96003ffdf3ac51313126f94c6cbb"
 dependencies = [
  "cfg-if 1.0.0",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -3195,8 +3411,8 @@ version = "0.11.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5a7d5f7076603ebc68de2dc6a650ec331a062a13abaa346975be747bbfa4b789"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -3332,8 +3548,8 @@ version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -3404,8 +3620,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "af1844ef2428cc3e1cb900be36181049ef3d3193c63e43026cfe202983b27a56"
 dependencies = [
  "proc-macro-crate 3.1.0",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -3466,8 +3682,8 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -3669,8 +3885,8 @@ checksum = "3ec22af7d3fb470a85dd2ca96b7c577a1eb4ef6f1683a9fe9a8c16e136c04687"
 dependencies = [
  "pest",
  "pest_meta",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -3710,8 +3926,8 @@ version = "1.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -3805,7 +4021,7 @@ version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3b83ec2d0af5c5c556257ff52c9f98934e243b9fd39604bfb2a9b75ec2e97f18"
 dependencies = [
- "proc-macro2",
+ "proc-macro2 1.0.92",
  "syn 1.0.109",
 ]
 
@@ -3843,8 +4059,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
 dependencies = [
  "proc-macro-error-attr",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
  "version_check",
 ]
@@ -3855,11 +4071,20 @@ version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "version_check",
 ]
 
+[[package]]
+name = "proc-macro2"
+version = "0.4.30"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759"
+dependencies = [
+ "unicode-xid 0.1.0",
+]
+
 [[package]]
 name = "proc-macro2"
 version = "1.0.92"
@@ -3869,6 +4094,19 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "proc-macro2-diagnostics"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4bf29726d67464d49fa6224a1d07936a8c08bb3fba727c7493f6cf1616fdaada"
+dependencies = [
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 1.0.109",
+ "version_check",
+ "yansi",
+]
+
 [[package]]
 name = "prost"
 version = "0.11.9"
@@ -3886,7 +4124,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "119533552c9a7ffacc21e099c24a0ac8bb19c2a2a3f363de84cd9b844feab270"
 dependencies = [
  "bytes",
- "heck",
+ "heck 0.4.0",
  "itertools 0.10.5",
  "lazy_static",
  "log",
@@ -3909,8 +4147,8 @@ checksum = "e5d2d8d10f3c6ded6da8b05b5fb3b8a5082514344d56c9f871412d29b4e075b4"
 dependencies = [
  "anyhow",
  "itertools 0.10.5",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -3947,8 +4185,8 @@ version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9e2e25ee72f5b24d773cae88422baddefff7714f97aab68d96fe2b6fc4a28fb2"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -4019,13 +4257,22 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "quote"
+version = "0.6.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1"
+dependencies = [
+ "proc-macro2 0.4.30",
+]
+
 [[package]]
 name = "quote"
 version = "1.0.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af"
 dependencies = [
- "proc-macro2",
+ "proc-macro2 1.0.92",
 ]
 
 [[package]]
@@ -4421,6 +4668,18 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "rustls-native-certs"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00"
+dependencies = [
+ "openssl-probe",
+ "rustls-pemfile 1.0.0",
+ "schannel",
+ "security-framework",
+]
+
 [[package]]
 name = "rustls-native-certs"
 version = "0.7.3"
@@ -4474,7 +4733,7 @@ dependencies = [
  "log",
  "once_cell",
  "rustls 0.23.19",
- "rustls-native-certs",
+ "rustls-native-certs 0.7.3",
  "rustls-platform-verifier-android",
  "rustls-webpki 0.102.8",
  "security-framework",
@@ -4489,6 +4748,16 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f87165f0995f63a9fbeea62b64d10b4d9d8e78ec6d7d51fb2125fda7bb36788f"
 
+[[package]]
+name = "rustls-webpki"
+version = "0.100.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3"
+dependencies = [
+ "ring 0.16.20",
+ "untrusted 0.7.1",
+]
+
 [[package]]
 name = "rustls-webpki"
 version = "0.101.7"
@@ -4634,8 +4903,8 @@ version = "1.0.215"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -4681,8 +4950,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9d846214a9854ef724f3da161b426242d8de7c1fc7de2f89bb1efcb154dca79d"
 dependencies = [
  "darling",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -4915,7 +5184,7 @@ dependencies = [
  "Inflector",
  "base64 0.22.1",
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "bv",
  "lazy_static",
  "serde",
@@ -4937,7 +5206,7 @@ name = "solana-account-decoder-client-types"
 version = "2.2.0"
 dependencies = [
  "base64 0.22.1",
- "bs58",
+ "bs58 0.5.1",
  "serde",
  "serde_derive",
  "serde_json",
@@ -5060,6 +5329,7 @@ dependencies = [
  "solana-banks-interface",
  "solana-client",
  "solana-feature-set",
+ "solana-gossip",
  "solana-runtime",
  "solana-runtime-transaction",
  "solana-sdk",
@@ -5197,6 +5467,28 @@ dependencies = [
  "solana-vote-program",
 ]
 
+[[package]]
+name = "solana-bundle"
+version = "2.2.0"
+dependencies = [
+ "anchor-lang",
+ "itertools 0.12.1",
+ "log",
+ "serde",
+ "solana-accounts-db",
+ "solana-ledger",
+ "solana-logger",
+ "solana-measure",
+ "solana-poh",
+ "solana-program-runtime",
+ "solana-runtime",
+ "solana-sdk",
+ "solana-svm",
+ "solana-timings",
+ "solana-transaction-status",
+ "thiserror 2.0.6",
+]
+
 [[package]]
 name = "solana-clap-utils"
 version = "2.2.0"
@@ -5434,11 +5726,12 @@ name = "solana-core"
 version = "2.2.0"
 dependencies = [
  "ahash 0.8.11",
+ "anchor-lang",
  "anyhow",
  "arrayvec",
  "base64 0.22.1",
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "bytes",
  "chrono",
  "crossbeam-channel",
@@ -5447,12 +5740,17 @@ dependencies = [
  "futures 0.3.31",
  "histogram",
  "itertools 0.12.1",
+ "jito-protos",
+ "jito-tip-distribution",
+ "jito-tip-payment",
  "lazy_static",
  "log",
  "lru",
  "min-max-heap",
  "num_enum",
  "prio-graph",
+ "prost",
+ "prost-types",
  "qualifier_attr",
  "quinn",
  "rand 0.8.5",
@@ -5467,6 +5765,7 @@ dependencies = [
  "solana-accounts-db",
  "solana-bloom",
  "solana-builtins-default-costs",
+ "solana-bundle",
  "solana-client",
  "solana-compute-budget",
  "solana-compute-budget-instruction",
@@ -5488,6 +5787,7 @@ dependencies = [
  "solana-rpc",
  "solana-rpc-client-api",
  "solana-runtime",
+ "solana-runtime-plugin",
  "solana-runtime-transaction",
  "solana-sanitize",
  "solana-sdk",
@@ -5514,6 +5814,8 @@ dependencies = [
  "tempfile",
  "thiserror 2.0.6",
  "tokio",
+ "tonic",
+ "tonic-build",
  "trees",
 ]
 
@@ -5779,7 +6081,7 @@ name = "solana-geyser-plugin-manager"
 version = "2.2.0"
 dependencies = [
  "agave-geyser-plugin-interface",
- "bs58",
+ "bs58 0.5.1",
  "crossbeam-channel",
  "json5",
  "jsonrpc-core",
@@ -5862,7 +6164,7 @@ name = "solana-hash"
 version = "2.2.0"
 dependencies = [
  "borsh 1.5.3",
- "bs58",
+ "bs58 0.5.1",
  "bytemuck",
  "bytemuck_derive",
  "js-sys",
@@ -5919,7 +6221,7 @@ dependencies = [
 name = "solana-keypair"
 version = "2.2.0"
 dependencies = [
- "bs58",
+ "bs58 0.5.1",
  "ed25519-dalek",
  "ed25519-dalek-bip32",
  "rand 0.7.3",
@@ -5949,7 +6251,7 @@ version = "2.2.0"
 dependencies = [
  "base64 0.22.1",
  "blake3",
- "bs58",
+ "bs58 0.5.1",
  "bytemuck",
 ]
 
@@ -6282,7 +6584,7 @@ dependencies = [
  "blake3",
  "borsh 0.10.3",
  "borsh 1.5.3",
- "bs58",
+ "bs58 0.5.1",
  "bytemuck",
  "console_error_panic_hook",
  "console_log",
@@ -6467,7 +6769,7 @@ version = "2.2.0"
 dependencies = [
  "borsh 0.10.3",
  "borsh 1.5.3",
- "bs58",
+ "bs58 0.5.1",
  "bytemuck",
  "bytemuck_derive",
  "curve25519-dalek 4.1.3",
@@ -6620,7 +6922,7 @@ version = "2.2.0"
 dependencies = [
  "base64 0.22.1",
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "crossbeam-channel",
  "dashmap",
  "itertools 0.12.1",
@@ -6639,6 +6941,7 @@ dependencies = [
  "soketto",
  "solana-account-decoder",
  "solana-accounts-db",
+ "solana-bundle",
  "solana-client",
  "solana-entry",
  "solana-faucet",
@@ -6650,6 +6953,7 @@ dependencies = [
  "solana-metrics",
  "solana-perf",
  "solana-poh",
+ "solana-program-runtime",
  "solana-rayon-threadlimit",
  "solana-rpc-client-api",
  "solana-runtime",
@@ -6680,7 +6984,7 @@ dependencies = [
  "async-trait",
  "base64 0.22.1",
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "indicatif",
  "log",
  "reqwest",
@@ -6715,7 +7019,7 @@ version = "2.2.0"
 dependencies = [
  "anyhow",
  "base64 0.22.1",
- "bs58",
+ "bs58 0.5.1",
  "jsonrpc-core",
  "reqwest",
  "reqwest-middleware",
@@ -6725,13 +7029,16 @@ dependencies = [
  "serde_json",
  "solana-account",
  "solana-account-decoder-client-types",
+ "solana-bundle",
  "solana-clock",
  "solana-commitment-config",
  "solana-fee-calculator",
  "solana-inflation",
  "solana-inline-spl",
  "solana-pubkey",
+ "solana-sdk",
  "solana-signer",
+ "solana-svm",
  "solana-transaction-error",
  "solana-transaction-status-client-types",
  "solana-version",
@@ -6835,6 +7142,24 @@ dependencies = [
  "zstd",
 ]
 
+[[package]]
+name = "solana-runtime-plugin"
+version = "2.2.0"
+dependencies = [
+ "crossbeam-channel",
+ "json5",
+ "jsonrpc-core",
+ "jsonrpc-core-client",
+ "jsonrpc-derive",
+ "jsonrpc-ipc-server",
+ "jsonrpc-server-utils",
+ "libloading 0.7.4",
+ "log",
+ "solana-runtime",
+ "solana-sdk",
+ "thiserror 2.0.6",
+]
+
 [[package]]
 name = "solana-runtime-transaction"
 version = "2.2.0"
@@ -7357,10 +7682,12 @@ dependencies = [
 name = "solana-sdk"
 version = "2.2.0"
 dependencies = [
+ "anchor-lang",
+ "base64 0.22.1",
  "bincode",
  "bitflags 2.6.0",
  "borsh 1.5.3",
- "bs58",
+ "bs58 0.5.1",
  "bytemuck",
  "bytemuck_derive",
  "byteorder 1.5.0",
@@ -7450,9 +7777,9 @@ dependencies = [
 name = "solana-sdk-macro"
 version = "2.2.0"
 dependencies = [
- "bs58",
- "proc-macro2",
- "quote",
+ "bs58 0.5.1",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -7526,6 +7853,7 @@ dependencies = [
  "log",
  "solana-client",
  "solana-connection-cache",
+ "solana-gossip",
  "solana-measure",
  "solana-metrics",
  "solana-quic-client",
@@ -7579,7 +7907,7 @@ dependencies = [
 name = "solana-signature"
 version = "2.2.0"
 dependencies = [
- "bs58",
+ "bs58 0.5.1",
  "ed25519-dalek",
  "rand 0.8.5",
  "serde",
@@ -7679,7 +8007,7 @@ name = "solana-storage-proto"
 version = "2.2.0"
 dependencies = [
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "prost",
  "protobuf-src",
  "serde",
@@ -8089,7 +8417,7 @@ dependencies = [
  "base64 0.22.1",
  "bincode",
  "borsh 1.5.3",
- "bs58",
+ "bs58 0.5.1",
  "lazy_static",
  "log",
  "serde",
@@ -8113,7 +8441,7 @@ version = "2.2.0"
 dependencies = [
  "base64 0.22.1",
  "bincode",
- "bs58",
+ "bs58 0.5.1",
  "serde",
  "serde_derive",
  "serde_json",
@@ -8465,7 +8793,7 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d9e8418ea6269dcfb01c712f0444d2c75542c04448b480e87de59d2865edc750"
 dependencies = [
- "quote",
+ "quote 1.0.37",
  "spl-discriminator-syn",
  "syn 2.0.87",
 ]
@@ -8476,8 +8804,8 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8c1f05593b7ca9eac7caca309720f2eafb96355e037e6d373b909a80fe7b69b9"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "sha2 0.10.8",
  "syn 2.0.87",
  "thiserror 1.0.69",
@@ -8549,8 +8877,8 @@ version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e6d375dd76c517836353e093c2dbb490938ff72821ab568b545fd30ab3256b3e"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "sha2 0.10.8",
  "syn 2.0.87",
 ]
@@ -8790,9 +9118,9 @@ version = "0.24.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1e385be0d24f186b4ce2f9982191e7101bb737312ad61c1f2f984f34bcf85d59"
 dependencies = [
- "heck",
- "proc-macro2",
- "quote",
+ "heck 0.4.0",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "rustversion",
  "syn 1.0.109",
 ]
@@ -8809,14 +9137,25 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a7973cce6668464ea31f176d85b13c7ab3bba2cb3b77a2ed26abd7801688010a"
 
+[[package]]
+name = "syn"
+version = "0.15.44"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5"
+dependencies = [
+ "proc-macro2 0.4.30",
+ "quote 0.6.13",
+ "unicode-xid 0.1.0",
+]
+
 [[package]]
 name = "syn"
 version = "1.0.109"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "unicode-ident",
 ]
 
@@ -8826,8 +9165,8 @@ version = "2.0.87"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "unicode-ident",
 ]
 
@@ -8843,10 +9182,10 @@ version = "0.12.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
- "unicode-xid",
+ "unicode-xid 0.2.4",
 ]
 
 [[package]]
@@ -8855,8 +9194,8 @@ version = "0.13.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -8945,8 +9284,8 @@ version = "0.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0ee42b4e559f17bce0385ebf511a7beb67d5cc33c12c96b7f4e9789919d9c10f"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -9020,8 +9359,8 @@ version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -9031,8 +9370,8 @@ version = "2.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d65750cab40f4ff1929fb1ba509e9914eb756131cef4210da8d5d700d26f6312"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -9177,8 +9516,8 @@ version = "2.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -9321,6 +9660,7 @@ dependencies = [
  "percent-encoding 2.3.1",
  "pin-project",
  "prost",
+ "rustls-native-certs 0.6.3",
  "rustls-pemfile 1.0.0",
  "tokio",
  "tokio-rustls",
@@ -9329,6 +9669,7 @@ dependencies = [
  "tower-layer",
  "tower-service",
  "tracing",
+ "webpki-roots 0.23.1",
 ]
 
 [[package]]
@@ -9338,9 +9679,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a6fdaae4c2c638bb70fe42803a26fbd6fc6ac8c72f5c59f67ecc2a2dcabf4b07"
 dependencies = [
  "prettyplease",
- "proc-macro2",
+ "proc-macro2 1.0.92",
  "prost-build",
- "quote",
+ "quote 1.0.37",
  "syn 1.0.109",
 ]
 
@@ -9395,8 +9736,8 @@ version = "0.1.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -9509,6 +9850,12 @@ dependencies = [
  "tinyvec",
 ]
 
+[[package]]
+name = "unicode-segmentation"
+version = "1.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f6ccf251212114b54433ec949fd6a7841275f9ada20dddd2f29e9ceea4501493"
+
 [[package]]
 name = "unicode-width"
 version = "0.1.8"
@@ -9521,6 +9868,12 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1fc81956842c57dac11422a97c3b8195a1ff727f06e85c84ed2e8aa277c9a0fd"
 
+[[package]]
+name = "unicode-xid"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc"
+
 [[package]]
 name = "unicode-xid"
 version = "0.2.4"
@@ -9702,8 +10055,8 @@ checksum = "5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79"
 dependencies = [
  "bumpalo",
  "log",
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
  "wasm-bindgen-shared",
 ]
@@ -9726,7 +10079,7 @@ version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2cc6181fd9a7492eef6fef1f33961e3695e4579b9872a6f7c83aee556666d4fe"
 dependencies = [
- "quote",
+ "quote 1.0.37",
  "wasm-bindgen-macro-support",
 ]
 
@@ -9736,8 +10089,8 @@ version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "30d7a95b763d3c45903ed6c81f156801839e5ee968bb07e534c44df0fcd330c2"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
@@ -9778,6 +10131,15 @@ dependencies = [
  "rustls-pki-types",
 ]
 
+[[package]]
+name = "webpki-roots"
+version = "0.23.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338"
+dependencies = [
+ "rustls-webpki 0.100.3",
+]
+
 [[package]]
 name = "webpki-roots"
 version = "0.24.0"
@@ -10055,6 +10417,12 @@ dependencies = [
  "rustix",
 ]
 
+[[package]]
+name = "yansi"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "09041cd90cf85f7f8b2df60c646f853b7f535ce68f85244eb6731cf89fa498ec"
+
 [[package]]
 name = "yoke"
 version = "0.7.4"
@@ -10073,8 +10441,8 @@ version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "28cc31741b18cb6f1d5ff12f5b7523e3d6eb0852bbbad19d73905511d9849b95"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
  "synstructure 0.13.1",
 ]
@@ -10094,8 +10462,8 @@ version = "0.7.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b3c129550b3e6de3fd0ba67ba5c81818f9805e58b8d7fee80a3a59d2c9fc601a"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -10114,8 +10482,8 @@ version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0ea7b4a3637ea8669cedf0f1fd5c286a17f3de97b8dd5a70a6c167a1730e63a5"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
  "synstructure 0.13.1",
 ]
@@ -10135,8 +10503,8 @@ version = "1.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
@@ -10157,8 +10525,8 @@ version = "0.10.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
 dependencies = [
- "proc-macro2",
- "quote",
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
  "syn 2.0.87",
 ]
 
diff --git a/programs/sbf/tests/programs.rs b/programs/sbf/tests/programs.rs
index 028d7c87aa..5371111754 100644
--- a/programs/sbf/tests/programs.rs
+++ b/programs/sbf/tests/programs.rs
@@ -137,7 +137,7 @@ fn execute_transactions(
     let batch = bank.prepare_batch_for_tests(txs.clone());
     let mut timings = ExecuteTimings::default();
     let mut mint_decimals = HashMap::new();
-    let tx_pre_token_balances = collect_token_balances(&bank, &batch, &mut mint_decimals);
+    let tx_pre_token_balances = collect_token_balances(&bank, &batch, &mut mint_decimals, None);
     let (
         commit_results,
         TransactionBalancesSet {
@@ -153,7 +153,7 @@ fn execute_transactions(
         &mut timings,
         None,
     );
-    let tx_post_token_balances = collect_token_balances(&bank, &batch, &mut mint_decimals);
+    let tx_post_token_balances = collect_token_balances(&bank, &batch, &mut mint_decimals, None);
 
     izip!(
         txs.iter(),
diff --git a/rpc-client-api/Cargo.toml b/rpc-client-api/Cargo.toml
index dc7f9d9ebd..37075dcdcd 100644
--- a/rpc-client-api/Cargo.toml
+++ b/rpc-client-api/Cargo.toml
@@ -22,13 +22,16 @@ serde_derive = { workspace = true }
 serde_json = { workspace = true }
 solana-account = { workspace = true }
 solana-account-decoder-client-types = { workspace = true }
+solana-bundle = { workspace = true }
 solana-clock = { workspace = true }
 solana-commitment-config = { workspace = true, features = ["serde"] }
 solana-fee-calculator = { workspace = true, features = ["serde"] }
 solana-inflation = { workspace = true }
 solana-inline-spl = { workspace = true }
 solana-pubkey = { workspace = true }
+solana-sdk = { workspace = true }
 solana-signer = { workspace = true }
+solana-svm = { workspace = true }
 solana-transaction-error = { workspace = true }
 solana-transaction-status-client-types = { workspace = true }
 solana-version = { workspace = true }
diff --git a/rpc-client-api/src/bundles.rs b/rpc-client-api/src/bundles.rs
new file mode 100644
index 0000000000..5f47a102e9
--- /dev/null
+++ b/rpc-client-api/src/bundles.rs
@@ -0,0 +1,166 @@
+//! Use a separate file for Jito related code to minimize upstream merge conflicts.
+
+use {
+    crate::config::RpcSimulateTransactionAccountsConfig,
+    solana_account_decoder::UiAccount,
+    solana_bundle::{bundle_execution::LoadAndExecuteBundleError, BundleExecutionError},
+    solana_sdk::{
+        clock::Slot,
+        commitment_config::{CommitmentConfig, CommitmentLevel},
+        signature::Signature,
+        transaction::TransactionError,
+    },
+    solana_svm::transaction_results::TransactionExecutionResult,
+    solana_transaction_status::{UiTransactionEncoding, UiTransactionReturnData},
+    thiserror::Error,
+};
+
+#[derive(Serialize, Deserialize, Clone, Debug)]
+#[serde(rename_all = "camelCase")]
+pub enum RpcBundleSimulationSummary {
+    /// error and offending transaction signature if applicable
+    Failed {
+        error: RpcBundleExecutionError,
+        tx_signature: Option<String>,
+    },
+    Succeeded,
+}
+
+#[derive(Error, Debug, Clone, Serialize, Deserialize)]
+pub enum RpcBundleExecutionError {
+    #[error("The bank has hit the max allotted time for processing transactions")]
+    BankProcessingTimeLimitReached,
+
+    #[error("Error locking bundle because a transaction is malformed")]
+    BundleLockError,
+
+    #[error("Bundle execution timed out")]
+    BundleExecutionTimeout,
+
+    #[error("The bundle exceeds the cost model")]
+    ExceedsCostModel,
+
+    #[error("Invalid pre or post accounts")]
+    InvalidPreOrPostAccounts,
+
+    #[error("PoH record error: {0}")]
+    PohRecordError(String),
+
+    #[error("Tip payment error: {0}")]
+    TipError(String),
+
+    #[error("A transaction in the bundle failed to execute: [signature={0}, error={1}]")]
+    TransactionFailure(Signature, String),
+}
+
+impl From<BundleExecutionError> for RpcBundleExecutionError {
+    fn from(bundle_execution_error: BundleExecutionError) -> Self {
+        match bundle_execution_error {
+            BundleExecutionError::BankProcessingTimeLimitReached => {
+                Self::BankProcessingTimeLimitReached
+            }
+            BundleExecutionError::ExceedsCostModel => Self::ExceedsCostModel,
+            BundleExecutionError::TransactionFailure(load_and_execute_bundle_error) => {
+                match load_and_execute_bundle_error {
+                    LoadAndExecuteBundleError::ProcessingTimeExceeded(_) => {
+                        Self::BundleExecutionTimeout
+                    }
+                    LoadAndExecuteBundleError::LockError {
+                        signature,
+                        transaction_error,
+                    } => Self::TransactionFailure(signature, transaction_error.to_string()),
+                    LoadAndExecuteBundleError::TransactionError {
+                        signature,
+                        execution_result,
+                    } => match *execution_result {
+                        TransactionExecutionResult::Executed { details, .. } => {
+                            let err_msg = if let Err(e) = details.status {
+                                e.to_string()
+                            } else {
+                                "Unknown error".to_string()
+                            };
+                            Self::TransactionFailure(signature, err_msg)
+                        }
+                        TransactionExecutionResult::NotExecuted(e) => {
+                            Self::TransactionFailure(signature, e.to_string())
+                        }
+                    },
+                    LoadAndExecuteBundleError::InvalidPreOrPostAccounts => {
+                        Self::InvalidPreOrPostAccounts
+                    }
+                }
+            }
+            BundleExecutionError::LockError => Self::BundleLockError,
+            BundleExecutionError::PohRecordError(e) => Self::PohRecordError(e.to_string()),
+            BundleExecutionError::TipError(e) => Self::TipError(e.to_string()),
+        }
+    }
+}
+
+#[derive(Serialize, Deserialize, Clone, Debug)]
+#[serde(rename_all = "camelCase")]
+pub struct RpcSimulateBundleResult {
+    pub summary: RpcBundleSimulationSummary,
+    pub transaction_results: Vec<RpcSimulateBundleTransactionResult>,
+}
+
+#[derive(Serialize, Deserialize, Clone, Debug)]
+#[serde(rename_all = "camelCase")]
+pub struct RpcSimulateBundleTransactionResult {
+    pub err: Option<TransactionError>,
+    pub logs: Option<Vec<String>>,
+    pub pre_execution_accounts: Option<Vec<UiAccount>>,
+    pub post_execution_accounts: Option<Vec<UiAccount>>,
+    pub units_consumed: Option<u64>,
+    pub return_data: Option<UiTransactionReturnData>,
+}
+
+#[derive(Debug, Default, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct RpcSimulateBundleConfig {
+    /// Gives the state of accounts pre/post transaction execution.
+    /// The length of each of these must be equal to the number transactions.   
+    pub pre_execution_accounts_configs: Vec<Option<RpcSimulateTransactionAccountsConfig>>,
+    pub post_execution_accounts_configs: Vec<Option<RpcSimulateTransactionAccountsConfig>>,
+
+    /// Specifies the encoding scheme of the contained transactions.
+    pub transaction_encoding: Option<UiTransactionEncoding>,
+
+    /// Specifies the bank to run simulation against.
+    pub simulation_bank: Option<SimulationSlotConfig>,
+
+    /// Opt to skip sig-verify for faster performance.
+    #[serde(default)]
+    pub skip_sig_verify: bool,
+
+    /// Replace recent blockhash to simulate old transactions without resigning.
+    #[serde(default)]
+    pub replace_recent_blockhash: bool,
+}
+
+#[derive(Serialize, Deserialize, Clone, Copy, Debug)]
+#[serde(rename_all = "camelCase")]
+pub enum SimulationSlotConfig {
+    /// Simulate on top of bank with the provided commitment.
+    Commitment(CommitmentConfig),
+
+    /// Simulate on the provided slot's bank.
+    Slot(Slot),
+
+    /// Simulates on top of the RPC's highest slot's bank i.e. the working bank.
+    Tip,
+}
+
+impl Default for SimulationSlotConfig {
+    fn default() -> Self {
+        Self::Commitment(CommitmentConfig {
+            commitment: CommitmentLevel::Confirmed,
+        })
+    }
+}
+
+#[derive(Debug, Default, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct RpcBundleRequest {
+    pub encoded_transactions: Vec<String>,
+}
diff --git a/rpc-client-api/src/lib.rs b/rpc-client-api/src/lib.rs
index b248463776..198442c2b7 100644
--- a/rpc-client-api/src/lib.rs
+++ b/rpc-client-api/src/lib.rs
@@ -1,5 +1,6 @@
 #![allow(clippy::arithmetic_side_effects)]
 
+pub mod bundles;
 pub mod client_error;
 pub mod config;
 pub mod custom_error;
diff --git a/rpc-client-api/src/request.rs b/rpc-client-api/src/request.rs
index 647bbb332b..ac35d81942 100644
--- a/rpc-client-api/src/request.rs
+++ b/rpc-client-api/src/request.rs
@@ -67,6 +67,7 @@ pub enum RpcRequest {
     RequestAirdrop,
     SendTransaction,
     SimulateTransaction,
+    SimulateBundle,
     SignVote,
 }
 
@@ -132,6 +133,7 @@ impl fmt::Display for RpcRequest {
             RpcRequest::RequestAirdrop => "requestAirdrop",
             RpcRequest::SendTransaction => "sendTransaction",
             RpcRequest::SimulateTransaction => "simulateTransaction",
+            RpcRequest::SimulateBundle => "simulateBundle",
             RpcRequest::SignVote => "signVote",
         };
 
diff --git a/rpc-client/src/nonblocking/rpc_client.rs b/rpc-client/src/nonblocking/rpc_client.rs
index 7d509fc80f..bcd9794957 100644
--- a/rpc-client/src/nonblocking/rpc_client.rs
+++ b/rpc-client/src/nonblocking/rpc_client.rs
@@ -35,6 +35,10 @@ use {
     solana_hash::Hash,
     solana_pubkey::Pubkey,
     solana_rpc_client_api::{
+        bundles::{
+            RpcBundleRequest, RpcSimulateBundleConfig, RpcSimulateBundleResult,
+            SimulationSlotConfig,
+        },
         client_error::{
             Error as ClientError, ErrorKind as ClientErrorKind, Result as ClientResult,
         },
@@ -884,6 +888,7 @@ impl RpcClient {
                     code,
                     message,
                     data,
+                    ..
                 }) = &err.kind
                 {
                     debug!("{} {}", code, message);
@@ -1303,6 +1308,54 @@ impl RpcClient {
         .await
     }
 
+    pub async fn simulate_bundle(
+        &self,
+        bundle: &VersionedBundle,
+    ) -> RpcResult<RpcSimulateBundleResult> {
+        self.simulate_bundle_with_config(
+            bundle,
+            RpcSimulateBundleConfig {
+                simulation_bank: Some(SimulationSlotConfig::Commitment(self.commitment())),
+                pre_execution_accounts_configs: vec![None; bundle.transactions.len()],
+                post_execution_accounts_configs: vec![None; bundle.transactions.len()],
+                ..RpcSimulateBundleConfig::default()
+            },
+        )
+        .await
+    }
+
+    pub async fn simulate_bundle_with_config(
+        &self,
+        bundle: &VersionedBundle,
+        config: RpcSimulateBundleConfig,
+    ) -> RpcResult<RpcSimulateBundleResult> {
+        let transaction_encoding = config
+            .transaction_encoding
+            .unwrap_or(UiTransactionEncoding::Base64);
+        let simulation_bank = Some(config.simulation_bank.unwrap_or_default());
+
+        let encoded_transactions = bundle
+            .transactions
+            .iter()
+            .map(|tx| serialize_and_encode::<VersionedTransaction>(tx, transaction_encoding))
+            .collect::<ClientResult<Vec<String>>>()?;
+        let rpc_bundle_request = RpcBundleRequest {
+            encoded_transactions,
+        };
+
+        let config = RpcSimulateBundleConfig {
+            transaction_encoding: Some(transaction_encoding),
+            simulation_bank,
+            ..config
+        };
+
+        self.send(
+            RpcRequest::SimulateBundle,
+            json!([rpc_bundle_request, config]),
+        )
+        .await
+    }
+
     /// Returns the highest slot information that the node has snapshots for.
     ///
     /// This will find the highest full snapshot slot, and the highest incremental snapshot slot
diff --git a/rpc-client/src/rpc_client.rs b/rpc-client/src/rpc_client.rs
index fad544ed4c..eb3c8eb537 100644
--- a/rpc-client/src/rpc_client.rs
+++ b/rpc-client/src/rpc_client.rs
@@ -30,6 +30,7 @@ use {
     solana_message::{v0, Message as LegacyMessage},
     solana_pubkey::Pubkey,
     solana_rpc_client_api::{
+        bundles::{RpcSimulateBundleConfig, RpcSimulateBundleResult},
         client_error::{Error as ClientError, ErrorKind, Result as ClientResult},
         config::{RpcAccountInfoConfig, *},
         request::{RpcRequest, TokenAccountsFilter},
@@ -1129,6 +1130,18 @@ impl RpcClient {
         )
     }
 
+    pub fn simulate_bundle(&self, bundle: &VersionedBundle) -> RpcResult<RpcSimulateBundleResult> {
+        self.invoke((self.rpc_client.as_ref()).simulate_bundle(bundle))
+    }
+
+    pub fn simulate_bundle_with_config(
+        &self,
+        bundle: &VersionedBundle,
+        config: RpcSimulateBundleConfig,
+    ) -> RpcResult<RpcSimulateBundleResult> {
+        self.invoke((self.rpc_client.as_ref()).simulate_bundle_with_config(bundle, config))
+    }
+
     /// Returns the highest slot information that the node has snapshots for.
     ///
     /// This will find the highest full snapshot slot, and the highest incremental snapshot slot
diff --git a/rpc-test/Cargo.toml b/rpc-test/Cargo.toml
index a423d31a1e..fe96dcbc79 100644
--- a/rpc-test/Cargo.toml
+++ b/rpc-test/Cargo.toml
@@ -34,6 +34,7 @@ solana-transaction-status = { workspace = true }
 tokio = { workspace = true, features = ["full"] }
 
 [dev-dependencies]
+serial_test = { workspace = true }
 solana-connection-cache = { workspace = true }
 solana-logger = { workspace = true }
 
diff --git a/rpc-test/tests/rpc.rs b/rpc-test/tests/rpc.rs
index 60ea60d4d0..8d3814f511 100644
--- a/rpc-test/tests/rpc.rs
+++ b/rpc-test/tests/rpc.rs
@@ -5,6 +5,7 @@ use {
     log::*,
     reqwest::{self, header::CONTENT_TYPE},
     serde_json::{json, Value},
+    serial_test::serial,
     solana_account_decoder::UiAccount,
     solana_client::connection_cache::ConnectionCache,
     solana_net_utils::bind_to_unspecified,
@@ -283,6 +284,7 @@ fn test_rpc_slot_updates() {
 }
 
 #[test]
+#[serial] // helps test pass
 fn test_rpc_subscriptions() {
     solana_logger::setup();
 
diff --git a/rpc/Cargo.toml b/rpc/Cargo.toml
index bbda760bac..82b68745a1 100644
--- a/rpc/Cargo.toml
+++ b/rpc/Cargo.toml
@@ -31,6 +31,7 @@ serde_json = { workspace = true }
 soketto = { workspace = true }
 solana-account-decoder = { workspace = true }
 solana-accounts-db = { workspace = true }
+solana-bundle = { workspace = true }
 solana-client = { workspace = true }
 solana-entry = { workspace = true }
 solana-faucet = { workspace = true }
@@ -42,6 +43,7 @@ solana-measure = { workspace = true }
 solana-metrics = { workspace = true }
 solana-perf = { workspace = true }
 solana-poh = { workspace = true }
+solana-program-runtime = { workspace = true }
 solana-rayon-threadlimit = { workspace = true }
 solana-rpc-client-api = { workspace = true }
 solana-runtime = { workspace = true }
diff --git a/rpc/src/rpc.rs b/rpc/src/rpc.rs
index dfe856ee0b..3d3a87f82c 100644
--- a/rpc/src/rpc.rs
+++ b/rpc/src/rpc.rs
@@ -64,7 +64,7 @@ use {
     solana_runtime_transaction::runtime_transaction::RuntimeTransaction,
     solana_sdk::{
         account::{AccountSharedData, ReadableAccount},
-        clock::{Slot, UnixTimestamp, MAX_PROCESSING_AGE},
+        clock::{Slot, UnixTimestamp},
         commitment_config::{CommitmentConfig, CommitmentLevel},
         epoch_info::EpochInfo,
         epoch_rewards_hasher::EpochRewardsHasher,
@@ -253,6 +253,13 @@ impl JsonRpcRequestProcessor {
         Ok(bank)
     }
 
+    fn bank_from_slot(&self, slot: Slot) -> Option<Arc<Bank>> {
+        debug!("Slot: {:?}", slot);
+
+        let r_bank_forks = self.bank_forks.read().unwrap();
+        r_bank_forks.get(slot)
+    }
+
     #[allow(deprecated)]
     fn bank(&self, commitment: Option<CommitmentConfig>) -> Arc<Bank> {
         debug!("RPC commitment_config: {:?}", commitment);
@@ -2709,13 +2716,16 @@ pub mod rpc_minimal {
                 })
                 .unwrap();
 
-            let full_snapshot_slot =
-                snapshot_utils::get_highest_full_snapshot_archive_slot(full_snapshot_archives_dir)
-                    .ok_or(RpcCustomError::NoSnapshot)?;
+            let full_snapshot_slot = snapshot_utils::get_highest_full_snapshot_archive_slot(
+                full_snapshot_archives_dir,
+                None,
+            )
+            .ok_or(RpcCustomError::NoSnapshot)?;
             let incremental_snapshot_slot =
                 snapshot_utils::get_highest_incremental_snapshot_archive_slot(
                     incremental_snapshot_archives_dir,
                     full_snapshot_slot,
+                    None,
                 );
 
             Ok(RpcSnapshotSlotInfo {
@@ -3300,14 +3310,170 @@ pub mod rpc_accounts_scan {
     }
 }
 
+pub mod utils {
+    use {
+        crate::rpc::encode_account,
+        jsonrpc_core::Error,
+        solana_account_decoder::{UiAccount, UiAccountEncoding},
+        solana_bundle::{
+            bundle_execution::{LoadAndExecuteBundleError, LoadAndExecuteBundleOutput},
+            BundleExecutionError,
+        },
+        solana_rpc_client_api::{
+            bundles::{
+                RpcBundleExecutionError, RpcBundleSimulationSummary, RpcSimulateBundleConfig,
+                RpcSimulateBundleResult, RpcSimulateBundleTransactionResult,
+            },
+            config::RpcSimulateTransactionAccountsConfig,
+        },
+        solana_sdk::{account::AccountSharedData, pubkey::Pubkey},
+        std::str::FromStr,
+    };
+
+    /// Encodes the accounts, returns an error if any of the accounts failed to encode
+    /// The outer error can be set by error parsing, Ok(None) means there wasn't any accounts in the parameter
+    fn try_encode_accounts(
+        accounts: &Option<Vec<(Pubkey, AccountSharedData)>>,
+        encoding: UiAccountEncoding,
+    ) -> Result<Option<Vec<UiAccount>>, Error> {
+        if let Some(accounts) = accounts {
+            Ok(Some(
+                accounts
+                    .iter()
+                    .map(|(pubkey, account)| encode_account(account, pubkey, encoding, None))
+                    .collect::<Result<Vec<UiAccount>, Error>>()?,
+            ))
+        } else {
+            Ok(None)
+        }
+    }
+
+    pub fn rpc_bundle_result_from_bank_result(
+        bundle_execution_result: LoadAndExecuteBundleOutput,
+        rpc_config: RpcSimulateBundleConfig,
+    ) -> Result<RpcSimulateBundleResult, Error> {
+        let summary = match bundle_execution_result.result() {
+            Ok(_) => RpcBundleSimulationSummary::Succeeded,
+            Err(e) => {
+                let tx_signature = match e {
+                    LoadAndExecuteBundleError::TransactionError { signature, .. }
+                    | LoadAndExecuteBundleError::LockError { signature, .. } => {
+                        Some(signature.to_string())
+                    }
+                    _ => None,
+                };
+                RpcBundleSimulationSummary::Failed {
+                    error: RpcBundleExecutionError::from(BundleExecutionError::TransactionFailure(
+                        e.clone(),
+                    )),
+                    tx_signature,
+                }
+            }
+        };
+
+        let mut transaction_results = Vec::new();
+        for bundle_output in bundle_execution_result.bundle_transaction_results() {
+            for (index, execution_result) in bundle_output
+                .execution_results()
+                .iter()
+                .enumerate()
+                .filter(|(_, result)| result.was_executed())
+            {
+                // things are filtered by was_executed, so safe to unwrap here
+                let result = execution_result.flattened_result();
+                let details = execution_result.details().unwrap();
+
+                let account_config = rpc_config
+                    .pre_execution_accounts_configs
+                    .get(transaction_results.len())
+                    .ok_or_else(|| Error::invalid_params("the length of pre_execution_accounts_configs must match the number of transactions"))?;
+                let account_encoding = account_config
+                    .as_ref()
+                    .and_then(|config| config.encoding)
+                    .unwrap_or(UiAccountEncoding::Base64);
+
+                let pre_execution_accounts = if let Some(pre_tx_accounts) =
+                    bundle_output.pre_tx_execution_accounts().get(index)
+                {
+                    try_encode_accounts(pre_tx_accounts, account_encoding)?
+                } else {
+                    None
+                };
+
+                let post_execution_accounts = if let Some(post_tx_accounts) =
+                    bundle_output.post_tx_execution_accounts().get(index)
+                {
+                    try_encode_accounts(post_tx_accounts, account_encoding)?
+                } else {
+                    None
+                };
+
+                transaction_results.push(RpcSimulateBundleTransactionResult {
+                    err: match result {
+                        Ok(_) => None,
+                        Err(e) => Some(e),
+                    },
+                    logs: details.log_messages.clone(),
+                    pre_execution_accounts,
+                    post_execution_accounts,
+                    units_consumed: Some(details.executed_units),
+                    return_data: details.return_data.clone().map(|data| data.into()),
+                });
+            }
+        }
+
+        Ok(RpcSimulateBundleResult {
+            summary,
+            transaction_results,
+        })
+    }
+
+    pub fn account_configs_to_accounts(
+        accounts_config: &[Option<RpcSimulateTransactionAccountsConfig>],
+    ) -> Result<Vec<Option<Vec<Pubkey>>>, Error> {
+        let mut execution_accounts = Vec::new();
+        for account_config in accounts_config {
+            let accounts = match account_config {
+                None => None,
+                Some(account_config) => Some(
+                    account_config
+                        .addresses
+                        .iter()
+                        .map(|a| {
+                            Pubkey::from_str(a).map_err(|_| {
+                                Error::invalid_params(format!("invalid pubkey provided: {}", a))
+                            })
+                        })
+                        .collect::<Result<Vec<Pubkey>, Error>>()?,
+                ),
+            };
+            execution_accounts.push(accounts);
+        }
+        Ok(execution_accounts)
+    }
+}
+
 // Full RPC interface that an API node is expected to provide
 // (rpc_minimal should also be provided by an API node)
 pub mod rpc_full {
     use {
         super::*,
-        solana_sdk::message::{SanitizedVersionedMessage, VersionedMessage},
+        crate::rpc::utils::{account_configs_to_accounts, rpc_bundle_result_from_bank_result},
+        jsonrpc_core::ErrorCode,
+        solana_bundle::bundle_execution::{load_and_execute_bundle, LoadAndExecuteBundleError},
+        solana_rpc_client_api::bundles::{
+            RpcBundleRequest, RpcSimulateBundleConfig, RpcSimulateBundleResult,
+            SimulationSlotConfig,
+        },
+        solana_sdk::{
+            bundle::{derive_bundle_id, SanitizedBundle},
+            clock::MAX_PROCESSING_AGE,
+            message::{SanitizedVersionedMessage, VersionedMessage},
+        },
         solana_transaction_status::parse_ui_inner_instructions,
+        solana_transaction_status::UiInnerInstructions,
     };
+
     #[rpc]
     pub trait Full {
         type Metadata;
@@ -3369,6 +3535,14 @@ pub mod rpc_full {
             config: Option<RpcSimulateTransactionConfig>,
         ) -> Result<RpcResponse<RpcSimulateTransactionResult>>;
 
+        #[rpc(meta, name = "simulateBundle")]
+        fn simulate_bundle(
+            &self,
+            meta: Self::Metadata,
+            rpc_bundle_request: RpcBundleRequest,
+            config: Option<RpcSimulateBundleConfig>,
+        ) -> Result<RpcResponse<RpcSimulateBundleResult>>;
+
         #[rpc(meta, name = "minimumLedgerSlot")]
         fn minimum_ledger_slot(&self, meta: Self::Metadata) -> Result<Slot>;
 
@@ -3915,6 +4089,145 @@ pub mod rpc_full {
             ))
         }
 
+        // TODO (LB): probably want to add a max transaction size and max account return size and max
+        // allowable simulation time
+        fn simulate_bundle(
+            &self,
+            meta: Self::Metadata,
+            rpc_bundle_request: RpcBundleRequest,
+            config: Option<RpcSimulateBundleConfig>,
+        ) -> Result<RpcResponse<RpcSimulateBundleResult>> {
+            const MAX_BUNDLE_SIMULATION_TIME: Duration = Duration::from_millis(500);
+
+            debug!("simulate_bundle rpc request received");
+
+            let config = config.unwrap_or_else(|| RpcSimulateBundleConfig {
+                pre_execution_accounts_configs: vec![
+                    None;
+                    rpc_bundle_request.encoded_transactions.len()
+                ],
+                post_execution_accounts_configs: vec![
+                    None;
+                    rpc_bundle_request.encoded_transactions.len()
+                ],
+                ..RpcSimulateBundleConfig::default()
+            });
+
+            // Run some request validations
+            if !(config.pre_execution_accounts_configs.len()
+                == rpc_bundle_request.encoded_transactions.len()
+                && config.post_execution_accounts_configs.len()
+                    == rpc_bundle_request.encoded_transactions.len())
+            {
+                return Err(Error::invalid_params(
+                    "pre/post_execution_accounts_configs must be equal in length to the number of transactions",
+                ));
+            }
+
+            let bank = match config.simulation_bank.unwrap_or_default() {
+                SimulationSlotConfig::Commitment(commitment) => Ok(meta.bank(Some(commitment))),
+                SimulationSlotConfig::Slot(slot) => meta.bank_from_slot(slot).ok_or_else(|| {
+                    Error::invalid_params(format!("bank not found for the provided slot: {}", slot))
+                }),
+                SimulationSlotConfig::Tip => Ok(meta.bank_forks.read().unwrap().working_bank()),
+            }?;
+
+            let tx_encoding = config
+                .transaction_encoding
+                .unwrap_or(UiTransactionEncoding::Base64);
+            let binary_encoding = tx_encoding.into_binary_encoding().ok_or_else(|| {
+                Error::invalid_params(format!(
+                    "Unsupported encoding: {}. Supported encodings are: base58 & base64",
+                    tx_encoding
+                ))
+            })?;
+            let mut decoded_transactions = rpc_bundle_request
+                .encoded_transactions
+                .into_iter()
+                .map(|encoded_tx| {
+                    decode_and_deserialize::<VersionedTransaction>(encoded_tx, binary_encoding)
+                        .map(|de| de.1)
+                })
+                .collect::<Result<Vec<VersionedTransaction>>>()?;
+
+            if config.replace_recent_blockhash {
+                if !config.skip_sig_verify {
+                    return Err(Error::invalid_params(
+                        "sigVerify may not be used with replaceRecentBlockhash",
+                    ));
+                }
+                decoded_transactions.iter_mut().for_each(|tx| {
+                    tx.message.set_recent_blockhash(bank.last_blockhash());
+                });
+            }
+
+            let bundle_id = derive_bundle_id(&decoded_transactions);
+            let sanitized_bundle = SanitizedBundle {
+                transactions: decoded_transactions
+                    .into_iter()
+                    .map(|tx| {
+                        sanitize_transaction(tx, bank.as_ref(), bank.get_reserved_account_keys())
+                    })
+                    .collect::<Result<Vec<SanitizedTransaction>>>()?,
+                bundle_id,
+            };
+
+            if !config.skip_sig_verify {
+                for tx in &sanitized_bundle.transactions {
+                    verify_transaction(tx, &bank.feature_set)?;
+                }
+            }
+
+            let pre_execution_accounts =
+                account_configs_to_accounts(&config.pre_execution_accounts_configs)?;
+            let post_execution_accounts =
+                account_configs_to_accounts(&config.post_execution_accounts_configs)?;
+
+            let bundle_execution_result = load_and_execute_bundle(
+                &bank,
+                &sanitized_bundle,
+                MAX_PROCESSING_AGE,
+                &MAX_BUNDLE_SIMULATION_TIME,
+                true,
+                &None,
+                true,
+                None,
+                &pre_execution_accounts,
+                &post_execution_accounts,
+            );
+
+            // only return error if irrecoverable (timeout or tx malformed)
+            // bundle execution failures w/ context are returned to client
+            match bundle_execution_result.result() {
+                Ok(()) | Err(LoadAndExecuteBundleError::TransactionError { .. }) => {}
+                Err(LoadAndExecuteBundleError::ProcessingTimeExceeded(elapsed)) => {
+                    let mut error = Error::new(ErrorCode::ServerError(10_000));
+                    error.message = format!(
+                        "simulation time exceeded max allowed time: {:?}ms",
+                        elapsed.as_millis()
+                    );
+                    return Err(error);
+                }
+                Err(LoadAndExecuteBundleError::InvalidPreOrPostAccounts) => {
+                    return Err(Error::invalid_params("invalid pre or post account data"));
+                }
+                Err(LoadAndExecuteBundleError::LockError {
+                    signature,
+                    transaction_error,
+                }) => {
+                    return Err(Error::invalid_params(format!(
+                        "error locking transaction with signature: {}, error: {:?}",
+                        signature, transaction_error
+                    )));
+                }
+            }
+
+            let rpc_bundle_result =
+                rpc_bundle_result_from_bank_result(bundle_execution_result, config)?;
+
+            Ok(new_response(&bank, rpc_bundle_result))
+        }
+
         fn minimum_ledger_slot(&self, meta: Self::Metadata) -> Result<Slot> {
             debug!("minimum_ledger_slot rpc request received");
             meta.minimum_ledger_slot()
@@ -4337,6 +4650,7 @@ pub mod tests {
             },
             rpc_subscriptions::RpcSubscriptions,
         },
+        base64::engine::general_purpose,
         bincode::deserialize,
         jsonrpc_core::{futures, ErrorCode, MetaIoHandler, Output, Response, Value},
         jsonrpc_core_client::transports::local,
@@ -5657,6 +5971,146 @@ pub mod tests {
         assert_eq!(result.len(), 0);
     }
 
+    #[test]
+    fn test_rpc_simulate_bundle_happy_path() {
+        // 1. setup
+        let rpc = RpcHandler::start();
+        let bank = rpc.working_bank();
+
+        let recent_blockhash = bank.confirmed_last_blockhash();
+        let RpcHandler {
+            ref meta, ref io, ..
+        } = rpc;
+
+        let data_len = 100;
+        let lamports = bank.get_minimum_balance_for_rent_exemption(data_len);
+        let leader_pubkey = solana_sdk::pubkey::new_rand();
+        let leader_account_data = AccountSharedData::new(lamports, data_len, &system_program::id());
+        bank.store_account(&leader_pubkey, &leader_account_data);
+        bank.freeze();
+
+        // 2. build bundle
+
+        // let's pretend the RPC keypair is a searcher
+        let searcher_keypair = rpc.mint_keypair;
+
+        // create tip tx
+        let tip_amount = 10000;
+        let tip_tx = VersionedTransaction::from(system_transaction::transfer(
+            &searcher_keypair,
+            &leader_pubkey,
+            tip_amount,
+            recent_blockhash,
+        ));
+
+        // some random mev tx
+        let mev_amount = 20000;
+        let goku_pubkey = solana_sdk::pubkey::new_rand();
+        let mev_tx = VersionedTransaction::from(system_transaction::transfer(
+            &searcher_keypair,
+            &goku_pubkey,
+            mev_amount,
+            recent_blockhash,
+        ));
+
+        let encoded_mev_tx = general_purpose::STANDARD.encode(serialize(&mev_tx).unwrap());
+        let encoded_tip_tx = general_purpose::STANDARD.encode(serialize(&tip_tx).unwrap());
+        let b64_data = general_purpose::STANDARD.encode(leader_account_data.data());
+
+        // 3. test and assert
+        let skip_sig_verify = true;
+        let replace_recent_blockhash = false;
+        let expected_response = json!({
+            "jsonrpc": "2.0",
+            "result": {
+                "context": {"slot": bank.slot(), "apiVersion": RpcApiVersion::default()},
+                "value":{
+                    "summary": "succeeded",
+                    "transactionResults": [
+                        {
+                            "err": null,
+                            "logs": ["Program 11111111111111111111111111111111 invoke [1]", "Program 11111111111111111111111111111111 success"],
+                            "returnData": null,
+                            "unitsConsumed": 150,
+                            "postExecutionAccounts": [],
+                            "preExecutionAccounts": [
+                                {
+                                    "data": [b64_data, "base64"],
+                                    "executable": false,
+                                    "lamports": leader_account_data.lamports(),
+                                    "owner": "11111111111111111111111111111111",
+                                    "rentEpoch": 0,
+                                    "space": 100
+                                }
+                            ],
+                        },
+                        {
+                            "err": null,
+                            "logs": ["Program 11111111111111111111111111111111 invoke [1]", "Program 11111111111111111111111111111111 success"],
+                            "returnData": null,
+                            "unitsConsumed": 150,
+                            "preExecutionAccounts": [],
+                            "postExecutionAccounts": [
+                                {
+                                    "data": [b64_data, "base64"],
+                                    "executable": false,
+                                    "lamports": leader_account_data.lamports() + tip_amount,
+                                    "owner": "11111111111111111111111111111111",
+                                    "rentEpoch": u64::MAX,
+                                    "space": 100
+                                }
+                            ],
+                        },
+                    ],
+                }
+            },
+            "id": 1,
+        });
+
+        let request = format!(
+            r#"{{"jsonrpc":"2.0",
+                 "id":1,
+                 "method":"simulateBundle",
+                 "params":[
+                   {{
+                     "encodedTransactions": ["{}", "{}"]
+                   }},
+                   {{
+                     "skipSigVerify": {},
+                     "replaceRecentBlockhash": {},
+                     "slot": {},
+                     "preExecutionAccountsConfigs": [
+                        {{ "encoding": "base64", "addresses": ["{}"] }},
+                        {{ "encoding": "base64", "addresses": [] }}
+                     ],
+                     "postExecutionAccountsConfigs": [
+                        {{ "encoding": "base64", "addresses": [] }},
+                        {{ "encoding": "base64", "addresses": ["{}"] }}
+                     ]
+                   }}
+                ]
+            }}"#,
+            encoded_mev_tx,
+            encoded_tip_tx,
+            skip_sig_verify,
+            replace_recent_blockhash,
+            bank.slot(),
+            leader_pubkey,
+            leader_pubkey,
+        );
+
+        let actual_response = io
+            .handle_request_sync(&request, meta.clone())
+            .expect("response");
+
+        let expected_response = serde_json::from_value::<Response>(expected_response)
+            .expect("expected_response deserialization");
+        let actual_response = serde_json::from_str::<Response>(&actual_response)
+            .expect("actual_response deserialization");
+
+        assert_eq!(expected_response, actual_response);
+    }
+
     #[test]
     fn test_rpc_simulate_transaction() {
         let rpc = RpcHandler::start();
@@ -6475,10 +6929,7 @@ pub mod tests {
             ClusterInfo::new(contact_info, keypair, SocketAddrSpace::Unspecified)
         });
         let connection_cache = Arc::new(ConnectionCache::new("connection_cache_test"));
-        let tpu_address = cluster_info
-            .my_contact_info()
-            .tpu(connection_cache.protocol())
-            .unwrap();
+
         let (meta, receiver) = JsonRpcRequestProcessor::new(
             JsonRpcConfig::default(),
             None,
@@ -6487,7 +6938,7 @@ pub mod tests {
             blockstore,
             validator_exit,
             health.clone(),
-            cluster_info,
+            cluster_info.clone(),
             Hash::default(),
             None,
             optimistically_confirmed_bank,
@@ -6745,12 +7196,10 @@ pub mod tests {
 
         let cluster_info = Arc::new(new_test_cluster_info());
         let connection_cache = Arc::new(ConnectionCache::new("connection_cache_test"));
-        let tpu_address = cluster_info
-            .my_contact_info()
-            .tpu(connection_cache.protocol())
-            .unwrap();
+
         let optimistically_confirmed_bank =
             OptimisticallyConfirmedBank::locked_from_bank_forks_root(&bank_forks);
+
         let (request_processor, receiver) = JsonRpcRequestProcessor::new(
             JsonRpcConfig::default(),
             None,
@@ -6759,7 +7208,7 @@ pub mod tests {
             blockstore.clone(),
             validator_exit,
             RpcHealth::stub(optimistically_confirmed_bank.clone(), blockstore),
-            cluster_info,
+            cluster_info.clone(),
             Hash::default(),
             None,
             optimistically_confirmed_bank,
@@ -6772,7 +7221,7 @@ pub mod tests {
         );
         let client = ConnectionCacheClient::<NullTpuInfo>::new(
             connection_cache.clone(),
-            tpu_address,
+            cluster_info.my_contact_info().tpu(Protocol::QUIC).unwrap(),
             None,
             None,
             1,
diff --git a/rpc/src/rpc_service.rs b/rpc/src/rpc_service.rs
index 2c582be72e..468ad5da2a 100644
--- a/rpc/src/rpc_service.rs
+++ b/rpc/src/rpc_service.rs
@@ -254,6 +254,7 @@ impl RequestMiddleware for RpcRequestMiddleware {
                 let full_snapshot_archive_info =
                     snapshot_utils::get_highest_full_snapshot_archive_info(
                         &snapshot_config.full_snapshot_archives_dir,
+                        None,
                     );
                 let snapshot_archive_info =
                     if let Some(full_snapshot_archive_info) = full_snapshot_archive_info {
@@ -263,6 +264,7 @@ impl RequestMiddleware for RpcRequestMiddleware {
                             snapshot_utils::get_highest_incremental_snapshot_archive_info(
                                 &snapshot_config.incremental_snapshot_archives_dir,
                                 full_snapshot_archive_info.slot(),
+                                None,
                             )
                             .map(|incremental_snapshot_archive_info| {
                                 incremental_snapshot_archive_info
@@ -376,11 +378,6 @@ impl JsonRpcService {
             LARGEST_ACCOUNTS_CACHE_DURATION,
         )));
 
-        let tpu_address = cluster_info
-            .my_contact_info()
-            .tpu(connection_cache.protocol())
-            .map_err(|err| format!("{err}"))?;
-
         // sadly, some parts of our current rpc implemention block the jsonrpc's
         // _socket-listening_ event loop for too long, due to (blocking) long IO or intesive CPU,
         // causing no further processing of incoming requests and ultimatily innocent clients timing-out.
@@ -477,10 +474,16 @@ impl JsonRpcService {
 
         let leader_info =
             poh_recorder.map(|recorder| ClusterTpuInfo::new(cluster_info.clone(), recorder));
+<<<<<<< HEAD
         let client = ConnectionCacheClient::new(
             connection_cache,
             tpu_address,
             send_transaction_service_config.tpu_peers.clone(),
+=======
+        let _send_transaction_service = Arc::new(SendTransactionService::new_with_config(
+            cluster_info,
+            &bank_forks,
+>>>>>>> 1742826fca (jito patch)
             leader_info,
             send_transaction_service_config.leader_forward_count,
         );
diff --git a/runtime-plugin/Cargo.toml b/runtime-plugin/Cargo.toml
new file mode 100644
index 0000000000..2a526dc52e
--- /dev/null
+++ b/runtime-plugin/Cargo.toml
@@ -0,0 +1,22 @@
+[package]
+name = "solana-runtime-plugin"
+version = { workspace = true }
+authors = { workspace = true }
+repository = { workspace = true }
+homepage = { workspace = true }
+license = { workspace = true }
+edition = { workspace = true }
+
+[dependencies]
+crossbeam-channel = { workspace = true }
+json5 = { workspace = true }
+jsonrpc-core = { workspace = true }
+jsonrpc-core-client = { workspace = true, features = ["ipc"] }
+jsonrpc-derive = { workspace = true }
+jsonrpc-ipc-server = { workspace = true }
+jsonrpc-server-utils = { workspace = true }
+libloading = { workspace = true }
+log = { workspace = true }
+solana-runtime = { workspace = true }
+solana-sdk = { workspace = true }
+thiserror = { workspace = true }
diff --git a/runtime-plugin/src/lib.rs b/runtime-plugin/src/lib.rs
new file mode 100644
index 0000000000..477af43c9b
--- /dev/null
+++ b/runtime-plugin/src/lib.rs
@@ -0,0 +1,4 @@
+pub mod runtime_plugin;
+pub mod runtime_plugin_admin_rpc_service;
+pub mod runtime_plugin_manager;
+pub mod runtime_plugin_service;
diff --git a/runtime-plugin/src/runtime_plugin.rs b/runtime-plugin/src/runtime_plugin.rs
new file mode 100644
index 0000000000..7dc0b95fa4
--- /dev/null
+++ b/runtime-plugin/src/runtime_plugin.rs
@@ -0,0 +1,41 @@
+use {
+    solana_runtime::{bank_forks::BankForks, commitment::BlockCommitmentCache},
+    std::{
+        any::Any,
+        error,
+        fmt::Debug,
+        io,
+        sync::{atomic::AtomicBool, Arc, RwLock},
+    },
+    thiserror::Error,
+};
+
+pub type Result<T> = std::result::Result<T, RuntimePluginError>;
+
+/// Errors returned by plugin calls
+#[derive(Error, Debug)]
+pub enum RuntimePluginError {
+    /// Error opening the configuration file; for example, when the file
+    /// is not found or when the validator process has no permission to read it.
+    #[error("Error opening config file. Error detail: ({0}).")]
+    ConfigFileOpenError(#[from] io::Error),
+
+    /// Any custom error defined by the plugin.
+    #[error("Plugin-defined custom error. Error message: ({0})")]
+    Custom(Box<dyn error::Error + Send + Sync>),
+
+    #[error("Failed to load a runtime plugin")]
+    FailedToLoadPlugin(#[from] Box<dyn std::error::Error>),
+}
+
+pub struct PluginDependencies {
+    pub bank_forks: Arc<RwLock<BankForks>>,
+    pub block_commitment_cache: Arc<RwLock<BlockCommitmentCache>>,
+    pub exit: Arc<AtomicBool>,
+}
+
+pub trait RuntimePlugin: Any + Debug + Send + Sync {
+    fn name(&self) -> &'static str;
+    fn on_load(&mut self, config_file: &str, dependencies: PluginDependencies) -> Result<()>;
+    fn on_unload(&mut self);
+}
diff --git a/runtime-plugin/src/runtime_plugin_admin_rpc_service.rs b/runtime-plugin/src/runtime_plugin_admin_rpc_service.rs
new file mode 100644
index 0000000000..fdc33b06c5
--- /dev/null
+++ b/runtime-plugin/src/runtime_plugin_admin_rpc_service.rs
@@ -0,0 +1,326 @@
+//! RPC interface to dynamically make changes to runtime plugins.
+
+use {
+    crossbeam_channel::Sender,
+    jsonrpc_core::{BoxFuture, ErrorCode, MetaIoHandler, Metadata, Result as JsonRpcResult},
+    jsonrpc_core_client::{transports::ipc, RpcError},
+    jsonrpc_derive::rpc,
+    jsonrpc_ipc_server::{
+        tokio::{self, sync::oneshot::channel as oneshot_channel},
+        RequestContext, ServerBuilder,
+    },
+    jsonrpc_server_utils::tokio::sync::oneshot::Sender as OneShotSender,
+    log::*,
+    solana_sdk::exit::Exit,
+    std::{
+        path::{Path, PathBuf},
+        sync::{
+            atomic::{AtomicBool, Ordering},
+            Arc, RwLock,
+        },
+    },
+};
+
+#[derive(Debug)]
+pub enum RuntimePluginManagerRpcRequest {
+    ReloadPlugin {
+        name: String,
+        config_file: String,
+        response_sender: OneShotSender<JsonRpcResult<()>>,
+    },
+    UnloadPlugin {
+        name: String,
+        response_sender: OneShotSender<JsonRpcResult<()>>,
+    },
+    LoadPlugin {
+        config_file: String,
+        response_sender: OneShotSender<JsonRpcResult<String>>,
+    },
+    ListPlugins {
+        response_sender: OneShotSender<JsonRpcResult<Vec<String>>>,
+    },
+}
+
+#[rpc]
+pub trait RuntimePluginAdminRpc {
+    type Metadata;
+
+    #[rpc(meta, name = "reloadPlugin")]
+    fn reload_plugin(
+        &self,
+        meta: Self::Metadata,
+        name: String,
+        config_file: String,
+    ) -> BoxFuture<JsonRpcResult<()>>;
+
+    #[rpc(meta, name = "unloadPlugin")]
+    fn unload_plugin(&self, meta: Self::Metadata, name: String) -> BoxFuture<JsonRpcResult<()>>;
+
+    #[rpc(meta, name = "loadPlugin")]
+    fn load_plugin(
+        &self,
+        meta: Self::Metadata,
+        config_file: String,
+    ) -> BoxFuture<JsonRpcResult<String>>;
+
+    #[rpc(meta, name = "listPlugins")]
+    fn list_plugins(&self, meta: Self::Metadata) -> BoxFuture<JsonRpcResult<Vec<String>>>;
+}
+
+#[derive(Clone)]
+pub struct RuntimePluginAdminRpcRequestMetadata {
+    pub rpc_request_sender: Sender<RuntimePluginManagerRpcRequest>,
+    pub validator_exit: Arc<RwLock<Exit>>,
+}
+
+impl Metadata for RuntimePluginAdminRpcRequestMetadata {}
+
+fn rpc_path(ledger_path: &Path) -> PathBuf {
+    #[cfg(target_family = "windows")]
+    {
+        // More information about the wackiness of pipe names over at
+        // https://docs.microsoft.com/en-us/windows/win32/ipc/pipe-names
+        if let Some(ledger_filename) = ledger_path.file_name() {
+            PathBuf::from(format!(
+                "\\\\.\\pipe\\{}-runtime_plugin_admin.rpc",
+                ledger_filename.to_string_lossy()
+            ))
+        } else {
+            PathBuf::from("\\\\.\\pipe\\runtime_plugin_admin.rpc")
+        }
+    }
+    #[cfg(not(target_family = "windows"))]
+    {
+        ledger_path.join("runtime_plugin_admin.rpc")
+    }
+}
+
+/// Start the Runtime Plugin Admin RPC interface.
+pub fn run(
+    ledger_path: &Path,
+    metadata: RuntimePluginAdminRpcRequestMetadata,
+    plugin_exit: Arc<AtomicBool>,
+) {
+    let rpc_path = rpc_path(ledger_path);
+
+    let event_loop = tokio::runtime::Builder::new_multi_thread()
+        .thread_name("solRuntimePluginAdminRpc")
+        .worker_threads(1)
+        .enable_all()
+        .build()
+        .unwrap();
+
+    std::thread::Builder::new()
+        .name("solAdminRpc".to_string())
+        .spawn(move || {
+            let mut io = MetaIoHandler::default();
+            io.extend_with(RuntimePluginAdminRpcImpl.to_delegate());
+
+            let validator_exit = metadata.validator_exit.clone();
+
+            match ServerBuilder::with_meta_extractor(io, move |_req: &RequestContext| {
+                metadata.clone()
+            })
+            .event_loop_executor(event_loop.handle().clone())
+            .start(&format!("{}", rpc_path.display()))
+            {
+                Err(e) => {
+                    error!("Unable to start runtime plugin admin rpc service: {e:?}, exiting");
+                    validator_exit.write().unwrap().exit();
+                }
+                Ok(server) => {
+                    info!("started runtime plugin admin rpc service!");
+                    let close_handle = server.close_handle();
+                    let c_plugin_exit = plugin_exit.clone();
+                    validator_exit
+                        .write()
+                        .unwrap()
+                        .register_exit(Box::new(move || {
+                            close_handle.close();
+                            c_plugin_exit.store(true, Ordering::Relaxed);
+                        }));
+
+                    server.wait();
+                    plugin_exit.store(true, Ordering::Relaxed);
+                }
+            }
+        })
+        .unwrap();
+}
+
+pub struct RuntimePluginAdminRpcImpl;
+impl RuntimePluginAdminRpc for RuntimePluginAdminRpcImpl {
+    type Metadata = RuntimePluginAdminRpcRequestMetadata;
+
+    fn reload_plugin(
+        &self,
+        meta: Self::Metadata,
+        name: String,
+        config_file: String,
+    ) -> BoxFuture<JsonRpcResult<()>> {
+        Box::pin(async move {
+            let (response_sender, response_receiver) = oneshot_channel();
+
+            if meta
+                .rpc_request_sender
+                .send(RuntimePluginManagerRpcRequest::ReloadPlugin {
+                    name,
+                    config_file,
+                    response_sender,
+                })
+                .is_err()
+            {
+                error!("rpc_request_sender channel closed, exiting");
+                meta.validator_exit.write().unwrap().exit();
+
+                return Err(jsonrpc_core::Error {
+                    code: ErrorCode::InternalError,
+                    message: "Internal channel disconnected while sending the request".to_string(),
+                    data: None,
+                });
+            }
+
+            match response_receiver.await {
+                Err(_) => {
+                    error!("response_receiver channel closed, exiting");
+                    meta.validator_exit.write().unwrap().exit();
+                    Err(jsonrpc_core::Error {
+                        code: ErrorCode::InternalError,
+                        message: "Internal channel disconnected while awaiting the response"
+                            .to_string(),
+                        data: None,
+                    })
+                }
+                Ok(resp) => resp,
+            }
+        })
+    }
+
+    fn unload_plugin(&self, meta: Self::Metadata, name: String) -> BoxFuture<JsonRpcResult<()>> {
+        Box::pin(async move {
+            let (response_sender, response_receiver) = oneshot_channel();
+
+            if meta
+                .rpc_request_sender
+                .send(RuntimePluginManagerRpcRequest::UnloadPlugin {
+                    name,
+                    response_sender,
+                })
+                .is_err()
+            {
+                error!("rpc_request_sender channel closed, exiting");
+                meta.validator_exit.write().unwrap().exit();
+
+                return Err(jsonrpc_core::Error {
+                    code: ErrorCode::InternalError,
+                    message: "Internal channel disconnected while sending the request".to_string(),
+                    data: None,
+                });
+            }
+
+            match response_receiver.await {
+                Err(_) => {
+                    error!("response_receiver channel closed, exiting");
+                    meta.validator_exit.write().unwrap().exit();
+                    Err(jsonrpc_core::Error {
+                        code: ErrorCode::InternalError,
+                        message: "Internal channel disconnected while awaiting the response"
+                            .to_string(),
+                        data: None,
+                    })
+                }
+                Ok(resp) => resp,
+            }
+        })
+    }
+
+    fn load_plugin(
+        &self,
+        meta: Self::Metadata,
+        config_file: String,
+    ) -> BoxFuture<JsonRpcResult<String>> {
+        Box::pin(async move {
+            let (response_sender, response_receiver) = oneshot_channel();
+
+            if meta
+                .rpc_request_sender
+                .send(RuntimePluginManagerRpcRequest::LoadPlugin {
+                    config_file,
+                    response_sender,
+                })
+                .is_err()
+            {
+                error!("rpc_request_sender channel closed, exiting");
+                meta.validator_exit.write().unwrap().exit();
+
+                return Err(jsonrpc_core::Error {
+                    code: ErrorCode::InternalError,
+                    message: "Internal channel disconnected while sending the request".to_string(),
+                    data: None,
+                });
+            }
+
+            match response_receiver.await {
+                Err(_) => {
+                    error!("response_receiver channel closed, exiting");
+                    meta.validator_exit.write().unwrap().exit();
+                    Err(jsonrpc_core::Error {
+                        code: ErrorCode::InternalError,
+                        message: "Internal channel disconnected while awaiting the response"
+                            .to_string(),
+                        data: None,
+                    })
+                }
+                Ok(resp) => resp,
+            }
+        })
+    }
+
+    fn list_plugins(&self, meta: Self::Metadata) -> BoxFuture<JsonRpcResult<Vec<String>>> {
+        Box::pin(async move {
+            let (response_sender, response_receiver) = oneshot_channel();
+
+            if meta
+                .rpc_request_sender
+                .send(RuntimePluginManagerRpcRequest::ListPlugins { response_sender })
+                .is_err()
+            {
+                error!("rpc_request_sender channel closed, exiting");
+                meta.validator_exit.write().unwrap().exit();
+
+                return Err(jsonrpc_core::Error {
+                    code: ErrorCode::InternalError,
+                    message: "Internal channel disconnected while sending the request".to_string(),
+                    data: None,
+                });
+            }
+
+            match response_receiver.await {
+                Err(_) => {
+                    error!("response_receiver channel closed, exiting");
+                    meta.validator_exit.write().unwrap().exit();
+                    Err(jsonrpc_core::Error {
+                        code: ErrorCode::InternalError,
+                        message: "Internal channel disconnected while awaiting the response"
+                            .to_string(),
+                        data: None,
+                    })
+                }
+                Ok(resp) => resp,
+            }
+        })
+    }
+}
+
+// Connect to the Runtime Plugin RPC interface
+pub async fn connect(ledger_path: &Path) -> Result<gen_client::Client, RpcError> {
+    let rpc_path = rpc_path(ledger_path);
+    if !rpc_path.exists() {
+        Err(RpcError::Client(format!(
+            "{} does not exist",
+            rpc_path.display()
+        )))
+    } else {
+        ipc::connect::<_, gen_client::Client>(&format!("{}", rpc_path.display())).await
+    }
+}
diff --git a/runtime-plugin/src/runtime_plugin_manager.rs b/runtime-plugin/src/runtime_plugin_manager.rs
new file mode 100644
index 0000000000..af1dcf2cde
--- /dev/null
+++ b/runtime-plugin/src/runtime_plugin_manager.rs
@@ -0,0 +1,275 @@
+use {
+    crate::runtime_plugin::{PluginDependencies, RuntimePlugin},
+    jsonrpc_core::{serde_json, ErrorCode, Result as JsonRpcResult},
+    libloading::Library,
+    log::*,
+    solana_runtime::{bank_forks::BankForks, commitment::BlockCommitmentCache},
+    std::{
+        fs::File,
+        io::Read,
+        path::{Path, PathBuf},
+        sync::{atomic::AtomicBool, Arc, RwLock},
+    },
+};
+
+#[derive(thiserror::Error, Debug)]
+pub enum RuntimePluginManagerError {
+    #[error("Cannot open the the plugin config file")]
+    CannotOpenConfigFile(String),
+
+    #[error("Cannot read the the plugin config file")]
+    CannotReadConfigFile(String),
+
+    #[error("The config file is not in a valid Json format")]
+    InvalidConfigFileFormat(String),
+
+    #[error("Plugin library path is not specified in the config file")]
+    LibPathNotSet,
+
+    #[error("Invalid plugin path")]
+    InvalidPluginPath,
+
+    #[error("Cannot load plugin shared library")]
+    PluginLoadError(String),
+
+    #[error("The runtime plugin {0} is already loaded shared library")]
+    PluginAlreadyLoaded(String),
+
+    #[error("The RuntimePlugin on_load method failed")]
+    PluginStartError(String),
+}
+
+pub struct RuntimePluginManager {
+    plugins: Vec<Box<dyn RuntimePlugin>>,
+    libs: Vec<Library>,
+    bank_forks: Arc<RwLock<BankForks>>,
+    block_commitment_cache: Arc<RwLock<BlockCommitmentCache>>,
+    exit: Arc<AtomicBool>,
+}
+
+impl RuntimePluginManager {
+    pub fn new(
+        bank_forks: Arc<RwLock<BankForks>>,
+        block_commitment_cache: Arc<RwLock<BlockCommitmentCache>>,
+        exit: Arc<AtomicBool>,
+    ) -> Self {
+        Self {
+            plugins: vec![],
+            libs: vec![],
+            bank_forks,
+            block_commitment_cache,
+            exit,
+        }
+    }
+
+    /// This method allows dynamic loading of a runtime plugin.
+    /// Adds to the existing list of loaded plugins.
+    pub(crate) fn load_plugin(
+        &mut self,
+        plugin_config_path: impl AsRef<Path>,
+    ) -> JsonRpcResult<String /* plugin name */> {
+        // First load plugin
+        let (mut new_plugin, new_lib, config_file) =
+            load_plugin_from_config(plugin_config_path.as_ref()).map_err(|e| {
+                jsonrpc_core::Error {
+                    code: ErrorCode::InvalidRequest,
+                    message: format!("Failed to load plugin: {e}"),
+                    data: None,
+                }
+            })?;
+
+        // Then see if a plugin with this name already exists, if so return Err.
+        let name = new_plugin.name();
+        if self.plugins.iter().any(|plugin| name.eq(plugin.name())) {
+            return Err(jsonrpc_core::Error {
+                code: ErrorCode::InvalidRequest,
+                message: format!(
+                    "There already exists a plugin named {} loaded. Did not load requested plugin",
+                    name,
+                ),
+                data: None,
+            });
+        }
+
+        new_plugin
+            .on_load(
+                config_file,
+                PluginDependencies {
+                    bank_forks: self.bank_forks.clone(),
+                    block_commitment_cache: self.block_commitment_cache.clone(),
+                    exit: self.exit.clone(),
+                },
+            )
+            .map_err(|on_load_err| jsonrpc_core::Error {
+                code: ErrorCode::InvalidRequest,
+                message: format!(
+                    "on_load method of plugin {} failed: {on_load_err}",
+                    new_plugin.name()
+                ),
+                data: None,
+            })?;
+
+        self.plugins.push(new_plugin);
+        self.libs.push(new_lib);
+
+        Ok(name.to_string())
+    }
+
+    /// Unloads the plugins and loaded plugin libraries, making sure to fire
+    /// their `on_plugin_unload()` methods so they can do any necessary cleanup.
+    pub(crate) fn unload_all_plugins(&mut self) {
+        (0..self.plugins.len()).for_each(|idx| {
+            self.try_drop_plugin(idx);
+        });
+    }
+
+    pub(crate) fn unload_plugin(&mut self, name: &str) -> JsonRpcResult<()> {
+        // Check if any plugin names match this one
+        let Some(idx) = self
+            .plugins
+            .iter()
+            .position(|plugin| plugin.name().eq(name))
+        else {
+            // If we don't find one return an error
+            return Err(jsonrpc_core::error::Error {
+                code: ErrorCode::InvalidRequest,
+                message: String::from("The plugin you requested to unload is not loaded"),
+                data: None,
+            });
+        };
+
+        // Unload and drop plugin and lib
+        self.try_drop_plugin(idx);
+
+        Ok(())
+    }
+
+    /// Reloads an existing plugin.
+    pub(crate) fn reload_plugin(&mut self, name: &str, config_file: &str) -> JsonRpcResult<()> {
+        // Check if any plugin names match this one
+        let Some(idx) = self
+            .plugins
+            .iter()
+            .position(|plugin| plugin.name().eq(name))
+        else {
+            // If we don't find one return an error
+            return Err(jsonrpc_core::error::Error {
+                code: ErrorCode::InvalidRequest,
+                message: String::from("The plugin you requested to reload is not loaded"),
+                data: None,
+            });
+        };
+
+        self.try_drop_plugin(idx);
+
+        // Try to load plugin, library
+        // SAFETY: It is up to the validator to ensure this is a valid plugin library.
+        let (mut new_plugin, new_lib, new_parsed_config_file) =
+            load_plugin_from_config(config_file.as_ref()).map_err(|err| jsonrpc_core::Error {
+                code: ErrorCode::InvalidRequest,
+                message: err.to_string(),
+                data: None,
+            })?;
+
+        // Attempt to on_load with new plugin
+        match new_plugin.on_load(
+            new_parsed_config_file,
+            PluginDependencies {
+                bank_forks: self.bank_forks.clone(),
+                block_commitment_cache: self.block_commitment_cache.clone(),
+                exit: self.exit.clone(),
+            },
+        ) {
+            // On success, push plugin and library
+            Ok(()) => {
+                self.plugins.push(new_plugin);
+                self.libs.push(new_lib);
+                Ok(())
+            }
+            // On failure, return error
+            Err(err) => Err(jsonrpc_core::error::Error {
+                code: ErrorCode::InvalidRequest,
+                message: format!(
+                    "Failed to start new plugin (previous plugin was dropped!): {err}"
+                ),
+                data: None,
+            }),
+        }
+    }
+
+    pub(crate) fn list_plugins(&self) -> JsonRpcResult<Vec<String>> {
+        Ok(self.plugins.iter().map(|p| p.name().to_owned()).collect())
+    }
+
+    fn try_drop_plugin(&mut self, idx: usize) {
+        if idx < self.plugins.len() {
+            let mut plugin = self.plugins.remove(idx);
+            let lib = self.libs.remove(idx);
+            drop(lib);
+            plugin.on_unload();
+        } else {
+            error!("failed to drop plugin: index {idx} out of bounds");
+        }
+    }
+}
+
+fn load_plugin_from_config(
+    plugin_config_path: &Path,
+) -> Result<(Box<dyn RuntimePlugin>, Library, &str), RuntimePluginManagerError> {
+    type PluginConstructor = unsafe fn() -> *mut dyn RuntimePlugin;
+    use libloading::Symbol;
+
+    let mut file = match File::open(plugin_config_path) {
+        Ok(file) => file,
+        Err(err) => {
+            return Err(RuntimePluginManagerError::CannotOpenConfigFile(format!(
+                "Failed to open the plugin config file {plugin_config_path:?}, error: {err:?}"
+            )));
+        }
+    };
+
+    let mut contents = String::new();
+    if let Err(err) = file.read_to_string(&mut contents) {
+        return Err(RuntimePluginManagerError::CannotReadConfigFile(format!(
+            "Failed to read the plugin config file {plugin_config_path:?}, error: {err:?}"
+        )));
+    }
+
+    let result: serde_json::Value = match json5::from_str(&contents) {
+        Ok(value) => value,
+        Err(err) => {
+            return Err(RuntimePluginManagerError::InvalidConfigFileFormat(format!(
+                "The config file {plugin_config_path:?} is not in a valid Json5 format, error: {err:?}"
+            )));
+        }
+    };
+
+    let libpath = result["libpath"]
+        .as_str()
+        .ok_or(RuntimePluginManagerError::LibPathNotSet)?;
+    let mut libpath = PathBuf::from(libpath);
+    if libpath.is_relative() {
+        let config_dir = plugin_config_path.parent().ok_or_else(|| {
+            RuntimePluginManagerError::CannotOpenConfigFile(format!(
+                "Failed to resolve parent of {plugin_config_path:?}",
+            ))
+        })?;
+        libpath = config_dir.join(libpath);
+    }
+
+    let config_file = plugin_config_path
+        .as_os_str()
+        .to_str()
+        .ok_or(RuntimePluginManagerError::InvalidPluginPath)?;
+
+    let (plugin, lib) = unsafe {
+        let lib = Library::new(libpath)
+            .map_err(|e| RuntimePluginManagerError::PluginLoadError(e.to_string()))?;
+        let constructor: Symbol<PluginConstructor> = lib
+            .get(b"_create_plugin")
+            .map_err(|e| RuntimePluginManagerError::PluginLoadError(e.to_string()))?;
+        (Box::from_raw(constructor()), lib)
+    };
+
+    Ok((plugin, lib, config_file))
+}
diff --git a/runtime-plugin/src/runtime_plugin_service.rs b/runtime-plugin/src/runtime_plugin_service.rs
new file mode 100644
index 0000000000..5fcb625a26
--- /dev/null
+++ b/runtime-plugin/src/runtime_plugin_service.rs
@@ -0,0 +1,123 @@
+use {
+    crate::{
+        runtime_plugin::RuntimePluginError,
+        runtime_plugin_admin_rpc_service::RuntimePluginManagerRpcRequest,
+        runtime_plugin_manager::RuntimePluginManager,
+    },
+    crossbeam_channel::Receiver,
+    log::{error, info},
+    solana_runtime::{bank_forks::BankForks, commitment::BlockCommitmentCache},
+    std::{
+        path::PathBuf,
+        sync::{
+            atomic::{AtomicBool, Ordering},
+            Arc, RwLock,
+        },
+        thread::{self, JoinHandle},
+        time::Duration,
+    },
+};
+
+pub struct RuntimePluginService {
+    plugin_manager: Arc<RwLock<RuntimePluginManager>>,
+    rpc_thread: JoinHandle<()>,
+}
+
+impl RuntimePluginService {
+    pub fn start(
+        plugin_config_files: &[PathBuf],
+        rpc_receiver: Receiver<RuntimePluginManagerRpcRequest>,
+        bank_forks: Arc<RwLock<BankForks>>,
+        block_commitment_cache: Arc<RwLock<BlockCommitmentCache>>,
+        exit: Arc<AtomicBool>,
+    ) -> Result<Self, RuntimePluginError> {
+        let mut plugin_manager =
+            RuntimePluginManager::new(bank_forks, block_commitment_cache, exit.clone());
+
+        for config in plugin_config_files {
+            let name = plugin_manager
+                .load_plugin(config)
+                .map_err(|e| RuntimePluginError::FailedToLoadPlugin(e.into()))?;
+            info!("Loaded Runtime Plugin: {name}");
+        }
+
+        let plugin_manager = Arc::new(RwLock::new(plugin_manager));
+        let rpc_thread =
+            Self::start_rpc_request_handler(rpc_receiver, plugin_manager.clone(), exit);
+
+        Ok(Self {
+            plugin_manager,
+            rpc_thread,
+        })
+    }
+
+    pub fn join(self) {
+        if let Err(e) = self.rpc_thread.join() {
+            error!("error joining rpc thread: {e:?}");
+        }
+        self.plugin_manager.write().unwrap().unload_all_plugins();
+    }
+
+    fn start_rpc_request_handler(
+        rpc_receiver: Receiver<RuntimePluginManagerRpcRequest>,
+        plugin_manager: Arc<RwLock<RuntimePluginManager>>,
+        exit: Arc<AtomicBool>,
+    ) -> JoinHandle<()> {
+        thread::Builder::new()
+            .name("solRuntimePluginRpc".to_string())
+            .spawn(move || {
+                const TIMEOUT: Duration = Duration::from_secs(3);
+                while !exit.load(Ordering::Relaxed) {
+                    if let Ok(request) = rpc_receiver.recv_timeout(TIMEOUT) {
+                        match request {
+                            RuntimePluginManagerRpcRequest::ListPlugins { response_sender } => {
+                                let plugin_list = plugin_manager.read().unwrap().list_plugins();
+                                if response_sender.send(plugin_list).is_err() {
+                                    error!("response_sender channel disconnected");
+                                    return;
+                                }
+                            }
+                            RuntimePluginManagerRpcRequest::ReloadPlugin {
+                                ref name,
+                                ref config_file,
+                                response_sender,
+                            } => {
+                                let reload_result = plugin_manager
+                                    .write()
+                                    .unwrap()
+                                    .reload_plugin(name, config_file);
+                                if response_sender.send(reload_result).is_err() {
+                                    error!("response_sender channel disconnected");
+                                    return;
+                                }
+                            }
+                            RuntimePluginManagerRpcRequest::LoadPlugin {
+                                ref config_file,
+                                response_sender,
+                            } => {
+                                let load_result =
+                                    plugin_manager.write().unwrap().load_plugin(config_file);
+                                if response_sender.send(load_result).is_err() {
+                                    error!("response_sender channel disconnected");
+                                    return;
+                                }
+                            }
+                            RuntimePluginManagerRpcRequest::UnloadPlugin {
+                                ref name,
+                                response_sender,
+                            } => {
+                                let unload_result =
+                                    plugin_manager.write().unwrap().unload_plugin(name);
+                                if response_sender.send(unload_result).is_err() {
+                                    error!("response_sender channel disconnected");
+                                    return;
+                                }
+                            }
+                        }
+                    }
+                }
+                plugin_manager.write().unwrap().unload_all_plugins();
+            })
+            .unwrap()
+    }
+}
diff --git a/runtime/src/bank.rs b/runtime/src/bank.rs
index 10db11e0b0..267a3baa9a 100644
--- a/runtime/src/bank.rs
+++ b/runtime/src/bank.rs
@@ -33,6 +33,8 @@
 //! It offers a high-level API that signs transactions
 //! on behalf of the caller, and a low-level API for when they have
 //! already been signed and verified.
+use solana_accounts_db::account_locks::AccountLocks;
+use solana_accounts_db::accounts::TransactionAccountLocksIterator;
 use {
     crate::{
         account_saver::collect_accounts_to_store,
@@ -331,6 +333,7 @@ impl BankRc {
     }
 }
 
+#[derive(Debug)]
 pub struct LoadAndExecuteTransactionsOutput {
     // Vector of results indicating whether a transaction was processed or could not
     // be processed. Note processed transactions can still have failed!
@@ -340,7 +343,22 @@ pub struct LoadAndExecuteTransactionsOutput {
     pub processed_counts: ProcessedTransactionCounts,
 }
 
-#[derive(Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq)]
+pub struct BundleTransactionSimulationResult {
+    pub result: Result<()>,
+    pub logs: TransactionLogMessages,
+    pub pre_execution_accounts: Option<Vec<AccountData>>,
+    pub post_execution_accounts: Option<Vec<AccountData>>,
+    pub return_data: Option<TransactionReturnData>,
+    pub units_consumed: u64,
+}
+
+#[derive(Clone, Debug, PartialEq)]
+pub struct AccountData {
+    pub pubkey: Pubkey,
+    pub data: AccountSharedData,
+}
+
 pub struct TransactionSimulationResult {
     pub result: Result<()>,
     pub logs: TransactionLogMessages,
@@ -851,7 +869,7 @@ pub struct Bank {
     inflation: Arc<RwLock<Inflation>>,
 
     /// cache of vote_account and stake_account state for this fork
-    stakes_cache: StakesCache,
+    pub stakes_cache: StakesCache,
 
     /// staked nodes on epoch boundaries, saved off when a bank.slot() is at
     ///   a leader schedule calculation boundary
@@ -3678,6 +3696,8 @@ impl Bank {
         &'a self,
         transactions: &'b [Tx],
         transaction_results: impl Iterator<Item = Result<()>>,
+        additional_read_locks: Option<&HashSet<Pubkey>>,
+        additional_write_locks: Option<&HashSet<Pubkey>>,
     ) -> TransactionBatch<'a, 'b, Tx> {
         // this lock_results could be: Ok, AccountInUse, WouldExceedBlockMaxLimit or WouldExceedAccountMaxLimit
         let tx_account_lock_limit = self.get_transaction_account_lock_limit();
@@ -3685,10 +3705,61 @@ impl Bank {
             transactions.iter(),
             transaction_results,
             tx_account_lock_limit,
+            additional_read_locks,
+            additional_write_locks,
         );
         TransactionBatch::new(lock_results, self, OwnedOrBorrowed::Borrowed(transactions))
     }
 
+    /// Prepare a locked transaction batch from a list of sanitized transactions, and their cost
+    /// limited packing status, where transactions will be locked sequentially until the first failure
+    pub fn prepare_sequential_sanitized_batch_with_results<'a, 'b, Tx: SVMMessage>(
+        &'a self,
+        transactions: &'b [Tx],
+    ) -> TransactionBatch<'a, 'b, Tx> {
+        // this lock_results could be: Ok, AccountInUse, AccountLoadedTwice, or TooManyAccountLocks
+        let tx_account_lock_limit = self.get_transaction_account_lock_limit();
+        let lock_results = self
+            .rc
+            .accounts
+            .lock_accounts_sequential_with_results(transactions, tx_account_lock_limit);
+        TransactionBatch::new(lock_results, self, OwnedOrBorrowed::Borrowed(transactions))
+    }
+
+    /// Prepare a locked transaction batch from a list of sanitized transactions for simulation.
+    /// This grabs as many sequential account locks that it can without a RW conflict. However,
+    /// it uses a temporary version of AccountLocks and not the Bank's account locks, so one can
+    /// use this during simulation on an unfrozen Bank without worrying about impacting the RW
+    /// lock usage in replay
+    pub fn prepare_sequential_sanitized_batch_with_results_for_simulation<
+        'a,
+        'b,
+        Tx: SVMMessage,
+    >(
+        &'a self,
+        transactions: &'b [Tx],
+    ) -> TransactionBatch<'a, 'b, Tx> {
+        let tx_account_lock_limit = self.get_transaction_account_lock_limit();
+        let tx_account_locks_results: Vec<Result<_>> = transactions
+            .iter()
+            .map(|tx| {
+                validate_account_locks(tx.account_keys(), tx_account_lock_limit)
+                    .map(|_| TransactionAccountLocksIterator::new(tx))
+            })
+            .collect();
+
+        let mut account_locks = AccountLocks::default();
+        let lock_results =
+            Accounts::lock_accounts_sequential(&mut account_locks, tx_account_locks_results);
+        let mut batch =
+            TransactionBatch::new(lock_results, self, OwnedOrBorrowed::Borrowed(transactions));
+        // this is required to ensure that accounts aren't unlocked accidentally, which can be problematic during replay.
+        // more specifically, during process_entries, if the lock counts are accidentally decremented,
+        // one might end up replaying a block incorrectly
+        batch.set_needs_unlock(false);
+        batch
+    }
+
     /// Prepare a transaction batch from a single transaction without locking accounts
     pub fn prepare_unlocked_batch_from_single_tx<'a, Tx: SVMMessage>(
         &'a self,
@@ -3809,7 +3880,11 @@ impl Bank {
         }
     }
 
-    fn get_account_overrides_for_simulation(&self, account_keys: &AccountKeys) -> AccountOverrides {
+    // NOTE: Do not revert this back to private during rebases.
+    pub fn get_account_overrides_for_simulation(
+        &self,
+        account_keys: &AccountKeys,
+    ) -> AccountOverrides {
         let mut account_overrides = AccountOverrides::default();
         let slot_history_id = sysvar::slot_history::id();
         if account_keys.iter().any(|pubkey| *pubkey == slot_history_id) {
@@ -3867,6 +3942,30 @@ impl Bank {
         balances
     }
 
+    pub fn collect_balances_with_cache(
+        &self,
+        batch: &TransactionBatch<SanitizedTransaction>,
+        account_overrides: Option<&AccountOverrides>,
+    ) -> TransactionBalances {
+        let mut balances: TransactionBalances = vec![];
+        for transaction in batch.sanitized_transactions() {
+            let mut transaction_balances: Vec<u64> = vec![];
+            for account_key in transaction.message().account_keys().iter() {
+                let balance = match account_overrides {
+                    None => self.get_balance(account_key),
+                    Some(overrides) => match overrides.get(account_key) {
+                        None => self.get_balance(account_key),
+                        Some(account_data) => account_data.lamports(),
+                    },
+                };
+                transaction_balances.push(balance);
+            }
+            balances.push(transaction_balances);
+        }
+        balances
+    }
+
+    #[allow(clippy::too_many_arguments, clippy::type_complexity)]
     pub fn load_and_execute_transactions(
         &self,
         batch: &TransactionBatch<impl TransactionWithMeta>,
diff --git a/runtime/src/snapshot_bank_utils.rs b/runtime/src/snapshot_bank_utils.rs
index e9fbb0adb5..c5b161ecf4 100644
--- a/runtime/src/snapshot_bank_utils.rs
+++ b/runtime/src/snapshot_bank_utils.rs
@@ -87,13 +87,14 @@ pub fn bank_fields_from_snapshot_archives(
     storage_access: StorageAccess,
 ) -> snapshot_utils::Result<BankFieldsToDeserialize> {
     let full_snapshot_archive_info =
-        get_highest_full_snapshot_archive_info(&full_snapshot_archives_dir).ok_or_else(|| {
-            SnapshotError::NoSnapshotArchives(full_snapshot_archives_dir.as_ref().to_path_buf())
-        })?;
+        get_highest_full_snapshot_archive_info(&full_snapshot_archives_dir, None).ok_or_else(
+            || SnapshotError::NoSnapshotArchives(full_snapshot_archives_dir.as_ref().to_path_buf()),
+        )?;
 
     let incremental_snapshot_archive_info = get_highest_incremental_snapshot_archive_info(
         &incremental_snapshot_archives_dir,
         full_snapshot_archive_info.slot(),
+        None,
     );
 
     let temp_unpack_dir = TempDir::new()?;
@@ -293,13 +294,14 @@ pub fn bank_from_latest_snapshot_archives(
     Option<IncrementalSnapshotArchiveInfo>,
 )> {
     let full_snapshot_archive_info =
-        get_highest_full_snapshot_archive_info(&full_snapshot_archives_dir).ok_or_else(|| {
-            SnapshotError::NoSnapshotArchives(full_snapshot_archives_dir.as_ref().to_path_buf())
-        })?;
+        get_highest_full_snapshot_archive_info(&full_snapshot_archives_dir, None).ok_or_else(
+            || SnapshotError::NoSnapshotArchives(full_snapshot_archives_dir.as_ref().to_path_buf()),
+        )?;
 
     let incremental_snapshot_archive_info = get_highest_incremental_snapshot_archive_info(
         &incremental_snapshot_archives_dir,
         full_snapshot_archive_info.slot(),
+        None,
     );
 
     let (bank, _) = bank_from_snapshot_archives(
@@ -2536,7 +2538,7 @@ mod tests {
         fs::remove_file(full_snapshot_archive_info.unwrap().path()).unwrap();
 
         let highest_full_snapshot_archive =
-            get_highest_full_snapshot_archive_info(&snapshot_archives_dir).unwrap();
+            get_highest_full_snapshot_archive_info(&snapshot_archives_dir, None).unwrap();
         let highest_bank_snapshot_post =
             get_highest_bank_snapshot_post(&bank_snapshots_dir).unwrap();
         let highest_bank_snapshot_pre = get_highest_bank_snapshot_pre(&bank_snapshots_dir).unwrap();
diff --git a/runtime/src/snapshot_utils.rs b/runtime/src/snapshot_utils.rs
index bc59d3fc5f..622ed91285 100644
--- a/runtime/src/snapshot_utils.rs
+++ b/runtime/src/snapshot_utils.rs
@@ -704,7 +704,7 @@ pub fn get_highest_loadable_bank_snapshot(
     // Otherwise, the bank snapshot's full snapshot slot *must* be the same as
     // the highest full snapshot archive's slot.
     let highest_full_snapshot_archive_slot =
-        get_highest_full_snapshot_archive_slot(&snapshot_config.full_snapshot_archives_dir)?;
+        get_highest_full_snapshot_archive_slot(&snapshot_config.full_snapshot_archives_dir, None)?;
     let full_snapshot_file_slot =
         read_full_snapshot_slot_file(&highest_bank_snapshot.snapshot_dir).ok()?;
     (full_snapshot_file_slot == highest_full_snapshot_archive_slot).then_some(highest_bank_snapshot)
@@ -2068,8 +2068,9 @@ pub fn get_incremental_snapshot_archives(
 /// Get the highest slot of the full snapshot archives in a directory
 pub fn get_highest_full_snapshot_archive_slot(
     full_snapshot_archives_dir: impl AsRef<Path>,
+    halt_at_slot: Option<Slot>,
 ) -> Option<Slot> {
-    get_highest_full_snapshot_archive_info(full_snapshot_archives_dir)
+    get_highest_full_snapshot_archive_info(full_snapshot_archives_dir, halt_at_slot)
         .map(|full_snapshot_archive_info| full_snapshot_archive_info.slot())
 }
 
@@ -2078,10 +2079,12 @@ pub fn get_highest_full_snapshot_archive_slot(
 pub fn get_highest_incremental_snapshot_archive_slot(
     incremental_snapshot_archives_dir: impl AsRef<Path>,
     full_snapshot_slot: Slot,
+    halt_at_slot: Option<Slot>,
 ) -> Option<Slot> {
     get_highest_incremental_snapshot_archive_info(
         incremental_snapshot_archives_dir,
         full_snapshot_slot,
+        halt_at_slot,
     )
     .map(|incremental_snapshot_archive_info| incremental_snapshot_archive_info.slot())
 }
@@ -2089,8 +2092,13 @@ pub fn get_highest_incremental_snapshot_archive_slot(
 /// Get the path (and metadata) for the full snapshot archive with the highest slot in a directory
 pub fn get_highest_full_snapshot_archive_info(
     full_snapshot_archives_dir: impl AsRef<Path>,
+    halt_at_slot: Option<Slot>,
 ) -> Option<FullSnapshotArchiveInfo> {
     let mut full_snapshot_archives = get_full_snapshot_archives(full_snapshot_archives_dir);
+    if let Some(halt_at_slot) = halt_at_slot {
+        full_snapshot_archives
+            .retain(|archive| archive.snapshot_archive_info().slot <= halt_at_slot);
+    }
     full_snapshot_archives.sort_unstable();
     full_snapshot_archives.into_iter().next_back()
 }
@@ -2100,6 +2108,7 @@ pub fn get_highest_full_snapshot_archive_info(
 pub fn get_highest_incremental_snapshot_archive_info(
     incremental_snapshot_archives_dir: impl AsRef<Path>,
     full_snapshot_slot: Slot,
+    halt_at_slot: Option<Slot>,
 ) -> Option<IncrementalSnapshotArchiveInfo> {
     // Since we want to filter down to only the incremental snapshot archives that have the same
     // full snapshot slot as the value passed in, perform the filtering before sorting to avoid
@@ -2111,6 +2120,9 @@ pub fn get_highest_incremental_snapshot_archive_info(
                 incremental_snapshot_archive_info.base_slot() == full_snapshot_slot
             })
             .collect::<Vec<_>>();
+    if let Some(halt_at_slot) = halt_at_slot {
+        incremental_snapshot_archives.retain(|archive| archive.slot() <= halt_at_slot);
+    }
     incremental_snapshot_archives.sort_unstable();
     incremental_snapshot_archives.into_iter().next_back()
 }
@@ -3138,7 +3150,7 @@ mod tests {
         );
 
         assert_eq!(
-            get_highest_full_snapshot_archive_slot(full_snapshot_archives_dir.path()),
+            get_highest_full_snapshot_archive_slot(full_snapshot_archives_dir.path(), None),
             Some(max_slot - 1)
         );
     }
@@ -3164,7 +3176,8 @@ mod tests {
             assert_eq!(
                 get_highest_incremental_snapshot_archive_slot(
                     incremental_snapshot_archives_dir.path(),
-                    full_snapshot_slot
+                    full_snapshot_slot,
+                    None,
                 ),
                 Some(max_incremental_snapshot_slot - 1)
             );
@@ -3173,7 +3186,8 @@ mod tests {
         assert_eq!(
             get_highest_incremental_snapshot_archive_slot(
                 incremental_snapshot_archives_dir.path(),
-                max_full_snapshot_slot
+                max_full_snapshot_slot,
+                None,
             ),
             None
         );
diff --git a/runtime/src/stake_account.rs b/runtime/src/stake_account.rs
index 85cbb9e852..d0531bc916 100644
--- a/runtime/src/stake_account.rs
+++ b/runtime/src/stake_account.rs
@@ -41,14 +41,14 @@ impl<T> StakeAccount<T> {
     }
 
     #[inline]
-    pub(crate) fn stake_state(&self) -> &StakeStateV2 {
+    pub fn stake_state(&self) -> &StakeStateV2 {
         &self.stake_state
     }
 }
 
 impl StakeAccount<Delegation> {
     #[inline]
-    pub(crate) fn delegation(&self) -> &Delegation {
+    pub fn delegation(&self) -> &Delegation {
         // Safe to unwrap here because StakeAccount<Delegation> will always
         // only wrap a stake-state which is a delegation.
         self.stake_state.delegation_ref().unwrap()
diff --git a/runtime/src/stakes.rs b/runtime/src/stakes.rs
index f878510402..b2fb3de623 100644
--- a/runtime/src/stakes.rs
+++ b/runtime/src/stakes.rs
@@ -53,18 +53,18 @@ pub enum InvalidCacheEntryReason {
     WrongOwner,
 }
 
-type StakeAccount = stake_account::StakeAccount<Delegation>;
+pub type StakeAccount = stake_account::StakeAccount<Delegation>;
 
 #[cfg_attr(feature = "frozen-abi", derive(AbiExample))]
 #[derive(Default, Debug)]
-pub(crate) struct StakesCache(RwLock<Stakes<StakeAccount>>);
+pub struct StakesCache(RwLock<Stakes<StakeAccount>>);
 
 impl StakesCache {
     pub(crate) fn new(stakes: Stakes<StakeAccount>) -> Self {
         Self(RwLock::new(stakes))
     }
 
-    pub(crate) fn stakes(&self) -> RwLockReadGuard<Stakes<StakeAccount>> {
+    pub fn stakes(&self) -> RwLockReadGuard<Stakes<StakeAccount>> {
         self.0.read().unwrap()
     }
 
@@ -203,7 +203,7 @@ pub struct Stakes<T: Clone> {
     vote_accounts: VoteAccounts,
 
     /// stake_delegations
-    stake_delegations: ImHashMap<Pubkey, T>,
+    pub stake_delegations: ImHashMap<Pubkey, T>,
 
     /// unused
     unused: u64,
@@ -246,7 +246,7 @@ impl Stakes<StakeAccount> {
     /// full account state for respective stake pubkeys. get_account function
     /// should return the account at the respective slot where stakes where
     /// cached.
-    pub(crate) fn new<F>(stakes: &Stakes<Delegation>, get_account: F) -> Result<Self, Error>
+    pub fn new<F>(stakes: &Stakes<Delegation>, get_account: F) -> Result<Self, Error>
     where
         F: Fn(&Pubkey) -> Option<AccountSharedData> + Sync,
     {
@@ -497,7 +497,7 @@ impl Stakes<StakeAccount> {
         );
     }
 
-    pub(crate) fn stake_delegations(&self) -> &ImHashMap<Pubkey, StakeAccount> {
+    pub fn stake_delegations(&self) -> &ImHashMap<Pubkey, StakeAccount> {
         &self.stake_delegations
     }
 
diff --git a/rustfmt.toml b/rustfmt.toml
index e26d07f0d8..c7ccd48750 100644
--- a/rustfmt.toml
+++ b/rustfmt.toml
@@ -1,2 +1,7 @@
 imports_granularity = "One"
 group_imports = "One"
+
+ignore = [
+    "jito-programs",
+    "anchor"
+]
\ No newline at end of file
diff --git a/s b/s
new file mode 100755
index 0000000000..308133d227
--- /dev/null
+++ b/s
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
+
+if [ -f .env ]; then
+  export $(cat .env | grep -v '#' | awk '/=/ {print $1}')
+else
+  echo "Missing .env file"
+  exit 0
+fi
+
+echo "Syncing to host: $HOST"
+
+# sync to build server, ignoring local builds and local/remote dev ledger
+rsync -avh --delete --exclude target --exclude docker-output "$SCRIPT_DIR" "$HOST":~/
diff --git a/scripts/agave-install-deploy.sh b/scripts/agave-install-deploy.sh
index dcdec14ffb..86575954d3 100755
--- a/scripts/agave-install-deploy.sh
+++ b/scripts/agave-install-deploy.sh
@@ -57,10 +57,10 @@ esac
 
 case $TAG in
 edge|beta)
-  DOWNLOAD_URL=https://release.anza.xyz/"$TAG"/solana-release-$TARGET.tar.bz2
+  DOWNLOAD_URL=https://release.jito.wtf/"$TAG"/solana-release-$TARGET.tar.bz2
   ;;
 *)
-  DOWNLOAD_URL=https://github.com/anza-xyz/agave/releases/download/"$TAG"/solana-release-$TARGET.tar.bz2
+  DOWNLOAD_URL=https://github.com/jito-foundation/jito-solana/releases/download/"$TAG"/solana-release-$TARGET.tar.bz2
   ;;
 esac
 
diff --git a/scripts/increment-cargo-version.sh b/scripts/increment-cargo-version.sh
index 866f442874..41e1994ced 100755
--- a/scripts/increment-cargo-version.sh
+++ b/scripts/increment-cargo-version.sh
@@ -23,6 +23,8 @@ ignores=(
   .cargo
   target
   node_modules
+  jito-programs
+  anchor
 )
 
 not_paths=()
diff --git a/scripts/run.sh b/scripts/run.sh
index 70994c921f..4a148dfed5 100755
--- a/scripts/run.sh
+++ b/scripts/run.sh
@@ -104,6 +104,10 @@ args=(
   --identity "$validator_identity"
   --vote-account "$validator_vote_account"
   --ledger "$ledgerDir"
+  --tip-payment-program-pubkey "T1pyyaTNZsKv2WcRAB8oVnk93mLJw2XzjtVYqCsaHqt"
+  --tip-distribution-program-pubkey "4R3gSG8BpU4t19KYj8CfnbtRpnT8gtk4dvTHxVRwc2r7"
+  --merkle-root-upload-authority "$validator_identity"
+  --commission-bps 0
   --gossip-port 8001
   --full-rpc-api
   --rpc-port 8899
diff --git a/sdk/Cargo.toml b/sdk/Cargo.toml
index 84265ef0a6..8397a93092 100644
--- a/sdk/Cargo.toml
+++ b/sdk/Cargo.toml
@@ -18,7 +18,7 @@ program = []
 
 default = [
     "borsh",
-    "full",  # functionality that is not compatible or needed for on-chain programs
+    "full", # functionality that is not compatible or needed for on-chain programs
 ]
 full = [
     "byteorder",
@@ -89,6 +89,9 @@ frozen-abi = [
 openssl-vendored = ["solana-precompiles/openssl-vendored"]
 
 [dependencies]
+anchor-lang = { workspace = true }
+assert_matches = { workspace = true, optional = true }
+base64 = { workspace = true }
 bincode = { workspace = true }
 bitflags = { workspace = true, features = ["serde"] }
 borsh = { workspace = true, optional = true }
diff --git a/sdk/src/bundle/mod.rs b/sdk/src/bundle/mod.rs
new file mode 100644
index 0000000000..3c02a59f9f
--- /dev/null
+++ b/sdk/src/bundle/mod.rs
@@ -0,0 +1,33 @@
+#![cfg(feature = "full")]
+
+use {
+    crate::transaction::{SanitizedTransaction, VersionedTransaction},
+    digest::Digest,
+    itertools::Itertools,
+    sha2::Sha256,
+};
+
+#[derive(Debug, PartialEq, Default, Eq, Clone, Serialize, Deserialize)]
+pub struct VersionedBundle {
+    pub transactions: Vec<VersionedTransaction>,
+}
+
+#[derive(Clone, Debug)]
+pub struct SanitizedBundle {
+    pub transactions: Vec<SanitizedTransaction>,
+    pub bundle_id: String,
+}
+
+pub fn derive_bundle_id(transactions: &[VersionedTransaction]) -> String {
+    let mut hasher = Sha256::new();
+    hasher.update(transactions.iter().map(|tx| tx.signatures[0]).join(","));
+    format!("{:x}", hasher.finalize())
+}
+
+pub fn derive_bundle_id_from_sanitized_transactions(
+    transactions: &[SanitizedTransaction],
+) -> String {
+    let mut hasher = Sha256::new();
+    hasher.update(transactions.iter().map(|tx| tx.signature()).join(","));
+    format!("{:x}", hasher.finalize())
+}
diff --git a/sdk/src/lib.rs b/sdk/src/lib.rs
index 4e4c905933..db4a86775d 100644
--- a/sdk/src/lib.rs
+++ b/sdk/src/lib.rs
@@ -62,6 +62,7 @@ pub use solana_program::{borsh, borsh0_10, borsh1};
 #[cfg(feature = "full")]
 #[deprecated(since = "2.2.0", note = "Use `solana-signer` crate instead")]
 pub use solana_signer::signers;
+pub mod bundle;
 pub mod entrypoint;
 pub mod entrypoint_deprecated;
 pub mod example_mocks;
diff --git a/send-transaction-service/Cargo.toml b/send-transaction-service/Cargo.toml
index 92a73c33bc..f2dffe31d9 100644
--- a/send-transaction-service/Cargo.toml
+++ b/send-transaction-service/Cargo.toml
@@ -16,6 +16,7 @@ itertools = { workspace = true }
 log = { workspace = true }
 solana-client = { workspace = true }
 solana-connection-cache = { workspace = true }
+solana-gossip = { workspace = true }
 solana-measure = { workspace = true }
 solana-metrics = { workspace = true }
 solana-quic-client = { workspace = true }
@@ -28,6 +29,7 @@ tokio-util = { workspace = true }
 [dev-dependencies]
 solana-logger = { workspace = true }
 solana-runtime = { workspace = true, features = ["dev-context-only-utils"] }
+solana-streamer = { workspace = true }
 
 [features]
 dev-context-only-utils = []
diff --git a/send-transaction-service/src/send_transaction_service.rs b/send-transaction-service/src/send_transaction_service.rs
index 928a67dc4d..f04ec647de 100644
--- a/send-transaction-service/src/send_transaction_service.rs
+++ b/send-transaction-service/src/send_transaction_service.rs
@@ -8,6 +8,10 @@ use {
     crossbeam_channel::{Receiver, RecvTimeoutError},
     itertools::Itertools,
     log::*,
+    solana_client::connection_cache::{ConnectionCache, Protocol},
+    solana_connection_cache::client_connection::ClientConnection as TpuConnection,
+    solana_gossip::cluster_info::ClusterInfo,
+    solana_measure::measure::Measure,
     solana_runtime::{bank::Bank, bank_forks::BankForks},
     solana_sdk::{
         hash::Hash, nonce_account, pubkey::Pubkey, saturating_add_assign, signature::Signature,
@@ -147,6 +151,7 @@ pub const MAX_RETRY_SLEEP_MS: u64 = 1_000;
 
 impl SendTransactionService {
     pub fn new<Client: TransactionClient + Clone + std::marker::Send + 'static>(
+        cluster_info: Arc<ClusterInfo>,
         bank_forks: &Arc<RwLock<BankForks>>,
         receiver: Receiver<TransactionInfo>,
         client: Client,
@@ -157,10 +162,11 @@ impl SendTransactionService {
             retry_rate_ms,
             ..Config::default()
         };
-        Self::new_with_config::<Client>(bank_forks, receiver, client, config, exit)
+        Self::new_with_config::<Client>(cluster_info, bank_forks, receiver, client, config, exit)
     }
 
     pub fn new_with_config<Client: TransactionClient + Clone + std::marker::Send + 'static>(
+        cluster_info: Arc<ClusterInfo>,
         bank_forks: &Arc<RwLock<BankForks>>,
         receiver: Receiver<TransactionInfo>,
         client: Client,
@@ -172,6 +178,7 @@ impl SendTransactionService {
         let retry_transactions = Arc::new(Mutex::new(HashMap::new()));
 
         let receive_txn_thread = Self::receive_txn_thread(
+            cluster_info.clone(),
             receiver,
             client.clone(),
             retry_transactions.clone(),
@@ -185,6 +192,7 @@ impl SendTransactionService {
         );
 
         let retry_thread = Self::retry_thread(
+            cluster_info,
             bank_forks.clone(),
             client,
             retry_transactions,
@@ -205,6 +213,7 @@ impl SendTransactionService {
     /// Thread responsible for receiving transactions from RPC clients.
     #[allow(clippy::too_many_arguments)]
     fn receive_txn_thread<Client: TransactionClient + std::marker::Send + 'static>(
+        cluster_info: Arc<ClusterInfo>,
         receiver: Receiver<TransactionInfo>,
         client: Client,
         retry_transactions: Arc<Mutex<HashMap<Signature, TransactionInfo>>>,
@@ -315,6 +324,7 @@ impl SendTransactionService {
 
     /// Thread responsible for retrying transactions
     fn retry_thread<Client: TransactionClient + std::marker::Send + 'static>(
+        cluster_info: Arc<ClusterInfo>,
         bank_forks: Arc<RwLock<BankForks>>,
         client: Client,
         retry_transactions: Arc<Mutex<HashMap<Signature, TransactionInfo>>>,
@@ -542,14 +552,17 @@ mod test {
             transaction_client::{ConnectionCacheClient, TpuClientNextClient},
         },
         crossbeam_channel::{bounded, unbounded},
+        solana_gossip::contact_info::ContactInfo,
         solana_sdk::{
             account::AccountSharedData,
             genesis_config::create_genesis_config,
             nonce::{self, state::DurableNonce},
             pubkey::Pubkey,
-            signature::Signer,
+            signature::{Keypair, Signer},
             system_program, system_transaction,
+            timing::timestamp,
         },
+        solana_streamer::socket::SocketAddrSpace,
         std::ops::Sub,
         tokio::runtime::Handle,
     };
@@ -575,6 +588,7 @@ mod test {
     }
 
     #[test]
+<<<<<<< HEAD
     fn service_exit_with_connection_cache() {
         service_exit::<ConnectionCacheClient<NullTpuInfo>>(None);
     }
@@ -586,6 +600,10 @@ mod test {
     }
 
     fn validator_exit<C: ClientWithCreator>(maybe_runtime: Option<Handle>) {
+=======
+    fn validator_exit() {
+        let cluster_info = new_test_cluster_info();
+>>>>>>> 1742826fca (jito patch)
         let bank = Bank::default_for_tests();
         let bank_forks = BankForks::new_rw_arc(bank);
         let (sender, receiver) = bounded(0);
@@ -601,9 +619,23 @@ mod test {
         };
 
         let exit = Arc::new(AtomicBool::new(false));
+<<<<<<< HEAD
         let client = C::create_client(maybe_runtime, "127.0.0.1:0".parse().unwrap(), None, 1);
         let _send_transaction_service =
             SendTransactionService::new(&bank_forks, receiver, client.clone(), 1000, exit.clone());
+=======
+        let connection_cache = Arc::new(ConnectionCache::new("connection_cache_test"));
+        let _send_transaction_service = SendTransactionService::new::<NullTpuInfo>(
+            cluster_info,
+            &bank_forks,
+            None,
+            receiver,
+            &connection_cache,
+            1000,
+            1,
+            exit.clone(),
+        );
+>>>>>>> 1742826fca (jito patch)
 
         sender.send(dummy_tx_info()).unwrap();
 
diff --git a/start b/start
new file mode 100755
index 0000000000..c2f35e272a
--- /dev/null
+++ b/start
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+set -eu
+
+SOLANA_CONFIG_DIR=./config
+
+mkdir -p $SOLANA_CONFIG_DIR
+NDEBUG=1 ./multinode-demo/setup.sh
+cargo run --release --bin solana-ledger-tool -- -l config/bootstrap-validator/ create-snapshot 0
+NDEBUG=1 ./multinode-demo/faucet.sh
diff --git a/start_multi b/start_multi
new file mode 100755
index 0000000000..66de0032dc
--- /dev/null
+++ b/start_multi
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -eu
+
+SOLANA_KEYGEN="cargo run --release --bin solana-keygen --"
+SOLANA_CONFIG_DIR=./config
+
+if [[ ! -d $SOLANA_CONFIG_DIR ]]; then
+  echo "New Config! Generating Identities"
+  mkdir $SOLANA_CONFIG_DIR
+  $SOLANA_KEYGEN new --no-passphrase -so "$SOLANA_CONFIG_DIR"/a/identity.json
+  $SOLANA_KEYGEN new --no-passphrase -so "$SOLANA_CONFIG_DIR"/a/stake-account.json
+  $SOLANA_KEYGEN new --no-passphrase -so "$SOLANA_CONFIG_DIR"/a/vote-account.json
+
+  $SOLANA_KEYGEN new --no-passphrase -so "$SOLANA_CONFIG_DIR"/b/identity.json
+  $SOLANA_KEYGEN new --no-passphrase -so "$SOLANA_CONFIG_DIR"/b/stake-account.json
+  $SOLANA_KEYGEN new --no-passphrase -so "$SOLANA_CONFIG_DIR"/b/vote-account.json
+fi
+
+NDEBUG=1 ./multinode-demo/setup.sh \
+  --bootstrap-validator \
+  "$SOLANA_CONFIG_DIR"/a/identity.json \
+  "$SOLANA_CONFIG_DIR"/a/vote-account.json \
+  "$SOLANA_CONFIG_DIR"/a/stake-account.json \
+  --bootstrap-validator \
+  "$SOLANA_CONFIG_DIR"/b/identity.json \
+  "$SOLANA_CONFIG_DIR"/b/vote-account.json \
+  "$SOLANA_CONFIG_DIR"/b/stake-account.json
+
+cargo run --bin solana-ledger-tool -- -l config/bootstrap-validator/ create-snapshot 0
+NDEBUG=1 ./multinode-demo/faucet.sh
diff --git a/svm/src/account_overrides.rs b/svm/src/account_overrides.rs
index c31dc5bac1..d1d6a462ad 100644
--- a/svm/src/account_overrides.rs
+++ b/svm/src/account_overrides.rs
@@ -6,12 +6,16 @@ use {
 /// Encapsulates overridden accounts, typically used for transaction
 /// simulations. Account overrides are currently not used when loading the
 /// durable nonce account or when constructing the instructions sysvar account.
-#[derive(Default)]
+#[derive(Clone, Default, Debug)]
 pub struct AccountOverrides {
     accounts: HashMap<Pubkey, AccountSharedData>,
 }
 
 impl AccountOverrides {
+    pub fn upsert_account_overrides(&mut self, other: AccountOverrides) {
+        self.accounts.extend(other.accounts);
+    }
+
     /// Insert or remove an account with a given pubkey to/from the list of overrides.
     fn set_account(&mut self, pubkey: &Pubkey, account: Option<AccountSharedData>) {
         match account {
diff --git a/svm/src/transaction_processor.rs b/svm/src/transaction_processor.rs
index 2124543650..a3f7905181 100644
--- a/svm/src/transaction_processor.rs
+++ b/svm/src/transaction_processor.rs
@@ -2522,6 +2522,7 @@ mod tests {
                 FeeStructure::default().lamports_per_signature,
                 &rent_collector,
                 &mut error_counters,
+                None,
             );
 
             let post_validation_fee_payer_account = {
@@ -2583,6 +2584,7 @@ mod tests {
                 FeeStructure::default().lamports_per_signature,
                 &rent_collector,
                 &mut error_counters,
+                None,
             );
 
             assert_eq!(error_counters.insufficient_funds, 1);
diff --git a/test-validator/src/lib.rs b/test-validator/src/lib.rs
index 66ea5a9146..8478e1cb53 100644
--- a/test-validator/src/lib.rs
+++ b/test-validator/src/lib.rs
@@ -1054,6 +1054,7 @@ impl TestValidator {
                 tpu_max_connections_per_ipaddr_per_minute: 32, // max connections per IpAddr per minute for test
             },
             config.admin_rpc_service_post_init.clone(),
+            None,
         )?);
 
         // Needed to avoid panics in `solana-responder-gossip` in tests that create a number of
diff --git a/timings/src/lib.rs b/timings/src/lib.rs
index 94c415f5e5..a8cd760707 100644
--- a/timings/src/lib.rs
+++ b/timings/src/lib.rs
@@ -61,6 +61,7 @@ pub enum ExecuteTimingType {
     FilterExecutableUs,
 }
 
+#[derive(Clone)]
 pub struct Metrics([Saturating<u64>; ExecuteTimingType::CARDINALITY]);
 
 impl Index<ExecuteTimingType> for Metrics {
@@ -309,7 +310,7 @@ eager_macro_rules! { $eager_1
     }
 }
 
-#[derive(Debug, Default)]
+#[derive(Clone, Debug, Default)]
 pub struct ExecuteTimings {
     pub metrics: Metrics,
     pub details: ExecuteDetailsTimings,
@@ -335,7 +336,7 @@ impl ExecuteTimings {
     }
 }
 
-#[derive(Default, Debug)]
+#[derive(Clone, Default, Debug)]
 pub struct ExecuteProcessInstructionTimings {
     pub total_us: Saturating<u64>,
     pub verify_caller_us: Saturating<u64>,
@@ -352,7 +353,7 @@ impl ExecuteProcessInstructionTimings {
     }
 }
 
-#[derive(Default, Debug)]
+#[derive(Clone, Default, Debug)]
 pub struct ExecuteAccessoryTimings {
     pub feature_set_clone_us: Saturating<u64>,
     pub get_executors_us: Saturating<u64>,
@@ -370,7 +371,7 @@ impl ExecuteAccessoryTimings {
     }
 }
 
-#[derive(Default, Debug, PartialEq, Eq)]
+#[derive(Clone, Default, Debug, PartialEq, Eq)]
 pub struct ExecuteDetailsTimings {
     pub serialize_us: Saturating<u64>,
     pub create_vm_us: Saturating<u64>,
diff --git a/tip-distributor/Cargo.toml b/tip-distributor/Cargo.toml
new file mode 100644
index 0000000000..76682d220a
--- /dev/null
+++ b/tip-distributor/Cargo.toml
@@ -0,0 +1,61 @@
+[package]
+name = "solana-tip-distributor"
+version = { workspace = true }
+edition = { workspace = true }
+license = { workspace = true }
+description = "Collection of binaries used to distribute MEV rewards to delegators and validators."
+publish = false
+
+[dependencies]
+anchor-lang = { workspace = true }
+clap = { version = "4.1.11", features = ["derive", "env"] }
+crossbeam-channel = { workspace = true }
+env_logger = { workspace = true }
+futures = { workspace = true }
+gethostname = { workspace = true }
+im = { workspace = true }
+itertools = { workspace = true }
+jito-tip-distribution = { workspace = true }
+jito-tip-payment = { workspace = true }
+log = { workspace = true }
+num-traits = { workspace = true }
+rand = { workspace = true }
+serde = { workspace = true }
+serde_json = { workspace = true }
+solana-accounts-db = { workspace = true }
+solana-client = { workspace = true }
+solana-genesis-utils = { workspace = true }
+solana-ledger = { workspace = true }
+solana-measure = { workspace = true }
+solana-merkle-tree = { workspace = true }
+solana-metrics = { workspace = true }
+solana-program = { workspace = true }
+solana-program-runtime = { workspace = true }
+solana-rpc-client-api = { workspace = true }
+solana-runtime = { workspace = true }
+solana-sdk = { workspace = true }
+solana-stake-program = { workspace = true }
+solana-transaction-status = { workspace = true }
+solana-vote = { workspace = true }
+thiserror = { workspace = true }
+tokio = { workspace = true, features = ["rt-multi-thread", "macros"] }
+
+[dev-dependencies]
+solana-runtime = { workspace = true, features = ["dev-context-only-utils"] }
+solana-sdk = { workspace = true, features = ["dev-context-only-utils"] }
+
+[[bin]]
+name = "solana-stake-meta-generator"
+path = "src/bin/stake-meta-generator.rs"
+
+[[bin]]
+name = "solana-merkle-root-generator"
+path = "src/bin/merkle-root-generator.rs"
+
+[[bin]]
+name = "solana-merkle-root-uploader"
+path = "src/bin/merkle-root-uploader.rs"
+
+[[bin]]
+name = "solana-claim-mev-tips"
+path = "src/bin/claim-mev-tips.rs"
diff --git a/tip-distributor/README.md b/tip-distributor/README.md
new file mode 100644
index 0000000000..fec682879a
--- /dev/null
+++ b/tip-distributor/README.md
@@ -0,0 +1,52 @@
+# Tip Distributor
+This library and collection of binaries are responsible for generating and uploading merkle roots to the on-chain 
+tip-distribution program found [here](https://github.com/jito-foundation/jito-programs/blob/submodule/tip-payment/programs/tip-distribution/src/lib.rs).
+
+## Background
+Each individual validator is assigned a new PDA per epoch where their share of tips, in lamports, will be stored. 
+At the end of the epoch it's expected that validators take a commission and then distribute the rest of the funds
+to their delegators such that delegators receive rewards proportional to their respective delegations. The distribution
+mechanism is via merkle proofs similar to how airdrops work.
+
+The merkle roots are calculated off-chain and uploaded to the validator's **TipDistributionAccount** PDA. Validators may
+elect an account to upload the merkle roots on their behalf. Once uploaded, users can invoke the **claim** instruction
+and receive the rewards they're entitled to. Once all funds are claimed by users the validator can close the account and
+refunded the rent.
+
+## Scripts
+
+### stake-meta-generator
+
+This script generates a JSON file identifying individual stake delegations to a validator, along with amount of lamports 
+in each validator's **TipDistributionAccount**. All validators will be contained in the JSON list, regardless of whether 
+the validator is a participant in the system; participant being indicative of running the jito-solana client to accept tips 
+having initialized a **TipDistributionAccount** PDA account for the epoch.
+
+One edge case that we've taken into account is the last validator in an epoch N receives tips but those tips don't get transferred
+out into the PDA until some slot in epoch N + 1. Due to this we cannot rely on the bank's state at epoch N for lamports amount
+in the PDAs. We use the bank solely to take a snapshot of delegations, but an RPC node to fetch the PDA lamports for more up-to-date data.
+
+### merkle-root-generator
+This script accepts a path to the above JSON file as one of its arguments, and generates a merkle-root into a JSON file.
+
+### merkle-root-uploader
+Uploads the root on-chain.
+
+### claim-mev-tips
+This reads the file outputted by `merkle-root-generator` and finds all eligible accounts to receive mev tips. Transactions
+are created and sent to the RPC server.
+
+
+## How it works?
+In order to use this library as the merkle root creator one must follow the following steps:
+1. Download a ledger snapshot containing the slot of interest, i.e. the last slot in an epoch. The Solana foundation has snapshots that can be found [here](https://console.cloud.google.com/storage/browser/mainnet-beta-ledger-us-ny5).
+2. Download the snapshot onto your worker machine (where this script will run).
+3. Run `solana-ledger-tool -l ${PATH_TO_LEDGER} create-snapshot ${YOUR_SLOT} ${WHERE_TO_CREATE_SNAPSHOT}`
+   1. The snapshot created at `${WHERE_TO_CREATE_SNAPSHOT}` will have the highest slot of `${YOUR_SLOT}`, assuming you downloaded the correct snapshot.
+4. Run `stake-meta-generator --ledger-path ${WHERE_TO_CREATE_SNAPSHOT} --tip-distribution-program-id ${PUBKEY} --out-path ${JSON_OUT_PATH} --snapshot-slot ${SLOT} --rpc-url ${URL}`
+   1. Note: `${WHERE_TO_CREATE_SNAPSHOT}` must be the same in steps 3 & 4.
+5. Run `merkle-root-generator --stake-meta-coll-path ${STAKE_META_COLLECTION_JSON} --rpc-url ${URL} --out-path ${MERKLE_ROOT_PATH}`
+6. Run `merkle-root-uploader --out-path ${MERKLE_ROOT_PATH} --keypair-path ${KEYPAIR_PATH} --rpc-url ${URL} --tip-distribution-program-id ${PROGRAM_ID}`
+7. Run `solana-claim-mev-tips --merkle-trees-path /solana/ledger/autosnapshot/merkle-tree-221615999.json --rpc-url ${URL} --tip-distribution-program-id ${PROGRAM_ID} --keypair-path ${KEYPAIR_PATH}`
+
+Voila!
diff --git a/tip-distributor/src/bin/claim-mev-tips.rs b/tip-distributor/src/bin/claim-mev-tips.rs
new file mode 100644
index 0000000000..dd57db9231
--- /dev/null
+++ b/tip-distributor/src/bin/claim-mev-tips.rs
@@ -0,0 +1,190 @@
+//! This binary claims MEV tips.
+use {
+    clap::Parser,
+    futures::future::join_all,
+    gethostname::gethostname,
+    log::*,
+    solana_metrics::{datapoint_error, datapoint_info, set_host_id},
+    solana_sdk::{
+        pubkey::Pubkey,
+        signature::{read_keypair_file, Keypair},
+    },
+    solana_tip_distributor::{
+        claim_mev_workflow::{claim_mev_tips, ClaimMevError},
+        read_json_from_file,
+        reclaim_rent_workflow::reclaim_rent,
+        GeneratedMerkleTreeCollection,
+    },
+    std::{
+        path::PathBuf,
+        sync::Arc,
+        time::{Duration, Instant},
+    },
+};
+
+#[derive(Parser, Debug)]
+#[command(author, version, about, long_about = None)]
+struct Args {
+    /// Path to JSON file containing the [GeneratedMerkleTreeCollection] object.
+    #[arg(long, env)]
+    merkle_trees_path: PathBuf,
+
+    /// RPC to send transactions through
+    #[arg(long, env, default_value = "http://localhost:8899")]
+    rpc_url: String,
+
+    /// Tip distribution program ID
+    #[arg(long, env)]
+    tip_distribution_program_id: Pubkey,
+
+    /// Path to keypair
+    #[arg(long, env)]
+    keypair_path: PathBuf,
+
+    /// Limits how long before send loop runs before stopping
+    #[arg(long, env, default_value_t = 60 * 60)]
+    max_retry_duration_secs: u64,
+
+    /// Specifies whether to reclaim any rent.
+    #[arg(long, env, default_value_t = true)]
+    should_reclaim_rent: bool,
+
+    /// Specifies whether to reclaim rent on behalf of validators from respective TDAs.
+    #[arg(long, env)]
+    should_reclaim_tdas: bool,
+
+    /// The price to pay for priority fee
+    #[arg(long, env, default_value_t = 1)]
+    micro_lamports: u64,
+}
+
+async fn start_mev_claim_process(
+    merkle_trees: GeneratedMerkleTreeCollection,
+    rpc_url: String,
+    tip_distribution_program_id: Pubkey,
+    signer: Arc<Keypair>,
+    max_loop_duration: Duration,
+    micro_lamports: u64,
+) -> Result<(), ClaimMevError> {
+    let start = Instant::now();
+
+    match claim_mev_tips(
+        &merkle_trees,
+        rpc_url,
+        tip_distribution_program_id,
+        signer,
+        max_loop_duration,
+        micro_lamports,
+    )
+    .await
+    {
+        Err(e) => {
+            datapoint_error!(
+                "claim_mev_workflow-claim_error",
+                ("epoch", merkle_trees.epoch, i64),
+                ("error", 1, i64),
+                ("err_str", e.to_string(), String),
+                ("elapsed_us", start.elapsed().as_micros(), i64),
+            );
+            Err(e)
+        }
+        Ok(()) => {
+            datapoint_info!(
+                "claim_mev_workflow-claim_completion",
+                ("epoch", merkle_trees.epoch, i64),
+                ("elapsed_us", start.elapsed().as_micros(), i64),
+            );
+            Ok(())
+        }
+    }
+}
+
+async fn start_rent_claim(
+    rpc_url: String,
+    tip_distribution_program_id: Pubkey,
+    signer: Arc<Keypair>,
+    max_loop_duration: Duration,
+    should_reclaim_tdas: bool,
+    micro_lamports: u64,
+    epoch: u64,
+) -> Result<(), ClaimMevError> {
+    let start = Instant::now();
+    match reclaim_rent(
+        rpc_url,
+        tip_distribution_program_id,
+        signer,
+        max_loop_duration,
+        should_reclaim_tdas,
+        micro_lamports,
+    )
+    .await
+    {
+        Err(e) => {
+            datapoint_error!(
+                "claim_mev_workflow-reclaim_rent_error",
+                ("epoch", epoch, i64),
+                ("error", 1, i64),
+                ("err_str", e.to_string(), String),
+                ("elapsed_us", start.elapsed().as_micros(), i64),
+            );
+            Err(e)
+        }
+        Ok(()) => {
+            datapoint_info!(
+                "claim_mev_workflow-reclaim_rent_completion",
+                ("epoch", epoch, i64),
+                ("elapsed_us", start.elapsed().as_micros(), i64),
+            );
+            Ok(())
+        }
+    }
+}
+
+#[tokio::main]
+async fn main() -> Result<(), ClaimMevError> {
+    env_logger::init();
+
+    gethostname()
+        .into_string()
+        .map(set_host_id)
+        .expect("set hostname");
+
+    let args: Args = Args::parse();
+    let keypair = Arc::new(read_keypair_file(&args.keypair_path).expect("read keypair file"));
+    let merkle_trees: GeneratedMerkleTreeCollection =
+        read_json_from_file(&args.merkle_trees_path).expect("read GeneratedMerkleTreeCollection");
+    let max_loop_duration = Duration::from_secs(args.max_retry_duration_secs);
+
+    info!(
+        "Starting to claim mev tips for epoch: {}",
+        merkle_trees.epoch
+    );
+    let epoch = merkle_trees.epoch;
+
+    let mut futs = vec![];
+    futs.push(tokio::spawn(start_mev_claim_process(
+        merkle_trees,
+        args.rpc_url.clone(),
+        args.tip_distribution_program_id,
+        keypair.clone(),
+        max_loop_duration,
+        args.micro_lamports,
+    )));
+    if args.should_reclaim_rent {
+        futs.push(tokio::spawn(start_rent_claim(
+            args.rpc_url.clone(),
+            args.tip_distribution_program_id,
+            keypair.clone(),
+            max_loop_duration,
+            args.should_reclaim_tdas,
+            args.micro_lamports,
+            epoch,
+        )));
+    }
+    let results = join_all(futs).await;
+    solana_metrics::flush(); // sometimes last datapoint doesn't get emitted. this increases likelihood.
+    for r in results {
+        r.map_err(|e| ClaimMevError::UncaughtError { e: e.to_string() })??;
+    }
+    Ok(())
+}
diff --git a/tip-distributor/src/bin/merkle-root-generator.rs b/tip-distributor/src/bin/merkle-root-generator.rs
new file mode 100644
index 0000000000..9f2d0f9a4e
--- /dev/null
+++ b/tip-distributor/src/bin/merkle-root-generator.rs
@@ -0,0 +1,34 @@
+//! This binary generates a merkle tree for each [TipDistributionAccount]; they are derived
+//! using a user provided [StakeMetaCollection] JSON file.
+
+use {
+    clap::Parser, log::*,
+    solana_tip_distributor::merkle_root_generator_workflow::generate_merkle_root,
+    std::path::PathBuf,
+};
+
+#[derive(Parser, Debug)]
+#[command(author, version, about, long_about = None)]
+struct Args {
+    /// Path to JSON file containing the [StakeMetaCollection] object.
+    #[arg(long, env)]
+    stake_meta_coll_path: PathBuf,
+
+    /// RPC to send transactions through. Used to validate what's being claimed is equal to TDA balance minus rent.
+    #[arg(long, env)]
+    rpc_url: String,
+
+    /// Path to JSON file to get populated with tree node data.
+    #[arg(long, env)]
+    out_path: PathBuf,
+}
+
+fn main() {
+    env_logger::init();
+    info!("Starting merkle-root-generator workflow...");
+
+    let args: Args = Args::parse();
+    generate_merkle_root(&args.stake_meta_coll_path, &args.out_path, &args.rpc_url)
+        .expect("merkle tree produced");
+    info!("saved merkle roots to {:?}", args.stake_meta_coll_path);
+}
diff --git a/tip-distributor/src/bin/merkle-root-uploader.rs b/tip-distributor/src/bin/merkle-root-uploader.rs
new file mode 100644
index 0000000000..9000ce66d0
--- /dev/null
+++ b/tip-distributor/src/bin/merkle-root-uploader.rs
@@ -0,0 +1,54 @@
+use {
+    clap::Parser, log::info, solana_sdk::pubkey::Pubkey,
+    solana_tip_distributor::merkle_root_upload_workflow::upload_merkle_root, std::path::PathBuf,
+};
+
+#[derive(Parser, Debug)]
+#[command(author, version, about, long_about = None)]
+struct Args {
+    /// Path to JSON file containing the [StakeMetaCollection] object.
+    #[arg(long, env)]
+    merkle_root_path: PathBuf,
+
+    /// The path to the keypair used to sign and pay for the `upload_merkle_root` transactions.
+    #[arg(long, env)]
+    keypair_path: PathBuf,
+
+    /// The RPC to send transactions to.
+    #[arg(long, env)]
+    rpc_url: String,
+
+    /// Tip distribution program ID
+    #[arg(long, env)]
+    tip_distribution_program_id: Pubkey,
+
+    /// Rate-limits the maximum number of requests per RPC connection
+    #[arg(long, env, default_value_t = 100)]
+    max_concurrent_rpc_get_reqs: usize,
+
+    /// Number of transactions to send to RPC at a time.
+    #[arg(long, env, default_value_t = 64)]
+    txn_send_batch_size: usize,
+}
+
+fn main() {
+    env_logger::init();
+
+    let args: Args = Args::parse();
+
+    info!("starting merkle root uploader...");
+    if let Err(e) = upload_merkle_root(
+        &args.merkle_root_path,
+        &args.keypair_path,
+        &args.rpc_url,
+        &args.tip_distribution_program_id,
+        args.max_concurrent_rpc_get_reqs,
+        args.txn_send_batch_size,
+    ) {
+        panic!("failed to upload merkle roots: {:?}", e);
+    }
+    info!(
+        "uploaded merkle roots from file {:?}",
+        args.merkle_root_path
+    );
+}
diff --git a/tip-distributor/src/bin/stake-meta-generator.rs b/tip-distributor/src/bin/stake-meta-generator.rs
new file mode 100644
index 0000000000..be7993be02
--- /dev/null
+++ b/tip-distributor/src/bin/stake-meta-generator.rs
@@ -0,0 +1,67 @@
+//! This binary is responsible for generating a JSON file that contains meta-data about stake
+//! & delegations given a ledger snapshot directory. The JSON file is structured as an array
+//! of [StakeMeta] objects.
+
+use {
+    clap::Parser,
+    log::*,
+    solana_sdk::{clock::Slot, pubkey::Pubkey},
+    solana_tip_distributor::{self, stake_meta_generator_workflow::generate_stake_meta},
+    std::{
+        fs::{self},
+        path::PathBuf,
+        process::exit,
+    },
+};
+
+#[derive(Parser, Debug)]
+#[command(author, version, about, long_about = None)]
+struct Args {
+    /// Ledger path, where you created the snapshot.
+    #[arg(long, env, value_parser = Args::ledger_path_parser)]
+    ledger_path: PathBuf,
+
+    /// The tip-distribution program id.
+    #[arg(long, env)]
+    tip_distribution_program_id: Pubkey,
+
+    /// The tip-payment program id.
+    #[arg(long, env)]
+    tip_payment_program_id: Pubkey,
+
+    /// Path to JSON file populated with the [StakeMetaCollection] object.
+    #[arg(long, env)]
+    out_path: String,
+
+    /// The expected snapshot slot.
+    #[arg(long, env)]
+    snapshot_slot: Slot,
+}
+
+impl Args {
+    fn ledger_path_parser(ledger_path: &str) -> Result<PathBuf, &'static str> {
+        Ok(fs::canonicalize(ledger_path).unwrap_or_else(|err| {
+            error!("Unable to access ledger path '{}': {}", ledger_path, err);
+            exit(1);
+        }))
+    }
+}
+
+fn main() {
+    env_logger::init();
+    info!("Starting stake-meta-generator...");
+
+    let args: Args = Args::parse();
+
+    if let Err(e) = generate_stake_meta(
+        &args.ledger_path,
+        &args.snapshot_slot,
+        &args.tip_distribution_program_id,
+        &args.out_path,
+        &args.tip_payment_program_id,
+    ) {
+        error!("error producing stake-meta: {:?}", e);
+    } else {
+        info!("produced stake meta");
+    }
+}
diff --git a/tip-distributor/src/claim_mev_workflow.rs b/tip-distributor/src/claim_mev_workflow.rs
new file mode 100644
index 0000000000..62b0b6fb02
--- /dev/null
+++ b/tip-distributor/src/claim_mev_workflow.rs
@@ -0,0 +1,398 @@
+use {
+    crate::{send_until_blockhash_expires, GeneratedMerkleTreeCollection},
+    anchor_lang::{AccountDeserialize, InstructionData, ToAccountMetas},
+    itertools::Itertools,
+    jito_tip_distribution::state::{ClaimStatus, Config, TipDistributionAccount},
+    log::{error, info, warn},
+    rand::{prelude::SliceRandom, thread_rng},
+    solana_client::nonblocking::rpc_client::RpcClient,
+    solana_metrics::datapoint_info,
+    solana_program::{
+        fee_calculator::DEFAULT_TARGET_LAMPORTS_PER_SIGNATURE, native_token::LAMPORTS_PER_SOL,
+        system_program,
+    },
+    solana_rpc_client_api::config::RpcSimulateTransactionConfig,
+    solana_sdk::{
+        account::Account,
+        commitment_config::CommitmentConfig,
+        compute_budget::ComputeBudgetInstruction,
+        instruction::Instruction,
+        pubkey::Pubkey,
+        signature::{Keypair, Signer},
+        transaction::Transaction,
+    },
+    std::{
+        collections::HashMap,
+        sync::Arc,
+        time::{Duration, Instant},
+    },
+    thiserror::Error,
+};
+
+#[derive(Error, Debug)]
+pub enum ClaimMevError {
+    #[error(transparent)]
+    IoError(#[from] std::io::Error),
+
+    #[error(transparent)]
+    JsonError(#[from] serde_json::Error),
+
+    #[error(transparent)]
+    AnchorError(anchor_lang::error::Error),
+
+    #[error(transparent)]
+    RpcError(#[from] solana_rpc_client_api::client_error::Error),
+
+    #[error("Expected to have at least {desired_balance} lamports in {payer:?}. Current balance is {start_balance} lamports. Deposit {sol_to_deposit} SOL to continue.")]
+    InsufficientBalance {
+        desired_balance: u64,
+        payer: Pubkey,
+        start_balance: u64,
+        sol_to_deposit: u64,
+    },
+
+    #[error("Not finished with job, transactions left {transactions_left}")]
+    NotFinished { transactions_left: usize },
+
+    #[error("UncaughtError {e:?}")]
+    UncaughtError { e: String },
+}
+
+pub async fn get_claim_transactions_for_valid_unclaimed(
+    rpc_client: &RpcClient,
+    merkle_trees: &GeneratedMerkleTreeCollection,
+    tip_distribution_program_id: Pubkey,
+    micro_lamports: u64,
+    payer_pubkey: Pubkey,
+) -> Result<Vec<Transaction>, ClaimMevError> {
+    let tree_nodes = merkle_trees
+        .generated_merkle_trees
+        .iter()
+        .flat_map(|tree| &tree.tree_nodes)
+        .collect_vec();
+
+    info!(
+        "reading tip distribution related accounts for epoch {}",
+        merkle_trees.epoch
+    );
+
+    let start = Instant::now();
+
+    let tda_pubkeys = merkle_trees
+        .generated_merkle_trees
+        .iter()
+        .map(|tree| tree.tip_distribution_account)
+        .collect_vec();
+    let tdas: HashMap<Pubkey, Account> = crate::get_batched_accounts(rpc_client, &tda_pubkeys)
+        .await?
+        .into_iter()
+        .filter_map(|(pubkey, a)| Some((pubkey, a?)))
+        .collect();
+
+    let claimant_pubkeys = tree_nodes
+        .iter()
+        .map(|tree_node| tree_node.claimant)
+        .collect_vec();
+    let claimants: HashMap<Pubkey, Account> =
+        crate::get_batched_accounts(rpc_client, &claimant_pubkeys)
+            .await?
+            .into_iter()
+            .filter_map(|(pubkey, a)| Some((pubkey, a?)))
+            .collect();
+
+    let claim_status_pubkeys = tree_nodes
+        .iter()
+        .map(|tree_node| tree_node.claim_status_pubkey)
+        .collect_vec();
+    let claim_statuses: HashMap<Pubkey, Account> =
+        crate::get_batched_accounts(rpc_client, &claim_status_pubkeys)
+            .await?
+            .into_iter()
+            .filter_map(|(pubkey, a)| Some((pubkey, a?)))
+            .collect();
+
+    let elapsed_us = start.elapsed().as_micros();
+
+    // can be helpful for determining mismatch in state between requested and read
+    datapoint_info!(
+        "claim_mev-get_claim_transactions_account_data",
+        ("elapsed_us", elapsed_us, i64),
+        ("tdas", tda_pubkeys.len(), i64),
+        ("tdas_onchain", tdas.len(), i64),
+        ("claimants", claimant_pubkeys.len(), i64),
+        ("claimants_onchain", claimants.len(), i64),
+        ("claim_statuses", claim_status_pubkeys.len(), i64),
+        ("claim_statuses_onchain", claim_statuses.len(), i64),
+    );
+
+    let transactions = build_mev_claim_transactions(
+        tip_distribution_program_id,
+        merkle_trees,
+        tdas,
+        claimants,
+        claim_statuses,
+        micro_lamports,
+        payer_pubkey,
+    );
+
+    Ok(transactions)
+}
+
+pub async fn claim_mev_tips(
+    merkle_trees: &GeneratedMerkleTreeCollection,
+    rpc_url: String,
+    tip_distribution_program_id: Pubkey,
+    keypair: Arc<Keypair>,
+    max_loop_duration: Duration,
+    micro_lamports: u64,
+) -> Result<(), ClaimMevError> {
+    let rpc_client = RpcClient::new_with_timeout_and_commitment(
+        rpc_url,
+        Duration::from_secs(300),
+        CommitmentConfig::confirmed(),
+    );
+
+    let start = Instant::now();
+    while start.elapsed() <= max_loop_duration {
+        let mut all_claim_transactions = get_claim_transactions_for_valid_unclaimed(
+            &rpc_client,
+            merkle_trees,
+            tip_distribution_program_id,
+            micro_lamports,
+            keypair.pubkey(),
+        )
+        .await?;
+
+        datapoint_info!(
+            "claim_mev_tips-send_summary",
+            ("claim_transactions_left", all_claim_transactions.len(), i64),
+        );
+
+        if all_claim_transactions.is_empty() {
+            return Ok(());
+        }
+
+        all_claim_transactions.shuffle(&mut thread_rng());
+        let transactions: Vec<_> = all_claim_transactions.into_iter().take(10_000).collect();
+
+        // only check balance for the ones we need to currently send since reclaim rent running in parallel
+        if let Some((start_balance, desired_balance, sol_to_deposit)) =
+            is_sufficient_balance(&keypair.pubkey(), &rpc_client, transactions.len() as u64).await
+        {
+            return Err(ClaimMevError::InsufficientBalance {
+                desired_balance,
+                payer: keypair.pubkey(),
+                start_balance,
+                sol_to_deposit,
+            });
+        }
+
+        let blockhash = rpc_client.get_latest_blockhash().await?;
+        let _ = send_until_blockhash_expires(&rpc_client, transactions, blockhash, &keypair).await;
+    }
+
+    let transactions = get_claim_transactions_for_valid_unclaimed(
+        &rpc_client,
+        merkle_trees,
+        tip_distribution_program_id,
+        micro_lamports,
+        keypair.pubkey(),
+    )
+    .await?;
+    if transactions.is_empty() {
+        return Ok(());
+    }
+
+    // if more transactions left, we'll simulate them all to make sure its not an uncaught error
+    let mut is_error = false;
+    let mut error_str = String::new();
+    for tx in &transactions {
+        match rpc_client
+            .simulate_transaction_with_config(
+                tx,
+                RpcSimulateTransactionConfig {
+                    sig_verify: false,
+                    replace_recent_blockhash: true,
+                    commitment: Some(CommitmentConfig::processed()),
+                    ..RpcSimulateTransactionConfig::default()
+                },
+            )
+            .await
+        {
+            Ok(_) => {}
+            Err(e) => {
+                error_str = e.to_string();
+                is_error = true;
+
+                match e.get_transaction_error() {
+                    None => {
+                        break;
+                    }
+                    Some(e) => {
+                        warn!("transaction error. tx: {:?} error: {:?}", tx, e);
+                        break;
+                    }
+                }
+            }
+        }
+    }
+
+    if is_error {
+        Err(ClaimMevError::UncaughtError { e: error_str })
+    } else {
+        Err(ClaimMevError::NotFinished {
+            transactions_left: transactions.len(),
+        })
+    }
+}
+
+/// Returns a list of claim transactions for valid, unclaimed MEV tips
+/// A valid, unclaimed transaction consists of the following:
+/// - there must be lamports to claim for the tip distribution account.
+/// - there must be a merkle root.
+/// - the claimant (typically a stake account) must exist.
+/// - the claimant (typically a stake account) must have a non-zero amount of tips to claim
+/// - the claimant must have enough lamports post-claim to be rent-exempt.
+///   - note: there aren't any rent exempt accounts on solana mainnet anymore.
+/// - it must not have already been claimed.
+fn build_mev_claim_transactions(
+    tip_distribution_program_id: Pubkey,
+    merkle_trees: &GeneratedMerkleTreeCollection,
+    tdas: HashMap<Pubkey, Account>,
+    claimants: HashMap<Pubkey, Account>,
+    claim_status: HashMap<Pubkey, Account>,
+    micro_lamports: u64,
+    payer_pubkey: Pubkey,
+) -> Vec<Transaction> {
+    let tip_distribution_accounts: HashMap<Pubkey, TipDistributionAccount> = tdas
+        .iter()
+        .filter_map(|(pubkey, account)| {
+            Some((
+                *pubkey,
+                TipDistributionAccount::try_deserialize(&mut account.data.as_slice()).ok()?,
+            ))
+        })
+        .collect();
+
+    let claim_statuses: HashMap<Pubkey, ClaimStatus> = claim_status
+        .iter()
+        .filter_map(|(pubkey, account)| {
+            Some((
+                *pubkey,
+                ClaimStatus::try_deserialize(&mut account.data.as_slice()).ok()?,
+            ))
+        })
+        .collect();
+
+    datapoint_info!(
+        "build_mev_claim_transactions",
+        (
+            "tip_distribution_accounts",
+            tip_distribution_accounts.len(),
+            i64
+        ),
+        ("claim_statuses", claim_statuses.len(), i64),
+    );
+
+    let tip_distribution_config =
+        Pubkey::find_program_address(&[Config::SEED], &tip_distribution_program_id).0;
+
+    let mut instructions = Vec::with_capacity(claimants.len());
+    for tree in &merkle_trees.generated_merkle_trees {
+        if tree.max_total_claim == 0 {
+            continue;
+        }
+
+        // if unwrap panics, there's a bug in the merkle tree code because the merkle tree code relies on the state
+        // of the chain to claim.
+        let tip_distribution_account = tip_distribution_accounts
+            .get(&tree.tip_distribution_account)
+            .unwrap();
+
+        // can continue here, as there might be tip distribution accounts this account doesn't upload for
+        if tip_distribution_account.merkle_root.is_none() {
+            continue;
+        }
+
+        for node in &tree.tree_nodes {
+            // doesn't make sense to claim for claimants that don't exist anymore
+            // can't claim for something already claimed
+            // don't need to claim for claimants that get 0 MEV
+            if !claimants.contains_key(&node.claimant)
+                || claim_statuses.contains_key(&node.claim_status_pubkey)
+                || node.amount == 0
+            {
+                continue;
+            }
+
+            instructions.push(Instruction {
+                program_id: tip_distribution_program_id,
+                data: jito_tip_distribution::instruction::Claim {
+                    proof: node.proof.clone().unwrap(),
+                    amount: node.amount,
+                    bump: node.claim_status_bump,
+                }
+                .data(),
+                accounts: jito_tip_distribution::accounts::Claim {
+                    config: tip_distribution_config,
+                    tip_distribution_account: tree.tip_distribution_account,
+                    claimant: node.claimant,
+                    claim_status: node.claim_status_pubkey,
+                    payer: payer_pubkey,
+                    system_program: system_program::id(),
+                }
+                .to_account_metas(None),
+            });
+        }
+    }
+
+    // TODO (LB): see if we can do >1 claim here
+    let transactions: Vec<Transaction> = instructions
+        .into_iter()
+        .map(|claim_ix| {
+            let priority_fee_ix = ComputeBudgetInstruction::set_compute_unit_price(micro_lamports);
+            Transaction::new_with_payer(&[priority_fee_ix, claim_ix], Some(&payer_pubkey))
+        })
+        .collect();
+
+    transactions
+}
+
+/// heuristic to make sure we have enough funds to cover the rent costs if epoch has many validators
+/// If insufficient funds, returns start balance, desired balance, and amount of sol to deposit
+async fn is_sufficient_balance(
+    payer: &Pubkey,
+    rpc_client: &RpcClient,
+    instruction_count: u64,
+) -> Option<(u64, u64, u64)> {
+    let start_balance = rpc_client
+        .get_balance(payer)
+        .await
+        .expect("Failed to get starting balance");
+    // most amounts are for 0 lamports. had 1736 non-zero claims out of 164742
+    let min_rent_per_claim = rpc_client
+        .get_minimum_balance_for_rent_exemption(ClaimStatus::SIZE)
+        .await
+        .expect("Failed to calculate min rent");
+    let desired_balance = instruction_count
+        .checked_mul(
+            min_rent_per_claim
+                .checked_add(DEFAULT_TARGET_LAMPORTS_PER_SIGNATURE)
+                .unwrap(),
+        )
+        .unwrap();
+    if start_balance < desired_balance {
+        let sol_to_deposit = desired_balance
+            .checked_sub(start_balance)
+            .unwrap()
+            .checked_add(LAMPORTS_PER_SOL)
+            .unwrap()
+            .checked_sub(1)
+            .unwrap()
+            .checked_div(LAMPORTS_PER_SOL)
+            .unwrap(); // rounds up to nearest sol
+        Some((start_balance, desired_balance, sol_to_deposit))
+    } else {
+        None
+    }
+}
diff --git a/tip-distributor/src/lib.rs b/tip-distributor/src/lib.rs
new file mode 100644
index 0000000000..8ee6b50f5d
--- /dev/null
+++ b/tip-distributor/src/lib.rs
@@ -0,0 +1,1062 @@
+pub mod claim_mev_workflow;
+pub mod merkle_root_generator_workflow;
+pub mod merkle_root_upload_workflow;
+pub mod reclaim_rent_workflow;
+pub mod stake_meta_generator_workflow;
+
+use {
+    crate::{
+        merkle_root_generator_workflow::MerkleRootGeneratorError,
+        stake_meta_generator_workflow::StakeMetaGeneratorError::CheckedMathError,
+    },
+    anchor_lang::Id,
+    jito_tip_distribution::{
+        program::JitoTipDistribution,
+        state::{ClaimStatus, TipDistributionAccount},
+    },
+    jito_tip_payment::{
+        Config, CONFIG_ACCOUNT_SEED, TIP_ACCOUNT_SEED_0, TIP_ACCOUNT_SEED_1, TIP_ACCOUNT_SEED_2,
+        TIP_ACCOUNT_SEED_3, TIP_ACCOUNT_SEED_4, TIP_ACCOUNT_SEED_5, TIP_ACCOUNT_SEED_6,
+        TIP_ACCOUNT_SEED_7,
+    },
+    log::*,
+    serde::{de::DeserializeOwned, Deserialize, Serialize},
+    solana_client::{
+        nonblocking::rpc_client::RpcClient,
+        rpc_client::{RpcClient as SyncRpcClient, SerializableTransaction},
+    },
+    solana_merkle_tree::MerkleTree,
+    solana_metrics::{datapoint_error, datapoint_warn},
+    solana_program::{
+        instruction::InstructionError,
+        rent::{
+            ACCOUNT_STORAGE_OVERHEAD, DEFAULT_EXEMPTION_THRESHOLD, DEFAULT_LAMPORTS_PER_BYTE_YEAR,
+        },
+    },
+    solana_rpc_client_api::{
+        client_error::{Error, ErrorKind},
+        config::RpcSendTransactionConfig,
+        request::{RpcError, RpcResponseErrorData, MAX_MULTIPLE_ACCOUNTS},
+        response::RpcSimulateTransactionResult,
+    },
+    solana_sdk::{
+        account::{Account, AccountSharedData, ReadableAccount},
+        clock::Slot,
+        commitment_config::{CommitmentConfig, CommitmentLevel},
+        hash::{Hash, Hasher},
+        pubkey::Pubkey,
+        signature::{Keypair, Signature},
+        stake_history::Epoch,
+        transaction::{
+            Transaction,
+            TransactionError::{self},
+        },
+    },
+    solana_transaction_status::TransactionStatus,
+    std::{
+        collections::{HashMap, HashSet},
+        fs::File,
+        io::BufReader,
+        path::PathBuf,
+        sync::Arc,
+        time::{Duration, Instant},
+    },
+    tokio::{sync::Semaphore, time::sleep},
+};
+
+#[derive(Clone, Deserialize, Serialize, Debug)]
+pub struct GeneratedMerkleTreeCollection {
+    pub generated_merkle_trees: Vec<GeneratedMerkleTree>,
+    pub bank_hash: String,
+    pub epoch: Epoch,
+    pub slot: Slot,
+}
+
+#[derive(Clone, Eq, Debug, Hash, PartialEq, Deserialize, Serialize)]
+pub struct GeneratedMerkleTree {
+    #[serde(with = "pubkey_string_conversion")]
+    pub tip_distribution_account: Pubkey,
+    #[serde(with = "pubkey_string_conversion")]
+    pub merkle_root_upload_authority: Pubkey,
+    pub merkle_root: Hash,
+    pub tree_nodes: Vec<TreeNode>,
+    pub max_total_claim: u64,
+    pub max_num_nodes: u64,
+}
+
+pub struct TipPaymentPubkeys {
+    config_pda: Pubkey,
+    tip_pdas: Vec<Pubkey>,
+}
+
+fn emit_inconsistent_tree_node_amount_dp(
+    tree_nodes: &[TreeNode],
+    tip_distribution_account: &Pubkey,
+    rpc_client: &SyncRpcClient,
+) {
+    let actual_claims: u64 = tree_nodes.iter().map(|t| t.amount).sum();
+    let tda = rpc_client.get_account(tip_distribution_account).unwrap();
+    let min_rent = rpc_client
+        .get_minimum_balance_for_rent_exemption(tda.data.len())
+        .unwrap();
+
+    let expected_claims = tda.lamports.checked_sub(min_rent).unwrap();
+    if actual_claims == expected_claims {
+        return;
+    }
+
+    if actual_claims > expected_claims {
+        datapoint_error!(
+            "tip-distributor",
+            (
+                "actual_claims_exceeded",
+                format!("tip_distribution_account={tip_distribution_account},actual_claims={actual_claims}, expected_claims={expected_claims}"),
+                String
+            ),
+        );
+    } else {
+        datapoint_warn!(
+            "tip-distributor",
+            (
+                "actual_claims_below",
+                format!("tip_distribution_account={tip_distribution_account},actual_claims={actual_claims}, expected_claims={expected_claims}"),
+                String
+            ),
+        );
+    }
+}
+
+impl GeneratedMerkleTreeCollection {
+    pub fn new_from_stake_meta_collection(
+        stake_meta_coll: StakeMetaCollection,
+        maybe_rpc_client: Option<SyncRpcClient>,
+    ) -> Result<GeneratedMerkleTreeCollection, MerkleRootGeneratorError> {
+        let generated_merkle_trees = stake_meta_coll
+            .stake_metas
+            .into_iter()
+            .filter(|stake_meta| stake_meta.maybe_tip_distribution_meta.is_some())
+            .filter_map(|stake_meta| {
+                let mut tree_nodes = match TreeNode::vec_from_stake_meta(&stake_meta) {
+                    Err(e) => return Some(Err(e)),
+                    Ok(maybe_tree_nodes) => maybe_tree_nodes,
+                }?;
+
+                if let Some(rpc_client) = &maybe_rpc_client {
+                    if let Some(tda) = stake_meta.maybe_tip_distribution_meta.as_ref() {
+                        emit_inconsistent_tree_node_amount_dp(
+                            &tree_nodes[..],
+                            &tda.tip_distribution_pubkey,
+                            rpc_client,
+                        );
+                    }
+                }
+
+                let hashed_nodes: Vec<[u8; 32]> =
+                    tree_nodes.iter().map(|n| n.hash().to_bytes()).collect();
+
+                let tip_distribution_meta = stake_meta.maybe_tip_distribution_meta.unwrap();
+
+                let merkle_tree = MerkleTree::new(&hashed_nodes[..], true);
+                let max_num_nodes = tree_nodes.len() as u64;
+
+                for (i, tree_node) in tree_nodes.iter_mut().enumerate() {
+                    tree_node.proof = Some(get_proof(&merkle_tree, i));
+                }
+
+                Some(Ok(GeneratedMerkleTree {
+                    max_num_nodes,
+                    tip_distribution_account: tip_distribution_meta.tip_distribution_pubkey,
+                    merkle_root_upload_authority: tip_distribution_meta
+                        .merkle_root_upload_authority,
+                    merkle_root: *merkle_tree.get_root().unwrap(),
+                    tree_nodes,
+                    max_total_claim: tip_distribution_meta.total_tips,
+                }))
+            })
+            .collect::<Result<Vec<GeneratedMerkleTree>, MerkleRootGeneratorError>>()?;
+
+        Ok(GeneratedMerkleTreeCollection {
+            generated_merkle_trees,
+            bank_hash: stake_meta_coll.bank_hash,
+            epoch: stake_meta_coll.epoch,
+            slot: stake_meta_coll.slot,
+        })
+    }
+}
+
+pub fn get_proof(merkle_tree: &MerkleTree, i: usize) -> Vec<[u8; 32]> {
+    let mut proof = Vec::new();
+    let path = merkle_tree.find_path(i).expect("path to index");
+    for branch in path.get_proof_entries() {
+        if let Some(hash) = branch.get_left_sibling() {
+            proof.push(hash.to_bytes());
+        } else if let Some(hash) = branch.get_right_sibling() {
+            proof.push(hash.to_bytes());
+        } else {
+            panic!("expected some hash at each level of the tree");
+        }
+    }
+    proof
+}
+
+fn derive_tip_payment_pubkeys(program_id: &Pubkey) -> TipPaymentPubkeys {
+    let config_pda = Pubkey::find_program_address(&[CONFIG_ACCOUNT_SEED], program_id).0;
+    let tip_pda_0 = Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_0], program_id).0;
+    let tip_pda_1 = Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_1], program_id).0;
+    let tip_pda_2 = Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_2], program_id).0;
+    let tip_pda_3 = Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_3], program_id).0;
+    let tip_pda_4 = Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_4], program_id).0;
+    let tip_pda_5 = Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_5], program_id).0;
+    let tip_pda_6 = Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_6], program_id).0;
+    let tip_pda_7 = Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_7], program_id).0;
+
+    TipPaymentPubkeys {
+        config_pda,
+        tip_pdas: vec![
+            tip_pda_0, tip_pda_1, tip_pda_2, tip_pda_3, tip_pda_4, tip_pda_5, tip_pda_6, tip_pda_7,
+        ],
+    }
+}
+
+#[derive(Clone, Eq, Debug, Hash, PartialEq, Deserialize, Serialize)]
+pub struct TreeNode {
+    /// The stake account entitled to redeem.
+    #[serde(with = "pubkey_string_conversion")]
+    pub claimant: Pubkey,
+
+    /// Pubkey of the ClaimStatus PDA account, this account should be closed to reclaim rent.
+    #[serde(with = "pubkey_string_conversion")]
+    pub claim_status_pubkey: Pubkey,
+
+    /// Bump of the ClaimStatus PDA account
+    pub claim_status_bump: u8,
+
+    #[serde(with = "pubkey_string_conversion")]
+    pub staker_pubkey: Pubkey,
+
+    #[serde(with = "pubkey_string_conversion")]
+    pub withdrawer_pubkey: Pubkey,
+
+    /// The amount this account is entitled to.
+    pub amount: u64,
+
+    /// The proof associated with this TreeNode
+    pub proof: Option<Vec<[u8; 32]>>,
+}
+
+impl TreeNode {
+    fn vec_from_stake_meta(
+        stake_meta: &StakeMeta,
+    ) -> Result<Option<Vec<TreeNode>>, MerkleRootGeneratorError> {
+        if let Some(tip_distribution_meta) = stake_meta.maybe_tip_distribution_meta.as_ref() {
+            let validator_amount = (tip_distribution_meta.total_tips as u128)
+                .checked_mul(tip_distribution_meta.validator_fee_bps as u128)
+                .unwrap()
+                .checked_div(10_000)
+                .unwrap() as u64;
+            let (claim_status_pubkey, claim_status_bump) = Pubkey::find_program_address(
+                &[
+                    ClaimStatus::SEED,
+                    &stake_meta.validator_vote_account.to_bytes(),
+                    &tip_distribution_meta.tip_distribution_pubkey.to_bytes(),
+                ],
+                &JitoTipDistribution::id(),
+            );
+            let mut tree_nodes = vec![TreeNode {
+                claimant: stake_meta.validator_vote_account,
+                claim_status_pubkey,
+                claim_status_bump,
+                staker_pubkey: Pubkey::default(),
+                withdrawer_pubkey: Pubkey::default(),
+                amount: validator_amount,
+                proof: None,
+            }];
+
+            let remaining_total_rewards = tip_distribution_meta
+                .total_tips
+                .checked_sub(validator_amount)
+                .unwrap() as u128;
+
+            let total_delegated = stake_meta.total_delegated as u128;
+            tree_nodes.extend(
+                stake_meta
+                    .delegations
+                    .iter()
+                    .map(|delegation| {
+                        let amount_delegated = delegation.lamports_delegated as u128;
+                        let reward_amount = (amount_delegated.checked_mul(remaining_total_rewards))
+                            .unwrap()
+                            .checked_div(total_delegated)
+                            .unwrap();
+                        let (claim_status_pubkey, claim_status_bump) = Pubkey::find_program_address(
+                            &[
+                                ClaimStatus::SEED,
+                                &delegation.stake_account_pubkey.to_bytes(),
+                                &tip_distribution_meta.tip_distribution_pubkey.to_bytes(),
+                            ],
+                            &JitoTipDistribution::id(),
+                        );
+                        Ok(TreeNode {
+                            claimant: delegation.stake_account_pubkey,
+                            claim_status_pubkey,
+                            claim_status_bump,
+                            staker_pubkey: delegation.staker_pubkey,
+                            withdrawer_pubkey: delegation.withdrawer_pubkey,
+                            amount: reward_amount as u64,
+                            proof: None,
+                        })
+                    })
+                    .collect::<Result<Vec<TreeNode>, MerkleRootGeneratorError>>()?,
+            );
+
+            Ok(Some(tree_nodes))
+        } else {
+            Ok(None)
+        }
+    }
+
+    fn hash(&self) -> Hash {
+        let mut hasher = Hasher::default();
+        hasher.hash(self.claimant.as_ref());
+        hasher.hash(self.amount.to_le_bytes().as_ref());
+        hasher.result()
+    }
+}
+
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub struct StakeMetaCollection {
+    /// List of [StakeMeta].
+    pub stake_metas: Vec<StakeMeta>,
+
+    /// base58 encoded tip-distribution program id.
+    #[serde(with = "pubkey_string_conversion")]
+    pub tip_distribution_program_id: Pubkey,
+
+    /// Base58 encoded bank hash this object was generated at.
+    pub bank_hash: String,
+
+    /// Epoch for which this object was generated for.
+    pub epoch: Epoch,
+
+    /// Slot at which this object was generated.
+    pub slot: Slot,
+}
+
+#[derive(Clone, Deserialize, Serialize, Debug, PartialEq, Eq)]
+pub struct StakeMeta {
+    #[serde(with = "pubkey_string_conversion")]
+    pub validator_vote_account: Pubkey,
+
+    #[serde(with = "pubkey_string_conversion")]
+    pub validator_node_pubkey: Pubkey,
+
+    /// The validator's tip-distribution meta if it exists.
+    pub maybe_tip_distribution_meta: Option<TipDistributionMeta>,
+
+    /// Delegations to this validator.
+    pub delegations: Vec<Delegation>,
+
+    /// The total amount of delegations to the validator.
+    pub total_delegated: u64,
+
+    /// The validator's delegation commission rate as a percentage between 0-100.
+    pub commission: u8,
+}
+
+impl Ord for StakeMeta {
+    fn cmp(&self, other: &Self) -> std::cmp::Ordering {
+        self.validator_vote_account
+            .cmp(&other.validator_vote_account)
+    }
+}
+
+impl PartialOrd<Self> for StakeMeta {
+    fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
+        Some(self.cmp(other))
+    }
+}
+
+#[derive(Clone, Deserialize, Serialize, Debug, PartialEq, Eq)]
+pub struct TipDistributionMeta {
+    #[serde(with = "pubkey_string_conversion")]
+    pub merkle_root_upload_authority: Pubkey,
+
+    #[serde(with = "pubkey_string_conversion")]
+    pub tip_distribution_pubkey: Pubkey,
+
+    /// The validator's total tips in the [TipDistributionAccount].
+    pub total_tips: u64,
+
+    /// The validator's cut of tips from [TipDistributionAccount], calculated from the on-chain
+    /// commission fee bps.
+    pub validator_fee_bps: u16,
+}
+
+impl TipDistributionMeta {
+    fn from_tda_wrapper(
+        tda_wrapper: TipDistributionAccountWrapper,
+        // The amount that will be left remaining in the tda to maintain rent exemption status.
+        rent_exempt_amount: u64,
+    ) -> Result<Self, stake_meta_generator_workflow::StakeMetaGeneratorError> {
+        Ok(TipDistributionMeta {
+            tip_distribution_pubkey: tda_wrapper.tip_distribution_pubkey,
+            total_tips: tda_wrapper
+                .account_data
+                .lamports()
+                .checked_sub(rent_exempt_amount)
+                .ok_or(CheckedMathError)?,
+            validator_fee_bps: tda_wrapper
+                .tip_distribution_account
+                .validator_commission_bps,
+            merkle_root_upload_authority: tda_wrapper
+                .tip_distribution_account
+                .merkle_root_upload_authority,
+        })
+    }
+}
+
+#[derive(Clone, Deserialize, Serialize, Debug, PartialEq, Eq)]
+pub struct Delegation {
+    #[serde(with = "pubkey_string_conversion")]
+    pub stake_account_pubkey: Pubkey,
+
+    #[serde(with = "pubkey_string_conversion")]
+    pub staker_pubkey: Pubkey,
+
+    #[serde(with = "pubkey_string_conversion")]
+    pub withdrawer_pubkey: Pubkey,
+
+    /// Lamports delegated by the stake account
+    pub lamports_delegated: u64,
+}
+
+impl Ord for Delegation {
+    fn cmp(&self, other: &Self) -> std::cmp::Ordering {
+        (
+            self.stake_account_pubkey,
+            self.withdrawer_pubkey,
+            self.staker_pubkey,
+            self.lamports_delegated,
+        )
+            .cmp(&(
+                other.stake_account_pubkey,
+                other.withdrawer_pubkey,
+                other.staker_pubkey,
+                other.lamports_delegated,
+            ))
+    }
+}
+
+impl PartialOrd<Self> for Delegation {
+    fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
+        Some(self.cmp(other))
+    }
+}
+
+/// Convenience wrapper around [TipDistributionAccount]
+pub struct TipDistributionAccountWrapper {
+    pub tip_distribution_account: TipDistributionAccount,
+    pub account_data: AccountSharedData,
+    pub tip_distribution_pubkey: Pubkey,
+}
+
+// TODO: move to program's sdk
+pub fn derive_tip_distribution_account_address(
+    tip_distribution_program_id: &Pubkey,
+    vote_pubkey: &Pubkey,
+    epoch: Epoch,
+) -> (Pubkey, u8) {
+    Pubkey::find_program_address(
+        &[
+            TipDistributionAccount::SEED,
+            vote_pubkey.to_bytes().as_ref(),
+            epoch.to_le_bytes().as_ref(),
+        ],
+        tip_distribution_program_id,
+    )
+}
+
+pub const MAX_RETRIES: usize = 5;
+pub const FAIL_DELAY: Duration = Duration::from_millis(100);
+
+pub async fn sign_and_send_transactions_with_retries(
+    signer: &Keypair,
+    rpc_client: &RpcClient,
+    max_concurrent_rpc_get_reqs: usize,
+    transactions: Vec<Transaction>,
+    txn_send_batch_size: usize,
+    max_loop_duration: Duration,
+) -> (Vec<Transaction>, HashMap<Signature, Error>) {
+    let semaphore = Arc::new(Semaphore::new(max_concurrent_rpc_get_reqs));
+    let mut errors = HashMap::default();
+    let mut blockhash = rpc_client
+        .get_latest_blockhash()
+        .await
+        .expect("fetch latest blockhash");
+    // track unsigned txns
+    let mut transactions_to_process = transactions
+        .into_iter()
+        .map(|txn| (txn.message_data(), txn))
+        .collect::<HashMap<Vec<u8>, Transaction>>();
+
+    let start = Instant::now();
+    while start.elapsed() < max_loop_duration && !transactions_to_process.is_empty() {
+        // ensure we always have a recent blockhash
+        // blockhashes last max 150 blocks
+        // finalized commitment is ~32 slots behind tip
+        // assuming 0% skip rate (every slot has a block), we’d have roughly 120 slots
+        // or (120*0.4s) = 48s to land a tx before it expires
+        // if we’re refreshing every 30s, then any txs sent immediately before the refresh would likely expire
+        if start.elapsed() > Duration::from_secs(1) {
+            blockhash = rpc_client
+                .get_latest_blockhash()
+                .await
+                .expect("fetch latest blockhash");
+        }
+        info!(
+            "Sending {txn_send_batch_size} of {} transactions to claim mev tips",
+            transactions_to_process.len()
+        );
+        let send_futs = transactions_to_process
+            .iter()
+            .take(txn_send_batch_size)
+            .map(|(hash, txn)| {
+                let semaphore = semaphore.clone();
+                async move {
+                    let _permit = semaphore.acquire_owned().await.unwrap(); // wait until our turn
+                    let (txn, res) = signed_send(signer, rpc_client, blockhash, txn.clone()).await;
+                    (hash.clone(), txn, res)
+                }
+            });
+
+        let send_res = futures::future::join_all(send_futs).await;
+        let new_errors = send_res
+            .into_iter()
+            .filter_map(|(hash, txn, result)| match result {
+                Err(e) => Some((txn.signatures[0], e)),
+                Ok(..) => {
+                    let _ = transactions_to_process.remove(&hash);
+                    None
+                }
+            })
+            .collect::<HashMap<_, _>>();
+
+        errors.extend(new_errors);
+    }
+
+    (transactions_to_process.values().cloned().collect(), errors)
+}
+
+pub async fn send_until_blockhash_expires(
+    rpc_client: &RpcClient,
+    transactions: Vec<Transaction>,
+    blockhash: Hash,
+    keypair: &Arc<Keypair>,
+) -> solana_rpc_client_api::client_error::Result<()> {
+    let mut claim_transactions: HashMap<Signature, Transaction> = transactions
+        .into_iter()
+        .map(|mut tx| {
+            tx.sign(&[&keypair], blockhash);
+            (*tx.get_signature(), tx)
+        })
+        .collect();
+
+    let txs_requesting_send = claim_transactions.len();
+
+    while rpc_client
+        .is_blockhash_valid(&blockhash, CommitmentConfig::processed())
+        .await?
+    {
+        let mut check_signatures = HashSet::with_capacity(claim_transactions.len());
+        let mut already_processed = HashSet::with_capacity(claim_transactions.len());
+        let mut is_blockhash_not_found = false;
+
+        for (signature, tx) in &claim_transactions {
+            match rpc_client
+                .send_transaction_with_config(
+                    tx,
+                    RpcSendTransactionConfig {
+                        skip_preflight: false,
+                        preflight_commitment: Some(CommitmentLevel::Confirmed),
+                        max_retries: Some(2),
+                        ..RpcSendTransactionConfig::default()
+                    },
+                )
+                .await
+            {
+                Ok(_) => {
+                    check_signatures.insert(*signature);
+                }
+                Err(e) => match e.get_transaction_error() {
+                    Some(TransactionError::BlockhashNotFound) => {
+                        is_blockhash_not_found = true;
+                        break;
+                    }
+                    Some(TransactionError::AlreadyProcessed) => {
+                        already_processed.insert(*tx.get_signature());
+                    }
+                    Some(e) => {
+                        warn!(
+                            "TransactionError sending signature: {} error: {:?} tx: {:?}",
+                            tx.get_signature(),
+                            e,
+                            tx
+                        );
+                    }
+                    None => {
+                        warn!(
+                            "Unknown error sending transaction signature: {} error: {:?}",
+                            tx.get_signature(),
+                            e
+                        );
+                    }
+                },
+            }
+        }
+
+        sleep(Duration::from_secs(10)).await;
+
+        let signatures: Vec<Signature> = check_signatures.iter().cloned().collect();
+        let statuses = get_batched_signatures_statuses(rpc_client, &signatures).await?;
+
+        for (signature, maybe_status) in &statuses {
+            if let Some(_status) = maybe_status {
+                claim_transactions.remove(signature);
+                check_signatures.remove(signature);
+            }
+        }
+
+        for signature in already_processed {
+            claim_transactions.remove(&signature);
+        }
+
+        if claim_transactions.is_empty() || is_blockhash_not_found {
+            break;
+        }
+    }
+
+    let num_landed = txs_requesting_send
+        .checked_sub(claim_transactions.len())
+        .unwrap();
+    info!("num_landed: {:?}", num_landed);
+
+    Ok(())
+}
+
+pub async fn get_batched_signatures_statuses(
+    rpc_client: &RpcClient,
+    signatures: &[Signature],
+) -> solana_rpc_client_api::client_error::Result<Vec<(Signature, Option<TransactionStatus>)>> {
+    let mut signature_statuses = Vec::new();
+
+    for signatures_batch in signatures.chunks(100) {
+        // was using get_signature_statuses_with_history, but it blocks if the signatures don't exist
+        // bigtable calls to read signatures that don't exist block forever w/o --rpc-bigtable-timeout argument set
+        // get_signature_statuses looks in status_cache, which only has a 150 block history
+        // may have false negative, but for this workflow it doesn't matter
+        let statuses = rpc_client.get_signature_statuses(signatures_batch).await?;
+        signature_statuses.extend(signatures_batch.iter().cloned().zip(statuses.value));
+    }
+    Ok(signature_statuses)
+}
+
+/// Just in time sign and send transaction to RPC
+async fn signed_send(
+    signer: &Keypair,
+    rpc_client: &RpcClient,
+    blockhash: Hash,
+    mut txn: Transaction,
+) -> (Transaction, solana_rpc_client_api::client_error::Result<()>) {
+    txn.sign(&[signer], blockhash); // just in time signing
+    let res = match rpc_client.send_and_confirm_transaction(&txn).await {
+        Ok(_) => Ok(()),
+        Err(e) => {
+            match e.kind {
+                // Already claimed, skip.
+                ErrorKind::TransactionError(TransactionError::AlreadyProcessed)
+                | ErrorKind::TransactionError(TransactionError::InstructionError(
+                    0,
+                    InstructionError::Custom(0),
+                ))
+                | ErrorKind::RpcError(RpcError::RpcResponseError {
+                    data:
+                        RpcResponseErrorData::SendTransactionPreflightFailure(
+                            RpcSimulateTransactionResult {
+                                err:
+                                    Some(TransactionError::InstructionError(
+                                        0,
+                                        InstructionError::Custom(0),
+                                    )),
+                                ..
+                            },
+                        ),
+                    ..
+                }) => Ok(()),
+
+                // transaction got held up too long and blockhash expired. retry txn
+                ErrorKind::TransactionError(TransactionError::BlockhashNotFound) => Err(e),
+
+                // unexpected error, warn and retry
+                _ => {
+                    error!(
+                        "Error sending transaction. Signature: {}, Error: {e:?}",
+                        txn.signatures[0]
+                    );
+                    Err(e)
+                }
+            }
+        }
+    };
+
+    (txn, res)
+}
+
+async fn get_batched_accounts(
+    rpc_client: &RpcClient,
+    pubkeys: &[Pubkey],
+) -> solana_rpc_client_api::client_error::Result<HashMap<Pubkey, Option<Account>>> {
+    let mut batched_accounts = HashMap::new();
+
+    for pubkeys_chunk in pubkeys.chunks(MAX_MULTIPLE_ACCOUNTS) {
+        let accounts = rpc_client.get_multiple_accounts(pubkeys_chunk).await?;
+        batched_accounts.extend(pubkeys_chunk.iter().cloned().zip(accounts));
+    }
+    Ok(batched_accounts)
+}
+
+/// Calculates the minimum balance needed to be rent-exempt
+/// taken from: https://github.com/jito-foundation/jito-solana/blob/d1ba42180d0093dd59480a77132477323a8e3f88/sdk/program/src/rent.rs#L78
+pub fn minimum_balance(data_len: usize) -> u64 {
+    ((((ACCOUNT_STORAGE_OVERHEAD
+        .checked_add(data_len as u64)
+        .unwrap())
+    .checked_mul(DEFAULT_LAMPORTS_PER_BYTE_YEAR))
+    .unwrap() as f64)
+        * DEFAULT_EXEMPTION_THRESHOLD) as u64
+}
+
+mod pubkey_string_conversion {
+    use {
+        serde::{self, Deserialize, Deserializer, Serializer},
+        solana_sdk::pubkey::Pubkey,
+        std::str::FromStr,
+    };
+
+    pub(crate) fn serialize<S>(pubkey: &Pubkey, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: Serializer,
+    {
+        serializer.serialize_str(&pubkey.to_string())
+    }
+
+    pub(crate) fn deserialize<'de, D>(deserializer: D) -> Result<Pubkey, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        let s = String::deserialize(deserializer)?;
+        Pubkey::from_str(&s).map_err(serde::de::Error::custom)
+    }
+}
+
+pub fn read_json_from_file<T>(path: &PathBuf) -> serde_json::Result<T>
+where
+    T: DeserializeOwned,
+{
+    let file = File::open(path).unwrap();
+    let reader = BufReader::new(file);
+    serde_json::from_reader(reader)
+}
+
+#[cfg(test)]
+mod tests {
+    use {super::*, jito_tip_distribution::merkle_proof};
+
+    #[test]
+    fn test_merkle_tree_verify() {
+        // Create the merkle tree and proofs
+        let tda = Pubkey::new_unique();
+        let (acct_0, acct_1) = (Pubkey::new_unique(), Pubkey::new_unique());
+        let claim_statuses = &[(acct_0, tda), (acct_1, tda)]
+            .iter()
+            .map(|(claimant, tda)| {
+                Pubkey::find_program_address(
+                    &[ClaimStatus::SEED, &claimant.to_bytes(), &tda.to_bytes()],
+                    &JitoTipDistribution::id(),
+                )
+            })
+            .collect::<Vec<(Pubkey, u8)>>();
+        let tree_nodes = vec![
+            TreeNode {
+                claimant: acct_0,
+                claim_status_pubkey: claim_statuses[0].0,
+                claim_status_bump: claim_statuses[0].1,
+                staker_pubkey: Pubkey::default(),
+                withdrawer_pubkey: Pubkey::default(),
+                amount: 151_507,
+                proof: None,
+            },
+            TreeNode {
+                claimant: acct_1,
+                claim_status_pubkey: claim_statuses[1].0,
+                claim_status_bump: claim_statuses[1].1,
+                staker_pubkey: Pubkey::default(),
+                withdrawer_pubkey: Pubkey::default(),
+                amount: 176_624,
+                proof: None,
+            },
+        ];
+
+        // First the nodes are hashed and merkle tree constructed
+        let hashed_nodes: Vec<[u8; 32]> = tree_nodes.iter().map(|n| n.hash().to_bytes()).collect();
+        let mk = MerkleTree::new(&hashed_nodes[..], true);
+        let root = mk.get_root().expect("to have valid root").to_bytes();
+
+        // verify first node
+        let node = solana_program::hash::hashv(&[&[0u8], &hashed_nodes[0]]);
+        let proof = get_proof(&mk, 0);
+        assert!(merkle_proof::verify(proof, root, node.to_bytes()));
+
+        // verify second node
+        let node = solana_program::hash::hashv(&[&[0u8], &hashed_nodes[1]]);
+        let proof = get_proof(&mk, 1);
+        assert!(merkle_proof::verify(proof, root, node.to_bytes()));
+    }
+
+    #[test]
+    fn test_new_from_stake_meta_collection_happy_path() {
+        let merkle_root_upload_authority = Pubkey::new_unique();
+
+        let (tda_0, tda_1) = (Pubkey::new_unique(), Pubkey::new_unique());
+
+        let stake_account_0 = Pubkey::new_unique();
+        let stake_account_1 = Pubkey::new_unique();
+        let stake_account_2 = Pubkey::new_unique();
+        let stake_account_3 = Pubkey::new_unique();
+
+        let staker_account_0 = Pubkey::new_unique();
+        let staker_account_1 = Pubkey::new_unique();
+        let staker_account_2 = Pubkey::new_unique();
+        let staker_account_3 = Pubkey::new_unique();
+
+        let validator_vote_account_0 = Pubkey::new_unique();
+        let validator_vote_account_1 = Pubkey::new_unique();
+
+        let validator_id_0 = Pubkey::new_unique();
+        let validator_id_1 = Pubkey::new_unique();
+
+        let stake_meta_collection = StakeMetaCollection {
+            stake_metas: vec![
+                StakeMeta {
+                    validator_vote_account: validator_vote_account_0,
+                    validator_node_pubkey: validator_id_0,
+                    maybe_tip_distribution_meta: Some(TipDistributionMeta {
+                        merkle_root_upload_authority,
+                        tip_distribution_pubkey: tda_0,
+                        total_tips: 1_900_122_111_000,
+                        validator_fee_bps: 100,
+                    }),
+                    delegations: vec![
+                        Delegation {
+                            stake_account_pubkey: stake_account_0,
+                            staker_pubkey: staker_account_0,
+                            withdrawer_pubkey: staker_account_0,
+                            lamports_delegated: 123_999_123_555,
+                        },
+                        Delegation {
+                            stake_account_pubkey: stake_account_1,
+                            staker_pubkey: staker_account_1,
+                            withdrawer_pubkey: staker_account_1,
+                            lamports_delegated: 144_555_444_556,
+                        },
+                    ],
+                    total_delegated: 1_555_123_000_333_454_000,
+                    commission: 100,
+                },
+                StakeMeta {
+                    validator_vote_account: validator_vote_account_1,
+                    validator_node_pubkey: validator_id_1,
+                    maybe_tip_distribution_meta: Some(TipDistributionMeta {
+                        merkle_root_upload_authority,
+                        tip_distribution_pubkey: tda_1,
+                        total_tips: 1_900_122_111_333,
+                        validator_fee_bps: 200,
+                    }),
+                    delegations: vec![
+                        Delegation {
+                            stake_account_pubkey: stake_account_2,
+                            staker_pubkey: staker_account_2,
+                            withdrawer_pubkey: staker_account_2,
+                            lamports_delegated: 224_555_444,
+                        },
+                        Delegation {
+                            stake_account_pubkey: stake_account_3,
+                            staker_pubkey: staker_account_3,
+                            withdrawer_pubkey: staker_account_3,
+                            lamports_delegated: 700_888_944_555,
+                        },
+                    ],
+                    total_delegated: 2_565_318_909_444_123,
+                    commission: 10,
+                },
+            ],
+            tip_distribution_program_id: Pubkey::new_unique(),
+            bank_hash: Hash::new_unique().to_string(),
+            epoch: 100,
+            slot: 2_000_000,
+        };
+
+        let merkle_tree_collection = GeneratedMerkleTreeCollection::new_from_stake_meta_collection(
+            stake_meta_collection.clone(),
+            None,
+        )
+        .unwrap();
+
+        assert_eq!(stake_meta_collection.epoch, merkle_tree_collection.epoch);
+        assert_eq!(
+            stake_meta_collection.bank_hash,
+            merkle_tree_collection.bank_hash
+        );
+        assert_eq!(stake_meta_collection.slot, merkle_tree_collection.slot);
+        assert_eq!(
+            stake_meta_collection.stake_metas.len(),
+            merkle_tree_collection.generated_merkle_trees.len()
+        );
+        let claim_statuses = &[
+            (validator_vote_account_0, tda_0),
+            (stake_account_0, tda_0),
+            (stake_account_1, tda_0),
+            (validator_vote_account_1, tda_1),
+            (stake_account_2, tda_1),
+            (stake_account_3, tda_1),
+        ]
+        .iter()
+        .map(|(claimant, tda)| {
+            Pubkey::find_program_address(
+                &[ClaimStatus::SEED, &claimant.to_bytes(), &tda.to_bytes()],
+                &JitoTipDistribution::id(),
+            )
+        })
+        .collect::<Vec<(Pubkey, u8)>>();
+        let tree_nodes = vec![
+            TreeNode {
+                claimant: validator_vote_account_0,
+                claim_status_pubkey: claim_statuses[0].0,
+                claim_status_bump: claim_statuses[0].1,
+                staker_pubkey: Pubkey::default(),
+                withdrawer_pubkey: Pubkey::default(),
+                amount: 19_001_221_110,
+                proof: None,
+            },
+            TreeNode {
+                claimant: stake_account_0,
+                claim_status_pubkey: claim_statuses[1].0,
+                claim_status_bump: claim_statuses[1].1,
+                staker_pubkey: Pubkey::default(),
+                withdrawer_pubkey: Pubkey::default(),
+                amount: 149_992,
+                proof: None,
+            },
+            TreeNode {
+                claimant: stake_account_1,
+                claim_status_pubkey: claim_statuses[2].0,
+                claim_status_bump: claim_statuses[2].1,
+                staker_pubkey: Pubkey::default(),
+                withdrawer_pubkey: Pubkey::default(),
+                amount: 174_858,
+                proof: None,
+            },
+        ];
+        let hashed_nodes: Vec<[u8; 32]> = tree_nodes.iter().map(|n| n.hash().to_bytes()).collect();
+        let merkle_tree = MerkleTree::new(&hashed_nodes[..], true);
+        let gmt_0 = GeneratedMerkleTree {
+            tip_distribution_account: tda_0,
+            merkle_root_upload_authority,
+            merkle_root: *merkle_tree.get_root().unwrap(),
+            tree_nodes,
+            max_total_claim: stake_meta_collection.stake_metas[0]
+                .clone()
+                .maybe_tip_distribution_meta
+                .unwrap()
+                .total_tips,
+            max_num_nodes: 3,
+        };
+
+        let tree_nodes = vec![
+            TreeNode {
+                claimant: validator_vote_account_1,
+                claim_status_pubkey: claim_statuses[3].0,
+                claim_status_bump: claim_statuses[3].1,
+                staker_pubkey: Pubkey::default(),
+                withdrawer_pubkey: Pubkey::default(),
+                amount: 38_002_442_226,
+                proof: None,
+            },
+            TreeNode {
+                claimant: stake_account_2,
+                claim_status_pubkey: claim_statuses[4].0,
+                claim_status_bump: claim_statuses[4].1,
+                staker_pubkey: Pubkey::default(),
+                withdrawer_pubkey: Pubkey::default(),
+                amount: 163_000,
+                proof: None,
+            },
+            TreeNode {
+                claimant: stake_account_3,
+                claim_status_pubkey: claim_statuses[5].0,
+                claim_status_bump: claim_statuses[5].1,
+                staker_pubkey: Pubkey::default(),
+                withdrawer_pubkey: Pubkey::default(),
+                amount: 508_762_900,
+                proof: None,
+            },
+        ];
+        let hashed_nodes: Vec<[u8; 32]> = tree_nodes.iter().map(|n| n.hash().to_bytes()).collect();
+        let merkle_tree = MerkleTree::new(&hashed_nodes[..], true);
+        let gmt_1 = GeneratedMerkleTree {
+            tip_distribution_account: tda_1,
+            merkle_root_upload_authority,
+            merkle_root: *merkle_tree.get_root().unwrap(),
+            tree_nodes,
+            max_total_claim: stake_meta_collection.stake_metas[1]
+                .clone()
+                .maybe_tip_distribution_meta
+                .unwrap()
+                .total_tips,
+            max_num_nodes: 3,
+        };
+
+        let expected_generated_merkle_trees = vec![gmt_0, gmt_1];
+        let actual_generated_merkle_trees = merkle_tree_collection.generated_merkle_trees;
+
+        expected_generated_merkle_trees
+            .iter()
+            .for_each(|expected_gmt| {
+                let actual_gmt = actual_generated_merkle_trees
+                    .iter()
+                    .find(|gmt| {
+                        gmt.tip_distribution_account == expected_gmt.tip_distribution_account
+                    })
+                    .unwrap();
+
+                assert_eq!(expected_gmt.max_num_nodes, actual_gmt.max_num_nodes);
+                assert_eq!(expected_gmt.max_total_claim, actual_gmt.max_total_claim);
+                assert_eq!(
+                    expected_gmt.tip_distribution_account,
+                    actual_gmt.tip_distribution_account
+                );
+                assert_eq!(expected_gmt.tree_nodes.len(), actual_gmt.tree_nodes.len());
+                expected_gmt
+                    .tree_nodes
+                    .iter()
+                    .for_each(|expected_tree_node| {
+                        let actual_tree_node = actual_gmt
+                            .tree_nodes
+                            .iter()
+                            .find(|tree_node| tree_node.claimant == expected_tree_node.claimant)
+                            .unwrap();
+                        assert_eq!(expected_tree_node.amount, actual_tree_node.amount);
+                    });
+                assert_eq!(expected_gmt.merkle_root, actual_gmt.merkle_root);
+            });
+    }
+}
diff --git a/tip-distributor/src/merkle_root_generator_workflow.rs b/tip-distributor/src/merkle_root_generator_workflow.rs
new file mode 100644
index 0000000000..bee3da016b
--- /dev/null
+++ b/tip-distributor/src/merkle_root_generator_workflow.rs
@@ -0,0 +1,54 @@
+use {
+    crate::{read_json_from_file, GeneratedMerkleTreeCollection, StakeMetaCollection},
+    log::*,
+    solana_client::rpc_client::RpcClient,
+    std::{
+        fmt::Debug,
+        fs::File,
+        io::{BufWriter, Write},
+        path::PathBuf,
+    },
+    thiserror::Error,
+};
+
+#[derive(Error, Debug)]
+pub enum MerkleRootGeneratorError {
+    #[error(transparent)]
+    IoError(#[from] std::io::Error),
+
+    #[error(transparent)]
+    RpcError(#[from] Box<solana_client::client_error::ClientError>),
+
+    #[error(transparent)]
+    SerdeJsonError(#[from] serde_json::Error),
+}
+
+pub fn generate_merkle_root(
+    stake_meta_coll_path: &PathBuf,
+    out_path: &PathBuf,
+    rpc_url: &str,
+) -> Result<(), MerkleRootGeneratorError> {
+    let stake_meta_coll: StakeMetaCollection = read_json_from_file(stake_meta_coll_path)?;
+
+    let rpc_client = RpcClient::new(rpc_url);
+    let merkle_tree_coll = GeneratedMerkleTreeCollection::new_from_stake_meta_collection(
+        stake_meta_coll,
+        Some(rpc_client),
+    )?;
+
+    write_to_json_file(&merkle_tree_coll, out_path)?;
+    Ok(())
+}
+
+fn write_to_json_file(
+    merkle_tree_coll: &GeneratedMerkleTreeCollection,
+    file_path: &PathBuf,
+) -> Result<(), MerkleRootGeneratorError> {
+    let file = File::create(file_path)?;
+    let mut writer = BufWriter::new(file);
+    let json = serde_json::to_string_pretty(&merkle_tree_coll).unwrap();
+    writer.write_all(json.as_bytes())?;
+    writer.flush()?;
+
+    Ok(())
+}
diff --git a/tip-distributor/src/merkle_root_upload_workflow.rs b/tip-distributor/src/merkle_root_upload_workflow.rs
new file mode 100644
index 0000000000..e40465581f
--- /dev/null
+++ b/tip-distributor/src/merkle_root_upload_workflow.rs
@@ -0,0 +1,138 @@
+use {
+    crate::{
+        read_json_from_file, sign_and_send_transactions_with_retries, GeneratedMerkleTree,
+        GeneratedMerkleTreeCollection,
+    },
+    anchor_lang::AccountDeserialize,
+    jito_tip_distribution::{
+        sdk::instruction::{upload_merkle_root_ix, UploadMerkleRootAccounts, UploadMerkleRootArgs},
+        state::{Config, TipDistributionAccount},
+    },
+    log::{error, info},
+    solana_client::nonblocking::rpc_client::RpcClient,
+    solana_program::{
+        fee_calculator::DEFAULT_TARGET_LAMPORTS_PER_SIGNATURE, native_token::LAMPORTS_PER_SOL,
+    },
+    solana_sdk::{
+        commitment_config::CommitmentConfig,
+        pubkey::Pubkey,
+        signature::{read_keypair_file, Signer},
+        transaction::Transaction,
+    },
+    std::{path::PathBuf, time::Duration},
+    thiserror::Error,
+    tokio::runtime::Builder,
+};
+
+#[derive(Error, Debug)]
+pub enum MerkleRootUploadError {
+    #[error(transparent)]
+    IoError(#[from] std::io::Error),
+
+    #[error(transparent)]
+    JsonError(#[from] serde_json::Error),
+}
+
+pub fn upload_merkle_root(
+    merkle_root_path: &PathBuf,
+    keypair_path: &PathBuf,
+    rpc_url: &str,
+    tip_distribution_program_id: &Pubkey,
+    max_concurrent_rpc_get_reqs: usize,
+    txn_send_batch_size: usize,
+) -> Result<(), MerkleRootUploadError> {
+    const MAX_RETRY_DURATION: Duration = Duration::from_secs(600);
+
+    let merkle_tree: GeneratedMerkleTreeCollection =
+        read_json_from_file(merkle_root_path).expect("read GeneratedMerkleTreeCollection");
+    let keypair = read_keypair_file(keypair_path).expect("read keypair file");
+
+    let tip_distribution_config =
+        Pubkey::find_program_address(&[Config::SEED], tip_distribution_program_id).0;
+
+    let runtime = Builder::new_multi_thread()
+        .worker_threads(16)
+        .enable_all()
+        .build()
+        .expect("build runtime");
+
+    runtime.block_on(async move {
+        let rpc_client =
+            RpcClient::new_with_commitment(rpc_url.to_string(), CommitmentConfig::confirmed());
+        let trees: Vec<GeneratedMerkleTree> = merkle_tree
+            .generated_merkle_trees
+            .into_iter()
+            .filter(|tree| tree.merkle_root_upload_authority == keypair.pubkey())
+            .collect();
+
+        info!("num trees to upload: {:?}", trees.len());
+
+        // heuristic to make sure we have enough funds to cover execution, assumes all trees need updating 
+        {
+            let initial_balance = rpc_client.get_balance(&keypair.pubkey()).await.expect("failed to get balance");
+            let desired_balance = (trees.len() as u64).checked_mul(DEFAULT_TARGET_LAMPORTS_PER_SIGNATURE).unwrap();
+            if initial_balance < desired_balance {
+                let sol_to_deposit = desired_balance.checked_sub(initial_balance).unwrap().checked_add(LAMPORTS_PER_SOL).unwrap().checked_sub(1).unwrap().checked_div(LAMPORTS_PER_SOL).unwrap(); // rounds up to nearest sol
+                panic!("Expected to have at least {} lamports in {}, current balance is {} lamports, deposit {} SOL to continue.",
+                       desired_balance, &keypair.pubkey(), initial_balance, sol_to_deposit)
+            }
+        }
+        let mut trees_needing_update: Vec<GeneratedMerkleTree> = vec![];
+        for tree in trees {
+            let account = rpc_client
+                .get_account(&tree.tip_distribution_account)
+                .await
+                .expect("fetch expect");
+
+            let mut data = account.data.as_slice();
+            let fetched_tip_distribution_account =
+                TipDistributionAccount::try_deserialize(&mut data)
+                    .expect("failed to deserialize tip_distribution_account state");
+
+            let needs_upload = match fetched_tip_distribution_account.merkle_root {
+                Some(merkle_root) => {
+                    merkle_root.total_funds_claimed == 0
+                        && merkle_root.root != tree.merkle_root.to_bytes()
+                }
+                None => true,
+            };
+
+            if needs_upload {
+                trees_needing_update.push(tree);
+            }
+        }
+
+        info!("num trees need uploading: {:?}", trees_needing_update.len());
+
+        let transactions: Vec<Transaction> = trees_needing_update
+            .iter()
+            .map(|tree| {
+                let ix = upload_merkle_root_ix(
+                    *tip_distribution_program_id,
+                    UploadMerkleRootArgs {
+                        root: tree.merkle_root.to_bytes(),
+                        max_total_claim: tree.max_total_claim,
+                        max_num_nodes: tree.max_num_nodes,
+                    },
+                    UploadMerkleRootAccounts {
+                        config: tip_distribution_config,
+                        merkle_root_upload_authority: keypair.pubkey(),
+                        tip_distribution_account: tree.tip_distribution_account,
+                    },
+                );
+                Transaction::new_with_payer(
+                    &[ix],
+                    Some(&keypair.pubkey()),
+                )
+            })
+            .collect();
+
+        let (to_process, failed_transactions) = sign_and_send_transactions_with_retries(
+            &keypair, &rpc_client, max_concurrent_rpc_get_reqs, transactions, txn_send_batch_size, MAX_RETRY_DURATION).await;
+        if !to_process.is_empty() {
+            panic!("{} remaining mev claim transactions, {} failed requests.", to_process.len(), failed_transactions.len());
+        }
+    });
+
+    Ok(())
+}
diff --git a/tip-distributor/src/reclaim_rent_workflow.rs b/tip-distributor/src/reclaim_rent_workflow.rs
new file mode 100644
index 0000000000..fc48c89d61
--- /dev/null
+++ b/tip-distributor/src/reclaim_rent_workflow.rs
@@ -0,0 +1,310 @@
+use {
+    crate::{
+        claim_mev_workflow::ClaimMevError, get_batched_accounts,
+        reclaim_rent_workflow::ClaimMevError::AnchorError, send_until_blockhash_expires,
+    },
+    anchor_lang::AccountDeserialize,
+    jito_tip_distribution::{
+        sdk::{
+            derive_config_account_address,
+            instruction::{
+                close_claim_status_ix, close_tip_distribution_account_ix, CloseClaimStatusAccounts,
+                CloseClaimStatusArgs, CloseTipDistributionAccountArgs,
+                CloseTipDistributionAccounts,
+            },
+        },
+        state::{ClaimStatus, Config, TipDistributionAccount},
+    },
+    log::{info, warn},
+    rand::{prelude::SliceRandom, thread_rng},
+    solana_client::nonblocking::rpc_client::RpcClient,
+    solana_metrics::datapoint_info,
+    solana_program::{clock::Epoch, pubkey::Pubkey},
+    solana_rpc_client_api::config::RpcSimulateTransactionConfig,
+    solana_sdk::{
+        account::Account,
+        commitment_config::CommitmentConfig,
+        compute_budget::ComputeBudgetInstruction,
+        signature::{Keypair, Signer},
+        transaction::Transaction,
+    },
+    std::{
+        sync::Arc,
+        time::{Duration, Instant},
+    },
+};
+
+/// Clear old ClaimStatus accounts
+pub async fn reclaim_rent(
+    rpc_url: String,
+    tip_distribution_program_id: Pubkey,
+    signer: Arc<Keypair>,
+    max_loop_duration: Duration,
+    // Optionally reclaim TipDistributionAccount rents on behalf of validators.
+    should_reclaim_tdas: bool,
+    micro_lamports: u64,
+) -> Result<(), ClaimMevError> {
+    let rpc_client = RpcClient::new_with_timeout_and_commitment(
+        rpc_url.clone(),
+        Duration::from_secs(300),
+        CommitmentConfig::processed(),
+    );
+
+    let start = Instant::now();
+
+    let accounts = rpc_client
+        .get_program_accounts(&tip_distribution_program_id)
+        .await?;
+
+    let config_pubkey = derive_config_account_address(&tip_distribution_program_id).0;
+    let config_account = rpc_client.get_account(&config_pubkey).await?;
+    let config_account =
+        Config::try_deserialize(&mut config_account.data.as_slice()).map_err(AnchorError)?;
+
+    let epoch = rpc_client.get_epoch_info().await?.epoch;
+    let mut claim_status_pubkeys_to_expire =
+        find_expired_claim_status_accounts(&accounts, epoch, signer.pubkey());
+    let mut tda_pubkeys_to_expire = find_expired_tda_accounts(&accounts, epoch);
+
+    while start.elapsed() <= max_loop_duration {
+        let mut transactions = build_close_claim_status_transactions(
+            &claim_status_pubkeys_to_expire,
+            tip_distribution_program_id,
+            config_pubkey,
+            micro_lamports,
+            signer.pubkey(),
+        );
+        if should_reclaim_tdas {
+            transactions.extend(build_close_tda_transactions(
+                &tda_pubkeys_to_expire,
+                tip_distribution_program_id,
+                config_pubkey,
+                &config_account,
+                signer.pubkey(),
+            ));
+        }
+
+        datapoint_info!(
+            "claim_mev_workflow-prepare_rent_reclaim_transactions",
+            ("transaction_count", transactions.len(), i64),
+        );
+
+        if transactions.is_empty() {
+            info!("Finished reclaim rent!");
+            return Ok(());
+        }
+
+        transactions.shuffle(&mut thread_rng());
+        let transactions: Vec<_> = transactions.into_iter().take(10_000).collect();
+        let blockhash = rpc_client.get_latest_blockhash().await?;
+        send_until_blockhash_expires(&rpc_client, transactions, blockhash, &signer).await?;
+
+        // can just refresh calling get_multiple_accounts since these operations should be subtractive and not additive
+        let claim_status_pubkeys: Vec<_> = claim_status_pubkeys_to_expire
+            .iter()
+            .map(|(pubkey, _)| *pubkey)
+            .collect();
+        claim_status_pubkeys_to_expire = get_batched_accounts(&rpc_client, &claim_status_pubkeys)
+            .await?
+            .into_iter()
+            .filter_map(|(pubkey, account)| Some((pubkey, account?)))
+            .collect();
+
+        let tda_pubkeys: Vec<_> = tda_pubkeys_to_expire
+            .iter()
+            .map(|(pubkey, _)| *pubkey)
+            .collect();
+        tda_pubkeys_to_expire = get_batched_accounts(&rpc_client, &tda_pubkeys)
+            .await?
+            .into_iter()
+            .filter_map(|(pubkey, account)| Some((pubkey, account?)))
+            .collect();
+    }
+
+    // one final refresh before double checking everything
+    let claim_status_pubkeys: Vec<_> = claim_status_pubkeys_to_expire
+        .iter()
+        .map(|(pubkey, _)| *pubkey)
+        .collect();
+    claim_status_pubkeys_to_expire = get_batched_accounts(&rpc_client, &claim_status_pubkeys)
+        .await?
+        .into_iter()
+        .filter_map(|(pubkey, account)| Some((pubkey, account?)))
+        .collect();
+
+    let tda_pubkeys: Vec<_> = tda_pubkeys_to_expire
+        .iter()
+        .map(|(pubkey, _)| *pubkey)
+        .collect();
+    tda_pubkeys_to_expire = get_batched_accounts(&rpc_client, &tda_pubkeys)
+        .await?
+        .into_iter()
+        .filter_map(|(pubkey, account)| Some((pubkey, account?)))
+        .collect();
+
+    let mut transactions = build_close_claim_status_transactions(
+        &claim_status_pubkeys_to_expire,
+        tip_distribution_program_id,
+        config_pubkey,
+        micro_lamports,
+        signer.pubkey(),
+    );
+    if should_reclaim_tdas {
+        transactions.extend(build_close_tda_transactions(
+            &tda_pubkeys_to_expire,
+            tip_distribution_program_id,
+            config_pubkey,
+            &config_account,
+            signer.pubkey(),
+        ));
+    }
+
+    if transactions.is_empty() {
+        return Ok(());
+    }
+
+    // if more transactions left, we'll simulate them all to make sure its not an uncaught error
+    let mut is_error = false;
+    let mut error_str = String::new();
+    for tx in &transactions {
+        match rpc_client
+            .simulate_transaction_with_config(
+                tx,
+                RpcSimulateTransactionConfig {
+                    sig_verify: false,
+                    replace_recent_blockhash: true,
+                    commitment: Some(CommitmentConfig::processed()),
+                    ..RpcSimulateTransactionConfig::default()
+                },
+            )
+            .await
+        {
+            Ok(_) => {}
+            Err(e) => {
+                error_str = e.to_string();
+                is_error = true;
+
+                match e.get_transaction_error() {
+                    None => {
+                        break;
+                    }
+                    Some(e) => {
+                        warn!("transaction error. tx: {:?} error: {:?}", tx, e);
+                        break;
+                    }
+                }
+            }
+        }
+    }
+
+    if is_error {
+        Err(ClaimMevError::UncaughtError { e: error_str })
+    } else {
+        Err(ClaimMevError::NotFinished {
+            transactions_left: transactions.len(),
+        })
+    }
+}
+
+fn find_expired_claim_status_accounts(
+    accounts: &[(Pubkey, Account)],
+    epoch: Epoch,
+    payer: Pubkey,
+) -> Vec<(Pubkey, Account)> {
+    accounts
+        .iter()
+        .filter_map(|(pubkey, account)| {
+            let claim_status = ClaimStatus::try_deserialize(&mut account.data.as_slice()).ok()?;
+            if claim_status.claim_status_payer.eq(&payer) && epoch > claim_status.expires_at {
+                Some((*pubkey, account.clone()))
+            } else {
+                None
+            }
+        })
+        .collect()
+}
+
+fn find_expired_tda_accounts(
+    accounts: &[(Pubkey, Account)],
+    epoch: Epoch,
+) -> Vec<(Pubkey, Account)> {
+    accounts
+        .iter()
+        .filter_map(|(pubkey, account)| {
+            let tda = TipDistributionAccount::try_deserialize(&mut account.data.as_slice()).ok()?;
+            if epoch > tda.expires_at {
+                Some((*pubkey, account.clone()))
+            } else {
+                None
+            }
+        })
+        .collect()
+}
+
+/// Assumes accounts is already pre-filtered with checks to ensure the account can be closed
+fn build_close_claim_status_transactions(
+    accounts: &[(Pubkey, Account)],
+    tip_distribution_program_id: Pubkey,
+    config: Pubkey,
+    microlamports: u64,
+    payer: Pubkey,
+) -> Vec<Transaction> {
+    accounts
+        .iter()
+        .map(|(claim_status_pubkey, account)| {
+            let claim_status = ClaimStatus::try_deserialize(&mut account.data.as_slice()).unwrap();
+            close_claim_status_ix(
+                tip_distribution_program_id,
+                CloseClaimStatusArgs,
+                CloseClaimStatusAccounts {
+                    config,
+                    claim_status: *claim_status_pubkey,
+                    claim_status_payer: claim_status.claim_status_payer,
+                },
+            )
+        })
+        .collect::<Vec<_>>()
+        .chunks(4)
+        .map(|close_claim_status_instructions| {
+            let mut instructions = vec![ComputeBudgetInstruction::set_compute_unit_price(
+                microlamports,
+            )];
+            instructions.extend(close_claim_status_instructions.to_vec());
+            Transaction::new_with_payer(&instructions, Some(&payer))
+        })
+        .collect()
+}
+
+fn build_close_tda_transactions(
+    accounts: &[(Pubkey, Account)],
+    tip_distribution_program_id: Pubkey,
+    config_pubkey: Pubkey,
+    config: &Config,
+    payer: Pubkey,
+) -> Vec<Transaction> {
+    let instructions: Vec<_> = accounts
+        .iter()
+        .map(|(pubkey, account)| {
+            let tda =
+                TipDistributionAccount::try_deserialize(&mut account.data.as_slice()).unwrap();
+            close_tip_distribution_account_ix(
+                tip_distribution_program_id,
+                CloseTipDistributionAccountArgs {
+                    _epoch: tda.epoch_created_at,
+                },
+                CloseTipDistributionAccounts {
+                    config: config_pubkey,
+                    tip_distribution_account: *pubkey,
+                    validator_vote_account: tda.validator_vote_account,
+                    expired_funds_account: config.expired_funds_account,
+                    signer: payer,
+                },
+            )
+        })
+        .collect();
+
+    instructions
+        .chunks(4)
+        .map(|ix_chunk| Transaction::new_with_payer(ix_chunk, Some(&payer)))
+        .collect()
+}
diff --git a/tip-distributor/src/stake_meta_generator_workflow.rs b/tip-distributor/src/stake_meta_generator_workflow.rs
new file mode 100644
index 0000000000..9616154c09
--- /dev/null
+++ b/tip-distributor/src/stake_meta_generator_workflow.rs
@@ -0,0 +1,973 @@
+use {
+    crate::{
+        derive_tip_distribution_account_address, derive_tip_payment_pubkeys, Config, StakeMeta,
+        StakeMetaCollection, TipDistributionAccount, TipDistributionAccountWrapper,
+        TipDistributionMeta,
+    },
+    anchor_lang::AccountDeserialize,
+    itertools::Itertools,
+    log::*,
+    solana_accounts_db::hardened_unpack::{
+        open_genesis_config, OpenGenesisConfigError, MAX_GENESIS_ARCHIVE_UNPACKED_SIZE,
+    },
+    solana_client::client_error::ClientError,
+    solana_ledger::{
+        bank_forks_utils,
+        bank_forks_utils::BankForksUtilsError,
+        blockstore::{Blockstore, BlockstoreError},
+        blockstore_options::{AccessType, BlockstoreOptions, LedgerColumnOptions},
+        blockstore_processor::{BlockstoreProcessorError, ProcessOptions},
+    },
+    solana_program::{stake_history::StakeHistory, sysvar},
+    solana_runtime::{bank::Bank, snapshot_config::SnapshotConfig, stakes::StakeAccount},
+    solana_sdk::{
+        account::{from_account, ReadableAccount, WritableAccount},
+        clock::Slot,
+        pubkey::Pubkey,
+    },
+    solana_vote::vote_account::VoteAccount,
+    std::{
+        collections::HashMap,
+        fmt::{Debug, Display, Formatter},
+        fs::File,
+        io::{BufWriter, Write},
+        mem::size_of,
+        path::{Path, PathBuf},
+        sync::{atomic::AtomicBool, Arc},
+    },
+    thiserror::Error,
+};
+
+#[derive(Error, Debug)]
+pub enum StakeMetaGeneratorError {
+    #[error(transparent)]
+    AnchorError(#[from] Box<anchor_lang::error::Error>),
+
+    #[error(transparent)]
+    BlockstoreError(#[from] BlockstoreError),
+
+    #[error(transparent)]
+    BlockstoreProcessorError(#[from] BlockstoreProcessorError),
+
+    #[error(transparent)]
+    IoError(#[from] std::io::Error),
+
+    CheckedMathError,
+
+    #[error(transparent)]
+    RpcError(#[from] ClientError),
+
+    #[error(transparent)]
+    SerdeJsonError(#[from] serde_json::Error),
+
+    SnapshotSlotNotFound,
+
+    BankForksUtilsError(#[from] BankForksUtilsError),
+
+    GenesisConfigError(#[from] OpenGenesisConfigError),
+}
+
+impl Display for StakeMetaGeneratorError {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        Debug::fmt(&self, f)
+    }
+}
+
+/// Runs the entire workflow of creating a bank from a snapshot to writing stake meta-data
+/// to a JSON file.
+pub fn generate_stake_meta(
+    ledger_path: &Path,
+    snapshot_slot: &Slot,
+    tip_distribution_program_id: &Pubkey,
+    out_path: &str,
+    tip_payment_program_id: &Pubkey,
+) -> Result<(), StakeMetaGeneratorError> {
+    info!("Creating bank from ledger path...");
+    let bank = create_bank_from_snapshot(ledger_path, snapshot_slot)?;
+
+    info!("Generating stake_meta_collection object...");
+    let stake_meta_coll =
+        generate_stake_meta_collection(&bank, tip_distribution_program_id, tip_payment_program_id)?;
+
+    info!("Writing stake_meta_collection to JSON {}...", out_path);
+    write_to_json_file(&stake_meta_coll, out_path)?;
+
+    Ok(())
+}
+
+fn create_bank_from_snapshot(
+    ledger_path: &Path,
+    snapshot_slot: &Slot,
+) -> Result<Arc<Bank>, StakeMetaGeneratorError> {
+    let genesis_config = open_genesis_config(ledger_path, MAX_GENESIS_ARCHIVE_UNPACKED_SIZE)?;
+    let snapshot_config = SnapshotConfig {
+        full_snapshot_archive_interval_slots: Slot::MAX,
+        incremental_snapshot_archive_interval_slots: Slot::MAX,
+        full_snapshot_archives_dir: PathBuf::from(ledger_path),
+        incremental_snapshot_archives_dir: PathBuf::from(ledger_path),
+        bank_snapshots_dir: PathBuf::from(ledger_path),
+        ..SnapshotConfig::default()
+    };
+    let blockstore = Blockstore::open_with_options(
+        ledger_path,
+        BlockstoreOptions {
+            access_type: AccessType::PrimaryForMaintenance,
+            recovery_mode: None,
+            enforce_ulimit_nofile: false,
+            column_options: LedgerColumnOptions::default(),
+        },
+    )?;
+    let (bank_forks, _, _) = bank_forks_utils::load_bank_forks(
+        &genesis_config,
+        &blockstore,
+        vec![PathBuf::from(ledger_path).join(Path::new("stake-meta.accounts"))],
+        Some(&snapshot_config),
+        &ProcessOptions::default(),
+        None,
+        None,
+        None,
+        Arc::new(AtomicBool::new(false)),
+        false,
+    )?;
+
+    let working_bank = bank_forks.read().unwrap().working_bank();
+    assert_eq!(
+        working_bank.slot(),
+        *snapshot_slot,
+        "expected working bank slot {}, found {}",
+        snapshot_slot,
+        working_bank.slot()
+    );
+
+    Ok(working_bank)
+}
+
+fn write_to_json_file(
+    stake_meta_coll: &StakeMetaCollection,
+    out_path: &str,
+) -> Result<(), StakeMetaGeneratorError> {
+    let file = File::create(out_path)?;
+    let mut writer = BufWriter::new(file);
+    let json = serde_json::to_string_pretty(&stake_meta_coll).unwrap();
+    writer.write_all(json.as_bytes())?;
+    writer.flush()?;
+
+    Ok(())
+}
+
+/// Creates a collection of [StakeMeta]'s from the given bank.
+pub fn generate_stake_meta_collection(
+    bank: &Arc<Bank>,
+    tip_distribution_program_id: &Pubkey,
+    tip_payment_program_id: &Pubkey,
+) -> Result<StakeMetaCollection, StakeMetaGeneratorError> {
+    assert!(bank.is_frozen());
+
+    let epoch_vote_accounts = bank.epoch_vote_accounts(bank.epoch()).unwrap_or_else(|| {
+        panic!(
+            "No epoch_vote_accounts found for slot {} at epoch {}",
+            bank.slot(),
+            bank.epoch()
+        )
+    });
+
+    let l_stakes = bank.stakes_cache.stakes();
+    let delegations = l_stakes.stake_delegations();
+
+    let voter_pubkey_to_delegations = group_delegations_by_voter_pubkey(delegations, bank);
+
+    // the last leader in an epoch may not crank the tip program before the epoch is over, which
+    // would result in MEV rewards for epoch N not being cranked until epoch N + 1. This means that
+    // the account balance in the snapshot could be incorrect.
+    // We assume that the rewards sitting in the tip program PDAs are cranked out by the time all of
+    // the rewards are claimed.
+    let tip_accounts = derive_tip_payment_pubkeys(tip_payment_program_id);
+    let account = bank
+        .get_account(&tip_accounts.config_pda)
+        .expect("config pda exists");
+
+    let config = Config::try_deserialize(&mut account.data()).expect("deserializes configuration");
+
+    let bb_commission_pct: u64 = config.block_builder_commission_pct;
+    let tip_receiver: Pubkey = config.tip_receiver;
+
+    // includes the block builder fee
+    let excess_tip_balances: u64 = tip_accounts
+        .tip_pdas
+        .iter()
+        .map(|pubkey| {
+            let tip_account = bank.get_account(pubkey).expect("tip account exists");
+            tip_account
+                .lamports()
+                .checked_sub(bank.get_minimum_balance_for_rent_exemption(tip_account.data().len()))
+                .expect("tip balance underflow")
+        })
+        .sum();
+    // matches math in tip payment program
+    let block_builder_tips = excess_tip_balances
+        .checked_mul(bb_commission_pct)
+        .expect("block_builder_tips overflow")
+        .checked_div(100)
+        .expect("block_builder_tips division error");
+    let tip_receiver_fee = excess_tip_balances
+        .checked_sub(block_builder_tips)
+        .expect("tip_receiver_fee doesnt underflow");
+
+    let vote_pk_and_maybe_tdas: Vec<(
+        (Pubkey, &VoteAccount),
+        Option<TipDistributionAccountWrapper>,
+    )> = epoch_vote_accounts
+        .iter()
+        .map(|(vote_pubkey, (_total_stake, vote_account))| {
+            let tip_distribution_pubkey = derive_tip_distribution_account_address(
+                tip_distribution_program_id,
+                vote_pubkey,
+                bank.epoch(),
+            )
+            .0;
+            let tda = if let Some(mut account_data) = bank.get_account(&tip_distribution_pubkey) {
+                // TDAs may be funded with lamports and therefore exist in the bank, but would fail the deserialization step
+                // if the buffer is yet to be allocated thru the init call to the program.
+                if let Ok(tip_distribution_account) =
+                    TipDistributionAccount::try_deserialize(&mut account_data.data())
+                {
+                    // this snapshot might have tips that weren't claimed by the time the epoch is over
+                    // assume that it will eventually be cranked and credit the excess to this account
+                    if tip_distribution_pubkey == tip_receiver {
+                        account_data.set_lamports(
+                            account_data
+                                .lamports()
+                                .checked_add(tip_receiver_fee)
+                                .expect("tip overflow"),
+                        );
+                    }
+                    Some(TipDistributionAccountWrapper {
+                        tip_distribution_account,
+                        account_data,
+                        tip_distribution_pubkey,
+                    })
+                } else {
+                    None
+                }
+            } else {
+                None
+            };
+            Ok(((*vote_pubkey, vote_account), tda))
+        })
+        .collect::<Result<_, StakeMetaGeneratorError>>()?;
+
+    let mut stake_metas = vec![];
+    for ((vote_pubkey, vote_account), maybe_tda) in vote_pk_and_maybe_tdas {
+        if let Some(mut delegations) = voter_pubkey_to_delegations.get(&vote_pubkey).cloned() {
+            let total_delegated = delegations.iter().fold(0u64, |sum, delegation| {
+                sum.checked_add(delegation.lamports_delegated).unwrap()
+            });
+
+            let maybe_tip_distribution_meta = if let Some(tda) = maybe_tda {
+                let actual_len = tda.account_data.data().len();
+                let expected_len = 8_usize.saturating_add(size_of::<TipDistributionAccount>());
+                if actual_len != expected_len {
+                    warn!("len mismatch actual={actual_len}, expected={expected_len}");
+                }
+                let rent_exempt_amount =
+                    bank.get_minimum_balance_for_rent_exemption(tda.account_data.data().len());
+
+                Some(TipDistributionMeta::from_tda_wrapper(
+                    tda,
+                    rent_exempt_amount,
+                )?)
+            } else {
+                None
+            };
+
+            let vote_state = vote_account.vote_state().unwrap();
+            delegations.sort();
+            stake_metas.push(StakeMeta {
+                maybe_tip_distribution_meta,
+                validator_node_pubkey: vote_state.node_pubkey,
+                validator_vote_account: vote_pubkey,
+                delegations,
+                total_delegated,
+                commission: vote_state.commission,
+            });
+        } else {
+            warn!(
+                    "voter_pubkey not found in voter_pubkey_to_delegations map [validator_vote_pubkey={}]",
+                    vote_pubkey
+                );
+        }
+    }
+    stake_metas.sort();
+
+    Ok(StakeMetaCollection {
+        stake_metas,
+        tip_distribution_program_id: *tip_distribution_program_id,
+        bank_hash: bank.hash().to_string(),
+        epoch: bank.epoch(),
+        slot: bank.slot(),
+    })
+}
+
+/// Given an [EpochStakes] object, return delegations grouped by voter_pubkey (validator delegated to).
+fn group_delegations_by_voter_pubkey(
+    delegations: &im::HashMap<Pubkey, StakeAccount>,
+    bank: &Bank,
+) -> HashMap<Pubkey, Vec<crate::Delegation>> {
+    delegations
+        .into_iter()
+        .filter(|(_stake_pubkey, stake_account)| {
+            stake_account.delegation().stake(
+                bank.epoch(),
+                &from_account::<StakeHistory, _>(
+                    &bank.get_account(&sysvar::stake_history::id()).unwrap(),
+                )
+                .unwrap(),
+                bank.new_warmup_cooldown_rate_epoch(),
+            ) > 0
+        })
+        .into_group_map_by(|(_stake_pubkey, stake_account)| stake_account.delegation().voter_pubkey)
+        .into_iter()
+        .map(|(voter_pubkey, group)| {
+            (
+                voter_pubkey,
+                group
+                    .into_iter()
+                    .map(|(stake_pubkey, stake_account)| crate::Delegation {
+                        stake_account_pubkey: *stake_pubkey,
+                        staker_pubkey: stake_account
+                            .stake_state()
+                            .authorized()
+                            .map(|a| a.staker)
+                            .unwrap_or_default(),
+                        withdrawer_pubkey: stake_account
+                            .stake_state()
+                            .authorized()
+                            .map(|a| a.withdrawer)
+                            .unwrap_or_default(),
+                        lamports_delegated: stake_account.delegation().stake,
+                    })
+                    .collect::<Vec<crate::Delegation>>(),
+            )
+        })
+        .collect()
+}
+
+#[cfg(test)]
+mod tests {
+    use {
+        super::*,
+        crate::derive_tip_distribution_account_address,
+        anchor_lang::AccountSerialize,
+        jito_tip_distribution::state::TipDistributionAccount,
+        jito_tip_payment::{
+            InitBumps, TipPaymentAccount, CONFIG_ACCOUNT_SEED, TIP_ACCOUNT_SEED_0,
+            TIP_ACCOUNT_SEED_1, TIP_ACCOUNT_SEED_2, TIP_ACCOUNT_SEED_3, TIP_ACCOUNT_SEED_4,
+            TIP_ACCOUNT_SEED_5, TIP_ACCOUNT_SEED_6, TIP_ACCOUNT_SEED_7,
+        },
+        solana_runtime::genesis_utils::{
+            create_genesis_config_with_vote_accounts, GenesisConfigInfo, ValidatorVoteKeypairs,
+        },
+        solana_sdk::{
+            self,
+            account::{from_account, AccountSharedData},
+            message::Message,
+            signature::{Keypair, Signer},
+            stake::{
+                self,
+                state::{Authorized, Lockup},
+            },
+            stake_history::StakeHistory,
+            sysvar,
+            transaction::Transaction,
+        },
+        solana_stake_program::stake_state,
+    };
+
+    #[test]
+    fn test_generate_stake_meta_collection_happy_path() {
+        /* 1. Create a Bank seeded with some validator stake accounts */
+        let validator_keypairs_0 = ValidatorVoteKeypairs::new_rand();
+        let validator_keypairs_1 = ValidatorVoteKeypairs::new_rand();
+        let validator_keypairs_2 = ValidatorVoteKeypairs::new_rand();
+        let validator_keypairs = vec![
+            &validator_keypairs_0,
+            &validator_keypairs_1,
+            &validator_keypairs_2,
+        ];
+        const INITIAL_VALIDATOR_STAKES: u64 = 10_000;
+        let GenesisConfigInfo { genesis_config, .. } = create_genesis_config_with_vote_accounts(
+            1_000_000_000,
+            &validator_keypairs,
+            vec![INITIAL_VALIDATOR_STAKES; 3],
+        );
+
+        let (mut bank, _bank_forks) = Bank::new_with_bank_forks_for_tests(&genesis_config);
+
+        /* 2. Seed the Bank with [TipDistributionAccount]'s */
+        let merkle_root_upload_authority = Pubkey::new_unique();
+        let tip_distribution_program_id = Pubkey::new_unique();
+        let tip_payment_program_id = Pubkey::new_unique();
+
+        let delegator_0 = Keypair::new();
+        let delegator_1 = Keypair::new();
+        let delegator_2 = Keypair::new();
+        let delegator_3 = Keypair::new();
+        let delegator_4 = Keypair::new();
+
+        let delegator_0_pk = delegator_0.pubkey();
+        let delegator_1_pk = delegator_1.pubkey();
+        let delegator_2_pk = delegator_2.pubkey();
+        let delegator_3_pk = delegator_3.pubkey();
+        let delegator_4_pk = delegator_4.pubkey();
+
+        let d_0_data = AccountSharedData::new(
+            300_000_000_000_000 * 10,
+            0,
+            &solana_sdk::system_program::id(),
+        );
+        let d_1_data = AccountSharedData::new(
+            100_000_203_000_000 * 10,
+            0,
+            &solana_sdk::system_program::id(),
+        );
+        let d_2_data = AccountSharedData::new(
+            100_000_235_899_000 * 10,
+            0,
+            &solana_sdk::system_program::id(),
+        );
+        let d_3_data = AccountSharedData::new(
+            200_000_000_000_000 * 10,
+            0,
+            &solana_sdk::system_program::id(),
+        );
+        let d_4_data = AccountSharedData::new(
+            100_000_000_777_000 * 10,
+            0,
+            &solana_sdk::system_program::id(),
+        );
+
+        bank.store_account(&delegator_0_pk, &d_0_data);
+        bank.store_account(&delegator_1_pk, &d_1_data);
+        bank.store_account(&delegator_2_pk, &d_2_data);
+        bank.store_account(&delegator_3_pk, &d_3_data);
+        bank.store_account(&delegator_4_pk, &d_4_data);
+
+        /* 3. Delegate some stake to the initial set of validators */
+        let mut validator_0_delegations = vec![crate::Delegation {
+            stake_account_pubkey: validator_keypairs_0.stake_keypair.pubkey(),
+            staker_pubkey: validator_keypairs_0.stake_keypair.pubkey(),
+            withdrawer_pubkey: validator_keypairs_0.stake_keypair.pubkey(),
+            lamports_delegated: INITIAL_VALIDATOR_STAKES,
+        }];
+        let stake_account = delegate_stake_helper(
+            &bank,
+            &delegator_0,
+            &validator_keypairs_0.vote_keypair.pubkey(),
+            30_000_000_000,
+        );
+        validator_0_delegations.push(crate::Delegation {
+            stake_account_pubkey: stake_account,
+            staker_pubkey: delegator_0.pubkey(),
+            withdrawer_pubkey: delegator_0.pubkey(),
+            lamports_delegated: 30_000_000_000,
+        });
+        let stake_account = delegate_stake_helper(
+            &bank,
+            &delegator_1,
+            &validator_keypairs_0.vote_keypair.pubkey(),
+            3_000_000_000,
+        );
+        validator_0_delegations.push(crate::Delegation {
+            stake_account_pubkey: stake_account,
+            staker_pubkey: delegator_1.pubkey(),
+            withdrawer_pubkey: delegator_1.pubkey(),
+            lamports_delegated: 3_000_000_000,
+        });
+        let stake_account = delegate_stake_helper(
+            &bank,
+            &delegator_2,
+            &validator_keypairs_0.vote_keypair.pubkey(),
+            33_000_000_000,
+        );
+        validator_0_delegations.push(crate::Delegation {
+            stake_account_pubkey: stake_account,
+            staker_pubkey: delegator_2.pubkey(),
+            withdrawer_pubkey: delegator_2.pubkey(),
+            lamports_delegated: 33_000_000_000,
+        });
+
+        let mut validator_1_delegations = vec![crate::Delegation {
+            stake_account_pubkey: validator_keypairs_1.stake_keypair.pubkey(),
+            staker_pubkey: validator_keypairs_1.stake_keypair.pubkey(),
+            withdrawer_pubkey: validator_keypairs_1.stake_keypair.pubkey(),
+            lamports_delegated: INITIAL_VALIDATOR_STAKES,
+        }];
+        let stake_account = delegate_stake_helper(
+            &bank,
+            &delegator_3,
+            &validator_keypairs_1.vote_keypair.pubkey(),
+            4_222_364_000,
+        );
+        validator_1_delegations.push(crate::Delegation {
+            stake_account_pubkey: stake_account,
+            staker_pubkey: delegator_3.pubkey(),
+            withdrawer_pubkey: delegator_3.pubkey(),
+            lamports_delegated: 4_222_364_000,
+        });
+        let stake_account = delegate_stake_helper(
+            &bank,
+            &delegator_4,
+            &validator_keypairs_1.vote_keypair.pubkey(),
+            6_000_000_527,
+        );
+        validator_1_delegations.push(crate::Delegation {
+            stake_account_pubkey: stake_account,
+            staker_pubkey: delegator_4.pubkey(),
+            withdrawer_pubkey: delegator_4.pubkey(),
+            lamports_delegated: 6_000_000_527,
+        });
+
+        let mut validator_2_delegations = vec![crate::Delegation {
+            stake_account_pubkey: validator_keypairs_2.stake_keypair.pubkey(),
+            staker_pubkey: validator_keypairs_2.stake_keypair.pubkey(),
+            withdrawer_pubkey: validator_keypairs_2.stake_keypair.pubkey(),
+            lamports_delegated: INITIAL_VALIDATOR_STAKES,
+        }];
+        let stake_account = delegate_stake_helper(
+            &bank,
+            &delegator_0,
+            &validator_keypairs_2.vote_keypair.pubkey(),
+            1_300_123_156,
+        );
+        validator_2_delegations.push(crate::Delegation {
+            stake_account_pubkey: stake_account,
+            staker_pubkey: delegator_0.pubkey(),
+            withdrawer_pubkey: delegator_0.pubkey(),
+            lamports_delegated: 1_300_123_156,
+        });
+        let stake_account = delegate_stake_helper(
+            &bank,
+            &delegator_4,
+            &validator_keypairs_2.vote_keypair.pubkey(),
+            1_610_565_420,
+        );
+        validator_2_delegations.push(crate::Delegation {
+            stake_account_pubkey: stake_account,
+            staker_pubkey: delegator_4.pubkey(),
+            withdrawer_pubkey: delegator_4.pubkey(),
+            lamports_delegated: 1_610_565_420,
+        });
+
+        /* 4. Run assertions */
+        fn warmed_up(bank: &Bank, stake_pubkeys: &[Pubkey]) -> bool {
+            for stake_pubkey in stake_pubkeys {
+                let stake =
+                    stake_state::stake_from(&bank.get_account(stake_pubkey).unwrap()).unwrap();
+
+                if stake.delegation.stake
+                    != stake.stake(
+                        bank.epoch(),
+                        &from_account::<StakeHistory, _>(
+                            &bank.get_account(&sysvar::stake_history::id()).unwrap(),
+                        )
+                        .unwrap(),
+                        bank.new_warmup_cooldown_rate_epoch(),
+                    )
+                {
+                    return false;
+                }
+            }
+
+            true
+        }
+        fn next_epoch(bank: &Arc<Bank>) -> Arc<Bank> {
+            bank.squash();
+
+            Arc::new(Bank::new_from_parent(
+                bank.clone(),
+                &Pubkey::default(),
+                bank.get_slots_in_epoch(bank.epoch()) + bank.slot(),
+            ))
+        }
+
+        let mut stake_pubkeys = validator_0_delegations
+            .iter()
+            .map(|v| v.stake_account_pubkey)
+            .collect::<Vec<Pubkey>>();
+        stake_pubkeys.extend(
+            validator_1_delegations
+                .iter()
+                .map(|v| v.stake_account_pubkey),
+        );
+        stake_pubkeys.extend(
+            validator_2_delegations
+                .iter()
+                .map(|v| v.stake_account_pubkey),
+        );
+        loop {
+            if warmed_up(&bank, &stake_pubkeys[..]) {
+                break;
+            }
+
+            // Cycle thru banks until we're fully warmed up
+            bank = next_epoch(&bank);
+        }
+
+        let tip_distribution_account_0 = derive_tip_distribution_account_address(
+            &tip_distribution_program_id,
+            &validator_keypairs_0.vote_keypair.pubkey(),
+            bank.epoch(),
+        );
+        let tip_distribution_account_1 = derive_tip_distribution_account_address(
+            &tip_distribution_program_id,
+            &validator_keypairs_1.vote_keypair.pubkey(),
+            bank.epoch(),
+        );
+        let tip_distribution_account_2 = derive_tip_distribution_account_address(
+            &tip_distribution_program_id,
+            &validator_keypairs_2.vote_keypair.pubkey(),
+            bank.epoch(),
+        );
+
+        let expires_at = bank.epoch() + 3;
+
+        let tda_0 = TipDistributionAccount {
+            validator_vote_account: validator_keypairs_0.vote_keypair.pubkey(),
+            merkle_root_upload_authority,
+            merkle_root: None,
+            epoch_created_at: bank.epoch(),
+            validator_commission_bps: 50,
+            expires_at,
+            bump: tip_distribution_account_0.1,
+        };
+        let tda_1 = TipDistributionAccount {
+            validator_vote_account: validator_keypairs_1.vote_keypair.pubkey(),
+            merkle_root_upload_authority,
+            merkle_root: None,
+            epoch_created_at: bank.epoch(),
+            validator_commission_bps: 500,
+            expires_at: 0,
+            bump: tip_distribution_account_1.1,
+        };
+        let tda_2 = TipDistributionAccount {
+            validator_vote_account: validator_keypairs_2.vote_keypair.pubkey(),
+            merkle_root_upload_authority,
+            merkle_root: None,
+            epoch_created_at: bank.epoch(),
+            validator_commission_bps: 75,
+            expires_at: 0,
+            bump: tip_distribution_account_2.1,
+        };
+
+        let tip_distro_0_tips = 1_000_000 * 10;
+        let tip_distro_1_tips = 69_000_420 * 10;
+        let tip_distro_2_tips = 789_000_111 * 10;
+
+        let tda_0_fields = (tip_distribution_account_0.0, tda_0.validator_commission_bps);
+        let data_0 =
+            tda_to_account_shared_data(&tip_distribution_program_id, tip_distro_0_tips, tda_0);
+        let tda_1_fields = (tip_distribution_account_1.0, tda_1.validator_commission_bps);
+        let data_1 =
+            tda_to_account_shared_data(&tip_distribution_program_id, tip_distro_1_tips, tda_1);
+        let tda_2_fields = (tip_distribution_account_2.0, tda_2.validator_commission_bps);
+        let data_2 =
+            tda_to_account_shared_data(&tip_distribution_program_id, tip_distro_2_tips, tda_2);
+
+        let accounts_data = create_config_account_data(&tip_payment_program_id, &bank);
+        for (pubkey, data) in accounts_data {
+            bank.store_account(&pubkey, &data);
+        }
+
+        bank.store_account(&tip_distribution_account_0.0, &data_0);
+        bank.store_account(&tip_distribution_account_1.0, &data_1);
+        bank.store_account(&tip_distribution_account_2.0, &data_2);
+
+        bank.freeze();
+        let stake_meta_collection = generate_stake_meta_collection(
+            &bank,
+            &tip_distribution_program_id,
+            &tip_payment_program_id,
+        )
+        .unwrap();
+        assert_eq!(
+            stake_meta_collection.tip_distribution_program_id,
+            tip_distribution_program_id
+        );
+        assert_eq!(stake_meta_collection.slot, bank.slot());
+        assert_eq!(stake_meta_collection.epoch, bank.epoch());
+
+        let mut expected_stake_metas = HashMap::new();
+        expected_stake_metas.insert(
+            validator_keypairs_0.vote_keypair.pubkey(),
+            StakeMeta {
+                validator_vote_account: validator_keypairs_0.vote_keypair.pubkey(),
+                delegations: validator_0_delegations.clone(),
+                total_delegated: validator_0_delegations
+                    .iter()
+                    .fold(0u64, |sum, delegation| {
+                        sum.checked_add(delegation.lamports_delegated).unwrap()
+                    }),
+                maybe_tip_distribution_meta: Some(TipDistributionMeta {
+                    merkle_root_upload_authority,
+                    tip_distribution_pubkey: tda_0_fields.0,
+                    total_tips: tip_distro_0_tips
+                        .checked_sub(
+                            bank.get_minimum_balance_for_rent_exemption(
+                                TipDistributionAccount::SIZE,
+                            ),
+                        )
+                        .unwrap(),
+                    validator_fee_bps: tda_0_fields.1,
+                }),
+                commission: 0,
+                validator_node_pubkey: validator_keypairs_0.node_keypair.pubkey(),
+            },
+        );
+        expected_stake_metas.insert(
+            validator_keypairs_1.vote_keypair.pubkey(),
+            StakeMeta {
+                validator_vote_account: validator_keypairs_1.vote_keypair.pubkey(),
+                delegations: validator_1_delegations.clone(),
+                total_delegated: validator_1_delegations
+                    .iter()
+                    .fold(0u64, |sum, delegation| {
+                        sum.checked_add(delegation.lamports_delegated).unwrap()
+                    }),
+                maybe_tip_distribution_meta: Some(TipDistributionMeta {
+                    merkle_root_upload_authority,
+                    tip_distribution_pubkey: tda_1_fields.0,
+                    total_tips: tip_distro_1_tips
+                        .checked_sub(
+                            bank.get_minimum_balance_for_rent_exemption(
+                                TipDistributionAccount::SIZE,
+                            ),
+                        )
+                        .unwrap(),
+                    validator_fee_bps: tda_1_fields.1,
+                }),
+                commission: 0,
+                validator_node_pubkey: validator_keypairs_1.node_keypair.pubkey(),
+            },
+        );
+        expected_stake_metas.insert(
+            validator_keypairs_2.vote_keypair.pubkey(),
+            StakeMeta {
+                validator_vote_account: validator_keypairs_2.vote_keypair.pubkey(),
+                delegations: validator_2_delegations.clone(),
+                total_delegated: validator_2_delegations
+                    .iter()
+                    .fold(0u64, |sum, delegation| {
+                        sum.checked_add(delegation.lamports_delegated).unwrap()
+                    }),
+                maybe_tip_distribution_meta: Some(TipDistributionMeta {
+                    merkle_root_upload_authority,
+                    tip_distribution_pubkey: tda_2_fields.0,
+                    total_tips: tip_distro_2_tips
+                        .checked_sub(
+                            bank.get_minimum_balance_for_rent_exemption(
+                                TipDistributionAccount::SIZE,
+                            ),
+                        )
+                        .unwrap(),
+                    validator_fee_bps: tda_2_fields.1,
+                }),
+                commission: 0,
+                validator_node_pubkey: validator_keypairs_2.node_keypair.pubkey(),
+            },
+        );
+
+        println!(
+            "validator_0 [vote_account={}, stake_account={}]",
+            validator_keypairs_0.vote_keypair.pubkey(),
+            validator_keypairs_0.stake_keypair.pubkey()
+        );
+        println!(
+            "validator_1 [vote_account={}, stake_account={}]",
+            validator_keypairs_1.vote_keypair.pubkey(),
+            validator_keypairs_1.stake_keypair.pubkey()
+        );
+        println!(
+            "validator_2 [vote_account={}, stake_account={}]",
+            validator_keypairs_2.vote_keypair.pubkey(),
+            validator_keypairs_2.stake_keypair.pubkey(),
+        );
+
+        assert_eq!(
+            expected_stake_metas.len(),
+            stake_meta_collection.stake_metas.len()
+        );
+
+        for actual_stake_meta in stake_meta_collection.stake_metas {
+            let expected_stake_meta = expected_stake_metas
+                .get(&actual_stake_meta.validator_vote_account)
+                .unwrap();
+            assert_eq!(
+                expected_stake_meta.maybe_tip_distribution_meta,
+                actual_stake_meta.maybe_tip_distribution_meta
+            );
+            assert_eq!(
+                expected_stake_meta.total_delegated,
+                actual_stake_meta.total_delegated
+            );
+            assert_eq!(expected_stake_meta.commission, actual_stake_meta.commission);
+            assert_eq!(
+                expected_stake_meta.validator_vote_account,
+                actual_stake_meta.validator_vote_account
+            );
+
+            assert_eq!(
+                expected_stake_meta.delegations.len(),
+                actual_stake_meta.delegations.len()
+            );
+
+            for expected_delegation in &expected_stake_meta.delegations {
+                let actual_delegation = actual_stake_meta
+                    .delegations
+                    .iter()
+                    .find(|d| d.stake_account_pubkey == expected_delegation.stake_account_pubkey)
+                    .unwrap();
+
+                assert_eq!(expected_delegation, actual_delegation);
+            }
+        }
+    }
+
+    /// Helper function that sends a delegate stake instruction to the bank.
+    /// Returns the created stake account pubkey.
+    fn delegate_stake_helper(
+        bank: &Bank,
+        from_keypair: &Keypair,
+        vote_account: &Pubkey,
+        delegation_amount: u64,
+    ) -> Pubkey {
+        let minimum_delegation = solana_stake_program::get_minimum_delegation(&bank.feature_set);
+        assert!(
+            delegation_amount >= minimum_delegation,
+            "{}",
+            format!(
+                "received delegation_amount {}, must be at least {}",
+                delegation_amount, minimum_delegation
+            )
+        );
+        if let Some(from_account) = bank.get_account(&from_keypair.pubkey()) {
+            assert_eq!(from_account.owner(), &solana_sdk::system_program::id());
+        } else {
+            panic!("from_account DNE");
+        }
+        assert!(bank.get_account(vote_account).is_some());
+
+        let stake_keypair = Keypair::new();
+        let instructions = stake::instruction::create_account_and_delegate_stake(
+            &from_keypair.pubkey(),
+            &stake_keypair.pubkey(),
+            vote_account,
+            &Authorized::auto(&from_keypair.pubkey()),
+            &Lockup::default(),
+            delegation_amount,
+        );
+
+        let message = Message::new(&instructions[..], Some(&from_keypair.pubkey()));
+        let transaction = Transaction::new(
+            &[from_keypair, &stake_keypair],
+            message,
+            bank.last_blockhash(),
+        );
+
+        bank.process_transaction(&transaction)
+            .map_err(|e| {
+                eprintln!("Error delegating stake [error={}]", e);
+                e
+            })
+            .unwrap();
+
+        stake_keypair.pubkey()
+    }
+
+    fn tda_to_account_shared_data(
+        tip_distribution_program_id: &Pubkey,
+        lamports: u64,
+        tda: TipDistributionAccount,
+    ) -> AccountSharedData {
+        let mut account_data = AccountSharedData::new(
+            lamports,
+            TipDistributionAccount::SIZE,
+            tip_distribution_program_id,
+        );
+
+        let mut data: [u8; TipDistributionAccount::SIZE] = [0u8; TipDistributionAccount::SIZE];
+        let mut cursor = std::io::Cursor::new(&mut data[..]);
+        tda.try_serialize(&mut cursor).unwrap();
+
+        account_data.set_data(data.to_vec());
+        account_data
+    }
+
+    fn create_config_account_data(
+        tip_payment_program_id: &Pubkey,
+        bank: &Bank,
+    ) -> Vec<(Pubkey, AccountSharedData)> {
+        let mut account_datas = vec![];
+
+        let config_pda =
+            Pubkey::find_program_address(&[CONFIG_ACCOUNT_SEED], tip_payment_program_id);
+
+        let tip_accounts = [
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_0], tip_payment_program_id),
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_1], tip_payment_program_id),
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_2], tip_payment_program_id),
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_3], tip_payment_program_id),
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_4], tip_payment_program_id),
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_5], tip_payment_program_id),
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_6], tip_payment_program_id),
+            Pubkey::find_program_address(&[TIP_ACCOUNT_SEED_7], tip_payment_program_id),
+        ];
+
+        let config = Config {
+            tip_receiver: Pubkey::new_unique(),
+            block_builder: Pubkey::new_unique(),
+            block_builder_commission_pct: 10,
+            bumps: InitBumps {
+                config: config_pda.1,
+                tip_payment_account_0: tip_accounts[0].1,
+                tip_payment_account_1: tip_accounts[1].1,
+                tip_payment_account_2: tip_accounts[2].1,
+                tip_payment_account_3: tip_accounts[3].1,
+                tip_payment_account_4: tip_accounts[4].1,
+                tip_payment_account_5: tip_accounts[5].1,
+                tip_payment_account_6: tip_accounts[6].1,
+                tip_payment_account_7: tip_accounts[7].1,
+            },
+        };
+
+        let mut config_account_data = AccountSharedData::new(
+            bank.get_minimum_balance_for_rent_exemption(Config::SIZE),
+            Config::SIZE,
+            tip_payment_program_id,
+        );
+
+        let mut config_data: [u8; Config::SIZE] = [0u8; Config::SIZE];
+        let mut config_cursor = std::io::Cursor::new(&mut config_data[..]);
+        config.try_serialize(&mut config_cursor).unwrap();
+        config_account_data.set_data(config_data.to_vec());
+        account_datas.push((config_pda.0, config_account_data));
+
+        account_datas.extend(tip_accounts.into_iter().map(|(pubkey, _)| {
+            let mut tip_account_data = AccountSharedData::new(
+                bank.get_minimum_balance_for_rent_exemption(TipPaymentAccount::SIZE),
+                TipPaymentAccount::SIZE,
+                tip_payment_program_id,
+            );
+
+            let mut data: [u8; TipPaymentAccount::SIZE] = [0u8; TipPaymentAccount::SIZE];
+            let mut cursor = std::io::Cursor::new(&mut data[..]);
+            TipPaymentAccount::default()
+                .try_serialize(&mut cursor)
+                .unwrap();
+            tip_account_data.set_data(data.to_vec());
+
+            (pubkey, tip_account_data)
+        }));
+
+        account_datas
+    }
+}
diff --git a/turbine/benches/cluster_info.rs b/turbine/benches/cluster_info.rs
index 4a8ebbcf41..ffac8ac7f0 100644
--- a/turbine/benches/cluster_info.rs
+++ b/turbine/benches/cluster_info.rs
@@ -77,6 +77,7 @@ fn broadcast_shreds_bench(bencher: &mut Bencher) {
             &bank_forks,
             &SocketAddrSpace::Unspecified,
             &quic_endpoint_sender,
+            &None,
         )
         .unwrap();
     });
diff --git a/turbine/benches/retransmit_stage.rs b/turbine/benches/retransmit_stage.rs
index cf40e5f871..3046a22cf2 100644
--- a/turbine/benches/retransmit_stage.rs
+++ b/turbine/benches/retransmit_stage.rs
@@ -34,7 +34,7 @@ use {
         net::Ipv4Addr,
         sync::{
             atomic::{AtomicUsize, Ordering},
-            Arc,
+            Arc, RwLock,
         },
         thread::{sleep, Builder},
         time::Duration,
@@ -128,6 +128,7 @@ fn bench_retransmitter(bencher: &mut Bencher) {
         Arc::default(), // solana_rpc::max_slots::MaxSlots
         None,
         None,
+        Arc::new(RwLock::new(None)),
     );
 
     let mut index = 0;
diff --git a/turbine/src/broadcast_stage.rs b/turbine/src/broadcast_stage.rs
index 2f9d219803..18fd50d1bb 100644
--- a/turbine/src/broadcast_stage.rs
+++ b/turbine/src/broadcast_stage.rs
@@ -118,6 +118,7 @@ impl BroadcastStageType {
         bank_forks: Arc<RwLock<BankForks>>,
         shred_version: u16,
         quic_endpoint_sender: AsyncSender<(SocketAddr, Bytes)>,
+        shred_receiver_address: Arc<RwLock<Option<SocketAddr>>>,
     ) -> BroadcastStage {
         match self {
             BroadcastStageType::Standard => BroadcastStage::new(
@@ -130,6 +131,7 @@ impl BroadcastStageType {
                 bank_forks,
                 quic_endpoint_sender,
                 StandardBroadcastRun::new(shred_version),
+                shred_receiver_address,
             ),
 
             BroadcastStageType::FailEntryVerification => BroadcastStage::new(
@@ -142,6 +144,7 @@ impl BroadcastStageType {
                 bank_forks,
                 quic_endpoint_sender,
                 FailEntryVerificationBroadcastRun::new(shred_version),
+                Arc::new(RwLock::new(None)),
             ),
 
             BroadcastStageType::BroadcastFakeShreds => BroadcastStage::new(
@@ -154,6 +157,7 @@ impl BroadcastStageType {
                 bank_forks,
                 quic_endpoint_sender,
                 BroadcastFakeShredsRun::new(0, shred_version),
+                Arc::new(RwLock::new(None)),
             ),
 
             BroadcastStageType::BroadcastDuplicates(config) => BroadcastStage::new(
@@ -166,6 +170,7 @@ impl BroadcastStageType {
                 bank_forks,
                 quic_endpoint_sender,
                 BroadcastDuplicatesRun::new(shred_version, config.clone()),
+                Arc::new(RwLock::new(None)),
             ),
         }
     }
@@ -187,6 +192,7 @@ trait BroadcastRun {
         sock: &UdpSocket,
         bank_forks: &RwLock<BankForks>,
         quic_endpoint_sender: &AsyncSender<(SocketAddr, Bytes)>,
+        shred_receiver_address: &Arc<RwLock<Option<SocketAddr>>>,
     ) -> Result<()>;
     fn record(&mut self, receiver: &RecordReceiver, blockstore: &Blockstore) -> Result<()>;
 }
@@ -283,6 +289,7 @@ impl BroadcastStage {
         bank_forks: Arc<RwLock<BankForks>>,
         quic_endpoint_sender: AsyncSender<(SocketAddr, Bytes)>,
         mut broadcast_stage_run: impl BroadcastRun + Send + 'static + Clone,
+        shred_receiver_address: Arc<RwLock<Option<SocketAddr>>>,
     ) -> Self {
         let (socket_sender, socket_receiver) = unbounded();
         let (blockstore_sender, blockstore_receiver) = unbounded();
@@ -314,6 +321,8 @@ impl BroadcastStage {
             let cluster_info = cluster_info.clone();
             let bank_forks = bank_forks.clone();
             let quic_endpoint_sender = quic_endpoint_sender.clone();
+            let shred_receiver_address = shred_receiver_address.clone();
+
             let run_transmit = move || loop {
                 let res = bs_transmit.transmit(
                     &socket_receiver,
@@ -321,6 +330,7 @@ impl BroadcastStage {
                     &sock,
                     &bank_forks,
                     &quic_endpoint_sender,
+                    &shred_receiver_address,
                 );
                 let res = Self::handle_error(res, "solana-broadcaster-transmit");
                 if let Some(res) = res {
@@ -430,6 +440,7 @@ fn update_peer_stats(
 
 /// Broadcasts shreds from the leader (i.e. this node) to the root of the
 /// turbine retransmit tree for each shred.
+#[allow(clippy::too_many_arguments)]
 pub fn broadcast_shreds(
     s: &UdpSocket,
     shreds: &[Shred],
@@ -440,6 +451,7 @@ pub fn broadcast_shreds(
     bank_forks: &RwLock<BankForks>,
     socket_addr_space: &SocketAddrSpace,
     quic_endpoint_sender: &AsyncSender<(SocketAddr, Bytes)>,
+    shred_receiver_address: &Option<SocketAddr>,
 ) -> Result<()> {
     let mut result = Ok(());
     let mut shred_select = Measure::start("shred_select");
@@ -455,15 +467,34 @@ pub fn broadcast_shreds(
             let cluster_nodes =
                 cluster_nodes_cache.get(slot, &root_bank, &working_bank, cluster_info);
             update_peer_stats(&cluster_nodes, last_datapoint_submit);
-            shreds.filter_map(move |shred| {
+            shreds.flat_map(move |shred| {
                 let key = shred.id();
                 let protocol = cluster_nodes::get_broadcast_protocol(&key);
-                cluster_nodes
-                    .get_broadcast_peer(&key)?
-                    .tvu(protocol)
-                    .ok()
-                    .filter(|addr| socket_addr_space.check(addr))
-                    .map(|addr| {
+
+                let mut addrs = Vec::with_capacity(2);
+                if let Some(shred_receiver_address) = shred_receiver_address {
+                    // Assuming always over UDP for shred_receiver_address
+                    addrs.push((Protocol::UDP, *shred_receiver_address));
+                }
+                if let Some(peer) = cluster_nodes.get_broadcast_peer(&key) {
+                    match protocol {
+                        Protocol::QUIC => {
+                            if let Ok(tvu) = peer.tvu(Protocol::QUIC) {
+                                addrs.push((Protocol::QUIC, tvu));
+                            }
+                        }
+                        Protocol::UDP => {
+                            if let Ok(tvu) = peer.tvu(Protocol::UDP) {
+                                addrs.push((Protocol::UDP, tvu));
+                            }
+                        }
+                    }
+                }
+
+                addrs
+                    .into_iter()
+                    .filter(|(_, a)| socket_addr_space.check(a))
+                    .map(move |(protocol, addr)| {
                         (match protocol {
                             Protocol::QUIC => Either::Right,
                             Protocol::UDP => Either::Left,
@@ -698,6 +729,7 @@ pub mod test {
             bank_forks,
             quic_endpoint_sender,
             StandardBroadcastRun::new(0),
+            Arc::new(RwLock::new(None)),
         );
 
         MockBroadcastStage {
@@ -736,7 +768,10 @@ pub mod test {
             let ticks = create_ticks(max_tick_height - start_tick_height, 0, Hash::default());
             for (i, tick) in ticks.into_iter().enumerate() {
                 entry_sender
-                    .send((bank.clone(), (tick, i as u64 + 1)))
+                    .send(WorkingBankEntry {
+                        bank: bank.clone(),
+                        entries_ticks: vec![(tick, i as u64 + 1)],
+                    })
                     .expect("Expect successful send to broadcast service");
             }
         }
diff --git a/turbine/src/broadcast_stage/broadcast_duplicates_run.rs b/turbine/src/broadcast_stage/broadcast_duplicates_run.rs
index 3060fd27c8..64ef903151 100644
--- a/turbine/src/broadcast_stage/broadcast_duplicates_run.rs
+++ b/turbine/src/broadcast_stage/broadcast_duplicates_run.rs
@@ -297,6 +297,7 @@ impl BroadcastRun for BroadcastDuplicatesRun {
         sock: &UdpSocket,
         bank_forks: &RwLock<BankForks>,
         _quic_endpoint_sender: &AsyncSender<(SocketAddr, Bytes)>,
+        _shred_receiver_addr: &Arc<RwLock<Option<SocketAddr>>>,
     ) -> Result<()> {
         let (shreds, _) = receiver.recv()?;
         if shreds.is_empty() {
diff --git a/turbine/src/broadcast_stage/broadcast_fake_shreds_run.rs b/turbine/src/broadcast_stage/broadcast_fake_shreds_run.rs
index b82ca324b6..649e8d0383 100644
--- a/turbine/src/broadcast_stage/broadcast_fake_shreds_run.rs
+++ b/turbine/src/broadcast_stage/broadcast_fake_shreds_run.rs
@@ -150,6 +150,7 @@ impl BroadcastRun for BroadcastFakeShredsRun {
         sock: &UdpSocket,
         _bank_forks: &RwLock<BankForks>,
         _quic_endpoint_sender: &AsyncSender<(SocketAddr, Bytes)>,
+        _shred_receiver_addr: &Arc<RwLock<Option<SocketAddr>>>,
     ) -> Result<()> {
         for (data_shreds, batch_info) in receiver {
             let fake = batch_info.is_some();
diff --git a/turbine/src/broadcast_stage/broadcast_utils.rs b/turbine/src/broadcast_stage/broadcast_utils.rs
index 9c4b48bd5c..c4795a840d 100644
--- a/turbine/src/broadcast_stage/broadcast_utils.rs
+++ b/turbine/src/broadcast_stage/broadcast_utils.rs
@@ -31,13 +31,23 @@ pub(super) fn recv_slot_entries(receiver: &Receiver<WorkingBankEntry>) -> Result
         32 * ShredData::capacity(/*merkle_proof_size*/ None).unwrap() as u64;
     let timer = Duration::new(1, 0);
     let recv_start = Instant::now();
-    let (mut bank, (entry, mut last_tick_height)) = receiver.recv_timeout(timer)?;
-    let mut entries = vec![entry];
+
+    let WorkingBankEntry {
+        mut bank,
+        entries_ticks,
+    } = receiver.recv_timeout(timer)?;
+    let mut last_tick_height = entries_ticks.iter().last().unwrap().1;
+    let mut entries: Vec<Entry> = entries_ticks.into_iter().map(|(e, _)| e).collect();
+
     assert!(last_tick_height <= bank.max_tick_height());
 
     // Drain channel
     while last_tick_height != bank.max_tick_height() {
-        let Ok((try_bank, (entry, tick_height))) = receiver.try_recv() else {
+        let Ok(WorkingBankEntry {
+            bank: try_bank,
+            entries_ticks: new_entries_ticks,
+        }) = receiver.try_recv()
+        else {
             break;
         };
         // If the bank changed, that implies the previous slot was interrupted and we do not have to
@@ -47,8 +57,8 @@ pub(super) fn recv_slot_entries(receiver: &Receiver<WorkingBankEntry>) -> Result
             entries.clear();
             bank = try_bank;
         }
-        last_tick_height = tick_height;
-        entries.push(entry);
+        last_tick_height = new_entries_ticks.iter().last().unwrap().1;
+        entries.extend(new_entries_ticks.into_iter().map(|(entry, _)| entry));
         assert!(last_tick_height <= bank.max_tick_height());
     }
 
@@ -59,8 +69,10 @@ pub(super) fn recv_slot_entries(receiver: &Receiver<WorkingBankEntry>) -> Result
     while last_tick_height != bank.max_tick_height()
         && serialized_batch_byte_count < target_serialized_batch_byte_count
     {
-        let Ok((try_bank, (entry, tick_height))) =
-            receiver.recv_deadline(coalesce_start + ENTRY_COALESCE_DURATION)
+        let Ok(WorkingBankEntry {
+            bank: try_bank,
+            entries_ticks: new_entries_ticks,
+        }) = receiver.recv_deadline(coalesce_start + ENTRY_COALESCE_DURATION)
         else {
             break;
         };
@@ -73,10 +85,12 @@ pub(super) fn recv_slot_entries(receiver: &Receiver<WorkingBankEntry>) -> Result
             bank = try_bank;
             coalesce_start = Instant::now();
         }
-        last_tick_height = tick_height;
-        let entry_bytes = serialized_size(&entry)?;
-        serialized_batch_byte_count += entry_bytes;
-        entries.push(entry);
+        last_tick_height = new_entries_ticks.iter().last().unwrap().1;
+
+        for (entry, _) in &new_entries_ticks {
+            serialized_batch_byte_count += serialized_size(entry)?;
+        }
+        entries.extend(new_entries_ticks.into_iter().map(|(entry, _)| entry));
         assert!(last_tick_height <= bank.max_tick_height());
     }
     let time_coalesced = coalesce_start.elapsed();
@@ -161,7 +175,11 @@ mod tests {
             .map(|i| {
                 let entry = Entry::new(&last_hash, 1, vec![tx.clone()]);
                 last_hash = entry.hash;
-                s.send((bank1.clone(), (entry.clone(), i))).unwrap();
+                s.send(WorkingBankEntry {
+                    bank: bank1.clone(),
+                    entries_ticks: vec![(entry.clone(), i)],
+                })
+                .unwrap();
                 entry
             })
             .collect();
@@ -195,11 +213,18 @@ mod tests {
                 last_hash = entry.hash;
                 // Interrupt slot 1 right before the last tick
                 if tick_height == expected_last_height {
-                    s.send((bank2.clone(), (entry.clone(), tick_height)))
-                        .unwrap();
+                    s.send(WorkingBankEntry {
+                        bank: bank2.clone(),
+                        entries_ticks: vec![(entry.clone(), tick_height)],
+                    })
+                    .unwrap();
                     Some(entry)
                 } else {
-                    s.send((bank1.clone(), (entry, tick_height))).unwrap();
+                    s.send(WorkingBankEntry {
+                        bank: bank1.clone(),
+                        entries_ticks: vec![(entry, tick_height)],
+                    })
+                    .unwrap();
                     None
                 }
             })
diff --git a/turbine/src/broadcast_stage/fail_entry_verification_broadcast_run.rs b/turbine/src/broadcast_stage/fail_entry_verification_broadcast_run.rs
index e9ed6a1a6e..c0fa09ce7d 100644
--- a/turbine/src/broadcast_stage/fail_entry_verification_broadcast_run.rs
+++ b/turbine/src/broadcast_stage/fail_entry_verification_broadcast_run.rs
@@ -3,7 +3,7 @@ use {
     crate::cluster_nodes::ClusterNodesCache,
     solana_ledger::shred::{ProcessShredsStats, ReedSolomonCache, Shredder},
     solana_sdk::{hash::Hash, signature::Keypair},
-    std::{thread::sleep, time::Duration},
+    std::{net::SocketAddr, thread::sleep, time::Duration},
     tokio::sync::mpsc::Sender as AsyncSender,
 };
 
@@ -180,6 +180,7 @@ impl BroadcastRun for FailEntryVerificationBroadcastRun {
         sock: &UdpSocket,
         bank_forks: &RwLock<BankForks>,
         quic_endpoint_sender: &AsyncSender<(SocketAddr, Bytes)>,
+        shred_receiver_address: &Arc<RwLock<Option<SocketAddr>>>,
     ) -> Result<()> {
         let (shreds, _) = receiver.recv()?;
         broadcast_shreds(
@@ -192,6 +193,7 @@ impl BroadcastRun for FailEntryVerificationBroadcastRun {
             bank_forks,
             cluster_info.socket_addr_space(),
             quic_endpoint_sender,
+            &shred_receiver_address.read().unwrap(),
         )
     }
     fn record(&mut self, receiver: &RecordReceiver, blockstore: &Blockstore) -> Result<()> {
diff --git a/turbine/src/broadcast_stage/standard_broadcast_run.rs b/turbine/src/broadcast_stage/standard_broadcast_run.rs
index b8d5252c91..421aa9e80b 100644
--- a/turbine/src/broadcast_stage/standard_broadcast_run.rs
+++ b/turbine/src/broadcast_stage/standard_broadcast_run.rs
@@ -14,7 +14,7 @@ use {
     solana_sdk::{
         genesis_config::ClusterType, hash::Hash, signature::Keypair, timing::AtomicInterval,
     },
-    std::{sync::RwLock, time::Duration},
+    std::{net::SocketAddr, sync::RwLock, time::Duration},
     tokio::sync::mpsc::Sender as AsyncSender,
 };
 
@@ -176,10 +176,24 @@ impl StandardBroadcastRun {
         let (ssend, srecv) = unbounded();
         self.process_receive_results(keypair, blockstore, &ssend, &bsend, receive_results)?;
         //data
-        let _ = self.transmit(&srecv, cluster_info, sock, bank_forks, quic_endpoint_sender);
+        let _ = self.transmit(
+            &srecv,
+            cluster_info,
+            sock,
+            bank_forks,
+            quic_endpoint_sender,
+            &Arc::new(RwLock::new(None)),
+        );
         let _ = self.record(&brecv, blockstore);
         //coding
-        let _ = self.transmit(&srecv, cluster_info, sock, bank_forks, quic_endpoint_sender);
+        let _ = self.transmit(
+            &srecv,
+            cluster_info,
+            sock,
+            bank_forks,
+            quic_endpoint_sender,
+            &Arc::new(RwLock::new(None)),
+        );
         let _ = self.record(&brecv, blockstore);
         Ok(())
     }
@@ -402,6 +416,7 @@ impl StandardBroadcastRun {
         broadcast_shred_batch_info: Option<BroadcastShredBatchInfo>,
         bank_forks: &RwLock<BankForks>,
         quic_endpoint_sender: &AsyncSender<(SocketAddr, Bytes)>,
+        shred_receiver_addr: &Option<SocketAddr>,
     ) -> Result<()> {
         trace!("Broadcasting {:?} shreds", shreds.len());
         let mut transmit_stats = TransmitShredsStats::default();
@@ -418,6 +433,7 @@ impl StandardBroadcastRun {
             bank_forks,
             cluster_info.socket_addr_space(),
             quic_endpoint_sender,
+            shred_receiver_addr,
         )?;
         transmit_time.stop();
 
@@ -485,6 +501,7 @@ impl BroadcastRun for StandardBroadcastRun {
         sock: &UdpSocket,
         bank_forks: &RwLock<BankForks>,
         quic_endpoint_sender: &AsyncSender<(SocketAddr, Bytes)>,
+        shred_receiver_address: &Arc<RwLock<Option<SocketAddr>>>,
     ) -> Result<()> {
         let (shreds, batch_info) = receiver.recv()?;
         self.broadcast(
@@ -494,6 +511,7 @@ impl BroadcastRun for StandardBroadcastRun {
             batch_info,
             bank_forks,
             quic_endpoint_sender,
+            &shred_receiver_address.read().unwrap(),
         )
     }
     fn record(&mut self, receiver: &RecordReceiver, blockstore: &Blockstore) -> Result<()> {
diff --git a/turbine/src/retransmit_stage.rs b/turbine/src/retransmit_stage.rs
index e820851d03..58752e6b87 100644
--- a/turbine/src/retransmit_stage.rs
+++ b/turbine/src/retransmit_stage.rs
@@ -188,6 +188,7 @@ fn retransmit(
     max_slots: &MaxSlots,
     rpc_subscriptions: Option<&RpcSubscriptions>,
     slot_status_notifier: Option<&SlotStatusNotifier>,
+    shred_receiver_address: &Arc<RwLock<Option<SocketAddr>>>,
 ) -> Result<(), RecvTimeoutError> {
     const RECV_TIMEOUT: Duration = Duration::from_secs(1);
     let mut shreds = shreds_receiver.recv_timeout(RECV_TIMEOUT)?;
@@ -268,6 +269,7 @@ fn retransmit(
                     &sockets[index % sockets.len()],
                     quic_endpoint_sender,
                     stats,
+                    &shred_receiver_address.read().unwrap(),
                 )
                 .inspect_err(|err| {
                     stats.record_error(err);
@@ -292,6 +294,7 @@ fn retransmit(
                         &sockets[index % sockets.len()],
                         quic_endpoint_sender,
                         stats,
+                        &shred_receiver_address.read().unwrap(),
                     )
                     .inspect_err(|err| {
                         stats.record_error(err);
@@ -315,6 +318,7 @@ fn retransmit(
     Ok(())
 }
 
+#[allow(clippy::too_many_arguments)]
 fn retransmit_shred(
     key: &ShredId,
     shred: &[u8],
@@ -325,15 +329,20 @@ fn retransmit_shred(
     socket: &UdpSocket,
     quic_endpoint_sender: &AsyncSender<(SocketAddr, Bytes)>,
     stats: &RetransmitStats,
+    shred_receiver_addr: &Option<SocketAddr>,
 ) -> Result<(/*root_distance:*/ usize, /*num_nodes:*/ usize), Error> {
     let mut compute_turbine_peers = Measure::start("turbine_start");
     let data_plane_fanout = cluster_nodes::get_data_plane_fanout(key.slot(), root_bank);
     let (root_distance, addrs) =
         cluster_nodes.get_retransmit_addrs(slot_leader, key, data_plane_fanout)?;
-    let addrs: Vec<_> = addrs
+    let mut addrs: Vec<_> = addrs
         .into_iter()
         .filter(|addr| socket_addr_space.check(addr))
         .collect();
+    if let Some(addr) = shred_receiver_addr {
+        addrs.push(*addr);
+    }
+
     compute_turbine_peers.stop();
     stats
         .compute_turbine_peers_total
@@ -391,6 +400,7 @@ pub fn retransmitter(
     max_slots: Arc<MaxSlots>,
     rpc_subscriptions: Option<Arc<RpcSubscriptions>>,
     slot_status_notifier: Option<SlotStatusNotifier>,
+    shred_receiver_addr: Arc<RwLock<Option<SocketAddr>>>,
 ) -> JoinHandle<()> {
     let cluster_nodes_cache = ClusterNodesCache::<RetransmitStage>::new(
         CLUSTER_NODES_CACHE_NUM_EPOCH_CAP,
@@ -423,6 +433,7 @@ pub fn retransmitter(
                 &max_slots,
                 rpc_subscriptions.as_deref(),
                 slot_status_notifier.as_ref(),
+                &shred_receiver_addr,
             ) {
                 Ok(()) => (),
                 Err(RecvTimeoutError::Timeout) => (),
@@ -447,6 +458,7 @@ impl RetransmitStage {
         max_slots: Arc<MaxSlots>,
         rpc_subscriptions: Option<Arc<RpcSubscriptions>>,
         slot_status_notifier: Option<SlotStatusNotifier>,
+        shred_receiver_addr: Arc<RwLock<Option<SocketAddr>>>,
     ) -> Self {
         let retransmit_thread_handle = retransmitter(
             retransmit_sockets,
@@ -458,6 +470,7 @@ impl RetransmitStage {
             max_slots,
             rpc_subscriptions,
             slot_status_notifier,
+            shred_receiver_addr,
         );
 
         Self {
diff --git a/validator/Cargo.toml b/validator/Cargo.toml
index 4cd77b0b1c..f88921e27a 100644
--- a/validator/Cargo.toml
+++ b/validator/Cargo.toml
@@ -56,6 +56,7 @@ solana-rpc-client = { workspace = true }
 solana-rpc-client-api = { workspace = true }
 solana-runtime = { workspace = true }
 solana-sdk = { workspace = true, features = ["openssl-vendored"] }
+solana-runtime-plugin = { workspace = true }
 solana-send-transaction-service = { workspace = true }
 solana-storage-bigtable = { workspace = true }
 solana-streamer = { workspace = true }
@@ -67,6 +68,7 @@ solana-vote-program = { workspace = true }
 symlink = { workspace = true }
 thiserror = { workspace = true }
 tokio = { workspace = true }
+tonic = { workspace = true, features = ["tls", "tls-roots", "tls-webpki-roots"] }
 
 [dev-dependencies]
 assert_cmd = { workspace = true }
diff --git a/validator/src/admin_rpc_service.rs b/validator/src/admin_rpc_service.rs
index 851c2959e9..307eb3f17c 100644
--- a/validator/src/admin_rpc_service.rs
+++ b/validator/src/admin_rpc_service.rs
@@ -12,6 +12,10 @@ use {
     solana_core::{
         admin_rpc_post_init::AdminRpcRequestMetadataPostInit,
         consensus::{tower_storage::TowerStorage, Tower},
+        proxy::{
+            block_engine_stage::{BlockEngineConfig, BlockEngineStage},
+            relayer_stage::{RelayerConfig, RelayerStage},
+        },
         repair::repair_service,
         validator::ValidatorStartProgress,
     },
@@ -30,6 +34,7 @@ use {
         fmt::{self, Display},
         net::SocketAddr,
         path::{Path, PathBuf},
+        str::FromStr,
         sync::{Arc, RwLock},
         thread::{self, Builder},
         time::{Duration, SystemTime},
@@ -243,6 +248,27 @@ pub trait AdminRpc {
         meta: Self::Metadata,
         public_tpu_forwards_addr: SocketAddr,
     ) -> Result<()>;
+
+    #[rpc(meta, name = "setBlockEngineConfig")]
+    fn set_block_engine_config(
+        &self,
+        meta: Self::Metadata,
+        block_engine_url: String,
+        trust_packets: bool,
+    ) -> Result<()>;
+
+    #[rpc(meta, name = "setRelayerConfig")]
+    fn set_relayer_config(
+        &self,
+        meta: Self::Metadata,
+        relayer_url: String,
+        trust_packets: bool,
+        expected_heartbeat_interval_ms: u64,
+        max_failed_heartbeats: u64,
+    ) -> Result<()>;
+
+    #[rpc(meta, name = "setShredReceiverAddress")]
+    fn set_shred_receiver_address(&self, meta: Self::Metadata, addr: String) -> Result<()>;
 }
 
 pub struct AdminRpcImpl;
@@ -446,6 +472,30 @@ impl AdminRpc for AdminRpcImpl {
         Ok(())
     }
 
+    fn set_block_engine_config(
+        &self,
+        meta: Self::Metadata,
+        block_engine_url: String,
+        trust_packets: bool,
+    ) -> Result<()> {
+        debug!("set_block_engine_config request received");
+        let config = BlockEngineConfig {
+            block_engine_url,
+            trust_packets,
+        };
+        // Detailed log messages are printed inside validate function
+        if BlockEngineStage::is_valid_block_engine_config(&config) {
+            meta.with_post_init(|post_init| {
+                *post_init.block_engine_config.lock().unwrap() = config;
+                Ok(())
+            })
+        } else {
+            Err(jsonrpc_core::error::Error::invalid_params(
+                "failed to set block engine config. see logs for details.",
+            ))
+        }
+    }
+
     fn set_identity(
         &self,
         meta: Self::Metadata,
@@ -480,6 +530,55 @@ impl AdminRpc for AdminRpcImpl {
         AdminRpcImpl::set_identity_keypair(meta, identity_keypair, require_tower)
     }
 
+    fn set_relayer_config(
+        &self,
+        meta: Self::Metadata,
+        relayer_url: String,
+        trust_packets: bool,
+        expected_heartbeat_interval_ms: u64,
+        max_failed_heartbeats: u64,
+    ) -> Result<()> {
+        debug!("set_relayer_config request received");
+        let expected_heartbeat_interval = Duration::from_millis(expected_heartbeat_interval_ms);
+        let oldest_allowed_heartbeat =
+            Duration::from_millis(max_failed_heartbeats * expected_heartbeat_interval_ms);
+        let config = RelayerConfig {
+            relayer_url,
+            expected_heartbeat_interval,
+            oldest_allowed_heartbeat,
+            trust_packets,
+        };
+        // Detailed log messages are printed inside validate function
+        if RelayerStage::is_valid_relayer_config(&config) {
+            meta.with_post_init(|post_init| {
+                *post_init.relayer_config.lock().unwrap() = config;
+                Ok(())
+            })
+        } else {
+            Err(jsonrpc_core::error::Error::invalid_params(
+                "failed to set relayer config. see logs for details.",
+            ))
+        }
+    }
+
+    fn set_shred_receiver_address(&self, meta: Self::Metadata, addr: String) -> Result<()> {
+        let shred_receiver_address = if addr.is_empty() {
+            None
+        } else {
+            Some(SocketAddr::from_str(&addr).map_err(|_| {
+                jsonrpc_core::error::Error::invalid_params(format!(
+                    "invalid shred receiver address: {}",
+                    addr
+                ))
+            })?)
+        };
+
+        meta.with_post_init(|post_init| {
+            *post_init.shred_receiver_address.write().unwrap() = shred_receiver_address;
+            Ok(())
+        })
+    }
+
     fn set_staked_nodes_overrides(&self, meta: Self::Metadata, path: String) -> Result<()> {
         let loaded_config = load_staked_nodes_overrides(&path)
             .map_err(|err| {
@@ -901,7 +1000,11 @@ mod tests {
             solana_program::{program_option::COption, program_pack::Pack},
             state::{Account as TokenAccount, AccountState as TokenAccountState, Mint},
         },
-        std::{collections::HashSet, fs::remove_dir_all, sync::atomic::AtomicBool},
+        std::{
+            collections::HashSet,
+            s::remove_dir_all,
+            sync::{atomic::AtomicBool, Mutex},
+        },
     };
 
     #[derive(Default)]
@@ -942,6 +1045,9 @@ mod tests {
             let vote_account = vote_keypair.pubkey();
             let start_progress = Arc::new(RwLock::new(ValidatorStartProgress::default()));
             let repair_whitelist = Arc::new(RwLock::new(HashSet::new()));
+            let block_engine_config = Arc::new(Mutex::new(BlockEngineConfig::default()));
+            let relayer_config = Arc::new(Mutex::new(RelayerConfig::default()));
+            let shred_receiver_address = Arc::new(RwLock::new(None));
             let meta = AdminRpcRequestMetadata {
                 rpc_addr: None,
                 start_time: SystemTime::now(),
@@ -962,6 +1068,9 @@ mod tests {
                     cluster_slots: Arc::new(
                         solana_core::cluster_slots_service::cluster_slots::ClusterSlots::default(),
                     ),
+                    block_engine_config,
+                    relayer_config,
+                    shred_receiver_address,
                 }))),
                 staked_nodes_overrides: Arc::new(RwLock::new(HashMap::new())),
                 rpc_to_plugin_manager_sender: None,
diff --git a/validator/src/bootstrap.rs b/validator/src/bootstrap.rs
index e68abf5c7a..5b90e0acae 100644
--- a/validator/src/bootstrap.rs
+++ b/validator/src/bootstrap.rs
@@ -816,12 +816,13 @@ fn get_highest_local_snapshot_hash(
     incremental_snapshot_archives_dir: impl AsRef<Path>,
     incremental_snapshot_fetch: bool,
 ) -> Option<(Slot, Hash)> {
-    snapshot_utils::get_highest_full_snapshot_archive_info(full_snapshot_archives_dir)
+    snapshot_utils::get_highest_full_snapshot_archive_info(full_snapshot_archives_dir, None)
         .and_then(|full_snapshot_info| {
             if incremental_snapshot_fetch {
                 snapshot_utils::get_highest_incremental_snapshot_archive_info(
                     incremental_snapshot_archives_dir,
                     full_snapshot_info.slot(),
+                    None,
                 )
                 .map(|incremental_snapshot_info| {
                     (
diff --git a/validator/src/cli.rs b/validator/src/cli.rs
index aed7a3bffc..e0edf112e8 100644
--- a/validator/src/cli.rs
+++ b/validator/src/cli.rs
@@ -69,6 +69,10 @@ const MAX_SNAPSHOT_DOWNLOAD_ABORT: u32 = 5;
 // with less than 2 ticks per slot.
 const MINIMUM_TICKS_PER_SLOT: u64 = 2;
 
+const DEFAULT_PREALLOCATED_BUNDLE_COST: &str = "3000000";
+const DEFAULT_RELAYER_EXPECTED_HEARTBEAT_INTERVAL_MS: &str = "500";
+const DEFAULT_RELAYER_MAX_FAILED_HEARTBEATS: &str = "3";
+
 pub fn app<'a>(version: &'a str, default_args: &'a DefaultArgs) -> App<'a, 'a> {
     return App::new(crate_name!())
         .about(crate_description!())
@@ -82,6 +86,87 @@ pub fn app<'a>(version: &'a str, default_args: &'a DefaultArgs) -> App<'a, 'a> {
                 .long(SKIP_SEED_PHRASE_VALIDATION_ARG.long)
                 .help(SKIP_SEED_PHRASE_VALIDATION_ARG.help),
         )
+        .arg(
+            Arg::with_name("block_engine_url")
+                .long("block-engine-url")
+                .help("Block engine url.  Set to empty string to disable block engine connection.")
+                .takes_value(true)
+        )
+        .arg(
+            Arg::with_name("relayer_url")
+                .long("relayer-url")
+                .help("Relayer url. Set to empty string to disable relayer connection.")
+                .takes_value(true)
+        )
+        .arg(
+            Arg::with_name("trust_relayer_packets")
+                .long("trust-relayer-packets")
+                .takes_value(false)
+                .help("Skip signature verification on relayer packets. Not recommended unless the relayer is trusted.")
+        )
+        .arg(
+            Arg::with_name("relayer_expected_heartbeat_interval_ms")
+                .long("relayer-expected-heartbeat-interval-ms")
+                .takes_value(true)
+                .help("Interval at which the Relayer is expected to send heartbeat messages.")
+                .default_value(DEFAULT_RELAYER_EXPECTED_HEARTBEAT_INTERVAL_MS)
+        )
+        .arg(
+            Arg::with_name("relayer_max_failed_heartbeats")
+                .long("relayer-max-failed-heartbeats")
+                .takes_value(true)
+                .help("Maximum number of heartbeats the Relayer can miss before falling back to the normal TPU pipeline.")
+                .default_value(DEFAULT_RELAYER_MAX_FAILED_HEARTBEATS)
+        )
+        .arg(
+            Arg::with_name("trust_block_engine_packets")
+                .long("trust-block-engine-packets")
+                .takes_value(false)
+                .help("Skip signature verification on block engine packets. Not recommended unless the block engine is trusted.")
+        )
+        .arg(
+            Arg::with_name("tip_payment_program_pubkey")
+                .long("tip-payment-program-pubkey")
+                .value_name("TIP_PAYMENT_PROGRAM_PUBKEY")
+                .takes_value(true)
+                .help("The public key of the tip-payment program")
+        )
+        .arg(
+            Arg::with_name("tip_distribution_program_pubkey")
+                .long("tip-distribution-program-pubkey")
+                .value_name("TIP_DISTRIBUTION_PROGRAM_PUBKEY")
+                .takes_value(true)
+                .help("The public key of the tip-distribution program.")
+        )
+        .arg(
+            Arg::with_name("merkle_root_upload_authority")
+                .long("merkle-root-upload-authority")
+                .value_name("MERKLE_ROOT_UPLOAD_AUTHORITY")
+                .takes_value(true)
+                .help("The public key of the authorized merkle-root uploader.")
+        )
+        .arg(
+            Arg::with_name("commission_bps")
+                .long("commission-bps")
+                .value_name("COMMISSION_BPS")
+                .takes_value(true)
+                .help("The commission validator takes from tips expressed in basis points.")
+        )
+        .arg(
+            Arg::with_name("preallocated_bundle_cost")
+                .long("preallocated-bundle-cost")
+                .value_name("PREALLOCATED_BUNDLE_COST")
+                .takes_value(true)
+                .default_value(DEFAULT_PREALLOCATED_BUNDLE_COST)
+                .help("Number of CUs to allocate for bundles at beginning of slot.")
+        )
+        .arg(
+            Arg::with_name("shred_receiver_address")
+                .long("shred-receiver-address")
+                .value_name("SHRED_RECEIVER_ADDRESS")
+                .takes_value(true)
+                .help("Validator will forward all shreds to this address in addition to normal turbine operation. Set to empty string to disable.")
+        )
         .arg(
             Arg::with_name("identity")
                 .short("i")
@@ -1201,6 +1286,12 @@ pub fn app<'a>(version: &'a str, default_args: &'a DefaultArgs) -> App<'a, 'a> {
                 .takes_value(false)
                 .help("Еnable Geyser interface even if no Geyser configs are specified."),
         )
+        .arg(Arg::with_name("runtime_plugin_config")
+            .long("runtime-plugin-config")
+            .value_name("FILE")
+            .takes_value(true)
+            .multiple(true)
+            .help("Specify the configuration file for a Runtime plugin."))
         .arg(
             Arg::with_name("snapshot_archive_format")
                 .long("snapshot-archive-format")
@@ -1652,6 +1743,68 @@ pub fn app<'a>(version: &'a str, default_args: &'a DefaultArgs) -> App<'a, 'a> {
         .args(&thread_args(&default_args.thread_args))
         .args(&get_deprecated_arguments())
         .after_help("The default subcommand is run")
+        .subcommand(
+            SubCommand::with_name("set-block-engine-config")
+                .about("Set configuration for connection to a block engine")
+                .arg(
+                    Arg::with_name("block_engine_url")
+                        .long("block-engine-url")
+                        .help("Block engine url.  Set to empty string to disable block engine connection.")
+                        .takes_value(true)
+                        .required(true)
+                )
+                .arg(
+                    Arg::with_name("trust_block_engine_packets")
+                        .long("trust-block-engine-packets")
+                        .takes_value(false)
+                        .help("Skip signature verification on block engine packets. Not recommended unless the block engine is trusted.")
+                )
+        )
+        .subcommand(
+            SubCommand::with_name("set-relayer-config")
+                .about("Set configuration for connection to a relayer")
+                .arg(
+                    Arg::with_name("relayer_url")
+                        .long("relayer-url")
+                        .help("Relayer url. Set to empty string to disable relayer connection.")
+                        .takes_value(true)
+                        .required(true)
+                )
+                .arg(
+                    Arg::with_name("trust_relayer_packets")
+                        .long("trust-relayer-packets")
+                        .takes_value(false)
+                        .help("Skip signature verification on relayer packets. Not recommended unless the relayer is trusted.")
+                )
+                .arg(
+                    Arg::with_name("relayer_expected_heartbeat_interval_ms")
+                        .long("relayer-expected-heartbeat-interval-ms")
+                        .takes_value(true)
+                        .help("Interval at which the Relayer is expected to send heartbeat messages.")
+                        .required(false)
+                        .default_value(DEFAULT_RELAYER_EXPECTED_HEARTBEAT_INTERVAL_MS)
+                )
+                .arg(
+                    Arg::with_name("relayer_max_failed_heartbeats")
+                        .long("relayer-max-failed-heartbeats")
+                        .takes_value(true)
+                        .help("Maximum number of heartbeats the Relayer can miss before falling back to the normal TPU pipeline.")
+                        .required(false)
+                        .default_value(DEFAULT_RELAYER_MAX_FAILED_HEARTBEATS)
+                )
+        )
+        .subcommand(
+            SubCommand::with_name("set-shred-receiver-address")
+                .about("Changes shred receiver address")
+                .arg(
+                    Arg::with_name("shred_receiver_address")
+                        .long("shred-receiver-address")
+                        .value_name("SHRED_RECEIVER_ADDRESS")
+                        .takes_value(true)
+                        .help("Validator will forward all shreds to this address in addition to normal turbine operation. Set to empty string to disable.")
+                        .required(true)
+                )
+        )
         .subcommand(
             SubCommand::with_name("exit")
                 .about("Send an exit request to the validator")
@@ -1828,6 +1981,48 @@ pub fn app<'a>(version: &'a str, default_args: &'a DefaultArgs) -> App<'a, 'a> {
         )
         .subcommand(SubCommand::with_name("monitor").about("Monitor the validator"))
         .subcommand(SubCommand::with_name("run").about("Run the validator"))
+        .subcommand(
+            SubCommand::with_name("runtime-plugin")
+                .about("Manage and view runtime plugins")
+                .setting(AppSettings::SubcommandRequiredElseHelp)
+                .setting(AppSettings::InferSubcommands)
+                .subcommand(
+                    SubCommand::with_name("list")
+                        .about("List all current running runtime plugins")
+                )
+                .subcommand(
+                    SubCommand::with_name("unload")
+                        .about("Unload a particular runtime plugin. You must specify the runtime plugin name")
+                        .arg(
+                            Arg::with_name("name")
+                                .required(true)
+                                .takes_value(true)
+                        )
+                )
+                .subcommand(
+                    SubCommand::with_name("reload")
+                        .about("Reload a particular runtime plugin. You must specify the runtime plugin name and the new config path")
+                        .arg(
+                            Arg::with_name("name")
+                                .required(true)
+                                .takes_value(true)
+                        )
+                        .arg(
+                            Arg::with_name("config")
+                                .required(true)
+                                .takes_value(true)
+                        )
+                )
+                .subcommand(
+                    SubCommand::with_name("load")
+                        .about("Load a new gesyer plugin. You must specify the config path. Fails if overwriting (use reload)")
+                        .arg(
+                            Arg::with_name("config")
+                                .required(true)
+                                .takes_value(true)
+                        )
+                )
+        )
         .subcommand(
             SubCommand::with_name("plugin")
                 .about("Manage and view geyser plugins")
@@ -2854,6 +3049,14 @@ pub fn test_app<'a>(version: &'a str, default_args: &'a DefaultTestArgs) -> App<
                 .multiple(true)
                 .help("Specify the configuration file for the Geyser plugin."),
         )
+        .arg(
+            Arg::with_name("runtime_plugin_config")
+                .long("runtime-plugin-config")
+                .value_name("FILE")
+                .takes_value(true)
+                .multiple(true)
+                .help("Specify the configuration file for a Runtime plugin."),
+        )
         .arg(
             Arg::with_name("deactivate_feature")
                 .long("deactivate-feature")
diff --git a/validator/src/main.rs b/validator/src/main.rs
index a7de615b3b..38fd9cd881 100644
--- a/validator/src/main.rs
+++ b/validator/src/main.rs
@@ -33,7 +33,9 @@ use {
     solana_core::{
         banking_trace::DISABLED_BAKING_TRACE_DIR,
         consensus::tower_storage,
+        proxy::{block_engine_stage::BlockEngineConfig, relayer_stage::RelayerConfig},
         system_monitor_service::SystemMonitorService,
+        tip_manager::{TipDistributionAccountConfig, TipManagerConfig},
         tpu::DEFAULT_TPU_COALESCE,
         validator::{
             is_snapshot_config_valid, BlockProductionMethod, BlockVerificationMethod, Validator,
@@ -66,6 +68,10 @@ use {
         snapshot_config::{SnapshotConfig, SnapshotUsage},
         snapshot_utils::{self, ArchiveFormat, SnapshotVersion},
     },
+    solana_runtime_plugin::{
+        runtime_plugin_admin_rpc_service,
+        runtime_plugin_admin_rpc_service::RuntimePluginAdminRpcRequestMetadata,
+    },
     solana_sdk::{
         clock::{Slot, DEFAULT_S_PER_SLOT},
         commitment_config::CommitmentConfig,
@@ -85,9 +91,10 @@ use {
         path::{Path, PathBuf},
         process::exit,
         str::FromStr,
-        sync::{Arc, RwLock},
+        sync::{atomic::AtomicBool, Arc, Mutex, RwLock},
         time::{Duration, SystemTime},
     },
+    tokio::runtime::Runtime,
 };
 
 #[cfg(not(any(target_env = "msvc", target_os = "freebsd")))]
@@ -463,6 +470,60 @@ pub fn main() {
 
     let operation = match matches.subcommand() {
         ("", _) | ("run", _) => Operation::Run,
+        ("set-block-engine-config", Some(subcommand_matches)) => {
+            let block_engine_url = value_t_or_exit!(subcommand_matches, "block_engine_url", String);
+            let trust_packets = subcommand_matches.is_present("trust_block_engine_packets");
+            let admin_client = admin_rpc_service::connect(&ledger_path);
+            admin_rpc_service::runtime()
+                .block_on(async move {
+                    admin_client
+                        .await?
+                        .set_block_engine_config(block_engine_url, trust_packets)
+                        .await
+                })
+                .unwrap_or_else(|err| {
+                    println!("set block engine config failed: {}", err);
+                    exit(1);
+                });
+            return;
+        }
+        ("set-relayer-config", Some(subcommand_matches)) => {
+            let relayer_url = value_t_or_exit!(subcommand_matches, "relayer_url", String);
+            let trust_packets = subcommand_matches.is_present("trust_relayer_packets");
+            let expected_heartbeat_interval_ms: u64 =
+                value_of(subcommand_matches, "relayer_expected_heartbeat_interval_ms").unwrap();
+            let max_failed_heartbeats: u64 =
+                value_of(subcommand_matches, "relayer_max_failed_heartbeats").unwrap();
+            let admin_client = admin_rpc_service::connect(&ledger_path);
+            admin_rpc_service::runtime()
+                .block_on(async move {
+                    admin_client
+                        .await?
+                        .set_relayer_config(
+                            relayer_url,
+                            trust_packets,
+                            expected_heartbeat_interval_ms,
+                            max_failed_heartbeats,
+                        )
+                        .await
+                })
+                .unwrap_or_else(|err| {
+                    println!("set relayer config failed: {}", err);
+                    exit(1);
+                });
+            return;
+        }
+        ("set-shred-receiver-address", Some(subcommand_matches)) => {
+            let addr = value_t_or_exit!(subcommand_matches, "shred_receiver_address", String);
+            let admin_client = admin_rpc_service::connect(&ledger_path);
+            admin_rpc_service::runtime()
+                .block_on(async move { admin_client.await?.set_shred_receiver_address(addr).await })
+                .unwrap_or_else(|err| {
+                    println!("set shred receiver address failed: {}", err);
+                    exit(1);
+                });
+            return;
+        }
         ("authorized-voter", Some(authorized_voter_subcommand_matches)) => {
             match authorized_voter_subcommand_matches.subcommand() {
                 ("add", Some(subcommand_matches)) => {
@@ -614,6 +675,92 @@ pub fn main() {
                 _ => unreachable!(),
             }
         }
+        ("runtime-plugin", Some(plugin_subcommand_matches)) => {
+            let runtime_plugin_rpc_client = runtime_plugin_admin_rpc_service::connect(&ledger_path);
+            let runtime = Runtime::new().unwrap();
+            match plugin_subcommand_matches.subcommand() {
+                ("list", _) => {
+                    let plugins = runtime
+                        .block_on(
+                            async move { runtime_plugin_rpc_client.await?.list_plugins().await },
+                        )
+                        .unwrap_or_else(|err| {
+                            println!("Failed to list plugins: {err}");
+                            exit(1);
+                        });
+                    if !plugins.is_empty() {
+                        println!("Currently the following plugins are loaded:");
+                        for (plugin, i) in plugins.into_iter().zip(1..) {
+                            println!("  {i}) {plugin}");
+                        }
+                    } else {
+                        println!("There are currently no plugins loaded");
+                    }
+                    return;
+                }
+                ("unload", Some(subcommand_matches)) => {
+                    if let Ok(name) = value_t!(subcommand_matches, "name", String) {
+                        runtime
+                            .block_on(async {
+                                runtime_plugin_rpc_client
+                                    .await?
+                                    .unload_plugin(name.clone())
+                                    .await
+                            })
+                            .unwrap_or_else(|err| {
+                                println!("Failed to unload plugin {name}: {err:?}");
+                                exit(1);
+                            });
+                        println!("Successfully unloaded plugin: {name}");
+                    }
+                    return;
+                }
+                ("load", Some(subcommand_matches)) => {
+                    if let Ok(config) = value_t!(subcommand_matches, "config", String) {
+                        let name = runtime
+                            .block_on(async {
+                                runtime_plugin_rpc_client
+                                    .await?
+                                    .load_plugin(config.clone())
+                                    .await
+                            })
+                            .unwrap_or_else(|err| {
+                                println!("Failed to load plugin {config}: {err:?}");
+                                exit(1);
+                            });
+                        println!("Successfully loaded plugin: {name}");
+                    }
+                    return;
+                }
+                ("reload", Some(subcommand_matches)) => {
+                    if let Ok(name) = value_t!(subcommand_matches, "name", String) {
+                        if let Ok(config) = value_t!(subcommand_matches, "config", String) {
+                            println!(
+                                "This command does not work as intended on some systems.\
+                                To correctly reload an existing plugin make sure to:\
+                                    1. Rename the new plugin binary file.\
+                                    2. Unload the previous version.\
+                                    3. Load the new, renamed binary using the 'Load' command."
+                            );
+                            runtime
+                                .block_on(async {
+                                    runtime_plugin_rpc_client
+                                        .await?
+                                        .reload_plugin(name.clone(), config.clone())
+                                        .await
+                                })
+                                .unwrap_or_else(|err| {
+                                    println!("Failed to reload plugin {name}: {err:?}");
+                                    exit(1);
+                                });
+                            println!("Successfully reloaded plugin: {name}");
+                        }
+                    }
+                    return;
+                }
+                _ => unreachable!(),
+            }
+        }
         ("contact-info", Some(subcommand_matches)) => {
             let output_mode = subcommand_matches.value_of("output");
             let admin_client = admin_rpc_service::connect(&ledger_path);
@@ -1459,6 +1606,51 @@ pub fn main() {
 
     let full_api = matches.is_present("full_rpc_api");
 
+    let cli::thread_args::NumThreadConfig {
+        ip_echo_server_threads,
+        replay_forks_threads,
+        replay_transactions_threads,
+        tvu_receive_threads,
+    } = cli::thread_args::parse_num_threads_args(&matches);
+
+    let voting_disabled = matches.is_present("no_voting") || restricted_repair_only_mode;
+    let tip_manager_config = tip_manager_config_from_matches(&matches, voting_disabled);
+
+    let block_engine_config = BlockEngineConfig {
+        block_engine_url: if matches.is_present("block_engine_url") {
+            value_of(&matches, "block_engine_url").expect("couldn't parse block_engine_url")
+        } else {
+            "".to_string()
+        },
+        trust_packets: matches.is_present("trust_block_engine_packets"),
+    };
+
+    // Defaults are set in cli definition, safe to use unwrap() here
+    let expected_heartbeat_interval_ms: u64 =
+        value_of(&matches, "relayer_expected_heartbeat_interval_ms").unwrap();
+    assert!(
+        expected_heartbeat_interval_ms > 0,
+        "relayer-max-failed-heartbeats must be greater than zero"
+    );
+    let max_failed_heartbeats: u64 = value_of(&matches, "relayer_max_failed_heartbeats").unwrap();
+    assert!(
+        max_failed_heartbeats > 0,
+        "relayer-max-failed-heartbeats must be greater than zero"
+    );
+
+    let relayer_config = RelayerConfig {
+        relayer_url: if matches.is_present("relayer_url") {
+            value_of(&matches, "relayer_url").expect("couldn't parse relayer_url")
+        } else {
+            "".to_string()
+        },
+        expected_heartbeat_interval: Duration::from_millis(expected_heartbeat_interval_ms),
+        oldest_allowed_heartbeat: Duration::from_millis(
+            max_failed_heartbeats * expected_heartbeat_interval_ms,
+        ),
+        trust_packets: matches.is_present("trust_relayer_packets"),
+    };
+
     let mut validator_config = ValidatorConfig {
         require_tower: matches.is_present("require_tower"),
         tower_storage,
@@ -1591,6 +1783,14 @@ pub fn main() {
             log_messages_bytes_limit: value_of(&matches, "log_messages_bytes_limit"),
             ..RuntimeConfig::default()
         },
+        relayer_config: Arc::new(Mutex::new(relayer_config)),
+        block_engine_config: Arc::new(Mutex::new(block_engine_config)),
+        tip_manager_config,
+        shred_receiver_address: Arc::new(RwLock::new(
+            matches
+                .value_of("shred_receiver_address")
+                .map(|addr| SocketAddr::from_str(addr).expect("shred_receiver_address invalid")),
+        )),
         staked_nodes_overrides: staked_nodes_overrides.clone(),
         use_snapshot_archives_at_startup: value_t_or_exit!(
             matches,
@@ -1606,6 +1806,8 @@ pub fn main() {
             .is_present("delay_leader_block_for_pending_fork"),
         wen_restart_proto_path: value_t!(matches, "wen_restart", PathBuf).ok(),
         wen_restart_coordinator: value_t!(matches, "wen_restart_coordinator", Pubkey).ok(),
+        preallocated_bundle_cost: value_of(&matches, "preallocated_bundle_cost")
+            .expect("preallocated_bundle_cost set as default"),
         ..ValidatorConfig::default()
     };
 
@@ -1899,6 +2101,31 @@ pub fn main() {
         },
     );
 
+    let runtime_plugin_config_and_rpc_rx = {
+        let plugin_exit = Arc::new(AtomicBool::new(false));
+        let (rpc_request_sender, rpc_request_receiver) = unbounded();
+        solana_runtime_plugin::runtime_plugin_admin_rpc_service::run(
+            &ledger_path,
+            RuntimePluginAdminRpcRequestMetadata {
+                rpc_request_sender,
+                validator_exit: validator_config.validator_exit.clone(),
+            },
+            plugin_exit,
+        );
+
+        if matches.is_present("runtime_plugin_config") {
+            (
+                values_t_or_exit!(matches, "runtime_plugin_config", String)
+                    .into_iter()
+                    .map(PathBuf::from)
+                    .collect(),
+                rpc_request_receiver,
+            )
+        } else {
+            (vec![], rpc_request_receiver)
+        }
+    };
+
     let gossip_host: IpAddr = matches
         .value_of("gossip_host")
         .map(|gossip_host| {
@@ -2091,6 +2318,7 @@ pub fn main() {
             tpu_max_connections_per_ipaddr_per_minute,
         },
         admin_service_post_init,
+        Some(runtime_plugin_config_and_rpc_rx),
     ) {
         Ok(validator) => validator,
         Err(err) => match err.downcast_ref() {
@@ -2164,3 +2392,47 @@ fn process_account_indexes(matches: &ArgMatches) -> AccountSecondaryIndexes {
         indexes: account_indexes,
     }
 }
+
+fn tip_manager_config_from_matches(
+    matches: &ArgMatches,
+    voting_disabled: bool,
+) -> TipManagerConfig {
+    TipManagerConfig {
+        tip_payment_program_id: pubkey_of(matches, "tip_payment_program_pubkey").unwrap_or_else(
+            || {
+                if !voting_disabled {
+                    panic!("--tip-payment-program-pubkey argument required when validator is voting");
+                }
+                Pubkey::new_unique()
+            },
+        ),
+        tip_distribution_program_id: pubkey_of(matches, "tip_distribution_program_pubkey")
+            .unwrap_or_else(|| {
+                if !voting_disabled {
+                    panic!("--tip-distribution-program-pubkey argument required when validator is voting");
+                }
+                Pubkey::new_unique()
+            }),
+        tip_distribution_account_config: TipDistributionAccountConfig {
+            merkle_root_upload_authority: pubkey_of(matches, "merkle_root_upload_authority")
+                .unwrap_or_else(|| {
+                    if !voting_disabled {
+                        panic!("--merkle-root-upload-authority argument required when validator is voting");
+                    }
+                    Pubkey::new_unique()
+                }),
+            vote_account: pubkey_of(matches, "vote_account").unwrap_or_else(|| {
+                if !voting_disabled {
+                    panic!("--vote-account argument required when validator is voting");
+                }
+                Pubkey::new_unique()
+            }),
+            commission_bps: value_t!(matches, "commission_bps", u16).unwrap_or_else(|_| {
+                if !voting_disabled {
+                    panic!("--commission-bps argument required when validator is voting");
+                }
+                0
+            }),
+        },
+    }
+}
diff --git a/version/src/lib.rs b/version/src/lib.rs
index 0a03ec1289..e45e74a90d 100644
--- a/version/src/lib.rs
+++ b/version/src/lib.rs
@@ -64,7 +64,7 @@ impl Default for Version {
             commit: compute_commit(option_env!("CI_COMMIT")).unwrap_or_default(),
             feature_set,
             // Other client implementations need to modify this line.
-            client: u16::try_from(ClientId::Agave).unwrap(),
+            client: u16::try_from(ClientId::JitoLabs).unwrap(),
         }
     }
 }
diff --git a/wen-restart/src/wen_restart.rs b/wen-restart/src/wen_restart.rs
index 23c4d1199c..efcea06b69 100644
--- a/wen-restart/src/wen_restart.rs
+++ b/wen-restart/src/wen_restart.rs
@@ -516,7 +516,7 @@ pub(crate) fn generate_snapshot(
     // snapshot on disk, which might be too old to generate an incremental snapshot from.
     // In this case we also set full_snapshot_slot to None.
     let full_snapshot_slot = if snapshot_config.should_generate_snapshots() {
-        get_highest_full_snapshot_archive_slot(directory)
+        get_highest_full_snapshot_archive_slot(directory, None)
     } else {
         None
     };