From de0c67803b34f4857c4b6b1e56f5f86776cd88d0 Mon Sep 17 00:00:00 2001
From: Juan Munoz <juanmunoz890@gmail.com>
Date: Mon, 18 May 2026 14:53:58 -0300
Subject: [PATCH 1/3] chore: update miden-protocol

---
 CHANGELOG.md                                  |   1 +
 Cargo.lock                                    | 330 ++++----
 Cargo.toml                                    |   2 +-
 bin/genesis/src/main.rs                       |   8 +-
 bin/network-monitor/src/counter.rs            |  10 +-
 bin/network-monitor/src/deploy/counter.rs     |   2 +-
 bin/ntx-builder/src/actor/mod.rs              |   4 +-
 bin/ntx-builder/src/builder.rs                |  21 +-
 bin/ntx-builder/src/clients/store.rs          |  20 +-
 bin/ntx-builder/src/coordinator.rs            |  16 +-
 .../src/db/models/account_effect.rs           |  36 +-
 bin/ntx-builder/src/db/models/conv.rs         |   3 +-
 bin/ntx-builder/src/db/models/queries/mod.rs  |   8 +-
 .../src/db/models/queries/notes.rs            |   7 +-
 bin/ntx-builder/src/test_utils.rs             |  12 +-
 bin/stress-test/src/seeding/mod.rs            |  37 +-
 bin/stress-test/src/seeding/tests.rs          |  12 +-
 bin/stress-test/src/store/mod.rs              |   2 +-
 bin/validator/src/commands/mod.rs             |   6 +-
 bin/validator/src/db/models.rs                |   2 +-
 bin/validator/src/signers/mod.rs              |   6 +-
 .../block-producer/src/block_builder/mod.rs   |   3 +-
 .../block-producer/src/domain/transaction.rs  |   9 +-
 .../src/mempool/subscription.rs               |  12 +-
 crates/block-producer/src/store/mod.rs        |   2 +-
 .../src/test_utils/proven_tx.rs               |   2 +-
 crates/db/src/conv.rs                         |   2 +-
 .../large-smt-backend-rocksdb/src/helpers.rs  |  65 +-
 crates/large-smt-backend-rocksdb/src/lib.rs   |   2 +
 .../large-smt-backend-rocksdb/src/rocksdb.rs  | 722 +++++++++++-------
 crates/proto/src/domain/account.rs            |  21 +-
 crates/proto/src/domain/digest.rs             |   8 +-
 crates/proto/src/domain/merkle.rs             |   2 +-
 crates/proto/src/domain/note.rs               |   3 +-
 crates/rpc/src/server/api.rs                  |  60 +-
 crates/rpc/src/tests.rs                       | 106 ++-
 crates/store/build.rs                         |  18 +-
 crates/store/src/account_state_forest/mod.rs  |  19 +-
 crates/store/src/db/mod.rs                    |  12 +
 crates/store/src/db/models/conv.rs            |   2 +-
 .../store/src/db/models/queries/accounts.rs   | 107 ++-
 .../src/db/models/queries/accounts/delta.rs   |   2 +-
 .../db/models/queries/accounts/delta/tests.rs |  79 +-
 .../src/db/models/queries/accounts/tests.rs   | 143 +++-
 .../src/db/models/queries/transactions.rs     |   9 +-
 crates/store/src/db/tests.rs                  | 149 ++--
 crates/store/src/genesis/config/errors.rs     |   3 +
 crates/store/src/genesis/config/mod.rs        |  23 +-
 .../agglayer_faucet_eth.mac                   | Bin 14803 -> 21004 bytes
 .../agglayer_faucet_usdc.mac                  | Bin 14803 -> 21004 bytes
 .../samples/02-with-account-files/bridge.mac  | Bin 31421 -> 34376 bytes
 crates/store/src/genesis/config/tests.rs      |  36 +-
 crates/store/src/genesis/mod.rs               |   4 +-
 crates/store/src/lib.rs                       |  43 ++
 crates/store/src/server/api.rs                |   2 +-
 crates/store/src/server/rpc_api.rs            |  14 +-
 crates/store/src/state/apply_block.rs         |   2 +-
 crates/store/src/state/loader.rs              |   9 +-
 crates/store/src/state/mod.rs                 |  12 +-
 crates/store/src/state/sync_state.rs          |   7 +-
 crates/utils/src/crypto.rs                    |   2 +-
 proto/proto/internal/store.proto              |  19 +
 proto/proto/types/account.proto               |   6 +
 63 files changed, 1434 insertions(+), 852 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e2bc8f0b3d..edca7c29eb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,6 +31,7 @@
 - [BREAKING] Changed `SyncChainMmr` endpoint: the upper end of the block range we're syncing is now the chain tip with the requested finality level. Validator signature is also returned ([#2075](https://github.com/0xMiden/node/pull/2075)).
 - [BREAKING] Renamed `SubmitProvenTransaction` RPC endpoint to `SubmitProvenTx` ([#2094](https://github.com/0xMiden/node/pull/2094)).
 - [BREAKING] Renamed `SubmitProvenBatch` RPC endpoint to `SubmitProvenTxBatch` ([#2094](https://github.com/0xMiden/node/pull/2094)).
+- Updated `miden-protocol` and bumped `miden-crypto` to `v0.25`. `AccountId::is_network()` was removed upstream, so `SubmitProvenTx` and `SubmitProvenTxBatch` now consult the store to classify post-deployment public-account transactions as network accounts.
 
 ## v0.14.10 (2026-05-29)
 
diff --git a/Cargo.lock b/Cargo.lock
index e6818092a4..96df84f824 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -177,7 +177,7 @@ version = "1.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc"
 dependencies = [
- "windows-sys 0.61.2",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
@@ -188,7 +188,7 @@ checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d"
 dependencies = [
  "anstyle",
  "once_cell_polyfill",
- "windows-sys 0.61.2",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
@@ -1225,6 +1225,12 @@ dependencies = [
  "itertools 0.13.0",
 ]
 
+[[package]]
+name = "critical-section"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "790eea4361631c5e7d22598ecd5723ff611904e3344ce8720784c93e3d83d40b"
+
 [[package]]
 name = "crossbeam-deque"
 version = "0.8.6"
@@ -1678,7 +1684,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
  "libc",
- "windows-sys 0.61.2",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -2913,10 +2919,21 @@ version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
 
+[[package]]
+name = "miden-ace-codegen"
+version = "0.23.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1c5e3d08008b5f9dd3e6145e55e4d3c1a4e47a74383dd8d0d64003455ee94510"
+dependencies = [
+ "miden-core",
+ "miden-crypto",
+ "thiserror 2.0.18",
+]
+
 [[package]]
 name = "miden-agglayer"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#9160eee3eea8b79bbff9ff1113c535743d6c693c"
+source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
 dependencies = [
  "alloy-sol-types",
  "fs-err",
@@ -2936,22 +2953,25 @@ dependencies = [
 
 [[package]]
 name = "miden-air"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d15646ebc95906b2a7cb66711d1e184f53fd6edc2605730bbcf0c2a129f792cf"
+checksum = "d980fa23010e53c43077cf0182e6e88acd1a099abbf8a98cd298aa69b86688dc"
 dependencies = [
+ "miden-ace-codegen",
  "miden-core",
  "miden-crypto",
+ "miden-lifted-stark",
  "miden-utils-indexing",
+ "proptest",
  "thiserror 2.0.18",
  "tracing",
 ]
 
 [[package]]
 name = "miden-assembly"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ae6013b3a390e0dcb29242f4480a7727965887bbf0903466c88f362b4cb20c0e"
+checksum = "24eb53abd723b7dd8ff1210b7d126f0d9e1d9127ea0e7f6a46471845d060cc43"
 dependencies = [
  "env_logger",
  "log",
@@ -2960,15 +2980,16 @@ dependencies = [
  "miden-mast-package",
  "miden-package-registry",
  "miden-project",
+ "proptest",
  "smallvec",
  "thiserror 2.0.18",
 ]
 
 [[package]]
 name = "miden-assembly-syntax"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "996156b8f7c5fe6be17dea71089c6d7985c2dec1e3a4fec068b1dfc690e25df5"
+checksum = "02ead435c8dccfd3b9bd97779cfa0d74cc14c767a9740f162bf7cd49a0da26bd"
 dependencies = [
  "aho-corasick",
  "env_logger",
@@ -2992,7 +3013,7 @@ dependencies = [
 [[package]]
 name = "miden-block-prover"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#9160eee3eea8b79bbff9ff1113c535743d6c693c"
+source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
 dependencies = [
  "miden-protocol",
  "thiserror 2.0.18",
@@ -3000,12 +3021,12 @@ dependencies = [
 
 [[package]]
 name = "miden-core"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fdec54a321cdf3d23e9ef615e91cb858038c6b4d4202507bdec048fc6d7763e4"
+checksum = "9a7c7eecda385bcc66aea99ee3279ae7c78f38e3541f4c1d67d309ac32314ff4"
 dependencies = [
  "derive_more",
- "itertools 0.14.0",
+ "log",
  "miden-crypto",
  "miden-debug-types",
  "miden-formatting",
@@ -3022,9 +3043,9 @@ dependencies = [
 
 [[package]]
 name = "miden-core-lib"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "621e8fa911a790bcf3cd3aedce80bc10922a19d6181f08ff3ca078f955cff70b"
+checksum = "99bc06c94dcb75e3e44220fe7623ab99585e7828f19b80534c48a9971d31bfd8"
 dependencies = [
  "env_logger",
  "fs-err",
@@ -3039,24 +3060,26 @@ dependencies = [
 
 [[package]]
 name = "miden-crypto"
-version = "0.23.0"
+version = "0.25.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ed0a034a460e27723dcfdf25effffab84331c3b46b13e7a1bd674197cc71bfe"
+checksum = "72ae084a6d15d5d862760bcbdbb5caad41415ed455cd7ab2b53a012d21a431ed"
 dependencies = [
  "blake3",
  "cc",
  "chacha20poly1305",
  "curve25519-dalek",
+ "der",
  "ed25519-dalek",
  "flume",
- "glob",
  "hkdf",
  "k256",
  "miden-crypto-derive",
  "miden-field",
+ "miden-lifted-stark",
  "miden-serde-utils",
  "num",
  "num-complex",
+ "once_cell",
  "p3-blake3",
  "p3-challenger",
  "p3-dft",
@@ -3064,7 +3087,6 @@ dependencies = [
  "p3-keccak",
  "p3-matrix",
  "p3-maybe-rayon",
- "p3-miden-lifted-stark",
  "p3-symmetric",
  "p3-util",
  "rand 0.9.2",
@@ -3083,9 +3105,9 @@ dependencies = [
 
 [[package]]
 name = "miden-crypto-derive"
-version = "0.23.0"
+version = "0.25.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e8bf6ebde028e79bcc61a3632d2f375a5cc64caa17d014459f75015238cb1e08"
+checksum = "e8523f6ac9b28782ca759920e536164e7eab7dbfaf9132721ca3e325c060df73"
 dependencies = [
  "quote",
  "syn 2.0.117",
@@ -3093,9 +3115,9 @@ dependencies = [
 
 [[package]]
 name = "miden-debug-types"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d6e50274d11c80b901cf6c90362de8c98c8c8ad6030c80624d683b63d899a0fb"
+checksum = "206f5346bef744da1ffae9874a22170a2d0c27dd20947d89182d16f5d86348f7"
 dependencies = [
  "memchr",
  "miden-crypto",
@@ -3104,6 +3126,7 @@ dependencies = [
  "miden-utils-indexing",
  "miden-utils-sync",
  "paste",
+ "proptest",
  "serde",
  "serde_spanned",
  "thiserror 2.0.18",
@@ -3111,15 +3134,16 @@ dependencies = [
 
 [[package]]
 name = "miden-field"
-version = "0.23.0"
+version = "0.25.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38011348f4fb4c9e5ce1f471203d024721c00e3b60a91aa91aaefe6738d8b5ea"
+checksum = "7b8a48ba526c353bf583bba18ddf62ad4846945e85fcaf44614633276416b5d9"
 dependencies = [
  "miden-serde-utils",
  "num-bigint",
  "p3-challenger",
  "p3-field",
  "p3-goldilocks",
+ "p3-util",
  "paste",
  "rand 0.10.0",
  "serde",
@@ -3165,13 +3189,48 @@ dependencies = [
  "rocksdb",
 ]
 
+[[package]]
+name = "miden-lifted-air"
+version = "0.25.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a00d97ada3bfd70d6cc4f1a13ced8cb509f72fb16b1b28c292366aee846d3220"
+dependencies = [
+ "p3-air",
+ "p3-field",
+ "p3-matrix",
+ "p3-util",
+ "thiserror 2.0.18",
+]
+
+[[package]]
+name = "miden-lifted-stark"
+version = "0.25.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ab3601a30d39e08a31ecc5b5215c87b11623942d9610aebccda89a4a5bf757c4"
+dependencies = [
+ "miden-lifted-air",
+ "miden-stark-transcript",
+ "miden-stateful-hasher",
+ "p3-challenger",
+ "p3-dft",
+ "p3-field",
+ "p3-goldilocks",
+ "p3-matrix",
+ "p3-maybe-rayon",
+ "p3-symmetric",
+ "p3-util",
+ "rand 0.10.0",
+ "serde",
+ "thiserror 2.0.18",
+ "tracing",
+]
+
 [[package]]
 name = "miden-mast-package"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc8b2e3447fcde1f0e6b76e5219f129517639772cb02ca543177f0584e315288"
+checksum = "3ae69cd4dc25b0993eb5fafcc99987abd3502d8a7a902248af4a597537dce600"
 dependencies = [
- "derive_more",
  "miden-assembly-syntax",
  "miden-core",
  "miden-debug-types",
@@ -3537,13 +3596,14 @@ dependencies = [
 
 [[package]]
 name = "miden-package-registry"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "969ba3942052e52b3968e34dbd1c52c707e75777ee42ebdae2c8f57af56cf6cf"
+checksum = "8c1d77c6f5942f3111fc56a19d638076ea77df3628efa97c7955259c609ca8dd"
 dependencies = [
  "miden-assembly-syntax",
  "miden-core",
  "miden-mast-package",
+ "proptest",
  "pubgrub",
  "serde",
  "smallvec",
@@ -3552,9 +3612,9 @@ dependencies = [
 
 [[package]]
 name = "miden-processor"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ec6cecbf22bd92b73a931ee80b424e46b8b7cdf4f2f3c364c25c5c15d2840da"
+checksum = "70508a4a75989a47f03a0681df412b80040c76230c3d850f8f2b80f7a986d4aa"
 dependencies = [
  "itertools 0.14.0",
  "miden-air",
@@ -3565,20 +3625,20 @@ dependencies = [
  "paste",
  "rayon",
  "thiserror 2.0.18",
- "tokio",
  "tracing",
 ]
 
 [[package]]
 name = "miden-project"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3840520c01881534fbbceb6b3687ec1c407fbaf310a35ce415fd3510abc52fdb"
+checksum = "6338d92713845f57b137e4305db11ee8614b0cec9b1516470233ce64d53f6376"
 dependencies = [
  "miden-assembly-syntax",
  "miden-core",
  "miden-mast-package",
  "miden-package-registry",
+ "proptest",
  "serde",
  "serde-untagged",
  "thiserror 2.0.18",
@@ -3588,7 +3648,7 @@ dependencies = [
 [[package]]
 name = "miden-protocol"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#9160eee3eea8b79bbff9ff1113c535743d6c693c"
+source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
 dependencies = [
  "bech32",
  "fs-err",
@@ -3616,19 +3676,16 @@ dependencies = [
 
 [[package]]
 name = "miden-prover"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6bb2c94e36f57684d7fa0cd382adeedc1728d502dbbe69ad1c12f4a931f45511"
+checksum = "c59b5dbdac3a8596fc201de028c17ed5060ad554901259222420afd186f2b467"
 dependencies = [
  "bincode",
  "miden-air",
  "miden-core",
  "miden-crypto",
- "miden-debug-types",
  "miden-processor",
  "serde",
- "thiserror 2.0.18",
- "tokio",
  "tracing",
 ]
 
@@ -3683,9 +3740,9 @@ dependencies = [
 
 [[package]]
 name = "miden-serde-utils"
-version = "0.23.0"
+version = "0.25.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ff78082e9b4ca89863e68da01b35f8a4029ee6fd912e39fa41fde4273a7debab"
+checksum = "d899afcfbf85c851522f2dff73db1064116486fb8e0ebce0ade44ce72dadc075"
 dependencies = [
  "p3-field",
  "p3-goldilocks",
@@ -3694,7 +3751,7 @@ dependencies = [
 [[package]]
 name = "miden-standards"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#9160eee3eea8b79bbff9ff1113c535743d6c693c"
+source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
 dependencies = [
  "bon",
  "fs-err",
@@ -3708,10 +3765,32 @@ dependencies = [
  "walkdir",
 ]
 
+[[package]]
+name = "miden-stark-transcript"
+version = "0.25.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c0e1f55bdff89f12ec6fc3881660a0d51d4e77f66026ab0e6ddcbd098a16f2f"
+dependencies = [
+ "p3-challenger",
+ "p3-field",
+ "serde",
+ "thiserror 2.0.18",
+]
+
+[[package]]
+name = "miden-stateful-hasher"
+version = "0.25.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0069bab01139a5660c7189589c95dfedf8449514d03641fd3f9d049e1b031f9"
+dependencies = [
+ "p3-field",
+ "p3-symmetric",
+]
+
 [[package]]
 name = "miden-testing"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#9160eee3eea8b79bbff9ff1113c535743d6c693c"
+source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
 dependencies = [
  "anyhow",
  "itertools 0.14.0",
@@ -3731,7 +3810,7 @@ dependencies = [
 [[package]]
 name = "miden-tx"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#9160eee3eea8b79bbff9ff1113c535743d6c693c"
+source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
 dependencies = [
  "miden-processor",
  "miden-protocol",
@@ -3744,7 +3823,7 @@ dependencies = [
 [[package]]
 name = "miden-tx-batch-prover"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#9160eee3eea8b79bbff9ff1113c535743d6c693c"
+source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
 dependencies = [
  "miden-protocol",
  "miden-tx",
@@ -3752,9 +3831,9 @@ dependencies = [
 
 [[package]]
 name = "miden-utils-core-derive"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3846c8674ccec0c37005f99c1a599a24790ba2a5e5f4e1c7aec5f456821df835"
+checksum = "9f74ef56bd44d23c805f662cd4f4639b04df6e0204d78806ede0e6f93d9695a5"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3763,33 +3842,33 @@ dependencies = [
 
 [[package]]
 name = "miden-utils-diagnostics"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "397f5d1e8679cf17cf7713ffd9654840791a6ed5818b025bbc2fbfdce846579a"
+checksum = "c7b3aa61e0ee0f8a5b3f44250b73879437f9e10b6061c3ae743fd1cdb1f56321"
 dependencies = [
  "miden-crypto",
  "miden-debug-types",
  "miden-miette",
- "paste",
  "tracing",
 ]
 
 [[package]]
 name = "miden-utils-indexing"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8834e76299686bcce3de1685158aa4cff49b7fa5e0e00a6cc811e8f2cf5775f"
+checksum = "57419a0557e580e04125542f4383910fb997660633e15ad4570ce1ff2ae80557"
 dependencies = [
  "miden-crypto",
+ "proptest",
  "serde",
  "thiserror 2.0.18",
 ]
 
 [[package]]
 name = "miden-utils-sync"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a9e9747e9664c1a0997bb040ae291306ea0a1c74a572141ec66cec855c1b0e8"
+checksum = "5a8a579c0c7cf44c123129045339f53b1f26f0aa2dc508494e97360d3ccab80e"
 dependencies = [
  "lock_api",
  "loom",
@@ -3829,9 +3908,9 @@ dependencies = [
 
 [[package]]
 name = "miden-verifier"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c4580df640d889c9f3c349cd2268968e44a99a8cf0df6c36ae5b1fb273712b00"
+checksum = "49cd4ca9a8b90c48d5fc6f5707c46cc44b17285f2f705cbe44e5b56c430a85c8"
 dependencies = [
  "bincode",
  "miden-air",
@@ -3844,9 +3923,9 @@ dependencies = [
 
 [[package]]
 name = "midenc-hir-type"
-version = "0.5.3"
+version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2eb29d7c049fb69373c7e775e3d4411e63e4ee608bc43826282ba62c6ec9f891"
+checksum = "1ff0511aa2201f7098995e38a3c97a319d379c3b2d26fb83677b21b71f61a7b4"
 dependencies = [
  "miden-formatting",
  "miden-serde-utils",
@@ -3988,7 +4067,7 @@ version = "0.50.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
 dependencies = [
- "windows-sys 0.61.2",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
@@ -4106,6 +4185,10 @@ name = "once_cell"
 version = "1.21.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50"
+dependencies = [
+ "critical-section",
+ "portable-atomic",
+]
 
 [[package]]
 name = "once_cell_polyfill"
@@ -4239,19 +4322,6 @@ dependencies = [
  "tracing",
 ]
 
-[[package]]
-name = "p3-commit"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "916ae7989d5c3b49f887f5c55b2f9826bdbb81aaebf834503c4145d8b267c829"
-dependencies = [
- "itertools 0.14.0",
- "p3-field",
- "p3-matrix",
- "p3-util",
- "serde",
-]
-
 [[package]]
 name = "p3-dft"
 version = "0.5.2"
@@ -4351,102 +4421,6 @@ dependencies = [
  "rand 0.10.0",
 ]
 
-[[package]]
-name = "p3-miden-lifted-air"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c5c31c65fdc88952d7b301546add9670676e5b878aa0066dd929f107c203b006"
-dependencies = [
- "p3-air",
- "p3-field",
- "p3-matrix",
- "p3-util",
- "thiserror 2.0.18",
-]
-
-[[package]]
-name = "p3-miden-lifted-fri"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ab9932f1b0a16609a45cd4ee10a4d35412728bc4b38837c7979d7c85d8dcc9fc"
-dependencies = [
- "p3-challenger",
- "p3-commit",
- "p3-dft",
- "p3-field",
- "p3-matrix",
- "p3-maybe-rayon",
- "p3-miden-lmcs",
- "p3-miden-transcript",
- "p3-util",
- "rand 0.10.0",
- "thiserror 2.0.18",
- "tracing",
-]
-
-[[package]]
-name = "p3-miden-lifted-stark"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8c3956ab7270c3cdd53ca9796d39ae1821984eb977415b0672110f9666bff5d8"
-dependencies = [
- "p3-challenger",
- "p3-dft",
- "p3-field",
- "p3-matrix",
- "p3-maybe-rayon",
- "p3-miden-lifted-air",
- "p3-miden-lifted-fri",
- "p3-miden-lmcs",
- "p3-miden-stateful-hasher",
- "p3-miden-transcript",
- "p3-util",
- "thiserror 2.0.18",
- "tracing",
-]
-
-[[package]]
-name = "p3-miden-lmcs"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "48c46791c983e772136db3d48f102431457451447abb9087deb6c8ce3c1efc86"
-dependencies = [
- "p3-commit",
- "p3-field",
- "p3-matrix",
- "p3-maybe-rayon",
- "p3-miden-stateful-hasher",
- "p3-miden-transcript",
- "p3-symmetric",
- "p3-util",
- "rand 0.10.0",
- "serde",
- "thiserror 2.0.18",
- "tracing",
-]
-
-[[package]]
-name = "p3-miden-stateful-hasher"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ec47a9d9615eb3d9d2a59b00d19751d9ad85384b55886827913d680d912eac6a"
-dependencies = [
- "p3-field",
- "p3-symmetric",
-]
-
-[[package]]
-name = "p3-miden-transcript"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "40c565647487e4a949f67e6f115b0391d6cb82ac8e561165789939bab23d0ae7"
-dependencies = [
- "p3-challenger",
- "p3-field",
- "serde",
- "thiserror 2.0.18",
-]
-
 [[package]]
 name = "p3-monty-31"
 version = "0.5.2"
@@ -5429,7 +5403,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys",
- "windows-sys 0.61.2",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -5500,7 +5474,7 @@ dependencies = [
  "security-framework",
  "security-framework-sys",
  "webpki-root-certs",
- "windows-sys 0.61.2",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -5908,7 +5882,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e"
 dependencies = [
  "libc",
- "windows-sys 0.61.2",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
@@ -6129,7 +6103,7 @@ dependencies = [
  "getrandom 0.4.2",
  "once_cell",
  "rustix",
- "windows-sys 0.61.2",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -6138,7 +6112,7 @@ version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d8c27177b12a6399ffc08b98f76f7c9a1f4fe9fc967c784c5a071fa8d93cf7e1"
 dependencies = [
- "windows-sys 0.61.2",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
@@ -6157,7 +6131,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "230a1b821ccbd75b185820a1f1ff7b14d21da1e442e22c0863ea5f08771a8874"
 dependencies = [
  "rustix",
- "windows-sys 0.61.2",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
@@ -7191,7 +7165,7 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.61.2",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 91c51bc386..39fb69a9fe 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -70,7 +70,7 @@ miden-tx              = { branch = "next", default-features = false, git = "http
 miden-tx-batch-prover = { branch = "next", git = "https://github.com/0xMiden/protocol" }
 
 # Other miden dependencies. These should align with those expected by miden-protocol.
-miden-crypto = { version = "0.23" }
+miden-crypto = { version = "0.25" }
 
 # External dependencies
 anyhow            = { version = "1.0" }
diff --git a/bin/genesis/src/main.rs b/bin/genesis/src/main.rs
index 9ce02cf5f9..09a8661753 100644
--- a/bin/genesis/src/main.rs
+++ b/bin/genesis/src/main.rs
@@ -94,7 +94,7 @@ fn run(
     // Create bridge account (NoAuth, nonce=0), then bump nonce to 1 for genesis.
     let mut rng = ChaCha20Rng::from_seed(rand::random());
     let bridge_seed: [u64; 4] = rng.random();
-    let bridge_seed = Word::from(bridge_seed.map(Felt::new));
+    let bridge_seed = Word::from(bridge_seed.map(Felt::new_unchecked));
     let bridge = create_bridge_account(bridge_seed, bridge_admin_id, ger_manager_id);
 
     // Bump bridge nonce to 1 (required for genesis accounts). File-loaded accounts via [[account]]
@@ -158,7 +158,7 @@ path = "bridge.mac"
 fn generate_falcon_keypair() -> (falcon512_poseidon2::PublicKey, FalconSecretKey) {
     let mut rng = ChaCha20Rng::from_seed(rand::random());
     let auth_seed: [u64; 4] = rng.random();
-    let mut coin = RandomCoin::new(Word::from(auth_seed.map(Felt::new)));
+    let mut coin = RandomCoin::new(Word::from(auth_seed.map(Felt::new_unchecked)));
     let secret_key = FalconSecretKey::with_rng(&mut coin);
     let public_key = secret_key.public_key();
     (public_key, secret_key)
@@ -197,7 +197,7 @@ fn bump_nonce_to_one(mut account: Account) -> anyhow::Result<Account> {
 #[cfg(test)]
 mod tests {
     use miden_node_store::genesis::config::GenesisConfig;
-    use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SecretKey;
+    use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SigningKey;
     use miden_protocol::utils::serde::Serializable;
 
     use super::*;
@@ -208,7 +208,7 @@ mod tests {
         let bridge_id = AccountFile::read(dir.join("bridge.mac")).unwrap().account.id();
 
         let config = GenesisConfig::read_toml_file(&dir.join("genesis.toml")).unwrap();
-        let signer = SecretKey::read_from_bytes(&[0x01; 32]).unwrap();
+        let signer = SigningKey::read_from_bytes(&[0x01; 32]).unwrap();
         let (state, _) = config.into_state(signer.public_key()).unwrap();
 
         let bridge = state.accounts.iter().find(|a| a.id() == bridge_id).unwrap();
diff --git a/bin/network-monitor/src/counter.rs b/bin/network-monitor/src/counter.rs
index 2d829235ba..58b18ce2df 100644
--- a/bin/network-monitor/src/counter.rs
+++ b/bin/network-monitor/src/counter.rs
@@ -834,7 +834,7 @@ async fn fetch_wallet_account(
     let storage_details = details.storage_details.context("missing storage details")?;
     let storage = build_account_storage(storage_details)?;
 
-    let account = Account::new(account_id, vault, storage, code, Felt::new(nonce), None)
+    let account = Account::new(account_id, vault, storage, code, Felt::new_unchecked(nonce), None)
         .context("failed to create account")?;
 
     // Sanity check: verify reconstructed account matches header commitments
@@ -952,10 +952,10 @@ fn create_network_note(
     let partial_metadata = PartialNoteMetadata::new(wallet_account.id(), NoteType::Public);
 
     let serial_num = Word::new([
-        Felt::new(rng.random()),
-        Felt::new(rng.random()),
-        Felt::new(rng.random()),
-        Felt::new(rng.random()),
+        Felt::new_unchecked(rng.random()),
+        Felt::new_unchecked(rng.random()),
+        Felt::new_unchecked(rng.random()),
+        Felt::new_unchecked(rng.random()),
     ]);
 
     let recipient = NoteRecipient::new(serial_num, script, NoteStorage::new(vec![])?);
diff --git a/bin/network-monitor/src/deploy/counter.rs b/bin/network-monitor/src/deploy/counter.rs
index 5479f15898..68635c8bc1 100644
--- a/bin/network-monitor/src/deploy/counter.rs
+++ b/bin/network-monitor/src/deploy/counter.rs
@@ -64,7 +64,7 @@ pub fn create_counter_account(owner_account_id: AccountId) -> Result<Account> {
     let init_seed: [u8; 32] = rand::random();
     let counter_account = AccountBuilder::new(init_seed)
         .account_type(AccountType::RegularAccountUpdatableCode)
-        .storage_mode(AccountStorageMode::Network)
+        .storage_mode(AccountStorageMode::Public)
         .with_component(account_code)
         .with_auth_component(incr_nonce_auth)
         .build()?;
diff --git a/bin/ntx-builder/src/actor/mod.rs b/bin/ntx-builder/src/actor/mod.rs
index f53815f484..c4474b5bd6 100644
--- a/bin/ntx-builder/src/actor/mod.rs
+++ b/bin/ntx-builder/src/actor/mod.rs
@@ -112,7 +112,9 @@ impl AccountActorContext {
 
         let url = Url::parse("http://127.0.0.1:1").unwrap();
         let block_header = mock_block_header(0_u32.into());
-        let chain_mmr = PartialMmr::from_peaks(MmrPeaks::new(Forest::new(0), vec![]).unwrap());
+        let chain_mmr = PartialMmr::from_peaks(
+            MmrPeaks::new(Forest::new(0).expect("forest 0 is valid"), vec![]).unwrap(),
+        );
         let chain_state = Arc::new(SharedChainState::new(block_header, chain_mmr));
         let (request_tx, _request_rx) = mpsc::channel(1);
 
diff --git a/bin/ntx-builder/src/builder.rs b/bin/ntx-builder/src/builder.rs
index a051249601..de94689fb6 100644
--- a/bin/ntx-builder/src/builder.rs
+++ b/bin/ntx-builder/src/builder.rs
@@ -5,8 +5,10 @@ use anyhow::Context;
 use futures::Stream;
 use miden_node_proto::domain::account::NetworkAccountId;
 use miden_node_proto::domain::mempool::MempoolEvent;
+use miden_protocol::account::Account;
 use miden_protocol::account::delta::AccountUpdateDetails;
 use miden_protocol::block::BlockHeader;
+use miden_standards::account::auth::NetworkAccountNoteAllowlist;
 use tokio::net::TcpListener;
 use tokio::sync::mpsc;
 use tokio::task::JoinSet;
@@ -223,13 +225,18 @@ impl NetworkTransactionBuilder {
                     .await
                     .context("failed to write TransactionAdded to DB")?;
 
-                // Spawn new actors for newly created network accounts.
-                if let Some(AccountUpdateDetails::Delta(delta)) = account_delta {
-                    if delta.is_full_state() {
-                        if let Ok(network_id) = NetworkAccountId::try_from(delta.id()) {
-                            self.coordinator.spawn_actor(network_id, &self.actor_context);
-                        }
-                    }
+                // Spawn new actors for newly created network accounts. A delta carrying full state
+                // lets us reconstruct the Account and look for the standardized
+                // `NetworkAccountNoteAllowlist` slot in storage; that is the new protocol-level
+                // definition of a network account.
+                if let Some(AccountUpdateDetails::Delta(delta)) = account_delta
+                    && delta.is_full_state()
+                    && let Ok(account) = Account::try_from(delta)
+                    && account.is_public()
+                    && NetworkAccountNoteAllowlist::try_from(account.storage()).is_ok()
+                {
+                    let network_id = NetworkAccountId::new_trusted(account.id());
+                    self.coordinator.spawn_actor(network_id, &self.actor_context);
                 }
                 let inactive_targets = self.coordinator.send_targeted(&event);
                 for account_id in inactive_targets {
diff --git a/bin/ntx-builder/src/clients/store.rs b/bin/ntx-builder/src/clients/store.rs
index c901fc69ab..ae6fad1eae 100644
--- a/bin/ntx-builder/src/clients/store.rs
+++ b/bin/ntx-builder/src/clients/store.rs
@@ -109,12 +109,14 @@ impl StoreClient {
                 let header =
                     BlockHeader::try_from(block).map_err(StoreError::DeserializationError)?;
 
-                let peaks = MmrPeaks::new(Forest::new(header.block_num().as_usize()), peaks)
-                    .map_err(|_| {
-                        StoreError::MalformedResponse(
-                            "returned peaks are not valid for the sent request".into(),
-                        )
-                    })?;
+                let forest = Forest::new(header.block_num().as_usize()).map_err(|err| {
+                    StoreError::DeserializationError(ConversionError::from(err).context("forest"))
+                })?;
+                let peaks = MmrPeaks::new(forest, peaks).map_err(|_| {
+                    StoreError::MalformedResponse(
+                        "returned peaks are not valid for the sent request".into(),
+                    )
+                })?;
 
                 let partial_mmr = PartialMmr::from_peaks(peaks);
 
@@ -327,11 +329,7 @@ impl StoreClient {
                         ConversionError::from(err).context("account_id"),
                     )
                 })?;
-                NetworkAccountId::try_from(account_id).map_err(|_| {
-                    StoreError::MalformedResponse(
-                        "account id is not a valid network account".into(),
-                    )
-                })
+                Ok(NetworkAccountId::new_trusted(account_id))
             })
             .collect::<Result<Vec<NetworkAccountId>, StoreError>>()?;
 
diff --git a/bin/ntx-builder/src/coordinator.rs b/bin/ntx-builder/src/coordinator.rs
index d4243cc979..6fac9148cc 100644
--- a/bin/ntx-builder/src/coordinator.rs
+++ b/bin/ntx-builder/src/coordinator.rs
@@ -274,21 +274,19 @@ impl Coordinator {
             // transaction has been applied, and in the future also resolves race conditions with
             // external network transactions (once these are allowed).
             if let Some(AccountUpdateDetails::Delta(delta)) = account_delta {
-                let account_id = delta.id();
-                if account_id.is_network() {
-                    let network_account_id =
-                        account_id.try_into().expect("account is network account");
-                    if self.actor_registry.contains_key(&network_account_id) {
-                        target_account_ids.insert(network_account_id);
-                    }
+                // The actor registry only contains accounts the builder has already classified as
+                // network. Wrap the id unconditionally and let the registry lookup filter for us;
+                // unknown accounts simply won't match.
+                let network_account_id = NetworkAccountId::new_trusted(delta.id());
+                if self.actor_registry.contains_key(&network_account_id) {
+                    target_account_ids.insert(network_account_id);
                 }
             }
 
             // Determine target actors for each note.
             for note in network_notes {
                 let account = note.target_account_id();
-                let account = NetworkAccountId::try_from(account)
-                    .expect("network note target account should be a network account");
+                let account = NetworkAccountId::new_trusted(account);
 
                 if self.actor_registry.contains_key(&account) {
                     target_account_ids.insert(account);
diff --git a/bin/ntx-builder/src/db/models/account_effect.rs b/bin/ntx-builder/src/db/models/account_effect.rs
index 7a6acf0058..5e483035c6 100644
--- a/bin/ntx-builder/src/db/models/account_effect.rs
+++ b/bin/ntx-builder/src/db/models/account_effect.rs
@@ -1,6 +1,7 @@
 use miden_node_proto::domain::account::NetworkAccountId;
 use miden_protocol::account::delta::AccountUpdateDetails;
 use miden_protocol::account::{Account, AccountDelta, AccountId};
+use miden_standards::account::auth::NetworkAccountNoteAllowlist;
 
 // NETWORK ACCOUNT EFFECT
 // ================================================================================================
@@ -14,23 +15,34 @@ pub enum NetworkAccountEffect {
 
 impl NetworkAccountEffect {
     pub fn from_protocol(update: &AccountUpdateDetails) -> Option<Self> {
-        let update = match update {
-            AccountUpdateDetails::Private => return None,
+        match update {
+            AccountUpdateDetails::Private => None,
             AccountUpdateDetails::Delta(update) if update.is_full_state() => {
-                NetworkAccountEffect::Created(
-                    Account::try_from(update)
-                        .expect("Account should be derivable by full state AccountDelta"),
-                )
+                // Only treat full-state creations as network if the storage carries the
+                // standardized `NetworkAccountNoteAllowlist` slot.
+                let account = Account::try_from(update)
+                    .expect("Account should be derivable by full state AccountDelta");
+                if account.is_public()
+                    && NetworkAccountNoteAllowlist::try_from(account.storage()).is_ok()
+                {
+                    Some(NetworkAccountEffect::Created(account))
+                } else {
+                    None
+                }
             },
-            AccountUpdateDetails::Delta(update) => NetworkAccountEffect::Updated(update.clone()),
-        };
-
-        update.protocol_account_id().is_network().then_some(update)
+            AccountUpdateDetails::Delta(update) => {
+                // Partial updates carry no storage we can inspect here. Forward them as updates and
+                // let the coordinator's actor registry filter to known network accounts.
+                Some(NetworkAccountEffect::Updated(update.clone()))
+            },
+        }
     }
 
     pub fn network_account_id(&self) -> NetworkAccountId {
-        // SAFETY: This is a network account by construction.
-        self.protocol_account_id().try_into().unwrap()
+        // Trusted: constructors only produce this enum for accounts already classified as network
+        // (via the allowlist check above) or for updates that the caller filters through the actor
+        // registry.
+        NetworkAccountId::new_trusted(self.protocol_account_id())
     }
 
     fn protocol_account_id(&self) -> AccountId {
diff --git a/bin/ntx-builder/src/db/models/conv.rs b/bin/ntx-builder/src/db/models/conv.rs
index 0fed2b9593..61cd9cd772 100644
--- a/bin/ntx-builder/src/db/models/conv.rs
+++ b/bin/ntx-builder/src/db/models/conv.rs
@@ -58,8 +58,7 @@ pub fn account_id_from_bytes(bytes: &[u8]) -> Result<AccountId, DatabaseError> {
 
 pub fn network_account_id_from_bytes(bytes: &[u8]) -> Result<NetworkAccountId, DatabaseError> {
     let account_id = account_id_from_bytes(bytes)?;
-    NetworkAccountId::try_from(account_id)
-        .map_err(|e| DatabaseError::deserialization("network account id", e))
+    Ok(NetworkAccountId::new_trusted(account_id))
 }
 
 pub fn word_to_bytes(word: &Word) -> Vec<u8> {
diff --git a/bin/ntx-builder/src/db/models/queries/mod.rs b/bin/ntx-builder/src/db/models/queries/mod.rs
index f2f97eaf3e..5760f8d675 100644
--- a/bin/ntx-builder/src/db/models/queries/mod.rs
+++ b/bin/ntx-builder/src/db/models/queries/mod.rs
@@ -146,11 +146,9 @@ pub fn add_transaction(
     for note in notes {
         let insert = NoteInsert {
             nullifier: conversions::nullifier_to_bytes(&note.as_note().nullifier()),
-            account_id: conversions::network_account_id_to_bytes(
-                note.target_account_id()
-                    .try_into()
-                    .expect("network note's target account must be a network account"),
-            ),
+            account_id: conversions::network_account_id_to_bytes(NetworkAccountId::new_trusted(
+                note.target_account_id(),
+            )),
             note_data: note.as_note().to_bytes(),
             note_id: Some(conversions::note_id_to_bytes(&note.as_note().id())),
             attempt_count: 0,
diff --git a/bin/ntx-builder/src/db/models/queries/notes.rs b/bin/ntx-builder/src/db/models/queries/notes.rs
index bb846d7a5e..bb3672feee 100644
--- a/bin/ntx-builder/src/db/models/queries/notes.rs
+++ b/bin/ntx-builder/src/db/models/queries/notes.rs
@@ -77,10 +77,9 @@ pub fn insert_committed_notes(
     for note in notes {
         let row = NoteInsert {
             nullifier: conversions::nullifier_to_bytes(&note.as_note().nullifier()),
-            account_id: conversions::network_account_id_to_bytes(
-                NetworkAccountId::try_from(note.target_account_id())
-                    .expect("account ID of a network note should be a network account"),
-            ),
+            account_id: conversions::network_account_id_to_bytes(NetworkAccountId::new_trusted(
+                note.target_account_id(),
+            )),
             note_data: note.as_note().to_bytes(),
             note_id: Some(conversions::note_id_to_bytes(&note.as_note().id())),
             attempt_count: 0,
diff --git a/bin/ntx-builder/src/test_utils.rs b/bin/ntx-builder/src/test_utils.rs
index 1c2c743106..8751ea2bb5 100644
--- a/bin/ntx-builder/src/test_utils.rs
+++ b/bin/ntx-builder/src/test_utils.rs
@@ -5,7 +5,7 @@ use miden_protocol::Word;
 use miden_protocol::account::{AccountId, AccountStorageMode, AccountType};
 use miden_protocol::block::BlockNumber;
 use miden_protocol::testing::account_id::{
-    ACCOUNT_ID_REGULAR_NETWORK_ACCOUNT_IMMUTABLE_CODE,
+    ACCOUNT_ID_REGULAR_PUBLIC_ACCOUNT_IMMUTABLE_CODE,
     AccountIdBuilder,
 };
 use miden_protocol::transaction::TransactionId;
@@ -17,17 +17,17 @@ use rand_chacha::rand_core::SeedableRng;
 /// Creates a network account ID from a test constant.
 pub fn mock_network_account_id() -> NetworkAccountId {
     let account_id: AccountId =
-        ACCOUNT_ID_REGULAR_NETWORK_ACCOUNT_IMMUTABLE_CODE.try_into().unwrap();
-    NetworkAccountId::try_from(account_id).unwrap()
+        ACCOUNT_ID_REGULAR_PUBLIC_ACCOUNT_IMMUTABLE_CODE.try_into().unwrap();
+    NetworkAccountId::new_trusted(account_id)
 }
 
 /// Creates a distinct network account ID using a seeded RNG.
 pub fn mock_network_account_id_seeded(seed: u8) -> NetworkAccountId {
     let account_id = AccountIdBuilder::new()
         .account_type(AccountType::RegularAccountImmutableCode)
-        .storage_mode(AccountStorageMode::Network)
+        .storage_mode(AccountStorageMode::Public)
         .build_with_seed([seed; 32]);
-    NetworkAccountId::try_from(account_id).unwrap()
+    NetworkAccountId::new_trusted(account_id)
 }
 
 /// Creates a unique `TransactionId` from a seed value.
@@ -69,7 +69,7 @@ pub fn mock_account(_account_id: NetworkAccountId) -> miden_protocol::account::A
 
     AccountBuilder::new([0u8; 32])
         .account_type(AccountType::RegularAccountImmutableCode)
-        .storage_mode(AccountStorageMode::Network)
+        .storage_mode(AccountStorageMode::Public)
         .with_component(MockAccountComponent::with_slots(vec![]))
         .with_auth_component(NoopAuthComponent)
         .build_existing()
diff --git a/bin/stress-test/src/seeding/mod.rs b/bin/stress-test/src/seeding/mod.rs
index bed3d5d34c..6d576a9ca3 100644
--- a/bin/stress-test/src/seeding/mod.rs
+++ b/bin/stress-test/src/seeding/mod.rs
@@ -28,7 +28,7 @@ use miden_protocol::account::{
     StorageSlot,
     StorageSlotName,
 };
-use miden_protocol::asset::{Asset, AssetAmount, FungibleAsset, TokenSymbol};
+use miden_protocol::asset::{Asset, FungibleAsset, TokenSymbol};
 use miden_protocol::batch::{BatchAccountUpdate, BatchId, ProvenBatch};
 use miden_protocol::block::{
     BlockHeader,
@@ -38,11 +38,11 @@ use miden_protocol::block::{
     ProposedBlock,
     SignedBlock,
 };
-use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SecretKey as EcdsaSecretKey;
+use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SigningKey as EcdsaSecretKey;
 use miden_protocol::crypto::dsa::falcon512_poseidon2::{PublicKey, SecretKey};
 use miden_protocol::crypto::rand::RandomCoin;
 use miden_protocol::errors::AssetError;
-use miden_protocol::note::{Note, NoteAssets, NoteHeader, NoteId, NoteInclusionProof};
+use miden_protocol::note::{Note, NoteAssets, NoteId, NoteInclusionProof};
 use miden_protocol::transaction::{
     InputNote,
     InputNoteCommitment,
@@ -62,7 +62,7 @@ use miden_standards::account::faucets::{FungibleFaucet, TokenName};
 use miden_standards::account::policies::{
     BurnPolicyConfig,
     MintPolicyConfig,
-    PolicyAuthority,
+    PolicyRegistration,
     TokenPolicyManager,
 };
 use miden_standards::account::wallets::BasicWallet;
@@ -205,7 +205,7 @@ async fn generate_blocks(
 
     // share random coin seed and key pair for all accounts to avoid key generation overhead
     let coin_seed: [u64; 4] = rand::rng().random();
-    let rng = Arc::new(Mutex::new(RandomCoin::new(coin_seed.map(Felt::new).into())));
+    let rng = Arc::new(Mutex::new(RandomCoin::new(coin_seed.map(Felt::new_unchecked).into())));
     let key_pair = {
         let mut rng = rng.lock().unwrap();
         SecretKey::with_rng(&mut *rng)
@@ -420,7 +420,7 @@ fn create_accounts_and_notes(
         AccountStorageMode::Public => {
             asset_faucet_ids.iter().take(vault_entries).copied().collect()
         },
-        AccountStorageMode::Private | AccountStorageMode::Network => vec![asset_faucet_ids[0]],
+        AccountStorageMode::Private => vec![asset_faucet_ids[0]],
     };
 
     (0..num_accounts)
@@ -573,7 +573,7 @@ fn create_benchmark_faucets(vault_entries: usize) -> Vec<Account> {
 
 fn create_faucet_with_seed(index: u64) -> Account {
     let coin_seed: [u64; 4] = rand::rng().random();
-    let mut rng = RandomCoin::new(coin_seed.map(Felt::new).into());
+    let mut rng = RandomCoin::new(coin_seed.map(Felt::new_unchecked).into());
     let key_pair = SecretKey::with_rng(&mut rng);
     let init_seed: Vec<_> = index.to_be_bytes().into_iter().chain([0u8; 24]).collect();
 
@@ -582,7 +582,7 @@ fn create_faucet_with_seed(index: u64) -> Account {
         .name(TokenName::new("TEST").unwrap())
         .symbol(token_symbol)
         .decimals(2)
-        .max_supply(AssetAmount::new(FungibleAsset::MAX_AMOUNT).unwrap())
+        .max_supply(FungibleAsset::MAX_AMOUNT)
         .build()
         .unwrap();
 
@@ -590,11 +590,13 @@ fn create_faucet_with_seed(index: u64) -> Account {
         .account_type(AccountType::FungibleFaucet)
         .storage_mode(AccountStorageMode::Private)
         .with_component(faucet)
-        .with_components(TokenPolicyManager::new(
-            PolicyAuthority::AuthControlled,
-            MintPolicyConfig::AllowAll,
-            BurnPolicyConfig::AllowAll,
-        ))
+        .with_components(
+            TokenPolicyManager::new()
+                .with_mint_policy(MintPolicyConfig::AllowAll, PolicyRegistration::Active)
+                .unwrap()
+                .with_burn_policy(BurnPolicyConfig::AllowAll, PolicyRegistration::Active)
+                .unwrap(),
+        )
         .with_auth_component(AuthSingleSig::new(
             key_pair.public_key().into(),
             AuthScheme::Falcon512Poseidon2,
@@ -757,7 +759,10 @@ fn create_emit_note_tx(
     let slot = faucet.storage().get_item(token_config_slot).unwrap();
     faucet
         .storage_mut()
-        .set_item(token_config_slot, [slot[0] + Felt::new(10), slot[1], slot[2], slot[3]].into())
+        .set_item(
+            token_config_slot,
+            [slot[0] + Felt::new_unchecked(10), slot[1], slot[2], slot[3]].into(),
+        )
         .unwrap();
 
     faucet.increment_nonce(ONE).unwrap();
@@ -803,7 +808,7 @@ async fn get_batch_inputs(
     let batch_inputs = store_client
         .get_batch_inputs(
             vec![(block_ref.block_num(), block_ref.commitment())].into_iter(),
-            notes.iter().map(Note::commitment),
+            notes.iter().map(|n| n.id().as_word()),
         )
         .await
         .unwrap();
@@ -826,7 +831,7 @@ async fn get_block_inputs(
                 batch
                     .input_notes()
                     .into_iter()
-                    .filter_map(|note| note.header().map(NoteHeader::to_commitment))
+                    .filter_map(|note| note.header().map(|h| h.id().as_word()))
             }),
             batches.iter().map(ProvenBatch::reference_block_num),
         )
diff --git a/bin/stress-test/src/seeding/tests.rs b/bin/stress-test/src/seeding/tests.rs
index 3084d2a8be..ed4522eb52 100644
--- a/bin/stress-test/src/seeding/tests.rs
+++ b/bin/stress-test/src/seeding/tests.rs
@@ -11,7 +11,7 @@ fn benchmark_fungible_faucet_ids(vault_entries: usize) -> Vec<AccountId> {
 
 #[test]
 fn public_account_can_be_created_with_large_storage_map() {
-    let coin_seed = [1, 2, 3, 4].map(Felt::new);
+    let coin_seed = [1, 2, 3, 4].map(Felt::new_unchecked);
     let mut rng = RandomCoin::new(coin_seed.into());
     let key_pair = SecretKey::with_rng(&mut rng);
 
@@ -33,7 +33,7 @@ fn public_account_can_be_created_with_large_storage_map() {
 
 #[test]
 fn private_account_ignores_large_storage_map_entries() {
-    let coin_seed = [1, 2, 3, 4].map(Felt::new);
+    let coin_seed = [1, 2, 3, 4].map(Felt::new_unchecked);
     let mut rng = RandomCoin::new(coin_seed.into());
     let key_pair = SecretKey::with_rng(&mut rng);
 
@@ -50,7 +50,7 @@ fn private_account_ignores_large_storage_map_entries() {
 
 #[test]
 fn public_account_note_contains_requested_distinct_vault_assets() {
-    let coin_seed = [1, 2, 3, 4].map(Felt::new);
+    let coin_seed = [1, 2, 3, 4].map(Felt::new_unchecked);
     let rng = Arc::new(Mutex::new(RandomCoin::new(coin_seed.into())));
     let mut key_rng = rng.lock().unwrap();
     let key_pair = SecretKey::with_rng(&mut *key_rng);
@@ -78,7 +78,7 @@ fn public_account_note_contains_requested_distinct_vault_assets() {
 
 #[test]
 fn private_account_note_keeps_single_vault_asset() {
-    let coin_seed = [1, 2, 3, 4].map(Felt::new);
+    let coin_seed = [1, 2, 3, 4].map(Felt::new_unchecked);
     let rng = Arc::new(Mutex::new(RandomCoin::new(coin_seed.into())));
     let mut key_rng = rng.lock().unwrap();
     let key_pair = SecretKey::with_rng(&mut *key_rng);
@@ -101,7 +101,7 @@ fn private_account_note_keeps_single_vault_asset() {
 
 #[test]
 fn public_account_storage_map_entry_can_be_updated_for_benchmark_blocks() {
-    let coin_seed = [1, 2, 3, 4].map(Felt::new);
+    let coin_seed = [1, 2, 3, 4].map(Felt::new_unchecked);
     let mut rng = RandomCoin::new(coin_seed.into());
     let key_pair = SecretKey::with_rng(&mut rng);
     let mut account = create_account(key_pair.public_key(), 42, AccountStorageMode::Public, 4);
@@ -125,7 +125,7 @@ fn public_account_storage_map_entry_can_be_updated_for_benchmark_blocks() {
 
 #[test]
 fn private_account_storage_map_update_is_skipped() {
-    let coin_seed = [1, 2, 3, 4].map(Felt::new);
+    let coin_seed = [1, 2, 3, 4].map(Felt::new_unchecked);
     let mut rng = RandomCoin::new(coin_seed.into());
     let key_pair = SecretKey::with_rng(&mut rng);
     let mut account = create_account(key_pair.public_key(), 42, AccountStorageMode::Private, 4);
diff --git a/bin/stress-test/src/store/mod.rs b/bin/stress-test/src/store/mod.rs
index 7dfef90b35..98b81e93e2 100644
--- a/bin/stress-test/src/store/mod.rs
+++ b/bin/stress-test/src/store/mod.rs
@@ -55,7 +55,7 @@ pub async fn bench_get_account(
     let mut account_ids: Vec<AccountId> = accounts
         .lines()
         .map(|a| AccountId::from_hex(a).expect("invalid account id"))
-        .filter(AccountId::has_public_state)
+        .filter(AccountId::is_public)
         .collect();
 
     assert!(
diff --git a/bin/validator/src/commands/mod.rs b/bin/validator/src/commands/mod.rs
index 8ad6073ac1..96fda9abfa 100644
--- a/bin/validator/src/commands/mod.rs
+++ b/bin/validator/src/commands/mod.rs
@@ -6,7 +6,7 @@ use std::path::PathBuf;
 
 use clap::Parser;
 use miden_node_utils::clap::GrpcOptionsInternal;
-use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SecretKey;
+use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SigningKey;
 use miden_protocol::utils::serde::Deserializable;
 use miden_validator::ValidatorSigner;
 
@@ -158,7 +158,7 @@ impl ValidatorCommand {
                     )
                     .await
                 } else {
-                    let signer = SecretKey::read_from_bytes(hex::decode(validator_key)?.as_ref())?;
+                    let signer = SigningKey::read_from_bytes(hex::decode(validator_key)?.as_ref())?;
                     let signer = ValidatorSigner::new_local(signer);
                     start::start(
                         address,
@@ -216,7 +216,7 @@ impl ValidatorKey {
         if let Some(kms_key_id) = self.validator_kms_key_id {
             Ok(ValidatorSigner::new_kms(kms_key_id).await?)
         } else {
-            let signer = SecretKey::read_from_bytes(hex::decode(self.validator_key)?.as_ref())?;
+            let signer = SigningKey::read_from_bytes(hex::decode(self.validator_key)?.as_ref())?;
             Ok(ValidatorSigner::new_local(signer))
         }
     }
diff --git a/bin/validator/src/db/models.rs b/bin/validator/src/db/models.rs
index fd10445338..85f1e7354d 100644
--- a/bin/validator/src/db/models.rs
+++ b/bin/validator/src/db/models.rs
@@ -39,7 +39,7 @@ impl ValidatedTransactionRowInsert {
             output_notes: tx.output_notes().to_bytes(),
             initial_account_hash: tx.initial_account_hash().to_bytes(),
             final_account_hash: tx.final_account_hash().to_bytes(),
-            fee: tx.fee().amount().to_le_bytes().to_vec(),
+            fee: tx.fee().amount().as_u64().to_le_bytes().to_vec(),
         }
     }
 }
diff --git a/bin/validator/src/signers/mod.rs b/bin/validator/src/signers/mod.rs
index 2c50b2dbb2..59999339d7 100644
--- a/bin/validator/src/signers/mod.rs
+++ b/bin/validator/src/signers/mod.rs
@@ -2,7 +2,7 @@ mod kms;
 pub use kms::KmsSigner;
 use miden_node_utils::spawn::spawn_blocking_in_current_span;
 use miden_protocol::block::BlockHeader;
-use miden_protocol::crypto::dsa::ecdsa_k256_keccak::{PublicKey, SecretKey, Signature};
+use miden_protocol::crypto::dsa::ecdsa_k256_keccak::{PublicKey, Signature, SigningKey};
 
 // VALIDATOR SIGNER
 // =================================================================================================
@@ -10,7 +10,7 @@ use miden_protocol::crypto::dsa::ecdsa_k256_keccak::{PublicKey, SecretKey, Signa
 /// Signer that the Validator uses to sign blocks.
 pub enum ValidatorSigner {
     Kms(KmsSigner),
-    Local(SecretKey),
+    Local(SigningKey),
 }
 
 impl ValidatorSigner {
@@ -24,7 +24,7 @@ impl ValidatorSigner {
     }
 
     /// Constructs a signer which uses a local secret key for signing.
-    pub fn new_local(secret_key: SecretKey) -> Self {
+    pub fn new_local(secret_key: SigningKey) -> Self {
         Self::Local(secret_key)
     }
 
diff --git a/crates/block-producer/src/block_builder/mod.rs b/crates/block-producer/src/block_builder/mod.rs
index 08ebd38f5d..1a45c9dafa 100644
--- a/crates/block-producer/src/block_builder/mod.rs
+++ b/crates/block-producer/src/block_builder/mod.rs
@@ -7,7 +7,6 @@ use miden_node_utils::spawn::spawn_blocking_in_current_span;
 use miden_node_utils::tracing::OpenTelemetrySpanExt;
 use miden_protocol::batch::{OrderedBatches, ProvenBatch};
 use miden_protocol::block::{BlockInputs, BlockNumber, ProposedBlock, ProvenBlock, SignedBlock};
-use miden_protocol::note::NoteHeader;
 use miden_protocol::transaction::TransactionHeader;
 use tokio::time::Duration;
 use tracing::{Span, instrument};
@@ -168,7 +167,7 @@ impl BlockBuilder {
                 .input_notes()
                 .iter()
                 .cloned()
-                .filter_map(|note| note.header().map(NoteHeader::to_commitment))
+                .filter_map(|note| note.header().map(|h| h.id().as_word()))
         });
         let block_references_iter =
             batch_iter.clone().map(Deref::deref).map(ProvenBatch::reference_block_num);
diff --git a/crates/block-producer/src/domain/transaction.rs b/crates/block-producer/src/domain/transaction.rs
index 4292db804c..62cb9bde1b 100644
--- a/crates/block-producer/src/domain/transaction.rs
+++ b/crates/block-producer/src/domain/transaction.rs
@@ -4,7 +4,7 @@ use std::sync::Arc;
 use miden_protocol::Word;
 use miden_protocol::account::AccountId;
 use miden_protocol::block::BlockNumber;
-use miden_protocol::note::{NoteHeader, Nullifier};
+use miden_protocol::note::Nullifier;
 use miden_protocol::transaction::{OutputNote, ProvenTransaction, TransactionId, TxAccountUpdate};
 
 use crate::errors::StateConflict;
@@ -90,10 +90,7 @@ impl AuthenticatedTransaction {
     }
 
     pub fn output_note_commitments(&self) -> impl Iterator<Item = Word> + '_ {
-        self.inner
-            .output_notes()
-            .iter()
-            .map(miden_protocol::transaction::OutputNote::to_commitment)
+        self.inner.output_notes().iter().map(|n| n.id().as_word())
     }
 
     pub fn output_notes(&self) -> impl Iterator<Item = &OutputNote> + '_ {
@@ -117,7 +114,7 @@ impl AuthenticatedTransaction {
     pub fn unauthenticated_note_commitments(&self) -> impl Iterator<Item = Word> + '_ {
         self.inner
             .unauthenticated_notes()
-            .map(NoteHeader::to_commitment)
+            .map(|h| h.id().as_word())
             .filter(|commitment| !self.notes_authenticated_by_store.contains(commitment))
     }
 
diff --git a/crates/block-producer/src/mempool/subscription.rs b/crates/block-producer/src/mempool/subscription.rs
index d38ea0fe0f..7b42245ea9 100644
--- a/crates/block-producer/src/mempool/subscription.rs
+++ b/crates/block-producer/src/mempool/subscription.rs
@@ -87,8 +87,16 @@ impl SubscriptionProvider {
                 OutputNote::Private(_) => None,
             })
             .collect();
-        let account_delta =
-            tx.account_id().is_network().then(|| tx.account_update().details().clone());
+        // The classifier `is_network()` is gone from the protocol; network-ness now lives in
+        // account storage and cannot be determined from an AccountId alone. We send the delta for
+        // every non-private update and let the subscriber (which keeps its own list of network
+        // accounts) filter. Private accounts carry no payload, so the extra envelopes are cheap.
+        let account_delta = match tx.account_update().details() {
+            miden_protocol::account::delta::AccountUpdateDetails::Private => None,
+            details @ miden_protocol::account::delta::AccountUpdateDetails::Delta(_) => {
+                Some(details.clone())
+            },
+        };
         let event = MempoolEvent::TransactionAdded {
             id,
             nullifiers,
diff --git a/crates/block-producer/src/store/mod.rs b/crates/block-producer/src/store/mod.rs
index 92c78cfe4d..043e54f259 100644
--- a/crates/block-producer/src/store/mod.rs
+++ b/crates/block-producer/src/store/mod.rs
@@ -162,7 +162,7 @@ impl StoreClient {
             nullifiers: proven_tx.nullifiers().map(Into::into).collect(),
             unauthenticated_notes: proven_tx
                 .unauthenticated_notes()
-                .map(|note| note.to_commitment().into())
+                .map(|note| note.id().as_word().into())
                 .collect(),
         };
 
diff --git a/crates/block-producer/src/test_utils/proven_tx.rs b/crates/block-producer/src/test_utils/proven_tx.rs
index e434dd52c9..aa7eccf16d 100644
--- a/crates/block-producer/src/test_utils/proven_tx.rs
+++ b/crates/block-producer/src/test_utils/proven_tx.rs
@@ -110,7 +110,7 @@ impl MockProvenTxBuilder {
     pub fn nullifiers_range(self, range: Range<u64>) -> Self {
         let nullifiers = range
             .map(|index| {
-                let nullifier = Word::from([ONE, ONE, ONE, Felt::new(index)]);
+                let nullifier = Word::from([ONE, ONE, ONE, Felt::new_unchecked(index)]);
 
                 Nullifier::from_raw(nullifier)
             })
diff --git a/crates/db/src/conv.rs b/crates/db/src/conv.rs
index 8da9b50d38..5f1b4d0903 100644
--- a/crates/db/src/conv.rs
+++ b/crates/db/src/conv.rs
@@ -147,7 +147,7 @@ pub(crate) fn nullifier_prefix_to_raw_sql(prefix: u16) -> i32 {
 #[inline(always)]
 pub(crate) fn raw_sql_to_nonce(raw: i64) -> Felt {
     debug_assert!(raw >= 0);
-    Felt::new(raw as u64)
+    Felt::new_unchecked(raw as u64)
 }
 #[inline(always)]
 pub(crate) fn nonce_to_raw_sql(nonce: Felt) -> i64 {
diff --git a/crates/large-smt-backend-rocksdb/src/helpers.rs b/crates/large-smt-backend-rocksdb/src/helpers.rs
index 23f3c8d88f..bcc1611e92 100644
--- a/crates/large-smt-backend-rocksdb/src/helpers.rs
+++ b/crates/large-smt-backend-rocksdb/src/helpers.rs
@@ -1,5 +1,4 @@
 use miden_crypto::merkle::smt::{MAX_LEAF_ENTRIES, SmtLeaf, SmtLeafError};
-use miden_crypto::word::LexicographicWord;
 use rocksdb::Error as RocksDbError;
 
 use crate::{StorageError, Word};
@@ -25,30 +24,28 @@ pub(crate) fn insert_into_leaf(
                 Ok(Some(old_value))
             } else {
                 let mut pairs = vec![*kv_pair, (key, value)];
-                pairs.sort_by(|(key_1, _), (key_2, _)| {
-                    LexicographicWord::from(*key_1).cmp(&LexicographicWord::from(*key_2))
-                });
+                pairs.sort_by(|(key_1, _), (key_2, _)| key_1.cmp(key_2));
                 *leaf = SmtLeaf::Multiple(pairs);
                 Ok(None)
             }
         },
-        SmtLeaf::Multiple(kv_pairs) => match kv_pairs.binary_search_by(|kv_pair| {
-            LexicographicWord::from(kv_pair.0).cmp(&LexicographicWord::from(key))
-        }) {
-            Ok(pos) => {
-                let old_value = kv_pairs[pos].1;
-                kv_pairs[pos].1 = value;
-                Ok(Some(old_value))
-            },
-            Err(pos) => {
-                if kv_pairs.len() >= MAX_LEAF_ENTRIES {
-                    return Err(StorageError::Leaf(SmtLeafError::TooManyLeafEntries {
-                        actual: kv_pairs.len() + 1,
-                    }));
-                }
-                kv_pairs.insert(pos, (key, value));
-                Ok(None)
-            },
+        SmtLeaf::Multiple(kv_pairs) => {
+            match kv_pairs.binary_search_by(|kv_pair| kv_pair.0.cmp(&key)) {
+                Ok(pos) => {
+                    let old_value = kv_pairs[pos].1;
+                    kv_pairs[pos].1 = value;
+                    Ok(Some(old_value))
+                },
+                Err(pos) => {
+                    if kv_pairs.len() >= MAX_LEAF_ENTRIES {
+                        return Err(StorageError::Leaf(SmtLeafError::TooManyLeafEntries {
+                            actual: kv_pairs.len() + 1,
+                        }));
+                    }
+                    kv_pairs.insert(pos, (key, value));
+                    Ok(None)
+                },
+            }
         },
     }
 }
@@ -65,19 +62,19 @@ pub(crate) fn remove_from_leaf(leaf: &mut SmtLeaf, key: Word) -> (Option<Word>,
                 (None, false)
             }
         },
-        SmtLeaf::Multiple(kv_pairs) => match kv_pairs.binary_search_by(|kv_pair| {
-            LexicographicWord::from(kv_pair.0).cmp(&LexicographicWord::from(key))
-        }) {
-            Ok(pos) => {
-                let old_value = kv_pairs[pos].1;
-                kv_pairs.remove(pos);
-                debug_assert!(!kv_pairs.is_empty());
-                if kv_pairs.len() == 1 {
-                    *leaf = SmtLeaf::Single(kv_pairs[0]);
-                }
-                (Some(old_value), false)
-            },
-            Err(_) => (None, false),
+        SmtLeaf::Multiple(kv_pairs) => {
+            match kv_pairs.binary_search_by(|kv_pair| kv_pair.0.cmp(&key)) {
+                Ok(pos) => {
+                    let old_value = kv_pairs[pos].1;
+                    kv_pairs.remove(pos);
+                    debug_assert!(!kv_pairs.is_empty());
+                    if kv_pairs.len() == 1 {
+                        *leaf = SmtLeaf::Single(kv_pairs[0]);
+                    }
+                    (Some(old_value), false)
+                },
+                Err(_) => (None, false),
+            }
         },
     }
 }
diff --git a/crates/large-smt-backend-rocksdb/src/lib.rs b/crates/large-smt-backend-rocksdb/src/lib.rs
index eaca341fdc..97ccceff99 100644
--- a/crates/large-smt-backend-rocksdb/src/lib.rs
+++ b/crates/large-smt-backend-rocksdb/src/lib.rs
@@ -39,6 +39,7 @@ pub use miden_protocol::crypto::merkle::smt::{
     SmtLeafError,
     SmtProof,
     SmtStorage,
+    SmtStorageReader,
     StorageError,
     StorageUpdateParts,
     StorageUpdates,
@@ -61,6 +62,7 @@ pub use rocksdb::{
     RocksDbConfig,
     RocksDbDurabilityMode,
     RocksDbMemoryBudget,
+    RocksDbSnapshotStorage,
     RocksDbStorage,
     RocksDbTuningOptions,
     RocksDbWriteBufferManagerBudget,
diff --git a/crates/large-smt-backend-rocksdb/src/rocksdb.rs b/crates/large-smt-backend-rocksdb/src/rocksdb.rs
index 1310ae6dff..048116ef4e 100644
--- a/crates/large-smt-backend-rocksdb/src/rocksdb.rs
+++ b/crates/large-smt-backend-rocksdb/src/rocksdb.rs
@@ -1,5 +1,6 @@
 use alloc::boxed::Box;
 use alloc::vec::Vec;
+use std::mem::ManuallyDrop;
 use std::path::PathBuf;
 use std::sync::Arc;
 
@@ -24,7 +25,14 @@ use rocksdb::{
     WriteOptions,
 };
 
-use super::{SmtStorage, StorageError, StorageUpdateParts, StorageUpdates, SubtreeUpdate};
+use super::{
+    SmtStorage,
+    SmtStorageReader,
+    StorageError,
+    StorageUpdateParts,
+    StorageUpdates,
+    SubtreeUpdate,
+};
 use crate::helpers::{insert_into_leaf, map_rocksdb_err, remove_from_leaf};
 use crate::{EMPTY_WORD, Word};
 
@@ -317,71 +325,297 @@ impl RocksDbStorage {
         };
         KeyBytes::new(index.position(), keep)
     }
+}
+
+// READ-SOURCE TRAIT
+// --------------------------------------------------------------------------------------------
+
+/// Internal abstraction over reading from either the live `DB` ([`RocksDbStorage`]) or a
+/// point-in-time `Snapshot` ([`RocksDbSnapshotStorage`]).
+///
+/// The two storage types each implement this trait by providing the few low-level operations
+/// (`db`, `get_cf_bytes`, `multi_get_cf_bytes`, optional `apply_snapshot`); the shared
+/// `SmtStorageReader` logic lives in the default methods below so it is written once.
+trait RocksReadSource: Send + Sync + 'static {
+    fn db(&self) -> &DB;
+
+    fn get_cf_bytes(
+        &self,
+        cf: &rocksdb::ColumnFamily,
+        key: &[u8],
+    ) -> Result<Option<Vec<u8>>, rocksdb::Error>;
+
+    fn multi_get_cf_bytes<'b, K, I, W>(
+        &self,
+        keys_cf: I,
+    ) -> Vec<Result<Option<Vec<u8>>, rocksdb::Error>>
+    where
+        K: AsRef<[u8]>,
+        I: IntoIterator<Item = (&'b W, K)>,
+        W: rocksdb::AsColumnFamilyRef + 'b;
+
+    fn apply_snapshot(&self, _read_opts: &mut ReadOptions) {}
 
-    /// Retrieves a handle to a `RocksDB` column family by its name.
-    ///
-    /// # Errors
-    /// Returns `StorageError::Backend` if the column family with the given `name` does not
-    /// exist.
     fn cf_handle(&self, name: &str) -> Result<&rocksdb::ColumnFamily, StorageError> {
-        self.db
+        self.db()
             .cf_handle(name)
             .ok_or_else(|| StorageError::Unsupported(format!("unknown column family `{name}`")))
     }
 
-    /* helper: CF handle from NodeIndex ------------------------------------- */
     #[inline(always)]
     fn subtree_cf(&self, index: NodeIndex) -> &rocksdb::ColumnFamily {
-        let name = cf_for_depth(index.depth());
-        self.cf_handle(name).expect("CF handle missing")
+        self.cf_handle(cf_for_depth(index.depth())).expect("CF handle missing")
     }
-}
 
-impl SmtStorage for RocksDbStorage {
-    /// Retrieves the total count of non-empty leaves from the `METADATA_CF` column family.
-    /// Returns 0 if the count is not found.
-    ///
-    /// # Errors
-    /// - `StorageError::Backend`: If the metadata column family is missing or a RocksDB error
-    ///   occurs.
-    /// - `StorageError::BadValueLen`: If the retrieved count bytes are invalid.
-    fn leaf_count(&self) -> Result<usize, StorageError> {
+    fn read_count_impl(&self, what: &'static str, key: &[u8]) -> Result<usize, StorageError> {
         let cf = self.cf_handle(METADATA_CF)?;
-        self.db
-            .get_cf(cf, LEAF_COUNT_KEY)
-            .map_err(map_rocksdb_err)?
-            .map_or(Ok(0), |bytes| {
-                let arr: [u8; 8] =
-                    bytes.as_slice().try_into().map_err(|_| StorageError::BadValueLen {
-                        what: "leaf count",
-                        expected: 8,
-                        found: bytes.len(),
-                    })?;
-                Ok(usize::from_be_bytes(arr))
+        self.get_cf_bytes(cf, key).map_err(map_rocksdb_err)?.map_or(Ok(0), |bytes| {
+            let arr: [u8; 8] = bytes
+                .as_slice()
+                .try_into()
+                .map_err(|_| StorageError::BadValueLen { what, expected: 8, found: bytes.len() })?;
+            Ok(usize::from_be_bytes(arr))
+        })
+    }
+
+    fn leaf_count_impl(&self) -> Result<usize, StorageError> {
+        self.read_count_impl("leaf count", LEAF_COUNT_KEY)
+    }
+
+    fn entry_count_impl(&self) -> Result<usize, StorageError> {
+        self.read_count_impl("entry count", ENTRY_COUNT_KEY)
+    }
+
+    fn get_leaf_impl(&self, index: u64) -> Result<Option<SmtLeaf>, StorageError> {
+        let cf = self.cf_handle(LEAVES_CF)?;
+        let key = RocksDbStorage::index_db_key(index);
+        match self.get_cf_bytes(cf, &key).map_err(map_rocksdb_err)? {
+            Some(bytes) => Ok(Some(SmtLeaf::read_from_bytes_with_budget(&bytes, bytes.len())?)),
+            None => Ok(None),
+        }
+    }
+
+    fn get_leaves_impl(&self, indices: &[u64]) -> Result<Vec<Option<SmtLeaf>>, StorageError> {
+        let cf = self.cf_handle(LEAVES_CF)?;
+        let db_keys: Vec<[u8; 8]> =
+            indices.iter().map(|&idx| RocksDbStorage::index_db_key(idx)).collect();
+        let results = self.multi_get_cf_bytes(db_keys.iter().map(|k| (cf, k.as_ref())));
+        results
+            .into_iter()
+            .map(|result| match result {
+                Ok(Some(bytes)) => {
+                    Ok(Some(SmtLeaf::read_from_bytes_with_budget(&bytes, bytes.len())?))
+                },
+                Ok(None) => Ok(None),
+                Err(e) => Err(map_rocksdb_err(e)),
             })
+            .collect()
     }
 
-    /// Retrieves the total count of key-value entries from the `METADATA_CF` column family.
-    /// Returns 0 if the count is not found.
+    fn has_leaves_impl(&self) -> Result<bool, StorageError> {
+        Ok(self.leaf_count_impl()? > 0)
+    }
+
+    fn get_subtree_impl(&self, index: NodeIndex) -> Result<Option<Subtree>, StorageError> {
+        let cf = self.subtree_cf(index);
+        let key = RocksDbStorage::subtree_db_key(index);
+        match self.get_cf_bytes(cf, key.as_ref()).map_err(map_rocksdb_err)? {
+            Some(bytes) => Ok(Some(Subtree::from_vec(index, &bytes)?)),
+            None => Ok(None),
+        }
+    }
+
+    /// Batch-retrieves subtrees grouped by depth via parallel `multi_get` calls, one per depth
+    /// bucket.
     ///
-    /// # Errors
-    /// - `StorageError::Backend`: If the metadata column family is missing or a RocksDB error
-    ///   occurs.
-    /// - `StorageError::BadValueLen`: If the retrieved count bytes are invalid.
+    /// Note: when multiple buckets error, only the first one observed by `collect` is propagated.
+    fn get_subtrees_impl(
+        &self,
+        indices: &[NodeIndex],
+    ) -> Result<Vec<Option<Subtree>>, StorageError> {
+        use rayon::prelude::*;
+
+        let mut depth_buckets: [Vec<(usize, NodeIndex)>; 5] = Default::default();
+
+        for (original_index, &node_index) in indices.iter().enumerate() {
+            let depth = node_index.depth();
+            let bucket_index = match depth {
+                56 => 0,
+                48 => 1,
+                40 => 2,
+                32 => 3,
+                24 => 4,
+                _ => {
+                    return Err(StorageError::Unsupported(format!(
+                        "unsupported subtree depth {depth}"
+                    )));
+                },
+            };
+            depth_buckets[bucket_index].push((original_index, node_index));
+        }
+        let mut results = vec![None; indices.len()];
+
+        let bucket_results: Result<Vec<_>, StorageError> = depth_buckets
+            .into_par_iter()
+            .enumerate()
+            .filter(|(_, bucket)| !bucket.is_empty())
+            .map(
+                |(bucket_index, bucket)| -> Result<Vec<(usize, Option<Subtree>)>, StorageError> {
+                    let depth = SUBTREE_DEPTHS[bucket_index];
+                    let cf = self.cf_handle(cf_for_depth(depth))?;
+                    let keys: Vec<_> = bucket
+                        .iter()
+                        .map(|(_, idx)| RocksDbStorage::subtree_db_key(*idx))
+                        .collect();
+
+                    let db_results = self.multi_get_cf_bytes(keys.iter().map(|k| (cf, k.as_ref())));
+
+                    bucket
+                        .into_iter()
+                        .zip(db_results)
+                        .map(|((original_index, node_index), db_result)| {
+                            let subtree = match db_result {
+                                Ok(Some(bytes)) => Some(Subtree::from_vec(node_index, &bytes)?),
+                                Ok(None) => None,
+                                Err(e) => return Err(map_rocksdb_err(e)),
+                            };
+                            Ok((original_index, subtree))
+                        })
+                        .collect()
+                },
+            )
+            .collect();
+
+        for bucket_result in bucket_results? {
+            for (original_index, subtree) in bucket_result {
+                results[original_index] = subtree;
+            }
+        }
+
+        Ok(results)
+    }
+
+    fn get_inner_node_impl(&self, index: NodeIndex) -> Result<Option<InnerNode>, StorageError> {
+        if index.depth() < IN_MEMORY_DEPTH {
+            return Err(StorageError::Unsupported(
+                "Cannot get inner node from upper part of the tree".into(),
+            ));
+        }
+        let subtree_root_index = Subtree::find_subtree_root(index);
+        Ok(self
+            .get_subtree_impl(subtree_root_index)?
+            .and_then(|subtree| subtree.get_inner_node(index)))
+    }
+
+    fn iter_leaves_impl(
+        &self,
+    ) -> Result<Box<dyn Iterator<Item = (u64, SmtLeaf)> + '_>, StorageError> {
+        let cf = self.cf_handle(LEAVES_CF)?;
+        let mut read_opts = ReadOptions::default();
+        read_opts.set_total_order_seek(true);
+        self.apply_snapshot(&mut read_opts);
+        let db_iter = self.db().iterator_cf_opt(cf, read_opts, IteratorMode::Start);
+        Ok(Box::new(RocksDbDirectLeafIterator { iter: db_iter }))
+    }
+
+    fn iter_subtrees_impl(&self) -> Result<Box<dyn Iterator<Item = Subtree> + '_>, StorageError> {
+        const SUBTREE_CFS: [&str; 5] =
+            [SUBTREE_24_CF, SUBTREE_32_CF, SUBTREE_40_CF, SUBTREE_48_CF, SUBTREE_56_CF];
+
+        let mut cf_handles = Vec::new();
+        for cf_name in SUBTREE_CFS {
+            cf_handles.push(self.cf_handle(cf_name)?);
+        }
+        let configure = move |opts: &mut ReadOptions| self.apply_snapshot(opts);
+        Ok(Box::new(RocksDbSubtreeIterator::new(self.db(), cf_handles, configure)))
+    }
+
+    fn get_depth24_impl(&self) -> Result<Vec<(u64, Word)>, StorageError> {
+        let cf = self.cf_handle(DEPTH_24_CF)?;
+        let mut read_opts = ReadOptions::default();
+        self.apply_snapshot(&mut read_opts);
+        let iter = self.db().iterator_cf_opt(cf, read_opts, IteratorMode::Start);
+        let mut hashes = Vec::new();
+        for item in iter {
+            let (key_bytes, value_bytes) = item.map_err(map_rocksdb_err)?;
+            let index = index_from_key_bytes(&key_bytes)?;
+            let hash = Word::read_from_bytes_with_budget(&value_bytes, value_bytes.len())?;
+            hashes.push((index, hash));
+        }
+        Ok(hashes)
+    }
+}
+
+impl RocksReadSource for RocksDbStorage {
+    fn db(&self) -> &DB {
+        &self.db
+    }
+
+    fn get_cf_bytes(
+        &self,
+        cf: &rocksdb::ColumnFamily,
+        key: &[u8],
+    ) -> Result<Option<Vec<u8>>, rocksdb::Error> {
+        self.db.get_cf(cf, key)
+    }
+
+    fn multi_get_cf_bytes<'b, K, I, W>(
+        &self,
+        keys_cf: I,
+    ) -> Vec<Result<Option<Vec<u8>>, rocksdb::Error>>
+    where
+        K: AsRef<[u8]>,
+        I: IntoIterator<Item = (&'b W, K)>,
+        W: rocksdb::AsColumnFamilyRef + 'b,
+    {
+        self.db.multi_get_cf(keys_cf)
+    }
+}
+
+impl SmtStorageReader for RocksDbStorage {
+    fn leaf_count(&self) -> Result<usize, StorageError> {
+        self.leaf_count_impl()
+    }
     fn entry_count(&self) -> Result<usize, StorageError> {
-        let cf = self.cf_handle(METADATA_CF)?;
-        self.db
-            .get_cf(cf, ENTRY_COUNT_KEY)
-            .map_err(map_rocksdb_err)?
-            .map_or(Ok(0), |bytes| {
-                let arr: [u8; 8] =
-                    bytes.as_slice().try_into().map_err(|_| StorageError::BadValueLen {
-                        what: "entry count",
-                        expected: 8,
-                        found: bytes.len(),
-                    })?;
-                Ok(usize::from_be_bytes(arr))
-            })
+        self.entry_count_impl()
+    }
+    fn get_leaf(&self, index: u64) -> Result<Option<SmtLeaf>, StorageError> {
+        self.get_leaf_impl(index)
+    }
+    fn get_leaves(&self, indices: &[u64]) -> Result<Vec<Option<SmtLeaf>>, StorageError> {
+        self.get_leaves_impl(indices)
+    }
+    fn has_leaves(&self) -> Result<bool, StorageError> {
+        self.has_leaves_impl()
+    }
+    fn get_subtree(&self, index: NodeIndex) -> Result<Option<Subtree>, StorageError> {
+        self.get_subtree_impl(index)
+    }
+    fn get_subtrees(&self, indices: &[NodeIndex]) -> Result<Vec<Option<Subtree>>, StorageError> {
+        self.get_subtrees_impl(indices)
+    }
+    fn get_inner_node(&self, index: NodeIndex) -> Result<Option<InnerNode>, StorageError> {
+        self.get_inner_node_impl(index)
+    }
+    fn iter_leaves(&self) -> Result<Box<dyn Iterator<Item = (u64, SmtLeaf)> + '_>, StorageError> {
+        self.iter_leaves_impl()
+    }
+    fn iter_subtrees(&self) -> Result<Box<dyn Iterator<Item = Subtree> + '_>, StorageError> {
+        self.iter_subtrees_impl()
+    }
+    fn get_depth24(&self) -> Result<Vec<(u64, Word)>, StorageError> {
+        self.get_depth24_impl()
+    }
+}
+
+impl SmtStorage for RocksDbStorage {
+    type Reader = RocksDbSnapshotStorage;
+
+    /// Returns a read-only point-in-time snapshot of the underlying RocksDB.
+    ///
+    /// Subsequent writes through `self` do not affect the returned reader.
+    fn reader(&self) -> Result<Self::Reader, StorageError> {
+        Ok(RocksDbSnapshotStorage::new(self.db.clone()))
     }
 
     /// Inserts a key-value pair into the SMT leaf at the specified logical `index`.
@@ -503,23 +737,6 @@ impl SmtStorage for RocksDbStorage {
         Ok(current_value)
     }
 
-    /// Retrieves a single SMT leaf node by its logical `index` from the `LEAVES_CF` column family.
-    ///
-    /// # Errors
-    /// - `StorageError::Backend`: If the leaves column family is missing or a RocksDB error occurs.
-    /// - `StorageError::DeserializationError`: If the retrieved leaf data is corrupt.
-    fn get_leaf(&self, index: u64) -> Result<Option<SmtLeaf>, StorageError> {
-        let cf = self.cf_handle(LEAVES_CF)?;
-        let key = Self::index_db_key(index);
-        match self.db.get_cf(cf, key).map_err(map_rocksdb_err)? {
-            Some(bytes) => {
-                let leaf = SmtLeaf::read_from_bytes_with_budget(&bytes, bytes.len())?;
-                Ok(Some(leaf))
-            },
-            None => Ok(None),
-        }
-    }
-
     /// Sets or updates multiple SMT leaf nodes in the `LEAVES_CF` column family.
     ///
     /// This method performs a batch write to RocksDB. It also updates the global
@@ -575,144 +792,6 @@ impl SmtStorage for RocksDbStorage {
         }))
     }
 
-    /// Retrieves multiple SMT leaf nodes by their logical `indices` using RocksDB's `multi_get_cf`.
-    ///
-    /// # Errors
-    /// - `StorageError::Backend`: If the leaves column family is missing or a RocksDB error occurs.
-    /// - `StorageError::DeserializationError`: If any retrieved leaf data is corrupt.
-    fn get_leaves(&self, indices: &[u64]) -> Result<Vec<Option<SmtLeaf>>, StorageError> {
-        let cf = self.cf_handle(LEAVES_CF)?;
-        let db_keys: Vec<[u8; 8]> = indices.iter().map(|&idx| Self::index_db_key(idx)).collect();
-        let results = self.db.multi_get_cf(db_keys.iter().map(|k| (cf, k.as_ref())));
-
-        results
-            .into_iter()
-            .map(|result| match result {
-                Ok(Some(bytes)) => {
-                    Ok(Some(SmtLeaf::read_from_bytes_with_budget(&bytes, bytes.len())?))
-                },
-                Ok(None) => Ok(None),
-                Err(e) => Err(map_rocksdb_err(e)),
-            })
-            .collect()
-    }
-
-    /// Returns true if the storage has any leaves.
-    ///
-    /// # Errors
-    /// Returns `StorageError` if the storage read operation fails.
-    fn has_leaves(&self) -> Result<bool, StorageError> {
-        Ok(self.leaf_count()? > 0)
-    }
-
-    /// Batch-retrieves multiple subtrees from RocksDB by their node indices.
-    ///
-    /// This method groups requests by subtree depth into column family buckets,
-    /// then performs parallel `multi_get` operations to efficiently retrieve
-    /// all subtrees. Results are deserialized and placed in the same order as
-    /// the input indices.
-    ///
-    /// Note: Retrieval is performed in parallel. If multiple errors occur (e.g.,
-    /// deserialization or backend errors), only the first one encountered is returned.
-    /// Other errors will be discarded.
-    ///
-    /// # Parameters
-    /// - `indices`: A slice of subtree root indices to retrieve.
-    ///
-    /// # Returns
-    /// - A `Vec<Option<Subtree>>` where each index corresponds to the original input.
-    /// - `Ok(...)` if all fetches succeed.
-    /// - `Err(StorageError)` if any RocksDB access or deserialization fails.
-    fn get_subtree(&self, index: NodeIndex) -> Result<Option<Subtree>, StorageError> {
-        let cf = self.subtree_cf(index);
-        let key = Self::subtree_db_key(index);
-        match self.db.get_cf(cf, key).map_err(map_rocksdb_err)? {
-            Some(bytes) => {
-                let subtree = Subtree::from_vec(index, &bytes)?;
-                Ok(Some(subtree))
-            },
-            None => Ok(None),
-        }
-    }
-
-    /// Batch-retrieves multiple subtrees from RocksDB by their node indices.
-    ///
-    /// This method groups requests by subtree depth into column family buckets,
-    /// then performs parallel `multi_get` operations to efficiently retrieve
-    /// all subtrees. Results are deserialized and placed in the same order as
-    /// the input indices.
-    ///
-    /// # Parameters
-    /// - `indices`: A slice of subtree root indices to retrieve.
-    ///
-    /// # Returns
-    /// - A `Vec<Option<Subtree>>` where each index corresponds to the original input.
-    /// - `Ok(...)` if all fetches succeed.
-    /// - `Err(StorageError)` if any RocksDB access or deserialization fails.
-    fn get_subtrees(&self, indices: &[NodeIndex]) -> Result<Vec<Option<Subtree>>, StorageError> {
-        use rayon::prelude::*;
-
-        let mut depth_buckets: [Vec<(usize, NodeIndex)>; 5] = Default::default();
-
-        for (original_index, &node_index) in indices.iter().enumerate() {
-            let depth = node_index.depth();
-            let bucket_index = match depth {
-                56 => 0,
-                48 => 1,
-                40 => 2,
-                32 => 3,
-                24 => 4,
-                _ => {
-                    return Err(StorageError::Unsupported(format!(
-                        "unsupported subtree depth {depth}"
-                    )));
-                },
-            };
-            depth_buckets[bucket_index].push((original_index, node_index));
-        }
-        let mut results = vec![None; indices.len()];
-
-        // Process depth buckets in parallel
-        let bucket_results: Result<Vec<_>, StorageError> = depth_buckets
-            .into_par_iter()
-            .enumerate()
-            .filter(|(_, bucket)| !bucket.is_empty())
-            .map(
-                |(bucket_index, bucket)| -> Result<Vec<(usize, Option<Subtree>)>, StorageError> {
-                    let depth = SUBTREE_DEPTHS[bucket_index];
-                    let cf = self.cf_handle(cf_for_depth(depth))?;
-                    let keys: Vec<_> =
-                        bucket.iter().map(|(_, idx)| Self::subtree_db_key(*idx)).collect();
-
-                    let db_results = self.db.multi_get_cf(keys.iter().map(|k| (cf, k.as_ref())));
-
-                    // Process results for this bucket
-                    bucket
-                        .into_iter()
-                        .zip(db_results)
-                        .map(|((original_index, node_index), db_result)| {
-                            let subtree = match db_result {
-                                Ok(Some(bytes)) => Some(Subtree::from_vec(node_index, &bytes)?),
-                                Ok(None) => None,
-                                Err(e) => return Err(map_rocksdb_err(e)),
-                            };
-                            Ok((original_index, subtree))
-                        })
-                        .collect()
-                },
-            )
-            .collect();
-
-        // Flatten results and place them in correct positions
-        for bucket_result in bucket_results? {
-            for (original_index, subtree) in bucket_result {
-                results[original_index] = subtree;
-            }
-        }
-
-        Ok(results)
-    }
-
     /// Stores a single subtree in RocksDB and optionally updates the depth-24 root cache.
     ///
     /// The subtree is serialized and written to its corresponding column family.
@@ -808,27 +887,6 @@ impl SmtStorage for RocksDbStorage {
         Ok(())
     }
 
-    /// Retrieves a single inner node (non-leaf node) from within a Subtree.
-    ///
-    /// This method is intended for accessing nodes at depths greater than or equal to
-    /// `IN_MEMORY_DEPTH`. It first finds the appropriate Subtree containing the `index`, then
-    /// delegates to `Subtree::get_inner_node()`.
-    ///
-    /// # Errors
-    /// - `StorageError::Backend`: If `index.depth() < IN_MEMORY_DEPTH`, or if RocksDB errors occur.
-    /// - `StorageError::Value`: If the containing Subtree data is corrupt.
-    fn get_inner_node(&self, index: NodeIndex) -> Result<Option<InnerNode>, StorageError> {
-        if index.depth() < IN_MEMORY_DEPTH {
-            return Err(StorageError::Unsupported(
-                "Cannot get inner node from upper part of the tree".into(),
-            ));
-        }
-        let subtree_root_index = Subtree::find_subtree_root(index);
-        Ok(self
-            .get_subtree(subtree_root_index)?
-            .and_then(|subtree| subtree.get_inner_node(index)))
-    }
-
     /// Sets or updates a single inner node (non-leaf node) within a Subtree.
     ///
     /// This method is intended for `index.depth() >= IN_MEMORY_DEPTH`.
@@ -995,70 +1053,6 @@ impl SmtStorage for RocksDbStorage {
 
         Ok(())
     }
-
-    /// Returns an iterator over all (logical u64 index, `SmtLeaf`) pairs in the `LEAVES_CF`.
-    ///
-    /// The iterator uses a RocksDB snapshot for consistency and iterates in lexicographical
-    /// order of the keys (leaf indices). Errors during iteration (e.g., deserialization issues)
-    /// cause the iterator to skip the problematic item and attempt to continue.
-    ///
-    /// # Errors
-    /// - `StorageError::Backend`: If the leaves column family is missing or a RocksDB error occurs
-    ///   during iterator creation.
-    fn iter_leaves(&self) -> Result<Box<dyn Iterator<Item = (u64, SmtLeaf)> + '_>, StorageError> {
-        let cf = self.cf_handle(LEAVES_CF)?;
-        let mut read_opts = ReadOptions::default();
-        read_opts.set_total_order_seek(true);
-        let db_iter = self.db.iterator_cf_opt(cf, read_opts, IteratorMode::Start);
-
-        Ok(Box::new(RocksDbDirectLeafIterator { iter: db_iter }))
-    }
-
-    /// Returns an iterator over all `Subtree` instances across all subtree column families.
-    ///
-    /// The iterator uses a RocksDB snapshot and iterates in lexicographical order of keys
-    /// (subtree root NodeIndex) across all depth column families (24, 32, 40, 48, 56).
-    /// Errors during iteration (e.g., deserialization issues) cause the iterator to skip
-    /// the problematic item and attempt to continue.
-    ///
-    /// # Errors
-    /// - `StorageError::Backend`: If any subtree column family is missing or a RocksDB error occurs
-    ///   during iterator creation.
-    fn iter_subtrees(&self) -> Result<Box<dyn Iterator<Item = Subtree> + '_>, StorageError> {
-        // All subtree column family names in order
-        const SUBTREE_CFS: [&str; 5] =
-            [SUBTREE_24_CF, SUBTREE_32_CF, SUBTREE_40_CF, SUBTREE_48_CF, SUBTREE_56_CF];
-
-        let mut cf_handles = Vec::new();
-        for cf_name in SUBTREE_CFS {
-            cf_handles.push(self.cf_handle(cf_name)?);
-        }
-
-        Ok(Box::new(RocksDbSubtreeIterator::new(&self.db, cf_handles)))
-    }
-
-    /// Retrieves all depth 24 hashes for fast tree rebuilding.
-    ///
-    /// # Errors
-    /// - `StorageError::Backend`: If the depth24 column family is missing or a RocksDB error
-    ///   occurs.
-    /// - `StorageError::Value`: If any hash bytes are corrupt.
-    fn get_depth24(&self) -> Result<Vec<(u64, Word)>, StorageError> {
-        let cf = self.cf_handle(DEPTH_24_CF)?;
-        let iter = self.db.iterator_cf(cf, IteratorMode::Start);
-        let mut hashes = Vec::new();
-
-        for item in iter {
-            let (key_bytes, value_bytes) = item.map_err(map_rocksdb_err)?;
-
-            let index = index_from_key_bytes(&key_bytes)?;
-            let hash = Word::read_from_bytes_with_budget(&value_bytes, value_bytes.len())?;
-
-            hashes.push((index, hash));
-        }
-
-        Ok(hashes)
-    }
 }
 
 /// Syncs the RocksDB database to disk before dropping the storage.
@@ -1105,18 +1099,28 @@ impl Iterator for RocksDbDirectLeafIterator<'_> {
 ///
 /// Iterates through all subtree column families (24, 32, 40, 48, 56) sequentially.
 /// When one column family is exhausted, it moves to the next one.
+///
+/// The `configure` hook is called whenever a new per-CF iterator is built; it is used by the
+/// snapshot-backed source to attach its `Snapshot` to the per-CF `ReadOptions`, and is a no-op for
+/// the live-DB source.
 struct RocksDbSubtreeIterator<'a> {
     db: &'a DB,
     cf_handles: Vec<&'a rocksdb::ColumnFamily>,
+    configure: Box<dyn Fn(&mut ReadOptions) + 'a>,
     current_cf_index: usize,
     current_iter: Option<DBIteratorWithThreadMode<'a, DB>>,
 }
 
 impl<'a> RocksDbSubtreeIterator<'a> {
-    fn new(db: &'a DB, cf_handles: Vec<&'a rocksdb::ColumnFamily>) -> Self {
+    fn new<F: Fn(&mut ReadOptions) + 'a>(
+        db: &'a DB,
+        cf_handles: Vec<&'a rocksdb::ColumnFamily>,
+        configure: F,
+    ) -> Self {
         let mut iterator = Self {
             db,
             cf_handles,
+            configure: Box::new(configure),
             current_cf_index: 0,
             current_iter: None,
         };
@@ -1129,6 +1133,7 @@ impl<'a> RocksDbSubtreeIterator<'a> {
             let cf = self.cf_handles[self.current_cf_index];
             let mut read_opts = ReadOptions::default();
             read_opts.set_total_order_seek(true);
+            (self.configure)(&mut read_opts);
             self.current_iter = Some(self.db.iterator_cf_opt(cf, read_opts, IteratorMode::Start));
         } else {
             self.current_iter = None;
@@ -1596,3 +1601,138 @@ fn cf_for_depth(depth: u8) -> &'static str {
         _ => panic!("unsupported subtree depth: {depth}"),
     }
 }
+
+// SNAPSHOT STORAGE
+// --------------------------------------------------------------------------------------------
+
+/// Read-only point-in-time view over [`RocksDbStorage`].
+///
+/// Wraps a `rocksdb::Snapshot` together with the `Arc<DB>` it borrows from so the snapshot
+/// stays valid for the lifetime of this value. Used as [`SmtStorage::Reader`].
+pub struct RocksDbSnapshotStorage {
+    inner: Arc<RocksDbSnapshotInner>,
+}
+
+impl std::fmt::Debug for RocksDbSnapshotStorage {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("RocksDbSnapshotStorage").finish_non_exhaustive()
+    }
+}
+
+/// Owns a RocksDB snapshot alongside the database it borrows from.
+///
+/// `rocksdb::Snapshot<'a>` borrows the DB used to create it, but `SmtStorage::Reader` must be
+/// `'static`, so we store the `Arc<DB>` next to the snapshot and rely on field-drop ordering
+/// (snapshot first via `ManuallyDrop`, then the `Arc<DB>`) to keep the borrow valid.
+///
+/// This mirrors the `RocksDbSnapshotInner` defined upstream in
+/// `miden_crypto::merkle::smt::large::storage::rocksdb` (≥0.25); see that module for the same
+/// SAFETY rationale.
+struct RocksDbSnapshotInner {
+    snapshot: ManuallyDrop<rocksdb::Snapshot<'static>>,
+    db: Arc<DB>,
+}
+
+impl RocksDbSnapshotInner {
+    fn new(db: Arc<DB>) -> Self {
+        let snapshot = db.snapshot();
+        // SAFETY: The snapshot internally borrows the `DB` allocation owned by `db`. This struct
+        // keeps that `Arc<DB>` alive and its `Drop` impl releases the snapshot before the `Arc` is
+        // dropped by Rust's normal field cleanup, so the borrow stays valid for the snapshot's
+        // entire lifetime. Mirrors the identical pattern used upstream in
+        // `miden_crypto::merkle::smt::large::storage::rocksdb::RocksDbSnapshotInner`.
+        let snapshot = unsafe {
+            core::mem::transmute::<rocksdb::Snapshot<'_>, rocksdb::Snapshot<'static>>(snapshot)
+        };
+        Self {
+            snapshot: ManuallyDrop::new(snapshot),
+            db,
+        }
+    }
+}
+
+impl Drop for RocksDbSnapshotInner {
+    fn drop(&mut self) {
+        // SAFETY: `snapshot` is only wrapped in `ManuallyDrop` to control field-drop order. We drop
+        // it exactly once here, before `db` is dropped by Rust's normal field cleanup. Mirrors the
+        // upstream `RocksDbSnapshotInner::drop` in `miden_crypto`.
+        unsafe {
+            ManuallyDrop::drop(&mut self.snapshot);
+        }
+    }
+}
+
+impl RocksDbSnapshotStorage {
+    /// Builds a snapshot-backed reader from a shared RocksDB handle.
+    pub fn new(db: Arc<DB>) -> Self {
+        Self {
+            inner: Arc::new(RocksDbSnapshotInner::new(db)),
+        }
+    }
+}
+
+impl RocksReadSource for RocksDbSnapshotStorage {
+    fn db(&self) -> &DB {
+        &self.inner.db
+    }
+
+    fn get_cf_bytes(
+        &self,
+        cf: &rocksdb::ColumnFamily,
+        key: &[u8],
+    ) -> Result<Option<Vec<u8>>, rocksdb::Error> {
+        self.inner.snapshot.get_cf(cf, key)
+    }
+
+    fn multi_get_cf_bytes<'b, K, I, W>(
+        &self,
+        keys_cf: I,
+    ) -> Vec<Result<Option<Vec<u8>>, rocksdb::Error>>
+    where
+        K: AsRef<[u8]>,
+        I: IntoIterator<Item = (&'b W, K)>,
+        W: rocksdb::AsColumnFamilyRef + 'b,
+    {
+        self.inner.snapshot.multi_get_cf(keys_cf)
+    }
+
+    fn apply_snapshot(&self, read_opts: &mut ReadOptions) {
+        read_opts.set_snapshot(&self.inner.snapshot);
+    }
+}
+
+impl SmtStorageReader for RocksDbSnapshotStorage {
+    fn leaf_count(&self) -> Result<usize, StorageError> {
+        self.leaf_count_impl()
+    }
+    fn entry_count(&self) -> Result<usize, StorageError> {
+        self.entry_count_impl()
+    }
+    fn get_leaf(&self, index: u64) -> Result<Option<SmtLeaf>, StorageError> {
+        self.get_leaf_impl(index)
+    }
+    fn get_leaves(&self, indices: &[u64]) -> Result<Vec<Option<SmtLeaf>>, StorageError> {
+        self.get_leaves_impl(indices)
+    }
+    fn has_leaves(&self) -> Result<bool, StorageError> {
+        self.has_leaves_impl()
+    }
+    fn get_subtree(&self, index: NodeIndex) -> Result<Option<Subtree>, StorageError> {
+        self.get_subtree_impl(index)
+    }
+    fn get_subtrees(&self, indices: &[NodeIndex]) -> Result<Vec<Option<Subtree>>, StorageError> {
+        self.get_subtrees_impl(indices)
+    }
+    fn get_inner_node(&self, index: NodeIndex) -> Result<Option<InnerNode>, StorageError> {
+        self.get_inner_node_impl(index)
+    }
+    fn iter_leaves(&self) -> Result<Box<dyn Iterator<Item = (u64, SmtLeaf)> + '_>, StorageError> {
+        self.iter_leaves_impl()
+    }
+    fn iter_subtrees(&self) -> Result<Box<dyn Iterator<Item = Subtree> + '_>, StorageError> {
+        self.iter_subtrees_impl()
+    }
+    fn get_depth24(&self) -> Result<Vec<(u64, Word)>, StorageError> {
+        self.get_depth24_impl()
+    }
+}
diff --git a/crates/proto/src/domain/account.rs b/crates/proto/src/domain/account.rs
index 33e31b8526..3e266af849 100644
--- a/crates/proto/src/domain/account.rs
+++ b/crates/proto/src/domain/account.rs
@@ -992,6 +992,16 @@ impl std::fmt::Display for NetworkAccountId {
 }
 
 impl NetworkAccountId {
+    /// Wraps an `AccountId` known by the caller to belong to a network account.
+    ///
+    /// Network-ness is no longer encoded in the `AccountId` itself; it is determined by the
+    /// presence of the standardized `NetworkAccountNoteAllowlist` slot in the account's storage.
+    /// Callers must therefore verify that classification themselves (e.g. via the store's
+    /// `network_account_type` column or the protocol's `NetworkAccount` type) before wrapping.
+    pub fn new_trusted(id: AccountId) -> Self {
+        Self(id)
+    }
+
     /// Returns the inner `AccountId`.
     pub fn inner(&self) -> AccountId {
         self.0
@@ -1003,17 +1013,6 @@ impl NetworkAccountId {
     }
 }
 
-impl TryFrom<AccountId> for NetworkAccountId {
-    type Error = NetworkAccountError;
-
-    fn try_from(id: AccountId) -> Result<Self, Self::Error> {
-        if !id.is_network() {
-            return Err(NetworkAccountError::NotNetworkAccount(id));
-        }
-        Ok(NetworkAccountId(id))
-    }
-}
-
 impl TryFrom<&NoteAttachment> for NetworkAccountId {
     type Error = NetworkAccountError;
 
diff --git a/crates/proto/src/domain/digest.rs b/crates/proto/src/domain/digest.rs
index fd7640ae5b..043d458f61 100644
--- a/crates/proto/src/domain/digest.rs
+++ b/crates/proto/src/domain/digest.rs
@@ -179,10 +179,10 @@ impl TryFrom<proto::primitives::Digest> for [Felt; 4] {
         }
 
         Ok([
-            Felt::new(value.d0),
-            Felt::new(value.d1),
-            Felt::new(value.d2),
-            Felt::new(value.d3),
+            Felt::new_unchecked(value.d0),
+            Felt::new_unchecked(value.d1),
+            Felt::new_unchecked(value.d2),
+            Felt::new_unchecked(value.d3),
         ])
     }
 }
diff --git a/crates/proto/src/domain/merkle.rs b/crates/proto/src/domain/merkle.rs
index a4d3119769..1dbbd6e9ff 100644
--- a/crates/proto/src/domain/merkle.rs
+++ b/crates/proto/src/domain/merkle.rs
@@ -94,7 +94,7 @@ impl TryFrom<proto::primitives::MmrDelta> for MmrDelta {
             .context("data")?;
 
         Ok(MmrDelta {
-            forest: Forest::new(value.forest as usize),
+            forest: Forest::new(value.forest as usize).context("forest")?,
             data,
         })
     }
diff --git a/crates/proto/src/domain/note.rs b/crates/proto/src/domain/note.rs
index 5d8a51f0cf..351c053485 100644
--- a/crates/proto/src/domain/note.rs
+++ b/crates/proto/src/domain/note.rs
@@ -7,6 +7,7 @@ use miden_protocol::note::{
     NoteAttachmentScheme,
     NoteAttachments,
     NoteDetails,
+    NoteDetailsCommitment,
     NoteHeader,
     NoteId,
     NoteInclusionProof,
@@ -272,7 +273,7 @@ impl TryFrom<proto::note::NoteHeader> for NoteHeader {
         let note_id_word: Word = decode!(decoder, value.note_id)?;
         let metadata: NoteMetadata = decode!(decoder, value.metadata)?;
 
-        Ok(NoteHeader::new(NoteId::from_raw(note_id_word), metadata))
+        Ok(NoteHeader::new(NoteDetailsCommitment::from_raw(note_id_word), metadata))
     }
 }
 
diff --git a/crates/rpc/src/server/api.rs b/crates/rpc/src/server/api.rs
index ed2d5b7b2f..8b2f95c469 100644
--- a/crates/rpc/src/server/api.rs
+++ b/crates/rpc/src/server/api.rs
@@ -490,13 +490,30 @@ impl api_server::Api for RpcService {
         let mut request = request;
         request.transaction = rebuilt_tx.to_bytes();
 
-        // Only allow deployment transactions for new network accounts
-        if tx.account_id().is_network()
-            && !tx.account_update().initial_state_commitment().is_empty()
+        // Block post-deployment network-account transactions from user RPC. First-deployment txs
+        // are allowed because the protocol-level allowlist only kicks in once the account exists.
+        // For non-deployment txs, ask the store whether the account is classified as a network
+        // account; the store is the source of truth because network-ness now lives in account
+        // storage and isn't derivable from an AccountId alone. Network accounts must be public, so
+        // private-account txs short-circuit and skip the store roundtrip.
+        if !tx.account_update().initial_state_commitment().is_empty()
+            && tx.account_id().is_public()
         {
-            return Err(Status::invalid_argument(
-                "Network transactions may not be submitted by users yet",
-            ));
+            let response = self
+                .store
+                .clone()
+                .are_network_accounts(tonic::Request::new(proto::account::AccountIdList {
+                    account_ids: vec![tx.account_id().into()],
+                }))
+                .await
+                .map_err(|err| {
+                    Status::internal(format!("network-account classification failed: {err}"))
+                })?;
+            if !response.into_inner().network_account_ids.is_empty() {
+                return Err(Status::invalid_argument(
+                    "Network transactions may not be submitted by users yet",
+                ));
+            }
         }
 
         let tx_verifier = TransactionVerifier::new(MIN_PROOF_SECURITY_LEVEL);
@@ -571,11 +588,32 @@ impl api_server::Api for RpcService {
             )));
         }
 
-        // Only allow deployment transactions for new network accounts.
-        for tx in proposed_batch.transactions() {
-            if tx.account_id().is_network()
-                && !tx.account_update().initial_state_commitment().is_empty()
-            {
+        // Same gate as `submit_proven_transaction`, applied to every post-deployment tx in the
+        // batch. One store round-trip filters the non-deployment account ids; any match fails the
+        // entire batch (matches the original loop semantics). Network accounts must be public, so
+        // private-account txs are excluded up front to skip the store roundtrip when possible.
+        let non_deployment_ids: Vec<_> = proposed_batch
+            .transactions()
+            .iter()
+            .filter(|tx| {
+                !tx.account_update().initial_state_commitment().is_empty()
+                    && tx.account_id().is_public()
+            })
+            .map(|tx| proto::account::AccountId::from(tx.account_id()))
+            .collect();
+
+        if !non_deployment_ids.is_empty() {
+            let response = self
+                .store
+                .clone()
+                .are_network_accounts(tonic::Request::new(proto::account::AccountIdList {
+                    account_ids: non_deployment_ids,
+                }))
+                .await
+                .map_err(|err| {
+                    Status::internal(format!("network-account classification failed: {err}"))
+                })?;
+            if !response.into_inner().network_account_ids.is_empty() {
                 return Err(Status::invalid_argument(
                     "Network transactions may not be submitted by users yet",
                 ));
diff --git a/crates/rpc/src/tests.rs b/crates/rpc/src/tests.rs
index 362980f81b..e8eb6fa3a2 100644
--- a/crates/rpc/src/tests.rs
+++ b/crates/rpc/src/tests.rs
@@ -30,7 +30,7 @@ use miden_protocol::account::{
     AccountStorageMode,
     AccountType,
 };
-use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SecretKey;
+use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SigningKey;
 use miden_protocol::testing::noop_auth_component::NoopAuthComponent;
 use miden_protocol::transaction::{ProvenTransaction, TxAccountUpdate};
 use miden_protocol::utils::serde::Serializable;
@@ -103,6 +103,36 @@ fn build_test_proven_tx(
     .unwrap()
 }
 
+/// Same as `build_test_proven_tx` but lets the caller supply the `AccountId`. Uses a non-empty
+/// `initial_state_commitment` so the result is a post-deployment tx.
+fn build_test_proven_tx_with_id(
+    account_id: AccountId,
+    account: &Account,
+    delta: &AccountDelta,
+    genesis: Word,
+) -> ProvenTransaction {
+    let account_update = TxAccountUpdate::new(
+        account_id,
+        [8; 32].try_into().unwrap(),
+        account.to_commitment(),
+        delta.to_commitment(),
+        AccountUpdateDetails::Delta(delta.clone()),
+    )
+    .unwrap();
+
+    ProvenTransaction::new(
+        account_update,
+        Vec::<miden_protocol::transaction::InputNoteCommitment>::new(),
+        Vec::<miden_protocol::transaction::OutputNote>::new(),
+        0.into(),
+        genesis,
+        test_fee(),
+        u32::MAX.into(),
+        ExecutionProof::new_dummy(),
+    )
+    .unwrap()
+}
+
 #[tokio::test]
 async fn rpc_server_accepts_requests_without_accept_header() {
     // Start the RPC.
@@ -390,6 +420,63 @@ async fn rpc_server_rejects_proven_transactions_with_invalid_reference_block() {
     shutdown_store(store_runtime).await;
 }
 
+#[tokio::test]
+async fn rpc_rejects_post_deployment_network_account_tx() {
+    let (_, rpc_addr, store_listener) = start_rpc().await;
+    let (store_runtime, data_directory, genesis, _store_addr) = start_store(store_listener).await;
+
+    // Wait for the store to be ready before sending requests.
+    tokio::time::sleep(Duration::from_millis(100)).await;
+
+    // Build a client that advertises the right `application/vnd.miden` content type so
+    // tx-submission requests reach the handler.
+    let mut rpc_client =
+        miden_node_proto::clients::Builder::new(Url::parse(&format!("http://{rpc_addr}")).unwrap())
+            .without_tls()
+            .with_timeout(Duration::from_secs(5))
+            .without_metadata_version()
+            .with_metadata_genesis(genesis.to_hex())
+            .without_otel_context_injection()
+            .connect_lazy::<miden_node_proto::clients::RpcClient>();
+
+    // Seed a row marking a known AccountId as a network account directly in the store's SQLite DB.
+    // The store uses WAL mode so a secondary connection is safe.
+    let network_account_id = AccountId::dummy(
+        [7u8; 15],
+        AccountIdVersion::Version1,
+        AccountType::RegularAccountImmutableCode,
+        AccountStorageMode::Public,
+    );
+    miden_node_store::test_support::seed_network_account(
+        &data_directory.path().join("miden-store.sqlite3"),
+        network_account_id,
+    );
+
+    // Build a non-deployment tx for that account.
+    let (account, account_delta) = build_test_account([0; 32]);
+    let tx = build_test_proven_tx_with_id(network_account_id, &account, &account_delta, genesis);
+    let request = proto::transaction::ProvenTransaction {
+        transaction: tx.to_bytes(),
+        transaction_inputs: None,
+    };
+
+    let response = rpc_client.submit_proven_tx(request).await;
+    assert!(response.is_err());
+    let err = response.as_ref().unwrap_err().message();
+    assert!(
+        err.contains("Network transactions may not be submitted by users yet"),
+        "expected the network-tx gate error, got: {err}"
+    );
+
+    shutdown_store(store_runtime).await;
+}
+
+// Batch-path coverage for the network-account gate is provided manually. Building a valid
+// `ProposedBatch` + `ProvenBatch` in this test harness would require duplicating LocalBatchProver
+// setup. The query layer is covered by the unit test in store::db::tests, and the gRPC wiring is
+// the same as `submit_proven_transaction` (covered by
+// `rpc_rejects_post_deployment_network_account_tx`).
+
 #[tokio::test]
 async fn rpc_server_rejects_tx_submissions_without_genesis() {
     // Start the RPC.
@@ -527,7 +614,7 @@ async fn start_store(store_listener: TcpListener) -> (Runtime, TempDir, Word, So
     let data_directory = tempfile::tempdir().expect("tempdir should be created");
 
     let config = GenesisConfig::default();
-    let signer = SecretKey::new();
+    let signer = SigningKey::new();
     let (genesis_state, _) = config.into_state(signer.public_key()).unwrap();
     let genesis_block = genesis_state
         .clone()
@@ -710,25 +797,26 @@ fn sync_chain_mmr_block_header_matches_chain_commitment() {
     for i in 0..5u32 {
         let chain_commitment = server_mmr.peaks().hash_peaks();
         let header = BlockHeader::mock(i, Some(chain_commitment), None, &[], Word::default());
-        server_mmr.add(header.commitment());
+        server_mmr.add(header.commitment()).unwrap();
         headers.push(header);
     }
 
     // Client bootstraps with genesis.
-    let mut client_mmr = PartialMmr::from_peaks(MmrPeaks::new(Forest::new(0), vec![]).unwrap());
-    client_mmr.add(headers[0].commitment(), false);
+    let mut client_mmr =
+        PartialMmr::from_peaks(MmrPeaks::new(Forest::new(0).unwrap(), vec![]).unwrap());
+    client_mmr.add(headers[0].commitment(), false).unwrap();
 
     // First delta: block_from=0, block_to=2, so from_forest=1, to_forest=2.
-    let delta = server_mmr.get_delta(Forest::new(1), Forest::new(2)).unwrap();
+    let delta = server_mmr.get_delta(Forest::new(1).unwrap(), Forest::new(2).unwrap()).unwrap();
     client_mmr.apply(delta).unwrap();
     assert_eq!(client_mmr.peaks().hash_peaks(), headers[2].chain_commitment());
-    client_mmr.add(headers[2].commitment(), false);
+    client_mmr.add(headers[2].commitment(), false).unwrap();
 
     // Second delta: block_from=2, block_to=4, so from_forest=3, to_forest=4.
-    let delta = server_mmr.get_delta(Forest::new(3), Forest::new(4)).unwrap();
+    let delta = server_mmr.get_delta(Forest::new(3).unwrap(), Forest::new(4).unwrap()).unwrap();
     client_mmr.apply(delta).unwrap();
     assert_eq!(client_mmr.peaks().hash_peaks(), headers[4].chain_commitment());
-    client_mmr.add(headers[4].commitment(), false);
+    client_mmr.add(headers[4].commitment(), false).unwrap();
 
     assert_eq!(client_mmr.peaks().hash_peaks(), server_mmr.peaks().hash_peaks());
 }
diff --git a/crates/store/build.rs b/crates/store/build.rs
index 09bf745d32..634a9826b8 100644
--- a/crates/store/build.rs
+++ b/crates/store/build.rs
@@ -45,16 +45,16 @@ fn generate_agglayer_sample_accounts() {
     fs_err::create_dir_all(&samples_dir).expect("Failed to create samples directory");
 
     // Use deterministic seeds for reproducible builds. WARNING: DO NOT USE THESE IN PRODUCTION
-    let bridge_seed: Word = Word::new([Felt::new(1u64); 4]);
-    let eth_faucet_seed: Word = Word::new([Felt::new(2u64); 4]);
-    let usdc_faucet_seed: Word = Word::new([Felt::new(3u64); 4]);
+    let bridge_seed: Word = Word::new([Felt::new_unchecked(1u64); 4]);
+    let eth_faucet_seed: Word = Word::new([Felt::new_unchecked(2u64); 4]);
+    let usdc_faucet_seed: Word = Word::new([Felt::new_unchecked(3u64); 4]);
 
     // Create bridge admin and GER manager as proper wallet accounts. WARNING: DO NOT USE THESE IN
     // PRODUCTION
     let bridge_admin_key =
-        SecretKey::with_rng(&mut RandomCoin::new(Word::new([Felt::new(4u64); 4])));
+        SecretKey::with_rng(&mut RandomCoin::new(Word::new([Felt::new_unchecked(4u64); 4])));
     let ger_manager_key =
-        SecretKey::with_rng(&mut RandomCoin::new(Word::new([Felt::new(5u64); 4])));
+        SecretKey::with_rng(&mut RandomCoin::new(Word::new([Felt::new_unchecked(5u64); 4])));
 
     let bridge_admin = create_basic_wallet(
         [4u8; 32],
@@ -96,8 +96,8 @@ fn generate_agglayer_sample_accounts() {
         eth_faucet_seed,
         "ETH",
         8,
-        Felt::new(1_000_000_000),
-        Felt::new(0),
+        Felt::new_unchecked(1_000_000_000),
+        Felt::new_unchecked(0),
         bridge_account_id,
         &eth_origin_address,
         0u32,
@@ -110,8 +110,8 @@ fn generate_agglayer_sample_accounts() {
         usdc_faucet_seed,
         "USDC",
         6,
-        Felt::new(10_000_000_000),
-        Felt::new(0),
+        Felt::new_unchecked(10_000_000_000),
+        Felt::new_unchecked(0),
         bridge_account_id,
         &usdc_origin_address,
         0u32,
diff --git a/crates/store/src/account_state_forest/mod.rs b/crates/store/src/account_state_forest/mod.rs
index fdd63f682c..3d793fa71a 100644
--- a/crates/store/src/account_state_forest/mod.rs
+++ b/crates/store/src/account_state_forest/mod.rs
@@ -356,7 +356,10 @@ impl<B: Backend> AccountStateForest<B> {
         let entries = self.forest.entries(tree).map_err(Self::map_forest_error_to_witness)?;
         let assets = entries
             .take(AccountVaultDetails::MAX_RETURN_ENTRIES + 1)
-            .map(|entry| Asset::from_key_value_words(entry.key, entry.value))
+            .map(|entry| {
+                let entry = entry.map_err(Self::map_forest_error_to_witness)?;
+                Asset::from_key_value_words(entry.key, entry.value).map_err(WitnessError::from)
+            })
             .collect::<Result<Vec<_>, _>>()?;
 
         Ok(AccountVaultDetails::from_assets(assets))
@@ -402,12 +405,12 @@ impl<B: Backend> AccountStateForest<B> {
         let lineage = Self::storage_lineage_id(account_id, slot_name);
         let tree = self.get_tree_id(lineage, block_num)?;
 
-        Some(
-            self.forest
-                .entries(tree)
-                .map_err(Self::map_forest_error)
-                .map(|entries| entries.take(limit).map(|entry| (entry.key, entry.value)).collect()),
-        )
+        Some(self.forest.entries(tree).map_err(Self::map_forest_error).and_then(|entries| {
+            entries
+                .take(limit)
+                .map(|entry| entry.map(|e| (e.key, e.value)).map_err(Self::map_forest_error))
+                .collect()
+        }))
     }
 
     /// Returns all storage map entries when the forest and reverse-key cache contain enough data.
@@ -725,7 +728,7 @@ impl<B: Backend> AccountStateForest<B> {
                 asset.add(delta)?
             };
 
-            let value = if updated.amount() == 0 {
+            let value = if updated.amount().as_u64() == 0 {
                 EMPTY_WORD
             } else {
                 updated.to_value_word()
diff --git a/crates/store/src/db/mod.rs b/crates/store/src/db/mod.rs
index 965ef439d9..b1348d7dc5 100644
--- a/crates/store/src/db/mod.rs
+++ b/crates/store/src/db/mod.rs
@@ -470,6 +470,18 @@ impl Db {
         .await
     }
 
+    /// Returns the subset of the provided account IDs that currently classify as network accounts.
+    #[instrument(level = "debug", target = COMPONENT, skip_all, ret(level = "debug"), err)]
+    pub async fn select_network_accounts_subset(
+        &self,
+        account_ids: Vec<AccountId>,
+    ) -> Result<HashSet<AccountId>> {
+        self.transact("Filter network accounts subset", move |conn| {
+            queries::select_network_accounts_subset(conn, &account_ids)
+        })
+        .await
+    }
+
     /// Returns network account IDs within the specified block range (based on account creation
     /// block).
     ///
diff --git a/crates/store/src/db/models/conv.rs b/crates/store/src/db/models/conv.rs
index 25b6047f9e..66524b307b 100644
--- a/crates/store/src/db/models/conv.rs
+++ b/crates/store/src/db/models/conv.rs
@@ -200,7 +200,7 @@ pub(crate) fn nullifier_prefix_to_raw_sql(prefix: u16) -> i32 {
 #[inline(always)]
 pub(crate) fn raw_sql_to_nonce(raw: i64) -> Felt {
     debug_assert!(raw >= 0);
-    Felt::new(raw as u64)
+    Felt::new_unchecked(raw as u64)
 }
 #[inline(always)]
 pub(crate) fn nonce_to_raw_sql(nonce: Felt) -> i64 {
diff --git a/crates/store/src/db/models/queries/accounts.rs b/crates/store/src/db/models/queries/accounts.rs
index 53dacbeab3..4f93af0906 100644
--- a/crates/store/src/db/models/queries/accounts.rs
+++ b/crates/store/src/db/models/queries/accounts.rs
@@ -1,4 +1,4 @@
-use std::collections::{BTreeMap, HashMap};
+use std::collections::{BTreeMap, HashMap, HashSet};
 use std::num::NonZeroUsize;
 use std::ops::RangeInclusive;
 
@@ -18,7 +18,11 @@ use diesel::{
     SqliteConnection,
 };
 use miden_node_proto::domain::account::{AccountInfo, AccountSummary};
-use miden_node_utils::limiter::MAX_RESPONSE_PAYLOAD_BYTES;
+use miden_node_utils::limiter::{
+    MAX_RESPONSE_PAYLOAD_BYTES,
+    QueryParamAccountIdLimit,
+    QueryParamLimiter,
+};
 use miden_protocol::account::delta::AccountUpdateDetails;
 use miden_protocol::account::{
     Account,
@@ -38,6 +42,7 @@ use miden_protocol::asset::{Asset, AssetVault, AssetVaultKey, FungibleAsset};
 use miden_protocol::block::{BlockAccountUpdate, BlockNumber};
 use miden_protocol::utils::serde::{Deserializable, Serializable};
 use miden_protocol::{Felt, Word};
+use miden_standards::account::auth::NetworkAccountNoteAllowlist;
 
 use crate::COMPONENT;
 use crate::db::models::conv::{SqlTypeConvert, nonce_to_raw_sql, raw_sql_to_nonce};
@@ -147,7 +152,7 @@ pub(crate) fn select_account(
 
     // Backfill account details from database For private accounts, we don't store full details in
     // the database
-    let details = if account_id.has_public_state() {
+    let details = if account_id.is_public() {
         Some(select_full_account(conn, account_id)?)
     } else {
         None
@@ -543,7 +548,7 @@ pub(crate) fn select_account_vault_assets(
     const ROW_OVERHEAD_BYTES: usize = 2 * size_of::<Word>() + size_of::<u32>(); // key + asset + block_num
     const MAX_ROWS: usize = MAX_RESPONSE_PAYLOAD_BYTES / ROW_OVERHEAD_BYTES;
 
-    if !account_id.has_public_state() {
+    if !account_id.is_public() {
         return Err(DatabaseError::AccountNotPublic(account_id));
     }
 
@@ -790,7 +795,7 @@ pub(crate) fn select_account_storage_map_values_paged(
 ) -> Result<StorageMapValuesPage, DatabaseError> {
     use schema::account_storage_map_values as t;
 
-    if !account_id.has_public_state() {
+    if !account_id.is_public() {
         return Err(DatabaseError::AccountNotPublic(account_id));
     }
 
@@ -1150,7 +1155,7 @@ fn prepare_full_account_update(
     for asset in account.vault().assets() {
         // Only insert assets with non-zero values for fungible assets
         let should_insert = match asset {
-            Asset::Fungible(fungible) => fungible.amount() > 0,
+            Asset::Fungible(fungible) => fungible.amount().as_u64() > 0,
             Asset::NonFungible(_) => true,
         };
         if should_insert {
@@ -1194,7 +1199,7 @@ fn prepare_partial_account_update(
         } else {
             prev_asset.add(delta)?
         };
-        let update_or_remove = if new_balance.amount() == 0 {
+        let update_or_remove = if new_balance.amount().as_u64() == 0 {
             None
         } else {
             Some(Asset::from(new_balance))
@@ -1251,7 +1256,7 @@ fn prepare_partial_account_update(
         .ok_or_else(|| {
             DatabaseError::DataCorrupted(format!("Nonce overflow for account {account_id}"))
         })?;
-    let new_nonce = Felt::new(new_nonce_value);
+    let new_nonce = Felt::new_unchecked(new_nonce_value);
 
     // Create minimal account state data for the row insert.
     let account_state = PartialAccountState {
@@ -1279,12 +1284,69 @@ fn prepare_partial_account_update(
     Ok((AccountStateForInsert::PartialState(account_state), storage, assets))
 }
 
+/// Reads the network-account classification of the latest row for `account_id_bytes`.
+///
+/// Returns `Ok(None)` if no row exists for this account.
+fn select_latest_network_account_type(
+    conn: &mut SqliteConnection,
+    account_id_bytes: &[u8],
+) -> Result<Option<NetworkAccountType>, DatabaseError> {
+    let raw: Option<i32> = QueryDsl::select(
+        schema::accounts::table.filter(
+            schema::accounts::account_id
+                .eq(account_id_bytes)
+                .and(schema::accounts::is_latest.eq(true)),
+        ),
+        schema::accounts::network_account_type,
+    )
+    .first::<i32>(conn)
+    .optional()
+    .map_err(DatabaseError::Diesel)?;
+
+    raw.map(NetworkAccountType::from_raw_sql)
+        .transpose()
+        .map_err(DatabaseError::from)
+}
+
+/// Returns the subset of `account_ids` whose latest committed state is a network account.
+///
+/// Unknown ids and non-network accounts are silently omitted.
+pub(crate) fn select_network_accounts_subset(
+    conn: &mut SqliteConnection,
+    account_ids: &[AccountId],
+) -> Result<HashSet<AccountId>, DatabaseError> {
+    QueryParamAccountIdLimit::check(account_ids.len())?;
+    let id_bytes: Vec<Vec<u8>> =
+        account_ids.iter().map(miden_crypto::utils::Serializable::to_bytes).collect();
+
+    let rows: Vec<Vec<u8>> =
+        SelectDsl::select(schema::accounts::table, schema::accounts::account_id)
+            .filter(
+                schema::accounts::account_id
+                    .eq_any(&id_bytes)
+                    .and(
+                        schema::accounts::network_account_type
+                            .eq(NetworkAccountType::Network.to_raw_sql()),
+                    )
+                    .and(schema::accounts::is_latest.eq(true)),
+            )
+            .load::<Vec<u8>>(conn)
+            .map_err(DatabaseError::Diesel)?;
+
+    rows.into_iter()
+        .map(|bytes| {
+            AccountId::read_from_bytes(&bytes).map_err(DatabaseError::DeserializationError)
+        })
+        .collect()
+}
+
 /// Attention: Assumes the account details are NOT null! The schema explicitly allows this though!
 #[tracing::instrument(
     target = COMPONENT,
     skip_all,
     err,
 )]
+#[expect(clippy::too_many_lines)]
 pub(crate) fn upsert_accounts(
     conn: &mut SqliteConnection,
     accounts: &[BlockAccountUpdate],
@@ -1296,12 +1358,6 @@ pub(crate) fn upsert_accounts(
         let account_id_bytes = account_id.to_bytes();
         let block_num_raw = block_num.to_raw_sql();
 
-        let network_account_type = if account_id.is_network() {
-            NetworkAccountType::Network
-        } else {
-            NetworkAccountType::None
-        };
-
         // Preserve the original creation block when updating existing accounts.
         let created_at_block_raw = QueryDsl::select(
             schema::accounts::table.filter(
@@ -1340,6 +1396,27 @@ pub(crate) fn upsert_accounts(
             },
         };
 
+        // Classify the account as network or not by looking for the standardized
+        // `NetworkAccountNoteAllowlist` slot in storage. Only full account states let us inspect
+        // storage directly; for partial updates we inherit the latest classification from the DB.
+        let network_account_type = match &account_state {
+            AccountStateForInsert::Private => NetworkAccountType::None,
+            AccountStateForInsert::FullAccount(account) => {
+                if account.is_public()
+                    && NetworkAccountNoteAllowlist::try_from(account.storage()).is_ok()
+                {
+                    NetworkAccountType::Network
+                } else {
+                    NetworkAccountType::None
+                }
+            },
+            AccountStateForInsert::PartialState(_) => {
+                // We do not have full storage here; carry the previous classification forward.
+                select_latest_network_account_type(conn, &account_id_bytes)?
+                    .unwrap_or(NetworkAccountType::None)
+            },
+        };
+
         // Insert account _code_ for full accounts (new account creation)
         if let AccountStateForInsert::FullAccount(ref account) = account_state {
             let code = account.code();
@@ -1436,7 +1513,7 @@ pub(crate) struct AccountRowInsert {
 
 impl AccountRowInsert {
     /// Creates an insert row for a private account (no public state).
-    fn new_private(
+    pub(crate) fn new_private(
         account_id: AccountId,
         network_account_type: NetworkAccountType,
         account_commitment: Word,
diff --git a/crates/store/src/db/models/queries/accounts/delta.rs b/crates/store/src/db/models/queries/accounts/delta.rs
index 88e5f8d68b..56b70fbfcc 100644
--- a/crates/store/src/db/models/queries/accounts/delta.rs
+++ b/crates/store/src/db/models/queries/accounts/delta.rs
@@ -181,7 +181,7 @@ pub(super) fn select_vault_balances_by_faucet_ids(
         if let Some(asset_bytes) = maybe_asset_bytes {
             let asset = Asset::read_from_bytes(&asset_bytes)?;
             if let Asset::Fungible(fungible) = asset {
-                balances.insert(fungible.faucet_id(), fungible.amount());
+                balances.insert(fungible.faucet_id(), fungible.amount().as_u64());
             }
         }
     }
diff --git a/crates/store/src/db/models/queries/accounts/delta/tests.rs b/crates/store/src/db/models/queries/accounts/delta/tests.rs
index 3cacb46b0d..ef7190a1fc 100644
--- a/crates/store/src/db/models/queries/accounts/delta/tests.rs
+++ b/crates/store/src/db/models/queries/accounts/delta/tests.rs
@@ -30,7 +30,7 @@ use miden_protocol::account::{
 };
 use miden_protocol::asset::{Asset, FungibleAsset};
 use miden_protocol::block::{BlockAccountUpdate, BlockHeader, BlockNumber};
-use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SecretKey;
+use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SigningKey;
 use miden_protocol::testing::account_id::{
     ACCOUNT_ID_PUBLIC_FUNGIBLE_FAUCET,
     ACCOUNT_ID_PUBLIC_FUNGIBLE_FAUCET_1,
@@ -61,7 +61,7 @@ fn setup_test_db() -> SqliteConnection {
 fn insert_block_header(conn: &mut SqliteConnection, block_num: BlockNumber) {
     use crate::db::schema::block_headers;
 
-    let secret_key = SecretKey::new();
+    let secret_key = SigningKey::new();
     let block_header = BlockHeader::new(
         1_u8.into(),
         Word::default(),
@@ -124,10 +124,10 @@ fn optimized_delta_matches_full_account_method() {
 
     // Create an account with value slots only (no map slots to avoid SmtForest complexity)
     let slot_value_initial = Word::from([
-        Felt::new(INITIAL_SLOT_VALUES[0]),
-        Felt::new(INITIAL_SLOT_VALUES[1]),
-        Felt::new(INITIAL_SLOT_VALUES[2]),
-        Felt::new(INITIAL_SLOT_VALUES[3]),
+        Felt::new_unchecked(INITIAL_SLOT_VALUES[0]),
+        Felt::new_unchecked(INITIAL_SLOT_VALUES[1]),
+        Felt::new_unchecked(INITIAL_SLOT_VALUES[2]),
+        Felt::new_unchecked(INITIAL_SLOT_VALUES[3]),
     ]);
 
     let component_storage = vec![
@@ -186,10 +186,10 @@ fn optimized_delta_matches_full_account_method() {
     // - Add 500 tokens to the vault (starting from empty)
 
     let new_slot_value = Word::from([
-        Felt::new(UPDATED_SLOT_VALUES[0]),
-        Felt::new(UPDATED_SLOT_VALUES[1]),
-        Felt::new(UPDATED_SLOT_VALUES[2]),
-        Felt::new(UPDATED_SLOT_VALUES[3]),
+        Felt::new_unchecked(UPDATED_SLOT_VALUES[0]),
+        Felt::new_unchecked(UPDATED_SLOT_VALUES[1]),
+        Felt::new_unchecked(UPDATED_SLOT_VALUES[2]),
+        Felt::new_unchecked(UPDATED_SLOT_VALUES[3]),
     ]);
     let faucet_id = AccountId::try_from(ACCOUNT_ID_PUBLIC_FUNGIBLE_FAUCET).unwrap();
 
@@ -215,7 +215,7 @@ fn optimized_delta_matches_full_account_method() {
     };
 
     // Create a partial delta
-    let nonce_delta = Felt::new(NONCE_DELTA);
+    let nonce_delta = Felt::new_unchecked(NONCE_DELTA);
     let partial_delta = AccountDelta::new(
         full_account_before.id(),
         storage_delta.clone(),
@@ -226,8 +226,9 @@ fn optimized_delta_matches_full_account_method() {
     assert!(!partial_delta.is_full_state(), "Delta should be partial, not full state");
 
     // Construct the expected final account by applying the delta
-    let expected_nonce =
-        Felt::new(full_account_before.nonce().as_canonical_u64() + nonce_delta.as_canonical_u64());
+    let expected_nonce = Felt::new_unchecked(
+        full_account_before.nonce().as_canonical_u64() + nonce_delta.as_canonical_u64(),
+    );
     let expected_code_commitment = full_account_before.code().commitment();
 
     let mut expected_account = full_account_before.clone();
@@ -283,7 +284,7 @@ fn optimized_delta_matches_full_account_method() {
     assert_eq!(vault_assets_after.len(), 1, "Should have 1 vault asset");
     assert_matches!(&vault_assets_after[0], Asset::Fungible(f) => {
         assert_eq!(f.faucet_id(), faucet_id, "Faucet ID should match");
-        assert_eq!(f.amount(), VAULT_AMOUNT, "Amount should be 500");
+        assert_eq!(f.amount().as_u64(), VAULT_AMOUNT, "Amount should be 500");
     });
 
     // Verify the account commitment matches
@@ -390,7 +391,7 @@ fn optimized_delta_updates_non_empty_vault() {
         account.id(),
         AccountStorageDelta::new(),
         vault_delta,
-        Felt::new(NONCE_DELTA),
+        Felt::new_unchecked(NONCE_DELTA),
     )
     .unwrap();
 
@@ -412,7 +413,7 @@ fn optimized_delta_updates_non_empty_vault() {
     assert_eq!(vault_assets_after.len(), 1, "Should have 1 vault asset");
     assert_matches!(&vault_assets_after[0], Asset::Fungible(f) => {
         assert_eq!(f.faucet_id(), faucet_id_1, "Faucet ID should match");
-        assert_eq!(f.amount(), ADDED_AMOUNT_BLOCK_2, "Amount should match");
+        assert_eq!(f.amount().as_u64(), ADDED_AMOUNT_BLOCK_2, "Amount should match");
     });
 
     let full_account_after = select_full_account(&mut conn, account.id())
@@ -431,7 +432,7 @@ fn optimized_delta_updates_non_empty_vault() {
         account.id(),
         AccountStorageDelta::new(),
         vault_delta_3,
-        Felt::new(NONCE_DELTA),
+        Felt::new_unchecked(NONCE_DELTA),
     )
     .unwrap();
 
@@ -454,7 +455,7 @@ fn optimized_delta_updates_non_empty_vault() {
     assert_eq!(final_assets.len(), 1, "Should have exactly 1 vault asset");
     assert_matches!(&final_assets[0], Asset::Fungible(f) => {
         assert_eq!(f.faucet_id(), faucet_id_1);
-        assert_eq!(f.amount(), ADDED_AMOUNT_BLOCK_2 + ADDED_AMOUNT_BLOCK_3, "Expected total of 400");
+        assert_eq!(f.amount().as_u64(), ADDED_AMOUNT_BLOCK_2 + ADDED_AMOUNT_BLOCK_3, "Expected total of 400");
     });
 
     assert_eq!(full_account_final.vault().root(), expected_vault_root_3);
@@ -480,22 +481,22 @@ fn optimized_delta_updates_storage_map_header() {
     let mut conn = setup_test_db();
 
     let map_key = StorageMapKey::new(Word::from([
-        Felt::new(MAP_KEY_VALUES[0]),
-        Felt::new(MAP_KEY_VALUES[1]),
-        Felt::new(MAP_KEY_VALUES[2]),
-        Felt::new(MAP_KEY_VALUES[3]),
+        Felt::new_unchecked(MAP_KEY_VALUES[0]),
+        Felt::new_unchecked(MAP_KEY_VALUES[1]),
+        Felt::new_unchecked(MAP_KEY_VALUES[2]),
+        Felt::new_unchecked(MAP_KEY_VALUES[3]),
     ]));
     let map_value_initial = Word::from([
-        Felt::new(MAP_VALUE_INITIAL[0]),
-        Felt::new(MAP_VALUE_INITIAL[1]),
-        Felt::new(MAP_VALUE_INITIAL[2]),
-        Felt::new(MAP_VALUE_INITIAL[3]),
+        Felt::new_unchecked(MAP_VALUE_INITIAL[0]),
+        Felt::new_unchecked(MAP_VALUE_INITIAL[1]),
+        Felt::new_unchecked(MAP_VALUE_INITIAL[2]),
+        Felt::new_unchecked(MAP_VALUE_INITIAL[3]),
     ]);
     let map_value_updated = Word::from([
-        Felt::new(MAP_VALUE_UPDATED[0]),
-        Felt::new(MAP_VALUE_UPDATED[1]),
-        Felt::new(MAP_VALUE_UPDATED[2]),
-        Felt::new(MAP_VALUE_UPDATED[3]),
+        Felt::new_unchecked(MAP_VALUE_UPDATED[0]),
+        Felt::new_unchecked(MAP_VALUE_UPDATED[1]),
+        Felt::new_unchecked(MAP_VALUE_UPDATED[2]),
+        Felt::new_unchecked(MAP_VALUE_UPDATED[3]),
     ]);
 
     let storage_map = StorageMap::with_entries(vec![(map_key, map_value_initial)]).unwrap();
@@ -551,7 +552,7 @@ fn optimized_delta_updates_storage_map_header() {
         account.id(),
         storage_delta,
         AccountVaultDelta::default(),
-        Felt::new(NONCE_DELTA),
+        Felt::new_unchecked(NONCE_DELTA),
     )
     .unwrap();
 
@@ -612,10 +613,10 @@ fn upsert_private_account() {
     );
 
     let account_commitment = Word::from([
-        Felt::new(COMMITMENT_WORDS[0]),
-        Felt::new(COMMITMENT_WORDS[1]),
-        Felt::new(COMMITMENT_WORDS[2]),
-        Felt::new(COMMITMENT_WORDS[3]),
+        Felt::new_unchecked(COMMITMENT_WORDS[0]),
+        Felt::new_unchecked(COMMITMENT_WORDS[1]),
+        Felt::new_unchecked(COMMITMENT_WORDS[2]),
+        Felt::new_unchecked(COMMITMENT_WORDS[3]),
     ]);
 
     // Insert as private account
@@ -667,10 +668,10 @@ fn upsert_full_state_delta() {
 
     // Create an account with storage
     let slot_value = Word::from([
-        Felt::new(SLOT_VALUES[0]),
-        Felt::new(SLOT_VALUES[1]),
-        Felt::new(SLOT_VALUES[2]),
-        Felt::new(SLOT_VALUES[3]),
+        Felt::new_unchecked(SLOT_VALUES[0]),
+        Felt::new_unchecked(SLOT_VALUES[1]),
+        Felt::new_unchecked(SLOT_VALUES[2]),
+        Felt::new_unchecked(SLOT_VALUES[3]),
     ]);
     let component_storage =
         vec![StorageSlot::with_value(StorageSlotName::mock(SLOT_INDEX), slot_value)];
diff --git a/crates/store/src/db/models/queries/accounts/tests.rs b/crates/store/src/db/models/queries/accounts/tests.rs
index eee9f69795..c4e56a25df 100644
--- a/crates/store/src/db/models/queries/accounts/tests.rs
+++ b/crates/store/src/db/models/queries/accounts/tests.rs
@@ -39,7 +39,7 @@ use miden_protocol::account::{
     StorageSlotType,
 };
 use miden_protocol::block::{BlockAccountUpdate, BlockHeader, BlockNumber};
-use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SecretKey;
+use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SigningKey;
 use miden_protocol::utils::serde::{Deserializable, Serializable};
 use miden_protocol::{EMPTY_WORD, Felt, Word};
 use miden_standards::account::auth::AuthSingleSig;
@@ -144,7 +144,12 @@ fn create_test_account_with_storage() -> (Account, AccountId) {
         AccountStorageMode::Public,
     );
 
-    let storage_value = Word::from([Felt::new(1), Felt::new(2), Felt::new(3), Felt::new(4)]);
+    let storage_value = Word::from([
+        Felt::new_unchecked(1),
+        Felt::new_unchecked(2),
+        Felt::new_unchecked(3),
+        Felt::new_unchecked(4),
+    ]);
     let component_storage = vec![StorageSlot::with_value(StorageSlotName::mock(0), storage_value)];
 
     let account_component_code = CodeBuilder::default()
@@ -175,7 +180,7 @@ fn create_test_account_with_storage() -> (Account, AccountId) {
 fn insert_block_header(conn: &mut SqliteConnection, block_num: BlockNumber) {
     use crate::db::schema::block_headers;
 
-    let secret_key = SecretKey::new();
+    let secret_key = SigningKey::new();
     let block_header = BlockHeader::new(
         1_u8.into(),
         Word::default(),
@@ -520,8 +525,12 @@ fn test_upsert_accounts_updates_is_latest_flag() {
     upsert_accounts(&mut conn, &[account_update_1], block_num_1).expect("First upsert failed");
 
     // Create modified account with different storage value
-    let storage_value_modified =
-        Word::from([Felt::new(10), Felt::new(20), Felt::new(30), Felt::new(40)]);
+    let storage_value_modified = Word::from([
+        Felt::new_unchecked(10),
+        Felt::new_unchecked(20),
+        Felt::new_unchecked(30),
+        Felt::new_unchecked(40),
+    ]);
     let component_storage_modified =
         vec![StorageSlot::with_value(StorageSlotName::mock(0), storage_value_modified)];
 
@@ -614,9 +623,24 @@ fn test_upsert_accounts_with_multiple_storage_slots() {
         AccountStorageMode::Public,
     );
 
-    let slot_value_1 = Word::from([Felt::new(1), Felt::new(2), Felt::new(3), Felt::new(4)]);
-    let slot_value_2 = Word::from([Felt::new(5), Felt::new(6), Felt::new(7), Felt::new(8)]);
-    let slot_value_3 = Word::from([Felt::new(9), Felt::new(10), Felt::new(11), Felt::new(12)]);
+    let slot_value_1 = Word::from([
+        Felt::new_unchecked(1),
+        Felt::new_unchecked(2),
+        Felt::new_unchecked(3),
+        Felt::new_unchecked(4),
+    ]);
+    let slot_value_2 = Word::from([
+        Felt::new_unchecked(5),
+        Felt::new_unchecked(6),
+        Felt::new_unchecked(7),
+        Felt::new_unchecked(8),
+    ]);
+    let slot_value_3 = Word::from([
+        Felt::new_unchecked(9),
+        Felt::new_unchecked(10),
+        Felt::new_unchecked(11),
+        Felt::new_unchecked(12),
+    ]);
 
     let component_storage = vec![
         StorageSlot::with_value(StorageSlotName::mock(0), slot_value_1),
@@ -773,9 +797,9 @@ fn test_select_latest_account_storage_ordering_semantics() {
     let key_2 = StorageMapKey::from_index(2);
     let key_3 = StorageMapKey::from_index(3);
 
-    let value_1 = Word::from([Felt::new(10), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
-    let value_2 = Word::from([Felt::new(20), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
-    let value_3 = Word::from([Felt::new(30), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
+    let value_1 = Word::from([Felt::new_unchecked(10), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
+    let value_2 = Word::from([Felt::new_unchecked(20), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
+    let value_3 = Word::from([Felt::new_unchecked(30), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
 
     let mut entries = vec![(key_2, value_2), (key_1, value_1), (key_3, value_3)];
     entries.reverse();
@@ -818,8 +842,8 @@ fn test_select_latest_account_storage_multiple_slots() {
     let key_a = StorageMapKey::from_index(1);
     let key_b = StorageMapKey::from_index(2);
 
-    let value_a = Word::from([Felt::new(11), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
-    let value_b = Word::from([Felt::new(22), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
+    let value_a = Word::from([Felt::new_unchecked(11), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
+    let value_b = Word::from([Felt::new_unchecked(22), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
 
     let map_a = StorageMap::with_entries(vec![(key_a, value_a)]).unwrap();
     let map_b = StorageMap::with_entries(vec![(key_b, value_b)]).unwrap();
@@ -881,9 +905,9 @@ fn test_select_latest_account_storage_slot_updates() {
     let key_1 = StorageMapKey::from_index(1);
     let key_2 = StorageMapKey::from_index(2);
 
-    let value_1 = Word::from([Felt::new(10), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
-    let value_2 = Word::from([Felt::new(20), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
-    let value_3 = Word::from([Felt::new(30), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
+    let value_1 = Word::from([Felt::new_unchecked(10), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
+    let value_2 = Word::from([Felt::new_unchecked(20), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
+    let value_3 = Word::from([Felt::new_unchecked(30), Felt::ZERO, Felt::ZERO, Felt::ZERO]);
 
     let account = create_account_with_map_storage(slot_name.clone(), vec![(key_1, value_1)]);
     let account_id = account.id();
@@ -903,9 +927,13 @@ fn test_select_latest_account_storage_slot_updates() {
         StorageSlotDelta::Map(map_delta),
     )]));
 
-    let partial_delta =
-        AccountDelta::new(account_id, storage_delta, AccountVaultDelta::default(), Felt::new(1))
-            .unwrap();
+    let partial_delta = AccountDelta::new(
+        account_id,
+        storage_delta,
+        AccountVaultDelta::default(),
+        Felt::new_unchecked(1),
+    )
+    .unwrap();
 
     let mut expected_account = account.clone();
     expected_account.apply_delta(&partial_delta).unwrap();
@@ -1000,7 +1028,7 @@ fn test_select_account_vault_at_block_historical_with_updates() {
         .expect("Query at block 1 should succeed");
 
     assert_eq!(assets_at_block_1.len(), 1, "Should have 1 asset at block 1");
-    assert_matches!(&assets_at_block_1[0], Asset::Fungible(f) if f.amount() == 1000);
+    assert_matches!(&assets_at_block_1[0], Asset::Fungible(f) if f.amount().as_u64() == 1000);
 
     // Query at block 2: should see vault_key_1 with 2000 tokens AND vault_key_2 with 500 tokens
     let assets_at_block_2 = select_account_vault_at_block(&mut conn, account_id, block_2)
@@ -1011,7 +1039,7 @@ fn test_select_account_vault_at_block_historical_with_updates() {
     // Find the amounts (order may vary)
     let amounts: Vec<u64> = assets_at_block_2
         .iter()
-        .map(|a| assert_matches!(a, Asset::Fungible(f) => f.amount()))
+        .map(|a| assert_matches!(a, Asset::Fungible(f) => f.amount().as_u64()))
         .collect();
 
     assert!(amounts.contains(&2000), "Block 2 should have vault_key_1 with 2000 tokens");
@@ -1025,7 +1053,7 @@ fn test_select_account_vault_at_block_historical_with_updates() {
 
     let amounts: Vec<u64> = assets_at_block_3
         .iter()
-        .map(|a| assert_matches!(a, Asset::Fungible(f) => f.amount()))
+        .map(|a| assert_matches!(a, Asset::Fungible(f) => f.amount().as_u64()))
         .collect();
 
     assert!(amounts.contains(&3000), "Block 3 should have vault_key_1 with 3000 tokens");
@@ -1082,7 +1110,7 @@ fn test_select_account_vault_at_block_exponential_updates() {
         let expected_amount = 1u64 << index;
         assert_matches!(
             &assets_at_block[0],
-            Asset::Fungible(f) if f.amount() == expected_amount
+            Asset::Fungible(f) if f.amount().as_u64() == expected_amount
         );
     }
 }
@@ -1153,7 +1181,7 @@ fn test_select_account_vault_at_block_with_deletion() {
     let assets_at_block_3 = select_account_vault_at_block(&mut conn, account_id, block_3)
         .expect("Query at block 3 should succeed");
     assert_eq!(assets_at_block_3.len(), 1, "Should have 1 asset at block 3");
-    assert_matches!(&assets_at_block_3[0], Asset::Fungible(f) if f.amount() == 2000);
+    assert_matches!(&assets_at_block_3[0], Asset::Fungible(f) if f.amount().as_u64() == 2000);
 }
 
 // ACCOUNT CODE PRUNING TESTS
@@ -1208,7 +1236,7 @@ fn build_account_with_code(push_value: u32) -> Account {
         component_code,
         vec![StorageSlot::with_value(
             StorageSlotName::mock(0),
-            Word::from([Felt::new(1), Felt::ZERO, Felt::ZERO, Felt::ZERO]),
+            Word::from([Felt::new_unchecked(1), Felt::ZERO, Felt::ZERO, Felt::ZERO]),
         )],
         AccountComponentMetadata::new(
             "code_prune_test",
@@ -1371,3 +1399,68 @@ fn test_prune_account_code_retains_revisited_code() {
         "latest account must reference code A"
     );
 }
+
+#[test]
+#[miden_node_test_macro::enable_logging]
+fn network_accounts_subset_classifies_correctly() {
+    use crate::db::models::queries::accounts::{
+        AccountRowInsert,
+        NetworkAccountType,
+        select_network_accounts_subset,
+    };
+
+    let mut conn = setup_test_db();
+    let block_num = BlockNumber::from(1);
+    insert_block_header(&mut conn, block_num);
+
+    // Three accounts with distinct classifications. AccountIds are dummies — the queries only care
+    // about the (account_id, network_account_type, is_latest) tuple, not protocol-level validity.
+    let network_id = AccountId::dummy(
+        [1u8; 15],
+        AccountIdVersion::Version1,
+        AccountType::RegularAccountImmutableCode,
+        AccountStorageMode::Public,
+    );
+    let public_id = AccountId::dummy(
+        [2u8; 15],
+        AccountIdVersion::Version1,
+        AccountType::RegularAccountImmutableCode,
+        AccountStorageMode::Public,
+    );
+    let private_id = AccountId::dummy(
+        [3u8; 15],
+        AccountIdVersion::Version1,
+        AccountType::RegularAccountImmutableCode,
+        AccountStorageMode::Private,
+    );
+    let unknown_id = AccountId::dummy(
+        [4u8; 15],
+        AccountIdVersion::Version1,
+        AccountType::RegularAccountImmutableCode,
+        AccountStorageMode::Public,
+    );
+
+    for (id, ty) in [
+        (network_id, NetworkAccountType::Network),
+        (public_id, NetworkAccountType::None),
+        (private_id, NetworkAccountType::None),
+    ] {
+        let row = AccountRowInsert::new_private(id, ty, Word::default(), block_num, block_num);
+        diesel::insert_into(crate::db::schema::accounts::table)
+            .values(&row)
+            .execute(&mut conn)
+            .unwrap();
+    }
+
+    // Batched lookup returns only the network-classified id; public, private, and unknown ids are
+    // all omitted.
+    let subset =
+        select_network_accounts_subset(&mut conn, &[network_id, public_id, private_id, unknown_id])
+            .unwrap();
+    assert_eq!(subset.len(), 1);
+    assert!(subset.contains(&network_id));
+
+    // Empty input slice short-circuits to an empty result.
+    let empty = select_network_accounts_subset(&mut conn, &[]).unwrap();
+    assert!(empty.is_empty());
+}
diff --git a/crates/store/src/db/models/queries/transactions.rs b/crates/store/src/db/models/queries/transactions.rs
index 4551219068..0f8e8f67d9 100644
--- a/crates/store/src/db/models/queries/transactions.rs
+++ b/crates/store/src/db/models/queries/transactions.rs
@@ -20,7 +20,7 @@ use miden_node_utils::limiter::{
 };
 use miden_protocol::account::AccountId;
 use miden_protocol::block::BlockNumber;
-use miden_protocol::note::NoteHeader;
+use miden_protocol::note::{NoteHeader, NoteId};
 use miden_protocol::transaction::{
     InputNoteCommitment,
     InputNotes,
@@ -313,7 +313,7 @@ fn with_output_note_proofs(
     let mut all_note_commitments = Vec::new();
     for raw in &raw_transactions {
         let notes: Vec<NoteHeader> = Deserializable::read_from_bytes(&raw.output_notes)?;
-        all_note_commitments.extend(notes.iter().map(NoteHeader::to_commitment));
+        all_note_commitments.extend(notes.iter().map(|h| h.id().as_word()));
         tx_output_notes.push(notes);
     }
 
@@ -332,7 +332,10 @@ fn with_output_note_proofs(
             // table were erased (created and consumed in the same batch).
             let output_note_proofs = output_notes
                 .iter()
-                .filter_map(|note| output_notes_by_id.get(&note.id()).cloned())
+                .filter_map(|note| {
+                    let key = NoteId::from_raw(note.details_commitment().as_word());
+                    output_notes_by_id.get(&key).cloned()
+                })
                 .collect();
 
             let header = TransactionHeader::new_unchecked(
diff --git a/crates/store/src/db/tests.rs b/crates/store/src/db/tests.rs
index 5a8b4df197..cf4e8c1c9f 100644
--- a/crates/store/src/db/tests.rs
+++ b/crates/store/src/db/tests.rs
@@ -34,7 +34,7 @@ use miden_protocol::block::{
     BlockNoteTree,
     BlockNumber,
 };
-use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SecretKey;
+use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SigningKey;
 use miden_protocol::crypto::merkle::SparseMerklePath;
 use miden_protocol::crypto::merkle::mmr::{Forest, Mmr};
 use miden_protocol::crypto::merkle::smt::SmtProof;
@@ -44,6 +44,7 @@ use miden_protocol::note::{
     NoteAttachment,
     NoteAttachments,
     NoteDetails,
+    NoteDetailsCommitment,
     NoteHeader,
     NoteId,
     NoteMetadata,
@@ -102,12 +103,12 @@ fn create_block(conn: &mut SqliteConnection, block_num: BlockNumber) {
         num_to_word(7),
         num_to_word(8),
         num_to_word(9),
-        SecretKey::new().public_key(),
+        SigningKey::new().public_key(),
         test_fee_params(),
         11_u8.into(),
     );
 
-    let dummy_signature = SecretKey::new().sign(block_header.commitment());
+    let dummy_signature = SigningKey::new().sign(block_header.commitment());
 
     conn.transaction(|conn| {
         queries::insert_block_header(conn, &block_header, &dummy_signature)?;
@@ -201,7 +202,7 @@ fn sql_select_nullifiers() {
 
 pub fn create_note(account_id: AccountId) -> Note {
     let coin_seed: [u64; 4] = rand::rng().random();
-    let rng = Arc::new(Mutex::new(RandomCoin::new(coin_seed.map(Felt::new).into())));
+    let rng = Arc::new(Mutex::new(RandomCoin::new(coin_seed.map(Felt::new_unchecked).into())));
     let mut rng = rng.lock().unwrap();
     P2idNote::create(
         account_id,
@@ -346,7 +347,7 @@ fn sql_unconsumed_network_notes() {
 
     // Create account.
     let account_note =
-        make_account_and_note(&mut conn, 0.into(), [1u8; 32], AccountStorageMode::Network);
+        make_account_and_note(&mut conn, 0.into(), [1u8; 32], AccountStorageMode::Public);
 
     // Create 2 blocks.
     create_block(&mut conn, 0.into());
@@ -751,13 +752,13 @@ fn db_block_header() {
         num_to_word(7),
         num_to_word(8),
         num_to_word(9),
-        SecretKey::new().public_key(),
+        SigningKey::new().public_key(),
         test_fee_params(),
         11_u8.into(),
     );
     // test insertion
 
-    let dummy_signature = SecretKey::new().sign(block_header.commitment());
+    let dummy_signature = SigningKey::new().sign(block_header.commitment());
     queries::insert_block_header(conn, &block_header, &dummy_signature).unwrap();
 
     // test fetch unknown block header
@@ -784,12 +785,12 @@ fn db_block_header() {
         num_to_word(17),
         num_to_word(18),
         num_to_word(19),
-        SecretKey::new().public_key(),
+        SigningKey::new().public_key(),
         test_fee_params(),
         21_u8.into(),
     );
 
-    let dummy_signature = SecretKey::new().sign(block_header2.commitment());
+    let dummy_signature = SigningKey::new().sign(block_header2.commitment());
     queries::insert_block_header(conn, &block_header2, &dummy_signature).unwrap();
 
     let res = queries::select_block_header_by_block_num(conn, None).unwrap();
@@ -831,7 +832,7 @@ fn notes() {
         &NoteAttachments::default(),
     );
 
-    let note_header = NoteHeader::new(new_note.id(), note_metadata);
+    let note_header = NoteHeader::new(new_note.details_commitment(), note_metadata);
     let values = [(note_index, &note_header)];
     let notes_db = BlockNoteTree::with_entries(values).unwrap();
     let inclusion_path = notes_db.open(note_index);
@@ -840,7 +841,7 @@ fn notes() {
         block_num: block_num_1,
         note_index,
         note_id: new_note.id().as_word(),
-        note_commitment: new_note.commitment(),
+        note_commitment: new_note.id().as_word(),
         metadata: note_metadata,
         details: Some(NoteDetails::from(&new_note)),
         attachments: NoteAttachments::default(),
@@ -871,7 +872,7 @@ fn notes() {
         block_num: block_num_2,
         note_index: note.note_index,
         note_id: new_note.id().as_word(),
-        note_commitment: new_note.commitment(),
+        note_commitment: new_note.id().as_word(),
         metadata: note.metadata,
         details: None,
         attachments: NoteAttachments::default(),
@@ -937,7 +938,7 @@ fn note_sync_across_multiple_blocks() {
             PartialNoteMetadata::new(sender, NoteType::Public).with_tag(tag.into()),
             &NoteAttachments::default(),
         );
-        let note_header = NoteHeader::new(new_note.id(), note_metadata);
+        let note_header = NoteHeader::new(new_note.details_commitment(), note_metadata);
         let values = [(note_index, &note_header)];
         let notes_db = BlockNoteTree::with_entries(values).unwrap();
         let inclusion_path = notes_db.open(note_index);
@@ -946,7 +947,7 @@ fn note_sync_across_multiple_blocks() {
             block_num,
             note_index,
             note_id: new_note.id().as_word(),
-            note_commitment: new_note.commitment(),
+            note_commitment: new_note.id().as_word(),
             metadata: note_metadata,
             details: Some(NoteDetails::from(&new_note)),
             attachments: NoteAttachments::default(),
@@ -959,10 +960,10 @@ fn note_sync_across_multiple_blocks() {
     // Build an MMR with enough leaves to cover all blocks (0..=3).
     let mut mmr = Mmr::default();
     for _ in 0..=3u32 {
-        mmr.add(Word::default());
+        mmr.add(Word::default()).unwrap();
     }
     // Use block_end + 1 as the MMR forest, same as State::sync_notes.
-    let mmr_forest = Forest::new(4);
+    let mmr_forest = Forest::new(4).unwrap();
 
     // A single call to get_note_sync_multi should return all 3 blocks.
     let block_range = BlockNumber::GENESIS..=BlockNumber::from(3);
@@ -1019,7 +1020,7 @@ fn note_sync_multi_respects_payload_limit() {
             PartialNoteMetadata::new(sender, NoteType::Public).with_tag(tag.into()),
             &NoteAttachments::default(),
         );
-        let note_header = NoteHeader::new(new_note.id(), note_metadata);
+        let note_header = NoteHeader::new(new_note.details_commitment(), note_metadata);
         let values = [(note_index, &note_header)];
         let notes_db = BlockNoteTree::with_entries(values).unwrap();
         let inclusion_path = notes_db.open(note_index);
@@ -1028,7 +1029,7 @@ fn note_sync_multi_respects_payload_limit() {
             block_num,
             note_index,
             note_id: new_note.id().as_word(),
-            note_commitment: new_note.commitment(),
+            note_commitment: new_note.id().as_word(),
             metadata: note_metadata,
             details: Some(NoteDetails::from(&new_note)),
             attachments: NoteAttachments::default(),
@@ -1077,7 +1078,7 @@ fn note_sync_no_matching_tags() {
         PartialNoteMetadata::new(sender, NoteType::Public).with_tag(10u32.into()),
         &NoteAttachments::default(),
     );
-    let note_header = NoteHeader::new(new_note.id(), note_metadata);
+    let note_header = NoteHeader::new(new_note.details_commitment(), note_metadata);
     let values = [(note_index, &note_header)];
     let notes_db = BlockNoteTree::with_entries(values).unwrap();
     let inclusion_path = notes_db.open(note_index);
@@ -1086,7 +1087,7 @@ fn note_sync_no_matching_tags() {
         block_num,
         note_index,
         note_id: new_note.id().as_word(),
-        note_commitment: new_note.commitment(),
+        note_commitment: new_note.id().as_word(),
         metadata: note_metadata,
         details: Some(NoteDetails::from(&new_note)),
         attachments: NoteAttachments::default(),
@@ -1180,9 +1181,13 @@ fn sql_account_storage_map_values_insertion() {
     map2.insert(key1, value3);
     let delta2 = BTreeMap::from_iter([(slot_name.clone(), StorageSlotDelta::Map(map2))]);
     let storage2 = AccountStorageDelta::from_raw(delta2);
-    let delta2 =
-        AccountDelta::new(account_id, storage2, AccountVaultDelta::default(), Felt::new(2))
-            .unwrap();
+    let delta2 = AccountDelta::new(
+        account_id,
+        storage2,
+        AccountVaultDelta::default(),
+        Felt::new_unchecked(2),
+    )
+    .unwrap();
     insert_account_delta(conn, account_id, block2, &delta2);
 
     let storage_map_values = queries::select_account_storage_map_values_paged(
@@ -1327,7 +1332,7 @@ fn select_storage_map_sync_values_for_network_account() {
     create_block(&mut conn, block_num);
 
     let (account_id, _) =
-        make_account_and_note(&mut conn, block_num, [42u8; 32], AccountStorageMode::Network);
+        make_account_and_note(&mut conn, block_num, [42u8; 32], AccountStorageMode::Public);
     let slot_name = StorageSlotName::mock(7);
     let key = StorageMapKey::from_index(1);
     let value = num_to_word(10);
@@ -1687,11 +1692,11 @@ async fn reconstruct_storage_map_from_db_returns_limit_exceeded_for_single_block
 // UTILITIES
 // -------------------------------------------------------------------------------------------
 fn num_to_word(n: u64) -> Word {
-    [Felt::ZERO, Felt::ZERO, Felt::ZERO, Felt::new(n)].into()
+    [Felt::ZERO, Felt::ZERO, Felt::ZERO, Felt::new_unchecked(n)].into()
 }
 
 fn num_to_storage_map_key(n: u64) -> StorageMapKey {
-    StorageMapKey::new(Word::from([Felt::ZERO, Felt::ZERO, Felt::ZERO, Felt::new(n)]))
+    StorageMapKey::new(Word::from([Felt::ZERO, Felt::ZERO, Felt::ZERO, Felt::new_unchecked(n)]))
 }
 
 fn num_to_nullifier(n: u64) -> Nullifier {
@@ -1742,10 +1747,7 @@ fn mock_block_transaction(account_id: AccountId, num: u64) -> TransactionHeader
     let input_notes = InputNotes::new_unchecked(notes);
 
     let output_notes = vec![NoteHeader::new(
-        NoteId::new(
-            Word::try_from([num, num, 0, 0]).unwrap(),
-            Word::try_from([0, 0, num, num]).unwrap(),
-        ),
+        NoteDetailsCommitment::from_raw(Word::try_from([num, num, 0, 0]).unwrap()),
         NoteMetadata::new(
             PartialNoteMetadata::new(account_id, NoteType::Public)
                 .with_tag(NoteTag::new(num as u32)),
@@ -2024,11 +2026,21 @@ async fn genesis_with_account_storage_map() {
     let storage_map = StorageMap::with_entries(vec![
         (
             StorageMapKey::from_index(1u32),
-            Word::from([Felt::new(10), Felt::new(20), Felt::new(30), Felt::new(40)]),
+            Word::from([
+                Felt::new_unchecked(10),
+                Felt::new_unchecked(20),
+                Felt::new_unchecked(30),
+                Felt::new_unchecked(40),
+            ]),
         ),
         (
             StorageMapKey::from_index(2u32),
-            Word::from([Felt::new(50), Felt::new(60), Felt::new(70), Felt::new(80)]),
+            Word::from([
+                Felt::new_unchecked(50),
+                Felt::new_unchecked(60),
+                Felt::new_unchecked(70),
+                Felt::new_unchecked(80),
+            ]),
         ),
     ])
     .unwrap();
@@ -2082,7 +2094,12 @@ async fn genesis_with_account_assets_and_storage() {
 
     let storage_map = StorageMap::with_entries(vec![(
         StorageMapKey::from_index(100u32),
-        Word::from([Felt::new(1), Felt::new(2), Felt::new(3), Felt::new(4)]),
+        Word::from([
+            Felt::new_unchecked(1),
+            Felt::new_unchecked(2),
+            Felt::new_unchecked(3),
+            Felt::new_unchecked(4),
+        ]),
     )])
     .unwrap();
 
@@ -2180,7 +2197,12 @@ async fn genesis_with_multiple_accounts() {
 
     let storage_map = StorageMap::with_entries(vec![(
         StorageMapKey::from_index(5u32),
-        Word::from([Felt::new(15), Felt::new(25), Felt::new(35), Felt::new(45)]),
+        Word::from([
+            Felt::new_unchecked(15),
+            Felt::new_unchecked(25),
+            Felt::new_unchecked(35),
+            Felt::new_unchecked(45),
+        ]),
     )])
     .unwrap();
 
@@ -2305,7 +2327,7 @@ fn serialization_symmetry_core_types() {
     assert_eq!(tx_id, restored, "TransactionId serialization must be symmetric");
 
     // NoteId
-    let note_id = NoteId::new(num_to_word(1), num_to_word(2));
+    let note_id = NoteId::from_raw(num_to_word(1));
     let bytes = note_id.to_bytes();
     let restored = NoteId::read_from_bytes(&bytes).unwrap();
     assert_eq!(note_id, restored, "NoteId serialization must be symmetric");
@@ -2323,7 +2345,7 @@ fn serialization_symmetry_block_header() {
         num_to_word(7),
         num_to_word(8),
         num_to_word(9),
-        SecretKey::new().public_key(),
+        SigningKey::new().public_key(),
         test_fee_params(),
         11_u8.into(),
     );
@@ -2394,8 +2416,7 @@ fn serialization_symmetry_nullifier_vec() {
 
 #[test]
 fn serialization_symmetry_note_id_vec() {
-    let note_ids: Vec<NoteId> =
-        (0..5).map(|i| NoteId::new(num_to_word(i), num_to_word(i + 100))).collect();
+    let note_ids: Vec<NoteId> = (0..5).map(|i| NoteId::from_raw(num_to_word(i))).collect();
     let bytes = note_ids.to_bytes();
     let restored: Vec<NoteId> = Deserializable::read_from_bytes(&bytes).unwrap();
     assert_eq!(note_ids, restored, "Vec<NoteId> serialization must be symmetric");
@@ -2416,13 +2437,13 @@ fn db_roundtrip_block_header() {
         num_to_word(7),
         num_to_word(8),
         num_to_word(9),
-        SecretKey::new().public_key(),
+        SigningKey::new().public_key(),
         test_fee_params(),
         11_u8.into(),
     );
 
     // Insert
-    let dummy_signature = SecretKey::new().sign(block_header.commitment());
+    let dummy_signature = SigningKey::new().sign(block_header.commitment());
     queries::insert_block_header(&mut conn, &block_header, &dummy_signature).unwrap();
 
     // Retrieve
@@ -2515,7 +2536,7 @@ fn db_roundtrip_notes() {
         block_num,
         note_index,
         note_id: new_note.id().as_word(),
-        note_commitment: new_note.commitment(),
+        note_commitment: new_note.id().as_word(),
         metadata: *new_note.metadata(),
         details: Some(NoteDetails::from(&new_note)),
         attachments: new_note.attachments().clone(),
@@ -2649,11 +2670,21 @@ fn db_roundtrip_account_storage_with_maps() {
     let storage_map = StorageMap::with_entries(vec![
         (
             StorageMapKey::from_index(1u32),
-            Word::from([Felt::new(10), Felt::new(20), Felt::new(30), Felt::new(40)]),
+            Word::from([
+                Felt::new_unchecked(10),
+                Felt::new_unchecked(20),
+                Felt::new_unchecked(30),
+                Felt::new_unchecked(40),
+            ]),
         ),
         (
             StorageMapKey::from_index(2u32),
-            Word::from([Felt::new(50), Felt::new(60), Felt::new(70), Felt::new(80)]),
+            Word::from([
+                Felt::new_unchecked(50),
+                Felt::new_unchecked(60),
+                Felt::new_unchecked(70),
+                Felt::new_unchecked(80),
+            ]),
         ),
     ])
     .unwrap();
@@ -2759,7 +2790,7 @@ fn db_roundtrip_note_metadata_attachment() {
     create_block(&mut conn, block_num);
 
     let (account_id, _) =
-        make_account_and_note(&mut conn, block_num, [1u8; 32], AccountStorageMode::Network);
+        make_account_and_note(&mut conn, block_num, [1u8; 32], AccountStorageMode::Public);
 
     let target = NetworkAccountTarget::new(account_id, NoteExecutionHint::Always)
         .expect("NetworkAccountTarget creation should succeed for network account");
@@ -3191,7 +3222,7 @@ fn account_state_forest_matches_db_storage_map_roots_across_updates() {
         account_id,
         storage_2.clone(),
         AccountVaultDelta::default(),
-        Felt::new(2),
+        Felt::new_unchecked(2),
     )
     .unwrap();
 
@@ -3221,7 +3252,7 @@ fn account_state_forest_matches_db_storage_map_roots_across_updates() {
         account_id,
         storage_3.clone(),
         AccountVaultDelta::default(),
-        Felt::new(3),
+        Felt::new_unchecked(3),
     )
     .unwrap();
 
@@ -3354,7 +3385,7 @@ fn account_state_forest_shared_roots_not_deleted_prematurely() {
         account2,
         storage_update.clone(),
         AccountVaultDelta::default(),
-        Felt::new(2),
+        Felt::new_unchecked(2),
     )
     .unwrap();
     forest.update_account(block51, &delta2_update).unwrap();
@@ -3363,7 +3394,7 @@ fn account_state_forest_shared_roots_not_deleted_prematurely() {
         account3,
         storage_update.clone(),
         AccountVaultDelta::default(),
-        Felt::new(2),
+        Felt::new_unchecked(2),
     )
     .unwrap();
     forest.update_account(block52, &delta3_update).unwrap();
@@ -3376,9 +3407,13 @@ fn account_state_forest_shared_roots_not_deleted_prematurely() {
     let account1_root_after_prune = forest.get_storage_map_root(account1, &slot_name, block01);
     assert!(account1_root_after_prune.is_some());
 
-    let delta1_update =
-        AccountDelta::new(account1, storage_update, AccountVaultDelta::default(), Felt::new(2))
-            .unwrap();
+    let delta1_update = AccountDelta::new(
+        account1,
+        storage_update,
+        AccountVaultDelta::default(),
+        Felt::new_unchecked(2),
+    )
+    .unwrap();
     forest.update_account(block53, &delta1_update).unwrap();
 
     // Prune at block 53
@@ -3498,7 +3533,8 @@ fn account_state_forest_retains_latest_after_100_blocks_and_pruning() {
     vault_delta_51.add_asset(asset_51.into()).unwrap();
 
     let delta_51 =
-        AccountDelta::new(account_id, storage_delta_51, vault_delta_51, Felt::new(51)).unwrap();
+        AccountDelta::new(account_id, storage_delta_51, vault_delta_51, Felt::new_unchecked(51))
+            .unwrap();
 
     forest.update_account(block_51, &delta_51).unwrap();
 
@@ -3610,8 +3646,8 @@ fn db_roundtrip_transactions() {
                 NoteRecord {
                     block_num,
                     note_index: BlockNoteIndex::new(0, idx).unwrap(),
-                    note_id: note.id().as_word(),
-                    note_commitment: note.to_commitment(),
+                    note_id: note.details_commitment().as_word(),
+                    note_commitment: note.id().as_word(),
                     metadata: *note.metadata(),
                     details: None,
                     attachments: NoteAttachments::default(),
@@ -3636,7 +3672,8 @@ fn db_roundtrip_transactions() {
         .map(|(idx, note)| NoteSyncRecord {
             block_num,
             note_index: BlockNoteIndex::new(0, idx).unwrap(),
-            note_id: note.id().as_word(),
+            // The `notes.note_id` column stores the details-only commitment (see `apply_block`).
+            note_id: note.details_commitment().as_word(),
             metadata: *note.metadata(),
             inclusion_path: SparseMerklePath::default(),
         })
@@ -3888,7 +3925,7 @@ fn account_state_forest_preserves_mixed_slots_independently() {
         account_id,
         storage_delta_51,
         AccountVaultDelta::default(),
-        Felt::new(51),
+        Felt::new_unchecked(51),
     )
     .unwrap();
 
diff --git a/crates/store/src/genesis/config/errors.rs b/crates/store/src/genesis/config/errors.rs
index 3a9721c8b4..8e2f520fdd 100644
--- a/crates/store/src/genesis/config/errors.rs
+++ b/crates/store/src/genesis/config/errors.rs
@@ -10,6 +10,7 @@ use miden_protocol::errors::{
 };
 use miden_protocol::utils::serde::DeserializationError;
 use miden_standards::account::faucets::FungibleFaucetError;
+use miden_standards::account::policies::TokenPolicyManagerError;
 use miden_standards::account::wallets::BasicWalletError;
 
 use crate::genesis::config::TokenSymbolStr;
@@ -74,4 +75,6 @@ pub enum GenesisConfigError {
     InvalidSecretKey(#[from] DeserializationError),
     #[error("provided signer config is not supported")]
     UnsupportedSignerConfig,
+    #[error("token policy manager error")]
+    TokenPolicyManager(#[from] TokenPolicyManagerError),
 }
diff --git a/crates/store/src/genesis/config/mod.rs b/crates/store/src/genesis/config/mod.rs
index 782bfe39c6..fb6f15f755 100644
--- a/crates/store/src/genesis/config/mod.rs
+++ b/crates/store/src/genesis/config/mod.rs
@@ -32,7 +32,7 @@ use miden_standards::account::faucets::{FungibleFaucet, TokenName};
 use miden_standards::account::policies::{
     BurnPolicyConfig,
     MintPolicyConfig,
-    PolicyAuthority,
+    PolicyRegistration,
     TokenPolicyManager,
 };
 use miden_standards::account::wallets::create_basic_wallet;
@@ -289,7 +289,7 @@ impl GenesisConfig {
             if total_issuance != 0 {
                 let current_faucet = FungibleFaucet::try_from(faucet_account.storage())?;
                 let new_token_supply = AssetAmount::new(total_issuance)?;
-                let max_supply = current_faucet.max_supply().as_canonical_u64();
+                let max_supply = current_faucet.max_supply().as_u64();
                 if max_supply < total_issuance {
                     return Err(GenesisConfigError::MaxIssuanceExceeded {
                         max_supply,
@@ -299,7 +299,7 @@ impl GenesisConfig {
                 }
                 let new_token_config = Word::new([
                     Felt::from(new_token_supply),
-                    current_faucet.max_supply(),
+                    Felt::from(current_faucet.max_supply()),
                     Felt::from(current_faucet.decimals()),
                     Felt::from(current_faucet.symbol()),
                 ]);
@@ -330,7 +330,7 @@ impl GenesisConfig {
 
             // sanity check the total issuance against
             let faucet = FungibleFaucet::try_from(faucet_account.storage())?;
-            let max_supply = faucet.max_supply().as_canonical_u64();
+            let max_supply = faucet.max_supply().as_u64();
             if max_supply < total_issuance {
                 return Err(GenesisConfigError::MaxIssuanceExceeded {
                     max_supply,
@@ -470,11 +470,11 @@ impl FungibleFaucetConfig {
             .storage_mode(storage_mode.into())
             .with_auth_component(auth)
             .with_component(faucet)
-            .with_components(TokenPolicyManager::new(
-                PolicyAuthority::AuthControlled,
-                MintPolicyConfig::AllowAll,
-                BurnPolicyConfig::AllowAll,
-            ))
+            .with_components(
+                TokenPolicyManager::new()
+                    .with_mint_policy(MintPolicyConfig::AllowAll, PolicyRegistration::Active)?
+                    .with_burn_policy(BurnPolicyConfig::AllowAll, PolicyRegistration::Active)?,
+            )
             .build()?;
 
         debug_assert_eq!(faucet_account.nonce(), Felt::ZERO);
@@ -526,9 +526,10 @@ pub enum StorageMode {
 impl From<StorageMode> for AccountStorageMode {
     fn from(mode: StorageMode) -> AccountStorageMode {
         match mode {
-            StorageMode::Network => AccountStorageMode::Network,
+            // Network accounts must be public in the new protocol model; the network-ness is
+            // determined by the standardized `NetworkAccountNoteAllowlist` slot in storage.
+            StorageMode::Network | StorageMode::Public => AccountStorageMode::Public,
             StorageMode::Private => AccountStorageMode::Private,
-            StorageMode::Public => AccountStorageMode::Public,
         }
     }
 }
diff --git a/crates/store/src/genesis/config/samples/02-with-account-files/agglayer_faucet_eth.mac b/crates/store/src/genesis/config/samples/02-with-account-files/agglayer_faucet_eth.mac
index 6ee9d158a342091e27aa0d4b4f6c92bd69080e7e..5de6c22de45db136e92e17727ed5e2c65d55c8e6 100644
GIT binary patch
literal 21004
zcmeHvbySpF*Z9y3pfsp}64H&*AR!IXB|}Jex6+`1A|WE6G*W_;lt`l@B`F~wASwb9
zf=CL#^T2ptz1QCz-|xQPAKzN<S!>TeJI_An>=Vy3v&Pii+yfnUP)v~+jfuh3+S<X?
z*V0Wy#LCpu+|olt#N64*%hJu=*4fF#*2&7*gb#)W%Aw)mC*F?)sB<~mT39-Xh`4*0
zI$4;yS-5|91}YxT_Lfd27MAYjZniESkkhk&vi>W{_BZ}4eLO7PoJ<`|9BiHJL2RhX
z@B89M<?7$;C+gT3|E8Y~&eqN*o^G}#Xa2)s@u2i~_OD@?nwwj?gV}WUb}}_{u;g?1
zuyi?~EZs~%zF65>fA@-}aaj8)VIbCTbryAQX#6#}!^8#Axi~x6n%i1_ulbrdnmU<U
zL%D5g?qTa?Y2s+><Y984<!j>N=4@`_=IrbN>r&(J>P^!w3*Sr<jBS@OdT=)TqViKk
z+Oajlbd_tmtMq?eBaW6HrWU3irY1I~?lvY4&akUauxhB6O`3C~5cb1PRD-bU*_wlq
zVE&u150{9OsiUO{FJ$w#<@fU$b>jTil%QS~9Dma{M^6t^Gg}8+58prK$^W;LC`a4I
z7S_2p8V5PRxhCufVG3&YeF$@Lvo1lH;ja;W&tOwe4;yDU5D)Ax846kcP=0@;|Ch7Y
z%+t;3uUVUtHcZF+mL}qBcZv5&eRd`RWpSp}qNYOAl_dPx$c>19Z&OB{ELwjZ)8AQm
z4i3)VmKG-NmQEIb>4Q5O#vRR$O@8#s9jZLitYw;I!^ct=PugC(Ge;qBT7W0k5Q=J&
zek+9qewfu?SN~b(emOzzXjrJG2vz4?98HumzGhY0P26i+G@lB(iH|p(@zPqV@p(#I
zWt3|^D*N9W9MtE*?=J+@+t+V}gxbx&m)xkgu-~`_@&0iQ`hFeyGv@u96=LP-WNiyh
z&hHnZpAStKtmCdIl$p55^t>v2IJf^^KmXI?hI-xn)^wu22>pJB{U@^(b@#;oI-}6}
zAtK^r>EZ3{W^V#c6=zQ;aA`J0?sHDg9+oDDcU`anxam?%cTG~2C(+~IO&JR3V0^z(
z&wr1m_*}*(sju92Bd8YeEvv65*IwhZ*Qk;cCD_fHF<-U2HB*Hl&s{7#+UC_Thsypp
zZyh`^3|Vc3U+;{ET;0D8#J{omyIGoBLf5Z9-@N_<`~N@NxPN&c1W}>75uzIR3sPFz
zVBj#WV+!(efQl*rF97}k0s*80$N^9Qpb0=bfNlVN0H8-LD9cFzjs%ziU`7A}0E7St
z0}uru2A~AUnS|l2pa2Sn2>^ycTNe|ShqpAp1F;~0!4aaXSwj20Eh`B6$@AN>H-l*o
zB^X3Nc!U=LDeZ$okBf!{Sztp94BkH+U<nFB^@FEIVk}yArkj?uazZEnYIv}J;UL4o
zIPh}d@E{B<G^ihkUN8;<K44=U1bI*;L>zPhC?WPhIFLOK{U24%0~;KO3rAd{?Vwib
zFVjM}3uwsaV`Iwy(4$j`Z@?Pz@P{o9Jr^`ezY-i8!X;tEO@zOa|Ka1O_K8}K4+p(o
zsX)x>;$JJJ4T$-n{rX?I;ljmZ#bf2;!&SgjAi$HxMZ+V&1)q$k8EN^#;a9oGL-`KI
zGYEto_zNYuNIXWC-p6mx;GRLJ|AqYK{udUj_gsE_^gN*aDgq8x0vO^KaYOS2k4=tE
zPR1pIG6EI^$A<=s9GVj>05B|Gygz1+SO{4l&cS@c5jRVQ2a`FMND*AEuh#}-zgYb+
z7;sir+#j+N7czqYhVic|BahP2#Bl}F!CPCbya*CV3JMq=RxH}@0v=3UUNo!&Q}{6;
zB*#U3e-FWc`>zcCLkDyO_lGRQ0mBY8dytg)&=4Ji$b;@-98?d23c=<@9ONC4F+pAr
zxH7n`e2Bv;3?|3=lg5Dp4AS6ZLZ_z(dPv2e^$yj3);m;`Lt5gpQvSE?|Bm^8a}BJz
zpVtm@LH%de7_`CR#=>0SFgPm!_5T4r4qW_H;0QXNSQjN&cM0M}wR&{pJ*%fb?tp*4
zKT=ZuaC)DiI!Su+S8y-}$rK=VID%ui>;pllj4lH9^44*!aM=q#HAehyF?Y6t*&3ne
zWK&(?kL&V-l>FF9XlI8Cv>_dI1nY2nJ~-Slcp&z{UWG-=xAP=wv?R6ZfOjB11?`*s
ze;m^E91wki<G=t;4r2S&;m{W?F{s+q<buF@Wlj6-{OhS7;`tw+)EHEM1PcGvnFdJ@
zZa3omzdCUXV@H;A%|~w&q0|4$`Y^&|I1%wX`1i3oxS7Bav2vINZIwwP2;x+D6mfnm
z;}5-oLnl1c@}cfe6xQL09}MHqdKk1fT1M`vW&2zG(ItF7G(NP`5P5j~{%Fg?LqPCH
z8(4gNQ2o&B-^cb-KL`&Spv~L0y7mIQ8M<r24lY($XV3oO5TDjN&ad-PrufG9HV>j9
zMZ-lqO-n#sosagF<2jT8kOdq7xR#-{Kb*p2j&VR_M%m7`H(}=dFg*Cg-(xuN^Y_YF
zya(So9QN$H-NCrx@FJiFp+W~$4o-CVPbyf51H11UhfaV)TK3%1cWcUBI*{FgGmL|a
z&4E9B9z=Co^3!>0i6ulyexa?<-Dd`e(PM%=0}ej|n)sI;t+QzGiroh`=z5M^Fh9%^
z77wlbMA>R$Rl6S~KM3Fm8m+@t50@B$K>1lvApYS!o0cyu+GinTME(y~#E=3)UiPl+
z7B<xu;?z4+lYuY(N{0>MK+#~K(Q>$LTIhFNKDgB!_V8~n#XpY_2!^obcweFBqn1Af
zQ)(AKroF;v^rv80rS4~uHPgf(zI<U~&^#wu@pCX$goaxt$CvZ}=q()ackBKy!H|zr
zpO?`jA^1};;sb`y)Fy0Z{u~U(xG87M^#H{BLYBY4wK4GA1ZjL98JoQr*}B2ugZnFT
zWTqtqw?+t--XOfmx~>qZav*PM2V2C?!N3uJrwhidJKeyS#=(*5PobtNc@49yKg#}7
zsDm{=!R1$%z98%zs7?rWb;|x6YP0L}<+x0hgB6VoRja~7u`hIs4q?Vp$lXRax^igo
z%TRw`_h9XT3_eKVgKPU=IbaB(!gGjVLEkY5OcJUeJ!J5JmD2=O50){&bP(}_odlAG
z_5`R?dPw>Z!GZ{YJ;XQr6Q2+~dO)igB)BAmose?yKoA5~NdX^PwPX+hgVDwwVjgfR
zN<y(v0zJqtcsyu=rU4vpK@dikpzoL($Pbp@AtNaD5c8Y@`p_;&3;aPC^egB`y?mtJ
zX<&aagoktxSPM|$VFvn8pBoQI7!NDJ;2DL84fuoj>_86Lbs*(yNPLK3LEJ!&4+t;;
zk`N|74F3CkTmmoYp|OLV1#$>0A?4sjmgEsY3nJ~@k$m7!5}Gp+01%G**<X-2;DIrR
zX+eYb!~98t{y}^x&>n=P0S(!k{YekxGK?62)1UYXKp)~O0(%G}OAv^&33|9w0elEw
z05q8E!$||}gLs?39K+I({xm=xn(HDYtp!vex*AEhAn{iuM&=o<KF|ZV5!i`?qXEVP
zwsA?2BQUV&B_Tc|k`Jm-2{HzJkUKCF01)Ow%1uEX<kI&NB!%Q#fH)z(3X--$($>Ha
zbfvNZJ|Vd+0I0nXD4CG`I{_*g|Dq+S01f3igd3227vK+~yO6XS@C$PGdkOLYa)|Z>
z?LhvP|K+a<yxD;rIZRGyJS9&8`Z53rvm^Q7JF_N;mO#=0zz;O8%19bip%N4fK4<~x
zBKdYm90u$m{#Bp@;TuSPDiVWsVe|kZLHkf1KSA<A6)KmafITF?3G5*Z@*;=<;26NC
z0~lF?z98*x0Y6~P!Qufx_%_i0QEwlqmk9WbKu!ZKHZb1Fz#r89T>wk~jF9{k;Exc{
zVBI%C{4_vAcJ@d)6h8}qNF<#F<Pe>Rr0)Yeh|WRMxkz~#lFkQmRv<@~pzpX4X;%c|
z1bYIk5vgAc?AZa`kEBb19z;(g>1?3S0q8{}T><0}y@RAd6)Hj1060Mf=)<@GJO+LN
zO@sqBAy9b0dT)aGj7Yj3)S<pM06T~e_AN=s?-``L8R)YDS_MhB0zEcBKLr@tl=PAO
z=RgnQ13yi?0KWi!Ae;wis2|QqJxI<6=q_Ln;p<2~h#?5<ZLoYK-3#;}y7~wCSwO!+
z($h%1jKrAuKnVIbjBJktNi!j_7!r>m<CjO$AO|D`fuR+Wo&<7;o&o^jX+VSAgn1z4
zGk_KXbU2cJ59-1I;*s<$kOP|NBk&8^%>e+IXddwSL45)60Vetc>JYsM;)VK!EJ1ll
zKP!MQ`kf1G8<G4qP!|LIFTf9k*8vUb^&{n=KTTkcVPBB+7LWrHwhiDM09*oyg7NGE
zJ&67W<d8lSlD`l90w2(QBS-?Evq(NV+F?8@NE#E!q4vS6-6lzZu>lRmVS<!HKBNHz
zBWZBQ4gw?$9}Ol6@e`2zBWN(#c|acpexv|?gya(eJ;(<*|C%6qGm=k=jAIl@gA3k4
z92CHhEYPDw#_<U$2R<a_0RQL_@B#V_o*9Fn3N^qGpB~9S3EGnf^eNy6;vXEQK%Wj7
z2R+~`0KO_xpBvN_0XQIOCS+V;NSXy17r1LRL3(V+xDt_asBg*u9wTWkWL(^!J&50p
z<U=puRR9g1@tTwXUO@7}v%|so@B=<1-$L?1Tum1MO?ec2fcP1aSOn;?1BM`yo=NvW
zr>CKglYKt7G=avL^jV3}N=$T>ac4g&DLQ$6R`2{!IjQyHBiEgpTjls+i4*-18p&5g
zhDI-$7e#$h9Nw$Z*&{f?`TF!nfonSRDd%s;tiu^EG>jBSc?yreA@OoA8U8rmMIYMt
z<)z_~`UU^7k8$qI9MSqQMX3WbC*9aXq!)+I-YMl^kL)gQnfGtWRxv2>?#Boi{C1i?
zQ&)+-zqFXUs{C#LW_<=;?v!2d*oSJ~{YtE*BNVcsY3ln1x{G$Qr`v*EecjqVo!LA2
zQj9vG`cBdqGrhs*duSs*PpPs4Z^JGOSgf9T8HE+)hv7RP++7}(nA?;zOD?OdeZsk5
zmvn1aV@Ch7q}M*}&G&7OVmeu?r@zK|yx6Iy_pYVPW=gH~;p)2{an)eNz-B1tl+%%n
zWB!(6N<E`7zO)WL4?RXEu$~sv8VZrc^(~h@xOP|BKp=uhNzGI|(z5h!rhhief-Iv=
zE_?jfGrh-e;O1+7xQ0NlrgkUyZtIg=NUgr7?IZSnR8b|7?r~7~j4-Xf1<y@I^3qF8
z{;wxqPt&7^L?z^3YG~VZm@QSMwYtYP&|19h5Z!gMg{LXI;4_X#<h&8Sw$a#i*L{ae
zsRb`MUtL}>{?^n#K>Q^kP4d|nymOt+BKN6-tlvpA`b;dEeb{+T6nu`$lT72uGKNB1
zc;bnsMe>5n^bwvPeOSWLu|~8roLARhPb`0PyDQC*Rf!=tR3^Kt+^V?LU!T*`B*Va+
z&A8D^=)!t6;x4ak#O96oood}m!uJbxBnJLTx~5wAQyo25wE7b7=-^}-h_2s9+mO6p
z9-nE4i;snfX`0@mU+i`@ljurXzCn5Hma}v=!|EG40>hA{c?rjU!vyKE_?+60i`IjW
zR}p&+TSIpOoFpXRnS7!+Nk>ndbRb{T!$p&{xUNR=PH?w@s(_8&dCXc+^G+(4Q6>wV
zKZzW_K0%v~&HVnkDp8lJXN6}=dentl-*~lbC89n4;&RKm><+bt_v&!I(vd=z#j%m2
zTg;?l^S1V@Pd+qc+&bRerSFxetdQ*POnhf~W{izURp4WN%jk(G0(>qx)y~W(*8*{2
zZImC*yd)LP@{<!tmAXzJw`YrWRz9x6h2mw)OG1wiX;%_STK4!I8&ffPnmJJYs3q|x
z-;TY)_$%v_?Cq<8$8E$Bj>^{Y_O_Ck*n`Qzl0*^jayu<&uGJP3R8hagtQv8Wx{nnX
zXMAG6VZYsmNgiFemGV6NjuA;e*_-E#vU56n)-crs(W1~+zn3H@X5{j70^%<eetZ2P
zSi;*9Ph)mH8v}!OqRy+eq?<@M-~X-tm2Wxa52>oL7Vev=*y`{N)(~qcE+%3c=J>vk
z@;sxQ58Iy8b=x7<o~D<oA-66Txcnw`fBtD~vG<W%vL7N7{7WAht)B~A7HO0hik6j{
ziDBj|nws@n981}f2z(bcbel71Sdi2IMtsfldG654NToUl@0{+6KA8<Vk_Q4#8tG3k
z8eY&vYF=zmxzP4z@bdGO{4)jAbhBL_y39w9%NxbI-aSbXYD&9aXA}+3)L3|%m-#Z%
zzg?_ARwl2P!!<tmye)lJ{L57tx&G+|;`X@)899T;33xe;ihG+)cGK<{dqNMZVw=b1
z2iu(FZK~Ae_=S5Pe<<RXRd=i3!mGplI+=1S>n5k+QO)@W!PQ5xBNZt{^Y~xC+ONE9
zExbT*e`o5&J&jQTeOo=32SQh}eM+A0X`a*%(ck1w>=EX5@yC+lUec_6Xhp_`eUrou
zcfafmOVO~kV6gmHT#b3FalM|zvt!{o_L#4fM`Pk}KA&U}QfX5<;W}Tm-gi1%LwZ6E
zJu~{<fW2%o;#`rM7#jhl)QMn4@&FI~w9U+?8{PDSBm9K~cOobm8U1*wvV9|b=3p#1
zQqrw!(j{s9M|vx?Yu-$oC9aGPo_CX37eIUM**oV97f>G-WyFiwvFT_n+T;9IK|}VH
zLw$IJVzI}=arUC(YTE+I87*Cj*6Z<h^a>4e5m#jOOrK%cMip|!(WcY%Y&;C2x(&-T
z&UbAde5bb^T~zGvXEhV%xPig+risoxGg7XlFVYSt;j5oib7%S<bw>Mp>tNY>)+>a{
zV^<c{sXJGg7%irbv7eZncsMGFE*BX^hUT1hH^cwb3J$I~?sOjQHkru=rNqml;v(M?
zTArwo;_4KqPsvF4)fj%mH6+mGNaHQtYZ6Qrb!6n!?6B&Yd8)!tQgdbIfnh7GI9fKg
z<}KU3@dO?oK|&?X%Z{n~AyEz*t-&e=v;xaV$qSm^&G02XV!x8NY*rpJdy<q>Q2))P
zX7gv2PD4tx1$QO=@)Cq{>IpCGJo4K~x=yGQ)%STm!bTHz-k99XElwvh)Arq!bnQ0^
zEBdyZ#>-KacQ3R!Ggf)G`0rT;Z0_<@Z@;=R_SAX6Ml91{C%aT&Gu`)bJ}&}Snec-e
z<<%KKFZG)r?KwWa4UWvLTJvEpu`1HTWhkA}pWyj&V<)iptEF8>y-bizstpTT>=S-C
zVXCL{?wG2wa~wzJ2!pIk>cEZFoQM)O)}8!5TN~JX-Tg<#fv`++H`TB4;n@6+#%?RI
zCGrMavu?{5#pUi6Mz$?&>rNnURu~?$w!HGJAtPgZoUIL^RxIeYIOREp7tCSB(sw-K
zs$J*ST{0mwY`I$YkOfTxjtxs<l023A0(15FwTiCPgm8k1ttt}gEQ{DVZv&;z1XO%+
zZZ|TrRHYo`SB?*SW61Zm4k{$Vf3I14{q^+R)!a$SF^rQ96v9EdY_7GiyWB|=CG=+A
z$KUi%iWcdKD<-B5+;iLWIlVnh2-D28m0p<i_%@i5V5J^oIe(=s_R0&g+tbhXhx4EG
zwUFfd-SX#2CTM8zc`kO=Z@`SdxUF&tGXQ3an@)V+zlywXp>2A^-!ov6`8bE$@Qdp<
z2$Ft(V<ksg`j4m98&n2!h)QXCPv?5(2#nmkAcId4NRw8v)%x*lm^YlUEcl(p^m9wC
z0df3Mg3H}9h7v*FIE~t^9IjZN#(zH(t6o<<*SSmHRMJ<zoa#q7PvJu9q-_Jg&9s~{
z!xX}AltmPHMd)#?EZ#dF*QNHaQA>`b2|8|;9V;R!_RnySH}^WcN)L)i)leZVV9J{I
zg-@%zA)lt1wEn!RbCk95Q(P%lk2ZU%d1gI#-<xwxYepB2UC~=Nb{Z^oRl4?--1q|7
z>F|4Ov&J$`)!bJtI?fkdAt8SbyF3~5q+0t+jc*c0q%N_^kc{$BB%hCI^W?CGc3$Wz
zOYXP&@ft;WK6G)VORyx~T4Q#>E7#7}=`f14e|S<R-b8`xWxxp=h`9OrE3=rD8Oh~7
zUHhC9qYSrLVqUb!yg2{mW;nBPs@_Gu1tzizPBhj>)a`^si-=`vcUwg{w7f?9TNO*U
zli>@4QJC_4Si6it_LE*mn|oKzG^a_7V`L~EZF1;|#O$d+x5MWD)Ir#1vF?4ujr^RD
zRJtOgi`2^EF;@J~=VNoEv!iqv-VHY-P^ryhlNvUjdc>XZ!B#8kjkI>!MD$6orcCOB
zQ993&t(>LKzV~K1tKk@*$LMLZXx9uGmYZ&w$FmkO79IQQmz|7VL_5QFiS@BtG!?TU
zXT{DJ29`p;Cx+OTEe3Nf@SxG4^eNJIAF5Qx#ELEX$5vNu!gqOnbh^0fSc5#(3NM{M
zH?9rezfr=8x74te@<le7B3W(7KT%0N?A}J&1D4Lg1flj2Y3Za#1B4XM9@SDmX9%1a
z6|-44##m+(bB+p|Rh?AaVctm|5Bs)IW=C%(X03>>y0q_rJM>{jEdS$1T&6$SydGC(
z*)3zZV@S)4WJ~Cq!cQ?>+kvge8>?3hdGBMhG(0y^4v$sz=eba!y21U`=V9F9^*nR#
z#6AX1#vKpsHB$9x`TSN#FRG~Zxmt4cG~;*&ntLi|5{{OJ1u#VR%ml`T^|C9l=pT==
zm{2rz$HUPPbD1QyKjNm+{wnxE%{;$mB>Tb%MNe0yP#CFn!kMBA=jV-|OU8<xv&dF@
zUq-l4)bE`$;+lApz%?T;-X{9u+@feF5q>BtdlIV;u{~0ki48+CZv>zF)W_TEqE_7Y
z{9@qCTH&N-owD|!F}VH1K9R3(UoF1q4^&%*3rpEJUfsY5Zrds25qVv(%(NqDRyfE1
z%=YrcO!4|^IW3QVOU!m}Xpw`>DW}1mTlKplq>sFb9fEY1>oT9pJ1B`+%pr`@JxzO3
z!p5yo?$5icDgl}`8!iF`<j1<>3$Dk1RNK@z71B9?W*F~e*ta%3cUdn5=2PY(AV*%2
z>fTiBYVoYlOJg;w<sP=m79;D05!mO4mvcI&&D&y&qF$XC8Csy|GjqTiG`^<y<Xm(T
z$(By|Czg<|t&&3as_SPvYh4Ek*4o_l)C*S~^haMjrd%c;x<nqYKu+u|!>F_J@D*3<
z_0Jj~BJ!PrlHn3G$y_J0>ZvR=X#~UH3y$zkTO?mQ*=1CU(ZGC1Ju#It&ur4GezES`
zW3AH{^>Ca&5BWDrh0{HLkjipZP7M}5y`X1}MtO-(?YR0Kbp1CQS(LZAvN_mg*2#St
zZxgfCu6>nq8Z#=BpDPp1f2PZ%U=upNs)d$P-e6W`^w4qYm0ivme4?7>+h641ygpi6
zjURc?R907*FKA?S-JZIyTwSx>dADjWD&tX<!)JLbUFup-XI_h$u*aifZmOEEFAb66
zop~fH+Kaiw(k~vcy>%zX@x`gr&EtNWSjppju_ZW(*l_f>S5JPPZP-hwS1VMrbJgTz
zoqbO=(x9lZ)b91Agh5eM*2CeheRiJ}T?5%X?1ngx6_JwECt|shw}#%nXByvl>hp{m
z?IshkVi9kD#(!o*UvR89$NM<(%`C~*Ngh?RS-gAaGt!7dsHQTm-QVnagKtK}Ea>WC
zC2}qRZoTgJPuJh&Y7t>J*0kXsi7_FZf=+z0QTz1sw5G?LV^irSO;<T9EkDZDK4x{3
zttlkWl9u3errdqL6&F_%%775i@nilVReh?ZtVUdky^RHPNze+nIg@FKn*xzhE~G-!
z6H`&}V4~J}O7&(xg{%}ykLhj!oHfUVXVlEK3gH$i{-ij&KH!FaUtkQ{Q`-*NBKosF
zW!tza8Of(Un})_H=~edB@KMvcwU;G4RXuAo)TPz2n)#3?EOO*|tNc0t%Z{@|`1?k%
z;pzaVx}6Y*@=vBCh0iSc+pC6#lvA~nK688FC)F4$KQ(50r%;;}wY4z#AZFkCd5YiC
zne%z$bj{8!1#0~#JwK9>Y$e}Y2>nb-t~L}QZ7L^5ZjtnYq~ju1%t!0VmlUky76jwp
z+C%tWlbd1}%FeiR4al2YEj$n2T;*&(SI$(ZQqR)AgvVtQB4ArENqDD0J*-0erF)WX
zMAZ|<#(NDR9uf;-9W@zM^frTiiXJjL&TBCS6lLt~*!SS=ZYJc%El%L<8B`~D+F{(d
zp;tRG#WD3f^g^GAPL(Vr{-qIj?j54@+APv9dRT(Fm1@=!h0oZxsk7LQeImX-K{WP2
zSwf{x;-3D~3X>PXxu45VD`8{i-<PMt<ta@#?-*n?f_sCOb;I|9u-6CeY#UlfHfHvB
z+a%hboI*Yu3N1u<w@igO$q0;wwxuN>X;-CaMAH^HePw`VK+1J3BU?Ie?Mbj+x`I=~
zH(~Gli|RGg?!nz0+}wTvDH3is_1gpHHc8)3t$Y<YJM`lDWtA5lYq^Sj?jrQAvx{%a
z63H2r#EOHuy8>15)RPp@>5>QKI2jS?q%tPdi?0i{^a;@Q(pEW4;!aobNYvMfv(eY|
zAC-}cH_8e&g1uCFi7P8WqMMj8UPph)eIP{J+>;QOS-g5o>B{}J@wQZBEsBY@WC>K~
zCv4j?b3J9V!iurCVl~&oS6_k+u4vSvHKjcmI5{eo$Y@7p5;`5WV$Qn2U1M0EwCbyF
zaqpS5<V01ATIZ)aGa3=tqp-Nx^Wm&5<!9?iH~dQsFAz1LxiGJ{9}y+h6Z_x3|Gk_d
zF4^zRoh)rVnlE~{a{HEq^^V7a0*~1KbA;@e|81-`ALhhGXI}#mOR4RCzm-_Lu*+;i
zlutP|4XQH+)K|@mB!|VH-XvIVgSCiF@bTeX)W^$X=zH1W+4-%(!O!t}z!7)-Maq3K
z-GcYQpU!^kaMP^U&SDA1EEi$mA)3$T{lp<BdC``-!&iy+TVj!ovR5Cw*s1$?iDKy|
zKNH@zUnSbhVB*2$!laLTz*PQPYpF2CqN_)JSy^;87NKH~`%1x~bO2L&8OIbhZXRLO
zf3)@Hh_FC~pkZrw^NiJ~2deuehN#(jmDLEbX!K;Ku=e_5;@4Ekb8++oBMb@r6<bx*
zZ`tUqL@HpUcoAiUOiyfNwfSoA)Zc4~GHL(x;aH2<$4Kr+-ae%2yJtl8kJhQ6wU3Zi
z=meY-<O{raisb^)-mL_2*L7V1y@|6DCljoLlshFatPhIo?Q7G@e9ro+>%5EV{l&3f
z8ge}5j(qkzx!N4;4EraR1NlgdhvU&zJd-%saE~py@x5QLu+2=5Bf*^x6HmN7oSB^y
z$SKn;W#_Uk8tA!WT|!oLBf2hgGA%u#1d|(nZtvXSGg8grjqBgcK8LzU9(h7~ocoqX
zKgS#=sVUmdH$+0p;#bw);AFy_2+WwuX|oV()(_oxxk?|T1%G14KP6?tYyRMvKrx$n
zbzGGB(@Q-cE;MAZq(3%XzkS(7Ro29dXu&|sf$1c(r)xTS+~`uuM-$9DXK5ZC$9}|M
zEYip9dSt`z-nJ+?mVa)g>w{cW_VObkVmCSQdmYMlM`oiXMp#|6Q&}>tm1)TQbY?Y=
z4#B>0)V`Hg^d0al&1OrICp*FxaP0}jM663p=SE8d8k+~+qorH%mXF}wcJp%zqtUmI
z<g8jmNwPl4xq;=vy{Un!{nQnV0h6nojf$mPw^>t`xH=U1H!dj$k@FREn&{sSwn*@N
zcI0wBC3|Uh-ByT}yo;T}iw1tZWN~_Yi~9@5BrLwhR+8z|Y%)pE&CT_ME$7{6JkhH+
z@a^Jkcx~Sty<`Kb_fM#P9)ErLo>|({l2%KnI;?3i(r*ztn(-H_ZFxFqrd-(K?_Mp_
zIsHk87s1jkuu0e>$$57m@dQU^c;Hh-QO#N9W*RJ1;}`t)l&?u{OjKw<de*S7a=5Sp
z);t4M#iIlb+;=ae+`Xq=PF37~*(6=SETZ^OAt-9oD&V#4`S*9|;_v#m9g7$63s-fI
zvYkTr+&Ig%jaf!`=|pqJYJBnOyg`Xc<|B<7#1oX9E`r;}^9Ea|uH79wPXr?~B$H=}
z>5M&7^&oR*5-o3G=6JEv!~S%pp8R+C@x+QXq;A*i*mX<PBi*iGOZMJP+|Ks2S1M1e
z6inS0!RP8YHlxvQ@bLC)8FTlIvmVO3f}X6&IZsTZ1M9jJMz|YaA+8jW_oNDtch)!T
zVr`+y|82?9cf^bIPepZWH&2juRL!7SvAuFyer@_CF7bq#v=FNG`wX)hgMmSG(~T!R
zXqT`~SNR-ycDjB?j|N=!{T)Lp2fgg8xo}L!5!QK;mlGo@d}w2vg^Ln<lb>#E(;ux{
zRZFy(PPyn_Ft0PP_(mE#tsC7ysEpu@k=fdsr|yw6>Ezd^kGTZe`_Al=kgmc~E38Xy
z<R{AP(>{DhNO?WxXa)bqs%5iNKk3RAu89zNgXwAxj9KknA~_%LgTP>hLJK3y(=C?b
zQ@T9XHfiKiRZ$d2S)XA&MIXq?v?MO|adhHz_K2*EB{aJ^o5#0Hd1G?d%;duHnXeAl
zBd2GB1;cXB<oJv;v%iS18Zb7WXMUpk8W&%8er)_9pX*0u><%vct!omcqfv^jtl9yO
zTOQ1Ey~rC~(K@4Ht>wZ;q{pd|;Cr$+*kyMt{jri~TLIPd*kk|>Q3PGBjUzD!_T2$E
z-)s4F5<#Idws6?2HTkuaRmlZ6O63$k*2i9B7@gDtU$8NbKBm^TU7mNTd3k!Q&(1C{
z{2jyDbD_qzP4t6Ki*E0DlRlw;W(+rYULZp*loPzEK_6r@u$$_|p-f;G>2dwkG}^bQ
zj~XH4$9pcgF!MfcKWC%M$dHiR16vfCnQC#8d9L>O$|>P7qcAU~{D7!4I|YPgTaQM^
zal0`vRs!O}E)-<Sw?@X})9@y{?Co4yd+;PCJ=S0HjxN6=LAssDEnDHv8c};|Cu|`-
z*INI`g8k90z1pK|xRp1eH|Akmew5S#T#ZY_{RGCsn^OZYgB%e{``m$*O8KE~%7@ar
zO(S$#wK#90v^5puZsn`lnjdT6CQ9K94ZdN}_t4<fatX(mYlUzdt(UiJauiIz(71mc
zXWEsX*tFA&$2aOMa*0j)r|rYfrQCcr7cjKh#+Gty`kwm@_}lkSyE*T$YSqTK*4_Sw
zD*tZ>YteG04-Zw^Pn4w+YmVX$E75Y@yWvo(##6uBgXM$DKBIm&fXln|Vx#TH7bmQ&
z*lO3Uyw+o%E6q7xDZgL5vKvCuLlx3HhjU-NMs-E|Sm=q%A3g3}iA;INb)#CRE?u}_
zow*L@9Y49xv+zaAYo8u5e4XZen{-^Y)!1N`!d(CIy>0zWCtBxp6N*tE<xfX7vWGl1
z^KlYribN<ZmSfL%%yq!5I2Vn&YWZ(WJs2O=ucHYX8gywCv<ekc5l>6%UC1_ym_zhw
zRX*XlFihwyCjVqc>%5J!^z%=0>(}4QnrvUE5y6fAqMR7^s$`>S1kK3(*yU}J$L<pC
zVY3aJ_zWB?U-Bv)Y5K)fPb(UYyXuyCtG}x6Pk!zw<tU~@AlB9SW<n)DK&C6D>i#Rw
zPK)A)(K}hI++=GRdU!OKt!Ww*6wNC>RQd<wyfA5N>inc4l5f|`fnV&!MOV`pNUa}p
zwb3aod{^-@*+`3<CF^BG`AHwzc5Sa5Gcxa{W(-v=ROio2O7=G?N~x7axvPQZL0%s4
z;OH^9W!G86eLU9UixcXo&W|DA;K6NGrMj4SM8GZAPfbrP&WY~UJs7)zvsIhOle;?n
zMZutaqc7u8{q(gSIePkGxY-%w`Hv4?O^j|@24|RZzrK#i{I1{>_NBGiHIbOc=eW%=
zb_>DyyJD6)Eoemq%l1O1m!93sLchb>PiWU=;aQuN^gu&ISHHQ3L)<a*8nwZ-Bp(>t
z)7QR=45_yS``bkp%j3t~(QdRn<k(J}wC{}3c3vUjz7Sn-&A3FaHv5(IwlzOHwc1H@
z?1kBLUCCIpwP}63HtzBk+DVxYXdK2k>R;lo#J$py;8+jSt*t({XZ5T;kBa`1Y2%jD
zkqAnMi+&cWGW8RgqO1!szHdaEPhaGukgpOB?3^M@tb5Dd`|%`OduCHlky49JGM5G`
z0Zo>g5$vI3hSE5KPo8wf)ds6e-Zw{PO2jvUG~{(Uquc6{<2>W>VlU9-5}tUZ*sdnl
z<9VhY!6Q`YLSLGiLN$NN+*VOI0ZMIyHpWq{zW3{kzmCC)$`xDbjVsA>o(XqGPfQkG
zp?D9^b`<yH>`Rt5?-kgvsPNF49q?k<yw%b?Gyh~uTr_Heqg&=7Bb)iexfHd$1bw$V
z{GXJ$WmUbmTBJQiN*|JuFi5R2+Ik5zpT55LzNHYiYe6L1be5(ew3qiqxa_lY*F^)L
zVfO6Psa?|vnWFHvT-*zMA4Aq<dg3ls?jlSmrtTWmb(}JTosBBLiU&=*YdROBUJUBf
zu?jw`uk*zlFV4wp%`UsxKo+w2R6?i)5hAzu2_3USyOPoCblM_A2fu|#qjmBpv6doB
z9+yj`yRg}sD;lRJm|Zkcy`N{eg~iQkgw3*aO-Q(n2S*~MrE(Tql#_`hm>7$#*#3!z
zXH4id1@1JJd-bq~eOHI3@)581f|&;B>35@qlcnLP_AgZTcbgB&n<|}}$9QYSJMF7;
z*X$~>5-v@?%y@O-F7daHa^nB%`C(rCz*$|ywei`j`%h<l?{5ZH<;6uC>GNI6b<neC
zW~jJ7xBj;DEQy5F4xMIEnMy)5tHStt@1!(OR^>>2cQNlj%@6*FBVtb<Vt+;xP&PGr
zub-CQjfim?^tFFmzUas7pHhYD`Q3KP&*V+ulPwDY{M}2=)8XSP{So0W1YUDeEV6e^
zVB0Y<44=L)`01z(HkOaX1r<V#@HOo&bd4r;-UU3E<Y(J|njhaxFod%mbGp!z(Z~ee
zp38CcyHnwL`m^|Pw$@W5j06AY_YawjdF)*}48q&gjcV+B+~rKPjXIJPA#!V%)^T74
z-U~E_%d5OEXGL5IpSHU0T{33eJSO^xnwm+AtZ}O-l}-7d=103CB@<;4i%_ZG4henl
zYWK#AUYF3ognSO#;xP?&eWm2i(@l!muO=!+@z89>GHP0JC8I|)FC1GXd;TWi={*hn
zgtw%#uDaZNdFRa)9!(HeG=&%96*vT#Om`<}=Tb&nV;itm6+MdO@$VxNc#yX+p4gw)
zVRrAKEdhhe#ND0y|1>{{AFw1BeLCtXT%JB|y;ZmA+ql)OK2UL4-*QNGF%>R{Dt`CN
zS6wdI3e0Had{fd|xQk1WD8m;vL3f|<sCrT%yyfWs_5Fu~>|!^=RnHE(XOl4+&skF5
z(h9E+spP66YLCzFlu<cRa8HhmR!~1wqjJeAcd>E)xT3I=Exo~Y!dLHEYA3(*Kh3Xe
z!w%RCWu9NKeWbo#o$MQg`T7%L3z9b0d$GOKDG)v4>Jwh#ka*UhD#1ayG4QN$v({TL
zLl2MEilv9`J-saTB2P-f*26SvtFCfru^UeFv5khx>|g6o;}CNimG}R6Dg5*M_oG5Z
zuE&X0qPGS-%a{|Q)ty{8JhUf#8P0uaB>AWLHK1Jev41S0=ZbX9=W9uMRKqRW7enIq
zNmtsfG(Qj>8$uQT=LaOVS^lp~UW(_<(F!{U=MsE)h)vO5HDvuE4t`3dA60y){+9*S
z|GuEIhyGXuD%+Tc_`je3krALo^}7mG->abdUINwk4ye9YM)h74)q4e0?*&o4w?y^c
z0M&aRRL}jWzIQ<NyA)LG7S*|d>fVCt-ivDAL3Qq-+E@PRzJcn!EciL`VL|(UKQ3*&

literal 14803
zcmeHtby$?!+V>10EsX_8!$=RIgmfd_jxY>8bV`UiprA;H0uquc0@9KyX@G)+A|;}P
zAW8^Q0`GcY^t^kYeKwx&JKsOwb?)n0JoQ_@JJ!8&z}VXQ62Nu@gTKN#IWdlou9!f3
zZ)s@<jGwK&ue7wShx=K3Zy&6OI~wcm;DJWM;6QdO?*1kJ-w)tk$PH^}?=CIv<BM^(
z!+6{I{3HW6z8)_2?r1xEA6sv%r!Pb*{-@gi{CMnd`0N9G?Y-SGu4q@Ry9=;wFZq2g
ziM^=)O+WXxjr(u>boFrbK>K-P(PIB$vqbjf6aQzkFt)b#KA<%{{M|7&uJ%YDUwhA;
zCwp%+$QK8!<4;z&!S3B35(awpTh8vC8wUSu+-~9m>pVSNv9?(IpLc<1H;g;R5z1|h
ztuOYhJ=zWH?u*_*1)@E@J#5k59v;51Ng0*#+4^q3Z%A<(PTh&KZx|B0wWDv*-puOC
z%P+_s<oM@4;%4uQvBUUc&`ua1C$y^vEX*BN4SCsUI6VMegZCxtL04Vznw?1S{*BqY
zUBn&ZW{(zy>in&!{teN;_8;#v#?RNu!yD@x2>Ykz`IFM$?>2kq=Wn(A-n~!YZ#;MN
z^TpU;U4dtRO2<FB^^eCr8`TL5>)0BIhiZ_7O9ew$CT9L^=qe<P_zGQrKS=+N^V-JG
z+x?&OdTi@sk}lVaRP~8F6YW+K*DD`(iJllA(w+JowL++<Q~d7@+y9|<mV^TLw_@}+
z?fkDZ9OLTh;cst;{>xDKz=`(?#$FwwEaSGXiJj(@y+eAT^>^`vbX@H1aeh_1t9??q
z4gr&?z3Tr~C)j&z{{58OdnoxWllG?h_tI$Ze*POv6475vlAlYHKVL=vCW##U+#RuC
z7W=t4`QrozgSFq3ffAGypQT}{yKVdL`T3uY+ur@=x0-YBMal1H*ncux_jd0$XHXFs
zp{lXQ-wiPTcjL=nE+Ks2gnKO__8K2_6pf65)dX^caBdoKqXdcrC~ly5fRX@8GAK7e
zxep4o+NcNR87K^(yZ|Ktlq^s>L3s&^E`pF4(z~OZ7|sn{cUJy{h+nS>cfRf*s8K`!
z010YqdwXZ5BjNaUE4WjK1o}*mvSw>%*6JxULitD<sNda3qz=6X0`ZUn^GT`TY_4lv
zLb8;S<>Ek~_xm6KAsg~?Ou*;Rx9YzvV1xiDb=8}yYx|C@p^lDY(7j9NwIDQvA%mhp
z3}+MYUbQoC57L0%?KmNb+5}cYmj1GlghL1c<gY$}TD!8t83&`sQU4X}7u6r!rD;CY
zj~kq?L`|DggqN~ii2Yw&JMKRJD=r~Yas)X7i6qq^*PtX<B88Jvl7he7T-<EPD`a89
z!<UevD8PgRE?oQzkXi&eH{Yw;4`QTZ1RQ_yJ$ieI&tXC+7|9_5<gY9cKv06l{8!c!
z0^MYBsd1^PWHgW$pxG#(@G(LmB8HxcMah4KoAv}=pf@{XBQ+|zq`xm!@GCt^sAce5
zuj&$%u)D3c4@v?u1cG!YYj*OAkQAy36&SCG*8b#S4NPCc8bTCB2fYFUf`cGt`}skH
zh*T5~tbi(z9RhzCNl`yHo}8pm++ZMX+Z+&R2LpLP0zwTvK(4_kps*Z-9(SA}+_{Aw
zVWIm(Q9Jn!?s*`powq8a2qbFv76wy8`~k58fI$c(4*>@Uz~O;^#O=cVh}#9K;cJp2
z4*Xa5e`EgNTm!xCk9`N<q5d;{3>pkb<6xd-Ffs%v`u_)4Xw3P8P@~vI;ykrrFH2C*
zs`X<Yr#ZCle1|&y?s#|L0OB9xozxLlde*-xP$j5ND$qbmjS}cDo20y?Vv2%wCLA)l
zqN)RZ-vR89Qln_czucax<aI=uxjR)?o+tJEBY^QBD>Q0D0<rFxO}snq?oRe1&}*o`
zh}n=E^-%*Q8I3#dc0O}Mqol;Ish>jtdOj=w!J#^22Z53FsO}i~KHbJfPZaTMN48Dn
z!S~R2AQ0r|giqaksJqaxqWMn~eyMZfknudy@|P966Fx#QFNdLtB^I@`#KUPQr%?Hm
z?&pO6fcnfD`q126sNRmH#1cn--RnvG)wEg|_jc~K?LZO@0mr|b^&mC7cBhiX(c#E`
z#%*VgqDIB35fwbGN|8p<W{^eE-i_n_1>bFAXiA5y*nt!8hI}{7Y>~}x)AVxBJN$B#
z0trXLxuD0L35ZNYgp%?fb&*Kuey1+=E|Bfc4~Ot)`<m#W4?8O@;@zdw4v2!yKR&pl
zBKzdZPo5oCdN?VZi;a@G`Y!ytz!RwPpxR`hz^GAS$z)7CZgf_tn8{2_rg(-wdqag!
znq6;DP)$hKe_2Kgg$EMo&CeYX1i=*-DBW%+_hnCRc(SR!Wjffq;ZvLzVSl!~fmS42
zkzNe~0m13jZb-8~{bn%6Sqw+MrLCE1s5(=XFV!_BIbPNEB(d$M&W}bfPBtisJ)vCf
z<kFCRZ{OGb_)tvkmzsm}xdUzu6}TNXz*qg?GHUR4_C7g6qVzZ^bH~@0md_i8kfx4h
zq_kY~?EkqE6<K&RmB%d9m|)>g@xET4WbK;ks_=KAhgve5CD}+AW)`^I2yxzD;kk%b
zn9;EsNa&%pk<Z{VA@So*)KENkhvKLlH75fIG7iFRRd#OZ*}fwbe_63rsK}`CIHZ+d
zc$QW4@%mb9CcT?7gaLxnd=dYS^9wy^JA2gKT6yBD3fE?+2~Mu=4-tR)+~6)V9mOtA
zB(pS2$fBF*%>{+^K)7FYP^>Uxqh!Ktr*l!N8=GUlGYEDg6q_o~6_`%Yy7T2;;&9zl
z64~_+O^l^$6Bp&xAKN@h=^EIjgW*^V9JIf<qlP#+KHNP<zeH9)e7p5Uv_Y))6mw}T
z$tL>&yxxnk77cphk5dRV8RY3_T~p8x<qm2eOH_7SK93X7es2Km!$J9mtz9C&3IC?^
zZQSgFlVamK?e|ghtJqb8mh{M3B}<-G4m@9FgEWukLD9L?16ga5I`fgYu#59LlxCU5
z<)v-~ExcGNfCI}h8m7}(SMDpWiOREdy+~h?SJ2H{VY1pjD(SmL{rOQfv%!8COaans
zT4v^GobShcQ7L(yxRBB8DQVU4J)4+gXfHb{nWrxesDXV@TwV{2EUlQdRtKE_G-@%3
z8D{KjdbDJs_^DBOj9%4KZb1-l-}F_NG)ASvMF(g)87Hu>j_7GAh9JKyZ8T>Njl_$c
z>odjUmUBo-n9Lb^2`6PKuA6Wv$i}&-9c?}BbQUgxP;mOzx(kEh9=58bw^Iidi=NX`
zx`d1S<hJiV1uOE#<&#IYwoBK#dg+0EP<MK?WX5;g=F6nZw~+TOu7tKzp|oQy4-*7R
znC`gGRvI;fO`8IQyKq*Ul#r@Lj@c<pl%M<7*0#)rp?a5B<QeCzY`q_E-ukK6S*`5k
z6T->J;@T1h#U8P_2CezK-TFa|y}XGOIMzC!z+Iq-b(H~IthcVvd~wIClYD+%*4d&-
zm^;_cd|@gcXwi}j1bKji29B)siG{c3HAObGS>e^ux26fpA2Z)Q&-?P)@gsC@jLM-u
z^^P!K`*H8aHC!>#=TWU@6ARnSE<!=|bMrPdnQa7)10*{qq%fF>zsuN*mlUbtQ%0fJ
z-;FqKAn8X+=OdrazbDVE|176#d>Hr(Z2`I6&pr;0V6`E}eim;rI1p#SL{@V&Gev~C
z@On(7u)5+AfPrwrF=T2F{BGLBsmfA0RtK3`_8FYE=1R6pE?4*TkS?Xm+ci+68+rIv
z-MO046NW18;)yl4<8EOvUTqZpC!4rh7-*;pcVRG`LY2GDE22+U#cS{EXyeR-aE<$3
z+UQi~!h&4)ee=T2vI6^{F_&XSZcVH8lXJWD4VBSO&em9kOSzI~`z+ZIv<+$%BT_&4
z1Uzi+a2F#IvMhtOb=DlYddPilK3zmTTcD)J9qWmE3~kJTh@6;i>1~+GyMT^4`t+@3
z9S>i9h1~?@<Pw>y`m#Mc@hUq2K?5r}V*&#Gde*pnKBND6bk?A9>T?eDq1TK$k;Mlb
zV7!)~zcoVk#dWeB8R|qJ(tQFP>a8lpPF=n8h@mWP!Lf%T(yEf+4JW`rxNS<R%Fkz{
zBYQ}RMI6?o>VCL5tj!w^i`SXB>C7xQYjFX8p*+a>agqM2atNaN5INH%zh6*Zma~QR
zsk-MA$x0234Uvq)00Tq>e#PXq$?Aj9kjoyZ6AF~M5+$J#LN7g@O%4oJC8tW@-Gy2E
zsyNJU#Tiv=VD0Zavmbc(<k7-%;;6gj_;{wx)6MHsydeLe+37&34`t;I&vVD03f8oa
zsDJTRoo05#BFn#0ZS<et{Q8P{cVZB6ePW#Ws`MU~9+#b4MQb>r@P>lioQ_1dR6hQ*
z{kk+S0&qe5!v14QG0wW{`2pl*uQ8X`m$doZVzPf6q-DLZA$%n&Cg~XP7t$+`t!}mT
zR9NXyoQ92US+d6KQ%=So#46TEVjF9$`z5dQ102*Z^C_wb<6gqvZ550l&%SzJ`Ji@1
zQ+TM<TRq+=Y#71Dg+CP(K~M1Fe32Hbq{pfT4rZ${M07qxli0XbD`a$)9eDW77mNoA
z(3sD0m)>*2aVaJ!V{xXRX=_gNO2eCAoS6wjCl+R<p1UOkFc8i_!Lo-zN|3{)b-1u3
z4~;x2bH9u~t~$)i%k%3L(rwWRAD8RGLS0)$B-~ynLuCuQf}=IfxjQsQ$;>pFLUm^1
zDyIPzB)FlvNU56)-&aQVQyqJ8oIl63E2f>l&zPF!@cqx3Y^8UhgGz8p082O1QE})#
zbt>C-&cAmoc>F<x^I6Auhx<9MoSzaEs|G}%!5QR1u$Xr<XIu%NdwXh<N}ihI9LKoF
z{PU+Jx{puOatgK??x29)xs)%j!jis*-UuP)Bq%MvcPuum{~}!7hUM^@U$b>XvpC3S
zNUv~X{m0|#nw|pE$WzJ6aZ(Z`-!}|td{>5~GCw^$XJQ2ojByZ-6uwDB{`BY|;T=z+
z8gZm=Nou_1$tg8BhCZ`wxbo^EI6-WL;+LqCznnULPd=pL12u6jhv6BWWa<EQvi{I5
zt7rUo+FIoCerWc`-Yu<@JoYu~kv_8DIY7a}3O?jD{oR{9fZPZs4|PdMa5a+YhYZM6
z#zlK8wM;E1@=JYBp^kB_x7*t~=Z6$%G(!Udn7d$yT0SuMWiiA(nk&%#P#U#W&=)We
zQ+|uB?FDO&1A)dHZM@!wg;q*Bnl-PH!Z!5;9ae(Oq=&Ylx`#8=dWt+93~zfuN`c_y
zzWnfD*Jci2x1G$6*gU(yk>RYZb-Y~xF@d~ybmnoeEbtf7OB6A}5-vdzFI_QdeV{4s
zs|!U#^P%iZ+N%07YBU@tubc#25bmx{?v2o+O;NKa!s4TIx3TAV%LfidH7#uyl%U+X
zX|ezW5?t@lqO!Qd=BPP5{7r1N`b#aA&J&-|Ora$EMz4mEnL2>})(GZc*yeOptjx7w
z`>2E|62A+2B~=c+o7O{?Jw187skY+%n+kvn!l@osh&OAt6~3^L^Sxo@*@dS!Em9qS
z45s7u!;iC|)~gf&AGAhLG?YwbFqfzD4$V<(5K!I!D2slHVXA0pW$eC0O7NK=OMLu#
zLY-lA?P(L7WNy(gOq(xibDx(V<q;X9Xk=~<ul8Ng-x{IapYmp>FfuJ#;c)u9D^yF(
zs(E2E_hLUtY(IZSr|Og_Fna;dCuUS4m%kiZ@#=fPx2v0u>*F(oW6|)zCs!9;x-K?d
z4OazRw4lImz_VTx->M8`v||+ymm7DLy}jAw>xe38`<N6t6^D(&^953Cc+G!G6H-K_
z8#B|ahE(5sFd}0*A)UrT{o{n}S2lGJ7l=>twWf<y$K!@q;r#8N;3wj8OeaO2aXknL
z<VJa#Hx~IO<M|R!n7r=f?|bJjYI8(=B$sj${SiTM<kN|&bkbhloCM4ZJT8q%TOO4}
zdh1?cTf2#Bjdt$GxAD?_0%Rt-mD4TAdBo0vDh$SkwJJO~eLpt&WUt!cnjECL1*dcp
zmM6m;JI2Q$>6TQg4aO_zL{9GH2`zFG_yeUgQ|WcW;XLpnm+K-|E|%SL)Ib!A)#X5a
z4a6Eo)4Ue?vZh$Blh-Zma-PAV8&k4c<wNWF)=#(12M+2Mg6(W0<gXhif$ZDI@1N{%
z(u|43JkK*S*MIT&`x((s;)CPsh$n>ect83+-ymJx)(@Yv5|d)jJdvSkn&z=z;uJwo
zBuf-dM&mi4f&`~hG?9|V`Xv55O{mS8*{!gAl?x8^Dco1XP-Y_XOaATpKrdt;Qm)j@
z@K|cUa%CP-T%^=OY&hxFschQZOavT5MM`OH0JtEWrf05IQsr^D>D36rRrcYPsU(^s
zx=OlF$Jm$!F$z^LHu3g(Ob%uWCry3yyU42(%T6LTD}44%+RAgkH>SsiZ2TBqi~t{W
zAYZm&tZc2O`jE0v^_`OhT?Y%=xkBAV-09U@uQvS&(h2~91lM%CYUvf-3%<cp(pFq#
zQ?Lj;DWcbp`O>>&QPNZm!ve~kvrL!>3$2cS$Y+0Pu|@vxxY-YEE&_1Db}<F7CH}5;
zUT>~$u#Qz=1cX}A)T9#C9BZM=0`(;V#v1z`$3Jvo-Aq1OaNLdXD~rhiJYR0`QrdmT
z{j5SpY}8cIQz;!nD({_{h`h@0U9;dcmcD3?=gU%2A9CO@zZfsiZ>GX@g=qVdtXmaj
z&!T|UHh-A<DMJeoXGpK%Wk!r-68&2#n3Va;G}_+h6|@{G0;L??**qVz=%h(c0}O<#
z$&+*vb#~<Ak)WzD`TpIcBQxLT;=_^TN~tzJ@}*aE&~Yr3f9K6*5F>-3TtUp_-4plK
zF8d3PlNAg*32Zh`T-K`auh)SVIbc4TGXHw>ZuJFo1zUST%)N{n=MoXpqviJ2D#_>J
zoelKQK-(%ndmoHlg=u*=a^l^9!&8j~^)s~@{)gQ)^oyKxv4p-HVrNu9TR^y$sqo1e
zwpRbp0F;E&e)IE_ZGzXPT}B&J3Ec%GtB;7d<Mp2T!YP(kI`6Ydbn8_MQ^EX}+xSu4
zQzw!uq@U4iP+_vIL0lldRo`xjQc6W(p^Q^-UbQkrnCZR+%`fxlSvCUl4X-!e!FWE4
z7+L~rxc_ie?Xy!iT#lVw;k|y{f(c9ZWsEEn5t!3u1N;DIF|f%8b;RE?`d)iq)jqpg
zoglfroJgA{GaCN!;2SK14r1rv2EcIRLI))1x}4?=N}QKh__zYJF139dnSpx+_|Kre
zkgxo(1NK3DRh$i%^S&X?tdF}U%+W=sHOijzz`gdJ@h<caLSL3WXb&)uA7aS-6j$Pb
zPJu^`Nwnt&KTb#SB^_~MT~l$4aAzgK9m&D_5iitRRo;}jPIKtJBO|(It)BBRfzFSw
zk{)ADDOJP;Pe6M#9s+!N>{xg#S~en-IJvF=RL6whB!gJa-TWr9(^W$6ZALG*;Q1Kb
zZVSTw8`u16H9xrDH)JplvSmB}qB!dOcI^X!M?Cyc`+~g%j58TaY!=DJw-v?a*Ufvt
zyZ9Vq&x{!&O>4o(bf#Fk(HUSMT;v-!-5Ui;9iL+tgI|8vqfD>Lqs_{?{wy*_f>Txh
z`PXs0-Y?WdMiKRD%=^`NRuSV5mTGlmKOXi|6fre^Vl5JN;F2rw1L7;9zE<<OP=cmZ
z@Y;8S9D14`#^X%aYaV`}ryeMeOz+cM#q(_(u*|KyL;gAt)w1+@aeB(3dyHVVO!QtN
zM_tH?_-ceZXftS>^zErU$JOn)fVIwWqoOwY#u@qbDNE<(L+3fs98PR#Ez$1EM1<|6
zVw2D?j&;6zgyL?rsI5{*bilVWh9fiCeu=W%w!5oDz}dIhO<y)2hl)&KpNXbt32g{D
zbbltFu-`VkbT~%~ZR!PdGJ~S|BTF`=VTGujqyOn5ZQbqcx|otj;tyj_mqwARy^++X
z#_PTOrOG7M2(5;dWpFV0ArpAUQO1I7->ASyobeJLk)bXp9w+QB+(S^4ti47j#C6Gc
z=~-Uy(JpsIWPa#XGM-PBC)<5N{2;xY+j6ZFLS2N*qw^$8u2P%IH+$zoW)OOB>u-og
ztgN;A0Usb7Nh|&LxliGKN8WPvJzk{4m1j33it^}^cF>LA%zT)3M;))Xc;nWBRUCiz
zwTp><%>i9P+U=J<+hwWW^keB|8}N2xg7S|A@UeEZHP4P+3}Gu|?6h1k?NULcYp4^-
zUO^Xkem>~P_b3456|@g{|0qqwV*PkN?ir%1F3i2-Ij^Pp7S9*KEN|B(n=?)G&_NB5
zJ@?%~z>nYAcZcHn_S#Pe1N(kwKYbqf3--2q?x(Ng_1fbMc?87KixCsimCrY7BN_eH
zR;S7AR`s5ou`{wassmh&M*&}+oZuj=I_+ebszApr!AX+9v@>2x!KbkYKI`^{v-%vW
z#q;g8{|y0L5OlBoZz#a9fzq!#-}p}5qGQhWV<Fv}Bfhi+3hs7PM-j*C$%t9s$pl>j
zafa;U8e}EZJ=nXzN#LY@<e@E{ce=~Vw9}r7f@wPMk2y~HT?X-k;!?VF?oRBr`dUU`
zT#Gq}rKFRcr&~O%+GR+z<?0fjMFX^NWCytDCbnylA@80jcqgTZq0%&K?CsN-0@sq$
z<@c+!#*jpWgSbHJ?C8&)xGa%tcdyd0_4#X3W6C%(qE{T>+e<lK6+$YrOuWR$g`pz}
z^;S6gaKTGqBA;h=*yA^2I?ygR1yb{d6k}<#z_hv}I1#4Sm=b1`O4{@7CW9uHdsgg)
z%jIka`}Lm2_#Rlbh>HL)4p5$bG_dXrjFZVzyRI?rp4j_=(MNZ57+FwJPf7H?&aUDb
zun+QMr7HE{nWbUv*P~U*5pPb__4ue7o)#)bUl`9ddEvWG8wuhE^^b)9W&4s2Q)F18
zrk+*R;IliO%s0l0Byirtryd__Wp5b3`%!mY!$;Isk4^n#sEya8-($~N5h<E7BBF{&
z3v`ivil``vA9N<+5qh^#^=a-s#fYJ40;=4L6gSqo0t9jA+RbOuKE}(;!~ng}nv%sy
zJ?D99e6%%p!)0Wqr3}VMdcs;L-D#1D;+&RSA}t3Q0D=CdTy4LUxI*9|w(ThY<Zgz8
zivoKuZtYg)*1;U=qeS6Fall_l@1#IO_@I$}r=s3=#=gzuVi}E$ik>SKPv)d0w^o=e
z9OD57!f|%Jc*wvulV9K7vOlF(@y?rD33Nt!l<Pg_Jt`;4+EF5Sy#*FD`Xpv|IGsyg
zF!AsSE6pV&N@NZ{SGi3-Lbo1ZB?OHxT!7D_-^74E%K6zbR*&M-CFH29`&=4_YQ~YF
zm6IJlAEVg}@O)ucu}We3pGZQ!(ps(}qG;am+CT6+;?H*_TPFWLhwsL9z{L%Uc+)`T
z8b7<aw_jdCJ0<0uL&-wc=&iN;WBFHlPpbXk1vngpb7j(gHL4HiaZmb||3kmK`R1so
z`tu{>fnD>5-?~0gIgG~Z9oeQ6E+|=Rny6|vsv_&r3Os$YpX{5U@ic3dw13ShqZGW}
zeEN;+5;FO9E;a6Mi;HbndTOUFs?~aV#Fuq=LSe)XK(7K1z*2D0vffq;bm4Jq)0nc>
z+qzG3+2ee<wq4Wv*Mdi5u#*4+39j?r+h&Q0iyPJmO`o{DgmV_JaEtwFZ~SAg*=l<)
zzT5qA3*acn`-r5wouj{Qqz5jnhEQ~PvD8*3B}kpQ-#fwCMf^G)?{D;zFj>_SH%yST
z-m#E$JzL6RY?h8U)dgiabjgYg`Lztt9*}*S$a<$hflvH3>1MTMIV6Y0In^H>J!w<k
z#)3^0|GeGcf{)8y<1RRm#qk2Zz5e0n0-n#?llaz!h#_O!o8+|tZyOz!PCZkVe*5N>
z&azozffBb^HsIm|MMLJarf1MsosoCRqtmm30%L+7zq4qW?eoez?l-kXCVB&4AU}o*
zH8?`b?`+G|+7_l%MzG#Y<v8|mSh<FlJ^iu!=G&&|pY6-R?HsP0G3RM|)_6uUB5UpT
z71L&W=UFGWy66Z}gXKIB7f7$s{!qS~!2|_9Sh0i6)OL=aKK9>kEf72BOZW1vKq`$&
z8lG=rOye?Uk!;#_V6d}Pk6Mg}|D!XZ!UuodVCl$>En_=C1qqI2a$~TQ>apZ}>(t55
z6DmXBqsCabU*v@ZDO}9$wv@Vd2Vf8Y_}ngMBVCHW@s7BaLN5*fD7N||zw>sdL2v()
zM6rAhC&*tg_QK>&_e#(33`sJ-5YNl^)OxQ_i=ZU6JdOU=r!h&-(X>_o@(=LQbbdH4
z<e)u}^0b#pM_q1+MOTL<|6S+3a?=ZI`Yj`?hF~1p>6fP!eM%_~oxANNNt6%gdUTC3
zP|l5B{B+?VBVHCOYE2$!+<^41txNIo9ULIrcCY`?@jCNPoZmq~nKAX79l3QQ6|*%9
zMZgaT2ctP`P(R#q^i@{6<4eZ;1eY5po*U6JbNwJCyY8yGR$UBmP@FqR>qSSE?~RYJ
z2YrrwpNH|ZPINn}e53PloL`u-Y$f#_e4LZLy*Vlw6J1)Kg}Z&J8>3Sqq){tfclSA4
zt%hdNH<c>E_ct<&nc)YI6|5f+hz2IkYlhZ5aAz2joTj?^`mr3(Rq^~rJfBbL7Ezvm
z({x=8+BLDAbi;DE=ylQ1W<nQSv8c1Aysix2Ke(&o89Rq4+s`~4A|n$lT54YYG<(r!
znQGu6qYfeJWkWge0oq*XcOKHyY$hz<oVbZ0K=<DFt&!7Mu~g#L-j^+DDK9Sl0<YKn
zhXWFMYRQ5kMHj~;KdG-^*(JDM9~A!MrI1&!lKW^S;DY*5lv-CObC>2Z+3Dh2sKSn<
z>t#&u`s1!tvQlZ&bbnC7fjBEbzvYP4c2_Y?$VcT|4qUk4y>h&@EIowzpseD0PH1M6
z@L|3Ozz@j2#^(9u_p1eARX(peN=Ppqq?w$ZGZ!7+@a}rItZU`#lL|0UdvF)msI@E`
z#6-WHi}F`ySjH@*g;pKE^`uI6Tt4E3&g@6LAH_)lEwNmy#3l9jr;K1;FFKX`)ej#J
zL1%E^aSI9+;D+oI0({cRLta+(iR+H=Q?^^=ZIxS`uk+HIlZ(pYsN`cFP;J!#41^1g
za_avas`*^t&_eH<M%qAmkBbchMClrbOH>@c#F`mz;q_KHtL#%?8|@(#A(Z2hci`|N
z*X1(id+WkYxIoDqUhE9!8JI9AYUiuyy7%XvI*O`Ec`A0u8y8@r`sjgNFRqR!i(D@A
z%u#Xx0`ujwDWY=Sf$Si%Pi@HLD--9p+jPGU%<r$~)18_O!B8nb0)9YzEJld(y9qCQ
z%^U|iJh}6pAufG<Clh;Mp2i^P&@x&7WkEdOl7^ynQp#A?{fonrRVJScqx{3wzcV`f
zWHHC$9Aqh%8bMP)e6m&AmTer{119b&vf^$bhEgkM-Bt(#mudX&1yItsZ$M{%pgm|_
zp*o4*8yZA3wu*;0h7zzLw)eq=ioS#)C_Nva`5r3O4D1sDSm~Argr|5vD_`g<)wgkZ
zfVOK!jK>yri*Hoi`C`R%Vg~FL8X=q#`xm!iBO=S={^Vwy2KxSP>WRns(naBZpKC^K
zBn4u?8ABr}z&%a59Qg|N#s(v@|1GIVe8CaD>Y19;S;p-ru1sLe3Ub;228<mrvnHvc
z!Q^V2(@x=wOnEeCQkTi@Cb1r&N`~3AolFdg0^^1PCBSt>iLAaH4h-h!bmL2PY_M84
zI^p;Bo=TVQvEC6x)^(q!U_5~M<c?PfpaZ54#@xY@2fB;;KGC&tH&qipA&~iiHs0}#
z%Z1<c!yn+-0AJ`?L8;yxKYgjH=QY^4l<?xlqAg=Dx9PD`CE{6KWOX~R4+(IrOAGET
z@l|ImD+&l44}Wy_RX9g6$7Aupvtg=;%IbSHu&)uqeW4OsOlO`(e%w$MyQneQ^$ZRd
zNVdQER+dWclat=TUPXK!?DdcFF98?S-}d|meCS`efhZB~UjM)SOS{)E*L$6`>~-R>
z*9pR2C+&N!g!dX@_gV?=wL;x%gxqT;-D_vR*Dv#XW&U10cdwP<UOi#29t8)zX-DAy
E1L#LdHUIzs

diff --git a/crates/store/src/genesis/config/samples/02-with-account-files/agglayer_faucet_usdc.mac b/crates/store/src/genesis/config/samples/02-with-account-files/agglayer_faucet_usdc.mac
index 5631e66290fb6a386c5c1735ba7f9b490c72dbe4..68468a5b29c1a1e0fc3cecc5e394b0669e89703b 100644
GIT binary patch
literal 21004
zcmeHvbyQW`*7%`0fYP7>N=P?KNJvOXNS7SCyHjaUP>~Q3P#P&gx<ncgDM<+d0Z|c<
z5JVb(Ys2wAz1QD8zVE*8k8g~(#+b}CbIrBZT(S2)0~0edcMRA;F+pN9CI%BLD|-_k
z3s+%bOA`+>3wL2*Gbcw+3s*NACr2Y2M@uIoJ{USEhlYoL@qQ#goy)<-+`>^<*v;L<
z(cHw<-0izFP;qy%vv4#rw{SCawQ+WboSyxY^<PQ0zwu|`?QY@fXku?<Z{uhOVnbDa
z-xohBSN~=|QOCykH~qACvT`!=aJ4Zy^B)e22c^HWe+|pT%*?_K%%+o<qlu}#1)rO{
zh4TSr;c5i(#nQ&=yH_-|!y4Lm#&`T%okg7+YJUyxFmXY2&QA6=W;PbzYd%H}CXOan
zP;Q%;x!ZVJ7&+KDx*Hv6`4~C7I++={Iyt$+x>Ptkds8$^!Zs5GquZqo9-Ym+toTfx
zc5IC>Rq49+D*a#Ah=YZ@iMffpiIKI5o3)X>6U+&_%mnIb1HSqqgsHJT-$FQ!qs$k=
z%zqR1;SzB)aj-Drg>?V6{C+;8PMqJG64c9r<8S)r;Nfm!YGZHX?(?TS`Tuqj<!D>m
zz@|86av=u~;EEj(_PC9I62eaAom>!R_-jPpGuXt#-P*|&!~^?FhC-G<l;0oe|K+ST
z^>B6kYt|;E4Ab$xr3wGqUF3CAmz_yKQH*J|pfTTMB>{i-#zy$Rw<)7e7LC7->F+E&
zdwVA@3v(kk3rF+6^uY}c<DPoQCO>+`4pk0m#xl*a{u9Z|CvA-H%~8mi<l%|dhoG9I
z-%4SDA7=H})qmExUrvx48WyT4Le)8E2P1{FuNf7#6A#)J&87lx<Ks=Iy|j{Sc%Bqf
z5#f@H%Ko<o2laXI`wIc}_VrsKp?34{B{%9V>^H7KynkGSzF&v_jCucNg;;txTG@b;
z^ZSM9=R*?)dxx(HU9qr{>3LQy`k?mj_47YHZm8GIZ%rrai_q_9*ncuxQFl-5uQLjr
zAHu?p7Vch7u69P?RB`ff1eazL<UZ%<<ZfYfc-I9RfU7pebk`(RX#zd|{iLBV4#xKz
zb^H%#3eTr~lKjeTJA!Hf-?999a_u!fd$lq-QJn3pDf2bkJ2RCSa@>V7qivq`bExcp
z^VY!w!_?A{zVPd<@qnxS*MayqHh)(OGYjbY_2-+{e_;RrXB+n~?}H#JR5wCY<9<m}
zLlcY}#!XB?UJg)E2H*+64?qBbQ~+53@&GgfXa~>@pbr2Va1LcT3BWf1W&oHGfB*m?
z0OtUR01yRG1msNT;H;nk3Wf;)hCy2!6`F&$G`|C}Ab`OUBC8of-+G%@5cHE5wxe$c
z(Hu%Jh=A}2F9K5f1`0hc8Wv=6unl4G{^0;iP!OsgJOmPB(Xun$wxE?2I{8;aT*wm+
zGMs~lOpF7E2Vr2LLH#)Nf^iV=0UP5W$b%{&;-Cva39%2tIdDe*N0sxy1_$E85yrF~
z)C&D28VEN5HMv}DOt~L=bPBNttRWA7*y7N0L8J65!J#2s0!G|O_$&DzK7MMSsQLJC
z;Omug#GE$%^<rB8s2|#|`;{9mTs&4hRz5!5i+C3a@T73j@Cb0hU&hmnw0vRkYuw`@
zd<Wwh2*M8dg_7(IJVut@CvVT-o<XPoh5YunFD#btxqSKPc|iG91RSgcFvKt7hUN(#
zofw^%h)V=z1S}Aa4-FPMG$&X9U|76(f6N@Q5VAm=gZYLdZWj#?CUP#3BDh*!uMNn2
zvHW2$;H<2;KV&B^WCj5Y<6l)q9)+Xv;}=Z^?`*O1B1j-9C}4P4v1q>wcrbB!(Xb9o
z;m3fG92fEZJp=>pzcTm_9ncZnAF>Pw3_H~9K~myFLv#!x54wkOP(27L7@HSykas}F
z1bIE+O5?KfAr7lBm@Mm08V3q6NP~|Fot_@(Ar*htJ5>8w?@&<|X^G29`QNtxJLdn*
zHL&V_UOUJI^`BW|&<2Ma4ReOW;H&^t{|ERuaPd=tBj|XdofTl+MTi$ws*w#3ET8?j
z1OEN~NJ;s_>3xRkB<aat!NC|LQh?au2#(>B4+J67+6dUoJI6J`WG?;G81cKs?AdZ=
zD};`tbyc|^uJaF4@?$5VogFIBhIG&oti$d3;Bd#_f!GIo6&5Yu&eMp|qU6Q{-hucO
zv~TkNaY)m1K=cWY0|PiYi0xO0Ltmu$pmJlQGXm?C746=I*Hb^l^FKbRF{u6s6#lC-
z4U!(*Zp8S1b>iknk1S`Kjou|fr~j4pVT6frBI0-O?_+gvGl3(bWij*GDiVYd#L4go
z;@oJ)A9@3aPI##0L*1V!tiusM7{;IVFlcWzk33Mx^t1e<OZa?fd}ya3^6>cm(UymY
zfZ&fdu=x0(`k~jqkL{;^5FR!_o3m?q{RMUtbk~F(T&%Fpp8dliKCM@bZ)aJ$*v9uZ
z527JO!$mtyOF&(fi}sb{Ig|mA1snjlmZ7yjp2A~}vPYyx*vz&!VrKm?Jov=lV>s~h
z_sUqj&_x*8v+s5X<BG$JfFw|%gDM9nI{YUUEX2WxeAhS}9^jCcJ-hhbnqrq0WOv{U
z<KSX*;18b%QI(STY@S+t2~m`rZzFWSRqrr*Ot5Fb;YUCd|FWZX5(!$d{lErY&yfq}
zhgrhnp_Q8`S&gr3_l4vK0USZ2wcqOD5+x8QJqrrNKfGtt@`XlvF9eUs{o#rjQb5Sb
z+?UzHrrJWBdS_xZ@WoHzupt~M8Z0zg4%ba{-Hs~<w;E&u{N1Ja=Me(I5H=t0%U3UJ
z{!=i;wy|THD|`lj3WinkVFp<fO%&qG7bXVv^AhDh2UAI?zh!iMIrop=!V!PB?*9@D
z`8f3jX>}5UKLsN;px>%8VLkKbU@*o_IHPX*Bi0u(`~<F#f#)Vj<NL^1??=hh4h|pO
zUy&m-EiSk<La_7(;YHSUl}MQbc}qLkB7P1Aj`%xWFmBzcdOkGv4pe^%HCe%Pm}R{z
z^G~4;R(l7PUR(Ntu(hW;A=uR^^K+<8F3*=^(v=QYG%{3;a(DT@kS#idDN8<g8{O#2
zp~Wvl{e9howFffzAcYUE?SJKfA%qIgA%X>d#~?5XsDAX2!2?!KBUC+D#sJen#1D4j
zNE+G`pib!^=|cnyBmnjh-}Fy>Lh$GTt!9wm5)gJo%E1FcAXFs<d}!5@K?Dp&8-0j*
zz^Nz!#X<@6Aiv=8pb?q|aJ&UV7+C_pV`?BjSbB$yz~n>Ba|-A~yC5y_2Vu~!z#sJv
zzBzz?o(A>@LwINx2-X5rc$k4c)aQl+62`*{FnC5GVgvplK0A;@b{$Ch8WJBOSRgl$
z;{yUrfCPkz4}<?cAI9J%Jv4T(vp^1E1*9Cj$dWh$XhEc%8<G$FNkDTZ3;@D0Kl=+5
z13WP1Fb!zXewaTA&_9ST3EG3O6rdq{(?98fT!s+?aQqYhBG8BU^1vR#$Px(RY=j=}
zlmH*XmjDgs`f$=f`yk#%FvqYIq(3!KhvvEfNoxRAh^|7?%}D$eiII6ms|)nNZ3K4W
z;AnvHfNfj?<OmEbdI^Znh~$GRR00hFALI_q2mplnka81H2f6gU1WF?L<{(apuY{y6
zk+c=?16`@Cflo+o0|06-7)mB&|4x8P+P`QCDnLVd4&izv-x>IW=q@Df3jBhc{aymy
zfgGYeKs%7X<$w8W1aEd=M-Gz{8czx6yVw-~5N1d6!57I!h!#iE{=g43u8K$+RG|_W
z1pd$h&_?oYkvJ6CL;Pz%2g0|I{A45s?ZW5*+yL!EdHfW~2UVyTM*w?BejC_B801AD
z1He&$PX{ov1b#u<-2r~UnuEmxfbd<Q|D)bFq+UGWGXgmcwAjFSCjx&^`}YAb0Wd)F
zlYl=$K!bJP2=P+@4cXZt<xu=A0B#`Z3?PT-cqIK0*g<p_lFmlTOOSLfkh20gvIKs|
z`AEA05GU9ZU=2w9LSWAh=zb(!4D=v+8cAmYeGWh`BI$A<hv*$74XRKHtOCFZDnK8`
z1>gzr3uq!7unB>}1J-*Z#Aig(b)XLQwI0|(e6VjxKz`34<xN1J70^mZx&`R50s0xh
z(59q|<Ua>`5Fhwy<OTQz@B`r-Ktug-Lh3<sK0tQ?dkEh|@<9xNU~hxvBI#bB2hmkO
z$j<`$6_TDt;$<Yp#0NsqzhPv1BuJVGiA9lk3>m*1k_I^-AqWgDk@O^xL-Z5?2u}kV
z<R;7=DW3tf5TL`5^m|Z02Ot(n&jLB1i9Q0qklh>rfQjY-pC8m003TqYPoNIbiy&U8
zU&s=egY>fk_#)rAz_tO&Ujubf!2bgLKzJR{kX}Dh4*Jsw<{0(`NpAr;AYt18&I7<D
zfG8NxF3^MMJs^klnUMT%z%TFt-8TZo0XmE1qoW<hqlBa}fgEZdyxMJ)02mw4P#i``
zIpjkMKoF7!ckDnw!tl{x5)eNQ$v=VygIxghQQ$`s;4&ni2<SmR!1>n*$(xXTQe+&X
zNE%%54&tByeq?|iB{GgrNICE!Aq)6NkAOd*-{6@s5UNlE4Dsoa{F9(PIY6HRejxtA
zVG8u=ka5rh{zbr7M(T5ex;y}TB+Z13D-=nyAmajetwu<X4H;KFQV#V^5x^59&4rAM
z8?*=UyODh81-ufV!82Z?0>BGMK6rLG7$1JXhvZvGK8UOF5}+xMf<GXBMkE#ndhCE9
zh@@vy-O=f3sAFWF&n-=$F(!OgAhZ+}S!LY$7LgE{I6td%VW^bUYO%~^r}|DQerWte
zf4ExWRpFsgW3z&YFY?3t)mr-mCpcf9{wQ!=Yd-11-Kcdq<E8qM!U&IZ<8Mej-HL`k
z&Uev=^nH1$f23}~Z|q}?8#70wZd5_?z|2Wk_F$>Sp|kgjIoNM>mp0G)HD@a6<$3jE
z_z&)#rcc*aVDB$3<gP4z+rL?thL=5M8#MNziuYRu*3uCQnUECKZ+hB`wlb&Nf?RxD
z+diGyKlxIWI<D$o!Wc8X-scBsBi_%bG6U|yE)AHko_QI872%8FGauAl8WEq}m@rE&
zqo{epDQ}l_YgcVX_lkt)H`?3p+sdLkS*xbM#<;)OsiXI*q0D4TuJPvTyBU5>Z$!^}
zDC?Btk+fre7NQD0qftJz_TG=(M<%eI71HVpk;U{ampr<DUr|pWoJc{%MC^t|@%?na
zOqK;1M(b?$*so`LkKe-0RsV1ufnG)JM()+tC$W%R^+3~G^!=#3Qas(0z_6Kfw7TXz
zx8=!;jhXyjPrRO{M-PsO%QdcV+q9o8R;IOlz&6lQxNRTVb+VbKF*ENoj{A*y1AI+`
zv70X6?2VK2UU0s;vS7H^*gru0B`!sx^$Xtl&L-i9)PYv-#2dUP7EM3wye0}d&*ed;
z_H-HJVp~}JiN;0pyestK9v{6~!qBlsG}D|`*I!R8@44QWV#uh#kR2+K*;Q<jU+S;R
zYHpNf;Lc>+=p}S!y%v6-*Cu@PR_sodb_L=4g<29lzXWX)4g9H&o~s&t@%OZFGW0~&
zAEIqYJS>e(x5dTBLPRxAZ_zJyyO@f1B`n{fJa)%PDwARL4IP1g@Y1}vL%)8U)L3j*
z&BsNn!6&PT{rat;d;X5%;_!4n5uAjhCr;Xvuj$~TNtoYMp?D{_TThk8M(;FcC8&Nc
znad!Z1<s#9j$aq2NyldP@O-6+b7gD(*`gj*p_VtE&0FzkPrf+caVoh-t>(2loU3po
zpJj1u<meVNsp!0o-Rjd1^=WsGH+AWH<|tlFbaNuUw>&e(Mx-q8v95Xa#8Ux2=d3Cx
z=96myxUe?L4`*JIie&i83M5P3q>tIR!8$7!Q|?UhviT*U`-haP@g&Xr{0<Gtm^@7!
zsD9KEf17W|?&A0>tE9~BYXQft#SjjPR<U+A5}4S7i9r%X;qS6LEoQFQ6cSWYzr?H@
zag=<B6%%84;#>W<c55a%^m8qg7vT2{Nczd%JZF@d)7rO!DaVNvgtYj+Bsno7o15hy
zdnteK^@kvFFAF@i+4W2e4BClW&z7QYqI0=^Z*{NkWtBdrs=``$XsTqR#Wz?@tRcS`
zkEx&K^FG4kjAAZqdrsSRhgfr(Ub33ps!-s{n~-nw&!P*xj@*&?a3jvIxXfVve894B
zgPc&LjO0udGhe~ftncDj(w2C@yNIE?oPooFoPM`rtDnzvhg959sI~XX>Mrk--k>9S
zB;cr)`V^!71>Ftx%k@f^+TILadA^c+CXbqKw(CQe+30aOgJ_rgCn-WqXxD2EBH`(3
z3vYAMU*7O*7tNEA&gtcFi4D47L!S}*a#dQke|mwqeXd?wR_{q1URHzr{$``?v>V30
z(BsPJrg6E!Hb*(@N>y3@bG=VK6mZL^y4G#s)na~~OuCbCn^XU&`uwAys-xI9<S9jR
z_+P*JR&mAZ+ycSFov9ZO)J6q#ZFHO;30=+fE_$}Feo{ABcauB5=NzxIAC@Hdl6uW!
zOENa>+a#{I-%8G~6bxGl2FZ=ZRGYOJ*6E119t+E|!+fPU8Wn@{`6P>wQk%jFm-&MA
zzSEg%QWLW1>5=aS>|_!V=L=Ls*$5~lPXx)6`@7?(Y^Fck=%ybW;m;?y7f#8@=*v@?
z=@aff2V=pJlxkU%DoWu$(p#=s{bt%Uer0s<f~)kp0NQJh-Z>|@fa<UaBVN>wbw^9V
zKIdLJ4cS)?)!`9}#U6Ku*~{{)Z3`r4G_=KAZpPZuU#yP_zbd0+(u!ddk<S%Fn@ZEO
z@i>s`E-c+J*QIIjoz8Y-L7|_o<xHr<1_slcMmn?f8?w!PH*9g@zWPcwb*Ao9r?tPg
z3X-W~y-KJ!c6Cvex^snz(R}I{`-#bk$D<PHvNs~g(4124r}>>)!NC>7oz9`%CNtWg
z6n}YCOn5J@`Kb~qu2x~{l(bY|wf-KiK7lqz3UBd#qhO+l10$z;hh@*qGbM(i>Z>!4
z^jlzskuuTMZ`mG<$MNt85-O-)aY)t;j<8p22~yId6<9t>p4a$phA*Lv{c6s#X=(86
zNm5Qh-8aTfW~~*DLkhHc_a%ID;)Js52ruoF`R*j#B-D!N`#c|Rtq!|jNN(yHqm`a+
z^X_V@=9`Nvx;C4J%Mlg#FEu+cR(du2?OXV7?($S^zq&Q{%xS<{G+l2evshp=)#phr
zF9KJQ@Pi8FwHaSe)!QHKI6l4&x{+SF=FMDWS)hZ<P&}nO!Sm(TPC)Nh3)_x5=|Jmb
zYZkQVr~GijWDmvNF=a)k7>@K21{vq%fm^Ft;YDn$JGp%}*0A~7hh>HVuyk@)<*%_}
z*!&KLt}D?+a(Y{{uFIFjWbfzSXj|IWo<Q6#*FR=uakaHREp2<8tqq}4DCoL4<uQgA
z#9_(OcRc)>ZRgf~G9ff<*&6oX1$8}+4GUtD9HqKEGu7C&@~-5#FoKD#N)qY}^XNG*
zJ%!H%RD3b6x6(3{CGF)_jt}fH<a${J<`dz+SFgGGdV20!_9W#P#>sk$bAj1xE;X?G
z+zAs!^rl|N-}Fz46zGV_$EOTDaNYMly**3_Q%|>%T9|a-8%&C`RE@HjzuFdk^#$48
z>DF(<xlj9=NpgMf`0*qX)Yp4I7d`7cV9H<ER<VTX4>Q3{C4T5vN#3{6Ha+6!;XlcI
zoWpha#Z7AjNxz?=f&(r6$5ZR|N`qNM#WcOAvpuo|Ms8n{#-|9NNh#lI`FJ+e3(i;)
z^v-<xxrN4n82%{1m2PQ$@xVP!gLX^%s}`s6-_Jy=)>h4R?vgha^_4Cs`x4GmIFmYR
zTEp)$Eho(|1@jwZ5CvQndJ-*z_m0P9sr_rjk^^a+ma9d_ig1!$EAH{8Ui(+6f#Jz&
zN~C#A8Ph)SX{9&h(=?M-pI5bxvNn8*DaPv2WKT9rujB4}bDn9<;L@?HI_rjxgT*ci
z*T0e*ULrdk_JD2HP};GI`<i*jg}kdI<j-MOCZnEKX@05pNx-<FO>8tItvGap&)cMF
za#&3>CuEf+d#`T1T3(J1T};6kmcUzM$S!#G`q^47M&b4kPfNraDR4dYIAH_fw?BVn
z7PT}bxzeX?mvv&4;SNjGi)QH;7rxvMV>V3Ixy-k~L{`p;##%<*PDr$fSf+Nfk(Wiw
zX|TIfzH~PczAzYpDaVJk%NS@k>3OuNcjZh|iugE2n*7m5`<@$^J>}@O*!-V52>Z;}
zy^gq&pBIu$m1lI8Tv<HEivRgSbe2?RgcifQ;rci#m3eGZ{f1Lz+;JalG$P(eX{Jm>
zp7d-?r_LLt^BCF6TI%e3Z<@6lhVglfo;HJaO`l=8@s3$6YXM`yv9G?FiP#0SGi=7J
zPh2CZnDsf!cfK&N<nuk%$F^wJn`?##js~Vqk+yqNB|F5IZ^=Eeyk;G?%j>Px#a+u9
z=%JEteBu1KCj8s2B2K)e`mLldGC>rHDnowp3aX(GHc}q3bPmP|wFgT{C6o;iQnZ%U
zP(Nn~m>3ncUN^*8W)pRa2%S})l;2_ANgNN|TPU%mHx;##M^|3@W{*4cVMa9f<3>!n
zAKAPPS9-}EL%2h5^Nd7u$ea96QC-^sEyo+GR`q!wVzbmgH&P6XmiObiRIa?i{nh(%
z%;L=)Gw%3426e_Acg;0Y)kwMA76(tNi1oP|a`Y6#SbLfWN@wDZ7Ki#X+~}DJhzadw
zzsRC{Ji>fJ-oy<LM@!UslGN^qt5W-`phwm7{OUK@7f#4~xG03cNTuS=6kNJ6Z}?my
zTI9TWro#IY!i9o<udET5_>%-KX*sdhk(cKdMLLP_Lr~e1Sbm7^k-S2zADn(G==`TX
z-WF$-!nWs^176mgOK8$6X&)Mc+db|R{_6VG{EO~Dl||S&No$8|8yG=tJ0(2Auk)6f
zb_7lH=lEM~u1w4nuCJET^5`~4ZTE&0*jt}+9Nf86w<}Cq=0$8DsJ&d9{!GqZLDYN>
zVUX%!(vuWAZi#Y#-d$DlSFhf17RVz%)*YL7Gxnp(rrN3C&H*(2SV#T7wc)udI!Q3^
z5@!Kf^73T2#zGhK)_hO3)r{r`*h*WBtd~Y$pC4bz>YO%fi!O+Gbz)>_fuhgU9&6C>
zy3W({kqIPQT4A49g1feg^4TkIp6#r086;S1bJJ1HU$xgAeer~HnS98YJoX|vv6D2T
z*2?2oTrD?0t9=O1bqq{|i_;`>oye%8GFPV&40|s)!aHrAc>QFTK`}->^F7u0WX>GZ
zNzb~)+Px<lr!VW^IDH=SYmf}1d-5om<(jMtENpr~#|n+om`~-n>OFMbHyat0ceye-
z*rnIWeHiZ&v(>D9m2@04D3O~h5y@@UX1Zt{GQO&TmQ-4AT50guVd|A_)){=F>ZZG2
zWZ}Ht8e0t?dC-(rSC}uUWpv%0dZ<`cz1?}gaz7%iEW-Y?oTWB(jfWGj`Aq1OQBhZA
z_1DHjq<Ck_WJG!~mstA6{I|F6MLE1Ub-HQXR~;*HoG-cvCmtJ){`T6*&$IRWadj&B
zDz+}_oUF6&sYdGM)t1^lzZ5aZi^#a!-?z)`v!tshn}^*J<FO=Cko-g}Tl7}n%jZnP
z8xLKcQG?w?B33No?a%nF*7SMDdb7Na6W`8|Xqn_uHl4+La3L*)IGAcG?fS#bo;UcW
zM9hLN?v}#m{oz*YzW;RnU8xd2$Htm6+#^0Fgp=2aPc~|odV$vDm{W8z-K5DXXNAQ_
z*_tP;t}@m6<QY=pd`^_R&$nV?szVqM0$RSzA0(?zHJ4P2DX_P(U@i$-;x?r-4RKQ-
z(n^JtXnLZ`^BzsqI87<v?x&EEWa%;4&4aUMIrEH~x>O=uL&TmIX4d)N((Ma~LVIS@
zAyYtq*1KdIS1B#=)Mt~BC<UF0o@zd7TG#fHxM#{|4TicjI#$yk^Mu|QdEO#--tUUT
zED`=U1K4ntzhmuAuzl$#lac&Z3;y=Xp&`X&&4ka~p7;sXhKkP&nciKj$%xom7<?4<
z&FXoQ@6wqIIpcIqPR)5L{U<#>l96mBK3E9(OiHdY6fR{VD@tyj@Pee{GFH?_tI3xX
ztmEbc<9qGFe6Pt(u=8bR+_(nh%q$n42W_r$wx2I$%2%pm>0iR*vJMuo$(tm+SFajc
zuKCg}!6v-&DPzNf`e1kQh0u=bv`TvG!9IC+X)UL<C_Rc2_IB(C@OD=t^5f<waQ5}8
z;yi3IZr#$UnV903dLDAAPgtu`h7#X+#EpB0=z=DT)QcXLAZ~@~wfJ*q?AlaWY{otj
z-<%*Cd!#6?)F=Kx_gT5oi=gb!rKc6JF>@cvQQ`6w$6as;v>d^`Ma#P3bLpJt2hB`t
zS_d{}_IKMPnx7nlKkExEgnKnlg*r+LjE1zOBpzv3rf5LZ6gYi#fM!6_Wi2gJDrfC!
zkWT7F$NIf<UJn;ltEb(9x;ePHef^WfU2p5Q`_FBXzMWe6DsXn_#q%plFFMw;<@?-(
z>0M?Q-;~6YGb)G{26lG^DC4OnTtuf!9F*l`M5K~R8&NO5&ezZ-K-WoG<uHmlUCAR}
zS1ZOwU)_IHS~AukBgg>uQsE`8i~xyteA;*|y|LRsu%?*@Auh96)tJK7hil_)$%Yyf
z6K#p&sLoH=wnh4S(q_3OV{iFtwz-e4I2&Bvpjl%|b1-0XR5YH^mdYq(I&{U1b%DED
zzb;|bN7ej6tCYk<WwT1>r&?1QVOUvcO!S2?*5=Z)wWJ$<Mf#VB>d~B;*V~VXkm`v3
zZ{Po3P7xP<>&>1lZaJDOa=&8xj=0s1`@%&Y(QnTYGGl&svD&<u;}@NL^n@)WxBGop
zqVYnnunkc@<5btHN*hpJH7k%97JGJ^V7U#}EIPr*hjUpMFNdM;Wrs)SUcJ4q!%hDq
zZn}$<-$b?Z-Uod;yVv2WUZ<JC5`<YQ%)mo5pUL})LssIl4Rwc)0_|RWfwiJ%AG_$O
zhj{U#sV6@Z-nCmL+D~KR!R5lFk9ovY`dVWtKgztTM|D|IWHuV1WQY6eqJ8lIrqnWy
z32fXf+@Swx%k7bK0_B4GE!|BsmZR>d?w1%MrWce}!$l*}6CFd_>k5fqQzg#D&<~6-
z#POGJRZ_oYqq7t)hmqoimk=^NwU*K3tGQSApgF>*{nLkI&7vP~aF=;`ldA5X5z#$b
ztAy4*LRzlne_oI;;K3=DOGNv3;>29mwFPu0&WfLmvkFw~l(@7$D5mpGlUDk3##e2p
zT~zNcj`h-z<1u&Svfs<r<X~s`c49ezkHl~|7G23BfrAbA*pe&X`vr5G^wby<-04uU
z_`AdDnOOmx(%q7_&g&up9y?Y=WCgb(YttuFQp1Zdx#8#c&kweest<46+%x?g;w*9G
zDd}<UJMR4)bDX3mXghm|xTM9e%Dq8}gjwO3Q5Dms!B(svy6<xpKS~Mu#EyST(umjW
z(J_HSHnXaj2(xF#Js&RBXRxF`(O<uN#aUU#$dhP6Ps5(+B(sN0DtXN4Qqo5w%zI~P
z%8p}~F&GN>F}obu@O`i?LXPE^UE%U58<oA>NU-Q_PW)c`lHHNnNbwO?XU$}mbSp&~
zGGDD(^`k?uJ&u~UQu00n9>tk#336md*!-_QrI?6zj_TZKu18~Y$17X96Khch@3x(v
zyEqzo_ej>Nd4vS()2v%q&fJ@7sM=3n!5A>Q#@QfWymgl~X^E>to`1twF_4_Ekkd%_
zZjgDLN9&O*b(HMInYCNN8gkCI7hlx#>m-WN<C{NRI3{lXHM)XKt9p}3oNjKeCv-XI
zR>O&2oq@f}vtc!TbMzARsNO%J`g#1#<p-uI&x%?s9BZ+rMM?L<v(#fRSK07%&`deA
z#ooVGqILR{7B7OOTVRv0M}qVIK>P`g^ss<u@*?W9icK_FsKzho?I|Cl?5Kzk|J00O
zAH}e97qR9UsLIRY)NtRukaY8!c0N^p_hqA09<#9g<BNe2o0k5sZ7#gOM;CkFukBc@
zfNz+xTZGLNy2r*@u5HW`LgN!nX{)h?r*j6yCz+2ls1Z+4aykoc8_w%(ow|O1>;e&t
zOrK1SC8{&}Oy#5WnMt&qg_+}p3Xl6!nR;^H;l~ooSChKltYz0OQoZ4N6<ebBe*AW(
zhn+%ce1%~0H(`9Pj$<=w?Rt;zzLqv~+c@j4xGU(vnwa&}Br>43>*5G^!z;wq0`i_@
z0rJke`dzFoRQbOxG5U^pk^Y&8cFpDq(vHd*G)uNuj?1r2zQn|zP>~WswSHSMt1uWC
zL^fS{QUiAhYqb^6lV_&tcJ!#hW!~S@r?S_{yp|2ebQocs7k)W0qQr+bwwb>uzCZct
z);9go+EtZ!^Xa6^Zh7-s1B-8@uv5Cx^@K_Y&KQ`kt$Ao4Ig?6$bNZNbfSu3GE(z%>
zEV<mO=vHpL^f%ha?+7VxMjb8Z-&nP1a_lEv*}^pvBCj`D&4Mwjyo)F2<9!qm#E@@p
zU~#(HLTpN#$I3c|T(UBP;wWn?)-&{htaJ<FVs8gWPAB&p714yIw`X(sb}4U7?wT51
zIzIE&{^pJ8*&xBt>@!*3<IL<YVk-v>&E}b(D!<0X*Pb66f6V9dQ4za?3xDgnc=2e2
zd<(0l|C8oNvs^E7Mprb>s99+^^AYKAs>S)7><x0>9ZP+p;L(;xH9a=zk3$qrS7Yr!
z%z=G>0M7SXE|o-3sDv#HHfu$GJ!w^9!Ie@m$(Qws=NLvOwZIo_jH6GeHEovXovUA-
z9_zEU%?W$QaQ1wNp-m(GpyQ(JJKls(=${$G^q%KQlM7`9ZK}}+S`X|ddvYie*xqoz
zd1@MMFXE$G@c8kbOU}%^PukC0Ycn#$W%s}qg=eOk9i^YEJh^)6+?YYACsVF}#F?Eu
z!ji4B(Q({v42%{3n9xgk>2fVMV)1Es6P@>WjMpALjY^I7lenkN??8}hD}2Z1TxYe2
zos}cDkd8}@-;KO)qg(qmN7ryGZbfd)!?t`WsRg(imWcZa49{&&4Z!rWge~l{2UaTN
zhPo*qOKCTb&}r1*you0MmyfxVt72nzte%@Fi8CbVmR{duy;I9Y9AB>I!>u)5-mT8M
zX!3=|?dv$xuGGY)txhbyL1%$;bizMvAAUaRcI%w~&}JK3(y{3WZnxlX-#_c-yvM3h
z6WdaIcMnzm-wo2B<w_kMs<4|VNhVew#T{0l<$7?-zF38)Znp=^8<l-p-L5~ESMlWr
zn~yI}SX#2xtXq1nM?Y7XbGTaiuyAEJn52g)xOWccp;)!@isrG96IVXEKe&1$=^fXt
zDy`bob9w8`wK(ti$-P^{7AdcPDr5LM&G|OrxN?i3-YkWg?v)4Iy6KLzPN_x|quz?2
zj;du2d8p^&#L*N8Q<yJDU+9?YfLU@b8g$k0-<o<fKB`+w6F4;J+#qNfBBUgilF+-5
zX%Ie#=+mfp%5!O$&`DJ8>5Rq&YelK&pJdl>zLzoDzDXmD8~H^sKJ-=5M&k&Yf!nbw
z+rm%W#M?t>>o@TkI99&oR5;M|iz=U%HyC%(F7Z-*Ro9>R+(FVoREt2gtMko-Qm(&r
zS5oD}S00__g^we5GFG|C*3xwFXs%e%)L)c0EB{d87liY|sI9T{lag?*Z7&CYp(htz
zbwdEPZq&5~$I!4{`72~2&8`-#R}iHqy=mJuJ+n;7yc(M@lr>PDKQAfS-y|s{R}^Hg
z2ABnUy2FDa$KV!SXAuwaSPL&tsG>SQhJ1nsx0MxYqhb;McU(R-J~KZrvRnIT>=w>e
zO*~Kb>hPC~dZinEX=QcO*L!5?>4)K_XAI{*K6*7Vx@i%VX2SjYCMNT{yi?f5YqM*@
zQ4P;=o1$zNg79}mEwq}^3J8|%giMTEZ)c$2W9=uj?K1bM$w+vlCakU7)Wad>kba$7
z?|OnajP2QLA9;r4JA(b~!i%M`V{T}-njdp)$4}aIMrk^&kZ@m$%)4$_BwLgDN^0AR
zpPgFeq#5?Y?D?)ltl65BzFliKIdjc~^hY%IV;pra@mFGAX^C^JhicbUo!_@?t;?aJ
zH#TY5ay$}FX@A+*Tv@tqB3*=aA<E~CNYm-doD_1E=K?yX2;*zta`%2b$=06U*i)d;
ztd+>6#!5hwp<)1g?2x7~j^L9copG_o>XP%xlAaRw2`3GHoyzFCdgM6Ic&z9PG}*YP
z?nySQ@pX6}$w%-AFLt3XO--SiKSgfK2poTfwn1ydh!&rRb%kHY;6$bJE%b&J<XNrf
zIwL10^RH68hi5v7`EvFpN}2TvY?zn3Yt0ULGHl*yZkm~Yx+NwOF~QL-{g{!>Y~p;9
zN=}@v>plKYirg~FUR%vl9>T?s$w(L^*BEU)1)5IZ+<)JkkK45%9BDF3Qy<dH`yx!H
z_54kdfL6?&Z*(fxwSuQ8yet;?1KvlGb(x&FPnEq06N;+6PIVKfL~m!K(zpCk<L;W)
z<%k!9x^%39t#!3Nc;kgxIW3tbm+Q%b7oUj>H6wy$_dlUymTOipdY(>MWa!{G7jCdh
z{3P03V8P>TOu7r3t-h*uYJ%BW9o74JhC5i?tOnRDOV@?YwejGHCpA~hVvBGxkpvNA
zu@%}qRr81nxqgv5Md?8u>~Y_<p{ZQN>-`|60ebq~h;xZja8&yjs{6b32gOaLPW5BF
zHDaB1RoQE{6<Be`lP}X=UAj-a*HKFRe?33U3LiPC3cED4zIym<#^>Q?KxIx$q=7D<
zakjmV9Wz7u!@2dh#b-&xC3oo53rdvYB3UnvulG($@nlqt)O8o~{?q*64?iOM>@oId
zGyz2uqxZTgsojVu$3Y*vx221|%zjCgsGi?#rhJXw1U%g`7r@^&cA5?wSLzQBdm-?e
zlVXv*YXaMriDCHkL%~l+t+BDZ#V;uls)em-cA={^s`4)2!6ZK0{L}o{Gr~BR>5$ch
zo`^;!@b-L`gYUg^kJF#Uj<dC#B4Hf(KfixSr_E#U(qRzZrEXAR-{&r6qHWNUpa_;-
zGhWAm>3J>C=r6DGzMK_yA$->2vTtn2xOq&ZjGCHBgREhzAel|^pXNuqJS7ul0gF(v
z?+yul?`rqPi(coDfVf-^+QKn4c3p+U&eM(ZnXe|wNAb|C$I_}>a3vx~)Gr-dC42tH
z|JegI{J6KIvo6})`#BfPE|yIYmp6vx<K@}=8%=k|X=YPKT4C$4Ru+^+^Z4}<2|UVK
z7?1DI=`elp*oJ_?dE)-g!+)9|#E)1K3qBq7I9HlFZnagr>C>>)tvXPCMb~0Tc`+F-
ziz<G%E7zQjZ3Jf2vi1}-7VhH`#7pyqPS8ChJgS<I4{tvDe|`VqAiLbnaLuEGu5~g>
z?Kw-*TiSE$LrU4oh??W`J0(<(6x@>|qvh0(Rj8aZN}a8pKCWEc$&}jQI^m<!n%v3n
z^iT8a`mjAVLy5;1Y;Vc0*CzW0VLpC@*n*@Db)IbRwDLrbxOj&Z*~g#NtBkW(YzR1O
z*rf5+Q{UaarF`jedrvP*o$%A5(DhKYn#yY&8tnShd~Bm3(%-K4r*Mcmj>`FcG!Fax
z{{5&>fy;4XrO2%Tj}qp%NL5E?4tLE7ABOW^8c6<WehnyAe(WC$@3|@!_4#^24%Kk8
z=H=j+Z=@^jmg*mfjt!xT|MMdfn+(5KMlZ#3=4j731!WU_c#KWaT{&d+AqIX*sUKB*
zsQxbts{i|f${r0_wlTlg{)_(uBS4AjcNM6<tDyQWf$F;hs_)9E-ixAouYl^kAgcG4
zsNNf(dhdhkxgXVc2UNdHLA7pCog1j`EvW9jsP-LH=N_tk<)7{wsNTzhpA#PzwEqWI
CG;Qnv

literal 14803
zcmeHtcRbZ^|Nl8g93xu`*_`ZSl##tf_UPa^_OWMZ9x5e!6f%-g3E7!tM-&+)D=8yV
zC=$Z=dUJGtKcD+^e{}zT_wS$I<Gvn`%X>Yq=WATA>vfF-YiH+24BIML!WGWNg>`ar
z!v;C{$jCTi{p}q5WMu3-Jx)9L_~JZ0FgOoKPYeo11j=^9?Y|WN`vKewyW{K~JY-~i
z{jeVPSRZ@e9Wrp^=jrO;fw6b+we!Jw`9Y)-e`@{Dk4OH7&mqvy!N&vZhH=ArxB}gF
zE5FYrxf|8LY3J^`@%)XQZk|q_7=IreM*Kglmgug06923g*3Qns7xboQfCtvr%>m`>
z=is&V<lut=@#2Vc+F^woY~R6mUhG_d%h=sx!{DEl+YVfyotLK@&JO3Wa~Fhh$9iC$
zpxDOR`Qc7GVBB#YewZy(5XQ^L(+=a~>FEcXlvN#{t?BmvhLWJ=(wjK_nlZjxC-OGk
zt&FbhoZPHI&VL>w?hbxfd#oQ8<Baun#<+RHJol7hAxrBh4L?IymOZE6L)ROErRSh4
z-`}XcJw!aP?hY6+2>Z81?Qe+wwfzK}vHpI}o<2CgAlN^3&!2?;{;=6SK7Xs{cOQL%
ze`C43zaQ2X=LRhMQ#k&~tbaW2+NsVs*gL@w_n{Uk2%UE5>K{qT23<YvJA|R@?>p)L
zaa`N_`*{3wT#s#hNYLYco~$u(Z=&5=@<!R?F0o_dLwZx6B9@7jbPN8ywEZ9IXDP^W
ze_M?Hrl0?Hgk#;@JOdo;F@Na_UpVP*&e&~06sO(wGqKm2a&Sz|v-vI&mx_<RJ1(GR
zf2~g%-yvu+wOjk&8U(xN=HCyw-BZbLskA%IzZXWkkMrMHl8F6UlI$!^{(Ketn;>%Z
z_i)02S!`!<^2Z4b1{<d|hL$^f2vI6w5VLjn@7ejE_S^2`=C`_Y_eII?N7#QdT6Z_^
zH)l{$7>S9Is><JFnE$){@|Q~pUpVn@i-_IwgRYX1F;JRFo*2$U3vQG_bp+KNR8LUj
zKurYo7N`$FtpK$K)HYBVL46KtAgCFjc7pl>R6QgyDI|AGHYuD3x^6AxiIKlv6K{Rp
zLeQW|001iJjm^zX=!T5**R9Z28#3rE1KNhYokhE+*a+<_WuS3?4~Yi!8Wf0!9H>uD
z4QF>-=@OQsk}8n^1$w_Vo`~5|m!kqdg}l-Dr2!KJKx?SoQd`+`Xa#+E9E<5)Jg>b&
zhk(363TGGe`C)I~ent~&w`GJ7dL3v9Y5Ge?GEQM6D1Y?<qT4D^dqfP30Z;Q+uwPVv
zFqgLRKtFzPz6?EWN*P+jej)mQac!CV?60_l$tjQ&NEC`(lR}e<LYW*+K}8P!@^JI8
zqpl*ZhzwssiJ<`#9++_PFF@*H6g>PdtKN%~ixYAF#rMd~MSjN#;d3ZXQBeL$13@Ge
z=*)kmJ+ui##3aWgCnIPfD?qnVLhfUNTto^zlZsLNayQ*ELV@0pLtkmok%j$z$wFTk
z(85iF-+I*+p@7{Ef;~_WAdpD%t*F_GD`Ik}B~)R2qS|{Chc&T%aVtnMG(GeR6yO{r
zDf`X`Q4(@7IM4!WfH(mDFp;BoHlAGMkl$dyZ=0MDXbS^bKn7e5J#6i7DIvG)haR_#
zA>O)$9$_JS#L!#u4eog%s;#%G<VX~H`xXXMNB#k^1%N>a6fY4cC%_Saf5dIW{)pQK
zsuNn0BlrDR_J4i;-&g~q?vG=KFrfZ3V+=|L<S{TW1Pp-$Rsa9s3gw(X6dE*#XpEOO
z>_s8EtwKMlF2%8V>pL{)xAWb;eaL_0JLyAg3~YZ@p+-=fWFUc@1})fMJV|v))f5fu
zj5}a-RZSQAz6IDKr9sn;f4)0a#^;1K^Kh;xJ5TQQM*!1)HYjUD1!CP&n{+$xZcp~2
z&}*o|NZC<qH4y`aY4uz0wm$PfSyJ-X)XymhJs%W=;7}XHexM`+x;sjtPp`h-3r+gU
ziG5vV@E!CW6bQ02;nOr8=*}}NZT!=OU*r-$WIT_u`lZG8gpX9p&SY$0jYcmn@^Tr<
zE0*oh?M(QOXe?JS2j=cW?Y1-}l|1z8{-oqzO{;k^Z|3gW4J6PKasJC$4-&JjcQPV|
z9*@}Z+twUKgN{)r$!#r9l0nm@AtLDR$MF1uZ+9^?r9)b5!AZAWzU^lA@WwYOC$r8w
z{xXyj1xLZTp~tNW2q7v;MfH!iC=_(R)s|)($bRpqV`$r+272hj)=G<Xd+D?VqGS(<
zJ=als=lJpt&lW2KoE*;0PQ_AjAO2nNDb#sTYXqoZg1(Z7VCHqFw?;=zrdu(`GXB{b
zYC_O#TZ4vLLWSd(W^|BypaQ+wn)SB;V9`>Lt9-Ye!jB`d_UXFDhUsAMnr}f$n8WFk
zS~}4?N(|~dxRX_DG90bn492($;HWorl{2;FmgPCpU1L(?<y}wXTXtlAFnWHxR$2Th
z)sIeYO}Tdtecg2jqN+Yu?pMefaIY=J@9<STx{MyYduNY4F-dBSw7Ju(OH1bsgUOS}
z(vq64d-d<EL`4^#Ol7kO*T-1|P`<0tCtJDh_Cw^m@MCS+^};(S7<LwzTn}+RT;{!q
zQJm4W9*FCqvsFmrHX-xpiPuy*dyn$4JPj8ka55gkZIpGcowR#PEb*drBTtD*vo5$<
zKxCFptZsEBI-S9NXUBopdLH|h>oWsaJ4eL*Dh1MOiq~goh>ri*8!YkSnZbP)dP;~4
z1`|y$$`H2bCV729aWx3;A9*HPgsEOCZno1UKiQq#sow=SyB_jQxz{pG_spux<zCWI
zy%UmmY95;y%T&dGRnVxjeVWuYu*C*+WHoTq`Rsun;^KUN{|Lh(qGtGR^Yci9Xq_pR
zqG+;pj(yue(TmX*wI?O&l8Cez6&PmSk}!|u_v;*qS8-oDj~CQ=X8`oWL-B^ITBNuI
z|EBwG-0Xt0QvE93_fhj}xE}^hso}HAR=mxe1irFb8D6dZVspv+GFGH?=fiK~zRv4X
znWYz$6uIX%@!_Ze4lKuLnNMY0eW<h|roh_uJat(?Q7?O$*?RM^l-~x;rzaIG276&J
zMM$n`v6+)`jz7yq<-}FeJSMYN^77#awoykg-uBY6tuG8{fPRo)UJZ>bE}Jx01fKsm
zYB7i%X6kErvS_08v0i12LCs5kL5QH=^flKMCgp?q`)E6vCU7qgozzweMtxUaYfK*+
zi4{NFXG*{=Ws(&#n=|$jPs&l=FyU5|i*Z#y+<eOUG+Y#^==`mD8wSHaZdOlir#Vv~
zc2-;Y5<cdm`<{oCY^a-;k009DEL!R6WdQm?!|BPQ8UIn+&y%j-g5Nc{5!+3L(2X@c
zjuR|ozUMJpX4D8aZHf@?!f73HV(KP&7UwHs0z9`jHf1ji)wsT-NIPq7=To<Sdq=K|
zdhzk6#FOC#RfUX7J>qk<+Vl6j_0QDz^2Jl)*{Xemwt=EH<p%80K6=9Q1syMs^ZR$%
z+!0H_-n(J>nYmz~Nn1V$!~q^k92uz-3vbLT^KI!eLMtL~PZO8avD`n;_u~4|L-g)U
zDj_>^M_8`^d~owRzJTP@sCJ`?g<X0Vv5>~ud0X1_79ytsvRH!L0N1hSFDR2kr;I{w
zyd7~`LotjL&4;(nzoSU6`6RDrd=S_RZ2@^aPS>3aW3wg2eUfN0*cW5LjHo=Eo+QeW
zcOxoXL__Hiz(6>WD1`bW|68^(YI4+06=%$>`V3Cla3|U)mS}i+$`sLO6XbTI4&JUl
zTRD2nP}M^szVdF&Z7kNig|h#619uZ6Ep^^D42D-M_t1Sw^3l3r<*hwkjQJUS{hk-L
zx@B3gGj4mndE;ln$*v-lb2*pgSG1cyy0pvOR2}W)YK~UClqGe#&x##MSF2t+BE7>W
z=xKY8rvMq3VRcSNcg2ajhr;((>sNH!0u=-PNKZ^1v@r)o^w@M$Z|zj}1x(c8);Ctw
zy!<t#_7hZ-iwHN3B?k`D9~=M#B~}WiI3(uPtZ~VFTK}`ij6s#;XPg>Cub6bh3-&p}
z_^iNqtB3T9>101N)QLo<`UX1ISeJ>PxOVReV{yuYQx9dhbs5oXE`Wh>n^e?gpDbm<
zd&o&e9ap5Qf4VxZ%o`3%RGYZ#&MY-*a|3&!ILQ2Yk>Q$3FtYIg1@okU|C#Iz7Ymyc
z)z2mpm1~)5!<mKw1{6{FRg+gHKOThyU-m>FQ>4n0EDQ+~e&N|RIWSnBm@G*!7iQz9
z>NvX*V^pDub9m^&vG48ECkspQqaIe{<LS1o>o=zOK>R_o)4n2Ks<NA2XOFfDRW^@k
zeD+bBW^uxyO1@C9^`Bq=@{(nHVi0wEY8?Nv=mCxae<!P)&TvBUH6?{PJ(*sSLhL7p
zRT(}c;DYvr{YR9eT=Z6R0x61LVK1*P>hQZq-TAqnj_tyl$km9bgd@OSNUq==4eO0o
z5#<9hnznYuiJGrYI2*qgFI^#vuCKJ|m%1SUaL~BSp)4nkc>#O7kvoDq{qkMeqpD>s
zk)a|VjaZ{A!$@{+HG+Pa2|m0Z%Hjw4k@A84chnifIv-=mY~3pq)4GcHJ^tng@_{0h
z^EvM`cuhDhMx9CfI@8a*F{gF4_VqcunF(Vj4rZ;9wE_L20O1T2t$G-xg*aWChw}=v
zF{tCR4~qq2Dz12YdwrQgxqo#g$h{#V+_jNU#^ZfFL@uxET%?vcPlx6x!c2=fM0X~p
zY#LBO1wT|BE`5vf`|`+M>LbsO3S^pgMYRj`8Pl*HeE2Dyz34u4Pzg>6V5w%hs*c?!
zPTaAZ3+Np?H~uKh<+M|*<HJlhu8;9b<pZKnat3j5PTZ%FE2fa&qdhr6HCx?jj&s~|
z{#k3GUfn4=E}<5~EfkPDm-PANm4q)LH-kyJh>A)c9Er~8zX;c`Wj(m!-)K|YC;{Rb
zk}FbQ^Wmt5mY1Lm>O`VSjI?Co_ccRWzvUt6^pB6vnplGaV?2Z-hp&@Rv>qNLzUM_!
zDS`4UOpdiWKBW%FGNcy|mtFe`P7v!M|HbR(EG3UWPzWx4PeYo;X=tgNNE4`m=nvVj
zZWFlI(xgDJL#sdfeo?j5kuMof^ilmTfr=K^@FDN%?>-cP6h<%wXh=c@Un!M(zyP5-
zF4kM7ZE7`<Q{;C7eS~|p-NDW!CpcHL5lRSP?t&d?de73A!5H&oE?4h;QN%`WU*JGg
z$!+$Q=WLmdM4GR42y$x|nyKh%SG-5^S~TKx*@)5;9@~ZJ9ZXa2$@g+Jyz31K1qCnv
z`KKp`4oe`1-Q=CH_0tQSX)Ze2N81&V6Q~D=XX?($0ed02Bw-`0p^}ubGNqF?`x;`t
zxKh?O9=LN!M@>IUotE?X)#HE*!rj-+x*2k~A!7E}mDtFvP25?&l7amZ4U3z(g=h~R
z+6(}J3ch#ftBQo<`lvZP^mTNF#tUuM&SM`j%pqiZMz38#m^y;-RuAT2*!pxtwCweB
z4iRxvWd0XU7M45quG<V*_4H)-CfiB$uPXvB2&Z;XG1jcnPUONu=J(o>whOJdERvmm
z4yNMw!jH0|SId<EAGAhLGL%YYG*_VZ3CUEi6;#{%B!gj*aVmdtdF-KN(mBgBRs{d`
zgt)-w+EXUD5blvMY>OXyeUG<4)gf7<NK{rPpU!<S-s+*<pUQft2r4B~@nGuPtJI5)
zYS~w29z?&F+<ewXujU*tID3J>CvH?IpR*KF`tp0=w`=Q8tK&1oW0CN|r`Nu^c3o_^
z7ODog=s<<vglD`Wy<HZ>WX~oMDnITfcXz$P&k0@F@*yF7Dh3xp;0vPB^q&8iBCLc?
zHD;mx5nS=$(TJ?+giH!6&Cg?UU)VK(Um!lIS6Z&p9d)%YLj~GD!jHvdnof$gaX$(U
z;z4_v*XR2s68PednY`*0=zAL=W_w6uB#UYi^8rb8=;N{SRPtWF%sA|G0xpGFM**Ec
ze)~aQOS_3$rB2p|H?cB(f(R46vgsz&JaX$m6$WF+S?BGaei)s2yjT5TWhTnpf=ea=
z$D3x38{_Aca!)AI0r?6#k&{1uOq+rX{z%z!Dz#c9loy`wdPDT;#p2sen#cn2>P%>?
z0bj#t8&^VJR2Im0^0{BRoNaL6=9HXv$<S(!P3xxlz<#|vu$`@k>~-fNl6zD4?&;nJ
zt*CJ9vuq=C{pWSxEyX@c434iNpAyd#?CAS+ll;e~e(0RFxHL!lu{15y6wkeqCy08&
zStIbWn$G|gRPd_#6G<s-Ph-#1hS*xpZd}Pxz2L}@#B=Qm+DueoF`!)^$c6Mn$rqU!
z9!c(3Da$5_371}o4kf=fb%!o19SO%$lT+Ck04@lp<&|ZfP<9k<dM%9j2gmU8R08cG
zJ!QStF?JRqtYZ1|b%K7LlY{9Z2~!{ZFY@U|bC8M8ikyC(vi!{dwds)|TYn~3Bftk8
z$QQ2}tJtWkJ*LW2d+RJo-@%G;Db;Y5aDMs5yG4J3yc9s7f^WE6zW9><Isaf0c{4t|
z;hZQuA*|P*<<i?kG4f<h!(6JZvrL#ME1hmY@TUM7@vj2k@w4yQT?OGn?c$2wivnG%
zd_LUWU>&Q-1PHYwX~-ojI9EcJ1ZxTfjWzew#XfdrTTeWkd(@ry3#-XK0$<j-#gvCm
zd)b7I*lDOEr;<8^Ro}TVlX#arxNgB^EOXJEz?Y$_G33Z;elb=-z)Y3-D#_+0Irnm^
zp09$|n*vufP8eDMKSOd2FEe4K5*Xe{!=%k$q|o&~E2ZO96)fWHzQg-IgI<RG6u>~Z
z%4{iTF&8I(UP<awlkeY6I?{7&FFqbgER$~Gr&xSB2OY;k@ps-_7CAB)!hME?qI=?@
z`sDzjaYXL0v*3E;#AWT$fErzBkpt$VDf2J4?pIteSG02w!ahi=bSV@iKV0Hqqndag
z-dW4g2KrVJ+WTPbOHE6<Q4?<m99uOPG%Tyq0uFj;>gT&;;fVb>#Vu7qUqHB~snE$8
z_U3?)K(wUuUi0&lEkf6)T}Nxxh&=?QDh`Qy5ae2Z<`PdSn)h8Nx&5+<Id^`;ef+TA
ziDQYSGHnc+)Yv;Vz%LNr55I27A}S>j;j|NQKJ{Yc71KQnTA$}Jv+P6^Yu>MY&Jp-5
zqUeZh-~q!CRc$A3x*j>c%y;941v3uuc?^+`49e`X1$Kb57}(^aYSM3MeXo43>74#i
z5ht~|6i=5TI~w|7|7#qhE^_PO2Eg#+!uurYyPW3?3SE|#`MCqNFSUFdnSpx;2F##8
zQ!M|q2l_#L<y^Iwv%jItY>v9c&Cy4u)XSaq#J}>J@yQD~gSjlX-vMACJH$~rNp7SA
zoq|uC66nqkewdEnPdMbvwxa43=D|jWKa@$ZBUZS#yrdz0mG;0pCnikgN)6XRBHf=~
zq&&x*lgdeRpMw6VKLGena^T?67`d<z(!`ej6CD%&lZ@h-_j4K$r^<!j*^XXrBJeS~
z-xY!f)UO0oX}$M&Xvk=M#*Y2`^MZ);n^lhlpYRGm{R{RMFs?)#saZHX|3(D6e>dMg
zpMtYYJu_y=6zv5g)0qO9dKZ9!aN)1r^={@WcYKQedhW&dlT@kY*>o8hH`>B8CArk}
zpM4o8$o))1ViZ=R&azjX_Xl$P(PEXZ+=qkyN}{I5Pi;ga_FZxVc0hdjG}kLX<w?>O
z30?ngkjX&%(|DZuM&;x83^W5J;i-Kme-QZA_E}|B-=laHgl<}V^>up6v3rbYwpi>z
zJZE+AvDgZv2k0{>Px|$go#pO!TEN+)xl_{^ed7xM(#qPo{@7(sERzctQbn@8G7)7z
zuGAnrjAxs#7@@o$DQ2hK5gGW+(r{$vj(@z|rrq``5pec>?Pe&Rk3omWam++Au!htI
zA9y&EL)>o{S~Q%gjWP8GGFd>?`k5h@RJ%;l&e`Akm9F~ko$9E<ClZgNPZdQ_sK1ud
zry<C_{JGpD+6beLlVfx=`6(M@=_G4`*fT0P5@Wo`PhzOYMZk%8i1ZLuChDxv3v*xc
zTWrhjJ>2D?gvtrIhT#2JcD&sW_z#lHwJF~`A>2j0G&)bl>?Xaga;tYPcm{d$P0dZQ
zu;rCze_#WIBWq^(KKC)y|Ii!mzPhjU_>w!d@nXDs<Q??mx6&V{+|wY)Em*s~U>zfH
z=laEX|Hi;BVV(9%pX@U<ZuztJvJd#UGehym3i#MMS{i4^E(WvbF?Cukn0BcmQ#Cb+
z<*s51IzR1q;(rnd;tJXaynB)&YO#7W2j7P5s=ngU@r=*Pe1rG1P==4&qOE1aJakY4
z%C7tFGr*4D*>{H!_;%Y*p9A{+&VKqluowETrQP<^Hwbba@P@pC5}2=H6Om=l)~dpp
z{8xTVBkX^id}?WL<X}_{xatoBzHE7+L0Cn~@hfVA9k+!h$%0ZWy_L_M!tMK{*B8p>
zd!UNIx7+?V7;r(*-S)pB0K*PyzutWPTMdhjIkyja^sf*3(d8<7*i#=y9<4!;vb~i(
za|!qv(vN$PjaYAg?*bQ*v&NyvcJw}}t}jwfc_|5{=)ODRH06I8_z&_+(c;;A(bsFL
znEdcf=A2ei&h}pJv9Jo)A+e@wi~JU~(7ura;36B?uZIV}eX8h_kR*;y(W-QCNMR0I
zNlaDPtJ)kz78VNp0<E(nKY8IZM6ch!M$6t8phbf%=1hxRc6#R^?Q~5TrNTP#g5Vd%
zjs)}@k;sF&FGNUu+w5^iZ$))rTyF^`XAdbw(`A5Zb*tb-nVX{uS<tE}&o&zj8dx7#
zbL1_Rup8_>*&5}y?}tT97=Uqt+V;V~rZXr;He3CM=D0_E?|UX+z0qM*ZfOk_$-8R%
z((6D!$d2Xm<o%Y5!#b}<%M-(1pQ!HfRWm##T!6VSo@MgfZ<Q___zxN%as5jUg&n4-
zEAd(<t;+}7?sc-<9Ltx)`wX9`JJ8HgJ3z3b`i7>jnB7TsjpHG<-jn`yUbCXow8bPO
zrQsHse1{}4G2lPwOu{qde!W_2)&r%mp=l!Otc#R4SGod)@Mqi2XHq`I%FaXqxzL)D
z)mbC+S#oTo4NvW5RJxTc)<|Z;MmW{^D>LO;ZTEOOP6Pmf@upJYuo%Bg<SD-Cr1129
znxm^CM=yTmcKXKtOq#<aq4_buUP$hwU~TB2kwd4_$<4Gq>xl)jnrWpyS4*GH$w+N1
zGg~;t0t|%X>U#c|k$onoroCxzQkBxZ*SF*7jZRXn_L%pm9xHA~ixTAKTF~l~ncd@Z
zDSXb%%P*ol7Z)#?KKxAeF2xA_YM`|+lwY_3pGCik0YijK+YvU;f>VVQ=xcji>xU}G
zQ6XiM9ljqT*$oJMSFYidujqdy3;sf9^#d6}`<l<;k^i9p{;PLna~^W~t=#}zJfKQ6
z43w=1aG3k}XXmz4QO!9PE@X_}UU@i{bG7%l`cFQ9!$UYXW}TO#`fy&4gl{=N^}8Ey
zjf!bJJ2W2DHGlAp+f&tp7=ql9O?r{s!j*=J@<yX_M2~jRsaySsZ$ie?Y~?Zml_!jn
z2y$~6)^143=2W{@dbof6+H$q0YTBYgy_Z*FNtZVSM(POUD)Is>B{v=0UG*SWUZ)n#
zDVviU56Lcjo-fg{Z+Q1g=x`Kn5<sAW?|ks4QF7wqnhjFRHzqsoti?<G*M9Za0nyj(
zbbP+P-TrY4;Hbv?NMyQQBEPJq1}*#urtI)$ttv~1leT==JHgdO`YM%RZ{*V}a%zR{
z*fTCCj|8Wlw4*A(W$5})Ur>?96fVnBTu%f20qLiOs&Nhy{3uYFYF1U8Np?_zOXJDm
z<F+L&thjiIPn)%_1i$Q-cfo-yo)7Tt_76W72z)+Xq_;1G4H?_rqNoadQ}4KVqD@Wa
z&Fd4oOJ?!8$~@wC02e=~nzE;~yv}^l9eJBLIz1~SI41PrJFB+Y9`Ed<{!<$Wv6}z`
z*)f!-$r)U7Z&S9)E-$GpjO|u3=aI+5DwT8`sdXOfZyF+Z`j?Z(B~&GC&dc<)@r+hj
z#>(BRri~6Rv(E0-kzwQpOWD9LkX)m^A^f+_5#{>g#P>JS*gJjv(0{i%SNyCW{fjq(
z$+W5|1ipze&CA%Yh-tfl!Oo(SG~&DhA6$qP-v{WOlL=qjFt!I&P{FfKt_^ll*GbJc
zPaXd>p*r+EVvKF`d3Nv_#fw?pR?^q+0SpoVpV?=wrAiCb-;=Ob?4=bL#Z`O|aM|oM
z=<R<RFP_8c4A~2EFHHVaugnbZkQB>viR>IN?RSb*NGfuxQ<!gknv)Ei4J)}I{s13s
z=li3=jyeNLt-Z{;8uCM|db+GRZ#y59m|j@XZyNbw2=dU@xICrgTSR%_>|Jjuk{meq
zlj}@D^6m^0r}7RM@v&OdXz@aM1CqP4D$UQoe*m%RQS-jzRr<Xc|NTO;V;Z+QvZ_Z)
zXDb)-fgKPIMtjhpX1M9_%ZyZ~7fd;Et~ZZ8GooYR{z;Cw;ik4yQ2=m|pF7BF#70#f
zjE``f`4s*x8|!5g?|xY2X6L~e|0^nTWi<B)eopl9;Vff{cWr75b^lyFMz2gvt6sF~
z;d{D59mA?`DqTnzZwQN-;YW3fHjjwJg5u}3LMk75Fb+vgQ(t>kC(nCLBB!3f=UcQv
zk{!@6U0sQBi*F}ivl`BSl|Qr|*9BL~@2o7TE+&i*o{Cte&LOIH%f~|qgi!us<I>03
zi@r<L1CN<>iP0}=OMnf~=0d;oz)7t};*#}=TUa7Y??b;zdCg@jWgeY9cciQoBxIfw
z<eL9<M4?VBT2LnG;h7aC^%bqUgjQ?Lg#LUX?0rtzW3&u#LE|Vwy{nU@OY4Z-bir+O
zUPr=>V&=E~F;~mjsC8(&-z(#RpB16sa>T2;%b6z>A~G)rEnM(fKH6NI8qBg^PH8nW
zB)vi8Apav^2c%zp<NVUQAGue`eP4DIl3&_SJ2^XNE;hX8)Ae>q&)Uy78DOCP;3=q7
zZ(1^lihMH{5un1jgk4ApDL;DqX}R3ELfCWN*$)Ie3K9aFqPc&N7S=qRGJ<(O?^Nm6
zICwM|lg4w;{Y;1;52T+k;FC!l^0uytUv+|?u-l+$Dcj(Bm7Us{m|q-2tq}EydZQX(
zAl$hK=l)M2TF(RzEcCvvrwdZ>yjVLxlB#*IP}S*kw3+b+L2jvw>K;Y*(H?S9VtHN#
zM^1kVJ#J(EH?BOy3sfwj1ukHofr)^se!iT(dvDf>!|2MSR`CNq_&^i2Cy(TN@zuN;
z6!PhohbaIE%$IFbBqe$Scg`R_wxANPPMqIt(fcwmzqf{8Z)!3aORe$**a7je8X-&W
z$Gzw^a~kaM;>m79Ui$D>HhSMYt-+ZCONjo<LIl1=O(mOzq_K>L7l)<FO+MvC1cYjQ
zXL9k)V2Q>%%26%WgRX%1<jQrdS~xccOgvQOB;11yrI$~;FB1nX(fU6Kq@wj$gU<dy
zf6%@}capv{GzhD2mI$p6A!0{v?tuyCf4+jG@~X4^9wOZc^b-YGnWjg?C-^?8T<9y(
zw{?Alv2R3<N9T7-td-vTY|VUZ2J98;A)GSDXZK+v604&D6lPoo`T_15@kjYn#o+#*
zDo1Ul1f#$iLp?dbwI*E-e+heSixu7bhFml@_t43TnaWcc#_h+hPGHS)Gg|-#<PMlw
zgLM92VukG~=g_ar*|e6)ONjdkY=@{5VYV&D<AWnW-cY0hxULA%A1{W3&Ixe2^Cvsi
zTCW-%^MCU|wM*|v?+7yEhHop#2N0k9(Q-jd;Pn2edpL?94>7-|dbS>>>LSMk(;v~r
zI=yzi@SAo70318u3pp($-J9vJFJ1nu5*L#cT2P<AVeIWbJyxVlI;)4OXb1YC0FG^O
z!J{d*+|sHvm&obh2NyrZvy^kZ7LUAYr}C+-zgGbL>LJ``YT>V`EYqkDYii;bH7C2;
z;Bdi2hg)ytsO3L8pWNT8M2Lgk{xSXq;DW~6uK$1!-!96;gq#0gFLb;8a=qJ0%WfwQ
zyPY8HcGAAvN_e*nyW2`|w-xGc8FIIobhn-TZoka$7Wuo4+}&1&yN!h1Mid;3rmX`1
EAJMl-W&i*H

diff --git a/crates/store/src/genesis/config/samples/02-with-account-files/bridge.mac b/crates/store/src/genesis/config/samples/02-with-account-files/bridge.mac
index bb22ae3745580b000a0613dabe6f575007222c58..20e573a0e352fbc0f3f7f636a6e0c6394ff5c851 100644
GIT binary patch
delta 21848
zcmbq(1z1(xw)UpGQ@R`J4rv4gX^;&_r*x=<8$?R!O-qWDbcdv%h=hb7p(28m(g+gD
zKNs%robR4{?mhqi{L^QycfMncIp&zX*2c~sXs_eYlPJ-NE+zZWCSMLENj8vu_S9CT
zcXf~~LAIf_u3aCEWbn=htb{(NUas=%e!i8G$s!C$33N4E1rJvTM^9N<KYv?K2U}kU
zKUrDZ0Dl)*Sx-m*+g`rzH*M|hy#hS_f%w)fuiK6eH$A=l9dG*C`?`Aj`=Q}ciwTr_
z_T7}$Q>Q#UJKK%xs+Wn|Z;gL6s~$(`c}JQRE!lvXHAQbnl3shmyg@-o>rS-u%s^Ck
z4I=QWL{Cz;B%Ahg@e8A0#0w{w9FOVL^C#a}-)hq9{}8kp&sUb{QdpvPiGslA!YJ9#
zPcSKMm+ehdh^Qe?T}U|p5i@s?M99>}OrVyeNg8B?oI;~O#-U$AV02+?5eUFwu&W@O
zfh>UrgH3?^We$%QBv683f(*l8=}3G~iodmS3W=Z$!-LE1J&`^id$9v&TTneoiVtV}
zqro5rN+J<BWONP^8!j3aR0A6lV2J#~0hW}E6hzP=IT;oUKUcgXi-t7Qf3JxPS>T}J
z!GH*|2VIZ}4{i~=s&f3Iu?Nmer}=5LqwUt;B0v&jXpp1-*KS;a<05-mnUIG>bjUge
zN@N3u5MCH5E({A64kNjcoMTYJDagr%g=yi;<DZ?Z?9(OSAB_;-Z~0d!{&9{Ab??8r
z#e<VX;67U7d?^U0W>rwBG+nO$TOe3}#_^(?NOMd{(toK<k4(Z8#D_)#7luLB!;T!m
z<o!djNy(PkkvLc)RFD=A8%EZTaWN+lg&8(zU<sll_i%0?M{qa*{<6d+#Y+Og;i51T
z5E$;o1Oodo@DBzffu}2fzWm}%!4WgBF#KX<f%H$f*ihH7c!mElD}S3UP7ozC(gTm4
z;35`S7-{%`2$GDLvY`x58V#(cMf^+pkm_Q5aCqUk7ac}<h9(US3$6qJO1S@M0T1p$
zGG>X)4#I>hr7zLNK9n*3+t4BP2xQT+kg)`fRFDU}Fg%c<9#W9OV4vyGk>eyRNN+;&
zhB!hkGz^))%`O=+3z%6v(4lZ#I8v6_iXI9lD=FzBJ{T?r6BGiJVHhxE8L=Un9P*Ud
zgcPy@V~7b2g%U119ny=Ont<`b5RV1~-VjAnj)q2t6egp^gKFadJ6xm@nIsDVJn~{`
z0vY_lU!{wRn2^mSWF?uvMHM_4DcK@&m5kjKj{uE@z8qJ_UFvclYIS2l5#hmq>TTs&
zWt$qnxiPKtv2PYJ|7}q4;NPBfTebSjn8Ev<u*S2K1o{4^1*<!jfLRQR4bK}q{?^g|
zy&@Shk(`$HuRi_D8l^!tkc)9cN?aHVX&B!Bv^g&JK9YjMQ1ZLy{as7xZ!vHWK5qWy
z6LMp?u1w&HaghrP3<h_a!F|NSdvuqa{9;zJV5HE1#lXyvk170!E@WVoaA7v2VGT@_
zs+iapaiJkCX-&{Lk@d8Ee+H5k8v7Mmc0Am_wgnRBQZ3pgXjvj_*{BKsj0-g2J<Q01
zOWYTejweh?_8ALK3|hQMP_LjS(Rh){bn<i;BZmu2h;Vsvukvz1{Nm`+L>AD|aIk%v
zTa5^MT?x0C7yLC)fuR9|UwTS#W@^~`3BHq18Xu44U5}in6BfHzNibosScS=0d)VPZ
z)#|eYfnDox?nt+krDhCGc&i>2X`0)r9X!S9kZFI8fFG$wFM`g3hP+MBg^osY(F<@M
zVbH@#FHWsBdMecB6DAEG5<wbZ1tX&vA}{P%7^zuc;2gVHz20D(Tml)|{iIOu!EOx$
zBLLPi;?Gj10wc#Oj7m)ZD9~PLv%u!U#UO(^4rLgYs3?R`hhRj)!f=W2a-Wy)x0}GT
zO5M6xb@06Y*kOTXj)%uGxgt1cklEdaTF@7#4+T8eICEDhkRVeP{?bumuz7k~2Y!10
zR{eL|nF{#173_V>J<kqua?rq^;ReIc%tXmV$NSF*q;Q2oFl=CB+C-D)ah?B8_V6Pq
zymdcAM$COcAI_ul`YlhmkTwi%Gvg<8N~&rM-v#&2Z;;{81FDR}hIC@#V7}O9fRcg)
zBcTPcqQb?2jN*}*EX{5gCr%O`3pft2pn-(pCgZ^;OMgFl`+7egK0ZdqbClUs_b1|u
zbx#6!fNFzu8FF`Vj9&O75P`oGzOjs*NcstGs=)8RWT~|Lryg`P;N849T0gPIP+l|%
z^M+>bV%}I`J>1AJ2_57pTM+wSYaIB;`bSIj|Ckv#92X5~fX9do1*cZB7$wq13=3Ju
zu7m@QL2&GaH~eIOL@Y@PdjM{9wEssywuvTTE5Uf-$G?$DlGI2?G5U)e3JeWdj}J0l
zOb$6Hc8!!4#El0nlQ7tSvHi1KAzLJ?I0x1hUS1dus3eLE5oZ;I>@#6FFzCc3#l?gB
zh>uCp3C=LUqo&egx=#E<{x-s7$T9JMp1XL+eQ^$gzg_W2N(mPXCA5ExC&j-RPvkub
zBjh_aKIFIrh2Y<Yl;Gd3m5bGQaeT91>_JAPvLqcfG~{^T<PYN)#v~9Xf?sS57?OmT
z8d<|Y4UN0i9}_%b7!_Qx;JfmnklPHL^XpNk#AC*4cqSV`cFuIP0NmG<dU1GxzMfWC
z7`TM$;DF8gnN=85SeOd@`)hwfn!6yw*hL`G#fu7~6fN&XD>h(Q|3mO1NL4A}i%H0W
zVS-5rml8%mEkY^m;t3G+LJ2CP&P8EN7_0~4e{B_3h`_*s_9um1`GdlE0HG0pULQgF
zhaMchJ&@e)Li|rT31|xgh5(Zd8iXdu6J-E)e;8Dx0CLbcj1nR+7)#P06s87pC>U@J
zhe3|P>E8p5z$L&TM5VC5kOAl~4(>mKu-rc=4DQk}9MC?D1vrHEC+Jz&-wn%9h8)1b
zKVOhwVT~v`H?W6#-HqbB0P#V8z%{G{$@zgEs`mz^{{yhF%Ro;6$QsB{`~Mg!5kSCj
z!9+oWkO3-%9sDT>O8_JSSrX_WJDfk=6_y4ZlA}_X5K1lw0)VDb9yAD{0!sdu-4)P&
z7?=lGA4;JN%3wNR-%(r@IDj|_G|nJUb(BL5K)~ey(*%y8`iv+&)HCStmP2vSp&p1|
z1N9)(M9K9)84CD1=)V$}=f6^z0VqN9ZGkeB1r8u?3>-js4<$DR4S~B07Kh?}C<G!X
zg;@YSSSPSUlpJtqy}+!1KS(YDEjZAjn_&FIAcYOckU}1%z_~cE|2Z`dpdwgkFdmd#
z9EDd<7=c1pU;`418+g!xjQF!~gl~cR5cdEG7AmY9C5Pr8N@3nWK@SQ(pbVieK*-P!
z^aR3ARD}Rg1|L|kaTJFFgZKf8<3TGA^bGh5V*-U>P#;2Ye8M1PMCtDVIT%p{Ob#Uo
z1CF51hXZ5=7=V&T07oo<D}bd9l5qQ<l_|^!tw6wIQJDG{2SPTmj2;3%tQRI1kFb1{
zJ|0kZkQ0EO4O;(+paIAbU=O571{rKQ2$dj20zC?QAWQ?9^A9RPm;v+<uAv&pLix!C
zGA@v>{n;AAIY16^FBH!M^)B{*K4^#=D1uOmLP!Dl6Oeg8E&_Tez(|z77?gQIev0Cc
zfn$i%LR$fh2xQL(3eP}>P!=Vx1a=Uw0{($LsW*^A^DkTj1mLiM)q)H)R0kYDQ;>+N
zcm-4x0Q@D2%L2V1;Oi*f0_sD&6=Vq80Eg@^_A>Afwq*~<FeYd(|KUnPpwI=i4;AE5
ziXLDH@i@?cFhD1i9Pl29_XEce`k>^X2&J$AkVQZt5hVv)NfhumAVXM(k`Dtv5FY`0
z$bJ;G4;_cFx4;3kipKy#+iV;dK-i6{c!t7vKo1q^$iM^iWEwcc0EPF!9y%R)Q1V$&
zCIWd5WJ!?cft@%&MU-9}g%{%w<Y5aSOMyb+UkXqLDU6-`0)>}ASsD~Cqxe@8UjZ^1
zkR71I0|c}N8iKeNif;frNbwB>2&N5oA0=->A>!gV0u>KXf*r^j93Z>EksK({(p+%i
zec%Y3<FEsOkenSQzt95N5y%RF`~(d_D2&pd0Imr5DL|;+6_i~65B~H1KL-xLLW5bM
z3;<VB0vsI;6ac#aQw~!G{4R=PqrsFQ4lbh}$PRqdD?xss_Y4S=QFb8k9u>grQ5+OO
z0`pG{DyV`Y38(-eDH<#cGVDYdk^{XO;1oa)^?(v^Xeyu|Lm&k2VM<Z}X#j^1d?SWI
zb3KNtk4*~*7!WBG>Y(sKiU7R^UxP}TfF+|8ETAV4X9W%+WCI+!@d{CT4#2MhPJanJ
zfa8lN@B_Y!!?Xb50sbKL`xiYw&}#$v#kr2E2igZa094Qc1?b*}5PUHxL5AQrvM{LO
zY?LGLH6L~jaB-lA<bD6r0Qea#Oc%(}>A(ZH(WU=`vcO&s6y<<_2t849P=wltg((7q
z>!1+#PsN2?8C1{*B^A(PNS}ey7om^@EDZx7??Z7-5CFulf_f0nqT~yp4MV_nKsyj#
z1O6btgbWw$!-VyK!UzaB8NdTXt`7_#9>Vm88v@5r<VL{G7@#p|017A`r8fok(A=9b
zg9oS&ohhau2cUQY3ad~E0>5}sbwRLz5~u(KVP>Fk6Epx}I}3OKxh-hO92D$81CYaI
z7VrRa2f!h@BM1zVJArx-0<LrepbMyH0nioLK^&kG#NB~C3VR?#cmP8<C|qU*58&7f
z<-i-|zz0--^u7S0!I44P>7sBQg@K@+70^HXvmAvxQTPRg;0O=126{OW@Br<EfWQDp
z!0w_1kiku$Ark##5C#k&9u6D>B)tz1a-f6KKLC0gz#~DRAhARNg!Ius4h7<cvWo?B
zJHQ_TgyfHa-V)%{g&qMDhAs<xAlOG$0K5m{Nub9NQi*{Fh#1Jj96&)9#Z!SJh^K+T
zAiRo_8=<fog|fiE6VSUthXU{ecn`#LfPW_hD0H9{dBBk~;Q1g@$Y2E}F9h5L@F$=_
z$3GYb@uz^J@ZuMV5>Ve2$N`2ySO)Ycgt-C!4Co;|M)|D-b_mEp6)=Pp)j$9>Py-r-
zdX5QQX&~Y{z;A&<J+LzY$c~ajKbw0%7JpKh6H49!{6O+n(BR+oU`vL10(lk6t^*B*
z=z#=_C_xu!06Mw4K}9csJpds+IJuytbc(VA-wV(SD@;=ILN5FgaOmKA1?+q-L>G^+
z*FdfZiY6$#H^84S;6tDt$Zi-7y#GUvMo@-{D8sja`vLhFFob$O4l0@eT*~)HXJceY
zR)4j=^%0FTb61<hNnUP`^YlC}Ga+kZ)l7A|p2B&v!RNF!rJmqH#>a^mgREfL=~)~5
z%D4lq_rF_BeiPCO&T*_sMwx8nsHP$kf8cTIcFk1B1;~8(L>}l@^L}k(m@Q)bVAPVR
z^IPcrTCyLvK!SN<W$xq>lP~{$mCb4K^jZP_*pd1d8=)_Xu341dp1`>G?iUAJp{X|i
zL~XTDbN!czpPdExC7<2G=T}-p&YQ5dh^W;g^7PLwOgG)sIR?Ug?)naV7yHdLijZeW
zYe~<X=Vr6meT+79r=PwEkqXnDbl4Lcjl+ry!MM8-K2jf-QPPvSN~Nx2Oy^a8Msa**
zuw)*j6nM@O|8<}tafr8N@i5u{^=T*D?RJ_XuH5!Jm&YH*L|V*PxJ(x_dlD7UhC0e?
zznx9I%W~^ZmH*5~to~{iOKHmF@ohxiv#4wx3&|K#?d!G*v5vLbY+m!uQikcdm#qqU
z@FX&+2s+b@S^4arDmKe`H@~b9uX(F4-S;W*#c>8&+ktnAS6w=T!R@{GW!gj)Je%_~
z#5EnXSq)AaA_KR%(<z#`_Np=h&M#wM&2dZIilJ>+dYROQ{c=CF@45+2NK~^c;tqwf
zlhgIC+@_(@!iE_+VMQ-;^Lt`kI}d5ygM}i}-`yjz&TH%5`6@y^LN+=wQcV(nrN~OO
zk{XX9OwI3-GC>ZNsiXy;QerfBH?y<|uS%Jy3{{r9&Tq1)#p>zW$3_#zX!8<$!`Y`?
z0}{0J^1eIX4+GhV@1F}uBg#x_(h$F{1ul;TO<h4$epNX%Ecp2Cdu0r|+BSp9?kP)6
z==uy(;YssmzQk!tqjTvk8m9bMXZOO;BA##RoGvB&$V0KQOOJ5N3|FGy=q(I>RJRAl
zmA+BG?5ScWZ`2i8($ycLz<Ngi<)J$LMp&a|<mJdFo@m7;42|hJ^)sD5t*r?}XYq?3
zHFlvQ&Z99BZ{En5Y!TO(=nT4^O{(%BwwQpmJ3P_oSTn{2UVA_0K5qZ=%~oN5l6tMW
zBVuQ&N|dgr-y&W6@+(G?;TL;E!?!*%=^YjrG-jTsis5@qqOJ3`u-5rf8oBZ<JvweJ
zq03iMG-gQ~ZpP=h0W0#cn{6}YLTFm@`@6|(r)`}K=Y4(Zc3hl)k}oH8=ez$DCtHUs
zSHiC6!fCZ)NPq$ByQ1g>`xg@ow*s|tTOJ$Vk^efYbuELnEi8IThQ-`LI9`jY)`lx|
z?&I9z)6?W*$}OF>+d-ylWSl!M@!pFFs@Phx2VPs+uvmJk$mU-m&%2kTaBB_myMxq}
z`g!Vg^LGpN=pQpV?r=U5tYH_}IVf%NV4RTG<IuAD;A2{MTYsu^BI}ihvWL70q5QDR
zI*#{(ILp}0@*=Mg*(QdKYsOCZ{KU{Io|hsFJG?J9m<-682(#xlaQnBz+%`O}1`DT0
z{*Y!|nK23a75ZbblssfWW4Cm03qfi8D2&e4xv}_l$PF_hgebF#C57S##{+!Dp<dai
z3}Md8SGw<f+_YOcog)obyc|Gj@O&HN>Oi{To1YTsO{esw6i>Dpw=LV0Z!o#qq_0zJ
z+Lq(XcSU5xi=Mh){V?U6Q*;uExa6V$_t0@hy1Oc2V!z7@S0asBE*WxMifTtx6E-u9
zVm8lsDnG?aPPV2y?>ZlJ;nGBx>7!A_OSdAQp#1cTQ+?g!w=+yHO|CMcFJzRQZb_r8
z_#RTX;@8|t_?6p^_y(&#iZC!(K6V85)r^qJl!bmV5B^nLUq#=7_3f$MHCGeScdcYb
zTALY|mc@6!#s!G!l)+BcO?^+v5XOsa%B@t+)sjJ<BF;DZld5kMrKqpOriIovSp85$
zY|D0QN++l*FC}t|R(@U$*__WgzJgeen@$xBdoLvz`Uu(jYC|ZZDOS7V*6rev#&NYH
zR`O?(o(B2PF}hx}#v0z}x~4nu>0QvPoied<2G-T#m0|nYOPW?mKG{sv5w-}HA01W+
zc!dVvzLXY@#)b~cm#eFljtTf6!&P0`o*+l})HEg*zmW~Dcd2Puw58z}cWeFr+2gk8
zhw)pwsyV6mgXX&dPfeF*eGLhjv9^^;A$5J<&SU%z%)^D8lqd0mmc)h|&%#@Xv17Gp
z<Vq#xrp}v!oMpZdK0W>X`mw<*LekvT%=?*iaM7Kb{@;d7=J(Bi3T3>N5%CViQWn}W
zY_D>n<in09_r*Q06XU6T?<^IrIiK8W-)G%vcI72)bg?_;l+J8oGR`g&kMy+xZ91Qg
z${*t#MFuJ#HP8zamM7iSv*3!A*X8*LX_V>0wW#j-6Xg9Y>^~Y|dp9FdL5N6?q2c5V
z5pFKJ8*^tJ{Jf;B(zmZtlP5tm)@a=NY0)lYXZD?{ui6huw7Gz>buT<g{r7U5_=%@3
zZ~7{K3;t?kq&yVRe?LRL`PScK^@i5oz&CO+BhxE=50P$cSG$s9g4NAzUt+k%Ra{PH
z$!C0fR24>_3M;fO^XYxJY<7}>sH_eRaawxdafHG3sfX3RFjnKmc&r;v+F^)t?@<14
zhJwMb&f)5vyul<o^TC_?3`09yoDQF9`RNuuR?RA*YsAJ;qIu<I7lbnJ;NU9YE|#*K
zP~JSExiU(uAp0xr#q(<vxF*&4pVd^xTP=U#S`wNH<cZY&?vcup^WYRTe1mX$yVQS;
zy{0vI>6v98tU5tGsr3ur;}2=V!crvKhCv>==J(@n8T5r;vtW_jCZ;OySzZ#&Y~T+r
z-L|X0zsf`*C}sZ1rq}*uljpQHOL?|ZNNJjMaVLrHX+y|q=0g&bxbfYM7#BmBsx_6J
zZ?Z{Yq3d#RzVWB4JLaxGt+(S4P1(9Hyf~Y0zX<*9c<<+#aLdWmqxpWXNf-G-i_@Z7
z$)EXm+sZ`XxH=>&*J&b`LIU;U*W3lxzJ$jXHt*lzu5qd~!)34iZ2nRB;L#~!?9kEe
zO{ZFzORftKTGDd~Jd)f1owIp89j|18!WnjT@7&2pd&My|e7vV+<E}2S4MfM&25SVY
zkjhu@5E+dv;bHB&lT@Q=alGogeM3PbyFy?C=cSt5R(6P~-?Em|LC6~?)2AZ@`K;-D
zKhFsTe-%2LU3!I&9jCq=c)747c@LKvHxn(9hvRynr?WE+Sx+VGmq7a$6|K9I0kuVZ
znVOVDeD|WBQ-4hIP8>RV(S?TK)8}PXix{-e|B?O6(|L2vNT<8O|9jOYY5nHjT=!bi
zForlr<VQ9tEv2#UawOpd{%pbh^~fv3*<b11dndWSEB$qn{Z9wkV~zWU;$1}kgEpiD
zi(^qCFLRTlTg|UK5;R6MuY5w>etY$@c|XUmA3F}cpVP9rTGLYs1mpbPXJatFDEFx2
zzDXN>JEQt?0{F}4$#-iv3(E4x8m#J_B)i4K^P43;ir*se(>upu1QahH_-L#@ba&^x
z*%LSK8H&f0Yxa=`rcvMdzaG^Ha8^eepWl3~u^C#n@;hvHBmSZENr0u(3h%hA59xcY
zHSvyJ!lR#xk=~EHJic+1Il4vk7z^K$IPQL1WqcS)n#OI@C;CZV<fc5sXZCeQLOrJl
zGLjrICXTIV^zXh{F~oFoL~owgv=g>kXhgbNSTyBREKPha!DtvPbt65TK*+kkdgsG6
zPV*(0&|Gdn@zne-$G6L?`UAH{_=tEGJ`ZS%h~C03IdWHymJ=UvoUe8D5n(xTo>MWl
z3R*hkM#>z_aeXK8Hh8*2ziITCid*DGm@Qse$w}*KXRfmx+1@9Tkd_!lEsuHZ_T07Q
zr`0{iyh5Egjh=h=>{urSzJw#{6mN-W{;xyye=$M>M(s*cx{}rw=h|QQW}f$BuOe0#
zC|A0#KldkIW{#x(xo`BAAfS7GJlSypeIX*GqF`2_$Bu*?ixUwyx~e8$N{GO8n_O#;
z;>I%Jtx!08duv%j!Q-scj9~b61^dbMwP^=3HQ~83(jg`i-9Fny70QF|$a;@)zo1#Q
zOK8_)QvSm#|DP8*0=3E?oRh7J3E&%wa7Rk3*hxQ1;Xs(^J>YpjFeR$~PRon$|8JGw
zeyhv36S+)dL(=-&d$_8@{HQ?IN$0C7P7gx1d_NN5k^FcoBr>Ng4b9WdG7mSOH}vvp
zkj$j!Vqhg&Y5Ql>ypr=hbDi$kF_Lf=d?R&6-(LieR|7S^<bUf38|cl8*K%4<WNM*6
z>znRfb|{w?@R!&>^ZE5%n}U&zZu!!ehT)V~Ge5#~;CJW_d9fb%^fJC7lIm7ra_Kfk
zm<^F1vcI&X_5Dw4V1Ps(iQY_j=^!{TaW9jAcz*+L=GgUhv;w`wXx9gxyCd)7kxLf#
z1_$|*J<j}xuh=m1BXiALn5`HRs}f)BDxxQO`1pH&8CV!P;u2XmXXOzS_c~EWM78SP
z-uyu$<9%@V4wFlUi_u$-nJ&Gc#e3h>cS{7`%Q@HG=lUQgww%$bi0D1<{l0x#m*;|a
zqZsc)wS9X2KJByHzsLNH^BK<YB7dyie0l3saya7qfrAJ^D_!=6w?MGgSdph>ah#_v
z^Sfw;mHP=-Z^-z)Xk-$--X_YzpEZRTwI=UM>nlndSpWK;E(_yghyEuoiO@EVZrN~j
zo}V%c#ZNWrHKq({ep4HbkWo;U5Dk4Hk~D{}OTCmHTc~c_n0}YT(Ax70_G7j~%xNy4
zxq<5o+QN_4>hvPX7+mQjh%&qoG9z!SOO#9a#^*|w@7gm_^_*pTZQR#t_T#QW<T%7l
zpZdv$k1{9`Cj@h_^ex%O3HbWzpI@Kz7wjx?@}1g`MZ@{gs>g1&HamT6fx9fU?8qh|
zYsmh_GpfhI6kU{Etg7Qmr-3x5aAUlU&cAtOL;RO_wzj9<dyQQTS2R<aCb?$2PkvB8
zYkDJj?X2WW#4k0@jmWNQbf&E58#kAu7vu8vPH^QSMS0TgW)HBNLdc0}{dez}y6&~@
zhP`^bB31Z6&OV+P&tK5akY#{J&C^xr9Ut$)cT>@xPi4=<OkB)IpK(0xxrGQW3k@+$
z$(US2lxSj~sn(ptSq8>1U!E$tQoGW7DerjZBT0mAS1Jy>P6VlF2aJaBvdB@@%ep#u
z1FPgC)4ofO)8_bUYkTTqnK^TO@g?(r>``)atdBpRNY3Wj52_@|%q3~&uiv=8C{V)Y
z(mTz*m`EKh$Zd<vW14H|+s;6o+59+9H=5(qz`hh;qsh3~g#Kio@OjwBSJX^J3*PQ}
zUW0a~{4{2CDc|%iu~wCz1i5QUoHk$PQH>6-Dtz*@VwtU{dLV*&LU1D%=Yfp-JpaQA
z4PUF5TRbxek@V9D-g?y=^Y)^OPJ{5k8_v-lsTMgIGK1gPCd8$ZB)@MFBHqg!VO}xB
zf9nNH$U#Jf?sEq!tr`mn#wA?Uj(PFJ!JK}sSGT+=#nUi@uE9rLyW?BMxFYE?gPdVO
zXU@o%++pvxX~l}XntMADURtg<jS>zX;YCK(9X4JuD&)6vsWbRZCwS%k^7}U>zDyi<
z;MjZG1{v+;x<NGwo%@V4Z-@}yaTe7kp)U_vaXizbKl?tFaLTAHrA|4u+~<!FAP-|A
zd1JT~)OZ$swN^;cS78nJ9H#uRB>#m2R_1tLul(=EM_0$ZI?8Psq<Eai1H5KF?^Dd{
zUFv|(Wv>iz2p0NQp9McuB46Tgh(9r~4WQ~78NNHJe@(GIh=!9thl}?uf-^;N?x4Ek
zG<dTnxjr||6oVP({;Hki+4c9o>(K251|8Y6x6pUnq+dQ2Q%B&BOUN?6+iD%ve?_k2
zRvKejAV@GwounryOYqCXWUhG0Au#ybcXyI)$42sUpFH}q$<q&W^5_a^;j^ye0Y$^F
zy;W_rX9by>Z%+?kQ)pf*qeVQK+w`Ptd%v)=WYI-tQ@X&^(mpG8I!yEULsh9VzdTdm
z&a+gbL#EhYJoBlOzxAz)f7p6Yyie0c3P$SEmrzLsoxH{W$rooXni_awY(848W8w0g
zmxb>wQ7FQgi=mp3<Mm8dEjGRQGX_B=S~j+9zH5zaX82!)j0Y5ch&@?Dz@wwN>I}<=
z91Wc0J@NOIwYik@3L@V;-4v7-p}o8!(z5VdAD_sX@4B_*=5?EvZ*h-<go4gGlWowK
zN@#oVYag&&+wj4Ag&9PnlQ&DwjMaYLYPu|7NzR(oPQ0y}KB6PFP%mT}6mAumn4$!~
zOYCK*OvF4K&CoKeEOUEJ9P!4-+LO-l_43@Yb**wd<xu2F2KwZGdg~Q8o1GVql`Igh
z!n6CiB9xxfPrTz(xTPUtkNe=NFr10YCof(>X=~<Jw;)nF-*VcJ`sT}7`~pD}$tvLt
zW|^W7Y%DBk%R84N-4K~r&o*C-+4ly%j65d%ChUiO-gvW{h}X>L;hvE(?Fp-uj6ciM
zC4z!a+z~^5vNexStVxvOLa#PaJJhl`T(y}S6p$sdjD^p5pfyzHpuIMG@@O+5PgeY=
zdLYM!rNp`d%rqgY>BC_LgGEV|+`Hqh>K*6zd2-w_?A>=rzyDT1lv2VG=TcINH(TzT
z5p1_}`PmeV1@a`pCi=4rhj{4x1+eP;zOCMvke@43z(EV^q}OV|%<~Oddz)_)R_Wb~
zW`<L?%Ti3^py1@y@kykGY25WIC9Zh9M0ZwASpt#t+UWxwnaaxwYI1fD1$+ZU-gA>A
zTe>zHmQQK&p)b4HA|7)HlBA3l$T8u!!YN*ORW16zK7VLzSgc%)a5huV$+y0))x<%%
z&bBK)r-sLTtYn22i~B69YPaIX@YmN`j<JSz-@d&<5@x^hUaw?)ocQuy46YmB>%x_r
zRHT-%aS~h(d;zcC$MKGdn{uqM%3qUfv15zwHaI@Kx6LcCy|sbJwi$8ZSdYo6*zQ-s
zXlfLDl5oykhS^=H%_ye9<ZCDP&2uHuTyeES)>w9%IcE2pk1J)FUb|isOJ_vF@nuS$
z9VEWj`cQb1z_G;Z7kAM(TIae=dsazYu9rOOe>UQffFr;6c2ObBia@(RO;xU1yWi-A
zyM}Z5o8Ob}oYl3;h?KB_=c&&;K0hdQbbSg_>9{o4#@9vltAwHd;XNWh^G%v_dDHT*
z;orr7z40~dG=9Ppj#)3uE=;;n^d#j*pv@DO;`6%6C-xd4A@`ErFS`k*=wRHyF82A&
zvKPJ}@Q5gS*)^r`x9U?PZo!Co_dG_J%ZYCuq1H@PPeU(v3BEt#?o?eBQi+f>WI}+S
zI;dw`e2Iu}|5vs{f@_E8T`RP{0FNTS_Q9U<ak&U*TbwC!$&Woc(sAX3+g$hdzO9w^
z(fgiUmpMfDw#A^O+v*>(-iX1iMO#p>w(?cCzdd=MmPzuCbGA%I@?%kKiGl6i9{HaS
zWcDQsI=;*-S?!&*A@YfG`W1Yt<iDRWI;_9OclqSmF+q>J-e7UYE2Pv^&L)8*s3W=b
zKEE~Oqz~_yWkR=&q8^@-+kHKb<pGPxes=gmxBXOeRMDHs>hCWe2NkF@-DFx(V@1lM
zG5p5k`r4I%R+qY7FYx7StAuqa`_+girV;A-Dcx?*UJKFdO!*=1)>v}oq%K}N!B0@-
zqFU8$FyKr(%8A{+&voP#?KiW{7RMLYghu^Xs#4u7wa`iIIMU>1rIzL!R$9ZKq#PX4
z_C?0eOvQO~u>$*RzNmJ3(n%ei<5VqqhPCN_!S<x$|N5wLN{Yeem2ZmTy@{MGa~ndR
zn87NUCtX4lSNb&{BJ9vqf22lZe8_74{BbXqknwXoMx|D%w{-hP6)tQ0U0s1)=T+R}
z&j&=W+=er3?$YPvt4~Q%hushGt5V;Q7<`ne;9)hBJBAclN=uIAofmJ030itlT3@U3
zPYV_%@t71S(fDydtCQ_&lt7)vbuuOsA$h23K13m{B50#qV2yav(6P%vrx|f)$xG$F
zT0n_Q>TKM5GzT<g^7;aK5ni=tIdASn-8K69`=kH5Ngw@mKlNwA<&t}&z6_<8LpQ}J
zc#G=WjH`sVghQv&x1`poZz@l3y;Sm8ZficMBhID#kjVJLkW-c+jVpOK=ZfYUX8F}7
zq`tQY!x*3Nct4dMf~(`Ji>|vt$k175m#)HD*I^WA5%cQG6FLbxU&ZQP^b-cgNXzDQ
zR-s3xwm!5JbVjF1H}Tjq5GgzlvZS0ok2KpFA6Qbdb{`mKh`#QxI)1hJxOS$B%ak{j
z^5c8)XCmk-cEbzfGekUj<fqkN_{pWNSOjhHF)1UhidhN9d=Vku+F5CQ_o_(<Z-oaP
zXp&d1tLGxo7X58}v8bMe)V_aFhx2YAX7GSvrd}0p^NRbj{)3W@jW&CxA${hKNh@O+
z(?X9M95+8zh=#B7kIPFP;?K)`^BG55Sf6xuF1n(bx-3H5L~Lfg$&^gvWV1}nl+khr
zcXKK5v6h?a(^4$NcfDQ_CX0azLC?7Rj`r{Sf2ce4$oRT6?k<X8YkL@{=2o+qsS(gV
zVb)-@X4<!rQc#!@I40Z+l|uheY((vQe2H#F*G`pANW`1(Fr|7fUeelI`)uUQ$=i%e
zy<w_A`g(GdOZt1NPs`ht<%Yp*HG^qQuA96`qKDsX!ih3y5GU1Jv7DO0bM=uwS69s7
z<5={yoPy3PZ629?@kPeZ!?b4{Eh2u2ZH<TGzZNPUZt}P~`Q$zu(RlsMST^U)A72)j
zS^svO{@dHMhJ-*O%w#AftdRSar;*PhQ_&Y69qZ3+NW5=15p%p~oUVr9Nwd@`8XF%=
zyCaA{z-Mo&N^d-d7kW1Jc!n-Yk^QF;%H5#ADMw~R8I@fRSJZ4b+#nY?=(LQz|M>E8
zpC|Z?u5Nic>Ni!Tig{S;w?@Kag9CG`$0s^6Be>Uupk|J`l;L2?)!o9yJi<FSy1S9~
z@Q!hqa&p_pMOx|nFC<kHcnHLm(+o;xmW__wPlHv=0y9@<pPnrwzrJG`?YEEfe%$Rp
zeLEJAY_Hv|j1FGiY-+Nx3Fpk=@8f#pQS<frBtq9DSZc*U{?m_Ly&ei_z1x0;+3gl0
z%OA&m1(4WQN(^ea)0V=RpU*UD<!rMsA7W@ePWP2S@>5qNsnOG{m3bEzi4Cr0bMOo3
z;^lE)ZIt52$1u5s(bMRy9X1`pc{Jl&S?H;RCHy&WDs5wHU2tV~i>Vw(ThE*v+hF&e
z>@&pUO3&&Ho9i-snS$*c3EKHf+cysn;(nXnz`b%5qq1n?mCrC*mFyFgPe;evVHG)S
zT_QfbHDR#b^ema7LA*%Sh(~XdME3^<WhX_>q)vx=vkm@~|GkRPY-~@n-K2E59iO;O
zK{)a1dCzmz>V?SrS^5tyTUTxqmGO-iL?KBLIg*2(_*~-BgeulQ#002tM^lW)S2cFh
z`uxSRl6)k!^NM{KHFXjq0?s>+%564VZegwZI?iUY?R&9X=a%<NE2C-SjEHjlCTxD!
zwI9EkBs&y$_a$>sAv&$?E`j}q8mYg>=UJjcdWP4TX;pbQC9K~3+7)-P^t(>HT0&yl
zjJRY`vgZ>0wo0t)_fBD0@m5(>gM7@FrLoNYDcJJ#_xrd9?q=LS&5JlUORCPK;Oeoa
z<Hyk}p>MrM_`XNgd8FN#F^;3y-IC(tlUl$czZW^Sw_lI<{8&`r$Ir1}4Zbo;mR?zI
z#(2gAWFKh+y`@g9H!O~sqq65!Nnw<hl$r>h#Gxdy=4XXV3!{Bh*VqerMy7GvLh7_X
z+6&!us6DneN&L?FjJ7+oi#S@pogwQ}wtn8|k#ubSLOE6>#>-(?#i`R9BH}wIi!a;i
z11AV|yF-fn%^HoIn|>+rFO(`1Y}D~9?6k%X>Ta1iqtV!iUcaQDj&A<x=m|~g<st!o
zgxU|PyPT<HeC_*(%AWI9b(-sSa%C?~xvsiIeAqKW%c<|OYqqNL_&nuSEJi@u+M9Zy
zfhTgu=(u}L8135L4!5qsli}3QPjy;aPlmFaf5#Ox#NFD}bTVaV5AYIkSbESlEAOjk
zIA=3WfiKpeE;oj`#WSIB@8mc=(c?8UM=#<-h#^+i2hpS&oDA%L8{yvq6c_1Cvk+Um
z(QBuRx!`m5ZRdT}aoYYjJA}6kV~AMnlmGN1)xoa{TV2P26XGdJh0{BqipdzZ5j>X!
zH=Z)JIgS@2%mdjX*?b(5MwoC2XB)N#30qmQ1a2q1tLi#XxQjeY#f*&d<${w`TgO|8
zN$Pk-m-X{TF?^b4Z$A#gbn;DdB$oBPHaHdjtaU@eFqZ!tomPO4b_9$<B~7eSS9Qbs
zl~NM9(@N4?<sdT4`-P9f6~B**^dY>jR}Z|pff#L<$?P?$8=RiUbFUhgJ@h?vI53}V
zag3HxcJYWj!U!KYtrM1=E8pfim9nc?mw4$K^l_>B$6h^)u=$I`ld*`(TQ1C=?@m)X
z&txeYZj;>#Gu`ee?AN@dE$^@nx5^K&eVg;(gVTTei3jnoe-Jp^yLQj8^~hVYoQie?
zS^f~YcKxRT^ZlVoG)ttX<@o;l^&qnx*qu6WNe!yTT)&=bABUF}fd+d|UOdLWcFf7E
zI|JLT3Mw92v>!;SjGLmHnf^vSZg&goopqGibH#*A@?(?e?>zU1k83LUn;(iJhT47J
z5$+H8ndw*T-7=qj-A1!bHElzMyh=sprN(KpQ#EzD@8Pb&N=%t&SQg$D#;nV9Pde!x
z3>l@Oze>%BEIMRGF%4VQVsvq*>u2N&mf9@@c5Zh3YBS=vVTR+iJ004s9L?JHESD!z
z<2o#Q@teBb-s{Kas`Yf*C#&vHj}Q?LKL@K8R0lFp76v`yUcWJBnR!Uq@=}W8LmQ1!
zQh;=y{kz_9@^~pCi7TsDuffR@Q$uIFk2Uk<jJXj@>&MHpat1k6+SVfbB;)x-HRc0P
zRn&wD<HOM((l}_Ch6Z8V(|cklB-;6FbzfmMx!#qR>#F!`FRbxl)+P;`09hI0++_$i
z$lNR`#W=s3fM6acRpvNXba%QX;FhBYkt#o}Z5wv`-p2KUcZj%*Y(7hl`?O#2t3FjH
z5XiW#6h8l;#P#5eI!Nm1SY+X0ss5DJ-qh8zxrweZk*H6Jil2n`^7ria<f=GU7-oDi
z77}WvjAl367a6{wN2;nnwJ@`4Lll?2zUn4=GSFK7JZjtfp1G`EKyXak_g?J{r|_rK
zuW6#lPSDnvb-yg9OZ}vlxpHFW&unW;5&Frox3sx_?Bz<dYQz@_{COX_xNg}rl~IEB
zPELE+qaS14*Ip&5h~+iB{%}Gqy7RF_SrhT0?DEg`ue=HAgSv$y4L9%8m$=R&vg?IT
z)O$kUL|52}usE50JDRcU47jCRV+@$0yYXUnWHDci`n$_5X9wYKX`9lTDMw!aeWy%3
z$9?5a%~cALJ9xQU)wk=f_dc0xQmIS5d?Fdu=QYFHuVpLMg>3cJe@(jbY-xDu%24+s
z(}a%_Ir|?yCYfFgoe6(ljrAXC=tRhJmPJwYR(BoOv-oblQXtjNSQJB3bFX~_la?iW
zWaCRXag_q`c~Zxm`r*$wx9ywH6|XGqx1~RM#1tGW`+#0v@`{_HO}|%y^uw=y#E2!!
zF2)BPXY`Zu-*@Wyqo|C|wWSZ6mOguM-DK`^mc}>;Pf90rsr~0ch4}Y>{l327dd^lG
z8BWlx0=J)s-EroZb=*wVRs6tRfKBVQOl<l3WS;GL+irr|ywUr6j+|Lje!VkS>Fm4G
z^|SX1wQ0PYn*BAOrra+`Yffyn-?%wT*7<xSdf6BmAo6my%f{w6THKJhMpKXoVnpsY
zm3X}g_o0u<X$(hrFZ+4W*Wh{W*9o)1k79nkF*S;Cjzy;3XH!Hr8D`CWH0#1Dca(T!
z4L|OjBe)XoVsp5g`u-MYM;?#O0V^d{3BoZ*f%o-piNVdM^#(J`76G!)IWb_V%pN<(
zi}aHWH#KXVdCf3_%ZWTAz5HFo#1Y5{#=erPeK^=IeUxoMW;W}G-_E>j3v`d#=P=#E
zGjgT#EQI^Z-mjlfz=^tyeteH_PQk?$PG}rd?B1KjmJw|w{6&1{qb+^Ik6HX%-@`|^
zdB6CMR_MO8h~^sR(az;F!2P{16=qjjDD_1a<5FtDo%g4ar75H-am>b_H0E~@wv;<G
z_i?_kd$wbl)n9gTfW5HW%vikpyf288_+cI=k>A}=1QtdlWyD>rr)h)mXJ2OLz7)pv
zU9lG1EFj{Lx*<DNermGwqF7q+CV~E?%xrUgiu(D4Ti2>>O5c-D9!NBk;^pI@?fatl
z+-cVy8<002D^PiQD!BR9yh|{ovlVfJSm{jZiM8ssiUcDwnrp2=7ad(f1(EU>nWA!L
zyQ?2F-#i+%;YUzTQsrWq;m+XRvb@z#bF<N6)ACyHw*|7aq%T*hW*zj7H_14-Qn_rD
z{rQ*J>je@oi<ktNNK_^ADSV=PxjY-!N%Iu*pw=w@8RGR7vS0Ic<yt8XO2o|Zh}Xg!
z&lK6;1xv~$_Er_jekx0fX<u<wX`s+6fVna(&l$gI4n+igxqG7~n5N&{xs{A-__Mxv
zW`uF^nV!M>@)z>KVjeoy^XT)&H{Cn>PM?JF%V(Z_;-8rLF!~1VwrHu*8xoTbo_aw#
zcN>Z<j4gVZzh>9948^=PoJdkVlifgwI2%{YT+%LzswGdeX+gvMR(u&FMexd419>$&
zKUGSs?^58~x-9Hu28F^Vw(ykYU2KBj7e|hxY76b0UX3%CHS>g=L><L=z9EMu$l4S}
zA8U;XS%Lra1KW044YSwM9dwI(-su_1_P!!Gz4}J)OXhGK%<U%Iz{jn~qS}ByL`%DU
zS>~F#+#9C7Hj2A_5ADRlXWq)INmV>osrBo+_O6(;mT`=uB%oMwCSF&KfEvM=*Ld8w
zCjQ_y9%tP~u^2BV{bbeJ6DpsN(dxd^`%>#~CnxJw3V6`8ezr`+2d@>7$PH&)_SaPj
zN3ZzgS?h=N3%SN8DWADsMU;)NCX2v-H7hxmARjt!@cc}w(7a_{?Bj>6eceZONj9CD
zeRfwKS-OO|E+#KTdtOfc@a`}xt*bOH0dZ)sh&-ZZyL!gLCFvDukGRHzlXvu7{;5x!
zs6R3OA#F#=0=JPURb+M8$S^_=UqACII&0QD4M9$LK84y%hRwMOBXdG@v%G4=^3vz2
zvBTR}-cB0TMYeKQG#!O%=*jZ1!ekZHw$TgsUK~*dE1u6<*d*l)COpoV{fyUiTSSK{
zdp(CXF#lj$h<4j!Nbl9HRoz=3hdaLtR`Yq#=v2tkGK45p_S}4?_(U0prm87L%gT<?
zvf$2jdY?RtJ@^nk>ur9^Cd!G$S_Hj<;ms@|!=T`dlbWt+te&==t8oIITjosWaE09O
z9h^2sTJHYG)lHPKx;xCoV){9=rdk6pua^A`UrRt+j2GEYHL+RE*x^_C^qj@vC9j4-
zyjt8>f15UXThRi>RxQ(i|JwbJw{FA&Q#9jnBT=9IGkOj1e*`w<9HJJvhz^S)2JQwk
zX|B9wIT9pgFDfc~t*ZTIHU4^e)MIv)b#8&@eM=Fp#NK(j#3O}r*uNvp(ghMX9)|47
zVP)<uj_uz-))z}2tBpxMf9k!sA>Mb@XELU%#_p=87D6w9fTxlAi^HJbr@f&%gki8<
zU8rP|ol*bgIP;F=A~VsThs-tI`9<!wax^Z=Qo%Tti68E^ehOSYSU5N@c<yX2AcB?n
zVg)zG@^oBDVye+Lv89XGyzY?I$`{T+DmeQ@VGLQQo%ZZ}y1Dz^dp!1L!d)w*GB0`{
zfkqW+!tlWamR9SlN>}|1#~TrA!3ZuXakRDTMgcFZ9^OY+a_SF}dl+Et{UyNtS-{<E
z!WKW>e1`I+Y#w)yRS02zbu*#RPuton%*}f&>Azk&^|5H;HAW4Z>k~EQ?M;naDa7WZ
zd}<yqD;jZkX4IcIzI1#Y{4l#A2>AjxhJAi*=}eT2`e#SKfclXY?BG)Gn``d!2<hZ$
z51}`8cQM8a&{Vk%GMJcMw&eS!XE<%TM!F<Sx8vNNL_AW*QA`kiWyo(5%1tI@kn(EG
zWlY2cCnYdwli}M_5t1pf^ScZUSR=Up?yJ)lo!aGw1;y51G9|)CYQ*73u5+9o_Rnr?
z{3J=h=A<1=6rrYw+<}d^kiHvk&_+BT?dsVSnj2=qZzy|e@X`L=L_X3TpYHkx!>^e!
zX9tQuj~YJ&iBTJWN4^TOTG79OcfDTnpq&BN`TMB7D2G_B{8)g!8-MTDy*lhzbSwA%
zy8G{Nv*Jn=AC=MMOWqR`kacovPLhRxMOgig!|h-6zcomh_q^erg3X#?ra#;aflnCr
zhVOaRV-sP!LCV0gTl=9kG9mO2<9f2Fl8MroD@Cau3o%P>=CjTo-FkH#Jd(m;>hyVo
z`xWiTA@yS#B!T##3fD8M<b4H|h=HA-mFz8(3$|;Kb|$@NlVi61v1o2P9|oJu+<pft
z=`5>W^H%Uonp4rw4@rG^NhTPf<BE7Papf)3Xp?u<a2|;aGFf=^yniQp)O369o@j@e
zfc@CLd&oHaJC;V#%fcF8dv+gaNRF1@n6;q^O!xcpyqnga|K28+Nu5;p9uDhgO|i=c
zG0QbJxE#Owq8^r)r0?BGJInu)*>2R2RTUe!+s?6$XSw-$ZSr!xGU>EC3?3eccu*i_
zMqWWe$SZs^p)xY`y)&;q3$0}FY^p&-{TmDVp4GP+LP|89@u}hVqi9mu!&C%s4ijx&
zhOG+(_#JR0rg1JgIr5{){klK<mVBGAf^Dr_eWqqyURc4MwtWAVf>VUd?D$41hY}`5
zOT(^*0kzWL7o&C=U7cY!rU$oTMi2w(;mPWc?Cy%tpZlMFafC~xJZxmlXjUEQ*P%y0
z^e%oI!4&mXN~9l=@Tu`e{j*=01Vlac<VCNzNu9K5<naWzhOWnulj$!CFvxXW?)$p2
zZIv6JEFoP}X@4DqoYIVV;|+fd;}^X*7LL-F^w^5pdXCazWMeG-PBfIGA0rnKMW1AI
z{MZEIml%INl@^TJoRjIm$BStmd9t-Rcbu5%#dM<PM;fxDOul=led9H5zZNl7qG^Z4
z)>Ndmsuj$IX&>kOjl#)j;Df14&X(efmm`-I2L^qm1j}_k{y-n^Q*k$QoBOU}zNtJQ
zllk2+=zjUc3+sjFhK})`?On?6G7;Zrj6Qdob8u{DyQ_ZcdhssE#u$CD(hI9`hP`y}
zjN@E62<apIXbW>xKsGSZcbXuqxHpBngewD$^DtFK##>V-y~V+?8>6@Hht_}lxcrxI
zOYsN2`sNGcZM3~eA{w?gYV{PIk%%{6j)$eP8Z0AxNGVs|AAGISCL{bD9g6J>lff`E
zj37x{w9Y*Xi>o7evbfUe#=49vCtAjry!CO!)V;sAopXOOlRZCxVI)bf_nuYw-m&$)
z+$U;<=Qn(Bk&jb9fOp`-gBp~H9S_cx3lB$Idydh$?9509wn_#^rw*RtDTg6WuChPq
zsVgeoX}vl)v5w6k7^iK?Xw&}O{Hs&VlkVyK=FGbzzfIQ8gat)?1ueMEmHPLIQy$Og
zGuNuVCOEVr8If#X69`rlZCyxl^%CbVYSy7cHu$!<j=h?w^btv6;b|t=)YrG|FMn|u
z&F&aP|C2G*`xkf9r|Mq!hh+@?h{2?wYu~YOPo;l39hsU(Rasu|%x!5EeXF2?_Bd)+
zlIm4)|Dmll_6at@?@RJrQ`-gh`FvSzxF%AOo*J(N2ON71HMD0ej|m+-(I)0c^Q0n?
zspkq`633NzcPFDF9kpq)a337YQH;{zyw0CV@w--z^^qs0ea=?7d;*y+l7r|yn0FDd
z6xFj!yTSTES~|c2J-ozLN5=G>?y=FgOwT76?iMm-cA`&{-_GBtG@p+m`9kB0+d`0%
zMwZYisq^NJV#y~%ZULfQlGQ6xLs~o$_jF%Lg!S>(PZZ1RRD^S#Hkb@z;NHuj(t2DG
zbRsbKuK^%({w07)0jH3rLB<xMSFIHW#=ahUG&I_h^z|%!KbmRELt!Mg(cxLYleKj!
zwjS7CD>zqIZiY)0-y)KgOrP%5KB{f06sTR?e5L%&XpdbaU`^`1?rJr&+M{%zQKwD+
zdzrz(jEoB5Qq#}Na~6M+)Z%3z%+YRdW{)js&&4K~^5Ak6v-tgHFjm4;Ihvm$^z8e<
zYA=6{!N1TD&gv<mb+0BOLI2xxiKNnMt=0a7>2!bV53va+0j5WysSUc3)OrQ8w}sxd
zNDHgPx{S`7v(WVgiG{d5VR@bCjlq3blECrY?!m|L-)K>k%^J?HGB0%xK0##a6YHvV
zT9Y`aZB*q-3*C4;o%l^ir1VnB&Q*PkYdyakHC{ZUjcRn4dQAITQ*|yMvtbKU0p8b(
zRXQKHJN<_CM<d1^6Mk~?FC)==(J5mlH~S0y@0)vzWd)YD;E$~2*Y+pohMkuqpZ=Kc
zA1}2!M0?4L9wmD+<Qs-4Z+%OPShIa#r*EigSTNH#UwT3yNtwZe*H)dHiCGtx{<NT`
zuRFw)M-9&^>4yUhYfgqX*0uM6^%~o#>+%F5+-vC9`kD)_o~0dPT7ZatsQ5;jC4J`|
zPqFDA=;R7$!ssmuMCJS1I=+(Ot}&}#$=kas2jEZpVdBBPTUaT&*TR|85!@YSRue+0
zIzlSkUeQdPDgpz2Lrq3`67(N}z8ZKG8g_nU&kebsCR8z#haq40)A_^;?o;|MIsTUu
zgJG~koi}T$D4l-j=MSYu%+_j4Rmp`9lc(abyxvXY@^7TKhI|yUW7b=*RLm}7)Qyb_
zsjq)XRdxGsKi4Dv?f+gc78iakD>uhle<d=f8R>0m@+)Do<Mz(}ZRc#u=MCts(X6e)
z`mZKoH@~U0ai4c^O2JQW$5{pW&%c))Z``rSyZz$x15Y){*@%I>ETTa@>TWb+Nsi!2
z#z|$L{emKu(%?t(MNT(iOlahYh$oFwr(&FAafzj23CXl3Oct$2&ochU`x<p!tKAsM
z_N{JxSJ&Gh^6Vw9i=EpY;hkf`+?tbWE6vAyM?+bBBl-LD<c4XvjyY8B<KD7`nD@#?
zQqW30D(E(&V+!YkW+y^tdesn=M%HD`!&FjkBBR+i1bcKJc&_W(2AawTCO>UD%^IpR
z5Gt0Bp|NOt)|56#fFYj)zv`TRv_JiyuIqj>9_MV&yEb=h%O_GfpS{W7X1459g?(C*
zcRRu4w@HXdbH06pwSox|)nojub~TpExmx&_hmYeA3Qe^DsZy2x+3n5W<Lp8GJo@_1
z^fQi&lSJucJHgTc0vUlT<+z_2Cic-B8|dy!!A0J4al+n>+=-vJ4X0{oe}$i2;8;~s
zA5J!W2c0K6mp4O=l9=pNgp^L_5jo2YyM)8E4O>9obB8QHL8@R$L~YQyIGJeGT`s1#
zu^C0$B2Na<%;O#kuD<Cp%{gD9AU&ZkoNm~rI*}N5tU8pif(4{k5>LLy^|1J`=;8H~
znbBzd!J@&t$>!;k62^hiRO*wGAQKDH&ls<e#`H`K@mQuXE&=iyXXm!v{H^`QmE#KK
z(P`q1`yRauy|?#sYZ1Sj?o7-(vdGpnTL1o;7N<+mHiFyG5j1X5F?pB!wu8_@nj_mv
z|LyqDocg$jv3sv)T5{-$_Xrr@e086e!znA;BG>bou&)&qY<pAs{sHX|UZIv_vb(xY
zK`Ek~BnEdL2&+7pefP{rybhf$-bQ2P#Rrk^(j$KQ?+JcgT-S*I<v)inkEb+Do?i{f
z$%*-_vR7}K`~AvQ12)I#%1VWEitC6{nIQpg<FTr5?msE_`NM_+`0s5|Y}pUHk7;h|
zB1yW6CKO_`M|=&*+F_sV%)*b*(y#{9FC}jT?6}1T;tt<<dfJJ2gs|&B;JK*@dvH(s
zR?_3D5X+wkMn<HeuPS4hxAv#NwV(fI^R~O@N@j04zVzU=eXL46T`G=8RCavNXj5P?
z{a3tZ&FsEI{wsF-bq5ru%Wd72`y}a4Sgcy^6GzzvXI}XHc{lImZOOBTeda&2FZZyp
zSUibg_e#O7bJNdlkl45T(y?vFztkTOm+5)oR#0+k=ZnoNb#}iiY48ZO6mVgmb+zE_
zHBGVlZO+-^W=9&9`Z@6>2P`=;^@aCZdtrt7SLW1<{(NbX&vEXG_j_Kp_G7ATi?rmX
zWwPCW=xLvSz`5I1_*g<Z56{vU8~Xn_83x4#DXE{`EZef;>@2n$-|vX*iEMnEwfl)>
zec~?r6E{~ZU0mvDC^z5by<x>mpA7ciwC0@3ufa^wH!iN<DIoo3=Sf|a3c(*I1X9gK
zIrn7lnD?V6&i5*B+pk4JPC{??ABin#bn}g7JZi4K@6wr^nVuhgm-SU~bWC&aOqP8$
zVY%oz9_GJXdQYFvy7O&{S^0T;#$DTZBA3Ut<u9mrJ0#-4!@GK}z`p2L_CXEi%u+&z
zAI_xntX%wO(v52!1tOEC=|z<k>3Wu`xyQ4woS}C3TI<7qT4!7{?wxv)tKH;0_l}X(
zqf2b(Dsw7j&RT4?%`r3FZ9na!u!Xv5$lJ4LvRXS9ru>?wb|cMgiFU{R3{8b4n{+%q
z?)<)Rts~rAy*^0kZrV%%U<nn!(x;k3+@pMra@q0|Ra<suu>Kd==##}W<6fIpg`ex`
z4u;?NPbj=Uy}){F)HaLLEx{K)Hh<goTfd^g^w*znNpaI84XS4pO8yBiI{)-oeP)eo
z)4BbMQ40yAq56N-pYMHYi(4AG>ENl9f}35-6V+$r#cf@^uI_QL$?3a+QgMwL*Hidr
z%B!!CFRlKzXLUfUY5T%9!^=)g;dPAH{yuJImWwQyILm6yccwG%xD-yruFn6+`r`J7
z*S<@0ZxwhveBGa<XtaL1j{b&!#Q~y0LPDaKE=HfwdAKQ4Ya!3YdY6)p&qk{w{%RI3
zwHEiCT(0`cAZWA2Kj4PLskvG=`7hT#-Mf(cNaDL}|2M&j)qVNyv-U5H&CCA8{XWpY
z{ks3!=amJ&+~P|TDs3hUA6V73bLan>DwD9<Op84{4dsVA<z1)f#uOU2{BO2+vc}=(
zto~f1FvAxgduAW@3g+1Q=54(v_jaXqr9N%%1nZ<<Ec0u<w*AAy;NLIVUnp#Tq;_e8
z`nn8R;i*~yyz16jdnPL$E837Jf3N7Ku!#7JeT*A=z1E1kOjRtr@_$49m+ew>f=^WK
z5ZQF~QFf5K>EBacdm@EB+$2|In?092cDt#jP=7Y3K#=SD*Ao~Y9C~1JT+_<Yns58k
zpk0hm5X8Q@uwo(O<c12TdKN+(L-3gjGL+ER8}2pvpe6Y_Hp>Yu_=fBW25!n_1OUS(
B2$TQ-

delta 19155
zcmaj`1z1#F*!K+&-5ny`C0!CqODQ2GGSW(SgW%924Fdua64KJ$ASnVOU{X@jjg)}j
z+Bnz!Jn#D*$9pf2jWc_G^FL#qEB2n5!5H-R-)ISx=!Dl3-Dna80!e<+eiVE-Y>O5i
zi*8aJ)=}M}gGQ21UF5Hw!ipyCWATmiM`5BcJyIN98QF}%M~Ci@jYdEUgTZ*gAps5&
zG#D%k9HkS;EKGhD61ee;6~)tcbzN{CTGiRnwq{2F!C-)ZVT1SKB3Ch0$YFRqph4#_
zp%)e4xX9|8j7U=~T4W9u6*2}(5HEog7ls91BSGe3Q6k6KNw9GslnS|pb^XSb93JEb
z37jMpH+qqyj~`CWa$E7O;ZhBR{a^M}u_e%9Tu6BWCgfXeV(2}nmvLcuWL?6@UThw+
ze<!crgo~#`)^!7Uj4e$3ABcwsBM&mJy^X_<js`;plN%vT$l1|h{~pTW7ntFZ;w8ZF
z@NiN8r-3Ih+^fh?!oY9%ONE~T?}l=YnRtZYxc_q=Jb=;w#e$2)BLqDL$}kv)F!T^Q
zu6&m!{D;93NMQrQ$WL@swXX<nqG?gl(EmS#BcM0@YyZi@aCqRjSDN5FbP@x49SbfG
z{RbK@bnfbP5~Kw-B_VhQo%z>UGDOm7B}iFHCS(dx3IjNO)gT4DAUtqDVM~GZb<v_D
ztH^kfV`R9sZp7+n7&8B-OQD<*QX+N4v5>^1IG|&%Iu2%nWF$4AyRw{~0CcW;27?i@
z4IMDStB%(Z$3eD|@?$CR@CXSZgV?E&W~8)81~L{3fIwb@%wt}?7nh3`i6EjTg1m$T
z@UDYDwJu~OXzWyQQd9!y7;zcl|MX!ny8lSXG*X&E0*wsmMnOe{I*kMM2?sKPf{z58
zL7l{dxsr7u`zYA1!wArr=}K_#I@}cKK@~Gpub^PjC@J|-_*E83;2U|JCQY7F58%Dl
zSf5@c@I!;=|4#EQN?tT7WCA4($o`e@kVg#2E=tk=gm7Uxq(LNbrcXbuO{`vu!)Npm
zn~t7kvi~n3S}I)$`yJstHoK5!I9v4g0K@1-JKWAZ%ZZ3Y?*ImadydyVW&dQeM@|l9
zBt0EQdQ}dfH}a@F7{RHl(|9m2`ar1#VbJ_fe}rHo-H4yoGSTdz)iTp~q9I9X4Un$1
zI%r(TZdzXa|C4j%AuSt{m97Gf1Jo(sRkxy|f^sK_#G&WnymA}-xe7Kxh^z|>el^^n
z^U%4g?vg>?qrYVeow{mQEM5Xx5D_j9t{M*~^c)*{MGwyXF9;Yv51i-!JQPQZIXy(K
zX~MCoH3=07)PrE~i*duvFuTbQ@Yrpp%`*Nl2jmRBkkpm@ziNUBfr?HbgLSdNT_gPp
zHE(M?hnt?fiZ$EpG=NX@1jx4N<1WDiu}Z#<x&HJ=$}<Q9SCJkJoamtAg9+JiuVyJ0
zIO)}dw!}aMg>~gQ%$zi6Ss2P862Tab8Wc24)KJlCK$Qb3*%geb>)?R?k>bG;%&$BX
z6hbw||9L<Iy#UFkQ-UJJAcG!42aEzqhDBupJ%XO%LM4pHJn@VF$NjX<=Kp)nWq~W(
zyl`g338I6q#c(In*)pEO`8sTp$pU{Y!bL?2(j2kAkCKx^O8*+9hX(_bBa)E$I$A|7
zC-W8>I|a%2n&`|)ZTPwV5_L*b`vSa*KkDdy9t9~3{+1-FX`@V>6qz7R2?dEq15Nro
zJRo0pS=ou9Q2*10#UtZb8?>*cCcFeZW{?UjC<Wkk68J>XW%S3vgV*p+V`SXNY4z1t
z?}FSxjjqQi839QBY6`vT1Tthi+y8SgyMa}J8Ts+%^Z%L2{#k^%{+DnNZx9!f3`{c!
z_DU)&_<z!Lkh!a(G(l={NMnFXLXt{cL*{bG<A4bb%wMqDRgP%l#QRK%=A?<{xX4nm
zcu<Lg$V3Tf>SO+IQUQ@s26-U;#buCn;+lj|XX9PzLRpbuN4tY`m3Ux?GL{Cz`IiJ-
z61bb#*iBmgZ}jkp&nb}|XPyC9LH|z{sG!*4b1K&dLkA9~;hN6D#4U570}yo8aZoCe
zR5#g?syCm2m5GN26{I-rKkF3G`=N$;g+uSV`CrFTLC>z*)oTf06mwk_I0I5iiWbbG
z|K0++OHc@tK!^yA3J6#<Be;f)mSU7mfa$<k;NMctbdIR1@4zp(*f9&0mMY*aY_=s7
zgA_b)>O020N6dc*XoQ6RGlr6dDsEni7X5}W(wy`<l3M!O|5=z5z``tpG?W(lH+evQ
zq=QvG2pKOega|4xQ7jz7_hd<J>%UOFH2g8~$D=&s#S`zEHZq}H1qv0Ep&;$%Khi7%
z2lwaM%F#r=ku|Ni)jz5)koq_;u~h%DAK3@VLTyoR_;#D3Xg}e}D7)INpHC(~bzYBa
z-fE(e%m41wRvUB$fdXo52!sD9MC4-2Vqj(_NEz9D4*ead8;qMipOw}V<@!|>1q$tT
zth}KY=t_F%L-4az2j?`(@kH=Qpj|`eqB2(mX0Zu6staN(jyVx#^6Q$W-;>74EakG;
z4RE|TkZKA~iwKxxN!TdC>=6WUmvy6mw5?__#71f_%Mc1wYMsHoHv~5sg*(qq<FhH8
zlpqMSAobzIS+*?-wjq|7;$}IlNcpIB67<_A#KB@C@9!7WlN0>ogtDu01Rj3E{PIlx
z%n!{g)<0g5s!JkibJYHAx)Za_S9`FJ>4LIT?|KZ=^gpu?o4|_Dx+k97+HRnakZwlq
z%c*u+_NRUP{!b4U#BksG?v^urij8%ln3v)ZuXVbxcR2Qb{M{A$s(73WmTM@(i1>$X
z+G3q)=<1Ym6q}A|X6>>xcX^RYPQL?#`0oC^4;&1Fs?4tW5dRh0f#$)|gJ-r1U1wxR
zb4HPNC--|YqY;~mCY-&jD8afmX-;(-;hpqrIj0huyV0-h_IEW2A7q!;R5_LOaM?lQ
z6O30<YU7;e6$+=qatt4bGmquuwcZ?4oBm~z@Vq41=xC(B4+>2lGHh7=z(&8oiyonv
zdWKa-^<V(Ee!A2$j@QiXv6Rff$bAwR0u}_N=JV9d;juw)qi^8q+`}Ih(^Qk)9ft-A
zt6fU-6n9)@_n-wHG@<_0j5jY$<@DcG6Zy;TEq`V0P$sm_!Spb+?SGWj@O<(g1`BHM
zRmmJ8@h=yCs-YMfl(6cAT|vMo@-pl;-R0k^(~lEi29pPM1KUL0njuY)Tq3fM=V$qu
zcw-oS%gHZsQfS>TMTq=YBJr@+KSiOLzvO}?m8ady_3!lR@y0d$j9-1lJK)z}W2~3<
zX}YKPpW)HcZ|}sH5r52i)IAd3Bt3mN7PS9W<%>^zl+|7L{aIINmVlPAs{143<jf-m
zh{8-WPKLVJp5yZ;Ri{Q;A-MiZglQb<L)4&XAP-B3SnBX|_^15`SDaa1z~0UeY<<3q
zJQ6+~;JM!_Mh+IXs}@AKG>Iww$v$@bPp04ANie|&H-_fA<Rqy_6%)&BAF)0g|Ko&w
z9Oj2d2+|`~^g>c*XKWCEL?~vecB2P&f8uAiZpdosL(2`cVNmk7oQ}BvT~uP2Gi=VZ
zh3hd!SLw}WeQ(dH#fcBS8%ngmK`0W&n+e|jn)@-Se+r_cGvx7IfBkOT{i!k5s}RhW
zqMBytgfiTq$^Kezxi_y|4v%7#v*&xcybro?J0iQ<@=eJ8oHBj~JrINpXJqwR^08Zw
ztt=4d45Usqn-`z(jo=#=yv40O&Bh3XrhTXd-Rvu~$4_6~lC|(T@TxNuc|#yawS}(a
zHL0vXrGXc?kn)ccQfhp1h&)Dj5&df;*I%4v?I6!G5p?=G`;sP)gb9He@s<gQL2Ka$
zb$NHL2|0DEF8Z95cPxrkT|Kg8dDh`3x`;@%1D0pZplBdYy6RV2?HL*UcC1>mwImOV
zHr^8&N{qHaqWGf=i7l(ue3apPoNaOMs^$ARvdE(Uo~G>Sv??a`sWO;HQS$FgMOTeM
z7y=wYSp7K0<V6Lq7qptEl=SuKUO(ruL2GKP6^5r1^1m6zWdjU!G4w7eQ{r{pVfK(~
zlRy)DwFCLQ_G1y><o!!r!l~mff-K&DbFh%LagD75{-dbM#1BfVrTP}0Y5Sx;#6{}5
zUk*Q6i{NQ-04+Rlc;Pu9s%%vUHuFDYrir#sFW5@-%>E2cx7zO^5z}qv*U>`>R)|bb
z5-o<%2N-`e5VSoh5IH3kp1Ae*NMbH|+BVWIoeMY!392PL?8?Ib^x-TnPS(G4Z-%U$
zpB*cCrHe8e4a>yWDTf&__~4+vXC$?krPuqd1#x0r)L7nLMW>-Hn??KHNS_=YBCzBN
zwm<Sv#Gc$AHFw^els9$4(Pt~wETp{YxVU{2CBA&s9(|%pH|>LR(4yx_xb)V_?PuKh
z@Je2hK5A1o+p*-wKChGtUJrXW3xM(71sQ()K7cGFlpaRd0*m4o78_(k%whyi{wO!=
zX~@zsz7RbC!wv?`>vx)jiU0UM9_o?0SDTd3ZT;m<6+^us?TWxKyZTQXwTm>A;s4ig
z`u`hE0zm8kYcwJL8%}~CV#u)Xnk{j;sG!;9I{UQ3%JKEeYfLelYRxGv1?Tc1967H6
z0=1yS$r~cNwGWdCbFY8p=SnI%ntRY<qV)BZu4{K)p>Ix)Fo2+|)QkvAp^^@NZo0Ie
z5u`G<xCZ6Dd}GD#<pzhPRv5y(2*EN`B-oGRuNM&?&^`WIAv5jgyyYCO6&4W2V9Xqs
z?79S(4hEM!U6A1F#I25TSWiz*)c!PnqM0k@({VJ##R;YB9VP|+Sg!qIz&VI>p?YH;
zGd58@Oou^Moq9Zfo?h|o_iPXjx$e?I4I<PFj5>KDsQzDm94@yvw4!kQsIqf(Ez{ed
z)QXzq^yb8ZtF=NvFxlIWC<lF+=}8<si^o<rsXFgETE9$cxV-j`MDfuxdYMMt`E5_a
ze;X<xzFh{#@Q87thL|vyH#Vk8e35GBaKWmrTLKRp5|mW`yQ>fsn+q$?M!Xy^=CCUX
z_RqLHyzUs}Y2o?&LwKdBpe<e}4s^u>ZJ8>0PR*}*UK9MqRGHG>j&v%(?KKh0%zZYg
za;o@RCF`3C$}q<5&U!CeqDOdCJBf5kPaL{8>CPBkm>4RY%CrwhpV9)oE=bS(x|bXB
zPC}tbmCz&ti57m%=&e(0`^a@gk0#sCT-KD|Zh;g+U?8HT7TbRC*4tp$EIuti-ztY^
zWUVwKipQksj`;qf)1Y4Dp{wpj{}8L^G+CmRH3qLP#|H={ZHI0OefrH-A(KO`b$zA)
zT>o}KOLr`1pLcwEfW?C59;LBh!`B_BQ-o#?Gu`TM;n4W4I^oN3R3tvx2f=#S0U^Jg
zqQ8vmrhc$9&S}UT<=2hvmKwjVuWF?Wl{8q6U%4xA?<wqjS~ch}8462zbe<zW%aEic
z*POZ4p0W7-;S~jf*{Y|u?T48#_ZBhV3&*O$AJ=Q3EdC%&dbbDh##Ke&vPTg_0&Tu?
zjgb)nxmM>t5A8onWU;Ov>n%@ggdg?XZc}>fZ~W}1H_GtS&)aJ*<)XgZ4s{asNf~dC
z3ajskuCceY`aE?lcH5o`L2(uJuPu{mx}v>BZOIo1KKQB=ES%@_zlb0F)cXAT3hrVo
z0tMC%HCy_2Q#$^v!2E6FswTvD^WxXD-}>!uw)qW3H_s`@QJl<{;%v+8;2$~S6WkXx
zd_y;px-qfg(fpsA$dAnGm>!{at;|R7Z~mS7y&rH^HZuEqXPQqiyZ5^^w-Sqb@Wzr1
zi*mgh$O?2r4dLK)KLhRe9|kQfgs{oGZnz)@DOwKt!cbd(^<zqmUaL`P#Q~}2(zz7j
zz;_HJOq<ePXJqz>xf48Xup=%~tlo8Ax`K$&02zd?Lot&x3tquW5+#|kAHHeZe$>|+
zUHALB;jDbx-|A;6rN8b14l=xMSby&$wJ)M3<m`l**N$7Q*T<B{<xE=hrL(iUEakK3
zCn&>VQoWqNx!QZ9N}Q0TUxpk6)ba+uY2OyH@z>OXYsj%f-hme6{*BJ<_hYjBv#$w;
zf1b=op5xDy`8@xl(pFDna~w}%s|5^0x1(e=l%DHzl2uULuSj_R5P`1eN2qoYmypi&
zD{4~tjp~a+Z2&>wbsPcZG!yff67<`D8@yt<{H?#Ur5=&HObKbRadH>*>i`CdWMp<*
z%}YTh?Xmn&m%Jy%XjGc{nu+AblL4Kjs#{xnWcNY!L$xIy@rw@EAeDkhdaaLwX+KqJ
z+vuVm;j^n|OL*P8J+R{i;lHUtsCV6KdC!0?Dp0L)jV8CYL6ek$hIFfjEsQJ9%~9vA
zKG^I9LHn+?7b$rv%(v16dv@~v{B(a)E-WWHJ6Qh1N}-<Y_~|wqGfHoAne$H3XZQEw
zutHIe*e5~!VQ*QJLTZSkD9KU~wW~Z$Q1wF_!=bg-gN8G{JN~rlhYRmbJ`wzwY~#&N
zLfmNi4p+Q~wy%s5lzjW=K^^}^0=`sE)Q6(*`p@pxGMU%sbF@}etbdhRt3O0>#a6Qv
zsUK-`LUKAV$+~<HwN)(q`>MjZ@8cuh>u47%fi6M7pcU`q?GTO*4J9RP!O+SMmd1+L
z9yp~nekt{zE3R7=<gp!rf!qZ-nCbEwHs;sUC&0PVV{OH?dutGm8;5QzVAz7U_&SoH
z5NtAoATGz{fM;CQZIy=TnPxNw`P91%?V{HjH_3xvnEy73(J*#GIjD3S@%sqjFsRxm
zmsIF*icVczFCF@_+_})H_}ija$obSGkQrz(k={?*4?I-*-mh%bIo)7cp1jFO5nr>!
zLnTtDxJCF*5+G0ulCO8x9K&2SEkB)oOqO8eAJm0CVyRh|5A%1#K5z@#j6)gbbsfUz
z<nJ4#Ml__c;0}Hx3M?u>yTLr?3-frl7Z!#mY6irh%dExy;P>S=yhrfduN~35GyWrH
zVvn)KbY(Z*MASJ%kv=yE4nka4cHf=7x4(O(xQB)tcz)y~#9I1Crt#8RFEx82;!k!4
zQHHHyw8;`-yix^Q@1CMPTMa~<J&ZB<BOdzVniA==h4rWFmOv1?Z^eIKb*@II`oQgo
zWLTLa=*V{0fTmgN9ZoPG)eRA+1^P5-zXj%nwVNq;dk2=U5FdYS=g4ws{JB@-65bFg
zFZN*%orABgkqX*W04`~2=LaoD5r)Ou&SdFK+J?YQ<KKd+bcpJZQqyK#JxVt}6ga$2
zcTO*v`{|rlj^w5A%^$t1)f>~I*hMr?RBYW;NsoV_xDFGh>dkZ8J|o=k1=aSN0eX{~
zh}pQda{OV!szNbif3V<mT?f~S6$*a{DbA9pwR2jj!-CASuwyD4To0X3mi}DaG>Jj1
zme_(+0}%G4Ad<Yog7}v9Tz>Rd4%-*e0*@Fl&*~_WB!*!4qIWp2;sC5k$TX`9frsn_
zf2((Yh9|dWsOR><D2=)753c1=9L2Fcl!M%<_XH_onv!@Vsx$Nn6!E^B73o*kxt>{m
z-SgKSDq3{_TC`yQ0W17gw46;R^NY}e>+lIZj)_ms%Kb$ODsoCb%>ALyp|y^nOTg6*
zjEDXwV`XShvShCy<q2=x3jY4JUr#C3-QAfG)FqaN3E)ac9tuPnZ@ZrTwvhVB9S%D!
z1(_SN;xBSvXDJ5^E?0j088EjDanN0LZr`mu#9SYPFU}Xi?-!q`Oh}(RHFNY}J4@S@
zd2<vEpK$>mLf};L-30A@s+Ta?7mpks(jNp<Id|yMU<?|F+j}Y*a8ClR3*y9{9Tj4{
zjb)JJnR4Rhn|4Qb8MW7Ebxy5WHF($s_@TQ223%#qa&#||gbitMhHsaMJN}%F&$k2F
z9_%*#7?+%R-j#Vss{}xK2*lfe%eB`rP@nU@Hs?{O|D!F+6T8#w8SOj+d|cZ=3_TCv
zAjB<3@kr%lDHv0EJ~1h4@p-U+J7v1l6?0NgylK!*ke~)|T@Z)6W9E2D{x(KS^2elU
zdQ8Kkj|f8d4@OL?M}&K?(mz%ec>xHz?O3(G%Ew)4s#5K$`>3x`_&euI*ZhU7?Yu5*
zIKo0exD$NR12v&hZvp9=*=yRNC({R5?~L;*cdoBi+$k-+Xq1_H_in?`2bJoSznl5D
zL_hO~Boa<fUu)=<AyE#=Q=8p!MF`T#?Ya~z`GQCw!zK+49)G&k2cw5eOZA@J{}6IS
zI?I>&hNRp$lJmQLn`<u0urXWFV_kpu$of2jrM3IJXCa?olcrn39+-+Q=Kl26b@m5_
zp$`faG>r^Y^>=k$>?CRPUDZlBlD{a%w+R-77pP?27Tj4!^rHmb(KqbK&k31oMT1sw
zO6c!A+|o`D<&vpUa*@2x@MXy(0HhG;!Iom<g1wF$*yrqh;{7UXTJh-nFB)RVZ~n;N
zQ=qB;trZA3$S}hnF6RqrkBtax*QU1z`<iXUMLXvD`ReTQrLR<|(*r;Kvx^X7%fK67
z_?9wo($KnIGVs0{lmFZVe(pxG5YmaSA*M|PM#z<6>cgoq=CA_73+gAv8eCc9<sOHb
z$$<oLS4ze1<(VYSAdo>OU^tm$PxYXr@?qq&t*@^P8)AP^kIEGx$Z;nN$kxmYKMV!~
z1{x&|HbrrtG7w|c#>$3M6HdrqI9b+uzUFSPdQ{XyN?NgGrcs%BwPrLzanCBwP2AL-
zEpz@=ua1^VD5iM1!@WI`nVi74p};UR5R^UcbHnBPnUy`v!+3nF$fc)&j5Gw+nsyM*
zP;x3eZTbhL$IADu{NR^JlIeIsLL}nyF~`V_Lo++#1X_Fjgp4itg|i>%I~E{l-+*;^
z%OR}vcNp3@vC?>1Cicylc-7eOd(UdZw}PTtT%bKVD8fiiaX*Sm#Rns1_C!{KF<drH
z-@k}O9FuJGjO%=&9u5W(cR_k4Kkdb=vKE9*L-o6}WhNBRI-j{CD1`hb5vz!%=sPMI
zksuNX453Q%vQCO|d!TyYjP`<jqXcJqVYRY6Lfk9;7h2v8Y9z`qdDpei=`?gi8cQQ|
zn=d?LB$)NB1YR>gK@T0jo%O<WH3|g63iOg)&3;dcQUpAhwlH5*Ue!5{uyK`<`JwQk
zm>R*?x#vX_4Ip5cwBQeVnX}GwsqMRl6YsM-xQ|5iQ<Cn`g?ztet65WH==>gK7{S16
z)3`D-%=|d_v00_rKr17f`|X_{`x5tda~??wBV&OcxM=|+_|3~LJ%PyXo1Ve<<^~_9
zij!JiZ)MBl&tq)9e7hGP2lgLb&}vuD;?a6nmT+gbs61a};Hgl%hc<;$P$C7hK<V8X
zPv39xAcfFIC8L){aMb?E;U%YFQnLH;hZ=nN^A<we=#sc&?NP0Sf(?{|5A1kd(B5nF
zBJbSCPI@b=P@CnFHPtP5OU`4;ok{x+J8(`O+PP{YCe#$~eQIeX*Sr*7P(JHm!eg)g
zx;OSIjhm_KVp%DWiv&=hj}37A{YuCO^{DpL9(?#-qV*mPE;)sW%FmQVw|P13!Vg^?
zLxLvdG>3!(bhkMwPxRM12pn-fVBDE&Q8j6?H|wBQFuijZrDq%jqYb@QE{mv-{R|gF
zA2-}!cC=KL(UIto6$`7F!ugW|#Gv~$0yra6F)d*@f+xa4m#=L~%blMe6I}eH{B&Z}
z8++e;<|U{Z$Z(L8`mN{pa01);{)FLmD;J!t$yXLWbR?7F4*Euv_aZA5Fc25KM?rN@
z%J8vcO&NCUI2mHo=CnaA=w-8oyxzAT-|8}QEm0nRp^~(A3=VjEsU+9QKAB#x6KcRI
z=W*~Yk@NH@>D1&mbPE+)lPlGpIDhxbo(dgwh$Ekmm{a#JZb&IVTiE`Vg*G%*9v6zz
z+y6tvp8u5d^kH;kDMsy@#DVA=S{-x5pADI$=bzgrrQSpLXduDk(d$RIHB!m_%uBv@
ze$yNhR8ZE|F*578{@&vvX89FCCI}Yd=5wbroL;12Rn*;?K476p<O)t_jk;jybR$!?
z8eL{8dV?~2FH|DuW<f|~Wnbs9ZwvK%vdfr7M`p6(*WynNHxQFablD&ha0d&<Wj{3a
z8m3UNyM2VQ;B#Mlm`=3n6RXbbxPPu13|q|29ykbb;a`c~yHvQmn*ST2XpR=GlDv8g
zBg?<TM{FR;+f88I58|L1?(=#4273o5PQowOsP?~&(K8DlLUqsNLr8g5iaD_Scya-Q
z;0AxXYcpHvPChV+xnt}+ezL(_S)97u{b1+AHMhr%UYRk_0D)T2R7<qfE6Ste8Db*d
z;hQ(|3_r#V-I&xTVW6$p$Y!o8&PQc%B`WbiEkO#aJv2R5R<~y!n>F-aRmiCp8S!}k
z_iQBdC@M3BR4fSJ>6||YbCfZrmGxy$3vLT061YFRjeSxi!|Id$3JA)BTX8Tejo0WC
zG!4~QIJb2cr&N9+^V^1RDxzr#F<^eX^EB^UAz&cR_~~ScgAX|e+F?MN^%uKV@?=6%
z=Nns1moam%7&P}b!TQhzar8>sNunE?k_I#gYS+M|z`}g)#w^Q+_mUY00`ZqlQ<#fE
zv`}W~j?jJVt;pXE_DLclvN|I(t0T3uiSIDa-L44s>tH!50Sr_N3uVFEVT$6BMXetS
z8^SL-A7J$qC*Az~2VE?JH+LlIbtzz=3llyi!{C}d<+fL8Ub6Y0l67t%0{K-1zQCHW
zvI4umu&Khz00dnuHsNVwUXr(eNS3WwPDhN`#91cQDwM|U(5e1VZ&gX(d<!ChvM9Ln
z5l?`ZIn!!H&K##!OF;X9YYp~rUqLgSF(b9svrqe|RCkh-?z~MBCRuWev}{_cYMkjN
z6ULjJ)I&VevLO)e_K_8Vtb&O~dAisWgQje*TLL4RbI)D+i;A0r+<==9wH_u7x+=Lu
zCCCgO0DrYJ&9J4e<FD)r>Ly2TrM$G0jALT8Eud5{{p?u&i(3z+hnE}hq!S~C<4Ff;
z(N3L^U(3Lk{LCK{DsR!B*_`>wBQ&akAan)uvaNb?>d`Fy<fj8MOyb_MNo6w?a&IXw
z5>DH{2lzFjHGts*M@v|9kmG=RB%|cwQD`y-Gl81(vVW4F#%jI!QkzfuI}4OyRqw+Q
zjYq-vA|soU29Jp-K2s8C`bQY56`^y_7`_&}tOHuu(EY#PuTDA-)0=|ybVsW@SW~Qa
z`-eXCq!1XRm70j)+^@B*2dRb(_cc=2kE)U^upN<|S#IVRQpOIP<zNK6MRwkN;q~gC
zMFR-r2H*lrFf6br&vh*`x>I^0sDlN(9?w0?dvUNvA)ezBhLz%ja&UQGEzAP3kGE#^
z{l{pPHi;<bjYWG5`2`=X0O{yIm->%GQQ+IR#|ZUw5&Ko_8*b-P{rd6L?S^&DNY=`s
zuN5sn&A<$N)q*y(zPGVg&1P9j<UX%TEfBgZ6fQ92i#6Mq)c!Ti+mE&dj3xnqdI?`7
zkW(kos%w3GieNBPe2XOcMJJ%EOf~AxujEIk?Dqp@ID62BJDWD0iYkVG;nt4`DK(Rf
zp4>yYeRA?@6TN1s+JA<-3+oTZ$cMRqRN?jpMRx}Xp(VeV@S+c$O%=vXSJN#qBfBDn
z7|1kzf;W7mMfYzU1#K=cJMf_)_=iO0-41VjJmYd_|I`6I6a=hBED5f7BkO6%Z@$(_
zK7BRp&ct>H#*0*@lABH#+YAQwD8c-I!;A_WVnzWyW)h;<m9!56%0KO?G2LoPqaL#9
zOC!2adO6CfQ`W3Th(x&?50t5&WBv`j<y22NzRzch_<JK<^`34w=wryRZWxt?L^8!U
zDVUVeNCw%&`&u$qWxgubPq~~6Ipor~z`-CPz?rnN>2EY(j<7zqJUQPQbJUh(^J=Jd
zelI|&Wb={E))6333*vLJEaE8VNy;$^xT|?;!#<Ah@oHcnKDb9n5yU&5(3yjPW(6?p
z{<r)1eE<>$N7wshYx792vAkm=ir}$M&O-@CG-QC482`HVX*pp!SwBD^2Xl_;4(3ng
z>iv@4oE34?Y7N?-n>%+2(563YP>@|A&8$V)MT`=lPe%7;3$mx~hTTw?S`W$$AGkR7
z{$OHzGb7=?;LtA==trXFw!4}kpa9R*rzbrLZY*t>kuhAB&R`%pm%O#jyochFBn>`~
z-k6;A5w@gLoyjNsWwywJPPZyqpNTucm6v3}32mc5z!}tc<>1M<h}WfMeM1I!n(pQ=
zeoK^|<ij)2s$1(3+2#3g#le{EOv`B2D&kXbPpHr~<%t+QWRp&|<IFO$o9AYga7wNk
z25A-ntn6(`4SXE52E|7!nJt15oM>+yQiPr(s$biv@sx|U<Pm^c5Ct6RyVH=7rgGU)
zE~oIYH;DV!U#{HJsF^w|Fdz79^qoelY!rZypc5PVt#6$_`-!{N<DxCzztJ<&8SXrK
zB)ls2W9f{iA43Bb$>hdM+>^gL5j&=$QY_h$S?Y!vF2v&Z(8r@0VuEDU-v5gO7Nq=k
zIW2>+KQWLr#PZSRWq5(|GiwS&8b@R}{DF|%q0i7KK!Q&%U?Q?r4|I9czbe(e!Ayvj
z+KZ3Cja<nk%g^RPvmnAHG#>|j3`L^uns1t1cN5Jp@&(2T%k=R|GAW&wqSnAXGd;hB
zeEskPl!Gq6eq;+KuPk~YxHRKga6~r+y}x7}zxVoL$UB9w^rCW@1cH#^>OcBQ<|=pE
z3Cr%x+KQ8ZU@)_<Rdo=v9sB0ir?ZS(`x$Z$9LGbqxCa)AvtGaw{JPu?rS1&(a=xVf
zA(2a2`ye1m24;;iY=&btIr=W`>@4(TAAQ8IowO{Xk>-MPOX25uSzyGEEgx!V{sqM#
z|7O75ROz-_yJ}jXzq`_Q(P?r8IY#1h=DUa2NZlIGAqcb}JCaE!Md`fKC5*_grd-&2
zxBsmA$qphnPpUXvwu2Swz5_@C9D3=;-(JAPhic^J;m+6Gju;W)MG5M!R`c;D7YUv6
z?u4Nn^uL9e`%6M{^VwdP<9(I+PnPsH_G9CD4PpL&@6w^Y-pB`nU6A0S^ruf6$?bPF
z^9TK>TyeG2<eZnW1z%YtA0w<E_D$MP1Lq)4{R!tepLEo33wO?=Nl9aW&MzK$s=J6c
zq#q22EO-qul2C?Q5b6h;d?^l@2tz@$ZZ7}V9EbFOSG)_cBVHaG^6&rD1BQcc0ztMj
zDH9{S?&Fl!(xz7S7cSixIU;vou5~|{oOH?-WV)M!5}eGu-9?%Ih=J97VYZg|Ug$pT
z^qG;Uu5z9My8`j;D3YHb5J)eo;NyM;*KFiZ<7vr{Ei!iyTcm@2n0F$k-v~{4{oZA*
zp9j?sfd|WzZUb$Dlwy(x=(cKhqE>hLEl9TyqW1C8qAv#PzAgYkalo0eOY9B1hwRPG
zFGT%%CV=y)<Jy4d<HtjJu8%834z7hPf<Pedxs2A&#M`piZF~BGDR&QO9W-~?(<CVn
z_Nl>hf<3=>9h*>*>@?OYZ@hccv2FP|!_V1|ZexgxKaTFlp6fh|in9+BFEl)*fM8SM
z()~{<?`XZ}Yd&jukL{0Z^dTObAd2F4pW}Ol7w>;Z>E$S4>7TOQaHW{bU`M1Yt$GL)
z`*-cp#yV4P7q-hGN~?et)Pe@dpI^x4glf9vt`*y3jwyE3QkiY9y6~&+A>?Cmo4>At
zh#|v|A1gR0c`o-53^p5oO{q67t$v@=Q#?g8!KZXxAmses8qk8ck$0&#0vhDLsIiKN
zni(B84@*5$-_em&QNRrlG;sB;T?dR5RR8Sr+PHihFdbZat~M%}L$>?Axm=pmLjlZo
z%|9pZI6E()BKhCeh)v+2G|(gF);7~#kVMaCJtj|j3BF^-uoHqGIO^qm>{QqjEp@R4
zIA|?#dy6%WpyddA+hk$DeQ%PmiTm~O+c-k`PlrO{dHp&fPqzUCt%~cm8H5SQu{VCa
zr}FEFH?;x->mg|w+QH-MtJG{Kt*bjgPylf0*g<SFqwN89OIpgyZtHVcTxqzcfzK55
zUc%!r#>Ri_0tVvb&D3bs?6jFmF0&B_C5TCr&>MwKdNg4h(wm2Z#ir~@dq9vMfE)__
zFU!_u)uz$sss?$xUQ_CBXUT^M#U8ysczl!ISZN<<L0hgN4M{##IGu{K^0{Zvp^LVb
zZ%u!0ox-qmm2hU`0~U#6R0i!s3{=`24}wqBHg<k`;MJ7<M&vwUF)*<Ba^qXgj$aeH
zD6|s=6VeDg_x{ZU`yG#)?vuW_qH(Spvr9<=o;}nWr%&U<B|bW$I6u`gJZEw?3J$g&
zV|w1m73-(D6h8}Fzl=FK&T$SeQeEwAfgahtuO`ZWd|vjl<Y>Ib>PV3~&pB;+5L`x!
zFi?$5Z2JLjeq6O6CXKo*uJuui>pP?jE}Ftqsjo}(`aI`#)i?u^Q&;lBPC#aE1M~&f
zS7P!gp-i*0m-NxCJRHh5O<3kGHSdvG`$h<c(A$4RIe06l{!HI1)b$xjQbr3kfwmR4
z9W&m%&S<RwHM+=`3M#}INTDnceD#*CW|L2inNI{SGHg%JGt|sWpap&PO@0hx+5@!b
zum6Cmh74CM)|-Bqt)QGQKENfOykNB#^UpAjUYVFK&kgIaEDQj1wLHX4#|FPSxslKr
z8?<+n6TM|7Yob38GeutX%9T8Ud88<0?w^AQA*1gDUvVtB({C4bx!yv%QAb8BR2{0@
zYOY2Z?}Ld=_u~=>$^k*6k>{Bfqx2meZlVcvSQk@Xgn4MTYb>PxpWn|d^}k3l`*)ct
z<cneaw<o$zZrM$D_>BwB_S0|)^pX08Oxgk!mgy$}&{ZAOf+UT<9Eju~KGf?X0(3*N
z)@LHaYD2yZBkQ#|X)HybOW#C81C{}4$JH8{s~T8<r!%Y5LRowB%)i)4d?)dV=4aZJ
zMSq;{;O7Qikb?@fPx!u@j@MYf%Cb1=lxLA<6MgKZ!~EyDR)zCN#tgegl!H1{b@NZ}
ze);AxT<p++*xt28SE)Cx8u~Ky&P|%bX^Y+uXhAJ#Cv9siJb63hWiS>SdR0v+Z+y;I
z1e&TP1MR8TJM*@8SinIA0EPwadB4UDuwHmyW)<!I1uG71Yu9riFbC_kYR-MT*^OS5
zVFAwUjJd-jP0sGToN;0t`m;ymEC_3f5gn_iE}Bb3I9^v~f#Kgy-<C?M&+qi+o}rgN
zTg;KeQ4|z!v8|dWWeR)|?kx&_jL-!crZ&fw6B_^Y-sAMey#v{sBoiJFhqfq+1u{MP
z*1QK?I`Gh7K@b;bJffr8^g>8eWpZEGA-KOI!s8{9BFgq<zaD}+5gwk74+P}_m>)gc
z__mxe!g>+oGVP&?&fgrq)`cxq@k)u*7(-|0Qvwh%R9uwatft~IbMCw_t$Pdo^2AXO
zLN7FEaQcepq-AX0<T}lwB6jT8M~+pM+EE1M=GT+yF3W!*z&9et(W;V5+<0;(%|(O;
z=3gZs=s4F}Y(j`m;lYykTahes;!`|D@vg2#n6~`S)ix%3R$}1bEx_%y75E6a`fBEy
ze!;>VRxPjioT~ePM4u|e;DC!`*~tv&I)K1<cW+md-%Q^ap!iF1gdMgY2~)g7oe;0m
znY-yLkBP4I>WTuHE<iMLd@qg2=zejFo27cMWcydLO1!b}lh)=6lbOt6BoXwTab-Zq
z>|6VFzUO!}*&iqQ`0(q)BJZ}SE>#g+_k%Bn@$JSU>L|nSYpfqGjb=1cc|Dxx++K+G
z8v0$X2EGN>E~P|l(_Si4LVIOes6DvcB5fUc8xeN5W0p(Mtm+nH3VZISmoMMBsKM~e
zPMH4laBu~)M(ca7Ki+DeNb2+Dz`uQ3+uwJITe-DXeg#_)DNz9j?*RC=_6Tx|hh}!X
z%z8|9%y6@~x+Lt{NT2VTb3x-`cX#d(%5dS`sLO{*W+ICmO4gCldWZ_2cX&N`zv=x%
zFYfgb-0O+|&oCbPA4}6fyXdAB+I7vw_<BQc?d};ri)~F`IkzObRU`15hc3u)Z_@2=
z^u3K_G4|Q-Uh>VhI;(v;4=GA>lvRmRvQ}3yxDJXC;z)nBPVtUAq@2fmcuh$VoY%x#
z`!jVJu~mH996fBL^w{t-%EMJ%n$xe6@;{l@RIBSSoXgJ5?IU>0+uk0_7vr}sX_K3R
zDOd#vVjYW)P9>%fQw6iqRXrs5h4CEA6>C}ep(dS^Em<8U+6hX}Upwd-wHc+DS!6k%
z+>CX`g9mRVV)L3faH88UED=HZ)eInoszC7J_wgU0_6J82x>?Pt6m#o7??OqQ#AnEz
zv*M;9EKbg$U)?~<XY(ZcPM@CHxYIS$A+Nq=yW}5JlZF(2st-abDetZjAc&#Q;y@7=
zb|hrC8~&&)@mRN5!J<O=vQ+vIt#R2svNKMI9DlRd0w4r*5zj(IIokhJZq2*mLcs0Y
zp>!Pkhc}8zL?s{7uzF%>9h+G|sv!p*b4=j{;d%<*C6}(PBtBJ#^8KteYh6yfwmP|&
zx|leuAk|Q22ql@8F8qnuu{f^f4F!btb#hVsygP9z^dfodA)^5Cgc{00l@GHBvDwth
z2He|c-i^{-ZAv)5&nJ2Z`8);kTpAy(aI*u$kb}z2QxS>_X5-2SFUq)mRd%uH-YCj!
zBx+=1tW`#nw!P;795hN)X6xSh-{K7OpR*VEp@Q#JDb>rz>QSdYE$II&h$VUx{2C<)
z;>4s<ht8=Pf|6qplIrP+YXQ;Ym%*tu0bHr-7}{}bWTqA<4`b9SMo;Zl-{TdQ`wjon
zuDD1cRnl1Dy~q@r@mSl7ehj5h101EC(H^nAp0QKfecmv?iYNt%WKV1lBw7>=#Rpq4
zTFI{r00Ldo>#2uKYNZGsbTP3W@WS>;K}cJ{bbXvW>hV`ialTD6<uU#P6?Bb;;$eel
z1NYmpg`!_at@Vc0U?IFZ)dhZ-zIIN(AO}SV8P<4OLr4G2=#oA#Tr^-gO52^Fafwny
z!h9L8uUY#EOtuH5M_rgTs(8F-(yt?GVd%l|JKtnipZA$;3_`7_mC2_1&ek*v^kTKN
z;Bj5)Z!H;0oWOXljbFB1fu)y?u<tP?GH5focZuRO8w>bXgvs#6_R=%UXiYchxQm9)
z_<Ak9S?GxmT~0bpfrEE}gWhjU_t#o@W~?XZd6dZuf|5QQU@f+iuovh~F}lNz5o_=M
zO*KM!H@T@N4a<|&1vgIB39zV?B`EX?|729s(b-RZoxoxOg7Wu(V5s4u%>>6o*N{?9
z3HPH^G1|%)yUnQjwLvWxv2iEQZ4od^AkMOOE&GHpgOw~KBsiL$AURgm<4eD{vg=NP
z(X-D=iB^=%00P&aLf~un=a(XWrPiz8skRT=%HO?QQWa@mM}&O2j&M8@Aru3}1qp74
zxc@SKZd`7NCrRX35U%)V%?0<a>Znjm`_t^h&UXglptzujyUsVcmCMcVJ)Id9C?H=q
zsV#M4O);&0_B=4IAnNyph%7UJKrLvz`LXj7A$u?wwMBKv>1_9e_<rKkcsGpQsM@Sr
z9Br1!n?O(#kjT5euZkGdH|ckNwmYo;sL-0<tq7^HlxezQ5)n7cJ0yt)lZOn)S{}Xc
zJ(FCqfyc)lxe7j2h%!m!eIY-&n2kdqJM%J23S<W2UdhO;5^VO^vz+~OLyY@dy)hkR
zXw+K0HR=2tC;yHKX%P^FX#w!!LDb^kOH%nif@>J8R!wi}_wQb45*J#vc?fWr+v~~5
zfXqPLnBk4`#J&T2<z|y(b0N8B-oFg)yY;(T;D2<d6u+~heG3EvamS6CMEA6#<i20p
ztnP>Fv_Dp@L2UIW#(ihPtM)Nmo3{cWOdEhlpUW(lDH<^IxC}3GZ!fpg>S2dbH8#wT
z%4_>|BAOUvLBtUE_$+DW7RUG9go;#yA79l&@_9f1)fQm;z#BLF$Va+n8gM}n=k)3p
zLi%Lty48o-lb+m<Pwp%RR;q=WN&a;}U<F_6vW=7nkw9RXR5sQSk5<d2N!NteM%!=Y
zRCJS9vu@4|$JIFthk^_QfPo^35g*po6>;1kd)aZpcRM*@!T<E_#d0k}q=Jiwsp096
zA}TZMUi)L|1#wwhqVLS~dt4~gUYP247-^XHBOR-4a35<aAwVQLKyVlS@Z(F><fZk{
zh70CA7hUe24?8Lmvo-RyZOk)s?E1<eGn9b4vDVy^`Q2>oma%3sB_|_J0;f|y!p_Ni
zT6fH>{X(@mk{LjtxVDXQ^a$Tsbv2wySFLHbUFR`g-SVo5KE3~YCh|rS!EPpsL!7Pl
zHve92Xb>xQfBo<VOQlIMoN<Lni;LZ>61|&cQALX7pI~P5-%+-?d-NmTjvS41B&wA+
z5|{&2{S;iXIkda@Fg~e)i0=awlh4A2_x{_t&A>zR7|mc_t+m^AcNQxPYHwt;H@V1E
zoC*HZbH`~-rCPH=D6J4IBwJx2)9hM&Cy_-Hyo?Q-E1^y{vP95rOc2SNKR<1?2)#xE
zIy1GH+^p9U({K4{JR*OP$0*5C=kjMo1jV^B^9MZ@vB)0@?{DhD`Ldl5D`D;P)wEXa
zlZRm{RZ+h^5Yq#Pxnsr*qhFVj%nx@VVIM@h$AE5_G;6CTf%ifo$8OW+-Ds3x;(*x!
zXEddO+Y^d;<Fi((g)z@9qLfo}h8_(oPXgXITA=G7!4romit_Ji$&vOaZI86`!~C~x
zRX@QoWwUypxc?G-F*S_R>)X+b#xf@xD_|>RH#`3&b3^rs{8I#t`N3;08lioPe0j)2
zeQ*@L^=0h7G#|T;p}j-@J7#q;nBuF;lAOd#1os1v>Np+9FvM+8VB*~!`#u!=(SZBm
z@fVwBo0wm0L@<|UrN&ESym_s<pi6**q*l1Qjhh*q$j8=cTzYq&3_8@xmY?7Byv`?%
zh(n|;<mQ8~*>~vz!Exf1SR>3_OLCPzLASoHmmBO95#lT!3ajGS2c;<(=2$>?4M3N4
zOc8!^UB{o&%)OqZqUCcVKG+R+{+-XR<QMD2m0s>315m660KDh(AwR=qokt=5ut!?^
zA#B8ElbKXgYGb9u!Zn%Uu+0$d-~B)4kb^ntkS{J%S~o=QjF4<+$1{Y<^Hxy22{3KJ
zS>5oBc>u;S<e)wAf#|*pVGcFZ(5JVCY_)^taXEew=+Q>{P59%dDyv2yGZ1I7p!}`|
z+fQd4(?4S2nu}9i^WikvX=`|W0s7V*@zJ7iR3J~^B3=b9*FVC0B`@@&mjum=VDUr^
zznh^euYBcvMTOki7zi2yK}M+^Za+q;j_X8?>!PYA2};+KY$}{Y9G!Rl8}w4`$l$<1
zsQSN!I-SV2pP~<rn`zDbm1Ca9&Ayfu*ty!FoxsdRd=&Qx=s_H=&^RgiZ@*z4M6`63
zDfUs$=eIvL=WXr>bIlsF4t;m4-bQ&i7$7x@-$dT=wQ};B|LETm3AswDsF^siCk{I)
z3BS@4z$c_Z4}hTaK^lE{u>A-f;U)o%M<<%wfaCFdx<@Wdm6vJjS}=4H5deX%Gwt{E
zkd$9!FmhJmuM`g~MKIWCcd+&r6_mtE+E{HQsR2Ql5jY5nb-#Z7j7OijU@6%Wf5(3f
zDMv8)k<Q`#X!^P;rOJv0s2Rwxf&hB_I{8EX+4xf1(522TsT!C%?Fu3NTC$$wA9{95
zQIz474AL@3rRm5oTQzPRZ2OV?`325fY0nV>>u<kv^+!mV0>fR9;kuO;vtSOThWONA
zn*iLA*?5&=qw^?(vXrmL^gA3OU!m>7LvVN{R7n_nrxs{ONXt@id?3NT!}VupJ+Hmd
z)-0YCheqfL=n_be=k}QuwjusyAxFDZU!Cc}{0Nc2fz8hk@p+iR>H7#5DkGGK%(oS~
z1*U@-cN=F2ierVX6hFlJ9z4>WS<m%C-ui2WW`*KdJhyXSwZoa{ah4z2Rbi1!|7oCg
zIFJ@3+Y4toWjn<O8>Fk9j}K)n#)6Pe&d;sJYPe7KdsCGtyY|2Umd8u^=N@x+7ds$5
z1n3j4%g1<=PZBZIIbp^m-BcOeaJ&0RYs2yN%0wRQ1eYct7-S6ClEKgEFk!o==Y|`H
zWHT8#Zu2~Q<4?co6Fey0T2Sz)b^yf%am_mU7j@PeG3V5;pJM9M#NW0hi&%~a-wxNN
z?@M>N<pnl0FgW1G^1pW=2*)?zzFk@426e2%8cR2{N{oZ!aWm1ZKAiE*I{^?9Y)`Jq
z?9#=nZhqdFZoBs$-`xuPyG>94FKevBds`*z&t%Z25g?FMrmR<6h)8iU7dHH_Pua!}
zS2UWo_c~eh$wu`o*v^z)K$k#<C1>^z26i#nq~om-0uMe(PwUxPyieBPd%%XH_}u4M
zWYHBA7u3g{Tk!<tR`X8%7d7Z3AsdAD@QkQ^ORlnBlfAYx){swtgFOP=#kFtNHEM51
zq%u0BLw>kd(R+_Gyr`$AJ!8cTX{pnVb_bb(I6QkJilbkohT`R!6Rc7x>!F(noAkSf
zGD`~C0{7V@y6XTK1cC28o;jT@b6r?17Qgp6KEBDP__}9Cpu2(QanghX6Kk#~a1i43
zb=avq&pp|zH1uSOPYWM7UN?UI&~-4E7X8KjTQ~L}0S;yYxGrpLo}cxL3$ZW4$3Chj
zg`sz!b=-K}ETV--?pcw^z|Qgp9zx(B!+BP}(;x4T2zzo=kKN#_H;rryjfJAciYofh
z#-w}!7X)#);>SvOy196a@mP_y21Ap(Wkahq^6M532G{9Mdgt_gfrAi7UZUOYbq^04
zM`OXZYWT)kh*T<vg;&BWeeN=w(_`Th1hk`pA~`RdZd194P;%zH@!}%frY7Q#r}!p@
zWiVGW$yY*KxRgI|5NyF=uhxyDD1J$aujLi|DG?v_7W+gZj_}P#^ho-%v#o5fJp~Rz
zT_^IWjecfyuYiK60&72d&?uz%)V)QXI1Lw5l;b1IE6D($2j&k1ER{R1L9ew$@QHy~
zcg`>tHNL9e;6BF75Va881Y5KF-GM+5y3!HD=f~9jdxX(|CydYS|2t=)Wt{S_nn-C$
z;ES4YpV_fzKoH`nj(NH-Wga@<&wAAi7#<++8*UW`%8C}C+3MLDEo46fJFYHuz$qvb
zb#T=p_KRBI_}Eia^?f1wVnW@*O<1w_%GZ3gXg+}*Rn?U_?;1E;g`S(qVDs|?dB*0Y
zIiXjheNwa+JrtbLI)z)HxY?%Ay6i_Ev!2QA5Ogv3dG&eX2c}3`f0q6En55=OH!HZ6
z6J!ny<55bJwWV%zUg!^7Dk8!OsKm3^3AQi3$(GsYKU6Y?*8&D=K^T=`&NPb4RY;h@
z@3stA9#WadPs2J%$Ng&@YC>DCnG~W7-)$*eqCR*f<SphCPgiLy?}w(1mHz4HF)cSU
zX5bBbrf^V%7C`Wx^UK;&>PL%eyXf6EFQz^_R>f5zoDA8mjD=Vk!xJagB0y@)0q9zk
z*?(>A+_0JG$s45s=c9}kgr@JZ2Wfsi)A+Z{&@TXiS`bM$y^Y5MD-3jfx_#Lf${Cww
z*mf-w$cp6pCF_A7*on{@W(khdO^=sHwicg1WG{uhxh3P)d*{30wfPj!*RExVkIDMp
zZ9Aw)3ci>*I$Q9{L?E*{+`d&jQ*bI`px@{`vG+UkDXuzgivoQN39_-O)Y1(%m$RcS
z7vkKAO_iLtklFf}wN2bz*W=(6Xv713nh7Q(A)+yT3@!80A2(dDT~hvy3HtQl^0P%_
zOXzMmseVdgR1CQPCod1k(gn=j=2w?<sohV?nHmP?;|^r9Bfrto<f%H@1TOhLi3OQ~
z40qla)!5-9tBNyQXw_w6ZuDsW$T57GY>fM&Md_oKS9u)Zpj3Zo`lY^3uPdU|aG4dM
zCGZk+Zmk>U?w#~;kp}4;>U|8|x&=*s4lxrH`tns~u4OZ9<}685CUnYcf;n%BOQxsz
zsWA3?G$m9dKB+DRzdrN^gx7s`vmVTCHrh}p38;)6h}pTD)2i{^FcAno28std0X08A
zHx-x?@6yJJP?MxTRYIJE&#^IDyj(cIET|3!oFd>xM+VA&-y}XnB#<O3N@M@TaMY_c
z!#iMxN6ImLS=MWbL4s<91P{4C`aL50wGlMHfB2o(o6_9$0RC$N`HizhA9iyV+=2bq
zf+nW+mBg$s=8VuHzQi}Gj%YB9O0Jqwhu~n(MTX-UT8E$l$*gwzdp4RVT(VdsC-k)w
z@&5iK!-uN+ZLi!0hsWo)`VwA(K7Im3^M%Ed$Zxi-3g#fFqn=tgIQAU}PPSpa-l9sO
zkZThfO9hcY++Qk1(nZ!;u@KIok`?X--1IWOY^(Lh$ct{fjrq!bvoz2pR)G7gSSJ$9
zrK6d|o8K9QCfiFiWWSnQftccLCz6oDvXAIY2Zqf7_<rQ+-vk&(Vry_#@bSl-$+Ek|
zQgKvD2`RpXtt*_>y4|QqJfxW1Q{3@HPNtlu=u*$@(ZBVTC7|uLdJXn;$<@D?%K#a)
z271ns?2Enc4ZovNF8eh4iR|%+2{uO~>qdOg-qGC@cO37_1d%|7!-ce}A{u<XCF3N&
z)(@hY&uei__@NEcRF=YV%&hPqp`qF{?Aq?o3N!@f|Msi(|4s0JyPN(0{p(jgy6OMz
Mr;{MCe+}*b2bzVt>Hq)$

diff --git a/crates/store/src/genesis/config/tests.rs b/crates/store/src/genesis/config/tests.rs
index 743523186e..ae111f3640 100644
--- a/crates/store/src/genesis/config/tests.rs
+++ b/crates/store/src/genesis/config/tests.rs
@@ -4,7 +4,7 @@ use std::path::Path;
 use assert_matches::assert_matches;
 use miden_protocol::ONE;
 use miden_protocol::account::delta::AccountUpdateDetails;
-use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SecretKey;
+use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SigningKey;
 
 use super::*;
 
@@ -27,7 +27,7 @@ fn parsing_yields_expected_default_values() -> TestResult {
     let config_path = write_toml_file(temp_dir.path(), sample_content);
 
     let gcfg = GenesisConfig::read_toml_file(&config_path)?;
-    let signer = SecretKey::new();
+    let signer = SigningKey::new();
     let (state, _secrets) = gcfg.into_state(signer.public_key())?;
     let _ = state;
     // faucets always precede wallet accounts
@@ -47,22 +47,22 @@ fn parsing_yields_expected_default_values() -> TestResult {
     {
         let faucet = FungibleFaucet::try_from(native_faucet.storage()).unwrap();
 
-        assert_eq!(faucet.max_supply(), Felt::new(100_000_000_000_000_000));
+        assert_eq!(faucet.max_supply().as_u64(), 100_000_000_000_000_000);
         assert_eq!(faucet.decimals(), 6);
         assert_eq!(*faucet.symbol(), TokenSymbol::new("MIDEN").unwrap());
     }
 
     // check account balance, and ensure ordering is retained
     assert_matches!(wallet1.vault().get_balance(native_faucet.id()), Ok(val) => {
-        assert_eq!(val, 999_000);
+        assert_eq!(val.as_u64(), 999_000);
     });
     assert_matches!(wallet2.vault().get_balance(native_faucet.id()), Ok(val) => {
-        assert_eq!(val, 777);
+        assert_eq!(val.as_u64(), 777);
     });
 
     // check total issuance of the faucet
     let faucet = FungibleFaucet::try_from(native_faucet.storage()).unwrap();
-    assert_eq!(faucet.token_supply(), Felt::new(999_777), "Issuance mismatch");
+    assert_eq!(faucet.token_supply().as_u64(), 999_777, "Issuance mismatch");
 
     Ok(())
 }
@@ -71,7 +71,7 @@ fn parsing_yields_expected_default_values() -> TestResult {
 #[miden_node_test_macro::enable_logging]
 async fn genesis_accounts_have_nonce_one() -> TestResult {
     let gcfg = GenesisConfig::default();
-    let signer = SecretKey::new();
+    let signer = SigningKey::new();
     let (state, secrets) = gcfg.into_state(signer.public_key()).unwrap();
     let mut iter = secrets.as_account_files(&state);
     let AccountFileWithName { account_file: status_quo, .. } = iter.next().unwrap().unwrap();
@@ -136,7 +136,7 @@ path = "test_account.mac"
     let gcfg = GenesisConfig::read_toml_file(&config_path)?;
 
     // Convert to state and verify the account is included
-    let signer = SecretKey::new();
+    let signer = SigningKey::new();
     let (state, _secrets) = gcfg.into_state(signer.public_key())?;
     assert!(state.accounts.iter().any(|a| a.id() == account_id));
 
@@ -152,7 +152,7 @@ fn parsing_native_faucet_from_file() -> TestResult {
     use miden_standards::account::policies::{
         BurnPolicyConfig,
         MintPolicyConfig,
-        PolicyAuthority,
+        PolicyRegistration,
         TokenPolicyManager,
     };
     use tempfile::tempdir;
@@ -181,11 +181,11 @@ fn parsing_native_faucet_from_file() -> TestResult {
         .storage_mode(AccountStorageMode::Public)
         .with_auth_component(auth)
         .with_component(faucet)
-        .with_components(TokenPolicyManager::new(
-            PolicyAuthority::AuthControlled,
-            MintPolicyConfig::AllowAll,
-            BurnPolicyConfig::AllowAll,
-        ))
+        .with_components(
+            TokenPolicyManager::new()
+                .with_mint_policy(MintPolicyConfig::AllowAll, PolicyRegistration::Active)?
+                .with_burn_policy(BurnPolicyConfig::AllowAll, PolicyRegistration::Active)?,
+        )
         .build()?;
 
     let faucet_id = faucet_account.id();
@@ -211,7 +211,7 @@ verification_base_fee = 0
     let gcfg = GenesisConfig::read_toml_file(&config_path)?;
 
     // Convert to state and verify the native faucet is included
-    let signer = SecretKey::new();
+    let signer = SigningKey::new();
     let (state, secrets) = gcfg.into_state(signer.public_key())?;
     assert!(state.accounts.iter().any(|a| a.id() == faucet_id));
 
@@ -271,7 +271,7 @@ verification_base_fee = 0
     let gcfg = GenesisConfig::read_toml_file(&config_path)?;
 
     // into_state should fail with NativeFaucetNotFungible error when loading the file
-    let result = gcfg.into_state(SecretKey::new().public_key());
+    let result = gcfg.into_state(SigningKey::new().public_key());
     assert!(result.is_err());
     let err = result.unwrap_err();
     assert!(
@@ -304,7 +304,7 @@ path = "does_not_exist.mac"
     let gcfg = GenesisConfig::read_toml_file(&config_path).unwrap();
 
     // into_state should fail with AccountFileRead error when loading the file
-    let result = gcfg.into_state(SecretKey::new().public_key());
+    let result = gcfg.into_state(SigningKey::new().public_key());
     assert!(result.is_err());
     let err = result.unwrap_err();
     assert!(
@@ -323,7 +323,7 @@ async fn parsing_agglayer_sample_with_account_files() -> TestResult {
         .join("src/genesis/config/samples/02-with-account-files.toml");
 
     let gcfg = GenesisConfig::read_toml_file(&sample_path)?;
-    let signer = SecretKey::new();
+    let signer = SigningKey::new();
     let (state, secrets) = gcfg.into_state(signer.public_key())?;
 
     // Should have 4 accounts:
diff --git a/crates/store/src/genesis/mod.rs b/crates/store/src/genesis/mod.rs
index 9de141eade..a9c2ace5e4 100644
--- a/crates/store/src/genesis/mod.rs
+++ b/crates/store/src/genesis/mod.rs
@@ -11,7 +11,7 @@ use miden_protocol::block::{
     FeeParameters,
     SignedBlock,
 };
-use miden_protocol::crypto::dsa::ecdsa_k256_keccak::{PublicKey, SecretKey, Signature};
+use miden_protocol::crypto::dsa::ecdsa_k256_keccak::{PublicKey, Signature, SigningKey};
 use miden_protocol::crypto::merkle::mmr::{Forest, MmrPeaks};
 use miden_protocol::crypto::merkle::smt::{LargeSmt, MemoryStorage, Smt};
 use miden_protocol::errors::AccountError;
@@ -174,7 +174,7 @@ impl GenesisState {
     }
 
     /// Builds and signs the genesis block with a local secret key.
-    pub fn into_block(self, signer: &SecretKey) -> anyhow::Result<GenesisBlock> {
+    pub fn into_block(self, signer: &SigningKey) -> anyhow::Result<GenesisBlock> {
         let unsigned_block = self.into_unsigned_block()?;
         let signature = signer.sign(unsigned_block.header().commitment());
         unsigned_block.into_block(signature)
diff --git a/crates/store/src/lib.rs b/crates/store/src/lib.rs
index a2a30d4c84..5ceb432353 100644
--- a/crates/store/src/lib.rs
+++ b/crates/store/src/lib.rs
@@ -24,6 +24,49 @@ pub fn default_sqlite_connection_pool_size() -> std::num::NonZeroUsize {
     DatabaseOptions::default().connection_pool_size
 }
 
+/// Test-only helpers exposed for downstream integration tests.
+///
+/// This module is hidden from public docs and not part of the stable API. It exists so
+/// integration tests in sibling crates (e.g. `miden-node-rpc`) can seed network-account
+/// rows directly into the store's SQLite database without us widening the visibility of
+/// internal diesel types.
+#[doc(hidden)]
+pub mod test_support {
+    use std::path::Path;
+
+    use diesel::prelude::*;
+    use miden_protocol::Word;
+    use miden_protocol::account::AccountId;
+    use miden_protocol::block::BlockNumber;
+
+    use crate::db::models::queries::{AccountRowInsert, NetworkAccountType};
+    use crate::db::schema;
+
+    /// Opens a fresh connection to the store's SQLite database and inserts a private
+    /// network-account row for `account_id`, marking it as a network account in the
+    /// latest state at block 0.
+    ///
+    /// Intended for integration tests that need to exercise the network-account gate
+    /// without running a transaction through the block producer. The store's WAL mode
+    /// makes a secondary connection safe.
+    pub fn seed_network_account(db_path: &Path, account_id: AccountId) {
+        let mut conn = SqliteConnection::establish(db_path.to_str().expect("db path is utf-8"))
+            .expect("connect to store sqlite");
+
+        let row = AccountRowInsert::new_private(
+            account_id,
+            NetworkAccountType::Network,
+            Word::default(),
+            BlockNumber::from(0),
+            BlockNumber::from(0),
+        );
+        diesel::insert_into(schema::accounts::table)
+            .values(&row)
+            .execute(&mut conn)
+            .expect("insert network account row");
+    }
+}
+
 // CONSTANTS
 // =================================================================================================
 const COMPONENT: &str = "miden-store";
diff --git a/crates/store/src/server/api.rs b/crates/store/src/server/api.rs
index c5d393eb65..406df76631 100644
--- a/crates/store/src/server/api.rs
+++ b/crates/store/src/server/api.rs
@@ -96,7 +96,7 @@ impl StoreApi {
 
             for note in batch.input_notes().iter() {
                 if let Some(header) = note.header() {
-                    unauthenticated_note_commitments.insert(header.to_commitment());
+                    unauthenticated_note_commitments.insert(header.id().as_word());
                 }
             }
         }
diff --git a/crates/store/src/server/rpc_api.rs b/crates/store/src/server/rpc_api.rs
index 99158a1ece..c854c61330 100644
--- a/crates/store/src/server/rpc_api.rs
+++ b/crates/store/src/server/rpc_api.rs
@@ -252,7 +252,7 @@ impl rpc_server::Rpc for StoreApi {
             SyncAccountVaultError,
         >(request.account_id)?;
 
-        if !account_id.has_public_state() {
+        if !account_id.is_public() {
             return Err(SyncAccountVaultError::AccountNotPublic(account_id).into());
         }
 
@@ -305,7 +305,7 @@ impl rpc_server::Rpc for StoreApi {
             SyncAccountStorageMapsError,
         >(request.account_id)?;
 
-        if !account_id.has_public_state() {
+        if !account_id.is_public() {
             Err(SyncAccountStorageMapsError::AccountNotPublic(account_id))?;
         }
 
@@ -374,6 +374,16 @@ impl rpc_server::Rpc for StoreApi {
         }))
     }
 
+    async fn are_network_accounts(
+        &self,
+        request: Request<proto::account::AccountIdList>,
+    ) -> Result<Response<proto::store::NetworkAccountIdSubset>, Status> {
+        let ids = read_account_ids::<Status, _>(request.into_inner().account_ids)?;
+        let subset = self.state.network_accounts_subset(&ids).await?;
+        let network_account_ids = subset.into_iter().map(proto::account::AccountId::from).collect();
+        Ok(Response::new(proto::store::NetworkAccountIdSubset { network_account_ids }))
+    }
+
     async fn sync_transactions(
         &self,
         request: Request<proto::rpc::SyncTransactionsRequest>,
diff --git a/crates/store/src/state/apply_block.rs b/crates/store/src/state/apply_block.rs
index 2cf12a1b10..b6acf01895 100644
--- a/crates/store/src/state/apply_block.rs
+++ b/crates/store/src/state/apply_block.rs
@@ -319,7 +319,7 @@ impl State {
                     block_num,
                     note_index,
                     note_id: note.id().as_word(),
-                    note_commitment: note.to_commitment(),
+                    note_commitment: note.id().as_word(),
                     metadata: *note.metadata(),
                     details,
                     attachments,
diff --git a/crates/store/src/state/loader.rs b/crates/store/src/state/loader.rs
index 72df4fff34..6c64dc1d8b 100644
--- a/crates/store/src/state/loader.rs
+++ b/crates/store/src/state/loader.rs
@@ -17,7 +17,7 @@ use miden_crypto::merkle::smt::{Backend, ForestInMemoryBackend};
 #[cfg(feature = "rocksdb")]
 use miden_crypto::merkle::smt::{ForestPersistentBackend, PersistentBackendConfig};
 #[cfg(feature = "rocksdb")]
-use miden_large_smt_backend_rocksdb::RocksDbStorage;
+use miden_large_smt_backend_rocksdb::{RocksDbStorage, SmtStorageReader};
 #[cfg(feature = "rocksdb")]
 use miden_node_utils::clap::RocksDbOptions;
 use miden_protocol::account::{AccountId, AccountStorageHeader, StorageSlotType};
@@ -465,9 +465,10 @@ pub async fn load_mmr(db: &mut Db) -> Result<Blockchain, StateInitializationErro
     let block_commitments = db.select_all_block_header_commitments().await?;
 
     // SAFETY: We assume the loaded MMR is valid and does not have more than u32::MAX entries.
-    let chain_mmr = Blockchain::from_mmr_unchecked(Mmr::from(
-        block_commitments.iter().copied().map(BlockHeaderCommitment::word),
-    ));
+    let mmr =
+        Mmr::try_from_iter(block_commitments.iter().copied().map(BlockHeaderCommitment::word))
+            .expect("loaded MMR exceeds maximum allowed size");
+    let chain_mmr = Blockchain::from_mmr_unchecked(mmr);
 
     Ok(chain_mmr)
 }
diff --git a/crates/store/src/state/mod.rs b/crates/store/src/state/mod.rs
index 2bdb907f82..09c6303c9c 100644
--- a/crates/store/src/state/mod.rs
+++ b/crates/store/src/state/mod.rs
@@ -766,6 +766,14 @@ impl State {
         self.db.select_network_account_by_id(account_id).await
     }
 
+    /// Filters `account_ids` down to the subset currently classified as network accounts.
+    pub async fn network_accounts_subset(
+        &self,
+        account_ids: &[AccountId],
+    ) -> Result<HashSet<AccountId>, DatabaseError> {
+        self.db.select_network_accounts_subset(account_ids.to_vec()).await
+    }
+
     /// Returns network account IDs within the specified block range (based on account creation
     /// block).
     ///
@@ -797,7 +805,7 @@ impl State {
     ) -> Result<AccountResponse, GetAccountError> {
         let AccountRequest { block_num, account_id, details } = account_request;
 
-        if details.is_some() && !account_id.has_public_state() {
+        if details.is_some() && !account_id.is_public() {
             return Err(GetAccountError::AccountNotPublic(account_id));
         }
 
@@ -929,7 +937,7 @@ impl State {
             storage_requests,
         } = detail_request;
 
-        if !account_id.has_public_state() {
+        if !account_id.is_public() {
             return Err(GetAccountError::AccountNotPublic(account_id));
         }
 
diff --git a/crates/store/src/state/sync_state.rs b/crates/store/src/state/sync_state.rs
index dc890571a4..d2f8fc0940 100644
--- a/crates/store/src/state/sync_state.rs
+++ b/crates/store/src/state/sync_state.rs
@@ -46,7 +46,7 @@ impl State {
         if block_from == block_to {
             return Ok((
                 MmrDelta {
-                    forest: Forest::new(block_from.as_usize()),
+                    forest: Forest::new(block_from.as_usize()).expect("block index fits in u32"),
                     data: vec![],
                 },
                 block_header,
@@ -72,7 +72,10 @@ impl State {
             .await
             .blockchain
             .as_mmr()
-            .get_delta(Forest::new(from_forest), Forest::new(to_forest))
+            .get_delta(
+                Forest::new(from_forest).expect("from_forest fits in u32"),
+                Forest::new(to_forest).expect("to_forest fits in u32"),
+            )
             .map_err(StateSyncError::FailedToBuildMmrDelta)?;
 
         Ok((mmr_delta, block_header, signature))
diff --git a/crates/utils/src/crypto.rs b/crates/utils/src/crypto.rs
index d203ff75a0..baa2229dc2 100644
--- a/crates/utils/src/crypto.rs
+++ b/crates/utils/src/crypto.rs
@@ -5,7 +5,7 @@ use rand::Rng;
 /// Creates a new RPO Random Coin with random seed
 pub fn get_rpo_random_coin<T: Rng>(rng: &mut T) -> RandomCoin {
     let auth_seed: [u64; 4] = rng.random();
-    let rng_seed = Word::from(auth_seed.map(Felt::new));
+    let rng_seed = Word::from(auth_seed.map(Felt::new_unchecked));
 
     RandomCoin::new(rng_seed)
 }
diff --git a/proto/proto/internal/store.proto b/proto/proto/internal/store.proto
index 04fb41bb25..c34c06e1ff 100644
--- a/proto/proto/internal/store.proto
+++ b/proto/proto/internal/store.proto
@@ -21,6 +21,15 @@ service Rpc {
     // Returns the latest details the specified account.
     rpc GetAccount(rpc.AccountRequest) returns (rpc.AccountResponse) {}
 
+    // Filters the provided account ids down to the subset that are currently
+    // classified as network accounts. Ids that don't exist in the store, or that
+    // aren't network accounts, are omitted. The order of `network_account_ids`
+    // is unspecified.
+    //
+    // Callers checking a single id should pass a one-element list and check whether
+    // the response is non-empty.
+    rpc AreNetworkAccounts(account.AccountIdList) returns (NetworkAccountIdSubset) {}
+
     // Returns raw block data for the specified block number, optionally including the block proof.
     rpc GetBlockByNumber(blockchain.BlockRequest) returns (blockchain.MaybeBlock) {}
 
@@ -327,6 +336,16 @@ message MaybeAccountDetails {
     optional account.AccountDetails details = 1;
 }
 
+// ARE NETWORK ACCOUNTS
+// ================================================================================================
+
+// Represents the subset of the provided account ids that are currently classified
+// as network accounts. The order of `network_account_ids` is unspecified.
+message NetworkAccountIdSubset {
+    // The network-account subset of the requested ids.
+    repeated account.AccountId network_account_ids = 1;
+}
+
 // GET UNCONSUMED NETWORK NOTES
 // ================================================================================================
 
diff --git a/proto/proto/types/account.proto b/proto/proto/types/account.proto
index 8fd9729a51..6df8725658 100644
--- a/proto/proto/types/account.proto
+++ b/proto/proto/types/account.proto
@@ -16,6 +16,12 @@ message AccountId {
     bytes id = 1;
 }
 
+// A list of account IDs.
+message AccountIdList {
+    // The list of account IDs.
+    repeated AccountId account_ids = 1;
+}
+
 // The state of an account at a specific block height.
 message AccountSummary {
     // The account ID.

From fbd49605860b362600a158ff3f54c76c06d1da48 Mon Sep 17 00:00:00 2001
From: Juan Munoz <juanmunoz890@gmail.com>
Date: Tue, 19 May 2026 12:10:10 -0300
Subject: [PATCH 2/3] chore: simplify genesis

---
 Cargo.lock                             | 14 +++++++-------
 crates/rpc/src/server/api.rs           |  3 +--
 crates/store/src/genesis/config/mod.rs | 13 ++++---------
 3 files changed, 12 insertions(+), 18 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 96df84f824..8f87e5bc01 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2933,7 +2933,7 @@ dependencies = [
 [[package]]
 name = "miden-agglayer"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
+source = "git+https://github.com/0xMiden/protocol?branch=next#c2d8c615b90eb7b3993864eaa9c22c4bb4061ee5"
 dependencies = [
  "alloy-sol-types",
  "fs-err",
@@ -3013,7 +3013,7 @@ dependencies = [
 [[package]]
 name = "miden-block-prover"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
+source = "git+https://github.com/0xMiden/protocol?branch=next#c2d8c615b90eb7b3993864eaa9c22c4bb4061ee5"
 dependencies = [
  "miden-protocol",
  "thiserror 2.0.18",
@@ -3648,7 +3648,7 @@ dependencies = [
 [[package]]
 name = "miden-protocol"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
+source = "git+https://github.com/0xMiden/protocol?branch=next#c2d8c615b90eb7b3993864eaa9c22c4bb4061ee5"
 dependencies = [
  "bech32",
  "fs-err",
@@ -3751,7 +3751,7 @@ dependencies = [
 [[package]]
 name = "miden-standards"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
+source = "git+https://github.com/0xMiden/protocol?branch=next#c2d8c615b90eb7b3993864eaa9c22c4bb4061ee5"
 dependencies = [
  "bon",
  "fs-err",
@@ -3790,7 +3790,7 @@ dependencies = [
 [[package]]
 name = "miden-testing"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
+source = "git+https://github.com/0xMiden/protocol?branch=next#c2d8c615b90eb7b3993864eaa9c22c4bb4061ee5"
 dependencies = [
  "anyhow",
  "itertools 0.14.0",
@@ -3810,7 +3810,7 @@ dependencies = [
 [[package]]
 name = "miden-tx"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
+source = "git+https://github.com/0xMiden/protocol?branch=next#c2d8c615b90eb7b3993864eaa9c22c4bb4061ee5"
 dependencies = [
  "miden-processor",
  "miden-protocol",
@@ -3823,7 +3823,7 @@ dependencies = [
 [[package]]
 name = "miden-tx-batch-prover"
 version = "0.15.0"
-source = "git+https://github.com/0xMiden/protocol?branch=next#01077765ca06fb49fc6e90e8ee9e181ad76ff7e2"
+source = "git+https://github.com/0xMiden/protocol?branch=next#c2d8c615b90eb7b3993864eaa9c22c4bb4061ee5"
 dependencies = [
  "miden-protocol",
  "miden-tx",
diff --git a/crates/rpc/src/server/api.rs b/crates/rpc/src/server/api.rs
index 8b2f95c469..65fb4fb66a 100644
--- a/crates/rpc/src/server/api.rs
+++ b/crates/rpc/src/server/api.rs
@@ -496,8 +496,7 @@ impl api_server::Api for RpcService {
         // account; the store is the source of truth because network-ness now lives in account
         // storage and isn't derivable from an AccountId alone. Network accounts must be public, so
         // private-account txs short-circuit and skip the store roundtrip.
-        if !tx.account_update().initial_state_commitment().is_empty()
-            && tx.account_id().is_public()
+        if !tx.account_update().initial_state_commitment().is_empty() && tx.account_id().is_public()
         {
             let response = self
                 .store
diff --git a/crates/store/src/genesis/config/mod.rs b/crates/store/src/genesis/config/mod.rs
index fb6f15f755..7613233ff3 100644
--- a/crates/store/src/genesis/config/mod.rs
+++ b/crates/store/src/genesis/config/mod.rs
@@ -25,7 +25,7 @@ use miden_protocol::block::FeeParameters;
 use miden_protocol::crypto::dsa::ecdsa_k256_keccak::PublicKey;
 use miden_protocol::crypto::dsa::falcon512_poseidon2::SecretKey as RpoSecretKey;
 use miden_protocol::errors::TokenSymbolError;
-use miden_protocol::{Felt, ONE, Word};
+use miden_protocol::{Felt, ONE};
 use miden_standards::AuthMethod;
 use miden_standards::account::auth::AuthSingleSig;
 use miden_standards::account::faucets::{FungibleFaucet, TokenName};
@@ -297,14 +297,9 @@ impl GenesisConfig {
                         total_issuance,
                     });
                 }
-                let new_token_config = Word::new([
-                    Felt::from(new_token_supply),
-                    Felt::from(current_faucet.max_supply()),
-                    Felt::from(current_faucet.decimals()),
-                    Felt::from(current_faucet.symbol()),
-                ]);
-                storage_delta
-                    .set_item(FungibleFaucet::token_config_slot().clone(), new_token_config)?;
+                let updated_faucet = current_faucet.with_token_supply(new_token_supply)?;
+                let slot = updated_faucet.token_config_slot_value();
+                storage_delta.set_item(slot.name().clone(), slot.value())?;
                 tracing::debug!(
                     "Reducing faucet account {faucet} for {symbol} by {amount}",
                     faucet = faucet_id.to_hex(),

From 8fbbb39c7544a03c0b7485f6f0aa6a86f9d108f2 Mon Sep 17 00:00:00 2001
From: Juan Munoz <juanmunoz890@gmail.com>
Date: Thu, 21 May 2026 10:16:39 -0300
Subject: [PATCH 3/3] chore: address PR comments

---
 bin/ntx-builder/src/builder.rs                 |  7 +++----
 .../src/db/models/account_effect.rs            | 12 ++++--------
 crates/store/src/db/models/queries/accounts.rs | 18 ++++++++----------
 crates/store/src/genesis/config/mod.rs         |  9 ++-------
 crates/store/src/genesis/config/tests.rs       |  2 +-
 5 files changed, 18 insertions(+), 30 deletions(-)

diff --git a/bin/ntx-builder/src/builder.rs b/bin/ntx-builder/src/builder.rs
index de94689fb6..fc05ff6a54 100644
--- a/bin/ntx-builder/src/builder.rs
+++ b/bin/ntx-builder/src/builder.rs
@@ -8,7 +8,7 @@ use miden_node_proto::domain::mempool::MempoolEvent;
 use miden_protocol::account::Account;
 use miden_protocol::account::delta::AccountUpdateDetails;
 use miden_protocol::block::BlockHeader;
-use miden_standards::account::auth::NetworkAccountNoteAllowlist;
+use miden_standards::account::auth::NetworkAccount;
 use tokio::net::TcpListener;
 use tokio::sync::mpsc;
 use tokio::task::JoinSet;
@@ -232,10 +232,9 @@ impl NetworkTransactionBuilder {
                 if let Some(AccountUpdateDetails::Delta(delta)) = account_delta
                     && delta.is_full_state()
                     && let Ok(account) = Account::try_from(delta)
-                    && account.is_public()
-                    && NetworkAccountNoteAllowlist::try_from(account.storage()).is_ok()
+                    && let Ok(network_account) = NetworkAccount::new(account)
                 {
-                    let network_id = NetworkAccountId::new_trusted(account.id());
+                    let network_id = NetworkAccountId::new_trusted(network_account.id());
                     self.coordinator.spawn_actor(network_id, &self.actor_context);
                 }
                 let inactive_targets = self.coordinator.send_targeted(&event);
diff --git a/bin/ntx-builder/src/db/models/account_effect.rs b/bin/ntx-builder/src/db/models/account_effect.rs
index 5e483035c6..6d03795461 100644
--- a/bin/ntx-builder/src/db/models/account_effect.rs
+++ b/bin/ntx-builder/src/db/models/account_effect.rs
@@ -1,7 +1,7 @@
 use miden_node_proto::domain::account::NetworkAccountId;
 use miden_protocol::account::delta::AccountUpdateDetails;
 use miden_protocol::account::{Account, AccountDelta, AccountId};
-use miden_standards::account::auth::NetworkAccountNoteAllowlist;
+use miden_standards::account::auth::NetworkAccount;
 
 // NETWORK ACCOUNT EFFECT
 // ================================================================================================
@@ -22,13 +22,9 @@ impl NetworkAccountEffect {
                 // standardized `NetworkAccountNoteAllowlist` slot.
                 let account = Account::try_from(update)
                     .expect("Account should be derivable by full state AccountDelta");
-                if account.is_public()
-                    && NetworkAccountNoteAllowlist::try_from(account.storage()).is_ok()
-                {
-                    Some(NetworkAccountEffect::Created(account))
-                } else {
-                    None
-                }
+                NetworkAccount::new(account)
+                    .ok()
+                    .map(|na| NetworkAccountEffect::Created(na.into_account()))
             },
             AccountUpdateDetails::Delta(update) => {
                 // Partial updates carry no storage we can inspect here. Forward them as updates and
diff --git a/crates/store/src/db/models/queries/accounts.rs b/crates/store/src/db/models/queries/accounts.rs
index 4f93af0906..ddf96d6dcf 100644
--- a/crates/store/src/db/models/queries/accounts.rs
+++ b/crates/store/src/db/models/queries/accounts.rs
@@ -42,7 +42,7 @@ use miden_protocol::asset::{Asset, AssetVault, AssetVaultKey, FungibleAsset};
 use miden_protocol::block::{BlockAccountUpdate, BlockNumber};
 use miden_protocol::utils::serde::{Deserializable, Serializable};
 use miden_protocol::{Felt, Word};
-use miden_standards::account::auth::NetworkAccountNoteAllowlist;
+use miden_standards::account::auth::NetworkAccount;
 
 use crate::COMPONENT;
 use crate::db::models::conv::{SqlTypeConvert, nonce_to_raw_sql, raw_sql_to_nonce};
@@ -367,9 +367,9 @@ pub struct PublicAccountStateRootsPage {
 /// Returns up to `page_size` public account IDs, starting after `after_account_id` if provided.
 /// Results are ordered by `account_id` for stable pagination.
 ///
-/// Public accounts are those with `AccountStorageMode::Public` or `AccountStorageMode::Network`.
-/// We identify them by checking `code_commitment IS NOT NULL` - public accounts store their full
-/// state (including `code_commitment`), while private accounts only store the `account_commitment`.
+/// Public accounts are those with `AccountStorageMode::Public`. We identify them by checking
+/// against the store. Public accounts store their `code_commitment`, while private accounts only
+/// store the `account_commitment`.
 ///
 /// # Raw SQL
 ///
@@ -427,9 +427,9 @@ pub(crate) fn select_public_account_ids_paged(
 /// Returns up to `page_size` public account states, starting after `after_account_id` if provided.
 /// Results are ordered by `account_id` for stable pagination.
 ///
-/// Public accounts are those with `AccountStorageMode::Public` or `AccountStorageMode::Network`.
-/// We identify them by checking `code_commitment IS NOT NULL` - public accounts store their full
-/// state (including `code_commitment`), while private accounts only store the `account_commitment`.
+/// Public accounts are those with `AccountStorageMode::Public`. We identify them by checking
+/// against the store. Public accounts store their `code_commitment`, while private accounts only
+/// store the `account_commitment`.
 ///
 /// # Raw SQL
 ///
@@ -1402,9 +1402,7 @@ pub(crate) fn upsert_accounts(
         let network_account_type = match &account_state {
             AccountStateForInsert::Private => NetworkAccountType::None,
             AccountStateForInsert::FullAccount(account) => {
-                if account.is_public()
-                    && NetworkAccountNoteAllowlist::try_from(account.storage()).is_ok()
-                {
+                if NetworkAccount::new(account.clone()).is_ok() {
                     NetworkAccountType::Network
                 } else {
                     NetworkAccountType::None
diff --git a/crates/store/src/genesis/config/mod.rs b/crates/store/src/genesis/config/mod.rs
index 7613233ff3..40717d5a92 100644
--- a/crates/store/src/genesis/config/mod.rs
+++ b/crates/store/src/genesis/config/mod.rs
@@ -506,12 +506,9 @@ struct AssetEntry {
 /// for details
 #[derive(Debug, Clone, Copy, serde::Serialize, serde::Deserialize, Default)]
 pub enum StorageMode {
-    /// Monitor for `Notes` related to the account, in addition to being `Public`.
-    #[serde(alias = "network")]
-    #[default]
-    Network,
     /// A publicly stored account, lives on-chain.
     #[serde(alias = "public")]
+    #[default]
     Public,
     /// A private account, which must be known by interactors.
     #[serde(alias = "private")]
@@ -521,9 +518,7 @@ pub enum StorageMode {
 impl From<StorageMode> for AccountStorageMode {
     fn from(mode: StorageMode) -> AccountStorageMode {
         match mode {
-            // Network accounts must be public in the new protocol model; the network-ness is
-            // determined by the standardized `NetworkAccountNoteAllowlist` slot in storage.
-            StorageMode::Network | StorageMode::Public => AccountStorageMode::Public,
+            StorageMode::Public => AccountStorageMode::Public,
             StorageMode::Private => AccountStorageMode::Private,
         }
     }
diff --git a/crates/store/src/genesis/config/tests.rs b/crates/store/src/genesis/config/tests.rs
index ae111f3640..d15fa9a647 100644
--- a/crates/store/src/genesis/config/tests.rs
+++ b/crates/store/src/genesis/config/tests.rs
@@ -378,7 +378,7 @@ async fn parsing_agglayer_sample_with_account_files() -> TestResult {
     // Verify the genesis state can be converted to a block
     let block = state.into_block(&signer)?;
 
-    // Verify that non-private accounts (Public and Network) get full Delta details.
+    // Verify that non-private (Public) accounts get full Delta details.
     for update in block.inner().body().updated_accounts() {
         let is_private = update.account_id().is_private();
         match update.details() {