From 6b0def4446126943fb2356c54259be294c164191 Mon Sep 17 00:00:00 2001
From: Julian Noble <julian@precisium.com.au>
Date: Wed, 6 Dec 2023 06:17:53 +1100
Subject: [PATCH] punkcheck and make.tcl fixes, project.new -update 1 support

---
 src/_vfscommon/punk1.ico                      |  Bin 0 -> 283486 bytes
 src/bootsupport/modules/http-2.10b1.tm        | 5457 +++++++++++++++++
 src/build.tcl                                 |    2 +-
 src/make.tcl                                  |   47 +-
 src/modules/punk-0.1.tm                       |    4 +-
 src/modules/punk/du-999999.0a1.0.tm           |    4 +-
 src/modules/punk/mix/base-0.1.tm              |    6 +-
 .../punk/mix/commandset/debug-999999.0a1.0.tm |    6 +-
 .../mix/commandset/layout-999999.0a1.0.tm     |   42 +-
 .../mix/commandset/module-999999.0a1.0.tm     |   12 +-
 .../mix/commandset/project-999999.0a1.0.tm    |  188 +-
 .../mix/commandset/scriptwrap-999999.0a1.0.tm |   10 +-
 src/modules/punk/mix/templates/.punkcheck     |   84 +
 .../mix/templates/layouts/project/.gitignore  |    8 +
 .../src/_vfscommon/lib/common_vfs_libs        |    0
 .../src/bootsupport/modules/http-2.10b1.tm    | 5457 +++++++++++++++++
 .../bootsupport/modules/punkcheck-0.1.0.tm    | 1887 ++++++
 .../templates/layouts/project/src/build.tcl   |    5 +-
 .../templates/layouts/project/src/make.tcl    |  566 +-
 .../src/mixtemplates/layouts/basic/.gitignore |   47 +
 .../src/mixtemplates/layouts/basic/README.md  |   13 +
 .../layouts/basic/src/modules/README.md       |   11 +
 .../modules}/template_module-0.0.1.tm         |    1 +
 .../sample.vfs/lib/app-sample/pkgIndex.tcl    |    1 +
 .../src/sample.vfs/lib/app-sample/sample.tcl  |    8 +
 .../lib/app-sampleshell/pkgIndex.tcl          |    2 +
 .../sample.vfs/lib/app-sampleshell/repl.tcl   |  111 +
 .../layouts/project/src/sample.vfs/main.tcl   |   23 +
 .../sample.vfs/modules/shellfilter-0.1.8.tm   | 2862 +++++++++
 .../src/sample.vfs/modules/shellrun-0.1.tm    |  710 +++
 .../src/sample.vfs/modules/shellthread-1.6.tm |  698 +++
 .../module/template_anyname-0.0.1.tm          |   49 -
 .../modulename_buildversion.txt               |    0
 .../modulename_description.txt                |    0
 .../template_anyname-0.0.2.tm                 |    0
 .../{module => modules}/template_cli-0.0.1.tm |    0
 .../modules/template_module-0.0.1.tm          |   52 +
 .../template_moduleexactversion-0.0.1.tm      |    0
 src/modules/punk/repo-999999.0a1.0.tm         |   26 +-
 src/modules/punkcheck-0.1.0.tm                |   70 +-
 src/punk86.vfs/lib/app-punk/repl.tcl          |   23 +-
 src/runtime/mapvfs.config                     |    2 +
 42 files changed, 18119 insertions(+), 375 deletions(-)
 create mode 100644 src/_vfscommon/punk1.ico
 create mode 100644 src/bootsupport/modules/http-2.10b1.tm
 create mode 100644 src/modules/punk/mix/templates/.punkcheck
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/_vfscommon/lib/common_vfs_libs
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/bootsupport/modules/http-2.10b1.tm
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/bootsupport/modules/punkcheck-0.1.0.tm
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/mixtemplates/layouts/basic/.gitignore
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/mixtemplates/layouts/basic/README.md
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/mixtemplates/layouts/basic/src/modules/README.md
 rename src/modules/punk/mix/templates/{module => layouts/project/src/mixtemplates/modules}/template_module-0.0.1.tm (91%)
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sample/pkgIndex.tcl
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sample/sample.tcl
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sampleshell/pkgIndex.tcl
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sampleshell/repl.tcl
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/sample.vfs/main.tcl
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/sample.vfs/modules/shellfilter-0.1.8.tm
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/sample.vfs/modules/shellrun-0.1.tm
 create mode 100644 src/modules/punk/mix/templates/layouts/project/src/sample.vfs/modules/shellthread-1.6.tm
 delete mode 100644 src/modules/punk/mix/templates/module/template_anyname-0.0.1.tm
 rename src/modules/punk/mix/templates/{module => modules}/modulename_buildversion.txt (100%)
 rename src/modules/punk/mix/templates/{module => modules}/modulename_description.txt (100%)
 rename src/modules/punk/mix/templates/{module => modules}/template_anyname-0.0.2.tm (100%)
 rename src/modules/punk/mix/templates/{module => modules}/template_cli-0.0.1.tm (100%)
 create mode 100644 src/modules/punk/mix/templates/modules/template_module-0.0.1.tm
 rename src/modules/punk/mix/templates/{module => modules}/template_moduleexactversion-0.0.1.tm (100%)

diff --git a/src/_vfscommon/punk1.ico b/src/_vfscommon/punk1.ico
new file mode 100644
index 0000000000000000000000000000000000000000..dac43134dc67a34cccbba1a21e916e6d5460b622
GIT binary patch
literal 283486
zcmeFa2S8NG(l%V?tQgj;U=|aID2M_BB4Pvu0Rbf_L2{OylqiCVh+@ttVnUHTzzkuS
zJWL=dW?gl4<Gp+L?%n!o26eq*@9zEI?|c9Mdw&|5?&@^<)ST+Bdb$n+&<pwjg8`Hd
zgt=n@Yym)9yPGZ;4iHCW8X6zyfdI2-0jQ~U(_Z}m1PiGHg<hZmb2a+HvLyg>iDpnt
zpr{=8H$xw)={*QWsEvg&V+O*+NrPa_*vT+y(ny##Z5T|MG6^P6nojxoFlYQam^)_*
z=nVIP1q(*N!g=Fh&YZchXu))tId=)no2vs_GfZHfx+_==%Y|h+b70Y=P|#kq9Q3EV
z!a^+utXMu3)=rK9-31#!XUQ^Hp+6gR^fh6{(j~A&PYae#Nrh#L*MPpRF>Ic27#8Z9
zgQ0;ItWZAzE44jAZ}|r5e+i71uLl#xQZP5sfmJKbV5P}2FlVd)^VRcV%cfyqxZDnw
zYDL2uh6z|$%mHH)6Iea701OPBz+zf47#Q1wF~b&&R<D6o7As-hT0K~`Y9p+*Fa%=@
zQ&?xV0alyZz=l;;V6fT-Y&AH*Sb6}=v@U_Ag*}*=1jCkfTVValy<l#+7B+0Mge{xR
zVB<O`*s#GCwrtf06YYCow|*OJvt0%@mX@%|+5%i>x4|yA39xa!53E`559>EOfXxOk
z*l6hnYb<wxouvzGw{ijJEq>tWv<2L3J?T2R;O5{A+qUijOGi(zvkw4AH%oAI^Z;8Y
zci8UW3r;&+Vb`t=ux0%PuyzcEt=pnu+fFC2GkgHM+#SKsDIC0a1jFtfQIL`Zke&>%
z+ix3$xW$6MTLL)k4g^=1EO6hs54?Bog)p~$;O-F*!Jd)eyel1ie0?E2d@cBR#)7Zg
z0dV*81#j<g@DFeY7q7iw=N}2tUg@wqgxc*+2OIZdNbt*ofT#e72{;IWfw>Use-a{M
z{2?SX1H1#y!oHv*u))0<A|v)eR7fuD4$X&v=)DlMCkJBVVqs5AI;4jm1Mk=@NZxaT
z+MR-^=p(Q{{4B)B90b4U<8U}@D<nl+goubMkQs9Y!sD+&YE~p9r{+LHQURo<oPxcH
zw;?mB2tv|NLqh6#*c|d5#3WTfT-t5$-P;I}`>#Pl=3U6lz6VE+T!7fa<!~&!3JxBu
zh1e4pAuGEHuHJNl^uzTKf9xI{Jbnw(^Go1BUM=M2G2!%?LO6Rh4{}a6z_G)xAp6n{
zIDhFDM4eK=rHiGoub>R_&q(0xc^>S)AcDXX-@(yy3dp@Eg1qw&;ZR{CT)57H!W$Kk
zQSg}ZFW^Mcb2xuT28Zr9L*AVyaId@;j+V-y@a_{hTOopL#b3jvlCR-Vtpd)K{s8$k
zU&49j8#vAU4k{aEz~+d6&1(XtKm>RAui?DtD`;u!fE$ng1h3zI1G2yTMYSYgPxvhk
zh<~f%50$66>s!X$kpCI~OwIp9KTj$51Es$i*rjY_s~RX9=`V>+%PZhh7sS`f?rb);
zV#&F*f8C#5T5`PPRB5UF^=rD$>)>+^4&G^bH~4aV`ug>s<zn`^Oq<aIXD_z5cModC
zAMvmMIL!5ApZr3%Q$goTo>El?T6=q^r5)!#ZB<>LJ$>AgB}=AHpFVE7MM^IFA3G~q
zbw9bReP7v*!sN`?_`1Yk3H8sr!Mb5S!SWp4M23Ock|pEDjT|^|c1~{Qxqs%vs!7QW
zqV_u+pTeiDKVa((`;ykDVzIz?^y1lzN@;*6=%B4Jbg1@7i{l6G-!D<|<-;_tTs{}D
zYt4|UI|@aj!m{({ua~6F?w|43zft&;!|Vyurw<(IEv63abLaFmwY^f3<>DJbnWg`5
z6GP5teldTR$D%>5Yi_&hdwc79XPnDkHDR{8`UExYCHBEIKx?V_5-pDd`L9d*sk``I
z`TGF|CGXo1-iw54(5#I%YZhBZdu`O8ZfU-Cjm-iz4JF?%m-r=2H`PvIUw{4d+>^h2
z`}f^7hq7w-QTJXH*5tdcJbgDPIWOAW(l0eVe3ABIdv`A{uXEQmwU?x1hnHMACFuM%
z>GJ_RhpJsJ-Kp#jz5DgE@!K2Tb;u<s@!Ij|jj0#HHT3P>?cLqSncJH!NeOVxbh}b1
z{OR-Vh$E*TyzfT+`>pZ2l$tte(qOzu4P5X%jbN-z{oU=OG)E=`S*Ca#m~EU<`r_NG
zpARr}=q}bnBj`0cIlnOfE~{*k@5frVpy_HF+V=KQQBn3I6LJ!E&GL!bl~(!q@2@{%
zq?Vv%F!V|-OwGSr7$yw+*c~xotD}atyF2xFSKF9!#%Ec2l>51_e)_rM*CvQVHOAd|
zI~N8e7oN{=Je_`N!KX@Nmm5jc-y$k1+Cy!T>$PjQ??id*IC@s`sRd<phH7eg^3$QW
zO=)JwdzPrs_+#y&WhEzNTBct12?@~&i<9%q%Q(y^59gy*51KwUp;U96w)QqY69x?y
ziBjLb72Uo0p)xhlE&M8)nR>ZLB}648cqQK{<8q@CTz!sqe%2j_YHFJ;XTLBS<aRxI
zP37CS>4&;&FNs)(E>YIhYZvv-Nk~YD$*jGZkl>*<`}6K5Bel&;b#IB%K`pZ*)z7c;
zQo5@8gs8Jt`7s$#|Cp2%>YkgHkdTs-5^WqN_-p{Jab_l_nwM|f?KP>rLzHi{W|^w;
zy7<k9M!McHQ8~(xn|3@gHzy^{)$OzHI8@8jRIB%mj{AdpEfR^|iiE<uj8S+={;@kl
z*F7;UkGkg_&&yS&DY>6_HyLSWW<3zRY(@`;!IKKx-?j+3z54Cs%RV*IwalgK=jBn~
z<EnA;E_|v()Y3Gww$>W0K6>=v-f9yjEZFIHn%Qsgg1WYkZT4uG=Oz}NDWU<+D1Xl!
z$ou^18K*`4t<}{=(*UC;4DL60@aWO~29KKiu{)y1^y6s-%1~5v=FFMnXO8FbeywyI
zX=?3h?P#q=BdARnJa|-hSn%01tfNtIT-CpOh-+ug@PdCGV4QWZwWs63EfZ)0g9f_^
zA3bs&HQMNt1W`jRjcdh41@v=`rl9;Sdi-nm8Css!o{^U?XV3(C^;&f2;lpRngGc?{
z@}Q$}yr8(axS+V8sJP%-!L_1-$A>=+FjULhF)||~Bg<f5?_Rw!Gp}E{&@a64{m-8o
zAkNUpRdp}ER(y?qX$;}7wOU#;%pB1l<0-BlxXN#h!JX&t-o5+za{<xF?`jt{meU~R
z#YM^=)~jC!`1_o?#rcj$?V?97UVU~826f-P=zQ4q{>4LXLwPyPp#1MUDJee;#z5vx
zym9Kh=<Pf1mp^6y`i$?vt8I_peD~dVUw-%PcVB+l)yVq#p9fHu2v9vZ$S1k*`J+d5
zM*q|#3EN(M{nJlBeOrIwbM|z%%fdYvcA6P{Zk68d-TUsQht~Z10DnG`0XESn|J<M2
z+~@lE`Pry%h>$MxTVVIiFTZ|BpAYaG`ADp*wn#m+DlK6ChS0%Gu3q(5|4DyG8dgx(
zWe{{;7_e$kdi%qjpUc>9T=Umri58;c+N5of8Tl+fzemqszW=`S$gkDEmvcm2yk|OM
zTl~q(nGKKLK7aD^{mbuuuhYl+W3)oXqgIGUf9sITmjmv<d-s+e!0*34f?GZ|`Q6kX
zad@9T+o=Byk+S>yckf@}hTrYh-M|)cx$S=2K7A%zAG}=3dj9Ttdq>Mdp4IxTe{g_p
zC(&PbK%YK+w5=n(uiw8Ov~~96MH6RjpdI)R1%F$u;lqayfW9zdoTh{NpuU6pFP$=F
znBk_h&_C2))rjWbw@+UReTENLAGvMLoUtpg`Hyyw_ct}M9X?<{|H&gp^j$hReVg~X
zIqO!e*#BWC`(wlO88B2sS7XG`Sd*RGCps-$x594IAL~dT00kYL;R8mDm^@;5tR`dW
zuysy`<7e*vgHM31ttk#iQ`G9)cfbI%r6YAm3~^ew;tS{hfPJ(APV?6qK<w*FpGBV`
z>(<S4&RGA)=Krac<m89}#Qy;UbjK{5H`4{fKh^xfj3W-voHn43mdT=d>vyaQ-unl;
zeb!9Z1S9dJ|Elp;w50y0^QUoi@ScPQ$QqCTf&71VeY{7+Ns1dV@Q*(KpLdrKp|rXJ
zKQHXb|3Brx`wtxxwr`C`d{U86o?(m#V+ddD7mo?U6AYja{;j4jp_sjh?hU=q0`qGn
zx?lzBSVQSt7@<mm=mesHXjP)37bSGl#x=@%fcQt<bi9)Og=l5HGVR+<#}OoI{4+qz
zWTGkkk?NH6NQ&`40`yVR%9LnjIzUO&e3Yp=(aN!uv~p~9O1tT;Fo3SDj`*k#rN;P!
zS}$ZM>9c+CmjreE0eT^Rua49SmErpj={vf4W#B36DHL?me><pT28CAWtxSHQn~7Iu
zGys^&6jT>OqzS2Ls#jN*D<`K+V?NLs3EebZPgPC~WGd@X^nw01shj?OwW=8ZTHa0n
zc~3X}@Bb=sVr_~p6n_sV?$u`y3>h{GMvoo{qsL4Dwb9cEFCIeJ@Cd?-XTqeZlVR2v
zGnk~VNm%e;m@#7p;lpEL?mRV^F-HSt&0GZYHPvCpY#mrRCIlADX261Zx-e&+J}lHU
zB;0o<EM7bZ^p;HoEp1&`wrmzGoofU7OBTaY9Ya{Iw*a(e`ho7`6wsLw3hSqZ5=NW{
zD^@H9eLWK})Mvo*Wfrj9a4A@re*vo}Tm=JNTUe&;4ra!SVePovgcTctiP=n8qHhH&
z42{5Sl_p{DOJT{%wS*NLfXVbzu$uBKj4WZ@>ZQO~qXP`euU@?z7^_#p8q;-PWV#Vn
zQM8@Pf=wEAuuAJVY}}*=n=CdG_G<!0OOC=?^KGzp?PgfLhSE)|!E|LJILzRKss2G=
ztldtyuPIpQ9RqXo-GuvE66Wj$7CJ>Lym-r&HQ?ql7Pf8L3U*tK35$+_P3r?-o0T&-
z+OGy{OHZ(OWWahWZ`fcN1XkAWU}@_Fw${7AWs4_lbFd;@cq44F_5~MvC)i=@4)*qL
z;NY|!9PI+Y(>4fp+55s4CvU=Zhr<phKXBNZ2A+fwyE+HL4wn$vVo?t+PD$XuBLa3g
zM}V_)6zuZ!1b5$U;6#}5Zg0Y=UG_nMdnkB%27{wVBn0eCfY4pB5U#|Ky&}PF`(=nE
zY&gIx6+(BXKv0M$VZ<2_925$^KKmgcFa~_W{K3;V3qpMkL1>&k*zPQafS^=}4#<Rn
zJ$oS7KNmdxj}fk%4oLxrsQo^O2uX#V0r?OTbQs+Cq(Veg3`B(IL0Z@`hzmObA->fR
zyEg<vBThg<bhZjR4v9~NgoH#0h&%<E;b$Nv{2c6#It!t(M<G1&BE&|WhnTpd;2vHI
zF?-X&JN_j2?aPM!(U)OgVlM34n+?J7g%Fi^5t0*bLPq*YIJoyF#HL<{_|!X)nsx`$
z_7}mCV=0iDeHF5E&O-K~0@xn+XUNQ~hPcDGU{4-l;`vt~E&mdv9IA)poLb1qEhEgh
z4)*7jK+f?Skae_<u;mKEmFpn<s2t+Y--g`dJUDm$IvhE}hMcn!$UoZxg#{Imbgd2!
z6xPDE>x4xY2;lg&MmTcuF`Oyrg4_2hA^+B6IC{4gvP%V!e_sMu?{vZC+b^Nu&U>h0
zvY?_y0Htg(oT+&M=a}EZv4*E`ne`s(g%Y^TdkI%tzk|n5U((9(VXgc3OUeJMwcpd#
zYw(e34uAb)Gugg9<0SV((`Wb=UlRKI4}pE5hF!;eNoeU`a}ss@GqU(^@%!(8c=_l;
zX26OSD;!e(5l1ZxK7IPc&KrakUcv4DDHmFwF{#O;3EIn-Pn$MMCq4Uf-1045?UJI2
z#fl}^w=Koz!i^hkVPiFNe?Wff^5qjosSnG#d7_Q3-94)c%-ubH>ak8CtCY!Mr>H;r
z<(FT6FjLo2H_ah9^~$M@+B$KieD(?E$D6o~IQ~e&bmI*p=eeHN^mhnIOf}Wim^*%g
z&i0%?A=6cR`@w>@lXEYh|JVU>;)(lKLkL71zjNoj;Lu11(~W!lJSHsP?j4$wZOU*h
zJMy;Tu~N1A5S9+lWsfAlvUlHk(H^pr-3L!*1?<f;)p79N?i%R2Jj6R8Gn4yH{INN%
z8=lidtvAJ=IN>*5UsZf5-gU0_c5m;{2_XR?JL5Goxj%ktj-y63wFCGS<lR5h<o==9
zYqGkwLr6%7&d#iZ^I}7CU;O<1Q-@J=F0}XRo1I<SnOyRra6@2j&@ylDxR4dbk#~=s
z4)H60@Ts}pL~Wlo>)uhE(r=m?yT{*TeB#zoL)VbFxX|EImhgU@ZNA{s_*3R+TeMy5
zyFniO%{TW|qr^8xCtpTG@6foojJU|tvWER38!A7IKSA4YS#wh_&88Cxb#+QbJfZ0^
zUdD|Up`rT^XJs8cNWJzO-}%&j8e`p@+wy*XU7e+V%ITcob%PYkLIbi?VSmQqtl+ed
z?dR(;^q}DW$X=eDZy$FR4P3>2p{lyIEFk^dxx<GKA3Jw$|KZagn<E;oTQ_X%*pYol
z&P^z}Q`b+w<3p8RK>ERR%5a!|N-uxxFkzjequ$uD!$wXXIb`I>(L=^{e`1Jwt_QDP
zy?XQJ)vM>O9{Y%N;+#1?zHUB~)yIw;IX=13e)L%Dk2AGgdzac@y;@A2&fR?YVf;Dk
zf*cc11x+5-d)VpMuP=^XS@rS4OZ9HnSKq9r)>n(~7JqC%im`5ABJP_rtoMfav*$hT
zzxmt8_VcIJ*H;(Q&(-Sct2euuKy{YrqiSJ^8_n*&dHUT?Sn;99lqXM~c6D|()!)2X
zUHtbz&~9o{izkkCe*5I{`;QM1cHpabKmGXQS6_YAC4Bc`kPk@^28mYr?+Gn>D!udf
z#;WAS`}aTp<;7n<-oS?rVR$AwS1YFQ$eEa*TmF7574=cyRuR{+vOPG@EMU>L10J>O
zzgC(y|33JjsN;M<Q{6@n**9nYeN#jm`tcoQxG(2IQ`5KKeEXB=_d58ZquT(tL${;4
zzWe68?>>{%-{@$OghTu6*ms?&gx<dTv2x9p-)N{R-bH_x^zSplEr;3E#VN?V|9jTw
zu3gKf4DHirxVGV*xx)r6m^H@0CF0**fa-iF_V3@n&wxHdN3Gm3d-lSAk8k)Ae~vHd
zKWf>e0Zw*-{;L<7{{cK_%FyAHCQS%mYB6>5<{1Va|9(CeMm9DKvi2t~m^f+hYV(=D
zH+>o{34IxT`V1W~;EUA;&i{V&kF_=<rVJRc%*?>n_IIZ9v4b8SqMsS)`LW>l((8B~
zPtk|_QNn(&{r{cyAN8Qm(=gf(mGq-u3Mu`WTzPuM1N_qa>|9_1{J9rFa^nDAk(W)v
z2!KD4F2xu?^-86RXtGhsGF7G{61r*inr_-yMgIuus`?+nXrQwGN0@BYo$CLnOuvR+
zUn`sZ2z@@#loI{u1N{gFsLCHDbf-Uj-;XXu^DXc7OM)^L^}?^|`uK`&;XS1cN|91B
zdzI<m7)rC2=9|z>|H4q3u>gNf=&dSO+Ssc0DzjACzPlbDeJEF%y&uM>e)#i;`d_Z8
z`XgGa#v_6P)&EASv{N-GGARCAJGHm6!9W-|SPcdb83|)X_lL=ohr;*?lVRe-=`d&J
zNSHNy6wIEy1ZGTM2pVLQ&YMT}rsfQ?P01H&@euNH(uRc#W{?f52lM7@!ECZo7cZF%
zdb$%pbN))QN9VxOrL$nMwgKqr7=V%f0$8rUh-_C2Fff=0%XH0PnSl<N8qEQ-dAq?#
zZ#CFYxCCZ~dMX=qweb=#nsNbFtYiSgcqteeSdl%c4;E&N!N|x0R!_SG>((rQl}1*e
zXSfyCtuh3|mD|8%K_-|otYD3W9&9jOOa4wyu-;M&Ow27|{W`J-*Q^8cHJiXpFCCnw
ziDA9PHn7}GzD-spuu4CN{Fy>v^Lp}SB0nYfU46k~{dQQhv;a13vM1jn6WD6A4xB8>
zM%-)<+sPlv&cOt%H@kv^r8jJ|*$y__tiZvV?8t4FU}xnA>(}pt%{JtNWakKW*50ti
zZYS7oiU(^OvM24lz-Ch_IJ>R~cRL?&*|my%nS#N?(G6T2cY%l7CUDyB3Onq=VCS{~
z*zQDjtDB?B7Ik(ErfbK7`wl<wbqb-n2ypdq0M8v{m%0YQw(YUt=I*BQWpZ{QyVE%m
zc6qsgyQdfUxJ7`kdl0oJ`)_9)IJ+mnE~is;zkA7kjRI%S7zp=BAp0{Mc6+9Rzefgy
zc%(z5M;e59kv;28HgD)Ii1djE|DXWy_Spx)-kGq+Hx2xJGa)$Ao&2V<A)aj3Xg{)9
zL*rqKdj&ZAUIMSce29$+g2>PVG{!+l4$g(JkUWTr$N=B4<KPo<7&7)8C;B9TTFDR|
zbqW$v!XYp&7t*3mgKuyR`8^$j(3p!VyEAU@L5PmM3^6g+Au;X}#FFjlmrw+;`_96l
zgzJ!=dK@w`av?b*4^qglDJ<g@B<;HanTL}gHu)B$rC%hQ^bEut%z?dWg^-ba7xrdc
zfs6y^$TrP|!>RWmGvg*CW?zPkG$uqHsGz<#AuWsinzEUYbL=u4KFo%^{2Op6|2CYu
zm;-6Yt04P06OJBZLHeot)P@J)$0cy;{4F?iQVe@9Rlw!TWDlPeL;iUoq!rY|p`tp-
zxk~oujY`NV<U?8!4+`&;!BMhPj}*4SscW5Z;aUe=xl;!>ORAvY`YXsUYlMQ^58+^`
z2rk}u180h#!R33;psbn)%$j;QQ~ea`8@O=1`2n!`e7M5<js*YX`q90L{FnbG;=eq=
ztE#MEzr??x?dHRDiuf0NeCcGy?u6IBUM{yW?_dRK7G8&06(`BATsmjMaL*eb)WFJX
zZYxTp_t>%u{~!PQBV+Q$;`bQOnBjS=;?v&guyfh0(GIIDcKcXpYfqZ9xf1ti9&NeC
zXLes=YEmApfun<h3!@YEgayypvSqjZ(&!^eZO=YTA)^o$rd-WaQG2vCx42tv*|XKx
zzwOKJ`U$D``{d=_z3ikSlV(_jy3fka%=LTnp?<1aQ=cQ%@9LD*J7RG8*4VwCR|R*s
zp6a%orY_KF(G9#<*02xpYAg9ZSnW+uPtQFXyQF*gsmo_nM}|pjE)%IVos2^E=I5s$
zO;7Kxp1#0ng#O3@>l+HstE&u<<)H`iRpC~510zeLF(Zcz9WrG6cvZn7zY_%)E?g)$
z(QR@~-?l4<F=oJyuF{bolqL5Y1$PRlNw@Yo)d=HpItHfR?);^Dz#UR9x8Tm5J0FdG
zL?<%O54L~x=8>vF+N&3T`qSH|ZH?W{m4D+f&EMso_;mfJqVMthXP=I21L}_Nu-TA&
z{N}fx>M0ZTkqF14D?a!A>%I~Od@TArU5$q(dY`@Z!*_rFdmorjZLG21+OxbLzWM5{
z$)~c<G9J6e_8n;C6Qr#%Q!nVV^3Sqk`wbeXX1I3t+|SBBWj*lN%7Np?u45RO&NKg1
z`dP*dS1<3^Z^qccrvLK#%9aYdLBod4U%bZkvu^*8y-r+o{)e*9$U|giIetd}Z_W~H
zzqYbc|8efz5jD`4l%L*x2<z|j<A{VlUk|A1^YsXgK9Bml40tsB(TJK}j|M#I^GI1b
zpn31t1O8_6^?+Xz@WRi4fBuOylJ7|cQl?*%>hg<{rc_BIrR1B3pRW>1Jw=V82E~7;
zr%anV59Vo(fd%s?kj|kAOLR5BXyqu-)zyb3Iwr7qDfvp1{$NbHg0ZnKY?yo*OiguZ
z57&iNW=4cZn~`6$A*@-w1=cJ&1sm2`(Ejg4xUC&*UFQInTg+)+_XBHNYjE7Q3GAKB
z2_N==Eta9QKYPMv!iKFjCd1ZEN#tj21Marow6FVuhrK`f8t(=NM{jU<@`0U%4Ldo8
zfGhbFyE}W+UK|PTyEj7s;levS+{vdn2AmwS!NoNOJlq2yz%?42cE*#R@E+PH10c{N
zh4wW!2=h##Hs`2s3Ph8Cu&eh$!gcpToKGgi`0j`BkT~)Y-VfeE`@zxo9E64^L1-B5
zZ6U`XiZI=v@Dq?4mQQ;p?UmstAuRF=>`O|4xP()b=0a=&VYuY)yEmzj_QF#TpIk_L
z-%&_Rz77ZW=R<h*If%=?4F@x6&&oLm`wx~vd~P{mv9}=q<W<PYW5LnW9LPG)gn}z~
zA^)Nj4&H5o(>ET$!4e*@n?>}A_Jke|{O{p_-#-OsDp_dl>*wfa)?H`2Y3F9orQ7_*
zjI~o1s84_|=FgilN>hK1g$L1dH5P54L~Z6codwGJ;U=qH^!&{IW^1oESmWn6c*rbW
zdp|e7VarTc8B_Jh8T|(^22y6F<;HbelpQAet@U=I)P2_uCF$p9G~H^uGTrS*PDp-!
zi<diixhgZ=VRGL|Hd_s+ekA?;2KDMUV(71=mf!f^eMT?&wZPABh2ON#$<OmjTd&iO
z?9>?mHN5~>djV=q0Fo$8tR;K-DcQC^P(8J)iSJHDl>S7tvafQTr3IF(YGtCKq<TUR
z2YNWr!+{<S^l+eu13et*;Xn@udN|O-fgTR@aG-|+JsjxaKo19cIMBm^9uD+ypoarJ
z9O&Ud4+nZU(8GZq4)k!KhXXwv=;1&Q2YNWr!+{<S^l+eu13et*;Xn@udN|O-fgTR@
zaG-|+JsjxaKo19cIMBm^9uD+ypoarJ9O&Ud4+nZU(8GZq4*VbDfc$}c&~FVb?Q9wH
zTXj9<Jsjxa!2h>6z^vmiq-_tzuo?x7%BluNZEZ87hSkidsOB(=%WE0p_Vy7Ce4d7K
z*6ij+Rmu^HmH(Q)C-iWjhXenYaX_l*P%E!uX_r;7=2h3$FaNFSpF2}L=KA$2r|McB
zr}$27TTOMdT@9-#p@}P+URK3Asq9x>+Zb0@&!5ZU2pF}Ed`3M_sLOAW#R#Nwt!7b+
z`EQNgQ{KaY9uEBXa)8~)(WtCu8x@ySYW$~HzI3{{@3jl}=H9(oZChT-c4o5$^Ut2T
z(ffKq*|J+j)hkQxHf|^{<@#4v^1|8mVn>mzW1~RYHd`ob)8NTEGR5s}(<tf-Tjd%p
z9c`l(Pdj?cy4w2xr}OA(-@}0(4*YQraQR}j;^NAcjg2DhD+M=||Ninn3W?!|=EVkQ
znZ*QW1x5yDBt!=7zpy7Tqbk@p>72h;?1kMs!_RrUho9PR@8#g;7-*Jv_}Z4cciHr9
z*G<T(6TRnhTay|%va`)XX+k4U=FlJzJ2na=Q<{WwEqPZbeQnr(UyyW4zffLH)~OgG
zkP9{b`>xz`r5+Ca_i&)?QEP8ut5A)e?^zYhy5zEoTASaya&lyD|Gj&1v=hP(hQ^0x
z-HZ!8z>Ety&=D7s`L~$h{TLmTfnmP;(AnM_%^6mxHD4dcjh%x1`VB<-R#NQUn<Axs
z`wqmRgU8^)dHT53W+%o(?Z*@OMR?~<12UOnY~;ub8+f8+wH%%XizC$GwMaK9=f;=I
ztUjNks9iEjNz0zMf5H*vj}?6t&)SsVAfO782Q4aD7C)3uQWi+N6yp?6I(sV~$$PhS
zN+*lkCDSDB(zVJuu2i&BnKlSH8eFk(y|i66qPB^p(ZFj^YZmhiyW8*?%2YtSQ>Gt7
z$HS*1m3i5NHdWg4;P0_bQJZ*_uuVKhAQ!2L6jF6rmtu(QQR@)d1H~{&hwKYUr)(HS
z`j&~F(8GcM^Biar2pP>{NgR{aRCw{yO`Sh-#gyoyWA;VlL?wo0e-js?l=oDO3`oYH
z-LdGsa}U~DI^#?YO_KFKNM9(11N!&JxwGb={!)FkFtfnT>#eDc6FS<s<955<XusJV
zR~W3rA;ZRCA6gUU%+*F$=P=C3xP*nb8s0Nmyo=2Oxo&kmFT0K_n#~r<0!8iZV>m5}
zh?WNrM~Ye%T0EIZUC<_8teiia&(moT@Mm*cTBg+Uy5+P{EZHh*Ygc0nMOKXx38SjM
zS)0}skCLidwF*{aTuXb$hzeFyAmI_(_n0h~au#8km9@^d%WD|rwe^g9)hx&R%v#1h
zW}S0gQ{%!)R;>%Gnd8tbl*9_e(zWb*!NMwLqt=b<W&Q6JS1#f-i`G{$>y|cg`4tkm
zY#oc+5W(U$`Eta3jRrxpK?7f?+rSrFG`Gm+vjr_yq~9!T6v(VOV)@)gL5o2>Ut(O(
zZ?WRF$fwkCxD1{|rpDs%R2ZsAA+uKAXR}D?($d~Kf-jLQ;fp0|Y+jRwytDPw8mMfe
z44qxi`!;Y|RDHWkdj9rspqm36kywMCVMaw&efodGla#33i3y=u%n+}5bax6sJFA^&
zYvqPEmOF6Jpdr|&cORTTXD)6qUyF{`_PArK1G?C6M>ofv=<61UA)YZ9?VpNq0S7QX
zC<jwx&tlr%i<p{x9upGsaP4|q95VC^3@4qSi7zYUiDk2zgwpx-JjwXlW(h+=^4ctE
zWhmz??dX^zZj-ACS|u7vx=|?9=1ZmO4I<I}dVxq+RVHdNm3DRwX%Mw6;}OQd;)=AI
zgtFD_X1*G;o^PsbQ^ssGZ{)X3xmVSo&E$wQ>Y9ZM8w4#HjRLVoEk`h0+WBCJ;_;K-
z{FauumbUgtK}%a@Wi{vD%GI446_ZQLsxPqEjU^nRz_PZfepI87r%}pe(YTV;Y=LND
zqfl-_GH+7PYq4Q-#X5wI+EzF4wAnndCC!h~$P;VV^8`9<uE0t;PrkIpS(!HSg--I$
z_8~lxgfLX8TC<R^p?J{oPv@*9_ZkDwoV-W>X}c%<cXL4g_)%Y>yj|^jQ8^<&zld?6
z;3nf%@jV8u^V-GLECzi)t3hdPgFds7H@<?+VF+3~)$i9gG3q7K`S%-n+V>lpw3}oK
z?Xr3fgDsM2+;41VFoi7|l{}$gRTEFGP9T|I#T95bNu_E`zL+8Dd^oI{_H>S1q0JVF
z$5uA;wCjYTDV4N`DDS<xiLRk&9mN)i8PcvtgQ^>O2~8rYUUf}V;?0{?`XBj2cKg(i
z`QJ(-{8Bo0Zu7_OHXdlb(E(R3H^B+xreNQGeNk6yG43F_cUH>1trNQ1??6A-AdK)%
z#Ax3XjPXswIR6Zc56HxXpe#%bK8&dmr!g`76vjuN#aqQKc=Zkobyt|;k-YQo<sA>F
zR5Wl48b$J%wY-+Q!j7koY=QJ9N76aHf+Nlqbv~L@*(Bau%a=J<HSieaEM5Xv)~Zp)
z=I#@=b*Wc13QL=%9UAx9{G0XSHj`2o_X<lW-BZnxWHXzk)lDM#hC7uFOiGvDC~GLG
zY82_;s%W}aQp@qZQBs>!TFY^1<nd05Wv$1B;x-47xRd_F{l5+wiKj-z?m6rh6`FZF
zGC1SM-R=<><Qs#xZr;UeRznMm%TFOW&tq|0lIemsD;q>-np@g0me%lYGzjEbRrSKk
zx+dxMsyY#q&5@s}VDg#lW<^D56^Gd*P+Y61ZGOp<wmaUdVEtL#+UZtVQ~zGp(XP=X
z6eV({EvkQ~-`dro!b&8q@-567p7!lqHD{EwWmY$1T^)ZJ**Yql>0jSLPw9V^168a#
z7kO7(-+QGsXRcnmhbNB~;(_!tcqI2SHgiRJLPdv8O(XX@U(q&(BbMqm2_<SGsY11`
zS2l8Wnj}&+wn(B~ClG0qoPHr{>lh<xYg^DLks1ivA57u3b!yXIrq<9RpIt9*(UNp@
z4C6@U4CTBVrE&vmKbtRW9mSQmX|RRDQ4QjjWvV)nh#~Fl93fP+s_fWCQ453Hq8OvB
z<BDXnt82I+%KYzz#63B41KndtuD#IA$O0!!n273=CgQRs+Nd^S1ln6|L020GbXCf}
z-F6J#6^>Cp`!L#vWZy3pWBt-GmgGO~qx^?tV^YW=+_xtm_s3nqNZ)+CdQXbCYxuZO
z+Ys+pH`&pitSfu)co0w0&JcHWY4Id-hN$(C8e5=XDCgTCXw~6L+UD{ltr{GG!mzdL
zabJ=#M%$xjy_+Q+4Ecj6Bb%fh`r?kqW17UR+5*Lc*`!10a>T9cMDq5r)%ARaqT|W1
ziaI_+-1bPVg!Xo!tYeB$BrOz5I!=gMI^CO_+e|r)QXPRndQsTYmcVKd##EFyhE-Sa
zG%`}oj!#ZFc{(xX*w2Zv$1pkZ6s9B}$Hh9UP+xx&2KmQe$Ajk<(vF8Cxq{YYcC%Ec
zo~JOYZIapxWDn=mHcF0g_zLSro*dgAK0%S}0X7TURFNZS#U`E%8=ECqQp)ZsFKsNj
zeS`U9@eSs;cdk`o$&IQ8R!wuhP#{-pd-Slk>~YUo$?rYG|0n9jGU>w4$Gvv--rJ*x
zNUx2}#dT)eaJ~6<EV^DSl(s)!)YziXxL3wXC@L(iy>g|b{Mxm9XLw?HHcuq>Q`(``
zP28N8wvK5f6^(gC#kJX0%-Y*kjm^jFMJ?LpP5kT{zQm?RAkC>0%Pv=v4p7Axq|}Ne
zR+T(K0_g;y6-~`nRUF=RQG3Ufiuy*TjBMq~`i5$feeDuvU2RL}1C5$y!COIV`<ALk
z{?A;g;s~1~#9G=T%Ssy;eSRMw^NA4$XU9ckWygl>f9XfI{>C*{IA-)1oHKJ8nj5b~
zy~T@AUv~-V`*tMz_7oj4$Ss8Aey>XYqiFAs_DiERfaE`5KgI_t_5UnP2tKHi|D@2v
zm=c+f2NJJhY{+@!Jp39RclzP+{L4?u>*~YVBE{<abzBKw)^2pSme<@MY1O{Z<}n*7
zy~pB}R5wet%NoSlwS2j4S-mLaUL7x+#aB$fRn^24bv&L?&gStNM6LQ2Y<>di2uE04
zsn#vp_nT#%E3cQZn9VI6Y1fOZnQWfax3q@q!ETa-+%Ih~;_=!T9j%WO+FBoWJ$wEV
zpFMwp&z`+Pk*E!cSM9k63y$qiJ^L;z;{tu*G+~&<RVb5oVso<)^KuIC;`w@9qHT&b
zEa7#IpfkI)jQ6miN#<2vEjUxblF$@dLW@e8h2_=U3*}Y3j(hj&@yg|L%sqS+4`yD%
z{mJJrHQ^-gi_OF6&@2qtoroSgLdmA`MGwb73@3VD#34MEeF-m}xt%5w%f||&VpoAo
z>>`#aESmTdZ@#33(fTj!gO8tWPx@cuKm(^au(G-q>zf+_WDh&%vw7T_yqpV|nS6>q
zCx1*&zJy1zFB8`7j-^b2>{?;j<6P1Q4(~sWJ9dQN<}J?X;Tep#ZdKObxl<!7F0EG-
z7nKV$(@vu|VQc44U&p!z9!I&aHA@xRWJ64^;)u1IWeVM<7MWTNPoT|}$u(F4i8iOD
zRiln4(%?uHs`ZF;3`T2L*C26whYBN;Kj@-w3<hX>_;gtNqsP5@@(zQRj;<;E7CA$r
zXgewpDXJTrB=)7{4J!L~!&+-?GvoEy7OO0UCPr)Co2)b^IbVU()HQI>zyXBw8<703
zz;R!UL7Pn*N$<BKz26Sqx9!AO-z1g%NBSgUz|JrX^Ngi+!3}*~0x>R-Y=EF_mHa0L
zAHu|t!?-sz7c=56V0OX{yk058{HymcFfi^Xv8-(|N7^xpD^?gN=U&wyG?zYjGN`&i
zpet>EIHHat)|IzE9#PjMF>DmbCzY{y8nn;PmvufF!fAP+>Z9!U@X?drtq-4%Y-#OM
zZ|i)%oG<TOt>}C<t5K*hlXgB^CX{!D3&b4{+S<FC9z1yR`pM(x`0B+gieKW>$1hPV
zYQ^%3M!a5FfkhNc?y<0<ya`M0)=^~Qo!g~YP;e8EA3KfV;W6mu8iMW~VVIS58e0^P
zqhxK*GX<gtp>-@_%k5k2iYo<7ym+Au^N-)c^ptZLO1OxtQxIBPx#IdYcDTxT6B;Zt
z#U)yLID3XBPMxZbQ`D#8xC!HN^cP>C+Q^ZFl?=xjgt@Lav&A6Kcs!DM=6!Kdg+u$p
z2R%L$$`Actgp7#OeJFl9Bl;Ij{!r2NJ0%*0MR$V_q~-nKy(<DeJbdul?fX9!-MRBF
zE0xyln4`FHtrPAE+mE@qSJBTq8dK6v;enL1n3aAWy+}9K)?whLEsnU=))jq;K9G1C
zbN64y^!R*a7+B%@4bHgU!U+qmmp&+~t_v)0<ayT%r9VnKI_KW6=amyS;9Szk&n~Iw
zyRd|k=;~%sB~Q^Yoyp<dY$AM`(h@f56nCrZn97?fXEij7+aK7J)i?jtENj!QXyi9F
zh~<uLT@U;6L^3x;d*`hBMnUYk3s<`AY__A;f_cbTp@(Z3M!43@1kG15(9FaL8HOux
zwUHsNGhK<xmuS&h-#ps;x8e?4Th$s6>K=x1e*4hNaW^uSFQc|AkiN+d*V5OKu4ORL
zXNUi%{a-2ji6J?p2OOa_AP)~G-^Sx7*;p%kgmY#s!@6ei>L!8s2(5W%>iP1URcvlv
zO|$GkX@mHoNYSBH)7<h}Ab)U?-7H|T_;RbNCNZ;$#bHX@+P&+z{H)7G_r<qLsyoZ8
z8f5oNSx;}=tl-_g&BPlwtFY*11s2|{#A`(rc<W9zR#i1(MFktnD3;u>!MnxPZ*SeK
zY%92Ux2S<7J|+})yt-dfhevWwp{t7@u3Tw}jt;)K+areLHyzVbPh;M(LOgrA1Pcq<
zSbVn;n;SZ?^gj3N3ujBeKb%p3hf*)&-pE`G@Jv9v&7Nqud@YU`KAz4-`>D=Hd-d*3
z=O^8<H{q$ud~b?MY<2jMAvm67Ut`K-oHStqPMJIfHRsM#>0*<{Y2fCy+c6<L3yTWw
zH`R0aCs|zXe1TkQEND|0N*}bTFan;U`%Iug%vITj9GQ@zd^V&{6#s-FD$9GqKXZW2
zrmW7KDSDr>Hy?w2Gtkgr1NsHVQ;f!l$V5y_I)<^~Iq2*Vf*ejON?M=NvsQ&RcDpc)
z)_MQkNw`Sc0ByFqqP>$h`uWA9F0BQT!C9CVe+pyw<l>4I8}WW=D~5)rVEX<%<V$2@
zc+w6vfvjVG2kqT;e5tlj(LRaE6>D>(ZBuBkpIOr+W++HcAY7Tz(*97L^aWj!yiKi1
z+`>@ag{<@8+;-Xr32!u3($yRx;ezc3iie&3c_O)uyt89QX4a7x3+69Gs|{;t?OBDU
zh6ZT3Ob?goEJ3YB3s8IE0$jFOn`GYzH>_shtm*2wVa;mXzSUZ_1}JraIKRCZPx8NV
znKoKlti=fbc#IB6!YIEa+_O8LFo0CT|CIZG_ul_e{*!`_;DNXTTL12#@a><`XssQd
zI9(7elD8T(@>*0nO-K6!b>-XzvUU}g!EaHROWPkTZ{{mzG;+l?vbIhX%i59MD8RE9
zuVP}-VcfYh6qo9*!a1{-qK>u^T3A@)7VGVQo2ovaIakwwX=Y~I;2#iEw|%>B=7x1U
z6QiTjyzZ9NuH5eIv&Pdi<nWH|zI-FY4ewoC{c+#E!+4T(vKzN*NDrvPiV`jsU8=&u
z3l(^i=o5LjFf;W6CPp8}5a0di>JULZa6?1A4LEP+5*#vUWVbKG2ifkH_g)BeW=h|L
zsY+EcPwT+oK?8BjsF65n{5X>NNrbgfoG=CF&sczZS}W*tF~dcgOL5_REn1V!a3r0j
zYR}iB^VkSHk$aui9d>CWM>JRQ?7^q~PTVfnRPs;MCY!BHIZ~mDk36~X6Ar8_?+L$h
zppnO4Ra{n?aQ4!*GsjO{Y0W-(2{TA%izmD%BIq!#Te}T2G7GV+j7xi@Ek?&=p}+q=
zTx;%vWz_=YiyvZqVg~8@Zs_i|2iL5&LEA0vm~-?d)-=B%+*^jRu}4*P(PR_*cqfzo
z7>S2yFS%XZfOdACSk2}n(fM^!El0@YOXVeXTyeQj(dJlD&tVD`3X9SvVQGy(w5oz5
zimK!Yvq`qKZ&f!kB^?i@l-4y|rFPoIOg2;0{$MtfD{Nwmq~47psY{bYet=|X2c0*i
z2?UB{Gc$Aa*tH8y7{<76qwR~mX-9qx2#^2XFC+}}PoBe@cS>-lyBC_Q)W>zJjd9|*
zvFNmQ3+??R{}eqO+%Pd94a3|cagDJ7Iujn?w<`!^15+@Le1sALGci$R`*+KK0-XUQ
zh91GBu%nn1dX#j5JUkFzjCGx_F(&H-rllXct59@0lvXv~Y~qV=mDg~-;frNXm255@
z;Y)Vau=!nLS%-FEA@e;?+=9&<0qI%UIB&k``@P8rp2jDpM_;~L93XG+3hsLPD)h<I
zFL_U2yuJPG)jQ^k*YCuy-hSQu^yM3Q*OM>LOXUy4s86QV=IvDmE7xFHWCET(ca?O3
zT4WL?SywM1o4x{1pSX)>PZr~`L)UPB(n*X7+>bu4G3c<xm)1lllFN0taE?BXR-4o<
z>mT-Wm3%8@{8I$VcSohqM4!IBaUj`MBSs9z>FU!+w=%%hh8Ac=&x-@;f-dAU;jz^R
z-EDo*ZL1&IQ+~M9J{Wh|2jR9&yU@Yf9W6|^;E*9|xM`gOrtdp}SI*wU>Z+y-_07DB
z28qP@UM<V5K_b$w=J9Xw6f%=)F5kSmnakkHMVd`AIv<tr)VMOC8c)urvsJO$uTt>;
zznoN|*sQ$kMxHQxZ^{9jJb4b<+XSHDiY@41<AV|52UTmle_#Uci9U_u)(+gCnS*{_
zap>+ChECf;FeHThWWsWB7vW}`H#?Jk=Z03Bz0sCFw+lA}Sk3(!OKM(XOw38#;pC6O
zp8L>&@STjz<D{FGBZu3D%MCW7NYQzME0KjYi)1OX_6IAatsMap*`tlJ_6~+}j?88O
zgU<KV%Gk}M*YmWM=Z`fUiK<T4{&4C;(izCspQCKcleI1rwRWhBJ0DIGw>?l7N?T3&
zBDwXMGnXqgG^V4!Ul5v_ufJK(ZB^|R^@6sE*Y8$nhsW;qcJuNrpEgqy*O{A;?y5_8
zfDXz1uk!Eb;)98SX=uIHN`(!&*f?RBPc+F$GDi3&lHRYh{b?NtIY99c#w+!I;!o0^
zJkpDglAREZ=`q*vKL0W1-(sSNm!Ci)ZVTh_<yc$S{0ooY!jnj3fe#-(Ti(*zVa(yR
z*j>9;CNHb3$2<2+aJ88=W@a5@wsk#?eEQ`pt#{vj7x?AZ--N#U>aFnQS6^Ly@%l}}
ztFPXldH(us>FamzZxSCI+q<3=MMNi^)10UOK0YCh*5gX#@Dy}zC&W6I6tA2knLmC9
zbB`2Y8e#jPq~ADg-HjF|R;ash1x}wd8;1^5Bi|>|;g$RPCmp^Q_WCI6ANF^pocHeC
z3;Xr&g98Ti!+`_(<Akx}NvG073*+@@x88wd+k<Q;KlE}4=#JY0ako81+d%ZPqcWnM
ztv%6Z-FDo#$_Ce)Y(^_{d$ix=f{tWU?6eEPsgvg5QXLbFB44eOxkY5l)YgdFI~Q@u
zk4W0pIjCMt{uG_<!>YJKjRuKKqgg7N&TErRQOdrsU8>g7Asg26Kry84(XalL%4g?)
zdT66FRC#;rWU;)}R@kCgED*KK<k5Sq1w}V5t}<Vb*#}DS=<!DKSGkOfb<NOw*Io=J
z9tVf)!}dq7vG`sMZXv&zUE9LY#ApM$yC>mRYd^HIbip;|8*$AVC-n5DbAb(Bq@On7
z<r^({{u&2O%(jwWTnO&k5seI^&4eXYVCUo4$f9S^g7gd0`_q{9&0pTR$NWC;$R&)9
z%)sEV0~i&bj>k?Get+s*k?_LRyLkeIbUd92=hO&fN2|DEH#$G}AYFjd_UL)<szzRu
zsO^CkVT4RUYX`0M^0#ze?yl(QRF`!=n7PB%<ws{158UqTiB8TQTRwi)cdP2J->q&~
zcB$yD?&*tHbjFRJgw~c8xM=<yT)%o1?eW&CxWm>4{ayV?w@=2U+Vg1dGQeGA^MrUt
zppQ!cMv$G86i)j-Vc9#K{4hG0)`8F*+#5l<&yFzMO#XqMF8+jNrQz*b1>WW=(B9q|
zW%5TD8WfF#hfKm5GZ&MMeHK|YO$7p3YvH9!_vDAOuV7;0LBiXDkZk|Bu4hk|Kl}3C
zu~+ZDjeqskSM5(<emVBZmv37dMD6(E%~$yB)tk8#1K+%PzowBZN?fpTxiBawig?Xa
zt+%)D)L}!j9C<Ad>HNM5Q(_O}ZaUA{xYh<|&s<1y-d`o-K>NB%Zzq}Vw%NO7d(gnX
z_{FFpIC1<4RG&H;r%xM;)2Dwy`B8*vXwbgC6wM7+<7V?M=xDheciDQNC;3f#+WUQo
z{^&_Q79JGcschF)Z*;cYiT3O4(9+Zb*Bh@!Crek-0|L?8F&zC}qA_@90)~6+#XX+M
z80obi!@S5Y)w9598uQWLo3O#GE97I%d{J6e_nt7Mi^Z%)dIhURi}0hAa-PJE&W>D|
ze33<+P@vByUrF+roZBRkOd-GPnZj0u3J?DHJp4~jm1}^4&dulyWv-w_Hk*9Vi-Zcf
z2l<N1GSc$|3$%?1&pU{Lp$Bl~3QLmlMATbqLO4<to;r0K4fWTM9=IJf=jh^Y-=nx^
z&q2~j&tm_9L&^4ZBYi%aY-3aO_SlE6I}>r!dcxYYmg5eRe>-b`oIQI9p31*VK5!3l
zKiU2+E@61&@Fh%5%EPFzOtPoRuG|)Yx_S(pIC(B!zI<1CM)0JH)tJlXHtMoC+^8n8
zB7ntfF|6f^m)7xHR=0LN?aLNOg2inQ)#waCd6qtcBT;N?Zc&U?Jm{Q%=ECKowHr2K
zM07lE*kp^lyhDON|D0>d2e0sMnalCBm(u5J&O;lk^*Hv6QFP|NiDcgfo$ZwR|5o&M
z^}-mk_jR>qqptQWG&eCMzuzsmhn~T3?^x3Bvyk2yAiLO$&PO~6ucG~*@Q$SDW9YiW
z4;}1w5*`wVmn$D2yZwbq=TfvjrnT}m9yo9gW8*V%!#YP~*7EWE`C{CE;4DT*???Z@
zJx?D#d0rz{Jg|TA;${4+x36!%diQ4a<CkCVc=hgW^5a)8-?u(~iZ9;2#n<n@E`9yg
zSAP*o+TI#6*8OQuL_C+nmF3njITwVI&aF+{R!$vD{N(J}Tj;vo3pJ+BQ0?nV-{!%j
zpO61y1WuVma;-5IXU!N-=b#f%bM_=$pgEOnaSdEBZz|54JDISOS*TC=sPS@r!ai4_
z^?EC`*{}tz)@-DGdo8XtF++1B!c<qTq_~2jQr}-mYlD$0D)XiWdT6Y_7)_UJquB~A
zT)k48`sknqV+Go*wMG}x1ALtJV1RQxhPV;F;+~?C|5zWwR)X_zo7HYqQ=5P;<gb~T
zdL9cdl_85K#3q?UBA|CI>qYYUWKd48=89)Fh+7vj`TXe(EsB|Rt~9e=Bq3WsI#Vc@
zuTnk>E%Z**=g-9d#Js$tW1^&0q0i=u+?vEP16kMO{*v}q^|ET#;S1;QWcfJ8nCLDt
zL09)E((4b?9&d;1*E$pS>OitM8yC~suwdR|w6pZb^Cz0{dVvD7GVY?D{zmLax?cbO
zgV4)09QUVQ#Q3BOn3Q}H^_H#1<x5QoYu|w5$7-Ol(MI(2h(%w*$)-%zL~pMcr1$AC
zEFcxb31<%6oq~QOV-ZmqIBvW;T5fd0(-&@bvUt4gN_Ks1c`ZA#lFbRPU~%p>aQWoZ
zD#&USD|Xd1i-OD89E}>j__A_6U~vT@($+Q;siH0YK=z^cUfw<!8Wx52WW(DzxC<+4
zdA{X!%|>_1m<g=r?ss0I;*vu3mn}idb!Iqi>ST1X*+R0flz(O1iXKibxHlvP8Ty17
zE}n~PRvFV-wFhB-DWnI4k#0ce|D^xB*zY8nSWkO@4*CD(U}R7x1`<B#Wbc9Y);sa&
zH4(PF`4&e_T7X=h1o^UO*w`dTq3kIZ-{#=qtV?(-_ck8RzI@(dy}hLE@ynE_U%rfb
z_Ug-o2hYBo_wf0Pt<PV5x#QWFZ;rft^Tznq+c!0@-@RG;;?3JL4<0@l*vu0@GGAkj
zm#^M?&y{o-l-7ttnDtUCuBgqt=w=O`K7EI9n$7gSQeT{*J|5?hd@q_e1+^DwpqAz|
zTsU_sYR;U5b7xGX@@aI=KbzilSb)YWbZO07K|T_za1-I8Ru*e;%i6WL*}{VMg~h11
zWG>lE^j?H2YT|NTic2-o;6q$NsWPryHjm<bRWw|-0FCq(&{@htTxCFOzzSLmXdN&!
zTuf1i^2^cEY$MqYj)W7qp^KF_dT$HI2v0hb2tSLVyVFSbm`i()Ehfh2;mPASvG_in
zvGByr#r0g~z53>e%4UgQX@kJ2q*27E;7VQUMY3fzycQRF7fY>CBw5arx2u!BI9niZ
zCEMV^u>Xm&ue>KkXU9lsTkBF<^VB2?#hiOp_0=qTfrH6vE;^o5u-?x#e)Q5M=9rUn
z6>H0%<K=T)G$E|saq})*sb{8ozfCFQE0=A;tLMp=t?&^ZIm9OU-$d`ik-ax?7>4^D
zB>z?co~E@SD*gn{nze+mpMIoE_Qv^|`h**V<8H4cjET<0(W55f4#yz$C)$~8zyQJ)
z%vaf?Bb}i|(m7IA#x+_iBFRtW3?4gDh$r*!&{;#}H{>UZ_o~@H%H<tb*!-4KIz!)7
zFKi8|7s{uzM2hfMdS{K^v(1sUwQERaZ2>W{37C?aiIEWrxP$cn=`-eH-pTXH9I>Kz
zldxr2bv;+-MsZoTk%@VN37zMyU1dbi{2~?R_fh_Lko>#Y+2OvBbabbETu)~{+4CW!
z`}<?4#~!k2y;SQ!d{7#CyOCcoy+5>%?qP4l5jy+Gq%+gg=;A<agHmws;Sv<R`4bv%
z+K#0qwaAq`MplCy1=23s!z%I8`7%0dzm<>}e>fmEHZ%It*}E$g4<D=iU%Q^Y(s}&+
z)z-%^-VA^I^3DFQzWdXvC$GNDfBWv+HP2tYW^x3AGxO#xe}Cgv<>UKR!umT^T&r7U
z!lPC73XhV~#+#Q5Dls)Zk3P!*bhf63v!_qM+0(}1f;m%g@xmFjr)$z$twnOalrYfc
z<lnV|-g#I_(TL>UnB?9BH(8hx?!OAH)^@J}W=8tdkK~@Bo+{EhK;!6>{Ojw^qji8H
z$^G)B^Jp#Tj(R$CP-oE$dXH){PMb20<}eYLES!lZ2HI#!@^3=xfQi8()w*D;zmV3Y
zx#;c?j6tr67)H8f*sgsTPHVv4khA1pb&m9q^{Bhph}PMCn3;Y7uNPIevw1Dygcoa6
zH;YZ^>~wJnTQIwZCtuCtNp)+R<u>G_s=?w*44Whh?IwEnf=4znVMdJqsq!zD$<<og
zS|`!_6&}sPmg^1Vds$pu_f^5gQoE1$tiN=%{KVP2WP`rKihIv7bzcE}re@^7;io#s
zRpLKijGamTzXHOJ6quLCCk)S;eB}Gn=VnFzz_obk##20VwGA^4meaa0<kPv2-Ih?y
z&8b8GfI}GQoraq8mysPggT`M)&)y1Lx`csxdRuT`;w`*W^ayLpAETk+2J#U*h3N_B
zaDU=Cj3I0wA}kRv7Th50m-8d5zB#(CK|Jev3EM=VcsRC<E%Fq~AE=S<YoJu#IY}gG
zwGR)E?n=wdMmC#=8#ismg<86(P5ATSywlB9bsYP;daiLpvp~z+Kcsmr`2m=$(5Ev1
z1Csw=_kQL1zl%McfB3}X9*+pLpuIoDD~k60NDTEPU*O#d80nKhX90wX()mbq=zfxY
zrTph$JlRM|(I?RBe{uI7U|pVR+V{?6QjEPf5bP+TR238iDN>}1A_yWKQNc<P8;W2<
zu`4Rrd+&-g6)DmYu$#p6OiZ2GncZ)%?{`0Fl9?^XJNwS@?rd@#cm7BsBLC;S?yH>V
zc||Q|{;@)qq#lv`pZ!rH5?9N?{b!}R`laOGXpkG1tK|5>TauGa|9$J(&ofr+`)c)y
zUEgnBe?a!_JYBbc&xP1$FFxw~^n;JwKKSgjRWCmMJpRSUpV_|r<clqzefia#$4@@k
z<>fu)Rqp=tP5Fi89WEEtINYmxJm~VRn$Ysvr-RR3DG#Zrd7_)PdZYGU4l(G*oleee
zYev3e4xiJ4p2sM#u8t+MPb*%*{{(BW|1<tQCxCx)054|;juU(iQ!uXZZ=mG>S{|VA
zZ#J~$fPWPSRNZ83*jGl7Q)sW$6NAY!^!2()?_OP{Q^&UGEjsZm3<A&87NdvDxKT#L
zfDtm595OM6_n!J+ours`k~~wrW=iV3T*+E>2EA6a^z7B2Uh_P1fnBnD=NY+l?asyX
zH*SZYzfnBv?5%sYdG{(O-70Ue%`0yRxpl9~xbS|1`|avR{k+l|gW~Fj4!4N~Z?N!d
zdTn~ztZ^WoJb&7@w5(=y(e0}L?;@PMy}M7D{qpY_;2)Q5Ywtr%e@?dUES8*o_o#<s
z#LR4r{05D?!vEXvw3Th^^X2G)N3t`!PCVRa)9>vdi3@hg!6Qv_^2|#)c=QRgwAI?Z
zulh$L$t&hB$d#PjhqC{`14&^fIK;^0b!?!=gofUD*jW0B^mDR`<<j{N<T{!eb7tGC
zmS)R}<lV9w4$(L}4;f`SK@5hBg*P@@P8`2jR8&$Ie(rkNdNijKE)~`mg8vZ(_iA<(
z->ot)DXY%U+Oosm!`nxW9zP?u?^MVnIJ^S}50Oq?ddSpip^}lg?biCNZ3{<RS%2U$
z!9m7Q1GqUkXgR;S_f_t%-T(emWNvtzq!0t#oW|47i<RU#E71i_NB5J){7?1&*D(8E
zC*d>VB$c~AHDQZPn-ZaMCg#SimTA-CsYCWk>B~P!V)`~&!?}E>R8Akwm%Z@iHm*A?
zNeLU6lf=T2b080~qW(4^9y!Z`_+|gLW5<a@2M%1DcHq=ajq~!+7q85ozx-m(2OocG
zF~xuSiM1Pc{A*spgXSwYO2%I-Y$$?y8-Ka5q3&M8C#x>pta=VVKl0Gg%RiV}jL~}Z
zBZdtWM_aIOKN7AT2mHG^jpl%VC-6T(<@*Z%>Wt%X|8o@nJ;A@Hv!mFKHEqfHf4ci$
z-~U<+Xo&+_4xsV@6(dXrwcPy!dWlZ2PSUw^8~6b4$h)oH)@BF4d+WE-N4G2Y`9N?_
zzCf-u3I31j{VCih#jGdZ(jT6gso_5%W)na2y>NwZ$ZYDz_gi-o=Lu7J9@oQFX5MnM
z6s}dxOP-18@WQ<=7gyU}yW0>_P*HDQRMq5FT-7+Pu%f}KxU$ZosH!2l>BZCE)-*Sp
zHa&gR>zCO0-~4gYv!-`$=I4(ry<aiz+V$e5gE<%W?b>+c-_<%(eP&sin>l>fM{kID
zF^kRKaYwdn%9EhL`EazlYxwWdNl!MWUy>6?UeL>Hl0g6EVl!^CY}#;J_8)pGyNC(f
zc9e>fV*tJ5x0t2*NJ_#{$=Tlw_8-gUEd|mFpNy9NGV$c?wme6(#m}3baKuuXHFKjJ
z%)KvJ>yL}|Sa0<BTO?u5Mp*)nHWj{jBAoh+RXK9$@*TNRR9Rbmuio`$QAK8DU6aGL
z;=0(1>ZXAg3v1lzftgj+G)JLtOTq^v)6vQ8)rQRN@ZoMS%iPSJqoeUm-+8w+`AaKw
z{jJ1zqBD7@A^JZz?f!p*{}6va`jS)V0R)5dl`<!M4*7gA+@BTn{<+uT{w`P8CkCvb
z4-gs@E2&9Y%>A|!Kc`9x{S<UG;^{eE=FQz9x1aw}(svz)M-?MkEB8rS;%12rOA<e3
zs21kqsF~=)6F1*|_kHQDqc0shb=Pt%OG_s>xT|Gd#=c|pWBrevxc>hB+{^wc%htO%
z!Tl+(dQ?$d`oO=e>S4FMyY-VwYMykuR#X>oyZmW~D@9e2w=0^A^6xYm7u>1(G%kJ#
zU$ZsuYb)?LP$t;D#=j%@S4WEh>i#GH{|W!LzlZ@U4{#uUSb~3rd6oaG*T2SpOD{mx
z1S3riv^-##fj+rkCu!T}J!#vv6?cC->C~wm{k*pFUaNPRL;O}+(~mSVAXgYVkeVw_
zlA_kWjsZX8U&Vk#o|l;56~x)O8Yg}Iy5llr$VhsWR?K_TWP8?0#fki^sJv=X-re$u
z!ionYuidShbo+jt$<2E;)<u;KJ<b=D8Q*VWu3Yu&@fE0V{!2|{ebXbOBgao2cK4Vh
zV@6F__n*bHh>%1J<6$=ET-|5LmaW(6PjhGIHpr5sJ@VfBoy6TaS`O~1mg9$>!xd?g
zn3(P2<vWj`bCn!9^@;4={|GMGb$W%?VmB^GR=|5dc=V|pIrag0`%?*r2hcKK`mN~n
z9K@U`g`Q!atXzpkhFWgUoDF=vFmk!RGIdgv%n4o1Of6Bu;2i{d#BwhM$cmL2Qd(A3
zR9f{gqqwww#g+W~8Raz(LyliT>vOx#{N(k@lSOxG7N9l#<X%}rM#;UJl3TYbBm&${
zof1I(5zE&LkjdT?nSD8k1KeFZdey!YU3lgO<K^M~I{#O7|6~pKVS#~gAK*RDOeW7K
z$B$bE?~lXmKXKMl?*0t)Kg|8;_bLC7#JE+mGI=xnwF$D6Tp(>pj?Aaexg>F~<TrgU
zn-5<R3uYspPJS{_&p_V#4f&NecWdFuDt{r9;iELJ{NO=GXcGoXo7QcK39aBNdog=i
zD{0Gj<s8Vl;%;N-a(z$E38|`m;+uE7zVPOq`sFw8K4`jC-n{g3e(kFpC5_QH?=(EP
zakpW`g=-ag=daw~dHF`wk=;3GOOg^-(7SB|-rm-F0FHKMa3Dsv)Bsuz@CN^HY5=(1
z&K&9h5AuMC@Fgr2{>=x0|CT<$n_9raWH31FFT)J<v|3;F8~QU_7|^e~^zYY;J}bS4
zA<Pwq=<&JU%pST)JK}-D|8L1P-$8rbM@L8ELzja6H5_69_kYss`#%}%Cvg&)SuKdl
zgv%YotaXO0TbnDc@PvBOLyioYFMIZ!k^9wfC(G-P6yB?gy<A*5>n8fh%f(gn1Dot`
z-m70yR8faMy=p1CYu6ihtC9=uRv4F5)~Cb0>H#m!;y=U7KkDZzYVK=1$nzI(dM`>?
zmgny2CnhFiU%9&aZQi-%XwIH3Cp7=5|LFT)5WDJkZjSy5lYHm>uy=2*96v#>zwNe6
zoER=%Zjo|)UyU3)_(%@zeI&~lUzXs|bhzOSa^Td5a`N<tvYZ;;)-FUAEjUE%ctS7w
zBRO{B1IgZ7O<#YImhTTAGDhMex5~~fm6EgfsqD{rEIB)yW!2&fGH#p~9vm}dl6xfB
z^p`Pk*824~l(wzA;H4AG-CrctbuSKARX<o>RoOVBw)vwOMa327+<nIRcPb-Gs~=9g
zT~?R!@Yzex8~J7NkDt9nn^;zK@>C(byUk()r__3+rI-vG#@)vmF&wNJk^7sIZx4Lk
z`)k4e4D$Yjm_^_l&EM=L_<Ss9wx15K5Bw!=kkyHsc-<r!i?_;Jc$4etdv090Up8kP
zm(29zvUU~o&E<z=&C(;XcKJa`Uv@+;)_o(JPZnwU(N8>@*Bse5bN5aiyYW0v5}%17
z;^`77V@KQ5GwrJ3zfGGC(zS~&@hd_S7Hs&wN3Q|YHuc2Brl{h34e=E<k4<jgsk43j
z<Z;`AdyNk2J<czAF!}EN$NE?Dt0ouSYcju>S7TLD@pxR_gO5|rq0d{oYy%twLuth<
z$8fNome*_jzn|{^mOg-oRtG5jt6D(C05#t+X~Dl115_LsguX}Np1vY|KJ~HLh<^N>
z`|@jjcmrLfTj%z04&eFIdsIAv0s1{;$iP0-JO-S>%pUp?6Le%qe<L(jtEu}H{#){Y
zg@0B1C#m~C7W^|4TokiS=EiQ|`A8Jk386fD=`w#_s<eK;vsjLCl;p+fvNA2R8jWQ1
zjpF;$ip%S)i^}R;Z&%fix_Pg9L|#dy{?*%+#-)vqb&G16^(z{h^=lqI|6j!ueE8zA
z#)qzIYME&rJ$XLC#ch(TTAlgl<0mi6_N@oB{>J`2XLWLSonG`GVPAc2UR3IP@uACo
z?8kVVwYHohYtzqg*H_E(rH3Rcc&QxAE|W9l^82=z%F?9cvUK@5IeJXt{E5t+y-}jz
z4NUTjm!w4p<j|pKaDHA=``1f&_&T@(?Zjc+6iG=uCI=5Zm*Yo2Bj0~Y4saJ;;7*>2
z(bBG62lB&yc<I^Vw*$u>&Ur}KOgVeLNbaFKDZTed?$<tib^A_Z^)<N3xks)w-zl#P
zIDf5N?p8g@EvbB5b@4`}lvFfsKX(}|+x2qvFV(NET&<7`JnM%JT}9KfldrpqdVDc@
zb}L!5Fp>WJ0`kqFX#K!G{XT{L(5e0s6&QlwM=W_}3^@SveYiitc>D!;&!F!#otYuC
zQb%9(ZGLd1g5f*GN-P@IB}?|mww>4H;OPf)_|yZ*rmk7H0Y3fxuVlx?`*398*}Ue-
zzTwWQ96<RBcIwz!x^#hGLvEnvFNQ-*rCs~Z;^ykd9CZT6nVCxm`mgY9d_vIVluLEZ
z(^+{%wU6#pG%q-FtwOl(<Imlw{PT_Cnv`or^<P}O-4K7NpyBMr!UxOG-K^by_Igd$
zp_6wv9y)a|<?Q9kRo4n?pD#;Ycg@w+SKj7((BnQHGio@qfR;MI-RVs)(558^a8~mG
z^iy`s02KDk2ZH^9^n279Kn*_tO!wk_RB=F`T%d(R(6v*08Aso6yp1_=#)RJQ062XE
z(Pi}|Kj<m_`Y@Lqs4M-M3)qfy2KyPz{8awma`(T%e#_mTB?+@P%a+ag@S3;C{P^v%
zFn*6DChV4li`FxbIw@}WxwL85P1<)FAZITXKDbd>5^}S+BBZdiet99!4ZbOJ3red)
z@=B^V-YTmJxm8vdT~JaHf@jgR@|wEom33%R8tV1yA3oIm&oJ|k@cGKx8tu-nsISyK
zFixJkeBxHoy#zd^R#nwE*4!&?829G;1pkBgY(L?-Ys=BN?VAq8Y~8Sb?AG-MMsHnr
zpmWrWBz@x{qhG4}^LOvO3pb=AccTX!k7$VvS}F&26v~;L206B`TGp&QEgRP6$;ngC
zWY@NQxWifCXp3ZJUZZ!AFUOC)0RJD72Q<pGphbA*g>oNWkt0Vxkz>a{;e9#`Cx04z
z7z=s3RR?*mbw{*cmh{+zC3j1c<nDebtGF{yqD#rU^FVIg#!Kg1F}1`MxI;(s&R;6p
z-uUpDXJKI}Ic>RqX<5Amv7ujC?W4f*s)tu9YoGcR-l>K6`bf@Sx+m9e)euKYi91E`
z-7iS`%AFF5hHuPR8ws5rDr4aN&Oq}QI(4dqObwtH;3W&<7R$!9*|Kl<S$<!hoIZV9
z&Yvrlix<k^pO(q_^LOO*nF4x@*JNMLDQ2iS)IDqX`>HxdUpjRgC_yt*WF>vR<4xbn
zwWt3g2W~ZS|Nrha{^8A1^Y`iww`Q1`*pGFjw)Unk;sejXRm{ys!kzEP?4`F%;B&oo
z`ikeoU_6SPq(=`O8D?Z5NhurU@R9s~zL|GF`(g9T*0qh#+^ZkF=umdQdCSAcFS^_<
ze~^B+;z5TSx9hwr>tFP}UR-Z`>t2&_{@n-8*9spDx^T0$UqNyGq?-CqdQ{fDuse4A
z%JY!vvzQgWgI1?4oTnk;G@iPEe4u3>pke?sL27}C#D&oo)c-%>U*Wkw`0vME-cJnZ
z^Y_>9P8`sKTclnG&^IvS9#F@e9uc}96*Gtd>R8bG8#<_ubne(jyd49zyFXFo{(pgg
zb?<LtE_6WRW7B2VzETN~T_Q`856dz<S5~H;gHL%+)@-;S2acD?vemn_7;xao>6O=u
z%h}aXYe)fUS8%7o0E2`Pm-9>X=?@y+DytfC7f-6Hh6nn!^aS4E<sb3&!Lvq94_(__
z*F$}ORrU3O50rOKb@il*np(d{PoL?l&o@1L-UlsN&b^AdJo@4j)aTScxqHqyXYV}m
z;f}0B#VZzX@bYz^ws`DlhnoI<P3S?rOFy=?3}tSw`cc2r>QP$>LYuLNo?z}4v|;<}
z<Y-R4Y*}AOFaEI{K2#^`nH?;l);)6cksM_XaQf6sIdSqM?%XHh>l-VJ6OU3)e8}fM
zm;L*n&^IjRPGfeXGZ4JR!zb{PsOi}<!o*s(WY)-uW6xw>{2KTK8zc{%%9UGXa_wfB
zFvE~r1^26q?$*D$mRJ7enRCTWxd$$n-YBU2_R6jD4-4<s{&<mmAb0;Y*^8#-^r=GP
z(`ng}b%J=cpPUANt|eP#9yNIo`UF!mOLTOD#2wzR*92Dy3ypz)d_->IF?Iez5w*)n
zY6mntnY;M-82QXe*}3x|JjQLzHkQCG3KO46ff61OD+!CxM6X^i`}Q6t#$A-dC(zID
z$w8YpMfwglk@eXp<UBFyH@|&bbh_)wXjAxbV<yOi@vhv5<C%TgqC<28XI}6vJ^7y8
ziHDBxl8xlu_ukj;{y8(@UwcJLubzFVk^AsowbJr{%&f!wYzv<&5^Up>=O+2Z)j8!=
zO%XQ=t2Y*x))-#D-T3la@q?w8iyF_K&#TQleWNDv#I@=Z$1dJqdiF+L$+0tcW}diE
z`ej|i#}SvVH_Gud`K596Ia;-9i^lIAbb0;J@LOn@cYn<baCaI<j$-&4{{z5qe=tnW
zZ`_ja8yoeJ!SIQ?cj+LV=<!)u7>VOJ_&q8HXmP+?;|8?gpWjd3U|~D}PH}Gu_TlFV
zZ~Eu^U*-MO{p9=+!Aszctds>2TjltbhvMoJrrjsW3HxRFk|Xq@i{<*Q7m`=}M0V$%
z6^oH$$PXJ<TrR9YW>p(ic&{=Y?9aMgS~I`6tR@sM#sxR;Re9d7teJMbpxCzLe)Z^k
zl~uMCb@c;k8XuU!pX-KOi@pY)f53k=zj&nO|BcUDyrVB)&r2<<tWLXEUcH&UH6F#c
z@B8f8d8E_IrJHP$7G(G&FHFA}91wG5ytV6dQzJ|GAj70<$DZ6Zouz$Sc%OsDif%7M
z^2~P9x0@r+SUb2Pmdv=}wa}B_w(cT2tQy(3^`0C)+$bkbJjE}j2=3oe$vs#nr_O%J
zJ^6vGUw>XwSDlr`$zX2fG1*J6;N;0q<j`R_M4Rt}6}UcOt7Ti}E%XLkC1L&^Nk}><
zM-RP_c>3v9);2Q5KU6N<sF3S<RrpKXl-%sglDqdB9N{9le6@u7w^pco<vv{aYuC%r
z^A)0Vsp0><D%so5kdGV!_qlM5cgnKlENa6vdVw)Ae3%t|rvYFQ-Ab$XC3bd_<Q%vl
zo44gi#=1>%;4plsJ0<ey$#ePo)pzpkcR$K^-~Yh*UcUccecbZv@4x>8|NRH~{L63U
z!%x1D#z)V{IcnwNm7B65Ylnn}$I6x+cmZB7mQ@*9(nA;SExg-N#-pj99qGN9(+}?`
z#=}RF2b*hr%AtdYkz2#Lc5so2<DG~Jj`S(5d7t`I7tl{Px90mdMyCxobI5Rh&wI=Y
zdP-DuqHNxLNH%XhBD?pV`16TV`QH`Yt!=(r_8^4$Z;!m9D*dAJW<1rNcer`45s#sV
z`u8dyjk{g`(5|BP86Q8<w6ir2J~mX3`PEww4<0yP^zDk38)euC3r*WIsJ|ZfwwjfW
zBNmK9PpvqBD*tc6zqyIRz8-&<KGgC$^b~sWEOnB1;2o-*-@#Vlza<7ZYI%SKz0RRv
zpB#W=4*vV~=_#>+2^#)Y|37)A%KtNY-GuKV&q*vg)wpbWu(@)k@B^{5c9rQNDf9rt
zh*RU3Ee@h*-5oy)D@jOB{g-V!a}ypv|EMkAY2EKtG|b2^sF<6dU$#0wzkJorTcycY
zuipu{kyq-KUsUc{P+VnO-}GG5X8!|1UHg_EJbF01p}E-tPiDK?2M@;AG&Dp~tHj-}
zt=o&Y<NT6}s@<2b=dVaxl{I$8^thnlz?e&3ZULV=p{p_-Zq3gd?lwHMsea*NHF`Yt
zmZ1y<-+DY-{q-!Eg?TWK=`6Zk#z_Cpe$u0(i8eDD)Ypt&`~rUV+hj$O>TR8%KX{9K
zof+T$S~+;=KG?386Q`Qx@KJce8!mGf-lyKLlOxO%mMl2~Kj;cE;}iI9Pw@iS%ClN6
zhv*X?KluUL)Q7TuQ-NH*^f9^iees<#gM4}u8ibpYv*#)`!4=t^by2o&I!hhDSGH|9
zC>N*?Dr=s}nbZ03Ku_`goRD4HPs`>Fhv+TrrB}W~<}<IK4iC@P+D-KP50>}av;p@@
zo38XOzm-Y;(`3_jcnSv&p{4mkUMWm}`@MYg-FNciAO9%d{qUoF1h#+w?GN(BmtV^#
zeEjv--^)iYKbOxw`@MYm)wl97pZo5IKg!c*AIPh3zSn%Ue$W5&^3$(`T1?W`WXd{n
zh>P$T-+KF9F&}OL_thEv!o_iPMKdv(oO&`ogf8I6jQg^am<>098*hh>uEl4>WxTD}
zj2;PpUx)nsZE9>o?%UDC5HqmZir)F}wD_UzC{TGEbG~tQuCjgiA-P@FR1N;=1Jo8=
zE3Vyh?QY}lbNO`z1*H$;FWjmtxKdaffBJf*6x?mLJ$JqCpDXJ>8c|f%^m$d&N6u%j
z-cKb5+rDg7`sRRXA&<It>m}W~bf&jwNDMNe=0_XB-ETsl&&UuS@!;N?jzH-N`sj4Q
z52Tf}egA#(2bK5#0{`Ryiie<TfiZA`N20GV8!<rinbFP<T><{nHO{Yx<5Zc6CTRKm
zEod>eF?-#^tR<J{@Q|Fze=5FcGB<BKDqFXnAl4q|*}EcFxf|}5G)Qq_?KhV$mOMCf
zu88;dvTWIghb7vfwd;63)*q4e8;-~Z{H!uJ9pS$nh1+sUZWi6UT2Wn<Uj3lK0x#nB
zrPcSlJb2vH`F}bd+%7FOK6v!l`91p%mafUza&pPywP#kY$hw}ka&y6oWtj!3%QrQp
zB&Gk`teK0%*E^8@ij5c=m@#7yklB&*Wm!@Nz3JW5)f*)!AVNkMwaiOhodWU32-fsG
zU6}Lt?_(u{b$mp>n+qS0kxuOfOYaW$%*u7;op;-FU-b~<LHKFd&5(HBqn$hPemcbc
ze5gXso_)%Daa~fD@0L@<ffFZQ%07Ak2e|t)GA=M9IKsz`{QNJHFOx&ZZov<PJ3W^^
z<H~~)kM?k8bQ*UAv#xpR%+K)DUIE{8Sq|LVo$zwv#oWS?zTFylJPYOc`Frr@j!4?#
zEc!qA@}ehNnX*-u(VJgHjz8HuRP=QWm@#*e*6rG%S$I#IF|{J6?b@ZibnDhx%K>Jg
z5&rm-ujTjL^GZ|q{KJ>>DY4-DAO9d<zWPRL8y`ts6JC~84a}4px$D1_2hC532e0Je
z!)Nl{cR$DvKmMrwo^Od0pMT2lC61u$)$)UHh$l^r&t;;UkNlRqa3uHtWVc{+7L)NI
zF=ZyIN8U9;2I$cPH#Ct!1BZh10n!UC?PwD)gPz98+LAMhKEWt(KU_L?;O|3?)~C0g
zHX~F#EyeHe)uRi&b!zXvI(V9@eFX1_i>nuX+Vj;9nqQ2nD6cZ8Zu+=)Y2EV<%`ZN0
zRsZN?z1l}FJ5@D(+@bFAi$P@#A1ue?1uwRz0X5AZ4P&O5LT}Z0-;n~_Lubn7ojiTn
zYi;Jv?_KGU{Ek{t?LpBF@kiT>!mH|W{1zUF;)1BzhE9)eVvo+J1^=(}e+~aFF~AY-
z@fd0evk?QuXrQqyQe5B2)$n~Y&|ofu8|Y5V=}V85ydZv`B*!0?B@0i;u?sakGfU*&
z{m1wkR8RxKQ9FE--tra6-gTasaEcrd50<ojc$cn}se!TRPyNN(#zQPEC*pbJCAPMc
z#F2i3H$03Pp>gyMvgB&s?I-xOwr6)rhw_@r-o%1Vwatxs&CehGKi%K-Cgz;HcxKSd
z_;?vP+D-=W^BIVy&ciDR4X!U*z47!|$1rzyfomTMw|+jnnU%76{Z2T$2PHFOJ9t<v
zu~Bj4m9E5RWBN4K^qGRuyUa!V9mo6P&5Q|+XBQ*s-FcMgb@Y${-F$f8jAckqFY&TX
z5aWT~VxZ?HI$hzBz1NTXrMt9i(-XbWG-_dHV)O)e?YPfe55LIG#j<AY8SZg(@4Ktz
zNKUnE+jtGG_6G5AnL&RoOyC_!px+$v^NHkc@S!*C25)8tvz&ODhqvZ@bb<5m4pIEB
z*)v!3Ob-`(`h$ffAIRZ@Ws<S>xGY|oB~yLF#c@1ZBWhwj{Xz7rJS8eLiJqgcmRq-O
z(_YJ6RUO(F-l@{I84l5fhuRB1P!}-s7WdUq`WgGA>`tA0^x<bM`91gf4?q4<e&l>h
zzW*&4SLYMrg3AAYATRh9Tz^l@`1YIc<oj=1@`WFW89)5+2l+;Qj#m{AzWU;Osjhe_
zvu3AAFM5Nf!!5P?s`dNrHNSD=5oYAl&hTW-;84JQwX)Y@_aJ6-9ou(dPNqk#Yzi-y
z-Z{sPV>8;Enm~{E)xsU<(7p}5H?%gRhiSbv)n6M8m#%G_*2IU_#O}6|v^Z6Y?pEYo
zF06ih=~mUA{5uV6Z<Rf&E-HWQccrNQv$C3JzLyG{UgnoI8K22}@al3=!>WsgO=oYG
zJj&0z+dTPdVN*fr{YSQW#SMRMeDq@Efg@+aj-9;NxG(3}^S%3yE00szoRupZGPq|}
zY@vs`g83hwfBkg-9rjfZK=lK)1OA=HkJ9E2<ItfmibzBImk#ebgR=&`#TxoEA<~Lj
zu$N0He2hKtL(j<m<HfRwc@CTqau@h1$MR+WzDu$L+-GvfCnaqVclSUUJlG6vs|#H4
zX)+a$v*79TB`iEyVrH(C`3pD7V)&*jSL0;{A0=+yPH}XO5>KDNPsj@+-eB;5@^$vy
zIksaR&|dk4$;vfb>1`6@PFxq?$-y!gE%}P&^hpy^WzMWc5{cLBH2)CZ`*HMLhrung
z5zCQwnwOI8SeNI%?lX$!L@djX4oTXzV0PNIg!!wU+l+CdXWd)+cDE7zuC_9u2l_7k
zHPW+-sf;t4jStIYW-O~@yq%}$_qLRNU0p@53$dV`i?n-ZIQ2n$u^H>jy__SPHWkCc
ztdhOiHRR&Ol8i=vyp1PcW155qp#uy{gG-mj4vkdiiYa&wW#Q|vP3EENnoqBHb~u_H
z>c5E46!>weGK*(n9$x#NZXxW{m@c#CZO5N*1^R?}JTnuyD-C5DeuI-HMG(uK;evJ`
zCI#Z@*^W8zyVUu3`}Xe%7o~R#_gtqd-c{(<O-FE-T5-3G5`%tysZ;w9BNxf8E$r+$
za7BvqDx|imS)M)lNWS>|6*1rsT8{r6m{#~#eE@aG|3IAh!;k+gfA|CO;*WpOa)uwi
z|7ZE+!!M<}vRSU;shPF@piD!{(w8{X8~l$OH9>5s!(1Ia#m8-m7!Ea}mo^^W>sV%?
zL+F8bmvPp1GLf3V8E*DiD_idSj(BJ4qs1}>|HK0HcebNVHBT+Yn=yrJZ~X@QR%q-v
zs<s}EzS-BsQ%vDrt6ss-VZ&wVinQyOuiqR{QTNFB*4?_3>e();cxbC$uikC4eem={
z-MU9Fv|ksN)UPP5dEBA6tWm$D;-PW#)0bv-jUOB-t9mx#MnOYCO~Xe%cPgHId#~c*
ztNfyxW48*G#^fH}Lf0j0?IHSt^eYVeYrQ|M{}1MW>H)sNKXri9c)S&DM~Nq%Q%d)n
z5UKFLMiR6czy@|S%%_*<ML%&6cR!wmQ&-CdYQ4lIs|7DP!3SNg!24C4>U9}8cvJ*Y
z*P3xJx{D2Ul_|B7;s&XmZEd*|diB&nhtN+34j7DP%>b^+U@-$HVUa1aeANkA3%A(R
z!a<g<T<u)j(CkxDQ*Tn;*r5AnFM;}5{lEHW<BqMyb`zYX|6n7r7-jW*;i46<R-x&L
zjEqAs7bkIXi)2yaQdypw@o!O4bITVbEGyZSyZ^iF+(UVrvUWF54~q6)m$tRrfA;-)
zd;15NnvKSDZGh-?9w&V|Tg#Z9>!e2qD{&bY2j66^9Ll{eetxksc~Ugo__@sMET|3e
z(CZy51|4UKeg|iA0%o{|w%~WU%!<tvqhVv{2iwEziNoKCcsm^}*UYsNAF)biqVZmq
zycG|@Oo<Lz3jbyfdB7y*S|erPU{m7JAn`{3ISU_%cywRUGnSz9m@9$gfB`=9WRiCX
zwZIr=V$>n=dztB-1v8!!8JY+;&7Ry7PPtAGv}V+y=-Wpa4nnswQoLO!$Yc*U{AE03
z^2CYwRyc`=y*)bAF*1DcApGfi(M$4^g?MOeT)&Ndeh1O!9bletl-}eyeDSWz8P2ie
z%$N?HVfJ@ia^c|}+<%I>!%1xpxO_>bEM5dJc=0A;@?x2Y_g}B>^u`P=>HAG!mtZgL
zxl=WK`?j6PNx&+e3w_D?-RS*K81F$IFq~h*o2U0Sdem5anjGLRnbWK7$m?KqwMs8z
zOupZZ7|=n>pRFya$+`D!(AFyatDJho5JUPlQzXE{pP7OibGgA<|G;5_>%Xp8y=K=v
z_BPxuZ!|u8tM<<gk3ZDASls+cam|b9yz*yKRQY^&VcC<Nx9&YWaQ)81)cn#XKf){4
z&o6lxub!n_#l(t7pSCY4e>kbS;f2qgvWFjBxLih$CyzLKMmD4$0Bc>~{~G*s*SBDw
zx?hU}>b2!K+L@CBnn)1*uSMZ+@ULb7>+%19^Ao=Vt@sA+GdF5Ie5u0lp`Zt}czL?e
z+mrgoFPQU|)Av0~{ToF6I~I<IEwx`)YM{5d7urgjw(a?KXN^<UyO%D{raAKqOYX-p
z#7g{MEv)!`qr^WbT;dZlC3e9knHjgBi8-2i<CCYO8=pS<cl`PP3{!va&u`kf&2~*z
zR_NWz^1ql*RySAu#U7M`@_c>uXV)~=>((^YIh9r5HG8`v{`Q@_|0SPszyJfDqkf{-
z)lLTXvKMpRSaN<J`c%y1_g+V*T8P(I2)ZC!Nu{U1aPB4<(BF*vb+}meT_&d8lEtF?
zVq!svbZs?Ce)m>et+pO%<^bkm;MdNDf13#I$pNV8VnUW^pL0Y<FsPp~HKg*Pc}sh*
zbb50~(jN<?Hkt0f0AG$d_-@R?b0Ui8#h+f2t?2e0EQ1D*kQknieLFwY^aK8r@G+aS
z1zn;Ce44kIs~e&z9W6etPIwqhlt3SLdQ1t_eElK<L-F{Wik{t-<1C(z4w^Tx$_YlA
zjKFKA4|&ZyGK^lkua7@H6XMLQh3Fbm>7lHr-r3AN5$@j_y#Ckimi23Q$*R;%vUKqp
zJZchN_gKuuz<?RqC~NXxcd;Aos`+f`>GfwW-Ig4GI5E;#tVY?OeRsnL(+Z7lH~JFP
zDF*b!%*n+D3}rrGM*rNI-|GRs?eJBATQkg3jE0y~N3@|f?({SMtqe8nEBucgZ3vfc
zu!j9<o>OI-SAYa^T*tc*Tlx|Q=nYKt{A_!6&SLh4w63ao(&1u$_4tP$eECj(`LmJ5
z<&Ul4Sq`C2uvO1gMeXy^#ift+Z{2QQjt6+BJXH@=J~g{r{s{l@s=5O_C%d+ur#E{_
zHf0=!1HBoq-*?0cE#ObNK6uyqey?%=6aM-2Xfs1R!4{zPrS^}=XgN{qB*ZU4mM7#&
z>aw$V#_W^W@C-bMH%j`tTv?vBR@i+awGW@;qf$f7dxpM;F8wVt_$7MMwQF~JkR5q1
z@gi*3i94aMHa8h*I*Pf4;xJi(d+?7J{AhFbKbTt5&omWZd?Vr#HcDt@>=$K9Cs<n1
zSN#lX8z1yjum98kJb2Nd#iG)NQsauovMzN`Yc!rxWn<+4^}RJdYiwKpu->TQ$<O;+
ztLmyp+$t*6tE#Uty-}RsqoStT>Slgn>$`W$?c28RAbL7urAH?d8LB%)hV=;&*Kx`x
zYMPuoRV62nm1?u}&6)VnCLff*$+2j4{D{X6V$^*#v%&x|=<P3qb-kot7Z>T*ZKCw-
zYzeot3t!iO-u5J!>OEUR0~V1#;5#_Vh38gRyQkG%t-J(ubOyrz98Rro$o)8+zQ$PU
zhCndv!)(ZoxZRt1<a;s_ewgYB#FHC_&q$RM`(MIIIxevh%i-v6!H;Jy_<x(a!<yW~
z3*5u)n+)#3eDt(%i4KZ{*B3=!Ifgo9Cb{KQ&ClBvEwHDPJzh4}n%~#hQReVg45WMa
zu5fO;)2lNQ19AjCU0t|(9hr}};k1Lh*h!m}tKR#2@TU}C-`LocyJRH0gw(V5Hkd{C
z%6;CYQ#Y}&fa~PsiS}SRJ<2dNxlY7UJ>tYzJXr9#(i<dWESa%6`{RcaK#VYzHf=hi
znQPB8+(qm8xX`n5r-!41W}<z&)-ndHYxn<8_;1Mt`t<A#{->b12*78H;}ytjpiJfK
z+QU2O)}<@G-_|m3(c*88oVpNoHt+tPTP1bIdG{U`<d;75%D?xx;8xkw-PdnFTyX7n
zb3sk@BjbX?x+_&RjXkPso)}%aP!fOU^c~r~;{x0bcoymGib1!zB6&OW-6ZaTx2ds=
zU*o?8`|7U$k79s{k%7dAEYt9x0LB-EuaPjn1@y3I$~0<1h5d|`7bR`!dH5qS;D0~;
zx{dPW#Y@2>8c&r5*~Pw*Hf=k?>!A11wgY|Z_sI2oOYh#g^oV*hAMB=mzAb#yjvc$e
zx9qOPiNS-0$WU@FbBob3DTo{wZwkK|$uf4lV-dbt<E!BY)ipiPt#5Api~IL~Iu86j
z{`}25vyA)p*Ol%ahl^eh`q3S1#Z(W@t7nF`kKy>?5;=9W0-buEWUV_VDT{XDJw1lH
z6kV;Zi<ouH5u;uSV$>r>hLHnUjr5d-iEF_sxOlHKd^hDK_YQG@pRb7ny02cZIdDIF
z#;X74H*jNB-}tS!)copw>DpOG2I`yes&?|dN1kj!?`|Z0&j4{#{d2b&vOe_$`$zI6
z7=OvcSsUmfsJM`ZXKWyt=|IgtkXf}0+}<E~yrB{`E#fu);WbX5$qtWL@{!q^r+)}L
z{@m~kRyo5&b_7f$9w^^GTY3a$Xa<H17=Ts?JsVyjW~RoXPhZY@jIBh#nRBprhSNA+
zf~E$;(SaN6<VKw_8SYfDOmJ`|_QX=-M5D9ursvm3t2tFXGafdY`+7Wg68F8uDEa|G
z_@)sP&_5`CPpkJkqK%+Np?Br%5J;cJTMP}&d7cLlBaQeuwbJ^VV@3@H|3mp&-2Y=<
zA1fp2(y;?rpZpsCVBc$+1kpPV(q8F@Q5RT`v?jK^4?c7yI(BXW%LBa&?==~g*L`46
z)%1yB-J>rY@7{mG4$o(9>Uq0+=V8p=-8XVF&@skDE|tl?(c<hlg<54Cf44z+_I4)*
zD(umFC5Li=^XsJUeTDnKIu86=<p3%kj3ggl5JvA`<^SRMLvd_JPn573%i%vwLX$dA
zX2-6_uNr>E+S|;TveB&XlBUPc@l<J&hKEn_sX9*%)q|djF`8mDhwOE0(-sXCF>WCB
zb1)pQ=r}wa=Pj2t+tF!kJ1B{(w@ApW1Q{}dJ@3TfsFZE8{`5of3Q3UZQ8Qn%Z?1Ly
zlgF(a9yRuOgjV?Pfw_OAudyg){zh|)A?#%7Azj)J#sijKNoQk;o3=;n$Aq9wk6~^{
z4Y2<X-iw#$p+=)CvZvO!li@lm#iY|7vFMd0eLK2~PTMdE4p}J~%;2^8&re);h4nXn
z(Z9s~FF#iQonJFEQr@#FeyiD%E?O7sQEog7e)MrCa7Vh6yU%AI7k-2>8^Lxw_(Cr@
zWj-IzW3N;KdwLg%pJxQI$U)1Idyog((^H$~7bsCd-2KyIz(3dznZ=B04qX2^+Q+do
zX7c;P#LLx<I(iiIH~i?CyW8>cSPL_>>?5en2T@0Mps(JJc}2J^n3atGAs&X*j{4-)
zYEQVzuXT9-tiiUuEwfZSi1c*&6T95#VT6KZ4|u*_^i(H^F8M^y9=+-Rk7V}W6aGaz
zareXzFF1}~N2oXvKiV<FG{9TQbhr(Fz8TyNXYvMj?*6XY48wBd5dJLi{|5VG=mU%~
z!q>39Om_Fv?*10c2T8EPKQ*#?4Mw{V>>VtV(KDElGrtX9M_Ss-j=hJ!DzAB(UQp6J
z>GYMlFUo748(p~G@O4G?3#+yGKkDcjp-t$)pW#f77{LCIaG5@p7&m1mxz=p<CM|@!
z;3J*Dp3^w``@g`w`dIl5{bek$5C<z4SxA3a;a_1tK4dvDae}N|bqc@akKl=|Mkk6M
zgZbdb^`$Zs4)C7bT>0qp&*j<6m-6AKpYi`y;YaJOX(?2$XlP_g-5MYZ6Vfz4OEi#j
zv-FANRed6P4PQ%M<14w<^bPvVS5olcl^mykxpwCvnZ}MA-yrr`EJ#$(<Uch&ZE8h5
z{U7d>`$xj^f9HFdI?d;~G2Dw`=r#29d!xCd2Bpv1wzUrTUI4SENS-@)^7kn5VL!I=
ztu>_nv>K8~|8I>9>$XnJ^)`!6`{~lPt%D>iJH*dz&1<~>65oI0$Hajy^uqh<7*g-z
zBZ)tuuXCjMxkSqp_c`<hVkO8o9$!dii9R#Qr-SL~j0Ky$*fBAL9)df&yh8EdizH@D
zWY0`LxM=U8!G#y$K1quKaiMthhQ;Iaf!9<x{$A7P5Jw{Mt;U~zY79D{7&Jcta3S=?
zWT+uEstMR;o@HZ0&wdnndoSY4`^;qrio<vZ8E?z1Ww<ds9%H;cJtZcBug%`fxY#6o
zh6A~0+rr};Nd9EbeQ8NfV?^8-E#aZbXc5>&9)x$W*Hq#GK3)BYJ;V=3dv|JqFmenZ
zILl7-Bve1p8_nBvZN{T|9g2%@^ArA+cb~%lFm3+f>*}NB{p#L-gLj4bV028=IU)3Q
zLWnaV<Q-o42oBI6sLcx8z5U^3oyf0k{Lr`g;is+Yo4(X?Uz>5x)XetuaaYKE<}-65
zR<aijT~&0tEM#7r5R=Zn)HHIaDfC{ubN5@|HJ~uxf_ta&YTnm!)a+j!l>>M=_=Ed5
z_(uco8z)v{+~6=>mxktVrS8Gkc)D$n-nxV7L7gY|CZjVyCe2S@NYm5j^3iAPH~Z`}
z@`4qbhQ*9|%G?F`H!WEsyAPa^ox4xUk&|%D@MFGS^SNBF|5|Q<`J0X3%Jm1|Np|7K
zvg*iv*>|-@&NF8o#Y{aKZpeQJQ~z6jPj>G1@n-lp7~usu%upZhe;;OQI`mCCkVo|q
ze`fR^Xz+&&b&)YP(c(2}jW|!7NndcD_>8?G0anf8VOlBUjV{TUekWv*p`)zD6U=w&
z%$B?SFYf=p5&zonZSkXi>#g^sL)&gzZSb4l;7!j_95=O>qED}Z;6<MqH#~V;cY5xM
zGmwT(FI?*(j4-ky@Aj7fyr(DPD>=%-mgoC@_%*$#`<=-hqS#fiQ1kU$5RoMFsaqGo
zA(+Q3VP06WxY>Kl9A1~jXQGD+gy%MtUL4*y_V{7o8#IAEVx!DV>Fakv%if;2U`0$~
zFOQoi{fq%x&#8B}K4S0aEHn9YX5bZKGsaFP`2=&v#}hZy{oa$9K<@$m!r(y$%ur^+
zjR<2NI0DXwDSr=J_VA7qPh#C9dZ{LO-?gI`p!hvXJ8zDL=FQ!&u-|eF(cttzSLCVX
z{2J!Ly{Z8`?LEYw9>8?4KLegrDA*74jgT;Qq0iuB7hB>b+9c)w7!npMr_SH{*V2k7
zWtCOW?WVF5Q6Ii&i2r<v4qi-*OeTk7wu4@G5k7BWlNaFOKV1w5ni9kM@bdxx;Qi+_
z@+bVOIN->!vxZ;lj<#9Df11_<@N)^qb2?QHpDbf%#P6l?@z?OlGo?#+T}hdDM10_m
z97AXE#aCa;hww5!`uq#|_{%Su-=&HF)F|1Md6=Dr2hjwsmQ=Jro0$#d9x0ZSR~zI~
z$;WcN>i2T1;d{CH;0L+d^heoW@|mO_hr4<K4MgczGC7=nRiySD|8Ifw-~4?>&kD;?
z*l+QA*5g^z0srVWdUVt{gi8~4@-urO2ai9Mjd=N`aJQ>o%&<Wd#mO{NrrDRvGzWN?
zR*f=HCtRimB}?M6eY{6~{%-jHscs-2=-9q1ShJ&_K1sZ}+a2IF_eM87*ua>%Kf5O3
z4h}V7&!5v&2}c(`oB82npJ?!5Lv7lhIh&)FuMTI<I0lVvuU>l8sc>hQt*IP%P6%F}
z(aX@CDgWseaM0kez}HFR=dgOgUI{{*5*M*V0^pmEV{YVxf2b$kU@8uHxj0c{j1@yP
zMXI+xjNZSUjV&C8IGIa*>EYpveh>Yui!c2@S9*fVSKAcc#41^``~dtkyz(Q-6X2rt
zN0$*ieKvf^3}zhokD&qfMvFO^zuSO;CUBwr$rHFAM@^(gQuF`*8vZrhj|KngPzwwh
zq$}<Y?%-eL`P}#DhTY(S*;%9Ehgaat9XG=_RKnp=g@gSFzbN+dMDZHU{__a9hZC6d
z!r>>E4vUzDug=XM3yZ2s<KmMvKB%>&v&PGuhgbjHu$3}1C`DqXC6i0c5#65Tlm^s1
zKjEL=4RijV4jyC^IBNE9O^+~=xpE8sSF>|zHFwNJG!zTv(v|zt_~dK2r02wn{)awV
zwRLHEqSI%DtVr7+X#1tAzL`1T2lDLWPx)NBM8+iHJ4LU0#b!xG!>|~wWGvo5i<j?}
zRqIbn2A-^$yYpqs{!%%7?S&jJ`$i7d{EOt){8^4X_>=6<e<{JSiS!G?e%1HCyNBbe
zH`pJFcZ0zo9qu0;dZTTb^@nO6e0z>PmZRs<?w<Qxdp&UEu_V#sjbFG+CgQ<3V$gIM
zHEbTU9{N?xqm*v7O`EoVfBe7hAE=sFd6as(!WRrmlsNAD>F|N4_~I2E!EU~J+rV5Z
zF~E;G8roVLX6g=J(gSX}^8M=ES<T-~=%EeN?$4e*^|g-&F>~tx-)=NIiC|)e@|>N|
z*MT=B=}CBY(SHu`oQV!CQ&uh5B`ewU6&JPyKkUiO;?0?_kK<!UndC-I46ne##F*OP
zJ$m$g$jzB8xKq<li-hav$bOI6=+@YOuqa(3;B490c;S8O!p?wL?)OM>@rY!<N-#L~
zrnm1xjyzccsHszyA7eIsNXA(EiHl1Z@0F>>X&z1tS9sTO{|o#NH|)zi!}TZZhrGuB
zU^p+{@R0|=nRKQ<q4NKTH~60%0~V=$nDIn%LWm9H;3u`B&QZ0_k|k+!`))mZ18>Rf
zS&8yKej849?y?Au*yi>0)Ryj%P;!9x=>eJ!AHoc0Bs``!huuK-qrkm7E%;aQV6?fB
z%n42g|El%}|L}ipm;sx^V?TGU1U=>*`jZ1Vh7upQlUeH}-p_t`e5B&<7$jS$*$<sy
zSLua(nY%C<E$3oM%h)CEUhHw0vjqJWT-a@wW!r(fviop_>^xB~yH7RAo^uZ+=gKqL
zbNBa>Qw#p<{)N|nlYMzFC3J2oJ1v8LwfJARAuVKtaesR1dh|>2YvS%#_#ecb@fN(;
zKyvt1sX4NFPl+5w(|7pPW7%`48eL_TjAy^o#?7}Sb8886`?r7E4fV#$f<)x+g#W+(
zIxX5A_2;Ph;W#+llbI{diGeFNZ;LFNyBSZIjqDcSW4y_u(T1s+VlSSRciwA{*4P=%
ziXXZ2K)Cq$;EkMs?x;w@nHjX}s7r0x2aQgP_PGzwn;W}~&`RR}1E&@L`LHPqC7$PV
z6*G{u1UyO;cqI-lp*9GcGFv9tIC8(*il3{COo3mdI7UwR3=HhskDu!hxX)80cxt!|
zN8i)C=Rhq-p3W>X4Q+C2YOch^r%Cjz`7#eJWHLU;UT~nonR7<Ld3B$(99`s8>Ct_t
z7@ByBn|HE|9OX^i#cO?NpTEGr?duqzJhvT*H|pLG@gZJ<bCv)1rJpf{-v1PLe|o%*
z`0bM~v8zkn`;i*{+2KPhik>oy!~QP++4KxU>CunEqw8IGAfwRQ9z$zeCx?&SLjSo#
zZ0y|7S9N6<{4CA){CCW8Mwt%N@UAfb=Cok{O$=yx9cemT7QzWl<Y%jT|MB$vZEZZ@
z{G{=B8wDqV_eQ4=9JJZ&LCwR*<plN6Xt{CgKK^rO*z>}^hN$_HopVNF=D_a-|EpK-
zkc`#aWEncL<!QN+w*I87-FlV&-Ywa-zg%`5t&!}L4a9&)vgh(s*?RG@WS4v`ImCe6
zqEBV|e0IN0p7N{3e{jf@vqr<n`Pu)V?tYc~EByEG-&>o@2a}JkS#wej;_-Ft3_qV8
z_^rk-WN#q+xWqJByX7{zolE?D(0OQg^Iv22Z~65vX9I6Oe)Fonj{3OeRbl^qxbtcj
zt~f&m{Y~KPg~H!WW8ZK#ypz4~@6Z#+??5ZQmb+7V!E}|eHa_%|eCeJ0a}Q^Wk4KVB
zqKA}~St*;dn`Q4&d`H%vfK$Fxl9rxD-@gpakecncW*#s@=Ho*b5kT(mJxkISf&GOX
z;(&?)Z%!Kfzvi(I+mG7XX^ge_ySah6N$d`r3irkrjw5@Hm`Pb$+Mshth0B&sf8PiF
z?jlKBwFgf6GO<UyFu^U9Su`H^a2dTOC&;{%QxY}zfJ_NlLmwkT!sq0O=j06ffd1M(
zZ3A=->i$=_Z#npA^Re>hv$L`T|1-2ZUg2NW0jf3$W(F{W&xhh`6t2GJ>%3p#KWg$X
z@DKK*r_N??pW5X$OZ+BIg-19<n-zF^`D@zgD>ojX<t$+ycY!@n3(2$I*Yrta@bh+Y
zpdQoCXyzV2p9y@<*}mo1wxg{jA#^49hx^a$Kax0WZe}g1OLr4X(uwtIF46|hml?VI
zS$5Iy#}j%4IgmFT%yZ~0Yh+vYLGsZ_#Pre3pxDonvY!5Hl+2BrFG)+_3!w!{-*{fq
zH(ix=Tk<6<yF|9++?VZ#>m>VhvurutBnRmMW*2=a2kw0(LG-XEdU~qo?pOEEl^Yj2
zxO+Nk_lD~EDeNm>HkAYD;nAoxTr-%Fr7Xeg4u91{$0}swri(H=E}lBuL3Z!IBsoV*
zB!#^{f9YxUw_yICv^b+`<#))-RZmWFXw>ZQr<(tD&j0hT-^2p;5_CrAMxCtcfw$jo
zL;mbRpFKlXFGT~NosR~Y=Y+jclYJISYk0P!(bWtbG*+xE-6UwnZoIj(W%7(wl9~OS
zd*eeneCc~RfAbG={L&xTXZoF#)_f~Lcu5W#V#>1zf3$U1=G4Au)Q8~%zODuHDh{Ya
z3`p1Fz;0f%C7l?Qie@zm&aykc9{z3~5{cG0Dj<Y@V+fo`Ph##+ycNvF+jj<cIeccg
zR1wh&W!>frvTDs`nakIUUATgu@p)OW<f8b`NRpZC9uAqgK^);jdU8D6XVL$A3%wtj
zfwA-(tcP)ow4?AphPmKai?Ki5{i?U8a)IFnM%4Ww^!&j7Bx-*R|B>wPqxL8FZ;1gd
z_kRrdkC{40J1P%|@}C8N+Mj;qP<o!7h(Eu>t04lvlgo1YVk6p=dRe*lB=~<9?*g@F
zfSqA~ao|5WsPiTkSc;2{8~9%(N!<TQ;6K1E65sc+{ESTKoh+3&yiW!WWJayqPog6>
z!9U$AS)157wQLLV6Mk3tT)b%W<w{;9A4l{4q7|IKOr{4;l{v9-vLGQ{R;<oJKXaV=
z|Ez4-mM57z3ng>c9cqFq$vN{taxanxkPBqp{74R0el39u*Nfu>=U*lM=PsBTGJJSH
z?cN`X9!|qQd)^fOd-d#0{og~<(Q(a<UnHwmuEeK1jQQ1gW^7|*Mr5d*zE&^04wXne
zJ1>5|oBuZKtKX;Y@}IHYa^I_&zv66b|BasCU;p<vKH`dB&>Q~SF!sbN&Y<ED+S+<B
z6DpQdXYepRRU=DM_S3ISM*rIZFF3TzrXJ*t&N46IrUZv=ld*Qbvi;yA*>(K)a{THa
z<<#{*$$@h}NJ;aLvhOH<y`$V^&)z%4fKlWec$E<c6z8TLp7S1XUgp9%T%E8(!+tvT
zfI1n8*^-gGN7f|o<uymrd7T%tQhf2J^`79y9?T$#2@JzmEkdSIyE@o8(lcScZ#WV^
z0{V*7R)Y=3(zC=1jNdaSDOcv>Z8H%boUQY8@x%LiQQAe>vA<pxE<B*kM09n!Xtn=e
z;=e@)Fw)qf1^-}O_4!r5&t#Yh_dd0S!ajXIE%%=sDX!G<mS$rmfPP`P>H)mY|9_4F
z;GY@4J-n!~Xbr5`<u!a*e|QERi34ww`^U?koC0dY3-mx+iJ!+*ZLg4u0cyXHi#lNc
zm&cjU`7kR?WQLdw{*%%ExZ6#l|1kxhCN!<F32>^y>2JCbb4HQ>ERwjGt#Gan%bp!q
z@o788TxFS7+bvJs%swe<oEeMpmQLsMQS?-2qVr2*N8N5og`cQm)B3H~WYexf*}V6z
z>^P)q0r+iK@V(A^EZa(dFGs<Da6+co+S~ss@jp4h^XxFgmYRPExK~H*c~p6%n*AA@
zSi-YL550yudO?b8!y_XxWg)d_fNb4$R@Ut}Pc2m}GvM2i9Q_^7YrKPd<wdA!{7#*E
z!rxN;#MiNc|E9S4Do&^vp<<QcPz&bnR?@fc5We@ZvUJ%FJcsgSE%nQ=Vb-G87aqNd
zvy5VH9uv0<pMnQs=Qv$Db=BkUWq<LxkLASGKggj=f0B!(f0m+}4`r0KgDgQ8x?tf}
z^adlCe>!rHEZaD6n1@UYom*sSYyV2=$xMhpq14FB=AwgUPN2nsq-+iUYZm9oT4K=J
z6g($V;KY*?Os9tRbY!10e8XAv182fFjUw0barPyz9>(9nQ2hMiyr<?#JlLNV$If2z
zjqUrZs9PV)oW!kSgC=vDe~LuR%pz8{VpiLx1^+fJcYjL`Fq}MKgqWf+&}x4T|KVD`
zZ)|A%`tAq&;6Fmu{@nc|jV<9QxsoG|V?KhGi`qc-05trQ|EoMe@rZ5M)ur&SG)7h&
zr8PEWmte>CZ8hB6+I!+J-a+C*m$2J=BDyAKu;9EU2B0hB*DZ%Uz}`v%C*tEp?!Oq_
zZxUzRNJl&xdg3W@LyE6fGqbhkp7&;lWIwnNA?&Koz~5yLdqDA`S-l@E*>-$rS1}U`
zrq=5$f$%9(maIb$OPrkv$0I&f7UTW4GJQWe03IM&7i9gGi?WSpWXJy7vUy*T?8i@N
z2l(H9|9d%7{(A{d%93&8?S6Imzg2XlgO?Y%zsmbx<6dE3ogwrA+O}15bT@o+rZW4>
zlbJK)+1nc^3+6>q_b-zj`|@NMv+B7?d&HZW`ri-#U|-$$ua8#e;|;33iS)rlZ=C_$
zlU>0)^}*}-(2iMy;(5LMZX3RL6ER~hZaiWvzsG=nUnl8??#>ilr{b#V>zj(3=N#F#
z_XWA&X=;KlqTg?{bn7uxCi=z7{_~&8`GOxL|L${g@@eu8_2z=4OzEjRKr(iM-8Eb9
z?mThLc9;dTw8%7LRTQRVWQ0tb9$cV55N{zg$F6X6=7gu<4^Hn%<p2u*i}%a=C5L4_
z9+exG9h1yu^r4m<gj0ZLGWy>juK<}D5Gixmxi*Jgf+1jTg55-(e?1w`UhNg>Xwx%}
z;dM1toLr;Cn;i-3b`;7c=CKQt4)gaXFM02GaD&PH!T)#_18l&)77O4j4rW$QjWL5h
zekdml?<aNtx8(i`|F7qM8vfY>LTxg23R*8TGRDKr;X=We1p6~p4Z!P^iN0_R!9JP;
zbrk+B(Hfhx=VzqpP(1wfsO8?4L3%^+@>xb-f1$QR#Esnou38*;gZ-9Q2Rln<j_mv3
z-cLsNlSJ>|f|;weH8E(+cuA*r@6DVxk^NsfI{nBUrfEKaVZrkx8jeP=>PfHzz};o4
zxJ;M?kF`IV@MK9&SqFDGOd=y<Wa0eP#Di_JG<7fUJuw3xsmz@>WJ_+jY(Lr{*=HWh
zfl})J#y`rIiXY`*`BxG~ys)+%_p8JIqJ%jiCME;WN4H>J`C+`lzv=@jJ-H9F@Q48R
zf^9sG-#~%Pj`o+i^O*k<ix;oJ19RgU8DWY)rLpz@CH`OE_o~j<aNpv~^-p{c>VEIg
z5&j=F{y+n`BpmhHxBqbFKz+%>-`DQ{_Hbi+_14pP-@3#IV`CeQD`Uhnq>JX}UHG&*
zXpm;j+bC<YYTzdxmDcUM@%7*0yv?7X%U+<a;siHndB$FG!pGbNKC6|DtL7g&fd2E*
z>-U-!-b){UX6xn`^+bLA%YWAH-lHFzkh0Nj^5n0Sk7{4tK{Cxd0?)*?-2FM+{fA!T
z|F~>ieo``*pO(xO=VU`F8ur;6>B&dPWc*yhyh3D7;B2@@3-Q2DfMY}6OW&dmanRjw
zt}I=5OJd^>NMOh&@nC;aaM%|5gi7!D8}4I64g2H4{+pxje}e)2z(4*r3j6Ai^AG7i
zM5_gUzWeF>Pl=Y1_;pxOcTdGb!U1m7<Vk1-Jh*Q){KsiAAe{JNV`=ge_7(n>*MJ2(
zKGmLd3wHht!1H6QsU3X&<;+o+Q}4_|hcOmi#2C0(e|c=JM@k$#qGbF&)Jce3g<iT3
zItO$XW)^58@D9c6Vd;X+=&<ytLuYa~Es}oy45&NQdxvj2`l=pyD=3cz9d!MH@U;>b
zuVc0vK@Bil=CjKoDQP2me(=9W^#LzZ`xnTj+zQ!r82n#)jz9BDS$B$$tN$#y_r8?q
zmD$W$wdebnZ}tEBkEaHDpB-V;7j8%|asYf9!F&t;dug-(-+)6udc$$iff7A4MYd+2
zB*wbpw^hQvulxA+-I7e|uB2tBrH`KR|0VvZ9e(pq8V=i|)mAfI9rSOy`Uc$1!=xWN
zz`g^~1S)?lcyOvl9*Gv9|KKrj636g<n-K4Za?dM$m#z#Lgr6b4nj?ryCUAaCO<Q<#
zhQmf`aij<Rf*$aNbn!;%KtDifY}5>)BV5P#m?^YorZ9UcHG_#0`j7+S;Nl~$lfdJO
z^?yE*f46`0XMfP2;1^TyUp)k?w{G{E5*m8e($1dT{9W!u8}<p&N1-OzupIoaI3*iX
z&&sBi7bJ^1J}d3KtYluXn3-iLS_VJvv8m4f5<NKr9^!m<UMF(T%>_63uk^<=&<(8u
zK3J*fU=}1?fLAn+nEe~>;2|3B?QQTj8OPyO#Q_6+wSyJU5A3V^U-bY@s0kGRw`JxB
z=LhUZQSVRl4n~s%-_Qh2j>5k$96|U<G5&E9i&t}OATa=~)nqqc@UQBB_Vsbp{Xg2m
zfO-D_IM@T>JaiLhI1P)!;RVtoSwsw&;Wz#DZZYD(gqB#~Moh4=8l`#uDC{rh%n3=>
zdI>82s~D~N!|HwN(y1?8bT9e=Su({Zj(pFI_+ZDe=GeeXH<JE5E8TkNlK&@3a#9Ap
z!YDLKv+;;nE{Sl5m#O=oTq=F@HCeZdy#G+GY=!f;`|MN6z4=nIuClYH?oX0^`*Vp~
ze@I4IS^jG7|IF=~t~C#<?L6rFkAN>?0MAe1U)}jF`0tITzn6BWP7e%+%RL!hr>D${
zahJ@jZE~&PBQ%#c;ejpVBuVPp0_oZN{}%t$`Q+K%;o$V^Z=}t4`on4Irw)3T!Q}J`
z_k*~DJv~F%G2}1DkCey^w3)^x6Nmx!=oXx0@DNM<!=0%U%%x)&9W6f?Jj9Hix-EKJ
zdyW%Y5*K2J3m-cZ7aZ6}OnyM@(CK3&@3-wq+%aYL|DM=71xV8R-5=I{`-5rNtc2&`
zaVf9z%N`i5&pkHl*;ilxE^JZ8e~JG$vEgcEWsj)&iSeER!POnR_ohZ^hqw1sJW$q1
zW-7YHG(3k_<4c(i7j5|oNr~Hp&n+C<h!yM?k7s5Oj5mq91WXKI{*Eq*dHf9jNVtZc
z_?ei=IQvMMJZ&SdGqs$}f?1zEc-OG6@Xr}f3>e1#-2jh3W_^m|+fx6Vjxg2cfNJI!
zsb>CQKl=5&Ka&3b6nwKxiKEINCy?AaMqyu_02Kq`B_?1to(1UU-(a8EGumPZHNZeP
zjs2uM{XpLdff|Q0A>uWclIJGCYcjfJYb_3_7@+nHy4X39^K<v(^Rk!|fzPAuSU2Xj
zKJ*QUKa&^9><D%N&Dkx<arl3-|JT<e28~Y-`qieqm)6vF2JCp6DE8yMHT(yKCg6#c
zF419;c*xDePkyN+B(8^NNq=_z8G3&OvN?y`|5&4JIo2#YFTw#V{YJ7bzmVM(-^fnp
z|MRz=#&d7<uLl3<{LY@cdZu~=dzrM{|8@TV2LH;tRUf{%in%dxpXWsRNm`r}GgK?t
zfAl8Yzgj#zkFx9UF#J;=yz)!n`3_S*pa0fT^}X_#?~N{Q;2>kor)@AXeaKKNW_8Z+
zTf^YWhA_{^#}{mD*>GOlF>;pP{<iJc(1UGb7JLxT*Gk#2>71qub8?A+54K3gI|NCO
z-UiYMuHT@6BjC%cIN&H|=Is0A3?7W<wy`bsiw&`d-4n*n=s#WMU3&b+RyNhUZroX*
zaGbVf=l0CpgIcZs^!Gpf_BuPG;!?N$AL0K^98j-Yj-E1(Pg#-U;Nku1x8wvmXc|L!
z&Q~O|FDT=ZY$XnCUd`MuDF+XOOm<tP!lz~5cti@gjUWz8l=1X2T;b|?+q!c9PQt^{
z9Y3(K@QCmgCx=mcw-n|bULSi~6$6Z^;Rk5kX4UuC@_+JoeO*23_$kc$BEf&lykFtJ
zrOyZNn0bFR7@x+zqe%LHE!dw6{^!c9Kwg<^DlY*`g@16bus@2OfXWY8;lEwm*6{g5
zB@yf=M!q>K$pe<5i)P1xvkiycLL6^rKS_>WCyTYSRs#5av*7Q{r`}Jb_nFLYpT+U~
zT$uSSp0^kL@23Wc=Ifw82lw5`{d>Xf>`CruNX^$1pY`CdMEvB_B_=Ee{`4F;1n@%P
zTP|A$UkmR@<wd=P-v73P6_S0fS&o)|EypTfN!p=$*-QU_Yr)5oy!XPd2LE-BYCDBR
zO@F>=`#Sn#>}TQbZ@Kfi`-iCezhy6*E`C|6@4jFTyxN%_k~+sq66eRU%YHufW)L&g
zE%*SG<0XkN@7mMcvqpbA_NgyaZr8SbC*sX8{(MXHg!o)>KQB$rl`ZQout$tN9dq#W
zU3NfLr=MkxcU;zI-DIc0Nm-J5l)l_9nKgGCv)oH^<ZQL<$}M8|%Po9I&oTQiV%I>U
z1WsEf!$;WD8^GJBo1WH395U3B`@#|4zzEGp#Kg>z+`$aJSR3YR(_Y2QTev5D{-O@2
z?$j=M{N2C)hg$E|+YTQ4CAR<8kJo4K5Ah8NKWl>?NcrQ8G_jM2Y52}1<j5NO0vSs=
zOOA7nN(Oy{CGlD465-+c2hc~uJJ8Y!t*(g}vsYw1`sRtYp6D9i)$Vx>|KQ%i)>u3C
zyqZ&&`=IMnd4D(>AJyw0gXZ58F9JvS{eILMk??)q^!eZP`c$4jOS|)1a32fqXQ9EL
zh4-R%g5vNqgS$)KuVLSOu!esXhu*>SB#fSFQY3XZCoziI{_C?KJcS*H_;I?RXL7aG
zv=oc+_DY$#p0kd<2fp|gTELN*!5x$)N%6b1dp|TVh366<@I{C4gAA8hLG=H~MZEd`
zhvEg*og6EOm}z70E5YH+{}*N81sj1M(*l`2n?A&%b@cz~U2VQ7Ti}Q6*ngM)UxjQx
z{YXxfeJ#1*KJ&(>l3nq=Y|Q^ima|8~0*&Y2`u_eS{{PiYl^*>D^@9&RLBs!`0X;R$
ztKQ$6qk8|n@yk?mm&FP6VP@MBcm0T!H)Q(sFm2b*thhDA&qB#Q_!Ld`Hgs!x{|ES2
zy**XuE8M>g_qH2<hAw`V7I^B|&|64g-{o{kBPU)kH=DiL`z2+u@@iN0?Oyf=ucK}|
z$4vPK^Y9q>-Q;laxb_{dlvMEVAFx7V*-Nl9`!-(U<+7PwMX|GYqYZl|k>Od?aK7lk
z$4M{Uq4XC9Q1|!Nv~z>u-WZOs79(RT2}@cokN^CqpZuM(FBjR~dHSh#@Bj7txnf(c
z@r}Ai&VT*+zxCIb%WFE!T$mggIw!8WKYYBmnd4c}+X$P!6whWn&zTdfTzp6pX04RS
zps5n%=ZTM*3%yyjgBMRR{4y=z*BTp|G8gGYo}=4x|G&Y%oiTbS6RkF%$Xs8|{v(+6
zMbhWD#&awJeRCunZ&g=Bv->@U8RpM@KI(my>uaaw&R6&T8|=>pd$WlHQ_xY5RJi9@
zaQCZYf|gwMkYo7&-(Wro94EuE)()KBd0~suAN>E^y$4v7ch>&@&!!k-iiyS=J1Q!@
zS*Rk2q96()RxAk8dk3ikR_tO0>>YbAF`Bk1rnk+eZ~Dgc&F=5rJ^#;nW(Lq`-c5GX
zUa#w1&oD4B&dhzz`JQs$0nAnUvS*Yi1?*H5VtL@-6W!Bx)c<rQ;=cRZlk2mKk+4i+
zXBMNCFk1?8cftEOo4=nfiR??qW3gyOPZ$@)?xi1f;TAGwdYWXVmBUHE*(sXmnh4h{
z`G4uWdRe^kkZjogsMI&0D|g|qvin))K3-w(=k@=Qx<CI@cKqpIvgGXBQoiG)xVX9g
zpTPh6`gO&f*u@^ej<20<H}*<98o0Ni2dHN00d(rr2JSm+gU>E4W)w52b7j-k_o)Ns
zuwU`9)bII-o+<pkyFRA=bO1cx@o(avp1t;|+oJK-rVD?=hMxUkDbLvsr^qEK&a1~i
zZ<LI5=4VqDv$J&)ji5vDG?z1TSS_npvwK*)Nyd{iXBTXgK^~FfJY*_40D8jf9+G_Y
z0(0`W)ANS|w)SzU+4P{yh6}7@-VtW%>zMtWD1!!%fnU^{x*|OUD;M~}9i?k8;zmz5
znVOPu`PF~^kD;xmIDYBVukLDi%EWv3V{!dcetuKK;qEDO=ao;4p7Z8?9oW0Q^)7n%
zW9Sc#BM#D&^LJ%e&xu)mTXu2!$q>%^E)MJzShZ)bv7Ipw(W84u6aK-yzhP+Z40SYm
z^#Pv4srxtKzeBr@#w`B`W{su<N1E}kJw9`tkGP*;<od*V<=s&;$9=sfPF3usF%KL^
zeu4Hc=YD5LG{Cs6=MCj?N}8Ty#ym4U%!%Z|50D2pKt7fiSIPM%7j5Z4NsKIzxd}_9
zFhMoG7Q-1}Wz734SAE;Io$2dPqvE_amYHZLhX5&o|7$Efp$UqA>Z%Eb;Ro;miBq%T
zrEe>frjYZemBA0kSz=B)JK^A;-QnVLW-;jfFIjs=YPLQuD>wg9*6n{uHd6cB{M<JN
z{_EfTA6d>Uz`Q+Y#L30^{{;SL#>`yOvu9`a{B_>H6Z3v(eG&U@*c&n7pDXh~n*Vq2
zVFiElBh=Z>!>_hl>bJZvYib{*Z?c13nd7p2?ZZ;H=dV&o?b<Z^|3l}0Q(sRxz3wCK
z-g#FWc8j~x9~vN0QwrIk*&{JArLtn#qwwRS^Txc(ME1(d%J=jBZIsN68unpIr5Jn%
z!9y^_eY8xQT84i(A$cXonDc@&oO*B?XMr5FwvV28Qz|(F1cj!_=FLwqi}nJw%g31i
z-ox(91UO+w8?``3cx5Ke&XP>#dvYpwUWv|{`@LBI$9LX0G*y2Jp8u1_Y}kLmA-%Y?
zI%v|QH*dS+PU+CLHQdDAWe|1sA>ho-K{a-}Nb9>>Q9rqzGgKGmqi#3!4D`HjVBgn~
z`n}19dO5&7>SOf%qBZ`L|J&354`=Qmc*IzA_uM!a%pvxhu}{pu3j5$J7QbM`TO;Oz
zC-ASPKEP|R8#91Cz<m$mKlMNI|66&#GvNlyH*jylem=X*`S83KP~*&x$KZmFqIaLm
zwJ3496tb_CHhUhmLwMh)1*`t?z4vya*6C%$q&~d|!{w7EWhF<+1Hko^415!{LCoX>
zvY0i<VPCm}gj2)JrrsYD6^q_up=4z*fFpY`dq7)cQO#*t#O&Xa4Hsk~Ib-#P$E9u`
z`z<?PlNAU4EGv$@E~_7YSLUHB<p3AxfAU`bRvzm&a@cu$IO6TmWA0<s!Hj(~{>?tX
z+0lwKatCx4?&6Gp5U!M$Wd8D9vS}x~*L$gt9QagrAJ9GE&t>z$ze+~lHeMU;-~TZF
zZ(=@NXY{m((;AKY{(anKVcAa3W<~Js&6k<zY?pA(pFeLe@6me6p-&c{xDd>5mgzI{
z>EjJ0hA(9fxdAPk*-}x?p69{$rEbR?vSj%aGGR(F&t;QDCoPk$doDAZa7Y#|I{|O^
zWm&qM+@gwE`kWmSJSHDr&G9nGEs*-(K)DO<kU5$82j{P<>Hb@JpRRo#OSf$HoSu|a
z>oIb~m3!~H)6mJj|Gv99@88PIb2sX5&g?e(vI7C1W$RYPncv@+9wFEtK1|ICKLB5t
z(_mxPH->tD4Eevay&JPiA?z*ti5ELYv%}b(*4Tdy_DwN1ot_^)!HD~urKe_qeY1hV
zApenkrnH{a#i;+=*--y$c`x%iWyE{t`7w?CivI%kGz;Pv5bGCmT`Y0nbuRB)QPOgm
zn@Em7Eth^JTn+&f4Ig0Qaf0K48nMS<bb7|+qVs!F0-1w0@K5a59KezXDE{v!&V+`=
zqFuk5-hZl0pzmnUT%+?qZ<&>pEm`F&q;f4Y7@Y5yZ9gZ~a9c0kK`(IoA7$ei^yJ?9
zhwOXzpHjB(LF&Usf9u+}<#+dW#lq4r?BIxSB4@Pf*`B!H1#a7}hCZ|A0D4>d$9?G)
ztBzE8X{l`3jLt9nT(!)`?*Q-XH$Ta)=WDX{;1$_=;IA@+vl=hN51P*EDfX4Wv*jIk
zvs=)MecgEGHjheT4E5l+RT4UWD!eumBrm51Et9>}Y1cCQ9cpk4Iym_<-{J>m$H`Fd
z84{PUM%J%?Lb8gtO8su03)}>;oDcli7YT(EQ1wAFsZB0leVW++I62E+xCq(xSo1JE
zQcp@0{Bna_;K7GWbja|LR~~%zHS6EQo7r&T!7*{US#W*cO&`27{SjC2Pu;sid$<Ba
zI0JO%d$$_(ehc;kz<$6m^$+me!+EA>f5rbCct|~%?Tw~>7fp>XW&(44a58I+zj@qG
zn5_A=#&|G4ErVHscmwy1_-C#!iL-b3=<(9!fi^s!j?|XeC%5j7#&LJFI?E-6bN*C#
zdeZ4><{7ac?8D(%n204Tp}&l7Me<6xmB4@UGKma>=bc^7+0*j)oqd@n7zVe%6luep
zPr$Hv_J0e|e>}%*(nRWinMT|<@K4^Kh}L{E{-aa7?r3^3w*fChVq%UgUAaZ-cb=4k
z7haHqm;WNi;QTuN>bG+2PydjkfBqji{N_L9@LT_sL+|`k4!rv>+54`@ZmeYQ1+nhm
zUq9c!`+sXTE-$dL=|XPSjh=1?6ZX+-v}NyK@vk*oo#$|Jv<Ck-GxHlKt5<E4#f$4@
z3%UN%WqW1AhOM%?rViY(C%Nw<83Dg0FU*aNdf&aR+k<`dDT!Ad;J_LWXH6ko8Zl`5
z6lAS|qbFOIEILGef1O0p8!DN*mz~ZD^y<Cf7azk;Z#DdRn>ZJ2WA=3h{6nXh<J={~
z0;6OQp9|$9n#?RfMdc209E6_R$SC$>N~Lz^)9^nWmK=WHi3dNFdCQNJ`yG)0|9Ck3
zf_M#_WX$Ag=YQ*O?CP!czL5!Y&Ufk4TioeeP8gjg?#^%uj2^{o8k{4+{>t6WEL?x%
zee+@WFMzlo;0N~A{GH+EWlqM{mihi@YW&*ghewDSj|+UaesG(NWq&S;cxl1Ean`qB
zpZK1rh7X9>8UUCx`2(;I{`G5}8S2oXH8YlN;gRY=e%DR<Gl!EFSAq_(EA!-S&^&dQ
zH2Q$~TH`0~&*iK)m$^sf`7q&s1wLS<Odg9q^MFC@_#~1`_{)?Dxo|lr(%<V%tsqyz
zCuGs%xxlVNsDb~)DcSfS#XeW#b`CtNaG`k)lT|CWN^SjNso#D~7FDB7wSKqkd-P>F
z^8Dv=_?5rOQ8WIJzVS~v_}0Iq0qh@qTa2sXzkJ_C=FfWnpTK`gR{SP=JDvA8)%{hg
z)nwfaAK>P~o+!F8?t|^9yWYVr)nLhm`?Q=Li+v4$W#1QmcQ{s7EnSB8%~P^z&tIf#
zj~|--xyjJrQhf^5sJj!L>kjbAMa`NkHLD+!6wZGe&<&4IsATu{vZQA%lckH#qLnj)
zzMK!Wud%Xo({r+N=_69ZoVy=8{4?N#&4T-8{yebE9Njc_chfSrq1BeaK0=VV`%Dy9
z_WRwuCP~OdYD!gmW%;@b<Sma$_1X)ZXP%;0HJ11vME}o8Mo*glo5la+=-AfrnQ5om
z!3}IPU<e$hDeMwgO2oKqV}3CpC>Xx5AoM#t*>{`4TvUL;+2R5J_Xs~nFz;mG-g33?
z-<!I>3I8#~e@{1WnGM(JjEETc!IcMqIT`AG7VIa1`9=fdiuEYCfK2!|eVsIoyqo)H
zushtg-QDbs-OHK1E1c`f8#_><*`2<N-E0SRP1?bAHp-72Ph&rIzPX(Bi^%)+%wLkS
zN{Um_sl;-~36$4ZYsIck!z3a+m7T(JxsSSWSZEQPe`%cW9+km^f{6Y2pD8)uA0zKq
zKcLs%%#BV6k3@@bGdtkS3l+fQ69L!B_)uzB>*d@FAIh0m|0bvY^tCiR|FP_U;Zxa9
z?BDy&zsURl#ch#2?};ot@Q8Hn-t+$i{v&5ieA5B^>)Bu5qekpg^RuHTpxF1+oi40T
zZ#Z!1&&SM~%p6df>^-dYzavsnS}xm`7NN8Fq^#NYCbM!k=J-<n0Ojb=86UN_ZPATx
z*NJ)Io|2!lR<^Rs7E2wtuI@=$weB%lT76nPz`PqeSc90?t6p#f&4D)!O;K;3aG4#y
zlKumG*}LA5)U3_$IqjF7^lcX|eu$btyo?FW5vRf7;zX~{#XU@%J;KGsYpQH*cviOW
ze_ray2f{*A=~Iv5%pAm=qmxXHNqqme82@)3J?=0reDW1*IP9I>ywFXY2cLNvdPup_
zkJ(&LX8MCeMx%l3hdx!fq~&MI$e<DAS-0?ivu3Z(5$-c5%(>C*2lNELvzhOq&yNk_
zJnZW+9G=clnG!_(pWdGZ|4HQh&9R>h&K2vknFG>%UvD?J+3>@+foJ?~>XFuPNLcmk
z2*<L!ObUx;hsXz?9?9;$4d?PM=rh1|$T@#5=lvq>&rr85fuljKG<~g<z_V1GzCohl
z{}~ML*&lAc6ATW(hxp0lN%P_3L-%jRABhp84E!6|Z^S=*kKDHF@4~F;1hkpfq60V{
zp71oZeWPUSzJqe|(aW-IBXy>Vb&@^5M&@rmB5Th)BYR%@Ob)&EcR7F$IEW88@ZP^<
z*^x)2Gd%9U#m~r(c}{x{@9I9p-HzIy3IBTbw*&XKX483XFTSs)KERnXfO1L%GMhOe
zbQn76>t(~H2K1Jng#YUyX*mAAtljx8?@dd6ZLVWC@pw3TsrzZqU+1@b^{}O%T`R@x
z!+E*~OWmfY&}hEEj7Fu54@;5}0n-fZEB?dj2Orw=Hd+qPOE}y&Zp;Esqko)D-oK;a
zRkT^EBtCtOgiWHRl($*N@iWsRmx!GknD;>YoIN==`0)mMMo40MjjY@9q~w?GVb;JG
z?#w}a7G2SZ>Lq^E9DdB}_)Glknk}1K+q=3xKY@Lqp=bmQ^B)6$My!k_FLrdYmyijL
zl36esUXrm=Fn5krt;mtW@~zZBmKvN1T7M55?r;_U1Mvg8o2NTKan##mC&E8WElfFz
z!kH}|;}0((`%Z~ylqQk)o3NiL$za_u@SYr*#rZ$Zz`fQ4Q#iLJV@cc}hfYD;cDjSu
zg4m(j;~mjS@RD&s)9~d1^zUc$*&EEB&V6X0#GA3NXMW<oVjtX>g8R~p4N?lnVrlj!
zW}(>W&E1SX<Vxltis4Uyt7Sa==yTS{lGRT#mothPM0}C*KbrBcSH-^z^Be&I!St?|
z%8(%*^pNAIFQKFAHI&)l?$VwakWTEa^z4t;W#2(^ce}oFPy0S%GkBy#W>&BR^pMnF
zdP$N?7J&cmzq!xIkNq4brN>QowC_ROSB{@fV83f4{?!lY?uM7UJ^P~=K0tGTR(Hbj
z=GY&d4L{j?=oy*6ggyAIQdzzJv}`-@p48I|u(2C@9qgO^0l2sDcHEBkN(eh-x#+=Z
zA1{jij%a4V6PYE_-56K+Y245;AIN;G8?k@s!o#uw4dEpV8pLVfaOQVLOHSrSDXKUu
z6=?lbueiWI=Vl2SmnXwUpifLsXz~<zvCsmW42P7H`y_Go#s_d7Pz|Re556n2W0$fc
zGFlv+M~JPRw^5UrotE?Vk9{qFuAg7JW?j(4=`-H!)~gS3ZyXvSnd0s{jQyrQVr%P6
zKPy6FV#i5V-Yl6rFN;1lvusOtNX_=6@GzW^1bA3(rf#eC-N50F_-<#j!N0?8ozYbe
z;5cS_<JiUX_Y7dh&QS(3FYALAaYW!06ZXycH(?*#8#Oh>e>O8VDLh_h|I(?mWg9*q
ziTe|$XTS&E#n}1n#r}v@_fF{P`O>eC#P9gPVK|HYGJtu{`@!Z=W{xstE;EfK)M`u8
zo8dkSexB?)Y_pW*V7YL0<ZhSp{9RJYJXmBTwZnqL%<ex)Ex#%LEAF-KmpnDs@CSq0
z`RLdQO%-;ATatrXTl0VPjwB~wpE7QZ#AH1vaYe67bkW<AvhW?rSo9Y5lB6wuLNb;d
zmedsor3w!4<RxeccKQA1|Fh;yW8aT+S?`WUt?w%Qvj?Qu_XhiF>H|DIRD-W0vw$7R
zJ;zZ$JtXye-y{BiBs-6MBHNGrl^(!n5|yz0#`rh-f+ioJ^TfK7fA>Aa1s6ZKufwPj
zIl$4sK$b5*OFeg=1f%0S5YC5@!>7s4+Q-mwd{_p%j}b?=;pn^`mfal64jlfN{vKMN
zyWf$chd-bXcmZC5g@z9Z3dxcfbYXWe(=~B=r3@RLBm;e?$w)LL%9*dXcMdl2?>cY{
zHC=ZZiKb^}N#*x?{y!JKf9UttY~3;4*LM{AGEoNC$;be97{;YY+m0PL_lL{45auvT
z;Q@y$Fn{iR_-vQR?n5t1W@){+52Kf1+lQUN5#(bx(}(W{{^2<Q^J;+sF2+^$Kqs-&
zlQ1QbxS1pY@O}?RlQeA96n1i^!|z9K5B8HMXQ2C}ao>V{;yhSa{Hx7`7da+8QBs-h
zNsR<^T$9krQaw%08MS}hhuvRKw-GXNTr9f@RuV)W;O`Sg?CmDO!((OUlrjkmibszv
z8$Og8DFyeX2JYeJP~7KiWe;MT%*#{k?~sau-BMY6kRCDn5hW*?+rP}`g7d#VS1_NV
z*l)ytF51Yx?3A_Ua~#eNNj^0Mb_ycks-L`ErX?Me!0B&DQ0x~nI_@j+3O+7FMqiYm
z<Zoqc#y66(=4+{a@*COr)_1bw<*%h5I(I+x-u)iFHzR7|zwFI3e|qk><o<fqc`XC`
zo(|||n@oLxjSVy0EpCHfdm_BFrS$yY<1GE5Y&-O^>^SnNY(4zBEUbB&v;A#1@Bz)@
zKl}Gqy=~<tY6|)pwW2nhk-kU{?SEaCu!p^C_e-*gIgG&`BV=*;URhRoirIj2apZj*
z1E=@WwNI1#GYh-mm}D^HS33U~Iml~r^uf=_M_!QR)OvWDq9r6EN9I?bhp+GqdKGU;
zO2%6Dy?4M3i!UIix_d<MHzpW!e--OC{rT5^?{*wM(LHq1loUVsaRR+3%ebLY%(``!
zQ6pxs55ZirovS1#&0uF`7CaxTsfqkW7A<7<dgC(^&g_j<@1FDl21;b&REf@H2at1C
zU-ECw_eYHY_ZGtk=w3kB$Z%@r%<*8;#zmrG62uHZu=t}nI&82%_)n7*u%80<Q^@&K
zG{&1P87&3H{~Tt7Qn{`9e;W8#Kaet=Ilhr$2L3yBYRg`E5BR~xO5Cg>V>hWMJC;Gi
zr!!~m#(r}NXM$jSz&x3S26QI%KgE1`?iNgOztzCKVt<|m`$Y}1fO)UV^3!noo|aX0
z&xyV3Xl4~O4{3&fZYSXnyvP}q^C>*6h_ht{XUHn@r^VC{(1uOFC?T;QOK|KJ8J+OC
zgv5U)LGd3;Q0g}_HuYN>lm4xQ7k(o(m%f&h@BKr(shKQZv26OU{aN{`e}BW~8XqTT
zbQn1E_wCc!sQYP*P`-G*DtChqxWCriT>3Mwa|`ijBD$-|vSG`4*?#B~a)3`{E4=CX
zMK!YR;Kwp__^cb?zv&#Hvl}|kt#!Z-9lMD=xxm)CM`RQF3*iy*=&~_`NiSdq^FTZ5
zo|h#R4Pf6-?BMucM1HV?Ii&iX&$H+AC-{h7mWE^R%i`q^Nfz@#^X8wCvUw+{{ZE&v
zktN0%VgJz&(296o>Nj78L$g*qz`be}dw7OZJDbc-ke>{29w;SCSGoMu*Y!VrTx>?(
zpaFI+S8j#3s9RTS8RI)k#`;FXW$eW30|ys8KcnEX@*X-!PM+B#*~JyI|Hz-DkQpck
zc!3k=gvj)n5t1}FjL&ok{B>*OmKL}3yV`+&#eS0y7>ys$o?x*5Sg@Z8Mp9+s=qWOg
zbMk03#mD0pRPQW>ntv1iE!bDAn@oMcZ1x1SKF}QhsgZfi;HSz1?A_mePb)raeb`N$
zDs$mN41>2XocVnR&KaH_<Jjkn0hd{5noXk*^pI2*?FR4Lq#T=vZ&#}@aL<lDJPeh^
z2jKTQjppY$u4kok-dXtjUlv>Hxbd7tEcj1hUO-Lrf#F`kaIL%1D=3uE&@y~Lm5dKx
zLXMOokqP@{cEM*dF8K=?i;YhGQi4*x0{>r2P}<iLoc67RWPB_6^<T=l&%Tp@nF+k+
zCB^^g`~7P@J~J<=TxWhQxxe1F;9ogF6!$~D92?Dt+dj;Tde8^F4g8NCJw{4$srMv?
zQh$Gf{QrG&fDfgn_N-LHL6uv1($MYY|96caFvWlE0rco$ZE$SdK@ZTH+N>S@pq<;F
zmJ1i&q?hox?A-Pgy}c~<efG+xHBW$1_S?~J^G6?h%icHT*x66y$f*zI^u=%G<oUnJ
zf#ZLbJqJFNgGWA+Jq>?B>qU8*rpS~?^e33}DXly#+qbdP$(+K7(HUsQOqAepNz#ou
z|9jz(=-jzKJ3!2ngoM5M*sHI%{-xg=pOEnmJ^I;v(W|>X{Fa%_M4>a_3xAbg6g~N&
z;=)Yc82Vf@>5Zo(Qy&c-A;(YbmznTjc4L=0KYcj!ljCJV!dy9Za-nS5o+UdDuav$v
z*6dcaGIIXWBc0i=b!oIwBhcUSX4ZZh^E}M*=uWRcd&FZ#grbo+0d2=AM*TmPnqMmM
zKb5$jN-s?<g*b1qnV~UolH@Tb#7;eN-!N({soV~Ow?uorojTsnnSUy^-g@@PYM8|d
z=Q9<GelNYbK6cFTBrsdT>@7RbmDF_S73?tEPN^u|$^Ij|k41aYbU!Q$E6>P+s`F-h
zQ07-&kSzz_5F6ruTtuoF|0e7kJ|HsR*dJ^G_gnCoEO^|CnHkOzH}6R@XgGSu%#*|w
zyely!;6Lpv8JqqkG5<@h+|IzVzLtoxZ)7WaVEf<rkk@+vpYs*JiF4vl`J6`0nR3~N
zoWBoee<SyAjQ!n>U9F*BPH;pxF<XZZV86sL!v{FgyKPA?$q!zNnNqoE0y?*W=&ml~
z%&s$a8zc!X>YClm0rWID5}M&(v9H|TH#4`<gFfKh<o&n6&%&;+jT^a{D|P?*(y;fk
ztX$pzf6WZEvxCsY$&(;3?*R54;B>Ha@Rb$o9%ugG&-DGClam*|mSg9?lf!4fmJ=7h
zmLn&>pf>pq^|GmG*3vs9z89Atf!nuU&Yu00{@{z^IW$px0^(%j-q)pc$x-TmBjJsA
zr#8gC-R<|t<T-I^Kjn4(sgFr3t#Yt-cDZ6r-8q6i2i5QC+{KD>aTL9{Iq?2XW`}(s
z`W5hIvJ+gs;Dn^}I?s-Vb8DC%Tr7dIc~yW^*H%l$)>qiYs*{V49KlEKmC#Ay)ZlN1
z0}t#g{zrm;ENG-FhKBJVU*f;c?XoLF?mWb0C|v%NncoeCUm(=z{a=lJ@_WtkEe6K*
z{GT?%l=qwPpN9_s|J<kN1AF)zRFAAxtJc(a%E{MvN?GxCbQ$WYX(UPpXR_tXF0$)+
zQ09a23h-Z1K&%J%6@|N{LUCWp{C34D1M>^39+X8@7wF|ZBnuW?lBxxd$Ub)S`xF0l
zX3>Os@J|k+c}NQQpE4$jTIg-!MNAk=4ls_H;d}1uB;EM@O^7LwkZC(5d+`;p{)LRg
z2ZVrolYMQ({>e+emcyU?Lo(NFk;vIG4L|k0{<R->?$Og7`~rqBKSJ)$zP~B%n{t2M
z1JItoFPOjDoXtMKiC%q288pyNlA}k#qdP$gQb)3P%REJ4l}sGv&F3|My?_s8Qq1)@
zz;80RI`3uPUweR^AAoa!eU5(pos3zK2RIX0!(lUM&~S3P9dfAQ6=wK$%Oq;d4i4Ui
z517IkcMdzD_1m72P0a9|c<@U(eC{hba_&nxdhQ$I`>V2k!;{PaoM0z(ugqeud_DWz
z%gIajH!wS};Ue5Pv!x8Kr>eEjqVc{=Tn0yw4}^=WTL}40Ye~q=-u_FyPxbo_Irs(!
zUFp&ZPMvXC^!G-fqumWoFSNMWXAKz{kG^pn`#8Sh8!%SNR_>R)m6v4G;a4Rty_DH4
z2e?9J$?7G+QoMeNEdS$YlCtX^nZDp5abi|-$WUKC_cy_l>jd5v_suL2jXgJa6aI<q
z>I3@0tu~FF;Mggt#u+}D`MFePXf)>Q***<CsVS~f72}xB+-u&gb%AugR_q)2=bDax
zP@W+BelGAD+-zWQbl_yk&s`&n7s79{^g&rzMLZ{GoL_|w5Aj{||4QP0CA-d*;J%95
z&w}~n`tvpBgZau!#QaOLV)bQq(H@gZYV?O5`9%7=2C~OQ9g>{icz(w7%;&aRt_<cg
zq`VIy)P=`|=F|U6hSPSU3>`6v+TmD9$a+koOTPsFU_RYsW7DYtWd2Q7J^DA<`SN?x
z+t&5U>e>z6f2q&MfBWwgmFG-%pzmi5&!5rrH^+YE{&FDq*VsSI2Yo!Xp{A=Zx79Qc
z=xdEG7_;0nC%enq)v;1vn+4}z9$c7ju=}?LjjN$(sJtL^mpo0pzqMKXC-(FHw}#J8
zv9CMay{Y;2g`=TO+YZ!$;TiAez;30NtY33dP95RAzTsi8pCSAAy-JK&DNghOU8wy>
zMd!<Idj9KbFUsbf&lx`8<bz+!{u3X;|FcvY*w@k=poX5%<QenPD0*Cuo%lfN>R*)*
zc;el>Cd!rrf0F$VU6G2_Ps!3vm*Md5B>p4WhmTA8M{ZeV$bb8FzuxZ~Gd-&H*oa9V
zx4E}7T3gK8&#E9loy-iS6?+SjoX;o8#4+h`Whb%UAH(b8Dw84;Wy{v%l9)PAteqny
zqw=_fPAibY%2Fv^Q6v%QghjH`HgXdDJ*lb1NyWtrln2lk&X1tL=GfQUZuk{D1NX_`
zI~kl$89R#_Ab!KuTl)62HTcFf?@yzSX2E_McuJdYHg>Tz&rg_?X<$B``_s8kulh5_
z*Z2Xg6HE!7C7#r8@8bM-GaTsy(Fu)DSj;^638`KTwim$FQgsT<;{%G}ldm`l?%6k;
zPmWK_uLAoO;C}VS7i9MdcsW--Eb|sWDdmfwlA}*vk^by(%?^uihJEz|JP*Y`=aD#i
zj6Ki^cXArZ+*dv|2l@cx^O<MKq5m`+t+F_Y%6&qn<a{Zi_<(WvfU%tW<JW#G$3Og=
zOwTT6pDd~Pdhg}$<-R#dQ4Mxl_t)4@t-tBq-`(JAXu>}AVa312&|=r`+1vJJm*O7g
zJH6rE36r^n!>KuW$!7Etw;g{2t*Ue>Uvh@M$<M^bc@+3Z&%>w#m~=hV2i$gBEA+%{
z#LCK+^Td730d~Z%&|g4*H-Oo*!|Yz~+VQ-cI`siu?=Q;YWe4TR;kV)UV~&Hqv<sYF
zk$k3h?0p4Yj~AKWd`R{men$?S`qa2xyZu=?#kpYT{<kDOr(V`=d`b=<eODGPe1zP8
zx(xP;kj2ay)ic<=ddt%?g){Z6l+3sP`t9EuxjugG_jBFueXWQ1`d@C*;w~_jDB&aE
zq)91ZZzqy|#84@#SS=pzqu@cwLSH-sE|g@M9FfRb$pxPOL~*5ezW)qbl}9eijLc=S
zV%Hg&ziykf?b2WT!y{_9pF3^TFcxpwp04L_FArN2{w+She08+%ZOqJT%}nFwq#*cp
zsJkf7SmvA}IERVlX6&aEPfd6><9bE`d4B<TFQEQMeqh17`98fr!)%tvX<m?sPahvR
zRUG=enm!9?7e~jGNqOZV>OIr|7Cj^jHP(ass`(edJ=Y3!C09Kwn;YI@PyZ}@(?`fV
zFQeb}ET6Z_a_sV#V(mIoW-$|Giv1?sn|zf%PxVvzh9-mVN_lZERP0BL&yxvZdFa>a
zHCx7p70S%CixQdlxrE^ZCY5|8TVMQ6mK{D17gXq*PrdTOFJ2q^Z+;fTBZ9wa#6PiL
zbAF5IoS)*|Z>WpOe7R!7)VNQ-=juE_THkd$wPI&@bh=AQTu=0<otgc6TI#^qs?F!n
zQ{F7AcYi6f;AL#u1%~Gb?Cbfz3q068dZHEAqNR}sSi|XHGr$%7OE>0P++^LFQ*!$B
z+p=rdvr=FG2(^|&a^lPfvU24q1N*Mb1h}&IvTE(4a{K}{*+;*VbC3O9PCxqp<jkZ0
zkh70)efV3>1Rujw{FKaQethY&^RkRH=3uXI8SEV<$@qnnkAES{)}59+@9hHL+mVR>
z=Ii`Jzw5%Y&$kYboN-w-MaRNhKQS0CVYuk>v)Fad$wOZ*SVjfGvzl69?6gOWrI!|%
zjKB62*Fj^%Wgr?~p;=<p-$NqNV>x=^Ny#j)7I*(3Nz5xtZT`1&7B3&EGnYdKSvTQd
zv2Qlz=80jCHyLcCU}J`d^LOCSv>hnELx!_kG?n;iiv1=GoA9pKZn8rBLetk4%wKio
z`x*K(hMBOb^~34Z4tzN8b$_4_^?4T=7naIA(^hhVOU#)55nu46EM4`y!P%0@JV0zh
zjZ`gt60PnR;GusG&Ths3GwkntBVDcCW%`&HbDpAq1KjiXESAdc6#PIW{o^}ZwPC(=
zrh)tLupA=?&^%yLXf~Wd^fc3tN?Pp~vhtblWZR4HiOoO{$to=HY5v;&-fpj}T@~Ws
zsQO-=4Sqih?zQIc2>;(OV!WTP>kpU<bAS%gs>Lnjq<yLX`Ac4&7kpfHvSJhSk;ncb
zJ5Rqu4p1T+8orRiYR&-Qo!7}^<o)-<<Dfbm+Vj7cvw-e(59sd<?p>M5vgb2k%N#(J
zoId%sY~A{pTwqV{%=z~@1H3Ge#3wi6zZ>y?Am@M)Bhehg=bV1*J2?aX&prn3v2*x=
zlb61dhSPtMie+cz(CI7a<?Rp;-|6B$bb<`=883lwMIX5E1=@LQ<evMx${*i+x8E=E
zem?r*E3IcIBwg0s$6@Y)k}<8Ao%GGjD80*$a}7D|R!PgtlEBb0l9*8_{v*c7H0pA0
z)F>UCeI#&nGV^LXWkhhX404~t&Tj<sXy|o^PPx3ie%JSE(g!X+?sE(ML^qe-VBWbA
z_m;E35O{-T(!W#er$!da)L=ODro)pHmoKrAa6H28t@t;v-x$veiR)&gCaJg6^=rL-
ztyzAq*|pJcnEipy>dgveUt?G}JVpV`4Gk4<@9{D#77mcAWAtwi%1k%{iWi-dWwmce
z)#_KlKRgu6UO=<s1zEiD6*=_WXL56kHWI1$=l^2C{IyrZ2k>_%qM>}(J?+p2ip2+T
z#-bJwJ}woGd#)kzaHBGlG#g)2_moUcCNG*ct@fAreEgh$BQ-0oR(pNQ^JU9^j|u-h
zn1S!X{Dn1~5UwU0#&ww6b#17(i?q1)56p4)kcCS}NO2B3fmycbryiB9C*GIM$3H|9
zY%x4)pUTP|pGkLkJuLXYz2!ah*?Jju0L}ZY`#2id@88c6pU|7Uz=|1dv~5aj<oL07
z<e`fn%DL0;$x?WH{rw}D31$}9O=p7rjJd!ed{(C56OIz+&p-ZmasaUZ`2WKXd@D7~
z_pjgbjI4zF?=W@$a}UwmLG#mnXt;s@LEaN&<))XUa@jd_Ke|at_44&U=WDOOyY|4r
z)>EURFDu`nH}fbtvGgXZ_sS0Z=6ZIgH|%&@s#bCCU9nG!%63aX@}a?=KFsp@(jW1W
zAa)uesS#}0`GP$3<X_PJIwpgMhFwX>El#=7bAS1RPyf)dyOrVJgQ)*o;=Tp{UhXzB
zjhVb;u$>A<H81beyFc-`HyWYTbN$C(gMSO|=Yn;UWj4F&?dzH8XPfzlX8u6^hvw<J
zvp<LaopOXu<Qx*{GnU>b8eb!)ptH1%&)1vM@W|(~ozK{s`Zr|$ikD;!I@J50|C=n{
zagLfo3z;2CE~UAN;afB>v6v|jQ2gsTARd0n0rXjJyZvrsC+&gGUD;8vf`76vJh=Us
zMePqh9F4ux+gsfy*?GB7$0R3w&%fU2b^k5i&&=Ny<?~Yf>lr|CucjPL-X3s7DgK+`
zemJ*>qsOe~uUGiy^xBg6A2h-WE-n{#c85zr0kh|DW^JSXR)73sS+u$V{Jo5R=GSOq
zEd~Gd{)qi|--9+c^FFHSYmIitfB`Oi)@-T&QF|N4?n-VoyS;m5?b;*KaPS580MD@F
z5(PK6FLgn01OGY?JZPXlJ8i@169mxb8zJMU`R>~Pyj)Np@aR9eY7X!>IeY1I*>m{M
za`DOU<m|=IjXi_Go)OFijW;Z}d>{IrA4u=MBgE4$K(-t?KIrFq-@>C}T6+x-Fyg)s
zbLv&hvQ?u|w+gJ+QLCH}f63~)=VkuNC*V?eg?&bN?TZ(Smp3{E#P})UrJRxXGxK*q
z{DKms6Z>zzA>o%dG@STfKa>7r#^PtY(D$PU&^!mA7odFL6GqQ4u%9-4u0%4I6HART
zE2#*c{8V;<=YSzS_mjUHvE732BFSWy?}yFwvlc&by=x}B-<fbc=rw&N7@bM%#<X6i
zHN%*R$>f?-jNJhTX832MmdmnTm*l|XpU9!h-^zaS^Gz4tW3O|x^kttcm0E@7B8DmU
zEw|OjsPX?u!3Oi0(tWg!9Xj**cOw3|!->d_xreX#dHb`MJW?V?kCTMx0@-u^WvPHK
zBqlEU{Ll6I__=@Yg6eVyXO}+oi%hzn&11ilLoWmS2Hq9(2JS7`9|Zm}f3<<s=LSog
z`|e^NyDPig-KouH%KlTQB%@%J>^${X>VO|h%{F#-YaWt~d%lu_`4_=I`dxYk0Q>3-
zx_9quV83hE-pmu;j&}HX`nh$obkR16k1Y^K2OsIre!BzvqAtWBXYyVrc1BVX=c7MV
z3FZ~|W}^-^gk8WvLq;+GcUaCp_7%CnKjgtD|1KAw`iDGZwo?y%j{fh95(95;1br?K
zX3rDQ@T`Dez-QPTb{o8?0j8h&Io^l5y$2j7L{7hQbBh+7b;qFv$}UsQGqRfg#+v%4
zi2JY6(}zc~<~SP4U(3N$pGij15{XX8hvO_sVv?CxBR5aX+Dm_8k=)avkBpCwt^IeO
z>!jJyANR)Re;@zw0QozhKRi)ViQ8$+T1K&FIS~DT_HZ$~IS!Fg@PQ>Vk7VTg8r#j7
z&qBlN`c}mKO=kJ|#w&lLDL*jzk1W*!!ZM>xmVs_>rW*TT8BvAc6+b|YVnWb#=8}Wa
z{TxPK6vW(4fy~KXEbe|`#IqqXjk!X@Pr)CQagC+(waL^E6tL5f1!u}o=Fgc`=Zty_
zxkC@)e{bS{|GwzL_Oqj3I8dg-2f5`EXS1r6@Jh~@{_no#zqOxB$&9boTEBh{Y_->C
zNB(b){i@f{Jl0!cegLsP0Nh_?;J=&B0JwIRf}H-6k?17l6?0_Snw98evxjs16RF?-
z3ZLf&*|4AbN&Wj^oPNKh1_1s$F!y`^{U%Kz%?Fa=;BPBlL0lh3KhTld1hqiwPmXBz
zhEmVnfF^rN@<KU&;4MjwUx*gn2pQbWh71|WUeHJx%K32w=eqgT``LwgmH2-}E<TMP
zcpB~AC%%QJ=sdhH&!Sg6k2#P@@Pw>q7r2gj`2_YFr%+F`k#&3a1^zeRyBYB*4qkr4
zujtO%#9*}gB9F@|bcWaOhDWXL6r5zWQixuCLC#9agPSgI-ag4H+asxY=>Ft0|G0FW
zl&^n8)*X9YQWw;TKfGR(qvupV|KTUC{@v#}WN5(oE}h$$@o&iiI16wd(3#+oJ|V<j
zFaxGznLi3cpF1<TND^W)C1yJ3f8w#mZpE+(+a~R<?5GlHZmR30nqJqnYy3r{KTv-H
z&NE}c{v0?P={cmEO>e6&NROI}f6A8x`j9d3k<8?LFqwIt(10ltgdbO%#y)W(T)!4S
zWy&>pJpRUHP3IN$4Mx5(yHI@j+-Ofq`6yK<%muFSLGa1?GM_kd%nS)2xAcT#DmF3c
z^1u6f{}z94($ugw?Wpxz!O5ugKF#?Z?0OPodoqWq+)#@3CcKXT_angiRTg0Sx^Ex)
zh6CE7UpIgnKwo$|tR+8x5OaB_IHR!-aN;lQ=D-iI|1;`<Uy8TijAr=PTA*nTnAgcT
z7lZ_di~A5icp~hjAM-%A==s^(4&tm4A-i|KC<mDBJaOzj*;I3pp4e!9b|f($V>f%S
zVjmkcc$BQ!aDqLcE%f^j^8FBWnkRv;v&{WJN`LTWnK(61>Nda3x#Br~&qU(yW8^KH
znFF88{*N0Rr_9NRg`fX#y?@bZIc`1s*<NV_Uv=c<B3YFEpp+GzhA;hPW)o^<*(!G2
z7HpNAqWzKzcfs<lFUY1t@5<6GXwIMbt7I*zmlfO3%2M)OU-|(Nku!^Tojcq5$3DN<
zwCwZuw!VWrOR?V!|HfH>*$(Rb>59XsQf7g2jXn7x1BZ%@wG-NU!{FkNGsSGh@Ku;c
z!;8n5?0UXH{XuiPzHd-1zzpzjU_X|gBe+kCAs@lgqroqELB?!+z${b!UTgTt+DD{r
zXyN+OSwF>orjcLpf3aNk|79`reHr>Sx5I`{MBA|qz0n}%O`|1(`G6_(3}(etN@5z^
zW9*!-Ir6d8p8ZI|B9mnC`kG&DH{{2@=goh<e*1a{S9m;i=GPj1FH_tH`{3UR-sr32
zylTCh%)q{4-Y|5TnHwC*ZCe{Fw4&~n)MRV)rrXN8l^tdMx}Io&&80T;vFxG_5F1}i
z9`HVOt&b%x?Rv9-=AHmPpe>r4S`X;Y=S_P7+6#2B^^`63%=exAKz1;<-@v|4D069(
zsf91B+C%&w4aU)=SEG(T1U`VIw1u*k9fa}dR1NVAK_@zh|I0M`lm$|wGexIAl4B=7
z=D96l)?=b9S$C4%h1X=lq{Z+S1d`XdkV_6%U-cjV%bT~ryJPoWS2|JejE>HwMp7%4
zX=i0s`75$$NuAWz9g%q}8p!z{k>cv(vbg3Y+4A6bvXg#h0Xq+aiOH_sqh$bmcVW|F
zu4GqK`TW!;HGbO6>K4>&MvZVZ<KN;3oZ!)Orq1VS=y7JF#iKdBx2M0%nV!OIH?cRV
z1PsEJZNzWIxC!q$v(fJ{TQ*mdsixlztkF+g?Jq1^phlcGV_tEeYO!eifSv=ebm|0Z
z8F~f7=~^@3YKift`~)A<EZ4~7_V<h&B`qq?;GLfe@4;AdhvC$heb7vD=kw&s9Fd3D
zIQso@GBcIg_Px(Z;nI5eF6PJm)c4@md|Yu^?jk#4zA^7l?%#-iV*e2MJvG0-Hr^}N
zN0`mP{Rps+1&$ajF3bSj)v5(t{e7g6+W)cz{iM2VkgQobTQ=@~PIgkyPKrx~KPpU0
z%F*qqJYbIbO_=BPP@Ea2`0ok#WLN6{-MU)Q2k0%UR~(h&^!84`D|GJ6N9+O4m6+%f
z*}wk{*~i?^kRid~dlc9=8()`KZK3zDhFzht?Dc_v=3hNL$ZgZBWgolo2M&AyU-(Y;
zf+EDjdy<Ts5Ql~kyTx$F*gA}Y|Klzh7cu4hfBIg{OiFXHcN_GLYNjN_7ZTemWNz$H
zIBqUWMHbqgHQQwAhLcjg{ZCT9?pc|)@d?>}>RZ|V@Ru?(u^i4B52;wY)<>VmL$AN~
zzt;Eux92-MC9PO_Kmz>j!N1uDH0A=1^!n{23%!LL<>im5fR|+=yYbQd>;$;OgCqhj
zFjJn-&osk*PINh6W0tGlZvOqNZeQaU@CTXX28v|^+u%GEKa(<>IRx|#Q;e^{Derk2
z`9T^#mj>RoMqywc4C~`9)|h9^YMyW0__pT%Bf$IJ@Q;igGmHHrbkpfUOr2f?pIC{^
zoU>5o&>PM!X8)|=Y4I2y0*7?=@c-?#{w;ogM%1L|EoXl{0~onK*w@@&=X#rC-xTA`
zv3>-a>=qlzZEO@@4<2NXp3<%CsXZV$DgC4(FGvpU&Lu`COGVXc*+U&5CzXAYabDyE
z=-e}htLJ=Po9h^Tfje6p`yo0Lpq$|4Xm*@nr*O^c^K$gadvg8^JmVW4#}|AghmU+n
zJS_tEaC_=mz+xW3)XKxi<>SGBh=G6g0m>if=@}-I$!p8Ycd+-#_rbq6{Xb9daAO~2
z<EBT^`R*?L?d-o=v8nz)!rS<$Xa}nSwpSi_zzU5CxH)o{GH3XVROLJ@#Yqp!vc<>f
zS+9|0oJkgKeidDbk7WycONXENMq=STo1Kyl_SaYaH$O+^OP9~lS)*Y?Z8-BQ{xQYB
zaod5jTrUIvd2wiQz@z5NdCHBN>qy@a=3(Ghk4y*GChVKE`_SzJ^Cm-!FM1w6z;xBy
zmhTyU!TfXA`h_fhpXUAP8rR9~(+uo0M@U>wgdaSaGrwX#V@{c2>CtGP;sY#oO0897
zf_1ele2JRoCe3d*|JriD`U%bd^}H|x?y^qpyMY5wVj}xx4xZxV>`N^<5UtpW5<xFv
z2{ofbm;NkcC;aw!;r^Y^$c}xRyL)oJ*I9p4?r+9FxxeZ&8L{7d&TquN5$ny^AL#+^
zO*SeJ{BzsOi(L+|>OHt8TrmSAFV#o3ZG;na`#iKMqou5D37qYrGAja3za5Xuy6vxn
z?^b5)oAv;ke8Ej}$L)7ee}NN}eZWLG;P>r&ll|Z4<q+roGtBg!J^iU{W={7QwFUJ9
zo9bVb9ot``2MFIa`1j!a=HVG^><D|XCv3ufh>-_)dX5uMuP}@~fAH?%WyZZ?AM>UT
zSh?Uddw=aDHMc0`-+4`M^fOUuSq}Xiov*Zo*ETh&oPEY>DVtv>n@+w)Zvt%@xXR`&
zz#pzZAoK8TW%$KykAEjeU;RoF>Gj2CWMA2P`rMm0`u#uk{>-vUpPT8kczeRRF_Jw1
za6j5?`n4mUg)}gcAHRV3zW_eISau5Oqb1Ij*ys$IK5>rZg4eug)$O!sc7k*G7jwxM
zt~T@i*YO99kA?3u2g{mMYMkxU^lVQpE>&Ybd4Gx;K3=)OGx@pfxC*q7E2t5akqeLy
z5c|`?e>&QK7W_AzK`dvH>t7ZBsnq|KCvXB>WDf9(yD)F$%Up=R|75tPBKf?}Vm~-u
zCPZY*4EES|v)eMr(@Q_Uzq^0wSqUk+@1whZ+WT)__tRZJOMUN$us<r$Q`APA&DVDz
zv%EJMx>K{qxl3y7RLRRoW*=z1%r9Ro)5niRtFnSxJGCxy_4PYHl0E}`jU1rEy?w69
z1>gb&_gaJXqu#fZoOt{87r|v1J6`+c<f%{47<~#ozw^`r;ADp5>+q2)QdCe!KL0ix
zfNQAVT!Vdbe)R#$E#c`IYQ%ppGyWCxM%-t<Om9ceAzwN6rC1FJME|Ka<fp#D<x7@3
zI1h2ZatC~tbLQkoIvnQnDp$zznswAcpOI~Qo`KW&G~9e=W%bFAq()~YAG;!lU;A33
zbIK)r#_Y>Q%T~Ko)@+#mQ=h|)9(U&QvqSE@uN_(reGL3tu&-Ceznha49G-bnfWA^8
z{go+WIS-ErVGhQbI?NzALc)x?e?HjH1M?;`ofYz^m0fL?`<t%0^jmT{TNs)@@%(&3
zmE`jJWXI2w%vg=@rIJql&oFub>9N!t)VM#B$L5fi<iZV~12=RgHHvh6k!puz5c@O8
z)icqJFyg;ahrnNO4pB4CCgy8%|Db1vWM&$tjg66^gNgNCA=Er4N?<UWGw`8?Pf9{x
z4nIc?y9&*yWgE_+CpGDJiT~uZ*vrcEW!1}E_c!PLj%czB8|sR`GoABIXM8yD$ni%u
z#(NX)M+JJxs8MLM8|KMt<qlr|KXI@b!0ae9fF+A$OT%TU)xDj)FW^^4%Ce=KWJCQC
z*#$3H{q9ewrKB4ezvH$xX8bqh0jdkDTmbXn`P#ehJ*nONjIpn)@qQ<Dzhutu$C)eG
zz2{YG_m|Q7SkLXZ_*;L5GZb#ts)NLLjq{xQc`rSP`5s{3$o=7%@FM<unencEz>6Hf
zTVp@h<uy-9?e6!Pw~rV9;PJIL!q5-hf8^W+hrp0=S6aYnFl|bT<Y$2U`J2&8T_7u0
zWZ(y={a2UKZ`duHPB7Q}=oQ)i<cD(X&!5ZWB=`*`Ol-LH!mF*9)NL#Np}+H=e9v)+
zJ2Svm#C?0r0S*we@%0e5J`%_5T~VUyZ!AU=I1!CZdX<?=q^xj-WG5?r%cX!lDb?=F
zX9mM$rt^ZH8S)wpeDi(74Bvns(7J+I-!m@(jlaYNlAlDbkp!+2@dF9Ocl8Bu16*ra
zad14N3!0a}&tn!JkV!6*3EtJRqKNfs7R-}-=y{~c%ry%9m*q^7!{hZF5IZSD!bi=3
z`*bX^5zVywd&<3S+l!rxo49#+8GNhbCQiJPn3?gjy*K~K`}#wVJ#*oB>yd%p#;jj&
zE1h%dY0QBt_EpzUvELN;uf~3$Ip$xDef0sJ_y;fWdK28i{osC`BAM~iBz9Ib`Wt+H
z^5#j_j36mW&z7AHXsE*vx^4f*%u%c`@Bf(g0QIcTb2ppr2Hhf=nKiPLdCq-@J}`Ja
z*E1V4jGUl$%j0tB@Ox5Jyh)}<<#0ZDT^f#lLYyr_hx8SxtU4h3+2xDkvrx(0L0Bkr
zzV7$}55>MI&g*&K3-k8Yvp>cTpa-*nTlRi}&f|v?1sAXzv$hLY|2W;hHCs2g9_Z!u
zY>V6PfuFES*3`U+-+K!!gNNWpuay0JH^`Q{`DhO<V>a?-*};B({iE-rC-a3&jL(vw
ziBlSVPVJ#1KRN&Sq0fPSFESRcaEBh?9{gjYz`xq)5pcW@?k7<bQqbI4id9P%IGHjj
zPC|kv(;KF~%Dhb!{5%EVxd3bz#F{ia^HsOcY<j!V@CAmhXQQ7m`wR5}h9AIR#Pc(a
zzF<CnKz%`#<QP_o=7;(PljZQUiv4`@lRR@CkVRgQMJ|$k70xYn2yzX4m0_0iiJnLJ
zd5cf5)G18<fbT`~9P@Wdc=RF}6E<Eym%saeb4#+P+cW25-4`9k{#xhIJ)d4i-B0WO
zfy8mG?~T+NpHbiAoFAxWj{C&>rns-SnZ+LN&fb1E<GkLp2feL`src?RVlsR*q3)70
z-jiMMNm9%1&hEqS%O3Xlcf$>qn!TUL+)C^>=>T-#jNG&vh#%noKm4JEOq`e|)yq#w
zcJ4-YT?fkqIH?ZqdxM>TI`Cd0hY!66*Wbrd0nQ7Hw#eb*%oxD$aps}F%K|jRPMrBx
zD&hJX<Q6Qe*PfH2qHU5pcPlz#3)!z-jc!Z@HQp)-3dxb7{;||5zks_8{ql`3Nx*1w
zzv(j#JRW`IlFPK1m?y)gOt~_1PV6Q}*FnVtoL!46tCtP2d@x@B=r65j#l>B|t>xY9
zj;2c8me<i0`ao(nqlHkzK13~;-&P~5H|>xe54|f}ANh-{x$vqS`tVDcl2!mmc~ide
z^7|kB;e`+0Yiar2|Lv>0pZ_EM;d&nh-bX3^11x5XuF?SX_~N8Abvd?-Ik{qkmmwJL
zu4(KX$Ir@^>{ztfz;(eKFppMmLEM5SV^61`(XRCgW?y0W1WVq)6+e)#^+xbqU|?Hw
zf`yXLoL7D_v0jZFAvZ~V17`fpB7DX|w1M#xJU)xhL$+etz<5*6k&B;F({stywTWi6
z3iSugEKmJKdacaK*(M#}2!HbVXIlTa--BQJ_sxiz(xCf3R=v>n)0rP5_Xq#v0m&(`
zoawzy_5EwH56%_$qu}!yJ(`%0>1{7hSNMBc85q`j-94>aOVng~L&@o~mi@oVigmKM
zid{Bl+jcUmx0_j(?G5ip-R{?<r1A_k_IAb@ppTV3yA}hk#{d7Pc>%tGJV5yYI>QNS
z-PhUJ`Q5YYC0VrSps@pdlzD(nTb_d(Y&>}ay2Jb4k&|!$9fJdCWBrr-%-8UL?iXiv
z!S^0|3yzqxvWLDw33|VWPJKbX|G4Zu@vZDV{dd`Y{A*c5Z88ZSs+^K~nTMW%tB0o?
zymZkocw)pA?OEIlH;MjVb$3B|>SB|VpSHY@Ntx+KlwUJwRFV|%*;xvY#rAz~!B4Rd
zUXpFHxvol9lJoDl_?axE22gn%9)eH5k*K^9u^;SZ_!-OZ`nj)>2}$RB_F%rrjC;KX
z4p*~78{9_5kD4xJ=_^f!?q*&VIXN6-G1JjeiAbPUo@ijdkT_om_Dx2;Ant0r+AlQu
z0!yA?x|)50<`IVOH`oW)8s7_&&;m<dY*<0cVkt-g^Z124^Y;p<59d**%q4fo!FOci
z2Xc(_hUpA))mcP+faNU0HCL_CFQ|WL?ho)Kamyrc@j1EU&NfoLa=FjX{hs`szyHNI
zo@*5`X$-SEI`hlfU+4XZ{f^A~J5l$a78!0}TI>0S5%-NcpC#rSxVPZno7r3kaA2O>
z0~cDa(=+>wuxQCk%am$*=xfQv>vp^@Yr)~Bt(VaQWgd9%yRu>XE9iREpx4$#y0iOh
zZ|javvb_fXdKS0|e({#nD$%%N-rw2LPxf&B*BOA*)XerZydej`^f=C^CG_$RpZrXY
zoc$c^e*q8RSNMY0<v92+sn|^)Cs2+ux3v`f??3;g<k07D;O7d;8f5ROzscIIFUiis
zAM!lk7B9aL<NtFDTIAY;D5|Rb+|;kU37>^lA^+cY=#=V=dCR-*W~Z<&D8IC%`1V$<
z*cllwl`9U*;#K?LrC%epdzjU&TOjqj_Q<;RRq)b2CHY$}O4-pzq~Y_wN#eq#GCMK#
z^5r+*{zc<UR9eP{wr%b-W8Q*&d$=6!WW+E#2^<<KWf`kw9%rz!^cB($Z9PBck3yNb
zpUDnz9GoDU-xm_+wMJ+%uo~aY*iA6}fqvic3l=|Nx|;F^%^jNg1;u|eAE5XyOhOAZ
znX_cd5-G&g59H$)4Bx=_EWRS2+v*pzHkiwE%Of|*SJShI<+k}O(o~<gx>jMz71R$@
zGKVl<O4mIBFGXu9E-Q)rIq~^(|L&?K<>4Cd`&;Y2PZ#*3oAB>}o=*_*{3_gQZJ)Sr
zs_|*eH(`GiS65ef`foDfQ}c9_sfOQ8XtPG5;Zw#;+X?1xpOdw9ugKcXuSiYZ3)Ju)
zhrgwP{4ozKdop9&4~`FaX8ha?{a0QCFyGuvIe^Y$w`tRf`hpw%^ObM`vKK_%c+2J&
z(D+#`HgE-R-ufK;zgLLq9~nO2^rdg%0RBLZo%ssiuv2_|r!xQlS9F0Ml%tovgez|~
zdr42h3tS=VcE16JAE)0|4TsKGQc7;1Jo(0Xg#T05?mdkEn|`g>*ZAN1-VXGMeAyGZ
z11^D*&m3G_*-0EDGucsFv|*>z9k|3UM7iue_D8APxJ-6zS|w}NZ;{35jc4vUEjvE@
zyJRx+>pN=9<-->*{-W5|&suawMsbVVZ)Mg~F>k`XVt=GRJs|G$hJ&LlbG1~!&s~|l
zUXtSqr6_YTv$*Bt09o_|<4pJm*K@)5TyWoLaCkM|Zg#)PH&}c{v#U9OXv!7LK7qJi
zphhlWXn}+8Li~W?1I#&r`i6o8e1YZsVSY?LU+3eS)SAvBdfV&|nqLjy(Bua!c|mr}
zd|6Day0uj&W`QRb>+AM={Wm>oa;={It$I<*)R`ai+27dp8#b^J``XhpdV5A~-(2H2
zu&?+x<@}2CtIq0*S?*J8M4%awN*!));aVv!tVhRt9r`V+Bp1J(%<g1(@D%9_*OzKh
z+u04F4&eqDbWdje`dkP5inUwhKKMazzO{w1pV_|c1MCVqqt}v*Huxs#W3BoZOUV7-
zl|$qOm5cVu$%np{(+__O7x*`F<h0^{7d+V|a^~U{zJEYYKJo=TIb~wiXAm=xj%a?P
zFG6pjOHVg61YX03d`;aUv+@6^d5vXP(c%;I`M5awvA5LCsAKl*?J6^)s_`9gRaREP
zLsv)LVkbI8r_e1}#_ZA(S=I28q^xU@ZJ&Q9MSB~hTVI>Y6Qbw*;@H>E@Z3cUXWqih
zmamTu^IpV!KZ~Ia&TYH?j#8GjMk;dF%YwX(Xbzwk%1(9^^Vae3`(<+e*O)$+7(W;M
z%~i~stq6Xl=4RZldfv@^LG#;J`33X&p$X4mU-7ShgIr)Pc-LG&{eY1Zs88T~g|Yk$
zR>0$b*zf`BE6l#Z;v*VsmFB!bbBA1JAF6k}Dh~9FqUQX5Iezv1o;Z2z72WaEv%g|r
za{=Y}adqx{751-=`CbwP=9}A)!9SqqjSm<NUq`}>bY?|LC5_$M<QRBkrX@>oz<Bof
z9N_orz)lamfy`I+@9!cHFb{9bZeIs<pLm*P%r%`WlpDA^bF=;7jP3|e_<i?vgdd<Y
zyP5C>g54-)`FHN2ufSPgCUYFCH$22S;A1&(@-Lz}z`@gBNY%o<QpEW{&jdwfo5BBA
zvVO-?5*U)e-2XI5CdWPeAlzRYIFFzGMh>3+4xTX8Ei&~a^la1O_B%{@4mp6~>&O9Y
zZM=AHHhg^xJ9yNqOLj^5vg1;ilOnZ;o{|;YE}(@DPsO%<vi9)f5;d=0w!Zg`RG)uD
zy!=O8SyQ*UyS_KS#=nfpDtLfeqU+WVyo32+YIc~74EMEV|Dq?FTWh2;XCt$U8<@c<
zl$_)WNnlQP8awzQ@Pg!!BhOV_gL?z-iQr!C8vK9%YyEkXS$u}^dzzme8qX9a>}&kD
zV1I53+Ta%a^Y_%36dGp@uFY>-?lb!o)6ekxxc^2zLj6IW`i41b3uVdXXC*wYOojyn
zJoan6Pyda-Ilp?Ig9H6NJ6q-Xr0-|JKWBeWbi7P?fAd`5l<zm<KFC{wgM17Nq(<1O
zvx%>p=XQ0>2LEo(?lPH~iAm#TNyOM`%u)nMXX>YS!|!87+*e&62Xg-2@O&t)Z8<}C
z?bZk1;A~)Db%2fYggMu4&u*~#3q2#)q7Q4$?XKPW!W-0Ey7%ZOVPSJ*>GEUn{4RsT
zeU8x!SV(Pf2YLXf$OHD!bJ%t8Pu!0`FycQmL>E4%2l*1Y`A4!Ft-^SAe)pdIQdZS+
zhJZ7C%bqvn@R={+-5g``NBqAO|E9fAe1ehd+(ZuJDE$U_aQ|&+Yi^cY_^Icu`J?1!
zWXj6z@KJBMgg)(D{K;cdy8f`#{pnMwed>Af^dI@J;0co*{u}S@PyHRIF8|TxuD18H
zw~a2K8S{#Jf3=|lIBRt!&t5K-xf^6YTD#-fdG#7RTxP>Rnmn7?TIy{DMoc&3J+T_>
zS4(j-)33j8H}(;YzMwIe0MABlp|Kx-0p^Rqei1!M!;<v(>+jRt;)l%a7q0RzSKn7)
z_ym(*$S04m*rM7eWOmU8v{u6Ov;MpMS5TT&ZD;iTI)fwa`w{!WzMAs)T$S&e>wE_G
zo8dk<c&LoQ^y=$7n9scS?M&L;yeMWraFaanKsWY*2BTSF!%jd;dID{U(~5iL?;z%b
z-)`XDn!SF-z74y*?U}jOTAH38)KBQu5@YXTe$JXbz`pPTDnGdDgQ!+moBKPnuXP`F
zgSPAkS%X6t_;8Ae+YcK%ep~mxDz)361OM;HLFxbv$KR1Nmp+pn`(K71{4>ene6o{X
zWW$+H(F9m4yN`V#^O?y#be3zi?&Q8H+4Kop-+RAt_E7BK3`bup^ojKE>Up3;2l6Pm
zqwgahiI`d@DVf`4A$x@-#q{{#?K*MceaR@C$C>}AtbXKmcw^rbCm(+}##T=MEqst1
z1`js0fEDjr^H=jz^BG|DgmTD}tFkxBd~$%eY1!1>7BYiZF0&&u4c+eesX0=_?xYF#
z%nBskz!JH?(M&#~$uF25e{J3{mmI=mru;(jKUc91_Vw=+nXzx&*XS?wXZ3OB$K2?O
zuPD5p#c@Ao_<~q`0XBc_CCOiNMDB0bSuQ^IaQENB`}Sj>LqbZ_o67HF)w4Z$w`tEu
zvF~E!{yN8NI_Ec!_d(`(Z^V5w_Q#AtYZD6`<-?ixCUD$~9NylD@5<q2!pLp#D7GO+
zTN&KcPU!SFId~X*{L1g6ao>(OuBQ0!MlA0G->)q_0L9dOZRoFY)ibyLzFRnFTU#q1
zunT!dcSEna3p;^5dkvr`?O>cC2G|TVY6*7iYdAQ1!{_cT@u^F(g=l|XVt0FqOr~#j
z?9@AQ;`GPpe!fQDAIkpLCTjnm!~OpbzTgW<NZ(-S7jNFfOkTs=@C820^Jt0xvNxWK
zJ|D$@=LdSz|7%BG_zwOqI+FH2(i5)QEOx^(=k9}t?h$lQ3T5M=mu1VNZ^_~lPs;W;
zK0-$p4$I_}<RAO~{aimkEjGr`d-4PSe$)X>Hb91X51_Wez7q3un)}bssg(rw-~)Zb
z*taV-dU0hrtEH5k_~HZ;woAZdNfLV9$=5Nx-)uMb5!d>KX1PP7F984GzL?)tgg;TN
zfB$S@_9qGE$LqDxEI#E1SA1EcUoiWEiWO(1blXMpzq{bI&GPxV-ix2>_nx?Lq`N0O
zeH#C*dg|F<&;6#@?*+%7F~e`v`kI~d8?kSS`D21jxDOdKOw@wM_)+)18SGk#i;KGq
z9O%vd{ZRP#hH@KD&VlsmoE3{h=#krq;#GP5l*`+W`Eh%@LEIh;hou|(AMLnr2xh{6
z$BsSZR<s~)Z`sP&{kxN0z<&K4jmJ2kd8v=>4<~@;5qdR#9~zaqtL5nEC5~X<FmCt9
zXWZYehunF0JMx2p==+YA(LuA(_F<PE?NCRjVG>L2aM7wqr34KvclH9SmYtz5h<?~P
z_HXG2wrOXD&w-1y+W>ljf1v+&H~OT#;7xImJLwBsSviTF<4Eb-e~=6rHc@gHUL?Lh
zhd$j(69@mHXJz+0Xvm<0kWo}z`*Xd|KjrtjdHY;a?#E%?{SC}3?$vy~1{mjpxT*Qz
zpZHJyulqJhQ6(}P{hzVuuh|V4j4tQ|Bi}dSemU4@UZ|Pr*WWj@e`w|tOupedxdRwi
zoHykPifQ#T%lW(N1Dg4W8{WS5@y#BCUzpq6;`!R}0r&^wTFnf|QK>%hvcU^lSbSq%
z)t~bE{}PXZ<9E6py?*8T=-cN3aAL~+mFGiw{ItIpMDMRD_M6W6mV961eTZRTKV%qM
z>F7@41Ma`SwcOE4HM`+PgBQ)2bH9_5JNO)EaCZ0T-iO|PZ=>dC2bZ@U*te(7r>0z9
zw)g=(2R!gVZ*GHsY62SnyLIhj=znM(peuX-8gDiBJAiu!dz0_5w_J_;@CkahAjh!y
z00(-D{irS84WGDb33a1RU~7keV3$+(Ih|cpGsKVl$B)?u^#fd;{rNu(V=rM2GXc9K
zvtR>r!IQXeD6#(*>1X4CKWd3Dxd;6Bkgn+Q_U|{CT<3nYN`28H^@lGC?hHRPEtfpZ
z4Dtyn-*`~AGuJykuUv-s`Pcsv@Ar@S8<7d|=eu@k3*P$~KET(E{h?m{*$wK84tJVV
z<<=VUKNc;Zk^U2y!>g7m@}_cn0_D^POOscaG0!#S->_!>!Qv}SKB9S!u*`_@8t1Pz
z^%3en$U6)la2=m<)ft4x<1el?lTWeumS$IS8O;^ua#g=j$hCCdZdv>22XNNiL)`Ex
z{xPrbZ{cTW$4zgrW9FwX`d-TMZ8`UA-QUvN{~_#~@NbIyiv4k8{ovsBlb|49cJ5u!
z>1u1l>du|Ig5@6YX7**iz#fdF;fvWDrucW|w#I+0;|&DUt~~B8@&a;y=6X%|znR%2
zTj@eiphb&TJZF1@8`vJ+YsJ3B4E(DPARo}2z!AI~bwwlp_aNu6$8X#x?a>hH(6I~J
znLUZ$eenYWq<c>rw1#Y{BT!4=`T+V*y?WX4-0%<VeLB(8x3|~aVGy;8j?(gu*5IGB
zJ~=>FYW?locj0PnXqNQrr+&<na|yLohoR&F{?e1YU<i8!Ws6SAf!9Bm?Dh2$m6~?>
ziFe=nRr-8C^cf7FIitGGeRrbq)(;=h-!R4gP|towUtmITw1NKxxtpapV<lRUzVP8k
ziB%7K@%Ij9FK~{5{jwD11TB`z?dzH4`^NPKexlKrT$49|b<6poBuO8;((nOI_ci&B
z@84&7tjUj%H+;{hsE=r}A|tO*{Hra4gSt+(zxsE%lRR+x>{;i3==J<9elIM1^cC&<
z_oDA-$@?|-Yu!JHTAvB~aLF4vzp1|0l<#ZoH^+T2KW?nQfq%V@HJh*R5Th=p9PtDC
zsdk6rS@UuW_DxqiJ5vsz_*Y%89zCt8t+mHjxNr^_)ENH<5Vx&3+iRat`vqDL)STbJ
zeqba1oBII=V*gN|(FXoiGhDfX?j&cpzg;IoORN>=hj#Q3dVu@B{H+0;1Jqa8VYbX4
z*f}tJh`(q{J#he-cd++1@NWkPM1OMn+gmCZ3AG4%fqnZAH2jJUxk}fr{g_{(t_e4>
zExpVx-QZKR8wzibKN{lp(!<(Kl1r;)Qq=4>_gpylo5Q|-R#S@#if?au8(i<!U|w<G
zAFX$_e&XZNPlDjXtJL_PyG0fiZWk8^FJ|znWohXaDbHSG%-@xRMZ;28N%?iGjQg&(
zYy87ieqrU+IfUU4!231VvXoVZ577I+f4;cJcU<=jV)_{)htNFYD${d?#g;R-vR1ae
z_W#5u938}<pyz*!7{AeTTDoe!gB|C6?e|&r>}YWNDfTV7fAhF+;J;a&&y@3ne{;^?
z9Q(%Yal`4i4M#K8j~U(DnBh_VaP1qxA7iV!fZ*QFWOiIl_&4PNs_m`w^IggH`=a@w
zwE(r-i20i5_hqhL@vmor4(*knunGI7*l&va8v7Oh_V9uappVd|O-E+6?*XG~_Y#+T
zN+<0VFf-J$<-K57`xPc`*EaACYy7t-XRyT=*l-@XA3tG(53sfMpyud8em{shqrFjw
z&>Y|aFyD?|MIXLrP3*rL|7DAxaG;Jbz-9>fKYWGkjM_T*k!RR5L)b#1Q<C4@`|z3W
zH+qkL&HMA`S4P~*d#5}ACd`9<4>iR<H3832QbGJ%khe|BGuP4cpDYn$V#JZNkT3j-
zVS$mv{S`6~jL%D3E#+p@+s(f=?oZ|WhF$F^zULdR@duW?LSw$g^f9K}H^?KdJ%^b6
zhn^e$9kcj@B65wq#8p!N;<pl6xI}!>vi>#SuOIujvvQM)_1tf3qi6pvoOQuI=7PqX
zaqc%}dwwYPEB=Z5igk_s<23%8aIg1;jth{`umEcMJ&ZWrudj{R8L|KS_*Y+G_yNuV
zz3B%kKCP+iX-`jk0on&_M+{a>tNzcuV5>uiE`|><@Q+{6JfJD}H|76!cG_!nAWy#w
zzTUg#9{P2v8`Ozep<9ifgvRb$!0;XThWiZDbG+6Xw9jxyt9y((p`()zxd1%(9l9HN
zKu4WP>`G1pu3NY6VEnGz@3_~PH++D8;{fWFw^9?<`9n+npbz>nwsv0R0h}Qm{mC~5
zOAG#=)8gWOQ*}Sf=V;S`y(4bDqooXV=>^`c$piYCjF}*BcWZIRhgao+|NQOvfI75r
zY}mzHB+Dvx$dZyRQktPyW=1%TIYIb}=b5b{z2>T~%lW?Ld-J$$@e@~Fukj66`-Q7>
z2z{LK{TuiSi_frJEq>$LYYC4pNxs%hKB5@xs}+F%jZb|hY3ue;>uD>eA3W9F^7{SO
zuW>1}FYCUKb>Gh5tA{E6gMSZnJ)6h=;2=}pA8e`f={3Zc*_x5;+m1GJeFOXEm~UV|
z6zrRA%ou-i_&#9lR_W2bcT@Z~=KzZP=J@ZT=kYGRcuuPKgU&DgyZ-3GcjZ3K?UnOa
zb-^|F@1wH=M*iOn`({62$5qb}+9SNTO?&zbeWW9Mf{J_97SpeFUPx;T+7ndWAT>w0
z>}-t34&aP$+Cl8i^RVaaKY+7{o*~+I=t|uH4N7(n+tcS)zo7A4<NkeZm_g=uwt&OG
zD>VgYm*Lb8hoeInVAK_ys4Hp?;4&ygy0P16<LGo{_14Y5>b%eOKC92X`-b)XU5E<~
z-3`2Z8@M-NU-93+PY>pQ;U@$COA2<O@fIn=hmM!7ov9akjFt$r0SoELSAusn1NRwR
z8*MGO*Mj|;W~RPCzrNZhs9(5l-q0+sF!BfEYkWwveBy_Eg~?CgKR7d3ey-FwKWGkN
zv8LQYeT4diVzs1|%p9(fbq{|ibNA5$Y<aiLh??nhz1Q-$cHgC^&$S*o+J`*c)c14L
zyq`Tk<@obs-e2)=nd$pptsm@<4<8N3?xgErzX|uDp(F4SY60xvji9FPKu^2{`G#Yo
z53pdr3I8re4Xq#N1l9P|dY>)$SIysEXaH+`SHEyKb3=L_&{===30mv3C)OJ|0NAzT
zOrU*5#lGhG9Xj{m{khB76SAVFsONio2XA@;TFY}I&)`f>T|uoUGekObpgF%iF<)ze
zy6e}Ux}>2q#I9j$=8Ux_(1kj``ha%$0FC>d(WUK0jjvB%C%N;U_R^j_!NrB%0Y1Rl
z6&;d6BRCTbK|c&GvCK+w9^`&y>FQPgKYQN+7Ui{deQ#onF&5O=8&>Qh7OV&=iYU@M
z0@AzmE(}c&MC>9cNbh3rO02QQ7LBn4Q#8gDj45{4zs@@hBGKgL-rU6dfAT#0IWsTA
z%y4G*I=imj?p6DKDBh2z?ljtLU8(;njQRDG%UG^sRmk_>6*2ytK}!8!7*WI;;20!F
z6ANNXk-)luP}bze(AG|(jwilEg#N!+>fuB!cKiw#6d0kf9~3JeFKmkX_QT8l4Taw!
zYzBoq!-5xMg2E<PK@3=h6?<62ao`FX^Gpee2oF~5-K)GVSR7|Dh-bgh|6a`d3!h);
z{s^@`QoYZwbzh5TzK}`mb>fVtx$ZpQr`Ov3wYGlUnXl0MdaLPl*7J6vJ~n1dPt^E`
z7@(;0e-;N2w+9boEuYFzN%seFc70#Q-h}@5r5_;XeGFxsPvC->2ilx<c0$h;KEGW5
zMePvJ=x)7u#y6944$WG$LaWxD824ABPLHFEWnNNMipzIpd|%8D66gOY&I%mGIe{Zb
zO=ZqN3;h^t6!8HS_7)7H57L_P0}+Q9rY3B6@gCYR?k{Tmv{(bsTk`c=D6xi$wFM%l
z*p|BAmbf7D2E%#w3yy(_<cf3%SptozMli5oZ$V_le`SW)fBN0~{^>7`Za@Cz4I3B7
zn*Ov8>-1mJeYyS*B|l^Y^Jfbq3y~UG#F?N`jPDG`Y;ynju@)elHF@#Ghory^Br!fv
zUlMu0q0HwsNnVNxwOH{S9@MuT8s2{1hLB@|z=fBIh*2nTV-?~gKSF^C^;Yu2$Zdm_
z%sZ^YGR}%gKldFPz1<2%W@c&s>E8bpe?K?CEnD!rDDwVl!vx1yAI``b^z7Vc%wN>>
z3X$S{)PE~$L(KK}fwhf^+~1e{eCq!Tb$>c}(&b`iHl5sD<7p$m$-F;%dg^R|1{gq}
zU@%3*1BDGB;{8JZ`|wO2Fo3l*;%p}dv?4!cd&d6cd4I*(&sEe7@Z4|KT#08d<9hVp
zdoqqEe0Sli_vkrLnjb3G!Hf&4@+=oQy^%blM^W!bjnctLbsgfsG}<e)S$JK!#{ka!
zRAarOI{$tEabYZ<YrNFs+kv))s2dQu!y%0I_Yrl=%o}v$%))N`JCPGmVXS`ypLevT
zIoua;Ru|`W%;uboA*06p7?C*N{;&AF|DD(P{^|WLL)AxBiMmjYv3;d8e*({aNyhZW
zaMq0kx-39SWC73r0&)RllKXoec`=gV%6ec+12=MmC1OD^d0r)9tsvJVA$+Wm#OLJK
zm>@7>KJnw3yv$x`a9#2t8sfpfa{p!6Aio~xM_dqgf`kFY0rFHVF8&aC*B_%B&lNo*
zqyLE<poO(jwTS!4XMFUa?u+xkHzrRS34KZL>+8PI|H+tbYX(2^_PV&vsnh-Ee0|B*
zm!J7{dT*)=Gc$_$4A|3O7(H&ZR4d!HYY*x*_4x%hz)+D3q^PKf*q^)}s2BBaFzo@w
zdEb%w1Th0#it*Rl{o;4sB;9Yx{6IU_Aa$j^E^2?}Hhe4A4)<V;O5nhtL88Y<l|H-*
zYxtCDzYj$h<*~Hi)%d)F=~s-AZ1!QS`x(I+pSH~F529Z8AeQu}zc7&XLhU;$Q_opD
z#2CNG9}cC>Fod-MB9ACAqc<@_jdR8X28<c22Ya7HbYh?EAT{+G3wx*Rgr&=r{~f*j
ztN!MD+;8LP?Qy7Em-ndi_4I!XF@X9%if4wq?L5Z+@~QuMND0rCWMOy?grqPxkiz&t
zGJ6CRvLHnC3q6x0-j*boYn{|$L@ic4XD1K~r2Ar(MEDlsb_4zYjr$1!e5_<ch_zw-
z;dzXRmwXA~Pbh>qAYlM&n|y_&BX#W|<Wm2w0;9<LYyItC_4)j}uai@>rswbx^rc1K
zzlX5>Y4`K&AFkG$y?ztwo%zDv*Ocmc?B`gpPTmJzzMfLN-`GgR`=6craz9__zT(WM
z&Qtfz%_$aoaCVu)d0RekaCVUDWR+UAA@+!w=?%_*$sdsGzc~MeP7h&yk6iy1H3I6?
zQO4d_Gd!%;?-z9gB5v5Y@!PDyQ=%UCmhAlg<OFF;?!c~$)d{^9XL08)to30pzk?g&
zJ4=sZd9j#7N{(IfedUuMaAnDL%v-b{x@Lh=j(@1?B>D?Oq&k1WF{sSm;z88;E__Z=
z8z7#yH{*CiXiEqT5Oo24*n2E$e#dLuLWezw<5}}#;}M0)v-D4=ty%L*<ojvkzahRu
z-#_`~4c>0t@cUHr^j>pkU+>)Z?OIab73aRteHDynPH^;yKAiXMPo0<R|H5zu22l6w
z>A!>lp;<_lgjm3uVId1d@6fO0_whhsKPYhFnJw`G`=J&m<S_<eNBj;>NO&MHp}q)A
zSX~bT$az$Y0daomNM5=V`JX+3@3M6mqNeuB=Kv$3gM0<gkEH)SJIQl?)c?_(>nqv&
z`r^FT;+!Kb$*y;Fwt<fyeYyZ&#_^^zuUD)4b^2fH=PPXe+B4sr=f1VI5j?!z;2Y?N
zfMC|RhXykz)|d8qOWO9LuI@$pFSq{(F}5ew1XBO|G7cze0_C;A)OGd>4Q8Ey@cG5H
zE?s&``8rXHBlL0r<Mbkb-;8mB-ptX9+*|t&<S?J+1X<E{a*chB^?UE4VB<|BEkA;V
ztIlI(-e<@tzKL`pW#3{+*^e-HUc_8KYYrGA=tx^%#1DGWZV)v-y%;kTxFBi)`>;-7
z2xEzo{?oP)F~Je!iuaB!MA(uF*t-T`=%@(@h>taBsAqr2eTDA-)@%Rp^j<4tdmCBH
zmQ7jPSF86z_iOck>?jqO&UB!zv;L>n26zqw!fI^*VF$2INQfK*6j&f%7Z4XD`4tu@
z@Ih`b{Mt@X*bL9x3lcsk{ES*(<9R=$zTfc-Gvu*{`o6}q+X=*x`j{Z>fjA-5|M=K4
z6o2sq2^;p3@2wT`%ZoIBYhVBF-`UukRQB)Jndej&#?-n=cE5=GP1YL0S#EOO7yiDf
z=?pl#*-PiPe~>@1Ku6Mj;|4yz;_R=p`RnX`Yx)a*oSRL(4+%m@IC){iL)j~>&p5za
zj1|3H|0N%QaXzUoi25&Tenh>W&~*_9=)gRl@cl*nzZ3Zb1m}?Gzw1DoyiZ@j1wvbZ
zJ^6wMM8xK1&h#c<^JenweS-~qe#YA33z(m_59^Arz$Y}1z5Q3oy>|l{MK_RD`W5FA
zeuYJAuOcPq8e<LQ6JZXZDRcF58)5|e2UrJ03=nn0ViocJ!K@V;I*d6&`UbuFj)Z&Y
zQdoJ$;$3p%weO~kfau6qBF`_*`uh4`!&u*ozLPxv+b6GF67^2gw=qt=uUzjX-B*!n
zg2t(<V7itGbN@pBpO;_x0;~^6QAjNoNO&MHp}y4F3H7kyg}Cqx6C{74&Ua8?Lc>*#
z5sAbDNuG;4{2CAHVv!Bv4+#MR2jo}~?=Nfu@>m6}Lox0D<sV$Y+wUsDFUbFu!1xz^
zrsCRcdo!M;U8R1%p@Zdfy@dV?o)2;E3*EP{oJH<CXUwJkig=$C>*u-OQ1|O{eA3yk
zBl-H~7W$lj?kb)20l|R?;+Y>B5r(kHa7o-e-KqbapWd@Cb4zM3w*iFyQ-t3ydI?3{
zuhi#DeOK<$7u{LMBkFo2J`mRGh&tZx$^)d_;G66ZYERCf{wky4!I>ZP=54^bO`H$1
z^A3_%9wO)96_jng!+F{}k+|p>R;;;-Rk@#Y_Slz_?yo8P8hKm3M=Gy1Y1W;wKEW~8
zM2h<h-50q8(MQ;^Q!gox*q`=+(0@_uH-s3V$y~Uldo+3t9#Rt!C$ro5!G2}2_picF
zeci8ryWxAQ!M&Cfrt4_F{m$F$_v=%8?hD)hnf{Mr4mCySek6SWAqqR74i7ljBtnQh
zCLoUu)WZUS36gyvw-KJh0?A%@iOujrOn7E5yxdl(j|;V!@KP+uWIm!+0=d!#kfaU+
zhy(r^kojdI|I$6=T)u_3nsT0#mxrw3UcM^#)3cUp4r0!4D7k)mD7Rz3595CH`$vsb
zsnz|-<hIj?oda!te?Pc;xx$d=y{PYbneLl1?kCQEGxO=>3AW&w?@!$i75&f%3Jc|o
zUF!Y32!zjzlq8I6-+n6O$n8M=uB`<aBK&}7zJQ`XNUWk?NYv>M<hd_q{tC|DZrz2w
zFZj0v-_}2Pttrpx4y?uJ%mCKnHlrP;#_y&dxt)Uimmn#56FE1(#v;zp%c=N|y}Nf%
zxRrc=t3Jevyf3gUr<&_^WR~0@58pS)*nJo4w*Q1B#kcvHcI0!iMvyb{gv~#QJw3wS
z7qtSy&R3<+FLH{){~yNQK~=^K&71=<P;Deu=I0o`DxduyeIMUHz1KJ;V}<71tN|R!
z?}(@a7JYw`s54i@IY7NR(_w*#_lX=poz!B1gb50}AQ!2`0U^(0L2ay1VH?z6>-i1O
z*$NG81cgr_`j7<|$**Gy&#no+k{8Du<+zYYJL2WOg4|A+FJVEZWCzR-$fOUDDb)a0
zlC!lfea_jAcCUn;_oC0+C%{c6>itCQzjrTr&A*8IYfMm;YI)4f^;okz6K<Yvuy?fO
zwW;zNpW3=!siwC!*H_=}H)B1Jn};)k!$PR@<bMneL2x+F{92ulh?)mUqN5N&F}Jdi
z>H!Dz7qtK)uSYwe9tJ4%U*rNickaeqz33h6NBw@2y559!d9CESU&{$7bY8)`^%nKC
zPcKz?idnGi-w*L!j8Mjz*A{+)`O8mmzHSZDb3Q`h#;=i<b&hBLr&y752^l4~ky%cR
z*!d7L;zZ`A?~#;sox0ydiY*9E&rXah4y1qIUFuKjD6b)s;{NOl5;!1y0_Fsa%&ZWa
z5Px~^xl^u+&*6tBzcjkToO<1TJiD#9_E)Xn)yDpQ>-9uj@YJW52EW&l-xKzU$n~EX
zKwn^7t^W7w(V0Bp8Ita&vIj^K;y|h-`CJu3ZsSOWC~%;jZ6NG}=WK-97@`6X>THDH
zvJ-@@@M3#GU_@P<L2<i*4I#${;zO{IXLf>w2@);{Y@h_nMc{zAo#4L)tKR<tl|MX&
z0cYE2OxCLUt$qDFe`n`lStaKC^i%1`x|eQJ>`&;w&a|<Te{VoNx3jlo%-&Gad(q1)
zujyx9pQz_o=ssfs@^fE@c|lY9_`cNrFwWr#ldshM@TkZ-osX17W1b}Bhl$}FR{8{u
zo4n2QygRW-*Z@NRpJ9NaK4>tnw{Fvp@w<VH?XxbQ=l$F7i28iN0b0ukD%}?MMGSx(
z9IV4~WIy^`a)1Yr?>&%Q&;jI~35&|(Ie!hg8^1wP+AgeGdltzn4)ff<g7kc1K;AX-
zxqgZGO%LE3w;9Vyzd_*q{nY(N5|^2XS+s56L+TN3(ds?v>>tM5fT$HxW$s_p3C_|t
zBG+IjbY~f(ZI6*?#>Z<L=$_tusA}S!$M>55@c7rh_MKW?BtA60^W>LzDeq7k3Hfh)
zSANUpZ}@sY5TnLuF|J9Qajc~Gee2dSqxx|6LKj4`Z$|Y0rOqp=m0BE_M;s7RhXF6b
z0%8Jv1-V_Izyq$eImCu*T@2wlT#&~Wg^lo>o$y>-;Tbmk8V86CFT(<1FGzS$Zw*>Y
z91v2A1p#YW19S-+?mU4<+DaIjn$|Sj$5-XP4d-|aWZh5C9&H&v<7^M|d<|FY#hM>-
z_{^FDE7tZI8R?M6L-g>9UjBNq{#yMvQRqHv|J^*D8PlWQM?_-Ts&t<D;q>(*sQ2=7
zUat3You3yIgD4@fa+x?ui@N#_^LXU>93=Vz$>Sq%K-dG42p*pytOFRxdjB?Z{id$J
z!8o5}_fy}WTlqV|!KX9T40GM%$w@CH0sfo`706mtd#4!k_+LdrS``*8e;-ltmD0JN
zmcuy&d7qH)|2m>m_haG4AK^By0`oJ!gsH<qzJ}l%qhG<?Li-Lq$?>Bk)fR|eU^VK$
z8g*ZAl{R90plOTuU}zkSv^A$WyYCUouHVJnMQfmEW>RzT{AtaXeGh(kNeoW$c*f}J
z>;}cPziM^#a^rWVEA^f>KQTZO+WtcS2lneu&c9?VjAGAERB^3{+d^0iOk7w*40tBQ
zfO)m@94;tqgWC01@dE`m$o+-i#D(W<g=g`FWL|%9d_jQ?g3F|yogn-PN>aTwiJbCs
zQD6Yqz$~N{oW}a^A0u|-cKU^Vaq-hnew9!Ct3I!ny-r5Xa@GFi_Y}5&kM8aHy%oK_
zz2v^XfvDltVGLjjbN+G>d>#S^6g_?7?3dg8!p}FCV*5hhh3<z%M$y)f<{2yWp0nYj
zWr&nfsP97WC5ert?$=5jXR`+fGhU`fooz(@7QH<E>M%g)zo-xDr!p9A-)k?$_xXR-
z+W2x?U;Le9_e*xbKcw4T$rt4A6ajBH8GPL1IF~jUzFx8L<h=Mf&T&|>`Yaqc3qEt*
z8TfN<#gg<75Jo;uSv)x&lFG>GNq+vqYw(KOLawf3%;#|KAma>gvbRU*zlZ@geYZ7Z
z5#$0GqAB$Oi(bSx-h3M)+0U~ec|S@j?x1wn15})QioM?x1HO3-_xVepI(GEw{TI*l
zdfDgG@Vde-Xn6gvzCS>1Sd|KSp@qIT)c>J_lsW51hSca1EUFXYK(xSudN?4kAc{Cp
zE0SICLL7LRjnL3%_&q#O_z#MeIPjd!Ah4jm5CiJsjdDB?yoPlW!rS$v4hMpW2b9!|
z!>IWBF_s)XOZ&7XdFEGZ{?(t;@4a4he3-A8?In8tdW*b&t^R9G94_Vh^kxbhKydj`
z|0!}CK*aup-7nAan_C*v&v#>NFO+9}1a+Uh?~&2u%au|0We69#FZBL7-RCR_N$)xL
zgL<!!c`>oXj3_udJJY8gNDjp&j7jvBYylA$=%L(;J$~fZ;khn)ao=g$RPq@bHEv9P
z-}j{Z&-{RY&@O01?m1g{x<*s~qv1si@N}C8XNMrz&z=iUkNL!$Y}j#Ldlu(5_;5~~
zy#qOF5>gP#|0Oau9*b7(furvl$d;dk+Bg$F=No)q&7|HTq5n$kI}&wAJ(LHs2bo-?
zZ!~3HvmN3Sw{XtDEtFOMh_VeoqIBPVlzj9UAO7?R+rN8)if``2)Hf0~PEN<aVO*`|
z;V*B{-hYSkF3<j#&hZo&@OR^YwUa}Ys1uX)pXa`a`;DnR|A+JZu(t?8s;mrYvQoK7
zI3UM>G=T$@wCGxUK*E7~SWwS4kYj@I8S2>x;&z>#(7;BhjVH+S3kp1V$tvoRUM3Cf
zh39agJ_aam*Wy4Dze@^Pkg^?RH=iKy+E?rYQsOx$v;RGP{HuTO>OCi0#Qge;8DA=0
z8T;=^4Csl86NbT_et`{Z`mL;uVKdttw)R$14#2_54o)r(aPe@#Tt9E>iLmeGHomwW
zLJ1BHLjdu>KPZScK>+iGeykVr<@{V9c>8c3td}R;J>20&K3QiM_P;pUGsa*8ODi+l
z%CpE9Je9MxN7J@$OWx2%Xu;Z`w;AIT`rec?^WLGfXvu4g7YMz7uU%Uy4k*|CS|5NI
z(TP2{?sG!n<uVUmoJZm176lL2NX)kOfxB}UZ%0FK7XKF~a_{CH#boX2aQC$3T#iKA
zC$XI2mc;u$h)vl5fBOHe+xC@kN8}Pk{9n`-i5}m7zVR;9#~8yua4nXvK7*3V8kBCh
z%Q*s+Eq73{`3Ds5CO_y$PqF*EN7(cABWxiC6n}LW>IRnZ2o0M5{bPB(-Cg?pl$L+>
zcj1q`o}1s?{I0A49?kP#V1Qir<@W!m;k{up(-~<o>#>;p#%U4`5DTJ-1(K9-6(Yv~
z2?s=vU>y$BVu1n&gngj6&Gi{3$Z=s2@j%FLVZuV<!t?bAFT(^;ulxdBs8_f292N+B
zA#@#Wf?6RCBn9&}B`&fUrK|zi{=-8kbyk6~sj2Lb?D1dm*ctj$Bs)%Ez##T+Ni)8v
z{{jaD@857W752gOXU|K2t^=goqec$k{eBV`xY{rk*4y@_-OIXr#tw#32D5%(@E}pk
zuPpHg4jw>05ylq=_a~=7KgJjtXY4PeZ%59I>A*TZ!Q0iIx&L;IK~T8%>c#k8zfR1X
z^~P9@K~NtzkoA4<q1n4l=u^vWd~yCaX78|Ah0U*6<^I3iFVGk_748nybLR+na+a77
z56%~|FmuCPuNb&+F13!1F~Y)DBRQo2V<!xSrR`K+pTl^?Lby45(nfHEt>au6S<vSt
zSGe?Aj5oafPDkb}Lg*({A~WY>&MW>F#gg9B*57ysC7Xo&z!~OuIWy!ginemT=;<fe
zeCr7|-gt_wHz_|qM&jN>m}z2M!`xb{nkV<(E!kKxa_`{-kw3E5mgoF`CEoX+ez%Ng
zTguw823XVp$o2o(D&~VsBhPPI{AMgk+{WJDN@76;*Y#KwS1GNFi3y8o8!T>!0Rjhp
zg#`_<f%og-f#P;UT##&rIy*su4|01!!h`29;pKR+kUb0{w(u)lASNU?l+Yad1iVg(
z56(yKg`ctO$Hy>q^Mj3pUFCne?|=5+d;7X@PF7dyBkTV9cCK5+?Y@0FQ93f7+ljSy
z{2g-xszZB|vwJZ40LEbYbWP6x)gnLkB+mHICdaSf_L@c!EAKN_sBg&M8Imi+Py_nL
z>?06jB!u@V1|}LXGM@-z3r(0>O@jGs)*0DNf|WhvjuZ>tH?<y5-BZW(S;H}!y=Hy*
zUPZ0Yd*l&q`CdzM>b#9NhzTMOC@`SD{&!>jzvhJLm~H7n3<%?yA5NVPgN>yZ*Ko|S
z3!qP9i|BdjoNHo?sXAj|WHklGR?}c*X9a88J*L(sjNd4uDd+eKPFJ0oUbGE1A*bL|
zp7GyNzDLQ18tQ)y&wHNxLa6(au%@7tXMZVY1(Xv53J*WPrmvo2!<Ud`+nvWKynX}k
zGM`a(>iAd_dt3Xln!21PY*_QdlY2e??9cnpdcLTnIN#>Y$piEP{TFyJjQtNw$Y-3z
z8Ll~{*N{Wss-Wa53Q9layu>TW$-RKg^y65$a5vJ33rl1r5*93`Pf%wM2>(EcWEUvb
zXIPNR>(7ZI*C?+4%1&tDLp+BI&wPmIZ3KnQP>T%`4#@kN6t#?XEBQ|4SiqHYorENY
z<RksaZS4N(3Fa<bMJ~XZr~j<||FfRQ$!#_U@q8A1ze9LlODpSu<g4HTV~^WF(G%Q-
zaX6v>^bgqMrKZLjA##GLNut74g}t%;F>1^}Owd%rboL8c+8M&b*8u_Ho(PZeqYmqw
zoTxplYU<1}Rfgu;RklvXRi1wKRRIz1Rber{Rr3;ps$!GFt9*mqvc^vuEYq4cOg3$%
zx=i0hQ#RYtK;{$VBuiNlCo{1&sh;EJlpD7wK^BuDlgSoFnWU~s%V^Sqv$yN#0cihA
z{s1xIO~&HJkDUTXJ3qKMgkX-1FYM_5+gN$i7x0!aL2wIeOdN?x)77CfYa;Cq(f8Mt
zbwe#!KiHLaK`a(7KZ@LvuXxVirhG$v|4uHO#7Z2Hbibkg69cIKLW+0%gw0<*#rn^m
zqVjWKGvk1Je|dm+m=jD|lzMpL6ff2a>me;;<E<Z_+;1cDe}C3z{bxRpPk69Y12}Sc
zFZuwze`N#oQtpXV&PdH%`w{Xsvu<+3Eff;;@+-gO95o?dAh+TR<dlDg+~QA>vGxpB
zE;)e3oTHp7`3wsG;F*t*rpO=E#Sj(vz#Jp5J(GI4ATU9J6N=jsPSp1!>ctl7;X<8_
z@SL5Xzy$d!>KsL{gItIW<ULhLa%cg0Kt9LzJCBgOemkbkn8CB@)%s!WPh}6<+@kJJ
ztbNG&J%qZgHFXT;xLL!@#_-~F`UtMxPE~F`&e>X1$H{CQ%w<vW5wZn~=Q|l$OxFyK
zoU2(-maTd8>_N?opPy~>XZ(k!ubg-x|Ba)ElkzMh{hI2pzxY+|YgKN#!Q^S$Hx)4e
z5g+I`pg-)K9jeA?j;#^Cx-xqN%}t#!hx0|vO<iDO><CvU&Zp3~q5bd{`-B(=8Ptcq
zM^7o<(D<zum^RG=G4r=$P41^CsJK<D_uulIr_NLFOC|Z9E2U2VYcW7N|K&D7$yQ>(
z*1M?u_yH=}8?x~;&<}WweLp|KbO%pN(RN^sz}%YLvf`Cu4}WBwkNV&0_ws;$#(w|N
z=h$=dkaC-j9e5rnOZxu|1LRoHt4Aj!L{}g)^BfAd)gY_#21ZYqjk(O5t<3uvp;6?>
zXMS}}K7}<{c^hsL8*U&^;6iD&WH+R*ID(}qJCGX77=nl&GMAWED^ebzHjXIe6~t{R
z*C^}+xybdtAufpf^)TV3wt@m56n=wzmDe*1-LLI$<eE}n*!QT=|CF$NEZua882<=s
z51)oo+YX#BxqI**-RuA6<KI8JTWR6aMBjuInL}udpXSCr<(g-%oOosJPFHWYG`|qP
zw3qFPci`MKF>|L`^X5<+rB<_K#Zo=-*rLtFN`_V@#e!?(9nRyKrDs8%x8)o|OXdS2
z80(O85QsVgNr)9AShGKuoDNHu9mBe!&uHV{rhZfJH&HeVq5caI`oFmbW$X<o6Dy^3
zQ?1m~e|a2$c>vBB-T38W6nu0ag_j;-H~qtq)oU@`K)-6szTI7ae8l+wV|n~fod1jk
zzBCu`vVHg~uIrndFmBwLF#x#@ATVI`ND9|Jy*fb_oQJG6=TWhz207clhnZa*+{u%%
zy5J-7uUjL9GnAqe%2-?KiK5NlFmIH@T+2cBVO=98e2iSyW*0D~lE3~IvS}l%S;v0N
zm4~r-!B!;GMp(#L;<NnXvs|MTSFFPT1s2rDfrhth@j&4}ywG=0-~rdVTE_bI%>~bJ
zKwyCAe<la=;{21SWDa1%)i2SwS!>w2%+dTSKAZnvUqjD$R&~a@^xx#gj7yENkEDH4
zP?4kDa39QUEVBQ}I6))E?6ov!KzF(&oR|v~XTQYn%Q#|-X79n$*b^a~Rkvc<`<x5>
zIqmwdQN|j<GJa3x@+}H^R%I7nKpN|Y;uAL@F0m3zR=$sQg_lsqzM?Xr`y&2FDG@OM
zDGvA}O1Axo%9HF3IeZrx$9}@LZ=PV)p%e6%X5SR=_ebUd#d_z-J=Xr+>qI}G=iMjw
z+l$&i;=!-%9`V?}<7fP2&7;C@96hQh)JG8mgzi(+DSdl&Msh4|CffgH`+q|Iz8_Jz
zvj+LJ1=bNWm*#zh%(9zU%K6D5)VCt;)f~t9%oUfh@9GRjtLb2M&K2f@8T(&#7^{n}
zL6*E7>5L()r4LcG>pK)|`Vv{hiS&#USh{E*UvC2zM3o^Ws)V&i_3Z)q?NnZSCJiy*
zMRoykp$-%3-<D&+v)%@Q1LQj-E(qSE6!IR)r4VVW_M?<M0Po+ukLDeEvDPg*>hJih
zUgg(3^XbK5uHNpI0|ty?-rwb=XM1{9y0V_WUiE+azZh5;ofa|t7A@an4AY#pfUP`t
zz&OERa`<^VvUb65DI$WFV;<{)QWx%I9={spn}`9MZcF-KPW_IKFU4%TC?q6r<^11W
ztZ^uSrFA&-JU;xKbCHpCnsY-14hRgO-V6QT{3GLlKcRwsL<O6_M}E~0DEsU&if{gm
zF8zifHZ@68{C{^J-*4mY>ytE$T%i4js&U@9-<~U9-_ZVV)&KrGdur)mU)hxT7!`8<
zin{TUBZThv<=U4u+#Rqe^&qnHKE?W@_fbYkTzLSoi}zr0))}lWyN-e##KoPzpoo&c
z{TGz){fW2lBD?Y?5>mG#tNa_*j}#zw!4|CG**{!uCYG%`&3M9hSWdrT5%)JW`y~6Z
zPmr&L_QLj?tg-l>&-*q1_8L~NJ4@T`5R&I_MN)J*QfMzMq#q%#OClC1{D-=Dg2FGT
zj}3}zLjQTa0Un4N=Q@!vfb*QW3K5u)lEfO2tB>*iFArhp;spa^!<T-)|DDg^fBkRV
zeB9z=lHyJe=r<Nt`ZCVp*2C!wmtM$)V{T(<Z{MJgDkLgObB2NW{KS-n|8jrz>f8*~
z;Uh;#vB7bS3971&mFk3a$WtBQm4wi_><tQ_{s*o^WbkT4u}>(5=TLSw>p6)5<&0-#
z=U+f{Oc6?jZ9q&YAsz_7pp3FQ=PdIW;lzR<#Lh3lT7D197#Aqp`je#pWz_$2<^s#N
zvo>Jow^&ww9$A-vf>+ua<^c_>F5LLIv7?8(gC_YvJp+~@DzO;O<P6X?GN@vX@ZDGC
zGf!E$#6)$Z8o3s_V1m{R=*+N?`klJ>7y-4Bx{U9Aj*5f#vHs*^3hSLtJi_`D50JO-
zHkOxvjHK23F@NbUELdKJ#I)UvtsX!o^}2Y=ZTbv9p>W5~C}O;{P+%qZYfae~C=fo@
zZq`xl5%NI3?z@Lv`WMS-BP6aqL7e#jNo$TFA?p~@N-kjC&RZxsAb6Z^A*<{v(uo^O
zmb{MzaT_^vwT!lc++KJVKNLQLuodd#K)u^_Jq<<F{a;H8uceUtRIG`Sr6|7m5PO*C
z^-o*D9F|_ytMd8%o$q7G(j`jn?(X~h^&LR|ZSsu_)rQs>bLJGZ;o;|>{i63~WoKJC
zH^|>!{Lb3RP07{6w`$DrS#Wj^hK9NYyu5v@O3K!EQ2ec>{cL;f88aShXiuqGwq})u
z;<{L^Y;CfIz2A|2gksK*4Smo+?_>neUBt703Bm)G^Ze($s*nsslebzHwiYqW0WVp+
zPty6a4PPL2X%*uEv<HOl(=QP5fKq-xOL?vr3x75$A0yOR7wy10=*S$TF4-s91X;{|
ztz2^wzRVSyxF%u6(a(|l<r6GAcoEIXf#&Sxc4X2t?bEYequ}bBg}`~G<RLi0dF0+m
zT9M{b|Nr>AZ->N2XzH6ARX1w#F1d`gIPZ>q9tj0lRrVpz{X5ut{t-5ve~iuN=>wm8
zf)Yx>hfk1uf^zH$eW1r!ckmH%4?Vy-axX1kUyX#dClI@=3Q4pV5|{6z97blrHI(lB
z0TufmqHNy-lvO=IDW!x`#A`)W4^g=95m(ClLLQ=+zY}qXrG;17(|wHCa1;rdN069H
zZikK6_!wgH!Mn)W{uMGyuh8!}iPY3Rn9sOnaxE@A^A{BU1aYBO{~PMQr1$fRsrMAt
z{s>77D?<M1d#nL^j1=|(7@L{i{<}Z3SK;+t7?U46l0Ea?hhc`6H!Ss{p*eX<bwE%^
z^_YnUm}y{Km9luzbAG;_v0+W=mNM1s!g5tRd!HI(W5?=6%T{O}y>?2;#?e_eWwON&
zX6BAH2@6s+*A?YW8KyoNwr-_xnakLkzF|%M|2sWrjqV$qJtAuOjAqSYPf#NKypj<_
z{ST4!e}$y~^Mw9~$@M=rJR7mp<0RIw<Q34zXM9SW_d*o$K%x5*25e#ck65s1#eQgL
zTcM}QaPkO~>s!N!GlGrC`>PLIa(?Gsp$$O)zk+$dk{b`ulbpm!i#eNeK`Q!_Kfu{*
zIea6^$WL&FvX`~ObMou|AFs;oxU@tAb9?LTX|r^z+c7WD<n891b<hzyhI8O6TZWW8
z)&lH5kM*B?g?%?4U^nBRJFXEI82?;Pj3_?!7<oq@Bb!)|b%4Tk-N6SaBrfFdzl)U{
zu3>)0LBuTEiFn!!iOct5RnbMp0lq=yVd4QFTXNtbO7=hE%ID)+^ge4VC<Rqd_#9jX
zE{N;<?_<r@TUeNP9to=tV?o9d;=&;$<{ZVU&DZ!h-xEu|K{j7AJ?BF#UP3I2uEYZ3
zaLPRT50r&MsNV~z>p~=*=bFrGLL~i<p#FyzA)7ItjjZ`xedG)|;|9HQIl#Z;J7hT1
z5byE(F?l@eiuL26tLcQqg{hk2y@bR@%0^F^UZcwxz0ceLnYgwreX+9ctm({=FK%sW
z>Q+5@lIdv^8>{F1gqWmwWjiO=L)z13!P?I5rm5o!q-Nd3`h(x0b-O;e_Vx9;TDtuo
z9_jFQ^QNqQ8UZ)QDE0?Mvq#W^^DJk<%FG8L0ZR}OoQ`>+wfY~Pg;@5A2>p+pmy0;o
zsIAUCLI0jP0ipjQ|1ZveN&i^~MEw_azap+xu;DADt~iJg#;lF)VqnYpkP8cru@3Md
zHn9$P(>D)M&hJObw@=`iwie#OA=rN8IC+ScVDj`ioGV^|J*Tddo8$wy`goN8^a{lQ
z#b?v-r)=j2<&fBLdsAzxw3#OQNA%4Mq4ZvBa^W{&47??}ldIj*Hv*x{@~~+A`^f#^
zGPYj+0sFpqjNP9<!In>-Fh@!qKKlqc?3c_wL?IsJ9C(Zzp~nXwqv+5*WNiHs3vy2)
za_M%&F5f}k)*V>1?iAMX`ufB7Q1QVNlpT4DQX#Z6iVr<O;Xz`75Z;yxpYJeV>j;I<
znYraA;|b>_TOo1H3B+d|$HKCYkhSY86zu;F*?jH{#u}Dp97W249Y}~Q!vfm)DU@Vl
zLNaF_2}y~dgq31`a0#*w{fLU&eE!Q{vUjWv@`~~_8}8Zvwfi&mrvJ=d-_zky(V8=+
zTV6IaGJDSEU$lCKvZJR*)i~C|+1NYgu2{V~N^7##QCIhnDl=1;>S=njp40vM`{xtr
zKmYA_+ptgn7%~4BWbM8LU45hH&i~mCwz4-l-_O|4l{JB}n5=2YIZdv}%*us{nGJ0M
z2kHEe3e7|`=hnwW@a&JE{*$XFHj*+gk1>HfEallyTKN_AUvBp+^uJU(|5^Xb*k3W@
zeubM@|H~fY@YqdQz5YA;qW5X5^33AdRdMVQD$nryarF_F?7N6}I76g;=k72ucPFRO
zVE6<t#`a?$!`j&!$?40c*8gAsS8i`TuuU}}BEZ1b(N^Z*;Z!+IU+1)z&SdHX`>0q~
z*@XY|I9+3S$WkyrZv$5EJBjj-zren)@1g3}W9+=nI{Hr@V-x$QD(F8HAEo{td5T<0
z&IeDCcbwNwJ)n)jbG_^wqSALFYQ+}F7H>jY&LL!NrT=i?du%@S5S1U&)?zH8nEPHt
zo1^H1N5lYu1GShSR$_*@R`S7P;>FKcw()b!&-xHaYfm9Q^CV)k8FSpiobcfvk++u|
zG4v-^<()&?QpPkQ*K-CM^*_7<alvKCKYkBIHy>kb%>%SxuegV&`@bBk`d|5c|LFUS
zOo%X08LA@bu#1md_43s#`@QHn;ufZOjMdbpU2h3X3m0+{nboY{x@By`$6o#V<GQ?<
zy^Ev&ppi4NwD@~$IPnw4PIaUY@Qi=0Xj7TefFXlx)YLR!XA{DHfLL<$kHLrMKE~~D
zS;JSlmHek;5$u<SD4zdv-(To|4&tc)aYFxD6DBYqj(sO7$=gs=@g?K@0t1BIUn});
z|HZ_CBG&)rv3_V?>OK@O-d(oq5z6VimeVF(e~90;V-Jvf_CD0LO)%5QfxT8MScfzU
zGmMQeX40g}z=XI-cW|%HhH1D5|BLqvH<YN(i;K3KX)se}@8MWw<!D{gcTj)ws=bXj
z$?ejvhYCzQeG$HL9ae5RNZqf-{?C8LksD9AKEW>f5L<`~Wf!TZXP;ml`zzLc_!Qa1
zh#X4cIr<dGYOrc=HIhn?BYN#_#ID|jxK+Do`|o9s{&8e&zs9rw8*D!F5F5@sM)`-2
zP)dKKgfYuP;!55z;tOLHB3_YuoIVAyqu|&>tln`8o~$2=U3L=jE6*dDyitpokIZ76
zF@Mju$lQ7rODis*;Nk-mu;*hlYrPGeJjtbJA^Ttato|GCxoG41f!1>zs(<Ub4;?$2
zZen3Ueor+dEJzCft;dSrIeWTpF|rM(5BLkV9Qy?`%p7p0`hu3?@4N$j!$oc2Fjda%
z7@&%&({#u=FoL~)iO4T3g`Zy>XC0c6D}X(K%>T*4vLF+-f1UnQ?<M`uM=WD}am-OA
z&fkQhvd@^?V|<!+zk~q_{g-Ng@1mHsf2G@gX561~r=2|i_dI02iu%vkRViayMZBJ|
z@diA?Gcin^GZJjl;2jiPefQ!0SF#3Jv7dkT`oV?cN}=;3G()07WL6H=xw=L(PHSjS
zB<CvoFBoT3;*4i~I~N2cFC!oOR^%T15SuQ4fdk*%!~5T`zmoMf+lUPtuRTHeWyTyo
zeo7srt#FBY{0W8EikOotqrH`T<_=cu{~Qa}e~9R;eTXJD#ID-ObAB&lk!O*A;1=VS
zj4v>TS$LXqinal9A&>FP%>6$=L(d&6w%tbV-tXZTwV81n<~SD}NBF{{Sg`6NEMe?%
z?f$P&&KS?enkVp2St{y0D*x;~`(Jv#(;pwJv)w0ZPuH|`aIE^R_kZ@vnL(bMGcaS;
zOzKye=5IY#{LbFlG2duT7<Qij871`TY+T7L78&u>(A@0&Y$u08JtKqa9z8hUWcUcm
zFlbKHU=MR7937ol&#KP(1YVe~V?vIgg;M-KDlC(6fYrnT#sfr5fD%Pqhz=KdLH2pc
z3K1W}SWm(x<d;;}vjgt%_8qD3r;If}W!rv28FN|XJp0!(hgHt}RoSjzu&#pq;sqZw
z&UBER#2d*Ky9$k)wqxyeG<^VD$#3~1{9M1cKmV)0&)-z4=@sZ>Z!+65O?#GZm9eEM
zTC`zYf!vOb-X<<|?u8k4?(j=V$HLN`$T|2CHeUQ1RbM^C-dj(xgFTm<*>|!2`cssC
z`V>qTqVOuQ;R>;VB4Gn<iJ~iv7hI+<apG$%-hL6Wx%&~bb|3j4_hDh-DP&dMLg~o|
zNGrPlBfEKgo$s-F!$la)OoGO6drTPZjL?|P2x0$Y#!lvktNDDlpQ7UXCrBn<nOK^C
z`oH=a{2A~2{N+=1`rl{p2+f(smZyK~dG{Ww(&(wuhxNBb=?9J+Q2njPir)p!3$gFQ
zdAmE$G6r|(E<#v?(X@G6yxX!HTD9-Tne1)I$El2gg9ov;Uzc->O*#LsJ^O*Z$$K;k
zh9;J*XVZkMV;JVl_GdiM1*V4fFqt)*Tq0I5(zAvMYlkgOo!Lh;7tZ7p@^XnmfNvUP
z#DaX*s+KSwP*Bc#_TuYUk#U9`Lnm1aa}61}A0cT8>)JEVGM0G|vV=W|q|W<zuO#lw
zV?DALdyuTjEA*Dsv(#C+JCZV%IOcCFn<)ObpZ-REQ1SY&+Rx_qclPuR3($3Pcab@I
zyH-v&o_ShZPY2CfwIn9IBjG|9a<f=^1|cjh6N@W$GM0E2m7m<gp4$(>QXy<1Hf&@s
z_D1$)RemAw%_{rsDf#<>B1$2pm^FOmv?=mFx`RdAE+RT}58_wv!Sc-?qxAGIFw_fy
zmGKhjX?bA$s5wYpvI9oCbKx&rje=_0AbgGWv`tpMe*&Y%j=`(8kAL<1IeYnJ5Am7-
zkzvZyW*NXIFvPz8dswk{wQ6u!sPD8Hy0RGtdWFN()p7o_OT+6w=4H3fe|br1%tVcv
z#PnipJN2W)-92oyDO_34>%x4x;0kX-{_2TZli8<iM*cD@&f=SZNfWim3t-M3p?;XA
zZODFLeRSeX5z!COg#1D+TQtRcty-XM8*=?oTD59UE|R9`z*%A=n5&yM*$6fko(KzB
zg+kV;<`iE=jI074?wt8y7tQ$zQRF^ZOD>|-oc(D?J{8vVO!wrRK^5XrcjgFtqbKJe
z_3qaX{RWAdf<w@YJck{+_TcxKTpJqWS!biUaZ$#yQ7`-7UtgE+!1lv?RQ0V)G`;+M
zWahTk+1j(FAD^Z-om`A9IB%Y~KtH0h%21ejk(+usIYKM<A?t&WQU1wo?E3m4c2id+
zY+$dp;A&ua2W6DfFF+i4iZWtBDbMvvfeY6j5C={md~pd}1DUhY@uDpm51lCv?0-!`
z!TIk%8YoHs^Uq&L)0S;fys<>W^Vgr(KmOqr;GL~K!|=1M`}QiW&dOAss;gVord=oK
z8q9?CoY@#SbO@B%yoXWaN7Y0nMP#qcUaNHO+J{{~xq0D*esT1Cnf=IdqidRS&R5aa
z^C)@$2gYblpjUqla&CH}Lx*nU7f~VCj}AGF?KrpCk!P<xYY(TB$6ywwOq{{9-JTpL
zW2oPZLA7f|9--Fg*10W|yRc8PEBQ&fk*`F#J-O~Xp;z}#=-R0rI<_Yd(R=MMNmCC|
z5vx&DdKpoyA+xd!;jEA@(9yL<cu+3F7!y`i)gtFffARzOh5Fd>V4W|9jU{*JxQQ62
zr31}r`p}+b1YJ`b%rtYtEK6tTnY&;-e`jK4{?pby+v{wo*WaOkeFrLbY*3{SVPIix
zA)D=NUpZM<`?SUsP3mNGIWEwT=*~K9Gmk(7r)6MK#V)Kn@)0UI$746`g>7HUZG}qF
z!%Zw;D*`qNzk>F|W)XMz@(H%yATE5)dZdrOL&kw?DF5Oi*3-^lyEry}aTjm5XiuKm
zIJ<xSUH||4$c%!O$~*RN)pugd&M!1<z1GyJHQGAb)j{Dwn&Q8{cH`<B4z3Q_R`zBY
zb3@z?_aRTgc&!OF{$c*U^>^j`XQz}5OlH~}ni*8T+oB!)_!&?iVL+a3TU0Q%o6UZa
zxlxsvq)m>GNyfCXb)c(ffXdB#uyOM~EM1y|z@T}Y71jl|)HM%BKh6j3j`!NMB3`sb
zN7l3`cjJsu&I#?&Z6JCptD>j!2=wkg0)2XrkC-z*d-Wd3`9oc3Gjzse)-bJDQHA*l
z>p5>^A$iBs$R||68i%cjPpHJwRp&5qk|XDq4aA7iV_@pI41Nj6U>kTGj)5mJH|ad=
z!j3>^_5x_=^E`=8$AICJFlmM@)J9K&Z<xQV{{R2__J6hmWji;G@(m4Sc-~EB?ck6*
zeB9V7)|;V4tJcJYri?o_m+S>|`Vk>ZXfLo9YYpo)i!OXk{eOtf#DEO~6DSqJULYQ9
z;94&1exChoAEW-0@9Epe7(8B^=bGLB+0XBj&pxU<w=?sX*Xgl$p#QN6)b0F|yzccs
z&DaIeRi%}M%Ho=xt9jMX5#2cZ=UvwLSXU>eCfNG~dGov<QLWUbJ9KCI!rLQ<=PbE;
z{Wn8THxQ<_zF4>A6V{ub;M~z<`e|<DFd4@geIu}F=~A4(@G-XT+{ZbfGvMYD0(%>8
zcym@ykDfiyg|+R?nstYIKN&OzuEOMDdC*oX!gRF_Fq*a(F>!}sroSIE)%IaZ|M#J;
z>W9I7`=Ncij@0=@j0u(_Z0-sqChx=Al3Q3t4uP13d$E#rNm`R#$&WS|Q?)!{HEloi
z#$18rq+2l6xB)lU8wgo-2@A?ULB)kHu=CRAIQU65{9_hj;xyJNO`H6iF_ZfH_xkp~
zzXO%Kwkn54M;JIdJIa_>uGH3@dRjwkBDvp)3G^f0Vx42V9s@CR4!LCKFGpPARxI0h
z3V9c9U@PN}n}xk_n=uCJKikJ?KRkq2L>&7$T#NtxclE#hmmhul;RNv?WacdK-L$KC
zsN%mdvM{TTh>i$T+<(!Uv{<G*Wd{38)H`!dKojzDz0LS<Q%srej)2gOjKv>9LR=M+
z(~e`wa@K349AWIA{1L3%kB#0!4&W3R&ai?0Ok3LeHkhC>ne+RGVCobDL`N+}+M;~e
zS$i;^7etI00p+e;>Ff7_#(-js>$MY_{XT%6>O~ljxCZ0VpJUsWZ?I|m51jkJxgbtg
z;c9q+Ho<U=95xuUrq4!181n@|<Q80fnDfNh$Fk!`tlRiA5*A-1*UCilEDdJNU=4J}
zZN`*-mtdfN9iEmylB4K5*1bGL!Sx3?@!%o${rC`99zDc?>$fn~)B|c`ClOE9D8Fcr
zUSIp~@4%YeT-DIX2zyg=(<CEvQ`!m!KfKqW1Mz^l2-YnKT<AVv1m=XqA%U2Xef$dT
z1lBX3xQe)CYhdr<RQ2C~m#^k4T>9di#4nPV8ntxCfsHf7yWDeNU(W$Uhho#N%HQ>C
zjV)(ZYU}jlY|rMLz0;SRyX?tWc7Z)z=h@qJ3E72LFpsr*Cg$F(7s!XV?^*<ftfh}1
zPF)Lxrp65NfQ2#EZUtYDC<OS#!-qLSKlc7PyOI~&&I=wcflyZ;N1MMJ`40zTw8~P9
z@3jXuvyQ=J!g&}Cy9P7$8?ZOKg-ciNu?FZHM0tIV$*QMlU!;;FQOqYFgaE%3M1-az
zhWu~~$z8FmfaibeY4R)ipc`$AL4yWyhL$~ab&6>}T!!wDYFKE0%@`qT7cTvRT{Vw!
z>fS@VfA0~lJbsANKRtr(>`3TZc)>Hs%l_5;g#T~8tKA3RS2nkstvNTqPv+?AR6Nso
z*6GR9r!bfME;;I3KxM=P)(g#NO?m-)C3R*07kBBS>t}n5|9kbi<p!Dg%c}PumB+DM
zJ>4~(T%GZ+>`7Q+=$a;+KdUumHdd~^NIpK!?xd4d&e@%7b1#w4Bbs&r=K>ImMSba8
zZ#71fCN1f2GoCixp7V&E$@w*pGYsayjdcPpvxDGZ<43#S2iD{THaD`z%;|>c+J!Os
z9$hhX;8;u^mjI1E`!Gr62xbjC55r+sVKwG+&UquZP4*p}`}k-0Sl@tp&!ez0%Hhnv
zA@m=5kxPuRBvUu$5&fXAYe!C@$>`i=AX+n?-(N*V^8bennS?3hmOy9VWy~0S4MwAH
zA}o}A8HawsrH4;&{HKSw`sfj=Dd*Wo?hvvJ=B_a?v@u)yuk6?B$NarJkW-$o8XOyG
zKS5VpW?*4bW$Qc#(evXp|K4}?_q_V~PtQpGxzULc+3U9#)Y(9@=h#jO2=V`2{r3$G
zmi6f053`+<SX+Mw>-YYGja96vqwX(Rd<b*h65!=H50+*g7{U79&YgNQ9&gAPyekF_
z91ZPhrf_zQfGzny9qs*LYvBWZ`qLU?rZ67g4@!&!w{O>)al8)XMC`&mL3fN8WQ<vw
zE1=b9543t7gPrafxEWo7k?K`gP*<G|YjE+CpRsbqEm&(@$M}%}<WlU(`6YuH6YPWD
zefppq?T9X2y6`!b(Wg&uN%se;^yRD|71kwmAU3c^amdHi|En+>`2_;~?;@8yET7Q!
z|K#x#eE#GKs=0nl{SQpegE{AzO_(~VZvXzCPxJMwzTSa9z5|(sE44D#EjyX8C_;Ab
z`U$C?eZ}fkIyUw;lKx-#^t{s6{hRvMf96e9+mwi%l}%c7LQKkLY}|JrTMj(H#=Ydx
z%Dc*$zUk=NU4^_|F7R>Uj33VRbG9efzjF+Hy;E7gw~YDzS>*b*<JlidOwh&1;bS>Z
zpe1$wUFv)*xz2a%$T?_o>Bc-?pT0dYO4Se(hecshpY_mId0)Z+lhGex7WLJ9^d+oF
zVIOercQ}5c20FuzLPgn}9D~i6KUAZS(w_5xhmk*7%q&#l?6SV}3si_TeL4T2zck-$
z{6u4n8N3S92AszX+5m=XpTo<c2K%o3f{%WDgir22#(vh0Uw-@;mwveq*~)VA25?@o
zt@Zu-d-VGD>m7L2ci`lOgR1_Kp7sf;GIBqLXrB4xNGtK44;??$eZb&>NJ~%l%__>Q
z%Lyp{A4hkm)5<F9SVg|QjqLy2bl@J=7F<C@NFID$7jWKW9L9~C%(zQa%$#8kYjZbP
z7|(^fORU7@6B)jeIXuoK89W@#TD0QqJ~6*f%<gK=oPBe&VJ%PR_MK@5XhC<XKJ;c7
zN^|U0sIUF|55x2+oZ;Lv8xy*2goV}#%vAjlR+Bz~-ay73Vz0u_`YO(!{RKKB4q<?@
zE&Y!s%<&JVt>1-x|6*R6KkEzwI2Sn%Da#IXHryHLoA~kd+hK-5AVv+0#?=0&pf`xI
z#o?d9&9VlUZr#Uz#sK$nPT2k*9^mB9_i?7?CoC=4i9w^ZF?_tn@7ha>{d>K>-ho$P
z2lgD^s233*P;Kin8y{Ud_3rwe1rx>l+P-H~zrl=|C#KC$Yxq9rc(}MVdrz61GMC6F
z#rkY=>cvEF!d#c-n8TVn^^rO-o^C_lz5x2|Ce-uptet%eqt&OehliY!p_zzGD3WG%
zin)Oux^+Tl+V+j!Zp4{G129Y122S>Y@Nt_*dm)4~!otZ390J{G20XL-&_^Fe4A8)s
z-U*o0y9Bd!_F-a=DmcwL3!VN)nFlxlR|E1>dR~XQ)+r3=VMXrnci3ChhjGC1n8SF4
zn|C^M5qroHx`({B-yn-Uz^Q9bqg~rx&@q_H+CLqPACyHO;DBUPIL*3^!>lVUJaCsa
z>_6fCTld)K_7k?Smdq<U3*GvS!N5`DvGeH8*R_BRzc8=wzp^`U@WWkx7WT6+$HlHj
zyve+>44GJMoy@DO?JaAp9jt$)|7Nz<)!y@SP;vADvWq@NcwjdC$&2ITvKTH_G3eK8
zm^6cLFnjqN?L6Va+`XZJJ!cmNA|NOeiRq^ix^Ray8>A8E_VwvIka0j0IN1e~>t`YR
ze3wd`Uw&Tm;pZ7o-rt4r^NEG6wHqJX8$*W<N0WDzFlnqaxr#!e-fKQ)jwyoPgnZbW
zlwnlwR1EDEhQU2NF{Gz6I(HbvnB&`=i#C9E|1c~fhj6gqf?9ZhJRrxZ|F_A9{~cBo
zegQpGf2eC1V8nO>^dC9}eFkb{z%WCM8s~~hI&Sa?TY%8CJcKXJN93v!EJ!b5?`jDG
zS8s&b+(<+&{J$AT65pBEKd=4{Y}>a%>Eh?-x`}uC;k6GYoU1;eG+3=C2C4S1TAGoh
zrZs((W<a=ynT4%!CFhHz8CmF`ZunnmO`nRG?1LyIKWuzh86tf%5#+v%zP>-~OoE|5
z#g;Pxn@alKp?w$3Ag8aBQxs=;=aDD&Q=~ITZ{ZY4jCc!U=_AaXVF^PcN6r9GL>PJg
z!h%<@w{I15bQ$dL&t#wPTIzo^g8b&8Z(kMm28=~tl>wMIc^cz)0~jypgqGwkYSyeh
z;|Fc<F6RlfZrK_gJ9K1^Kuf&S<Q+6-T|(RU+As(4E>f24m2CdJikqBy!M*_UhGlVf
z$g1KSnC+6n_buiaHb?9Cx}iz)c4(&5K`t#iKz$15ka_vQ(%lQzo^#>g=?_aMA2`RP
zVk&Ew3pbUhHr%h*_h0Y8tFi;D)-6sd*_3A@-p}!m59(a|@@$uWgStUedwf+`lz%`}
zyuYTIm0opNw7>F-tc3>s2lhc>**fL=?|&w1dIJ}iq2Pm`8T&g(n?DwFETS;5|7fVI
z(O;ipiuUchO8WoLHyg9R${a5K>#?TvORU}YEqUUONP5_$NmHr!Pe;cF{=UoD_v2K{
z@taPLKcV}a+a6y=Zm0d6O}-Y<(V46#oW(xD0n80L!`Z_RQ>N)*Fztc9?8{N^(HmX5
zb!S|^8+E-M8c8z*YG)7sLq2=#P39hhh$$KD?_F1Z6M6Jq){);jm-9hV*%R18sY~sQ
zGR`yS%n?n_Aaw9r0SBK{n6anOm~{#hXD}XNZ3Tw_&Q6XDfoF*C(;@03s+d!nUw@xo
z-+sLVuhI@=<SkbXj}5F=yr*;3$46iN@@z|?{}Z&-tE^@lWhbW0%Qmyt&sID}OM60%
zzL}m(abK*n-R8);lcz8L;1^i`;m?T8IE7hrlF*@xDr0!!+-J{5-!ZhMgJJJchM=TN
z$R)RYDS6jQs;*+d;4xCIU~8oo)MfhQ<Hm8mZ#*=$^bi`zv!5K_GID&zlh<c?=3!)%
zbN)=}B`nLVg6CX5r-LIjG_*0xz>;&y-N_T?!slzo^IwTGQwO1Yx1ROpjw)sj{*yHy
zZ8*z39Cpk%6mR(o*=!;!*m_6O|9s{y=f$sQua7zZwsvkQV-tdtc%a&3%(4o?BGxjv
zhL)nSQcJ8ZUZYumPhQ`Cy#uf64t#Rs;v2gTZMN|b^|&1n>S?cdpI2{v)cDgI=UNU{
z>jpE6S=DxqW?w`^`BUeT>TFn7uQ{ACs6kHnn7V5vyDOB~yLnq($BaDkpW{$9xt+<;
z8lQC;{>jG>nsNeRiRTc$<a4Yb*IwC&56CxtkGwjUIX8S7_3&+U?bw#}LY(WVqX~0M
zbDsS+tob!Wpf7WS<n@RN%|ZgXywdZ}A%nd2YbrRiw)`So-2>3OXCGKu+aVwz9M+bO
zFqmb{8bNQ?8TmnblAbh6NSZlZtG}JuBc#+y8L<oZa5nfMxOk<ae8;zv-WP8DL7Hn-
zNRFTdX;oOB#d<-`3Ycl)%|7GCk`3ePn+~_YWf(ER6kfrr@NVlCoR^WIso2NY>+2nO
zm3Kh4AVPE1n&k8PraCoOK0DL0{(Ig2ep&0`>fNEi8NoU;Cct)%ah-i29v2+xtE@I^
z5c#^NRD1b5C@KEdC){7N&p;K{P->C~?l2C1{($^%<ZIvzy`tkkVg0##*!2nP<gebt
z-cRmgaqf0>?9!KU_{LBj+=I2hGuY2Rmh-+%86ULc%yM1Kw(`NSVH4pxCxX6zCgM5E
zHJ$viYb&o)|EtN%^C@S0ZGewgFcQdNEsIEFE&oEs2NU7t9>F@|>C)T~F>h4N9slPW
zZ^3R(ED{;#7jy3NI1e~I_bTVy9U<S>_ndM0HHx;~;q}|(`nrqNB$mjo{1!{I$TPL+
z8wAHxK$E^nSLHrP%s56qxwCK$TE^agC3psVYAW{P_4;}TUgaI|3w4&+*c-yt+qTZG
zSG?cCigauBaot&4+X6j%wug_u{jVNl?_!nRtw$Tiz=xh*uslIo@wam${ABNtv-{0P
zO`v1rj>P;e$ot?DN={d!<mhE&Z#j<m<vAEVaVq2QP3V_5hpz50&iT}UzTsr@aM-Z+
zSC417F+4q7$tUUvS@ddXvHm7-ZVLImbC8_8g?{=a<gEV;Ys;@=UCBq}_*%i)A4_N_
zEJ7sp-`gXS{l%OYDs-MAZ1yf)24Q~UHfaWU{DM84ae0Z{-!+WSeM|oD8|3+_A^+!h
zC}yuvK4Sm{JML0`=FBSg1d#)*c=s>J=B%6SJ$K*}y#|_k_E=VS8H+e8w{f#paPf0B
zQ0&9&_4N+C$~zD#n_DIHcV0q(ef{^jHgBoH`YqYsV>P-nj^2W`xvk+J>LjcG7;$_4
zVwsYG>GYaTU0Y+)w25$Vx6O`O6s~{b@)5n_?M2r#v^99{iZl105;u>?=`~`$O~l&X
zYTStZ`YoY7wIBI2)nQ?w#hxB>)(6@`f0hopmmM+JoAbZtSTiqg3s+|uVq?-_V&se{
z@_fe92ACJQ7K>NxKrZe7b>)|_WZ5=eUxLWMBv_a@pmm!Lb-Mr0e>Q@tc`&l_uaNs!
zaQ%Icw3R1NxaC_EbM{Oz>yk^hayGyY>i%Z(fsseLh_-(|xjyrEa&Fb0d*qM4hl1T)
zS<{#&IPS@HAGLHV%-Ex_F!wm#Azw_)vbdwCzC5k;@$Kq2%63<1Hr%t<_h0Y8tFi;;
z);d)kI<>%(jOTOHsVidB_8;A%sXnGN?d~?@$!LMNg(0#Ry>CZv8`S}-y=&UGZ^0V5
zrsV5-i}PgOL35>MoYnh$yiCmVZPBbLhO3fyLz6YYreopYFd5$NhH!K-W4*sQ<M(Df
z^XHJ4$%Y)8zV!cRu|B{Gk)ewa7q^`Dfdj(Bvk=X`!30?je0@U63+@ef?`VYZ+&9#>
zL9?bxeC<Z^JOeqw+P3SB=-AEVC8Um1_XX!~8RL7|WuH^;sr#IDTS^Ql+9u|LeM%pI
zamAveSW|ofIh+Yxu<Iw}Qt$IQ%Pw#4edKdymEfGurxYK22%mZB=%_ppEy;b9zcnAb
zj_rn%KY0oIX+UH0RNoiv+v{tuci`{df$6ixR&}6mA3d`}Q}JGooZdNV#hR2Imp(iB
z#;CEqFkxaxbm^!B7awbx;xP@^loc_m7PAe`w`|=MEy%ssgtKNv-LA-&OTzQNw{lxz
zNmoprI)MCLL&?>t0RugC*jnkp#l;kX0i5Fz<^mTdYea_mKo%1Mo7v`!%gw`79nKc9
zoP&Yn0kN|Uge-I&V#w>AAS0h|av}T!7C}>UCc1R)#xuV)dkCAz^`Cg7p=E*9+4MbV
z<I8nl=s$(}FV6ka?cXux$C-fC{W8kB{4``_yK;uzX)Is2nsaJ)(f(&FaF@`1&bWG?
zz2Q9f3psZp|AWVziSq=@ci+a4Q4^$I0wYT^7@Iqh1K9?82F@5adE!g=t>HetzW;g$
z{*xUza_-RRKl1l8^v6}TYu^kz_LXQV{%-$?&FB2WT&u)=OWT>$y{@d6X@)tjmbv2E
z>5q@}JALW!km?)fdhR|@;d|!Fekt~M{j1Ymj~rirJS5Bxy;VAp_vcN<*2&-b?pw6|
z-@vHhtoNb5>yZ=0)j<p6#}9;!tuFa9^x^Jih44rZ^7`5m1H9ntPmU0OH>9szz!?mt
zh>vBBkiS1>>KkIrm}#{C)5+(bi=_GGtl2w&jJ!{fLr(vts}I62WCiPgO!)fm!OSuk
zIV6HCq^&Q_`{3DMCeD7v+z;CPl{;=Cr|^AA{|h*4u3-Ic@&RU{eAjgp@2JMg?078C
zt3V!Yfbs)BBC}!#XHe9jn7Uuc**1AcpCYyLGE(!mlbfzJdzUq9OlP|@CNc%K&OVsG
zc>e2nfcWCP{`s%(K-sn;qd)Q@c1{LW?K?C_ShP>wcQk!n5;+fp_lf73p|5#dds<fv
z9N32b{n*nVUOd>d`sRf<J~+L1Ue)2PT9-aOX20WL@x_!CVVB*!%xg3z4aVSM-O#sx
zM|AJmn*Kmz*7G!yVgM7z^{350i1GZ<JgbKyV6HJ|&>F$YN*^&HF688PKuoMZTwQDs
z73q(~X^EI^ZH9H3OEE7h3{msKhzr3OH-0)ff969LnT_};&h$y(Ot)0V064Fwi1qpf
zBycO_9KSr~28%X|d4Gy|U-DT$3jHr5CX{dc2Ko7AoDsT}as4l`GCv0^*QJyDpK(gg
ziYOvZ<ZopSa5>|J`)-gYIE+4l3`<HlPy9Gzft)i_aN;R>=5JzYDSM8mOsUztb7u!-
zl>wFBzFw6+!Je;e|3C7DeErz}Xb0AntzG^{o*+6QpsG{n=5U{DTUW~;n;b+AY~#h^
zc^uuXDkqHZKzqF#ZSP*#d9YMBJ!e7Ew%sKjd*0vVw_<gQ|H(7^mDX>~HqS1KukrBH
zX1x%3c={`$L#HO>WPFSKYr+TkCwuF9@p;r3!ym?)9zEFFao#rVi<Bfk`upVf@wSDR
z*K7m?dmt>#mwvqqmMu=iTt9Ej3lBl^!X(ZO_k->XBLs;)Vb%dfvkovmnzJdBD#;~u
zmHN)u9pm^V)ca!IE@56z@cTc90rUfe?pIK+^NQ9ZYfTnPI0tIg>JpS6Jw-czJ7a(6
z=p*oNX)hGf|Igj<C1=~;MfvWt%r$(3<vR{zX-O$6#C)j_fz4O$WB#gjn5wHI*-bM|
zjH==nC8++9&*JrCU+=(wx&t|7YjN=SK8d&IUwJM^4?|hc-bygGoPJh3{^mCq-_SSL
zJ`^_3f2+9fALJ?<J+cGq^t+M=qZM-i&aqc-e)vv=%tz+sH|M^sqcOR%$J4IYJQ*qT
zcwlNdfqMTA+O&C#v3=Inw{48K-<9kCSoOZp7(19TzA2b(GZ_}<QxO&Iz}%i5f`jI8
zmX{+O<}mihxPMTfCl;oX>&w>@v2jtDpBxWQZ!g9KWPB|nj33LHTjoCG>srYeKml!l
za%3<EU&PtI#ngRC|HYhNh3?l|%UI7_PTkMWEy3!wt5LCwGeH^mUz52J1$&7hyDxJV
z&=<9{!G0hH{D^$kDwT+tfLoXY-2D*icHH3nzgx)MbAdDCImhaY`|yiS;w*Iiv@_Q)
zH?nrJuMzwA`seiy{FOVfC?ln2b>8wiTmJW6J2pAQpl`oc=%dmZ`Ri8=7LWG~u&c7N
zH<r$^`6&^qYQx%N;<)y#q3MM26NVr<&c{PM?$F7tUA_EmEBg=az<#*4P#Mw&Dg%|+
zhu4z)9!)u?r;!u`c<U{Zd;cd?hq1QDY&2(Y48t5-9fbN@KwnRbKED;ubt`fMI$#cC
z{(gQQh@T(L+CMXLfhJ?=ibZg8b3tH8AcBGd$q!@)o$2}*r!f<gw5;eyq#-G;7%MYQ
zQ2)ibPyH7*fTaJ7=hxGHxgBsD=^44m%iqMf-)$-8SH?JC1u>wEJqRK%P|DiBa<Nk9
zOE?Qq=)S;#B1*w_<^oSX!J4z2N5y$_dFP+tz}F90_wNX|x!yAGpdbT_IX0DIk6!=0
z-hsbz2i*OgsuGvU>TLPnd+md#_9#u6u8vNfS|TFWJ6k;7$<s2;+-6p_;%^O%wX3zY
zI$`+G))=VLl018@Fx%0fYHe|{!SyeXzOkz+FLTl2;HQQrW67Vzd0pL`Vfd)toQK_#
zb@z=})B6VAp#E!3=m%}BVQ{vaL=I2J6{n15O}`!cdF|lgWr?};|NZ@)k&wiG-q{vd
zOx<6&XaSs^|6hCG0awM9{ZAr-^hba6NAJD&M{m-5?@a|k6cJILV2uTPSL{7eV~M7r
z(HL7K8cRAR{<2ASvmx0eyV+eg=l{I}51xp|l>Pm8e;GcX$D5fm_s-0jckVs+l<z46
z*6%`K{?35zP)>Ew10s;$S6P8$l4BST+7J`89Qym?<bPlsICSg_TDNgO?MDsCgUs#^
z-`_wTP-Yu|yrcH-0j>rplYP_#$2KSXkbhPabRXn@&#}MK-ZxRZ7V^L2ZHxi$-ly08
z_;=D3*`s#x#N_c=S%>FzEh>@nkN@U5@V~`@Y3-9bN@}u)WcNv~TT@qbQDmWpdK<p|
zufKUpt7GxhNdaPadgIzD0c$_2bILS7A0dSV>XEyPfNU((QCmX;F#)QSUx+n)N&K}9
z8ztZE+Od#Ut!Sf?l0?k?<A9qf56lb&Qc@bovk3`wpqykM;CZ<sHYbdl>QbqybUb7|
ziPHgUYKy3=Yc6zxXvFa>rg;nIP%Cf-SFBo!Jf2e6{u+T1&_pGr)f5$#La9j&R9HHj
z7S4N-vNI;bXLoB*_h;*Vruz?k4&a;n9QzVAKQGg>$3EtK{mce1{E^E4fZPwu{-FG`
zdcaH%H~}5t`1i2;!S8nybtobKdr@2J#K&L3&WRX_HOotK$_DTfo`m=OIXnk`OAc(@
zx6IAe+l*!}oSpcj{Z4PMYp`?BMvSi-Ti;9eJ-^0-<^9i)OdMKAq-93;1_c_D8|2^3
zMV*`-R8dn)4fXU?NK1>Y_m#2MS490S1>oq7BYh#h_2hxoC6BsXO#gqHB13FYx6hd}
zQbQpBp;U!&qOv#vx<EGK`x8kryN*graxv$3Qhj|5wX{s3g^N0=rna2cty@hqXSGm$
zBV@jq;f2(|j+g<Qz%<&h_A=}Vt+eal9|moH!}32M_mKZ%kaac=oPd50oBko}vt!K0
zH}Dzo4GhRVoA;$3CjZb0upZ##|2Xm#VFTC$Jj30nRlN&iz`l=xb9AGR)HHQz!J6fL
zb<-OgM)H2ftQn&Esgt{+;$nMJGBUf9Qj@u{b>w;cKF@()%YpKVS$*mG<NIy{zvD^z
zI&=AiQFxROurGCx)9&6stD{zskstMOYF0G29$<ZJ-nG;Oc>?|3o~)LhDp^}9K^IUV
zZx2;+cUA@Nz6!9s6iH1DYkn1ZPVd*y7z=z2)Z<iQaX?RD%rK$MBtO*j@}SI=5ai{>
zAwEBYGBYA+T2mo4HdP~krv&x*nqc#5qxLy7q2IUC+I1^o8<<QTb33SY=1i;=rjVOQ
zAT>00(eW2p-p}*YhFHLTM-a!y+589R`=NP%P}X7hJAltX9MDMlXXC)|7{ILsr20Q(
zf4@}zG5_yB0UO|H;C;OV-`_3Nr@nU|^`&l*9_o?RHa6Un^8DPLD}wsg=8}}`yi?xJ
zlPT8w5EX{qq(H}N#4#lGO3&lJc@F%R99XhuR;#VEHq|wkJ+U32W>V3M!D9IBtp!wE
zm2#?m!9+=1axm>UxKbp&x8m~gf{fhg9(Ilie1<~3ab#((L@tiX<l(A>k1}vR#sNQD
z0T>_h!0H@B+FJ6E{{j1-pQjl`hPeRiGmx^<SYCeubbxqjs7Z(4FPGZds;Cuyzu9e5
zY2Lh9v<ZIyRnYw_t17VmUqlNQ&ZU}3lgQmWn3i>&rV}UcQp@yZR9rlp)@`~vB>SB1
zk8xl??}uD7`yZR@2j!ppe&qZ=xDH^p0PZ6*_Ydm-O#b(rz#8B!`2KFQ`f;cgkD9a!
z3aXTrnfqm!IK8L3cGe$bLZ?ua!y?LXdx^5VZc~Qe9m<G!i7fTpDZsN8bpa=rNO{YD
z^BnlCIPg~A1wnr4_<o;28`L(RHKfBouKz_V+ao=Fj43kO66*i~aIjhq&+4oNc7N)S
z4j^qmy`!!qDn77JUr!lzbd^Y`uLw+T`1|lNGEyKjvvK$yi}e6>e`WcBIAGZSoE%Um
zIL4dO5Cd486G9Uz#?!R=R7y$=r73j<G_|>snx{{s>Kf<(9l*<zv{C204qAjYz??a=
zp$oLbU)V}D<(;&D$8F#P6jS4r)wC3tUHcAyj`?5e^Os%s%g8?`^N?@&|GDu%x<54U
zKRo|4TOelx<Yb@u0S4y(eJ2q6^ZF04{h_Axr$181?qlSsJ()bUs>og=jm$Ko$V5ww
zPbleYxskC>2)UV0CO?Oj6z=c_MY>+1f{Jop2ax`#`0wA81IyNR%y#k6q1dFr{+$Om
zJyASBZgEmiOsq8p2O9$~OPjXuNBzz67@EJdNi4m&n|I$(x&FbKq?>(b1dCQquWD>5
zz3v}k1za5k5<%{bjbH=NAItgvw6w;MreG|m|FaxGBO^`9Oz?yaz=>*0!hxGFrreAm
zszv-Si~p&uMhwv83aY9prp~!DF!wJ3jz>MMTDO8WZov9~W-}EQ!dFn$Mf-R40+%42
zrnPj_9N>WM-1{LH>$mU7@Y<i*{~qxDNp%2D{-xu<;5Qosxcq>D^#RKdWS;^1|DX+!
zTl){J|MwmLD{=z<O8eitPlr%Px_RwRvRBQaNS!W<(bz<BT3aaIcq93k*3o#YGZb%i
zi()L_qiBa)6lC`bY80L%9~bC4bDwN{mhzwf<~i`B9LOz6?h6jlr`SaA-VNIp{G=^l
z-_dQ(Az^O)X{k08=r4p%P@U?Vv#D`rUjN=Bi?~`q?Aq^tdP(8>`={GpyVQN^_{%Hr
zZQDDQ@=N@Hy*&;!_!N*UtN@*0ENN<v;p_qGhyiBuudlB{VIg*?x#v%*aqd(I8{mYJ
zX!rx%X<}_ARg|Y8)<1=wSu_o~d==C>dm3%tvYN94%$wKFjRB>_EH}7@-gxzM*a#QW
z48#CSI(E~d1;=Rr;ZM0W0A~Y$&d*|hM#lee`%>M1P!HhZfpLsGpM4L~_duUu{y?b@
zaG$LF!w0zI$al2w)_tu1|4EY<tf9P|64Dbm^+y;jra1NIC{}eBg`006J7GPgx%N<i
zeLDpNB=qIv<#xx6kMFUz_Ceg$&-2wh>AUC8<2lgWK1uB5Z%%PBM!@h+?>+tMvp+co
zbS#<{>f~zBKR&?>aw+8Ue!TrG5Feb-zyHYGo}<U-_Uzf)(!Xd?2IS9|GBd3xB$U<7
zVHhDwkZ}dz?IQ0-Adj3|=mFZSo*&}>#~=m(IY2RDJNN<YDJvy_iZX*S9yn8d<#@<W
zH05ST0jnpQvh&kuj--j^&u@coFq_t|Sqj--MN<(6ynNXL3KGZCbNjE;$x|QFc;o_4
znz(=#bnHdGz$@_k0k;Qh|9xECuXG(Sat#1q0A&2&F`S2W!|p?$A}<(mKo~D}9{L}&
zMNYthkAV$v3EzLfc<>p<0OSfH2H?QS?>PG(^8s$z_XTYO&gp@V?o)N!Qp7j=_3zle
zv&`7Yu|HHFdCKa?DM%N(fcrk+1Ub;b=MGnX^TS`bdg?n4>=B8h;_r`7&FMe<!l7XP
z*UEF?-@$>ZN%<@N{B%)2+nA~+<@O#rviXr?z?GY4jo3XTWrll%MR|Q2gt-5xC_VD=
z*1<Yo5w*5d@KJ`}Ujb`-w!X&){yrgmeFg?&fvYnXYXGbRM2ci!i1{D7zb5>D3JPPm
zk38~$SuRila(}bpT_`xvmhxZ+4D@xN!rW*o$xA>jzyxY-uA-U=CCKy5hF!mj+S*%S
z6P!saS1v={-$}?Jh^55~o~74c@28V5d`62FKTnzI)ffZz)7lM}AisYc)B^@$0Hr=a
zChvzBuFv7mfLr_tZQuPaVhd2?1G$6iH(#NB$RAv_{&m`gwM5&jZCHyeM|{$Dn$x+G
z79z)ZAI6p~$T8Rftf9To|GPH4Ns<M?I)CFEDyW`8D!>`dEy!Eh+%h}O%+#CW4R%wQ
zU_0gb_L7xe6*Ww4ERlW3xkUwCUOwqGt8;Fa>~VgZ=fH2pf!lYl3Gzx%+c-j>(o;+*
zDJ`(Kd;e<DX#Kx<;kotF<MWrdxy2`k_WAo7B4<yJqR>7xNE>xB)KF(r1u{MkaexY_
z$)iYCR*E>L2)iE}2VnO{?7xoASWX8}0LG7ox;!bu56Ex;#y}5nMyx?pm;)80dXkHi
z2pAv{l${kxp&@S6FfkMU{S4Rwis9b_765QSTASey1O~vQ+De+=*$O?N5;cHY==`~F
z=-m0Q>Ew%FBaf(sIy?4&j+p+f%ol($0JeYw++6+<b?>@OTeiJT8#i5}HLK4<k2r<8
zMBTs{SVKz|pP<=uw$p}nuhXQ4XW)a_O66tKDJQD}^@hqQJu#fB3lnL{ikE;FcnsKN
zb7|Ga8`LrH6cuD5R-xq}aK^)t=cGpVj*j%q(#7JW<g{IOx<!;~e2k)94pW@d35rij
zdcc;-bbyd>)Ht0mg|`Dre|Y@&Z_a_;&utN<=f?IYjW?w1Ok+w+4ep<_sA<SAaQu}6
zcI=|ho$7w3=fd;H{!aazj@r4jMKEzn@o^UyJ=DF|CqHj()Yn!bXGaxaX)6I2Op%P)
zTA%3v(De<V2MC3j^I`W>L)<T$|Cx@Ui1^<zz~N9;Q3U1}tK|nw4nI@!ax<a)OvD3(
zxng_)u18)N<SmHmYBG@noI|OpF^CT+hAp5Hals8VeOd!*e&y1Hx+-A&<^V5j5>1=_
z4DCZqUvtwcVE=5Q&N;hK3t$)K@b_uQp7&_|mdmsW<H6=FZ_tXa<DhRtF5wz#owke`
zCUgLIs2z0&JE^R^g~Jm_Of95}(&@-A$e_5mB-94B1s16(<)m67P64&SOM(9z4Lt?h
z8A(kP=97yWgmq+XoJa=B39xr)P*_A*@A@s9TE;00DZ^qvd6_*!xgj5-Hc8k+ahau6
zH81%2XH(a@mE1e{&0jv>A<qGDptYmkEhyZjKO@Zq_3h0mFu;VS&Z>R!>icI4w(MKM
z)uy=f=_RA>`&adye(l*)pWM4Ck}_`d&PACG(~A2T27t4xCfP#vtuWuSxu59(<`xQM
zVlo!?LYD707IA+p_mAlS3S1nJsv7XXSWJ*QzSWs65aR*HfFOSn#YNa79>@_nLC!Qj
z#tUnJNMLq{023eqcEVUH$WMZN79c*TmWpyyY4+?Usw~T*TEq%ZsL7|Y${hFwx@hr|
zJybVwF=7aJ;<F3!0;g%i#@A`}+8$cG_#pfVs4F;qDb1X+7{101)DP^SyzFYq%BVmt
zVJyYPX8~&z7{i{-KbcD+OH1<h^&}l#HN+WeQ%15D;vS80&!LEe1~z#_3i-LjQK)4$
zdAdXc+bE2@)#f7CQJvI*0a(}6L^gI#6fS&*JayZsH2QNg(NCh?2Y0zj`O3bRuU(zt
z?TPVjQbU*QaekZUz;DfgqUtoah&ZqQ<nbn`nQ4c790TBb`+q-k{)8V}X4QB7&mV3-
zef-r!(F>N%f-QaXJI@{K4wb!!L&w&|)-@G(r4_{V<P@a#rKCk8AJ7>xj~D>qILN;O
z{C|l3LEbMn_d_qx!dgH{X)G|o6i6Mhf$|LhPeXA4lM_AxCwn19ATBr~*_9$fQR@%*
z0MTI{h!Y5<jPwM=3MC+CFd6HDQsny905fbna(yaLJ1`qLgqg@a$fStKB-(fA8rBbq
z$QxeGVS>$UUX3_H)C!Soq$%}tX~y)$G`SXXSU3^&2D2$CA&<hsV}L;viFhT{ICF9X
zW`Qdio0w3LUl3_%3CP?^M3%^9j0n>Jrl1PeDmtiB8h|mvf&ARX<nI<s@ivttGV~$~
z<3I{kT1RTiE+o|SAZ?+DTrrk7=~PjWu#0kn-Y0LHd8koRQzgsO{(pWWpOTjIWoC9=
z|ME@iMY1%0o9Do9&4D%B7P(~?#eXao8$rj0+@*;yuj!JnuN9?c$MzMLr<c5S`|QU}
zz~h<NSOov{lzkJLv&Ad7wuw8JOi5h6rlUD6HA+%ao^!aMAi2-S+maleG~oMFLF^#2
z|Br?JUjg&xSS}7&OG^QE07c+{LH04{vvENM_@GM43N!||oXjR*W1~raKBiQX>qX*V
zN6JbLB5|NI#)2R!%m(&<P6FoqbjYljN($4UhsRS*WdYTe=0H~nr?iY%`2Vi}2lyoA
z6ilY_qA4`7Vg}Bw1D0q5at+F1UnrxrlpNp>dH~DF7WNAZ;1ii6SJ?*R6?~mWhFHHV
zBX&U#&tVPwr2*D4n&j!FPDwGEl$MOxM%XR<ynW%*n?#=0G303<M(LJy<Z2Q?UPeU}
zpgM=#)a%Gys|IU<SW;C}C1Z^!iZ<OqDV|p;#{Dp5<!3)&17PnrCqI8}LPP`Z$+tf}
zJJ;*Ce&>9DJO^Ysu(o@?pk_+pVGl23$d4KP?zX`9Fe4XdUDUwUCm%n1sz6STUw|!H
zTWi6urvY7Go$Ty1AnO8hcG5&HzczVzXpx7TfLvVEAV*4^&7b-GRFubXae#I<kSB}-
zEH+R@Weh1R4deyr>M29!l#mw$Y!KK788!g>C@PMj0E{Od9#+5z48+_Y3LhkNf!JWm
zN{@!^A_lQTepG@r0m~OkN(kfD2w9N-s)@5;*S|xHmK{cZ5o~tJIq+KqV!jR{Z!a(S
zCtb<Q+Z#E_y3k2*ZPX@EfM3$s#0YpLLedlJk+!ZjK00J%EF__UKE^N|=oT83pRSI0
zWo5FkQYSB$V9GXLLy?A4$<f50@~mc%w@Cy=>9&xKMh?ZOZYCqOFbWZ@03R$!L&cdA
zExQp1+(SuT*C{zI^&uNTb88ER)OvCe){?thR{zFb8{K5z7r)JO;NQW4*3OA3Ng2U?
z9-czf*%bk6&jmWSBl&v4&gU$^SfGJ10kV!YzZ-J@U2x3JO^dv|w8+y_12V;Y0pn0l
z6M8=6-T*Pb_V#L^AwSSbjm!Ph15HhB47cVVH;%;vAV&yx00V{*q{ZR|RWR=&MwrD1
zAV=^i)Z*l71z_LESQFy`@C02%(Ah)b_w%RNXm3hS6;m>Ffk?y+#YOnRe-MQ=xjXLB
z8)FpKHKDP{O>!d*fhMk}g|W*FIzF4vk-KcG1N(#$ja3{AUnKk$hK8KZudAm^W+D+}
zUKby2Zd}mUhu<_=9W{rL=bWX&<uwL4rBSxQT1q!sPBwbLF1DFZV)HCY63ih7?RZMn
z*h8l3Q52-nNp70cFy`4&lGRQU+Z?4r|3Be+F2GtJ&Z%JU_419YdNIMpl<eC{@h&gW
z`1AtaAMo$^!Sj7S#DUwN_6ioRnmM~{VtSvCuMlei9n9&v$mxNsJ8K}PM;-gB<mIV~
z`BaU(z17LdSq1Vm4!XQNWJU>fI#q%Br%MsB`sC{`fV=_!8+LwGRmeVkf2vsbGn*e<
z_X{+UD}Y!6J>&{&YqPpPN}vze2gbopz~TeOVLV{|!ZBk8#{%dEEPja1*IGJQms{wP
zwS^(s*_)ENi7xUHjVQp+6@Cd@GPh(kehqOA9j;a{%RAQ8RL2~z13QH>#x8aEDOmjx
z<Rz*oK~FJ(eq)I?#?WDGv2O$)rVz(0Fb-(K#~`3d)v8pGqsHkgah{Ew{1+H+C0m^!
zDz!npuSGe<3fd?}IF%xmmr%6UVlq{WqFC)Mq@xx@Ddq>rPqdXvyuK$lvnJFSteQRY
zMHH2k(zN`Il<a<m{2kVy-f-6w=Wmbfi{IxtFp>lBd~*Bgk;g{vZ{EAqZQ9HUvuh?7
zy_}t&*cS|}9(#-f4vwmr*HwY-qk?&H9CTx4GGTdto&pMwGo_ehGYSY50z*s{vWEIT
zsJo%6Iu^J9ECz54=Gp=OpQaAW4_4s(1UkS6F@g?Y$gKkgYzE4#ZV1K#9n8;$hAN!R
zPz63i4cHE~fia*DoN{9vXY;oT`e*h77FRqLvdrZCDeNmK4EPu1$3myTm@^jNZ0yk0
z7jVzu@5inSTLg})X{f=!XG!)B&Y(HMF5rT^2XpSj#sYQNEy~N(;g3XIPo^5_X&F$0
z-F(V6T1O=&d&v$tJry>qDc+)%#JZCy!(b^n2@0u9_XOnLor3gQ$U(1w(ku^?qs}ZU
zbpDPKoDdHX7yZB*;H!WBRimsdo?bq&hSCC$QBv?(YHFJ%8To$reVzlqlmjPUJD&GT
z+MYc3yvM}m3i149bE+isXG#_>o%QPCWi9vXra<S-^dT27BdVB?M$=~%V*b>|8bF1U
zaebjY;sjyuLk_@L*!|Rj1)u_bfX%(SkbPzcG($Y05yldR6~x8`CCI-9#t&WO6`Po<
zaM<CRn!pv|#tK!g4w<pBGW?2)uocL2eF}wGKVV&<j2Z)~YDyS0pxa|SV70{rz#e8g
z1(SbP<HX-j4KatvPlm5jMOB4c4_H~-lC!h>;KvQ?13Qcdju`7~$kbdJK1FqEn504(
zDX2$o;ZF$$>nYoCGnJS=OLm%}RAaS?63pw!Pq&;(O?H!(I`SISPf)bpe9}^}B?}>N
zN^M^zO{GN2wf>w6-0$K!%@EJjJ`{hkdF#fM=`GIGcdwQ5QjSqV)ESySr&aPx-WT77
z=fG$jSi1fh$!NzPb?n`Hx8&cxcP-)NE5~}~EpL0SbVA1Y$<r$OCN`Dz_=UPiswNdw
z)J)D4pS^fU>%=RY*A|w?!;Y^79UJpI>;OhaEdT#0&i}6te*l};)i96iF<&9(eWoXv
znkWM|M4ihKU^GoFMd<e!53n|1@~;K^fSw-aUC6tsi8^8qG@z4X4IyB*Mis;!U?27c
zZOw5wu1o@~FSM|x(8Ktlgf#@iAZ7FaIOred=IRs~u1@06amZDKZla?JJp*{9w)U`J
zdXTH@z{lCy4P${TZ1Lut?SE>cI^qpgC@}`>9<vxq6CR=*=>DZ<N61=$+(p>-#*3zq
zhh7F%8y+DSy&Ou?+(<=wuOJ4>9(KaDRAT)$X{ZKLg2`1Xwf_rwn9Kl%aeR-I_xVNn
zT^lz0(cRCQsiNv4d3dj+j>QWirF8zA=fJP!K*uu4o+s_&)VX5;`(N1Aux0<+U2~VW
zHEh_kSlsvL>slk*OBOW>vI^q5JiSos8+Jcq#Q*9c?uY69I@+xE59Vd~0@Pve(}1l&
zU3CB-OrXW$gOsp_R{>s#8rJ+c7qV_<rUp4y<#Yfh+j@{`p`jYa6yzR=U{|mdaB^;H
zssa2V0ht=BVq8#zosj7qY|KD==n4#jOkZCaGOq&sA-1iAHH<nX#;GID5OK>Q#3>r;
z<D<vv{qF8w<l*iO-=G(4h@P-(x}y($)FsuTna%1neX25W%QeVbR7%;pFH??bH<gKw
zkx1Q_sztjf$+V5kHG`>E|0Km2%qKssW~x-ZiQFFvWg4HSQq#NSC@iBO!`<)~d_&2$
z=P}j^sdM4H#OpV&3gQxC`(Hj6OK;toj+*2zQCw05Z~q(lW8?RK6$d1XXFagy9NF1{
zlY7EiI-7bXPp_5Co;OAO_6Kh`-~01}HiLIQe@pM3&wIT#?pjhdd3x2!2>9o%Y}CjO
zSb)Z`2QnYOh6elq$N>;S|7U)Fh5@Rj&2oSc9|(LfrpqfsCpUx+;NqkLTOro+un)3%
z-@$?D4_NnO9=C<x(E#|O21c;mL6$91OUM$qBqEU}*+b88cF@H~hpbV%fX(|B=33A>
zR8XrNG7r2lYfCjUHByG{Kndf5GW>wrz#LPDpHm6_AYM^qLP8@U{F$!g>xWuofwAxp
zhQQA03w^*H_o0Nkqk1%Njt0$`#{8d36e?UmIhyAo|J$j`;uR9AyHT~pZpsiX#Mov*
z<wnOSOL&+}1+i4D@h)ZPpQaF_l~iW<DMg#Fhb^FyaxDK$#g1Q*ksyWT3Vqqy)_OT6
zM3e4(m`uk`P9>j!Oj^2TGw=T!`2*$me-#JvD|33+b}tr<*2(2t7u;UGa$5Y_wU^r3
z7fkE7w1SV%$Cf5dDWmeb{96?b+2=c!P5)}fygG_Z@a61)w)V=9dllIKk?Y5;>6uI;
z9|*XBEcZ{q#Q;I4$GmTXIhy4IX+u|Mn1F0OU}~a7z8=v1p$q6>&7cjrclR*Fc`Eo|
zEU?pp+yi3_^S`MvVh?O|$-x#fZ?6xZpb2@q8)91<c?T+pN7f}9E8r0us$vXK#@a#=
zafN7$J{dMCt3?zUp#vK}@VQc;cUU2J!P=6HOijqgKOS|5pF!R670|txQbt}giLC4p
z52cHoA{|<_OcVOQCMm(*5UaJ9@&(r@*K7|}TfPaIcYqyW7ZsSSh5yr>a*g&<v2icP
z1=Kdtx<thWccB;LP`UYC%CNmeYAT+TZu34B+I>fncDoP@t%Gq=lU6Je(z_oOQS;0U
za`j20XI8BV9qm2w$9N9>QVvwsmv&ETER#H{{iV0hxotnVUcCG0W{KpPro+XR>EF0G
z>cC%Sh<H~a;!+Hd`=<;4pAP(hh}ZMeqTmqVg(5dl9D)3xP(AWOo-y<1sjH7e4L~E*
z>9VB!BG}j9Q)KIOE#QC%p&PJzAZ$MMa?^k<3>e|?2kIMWqHjCW#9VHM@xs+f7j^;I
z2aN>K1+<|n7$8sBjH1GA$qxITZbHNksFH)d9(<Jg(CJZg#6*?zFIpj9$=+6t!zWjR
zpTNsU518WGR9ON$evUG92&@NOT*w}4{m9rd#5%1;eUa5vUbBkwN)f}as!A#FX-t@)
zNgG$|pf;%{Y?um^q;;B#1n*I<=sB8b^&V-d`B9$nPO3EALnfN86l<`OiiIChfL;fD
zfrlXfe<E-FS(Ivtb`F0cTZ2N1vVN9|y!y#RH<?V}cdV+^p+ma`^xV-j=qU-5Ua*sz
zX3QC~4L<69@yB@%{2UIn&2KJANDcqP&uO!M=L)yk^O_nE6WmqPSke=j5O}_>sS;Q}
zsg#}*N13^akedQ3D9!4NPmbuB(caXPkw1R!#$Bsh_Z?lbXGTX56_nV*4mO6H|8-Fh
zNK<P73)IR=1$cn)#bZstVuDOejmgj76LvyH#2)BkY|!WY{dP8pNpLox03UPI|MnnH
zcVo!A5yk|p1<bTilgOMLY;+*|O#aniV^l;OfEMsc$H88xP0ENPh>SKs{EiMa)+<pN
z#sHS1<P#K3u3iC@mOTT{uojqOYpHC~YKj?OOV$`uQc^@TYo;b`SfxYxIVy-nP@r_}
zvs5a$NBL$aX`=c6khxYSrRzUSRR%ASqjnT|=vGs)(I=E>e3}A<i>ScxD~f`jz|*Le
z@@>DOIJ?7SFRZ3gpRdTxs)55<TQJv{mM^g-adb4|8P_5Ad1l}3d$&}6&U@m|<vH+E
z9C+>8i^7m7FW`AqRXpn4vv0mCcogmD9Dn!o+fQ%aGqZQb9N_yzh@g)%9FW0WVEE-&
zERdxYVh1f)zPu_I2WVsGKmmb)uosS{&;SdJ0s8RKk3n952zA3nl$Ys2+3BvZ8R}4g
zuPN*bity)|LH;c{Ik&Xbgv}1?f7BduK+cXP>W({LtzZNDKyjfEn4ucT?^Qw0Aass#
zPmwq-ft)@4sJLP=Ro1Sh?1DC`ow|{X&7Dv?9GFJHO<NA#e?^xj>J*K`Ju6VA_G?rw
z_=569FVaMd&&k86k&+CarCOu+$Xlm?G}Rm^Pjs6Ktv)6ZumJNdzo0bpx1jesQL4k+
zRN!%s)Rny`!}B_2`n^dZQF(}OuB70g@raj9qj3T)TJX$5J`eEc{Mh(&pO^y^8p|%m
zr-}R5je-Su;o4c7E4SWoed5j@bK<pkUJxx?mq*juLO5At7(qI~0b^@uRuhoL>@fK^
z7pWkR0QP<O>^!_Y$j#G*)BO`;95Ck_B4=PM@@_n^);FixiogLqz!&qqoi5@AG$=9N
z9%F+U+1Uy?ok3R*HAyfIu$W?I^LNBN9*B6v&JJU0o}xm_m#Wg_IyLC>Pf=1<A-Q;n
zG4HPd246EJW>2KTss*q`s!>9U6GcV}XyZCHS~y>0@Sev}meyIS68wn@%wM8ft1l?P
zcph~Aoixd!pCSyFV%;O8c+-<qY~4>@`m-s^@-528SfH-rLB6J|DbM8_^0Qn>fp*KO
zDDZm<^IA=rSu-$3=2Nh^gu3_cU6@vo-QCzS`Ecj54$)&+%#(Ny{A>=i%$ZzbgB<?)
z=8D5VyYbIx(0!n_W8<DYN=kL&{QsKB0aS)fUSDqjAArU8Tfjc=ir8W+Ys3O!t_}$F
z;$nLv#Fi8-wj~c26XYNmBlph-asD=xljaUN*F*ljImQjdCp#G;_lMyJLH03L_`pVC
z1b>0PP#yL{to>m(w8!~{1$tP+8<V6>nbxjUqxw1x&i;^HTty*a*_4wv19i_*D6d9B
z!4cVHZ6~70C`;5KQm0L8)M)}@e;Ibkn5R@JTk{On2)?93^H-?W?h6WoOos~BQN6>r
zlqu>VEe%tQ30+iV_cbM09HA()!&GSfDOnk%!B*f-84i6E?{p69As5OOe?YlG_Yk`f
z1V3XLsR&G|a$>ERvH99Nmjzv$mx?dmc%8Qc{EXinf9m5oa0^&qaY>>5-hPI(dds}V
z$DjSnsJA{jE$BWtsejGpLJs#w9dSRZ@b|GgfKqHQ7T0fqc%0y1O~}3i7Z>R2;lRZS
z6y!LQqn!cP2EYXfvjNVICoqAWVec~{A1`zA^D=|{Ye8?ertDN^4=}@+U;zvPEBGOh
z(}(p1^ADPuAl}zbADBQ!w0WH_Et;!Dt5+&fO$~ew$nVK3uAqS6ILLk~1&78^Y2!jt
z6~LAm=|LWzI@CN>0NcL?d=ki0mWR#qX&uP_t5mD`B^8;Sp=$d-QKV=$`3o0Q1LAti
z9qy5?S|HhIRZy|RpDEq;I{82+$hGPtXVXg9HFPP^Xfvg|`~k5*z7*=Rp7MRaqA-`O
zG)6&*OfAJUwQWYjFXKAjis!(SaiF9+TjKAp4?kDLk8@YFxjnAcd;jyG|Nn94N@<5)
zT_8F7QX}f}*>iq*7JH|SSRhsx#E7d8HU>8TF_0?(`TD5CABcDWtocn$kvjxmLqd!-
zSs}ki0X~A%BxhiSI-vHrHDZH+J?LV{+5e3Vprgk-P<)gFd3u-wFT@6UfVQv+Aa4K|
z<BnMWvoXR6K7)C44Qb;V9a^?@3@urzfLcLn<nH4Q+~70{2nq*waSU*|A}Jr(AQsl<
z*tUU9!GPvU1T<~3I^<S?%PmlnH>XT>=>1xdf0J`m<NPJXSw2r5IudGd{hlVfd`mXE
z4T$>>g@6AuDscP**=Pe_2=)Ls!#Xk)_=4s~Nj81tZYCjtx;JI`-llB-+cZYe5Vne`
zlvSL)Ps&IBo9Dp4g996PuM~tvdH1KMnW45%Qvb83w~aam-1_*2%8mE0`LTPr`Qcl(
zPkJwVk2Ur+PECNFe;gOrs|C9s%M~<4Tp+Xc%Oe(_)dz`;L=K-7Vs;rehyXFaIA0uW
zg#1GT_{3GABael>4|zFQ+Y2$TTbb+7_*i@3Zx};AVE#NO5(n8}4Pip5;~lVV&E*c-
zAuiAXz5yF6)GCJEaQ*^qTCrS!xql4JpC?bLX@~_#h=YI94cJ8y6c`B1!K^9@8=nuX
zA5#hmwgOJ7F3p{-2D=~2C1CgjPm{)2CrVd2K{eWcqC(;8RORt!O0;>ETr^R~3-aIK
z@>lXR+J=08FUbA}RPOpU>8YhripfQ?*RLQq(`u}Rv?#!27ln$BBQC;*g6tPjY0y{X
zVciP<<z$M8OXz=6KJ(}C9QdUin73p`v%9w*6%|-fNlkM9M&$jC?CU*XfsH)&Q~MWh
z?VeFl8;Dq6_}&n|r;0Vdl_mV`X21qFQbH`=SPlco+gk&<{K&&cT<<twg9@MnI3f1W
z!&Ms?VaWeMjG%>uCa^w?xm;jYTR7O?j8fw5kh_OGWaJ#BCc44?Z;p5a0p+G6Ptneh
z!wq0DK~A>XoK4Wv%Y-Cz^x$7p!`fdSSmKB|@YkTIgjnPWTOo!a6rW(qtDHebB0Jb1
z?Jx$Jq9&mhu)=^}fH>x{W5;qBMOsSEl%{-$s<dJM*L#C%ef~_TcCVA8pc%6N9W^@r
zjlzsyAax}_%CdcnD&4*%kybH92%je>lQI%JbYe^sq8?ZV#amt=2di{oss~d^_*E*1
zx(YlJS28dTqsh~!l>8K*c{<O5U(12|=Hi}!AVVrIwL`qQXaAyQttqm7UjOh-J=y)A
z+Fra?BA(Dta9;o&+yik!y1FdS2IBxQLRp-?fl!U6&8+2O^AqCW-v^!mi~Ump4w$(}
z8U8N~ZvD=3_q31)WNo94+#Ge-5ahYMqL?rX#QzwgUuDD}8Bub)3*vN5xEO%ANNZpL
zm~ehY78m4VuLFJBfLz>ksI^r{UC$`f^2J#DS80(NVvxKMXJGH>gc!d7tRH|MQq>IE
zW7q|j6ccGkb=6uF8LG@-k|+Zs;A!L)8)>^yvhr>!)&7+7^sdmvfIm})Bj$GXW}58$
zEj2j&jlvP{tEZYk$(HA-0y=?%{v`6(-j2AR6ml_~Lq5*g#4v%Q%ubM*ZZ0MIc4HjK
zr;Us6A=YsIeMKdG3JMSHJMr>q!B6p<r}G^6H5}M>aJ3*kC%iW})DZP^oG2*7gsSTb
zyN|rGTl91K-FJACxUsqVRV!N)ZY>|+3!l3+VsWACGn`-%a&j!K_4}WHaeL3ih7#o1
zr~%JwAU;PCvTlSp9VbUM#O*UYFy!PTM@SWZKL^AHX=46m`F!49i2Z}!@9YG8F6{ew
z8=#J`6|l(+IJ`0sH$(XSbO+@h@qo^HSo^cMMSW^$Frp>%#{v6SonoU@Ab$#oTejfv
zz<hmufLjtxF~Iz`b1=qQz!*4RdQ_65f%Q4?h+y|uQy;MZTNt@hqViTM(0-rt^{-KV
z$e$_8`3<sDgZw*vOOx&YN})Q($wWO1cmSuU(*3XGg7^S0&DE&=3E!phToU`2z@DH%
ze#Q%76PQZbftSeE3^mUi=J%X^y*DH&BeO?dQH64g^16S{JK)ddIq*w3(6M-`ATvLz
zHy}Wt>LvkyH_VWdQo`;x&6v1x<%VZOkLq*f`gv~C=S=FVtk3H+x7OwIaaj%EFtIUY
zUJW@rkbOJk=0Wze^2eXueqfzf^`!hRw$_i128Otc3g;Iz;?7gX+5kEJSPQV+0EYF!
z#twUXw)TD+db~FL{<?_&XEuHK^%3La>8=mFFAKyHYXED^2xEvE#vDyf{=J}k1bCYv
zmKgfIzcH1U8&hYyJTSz8N#=}e2vkt7#00s$t`y*p8a=5Qq;Cu#LXZ_~iw2N=#5DV3
z&WD|XVTovJAzlD$04HmIic?-kxmwq$K<_5ihxSvJ>v_!o)2ZI+JNN*<ry%X4WT2W1
zJfOo=4f%I9Y9be%PONWi$j^Kke3~)97qB5`<9rIW??PR$QxxTKfbxsWKbP{lsdZ|D
zhmU7}^UUe|7$9W||NU>{!1J%{5meOW9QX1T(!@!q!&PVnzq>v#IN@K*OX{tkQoera
zYKdgiwiS}<x}vVE!h}9sM@<qTcbDnuEJlZ|-Gc%RpvPmbht6(kqYA&8-|Mvvh2iYR
zx9nb-=Hbb3HB{hhgUugnd^0muG6TK_s~;X6=SxAMHe9Z-HtdDAw!r@|0bV%90(V!`
z9s@=Qixt$-0bUpK{+$rR;N@WiTf);=M+mubf?*ReJRo<>{SEasv}yAO;DMV{PB!Ws
zG%5o-R2?~rDi|}Mdzk2vw~r%g5BgA0q!_rKdK4aJOqt0-U=M3y3>w2>iYO^5;+h)3
z4^SjWs{o2pT}Ii0H>gne4owdGhB91VB?pZeRPX#fO>+2-{I!mf`nUj!M9q&{PsqP<
z6FC@HW6gosX0sLO%bKcdixKZ+O%c9JDbQ&>CHcKh;_yh4eZgxtuh*)mtLn}#%kOEO
zH(Ml2<F|PZ{5v=>b6$NzXoPEjTAC?Ms<Wr;9CJ=yje*gj%`iETN5}H&1i<ZKb}<9g
z0JH@juq$vuJw5cv%}bB$fR7(PKJ451OC<Gw``eew>^_gax;Y~`EvjD^`F}n>EarC{
zY;OYS2&g0EX8lclQ{~2Er@J><GJ7HXf+ApZ*jSC@VgW2HRFUhW&SCqAFkUbpfrUAa
zK^L$>{E&eG8w=Dq`L{v755pI?hwVQ+)D?dJ8pyvH`~=3p{1-s?SLfn`^$i5DO9)Z_
z1lSy6Z``*txw;D}j^zmC=#r1S3ODyNEFo1@<PIZ8c%0%mvJ(YSnA&{GP=A#Qbl!vf
z|AjK#PQm^+6TZLiX@cW7<fDBAG0UbDZn29dK>i&J8j*t>OzN736k@f3R5cuF<;F#1
zW@QZj<!o}XY@{^*8^ABHp?B}T|B$`4WBEMM%=xX|n|7}~{Nn2;XI%fF*ZJS^?)g4>
z4loYvIJiLvYl80NtdRcL7-P!Kvq7zGQ($20V{NR3Jb6v>@zvsd_g>!G@ZTH4hGq=;
zF`(%2A^lnT36dpC+c?|Rnym{{lCnd(gCiYb&zI+NZXKb2i_A1BJ~5OUTdKNu?%N>R
zynBrxJ$rngGW-CBzzndqWOYQb9sq`qJ#+~cKg9693{YQ$jX~DP8!|OToS*(U#1JFa
z&lGk8<PciI&!D8l@WsZFttET}7?XUwgphj^tmzSZ1G_(q572`B(9#?>xCjT>`n(W(
zG!8Yng~$um2j;jI@W_Evigk(#><~K8{jJPR;G=*&(j<g})Mrzw+DXdOd6ya?|7os=
z$yIAM=l`p9?8o*VdRktcLM^sXt;hFd4NO3DkteVQY{=hgDd}mXBe!=UO=+p8<cukZ
z2@Il~;16Jvu%tsL4vG0+A<u#T1P*-o<xPcWR=1^;Pt55`&yVe?oRr_6oQ3+FsLc}=
z>xsC5RLU$$xL(yzaJ#v)hT0a@y`NPPBWae@9?q$V@0r<&T74ap-rl;ei@Z@wz}Oi0
zJ*X3A3jKTYwgq(g&6B=o-#F%6R-IQ8ml)p1@WBoAA^R5cm@gTAm=gSX1O5S4Cxqn*
zuyKHm307El7z5*j)f2OG&;afa!|_DlgZ4wV9<eZEcmZ0dRj3U+p$YtksA24-1DOUs
z3B~}HFOZnvf_NfhuAc~C17u>1u(M|VNZ=K~ZlSKua0F2E!_ER@0&IrHk>syBgHqIw
zQjX3YnhN<(cG-=bzqvHU?R%=S|1;TYErYLcECraYrD~7w$U>_QW0w``ex{SV^;9y|
zm`>AYw$SeVJH9QeX&`w;GfH)Pk95_eC^9~Vm;e8SA3uK&zlZ~Ozq+Y%_p7({rH$`=
z^rlWyO7z<Xdcg5QelLpy3JpVj-=-ppjPXalKXCnE%QM7WZ)(PBi9&{9546YH-xc`c
zEM8a#K16M-`7MyI&wK+023R`)Gt|(K*$Wv)=)l~s4-8N}tS=bGAhR(tn}Wy`{zKpZ
zga#P_Pg5WE0v*UUv*(XP&VU~D0vpaZVS(`^4*rO6u?B}XuE%i0V8<{*Tmc&coZ%~A
z_CE)sSn^h#Ov$Q8DO2YLO&5Pl@s8`rSAQ`zLH^5Zz93WW3NBX2+ju!udwxsi+6}<?
zFrbF!R<bqCAUoX^REzrMy*J+6G-*m>zoDr;#aLcOeDGw7O^oetYMJ_g4_3-c{+s8(
ze;Ws&(|7Aamh`Yj*MtAx5b^#-<^p`<0~{|?E8zAcX2;Rd1U5Wl`1Ig^2S%5(vl_+<
z!~j80w}2kc>IoUa*1)hq%}m+)0hoXWO2G4mpAd7uks<1jKrdkS1y);t<ry<PFeBjo
zir_EsM@@s6FxV$xr(m@O)PWDcY>Hus^I_P8ZiqvUj?#wz5w(fok7W3w%(fr`o|pjm
z;BGE9oFBm5G>u$U$|-T&G2nV#qiMmw@UdS^f%>bt`M=QieZ(@@qUONU<O-ay3J=IX
zZ~&R@Z{d=aWbfojo)+6EZhQ)`em*oFpOSRZ&e?-POplYB$y~}UF5J;HbDBi5u)X8I
z?OpTt%X5Hn;C%0kZqFXyk(F1RdNwr5x4)<&y}PV7FQuw6SG-{5Z1JumTg0zkd_jEa
z<~a`EV)61>ZWXm@AH=7)P;Gq%Em+)y`ob2#zqNr)9{xkj^=xgg4_$!y7ai>2yF+ae
zU99~Dh%sb!gv?QgKpSHN!xPhnoq%Bta^nCnf*Cfbr-vRzgz96Q5pZ@rh8y68+GXx8
z+Q{p98a_f6cc_820mCOyg3Ke{2)W7D);btV)KL4x7P-ra+chgDJJn1|R60)ShF556
z(03GIIg^6*x4{1QS77|S41L6cixsrfZle;nzmOH`{%Y#lQEQuonwqEedpUHGt4A<w
zeRq|TGt$m`_=b{?XdU@kucfri>=lfMckbR$Iep<IZ|7so;Q#(>IB@ap9=oG2?LF1G
zXvXDrTNfYRvTs%S_QUI|Htg++eEE&T;+HNR7B5^kTReNwl)R$aG)X~uN>BCVTw1qd
z-gn1d+W*3{C-#;vSv9Y}t$j*=c1{fJe3~?)wT@~h6d@J|IRvOX;^GLbKVbK<m>`A?
zqJ=r1#SIuhA7JBxI%*9uzr;YkF))Uie*iH<;vju4mQW6P$E<dUm%A2p3HUQmo7f-t
z073(XLC7$O#&Pk;wzjOEsXn(>@Nlz%UBaAvOiSR)2e!AyF-kGMKuv*vfqlOk`M<kq
z0(}2s<F(}N>Cef(NNob;IekqI!cOQvK9rW8MQb-~m~HP+415wl&eu0SIk6`?J_mM%
z$rNa_oh0)Yo<DcBC*!RT-W2}VymbCX|Ic#(IY3Voi~7pzFNk_Bo_gTiyMMeTfBei|
z@%HD|mh3pRK>~b1$uq0wWX)OJEWUi_Y|8C>Z_c^#{*~mOD=(MK=xoeL&q?U--n*f|
z7#KcI&SrG;-8U&P*ax=1f%)AHaf0@?1GWIB`!ft-hV`olTmf6u9#&O(nzIQo8uL{$
z+krLWf`Sp>WDR^!In)+pwE^5v$B^Y9nqW+EcU9x+6f+xw9dr(P#2ne9&aXA<1Ufn!
zK~J!R4FEAa2Fc{EQ%os3M`*mst28C>E7Dg_qHx0lRAu`Y)cHmYppZx|W>8->meOoK
zCwIdo7+3t^?{uUktJl;dBxigs&~%_n*ROj-#6<SQjjuqwV=#rgVGNnv*mL9En-B2s
z|NM`Of56`*2kv}wL-$7CRWW<`JO6V_e&^wBE4S=kl{ce(^4j@b9i>9x{my@8HXS^)
z6S0B71V_DIeSHPUts1cXfbWepfhO>TOrY}{7%FnLJ}fLS-(!tnh<IWR=mFZGv%Erv
z3mE9H2l*GUc^CSE0=Ct;SOGH;{Q9U-%wmd}9${;Zx`n7E#NrdeqMc~&lF6|Do06xi
zEm`Y`$y>LQl68+#H1d2V`F?>KMBWrGJVM2`e;^~&0!&THAbH@NtEie&tXVJOe7BIY
zst=7%DFUWYT2Ecm)Oq8SjcM)XtztJ%w;pi>^Z|ncitt`aK7sx{y?1UTGoJ8&JO}<;
zIB@Lc!=jrXUf2Gq`@Qq=+e*@NWN`%!p4d@x?98*Gbvu{Lz1ersXZ^Mn9YR9^?cB40
z3W_o)D&80Ifq@);n7hkBEmG#=W3@%>5c6Y(+#yz5jMW@rSmX>(L^=kr`auj!JOH@F
zHi!#i^S>5yj#!KU!yq?;&5zY8WjX<~A$p*WxgKf^GA#00^K1UG{m`0DOOYP=c{-4$
zq8<4mpC>`@Fh!c2pfa})A?w!2`GGyq>;}b0XTetJ1>Z&_>Y$jDm)?2`H-8>^eV#O9
z*1UduM^{?2X-kfdzA2SfRz>R@81y(H9@yS!K4s?2r{weux_t9Wu#`vqH_w6J0|#C>
z`&=1&&gWm=*TBB#J~OLC4>5Wj^O}&;r$tNFNG{Yi6rE==K`zJ<^h5n&=I0x$@D#8E
zbr3_WNv4>`S#2RB#0{_-f@UmU0QNj1=m$*BeSLM1moO;*So5=*#0Jn4SS>PB_!HQ8
z!Tbops1IlW-y*{hZd)+%>|5_&&`8gT@AvVv2ObG<&-LplM(-d+i%w9k!)5sIffXh^
zL2-sJQ)$5j#0>#syr$x$r?)5cifoFsJc-x@ALLYI_Lr1Z9GSOhNl!^d%^wynSt`lQ
z&g#?G_az_mEr|bbrPlTZboA6wjt7hn{2$MO|4STr^Umc_*S1$~U*IrC&R=^mfIV-=
zq8729P(TsUJ`^4APYajM6tpjxUSf?{K!z6{5}=73o&g*YCnqh6i2<H&P9*0O)PSA9
z(a8eX<T0Er-^?7fih&*C4tpQ719I~})&;CCxiRw>ATEK~4sAHRU`2|H(u7Wd@dfm{
z=_NhvekL`ROI)4IVOtcy{#Qle+B+!9<atW5I03()1x4$hq%h$gsw%4^JwpTFo##n1
zvXXn#^KvQ3bTh`EAjAOZQ+wy!w8WG&+Pq^AWn||`O3TWyrtzXc>qGE&q|(yW>zCF|
znY@`@lmFv6@O$OJjgKx00z<u#OJGVBwV9j@zWwo4rLbu4e&)lE4Atgzb(R}wX0Aq#
zu+?=gXgY6%`k)r552^;)oz>a+mN>$P%P|tM90EH5VwUwd`DeAogor(2b%L1RP#g7z
z@{7aZGf<|qR7VO5U~xZ6l%5~g$KJvIBU_Dvg59}100*5i3f0^U`QJ}*rrSta-kD;J
zPLi*11?mgM1H(^5)sreE#g+M!GYfOcQNNkAl#_rfs7o~yC$7!R$?eWAC`QeZgpSOt
zY)Z*00v_;5tP!H=eD9rtx@q;jzt{K9KR3?-DF=!xa(b8!P*{;7kshm=T+r?8qDiq4
zx?CJF)8Um>#&ETTDyp)(v-9H)TiK|PIqdvV3BiA8ZmrqG>Va9?p+*>NgaJWj96k{9
z3m70@*aGzgwc$V1LyfT|E2bkS!JkUY6R37#5@Ly97qBy?gQqr&*!5E~Vh)>`>64v)
z76k}aQKZp!3Nu_tdgH_tZFGX%h3$}G#2Z<OC^Iiz^78ppMimW}WTulq#%dMF`!U4z
zgFoK1ZHud&qa($RPn6{5=Tpm^1>_4Gfv!d=wMv#m&s#RHq<jCC6zMbb-#iEYTRG7C
z-kYQ9`%m&b_082{BQrg!oK)B)J%8nv4mU?&1I9(^aPfJ<!F9Sd*7cFGe*Ldqe$G23
zGpN@cafBMM0ZyG+9q#MrirRnrsPzZ@kWg#j13U%Yf%ynfQ_Mz>np!6!H%EiQqI~K2
zi`$_WsMEs5Gf^K*3;qQaDyT~1Y!eOBYD)}_w8`E$g?zQ1p-BC1#QmbJdL~60A0=nQ
z3Dh>Hvrj`y0~jimT%G0Vb6R>7lnhBEm_i9jMWmsvORLteP0Y;A>4}JmmXuXh_OIQs
z4_E-($jV?AY@F#_z3*MmZI?)&ng8ZF@O$MzetA}RfY_&h|B;=JQXZsaMfF65Gb|9)
z8b^+foue_g7GSo4s)+?9ho4_7icj<IwM6dEocYt&#wCc)`UN;r%dAPj9dH6Bp^!V@
z3^jypZS`s2;q7N9G?ezSnn8z;Z>2RG=8=o59hFw)LpM;P)ZB!Z*|m?q@~ptw-GOXO
z#{=(oHbn~|v+8kVrB{i%zQ-xVub2)#dqCvs>CzvQ5Ow{NFYYR|bWCq>_wyr5K?BC3
zg|JcNeN|jm+P!Au`guX(P)S5=bkDOdo*`@De2gorXin!d5_YXuFTRw)zWG0%1HU&8
zymRjc7Z=Q)`@Ju2$(PpTolMJ4{3GH5-Pp0&9aBnzgHQt)egI?S_cXLr0?*S8F+S>)
zniIvX*Vk=dXyYI3@_lVx(V_gp<gUmVKic=)dc^k&sGu+wHh)#rEZ0KrpdnS&mP^jR
z`C?{lVn}~LkQ?28=NwI&J^?s@19b@PU94$(dxMBwJ7#=zucb)}xg%aL#$-E<lNXVV
zK_$gly@I;IO|UJ<$<<G-YhW1SuU|QrFn`&63$Fk_GFP93`hpE~==mcP@(T0*c=@d>
zQ+FQN)ss_{*LCRht6TL2rQ|Hyg&IJK64uA<z8fm<d~!>kZS#LT2mY^f;GKJKYd-E7
zr_Y)wNlcIGFR992c;@m6+vJpheoy4`nLz$4CKY}*siCHU#q^p%kDoN9gwxmS8_SO^
zT;5F0GpZ`$lSAn0%~yVO^{_+kZ60s}w1HcqO%6`_l$D#ggk5{z(XC10(f<9ZY4LRK
z!b$3w+e(VS642Jwq?)EuP6x=$%j`BW3MD7Vyx3?p;)k$?Fq};BcIUB{@Hs1ehUARo
z>n*cd*0BAo{H*tkH7Af?U^F*AG`CHwI(_EUmDjJH-?Mh>y5KGQ_hs2SjVCwr15{XE
zwM*Iu|IKrN=fE%r4j%6oOqf#E(9$ubw_$qu_kR8c@ZYIXTuL~7^u<kuqSCx>Jw0Fz
z79@T7$L~H;C@xQwtn8lgkG=ag`(@_G(bd~M7Z)vWr{(LW!WRJSAmsKrI2ux6S#FQ?
zDkskz4V~Cnb=%NX8#=&b`0>jS-y=^Bu2wX)wXSW>yt&&nR6WU2x1K!pTS-%0gt1^g
zB{*I}y&(UgewMH862~XU_wPHpPcWgezROUr4C9Co-TAohX?CsCXHHH(bMcjF_z14v
zyeh~ps{P2xd>i?Ph7a{2y(j*g=fHmw2VU<zC;I<=KTB7&PWB5lL~M^L839Y^jq5K5
zUwZqTAU!X+Pe)gS8m3h>&RH~3a=d3VHz(IMmeSiFyz%0>H(#KQI~LJ|`Xa6_uwNj2
zck$u(uHASe@A#<$vCCG^4L@*f=hW>7Hon-kW*)H0CsI^g2x^=s!#BTxW_GlHprsN)
z)=JIfpjV2zeW+1rvWdn!UZL?xsSn6*#e~YP<m^<*^jWjr4D{lGYZglfj~^8?-d%nB
zqTrprn+j(yzgoif8)nSzvawi9sTp~E?GMHf{*ULtV>s~A*@L2(@h+r?7+#^FIvqZ>
zhw~A<^!l+){>T+_cC+p8-qqFId-E(8Z#=zi!tD>g=w0~Er&rH!+PUnT<1g+-UJq)A
zmL&tj)PUA*TEW>C-udW~=-ibTat|KgCRx0uUD7hIzH8Q^=671=O#R3F6`g-suwpT3
zDo2xz@+>kE1S0py7WuyiD8cy>RZpDwfc#&7|At0sZF%qP#dAavvFZI9Dp{14pDC7o
ztloF8a{iHBN00khSQeAHMFL%W=f*GgnaK9dZ}S}Z-{incub;O0-@IP^)Vy9D`0<3O
zDYAY4x@$K+yc~50wM`pmOj_pU=T4h<t*6dKv%g%tYF>2b!s&;AOQiYUXK&?g+SzsG
z&PSKdizED~ZEhoce}*)1N=-Mr_YaYuaPz~fcCycL``v4Tt@}1^yYula&8`hApVL*1
zCOh>Oiiu6=_x1^*V9Udl;Cg{(w9kG({#hTZx2|(*ncMd2#3?Pe1!|e_54M-c_AR>|
zmy*+~ryoZxl2)<oaekZUz<(PDF5kEy`gh;+yk(88whlUo@l~abJ6HU0`{Qfj?3!2K
zxvG_zns9IJ)|EZyufF1W==jczt-DsOdiT>C#vlIimcovM>k3ZyJbSvOt>L4+hc>^G
znUmZf7~)T7F1)nt&PO*)N4xLK?_3tM<4aestkh8rBP+E@Bo2%09-owUFVJ#7#k-$J
zEz#6vqqXhmTF@}Js|z&&V`xG{qhz#m*s<c;i4E!+zSJ^%X2YY-;g9ni;5jhBfz#)9
ziei$y5x=iS9nZAVolmZ5NqIAO@!Zg?f{Z@4Kcl@-{MMa|DZTGsjKBWD)zF)LSN*&9
zt=+R~{n9On>DfGeW`kEmj2Q6&O<&)9|Ei9(583ZGZeHN>681g2N35?ALgt!z)G>cy
zN@`Yaj~6h#6TB~w(8x|A+eUUfzoPQ2vZ60)j`=_GoINLx>3E?Av6p|~BhQiTli%h!
z@O$UL?1fFeny3rfFnuD8<i(U34U(pr4V*7fmWCW;&Amr=WL~`fT2%XjmOn7snyo8J
z0>yr`YI9fbvo9PF%btJX`q>oe{(F6Q<h?wifhCf_jV)0L$r5La4jS)!ft*|)Ew|G;
zmz5}twWIoJjfbRtjrN_8mT|bczP@KP8h?!E0MCI3IdJHez4L;?{V6;;_#ydcXLc-Z
zf22SC^369KcO2Z@_3X)AVs`G*HH%8pbJJ-3&b0+EoI6qQ((5lwc;W2xc`si)X~F2y
zzsj2G`)#vlm$Lo(sWVbcbPFii{{pakvnA4VMt+~V^p?QMO-$tzsvj%ca~3Zyv2*f#
z>^UR*=J$CH{2n>*+Vxjc&fhvG$S==6plhH(+xKm78_9>gM|TArJh@Li@;KW+b?#)!
zTgXp1bLn)Jl)i53>XMSGqECt{^GCJ8x6f+}Zfb7qmY)Ceg-aq+(+EoRKZCXXG>P>1
zXy4J}(|aT0<9|}N>!&sIKETl!$RFc5Aj5%c?_Ww}yB$mB*m(H4QPa%22{PoN&2w*_
z5fAOiY+QKjTr}Ig{Pyb)$oj;l8n?E2Ej_aMMC`mvZ@wnjymM_U+m`*y$S(ad*7pd_
zeP(Hc?D3J?Wz}^%Y@OVGQvRp5%~(6KEx*rmfakz42j2bUro!-^oLpXMPFH4O>S5Vq
zKeheV``0+kk<rdO^3oxzu8m6`lIQnFiOJ8(t2i9!xq`&8kFVX+IK8bQr?Bwj(XJ<Z
zY}4M&ZkKOf^pQQrZ}S}ZZ{om_Q_mV5JihONdG)96fAPA3{GOjWZ#4R$lluha6G}dQ
z{^cX1+V4ke^HaxQ2h_WE=gLst;iJxPoY^UHa;l+yC!T#QZr`TeyTrLgMf9kCWRJgv
zm;>2;ew*jOe-j7xJhxNu%7qty)^B+C(QPHa<{6i7T;>Kl{zG&2uj%uhPi{Z`Q|+g;
zbcz$xN}ousQ!=xk=)9l0CQs)%z;obX4qUx;(d3<ve_CcAZu!fPym<aKadKA96RkZW
z;^KNvpL^N$mtT!<$#a0`z<&}4PWGG<&+S@J@+9|E*ED5GUTLxTNzUcZ;W@x_;6I-O
zJy*`UU3<dy`oiUl!>6`3|E6n{|9lSdcgS;q=YW(0ZS!VJq}%*A&jFqTzb_6PJaMS%
z_w~g5)AAhPIUwc0)!SEomS05Lj{oL4z;l4-0M7xQ13U+K4)7e{Ilyy(=K#+Eo&!7w
zcn<I!;5oo^fad_u0iFXq2Y3$f9N;;?bAaan&jFqTJO_9V@EqVdz;l4-0MCK{{~RFx
z@At!jAOH2(XFa3*Sn~Z)IZ69t&iIDz%E>+Egastw=--Xr#}A=rAP$99+fp14O3WTU
z=ZAJimkVeA<m6I<MxOBlyS$uy_)~IYei%W=zMPz7^4IJOe;Q}-&#r5@gS&EKIq{;<
zyEyz5KHQ(iFquvb9FYuA2LFc+pTLehZO7p=2;|NT(8oy0-_m{Vh-l#W(0|=x=^5PZ
z$ysm|-66X75M45K?7@w}_CIoT@j|(g=d}-<AbsqoM$$tE=mVF>qo0v`@Xz(Z_HrYG
zMF$^I+W$b~al?H`>B8Yd4{Qz6Klgj!sAPDrox6d%EyG71*cxo#Fu>mjNCP_q?@&DZ
zLDKMJgtGqs(J_KPd^UH1e{>EX7_r5*-)Alvad>F=DX#yA$=e3c;MzY-9;D)pp#6_S
zd!uZ$)8LP56dDdGqWvh$d3vGrbld>w51%4s5&HizaN9$-FeD^BxWMN-rM*4;jsEfX
zaR1`LQy)biBtPBGnm@Yz;159h1AgfGzY+bxAGpj_2K)ah`dyhO4{Q#$|F!fpL!HV9
zA3HYK|1f>)(3#xELv*v@Q`rfFbnaa4pV@<tI+Ctr_TW!tfIfUov5(FScP8zBm|opW
z4_shm`|1(mFp~Z^{8(f!FoMpBqwJ4m1fAO*zMF^ckBJjKraec$EAxOO`se5m-`|jU
zaCFH-?H{1a-rnH*d4N8&!@3!`{?H*d96rEbjv>QO#IAo==JMS5BlE<pyE8vQm&now
zu0M21wkt~>ygym`1CPgzUoy9h`^U2k4L$?on+)BIyH~~GOAL(vcclkF$F(%1yK-_k
zfInF}wnK;MBidv43^W+Y&<O){92@w<t^_=jNcZJN(7|6erVrBxu75^)z9Jj!6=moH
z?T5}+WRGw5IQkEAPqjae{xxIyP=ABZFTFf&_by}kW9Vmof-Yf?d}gRa?)ipasUjYK
zvJ8FT=P^u|2a;y541M6|IZT&R;C_)q{SVNGe%|b|?9k)r?2?b8<MAI$XK!Rgd)Wbj
z<LKk)p=f_sPWp!(8S!FA+i~Eolq|={4@xXM@EAJBkzYaQ-pGjd!@Gk6%J2bpH!`>L
z5WRgQeZ>87^fPk9f86zl#)E;yge;xCo?-q!f_`_XzlZu~uTSQNIl5%%bjUu)UyNuk
zOJ@!GhUx5d8F7*0Uf8Bb)49igVFX=n_>X%$nfv4VA12EwKzbg!z6@Qi6%W`m%)gQC
z<^IJMfIkeiFvFgVc;V;Q|9JYCZy!(B2KjOQa}0XS^*IJThCX_G4f^N3Gu%VTw?A-w
z_PT%MnEKgW2|IyPD2E3OMj!b5?3=rcuEUOuLf05nOva5)|55Q;=m6J8r~jaMQPq$2
z&&>$K9G71I2Q0mY>BGOMA-Z7B86nr6dzhgYJn(w~$Nk29Ez^Fe11bIQA&N)bhOR&S
z&ZYDp+cmx(ptldOWAF-6`d>lkn#=VJ&<ADkVY=%eec&0T^ndu7jp%XUM=~%0po!d5
zgY=;zbQc$t?)~`m7|Fo(rAN>PN2GgyeM2-r9y$U#Zb3@_uJ`UBo%?|e-s2C$^sd3n
zbMwa_83T>9{pa1I(n(7HqI<Odhx(zfS4l>>{xJRSf}fyw4K^PbVTKzHZhi82`j6sa
zo#&ypIPjx*NN1Ae&(Nv&&s0mVA3AhUX5;HK<&US|{aE^ZqqhI%?$>7qI~bjQM#_Gs
zemwm5&6yvh*O$JL2TuA%G9=QY(c8aS-toBhpi9Z4USF1;{J@0=c0#`q47E2KjsEp=
zk@SSo>FcFrxl!pq3@`gaN9o_}2i2kWL8ElgB||S6jeZ|`ne<OOB*|Q7!F@%Elsu^N
z%20{U{WxZbJQ@Q({!zv<HOdRVE4yfjc%W-;=WAIMlY67kL(U9ee-!!;hN5BmHxIYJ
z|Fm$J-uN*6M>+Ljdc(tX+1r<EX@B?x$#8SIme7akcV*~)qtJ(>1LuwMg8wx<;mFDP
znLX71zeuJ7;b`<T!#6N0ea_wC6GCa^-@oq5@P|{e9z5gzko2-%9&UesNO~VZr@M?W
z_%}-X*|JJn`-2z9-j6UPOQg+5k+2`p<uJYL;r3>-%i4#?L>m1vKY>x`idP;_@9dL#
zgY6G@aJEl|L!l4T&$P?D;8Eyz&4wRujM>BO(Ryfv8MEMFI<78|^6#m;57Tk?;vxFO
zWLfS$H~|lxd;g5IJ*NQ<9Us~lrne6rliB!DPBhrTQ=u}4hc<`#CvG1)IK1(<`*#PM
zKVkwVS}r|dxRuP-xBoiwSUS=7kEj2Oqcbkc^!mUidqa<-F9DsM)BZp!=}sRF(8aJH
zjQ)3Fp#7uhKfVULjQrDbqw|;OZ(qwv#>tPd7*)YwSHvKoDmUh-QRzRj6WG&@nWM=z
zNBxr*$b<gYsI-6Ls6<Zw?wGSbj7q0=q7J#Iz8mxLBj{+=DFXeQN7LWfD)=(uoBN~p
zkE3t&EmVITy|Z^o+qu7Uk2-1}JNuvWzxNn=6ZHgx-acyM(0>wUw(fg>XHPoHALxI_
k((<#%I0)I3efH?b<2wDdbb9pT58U*xrH}IHzwbl;54}G$yZ`_I

literal 0
HcmV?d00001

diff --git a/src/bootsupport/modules/http-2.10b1.tm b/src/bootsupport/modules/http-2.10b1.tm
new file mode 100644
index 00000000..6c3c068c
--- /dev/null
+++ b/src/bootsupport/modules/http-2.10b1.tm
@@ -0,0 +1,5457 @@
+# http.tcl --
+#
+#	Client-side HTTP for GET, POST, and HEAD commands. These routines can
+#	be used in untrusted code that uses the Safesock security policy.
+#	These procedures use a callback interface to avoid using vwait, which
+#	is not defined in the safe base.
+#
+# See the file "license.terms" for information on usage and redistribution of
+# this file, and for a DISCLAIMER OF ALL WARRANTIES.
+
+package require Tcl 8.6-
+# Keep this in sync with pkgIndex.tcl and with the install directories in
+# Makefiles
+package provide http 2.10b1
+
+namespace eval http {
+    # Allow resourcing to not clobber existing data
+
+    variable http
+    if {![info exists http]} {
+	array set http {
+	    -accept */*
+	    -cookiejar {}
+	    -pipeline 1
+	    -postfresh 0
+	    -proxyhost {}
+	    -proxyport {}
+	    -proxyfilter http::ProxyRequired
+	    -proxynot {}
+	    -proxyauth {}
+	    -repost 0
+	    -threadlevel 0
+	    -urlencoding utf-8
+	    -zip 1
+	}
+	# We need a useragent string of this style or various servers will
+	# refuse to send us compressed content even when we ask for it. This
+	# follows the de-facto layout of user-agent strings in current browsers.
+	# Safe interpreters do not have ::tcl_platform(os) or
+	# ::tcl_platform(osVersion).
+	if {[interp issafe]} {
+	    set http(-useragent) "Mozilla/5.0\
+		(Windows; U;\
+		Windows NT 10.0)\
+		http/[package provide http] Tcl/[package provide Tcl]"
+	} else {
+	    set http(-useragent) "Mozilla/5.0\
+		([string totitle $::tcl_platform(platform)]; U;\
+		$::tcl_platform(os) $::tcl_platform(osVersion))\
+		http/[package provide http] Tcl/[package provide Tcl]"
+	}
+    }
+
+    proc init {} {
+	# Set up the map for quoting chars. RFC3986 Section 2.3 say percent
+	# encode all except: "... percent-encoded octets in the ranges of
+	# ALPHA (%41-%5A and %61-%7A), DIGIT (%30-%39), hyphen (%2D), period
+	# (%2E), underscore (%5F), or tilde (%7E) should not be created by URI
+	# producers ..."
+	for {set i 0} {$i <= 256} {incr i} {
+	    set c [format %c $i]
+	    if {![string match {[-._~a-zA-Z0-9]} $c]} {
+		set map($c) %[format %.2X $i]
+	    }
+	}
+	# These are handled specially
+	set map(\n) %0D%0A
+	variable formMap [array get map]
+
+	# Create a map for HTTP/1.1 open sockets
+	variable socketMapping
+	variable socketRdState
+	variable socketWrState
+	variable socketRdQueue
+	variable socketWrQueue
+	variable socketPhQueue
+	variable socketClosing
+	variable socketPlayCmd
+	variable socketCoEvent
+	variable socketProxyId
+	if {[info exists socketMapping]} {
+	    # Close open sockets on re-init.  Do not permit retries.
+	    foreach {url sock} [array get socketMapping] {
+		unset -nocomplain socketClosing($url)
+		unset -nocomplain socketPlayCmd($url)
+		CloseSocket $sock
+	    }
+	}
+
+	# CloseSocket should have unset the socket* arrays, one element at
+	# a time.  Now unset anything that was overlooked.
+	# Traces on "unset socketRdState(*)" will call CancelReadPipeline and
+	# cancel any queued responses.
+	# Traces on "unset socketWrState(*)" will call CancelWritePipeline and
+	# cancel any queued requests.
+	array unset socketMapping
+	array unset socketRdState
+	array unset socketWrState
+	array unset socketRdQueue
+	array unset socketWrQueue
+	array unset socketPhQueue
+	array unset socketClosing
+	array unset socketPlayCmd
+	array unset socketCoEvent
+	array unset socketProxyId
+	array set socketMapping {}
+	array set socketRdState {}
+	array set socketWrState {}
+	array set socketRdQueue {}
+	array set socketWrQueue {}
+	array set socketPhQueue {}
+	array set socketClosing {}
+	array set socketPlayCmd {}
+	array set socketCoEvent {}
+	array set socketProxyId {}
+	return
+    }
+    init
+
+    variable urlTypes
+    if {![info exists urlTypes]} {
+	set urlTypes(http) [list 80 ::http::socket]
+    }
+
+    variable encodings [string tolower [encoding names]]
+    # This can be changed, but iso8859-1 is the RFC standard.
+    variable defaultCharset
+    if {![info exists defaultCharset]} {
+	set defaultCharset "iso8859-1"
+    }
+
+    # Force RFC 3986 strictness in geturl url verification?
+    variable strict
+    if {![info exists strict]} {
+	set strict 1
+    }
+
+    # Let user control default keepalive for compatibility
+    variable defaultKeepalive
+    if {![info exists defaultKeepalive]} {
+	set defaultKeepalive 0
+    }
+
+    # Regular expression used to parse cookies
+    variable CookieRE {(?x)                            # EXPANDED SYNTAX
+	\s*                                            # Ignore leading spaces
+	([^][\u0000- ()<>@,;:\\""/?={}\u007f-\uffff]+) # Match the name
+	=                                              # LITERAL: Equal sign
+	([!\u0023-+\u002D-:<-\u005B\u005D-~]*)         # Match the value
+	(?:
+	 \s* ; \s*                                     # LITERAL: semicolon
+	 ([^\u0000]+)                                  # Match the options
+	)?
+    }
+
+    variable TmpSockCounter 0
+    variable ThreadCounter  0
+
+    variable reasonDict [dict create {*}{
+        100 Continue
+        101 {Switching Protocols}
+        102 Processing
+        103 {Early Hints}
+        200 OK
+        201 Created
+        202 Accepted
+        203 {Non-Authoritative Information}
+        204 {No Content}
+        205 {Reset Content}
+        206 {Partial Content}
+        207 Multi-Status
+        208 {Already Reported}
+        226 {IM Used}
+        300 {Multiple Choices}
+        301 {Moved Permanently}
+        302 Found
+        303 {See Other}
+        304 {Not Modified}
+        305 {Use Proxy}
+        306 (Unused)
+        307 {Temporary Redirect}
+        308 {Permanent Redirect}
+        400 {Bad Request}
+        401 Unauthorized
+        402 {Payment Required}
+        403 Forbidden
+        404 {Not Found}
+        405 {Method Not Allowed}
+        406 {Not Acceptable}
+        407 {Proxy Authentication Required}
+        408 {Request Timeout}
+        409 Conflict
+        410 Gone
+        411 {Length Required}
+        412 {Precondition Failed}
+        413 {Content Too Large}
+        414 {URI Too Long}
+        415 {Unsupported Media Type}
+        416 {Range Not Satisfiable}
+        417 {Expectation Failed}
+        418 (Unused)
+        421 {Misdirected Request}
+        422 {Unprocessable Content}
+        423 Locked
+        424 {Failed Dependency}
+        425 {Too Early}
+        426 {Upgrade Required}
+        428 {Precondition Required}
+        429 {Too Many Requests}
+        431 {Request Header Fields Too Large}
+        451 {Unavailable For Legal Reasons}
+        500 {Internal Server Error}
+        501 {Not Implemented}
+        502 {Bad Gateway}
+        503 {Service Unavailable}
+        504 {Gateway Timeout}
+        505 {HTTP Version Not Supported}
+        506 {Variant Also Negotiates}
+        507 {Insufficient Storage}
+        508 {Loop Detected}
+        510 {Not Extended (OBSOLETED)}
+        511 {Network Authentication Required}
+    }]
+
+    variable failedProxyValues {
+	binary
+	body
+	charset
+	coding
+	connection
+	connectionRespFlag
+	currentsize
+	host
+	http
+	httpResponse
+	meta
+	method
+	querylength
+	queryoffset
+	reasonPhrase
+	requestHeaders
+	requestLine
+	responseCode
+	state
+	status
+	tid
+	totalsize
+	transfer
+	type
+    }
+
+    namespace export geturl config reset wait formatQuery postError quoteString
+    namespace export register unregister registerError
+    namespace export requestLine requestHeaders requestHeaderValue
+    namespace export responseLine responseHeaders responseHeaderValue
+    namespace export responseCode responseBody responseInfo reasonPhrase
+    # - Legacy aliases, were never exported:
+    #     data, code, mapReply, meta, ncode
+    # - Callable from outside (e.g. from TLS) by fully-qualified name, but
+    #   not exported:
+    #     socket
+    # - Useful, but never exported (and likely to have naming collisions):
+    #     size, status, cleanup, error, init
+    #   Comments suggest that "init" can be used for re-initialisation,
+    #   although the command is undocumented.
+    # - Never exported, renamed from lower-case names:
+    #   GetTextLine, MakeTransformationChunked.
+}
+
+# http::Log --
+#
+#	Debugging output -- define this to observe HTTP/1.1 socket usage.
+#	Should echo any args received.
+#
+# Arguments:
+#     msg	Message to output
+#
+if {[info command http::Log] eq {}} {proc http::Log {args} {}}
+
+# http::register --
+#
+#     See documentation for details.
+#
+# Arguments:
+#     proto	URL protocol prefix, e.g. https
+#     port	Default port for protocol
+#     command	Command to use to create socket
+# Results:
+#     list of port and command that was registered.
+
+proc http::register {proto port command} {
+    variable urlTypes
+    set urlTypes([string tolower $proto]) [list $port $command]
+}
+
+# http::unregister --
+#
+#     Unregisters URL protocol handler
+#
+# Arguments:
+#     proto	URL protocol prefix, e.g. https
+# Results:
+#     list of port and command that was unregistered.
+
+proc http::unregister {proto} {
+    variable urlTypes
+    set lower [string tolower $proto]
+    if {![info exists urlTypes($lower)]} {
+	return -code error "unsupported url type \"$proto\""
+    }
+    set old $urlTypes($lower)
+    unset urlTypes($lower)
+    return $old
+}
+
+# http::config --
+#
+#	See documentation for details.
+#
+# Arguments:
+#	args		Options parsed by the procedure.
+# Results:
+#        TODO
+
+proc http::config {args} {
+    variable http
+    set options [lsort [array names http -*]]
+    set usage [join $options ", "]
+    if {[llength $args] == 0} {
+	set result {}
+	foreach name $options {
+	    lappend result $name $http($name)
+	}
+	return $result
+    }
+    set options [string map {- ""} $options]
+    set pat ^-(?:[join $options |])$
+    if {[llength $args] == 1} {
+	set flag [lindex $args 0]
+	if {![regexp -- $pat $flag]} {
+	    return -code error "Unknown option $flag, must be: $usage"
+	}
+	return $http($flag)
+    } elseif {[llength $args] % 2} {
+	return -code error "If more than one argument is supplied, the\
+		number of arguments must be even"
+    } else {
+	foreach {flag value} $args {
+	    if {![regexp -- $pat $flag]} {
+		return -code error "Unknown option $flag, must be: $usage"
+	    }
+	    if {($flag eq {-threadlevel}) && ($value ni {0 1 2})} {
+		return -code error {Option -threadlevel must be 0, 1 or 2}
+	    }
+	    set http($flag) $value
+	}
+	return
+    }
+}
+
+# ------------------------------------------------------------------------------
+#  Proc http::reasonPhrase
+# ------------------------------------------------------------------------------
+# Command to return the IANA-recommended "reason phrase" for a HTTP Status Code.
+# Information obtained from:
+# https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
+#
+# Arguments:
+# code        - A valid HTTP Status Code (integer from 100 to 599)
+#
+# Return Value: the reason phrase
+# ------------------------------------------------------------------------------
+
+proc http::reasonPhrase {code} {
+    variable reasonDict
+    if {![regexp -- {^[1-5][0-9][0-9]$} $code]} {
+        set msg {argument must be a three-digit integer from 100 to 599}
+        return -code error $msg
+    }
+    if {[dict exists $reasonDict $code]} {
+        set reason [dict get $reasonDict $code]
+    } else {
+        set reason Unassigned
+    }
+    return $reason
+}
+
+# http::Finish --
+#
+#	Clean up the socket and eval close time callbacks
+#
+# Arguments:
+#	token	    Connection token.
+#	errormsg    (optional) If set, forces status to error.
+#	skipCB      (optional) If set, don't call the -command callback. This
+#		    is useful when geturl wants to throw an exception instead
+#		    of calling the callback. That way, the same error isn't
+#		    reported to two places.
+#
+# Side Effects:
+#        May close the socket.
+
+proc http::Finish {token {errormsg ""} {skipCB 0}} {
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+    global errorInfo errorCode
+    set closeQueue 0
+    if {$errormsg ne ""} {
+	set state(error) [list $errormsg $errorInfo $errorCode]
+	set state(status) "error"
+    }
+    if {[info commands ${token}--EventCoroutine] ne {}} {
+	rename ${token}--EventCoroutine {}
+    }
+    if {[info commands ${token}--SocketCoroutine] ne {}} {
+	rename ${token}--SocketCoroutine {}
+    }
+    if {[info exists state(socketcoro)]} {
+        Log $token Cancel socket after-idle event (Finish)
+        after cancel $state(socketcoro)
+        unset state(socketcoro)
+    }
+
+    # Is this an upgrade request/response?
+    set upgradeResponse \
+	[expr {    [info exists state(upgradeRequest)]
+		&& $state(upgradeRequest)
+		&& [info exists state(http)]
+		&& ([ncode $token] eq {101})
+		&& [info exists state(connection)]
+		&& ("upgrade" in $state(connection))
+		&& [info exists state(upgrade)]
+		&& ("" ne $state(upgrade))
+	}]
+
+    if {  ($state(status) eq "timeout")
+       || ($state(status) eq "error")
+       || ($state(status) eq "eof")
+    } {
+	set closeQueue 1
+	set connId $state(socketinfo)
+	if {[info exists state(sock)]} {
+	    set sock $state(sock)
+	    CloseSocket $state(sock) $token
+	} else {
+            # When opening the socket and calling http::reset
+            # immediately, the socket may not yet exist.
+            # Test http-4.11 may come here.
+	}
+	if {$state(tid) ne {}} {
+            # When opening the socket in a thread, and calling http::reset
+            # immediately, the thread may still exist.
+            # Test http-4.11 may come here.
+	    thread::release $state(tid)
+	    set state(tid) {}
+	} else {
+	}
+    } elseif {$upgradeResponse} {
+	# Special handling for an upgrade request/response.
+	# - geturl ensures that this is not a "persistent" socket used for
+	#   multiple HTTP requests, so a call to KeepSocket is not needed.
+	# - Leave socket open, so a call to CloseSocket is not needed either.
+	# - Remove fileevent bindings.  The caller will set its own bindings.
+	# - THE CALLER MUST PROCESS THE UPGRADED SOCKET IN THE CALLBACK COMMAND
+	#   PASSED TO http::geturl AS -command callback.
+	catch {fileevent $state(sock) readable {}}
+	catch {fileevent $state(sock) writable {}}
+    } elseif {
+          ([info exists state(-keepalive)] && !$state(-keepalive))
+       || ([info exists state(connection)] && ("close" in $state(connection)))
+    } {
+	set closeQueue 1
+	set connId $state(socketinfo)
+	if {[info exists state(sock)]} {
+	    set sock $state(sock)
+	    CloseSocket $state(sock) $token
+	} else {
+            # When opening the socket and calling http::reset
+            # immediately, the socket may not yet exist.
+            # Test http-4.11 may come here.
+	}
+    } elseif {
+	  ([info exists state(-keepalive)] && $state(-keepalive))
+       && ([info exists state(connection)] && ("close" ni $state(connection)))
+    } {
+	KeepSocket $token
+    }
+    if {[info exists state(after)]} {
+	after cancel $state(after)
+	unset state(after)
+    }
+    if {[info exists state(-command)] && (!$skipCB)
+	    && (![info exists state(done-command-cb)])} {
+	set state(done-command-cb) yes
+	if {    [catch {namespace eval :: $state(-command) $token} err]
+	     && ($errormsg eq "")
+	} {
+	    set state(error) [list $err $errorInfo $errorCode]
+	    set state(status) error
+	}
+    }
+
+    if {    $closeQueue
+	 && [info exists socketMapping($connId)]
+	 && ($socketMapping($connId) eq $sock)
+    } {
+	http::CloseQueuedQueries $connId $token
+	# This calls Unset.  Other cases do not need the call.
+    }
+    return
+}
+
+# http::KeepSocket -
+#
+#	Keep a socket in the persistent sockets table and connect it to its next
+#	queued task if possible.  Otherwise leave it idle and ready for its next
+#	use.
+#
+#	If $socketClosing(*), then ("close" in $state(connection)) and therefore
+#	this command will not be called by Finish.
+#
+# Arguments:
+#	token	    Connection token.
+
+proc http::KeepSocket {token} {
+    variable http
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    # Keep this socket open for another request ("Keep-Alive").
+    # React if the server half-closes the socket.
+    # Discussion is in http::geturl.
+    catch {fileevent $state(sock) readable [list http::CheckEof $state(sock)]}
+
+    # The line below should not be changed in production code.
+    # It is edited by the test suite.
+    set TEST_EOF 0
+    if {$TEST_EOF} {
+	# ONLY for testing reaction to server eof.
+	# No server timeouts will be caught.
+	catch {fileevent $state(sock) readable {}}
+    }
+
+    if {    [info exists state(socketinfo)]
+	 && [info exists socketMapping($state(socketinfo))]
+    } {
+	set connId $state(socketinfo)
+	# The value "Rready" is set only here.
+	set socketRdState($connId) Rready
+
+	if {    $state(-pipeline)
+	     && [info exists socketRdQueue($connId)]
+	     && [llength $socketRdQueue($connId)]
+	} {
+	    # The usual case for pipelined responses - if another response is
+	    # queued, arrange to read it.
+	    set token3 [lindex $socketRdQueue($connId) 0]
+	    set socketRdQueue($connId) [lrange $socketRdQueue($connId) 1 end]
+
+	    #Log pipelined, GRANT read access to $token3 in KeepSocket
+	    set socketRdState($connId) $token3
+	    ReceiveResponse $token3
+
+	    # Other pipelined cases.
+	    # - The test above ensures that, for the pipelined cases in the two
+	    #   tests below, the read queue is empty.
+	    # - In those two tests, check whether the next write will be
+	    #   nonpipeline.
+	} elseif {
+		$state(-pipeline)
+	     && [info exists socketWrState($connId)]
+	     && ($socketWrState($connId) eq "peNding")
+
+	     && [info exists socketWrQueue($connId)]
+	     && [llength $socketWrQueue($connId)]
+	     && (![set token3 [lindex $socketWrQueue($connId) 0]
+		   set ${token3}(-pipeline)
+		  ]
+		)
+	} {
+	    # This case:
+	    # - Now it the time to run the "pending" request.
+	    # - The next token in the write queue is nonpipeline, and
+	    #   socketWrState has been marked "pending" (in
+	    #   http::NextPipelinedWrite or http::geturl) so a new pipelined
+	    #   request cannot jump the queue.
+	    #
+	    # Tests:
+	    # - In this case the read queue (tested above) is empty and this
+	    #   "pending" write token is in front of the rest of the write
+	    #   queue.
+	    # - The write state is not Wready and therefore appears to be busy,
+	    #   but because it is "pending" we know that it is reserved for the
+	    #   first item in the write queue, a non-pipelined request that is
+	    #   waiting for the read queue to empty.  That has now happened: so
+	    #   give that request read and write access.
+	    set conn [set ${token3}(connArgs)]
+	    #Log nonpipeline, GRANT r/w access to $token3 in KeepSocket
+	    set socketRdState($connId) $token3
+	    set socketWrState($connId) $token3
+	    set socketWrQueue($connId) [lrange $socketWrQueue($connId) 1 end]
+	    # Connect does its own fconfigure.
+	    fileevent $state(sock) writable [list http::Connect $token3 {*}$conn]
+	    #Log ---- $state(sock) << conn to $token3 for HTTP request (c)
+
+	} elseif {
+		$state(-pipeline)
+	     && [info exists socketWrState($connId)]
+	     && ($socketWrState($connId) eq "peNding")
+
+	} {
+	    # Should not come here.  The second block in the previous "elseif"
+	    # test should be tautologous (but was needed in an earlier
+	    # implementation) and will be removed after testing.
+	    # If we get here, the value "pending" was assigned in error.
+	    # This error would block the queue for ever.
+	    Log ^X$tk <<<<< Error in queueing of requests >>>>> - token $token
+
+	} elseif {
+		$state(-pipeline)
+	     && [info exists socketWrState($connId)]
+	     && ($socketWrState($connId) eq "Wready")
+
+	     && [info exists socketWrQueue($connId)]
+	     && [llength $socketWrQueue($connId)]
+	     && (![set token3 [lindex $socketWrQueue($connId) 0]
+		   set ${token3}(-pipeline)
+		  ]
+		)
+	} {
+	    # This case:
+	    # - The next token in the write queue is nonpipeline, and
+	    #   socketWrState is Wready.  Get the next event from socketWrQueue.
+	    # Tests:
+	    # - In this case the read state (tested above) is Rready and the
+	    #   write state (tested here) is Wready - there is no "pending"
+	    #   request.
+	    # Code:
+	    # - The code is the same as the code below for the nonpipelined
+	    #   case with a queued request.
+	    set conn [set ${token3}(connArgs)]
+	    #Log nonpipeline, GRANT r/w access to $token3 in KeepSocket
+	    set socketRdState($connId) $token3
+	    set socketWrState($connId) $token3
+	    set socketWrQueue($connId) [lrange $socketWrQueue($connId) 1 end]
+	    # Connect does its own fconfigure.
+	    fileevent $state(sock) writable [list http::Connect $token3 {*}$conn]
+	    #Log ---- $state(sock) << conn to $token3 for HTTP request (c)
+
+	} elseif {
+		(!$state(-pipeline))
+	     && [info exists socketWrQueue($connId)]
+	     && [llength $socketWrQueue($connId)]
+	     && ("close" ni $state(connection))
+	} {
+	    # If not pipelined, (socketRdState eq Rready) tells us that we are
+	    # ready for the next write - there is no need to check
+	    # socketWrState. Write the next request, if one is waiting.
+	    # If the next request is pipelined, it receives premature read
+	    # access to the socket. This is not a problem.
+	    set token3 [lindex $socketWrQueue($connId) 0]
+	    set conn [set ${token3}(connArgs)]
+	    #Log nonpipeline, GRANT r/w access to $token3 in KeepSocket
+	    set socketRdState($connId) $token3
+	    set socketWrState($connId) $token3
+	    set socketWrQueue($connId) [lrange $socketWrQueue($connId) 1 end]
+	    # Connect does its own fconfigure.
+	    fileevent $state(sock) writable [list http::Connect $token3 {*}$conn]
+	    #Log ---- $state(sock) << conn to $token3 for HTTP request (d)
+
+	} elseif {(!$state(-pipeline))} {
+	    set socketWrState($connId) Wready
+	    # Rready and Wready and idle: nothing to do.
+	}
+
+    } else {
+	CloseSocket $state(sock) $token
+	# There is no socketMapping($state(socketinfo)), so it does not matter
+	# that CloseQueuedQueries is not called.
+    }
+    return
+}
+
+# http::CheckEof -
+#
+#	Read from a socket and close it if eof.
+#	The command is bound to "fileevent readable" on an idle socket, and
+#	"eof" is the only event that should trigger the binding, occurring when
+#	the server times out and half-closes the socket.
+#
+#	A read is necessary so that [eof] gives a meaningful result.
+#	Any bytes sent are junk (or a bug).
+
+proc http::CheckEof {sock} {
+    set junk [read $sock]
+    set n [string length $junk]
+    if {$n} {
+	Log "WARNING: $n bytes received but no HTTP request sent"
+    }
+
+    if {[catch {eof $sock} res] || $res} {
+	# The server has half-closed the socket.
+	# If a new write has started, its transaction will fail and
+	# will then be error-handled.
+	CloseSocket $sock
+    }
+    return
+}
+
+# http::CloseSocket -
+#
+#	Close a socket and remove it from the persistent sockets table.  If
+#	possible an http token is included here but when we are called from a
+#	fileevent on remote closure we need to find the correct entry - hence
+#	the "else" block of the first "if" command.
+
+proc http::CloseSocket {s {token {}}} {
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    set tk [namespace tail $token]
+
+    catch {fileevent $s readable {}}
+    set connId {}
+    if {$token ne ""} {
+	variable $token
+	upvar 0 $token state
+	if {[info exists state(socketinfo)]} {
+	    set connId $state(socketinfo)
+	}
+    } else {
+	set map [array get socketMapping]
+	set ndx [lsearch -exact $map $s]
+	if {$ndx >= 0} {
+	    incr ndx -1
+	    set connId [lindex $map $ndx]
+	}
+    }
+    if {    ($connId ne {})
+	 && [info exists socketMapping($connId)]
+	 && ($socketMapping($connId) eq $s)
+    } {
+	Log "Closing connection $connId (sock $socketMapping($connId))"
+	if {[catch {close $socketMapping($connId)} err]} {
+	    Log "Error closing connection: $err"
+	} else {
+	}
+	if {$token eq {}} {
+	    # Cases with a non-empty token are handled by Finish, so the tokens
+	    # are finished in connection order.
+	    http::CloseQueuedQueries $connId
+	} else {
+	}
+    } else {
+	Log "Closing socket $s (no connection info)"
+	if {[catch {close $s} err]} {
+	    Log "Error closing socket: $err"
+	} else {
+	}
+    }
+    return
+}
+
+# http::CloseQueuedQueries
+#
+#	connId  - identifier "domain:port" for the connection
+#	token   - (optional) used only for logging
+#
+# Called from http::CloseSocket and http::Finish, after a connection is closed,
+# to clear the read and write queues if this has not already been done.
+
+proc http::CloseQueuedQueries {connId {token {}}} {
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    ##Log CloseQueuedQueries $connId $token
+    if {![info exists socketMapping($connId)]} {
+	# Command has already been called.
+	# Don't come here again - especially recursively.
+	return
+    }
+
+    # Used only for logging.
+    if {$token eq {}} {
+	set tk {}
+    } else {
+	set tk [namespace tail $token]
+    }
+
+    if {    [info exists socketPlayCmd($connId)]
+	 && ($socketPlayCmd($connId) ne {ReplayIfClose Wready {} {}})
+    } {
+	# Before unsetting, there is some unfinished business.
+	# - If the server sent "Connection: close", we have stored the command
+	#   for retrying any queued requests in socketPlayCmd, so copy that
+	#   value for execution below.  socketClosing(*) was also set.
+	# - Also clear the queues to prevent calls to Finish that would set the
+	#   state for the requests that will be retried to "finished with error
+	#   status".
+	# - At this stage socketPhQueue is empty.
+	set unfinished $socketPlayCmd($connId)
+	set socketRdQueue($connId) {}
+	set socketWrQueue($connId) {}
+    } else {
+	set unfinished {}
+    }
+
+    Unset $connId
+
+    if {$unfinished ne {}} {
+	Log ^R$tk Any unfinished transactions (excluding $token) failed \
+		- token $token - unfinished $unfinished
+	{*}$unfinished
+	# Calls ReplayIfClose.
+    }
+    return
+}
+
+# http::Unset
+#
+#	The trace on "unset socketRdState(*)" will call CancelReadPipeline
+#	and cancel any queued responses.
+#	The trace on "unset socketWrState(*)" will call CancelWritePipeline
+#	and cancel any queued requests.
+
+proc http::Unset {connId} {
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    unset socketMapping($connId)
+    unset socketRdState($connId)
+    unset socketWrState($connId)
+    unset -nocomplain socketRdQueue($connId)
+    unset -nocomplain socketWrQueue($connId)
+    unset -nocomplain socketClosing($connId)
+    unset -nocomplain socketPlayCmd($connId)
+    unset -nocomplain socketProxyId($connId)
+    return
+}
+
+# http::reset --
+#
+#	See documentation for details.
+#
+# Arguments:
+#	token	Connection token.
+#	why	Status info.
+#
+# Side Effects:
+#        See Finish
+
+proc http::reset {token {why reset}} {
+    variable $token
+    upvar 0 $token state
+    set state(status) $why
+    catch {fileevent $state(sock) readable {}}
+    catch {fileevent $state(sock) writable {}}
+    Finish $token
+    if {[info exists state(error)]} {
+	set errorlist $state(error)
+	unset state
+	eval ::error $errorlist
+	# i.e. error msg errorInfo errorCode
+    }
+    return
+}
+
+# http::geturl --
+#
+#	Establishes a connection to a remote url via http.
+#
+# Arguments:
+#	url		The http URL to goget.
+#	args		Option value pairs. Valid options include:
+#				-blocksize, -validate, -headers, -timeout
+# Results:
+#	Returns a token for this connection. This token is the name of an
+#	array that the caller should unset to garbage collect the state.
+
+proc http::geturl {url args} {
+    variable urlTypes
+
+    # - If ::tls::socketCmd has its default value "::socket", change it to the
+    #   new value ::http::socketForTls.
+    # - If the old value is different, then it has been modified either by the
+    #   script or by the Tcl installation, and replaced by a new command.  The
+    #   script or installation that modified ::tls::socketCmd is also
+    #   responsible for integrating ::http::socketForTls into its own "new"
+    #   command, if it wishes to do so.
+    # - Commands that open a socket:
+    #   - ::socket             - basic
+    #   - ::http::socket       - can use a thread to avoid blockage by slow DNS
+    #                            lookup.  See http::config option -threadlevel.
+    #   - ::http::socketForTls - as ::http::socket, but can also open a socket
+    #                            for HTTPS/TLS through a proxy.
+
+    if {[info exists ::tls::socketCmd] && ($::tls::socketCmd eq {::socket})} {
+        set ::tls::socketCmd ::http::socketForTls
+    }
+
+    set token [CreateToken $url {*}$args]
+    variable $token
+    upvar 0 $token state
+
+    AsyncTransaction $token
+
+    # --------------------------------------------------------------------------
+    # Synchronous Call to http::geturl
+    # --------------------------------------------------------------------------
+    # - If the call to http::geturl is asynchronous, it is now complete (apart
+    #   from delivering the return value).
+    # - If the call to http::geturl is synchronous, the command must now wait
+    #   for the HTTP transaction to be completed.  The call to http::wait uses
+    #   vwait, which may be inappropriate if the caller makes other HTTP
+    #   requests in the background.
+    # --------------------------------------------------------------------------
+
+    if {![info exists state(-command)]} {
+	# geturl does EVERYTHING asynchronously, so if the user
+	# calls it synchronously, we just do a wait here.
+	http::wait $token
+
+	if {![info exists state]} {
+	    # If we timed out then Finish has been called and the users
+	    # command callback may have cleaned up the token. If so we end up
+	    # here with nothing left to do.
+	    return $token
+	} elseif {$state(status) eq "error"} {
+	    # Something went wrong while trying to establish the connection.
+	    # Clean up after events and such, but DON'T call the command
+	    # callback (if available) because we're going to throw an
+	    # exception from here instead.
+	    set err [lindex $state(error) 0]
+	    cleanup $token
+	    return -code error $err
+	}
+    }
+
+    return $token
+}
+
+# ------------------------------------------------------------------------------
+#  Proc http::CreateToken
+# ------------------------------------------------------------------------------
+# Command to convert arguments into an initialised request token.
+# The return value is the variable name of the token.
+#
+# Other effects:
+# - Sets ::http::http(usingThread) if not already done
+# - Sets ::http::http(uid) if not already done
+# - Increments ::http::http(uid)
+# - May increment ::http::TmpSockCounter
+# - Alters ::http::socketPlayCmd, ::http::socketWrQueue if a -keepalive 1
+#   request is appended to the queue of a persistent socket that is already
+#   scheduled to close.
+#   This also sets state(alreadyQueued) to 1.
+# - Alters ::http::socketPhQueue if a -keepalive 1 request is appended to the
+#   queue of a persistent socket that has not yet been created (and is therefore
+#   represented by a placeholder).
+#   This also sets state(ReusingPlaceholder) to 1.
+# ------------------------------------------------------------------------------
+
+proc http::CreateToken {url args} {
+    variable http
+    variable urlTypes
+    variable defaultCharset
+    variable defaultKeepalive
+    variable strict
+    variable TmpSockCounter
+
+    # Initialize the state variable, an array. We'll return the name of this
+    # array as the token for the transaction.
+
+    if {![info exists http(usingThread)]} {
+	set http(usingThread) 0
+    }
+    if {![info exists http(uid)]} {
+	set http(uid) 0
+    }
+    set token [namespace current]::[incr http(uid)]
+    ##Log Starting http::geturl - token $token
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    reset $token
+    Log ^A$tk URL $url - token $token
+
+    # Process command options.
+
+    array set state {
+	-binary		false
+	-blocksize	8192
+	-queryblocksize 8192
+	-validate	0
+	-headers	{}
+	-timeout	0
+	-type		application/x-www-form-urlencoded
+	-queryprogress	{}
+	-protocol	1.1
+	-guesstype      0
+	binary		0
+	state		created
+	meta		{}
+	method		{}
+	coding		{}
+	currentsize	0
+	totalsize	0
+	querylength	0
+	queryoffset	0
+	type		application/octet-stream
+	body		{}
+	status		""
+	http		""
+	httpResponse    {}
+	responseCode    {}
+	reasonPhrase    {}
+	connection	keep-alive
+	tid             {}
+	requestHeaders  {}
+	requestLine     {}
+	transfer        {}
+	proxyUsed       none
+    }
+    set state(-keepalive) $defaultKeepalive
+    set state(-strict) $strict
+    # These flags have their types verified [Bug 811170]
+    array set type {
+	-binary		boolean
+	-blocksize	integer
+	-guesstype      boolean
+	-queryblocksize integer
+	-strict		boolean
+	-timeout	integer
+	-validate	boolean
+	-headers	list
+    }
+    set state(charset)	$defaultCharset
+    set options {
+	-binary -blocksize -channel -command -guesstype -handler -headers -keepalive
+	-method -myaddr -progress -protocol -query -queryblocksize
+	-querychannel -queryprogress -strict -timeout -type -validate
+    }
+    set usage [join [lsort $options] ", "]
+    set options [string map {- ""} $options]
+    set pat ^-(?:[join $options |])$
+    foreach {flag value} $args {
+	if {[regexp -- $pat $flag]} {
+	    # Validate numbers
+	    if {    [info exists type($flag)]
+	        && (![string is $type($flag) -strict $value])
+	    } {
+		unset $token
+		return -code error \
+		    "Bad value for $flag ($value), must be $type($flag)"
+	    }
+	    if {($flag eq "-headers") && ([llength $value] % 2 != 0)} {
+		unset $token
+		return -code error "Bad value for $flag ($value), number\
+			of list elements must be even"
+	    }
+	    set state($flag) $value
+	} else {
+	    unset $token
+	    return -code error "Unknown option $flag, can be: $usage"
+	}
+    }
+
+    # Make sure -query and -querychannel aren't both specified
+
+    set isQueryChannel [info exists state(-querychannel)]
+    set isQuery [info exists state(-query)]
+    if {$isQuery && $isQueryChannel} {
+	unset $token
+	return -code error "Can't combine -query and -querychannel options!"
+    }
+
+    # Validate URL, determine the server host and port, and check proxy case
+    # Recognize user:pass@host URLs also, although we do not do anything with
+    # that info yet.
+
+    # URLs have basically four parts.
+    # First, before the colon, is the protocol scheme (e.g. http)
+    # Second, for HTTP-like protocols, is the authority
+    #	The authority is preceded by // and lasts up to (but not including)
+    #	the following / or ? and it identifies up to four parts, of which
+    #	only one, the host, is required (if an authority is present at all).
+    #	All other parts of the authority (user name, password, port number)
+    #	are optional.
+    # Third is the resource name, which is split into two parts at a ?
+    #	The first part (from the single "/" up to "?") is the path, and the
+    #	second part (from that "?" up to "#") is the query. *HOWEVER*, we do
+    #	not need to separate them; we send the whole lot to the server.
+    #	Both, path and query are allowed to be missing, including their
+    #	delimiting character.
+    # Fourth is the fragment identifier, which is everything after the first
+    #	"#" in the URL. The fragment identifier MUST NOT be sent to the server
+    #	and indeed, we don't bother to validate it (it could be an error to
+    #	pass it in here, but it's cheap to strip).
+    #
+    # An example of a URL that has all the parts:
+    #
+    #     http://jschmoe:xyzzy@www.bogus.net:8000/foo/bar.tml?q=foo#changes
+    #
+    # The "http" is the protocol, the user is "jschmoe", the password is
+    # "xyzzy", the host is "www.bogus.net", the port is "8000", the path is
+    # "/foo/bar.tml", the query is "q=foo", and the fragment is "changes".
+    #
+    # Note that the RE actually combines the user and password parts, as
+    # recommended in RFC 3986. Indeed, that RFC states that putting passwords
+    # in URLs is a Really Bad Idea, something with which I would agree utterly.
+    # RFC 9110 Sec 4.2.4 goes further than this, and deprecates the format
+    # "user:password@".  It is retained here for backward compatibility,
+    # but its use is not recommended.
+    #
+    # From a validation perspective, we need to ensure that the parts of the
+    # URL that are going to the server are correctly encoded.  This is only
+    # done if $state(-strict) is true (inherited from $::http::strict).
+
+    set URLmatcher {(?x)		# this is _expanded_ syntax
+	^
+	(?: (\w+) : ) ?			# <protocol scheme>
+	(?: //
+	    (?:
+		(
+		    [^@/\#?]+		# <userinfo part of authority>
+		) @
+	    )?
+	    (				# <host part of authority>
+		[^/:\#?]+ |		# host name or IPv4 address
+		\[ [^/\#?]+ \]		# IPv6 address in square brackets
+	    )
+	    (?: : (\d+) )?		# <port part of authority>
+	)?
+	( [/\?] [^\#]*)?		# <path> (including query)
+	(?: \# (.*) )?			# <fragment>
+	$
+    }
+
+    # Phase one: parse
+    if {![regexp -- $URLmatcher $url -> proto user host port srvurl]} {
+	unset $token
+	return -code error "Unsupported URL: $url"
+    }
+    # Phase two: validate
+    set host [string trim $host {[]}]; # strip square brackets from IPv6 address
+    if {$host eq ""} {
+	# Caller has to provide a host name; we do not have a "default host"
+	# that would enable us to handle relative URLs.
+	unset $token
+	return -code error "Missing host part: $url"
+	# Note that we don't check the hostname for validity here; if it's
+	# invalid, we'll simply fail to resolve it later on.
+    }
+    if {$port ne "" && $port > 65535} {
+	unset $token
+	return -code error "Invalid port number: $port"
+    }
+    # The user identification and resource identification parts of the URL can
+    # have encoded characters in them; take care!
+    if {$user ne ""} {
+	# Check for validity according to RFC 3986, Appendix A
+	set validityRE {(?xi)
+	    ^
+	    (?: [-\w.~!$&'()*+,;=:] | %[0-9a-f][0-9a-f] )+
+	    $
+	}
+	if {$state(-strict) && ![regexp -- $validityRE $user]} {
+	    unset $token
+	    # Provide a better error message in this error case
+	    if {[regexp {(?i)%(?![0-9a-f][0-9a-f]).?.?} $user bad]} {
+		return -code error \
+			"Illegal encoding character usage \"$bad\" in URL user"
+	    }
+	    return -code error "Illegal characters in URL user"
+	}
+    }
+    if {$srvurl ne ""} {
+	# RFC 3986 allows empty paths (not even a /), but servers
+	# return 400 if the path in the HTTP request doesn't start
+	# with / , so add it here if needed.
+	if {[string index $srvurl 0] ne "/"} {
+	    set srvurl /$srvurl
+	}
+	# Check for validity according to RFC 3986, Appendix A
+	set validityRE {(?xi)
+	    ^
+	    # Path part (already must start with / character)
+	    (?:	      [-\w.~!$&'()*+,;=:@/]  | %[0-9a-f][0-9a-f] )*
+	    # Query part (optional, permits ? characters)
+	    (?: \? (?: [-\w.~!$&'()*+,;=:@/?] | %[0-9a-f][0-9a-f] )* )?
+	    $
+	}
+	if {$state(-strict) && ![regexp -- $validityRE $srvurl]} {
+	    unset $token
+	    # Provide a better error message in this error case
+	    if {[regexp {(?i)%(?![0-9a-f][0-9a-f])..} $srvurl bad]} {
+		return -code error \
+		    "Illegal encoding character usage \"$bad\" in URL path"
+	    }
+	    return -code error "Illegal characters in URL path"
+	}
+	if {![regexp {^[^?#]+} $srvurl state(path)]} {
+	    set state(path) /
+	}
+    } else {
+	set srvurl /
+	set state(path) /
+    }
+    if {$proto eq ""} {
+	set proto http
+    }
+    set lower [string tolower $proto]
+    if {![info exists urlTypes($lower)]} {
+	unset $token
+	return -code error "Unsupported URL type \"$proto\""
+    }
+    set defport [lindex $urlTypes($lower) 0]
+    set defcmd [lindex $urlTypes($lower) 1]
+
+    if {$port eq ""} {
+	set port $defport
+    }
+    if {![catch {$http(-proxyfilter) $host} proxy]} {
+	set phost [lindex $proxy 0]
+	set pport [lindex $proxy 1]
+    } else {
+	set phost {}
+	set pport {}
+    }
+
+    # OK, now reassemble into a full URL
+    set url ${proto}://
+    if {$user ne ""} {
+	append url $user
+	append url @
+    }
+    append url $host
+    if {$port != $defport} {
+	append url : $port
+    }
+    append url $srvurl
+    # Don't append the fragment! RFC 7230 Sec 5.1
+    set state(url) $url
+
+    # Proxy connections aren't shared among different hosts.
+    set state(socketinfo) $host:$port
+
+    # Save the accept types at this point to prevent a race condition. [Bug
+    # c11a51c482]
+    set state(accept-types) $http(-accept)
+
+    # Check whether this is an Upgrade request.
+    set connectionValues [SplitCommaSeparatedFieldValue \
+			      [GetFieldValue $state(-headers) Connection]]
+    set connectionValues [string tolower $connectionValues]
+    set upgradeValues [SplitCommaSeparatedFieldValue \
+			   [GetFieldValue $state(-headers) Upgrade]]
+    set state(upgradeRequest) [expr {    "upgrade" in $connectionValues
+				      && [llength $upgradeValues] >= 1}]
+    set state(connectionValues) $connectionValues
+
+    if {$isQuery || $isQueryChannel} {
+	# It's a POST.
+	# A client wishing to send a non-idempotent request SHOULD wait to send
+	# that request until it has received the response status for the
+	# previous request.
+	if {$http(-postfresh)} {
+	    # Override -keepalive for a POST.  Use a new connection, and thus
+	    # avoid the small risk of a race against server timeout.
+	    set state(-keepalive) 0
+	} else {
+	    # Allow -keepalive but do not -pipeline - wait for the previous
+	    # transaction to finish.
+	    # There is a small risk of a race against server timeout.
+	    set state(-pipeline) 0
+	}
+    } elseif {$state(upgradeRequest)} {
+	# It's an upgrade request.  Method must be GET (untested).
+	# Force -keepalive to 0 so the connection is not made over a persistent
+	# socket, i.e. one used for multiple HTTP requests.
+	set state(-keepalive) 0
+    } else {
+	# It's a non-upgrade GET or HEAD.
+	set state(-pipeline) $http(-pipeline)
+    }
+
+    # We cannot handle chunked encodings with -handler, so force HTTP/1.0
+    # until we can manage this.
+    if {[info exists state(-handler)]} {
+	set state(-protocol) 1.0
+    }
+
+    # RFC 7320 A.1 - HTTP/1.0 Keep-Alive is problematic. We do not support it.
+    if {$state(-protocol) eq "1.0"} {
+	set state(connection) close
+	set state(-keepalive) 0
+    }
+
+    # Handle proxy requests here for http:// but not for https://
+    # The proxying for https is done in the ::http::socketForTls command.
+    # A proxy request for http:// needs the full URL in the HTTP request line,
+    # including the server name.
+    # The *tls* test below attempts to describe protocols in addition to
+    # "https on port 443" that use HTTP over TLS.
+    if {($phost ne "") && (![string match -nocase *tls* $defcmd])} {
+	set srvurl $url
+	set targetAddr [list $phost $pport]
+	set state(proxyUsed) HttpProxy
+	# The value of state(proxyUsed) none|HttpProxy depends only on the
+	# all-transactions http::config settings and on the target URL.
+	# Even if this is a persistent socket there is no need to change the
+	# value of state(proxyUsed) for other transactions that use the socket:
+	# they have the same value already.
+    } else {
+	set targetAddr [list $host $port]
+    }
+
+    set sockopts [list -async]
+
+    # Pass -myaddr directly to the socket command
+    if {[info exists state(-myaddr)]} {
+	lappend sockopts -myaddr $state(-myaddr)
+    }
+
+    set state(connArgs) [list $proto $phost $srvurl]
+    set state(openCmd) [list {*}$defcmd {*}$sockopts -type $token {*}$targetAddr]
+
+    # See if we are supposed to use a previously opened channel.
+    # - In principle, ANY call to http::geturl could use a previously opened
+    #   channel if it is available - the "Connection: keep-alive" header is a
+    #   request to leave the channel open AFTER completion of this call.
+    # - In fact, we try to use an existing channel only if -keepalive 1 -- this
+    #   means that at most one channel is left open for each value of
+    #   $state(socketinfo). This property simplifies the mapping of open
+    #   channels.
+    set reusing 0
+    set state(alreadyQueued) 0
+    set state(ReusingPlaceholder) 0
+    if {$state(-keepalive)} {
+	variable socketMapping
+	variable socketRdState
+	variable socketWrState
+	variable socketRdQueue
+	variable socketWrQueue
+	variable socketPhQueue
+	variable socketClosing
+	variable socketPlayCmd
+	variable socketCoEvent
+	variable socketProxyId
+
+	if {[info exists socketMapping($state(socketinfo))]} {
+	    # - If the connection is idle, it has a "fileevent readable" binding
+	    #   to http::CheckEof, in case the server times out and half-closes
+	    #   the socket (http::CheckEof closes the other half).
+	    # - We leave this binding in place until just before the last
+	    #   puts+flush in http::Connected (GET/HEAD) or http::Write (POST),
+	    #   after which the HTTP response might be generated.
+
+	    if {    [info exists socketClosing($state(socketinfo))]
+		       && $socketClosing($state(socketinfo))
+	    } {
+		# socketClosing(*) is set because the server has sent a
+		# "Connection: close" header.
+		# Do not use the persistent socket again.
+		# Since we have only one persistent socket per server, and the
+		# old socket is not yet dead, add the request to the write queue
+		# of the dying socket, which will be replayed by ReplayIfClose.
+		# Also add it to socketWrQueue(*) which is used only if an error
+		# causes a call to Finish.
+		set reusing 1
+		set sock $socketMapping($state(socketinfo))
+		set state(proxyUsed) $socketProxyId($state(socketinfo))
+		Log "reusing closing socket $sock for $state(socketinfo) - token $token"
+
+		set state(alreadyQueued) 1
+		lassign $socketPlayCmd($state(socketinfo)) com0 com1 com2 com3
+		lappend com3 $token
+		set socketPlayCmd($state(socketinfo)) [list $com0 $com1 $com2 $com3]
+		lappend socketWrQueue($state(socketinfo)) $token
+		##Log socketPlayCmd($state(socketinfo)) is $socketPlayCmd($state(socketinfo))
+		##Log socketWrQueue($state(socketinfo)) is $socketWrQueue($state(socketinfo))
+	    } elseif {
+		   [catch {fconfigure $socketMapping($state(socketinfo))}]
+		&& (![SockIsPlaceHolder $socketMapping($state(socketinfo))])
+	    } {
+		###Log "Socket $socketMapping($state(socketinfo)) for $state(socketinfo)"
+		# FIXME Is it still possible for this code to be executed? If
+		#       so, this could be another place to call TestForReplay,
+		#       rather than discarding the queued transactions.
+		Log "WARNING: socket for $state(socketinfo) was closed\
+			- token $token"
+		Log "WARNING - if testing, pay special attention to this\
+			case (GH) which is seldom executed - token $token"
+
+		# This will call CancelReadPipeline, CancelWritePipeline, and
+		# cancel any queued requests, responses.
+		Unset $state(socketinfo)
+	    } else {
+		# Use the persistent socket.
+		# - The socket may not be ready to write: an earlier request might
+		#   still be still writing (in the pipelined case) or
+		#   writing/reading (in the nonpipeline case). This possibility
+		#   is handled by socketWrQueue later in this command.
+		# - The socket may not yet exist, and be defined with a placeholder.
+		set reusing 1
+		set sock $socketMapping($state(socketinfo))
+		set state(proxyUsed) $socketProxyId($state(socketinfo))
+		if {[SockIsPlaceHolder $sock]} {
+		    set state(ReusingPlaceholder) 1
+		    lappend socketPhQueue($sock) $token
+		} else {
+		}
+		Log "reusing open socket $sock for $state(socketinfo) - token $token"
+	    }
+	    # Do not automatically close the connection socket.
+	    set state(connection) keep-alive
+	}
+    }
+
+    set state(reusing) $reusing
+    unset reusing
+
+    if {![info exists sock]} {
+        # N.B. At this point ([info exists sock] == $state(reusing)).
+        # This will no longer be true after we set a value of sock here.
+	# Give the socket a placeholder name.
+	set sock HTTP_PLACEHOLDER_[incr TmpSockCounter]
+    }
+    set state(sock) $sock
+
+    if {$state(reusing)} {
+	# Define these for use (only) by http::ReplayIfDead if the persistent
+	# connection has died.
+	set state(tmpConnArgs) $state(connArgs)
+	set state(tmpState) [array get state]
+	set state(tmpOpenCmd) $state(openCmd)
+    }
+    return $token
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc ::http::SockIsPlaceHolder
+# ------------------------------------------------------------------------------
+# Command to return 0 if the argument is a genuine socket handle, or 1 if is a
+# placeholder value generated by geturl or ReplayCore before the real socket is
+# created.
+#
+# Arguments:
+# sock        - either a valid socket handle or a placeholder value
+#
+# Return Value: 0 or 1
+# ------------------------------------------------------------------------------
+
+proc http::SockIsPlaceHolder {sock} {
+    expr {[string range $sock 0 16] eq {HTTP_PLACEHOLDER_}}
+}
+
+
+# ------------------------------------------------------------------------------
+# state(reusing)
+# ------------------------------------------------------------------------------
+# - state(reusing) is set by geturl, ReplayCore
+# - state(reusing) is used by geturl, AsyncTransaction, OpenSocket,
+#   ConfigureNewSocket, and ScheduleRequest when creating and configuring the
+#   connection.
+# - state(reusing) is used by Connect, Connected, Event x 2 when deciding
+#   whether to call TestForReplay.
+# - Other places where state(reusing) is used:
+#   - Connected   - if reusing and not pipelined, start the state(-timeout)
+#                   timeout (when writing).
+#   - DoneRequest - if reusing and pipelined, send the next pipelined write
+#   - Event       - if reusing and pipelined, start the state(-timeout)
+#                   timeout (when reading).
+#   - Event       - if (not reusing) and pipelined, send the next pipelined
+#                   write.
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::AsyncTransaction
+# ------------------------------------------------------------------------------
+# This command is called by geturl and ReplayCore to prepare the HTTP
+# transaction prescribed by a suitably prepared token.
+#
+# Arguments:
+# token         - connection token (name of an array)
+#
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+proc http::AsyncTransaction {token} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    set sock $state(sock)
+
+    # See comments above re the start of this timeout in other cases.
+    if {(!$state(reusing)) && ($state(-timeout) > 0)} {
+	set state(after) [after $state(-timeout) \
+		[list http::reset $token timeout]]
+    }
+
+    if {    $state(-keepalive)
+	 && (![info exists socketMapping($state(socketinfo))])
+    } {
+	# This code is executed only for the first -keepalive request on a
+	# socket.  It makes the socket persistent.
+	##Log "  PreparePersistentConnection" $token -- $sock -- DO
+        set DoLater [PreparePersistentConnection $token]
+    } else {
+        ##Log "  PreparePersistentConnection" $token -- $sock -- SKIP
+        set DoLater {-traceread 0 -tracewrite 0}
+    }
+
+    if {$state(ReusingPlaceholder)} {
+        # - This request was added to the socketPhQueue of a persistent
+        #   connection.
+        # - But the connection has not yet been created and is a placeholder;
+        # - And the placeholder was created by an earlier request.
+        # - When that earlier request calls OpenSocket, its placeholder is
+        #   replaced with a true socket, and it then executes the equivalent of
+        #   OpenSocket for any subsequent requests that have
+        #   $state(ReusingPlaceholder).
+        Log >J$tk after idle coro NO - ReusingPlaceholder
+    } elseif {$state(alreadyQueued)} {
+        # - This request was added to the socketWrQueue and socketPlayCmd
+        #   of a persistent connection that will close at the end of its current
+        #   read operation.
+        Log >J$tk after idle coro NO - alreadyQueued
+    } else {
+        Log >J$tk after idle coro YES
+        set CoroName ${token}--SocketCoroutine
+        set cancel [after idle [list coroutine $CoroName ::http::OpenSocket \
+                $token $DoLater]]
+        dict set socketCoEvent($state(socketinfo)) $token $cancel
+        set state(socketcoro) $cancel
+    }
+
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::PreparePersistentConnection
+# ------------------------------------------------------------------------------
+# This command is called by AsyncTransaction to initialise a "persistent
+# connection" based upon a socket placeholder.  It is called the first time the
+# socket is associated with a "-keepalive" request.
+#
+# Arguments:
+# token         - connection token (name of an array)
+#
+# Return Value: - DoLater, a dictionary of boolean values listing unfinished
+#                 tasks; to be passed to ConfigureNewSocket via OpenSocket.
+# ------------------------------------------------------------------------------
+
+proc http::PreparePersistentConnection {token} {
+    variable $token
+    upvar 0 $token state
+
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    set DoLater {-traceread 0 -tracewrite 0}
+    set socketMapping($state(socketinfo)) $state(sock)
+    set socketProxyId($state(socketinfo)) $state(proxyUsed)
+    # - The value of state(proxyUsed) was set in http::CreateToken to either
+    #   "none" or "HttpProxy".
+    # - $token is the first transaction to use this placeholder, so there are
+    #   no other tokens whose (proxyUsed) must be modified.
+
+    if {![info exists socketRdState($state(socketinfo))]} {
+        set socketRdState($state(socketinfo)) {}
+        # set varName ::http::socketRdState($state(socketinfo))
+        # trace add variable $varName unset ::http::CancelReadPipeline
+        dict set DoLater -traceread 1
+    }
+    if {![info exists socketWrState($state(socketinfo))]} {
+        set socketWrState($state(socketinfo)) {}
+        # set varName ::http::socketWrState($state(socketinfo))
+        # trace add variable $varName unset ::http::CancelWritePipeline
+        dict set DoLater -tracewrite 1
+    }
+
+    if {$state(-pipeline)} {
+        #Log new, init for pipelined, GRANT write access to $token in geturl
+        # Also grant premature read access to the socket. This is OK.
+        set socketRdState($state(socketinfo)) $token
+        set socketWrState($state(socketinfo)) $token
+    } else {
+        # socketWrState is not used by this non-pipelined transaction.
+        # We cannot leave it as "Wready" because the next call to
+        # http::geturl with a pipelined transaction would conclude that the
+        # socket is available for writing.
+        #Log new, init for nonpipeline, GRANT r/w access to $token in geturl
+        set socketRdState($state(socketinfo)) $token
+        set socketWrState($state(socketinfo)) $token
+    }
+
+    # Value of socketPhQueue() may have already been set by ReplayCore.
+    if {![info exists socketPhQueue($state(sock))]} {
+        set socketPhQueue($state(sock))   {}
+    }
+    set socketRdQueue($state(socketinfo)) {}
+    set socketWrQueue($state(socketinfo)) {}
+    set socketClosing($state(socketinfo)) 0
+    set socketPlayCmd($state(socketinfo)) {ReplayIfClose Wready {} {}}
+    set socketCoEvent($state(socketinfo)) {}
+    set socketProxyId($state(socketinfo)) {}
+
+    return $DoLater
+}
+
+# ------------------------------------------------------------------------------
+#  Proc ::http::OpenSocket
+# ------------------------------------------------------------------------------
+# This command is called as a coroutine idletask to start the asynchronous HTTP
+# transaction in most cases.  For the exceptions, see the calling code in
+# command AsyncTransaction.
+#
+# Arguments:
+# token       - connection token (name of an array)
+# DoLater     - dictionary of boolean values listing unfinished tasks
+#
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+proc http::OpenSocket {token DoLater} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    Log >K$tk Start OpenSocket coroutine
+
+    if {![info exists state(-keepalive)]} {
+        # The request has already been cancelled by the calling script.
+        return
+    }
+
+    set sockOld $state(sock)
+
+    dict unset socketCoEvent($state(socketinfo)) $token
+    unset -nocomplain state(socketcoro)
+
+    if {[catch {
+        if {$state(reusing)} {
+	    # If ($state(reusing)) is true, then we do not need to create a new
+	    # socket, even if $sockOld is only a placeholder for a socket.
+            set sock $sockOld
+        } else {
+	    # set sock in the [catch] below.
+	    set pre [clock milliseconds]
+	    ##Log pre socket opened, - token $token
+	    ##Log $state(openCmd) - token $token
+	    set sock [namespace eval :: $state(openCmd)]
+	    set state(sock) $sock
+	    # Normal return from $state(openCmd) always returns a valid socket.
+	    # A TLS proxy connection with 407 or other failure from the
+	    # proxy server raises an error.
+
+	    # Initialisation of a new socket.
+	    ##Log post socket opened, - token $token
+	    ##Log socket opened, now fconfigure - token $token
+	    set delay [expr {[clock milliseconds] - $pre}]
+	    if {$delay > 3000} {
+		Log socket delay $delay - token $token
+	    }
+	    fconfigure $sock -translation {auto crlf} \
+			     -buffersize $state(-blocksize)
+	    if {[package vsatisfies [package provide Tcl] 9.0-]} {
+		fconfigure $sock -profile tcl8
+	    }
+	    ##Log socket opened, DONE fconfigure - token $token
+        }
+
+        Log "Using $sock for $state(socketinfo) - token $token" \
+	    [expr {$state(-keepalive)?"keepalive":""}]
+
+        # Code above has set state(sock) $sock
+        ConfigureNewSocket $token $sockOld $DoLater
+        ##Log OpenSocket success $sock - token $token
+    } result errdict]} {
+	##Log OpenSocket failed $result - token $token
+	# There may be other requests in the socketPhQueue.
+	# Prepare socketPlayCmd so that Finish will replay them.
+	if {    ($state(-keepalive)) && (!$state(reusing))
+	     && [info exists socketPhQueue($sockOld)]
+	     && ($socketPhQueue($sockOld) ne {})
+	} {
+	    if {$socketMapping($state(socketinfo)) ne $sockOld} {
+		Log "WARNING: this code should not be reached.\
+			{$socketMapping($state(socketinfo)) ne $sockOld}"
+	    }
+	    set socketPlayCmd($state(socketinfo)) [list ReplayIfClose Wready {} $socketPhQueue($sockOld)]
+	    set socketPhQueue($sockOld) {}
+	}
+        if {[string range $result 0 20] eq {proxy connect failed:}} {
+	    # - The HTTPS proxy did not create a socket.  The pre-existing value
+	    #   (a "placeholder socket") is unchanged.
+	    # - The proxy returned a valid HTTP response to the failed CONNECT
+	    #   request, and http::SecureProxyConnect copied this to $token,
+	    #   and also set ${token}(connection) set to "close".
+	    # - Remove the error message $result so that Finish delivers this
+	    #   HTTP response to the caller.
+	    set result {}
+	}
+	Finish $token $result
+	# Because socket creation failed, the placeholder "socket" must be
+	# "closed" and (if persistent) removed from the persistent sockets
+	# table.  In the {proxy connect failed:} case Finish does this because
+	# the value of ${token}(connection) is "close". In the other cases here,
+	# it does so because $result is non-empty.
+    }
+    ##Log Leaving http::OpenSocket coroutine [info coroutine] - token $token
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc ::http::ConfigureNewSocket
+# ------------------------------------------------------------------------------
+# Command to initialise a newly-created socket.  Called only from OpenSocket.
+#
+# This command is called by OpenSocket whenever a genuine socket (sockNew) has
+# been opened for for use by HTTP.  It does two things:
+# (1) If $token uses a placeholder socket, this command replaces the placeholder
+#     socket with the real socket, not only in $token but in all other requests
+#     that use the same placeholder.
+# (2) It calls ScheduleRequest to schedule each request that uses the socket.
+#
+#
+# Value of sockOld/sockNew can be "sock" (genuine socket) or "ph" (placeholder).
+# sockNew is ${token}(sock)
+# sockOld   sockNew  CASES
+#  sock       sock   (if $reusing, and sockOld is sock)
+#  ph         sock   (if (not $reusing), and sockOld is ph)
+#  ph         ph     (if $reusing, and sockOld is ph) - not called in this case
+#  sock       ph     (cannot occur unless a bug)      - not called in this case
+#                    (if (not $reusing), and sockOld is sock) - illogical
+#
+# Arguments:
+# token         - connection token (name of an array)
+# sockOld       - handle or placeholder used for a socket before the call to
+#                 OpenSocket
+# DoLater       - dictionary of boolean values listing unfinished tasks
+#
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+proc http::ConfigureNewSocket {token sockOld DoLater} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    set reusing $state(reusing)
+    set sock $state(sock)
+    set proxyUsed $state(proxyUsed)
+    ##Log "  ConfigureNewSocket" $token $sockOld ... -- $reusing $sock $proxyUsed
+
+    if {(!$reusing) && ($sock ne $sockOld)} {
+        # Replace the placeholder value sockOld with sock.
+
+        if {    [info exists socketMapping($state(socketinfo))]
+             && ($socketMapping($state(socketinfo)) eq $sockOld)
+        } {
+            set socketMapping($state(socketinfo)) $sock
+            set socketProxyId($state(socketinfo)) $proxyUsed
+            # tokens that use the placeholder $sockOld are updated below.
+            ##Log set socketMapping($state(socketinfo)) $sock
+        }
+
+        # Now finish any tasks left over from PreparePersistentConnection on
+        # the connection.
+        #
+        # The "unset" traces are fired by init (clears entire arrays), and
+        # by http::Unset.
+        # Unset is called by CloseQueuedQueries and (possibly never) by geturl.
+        #
+        # CancelReadPipeline, CancelWritePipeline call http::Finish for each
+        # token.
+        #
+        # FIXME If Finish is placeholder-aware, these traces can be set earlier,
+        # in PreparePersistentConnection.
+
+        if {[dict get $DoLater -traceread]} {
+	    set varName ::http::socketRdState($state(socketinfo))
+	    trace add variable $varName unset ::http::CancelReadPipeline
+        }
+        if {[dict get $DoLater -tracewrite]} {
+	    set varName ::http::socketWrState($state(socketinfo))
+	    trace add variable $varName unset ::http::CancelWritePipeline
+        }
+    }
+
+    # Do this in all cases.
+    ScheduleRequest $token
+
+    # Now look at all other tokens that use the placeholder $sockOld.
+    if {    (!$reusing)
+         && ($sock ne $sockOld)
+         && [info exists socketPhQueue($sockOld)]
+    } {
+        ##Log "  ConfigureNewSocket" $token scheduled, now do $socketPhQueue($sockOld)
+        foreach tok $socketPhQueue($sockOld) {
+	    # 1. Amend the token's (sock).
+	    ##Log set ${tok}(sock) $sock
+	    set ${tok}(sock) $sock
+	    set ${tok}(proxyUsed) $proxyUsed
+
+	    # 2. Schedule the token's HTTP request.
+	    # Every token in socketPhQueue(*) has reusing 1 alreadyQueued 0.
+	    set ${tok}(reusing) 1
+	    set ${tok}(alreadyQueued) 0
+	    ScheduleRequest $tok
+	}
+	set socketPhQueue($sockOld) {}
+    }
+    ##Log "  ConfigureNewSocket" $token DONE
+
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+# The values of array variables socketMapping etc.
+# ------------------------------------------------------------------------------
+# connId                 "$host:$port"
+# socketMapping($connId) the handle or placeholder for the socket that is used
+#                        for "-keepalive 1" requests to $connId.
+# socketRdState($connId) the token that is currently reading from the socket.
+#                        Other values: Rready (ready for next token to read).
+# socketWrState($connId) the token that is currently writing to the socket.
+#                        Other values: Wready (ready for next token to write),
+#                        peNding (would be ready for next write, except that
+#                        the integrity of a non-pipelined transaction requires
+#                        waiting until the read(s) in progress are finished).
+# socketRdQueue($connId) List of tokens that are queued for reading later.
+# socketWrQueue($connId) List of tokens that are queued for writing later.
+# socketPhQueue($sock)   List of tokens that are queued to use a placeholder
+#                        socket, when the real socket has not yet been created.
+# socketClosing($connId) (boolean) true iff a server response header indicates
+#                        that the server will close the connection at the end of
+#                        the current response.
+# socketPlayCmd($connId) The command to execute to replay pending and
+#                        part-completed transactions if the socket closes early.
+# socketCoEvent($connId) Identifier for the "after idle" event that will launch
+#                        an OpenSocket coroutine to open or re-use a socket.
+# socketProxyId($connId) The type of proxy that this socket uses: values are
+#                        those of state(proxyUsed) i.e. none, HttpProxy,
+#                        SecureProxy, and SecureProxyFailed.
+#                        The value is not used for anything by http, its purpose
+#                        is to set the value of state() for caller information.
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Using socketWrState(*), socketWrQueue(*), socketRdState(*), socketRdQueue(*)
+# ------------------------------------------------------------------------------
+# The element socketWrState($connId) has a value which is either the name of
+# the token that is permitted to write to the socket, or "Wready" if no
+# token is permitted to write.
+#
+# The code that sets the value to Wready immediately calls
+# http::NextPipelinedWrite, which examines socketWrQueue($connId) and
+# processes the next request in the queue, if there is one.  The value
+# Wready is not found when the interpreter is in the event loop unless the
+# socket is idle.
+#
+# The element socketRdState($connId) has a value which is either the name of
+# the token that is permitted to read from the socket, or "Rready" if no
+# token is permitted to read.
+#
+# The code that sets the value to Rready then examines
+# socketRdQueue($connId) and processes the next request in the queue, if
+# there is one.  The value Rready is not found when the interpreter is in
+# the event loop unless the socket is idle.
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::ScheduleRequest
+# ------------------------------------------------------------------------------
+# Command to either begin the HTTP request, or add it to the appropriate queue.
+# Called from two places in ConfigureNewSocket.
+#
+# Arguments:
+# token         - connection token (name of an array)
+#
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+proc http::ScheduleRequest {token} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    Log >L$tk ScheduleRequest
+
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    set Unfinished 0
+
+    set reusing $state(reusing)
+    set sockNew $state(sock)
+
+    # The "if" tests below: must test against the current values of
+    # socketWrState, socketRdState, and so the tests must be done here,
+    # not earlier in PreparePersistentConnection.
+
+    if {$state(alreadyQueued)} {
+	# The request has been appended to the queue of a persistent socket
+	# (that is scheduled to close and have its queue replayed).
+	#
+	# A write may or may not be in progress.  There is no need to set
+	# socketWrState to prevent another call stealing write access - all
+	# subsequent calls on this socket will come here because the socket
+	# will close after the current read, and its
+	# socketClosing($connId) is 1.
+	##Log "HTTP request for token $token is queued"
+
+    } elseif {    $reusing
+	       && $state(-pipeline)
+	       && ($socketWrState($state(socketinfo)) ne "Wready")
+    } {
+	##Log "HTTP request for token $token is queued for pipelined use"
+	lappend socketWrQueue($state(socketinfo)) $token
+
+    } elseif {    $reusing
+	       && (!$state(-pipeline))
+	       && ($socketWrState($state(socketinfo)) ne "Wready")
+    } {
+	# A write is queued or in progress.  Lappend to the write queue.
+	##Log "HTTP request for token $token is queued for nonpipeline use"
+	lappend socketWrQueue($state(socketinfo)) $token
+
+    } elseif {    $reusing
+	       && (!$state(-pipeline))
+	       && ($socketWrState($state(socketinfo)) eq "Wready")
+	       && ($socketRdState($state(socketinfo)) ne "Rready")
+    } {
+	# A read is queued or in progress, but not a write.  Cannot start the
+	# nonpipeline transaction, but must set socketWrState to prevent a
+	# pipelined request jumping the queue.
+	##Log "HTTP request for token $token is queued for nonpipeline use"
+	#Log re-use nonpipeline, GRANT delayed write access to $token in geturl
+	set socketWrState($state(socketinfo)) peNding
+	lappend socketWrQueue($state(socketinfo)) $token
+
+    } else {
+        if {$reusing && $state(-pipeline)} {
+	    #Log new, init for pipelined, GRANT write access to $token in geturl
+	    # DO NOT grant premature read access to the socket.
+            # set socketRdState($state(socketinfo)) $token
+            set socketWrState($state(socketinfo)) $token
+        } elseif {$reusing} {
+	    # socketWrState is not used by this non-pipelined transaction.
+	    # We cannot leave it as "Wready" because the next call to
+	    # http::geturl with a pipelined transaction would conclude that the
+	    # socket is available for writing.
+	    #Log new, init for nonpipeline, GRANT r/w access to $token in geturl
+            set socketRdState($state(socketinfo)) $token
+            set socketWrState($state(socketinfo)) $token
+        } else {
+        }
+
+	# Process the request now.
+	# - Command is not called unless $state(sock) is a real socket handle
+	#   and not a placeholder.
+	# - All (!$reusing) cases come here.
+	# - Some $reusing cases come here too if the connection is
+	#   marked as ready.  Those $reusing cases are:
+	#   $reusing && ($socketWrState($state(socketinfo)) eq "Wready") &&
+	#   EITHER !$pipeline && ($socketRdState($state(socketinfo)) eq "Rready")
+	#   OR      $pipeline
+	#
+	#Log ---- $state(socketinfo) << conn to $token for HTTP request (a)
+	##Log "  ScheduleRequest" $token -- fileevent $state(sock) writable for $token
+	# Connect does its own fconfigure.
+
+        lassign $state(connArgs) proto phost srvurl
+
+	if {[catch {
+		fileevent $state(sock) writable \
+			[list http::Connect $token $proto $phost $srvurl]
+	} res opts]} {
+	    # The socket no longer exists.
+	    ##Log bug -- socket gone -- $res -- $opts
+	}
+
+    }
+
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::SendHeader
+# ------------------------------------------------------------------------------
+# Command to send a request header, and keep a copy in state(requestHeaders)
+# for debugging purposes.
+#
+# Arguments:
+# token       - connection token (name of an array)
+# key         - header name
+# value       - header value
+#
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+proc http::SendHeader {token key value} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    set sock $state(sock)
+    lappend state(requestHeaders) [string tolower $key] $value
+    puts $sock "$key: $value"
+    return
+}
+
+# http::Connected --
+#
+#	Callback used when the connection to the HTTP server is actually
+#	established.
+#
+# Arguments:
+#	token	State token.
+#	proto	What protocol (http, https, etc.) was used to connect.
+#	phost	Are we using keep-alive? Non-empty if yes.
+#	srvurl	Service-local URL that we're requesting
+# Results:
+#	None.
+
+proc http::Connected {token proto phost srvurl} {
+    variable http
+    variable urlTypes
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    if {$state(reusing) && (!$state(-pipeline)) && ($state(-timeout) > 0)} {
+	set state(after) [after $state(-timeout) \
+		[list http::reset $token timeout]]
+    }
+
+    # Set back the variables needed here.
+    set sock $state(sock)
+    set isQueryChannel [info exists state(-querychannel)]
+    set isQuery [info exists state(-query)]
+    regexp {^(.+):([^:]+)$} $state(socketinfo) {} host port
+
+    set lower [string tolower $proto]
+    set defport [lindex $urlTypes($lower) 0]
+
+    # Send data in cr-lf format, but accept any line terminators.
+    # Initialisation to {auto *} now done in geturl, KeepSocket and DoneRequest.
+    # We are concerned here with the request (write) not the response (read).
+    lassign [fconfigure $sock -translation] trRead trWrite
+    fconfigure $sock -translation [list $trRead crlf] \
+		     -buffersize $state(-blocksize)
+    if {[package vsatisfies [package provide Tcl] 9.0-]} {
+	fconfigure $sock -profile tcl8
+    }
+
+    # The following is disallowed in safe interpreters, but the socket is
+    # already in non-blocking mode in that case.
+
+    catch {fconfigure $sock -blocking off}
+    set how GET
+    if {$isQuery} {
+	set state(querylength) [string length $state(-query)]
+	if {$state(querylength) > 0} {
+	    set how POST
+	    set contDone 0
+	} else {
+	    # There's no query data.
+	    unset state(-query)
+	    set isQuery 0
+	}
+    } elseif {$state(-validate)} {
+	set how HEAD
+    } elseif {$isQueryChannel} {
+	set how POST
+	# The query channel must be blocking for the async Write to
+	# work properly.
+	fconfigure $state(-querychannel) -blocking 1 -translation binary
+	set contDone 0
+    }
+    if {[info exists state(-method)] && ($state(-method) ne "")} {
+	set how $state(-method)
+    }
+    set accept_types_seen 0
+
+    Log ^B$tk begin sending request - token $token
+
+    if {[catch {
+	if {[info exists state(bypass)]} {
+	    set state(method) [lindex [split $state(bypass) { }] 0]
+	    set state(requestHeaders) {}
+	    set state(requestLine) $state(bypass)
+	} else {
+	    set state(method) $how
+	    set state(requestHeaders) {}
+	    set state(requestLine) "$how $srvurl HTTP/$state(-protocol)"
+	}
+	puts $sock $state(requestLine)
+	set hostValue [GetFieldValue $state(-headers) Host]
+	if {$hostValue ne {}} {
+	    # Allow Host spoofing. [Bug 928154]
+	    regexp {^[^:]+} $hostValue state(host)
+	    SendHeader $token Host $hostValue
+	} elseif {$port == $defport} {
+	    # Don't add port in this case, to handle broken servers. [Bug
+	    # #504508]
+	    set state(host) $host
+	    SendHeader $token Host $host
+	} else {
+	    set state(host) $host
+	    SendHeader $token Host "$host:$port"
+	}
+	SendHeader $token User-Agent $http(-useragent)
+	if {($state(-protocol) > 1.0) && $state(-keepalive)} {
+	    # Send this header, because a 1.1 server is not compelled to treat
+	    # this as the default.
+	    set ConnVal keep-alive
+	} elseif {($state(-protocol) > 1.0)} {
+	    # RFC2616 sec 8.1.2.1
+	    set ConnVal close
+	} else {
+	    # ($state(-protocol) <= 1.0)
+	    # RFC7230 A.1
+	    # Some server implementations of HTTP/1.0 have a faulty
+	    # implementation of RFC 2068 Keep-Alive.
+	    # Don't leave this to chance.
+	    # For HTTP/1.0 we have already "set state(connection) close"
+	    # and "state(-keepalive) 0".
+	    set ConnVal close
+	}
+        # Proxy authorisation (cf. mod by Anders Ramdahl to autoproxy by
+        # Pat Thoyts).
+        if {($http(-proxyauth) ne {}) && ($state(proxyUsed) eq {HttpProxy})} {
+	    SendHeader $token Proxy-Authorization $http(-proxyauth)
+        }
+	# RFC7230 A.1 - "clients are encouraged not to send the
+	# Proxy-Connection header field in any requests"
+	set accept_encoding_seen 0
+	set content_type_seen 0
+	set connection_seen 0
+	foreach {key value} $state(-headers) {
+	    set value [string map [list \n "" \r ""] $value]
+	    set key [string map {" " -} [string trim $key]]
+	    if {[string equal -nocase $key "host"]} {
+		continue
+	    }
+	    if {[string equal -nocase $key "accept-encoding"]} {
+		set accept_encoding_seen 1
+	    }
+	    if {[string equal -nocase $key "accept"]} {
+		set accept_types_seen 1
+	    }
+	    if {[string equal -nocase $key "content-type"]} {
+		set content_type_seen 1
+	    }
+	    if {[string equal -nocase $key "content-length"]} {
+		set contDone 1
+		set state(querylength) $value
+	    }
+	    if {    [string equal -nocase $key "connection"]
+	         && [info exists state(bypass)]
+	    } {
+		# Value supplied in -headers overrides $ConnVal.
+		set connection_seen 1
+	    } elseif {[string equal -nocase $key "connection"]} {
+		# Remove "close" or "keep-alive" and use our own value.
+		# In an upgrade request, the upgrade is not guaranteed.
+		# Value "close" or "keep-alive" tells the server what to do
+		# if it refuses the upgrade.  We send a single "Connection"
+		# header because some websocket servers, e.g. civetweb, reject
+		# multiple headers. Bug [d01de3281f] of tcllib/websocket.
+		set connection_seen 1
+		set listVal $state(connectionValues)
+		if {[set pos [lsearch $listVal close]] != -1} {
+		    set listVal [lreplace $listVal $pos $pos]
+		}
+		if {[set pos [lsearch $listVal keep-alive]] != -1} {
+		    set listVal [lreplace $listVal $pos $pos]
+		}
+		lappend listVal $ConnVal
+		set value [join $listVal {, }]
+	    }
+	    if {[string length $key]} {
+		SendHeader $token $key $value
+	    }
+	}
+	# Allow overriding the Accept header on a per-connection basis. Useful
+	# for working with REST services. [Bug c11a51c482]
+	if {!$accept_types_seen} {
+	    SendHeader $token Accept $state(accept-types)
+	}
+	if {    (!$accept_encoding_seen)
+	     && (![info exists state(-handler)])
+	     && $http(-zip)
+	} {
+	    SendHeader $token Accept-Encoding gzip,deflate
+	} elseif {!$accept_encoding_seen} {
+	    SendHeader $token Accept-Encoding identity
+	} else {
+	}
+	if {!$connection_seen} {
+	    SendHeader $token Connection $ConnVal
+	}
+	if {$isQueryChannel && ($state(querylength) == 0)} {
+	    # Try to determine size of data in channel. If we cannot seek, the
+	    # surrounding catch will trap us
+
+	    set start [tell $state(-querychannel)]
+	    seek $state(-querychannel) 0 end
+	    set state(querylength) \
+		    [expr {[tell $state(-querychannel)] - $start}]
+	    seek $state(-querychannel) $start
+	}
+
+	# Note that we don't do Cookie2; that's much nastier and not normally
+	# observed in practice either. It also doesn't fix the multitude of
+	# bugs in the basic cookie spec.
+	if {$http(-cookiejar) ne ""} {
+	    set cookies ""
+	    set separator ""
+	    foreach {key value} [{*}$http(-cookiejar) \
+		    getCookies $proto $host $state(path)] {
+		append cookies $separator $key = $value
+		set separator "; "
+	    }
+	    if {$cookies ne ""} {
+		SendHeader $token Cookie $cookies
+	    }
+	}
+
+	# Flush the request header and set up the fileevent that will either
+	# push the POST data or read the response.
+	#
+	# fileevent note:
+	#
+	# It is possible to have both the read and write fileevents active at
+	# this point. The only scenario it seems to affect is a server that
+	# closes the connection without reading the POST data. (e.g., early
+	# versions TclHttpd in various error cases). Depending on the
+	# platform, the client may or may not be able to get the response from
+	# the server because of the error it will get trying to write the post
+	# data. Having both fileevents active changes the timing and the
+	# behavior, but no two platforms (among Solaris, Linux, and NT) behave
+	# the same, and none behave all that well in any case. Servers should
+	# always read their POST data if they expect the client to read their
+	# response.
+
+	if {$isQuery || $isQueryChannel} {
+	    # POST method.
+	    if {!$content_type_seen} {
+		SendHeader $token Content-Type $state(-type)
+	    }
+	    if {!$contDone} {
+		SendHeader $token Content-Length $state(querylength)
+	    }
+	    puts $sock ""
+	    flush $sock
+	    # Flush flushes the error in the https case with a bad handshake:
+	    # else the socket never becomes writable again, and hangs until
+	    # timeout (if any).
+
+	    lassign [fconfigure $sock -translation] trRead trWrite
+	    fconfigure $sock -translation [list $trRead binary]
+	    fileevent $sock writable [list http::Write $token]
+	    # The http::Write command decides when to make the socket readable,
+	    # using the same test as the GET/HEAD case below.
+	} else {
+	    # GET or HEAD method.
+	    if {    (![catch {fileevent $sock readable} binding])
+		 && ($binding eq [list http::CheckEof $sock])
+	    } {
+		# Remove the "fileevent readable" binding of an idle persistent
+		# socket to http::CheckEof.  We can no longer treat bytes
+		# received as junk. The server might still time out and
+		# half-close the socket if it has not yet received the first
+		# "puts".
+		fileevent $sock readable {}
+	    }
+	    puts $sock ""
+	    flush $sock
+	    Log ^C$tk end sending request - token $token
+	    # End of writing (GET/HEAD methods).  The request has been sent.
+
+	    DoneRequest $token
+	}
+
+    } err]} {
+	# The socket probably was never connected, OR the connection dropped
+	# later, OR https handshake error, which may be discovered as late as
+	# the "flush" command above...
+	Log "WARNING - if testing, pay special attention to this\
+		case (GI) which is seldom executed - token $token"
+	if {[info exists state(reusing)] && $state(reusing)} {
+	    # The socket was closed at the server end, and closed at
+	    # this end by http::CheckEof.
+    	    if {[TestForReplay $token write $err a]} {
+		return
+	    } else {
+		Finish $token {failed to re-use socket}
+	    }
+
+	    # else:
+	    # This is NOT a persistent socket that has been closed since its
+	    # last use.
+	    # If any other requests are in flight or pipelined/queued, they will
+	    # be discarded.
+	} elseif {$state(status) eq ""} {
+	    # https handshake errors come here, for
+	    # Tcl 8.7 without http::SecureProxyConnect, and for Tcl 8.6.
+	    set msg [registerError $sock]
+	    registerError $sock {}
+	    if {$msg eq {}} {
+		set msg {failed to use socket}
+	    }
+	    Finish $token $msg
+	} elseif {$state(status) ne "error"} {
+	    Finish $token $err
+	}
+    }
+    return
+}
+
+# http::registerError
+#
+#	Called (for example when processing TclTLS activity) to register
+#	an error for a connection on a specific socket.  This helps
+#	http::Connected to deliver meaningful error messages, e.g. when a TLS
+#	certificate fails verification.
+#
+#	Usage: http::registerError socket ?newValue?
+#
+#	"set" semantics, except that a "get" (a call without a new value) for a
+#	non-existent socket returns {}, not an error.
+
+proc http::registerError {sock args} {
+    variable registeredErrors
+
+    if {    ([llength $args] == 0)
+	 && (![info exists registeredErrors($sock)])
+    } {
+	return
+    } elseif {    ([llength $args] == 1)
+	       && ([lindex $args 0] eq {})
+    } {
+	unset -nocomplain registeredErrors($sock)
+	return
+    }
+    set registeredErrors($sock) {*}$args
+}
+
+# http::DoneRequest --
+#
+#	Command called when a request has been sent.  It will arrange the
+#	next request and/or response as appropriate.
+#
+#	If this command is called when $socketClosing(*), the request $token
+#	that calls it must be pipelined and destined to fail.
+
+proc http::DoneRequest {token} {
+    variable http
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    set sock $state(sock)
+
+    # If pipelined, connect the next HTTP request to the socket.
+    if {$state(reusing) && $state(-pipeline)} {
+	# Enable next token (if any) to write.
+	# The value "Wready" is set only here, and
+	# in http::Event after reading the response-headers of a
+	# non-reusing transaction.
+	# Previous value is $token. It cannot be pending.
+	set socketWrState($state(socketinfo)) Wready
+
+	# Now ready to write the next pipelined request (if any).
+	http::NextPipelinedWrite $token
+    } else {
+	# If pipelined, this is the first transaction on this socket.  We wait
+	# for the response headers to discover whether the connection is
+	# persistent.  (If this is not done and the connection is not
+	# persistent, we SHOULD retry and then MUST NOT pipeline before knowing
+	# that we have a persistent connection
+	# (rfc2616 8.1.2.2)).
+    }
+
+    # Connect to receive the response, unless the socket is pipelined
+    # and another response is being sent.
+    # This code block is separate from the code below because there are
+    # cases where socketRdState already has the value $token.
+    if {    $state(-keepalive)
+	 && $state(-pipeline)
+	 && [info exists socketRdState($state(socketinfo))]
+	 && ($socketRdState($state(socketinfo)) eq "Rready")
+    } {
+	#Log pipelined, GRANT read access to $token in Connected
+	set socketRdState($state(socketinfo)) $token
+    }
+
+    if {    $state(-keepalive)
+	 && $state(-pipeline)
+	 && [info exists socketRdState($state(socketinfo))]
+	 && ($socketRdState($state(socketinfo)) ne $token)
+    } {
+	# Do not read from the socket until it is ready.
+	##Log "HTTP response for token $token is queued for pipelined use"
+	# If $socketClosing(*), then the caller will be a pipelined write and
+	# execution will come here.
+	# This token has already been recorded as "in flight" for writing.
+	# When the socket is closed, the read queue will be cleared in
+	# CloseQueuedQueries and so the "lappend" here has no effect.
+	lappend socketRdQueue($state(socketinfo)) $token
+    } else {
+	# In the pipelined case, connection for reading depends on the
+	# value of socketRdState.
+	# In the nonpipeline case, connection for reading always occurs.
+	ReceiveResponse $token
+    }
+    return
+}
+
+# http::ReceiveResponse
+#
+#	Connects token to its socket for reading.
+
+proc http::ReceiveResponse {token} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    set sock $state(sock)
+
+    #Log ---- $state(socketinfo) >> conn to $token for HTTP response
+    lassign [fconfigure $sock -translation] trRead trWrite
+    fconfigure $sock -translation [list auto $trWrite] \
+		     -buffersize $state(-blocksize)
+    if {[package vsatisfies [package provide Tcl] 9.0-]} {
+	fconfigure $sock -profile tcl8
+    }
+    Log ^D$tk begin receiving response - token $token
+
+    coroutine ${token}--EventCoroutine http::Event $sock $token
+    if {[info exists state(-handler)] || [info exists state(-progress)]} {
+        fileevent $sock readable [list http::EventGateway $sock $token]
+    } else {
+        fileevent $sock readable ${token}--EventCoroutine
+    }
+    return
+}
+
+
+# http::EventGateway
+#
+#	Bug [c2dc1da315].
+#	- Recursive launch of the coroutine can occur if a -handler or -progress
+#	  callback is used, and the callback command enters the event loop.
+#	- To prevent this, the fileevent "binding" is disabled while the
+#	  coroutine is in flight.
+#	- If a recursive call occurs despite these precautions, it is not
+#	  trapped and discarded here, because it is better to report it as a
+#	  bug.
+#	- Although this solution is believed to be sufficiently general, it is
+#	  used only if -handler or -progress is specified.  In other cases,
+#	  the coroutine is called directly.
+
+proc http::EventGateway {sock token} {
+    variable $token
+    upvar 0 $token state
+    fileevent $sock readable {}
+    catch {${token}--EventCoroutine} res opts
+    if {[info commands ${token}--EventCoroutine] ne {}} {
+        # The coroutine can be deleted by completion (a non-yield return), by
+        # http::Finish (when there is a premature end to the transaction), by
+        # http::reset or http::cleanup, or if the caller set option -channel
+        # but not option -handler: in the last case reading from the socket is
+        # now managed by commands ::http::Copy*, http::ReceiveChunked, and
+        # http::MakeTransformationChunked.
+        #
+        # Catch in case the coroutine has closed the socket.
+        catch {fileevent $sock readable [list http::EventGateway $sock $token]}
+    }
+
+    # If there was an error, re-throw it.
+    return -options $opts $res
+}
+
+
+# http::NextPipelinedWrite
+#
+# - Connecting a socket to a token for writing is done by this command and by
+#   command KeepSocket.
+# - If another request has a pipelined write scheduled for $token's socket,
+#   and if the socket is ready to accept it, connect the write and update
+#   the queue accordingly.
+# - This command is called from http::DoneRequest and http::Event,
+#   IF $state(-pipeline) AND (the current transfer has reached the point at
+#   which the socket is ready for the next request to be written).
+# - This command is called when a token has write access and is pipelined and
+#   keep-alive, and sets socketWrState to Wready.
+# - The command need not consider the case where socketWrState is set to a token
+#   that does not yet have write access.  Such a token is waiting for Rready,
+#   and the assignment of the connection to the token will be done elsewhere (in
+#   http::KeepSocket).
+# - This command cannot be called after socketWrState has been set to a
+#   "pending" token value (that is then overwritten by the caller), because that
+#   value is set by this command when it is called by an earlier token when it
+#   relinquishes its write access, and the pending token is always the next in
+#   line to write.
+
+proc http::NextPipelinedWrite {token} {
+    variable http
+    variable socketRdState
+    variable socketWrState
+    variable socketWrQueue
+    variable socketClosing
+    variable $token
+    upvar 0 $token state
+    set connId $state(socketinfo)
+
+    if {    [info exists socketClosing($connId)]
+	 && $socketClosing($connId)
+    } {
+	# socketClosing(*) is set because the server has sent a
+	# "Connection: close" header.
+	# Behave as if the queues are empty - so do nothing.
+    } elseif {    $state(-pipeline)
+	 && [info exists socketWrState($connId)]
+	 && ($socketWrState($connId) eq "Wready")
+
+	 && [info exists socketWrQueue($connId)]
+	 && [llength $socketWrQueue($connId)]
+	 && ([set token2 [lindex $socketWrQueue($connId) 0]
+	      set ${token2}(-pipeline)
+	     ]
+	    )
+    } {
+	# - The usual case for a pipelined connection, ready for a new request.
+	#Log pipelined, GRANT write access to $token2 in NextPipelinedWrite
+	set conn [set ${token2}(connArgs)]
+	set socketWrState($connId) $token2
+	set socketWrQueue($connId) [lrange $socketWrQueue($connId) 1 end]
+	# Connect does its own fconfigure.
+	fileevent $state(sock) writable [list http::Connect $token2 {*}$conn]
+	#Log ---- $connId << conn to $token2 for HTTP request (b)
+
+	# In the tests below, the next request will be nonpipeline.
+    } elseif {    $state(-pipeline)
+	       && [info exists socketWrState($connId)]
+	       && ($socketWrState($connId) eq "Wready")
+
+	       && [info exists socketWrQueue($connId)]
+	       && [llength $socketWrQueue($connId)]
+	       && (![ set token3 [lindex $socketWrQueue($connId) 0]
+		      set ${token3}(-pipeline)
+		    ]
+		  )
+
+	       && [info exists socketRdState($connId)]
+	       && ($socketRdState($connId) eq "Rready")
+    } {
+	# The case in which the next request will be non-pipelined, and the read
+	# and write queues is ready: which is the condition for a non-pipelined
+	# write.
+	set conn [set ${token3}(connArgs)]
+	#Log nonpipeline, GRANT r/w access to $token3 in NextPipelinedWrite
+	set socketRdState($connId) $token3
+	set socketWrState($connId) $token3
+	set socketWrQueue($connId) [lrange $socketWrQueue($connId) 1 end]
+	# Connect does its own fconfigure.
+	fileevent $state(sock) writable [list http::Connect $token3 {*}$conn]
+	#Log ---- $state(sock) << conn to $token3 for HTTP request (c)
+
+    } elseif {    $state(-pipeline)
+	 && [info exists socketWrState($connId)]
+	 && ($socketWrState($connId) eq "Wready")
+
+	 && [info exists socketWrQueue($connId)]
+	 && [llength $socketWrQueue($connId)]
+	 && (![set token2 [lindex $socketWrQueue($connId) 0]
+	      set ${token2}(-pipeline)
+	     ]
+	    )
+    } {
+	# - The case in which the next request will be non-pipelined, but the
+	#   read queue is NOT ready.
+	# - A read is queued or in progress, but not a write.  Cannot start the
+	#   nonpipeline transaction, but must set socketWrState to prevent a new
+	#   pipelined request (in http::geturl) jumping the queue.
+	# - Because socketWrState($connId) is not set to Wready, the assignment
+	#   of the connection to $token2 will be done elsewhere - by command
+	#   http::KeepSocket when $socketRdState($connId) is set to "Rready".
+
+	#Log re-use nonpipeline, GRANT delayed write access to $token in NextP..
+	set socketWrState($connId) peNding
+    }
+    return
+}
+
+# http::CancelReadPipeline
+#
+#	Cancel pipelined responses on a closing "Keep-Alive" socket.
+#
+#	- Called by a variable trace on "unset socketRdState($connId)".
+#	- The variable relates to a Keep-Alive socket, which has been closed.
+#	- Cancels all pipelined responses. The requests have been sent,
+#	  the responses have not yet been received.
+#	- This is a hard cancel that ends each transaction with error status,
+#	  and closes the connection. Do not use it if you want to replay failed
+#	  transactions.
+#	- N.B. Always delete ::http::socketRdState($connId) before deleting
+#	  ::http::socketRdQueue($connId), or this command will do nothing.
+#
+# Arguments
+#	As for a trace command on a variable.
+
+proc http::CancelReadPipeline {name1 connId op} {
+    variable socketRdQueue
+    ##Log CancelReadPipeline $name1 $connId $op
+    if {[info exists socketRdQueue($connId)]} {
+	set msg {the connection was closed by CancelReadPipeline}
+	foreach token $socketRdQueue($connId) {
+	    set tk [namespace tail $token]
+	    Log ^X$tk end of response "($msg)" - token $token
+	    set ${token}(status) eof
+	    Finish $token ;#$msg
+	}
+	set socketRdQueue($connId) {}
+    }
+    return
+}
+
+# http::CancelWritePipeline
+#
+#	Cancel queued events on a closing "Keep-Alive" socket.
+#
+#	- Called by a variable trace on "unset socketWrState($connId)".
+#	- The variable relates to a Keep-Alive socket, which has been closed.
+#	- In pipelined or nonpipeline case: cancels all queued requests.  The
+#	  requests have not yet been sent, the responses are not due.
+#	- This is a hard cancel that ends each transaction with error status,
+#	  and closes the connection. Do not use it if you want to replay failed
+#	  transactions.
+#	- N.B. Always delete ::http::socketWrState($connId) before deleting
+#	  ::http::socketWrQueue($connId), or this command will do nothing.
+#
+# Arguments
+#	As for a trace command on a variable.
+
+proc http::CancelWritePipeline {name1 connId op} {
+    variable socketWrQueue
+
+    ##Log CancelWritePipeline $name1 $connId $op
+    if {[info exists socketWrQueue($connId)]} {
+	set msg {the connection was closed by CancelWritePipeline}
+	foreach token $socketWrQueue($connId) {
+	    set tk [namespace tail $token]
+	    Log ^X$tk end of response "($msg)" - token $token
+	    set ${token}(status) eof
+	    Finish $token ;#$msg
+	}
+	set socketWrQueue($connId) {}
+    }
+    return
+}
+
+# http::ReplayIfDead --
+#
+# - A query on a re-used persistent socket failed at the earliest opportunity,
+#   because the socket had been closed by the server.  Keep the token, tidy up,
+#   and try to connect on a fresh socket.
+# - The connection is monitored for eof by the command http::CheckEof.  Thus
+#   http::ReplayIfDead is needed only when a server event (half-closing an
+#   apparently idle connection), and a client event (sending a request) occur at
+#   almost the same time, and neither client nor server detects the other's
+#   action before performing its own (an "asynchronous close event").
+# - To simplify testing of http::ReplayIfDead, set TEST_EOF 1 in
+#   http::KeepSocket, and then http::ReplayIfDead will be called if http::geturl
+#   is called at any time after the server timeout.
+#
+# Arguments:
+#	token	Connection token.
+#
+# Side Effects:
+#	Use the same token, but try to open a new socket.
+
+proc http::ReplayIfDead {token doing} {
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+
+    Log running http::ReplayIfDead for $token $doing
+
+    # 1. Merge the tokens for transactions in flight, the read (response) queue,
+    #    and the write (request) queue.
+
+    set InFlightR {}
+    set InFlightW {}
+
+    # Obtain the tokens for transactions in flight.
+    if {$state(-pipeline)} {
+	# Two transactions may be in flight.  The "read" transaction was first.
+	# It is unlikely that the server would close the socket if a response
+	# was pending; however, an earlier request (as well as the present
+	# request) may have been sent and ignored if the socket was half-closed
+	# by the server.
+
+	if {    [info exists socketRdState($state(socketinfo))]
+	     && ($socketRdState($state(socketinfo)) ne "Rready")
+	} {
+	    lappend InFlightR $socketRdState($state(socketinfo))
+	} elseif {($doing eq "read")} {
+	    lappend InFlightR $token
+	}
+
+	if {    [info exists socketWrState($state(socketinfo))]
+	     && $socketWrState($state(socketinfo)) ni {Wready peNding}
+	} {
+	    lappend InFlightW $socketWrState($state(socketinfo))
+	} elseif {($doing eq "write")} {
+	    lappend InFlightW $token
+	}
+
+	# Report any inconsistency of $token with socket*state.
+	if {    ($doing eq "read")
+	     && [info exists socketRdState($state(socketinfo))]
+	     && ($token ne $socketRdState($state(socketinfo)))
+	} {
+	    Log WARNING - ReplayIfDead pipelined token $token $doing \
+		    ne socketRdState($state(socketinfo)) \
+		      $socketRdState($state(socketinfo))
+
+	} elseif {
+		($doing eq "write")
+	     && [info exists socketWrState($state(socketinfo))]
+	     && ($token ne $socketWrState($state(socketinfo)))
+	} {
+	    Log WARNING - ReplayIfDead pipelined token $token $doing \
+		    ne socketWrState($state(socketinfo)) \
+		      $socketWrState($state(socketinfo))
+	}
+    } else {
+	# One transaction should be in flight.
+	# socketRdState, socketWrQueue are used.
+	# socketRdQueue should be empty.
+
+	# Report any inconsistency of $token with socket*state.
+	if {$token ne $socketRdState($state(socketinfo))} {
+	    Log WARNING - ReplayIfDead nonpipeline token $token $doing \
+		    ne socketRdState($state(socketinfo)) \
+		      $socketRdState($state(socketinfo))
+	}
+
+	# Report the inconsistency that socketRdQueue is non-empty.
+	if {    [info exists socketRdQueue($state(socketinfo))]
+	     && ($socketRdQueue($state(socketinfo)) ne {})
+	} {
+	    Log WARNING - ReplayIfDead nonpipeline token $token $doing \
+		    has read queue socketRdQueue($state(socketinfo)) \
+		    $socketRdQueue($state(socketinfo)) ne {}
+	}
+
+	lappend InFlightW $socketRdState($state(socketinfo))
+	set socketRdQueue($state(socketinfo)) {}
+    }
+
+    set newQueue {}
+    lappend newQueue {*}$InFlightR
+    lappend newQueue {*}$socketRdQueue($state(socketinfo))
+    lappend newQueue {*}$InFlightW
+    lappend newQueue {*}$socketWrQueue($state(socketinfo))
+
+
+    # 2. Tidy up token.  This is a cut-down form of Finish/CloseSocket.
+    #    Do not change state(status).
+    #    No need to after cancel state(after) - either this is done in
+    #    ReplayCore/ReInit, or Finish is called.
+
+    catch {close $state(sock)}
+    Unset $state(socketinfo)
+
+    # 2a. Tidy the tokens in the queues - this is done in ReplayCore/ReInit.
+    # - Transactions, if any, that are awaiting responses cannot be completed.
+    #   They are listed for re-sending in newQueue.
+    # - All tokens are preserved for re-use by ReplayCore, and their variables
+    #   will be re-initialised by calls to ReInit.
+    # - The relevant element of socketMapping, socketRdState, socketWrState,
+    #   socketRdQueue, socketWrQueue, socketClosing, socketPlayCmd will be set
+    #   to new values in ReplayCore.
+
+    ReplayCore $newQueue
+    return
+}
+
+# http::ReplayIfClose --
+#
+#	A request on a socket that was previously "Connection: keep-alive" has
+#	received a "Connection: close" response header.  The server supplies
+#	that response correctly, but any later requests already queued on this
+#	connection will be lost when the socket closes.
+#
+#	This command takes arguments that represent the socketWrState,
+#	socketRdQueue and socketWrQueue for this connection.  The socketRdState
+#	is not needed because the server responds in full to the request that
+#	received the "Connection: close" response header.
+#
+#	Existing request tokens $token (::http::$n) are preserved.  The caller
+#	will be unaware that the request was processed this way.
+
+proc http::ReplayIfClose {Wstate Rqueue Wqueue} {
+    Log running http::ReplayIfClose for $Wstate $Rqueue $Wqueue
+
+    if {$Wstate in $Rqueue || $Wstate in $Wqueue} {
+	Log WARNING duplicate token in http::ReplayIfClose - token $Wstate
+	set Wstate Wready
+    }
+
+    # 1. Create newQueue
+    set InFlightW {}
+    if {$Wstate ni {Wready peNding}} {
+	lappend InFlightW $Wstate
+    }
+    ##Log $Rqueue -- $InFlightW -- $Wqueue
+    set newQueue {}
+    lappend newQueue {*}$Rqueue
+    lappend newQueue {*}$InFlightW
+    lappend newQueue {*}$Wqueue
+
+    # 2. Cleanup - none needed, done by the caller.
+
+    ReplayCore $newQueue
+    return
+}
+
+# http::ReInit --
+#
+#	Command to restore a token's state to a condition that
+#	makes it ready to replay a request.
+#
+#	Command http::geturl stores extra state in state(tmp*) so
+#	we don't need to do the argument processing again.
+#
+#	The caller must:
+#	- Set state(reusing) and state(sock) to their new values after calling
+#	  this command.
+#	- Unset state(tmpState), state(tmpOpenCmd) if future calls to ReplayCore
+#	  or ReInit are inappropriate for this token. Typically only one retry
+#	  is allowed.
+#	The caller may also unset state(tmpConnArgs) if this value (and the
+#	token) will be used immediately.  The value is needed by tokens that
+#	will be stored in a queue.
+#
+# Arguments:
+#	token	Connection token.
+#
+# Return Value: (boolean) true iff the re-initialisation was successful.
+
+proc http::ReInit {token} {
+    variable $token
+    upvar 0 $token state
+
+    if {!(
+	      [info exists state(tmpState)]
+	   && [info exists state(tmpOpenCmd)]
+	   && [info exists state(tmpConnArgs)]
+	 )
+    } {
+	Log FAILED in http::ReInit via ReplayCore - NO tmp vars for $token
+	return 0
+    }
+
+    if {[info exists state(after)]} {
+	after cancel $state(after)
+	unset state(after)
+    }
+    if {[info exists state(socketcoro)]} {
+        Log $token Cancel socket after-idle event (ReInit)
+        after cancel $state(socketcoro)
+        unset state(socketcoro)
+    }
+
+    # Don't alter state(status) - this would trigger http::wait if it is in use.
+    set tmpState    $state(tmpState)
+    set tmpOpenCmd  $state(tmpOpenCmd)
+    set tmpConnArgs $state(tmpConnArgs)
+    foreach name [array names state] {
+	if {$name ne "status"} {
+	    unset state($name)
+	}
+    }
+
+    # Don't alter state(status).
+    # Restore state(tmp*) - the caller may decide to unset them.
+    # Restore state(tmpConnArgs) which is needed for connection.
+    # state(tmpState), state(tmpOpenCmd) are needed only for retries.
+
+    dict unset tmpState status
+    array set state $tmpState
+    set state(tmpState)    $tmpState
+    set state(tmpOpenCmd)  $tmpOpenCmd
+    set state(tmpConnArgs) $tmpConnArgs
+
+    return 1
+}
+
+# http::ReplayCore --
+#
+#	Command to replay a list of requests, using existing connection tokens.
+#
+#	Abstracted from http::geturl which stores extra state in state(tmp*) so
+#	we don't need to do the argument processing again.
+#
+# Arguments:
+#	newQueue	List of connection tokens.
+#
+# Side Effects:
+#	Use existing tokens, but try to open a new socket.
+
+proc http::ReplayCore {newQueue} {
+    variable TmpSockCounter
+
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    if {[llength $newQueue] == 0} {
+	# Nothing to do.
+	return
+    }
+
+    ##Log running ReplayCore for {*}$newQueue
+    set newToken [lindex $newQueue 0]
+    set newQueue [lrange $newQueue 1 end]
+
+    # 3. Use newToken, and restore its values of state(*).  Do not restore
+    #    elements tmp* - we try again only once.
+
+    set token $newToken
+    variable $token
+    upvar 0 $token state
+
+    if {![ReInit $token]} {
+	Log FAILED in http::ReplayCore - NO tmp vars
+	Log ReplayCore reject $token
+	Finish $token {cannot send this request again}
+	return
+    }
+
+    set tmpState    $state(tmpState)
+    set tmpOpenCmd  $state(tmpOpenCmd)
+    set tmpConnArgs $state(tmpConnArgs)
+    unset state(tmpState)
+    unset state(tmpOpenCmd)
+    unset state(tmpConnArgs)
+
+    set state(reusing) 0
+    set state(ReusingPlaceholder) 0
+    set state(alreadyQueued) 0
+    Log ReplayCore replay $token
+
+    # Give the socket a placeholder name before it is created.
+    set sock HTTP_PLACEHOLDER_[incr TmpSockCounter]
+    set state(sock) $sock
+
+    # Move the $newQueue into the placeholder socket's socketPhQueue.
+    set socketPhQueue($sock) {}
+    foreach tok $newQueue {
+	if {[ReInit $tok]} {
+	    set ${tok}(reusing) 1
+	    set ${tok}(sock) $sock
+	    lappend socketPhQueue($sock) $tok
+	    Log ReplayCore replay $tok
+	} else {
+	    Log ReplayCore reject $tok
+	    set ${tok}(reusing) 1
+	    set ${tok}(sock) NONE
+	    Finish $tok {cannot send this request again}
+	}
+    }
+
+    AsyncTransaction $token
+
+    return
+}
+
+# Data access functions:
+# Data - the URL data
+# Status - the transaction status: ok, reset, eof, timeout, error
+# Code - the HTTP transaction code, e.g., 200
+# Size - the size of the URL data
+
+proc http::responseBody {token} {
+    variable $token
+    upvar 0 $token state
+    return $state(body)
+}
+proc http::status {token} {
+    if {![info exists $token]} {
+	return "error"
+    }
+    variable $token
+    upvar 0 $token state
+    return $state(status)
+}
+proc http::responseLine {token} {
+    variable $token
+    upvar 0 $token state
+    return $state(http)
+}
+proc http::requestLine {token} {
+    variable $token
+    upvar 0 $token state
+    return $state(requestLine)
+}
+proc http::responseCode {token} {
+    variable $token
+    upvar 0 $token state
+    if {[regexp {[0-9]{3}} $state(http) numeric_code]} {
+	return $numeric_code
+    } else {
+	return $state(http)
+    }
+}
+proc http::size {token} {
+    variable $token
+    upvar 0 $token state
+    return $state(currentsize)
+}
+proc http::requestHeaders {token args} {
+    set lenny  [llength $args]
+    if {$lenny > 1} {
+        return -code error {usage: ::http::requestHeaders token ?headerName?}
+    } else {
+        return [Meta $token request {*}$args]
+    }
+}
+proc http::responseHeaders {token args} {
+    set lenny  [llength $args]
+    if {$lenny > 1} {
+        return -code error {usage: ::http::responseHeaders token ?headerName?}
+    } else {
+        return [Meta $token response {*}$args]
+    }
+}
+proc http::requestHeaderValue {token header} {
+    Meta $token request $header VALUE
+}
+proc http::responseHeaderValue {token header} {
+    Meta $token response $header VALUE
+}
+proc http::Meta {token who args} {
+    variable $token
+    upvar 0 $token state
+
+    if {$who eq {request}} {
+        set whom requestHeaders
+    } elseif {$who eq {response}} {
+        set whom meta
+    } else {
+        return -code error {usage: ::http::Meta token request|response ?headerName ?VALUE??}
+    }
+
+    set header [string tolower [lindex $args 0]]
+    set how    [string tolower [lindex $args 1]]
+    set lenny  [llength $args]
+    if {$lenny == 0} {
+        return $state($whom)
+    } elseif {($lenny > 2) || (($lenny == 2) && ($how ne {value}))} {
+        return -code error {usage: ::http::Meta token request|response ?headerName ?VALUE??}
+    } else {
+        set result {}
+        set combined {}
+        foreach {key value} $state($whom) {
+            if {$key eq $header} {
+                lappend result $key $value
+                append combined $value {, }
+            }
+        }
+        if {$lenny == 1} {
+            return $result
+        } else {
+            return [string range $combined 0 end-2]
+        }
+    }
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::responseInfo
+# ------------------------------------------------------------------------------
+# Command to return a dictionary of the most useful metadata of a HTTP
+# response.
+#
+# Arguments:
+# token       - connection token (name of an array)
+#
+# Return Value: a dict. See man page http(n) for a description of each item.
+# ------------------------------------------------------------------------------
+
+proc http::responseInfo {token} {
+    variable $token
+    upvar 0 $token state
+    set result {}
+    foreach {key origin name} {
+        stage                 STATE  state
+        status                STATE  status
+        responseCode          STATE  responseCode
+        reasonPhrase          STATE  reasonPhrase
+        contentType           STATE  type
+        binary                STATE  binary
+        redirection           RESP   location
+        upgrade               STATE  upgrade
+        error                 ERROR  -
+        postError             STATE  posterror
+        method                STATE  method
+        charset               STATE  charset
+        compression           STATE  coding
+        httpRequest           STATE  -protocol
+        httpResponse          STATE  httpResponse
+        url                   STATE  url
+        connectionRequest     REQ    connection
+        connectionResponse    RESP   connection
+        connectionActual      STATE  connection
+        transferEncoding      STATE  transfer
+        totalPost             STATE  querylength
+        currentPost           STATE  queryoffset
+        totalSize             STATE  totalsize
+        currentSize           STATE  currentsize
+        proxyUsed             STATE  proxyUsed
+    } {
+        if {$origin eq {STATE}} {
+            if {[info exists state($name)]} {
+                dict set result $key $state($name)
+            } else {
+                # Should never come here
+                dict set result $key {}
+            }
+        } elseif {$origin eq {REQ}} {
+            dict set result $key [requestHeaderValue $token $name]
+        } elseif {$origin eq {RESP}} {
+            dict set result $key [responseHeaderValue $token $name]
+        } elseif {$origin eq {ERROR}} {
+            # Don't flood the dict with data.  The command ::http::error is
+            # available.
+            if {[info exists state(error)]} {
+                set msg [lindex $state(error) 0]
+            } else {
+                set msg {}
+            }
+            dict set result $key $msg
+        } else {
+            # Should never come here
+            dict set result $key {}
+        }
+    }
+    return $result
+}
+proc http::error {token} {
+    variable $token
+    upvar 0 $token state
+    if {[info exists state(error)]} {
+	return $state(error)
+    }
+    return
+}
+proc http::postError {token} {
+    variable $token
+    upvar 0 $token state
+    if {[info exists state(postErrorFull)]} {
+	return $state(postErrorFull)
+    }
+    return
+}
+
+# http::cleanup
+#
+#	Garbage collect the state associated with a transaction
+#
+# Arguments
+#	token	The token returned from http::geturl
+#
+# Side Effects
+#	Unsets the state array.
+
+proc http::cleanup {token} {
+    variable $token
+    upvar 0 $token state
+    if {[info commands ${token}--EventCoroutine] ne {}} {
+	rename ${token}--EventCoroutine {}
+    }
+    if {[info commands ${token}--SocketCoroutine] ne {}} {
+	rename ${token}--SocketCoroutine {}
+    }
+    if {[info exists state(after)]} {
+	after cancel $state(after)
+	unset state(after)
+    }
+    if {[info exists state(socketcoro)]} {
+        Log $token Cancel socket after-idle event (cleanup)
+        after cancel $state(socketcoro)
+        unset state(socketcoro)
+    }
+    if {[info exists state]} {
+	unset state
+    }
+    return
+}
+
+# http::Connect
+#
+#	This callback is made when an asynchronous connection completes.
+#
+# Arguments
+#	token	The token returned from http::geturl
+#
+# Side Effects
+#	Sets the status of the connection, which unblocks
+# 	the waiting geturl call
+
+proc http::Connect {token proto phost srvurl} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    if {[catch {eof $state(sock)} tmp] || $tmp} {
+        set err "due to unexpected EOF"
+    } elseif {[set err [fconfigure $state(sock) -error]] ne ""} {
+        # set err is done in test
+    } else {
+        # All OK
+	set state(state) connecting
+	fileevent $state(sock) writable {}
+	::http::Connected $token $proto $phost $srvurl
+	return
+    }
+
+    # Error cases.
+	Log "WARNING - if testing, pay special attention to this\
+		case (GJ) which is seldom executed - token $token"
+	if {[info exists state(reusing)] && $state(reusing)} {
+	    # The socket was closed at the server end, and closed at
+	    # this end by http::CheckEof.
+	    if {[TestForReplay $token write $err b]} {
+		return
+	    }
+
+	    # else:
+	    # This is NOT a persistent socket that has been closed since its
+	    # last use.
+	    # If any other requests are in flight or pipelined/queued, they will
+	    # be discarded.
+	}
+	Finish $token "connect failed: $err"
+    return
+}
+
+# http::Write
+#
+#	Write POST query data to the socket
+#
+# Arguments
+#	token	The token for the connection
+#
+# Side Effects
+#	Write the socket and handle callbacks.
+
+proc http::Write {token} {
+    variable http
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    set sock $state(sock)
+
+    # Output a block.  Tcl will buffer this if the socket blocks
+    set done 0
+    if {[catch {
+	# Catch I/O errors on dead sockets
+
+	if {[info exists state(-query)]} {
+	    # Chop up large query strings so queryprogress callback can give
+	    # smooth feedback.
+	    if {    $state(queryoffset) + $state(-queryblocksize)
+		 >= $state(querylength)
+	    } {
+		# This will be the last puts for the request-body.
+		if {    (![catch {fileevent $sock readable} binding])
+		     && ($binding eq [list http::CheckEof $sock])
+		} {
+		    # Remove the "fileevent readable" binding of an idle
+		    # persistent socket to http::CheckEof.  We can no longer
+		    # treat bytes received as junk. The server might still time
+		    # out and half-close the socket if it has not yet received
+		    # the first "puts".
+		    fileevent $sock readable {}
+		}
+	    }
+	    puts -nonewline $sock \
+		[string range $state(-query) $state(queryoffset) \
+		     [expr {$state(queryoffset) + $state(-queryblocksize) - 1}]]
+	    incr state(queryoffset) $state(-queryblocksize)
+	    if {$state(queryoffset) >= $state(querylength)} {
+		set state(queryoffset) $state(querylength)
+		set done 1
+	    }
+	} else {
+	    # Copy blocks from the query channel
+
+	    set outStr [read $state(-querychannel) $state(-queryblocksize)]
+	    if {[eof $state(-querychannel)]} {
+		# This will be the last puts for the request-body.
+		if {    (![catch {fileevent $sock readable} binding])
+		     && ($binding eq [list http::CheckEof $sock])
+		} {
+		    # Remove the "fileevent readable" binding of an idle
+		    # persistent socket to http::CheckEof.  We can no longer
+		    # treat bytes received as junk. The server might still time
+		    # out and half-close the socket if it has not yet received
+		    # the first "puts".
+		    fileevent $sock readable {}
+		}
+	    }
+	    puts -nonewline $sock $outStr
+	    incr state(queryoffset) [string length $outStr]
+	    if {[eof $state(-querychannel)]} {
+		set done 1
+	    }
+	}
+    } err opts]} {
+	# Do not call Finish here, but instead let the read half of the socket
+	# process whatever server reply there is to get.
+	set state(posterror) $err
+	set info [dict get $opts -errorinfo]
+	set code [dict get $opts -code]
+	set state(postErrorFull) [list $err $info $code]
+	set done 1
+    }
+
+    if {$done} {
+	catch {flush $sock}
+	fileevent $sock writable {}
+	Log ^C$tk end sending request - token $token
+	# End of writing (POST method).  The request has been sent.
+
+	DoneRequest $token
+    }
+
+    # Callback to the client after we've completely handled everything.
+
+    if {[string length $state(-queryprogress)]} {
+	namespace eval :: $state(-queryprogress) \
+	    [list $token $state(querylength) $state(queryoffset)]
+    }
+    return
+}
+
+# http::Event
+#
+#	Handle input on the socket. This command is the core of
+#	the coroutine commands ${token}--EventCoroutine that are
+#	bound to "fileevent $sock readable" and process input.
+#
+# Arguments
+#	sock	The socket receiving input.
+#	token	The token returned from http::geturl
+#
+# Side Effects
+#	Read the socket and handle callbacks.
+
+proc http::Event {sock token} {
+    variable http
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    while 1 {
+	yield
+	##Log Event call - token $token
+
+	if {![info exists state]} {
+	    Log "Event $sock with invalid token '$token' - remote close?"
+	    if {!([catch {eof $sock} tmp] || $tmp)} {
+		if {[set d [read $sock]] ne ""} {
+		    Log "WARNING: additional data left on closed socket\
+			    - token $token"
+		} else {
+		}
+	    } else {
+	    }
+	    Log ^X$tk end of response (token error) - token $token
+	    CloseSocket $sock
+	    return
+	} else {
+	}
+	if {$state(state) eq "connecting"} {
+	    ##Log - connecting - token $token
+	    if {    $state(reusing)
+		 && $state(-pipeline)
+		 && ($state(-timeout) > 0)
+		 && (![info exists state(after)])
+	    } {
+		set state(after) [after $state(-timeout) \
+			[list http::reset $token timeout]]
+	    } else {
+	    }
+
+	    if {[catch {gets $sock state(http)} nsl]} {
+		Log "WARNING - if testing, pay special attention to this\
+			case (GK) which is seldom executed - token $token"
+		if {[info exists state(reusing)] && $state(reusing)} {
+		    # The socket was closed at the server end, and closed at
+		    # this end by http::CheckEof.
+
+		    if {[TestForReplay $token read $nsl c]} {
+			return
+		    } else {
+		    }
+		    # else:
+		    # This is NOT a persistent socket that has been closed since
+		    # its last use.
+		    # If any other requests are in flight or pipelined/queued,
+		    # they will be discarded.
+		} else {
+		    # https handshake errors come here, for
+		    # Tcl 8.7 with http::SecureProxyConnect.
+		    set msg [registerError $sock]
+		    registerError $sock {}
+		    if {$msg eq {}} {
+			set msg $nsl
+		    }
+		    Log ^X$tk end of response (error) - token $token
+		    Finish $token $msg
+		    return
+		}
+	    } elseif {$nsl >= 0} {
+		##Log - connecting 1 - token $token
+		set state(state) "header"
+	    } elseif {    ([catch {eof $sock} tmp] || $tmp)
+		       && [info exists state(reusing)]
+		       && $state(reusing)
+	    } {
+		# The socket was closed at the server end, and we didn't notice.
+		# This is the first read - where the closure is usually first
+		# detected.
+
+		if {[TestForReplay $token read {} d]} {
+		    return
+		} else {
+		}
+
+		# else:
+		# This is NOT a persistent socket that has been closed since its
+		# last use.
+		# If any other requests are in flight or pipelined/queued, they
+		# will be discarded.
+	    } else {
+	    }
+	} elseif {$state(state) eq "header"} {
+	    if {[catch {gets $sock line} nhl]} {
+		##Log header failed - token $token
+		Log ^X$tk end of response (error) - token $token
+		Finish $token $nhl
+		return
+	    } elseif {$nhl == 0} {
+		##Log header done - token $token
+		Log ^E$tk end of response headers - token $token
+		# We have now read all headers
+		# We ignore HTTP/1.1 100 Continue returns. RFC2616 sec 8.2.3
+		if {    ($state(http) == "")
+		     || ([regexp {^\S+\s(\d+)} $state(http) {} x] && $x == 100)
+		} {
+		    set state(state) "connecting"
+		    continue
+		    # This was a "return" in the pre-coroutine code.
+		} else {
+		}
+
+		# We have $state(http) so let's split it into its components.
+		if {[regexp {^HTTP/(\S+) ([0-9]{3}) (.*)$} $state(http) \
+			-> httpResponse responseCode reasonPhrase]
+		} {
+		    set state(httpResponse) $httpResponse
+		    set state(responseCode) $responseCode
+		    set state(reasonPhrase) $reasonPhrase
+		} else {
+		    set state(httpResponse) $state(http)
+		    set state(responseCode) $state(http)
+		    set state(reasonPhrase) $state(http)
+		}
+
+		if {    ([info exists state(connection)])
+		     && ([info exists socketMapping($state(socketinfo))])
+		     && ("keep-alive" in $state(connection))
+		     && ($state(-keepalive))
+		     && (!$state(reusing))
+		     && ($state(-pipeline))
+		} {
+		    # Response headers received for first request on a
+		    # persistent socket.  Now ready for pipelined writes (if
+		    # any).
+		    # Previous value is $token. It cannot be "pending".
+		    set socketWrState($state(socketinfo)) Wready
+		    http::NextPipelinedWrite $token
+		} else {
+		}
+
+		# Once a "close" has been signaled, the client MUST NOT send any
+		# more requests on that connection.
+		#
+		# If either the client or the server sends the "close" token in
+		# the Connection header, that request becomes the last one for
+		# the connection.
+
+		if {    ([info exists state(connection)])
+		     && ([info exists socketMapping($state(socketinfo))])
+		     && ("close" in $state(connection))
+		     && ($state(-keepalive))
+		} {
+		    # The server warns that it will close the socket after this
+		    # response.
+		    ##Log WARNING - socket will close after response for $token
+		    # Prepare data for a call to ReplayIfClose.
+		    Log $token socket will close after this transaction
+		    # 1. Cancel socket-assignment coro events that have not yet
+		    # launched, and add the tokens to the write queue.
+		    if {[info exists socketCoEvent($state(socketinfo))]} {
+			foreach {tok can} $socketCoEvent($state(socketinfo)) {
+			    lappend socketWrQueue($state(socketinfo)) $tok
+			    unset -nocomplain ${tok}(socketcoro)
+			    after cancel $can
+			    Log $tok Cancel socket after-idle event (Event)
+			    Log Move $tok from socketCoEvent to socketWrQueue and cancel its after idle coro
+			}
+			set socketCoEvent($state(socketinfo)) {}
+		    } else {
+		    }
+
+		    if {    ($socketRdQueue($state(socketinfo)) ne {})
+			 || ($socketWrQueue($state(socketinfo)) ne {})
+			 || ($socketWrState($state(socketinfo)) ni
+						[list Wready peNding $token])
+		    } {
+			set InFlightW $socketWrState($state(socketinfo))
+			if {$InFlightW in [list Wready peNding $token]} {
+			    set InFlightW Wready
+			} else {
+			    set msg "token ${InFlightW} is InFlightW"
+			    ##Log $msg - token $token
+			}
+			set socketPlayCmd($state(socketinfo)) \
+				[list ReplayIfClose $InFlightW \
+				$socketRdQueue($state(socketinfo)) \
+				$socketWrQueue($state(socketinfo))]
+
+			# - All tokens are preserved for re-use by ReplayCore.
+			# - Queues are preserved in case of Finish with error,
+			#   but are not used for anything else because
+			#   socketClosing(*) is set below.
+			# - Cancel the state(after) timeout events.
+			foreach tokenVal $socketRdQueue($state(socketinfo)) {
+			    if {[info exists ${tokenVal}(after)]} {
+				after cancel [set ${tokenVal}(after)]
+				unset ${tokenVal}(after)
+			    } else {
+			    }
+			    # Tokens in the read queue have no (socketcoro) to
+			    # cancel.
+			}
+		    } else {
+			set socketPlayCmd($state(socketinfo)) \
+				{ReplayIfClose Wready {} {}}
+		    }
+
+		    # Do not allow further connections on this socket (but
+		    # geturl can add new requests to the replay).
+		    set socketClosing($state(socketinfo)) 1
+		} else {
+		}
+
+		set state(state) body
+
+		# According to
+		# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection
+		# any comma-separated "Connection:" list implies keep-alive, but I
+		# don't see this in the RFC so we'll play safe and
+		# scan any list for "close".
+		# Done here to support combining duplicate header field's values.
+		if {   [info exists state(connection)]
+		    && ("close" ni $state(connection))
+		    && ("keep-alive" ni $state(connection))
+		} {
+		    lappend state(connection) "keep-alive"
+		} else {
+		}
+
+		# If doing a HEAD, then we won't get any body
+		if {$state(-validate)} {
+		    Log ^F$tk end of response for HEAD request - token $token
+		    set state(state) complete
+		    Eot $token
+		    return
+		} elseif {
+			($state(method) eq {CONNECT})
+		     && [string is integer -strict $state(responseCode)]
+		     && ($state(responseCode) >= 200)
+		     && ($state(responseCode) < 300)
+		} {
+		    # A successful CONNECT response has no body.
+		    # (An unsuccessful CONNECT has headers and body.)
+		    # The code below is abstracted from Eot/Finish, but
+		    # keeps the socket open.
+		    catch {fileevent $state(sock) readable {}}
+		    catch {fileevent $state(sock) writable {}}
+		    set state(state) complete
+		    set state(status) ok
+		    if {[info commands ${token}--EventCoroutine] ne {}} {
+			rename ${token}--EventCoroutine {}
+		    }
+		    if {[info commands ${token}--SocketCoroutine] ne {}} {
+			rename ${token}--SocketCoroutine {}
+		    }
+		    if {[info exists state(socketcoro)]} {
+		        Log $token Cancel socket after-idle event (Finish)
+		        after cancel $state(socketcoro)
+		        unset state(socketcoro)
+		    }
+		    if {[info exists state(after)]} {
+			after cancel $state(after)
+			unset state(after)
+		    }
+		    if {    [info exists state(-command)]
+			 && (![info exists state(done-command-cb)])
+		    } {
+			set state(done-command-cb) yes
+			if {[catch {namespace eval :: $state(-command) $token} err]} {
+			    set state(error) [list $err $errorInfo $errorCode]
+			    set state(status) error
+			}
+		    }
+		    return
+		} else {
+		}
+
+		# - For non-chunked transfer we may have no body - in this case
+		#   we may get no further file event if the connection doesn't
+		#   close and no more data is sent. We can tell and must finish
+		#   up now - not later - the alternative would be to wait until
+		#   the server times out.
+		# - In this case, the server has NOT told the client it will
+		#   close the connection, AND it has NOT indicated the resource
+		#   length EITHER by setting the Content-Length (totalsize) OR
+		#   by using chunked Transfer-Encoding.
+		# - Do not worry here about the case (Connection: close) because
+		#   the server should close the connection.
+		# - IF (NOT Connection: close) AND (NOT chunked encoding) AND
+		#      (totalsize == 0).
+
+		if {    (!(    [info exists state(connection)]
+			    && ("close" in $state(connection))
+			  )
+			)
+		     && ($state(transfer) eq {})
+		     && ($state(totalsize) == 0)
+		} {
+		    set msg {body size is 0 and no events likely - complete}
+		    Log "$msg - token $token"
+		    set msg {(length unknown, set to 0)}
+		    Log ^F$tk end of response body {*}$msg - token $token
+		    set state(state) complete
+		    Eot $token
+		    return
+		} else {
+		}
+
+		# We have to use binary translation to count bytes properly.
+		lassign [fconfigure $sock -translation] trRead trWrite
+		fconfigure $sock -translation [list binary $trWrite]
+
+		if {
+		    $state(-binary) || [IsBinaryContentType $state(type)]
+		} {
+		    # Turn off conversions for non-text data.
+		    set state(binary) 1
+		} else {
+		}
+		if {[info exists state(-channel)]} {
+		    if {$state(binary) || [llength [ContentEncoding $token]]} {
+			fconfigure $state(-channel) -translation binary
+		    } else {
+		    }
+		    if {![info exists state(-handler)]} {
+			# Initiate a sequence of background fcopies.
+			fileevent $sock readable {}
+			rename ${token}--EventCoroutine {}
+			CopyStart $sock $token
+			return
+		    } else {
+		    }
+		} else {
+		}
+	    } elseif {$nhl > 0} {
+		# Process header lines.
+		##Log header - token $token - $line
+		if {[regexp -nocase {^([^:]+):(.+)$} $line x key value]} {
+		    set key [string tolower $key]
+		    switch -- $key {
+			content-type {
+			    set state(type) [string trim [string tolower $value]]
+			    # Grab the optional charset information.
+			    if {[regexp -nocase \
+				    {charset\s*=\s*\"((?:[^""]|\\\")*)\"} \
+				    $state(type) -> cs]} {
+				set state(charset) [string map {{\"} \"} $cs]
+			    } else {
+				regexp -nocase {charset\s*=\s*(\S+?);?} \
+					$state(type) -> state(charset)
+			    }
+			}
+			content-length {
+			    set state(totalsize) [string trim $value]
+			}
+			content-encoding {
+			    set state(coding) [string trim $value]
+			}
+			transfer-encoding {
+			    set state(transfer) \
+				    [string trim [string tolower $value]]
+			}
+			proxy-connection -
+			connection {
+			    # RFC 7230 Section 6.1 states that a comma-separated
+			    # list is an acceptable value.
+			    if {![info exists state(connectionRespFlag)]} {
+				# This is the first "Connection" response header.
+				# Scrub the earlier value set by iniitialisation.
+				set state(connectionRespFlag) {}
+				set state(connection) {}
+			    }
+			    foreach el [SplitCommaSeparatedFieldValue $value] {
+				lappend state(connection) [string tolower $el]
+			    }
+			}
+			upgrade {
+			    set state(upgrade) [string trim $value]
+			}
+			set-cookie {
+			    if {$http(-cookiejar) ne ""} {
+				ParseCookie $token [string trim $value]
+			    } else {
+			    }
+			}
+		    }
+		    lappend state(meta) $key [string trim $value]
+		} else {
+		}
+	    } else {
+	    }
+	} else {
+	    # Now reading body
+	    ##Log body - token $token
+	    if {[catch {
+		if {[info exists state(-handler)]} {
+		    set n [namespace eval :: $state(-handler) [list $sock $token]]
+		    ##Log handler $n - token $token
+		    # N.B. the protocol has been set to 1.0 because the -handler
+		    # logic is not expected to handle chunked encoding.
+		    # FIXME Allow -handler with 1.1 on dechunked stacked chan.
+		    if {$state(totalsize) == 0} {
+			# We know the transfer is complete only when the server
+			# closes the connection - i.e. eof is not an error.
+			set state(state) complete
+		    } else {
+		    }
+		    if {![string is integer -strict $n]} {
+			if 1 {
+			    # Do not tolerate bad -handler - fail with error
+			    # status.
+			    set msg {the -handler command for http::geturl must\
+				    return an integer (the number of bytes\
+				    read)}
+			    Log ^X$tk end of response (handler error) -\
+				    token $token
+			    Eot $token $msg
+			} else {
+			    # Tolerate the bad -handler, and continue.  The
+			    # penalty:
+			    # (a) Because the handler returns nonsense, we know
+			    #     the transfer is complete only when the server
+			    #     closes the connection - i.e. eof is not an
+			    #     error.
+			    # (b) http::size will not be accurate.
+			    # (c) The transaction is already downgraded to 1.0
+			    #     to avoid chunked transfer encoding.  It MUST
+			    #     also be forced to "Connection: close" or the
+			    #     HTTP/1.0 equivalent; or it MUST fail (as
+			    #     above) if the server sends
+			    #     "Connection: keep-alive" or the HTTP/1.0
+			    #     equivalent.
+			    set n 0
+			    set state(state) complete
+			}
+		    } else {
+		    }
+		} elseif {[info exists state(transfer_final)]} {
+		    # This code forgives EOF in place of the final CRLF.
+		    set line [GetTextLine $sock]
+		    set n [string length $line]
+		    set state(state) complete
+		    if {$n > 0} {
+			# - HTTP trailers (late response headers) are permitted
+			#   by Chunked Transfer-Encoding, and can be safely
+			#   ignored.
+			# - Do not count these bytes in the total received for
+			#   the response body.
+			Log "trailer of $n bytes after final chunk -\
+				token $token"
+			append state(transfer_final) $line
+			set n 0
+		    } else {
+			Log ^F$tk end of response body (chunked) - token $token
+			Log "final chunk part - token $token"
+			Eot $token
+		    }
+		} elseif {    [info exists state(transfer)]
+			   && ($state(transfer) eq "chunked")
+		} {
+		    ##Log chunked - token $token
+		    set size 0
+		    set hexLenChunk [GetTextLine $sock]
+		    #set ntl [string length $hexLenChunk]
+		    if {[string trim $hexLenChunk] ne ""} {
+			scan $hexLenChunk %x size
+			if {$size != 0} {
+			    ##Log chunk-measure $size - token $token
+			    set chunk [BlockingRead $sock $size]
+			    set n [string length $chunk]
+			    if {$n >= 0} {
+				append state(body) $chunk
+				incr state(log_size) [string length $chunk]
+				##Log chunk $n cumul $state(log_size) -\
+					token $token
+			    } else {
+			    }
+			    if {$size != [string length $chunk]} {
+				Log "WARNING: mis-sized chunk:\
+				    was [string length $chunk], should be\
+				    $size - token $token"
+				set n 0
+				set state(connection) close
+				Log ^X$tk end of response (chunk error) \
+					- token $token
+				set msg {error in chunked encoding - fetch\
+					terminated}
+				Eot $token $msg
+			    } else {
+			    }
+			    # CRLF that follows chunk.
+			    # If eof, this is handled at the end of this proc.
+			    GetTextLine $sock
+			} else {
+			    set n 0
+			    set state(transfer_final) {}
+			}
+		    } else {
+			# Line expected to hold chunk length is empty, or eof.
+			##Log bad-chunk-measure - token $token
+			set n 0
+			set state(connection) close
+			Log ^X$tk end of response (chunk error) - token $token
+			Eot $token {error in chunked encoding -\
+				fetch terminated}
+		    }
+		} else {
+		    ##Log unchunked - token $token
+		    if {$state(totalsize) == 0} {
+			# We know the transfer is complete only when the server
+			# closes the connection.
+			set state(state) complete
+			set reqSize $state(-blocksize)
+		    } else {
+			# Ask for the whole of the unserved response-body.
+			# This works around a problem with a tls::socket - for
+			# https in keep-alive mode, and a request for
+			# $state(-blocksize) bytes, the last part of the
+			# resource does not get read until the server times out.
+			set reqSize [expr {  $state(totalsize)
+					   - $state(currentsize)}]
+
+			# The workaround fails if reqSize is
+			# capped at $state(-blocksize).
+			# set reqSize [expr {min($reqSize, $state(-blocksize))}]
+		    }
+		    set c $state(currentsize)
+		    set t $state(totalsize)
+		    ##Log non-chunk currentsize $c of totalsize $t -\
+			    token $token
+		    set block [read $sock $reqSize]
+		    set n [string length $block]
+		    if {$n >= 0} {
+			append state(body) $block
+			##Log non-chunk [string length $state(body)] -\
+				token $token
+		    } else {
+		    }
+		}
+		# This calculation uses n from the -handler, chunked, or
+		# unchunked case as appropriate.
+		if {[info exists state]} {
+		    if {$n >= 0} {
+			incr state(currentsize) $n
+			set c $state(currentsize)
+			set t $state(totalsize)
+			##Log another $n currentsize $c totalsize $t -\
+				token $token
+		    } else {
+		    }
+		    # If Content-Length - check for end of data.
+		    if {
+			   ($state(totalsize) > 0)
+			&& ($state(currentsize) >= $state(totalsize))
+		    } {
+			Log ^F$tk end of response body (unchunked) -\
+				token $token
+			set state(state) complete
+			Eot $token
+		    } else {
+		    }
+		} else {
+		}
+	    } err]} {
+		Log ^X$tk end of response (error ${err}) - token $token
+		Finish $token $err
+		return
+	    } else {
+		if {[info exists state(-progress)]} {
+		    namespace eval :: $state(-progress) \
+			[list $token $state(totalsize) $state(currentsize)]
+		} else {
+		}
+	    }
+	}
+
+	# catch as an Eot above may have closed the socket already
+	# $state(state) may be connecting, header, body, or complete
+	if {(![catch {eof $sock} eof]) && $eof} {
+	    # [eof sock] succeeded and the result was 1
+	    ##Log eof - token $token
+	    if {[info exists $token]} {
+		set state(connection) close
+		if {$state(state) eq "complete"} {
+		    # This includes all cases in which the transaction
+		    # can be completed by eof.
+		    # The value "complete" is set only in http::Event, and it is
+		    # used only in the test above.
+		    Log ^F$tk end of response body (unchunked, eof) -\
+			    token $token
+		    Eot $token
+		} else {
+		    # Premature eof.
+		    Log ^X$tk end of response (unexpected eof) - token $token
+		    Eot $token eof
+		}
+	    } else {
+		# open connection closed on a token that has been cleaned up.
+		Log ^X$tk end of response (token error) - token $token
+		CloseSocket $sock
+	    }
+	} else {
+	    # EITHER [eof sock] failed - presumed done by Eot
+	    # OR     [eof sock] succeeded and the result was 0
+	}
+    }
+    return
+}
+
+# http::TestForReplay
+#
+#	Command called if eof is discovered when a socket is first used for a
+#	new transaction.  Typically this occurs if a persistent socket is used
+#	after a period of idleness and the server has half-closed the socket.
+#
+# token  - the connection token returned by http::geturl
+# doing  - "read" or "write"
+# err    - error message, if any
+# caller - code to identify the caller - used only in logging
+#
+# Return Value: boolean, true iff the command calls http::ReplayIfDead.
+
+proc http::TestForReplay {token doing err caller} {
+    variable http
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    if {$doing eq "read"} {
+	set code Q
+	set action response
+	set ing reading
+    } else {
+	set code P
+	set action request
+	set ing writing
+    }
+
+    if {$err eq {}} {
+	set err "detect eof when $ing (server timed out?)"
+    }
+
+    if {$state(method) eq "POST" && !$http(-repost)} {
+	# No Replay.
+	# The present transaction will end when Finish is called.
+	# That call to Finish will abort any other transactions
+	# currently in the write queue.
+	# For calls from http::Event this occurs when execution
+	# reaches the code block at the end of that proc.
+	set msg {no retry for POST with http::config -repost 0}
+	Log reusing socket failed "($caller)" - $msg - token $token
+	Log error - $err - token $token
+	Log ^X$tk end of $action (error) - token $token
+	return 0
+    } else {
+	# Replay.
+	set msg {try a new socket}
+	Log reusing socket failed "($caller)" - $msg - token $token
+	Log error - $err - token $token
+	Log ^$code$tk Any unfinished (incl this one) failed - token $token
+	ReplayIfDead $token $doing
+	return 1
+    }
+}
+
+# http::IsBinaryContentType --
+#
+#	Determine if the content-type means that we should definitely transfer
+#	the data as binary. [Bug 838e99a76d]
+#
+# Arguments
+#	type	The content-type of the data.
+#
+# Results:
+#	Boolean, true if we definitely should be binary.
+
+proc http::IsBinaryContentType {type} {
+    lassign [split [string tolower $type] "/;"] major minor
+    if {$major eq "text"} {
+	return false
+    }
+    # There's a bunch of XML-as-application-format things about. See RFC 3023
+    # and so on.
+    if {$major eq "application"} {
+	set minor [string trimright $minor]
+	if {$minor in {"json" "xml" "xml-external-parsed-entity" "xml-dtd"}} {
+	    return false
+	}
+    }
+    # Not just application/foobar+xml but also image/svg+xml, so let us not
+    # restrict things for now...
+    if {[string match "*+xml" $minor]} {
+	return false
+    }
+    return true
+}
+
+proc http::ParseCookie {token value} {
+    variable http
+    variable CookieRE
+    variable $token
+    upvar 0 $token state
+
+    if {![regexp $CookieRE $value -> cookiename cookieval opts]} {
+	# Bad cookie! No biscuit!
+	return
+    }
+
+    # Convert the options into a list before feeding into the cookie store;
+    # ugly, but quite easy.
+    set realopts {hostonly 1 path / secure 0 httponly 0}
+    dict set realopts origin $state(host)
+    dict set realopts domain $state(host)
+    foreach option [split [regsub -all {;\s+} $opts \u0000] \u0000] {
+	regexp {^(.*?)(?:=(.*))?$} $option -> optname optval
+	switch -exact -- [string tolower $optname] {
+	    expires {
+		if {[catch {
+		    #Sun, 06 Nov 1994 08:49:37 GMT
+		    dict set realopts expires \
+			[clock scan $optval -format "%a, %d %b %Y %T %Z"]
+		}] && [catch {
+		    # Google does this one
+		    #Mon, 01-Jan-1990 00:00:00 GMT
+		    dict set realopts expires \
+			[clock scan $optval -format "%a, %d-%b-%Y %T %Z"]
+		}] && [catch {
+		    # This is in the RFC, but it is also in the original
+		    # Netscape cookie spec, now online at:
+		    # <URL:http://curl.haxx.se/rfc/cookie_spec.html>
+		    #Sunday, 06-Nov-94 08:49:37 GMT
+		    dict set realopts expires \
+			[clock scan $optval -format "%A, %d-%b-%y %T %Z"]
+		}]} {catch {
+		    #Sun Nov  6 08:49:37 1994
+		    dict set realopts expires \
+			[clock scan $optval -gmt 1 -format "%a %b %d %T %Y"]
+		}}
+	    }
+	    max-age {
+		# Normalize
+		if {[string is integer -strict $optval]} {
+		    dict set realopts expires [expr {[clock seconds] + $optval}]
+		}
+	    }
+	    domain {
+		# From the domain-matches definition [RFC 2109, section 2]:
+		#   Host A's name domain-matches host B's if [...]
+		#	A is a FQDN string and has the form NB, where N is a
+		#	non-empty name string, B has the form .B', and B' is a
+		#	FQDN string. (So, x.y.com domain-matches .y.com but
+		#	not y.com.)
+		if {$optval ne "" && ![string match *. $optval]} {
+		    dict set realopts domain [string trimleft $optval "."]
+		    dict set realopts hostonly [expr {
+			! [string match .* $optval]
+		    }]
+		}
+	    }
+	    path {
+		if {[string match /* $optval]} {
+		    dict set realopts path $optval
+		}
+	    }
+	    secure - httponly {
+		dict set realopts [string tolower $optname] 1
+	    }
+	}
+    }
+    dict set realopts key $cookiename
+    dict set realopts value $cookieval
+    {*}$http(-cookiejar) storeCookie $realopts
+}
+
+# http::GetTextLine --
+#
+#	Get one line with the stream in crlf mode.
+#	Used if Transfer-Encoding is chunked, to read the line that
+#	reports the size of the following chunk.
+#	Empty line is not distinguished from eof.  The caller must
+#	be able to handle this.
+#
+# Arguments
+#	sock	The socket receiving input.
+#
+# Results:
+#	The line of text, without trailing newline
+
+proc http::GetTextLine {sock} {
+    set tr [fconfigure $sock -translation]
+    lassign $tr trRead trWrite
+    fconfigure $sock -translation [list crlf $trWrite]
+    set r [BlockingGets $sock]
+    fconfigure $sock -translation $tr
+    return $r
+}
+
+# http::BlockingRead
+#
+#	Replacement for a blocking read.
+#	The caller must be a coroutine.
+#	Used when we expect to read a chunked-encoding
+#	chunk of known size.
+
+proc http::BlockingRead {sock size} {
+    if {$size < 1} {
+	return
+    }
+    set result {}
+    while 1 {
+	set need [expr {$size - [string length $result]}]
+	set block [read $sock $need]
+	set eof [expr {[catch {eof $sock} tmp] || $tmp}]
+	append result $block
+	if {[string length $result] >= $size || $eof} {
+	    return $result
+	} else {
+	    yield
+	}
+    }
+}
+
+# http::BlockingGets
+#
+#	Replacement for a blocking gets.
+#	The caller must be a coroutine.
+#	Empty line is not distinguished from eof.  The caller must
+#	be able to handle this.
+
+proc http::BlockingGets {sock} {
+    while 1 {
+	set count [gets $sock line]
+	set eof [expr {[catch {eof $sock} tmp] || $tmp}]
+	if {$count >= 0 || $eof} {
+	    return $line
+	} else {
+	    yield
+	}
+    }
+}
+
+# http::CopyStart
+#
+#	Error handling wrapper around fcopy
+#
+# Arguments
+#	sock	The socket to copy from
+#	token	The token returned from http::geturl
+#
+# Side Effects
+#	This closes the connection upon error
+
+proc http::CopyStart {sock token {initial 1}} {
+    upvar 0 $token state
+    if {[info exists state(transfer)] && $state(transfer) eq "chunked"} {
+	foreach coding [ContentEncoding $token] {
+	    if {$coding eq {deflateX}} {
+		# Use the standards-compliant choice.
+		set coding2 decompress
+	    } else {
+		set coding2 $coding
+	    }
+	    lappend state(zlib) [zlib stream $coding2]
+	}
+	MakeTransformationChunked $sock [namespace code [list CopyChunk $token]]
+    } else {
+	if {$initial} {
+	    foreach coding [ContentEncoding $token] {
+		if {$coding eq {deflateX}} {
+		    # Use the standards-compliant choice.
+		    set coding2 decompress
+		} else {
+		    set coding2 $coding
+		}
+		zlib push $coding2 $sock
+	    }
+	}
+	if {[catch {
+	    # FIXME Keep-Alive on https tls::socket with unchunked transfer
+	    # hangs until the server times out. A workaround is possible, as for
+	    # the case without -channel, but it does not use the neat "fcopy"
+	    # solution.
+	    fcopy $sock $state(-channel) -size $state(-blocksize) -command \
+		[list http::CopyDone $token]
+	} err]} {
+	    Finish $token $err
+	}
+    }
+    return
+}
+
+proc http::CopyChunk {token chunk} {
+    upvar 0 $token state
+    if {[set count [string length $chunk]]} {
+	incr state(currentsize) $count
+	if {[info exists state(zlib)]} {
+	    foreach stream $state(zlib) {
+		set chunk [$stream add $chunk]
+	    }
+	}
+	puts -nonewline $state(-channel) $chunk
+	if {[info exists state(-progress)]} {
+	    namespace eval :: [linsert $state(-progress) end \
+		      $token $state(totalsize) $state(currentsize)]
+	}
+    } else {
+	Log "CopyChunk Finish - token $token"
+	if {[info exists state(zlib)]} {
+	    set excess ""
+	    foreach stream $state(zlib) {
+		catch {
+		    $stream put -finalize $excess
+		    set excess ""
+		    set overflood ""
+		    while {[set overflood [$stream get]] ne ""} { append excess $overflood }
+		}
+	    }
+	    puts -nonewline $state(-channel) $excess
+	    foreach stream $state(zlib) { $stream close }
+	    unset state(zlib)
+	}
+	Eot $token ;# FIX ME: pipelining.
+    }
+    return
+}
+
+# http::CopyDone
+#
+#	fcopy completion callback
+#
+# Arguments
+#	token	The token returned from http::geturl
+#	count	The amount transferred
+#
+# Side Effects
+#	Invokes callbacks
+
+proc http::CopyDone {token count {error {}}} {
+    variable $token
+    upvar 0 $token state
+    set sock $state(sock)
+    incr state(currentsize) $count
+    if {[info exists state(-progress)]} {
+	namespace eval :: $state(-progress) \
+	    [list $token $state(totalsize) $state(currentsize)]
+    }
+    # At this point the token may have been reset.
+    if {[string length $error]} {
+	Finish $token $error
+    } elseif {[catch {eof $sock} iseof] || $iseof} {
+	Eot $token
+    } else {
+	CopyStart $sock $token 0
+    }
+    return
+}
+
+# http::Eot
+#
+#	Called when either:
+#	a. An eof condition is detected on the socket.
+#	b. The client decides that the response is complete.
+#	c. The client detects an inconsistency and aborts the transaction.
+#
+#	Does:
+#	1. Set state(status)
+#	2. Reverse any Content-Encoding
+#	3. Convert charset encoding and line ends if necessary
+#	4. Call http::Finish
+#
+# Arguments
+#	token	The token returned from http::geturl
+#	force	(previously) optional, has no effect
+#	reason	- "eof" means premature EOF (not EOF as the natural end of
+#		  the response)
+#		- "" means completion of response, with or without EOF
+#		- anything else describes an error condition other than
+#		  premature EOF.
+#
+# Side Effects
+#	Clean up the socket
+
+proc http::Eot {token {reason {}}} {
+    variable $token
+    upvar 0 $token state
+    if {$reason eq "eof"} {
+	# Premature eof.
+	set state(status) eof
+	set reason {}
+    } elseif {$reason ne ""} {
+	# Abort the transaction.
+	set state(status) $reason
+    } else {
+	# The response is complete.
+	set state(status) ok
+    }
+
+    if {[string length $state(body)] > 0} {
+	if {[catch {
+	    foreach coding [ContentEncoding $token] {
+		if {$coding eq {deflateX}} {
+		    # First try the standards-compliant choice.
+		    set coding2 decompress
+		    if {[catch {zlib $coding2 $state(body)} result]} {
+			# If that fails, try the MS non-compliant choice.
+			set coding2 inflate
+			set state(body) [zlib $coding2 $state(body)]
+		    } else {
+			# error {failed at standards-compliant deflate}
+			set state(body) $result
+		    }
+		} else {
+		    set state(body) [zlib $coding $state(body)]
+		}
+	    }
+	} err]} {
+	    Log "error doing decompression for token $token: $err"
+	    Finish $token $err
+	    return
+	}
+
+	if {!$state(binary)} {
+	    # If we are getting text, set the incoming channel's encoding
+	    # correctly.  iso8859-1 is the RFC default, but this could be any
+	    # IANA charset.  However, we only know how to convert what we have
+	    # encodings for.
+
+	    set enc [CharsetToEncoding $state(charset)]
+	    if {$enc ne "binary"} {
+		if {[package vsatisfies [package provide Tcl] 9.0-]} {
+		    set state(body) [encoding convertfrom -profile tcl8 $enc $state(body)]
+		} else {
+		    set state(body) [encoding convertfrom $enc $state(body)]
+		}
+	    }
+
+	    # Translate text line endings.
+	    set state(body) [string map {\r\n \n \r \n} $state(body)]
+	}
+	if {[info exists state(-guesstype)] && $state(-guesstype)} {
+	    GuessType $token
+	}
+    }
+    Finish $token $reason
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::GuessType
+# ------------------------------------------------------------------------------
+# Command to attempt limited analysis of a resource with undetermined
+# Content-Type, i.e. "application/octet-stream".  This value can be set for two
+# reasons:
+# (a) by the server, in a Content-Type header
+# (b) by http::geturl, as the default value if the server does not supply a
+#     Content-Type header.
+#
+# This command converts a resource if:
+# (1) it has type application/octet-stream
+# (2) it begins with an XML declaration "<?xml name="value" ... >?"
+# (3) one tag is named "encoding" and has a recognised value; or no "encoding"
+#     tag exists (defaulting to utf-8)
+#
+# RFC 9110 Sec. 8.3 states:
+# "If a Content-Type header field is not present, the recipient MAY either
+# assume a media type of "application/octet-stream" ([RFC2046], Section 4.5.1)
+# or examine the data to determine its type."
+#
+# The RFC goes on to describe the pitfalls of "MIME sniffing", including
+# possible security risks.
+#
+# Arguments:
+# token       - connection token
+#
+# Return Value: (boolean) true iff a change has been made
+# ------------------------------------------------------------------------------
+
+proc http::GuessType {token} {
+    variable $token
+    upvar 0 $token state
+
+    if {$state(type) ne {application/octet-stream}} {
+        return 0
+    }
+
+    set body $state(body)
+    # e.g. {<?xml version="1.0" encoding="utf-8"?> ...}
+
+    if {![regexp -nocase -- {^<[?]xml[[:space:]][^>?]*[?]>} $body match]} {
+        return 0
+    }
+    # e.g. {<?xml version="1.0" encoding="utf-8"?>}
+
+    set contents [regsub -- {[[:space:]]+} $match { }]
+    set contents [string range [string tolower $contents] 6 end-2]
+    # e.g. {version="1.0" encoding="utf-8"}
+    # without excess whitespace or upper-case letters
+
+    if {![regexp -- {^([^=" ]+="[^"]+" )+$} "$contents "]} {
+        return 0
+    }
+    # The application/xml default encoding:
+    set res utf-8
+
+    set tagList [regexp -all -inline -- {[^=" ]+="[^"]+"} $contents]
+    foreach tag $tagList {
+        regexp -- {([^=" ]+)="([^"]+)"} $tag -> name value
+        if {$name eq {encoding}} {
+            set res $value
+        }
+    }
+    set enc [CharsetToEncoding $res]
+    if {$enc eq "binary"} {
+        return 0
+    }
+    if {[package vsatisfies [package provide Tcl] 9.0-]} {
+	set state(body) [encoding convertfrom -profile tcl8 $enc $state(body)]
+    } else {
+	set state(body) [encoding convertfrom $enc $state(body)]
+    }
+    set state(body) [string map {\r\n \n \r \n} $state(body)]
+    set state(type) application/xml
+    set state(binary) 0
+    set state(charset) $res
+    return 1
+}
+
+
+# http::wait --
+#
+#	See documentation for details.
+#
+# Arguments:
+#	token	Connection token.
+#
+# Results:
+#	The status after the wait.
+
+proc http::wait {token} {
+    variable $token
+    upvar 0 $token state
+
+    if {![info exists state(status)] || $state(status) eq ""} {
+	# We must wait on the original variable name, not the upvar alias
+	vwait ${token}(status)
+    }
+
+    return [status $token]
+}
+
+# http::formatQuery --
+#
+#	See documentation for details.  Call http::formatQuery with an even
+#	number of arguments, where the first is a name, the second is a value,
+#	the third is another name, and so on.
+#
+# Arguments:
+#	args	A list of name-value pairs.
+#
+# Results:
+#	TODO
+
+proc http::formatQuery {args} {
+    if {[llength $args] % 2} {
+        return \
+            -code error \
+            -errorcode [list HTTP BADARGCNT $args] \
+            {Incorrect number of arguments, must be an even number.}
+    }
+    set result ""
+    set sep ""
+    foreach i $args {
+	append result $sep [quoteString $i]
+	if {$sep eq "="} {
+	    set sep &
+	} else {
+	    set sep =
+	}
+    }
+    return $result
+}
+
+# http::quoteString --
+#
+#	Do x-www-urlencoded character mapping
+#
+# Arguments:
+#	string	The string the needs to be encoded
+#
+# Results:
+#       The encoded string
+
+proc http::quoteString {string} {
+    variable http
+    variable formMap
+
+    # The spec says: "non-alphanumeric characters are replaced by '%HH'". Use
+    # a pre-computed map and [string map] to do the conversion (much faster
+    # than [regsub]/[subst]). [Bug 1020491]
+
+    if {[package vsatisfies [package provide Tcl] 9.0-]} {
+	set string [encoding convertto -profile tcl8 $http(-urlencoding) $string]
+    } else {
+	set string [encoding convertto $http(-urlencoding) $string]
+    }
+    return [string map $formMap $string]
+}
+
+# http::ProxyRequired --
+#	Default proxy filter.
+#
+# Arguments:
+#	host	The destination host
+#
+# Results:
+#       The current proxy settings
+
+proc http::ProxyRequired {host} {
+    variable http
+    if {(![info exists http(-proxyhost)]) || ($http(-proxyhost) eq {})} {
+        return
+    }
+    if {![info exists http(-proxyport)] || ($http(-proxyport) eq {})} {
+	set port 8080
+    } else {
+	set port $http(-proxyport)
+    }
+
+    # Simple test (cf. autoproxy) for hosts that must be accessed directly,
+    # not through the proxy server.
+    foreach domain $http(-proxynot) {
+        if {[string match -nocase $domain $host]} {
+            return {}
+        }
+    }
+    return [list $http(-proxyhost) $port]
+}
+
+# http::CharsetToEncoding --
+#
+#	Tries to map a given IANA charset to a tcl encoding.  If no encoding
+#	can be found, returns binary.
+#
+
+proc http::CharsetToEncoding {charset} {
+    variable encodings
+
+    set charset [string tolower $charset]
+    if {[regexp {iso-?8859-([0-9]+)} $charset -> num]} {
+	set encoding "iso8859-$num"
+    } elseif {[regexp {iso-?2022-(jp|kr)} $charset -> ext]} {
+	set encoding "iso2022-$ext"
+    } elseif {[regexp {shift[-_]?jis} $charset]} {
+	set encoding "shiftjis"
+    } elseif {[regexp {(?:windows|cp)-?([0-9]+)} $charset -> num]} {
+	set encoding "cp$num"
+    } elseif {$charset eq "us-ascii"} {
+	set encoding "ascii"
+    } elseif {[regexp {(?:iso-?)?lat(?:in)?-?([0-9]+)} $charset -> num]} {
+	switch -- $num {
+	    5 {set encoding "iso8859-9"}
+	    1 - 2 - 3 {
+		set encoding "iso8859-$num"
+	    }
+	    default {
+		set encoding "binary"
+	    }
+	}
+    } else {
+	# other charset, like euc-xx, utf-8,...  may directly map to encoding
+	set encoding $charset
+    }
+    set idx [lsearch -exact $encodings $encoding]
+    if {$idx >= 0} {
+	return $encoding
+    } else {
+	return "binary"
+    }
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::ContentEncoding
+# ------------------------------------------------------------------------------
+# Return the list of content-encoding transformations we need to do in order.
+#
+    # --------------------------------------------------------------------------
+    # Options for Accept-Encoding, Content-Encoding: the switch command
+    # --------------------------------------------------------------------------
+    # The symbol deflateX allows http to attempt both versions of "deflate",
+    # unless there is a -channel - for a -channel, only "decompress" is tried.
+    # Alternative/extra lines for switch:
+    # The standards-compliant version of "deflate" can be chosen with:
+    #		deflate { lappend r decompress }
+    # The Microsoft non-compliant version of "deflate" can be chosen with:
+    #		deflate { lappend r inflate }
+    # The previously used implementation of "compress", which appears to be
+    # incorrect and is rarely used by web servers, can be chosen with:
+    #		compress - x-compress { lappend r decompress }
+    # --------------------------------------------------------------------------
+#
+# Arguments:
+# token  - Connection token.
+#
+# Return Value: list
+# ------------------------------------------------------------------------------
+
+proc http::ContentEncoding {token} {
+    upvar 0 $token state
+    set r {}
+    if {[info exists state(coding)]} {
+	foreach coding [split $state(coding) ,] {
+	    switch -exact -- $coding {
+		deflate { lappend r deflateX }
+		gzip - x-gzip { lappend r gunzip }
+		identity {}
+		br {
+		    return -code error\
+			    "content-encoding \"br\" not implemented"
+		}
+		default {
+		    Log "unknown content-encoding \"$coding\" ignored"
+		}
+	    }
+	}
+    }
+    return $r
+}
+
+proc http::ReceiveChunked {chan command} {
+    set data ""
+    set size -1
+    yield
+    while {1} {
+	chan configure $chan -translation {crlf binary}
+	while {[gets $chan line] < 1} { yield }
+	chan configure $chan -translation {binary binary}
+	if {[scan $line %x size] != 1} {
+	    return -code error "invalid size: \"$line\""
+	}
+	set chunk ""
+	while {$size && ![chan eof $chan]} {
+	    set part [chan read $chan $size]
+	    incr size -[string length $part]
+	    append chunk $part
+	}
+	if {[catch {
+	    uplevel #0 [linsert $command end $chunk]
+	}]} {
+	    http::Log "Error in callback: $::errorInfo"
+	}
+	if {[string length $chunk] == 0} {
+	    # channel might have been closed in the callback
+	    catch {chan event $chan readable {}}
+	    return
+	}
+    }
+}
+
+# http::SplitCommaSeparatedFieldValue --
+# 	Return the individual values of a comma-separated field value.
+#
+# Arguments:
+#	fieldValue	Comma-separated header field value.
+#
+# Results:
+#       List of values.
+proc http::SplitCommaSeparatedFieldValue {fieldValue} {
+    set r {}
+    foreach el [split $fieldValue ,] {
+	lappend r [string trim $el]
+    }
+    return $r
+}
+
+
+# http::GetFieldValue --
+# 	Return the value of a header field.
+#
+# Arguments:
+#	headers	Headers key-value list
+#	fieldName	Name of header field whose value to return.
+#
+# Results:
+#       The value of the fieldName header field
+#
+# Field names are matched case-insensitively (RFC 7230 Section 3.2).
+#
+# If the field is present multiple times, it is assumed that the field is
+# defined as a comma-separated list and the values are combined (by separating
+# them with commas, see RFC 7230 Section 3.2.2) and returned at once.
+proc http::GetFieldValue {headers fieldName} {
+    set r {}
+    foreach {field value} $headers {
+	if {[string equal -nocase $fieldName $field]} {
+	    if {$r eq {}} {
+		set r $value
+	    } else {
+		append r ", $value"
+	    }
+	}
+    }
+    return $r
+}
+
+proc http::MakeTransformationChunked {chan command} {
+    coroutine [namespace current]::dechunk$chan ::http::ReceiveChunked $chan $command
+    chan event $chan readable [namespace current]::dechunk$chan
+    return
+}
+
+interp alias {} http::data {} http::responseBody
+interp alias {} http::code {} http::responseLine
+interp alias {} http::mapReply {} http::quoteString
+interp alias {} http::meta {} http::responseHeaders
+interp alias {} http::metaValue {} http::responseHeaderValue
+interp alias {} http::ncode {} http::responseCode
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::socketForTls
+# ------------------------------------------------------------------------------
+# Command to use in place of ::socket as the value of ::tls::socketCmd.
+# This command does the same as http::socket, and also handles https connections
+# through a proxy server.
+#
+# Notes.
+# - The proxy server works differently for https and http.  This implementation
+#   is for https.  The proxy for http is implemented in http::CreateToken (in
+#   code that was previously part of http::geturl).
+# - This code implicitly uses the tls options set for https in a call to
+#   http::register, and does not need to call commands tls::*.  This simple
+#   implementation is possible because tls uses a callback to ::socket that can
+#   be redirected by changing the value of ::tls::socketCmd.
+#
+# Arguments:
+# args        - as for ::socket
+#
+# Return Value: a socket identifier
+# ------------------------------------------------------------------------------
+
+proc http::socketForTls {args} {
+    variable http
+    set host [lindex $args end-1]
+    set port [lindex $args end]
+    if {    ($http(-proxyfilter) ne {})
+         && (![catch {$http(-proxyfilter) $host} proxy])
+    } {
+        set phost [lindex $proxy 0]
+        set pport [lindex $proxy 1]
+    } else {
+        set phost {}
+        set pport {}
+    }
+    if {$phost eq ""} {
+        set sock [::http::socket {*}$args]
+    } else {
+        set sock [::http::SecureProxyConnect {*}$args $phost $pport]
+    }
+    return $sock
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::SecureProxyConnect
+# ------------------------------------------------------------------------------
+# Command to open a socket through a proxy server to a remote server for use by
+# tls. The caller must perform the tls handshake.
+#
+# Notes
+# - Based on patch supplied by Melissa Chawla in ticket 1173760, and
+#   Proxy-Authorization header cf. autoproxy by Pat Thoyts.
+# - Rewritten as a call to http::geturl, because response headers and body are
+#   needed if the CONNECT request fails.  CONNECT is implemented for this case
+#   only, by state(bypass).
+# - FUTURE WORK: give http::geturl a -connect option for a general CONNECT.
+# - The request header Proxy-Connection is discouraged in RFC 7230 (June 2014),
+#   RFC 9112 (June 2022).
+#
+# Arguments:
+# args        - as for ::socket, ending in host, port; with proxy host, proxy
+#               port appended.
+#
+# Return Value: a socket identifier
+# ------------------------------------------------------------------------------
+
+proc http::SecureProxyConnect {args} {
+    variable http
+    variable ConnectVar
+    variable ConnectCounter
+    variable failedProxyValues
+    set varName ::http::ConnectVar([incr ConnectCounter])
+
+    # Extract (non-proxy) target from args.
+    set host [lindex $args end-3]
+    set port [lindex $args end-2]
+    set args [lreplace $args end-3 end-2]
+
+    # Proxy server URL for connection.
+    # This determines where the socket is opened.
+    set phost [lindex $args end-1]
+    set pport [lindex $args end]
+    if {[string first : $phost] != -1} {
+        # IPv6 address, wrap it in [] so we can append :pport
+        set phost "\[${phost}\]"
+    }
+    set url http://${phost}:${pport}
+    # Elements of args other than host and port are not used when
+    # AsyncTransaction opens a socket.  Those elements are -async and the
+    # -type $tokenName for the https transaction.  Option -async is used by
+    # AsyncTransaction anyway, and -type $tokenName should not be propagated:
+    # the proxy request adds its own -type value.
+
+    set targ [lsearch -exact $args -type]
+    if {$targ != -1} {
+        # Record in the token that this is a proxy call.
+        set token [lindex $args $targ+1]
+        upvar 0 ${token} state
+        set tim $state(-timeout)
+        set state(proxyUsed) SecureProxyFailed
+        # This value is overwritten with "SecureProxy" below if the CONNECT is
+        # successful.  If it is unsuccessful, the socket will be closed
+        # below, and so in this unsuccessful case there are no other transactions
+        # whose (proxyUsed) must be updated.
+    } else {
+        set tim 0
+    }
+    if {$tim == 0} {
+        # Do not use infinite timeout for the proxy.
+        set tim 30000
+    }
+
+    # Prepare and send a CONNECT request to the proxy, using
+    # code similar to http::geturl.
+    set requestHeaders [list Host $host]
+    lappend requestHeaders Connection keep-alive
+    if {$http(-proxyauth) != {}} {
+        lappend requestHeaders Proxy-Authorization $http(-proxyauth)
+    }
+
+    set token2 [CreateToken $url -keepalive 0 -timeout $tim \
+            -headers $requestHeaders -command [list http::AllDone $varName]]
+    variable $token2
+    upvar 0 $token2 state2
+
+    # Kludges:
+    # Setting this variable overrides the HTTP request line and also allows
+    # -headers to override the Connection: header set by -keepalive.
+    # The arguments "-keepalive 0" ensure that when Finish is called for an
+    # unsuccessful request, the socket is always closed.
+    set state2(bypass) "CONNECT $host:$port HTTP/1.1"
+
+    AsyncTransaction $token2
+
+    if {[info coroutine] ne {}} {
+        # All callers in the http package are coroutines launched by
+        # the event loop.
+        # The cwait command requires a coroutine because it yields
+        # to the caller; $varName is traced and the coroutine resumes
+        # when the variable is written.
+        cwait $varName
+    } else {
+        return -code error {code must run in a coroutine}
+        # For testing with a non-coroutine caller outside the http package.
+        # vwait $varName
+    }
+    unset $varName
+
+    if {    ($state2(state) ne "complete")
+         || ($state2(status) ne "ok")
+         || (![string is integer -strict $state2(responseCode)])
+    } {
+        set msg {the HTTP request to the proxy server did not return a valid\
+                and complete response}
+        if {[info exists state2(error)]} {
+            append msg ": " [lindex $state2(error) 0]
+        }
+        cleanup $token2
+        return -code error $msg
+    }
+
+    set code $state2(responseCode)
+
+    if {($code >= 200) && ($code < 300)} {
+        # All OK.  The caller in package tls will now call "tls::import $sock".
+        # The cleanup command does not close $sock.
+        # Other tidying was done in http::Event.
+
+        # If this is a persistent socket, any other transactions that are
+        # already marked to use the socket will have their (proxyUsed) updated
+        # when http::OpenSocket calls http::ConfigureNewSocket.
+        set state(proxyUsed) SecureProxy
+        set sock $state2(sock)
+        cleanup $token2
+        return $sock
+    }
+
+    if {$targ != -1} {
+        # Non-OK HTTP status code; token is known because option -type
+        # (cf. targ) was passed through tcltls, and so the useful
+        # parts of the proxy's response can be copied to state(*).
+        # Do not copy state2(sock).
+        # Return the proxy response to the caller of geturl.
+        foreach name $failedProxyValues {
+            if {[info exists state2($name)]} {
+                set state($name) $state2($name)
+            }
+        }
+        set state(connection) close
+        set msg "proxy connect failed: $code"
+	# - This error message will be detected by http::OpenSocket and will
+	#   cause it to present the proxy's HTTP response as that of the
+	#   original $token transaction, identified only by state(proxyUsed)
+	#   as the response of the proxy.
+	# - The cases where this would mislead the caller of http::geturl are
+	#   given a different value of msg (below) so that http::OpenSocket will
+	#   treat them as errors, but will preserve the $token array for
+	#   inspection by the caller.
+	# - Status code 305 (Proxy Required) was deprecated for security reasons
+	#   in RFC 2616 (June 1999) and in any case should never be served by a
+	#   proxy.
+	# - Other 3xx responses from the proxy are inappropriate, and should not
+	#   occur.
+	# - A 401 response from the proxy is inappropriate, and should not
+	#   occur.  It would be confusing if returned to the caller.
+
+	if {($code >= 300) && ($code < 400)} {
+	    set msg "the proxy server responded to the HTTP request with an\
+		    inappropriate $code redirect"
+	    set loc [responseHeaderValue $token2 location]
+	    if {$loc ne {}} {
+		append msg "to " $loc
+	    }
+	} elseif {($code == 401)} {
+	    set msg "the proxy server responded to the HTTP request with an\
+		    inappropriate 401 request for target-host credentials"
+	} else {
+	}
+    } else {
+	set msg "connection to proxy failed with status code $code"
+    }
+
+    # - ${token2}(sock) has already been closed because -keepalive 0.
+    # - Error return does not pass the socket ID to the
+    #   $token transaction, which retains its socket placeholder.
+    cleanup $token2
+    return -code error $msg
+}
+
+proc http::AllDone {varName args} {
+    set $varName done
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::socket
+# ------------------------------------------------------------------------------
+# This command is a drop-in replacement for ::socket.
+# Arguments and return value as for ::socket.
+#
+# Notes.
+# - http::socket is specified in place of ::socket by the definition of urlTypes
+#   in the namespace header of this file (http.tcl).
+# - The command makes a simple call to ::socket unless the user has called
+#   http::config to change the value of -threadlevel from the default value 0.
+# - For -threadlevel 1 or 2, if the Thread package is available, the command
+#   waits in the event loop while the socket is opened in another thread.  This
+#   is a workaround for bug [824251] - it prevents http::geturl from blocking
+#   the event loop if the DNS lookup or server connection is slow.
+# - FIXME Use a thread pool if connections are very frequent.
+# - FIXME The peer thread can transfer the socket only to the main interpreter
+#   in the present thread.  Therefore this code works only if this script runs
+#   in the main interpreter.  In a child interpreter, the parent must alias a
+#   command to ::http::socket in the child, run http::socket in the parent,
+#   and then transfer the socket to the child.
+# - The http::socket command is simple, and can easily be replaced with an
+#   alternative command that uses a different technique to open a socket while
+#   entering the event loop.
+# - Unexpected behaviour by thread::send -async (Thread 2.8.6).
+#   An error in thread::send -async causes return of just the error message
+#   (not the expected 3 elements), and raises a bgerror in the main thread.
+#   Hence wrap the command with catch as a precaution.
+# ------------------------------------------------------------------------------
+
+proc http::socket {args} {
+    variable ThreadVar
+    variable ThreadCounter
+    variable http
+
+    LoadThreadIfNeeded
+
+    set targ [lsearch -exact $args -type]
+    if {$targ != -1} {
+        set token [lindex $args $targ+1]
+        set args [lreplace $args $targ $targ+1]
+        upvar 0 $token state
+    }
+
+    if {!$http(usingThread)} {
+        # Use plain "::socket".  This is the default.
+        return [eval ::socket $args]
+    }
+
+    set defcmd ::socket
+    set sockargs $args
+    set script "
+        set code \[catch {
+            [list proc ::SockInThread {caller defcmd sockargs} [info body ::http::SockInThread]]
+            [list ::SockInThread [thread::id] $defcmd $sockargs]
+        } result opts\]
+        list \$code \$opts \$result
+    "
+
+    set state(tid) [thread::create]
+    set varName ::http::ThreadVar([incr ThreadCounter])
+    thread::send -async $state(tid) $script $varName
+    Log >T Thread Start Wait $args -- coro [info coroutine] $varName
+    if {[info coroutine] ne {}} {
+        # All callers in the http package are coroutines launched by
+        # the event loop.
+        # The cwait command requires a coroutine because it yields
+        # to the caller; $varName is traced and the coroutine resumes
+        # when the variable is written.
+        cwait $varName
+    } else {
+        return -code error {code must run in a coroutine}
+        # For testing with a non-coroutine caller outside the http package.
+        # vwait $varName
+    }
+    Log >U Thread End Wait $args -- coro [info coroutine] $varName [set $varName]
+    thread::release $state(tid)
+    set state(tid) {}
+    set result [set $varName]
+    unset $varName
+    if {(![string is list $result]) || ([llength $result] != 3)} {
+        return -code error "result from peer thread is not a list of\
+                length 3: it is \n$result"
+    }
+    lassign $result threadCode threadDict threadResult
+    if {($threadCode != 0)} {
+        # This is an error in thread::send.  Return the lot.
+        return -options $threadDict -code error $threadResult
+    }
+
+    # Now the results of the catch in the peer thread.
+    lassign $threadResult catchCode errdict sock
+
+    if {($catchCode == 0) && ($sock ni [chan names])} {
+        return -code error {Transfer of socket from peer thread failed.\
+		Check that this script is not running in a child interpreter.}
+    }
+    return -options $errdict -code $catchCode $sock
+}
+
+# The commands below are dependencies of http::socket and
+# http::SecureProxyConnect and are not used elsewhere.
+
+# ------------------------------------------------------------------------------
+#  Proc http::LoadThreadIfNeeded
+# ------------------------------------------------------------------------------
+# Command to load the Thread package if it is needed.  If it is needed and not
+# loadable, the outcome depends on $http(-threadlevel):
+# value 0 => Thread package not required, no problem
+# value 1 => operate as if -threadlevel 0
+# value 2 => error return
+#
+# Arguments: none
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+proc http::LoadThreadIfNeeded {} {
+    variable http
+    if {$http(usingThread) || ($http(-threadlevel) == 0)} {
+        return
+    }
+    if {[catch {package require Thread}]} {
+        if {$http(-threadlevel) == 2} {
+            set msg {[http::config -threadlevel] has value 2,\
+                     but the Thread package is not available}
+            return -code error $msg
+        }
+        return
+    }
+    set http(usingThread) 1
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::SockInThread
+# ------------------------------------------------------------------------------
+# Command http::socket is a ::socket replacement.  It defines and runs this
+# command, http::SockInThread, in a peer thread.
+#
+# Arguments:
+# caller
+# defcmd
+# sockargs
+#
+# Return value: list of values that describe the outcome.  The return is
+# intended to be a normal (non-error) return in all cases.
+# ------------------------------------------------------------------------------
+
+proc http::SockInThread {caller defcmd sockargs} {
+    package require Thread
+
+    set catchCode [catch {eval $defcmd $sockargs} sock errdict]
+    if {$catchCode == 0} {
+        set catchCode [catch {thread::transfer $caller $sock; set sock} sock errdict]
+    }
+    return [list $catchCode $errdict $sock]
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::cwaiter::cwait
+# ------------------------------------------------------------------------------
+# Command to substitute for vwait, without the ordering issues.
+# A command that uses cwait must be a coroutine that is launched by an event,
+# e.g. fileevent or after idle, and has no calling code to be resumed upon
+# "yield".  It cannot return a value.
+#
+# Arguments:
+# varName      - fully-qualified name of the variable that the calling script
+#                will write to resume the coroutine.  Any scalar variable or
+#                array element is permitted.
+# coroName     - (optional) name of the coroutine to be called when varName is
+#                written - defaults to this coroutine
+# timeout      - (optional) timeout value in ms
+# timeoutValue - (optional) value to assign to varName if there is a timeout
+#
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+namespace eval http::cwaiter {
+    namespace export cwait
+    variable log   {}
+    variable logOn 0
+}
+
+proc http::cwaiter::cwait {
+    varName {coroName {}} {timeout {}} {timeoutValue {}}
+} {
+    set thisCoro [info coroutine]
+    if {$thisCoro eq {}} {
+        return -code error {cwait cannot be called outside a coroutine}
+    }
+    if {$coroName eq {}} {
+        set coroName $thisCoro
+    }
+    if {[string range $varName 0 1] ne {::}} {
+        return -code error {argument varName must be fully qualified}
+    }
+    if {$timeout eq {}} {
+        set toe {}
+    } elseif {[string is integer -strict $timeout] && ($timeout > 0)} {
+        set toe [after $timeout [list set $varName $timeoutValue]]
+    } else {
+        return -code error {if timeout is supplied it must be a positive integer}
+    }
+
+    set cmd [list ::http::cwaiter::CwaitHelper $varName $coroName $toe]
+    trace add variable $varName write $cmd
+    CoLog "Yield $varName $coroName"
+    yield
+    CoLog "Resume $varName $coroName"
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::cwaiter::CwaitHelper
+# ------------------------------------------------------------------------------
+# Helper command called by the trace set by cwait.
+# - Ignores the arguments added by trace.
+# - A simple call to $coroName works, and in error cases gives a suitable stack
+#   trace, but because it is inside a trace the headline error message is
+#   something like {can't set "::Result(6)": error}, not the actual
+#   error.  So let the trace command return.
+# - Remove the trace immediately.  We don't want multiple calls.
+# ------------------------------------------------------------------------------
+
+proc http::cwaiter::CwaitHelper {varName coroName toe args} {
+    CoLog "got $varName for $coroName"
+    set cmd [list ::http::cwaiter::CwaitHelper $varName $coroName $toe]
+    trace remove variable $varName write $cmd
+    after cancel $toe
+
+    after 0 $coroName
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::cwaiter::LogInit
+# ------------------------------------------------------------------------------
+# Call this command to initiate debug logging and clear the log.
+# ------------------------------------------------------------------------------
+
+proc http::cwaiter::LogInit {} {
+    variable log
+    variable logOn
+    set log {}
+    set logOn 1
+    return
+}
+
+proc http::cwaiter::LogRead {} {
+    variable log
+    return $log
+}
+
+proc http::cwaiter::CoLog {msg} {
+    variable log
+    variable logOn
+    if {$logOn} {
+        append log $msg \n
+    }
+    return
+}
+
+namespace eval http {
+    namespace import ::http::cwaiter::*
+}
+
+# Local variables:
+# indent-tabs-mode: t
+# End:
diff --git a/src/build.tcl b/src/build.tcl
index 719accbf..ee541f5b 100644
--- a/src/build.tcl
+++ b/src/build.tcl
@@ -1,6 +1,6 @@
 #!/bin/sh
 # -*- tcl -*- \
 # 'build.tcl' name as required by kettle
-# Can be run directly - but also using `pmix Kettle ...`  or `pmix KettleShell  ...`
+# Can be run directly - but also using `pmix Kettle ...`  or `pmix KettleShell  ...`\
 exec ./kettle -f "$0" "${1+$@}"
 kettle doc
diff --git a/src/make.tcl b/src/make.tcl
index 1154c2a2..64b1794c 100644
--- a/src/make.tcl
+++ b/src/make.tcl
@@ -15,7 +15,7 @@ namespace eval ::punkmake {
     variable pkg_requirements [list]; variable pkg_missing [list];variable pkg_loaded [list]
     variable non_help_flags [list -k]
     variable help_flags     [list -help --help /?]
-    variable known_commands [list project get-project-info]
+    variable known_commands [list project get-project-info shell bootsupport]
 }
 if {"::try" ni [info commands ::try]} {
     puts stderr "Tcl interpreter possibly too old - 'try' command not found - aborting"
@@ -251,11 +251,22 @@ if {$::punkmake::command eq "get-project-info"} {
 }
 
 if {$::punkmake::command eq "shell"} {
-    #package require pu
+    package require punk
+    package require punk::repl
+    puts stderr "make shell not fully implemented - dropping into ordinary punk shell"
+    repl::start stdin
 
+    exit 1
+}
+
+if {$::punkmake::command eq "bootsupport"} {
+
+
+    exit 1
 }
 
 
+
 if {$::punkmake::command ne "project"} {
     puts stderr "Command $::punkmake::command not implemented - aborting."
     exit 1
@@ -270,7 +281,11 @@ file mkdir $target_modules_base
 
 #external libs and modules first - and any supporting files - no 'building' required
 if {[file exists $sourcefolder/vendorlib]} {
-    #unpublish README.md from source folder - but on the root one
+    #unpublish README.md from source folder - but only the root one
+    #-unpublish_paths takes relative patterns e.g
+    # */test.txt  will only match test.txt exactly one level deep.
+    # */*/*.foo will match any path ending in .foo that is exactly 2 levels deep.
+    # **/test.txt will match at any level below the root (but not in the root)
     set unpublish [list\
         README.md\
     ]
@@ -279,7 +294,8 @@ if {[file exists $sourcefolder/vendorlib]} {
     set copied [dict get $resultdict files_copied]
     set sources_unchanged [dict get $resultdict sources_unchanged]
     puts stdout "--------------------------"
-    puts stderr "Copied [llength $copied] vendor libs from src/vendorlib to $projectroot/lib"
+    flush stdout
+    puts stderr "Copied [llength $copied] vendor lib files from src/vendorlib to $projectroot/lib"
     foreach f $copied {
         puts stdout "COPIED $f"
     }
@@ -296,7 +312,8 @@ if {[file exists $sourcefolder/vendormodules]} {
     set copied [dict get $resultdict files_copied]
     set sources_unchanged [dict get $resultdict sources_unchanged]
     puts stdout "--------------------------"
-    puts stderr "Copied [llength $copied] vendor modules from src/vendormodules to $target_modules_base"
+    flush stdout
+    puts stderr "Copied [llength $copied] vendor module files from src/vendormodules to $target_modules_base"
     foreach f $copied {
         puts stdout "COPIED $f"
     }
@@ -311,7 +328,16 @@ if {[file exists $sourcefolder/vendormodules]} {
 #e.g The default project layout is mainly folder structure and readme files - but has some scripts developed under the main src that we want to sync
 #src to  src/modules/punk/mix/templates/layouts/project/src
 
-    set templatebase $sourcefolder/modules/punk/mix/templates
+set layout_update_list    [list\
+    [list project $sourcefolder/modules/punk/mix/templates]\
+    [list basic $sourcefolder/mixtemplates]\
+    ]  
+
+foreach layoutinfo $layout_update_list {
+    lassign $layoutinfo layout templatebase
+    if {![file exists $templatebase]} {
+        continue
+    }
     set config [dict create\
         -make-step sync_templates\
     ]
@@ -322,8 +348,8 @@ if {[file exists $sourcefolder/vendormodules]} {
     #----------
     set pairs [list]
     set pairs [list\
-        [list $sourcefolder/build.tcl  $templatebase/layouts/project/src/build.tcl]\
-        [list $sourcefolder/make.tcl  $templatebase/layouts/project/src/make.tcl]\
+        [list $sourcefolder/build.tcl  $templatebase/layouts/$layout/src/build.tcl]\
+        [list $sourcefolder/make.tcl  $templatebase/layouts/$layout/src/make.tcl]\
     ]
 
     foreach filepair $pairs {
@@ -356,6 +382,7 @@ if {[file exists $sourcefolder/vendormodules]} {
     $tpl_event end
     $tpl_event destroy
     $tpl_installer destroy
+}
 ########################################################
 
 
@@ -380,8 +407,10 @@ foreach src_module_dir $source_module_folderlist {
     set copied                  [dict get $resultdict files_copied]
     set sources_unchanged       [dict get $resultdict sources_unchanged]
     puts stdout "--------------------------"
+    flush stdout
     puts stderr "Copied [llength $copied] non-tm source files from $src_module_dir to $target_modules_base"
     puts stderr "[llength $sources_unchanged] unchanged source files"
+    flush stderr
     puts stdout "--------------------------"
 }
 
@@ -748,7 +777,7 @@ foreach vfs $vfs_folders {
                 $bin_event targetset_end OK
                 # -- ----------
             } else {
-                $bin_event targetset_end FAILED 
+                $bin_event targetset_end FAILED -note "could not delete  
             }
             $bin_event destroy
             $bin_installer destroy
diff --git a/src/modules/punk-0.1.tm b/src/modules/punk-0.1.tm
index 8fbf6744..f1d0214b 100644
--- a/src/modules/punk-0.1.tm
+++ b/src/modules/punk-0.1.tm
@@ -5656,8 +5656,8 @@ namespace eval punk {
     # and possibly containing a decimal point, i.e.: [:space:]*[:digit:]*\.[:digit:]*
 
     proc delimit_number {unformattednumber {delim ","} {GroupSize 3}} {
-        set number [punk::objclone unformattednumber]
-        set number [string map [list _ ""] $number
+        set number [punk::objclone $unformattednumber]
+        set number [string map [list _ ""] $number]
         #normalize using expr - e.g 2e4 -> 20000.0
         set number [expr {$number}]
         # First, extract right hand part of number, up to and including decimal point
diff --git a/src/modules/punk/du-999999.0a1.0.tm b/src/modules/punk/du-999999.0a1.0.tm
index cd6547d5..c8dcbb18 100644
--- a/src/modules/punk/du-999999.0a1.0.tm
+++ b/src/modules/punk/du-999999.0a1.0.tm
@@ -1254,12 +1254,12 @@ namespace eval punk::du {
                 } else {
                     if {$loadstate eq "failed"} {
                         puts stderr "punk::du defaulting to du_dirlisting_generic because twapi load failed"
-                        set_active_function du_dirlisting du_dirlisting_generic
+                        punk::du::active::set_active_function du_dirlisting du_dirlisting_generic
                     }
                     tailcall du_dirlisting_generic $folderpath {*}$args                        
                 }
             } else {
-                set_active_function du_dirlisting du_dirlisting_unix
+                punk::du::active::set_active_function du_dirlisting du_dirlisting_unix
                 tailcall du_dirlisting_unix $folderpath {*}$args
             }
         }
diff --git a/src/modules/punk/mix/base-0.1.tm b/src/modules/punk/mix/base-0.1.tm
index ef4605b5..190c2ea1 100644
--- a/src/modules/punk/mix/base-0.1.tm
+++ b/src/modules/punk/mix/base-0.1.tm
@@ -345,7 +345,7 @@ namespace eval punk::mix::base {
         }
 
         proc mix_templates_dir {} {
-            puts stderr "mix_templates_dir WARNING: deprecated - use get_template_folders instead"
+            puts stderr "mix_templates_dir WARNING: deprecated - use get_template_basefolders instead"
             set provide_statement [package ifneeded punk::mix [package require punk::mix]]
             set tmdir [file dirname [lindex $provide_statement end]]
             set tpldir $tmdir/mix/templates
@@ -355,11 +355,11 @@ namespace eval punk::mix::base {
             return $tpldir
         }
 
-        #get_template_folders
+        #get_template_basefolders
         #   scriptpath - file or folder
         #   It represents the base point from which to search for mixtemplates folders either directly related to the scriptpath (../) or in the containing project if any
         #   The cwd will also be searched for project root - but with lower precedence in the resultset (later in list)
-        proc get_template_folders {{scriptpath ""}} {
+        proc get_template_basefolders {{scriptpath ""}} {
             #1 lowest precedence - templates from packages (ordered by order in which packages registered with punk::cap)
             set folderdict [dict create]
             set template_folder_dict [punk::cap::templates::folders]
diff --git a/src/modules/punk/mix/commandset/debug-999999.0a1.0.tm b/src/modules/punk/mix/commandset/debug-999999.0a1.0.tm
index 5b0edbe8..9a1f612e 100644
--- a/src/modules/punk/mix/commandset/debug-999999.0a1.0.tm
+++ b/src/modules/punk/mix/commandset/debug-999999.0a1.0.tm
@@ -37,9 +37,9 @@ namespace eval punk::mix::commandset::debug {
         set modulefolders [lib::find_source_module_paths $projectdir]
         puts stdout "modulefolders: $modulefolders"
 
-        set template_folder_dict [punk::mix::base::lib::get_template_folders]
-        puts stdout "get_template_folders output:"
-        pdict $template_folder_dict
+        set template_base_dict [punk::mix::base::lib::get_template_basefolders]
+        puts stdout "get_template_basefolders output:"
+        pdict $template_base_dict
         return 
     }
 
diff --git a/src/modules/punk/mix/commandset/layout-999999.0a1.0.tm b/src/modules/punk/mix/commandset/layout-999999.0a1.0.tm
index 5d724260..ea44281a 100644
--- a/src/modules/punk/mix/commandset/layout-999999.0a1.0.tm
+++ b/src/modules/punk/mix/commandset/layout-999999.0a1.0.tm
@@ -38,20 +38,20 @@ namespace eval punk::mix::commandset::layout {
         return [join $templatefiles \n]
     }
     proc templatefiles.relative {layout} {
-        set template_folder_dict [punk::mix::base::lib::get_template_folders]
+        set template_base_dict [punk::mix::base::lib::get_template_basefolders]
 
-        set tpldirs [list]
-        dict for {tdir folderinfo} $template_folder_dict {
-           if {[file exists $tdir/layouts/$layout]} {
-                lappend tpldirs $tdir
+        set bases_containing_layout [list]
+        dict for {tbase folderinfo} $template_base_dict {
+           if {[file exists $tbase/layouts/$layout]} {
+                lappend bases_containing_layout $tbase
            } 
         }
-        if {![llength $tpldirs]} {
+        if {![llength $bases_containing_layout]} {
             puts stderr "Unable to locate folder for layout '$layout'"
-            puts stderr "searched [dict size $template_folder_dict] template folders"
+            puts stderr "searched [dict size $template_base_dict] template folders"
             return
         }
-        set tpldir [lindex $tpldirs end]
+        set tpldir [lindex $bases_containing_layout end]
 
         set layout_base $tpldir/layouts
         set layout_dir [file join $layout_base $layout]
@@ -74,7 +74,7 @@ namespace eval punk::mix::commandset::layout {
             }
             set layouts [list]
             #set tplfolderdict [punk::cap::templates::folders]
-            set tplfolderdict [punk::mix::base::lib::get_template_folders]
+            set tplfolderdict [punk::mix::base::lib::get_template_basefolders]
             dict for {tdir folderinfo} $tplfolderdict {
                 set layout_base $tdir/layouts
                 #collect all layouts and use lsearch glob rather than the filesystem glob (avoid issues with dotted folder names)
@@ -89,25 +89,25 @@ namespace eval punk::mix::commandset::layout {
     }
     namespace eval lib {
         proc layout_all_files {layout} {
-            set tplfolderdict [punk::mix::base::lib::get_template_folders]
+            set tplbasedict [punk::mix::base::lib::get_template_basefolders]
             set layouts_found [list]
-            dict for {tpldir folderinfo} $tplfolderdict {
-                if {[file isdirectory $tpldir/layouts/$layout]} {
-                    lappend layouts_found $tpldir/layouts/$layout
+            dict for {tplbase folderinfo} $tplbasedict {
+                if {[file isdirectory $tplbase/layouts/$layout]} {
+                    lappend layouts_found $tplbase/layouts/$layout
                 }
             } 
             if {![llength $layouts_found]} {
                 puts stderr "layout '$layout' not found."
-                puts stderr "searched [dict size $tplfolderdict] template folders"
-                dict for {tpldir pkg} $tplfolderdict {
-                    puts stderr " - $tpldir $pkg"
+                puts stderr "searched [dict size $tplbasedict] template folders"
+                dict for {tplbase pkg} $tplbasedict {
+                    puts stderr " - $tplbase $pkg"
                 }
                 return
             }
             set layoutfolder [lindex $layouts_found end]
 
             if {![file isdirectory $layoutfolder]} {
-                puts stderr "layout '$layout' not found in /layouts within one of template_folders. (get_template_folder returned: $tplfolderdict)"
+                puts stderr "layout '$layout' not found in /layouts within one of template_folders. (get_template_folder returned: $tplbasedict)"
             }
             set file_list [list] 
             util::foreach-file $layoutfolder path {
@@ -121,17 +121,17 @@ namespace eval punk::mix::commandset::layout {
         #todo - allow specifying which package the layout is from:  e.g "punk::mix::templates project" ??
         proc layout_scan_for_template_files {layout {tags {}}} {
             #equivalent for projects? punk::mix::commandset::module::lib::templates_dict  -scriptpath "" 
-            set tplfolderdict [punk::cap::templates::folders]
+            set tplbasedict [punk::mix::base::lib::get_template_basefolders]
             set layouts_found [list]
-            dict for {tpldir pkg} $tplfolderdict {
+            dict for {tpldir pkg} $tplbasedict {
                 if {[file isdirectory $tpldir/layouts/$layout]} {
                     lappend layouts_found $tpldir/layouts/$layout
                 }
             } 
             if {![llength $layouts_found]} {
                 puts stderr "layout '$layout' not found."
-                puts stderr "searched [dict size $tplfolderdict] template folders"
-                dict for {tpldir pkg} $tplfolderdict {
+                puts stderr "searched [dict size $tplbasedict] template folders"
+                dict for {tpldir pkg} $tplbasedict {
                     puts stderr " - $tpldir $pkg"
                 }
                 return
diff --git a/src/modules/punk/mix/commandset/module-999999.0a1.0.tm b/src/modules/punk/mix/commandset/module-999999.0a1.0.tm
index 86181aac..90a00a45 100644
--- a/src/modules/punk/mix/commandset/module-999999.0a1.0.tm
+++ b/src/modules/punk/mix/commandset/module-999999.0a1.0.tm
@@ -348,17 +348,17 @@ namespace eval punk::mix::commandset::module {
             set opts [dict merge $defaults $args]
             set opt_scriptpath [dict get $opts -scriptpath]
 
-            set module_tfolders [list]
-            set tfolderdict [punk::mix::base::lib::get_template_folders $opt_scriptpath]
-            dict for {tdir folderinfo} $tfolderdict {
-                lappend module_tfolders [file join $tdir module]
+            set module_template_bases [list]
+            set tbasedict [punk::mix::base::lib::get_template_basefolders $opt_scriptpath]
+            dict for {tbase folderinfo} $tbasedict {
+                lappend module_template_bases [file join $tbase modules]
             }
 
 
 
             set template_files [list]
-            foreach fld $module_tfolders {
-                set matched_files [glob -nocomplain -dir $fld -type f template_*]
+            foreach basefld $module_template_bases {
+                set matched_files [glob -nocomplain -dir $basefld -type f template_*]
                 foreach tf $matched_files {
                     if {[string match ignore* $tf]} {
                         continue
diff --git a/src/modules/punk/mix/commandset/project-999999.0a1.0.tm b/src/modules/punk/mix/commandset/project-999999.0a1.0.tm
index 335f6bb2..61107a51 100644
--- a/src/modules/punk/mix/commandset/project-999999.0a1.0.tm
+++ b/src/modules/punk/mix/commandset/project-999999.0a1.0.tm
@@ -120,8 +120,6 @@ namespace eval punk::mix::commandset::project {
                 return
             }
         }
-
-
         set startdir [pwd]
         if {[set in_project [punk::repo::find_project $startdir]] ne ""} {
             # use this project as source of templates
@@ -130,70 +128,35 @@ namespace eval punk::mix::commandset::project {
             puts stdout "This project will be searched for templates"
             puts stdout "-------------------------------------------"
         }
-
-        #todo - detect whether inside cwd-project or inside a different project
-        set projectdir $projectparentdir/$projectname
-        if {[set target_in_project [punk::repo::find_project $projectparentdir]] ne ""} {
-            puts stderr "Target location for new project is already within a project: $target_in_project"
-            error "Nested projects not yet supported aborting"
-        }
-
-
-        set repodb_folder [punk::repo::fossil_get_repository_folder_for_project $projectname -parentfolder $startdir]
-        if {![string length $repodb_folder]} {
-            puts stderr "No usable repository database folder selected for $projectname.fossil file"
-            return
-        }
-
-        if {[file exists $repodb_folder/$projectname.fossil]} {
-            puts stdout "NOTICE: $repodb_folder/$projectname.fossil already exists"
-            if {!($opt_force || $opt_update)} {
-                puts stderr "-force 1 or -update 1 not specified - aborting"
-                return
-            }
-        }
-
-
-        
-
-        #punk::mix::commandset::module::lib::templates_dict  -scriptpath "" 
-        set template_folder_dict [punk::mix::base::lib::get_template_folders]
-        
-        set tpldirs [list]
-        dict for {tdir folderinfo} $template_folder_dict {
-           if {[file exists $tdir/layouts/$opt_layout]} {
-                lappend tpldirs $tdir
+        set template_base_dict [punk::mix::base::lib::get_template_basefolders]
+        set template_bases_containing_layout [list]
+        dict for {tbase folderinfo} $template_base_dict {
+           if {[file exists $tbase/layouts/$opt_layout]} {
+                lappend template_bases_containing_layout $tbase
            } 
         }
-        if {![llength $tpldirs]} {
+        if {![llength $template_bases_containing_layout]} {
             puts stderr "layout '$opt_layout' was not found in template dirs"
-            puts stderr "searched [dict size $template_folder_dict] template folders"
-            dict for  {tdir folderinfo} $template_folder_dict {
-                puts stderr " - $tdir $folderinfo"
+            puts stderr "searched [dict size $template_base_dict] template folders"
+            dict for  {tbase folderinfo} $template_base_dict {
+                puts stderr " - $tbase $folderinfo"
             }
             return
         }
         #review: silently use last entry which had the layout (?)
-        set tpldir [lindex $tpldirs end]
-        
+        set templatebase [lindex $template_bases_containing_layout end]
 
-        if {[file exists $projectdir] && !($opt_force || $opt_update)} {
-            puts stderr "Unable to create new project at $projectdir - file/folder already exists use -update 1 to fill in missing items from template use -force 1 to overwrite from template"
-            return
-        } elseif {[file exists $projectdir] && $opt_force} {
-            puts stderr "mix new WARNING: -force 1 was supplied. Will copy layout $tpldir/layouts/$opt_layout using -force option to overwrite from template"
-            if {$opt_confirm ni [list 0 no false]} {
-                set answer [util::askuser "Do you want to proceed to possibly overwrite existing files in $projectdir? Y|N"]
-                if {[string tolower $answer] ne "y"} {
-                    puts stderr "mix new aborting due to user response '$answer' (required Y|y to proceed)  use -confirm 0 to avoid prompts."
-                    return
-                }
-            }
-        } elseif {[file exists $projectdir] && $opt_update} {
-            puts stderr "mix new WARNING: -update 1 was supplied. Will copy layout $tpldir/layouts/$opt_layout using -update option to add missing items"
+
+
+        #todo - detect whether inside cwd-project or inside a different project
+        set projectdir $projectparentdir/$projectname
+        if {[set target_in_project [punk::repo::find_project $projectparentdir]] ne ""} {
+            puts stderr "Target location for new project is already within a project: $target_in_project"
+            error "Nested projects not yet supported aborting"
         }
 
-        
+
+
         if {[punk::repo::is_git $projectparentdir]} {
             puts stderr "mix new WARNING: target project location is within a git repo based at [punk::repo::find_git $projectparentdir]"
             puts stderr "The new project will create a fossil repository (which you are free to ignore - but but will be used to confirm project base)"
@@ -218,30 +181,104 @@ namespace eval punk::mix::commandset::project {
             }
         }
 
+        
+        set project_dir_exists [file exists $projectdir]
+        if {$project_dir_exists && !($opt_force || $opt_update)} {
+            puts stderr "Unable to create new project at $projectdir - file/folder already exists use -update 1 to fill in missing items from template use -force 1 to overwrite from template"
+            return
+        } elseif {$project_dir_exists && $opt_force} {
+            puts stderr "mix new WARNING: -force 1 was supplied. Will copy layout $templatebase/layouts/$opt_layout using -force option to overwrite from template"
+            if {$opt_confirm ni [list 0 no false]} {
+                set answer [util::askuser "Do you want to proceed to possibly overwrite existing files in $projectdir? Y|N"]
+                if {[string tolower $answer] ne "y"} {
+                    puts stderr "mix new aborting due to user response '$answer' (required Y|y to proceed)  use -confirm 0 to avoid prompts."
+                    return
+                }
+            }
+        } elseif {$project_dir_exists && $opt_update} {
+            puts stderr "mix new WARNING: -update 1 was supplied. Will copy layout $templatebase/layouts/$opt_layout using -update option to add missing items"
+        }
 
+        set fossil_repo_file "" 
+        set is_fossil_root 0
+        if {$project_dir_exists && [punk::repo::is_fossil_root $projectdir]} {
+            set is_fossil_root 1
+            set fossil_repo_file [punk::repo::fossil_get_repository_file $projectdir]
+            if {$fossil_repo_file ne ""} {
+                set repodb_folder [file dirname $fossil_repo_file]
+            }
+        }
 
-        puts stdout "Initialising fossil repo: $repodb_folder/$projectname.fossil"
-        set fossilinit [runx -n {*}$fossil_prog init $repodb_folder/$projectname.fossil -project-name $projectname]
-        if {[dict get $fossilinit exitcode] != 0} {
-            puts stderr "fossil init failed:"
-            puts stderr [dict get $fossilinit stderr]
-            return
-        } else {
-            puts stdout "fossil init result:"
-            puts stdout [dict get $fossilinit stdout]
+        if {$fossil_repo_file eq ""} {
+            set repodb_folder [punk::repo::fossil_get_repository_folder_for_project $projectname -parentfolder $startdir]
+            if {![string length $repodb_folder]} {
+                puts stderr "No usable repository database folder selected for $projectname.fossil file"
+                return
+            }
+        }
+        if {[file exists $repodb_folder/$projectname.fossil]} {
+            puts stdout "NOTICE: $repodb_folder/$projectname.fossil already exists"
+            if {!($opt_force || $opt_update)} {
+                puts stderr "-force 1 or -update 1 not specified - aborting"
+                return
+            }
+        }
+
+        if {$fossil_repo_file eq ""} {
+            puts stdout "Initialising fossil repo: $repodb_folder/$projectname.fossil"
+            set fossilinit [runx -n {*}$fossil_prog init $repodb_folder/$projectname.fossil -project-name $projectname]
+            if {[dict get $fossilinit exitcode] != 0} {
+                puts stderr "fossil init failed:"
+                puts stderr [dict get $fossilinit stderr]
+                return
+            } else {
+                puts stdout "fossil init result:"
+                puts stdout [dict get $fossilinit stdout]
+            }
         }
 
         file mkdir $projectdir
-        set layout_dir $tpldir/layouts/$opt_layout
+
+        set layout_dir $templatebase/layouts/$opt_layout
         puts stdout ">>> about to call punkcheck::install $layout_dir $projectdir" 
+        set resultdict [dict create]
         #In this case we need to override the default dir antiglob - as .fossil- folders need to be installed from template
         ## default_antiglob_dir_core  [list "#*" "_aside" ".git" ".fossil*"]
         set override_antiglob_dir_core [list #* _aside .git] 
+        set unpublish [list\
+            src/doc/*\
+            src/doc/include/*\
+        ]
         if {$opt_force} {
-            punkcheck::install $layout_dir $projectdir -installer project.new -antiglob_dir_core $override_antiglob_dir_core -overwrite ALL-TARGETS
+            set resultdict [punkcheck::install $layout_dir $projectdir -installer project.new -antiglob_dir_core $override_antiglob_dir_core -overwrite ALL-TARGETS -unpublish_paths $unpublish]
             #file copy -force $layout_dir $projectdir
         } else {
-            punkcheck::install $layout_dir $projectdir -installer project.new -antiglob_dir_core $override_antiglob_dir_core
+            set resultdict [punkcheck::install $layout_dir $projectdir -installer project.new -antiglob_dir_core $override_antiglob_dir_core -overwrite installedsourcechanged-targets -unpublish_paths $unpublish]
+        }
+        if {[dict size $resultdict]} {
+            set copied [dict get $resultdict files_copied]
+            set sources_unchanged [dict get $resultdict sources_unchanged]
+            puts stdout "--------------------------"
+            flush stdout
+            puts stderr "Copied [llength $copied] files from $layout_dir to $projectdir"
+            foreach f $copied {
+                puts stdout "COPIED $f"
+            }
+            puts stdout "[llength $sources_unchanged] unchanged source files"
+            puts stdout "--------------------------"
+        }
+        set resultdict [punkcheck::install $layout_dir/src/doc $projectdir/src/doc -punkcheck_folder $projectdir -installer project.new -antiglob_dir_core $override_antiglob_dir_core -overwrite NO-TARGETS]
+        if {[dict size $resultdict]} {
+            set copied [dict get $resultdict files_copied]
+            set files_skipped [dict get $resultdict files_skipped]
+            puts stdout "--------------------------"
+            flush stdout
+            puts stderr "Copied [llength $copied] doc files from $layout_dir/src/doc to $projectdir/src/doc"
+            foreach f $copied {
+                puts stdout "COPIED $f"
+            }
+            puts stdout "[llength $files_skipped] skipped files"
+            puts stdout "--------------------------"
         }
 
         #lappend substfiles $projectdir/README.md
@@ -260,8 +297,11 @@ namespace eval punk::mix::commandset::project {
             set fpath [file join $projectdir $templatetail]
             if {[file exists $fpath]} {
                 set fd [open $fpath r]; fconfigure $fd -translation binary; set data [read $fd]; close $fd
-                set data [string map [list %project% $projectname] $data]
-                set fdout [open $fpath w]; fconfigure $fdout -translation binary; puts -nonewline $fdout $data; close $fdout 
+                set data2 [string map [list %project% $projectname] $data]
+                if {$data2 ne $data} {
+                    puts stdout "updated template file: $fpath"
+                    set fdout [open $fpath w]; fconfigure $fdout -translation binary; puts -nonewline $fdout $data2; close $fdout 
+                }
             } else {
                 puts stderr "warning: Missing template file $fpath"
             }
@@ -273,7 +313,13 @@ namespace eval punk::mix::commandset::project {
 
         if {[file exists $projectdir/src/modules]} {
             foreach m $opt_modules {
-                punk::mix::commandset::module::new $m -project $projectname -type $opt_type -force $opt_force
+                if {![file exists $projectdir/src/modules/$m-[punk::mix::util::magic_tm_version].tm]} {
+                    punk::mix::commandset::module::new $m -project $projectname -type $opt_type 
+                } else {
+                    if {$opt_force} {
+                        punk::mix::commandset::module::new $m -project $projectname -type $opt_type -force 1
+                    }
+                }
             }
         } else {
             puts stderr "project.new WARNING template hasn't created src/modules - skipping creation of new module(s) for project"
diff --git a/src/modules/punk/mix/commandset/scriptwrap-999999.0a1.0.tm b/src/modules/punk/mix/commandset/scriptwrap-999999.0a1.0.tm
index c26cbf10..ba067039 100644
--- a/src/modules/punk/mix/commandset/scriptwrap-999999.0a1.0.tm
+++ b/src/modules/punk/mix/commandset/scriptwrap-999999.0a1.0.tm
@@ -247,9 +247,9 @@ namespace eval punk::mix::commandset::scriptwrap {
 
 
 
-        set template_folder_dict [punk::mix::base::lib::get_template_folders]
+        set template_base_dict [punk::mix::base::lib::get_template_basefolders]
         set tpldirs [list]
-        dict for {tdir tsourceinfo} $template_folder_dict {
+        dict for {tdir tsourceinfo} $template_base_dict {
            if {[file exists $tdir/utility/scriptappwrappers/$templatename]} {
                 lappend tpldirs $tdir
            } 
@@ -260,7 +260,7 @@ namespace eval punk::mix::commandset::scriptwrap {
         } else {
             if {![llength $tpldirs]} {
                 set msg "No template named '$templatename' found in src/scriptapps/wrappers or in template dirs from packages"
-                append msg \n "Searched [dict size $template_folder_dict] template dirs"
+                append msg \n "Searched [dict size $template_base_dict] template dirs"
                 error $msg
             }
 
@@ -444,9 +444,9 @@ namespace eval punk::mix::commandset::scriptwrap {
                 }
             }
 
-            set template_folder_dict [punk::mix::base::lib::get_template_folders]
+            set template_base_dict [punk::mix::base::lib::get_template_basefolders]
             set tpldirs [list]
-            dict for {tdir tsourceinfo} $template_folder_dict {
+            dict for {tdir tsourceinfo} $template_base_dict {
                 if {[file exists $tdir/utility/scriptappwrappers]} {
                         lappend tpldirs $tdir
                 } 
diff --git a/src/modules/punk/mix/templates/.punkcheck b/src/modules/punk/mix/templates/.punkcheck
new file mode 100644
index 00000000..d54e1f0b
--- /dev/null
+++ b/src/modules/punk/mix/templates/.punkcheck
@@ -0,0 +1,84 @@
+INSTALLER -tsiso 2023-11-30T01:40:19 -ts 1701268819673094 -name make.tcl -keep_events 5 {
+    EVENT -tsiso_begin 2023-11-30T01:40:19 -ts_begin 1701268819676147 -tsiso_end {} -ts_end {} -id 250ad5e3-c95e-4833-addf-1282d09c9fec -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-11-30T01:47:15 -ts_begin 1701269235368667 -tsiso_end {} -ts_end {} -id 473193f2-54d2-44e8-a31a-9650c20177b5 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-11-30T01:53:57 -ts_begin 1701269637315528 -tsiso_end {} -ts_end {} -id 0984f805-501d-4f53-ba65-9fd68222a994 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-11-30T01:54:41 -ts_begin 1701269681466076 -tsiso_end {} -ts_end {} -id 94ea851c-85e5-4c48-b793-37b521ecb209 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-11-30T02:00:53 -ts_begin 1701270053672048 -tsiso_end {} -ts_end {} -id 1e060522-28a2-4712-a0f9-78ecc279c4d6 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-11-30T02:01:16 -ts_begin 1701270076820494 -tsiso_end {} -ts_end {} -id 5ce76b29-2b9a-4652-8c51-4f0281752381 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-11-30T02:06:29 -ts_begin 1701270389366390 -tsiso_end {} -ts_end {} -id 5271c70f-3a87-4a53-9c46-7b064b2bd43f -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-11-30T02:16:17 -ts_begin 1701270977456325 -tsiso_end {} -ts_end {} -id c84fbf6e-7aae-44b4-9f2b-d99615b76a81 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-12-05T04:22:54 -ts_begin 1701710574869059 -tsiso_end {} -ts_end {} -id 08ed1a89-fbb6-4cee-a543-e7b6f69663ae -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-12-06T01:45:19 -ts_begin 1701787519119661 -tsiso_end {} -ts_end {} -id 95cbdbe1-b100-4ed6-9202-3fa1dbbe7137 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-12-06T02:32:50 -ts_begin 1701790370423077 -tsiso_end {} -ts_end {} -id 9ba7b31c-9d08-4919-b475-3683fce42a37 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-12-06T03:36:28 -ts_begin 1701794188149001 -tsiso_end {} -ts_end {} -id 52ae56d6-8032-4855-88ee-5e71801b2846 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-12-06T05:31:47 -ts_begin 1701801107537126 -tsiso_end {} -ts_end {} -id 92f7f018-6b16-469e-9336-0d4a3b9bf75a -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-12-06T05:45:26 -ts_begin 1701801926154241 -tsiso_end {} -ts_end {} -id 9aa987b8-46d5-4059-9b5f-ba1fc8e9c841 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-12-06T05:55:36 -ts_begin 1701802536235596 -tsiso_end {} -ts_end {} -id 51123563-1b90-4437-b6e6-e85b1f8b9239 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-12-06T05:58:41 -ts_begin 1701802721245826 -tsiso_end {} -ts_end {} -id d67b0687-4760-4340-8022-0ffa2e69f2b2 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+    EVENT -tsiso_begin 2023-12-06T06:09:27 -ts_begin 1701803367522663 -tsiso_end {} -ts_end {} -id 35fd839e-2ef6-4391-b2ec-809149cbb0b2 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}
+}
+FILEINFO -targets {} -keep_installrecords 3 -keep_skipped 1 -keep_inprogress 2 {
+    INSTALL-FAILED -tsiso 2023-11-30T01:40:19 -ts 1701268819677101 -installer make.tcl -eventid 250ad5e3-c95e-4833-addf-1282d09c9fec -metadata_us 21289 -ts_start_transfer 1701268819698390 -transfer_us 891 -elapsed_us 22180 {
+        SOURCE -type file -path ../../../../build.tcl -cksum 8ab5fbcfe246195a43a7ba884d3088dbced18640 -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 1 -metadata_us 9411
+    }
+    INSTALL-FAILED -tsiso 2023-11-30T01:40:19 -ts 1701268819704081 -installer make.tcl -eventid 250ad5e3-c95e-4833-addf-1282d09c9fec -metadata_us 16366 -ts_start_transfer 1701268819720447 -transfer_us 705 -elapsed_us 17071 {
+        SOURCE -type file -path layouts/project/src/build.tcl -cksum 5f647ac1fbff3cb74f42a48bbef5239730a90054 -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 1 -metadata_us 3516
+    }
+    INSTALL-FAILED -tsiso 2023-11-30T01:40:19 -ts 1701268819725576 -installer make.tcl -eventid 250ad5e3-c95e-4833-addf-1282d09c9fec -metadata_us 21854 -ts_start_transfer 1701268819747430 -transfer_us 735 -elapsed_us 22589 {
+        SOURCE -type file -path ../../../../make.tcl -cksum 0e44e25f9127c61faeb1946e2f2c7adfc6cfa585 -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 1 -metadata_us 10241
+    }
+    INSTALL-FAILED -tsiso 2023-11-30T01:40:19 -ts 1701268819752520 -installer make.tcl -eventid 250ad5e3-c95e-4833-addf-1282d09c9fec -metadata_us 18713 -ts_start_transfer 1701268819771233 -transfer_us 715 -elapsed_us 19428 {
+        SOURCE -type file -path layouts/project/src/make.tcl -cksum ca1412aac730e464406363d5fe90416cf66ce4a1 -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 1 -metadata_us 5116
+    }
+}
+FILEINFO -targets layouts/project/src/build.tcl -keep_installrecords 3 -keep_skipped 1 -keep_inprogress 2 {
+    INSTALL-INPROGRESS -tsiso 2023-11-30T01:47:15 -ts 1701269235369501 -installer make.tcl -eventid 473193f2-54d2-44e8-a31a-9650c20177b5 -tempcontext {tag EVENT -tsiso_begin 2023-11-30T01:47:15 -ts_begin 1701269235368667 -tsiso_end {} -ts_end {} -id 473193f2-54d2-44e8-a31a-9650c20177b5 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}}
+    INSTALL-INPROGRESS -tsiso 2023-11-30T01:53:57 -ts 1701269637316371 -installer make.tcl -eventid 0984f805-501d-4f53-ba65-9fd68222a994 -tempcontext {tag EVENT -tsiso_begin 2023-11-30T01:53:57 -ts_begin 1701269637315528 -tsiso_end {} -ts_end {} -id 0984f805-501d-4f53-ba65-9fd68222a994 -source ../../../.. -targets . -types {} -config {-make-step sync_templates}}
+    INSTALL-FAILED -tsiso 2023-11-30T01:54:41 -ts 1701269681466949 -installer make.tcl -eventid 94ea851c-85e5-4c48-b793-37b521ecb209 -metadata_us 23683 -ts_start_transfer 1701269681490632 -transfer_us 2738 -note {copy failed with err: error copying "C:/repo/jn/shellspy/src/buildx.tcl": no such file or directory} -elapsed_us 26421 {
+        SOURCE -type missing -path ../../../../buildx.tcl -cksum <PATHNOTFOUND> -cksum_all_opts {-cksum_content 1 -cksum_meta auto -cksum_acls 0 -cksum_usetar auto -cksum_algorithm sha1} -changed 1 -metadata_us 8987
+    }
+    INSTALL-FAILED -tsiso 2023-11-30T02:00:53 -ts 1701270053672988 -installer make.tcl -eventid 1e060522-28a2-4712-a0f9-78ecc279c4d6 -metadata_us 23887 -ts_start_transfer 1701270053696875 -transfer_us 2757 -note {copy failed with err: error copying "C:/repo/jn/shellspy/src/buildx.tcl": no such file or directory} -elapsed_us 26644 {
+        SOURCE -type missing -path ../../../../buildx.tcl -cksum <PATHNOTFOUND> -cksum_all_opts {-cksum_content 1 -cksum_meta auto -cksum_acls 0 -cksum_usetar auto -cksum_algorithm sha1} -changed 1 -metadata_us 9065
+    }
+    INSTALL-FAILED -tsiso 2023-11-30T02:01:16 -ts 1701270076821516 -installer make.tcl -eventid 5ce76b29-2b9a-4652-8c51-4f0281752381 -metadata_us 24281 -ts_start_transfer 1701270076845797 -transfer_us 2813 -note {copy failed with err: error copying "C:/repo/jn/shellspy/src/buildx.tcl": no such file or directory} -elapsed_us 27094 {
+        SOURCE -type missing -size {} -path ../../../../buildx.tcl -cksum <PATHNOTFOUND> -cksum_all_opts {-cksum_content 1 -cksum_meta auto -cksum_acls 0 -cksum_usetar auto -cksum_algorithm sha1} -changed 1 -metadata_us 9039
+    }
+    INSTALL-FAILED -tsiso 2023-11-30T02:06:29 -ts 1701270389367455 -installer make.tcl -eventid 5271c70f-3a87-4a53-9c46-7b064b2bd43f -metadata_us 24977 -ts_start_transfer 1701270389392432 -transfer_us 2918 -note {copy failed with err: error copying "C:/repo/jn/shellspy/src/buildx.tcl": no such file or directory} -elapsed_us 27895 {
+        SOURCE -type missing -size {} -path ../../../../buildx.tcl -cksum <PATHNOTFOUND> -cksum_all_opts {-cksum_content 1 -cksum_meta auto -cksum_acls 0 -cksum_usetar auto -cksum_algorithm sha1} -changed 1 -metadata_us 9034
+    }
+    INSTALL-RECORD -tsiso 2023-11-30T02:16:17 -ts 1701270977457421 -installer make.tcl -eventid c84fbf6e-7aae-44b4-9f2b-d99615b76a81 -metadata_us 26164 -ts_start_transfer 1701270977483585 -transfer_us 3773 -note test -elapsed_us 29937 {
+        SOURCE -type file -size 195 -path ../../../../build.tcl -cksum 8ab5fbcfe246195a43a7ba884d3088dbced18640 -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 1 -metadata_us 9681
+    }
+    INSTALL-RECORD -tsiso 2023-12-05T04:22:54 -ts 1701710574870134 -installer make.tcl -eventid 08ed1a89-fbb6-4cee-a543-e7b6f69663ae -metadata_us 25456 -ts_start_transfer 1701710574895590 -transfer_us 4425 -note test -elapsed_us 29881 {
+        SOURCE -type file -size 196 -path ../../../../build.tcl -cksum 54fc5a072dc4627d1df737eecc8daed2fdd17f4d -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 1 -metadata_us 9776
+    }
+    INSTALL-SKIPPED -tsiso 2023-12-06T06:09:27 -ts 1701803367523924 -installer make.tcl -eventid 35fd839e-2ef6-4391-b2ec-809149cbb0b2 -elapsed_us 22312 {
+        SOURCE -type file -size 196 -path ../../../../build.tcl -cksum 54fc5a072dc4627d1df737eecc8daed2fdd17f4d -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 0 -metadata_us 9830
+    }
+}
+FILEINFO -targets layouts/project/src/make.tcl -keep_installrecords 3 -keep_skipped 1 -keep_inprogress 2 {
+    INSTALL-FAILED -tsiso 2023-11-30T01:54:41 -ts 1701269681498040 -installer make.tcl -eventid 94ea851c-85e5-4c48-b793-37b521ecb209 -metadata_us 23162 -ts_start_transfer 1701269681521202 -transfer_us 2474 -note {copy failed with err: error copying "C:/repo/jn/shellspy/src/makex.tcl": no such file or directory} -elapsed_us 25636 {
+        SOURCE -type missing -path ../../../../makex.tcl -cksum <PATHNOTFOUND> -cksum_all_opts {-cksum_content 1 -cksum_meta auto -cksum_acls 0 -cksum_usetar auto -cksum_algorithm sha1} -changed 1 -metadata_us 8978
+    }
+    INSTALL-FAILED -tsiso 2023-11-30T02:00:53 -ts 1701270053704394 -installer make.tcl -eventid 1e060522-28a2-4712-a0f9-78ecc279c4d6 -metadata_us 23411 -ts_start_transfer 1701270053727805 -transfer_us 2522 -note {copy failed with err: error copying "C:/repo/jn/shellspy/src/makex.tcl": no such file or directory} -elapsed_us 25933 {
+        SOURCE -type missing -path ../../../../makex.tcl -cksum <PATHNOTFOUND> -cksum_all_opts {-cksum_content 1 -cksum_meta auto -cksum_acls 0 -cksum_usetar auto -cksum_algorithm sha1} -changed 1 -metadata_us 9024
+    }
+    INSTALL-FAILED -tsiso 2023-11-30T02:01:16 -ts 1701270076853426 -installer make.tcl -eventid 5ce76b29-2b9a-4652-8c51-4f0281752381 -metadata_us 23643 -ts_start_transfer 1701270076877069 -transfer_us 2566 -note {copy failed with err: error copying "C:/repo/jn/shellspy/src/makex.tcl": no such file or directory} -elapsed_us 26209 {
+        SOURCE -type missing -size {} -path ../../../../makex.tcl -cksum <PATHNOTFOUND> -cksum_all_opts {-cksum_content 1 -cksum_meta auto -cksum_acls 0 -cksum_usetar auto -cksum_algorithm sha1} -changed 1 -metadata_us 8991
+    }
+    INSTALL-FAILED -tsiso 2023-11-30T02:06:29 -ts 1701270389400265 -installer make.tcl -eventid 5271c70f-3a87-4a53-9c46-7b064b2bd43f -metadata_us 23863 -ts_start_transfer 1701270389424128 -transfer_us 2604 -note {copy failed with err: error copying "C:/repo/jn/shellspy/src/makex.tcl": no such file or directory} -elapsed_us 26467 {
+        SOURCE -type missing -size {} -path ../../../../makex.tcl -cksum <PATHNOTFOUND> -cksum_all_opts {-cksum_content 1 -cksum_meta auto -cksum_acls 0 -cksum_usetar auto -cksum_algorithm sha1} -changed 1 -metadata_us 9005
+    }
+    INSTALL-RECORD -tsiso 2023-12-06T01:45:19 -ts 1701787519148901 -installer make.tcl -eventid 95cbdbe1-b100-4ed6-9202-3fa1dbbe7137 -metadata_us 26024 -ts_start_transfer 1701787519174925 -transfer_us 4325 -note test -elapsed_us 30349 {
+        SOURCE -type file -size 32642 -path ../../../../make.tcl -cksum 80105c381fa3db05833f44b716c1536fef128d84 -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 1 -metadata_us 10482
+    }
+    INSTALL-RECORD -tsiso 2023-12-06T02:32:50 -ts 1701790370452196 -installer make.tcl -eventid 9ba7b31c-9d08-4919-b475-3683fce42a37 -metadata_us 26602 -ts_start_transfer 1701790370478798 -transfer_us 4392 -note test -elapsed_us 30994 {
+        SOURCE -type file -size 32922 -path ../../../../make.tcl -cksum 7aea3c018ce954a67ce8254c88e07407e008247c -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 1 -metadata_us 10680
+    }
+    INSTALL-RECORD -tsiso 2023-12-06T03:36:28 -ts 1701794188178099 -installer make.tcl -eventid 52ae56d6-8032-4855-88ee-5e71801b2846 -metadata_us 26790 -ts_start_transfer 1701794188204889 -transfer_us 4285 -note test -elapsed_us 31075 {
+        SOURCE -type file -size 32956 -path ../../../../make.tcl -cksum dda7ebdcf186a5bd8e7f9c72a8e2bc892620fcab -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 1 -metadata_us 11017
+    }
+    INSTALL-SKIPPED -tsiso 2023-12-06T06:09:27 -ts 1701803367551725 -installer make.tcl -eventid 35fd839e-2ef6-4391-b2ec-809149cbb0b2 -elapsed_us 22232 {
+        SOURCE -type file -size 32956 -path ../../../../make.tcl -cksum dda7ebdcf186a5bd8e7f9c72a8e2bc892620fcab -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 0 -metadata_us 10590
+    }
+}
\ No newline at end of file
diff --git a/src/modules/punk/mix/templates/layouts/project/.gitignore b/src/modules/punk/mix/templates/layouts/project/.gitignore
index deddaf71..4d6b6912 100644
--- a/src/modules/punk/mix/templates/layouts/project/.gitignore
+++ b/src/modules/punk/mix/templates/layouts/project/.gitignore
@@ -37,3 +37,11 @@ _FOSSIL_
 
 
 todo.txt
+
+zig-cache/
+zig-out/
+/release/
+/debug/
+/build/
+/build-*/
+/docgen_tmp/
diff --git a/src/modules/punk/mix/templates/layouts/project/src/_vfscommon/lib/common_vfs_libs b/src/modules/punk/mix/templates/layouts/project/src/_vfscommon/lib/common_vfs_libs
new file mode 100644
index 00000000..e69de29b
diff --git a/src/modules/punk/mix/templates/layouts/project/src/bootsupport/modules/http-2.10b1.tm b/src/modules/punk/mix/templates/layouts/project/src/bootsupport/modules/http-2.10b1.tm
new file mode 100644
index 00000000..6c3c068c
--- /dev/null
+++ b/src/modules/punk/mix/templates/layouts/project/src/bootsupport/modules/http-2.10b1.tm
@@ -0,0 +1,5457 @@
+# http.tcl --
+#
+#	Client-side HTTP for GET, POST, and HEAD commands. These routines can
+#	be used in untrusted code that uses the Safesock security policy.
+#	These procedures use a callback interface to avoid using vwait, which
+#	is not defined in the safe base.
+#
+# See the file "license.terms" for information on usage and redistribution of
+# this file, and for a DISCLAIMER OF ALL WARRANTIES.
+
+package require Tcl 8.6-
+# Keep this in sync with pkgIndex.tcl and with the install directories in
+# Makefiles
+package provide http 2.10b1
+
+namespace eval http {
+    # Allow resourcing to not clobber existing data
+
+    variable http
+    if {![info exists http]} {
+	array set http {
+	    -accept */*
+	    -cookiejar {}
+	    -pipeline 1
+	    -postfresh 0
+	    -proxyhost {}
+	    -proxyport {}
+	    -proxyfilter http::ProxyRequired
+	    -proxynot {}
+	    -proxyauth {}
+	    -repost 0
+	    -threadlevel 0
+	    -urlencoding utf-8
+	    -zip 1
+	}
+	# We need a useragent string of this style or various servers will
+	# refuse to send us compressed content even when we ask for it. This
+	# follows the de-facto layout of user-agent strings in current browsers.
+	# Safe interpreters do not have ::tcl_platform(os) or
+	# ::tcl_platform(osVersion).
+	if {[interp issafe]} {
+	    set http(-useragent) "Mozilla/5.0\
+		(Windows; U;\
+		Windows NT 10.0)\
+		http/[package provide http] Tcl/[package provide Tcl]"
+	} else {
+	    set http(-useragent) "Mozilla/5.0\
+		([string totitle $::tcl_platform(platform)]; U;\
+		$::tcl_platform(os) $::tcl_platform(osVersion))\
+		http/[package provide http] Tcl/[package provide Tcl]"
+	}
+    }
+
+    proc init {} {
+	# Set up the map for quoting chars. RFC3986 Section 2.3 say percent
+	# encode all except: "... percent-encoded octets in the ranges of
+	# ALPHA (%41-%5A and %61-%7A), DIGIT (%30-%39), hyphen (%2D), period
+	# (%2E), underscore (%5F), or tilde (%7E) should not be created by URI
+	# producers ..."
+	for {set i 0} {$i <= 256} {incr i} {
+	    set c [format %c $i]
+	    if {![string match {[-._~a-zA-Z0-9]} $c]} {
+		set map($c) %[format %.2X $i]
+	    }
+	}
+	# These are handled specially
+	set map(\n) %0D%0A
+	variable formMap [array get map]
+
+	# Create a map for HTTP/1.1 open sockets
+	variable socketMapping
+	variable socketRdState
+	variable socketWrState
+	variable socketRdQueue
+	variable socketWrQueue
+	variable socketPhQueue
+	variable socketClosing
+	variable socketPlayCmd
+	variable socketCoEvent
+	variable socketProxyId
+	if {[info exists socketMapping]} {
+	    # Close open sockets on re-init.  Do not permit retries.
+	    foreach {url sock} [array get socketMapping] {
+		unset -nocomplain socketClosing($url)
+		unset -nocomplain socketPlayCmd($url)
+		CloseSocket $sock
+	    }
+	}
+
+	# CloseSocket should have unset the socket* arrays, one element at
+	# a time.  Now unset anything that was overlooked.
+	# Traces on "unset socketRdState(*)" will call CancelReadPipeline and
+	# cancel any queued responses.
+	# Traces on "unset socketWrState(*)" will call CancelWritePipeline and
+	# cancel any queued requests.
+	array unset socketMapping
+	array unset socketRdState
+	array unset socketWrState
+	array unset socketRdQueue
+	array unset socketWrQueue
+	array unset socketPhQueue
+	array unset socketClosing
+	array unset socketPlayCmd
+	array unset socketCoEvent
+	array unset socketProxyId
+	array set socketMapping {}
+	array set socketRdState {}
+	array set socketWrState {}
+	array set socketRdQueue {}
+	array set socketWrQueue {}
+	array set socketPhQueue {}
+	array set socketClosing {}
+	array set socketPlayCmd {}
+	array set socketCoEvent {}
+	array set socketProxyId {}
+	return
+    }
+    init
+
+    variable urlTypes
+    if {![info exists urlTypes]} {
+	set urlTypes(http) [list 80 ::http::socket]
+    }
+
+    variable encodings [string tolower [encoding names]]
+    # This can be changed, but iso8859-1 is the RFC standard.
+    variable defaultCharset
+    if {![info exists defaultCharset]} {
+	set defaultCharset "iso8859-1"
+    }
+
+    # Force RFC 3986 strictness in geturl url verification?
+    variable strict
+    if {![info exists strict]} {
+	set strict 1
+    }
+
+    # Let user control default keepalive for compatibility
+    variable defaultKeepalive
+    if {![info exists defaultKeepalive]} {
+	set defaultKeepalive 0
+    }
+
+    # Regular expression used to parse cookies
+    variable CookieRE {(?x)                            # EXPANDED SYNTAX
+	\s*                                            # Ignore leading spaces
+	([^][\u0000- ()<>@,;:\\""/?={}\u007f-\uffff]+) # Match the name
+	=                                              # LITERAL: Equal sign
+	([!\u0023-+\u002D-:<-\u005B\u005D-~]*)         # Match the value
+	(?:
+	 \s* ; \s*                                     # LITERAL: semicolon
+	 ([^\u0000]+)                                  # Match the options
+	)?
+    }
+
+    variable TmpSockCounter 0
+    variable ThreadCounter  0
+
+    variable reasonDict [dict create {*}{
+        100 Continue
+        101 {Switching Protocols}
+        102 Processing
+        103 {Early Hints}
+        200 OK
+        201 Created
+        202 Accepted
+        203 {Non-Authoritative Information}
+        204 {No Content}
+        205 {Reset Content}
+        206 {Partial Content}
+        207 Multi-Status
+        208 {Already Reported}
+        226 {IM Used}
+        300 {Multiple Choices}
+        301 {Moved Permanently}
+        302 Found
+        303 {See Other}
+        304 {Not Modified}
+        305 {Use Proxy}
+        306 (Unused)
+        307 {Temporary Redirect}
+        308 {Permanent Redirect}
+        400 {Bad Request}
+        401 Unauthorized
+        402 {Payment Required}
+        403 Forbidden
+        404 {Not Found}
+        405 {Method Not Allowed}
+        406 {Not Acceptable}
+        407 {Proxy Authentication Required}
+        408 {Request Timeout}
+        409 Conflict
+        410 Gone
+        411 {Length Required}
+        412 {Precondition Failed}
+        413 {Content Too Large}
+        414 {URI Too Long}
+        415 {Unsupported Media Type}
+        416 {Range Not Satisfiable}
+        417 {Expectation Failed}
+        418 (Unused)
+        421 {Misdirected Request}
+        422 {Unprocessable Content}
+        423 Locked
+        424 {Failed Dependency}
+        425 {Too Early}
+        426 {Upgrade Required}
+        428 {Precondition Required}
+        429 {Too Many Requests}
+        431 {Request Header Fields Too Large}
+        451 {Unavailable For Legal Reasons}
+        500 {Internal Server Error}
+        501 {Not Implemented}
+        502 {Bad Gateway}
+        503 {Service Unavailable}
+        504 {Gateway Timeout}
+        505 {HTTP Version Not Supported}
+        506 {Variant Also Negotiates}
+        507 {Insufficient Storage}
+        508 {Loop Detected}
+        510 {Not Extended (OBSOLETED)}
+        511 {Network Authentication Required}
+    }]
+
+    variable failedProxyValues {
+	binary
+	body
+	charset
+	coding
+	connection
+	connectionRespFlag
+	currentsize
+	host
+	http
+	httpResponse
+	meta
+	method
+	querylength
+	queryoffset
+	reasonPhrase
+	requestHeaders
+	requestLine
+	responseCode
+	state
+	status
+	tid
+	totalsize
+	transfer
+	type
+    }
+
+    namespace export geturl config reset wait formatQuery postError quoteString
+    namespace export register unregister registerError
+    namespace export requestLine requestHeaders requestHeaderValue
+    namespace export responseLine responseHeaders responseHeaderValue
+    namespace export responseCode responseBody responseInfo reasonPhrase
+    # - Legacy aliases, were never exported:
+    #     data, code, mapReply, meta, ncode
+    # - Callable from outside (e.g. from TLS) by fully-qualified name, but
+    #   not exported:
+    #     socket
+    # - Useful, but never exported (and likely to have naming collisions):
+    #     size, status, cleanup, error, init
+    #   Comments suggest that "init" can be used for re-initialisation,
+    #   although the command is undocumented.
+    # - Never exported, renamed from lower-case names:
+    #   GetTextLine, MakeTransformationChunked.
+}
+
+# http::Log --
+#
+#	Debugging output -- define this to observe HTTP/1.1 socket usage.
+#	Should echo any args received.
+#
+# Arguments:
+#     msg	Message to output
+#
+if {[info command http::Log] eq {}} {proc http::Log {args} {}}
+
+# http::register --
+#
+#     See documentation for details.
+#
+# Arguments:
+#     proto	URL protocol prefix, e.g. https
+#     port	Default port for protocol
+#     command	Command to use to create socket
+# Results:
+#     list of port and command that was registered.
+
+proc http::register {proto port command} {
+    variable urlTypes
+    set urlTypes([string tolower $proto]) [list $port $command]
+}
+
+# http::unregister --
+#
+#     Unregisters URL protocol handler
+#
+# Arguments:
+#     proto	URL protocol prefix, e.g. https
+# Results:
+#     list of port and command that was unregistered.
+
+proc http::unregister {proto} {
+    variable urlTypes
+    set lower [string tolower $proto]
+    if {![info exists urlTypes($lower)]} {
+	return -code error "unsupported url type \"$proto\""
+    }
+    set old $urlTypes($lower)
+    unset urlTypes($lower)
+    return $old
+}
+
+# http::config --
+#
+#	See documentation for details.
+#
+# Arguments:
+#	args		Options parsed by the procedure.
+# Results:
+#        TODO
+
+proc http::config {args} {
+    variable http
+    set options [lsort [array names http -*]]
+    set usage [join $options ", "]
+    if {[llength $args] == 0} {
+	set result {}
+	foreach name $options {
+	    lappend result $name $http($name)
+	}
+	return $result
+    }
+    set options [string map {- ""} $options]
+    set pat ^-(?:[join $options |])$
+    if {[llength $args] == 1} {
+	set flag [lindex $args 0]
+	if {![regexp -- $pat $flag]} {
+	    return -code error "Unknown option $flag, must be: $usage"
+	}
+	return $http($flag)
+    } elseif {[llength $args] % 2} {
+	return -code error "If more than one argument is supplied, the\
+		number of arguments must be even"
+    } else {
+	foreach {flag value} $args {
+	    if {![regexp -- $pat $flag]} {
+		return -code error "Unknown option $flag, must be: $usage"
+	    }
+	    if {($flag eq {-threadlevel}) && ($value ni {0 1 2})} {
+		return -code error {Option -threadlevel must be 0, 1 or 2}
+	    }
+	    set http($flag) $value
+	}
+	return
+    }
+}
+
+# ------------------------------------------------------------------------------
+#  Proc http::reasonPhrase
+# ------------------------------------------------------------------------------
+# Command to return the IANA-recommended "reason phrase" for a HTTP Status Code.
+# Information obtained from:
+# https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
+#
+# Arguments:
+# code        - A valid HTTP Status Code (integer from 100 to 599)
+#
+# Return Value: the reason phrase
+# ------------------------------------------------------------------------------
+
+proc http::reasonPhrase {code} {
+    variable reasonDict
+    if {![regexp -- {^[1-5][0-9][0-9]$} $code]} {
+        set msg {argument must be a three-digit integer from 100 to 599}
+        return -code error $msg
+    }
+    if {[dict exists $reasonDict $code]} {
+        set reason [dict get $reasonDict $code]
+    } else {
+        set reason Unassigned
+    }
+    return $reason
+}
+
+# http::Finish --
+#
+#	Clean up the socket and eval close time callbacks
+#
+# Arguments:
+#	token	    Connection token.
+#	errormsg    (optional) If set, forces status to error.
+#	skipCB      (optional) If set, don't call the -command callback. This
+#		    is useful when geturl wants to throw an exception instead
+#		    of calling the callback. That way, the same error isn't
+#		    reported to two places.
+#
+# Side Effects:
+#        May close the socket.
+
+proc http::Finish {token {errormsg ""} {skipCB 0}} {
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+    global errorInfo errorCode
+    set closeQueue 0
+    if {$errormsg ne ""} {
+	set state(error) [list $errormsg $errorInfo $errorCode]
+	set state(status) "error"
+    }
+    if {[info commands ${token}--EventCoroutine] ne {}} {
+	rename ${token}--EventCoroutine {}
+    }
+    if {[info commands ${token}--SocketCoroutine] ne {}} {
+	rename ${token}--SocketCoroutine {}
+    }
+    if {[info exists state(socketcoro)]} {
+        Log $token Cancel socket after-idle event (Finish)
+        after cancel $state(socketcoro)
+        unset state(socketcoro)
+    }
+
+    # Is this an upgrade request/response?
+    set upgradeResponse \
+	[expr {    [info exists state(upgradeRequest)]
+		&& $state(upgradeRequest)
+		&& [info exists state(http)]
+		&& ([ncode $token] eq {101})
+		&& [info exists state(connection)]
+		&& ("upgrade" in $state(connection))
+		&& [info exists state(upgrade)]
+		&& ("" ne $state(upgrade))
+	}]
+
+    if {  ($state(status) eq "timeout")
+       || ($state(status) eq "error")
+       || ($state(status) eq "eof")
+    } {
+	set closeQueue 1
+	set connId $state(socketinfo)
+	if {[info exists state(sock)]} {
+	    set sock $state(sock)
+	    CloseSocket $state(sock) $token
+	} else {
+            # When opening the socket and calling http::reset
+            # immediately, the socket may not yet exist.
+            # Test http-4.11 may come here.
+	}
+	if {$state(tid) ne {}} {
+            # When opening the socket in a thread, and calling http::reset
+            # immediately, the thread may still exist.
+            # Test http-4.11 may come here.
+	    thread::release $state(tid)
+	    set state(tid) {}
+	} else {
+	}
+    } elseif {$upgradeResponse} {
+	# Special handling for an upgrade request/response.
+	# - geturl ensures that this is not a "persistent" socket used for
+	#   multiple HTTP requests, so a call to KeepSocket is not needed.
+	# - Leave socket open, so a call to CloseSocket is not needed either.
+	# - Remove fileevent bindings.  The caller will set its own bindings.
+	# - THE CALLER MUST PROCESS THE UPGRADED SOCKET IN THE CALLBACK COMMAND
+	#   PASSED TO http::geturl AS -command callback.
+	catch {fileevent $state(sock) readable {}}
+	catch {fileevent $state(sock) writable {}}
+    } elseif {
+          ([info exists state(-keepalive)] && !$state(-keepalive))
+       || ([info exists state(connection)] && ("close" in $state(connection)))
+    } {
+	set closeQueue 1
+	set connId $state(socketinfo)
+	if {[info exists state(sock)]} {
+	    set sock $state(sock)
+	    CloseSocket $state(sock) $token
+	} else {
+            # When opening the socket and calling http::reset
+            # immediately, the socket may not yet exist.
+            # Test http-4.11 may come here.
+	}
+    } elseif {
+	  ([info exists state(-keepalive)] && $state(-keepalive))
+       && ([info exists state(connection)] && ("close" ni $state(connection)))
+    } {
+	KeepSocket $token
+    }
+    if {[info exists state(after)]} {
+	after cancel $state(after)
+	unset state(after)
+    }
+    if {[info exists state(-command)] && (!$skipCB)
+	    && (![info exists state(done-command-cb)])} {
+	set state(done-command-cb) yes
+	if {    [catch {namespace eval :: $state(-command) $token} err]
+	     && ($errormsg eq "")
+	} {
+	    set state(error) [list $err $errorInfo $errorCode]
+	    set state(status) error
+	}
+    }
+
+    if {    $closeQueue
+	 && [info exists socketMapping($connId)]
+	 && ($socketMapping($connId) eq $sock)
+    } {
+	http::CloseQueuedQueries $connId $token
+	# This calls Unset.  Other cases do not need the call.
+    }
+    return
+}
+
+# http::KeepSocket -
+#
+#	Keep a socket in the persistent sockets table and connect it to its next
+#	queued task if possible.  Otherwise leave it idle and ready for its next
+#	use.
+#
+#	If $socketClosing(*), then ("close" in $state(connection)) and therefore
+#	this command will not be called by Finish.
+#
+# Arguments:
+#	token	    Connection token.
+
+proc http::KeepSocket {token} {
+    variable http
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    # Keep this socket open for another request ("Keep-Alive").
+    # React if the server half-closes the socket.
+    # Discussion is in http::geturl.
+    catch {fileevent $state(sock) readable [list http::CheckEof $state(sock)]}
+
+    # The line below should not be changed in production code.
+    # It is edited by the test suite.
+    set TEST_EOF 0
+    if {$TEST_EOF} {
+	# ONLY for testing reaction to server eof.
+	# No server timeouts will be caught.
+	catch {fileevent $state(sock) readable {}}
+    }
+
+    if {    [info exists state(socketinfo)]
+	 && [info exists socketMapping($state(socketinfo))]
+    } {
+	set connId $state(socketinfo)
+	# The value "Rready" is set only here.
+	set socketRdState($connId) Rready
+
+	if {    $state(-pipeline)
+	     && [info exists socketRdQueue($connId)]
+	     && [llength $socketRdQueue($connId)]
+	} {
+	    # The usual case for pipelined responses - if another response is
+	    # queued, arrange to read it.
+	    set token3 [lindex $socketRdQueue($connId) 0]
+	    set socketRdQueue($connId) [lrange $socketRdQueue($connId) 1 end]
+
+	    #Log pipelined, GRANT read access to $token3 in KeepSocket
+	    set socketRdState($connId) $token3
+	    ReceiveResponse $token3
+
+	    # Other pipelined cases.
+	    # - The test above ensures that, for the pipelined cases in the two
+	    #   tests below, the read queue is empty.
+	    # - In those two tests, check whether the next write will be
+	    #   nonpipeline.
+	} elseif {
+		$state(-pipeline)
+	     && [info exists socketWrState($connId)]
+	     && ($socketWrState($connId) eq "peNding")
+
+	     && [info exists socketWrQueue($connId)]
+	     && [llength $socketWrQueue($connId)]
+	     && (![set token3 [lindex $socketWrQueue($connId) 0]
+		   set ${token3}(-pipeline)
+		  ]
+		)
+	} {
+	    # This case:
+	    # - Now it the time to run the "pending" request.
+	    # - The next token in the write queue is nonpipeline, and
+	    #   socketWrState has been marked "pending" (in
+	    #   http::NextPipelinedWrite or http::geturl) so a new pipelined
+	    #   request cannot jump the queue.
+	    #
+	    # Tests:
+	    # - In this case the read queue (tested above) is empty and this
+	    #   "pending" write token is in front of the rest of the write
+	    #   queue.
+	    # - The write state is not Wready and therefore appears to be busy,
+	    #   but because it is "pending" we know that it is reserved for the
+	    #   first item in the write queue, a non-pipelined request that is
+	    #   waiting for the read queue to empty.  That has now happened: so
+	    #   give that request read and write access.
+	    set conn [set ${token3}(connArgs)]
+	    #Log nonpipeline, GRANT r/w access to $token3 in KeepSocket
+	    set socketRdState($connId) $token3
+	    set socketWrState($connId) $token3
+	    set socketWrQueue($connId) [lrange $socketWrQueue($connId) 1 end]
+	    # Connect does its own fconfigure.
+	    fileevent $state(sock) writable [list http::Connect $token3 {*}$conn]
+	    #Log ---- $state(sock) << conn to $token3 for HTTP request (c)
+
+	} elseif {
+		$state(-pipeline)
+	     && [info exists socketWrState($connId)]
+	     && ($socketWrState($connId) eq "peNding")
+
+	} {
+	    # Should not come here.  The second block in the previous "elseif"
+	    # test should be tautologous (but was needed in an earlier
+	    # implementation) and will be removed after testing.
+	    # If we get here, the value "pending" was assigned in error.
+	    # This error would block the queue for ever.
+	    Log ^X$tk <<<<< Error in queueing of requests >>>>> - token $token
+
+	} elseif {
+		$state(-pipeline)
+	     && [info exists socketWrState($connId)]
+	     && ($socketWrState($connId) eq "Wready")
+
+	     && [info exists socketWrQueue($connId)]
+	     && [llength $socketWrQueue($connId)]
+	     && (![set token3 [lindex $socketWrQueue($connId) 0]
+		   set ${token3}(-pipeline)
+		  ]
+		)
+	} {
+	    # This case:
+	    # - The next token in the write queue is nonpipeline, and
+	    #   socketWrState is Wready.  Get the next event from socketWrQueue.
+	    # Tests:
+	    # - In this case the read state (tested above) is Rready and the
+	    #   write state (tested here) is Wready - there is no "pending"
+	    #   request.
+	    # Code:
+	    # - The code is the same as the code below for the nonpipelined
+	    #   case with a queued request.
+	    set conn [set ${token3}(connArgs)]
+	    #Log nonpipeline, GRANT r/w access to $token3 in KeepSocket
+	    set socketRdState($connId) $token3
+	    set socketWrState($connId) $token3
+	    set socketWrQueue($connId) [lrange $socketWrQueue($connId) 1 end]
+	    # Connect does its own fconfigure.
+	    fileevent $state(sock) writable [list http::Connect $token3 {*}$conn]
+	    #Log ---- $state(sock) << conn to $token3 for HTTP request (c)
+
+	} elseif {
+		(!$state(-pipeline))
+	     && [info exists socketWrQueue($connId)]
+	     && [llength $socketWrQueue($connId)]
+	     && ("close" ni $state(connection))
+	} {
+	    # If not pipelined, (socketRdState eq Rready) tells us that we are
+	    # ready for the next write - there is no need to check
+	    # socketWrState. Write the next request, if one is waiting.
+	    # If the next request is pipelined, it receives premature read
+	    # access to the socket. This is not a problem.
+	    set token3 [lindex $socketWrQueue($connId) 0]
+	    set conn [set ${token3}(connArgs)]
+	    #Log nonpipeline, GRANT r/w access to $token3 in KeepSocket
+	    set socketRdState($connId) $token3
+	    set socketWrState($connId) $token3
+	    set socketWrQueue($connId) [lrange $socketWrQueue($connId) 1 end]
+	    # Connect does its own fconfigure.
+	    fileevent $state(sock) writable [list http::Connect $token3 {*}$conn]
+	    #Log ---- $state(sock) << conn to $token3 for HTTP request (d)
+
+	} elseif {(!$state(-pipeline))} {
+	    set socketWrState($connId) Wready
+	    # Rready and Wready and idle: nothing to do.
+	}
+
+    } else {
+	CloseSocket $state(sock) $token
+	# There is no socketMapping($state(socketinfo)), so it does not matter
+	# that CloseQueuedQueries is not called.
+    }
+    return
+}
+
+# http::CheckEof -
+#
+#	Read from a socket and close it if eof.
+#	The command is bound to "fileevent readable" on an idle socket, and
+#	"eof" is the only event that should trigger the binding, occurring when
+#	the server times out and half-closes the socket.
+#
+#	A read is necessary so that [eof] gives a meaningful result.
+#	Any bytes sent are junk (or a bug).
+
+proc http::CheckEof {sock} {
+    set junk [read $sock]
+    set n [string length $junk]
+    if {$n} {
+	Log "WARNING: $n bytes received but no HTTP request sent"
+    }
+
+    if {[catch {eof $sock} res] || $res} {
+	# The server has half-closed the socket.
+	# If a new write has started, its transaction will fail and
+	# will then be error-handled.
+	CloseSocket $sock
+    }
+    return
+}
+
+# http::CloseSocket -
+#
+#	Close a socket and remove it from the persistent sockets table.  If
+#	possible an http token is included here but when we are called from a
+#	fileevent on remote closure we need to find the correct entry - hence
+#	the "else" block of the first "if" command.
+
+proc http::CloseSocket {s {token {}}} {
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    set tk [namespace tail $token]
+
+    catch {fileevent $s readable {}}
+    set connId {}
+    if {$token ne ""} {
+	variable $token
+	upvar 0 $token state
+	if {[info exists state(socketinfo)]} {
+	    set connId $state(socketinfo)
+	}
+    } else {
+	set map [array get socketMapping]
+	set ndx [lsearch -exact $map $s]
+	if {$ndx >= 0} {
+	    incr ndx -1
+	    set connId [lindex $map $ndx]
+	}
+    }
+    if {    ($connId ne {})
+	 && [info exists socketMapping($connId)]
+	 && ($socketMapping($connId) eq $s)
+    } {
+	Log "Closing connection $connId (sock $socketMapping($connId))"
+	if {[catch {close $socketMapping($connId)} err]} {
+	    Log "Error closing connection: $err"
+	} else {
+	}
+	if {$token eq {}} {
+	    # Cases with a non-empty token are handled by Finish, so the tokens
+	    # are finished in connection order.
+	    http::CloseQueuedQueries $connId
+	} else {
+	}
+    } else {
+	Log "Closing socket $s (no connection info)"
+	if {[catch {close $s} err]} {
+	    Log "Error closing socket: $err"
+	} else {
+	}
+    }
+    return
+}
+
+# http::CloseQueuedQueries
+#
+#	connId  - identifier "domain:port" for the connection
+#	token   - (optional) used only for logging
+#
+# Called from http::CloseSocket and http::Finish, after a connection is closed,
+# to clear the read and write queues if this has not already been done.
+
+proc http::CloseQueuedQueries {connId {token {}}} {
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    ##Log CloseQueuedQueries $connId $token
+    if {![info exists socketMapping($connId)]} {
+	# Command has already been called.
+	# Don't come here again - especially recursively.
+	return
+    }
+
+    # Used only for logging.
+    if {$token eq {}} {
+	set tk {}
+    } else {
+	set tk [namespace tail $token]
+    }
+
+    if {    [info exists socketPlayCmd($connId)]
+	 && ($socketPlayCmd($connId) ne {ReplayIfClose Wready {} {}})
+    } {
+	# Before unsetting, there is some unfinished business.
+	# - If the server sent "Connection: close", we have stored the command
+	#   for retrying any queued requests in socketPlayCmd, so copy that
+	#   value for execution below.  socketClosing(*) was also set.
+	# - Also clear the queues to prevent calls to Finish that would set the
+	#   state for the requests that will be retried to "finished with error
+	#   status".
+	# - At this stage socketPhQueue is empty.
+	set unfinished $socketPlayCmd($connId)
+	set socketRdQueue($connId) {}
+	set socketWrQueue($connId) {}
+    } else {
+	set unfinished {}
+    }
+
+    Unset $connId
+
+    if {$unfinished ne {}} {
+	Log ^R$tk Any unfinished transactions (excluding $token) failed \
+		- token $token - unfinished $unfinished
+	{*}$unfinished
+	# Calls ReplayIfClose.
+    }
+    return
+}
+
+# http::Unset
+#
+#	The trace on "unset socketRdState(*)" will call CancelReadPipeline
+#	and cancel any queued responses.
+#	The trace on "unset socketWrState(*)" will call CancelWritePipeline
+#	and cancel any queued requests.
+
+proc http::Unset {connId} {
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    unset socketMapping($connId)
+    unset socketRdState($connId)
+    unset socketWrState($connId)
+    unset -nocomplain socketRdQueue($connId)
+    unset -nocomplain socketWrQueue($connId)
+    unset -nocomplain socketClosing($connId)
+    unset -nocomplain socketPlayCmd($connId)
+    unset -nocomplain socketProxyId($connId)
+    return
+}
+
+# http::reset --
+#
+#	See documentation for details.
+#
+# Arguments:
+#	token	Connection token.
+#	why	Status info.
+#
+# Side Effects:
+#        See Finish
+
+proc http::reset {token {why reset}} {
+    variable $token
+    upvar 0 $token state
+    set state(status) $why
+    catch {fileevent $state(sock) readable {}}
+    catch {fileevent $state(sock) writable {}}
+    Finish $token
+    if {[info exists state(error)]} {
+	set errorlist $state(error)
+	unset state
+	eval ::error $errorlist
+	# i.e. error msg errorInfo errorCode
+    }
+    return
+}
+
+# http::geturl --
+#
+#	Establishes a connection to a remote url via http.
+#
+# Arguments:
+#	url		The http URL to goget.
+#	args		Option value pairs. Valid options include:
+#				-blocksize, -validate, -headers, -timeout
+# Results:
+#	Returns a token for this connection. This token is the name of an
+#	array that the caller should unset to garbage collect the state.
+
+proc http::geturl {url args} {
+    variable urlTypes
+
+    # - If ::tls::socketCmd has its default value "::socket", change it to the
+    #   new value ::http::socketForTls.
+    # - If the old value is different, then it has been modified either by the
+    #   script or by the Tcl installation, and replaced by a new command.  The
+    #   script or installation that modified ::tls::socketCmd is also
+    #   responsible for integrating ::http::socketForTls into its own "new"
+    #   command, if it wishes to do so.
+    # - Commands that open a socket:
+    #   - ::socket             - basic
+    #   - ::http::socket       - can use a thread to avoid blockage by slow DNS
+    #                            lookup.  See http::config option -threadlevel.
+    #   - ::http::socketForTls - as ::http::socket, but can also open a socket
+    #                            for HTTPS/TLS through a proxy.
+
+    if {[info exists ::tls::socketCmd] && ($::tls::socketCmd eq {::socket})} {
+        set ::tls::socketCmd ::http::socketForTls
+    }
+
+    set token [CreateToken $url {*}$args]
+    variable $token
+    upvar 0 $token state
+
+    AsyncTransaction $token
+
+    # --------------------------------------------------------------------------
+    # Synchronous Call to http::geturl
+    # --------------------------------------------------------------------------
+    # - If the call to http::geturl is asynchronous, it is now complete (apart
+    #   from delivering the return value).
+    # - If the call to http::geturl is synchronous, the command must now wait
+    #   for the HTTP transaction to be completed.  The call to http::wait uses
+    #   vwait, which may be inappropriate if the caller makes other HTTP
+    #   requests in the background.
+    # --------------------------------------------------------------------------
+
+    if {![info exists state(-command)]} {
+	# geturl does EVERYTHING asynchronously, so if the user
+	# calls it synchronously, we just do a wait here.
+	http::wait $token
+
+	if {![info exists state]} {
+	    # If we timed out then Finish has been called and the users
+	    # command callback may have cleaned up the token. If so we end up
+	    # here with nothing left to do.
+	    return $token
+	} elseif {$state(status) eq "error"} {
+	    # Something went wrong while trying to establish the connection.
+	    # Clean up after events and such, but DON'T call the command
+	    # callback (if available) because we're going to throw an
+	    # exception from here instead.
+	    set err [lindex $state(error) 0]
+	    cleanup $token
+	    return -code error $err
+	}
+    }
+
+    return $token
+}
+
+# ------------------------------------------------------------------------------
+#  Proc http::CreateToken
+# ------------------------------------------------------------------------------
+# Command to convert arguments into an initialised request token.
+# The return value is the variable name of the token.
+#
+# Other effects:
+# - Sets ::http::http(usingThread) if not already done
+# - Sets ::http::http(uid) if not already done
+# - Increments ::http::http(uid)
+# - May increment ::http::TmpSockCounter
+# - Alters ::http::socketPlayCmd, ::http::socketWrQueue if a -keepalive 1
+#   request is appended to the queue of a persistent socket that is already
+#   scheduled to close.
+#   This also sets state(alreadyQueued) to 1.
+# - Alters ::http::socketPhQueue if a -keepalive 1 request is appended to the
+#   queue of a persistent socket that has not yet been created (and is therefore
+#   represented by a placeholder).
+#   This also sets state(ReusingPlaceholder) to 1.
+# ------------------------------------------------------------------------------
+
+proc http::CreateToken {url args} {
+    variable http
+    variable urlTypes
+    variable defaultCharset
+    variable defaultKeepalive
+    variable strict
+    variable TmpSockCounter
+
+    # Initialize the state variable, an array. We'll return the name of this
+    # array as the token for the transaction.
+
+    if {![info exists http(usingThread)]} {
+	set http(usingThread) 0
+    }
+    if {![info exists http(uid)]} {
+	set http(uid) 0
+    }
+    set token [namespace current]::[incr http(uid)]
+    ##Log Starting http::geturl - token $token
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    reset $token
+    Log ^A$tk URL $url - token $token
+
+    # Process command options.
+
+    array set state {
+	-binary		false
+	-blocksize	8192
+	-queryblocksize 8192
+	-validate	0
+	-headers	{}
+	-timeout	0
+	-type		application/x-www-form-urlencoded
+	-queryprogress	{}
+	-protocol	1.1
+	-guesstype      0
+	binary		0
+	state		created
+	meta		{}
+	method		{}
+	coding		{}
+	currentsize	0
+	totalsize	0
+	querylength	0
+	queryoffset	0
+	type		application/octet-stream
+	body		{}
+	status		""
+	http		""
+	httpResponse    {}
+	responseCode    {}
+	reasonPhrase    {}
+	connection	keep-alive
+	tid             {}
+	requestHeaders  {}
+	requestLine     {}
+	transfer        {}
+	proxyUsed       none
+    }
+    set state(-keepalive) $defaultKeepalive
+    set state(-strict) $strict
+    # These flags have their types verified [Bug 811170]
+    array set type {
+	-binary		boolean
+	-blocksize	integer
+	-guesstype      boolean
+	-queryblocksize integer
+	-strict		boolean
+	-timeout	integer
+	-validate	boolean
+	-headers	list
+    }
+    set state(charset)	$defaultCharset
+    set options {
+	-binary -blocksize -channel -command -guesstype -handler -headers -keepalive
+	-method -myaddr -progress -protocol -query -queryblocksize
+	-querychannel -queryprogress -strict -timeout -type -validate
+    }
+    set usage [join [lsort $options] ", "]
+    set options [string map {- ""} $options]
+    set pat ^-(?:[join $options |])$
+    foreach {flag value} $args {
+	if {[regexp -- $pat $flag]} {
+	    # Validate numbers
+	    if {    [info exists type($flag)]
+	        && (![string is $type($flag) -strict $value])
+	    } {
+		unset $token
+		return -code error \
+		    "Bad value for $flag ($value), must be $type($flag)"
+	    }
+	    if {($flag eq "-headers") && ([llength $value] % 2 != 0)} {
+		unset $token
+		return -code error "Bad value for $flag ($value), number\
+			of list elements must be even"
+	    }
+	    set state($flag) $value
+	} else {
+	    unset $token
+	    return -code error "Unknown option $flag, can be: $usage"
+	}
+    }
+
+    # Make sure -query and -querychannel aren't both specified
+
+    set isQueryChannel [info exists state(-querychannel)]
+    set isQuery [info exists state(-query)]
+    if {$isQuery && $isQueryChannel} {
+	unset $token
+	return -code error "Can't combine -query and -querychannel options!"
+    }
+
+    # Validate URL, determine the server host and port, and check proxy case
+    # Recognize user:pass@host URLs also, although we do not do anything with
+    # that info yet.
+
+    # URLs have basically four parts.
+    # First, before the colon, is the protocol scheme (e.g. http)
+    # Second, for HTTP-like protocols, is the authority
+    #	The authority is preceded by // and lasts up to (but not including)
+    #	the following / or ? and it identifies up to four parts, of which
+    #	only one, the host, is required (if an authority is present at all).
+    #	All other parts of the authority (user name, password, port number)
+    #	are optional.
+    # Third is the resource name, which is split into two parts at a ?
+    #	The first part (from the single "/" up to "?") is the path, and the
+    #	second part (from that "?" up to "#") is the query. *HOWEVER*, we do
+    #	not need to separate them; we send the whole lot to the server.
+    #	Both, path and query are allowed to be missing, including their
+    #	delimiting character.
+    # Fourth is the fragment identifier, which is everything after the first
+    #	"#" in the URL. The fragment identifier MUST NOT be sent to the server
+    #	and indeed, we don't bother to validate it (it could be an error to
+    #	pass it in here, but it's cheap to strip).
+    #
+    # An example of a URL that has all the parts:
+    #
+    #     http://jschmoe:xyzzy@www.bogus.net:8000/foo/bar.tml?q=foo#changes
+    #
+    # The "http" is the protocol, the user is "jschmoe", the password is
+    # "xyzzy", the host is "www.bogus.net", the port is "8000", the path is
+    # "/foo/bar.tml", the query is "q=foo", and the fragment is "changes".
+    #
+    # Note that the RE actually combines the user and password parts, as
+    # recommended in RFC 3986. Indeed, that RFC states that putting passwords
+    # in URLs is a Really Bad Idea, something with which I would agree utterly.
+    # RFC 9110 Sec 4.2.4 goes further than this, and deprecates the format
+    # "user:password@".  It is retained here for backward compatibility,
+    # but its use is not recommended.
+    #
+    # From a validation perspective, we need to ensure that the parts of the
+    # URL that are going to the server are correctly encoded.  This is only
+    # done if $state(-strict) is true (inherited from $::http::strict).
+
+    set URLmatcher {(?x)		# this is _expanded_ syntax
+	^
+	(?: (\w+) : ) ?			# <protocol scheme>
+	(?: //
+	    (?:
+		(
+		    [^@/\#?]+		# <userinfo part of authority>
+		) @
+	    )?
+	    (				# <host part of authority>
+		[^/:\#?]+ |		# host name or IPv4 address
+		\[ [^/\#?]+ \]		# IPv6 address in square brackets
+	    )
+	    (?: : (\d+) )?		# <port part of authority>
+	)?
+	( [/\?] [^\#]*)?		# <path> (including query)
+	(?: \# (.*) )?			# <fragment>
+	$
+    }
+
+    # Phase one: parse
+    if {![regexp -- $URLmatcher $url -> proto user host port srvurl]} {
+	unset $token
+	return -code error "Unsupported URL: $url"
+    }
+    # Phase two: validate
+    set host [string trim $host {[]}]; # strip square brackets from IPv6 address
+    if {$host eq ""} {
+	# Caller has to provide a host name; we do not have a "default host"
+	# that would enable us to handle relative URLs.
+	unset $token
+	return -code error "Missing host part: $url"
+	# Note that we don't check the hostname for validity here; if it's
+	# invalid, we'll simply fail to resolve it later on.
+    }
+    if {$port ne "" && $port > 65535} {
+	unset $token
+	return -code error "Invalid port number: $port"
+    }
+    # The user identification and resource identification parts of the URL can
+    # have encoded characters in them; take care!
+    if {$user ne ""} {
+	# Check for validity according to RFC 3986, Appendix A
+	set validityRE {(?xi)
+	    ^
+	    (?: [-\w.~!$&'()*+,;=:] | %[0-9a-f][0-9a-f] )+
+	    $
+	}
+	if {$state(-strict) && ![regexp -- $validityRE $user]} {
+	    unset $token
+	    # Provide a better error message in this error case
+	    if {[regexp {(?i)%(?![0-9a-f][0-9a-f]).?.?} $user bad]} {
+		return -code error \
+			"Illegal encoding character usage \"$bad\" in URL user"
+	    }
+	    return -code error "Illegal characters in URL user"
+	}
+    }
+    if {$srvurl ne ""} {
+	# RFC 3986 allows empty paths (not even a /), but servers
+	# return 400 if the path in the HTTP request doesn't start
+	# with / , so add it here if needed.
+	if {[string index $srvurl 0] ne "/"} {
+	    set srvurl /$srvurl
+	}
+	# Check for validity according to RFC 3986, Appendix A
+	set validityRE {(?xi)
+	    ^
+	    # Path part (already must start with / character)
+	    (?:	      [-\w.~!$&'()*+,;=:@/]  | %[0-9a-f][0-9a-f] )*
+	    # Query part (optional, permits ? characters)
+	    (?: \? (?: [-\w.~!$&'()*+,;=:@/?] | %[0-9a-f][0-9a-f] )* )?
+	    $
+	}
+	if {$state(-strict) && ![regexp -- $validityRE $srvurl]} {
+	    unset $token
+	    # Provide a better error message in this error case
+	    if {[regexp {(?i)%(?![0-9a-f][0-9a-f])..} $srvurl bad]} {
+		return -code error \
+		    "Illegal encoding character usage \"$bad\" in URL path"
+	    }
+	    return -code error "Illegal characters in URL path"
+	}
+	if {![regexp {^[^?#]+} $srvurl state(path)]} {
+	    set state(path) /
+	}
+    } else {
+	set srvurl /
+	set state(path) /
+    }
+    if {$proto eq ""} {
+	set proto http
+    }
+    set lower [string tolower $proto]
+    if {![info exists urlTypes($lower)]} {
+	unset $token
+	return -code error "Unsupported URL type \"$proto\""
+    }
+    set defport [lindex $urlTypes($lower) 0]
+    set defcmd [lindex $urlTypes($lower) 1]
+
+    if {$port eq ""} {
+	set port $defport
+    }
+    if {![catch {$http(-proxyfilter) $host} proxy]} {
+	set phost [lindex $proxy 0]
+	set pport [lindex $proxy 1]
+    } else {
+	set phost {}
+	set pport {}
+    }
+
+    # OK, now reassemble into a full URL
+    set url ${proto}://
+    if {$user ne ""} {
+	append url $user
+	append url @
+    }
+    append url $host
+    if {$port != $defport} {
+	append url : $port
+    }
+    append url $srvurl
+    # Don't append the fragment! RFC 7230 Sec 5.1
+    set state(url) $url
+
+    # Proxy connections aren't shared among different hosts.
+    set state(socketinfo) $host:$port
+
+    # Save the accept types at this point to prevent a race condition. [Bug
+    # c11a51c482]
+    set state(accept-types) $http(-accept)
+
+    # Check whether this is an Upgrade request.
+    set connectionValues [SplitCommaSeparatedFieldValue \
+			      [GetFieldValue $state(-headers) Connection]]
+    set connectionValues [string tolower $connectionValues]
+    set upgradeValues [SplitCommaSeparatedFieldValue \
+			   [GetFieldValue $state(-headers) Upgrade]]
+    set state(upgradeRequest) [expr {    "upgrade" in $connectionValues
+				      && [llength $upgradeValues] >= 1}]
+    set state(connectionValues) $connectionValues
+
+    if {$isQuery || $isQueryChannel} {
+	# It's a POST.
+	# A client wishing to send a non-idempotent request SHOULD wait to send
+	# that request until it has received the response status for the
+	# previous request.
+	if {$http(-postfresh)} {
+	    # Override -keepalive for a POST.  Use a new connection, and thus
+	    # avoid the small risk of a race against server timeout.
+	    set state(-keepalive) 0
+	} else {
+	    # Allow -keepalive but do not -pipeline - wait for the previous
+	    # transaction to finish.
+	    # There is a small risk of a race against server timeout.
+	    set state(-pipeline) 0
+	}
+    } elseif {$state(upgradeRequest)} {
+	# It's an upgrade request.  Method must be GET (untested).
+	# Force -keepalive to 0 so the connection is not made over a persistent
+	# socket, i.e. one used for multiple HTTP requests.
+	set state(-keepalive) 0
+    } else {
+	# It's a non-upgrade GET or HEAD.
+	set state(-pipeline) $http(-pipeline)
+    }
+
+    # We cannot handle chunked encodings with -handler, so force HTTP/1.0
+    # until we can manage this.
+    if {[info exists state(-handler)]} {
+	set state(-protocol) 1.0
+    }
+
+    # RFC 7320 A.1 - HTTP/1.0 Keep-Alive is problematic. We do not support it.
+    if {$state(-protocol) eq "1.0"} {
+	set state(connection) close
+	set state(-keepalive) 0
+    }
+
+    # Handle proxy requests here for http:// but not for https://
+    # The proxying for https is done in the ::http::socketForTls command.
+    # A proxy request for http:// needs the full URL in the HTTP request line,
+    # including the server name.
+    # The *tls* test below attempts to describe protocols in addition to
+    # "https on port 443" that use HTTP over TLS.
+    if {($phost ne "") && (![string match -nocase *tls* $defcmd])} {
+	set srvurl $url
+	set targetAddr [list $phost $pport]
+	set state(proxyUsed) HttpProxy
+	# The value of state(proxyUsed) none|HttpProxy depends only on the
+	# all-transactions http::config settings and on the target URL.
+	# Even if this is a persistent socket there is no need to change the
+	# value of state(proxyUsed) for other transactions that use the socket:
+	# they have the same value already.
+    } else {
+	set targetAddr [list $host $port]
+    }
+
+    set sockopts [list -async]
+
+    # Pass -myaddr directly to the socket command
+    if {[info exists state(-myaddr)]} {
+	lappend sockopts -myaddr $state(-myaddr)
+    }
+
+    set state(connArgs) [list $proto $phost $srvurl]
+    set state(openCmd) [list {*}$defcmd {*}$sockopts -type $token {*}$targetAddr]
+
+    # See if we are supposed to use a previously opened channel.
+    # - In principle, ANY call to http::geturl could use a previously opened
+    #   channel if it is available - the "Connection: keep-alive" header is a
+    #   request to leave the channel open AFTER completion of this call.
+    # - In fact, we try to use an existing channel only if -keepalive 1 -- this
+    #   means that at most one channel is left open for each value of
+    #   $state(socketinfo). This property simplifies the mapping of open
+    #   channels.
+    set reusing 0
+    set state(alreadyQueued) 0
+    set state(ReusingPlaceholder) 0
+    if {$state(-keepalive)} {
+	variable socketMapping
+	variable socketRdState
+	variable socketWrState
+	variable socketRdQueue
+	variable socketWrQueue
+	variable socketPhQueue
+	variable socketClosing
+	variable socketPlayCmd
+	variable socketCoEvent
+	variable socketProxyId
+
+	if {[info exists socketMapping($state(socketinfo))]} {
+	    # - If the connection is idle, it has a "fileevent readable" binding
+	    #   to http::CheckEof, in case the server times out and half-closes
+	    #   the socket (http::CheckEof closes the other half).
+	    # - We leave this binding in place until just before the last
+	    #   puts+flush in http::Connected (GET/HEAD) or http::Write (POST),
+	    #   after which the HTTP response might be generated.
+
+	    if {    [info exists socketClosing($state(socketinfo))]
+		       && $socketClosing($state(socketinfo))
+	    } {
+		# socketClosing(*) is set because the server has sent a
+		# "Connection: close" header.
+		# Do not use the persistent socket again.
+		# Since we have only one persistent socket per server, and the
+		# old socket is not yet dead, add the request to the write queue
+		# of the dying socket, which will be replayed by ReplayIfClose.
+		# Also add it to socketWrQueue(*) which is used only if an error
+		# causes a call to Finish.
+		set reusing 1
+		set sock $socketMapping($state(socketinfo))
+		set state(proxyUsed) $socketProxyId($state(socketinfo))
+		Log "reusing closing socket $sock for $state(socketinfo) - token $token"
+
+		set state(alreadyQueued) 1
+		lassign $socketPlayCmd($state(socketinfo)) com0 com1 com2 com3
+		lappend com3 $token
+		set socketPlayCmd($state(socketinfo)) [list $com0 $com1 $com2 $com3]
+		lappend socketWrQueue($state(socketinfo)) $token
+		##Log socketPlayCmd($state(socketinfo)) is $socketPlayCmd($state(socketinfo))
+		##Log socketWrQueue($state(socketinfo)) is $socketWrQueue($state(socketinfo))
+	    } elseif {
+		   [catch {fconfigure $socketMapping($state(socketinfo))}]
+		&& (![SockIsPlaceHolder $socketMapping($state(socketinfo))])
+	    } {
+		###Log "Socket $socketMapping($state(socketinfo)) for $state(socketinfo)"
+		# FIXME Is it still possible for this code to be executed? If
+		#       so, this could be another place to call TestForReplay,
+		#       rather than discarding the queued transactions.
+		Log "WARNING: socket for $state(socketinfo) was closed\
+			- token $token"
+		Log "WARNING - if testing, pay special attention to this\
+			case (GH) which is seldom executed - token $token"
+
+		# This will call CancelReadPipeline, CancelWritePipeline, and
+		# cancel any queued requests, responses.
+		Unset $state(socketinfo)
+	    } else {
+		# Use the persistent socket.
+		# - The socket may not be ready to write: an earlier request might
+		#   still be still writing (in the pipelined case) or
+		#   writing/reading (in the nonpipeline case). This possibility
+		#   is handled by socketWrQueue later in this command.
+		# - The socket may not yet exist, and be defined with a placeholder.
+		set reusing 1
+		set sock $socketMapping($state(socketinfo))
+		set state(proxyUsed) $socketProxyId($state(socketinfo))
+		if {[SockIsPlaceHolder $sock]} {
+		    set state(ReusingPlaceholder) 1
+		    lappend socketPhQueue($sock) $token
+		} else {
+		}
+		Log "reusing open socket $sock for $state(socketinfo) - token $token"
+	    }
+	    # Do not automatically close the connection socket.
+	    set state(connection) keep-alive
+	}
+    }
+
+    set state(reusing) $reusing
+    unset reusing
+
+    if {![info exists sock]} {
+        # N.B. At this point ([info exists sock] == $state(reusing)).
+        # This will no longer be true after we set a value of sock here.
+	# Give the socket a placeholder name.
+	set sock HTTP_PLACEHOLDER_[incr TmpSockCounter]
+    }
+    set state(sock) $sock
+
+    if {$state(reusing)} {
+	# Define these for use (only) by http::ReplayIfDead if the persistent
+	# connection has died.
+	set state(tmpConnArgs) $state(connArgs)
+	set state(tmpState) [array get state]
+	set state(tmpOpenCmd) $state(openCmd)
+    }
+    return $token
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc ::http::SockIsPlaceHolder
+# ------------------------------------------------------------------------------
+# Command to return 0 if the argument is a genuine socket handle, or 1 if is a
+# placeholder value generated by geturl or ReplayCore before the real socket is
+# created.
+#
+# Arguments:
+# sock        - either a valid socket handle or a placeholder value
+#
+# Return Value: 0 or 1
+# ------------------------------------------------------------------------------
+
+proc http::SockIsPlaceHolder {sock} {
+    expr {[string range $sock 0 16] eq {HTTP_PLACEHOLDER_}}
+}
+
+
+# ------------------------------------------------------------------------------
+# state(reusing)
+# ------------------------------------------------------------------------------
+# - state(reusing) is set by geturl, ReplayCore
+# - state(reusing) is used by geturl, AsyncTransaction, OpenSocket,
+#   ConfigureNewSocket, and ScheduleRequest when creating and configuring the
+#   connection.
+# - state(reusing) is used by Connect, Connected, Event x 2 when deciding
+#   whether to call TestForReplay.
+# - Other places where state(reusing) is used:
+#   - Connected   - if reusing and not pipelined, start the state(-timeout)
+#                   timeout (when writing).
+#   - DoneRequest - if reusing and pipelined, send the next pipelined write
+#   - Event       - if reusing and pipelined, start the state(-timeout)
+#                   timeout (when reading).
+#   - Event       - if (not reusing) and pipelined, send the next pipelined
+#                   write.
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::AsyncTransaction
+# ------------------------------------------------------------------------------
+# This command is called by geturl and ReplayCore to prepare the HTTP
+# transaction prescribed by a suitably prepared token.
+#
+# Arguments:
+# token         - connection token (name of an array)
+#
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+proc http::AsyncTransaction {token} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    set sock $state(sock)
+
+    # See comments above re the start of this timeout in other cases.
+    if {(!$state(reusing)) && ($state(-timeout) > 0)} {
+	set state(after) [after $state(-timeout) \
+		[list http::reset $token timeout]]
+    }
+
+    if {    $state(-keepalive)
+	 && (![info exists socketMapping($state(socketinfo))])
+    } {
+	# This code is executed only for the first -keepalive request on a
+	# socket.  It makes the socket persistent.
+	##Log "  PreparePersistentConnection" $token -- $sock -- DO
+        set DoLater [PreparePersistentConnection $token]
+    } else {
+        ##Log "  PreparePersistentConnection" $token -- $sock -- SKIP
+        set DoLater {-traceread 0 -tracewrite 0}
+    }
+
+    if {$state(ReusingPlaceholder)} {
+        # - This request was added to the socketPhQueue of a persistent
+        #   connection.
+        # - But the connection has not yet been created and is a placeholder;
+        # - And the placeholder was created by an earlier request.
+        # - When that earlier request calls OpenSocket, its placeholder is
+        #   replaced with a true socket, and it then executes the equivalent of
+        #   OpenSocket for any subsequent requests that have
+        #   $state(ReusingPlaceholder).
+        Log >J$tk after idle coro NO - ReusingPlaceholder
+    } elseif {$state(alreadyQueued)} {
+        # - This request was added to the socketWrQueue and socketPlayCmd
+        #   of a persistent connection that will close at the end of its current
+        #   read operation.
+        Log >J$tk after idle coro NO - alreadyQueued
+    } else {
+        Log >J$tk after idle coro YES
+        set CoroName ${token}--SocketCoroutine
+        set cancel [after idle [list coroutine $CoroName ::http::OpenSocket \
+                $token $DoLater]]
+        dict set socketCoEvent($state(socketinfo)) $token $cancel
+        set state(socketcoro) $cancel
+    }
+
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::PreparePersistentConnection
+# ------------------------------------------------------------------------------
+# This command is called by AsyncTransaction to initialise a "persistent
+# connection" based upon a socket placeholder.  It is called the first time the
+# socket is associated with a "-keepalive" request.
+#
+# Arguments:
+# token         - connection token (name of an array)
+#
+# Return Value: - DoLater, a dictionary of boolean values listing unfinished
+#                 tasks; to be passed to ConfigureNewSocket via OpenSocket.
+# ------------------------------------------------------------------------------
+
+proc http::PreparePersistentConnection {token} {
+    variable $token
+    upvar 0 $token state
+
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    set DoLater {-traceread 0 -tracewrite 0}
+    set socketMapping($state(socketinfo)) $state(sock)
+    set socketProxyId($state(socketinfo)) $state(proxyUsed)
+    # - The value of state(proxyUsed) was set in http::CreateToken to either
+    #   "none" or "HttpProxy".
+    # - $token is the first transaction to use this placeholder, so there are
+    #   no other tokens whose (proxyUsed) must be modified.
+
+    if {![info exists socketRdState($state(socketinfo))]} {
+        set socketRdState($state(socketinfo)) {}
+        # set varName ::http::socketRdState($state(socketinfo))
+        # trace add variable $varName unset ::http::CancelReadPipeline
+        dict set DoLater -traceread 1
+    }
+    if {![info exists socketWrState($state(socketinfo))]} {
+        set socketWrState($state(socketinfo)) {}
+        # set varName ::http::socketWrState($state(socketinfo))
+        # trace add variable $varName unset ::http::CancelWritePipeline
+        dict set DoLater -tracewrite 1
+    }
+
+    if {$state(-pipeline)} {
+        #Log new, init for pipelined, GRANT write access to $token in geturl
+        # Also grant premature read access to the socket. This is OK.
+        set socketRdState($state(socketinfo)) $token
+        set socketWrState($state(socketinfo)) $token
+    } else {
+        # socketWrState is not used by this non-pipelined transaction.
+        # We cannot leave it as "Wready" because the next call to
+        # http::geturl with a pipelined transaction would conclude that the
+        # socket is available for writing.
+        #Log new, init for nonpipeline, GRANT r/w access to $token in geturl
+        set socketRdState($state(socketinfo)) $token
+        set socketWrState($state(socketinfo)) $token
+    }
+
+    # Value of socketPhQueue() may have already been set by ReplayCore.
+    if {![info exists socketPhQueue($state(sock))]} {
+        set socketPhQueue($state(sock))   {}
+    }
+    set socketRdQueue($state(socketinfo)) {}
+    set socketWrQueue($state(socketinfo)) {}
+    set socketClosing($state(socketinfo)) 0
+    set socketPlayCmd($state(socketinfo)) {ReplayIfClose Wready {} {}}
+    set socketCoEvent($state(socketinfo)) {}
+    set socketProxyId($state(socketinfo)) {}
+
+    return $DoLater
+}
+
+# ------------------------------------------------------------------------------
+#  Proc ::http::OpenSocket
+# ------------------------------------------------------------------------------
+# This command is called as a coroutine idletask to start the asynchronous HTTP
+# transaction in most cases.  For the exceptions, see the calling code in
+# command AsyncTransaction.
+#
+# Arguments:
+# token       - connection token (name of an array)
+# DoLater     - dictionary of boolean values listing unfinished tasks
+#
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+proc http::OpenSocket {token DoLater} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    Log >K$tk Start OpenSocket coroutine
+
+    if {![info exists state(-keepalive)]} {
+        # The request has already been cancelled by the calling script.
+        return
+    }
+
+    set sockOld $state(sock)
+
+    dict unset socketCoEvent($state(socketinfo)) $token
+    unset -nocomplain state(socketcoro)
+
+    if {[catch {
+        if {$state(reusing)} {
+	    # If ($state(reusing)) is true, then we do not need to create a new
+	    # socket, even if $sockOld is only a placeholder for a socket.
+            set sock $sockOld
+        } else {
+	    # set sock in the [catch] below.
+	    set pre [clock milliseconds]
+	    ##Log pre socket opened, - token $token
+	    ##Log $state(openCmd) - token $token
+	    set sock [namespace eval :: $state(openCmd)]
+	    set state(sock) $sock
+	    # Normal return from $state(openCmd) always returns a valid socket.
+	    # A TLS proxy connection with 407 or other failure from the
+	    # proxy server raises an error.
+
+	    # Initialisation of a new socket.
+	    ##Log post socket opened, - token $token
+	    ##Log socket opened, now fconfigure - token $token
+	    set delay [expr {[clock milliseconds] - $pre}]
+	    if {$delay > 3000} {
+		Log socket delay $delay - token $token
+	    }
+	    fconfigure $sock -translation {auto crlf} \
+			     -buffersize $state(-blocksize)
+	    if {[package vsatisfies [package provide Tcl] 9.0-]} {
+		fconfigure $sock -profile tcl8
+	    }
+	    ##Log socket opened, DONE fconfigure - token $token
+        }
+
+        Log "Using $sock for $state(socketinfo) - token $token" \
+	    [expr {$state(-keepalive)?"keepalive":""}]
+
+        # Code above has set state(sock) $sock
+        ConfigureNewSocket $token $sockOld $DoLater
+        ##Log OpenSocket success $sock - token $token
+    } result errdict]} {
+	##Log OpenSocket failed $result - token $token
+	# There may be other requests in the socketPhQueue.
+	# Prepare socketPlayCmd so that Finish will replay them.
+	if {    ($state(-keepalive)) && (!$state(reusing))
+	     && [info exists socketPhQueue($sockOld)]
+	     && ($socketPhQueue($sockOld) ne {})
+	} {
+	    if {$socketMapping($state(socketinfo)) ne $sockOld} {
+		Log "WARNING: this code should not be reached.\
+			{$socketMapping($state(socketinfo)) ne $sockOld}"
+	    }
+	    set socketPlayCmd($state(socketinfo)) [list ReplayIfClose Wready {} $socketPhQueue($sockOld)]
+	    set socketPhQueue($sockOld) {}
+	}
+        if {[string range $result 0 20] eq {proxy connect failed:}} {
+	    # - The HTTPS proxy did not create a socket.  The pre-existing value
+	    #   (a "placeholder socket") is unchanged.
+	    # - The proxy returned a valid HTTP response to the failed CONNECT
+	    #   request, and http::SecureProxyConnect copied this to $token,
+	    #   and also set ${token}(connection) set to "close".
+	    # - Remove the error message $result so that Finish delivers this
+	    #   HTTP response to the caller.
+	    set result {}
+	}
+	Finish $token $result
+	# Because socket creation failed, the placeholder "socket" must be
+	# "closed" and (if persistent) removed from the persistent sockets
+	# table.  In the {proxy connect failed:} case Finish does this because
+	# the value of ${token}(connection) is "close". In the other cases here,
+	# it does so because $result is non-empty.
+    }
+    ##Log Leaving http::OpenSocket coroutine [info coroutine] - token $token
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc ::http::ConfigureNewSocket
+# ------------------------------------------------------------------------------
+# Command to initialise a newly-created socket.  Called only from OpenSocket.
+#
+# This command is called by OpenSocket whenever a genuine socket (sockNew) has
+# been opened for for use by HTTP.  It does two things:
+# (1) If $token uses a placeholder socket, this command replaces the placeholder
+#     socket with the real socket, not only in $token but in all other requests
+#     that use the same placeholder.
+# (2) It calls ScheduleRequest to schedule each request that uses the socket.
+#
+#
+# Value of sockOld/sockNew can be "sock" (genuine socket) or "ph" (placeholder).
+# sockNew is ${token}(sock)
+# sockOld   sockNew  CASES
+#  sock       sock   (if $reusing, and sockOld is sock)
+#  ph         sock   (if (not $reusing), and sockOld is ph)
+#  ph         ph     (if $reusing, and sockOld is ph) - not called in this case
+#  sock       ph     (cannot occur unless a bug)      - not called in this case
+#                    (if (not $reusing), and sockOld is sock) - illogical
+#
+# Arguments:
+# token         - connection token (name of an array)
+# sockOld       - handle or placeholder used for a socket before the call to
+#                 OpenSocket
+# DoLater       - dictionary of boolean values listing unfinished tasks
+#
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+proc http::ConfigureNewSocket {token sockOld DoLater} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    set reusing $state(reusing)
+    set sock $state(sock)
+    set proxyUsed $state(proxyUsed)
+    ##Log "  ConfigureNewSocket" $token $sockOld ... -- $reusing $sock $proxyUsed
+
+    if {(!$reusing) && ($sock ne $sockOld)} {
+        # Replace the placeholder value sockOld with sock.
+
+        if {    [info exists socketMapping($state(socketinfo))]
+             && ($socketMapping($state(socketinfo)) eq $sockOld)
+        } {
+            set socketMapping($state(socketinfo)) $sock
+            set socketProxyId($state(socketinfo)) $proxyUsed
+            # tokens that use the placeholder $sockOld are updated below.
+            ##Log set socketMapping($state(socketinfo)) $sock
+        }
+
+        # Now finish any tasks left over from PreparePersistentConnection on
+        # the connection.
+        #
+        # The "unset" traces are fired by init (clears entire arrays), and
+        # by http::Unset.
+        # Unset is called by CloseQueuedQueries and (possibly never) by geturl.
+        #
+        # CancelReadPipeline, CancelWritePipeline call http::Finish for each
+        # token.
+        #
+        # FIXME If Finish is placeholder-aware, these traces can be set earlier,
+        # in PreparePersistentConnection.
+
+        if {[dict get $DoLater -traceread]} {
+	    set varName ::http::socketRdState($state(socketinfo))
+	    trace add variable $varName unset ::http::CancelReadPipeline
+        }
+        if {[dict get $DoLater -tracewrite]} {
+	    set varName ::http::socketWrState($state(socketinfo))
+	    trace add variable $varName unset ::http::CancelWritePipeline
+        }
+    }
+
+    # Do this in all cases.
+    ScheduleRequest $token
+
+    # Now look at all other tokens that use the placeholder $sockOld.
+    if {    (!$reusing)
+         && ($sock ne $sockOld)
+         && [info exists socketPhQueue($sockOld)]
+    } {
+        ##Log "  ConfigureNewSocket" $token scheduled, now do $socketPhQueue($sockOld)
+        foreach tok $socketPhQueue($sockOld) {
+	    # 1. Amend the token's (sock).
+	    ##Log set ${tok}(sock) $sock
+	    set ${tok}(sock) $sock
+	    set ${tok}(proxyUsed) $proxyUsed
+
+	    # 2. Schedule the token's HTTP request.
+	    # Every token in socketPhQueue(*) has reusing 1 alreadyQueued 0.
+	    set ${tok}(reusing) 1
+	    set ${tok}(alreadyQueued) 0
+	    ScheduleRequest $tok
+	}
+	set socketPhQueue($sockOld) {}
+    }
+    ##Log "  ConfigureNewSocket" $token DONE
+
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+# The values of array variables socketMapping etc.
+# ------------------------------------------------------------------------------
+# connId                 "$host:$port"
+# socketMapping($connId) the handle or placeholder for the socket that is used
+#                        for "-keepalive 1" requests to $connId.
+# socketRdState($connId) the token that is currently reading from the socket.
+#                        Other values: Rready (ready for next token to read).
+# socketWrState($connId) the token that is currently writing to the socket.
+#                        Other values: Wready (ready for next token to write),
+#                        peNding (would be ready for next write, except that
+#                        the integrity of a non-pipelined transaction requires
+#                        waiting until the read(s) in progress are finished).
+# socketRdQueue($connId) List of tokens that are queued for reading later.
+# socketWrQueue($connId) List of tokens that are queued for writing later.
+# socketPhQueue($sock)   List of tokens that are queued to use a placeholder
+#                        socket, when the real socket has not yet been created.
+# socketClosing($connId) (boolean) true iff a server response header indicates
+#                        that the server will close the connection at the end of
+#                        the current response.
+# socketPlayCmd($connId) The command to execute to replay pending and
+#                        part-completed transactions if the socket closes early.
+# socketCoEvent($connId) Identifier for the "after idle" event that will launch
+#                        an OpenSocket coroutine to open or re-use a socket.
+# socketProxyId($connId) The type of proxy that this socket uses: values are
+#                        those of state(proxyUsed) i.e. none, HttpProxy,
+#                        SecureProxy, and SecureProxyFailed.
+#                        The value is not used for anything by http, its purpose
+#                        is to set the value of state() for caller information.
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Using socketWrState(*), socketWrQueue(*), socketRdState(*), socketRdQueue(*)
+# ------------------------------------------------------------------------------
+# The element socketWrState($connId) has a value which is either the name of
+# the token that is permitted to write to the socket, or "Wready" if no
+# token is permitted to write.
+#
+# The code that sets the value to Wready immediately calls
+# http::NextPipelinedWrite, which examines socketWrQueue($connId) and
+# processes the next request in the queue, if there is one.  The value
+# Wready is not found when the interpreter is in the event loop unless the
+# socket is idle.
+#
+# The element socketRdState($connId) has a value which is either the name of
+# the token that is permitted to read from the socket, or "Rready" if no
+# token is permitted to read.
+#
+# The code that sets the value to Rready then examines
+# socketRdQueue($connId) and processes the next request in the queue, if
+# there is one.  The value Rready is not found when the interpreter is in
+# the event loop unless the socket is idle.
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::ScheduleRequest
+# ------------------------------------------------------------------------------
+# Command to either begin the HTTP request, or add it to the appropriate queue.
+# Called from two places in ConfigureNewSocket.
+#
+# Arguments:
+# token         - connection token (name of an array)
+#
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+proc http::ScheduleRequest {token} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    Log >L$tk ScheduleRequest
+
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    set Unfinished 0
+
+    set reusing $state(reusing)
+    set sockNew $state(sock)
+
+    # The "if" tests below: must test against the current values of
+    # socketWrState, socketRdState, and so the tests must be done here,
+    # not earlier in PreparePersistentConnection.
+
+    if {$state(alreadyQueued)} {
+	# The request has been appended to the queue of a persistent socket
+	# (that is scheduled to close and have its queue replayed).
+	#
+	# A write may or may not be in progress.  There is no need to set
+	# socketWrState to prevent another call stealing write access - all
+	# subsequent calls on this socket will come here because the socket
+	# will close after the current read, and its
+	# socketClosing($connId) is 1.
+	##Log "HTTP request for token $token is queued"
+
+    } elseif {    $reusing
+	       && $state(-pipeline)
+	       && ($socketWrState($state(socketinfo)) ne "Wready")
+    } {
+	##Log "HTTP request for token $token is queued for pipelined use"
+	lappend socketWrQueue($state(socketinfo)) $token
+
+    } elseif {    $reusing
+	       && (!$state(-pipeline))
+	       && ($socketWrState($state(socketinfo)) ne "Wready")
+    } {
+	# A write is queued or in progress.  Lappend to the write queue.
+	##Log "HTTP request for token $token is queued for nonpipeline use"
+	lappend socketWrQueue($state(socketinfo)) $token
+
+    } elseif {    $reusing
+	       && (!$state(-pipeline))
+	       && ($socketWrState($state(socketinfo)) eq "Wready")
+	       && ($socketRdState($state(socketinfo)) ne "Rready")
+    } {
+	# A read is queued or in progress, but not a write.  Cannot start the
+	# nonpipeline transaction, but must set socketWrState to prevent a
+	# pipelined request jumping the queue.
+	##Log "HTTP request for token $token is queued for nonpipeline use"
+	#Log re-use nonpipeline, GRANT delayed write access to $token in geturl
+	set socketWrState($state(socketinfo)) peNding
+	lappend socketWrQueue($state(socketinfo)) $token
+
+    } else {
+        if {$reusing && $state(-pipeline)} {
+	    #Log new, init for pipelined, GRANT write access to $token in geturl
+	    # DO NOT grant premature read access to the socket.
+            # set socketRdState($state(socketinfo)) $token
+            set socketWrState($state(socketinfo)) $token
+        } elseif {$reusing} {
+	    # socketWrState is not used by this non-pipelined transaction.
+	    # We cannot leave it as "Wready" because the next call to
+	    # http::geturl with a pipelined transaction would conclude that the
+	    # socket is available for writing.
+	    #Log new, init for nonpipeline, GRANT r/w access to $token in geturl
+            set socketRdState($state(socketinfo)) $token
+            set socketWrState($state(socketinfo)) $token
+        } else {
+        }
+
+	# Process the request now.
+	# - Command is not called unless $state(sock) is a real socket handle
+	#   and not a placeholder.
+	# - All (!$reusing) cases come here.
+	# - Some $reusing cases come here too if the connection is
+	#   marked as ready.  Those $reusing cases are:
+	#   $reusing && ($socketWrState($state(socketinfo)) eq "Wready") &&
+	#   EITHER !$pipeline && ($socketRdState($state(socketinfo)) eq "Rready")
+	#   OR      $pipeline
+	#
+	#Log ---- $state(socketinfo) << conn to $token for HTTP request (a)
+	##Log "  ScheduleRequest" $token -- fileevent $state(sock) writable for $token
+	# Connect does its own fconfigure.
+
+        lassign $state(connArgs) proto phost srvurl
+
+	if {[catch {
+		fileevent $state(sock) writable \
+			[list http::Connect $token $proto $phost $srvurl]
+	} res opts]} {
+	    # The socket no longer exists.
+	    ##Log bug -- socket gone -- $res -- $opts
+	}
+
+    }
+
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::SendHeader
+# ------------------------------------------------------------------------------
+# Command to send a request header, and keep a copy in state(requestHeaders)
+# for debugging purposes.
+#
+# Arguments:
+# token       - connection token (name of an array)
+# key         - header name
+# value       - header value
+#
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+proc http::SendHeader {token key value} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    set sock $state(sock)
+    lappend state(requestHeaders) [string tolower $key] $value
+    puts $sock "$key: $value"
+    return
+}
+
+# http::Connected --
+#
+#	Callback used when the connection to the HTTP server is actually
+#	established.
+#
+# Arguments:
+#	token	State token.
+#	proto	What protocol (http, https, etc.) was used to connect.
+#	phost	Are we using keep-alive? Non-empty if yes.
+#	srvurl	Service-local URL that we're requesting
+# Results:
+#	None.
+
+proc http::Connected {token proto phost srvurl} {
+    variable http
+    variable urlTypes
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    if {$state(reusing) && (!$state(-pipeline)) && ($state(-timeout) > 0)} {
+	set state(after) [after $state(-timeout) \
+		[list http::reset $token timeout]]
+    }
+
+    # Set back the variables needed here.
+    set sock $state(sock)
+    set isQueryChannel [info exists state(-querychannel)]
+    set isQuery [info exists state(-query)]
+    regexp {^(.+):([^:]+)$} $state(socketinfo) {} host port
+
+    set lower [string tolower $proto]
+    set defport [lindex $urlTypes($lower) 0]
+
+    # Send data in cr-lf format, but accept any line terminators.
+    # Initialisation to {auto *} now done in geturl, KeepSocket and DoneRequest.
+    # We are concerned here with the request (write) not the response (read).
+    lassign [fconfigure $sock -translation] trRead trWrite
+    fconfigure $sock -translation [list $trRead crlf] \
+		     -buffersize $state(-blocksize)
+    if {[package vsatisfies [package provide Tcl] 9.0-]} {
+	fconfigure $sock -profile tcl8
+    }
+
+    # The following is disallowed in safe interpreters, but the socket is
+    # already in non-blocking mode in that case.
+
+    catch {fconfigure $sock -blocking off}
+    set how GET
+    if {$isQuery} {
+	set state(querylength) [string length $state(-query)]
+	if {$state(querylength) > 0} {
+	    set how POST
+	    set contDone 0
+	} else {
+	    # There's no query data.
+	    unset state(-query)
+	    set isQuery 0
+	}
+    } elseif {$state(-validate)} {
+	set how HEAD
+    } elseif {$isQueryChannel} {
+	set how POST
+	# The query channel must be blocking for the async Write to
+	# work properly.
+	fconfigure $state(-querychannel) -blocking 1 -translation binary
+	set contDone 0
+    }
+    if {[info exists state(-method)] && ($state(-method) ne "")} {
+	set how $state(-method)
+    }
+    set accept_types_seen 0
+
+    Log ^B$tk begin sending request - token $token
+
+    if {[catch {
+	if {[info exists state(bypass)]} {
+	    set state(method) [lindex [split $state(bypass) { }] 0]
+	    set state(requestHeaders) {}
+	    set state(requestLine) $state(bypass)
+	} else {
+	    set state(method) $how
+	    set state(requestHeaders) {}
+	    set state(requestLine) "$how $srvurl HTTP/$state(-protocol)"
+	}
+	puts $sock $state(requestLine)
+	set hostValue [GetFieldValue $state(-headers) Host]
+	if {$hostValue ne {}} {
+	    # Allow Host spoofing. [Bug 928154]
+	    regexp {^[^:]+} $hostValue state(host)
+	    SendHeader $token Host $hostValue
+	} elseif {$port == $defport} {
+	    # Don't add port in this case, to handle broken servers. [Bug
+	    # #504508]
+	    set state(host) $host
+	    SendHeader $token Host $host
+	} else {
+	    set state(host) $host
+	    SendHeader $token Host "$host:$port"
+	}
+	SendHeader $token User-Agent $http(-useragent)
+	if {($state(-protocol) > 1.0) && $state(-keepalive)} {
+	    # Send this header, because a 1.1 server is not compelled to treat
+	    # this as the default.
+	    set ConnVal keep-alive
+	} elseif {($state(-protocol) > 1.0)} {
+	    # RFC2616 sec 8.1.2.1
+	    set ConnVal close
+	} else {
+	    # ($state(-protocol) <= 1.0)
+	    # RFC7230 A.1
+	    # Some server implementations of HTTP/1.0 have a faulty
+	    # implementation of RFC 2068 Keep-Alive.
+	    # Don't leave this to chance.
+	    # For HTTP/1.0 we have already "set state(connection) close"
+	    # and "state(-keepalive) 0".
+	    set ConnVal close
+	}
+        # Proxy authorisation (cf. mod by Anders Ramdahl to autoproxy by
+        # Pat Thoyts).
+        if {($http(-proxyauth) ne {}) && ($state(proxyUsed) eq {HttpProxy})} {
+	    SendHeader $token Proxy-Authorization $http(-proxyauth)
+        }
+	# RFC7230 A.1 - "clients are encouraged not to send the
+	# Proxy-Connection header field in any requests"
+	set accept_encoding_seen 0
+	set content_type_seen 0
+	set connection_seen 0
+	foreach {key value} $state(-headers) {
+	    set value [string map [list \n "" \r ""] $value]
+	    set key [string map {" " -} [string trim $key]]
+	    if {[string equal -nocase $key "host"]} {
+		continue
+	    }
+	    if {[string equal -nocase $key "accept-encoding"]} {
+		set accept_encoding_seen 1
+	    }
+	    if {[string equal -nocase $key "accept"]} {
+		set accept_types_seen 1
+	    }
+	    if {[string equal -nocase $key "content-type"]} {
+		set content_type_seen 1
+	    }
+	    if {[string equal -nocase $key "content-length"]} {
+		set contDone 1
+		set state(querylength) $value
+	    }
+	    if {    [string equal -nocase $key "connection"]
+	         && [info exists state(bypass)]
+	    } {
+		# Value supplied in -headers overrides $ConnVal.
+		set connection_seen 1
+	    } elseif {[string equal -nocase $key "connection"]} {
+		# Remove "close" or "keep-alive" and use our own value.
+		# In an upgrade request, the upgrade is not guaranteed.
+		# Value "close" or "keep-alive" tells the server what to do
+		# if it refuses the upgrade.  We send a single "Connection"
+		# header because some websocket servers, e.g. civetweb, reject
+		# multiple headers. Bug [d01de3281f] of tcllib/websocket.
+		set connection_seen 1
+		set listVal $state(connectionValues)
+		if {[set pos [lsearch $listVal close]] != -1} {
+		    set listVal [lreplace $listVal $pos $pos]
+		}
+		if {[set pos [lsearch $listVal keep-alive]] != -1} {
+		    set listVal [lreplace $listVal $pos $pos]
+		}
+		lappend listVal $ConnVal
+		set value [join $listVal {, }]
+	    }
+	    if {[string length $key]} {
+		SendHeader $token $key $value
+	    }
+	}
+	# Allow overriding the Accept header on a per-connection basis. Useful
+	# for working with REST services. [Bug c11a51c482]
+	if {!$accept_types_seen} {
+	    SendHeader $token Accept $state(accept-types)
+	}
+	if {    (!$accept_encoding_seen)
+	     && (![info exists state(-handler)])
+	     && $http(-zip)
+	} {
+	    SendHeader $token Accept-Encoding gzip,deflate
+	} elseif {!$accept_encoding_seen} {
+	    SendHeader $token Accept-Encoding identity
+	} else {
+	}
+	if {!$connection_seen} {
+	    SendHeader $token Connection $ConnVal
+	}
+	if {$isQueryChannel && ($state(querylength) == 0)} {
+	    # Try to determine size of data in channel. If we cannot seek, the
+	    # surrounding catch will trap us
+
+	    set start [tell $state(-querychannel)]
+	    seek $state(-querychannel) 0 end
+	    set state(querylength) \
+		    [expr {[tell $state(-querychannel)] - $start}]
+	    seek $state(-querychannel) $start
+	}
+
+	# Note that we don't do Cookie2; that's much nastier and not normally
+	# observed in practice either. It also doesn't fix the multitude of
+	# bugs in the basic cookie spec.
+	if {$http(-cookiejar) ne ""} {
+	    set cookies ""
+	    set separator ""
+	    foreach {key value} [{*}$http(-cookiejar) \
+		    getCookies $proto $host $state(path)] {
+		append cookies $separator $key = $value
+		set separator "; "
+	    }
+	    if {$cookies ne ""} {
+		SendHeader $token Cookie $cookies
+	    }
+	}
+
+	# Flush the request header and set up the fileevent that will either
+	# push the POST data or read the response.
+	#
+	# fileevent note:
+	#
+	# It is possible to have both the read and write fileevents active at
+	# this point. The only scenario it seems to affect is a server that
+	# closes the connection without reading the POST data. (e.g., early
+	# versions TclHttpd in various error cases). Depending on the
+	# platform, the client may or may not be able to get the response from
+	# the server because of the error it will get trying to write the post
+	# data. Having both fileevents active changes the timing and the
+	# behavior, but no two platforms (among Solaris, Linux, and NT) behave
+	# the same, and none behave all that well in any case. Servers should
+	# always read their POST data if they expect the client to read their
+	# response.
+
+	if {$isQuery || $isQueryChannel} {
+	    # POST method.
+	    if {!$content_type_seen} {
+		SendHeader $token Content-Type $state(-type)
+	    }
+	    if {!$contDone} {
+		SendHeader $token Content-Length $state(querylength)
+	    }
+	    puts $sock ""
+	    flush $sock
+	    # Flush flushes the error in the https case with a bad handshake:
+	    # else the socket never becomes writable again, and hangs until
+	    # timeout (if any).
+
+	    lassign [fconfigure $sock -translation] trRead trWrite
+	    fconfigure $sock -translation [list $trRead binary]
+	    fileevent $sock writable [list http::Write $token]
+	    # The http::Write command decides when to make the socket readable,
+	    # using the same test as the GET/HEAD case below.
+	} else {
+	    # GET or HEAD method.
+	    if {    (![catch {fileevent $sock readable} binding])
+		 && ($binding eq [list http::CheckEof $sock])
+	    } {
+		# Remove the "fileevent readable" binding of an idle persistent
+		# socket to http::CheckEof.  We can no longer treat bytes
+		# received as junk. The server might still time out and
+		# half-close the socket if it has not yet received the first
+		# "puts".
+		fileevent $sock readable {}
+	    }
+	    puts $sock ""
+	    flush $sock
+	    Log ^C$tk end sending request - token $token
+	    # End of writing (GET/HEAD methods).  The request has been sent.
+
+	    DoneRequest $token
+	}
+
+    } err]} {
+	# The socket probably was never connected, OR the connection dropped
+	# later, OR https handshake error, which may be discovered as late as
+	# the "flush" command above...
+	Log "WARNING - if testing, pay special attention to this\
+		case (GI) which is seldom executed - token $token"
+	if {[info exists state(reusing)] && $state(reusing)} {
+	    # The socket was closed at the server end, and closed at
+	    # this end by http::CheckEof.
+    	    if {[TestForReplay $token write $err a]} {
+		return
+	    } else {
+		Finish $token {failed to re-use socket}
+	    }
+
+	    # else:
+	    # This is NOT a persistent socket that has been closed since its
+	    # last use.
+	    # If any other requests are in flight or pipelined/queued, they will
+	    # be discarded.
+	} elseif {$state(status) eq ""} {
+	    # https handshake errors come here, for
+	    # Tcl 8.7 without http::SecureProxyConnect, and for Tcl 8.6.
+	    set msg [registerError $sock]
+	    registerError $sock {}
+	    if {$msg eq {}} {
+		set msg {failed to use socket}
+	    }
+	    Finish $token $msg
+	} elseif {$state(status) ne "error"} {
+	    Finish $token $err
+	}
+    }
+    return
+}
+
+# http::registerError
+#
+#	Called (for example when processing TclTLS activity) to register
+#	an error for a connection on a specific socket.  This helps
+#	http::Connected to deliver meaningful error messages, e.g. when a TLS
+#	certificate fails verification.
+#
+#	Usage: http::registerError socket ?newValue?
+#
+#	"set" semantics, except that a "get" (a call without a new value) for a
+#	non-existent socket returns {}, not an error.
+
+proc http::registerError {sock args} {
+    variable registeredErrors
+
+    if {    ([llength $args] == 0)
+	 && (![info exists registeredErrors($sock)])
+    } {
+	return
+    } elseif {    ([llength $args] == 1)
+	       && ([lindex $args 0] eq {})
+    } {
+	unset -nocomplain registeredErrors($sock)
+	return
+    }
+    set registeredErrors($sock) {*}$args
+}
+
+# http::DoneRequest --
+#
+#	Command called when a request has been sent.  It will arrange the
+#	next request and/or response as appropriate.
+#
+#	If this command is called when $socketClosing(*), the request $token
+#	that calls it must be pipelined and destined to fail.
+
+proc http::DoneRequest {token} {
+    variable http
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    set sock $state(sock)
+
+    # If pipelined, connect the next HTTP request to the socket.
+    if {$state(reusing) && $state(-pipeline)} {
+	# Enable next token (if any) to write.
+	# The value "Wready" is set only here, and
+	# in http::Event after reading the response-headers of a
+	# non-reusing transaction.
+	# Previous value is $token. It cannot be pending.
+	set socketWrState($state(socketinfo)) Wready
+
+	# Now ready to write the next pipelined request (if any).
+	http::NextPipelinedWrite $token
+    } else {
+	# If pipelined, this is the first transaction on this socket.  We wait
+	# for the response headers to discover whether the connection is
+	# persistent.  (If this is not done and the connection is not
+	# persistent, we SHOULD retry and then MUST NOT pipeline before knowing
+	# that we have a persistent connection
+	# (rfc2616 8.1.2.2)).
+    }
+
+    # Connect to receive the response, unless the socket is pipelined
+    # and another response is being sent.
+    # This code block is separate from the code below because there are
+    # cases where socketRdState already has the value $token.
+    if {    $state(-keepalive)
+	 && $state(-pipeline)
+	 && [info exists socketRdState($state(socketinfo))]
+	 && ($socketRdState($state(socketinfo)) eq "Rready")
+    } {
+	#Log pipelined, GRANT read access to $token in Connected
+	set socketRdState($state(socketinfo)) $token
+    }
+
+    if {    $state(-keepalive)
+	 && $state(-pipeline)
+	 && [info exists socketRdState($state(socketinfo))]
+	 && ($socketRdState($state(socketinfo)) ne $token)
+    } {
+	# Do not read from the socket until it is ready.
+	##Log "HTTP response for token $token is queued for pipelined use"
+	# If $socketClosing(*), then the caller will be a pipelined write and
+	# execution will come here.
+	# This token has already been recorded as "in flight" for writing.
+	# When the socket is closed, the read queue will be cleared in
+	# CloseQueuedQueries and so the "lappend" here has no effect.
+	lappend socketRdQueue($state(socketinfo)) $token
+    } else {
+	# In the pipelined case, connection for reading depends on the
+	# value of socketRdState.
+	# In the nonpipeline case, connection for reading always occurs.
+	ReceiveResponse $token
+    }
+    return
+}
+
+# http::ReceiveResponse
+#
+#	Connects token to its socket for reading.
+
+proc http::ReceiveResponse {token} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    set sock $state(sock)
+
+    #Log ---- $state(socketinfo) >> conn to $token for HTTP response
+    lassign [fconfigure $sock -translation] trRead trWrite
+    fconfigure $sock -translation [list auto $trWrite] \
+		     -buffersize $state(-blocksize)
+    if {[package vsatisfies [package provide Tcl] 9.0-]} {
+	fconfigure $sock -profile tcl8
+    }
+    Log ^D$tk begin receiving response - token $token
+
+    coroutine ${token}--EventCoroutine http::Event $sock $token
+    if {[info exists state(-handler)] || [info exists state(-progress)]} {
+        fileevent $sock readable [list http::EventGateway $sock $token]
+    } else {
+        fileevent $sock readable ${token}--EventCoroutine
+    }
+    return
+}
+
+
+# http::EventGateway
+#
+#	Bug [c2dc1da315].
+#	- Recursive launch of the coroutine can occur if a -handler or -progress
+#	  callback is used, and the callback command enters the event loop.
+#	- To prevent this, the fileevent "binding" is disabled while the
+#	  coroutine is in flight.
+#	- If a recursive call occurs despite these precautions, it is not
+#	  trapped and discarded here, because it is better to report it as a
+#	  bug.
+#	- Although this solution is believed to be sufficiently general, it is
+#	  used only if -handler or -progress is specified.  In other cases,
+#	  the coroutine is called directly.
+
+proc http::EventGateway {sock token} {
+    variable $token
+    upvar 0 $token state
+    fileevent $sock readable {}
+    catch {${token}--EventCoroutine} res opts
+    if {[info commands ${token}--EventCoroutine] ne {}} {
+        # The coroutine can be deleted by completion (a non-yield return), by
+        # http::Finish (when there is a premature end to the transaction), by
+        # http::reset or http::cleanup, or if the caller set option -channel
+        # but not option -handler: in the last case reading from the socket is
+        # now managed by commands ::http::Copy*, http::ReceiveChunked, and
+        # http::MakeTransformationChunked.
+        #
+        # Catch in case the coroutine has closed the socket.
+        catch {fileevent $sock readable [list http::EventGateway $sock $token]}
+    }
+
+    # If there was an error, re-throw it.
+    return -options $opts $res
+}
+
+
+# http::NextPipelinedWrite
+#
+# - Connecting a socket to a token for writing is done by this command and by
+#   command KeepSocket.
+# - If another request has a pipelined write scheduled for $token's socket,
+#   and if the socket is ready to accept it, connect the write and update
+#   the queue accordingly.
+# - This command is called from http::DoneRequest and http::Event,
+#   IF $state(-pipeline) AND (the current transfer has reached the point at
+#   which the socket is ready for the next request to be written).
+# - This command is called when a token has write access and is pipelined and
+#   keep-alive, and sets socketWrState to Wready.
+# - The command need not consider the case where socketWrState is set to a token
+#   that does not yet have write access.  Such a token is waiting for Rready,
+#   and the assignment of the connection to the token will be done elsewhere (in
+#   http::KeepSocket).
+# - This command cannot be called after socketWrState has been set to a
+#   "pending" token value (that is then overwritten by the caller), because that
+#   value is set by this command when it is called by an earlier token when it
+#   relinquishes its write access, and the pending token is always the next in
+#   line to write.
+
+proc http::NextPipelinedWrite {token} {
+    variable http
+    variable socketRdState
+    variable socketWrState
+    variable socketWrQueue
+    variable socketClosing
+    variable $token
+    upvar 0 $token state
+    set connId $state(socketinfo)
+
+    if {    [info exists socketClosing($connId)]
+	 && $socketClosing($connId)
+    } {
+	# socketClosing(*) is set because the server has sent a
+	# "Connection: close" header.
+	# Behave as if the queues are empty - so do nothing.
+    } elseif {    $state(-pipeline)
+	 && [info exists socketWrState($connId)]
+	 && ($socketWrState($connId) eq "Wready")
+
+	 && [info exists socketWrQueue($connId)]
+	 && [llength $socketWrQueue($connId)]
+	 && ([set token2 [lindex $socketWrQueue($connId) 0]
+	      set ${token2}(-pipeline)
+	     ]
+	    )
+    } {
+	# - The usual case for a pipelined connection, ready for a new request.
+	#Log pipelined, GRANT write access to $token2 in NextPipelinedWrite
+	set conn [set ${token2}(connArgs)]
+	set socketWrState($connId) $token2
+	set socketWrQueue($connId) [lrange $socketWrQueue($connId) 1 end]
+	# Connect does its own fconfigure.
+	fileevent $state(sock) writable [list http::Connect $token2 {*}$conn]
+	#Log ---- $connId << conn to $token2 for HTTP request (b)
+
+	# In the tests below, the next request will be nonpipeline.
+    } elseif {    $state(-pipeline)
+	       && [info exists socketWrState($connId)]
+	       && ($socketWrState($connId) eq "Wready")
+
+	       && [info exists socketWrQueue($connId)]
+	       && [llength $socketWrQueue($connId)]
+	       && (![ set token3 [lindex $socketWrQueue($connId) 0]
+		      set ${token3}(-pipeline)
+		    ]
+		  )
+
+	       && [info exists socketRdState($connId)]
+	       && ($socketRdState($connId) eq "Rready")
+    } {
+	# The case in which the next request will be non-pipelined, and the read
+	# and write queues is ready: which is the condition for a non-pipelined
+	# write.
+	set conn [set ${token3}(connArgs)]
+	#Log nonpipeline, GRANT r/w access to $token3 in NextPipelinedWrite
+	set socketRdState($connId) $token3
+	set socketWrState($connId) $token3
+	set socketWrQueue($connId) [lrange $socketWrQueue($connId) 1 end]
+	# Connect does its own fconfigure.
+	fileevent $state(sock) writable [list http::Connect $token3 {*}$conn]
+	#Log ---- $state(sock) << conn to $token3 for HTTP request (c)
+
+    } elseif {    $state(-pipeline)
+	 && [info exists socketWrState($connId)]
+	 && ($socketWrState($connId) eq "Wready")
+
+	 && [info exists socketWrQueue($connId)]
+	 && [llength $socketWrQueue($connId)]
+	 && (![set token2 [lindex $socketWrQueue($connId) 0]
+	      set ${token2}(-pipeline)
+	     ]
+	    )
+    } {
+	# - The case in which the next request will be non-pipelined, but the
+	#   read queue is NOT ready.
+	# - A read is queued or in progress, but not a write.  Cannot start the
+	#   nonpipeline transaction, but must set socketWrState to prevent a new
+	#   pipelined request (in http::geturl) jumping the queue.
+	# - Because socketWrState($connId) is not set to Wready, the assignment
+	#   of the connection to $token2 will be done elsewhere - by command
+	#   http::KeepSocket when $socketRdState($connId) is set to "Rready".
+
+	#Log re-use nonpipeline, GRANT delayed write access to $token in NextP..
+	set socketWrState($connId) peNding
+    }
+    return
+}
+
+# http::CancelReadPipeline
+#
+#	Cancel pipelined responses on a closing "Keep-Alive" socket.
+#
+#	- Called by a variable trace on "unset socketRdState($connId)".
+#	- The variable relates to a Keep-Alive socket, which has been closed.
+#	- Cancels all pipelined responses. The requests have been sent,
+#	  the responses have not yet been received.
+#	- This is a hard cancel that ends each transaction with error status,
+#	  and closes the connection. Do not use it if you want to replay failed
+#	  transactions.
+#	- N.B. Always delete ::http::socketRdState($connId) before deleting
+#	  ::http::socketRdQueue($connId), or this command will do nothing.
+#
+# Arguments
+#	As for a trace command on a variable.
+
+proc http::CancelReadPipeline {name1 connId op} {
+    variable socketRdQueue
+    ##Log CancelReadPipeline $name1 $connId $op
+    if {[info exists socketRdQueue($connId)]} {
+	set msg {the connection was closed by CancelReadPipeline}
+	foreach token $socketRdQueue($connId) {
+	    set tk [namespace tail $token]
+	    Log ^X$tk end of response "($msg)" - token $token
+	    set ${token}(status) eof
+	    Finish $token ;#$msg
+	}
+	set socketRdQueue($connId) {}
+    }
+    return
+}
+
+# http::CancelWritePipeline
+#
+#	Cancel queued events on a closing "Keep-Alive" socket.
+#
+#	- Called by a variable trace on "unset socketWrState($connId)".
+#	- The variable relates to a Keep-Alive socket, which has been closed.
+#	- In pipelined or nonpipeline case: cancels all queued requests.  The
+#	  requests have not yet been sent, the responses are not due.
+#	- This is a hard cancel that ends each transaction with error status,
+#	  and closes the connection. Do not use it if you want to replay failed
+#	  transactions.
+#	- N.B. Always delete ::http::socketWrState($connId) before deleting
+#	  ::http::socketWrQueue($connId), or this command will do nothing.
+#
+# Arguments
+#	As for a trace command on a variable.
+
+proc http::CancelWritePipeline {name1 connId op} {
+    variable socketWrQueue
+
+    ##Log CancelWritePipeline $name1 $connId $op
+    if {[info exists socketWrQueue($connId)]} {
+	set msg {the connection was closed by CancelWritePipeline}
+	foreach token $socketWrQueue($connId) {
+	    set tk [namespace tail $token]
+	    Log ^X$tk end of response "($msg)" - token $token
+	    set ${token}(status) eof
+	    Finish $token ;#$msg
+	}
+	set socketWrQueue($connId) {}
+    }
+    return
+}
+
+# http::ReplayIfDead --
+#
+# - A query on a re-used persistent socket failed at the earliest opportunity,
+#   because the socket had been closed by the server.  Keep the token, tidy up,
+#   and try to connect on a fresh socket.
+# - The connection is monitored for eof by the command http::CheckEof.  Thus
+#   http::ReplayIfDead is needed only when a server event (half-closing an
+#   apparently idle connection), and a client event (sending a request) occur at
+#   almost the same time, and neither client nor server detects the other's
+#   action before performing its own (an "asynchronous close event").
+# - To simplify testing of http::ReplayIfDead, set TEST_EOF 1 in
+#   http::KeepSocket, and then http::ReplayIfDead will be called if http::geturl
+#   is called at any time after the server timeout.
+#
+# Arguments:
+#	token	Connection token.
+#
+# Side Effects:
+#	Use the same token, but try to open a new socket.
+
+proc http::ReplayIfDead {token doing} {
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+
+    Log running http::ReplayIfDead for $token $doing
+
+    # 1. Merge the tokens for transactions in flight, the read (response) queue,
+    #    and the write (request) queue.
+
+    set InFlightR {}
+    set InFlightW {}
+
+    # Obtain the tokens for transactions in flight.
+    if {$state(-pipeline)} {
+	# Two transactions may be in flight.  The "read" transaction was first.
+	# It is unlikely that the server would close the socket if a response
+	# was pending; however, an earlier request (as well as the present
+	# request) may have been sent and ignored if the socket was half-closed
+	# by the server.
+
+	if {    [info exists socketRdState($state(socketinfo))]
+	     && ($socketRdState($state(socketinfo)) ne "Rready")
+	} {
+	    lappend InFlightR $socketRdState($state(socketinfo))
+	} elseif {($doing eq "read")} {
+	    lappend InFlightR $token
+	}
+
+	if {    [info exists socketWrState($state(socketinfo))]
+	     && $socketWrState($state(socketinfo)) ni {Wready peNding}
+	} {
+	    lappend InFlightW $socketWrState($state(socketinfo))
+	} elseif {($doing eq "write")} {
+	    lappend InFlightW $token
+	}
+
+	# Report any inconsistency of $token with socket*state.
+	if {    ($doing eq "read")
+	     && [info exists socketRdState($state(socketinfo))]
+	     && ($token ne $socketRdState($state(socketinfo)))
+	} {
+	    Log WARNING - ReplayIfDead pipelined token $token $doing \
+		    ne socketRdState($state(socketinfo)) \
+		      $socketRdState($state(socketinfo))
+
+	} elseif {
+		($doing eq "write")
+	     && [info exists socketWrState($state(socketinfo))]
+	     && ($token ne $socketWrState($state(socketinfo)))
+	} {
+	    Log WARNING - ReplayIfDead pipelined token $token $doing \
+		    ne socketWrState($state(socketinfo)) \
+		      $socketWrState($state(socketinfo))
+	}
+    } else {
+	# One transaction should be in flight.
+	# socketRdState, socketWrQueue are used.
+	# socketRdQueue should be empty.
+
+	# Report any inconsistency of $token with socket*state.
+	if {$token ne $socketRdState($state(socketinfo))} {
+	    Log WARNING - ReplayIfDead nonpipeline token $token $doing \
+		    ne socketRdState($state(socketinfo)) \
+		      $socketRdState($state(socketinfo))
+	}
+
+	# Report the inconsistency that socketRdQueue is non-empty.
+	if {    [info exists socketRdQueue($state(socketinfo))]
+	     && ($socketRdQueue($state(socketinfo)) ne {})
+	} {
+	    Log WARNING - ReplayIfDead nonpipeline token $token $doing \
+		    has read queue socketRdQueue($state(socketinfo)) \
+		    $socketRdQueue($state(socketinfo)) ne {}
+	}
+
+	lappend InFlightW $socketRdState($state(socketinfo))
+	set socketRdQueue($state(socketinfo)) {}
+    }
+
+    set newQueue {}
+    lappend newQueue {*}$InFlightR
+    lappend newQueue {*}$socketRdQueue($state(socketinfo))
+    lappend newQueue {*}$InFlightW
+    lappend newQueue {*}$socketWrQueue($state(socketinfo))
+
+
+    # 2. Tidy up token.  This is a cut-down form of Finish/CloseSocket.
+    #    Do not change state(status).
+    #    No need to after cancel state(after) - either this is done in
+    #    ReplayCore/ReInit, or Finish is called.
+
+    catch {close $state(sock)}
+    Unset $state(socketinfo)
+
+    # 2a. Tidy the tokens in the queues - this is done in ReplayCore/ReInit.
+    # - Transactions, if any, that are awaiting responses cannot be completed.
+    #   They are listed for re-sending in newQueue.
+    # - All tokens are preserved for re-use by ReplayCore, and their variables
+    #   will be re-initialised by calls to ReInit.
+    # - The relevant element of socketMapping, socketRdState, socketWrState,
+    #   socketRdQueue, socketWrQueue, socketClosing, socketPlayCmd will be set
+    #   to new values in ReplayCore.
+
+    ReplayCore $newQueue
+    return
+}
+
+# http::ReplayIfClose --
+#
+#	A request on a socket that was previously "Connection: keep-alive" has
+#	received a "Connection: close" response header.  The server supplies
+#	that response correctly, but any later requests already queued on this
+#	connection will be lost when the socket closes.
+#
+#	This command takes arguments that represent the socketWrState,
+#	socketRdQueue and socketWrQueue for this connection.  The socketRdState
+#	is not needed because the server responds in full to the request that
+#	received the "Connection: close" response header.
+#
+#	Existing request tokens $token (::http::$n) are preserved.  The caller
+#	will be unaware that the request was processed this way.
+
+proc http::ReplayIfClose {Wstate Rqueue Wqueue} {
+    Log running http::ReplayIfClose for $Wstate $Rqueue $Wqueue
+
+    if {$Wstate in $Rqueue || $Wstate in $Wqueue} {
+	Log WARNING duplicate token in http::ReplayIfClose - token $Wstate
+	set Wstate Wready
+    }
+
+    # 1. Create newQueue
+    set InFlightW {}
+    if {$Wstate ni {Wready peNding}} {
+	lappend InFlightW $Wstate
+    }
+    ##Log $Rqueue -- $InFlightW -- $Wqueue
+    set newQueue {}
+    lappend newQueue {*}$Rqueue
+    lappend newQueue {*}$InFlightW
+    lappend newQueue {*}$Wqueue
+
+    # 2. Cleanup - none needed, done by the caller.
+
+    ReplayCore $newQueue
+    return
+}
+
+# http::ReInit --
+#
+#	Command to restore a token's state to a condition that
+#	makes it ready to replay a request.
+#
+#	Command http::geturl stores extra state in state(tmp*) so
+#	we don't need to do the argument processing again.
+#
+#	The caller must:
+#	- Set state(reusing) and state(sock) to their new values after calling
+#	  this command.
+#	- Unset state(tmpState), state(tmpOpenCmd) if future calls to ReplayCore
+#	  or ReInit are inappropriate for this token. Typically only one retry
+#	  is allowed.
+#	The caller may also unset state(tmpConnArgs) if this value (and the
+#	token) will be used immediately.  The value is needed by tokens that
+#	will be stored in a queue.
+#
+# Arguments:
+#	token	Connection token.
+#
+# Return Value: (boolean) true iff the re-initialisation was successful.
+
+proc http::ReInit {token} {
+    variable $token
+    upvar 0 $token state
+
+    if {!(
+	      [info exists state(tmpState)]
+	   && [info exists state(tmpOpenCmd)]
+	   && [info exists state(tmpConnArgs)]
+	 )
+    } {
+	Log FAILED in http::ReInit via ReplayCore - NO tmp vars for $token
+	return 0
+    }
+
+    if {[info exists state(after)]} {
+	after cancel $state(after)
+	unset state(after)
+    }
+    if {[info exists state(socketcoro)]} {
+        Log $token Cancel socket after-idle event (ReInit)
+        after cancel $state(socketcoro)
+        unset state(socketcoro)
+    }
+
+    # Don't alter state(status) - this would trigger http::wait if it is in use.
+    set tmpState    $state(tmpState)
+    set tmpOpenCmd  $state(tmpOpenCmd)
+    set tmpConnArgs $state(tmpConnArgs)
+    foreach name [array names state] {
+	if {$name ne "status"} {
+	    unset state($name)
+	}
+    }
+
+    # Don't alter state(status).
+    # Restore state(tmp*) - the caller may decide to unset them.
+    # Restore state(tmpConnArgs) which is needed for connection.
+    # state(tmpState), state(tmpOpenCmd) are needed only for retries.
+
+    dict unset tmpState status
+    array set state $tmpState
+    set state(tmpState)    $tmpState
+    set state(tmpOpenCmd)  $tmpOpenCmd
+    set state(tmpConnArgs) $tmpConnArgs
+
+    return 1
+}
+
+# http::ReplayCore --
+#
+#	Command to replay a list of requests, using existing connection tokens.
+#
+#	Abstracted from http::geturl which stores extra state in state(tmp*) so
+#	we don't need to do the argument processing again.
+#
+# Arguments:
+#	newQueue	List of connection tokens.
+#
+# Side Effects:
+#	Use existing tokens, but try to open a new socket.
+
+proc http::ReplayCore {newQueue} {
+    variable TmpSockCounter
+
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    if {[llength $newQueue] == 0} {
+	# Nothing to do.
+	return
+    }
+
+    ##Log running ReplayCore for {*}$newQueue
+    set newToken [lindex $newQueue 0]
+    set newQueue [lrange $newQueue 1 end]
+
+    # 3. Use newToken, and restore its values of state(*).  Do not restore
+    #    elements tmp* - we try again only once.
+
+    set token $newToken
+    variable $token
+    upvar 0 $token state
+
+    if {![ReInit $token]} {
+	Log FAILED in http::ReplayCore - NO tmp vars
+	Log ReplayCore reject $token
+	Finish $token {cannot send this request again}
+	return
+    }
+
+    set tmpState    $state(tmpState)
+    set tmpOpenCmd  $state(tmpOpenCmd)
+    set tmpConnArgs $state(tmpConnArgs)
+    unset state(tmpState)
+    unset state(tmpOpenCmd)
+    unset state(tmpConnArgs)
+
+    set state(reusing) 0
+    set state(ReusingPlaceholder) 0
+    set state(alreadyQueued) 0
+    Log ReplayCore replay $token
+
+    # Give the socket a placeholder name before it is created.
+    set sock HTTP_PLACEHOLDER_[incr TmpSockCounter]
+    set state(sock) $sock
+
+    # Move the $newQueue into the placeholder socket's socketPhQueue.
+    set socketPhQueue($sock) {}
+    foreach tok $newQueue {
+	if {[ReInit $tok]} {
+	    set ${tok}(reusing) 1
+	    set ${tok}(sock) $sock
+	    lappend socketPhQueue($sock) $tok
+	    Log ReplayCore replay $tok
+	} else {
+	    Log ReplayCore reject $tok
+	    set ${tok}(reusing) 1
+	    set ${tok}(sock) NONE
+	    Finish $tok {cannot send this request again}
+	}
+    }
+
+    AsyncTransaction $token
+
+    return
+}
+
+# Data access functions:
+# Data - the URL data
+# Status - the transaction status: ok, reset, eof, timeout, error
+# Code - the HTTP transaction code, e.g., 200
+# Size - the size of the URL data
+
+proc http::responseBody {token} {
+    variable $token
+    upvar 0 $token state
+    return $state(body)
+}
+proc http::status {token} {
+    if {![info exists $token]} {
+	return "error"
+    }
+    variable $token
+    upvar 0 $token state
+    return $state(status)
+}
+proc http::responseLine {token} {
+    variable $token
+    upvar 0 $token state
+    return $state(http)
+}
+proc http::requestLine {token} {
+    variable $token
+    upvar 0 $token state
+    return $state(requestLine)
+}
+proc http::responseCode {token} {
+    variable $token
+    upvar 0 $token state
+    if {[regexp {[0-9]{3}} $state(http) numeric_code]} {
+	return $numeric_code
+    } else {
+	return $state(http)
+    }
+}
+proc http::size {token} {
+    variable $token
+    upvar 0 $token state
+    return $state(currentsize)
+}
+proc http::requestHeaders {token args} {
+    set lenny  [llength $args]
+    if {$lenny > 1} {
+        return -code error {usage: ::http::requestHeaders token ?headerName?}
+    } else {
+        return [Meta $token request {*}$args]
+    }
+}
+proc http::responseHeaders {token args} {
+    set lenny  [llength $args]
+    if {$lenny > 1} {
+        return -code error {usage: ::http::responseHeaders token ?headerName?}
+    } else {
+        return [Meta $token response {*}$args]
+    }
+}
+proc http::requestHeaderValue {token header} {
+    Meta $token request $header VALUE
+}
+proc http::responseHeaderValue {token header} {
+    Meta $token response $header VALUE
+}
+proc http::Meta {token who args} {
+    variable $token
+    upvar 0 $token state
+
+    if {$who eq {request}} {
+        set whom requestHeaders
+    } elseif {$who eq {response}} {
+        set whom meta
+    } else {
+        return -code error {usage: ::http::Meta token request|response ?headerName ?VALUE??}
+    }
+
+    set header [string tolower [lindex $args 0]]
+    set how    [string tolower [lindex $args 1]]
+    set lenny  [llength $args]
+    if {$lenny == 0} {
+        return $state($whom)
+    } elseif {($lenny > 2) || (($lenny == 2) && ($how ne {value}))} {
+        return -code error {usage: ::http::Meta token request|response ?headerName ?VALUE??}
+    } else {
+        set result {}
+        set combined {}
+        foreach {key value} $state($whom) {
+            if {$key eq $header} {
+                lappend result $key $value
+                append combined $value {, }
+            }
+        }
+        if {$lenny == 1} {
+            return $result
+        } else {
+            return [string range $combined 0 end-2]
+        }
+    }
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::responseInfo
+# ------------------------------------------------------------------------------
+# Command to return a dictionary of the most useful metadata of a HTTP
+# response.
+#
+# Arguments:
+# token       - connection token (name of an array)
+#
+# Return Value: a dict. See man page http(n) for a description of each item.
+# ------------------------------------------------------------------------------
+
+proc http::responseInfo {token} {
+    variable $token
+    upvar 0 $token state
+    set result {}
+    foreach {key origin name} {
+        stage                 STATE  state
+        status                STATE  status
+        responseCode          STATE  responseCode
+        reasonPhrase          STATE  reasonPhrase
+        contentType           STATE  type
+        binary                STATE  binary
+        redirection           RESP   location
+        upgrade               STATE  upgrade
+        error                 ERROR  -
+        postError             STATE  posterror
+        method                STATE  method
+        charset               STATE  charset
+        compression           STATE  coding
+        httpRequest           STATE  -protocol
+        httpResponse          STATE  httpResponse
+        url                   STATE  url
+        connectionRequest     REQ    connection
+        connectionResponse    RESP   connection
+        connectionActual      STATE  connection
+        transferEncoding      STATE  transfer
+        totalPost             STATE  querylength
+        currentPost           STATE  queryoffset
+        totalSize             STATE  totalsize
+        currentSize           STATE  currentsize
+        proxyUsed             STATE  proxyUsed
+    } {
+        if {$origin eq {STATE}} {
+            if {[info exists state($name)]} {
+                dict set result $key $state($name)
+            } else {
+                # Should never come here
+                dict set result $key {}
+            }
+        } elseif {$origin eq {REQ}} {
+            dict set result $key [requestHeaderValue $token $name]
+        } elseif {$origin eq {RESP}} {
+            dict set result $key [responseHeaderValue $token $name]
+        } elseif {$origin eq {ERROR}} {
+            # Don't flood the dict with data.  The command ::http::error is
+            # available.
+            if {[info exists state(error)]} {
+                set msg [lindex $state(error) 0]
+            } else {
+                set msg {}
+            }
+            dict set result $key $msg
+        } else {
+            # Should never come here
+            dict set result $key {}
+        }
+    }
+    return $result
+}
+proc http::error {token} {
+    variable $token
+    upvar 0 $token state
+    if {[info exists state(error)]} {
+	return $state(error)
+    }
+    return
+}
+proc http::postError {token} {
+    variable $token
+    upvar 0 $token state
+    if {[info exists state(postErrorFull)]} {
+	return $state(postErrorFull)
+    }
+    return
+}
+
+# http::cleanup
+#
+#	Garbage collect the state associated with a transaction
+#
+# Arguments
+#	token	The token returned from http::geturl
+#
+# Side Effects
+#	Unsets the state array.
+
+proc http::cleanup {token} {
+    variable $token
+    upvar 0 $token state
+    if {[info commands ${token}--EventCoroutine] ne {}} {
+	rename ${token}--EventCoroutine {}
+    }
+    if {[info commands ${token}--SocketCoroutine] ne {}} {
+	rename ${token}--SocketCoroutine {}
+    }
+    if {[info exists state(after)]} {
+	after cancel $state(after)
+	unset state(after)
+    }
+    if {[info exists state(socketcoro)]} {
+        Log $token Cancel socket after-idle event (cleanup)
+        after cancel $state(socketcoro)
+        unset state(socketcoro)
+    }
+    if {[info exists state]} {
+	unset state
+    }
+    return
+}
+
+# http::Connect
+#
+#	This callback is made when an asynchronous connection completes.
+#
+# Arguments
+#	token	The token returned from http::geturl
+#
+# Side Effects
+#	Sets the status of the connection, which unblocks
+# 	the waiting geturl call
+
+proc http::Connect {token proto phost srvurl} {
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+
+    if {[catch {eof $state(sock)} tmp] || $tmp} {
+        set err "due to unexpected EOF"
+    } elseif {[set err [fconfigure $state(sock) -error]] ne ""} {
+        # set err is done in test
+    } else {
+        # All OK
+	set state(state) connecting
+	fileevent $state(sock) writable {}
+	::http::Connected $token $proto $phost $srvurl
+	return
+    }
+
+    # Error cases.
+	Log "WARNING - if testing, pay special attention to this\
+		case (GJ) which is seldom executed - token $token"
+	if {[info exists state(reusing)] && $state(reusing)} {
+	    # The socket was closed at the server end, and closed at
+	    # this end by http::CheckEof.
+	    if {[TestForReplay $token write $err b]} {
+		return
+	    }
+
+	    # else:
+	    # This is NOT a persistent socket that has been closed since its
+	    # last use.
+	    # If any other requests are in flight or pipelined/queued, they will
+	    # be discarded.
+	}
+	Finish $token "connect failed: $err"
+    return
+}
+
+# http::Write
+#
+#	Write POST query data to the socket
+#
+# Arguments
+#	token	The token for the connection
+#
+# Side Effects
+#	Write the socket and handle callbacks.
+
+proc http::Write {token} {
+    variable http
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    set sock $state(sock)
+
+    # Output a block.  Tcl will buffer this if the socket blocks
+    set done 0
+    if {[catch {
+	# Catch I/O errors on dead sockets
+
+	if {[info exists state(-query)]} {
+	    # Chop up large query strings so queryprogress callback can give
+	    # smooth feedback.
+	    if {    $state(queryoffset) + $state(-queryblocksize)
+		 >= $state(querylength)
+	    } {
+		# This will be the last puts for the request-body.
+		if {    (![catch {fileevent $sock readable} binding])
+		     && ($binding eq [list http::CheckEof $sock])
+		} {
+		    # Remove the "fileevent readable" binding of an idle
+		    # persistent socket to http::CheckEof.  We can no longer
+		    # treat bytes received as junk. The server might still time
+		    # out and half-close the socket if it has not yet received
+		    # the first "puts".
+		    fileevent $sock readable {}
+		}
+	    }
+	    puts -nonewline $sock \
+		[string range $state(-query) $state(queryoffset) \
+		     [expr {$state(queryoffset) + $state(-queryblocksize) - 1}]]
+	    incr state(queryoffset) $state(-queryblocksize)
+	    if {$state(queryoffset) >= $state(querylength)} {
+		set state(queryoffset) $state(querylength)
+		set done 1
+	    }
+	} else {
+	    # Copy blocks from the query channel
+
+	    set outStr [read $state(-querychannel) $state(-queryblocksize)]
+	    if {[eof $state(-querychannel)]} {
+		# This will be the last puts for the request-body.
+		if {    (![catch {fileevent $sock readable} binding])
+		     && ($binding eq [list http::CheckEof $sock])
+		} {
+		    # Remove the "fileevent readable" binding of an idle
+		    # persistent socket to http::CheckEof.  We can no longer
+		    # treat bytes received as junk. The server might still time
+		    # out and half-close the socket if it has not yet received
+		    # the first "puts".
+		    fileevent $sock readable {}
+		}
+	    }
+	    puts -nonewline $sock $outStr
+	    incr state(queryoffset) [string length $outStr]
+	    if {[eof $state(-querychannel)]} {
+		set done 1
+	    }
+	}
+    } err opts]} {
+	# Do not call Finish here, but instead let the read half of the socket
+	# process whatever server reply there is to get.
+	set state(posterror) $err
+	set info [dict get $opts -errorinfo]
+	set code [dict get $opts -code]
+	set state(postErrorFull) [list $err $info $code]
+	set done 1
+    }
+
+    if {$done} {
+	catch {flush $sock}
+	fileevent $sock writable {}
+	Log ^C$tk end sending request - token $token
+	# End of writing (POST method).  The request has been sent.
+
+	DoneRequest $token
+    }
+
+    # Callback to the client after we've completely handled everything.
+
+    if {[string length $state(-queryprogress)]} {
+	namespace eval :: $state(-queryprogress) \
+	    [list $token $state(querylength) $state(queryoffset)]
+    }
+    return
+}
+
+# http::Event
+#
+#	Handle input on the socket. This command is the core of
+#	the coroutine commands ${token}--EventCoroutine that are
+#	bound to "fileevent $sock readable" and process input.
+#
+# Arguments
+#	sock	The socket receiving input.
+#	token	The token returned from http::geturl
+#
+# Side Effects
+#	Read the socket and handle callbacks.
+
+proc http::Event {sock token} {
+    variable http
+    variable socketMapping
+    variable socketRdState
+    variable socketWrState
+    variable socketRdQueue
+    variable socketWrQueue
+    variable socketPhQueue
+    variable socketClosing
+    variable socketPlayCmd
+    variable socketCoEvent
+    variable socketProxyId
+
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    while 1 {
+	yield
+	##Log Event call - token $token
+
+	if {![info exists state]} {
+	    Log "Event $sock with invalid token '$token' - remote close?"
+	    if {!([catch {eof $sock} tmp] || $tmp)} {
+		if {[set d [read $sock]] ne ""} {
+		    Log "WARNING: additional data left on closed socket\
+			    - token $token"
+		} else {
+		}
+	    } else {
+	    }
+	    Log ^X$tk end of response (token error) - token $token
+	    CloseSocket $sock
+	    return
+	} else {
+	}
+	if {$state(state) eq "connecting"} {
+	    ##Log - connecting - token $token
+	    if {    $state(reusing)
+		 && $state(-pipeline)
+		 && ($state(-timeout) > 0)
+		 && (![info exists state(after)])
+	    } {
+		set state(after) [after $state(-timeout) \
+			[list http::reset $token timeout]]
+	    } else {
+	    }
+
+	    if {[catch {gets $sock state(http)} nsl]} {
+		Log "WARNING - if testing, pay special attention to this\
+			case (GK) which is seldom executed - token $token"
+		if {[info exists state(reusing)] && $state(reusing)} {
+		    # The socket was closed at the server end, and closed at
+		    # this end by http::CheckEof.
+
+		    if {[TestForReplay $token read $nsl c]} {
+			return
+		    } else {
+		    }
+		    # else:
+		    # This is NOT a persistent socket that has been closed since
+		    # its last use.
+		    # If any other requests are in flight or pipelined/queued,
+		    # they will be discarded.
+		} else {
+		    # https handshake errors come here, for
+		    # Tcl 8.7 with http::SecureProxyConnect.
+		    set msg [registerError $sock]
+		    registerError $sock {}
+		    if {$msg eq {}} {
+			set msg $nsl
+		    }
+		    Log ^X$tk end of response (error) - token $token
+		    Finish $token $msg
+		    return
+		}
+	    } elseif {$nsl >= 0} {
+		##Log - connecting 1 - token $token
+		set state(state) "header"
+	    } elseif {    ([catch {eof $sock} tmp] || $tmp)
+		       && [info exists state(reusing)]
+		       && $state(reusing)
+	    } {
+		# The socket was closed at the server end, and we didn't notice.
+		# This is the first read - where the closure is usually first
+		# detected.
+
+		if {[TestForReplay $token read {} d]} {
+		    return
+		} else {
+		}
+
+		# else:
+		# This is NOT a persistent socket that has been closed since its
+		# last use.
+		# If any other requests are in flight or pipelined/queued, they
+		# will be discarded.
+	    } else {
+	    }
+	} elseif {$state(state) eq "header"} {
+	    if {[catch {gets $sock line} nhl]} {
+		##Log header failed - token $token
+		Log ^X$tk end of response (error) - token $token
+		Finish $token $nhl
+		return
+	    } elseif {$nhl == 0} {
+		##Log header done - token $token
+		Log ^E$tk end of response headers - token $token
+		# We have now read all headers
+		# We ignore HTTP/1.1 100 Continue returns. RFC2616 sec 8.2.3
+		if {    ($state(http) == "")
+		     || ([regexp {^\S+\s(\d+)} $state(http) {} x] && $x == 100)
+		} {
+		    set state(state) "connecting"
+		    continue
+		    # This was a "return" in the pre-coroutine code.
+		} else {
+		}
+
+		# We have $state(http) so let's split it into its components.
+		if {[regexp {^HTTP/(\S+) ([0-9]{3}) (.*)$} $state(http) \
+			-> httpResponse responseCode reasonPhrase]
+		} {
+		    set state(httpResponse) $httpResponse
+		    set state(responseCode) $responseCode
+		    set state(reasonPhrase) $reasonPhrase
+		} else {
+		    set state(httpResponse) $state(http)
+		    set state(responseCode) $state(http)
+		    set state(reasonPhrase) $state(http)
+		}
+
+		if {    ([info exists state(connection)])
+		     && ([info exists socketMapping($state(socketinfo))])
+		     && ("keep-alive" in $state(connection))
+		     && ($state(-keepalive))
+		     && (!$state(reusing))
+		     && ($state(-pipeline))
+		} {
+		    # Response headers received for first request on a
+		    # persistent socket.  Now ready for pipelined writes (if
+		    # any).
+		    # Previous value is $token. It cannot be "pending".
+		    set socketWrState($state(socketinfo)) Wready
+		    http::NextPipelinedWrite $token
+		} else {
+		}
+
+		# Once a "close" has been signaled, the client MUST NOT send any
+		# more requests on that connection.
+		#
+		# If either the client or the server sends the "close" token in
+		# the Connection header, that request becomes the last one for
+		# the connection.
+
+		if {    ([info exists state(connection)])
+		     && ([info exists socketMapping($state(socketinfo))])
+		     && ("close" in $state(connection))
+		     && ($state(-keepalive))
+		} {
+		    # The server warns that it will close the socket after this
+		    # response.
+		    ##Log WARNING - socket will close after response for $token
+		    # Prepare data for a call to ReplayIfClose.
+		    Log $token socket will close after this transaction
+		    # 1. Cancel socket-assignment coro events that have not yet
+		    # launched, and add the tokens to the write queue.
+		    if {[info exists socketCoEvent($state(socketinfo))]} {
+			foreach {tok can} $socketCoEvent($state(socketinfo)) {
+			    lappend socketWrQueue($state(socketinfo)) $tok
+			    unset -nocomplain ${tok}(socketcoro)
+			    after cancel $can
+			    Log $tok Cancel socket after-idle event (Event)
+			    Log Move $tok from socketCoEvent to socketWrQueue and cancel its after idle coro
+			}
+			set socketCoEvent($state(socketinfo)) {}
+		    } else {
+		    }
+
+		    if {    ($socketRdQueue($state(socketinfo)) ne {})
+			 || ($socketWrQueue($state(socketinfo)) ne {})
+			 || ($socketWrState($state(socketinfo)) ni
+						[list Wready peNding $token])
+		    } {
+			set InFlightW $socketWrState($state(socketinfo))
+			if {$InFlightW in [list Wready peNding $token]} {
+			    set InFlightW Wready
+			} else {
+			    set msg "token ${InFlightW} is InFlightW"
+			    ##Log $msg - token $token
+			}
+			set socketPlayCmd($state(socketinfo)) \
+				[list ReplayIfClose $InFlightW \
+				$socketRdQueue($state(socketinfo)) \
+				$socketWrQueue($state(socketinfo))]
+
+			# - All tokens are preserved for re-use by ReplayCore.
+			# - Queues are preserved in case of Finish with error,
+			#   but are not used for anything else because
+			#   socketClosing(*) is set below.
+			# - Cancel the state(after) timeout events.
+			foreach tokenVal $socketRdQueue($state(socketinfo)) {
+			    if {[info exists ${tokenVal}(after)]} {
+				after cancel [set ${tokenVal}(after)]
+				unset ${tokenVal}(after)
+			    } else {
+			    }
+			    # Tokens in the read queue have no (socketcoro) to
+			    # cancel.
+			}
+		    } else {
+			set socketPlayCmd($state(socketinfo)) \
+				{ReplayIfClose Wready {} {}}
+		    }
+
+		    # Do not allow further connections on this socket (but
+		    # geturl can add new requests to the replay).
+		    set socketClosing($state(socketinfo)) 1
+		} else {
+		}
+
+		set state(state) body
+
+		# According to
+		# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection
+		# any comma-separated "Connection:" list implies keep-alive, but I
+		# don't see this in the RFC so we'll play safe and
+		# scan any list for "close".
+		# Done here to support combining duplicate header field's values.
+		if {   [info exists state(connection)]
+		    && ("close" ni $state(connection))
+		    && ("keep-alive" ni $state(connection))
+		} {
+		    lappend state(connection) "keep-alive"
+		} else {
+		}
+
+		# If doing a HEAD, then we won't get any body
+		if {$state(-validate)} {
+		    Log ^F$tk end of response for HEAD request - token $token
+		    set state(state) complete
+		    Eot $token
+		    return
+		} elseif {
+			($state(method) eq {CONNECT})
+		     && [string is integer -strict $state(responseCode)]
+		     && ($state(responseCode) >= 200)
+		     && ($state(responseCode) < 300)
+		} {
+		    # A successful CONNECT response has no body.
+		    # (An unsuccessful CONNECT has headers and body.)
+		    # The code below is abstracted from Eot/Finish, but
+		    # keeps the socket open.
+		    catch {fileevent $state(sock) readable {}}
+		    catch {fileevent $state(sock) writable {}}
+		    set state(state) complete
+		    set state(status) ok
+		    if {[info commands ${token}--EventCoroutine] ne {}} {
+			rename ${token}--EventCoroutine {}
+		    }
+		    if {[info commands ${token}--SocketCoroutine] ne {}} {
+			rename ${token}--SocketCoroutine {}
+		    }
+		    if {[info exists state(socketcoro)]} {
+		        Log $token Cancel socket after-idle event (Finish)
+		        after cancel $state(socketcoro)
+		        unset state(socketcoro)
+		    }
+		    if {[info exists state(after)]} {
+			after cancel $state(after)
+			unset state(after)
+		    }
+		    if {    [info exists state(-command)]
+			 && (![info exists state(done-command-cb)])
+		    } {
+			set state(done-command-cb) yes
+			if {[catch {namespace eval :: $state(-command) $token} err]} {
+			    set state(error) [list $err $errorInfo $errorCode]
+			    set state(status) error
+			}
+		    }
+		    return
+		} else {
+		}
+
+		# - For non-chunked transfer we may have no body - in this case
+		#   we may get no further file event if the connection doesn't
+		#   close and no more data is sent. We can tell and must finish
+		#   up now - not later - the alternative would be to wait until
+		#   the server times out.
+		# - In this case, the server has NOT told the client it will
+		#   close the connection, AND it has NOT indicated the resource
+		#   length EITHER by setting the Content-Length (totalsize) OR
+		#   by using chunked Transfer-Encoding.
+		# - Do not worry here about the case (Connection: close) because
+		#   the server should close the connection.
+		# - IF (NOT Connection: close) AND (NOT chunked encoding) AND
+		#      (totalsize == 0).
+
+		if {    (!(    [info exists state(connection)]
+			    && ("close" in $state(connection))
+			  )
+			)
+		     && ($state(transfer) eq {})
+		     && ($state(totalsize) == 0)
+		} {
+		    set msg {body size is 0 and no events likely - complete}
+		    Log "$msg - token $token"
+		    set msg {(length unknown, set to 0)}
+		    Log ^F$tk end of response body {*}$msg - token $token
+		    set state(state) complete
+		    Eot $token
+		    return
+		} else {
+		}
+
+		# We have to use binary translation to count bytes properly.
+		lassign [fconfigure $sock -translation] trRead trWrite
+		fconfigure $sock -translation [list binary $trWrite]
+
+		if {
+		    $state(-binary) || [IsBinaryContentType $state(type)]
+		} {
+		    # Turn off conversions for non-text data.
+		    set state(binary) 1
+		} else {
+		}
+		if {[info exists state(-channel)]} {
+		    if {$state(binary) || [llength [ContentEncoding $token]]} {
+			fconfigure $state(-channel) -translation binary
+		    } else {
+		    }
+		    if {![info exists state(-handler)]} {
+			# Initiate a sequence of background fcopies.
+			fileevent $sock readable {}
+			rename ${token}--EventCoroutine {}
+			CopyStart $sock $token
+			return
+		    } else {
+		    }
+		} else {
+		}
+	    } elseif {$nhl > 0} {
+		# Process header lines.
+		##Log header - token $token - $line
+		if {[regexp -nocase {^([^:]+):(.+)$} $line x key value]} {
+		    set key [string tolower $key]
+		    switch -- $key {
+			content-type {
+			    set state(type) [string trim [string tolower $value]]
+			    # Grab the optional charset information.
+			    if {[regexp -nocase \
+				    {charset\s*=\s*\"((?:[^""]|\\\")*)\"} \
+				    $state(type) -> cs]} {
+				set state(charset) [string map {{\"} \"} $cs]
+			    } else {
+				regexp -nocase {charset\s*=\s*(\S+?);?} \
+					$state(type) -> state(charset)
+			    }
+			}
+			content-length {
+			    set state(totalsize) [string trim $value]
+			}
+			content-encoding {
+			    set state(coding) [string trim $value]
+			}
+			transfer-encoding {
+			    set state(transfer) \
+				    [string trim [string tolower $value]]
+			}
+			proxy-connection -
+			connection {
+			    # RFC 7230 Section 6.1 states that a comma-separated
+			    # list is an acceptable value.
+			    if {![info exists state(connectionRespFlag)]} {
+				# This is the first "Connection" response header.
+				# Scrub the earlier value set by iniitialisation.
+				set state(connectionRespFlag) {}
+				set state(connection) {}
+			    }
+			    foreach el [SplitCommaSeparatedFieldValue $value] {
+				lappend state(connection) [string tolower $el]
+			    }
+			}
+			upgrade {
+			    set state(upgrade) [string trim $value]
+			}
+			set-cookie {
+			    if {$http(-cookiejar) ne ""} {
+				ParseCookie $token [string trim $value]
+			    } else {
+			    }
+			}
+		    }
+		    lappend state(meta) $key [string trim $value]
+		} else {
+		}
+	    } else {
+	    }
+	} else {
+	    # Now reading body
+	    ##Log body - token $token
+	    if {[catch {
+		if {[info exists state(-handler)]} {
+		    set n [namespace eval :: $state(-handler) [list $sock $token]]
+		    ##Log handler $n - token $token
+		    # N.B. the protocol has been set to 1.0 because the -handler
+		    # logic is not expected to handle chunked encoding.
+		    # FIXME Allow -handler with 1.1 on dechunked stacked chan.
+		    if {$state(totalsize) == 0} {
+			# We know the transfer is complete only when the server
+			# closes the connection - i.e. eof is not an error.
+			set state(state) complete
+		    } else {
+		    }
+		    if {![string is integer -strict $n]} {
+			if 1 {
+			    # Do not tolerate bad -handler - fail with error
+			    # status.
+			    set msg {the -handler command for http::geturl must\
+				    return an integer (the number of bytes\
+				    read)}
+			    Log ^X$tk end of response (handler error) -\
+				    token $token
+			    Eot $token $msg
+			} else {
+			    # Tolerate the bad -handler, and continue.  The
+			    # penalty:
+			    # (a) Because the handler returns nonsense, we know
+			    #     the transfer is complete only when the server
+			    #     closes the connection - i.e. eof is not an
+			    #     error.
+			    # (b) http::size will not be accurate.
+			    # (c) The transaction is already downgraded to 1.0
+			    #     to avoid chunked transfer encoding.  It MUST
+			    #     also be forced to "Connection: close" or the
+			    #     HTTP/1.0 equivalent; or it MUST fail (as
+			    #     above) if the server sends
+			    #     "Connection: keep-alive" or the HTTP/1.0
+			    #     equivalent.
+			    set n 0
+			    set state(state) complete
+			}
+		    } else {
+		    }
+		} elseif {[info exists state(transfer_final)]} {
+		    # This code forgives EOF in place of the final CRLF.
+		    set line [GetTextLine $sock]
+		    set n [string length $line]
+		    set state(state) complete
+		    if {$n > 0} {
+			# - HTTP trailers (late response headers) are permitted
+			#   by Chunked Transfer-Encoding, and can be safely
+			#   ignored.
+			# - Do not count these bytes in the total received for
+			#   the response body.
+			Log "trailer of $n bytes after final chunk -\
+				token $token"
+			append state(transfer_final) $line
+			set n 0
+		    } else {
+			Log ^F$tk end of response body (chunked) - token $token
+			Log "final chunk part - token $token"
+			Eot $token
+		    }
+		} elseif {    [info exists state(transfer)]
+			   && ($state(transfer) eq "chunked")
+		} {
+		    ##Log chunked - token $token
+		    set size 0
+		    set hexLenChunk [GetTextLine $sock]
+		    #set ntl [string length $hexLenChunk]
+		    if {[string trim $hexLenChunk] ne ""} {
+			scan $hexLenChunk %x size
+			if {$size != 0} {
+			    ##Log chunk-measure $size - token $token
+			    set chunk [BlockingRead $sock $size]
+			    set n [string length $chunk]
+			    if {$n >= 0} {
+				append state(body) $chunk
+				incr state(log_size) [string length $chunk]
+				##Log chunk $n cumul $state(log_size) -\
+					token $token
+			    } else {
+			    }
+			    if {$size != [string length $chunk]} {
+				Log "WARNING: mis-sized chunk:\
+				    was [string length $chunk], should be\
+				    $size - token $token"
+				set n 0
+				set state(connection) close
+				Log ^X$tk end of response (chunk error) \
+					- token $token
+				set msg {error in chunked encoding - fetch\
+					terminated}
+				Eot $token $msg
+			    } else {
+			    }
+			    # CRLF that follows chunk.
+			    # If eof, this is handled at the end of this proc.
+			    GetTextLine $sock
+			} else {
+			    set n 0
+			    set state(transfer_final) {}
+			}
+		    } else {
+			# Line expected to hold chunk length is empty, or eof.
+			##Log bad-chunk-measure - token $token
+			set n 0
+			set state(connection) close
+			Log ^X$tk end of response (chunk error) - token $token
+			Eot $token {error in chunked encoding -\
+				fetch terminated}
+		    }
+		} else {
+		    ##Log unchunked - token $token
+		    if {$state(totalsize) == 0} {
+			# We know the transfer is complete only when the server
+			# closes the connection.
+			set state(state) complete
+			set reqSize $state(-blocksize)
+		    } else {
+			# Ask for the whole of the unserved response-body.
+			# This works around a problem with a tls::socket - for
+			# https in keep-alive mode, and a request for
+			# $state(-blocksize) bytes, the last part of the
+			# resource does not get read until the server times out.
+			set reqSize [expr {  $state(totalsize)
+					   - $state(currentsize)}]
+
+			# The workaround fails if reqSize is
+			# capped at $state(-blocksize).
+			# set reqSize [expr {min($reqSize, $state(-blocksize))}]
+		    }
+		    set c $state(currentsize)
+		    set t $state(totalsize)
+		    ##Log non-chunk currentsize $c of totalsize $t -\
+			    token $token
+		    set block [read $sock $reqSize]
+		    set n [string length $block]
+		    if {$n >= 0} {
+			append state(body) $block
+			##Log non-chunk [string length $state(body)] -\
+				token $token
+		    } else {
+		    }
+		}
+		# This calculation uses n from the -handler, chunked, or
+		# unchunked case as appropriate.
+		if {[info exists state]} {
+		    if {$n >= 0} {
+			incr state(currentsize) $n
+			set c $state(currentsize)
+			set t $state(totalsize)
+			##Log another $n currentsize $c totalsize $t -\
+				token $token
+		    } else {
+		    }
+		    # If Content-Length - check for end of data.
+		    if {
+			   ($state(totalsize) > 0)
+			&& ($state(currentsize) >= $state(totalsize))
+		    } {
+			Log ^F$tk end of response body (unchunked) -\
+				token $token
+			set state(state) complete
+			Eot $token
+		    } else {
+		    }
+		} else {
+		}
+	    } err]} {
+		Log ^X$tk end of response (error ${err}) - token $token
+		Finish $token $err
+		return
+	    } else {
+		if {[info exists state(-progress)]} {
+		    namespace eval :: $state(-progress) \
+			[list $token $state(totalsize) $state(currentsize)]
+		} else {
+		}
+	    }
+	}
+
+	# catch as an Eot above may have closed the socket already
+	# $state(state) may be connecting, header, body, or complete
+	if {(![catch {eof $sock} eof]) && $eof} {
+	    # [eof sock] succeeded and the result was 1
+	    ##Log eof - token $token
+	    if {[info exists $token]} {
+		set state(connection) close
+		if {$state(state) eq "complete"} {
+		    # This includes all cases in which the transaction
+		    # can be completed by eof.
+		    # The value "complete" is set only in http::Event, and it is
+		    # used only in the test above.
+		    Log ^F$tk end of response body (unchunked, eof) -\
+			    token $token
+		    Eot $token
+		} else {
+		    # Premature eof.
+		    Log ^X$tk end of response (unexpected eof) - token $token
+		    Eot $token eof
+		}
+	    } else {
+		# open connection closed on a token that has been cleaned up.
+		Log ^X$tk end of response (token error) - token $token
+		CloseSocket $sock
+	    }
+	} else {
+	    # EITHER [eof sock] failed - presumed done by Eot
+	    # OR     [eof sock] succeeded and the result was 0
+	}
+    }
+    return
+}
+
+# http::TestForReplay
+#
+#	Command called if eof is discovered when a socket is first used for a
+#	new transaction.  Typically this occurs if a persistent socket is used
+#	after a period of idleness and the server has half-closed the socket.
+#
+# token  - the connection token returned by http::geturl
+# doing  - "read" or "write"
+# err    - error message, if any
+# caller - code to identify the caller - used only in logging
+#
+# Return Value: boolean, true iff the command calls http::ReplayIfDead.
+
+proc http::TestForReplay {token doing err caller} {
+    variable http
+    variable $token
+    upvar 0 $token state
+    set tk [namespace tail $token]
+    if {$doing eq "read"} {
+	set code Q
+	set action response
+	set ing reading
+    } else {
+	set code P
+	set action request
+	set ing writing
+    }
+
+    if {$err eq {}} {
+	set err "detect eof when $ing (server timed out?)"
+    }
+
+    if {$state(method) eq "POST" && !$http(-repost)} {
+	# No Replay.
+	# The present transaction will end when Finish is called.
+	# That call to Finish will abort any other transactions
+	# currently in the write queue.
+	# For calls from http::Event this occurs when execution
+	# reaches the code block at the end of that proc.
+	set msg {no retry for POST with http::config -repost 0}
+	Log reusing socket failed "($caller)" - $msg - token $token
+	Log error - $err - token $token
+	Log ^X$tk end of $action (error) - token $token
+	return 0
+    } else {
+	# Replay.
+	set msg {try a new socket}
+	Log reusing socket failed "($caller)" - $msg - token $token
+	Log error - $err - token $token
+	Log ^$code$tk Any unfinished (incl this one) failed - token $token
+	ReplayIfDead $token $doing
+	return 1
+    }
+}
+
+# http::IsBinaryContentType --
+#
+#	Determine if the content-type means that we should definitely transfer
+#	the data as binary. [Bug 838e99a76d]
+#
+# Arguments
+#	type	The content-type of the data.
+#
+# Results:
+#	Boolean, true if we definitely should be binary.
+
+proc http::IsBinaryContentType {type} {
+    lassign [split [string tolower $type] "/;"] major minor
+    if {$major eq "text"} {
+	return false
+    }
+    # There's a bunch of XML-as-application-format things about. See RFC 3023
+    # and so on.
+    if {$major eq "application"} {
+	set minor [string trimright $minor]
+	if {$minor in {"json" "xml" "xml-external-parsed-entity" "xml-dtd"}} {
+	    return false
+	}
+    }
+    # Not just application/foobar+xml but also image/svg+xml, so let us not
+    # restrict things for now...
+    if {[string match "*+xml" $minor]} {
+	return false
+    }
+    return true
+}
+
+proc http::ParseCookie {token value} {
+    variable http
+    variable CookieRE
+    variable $token
+    upvar 0 $token state
+
+    if {![regexp $CookieRE $value -> cookiename cookieval opts]} {
+	# Bad cookie! No biscuit!
+	return
+    }
+
+    # Convert the options into a list before feeding into the cookie store;
+    # ugly, but quite easy.
+    set realopts {hostonly 1 path / secure 0 httponly 0}
+    dict set realopts origin $state(host)
+    dict set realopts domain $state(host)
+    foreach option [split [regsub -all {;\s+} $opts \u0000] \u0000] {
+	regexp {^(.*?)(?:=(.*))?$} $option -> optname optval
+	switch -exact -- [string tolower $optname] {
+	    expires {
+		if {[catch {
+		    #Sun, 06 Nov 1994 08:49:37 GMT
+		    dict set realopts expires \
+			[clock scan $optval -format "%a, %d %b %Y %T %Z"]
+		}] && [catch {
+		    # Google does this one
+		    #Mon, 01-Jan-1990 00:00:00 GMT
+		    dict set realopts expires \
+			[clock scan $optval -format "%a, %d-%b-%Y %T %Z"]
+		}] && [catch {
+		    # This is in the RFC, but it is also in the original
+		    # Netscape cookie spec, now online at:
+		    # <URL:http://curl.haxx.se/rfc/cookie_spec.html>
+		    #Sunday, 06-Nov-94 08:49:37 GMT
+		    dict set realopts expires \
+			[clock scan $optval -format "%A, %d-%b-%y %T %Z"]
+		}]} {catch {
+		    #Sun Nov  6 08:49:37 1994
+		    dict set realopts expires \
+			[clock scan $optval -gmt 1 -format "%a %b %d %T %Y"]
+		}}
+	    }
+	    max-age {
+		# Normalize
+		if {[string is integer -strict $optval]} {
+		    dict set realopts expires [expr {[clock seconds] + $optval}]
+		}
+	    }
+	    domain {
+		# From the domain-matches definition [RFC 2109, section 2]:
+		#   Host A's name domain-matches host B's if [...]
+		#	A is a FQDN string and has the form NB, where N is a
+		#	non-empty name string, B has the form .B', and B' is a
+		#	FQDN string. (So, x.y.com domain-matches .y.com but
+		#	not y.com.)
+		if {$optval ne "" && ![string match *. $optval]} {
+		    dict set realopts domain [string trimleft $optval "."]
+		    dict set realopts hostonly [expr {
+			! [string match .* $optval]
+		    }]
+		}
+	    }
+	    path {
+		if {[string match /* $optval]} {
+		    dict set realopts path $optval
+		}
+	    }
+	    secure - httponly {
+		dict set realopts [string tolower $optname] 1
+	    }
+	}
+    }
+    dict set realopts key $cookiename
+    dict set realopts value $cookieval
+    {*}$http(-cookiejar) storeCookie $realopts
+}
+
+# http::GetTextLine --
+#
+#	Get one line with the stream in crlf mode.
+#	Used if Transfer-Encoding is chunked, to read the line that
+#	reports the size of the following chunk.
+#	Empty line is not distinguished from eof.  The caller must
+#	be able to handle this.
+#
+# Arguments
+#	sock	The socket receiving input.
+#
+# Results:
+#	The line of text, without trailing newline
+
+proc http::GetTextLine {sock} {
+    set tr [fconfigure $sock -translation]
+    lassign $tr trRead trWrite
+    fconfigure $sock -translation [list crlf $trWrite]
+    set r [BlockingGets $sock]
+    fconfigure $sock -translation $tr
+    return $r
+}
+
+# http::BlockingRead
+#
+#	Replacement for a blocking read.
+#	The caller must be a coroutine.
+#	Used when we expect to read a chunked-encoding
+#	chunk of known size.
+
+proc http::BlockingRead {sock size} {
+    if {$size < 1} {
+	return
+    }
+    set result {}
+    while 1 {
+	set need [expr {$size - [string length $result]}]
+	set block [read $sock $need]
+	set eof [expr {[catch {eof $sock} tmp] || $tmp}]
+	append result $block
+	if {[string length $result] >= $size || $eof} {
+	    return $result
+	} else {
+	    yield
+	}
+    }
+}
+
+# http::BlockingGets
+#
+#	Replacement for a blocking gets.
+#	The caller must be a coroutine.
+#	Empty line is not distinguished from eof.  The caller must
+#	be able to handle this.
+
+proc http::BlockingGets {sock} {
+    while 1 {
+	set count [gets $sock line]
+	set eof [expr {[catch {eof $sock} tmp] || $tmp}]
+	if {$count >= 0 || $eof} {
+	    return $line
+	} else {
+	    yield
+	}
+    }
+}
+
+# http::CopyStart
+#
+#	Error handling wrapper around fcopy
+#
+# Arguments
+#	sock	The socket to copy from
+#	token	The token returned from http::geturl
+#
+# Side Effects
+#	This closes the connection upon error
+
+proc http::CopyStart {sock token {initial 1}} {
+    upvar 0 $token state
+    if {[info exists state(transfer)] && $state(transfer) eq "chunked"} {
+	foreach coding [ContentEncoding $token] {
+	    if {$coding eq {deflateX}} {
+		# Use the standards-compliant choice.
+		set coding2 decompress
+	    } else {
+		set coding2 $coding
+	    }
+	    lappend state(zlib) [zlib stream $coding2]
+	}
+	MakeTransformationChunked $sock [namespace code [list CopyChunk $token]]
+    } else {
+	if {$initial} {
+	    foreach coding [ContentEncoding $token] {
+		if {$coding eq {deflateX}} {
+		    # Use the standards-compliant choice.
+		    set coding2 decompress
+		} else {
+		    set coding2 $coding
+		}
+		zlib push $coding2 $sock
+	    }
+	}
+	if {[catch {
+	    # FIXME Keep-Alive on https tls::socket with unchunked transfer
+	    # hangs until the server times out. A workaround is possible, as for
+	    # the case without -channel, but it does not use the neat "fcopy"
+	    # solution.
+	    fcopy $sock $state(-channel) -size $state(-blocksize) -command \
+		[list http::CopyDone $token]
+	} err]} {
+	    Finish $token $err
+	}
+    }
+    return
+}
+
+proc http::CopyChunk {token chunk} {
+    upvar 0 $token state
+    if {[set count [string length $chunk]]} {
+	incr state(currentsize) $count
+	if {[info exists state(zlib)]} {
+	    foreach stream $state(zlib) {
+		set chunk [$stream add $chunk]
+	    }
+	}
+	puts -nonewline $state(-channel) $chunk
+	if {[info exists state(-progress)]} {
+	    namespace eval :: [linsert $state(-progress) end \
+		      $token $state(totalsize) $state(currentsize)]
+	}
+    } else {
+	Log "CopyChunk Finish - token $token"
+	if {[info exists state(zlib)]} {
+	    set excess ""
+	    foreach stream $state(zlib) {
+		catch {
+		    $stream put -finalize $excess
+		    set excess ""
+		    set overflood ""
+		    while {[set overflood [$stream get]] ne ""} { append excess $overflood }
+		}
+	    }
+	    puts -nonewline $state(-channel) $excess
+	    foreach stream $state(zlib) { $stream close }
+	    unset state(zlib)
+	}
+	Eot $token ;# FIX ME: pipelining.
+    }
+    return
+}
+
+# http::CopyDone
+#
+#	fcopy completion callback
+#
+# Arguments
+#	token	The token returned from http::geturl
+#	count	The amount transferred
+#
+# Side Effects
+#	Invokes callbacks
+
+proc http::CopyDone {token count {error {}}} {
+    variable $token
+    upvar 0 $token state
+    set sock $state(sock)
+    incr state(currentsize) $count
+    if {[info exists state(-progress)]} {
+	namespace eval :: $state(-progress) \
+	    [list $token $state(totalsize) $state(currentsize)]
+    }
+    # At this point the token may have been reset.
+    if {[string length $error]} {
+	Finish $token $error
+    } elseif {[catch {eof $sock} iseof] || $iseof} {
+	Eot $token
+    } else {
+	CopyStart $sock $token 0
+    }
+    return
+}
+
+# http::Eot
+#
+#	Called when either:
+#	a. An eof condition is detected on the socket.
+#	b. The client decides that the response is complete.
+#	c. The client detects an inconsistency and aborts the transaction.
+#
+#	Does:
+#	1. Set state(status)
+#	2. Reverse any Content-Encoding
+#	3. Convert charset encoding and line ends if necessary
+#	4. Call http::Finish
+#
+# Arguments
+#	token	The token returned from http::geturl
+#	force	(previously) optional, has no effect
+#	reason	- "eof" means premature EOF (not EOF as the natural end of
+#		  the response)
+#		- "" means completion of response, with or without EOF
+#		- anything else describes an error condition other than
+#		  premature EOF.
+#
+# Side Effects
+#	Clean up the socket
+
+proc http::Eot {token {reason {}}} {
+    variable $token
+    upvar 0 $token state
+    if {$reason eq "eof"} {
+	# Premature eof.
+	set state(status) eof
+	set reason {}
+    } elseif {$reason ne ""} {
+	# Abort the transaction.
+	set state(status) $reason
+    } else {
+	# The response is complete.
+	set state(status) ok
+    }
+
+    if {[string length $state(body)] > 0} {
+	if {[catch {
+	    foreach coding [ContentEncoding $token] {
+		if {$coding eq {deflateX}} {
+		    # First try the standards-compliant choice.
+		    set coding2 decompress
+		    if {[catch {zlib $coding2 $state(body)} result]} {
+			# If that fails, try the MS non-compliant choice.
+			set coding2 inflate
+			set state(body) [zlib $coding2 $state(body)]
+		    } else {
+			# error {failed at standards-compliant deflate}
+			set state(body) $result
+		    }
+		} else {
+		    set state(body) [zlib $coding $state(body)]
+		}
+	    }
+	} err]} {
+	    Log "error doing decompression for token $token: $err"
+	    Finish $token $err
+	    return
+	}
+
+	if {!$state(binary)} {
+	    # If we are getting text, set the incoming channel's encoding
+	    # correctly.  iso8859-1 is the RFC default, but this could be any
+	    # IANA charset.  However, we only know how to convert what we have
+	    # encodings for.
+
+	    set enc [CharsetToEncoding $state(charset)]
+	    if {$enc ne "binary"} {
+		if {[package vsatisfies [package provide Tcl] 9.0-]} {
+		    set state(body) [encoding convertfrom -profile tcl8 $enc $state(body)]
+		} else {
+		    set state(body) [encoding convertfrom $enc $state(body)]
+		}
+	    }
+
+	    # Translate text line endings.
+	    set state(body) [string map {\r\n \n \r \n} $state(body)]
+	}
+	if {[info exists state(-guesstype)] && $state(-guesstype)} {
+	    GuessType $token
+	}
+    }
+    Finish $token $reason
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::GuessType
+# ------------------------------------------------------------------------------
+# Command to attempt limited analysis of a resource with undetermined
+# Content-Type, i.e. "application/octet-stream".  This value can be set for two
+# reasons:
+# (a) by the server, in a Content-Type header
+# (b) by http::geturl, as the default value if the server does not supply a
+#     Content-Type header.
+#
+# This command converts a resource if:
+# (1) it has type application/octet-stream
+# (2) it begins with an XML declaration "<?xml name="value" ... >?"
+# (3) one tag is named "encoding" and has a recognised value; or no "encoding"
+#     tag exists (defaulting to utf-8)
+#
+# RFC 9110 Sec. 8.3 states:
+# "If a Content-Type header field is not present, the recipient MAY either
+# assume a media type of "application/octet-stream" ([RFC2046], Section 4.5.1)
+# or examine the data to determine its type."
+#
+# The RFC goes on to describe the pitfalls of "MIME sniffing", including
+# possible security risks.
+#
+# Arguments:
+# token       - connection token
+#
+# Return Value: (boolean) true iff a change has been made
+# ------------------------------------------------------------------------------
+
+proc http::GuessType {token} {
+    variable $token
+    upvar 0 $token state
+
+    if {$state(type) ne {application/octet-stream}} {
+        return 0
+    }
+
+    set body $state(body)
+    # e.g. {<?xml version="1.0" encoding="utf-8"?> ...}
+
+    if {![regexp -nocase -- {^<[?]xml[[:space:]][^>?]*[?]>} $body match]} {
+        return 0
+    }
+    # e.g. {<?xml version="1.0" encoding="utf-8"?>}
+
+    set contents [regsub -- {[[:space:]]+} $match { }]
+    set contents [string range [string tolower $contents] 6 end-2]
+    # e.g. {version="1.0" encoding="utf-8"}
+    # without excess whitespace or upper-case letters
+
+    if {![regexp -- {^([^=" ]+="[^"]+" )+$} "$contents "]} {
+        return 0
+    }
+    # The application/xml default encoding:
+    set res utf-8
+
+    set tagList [regexp -all -inline -- {[^=" ]+="[^"]+"} $contents]
+    foreach tag $tagList {
+        regexp -- {([^=" ]+)="([^"]+)"} $tag -> name value
+        if {$name eq {encoding}} {
+            set res $value
+        }
+    }
+    set enc [CharsetToEncoding $res]
+    if {$enc eq "binary"} {
+        return 0
+    }
+    if {[package vsatisfies [package provide Tcl] 9.0-]} {
+	set state(body) [encoding convertfrom -profile tcl8 $enc $state(body)]
+    } else {
+	set state(body) [encoding convertfrom $enc $state(body)]
+    }
+    set state(body) [string map {\r\n \n \r \n} $state(body)]
+    set state(type) application/xml
+    set state(binary) 0
+    set state(charset) $res
+    return 1
+}
+
+
+# http::wait --
+#
+#	See documentation for details.
+#
+# Arguments:
+#	token	Connection token.
+#
+# Results:
+#	The status after the wait.
+
+proc http::wait {token} {
+    variable $token
+    upvar 0 $token state
+
+    if {![info exists state(status)] || $state(status) eq ""} {
+	# We must wait on the original variable name, not the upvar alias
+	vwait ${token}(status)
+    }
+
+    return [status $token]
+}
+
+# http::formatQuery --
+#
+#	See documentation for details.  Call http::formatQuery with an even
+#	number of arguments, where the first is a name, the second is a value,
+#	the third is another name, and so on.
+#
+# Arguments:
+#	args	A list of name-value pairs.
+#
+# Results:
+#	TODO
+
+proc http::formatQuery {args} {
+    if {[llength $args] % 2} {
+        return \
+            -code error \
+            -errorcode [list HTTP BADARGCNT $args] \
+            {Incorrect number of arguments, must be an even number.}
+    }
+    set result ""
+    set sep ""
+    foreach i $args {
+	append result $sep [quoteString $i]
+	if {$sep eq "="} {
+	    set sep &
+	} else {
+	    set sep =
+	}
+    }
+    return $result
+}
+
+# http::quoteString --
+#
+#	Do x-www-urlencoded character mapping
+#
+# Arguments:
+#	string	The string the needs to be encoded
+#
+# Results:
+#       The encoded string
+
+proc http::quoteString {string} {
+    variable http
+    variable formMap
+
+    # The spec says: "non-alphanumeric characters are replaced by '%HH'". Use
+    # a pre-computed map and [string map] to do the conversion (much faster
+    # than [regsub]/[subst]). [Bug 1020491]
+
+    if {[package vsatisfies [package provide Tcl] 9.0-]} {
+	set string [encoding convertto -profile tcl8 $http(-urlencoding) $string]
+    } else {
+	set string [encoding convertto $http(-urlencoding) $string]
+    }
+    return [string map $formMap $string]
+}
+
+# http::ProxyRequired --
+#	Default proxy filter.
+#
+# Arguments:
+#	host	The destination host
+#
+# Results:
+#       The current proxy settings
+
+proc http::ProxyRequired {host} {
+    variable http
+    if {(![info exists http(-proxyhost)]) || ($http(-proxyhost) eq {})} {
+        return
+    }
+    if {![info exists http(-proxyport)] || ($http(-proxyport) eq {})} {
+	set port 8080
+    } else {
+	set port $http(-proxyport)
+    }
+
+    # Simple test (cf. autoproxy) for hosts that must be accessed directly,
+    # not through the proxy server.
+    foreach domain $http(-proxynot) {
+        if {[string match -nocase $domain $host]} {
+            return {}
+        }
+    }
+    return [list $http(-proxyhost) $port]
+}
+
+# http::CharsetToEncoding --
+#
+#	Tries to map a given IANA charset to a tcl encoding.  If no encoding
+#	can be found, returns binary.
+#
+
+proc http::CharsetToEncoding {charset} {
+    variable encodings
+
+    set charset [string tolower $charset]
+    if {[regexp {iso-?8859-([0-9]+)} $charset -> num]} {
+	set encoding "iso8859-$num"
+    } elseif {[regexp {iso-?2022-(jp|kr)} $charset -> ext]} {
+	set encoding "iso2022-$ext"
+    } elseif {[regexp {shift[-_]?jis} $charset]} {
+	set encoding "shiftjis"
+    } elseif {[regexp {(?:windows|cp)-?([0-9]+)} $charset -> num]} {
+	set encoding "cp$num"
+    } elseif {$charset eq "us-ascii"} {
+	set encoding "ascii"
+    } elseif {[regexp {(?:iso-?)?lat(?:in)?-?([0-9]+)} $charset -> num]} {
+	switch -- $num {
+	    5 {set encoding "iso8859-9"}
+	    1 - 2 - 3 {
+		set encoding "iso8859-$num"
+	    }
+	    default {
+		set encoding "binary"
+	    }
+	}
+    } else {
+	# other charset, like euc-xx, utf-8,...  may directly map to encoding
+	set encoding $charset
+    }
+    set idx [lsearch -exact $encodings $encoding]
+    if {$idx >= 0} {
+	return $encoding
+    } else {
+	return "binary"
+    }
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::ContentEncoding
+# ------------------------------------------------------------------------------
+# Return the list of content-encoding transformations we need to do in order.
+#
+    # --------------------------------------------------------------------------
+    # Options for Accept-Encoding, Content-Encoding: the switch command
+    # --------------------------------------------------------------------------
+    # The symbol deflateX allows http to attempt both versions of "deflate",
+    # unless there is a -channel - for a -channel, only "decompress" is tried.
+    # Alternative/extra lines for switch:
+    # The standards-compliant version of "deflate" can be chosen with:
+    #		deflate { lappend r decompress }
+    # The Microsoft non-compliant version of "deflate" can be chosen with:
+    #		deflate { lappend r inflate }
+    # The previously used implementation of "compress", which appears to be
+    # incorrect and is rarely used by web servers, can be chosen with:
+    #		compress - x-compress { lappend r decompress }
+    # --------------------------------------------------------------------------
+#
+# Arguments:
+# token  - Connection token.
+#
+# Return Value: list
+# ------------------------------------------------------------------------------
+
+proc http::ContentEncoding {token} {
+    upvar 0 $token state
+    set r {}
+    if {[info exists state(coding)]} {
+	foreach coding [split $state(coding) ,] {
+	    switch -exact -- $coding {
+		deflate { lappend r deflateX }
+		gzip - x-gzip { lappend r gunzip }
+		identity {}
+		br {
+		    return -code error\
+			    "content-encoding \"br\" not implemented"
+		}
+		default {
+		    Log "unknown content-encoding \"$coding\" ignored"
+		}
+	    }
+	}
+    }
+    return $r
+}
+
+proc http::ReceiveChunked {chan command} {
+    set data ""
+    set size -1
+    yield
+    while {1} {
+	chan configure $chan -translation {crlf binary}
+	while {[gets $chan line] < 1} { yield }
+	chan configure $chan -translation {binary binary}
+	if {[scan $line %x size] != 1} {
+	    return -code error "invalid size: \"$line\""
+	}
+	set chunk ""
+	while {$size && ![chan eof $chan]} {
+	    set part [chan read $chan $size]
+	    incr size -[string length $part]
+	    append chunk $part
+	}
+	if {[catch {
+	    uplevel #0 [linsert $command end $chunk]
+	}]} {
+	    http::Log "Error in callback: $::errorInfo"
+	}
+	if {[string length $chunk] == 0} {
+	    # channel might have been closed in the callback
+	    catch {chan event $chan readable {}}
+	    return
+	}
+    }
+}
+
+# http::SplitCommaSeparatedFieldValue --
+# 	Return the individual values of a comma-separated field value.
+#
+# Arguments:
+#	fieldValue	Comma-separated header field value.
+#
+# Results:
+#       List of values.
+proc http::SplitCommaSeparatedFieldValue {fieldValue} {
+    set r {}
+    foreach el [split $fieldValue ,] {
+	lappend r [string trim $el]
+    }
+    return $r
+}
+
+
+# http::GetFieldValue --
+# 	Return the value of a header field.
+#
+# Arguments:
+#	headers	Headers key-value list
+#	fieldName	Name of header field whose value to return.
+#
+# Results:
+#       The value of the fieldName header field
+#
+# Field names are matched case-insensitively (RFC 7230 Section 3.2).
+#
+# If the field is present multiple times, it is assumed that the field is
+# defined as a comma-separated list and the values are combined (by separating
+# them with commas, see RFC 7230 Section 3.2.2) and returned at once.
+proc http::GetFieldValue {headers fieldName} {
+    set r {}
+    foreach {field value} $headers {
+	if {[string equal -nocase $fieldName $field]} {
+	    if {$r eq {}} {
+		set r $value
+	    } else {
+		append r ", $value"
+	    }
+	}
+    }
+    return $r
+}
+
+proc http::MakeTransformationChunked {chan command} {
+    coroutine [namespace current]::dechunk$chan ::http::ReceiveChunked $chan $command
+    chan event $chan readable [namespace current]::dechunk$chan
+    return
+}
+
+interp alias {} http::data {} http::responseBody
+interp alias {} http::code {} http::responseLine
+interp alias {} http::mapReply {} http::quoteString
+interp alias {} http::meta {} http::responseHeaders
+interp alias {} http::metaValue {} http::responseHeaderValue
+interp alias {} http::ncode {} http::responseCode
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::socketForTls
+# ------------------------------------------------------------------------------
+# Command to use in place of ::socket as the value of ::tls::socketCmd.
+# This command does the same as http::socket, and also handles https connections
+# through a proxy server.
+#
+# Notes.
+# - The proxy server works differently for https and http.  This implementation
+#   is for https.  The proxy for http is implemented in http::CreateToken (in
+#   code that was previously part of http::geturl).
+# - This code implicitly uses the tls options set for https in a call to
+#   http::register, and does not need to call commands tls::*.  This simple
+#   implementation is possible because tls uses a callback to ::socket that can
+#   be redirected by changing the value of ::tls::socketCmd.
+#
+# Arguments:
+# args        - as for ::socket
+#
+# Return Value: a socket identifier
+# ------------------------------------------------------------------------------
+
+proc http::socketForTls {args} {
+    variable http
+    set host [lindex $args end-1]
+    set port [lindex $args end]
+    if {    ($http(-proxyfilter) ne {})
+         && (![catch {$http(-proxyfilter) $host} proxy])
+    } {
+        set phost [lindex $proxy 0]
+        set pport [lindex $proxy 1]
+    } else {
+        set phost {}
+        set pport {}
+    }
+    if {$phost eq ""} {
+        set sock [::http::socket {*}$args]
+    } else {
+        set sock [::http::SecureProxyConnect {*}$args $phost $pport]
+    }
+    return $sock
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::SecureProxyConnect
+# ------------------------------------------------------------------------------
+# Command to open a socket through a proxy server to a remote server for use by
+# tls. The caller must perform the tls handshake.
+#
+# Notes
+# - Based on patch supplied by Melissa Chawla in ticket 1173760, and
+#   Proxy-Authorization header cf. autoproxy by Pat Thoyts.
+# - Rewritten as a call to http::geturl, because response headers and body are
+#   needed if the CONNECT request fails.  CONNECT is implemented for this case
+#   only, by state(bypass).
+# - FUTURE WORK: give http::geturl a -connect option for a general CONNECT.
+# - The request header Proxy-Connection is discouraged in RFC 7230 (June 2014),
+#   RFC 9112 (June 2022).
+#
+# Arguments:
+# args        - as for ::socket, ending in host, port; with proxy host, proxy
+#               port appended.
+#
+# Return Value: a socket identifier
+# ------------------------------------------------------------------------------
+
+proc http::SecureProxyConnect {args} {
+    variable http
+    variable ConnectVar
+    variable ConnectCounter
+    variable failedProxyValues
+    set varName ::http::ConnectVar([incr ConnectCounter])
+
+    # Extract (non-proxy) target from args.
+    set host [lindex $args end-3]
+    set port [lindex $args end-2]
+    set args [lreplace $args end-3 end-2]
+
+    # Proxy server URL for connection.
+    # This determines where the socket is opened.
+    set phost [lindex $args end-1]
+    set pport [lindex $args end]
+    if {[string first : $phost] != -1} {
+        # IPv6 address, wrap it in [] so we can append :pport
+        set phost "\[${phost}\]"
+    }
+    set url http://${phost}:${pport}
+    # Elements of args other than host and port are not used when
+    # AsyncTransaction opens a socket.  Those elements are -async and the
+    # -type $tokenName for the https transaction.  Option -async is used by
+    # AsyncTransaction anyway, and -type $tokenName should not be propagated:
+    # the proxy request adds its own -type value.
+
+    set targ [lsearch -exact $args -type]
+    if {$targ != -1} {
+        # Record in the token that this is a proxy call.
+        set token [lindex $args $targ+1]
+        upvar 0 ${token} state
+        set tim $state(-timeout)
+        set state(proxyUsed) SecureProxyFailed
+        # This value is overwritten with "SecureProxy" below if the CONNECT is
+        # successful.  If it is unsuccessful, the socket will be closed
+        # below, and so in this unsuccessful case there are no other transactions
+        # whose (proxyUsed) must be updated.
+    } else {
+        set tim 0
+    }
+    if {$tim == 0} {
+        # Do not use infinite timeout for the proxy.
+        set tim 30000
+    }
+
+    # Prepare and send a CONNECT request to the proxy, using
+    # code similar to http::geturl.
+    set requestHeaders [list Host $host]
+    lappend requestHeaders Connection keep-alive
+    if {$http(-proxyauth) != {}} {
+        lappend requestHeaders Proxy-Authorization $http(-proxyauth)
+    }
+
+    set token2 [CreateToken $url -keepalive 0 -timeout $tim \
+            -headers $requestHeaders -command [list http::AllDone $varName]]
+    variable $token2
+    upvar 0 $token2 state2
+
+    # Kludges:
+    # Setting this variable overrides the HTTP request line and also allows
+    # -headers to override the Connection: header set by -keepalive.
+    # The arguments "-keepalive 0" ensure that when Finish is called for an
+    # unsuccessful request, the socket is always closed.
+    set state2(bypass) "CONNECT $host:$port HTTP/1.1"
+
+    AsyncTransaction $token2
+
+    if {[info coroutine] ne {}} {
+        # All callers in the http package are coroutines launched by
+        # the event loop.
+        # The cwait command requires a coroutine because it yields
+        # to the caller; $varName is traced and the coroutine resumes
+        # when the variable is written.
+        cwait $varName
+    } else {
+        return -code error {code must run in a coroutine}
+        # For testing with a non-coroutine caller outside the http package.
+        # vwait $varName
+    }
+    unset $varName
+
+    if {    ($state2(state) ne "complete")
+         || ($state2(status) ne "ok")
+         || (![string is integer -strict $state2(responseCode)])
+    } {
+        set msg {the HTTP request to the proxy server did not return a valid\
+                and complete response}
+        if {[info exists state2(error)]} {
+            append msg ": " [lindex $state2(error) 0]
+        }
+        cleanup $token2
+        return -code error $msg
+    }
+
+    set code $state2(responseCode)
+
+    if {($code >= 200) && ($code < 300)} {
+        # All OK.  The caller in package tls will now call "tls::import $sock".
+        # The cleanup command does not close $sock.
+        # Other tidying was done in http::Event.
+
+        # If this is a persistent socket, any other transactions that are
+        # already marked to use the socket will have their (proxyUsed) updated
+        # when http::OpenSocket calls http::ConfigureNewSocket.
+        set state(proxyUsed) SecureProxy
+        set sock $state2(sock)
+        cleanup $token2
+        return $sock
+    }
+
+    if {$targ != -1} {
+        # Non-OK HTTP status code; token is known because option -type
+        # (cf. targ) was passed through tcltls, and so the useful
+        # parts of the proxy's response can be copied to state(*).
+        # Do not copy state2(sock).
+        # Return the proxy response to the caller of geturl.
+        foreach name $failedProxyValues {
+            if {[info exists state2($name)]} {
+                set state($name) $state2($name)
+            }
+        }
+        set state(connection) close
+        set msg "proxy connect failed: $code"
+	# - This error message will be detected by http::OpenSocket and will
+	#   cause it to present the proxy's HTTP response as that of the
+	#   original $token transaction, identified only by state(proxyUsed)
+	#   as the response of the proxy.
+	# - The cases where this would mislead the caller of http::geturl are
+	#   given a different value of msg (below) so that http::OpenSocket will
+	#   treat them as errors, but will preserve the $token array for
+	#   inspection by the caller.
+	# - Status code 305 (Proxy Required) was deprecated for security reasons
+	#   in RFC 2616 (June 1999) and in any case should never be served by a
+	#   proxy.
+	# - Other 3xx responses from the proxy are inappropriate, and should not
+	#   occur.
+	# - A 401 response from the proxy is inappropriate, and should not
+	#   occur.  It would be confusing if returned to the caller.
+
+	if {($code >= 300) && ($code < 400)} {
+	    set msg "the proxy server responded to the HTTP request with an\
+		    inappropriate $code redirect"
+	    set loc [responseHeaderValue $token2 location]
+	    if {$loc ne {}} {
+		append msg "to " $loc
+	    }
+	} elseif {($code == 401)} {
+	    set msg "the proxy server responded to the HTTP request with an\
+		    inappropriate 401 request for target-host credentials"
+	} else {
+	}
+    } else {
+	set msg "connection to proxy failed with status code $code"
+    }
+
+    # - ${token2}(sock) has already been closed because -keepalive 0.
+    # - Error return does not pass the socket ID to the
+    #   $token transaction, which retains its socket placeholder.
+    cleanup $token2
+    return -code error $msg
+}
+
+proc http::AllDone {varName args} {
+    set $varName done
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::socket
+# ------------------------------------------------------------------------------
+# This command is a drop-in replacement for ::socket.
+# Arguments and return value as for ::socket.
+#
+# Notes.
+# - http::socket is specified in place of ::socket by the definition of urlTypes
+#   in the namespace header of this file (http.tcl).
+# - The command makes a simple call to ::socket unless the user has called
+#   http::config to change the value of -threadlevel from the default value 0.
+# - For -threadlevel 1 or 2, if the Thread package is available, the command
+#   waits in the event loop while the socket is opened in another thread.  This
+#   is a workaround for bug [824251] - it prevents http::geturl from blocking
+#   the event loop if the DNS lookup or server connection is slow.
+# - FIXME Use a thread pool if connections are very frequent.
+# - FIXME The peer thread can transfer the socket only to the main interpreter
+#   in the present thread.  Therefore this code works only if this script runs
+#   in the main interpreter.  In a child interpreter, the parent must alias a
+#   command to ::http::socket in the child, run http::socket in the parent,
+#   and then transfer the socket to the child.
+# - The http::socket command is simple, and can easily be replaced with an
+#   alternative command that uses a different technique to open a socket while
+#   entering the event loop.
+# - Unexpected behaviour by thread::send -async (Thread 2.8.6).
+#   An error in thread::send -async causes return of just the error message
+#   (not the expected 3 elements), and raises a bgerror in the main thread.
+#   Hence wrap the command with catch as a precaution.
+# ------------------------------------------------------------------------------
+
+proc http::socket {args} {
+    variable ThreadVar
+    variable ThreadCounter
+    variable http
+
+    LoadThreadIfNeeded
+
+    set targ [lsearch -exact $args -type]
+    if {$targ != -1} {
+        set token [lindex $args $targ+1]
+        set args [lreplace $args $targ $targ+1]
+        upvar 0 $token state
+    }
+
+    if {!$http(usingThread)} {
+        # Use plain "::socket".  This is the default.
+        return [eval ::socket $args]
+    }
+
+    set defcmd ::socket
+    set sockargs $args
+    set script "
+        set code \[catch {
+            [list proc ::SockInThread {caller defcmd sockargs} [info body ::http::SockInThread]]
+            [list ::SockInThread [thread::id] $defcmd $sockargs]
+        } result opts\]
+        list \$code \$opts \$result
+    "
+
+    set state(tid) [thread::create]
+    set varName ::http::ThreadVar([incr ThreadCounter])
+    thread::send -async $state(tid) $script $varName
+    Log >T Thread Start Wait $args -- coro [info coroutine] $varName
+    if {[info coroutine] ne {}} {
+        # All callers in the http package are coroutines launched by
+        # the event loop.
+        # The cwait command requires a coroutine because it yields
+        # to the caller; $varName is traced and the coroutine resumes
+        # when the variable is written.
+        cwait $varName
+    } else {
+        return -code error {code must run in a coroutine}
+        # For testing with a non-coroutine caller outside the http package.
+        # vwait $varName
+    }
+    Log >U Thread End Wait $args -- coro [info coroutine] $varName [set $varName]
+    thread::release $state(tid)
+    set state(tid) {}
+    set result [set $varName]
+    unset $varName
+    if {(![string is list $result]) || ([llength $result] != 3)} {
+        return -code error "result from peer thread is not a list of\
+                length 3: it is \n$result"
+    }
+    lassign $result threadCode threadDict threadResult
+    if {($threadCode != 0)} {
+        # This is an error in thread::send.  Return the lot.
+        return -options $threadDict -code error $threadResult
+    }
+
+    # Now the results of the catch in the peer thread.
+    lassign $threadResult catchCode errdict sock
+
+    if {($catchCode == 0) && ($sock ni [chan names])} {
+        return -code error {Transfer of socket from peer thread failed.\
+		Check that this script is not running in a child interpreter.}
+    }
+    return -options $errdict -code $catchCode $sock
+}
+
+# The commands below are dependencies of http::socket and
+# http::SecureProxyConnect and are not used elsewhere.
+
+# ------------------------------------------------------------------------------
+#  Proc http::LoadThreadIfNeeded
+# ------------------------------------------------------------------------------
+# Command to load the Thread package if it is needed.  If it is needed and not
+# loadable, the outcome depends on $http(-threadlevel):
+# value 0 => Thread package not required, no problem
+# value 1 => operate as if -threadlevel 0
+# value 2 => error return
+#
+# Arguments: none
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+proc http::LoadThreadIfNeeded {} {
+    variable http
+    if {$http(usingThread) || ($http(-threadlevel) == 0)} {
+        return
+    }
+    if {[catch {package require Thread}]} {
+        if {$http(-threadlevel) == 2} {
+            set msg {[http::config -threadlevel] has value 2,\
+                     but the Thread package is not available}
+            return -code error $msg
+        }
+        return
+    }
+    set http(usingThread) 1
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::SockInThread
+# ------------------------------------------------------------------------------
+# Command http::socket is a ::socket replacement.  It defines and runs this
+# command, http::SockInThread, in a peer thread.
+#
+# Arguments:
+# caller
+# defcmd
+# sockargs
+#
+# Return value: list of values that describe the outcome.  The return is
+# intended to be a normal (non-error) return in all cases.
+# ------------------------------------------------------------------------------
+
+proc http::SockInThread {caller defcmd sockargs} {
+    package require Thread
+
+    set catchCode [catch {eval $defcmd $sockargs} sock errdict]
+    if {$catchCode == 0} {
+        set catchCode [catch {thread::transfer $caller $sock; set sock} sock errdict]
+    }
+    return [list $catchCode $errdict $sock]
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::cwaiter::cwait
+# ------------------------------------------------------------------------------
+# Command to substitute for vwait, without the ordering issues.
+# A command that uses cwait must be a coroutine that is launched by an event,
+# e.g. fileevent or after idle, and has no calling code to be resumed upon
+# "yield".  It cannot return a value.
+#
+# Arguments:
+# varName      - fully-qualified name of the variable that the calling script
+#                will write to resume the coroutine.  Any scalar variable or
+#                array element is permitted.
+# coroName     - (optional) name of the coroutine to be called when varName is
+#                written - defaults to this coroutine
+# timeout      - (optional) timeout value in ms
+# timeoutValue - (optional) value to assign to varName if there is a timeout
+#
+# Return Value: none
+# ------------------------------------------------------------------------------
+
+namespace eval http::cwaiter {
+    namespace export cwait
+    variable log   {}
+    variable logOn 0
+}
+
+proc http::cwaiter::cwait {
+    varName {coroName {}} {timeout {}} {timeoutValue {}}
+} {
+    set thisCoro [info coroutine]
+    if {$thisCoro eq {}} {
+        return -code error {cwait cannot be called outside a coroutine}
+    }
+    if {$coroName eq {}} {
+        set coroName $thisCoro
+    }
+    if {[string range $varName 0 1] ne {::}} {
+        return -code error {argument varName must be fully qualified}
+    }
+    if {$timeout eq {}} {
+        set toe {}
+    } elseif {[string is integer -strict $timeout] && ($timeout > 0)} {
+        set toe [after $timeout [list set $varName $timeoutValue]]
+    } else {
+        return -code error {if timeout is supplied it must be a positive integer}
+    }
+
+    set cmd [list ::http::cwaiter::CwaitHelper $varName $coroName $toe]
+    trace add variable $varName write $cmd
+    CoLog "Yield $varName $coroName"
+    yield
+    CoLog "Resume $varName $coroName"
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::cwaiter::CwaitHelper
+# ------------------------------------------------------------------------------
+# Helper command called by the trace set by cwait.
+# - Ignores the arguments added by trace.
+# - A simple call to $coroName works, and in error cases gives a suitable stack
+#   trace, but because it is inside a trace the headline error message is
+#   something like {can't set "::Result(6)": error}, not the actual
+#   error.  So let the trace command return.
+# - Remove the trace immediately.  We don't want multiple calls.
+# ------------------------------------------------------------------------------
+
+proc http::cwaiter::CwaitHelper {varName coroName toe args} {
+    CoLog "got $varName for $coroName"
+    set cmd [list ::http::cwaiter::CwaitHelper $varName $coroName $toe]
+    trace remove variable $varName write $cmd
+    after cancel $toe
+
+    after 0 $coroName
+    return
+}
+
+
+# ------------------------------------------------------------------------------
+#  Proc http::cwaiter::LogInit
+# ------------------------------------------------------------------------------
+# Call this command to initiate debug logging and clear the log.
+# ------------------------------------------------------------------------------
+
+proc http::cwaiter::LogInit {} {
+    variable log
+    variable logOn
+    set log {}
+    set logOn 1
+    return
+}
+
+proc http::cwaiter::LogRead {} {
+    variable log
+    return $log
+}
+
+proc http::cwaiter::CoLog {msg} {
+    variable log
+    variable logOn
+    if {$logOn} {
+        append log $msg \n
+    }
+    return
+}
+
+namespace eval http {
+    namespace import ::http::cwaiter::*
+}
+
+# Local variables:
+# indent-tabs-mode: t
+# End:
diff --git a/src/modules/punk/mix/templates/layouts/project/src/bootsupport/modules/punkcheck-0.1.0.tm b/src/modules/punk/mix/templates/layouts/project/src/bootsupport/modules/punkcheck-0.1.0.tm
new file mode 100644
index 00000000..a65e1f7a
--- /dev/null
+++ b/src/modules/punk/mix/templates/layouts/project/src/bootsupport/modules/punkcheck-0.1.0.tm
@@ -0,0 +1,1887 @@
+# -*- tcl -*-
+# Maintenance Instruction: leave the 999999.xxx.x as is and use 'pmix make' or src/make.tcl to update from <pkg>-buildversion.txt
+#
+# Please consider using a BSD or MIT style license for greatest compatibility with the Tcl ecosystem.
+# Code using preferred Tcl licenses can be eligible for inclusion in Tcllib, Tklib and the punk package repository.
+# ++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++
+# (C) 2023
+#
+# @@ Meta Begin
+# Application punkcheck 0.1.0
+# Meta platform     tcl
+# Meta license      <unspecified>
+# @@ Meta End
+
+
+
+# ++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++
+##  Requirements
+##e.g package require frobz
+
+package require punk::tdl
+package require punk::repo
+package require punk::mix::util
+
+
+
+# ++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++
+# Punkcheck uses the TDL format which is a list of lists in Tcl format
+# It is intended primarily for source build/distribution tracking within a punk project or single filesystem - with relative paths.
+#
+#see following article regarding the many problems with using mtime for build-decisions:  https://apenwarr.ca/log/20181113
+#
+namespace eval punkcheck {
+        namespace export\
+            uuid\
+            start_installer_event  installfile_*
+
+        variable default_antiglob_dir_core  [list "#*" "_aside" ".git" ".fossil*"]
+        variable default_antiglob_file_core ""
+        proc uuid {} {
+            set has_twapi 0
+            if {"windows" eq $::tcl_platform(platform)} {
+                if {![catch {package require twapi}]} {
+                    set has_twapi 1
+                }
+            }
+            if {!$has_twapi} {
+                if {[catch {package require uuid} errM]} {
+                    error "Unable to load a package for uuid on this platform. Try tcllib's uuid (any platform) - twapi for windows"
+                }
+                return [uuid::uuid generate]
+            } else {
+                return [twapi::new_uuid]
+            }
+        }
+
+        proc default_antiglob_dir_core {} {
+            variable default_antiglob_dir_core
+            return $default_antiglob_dir_core
+        }
+        proc default_antiglob_file_core {} {
+            variable default_antiglob_file_core
+            if {$default_antiglob_file_core eq ""} {
+                set default_antiglob_file_core [list "*.swp" "*[punk::mix::util::magic_tm_version]*" "*-buildversion.txt" ".punkcheck"]
+            }
+            return $default_antiglob_file_core
+        }
+
+
+        proc load_records_from_file {punkcheck_file} { 
+            set record_list [list]
+            if {[file exists $punkcheck_file]} {
+                set tdlscript [punk::mix::util::fcat $punkcheck_file]
+                set record_list [punk::tdl::prettyparse $tdlscript]
+            }
+            return $record_list
+        }
+        proc save_records_to_file {recordlist punkcheck_file} {
+            set newtdl [punk::tdl::prettyprint $recordlist]
+            set linecount [llength [split $newtdl \n]]
+            #puts stdout $newtdl
+            set fd [open $punkcheck_file w]
+            fconfigure $fd -translation binary
+            puts -nonewline $fd $newtdl
+            close $fd
+            return [list recordcount [llength $recordlist] linecount $linecount]
+        }
+
+
+        #todo - work out way to use same punkcheck file for multiple installers running concurrently. Thread?
+        #an installtrack objects represents an installation path from sourceroot to targetroot 
+        #The source and target folders should be as specific as possible but it is valid to specify for example c:/ -> c:/  (or / -> /)  if source and targets within the installation operation are spread around.
+        #
+        set objname [namespace current]::installtrack
+        if {$objname ni [info commands $objname]} {
+            package require oolib
+
+            #FILEINFO record - target fileset with body records: INSTALL-RECORD,INSTALL-INPROGRESS,INSTALL-SKIPPED,DELETE-RECORD,DELETE-INPROGRESS,MODIFY-INPROGRESS,MODIFY-RECORD
+            #each FILEINFO body being a list of SOURCE records
+            oo::class create targetset {
+                variable o_targets 
+                variable o_keep_installrecords
+                variable o_keep_skipped
+                variable o_keep_inprogress
+                variable o_records
+                constructor {args} {
+                    #set o_records [oolib::collection create [namespace current]::recordcollection]
+                    set o_records [list]
+
+                }
+
+                method as_record {} {
+
+                    set fields [list\
+                        -targets $o_targets\
+                        -keep_installrecords $o_keep_installrecords\
+                        -keep_skipped $o_keep_skipped\
+                        -keep_inprogress $o_keep_inprogress\
+                        body $o_records\
+                    ]
+
+                    set record [dict create tag FILEINFO {*}$fields]
+                }
+                
+                #retrieve last completed record for the fileset ie exclude SKIPPED,INSTALL-INPROGRESS,DELETE-INPROGRESS,MODIFY-INPROGRESS
+                method get_last_record {fileset_record} {
+                    set body [dict_getwithdefault $fileset_record body [list]]
+                    set previous_records [lrange $body 0 end-1]
+                    #get last previous that is tagged INSTALL-RECORD,MODIFY-RECORD,DELETE-RECORD
+                    set revlist [lreverse $previous_records]
+                    foreach rec $revlist {
+                        if {[dict get $rec tag] in [list "INSTALL-RECORD" "MODIFY-RECORD" "DELETE-RECORD" "VIRTUAL-RECORD"]} {
+                            return $rec
+                        }
+                    }
+                    return [list]
+                }
+            }
+
+            oo::class create installevent {
+                variable o_id
+                variable o_rel_sourceroot
+                variable o_rel_targetroot
+                variable o_ts_begin
+                variable o_ts_end
+                variable o_types
+                variable o_configdict
+                variable o_targets
+                variable o_operation
+                variable o_operation_start_ts
+                variable o_fileset_record
+                variable o_installer ;#parent object
+                constructor {installer rel_sourceroot rel_targetroot args} {
+                    set o_installer $installer
+                    set o_operation_start_ts ""
+                    set o_operation ""
+                    set defaults [dict create\
+                        -id ""\
+                        -tsbegin ""\
+                        -config [list]\
+                        -tsend ""\
+                        -types [list]\
+                    ]
+                    set opts [dict merge $defaults $args]
+                    if {[dict get $opts -id] eq ""} {
+                        set o_id [punkcheck::uuid]
+                    } else {
+                        set o_id [dict get $opts -id]
+                    }
+                    if {[dict get $opts -tsbegin] eq ""} {
+                        set o_ts_begin [clock microseconds]
+                    } else {
+                        set o_ts_begin [dict get $opts -tsbegin]
+                    }
+                    set o_ts_end    [dict get $opts -tsend]
+                    set o_types     [dict get $opts -types]
+                    set o_configdict [dict get $opts -config] 
+
+                    set o_rel_sourceroot $rel_sourceroot
+                    set o_rel_targetroot $rel_targetroot
+                }                
+                destructor {
+                    #puts "[self] destructor called"
+                }
+                method as_record {} {
+                    set begin_seconds [expr {$o_ts_begin / 1000000}]
+                    set tsiso_begin [clock format $begin_seconds -format "%Y-%m-%dT%H:%M:%S"]
+                    if {$o_ts_end ne ""} {
+                        set end_seconds [expr {$o_ts_end / 1000000}]
+                        set tsiso_end [clock format $end_seconds -format "%Y-%m-%dT%H:%M:%S"]
+                    } else {
+                        set tsiso_end ""
+                    }
+                    set fields [list\
+                        -tsiso_begin $tsiso_begin\
+                        -ts_begin    $o_ts_begin\
+                        -tsiso_end   $tsiso_end\
+                        -ts_end      $o_ts_end\
+                        -id          $o_id\
+                        -source      $o_rel_sourceroot\
+                        -targets     $o_rel_targetroot\
+                        -types       $o_types\
+                        -config      $o_configdict\
+                    ]
+
+                    set record [dict create tag EVENT {*}$fields]
+                }
+                method get_id {} {
+                    return $o_id
+                }
+                method get_operation {} {
+                    return $o_operation
+                }
+                method get_targets {} {
+                    return $o_targets
+                }
+                method get_targets_exist {} {
+                    set punkcheck_folder [file dirname [$o_installer get_checkfile]]
+                    set existing [list]
+                    foreach t $o_targets {
+                        if {[file exists [file join $punkcheck_folder $t]]} {
+                            lappend existing $t
+                        }
+                    }
+                    return $existing
+                }
+                method end {} {
+                    set o_ts_end [clock microseconds]
+                }
+                method targetset_dict {} {
+                    punk::records_as_target_dict [$o_installer get_recordlist]
+                }
+
+                #related - installfile_begin
+                #call init before we know if we are going to run the operation vs skip
+                method targetset_init {operation targetset} {
+                    set known_ops [list INSTALL MODIFY DELETE VIRTUAL]
+                    if {[string toupper $operation] ni $known_ops} {
+                        error "[self] add_target unknown operation '$operation'. Known operations $known_ops"
+                    }
+                    if {$o_operation_start_ts ne ""} {
+                        error "[self] targetset_tart $o_operation operation already in progress. Use targetset_finished or targetset_complete to finish."
+                    }
+                    set o_operation_start_ts [clock microseconds]
+                    set seconds [expr {$o_operation_start_ts / 1000000}]
+                    set tsiso [clock format $seconds -format "%Y-%m-%dT%H:%M:%S"]
+                    set punkcheck_file [$o_installer get_checkfile]
+
+                    set relativepath_targetset [list]
+                    foreach p $targetset {
+                        if {[file pathtype $p] eq "absolute"} {
+                            lappend relativepath_targetset [punkcheck::lib::path_relative [file dirname $punkcheck_file] $p]
+                        } else {
+                            lappend relativepath_targetset $p
+                        }
+                    }
+
+
+                    set o_operation $operation
+                    set fields [list\
+                        -tsiso $tsiso\
+                        -ts $o_operation_start_ts\
+                        -installer [$o_installer get_name]\
+                        -eventid $o_id\
+                        ]
+
+                    set o_targets [lsort -dictionary -increasing $relativepath_targetset] ;#exact sort order not critical - but must be consistent
+
+                    #set targetdict [my targetset_dict]
+
+                    set record_list [punkcheck::load_records_from_file $punkcheck_file]
+                    set extractioninfo [punkcheck::recordlist::extract_or_create_fileset_record $o_targets $record_list]
+                    set o_fileset_record [dict get $extractioninfo record]
+                    set record_list [dict get $extractioninfo recordset]
+                    set isnew       [dict get $extractioninfo isnew]
+                    set oldposition [dict get $extractioninfo oldposition]
+                    unset extractioninfo
+
+                    #INSTALL-INPROGRESS will become INSTALL-RECORD or INSTALL-FAILED or INSTALL-SKIPPED upon finalisation
+                    #-installer and -eventid keys are added here
+                    set new_inprogress_record [dict create tag [string toupper $operation]-INPROGRESS {*}$fields -tempcontext [my as_record] body {}]
+                    #set existing_body [dict_getwithdefault $o_fileset_record body [list]]
+                    #todo - look for existing "-INPROGRESS" records - mark as failed?
+                    dict lappend o_fileset_record body $new_inprogress_record
+
+                    if {$isnew} {
+                        lappend record_list $o_fileset_record
+                    } else {
+                        set record_list [linsert $record_list[unset record_list] $oldposition $o_fileset_record]
+                    }
+
+                    punkcheck::save_records_to_file $record_list $punkcheck_file
+                    return $o_fileset_record
+
+                }
+                #operation has been started
+                method targetset_started {} {
+                    set punkcheck_folder [file dirname [$o_installer get_checkfile]]
+                    set o_fileset_record [punkcheck::installfile_started_install $punkcheck_folder $o_fileset_record]
+                }
+                method targetset_end {status args} {
+                    set defaults [dict create\
+                        -note \uFFFF\
+                    ]
+                    set known_opts [dict keys $defaults]
+                    if {[llength $args] % 2 != 0} {
+                        error "targetset_end arguments after status must be in the form of -flag value pairs. known flags: $known_opts"
+                    }
+                    set opts [dict merge $defaults $args]
+                    if {[dict get $opts -note] eq "\uFFFF"} {
+                        dict unset opts -note
+                    }
+
+
+                    set status [string toupper $status]
+                    set statusdict [dict create OK RECORD SKIPPED SKIPPED FAILED FAILED] 
+                    if {$o_operation_start_ts eq ""} {
+                        error "[self] targetset_end $status - no current operation - call targetset_started first"
+                    }
+                    if {$status ni [dict keys $statusdict]} {
+                        error "[self] targetset_end unrecognized status:$status known values: [dict keys $statusdict]"
+                    }
+                    if {![punkcheck::lib::is_file_record_inprogress $o_fileset_record]} {
+                        error "targetset_end $status error: bad fileset_record - expected FILEINFO with last body element *-INPROGRESS"
+                    }
+                    set targetlist [dict get $o_fileset_record -targets]
+                    if {$targetlist ne $o_targets} {
+                        error "targetset_end $status error. targetlist mismatch between file : $targetlist vs $o_targets"
+                    }
+                    set operation_end_ts [clock microseconds]
+                    set elapsed_us [expr {$operation_end_ts - $o_operation_start_ts}] 
+                    set file_record_body [dict get $o_fileset_record body]
+                    set installing_record [lindex $file_record_body end]
+                    set punkcheck_file [$o_installer get_checkfile]
+                    set record_list [punkcheck::load_records_from_file $punkcheck_file]
+                    if {[dict exists $installing_record -ts_start_transfer]} {
+                        set ts_start_transfer [dict get $installing_record -ts_start_transfer]
+                        set transfer_us [expr {$operation_end_ts - $ts_start_transfer}]
+                        dict set installing_record  -transfer_us $transfer_us
+                    }
+                    if {[dict exists $opts -note]} {
+                        dict set installing_record -note [dict get $opts -note]
+                    }
+
+                    dict set installing_record -elapsed_us $elapsed_us
+                    dict unset installing_record -tempcontext
+                    dict set installing_record tag "${o_operation}-[dict get $statusdict $status]" ;# e.g INSTALL-RECORD, INSTALL-SKIPPED
+                    lset file_record_body end $installing_record
+                    dict set o_fileset_record body $file_record_body 
+                    set o_fileset_record [punkcheck::recordlist::file_record_prune $o_fileset_record]
+
+                    set oldrecordinfo [punkcheck::recordlist::get_file_record $targetlist $record_list]
+                    set old_posn [dict get $oldrecordinfo position]
+                    if {$old_posn == -1} {
+                        lappend record_list $o_fileset_record
+                    } else {
+                        lset record_list $old_posn $o_fileset_record
+                    }
+                    punkcheck::save_records_to_file $record_list $punkcheck_file
+                    set o_operation_start_ts ""
+                    set o_operation ""
+                    return $o_fileset_record
+                }
+                method targetset_addsource {source_path} {
+                    set punkcheck_file [$o_installer get_checkfile]
+                    set punkcheck_folder [file dirname $punkcheck_file]
+                    if {[file pathtype $source_path] eq "absolute"} {
+                        set rel_source_path [punkcheck::lib::path_relative $punkcheck_folder $source_path]
+                    } else {
+                        set rel_source_path $source_path
+                    }
+
+                    set o_fileset_record [punkcheck::installfile_add_source_and_fetch_metadata $punkcheck_folder $rel_source_path $o_fileset_record]
+
+                }
+                method targetset_source_changes {} {
+                    punkcheck::recordlist::file_install_record_source_changes [lindex [dict get $o_fileset_record body] end]
+                }
+
+            }
+
+
+            oo::class create installtrack {
+                variable o_name
+                variable o_tsiso
+                variable o_ts
+                variable o_keep_events
+                variable o_checkfile
+                variable o_sourceroot 
+                variable o_rel_sourceroot
+                variable o_targetroot
+                variable o_rel_targetroot
+                variable o_record_list
+                variable o_active_event 
+                variable o_events
+                constructor {installername punkcheck_file} {
+                    set o_active_event ""
+                    set o_name $installername
+
+                    set o_checkfile [file normalize $punkcheck_file]
+                    set o_sourceroot ""
+                    set o_targetroot ""
+                    set o_rel_sourceroot ""
+                    set o_rel_targetroot ""
+                    #todo - validate punkcheck file location further??
+                    set punkcheck_folder [file dirname $o_checkfile]
+                    if {![file isdirectory $punkcheck_folder]} {
+                        error "[self] constructor error. Folder for punkcheck_file not found - $o_checkfile"
+                    }
+
+                    my load_all_records
+                    set resultinfo [punkcheck::recordlist::get_installer_record $o_name $o_record_list]
+                    set existing_header_posn [dict get $resultinfo position]
+                    if {$existing_header_posn == -1} {
+                        set this_installer_record [punkcheck::recordlist::new_installer_record $o_name]
+                        set o_record_list [linsert $o_record_list 0 $this_installer_record]
+                    } else {
+                        set this_installer_record [dict get $resultinfo record]
+                    }
+                    set o_tsiso [dict get $this_installer_record -tsiso]
+                    set o_ts [dict get $this_installer_record -ts]
+                    set o_keep_events [dict get $this_installer_record -keep_events]
+
+                    set o_events [oolib::collection create [namespace current]::eventcollection]
+                    set eventlist [punkcheck::dict_getwithdefault $this_installer_record body [list]]
+                    foreach e $eventlist {
+                        set eobj [punkcheck::installevent create [namespace current]::event_[my events count] [self] [dict get $e -source] [dict get $e -targets] {*}$e]
+                        #$o_events add $e [dict get $e -id]
+                        $o_events add $eobj [dict get $e -id]
+                    }
+                    
+                }
+                destructor {
+                    #puts "[self] destructor called"
+                }
+                method test {} {
+                    return [self]
+                }
+                method get_name {} {
+                    return $o_name
+                }
+                method get_checkfile {} {
+                    return $o_checkfile
+                }
+
+                #call set_source_target before calling start_event/end_event
+                #each event can have different source->target pairs - but may often have same, so set on installtrack as defaults. Only persisted in event records. 
+                method set_source_target {sourceroot targetroot} {
+                    if {[file pathtype $sourceroot] ne "absolute"} {
+                        error "[self] set_source_target error: sourceroot must be absolute path. Received '$sourceroot'"
+                    }
+                    if {[file pathtype $targetroot] ne "absolute"} {
+                        error "[self] set_source_target error: targetroot must be absolute path. Received '$targetroot'"
+                    }
+                    set punkcheck_folder [file dirname $o_checkfile]
+                    set o_sourceroot $sourceroot
+                    set o_targetroot $targetroot
+                    set o_rel_sourceroot [punkcheck::lib::path_relative $punkcheck_folder $sourceroot]
+                    set o_rel_targetroot [punkcheck::lib::path_relative $punkcheck_folder $targetroot]
+                    return [list $o_rel_sourceroot $o_rel_targetroot]
+                }
+                #review/fix to allow multiple installtrack objects on same punkcheck file.
+                method load_all_records {} {
+                    set o_record_list [punkcheck::load_records_from_file $o_checkfile]
+                }
+
+                #does not include associated FILEINFO records - as a targetset (FILEINFO record) can be associated with events from multiple installers over time.
+                #e.g a logfile common to installers, or a separate installer that updates a previous output.
+                method as_record {} {
+                    set eventrecords [list]
+                    foreach eobj [my events items] {
+                        lappend eventrecords [$eobj as_record]
+                    }
+                    set fields [list\
+                        -tsiso       $o_tsiso\
+                        -ts          $o_ts\
+                        -name        $o_name\
+                        -keep_events $o_keep_events\
+                        body $eventrecords\
+                    ]
+                    set record [dict create tag INSTALLER {*}$fields]
+                }
+                #open file and save only own records
+                method save_all_records {} {
+                    my save_installer_record
+                    #todo - save FILEINFO targetset records
+                }
+                method save_installer_record {} {
+                    set file_records [punkcheck::load_records_from_file $o_checkfile]
+                    
+                    set this_installer_record [my as_record]
+
+                    set persistedinfo [punkcheck::recordlist::get_installer_record $o_name $file_records]
+                    set existing_header_posn [dict get $persistedinfo position]
+                    if {$existing_header_posn == -1} {
+                        set file_records [linsert $file_records 0 $this_installer_record]
+                    } else {
+                        lset file_records $existing_header_posn $this_installer_record
+                    }
+                    punkcheck::save_records_to_file $file_records $o_checkfile
+                }
+                method events {args} {
+                    tailcall $o_events {*}$args
+                }
+                method start_event {configdict} {
+                    if {$o_active_event ne ""} {
+                        error "[self] start_event error - event already started:   $o_active_event"
+                    }
+                    if {$o_rel_sourceroot eq "" || $o_rel_targetroot eq ""} {
+                        error "[self] No configured sourceroot or targetroot. Call [self] set_source_target <abspath_sourceroot> <abspath_targetroot> first"
+                    }
+
+                    if {[llength $configdict] %2 != 0} {
+                        error "[self] new_event configdict must have an even number of elements"
+                    }
+                    set resultinfo [punkcheck::recordlist::get_installer_record $o_name $o_record_list]
+                    set existing_header_posn [dict get $resultinfo position]
+                    if {$existing_header_posn == -1} {
+                        error "[self] start_event - installer record missing. installer: $o_name"
+                    } else {
+                        set this_installer_record [dict get $resultinfo record]
+                    }
+
+                    set eventobj [punkcheck::installevent create [namespace current]::event_[my events count] [self] $o_rel_sourceroot $o_rel_targetroot -config $configdict]
+                    set eventid [$eventobj get_id]
+                    set event_record [$eventobj as_record]
+
+                    set this_installer_record [punkcheck::recordlist::installer_record_add_event $this_installer_record $event_record]
+                    set this_installer_record [punkcheck::recordlist::installer_record_pruneevents $this_installer_record $o_record_list]
+
+                    #replace
+                    lset o_record_list $existing_header_posn $this_installer_record
+
+                    punkcheck::save_records_to_file $o_record_list $o_checkfile
+                    set o_active_event $eventobj
+                    my events add $eventobj $eventid
+                    return $eventobj
+                }
+                method installer_record_from_file {} {
+                    set resultinfo [punkcheck::recordlist::get_installer_record $o_name $o_record_list]
+                }
+                method get_recordlist {} {
+                    return $o_recordlist    
+                }
+                method end_event {} {
+                    if {$o_active_event eq ""} {
+                        error "[self] end_event error - no active event"
+                    }
+                    $o_active_event end 
+                }
+                method get_event {} {
+                    return $o_active_event
+                }
+                if 0 {
+                method unknown {args} {
+                    puts "[self] unknown called with args:$args"
+                    if {[llength $args]} {
+
+                    } else {
+
+                    }
+                }
+                }
+            }
+        }
+        proc start_installer_event {punkcheck_file installername from_fullpath to_fullpath config} {
+            set eventid [punkcheck::uuid]
+            if {[file pathtype $from_fullpath] ne "absolute"} {
+                error "start_installer_event error: from_fullpath must be absolute path. Received '$from_fullpath'"
+            }
+            if {[file pathtype $to_fullpath] ne "absolute"} {
+                error "start_installer_event error: to_fullpath must be absolute path. Received '$to_fullpath'"
+            }
+            set punkcheck_folder [file dirname $punkcheck_file]
+            set rel_source [punkcheck::lib::path_relative $punkcheck_folder $from_fullpath]
+            set rel_target [punkcheck::lib::path_relative $punkcheck_folder $to_fullpath]
+
+
+            set record_list [punkcheck::load_records_from_file $punkcheck_file]
+            set resultinfo [punkcheck::recordlist::get_installer_record $installername $record_list]
+            set existing_header_posn [dict get $resultinfo position]
+            if {$existing_header_posn == -1} {
+                set this_installer_record [punkcheck::recordlist::new_installer_record $installername]
+            } else {
+                set this_installer_record [dict get $resultinfo record]
+            }
+
+            set event_record [punkcheck::recordlist::new_installer_event_record install\
+                -id $eventid\
+                -source $rel_source\
+                -targets $rel_target\
+                -config $config\
+            ]
+
+            set this_installer_record [punkcheck::recordlist::installer_record_add_event $this_installer_record $event_record]
+            set this_installer_record [punkcheck::recordlist::installer_record_pruneevents $this_installer_record $record_list]
+
+            if {$existing_header_posn == -1} {
+                #not found - prepend
+                set record_list [linsert $record_list 0 $this_installer_record]
+            } else {
+                #replace
+                lset record_list $existing_header_posn $this_installer_record
+            }
+
+            punkcheck::save_records_to_file $record_list $punkcheck_file
+            return [list eventid $eventid recordset $record_list]
+        }
+        #-----------------------------------------------
+        proc installfile_help {} {
+            set msg ""
+            append msg  "Call in order:" \n
+            append msg  "  start_installer_event (get dict with eventid and recordset keys)"
+            append msg  "  installfile_begin  (to return a new INSTALLING record) - must pass in a valid eventid"  \n
+            append msg  "  installfile_add_source_and_fetch_metadata (1+ times to update SOURCE record with checksum/timestamp info from source)" \n 
+            append msg  "     ( - possibly with same algorithm as previous installrecord)" \n
+            append msg  "     ( - todo - search/load metadata for this source from other FILEINFO records for same installer)" \n
+            append msg  "Finalize by calling:" \n
+            append msg  "  installfile_started_install" \n
+            append msg  "  (install the file e.g file copy)" \n
+            append msg  "  installfile_finished_install" \n
+            append msg  "  OR" \n
+            append msg  "  installfile_skipped_install" \n
+        }
+        proc installfile_begin {punkcheck_folder target_relpath installername args} {
+            if {[llength $args] %2 !=0} {
+                error "punkcheck installfile_begin args must be name-value pairs"
+            }
+            set target_relpath [lsort -dictionary -increasing $target_relpath] ;#exact sort order not critical - but must be consistent
+            set ts [clock microseconds]
+            set seconds [expr {$ts / 1000000}]
+            set tsiso [clock format $seconds -format "%Y-%m-%dT%H:%M:%S"]
+            set defaults [list\
+                -tsiso $tsiso\
+                -ts $ts\
+                -installer $installername\
+                -eventid unspecified\
+                ]
+            set opts [dict merge $defaults $args]
+            set opt_eventid [dict get $opts -eventid]
+
+            set punkcheck_file [file join $punkcheck_folder/.punkcheck]
+            set record_list [load_records_from_file $punkcheck_file]
+           
+            set resultinfo [punkcheck::recordlist::get_installer_record $installername $record_list]
+            set installer_record_position [dict get $resultinfo position]
+            if {$installer_record_position == -1} {
+                error "installfile_begin error: Failed to retrieve installer record for installer name:'$installername' - ensure start_installer_event has been called with same installer, and -eventid is passed to installfile_begin"
+            }
+            set this_installer_record [dict get $resultinfo record]
+            set events [dict get $this_installer_record body]
+            set active_event [list]
+            foreach evt [lreverse $events] {
+                if {[dict get $evt -id] eq $opt_eventid} {
+                    set active_event $evt
+                    break
+                }
+            }
+            if {![llength $active_event]} {
+                error "installfile_begin error: eventid $opt_eventid not found for installer '$installername' - aborting"
+            }
+
+
+            set extractioninfo [punkcheck::recordlist::extract_or_create_fileset_record $target_relpath $record_list]
+            set file_record [dict get $extractioninfo record]
+            set record_list [dict get $extractioninfo recordset]
+            set isnew       [dict get $extractioninfo isnew]
+            set oldposition [dict get $extractioninfo oldposition]
+            unset extractioninfo
+
+            #INSTALL-INPROGRESS will become INSTALL-RECORD or INSTALL-FAILED or INSTALL-SKIPPED upon finalisation
+            #-installer and -eventid keys are added here
+            set new_installing_record [dict create tag INSTALL-INPROGRESS {*}$opts -tempcontext $active_event body {}]
+            #set existing_body [dict_getwithdefault $file_record body [list]]
+            #todo - look for existing "INSTALL-INPROGRESS" records - mark as failed?
+            dict lappend file_record body $new_installing_record
+
+            if {$isnew} {
+                lappend record_list $file_record
+            } else {
+                set record_list [linsert $record_list[unset record_list] $oldposition $file_record]
+            }
+
+            save_records_to_file $record_list $punkcheck_file
+            return $file_record
+        }
+
+        #todo - ensure that removing a dependency is noticed as a change
+        #e.g previous installrecord had 2 source records - but we now only depend on one.
+        #The files we depended on for the previous record haven't changed themselves - but the list of files has (reduced by one)
+        proc installfile_add_source_and_fetch_metadata {punkcheck_folder source_relpath file_record} {
+            if {![lib::is_file_record_inprogress $file_record]} {
+                error "installfile_add_source_and_fetch_metdata error: bad file_record - expected FILEINFO with last body element *-INPROGRESS ($file_record)"
+            }
+            set ts_start [clock microseconds]
+            set last_installrecord [lib::file_record_get_last_installrecord $file_record]
+            set prev_ftype ""
+            set prev_fsize ""
+            set prev_cksum ""
+            set prev_cksum_opts ""
+            if {[llength $last_installrecord]} {
+                set src [lib::install_record_get_matching_source_record $last_installrecord $source_relpath]
+                if {[llength $src]} {
+                    if {[dict_getwithdefault $src -path ""] eq $source_relpath} {
+                        set prev_ftype [dict_getwithdefault $src -type ""]
+                        set prev_fsize [dict_getwithdefault $src -size ""]
+                        set prev_cksum [dict_getwithdefault $src -cksum ""]
+                        set prev_cksum_opts [dict_getwithdefault $src -cksum_all_opts ""]
+                    }
+                }
+            }
+            #check that this relpath not already added as child of *-INPROGRESS 
+            set file_record_body [dict_getwithdefault $file_record body [list]] ;#new file_record may have no body
+            set installing_record [lindex $file_record_body end]
+            set already_present_record [lib::install_record_get_matching_source_record $installing_record $source_relpath]
+            if {[llength $already_present_record]} {
+                error "installfile_add_source_and_fetch_metadata error: source path $source_relpath already exists in the file_record - cannot add again"
+            }
+
+            if {$prev_cksum_opts ne ""} {
+                set cksum_opts $prev_cksum_opts
+            } else {
+                set cksum_opts ""
+            }
+            #allow nonexistant as a source 
+            set fpath [file join $punkcheck_folder $source_relpath]
+            if {![file exists $fpath]} {
+                set ftype "missing"
+                set fsize ""
+                #get_relativecksum_from_base will set cksum to <PATHNOTFOUND>
+                set source_cksum_info [punk::mix::base::lib::get_relativecksum_from_base $punkcheck_folder $source_relpath {*}$cksum_opts]
+            } else {
+                set ftype [file type $fpath]
+                if {$ftype eq "directory"} {
+                    set source_cksum_info [punk::mix::base::lib::get_relativecksum_from_base $punkcheck_folder $source_relpath {*}$cksum_opts]
+                    set fsize "NA"
+                } else {
+                    #todo - optionally use mtime instead of cksum (for files only)?
+                    #mtime is not reliable across platforms and filesystems though.. see article linked at toop.
+                    set source_cksum_info [punk::mix::base::lib::get_relativecksum_from_base $punkcheck_folder $source_relpath {*}$cksum_opts]
+                    set fsize [file size $fpath]
+                }
+            }
+
+
+            lassign $source_cksum_info pathkey ckinfo
+            if {$pathkey ne $source_relpath} {
+                error "installfile_add_source_and_fetch_metadata error: cksum returned wrong path info '$pathkey' expected '$source_relpath'"
+            }
+            set cksum [dict get $ckinfo cksum]
+            set cksum_all_opts [dict get $ckinfo cksum_all_opts]
+            if {$cksum ne $prev_cksum || $ftype ne $prev_ftype || $fsize ne $prev_fsize} {
+                set changed 1
+            } else {
+                set changed 0
+            }
+            set installing_record_sources [dict_getwithdefault $installing_record body [list]]
+            set ts_now [clock microseconds] ;#gathering metadata - especially checsums on folder can take some time - calc and store elapsed us for time taken to gather metadata
+            set metadata_us [expr {$ts_now - $ts_start}]
+            set this_source_record [dict create tag SOURCE -type $ftype -size $fsize -path $source_relpath -cksum $cksum -cksum_all_opts $cksum_all_opts -changed $changed -metadata_us $metadata_us]
+            lappend installing_record_sources $this_source_record
+            dict set installing_record body $installing_record_sources
+
+            lset file_record_body end $installing_record
+
+            dict set file_record body $file_record_body
+            return $file_record
+        }
+
+        #write back to punkcheck - don't accept recordset - invalid to update anything other than the installing_record at this time
+        proc installfile_started_install {punkcheck_folder file_record} {
+            if {![lib::is_file_record_inprogress $file_record]} {
+                error "installfile_started_install error: bad file_record - expected FILEINFO with last body element *-INPROGRESS"
+            }
+            set punkcheck_file [file join $punkcheck_folder/.punkcheck]
+            set record_list [load_records_from_file $punkcheck_file]
+
+            set file_record_body [dict get $file_record body]
+            set targetlist [dict get $file_record -targets]
+            set installing_record [lindex $file_record_body end]
+
+            set ts_start [dict get $installing_record -ts]
+            set ts_now [clock microseconds] 
+            set metadata_us [expr {$ts_now - $ts_start}]
+            
+            dict set installing_record -metadata_us $metadata_us
+            dict set installing_record -ts_start_transfer $ts_now
+
+            lset file_record_body end $installing_record
+            
+            dict set file_record body $file_record_body
+
+
+            set getresult [punkcheck::recordlist::get_file_record $targetlist $record_list]
+            set old_posn [dict get $getresult position]
+            if {$old_posn == -1} {
+                lappend record_list $file_record
+            } else {
+                lset record_list $old_posn $file_record
+            }
+
+            save_records_to_file $record_list $punkcheck_file
+            return $file_record
+        }
+        proc installfile_finished_install {punkcheck_folder file_record} {
+            if {![lib::is_file_record_inprogress $file_record]} {
+                error "installfile_finished_install error: bad file_record - expected FILEINFO with last body element *-INPROGRESS"
+            }
+            set punkcheck_file [file join $punkcheck_folder/.punkcheck]
+            set record_list [load_records_from_file $punkcheck_file]
+
+            set file_record_body [dict get $file_record body]
+            set targetlist [dict get $file_record -targets]
+            set installing_record [lindex $file_record_body end]
+
+            set ts_start [dict get $installing_record -ts]
+            set ts_start_transfer [dict get $installing_record -ts_start_transfer]
+            set ts_now [clock microseconds]
+            set elapsed_us [expr {$ts_now - $ts_start}]
+            set transfer_us [expr {$ts_now - $ts_start_transfer}]
+            dict set installing_record  -transfer_us $transfer_us
+            dict set installing_record -elapsed_us $elapsed_us
+            dict unset installing_record -tempcontext
+            dict set installing_record tag "INSTALL-RECORD"
+
+            lset file_record_body end $installing_record
+            dict set file_record body $file_record_body 
+
+            set file_record [punkcheck::recordlist::file_record_prune $file_record]
+
+            set oldrecordinfo [punkcheck::recordlist::get_file_record $targetlist $record_list]
+            set old_posn [dict get $oldrecordinfo position]
+            if {$old_posn == -1} {
+                lappend record_list $file_record
+            } else {
+                lset record_list $old_posn $file_record
+            }
+
+            save_records_to_file $record_list $punkcheck_file
+            return $file_record
+        }
+        proc installfile_skipped_install {punkcheck_folder file_record} {
+            if {![lib::is_file_record_inprogress $file_record]} {
+                set msg "installfile_skipped_install error: bad file_record - expected FILEINFO with last body element *-INPROGRESS"
+                append msg \n "received:"
+                append msg \n $file_record
+                error $msg
+            }
+            set punkcheck_file [file join $punkcheck_folder/.punkcheck]
+            set record_list [load_records_from_file $punkcheck_file]
+
+            set file_record_body [dict get $file_record body]
+            set targetlist [dict get $file_record -targets]
+            set installing_record [lindex $file_record_body end]
+
+            set ts_start [dict get $installing_record -ts]
+            set tsnow [clock microseconds]
+            set elapsed_us [expr {$tsnow - $ts_start}]
+            dict set installing_record -elapsed_us $elapsed_us
+            dict set installing_record tag "SKIPPED" 
+             
+            lset file_record_body end $installing_record
+            dict set file_record body $file_record_body
+
+            set file_record [punkcheck::recordlist::file_record_prune $file_record]
+
+            set getresult [punkcheck::recordlist::get_file_record $targetlist $record_list]
+            set old_posn [dict get $getresult position]
+            if {$old_posn == -1} {
+                lappend record_list $file_record
+            } else {
+                lset record_list $old_posn $file_record
+            }
+
+            save_records_to_file $record_list $punkcheck_file
+            return $file_record
+        }
+        #-----------------------------------------------
+        #then: file_record_add_installrecord
+
+        namespace eval lib {
+            namespace path ::punkcheck
+            proc is_file_record_inprogress {file_record} {
+                if {[dict get $file_record tag] ne "FILEINFO"} {
+                    return 0
+                }
+                set installing_record [lindex [dict_getwithdefault $file_record body [list]] end]
+                if {[dict_getwithdefault $installing_record tag [list]] ni [list INSTALL-INPROGRESS MODIFY-INPROGRESS DELETE-INPROGRESS VIRTUAL-INPROGRESS]} {
+                    return 0
+                }
+                return 1
+            }
+            proc is_file_record_installing {file_record} {
+                if {[dict get $file_record tag] ne "FILEINFO"} {
+                    return 0
+                }
+                set installing_record [lindex [dict_getwithdefault $file_record body [list]] end]
+                if {[dict_getwithdefault $installing_record tag [list]] ne "INSTALL-INPROGRESS"} {
+                    return 0
+                }
+                return 1
+            }
+            proc file_record_get_last_installrecord {file_record} {
+                set body [dict_getwithdefault $file_record body [list]]
+                set previous_install_records [lrange $body 0 end-1]
+                #get last previous that is tagged INSTALL-RECORD,MODIFY-RECORD,VIRTUAL-RECORD
+                #REVIEW DELETERECORD ???
+                set revlist [lreverse $previous_install_records]
+                foreach rec $revlist {
+                    if {[dict get $rec tag] in [list "INSTALL-RECORD" "MODIFY-RECORD" "VIRTUAL-RECORD"]} {
+                        return $rec
+                    }
+                }
+                return [list]
+            }
+
+            #should work on *-INPROGRESS or INSTALL(etc) record - don't restrict tag to INSTALL
+            proc install_record_get_matching_source_record {install_record source_relpath} {
+                set body [dict_getwithdefault $install_record body [list]] 
+                foreach src $body {
+                    if {[dict get $src tag] eq "SOURCE"} {
+                        if {[dict_getwithdefault $src -path ""] eq $source_relpath} {
+                            return $src
+                        }
+                    }
+                }
+                return [list]
+            }
+
+
+
+            #maint warning - also in punk::mix::util
+            proc path_relative {base dst} {
+                #see also kettle
+                # Modified copy of ::fileutil::relative (tcllib)
+                # Adapted to 8.5 ({*}).
+                #
+                #    Taking two _directory_ paths, a base and a destination, computes the path
+                #    of the destination relative to the base.
+                #
+                # Arguments:
+                #    base    The path to make the destination relative to.
+                #    dst     The destination path
+                #
+                # Results:
+                #    The path of the destination, relative to the base.
+
+                # Ensure that the link to directory 'dst' is properly done relative to
+                # the directory 'base'.
+
+                #review - check volume info on windows.. UNC paths?
+                if {[file pathtype $base] ne [file pathtype $dst]} {
+                    return -code error "Unable to compute relation for paths of different pathtypes: [file pathtype $base] vs. [file pathtype $dst], ($base vs. $dst)"
+                }
+
+                #avoid normalizing if possible - at least for relative paths which we are likely to loop on (file normalize *very* expensive on windows)
+                set do_normalize 0
+                if {[file pathtype $base] eq "relative"} {
+                    #if base is relative so is dst
+                    if {[regexp {[.]{2}} [list $base $dst]]} {
+                        set do_normalize 1
+                    }
+                    if {[regexp {[.]/} [list $base $dst]]} {
+                        set do_normalize 1
+                    }
+                } else {
+                    #case differences in volumes is common on windows 
+                    set do_normalize 1
+                }
+                if {$do_normalize} {
+                    set base [file normalize $base]
+                    set dst  [file normalize $dst]
+                }
+
+                set save $dst
+                set base [file split $base]
+                set dst  [file split $dst]
+
+                while {[lindex $dst 0] eq [lindex $base 0]} {
+                    set dst  [lrange $dst  1 end]
+                    set base [lrange $base 1 end]
+                    if {![llength $dst]} {break}
+                }
+
+                set dstlen  [llength $dst]
+                set baselen [llength $base]
+
+                if {($dstlen == 0) && ($baselen == 0)} {
+                    # Cases:
+                    # (a) base == dst
+
+                    set dst .
+                    } else {
+                    # Cases:
+                    # (b) base is: base/sub = sub
+                    #     dst  is: base     = {}
+
+                    # (c) base is: base     = {}
+                    #     dst  is: base/sub = sub
+
+                    while {$baselen > 0} {
+                        set dst [linsert $dst 0 ..]
+                        incr baselen -1
+                    }
+                    set dst [file join {*}$dst]
+                }
+
+                return $dst
+            }
+        }
+        #skip writing punkcheck during checksum/timestamp checks
+
+        proc install_tm_files {srcdir basedir args} {
+            set defaults [list\
+                -glob *.tm\
+                -antiglob_file [list "*[punk::mix::util::magic_tm_version]*"]\
+                -installer punkcheck::install_tm_files\
+                ]
+            set opts [dict merge $defaults $args]
+            punkcheck::install $srcdir $basedir {*}$opts
+        }
+        proc install_non_tm_files {srcdir basedir args} {
+            #set keys [dict keys $args]
+            set defaults [list\
+                -glob *\
+                -antiglob_file [list "*.tm" "*-buildversion.txt" "*.exe"]\
+                -installer punkcheck::install_non_tm_files\
+                ]
+            set opts [dict merge $defaults $args]
+            punkcheck::install $srcdir $basedir {*}$opts
+        }
+
+        #for tcl8.6 - tcl8.7+ has dict getwithdefault (dict getdef)
+        proc dict_getwithdefault {dictValue args} {
+            if {[llength $args] < 2} {
+                error {wrong # args: should be "dict_getdef dictionary ?key ...? key default"}
+            }
+            set keys [lrange $args 0 end-1]
+            if {[dict exists $dictValue {*}$keys]} {
+                return [dict get $dictValue {*}$keys]
+            } else {
+                return [lindex $args end] 
+            }
+        }
+        proc pathglob_as_re {glob} {
+            #any segment that is not just * must match exactly one segment in the path
+            set pats [list]
+            foreach seg [file split $glob] {
+                if {$seg eq "*"} {
+                    lappend pats {[^/]*}
+                } elseif {$seg eq "**"} {
+                    lappend pats {.*}
+                } else {
+                    set seg [string map [list  . {[.]}] $seg]
+                    if {[regexp {[*?]} $seg]} {
+                        set pat [string map [list * {[^/]*} ? {[^/]}] $seg]
+                        lappend pats "$pat"
+                    } else {
+                        lappend pats "$seg"
+                    }
+                }
+            }
+            return  "^[join $pats /]\$"
+        }
+        proc globmatchpath {glob path} {
+            return [regexp [pathglob_as_re $glob] $path]
+        }
+        ## unidirectional file transfer to possibly non empty folder
+        #default of -overwrite no-targets will only copy files that are missing at the target
+        #           -overwrite newer-targets will copy files with older source timestamp over newer target timestamp and those missing at the target (a form of 'restore' operation)
+        #           -overwrite older-targets will copy files with newer source timestamp over older target timestamp and those missing at the target
+        #           -overwrite all-targets will copy regardless of timestamp at target
+        #           -overwrite installedsourcechanged-targets 
+        #           review - timestamps unreliable
+        #            - what about slightly mismatched system clocks and mounted filesystems? caller responsibility to verify first? 
+        #           if timestamp exactly equal -  should we check content-hash? This is presumably only likely to occur deliberately(maliciously?) 
+        #           e.g some process that digitally signs or otherwise modifies a file and preserves update timestmp?
+        #           if such a content-mismatch - what default behaviour and what options would make sense?
+        #           probably it's reasonable that only all-targets would overwrite such files.
+        #           consider -source_fudge_seconds  +-X  ?,  -source_override_timestamp ts  ???  etc which only adjust timestamp for calculation purposes? Define a specific need/usecase when reviewing.
+        #
+        # valid filetypes for src tgt
+        #  src dir      tgt dir
+        #  todo - review and consider enabling symlink src and dst
+        #  no need for src file  - as we use -glob with no glob characters to match one  source file file
+        #  no ability to target file with different name - keep it simpler and caller will have to use an intermediate folder/file if they need to rename something?
+        #
+        #  todo - determine what happens if mismatch between file type of a src vs target e.g target has dir matching filename at source
+        #  A pre-scan to determine no such conflict - before attempting to copy anything might provide the most integrity at slight cost in speed.
+        #  REVIEW  we should only expect dirs to be created as necessary to hold files? i.e target folder won't be created if no source file matches for that folder
+        #  -source_checksum  compare|store|comparestore|false|true  where true == comparestore
+        #  -punkcheck_folder target|source|project|<absolutepath>  target is default and is generally recommended
+        #  -punkcheck_records empty string | parsed TDL records ie {tag xxx k v}  structure
+        proc install {srcdir tgtdir args} {
+            set defaults [list\
+                -call-depth-internal 0\
+                -max_depth 1000\
+                -subdirlist {}\
+                -glob *\
+                -antiglob_file_core "\uFFFF"\
+                -antiglob_file "" \
+                -antiglob_dir_core "\uFFFF"\
+                -antiglob_dir {}\
+                -unpublish_paths {}\
+                -overwrite no-targets\
+                -source_checksum comparestore\
+                -punkcheck_folder target\
+                -punkcheck_eventid "\uFFFF"\
+                -punkcheck_records ""\
+                -installer punkcheck::install\
+                ]
+
+            set opts [dict merge $defaults $args]
+            if {([llength $args] %2) != 0} {
+                error "punkcheck::install requires option-style arguments to be in pairs. Received args: $args"
+            }
+            foreach k [dict keys $args] {
+                if {$k ni [dict keys $defaults]} {
+                    error "punkcheck::install  unrecognised option '$k' known options: '[dict keys $defaults]'"
+                }
+            }
+
+            #The choice to recurse using the original values of srcdir & tgtdir, and passing the subpath down as a list in -subdirlist seems an odd one.
+            #(as opposed to a more 'standard' mechanism of adjusting srcdir & tgtdir as we move down the tree)
+            #It comes from build_modules_from_source_to_base where we need to keep track of position relative to our targetdir starting point to handle submodules e.g pkg::something::mypkg-0.1.tm
+            #It could have been handled with some other parameter such as -depth, but this -subdirlist mechanism, whilst perhaps not beautiful, is straightforward enough
+            #and may be less error prone than doing slightly more opaue path manipulations at each recursion level to determine where we started
+            #For consistency - we'll use the same mechanism in various recursive directory walking procedures such as this one.
+            set CALLDEPTH                               [dict get $opts -call-depth-internal] ;#added for extra debug/sanity checking - clearer test for initial function call ie CALLDPEPTH = 0
+            set max_depth                               [dict get $opts -max_depth]
+            set subdirlist                              [dict get $opts -subdirlist] ;# generally should be same length as CALLDEPTH - but user could prefill
+            set fileglob                                [dict get $opts -glob]
+
+            if {$CALLDEPTH == 0} {
+                #expensive to normalize  but we need to do it at least once
+                set srcdir [file normalize $srcdir]
+                set tgtdir [file normalize $tgtdir]
+                #now the values we build from these will be properly cased
+            }
+            # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
+            set opt_antiglob_file_core                  [dict get $opts -antiglob_file_core]
+            if {$opt_antiglob_file_core eq "\uFFFF"} {
+                set opt_antiglob_file_core [default_antiglob_file_core]
+                dict set opts -antiglob_file_core $opt_antiglob_file_core
+            }
+            # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
+            set opt_antiglob_file                       [dict get $opts -antiglob_file]
+            # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
+            set opt_antiglob_dir_core                   [dict get $opts -antiglob_dir_core]
+            if {$opt_antiglob_dir_core eq "\uFFFF"} {
+                set opt_antiglob_dir_core [default_antiglob_dir_core]
+                dict set opts -antiglob_dir_core $opt_antiglob_dir_core
+            }
+            # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
+            set opt_antiglob_dir                        [dict get $opts -antiglob_dir]
+            # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
+            set opt_unpublish_paths                     [dict get $opts -unpublish_paths] ;#todo - combine with config file in source tree .punkcheckpublish (?)
+            set unpublish_paths_matched [list]
+            # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
+            set known_whats [list no-targets newer-targets older-targets all-targets installedsourcechanged-targets]
+            set overwrite_what                          [string tolower [dict get $opts -overwrite]]; #accept any case for value to allow emphasis by caller e.g -overwrite NEWER-TARGETS
+            if {$overwrite_what ni $known_whats} {
+                error "punkcheck::install received unrecognised value for -overwrite. Received value '$overwrite_what' vs known values '$known_whats'"
+            }
+            if {$overwrite_what in [list newer-targets older-targets]} {
+                error "punkcheck::install newer-target, older-targets not implemented - sorry"
+                #TODO - check crossplatform availability of ctime  (on windows it still seems to be creation time, but on bsd/linux it's last attribute mod time)
+                # external pkg?  use twapi and ctime only on other platforms?
+            }
+            # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
+            set opt_source_checksum                     [dict get $opts -source_checksum]
+            if {[string is boolean $opt_source_checksum]} {
+                if {$opt_source_checksum} {
+                    set opt_source_checksum "comparestore"
+                } else {
+                    set opt_source_checksum 0
+                }
+                dict set opts -source_checksum $opt_source_checksum
+            }
+            # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
+            set opt_punkcheck_folder                    [dict get $opts -punkcheck_folder]
+            if {$opt_punkcheck_folder eq "target"} {
+                set punkcheck_folder $tgtdir
+            } elseif {$opt_punkcheck_folder eq "source"} {
+                set punkcheck_folder $srcdir
+            } elseif {$opt_punkcheck_folder eq "project"} {
+                set sourceprojectinfo [punk::repo::find_repos $srcdir]
+                set targetprojectinfo [punk::repo::find_repos $tgtdir]
+                set srcproj [lindex [dict get $sourceprojectinfo project] 0]
+                set tgtproj [lindex [dict get $targetprojectinfo project] 0]
+                if {$srcproj eq $tgtproj} {
+                    set punkcheck_folder $tgtproj
+                } else {
+                    error "copy_files_from_source_to_target error: Unable to find common project dir for source and target folder - use absolutepath for -punkcheck_folder if source and target are not within same project"
+                }
+            } else {
+                set punkcheck_folder $opt_punkcheck_folder
+            }
+            if {$punkcheck_folder ne ""} {
+                if {[file pathtype $punkcheck_folder] ne "absolute"} {
+                    error "copy_files_from_source_to_target error: -punkcheck_folder '$punkcheck_folder' must be an absolute path, or one of: target|source|project"
+                }
+                if {![file isdirectory $punkcheck_folder]} {
+                    error "copy_files_from_source_to_target error: -punkcheck_folder '$punkcheck_folder' not found"
+                }
+            } else {
+                #review - leave empty? use pwd?
+            }
+            # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
+            set punkcheck_records                       [dict get $opts -punkcheck_records]
+            set punkcheck_records_init $punkcheck_records ;#change-detection
+            # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
+            set opt_installer                           [dict get $opts -installer]
+            # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
+            set opt_punkcheck_eventid                             [dict get $opts -punkcheck_eventid]
+
+
+
+            set punkcheck_file [file join $punkcheck_folder/.punkcheck]
+
+            if {$CALLDEPTH == 0} {
+                set punkcheck_eventid "<invalid>"
+                if {$punkcheck_folder ne ""} {
+                    set config $opts
+                    dict unset config -call-depth-internal
+                    dict unset config -max_depth
+                    dict unset config -subdirlist
+                    dict for {k v} $config {
+                        if {$v eq "\uFFFF"} {
+                            dict unset config $k
+                        }
+                    }
+                    lassign [punkcheck::start_installer_event $punkcheck_file $opt_installer $srcdir $tgtdir $config] _eventid punkcheck_eventid _recordset punkcheck_records
+                }
+            } else {
+                set punkcheck_eventid $opt_punkcheck_eventid
+            }
+
+
+
+            if {$opt_source_checksum != 0} {
+                #we need to read the file even if only set to store (or we would overwrite entries)
+                set compare_cksums 1
+            } else {
+                set compare_cksums 0
+            }
+
+            if {[string match *store* $opt_source_checksum]} {
+                set store_cksums 1
+            } else {
+                set store_cksums 0
+            }
+            
+
+
+
+
+            if {[llength $subdirlist] == 0} {
+                set current_source_dir $srcdir
+                set current_target_dir $tgtdir
+            } else {
+                set current_source_dir $srcdir/[file join {*}$subdirlist]
+                set current_target_dir $tgtdir/[file join {*}$subdirlist]
+            }
+
+
+            set relative_target_dir [lib::path_relative $tgtdir $current_target_dir]
+            if {$relative_target_dir eq "."} {
+                set relative_target_dir ""
+            }
+            set relative_source_dir [lib::path_relative $srcdir $current_source_dir]
+            if {$relative_source_dir eq "."} {
+                set relative_source_dir ""
+            }
+            set target_relative_to_punkcheck_dir [lib::path_relative $punkcheck_folder $current_target_dir]
+            if {$target_relative_to_punkcheck_dir eq "."} {
+                set target_relative_to_punkcheck_dir ""
+            }
+            foreach unpub $opt_unpublish_paths {
+                #puts "testing folder - globmatchpath $unpub $relative_source_dir"
+                if {[globmatchpath $unpub $relative_source_dir]} {
+                    lappend unpublish_paths_matched $current_source_dir
+                    return [list files_copied {} files_skipped {} sources_unchanged {} punkcheck_records $punkcheck_records unpublish_paths_matched $unpublish_paths_matched]
+                }
+            }
+
+
+            if {![file exists $current_source_dir]} {
+                error "copy_files_from_source_to_target current source dir:'$current_source_dir' doesn't exist (srcdir:$srcdir tgtdir:$tgtdir args:'$args')"
+            }
+            if {![file exists $current_target_dir]} {
+                error "copy_files_from_source_to_target current target dir:'$current_target_dir' doesn't exist (srcdir:$srcdir tgtdir:$tgtdir args:'$args')"
+            }
+            if {([file type $current_source_dir] ni [list directory]) || ([file type $current_target_dir] ni [list directory])} {
+                error "copy_files_from_source_to_target requires source and target dirs to be of type 'directory' type current source: [file type $current_source_dir] type current target: [file type $current_target_dir]"
+            }
+
+            set files_copied [list]
+            set files_skipped [list]
+            set sources_unchanged [list]
+
+
+            set candidate_list [glob -nocomplain -dir $current_source_dir -type f -tail $fileglob]
+            set hidden_candidate_list [glob -nocomplain -dir $current_source_dir -types {hidden f} -tail $fileglob]
+            foreach h $hidden_candidate_list {
+                if {$h ni $candidate_list} {
+                    lappend candidate_list $h
+                }
+            }
+            set match_list [list]
+            foreach m $candidate_list {
+                set suppress 0
+                foreach anti [concat $opt_antiglob_file_core $opt_antiglob_file] {
+                    if {[string match $anti $m]} {
+                        #puts stderr "anti: $anti  vs m:$m"
+                        set suppress 1
+                        break
+                    }
+                }
+                if {$suppress == 0} {
+                    lappend match_list $m
+                } 
+            }
+
+            #sample .punkcheck file record (raw form) to make the code clearer
+            #punk::tdl converts to dict form e.g: tag FILEINFO -targets filename body sublist
+            #Valid installrecord types are INSTALL-RECORD SKIPPED INSTALL-INPROGRESS, MODIFY-RECORD MODIFY-INPROGRESS DELETE-RECORD DELETE-INPROGRESS 
+            #
+            #FILEINFO -targets jjjetc-0.1.0.tm -keep_installrecords 2 -keep_skipped 1 -keep_inprogress 2 {
+            #    INSTALL-RECORD -tsiso 2023-09-20T07:30:30 -ts 1695159030266610 -installer punk::mix::cli::build_modules_from_source_to_base -metadata_us 18426 -ts_start_transfer 1695159030285036 -transfer_us 10194 -elapsed_us 28620 {
+            #        SOURCE -type file -path ../src/modules/jjjetc-buildversion.txt -cksum c7c71839c36b3d21c8370fed106192fcd659eca9 -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 1 -metadata_us 3423
+            #        SOURCE -type file -path ../src/modules/jjjetc-999999.0a1.0.tm -cksum b646fc2ee88cbd068d2e946fe929b7aea96bd39d -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 1 -metadata_us 3413
+            #    }
+            #    INSTALL-SKIPPED -tsiso 2023-09-20T08:14:26 -ts 1695161666087880 -installer punk::mix::cli::build_modules_from_source_to_base -elapsed_us 18914 {
+            #        SOURCE -type file -path ../src/modules/jjjetc-buildversion.txt -cksum c7c71839c36b3d21c8370fed106192fcd659eca9 -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 0 -metadata_us 3435
+            #        SOURCE -type file -path ../src/modules/jjjetc-999999.0a1.0.tm -cksum b646fc2ee88cbd068d2e946fe929b7aea96bd39d -cksum_all_opts {-cksum_content 1 -cksum_meta 0 -cksum_acls 0 -cksum_usetar 0 -cksum_algorithm sha1} -changed 0 -metadata_us 3338
+            #    }
+            #}
+            
+            
+            #proc get_relativecksum_from_base_and_fullpath {base fullpath args}
+          
+
+            #puts stdout     "Current target dir: $current_target_dir"
+            foreach m $match_list {
+                set relative_target_path [file join $relative_target_dir $m]
+                set relative_source_path [file join $relative_source_dir $m]
+                set punkcheck_target_relpath [file join $target_relative_to_punkcheck_dir $m]
+                set is_unpublished 0
+                foreach unpub $opt_unpublish_paths {
+                    #puts "testing file - globmatchpath $unpub  vs $relative_source_path" 
+                    if {[globmatchpath $unpub $relative_source_path]} {
+                        lappend unpublish_paths_matched $current_source_dir
+                        set is_unpublished 1
+                        break
+                    }
+                }
+                if {$is_unpublished} {
+                    continue
+                }
+                #puts stdout "    checking file : $current_source_dir/$m"
+                set ts_start [clock microseconds]
+                set seconds [expr {$ts_start / 1000000}]
+                set ts_start_iso [clock format $seconds -format "%Y-%m-%dT%H:%M:%S"]
+
+
+                #puts stdout "  rel_target: $punkcheck_target_relpath"
+                
+                set fetch_filerec_result [punkcheck::recordlist::get_file_record $punkcheck_target_relpath $punkcheck_records]
+                #change to use extract_or_create_fileset_record ?
+                set existing_filerec_posn [dict get $fetch_filerec_result position]
+                if {$existing_filerec_posn == -1} {
+                    puts stdout "NO existing record for $punkcheck_target_relpath"
+                    set has_filerec 0
+                    set new_filerec [dict create tag FILEINFO -targets $punkcheck_target_relpath]
+                    set filerec $new_filerec
+                } else {
+                    set has_filerec 1
+                    #puts stdout "  TDL existing FILEINFO record for $punkcheck_target_relpath"
+                    #puts stdout "  $existing_install_record"
+                    set filerec [dict get $fetch_filerec_result record]
+                }
+                set filerec [punkcheck::recordlist::file_record_set_defaults $filerec]
+             
+                #new INSTALLREC must be tagged as INSTALL-INPROGRESS to use recordlist::installfile_ method
+                set new_install_record   [dict create tag INSTALL-INPROGRESS -tsiso $ts_start_iso -ts $ts_start -installer $opt_installer -eventid $punkcheck_eventid]
+                dict lappend filerec body $new_install_record ;#can't use recordlist::file_record_add_installrecord as '*-INPROGRESS' isn't a final tag - so pruning would be mucked up. No need to prune now anyway.
+                unset new_install_record
+
+
+
+
+
+                set relative_source_path [lib::path_relative $punkcheck_folder $current_source_dir/$m]
+                #puts stdout "  rel_source: $relative_source_path"
+                if {[file pathtype $relative_source_path] ne "relative"} {
+                    #different volume or root
+                }
+                #Note this isn't a recordlist function - so it doesn't purely operate on the records
+                #this hits the filesystem for the sourcepath - gets checksums/timestamps depending on config. 
+                #It doesn't save to .punkcheck (the only punkcheck::installfile_ method which doesn't)
+                set filerec [punkcheck::installfile_add_source_and_fetch_metadata $punkcheck_folder $relative_source_path $filerec]
+                
+                set changeinfo [punkcheck::recordlist::file_install_record_source_changes [lindex [dict get $filerec body] end]]
+                set changed [dict get $changeinfo changed]
+                set unchanged [dict get $changeinfo unchanged]
+                if {[llength $unchanged]} {
+                    lappend sources_unchanged $current_source_dir/$m
+                }
+
+                set is_skip 0
+                if {$overwrite_what eq "all-targets"} {
+                    file copy -force $current_source_dir/$m $current_target_dir
+                    lappend files_copied $current_source_dir/$m
+                } else {
+                    if {![file exists $current_target_dir/$m]} {
+                        file copy $current_source_dir/$m $current_target_dir
+                        lappend files_copied $current_source_dir/$m
+                        incr filecount_new
+                    } else {
+                        if {$overwrite_what eq "installedsourcechanged-targets"} {
+                            if {[llength $changed]} {
+                                #An unrecorded installation is considered a source change (from unknown/unrecorded source to recorded)
+                                file copy -force $current_source_dir/$m $current_target_dir
+                                lappend files_copied $current_source_dir/$m
+                            } else {
+                                set is_skip 1
+                                lappend files_skipped $current_source_dir/$m
+                            }
+                        } else {
+                            set is_skip 1
+                            puts stderr "Skipping file copy $m target $current_target_dir/$m already exists (use -overwrite all-targets  to overwrite)"
+                            #TODO! implement newer-targets older-targets
+                            lappend files_skipped $current_source_dir/$m
+                        }
+                    }
+                }
+
+
+                set ts_now    [clock microseconds]
+                set elapsed_us [expr {$ts_now - $ts_start}]
+
+                if {$store_cksums} {
+
+                    set install_records [dict get $filerec body] 
+                    set current_install_record [lindex $install_records end]
+                    #change the tag from *-INPROGRESS to INSTALL-RECORD/SKIPPED
+                    if {$is_skip} {
+                        set tag INSTALL-SKIPPED
+                    } else {
+                        set tag INSTALL-RECORD
+                    }
+                    dict set current_install_record tag $tag
+                    dict set current_install_record -elapsed_us $elapsed_us
+                    lset install_records end $current_install_record
+                    dict set filerec body $install_records
+                    set filerec [punkcheck::recordlist::file_record_prune $filerec] ;#prune now that tag is finalized
+                    if {!$has_filerec} {
+                        #not found in original recordlist - append
+                        lappend punkcheck_records $filerec
+                    } else {
+                        lset punkcheck_records $existing_filerec_posn $filerec
+                    }
+                }
+
+            }
+
+            if {$CALLDEPTH >= $max_depth} {
+                #don't process any more subdirs
+                set subdirs [list]
+            } else {
+                set subdirs [glob -nocomplain -dir $current_source_dir -type d -tail *]
+                set hiddensubdirs [glob -nocomplain -dir $current_source_dir -type {hidden d} -tail *]
+                foreach h $hiddensubdirs {
+                    if {$h in [list "." ".."]} {
+                        continue
+                    }
+                    if {$h ni $subdirs} {
+                        lappend subdirs $h
+                    }
+                }
+            }
+            #puts stderr "subdirs: $subdirs"
+            foreach d $subdirs {
+                set skipd 0
+                foreach dg [concat $opt_antiglob_dir_core $opt_antiglob_dir] {
+                    if {[string match $dg $d]} {
+                        puts stdout "SKIPPING FOLDER $d due to antiglob_dir-match: $dg "
+                        set skipd 1
+                        break
+                    }
+                }
+                if {$skipd} {
+                    continue
+                }
+
+
+                if {![file exists $current_target_dir/$d]} {
+                    file mkdir $current_target_dir/$d
+                }
+                
+
+                set sub_opts_1 [list\
+                    -call-depth-internal [expr {$CALLDEPTH + 1}]\
+                    -subdirlist [list {*}$subdirlist $d]\
+                    -glob $fileglob\
+                    -antiglob_file_core $opt_antiglob_file_core\
+                    -antiglob_file $opt_antiglob_file\
+                    -antiglob_dir_core  $opt_antiglob_dir_core\
+                    -antiglob_dir $opt_antiglob_dir\
+                    -overwrite $overwrite_what\
+                    -source_checksum $opt_source_checksum\
+                    -punkcheck_folder $punkcheck_folder\
+                    -punkcheck_eventid $punkcheck_eventid\
+                    -punkcheck_records $punkcheck_records\
+                    -installer $opt_installer\
+                    ]
+                set sub_opts [list\
+                    -call-depth-internal [expr {$CALLDEPTH + 1}]\
+                    -subdirlist [list {*}$subdirlist $d]\
+                    -punkcheck_folder $punkcheck_folder\
+                    -punkcheck_eventid $punkcheck_eventid\
+                    -punkcheck_records $punkcheck_records\
+                ]                
+                set sub_opts [dict merge $opts $sub_opts]
+                set sub_result [punkcheck::install $srcdir $tgtdir {*}$sub_opts]
+
+                lappend files_copied {*}[dict get $sub_result files_copied]
+                lappend files_skipped {*}[dict get $sub_result files_skipped]
+                lappend sources_unchanged {*}[dict get $sub_result sources_unchanged]
+                lappend unpublish_paths_matched {*}[dict get $sub_result unpublish_paths_matched]
+                set punkcheck_records [dict get $sub_result punkcheck_records]
+            }
+            
+            if {[string match *store* $opt_source_checksum]} {
+                #puts "subdirlist: $subdirlist"
+                if {$CALLDEPTH == 0} {
+                    if {[llength $files_copied] || [llength $files_skipped]} {
+                        puts stdout ">>>>>>>>>>>>>>>>>>>"
+                        set saveresult [punkcheck::save_records_to_file $punkcheck_records $punkcheck_file]
+                        puts stdout "[dict get $saveresult recordcount] records saved as [dict get $saveresult linecount] lines to $punkcheck_file"
+                        puts stdout "copied: [llength $files_copied] skipped: [llength $files_skipped]"
+                        puts stdout ">>>>>>>>>>>>>>>>>>>"
+                    } else {
+                        #todo - write db INSTALLER record if -debug true
+                        
+                    }
+                    #puts stdout "sources_unchanged"
+                    #puts stdout "$sources_unchanged"
+                    #puts stdout "- -- --- --- --- ---"
+                }
+            }
+
+            return [list files_copied $files_copied files_skipped $files_skipped sources_unchanged $sources_unchanged unpublish_paths_matched $unpublish_paths_matched punkcheck_records $punkcheck_records]
+        }
+
+        namespace eval recordlist {
+            namespace path ::punkcheck
+
+            proc records_as_target_dict {record_list} {
+                set result [dict create]
+                foreach rec $record_list {
+                    if {[dict get $rec tag] eq "FILEINFO"} {
+                        set tgtlist [dict get $rec -targets]
+                        dict set result $tgtlist $rec
+                    }
+                }
+                return $result
+            }
+
+
+
+
+            #will only match if same base was used.. and same targetlist
+            proc get_file_record {targetlist record_list} {
+                set posn 0
+                set found_posn -1
+                set record ""
+                foreach rec $record_list {
+                    if {[dict get $rec tag] eq "FILEINFO"} {
+                        if {[dict get $rec -targets] eq $targetlist} {
+                            set found_posn $posn
+                            set record $rec
+                            break
+                        }
+                    }
+                    incr posn
+                }
+                return [list position $found_posn record $record]
+            }
+            proc file_install_record_source_changes {install_record} {
+                #reject INSTALLFAILED items ?
+                if {[dict get $install_record tag] ni [list "INSTALL-RECORD" "SKIPPED" "INSTALL-INPROGRESS" "MODIFY-INPROGRESS" "MODIFY-RECORD" "VIRTUAL-INPROGRESS" "VIRTUAL-RECORD" "DELETE-RECORD" "DELETE-INPROGRESS"]} {
+                    error "file_install_record_source_changes bad file->install record: tag not INSTALL-RECORD|SKIPPED|INSTALL-INPROGRESS|MODIFY-RECORD|MODIFY-INPROGRESS|VIRTUAL-RECORD|VIRTUAL-INPROGRESS|DELETE-RECORD|DELETE-INPROGRESS"
+                }
+                set source_list [dict_getwithdefault $install_record body [list]]
+                set changed [list]
+                set unchanged [list]
+                foreach src $source_list {
+                    if {[dict exists $src -changed]} {
+                        if {[dict get $src -changed] !=0} {
+                            lappend changed [dict get $src -path]
+                        } else {
+                            lappend unchanged [dict get $src -path]
+                        }
+                    } else {
+                        lappend changed [dict get $src -path]
+                    }
+                }
+                return [dict create changed $changed unchanged $unchanged]
+            }
+
+            #assume only one for name - use first encountered
+            proc get_installer_record {name record_list} {
+                set posn 0
+                set found_posn -1
+                set record ""
+                #puts ">>>> checking [llength $record_list] punkcheck records"
+                foreach rec $record_list {
+                    if {[dict get $rec tag] eq "INSTALLER"} {
+                        if {[dict get $rec -name] eq $name} {
+                            set found_posn $posn
+                            set record $rec
+                            break
+                        }
+                    }
+                    incr posn
+                }
+                return [list position $found_posn record $record]
+            }
+
+            proc new_installer_record {name args} {
+                if {[llength $args] %2 !=0} {
+                    error "punkcheck new_installer_record args must be name-value pairs"
+                }
+                set ts [clock microseconds]
+                set seconds [expr {$ts / 1000000}]
+                set tsiso [clock format $seconds -format "%Y-%m-%dT%H:%M:%S"]
+
+                #put -tsiso first so it lines up with -tsiso in event records
+                set defaults [list\
+                    -tsiso $tsiso\
+                    -ts $ts\
+                    -name $name\
+                    -keep_events 5\
+                    ]
+                set opts [dict merge $defaults $args]
+
+                #set this_installer_record_list [punk::tdl::prettyparse [list INSTALLER name $opt_installer ts $ts tsiso $tsiso keep_events 5 {}]]
+                #set this_installer_record [lindex $this_installer_record_list 0]
+
+                set record [dict create tag INSTALLER {*}$opts body {}]
+
+
+                return $record
+            }
+            proc new_installer_event_record {type args} {
+                if {[llength $args] %2 !=0} {
+                    error "punkcheck new_installer_event_record args must be name-value pairs"
+                }
+                set ts [clock microseconds]
+                set seconds [expr {$ts / 1000000}]
+                set tsiso [clock format $seconds -format "%Y-%m-%dT%H:%M:%S"]
+                set defaults [list\
+                    -tsiso $tsiso\
+                    -ts $ts\
+                    -type $type\
+                    ]
+                set opts [dict merge $defaults $args]
+
+                set record [dict create tag EVENT {*}$opts]
+            }
+            #need to scan entire set if filerecords to check if event is still referenced
+            proc installer_record_pruneevents {installer_record record_list} {
+                set keep 5
+                if {[dict exists $installer_record -keep_events]} {
+                    set keep [dict get $installer_record -keep_events]
+                }
+
+                if {[dict exists $installer_record body]} {
+                    set body_items [dict get $installer_record body]
+                } else {
+                    set body_items [list]
+                }
+                set kept_body_items [list]
+                set kcount 0
+                foreach item [lreverse $body_items] {
+                    if {[dict get $item tag] eq "EVENT"} {
+                        incr kcount
+                        if {$keep < 0 || $kcount <= $keep} {
+                            lappend kept_body_items $item
+                        } else {
+                            set eventid ""
+                            if {[dict exists $item -id]} {
+                                set eventid [dict get $item -id]
+                            }
+                            if {$eventid ne "" && $eventid ne "unspecified"} {
+                                #keep if referenced, discard if not, or if eventid empty/unspecified
+                                set is_referenced 0
+                                foreach rec $record_list {
+                                    if {[dict get $rec tag] eq "FILEINFO"} {
+                                        if {[dict exists $rec body]} {
+                                            foreach install [dict get $rec body] {
+                                                if {[dict exists $install -eventid] && [dict get $install -eventid] eq $eventid} {
+                                                    set is_referenced 1
+                                                    break
+                                                }
+                                            }
+                                        }
+                                    }
+                                    if {$is_referenced} {
+                                        break
+                                    }
+                                }
+                                if {$is_referenced} {
+                                    lappend kept_body_items $item
+                                }
+                            }
+                        }
+                    } else {
+                        lappend kept_body_items $item
+                    }
+                }
+                set kept_body_items [lreverse $kept_body_items]
+                dict set installer_record body $kept_body_items
+                return $installer_record
+            }
+            proc installer_record_add_event {installer_record event} {
+                if {[dict get $installer_record tag] ne "INSTALLER"} {
+                    error "installer_record_add_event bad installer record: tag not INSTALLER"
+                }
+                if {[dict get $event tag] ne "EVENT"} {
+                    error "installer_record_add_event bad event record: tag not EVENT"
+                }
+                if {[dict exists $installer_record body]} {
+                    set body_items [dict get $installer_record body]
+                } else {
+                    set body_items [list]
+                }
+                lappend body_items $event
+                dict set installer_record body $body_items
+                return $installer_record
+            }
+            proc file_record_latest_installrecord {file_record} {
+                if {[dict get $file_record tag] ne "FILEINFO"} {
+                    error "file_record_latest_installrecord bad file_record: tag not FILEINFO"
+                }
+                if {![dict exists $file_record body]} {
+                    return [list]
+                }
+                set body_items [dict get $file_record body]
+                foreach item [lreverse $body_items] {
+                    if {[dict get $item tag] eq "INSTALL-RECORD"} {
+                        return $item
+                    }
+                }
+                return [list]
+            }
+
+
+            #dead code?
+            proc file_record_add_installrecordXXX {file_record install_record} {
+                if {[dict get $file_record tag] ne "FILEINFO"} {
+                    error "file_record_add_installrecord bad file_record: tag not FILEINFO"
+                }
+                #disallow '-INPROGRESS' as it's not a final tag
+                if {[dict get $install_record tag] ni [list "INSTALL-RECORD" "SKIPPED"]} {
+                    error "file_record_add_installrecord bad install_record: tag not INSTALL-RECORD"
+                }
+                set keep 3
+                if {[dict exists $file_record -keep_installrecords]} {
+                    set keep [dict get $file_record -keep_installrecords]
+                }
+
+                if {[dict exists $file_record body]} {
+                    set body_items [dict get $file_record body]
+                } else {
+                    set body_items [list]
+                }
+                lappend body_items $install_record
+                set kept_body_items [list]
+                set kcount 0
+                foreach item [lreverse $body_items] {
+                    if {[dict get $item tag] eq "INSTALL-RECORD"} {
+                        incr kcount
+                        if {$keep < 0 || $kcount <= $keep} {
+                            lappend kept_body_items $item
+                        }
+                    } else {
+                        lappend kept_body_items $item
+                    }
+                }
+                set kept_body_items [lreverse $kept_body_items]
+
+                dict set file_record body $kept_body_items
+                return $file_record
+
+
+            }
+
+
+            proc file_record_set_defaults {file_record} {
+                if {[dict get $file_record tag] ne "FILEINFO"} {
+                    error "file_record_set_defaults bad file_record: tag not FILEINFO"
+                }
+                set defaults [list -keep_installrecords 3 -keep_skipped 1 -keep_inprogress 2] 
+                dict for {k v} $defaults {
+                    if {![dict exists $file_record $k]} {
+                        dict set file_record $k $v
+                    }
+                }
+                return $file_record
+            }
+
+            #negative keep_ value will keep all
+            proc file_record_prune {file_record} {
+                if {[dict get $file_record tag] ne "FILEINFO"} {
+                    error "file_record_prune bad file_record: tag not FILEINFO"
+                }
+                set file_record [file_record_set_defaults $file_record]
+                set kmap [list -keep_installrecords *-RECORD -keep_skipped *-SKIPPED -keep_inprogress *-INPROGRESS]
+                foreach {key rtype} $kmap {
+                    set keep [dict get $file_record $key]
+                    if {[dict exists $file_record body]} {
+                        set body_items [dict get $file_record body]
+                    } else {
+                        set body_items [list]
+                    }
+                    set kept_body_items [list]
+                    set kcount 0
+                    foreach item [lreverse $body_items] {
+                        if {[string match $rtype [dict get $item tag]]} {
+                            incr kcount
+                            if {$keep < 0 || $kcount <= $keep} {
+                                lappend kept_body_items $item
+                            }
+                        } else {
+                            lappend kept_body_items $item
+                        }
+                    }
+                    set kept_body_items [lreverse $kept_body_items]
+                    dict set file_record body $kept_body_items
+                }
+                return $file_record
+            }
+
+            #extract new or existing filerecord for path given
+            #review - locking/concurrency
+            proc extract_or_create_fileset_record {relative_target_paths recordset} {
+                set fetch_record_result [punkcheck::recordlist::get_file_record $relative_target_paths $recordset]
+                set existing_posn [dict get $fetch_record_result position]
+                if {$existing_posn == -1} {
+                    #puts stdout "NO existing record for $relative_target_paths"
+                    set isnew 1
+                    set fileset_record [dict create tag FILEINFO -targets $relative_target_paths body {}]
+                } else {
+                    set recordset [lreplace $recordset[unset recordset] $existing_posn $existing_posn]
+                    set isnew 0
+                    set fileset_record [dict get $fetch_record_result record]
+                }
+                return [list record $fileset_record recordset $recordset isnew $isnew oldposition $existing_posn]
+            }
+
+        }
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# ++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++
+##  Ready   
+package provide punkcheck [namespace eval punkcheck {
+    variable version
+    set version 0.1.0 
+}]
+return
diff --git a/src/modules/punk/mix/templates/layouts/project/src/build.tcl b/src/modules/punk/mix/templates/layouts/project/src/build.tcl
index 2addab4b..ee541f5b 100644
--- a/src/modules/punk/mix/templates/layouts/project/src/build.tcl
+++ b/src/modules/punk/mix/templates/layouts/project/src/build.tcl
@@ -1,5 +1,6 @@
 #!/bin/sh
 # -*- tcl -*- \
-exec kettle -f "$0" "${1+$@}"
-kettle tcl
+# 'build.tcl' name as required by kettle
+# Can be run directly - but also using `pmix Kettle ...`  or `pmix KettleShell  ...`\
+exec ./kettle -f "$0" "${1+$@}"
 kettle doc
diff --git a/src/modules/punk/mix/templates/layouts/project/src/make.tcl b/src/modules/punk/mix/templates/layouts/project/src/make.tcl
index 1f0c0344..64b1794c 100644
--- a/src/modules/punk/mix/templates/layouts/project/src/make.tcl
+++ b/src/modules/punk/mix/templates/layouts/project/src/make.tcl
@@ -15,7 +15,7 @@ namespace eval ::punkmake {
     variable pkg_requirements [list]; variable pkg_missing [list];variable pkg_loaded [list]
     variable non_help_flags [list -k]
     variable help_flags     [list -help --help /?]
-    variable known_commands [list project get-project-info]
+    variable known_commands [list project get-project-info shell bootsupport]
 }
 if {"::try" ni [info commands ::try]} {
     puts stderr "Tcl interpreter possibly too old - 'try' command not found - aborting"
@@ -134,6 +134,7 @@ foreach pkg $::punkmake::pkg_requirements {
 
 
 
+
 proc punkmake_gethelp {args} {
     set scriptname [file tail [info script]]
     append h "Usage:" \n 
@@ -250,11 +251,22 @@ if {$::punkmake::command eq "get-project-info"} {
 }
 
 if {$::punkmake::command eq "shell"} {
-    #package require pu
+    package require punk
+    package require punk::repl
+    puts stderr "make shell not fully implemented - dropping into ordinary punk shell"
+    repl::start stdin
+
+    exit 1
+}
 
+if {$::punkmake::command eq "bootsupport"} {
+
+
+    exit 1
 }
 
 
+
 if {$::punkmake::command ne "project"} {
     puts stderr "Command $::punkmake::command not implemented - aborting."
     exit 1
@@ -269,7 +281,11 @@ file mkdir $target_modules_base
 
 #external libs and modules first - and any supporting files - no 'building' required
 if {[file exists $sourcefolder/vendorlib]} {
-    #unpublish README.md from source folder - but on the root one
+    #unpublish README.md from source folder - but only the root one
+    #-unpublish_paths takes relative patterns e.g
+    # */test.txt  will only match test.txt exactly one level deep.
+    # */*/*.foo will match any path ending in .foo that is exactly 2 levels deep.
+    # **/test.txt will match at any level below the root (but not in the root)
     set unpublish [list\
         README.md\
     ]
@@ -278,7 +294,8 @@ if {[file exists $sourcefolder/vendorlib]} {
     set copied [dict get $resultdict files_copied]
     set sources_unchanged [dict get $resultdict sources_unchanged]
     puts stdout "--------------------------"
-    puts stderr "Copied [llength $copied] vendor libs from src/vendorlib to $projectroot/lib"
+    flush stdout
+    puts stderr "Copied [llength $copied] vendor lib files from src/vendorlib to $projectroot/lib"
     foreach f $copied {
         puts stdout "COPIED $f"
     }
@@ -295,7 +312,8 @@ if {[file exists $sourcefolder/vendormodules]} {
     set copied [dict get $resultdict files_copied]
     set sources_unchanged [dict get $resultdict sources_unchanged]
     puts stdout "--------------------------"
-    puts stderr "Copied [llength $copied] vendor modules from src/vendormodules to $target_modules_base"
+    flush stdout
+    puts stderr "Copied [llength $copied] vendor module files from src/vendormodules to $target_modules_base"
     foreach f $copied {
         puts stdout "COPIED $f"
     }
@@ -305,6 +323,71 @@ if {[file exists $sourcefolder/vendormodules]} {
     puts stderr "NOTE: No src/vendormodules folder found."
 }
 
+########################################################
+#templates
+#e.g The default project layout is mainly folder structure and readme files - but has some scripts developed under the main src that we want to sync
+#src to  src/modules/punk/mix/templates/layouts/project/src
+
+set layout_update_list    [list\
+    [list project $sourcefolder/modules/punk/mix/templates]\
+    [list basic $sourcefolder/mixtemplates]\
+    ]  
+
+foreach layoutinfo $layout_update_list {
+    lassign $layoutinfo layout templatebase
+    if {![file exists $templatebase]} {
+        continue
+    }
+    set config [dict create\
+        -make-step sync_templates\
+    ]
+    #----------
+    set tpl_installer [punkcheck::installtrack new make.tcl $templatebase/.punkcheck]
+    $tpl_installer set_source_target $sourcefolder $templatebase
+    set tpl_event [$tpl_installer start_event $config]
+    #----------
+    set pairs [list]
+    set pairs [list\
+        [list $sourcefolder/build.tcl  $templatebase/layouts/$layout/src/build.tcl]\
+        [list $sourcefolder/make.tcl  $templatebase/layouts/$layout/src/make.tcl]\
+    ]
+
+    foreach filepair $pairs {
+        lassign $filepair srcfile tgtfile
+        #----------
+        $tpl_event targetset_init INSTALL   $tgtfile
+        $tpl_event targetset_addsource      $srcfile
+        #----------
+        if {\
+               [llength [dict get [$tpl_event targetset_source_changes] changed]]\
+            || [llength [$tpl_event get_targets_exist]] < [llength [$tpl_event get_targets]]\
+            } {
+            $tpl_event targetset_started
+            # -- --- --- --- --- ---
+            puts stdout "punk module templates: Copying from $srcfile to $tgtfile"
+            if {[catch {
+                file copy -force $srcfile $tgtfile
+            } errM]} {
+                $tpl_event targetset_end FAILED -note "copy failed with err: $errM"
+            } else {
+                $tpl_event targetset_end OK -note "test"
+            }
+            # -- --- --- --- --- ---
+        } else {
+            puts stderr "."
+            $tpl_event targetset_end SKIPPED
+        }
+    }
+
+    $tpl_event end
+    $tpl_event destroy
+    $tpl_installer destroy
+}
+########################################################
+
+
+
+
 #default source module folder is at projectroot/src/modules
 #There may be multiple other src module folders at same level (e.g folder not being other special-purpose folder and not matching name vendor* that contains at least one .tm file in its root) 
 set source_module_folderlist [punk::mix::cli::lib::find_source_module_paths $projectroot]
@@ -324,19 +407,15 @@ foreach src_module_dir $source_module_folderlist {
     set copied                  [dict get $resultdict files_copied]
     set sources_unchanged       [dict get $resultdict sources_unchanged]
     puts stdout "--------------------------"
+    flush stdout
     puts stderr "Copied [llength $copied] non-tm source files from $src_module_dir to $target_modules_base"
     puts stderr "[llength $sources_unchanged] unchanged source files"
+    flush stderr
     puts stdout "--------------------------"
 }
 
 # ----------------------------------------
 
-set vfs_folders [glob -nocomplain -dir $sourcefolder -types d -tail *.vfs]
-if {![llength $vfs_folders]} {
-    puts stdout "No .vfs folders found at '$sourcefolder' - no kits to build"
-    puts stdout " -done- "
-    exit 0
-}
 
 set buildfolder [punk::mix::cli::lib::get_build_workdir $sourcefolder]
 if {$buildfolder ne "$sourcefolder/_build"} {
@@ -346,7 +425,7 @@ if {$buildfolder ne "$sourcefolder/_build"} {
 }
 
 
-#find runtime - only supports one for now.. REVIEW
+#find runtimes
 set rtfolder $sourcefolder/runtime
 set runtimes [glob -nocomplain -dir $rtfolder -types {f x} -tail *]
 if {![llength $runtimes]} {
@@ -360,51 +439,133 @@ if {[catch {exec sdx help} errM]} {
     exit 1
 }
 
-
-if {[llength $runtimes] > 1} {
-    puts stderr "Found multiple runtimes in $rtfolder ($runtimes)  - unable to proceed - currently limited to one."
-    exit 3
+# -- --- --- --- --- --- --- --- --- ---
+#load mapvfs.config file (if any) in runtime folder to map runtimes to vfs folders.
+#build a dict keyed on runtime executable name. 
+#If no mapfile (or no mapfile entry for that runtime) - the runtime will be paired with a matching .vfs folder in src folder.  e.g punk.exe to src/punk.vfs
+#If vfs folders or runtime executables which are explicitly listed in the mapfile don't exist - warn on stderr - but continue. if such nonexistants found; prompt user for whether to continue or abort.
+set mapfile $rtfolder/mapvfs.config
+set runtime_vfs_map [dict create]
+set vfs_runtime_map [dict create]
+if {[file exists $mapfile]} {
+    set fdmap [open $mapfile r]
+    fconfigure $fdmap -translation binary
+    set mapdata [read $fdmap]
+    close $fdmap
+    set mapdata [string map [list \r\n \n] $mapdata]
+    set missing [list]
+    foreach ln [split $mapdata \n] {
+        set ln [string trim $ln]
+        if {$ln eq "" || [string match #* $ln]} {
+            continue
+        }
+        set vfspaths [lassign $ln runtime]
+        if {[string match *.exe $runtime]} {
+            #.exe is superfluous but allowed
+            #drop windows .exe suffix so same config can work cross platform - extension will be re-added if necessary later
+            set runtime [string range $runtime 0 end-4]
+        }
+        set runtime_test $runtime
+        if {"windows" eq $::tcl_platform(platform)} {
+            set runtime_test $runtime.exe
+        }
+        if {![file exists [file join $rtfolder $runtime_test]]} {
+            puts stderr "WARNING: Missing runtime file $rtfolder/$runtime_test (line in mapvfs.config: $ln)"
+            lappend missing $runtime
+        }
+        foreach vfs $vfspaths {
+            if {![file isdirectory [file join $sourcefolder $vfs]]} {
+                puts stderr "WARNNING: Missing vfs folder [file join $sourcefolder $vfs] specified in mapvfs.config for runtime $runtime"
+                lappend missing $vfs
+            } 
+            dict lappend vfs_runtime_map $vfs $runtime
+        }
+        if {[dict exists $runtime_vfs_map $runtime]} {
+            puts stderr "CONFIG FILE ERROR. runtime: $runtime was specified more than once in $mapfile."
+            exit 3
+        }
+        dict set runtime_vfs_map $runtime $vfspaths
+    }
+    if {[llength $missing]} {
+        puts stderr "WARNING [llength $missing] missing items from $mapfile. (TODO - prompt user to continue/abort)"
+        foreach m $missing {
+            puts stderr "    $m"
+        }
+        puts stderr "continuing..."
+    }
 }
+# -- --- --- --- --- --- --- --- --- ---
 
+set vfs_folders [glob -nocomplain -dir $sourcefolder -types d -tail *.vfs]
+#add any extra .vfs folders found in runtime/mapvfs.config file (e.g myotherruntimes/something.vfs)
+foreach vfs [dict keys $vfs_runtime_map] {
+    if {$vfs ni $vfs_folders} {
+        lappend vfs_folders $vfs
+    }
+}
+if {![llength $vfs_folders]} {
+    puts stdout "No .vfs folders found at '$sourcefolder' - no kits to build"
+    puts stdout " -done- "
+    exit 0
+}
 
+set vfs_folder_changes [dict create] ;#cache whether each .vfs folder has changes so we don't re-run tests if building from same .vfs with multiple runtime executables
 
 set installername "make.tcl"
 # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
-set runtimefile [lindex $runtimes 0]
-#sdx *may* be pointed to use the runtime we use to build the kit, or the user may manually use this runtime if they don't have tclsh
-#sdx will complain if the same runtime is used for the shell as is used in the -runtime argument - so we make a copy (REVIEW)
-#if {![file exists $buildfolder/buildruntime.exe]} {
-#    file copy $rtfolder/$runtimefile $buildfolder/buildruntime.exe
-#}
-
-set basedir $buildfolder
-set config [dict create\
-    -make-step copy_runtime\
-]
-lassign [punkcheck::start_installer_event $basedir/.punkcheck $installername $rtfolder $buildfolder $config] _eventid punkcheck_eventid _recordset record_list
-
-
-set target_relpath [punkcheck::lib::path_relative $basedir $buildfolder/buildruntime.exe]
-set file_record [punkcheck::installfile_begin $basedir $target_relpath $installername -eventid $punkcheck_eventid]
-# -- --- --- --- --- ---
-set source_relpath [punkcheck::lib::path_relative $basedir $rtfolder/$runtimefile]
-set file_record [punkcheck::installfile_add_source_and_fetch_metadata $basedir $source_relpath $file_record]
-# -- --- --- --- --- ---
-set changed_unchanged [punkcheck::recordlist::file_install_record_source_changes [lindex [dict get $file_record body] end]]
-if {[llength [dict get $changed_unchanged changed]]} {
-    set file_record [punkcheck::installfile_started_install $basedir $file_record]
-    # -- --- --- --- --- ---
-    puts stdout "Copying runtime from $rtfolder/$runtimefile to $buildfolder/buildruntime.exe"
-    file copy -force $rtfolder/$runtimefile $buildfolder/buildruntime.exe
-    # -- --- --- --- --- ---
-    set file_record [punkcheck::installfile_finished_install $basedir $file_record]
-} else {
-    puts stderr "."
-    set file_record [punkcheck::installfile_skipped_install $basedir $file_record]
+#set runtimefile [lindex $runtimes 0]
+foreach  runtimefile $runtimes {
+    #runtimefile e.g tclkit86bi.exe on windows tclkit86bi on other platforms
+
+    #sdx *may* be pointed to use the runtime we use to build the kit, or the user may manually use this runtime if they don't have tclsh
+    #sdx will complain if the same runtime is used for the shell as is used in the -runtime argument - so we make a copy (REVIEW)
+    #if {![file exists $buildfolder/buildruntime.exe]} {
+    #    file copy $rtfolder/$runtimefile $buildfolder/buildruntime.exe
+    #}
+
+    set basedir $buildfolder
+    set config [dict create\
+        -make-step copy_runtime\
+    ]
+    #----------
+    set installer [punkcheck::installtrack new $installername $basedir/.punkcheck]
+    $installer set_source_target $rtfolder $buildfolder
+    set event [$installer start_event $config]
+    $event targetset_init INSTALL $buildfolder/build_$runtimefile
+    $event targetset_addsource $rtfolder/$runtimefile
+    #----------
+
+    #set changed_unchanged [punkcheck::recordlist::file_install_record_source_changes [lindex [dict get $file_record body] end]]
+    if {\
+            [llength [dict get [$event targetset_source_changes] changed]]\
+         || [llength [$event get_targets_exist]] < [llength [$event get_targets]]\
+        } {
+        $event targetset_started
+        # -- --- --- --- --- ---
+        puts stdout "Copying runtime from $rtfolder/$runtimefile to $buildfolder/build_$runtimefile"
+        if {[catch {
+            file copy -force $rtfolder/$runtimefile $buildfolder/build_$runtimefile
+        } errM]} {
+            $event targetset_end FAILED
+        } else {
+            $event targetset_end OK
+        }
+        # -- --- --- --- --- ---
+    } else {
+        puts stderr "."
+        $event targetset_end SKIPPED
+    }
+    $event end
+
 }
-# -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
 
+# -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
 
+#
+# loop over vfs_folders and for each one, loop over configured (or matching)  runtimes - build with sdx if source .vfs or source runtime exe has changed.
+# we are using punkcheck to install result to buildfolder so we create a .punkcheck file at the target folder to store metadata.
+# punkcheck allows us to not rely purely on timestamps (which may be unreliable)  
+#
 set startdir [pwd]
 puts stdout "Found [llength $vfs_folders] .vfs folders - building executable for each..."
 cd [file dirname $buildfolder] 
@@ -412,8 +573,9 @@ cd [file dirname $buildfolder]
 #a hash of full tree file & dir mtime may be more reasonable - but it remains to be seen if just tar & checksum is any/much slower.
 #Simply rebuilding all the time may be close the speed of detecting change anyway - and almost certainly much faster when there is a change.
 #Using first mtime encountered that is later than target is another option - but likely to be highly variable in speed. Last file in the tree could happen to be the latest, and this mechanism doesn't handle build on reversion to older source.
+set exe_names_seen [list]
 foreach vfs $vfs_folders {
-
+    
     set vfsname [file rootname $vfs]
     puts stdout "  Processing vfs $sourcefolder/$vfs"
     puts stdout "  ------------------------------------"
@@ -423,157 +585,213 @@ foreach vfs $vfs_folders {
     set config [dict create\
         -make-step build_vfs\
     ]
-    lassign [punkcheck::start_installer_event $basedir/.punkcheck $installername $sourcefolder $buildfolder $config] _eventid punkcheck_eventid _recordset record_list
-
-
-    set target_relpath [punkcheck::lib::path_relative $basedir $buildfolder/$vfsname.exe]
-    set file_record [punkcheck::installfile_begin $basedir $target_relpath $installername -eventid $punkcheck_eventid]
-    # -- --- --- --- --- ---
-    set source_relpath [punkcheck::lib::path_relative $basedir $sourcefolder/$vfs]
-    set file_record [punkcheck::installfile_add_source_and_fetch_metadata $basedir $source_relpath $file_record]
-    # -- --- --- --- --- ---
-    set changed_unchanged [punkcheck::recordlist::file_install_record_source_changes [lindex [dict get $file_record body] end]]
-    if {[llength [dict get $changed_unchanged changed]]} {
-        set file_record [punkcheck::installfile_started_install $basedir $file_record]
-        # -- --- --- --- --- ---
 
-        if {[file exists $buildfolder/$vfsname]} {
-            puts stderr "deleting existing $buildfolder/$vfsname"
-            file delete $sourcefolder/_build/$vfsname
+    set runtimes  [list]
+    if {[dict exists $vfs_runtime_map $vfs]} {
+        set runtimes [dict get $vfs_runtime_map $vfs] ;#map dict is unsuffixed (.exe stripped or was not present)
+        if {"windows" eq $::tcl_platform(platform)} {
+            set runtimes_raw $runtimes
+            set runtimes [list]
+            foreach rt $runtimes_raw {
+                if {![string match *.exe $rt]} {
+                    set rt $rt.exe
+                }
+                lappend runtimes $rt
+            }
         }
+    } else {
+        #only match this vfs to a correspondingly named runtime if there was no explicit entry for that runtime
+        set matchrt [file rootname [file tail $vfs]] ;#e.g project.vfs -> project
+        if {![dict exists $runtime_vfs_map $matchrt]} {
+            if {"windows" eq $::tcl_platform(platform)} {
+                if {[file exists $rtfolder/$matchrt.exe]} {
+                    lappend runtimes $matchrt.exe
+                }
+            } else {
+                lappend runtimes $matchrt
+            }
+        }   
+    }
+    #assert $runtimes is a list of executable names suffixed with .exe if on windows - whether or not specified with .exe in the mapvfs.config
 
-        puts stdout "building $vfsname with sdx.. vfsdir:$vfs cwd: [pwd]"
 
+    foreach rtname $runtimes {
 
-        if {[catch {
-            exec sdx wrap $buildfolder/$vfsname -vfs $sourcefolder/$vfs -runtime $buildfolder/buildruntime.exe -verbose
-            } result]} {
-            puts stderr "sdx wrap _build/$vfsname -vfs $sourcefolder/$vfs -runtime $buildfolder/buildruntime.exe -verbose failed with msg: $result"
+        #first configured runtime will be the one to use the same name as .vfs folder for output executable. Additional runtimes on this .vfs will need to suffix the runtime name to disambiguate.
+        #review: This mechanism may not be great for multiplatform builds ? We may be better off consistently combining vfsname and rtname and letting a later platform-specific step choose ones to install in bin with simpler names.
+        if {$::tcl_platform(platform) eq "windows"} {
+            set targetexe ${vfsname}.exe
         } else {
-            puts stdout "ok - finished sdx"
-            set separator [string repeat = 40]
-            puts stdout $separator
-            puts stdout $result
-            puts stdout $separator
+            set targetexe $vfsname
         }
-
-        if {![file exists $buildfolder/$vfsname]} {
-            puts stderr "|err> build didn't seem to produce output at $sourcefolder/_build/$vfsname"
-            exit 2
+        if {$targetexe in $exe_names_seen} {
+            #more than one runtime for this .vfs 
+            set targetexe ${vfsname}_$rtname
         }
+        lappend exe_names_seen $targetexe
+        # -- ----------
+        set vfs_installer [punkcheck::installtrack new $installername $basedir/.punkcheck]
+        $vfs_installer set_source_target $sourcefolder $buildfolder
+        set vfs_event [$vfs_installer start_event {-make-step build_vfs}]
+        $vfs_event targetset_init INSTALL $buildfolder/$targetexe
+        $vfs_event targetset_addsource $sourcefolder/$vfs
+        $vfs_event targetset_addsource $buildfolder/build_$rtname
+        # -- ----------
+
+        set changed_unchanged [$vfs_event targetset_source_changes]
+
+        if {[llength [dict get $changed_unchanged changed]] ||  [llength [$vfs_event get_targets_exist]] < [llength [$vfs_event get_targets]]} {
+            #source .vfs folder has changes
+            $vfs_event targetset_started
+            # -- --- --- --- --- ---
+
+            #use 
+            if {[file exists $buildfolder/$vfsname.new]} {
+                puts stderr "deleting existing $buildfolder/$vfsname.new"
+                file delete $buildfolder/$vfsname.new
+            }
 
+            puts stdout "building $vfsname with sdx.. vfsdir:$vfs cwd: [pwd]"
 
 
+            if {[catch {
+                exec sdx wrap $buildfolder/$vfsname.new -vfs $sourcefolder/$vfs -runtime $buildfolder/build_$rtname -verbose
+                } result]} {
+                puts stderr "sdx wrap $buildfolder/$vfsname.new -vfs $sourcefolder/$vfs -runtime $buildfolder/build_$rtname -verbose failed with msg: $result"
+            } else {
+                puts stdout "ok - finished sdx"
+                set separator [string repeat = 40]
+                puts stdout $separator
+                puts stdout $result
+                puts stdout $separator
+            }
 
-        # -- --- --- --- --- ---
-        set file_record [punkcheck::installfile_finished_install $basedir $file_record]
-    } else {
-        set skipped_vfs_build 1
-        puts stderr "."
-        puts stdout "Skipping build for vfs $vfs - no change detected"
-        set file_record [punkcheck::installfile_skipped_install $basedir $file_record]
-    }
-    # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
-
-
-    if {!$skipped_vfs_build} {
-    
-        if {$::tcl_platform(platform) eq "windows"} {
-            set pscmd "tasklist"
-        } else {
-            set pscmd "ps"
-        }
+            if {![file exists $buildfolder/$vfsname.new]} {
+                puts stderr "|err> make.tcl build didn't seem to produce output at $sourcefolder/_build/$vfsname.new"
+                $vfs_event targetset_end FAILED
+                exit 2
+            }
 
-        if {![catch {
-                exec $pscmd | grep $vfsname
-            } still_running]} {
-            puts stdout "found $vfsname instances still running\n"
-            set count_killed 0
-            foreach ln [split $still_running \n] {
-                puts stdout "    $ln"
-                
-                if {$::tcl_platform(platform) eq "windows"} {
-                    set pid [lindex $ln 1]
-                    if {$forcekill} {
-                        set killcmd [list taskkill /F /PID $pid]
+            # -- --- ---
+            if {$::tcl_platform(platform) eq "windows"} {
+                set pscmd "tasklist"
+            } else {
+                set pscmd "ps"
+            }
+            
+            if {![catch {
+                    exec $pscmd | grep $vfsname
+                } still_running]} {
+
+                puts stdout "found $vfsname instances still running\n"
+                set count_killed 0
+                foreach ln [split $still_running \n] {
+                    puts stdout "    $ln"
+                    
+                    if {$::tcl_platform(platform) eq "windows"} {
+                        set pid [lindex $ln 1]
+                        if {$forcekill} {
+                            set killcmd [list taskkill /F /PID $pid]
+                        } else {
+                            set killcmd [list taskkill /PID $pid]
+                        }
                     } else {
-                        set killcmd [list taskkill /PID $pid]
+                        set pid [lindex $ln 0]
+                        #review!
+                        if {$forcekill} {
+                            set killcmd [list kill -9 $pid]
+                        } else {
+                            set killcmd [list kill $pid]
+                        }
                     }
-                } else {
-                    set pid [lindex $ln 0]
-                    #review!
-                    if {$forcekill} {
-                        set killcmd [list kill -9 $pid]
+                    puts stdout "    pid: $pid (attempting to kill now using '$killcmd')"
+                    if {[catch {
+                            exec {*}$killcmd
+                            } errMsg]} {
+                        puts stderr "$killcmd returned an error:"
+                        puts stderr $errMsg
+                        puts stderr "(try '[info script] -k' option to force kill)"
+                        exit 4
                     } else {
-                        set killcmd [list kill $pid]
+                        puts stderr "$killcmd ran without error"
+                        incr count_killed
                     }
                 }
-                
-                puts stdout "    pid: $pid (attempting to kill now using '$killcmd')"
-                
+                if {$count_killed > 0} {
+                    puts stderr "\nKilled $count_killed processes. Waiting a short time before attempting to delete executable"
+                    after 1000
+                }
+            } else {
+                puts stderr "Ok.. no running '$vfsname' processes found"
+            }
+
+            if {[file exists $buildfolder/$targetexe]} {
+                puts stderr "deleting existing $buildfolder/$targetexe"
                 if {[catch {
-                        exec {*}$killcmd
-                        } errMsg]} {
-                    puts stderr "$killcmd returned an error:"
-                    puts stderr $errMsg
-                    puts stderr "(try '[info script] -k' option to force kill)"
+                    file delete $buildfolder/$targetexe
+                } msg]} {
+                    puts stderr "Failed to delete $buildfolder/$targetexe"
                     exit 4
-                } else {
-                    puts stderr "$killcmd ran without error"
-                    incr count_killed
                 }
             }
-            if {$count_killed > 0} {
-                puts stderr "\nKilled $count_killed processes. Waiting a short time before attempting to delete executable"
-                after 1000
+            #WINDOWS filesystem 'tunneling' (file replacement within 15secs) could cause targetexe to copy ctime & shortname metadata from previous file!
+            #This is probably harmless - but worth being aware of.
+            file rename $buildfolder/$vfsname.new $buildfolder/$targetexe
+            # -- --- --- --- --- ---
+            $vfs_event targetset_end OK
+
+
+            after 200
+            set deployment_folder [file dirname $sourcefolder]/bin
+            file mkdir $deployment_folder
+
+            # -- ----------
+            set bin_installer [punkcheck::installtrack new "make.tcl" $deployment_folder/.punkcheck]
+            $bin_installer set_source_target $buildfolder $deployment_folder
+            set bin_event [$bin_installer start_event {-make-step final_exe_install}]
+            $bin_event targetset_init INSTALL $deployment_folder/$targetexe
+            $bin_event targetset_addsource $buildfolder/$targetexe
+            $bin_event targetset_started
+            # -- ----------
+
+
+            set delete_failed 0
+            if {[file exists $deployment_folder/$targetexe]} {
+                puts stderr "deleting existing deployed at $deployment_folder/$targetexe"
+                if {[catch {
+                    file delete $deployment_folder/$targetexe
+                    } errMsg]} {
+                    puts stderr "deletion of deployed version at $deployment_folder/$targetexe failed: $errMsg"
+                    #exit 5
+                    set delete_failed 1
+                }
             }
-        } else {
-            puts stderr "Ok.. no running '$vfsname' processes found"
-        }
-
-        if {$::tcl_platform(platform) eq "windows"} {
-            set targetexe ${vfsname}.exe
-        } else {
-            set targetexe $vfsname
-        }
-
-        if {[file exists $buildfolder/$targetexe]} {
-            puts stderr "deleting existing $buildfolder/$targetexe"
-            if {[catch {
-                file delete $sourcefolder/_build/$targetexe
-            } msg]} {
-                puts stderr "Failed to delete $buildfolder/$targetexe"
-                exit 4
+            if {!$delete_failed} {
+                puts stdout "copying.."
+                puts stdout "$buildfolder/$targetexe"
+                puts stdout "to:"
+                puts stdout "$deployment_folder/$targetexe"
+                after 300
+                file copy $buildfolder/$targetexe $deployment_folder/$targetexe
+                # -- ----------
+                $bin_event targetset_end OK
+                # -- ----------
+            } else {
+                $bin_event targetset_end FAILED -note "could not delete  
             }
-        }
-
-        if {$::tcl_platform(platform) eq "windows"} {
-            file rename $buildfolder/$vfsname $sourcefolder/_build/${vfsname}.exe 
-        }
+            $bin_event destroy
+            $bin_installer destroy
 
-        after 200
-        set deployment_folder [file dirname $sourcefolder]/bin
-        file mkdir $deployment_folder
-
-        if {[file exists $deployment_folder/$targetexe]} {
-            puts stderr "deleting existing deployed at $deployment_folder/$targetexe"
-            if {[catch {
-                file delete $deployment_folder/$targetexe
-                } errMsg]} {
-                puts stderr "deletion of deployed version at $deployment_folder/$targetexe failed: $errMsg"
-                exit 5
-            }
+        } else {
+            set skipped_vfs_build 1
+            puts stderr "."
+            puts stdout "Skipping build for vfs $vfs - no change detected"
+            $vfs_event targetset_end SKIPPED
         }
-
-
-
-        puts stdout "copying.."
-        puts stdout "$buildfolder/$targetexe"
-        puts stdout "to:"
-        puts stdout "$deployment_folder/$targetexe"
-        after 500
-        file copy $buildfolder/$targetexe $deployment_folder/$targetexe
-    }
+        $vfs_event destroy
+        $vfs_installer destroy
+    } ;#end foreach rtname in runtimes
+    # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
 }
 cd $startdir
 
diff --git a/src/modules/punk/mix/templates/layouts/project/src/mixtemplates/layouts/basic/.gitignore b/src/modules/punk/mix/templates/layouts/project/src/mixtemplates/layouts/basic/.gitignore
new file mode 100644
index 00000000..4d6b6912
--- /dev/null
+++ b/src/modules/punk/mix/templates/layouts/project/src/mixtemplates/layouts/basic/.gitignore
@@ -0,0 +1,47 @@
+
+/bin/
+/lib/
+#The directory for compiled/built Tcl modules
+/modules/
+/vendorbuilds/
+
+#Temporary files e.g from tests
+/tmp/
+
+/logs/
+**/_aside/
+**/_build/
+scratch*
+
+#Built documentation
+/html/
+/man/
+/md/
+/doc/
+
+/test*
+
+
+#Built tclkits (if any)
+punk*.exe
+tcl*.exe
+
+#ignore fossil database files (but keep .fossil-settings and .fossil-custom in repository even if fossil not being used at your site)
+_FOSSIL_
+.fos
+.fslckout
+*.fossil
+
+#miscellaneous editor files etc 
+*.swp
+
+
+todo.txt
+
+zig-cache/
+zig-out/
+/release/
+/debug/
+/build/
+/build-*/
+/docgen_tmp/
diff --git a/src/modules/punk/mix/templates/layouts/project/src/mixtemplates/layouts/basic/README.md b/src/modules/punk/mix/templates/layouts/project/src/mixtemplates/layouts/basic/README.md
new file mode 100644
index 00000000..841c3dd3
--- /dev/null
+++ b/src/modules/punk/mix/templates/layouts/project/src/mixtemplates/layouts/basic/README.md
@@ -0,0 +1,13 @@
+%project%
+==============================
+
++ 
++ 
+
+
+About
+------------------------------
+
++
++
++
diff --git a/src/modules/punk/mix/templates/layouts/project/src/mixtemplates/layouts/basic/src/modules/README.md b/src/modules/punk/mix/templates/layouts/project/src/mixtemplates/layouts/basic/src/modules/README.md
new file mode 100644
index 00000000..1c037091
--- /dev/null
+++ b/src/modules/punk/mix/templates/layouts/project/src/mixtemplates/layouts/basic/src/modules/README.md
@@ -0,0 +1,11 @@
+Tcl Module Source files for the project.
+Consider using the punkshell pmix facility to create and manage these.
+
+pmix::newmodule <name> will create a basic .tm module template and assist in versioning.
+
+Tcl modules can be namespaced.
+For example 
+> pmix::newmodule mymodule::utils
+will create the new module under src/modules/mymodule/utils 
+
+
diff --git a/src/modules/punk/mix/templates/module/template_module-0.0.1.tm b/src/modules/punk/mix/templates/layouts/project/src/mixtemplates/modules/template_module-0.0.1.tm
similarity index 91%
rename from src/modules/punk/mix/templates/module/template_module-0.0.1.tm
rename to src/modules/punk/mix/templates/layouts/project/src/mixtemplates/modules/template_module-0.0.1.tm
index 970f222c..65547b40 100644
--- a/src/modules/punk/mix/templates/module/template_module-0.0.1.tm
+++ b/src/modules/punk/mix/templates/layouts/project/src/mixtemplates/modules/template_module-0.0.1.tm
@@ -45,6 +45,7 @@ namespace eval %pkg% {
 # ++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++
 ##  Ready   
 package provide %pkg% [namespace eval %pkg% {
+    variable pkg %pkg%
     variable version
     set version 999999.0a1.0 
 }]
diff --git a/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sample/pkgIndex.tcl b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sample/pkgIndex.tcl
new file mode 100644
index 00000000..62ef2c5e
--- /dev/null
+++ b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sample/pkgIndex.tcl
@@ -0,0 +1 @@
+package ifneeded app-sample 0.1 [list source [file join $dir sample.tcl]]
diff --git a/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sample/sample.tcl b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sample/sample.tcl
new file mode 100644
index 00000000..45be7e4c
--- /dev/null
+++ b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sample/sample.tcl
@@ -0,0 +1,8 @@
+namespace eval sample {
+    proc main {} {
+        puts stdout "[namespace current] argc $::argc  argv $::argv"
+        puts stdout "[namespace current] done"
+    }
+    main
+}
+package provide app-sample 0.1
diff --git a/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sampleshell/pkgIndex.tcl b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sampleshell/pkgIndex.tcl
new file mode 100644
index 00000000..0bb9fda6
--- /dev/null
+++ b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sampleshell/pkgIndex.tcl
@@ -0,0 +1,2 @@
+package ifneeded app-sampleshell 0.1 [list source [file join $dir repl.tcl]]
+
diff --git a/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sampleshell/repl.tcl b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sampleshell/repl.tcl
new file mode 100644
index 00000000..ea63b453
--- /dev/null
+++ b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/lib/app-sampleshell/repl.tcl
@@ -0,0 +1,111 @@
+package provide app-punk 1.0
+
+
+#punk linerepl launcher
+
+
+
+#------------------------------------------------------------------------------
+#Module loading
+#------------------------------------------------------------------------------
+#If the current directory contains .tm files when the punk repl starts - then it will attempt to preference them
+# - but first add our other known relative modules paths - as it won't make sense to use current directory as a modulpath if it's an ancestor of one of these..
+
+set original_tm_list [tcl::tm::list]
+tcl::tm::remove {*}$original_tm_list
+
+#tm list first added end up later in the list - and then override earlier ones if version the same - so add pwd-relative 1st to give higher priority
+#1
+if {[file exists [pwd]/modules]} {
+    catch {tcl::tm::add [pwd]/modules}
+}
+
+#2)
+if {[string match "*.vfs/*" [info script]]} {
+    #src/xxx.vfs/lib/app-punk/repl.tcl
+    #we assume if calling directly into .vfs that the user would prefer to use src/modules - so go up 4 levels
+    set modulefolder [file dirname [file dirname [file dirname [file dirname [info script]]]]]/modules
+
+} else {
+    #  .../bin/punkXX.exe  look for ../modules  (i.e modules folder at same level as bin folder)
+    set modulefolder [file dirname [file dirname [info nameofexecutable]]]/modules
+}
+
+if {[file exists $modulefolder]} {
+    tcl::tm::add $modulefolder
+} else {
+    puts stderr "Warning unable to find module folder at: $modulefolder"
+}
+
+#libs are appended to end - so add higher prioriy libraries last (opposite to modules)
+#auto_path - add exe-relative after exe-relative path
+set libfolder [file dirname [file dirname [info nameofexecutable]]]/lib
+if {[file exists $libfolder]} {
+    lappend ::auto_path $libfolder
+}
+if {[file exists [pwd]/lib]} {
+    lappend ::auto_path [pwd]/lib
+}
+
+
+#2)
+#now add current dir (if no conflict with above)
+set currentdir_modules [glob -nocomplain -dir [pwd] -type f -tail *.tm]
+set tcl_core_packages [list tcl::zlib zlib tcl::oo TclOO tcl::tommath tcl::zipfs Tcl Tk]
+if {[llength $currentdir_modules]} {
+    #only forget all *unloaded* package names if we are started in a .tm containing folder
+    foreach pkg [package names] {
+        if {$pkg in $tcl_core_packages} {
+            continue
+        }
+        if {![llength [package versions $pkg]]} {
+            #puts stderr "Got no versions for pkg $pkg"
+            continue
+        }
+        if {![string length [package provide $pkg]]} {
+            package forget $pkg
+        }
+    }
+    catch {tcl::tm::add [pwd]}
+}
+
+
+#puts stdout "$::auto_path"
+package require Thread
+#These are strong dependencies 
+# - the repl requires Threading and punk,shellfilter,shellrun to call and display properly.
+# tm list already indexed - need 'package forget' to find modules based on current tcl::tm::list
+set required [list\
+    shellfilter
+    shellrun\
+    punk\
+    ]
+
+catch {
+    foreach pkg $required {
+        package forget $pkg
+        package require $pkg
+    }
+}
+
+
+#restore module paths 
+set tm_list_now [tcl::tm::list]
+foreach p $original_tm_list {
+    if {$p ni $tm_list_now} {
+        #the prior tm paths go to the head of the list.
+        #They are processed first.. but an item of same version later in the list will override one at the head.
+        tcl::tm::add $p
+    }
+}
+#------------------------------------------------------------------------------
+
+foreach pkg $required {
+    package require $pkg
+}
+
+package require punk::repl
+repl::start stdin
+
+
+
diff --git a/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/main.tcl b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/main.tcl
new file mode 100644
index 00000000..04b77e5f
--- /dev/null
+++ b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/main.tcl
@@ -0,0 +1,23 @@
+
+if {[catch {package require starkit}]} {
+    #presumably running the xxx.vfs/main.tcl script using a non-starkit tclsh that doesn't have starkit lib available.. lets see if we can move forward anyway
+    lappend ::auto_path [file join [file dirname [info script]] lib]
+} else {
+    starkit::startup
+}
+
+#when run as a tclkit - the exe is mounted as a dir and Tcl's auto_execok doesn't find it
+set thisexe [file tail [info nameofexecutable]]
+set thisexeroot [file rootname $thisexe]
+set ::auto_execs($thisexeroot) [info nameofexecutable]
+if {$thisexe ne $thisexeroot} {
+    set ::auto_execs($thisexe) [info nameofexecutable]
+}
+
+if {[llength $::argv]} {
+    package require app-sample
+} else {
+    package require app-sampleshell
+    repl::start stdin
+}
+
diff --git a/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/modules/shellfilter-0.1.8.tm b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/modules/shellfilter-0.1.8.tm
new file mode 100644
index 00000000..53abd15c
--- /dev/null
+++ b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/modules/shellfilter-0.1.8.tm
@@ -0,0 +1,2862 @@
+#copyright 2023 Julian Marcel Noble
+#license: BSD (revised 3-clause)
+#
+#Note shellfilter is currently only directly useful for unidirectional channels e.g stdin,stderr,stdout, or for example fifo2 where only one direction is being used.
+#To generalize this to bidrectional channels would require shifting around read & write methods on transform objects in a very complicated manner.
+#e.g each transform would probably be a generic transform container which holds sub-objects to which read & write are indirected.
+#This is left as a future exercise...possibly it's best left as a concept for uni-directional channels anyway 
+# - as presumably the reads/writes from a bidirectional channel could be diverted off to unidirectional pipelines for processing with less work
+# (and maybe even better speed/efficiency if the data volume is asymmetrical and there is significant processing on one direction)
+#
+
+
+namespace eval shellfilter::log {
+    variable allow_adhoc_tags 0
+    variable open_logs [dict create]
+
+    #'tag' is an identifier for the log source. 
+    # each tag will use it's own thread to write to the configured log target
+    proc open {tag {settingsdict {}}} {
+        upvar ::shellfilter::sources sourcelist
+        package require shellthread
+        if {![dict exists $settingsdict -tag]} {
+            dict set settingsdict -tag $tag
+        } else {
+            if {$tag ne [dict get $settingsdict -tag]} {
+                error "shellfilter::log::open first argument tag: '$tag' does not match -tag '[dict get $settingsdict -tag]' omit -tag, or supply same value"
+            }
+        }
+        if {$tag ni $sourcelist} {
+            lappend sourcelist $tag
+        }
+
+        #note new_worker 
+        set worker_tid [shellthread::manager::new_worker $tag $settingsdict]
+        #puts stderr "shellfilter::log::open this_threadid: [thread::id] tag: $tag worker_tid: $worker_tid"
+        return $worker_tid
+    }
+    proc write {tag msg} {
+        shellthread::manager::write_log $tag $msg
+    }
+    #write_sync - synchronous processing with logging thread, slower but potentially useful for debugging/testing or forcing delay til log written
+    proc write_sync {tag msg} {
+        shellthread::manager::write_log $tag $msg -async 0
+    }
+    proc close {tag} {
+        #shellthread::manager::close_worker $tag
+        shellthread::manager::unsubscribe [list $tag]; #workertid will be added back to free list if no tags remain subscribed
+    }
+
+    #todo -implement
+    proc require_open {{is_open_required {}}} {
+        variable allow_adhoc_tags
+        if {![string length $is_open_required]} {
+            return $allow_adhoc_tags
+        } else {
+            set truevalues [list y yes true 1]
+            set falsevalues [list n no false 0]
+            if {[string tolower $is_open_required] in $truevalues} {
+                set allow_adhoc_tags 1
+            } elseif {[string tolower $is_open_required] in $falsevalues} {
+                set allow_adhoc_tags 0
+            } else {
+                error "shellfilter::log::require_open unrecognised value '$is_open_required' try one of $truevalues or $falsevalues"
+            }
+        }
+    }
+}
+namespace eval shellfilter::pipe {
+    #write channel for program. workerthread reads other end of fifo2 and writes data somewhere
+    proc open_out {tag_pipename {settingsdict {}}} {
+        package require shellthread
+        #we are only using the fifo in a single direction to pipe to another thread
+        # - so whilst wchan and rchan could theoretically each be both read & write we're only using them for one operation each
+        if {![catch {package require Memchan}]} {
+            lassign [fifo2] wchan rchan
+        } else {
+            package require tcl::chan::fifo2
+            lassign [tcl::chan::fifo2] wchan rchan
+        }
+        #default -translation for both types of fifo on windows is {auto crlf}
+        # -encoding is as per '[encoding system]' on the platform - e.g utf-8 (e.g windows when beta-utf8 enabled)
+        chan configure $wchan -buffering [dict get $settingsdict -buffering] ;#
+        #application end must not be binary for our filters to operate on it
+
+
+        #chan configure $rchan -buffering [dict get $settingsdict -buffering] -translation binary ;#works reasonably..
+        chan configure $rchan -buffering [dict get $settingsdict -buffering] -translation lf 
+
+        set worker_tid [shellthread::manager::new_worker $tag_pipename $settingsdict]
+        #puts stderr "worker_tid: $worker_tid"
+
+        #set_read_pipe does the thread::transfer of the rchan end. -buffering setting is maintained during thread transfer
+        shellthread::manager::set_pipe_read_from_client $tag_pipename $worker_tid $rchan
+
+        set pipeinfo [list localchan $wchan remotechan $rchan workertid $worker_tid direction out]
+        return $pipeinfo
+    }
+
+    #read channel for program.  workerthread writes to other end of fifo2 from whereever it's reading (stdin, file?)
+    proc open_in {tag_pipename {settingsdict {} }} {
+        package require shellthread
+        package require tcl::chan::fifo2
+        lassign [tcl::chan::fifo2] wchan rchan
+        set program_chan $rchan
+        set worker_chan $wchan
+        chan configure $worker_chan     -buffering [dict get $settingsdict -buffering]
+        chan configure $program_chan    -buffering [dict get $settingsdict -buffering]
+
+        chan configure $program_chan -blocking 0
+        chan configure $worker_chan -blocking 0
+        set worker_tid [shellthread::manager::new_worker $tag_pipename $settingsdict]
+
+        shellthread::manager::set_pipe_write_to_client $tag_pipename $worker_tid $worker_chan
+
+        set pipeinfo [list localchan $program_chan remotechan $worker_chan workertid $worker_tid direction in]
+        puts stderr "|jn>pipe::open_in returning $pipeinfo"
+        puts stderr "program_chan: [chan conf $program_chan]"
+        return $pipeinfo
+    }
+
+}
+namespace eval shellfilter::ansi2 {
+    #shellfilter::ansi procs only: adapted from ansicolor page on wiki https://wiki.tcl-lang.org/page/ANSI+color+control except where otherwise marked
+    variable test "blah\033\[1;33mETC\033\[0;mOK"
+    namespace export + = ?
+    #CSI <n> m = SGR (Select Graphic Rendition)
+    variable SGR_setting_map {
+        bold        1   dim             2   blink           5   fastblink   6   noblink     25      hide   8    normal      22
+        underline   4   doubleunderline 21  nounderline     24  strike      9   nostrike    29      italic 3    noitalic    23
+        reverse     7   noreverse       27  defaultfg       39  defaultbg   49
+        overline    53  nooverline      55  frame           51  framecircle 52  noframe     54
+    }
+    variable SGR_colour_map {
+        black       30  red             31  green           32  yellow      33  blue        4       purple 35   cyan        36      white 37
+        Black       40  Red             41  Green           42  Yellow      43  Blue        44      Purple 45   Cyan        46      White 47
+        BLACK       100 RED             101 GREEN           102 YELLOW      103 BLUE        104     PURPLE 105  CYAN        106     WHITE 107
+    }
+    variable SGR_map
+    set SGR_map [dict merge $SGR_colour_map $SGR_setting_map]
+
+    proc colourmap1 {{bgname White}} {
+        package require textblock
+
+        set bg [textblock::block 3 33 "[a+ $bgname] [a=]"]
+        set colormap ""
+        for {set i 0} {$i <= 7} {incr i} {
+            append colormap "_[a+ white bold 48\;5\;$i] $i [a=]"
+        }
+        set map1 [overtype::left -transparent _ $bg "\n$colormap"]
+        return $map1
+    }
+    proc colourmap2 {{bgname White}} {
+        package require textblock
+        set bg [textblock::block 3 39 "[a+ $bgname] [a=]"]
+        set colormap ""
+        for {set i 8} {$i <= 15} {incr i} {
+            append colormap "_[a+ black normal 48\;5\;$i] $i [a=]" ;#black normal is blacker than black bold - which often displays as a grey
+        }
+        set map2 [overtype::left -transparent _ $bg "\n$colormap"]
+        return $map2
+    }
+    proc ? {args} {
+        variable SGR_setting_map
+        variable SGR_colour_map
+
+        if {![llength $args]} {
+            set out ""
+            append out $SGR_setting_map \n
+            append out $SGR_colour_map \n
+
+            try {
+                set bgname "White"
+                set map1 [colourmap1 $bgname]
+                set map1 [overtype::centre -transparent 1 $map1 "[a= black $bgname]Standard colours[a=]"]
+                set map2 [colourmap2 $bgname]
+                set map2 [overtype::centre -transparent 1 $map2 "[a= black $bgname]High-intensity colours[a=]"]
+                append out [textblock::join [textblock::join $map1 "   "] $map2] \n
+                #append out $map1[a=] \n
+                #append out $map2[a=] \n
+
+
+
+            } on error {result options} {
+                puts stderr "Failed to draw colormap"
+                puts stderr "$result"
+            } finally {
+                return $out
+            }
+        } else {
+            set result [list]
+            set rmap [lreverse $map]
+            foreach i $args {
+                if {[string is integer -strict $i]} {
+                    if {[dict exists $rmap $i]} {
+                        lappend result $i [dict get $rmap $i]
+                    }
+                } else {
+                    if {[dict exists $map $i]} {
+                        lappend result $i [dict get $map $i]
+                    }
+                }
+            }
+            return $result
+        }
+    }
+    proc + {args} {
+        #don't disable ansi here.
+        #we want this to be available to call even if ansi is off
+        variable SGR_map
+        set t [list] 
+        foreach i $args {
+            if {[string is integer -strict $i]} {
+                lappend t $i
+            } elseif {[string first ";" $i] >=0} {
+                #literal with params
+                lappend t $i
+            } else {
+                if {[dict exists $SGR_map $i]} {
+                    lappend t [dict get $SGR_map $i]
+                } else {
+                    #accept examples for foreground
+                    #  256f-# or 256fg-# or 256f#
+                    #  rgbf-<r>-<g>-<b>  or rgbfg-<r>-<g>-<b> or rgbf<r>-<g>-<b>
+                    if {[string match -nocase "256f*" $i]} {
+                        set cc [string trim [string range $i 4 end] -gG]
+                        lappend t "38;5;$cc" 
+                    } elseif {[string match -nocase 256b* $i]} {
+                        set cc [string trim [string range $i 4 end] -gG]
+                        lappend t "48;5;$cc" 
+                    } elseif {[string match -nocase rgbf* $i]} {
+                        set rgb [string trim [string range $i 4 end] -gG]
+                        lassign [split $rgb -] r g b
+                        lappend t "38;2;$r;$g;$b"
+                    } elseif {[string match -nocase rgbb* $i]} {
+                        set rgb [string trim [string range $i 4 end] -gG]
+                        lassign [split $rgb -] r g b
+                        lappend t "48;2;$r;$g;$b"
+                    }
+                }
+            }
+        }
+        # \033 - octal.  equivalently \x1b in hex which is more common in documentation
+        if {![llength $t]} {
+            return "" ;# a+ nonexistent should return nothing rather  than a reset ( \033\[\;m  is a reset even without explicit zero(s))
+        }
+        return "\x1b\[[join $t {;}]m"
+    }
+    proc = {args} {
+        #don't disable ansi here.
+        #we want this to be available to call even if ansi is off
+        variable SGR_map
+        set t [list]
+        foreach i $args {
+            if {[string is integer -strict $i]} {
+                lappend t $i
+            } elseif {[string first ";" $i] >=0} {
+                #literal with params
+                lappend t $i
+            } else {
+                if {[dict exists $SGR_map $i]} {
+                    lappend t [dict get $SGR_map $i]
+                } else {
+                    #accept examples for foreground
+                    #  256f-# or 256fg-# or 256f#
+                    #  rgbf-<r>-<g>-<b>  or rgbfg-<r>-<g>-<b> or rgbf<r>-<g>-<b>
+                    if {[string match -nocase "256f*" $i]} {
+                        set cc [string trim [string range $i 4 end] -gG]
+                        lappend t "38;5;$cc" 
+                    } elseif {[string match -nocase 256b* $i]} {
+                        set cc [string trim [string range $i 4 end] -gG]
+                        lappend t "48;5;$cc" 
+                    } elseif {[string match -nocase rgbf* $i]} {
+                        set rgb [string trim [string range $i 4 end] -gG]
+                        lassign [split $rgb -] r g b
+                        lappend t "38;2;$r;$g;$b"
+                    } elseif {[string match -nocase rgbb* $i]} {
+                        set rgb [string trim [string range $i 4 end] -gG]
+                        lassign [split $rgb -] r g b
+                        lappend t "48;2;$r;$g;$b"
+                    }
+                }
+            }
+        }
+        # \033 - octal.  equivalently \x1b in hex which is more common in documentation
+        # empty list [a=] should do reset - same for [a= nonexistant]
+        # explicit reset at beginning of parameter list for a= (as opposed to a+)
+        set t [linsert $t 0 0]
+        return "\x1b\[[join $t {;}]m"
+    }
+
+
+}
+
+
+
+namespace eval shellfilter::ansi {
+    #maint warning - from overtype package
+    proc stripcodes {text} {
+        #single "final byte" in the range 0x40–0x7E (ASCII @A–Z[\]^_`a–z{|}~).
+        dict set escape_terminals CSI [list @ \\ ^ _ ` | ~ a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z "\{" "\}"]
+        #dict set escape_terminals CSI [list J K m n A B C D E F G s u] ;#basic 
+        dict set escape_terminals OSC [list \007 \033\\] ;#note mix of 1 and 2-byte terminals 
+        #we process char by char - line-endings whether \r\n or \n should be processed as per any other character.
+        #line endings can theoretically occur within an ansi escape sequence (review e.g title?)
+        set inputlist [split $text ""]
+        set outputlist [list] 
+
+        #self-contained 2 byte ansi escape sequences - review more?
+        set  2bytecodes_dict [dict create\
+            "reset_terminal" "\033c"\
+            "save_cursor_posn" "\u001b7"\
+            "restore_cursor_posn" "\u001b8"\
+            "cursor_up_one" "\u001bM"\
+            ]
+        set 2bytecodes [dict values $2bytecodes_dict]
+
+        set in_escapesequence 0
+        #assumption - undertext already 'rendered' - ie no backspaces or carriagereturns or other cursor movement controls
+        set i 0
+        foreach u $inputlist {
+            set v [lindex $inputlist $i+1]
+            set uv ${u}${v}
+            if {$in_escapesequence eq "2b"} {
+                #2nd byte - done.
+                set in_escapesequence 0
+            } elseif {$in_escapesequence != 0} {
+                set escseq [dict get $escape_terminals $in_escapesequence]
+                if {$u in $escseq} {
+                    set in_escapesequence 0
+                } elseif {$uv in $escseq} {
+                    set in_escapseequence 2b ;#flag next byte as last in sequence
+                }
+            } else {
+                #handle both 7-bit and 8-bit CSI and OSC
+                if {[regexp {^(?:\033\[|\u009b)} $uv]} {
+                    set in_escapesequence CSI
+                } elseif {[regexp {^(?:\033\]|\u009c)} $uv]} {
+                    set in_escapesequence OSC
+                } elseif {$uv in $2bytecodes} {
+                    #self-contained e.g terminal reset - don't pass through.
+                    set in_escapesequence 2b
+                } else {
+                    lappend outputlist $u
+                }
+            }
+            incr i
+        }
+        return [join $outputlist ""]
+    }
+
+}
+namespace eval shellfilter::chan {
+    set testobj ::shellfilter::chan::var
+    if {$testobj ni [info commands $testobj]} {
+
+    oo::class create var {
+        variable o_datavar
+        variable o_trecord 
+        variable o_enc
+        variable o_is_junction
+        constructor {tf} {
+            set o_trecord $tf
+            set o_enc [dict get $tf -encoding]
+            set settingsdict [dict get $tf -settings]
+            set varname [dict get $settingsdict -varname] 
+            set o_datavar $varname
+            if {[dict exists $tf -junction]} {
+                set o_is_junction [dict get $tf -junction]
+            } else {
+                set o_is_junction 1  ;# as a var is diversionary - default it to be a jucntion
+            }
+        }
+        method initialize {ch mode} {
+            return [list initialize finalize write]
+        }
+        method finalize {ch} {
+            my destroy
+        }
+        method watch {ch events} {
+            # must be present but we ignore it because we do not
+            # post any events
+        }
+        #method read {ch count} {
+        #  return ?
+        #}
+        method write {ch bytes} {
+            set stringdata [encoding convertfrom $o_enc $bytes]
+            append $o_datavar $stringdata
+            return ""
+        }
+        method meta_is_redirection {} {
+            return $o_is_junction 
+        }
+        method meta_buffering_supported {} {
+            return [list line full none]
+        }
+    }
+
+    #todo - something similar for multiple grep specs each with own -pre & -post .. store to dict?
+    oo::class create tee_grep_to_var {
+        variable o_datavar
+        variable o_lastxlines 
+        variable o_trecord 
+        variable o_grepfor
+        variable o_prelines
+        variable o_postlines
+        variable o_postcountdown 
+        variable o_enc
+        variable o_is_junction
+        constructor {tf} {
+            set o_trecord $tf
+            set o_enc [dict get $tf -encoding]
+            set o_lastxlines [list]
+            set o_postcountdown 0
+            set defaults [dict create -pre 1 -post 1]
+            set settingsdict [dict get $tf -settings]
+            set settings [dict merge $defaults $settingsdict]
+            set o_datavar [dict get $settings -varname]
+            set o_grepfor [dict get $settings -grep]
+            set o_prelines [dict get $settings -pre]
+            set o_postlines [dict get $settings -post]
+            if {[dict exists $tf -junction]} {
+                set o_is_junction [dict get $tf -junction]
+            } else {
+                set o_is_junction 0
+            }
+        }
+        method initialize {transform_handle mode} {
+            return [list initialize finalize write]
+        }
+        method finalize {transform_handle} {
+            my destroy
+        }
+        method watch {transform_handle events} {
+        }
+        #method read {transform_handle count} {
+        #  return ?
+        #}
+        method write {transform_handle bytes} {
+            set logdata [encoding convertfrom $o_enc $bytes] 
+            set lastx $o_lastxlines 
+            lappend o_lastxlines $logdata
+
+            if {$o_postcountdown > 0} {
+                append $o_datavar $logdata
+                if {[regexp $o_grepfor $logdata]} {
+                    #another match in postlines
+                    set o_postcountdown $o_postlines
+                } else {
+                    incr o_postcountdown -1
+                }
+            } else {
+                if {[regexp $o_grepfor $logdata]} {
+                    append $o_datavar [join $lastx]
+                    append $o_datavar $logdata
+                    set o_postcountdown $o_postlines
+                }
+            }
+
+            if {[llength $o_lastxlines] > $o_prelines} {
+                set o_lastxlines [lrange $o_lastxlines 1 end]
+            }
+            return $bytes
+        }
+        method meta_is_redirection {} {
+            return $o_is_junction
+        }
+        method meta_buffering_supported {} {
+            return [list line]
+        }
+    }
+
+    oo::class create tee_to_var {
+        variable o_datavars
+        variable o_trecord
+        variable o_enc
+        variable o_is_junction
+        constructor {tf} {
+            set o_trecord $tf
+            set o_enc [dict get $tf -encoding]
+            set settingsdict [dict get $tf -settings]
+            set varname [dict get $settingsdict -varname]
+            set o_datavars $varname
+            if {[dict exists $tf -junction]} {
+                set o_is_junction [dict get $tf -junction]
+            } else {
+                set o_is_junction 0
+            }
+        }
+        method initialize {ch mode} {
+            return [list initialize finalize write]
+        }
+        method finalize {ch} {
+            my destroy
+        }
+        method watch {ch events} {
+            # must be present but we ignore it because we do not
+            # post any events
+        }
+        #method read {ch count} {
+        #  return ?
+        #}
+        method write {ch bytes} {
+            set stringdata [encoding convertfrom $o_enc $bytes]
+            foreach v $o_datavars {
+                append $v $stringdata
+            }
+            return $bytes
+        }
+        method meta_is_redirection {} {
+            return $o_is_junction
+        }
+    }
+    oo::class create tee_to_pipe {
+        variable o_logsource
+        variable o_localchan
+        variable o_enc
+        variable o_trecord
+        variable o_is_junction
+        constructor {tf} {
+            set o_trecord $tf
+            set o_enc [dict get $tf -encoding]
+            set settingsdict [dict get $tf -settings]
+            if {![dict exists $settingsdict -tag]} {
+                error "tee_to_pipe constructor settingsdict missing -tag"
+            }
+            set o_localchan [dict get $settingsdict -pipechan]
+            set o_logsource [dict get $settingsdict -tag]
+            if {[dict exists $tf -junction]} {
+                set o_is_junction [dict get $tf -junction]
+            } else {
+                set o_is_junction 0
+            }
+        }
+        method initialize {transform_handle mode} {
+            return [list initialize read write finalize]
+        }
+        method finalize {transform_handle} {
+            ::shellfilter::log::close $o_logsource
+            my destroy
+        }
+        method watch {transform_handle events} {
+            # must be present but we ignore it because we do not
+            # post any events
+        }
+        method read {transform_handle bytes} {
+            set logdata [encoding convertfrom $o_enc $bytes] 
+            #::shellfilter::log::write $o_logsource $logdata
+            puts -nonewline $o_localchan $logdata
+            return  $bytes
+        }
+        method write {transform_handle bytes} {
+            set logdata [encoding convertfrom $o_enc $bytes] 
+            #::shellfilter::log::write $o_logsource $logdata
+            puts -nonewline $o_localchan $logdata
+            return $bytes
+        }
+        #a tee is not a redirection - because data still flows along the main path
+        method meta_is_redirection {} {
+            return $o_is_junction
+        }
+
+    }
+    oo::class create tee_to_log  {
+        variable o_tid 
+        variable o_logsource
+        variable o_trecord 
+        variable o_enc
+        variable o_is_junction
+        constructor {tf} {
+            set o_trecord $tf
+            set o_enc [dict get $tf -encoding]
+            set settingsdict [dict get $tf -settings]
+            if {![dict exists $settingsdict -tag]} {
+                error "tee_to_log constructor settingsdict missing -tag"
+            }
+            set o_logsource [dict get $settingsdict -tag]
+            set o_tid [::shellfilter::log::open $o_logsource $settingsdict]
+            if {[dict exists $tf -junction]} {
+                set o_is_junction [dict get $tf -junction]
+            } else {
+                set o_is_junction 0
+            }
+        }
+        method initialize {ch mode} {
+            return [list initialize read write finalize]
+        }
+        method finalize {ch} {
+            ::shellfilter::log::close $o_logsource
+            my destroy
+        }
+        method watch {ch events} {
+            # must be present but we ignore it because we do not
+            # post any events
+        }
+        method read {ch bytes} {
+            set logdata [encoding convertfrom $o_enc $bytes] 
+            ::shellfilter::log::write $o_logsource $logdata
+            return  $bytes
+        }
+        method write {ch bytes} {
+            set logdata [encoding convertfrom $o_enc $bytes] 
+            ::shellfilter::log::write $o_logsource $logdata
+            return $bytes
+        }
+        method meta_is_redirection {} {
+            return $o_is_junction
+        }
+    }
+
+
+    oo::class create logonly  {
+        variable o_tid
+        variable o_logsource
+        variable o_trecord 
+        variable o_enc
+        constructor {tf} {
+            set o_trecord $tf
+            set o_enc [dict get $tf -encoding]
+            set settingsdict [dict get $tf -settings]
+            if {![dict exists $settingsdict -tag]} {
+                error "logonly constructor settingsdict missing -tag"
+            }
+            set o_logsource [dict get $settingsdict -tag]
+            set o_tid [::shellfilter::log::open $o_logsource $settingsdict]
+        }
+        method initialize {transform_handle mode} {
+            return [list initialize finalize write]
+        }
+        method finalize {transform_handle} {
+            ::shellfilter::log::close $o_logsource
+            my destroy
+        }
+        method watch {transform_handle events} {
+            # must be present but we ignore it because we do not
+            # post any events
+        }
+        #method read {transform_handle count} {
+        #  return ?
+        #}
+        method write {transform_handle bytes} {
+            set logdata [encoding convertfrom $o_enc $bytes] 
+            if 0 {
+                if {"utf-16le" in [encoding names]} {
+                    set logdata [encoding convertfrom utf-16le $bytes]
+                } else {
+                    set logdata [encoding convertto utf-8 $bytes]
+                    #set logdata [encoding convertfrom unicode $bytes]
+                    #set logdata $bytes
+                }
+            }
+            #set logdata $bytes
+            #set logdata [string map [list \r -r- \n -n-] $logdata]
+            #if {[string equal [string range $logdata end-1 end] "\r\n"]} {
+            #  set logdata [string range $logdata 0 end-2]
+            #}
+            #::shellfilter::log::write_sync $o_logsource $logdata
+            ::shellfilter::log::write $o_logsource $logdata
+            #return $bytes
+            return 
+        }
+        method meta_is_redirection {} {
+            return 1
+        }
+    }
+
+    #review - we should probably provide a more narrow filter than only strips color - and one that strips most(?) 
+    # - but does it ever really make sense to strip things like "esc(0" and "esc(B" which flip to the G0 G1 characters? (once stripped - things like box-lines become ordinary letters - unlikely to be desired?)
+    #punk::ansi::stripansi converts at least some of the box drawing G0 chars to unicode - todo - more complete conversion
+    #assumes line-buffering. a more advanced filter required if ansicodes can arrive split accross separate read or write operations!
+    oo::class create ansistrip {
+        variable o_trecord 
+        variable o_enc
+        variable o_is_junction
+        constructor {tf} {
+            package require punk::ansi
+            set o_trecord $tf
+            set o_enc [dict get $tf -encoding]
+            if {[dict exists $tf -junction]} {
+                set o_is_junction [dict get $tf -junction]
+            } else {
+                set o_is_junction 0
+            }
+        }
+        method initialize {transform_handle mode} {
+            return [list initialize read write finalize]
+        }
+        method finalize {transform_handle} {
+            my destroy
+        }
+        method watch {transform_handle events} {
+        }
+        method read {transform_handle bytes} {
+            set instring [encoding convertfrom $o_enc $bytes] 
+            set outstring [punk::ansi::stripansi $instring]
+            return [encoding convertto $o_enc $outstring]
+        }
+        method write {transform_handle bytes} {
+            set instring [encoding convertfrom $o_enc $bytes] 
+            set outstring [punk::ansi::stripansi $instring]
+            return [encoding convertto $o_enc $outstring]
+            #return [encoding convertto unicode $outstring]
+        }
+        method meta_is_redirection {} {
+            return $o_is_junction
+        }
+    }
+
+    #a test
+    oo::class create reconvert {
+        variable o_trecord 
+        variable o_enc
+        constructor {tf} {
+            set o_trecord $tf
+            set o_enc [dict get $tf -encoding]
+        }
+        method initialize {transform_handle mode} {
+            return [list initialize read write finalize]
+        }
+        method finalize {transform_handle} {
+            my destroy
+        }
+        method watch {transform_handle events} {
+        }
+        method read {transform_handle bytes} {
+            set instring [encoding convertfrom $o_enc $bytes] 
+
+            set outstring $instring
+
+            return [encoding convertto $o_enc $outstring]
+        }
+        method write {transform_handle bytes} {
+            set instring [encoding convertfrom $o_enc $bytes] 
+
+            set outstring $instring
+
+            return [encoding convertto $o_enc $outstring]
+        }
+    }
+    oo::define reconvert {
+        method meta_is_redirection {} {
+            return 0
+        }
+    }
+
+    oo::class create ansiwrap {
+        variable o_trecord
+        variable o_enc
+        variable o_colour
+        variable o_do_colour
+        variable o_do_normal
+        variable o_is_junction
+        constructor {tf} {
+            package require punk::ansi
+            set o_trecord $tf
+            set o_enc [dict get $tf -encoding]
+            set settingsdict [dict get $tf -settings]
+            if {[dict exists $settingsdict -colour]} {
+                set o_colour [dict get $settingsdict -colour]
+                set o_do_colour [punk::ansi::a+ {*}$o_colour]
+                set o_do_normal [punk::ansi::a]
+            } else {
+                set o_colour {}
+                set o_do_colour ""
+                set o_do_normal ""
+            }
+            if {[dict exists $tf -junction]} {
+                set o_is_junction [dict get $tf -junction]
+            } else {
+                set o_is_junction 0
+            }
+        }
+        method initialize {transform_handle mode} {
+            return [list initialize  write finalize]
+        }
+        method finalize {transform_handle} {
+            my destroy
+        }
+        method watch {transform_handle events} {
+        }
+        method write {transform_handle bytes} {
+            set instring [encoding convertfrom $o_enc $bytes]
+            set outstring "$o_do_colour$instring$o_do_normal"
+            #set outstring ">>>$instring"
+            return [encoding convertto $o_enc $outstring]
+        }
+        method meta_is_redirection {} {
+            return $o_is_junction
+        }
+    }
+    #todo - something 
+    oo::class create rebuffer {
+        variable o_trecord 
+        variable o_enc
+        constructor {tf} {
+            set o_trecord $tf
+            set o_enc [dict get $tf -encoding]
+        }
+        method initialize {transform_handle mode} {
+            return [list initialize read write finalize]
+        }
+        method finalize {transform_handle} {
+            my destroy
+        }
+        method watch {transform_handle events} {
+        }
+        method read {transform_handle bytes} {
+            set instring [encoding convertfrom $o_enc $bytes] 
+
+            set outstring $instring
+
+            return [encoding convertto $o_enc $outstring]
+        }
+        method write {transform_handle bytes} {
+            set instring [encoding convertfrom $o_enc $bytes] 
+
+            #set outstring [string map [list \n <N>] $instring]
+            set outstring $instring
+
+            return [encoding convertto $o_enc $outstring]
+            #return [encoding convertto utf-16le $outstring]
+        }
+    }
+    oo::define rebuffer {
+        method meta_is_redirection {} {
+            return 0
+        }
+    }
+
+    #has slight buffering/withholding of lone training cr - we can't be sure that a cr at end of chunk is part of \r\n sequence 
+    oo::class create tounix {
+        variable o_trecord 
+        variable o_enc
+        variable o_last_char_was_cr
+        variable o_is_junction
+        constructor {tf} {
+            set o_trecord $tf
+            set o_enc [dict get $tf -encoding]
+            set settingsdict [dict get $tf -settings]
+            if {[dict exists $tf -junction]} {
+                set o_is_junction [dict get $tf -junction]
+            } else {
+                set o_is_junction 0
+            }
+            set o_last_char_was_cr 0
+        }
+        method initialize {transform_handle mode} {
+            return [list initialize write finalize]
+        }
+        method finalize {transform_handle} {
+            my destroy
+        }
+        method watch {transform_handle events} {
+        }
+        #don't use read
+        method read {transform_handle bytes} {
+            set instring [encoding convertfrom $o_enc $bytes] 
+
+            set outstring $instring
+
+            return [encoding convertto $o_enc $outstring]
+        }
+        method write {transform_handle bytes} {
+            set instring [encoding convertfrom $o_enc $bytes] 
+            #set outstring [string map [list \n <N>] $instring]
+
+            if {$o_last_char_was_cr} {
+                set instring "\r$instring"
+            }
+
+            set outstring [string map [list \r\n \n] $instring]
+            set lastchar [string range $outstring end end] 
+            if {$lastchar eq "\r"} {
+                set o_last_char_was_cr 1
+                set outstring [string range $outstring 0 end-1]
+            } else {
+                set o_last_char_was_cr 0
+            }
+            #review! can we detect eof here on the transform_handle?
+            #if eof, we don't want to strip a trailing \r
+
+            return [encoding convertto $o_enc $outstring]
+            #return [encoding convertto utf-16le $outstring]
+        }
+    }
+    oo::define tounix {
+        method meta_is_redirection {} {
+            return $o_is_junction
+        }
+    }
+    #write to handle case where line-endings already \r\n too
+    oo::class create towindows  {
+        variable o_trecord 
+        variable o_enc
+        variable o_last_char_was_cr
+        variable o_is_junction
+        constructor {tf} {
+            set o_trecord $tf
+            set o_enc [dict get $tf -encoding]
+            set settingsdict [dict get $tf -settings]
+            if {[dict exists $tf -junction]} {
+                set o_is_junction [dict get $tf -junction]
+            } else {
+                set o_is_junction 0
+            }
+            set o_last_char_was_cr 0
+        }
+        method initialize {transform_handle mode} {
+            return [list initialize write finalize]
+        }
+        method finalize {transform_handle} {
+            my destroy
+        }
+        method watch {transform_handle events} {
+        }
+        #don't use read
+        method read {transform_handle bytes} {
+            set instring [encoding convertfrom $o_enc $bytes] 
+
+            set outstring $instring
+
+            return [encoding convertto $o_enc $outstring]
+        }
+        method write {transform_handle bytes} {
+            set instring [encoding convertfrom $o_enc $bytes] 
+            #set outstring [string map [list \n <N>] $instring]
+
+            if {$o_last_char_was_cr} {
+                set instring "\r$instring"
+            }
+
+            set outstring [string map [list \r\n \uFFFF] $instring]
+            set outstring [string map [list \n \r\n] $outstring]
+            set outstring [string map [list \uFFFF \r\n] $outstring]
+
+            set lastchar [string range $outstring end end] 
+            if {$lastchar eq "\r"} {
+                set o_last_char_was_cr 1
+                set outstring [string range $outstring 0 end-1]
+            } else {
+                set o_last_char_was_cr 0
+            }
+            #review! can we detect eof here on the transform_handle?
+            #if eof, we don't want to strip a trailing \r
+
+            return [encoding convertto $o_enc $outstring]
+            #return [encoding convertto utf-16le $outstring]
+        }
+    }
+    oo::define towindows {
+        method meta_is_redirection {} {
+            return $o_is_junction 
+        }
+    }
+
+    }
+}
+
+# ----------------------------------------------------------------------------
+#review float/sink metaphor.
+#perhaps something with the concept of upstream and downstream?
+#need concepts for push towards data, sit in middle where placed, and lag at tail of data stream. 
+## upstream for stdin is at the bottom of the stack and for stdout is the top of the stack.
+#upstream,neutral-upstream,downstream,downstream-aside,downstream-replace  (default neutral-upstream - require action 'stack' to use standard channel stacking concept and ignore other actions)
+#This is is a bit different from the float/sink metaphor which refers to the channel stacking order as opposed to the data-flow direction.
+#The idea would be that whether input or output 
+# upstream additions go to the side closest to the datasource
+# downstream additions go furthest from the datasource 
+# - all new additions go ahead of any diversions as the most upstream diversion is the current end of the stream in a way.
+# - this needs review regarding subsequent removal of the diversion and whether filters re-order in response.. 
+#    or if downstream & neutral additions are reclassified upon insertion if they land among existing upstreams(?) 
+# neutral-upstream goes to the datasource side of the neutral-upstream list. 
+#   No 'neutral' option provided so that we avoid the need to think forwards or backwards when adding stdin vs stdout shellfilter does the necessary pop/push reordering.
+#   No 'neutral-downstream' to reduce complexity.
+# downstream-replace & downstream-aside head downstream to the first diversion they encounter. ie these actions are no longer referring to the stack direction but only the dataflow direction.
+#
+# ----------------------------------------------------------------------------
+#
+# 'filters' are transforms that don't redirect
+# - limited range of actions to reduce complexity.
+# - any requirement not fulfilled by float,sink,sink-replace,sink-sideline should be done by multiple pops and pushes
+#
+#actions can float to top of filters or sink to bottom of filters
+#when action is of type sink, it can optionally replace or sideline the first non-filter it encounters (highest redirection on the stack.. any lower are starved of the stream anyway)
+# - sideline means to temporarily replace the item and keep a record, restoring if/when we are removed from the transform stack
+#
+##when action is of type float it can't replace or sideline anything. A float is added above any existing floats and they stay in the same order relative to each other,
+#but non-floats added later will sit below all floats.
+#(review - float/sink initially designed around output channels. For stdin the dataflow is reversed. implement float-aside etc?)
+#
+#
+#action: float sink sink-replace,sink-sideline
+#
+#
+## note - whether stack is for input or output we maintain it in the same direction - which is in sync with the tcl chan pop chan push concept.
+## 
+namespace eval shellfilter::stack {
+    #todo - implement as oo
+    variable pipelines [list]
+
+    proc items {} {
+        #review - stdin,stdout,stderr act as pre-existing pipelines, and we can't create a new one with these names - so they should probably be autoconfigured and listed..
+        # - but in what contexts? only when we find them in [chan names]?
+        variable pipelines
+        return [dict keys $pipelines]
+    }
+
+    proc status {{pipename *} args} {
+        variable pipelines
+
+        set pipecount [dict size $pipelines]
+        set tableprefix "$pipecount pipelines active\n"
+        package require overtype
+        #todo -verbose
+        set table ""
+        set ac1 [string repeat " " 15]
+        set ac2 [string repeat " " 32]
+        set ac3 [string repeat " " 80]
+        append table "[overtype::left $ac1 channel-ident] "
+        append table "[overtype::left $ac2 device-info] "
+        append table "[overtype::left $ac3 stack-info]"
+        append table \n
+
+
+        set bc1 [string repeat " " 5]  ;#stack id
+        set bc2 [string repeat " " 25] ;#transform
+        set bc3 [string repeat " " 50] ;#settings
+
+        foreach k [dict keys $pipelines $pipename] {
+            set lc [dict get $pipelines $k device localchan]
+
+
+            set col1 [overtype::left $ac1 $k]
+            set col2 [overtype::left $ac2 "localchan: $lc"]
+
+            set stack [dict get $pipelines $k stack]
+            if {![llength $stack]} {
+                    set col3 $ac3
+            } else {
+                set rec [lindex $stack 0]
+                set bcol1 [overtype::left $bc1 [dict get $rec -id]]
+                set bcol2 [overtype::left $bc2 [namespace tail [dict get $rec -transform]]]
+                set bcol3 [overtype::left $bc3 [dict get $rec -settings]]
+                set stackrow "$bcol1 $bcol2 $bcol3"
+                set col3 [overtype::left $ac3 $stackrow]
+            }
+
+            append table  "$col1 $col2 $col3\n"
+
+
+            foreach rec [lrange $stack 1 end] {
+                set col1 $ac1
+                set col2 $ac2
+                if {[llength $rec]} {
+                    set bc1 [overtype::left $bc1 [dict get $rec -id]]
+                    set bc2 [overtype::left $bc2 [namespace tail [dict get $rec -transform]]]
+                    set bc3 [overtype::left $bc3 [dict get $rec -settings]]
+                    set stackrow "$bc1 $bc2 $bc3"
+                    set col3 [overtype::left $ac3 $stackrow]
+                } else {
+                    set col3 $ac3
+                }
+                append table  "$col1 $col2 $col3\n"
+            }
+
+        }
+        return $tableprefix$table
+    }
+    #used for output channels - we usually want to sink redirections below the floaters and down to topmost existing redir 
+    proc _get_stack_floaters {stack} {
+        set floaters [list]
+        foreach t [lreverse $stack] {
+            if {[dict get $t -action] eq "float"} {
+                lappend floaters $t
+            } else {
+                break
+            }
+        }
+        return [lreverse $floaters]
+    }
+
+
+
+    #for output-channel sinking
+    proc _get_stack_top_redirection {stack} {
+        set r 0 ;#reverse index
+        foreach t [lreverse $stack] {
+            set obj [dict get $t -obj]
+            if {[$obj meta_is_redirection]} {
+                set idx [expr {[llength $stack] - ($r + 1) }] ;#forward index
+                return [list index $idx record $t]
+            }
+            incr r
+        }
+        #not found
+        return [list index -1 record {}]
+    }
+    #exclude float-locked, locked, sink-locked
+    proc _get_stack_top_redirection_replaceable {stack} {
+        set r 0 ;#reverse index
+        foreach t [lreverse $stack] {
+            set action [dict get $t -action]
+            if {![string match "*locked*" $action]} {
+                set obj [dict get $t -obj]
+                if {[$obj meta_is_redirection]} {
+                    set idx [expr {[llength $stack] - ($r + 1) }] ;#forward index
+                    return [list index $idx record $t]
+                }
+            }
+            incr r
+        }
+        #not found
+        return [list index -1 record {}]
+    }
+
+
+    #for input-channels ? 
+    proc _get_stack_bottom_redirection {stack} {
+        set i 0 
+        foreach t $stack {
+            set obj [dict get $t -obj]
+            if {[$obj meta_is_redirection]} {
+                return [linst index $i record $t]
+            }
+            incr i
+        }
+        #not found
+        return [list index -1 record {}]
+    }
+
+
+    proc get_next_counter {pipename} {
+        variable pipelines
+        #use dictn incr ?
+        set counter [dict get $pipelines $pipename counter]
+        incr counter
+        dict set pipelines $pipename counter $counter
+        return $counter
+    }
+
+    proc unwind {pipename} {
+        variable pipelines
+        set stack [dict get $pipelines $pipename stack]
+        set localchan [dict get $pipelines $pipename device localchan]
+        foreach tf [lreverse $stack] {
+            chan pop $localchan
+        }
+        dict set pipelines $pipename [list]
+    }
+    #todo
+    proc delete {pipename} {
+        set pipeinfo [dict get $pipename]
+        set deviceinfo [dict get $pipeinfo device] 
+        set localchan [dict get $deviceinfo localchan]
+        unwind $pipename
+
+
+        chan close $localchan
+    }
+    proc remove {pipename remove_id} {
+        variable pipelines
+        if {![dict exists $pipelines $pipename]} {
+            puts stderr "WARNING: shellfilter::stack::remove pipename '$pipename' not found in pipelines dict: '$pipelines' [info level -1]"
+            return
+        }
+        set stack [dict get $pipelines $pipename stack]
+        set localchan [dict get $pipelines $pipename device localchan]
+        set posn 0
+        set idposn -1
+        set asideposn -1
+        foreach  t $stack {
+            set id [dict get $t -id]
+            if {$id eq $remove_id} {
+                set idposn $posn
+                break
+            }
+            #look into asides (only can be one for now)
+            if {[llength [dict get $t -aside]]} {
+                set a [dict get $t -aside]
+                if {[dict get $a -id] eq $remove_id} {
+                    set asideposn $posn 
+                    break
+                }
+            }
+            incr posn
+        }
+
+        if {$asideposn > 0} {
+            #id wasn't found directly in stack, but in an -aside. we don't need to pop anything - just clear this aside record
+            set container [lindex $stack $asideposn]
+            dict set container -aside {}
+            lset stack $asideposn $container 
+            dict set pipelines $pipename stack $stack
+        } else {
+            if {$idposn < 0} {
+                ::shellfilter::log::write shellfilter "ERROR shellfilter::stack::remove $pipename id '$remove_id' not found"
+                puts stderr "|WARNING>shellfilter::stack::remove $pipename id '$remove_id' not found"
+                return 0
+            }
+            set removed_item [lindex $stack $idposn] 
+
+            #include idposn in poplist
+            set poplist [lrange $stack $idposn end]
+            set stack [lreplace $stack $idposn end]
+            #pop all chans before adding anything back in!
+            foreach p $poplist {
+                chan pop $localchan
+            }
+
+            if {[llength [dict get $removed_item -aside]]} {
+                set restore [dict get $removed_item -aside]
+                set t [dict get $restore -transform]
+                set tsettings [dict get $restore -settings]
+                set obj [$t new $restore]
+                set h [chan push $localchan $obj]
+                dict set restore -handle $h
+                dict set restore -obj $obj
+                lappend stack $restore
+            }
+
+            #put popped back except for the first one, which we want to remove
+            foreach p [lrange $poplist 1 end] {
+                set t [dict get $p -transform]
+                set tsettings [dict get $p -settings]
+                set obj [$t new $p]
+                set h [chan push $localchan $obj]
+                dict set p -handle $h
+                dict set p -obj $obj
+                lappend stack $p
+            }
+            dict set pipelines $pipename stack $stack
+        }
+        show_pipeline $pipename -note "after_remove $remove_id"
+
+        return 1
+    }
+
+    #pop a number of items of the top of the stack, add our transform record, and add back all (or the tail of poplist if pushstartindex > 0)
+    proc insert_transform {pipename stack transformrecord poplist {pushstartindex 0}} {
+        variable pipelines
+        set bottom_pop_posn [expr {[llength $stack] - [llength $poplist]}]
+        set poplist [lrange $stack $bottom_pop_posn end]
+        set stack [lreplace $stack $bottom_pop_posn end]
+
+        set localchan [dict get $pipelines $pipename device localchan]
+        foreach p [lreverse $poplist] {
+            chan pop $localchan
+        }
+        set transformname [dict get $transformrecord -transform]
+        set transformsettings [dict get $transformrecord -settings]
+        set obj [$transformname new $transformrecord]
+        set h [chan push $localchan $obj] 
+        dict set transformrecord -handle $h
+        dict set transformrecord -obj $obj
+        dict set transformrecord -note "insert_transform"
+        lappend stack $transformrecord
+        foreach p [lrange $poplist $pushstartindex end] {
+            set t [dict get $p -transform]
+            set tsettings [dict get $p -settings]
+            set obj [$t new $p]
+            set h [chan push $localchan $obj]
+            #retain previous -id  - code that added it may have kept reference and not expecting it to change
+            dict set p -handle $h
+            dict set p -obj $obj
+            dict set p -note "re-added"
+
+            lappend stack $p
+        }
+        return $stack
+    }
+
+    #fifo2 
+    proc new {pipename args} {
+        variable pipelines
+        if {($pipename in [dict keys $pipelines]) || ($pipename in [chan names])} {
+            error "shellfilter::stack::new error: pipename '$pipename' already exists"
+        }
+
+        set opts [dict merge {-settings {}} $args] 
+        set defaultsettings [dict create -raw 1 -buffering line -direction out]
+        set targetsettings [dict merge $defaultsettings [dict get $opts -settings]]
+
+        set direction [dict get $targetsettings -direction]
+
+        #pipename is the source/facility-name ?
+        if {$direction eq "out"} {
+            set pipeinfo [shellfilter::pipe::open_out $pipename $targetsettings]
+        } else {
+            puts stderr "|jn> pipe::open_in $pipename $targetsettings"
+            set pipeinfo [shellfilter::pipe::open_in $pipename $targetsettings]
+        }
+        #open_out/open_in will configure buffering based on targetsettings
+
+        set program_chan [dict get $pipeinfo localchan]
+        set worker_chan [dict get $pipeinfo remotechan]
+        set workertid [dict get $pipeinfo workertid]
+
+
+        set deviceinfo [dict create pipename $pipename localchan $program_chan remotechan $worker_chan workertid $workertid direction $direction]
+        dict set pipelines $pipename [list counter 0 device $deviceinfo stack [list]]
+
+        return $deviceinfo
+    }
+    #we 'add' rather than 'push' because transforms can float,sink and replace/sideline so they don't necessarily go to the top of the transform stack
+    proc add {pipename transformname args} {
+        variable pipelines
+        if {($pipename ni [chan names]) && ($pipename ni [dict keys $pipelines])} {
+            error "shellfilter::stack::add no existing chan or pipename matching '$pipename' use stdin/stderr/stdout or shellfilter::stack::new <pipename>"
+        }
+        set args [dict merge {-action "" -settings {}} $args]
+        set action [dict get $args -action]
+        set transformsettings [dict get $args -settings]
+        if {[string first "::" $transformname] < 0} {
+            set transformname ::shellfilter::chan::$transformname
+        }
+        if {![llength [info commands $transformname]]} {
+            error "shellfilter::stack::push unknown transform '$transformname'"
+        }
+
+
+        if {![dict exists $pipelines $pipename]} {
+            #pipename must be in chan names - existing device/chan
+            #record a -read and -write end even if the device is only being used as one or the other
+            set deviceinfo [dict create pipename $pipename localchan $pipename remotechan {}]
+            dict set pipelines $pipename [list counter 0 device $deviceinfo stack [list]]
+        } else {
+            set deviceinfo [dict get $pipelines $pipename device]
+        }
+
+        set id [get_next_counter $pipename] 
+        set stack [dict get $pipelines $pipename stack]
+        set localchan [dict get $deviceinfo localchan]
+
+        #we redundantly store chan in each transform -  makes debugging clearer
+        # -encoding similarly could be stored only at the pipeline level (or even queried directly each filter-read/write),
+        # but here it may help detect unexpected changes during lifetime of the stack and avoids the chance of callers incorrectly using the transform handle?)
+        # jn
+        set transform_record [list -id $id -chan $pipename -encoding [chan configure $localchan -encoding] -transform $transformname -aside {} {*}$args]
+
+        if {$action in [list "float" "float-locked"]} {
+            set obj [$transformname new $transform_record]
+            set h [chan push $localchan $obj]
+            dict set transform_record -handle $h
+            dict set transform_record -obj $obj
+            lappend stack $transform_record
+        } elseif {$action in [list "locked" ""]} {
+            set floaters [_get_stack_floaters $stack]
+            if {![llength $floaters]} {
+                set obj [$transformname new $transform_record]
+                set h [chan push $localchan $obj]
+                dict set transform_record -handle $h
+                dict set transform_record -obj $obj
+                lappend stack $transform_record
+            } else {
+                set poplist $floaters
+                set stack [insert_transform $pipename $stack $transform_record $poplist]
+            }
+        } elseif {[string match sink* $action]} {
+            set redirinfo [_get_stack_top_redirection $stack]
+            set idx_existing_redir [dict get $redirinfo index]
+            if {$idx_existing_redir == -1} {
+                #no existing redirection transform on the stack
+                #pop everything.. add this record as the first redirection on the stack
+                set poplist $stack
+                set stack [insert_transform $pipename $stack $transform_record $poplist]
+            } else {
+                if {$action eq "sink-replace"} {
+                    #include that index in the poplist
+                    set poplist [lrange $stack $idx_existing_redir end]
+                    #pop all from idx_existing_redir  to end, but put back 'lrange $poplist 1 end'
+                    set stack [insert_transform $pipename $stack $transform_record $poplist 1]
+                } elseif {[string match "sink-aside*" $action]} {
+                    set existing_redir_record [lindex $stack $idx_existing_redir]
+                    if {[string match "*locked*" [dict get $existing_redir_record -action]]} {
+                        set put_aside 0
+                        #we can't aside this one - sit above it instead.
+                        set poplist [lrange $stack $idx_existing_redir+1 end]
+                        set stack [lrange $stack 0 $idx_existing_redir]
+                    } else {
+                        set put_aside 1
+                        dict set transform_record -aside [lindex $stack $idx_existing_redir]
+                        set poplist [lrange $stack $idx_existing_redir end]
+                        set stack [lrange $stack 0 $idx_existing_redir-1]
+                    }
+                    foreach p $poplist {
+                        chan pop $localchan
+                    }
+                    set transformname [dict get $transform_record -transform]
+                    set transform_settings [dict get $transform_record -settings]
+                    set obj [$transformname new $transform_record]
+                    set h [chan push $localchan $obj] 
+                    dict set transform_record -handle $h
+                    dict set transform_record -obj $obj
+                    dict set transform_record -note "insert_transform-with-aside"
+                    lappend stack $transform_record
+                    #add back poplist *except* the one we transferred into -aside (if we were able)
+                    foreach p [lrange $poplist $put_aside end] {
+                        set t [dict get $p -transform]
+                        set tsettings [dict get $p -settings]
+                        set obj [$t new $p]
+                        set h [chan push $localchan $obj]
+                        #retain previous -id  - code that added it may have kept reference and not expecting it to change
+                        dict set p -handle $h
+                        dict set p -obj $obj
+                        dict set p -note "re-added-after-sink-aside"
+                        lappend stack $p
+                    }
+                } else {
+                    #plain "sink"
+                    #we only sink to the topmost redirecting filter - which makes sense for an output channel
+                    #For stdin.. this is more problematic as we're more likely to want to intercept the bottom most redirection.
+                    #todo - review. Consider making default insert position for input channels to be at the source... and float/sink from there.
+                    # - we don't currently know from the stack api if adding input vs output channel - so this needs work to make intuitive.
+                    # consider splitting stack::add to stack::addinput stack::addoutput to split the different behaviour
+                    set poplist [lrange $stack $idx_existing_redir+1 end]
+                    set stack [insert_transform $pipename $stack $transform_record $poplist]
+                }
+            }
+        } else {
+            error "shellfilter::stack::add unimplemented action '$action'"
+        }
+
+        dict set pipelines $pipename stack $stack
+        #puts stdout "=="
+        #puts stdout "==>stack: $stack"
+        #puts stdout "=="
+        show_pipeline $pipename -note "after_add $transformname $args"
+        return $id
+    }
+    proc show_pipeline {pipename args} {
+        variable pipelines
+        set stack [dict get $pipelines $pipename stack]
+        set tag "SHELLFILTER::STACK"
+        #JMN - load from config
+        #::shellfilter::log::open $tag {-syslog 127.0.0.1:514}
+        ::shellfilter::log::open $tag {-syslog ""}
+        ::shellfilter::log::write $tag "transform stack for $pipename $args"
+        foreach tf $stack {
+            ::shellfilter::log::write $tag " $tf"
+        }
+
+    }
+}
+
+
+namespace eval shellfilter {
+    variable sources [list]
+    variable stacks [dict create]
+
+    proc ::shellfilter::redir_channel_to_log {chan args} {
+        variable sources
+        set default_logsettings [dict create \
+            -tag redirected_$chan -syslog "" -file ""\
+            ]
+        if {[dict exists $args -action]} {
+            set action [dict get $args -action]
+        } else {
+            # action "sink" is a somewhat reasonable default for an output redirection transform
+            # but it can make it harder to configure a plain ordered stack if the user is not expecting it, so we'll default to stack 
+            # also.. for stdin transform sink makes less sense.. 
+            #todo - default "stack" instead of empty string
+            set action ""
+        }
+        if {[dict exists $args -settings]} {
+            set logsettings [dict get $args -settings]
+        } else {
+            set logsettings {}
+        }
+
+        set logsettings [dict merge $default_logsettings $logsettings]
+        set tag [dict get $logsettings -tag]
+        if {$tag ni $sources} {
+            lappend sources $tag
+        }
+
+        set id [shellfilter::stack::add $chan logonly -action $action -settings $logsettings]
+        return $id
+    }
+
+    proc ::shellfilter::redir_output_to_log {tagprefix args} {
+        variable sources
+
+        set default_settings [list -tag ${tagprefix} -syslog "" -file ""]
+
+        set opts [dict create -action "" -settings {}]
+        set opts [dict merge $opts $args]
+        set optsettings [dict get $opts -settings]
+        set settings [dict merge $default_settings $optsettings]
+
+        set tag [dict get $settings -tag]
+        if {$tag ne $tagprefix} {
+            error "shellfilter::redir_output_to_log -tag value must match supplied tagprefix:'$tagprefix'. Omit -tag, or make it the same. It will automatically be suffixed with stderr and stdout. Use redir_channel_to_log if you want to separately configure each channel" 
+        }
+        lappend sources ${tagprefix}stdout ${tagprefix}stderr 
+
+        set stdoutsettings $settings
+        dict set stdoutsettings -tag ${tagprefix}stdout
+        set stderrsettings $settings
+        dict set stderrsettings -tag ${tagprefix}stderr
+
+        set idout [redir_channel_to_log stdout -action [dict get $opts -action] -settings $stdoutsettings]
+        set iderr [redir_channel_to_log stderr -action [dict get $opts -action] -settings $stderrsettings]
+
+        return [list $idout $iderr]
+    } 
+
+    #return a dict keyed on numerical list index showing info about each element 
+    # - particularly 
+    #  'wouldbrace' to indicate that the item would get braced by Tcl when added to another list
+    #  'head_tail_chars' to show current first and last character  (in case it's wrapped e.g in double or single quotes or an existing set of braces)
+    proc list_element_info {inputlist} {
+        set i 0
+        set info [dict create]
+        set testlist [list]
+        foreach original_item $inputlist {
+            #---
+            # avoid sharing internal rep with original items in the list (avoids shimmering of rep in original list for certain items such as paths)
+            unset -nocomplain item
+            append item $original_item {}
+            #---
+
+            set iteminfo [dict create]
+            set itemlen [string length $item]
+            lappend testlist $item
+            set tcl_len [string length $testlist]
+            set diff [expr {$tcl_len - $itemlen}]
+            if {$diff == 0} {
+                dict set iteminfo wouldbrace 0
+                dict set iteminfo wouldescape 0
+            } else {
+                #test for escaping vs bracing!
+                set testlistchars [split $testlist ""]
+                if {([lindex $testlistchars 0] eq "\{") && ([lindex $testlistchars end] eq "\}")} {
+                    dict set iteminfo wouldbrace 1
+                    dict set iteminfo wouldescape 0
+                } else {
+                    dict set iteminfo wouldbrace 0
+                    dict set iteminfo wouldescape 1
+                }
+            }
+            set testlist [list]
+            set charlist [split $item ""]
+            set char_a [lindex $charlist 0]
+            set char_b [lindex $charlist 1]
+            set char_ab ${char_a}${char_b}
+            set char_y [lindex $charlist end-1]
+            set char_z [lindex $charlist end]
+            set char_yz ${char_y}${char_z}
+
+            if { ("{" in $charlist) || ("}" in $charlist) } {
+                dict set iteminfo has_braces 1
+                set innerchars [lrange $charlist 1 end-1]
+                if {("{" in $innerchars) || ("}" in $innerchars)} {
+                    dict set iteminfo has_inner_braces 1
+                } else {
+                    dict set iteminfo has_inner_braces 0
+                }
+            } else {
+                dict set iteminfo has_braces 0
+                dict set iteminfo has_inner_braces 0
+            }
+
+            #todo - brace/char counting to determine if actually 'wrapped'
+            #e.g we could have list element {((abc)} - which appears wrapped if only looking at first and last chars.
+            #also {(x) (y)} as a list member.. how to treat?
+            if {$itemlen <= 1} {
+                dict set iteminfo apparentwrap "not"
+            } else {
+                if {($char_a eq {"}) && ($char_z eq {"})} {
+                    dict set iteminfo apparentwrap "doublequotes"
+                } elseif {($char_a eq "'") && ($char_z eq "'")} {
+                    dict set iteminfo apparentwrap "singlequotes"
+                } elseif {($char_a eq "(") && ($char_z eq ")")} {
+                    dict set iteminfo apparentwrap "brackets"
+                } elseif {($char_a eq "\{") && ($char_z eq "\}")} {
+                    dict set iteminfo apparentwrap "braces"
+                } elseif {($char_a eq "^") && ($char_z eq "^")} {
+                    dict set iteminfo apparentwrap "carets"
+                } elseif {($char_a eq "\[") && ($char_z eq "\]")} {
+                    dict set iteminfo apparentwrap "squarebrackets"
+                } elseif {($char_a eq "`") && ($char_z eq "`")} {
+                    dict set iteminfo apparentwrap "backquotes"
+                } elseif {($char_a eq "\n") && ($char_z eq "\n")} {
+                    dict set iteminfo apparentwrap "lf-newline"
+                } elseif {($char_ab eq "\r\n") && ($char_yz eq "\r\n")} {
+                    dict set iteminfo apparentwrap "crlf-newline"
+                } else {
+                    dict set iteminfo apparentwrap "not-determined"
+                }
+
+            }
+            dict set iteminfo wrapbalance "unknown"  ;#a hint to caller that apparentwrap is only a guide. todo - possibly make wrapbalance indicate 0 for unbalanced.. and positive numbers for outer-count of wrappings.
+            #e.g {((x)} == 0  {((x))} == 1 {(x) (y (z))} == 2
+            dict set iteminfo head_tail_chars [list $char_a $char_z]
+            set namemap [list \
+                 \r cr\
+                 \n lf\
+                 {"} doublequote\
+                 {'} singlequote\
+                 "`" backquote\
+                 "^" caret\
+                 \t tab\
+                 " " sp\
+                 "\[" lsquare\
+                 "\]" rsquare\
+                 "(" lbracket\
+                 ")" rbracket\
+                 "\{" lbrace\
+                 "\}" rbrace\
+                 \\ backslash\
+                 / forwardslash\
+                 ]
+            if {[string length $char_a]} {
+                set char_a_name [string map $namemap $char_a]
+            } else {
+                set char_a_name "emptystring"
+            }
+            if {[string length $char_z]} {
+                set char_z_name [string map $namemap $char_z]
+            } else {
+                set char_z_name "emptystring"
+            }
+
+            dict set iteminfo head_tail_names [list $char_a_name $char_z_name]
+            dict set iteminfo len $itemlen
+            dict set iteminfo difflen $diff ;#2 for braces, 1 for quoting?, or 0.
+            dict set info $i $iteminfo
+            incr i
+        }
+        return $info
+    }
+
+
+    #parse bracketed expression (e.g produced by vim "shellxquote=(" ) into a tcl (nested) list
+    #e.g {(^c:/my spacey/path^ >^somewhere^)} 
+    #e.g {(blah (etc))}"  
+    #Result is always a list - even if only one toplevel set of brackets - so it may need [lindex $result 0] if input is the usual case of {( ...)}  
+    # - because it also supports the perhaps less likely case of: {( ...) unbraced (...)} etc
+    # Note that 
+    #maintenance warning - duplication in branches for bracketed vs unbracketed!
+    proc parse_cmd_brackets {str} {
+        #wordwrappers currently best suited to non-bracket entities - no bracket matching within - anything goes until end-token reached.
+        # - but.. they only take effect where a word can begin. so a[x y]  may be split at the space unless it's within some other wraper e.g " a[x y]" will not break at the space
+        # todo - consider extending the in-word handling of word_bdepth which is currently only applied to ()  i.e aaa(x y) is supported but aaa[x y] is not as the space breaks the word up.
+        set wordwrappers [list \
+            "\"" [list "\"" "\"" "\""]\
+            {^} [list "\"" "\"" "^"]\
+            "'" [list "'" "'" "'"]\
+            "\{" [list "\{" "\}" "\}"]\
+            {[} [list {[} {]} {]}]\
+            ] ;#dict mapping start_character to {replacehead replacetail expectedtail}
+        set shell_specials [list "|" "|&" "<" "<@" "<<" ">" "2>" ">&" ">>" "2>>" ">>&" ">@" "2>@" "2>@1" ">&@" "&" "&&" ] ;#words/chars that may precede an opening bracket but don't merge with the bracket to form a word.    
+        #puts "pb:$str"
+        set in_bracket 0
+        set in_word 0
+        set word ""
+        set result {}
+        set word_bdepth 0 
+        set word_bstack [list]
+        set wordwrap "" ;#only one active at a time
+        set bracketed_elements [dict create]
+        foreach char [split $str ""] {
+            #puts "c:$char bracketed:$bracketed_elements"
+            if {$in_bracket > 0} {
+                if {$in_word} {
+                    if {[string length $wordwrap]} {
+                        #anything goes until end-char
+                        #todo - lookahead and only treat as closing if before a space or ")" ?
+                        lassign [dict get $wordwrappers $wordwrap] _open closing endmark
+                        if {$char eq $endmark} {
+                            set wordwrap ""
+                            append word $closing
+                            dict lappend bracketed_elements $in_bracket $word
+                            set word ""
+                            set in_word 0
+                        } else {
+                            append word $char
+                        }
+                    } else {
+                        if {$word_bdepth == 0} {
+                            #can potentially close off a word - or start a new one if word-so-far is a shell-special
+                            if {$word in $shell_specials} {
+                                if {$char eq ")"} {
+                                    dict lappend bracketed_elements $in_bracket $word 
+                                    set  subresult [dict get $bracketed_elements $in_bracket]
+                                    dict set bracketed_elements $in_bracket [list]
+                                    incr in_bracket -1
+                                    if {$in_bracket == 0} {
+                                        lappend result $subresult
+                                    } else {
+                                        dict lappend bracketed_elements $in_bracket $subresult
+                                    }
+                                    set word ""
+                                    set in_word 0
+                                } elseif {[regexp {[\s]} $char]} {
+                                    dict lappend bracketed_elements $in_bracket $word 
+                                    set word ""
+                                    set in_word 0
+                                } elseif {$char eq "("} {    
+                                    dict lappend bracketed_elements $in_bracket $word 
+                                    set word ""
+                                    set in_word 0
+                                    incr in_bracket
+                                } else {
+                                    #at end of shell-specials is another point to look for word started by a wordwrapper char
+                                    #- expect common case of things like >^/my/path^
+                                    if {$char in [dict keys $wordwrappers]} {
+                                        dict lappend bracketed_elements $in_bracket $word 
+                                        set word ""
+                                        set in_word 1 ;#just for explicitness.. we're straight into the next word.
+                                        set wordwrap $char
+                                        set word [lindex [dict get $wordwrappers $char] 0] ;#replace trigger char with the start value it maps to.
+                                    } else {
+                                        #something unusual.. keep going with word!
+                                        append word $char
+                                    }
+                                }
+                            } else {
+                            
+                                if {$char eq ")"} {
+                                    dict lappend bracketed_elements $in_bracket $word
+                                    set  subresult [dict get $bracketed_elements $in_bracket]
+                                    dict set bracketed_elements $in_bracket [list]
+                                    incr in_bracket -1
+                                    if {$in_bracket == 0} {
+                                        lappend result $subresult
+                                    } else {
+                                        dict lappend bracketed_elements $in_bracket $subresult
+                                    }
+                                    set word ""
+                                    set in_word 0
+                                } elseif {[regexp {[\s]} $char]} {
+                                    dict lappend bracketed_elements $in_bracket $word
+                                    set word ""
+                                    set in_word 0
+                                } elseif {$char eq "("} {
+                                    #ordinary word up-against and opening bracket - brackets are part of word.
+                                    incr word_bdepth 
+                                    append word "("
+                                } else {
+                                    append word $char
+                                }
+                            }
+                        } else {
+                            #currently only () are used for word_bdepth - todo  add all or some wordwrappers chars so that the word_bstack can have multiple active.
+                            if {$char eq "("} {
+                                incr word_bdepth
+                                lappend word_bstack $char
+                                append word $char 
+                            } elseif {$char eq ")"} {
+                                incr word_bdepth -1
+                                set word_bstack [lrange $word_bstack 0 end-1]
+                                append word $char 
+                            } else {
+                                #spaces and chars added to word as it's still in a bracketed section
+                                append word $char
+                            }
+                        }
+                    }
+                } else {
+                    
+                    if {$char eq "("} {
+                        incr in_bracket
+                        
+                    } elseif {$char eq ")"} {
+                        set subresult [dict get $bracketed_elements $in_bracket]
+                        dict set bracketed_elements $in_bracket [list]
+                        incr in_bracket -1
+                        if {$in_bracket == 0} {
+                            lappend result $subresult
+                        } else {
+                            dict lappend bracketed_elements $in_bracket $subresult
+                        }
+                    } elseif {[regexp {[\s]} $char]} {
+                        #
+                    } else {
+                        #first char of word - look for word-wrappers
+                        if {$char in [dict keys $wordwrappers]} {
+                            set wordwrap $char
+                            set word [lindex [dict get $wordwrappers $char] 0] ;#replace trigger char with the start value it maps to.
+                        } else {
+                            set word $char
+                        }
+                        set in_word 1
+                    }
+                }
+            } else {
+                if {$in_word} {
+                    if {[string length $wordwrap]} {
+                        lassign [dict get $wordwrappers $wordwrap] _open closing endmark
+                        if {$char eq $endmark} {
+                            set wordwrap ""
+                            append word $closing
+                            lappend result $word
+                            set word ""
+                            set in_word 0
+                        } else {
+                            append word $char
+                        }
+                    } else {
+                        
+                        if {$word_bdepth == 0} {
+                            if {$word in $shell_specials} {
+                                if {[regexp {[\s]} $char]} {
+                                    lappend result $word 
+                                    set word ""
+                                    set in_word 0
+                                } elseif {$char eq "("} {    
+                                    lappend result $word 
+                                    set word ""
+                                    set in_word 0
+                                    incr in_bracket
+                                } else {
+                                    #at end of shell-specials is another point to look for word started by a wordwrapper char
+                                    #- expect common case of things like >^/my/path^
+                                    if {$char in [dict keys $wordwrappers]} {
+                                        lappend result $word 
+                                        set word ""
+                                        set in_word 1 ;#just for explicitness.. we're straight into the next word.
+                                        set wordwrap $char
+                                        set word [lindex [dict get $wordwrappers $char] 0] ;#replace trigger char with the start value it maps to.
+                                    } else {
+                                        #something unusual.. keep going with word!
+                                        append word $char
+                                    }
+                                }
+                        
+                            } else {
+                                if {[regexp {[\s)]} $char]} {
+                                    lappend result $word
+                                    set word ""
+                                    set in_word 0
+                                } elseif {$char eq "("} {
+                                    incr word_bdepth
+                                    append word $char
+                                } else {
+                                append word $char
+                                }
+                            }
+                        } else {
+                            if {$char eq "("} {
+                                incr word_bdepth
+                                append word $char
+                            } elseif {$char eq ")"} {
+                                incr word_bdepth -1
+                                append word $char
+                            } else {
+                                append word $char
+                            }
+                        }
+                    }
+                } else {
+                    if {[regexp {[\s]} $char]} {
+                        #insig whitespace(?)
+                    } elseif {$char eq "("} {
+                        incr in_bracket
+                        dict set bracketed_elements $in_bracket [list]
+                    } elseif {$char eq ")"} {
+                        error "unbalanced bracket - unable to proceed result so far: $result bracketed_elements:$bracketed_elements"
+                    } else {
+                        #first char of word - look for word-wrappers
+                        if {$char in [dict keys $wordwrappers]} {
+                            set wordwrap $char
+                            set word [lindex [dict get $wordwrappers $char] 0] ;#replace trigger char with the start value it maps to.
+                        } else {
+                            set word $char
+                        }
+                        set in_word 1
+                    }
+                }
+            }
+            #puts "----$bracketed_elements"
+        }
+        if {$in_bracket > 0} {
+            error "shellfilter::parse_cmd_brackets missing close bracket. input was '$str'"
+        }
+        if {[dict exists $bracketed_elements 0]} {
+            #lappend result [lindex [dict get $bracketed_elements 0] 0]
+            lappend result [dict get $bracketed_elements 0]
+        }
+        if {$in_word} {
+            lappend result $word
+        }
+        return $result
+    }
+
+    #only double quote if argument not quoted with single or double quotes
+    proc dquote_if_not_quoted {a} {
+        if {([string range $a 0 0] eq {"}) && ([string range $a end end] eq {"})} {
+            return $a
+        } elseif {([string range $a 0 0] eq {'}) && ([string range $a end end] eq {'})} {
+            return $a
+        } else {
+            set newinner [string map [list {"} "\\\""] $a]
+            return "\"$newinner\""
+        }
+    }
+
+    #proc dquote_if_not_bracketed/braced? 
+
+    #wrap in double quotes if not double-quoted
+    proc dquote_if_not_dquoted {a} {
+        if {([string range $a 0 0] eq {"}) && ([string range $a end end] eq {"})} {
+            return $a
+        } else {
+            #escape any inner quotes..
+            set newinner [string map [list {"} "\\\""] $a]
+            return "\"$newinner\""
+        }
+    }
+    proc dquote {a} {
+        #escape any inner quotes..
+        set newinner [string map [list {"} "\\\""] $a]
+        return "\"$newinner\""
+    }
+    proc get_scriptrun_from_cmdlist_dquote_if_not {cmdlist {shellcmdflag ""}} {
+        set scr [auto_execok "script"]
+        if {[string length $scr]} {
+            #set scriptrun "( $c1 [lrange $cmdlist 1 end] )"
+            set arg1 [lindex $cmdlist 0]
+            if {[string first " " $arg1]>0} {
+                set c1 [dquote_if_not_quoted $arg1]
+                #set c1 "\"$arg1\""
+            } else {
+                set c1 $arg1
+            }
+
+            if {[string length $shellcmdflag]} {
+                set scriptrun "$shellcmdflag \$($c1 "
+            } else {
+                set scriptrun "\$($c1 "
+            }
+            #set scriptrun "$c1 "
+            foreach a [lrange $cmdlist 1 end] {
+                #set a [string map [list "/" "//"] $a]
+                #set a [string map [list "\"" "\\\""] $a]
+                if {[string first " " $a] > 0} {
+                    append scriptrun [dquote_if_not_quoted $a]
+                } else {
+                    append scriptrun $a
+                }
+                append scriptrun " "
+            }
+            set scriptrun [string trim $scriptrun]
+            append scriptrun ")"
+            #return [list $scr -q -e -c $scriptrun /dev/null]
+            return [list $scr -e -c $scriptrun /dev/null]
+        } else {
+            return $cmdlist
+        }
+    }
+
+    proc ::shellfilter::trun {commandlist args} {
+        #jmn
+    }
+
+
+    # run a command (or tcl script) with tees applied to stdout/stderr/stdin (or whatever channels are being used) 
+    # By the point run is called - any transforms should already be in place on the channels if they're needed.
+    # The tees will be inline with none,some or all of those transforms depending on how the stack was configured
+    #  (upstream,downstream configured via -float,-sink etc)
+    proc ::shellfilter::run {commandlist args} {
+        #must be a list. If it was a shell commandline string. convert it elsewhere first.
+
+        variable sources
+        set runtag "shellfilter-run"
+        #set tid [::shellfilter::log::open $runtag [list -syslog 127.0.0.1:514]]
+        set tid [::shellfilter::log::open $runtag [list -syslog ""]]
+        ::shellfilter::log::write $runtag " commandlist:'$commandlist' len:[llength $commandlist]"
+
+        #flush stdout
+        #flush stderr 
+
+        #adding filters with sink-aside will temporarily disable the existing redirection
+        #All stderr/stdout from the shellcommand will now tee to the underlying stderr/stdout as well as the configured syslog
+
+        set defaults [dict create \
+            -teehandle command \
+            -outchan stdout \
+            -errchan stderr \
+            -inchan stdin \
+            -tclscript 0 \
+            ]
+        set opts                    [dict merge $defaults $args]
+
+        # -- --- --- --- --- --- --- --- --- --- --- --- --- ---
+        set outchan                 [dict get $opts -outchan]
+        set errchan                 [dict get $opts -errchan]
+        set inchan                  [dict get $opts -inchan]
+        set teehandle               [dict get $opts -teehandle]
+        # -- --- --- --- --- --- --- --- --- --- --- --- --- ---
+        set is_script               [dict get $opts -tclscript]
+        dict unset opts -tclscript ;#don't pass it any further
+        # -- --- --- --- --- --- --- --- --- --- --- --- --- ---
+        set teehandle_out ${teehandle}out   ;#default commandout
+        set teehandle_err ${teehandle}err
+        set teehandle_in ${teehandle}in
+
+
+        #puts stdout "shellfilter initialising tee_to_pipe transforms for in/out/err"
+
+        # sources should be added when stack::new called instead(?)
+        foreach source [list $teehandle_out $teehandle_err] {
+            if {$source ni $sources} {
+                lappend sources $source
+            }
+        }
+        set outdeviceinfo [dict get $::shellfilter::stack::pipelines $teehandle_out device]
+        set outpipechan [dict get $outdeviceinfo localchan]
+        set errdeviceinfo [dict get $::shellfilter::stack::pipelines $teehandle_err device]
+        set errpipechan [dict get $errdeviceinfo localchan]
+
+        #set indeviceinfo [dict get $::shellfilter::stack::pipelines $teehandle_in device]
+        #set inpipechan [dict get $indeviceinfo localchan]
+
+        #NOTE:These transforms are not necessarily at the top of each stack! 
+        #The float/sink mechanism, along with whether existing transforms are diversionary decides where they sit.
+        set id_out [shellfilter::stack::add $outchan tee_to_pipe -action sink-aside -settings [list -tag $teehandle_out -pipechan $outpipechan]]
+        set id_err [shellfilter::stack::add $errchan tee_to_pipe -action sink-aside -settings [list -tag $teehandle_err -pipechan $errpipechan]]
+
+        # need to use os level channel handle for stdin - try named pipes (or even sockets) instead of fifo2 for this
+        # If non os-level channel - the command can't be run with the redirection
+        # stderr/stdout can be run with non-os handles in the call - 
+        # but then it does introduce issues with terminal-detection and behaviour for stdout at least
+        #
+        # input is also a tee - we never want to change the source at this point - just log/process a side-channel of it.
+        #
+        #set id_in  [shellfilter::stack::add $inchan  tee_to_pipe -action sink-aside -settings [list -tag commandin -pipechan $inpipechan]]
+
+
+        #set id_out [shellfilter::stack::add stdout tee_to_log -action sink-aside -settings [list -tag shellstdout -syslog 127.0.0.1:514 -file ""]]
+        #set id_err [shellfilter::stack::add stderr tee_to_log -action sink-aside -settings [list -tag shellstderr -syslog 127.0.0.1:514 -file "stderr.txt"]]
+
+        #we need to catch errors - and ensure stack::remove calls occur.
+        #An error can be raised if the command couldn't even launch, as opposed to a non-zero exitcode and stderr output from the command itself.
+        #
+        if {!$is_script} { 
+            set experiment 0
+            if $experiment {
+                try {
+                    set results [exec {*}$commandlist]
+                    set exitinfo [list exitcode 0]
+                } trap CHILDSTATUS {results options} {
+                    set exitcode [lindex [dict get $options -errorcode] 2]
+                    set exitinfo [list exitcode $exitcode]
+                }
+            } else {
+                if {[catch { 
+                    #run process with stdout/stderr/stdin or with configured channels
+                    #set exitinfo [shellcommand_stdout_stderr $commandlist $outchan $errchan $inpipechan {*}$opts]
+                    set exitinfo [shellcommand_stdout_stderr $commandlist $outchan $errchan stdin {*}$opts]
+                    #puts stderr "---->exitinfo $exitinfo"
+
+                    #subprocess result should usually have an "exitcode" key
+                    #but for background execution we will get a "pids" key of process ids.
+                } errMsg]} {
+                    set exitinfo [list error "$errMsg" source shellcommand_stdout_stderr]
+                }
+            }
+        } else {
+            if {[catch {
+                #script result
+                set exitinfo [list result [uplevel #0 [list eval $commandlist]]]
+            } errMsg]} {
+                set exitinfo [list error "$errMsg" errorCode $::errorCode errorInfo "$::errorInfo"]
+            }
+        }
+
+
+        #the previous redirections on the underlying inchan/outchan/errchan items will be restored from the -aside setting during removal
+        #Remove execution-time Tees from stack
+        shellfilter::stack::remove stdout $id_out
+        shellfilter::stack::remove stderr $id_err
+        #shellfilter::stack::remove stderr $id_in
+
+
+        #chan configure stderr -buffering line
+        #flush stdout
+
+
+        ::shellfilter::log::write $runtag " return '$exitinfo'"
+        ::shellfilter::log::close $runtag
+        return $exitinfo
+    }
+    proc ::shellfilter::logtidyup { {tags {}} } {
+        variable sources
+        set worker_errorlist [list]
+        set tidied_sources [list]
+        set tidytag "logtidy"
+        set tid [::shellfilter::log::open $tidytag {-syslog 127.0.0.1:514}]
+        ::shellfilter::log::write $tidytag " logtidyuptags '$tags'"
+        foreach s $sources {
+            if {$s eq $tidytag} {
+                continue
+            }
+            #puts "logtidyup source $s"
+            set close 1
+            if {[llength $tags]} {
+                if {$s ni $tags} {
+                    set close 0
+                }
+            }
+            if {$close} {
+                lappend tidied_sources $s
+                shellfilter::log::close $s
+                lappend worker_errorlist {*}[shellthread::manager::get_and_clear_errors $s]
+            }
+        }
+        set remaining_sources [list]
+        foreach s $sources {
+            if {$s ni $tidied_sources} {
+                lappend remaining_sources $s
+            }
+        } 
+        set sources [concat $remaining_sources $tidytag]
+        #shellfilter::stack::unwind stdout
+        #shellfilter::stack::unwind stderr
+        return [list tidied $tidied_sources errors $worker_errorlist]
+    }
+
+    #package require tcl::chan::null
+    # e.g set errchan [tcl::chan::null]
+    # e.g chan push stdout [shellfilter::chan::var new ::some_var]
+    proc  ::shellfilter::shellcommand_stdout_stderr {commandlist outchan errchan inchan args} {
+        set valid_flags [list \
+            -timeout \
+            -outprefix \
+            -errprefix \
+            -debug \
+            -copytempfile \
+            -outbuffering \
+            -errbuffering \
+            -inbuffering \
+            -readprocesstranslation \
+            -outtranslation \
+            -stdinhandler \
+            -outchan \
+            -errchan \
+            -inchan \
+            -teehandle\
+            ]
+
+        set runtag shellfilter-run2
+        #JMN - load from config
+        #set tid [::shellfilter::log::open $runtag [list -syslog "127.0.0.1:514"]]
+        set tid [::shellfilter::log::open $runtag [list -syslog ""]]
+
+        if {([llength $args] % 2) != 0} {
+            error "Trailing arguments after any positional arguments must be in pairs of the form -argname argvalue. Valid flags are:'$valid_flags'"
+        }
+        set invalid_flags [list]
+        foreach k [dict keys $args] {
+            if {$k ni $valid_flags} {
+                lappend invalid_flags $k
+            }
+        }
+        if {[llength $invalid_flags]} {
+            error "Unknown option(s)'$invalid_flags': must be one of '$valid_flags'"
+        }
+        #line buffering generally best for output channels.. keeps relative output order of stdout/stdin closer to source order
+        #there may be data where line buffering is inappropriate, so it's configurable per std channel 
+        #reading inputs with line buffering can result in extraneous newlines as we can't detect trailing data with no newline before eof.
+        set defaults [dict create \
+            -outchan stdout \
+            -errchan stderr \
+            -inchan stdin \
+            -outbuffering none \
+            -errbuffering none \
+            -readprocesstranslation auto \
+            -outtranslation lf \
+            -inbuffering none \
+            -timeout 900000\
+            -outprefix ""\
+            -errprefix ""\
+            -debug 0\
+            -copytempfile 0\
+            -stdinhandler ""\
+            ]
+
+
+
+        set args [dict merge $defaults $args]
+        set outbuffering   [dict get $args -outbuffering]
+        set errbuffering   [dict get $args -errbuffering]
+        set inbuffering               [dict get $args -inbuffering]
+        set readprocesstranslation    [dict get $args -readprocesstranslation]
+        set outtranslation            [dict get $args -outtranslation]
+        set timeout                   [dict get $args -timeout]
+        set outprefix   [dict get $args -outprefix]
+        set errprefix   [dict get $args -errprefix]
+        set debug       [dict get $args -debug]
+        set copytempfile [dict get $args -copytempfile]
+        set stdinhandler [dict get $args -stdinhandler]
+
+        set debugname "shellfilter-debug"
+
+        if {$debug} {
+            set tid [::shellfilter::log::open $debugname [list -syslog "127.0.0.1:514"]]
+            ::shellfilter::log::write $debugname " commandlist '$commandlist'"
+        }
+        #'clock micros' good enough id for shellcommand calls unless one day they can somehow be called concurrently or sequentially within a microsecond and within the same interp.
+        # a simple counter would probably work too
+        #consider other options if an alternative to the single vwait in this function is used.
+        set call_id [clock micros] ;
+        set ::shellfilter::shellcommandvars($call_id,exitcode) ""
+        set waitvar ::shellfilter::shellcommandvars($call_id,waitvar)
+        if {$debug} {
+            ::shellfilter::log::write $debugname " waitvar '$waitvar'"
+        }
+        lassign [chan pipe] rderr wrerr
+        chan configure $wrerr -blocking 0
+
+        set lastitem [lindex $commandlist end]
+        #todo - ensure we can handle 2> file  (space after >)
+
+        if {[string trim [lindex $commandlist end]] eq "&"} {
+            set name [lindex $commandlist 0]
+            #background execution - stdout and stderr from child still comes here - but process is backgrounded 
+            #FIX! - this is broken for paths with backslashes for example
+            #set pidlist [exec {*}[concat $name [lrange $commandlist 1 end]]]
+            set pidlist [exec {*}$commandlist]
+            return [list pids $pidlist]
+        }
+
+        #review - reconsider the handling of redirections such that tcl-style are handled totally separately to other shell syntaxes!
+        #
+        #note 2>@1 must ocur as last word for tcl - but 2@stdout can occur elsewhere
+        #(2>@stdout echoes to main stdout - not into pipeline)
+        #To properly do pipelines it looks like we will have to split on | and call this proc multiple times and wire it up accordingly (presumably in separate threads)
+        set custom_stderr ""
+        if {[string trim $lastitem] in [list {2>&1} {2>@1}]} {
+            set custom_stderr {2>@1}  ;#use the tcl style
+            set commandlist [lrange $commandlist 0 end-1]
+        } else {
+            # 2> filename 
+            # 2>> filename
+            # 2>@ openfileid
+            set redir2test [string range $lastitem 0 1]
+            if {$redir2test eq "2>"} {
+                set custom_stderr $lastitem
+                set commandlist [lrange $commandlist 0 end-1]
+            }
+        }
+        set lastitem [lindex $commandlist end]
+
+        set teefile "" ;#empty string, write, append
+        #an ugly hack.. because redirections seem to arrive wrapped  - review!
+        #There be dragons here..
+        #Be very careful with list manipulation of the commandlist string.. backslashes cause havoc. commandlist must always be a well-formed list. generally avoid string manipulations on entire list or accidentally breaking a list element into parts if it shouldn't be..
+        #The problem here - is that we can't always know what was intended on the commandline regarding quoting
+
+        ::shellfilter::log::write $runtag "checking for redirections in $commandlist"
+        #sometimes we see a redirection without a following space  e.g >C:/somewhere 
+        #normalize
+        if {[regexp {^>[/[:alpha:]]+} $lastitem]} {
+            set lastitem "> [string range $lastitem 1 end]"
+        }
+        if {[regexp {^>>[/[:alpha:]]+} $lastitem]} {
+            set lastitem ">> [string range $lastitem 2 end]"
+        }
+
+        #for a redirection, we assume either a 2-element list at tail of form {> {some path maybe with spaces}}
+        #or that the tail redirection is not wrapped..  x y z > {some path maybe with spaces}
+        #we can't use list methods such as llenth on a member of commandlist
+        set wordlike_parts [regexp -inline -all {\S+} $lastitem]
+
+        if {([llength $wordlike_parts] >= 2) && ([lindex $wordlike_parts 0] in [list ">>" ">"])} {
+            #wrapped redirection - but maybe not 'well' wrapped (unquoted filename)
+            set lastitem [string trim $lastitem]  ;#we often see { > something}
+
+            #don't use lassign or lrange on the element itself without checking first
+            #we can treat the commandlist as a whole as a well formed list but not neccessarily each element within.
+            #lassign $lastitem redir redirtarget 
+            #set commandlist [lrange $commandlist 0 end-1]
+            #
+            set itemchars [split $lastitem ""]
+            set firstchar [lindex $itemchars 0]
+            set lastchar [lindex $itemchars end]
+
+            #NAIVE test for double quoted only!
+            #consider for example {"a" x="b"} 
+            #testing first and last is not decisive
+            #We need to decide what level of drilling down is even appropriate here.. 
+            #if something was double wrapped - it was perhaps deliberate so we don't interpret it as something(?)
+            set head_tail_chars [list $firstchar $lastchar]
+            set doublequoted [expr {[llength [lsearch -all $head_tail_chars "\""]] == 2}]
+            if {[string equal "\{" $firstchar] && [string equal "\}" $lastchar]} {
+                set curlyquoted 1
+            } else {
+                set curlyquoted 0
+            }
+
+            if {$curlyquoted} {
+                #these are not the tcl protection brackets but ones supplied in the argument
+                #it's still not valid to use list operations on a member of the commandlist
+                set inner [string range $lastitem 1 end-1]
+                #todo - fix! we still must assume there could be list-breaking data!
+                set innerwords [regexp -inline -all {\S+} $inner] ;#better than [split $inner] because we don't get extra empty elements for each whitespace char
+                set redir [lindex $innerwords 0] ;#a *potential* redir - to be tested below
+                set redirtarget [lrange $innerwords 1 end] ;#all the rest
+            } elseif {$doublequoted} {
+                ::shellfilter::log::write $debugname "doublequoting at tail of command '$commandlist'" 
+                set inner [string range $lastitem 1 end-1]
+                set innerwords [regexp -inline -all {\S+} $inner]
+                set redir [lindex $innerwords 0]
+                set redirtarget [lrange $innerwords 1 end] 
+            } else {
+                set itemwords [regexp -inline -all {\S+} $lastitem]
+                # e.g > c:\test   becomes > {c:\test}
+                # but > c/mnt/c/test/temp.txt stays as > /mnt/c/test/temp.txt
+                set redir [lindex $itemwords 0]
+                set redirtarget [lrange $itemwords 1 end]
+            }
+            set commandlist [lrange $commandlist 0 end-1]
+        
+      } elseif {[lindex $commandlist end-1] in [list ">>" ">"]} {
+        #unwrapped redirection
+        #we should be able to use list operations like lindex and lrange here as the command itself is hopefully still a well formed list
+        set redir [lindex $commandlist end-1]
+        set redirtarget [lindex $commandlist end]
+        set commandlist [lrange $commandlist 0 end-2]
+      } else {
+        #no redirection 
+        set redir ""
+        set redirtarget ""
+        #no change to command list
+      }
+
+
+
+      if {$redir in [list ">>" ">"]} {
+          set redirtarget [string trim $redirtarget "\""]
+          ::shellfilter::log::write $runtag " have redirection '$redir' to '$redirtarget'"
+          
+
+          set winfile $redirtarget ;#default assumption
+          if {[string match "/c/*" $redirtarget]} {
+            set winfile "c:/[string range $redirtarget 3 end]"
+          }
+          if {[string match "/mnt/c/*" $redirtarget]} {
+            set winfile "c:/[string range $redirtarget 7 end]"
+          }
+
+          if {[file exists [file dirname $winfile]]} {
+            #containing folder for target exists
+            if {$redir eq ">"} {
+              set teefile "write"
+            } else {
+              set teefile "append"
+            }
+            ::shellfilter::log::write $runtag "Directory exists '[file dirname $winfile]' operation:$teefile"
+
+          } else {
+            #we should be writing to a file.. but can't
+            ::shellfilter::log::write $runtag "cannot verify directory exists '[file dirname $winfile]'"
+
+          }
+      } else {
+          ::shellfilter::log::write $runtag "No redir found!!" 
+      }
+      #often first element of command list is wrapped and cannot be run directly
+      #e.g {{ls -l} {> {temp.tmp}}}
+      #we will assume that if there is a single element which is a pathname containing a space - it is doubly wrapped.
+      # this may not be true - and the command may fail if it's just {c:\program files\etc}  but it is the less common case and we currently have no way to detect.
+      #unwrap first element.. will not affect if not wrapped anyway (subject to comment above re spaces)
+      set commandlist [concat [lindex $commandlist 0] [lrange $commandlist 1 end]]
+
+      #todo?
+      #child process environment.
+      # - to pass a different environment to the child - we would need to save the env array, modify as required, and then restore the env array.
+
+      #to restore buffering states after run
+      set remember_in_out_err_buffering [list \
+         [chan configure $inchan -buffering] \
+         [chan configure $outchan -buffering] \
+         [chan configure $errchan -buffering] \
+         ]
+
+      set remember_in_out_err_translation [list \
+          [chan configure $inchan -translation] \
+          [chan configure $outchan -translation] \
+          [chan configure $errchan -translation] \
+          ]
+          
+      
+      
+
+
+      chan configure $inchan -buffering  $inbuffering -blocking 0  ;#we are setting up a readable handler for this - so non-blocking ok
+      chan configure $errchan -buffering $errbuffering
+      #chan configure $outchan -blocking 0
+      chan configure $outchan -buffering $outbuffering ;#don't configure non-blocking. weird duplicate of *second* line occurs if you do.
+      #
+
+      #--------------------------------------------
+      #Tested on windows. Works to stop <cr><cr><lf> in output when buffering is none, reading from channel with -translation auto
+      #cmd, pwsh, tcl 
+      #chan configure $outchan -translation lf
+      #chan configure $errchan -translation lf
+      #--------------------------------------------
+      chan configure $outchan -translation $outtranslation
+      chan configure $errchan -translation $outtranslation
+
+      #puts stderr "chan configure $wrerr [chan configure $wrerr]"
+      if {$debug} {
+        ::shellfilter::log::write $debugname "COMMAND  [list $commandlist] strlen:[string length $commandlist] llen:[llength $commandlist]"
+      }
+      #todo - handle custom redirection of stderr to a file?
+      if {[string length $custom_stderr]} {
+        #::shellfilter::log::write $runtag "LAUNCH open |[concat $commandlist $custom_stderr] a+"
+        #set rdout [open |[concat $commandlist $custom_stderr] a+] 
+        ::shellfilter::log::write $runtag "LAUNCH open |[concat $commandlist [list $custom_stderr <@$inchan]] [list RDONLY]"
+        set rdout [open |[concat $commandlist [list <@$inchan $custom_stderr]] [list RDONLY]] 
+        set rderr "bogus" ;#so we don't wait for it
+      } else {
+        ::shellfilter::log::write $runtag "LAUNCH open |[concat $commandlist [list 2>@$wrerr <@$inchan]] [list RDONLY]"
+        #set rdout [open |[concat $commandlist [list 2>@$wrerr]] a+]
+        #set rdout [open |[concat $commandlist [list 2>@$wrerr]] [list RDWR]]
+
+        # If we don't redirect stderr to our own tcl-based channel - then the transforms don't get applied. 
+        # This is the whole reason we need these file-event loops.
+        # Ideally we need something like exec,open in tcl that interacts with transformed channels directly and emits as it runs, not only at termination
+        #  - and that at least appears like a terminal to the called command.
+        #set rdout [open |[concat $commandlist [list 2>@stderr <@$inchan]] [list RDONLY]]
+        
+
+        set rdout [open |[concat $commandlist [list 2>@$wrerr <@$inchan]] [list RDONLY]]
+
+        chan configure $rderr -buffering $errbuffering -blocking 0
+        chan configure $rderr -translation $readprocesstranslation
+      }
+
+
+
+      set command_pids [pid $rdout]
+        #puts stderr "command_pids: $command_pids"
+        #tcl::process ensemble only available in 8.7+ - and it didn't prove useful here anyway
+        # the child process generally won't shut down until channels are closed.
+        # premature EOF on grandchild process launch seems to be due to lack of terminal emulation when redirecting stdin/stdout.
+        # worked around in punk/repl using 'script' command as a fake tty.
+        #set subprocesses [tcl::process::list]
+        #puts stderr "subprocesses: $subprocesses"
+        #if {[lindex $command_pids 0] ni $subprocesses} {
+        #    puts stderr "pid [lindex $command_pids 0] not running $errMsg"
+        #} else {
+        #    puts stderr "pid [lindex $command_pids 0] is running"
+        #}
+
+      
+      if {$debug} {
+          ::shellfilter::log::write $debugname "pipeline pids: $command_pids"
+      }
+
+      #jjj
+
+
+      chan configure $rdout -buffering $outbuffering -blocking 0
+      chan configure $rdout -translation $readprocesstranslation 
+
+      if {![string length $custom_stderr]} { 
+        chan event $rderr readable [list apply {{chan other wrerr outchan errchan waitfor errprefix errbuffering debug debugname pids} {
+            if {$errbuffering eq "line"} {
+                set countchunk [chan gets $chan chunk] ;#only get one line so that order between stderr and stdout is more likely to be preserved
+                #errprefix only applicable to line buffered output
+                if {$countchunk >= 0} {
+                    if {[chan eof $chan]} {
+                        puts -nonewline $errchan ${errprefix}$chunk
+                    } else {
+                        puts $errchan "${errprefix}$chunk"
+                    }
+                }
+            } else {
+                set chunk [chan read $chan]
+                if  {[string length $chunk]} {
+                    puts -nonewline $errchan $chunk
+                }
+            } 
+            if {[chan eof $chan]} {
+                flush $errchan ;#jmn
+                #set subprocesses [tcl::process::list]
+                #puts stderr "subprocesses: $subprocesses"
+                #if {[lindex $pids 0] ni $subprocesses} {
+                #    puts stderr "stderr reader: pid [lindex $pids 0] no longer running"
+                #} else {
+                #    puts stderr "stderr reader: pid [lindex $pids 0] still running"
+                #}
+                    chan close $chan
+                    #catch {chan close $wrerr}
+                    if {$other ni [chan names]} {
+                        set $waitfor stderr
+                    }
+            }
+        }} $rderr $rdout $wrerr $outchan $errchan $waitvar $errprefix $errbuffering $debug $debugname $command_pids]
+      }
+
+        #todo - handle case where large amount of stdin coming in faster than rdout can handle
+        #as is - arbitrary amount of memory could be used because we aren't using a filevent for rdout being writable
+        # - we're just pumping it in to the non-blocking rdout buffers 
+        # ie there is no backpressure and stdin will suck in as fast as possible.
+        # for most commandlines this probably isn't too big a deal.. but it could be a problem for multi-GB disk images etc
+        #
+        #
+        
+        ## Note - detecting trailing missing nl before eof is basically the same  here as when reading rdout from executable
+        # - but there is a slight difference in that with rdout we get an extra blocked state just prior to the final read.
+        # Not known if that is significant
+        ## with inchan configured -buffering line 
+        #c:\repo\jn\shellspy\test>printf "test\netc\n" | tclsh shellspy.vfs/main.tcl -r cat
+        #warning reading input with -buffering line. Cannot detect missing trailing-newline at eof
+        #instate  b:0 eof:0 pend:-1 count:4
+        #test
+        #instate  b:0 eof:0 pend:-1 count:3
+        #etc
+        #instate  b:0 eof:1 pend:-1 count:-1
+
+        #c:\repo\jn\shellspy\test>printf "test\netc" | tclsh shellspy.vfs/main.tcl -r cat
+        #warning reading input with -buffering line. Cannot detect missing trailing-newline at eof
+        #instate  b:0 eof:0 pend:-1 count:4
+        #test
+        #instate  b:0 eof:1 pend:-1 count:3
+        #etc
+
+        if 0 {
+            chan event $inchan readable [list apply {{chan wrchan inbuffering waitfor} {
+                #chan copy stdin $chan ;#doesn't work in a chan event
+                if {$inbuffering eq "line"} {
+                    set countchunk [chan gets $chan chunk]
+                    #puts $wrchan "stdinstate  b:[chan blocked $chan] eof:[chan eof $chan] pend:[chan pending output $chan] count:$countchunk"
+                    if {$countchunk >= 0} {
+                        if {[chan eof $chan]} {
+                            puts -nonewline $wrchan $chunk
+                        } else {
+                            puts $wrchan $chunk
+                        }
+                    }
+                } else {
+                    set chunk [chan read $chan]
+                    if {[string length $chunk]} {
+                        puts -nonewline $wrchan $chunk
+                    } 
+                }
+                if {[chan eof $chan]} {
+                    puts stderr "|stdin_reader>eof [chan configure stdin]"
+                    chan event $chan readable {}
+                    #chan close $chan 
+                    chan close $wrchan write ;#half close
+                    #set $waitfor "stdin"
+                }
+            }} $inchan $rdout $inbuffering $waitvar]
+       
+            if {[string length $stdinhandler]} {
+                chan configure stdin -buffering line -blocking 0
+                chan event stdin readable $stdinhandler
+            }
+       } 
+
+        set actual_proc_out_buffering [chan configure $rdout -buffering]
+        set actual_outchan_buffering [chan configure $outchan -buffering]
+        #despite whatever is configured - we match our reading to how we need to output
+        set read_proc_out_buffering $actual_outchan_buffering
+      
+
+
+      if {[string length $teefile]} {
+        set logname "redir_[string map [list : _ ] $winfile]_[clock micros]"
+        set tid [::shellfilter::log::open $logname {-syslog 127.0.0.1:514}]
+        if {$teefile eq "write"} {
+          ::shellfilter::log::write $logname "opening '$winfile' for write" 
+          set fd [open $winfile w]
+        } else {
+          ::shellfilter::log::write $logname "opening '$winfile' for appending" 
+          set fd [open $winfile a]
+        }
+        #chan configure $fd -translation lf 
+        chan configure $fd -translation $outtranslation
+        chan configure $fd -encoding utf-8 
+
+        set tempvar_bytetotal [namespace current]::totalbytes[clock micros] 
+        set $tempvar_bytetotal 0
+        chan event $rdout readable [list apply {{chan other wrerr outchan errchan read_proc_out_buffering waitfor outprefix call_id debug debugname writefile writefilefd copytempfile bytevar logtag} {
+            #review - if we write outprefix to normal stdout.. why not to redirected file?  
+            #usefulness of outprefix is dubious
+            upvar $bytevar totalbytes
+            if {$read_proc_out_buffering eq "line"} {
+                #set outchunk [chan read $chan]
+                set countchunk [chan gets $chan outchunk] ;#only get one line so that order between stderr and stdout is more likely to be preserved
+                if  {$countchunk >= 0} {
+                    if {![chan eof $chan]} {
+                        set numbytes [expr {[string length $outchunk] + 1}]  ;#we are assuming \n not \r\n - but count won't/can't be completely accurate(?) - review
+                        puts $writefilefd $outchunk
+                    } else {
+                        set numbytes [string length $outchunk]
+                        puts -nonewline $writefilefd $outchunk
+                    }
+                    incr totalbytes $numbytes
+                    ::shellfilter::log::write $logtag "${outprefix} wrote $numbytes  bytes to $writefile"
+                    #puts $outchan "${outprefix} wrote $numbytes  bytes to $writefile"
+                }
+            } else {
+                set outchunk [chan read $chan]
+                if {[string length $outchunk]} {
+                    puts -nonewline $writefilefd $outchunk
+                    set numbytes [string length $outchunk]
+                    incr totalbytes $numbytes
+                    ::shellfilter::log::write $logtag "${outprefix} wrote $numbytes  bytes to $writefile"
+                }
+            }
+            if {[chan eof $chan]} {
+                flush $writefilefd ;#jmn
+                #set blocking so we can get exit code
+                chan configure $chan -blocking 1 
+                catch {::shellfilter::log::write $logtag "${outprefix} total bytes $totalbytes written to $writefile"}
+                #puts $outchan "${outprefix} total bytes $totalbytes written to $writefile"
+                catch {close $writefilefd}
+                if {$copytempfile} {
+                  catch {file copy $writefile "[file rootname $writefile]_copy[file extension $writefile]"}
+                }
+                try {
+                    chan close $chan
+                    set ::shellfilter::shellcommandvars($call_id,exitcode) 0
+                    if {$debug} {
+                        ::shellfilter::log::write $debugname "(teefile) -- child process returned no error. (exit code 0) --"
+                    }
+                } trap CHILDSTATUS {result options} {
+                    set code [lindex [dict get $options -errorcode] 2]
+                    if {$debug} {
+                        ::shellfilter::log::write $debugname "(teefile) CHILD PROCESS EXITED with code: $code"
+                    }
+                    set ::shellfilter::shellcommandvars($call_id,exitcode) $code
+                }
+                catch {chan close $wrerr}
+                if {$other ni [chan names]} {
+                    set $waitfor stdout
+                }
+            }
+        }} $rdout $rderr $wrerr $outchan $errchan $read_proc_out_buffering $waitvar $outprefix $call_id $debug $debugname $winfile $fd $copytempfile $tempvar_bytetotal $logname]
+        
+      } else {
+
+        # This occurs when we have outbuffering set to 'line' - as the 'input' from rdout which comes from the executable is also configured to 'line'
+        # where b:0|1 is whether chan blocked $chan returns 0 or 1
+        # pend is the result of chan pending $chan
+        # eof is the resot of chan eof $chan
+
+
+        ##-------------------------
+        ##If we still read with gets,to retrieve line by line for output to line-buffered output - but the input channel is configured with -buffering none
+        ## then we can detect the difference
+        # there is an extra blocking read - but we can stil use eof with data to detect the absent newline and avoid passing an extra one on.
+        #c:\repo\jn\shellspy\test>printf "test\netc\n" | tclsh shellspy.vfs/main.tcl /c cat
+        #instate  b:0 eof:0 pend:-1 count:4
+        #test
+        #instate  b:0 eof:0 pend:-1 count:3
+        #etc
+        #instate  b:0 eof:1 pend:-1 count:-1
+
+        #c:\repo\jn\shellspy\test>printf "test\netc" | tclsh shellspy.vfs/main.tcl /u/c cat
+        #instate  b:0 eof:0 pend:-1 count:4
+        #test
+        #instate  b:1 eof:0 pend:-1 count:-1
+        #instate  b:0 eof:1 pend:-1 count:3
+        #etc
+        ##------------------------
+
+
+        #this should only occur if upstream is coming from stdin reader that has  line buffering and hasn't handled the difference properly..
+        ###reading with gets from line buffered input with trailing newline
+        #c:\repo\jn\shellspy\test>printf "test\netc\n" | tclsh shellspy.vfs/main.tcl /c cat
+        #instate  b:0 eof:0 pend:-1 count:4
+        #test
+        #instate  b:0 eof:0 pend:-1 count:3
+        #etc
+        #instate  b:0 eof:1 pend:-1 count:-1
+
+        ###reading with gets from line buffered input with trailing newline
+        ##No detectable difference!
+        #c:\repo\jn\shellspy\test>printf "test\netc" | tclsh shellspy.vfs/main.tcl /c cat
+        #instate  b:0 eof:0 pend:-1 count:4
+        #test
+        #instate  b:0 eof:0 pend:-1 count:3
+        #etc
+        #instate  b:0 eof:1 pend:-1 count:-1
+        ##-------------------------
+
+        #Note that reading from -buffering none and writing straight out gives no problem because we pass the newlines through as is
+
+        
+        #set ::shellfilter::chan::lastreadblocked_nodata_noeof($rdout) 0 ;#a very specific case of readblocked prior to eof.. possibly not important
+        #this detection is disabled for now - but left for debugging in case it means something.. or changes 
+        chan event $rdout readable [list apply {{chan other wrerr outchan errchan read_proc_out_buffering waitfor outprefix call_id debug debugname pids} {
+            #set outchunk [chan read $chan]
+            
+            if {$read_proc_out_buffering eq "line"} {
+                set countchunk [chan gets $chan outchunk] ;#only get one line so that order between stderr and stdout is more likely to be preserved
+                #countchunk can be -1 before eof e.g when blocked
+                #debugging output inline with data - don't leave enabled
+                #puts $outchan "instate  b:[chan blocked $chan] eof:[chan eof $chan] pend:[chan pending output $chan] count:$countchunk"
+                if {$countchunk >= 0} {
+                    if {![chan eof $chan]} { 
+                        puts $outchan ${outprefix}$outchunk
+                    } else {
+                        puts -nonewline $outchan ${outprefix}$outchunk
+                        #if {$::shellfilter::chan::lastreadblocked_nodata_noeof($chan)} {
+                        #   seems to be the usual case
+                        #} else {
+                        #    #false alarm, or ? we've reached eof with data but didn't get an empty blocking read just prior
+                        #    #Not known if this occurs
+                        #    #debugging output inline with data - don't leave enabled
+                        #    puts $outchan "!!!prev read didn't block: instate  b:[chan blocked $chan] eof:[chan eof $chan] pend:[chan pending output $chan] count:$countchunk"
+                        #}
+                    }
+                    #set ::shellfilter::chan::lastreadblocked_nodata_noeof($chan) 0
+                } else {
+                    #set ::shellfilter::chan::lastreadblocked_nodata_noeof($chan) [expr {[chan blocked $chan] && ![chan eof $chan]}]
+                }
+            } else {
+                #puts $outchan "read  CHANNEL $chan  [chan configure $chan]"
+                #puts $outchan "write CHANNEL $outchan b:[chan configure $outchan -buffering] t:[chan configure $outchan -translation] e:[chan configure $outchan -encoding]"
+                set outchunk [chan read $chan]
+                #puts $outchan "instate  b:[chan blocked $chan] eof:[chan eof $chan] pend:[chan pending output $chan] count:[string length $outchunk]"
+                if  {[string length $outchunk]} {
+                    #set stringrep [encoding convertfrom utf-8 $outchunk] 
+                    #set newbytes [encoding convertto utf-16 $stringrep]
+                    #puts -nonewline $outchan $newbytes
+                    puts -nonewline $outchan $outchunk
+                }
+            }
+
+            if {[chan eof $chan]} {
+                flush $outchan ;#jmn
+                #for now just look for first element in the pid list..
+                #set subprocesses [tcl::process::list]
+                #puts stderr "subprocesses: $subprocesses"
+                #if {[lindex $pids 0] ni $subprocesses} {
+                #    puts stderr "stdout reader pid: [lindex $pids 0] no longer running"
+                #} else {
+                #    puts stderr "stdout reader pid: [lindex $pids 0] still  running"
+                #}
+
+                #puts $outchan "instate  b:[chan blocked $chan] eof:[chan eof $chan] pend:[chan pending output $chan]"
+                    chan configure $chan -blocking 1 ;#so we can get exit code
+                    try {
+                        chan close $chan
+                        set ::shellfilter::shellcommandvars($call_id,exitcode) 0
+                        if {$debug} {
+                            ::shellfilter::log::write $debugname " -- child process returned no error. (exit code 0) --"
+                        }
+                    } trap CHILDSTATUS {result options} {
+                        set code [lindex [dict get $options -errorcode] 2]
+                        if {$debug} {
+                            ::shellfilter::log::write $debugname " CHILD PROCESS EXITED with code: $code"
+                        }
+                        set ::shellfilter::shellcommandvars($call_id,exitcode) $code
+                    } trap CHILDKILLED {result options} {
+                        #set code [lindex [dict get $options -errorcode] 2]
+                        #set ::shellfilter::shellcommandvars(%id%,exitcode) $code
+                        set ::shellfilter::shellcommandvars($call_id,exitcode) "childkilled"
+                        ::shellfilter::log::write $debugname " CHILD PROCESS EXITED with result:'$result' options:'$options'"
+
+                    } finally {
+                        #puts stdout "HERE"
+                        #flush stdout
+
+                    }
+                    catch {chan close $wrerr}
+                    if {$other ni [chan names]} {
+                        set $waitfor stdout
+                    } 
+
+            }
+        }} $rdout $rderr $wrerr $outchan $errchan $read_proc_out_buffering $waitvar $outprefix $call_id $debug $debugname $command_pids]
+      }
+
+      #todo - add ability to detect activity/data-flow and change timeout to only apply for period with zero data
+      #e.g x hrs with no data(?)
+      #reset timeout when data detected. 
+      after $timeout [string map [list %w $waitvar %id% $call_id %wrerr% $wrerr %rdout% $rdout %rderr% $rderr %debug% $debug %debugname% $debugname] {
+          if {[info exists ::shellfilter::shellcommandvars(%id%,exitcode)]} {
+              if {[set  ::shellfilter::shellcommandvars(%id%,exitcode)] ne ""} {
+                  catch { chan close %wrerr% }
+                  catch { chan close %rdout%}
+                  catch { chan close %rderr%}
+              } else {
+                  chan configure %rdout% -blocking 1
+                  try {
+                      chan close %rdout%
+                      set ::shellfilter::shellcommandvars(%id%,exitcode) 0
+                      if {%debug%} {
+                          ::shellfilter::log::write %debugname% "(timeout) -- child process returned no error. (exit code 0) --"
+                      }
+                  } trap CHILDSTATUS {result options} {
+                      set code [lindex [dict get $options -errorcode] 2]
+                      if {%debug%} {
+                          ::shellfilter::log::write %debugname% "(timeout) CHILD PROCESS EXITED with code: $code"
+                      }
+                      set ::shellfilter::shellcommandvars(%id%,exitcode) $code
+                  } trap CHILDKILLED {result options} {
+                      set code [lindex [dict get $options -errorcode] 2]
+                      #set code [dict get $options -code]
+                      #set ::shellfilter::shellcommandvars(%id%,exitcode) $code
+                      set ::shellfilter::shellcommandvars($call_id,exitcode) "childkilled-timeout"
+                      if {%debug%} {
+                          ::shellfilter::log::write %debugname% "(timeout) CHILDKILLED with code: $code"
+                          ::shellfilter::log::write %debugname% "(timeout) result:$result options:$options"
+                      }
+
+                  }
+                  catch { chan close %wrerr% }
+                  catch { chan close %rderr%}
+
+              }
+              set %w "timeout"
+          }
+      }]
+     
+
+      vwait $waitvar
+
+      set exitcode [set ::shellfilter::shellcommandvars($call_id,exitcode)]
+      if {![string is digit -strict $exitcode]} {
+          puts stderr "Process exited with non-numeric code: $exitcode"
+          flush stderr
+      }
+      if {[string length $teefile]} {
+          #cannot be called from within an event handler above.. vwait reentrancy etc
+          catch {::shellfilter::log::close $logname}
+      }
+
+      if {$debug} {
+          ::shellfilter::log::write $debugname " closed by: [set $waitvar] with exitcode: $exitcode"
+          catch {::shellfilter::log::close $debugname}
+      }
+      array unset ::shellfilter::shellcommandvars $call_id,*
+
+
+      #restore buffering to pre shellfilter::run state
+      lassign $remember_in_out_err_buffering bin bout berr
+      chan configure $inchan  -buffering $bin
+      chan configure $outchan -buffering $bout
+      chan configure $errchan -buffering $berr
+
+      lassign $remember_in_out_err_translation tin tout terr
+      chan configure $inchan  -translation $tin
+      chan configure $outchan -translation $tout
+      chan configure $errchan -translation $terr
+
+
+      #in channel probably closed..(? review - should it be?)
+      catch {
+        chan configure $inchan  -buffering $bin
+      }
+
+
+      return [list exitcode $exitcode]
+  }
+
+}
+
+package provide shellfilter [namespace eval shellfilter {
+    variable version
+    set version 0.1.8
+}]
diff --git a/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/modules/shellrun-0.1.tm b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/modules/shellrun-0.1.tm
new file mode 100644
index 00000000..5988ec40
--- /dev/null
+++ b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/modules/shellrun-0.1.tm
@@ -0,0 +1,710 @@
+# vim: set ft=tcl
+#
+#purpose: handle the run commands that call shellfilter::run
+#e.g run,runout,runerr,runx
+
+package require shellfilter
+package require punk::ansi
+
+#NOTE: the run,runout,runerr,runx commands only produce an error if the command didn't run.
+# - If it did run, but there was a non-zero exitcode it is up to the application to check that.
+#This is deliberate, but means 'catch' doesn't catch errors within the command itself -  the exitcode has to be checked.
+#The user can always use exec for different process error semantics (they don't get exitcode with exec)
+
+namespace eval shellrun {
+    variable runout
+    variable runerr
+
+    #do we need these?
+    variable punkout
+    variable punkerr
+
+    #some ugly coupling with punk/punk::config for now
+    #todo - something better
+    if {[info exists ::punk::config::running]} {
+        upvar ::punk::config::running conf
+        set syslog_stdout [dict get $conf syslog_stdout] 
+        set syslog_stderr [dict get $conf syslog_stderr]
+        set logfile_stdout [dict get $conf logfile_stdout]
+        set logfile_stderr [dict get $conf logfile_stderr]
+    } else {
+        lassign [list "" "" "" ""] syslog_stdout syslog_stderr logfile_stdout logfile_stderr
+    }
+    set outdevice [shellfilter::stack::new punkout -settings [list -tag "punkout" -buffering none -raw 1 -syslog $syslog_stdout -file $logfile_stdout]]
+    set out [dict get $outdevice localchan]
+    set errdevice [shellfilter::stack::new punkerr -settings [list -tag "punkerr" -buffering none -raw 1 -syslog $syslog_stderr -file $logfile_stderr]]
+    set err [dict get $errdevice localchan]
+
+    namespace import ::punk::ansi::a+ 
+    namespace import ::punk::ansi::a
+
+
+
+ 
+    #repltelemetry - additional/alternative display info used in a repl context i.e info directed towards the screen
+    #todo - package up in repltelemetry module and rewrite proc based on whether the module was found/loaded.
+    #somewhat strong coupling to punk - but let's try to behave decently if it's not loaded
+    #The last_run_display is actually intended for the repl - but is resident in the punk namespace with a view to the possibility of a different repl being in use.
+    proc set_last_run_display {chunklist} {
+        #chunklist as understood by the 
+        if {![info exists ::punk::repltelemetry_emmitters]} {
+            namespace eval ::punk {
+                variable repltelemetry_emmitters
+                set repltelemetry_emmitters "shellrun"
+            }
+        } else {
+            if {"shellrun" ni $::punk::repltelemetry_emmitters} {
+                lappend punk::repltelemetry_emmitters "shellrun"       
+            }
+        }
+
+        #most basic of validity tests here.. just that it is a list (can be empty). We don't want to duplicate or over-constrain the way repls/shells/terminals interpet the info
+        if {[catch {llength $chunklist} errMsg]} {
+            error  "set_last_run_display expects a list. Value supplied doesn't appear to be a well formed tcl list. '$errMsg'"
+        }
+        #todo - 
+        set ::punk::last_run_display  $chunklist
+    }
+
+
+
+    #maintenance: similar used in punk::ns & punk::winrun
+    #todo - take runopts + aliases as args
+    proc get_run_opts {arglist} {
+        if {[catch {
+            set callerinfo [info level -1]
+        } errM]} {
+            set caller ""
+        } else {
+            set caller [lindex $callerinfo 0]
+        }
+
+        #we provide -nonewline even for 'run' even though run doesn't deliver stderr or stdout to the tcl return value
+        #This is for compatibility with other runX commands, and the difference is also visible when calling from repl.
+        set known_runopts [list "-echo" "-e" "-nonewline" "-n" "-tcl"]
+        set aliases [list "-e" "-echo" "-echo" "-echo" "-n" "-nonewline" "-nonewline" "-nonewline" "-tcl" "-tcl"] ;#include map to self
+        set runopts [list]
+        set cmdargs [list]
+        set idx_first_cmdarg [lsearch -not $arglist "-*"]
+        set runopts [lrange $arglist 0 $idx_first_cmdarg-1]
+        set cmdargs [lrange $arglist $idx_first_cmdarg end]
+        foreach o $runopts {
+            if {$o ni $known_runopts} {
+                error "$caller: Unknown runoption $o - known options $known_runopts"
+            }
+        }
+        set runopts [lmap o $runopts {dict get $aliases $o}]
+        return [list runopts $runopts cmdargs $cmdargs]
+    }
+
+
+
+    proc run {args} {
+        set_last_run_display [list]
+
+        set splitargs [get_run_opts $args]
+        set runopts [dict get $splitargs runopts]
+        set cmdargs [dict get $splitargs cmdargs]
+
+        if {"-nonewline" in $runopts} {
+            set nonewline 1
+        } else {
+            set nonewline 0
+        }
+        set idlist_stderr [list] 
+        #we leave stdout without imposed ansi colouring - because the source may be colourised
+        #stderr might have source colouring - but it usually doesn't seem to, and the visual distiction of red stderr is very handy for the run command.
+        #A further enhancement could be to detect well-known options such as --color and/or use a configuration for specific commands that have useful colourised stderr,
+        #but defaulting stderr to red is a pretty reasonable compromise.
+        #Note that the other run commands, runout,runerr, runx don't emit in real-time - so for those commands there may be options to detect and/or post-process stdout and stderr.
+        #TODO - fix. This has no effect because the repl adds an ansiwrap transform 
+        # what we probably want to do is 'aside' that transform for runxxx commands only.
+        #lappend idlist_stderr [shellfilter::stack::add stderr ansiwrap -settings {-colour {red bold}}]
+
+        set callopts [dict create]
+        if {"-tcl" in $runopts} {
+            dict set callopts  -tclscript 1
+        }
+        #---------------------------------------------------------------------------------------------
+        set exitinfo [shellfilter::run $cmdargs {*}$callopts -teehandle punk -inbuffering none -outbuffering none ]
+        #---------------------------------------------------------------------------------------------
+
+        foreach id $idlist_stderr {
+            shellfilter::stack::remove stderr $id
+        } 
+
+        flush stderr
+        flush stdout
+
+        if {[dict exists $exitinfo error]} {
+            error "[dict get $exitinfo error]\n$exitinfo"
+        }
+
+        return $exitinfo
+    }
+
+    proc runout {args} {
+        set_last_run_display [list]
+        variable runout
+        variable runerr
+        set runout ""
+        set runerr ""
+
+        set splitargs [get_run_opts $args]
+        set runopts [dict get $splitargs runopts]
+        set cmdargs [dict get $splitargs cmdargs]
+
+        if {"-nonewline" in $runopts} {
+            set nonewline 1
+        } else {
+            set nonewline 0
+        }
+    
+        #puts stdout "RUNOUT cmdargs: $cmdargs"
+       
+        #todo   add -data boolean and -data lastwrite to -settings with default being -data all
+        # because sometimes we're only interested in last char (e.g to detect something was output)
+
+        #set outvar_stackid [shellfilter::stack::add commandout tee_to_var  -action float -settings {-varname ::runout}]
+        #
+        #when not echoing - use float-locked so that the repl's stack is bypassed
+        if {"-echo" in $runopts} {
+            set stdout_stackid [shellfilter::stack::add stdout tee_to_var -action float-locked -settings {-varname ::shellrun::runout}]
+            set stderr_stackid [shellfilter::stack::add stderr tee_to_var -action float-locked -settings {-varname ::shellrun::runerr}]
+            #set stderr_stackid [shellfilter::stack::add stderr tee_to_var -action sink-locked -settings {-varname ::shellrun::runerr}]
+        } else {
+            set stdout_stackid [shellfilter::stack::add stdout var -action float-locked -settings {-varname ::shellrun::runout}]
+            set stderr_stackid [shellfilter::stack::add stderr var -action float-locked -settings {-varname ::shellrun::runerr}]
+        }
+
+        set callopts ""
+        if {"-tcl" in $runopts} {
+            append callopts " -tclscript 1"
+        }
+
+        #shellfilter::run [lrange $args 1 end] -teehandle punk -outchan stdout -inbuffering none -outbuffering none -stdinhandler ::repl::repl_handler
+        set exitinfo [shellfilter::run $cmdargs {*}$callopts -teehandle punk -inbuffering none -outbuffering none ]
+
+        flush stderr
+        flush stdout
+
+        shellfilter::stack::remove stdout $stdout_stackid
+        shellfilter::stack::remove stderr $stderr_stackid
+
+        #shellfilter::stack::remove commandout $outvar_stackid
+
+        if {[dict exists $exitinfo error]} {
+            if {"-tcl" in $runopts} {
+
+            } else {
+                #we must raise an error. 
+                #todo - check errorInfo makes sense.. return -code? tailcall?
+                #
+                set msg ""
+                append msg [dict get $exitinfo error]
+                append msg "\n(add -tcl option to run as a tcl command/script instead of an external command)"
+                error $msg
+            }
+        }
+
+        set chunklist [list]
+
+        #exitcode not part of return value for runout - colourcode appropriately
+        set n [a]
+        set c ""
+        if [dict exists $exitinfo exitcode] {
+            set code [dict get $exitinfo exitcode]
+            if {$code == 0} {
+                set c [a+ green]
+            } else {
+                set c [a+ white bold]
+            }
+            lappend chunklist [list "info" "$c$exitinfo$n"]
+        } elseif [dict exists $exitinfo error] {
+            set c [a+ yellow bold]
+            lappend chunklist [list "info" "${c}error [dict get $exitinfo error]$n"]
+            lappend chunklist [list "info" "errorCode [dict get $exitinfo errorCode]"]
+            #lappend chunklist [list "info" "errorInfo [list [dict get $exitinfo errorInfo]]"]
+            lappend chunklist [list "info" errorInfo]
+            lappend chunklist [list "stderr" [dict get $exitinfo errorInfo]]
+        } else {
+            set c [a+ Yellow red bold]
+            lappend chunklist [list "info" "$c$exitinfo$n"]
+        }
+
+
+        set chunk "[a+ red bold]stderr[a]"
+        lappend chunklist [list "info" $chunk]
+
+        set chunk ""
+        if {[string length $::shellrun::runerr]} {
+            if {$nonewline} {
+                set e [string trimright $::shellrun::runerr \r\n]
+            } else {
+                set e $::shellrun::runerr
+            }
+            #append chunk "[a+ red light]$e[a]\n"
+            append chunk "[a+ red light]$e[a]"
+        }
+        lappend chunklist [list stderr $chunk]
+
+
+
+
+        lappend chunklist [list "info" "[a+ white bold]stdout[a]"]
+        set chunk ""
+        if {[string length $::shellrun::runout]} {
+            if {$nonewline} {
+                set o [string trimright $::shellrun::runout \r\n]
+            } else {
+                set o $::shellrun::runout
+            }
+            append chunk "$o"  
+        }
+        lappend chunklist [list result $chunk]
+
+
+        set_last_run_display $chunklist
+
+        if {$nonewline} {
+            return [string trimright $::shellrun::runout \r\n]
+        } else {
+            return $::shellrun::runout
+        }
+    }
+
+    proc runerr {args} {
+        set_last_run_display [list]
+        variable runout 
+        variable runerr
+        set runout ""
+        set runerr ""
+
+        set splitargs [get_run_opts $args]
+        set runopts [dict get $splitargs runopts]
+        set cmdargs [dict get $splitargs cmdargs]
+
+        if {"-nonewline" in $runopts} {
+            set nonewline 1
+        } else {
+            set nonewline 0
+        }
+
+        set callopts ""
+        if {"-tcl" in $runopts} {
+            append callopts " -tclscript 1"
+        }
+        if {"-echo" in $runopts} {
+            set stderr_stackid [shellfilter::stack::add stderr tee_to_var -action float-locked -settings {-varname ::shellrun::runerr}]
+            set stdout_stackid [shellfilter::stack::add stdout tee_to_var -action float-locked -settings {-varname ::shellrun::runout}]
+        } else {
+            set stderr_stackid [shellfilter::stack::add stderr var -action float-locked -settings {-varname ::shellrun::runerr}]
+            set stdout_stackid [shellfilter::stack::add stdout var -action float-locked -settings {-varname ::shellrun::runout}]
+        }
+
+
+        set exitinfo [shellfilter::run $cmdargs {*}$callopts -teehandle punk -inbuffering none -outbuffering none -stdinhandler ::repl::repl_handler]
+        shellfilter::stack::remove stderr $stderr_stackid
+        shellfilter::stack::remove stdout $stdout_stackid
+
+
+        flush stderr
+        flush stdout
+
+        #we raise an error because an error during calling is different to collecting stderr from a command, and the caller should be able to wrap in a catch
+        # to determine something other than just a nonzero exit code or output  on stderr.
+        if {[dict exists $exitinfo error]} {
+            if {"-tcl" in $runopts} {
+
+            } else {
+                #todo - check errorInfo makes sense.. return -code? tailcall?
+                error [dict get $exitinfo error]
+            }
+        }
+
+        set chunklist [list]
+
+        set n [a]
+        set c ""
+        if [dict exists $exitinfo exitcode] {
+            set code [dict get $exitinfo exitcode]
+            if {$code == 0} {
+                set c [a+ green]
+            } else {
+                set c [a+ white bold]
+            }
+
+            lappend chunklist [list "info" "$c$exitinfo$n"]
+            
+        } elseif [dict exists $exitinfo error] {
+            set c [a+ yellow bold]
+            lappend chunklist [list "info" "error [dict get $exitinfo error]"]
+            lappend chunklist [list "info" "errorCode [dict get $exitinfo errorCode]"]
+            lappend chunklist [list "info" "errorInfo [list [dict get $exitinfo errorInfo]]"]
+        } else {
+            set c [a+ Yellow red bold]
+            lappend chunklist [list "info" "$c$exitinfo$n"]
+        }
+
+
+        lappend chunklist [list "info" "[a+ white bold]stdout[a]"]
+        set chunk ""
+        if {[string length $::shellrun::runout]} {
+            if {$nonewline} {
+                set o [string trimright $::shellrun::runout \r\n]
+            } else {
+                set o $::shellrun::runout
+            }
+            append chunk "[a+ white light]$o[a]\n"  ;#this newline is the display output separator - always there whether data has trailing newline or not.
+        }
+        lappend chunklist [list stdout $chunk]
+
+
+
+        set chunk "[a+ red bold]stderr[a]"
+        lappend chunklist [list "info" $chunk]
+
+        set chunk ""
+        if {[string length $::shellrun::runerr]} {
+            if {$nonewline} {
+                set e [string trimright $::shellrun::runerr \r\n]
+            } else {
+                set e $::shellrun::runerr
+            }
+            append chunk "$e"
+        }
+        lappend chunklist [list resulterr $chunk]
+
+
+        set_last_run_display $chunklist
+
+        if {$nonewline} {
+            return [string trimright $::shellrun::runerr \r\n]
+        }
+        return $::shellrun::runerr
+    }
+
+
+    proc runx {args} {
+        set_last_run_display [list] 
+        variable runout 
+        variable runerr
+        set runout ""
+        set runerr ""
+
+        set splitargs [get_run_opts $args]
+        set runopts [dict get $splitargs runopts]
+        set cmdargs [dict get $splitargs cmdargs]
+
+        if {"-nonewline" in $runopts} {
+            set nonewline 1
+        } else {
+            set nonewline 0
+        }
+
+        #shellfilter::stack::remove stdout $::repl::id_outstack
+
+        if {"-echo" in $runopts} {
+            #float to ensure repl transform doesn't interfere with the output data
+            set stderr_stackid [shellfilter::stack::add stderr tee_to_var -action float -settings {-varname ::shellrun::runerr}]
+            set stdout_stackid [shellfilter::stack::add stdout tee_to_var -action float -settings {-varname ::shellrun::runout}]
+        } else {
+            #set stderr_stackid [shellfilter::stack::add stderr var -action sink-locked -settings {-varname ::shellrun::runerr}]
+            #set stdout_stackid [shellfilter::stack::add stdout var -action sink-locked -settings {-varname ::shellrun::runout}]
+
+            #float above the repl's tee_to_var to deliberately block it.
+            #a var transform is naturally a junction point because there is no flow-through..
+            # - but mark it with -junction 1 just to be explicit
+            set stderr_stackid [shellfilter::stack::add stderr var -action float-locked -junction 1 -settings {-varname ::shellrun::runerr}]
+            set stdout_stackid [shellfilter::stack::add stdout var -action float-locked -junction 1 -settings {-varname ::shellrun::runout}]
+        }
+        
+        set callopts ""
+        if {"-tcl" in $runopts} {
+            append callopts " -tclscript 1"
+        }
+        #set exitinfo [shellfilter::run $cmdargs -teehandle punk -inbuffering none -outbuffering none -stdinhandler ::repl::repl_handler]
+        set exitinfo [shellfilter::run $cmdargs {*}$callopts -teehandle punk -inbuffering none -outbuffering none]
+
+        shellfilter::stack::remove stdout $stdout_stackid
+        shellfilter::stack::remove stderr $stderr_stackid
+
+
+        flush stderr
+        flush stdout
+       
+        if {[dict exists $exitinfo error]} {
+            if {"-tcl" in $runopts} {
+
+            } else {
+                #todo - check errorInfo makes sense.. return -code? tailcall?
+                error [dict get $exitinfo error]
+            }
+        }
+        
+        #set x [shellfilter::stack::add stdout var -action sink-locked -settings {-varname ::repl::runxoutput}]
+
+        set chunk ""
+        if {[string length $::shellrun::runout]} {
+            if {$nonewline} {
+                set o [string trimright $::shellrun::runout \r\n]
+            } else {
+                set o $::shellrun::runout
+            }
+            set chunk $o
+        }
+        set chunklist [list]
+        lappend chunklist [list "info" " "]
+        lappend chunklist [list "result" stdout] ;#key 'stdout' forms part of the resulting dictionary output
+        lappend chunklist [list "info" "[a+ white bold]stdout[a]"]
+        lappend chunklist [list result $chunk]   ;#value corresponding to 'stdout' key in resulting dict
+
+
+        lappend chunklist [list "info" " "]
+        set chunk "[a+ red bold]stderr[a]"
+        lappend chunklist [list "result" $chunk]
+        lappend chunklist [list "info" stderr]
+
+        set chunk ""
+        if {[string length $::shellrun::runerr]} {
+            if {$nonewline} {
+                set e [string trimright $::shellrun::runerr \r\n]
+            } else {
+                set e $::shellrun::runerr
+            }
+            set chunk $e
+        }
+        #stderr is part of the result
+        lappend chunklist [list "resulterr" $chunk]
+
+
+
+        set n [a]
+        set c ""
+        if {[dict exists $exitinfo exitcode]} {
+            set code [dict get $exitinfo exitcode]
+            if {$code == 0} {
+                set c [a+ green]
+            } else {
+                set c [a+ yellow bold]
+            }
+            lappend chunklist [list "info" " "]
+            lappend chunklist [list "result" exitcode]
+            lappend chunklist [list "info" "exitcode $code"]
+            lappend chunklist [list "result" "$c$code$n"]
+            set exitdict [list exitcode $code]
+        } elseif {[dict exists $exitinfo result]} {
+            # presumably from a -tcl call
+            set val [dict get $exitinfo result] 
+            lappend chunklist [list "info" " "]
+            lappend chunklist [list "result" result]
+            lappend chunklist [list "info"   result]
+            lappend chunklist [list "result" $val]
+            set exitdict [list result $val]
+        } elseif {[dict exists $exitinfo error]} {
+            # -tcl call with error
+            #set exitdict [dict create]
+            lappend chunklist [list "info" " "]
+            lappend chunklist [list "result" error]
+            lappend chunklist [list "info"   error]
+            lappend chunklist [list "result" [dict get $exitinfo error]]
+
+            lappend chunklist [list "info" " "]
+            lappend chunklist [list "result" errorCode]
+            lappend chunklist [list "info"   errorCode]
+            lappend chunklist [list "result" [dict get $exitinfo errorCode]]
+
+            lappend chunklist [list "info" " "]
+            lappend chunklist [list "result" errorInfo]
+            lappend chunklist [list "info"   errorInfo]
+            lappend chunklist [list "result" [dict get $exitinfo errorInfo]]
+
+            set exitdict $exitinfo
+        } else {
+            #review - if no exitcode or result. then what is it?
+            lappend chunklist [list "info" exitinfo]
+            set c [a+ yellow bold]
+            lappend chunklist [list result "$c$exitinfo$n"]
+            set exitdict [list exitinfo $exitinfo]
+        }
+
+        set_last_run_display $chunklist
+
+        #set ::repl::result_print 0
+        #return [lindex [list [list stdout $::runout stderr $::runerr {*}$exitinfo] [shellfilter::stack::remove stdout $x][puts -nonewline stdout $pretty][set ::repl::output ""]] 0]
+
+
+        if {$nonewline} {
+            return [list {*}$exitdict stdout [string trimright $::shellrun::runout \r\n] stderr [string trimright $::shellrun::runerr \r\n]]
+        }
+        #always return exitinfo $code at beginning of dict (so that punk unknown can interpret the exit code as a unix-style bool if double evaluated)
+        return [list {*}$exitdict stdout $::shellrun::runout stderr $::shellrun::runerr]
+    }
+
+    #an experiment
+    #
+    #run as raw string instead of tcl-list - no variable subst  etc
+    #
+    #dummy repl_runraw that repl will intercept
+    proc repl_runraw {args} {
+        error "runraw: only available in repl as direct call - not from script"
+    }
+    #we can only call runraw with a single (presumably braced) string if we want to use it from both repl and tcl scripts  (why? todo with unbalanced quotes/braces?)
+    proc runraw {commandline} {
+        #runraw fails as intended - because we can't bypass exec/open interference quoting :/
+        set_last_run_display [list] 
+        variable runout 
+        variable runerr
+        set runout ""
+        set runerr ""
+
+        #return [shellfilter::run [lrange $args 1 end] -teehandle punk -inbuffering none -outbuffering none -stdinhandler ::repl::repl_handler]
+        puts stdout ">>runraw got: $commandline"
+        
+        #run always echoes anyway.. as we aren't diverting stdout/stderr off for capturing
+        #for consistency with other runxxx commands - we'll just consume it. (review)
+
+        set reallyraw 1
+        if {$reallyraw} {
+            set wordparts [regexp -inline -all {\S+} $commandline]
+            set runwords $wordparts
+        } else {
+            #shell style args parsing not suitable for windows where we can't assume matched quotes etc.
+            package require string::token::shell
+            set parts [string token shell -indices -- $commandline]
+            puts stdout ">>shellparts: $parts"
+            set runwords [list]
+            foreach p $parts {
+                set ptype [lindex $p 0]
+                set pval [lindex $p 3]
+                if {$ptype eq "PLAIN"} {
+                    lappend runwords [lindex $p 3]
+                } elseif {$ptype eq "D:QUOTED"} {
+                    set v {"}
+                    append v $pval
+                    append v {"}
+                    lappend runwords $v
+                } elseif {$ptype eq "S:QUOTED"} {
+                    set v {'}
+                    append v $pval
+                    append v {'}
+                    lappend runwords $v
+                }
+            }
+        }
+        
+        puts stdout ">>runraw runwords: $runwords"
+        set runwords [lrange $runwords 1 end]
+        
+        puts stdout ">>runraw runwords: $runwords"
+        #set args [lrange $args 1 end]
+        #set runwords [lrange $wordparts 1 end]
+        
+        set known_runopts [list "-echo" "-e" "-terminal" "-t"]
+        set aliases [list "-e" "-echo" "-echo" "-echo" "-t" "-terminal" "-terminal" "-terminal"] ;#include map to self
+        set runopts [list]
+        set cmdwords [list]
+        set idx_first_cmdarg [lsearch -not $runwords "-*"]
+        set runopts [lrange $runwords 0 $idx_first_cmdarg-1]
+        set cmdwords [lrange $runwords $idx_first_cmdarg end]
+        
+        foreach o $runopts {
+            if {$o ni $known_runopts} {
+                error "runraw: Unknown runoption $o"
+            }
+        }
+        set runopts [lmap o $runopts {dict get $aliases $o}]
+        
+        set cmd_as_string [join $cmdwords " "]
+        puts stdout ">>cmd_as_string: $cmd_as_string"
+        
+        if {"-terminal" in $runopts} {
+            #fake terminal using 'script' command.
+            #not ideal: smushes stdout & stderr together amongst other problems
+            set tcmd [shellfilter::get_scriptrun_from_cmdlist_dquote_if_not $cmdwords]
+            puts stdout ">>tcmd: $tcmd"
+            set exitinfo [shellfilter::run $tcmd -teehandle punk -inbuffering line -outbuffering none ]
+            set exitinfo "exitcode not-implemented"
+        } else {
+            set exitinfo [shellfilter::run $cmdwords -teehandle punk -inbuffering line -outbuffering none ]
+        }
+        
+        if {[dict exists $exitinfo error]} {
+            #todo - check errorInfo makes sense.. return -code? tailcall?
+            error [dict get $exitinfo error]
+        }
+        set code [dict get $exitinfo exitcode]
+        if {$code == 0} {
+            set c [a+ green]
+        } else {
+            set c [a+ white bold]
+        }
+        puts stderr $c
+        return $exitinfo
+    }
+
+    proc sh_run {args} {
+        set splitargs [get_run_opts $args]
+        set runopts [dict get $splitargs runopts]
+        set cmdargs [dict get $splitargs cmdargs]
+        #e.g sh -c "ls -l *"
+        #we pass cmdargs to sh -c as a list, not individually
+        tailcall shellrun::run {*}$runopts sh -c $cmdargs
+    }
+    proc sh_runout {args} {
+        set splitargs [get_run_opts $args]
+        set runopts [dict get $splitargs runopts]
+        set cmdargs [dict get $splitargs cmdargs]
+        tailcall shellrun::runout {*}$runopts sh -c $cmdargs
+    }
+    proc sh_runerr {args} {
+        set splitargs [get_run_opts $args]
+        set runopts [dict get $splitargs runopts]
+        set cmdargs [dict get $splitargs cmdargs]
+        tailcall shellrun::runerr {*}$runopts sh -c $cmdargs
+    }
+    proc sh_runx {args} {
+        set splitargs [get_run_opts $args]
+        set runopts [dict get $splitargs runopts]
+        set cmdargs [dict get $splitargs cmdargs]
+        tailcall shellrun::runx {*}$runopts sh -c $cmdargs
+    }
+}
+
+namespace eval shellrun {
+    interp alias {} run     {} shellrun::run
+    interp alias {} sh_run  {} shellrun::sh_run
+    interp alias {} runout  {} shellrun::runout
+    interp alias {} sh_runout  {} shellrun::sh_runout
+    interp alias {} runerr  {} shellrun::runerr
+    interp alias {} sh_runerr  {} shellrun::sh_runerr
+    interp alias {} runx    {} shellrun::runx
+    interp alias {} sh_runx  {} shellrun::sh_runx
+
+    interp alias {} runraw {} shellrun::runraw
+
+
+    #the shortened versions deliberately don't get pretty output from the repl
+    interp alias {} r       {} shellrun::run
+    interp alias {} ro      {} shellrun::runout
+    interp alias {} re      {} shellrun::runerr
+    interp alias {} rx      {} shellrun::runx
+    
+
+}
+
+namespace eval shellrun {
+    proc test_cffi {} {
+        package require test_cffi
+        cffi::Wrapper create ::shellrun::kernel32 [file join $env(windir) system32 Kernel32.dll]
+        ::shellrun::kernel32 stdcall CreateProcessA 
+        #todo - stuff.
+        return ::shellrun::kernel32
+    }
+
+}
+
+package provide shellrun [namespace eval shellrun {
+    variable version
+    set version 0.1
+}]
diff --git a/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/modules/shellthread-1.6.tm b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/modules/shellthread-1.6.tm
new file mode 100644
index 00000000..574dbda5
--- /dev/null
+++ b/src/modules/punk/mix/templates/layouts/project/src/sample.vfs/modules/shellthread-1.6.tm
@@ -0,0 +1,698 @@
+#package require logger
+
+package provide shellthread [namespace eval shellthread {
+  variable version
+  set version 1.6
+}]
+
+
+package require Thread
+
+namespace eval shellthread {
+
+  proc iso8601 {{tsmicros ""}} {
+    if {$tsmicros eq ""} {
+        set tsmicros [clock micros]
+    } else {
+        set microsnow [clock micros]
+        if {[string length $tsmicros] != [string length $microsnow]} {
+            error "iso8601 requires 'clock micros' or empty string to create timestamp"
+        }
+    }
+    set seconds [expr {$tsmicros / 1000000}]
+    return [clock format $seconds  -format "%Y-%m-%d_%H-%M-%S"]
+  }
+}
+
+namespace eval shellthread::worker {
+    variable settings
+    variable sysloghost_port
+    variable sock
+    variable logfile ""
+    variable fd
+    variable client_ids [list]
+    variable ts_start_micros
+    variable errorlist [list]
+    variable inpipe ""
+
+    proc bgerror {args} {
+       variable errorlist
+       lappend errorlist $args
+    }
+    proc send_errors_now {tidcli} {
+      variable errorlist
+      thread::send -async $tidcli [list shellthread::manager::report_worker_errors [list worker_tid [thread::id] errors $errorlist]]
+    }
+    proc add_client_tid {tidcli} {
+      variable client_ids
+      if {$tidcli ni $client_ids} {
+        lappend client_ids $tidcli
+      }
+    }
+    proc init {tidclient start_m settingsdict} {
+        variable sysloghost_port
+        variable logfile
+        variable settings
+        interp bgerror {} shellthread::worker::bgerror
+        package require overtype
+        variable client_ids
+        variable ts_start_micros
+        lappend client_ids $tidclient
+        set ts_start_micros $start_m
+
+        set defaults [list -raw 0 -file "" -syslog "" -direction out]
+        set settings [dict merge $defaults $settingsdict]
+
+        set syslog [dict get $settings -syslog]
+        if {[string length $syslog]} {
+            lassign [split $syslog :] s_host s_port
+            set sysloghost_port [list $s_host $s_port]
+        } else {
+            set sysloghost_port ""
+        }
+        if {[catch {package require udp} errm]} {
+            #disable rather than bomb and interfere with any -file being written
+            set sysloghost_port ""
+        }
+
+        set logfile [dict get $settings -file]
+    }
+
+    proc start_pipe_read {source readchan args} {
+        #assume 1 inpipe for now
+        variable inpipe
+        variable sysloghost_port
+        variable logfile
+        set defaults [dict create -buffering \uFFFF ]
+        set opts [dict merge $defaults $args]
+        if {[dict exists $opts -readbuffering]} {
+            set readbuffering [dict get $opts -readbuffering]
+        } else {
+            if {[dict get $opts -buffering] eq "\uFFFF"} {
+                #get buffering setting from the channel as it was set prior to thread::transfer
+                set readbuffering [chan configure $readchan -buffering]
+            } else {
+                set readbuffering [dict get $opts -buffering]
+                chan configure $readchan -buffering $readbuffering
+            }
+        }
+        if {[dict exists $opts -writebuffering]} {
+            set writebuffering [dict get $opts -writebuffering]
+        } else {
+            if {[dict get $opts -buffering] eq "\uFFFF"} {
+                set writebuffering line
+                #set writebuffering [chan configure $writechan -buffering]
+            } else {
+                set writebuffering [dict get $opts -buffering]
+                #can configure $writechan -buffering $writebuffering
+            }
+        }
+
+        chan configure $readchan -translation lf
+
+        if {$readchan ni [chan names]} {
+            error "shellthread::worker::start_pipe_read - inpipe not configured. Use shellthread::manager::set_pipe_read_from_client to thread::transfer the pipe end"    
+        }
+        set inpipe $readchan
+        #::shellthread::worker::log $inpipe 0 - $source - info "START PIPE READ HELLO\n" line
+        chan configure $readchan -blocking 0
+        #::shellthread::worker::log $inpipe 0 - $source - info "START PIPE READ HELLO2 readbuffering: $readbuffering syslog $sysloghost_port filename $logfile" line
+
+        set waitvar ::shellthread::worker::wait($inpipe,[clock micros])
+        chan event $readchan readable [list apply {{chan source waitfor readbuffering writebuffering} {
+           if {$readbuffering eq "line"} {
+               set chunksize [chan gets $chan chunk]
+               if {$chunksize >= 0} {
+                   if {![chan eof $chan]} {
+                        ::shellthread::worker::log pipe 0 - $source - info $chunk\n $writebuffering 
+                   } else {
+                       ::shellthread::worker::log pipe 0 - $source - info $chunk $writebuffering 
+                   }
+               }
+           } else {
+               set chunk [chan read $chan]
+               ::shellthread::worker::log pipe 0 - $source - info $chunk $writebuffering 
+           } 
+           if {[chan eof $chan]} {
+               chan event $chan readable {}
+               set $waitfor "pipe"
+               chan close $chan
+           }
+        }} $readchan $source $waitvar $readbuffering $writebuffering] 
+        #::shellthread::worker::log $inpipe 0 - $source - info "START PIPE READ HELLO3 vwaiting on $waitvar\n" line
+        vwait $waitvar
+    }
+
+    proc start_pipe_write {source writechan args} {
+        variable outpipe
+        set defaults [dict create -buffering \uFFFF ]
+        set opts [dict merge $defaults $args]
+        
+        #todo!
+        set readchan stdin
+        
+        if {[dict exists $opts -readbuffering]} {
+            set readbuffering [dict get $opts -readbuffering]
+        } else {
+            if {[dict get $opts -buffering] eq "\uFFFF"} {
+                set readbuffering [chan configure $readchan -buffering]
+            } else {
+                set readbuffering [dict get $opts -buffering]
+                chan configure $readchan -buffering $readbuffering
+            }
+        }
+        if {[dict exists $opts -writebuffering]} {
+            set writebuffering [dict get $opts -writebuffering]
+        } else {
+            if {[dict get $opts -buffering] eq "\uFFFF"} {
+                #nothing explicitly set - take from transferred channel
+                set writebuffering [chan configure $writechan -buffering]
+            } else {
+                set writebuffering [dict get $opts -buffering]
+                can configure $writechan -buffering $writebuffering
+            }
+        }
+        
+        if {$writechan ni [chan names]} {
+            error "shellthread::worker::start_pipe_write - outpipe not configured. Use shellthread::manager::set_pipe_write_to_client to thread::transfer the pipe end"    
+        }
+        set outpipe $writechan
+        chan configure $readchan -blocking 0
+        chan configure $writechan -blocking 0
+        set waitvar ::shellthread::worker::wait($outpipe,[clock micros])
+        
+        chan event $readchan readable [list apply {{chan writechan source waitfor readbuffering} {
+            if {$readbuffering eq "line"} {
+                set chunksize [chan gets $chan chunk]
+                if {$chunksize >= 0} {
+                    if {![chan eof $chan]} {
+                        puts $writechan $chunk
+                    } else {
+                        puts -nonewline $writechan $chunk
+                    }
+                }
+            } else {
+                set chunk [chan read $chan]
+                puts -nonewline $writechan $chunk
+            }
+            if {[chan eof $chan]} {
+                chan event $chan readable {}
+                set $waitfor "pipe"
+                chan close $writechan 
+                if {$chan ne "stdin"} {
+                    chan close $chan
+                }
+            }
+        }} $readchan $writechan $source $waitvar $readbuffering]
+
+        vwait $waitvar
+    }
+
+
+    proc _initsock {} {
+      variable sysloghost_port
+      variable sock
+      if {[string length $sysloghost_port]} {
+        if {[catch {fconfigure $sock} state]} {
+          set sock [udp_open]
+          fconfigure $sock -buffering none -translation binary
+          fconfigure $sock -remote $sysloghost_port
+        }
+      }
+    } 
+    proc _reconnect {} {
+        variable sock
+        catch {close $sock}
+        _initsock
+        return [fconfigure $sock] 
+    }
+
+    proc send_info {client_tid ts_sent source msg} {
+        set ts_received [clock micros]
+        set lag_micros [expr {$ts_received - $ts_sent}]
+        set lag [expr {$lag_micros / 1000000.0}] ;#lag as x.xxxxxx seconds
+        
+        log $client_tid $ts_sent $lag $source - info $msg line 1
+    }
+    proc log {client_tid ts_sent lag source service level msg writebuffering {islog 0}} {
+        variable sock
+        variable fd
+        variable sysloghost_port
+        variable logfile
+        variable settings
+
+        set logchunk $msg
+
+        if {![dict get $settings -raw]} {
+            set tail_crlf 0
+            set tail_lf 0
+            set tail_cr 0
+            #for cooked  - always remove the trailing newline  before splitting.. 
+            #
+            #note that if we got our data from reading a non-line-buffered binary channel - then this naive line splitting will not split neatly for mixed line-endings.
+            #
+            #Possibly not critical as cooked is for logging and we are still preserving all \r and \n chars - but review and consider implementing a better split
+            #but add it back exactly as it was afterwards 
+            #we can always split on \n - and any adjacent \r will be preserved in the rejoin
+            set lastchar [string range $logchunk end end]
+            if {[string range $logchunk end-1 end] eq "\r\n"} {
+                set tail_crlf 1
+                set logchunk [string range $logchunk 0 end-2]
+            } else {
+                if {$lastchar eq "\n"} {
+                    set tail_lf 1
+                    set logchunk [string range $logchunk 0 end-1]
+                } elseif {$lastchar eq "\r"} {
+                    #\r line-endings are obsolete..and unlikely... and ugly as they can hide characters on the console. but we'll pass through anyway.
+                    set tail_cr 1
+                    set logchunk [string range $logchunk 0 end-1]
+                } else {
+                    #possibly a single line with no linefeed.. or has linefeeds only in the middle
+                }
+            }
+
+            if {$ts_sent != 0} {
+                set micros [lindex [split [expr {$ts_sent / 1000000.0}] .] end]
+                set time_info [::shellthread::iso8601 $ts_sent].$micros
+                #set time_info "${time_info}+$lag"
+                set lagfp "+[format %f $lag]"
+            } else {
+                #from pipe - no ts_sent/lag info available
+                set time_info ""
+                set lagfp ""
+            }
+
+            set idtail [string range $client_tid end-8 end] ;#enough for display purposes id - mostly zeros anyway
+            set col0 [string repeat " " 9]
+            set col1 [string repeat " " 27]
+            set col2 [string repeat " " 11]
+            set col3 [string repeat " " 20]
+            #do not columnize the final data column or append to tail - or we could muck up the crlf integrity
+
+            lassign [list [overtype::left $col0 $idtail] [overtype::left $col1 $time_info] [overtype::left $col2 $lagfp] [overtype::left $col3 $source]] c0 c1 c2 c3 
+
+            #split on \n no matter the actual line-ending in use
+            #shouldn't matter as long as we don't add anything at the end of the line other than the raw data
+            #ie - don't quote or add spaces
+            set lines [split $logchunk \n] 
+            
+            set i 1
+            set outlines [list]
+            foreach ln $lines {
+                if {$i == 1} {
+                    lappend outlines "$c0 $c1 $c2 $c3 $ln"
+                } else {
+                    lappend outlines "$c0 $c1 $col2 $c3 $ln"
+                }
+                incr i
+            }
+            if {$tail_lf} {
+                set logchunk "[join $outlines \n]\n"
+            } elseif {$tail_crlf} {
+                set logchunk "[join $outlines \r\n]\r\n"
+            } elseif {$tail_cr} {
+                set logchunk "[join $outlines \r]\r"
+            } else {
+                #no trailing linefeed
+                set logchunk [join $outlines \n] 
+
+            }
+
+            #set logchunk "[overtype::left $col0 $idtail] [overtype::left $col1 $time_info] [overtype::left $col2 "+$lagfp"] [overtype::left $col3 $source] $msg"
+        }
+        
+        if {[string length $sysloghost_port]} {
+            _initsock
+            catch {puts -nonewline $sock $logchunk}
+        }
+        #todo - sockets etc?
+        if {[string length $logfile]} {
+            #todo - setting to maintain open filehandle and reduce io.
+            # possible settings for buffersize - and maybe logrotation, although this could be left to client
+            #for now - default to safe option of open/close each write despite the overhead.
+            set fd [open $logfile a]
+            chan configure $fd -translation auto -buffering $writebuffering
+            #whether line buffered or not - by now our logchunk includes newlines
+            puts -nonewline $fd $logchunk
+            close $fd
+        }
+    }
+
+    # - withdraw just this client 
+    proc finish {tidclient} {
+      variable client_ids
+      if {($tidclient in $clientids) && ([llength $clientids] == 1)} {
+          terminate $tidclient
+      } else {
+         set posn [lsearch $client_ids $tidclient]
+         set client_ids [lreplace $clientids $posn $posn]
+      }
+    }
+
+    #allow any client to terminate
+    proc terminate {tidclient} {
+        variable sock
+        variable client_ids
+        if {$tidclient in $client_ids} {
+            catch {close $sock}
+            set client_ids [list]
+            return 1
+        } else {
+            return 0
+        }
+    }
+
+
+}
+
+
+namespace eval shellthread::manager {
+    variable workers [dict create]
+    variable worker_errors [list]
+
+    variable free_threads [list]
+    #variable log_threads
+
+    #new datastructure regarding workers and sourcetags required.
+    #one worker can service multiple sourcetags - but each sourcetag may be used by multiple threads too.
+    #generally each thread will use a specific sourcetag - but we may have pools doing similar things which log to same destination.
+    #
+    #As a convention we may use a sourcetag for the thread which started the worker that isn't actually used for logging - but as a common target for joins
+    #If the thread which started the thread calls leave_worker with that 'primary' sourcetag it means others won't be able to use that target - which seems reasonable.
+    #If another thread want's to maintain joinability beyond the span provided by the starting client,
+    #it can join with both the primary tag and a tag it will actually use for logging.
+    #A thread can join the logger with any existingtag - not just the 'primary' 
+    #(which is arbitrary anyway. It will usually be the first in the list - but may be unsubscribed by clients and disappear)
+    proc join_worker {existingtag sourcetaglist} {
+        set client_tid [thread::id]
+        #todo - allow a source to piggyback on existing worker by referencing one of the sourcetags already using the worker
+    }
+    #it is up to caller to use a unique sourcetag (e.g by prefixing with own thread::id etc)
+    # This allows multiple threads to more easily write to the same named sourcetag if necessary
+    # todo - change sourcetag for a list of tags which will be handled by the same thread. e.g for multiple threads logging to same file 
+    #
+    # todo - some protection mechanism for case where target is a file to stop creation of multiple worker threads writing to same file.
+    # Even if we use open fd,close fd wrapped around writes.. it is probably undesirable to have multiple threads with same target  
+    # On the other hand socket targets such as UDP can happily be written to by multiple threads.
+    # For now the mechanism is that a call to new_worker (rename to open_worker?) will join the same thread if a sourcetag matches.. 
+    # but, as sourcetags can get removed(unsubbed via leave_worker) this doesn't guarantee two threads with same -file settings won't fight.
+    # Also.. the settingsdict is ignored when joining with a tag that exists.. this is problematic.. e.g logrotation where previous file still being written by existing worker
+    # todo - rename 'sourcetag' concept to 'targettag' ?? the concept is a mixture of both.. it is somewhat analagous to a syslog 'facility' 
+    # probably new_worker should disallow auto-joining and we allow different workers to handle same tags simultaneously to support overlap during logrotation etc.
+    proc new_worker {sourcetaglist {settingsdict {}}} {
+        variable workers
+        set ts_start [clock micros]
+        set tidclient [thread::id]
+        set sourcetag [lindex $sourcetaglist 0] ;#todo - use all
+
+        if {[dict exists $workers $sourcetag]} {
+           set winfo [dict get $workers $sourcetag]
+           if {[thread::exists [dict get $winfo tid]]} {
+              #add our client-info to existing worker thread
+              dict lappend winfo list_client_tids $tidclient
+              dict set workers $sourcetag $winfo  ;#writeback
+              return [dict get $winfo tid]
+           }
+        }
+
+        #check if there is an existing unsubscribed thread first
+        variable free_threads
+        if {[llength $free_threads]} {
+            #todo - re-use from tail - as most likely to have been doing similar work?? review
+
+            set free_threads [lassign $free_threads tidworker]
+            #todo - keep track of real ts_start of free threads... kill when too old
+            set winfo [dict create tid $tidworker list_client_tids [list $tidclient] ts_start $ts_start ts_end_list [list]]
+            puts stderr "shellfilter::new_worker Re-using free worker thread: $tidworker with tag $sourcetag"
+            dict set workers $sourcetag $winfo
+            return $tidworker
+        }
+
+
+        #set ts_start [::shellthread::iso8601]
+        set tidworker [thread::create -preserved]
+        set init_script [string map [list %ts_start% $ts_start %mp% [tcl::tm::list] %ap% $::auto_path %tidcli% $tidclient %sd% $settingsdict] {
+            #set tclbase [file dirname [file dirname [info nameofexecutable]]]
+            #set tcllib $tclbase/lib
+            #if {$tcllib ni $::auto_path} {
+            #    lappend ::auto_path $tcllib
+            #}
+           
+            set ::settingsinfo [dict create %sd%]  
+            #if the executable running things is something like a tclkit,
+            # then it's likely we will need to use the caller's auto_path and tcl::tm::list to find things
+            #The caller can tune the thread's package search by providing a settingsdict
+            if {![dict exists $::settingsinfo tcl_tm_list]} {
+                ::tcl::tm::add %mp%
+            } else {
+                tcl::tm::remove {*}[tcl::tm::list]
+                ::tcl::tm::add {*}[dict get $::settingsinfo tcl_tm_list]
+            }
+            if {![dict exists $::settingsinfo auto_path]} {
+                set ::auto_path [list %ap%]
+            } else {
+                set ::auto_path [dict get $::settingsinfo auto_path]
+            }
+
+            package require Thread
+            package require shellthread
+            if {![catch {::shellthread::worker::init %tidcli% %ts_start% $::settingsinfo} errmsg]} {
+              unset ::settingsinfo
+              set ::shellthread_init "ok"
+            } else {
+              unset ::settingsinfo
+              set ::shellthread_init "err $errmsg"
+            }
+        }]
+
+        thread::send -async $tidworker $init_script
+        #thread::send $tidworker $init_script
+        set winfo [dict create tid $tidworker list_client_tids [list $tidclient] ts_start $ts_start ts_end_list [list]]
+        dict set workers $sourcetag $winfo
+        return $tidworker
+    }
+
+    proc set_pipe_read_from_client {tag_pipename worker_tid rchan args} {
+        variable workers
+        if {![dict exists $workers $tag_pipename]} {
+            error "workerthread::manager::set_pipe_read_from_client source/pipename $tag_pipename not found"
+        }
+        set match_worker_tid [dict get $workers $tag_pipename tid]
+        if {$worker_tid ne $match_worker_tid} {
+            error "workerthread::manager::set_pipe_read_from_client source/pipename $tag_pipename workert_tid mismatch '$worker_tid' vs existing:'$match_worker_tid'"
+        }
+        #buffering set during channel creation will be preserved on thread::transfer
+        thread::transfer $worker_tid $rchan
+        #start_pipe_read will vwait - so we have to send async
+        thread::send -async $worker_tid [list ::shellthread::worker::start_pipe_read $tag_pipename $rchan]
+        #client may start writing immediately - but presumably it will buffer in fifo2
+    }
+
+    proc set_pipe_write_to_client {tag_pipename worker_tid wchan args} {
+        variable workers
+        if {![dict exists $workers $tag_pipename]} {
+            error "workerthread::manager::set_pipe_write_to_client pipename $tag_pipename not found"
+        }
+        set match_worker_tid [dict get $workers $tag_pipename tid]
+        if {$worker_tid ne $match_worker_tid} {
+            error "workerthread::manager::set_pipe_write_to_client pipename $tag_pipename workert_tid mismatch '$worker_tid' vs existing:'$match_worker_tid'"
+        }
+        #buffering set during channel creation will be preserved on thread::transfer
+        thread::transfer $worker_tid $wchan
+        thread::send -async $worker_tid [list ::shellthread::worker::start_pipe_write $tag_pipename $wchan]
+    }
+
+    proc write_log {source msg args} {
+        variable workers 
+        set ts_micros_sent [clock micros]
+        set defaults [list -async 1 -level info]
+        set opts [dict merge $defaults $args]
+
+        if {[dict exists $workers $source]} {
+            set tidworker [dict get $workers $source tid]
+            if {![thread::exists $tidworker]} {
+                set tidworker [new_worker $source]
+            }
+        } else {
+            #auto create with no requirement to call new_worker.. warn?
+            set tidworker [new_worker $source]
+        }
+        set client_tid [thread::id]
+        if {[dict get $opts -async]} {
+            thread::send -async $tidworker [list ::shellthread::worker::send_info $client_tid $ts_micros_sent $source $msg]
+        } else {
+            thread::send $tidworker [list ::shellthread::worker::send_info $client_tid $ts_micros_sent $source $msg]
+        }
+    } 
+    proc report_worker_errors {errdict} {
+       variable workers
+       set reporting_tid [dict get $errdict worker_tid]
+       dict for {src srcinfo} $workers {
+          if {[dict get $srcinfo tid] eq $reporting_tid} {
+            dict set srcinfo errors [dict get $errdict errors]
+            dict set workers $src $srcinfo ;#writeback updated
+            break
+          }
+       }
+    }
+
+    #aka leave_worker
+    #Note that the tags may be on separate workertids, or some tags may share workertids
+    proc unsubscribe {sourcetaglist} {
+        variable workers
+        #workers structure example:
+        #[list sourcetag1 [list tid <tidworker> list_client_tids <clients>] ts_start <ts_start> ts_end_list {}]
+        variable free_threads
+        set mytid [thread::id] ;#caller of shellthread::manager::xxx is the client thread
+
+        set subscriberless_tags [list]
+        foreach source $sourcetaglist {
+            if {[dict exists $workers $source]} {
+                set list_client_tids [dict get $workers $source list_client_tids]
+                if {[set posn [lsearch $list_client_tids $mytid]] >= 0} {
+                    set list_client_tids [lreplace $list_client_tids $posn $posn]
+                    dict set workers $source list_client_tids $list_client_tids
+                }
+                if {![llength $list_client_tids]} {
+                    lappend subscriberless_tags $source
+                }
+            }
+        }
+
+        #we've removed our own tid from all the tags - possibly across multiplew workertids, and possibly leaving some workertids with no subscribers for a particular tag - or no subscribers at all.
+
+        set subscriberless_workers [list]
+        set shuttingdown_workers [list]
+        foreach deadtag $subscriberless_tags {
+            set workertid [dict get $workers $deadtag tid]
+            set worker_tags [get_worker_tagstate $workertid] 
+            set subscriber_count 0
+            set kill_count 0 ;#number of ts_end_list entries - even one indicates thread is doomed
+            foreach taginfo $worker_tags {
+                incr subscriber_count [llength [dict get $taginfo list_client_tids]]
+                incr kill_count [llength [dict get $taginfo ts_end_list]]
+            }
+            if {$subscriber_count == 0} {
+                lappend subscriberless_workers $workertid
+            }
+            if {$kill_count > 0} {
+                lappend shuttingdown_workers $workertid
+            }
+        }
+
+        #if worker isn't shutting down - add it to free_threads list
+        foreach workertid $subscriberless_workers {
+            if {$workertid ni $shuttingdown_workers} {
+                if {$workertid ni $free_threads} {
+                    lappend free_threads $workertid
+                }
+            }
+        }
+
+        #todo
+        #unsub this client_tid from the sourcetags in the sourcetaglist. if no more client_tids exist for sourcetag, remove sourcetag,
+        #if no more sourcetags - add worker to free_threads
+    }
+    proc get_worker_tagstate {workertid} {
+        variable workers
+        set taginfo_list [list]
+        dict for {source sourceinfo} $workers {
+            if {[dict get $sourceinfo tid] eq $workertid} {
+                lappend taginfo_list $sourceinfo
+            }
+        }
+        return $taginfo_list
+    }
+
+    #instruction to shut-down the thread that has this source. 
+    proc close_worker {source {timeout 2500}} {
+        variable workers
+        variable worker_errors
+        variable free_threads
+        set ts_now [clock micros]
+        #puts stderr "close_worker $source"
+        if {[dict exists $workers $source]} {
+            set tidworker [dict get $workers $source tid]
+            if {$tidworker in $freethreads} {
+                #make sure a thread that is being closed is removed from the free_threads list
+                set posn [lsearch $freethreads $tidworker]
+                set freethreads [lreplace $freethreads $posn $posn]
+            }
+            set mytid [thread::id]
+            set client_tids [dict get $workers $source list_client_tids]
+            if {[set posn [lsearch $client_tids $mytid]] >= 0} {
+                set client_tids [lreplace $client_tids $posn $posn]
+                #remove self from list of clients
+                dict set workers $source list_client_tids $client_tids
+            }
+            set ts_end_list [dict get $workers $source ts_end_list] ;#ts_end_list is just  a list of timestamps of closing calls for this source - only one is needed to close, but they may all come in a flurry.
+            if {[llength $ts_end_list]} {
+              set last_end_ts [lindex $ts_end_list end]
+              if {[expr {(($tsnow - $last_end_ts) / 1000) >= $timeout}]} {
+                lappend ts_end_list $ts_now
+                dict set workers $source ts_end_list $ts_end_list
+              } else {
+                #existing close in progress.. assume it will work
+                return
+              }
+            }
+
+            if {[thread::exists $tidworker]} {
+                #puts stderr "shellthread::manager::close_worker: thread $tidworker for source $source still running.. terminating"
+                set timeoutarr($source) 0
+                after $timeout  [list set timeoutarr($source) 2]
+
+                thread::send -async $tidworker [list shellthread::worker::send_errors_now [thread::id]]
+                thread::send -async $tidworker [list shellthread::worker::terminate [thread::id]] timeoutarr($source)
+
+                #thread::send -async $tidworker [string map [list %tidclient% [thread::id]] {
+                #    shellthread::worker::terminate %tidclient%
+                #}] timeoutarr($source)
+                
+                vwait timeoutarr($source)
+                #puts stderr "shellthread::manager::close_worker: thread $tidworker for source $source DONE1"
+
+                thread::release $tidworker
+                #puts stderr "shellthread::manager::close_worker: thread $tidworker for source $source DONE2"
+                if {[dict exists $workers $source errors]} {
+                    set errlist [dict get $workers $source errors]
+                    if {[llength $errlist]} {
+                        lappend worker_errors [list $source [dict get $workers $source]]
+                    }
+                }
+                dict unset workers $source
+            } else {
+                #thread may have been closed by call to close_worker with another source with same worker
+                #clear workers record for this source
+                #REVIEW - race condition for re-creation of source with new workerid?
+                #check that record is subscriberless to avoid this
+                if {[llength [dict get $workers $source list_client_tids]] == 0} {
+                    dict unset workers $source
+                }
+            }
+        }
+        #puts stdout "close_worker $source - end"
+    }
+
+    #worker errors only available for a source after close_worker called on that source
+    #It is possible for there to be multiple entries for a source because new_worker can be called multiple times with same sourcetag,
+    # e.g if a thread 
+    proc get_and_clear_errors {source} {
+      variable worker_errors
+      set source_errors [lsearch -all -inline -index 0        $worker_errors $source]
+      set worker_errors [lsearch -all -inline -index 0 -not   $worker_errors $source]
+      return $source_errors
+    }
+
+
+}
+
+
+
+
+
+
+
+
+
+
diff --git a/src/modules/punk/mix/templates/module/template_anyname-0.0.1.tm b/src/modules/punk/mix/templates/module/template_anyname-0.0.1.tm
deleted file mode 100644
index a673d771..00000000
--- a/src/modules/punk/mix/templates/module/template_anyname-0.0.1.tm
+++ /dev/null
@@ -1,49 +0,0 @@
-# -*- tcl -*-
-# Maintenance Instruction: leave the 999999.xxx.x as is and use 'pmix make' or src/make.tcl to update from <pkg>-buildversion.txt
-#
-# Please consider using a BSD or MIT style license for greatest compatibility with the Tcl ecosystem.
-# Code using preferred Tcl licenses can be eligible for inclusion in Tcllib, Tklib and the punk package repository.
-# ++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++
-# (C) 2023
-#
-# @@ Meta Begin
-# Application %pkg% 999999.0a1.0
-# Meta platform     tcl
-# Meta license      <unspecified>
-# @@ Meta End
-
-
-# ++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++
-foreach base [tcl::tm::list] {
-    set nsprefix "";#in case sourced directly and not in any of the .tm paths
-    if {[string match -nocase ${base}* [info script]]} {
-        set nsprefix [string trimleft [join [lrange [file split [string range [info script] [string length $base]+1 end]] 0 end-1] ::]:: ::]
-        break
-    }
-} 
-namespace eval [lassign [split [file rootname [file tail [info script] ]] -] pkgtail verparts]${nsprefix}$pkgtail {
-    #--------------------------------------
-    #Do not put any 'package require' statements above this block. (globals nsprefix,pkgtail,verparts still set)
-    variable pkg    "${::nsprefix}${::pkgtail}[unset ::nsprefix; unset ::pkgtail]"
-    variable version [join $::verparts -][unset ::verparts]
-    #--------------------------------------
-
-    # ++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++
-    ##  Requirements
-    ##e.g package require frobz
-
-
-
-
-
-
-    namespace eval [namespace current]::lib {
-    
-    }
-
-    # ++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++
-    ##  Ready   
-    uplevel #0 [list package provide $pkg $version]
-}
-return
-
diff --git a/src/modules/punk/mix/templates/module/modulename_buildversion.txt b/src/modules/punk/mix/templates/modules/modulename_buildversion.txt
similarity index 100%
rename from src/modules/punk/mix/templates/module/modulename_buildversion.txt
rename to src/modules/punk/mix/templates/modules/modulename_buildversion.txt
diff --git a/src/modules/punk/mix/templates/module/modulename_description.txt b/src/modules/punk/mix/templates/modules/modulename_description.txt
similarity index 100%
rename from src/modules/punk/mix/templates/module/modulename_description.txt
rename to src/modules/punk/mix/templates/modules/modulename_description.txt
diff --git a/src/modules/punk/mix/templates/module/template_anyname-0.0.2.tm b/src/modules/punk/mix/templates/modules/template_anyname-0.0.2.tm
similarity index 100%
rename from src/modules/punk/mix/templates/module/template_anyname-0.0.2.tm
rename to src/modules/punk/mix/templates/modules/template_anyname-0.0.2.tm
diff --git a/src/modules/punk/mix/templates/module/template_cli-0.0.1.tm b/src/modules/punk/mix/templates/modules/template_cli-0.0.1.tm
similarity index 100%
rename from src/modules/punk/mix/templates/module/template_cli-0.0.1.tm
rename to src/modules/punk/mix/templates/modules/template_cli-0.0.1.tm
diff --git a/src/modules/punk/mix/templates/modules/template_module-0.0.1.tm b/src/modules/punk/mix/templates/modules/template_module-0.0.1.tm
new file mode 100644
index 00000000..65547b40
--- /dev/null
+++ b/src/modules/punk/mix/templates/modules/template_module-0.0.1.tm
@@ -0,0 +1,52 @@
+# -*- tcl -*-
+# Maintenance Instruction: leave the 999999.xxx.x as is and use 'pmix make' or src/make.tcl to update from <pkg>-buildversion.txt
+#
+# Please consider using a BSD or MIT style license for greatest compatibility with the Tcl ecosystem.
+# Code using preferred Tcl licenses can be eligible for inclusion in Tcllib, Tklib and the punk package repository.
+# ++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++
+# (C) %year%
+#
+# @@ Meta Begin
+# Application %pkg% 999999.0a1.0
+# Meta platform     tcl
+# Meta license      %license%
+# @@ Meta End
+
+
+
+# ++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++
+##  Requirements
+##e.g package require frobz
+
+
+
+
+# ++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++
+namespace eval %pkg% {
+
+
+
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# ++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++
+##  Ready   
+package provide %pkg% [namespace eval %pkg% {
+    variable pkg %pkg%
+    variable version
+    set version 999999.0a1.0 
+}]
+return
\ No newline at end of file
diff --git a/src/modules/punk/mix/templates/module/template_moduleexactversion-0.0.1.tm b/src/modules/punk/mix/templates/modules/template_moduleexactversion-0.0.1.tm
similarity index 100%
rename from src/modules/punk/mix/templates/module/template_moduleexactversion-0.0.1.tm
rename to src/modules/punk/mix/templates/modules/template_moduleexactversion-0.0.1.tm
diff --git a/src/modules/punk/repo-999999.0a1.0.tm b/src/modules/punk/repo-999999.0a1.0.tm
index 41e4f7bd..0f445fe5 100644
--- a/src/modules/punk/repo-999999.0a1.0.tm
+++ b/src/modules/punk/repo-999999.0a1.0.tm
@@ -767,6 +767,30 @@ namespace eval punk::repo {
 
         return $root_dict
     }
+    proc fossil_get_repository_file {{path {}}} {
+        if {$path eq {}} { set path [pwd] }
+        set fossilcmd [auto_execok fossil]
+        if {[llength $fossilcmd]} {
+            do_in_path $path {
+                set fossilinfo [::exec {*}$fossilcmd info]
+            }
+            set matching_lines [punk::repo::grep {repository:*} $fossilinfo]
+            if {![llength $matching_lines]} {
+                return ""
+            }
+            set trimmedline [string trim [lindex $matching_lines 0]]
+            set firstcolon [string first : $trimmedline]
+            set repofile_path [string trim [string range $trimmedline $firstcolon+1 end]]
+            if {![file exists $repofile_path]} {
+                puts stderr "Repository file pointed to by fossil configdb doesn't exist: $repofile_path"
+                return ""
+            }
+            return $repofile_path
+        } else {
+            puts stderr "fossil_get_repository_file: fossil command unavailable"
+            return "" 
+        }
+    }
     proc fossil_get_repository_folder_for_project {projectname args} {
 
         set defaults [list -parentfolder \uFFFF -extrachoice \uFFFF] 
@@ -1040,7 +1064,7 @@ namespace eval punk::repo {
             do_in_path $path {
                 set info [::exec {*}$fossilcmd remote ls]
             }
-            return [string trim $v]
+            return [string trim $info]
         } else {
             return Unknown
         }
diff --git a/src/modules/punkcheck-0.1.0.tm b/src/modules/punkcheck-0.1.0.tm
index 5c9c322d..a65e1f7a 100644
--- a/src/modules/punkcheck-0.1.0.tm
+++ b/src/modules/punkcheck-0.1.0.tm
@@ -1141,6 +1141,7 @@ namespace eval punkcheck {
             set opt_antiglob_file_core                  [dict get $opts -antiglob_file_core]
             if {$opt_antiglob_file_core eq "\uFFFF"} {
                 set opt_antiglob_file_core [default_antiglob_file_core]
+                dict set opts -antiglob_file_core $opt_antiglob_file_core
             }
             # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
             set opt_antiglob_file                       [dict get $opts -antiglob_file]
@@ -1148,6 +1149,7 @@ namespace eval punkcheck {
             set opt_antiglob_dir_core                   [dict get $opts -antiglob_dir_core]
             if {$opt_antiglob_dir_core eq "\uFFFF"} {
                 set opt_antiglob_dir_core [default_antiglob_dir_core]
+                dict set opts -antiglob_dir_core $opt_antiglob_dir_core
             }
             # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
             set opt_antiglob_dir                        [dict get $opts -antiglob_dir]
@@ -1173,6 +1175,7 @@ namespace eval punkcheck {
                 } else {
                     set opt_source_checksum 0
                 }
+                dict set opts -source_checksum $opt_source_checksum
             }
             # -- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
             set opt_punkcheck_folder                    [dict get $opts -punkcheck_folder]
@@ -1218,13 +1221,15 @@ namespace eval punkcheck {
             if {$CALLDEPTH == 0} {
                 set punkcheck_eventid "<invalid>"
                 if {$punkcheck_folder ne ""} {
-                    set config [dict create\
-                        -glob $fileglob\
-                        -antiglob_file_core $opt_antiglob_file_core\
-                        -antiglob_file $opt_antiglob_file\
-                        -antiglob_dir_core $opt_antiglob_dir_core\
-                        -antiglob_dir $opt_antiglob_dir\
-                    ]
+                    set config $opts
+                    dict unset config -call-depth-internal
+                    dict unset config -max_depth
+                    dict unset config -subdirlist
+                    dict for {k v} $config {
+                        if {$v eq "\uFFFF"} {
+                            dict unset config $k
+                        }
+                    }
                     lassign [punkcheck::start_installer_event $punkcheck_file $opt_installer $srcdir $tgtdir $config] _eventid punkcheck_eventid _recordset punkcheck_records
                 }
             } else {
@@ -1259,11 +1264,23 @@ namespace eval punkcheck {
             }
 
 
-            #normalize?  review/test
+            set relative_target_dir [lib::path_relative $tgtdir $current_target_dir]
+            if {$relative_target_dir eq "."} {
+                set relative_target_dir ""
+            }
+            set relative_source_dir [lib::path_relative $srcdir $current_source_dir]
+            if {$relative_source_dir eq "."} {
+                set relative_source_dir ""
+            }
+            set target_relative_to_punkcheck_dir [lib::path_relative $punkcheck_folder $current_target_dir]
+            if {$target_relative_to_punkcheck_dir eq "."} {
+                set target_relative_to_punkcheck_dir ""
+            }
             foreach unpub $opt_unpublish_paths {
-                if {[globmatchpath $unpub $current_source_dir]} {
+                #puts "testing folder - globmatchpath $unpub $relative_source_dir"
+                if {[globmatchpath $unpub $relative_source_dir]} {
                     lappend unpublish_paths_matched $current_source_dir
-                    return [list files_copied {} files_skipped {} sources_unchanged {} punkcheck_records $punkcheck_records]
+                    return [list files_copied {} files_skipped {} sources_unchanged {} punkcheck_records $punkcheck_records unpublish_paths_matched $unpublish_paths_matched]
                 }
             }
 
@@ -1326,9 +1343,13 @@ namespace eval punkcheck {
 
             #puts stdout     "Current target dir: $current_target_dir"
             foreach m $match_list {
+                set relative_target_path [file join $relative_target_dir $m]
+                set relative_source_path [file join $relative_source_dir $m]
+                set punkcheck_target_relpath [file join $target_relative_to_punkcheck_dir $m]
                 set is_unpublished 0
                 foreach unpub $opt_unpublish_paths {
-                    if {[globmatchpath $unpub $current_source_dir/$m]} {
+                    #puts "testing file - globmatchpath $unpub  vs $relative_source_path" 
+                    if {[globmatchpath $unpub $relative_source_path]} {
                         lappend unpublish_paths_matched $current_source_dir
                         set is_unpublished 1
                         break
@@ -1342,20 +1363,20 @@ namespace eval punkcheck {
                 set seconds [expr {$ts_start / 1000000}]
                 set ts_start_iso [clock format $seconds -format "%Y-%m-%dT%H:%M:%S"]
 
-                set relative_target_path [lib::path_relative $punkcheck_folder $current_target_dir/$m]
-                #puts stdout "  rel_target: $relative_target_path"
+
+                #puts stdout "  rel_target: $punkcheck_target_relpath"
                 
-                set fetch_filerec_result [punkcheck::recordlist::get_file_record $relative_target_path $punkcheck_records]
+                set fetch_filerec_result [punkcheck::recordlist::get_file_record $punkcheck_target_relpath $punkcheck_records]
                 #change to use extract_or_create_fileset_record ?
                 set existing_filerec_posn [dict get $fetch_filerec_result position]
                 if {$existing_filerec_posn == -1} {
-                    puts stdout "NO existing record for $relative_target_path"
+                    puts stdout "NO existing record for $punkcheck_target_relpath"
                     set has_filerec 0
-                    set new_filerec [dict create tag FILEINFO -targets $relative_target_path]
+                    set new_filerec [dict create tag FILEINFO -targets $punkcheck_target_relpath]
                     set filerec $new_filerec
                 } else {
                     set has_filerec 1
-                    #puts stdout "  TDL existing FILEINFO record for $relative_target_path"
+                    #puts stdout "  TDL existing FILEINFO record for $punkcheck_target_relpath"
                     #puts stdout "  $existing_install_record"
                     set filerec [dict get $fetch_filerec_result record]
                 }
@@ -1478,7 +1499,8 @@ namespace eval punkcheck {
                     file mkdir $current_target_dir/$d
                 }
                 
-                set sub_result [punkcheck::install $srcdir $tgtdir\
+
+                set sub_opts_1 [list\
                     -call-depth-internal [expr {$CALLDEPTH + 1}]\
                     -subdirlist [list {*}$subdirlist $d]\
                     -glob $fileglob\
@@ -1493,6 +1515,15 @@ namespace eval punkcheck {
                     -punkcheck_records $punkcheck_records\
                     -installer $opt_installer\
                     ]
+                set sub_opts [list\
+                    -call-depth-internal [expr {$CALLDEPTH + 1}]\
+                    -subdirlist [list {*}$subdirlist $d]\
+                    -punkcheck_folder $punkcheck_folder\
+                    -punkcheck_eventid $punkcheck_eventid\
+                    -punkcheck_records $punkcheck_records\
+                ]                
+                set sub_opts [dict merge $opts $sub_opts]
+                set sub_result [punkcheck::install $srcdir $tgtdir {*}$sub_opts]
 
                 lappend files_copied {*}[dict get $sub_result files_copied]
                 lappend files_skipped {*}[dict get $sub_result files_skipped]
@@ -1504,10 +1535,11 @@ namespace eval punkcheck {
             if {[string match *store* $opt_source_checksum]} {
                 #puts "subdirlist: $subdirlist"
                 if {$CALLDEPTH == 0} {
-                    if {[llength $files_copied]} {
+                    if {[llength $files_copied] || [llength $files_skipped]} {
                         puts stdout ">>>>>>>>>>>>>>>>>>>"
                         set saveresult [punkcheck::save_records_to_file $punkcheck_records $punkcheck_file]
                         puts stdout "[dict get $saveresult recordcount] records saved as [dict get $saveresult linecount] lines to $punkcheck_file"
+                        puts stdout "copied: [llength $files_copied] skipped: [llength $files_skipped]"
                         puts stdout ">>>>>>>>>>>>>>>>>>>"
                     } else {
                         #todo - write db INSTALLER record if -debug true
diff --git a/src/punk86.vfs/lib/app-punk/repl.tcl b/src/punk86.vfs/lib/app-punk/repl.tcl
index e0e31cfc..6ecd6e45 100644
--- a/src/punk86.vfs/lib/app-punk/repl.tcl
+++ b/src/punk86.vfs/lib/app-punk/repl.tcl
@@ -75,13 +75,18 @@ package require Thread
 #These are strong dependencies 
 # - the repl requires Threading and punk,shellfilter,shellrun to call and display properly.
 # tm list already indexed - need 'package forget' to find modules based on current tcl::tm::list
-
-package forget shellfilter
-package require shellfilter
-package forget shellrun
-package require shellrun
-package forget punk
-package require punk
+set required [list\
+    shellfilter\
+    shellrun\
+    punk\
+    ]
+
+catch {
+    foreach pkg $required {
+        package forget $pkg
+        package require $pkg
+    }
+}
 
 
 #restore module paths 
@@ -95,6 +100,10 @@ foreach p $original_tm_list {
 }
 #------------------------------------------------------------------------------
 
+foreach pkg $required {
+    package require $pkg
+}
+
 package require punk::repl
 repl::start stdin
 
diff --git a/src/runtime/mapvfs.config b/src/runtime/mapvfs.config
index 1769667b..7080d735 100644
--- a/src/runtime/mapvfs.config
+++ b/src/runtime/mapvfs.config
@@ -2,3 +2,5 @@
 #if runtime has no entry - it will only match a .vfs folder with a matching filename e.g runtime1.exe runtime1.vfs
 tclkit86bi.exe punk86.vfs
 tclkit87a5bawt.exe punk86.vfs
+#tclkit86bi.exe vfs_windows/punk86win.vfs
+