From 5e028a847c5ee1fa957d94cd20e1b7acadb83a27 Mon Sep 17 00:00:00 2001
From: Guoguo <16666742+imguoguo@users.noreply.github.com>
Date: Sat, 28 Feb 2026 18:38:38 +0800
Subject: [PATCH] feat: add picoclaw-launcher with web UI for configuration and
 gateway management (#904)

A standalone web-based tool for managing picoclaw configuration, OAuth
authentication providers, and gateway process lifecycle. Features include
a sidebar layout with i18n (en/zh) and theme support, real-time gateway
log streaming, startup prerequisites checks, and Windows icon embedding.

Co-authored-by: wj-xiao <meetwenjie@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
---
 .gitignore                                    |    3 +
 .goreleaser.yaml                              |   33 +-
 cmd/picoclaw-launcher/README.md               |  290 +++
 cmd/picoclaw-launcher/README.zh.md            |  287 +++
 cmd/picoclaw-launcher/icon.ico                |  Bin 0 -> 44671 bytes
 .../internal/server/auth_config.go            |  147 ++
 .../internal/server/auth_config_test.go       |  222 ++
 .../internal/server/auth_handlers.go          |  312 +++
 .../internal/server/logbuffer.go              |   99 +
 .../internal/server/logbuffer_test.go         |  116 +
 .../internal/server/process.go                |  232 ++
 .../internal/server/server.go                 |  196 ++
 .../internal/server/server_test.go            |  247 ++
 .../internal/server/utils.go                  |   28 +
 cmd/picoclaw-launcher/internal/ui/index.html  | 1999 +++++++++++++++++
 cmd/picoclaw-launcher/main.go                 |  127 ++
 cmd/picoclaw-launcher/winres/winres.json      |   22 +
 pkg/auth/oauth.go                             |   72 +-
 pkg/auth/oauth_test.go                        |    4 +-
 19 files changed, 4425 insertions(+), 11 deletions(-)
 create mode 100644 cmd/picoclaw-launcher/README.md
 create mode 100644 cmd/picoclaw-launcher/README.zh.md
 create mode 100644 cmd/picoclaw-launcher/icon.ico
 create mode 100644 cmd/picoclaw-launcher/internal/server/auth_config.go
 create mode 100644 cmd/picoclaw-launcher/internal/server/auth_config_test.go
 create mode 100644 cmd/picoclaw-launcher/internal/server/auth_handlers.go
 create mode 100644 cmd/picoclaw-launcher/internal/server/logbuffer.go
 create mode 100644 cmd/picoclaw-launcher/internal/server/logbuffer_test.go
 create mode 100644 cmd/picoclaw-launcher/internal/server/process.go
 create mode 100644 cmd/picoclaw-launcher/internal/server/server.go
 create mode 100644 cmd/picoclaw-launcher/internal/server/server_test.go
 create mode 100644 cmd/picoclaw-launcher/internal/server/utils.go
 create mode 100644 cmd/picoclaw-launcher/internal/ui/index.html
 create mode 100644 cmd/picoclaw-launcher/main.go
 create mode 100644 cmd/picoclaw-launcher/winres/winres.json

diff --git a/.gitignore b/.gitignore
index 3ff195fbf..02ef18d1f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -44,3 +44,6 @@ tasks/
 
 # Added by goreleaser init:
 dist/
+
+# Windows Application Icon/Resource
+*.syso
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 90bdc8437..d893b07a8 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -5,7 +5,9 @@ version: 2
 before:
   hooks:
     - go mod tidy
-    - go generate ./cmd/picoclaw/...
+    - go generate ./...
+    - go install github.com/tc-hib/go-winres@latest
+    - go-winres make --in cmd/picoclaw-launcher/winres/winres.json --out cmd/picoclaw-launcher/rsrc --product-version={{ .Version }} --file-version={{ .Version }}
 
 builds:
   - id: picoclaw
@@ -37,6 +39,32 @@ builds:
       - goos: windows
         goarch: arm
 
+  - id: picoclaw-launcher
+    binary: picoclaw-launcher
+    env:
+      - CGO_ENABLED=0
+    tags:
+      - stdjson
+    ldflags:
+      - -s -w
+    goos:
+      - linux
+      - windows
+      - darwin
+      - freebsd
+    goarch:
+      - amd64
+      - arm64
+      - riscv64
+      - loong64
+      - arm
+    goarm:
+      - "7"
+    main: ./cmd/picoclaw-launcher
+    ignore:
+      - goos: windows
+        goarch: arm
+
 dockers_v2:
   - id: picoclaw
     dockerfile: docker/Dockerfile.goreleaser
@@ -72,6 +100,9 @@ archives:
 
 nfpms:
   - id: picoclaw
+    builds:
+      - picoclaw
+      - picoclaw-launcher
     package_name: picoclaw
     file_name_template: >-
       {{ .PackageName }}_
diff --git a/cmd/picoclaw-launcher/README.md b/cmd/picoclaw-launcher/README.md
new file mode 100644
index 000000000..641279bb1
--- /dev/null
+++ b/cmd/picoclaw-launcher/README.md
@@ -0,0 +1,290 @@
+# PicoClaw Launcher
+
+> [!WARNING]
+> This project is a temporary solution and will be refactored in the future to provide a complete web service. Therefore, the APIs in this directory are not stable.
+
+A standalone launcher for PicoClaw, providing visual JSON editing and OAuth provider authentication management.
+
+## Features
+
+- 📝 **Config Editor** — Sidebar-based settings UI with model management, channel configuration forms, and a raw JSON editor
+- 🤖 **Model Management** — Model card grid with availability status (grayed out without API key), primary model selection, add/edit/delete with required/optional field separation
+- 📡 **Channel Configuration** — Form-based settings for 12 channel types (Telegram, Discord, Slack, WeCom, DingTalk, Feishu, LINE, WhatsApp, QQ, OneBot, MaixCAM, etc.) with documentation links
+- 🔐 **Provider Auth** — Login to OpenAI (Device Code), Anthropic (API Token), Google Antigravity (Browser OAuth)
+- 🌐 **Embedded Frontend** — Compiles to a single binary with no external dependencies
+- 🌍 **i18n** — Chinese/English language switching with browser auto-detection
+- 🎨 **Theme** — Light / Dark / System theme toggle with localStorage persistence
+
+## Quick Start
+
+```bash
+# Build
+go build -o picoclaw-launcher ./cmd/picoclaw-launcher/
+
+# Run with default config path (~/.picoclaw/config.json)
+./picoclaw-launcher
+
+# Specify a config file
+./picoclaw-launcher ./config.json
+
+# Allow LAN access
+./picoclaw-launcher -public
+```
+
+Open `http://localhost:18800` in your browser.
+
+## CLI Options
+
+```
+Usage: picoclaw-config [options] [config.json]
+
+Arguments:
+  config.json    Path to the configuration file (default: ~/.picoclaw/config.json)
+
+Options:
+  -public        Listen on all interfaces (0.0.0.0), allowing access from other devices
+```
+
+## API Reference
+
+Base URL: `http://localhost:18800`
+
+---
+
+### Static Files
+
+#### GET /
+
+Serves the embedded frontend (`index.html`).
+
+---
+
+### Config API
+
+#### GET /api/config
+
+Reads the current configuration file.
+
+**Response** `200 OK`
+
+```json
+{
+  "config": { ... },
+  "path": "/Users/xiao/.picoclaw/config.json"
+}
+```
+
+---
+
+#### PUT /api/config
+
+Saves the configuration. The request body must be a complete Config JSON object.
+
+**Request Body** — `application/json`
+
+```json
+{
+  "agents": { "defaults": { "model_name": "gpt-5.2" } },
+  "model_list": [
+    {
+      "model_name": "gpt-5.2",
+      "model": "openai/gpt-5.2",
+      "auth_method": "oauth"
+    }
+  ]
+}
+```
+
+**Response** `200 OK`
+
+```json
+{ "status": "ok" }
+```
+
+**Error** `400 Bad Request` — Invalid JSON
+
+---
+
+### Auth API
+
+#### GET /api/auth/status
+
+Returns the authentication status of all providers and any in-progress device code login.
+
+**Response** `200 OK`
+
+```json
+{
+  "providers": [
+    {
+      "provider": "openai",
+      "auth_method": "oauth",
+      "status": "active",
+      "account_id": "user-xxx",
+      "expires_at": "2026-03-01T00:00:00Z"
+    }
+  ],
+  "pending_device": {
+    "provider": "openai",
+    "status": "pending",
+    "device_url": "https://auth.openai.com/activate",
+    "user_code": "ABCD-1234"
+  }
+}
+```
+
+`status` values: `active` | `expired` | `needs_refresh`
+
+`pending_device` is only present when a device code login is in progress.
+
+---
+
+#### POST /api/auth/login
+
+Initiates a provider login.
+
+**Request Body** — `application/json`
+
+```json
+{ "provider": "openai" }
+```
+
+Supported `provider` values: `openai` | `anthropic` | `google-antigravity`
+
+##### OpenAI (Device Code Flow)
+
+Returns device code info. The server polls for completion in the background.
+
+```json
+{
+  "status": "pending",
+  "device_url": "https://auth.openai.com/activate",
+  "user_code": "ABCD-1234",
+  "message": "Open the URL and enter the code to authenticate."
+}
+```
+
+The user opens `device_url` in a browser and enters `user_code`. Once authenticated, `GET /api/auth/status` will show `pending_device.status` as `success`.
+
+##### Anthropic (API Token)
+
+Requires a `token` field in the request:
+
+```json
+{ "provider": "anthropic", "token": "sk-ant-xxx" }
+```
+
+**Response:**
+
+```json
+{ "status": "success", "message": "Anthropic token saved" }
+```
+
+##### Google Antigravity (Browser OAuth)
+
+Returns an authorization URL for the frontend to open in a new tab:
+
+```json
+{
+  "status": "redirect",
+  "auth_url": "https://accounts.google.com/o/oauth2/auth?...",
+  "message": "Open the URL to authenticate with Google."
+}
+```
+
+After authentication, Google redirects to `GET /auth/callback`, which saves the credentials and redirects back to the picoclaw-config UI.
+
+---
+
+#### POST /api/auth/logout
+
+Logs out from a provider.
+
+**Request Body** — `application/json`
+
+```json
+{ "provider": "openai" }
+```
+
+Omit or leave `provider` empty to log out from all providers.
+
+**Response** `200 OK`
+
+```json
+{ "status": "ok" }
+```
+
+---
+
+#### GET /auth/callback
+
+OAuth browser callback endpoint (used by Google Antigravity). Called by the OAuth provider's redirect — **not invoked directly by the frontend**.
+
+**Query Parameters:**
+- `state` — OAuth state for CSRF validation
+- `code` — Authorization code
+
+On success, redirects to `/#auth`.
+
+
+### Process API
+
+#### GET /api/process/status
+
+Gets the running status of the `picoclaw gateway` process.
+
+**Response** `200 OK` (Running)
+
+```json
+{
+  "process_status": "running",
+  "status": "ok",
+  "uptime": "1.010814s"
+}
+```
+
+**Response** `200 OK` (Stopped)
+
+```json
+{
+  "process_status": "stopped",
+  "error": "Get \"http://localhost:18790/health\": dial tcp [::1]:18790: connect: connection refused"
+}
+```
+
+---
+
+#### POST /api/process/start
+
+Starts the `picoclaw gateway` process in the background.
+
+**Response** `200 OK`
+
+```json
+{
+  "status": "ok",
+  "pid": 12345
+}
+```
+
+---
+
+#### POST /api/process/stop
+
+Stops the running `picoclaw gateway` process.
+
+**Response** `200 OK`
+
+```json
+{
+  "status": "ok"
+}
+```
+
+---
+
+## Testing
+
+```bash
+go test -v ./cmd/picoclaw-launcher/
+```
diff --git a/cmd/picoclaw-launcher/README.zh.md b/cmd/picoclaw-launcher/README.zh.md
new file mode 100644
index 000000000..320de75a5
--- /dev/null
+++ b/cmd/picoclaw-launcher/README.zh.md
@@ -0,0 +1,287 @@
+# PicoClaw Launcher
+
+> [!WARNING]
+> 该项目属于临时解决方案，后续会重构并提供完整的 Web 服务，因此该目录下的接口并不稳定。
+
+PicoClaw 的独立启动器，提供可视化 JSON 配置编辑和 OAuth Provider 认证管理。
+
+## 功能
+
+- 📝 **配置编辑** — 侧边栏式设置 UI，支持模型管理、通道配置表单和原始 JSON 编辑器
+- 🤖 **模型管理** — 模型卡片网格，可用性状态显示（无 API Key 时灰色），主模型选择，增删改查，必填/选填字段分离
+- 📡 **通道配置** — 12 种通道类型（Telegram、Discord、Slack、企业微信、钉钉、飞书、LINE、WhatsApp、QQ、OneBot、MaixCAM 等）的表单化配置，附带文档链接
+- 🔐 **Provider 认证** — 支持 OpenAI (Device Code)、Anthropic (API Token)、Google Antigravity (Browser OAuth) 登录
+- 🌐 **嵌入式前端** — 编译为单一二进制文件，无需额外依赖
+- 🌍 **国际化** — 中英文切换，首次访问自动检测浏览器语言
+- 🎨 **主题** — 亮色 / 暗色 / 跟随系统，偏好保存在 localStorage
+
+## 快速开始
+
+```bash
+# 编译
+go build -o picoclaw-launcher ./cmd/picoclaw-launcher/
+
+# 运行（使用默认配置路径 ~/.picoclaw/config.json）
+./picoclaw-launcher
+
+# 指定配置文件
+./picoclaw-launcher ./config.json
+
+# 允许局域网访问
+./picoclaw-launcher -public
+```
+
+启动后在浏览器中打开 `http://localhost:18800`。
+
+## 命令行参数
+
+```
+Usage: picoclaw-launcher [options] [config.json]
+
+Arguments:
+  config.json    配置文件路径（默认: ~/.picoclaw/config.json）
+
+Options:
+  -public        监听所有网络接口（0.0.0.0），允许局域网设备访问
+```
+
+## API 文档
+
+Base URL: `http://localhost:18800`
+
+### 静态文件
+
+#### GET /
+
+提供嵌入式前端页面（`index.html`）。
+
+---
+
+### Config API
+
+#### GET /api/config
+
+读取当前配置文件内容。
+
+**Response** `200 OK`
+
+```json
+{
+  "config": { ... },
+  "path": "/Users/xiao/.picoclaw/config.json"
+}
+```
+
+---
+
+#### PUT /api/config
+
+保存配置。请求体为完整的 Config JSON。
+
+**Request Body** — `application/json`
+
+```json
+{
+  "agents": { "defaults": { "model_name": "gpt-5.2" } },
+  "model_list": [
+    {
+      "model_name": "gpt-5.2",
+      "model": "openai/gpt-5.2",
+      "auth_method": "oauth"
+    }
+  ]
+}
+```
+
+**Response** `200 OK`
+
+```json
+{ "status": "ok" }
+```
+
+**Error** `400 Bad Request` — 无效 JSON
+
+---
+
+### Auth API
+
+#### GET /api/auth/status
+
+获取所有 Provider 的认证状态和进行中的 Device Code 登录信息。
+
+**Response** `200 OK`
+
+```json
+{
+  "providers": [
+    {
+      "provider": "openai",
+      "auth_method": "oauth",
+      "status": "active",
+      "account_id": "user-xxx",
+      "expires_at": "2026-03-01T00:00:00Z"
+    }
+  ],
+  "pending_device": {
+    "provider": "openai",
+    "status": "pending",
+    "device_url": "https://auth.openai.com/activate",
+    "user_code": "ABCD-1234"
+  }
+}
+```
+
+`status` 可选值: `active` | `expired` | `needs_refresh`
+
+`pending_device` 仅在有进行中的 Device Code 登录时返回。
+
+---
+
+#### POST /api/auth/login
+
+发起 Provider 登录。
+
+**Request Body** — `application/json`
+
+```json
+{ "provider": "openai" }
+```
+
+支持的 `provider` 值: `openai` | `anthropic` | `google-antigravity`
+
+##### OpenAI (Device Code Flow)
+
+返回 Device Code 信息，后台自动轮询认证结果：
+
+```json
+{
+  "status": "pending",
+  "device_url": "https://auth.openai.com/activate",
+  "user_code": "ABCD-1234",
+  "message": "Open the URL and enter the code to authenticate."
+}
+```
+
+用户在浏览器中打开 `device_url` 并输入 `user_code`。认证完成后通过 `GET /api/auth/status` 的 `pending_device.status` 变为 `success` 通知前端。
+
+##### Anthropic (API Token)
+
+需在请求中附带 token：
+
+```json
+{ "provider": "anthropic", "token": "sk-ant-xxx" }
+```
+
+**Response:**
+
+```json
+{ "status": "success", "message": "Anthropic token saved" }
+```
+
+##### Google Antigravity (Browser OAuth)
+
+返回授权 URL，前端打开新标签页：
+
+```json
+{
+  "status": "redirect",
+  "auth_url": "https://accounts.google.com/o/oauth2/auth?...",
+  "message": "Open the URL to authenticate with Google."
+}
+```
+
+认证完成后 Google 回调至 `GET /auth/callback`，自动保存凭据并重定向回 picoclaw-config 页面。
+
+---
+
+#### POST /api/auth/logout
+
+登出 Provider。
+
+**Request Body** — `application/json`
+
+```json
+{ "provider": "openai" }
+```
+
+传空字符串或省略 `provider` 则登出所有 Provider。
+
+**Response** `200 OK`
+
+```json
+{ "status": "ok" }
+```
+
+---
+
+#### GET /auth/callback
+
+OAuth Browser 回调端点（Google Antigravity 专用），由 OAuth Provider 重定向调用，**非前端直接使用**。
+
+**Query Parameters:**
+- `state` — OAuth state 校验
+- `code` — 授权码
+
+认证成功后重定向到 `/#auth`。
+
+### Process API
+
+#### GET /api/process/status
+
+获取 `picoclaw gateway` 进程的运行状态。
+
+**Response** `200 OK` (运行中)
+
+```json
+{
+  "process_status": "running",
+  "status": "ok",
+  "uptime": "1.010814s"
+}
+```
+
+**Response** `200 OK` (未运行)
+
+```json
+{
+  "process_status": "stopped",
+  "error": "Get \"http://localhost:18790/health\": dial tcp [::1]:18790: connect: connection refused"
+}
+```
+
+---
+
+#### POST /api/process/start
+
+在后台启动 `picoclaw gateway` 进程。
+
+**Response** `200 OK`
+
+```json
+{
+  "status": "ok",
+  "pid": 12345
+}
+```
+
+---
+
+#### POST /api/process/stop
+
+停止正在运行的 `picoclaw gateway` 进程。
+
+**Response** `200 OK`
+
+```json
+{
+  "status": "ok"
+}
+```
+
+---
+
+## 测试
+
+```bash
+go test -v ./cmd/picoclaw-launcher/
+```
diff --git a/cmd/picoclaw-launcher/icon.ico b/cmd/picoclaw-launcher/icon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..4f65394147f95a863892e39c48d3386170e4f245
GIT binary patch
literal 44671
zcmd2?1y@^LuuX!yYw_Yz+}(>6T3iYgEmGVq!QF}!_u>x4U5gZVcXxMQ_}+T|;lW~&
zmE^8_?wOfAd-lu$0D#cnw;v#Y0$@=N0N_JkhpK#%MMEY=hQ36T`zZD0?bEkEM0n^w
zJ%>Uw0007zlM+{RTR3WUO(WU%7Jc!_w{2`~^(mMvN=L?~OBVq7Q?pStb@svfHs@h>
zgyPJHwNt|j*0Hw-1aP6+Q|lS|<5F-LR|4Ki;UTI>e=TrnwO*ayA3cqpPflN66kHCa
zLOFiCCf;{B;M~4+7kQR+`YMY=6K`kc$3G22pB;exiBujnD*$`MFrH8hi6*U+o*jZM
z&*%Ty2mt*Sd~Odwo_-xwCKMR2(nS=3{dNf_Aq~8W1d=)1|K|%)Pt-870z|z_wX2$F
zxWM0xvA-(~$S;p*@;b5*qzU%Te?k;?IZLQtdF@*TTRldGn;i*EZ(bWMFI>NPr`9V9
z>^_Xb-H_}f!*pCBp|R)Y(55dmw*J^I-o7Xz+bn_|cYaoj&JGY2w-%UFf1Z6k3tyzw
z&~h|}iM3}KRQ^|)11@~_r^?j`eDd4~UeIs8s{TF7ZFluYRa(zVqtwP-uH@yZ2idBe
zA~dp<^s9B)g=*_#z+p*T0?C5l4XMYaTJ)`24s`SXb~pVweEtgGxaQy84_?ZcF{3q+
zQL9OzV#OyQ)DCifMXzo`0@U=)ity7?ls8|_yyNxxVhncM)J<4ij4Bs$xw|8XHfNKa
zVb=JJs}&JnpXo?0#Jxs9hyzIRnro_1cs*|Sem%rsPF@;&4Hdak4T0LYvo{5=M0bMI
z%-dU5xBu9}AIG^%Jeb@l(J&-~%n5ZH#=YG=w#sSRXs|SiXl<Ogv1%u_<Ak)m;WqnG
zL}PkQ7Q;sC=Hl>lDOZDMSUy?kFybFk4d*9yZa_yXoxTY(Acg}A8Q?7C?J{yTfZ_8q
z;_$y`1put)TAH`pUmcfUuh={1;k&VC2m-|ULzv+JZ21Qxi2yO?e_0V7K!~KBSkzcZ
z2E1`Gg<9^qlhb10E^Eu?CPlHc)$HT#yRFoUmb&Y5>Qju$HVQ)aEgROpTIBwNW!}FB
zW)RucBL=0{2j%*eJLQ5sXD=he)2736RpB7)PwX?LTFVzlsi)0771-p4I&1uZB0`o+
zM-8@>)>hMpJhZreHQ`AC??IeJ7bol1lZn9ShY)*}k2kk7k8<+tWdf=RM3YnE3~=Av
zRb;3cS-GiyhSp&GAr-AQ5g*Eqb~rlJcRzjgbi5p~rE>?1(TEi0BT6_EI$&EjWhUP9
zTis}HiV%`-=;Qo+M#xt#T*RA-b5N50Tajnnl4F4?iH13pfmkL+xNp)_S^zdYUolQ!
zph3}D;hR3)-IS68@pV`28){y+zxGQWHklY}|742eiiFE%gnh3Bbw!@L#z@C}WuG%C
znQCq(je0eGmuYi-uY-AAj<zwUz-u{tCQzlhjz*}V4*#Xiq}c4ND5JCC$S<%1fo<RG
zO!B=dBSsJ-ViLmvr@H&f647WhQph3pY1<_Gk8!`cgp$Oe!<q717%@Au!@S%2lZK7u
z+119+W!6bFR`^y`R1Jp7zf17D8L{r*`dTc{TNY36Hl#%br%(4cB|?E|>kY>SKKHD;
zw<L{9_+90{Bg{BrrnEfv;T(PV5^`^&`vlr-jy=Ez4JSjaBG*SO`rag!XaPzh)~z>}
znm*6nO(^7GpGp4L=M6#S>)&M_;dtM4>Ri5<Q76EQ)>rY9-e*W&(Gj2Kj<z^_-M$(C
zdkgvVhgJLpK#cnf=~4tdJuY`e%XoaTVfg&da}ju%J&!xi4FsfM=bC(^i_H&%r{{UC
zSC%jK-YY*f1czz<R?JXW0!0yGGADnE`OEol|L^T54Q#D?m)6(D^k6dnoG~j@17V=`
zb8AH2w00aZSb&#$g<t1ahB08-C+}1jdh5O7Ucj9e^)FGHcq-tiN~v!1O1txDr*8AZ
zPiLaJI8o!`@2D{tN>2d0%^afUl*!oBX{>AQJ~bc!emjfZ$3ZH4mIPVt#ci^){2-41
zR@p%KDP2EKFQ45<;;PoFMX=)ceK|tg^B>#H2+`M-;FCpe=o01yvUgU0D+XW-qp5Qn
zR#7cXE+}$<*YU_-b?>*Jm~T$sgz6w(A@^aj0WhwHmv2hdL1ZbLc|IjebF%U{=G|=5
zuz$H)^6}bwdmA{2wFp<h?lWQabLi!EKhibgChg4yluIjj(DP8)CEW{YfyTv!?+<EJ
z`8{5PiB1RAhqfCj&quU3tujp%@vw6xs-*JJJ}r5#%|*WBIkmah((hxCf_g*t-p>Su
zO(gX-X>_T0L$fcKMlj8`214hVvJOvg(8L3^#RlPYP}du7r_il4p>dlE`_ZU&pp(e|
zjc_Z?z3uAHTy+{L?E4Xe@+HkJ3TLSs3x*q*@A)6#;Kq6}X|nw4hwX8OzPI=dgwK@2
z`Fq3%d>Eyij;jLQ28uT%z~0~2RfO5@$s+NRLNHIh`e{}1F#j=R?>~6U@O!;4XnsAu
zmerrXct~S?-6~%v>}<tYt}m%j2FED;HUX$8ffR7<YFW7-F~~{oM?#ZA2;{Q<i2j~B
z&k?rajFX@VzJZTw<C$=Lv%P5AgZ*w9uT9#L)@8`0Zk3b@Rg7_PG}xZYSeW#`B}rTo
z@Q{rfq646KsEjtHRrCWV^+0*=QoqK?d1$Dj-BFoYg*`RO;zKn2;f`W))~dH?_RDv^
zjk$-z_Q&-n_erpZ88u!MAsaoy2sy=RYy0EH2Y)@bpY|2d+h;14pwMH5i1R;^B+4-z
zTI!STAGMqH9wgpwEL6O#Ki;;T)nnM)EoKvTN^{bR4AQ-~=x>HP5GJBB*}j%CK|Emx
z5n_3hi{E9vCH7xpwjZAkvtyffo|pv}>Esg`)VqwNYm3srZ|UTeZi*buRnPD?%HWP8
zRM?CbE@}>*=RM(-YyNb?`(*6`y#_8@@?r+Wu!x75x{<q&r_U-`7yW`5^#-IUYQsK`
zv)Sb6rokb9Tu(@JzusWW^%wQb$qa8kS5<$|ZoJy`;?3leM_oges%@`ddQ7c~$08Sm
zLKF|B-ixA)I$=&hwiXrh3{O1i(O&cZn=N^!s%}M`R?8L2TMx{?Wi$~?5sJ>cH#{H2
z4woY6`$(_UJA2lAI^y$D`fNBzR730HBsCuRmc@%wIDULtSd)^6<ycD6EZ6x!9>sAA
z!xIM!(5{&~$vys;Nz0wp0~is@Gx_}?myz!J<n2qm1@Bh{%?}!0QL3BvhohjrSHh}Y
z{}%eef^D=jmxoZqiv7%8Nb8F(ip}xfX4&y<1_x`V?Vm2~{oz4pAu)4$)8S*+W~wa5
zP05MYWV(=#6dVMVI@Nx^(0%>30+;*5`}W2vbIo`esoxU_@T2BAS!^+#=)W-f1bo|=
zz)W+lUE2{32E)U-_xv~iVMB%9o#kOb3fOf5tTYtRSxMa+x{JE|!O?7{n!;Qlz%&#D
z4Wp6JJcva&e(iwpvPx%1CD%v4)|bm&B@a*PO?{5WZ17S~e*Y85*rCTR&X>4=J5%#$
zMOCoAK2WlgN9GTCLT?yfMrYdCQ($D~T=+xM8{AN&^hGY7np^-Oot3bap^kaGT8);C
zPv)7rF43Euyz~g+u@ogby`nEyMWYz5NB>ckDJTqP5XTVWF?Z*%{+Pz##__}|FBYQh
z0%83YcYk@`xx`<SVRiAX<WhHrxvtd0k1%as$4LW2Q=QBh4n7{E0kzvol7IQX+ef^t
zyziMnH8+c+MjBsPLCT%}@k`NWj};|EH;qWW05-pPQeh-DFKw@Zf09m=a1C|3RuO8L
zBJJ;KGhQp9dBHWK+I9hWglAb4egUXV53<Hd3dc(;GmGQBDarAvjHNxf0tCk>xXt>j
z<2SiJzU-|Qy@5ROlSDM|cJM}nY1*X5FkPRPtBD|=_-YIOB$M~`nyR4V$7XTN=lS7K
zoSz7iN?04#C(8i=YHWPOa`hx4E6>U6QI{xBWbGYEYBlbtXz_6$l~*@nW%iGuR>szx
z9RqYIQB2_2A0GE-e$e5gz$4~m`<`Ap<vr(mR^SKCa4`078ASj}GbhKN(FQ4h*uCfI
z!K0#Ka;`ROBm#?ku4XK@Qr=5!hSE8gbZ*y~p)}Jk!AZsfu~DSLKIeA*(>)$O%Uj(V
zSoi?J;xjjRN1oQU?Z@{6EFVXcuCGm~NOy>U%-vnAY-Z9wj$^a2y-6M=zMaP?qr7=v
z@9$qM-sM8nmL%+Ap@49_amn72hc0IWvVHzHSa*Pew?sIecqjmi2-fXN38{Kf#=*<q
zz#|)aNyKjm0smP9<h$)@08SAw!I`@PUQ69RB7`B%+?C|G^~7`aC0KB_R7-fPO4P%y
zyV{@Bn^#&fGY^ShgxAJvQla3%JB=}Z&@VGv%WL50ZQTj~-J=_o4;siv;vVqDBgOl^
z?A8bK_>`sn;wOzLc{!gM56x|VI&wPN2v2`_rQy|;)3jo;09CsejI6=CcbG2dc@g)J
zGWa*!z1~e0h=}T`eEARAaP^XmO6Se8(kfBI;|FRw?f=!EuJ6OuKM%1Q=szU~wzF-X
zkNk)h;eiMIeG1ehIaFF1&prDVLM6t{mLHZ+QNw-lXujG(z{=>svbg3-B39>PxTDtI
z7>!SZ1Px*1kjv!aqq_?Ra<S;H+4ic(JLQ*WQ8Jy|H}b-STQXbr_0+Y?BAWh+IPx54
zntF}$eMhl;e36f3p1SiJ3MpHpUkBxeolyn5N#Kp73!7=ZUwq46hh3KhE9;!<$pv+|
zSt+nEDIH|7^ZXS*tR7PzUp6&U4dz#02G8v$4Lm1TD~}_W`@z)}oY)#lAPH_2C0`S>
zczc{wvUeXw4Q8(P^|aAY=A<P6hPx%HqTD#U1v@hGgu*8+*L{)7E%P_ZJ}fQ>-3KkI
z4gO}RJV-Z=MKJxN`-<&n4+?14q&~i@Fo6Dzh2G%7cO$0@K7~>6gL3lQSh&tHPH7LN
zQyG^uLhLE*Ev@UJES*j8+(;kcx5Wq(kG#SCfvM;&>KOeWs~Lt2?vAZ=Us=1ud_JVk
znW&)aWu^6~zdt*8{K0vQy>=tiUoFHp1jx0_k_qC8M|xM$VlptQ%q8=F-rNtV*(EAD
zoPdZ<V8==PKZ@#o-UId#%}zZ1e%O$1hN^LOZx~kh5zJ*db^E)yqTko1o~qLLEZ5f|
zPmK&z)lo=Ht(w5vVz^G~y5g}}SiIx4dD{Nxc{lpyLt^}A3_vMsh?+#k!;$dq46FNI
z+cz4dV5F9(2f^E`-|V_;UIBMr04>6KHiY-@*!I+TcZz`ek-z&jeziLF4)3HUD%ue8
z+<ePwX3|8`R)%55yiyP@cxd%jgBI|dByaSFm-MI!LD{ya`SiGv#=-&^9@`O45<)=<
z1d-u3*~}SLn(3}Ge50g-5m#0nP}@E%*S$FwY;zkgL<!Avv9T@L8e5T#^hh)X&f)yv
zSvUz8-Wt)hUE(txDUFgPci-q|h!Whr6Klz+Q7k5Qv5SMD0*J(B8~bh45!LKk|6Snw
zM0hvlUE9i^Y^1%#7->wcA2kUFRSrPVmG2o`99MWhLX)rC`ZlyopxexyRJBmJx`zpP
z->4j5szq_QO}CGT78Y?Z`Ngxr<iX$sS}kB?4*z*`-S*qjc7cu2tC9U#=|mMYe5Qv?
zx0>TLLEGLC!ofF2D1W@<qxwtygIi9;aat(e(bAllNm`Atp1OOf&(oZw?T^C<@cuhZ
zVfKmAekFwF;<u_D({jlfnhA2-Z~rp5DUm~=Dhrn2&2D{Ajy7W&g9610x01eCdv^6?
z%ELslP_YooNsf&1ryNW)<gUfI0%f1Lw#O02Tal+440YxjW(pgiU3yQU&CYTts&C-m
zAa>i9OAYH<V<Lxpan%oc2cpR?2BRyEw%+Rk?etOw!^zX<=Pka<WN+dM8Ht2Wz00#z
zXL4B_y7lt-UcdtU^Ow<Z+d4V0_heTjw`x9Fb?8AKhW9^$RqME?Z!73^>_3WH9=|_^
za6APyBCvicR@3_a($zQT2u{n>m=&Lx%t}U$a5K=f+`ZvpPC5T9e4!flMf(i<(|@RY
zk%{qYle!tGg2O&s^ewZ^$m~+7pxXFUIQscKQ8vSUTb!7_ULm?*(@8$?Y#8VDywyti
zn)9(xB@BjsJ^uY4M^D{23|*xmSQ=2sp1)?WDBfEw1Rk=o)jxUKDe_fm7)}xLzDO;2
zaQBXXlbBwp$Dld#V1A@kDEs4Qp92+!rcBtIA1fRTJeWiU_P~u=QQKm4x*^DM!Grey
zU4jWs^Y8%p>1@?SOgF>BC{+!&_fTyo7r#7(^4?(}vi0$ngiPsreG&-W#4d*5++8SS
zTaw>clcP16Y){m7Hcp)q5MGux*652Q@PtOg{3m3=%~iU)D&!T|R`rIJ>vDADR&=tq
z+7<WTe122E?&5rHEDWpR`~$-<Zx<X{Gu2KzFv8yoTqCezGQu2XPef5v)BWFlXlA8f
zS4J)-wMQL9TnaR}uUVt>eh%hsQ+Gc)J7@hu)sWo-B>=LMURzGkiZ@=x51}7BnH9?D
zqb5Be?CN_k&w~Y@pAh6@Av6)7w?gXljkVpZI9c^J1i=BaYL;LDh2)|)W1X5S9_@d4
zD!mtS;C|3?>N+IKxo6O2?J$Hk8vM8GBa*-9jEMck_!Wl&^69m>T>CD=S+y@#==c+r
zk>9oksp^f|AGhw$to7uxk_pW@`zTHi{Q*utyGV^>&D9YA#?n7Zt*F+KJnokSXEtf=
zfsGoB-UW^|0KUONCigyK*eCx~EfIzC6PvV`@8xI!QSa+BR}iHG(YjXvXiOa@K}em)
z_H^!k%~d8-!A=0mg5?RZ-yTZzVVG%_M#)%7Z@i$O{&*X!Fo-rK;HR}Fx<-IeaexZi
z7=s7PA4Z>+`k$8lW^MY~FZT)+ZQCpF%C#T1?67_7F&SjtRE#=VImY*Kh>awVSD~@#
za=hSqpZGr1zEf@1h{TJSU7Zyp+=~PN0)ij&m^AB^%qCu4a}Hr#c2=RH+et<PLy9$j
z7O*tIPg&teyUM9EL?=Hp>di01HqLi>(=V4sBwcF@IDZwOh4Us;e1j2!1IWXQ6|Aw~
z!GFHQFp(<6M52Rh98t5xpWbNqdiu@VPDm!WlX1vu@TJy&G#=&GgK>p55khBqol+q(
zq;oM^G`;QRg2un^I<BD3i#O>&XNmk56Z636-y94QEW;3D4`0Su%UWJDjm`thWBjT+
zsEW{bw>Mocbkk)E<}n$(NY%ad%ATeEh2-l1Evs!I@b1O>4d2&EnKYO0ia1~R-xd$Q
z{$FXjWNYx$KN2sXU^;|&9lE9tXC^}zln)`G=29xxEUvA6M?Y!B=Ai5uY%r||k_o`N
z>J|&JQ;b=35xQ>#-;cf~SMGkCb*)kNy0BZ@*4)~W-gO{7t#3SJ<gZoMt?l@_{_*{C
zXixjQV*M4A4F7fzrZ*-{RB^ss%(gV6uFO#rmB<xHy>)R>L^FK&9_;dnfv?Bmxv+{S
z4})RrRdUf=kkLw`F++cVDW2u4#bH6e$>XEr3`Y15`2JJiJT#xk1yv82152vEeiI1H
zW+3Fv{_s4{j{@4woV4VQCTE&f+xc?yNOj(!dwR-I-&XJMy_3GIg8exJZ(0pcj9xWr
zWU8Zd*XMCVly=3tAXkMKW5hZ=e(6pI2U?W}Zi0vEV1B((B(VKrTjtU6yN0hYqvEK*
zrmx9}$%OH+Gy!y&S?`G5(B~&wrwpu4yOBe*B&K)L5ne5aVtX2(0`bx|Y4^M4n`dt>
zE#6>LEy8^GD8j;uwWeLg<h!+jDJ;HpXw6R3@E7~l7QKI1Bg7N{SowlwWOBR_ZiZ4{
z*2KVOZ%z6{CHmJ}Pxo_BO=^Gj1$Soe><w8L>#V4Mfq^$U2~Ggz9$Oj3zT$7Q))l<h
ze^BA0eT$|8M%R^#>@+$7Sa-)tXi>}{5iIG&YO{D7SHH68+)Nw9$3~T922cp3uXK7j
zN*tcb_jsKe*!;Ip%r+^A$$3jIG<dSq_^a;E?H<w)>s|z+q+v%j9$Q@N><hUi`;X%X
z)-t_6dN1St?-E-dS2A=}G?1pL=R3$@c861++g(>$tfy#3KJmVF3jo$wkFQPVlD})f
zv`=_z^nu@Ku#C`t{4?+gY~4>8?P9&46N)z2s>-@%jv${6k^48g*$#e=PaJy!0g@DB
zoTMH`MR=+#Xdvw_QR~H4bks)8M0UWvcrnPa1}x+)>UU10HWZ{{wAiQ&iy*&^UZ$$9
zW)i?M1poLK4Rk-l^Yy~k>_yTJ?39t)iGsaypZabjeN?a*6+u*49FySfN2F`nXwmll
z@m~hu-3-)sSE^mU{=h!2F+vL6Q5zc_*W%RyI^a!t^NGN;F%-N3ucrvNt64M%FI3WZ
z09asRil3obM7u$&pZ0z4kXD8<0_pn_0jEicsvp42ka-qWB)Fung02UQ+sBq&X_<1j
zE{g6Kp#*|$UX#;;K*Q%#-esp!L67pzL@a!GErtHOhp>OiZbC1EJ7u>{c~_ydbXY1l
zekp8icIQ+(kD^*iBAkxMNOxiNRH%1Sim7~w!^x|IlTO&4Hz&D08%UB`dFpY;{7XEx
zVw^jqa>nI-a3Q8TkPq)aI+^+?Tt0&xmjjhE4qPwfvZ$eos@>C`4E@>hN}Cj(6uDIK
z=dZE*|9B0$m!1BZBaqfq(1p$FdoM15&*)R5`q_)zL0?<!@U_Q0G**0kV*ASs8l!4S
z1*n9sCsKoG)Exn1CE@BMd&;(tzYIo5zYBH+jR-vE#CKw6AkbrBA#={48E9!d8(=)`
zyyT`ob5h>_NMHR@Ww=gqT=8Ot$6Hq3)f!cLz(=M)Ilc@7W(!FfbTIi1QY<OyaDCaJ
z&D*rUxGFhSO+XC5p{8a=WIa8|Brh*<8tvAm{c#pus@YKhrH*z%-`>Q|HkilM*GFGj
z+DymIT>_K4L89Z$d{(|%cUgX~Z+7t#>YOGorA1ojk?$^ge6**}C*GZEW0XG{R9}81
z$hD*;l&(8Sy`e4Oie{3G9dl^^yIH5s`^`}|+M_f#I@g-W4Y;S2^W@6fddr)z*@yk?
zZ=Cf74tG$TikPv)k}Zb4-GS?;hT=>=CZJL+qKF~<^_c~%aYFOLvUt1k>oBu(r!K>(
zxH&wNt1jww-PM-z4<5gn8Z^ciHI@VFjK8|Mf(21!E!ot+hk?X@QV?3a$>}3kM42Al
znFKWOXAHrTX9!<*thFZ#%$<fq=y0yp6%rL!7BYSU*4&g+@|f}QDFIF)Acc0jWezKy
zuYpX9L&Z_D8TbC~r{I@pqR)iBIDU|52!Yncuhj-hw|~;%LBmY^&F;)LO<N?dueUY*
z9SWd{0ACBB$OfH#LI;(QlY9rZST3r7X<Vu2krIjM980VUT$WkZZzHX`yA6km`14_M
zUftI-gJ{#JKcpxSESLzAdNcjDfHZFn$8mN&uk}VZaDN5!5P_K*rdT}%BQ2r0@2TV!
z4_`V|WXY7^%WmFXy1R!%?{pnd3@=Ivz|&620s(R05e*CBH;CX3rNu@8mhjFv#M>zN
znQ^likH2|WYT90-U!}RvKy(S+6tF6sg~b<iAGEwikQCeuT*lqEz!`VmEskOg!MGs9
zU$506TN(h4A|xDG7;g)+tX2%)P@HTAWRB{v0i1&ggVuF<S4G{r)7}*Fr(kx>SrD}v
zQ0X6qnr^q(br4f9mxft?%pS?#c*!eCfNybe;cRS%sO`h3rIB#E$n@z+9JK%GC0_|`
zK)n7ZvrCsnavD$W8fbHq&Or^cQT=t??~ZRS03k=0Ip&9(w4vC)IeT^xqG6F1SJ8(t
z+!51_8=1JdyRMQ5BL~{<a5h9=WDrP9j!EQw0=$q>qod*&Yhw=|G$Zt>#Rm&KE>J?m
zi~-$hl$a<2rs9Yw^2g%)@en*o$VZA0N)@@_4<;Zm-<({dA%rW?-|eVTY41cCQ9@mE
z#d%we@wMJkv-Kuih&HOMyC-z>K58T#vKLIPqo#BlTNOvwiaXc3Nx($jbgKI9oEI0W
z$Z$z#e_t)LBT!1!o4o2nNMFCOuS2wEBSG9npj)WW=KT?xLC8o?=Vz|8mjX|S&&T;r
zravTUO33#?dgWj6X?RanV;S9#voDY^n>i8Kj7~8<ET8MW)3fyUh5_ytZ@WTLj8bn{
z16?1q7OKZQdo+_F1ecN@nCOW%ot0c?Qhsp1=;pg2z7eUmJ(OkPTDN=QTi0ctoV%m^
z3Le*5J=n#>TJo^p)q?3CVu(Wi3$Z)<$ig!E?zRm24DTIjk9q0cSZD@?=9{DiwNo&u
zASEUl1WsIuu&BGAy!p1Cyu5K>KMX2-MXphIQu}HQY1-QhB^REOeH;Zq0^o1l%yBy}
zEMvq16^?KrC&M>E0()s`zx_Or&qLG1hq@_I$l4#WbB{Hkj43mWvcm#T1`UEGE`@^e
zx_T)iK(?FzwITkXKWgpwuhp)o=iq;)zdo47aHBp*lf|XbsdU*=uIPy>)EJr);VNh)
zO-ZrSs{tsfRu-2J7ylGQTPF4*uM_8~<EhZAS&D5Tk%3*}repuo6AUMxc<yi4pS?sq
zJDqoFf8Z=BDbIquvqq$I-&2$h1wMruzcs7R=GZw``6vERTiO}O%NQv!6jckYkka+g
zbs72>;+mxVG)^S>m0aBy%BBVb3r|nCgC+cLrhz)hvclZ4!eEj`m+nTb>s(@5(I^aX
zXn$Wq0d<yqzsJ?xRiL{C3J_4Ns+RD`g6jr1*iET`t0nWBn4JZbNcwbN)zb!1H$f#z
z0AXgSV8X*H&LPOne#?)`I;USl=>{dut}G0+KMmqjvDeO7h`E7AzI-ziGb+~CkLG;C
zIl7Ry%G<!(eo}}<&ECDf>ubE1IaoF2!j%2M+}D8+8Q~+|&D97H3(X{}!oSj&;|`88
zdaTvXM=(Ns^zRsloI*WU&^nP={qBw%bF6Fwn)<i=iBYQ*DwO#1-8=|$;T{5(w@b(e
z02K%l7*uSx;=WM@3x)q|A7DrD;YU+b(PhIJ1UxPJ%B;RkiZ(Vv?rxM8*uS3xn1;~6
zZ1jBn*H^Mg(+sGYKTZo-<N!2JMQd-Bfg^?K2-(L&gYTzGA3oCDT{I{nsi6B~0YR8D
zfQF|%UQ3IQQV5uYg20y1)37I=_iSPjpeh{&KTr%en%W;iGHr(~q%5ty{b+3M>8~&=
zP)|;RCW_NlM?G^X@`^8uewqD<h3M*6lCW?b>>qur6${%&XoR$<$6fXiv$bivt4Uxp
zfI>WhMr=h$E4f@+aG9mW2bhQ*cTbQsz%<;MUwR8HfFP4sH;J!qgtYr*bD0Csj_ijy
z{oPr$yGmn!a{9=a3tB6vM!Z#~_a%>DclXPmm*w12ueB$>SE&ByH4G&r0Re^|afK8B
zle8e6vq85RDdq_jKp`_mQxh1S1b}1FTNgE{hAP)fYp9xQXb6Y^L~#RE;iSl2PL>p+
z`@i%cH58T64?T?C)+92D<9h$yKAKlS!iYV9{Pz27a>$hVYV`L|4gi6s!}zlv8gnW%
z<tKC!UP?fvG%ju=hsp%fV;Yy$Xr<b4I(NcS-2v^dSW=tQ&h>6t=Pn#f^&rb+YN(cD
zy)e8}hl9SM`WD)7c6u(Vk~*e)r8TVBBki@@A=W?De)`=p0{Sqzo%Eb#uyRH^RnSmT
zsUe1lKnBDp?(9_NkZh{5yewTIj@S=LaHe%6#_uEnRPtlfsLacLh=#kdAC4XkGr7w?
z5G-A8AF|T@2#$*B&s;Xq2E6}RcWB`6tq*k31H6|lJFL*@^16Q*x_mlkZ9UJJo>?)5
zV8KNm0M^$o!`XuGU`e;rX-fa)#f&17giv8{V<Ai{eNTaB$AMw0bh??Ux_jdZ=Dg9)
zx6jYyt9i@)o`V$klv<3idwuKlmoEiX3#T97GAYHIKz{KuL#io-cA^l;GO2@IEGO_-
zbX;!yl!c9=@?n*nXP9Y28|PdNIav+VW{5a7ff>Chm8mGxxsU9GvF?fIAfaWa-Gxmg
zHq-=E#~iB__j$gUxy#`<4<?<}{~=A(_PVT#MbBzZc7Hsi7J7?GCC|?<rcMFR_t039
z$OgXVEz$c$VHm#h&cH2!D8$MSzc|2RzE4VCDgriY&K5=Do)I|BY-05Jqgp<}hjg5Z
z>9}?NOEc|Ry(gj>!Js#e6icw0$TC0<c<)z?+$ApZvb<Q~y`cssD8PoI0+QjsuxXYF
z=^+glS!@F50WSqTp3qJ^hzh)fA_V70dRjK%!rZc*+ihl3J5`df*w@XR;5!v^I1bkS
zL4f3`RPG0IB1V~6(C$b%36sR+&zq{80N%`1LNBu!DaUOBR>$7xg)ojM!)so<7yh!V
z-Dun4qxnD4Fc3p;fBhlt7goJ`Ys_`v&Cx5Aj^a?s_Y8kJ_S^EOkQ*xm!sx9KvP6)`
zY5S5LcKQu)-<|W?qVfj%pM`s6{JrYTc3HZP7R~KnSb#YT1aia73~Np5?mX@ENpp^T
zd~Nr~hPg{x)4FhlN)`N^-Y=Q`=)K+yI268^s0_E>Uq*c3c+N2p7L#OI(Cn39lzOv@
z;W>oosTxS)oa45Q={H7oSsy6FIBFyQ0o2AZOw>*~`}Gy;Kc!=y!C&4<lg;YYhG=u`
zT7%U%4f7_}{D9dKYbv^*c|K~+S9`ObwA{AG6`LiNw8fC>iSe;zBY$@~+bb2{<jPV7
zWsC{oiOv3C^-Box)5Hr|x65ZBxgrPx+RnETxIS-=?lnIyhDts`*)F+it7F<vzV{9<
z!IDr$)MIBk%gxGvy6|16xuL}36Cpfc00V?tGD?to3<T(4SLcfp?FGvKmAI|hwGy%!
zh?4Sw(_cDOCa-fj+2FN@NjDt+j^xo28XeBGjADqhI3@$GXE(HD4c2bJ&yg3C?e{;`
zk`8pC+*!v^1+kLgjldZ!wel>_|6&eiwKkXpc>&3LKntSdr4_26pRK&<DVY2?4tg@Q
z>9BP20LW$)E+gz?#v_&e(@V7N#H;(pZRkjwNu$<hC7{^9!aR*0F`}Vm!G-GeOc~7J
zxWu#dH;UKJVZT5SReS60z8YH|ZZtKDor%a+_uG@Nixs{<WLN8$dm4Y5^jVVvAA6i|
zs}!NbKpUm5WzZDRF(%au@TWQ<3Hli-4SiZf3W_xJJd=o2m0xYw;lDoi_B<LvtJU*i
z1>2<8`%76>()3UV>|%&DRwZf&B51Jq;OlMXugY*=GiM(Zl9pI$C|JE;9y4aY%NENc
zE_=5~KkJZ44p><5yz*_J#mwlCb2KZ%WuY_66Ty9$vBUElrG|FlgL~cv#=O^?SnHiJ
zmR5vgGO%)eW(=jo_}H^?b7J<2c&?hUV#Q18{1g{5s-D-`=E8!o*Z~KWJ`!_6IbS$A
zYNc@5)OCHv7^saQppK{cNzT;<pJcA%BMZgA4$8fHbN%+e&C>ig-j$;ZP)0jES<$Af
z{*U@BFx#)A7NC#4R#6IIn*ZXjnMWRm<VFO6$@~}-(wlwdV&=*rrbhI!cgfpLAB06?
z=O^5UeNG??btJ^M0f<*0iRaJMzrnfPj2JKw%0PCVe_@1-M%BolP9&MLn}Zs&DKJq2
ziuZ&UfRkJu`y2r&>@kdomx#SX0Fs<rvt{64V?r@3+8DH@br!rJ>|m(=F+4SJ;P()N
zOFwD~EZB7EiqRz&V!9a8{u5-%AD<B18F2aTML^Mzj{!n-wJ26y0F(H0U?mNRg{#AZ
zJr1m3H2fC<2iWXaJ8juGPzXz;5smv?4PC9!n}n%8lKC2mULs`eU~03K-irGAJv7@-
zhuB0(k~#w<w=1H5I=n~N?)KAmO%(;zhwI(T?%s={3#vZt+VD;O?$XL}l#<xhJtc=2
z2Yz7w;^qV)(61ezar$rDvTR;=vziv|G!UY-hNPUuZUp&N3>b;RVEb3PK!t>OC+SkF
zkB{F#i34t-mwD1CU8V5>!cxEUM&!Rmr3uoR-hTPcIQMj5Li-FZ`{R53U+>B3<!v&~
zpHr8Pbgn74%4l$E!GvoEe3ksqnY$`C7?8y()ONo#Z#?MlQ&f=C#A9=HOP0)Gt|9x@
zE&%Y6ZlK6xcgSt5N7|~lRkuGUv_3oSd^hv1NFrC*BaCNP1=JYUnHh>v;Qy=!{jQ&+
z;mD-!*c~tP?eyhDhoP@6B`{lePmaV6pA(nR_TyB7VfMEcV9EMCdMn8XA=VZZMF=wQ
zQ1JQat1=$5YQzY+WNv|1Ft--U9&;v@&m-^<KmyM=QkgtN4E)=4Aq!m(acqObk?7aa
z8S!ZI&8>(Gz-;ZwfYnj0{z3qq+0mQf5?6#$;r>Ts(`vJ-SmR^deR{Qj<uwo$ILm`#
z3wk{>U`Ip|jtgBh`DbqF<2O-VWwOEku{B~{Ig%ls8WJZJk5^$GJ&{bS8DtbaKG1mE
zbPBa>PWx))pkv6Zlp^3SRtOwAF?R>nG>r_vMLLr?OnMlozfs-o@0*6q7Jn>;I4ki5
zM}<RV&l3Kx2Pp^KfDrT0_P@IpQB*4Vx<8@{PyW+!B$L@T&~ABcCNJ@rB3*VtoFUN`
zswWkB`>{f1vvc8$v1I2!txybyIeEAhfh=#EeU;>1SPpb<P|N%47=tf$n4vRDv5HLL
zpqQ~Un;*;k)uGSCs=2Ovbp2^svhefM#rJo;bvyxGrZepR%m0cN+MY3N=DxsNv(8X#
zt3f6CPXIcEc01br{ryygtuNLn;{4;ztNb;>hNEVU$$ZVM+?Rf@Vf)>I<$}At{533!
zc*SsTvZ{N6w<E;?m6AHdNiFS>*4HGW)apTU&lF)u|2VP^8$UY&LiS)-u_~pQ1vWj2
zG8{8k9tE(bB2c->fI}Uh1pLzT^_G|Hm}gcR9rI47<eCKVXFrJ4?xtTpPH4220;OUA
zh*?q)Gfia>5R)20@1Sy3OX`4%jEVj-h|Kl{PHHPDRr8-52(~z43o>xizRIH-z>U*!
zP1*iCs?2iEeYgAFs@u)&sdSs?;~(X;Vn`k~3?ck~(*Ps2b=UxW1J8X=fJuiL^0R#z
zyXgajYJ0cE=tWF#V0CA}^%lF^?rdb_W|e2ZspbQB);>v>6kOnH>nE2HCuy$~Q<3+P
zweL(KaGxu`16rggfiW^}8C`AxMqi?HT^a)7zuI!PSPx6qE+%lO1vQuokE945ZpVhq
zys40B$5^KKi>JqTHRWw4q<}osM9gvXSz0wD*jOgiK3D+#02ef))Rr>#d=!~Yjb*LE
zjfp3$Mk|3#HenXkQr!&9Jb72xq@H42?u?Q@FPAC5JdD3CXJS&-vu50lX6B_p6=&)H
zM2gSgZDsT;+V+%uulYF&_lu69ioXi9tO$UB{-|UN`qs&q;ny#2GXWW~v0+y`_b0$q
zyH@hn!1ZOPZtY&6*f@e?MuY^VT%#5LEa`D0shecrWzLz9jGVc5cI?FbPAfj=-jm%A
z?2+phLqo`bJ`YZ~gl28pAPiK*0XgMDyJu`m-a;==`HnBo?K7)+@PnGv?qG`Fz!t&)
zY3fBoIV7!07j>iQzn*5Os47O{s<?&cA+1s7YpkQa?3J+HU7iM|Vq%?=FaXeBfw{I?
z9dP_Zo4Sq6M088__QEs#e5IX4cm8-W7af#T(RV=YT`Y7^(PFjeTW(9sC73VdaA(&)
znEBGNJ^1?E@jk93kvUlr#ND`&5)|gfm{72Zp}8?A_~@DJU(-ITuE~dk(&J~!r~*i(
zsCK`f+JtAKu9J{q`@+xx*p2Evj2?{?e)YQ756&LdrGK6qHaeRlDi(|Ciy1h0Mwe3I
z%{DKz`fqNz;P$DX(ZKN%t>_{2+CBjif(?tLqL#XszC|Vc*iK569G5}}B1{Y#7IW>q
z9A?nXrvo|iB~1ks?W_dSVkQy8F@+d*WD!LA@^Lsmtnv$)FZymSzrGk8l0VNFFoU-?
zO<-x@*E)m#HS5;7(406@-FLt^&{`-7pDwjLk2IcNqSTS@VXuvbJ`Re3$F-ia4e_45
zsoqnl5&4;*ET`m%)xZ;MkHw>U6{Ch^i_Z!qo4l(i|5U_JZ(*KCA1~m*2}T#ncDEk+
z<{={l$Bi{4NdEbUe(51H$hY`yPH|`XZ36ez$KT8G*4LOf|B%?+Rf?W62P4d6mJW*n
zE;T{x&hM3!FQW6CSW14QK6-~p^!sOA>~=Y&k5qq>6<tz!!^ch8=0hb^(LPd9AmPRb
zWPN9hl9~1ZKlikIJZ-y<JZ_$JSB#*Ay84h5Lnkgw{_9fC9XXQk|4dE{Q2SQ@SH+it
zj&t<orS)&LjsDKbW9OnSt&==j&zNyYk80Nba7@5@0w`$m9%YsQuZYv$#00O2s(T_l
zQ*N6149;aBj&i|>o=XEiszxQ?R-QdRMa;LP0yFS%Is%o3tOhMTBN7DAVx$hzkypRO
z(eJwZuM6_@kmv~=k-iGqj|;&B;lZiQ1=w2RVmf#uCV?1wOAgr7?1^G5fIc#=DA{`v
zWqx?6_cXB*vkgMi5E^DDOMGD&>|^u7@31+DNkT9h1ljcVB-|DX#m%l{>C+tOR<q#i
zTr&_2Jm4`m^q<J>%7<hNxtN%*yySqGfY>8WO|R?f?vb{)i53{K;)+bU&yQczK0X<T
z?{%7CeNDsPYC3E}?^6`lq%Tad#{omU{Qky)u5hJbFGI%Pk(ij8pX0~@0~gb)CO`>&
zRv3gQX+60+xU`Jhs9-W8u|K(3>5p(R{fKE3Mwz0v6N?bx!}f+BtI9V=3%9@Zzm_s)
zY9NGA;^GV<hv)L$uEQzQi}}_TcgcNokw_uZ2>6>^SzRod?JYYS7N=fy8h{tV#K6Xu
zRV)yK9hk{!A*rOTe3`T`+aGD`VId#0jBj<?BOA$?0esr)L>r1CvW~h7r#_a#I6Cd^
zbp!&AgQK*d(~5)M925_-d5`YjcJ^-?orSW`H0C)H=;Iquha|7i=eml15`Vy{{K-%#
zLe#>#m9Yp5R1U&my@}eD3eZC|#(l)^@?^QKtCo|4(z#~MTibDjLgc>aqLulM@!9_>
zXlM`iNoAk!ia+j}y%1e85F=nGBpvTBQa@;mnmEX;mDjAivbY=3uox-@c!>Z3n<Gd1
zGkYI>dfPDKQtIkE9hHLeDJD?)hVr--Ef=+G%v+b%e(C==Q6@5?A85`6)3945x>7Cp
z<JoFr>o+V?<Q@tZ%MbaU4lVz%@^PD5#SU?Hm~5P2QK~L-kPa2{_--)V$TMboNIT9q
zu3kPF6dOb<Q9}iM0c#710s8XhAM_uAQ6p{N&wbnMmVc2ythX-_Taka?b|-f#kdI~b
z@4|rBW`M)RcdG=6M-kX%r6{e92-rq~6l(O;hum-S;r7Dd`LW@2P5T9LJ){7r#!uWG
z;f=e)hm2ZGQEbWy=Lx=FH)(l<d7z{A7&Hfh%W3tu`MSDRFpC8&I%nBAD5F~N|2zM?
zX>o`^D${|`cbb2AF`wcgWQEV7_k6RdT=01X5X;}#HDe>>^KGw;QF35QPYF7!@z30C
zw4Xl!4YE!oNKYRZ2a=Jvi`WJ44zIxGV4&C}!P04#v2oE401F4y&Pi*&L?Mfzs!^oO
zeDFCPi2OyquYe*ExV*CnfhB{;saG;~AfieE)ZhxuCgr+7)Hz*hM~9Xp%eutSIUAXj
z^k?lE_LunxXdR+3851hKj<PsgxoYfV67XrD5(l=Tq|nGnUNUCUjc>38d>&u*+Tt)B
z>E3gM`E)(Y{K8ywm>#YJWKJhaq2^eB@JGO?nR`80XQ>x{ygYU+f9M@x^W*#p<m*|@
z*zyY6f)O$TXCoV$PPjXfrL<SFw?4W>8pDEQcHu9G;g;uaoUofnnB=D-wqP<ND>=W9
zG|8&du*!(q4mZKEV8L~t8@jK`DKL=3tv4GFE>Ik4bMTU(!;4va2LB|1kcFcec?HUd
z0aTb1TmHDqHWDji3v2D4?5=?IWO!^)f@C9HGpab;Lfo-6tMX}1>W;LyXkd)R;QGTb
zrLoioJF=(<qk{h?e~_eiVsg-dkHC|5Ot3vPANl%JlcF_RffDNarnAf%)ZEpSwF<K8
z2>CMiM$J-4JxBmlW~{)X>luhSLF!m&!Krkw=dm?2)+-k^<3R+O_NZ$UCAN)?4lhrF
z0;LY*=b;o$`-$5ihwGcGhzO@Vf}d&p_7Mk2hMhQv=<iG77HitD!n@d}g*IG6^e^Px
z139HC%sX}w2L4t;(i#-ew1|(|JmukK@(8@X8fU~-Rx*y!A?ecCM|j`Ei_+jb8$W#=
z%l-|oR1aW-{lX7GR(UU5I|WIU+i|*K4tj5?(w)8>ezN-`bcbI?6A=FA$Q5%`-tZ?m
z?R&8c?Q+;IEFdf+p@Mi)fxIM9{dv&4@(2BIh-YtvA+7Yv>ppC7SktnuWoj@F$C`*6
zvzECdkHXAGB&Fl?ojP3TOU8v1h1()tLh|K@)`!GL8P(IZ2qVCMO!EAf{?l^nGne(p
zZ_OavSh_586DL;}KT836riaFZ1*GnD*M|8&g;_S=D<|yp;;L=5Q<&u0BC;+`#WT?2
zfoX;%gj4+Ba>oyb3K*t7NMVfV6ThS_n@gZp#10oj*2JG~7M0s7AjQ#qs6r*x>7w-^
zAj_qVNwp6wO;Ee+Ik42;7?qqc5dD%mP^dD7H?YX~j|(k{w!@OxDFZSn6tWdO%Ib$#
z4KKp<hs9D|^t$Zz_8Ot3ul4QV&yvIXRIhQJt-)uk3*~aoiENH#S}(bJi1kviJfw6M
zQw^7r8V8YGh;I^FoAjHn+G|W6u+%S;=%00Ti;@l;r?I0NcJC~+^rPOaJb&F!mYGkY
zv{@DtB9qN&7p)*3JvZ*p_qe4>Gz%da#jjhqqJ04PJ6mL^6cQ0>P$AFLE|8onh{Ojn
z-7Q6Af^Fy!ve-l*=l8yD%$bPHcvAIZ((P8Nc1a!IEjDs%VF22^hKYCoN)K|G8h7%_
z8<fMFUxTEoh&%{UtqfTV#oh<rk~GO@OTv^`h{0ECCGu!qEF#z7zs+{oE<YU2RurOo
zcMEtKUP!$sWjs^{1mq}w)-!TlduBOjrcQ)WByIYgg^i7~&nF@{J$Dreea?tjHeXdr
zB%ckfw{sQEp3$rI^_e4i*~qB9w_9pLtnmZ@)F7H=*~Qeio8-GkmX-ZeasJNqM|0SP
ztWxqxhw5NtZbX(oQ8R~GkG=3y2Cw~JeLmN5245MX!i=Kn+9S;Q-vsIJm^M)vsi^?m
zS$*$SsFn?<dgO#fGgNN%kqOY@`3TAI=w4Tn#Sc-%5}-X5mCab84OZl?c`E+(i_{q0
zBh{<Z>>FRD(v@C!pD5zBmP`p5`<yC#eMvRb5P83m)GxQgnXlV}6>g#6w?K!+`0Ov<
zsaKPn*bLq2RZ_-Wc)y_7_dY>2zbGm0k8OiSi(?Y<2ehE(E&yfQS~ni=EGlztDGS5A
zjqw>YeV-r1i0Wmf6u}a>##>hYgx1h=`e%%Z81r37grg4~bi~HE&<f4sm<Cs)lw97{
zJfm=^nxyAKzS6h)o97mPk11XnPGzL;i0t4#$9Jl*m1j@%(NymlPAXeMse~W2F^ZHp
z;ZZ3_bJ~HDU<kUTQO$Z+e*et+lP&AKgYf|F&no&Ux4b>(qmdlA9%{&3E37-npRTU_
zUz{}<NDiAZz~Z;|A)@9CF4F@`<}<x%B{Of!vLPW~533e~KTC;sF+ZvO_4Ato!U_%K
z)QZC4r((vqh6x%kORDeM6!{sc`z+mfui>4$7QP+2$ZiTmcsO@coRGI<TTi<8V5Wna
zJ-N{<NV35SFE4df?;5#S?><BgNUFD_x$@NqR)*TyL23A^%t>x^KVa)!(%@isOjkl(
zTjum}Fyqc=Q~{c?vL#f;j;QESsm)=fUj}v<n%pP#EyWFumqA5T{9|Z6O$aoE+JqvK
z_FU({S_l#VQe>XhLp5fEwS2AzeV*_5@G<W{b!}sbXki&j+s(hC6(EKcq3@e)388dz
z-YX>XL+sp#3PUo8?-lUT&mGk_eI8wBKivH^PJf#TZ2#lB`|wBrPoDHWZ#R)H*LsXi
zrHnYn3FT)o8unu_%=t%z78}Z}WJD$lwG>*(#f6=Gs2{u?o;5Ap6rD!>PnQ3&3{&4<
znE59Z%+|sw3e!wso}IzM9TlfPQ7no9C`w;k%z=S<1PC%!5ME&08a+eZ+MOJsn={6;
zzX6Ve)V`hY{4xN)XVFu_0uAj9cUwhT)J<PPfF*j_F^}mf&|^uRfEwm+55*VKL^ICt
z+B67uIOH?Vhd4&uO@#21dqpZyzfrr;R=bv_a>-EXEGO4}OCeCjxFa9i{QQ!_9ePWT
z4ZvM7drpG7{U5WI{a>p{*mC)`mLaMec;7Qj7C65I4zmc`yJdm{`(K+Iy3lQT6>5F%
z-%f0*Ep8W_$|@?<;D|x>-qX$?${@n>W!amsjvlQTEUe}ltE+3|Rs4B!Q(Wm@Kt7(H
znIH2(r_KSa>5<=w3qHT^vF%{aj|%gFmbr$Xt#VZlkk*R_jYn2{8SgmQItr0ocU+~v
zTF&*g6?^c08MR8kJ$R0?5ymAXtV9(iK!{0i{a6UHAJjNm_;Y*VN#0~TdzEO>{tb72
zgWmb@4hSKRrkG!>pz{<s>UgIPue_IKg&rm_f{$<C^PKYsR(<}{R;V<ED_J1Peqi~K
zBu<<8&2`wJj7uUffKcf0gZ`Ni%Er8z2^eSG{B^WuerC6{^`npHIR{ci1kzR!><a$=
zyflRn;xt7eQf^iClYg@Ki|0x**sRPJk9Vv!2f8=7d9>6ehQ+LXu%+uiFsb0E;W3?1
zK)=VnArvCTOXT1WqT+>OxaeK4#FpFQzD9}seuItn_L62S00rvIBk9KM)Y6f<)>W5p
z@5edlX{yV&Lwp+0QEpp7+$z5`Iid{Ilt1Y?>3}RL2Rv)VA)7GD07k>mY;pH%{kZ{}
zrI-WACnTq@!HHGZ?iF{XeqwU(@@iUB0Ugc;ZQs5+H;NY18Q)xA>A97dTD1H&$)fR$
zjgZdnp@J~(%E7M$4#~>~q8N@|S;_?A9oDCYQ#*LPR5o#~U-UTqqNf2zeRs$AX-{%Y
zHkmyaLSX}Ojnf*n8^Gd8f6qY#;==~P5CYX|XHnWPzq=URE_M7(7V}NYtQSEUSDdK)
z+u!ayTi?EgHkhn^sH<MJ`G>rzr^1rQo`C%#`Djl<na>xdFqs!!_|Y{)C18SK2mZKY
zHoORw>A{=T>q$cnGj>EYN$KM%%D11o68s&90>%$_yC7(1)B?8husYm~)W^O5^Dlu*
zY_E{?ip>2JVw0_$ZM^y9)yADM5<Y@f-iBTRRJ6own5JYV)D-8hp;=h~)UO8BZ>2i)
zxTWiJb=w2<M0<ZZPwTJCVZ%flpa*>MPhaBtuRlq0ZkQR-Ki>^iiYcL~{hL!(<a8dI
zxN{QcA|0Y=ceC(4FC!d3*Y2A7_SmGmGtyT&KRG6xwf;;1j@DvEqtq1+_=QNE+NXn~
zOTc!m4ytSa1A}n;rxW$85|tFzCB271VfWii0Id_o_qm4yrjQ%dx$gCEC7(+XlPu5e
z4ne=D*S<B8{i4h!29e~>B7jye;O|<VuT)oy=gt=}{KK#jzf9g7HWRSJvjbe>zveld
z!mhOz<lquhViJN%Ht&uqGTXP_0W@}nU*no5GDY6pNt1WV6;>Ot)=@+2W`qM4m=FxP
zYXy6n>x*wugiu{o4|brmgSU|ZZdSVHLc^-ks?$Q=vy1xSV^0_AdeUfKFY>%1B!n;P
zHRUL5ubXRzkX`pNDD3E#Ln<dM+)IrcYE6#WKW(t&^f-Rtl67JMDO9OOPrJcFQ{Fkv
z1RA%EEA7Oj++Nc#hC{OZ#%}o6ioJ-#<mn>%oSYnxW5ok=zTTLhW8xp9ot$|JH3Tf0
zv!C9qyZTo|JAPKXMuTuHNmWOBQ&Z~myT3pHh)M&A<EZGYu<THpb*7{*kjCp1F?}T#
zn-EOUP-Y|o5p&Hg!xz%OJz00fVApPLg-j=&uO8Pdys4))4<71Z*Fr}A4iA412MjOV
z@;*vKOv_na3cYe}IBq@ltR;@*jP4%_$iE@VEHHL49Ka5U&6m9?1ntQsiS*tu8(bI~
zkO>;SZH80lTde-4r6xJ_O$k>4MjGQI{1gTDU3!235tSen>4e8elNtn4D8IAhP@j@j
z3T6BL)#`_#r?Kfhf||OF!vj_~(@ONrSDujnq3NunqU^r6KQp8-ba!`m!_bYS64EKs
z(p}OiA)V4l3P=wj-67pdcQ?P``M&SJtOaXv-}gCZpS`c^bKR2FQUvzl+=f!Z9(Cw2
z+&fAeoZ|K2KeUvhgiL^FH0n{r3$-m&oj~{=00R`85%$Bfa^f#L06-!Zm6G^rj7bH7
zY#IPrg0<e&j009lM5a6+y<CotKNXr^8obtPE79c+rSHt@5l0^>s9+Wp_f`ng5bi=M
zXq)fv0!aJ{95`wD{?G&D2PlzJuHqia3#WH+D8i3jJcbtfl`ZTM)pz8;Ko4vRmrtv2
zyFo~N=`NXW!a%w<+B{e_$9%J@?lk?e{tI_lR3?M(b3-wk{siJYyHxDH?8>_y)6&2+
zGnsL2p-GAH_H91~^fRAjZ_)9^&;evjBCG-b8AJ**LJ5q80qnP`d@_U9B+5d-f?WBm
zaV!WWBgm4pv^Rv4AIFK31pg;>8JSFSAS(`|-1f0&^fKx&0Cq5*hiUY=+z1DWzY6Ks
zI2Btm50|}FQ;HJ{cwR6mi&L7w(Utd5yoV0a$;95NuAz@ppMTj8zFv1+F(@V@)Nnq$
zejWr-g3pJQAhx8E8v<-UQzUXIJLyMTcOs@R2AIBIXnxXT`qgVXDiN>|Mro}Xq>Ic+
ze`x{Eu$wD!rJmFMQ$;56Az@r0!J1{D5uSpX_g!I&0b74`*dR_kpxOJruuH-Ew&05r
zN`m|&AfaI<1Pdb5nqNZGqBY3>pjSthdc+A#*^&f_XAbz8t@0C417$WHkN{}zn293z
zOeP$pjukjDfbRNry3V6_to+9ynBarn8mbff@Z<gEe>HufeRygOE;7smfyD{*u2Tem
z!AZ|)#mC4C4%|&txR@z9F+N_M8#LT|i}C6zFUu0YtA6cgWV^vUWjNO)L}Qv%pNM&9
z0aUE>hnv4vvewX5Y^Aj9qnmmNaYq|(J+9~u_-}?Qh60aXedVF$6SxRU-<SRjiiJ|A
zzVF6nSy2#j3{p7RZ1^d%)b6CLx+lzCyE}nl8bRa-1BAG|T0O63sZ_PXIewlcnnXB*
zsj2%>a_RgNfrRYJmmq{Ic%hFur^b`xJr;bK1HfB9QCun5OP^wLJN+_z=wVh$Z^7WM
zZ<4^p>jN}V$0By*0Rs57T$aDAo)Ii(nv@Y5Y>?dE>!1c~M?Aku>bdcd{iF$Z(e8AJ
zWJDx?U4)0mQ^*xv#(et+;7?*l{W;<;y(GbB6vz<pw5z1KB<OXGN5C(9@M?bL&3+f;
zl1p>HBflRD^PMJGN%{iae#3T21Z%^`g$_R-qaRwVsjw{vT`i;BUa<+sNw;R<eB21P
zf*S5`#2PCj<scL=<;)N{pq1~=>1qf}IJp<SsVgFj7r*-o@bwItj@ZEZ7XG>Rqi8Ko
z+WtP5*FCLvAgmeB-W`)0o}UpoP|%T&i25x%*Q1TYLSR=NSyIm)Q_D)FKa^?f^LWNh
z$k|Rerj!<aVG(8S`e~JWUMCXf(IyoD5Dv5ygC7&~n&kktaJ3ix6IiY4dAWjCcf4RM
z=YNz`iZs#9%Xkw}NYkL93=~BoM3^$X{z}{<U1P^I#D!?KuY1B?B0&BMjriVpR`GG@
z8{PDNaOHz?4s7h%k3_Nt5lzJ#4d?7YOQAWzZTl(ODGLzOSO_>S@G?#pD{OxJ(w~F)
zi`hx7SHCgSLGM?0!+L!3E$Rkt)K4g|Jm#l9XDc2zaQp-UT|3@=2ApnY+SAzoy_hr+
z+_aYUxb}EFSJkpInM{dR7ioUuKe@UlazIi(irJqf1~ebb0RS)|`9V-~M+AntwC2Bd
zfIwM5*kV67HY$q&(58DtF-<f81w0#SYysWFCEH;*dp>a7m^ctgsMSUmc0&u%7C2In
z>Q`0x94W28kao0{+zSKRyjs@pHnd&Dg-mXxL%RckdOB2R6o$?zlJWQOlfj?{gLDL5
z9Qr~?yi5j#-*(CY>_~k+Es;W)C)Y?VVKPpgfD#u3=)(XXv{3XVwhA!CdmJqAdz`u&
zxpo3!x@H>*=@8OyiRvon_roV&jD0RJ-^Av^OV#tpx~JC2zNk-L;F(Ja(;aVq5vY|@
zTyl`;_hbnC)yqyTG4%HIVM2Q7!uB@;PJel6!F-lA^44;=T;jzxRwvG1t<YPJ5B@^*
zSz_c_15$8<H2zR}yYM%H>I&j#1R=5jxgjMDY*ab3uE=Z0@JT{ZNkc7Uf)9<jqijjQ
zBls`@GZG<bt6+aG(i=WU=r|jJnxUN=X|ACpibEddy7kX4afaZ(qE^+o>v-37Yq2tH
zHR-MkordCG<flwE!2f1DCUekSl9=40e3Zl00E@njt(9D$-HOMFa)75E=M+t&FPhHC
z<e>34ns!b$N>#$P^L`0x@3wD%z~YY+uETgwK_BS!9cA_3QF;-%{-!>Vu{g(P`Gb+6
zBCU<>?p?+l!svYCXkkWag-vZeugEwNJE(I1qIT8Fgpz|m=R3B@0nc?%;AK<EF-+s#
z>CjbefC*Xo&B2W+DyI@TB^eFa=SB!aH_GyZS9fY@2Lx8?BO@WG7>g48bGw>gY&Zhy
z_2fOByI_S-GtSp7mb7X9dDVza7WSv&t=3Wdl>2ez22LDhThyHaj@N2t16_F++g=OE
zkJX^IPPcwMKmz{Zx1N;Qn*KQQPEVNXw9^RY()Zo7RL(WH86gQ^I!|#DZUKjPyBj%l
zjk$unSyMafGlHnL4;FzMq_p=wIsn7M^?I-*WnlTXlDddxJ`ifXc;sk%P;ou1k8)ZM
zV7{nIiR?>v)h9;<aPeu7TcEL64yx$>-Fj6p^sJOXd8*nsx4QEdC;;Qg6P}>2qvJNj
z66jkQnTK3KQt#ME7Z$=~y6U&Zu(DgkeUFrLD6;1)7b~rh@vyPWBL}tm^L^BKj2_H6
zkZHPOv)A<?0`@0?WguI`q>w)^UPYDixnBQToEvKCQc?#MW<Z1cD^UoH<tU1{(cZv_
zk9f0pWCZJqJ_vz!PU`RUFV%gR@yS}N?T5clX8>QdD-?XcINaoLbJ-WGXn=uK_a#S5
zkAG+@^*cVjTKwIr?Nhe2(Kt=ybclzko-J5WSj>0McG^)Vcif|Zb&2NU5?QB))emED
zjx1sJq^1jm(kM(;1$|aS1LKCyk0YVdv;Xr$o4=|u#Pg|&xx0f#YH3gaD$P!1FR<zE
zU%#jSZxy}m&9vWvhpnQ0l5&pHH{nLv{66}tBicOvhqu!5P3m37lG^L$49}vTAN)bA
zn0@r>VOtujxN?GwknN)dzwzyM&#eUlsLdVr&$-+aamU#CF7X_{>?dTJKz(9`KjkM^
zjHN9AirJN?tFd~{g9})pYLNq!up$j?f;x#37D&B^KTS<NfuM!1e){q6Jne8rwake+
zl|4xXp?Auj1k?|Qh|mBA6tDqx`|_ODHXfg(xgsP_U5#BNK1<m(1TG%HD|KnUZb3~q
zVFqtMAx^;jeVXOs>0!)=`jf#J#DO>QH@SXeF?z;Gr$;kmNA?%nW1i0`+45CLTO^ZS
z?Rxfub|EMRC&N3dwm}*F%Kn@nI8<_-;F^SpRQr3=V0FCU#A0!+l%3J+GhaQ(GE5Kg
zw(UW!|L2~nJ&U8!I}7j6J~%C8QDXC7WO>|Iyjb`_{Izh6_ggE9$9q6PM3$tan^YvA
zdr$r9@%EZ3+RR_q0?w~g24IU5fCxcg1m{52RgtOT+Aj!aba9^{Xn`N>f$uopmEur>
z;WibAtyYvA@a>of#tO(EqQ<o*3{%`lBa0@f52~8F2rvO%ahyL_LYUzV0SQ;oU0i<(
zj}ew<IOu*{UD?ZiG-unl=6$&i1tU*X29(P?LZ}T&Am*`y(ihl+I(>cfG4|v%5S00>
zRZc^8zgG?pTBb)+<%b5}xrdkYVRIPBA*dmOTk2C_M(xAoPRc%c!Eu%}uXv|TQ<hv@
zWQ0O67oJn9A`BOG4@0wj``|M>PR~EvnfO`~zejrRqw3$B2}5$x@RObm<Y@GN#i7A!
z#SUw}SqZC9(Ax3wzJv&MKYY1XgeZ^@%a&hvkA~y>-dW+NWGS9Eb`JI=Y=x9UYi)2;
zyXA@iq!di#WGOm$v+IDH%PeFZp_2%O3*#DrogPUeWI+bNVAn&0KRJ<JIFEO%<{Z9>
zrRz^_rJUQB)4nF=6DxGqd?FlL7Q<bDXE$g@MowUZWZ_W@*GSG;lQ}4SicFf4ezfKC
zrzPNZbUJP<`0t)Q-4ybeM~Z6pS3LB!*stz58=G_dz`L~+v?Aia!E<K-rYBFBciC;z
z{V72TP>`u_J)tj<=3hH)S<1RG`&RrlPYVIY<~R_B=RpYKDI3@RS37ITF`6!Z*99Ap
zH=aimEKrOU5P6ljAwN}DXMBDqqV;Fs(0hj(U=t_X&;H4tP@bjdD7>-L7NH04$l!Q2
zU8H7f7uB4-xe^KRe6;YxCwew)ylSbz;pm>B73|VgW$43k5>1Ei;c=C_vO<9)qm1Bd
z3V<Z4XJEwEL6Fg=i$ki1=f?Zreq?Xy>{^PM;nl{J4M&7<@v2K;RI@tR+!crkNqT;s
ze2lO2<t{C+_<h@~tP$=YL&n5GU$}Lu(c980sZI1FiTR@U#dzgqc=#n3s)BD4gnQQr
zmL6UJ*4aV_3(}PGVx$r<8D*O-x%GamU-njTIAna&{4w~3_>}kJXQGl#j8%=`>%AeK
zeEGEdr!1<G^6!Qn<2C<XR3byFJe9_7)jzu5jz$@xL}x;S|3YpidQYG|@VcoX>c<`{
zo-&cJsgv~I%lW9fZ`&%lXL$nZz0t3e3cC~4rst)9NjnX4g`+%u6K8vdOZ0zAZ6PjJ
zJV8O8HWbm)r8x+Y6e58|4Jvp!>8Gj7Dtka63o{Q=)AEzY(YxVpiMWQZWYxE@Db}{-
zPRmhPUHu<90Lg3T{)Bq~q0{p^+hE_uS5yA`i5;3KLBfzJ<|coS>+#w5u6i3oQ39NC
ziE-5-U;;rF53a6SZ!gg(WH+=GUsg0#%J@Bp!m<^vT9?j#u>r>Qeex`#^Wcs(FzsI$
zRd@&}uA>zx{;8h>0?NNZi67*&pfV@+$Ap3~`ZRdzm{pXxFi|W#t}#2M2Ph($*LC<*
z_<ihYzR{(9*-p$;GeFGy!p#1bUel|KEo*>^{B2jBaH)1sRmXG77}x$#n9D{37tq<z
zOQB5|PeV3pnY9<{WFS)!`Rm6;{0t<u0X4!>^0WX$dz5k@eMUZuC?HO3%V$vxuhF~3
z0Zi6uE9FEz=f#UThTS$#VIJaYBjL;`v>t097q#`_9Fx$!D#g^G_FoapbU|89X?uX@
zaBHVnR9qnkY5V>7S}csa<SO$%oQM~OGkirQdY6^oUEsZYX+Xjt%Y1X1wTmk4MjqFs
z?Ov<b2)!8xy03`OKR-_-55npfY1X3Hh*L7{R3zsvG-WJw6b0SFaq}7rvVL^3{y4U!
z$<8J*f#sxuff;F_z@Ng2ryH68q!2LW$GekJ${Dqp$$Frqv;u&k2U+D0ymI@=U-+A3
zzwnlRk<a?vfv*kzhb?`Ygj|&JOk7^P`j=w&^RdSE@M`8vk3Rw>E|<^gIQ`H3If9p8
zcy%IVze^sKCc&*t;Motr05$Ut>_G8O<U}h>boHVx4m(!<EfF%~taophQ@?@!4KkwQ
z(nedfcK*c+6HPpsA6P|F#^hC{oE$GkMy16<LF{2ul5^xD-v7o<I=}j7ddbi32JR@_
z|IBD^oJ_|Qwo!7wV_QQonS;r9ay`%I;;Rl}>zYD%RfHr%5gO6hZ!UNy{NRkHbUnDa
zo0<(<s<M=fE%nTtx+oC^o)+<4I8G+ZyW-W=0gT9bfsAI)1!b?xdDs)H-M(Lv5HUs=
zrrqh^HCeC84&Na7Wxjg#!0(vOtCPras-Z-<yUrN2(Tqk@;ZE3hDg-P{0qG`<Hm8FD
zoZ<X}!jY0$KqH3T4Lz37>0}_hb)y=0qc11hsw4L1*1DXa4G}FK8~{TS9(<cXoAnb0
z#_MFtocbyD%lbircZN4BAWyjpsn$i$dx4sqp;F@{=pz3!0M^v~6f@I!7me>wBhtE>
zW=(oO`_$R?7+0S*%SWBLw*Q7Oi$?r|p&$p%=^;ZiUD)9f%6OiBJ*q16%(XxfGKo~c
z%^`7Ew!J0xwww8Fw7Z1U3B}9(UC7Cb)94ffS=l;FSMR>^YZoct>GmRX%<J#n+_B)V
zr;v+>tw|JA6Pfs>=_`C(P6Xv9=qVUHeVo1{^K`W6hI#fKG1-|B2`===TEbt6hkhi>
zqEkGJvU2?4v0f!lmo^XQIoht50*vaWN;RTC5hdYz6|4xR_%i2nDtLW3|LNsaTO;0$
zG^i`e=I>^IJ0kRzqA*;4|Kg-ziJPniw;3J-9hrV%qd73^tyvArcY=MGxob}+KQ`Mw
zTLb(FTh>><d`NJ!3<^gl&#wFM@`}mivG1PGHRke?T9Ni!vKdl;qXU%unrC5Q(e|S(
zDu~#D`G+bzNHDv*zlf`-;69ziL0_nJ+@L?Hv%`P?Sj@O1z|^S>b8p!3N;@Kv@JrN@
z79*K1;`d6taf|wf9e~1uUr1Y|Huq2}+z;pSrsYn~w78q&wvDL@W3S7Kwa3Maxc2q?
z;csnzPydvwR$wrUVUCxpE{YTJMYp01bwRF7&%(Ne^rZ_fR7%Fv)DWb+E;ZHtlie^n
z^-GXLhJ&ms9tsul_2DOC<~Ge79F&oWO0ib0B}5Q76+X+!7;41|D$Ry-GQoCl?|}0c
zU!%=cD`Om1qH&Sy?-H{Qw6&%cc19G<UzepY`Hd9YJUIh`VtU<;-Ks{pYK9RC3x&w#
zZ;V^0*3d`CXc1-5G^?8k*Qsw!e+6pCeA1<a<0Rw~u(lzZ&<2BDb(_x<Cl~>n@&xb2
zOR5T<b2ISSXus8p|GVMnptB{V%4427U*F8QmS$B;re;itkwkI%Wwvm4^R%#&x}r6|
za}=gHwNjQ-h1wSm%0Jf*b+dkCmBb(0UY$QpDu44nR0vlj{<{HxLk+y7fetc4$Og-a
zG2sW|fSac3wjY;|&eo1rKi*R-82YZN#*1GJxhYQTPXEENrz;2zgd|$2k?N(B<e-P)
zEJH~F>!9Ws3FSW<*2v6|d|TIv@I3`2*yT2wS<rJ=5Fmm_SQFWZ3A^7=YAYO{`6o&q
zrP1Hkz|lJfGKjhgw;2Y_3aO{*Wd;Gut=7%=L{|N{!Fr{bh}aEwQTGuz?9t6nq?<@#
z>TJj&X>V}zuczbwyQdfnIh&b#gw`>Zt|q(dJAA}#Gx-$*DFlqCnlFvPb<{TC4HY2p
z6kV^{Sj}CxYl<S6?WG!YS*aJ1VUV5)K-hF$X3Ur~a&t(qPd;!rci|zCZB`G_R#lp+
zHnQT?wzk{I5{r9ATz^NEM5hw+G?YE=|GM%Xgrtj$BCT$}r~VbLGR;gHGqeIWCMo(6
z<2kwX_ThtEf+4y8<DDuJh1YX~$o27JfR~I$Xdr+vG!WZ#V&ueE7u3^rC(09snERFG
zl8aQ(Fh~(uP>ie8-8R5lz}?YzVP6vsaUT<&6`NJJ4N%XXhN@;^uS3=P36b&9)g^wq
z@PVbwb+r+v`3$cc0LH+~xB%fo>Hc8sp|IY!tHZ5FeMium#vw|hxr505&Y$KcVq9Dj
zp|bqTN-sJHQNA%yGYoKK?c6$<V+;Xn1z8)dQrWN8X*E9&{qBHaZKllpLNX-LEu)?P
zkSrW_%BhV_BVaslcRI8>fS*)#=$$RSn7jGYGFZ+r<R2Nn;1D84M@D<iHG*5I5bVlm
z6;xy1^L&3DKQi`LlYVyXztQ*csJeNl+XBOdI2v=+-_h5eRknWea)Z3>g9`C5@*TRE
z2Oa<^MN!$5Tg!{O``_gK1N|Bzb_%l94oxd?ekfq@QhLvZ2r;71%bJ`lA_kAnbAiUX
zOW%$CD$$gAKy+!!Qbo8%s6&t-1Ts^3VJp(2_qvj&|3qY0M=N9AWiQA@GA~ASGjkUM
z7@fl7d+N5CyqqK|XbnyL=m<kOB~tvz**~HClOAGJWCDj`YH|-6gjHSPY9em{0A|}y
z@p*G;2akVrD6!`V0i1lTIk^RkMH+hD-7}23K}}13I9TItZPK8;k>+#TvZwX8W#wtT
zrl8+o0|-zH=JIC0k>_Z)+xt9L{vZEAgx*$S4ChYOVCGqu69tjG(lwDy`Dl^O6R^h^
z-Du+`#9`#Ol6HFAl<U7wa5n|;_uQLpA}uE;xxGG?HvAmH0hYu(vKyd62}piFW45|E
z4t-A%YNwMYoB#qaTB1et261A{jh48G3L1gxf((tGmep0?A0j1uLxn=e8ZQyK_3Dn5
z{>HUKM1x4UIi0!LtI_i$$U<{#*<R9rhQ<AOsA&?B$TEMu2eAbB!UvL>?ob<et6<fY
z^)EO~zX_A2rRy=qbGPTC>7v|D$OdTJLMOmW*PKdB=O^(<<|WziH7>I*Udy+|-}-L#
zhV+<Ai_o~AHB>2P3d%XpPtJDM65||J?Q(op&8P*RHo}5#?moF71_gGu!)y=0YgVV5
zf^w1}?^c$fB#lOWKFTs;TIun<N1EOU6iNSN#spg06{++BN*le>DIIQlz6t%;0cGR$
z@rRe!L(}=%XQN5N=k^u(##PvCT46)a<hq|qDuB`*AS>6~#=_D2b6iDU$B=EGK|8SG
zBk28fXr6_!MDdPP2oP%FXCj0}OE`u~4zha_$oEC^jkFq*fHQLY>L*4EAuQJSAFz;>
zNPlI}&%7;#*eug>Hf(XaPwA?N2hhVyLc*v}+aK1L1oR>A5C)`n(nSMW5y<N(B?;&(
z=y@}l!kCzU#|n-Jhyc|`L%E~S`(T}00=m<bl<?=r#!U1acQ63(YR@Mpp?%BU0v^+p
z)Z(%!=PIp{Gu_UGIWsI12Gj?fiB8(;!&g?^F|S5(C>5k_JP{DsBeIK7<8}muHUm5l
z)6yp!rIl^y;fe#GenN$8_v>_z@xgCmc1hK4^v0>DD)sX+Z8-U~(Okcjb4RjNJpbAV
ziem`yYyZ5P-L(44IVZGw<W<KaQ_HqBmc$L%^=4-$hn#u){e~h%RjFMUJ6Twh#C3Qe
zXE~JY-HVCl)#z1_UtMY^yS<N{AdFw6!VU!6r@UpNp<z$0|0dP#0b;}<4G~N`a^23d
zj^pfR=TkRjra4p;BrUbfN}l8*tg?xRmEWRlM9^23?&y+;JAZ_C4ATG_N7fziFWxFV
zfDP+Qs=dGSqYXhzyenFVg6Z!pJ3K-_0-^0)Wft8p#c1|TGc5K5l>!NTd3uAEVZ3&E
z$|?eyKi%gOW8z<4Fx*CLs^25a2fxwBAJW2V#2U&fJn4LC59z$CUdr-2_S@|+e5D=J
zhb<h*93xC>I~8a2d+X4JG#PuM9@!re?(WInB$l@JiizKubqNHH3dSAU^$d@9L`aBU
zP@^}JflMmA$6i=XCE>-ZZ=*i5CM0ok@A*c?@FDqdYeofmcFWu(GHR|Ues4*F{jJ}V
zY$B$BUCu|<RjW+#=#C_3TM5GJ0v>Evx!`W4-LlHq!rHUU&L4J9Q^B1tgF88gw8q>A
z`vpv4LHc=A_&yvxiU>r0xJfG4K5;yic%`L+KVj?b?&nV+0D2V7@O+^WU}<>|nG?`L
zl=hTL?`nTK4Bz5}57M3Bac;^l-fCj!J<LLeS*qHm+D588*v(XWFaX|i(!4qFW$SVu
zkQ{jH+s#)vEI?!OnuMCd+U$3cAC!$0S}d0kT~m<zAQkSnP%)%{3*)rMqE1ghO*-_I
z;sd`fATJ_ft&e9;$P6H5fywg&zx%{*{9w?8?d7^!frIx@1W%PLA(DR=nTeX<P_o$%
zZ$tP#Z{9tOw}0vBUp!KR>M@cJ22UQ^j?2C4w}ve?Ku0iyASC2Cyc`i)yY5QIQ9mJB
zE)ppgupF9J8OX=OiG~+r+ciQ9co$k}+2?iR_yf)E{Zvr9xR&@Zw#(!mJ#cqKXuNH{
z`0=S7W4Y;*r27->9>3V)<I%A|So(|G2Ce3_G;-C$M@qNvO(E)Mia6E%x?K;nK<LL0
z*mkc|uTMokJ35$a42EPFoi^1ZV19$RVcE<NF}Q8zdERzCTqT=huU+RdT~}7Xskjfn
z;zwbNtF3{udamUWW4i|@><|L<v&>4Nflris_`#`P5Vb-u_fYl1F_tf`r{DSwFZ_E2
z)w=zj{pRcOn6{ri&<pvw{Dh<n{We<7;5>?cs$rfN2|wf6va2g-2rOZN83Md|$1{TM
zNlyRa>$5{qY8^NLNmoIkQl(_mp`6t;Ut^bQEmnTeTM*mE-F`HixYFu%jWpH(3K<-x
z5ct)Ywby4|+U=~WcDHHY>J=e-ygc8%4`}BU`CO`fJSjD)N|=#&0T5i}u-%Rd!KDSJ
zFBtf1|5$?0vT_FeM{g4t5ZG%y5%oBczB&5uG^g-9jF(txe;IfyYmwKDL_MFbOY8H=
zOAG)rUD{bvsKYHXN^ukA081_=+z{l=1YM>Z+_@thm*L-t7^e~DB|9a<jA<fLs;T)A
z)U-KdE>;MLIR8qm0<p3je_biP^CeZ%93*M7gbd;Tvk45VQZOzx>;EL-OA@$6<#bL#
zzI1xogQZmA3IMV0&R`_&!1&gAxQHBG7Jit+a8)@+5qkyst$Wb8Do0{?%$~G)O-rN;
z_$VYQFEQ{3RUEV54JZ%7Ig20-=6}|yHR1`FP<rfyJdhbcW-_r>J0Xf$d?}!t?r`m{
z<nfTW<;0AlvffiiQX6G;?X02mp+f*?y6g4*|B&tDDZd$W%1cF&<%4=jm$r9F%)o>3
z*98UOIP(qGSy(VsGi?JpVMn9WD>siE#yFopdpq}voPC9tBhaYIT0jq&RYvK3wT2hq
z2+JvdlsgDnKLF9F-r$;oSHY6iF9A!1@v)QBb$)U=pSNo9W+BuhMxvUV6t*k!Z%*!T
z_Gqam8NJQ9WHjq4;?enxl1i(1*A+l`B1R7zuY~yQ`tkp^ckkh!YfiyHE`zIY8=kw#
zP*B3;ZGl-60kgooYQGEh*u$aS$m1bh8h-^*zH?F(yAg&o)f5w+Ji6RQq5DW+*+PDY
zcNTO;p`&Yj1gdb5fQG{?$XHG`051*rwNCjK`pR2XE(fpWPOyPFKiqpfGfA+>JqE5Y
zx53njnkv6_(_CR(dA;Ia4;%+#gelMQS>J+xHg)d#c9!75A;**P-~^riWna*BXH>u2
zdgVDZzZMe?3T>ZZl*Sk>m`C|t4xcV1KFk?%aNkU*1UltJY;tV>%-)G%1eZ4*$tZ)^
zZ&LC#>Jz3YR#eAfJP|1aL<8;nR}`~Bctr1eEXBcrQfA#GvR>r#A|NVS1`5>_!F`wA
z3$Y_~g08;gX=S;dUesRJr@nP*+G#e8cqW?<iw~zHukIshpK5MU28923?O<vPj#F=m
zr4SpWW5#*Y{cc9Jsr6p?Yq!nh>Yuodv5q!vlWLa9nTSuxq&yBNufJD|!(evU8)=jA
z4vC2nAc(fUAQ=V$%!}`o8~d)M-BPRxWKb}_OGc>Kl4W*pyY4x+NJi7d=_Qqu5dz9p
zzW6|7SI<{|ZRS0oWnIp`1)_f+S%8gqKc=YuU4fIA2w!{J*jXa?JM{Sv`t8T^E`Y<z
z^h0jk0x<!lN@`Q&z<ewz?lju=U=j#XjEd$YKv~-8#e*sNq`(D5vV|opo@E$0j0YJX
z=SHFug_HQ!6Q7I0eFcEq6KF=CS3~+$3NatDP!pyySO6;>bhRCuO*MCqVZA91kKixe
z<Blym0~_Jr+y^3Eu%MyM7o1Oz^$Ga>VBz>O;G1k<1>r<tjwVti2B)@4j`$m#64l>>
zNhlM3v{7P?M_;~1bYZmq$@6$t+0DTyV2v3>JvR)ggkUXo!c~jiahF<2nm1hhN72lb
zLxcV~g3(f+e@OMMLn8^W?w6z`X$T^{xYf1s%KpA-5hJib+An~gCQw*yKE8V<5cgmU
zoK}HxO8kVcQn>t$iD-1RH{0RF{+BZFD)|2Ic}ctsrx=&jYA(T2C9*Y_)IJ0<Gn^af
z#naRAENM$>@s#4G-y*#KuuK1}JKQmlVo+St4I1>hHPXr3EfeE;VZej`ON>B-E}2_W
ztaP2oSRAA+CrL{@s)dF~#quV(gxapTh+XWh<4bM*-fK^y-Db}V1B(vGTw5wuF=)T>
zPgcr0VS-3qh-6+fQ5n;06bx(2-ZG6&{HD~5+KAd)?QD1Y(~nbpFtl`aOl9YF#YWpA
zvJw6dpV%#)ioVqDSG30mbaPl;Dz#BVB3nvgm)(R>L?BIcH#WT#@WG)>d6@M=8cQND
zktDr&d02TDpP8P|@tmJa><4Y&bJcO*uR|IbT4!zonU0w1glxB&{yO)d59X;pjT3Qf
zccvkDTK)lJpzR?6N7RUjq)gvB$qt){)ITAo1tFu9Gjn2>bNNY0kLVfyaW?T?U1HZn
z;7`#|-`3i|`E6Q#ra1N-X#bcb1Ps)?R907kQ{oQNRgx3jmCqZ=nV0F7+#nK2=Cjd*
z1bEm0bZh@LW@4~;u5aXmAg{#f5kis<ClBLsQrO^$dlm>GHMCU0MhOb*rzs-j<O99S
zi(pV8U9KaEEVN(mu?&fuH0SS8bq1MOCB(@{>hxsaAq9<6B=x|PT8!Z8=7V7u!daY(
z8fmN-E7-vIZCr180PJeD?EBKa9##H)tUfUy@e;Atj3Z=2bT=xe28hLE3<ctORhT{g
zie>3cCOP>?^IyxsG2;1SAlbtS0lWfUih4xu;Yq@dXye9S_<vGt^P_B$9mU%rgnEXj
zPiTqLl4IXxh`M#TKSWlTnrP4b>Zow#&8V;~!*C|=d517#YG+(hAj(TPcFd}*D-xIG
z6ll8hgQU2>NC|CDE<tTby=-F}J*{^eBxwtZR3IYmH{OqczJ9js?1|3=8j2G~jwio!
z=5C}G9)NKt5}WM4+^GWJRocd%mUyGaUD6dm+5PBw42$s{JxCKCw}3?q3ioe0HWJ<i
zPZK`q)U&flii5b>cY56|>5;+dLrbZ<LSY?GJ`+s=7{agy_OrF|@63RC`0sY#s5bPV
z6j?ibf#_fU^ISON*Xu`IE);aiUUUb_e|i`!wdJ3){2QUE4qJfFhyR|cz2|cIvHwd?
z`P(Ou5$NKPt&JaujhD|%P5sVGM>OaDil*9b!F}Tn^(3utQe@3+c#99#bblk8%Lbz*
zFjaVk8Yf^0lCB!Gq6@IMa0C>oeZE?Yg6-$Mg<LaXJ+e&!UlAcE4ahx`*bz^XmJ9+8
z5%9$p@2CNQ<U6WvesJAPa5qos6fa2GaIxiTp&D*D0A*g1TaK~D{$*q3Gdha~>7wBq
zDP3J^I6Ttg5u=F3g=?NOVvrtBQb}PZv80r>I@RAl_d@t;WTLf%^(OGisJO+cv5u#9
z)V=PCQ`C2W$Q*OQ8ZXpJ85CkL<Sm>&ip;26@Pr$V==f$H-fcH5T!4gL(c@cx!RMh;
z`4f-IJ2jOTMi;=>^sb;!J$^m_lUh(&+DzL={iBgKBgB$ecqbSGSnkA8ZyE+m`5vVN
z`I^T=t<5Ck-qgP>dbdpRa`W5%!T<a}z)a;A)TU+ENjvIDe7v$_`pRGM62WrmYIKx_
z;{q+X#6HUe>+oitCYZuz)q&;&xAW=2mVwBuv;o)r$Rc)nOymGCCB7;pd2BOwtfIDv
zdPK&$HlI2pf=v2;i7tz5q*=ETo#YibqCk2i%qrZ|AS0rm?RMzX@<G}9hqL8R-)Yiw
z+MI>Hf*O8GHau&awNkLn%bc)6sxCccoj7sSbuw>%tAG{gAXzuXnb&6Jc~Rh4%P|r)
zlzEq>(WY+(`%}!SG?r0256&(ea*-pLeVt}7$vGkGGXZD$bQq8}=nwC|;VAoySw7HL
zcqRCVXTXtm^ZBR<#`CPi%9CUDTeLS79o{`Dw@W9!WPIkIN~?O06d;bk;comT@(2gK
zNW#D_`z9o@OR55_BdNs8&~hk4tmM_6TpBc4iMdf20!WQ=!ZsicSs&3~W42z4{_@O_
zk!jncH)*8McHDxH!m9dv>rRH{OZWABooSoVra;361$hxY?yME!*bBWQB@IfAOrIfl
z0bpU^4>DtQP~YMlGY5qVb}&v;0-bLOHz#11shyn#0bKW3{hHVX6SVbUJ^kK*(+QV<
zXBpA=8S$UlT83n4tKbAHN^$K+gZx_zz@eeX$`zH|)!=`2q}HW}mwdzRgIGH)#T8yt
z3yWPaQlh!!cYuoFm;6ll&@YO5UscMd4n!~#<}gS#hNY;sHh*6T<rjR|JNV|Msu(1U
zM<@0%3p^fJW9M$bpQ}C!Q7++Z>=sb}cd>F;{o>pI0O0gkRcXIykYHtKUzwIsMM6a#
z;rzlzgh^P8U`vFo;DtA8j{)J2O;JZFc_)-lv0XuAOPRxk?bEBM1E+#xVn-4<h}kso
z6Ws^V@+i}()qyDk#g=fL7Wh@xq{ba7H>Nzw@2KDQ#fkSWv-!em|C_&q-pS_x-%sAw
zZ*PQBG3hJIdf-jELs3w-`UJWy;AvG6@%U!fiGt@LV1T*~o)ql%?D30Q*_4)M*XAVT
zBd1Ae(7y95vUZGQULF2(266KH_f+b72hS9xm9nJ;pr9ybkFrcoJe{jp<k>jM(V4yD
zJG#ic>K}0Fh2i-J+=8QlRz#FFftBz!d-$bgJ-n(;wkTHLKkFNNysUDpxi&2QuzY3E
zjiV$Y*(T3_ttm@N;17<1jyTCtBc`hm*UC76nvfCw9KpzhaZn3nMg|BKxZpWYXH9q~
z!14JEBf!veQNoJ^x;5@7Y(0%6-!YwCz?1M}$ML;$Ek$Y4BVCkeXt_QuqIW(EH!CLO
zQu=QYhPy`u5{7GDaaBf+m|O8lTQg5>Nd?@Be9Jj@5K6Qjawt-=Afb@0Dv3e+MN|dH
z-LX2F_+ik$egOE3wkEKDuoN6u6@6sGMO__i3E9+xr$c8F%hcCDB|}GPJ#$YVWdxX&
z{upUK87d9xO9(ihvE4!e#KS?9hxNuO1pnMM0O^P|zi?BRa%+zwRaErj?}ao&mixBp
zUEP27D9|Q+Z;qz>im%=mcry#Uh5G-^$D|)OKryyt9M49E!9B(f#j!1@-(2<;By>S|
zT}#7kOL!0H1ufbY^&&MWMNP_HJD}}VrU2dj=z!6>nIfH*437H%<Sd(OkJZ?|c}Er4
z6U0saXt&ttv)TQUt>Jqk!S-JU-D`|M_%?^#j1=BCk5_nB$u4-G#hfx%R}@W1h4R55
zd}TWuw0o$Ua1C>Mo`P*ZNo(WEnx*}Aa|yEsWVdkKE(P4B7*uuo4laFpKwxG@cjKzm
zLF8<PkHO&y*5w6KjJH&E<zGG}xuM}(A%S`<khw_(`^j_xWU_=1pe7MQ#ARU{HJBM0
zSs#D1oH)Y6Eq5->5`aePr^-7@V=KC#)Z=ec07%SFxB{;(OobstAE@^sBI#`bm)O2t
zhU&YP%vah|?tC3a{X5uA<$F?Vlw5l^-q4oS)y3A2wbazl|46iOl#^f}62e<SoT11W
zWv7}eup^-6ObD$)TxoS&%YCbS88)PiKner(qP<W5sOy8#L-keRuii6R%DD{Z6L68!
zd8!yS+P4*&3xIQSEy?Zhz7=_I$Y0G}XfEe_-F(&WW3IYKUNmCz$Vw<7jDs&l3XQ&o
z3o;{kz(u(zL%_-}*SFwy9;icMY#gwF;;+DCLP}td6jQClVXv6VI7W@j%XIjl_IfP)
zcOwHy2`K`<B$h5`hIly=aV$fSOAMnpw7nB!gPn9=G`Y4A^iWTMYZ<A0DI2*qjXx^M
zY_81r%q*f9uE;R||1@}==AQdh|LnDo?C9jC8Y?5NCCaYN=g*mIOwO7^*e$;!S);lr
zQAANC{=^)*zALN)Ztfu7U6R4D3ns-*PQ%WmelK{GnfVH3hy|AE1!diVs+^#WE<NVU
z<d`$_a*sGI?1L;H-`BW6^HtxAI621ptS}A+!&5#~S)J(nr)Z*Q(p1=72`&Zz+jW;X
zRuAs)+NHA|a4Z4nwc#+Dh}R8`BWvq^omUEsrZS27G+nG(^>NWXZ<z0#j#mVcFC$J`
zu~-rwtF-)D5NI!$($N+Zh)n$`#iolbubCL#c)uBlgDsIy+zXJ$kWaq}ce&ssq2N(5
zrYtMc`iFh1@f(-1oNIp(Nb!+F2q_iV?Q~ozMMN(Bu`<{^iIJDw${YbeslF|r-V3Rp
zDf(~b28+H3@O*8^M=xEIEoB`Rm8)f2s3Pyt@)l4Pm7FOVGxVutAsc(41&4*{);@S3
zFaFdKpvg`G4e6q4H)2LwpQnXV%?4s@OZ~diCJt{E1_C7IKF^|A=D{V@dpIyn@cphj
zKT5>rn=cv%t4bOsfRk&N+gE?R2!$KH<j~gr_@}s}??v5XY$_IRrtm$f=iy1LXdqHi
zl4$8v-mgtZ0`>{|oEX-B`Xw!)DJVmpwII9){X-U8Eq3E_b;!bQC))DqByA`XhXid>
zg6(eXxwv-Je5jFZ;N7NTkzp`WV6v%xi>;($F^q3Zc~52IzQ-|?5(4ki@|kLbpqt9S
z={DSacJ8yIRjE{}IuGN{=)lf+<|Tg^w9s~?Sb1WD2;N7EB#=O@w1!v47phLE#7AiB
zXX>*j`EW<uJ2Yg9En<NSkXqR3)@&_llVSUgfFBh6?7=?Gv(6nvIc!de#nkGf(Srsc
zN3;`xj)~bfl^5Gazez>pY-9#VBPB%@28=r(Q(L$0*0DpXkx!lsbhI#kQ?_WaGVArM
ztTs4)%J~aLSmbh8y#v_MJO8S{$u=+=j5U6{gC!o=mcDlMIn5G2)E2Wc`9D$j%fmE<
z=wVjz)}XQRTD`~39DN-<$@lGueMxl1TfK?^+C)PBZR4HuBHp1zhfZ3b%>|0v1hB~~
zC%Wp{=IOuSC}WpZT3N78%wGJb*w>IJOB4orn!)0syNlWqc_!&mcv=ez)O65y(vaAH
z+?rt@i?*2LCXsv85mK#!um}U0CnzPAEg-?B$p+ju%=`+E6zHpzlwsEA-$9?!Y#V3I
zN#eY&TBSxhHlnj1m0vz1KZ$*I{whdRxE{`Qr(*-B{w85lP&;6I*<YW?p+vql9thz!
z*p-1P9D^|DRaz>SxrxLMpr_UcG{F{ydx9%gASR+`C!yeAiRy5*%@q&fAv*uJv{u`{
zCoYOXWZ0~`CMKC42y^6#%0rV{A3f+jto(IGn~0KY@nc+x<*0$|>j`ou2?H2n_H*Pj
z)9wt^VZj;1yz{-rf)}kZ0C-+3S#!fXq*qC}^~HZ3xptq9Wk%``#pzB{zS-T(g_>|#
zu4}N<+ooWbU2Q#H`B6=srANA+F=oiAjXL}Gt{p?{*QZ~~*|>18$r-~B1|A<0VexUK
zXMS(vHN(h#<lZ{**}Z>HjPHngC^_C<BAO)MT|*)P3p})GtQup~lc<)ZMgEG=<5KyA
z&pY%>6GDYzP=^XnSoLDgMZaE&G;6wtOKm;DsP#1Cq+uk$AtF%sZ)L5q<V`wGH)F;U
z9@J}+#u5bUDCkDkB<A$A2GElefK+i#j81O?u5MrdrP2lxV}}#8rqz{Xl=mMz@nXrv
z8d>q9<Gz%u#9ZE_)VpK=Ac30HHPp0y!4Rgux}-{9$Y!?Yfv<L+>-!{*e^u3)0B&_4
zW+E_XWjmGuw^+^;J9GC^+q?JXFCTTwJ}@)DH-RZF9SwD61~Lmqu9Gn>2h2)BBqP_A
zVq}hG?GwNjVp8nR*(FUcX~T$*@MYPDJc|W2MvUbd)>jnRai-luahwXbaDV2#E&`tE
zC9Vlj)tqii3IA6L`N-(4k|};jhH31|aPbn9Xyk@37Bc1O6$#;8`siI?wH{okZH;S_
zDH0rIby^_=F`zfB2q+^(&4MuBk1k<kl#<9FOXag9QtzJ+Z?cCglcJ&X@9pE!(VVz*
zH`288B|<b_l|}@j4ZYkd=kVu%Q1o*!_zQ;grBNw7rXC`71Dp+_=+cMcZ%4$33zx4m
z3j+sC9A(fB$452!!qL~E880*iQx_#+F+*}L(`7?5pl3{49=-EIl0{{fjbaQKXgO??
zYI-wc>V=*<)ZF6Fb;_Ja;H51oElr#F0|g$9@lW*IKL80z=5po7<5o@`-3-LOTC6?X
zP}{(aAizo~hK}Fx0s88H*B^nIrATqT$(Qd|{s0qL1JzrqU1A)td)bHQId^335n%MW
zJ0>5CEAUn7>g%+7I|PRm@0S7(GMmDsgTVVztIX0${<U%!O8N<ltR<BiAKQ&d$~ou|
zZPLU5V%evEMMB^Jq@v$!eD;pZA`O0z2;*#$!hbc`vH#s`DXWP#lF*xbGZK#ZB0DWQ
zrEWOsSFrW+?8$kZtxr>Rb(5^ju;^7vkm#3hn8--X%<_SrGXvYWu!BA+7iS#r*KwHC
zpWO!38tWTB`=Rd!>{%_k%CrnOqz(oko%D#PAxYztpl`;t5(<;wj;wwxw(z-pM%2M;
z?Pq6z&>*H=MowD^6=5(o9k_l~!T37JsG9+#VrAqrrNx$AiB8~C&v^UD=!9A!OeqD&
ziWfuL@T+foZPjTMB#`a?>id7M9oE4$NaY`|y@&at0QOr|>68)n+WZi3vwZ|*izZ0O
zgLmE6GdNlJv~tt!c(TOT-4otd9AY@@=&*9}rSUjusTFC8r?mR3b4MEdKjhI;1;XAc
z7)(r^7Zk?q<sme~c98r_C9oXDQ;O<dCbY*?cfnobOqZ0{;=R5}DJWVYFT*xERyzdw
zZ=(olrfuW=c2E-B`aCG?U}FFo<f$AqRELw(zO#Byhp{pjZ|d}FV*Gp4*&-}9A;Qp$
z1M+hXgNhQ~sjP1)VbK>O;5RQY860DLscOY}Rn*nJSMvM}vnl+W?Ze}6Klm2oxWp|%
zh<|bYG`sV>SxU>T&W9F5`AY?=fdnJcRS)rt?05n;sH%T-1?IU3w)s%dgG%4*&OiMz
z`fiTZik6-u2@4kzo^ak3B+kr)c*hr-&-ql<zAYi2vroMh0${@1s9ok{1f@oqF3#^~
zueE&sXDGm)K?TQu(Q5kD)uXVo5pkCF%$lS<F6tI0!16Y)#lq>7WHjlfdzPWJK^Ql_
zmf%?SIqIPi28Nje{>wtS%6_1TDQ<|~`Yt+hKg0;=wQQ}j5yd~l7GvdpT$Y~&(*kP<
z-^3I_CIK+PvGzN~j6Q+MH$SYCj)7?2btG1zit%o83i^Z48DzrpZfZ?(p8O2`w54w_
zh;*^l@SOz({@Zhzr~HUDOK=P_v{z^@fISe$<h43FMp_hbgSlXSSWL;}QB=)`B#9sP
zBKwl6<Z)sm17LE3KbWwjzV{^WVg82a=A<&COtI~=YGAy?v+spa*V^-q@66c9Qb}VA
zbGG0VPEFk%VHVFpo!K8A=z^pmjkdbhQGZQ!J5H-iVDTnqtX)SCY~q`z5C32sfF-}m
zj-<>p(0l*Zcj~a|?@SPEIGyrZL*bvst#T9>+SR59OnfFsWah)9pga4_8q{~nepa6>
zT2n7jf1QPu-6c0E|M;q3fH8_smUFM?M!3>k_$@&Rs?^qB-wEeXr>f;^AcA#()Iky0
zgl@Y*BGjn`z`$Ti>#5X_NtI{O__YLa7zM5M1oFb@EK1*4`z(_#ufdoh`<#4#xd^D0
zkQK#Gsm+V9iKY4QV7OlyZDd$i<#3^IiV0cgh!GNB8&4$3fFI7KPEA=*Jp5l4g|UPT
zZVCZRpNuYa1|Z&`tYMg|{T)<5yc<P7sh(&Kg7#|*K+A52;RY3q8QVWCN&kqs9fG|B
zjHjy$q_x(Kj3OFlZ;c38fY3QVyYYGB9H!f`rLstl-=Pq>3BVRQB?Rb=8|2hckC>1F
z2A2WC{Kl^&r{kVkK&e*iJiHcl4x(I3FVPu7+Z=!iO%zvQ0GXb$J%3BJ({)p4iXDce
zI%E_!27Y&O8}?xAdEdF5?lx>Mu$HqKTCHj^s;({|pS&QT?Pen@fE6kCHft-_jf<og
z|BjDx{NGJ$#EJDy+_@N<8Q?#TVSjyZ?gSLXz4?)>%oF!i;c|=utOE%jbo%!Ofd&Ax
z7_9bh)$feICtyosYWR~{zvQzu-)31-*YqR&txbYiEg>xPL6|O~?ki0{@&qFk1@cSO
z<j&7hrJFK_u@8_a%}qs<7!zzR8&QD#&WuVhl0V9h<a6j``oFC3g708jp%yDz9plFF
z=6!-!c9CkI*&K2VqGX{^E>y7`E-W9T?v1bZ6vXrcfEA9@E13&%VvP)&@S2z<i4&&Q
zQ|b5dSgm;ox|aTjcI7C(HlCeqv7QH>A4~VfE>ppi=`^%ObBD%MH0lxa_Ptw#H7lQ<
zu(bcg!mzHAM4!6cV)j0^&NdZDxnhfmA&PMbp&jHfO*~|qP{e5t=uHM_Gz9#pUzvO$
z$qyZNHShf*7L64^|LKTABPjmR!{Y4vvrEC#z<0$H34${}w^FI^J#mAXXm6B7S^)rd
zT16R2?c3K6d%?5D!+vJn8s^HjEvR6Sosj{}e5aH}k=2y}(UC^%I2*`-f`Exu&`f4D
z!YI)nwPyXQ1ni|Rk90e4#6IG^?L4ol^I8)3J2?w=gz#bQ?a>gez<yB|geeUS0>X*P
zB!+jkpi62{#*KFQd6?u4a<giEsj5)tLE+U4FaHQL@Xt`o_KT4c0%`y`R0?#3vtmc>
z4{hm2zyIrieeM~rurRufS>vS}oI0u$qRg}xyss2Tgs%bga6+9~J;#{T?y;<qt?DNP
zhe4l+F;(F#!w}7gV~o`zKhX2V(j(&Uo!wfRdYSn9@ai?)Ibm3-q)%`yDwEAO)_)3g
zLX9Kc6OFE6m5GB>hR5uyvla}48{FQ*i3>p_i&VhwilXe+aqmvdh$}pp@Q-jo$x3A_
zHMPxC8af_M`JG@lrM;4YhR<iZi?0&h{nKSU1pzoJGlBUR>G<|K>R-UqkwGKqPS0N_
zLvBd>ckDHf9uAnyE6k6Uu26zJd?Qx-UlhiN9YAy~0Ve(%CCn=%Hmk?bA2){$#}8Lw
z4=+yK)vK0(S1;v)d{O5?%%^A^;`!syvCFHzNK3tSFR-Evyd3$N$N|VI3K1-uqx&zw
zf3U57?&qJ-XH$78$JjmB{S#xqw|j?*$WKgK5x>nMV8r~PbDN;uyqOVxZ}?zw{FDYa
zOrl?i@;ZD_=Y{f4Y7AZ6jN*{bM#ZMk8QzIQR54g+N)3D-E32VtIWaTCe&Rs&&RC`p
zYehhZ)<d5DaXUW`=10ol2vK?`Y%ny)R9~SCh0$~!$1{*hnj1L8O_{t{FDxB(e6X^u
zD#-`?|MQQ#N$6#!AqkpJH4zd?*lc1vvjhhZU>}R|yA{WF@4LAZzvPv(@NauXxdwkk
zzWSt#I2Nn1lzWgZw;b`nJxzM|aYAH($tdnDZeeiF_n<UH!LXq6Vl0s<gf4~x>cbFL
zYfK4mOj~NWKg24x*R{;7jyHxFlNjDs@18HPAdqCiG?l3gZ3DMqF%Q2BFKYvvagvH&
zo0Fk(Z53u(e}FU(AgrDNWV=8ez#SwbiWZ{DNjm7q0A5c16r!%%tM=fwigUI5sA4|d
z7!>W$HY(CF*=-4^E;{wdW^!wmPLBNfX1GrNHy6!|C!AFjinerY%3|YT@Lhm-Q~sv$
z%XaENAA!azzrr6J{!6vT{xlz>G~ZK)*zhV&F~cbds&`9L^84vga_S%i)d65<@Ivht
zAX$dg_MJAj>ad|_5X>Zq6i*l;TQ<oF*h#7d5Ei4y(M8-`{W(;+i|M?5M92&iaX)TL
z_kPhj@Jc5T$C=QM<U*@C?!Th4wntUR#Y-OL3MxS56s&Gbc!N7Aa)bDzh8{JHd%bSF
zClL&<gxLu0X8KsGpK|aNs?y=v_A+(m@2zoTP;Io@ys@M6a@|XkZr+|a<1|udX{YM=
zi@U9%q_B`aLq%nb78~4;i75pzf;VM^=pxq~X8D8#A(Ew6v10}hq6Npr!O0(q$7_dM
zYBcS~Tb9?9ew<E{K9!AFonpIbJ>>@U8}!n*{MbH2yXkx!8GjyJXnf5Mbk=`a+3<Y1
zwUr%<zOZJ58=BYzLwh2)l@KR&NnQR}bp_7D>MqSRyC(!hazu2IrrZrGElMn8{rq}s
zu?KC2J7sxpA-x)p6*q#{$TydH+~;<dFLk=CVaXq@8_#3J%{EJH5hV*W#s6gAjuhx&
zd=R!@{`TK{x;Z%fNwIP<-FZN_xyGQXF~!(Vb`X<bp-(SUVxs6krAJX%#*D0!Y~Ec-
z1RD(Ll+cn7V+Bwlt2o6V?+QbZ8EcKJ>IK&mDy+G1v*xTd$YwygeMmXGG77Ha<z>|i
zuGF<RcWOr=8BZs3L*R6ZDZXy(9<`>28Zad+RfiKLD+0)w?EKBli4Z9N=CK$d4EU%Y
z_J7q~^;4VQ(@h8t#fwv1OL5m=#a#-;-Q7KSaSDavPO#!F?q0mOySo&(H~oD7iZ{PK
znaND<efFL`yZ6l54USsv3g{70cp7tPPxLrB`3na|;Ca|cm$0SviM@G;FrDXk`Z5<o
zx@G@26f!yHmyu~5%Z|K~%LN)TTy*){G?#Fdl(5tpR~?mVD8_#CO7Hfam>c<-n7}(E
zRdsOJu|Jh>bdfGgmwI$C8)Aud9cECqN2hW=`3w72&cm?nSj&pBS=_#1x#bvn0SytO
zuHv9z9ZYcy<4}<wv1Fl_QUPXZV2^s<=vI>A>Hz>XxbjEbRrAG!dg*1L08v&4)^Tb$
z<4b`#_bX2>dqtK%D8|nGTEVnhbM4Pb+d4|vxPp36UaA_Ukn4u`Rr{lI;B^tw?pQ|Y
z`2D5wsam9Wv4NJe>?B@Mqg~=^JE5#)v=bp6P(G81ub%Rwy4_~ZWm<IZt@|G{Az2ey
zqI9Yy^n9670XW>|Jh9({6hEG^brHzn2BP?>hn&cf0TK;hLK{v%cQ*~G?E5Iul;6`d
zOM=-%4jvgW*m>FOSk&-#m~T!kO6g70(n7u4|LY;8nx_t89u6VN%dloZT-Tx^7H1;-
ztE!Hci_bR&FO5PdM~M~n+R^5S8DAza7dW@r@LPd{hLR>!5UAROIw<v?0>6mKrea2}
z^gGk^?9H^gFQ0Px&9qHL$LwM0o<;>ipQ{hELHq}`w@MX|3W8QJ4Ff7XazZGLYtBO5
z+0pI5s&B0&2MWq3?#G=4%%tCD7UPSLzH<%j*ZyY&TINHR=CWU;g2gPRUCKC;(jN#8
z;%?g$7i;X7s{(GHy2Qtg7XQjVv=ZTZ9{t%T{}>~BqTfB`lotBK$}Ct%@%xuNFgGK+
zA}-q-r*JrZ&0I?y{WImcKF_KG&Yl*;vv*-ePy{9{WQFQjQ4(pz1j*CZN2ED@-vw{}
zTFlnxA=aLndRxRolT2i3NRm#LjT#2Zwm!W9#F|J3I%yS8NAbR_;->~5+C|)kZzZrm
zTuHZ^JD{Ldh<$ysPjp4q|A95|Z(ZPl>r)Y7qrbW36Q2gYc5QJHb%|Ig0^IJxq-%)Z
z2;=Kt#HVEn!^qMhOGT2~r6y`b|1%`s534mUeTVC4g6U_}Z0%&`UD(81_Zn1E816Kb
z!!~2@ub@wexgk1CW$%M`f5@{yYwAP34AjyTFv7fBvB>HrlYwZ6e9~$|ve)prgVx%W
zP9c3@#vIRiUJ*>Tt7-#?f1L_M#R={gNP`PfpR%jY-7i<wdbj+^hj`kyJ>WOb_4?{z
z+_Pex*H97!x}l8&09d8NL_$4@U?rO}qqOy83Xol}6Xq><#2YL2;Tu#1+*a#dxGzO9
zLBzzGI2XBQ*4!pq+5AEZ<3#x%3AjYB?>fI{{5t9TvTjQ-=3ll^<o?Qc6;<UoGRZD4
z|IyYxTGrx6*nSyYwoYy^ywW=OgT;W&H|A91Z6RR;OEw`+zwtfCMne$LqEihgH_C2C
z6SMW;`>T%xOUcdHsC+xgcD0Zdp-EGEo<n!MuoIV~kX{MA(E@Y+SH4L({BY~wCV7lH
zS9@hKz@oP(DuA!M$E{b$JY28Z5mK}!dKJ;|y0>AX>JRihNObgboa;(KVbs~`LNfBv
zuss2jBGnn;_R&HhMI4?LXJZe;j;-#S?X_YZ_l4Z<Sr|$jAF|)c(daOzP{GroPrbQu
z$G|scN-Z)mVyuEqi9x%=kf$KaIS%QEXmcrYIZ;%vBci6!hr~vp$Xl{aaVYG;Va0jy
z>wQw4a$}2gBd`lAvc7TrQeGkfMnMw)kV;3rP(Q0~aJTj<=+&qnWcYk~AF^c=Y-vvY
zXAz6Ni!9>VSCKRK=<^;1aOcXQn`KCJ)pmYL2~OB=q%d`_6GV}T^2cnQl!~DNU7R~P
z1*Mzf&qROZ&W`Kw&R|+(_^l=W6)H=ko$*p8O2L{u8DFEtd}{OPub%RyNG2q>Orq&p
zqTdPwD78AsDJWkX2ss(qgO<_P8s2;=*2qLQvO(m^sO^vW@qCgfKlWVVtMuRI3<8(+
zB~tnQjF`HC0LL1bU>*mMr(#T*mhv@<9!q(MO#!XiPGXN4QkR*V?Tgsk&W!?sSAu-x
zPYvD9e|p$w*F{uLd-yxX$*OZxr0cLSJ<K|5>vYA^;_`R(*?x~WypK^U;Ae~gT;?h9
z3N0M(km#VCW7|E+cmF-XXaalqWBc9)4B9|)<F0!^!gS{^TC>3mF5?uk7*~|e(32Nj
zXz*uLIhvu$wo599^8}k(<0<@)-cdKqUyd2_*dpMU2dHX7`r+v`bb=CPm%<GI&<sf5
z@kfjlG8!6E##00~vQPp_Cp`yw8K;O)r<;2cA6ajAsVpwHJ5f3el4<+x$KYZ7`X-<l
zlO>#xvN1N=GW#yD=cf@NqMJqe!*(8$gve(&Cr~sCN@^y`M;(W%B@)iu7|IgM(iR0|
z91fm@sPS|ST0M0Z>9G->lOL_OU81`PnEF-gn|0&bRni54ggj6O*OOH2lea}dJnD*b
z(8bSE{Aq>wv<ZBu?^1+aIjF}Oq_CWt_SH5hRAksF*+9_D{{6*E%&|(wmLB)275Bgo
zQ+uJ4&Pr}mgKdj17#bEW4?6rIW^|xFHrF8G5U*grP>}lzkw+-CXKJSXovOGFw2Y2%
zzu%OVh})C-{$4+j0biOQe?8!(GlX24>MK~?_Ly0b7v<uo1$4|u*Ay?N6pH}?6M@zu
z{7vnoZpXE<d{vvxOUwsw0Nhux5WPtpD_vit+B7ac!ZCrBkq@-T8NCKJ$j~8{R8jfo
z#pTlO9NyM)w?cQ3-(LBW)DY_(mTW;4aQkD9()<#*51C>Q2!Ql;l8zTlV0=&n)d7OG
zRP@O#ew(GM1a(pAS>E7o7+ng<ek=$vJvotB^FLL7BWxeow*13BM@9WJwzYj4f+9Um
z(Lf(An?m`xb5J&NXA3EV5Lov64v67E1oc#(jt?mLN2R35mW!d7R_;KXGdWd|V{nWF
z24^(Ht2s^Em9Ld*oChm?gPqstCS+gd_ZOqI#K88uD&-|Z*4+{yNA`2z*a1*Bm#qK&
zx^b5pP6<llU}s`tj@RwfHK@gr#nJxBLaMc(aGDK(h$Vq^hWNq^ih@!zE^!8Y{!L{{
zxDHT}bJ6u#9mpL?yDSyXLxo2j7o&qG^8>h;Yf=e0Uq0aQ|Jp35t7<&cuDEUi-Of7(
z&^me@cVx&mx>>opK9)*ip(ubt35>u1Q=74!hE$Xw#u9e*|Gf?OtNa|Fqn^mux$4^v
zE-evmdHBU2I6oVt5=KkbOWSfV=a+n0fHEFwh+I-#KTC_5hN}cR%vNTzjz^Ujy#ZG8
zL^R0?A+8n=-O&sJbshQGgf89LJD8qZy37QmZl3UZ%8;}%j8JP6@D3P<<*g1C3vST+
zR82A*tFteeT3Vbk%3KY0hYpH7_761A<GL9J<f1<~wi97KC48*USQrCLBDvOxYEj3(
z3D#TSp^yT3dKNj-CSjY|XDz}60x<e#K+zxqX8H7pk^FcZZr$aGtk_O8^%tQnFtg^>
zx_`$w-W9rocI*CI+H7r3JB5|q=g(Gi(^IxdQ0R178vHnC5>_-$wDWqDH(&%JbG(K!
z0+?hk_i&mq4bu%MhTg26INW1fPy$eK@fEZul9^2oxTqM3qSC{<m?7uuG8f26?<*YC
zfcQ1AI7|FSCC8A&|8+1~6UAXL0aJQ3`}wG$2wSvidoAFhzeexK(^uGi<t2uGu1)9u
z$<V;x&r+d<%TwZlGT-+wE-k%}g36L5jq@6{;oU=NgGlDxq2SVMYLuy3FngimI@lII
z-DcjpbENX`6dF7_Z3=>8njKhsGT^-Jhz6kjYu6qTfE`AkW<{bF^}b{I-ZP9CV#5(+
zCp3E<{nmD%BEzGi!9fh2?+xW!1T4}h*HG}#P&u3T4c^UZc@+*op9u}vf>SdoW7{K6
z%ljkn;?KMCs%*Vmi=9SKL%rnXm#%!dslv)cj2Z6p_4rnoYNT%|2yD6eq&ORS9K2RX
znUBur;>+3+p7*ETx%%=dcs88=ix&dw-$LG^W;`aQ(G+%Or~h#$@s*P@Xfko1m`Nwq
zH&$HI?06;(!5yMPQKV4=v|4$_!yVfq0fbB^)SW{SF};mvLWVoI9qsHR9u3qN>nq-+
zDjEn;yxkhgoZeIzdYSk79IiUCGN(9>V7DR}>$du{Sv|yrxL(UJ9LoYxVuTr`D0FCO
zWxF$oSN!b;*|j=Bg+Myj5w%zx0FZI*5y2D~kW2lGVpvuz#G@Y`?@je4+3_aA)a&yG
zxxuT1XYQ)J)vG(jD2pYnxm(~Q)j=FSgN<b=tI-@99+erC2;lelz-qcdRGc9Fdg*C?
z6(<2yECY)h4}P?Fr$iP0w1&Bj3os_$u1Drb0UC_+Qc0{gGb|n|SrU8)(8vZeEv4<8
z?m~;K6FQwnd091Ay^6)=S0)B)s6L0(gF}NUjYU)uE?1~2fn~PBH?D#<=U{K0#=3G=
z!52lDmNx=7d2|LBc=k=92@K_IVTXtFFE{gIrz76w*}8QHGwPP(R>vQRXb3-*5(@<t
z2_$Db$@wA8=BNv<ldK9~>%U&LWT?jqo}m}zYo<Z9bSK2sbKhE^3uG&Mj_aBL=zuss
zIWM<}{YUqkW7EPbT5?ovdEP}oKT%7)12%@tnI!P*iY#7dwfUxx%?u+&B$3^q3qsZA
zeYSpmV$rTW|FJ*xwmjr9IJslKxo*c7@r{c$u9bs**g`Bu{&)D)bSXy1TGp(<6rZWS
zJ@~^V9IwrTj&x`I?L@>NoC5}?`xE~$&9`zN7c)O!`Vqz<smP!^P$$#^caX#Qf1bvJ
z@vPziUVsUr-SG^<9M`eGK+jhfT4!NM>l}b09rd?D4Q0_JQW&o)J9EdyY~-gIgi~3E
zS0hzT9tqG$aEb0fALu;)Co{yU<VVS+)A#&bgM6om4J#jl?XD@dsW3T+1_gi(COBNy
zKn4abHrhwr{Nh=8(b`U9oXLC09?b2daGmX_-Jp_~+dHv6O@#+UNm)TSY&Xxl=I|45
zD_`$dMr-^P(Wc%hO0r}yE~dnlcu2s}p?HIgQbN@L6dGEmh>(A$;q`t;|LoeWk{+aw
zoa?l%*7;4J{6s+TU1VHp;MfRxOXX|Z_{$0O0n_uf108oL-8_lUB-{I}D-u%b?r^_A
z+lwl0k)E7d*1B6?)kefhQoCLgtNU$K5Cegk@{6QUP)uUjx=jr~16Ke*MNNl+$QRL5
z7J^Kg>JW@f>V}5}DHWgkkO~b7lCV+1$EpcD3;2?sTKq5sDyhV%6LfsU_r6K{zD4p<
zQ=~^v)%iCQ0F{RW+Hjbeqz3d`+p?r{?H)z6RFAi{I?oQ?&aI?K!!0@+9s-3_K2Hi`
z|2?!gu-3iM#s*A$Kw&E`<5c7;DcYd}6oP^jA}mg@;b<R!L~_1*@Qwf5PGVvYz4@P(
zuTAEpfrg$%WA8uxzzBGn6?Cs__tCN1j_wex+dSsKx%_EYt>WRdCqvP}?N^d-!fSLJ
zNtkLgW9rzdlnsl}Z0DKe(FJJRP;uWn+Mf?VuNvo1@-t&|JcFm-wF9;)aJMWouLovj
zEd1*1618<h%Mg(wd9Omn;POw1b((oMB*U!C=EE%GU$K2XujC0{&F(KBbF>?1#)305
z6?MMepzlcPzC+*F3nXZMNg2zv#2p;U@<yxNXmLX6q(w+&;!+H;22x9F)To*s{_x~!
zA7xjqy*?m?V<@6i-$B3sa~(|xc(S;bmkdHCgBQZSbR%3Tf|St3)<Kp1_75UXpZ0oU
zi|25WEho7Y2qoo3nVumAJv#XCw58*cPI^+ZJ`mo@T$%d|LeI!`AH)htD=gSH`fL%A
zR;c=r1P6S6^W?Pu7Kpb=uUz>!3O)JIQ21s_uEA3!3%ewIsyNGY(q1+<y0O^ysaWHS
zt;79Gth}y(Nr<7p<s-Q+b=n2&04^_(@6!M}>3}edvOH2&*Bq?zir>?j22F5bY4#sX
z(Wmy5OFJJKzMzG60thP+^L#7ia4h3U2Y+f`rejn`q$l+QWP(_LVsj)xWx2!)gUO!^
z>k9{7f-wHeCKL1l7o17e8Ll)=a48^uJe(luq)Nd|W;g~^Wr{zsM2*=&;>hT-L*9sd
zjgHU1k*odjC-zP||BJD;2JV+;&9Kx%8PyPXEp#=dON|@%HXXkAAqjbdS5Rf`fRpaJ
z`nJ2>`eD(<IcMSbj0I(5GSWgIL=3nZUI#ZUZ6yo}5E3dGsa?Fdrci0eia$SvC~iU;
zn<8%SG`sy}BMpj+-K}&BLS<pEy;laP20;6EiuL6ZAwC(iLXqcmo_}eZcCrY+>-U^T
zQYf-=PeeHZ0P@>3!t#}vnq&a89Q_w<;udE*HU$s`XhB7xLWtj0qeOnwZG`?=E2PqP
zg6st6#pz~Vg6I-Ej~7LHrE5VAzRu{J6wb#o2xsOk@i$H!V;@CE)8c*5kmd8<lCLGx
zMXzy{e4s=Qqu14HiuZ>y6^BA~u7c};dMbr~3_x3R!7%VLt9-6PuSQ^gp7_4<@v(3N
zicIk8`_--N83!u<eI~!F!$Gv8bERTdeWyUXo`yHaRZR)HDAivb8XitYFpCH}Lc-#V
z$~GJSf*i_JU9gdamZMX*ak-i~HEABb!y9VssUh=pQdoKV%rKyH0Y)CWcry*!*PztW
z09|O~{Lx0Yzu>DaL!D_u{KndB?#Ypt_yhtNarlz_F>4AZr9jU&#*rAE@RI&UF6{Bw
zF#b+LbYLGB_~YL{h8_9jk7X-dA2|0;_f}&Vn?l&Q&#+?A-?MAp9}$c-5dap4Z7XY%
z!-uUTHzGgn6w_-9g#2LO-x~i4czd$NmH-dNWB7X+G%nm`{D@YaNf=z}5vAVEW2MO{
zJC*&sH#-ySXL<Y$CGfj8Ohl?NMI-y3fp}vA^ZT0DQSYi>PSG&_Fz35~%RFCCZOl-5
z1p|^DzV~W4!E`EMKIi`862wUzgb#lRaccPTt%;(_7UkhEvCTfD2rlEBw(+An)0}q5
zMTtr)tfcG=F(quFOx!S}e>R!-XRtYm9s0e&X}NMSDBSQeYY68il~XAmEw)RcA;M#i
zn)xHu+awFpcDh%ZIt+A53M`@S68cegTy+5&UDB%5CbL^?2n>2`hm8T%jBQ=W!NyLp
zq+c`gacEQgrnLEc^jPcGe_nD(;_rxAemWP-$YD#_)Oy#uvo3B<=X4?!Lj@%*M#%1n
za~wnVY~j^z)ixS}jopmbNsqKsI^M8Z*&cK9KtS$)nZ(I@Z*jtZ^)4p7I}%?7iVYWg
zE+wBEkB0szQ;gSZD$CVSU-03bG*_A=PexFF1~RhVDW4kY!J?r_Rs@>7>Q~v{GQFEt
zalI2MzfG#duy**OG056~iElcRKgK$W`k5e}*F}ivqrlADHNsKMA@+YWtzKCnJ5sMi
zUoSac@!nu<!elzd@&0B9wS6wI?dj!MgbP7zqIoa!*y38DnJ{LmP0U5FGDEvmg^bb|
zUgaIEyOWrZ3UlR(W2WT<f{~n2gWPnpW~aFMDi1;3mSdy>MFJY4g&Gf?$<ZEmMQCu-
zW_ppGL)H(iE#%%d#)kc#zq{-59g%xZOEN@XdF+kcFDVEhR4!Sokj_05j4(FjBh8Mx
z_HNpclzMH4G%Uqom51slxQPPZ2{P0be<|LtnwpYR^<B~!?zyxn;?hDvUIJ*NrTMP0
zud8IUp#NgYRD>ai`tR?7<!0ll141rTs5#8Rf$vkVW`h*v&tOugIb4PvMIM{KU*0$*
zjqb)YbM=JQ{zM>Tieh?hT!r-8;W!n%Hm9FVEgIIvv@RHK@@aAZs6Y5tnuJ*yXddF9
z-Hf20drtQ>FV~Ge2>mlrz14kXIo@c0TfgFaI}OwH5-;6;krBtJ`rL94{hZylN-#I&
zebU1#+D7X<e$4)f%w}0wIp$~Bdj=VZ4wm=4`>}(>>Xy;p6*1K}U~T}z7Z9?Hkk?nF
z@#rQw$;}vU>?_%_7M_K^WuM*N6f<S(W~yNiyWZ#1Q(A7A)ha${f;lB=c#+qBgLQVz
z(~JN1CC&i1^B?`A!Fv$rn#9om1wi(e6#>7PW=BDE4{ggXr>6!)Yuy%RE-y(Ovj|C?
zAA$=l_6{xbg>7YbQxHb}JbrrMx%%=g!h*;n4lre8@j*?b8p_yK(SDJOO^QL|!WlsM
zhMh`0r1OXr*2$any%8lz*f&R=>hvA#7W@*`huzHu`BI|PFk;U>ND7Ep!DsIM7w#@Q
zQ8TQq^q*FoG<U`vKN6D^ClfJs_m+~ewk8a47BwQHcQ<2+@4YK~&gDu7^u6#4i0Nmu
zQ{yEyUu#`2F5YQ;^lrKZ9<*x1VMb&15~gZtCXw<yj|_Zjo4dU8Zx|P}KKPYG`*)H2
z@vg!XW;GU{2=KKZkIae`2|M?JYc;P`%MaWfdkMP2XBlP78^H-?E19ksGh}Z(6~%7M
z?-P+4?{k070+3r4={&Z>ra>5K@PBOb-VnlWuFV4jO5s1W+{C~^{&7&b$Xx*gPtV<$
zFAzL%uyb<xtV8>O4C~lGyp}#~x^7^VlCON9!Q-#^qm1qk+)!;Myy8#V0<VusjTfL5
zthhQB4s^2cJnHPRT{5x@$<+;!oLRR*1&}~peC7oR;3#jx8Mlp*)j(owlMkWUaiY++
zs8Ls1Qlq?R=%7Sz*)rRm4V;~@g-dO>vp%f>YqO{haC^k63eJ3@@a|P%Qoa6Zon)xn
zY**9zuY*1IfZ1-uOIi~W*cL?MHI-HNqn#O;>abWfN0iHie4)WwGrv12tA4oo+l@@6
zbrG}r%(6e3GU;oC|33y89njkPOGs~#fl*eAnQ)&LKI@Cho9yXoNqt98_~st}c;N{Z
zLt$&@u->&XC4PH(Y1u&=pt<bVaiVS%G`yP&SH0lF$P(=!n>vh^jiL>^1MfDnj|f(Y
z@H(iQ;OY?p4V^4x<<wRlm(>~Gaj(1I5l=FKYp}I>IrhmF-kfQgk8aXvuSWv2=NnqJ
z3STl%;c=M1g-Kjo^~VPwR<|LC4h_IT#Av0r4A0nWPsRVp5ZoFb@4WkET;`!+I7$Wc
zsw>urIP`S5H)1f<>XKkOxNzi#Qg<~Dou_d|jFIRrv6l#CCYigK*R_fIlGoL`a23z|
zzP3+el=jVAKIz^?n9DZw9cx9>r;<SkRzdy+3S)_*C;CgJUPB+k`VqO;j3TbammI`H
z)R-n%x$$0)f?&TK25t2ZhqBSWFgtSTPk++^N?F3N`4kotbd+yLL-{l*)8L0`CMo2Y
z9bXOAHLc1}p^Qc!Q<8}fm;NOnK<=e{bo+YqD~qHFf7{c~)&evQe%6OI-7O@&EK!nz
zkMZ+PhsQ**fQeab6mRMmDWt*s=OflOEd&5AefA9p3OvS<Ys)G`PEt+4=Pr5RF!+Ox
zmzLYp=&<AH&YRHg$hgFWWHWf#-#WzSg{}kZ>KLp<SV=og4=EIjhmF;-hQ;+8(h?hz
z{}PiQ<7bzZc}KrT<G@)_7uZTtSag|{(d0$%=WJOXHZu>3pZ|VCbsn`!pXc~8n3j-c
zLCHCqnvS4em!Qq_{jQGw<C-UHg6A1I06ucJTO?)7C4#_VBR+Ywqo0_8Yodo9z;7EU
zn@lOr`wvE1+!jpkufH3Vt0kr>-R8W1x8V6*;ADq-006#R8AW<en+{oR*>Ax^ukoT0
z=+@<PVXl7Zlg@Gbj<A7}G}m8dgTs!P0$bUT7&Ux)0q<*Ra7*lga8xI^UziHbmoFG(
z%m$o%_}OgUC!tc&DRCX%_Z2UnU-$nM+k*!Z)?S#-c@hjcGE<V%XZ?{}cD~|TjIOra
zB;V$*WeGmao!SC*8KzrG3RXrsD+!Da(9`p`Pqsji{XrIMVJE_=(N=fwCK?(jEZRQ7
zD8#aPSS274GG>HK!-_T`$cHnqVE?Cp%o0#f|MxI`4j_+UOv4(mp3O;ZvfAlEYDJ_f
zU@b=mG4<(LoHM<UfK^}y?x%y;b7xgm9qjnAaT{9~K=W`^)k0)8xGgWVcv4C(EKA)f
zGDm5n5L6XXV`biER#;`*?iq32shLFA#<t}W*e|NZSEi>Pfi;_#VPDzueS5FVueB&Z
zL4g!rO$|;1U5ZUZ%6%pnir0}{$(w7|vb%1Z@|E|hWyyavM>93+w4=!6A9)jXpG@tK
zU-K!h45vN3A>Fu*(=7^2(q8)B6_%@=m41LTz&^uu#XLH4*t;HDJ8<UhG&I91;-hE5
z%<E|+;c<<tUjO6SqPg-kJeAs{>o*b3CM^!#@!fkYG7N+|;f<J9A9^xyO49N3lhL5d
zj4Knz?}4L%QT<;pB5UXI+;REu>KwIUV5TQhT^mWH12xlR_=*7lFn(ybI?eKVY)!&N
zMwcHRz0uEqO-T_%jU|V`?ib$S5SCEsRz8x8xb99Ue0+yk+B^0FYK|A?Bm7jR-VpA`
zz<P#sy!_fdCrdg2_meZKFBzHHRJ(f~=G^W<)$i5cqb%~%cX^rrbP`OWouv>iSAnmB
zzeg*m1opBD6}=b+Ip&C11g8nX9yP#;NeSo}U>Nj8Y0l7e<I+`CB-|}|#%Bl)#GjIj
zW=^P8{bO0%okzO(g>P7TRp4}{u<)eVB9Sye#JKB9DhhS_F8ZV5o;cpE44D^g6JS^2
zO{pNbsHlyi-7#3k@d0SR4uwbK#FWF+2NA(_9%XI!2$V~q5NhB`!p+lL=gG%r_d1Up
z0by4Ht^H>Rre?i0Sb6(zTIECHNs^nZ0_;x-b~>tBc=p~_qoc5Y1fUpqgPF;K1;2#~
z+9<-Y)@U<K_NY(*7!qUVS1BM?44GI=?>$B7vun$KUU!D8m(z2zv^^7C#%u{|Ka<jb
z1K4=q_%Qwvl|_M_^;}5-tRG}>YM(Jm$h`Z&8Wh47FV@1ypE@U9E)9yN&5Ve9gL-CH
zZs$R7{`D0Wi6GW&REy#iQVKlE36jI2k(51%b#xz0d;yiZN2++2Jg_PENiwjRc)w!1
zA;$DBjrLU9^^HJq&n0(;L7Uv>UKn(o#MMf9OXxegTA9)?VGsj0ybI1|c0X|p5b@|O
zBVp(Q;+mqKbjmTG)kt+GP1hx=S?#|jT4aiy-*%1ebLT2bFA6Q>U-gkgxLx{v?d}|1
z4lkdbavbg40)d07yIM`Z{>6vO@77V@G3Y==@ncyeQPaBoUOW7J6LQf(N|UMpq!DC<
zm3RIoH)Q*3=N~ZbrfhsCKlT+Oz{?btbHg<Ir6N;i>)OoL+j%l&_Xxp-cvwMz0uPSl
zxyF?&tf1|8@3V;kpFYebcOeRBIwJ{|HRdokdR#w+SxNyrb54|nlo}U%ewHQ~J~&xU
z%`EBGs+Zzbn*u@QV7XyR%4}+2H<$M3_PLd;3r|W!b%az5u~BgoV)^eg4le3nkCr&p
zVZp*hgPLHH%y5GP2Gq%RP7U#o`;YfRz<jTqUqv55HylAS-!wEnoeBRjT_MXnyI59P
zZ{j7r7|viJ=KUlO?YA(gVL$M)OMMr+>*03i<p%)dIt|3Vf0@r(2~yHrUWB#K)FqS`
zr00Zfr{gnPY}z?f+W+L}Wjet%`rO=wE56P@Ew<nEbE**|OOi2@Nte_T69EzjV3J!G
z%fgNfpFrMqdbM|DWpGf`kb|uJ{B)DJqO`pgjct9cebgBhS<izG04iRjrWMwm)Se<s
zv$YDt+f#oLWs{g{sIn==aEk&U^JLLxJ&l`$rNh#znH0dp(vjJ;Ju&5LPF&9|tk3(p
zMPhQs4rufbw0<gEa5V$~=GL7TzWW!v;%yY}3x|n38O>0jU2*<!D=S67nsWo#-^76h
zFl0BsDlBr=w189?6n8#cY0fBVl6P|n9v5<gM}x`vHv5)d{qF@j+e>3*wsB-OPL<=3
z2XSNTG-Rj-JnX%${GZN!0N|@2t$Z6g-~ga2;Mc}eg>On2=y7*;7hVM9Bx?h!x1>n2
z{(hVI>2}S!?J6u<CAwhPKVa;vhP>WB@Xo67{)OJac5Tt?V>sxKYVbF4EEcIacm{PN
z#Ku-!E;P8{vSI_$ut=elD9Vr_9L+%?(SL1v!ADz}OGsPq{%^EFv4&3OK6r8AjyU9%
z7bYvK#ZP0Ek9yl>fy8Zu<kE4tDM%_`nhaB$Y!Z@Jho+g~yF0mj8L`~bMa_i!HlQZm
z8VXh^KuyiOGN#ldA+uDQ><f7qP)<;k$x=JOM%R?dkNX3wcSd4lrf7+ib0@(DV`4SI
z*?M{LU{_ReZ&2|deyuaI4SvcP#oq)8EM$b*-=4hWb1YRNexxW$#6Ue^U%#GvLxaCo
zjE)=)2@Gi?;=^v*Wj5ga`Wr(nt*h8o+jD68Ty6;4o8A!|0HL5oZ~c43t+nM}fyVmn
zMVy2qTkXCHbALf#20Wp4?)4-5(MRXeLLE^OQK(0BFBhE-YAzF2YB+#9%@+#_Ow%?1
zCSsE3&}C|j?(M&~ePti))&f{s`F$w?sF5+2!CHxQ+nIR;h|>Uo5&|UvKGWT+ND_Bv
z!-+a)WLcCJ;^SB&^G1I9MBR-E5%^Z=4IH)|&UxcmpU4pw(ZoLY`adj@|GrUKy!vn+
z7<fOC)6UV{osJ(bDLwxHcW;895M2EWtLjGIk~~L%RMj%qH1c0Tydi&fa;M(^4Nf)`
z{EcwiYD8-nVOTxlYi9i-7DIUGJv`uBgggmSas+Q*`e&G4?nd`;YUwb#KDc>3F(c*J
zDqiR-v`8o^I5$7lb;&(}Mferaa$lTk&#Oejb^g%f{;ChV?WuN~{MMYMD?)ha|MFM$
zmve{K%0Tg3`YZs?sZFWRx#&CHCQhh6F)v@flqsxzU!r3LkOW{cF!4)}=;{7y^D{D6
z_Zfe&+|%RgpuRud4e>wt`S9y(^**Da{^X(E=3Fv47)y%10UaQ4`{GSC|1Nwv{7-V%
z!>ZfM^~P4+m!#Dj^VRvqI7L_nq-k?~{jn_#8zIE`#SBVVhv(|H13CF+Dt$&K<T8J{
zXk_I7kLW39aY3CA0+%-kpJx0Yeq4?7UDpS>7mWNGuY49^9$G4e%jyF2vXxkWRuVPp
z-QOTN_1#xmyYu&Bah?<g5b&<O_C5=)z8VGGcMj2Yaos3odMyt7XKna~B)``}B47Nu
zXE*}2UvpGv$I^gv%?J@#g%okhEToD)KHe>FsY?JHL~l&(&sU7^V;hwG+TVI2)RGZM
zzolQPo*r}l`i+JJJhH#;beGao@$7$h$NcXX^q_yaO{C7EXQ!wj!mz14;E^AtUlY#b
z;e0T?EW+^h>db+EVQ;@@;6k#44nR=(bD`{4h9j|NoT|^~fahkZtAJz6w)?x*9(o8|
zW7BE-#p6EaIZ9_ld_YW63hHrBM0^rv4#4kjf8c-LqW?d8xO=5ft{WCJn41K^KC)6u
Kl9l2{!T$$h!av>s

literal 0
HcmV?d00001

diff --git a/cmd/picoclaw-launcher/internal/server/auth_config.go b/cmd/picoclaw-launcher/internal/server/auth_config.go
new file mode 100644
index 000000000..f75e8fff0
--- /dev/null
+++ b/cmd/picoclaw-launcher/internal/server/auth_config.go
@@ -0,0 +1,147 @@
+package server
+
+import (
+	"log"
+	"strings"
+
+	"github.com/sipeed/picoclaw/pkg/auth"
+	"github.com/sipeed/picoclaw/pkg/config"
+)
+
+// updateConfigAfterLogin updates config.json after a successful provider login.
+func updateConfigAfterLogin(configPath, provider string, cred *auth.AuthCredential) {
+	cfg, err := config.LoadConfig(configPath)
+	if err != nil {
+		log.Printf("Warning: could not load config to update auth_method: %v", err)
+		return
+	}
+
+	switch provider {
+	case "openai":
+		cfg.Providers.OpenAI.AuthMethod = "oauth"
+		found := false
+		for i := range cfg.ModelList {
+			if isOpenAIModel(cfg.ModelList[i].Model) {
+				cfg.ModelList[i].AuthMethod = "oauth"
+				found = true
+				break
+			}
+		}
+		if !found {
+			cfg.ModelList = append(cfg.ModelList, config.ModelConfig{
+				ModelName:  "gpt-5.2",
+				Model:      "openai/gpt-5.2",
+				AuthMethod: "oauth",
+			})
+		}
+		cfg.Agents.Defaults.ModelName = "gpt-5.2"
+
+	case "anthropic":
+		cfg.Providers.Anthropic.AuthMethod = "token"
+		found := false
+		for i := range cfg.ModelList {
+			if isAnthropicModel(cfg.ModelList[i].Model) {
+				cfg.ModelList[i].AuthMethod = "token"
+				found = true
+				break
+			}
+		}
+		if !found {
+			cfg.ModelList = append(cfg.ModelList, config.ModelConfig{
+				ModelName:  "claude-sonnet-4.6",
+				Model:      "anthropic/claude-sonnet-4.6",
+				AuthMethod: "token",
+			})
+		}
+		cfg.Agents.Defaults.ModelName = "claude-sonnet-4.6"
+
+	case "google-antigravity":
+		cfg.Providers.Antigravity.AuthMethod = "oauth"
+		found := false
+		for i := range cfg.ModelList {
+			if isAntigravityModel(cfg.ModelList[i].Model) {
+				cfg.ModelList[i].AuthMethod = "oauth"
+				found = true
+				break
+			}
+		}
+		if !found {
+			cfg.ModelList = append(cfg.ModelList, config.ModelConfig{
+				ModelName:  "gemini-flash",
+				Model:      "antigravity/gemini-3-flash",
+				AuthMethod: "oauth",
+			})
+		}
+		cfg.Agents.Defaults.ModelName = "gemini-flash"
+	}
+
+	if err := config.SaveConfig(configPath, cfg); err != nil {
+		log.Printf("Warning: could not update config: %v", err)
+	}
+}
+
+// clearAuthMethodInConfig clears auth_method for a specific provider in config.json.
+func clearAuthMethodInConfig(configPath, provider string) {
+	cfg, err := config.LoadConfig(configPath)
+	if err != nil {
+		return
+	}
+
+	for i := range cfg.ModelList {
+		switch provider {
+		case "openai":
+			if isOpenAIModel(cfg.ModelList[i].Model) {
+				cfg.ModelList[i].AuthMethod = ""
+			}
+		case "anthropic":
+			if isAnthropicModel(cfg.ModelList[i].Model) {
+				cfg.ModelList[i].AuthMethod = ""
+			}
+		case "google-antigravity", "antigravity":
+			if isAntigravityModel(cfg.ModelList[i].Model) {
+				cfg.ModelList[i].AuthMethod = ""
+			}
+		}
+	}
+
+	switch provider {
+	case "openai":
+		cfg.Providers.OpenAI.AuthMethod = ""
+	case "anthropic":
+		cfg.Providers.Anthropic.AuthMethod = ""
+	case "google-antigravity", "antigravity":
+		cfg.Providers.Antigravity.AuthMethod = ""
+	}
+
+	config.SaveConfig(configPath, cfg)
+}
+
+// clearAllAuthMethodsInConfig clears auth_method for all providers in config.json.
+func clearAllAuthMethodsInConfig(configPath string) {
+	cfg, err := config.LoadConfig(configPath)
+	if err != nil {
+		return
+	}
+	for i := range cfg.ModelList {
+		cfg.ModelList[i].AuthMethod = ""
+	}
+	cfg.Providers.OpenAI.AuthMethod = ""
+	cfg.Providers.Anthropic.AuthMethod = ""
+	cfg.Providers.Antigravity.AuthMethod = ""
+	config.SaveConfig(configPath, cfg)
+}
+
+// ── Model identification helpers ─────────────────────────────────
+
+func isOpenAIModel(model string) bool {
+	return model == "openai" || strings.HasPrefix(model, "openai/")
+}
+
+func isAnthropicModel(model string) bool {
+	return model == "anthropic" || strings.HasPrefix(model, "anthropic/")
+}
+
+func isAntigravityModel(model string) bool {
+	return model == "antigravity" || model == "google-antigravity" ||
+		strings.HasPrefix(model, "antigravity/") || strings.HasPrefix(model, "google-antigravity/")
+}
diff --git a/cmd/picoclaw-launcher/internal/server/auth_config_test.go b/cmd/picoclaw-launcher/internal/server/auth_config_test.go
new file mode 100644
index 000000000..92158d011
--- /dev/null
+++ b/cmd/picoclaw-launcher/internal/server/auth_config_test.go
@@ -0,0 +1,222 @@
+package server
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/sipeed/picoclaw/pkg/auth"
+	"github.com/sipeed/picoclaw/pkg/config"
+)
+
+// ── Model identification helpers ─────────────────────────────────
+
+func TestIsOpenAIModel(t *testing.T) {
+	tests := []struct {
+		model string
+		want  bool
+	}{
+		{"openai", true},
+		{"openai/gpt-4o", true},
+		{"openai/gpt-5.2", true},
+		{"anthropic", false},
+		{"anthropic/claude-sonnet-4.6", false},
+		{"openai-compatible", false},
+		{"", false},
+	}
+	for _, tt := range tests {
+		if got := isOpenAIModel(tt.model); got != tt.want {
+			t.Errorf("isOpenAIModel(%q) = %v, want %v", tt.model, got, tt.want)
+		}
+	}
+}
+
+func TestIsAnthropicModel(t *testing.T) {
+	tests := []struct {
+		model string
+		want  bool
+	}{
+		{"anthropic", true},
+		{"anthropic/claude-sonnet-4.6", true},
+		{"openai", false},
+		{"openai/gpt-4o", false},
+		{"", false},
+	}
+	for _, tt := range tests {
+		if got := isAnthropicModel(tt.model); got != tt.want {
+			t.Errorf("isAnthropicModel(%q) = %v, want %v", tt.model, got, tt.want)
+		}
+	}
+}
+
+func TestIsAntigravityModel(t *testing.T) {
+	tests := []struct {
+		model string
+		want  bool
+	}{
+		{"antigravity", true},
+		{"google-antigravity", true},
+		{"antigravity/gemini-3-flash", true},
+		{"google-antigravity/gemini-3-flash", true},
+		{"openai", false},
+		{"antigravity-custom", false},
+		{"", false},
+	}
+	for _, tt := range tests {
+		if got := isAntigravityModel(tt.model); got != tt.want {
+			t.Errorf("isAntigravityModel(%q) = %v, want %v", tt.model, got, tt.want)
+		}
+	}
+}
+
+// ── Config update helpers ────────────────────────────────────────
+
+func writeTempConfigViaSave(t *testing.T, cfg *config.Config) string {
+	t.Helper()
+	dir := t.TempDir()
+	path := filepath.Join(dir, "config.json")
+	if err := config.SaveConfig(path, cfg); err != nil {
+		t.Fatalf("save config: %v", err)
+	}
+	return path
+}
+
+func loadTempConfig(t *testing.T, path string) *config.Config {
+	t.Helper()
+	cfg, err := config.LoadConfig(path)
+	if err != nil {
+		t.Fatalf("load config: %v", err)
+	}
+	return cfg
+}
+
+func TestUpdateConfigAfterLogin_OpenAI_ExistingModel(t *testing.T) {
+	cfg := &config.Config{
+		ModelList: []config.ModelConfig{
+			{ModelName: "gpt-4o", Model: "openai/gpt-4o"},
+		},
+	}
+	path := writeTempConfigViaSave(t, cfg)
+
+	cred := &auth.AuthCredential{AuthMethod: "oauth"}
+	updateConfigAfterLogin(path, "openai", cred)
+
+	result := loadTempConfig(t, path)
+
+	// Model-level auth_method persists through serialization
+	if len(result.ModelList) != 1 {
+		t.Fatalf("expected 1 model, got %d", len(result.ModelList))
+	}
+	if result.ModelList[0].AuthMethod != "oauth" {
+		t.Errorf("expected model auth_method=oauth, got %q", result.ModelList[0].AuthMethod)
+	}
+}
+
+func TestUpdateConfigAfterLogin_OpenAI_NoExistingModel(t *testing.T) {
+	cfg := &config.Config{
+		ModelList: []config.ModelConfig{
+			{ModelName: "claude", Model: "anthropic/claude-sonnet-4.6"},
+		},
+	}
+	path := writeTempConfigViaSave(t, cfg)
+
+	cred := &auth.AuthCredential{AuthMethod: "oauth"}
+	updateConfigAfterLogin(path, "openai", cred)
+
+	result := loadTempConfig(t, path)
+
+	if len(result.ModelList) != 2 {
+		t.Fatalf("expected 2 models (original + added), got %d", len(result.ModelList))
+	}
+	if result.ModelList[1].Model != "openai/gpt-5.2" {
+		t.Errorf("expected added model openai/gpt-5.2, got %q", result.ModelList[1].Model)
+	}
+	if result.Agents.Defaults.ModelName != "gpt-5.2" {
+		t.Errorf("expected default model_name=gpt-5.2, got %q", result.Agents.Defaults.ModelName)
+	}
+}
+
+func TestUpdateConfigAfterLogin_Anthropic(t *testing.T) {
+	cfg := &config.Config{}
+	path := writeTempConfigViaSave(t, cfg)
+
+	cred := &auth.AuthCredential{AuthMethod: "token"}
+	updateConfigAfterLogin(path, "anthropic", cred)
+
+	result := loadTempConfig(t, path)
+
+	// Model should be added with correct auth_method
+	if len(result.ModelList) != 1 {
+		t.Fatalf("expected 1 model added, got %d", len(result.ModelList))
+	}
+	if result.ModelList[0].Model != "anthropic/claude-sonnet-4.6" {
+		t.Errorf("expected model anthropic/claude-sonnet-4.6, got %q", result.ModelList[0].Model)
+	}
+	if result.ModelList[0].AuthMethod != "token" {
+		t.Errorf("expected model auth_method=token, got %q", result.ModelList[0].AuthMethod)
+	}
+}
+
+func TestUpdateConfigAfterLogin_GoogleAntigravity(t *testing.T) {
+	cfg := &config.Config{}
+	path := writeTempConfigViaSave(t, cfg)
+
+	cred := &auth.AuthCredential{AuthMethod: "oauth"}
+	updateConfigAfterLogin(path, "google-antigravity", cred)
+
+	result := loadTempConfig(t, path)
+
+	// Model should be added with correct auth_method
+	if len(result.ModelList) != 1 {
+		t.Fatalf("expected 1 model added, got %d", len(result.ModelList))
+	}
+	if result.ModelList[0].Model != "antigravity/gemini-3-flash" {
+		t.Errorf("expected model antigravity/gemini-3-flash, got %q", result.ModelList[0].Model)
+	}
+	if result.ModelList[0].AuthMethod != "oauth" {
+		t.Errorf("expected model auth_method=oauth, got %q", result.ModelList[0].AuthMethod)
+	}
+}
+
+func TestClearAuthMethodInConfig(t *testing.T) {
+	cfg := &config.Config{
+		ModelList: []config.ModelConfig{
+			{ModelName: "gpt-4o", Model: "openai/gpt-4o", AuthMethod: "oauth"},
+			{ModelName: "claude", Model: "anthropic/claude-sonnet-4.6", AuthMethod: "token"},
+		},
+	}
+	path := writeTempConfigViaSave(t, cfg)
+
+	clearAuthMethodInConfig(path, "openai")
+
+	result := loadTempConfig(t, path)
+
+	// Openai model auth_method should be cleared
+	if result.ModelList[0].AuthMethod != "" {
+		t.Errorf("expected openai model auth_method cleared, got %q", result.ModelList[0].AuthMethod)
+	}
+	// Anthropic model should be unchanged
+	if result.ModelList[1].AuthMethod != "token" {
+		t.Errorf("expected anthropic model auth_method unchanged, got %q", result.ModelList[1].AuthMethod)
+	}
+}
+
+func TestClearAllAuthMethodsInConfig(t *testing.T) {
+	cfg := &config.Config{
+		ModelList: []config.ModelConfig{
+			{ModelName: "gpt-4o", Model: "openai/gpt-4o", AuthMethod: "oauth"},
+			{ModelName: "claude", Model: "anthropic/claude-sonnet-4.6", AuthMethod: "token"},
+			{ModelName: "gemini", Model: "antigravity/gemini-3-flash", AuthMethod: "oauth"},
+		},
+	}
+	path := writeTempConfigViaSave(t, cfg)
+
+	clearAllAuthMethodsInConfig(path)
+
+	result := loadTempConfig(t, path)
+
+	for i, m := range result.ModelList {
+		if m.AuthMethod != "" {
+			t.Errorf("model[%d] auth_method not cleared, got %q", i, m.AuthMethod)
+		}
+	}
+}
diff --git a/cmd/picoclaw-launcher/internal/server/auth_handlers.go b/cmd/picoclaw-launcher/internal/server/auth_handlers.go
new file mode 100644
index 000000000..1e9b8be0a
--- /dev/null
+++ b/cmd/picoclaw-launcher/internal/server/auth_handlers.go
@@ -0,0 +1,312 @@
+package server
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/sipeed/picoclaw/pkg/auth"
+	"github.com/sipeed/picoclaw/pkg/providers"
+)
+
+// oauthSession stores in-flight OAuth state for browser-based flows.
+type oauthSession struct {
+	Provider    string
+	PKCE        auth.PKCECodes
+	State       string
+	RedirectURI string
+	OAuthCfg    auth.OAuthProviderConfig
+	ConfigPath  string
+}
+
+// deviceCodeSession stores in-flight device code flow state.
+type deviceCodeSession struct {
+	mu         sync.Mutex
+	Provider   string
+	Info       *auth.DeviceCodeInfo
+	OAuthCfg   auth.OAuthProviderConfig
+	ConfigPath string
+	Status     string // "pending", "success", "error"
+	Error      string
+	Done       bool
+}
+
+var (
+	oauthSessions   = map[string]*oauthSession{} // keyed by state
+	oauthSessionsMu sync.Mutex
+
+	activeDeviceSession   *deviceCodeSession
+	activeDeviceSessionMu sync.Mutex
+)
+
+// handleOpenAILogin starts the OpenAI device code flow and returns device code info to the frontend.
+func handleOpenAILogin(w http.ResponseWriter, configPath string) {
+	// Check if there's already a pending device code session
+	activeDeviceSessionMu.Lock()
+	if activeDeviceSession != nil {
+		activeDeviceSession.mu.Lock()
+		if !activeDeviceSession.Done {
+			resp := map[string]any{
+				"status":     "pending",
+				"device_url": activeDeviceSession.Info.VerifyURL,
+				"user_code":  activeDeviceSession.Info.UserCode,
+				"message":    "Device code flow already in progress. Enter the code in your browser.",
+			}
+			activeDeviceSession.mu.Unlock()
+			activeDeviceSessionMu.Unlock()
+			w.Header().Set("Content-Type", "application/json")
+			json.NewEncoder(w).Encode(resp)
+			return
+		}
+		activeDeviceSession.mu.Unlock()
+	}
+	activeDeviceSessionMu.Unlock()
+
+	// Request a device code
+	oauthCfg := auth.OpenAIOAuthConfig()
+	info, err := auth.RequestDeviceCode(oauthCfg)
+	if err != nil {
+		http.Error(w, fmt.Sprintf("Failed to request device code: %v", err), http.StatusInternalServerError)
+		return
+	}
+
+	session := &deviceCodeSession{
+		Provider:   "openai",
+		Info:       info,
+		OAuthCfg:   oauthCfg,
+		ConfigPath: configPath,
+		Status:     "pending",
+	}
+
+	activeDeviceSessionMu.Lock()
+	activeDeviceSession = session
+	activeDeviceSessionMu.Unlock()
+
+	// Start background polling
+	go func() {
+		deadline := time.After(15 * time.Minute)
+		ticker := time.NewTicker(time.Duration(info.Interval) * time.Second)
+		defer ticker.Stop()
+
+		for {
+			select {
+			case <-deadline:
+				session.mu.Lock()
+				session.Status = "error"
+				session.Error = "Authentication timed out after 15 minutes"
+				session.Done = true
+				session.mu.Unlock()
+				return
+			case <-ticker.C:
+				cred, err := auth.PollDeviceCodeOnce(oauthCfg, info.DeviceAuthID, info.UserCode)
+				if err != nil {
+					continue // Still pending
+				}
+				if cred != nil {
+					if saveErr := auth.SetCredential("openai", cred); saveErr != nil {
+						session.mu.Lock()
+						session.Status = "error"
+						session.Error = saveErr.Error()
+						session.Done = true
+						session.mu.Unlock()
+						return
+					}
+					updateConfigAfterLogin(configPath, "openai", cred)
+					session.mu.Lock()
+					session.Status = "success"
+					session.Done = true
+					session.mu.Unlock()
+					log.Printf("OpenAI device code login successful (account: %s)", cred.AccountID)
+					return
+				}
+			}
+		}
+	}()
+
+	// Return device code info to frontend
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]any{
+		"status":     "pending",
+		"device_url": info.VerifyURL,
+		"user_code":  info.UserCode,
+		"message":    "Open the URL and enter the code to authenticate.",
+	})
+}
+
+// handleAnthropicLogin saves a pasted API token for Anthropic.
+func handleAnthropicLogin(w http.ResponseWriter, token, configPath string) {
+	if token == "" {
+		http.Error(w, "Token is required for Anthropic login", http.StatusBadRequest)
+		return
+	}
+
+	cred := &auth.AuthCredential{
+		AccessToken: token,
+		Provider:    "anthropic",
+		AuthMethod:  "token",
+	}
+
+	if err := auth.SetCredential("anthropic", cred); err != nil {
+		http.Error(w, fmt.Sprintf("Failed to save credentials: %v", err), http.StatusInternalServerError)
+		return
+	}
+
+	updateConfigAfterLogin(configPath, "anthropic", cred)
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]string{
+		"status":  "success",
+		"message": "Anthropic token saved",
+	})
+}
+
+// handleGoogleAntigravityLogin generates a PKCE + auth URL and returns it to the frontend.
+func handleGoogleAntigravityLogin(w http.ResponseWriter, r *http.Request, configPath string) {
+	oauthCfg := auth.GoogleAntigravityOAuthConfig()
+
+	pkce, err := auth.GeneratePKCE()
+	if err != nil {
+		http.Error(w, fmt.Sprintf("Failed to generate PKCE: %v", err), http.StatusInternalServerError)
+		return
+	}
+
+	state, err := auth.GenerateState()
+	if err != nil {
+		http.Error(w, fmt.Sprintf("Failed to generate state: %v", err), http.StatusInternalServerError)
+		return
+	}
+
+	// Build redirect URI pointing to picoclaw-launcher's own callback
+	scheme := "http"
+	redirectURI := fmt.Sprintf("%s://%s/auth/callback", scheme, r.Host)
+
+	authURL := auth.BuildAuthorizeURL(oauthCfg, pkce, state, redirectURI)
+
+	// Store session for callback
+	oauthSessionsMu.Lock()
+	oauthSessions[state] = &oauthSession{
+		Provider:    "google-antigravity",
+		PKCE:        pkce,
+		State:       state,
+		RedirectURI: redirectURI,
+		OAuthCfg:    oauthCfg,
+		ConfigPath:  configPath,
+	}
+	oauthSessionsMu.Unlock()
+
+	// Clean up stale sessions after 10 minutes
+	go func() {
+		time.Sleep(10 * time.Minute)
+		oauthSessionsMu.Lock()
+		delete(oauthSessions, state)
+		oauthSessionsMu.Unlock()
+	}()
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]string{
+		"status":   "redirect",
+		"auth_url": authURL,
+		"message":  "Open the URL to authenticate with Google.",
+	})
+}
+
+// handleOAuthCallback processes the OAuth callback from Google Antigravity.
+func handleOAuthCallback(w http.ResponseWriter, r *http.Request) {
+	state := r.URL.Query().Get("state")
+	code := r.URL.Query().Get("code")
+
+	oauthSessionsMu.Lock()
+	session, ok := oauthSessions[state]
+	if ok {
+		delete(oauthSessions, state)
+	}
+	oauthSessionsMu.Unlock()
+
+	if !ok {
+		http.Error(w, "Invalid or expired OAuth state", http.StatusBadRequest)
+		return
+	}
+
+	if code == "" {
+		errMsg := r.URL.Query().Get("error")
+		w.Header().Set("Content-Type", "text/html")
+		fmt.Fprintf(
+			w,
+			`<html><body><h2>Authentication failed</h2><p>%s</p><p>You can close this window.</p></body></html>`,
+			errMsg,
+		)
+		return
+	}
+
+	cred, err := auth.ExchangeCodeForTokens(session.OAuthCfg, code, session.PKCE.CodeVerifier, session.RedirectURI)
+	if err != nil {
+		w.Header().Set("Content-Type", "text/html")
+		fmt.Fprintf(
+			w,
+			`<html><body><h2>Authentication failed</h2><p>%s</p><p>You can close this window.</p></body></html>`,
+			err.Error(),
+		)
+		return
+	}
+
+	cred.Provider = session.Provider
+
+	// Fetch user info for Google Antigravity
+	if session.Provider == "google-antigravity" {
+		if email, err := fetchGoogleUserEmail(cred.AccessToken); err == nil {
+			cred.Email = email
+		}
+		if projectID, err := providers.FetchAntigravityProjectID(cred.AccessToken); err == nil {
+			cred.ProjectID = projectID
+		}
+	}
+
+	if err := auth.SetCredential(session.Provider, cred); err != nil {
+		w.Header().Set("Content-Type", "text/html")
+		fmt.Fprintf(w, `<html><body><h2>Failed to save credentials</h2><p>%s</p></body></html>`, err.Error())
+		return
+	}
+
+	updateConfigAfterLogin(session.ConfigPath, session.Provider, cred)
+
+	// Redirect back to picoclaw-launcher UI
+	w.Header().Set("Content-Type", "text/html")
+	fmt.Fprintf(w, `<html><body>
+		<h2>Authentication successful!</h2>
+		<p>Redirecting back to Config Editor...</p>
+		<script>setTimeout(function(){ window.location.href = '/#auth'; }, 1000);</script>
+	</body></html>`)
+}
+
+// fetchGoogleUserEmail retrieves the user's email from Google's userinfo endpoint.
+func fetchGoogleUserEmail(accessToken string) (string, error) {
+	req, err := http.NewRequest("GET", "https://www.googleapis.com/oauth2/v2/userinfo", nil)
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set("Authorization", "Bearer "+accessToken)
+
+	client := &http.Client{Timeout: 10 * time.Second}
+	resp, err := client.Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	body, _ := io.ReadAll(resp.Body)
+	if resp.StatusCode != http.StatusOK {
+		return "", fmt.Errorf("userinfo request failed: %s", string(body))
+	}
+
+	var userInfo struct {
+		Email string `json:"email"`
+	}
+	if err := json.Unmarshal(body, &userInfo); err != nil {
+		return "", err
+	}
+	return userInfo.Email, nil
+}
diff --git a/cmd/picoclaw-launcher/internal/server/logbuffer.go b/cmd/picoclaw-launcher/internal/server/logbuffer.go
new file mode 100644
index 000000000..4d70f6466
--- /dev/null
+++ b/cmd/picoclaw-launcher/internal/server/logbuffer.go
@@ -0,0 +1,99 @@
+package server
+
+import "sync"
+
+// LogBuffer is a thread-safe ring buffer that stores the most recent N log lines.
+// It supports incremental reads via LinesSince and tracks a runID that increments
+// on each Reset (used to detect gateway restarts).
+type LogBuffer struct {
+	mu    sync.RWMutex
+	lines []string
+	cap   int
+	total int // total lines ever appended in current run
+	runID int
+}
+
+// NewLogBuffer creates a LogBuffer with the given capacity.
+func NewLogBuffer(capacity int) *LogBuffer {
+	return &LogBuffer{
+		lines: make([]string, 0, capacity),
+		cap:   capacity,
+	}
+}
+
+// Append adds a line to the buffer. If the buffer is full, the oldest line is evicted.
+func (b *LogBuffer) Append(line string) {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+
+	if len(b.lines) < b.cap {
+		b.lines = append(b.lines, line)
+	} else {
+		b.lines[b.total%b.cap] = line
+	}
+
+	b.total++
+}
+
+// Reset clears the buffer and increments the runID. Call this when starting a new gateway process.
+func (b *LogBuffer) Reset() {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+
+	b.lines = b.lines[:0]
+	b.total = 0
+	b.runID++
+}
+
+// LinesSince returns lines appended after the given offset, the current total count, and the runID.
+// If offset >= total, no lines are returned. If offset is too old (evicted), all buffered lines are returned.
+func (b *LogBuffer) LinesSince(offset int) (lines []string, total int, runID int) {
+	b.mu.RLock()
+	defer b.mu.RUnlock()
+
+	total = b.total
+	runID = b.runID
+
+	if offset >= b.total {
+		return nil, total, runID
+	}
+
+	buffered := len(b.lines)
+
+	// How many new lines since offset
+	newCount := b.total - offset
+	if newCount > buffered {
+		newCount = buffered
+	}
+
+	result := make([]string, newCount)
+
+	if b.total <= b.cap {
+		// Buffer hasn't wrapped yet — simple slice
+		copy(result, b.lines[buffered-newCount:])
+	} else {
+		// Buffer has wrapped — read from ring
+		start := (b.total - newCount) % b.cap
+		for i := range newCount {
+			result[i] = b.lines[(start+i)%b.cap]
+		}
+	}
+
+	return result, total, runID
+}
+
+// RunID returns the current run identifier.
+func (b *LogBuffer) RunID() int {
+	b.mu.RLock()
+	defer b.mu.RUnlock()
+
+	return b.runID
+}
+
+// Total returns the total number of lines appended in the current run.
+func (b *LogBuffer) Total() int {
+	b.mu.RLock()
+	defer b.mu.RUnlock()
+
+	return b.total
+}
diff --git a/cmd/picoclaw-launcher/internal/server/logbuffer_test.go b/cmd/picoclaw-launcher/internal/server/logbuffer_test.go
new file mode 100644
index 000000000..dc525be16
--- /dev/null
+++ b/cmd/picoclaw-launcher/internal/server/logbuffer_test.go
@@ -0,0 +1,116 @@
+package server
+
+import (
+	"fmt"
+	"sync"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLogBuffer_Basic(t *testing.T) {
+	buf := NewLogBuffer(5)
+
+	// Empty buffer
+	lines, total, runID := buf.LinesSince(0)
+	assert.Nil(t, lines)
+	assert.Equal(t, 0, total)
+	assert.Equal(t, 0, runID)
+
+	// Append some lines
+	buf.Append("line1")
+	buf.Append("line2")
+	buf.Append("line3")
+
+	lines, total, runID = buf.LinesSince(0)
+	assert.Equal(t, []string{"line1", "line2", "line3"}, lines)
+	assert.Equal(t, 3, total)
+	assert.Equal(t, 0, runID)
+
+	// Incremental read
+	lines, total, _ = buf.LinesSince(2)
+	assert.Equal(t, []string{"line3"}, lines)
+	assert.Equal(t, 3, total)
+
+	// No new lines
+	lines, total, _ = buf.LinesSince(3)
+	assert.Nil(t, lines)
+	assert.Equal(t, 3, total)
+}
+
+func TestLogBuffer_Wrap(t *testing.T) {
+	buf := NewLogBuffer(3)
+
+	buf.Append("a")
+	buf.Append("b")
+	buf.Append("c")
+	buf.Append("d") // evicts "a"
+	buf.Append("e") // evicts "b"
+
+	lines, total, _ := buf.LinesSince(0)
+	assert.Equal(t, []string{"c", "d", "e"}, lines)
+	assert.Equal(t, 5, total)
+
+	// Incremental after wrap
+	lines, total, _ = buf.LinesSince(3)
+	assert.Equal(t, []string{"d", "e"}, lines)
+	assert.Equal(t, 5, total)
+
+	// Offset too old (before buffer start), get all buffered
+	lines, total, _ = buf.LinesSince(1)
+	assert.Equal(t, []string{"c", "d", "e"}, lines)
+	assert.Equal(t, 5, total)
+}
+
+func TestLogBuffer_Reset(t *testing.T) {
+	buf := NewLogBuffer(5)
+
+	buf.Append("before")
+	assert.Equal(t, 0, buf.RunID())
+
+	buf.Reset()
+	assert.Equal(t, 1, buf.RunID())
+	assert.Equal(t, 0, buf.Total())
+
+	lines, total, runID := buf.LinesSince(0)
+	assert.Nil(t, lines)
+	assert.Equal(t, 0, total)
+	assert.Equal(t, 1, runID)
+
+	buf.Append("after")
+	lines, total, runID = buf.LinesSince(0)
+	assert.Equal(t, []string{"after"}, lines)
+	assert.Equal(t, 1, total)
+	assert.Equal(t, 1, runID)
+}
+
+func TestLogBuffer_Concurrent(t *testing.T) {
+	buf := NewLogBuffer(100)
+	var wg sync.WaitGroup
+
+	// 10 writers
+	for i := range 10 {
+		wg.Add(1)
+		go func(id int) {
+			defer wg.Done()
+			for j := range 50 {
+				buf.Append(fmt.Sprintf("writer-%d-line-%d", id, j))
+			}
+		}(i)
+	}
+
+	// 5 readers
+	for range 5 {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			for range 100 {
+				buf.LinesSince(0)
+			}
+		}()
+	}
+
+	wg.Wait()
+
+	assert.Equal(t, 500, buf.Total())
+}
diff --git a/cmd/picoclaw-launcher/internal/server/process.go b/cmd/picoclaw-launcher/internal/server/process.go
new file mode 100644
index 000000000..bc2129bf5
--- /dev/null
+++ b/cmd/picoclaw-launcher/internal/server/process.go
@@ -0,0 +1,232 @@
+package server
+
+import (
+	"bufio"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"net"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strconv"
+	"time"
+
+	"github.com/sipeed/picoclaw/pkg/config"
+)
+
+// gatewayLogs stores captured stdout/stderr from the gateway process launched by the launcher.
+var gatewayLogs = NewLogBuffer(200)
+
+// RegisterProcessAPI registers endpoints to start, stop and check status of the picoclaw gateway.
+func RegisterProcessAPI(mux *http.ServeMux, absPath string) {
+	mux.HandleFunc("GET /api/process/status", func(w http.ResponseWriter, r *http.Request) {
+		handleStatusGateway(w, r, absPath)
+	})
+	mux.HandleFunc("POST /api/process/start", handleStartGateway)
+	mux.HandleFunc("POST /api/process/stop", handleStopGateway)
+}
+
+func handleStartGateway(w http.ResponseWriter, r *http.Request) {
+	// Locate picoclaw executable:
+	// 1. Try same directory as current executable
+	// 2. Fallback to just "picoclaw" (relies on $PATH)
+	execPath := "picoclaw"
+
+	if exe, err := os.Executable(); err == nil {
+		dir := filepath.Dir(exe)
+		candidate := filepath.Join(dir, "picoclaw")
+		if runtime.GOOS == "windows" {
+			candidate += ".exe"
+		}
+
+		if info, err := os.Stat(candidate); err == nil && !info.IsDir() {
+			execPath = candidate
+		}
+	}
+
+	cmd := exec.Command(execPath, "gateway")
+
+	stdoutPipe, err := cmd.StdoutPipe()
+	if err != nil {
+		log.Printf("Failed to create stdout pipe: %v\n", err)
+		http.Error(w, fmt.Sprintf("Failed to start gateway: %v", err), http.StatusInternalServerError)
+		return
+	}
+
+	stderrPipe, err := cmd.StderrPipe()
+	if err != nil {
+		log.Printf("Failed to create stderr pipe: %v\n", err)
+		http.Error(w, fmt.Sprintf("Failed to start gateway: %v", err), http.StatusInternalServerError)
+		return
+	}
+
+	// Clear old logs and increment runID before starting
+	gatewayLogs.Reset()
+
+	if err := cmd.Start(); err != nil {
+		log.Printf("Failed to start picoclaw gateway: %v\n", err)
+		http.Error(w, fmt.Sprintf("Failed to start gateway: %v", err), http.StatusInternalServerError)
+		return
+	}
+
+	// Read stdout and stderr into the log buffer
+	go scanPipe(stdoutPipe, gatewayLogs)
+	go scanPipe(stderrPipe, gatewayLogs)
+
+	// Wait for the process to exit in the background to avoid zombies
+	go func() {
+		if err := cmd.Wait(); err != nil {
+			log.Printf("Gateway process exited: %v\n", err)
+		}
+	}()
+
+	log.Printf("Started picoclaw gateway (PID: %d) from %s\n", cmd.Process.Pid, execPath)
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]any{
+		"status": "ok",
+		"pid":    cmd.Process.Pid,
+	})
+}
+
+// scanPipe reads lines from r and appends them to buf. It returns when r reaches EOF.
+func scanPipe(r io.Reader, buf *LogBuffer) {
+	scanner := bufio.NewScanner(r)
+	scanner.Buffer(make([]byte, 0, 64*1024), 1024*1024) // up to 1MB per line
+
+	for scanner.Scan() {
+		buf.Append(scanner.Text())
+	}
+}
+
+func handleStopGateway(w http.ResponseWriter, r *http.Request) {
+	var err error
+	if runtime.GOOS == "windows" {
+		// Kill via taskkill finding picoclaw.exe (though it might kill this config tool if it's named picoclaw-launcher.exe...? No, /IM does exact match usually, but just to be safe let's stop exactly picoclaw.exe)
+		// Alternatively, we use powershell to kill processes with commandline containing 'gateway'
+		psCmd := `Get-WmiObject Win32_Process | Where-Object { $_.CommandLine -match 'picoclaw.*gateway' } | ForEach-Object { Stop-Process $_.ProcessId -Force }`
+		err = exec.Command("powershell", "-Command", psCmd).Run()
+	} else {
+		// Linux/macOS
+		err = exec.Command("pkill", "-f", "picoclaw gateway").Run()
+	}
+
+	if err != nil {
+		log.Printf("Warning: Failed to stop gateway (perhaps not running?): %v\n", err)
+		// We still return 200 OK because pkill returns an error if no process was found
+		w.Header().Set("Content-Type", "application/json")
+		json.NewEncoder(w).Encode(map[string]any{
+			"status": "ok", // or "not_found"
+			"msg":    "Stop command executed, but returned error (process might not be running).",
+			"error":  err.Error(),
+		})
+		return
+	}
+
+	log.Printf("Stopped picoclaw gateway processes.\n")
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]string{
+		"status": "ok",
+	})
+}
+
+func handleStatusGateway(w http.ResponseWriter, r *http.Request, absPath string) {
+	cfg, cfgErr := config.LoadConfig(absPath)
+	host := "127.0.0.1"
+	port := 18790
+	if cfgErr == nil && cfg != nil {
+		if cfg.Gateway.Host != "" && cfg.Gateway.Host != "0.0.0.0" {
+			host = cfg.Gateway.Host
+		}
+		if cfg.Gateway.Port != 0 {
+			port = cfg.Gateway.Port
+		}
+	}
+
+	url := fmt.Sprintf("http://%s/health", net.JoinHostPort(host, strconv.Itoa(port)))
+	client := http.Client{Timeout: 2 * time.Second}
+	resp, err := client.Get(url)
+
+	// Build the response data map
+	data := map[string]any{}
+
+	if err != nil {
+		data["process_status"] = "stopped"
+		data["error"] = err.Error()
+	} else {
+		defer resp.Body.Close()
+
+		if resp.StatusCode != http.StatusOK {
+			data["process_status"] = "error"
+			data["status_code"] = resp.StatusCode
+		} else {
+			var healthData map[string]any
+			if decErr := json.NewDecoder(resp.Body).Decode(&healthData); decErr != nil {
+				data["process_status"] = "error"
+				data["error"] = "invalid response from gateway"
+			} else {
+				// Gateway is running and responded properly — merge health data
+				for k, v := range healthData {
+					data[k] = v
+				}
+				data["process_status"] = "running"
+			}
+		}
+	}
+
+	// Append log data from the buffer
+	appendLogData(r, data)
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(data)
+}
+
+// appendLogData reads log_offset and log_run_id query params from the request and
+// populates the response data map with incremental log lines.
+func appendLogData(r *http.Request, data map[string]any) {
+	clientOffset := 0
+	clientRunID := -1
+
+	if v := r.URL.Query().Get("log_offset"); v != "" {
+		if n, err := strconv.Atoi(v); err == nil {
+			clientOffset = n
+		}
+	}
+
+	if v := r.URL.Query().Get("log_run_id"); v != "" {
+		if n, err := strconv.Atoi(v); err == nil {
+			clientRunID = n
+		}
+	}
+
+	runID := gatewayLogs.RunID()
+
+	// If runID is 0 (never reset = never launched from this launcher), report no source
+	if runID == 0 {
+		data["logs"] = []string{}
+		data["log_total"] = 0
+		data["log_run_id"] = 0
+		data["log_source"] = "none"
+		return
+	}
+
+	// If the client's runID doesn't match, send all buffered lines (gateway restarted)
+	offset := clientOffset
+	if clientRunID != runID {
+		offset = 0
+	}
+
+	lines, total, runID := gatewayLogs.LinesSince(offset)
+	if lines == nil {
+		lines = []string{}
+	}
+
+	data["logs"] = lines
+	data["log_total"] = total
+	data["log_run_id"] = runID
+	data["log_source"] = "launcher"
+}
diff --git a/cmd/picoclaw-launcher/internal/server/server.go b/cmd/picoclaw-launcher/internal/server/server.go
new file mode 100644
index 000000000..4fc68f04c
--- /dev/null
+++ b/cmd/picoclaw-launcher/internal/server/server.go
@@ -0,0 +1,196 @@
+package server
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"time"
+
+	"github.com/sipeed/picoclaw/pkg/auth"
+	"github.com/sipeed/picoclaw/pkg/config"
+)
+
+const DefaultPort = "18800"
+
+// providerStatus represents the auth status of a single provider in API responses.
+type providerStatus struct {
+	Provider   string `json:"provider"`
+	AuthMethod string `json:"auth_method"`
+	Status     string `json:"status"`
+	AccountID  string `json:"account_id,omitempty"`
+	Email      string `json:"email,omitempty"`
+	ProjectID  string `json:"project_id,omitempty"`
+	ExpiresAt  string `json:"expires_at,omitempty"`
+}
+
+// ── Route registration ───────────────────────────────────────────
+
+func RegisterConfigAPI(mux *http.ServeMux, absPath string) {
+	// GET /api/config — read config
+	mux.HandleFunc("GET /api/config", func(w http.ResponseWriter, r *http.Request) {
+		cfg, err := config.LoadConfig(absPath)
+		if err != nil {
+			http.Error(w, fmt.Sprintf("Failed to load config: %v", err), http.StatusInternalServerError)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json")
+		resp := map[string]any{
+			"config": cfg,
+			"path":   absPath,
+		}
+		enc := json.NewEncoder(w)
+		enc.SetIndent("", "  ")
+		if err := enc.Encode(resp); err != nil {
+			log.Printf("Failed to encode response: %v", err)
+		}
+	})
+
+	// PUT /api/config — save config
+	mux.HandleFunc("PUT /api/config", func(w http.ResponseWriter, r *http.Request) {
+		body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20))
+		if err != nil {
+			http.Error(w, "Failed to read request body", http.StatusBadRequest)
+			return
+		}
+		defer r.Body.Close()
+
+		var cfg config.Config
+		if err := json.Unmarshal(body, &cfg); err != nil {
+			http.Error(w, fmt.Sprintf("Invalid JSON: %v", err), http.StatusBadRequest)
+			return
+		}
+
+		if err := config.SaveConfig(absPath, &cfg); err != nil {
+			http.Error(w, fmt.Sprintf("Failed to save config: %v", err), http.StatusInternalServerError)
+			return
+		}
+
+		w.Header().Set("Content-Type", "application/json")
+		json.NewEncoder(w).Encode(map[string]string{"status": "ok"})
+	})
+}
+
+func RegisterAuthAPI(mux *http.ServeMux, absPath string) {
+	// GET /api/auth/status — all authenticated providers + pending login state
+	mux.HandleFunc("GET /api/auth/status", func(w http.ResponseWriter, r *http.Request) {
+		store, err := auth.LoadStore()
+		if err != nil {
+			http.Error(w, fmt.Sprintf("Failed to load auth store: %v", err), http.StatusInternalServerError)
+			return
+		}
+
+		result := []providerStatus{}
+		for name, cred := range store.Credentials {
+			status := "active"
+			if cred.IsExpired() {
+				status = "expired"
+			} else if cred.NeedsRefresh() {
+				status = "needs_refresh"
+			}
+			ps := providerStatus{
+				Provider:   name,
+				AuthMethod: cred.AuthMethod,
+				Status:     status,
+				AccountID:  cred.AccountID,
+				Email:      cred.Email,
+				ProjectID:  cred.ProjectID,
+			}
+			if !cred.ExpiresAt.IsZero() {
+				ps.ExpiresAt = cred.ExpiresAt.Format(time.RFC3339)
+			}
+			result = append(result, ps)
+		}
+
+		// Include pending device code state
+		var pendingDevice map[string]any
+		activeDeviceSessionMu.Lock()
+		if activeDeviceSession != nil {
+			activeDeviceSession.mu.Lock()
+			pendingDevice = map[string]any{
+				"provider":   activeDeviceSession.Provider,
+				"status":     activeDeviceSession.Status,
+				"device_url": activeDeviceSession.Info.VerifyURL,
+				"user_code":  activeDeviceSession.Info.UserCode,
+			}
+			if activeDeviceSession.Error != "" {
+				pendingDevice["error"] = activeDeviceSession.Error
+			}
+			if activeDeviceSession.Done {
+				activeDeviceSession.mu.Unlock()
+				activeDeviceSession = nil
+			} else {
+				activeDeviceSession.mu.Unlock()
+			}
+		}
+		activeDeviceSessionMu.Unlock()
+
+		w.Header().Set("Content-Type", "application/json")
+		json.NewEncoder(w).Encode(map[string]any{
+			"providers":      result,
+			"pending_device": pendingDevice,
+		})
+	})
+
+	// POST /api/auth/login — initiate provider login
+	mux.HandleFunc("POST /api/auth/login", func(w http.ResponseWriter, r *http.Request) {
+		var req struct {
+			Provider string `json:"provider"`
+			Token    string `json:"token,omitempty"`
+		}
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			http.Error(w, "Invalid request body", http.StatusBadRequest)
+			return
+		}
+
+		switch req.Provider {
+		case "openai":
+			handleOpenAILogin(w, absPath)
+		case "anthropic":
+			handleAnthropicLogin(w, req.Token, absPath)
+		case "google-antigravity", "antigravity":
+			handleGoogleAntigravityLogin(w, r, absPath)
+		default:
+			http.Error(
+				w,
+				fmt.Sprintf(
+					"Unsupported provider: %s (supported: openai, anthropic, google-antigravity)",
+					req.Provider,
+				),
+				http.StatusBadRequest,
+			)
+		}
+	})
+
+	// POST /api/auth/logout — logout a provider
+	mux.HandleFunc("POST /api/auth/logout", func(w http.ResponseWriter, r *http.Request) {
+		var req struct {
+			Provider string `json:"provider"`
+		}
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			http.Error(w, "Invalid request body", http.StatusBadRequest)
+			return
+		}
+
+		if req.Provider == "" {
+			if err := auth.DeleteAllCredentials(); err != nil {
+				http.Error(w, fmt.Sprintf("Failed to logout: %v", err), http.StatusInternalServerError)
+				return
+			}
+			clearAllAuthMethodsInConfig(absPath)
+		} else {
+			if err := auth.DeleteCredential(req.Provider); err != nil {
+				http.Error(w, fmt.Sprintf("Failed to logout: %v", err), http.StatusInternalServerError)
+				return
+			}
+			clearAuthMethodInConfig(absPath, req.Provider)
+		}
+
+		w.Header().Set("Content-Type", "application/json")
+		json.NewEncoder(w).Encode(map[string]string{"status": "ok"})
+	})
+
+	// GET /auth/callback — OAuth browser callback for Google Antigravity
+	mux.HandleFunc("GET /auth/callback", handleOAuthCallback)
+}
diff --git a/cmd/picoclaw-launcher/internal/server/server_test.go b/cmd/picoclaw-launcher/internal/server/server_test.go
new file mode 100644
index 000000000..c87e93d8c
--- /dev/null
+++ b/cmd/picoclaw-launcher/internal/server/server_test.go
@@ -0,0 +1,247 @@
+package server
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/sipeed/picoclaw/pkg/config"
+)
+
+// ── Config API tests ─────────────────────────────────────────────
+
+func setupConfigMux(t *testing.T, cfg *config.Config) (*http.ServeMux, string) {
+	t.Helper()
+	dir := t.TempDir()
+	path := filepath.Join(dir, "config.json")
+	data, err := json.MarshalIndent(cfg, "", "  ")
+	if err != nil {
+		t.Fatalf("marshal config: %v", err)
+	}
+	if err := os.WriteFile(path, data, 0o600); err != nil {
+		t.Fatalf("write config: %v", err)
+	}
+
+	mux := http.NewServeMux()
+	RegisterConfigAPI(mux, path)
+	RegisterAuthAPI(mux, path)
+	return mux, path
+}
+
+func TestGetConfig(t *testing.T) {
+	cfg := &config.Config{
+		ModelList: []config.ModelConfig{
+			{ModelName: "gpt-4o", Model: "openai/gpt-4o"},
+		},
+	}
+	mux, path := setupConfigMux(t, cfg)
+
+	req := httptest.NewRequest("GET", "/api/config", nil)
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("GET /api/config: expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	var resp struct {
+		Config config.Config `json:"config"`
+		Path   string        `json:"path"`
+	}
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("decode response: %v", err)
+	}
+
+	if resp.Path != path {
+		t.Errorf("expected path %q, got %q", path, resp.Path)
+	}
+	if len(resp.Config.ModelList) != 1 {
+		t.Errorf("expected 1 model, got %d", len(resp.Config.ModelList))
+	}
+}
+
+func TestGetConfig_MissingFile_ReturnsDefault(t *testing.T) {
+	mux := http.NewServeMux()
+	RegisterConfigAPI(mux, "/tmp/nonexistent-picoclaw-launcher-test/config.json")
+
+	req := httptest.NewRequest("GET", "/api/config", nil)
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+
+	// LoadConfig returns a default empty config when file is missing
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200 for missing file (default config), got %d", w.Code)
+	}
+}
+
+func TestPutConfig(t *testing.T) {
+	cfg := &config.Config{}
+	mux, path := setupConfigMux(t, cfg)
+
+	newCfg := config.Config{
+		ModelList: []config.ModelConfig{
+			{ModelName: "claude", Model: "anthropic/claude-sonnet-4.6", AuthMethod: "token"},
+		},
+	}
+	body, _ := json.Marshal(newCfg)
+
+	req := httptest.NewRequest("PUT", "/api/config", strings.NewReader(string(body)))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("PUT /api/config: expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	saved, err := config.LoadConfig(path)
+	if err != nil {
+		t.Fatalf("load saved config: %v", err)
+	}
+	if len(saved.ModelList) != 1 {
+		t.Fatalf("expected 1 model saved, got %d", len(saved.ModelList))
+	}
+	if saved.ModelList[0].Model != "anthropic/claude-sonnet-4.6" {
+		t.Errorf("expected model anthropic/claude-sonnet-4.6, got %q", saved.ModelList[0].Model)
+	}
+}
+
+func TestPutConfig_InvalidJSON(t *testing.T) {
+	cfg := &config.Config{}
+	mux, _ := setupConfigMux(t, cfg)
+
+	req := httptest.NewRequest("PUT", "/api/config", strings.NewReader("{invalid"))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("expected 400 for invalid JSON, got %d", w.Code)
+	}
+}
+
+// ── Auth API tests ───────────────────────────────────────────────
+
+func TestAuthStatus(t *testing.T) {
+	cfg := &config.Config{}
+	mux, _ := setupConfigMux(t, cfg)
+
+	req := httptest.NewRequest("GET", "/api/auth/status", nil)
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("GET /api/auth/status: expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	var resp struct {
+		Providers     []providerStatus `json:"providers"`
+		PendingDevice map[string]any   `json:"pending_device"`
+	}
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("decode response: %v", err)
+	}
+
+	// providers should be a non-nil list (could be empty)
+	if resp.Providers == nil {
+		t.Error("providers should not be nil")
+	}
+}
+
+func TestAuthLogin_UnsupportedProvider(t *testing.T) {
+	cfg := &config.Config{}
+	mux, _ := setupConfigMux(t, cfg)
+
+	body := `{"provider": "unsupported"}`
+	req := httptest.NewRequest("POST", "/api/auth/login", strings.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("expected 400 for unsupported provider, got %d", w.Code)
+	}
+}
+
+func TestAuthLogin_AnthropicNoToken(t *testing.T) {
+	cfg := &config.Config{}
+	mux, _ := setupConfigMux(t, cfg)
+
+	body := `{"provider": "anthropic"}`
+	req := httptest.NewRequest("POST", "/api/auth/login", strings.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("expected 400 for anthropic without token, got %d", w.Code)
+	}
+}
+
+func TestAuthLogin_InvalidBody(t *testing.T) {
+	cfg := &config.Config{}
+	mux, _ := setupConfigMux(t, cfg)
+
+	req := httptest.NewRequest("POST", "/api/auth/login", strings.NewReader("{bad"))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("expected 400 for invalid JSON body, got %d", w.Code)
+	}
+}
+
+func TestAuthLogout_InvalidBody(t *testing.T) {
+	cfg := &config.Config{}
+	mux, _ := setupConfigMux(t, cfg)
+
+	req := httptest.NewRequest("POST", "/api/auth/logout", strings.NewReader("{bad"))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("expected 400 for invalid body, got %d", w.Code)
+	}
+}
+
+func TestOAuthCallback_InvalidState(t *testing.T) {
+	cfg := &config.Config{}
+	mux, _ := setupConfigMux(t, cfg)
+
+	req := httptest.NewRequest("GET", "/auth/callback?state=invalid&code=test", nil)
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("expected 400 for invalid state, got %d", w.Code)
+	}
+}
+
+// ── Utility tests ────────────────────────────────────────────────
+
+func TestDefaultConfigPath(t *testing.T) {
+	path := DefaultConfigPath()
+	if path == "" {
+		t.Error("defaultConfigPath should not return empty")
+	}
+	if !strings.HasSuffix(path, filepath.Join(".picoclaw", "config.json")) {
+		t.Errorf("expected path ending with .picoclaw/config.json, got %q", path)
+	}
+}
+
+func TestGetLocalIP(t *testing.T) {
+	// Just ensure it doesn't panic; IP may or may not be available
+	ip := GetLocalIP()
+	if ip != "" {
+		// If returned, should look like an IP
+		if !strings.Contains(ip, ".") {
+			t.Errorf("getLocalIP returned non-IPv4 looking string: %q", ip)
+		}
+	}
+}
diff --git a/cmd/picoclaw-launcher/internal/server/utils.go b/cmd/picoclaw-launcher/internal/server/utils.go
new file mode 100644
index 000000000..a46adbece
--- /dev/null
+++ b/cmd/picoclaw-launcher/internal/server/utils.go
@@ -0,0 +1,28 @@
+package server
+
+import (
+	"net"
+	"os"
+	"path/filepath"
+)
+
+func DefaultConfigPath() string {
+	home, err := os.UserHomeDir()
+	if err != nil {
+		return "config.json"
+	}
+	return filepath.Join(home, ".picoclaw", "config.json")
+}
+
+func GetLocalIP() string {
+	addrs, err := net.InterfaceAddrs()
+	if err != nil {
+		return ""
+	}
+	for _, a := range addrs {
+		if ipnet, ok := a.(*net.IPNet); ok && !ipnet.IP.IsLoopback() && ipnet.IP.To4() != nil {
+			return ipnet.IP.String()
+		}
+	}
+	return ""
+}
diff --git a/cmd/picoclaw-launcher/internal/ui/index.html b/cmd/picoclaw-launcher/internal/ui/index.html
new file mode 100644
index 000000000..93893fd75
--- /dev/null
+++ b/cmd/picoclaw-launcher/internal/ui/index.html
@@ -0,0 +1,1999 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <script>
+    // Apply theme before paint to avoid flash
+    (function(){
+        var s = localStorage.getItem('picoclaw-theme') || 'system';
+        var t = s === 'system' ? (window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light') : s;
+        document.documentElement.setAttribute('data-theme', t);
+    })();
+    </script>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>PicoClaw Config</title>
+    <meta name="description" content="PicoClaw configuration editor">
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500&display=swap"
+          rel="stylesheet">
+    <style>
+        *, *::before, *::after { margin: 0; padding: 0; box-sizing: border-box; }
+
+        :root {
+            --radius: 12px;
+            --transition: 200ms cubic-bezier(0.4, 0, 0.2, 1);
+            --sidebar-w: 220px;
+        }
+
+        /* Dark theme (default) */
+        [data-theme="dark"] {
+            --bg-primary: #0f1117;
+            --bg-secondary: #161822;
+            --bg-elevated: #1c1f2e;
+            --bg-editor: #12141e;
+            --border: #2a2d3e;
+            --border-focus: #6366f1;
+            --text-primary: #e2e8f0;
+            --text-secondary: #94a3b8;
+            --text-muted: #64748b;
+            --accent: #6366f1;
+            --accent-hover: #818cf8;
+            --accent-glow: rgba(99, 102, 241, 0.15);
+            --success: #22c55e;
+            --success-bg: rgba(34, 197, 94, 0.1);
+            --error: #ef4444;
+            --error-bg: rgba(239, 68, 68, 0.1);
+            --warning: #f59e0b;
+            --warning-bg: rgba(245, 158, 11, 0.1);
+            --link: #818cf8;
+        }
+
+        /* Light theme */
+        [data-theme="light"] {
+            --bg-primary: #f8f9fb;
+            --bg-secondary: #ffffff;
+            --bg-elevated: #f1f3f5;
+            --bg-editor: #ffffff;
+            --border: #d5d9e0;
+            --border-focus: #6366f1;
+            --text-primary: #1a1d2e;
+            --text-secondary: #4b5563;
+            --text-muted: #8892a4;
+            --accent: #6366f1;
+            --accent-hover: #4f46e5;
+            --accent-glow: rgba(99, 102, 241, 0.12);
+            --success: #16a34a;
+            --success-bg: rgba(22, 163, 74, 0.08);
+            --error: #dc2626;
+            --error-bg: rgba(220, 38, 38, 0.08);
+            --warning: #d97706;
+            --warning-bg: rgba(217, 119, 6, 0.08);
+            --link: #4f46e5;
+        }
+
+        body {
+            font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif;
+            background: var(--bg-primary);
+            color: var(--text-primary);
+            min-height: 100vh;
+            display: flex;
+            flex-direction: column;
+        }
+
+        /* ── Header ─────────────────────────────────── */
+        .header {
+            background: var(--bg-secondary);
+            border-bottom: 1px solid var(--border);
+            padding: 12px 24px;
+            display: flex;
+            align-items: center;
+            justify-content: space-between;
+            position: sticky;
+            top: 0;
+            z-index: 100;
+            backdrop-filter: blur(12px);
+            gap: 16px;
+        }
+        .header-left {
+            display: flex;
+            align-items: center;
+            gap: 12px;
+            flex-shrink: 0;
+        }
+        .logo {
+            width: 32px; height: 32px;
+            background: linear-gradient(135deg, var(--accent), #a78bfa);
+            border-radius: 8px;
+            display: flex; align-items: center; justify-content: center;
+            font-size: 16px; font-weight: 700; color: #fff;
+            box-shadow: 0 2px 12px var(--accent-glow);
+        }
+        .header h1 {
+            font-size: 16px; font-weight: 600; letter-spacing: -0.02em; white-space: nowrap;
+        }
+        .header h1 span { color: var(--text-muted); font-weight: 400; margin-left: 6px; font-size: 13px; }
+
+        .header-center { flex: 1; display: flex; justify-content: center; align-items: center; }
+        .header-right { display: flex; align-items: center; gap: 10px; flex-shrink: 0; }
+
+        /* Language switcher */
+        .lang-btn {
+            font-family: 'Inter', sans-serif; font-size: 12px; font-weight: 500;
+            padding: 5px 10px; border-radius: 6px;
+            border: 1px solid var(--border); background: var(--bg-elevated);
+            color: var(--text-secondary); cursor: pointer;
+            transition: all var(--transition);
+        }
+        .lang-btn:hover { border-color: var(--text-muted); color: var(--text-primary); }
+
+        /* Buttons */
+        .btn {
+            font-family: 'Inter', sans-serif; font-size: 13px; font-weight: 500;
+            padding: 7px 16px; border-radius: 8px;
+            border: 1px solid var(--border); background: var(--bg-elevated);
+            color: var(--text-primary); cursor: pointer;
+            transition: all var(--transition);
+            display: inline-flex; align-items: center; gap: 6px; white-space: nowrap;
+        }
+        .btn:hover { border-color: var(--text-muted); background: var(--bg-secondary); transform: translateY(-1px); }
+        .btn:active { transform: translateY(0); }
+        .btn-primary { background: var(--accent); border-color: var(--accent); color: #fff; box-shadow: 0 2px 8px var(--accent-glow); }
+        .btn-primary:hover { background: var(--accent-hover); border-color: var(--accent-hover); }
+        .btn-sm { padding: 5px 12px; font-size: 12px; }
+        .btn-danger { border-color: rgba(239, 68, 68, 0.3); color: var(--error); }
+        .btn-danger:hover { background: var(--error-bg); border-color: var(--error); }
+        .btn-success { border-color: rgba(34, 197, 94, 0.3); color: var(--success); }
+        .btn-success:hover { background: var(--success-bg); border-color: var(--success); }
+        .btn-run { background: var(--success); border-color: var(--success); color: #fff; }
+        .btn-run:hover { background: #16a34a; }
+        .btn-process { padding: 8px 28px; font-size: 14px; font-weight: 600; border-radius: 10px; letter-spacing: 0.01em; }
+        .btn-process .btn-spinner {
+            width: 14px; height: 14px; border: 2px solid rgba(255,255,255,0.3);
+            border-top-color: #fff; border-radius: 50%;
+            animation: spin 0.7s linear infinite; display: inline-block;
+        }
+        .process-hint { font-size: 12px; color: var(--text-muted); margin-left: 10px; white-space: nowrap; }
+        .btn-stop { background: var(--error); border-color: var(--error); color: #fff; }
+        .btn-stop:hover { background: #dc2626; }
+        .btn:disabled { opacity: 0.5; cursor: not-allowed; transform: none !important; }
+        .btn .icon { font-size: 14px; }
+
+        /* ── Toast notifications ────────────────────── */
+        .toast-container {
+            position: fixed; top: 60px; left: 50%; transform: translateX(-50%);
+            z-index: 300; display: flex; flex-direction: column; align-items: center; gap: 8px;
+            pointer-events: none;
+        }
+        .toast {
+            font-size: 13px; font-weight: 500; padding: 10px 20px;
+            border-radius: 10px; display: inline-flex; align-items: center; gap: 6px;
+            pointer-events: auto; box-shadow: 0 4px 20px rgba(0,0,0,0.25);
+            animation: toastIn 300ms ease-out;
+            transition: opacity 300ms ease;
+        }
+        .toast.success { background: var(--success-bg); color: var(--success); border: 1px solid rgba(34, 197, 94, 0.3); backdrop-filter: blur(8px); }
+        .toast.error { background: var(--error-bg); color: var(--error); border: 1px solid rgba(239, 68, 68, 0.3); backdrop-filter: blur(8px); }
+        .toast.fade-out { opacity: 0; }
+        @keyframes toastIn { from { opacity: 0; transform: translateY(-12px); } to { opacity: 1; transform: translateY(0); } }
+
+        /* ── Layout ──────────────────────────────────── */
+        .main { flex: 1; display: flex; flex-direction: column; overflow: hidden; }
+
+        /* Settings layout */
+        .settings-layout { display: flex; flex: 1; overflow: hidden; }
+
+        /* Sidebar */
+        .sidebar {
+            width: var(--sidebar-w); flex-shrink: 0;
+            background: var(--bg-secondary); border-right: 1px solid var(--border);
+            overflow-y: auto; padding: 12px 0;
+        }
+        .sidebar-group { margin-bottom: 4px; }
+        .sidebar-group-title {
+            font-size: 11px; font-weight: 600; text-transform: uppercase;
+            letter-spacing: 0.06em; color: var(--text-muted);
+            padding: 8px 16px 4px; cursor: pointer;
+            display: flex; align-items: center; justify-content: space-between;
+            user-select: none;
+        }
+        .sidebar-group-title:hover { color: var(--text-secondary); }
+        .sidebar-group-title .arrow {
+            font-size: 10px; transition: transform var(--transition);
+        }
+        .sidebar-group.collapsed .arrow { transform: rotate(-90deg); }
+        .sidebar-group.collapsed .sidebar-items { display: none; }
+        .sidebar-item {
+            font-size: 13px; padding: 6px 16px 6px 28px;
+            color: var(--text-secondary); cursor: pointer;
+            transition: all var(--transition); border-left: 2px solid transparent;
+        }
+        .sidebar-item:hover { background: var(--bg-elevated); color: var(--text-primary); }
+        .sidebar-item.active {
+            background: var(--accent-glow); color: var(--accent-hover);
+            border-left-color: var(--accent);
+        }
+        .sidebar-divider { height: 1px; background: var(--border); margin: 8px 16px; }
+        .sidebar-item.standalone {
+            padding-left: 16px; font-weight: 500; color: var(--text-muted);
+        }
+
+        /* Content area */
+        .content { flex: 1; overflow-y: auto; padding: 24px; }
+        .content-panel { display: none; }
+        .content-panel.active { display: block; }
+
+        .panel-title { font-size: 18px; font-weight: 600; margin-bottom: 4px; }
+        .panel-desc { font-size: 13px; color: var(--text-muted); margin-bottom: 20px; }
+        .panel-desc a.doc-link {
+            color: var(--link, var(--accent-hover)); font-weight: 500;
+            text-decoration: none; border-bottom: 1px dashed var(--link, var(--accent-hover));
+            padding-bottom: 1px; transition: opacity var(--transition);
+        }
+        .panel-desc a.doc-link:hover { opacity: 0.8; }
+
+        /* Theme toggle */
+        .theme-btn {
+            font-family: 'Inter', sans-serif; font-size: 14px;
+            width: 32px; height: 32px; border-radius: 6px;
+            border: 1px solid var(--border); background: var(--bg-elevated);
+            color: var(--text-secondary); cursor: pointer;
+            transition: all var(--transition);
+            display: flex; align-items: center; justify-content: center;
+            line-height: 1;
+        }
+        .theme-btn:hover { border-color: var(--text-muted); color: var(--text-primary); }
+
+        /* ── Model cards ─────────────────────────────── */
+        .model-grid {
+            display: grid; grid-template-columns: repeat(auto-fill, minmax(300px, 1fr));
+            gap: 12px; margin-bottom: 16px;
+        }
+        .model-card {
+            background: var(--bg-secondary); border: 1px solid var(--border);
+            border-radius: var(--radius); padding: 16px;
+            transition: border-color var(--transition), opacity var(--transition);
+            position: relative;
+        }
+        .model-card:hover { border-color: var(--text-muted); }
+        .model-card.unavailable { opacity: 0.45; }
+        .model-card.unavailable:hover { opacity: 0.65; }
+        .model-card-head { display: flex; align-items: center; justify-content: space-between; margin-bottom: 10px; }
+        .model-name { font-size: 14px; font-weight: 600; display: flex; align-items: center; gap: 8px; }
+        .model-protocol {
+            font-size: 11px; font-family: 'JetBrains Mono', monospace;
+            color: var(--text-muted); background: var(--bg-elevated);
+            padding: 2px 6px; border-radius: 4px;
+        }
+        .badge-primary {
+            font-size: 10px; font-weight: 600; padding: 2px 8px; border-radius: 20px;
+            background: var(--accent-glow); color: var(--accent-hover);
+            border: 1px solid rgba(99, 102, 241, 0.3); text-transform: uppercase;
+        }
+        .badge-nokey {
+            font-size: 10px; font-weight: 600; padding: 2px 8px; border-radius: 20px;
+            background: var(--bg-elevated); color: var(--text-muted);
+            border: 1px solid var(--border);
+        }
+        .model-detail { font-size: 12px; color: var(--text-muted); margin-bottom: 3px; word-break: break-all; }
+        .model-detail strong { color: var(--text-secondary); font-weight: 500; }
+        .model-actions { margin-top: 12px; display: flex; gap: 6px; flex-wrap: wrap; }
+
+        /* ── Model edit modal ────────────────────────── */
+        .modal-overlay {
+            position: fixed; inset: 0; background: rgba(0,0,0,0.6);
+            z-index: 200; display: flex; align-items: center; justify-content: center;
+            opacity: 0; pointer-events: none; transition: opacity var(--transition);
+        }
+        .modal-overlay.active { opacity: 1; pointer-events: auto; }
+        .modal {
+            background: var(--bg-secondary); border: 1px solid var(--border);
+            border-radius: var(--radius); padding: 24px; width: 480px; max-width: 90vw;
+            max-height: 80vh; overflow-y: auto;
+        }
+        .modal-title { font-size: 16px; font-weight: 600; margin-bottom: 16px; }
+        .modal-actions { margin-top: 20px; display: flex; gap: 8px; justify-content: flex-end; }
+
+        /* Collapsible optional fields */
+        .collapsible-header {
+            font-size: 12px; font-weight: 500; color: var(--text-muted);
+            cursor: pointer; user-select: none;
+            display: flex; align-items: center; gap: 6px;
+            padding: 8px 0; margin-top: 4px;
+            border-top: 1px solid var(--border);
+        }
+        .collapsible-header:hover { color: var(--text-secondary); }
+        .collapsible-header .arrow {
+            font-size: 10px; transition: transform var(--transition);
+        }
+        .collapsible-header.open .arrow { transform: rotate(90deg); }
+        .collapsible-body { display: none; }
+        .collapsible-body.open { display: block; }
+
+        /* ── Form fields ─────────────────────────────── */
+        .form-group { margin-bottom: 16px; }
+        .form-label {
+            font-size: 12px; font-weight: 500; color: var(--text-secondary);
+            margin-bottom: 6px; display: block;
+        }
+        .form-input {
+            width: 100%; font-family: 'JetBrains Mono', monospace; font-size: 13px;
+            padding: 8px 12px; border-radius: 8px;
+            border: 1px solid var(--border); background: var(--bg-editor);
+            color: var(--text-primary); outline: none;
+            transition: border-color var(--transition);
+        }
+        .form-input:focus { border-color: var(--border-focus); }
+        .form-input::placeholder { color: var(--text-muted); }
+        .form-input-number { width: 120px; }
+        .form-hint { font-size: 11px; color: var(--text-muted); margin-top: 4px; }
+
+        /* Toggle switch */
+        .toggle-row { display: flex; align-items: center; gap: 10px; margin-bottom: 16px; }
+        .toggle {
+            width: 40px; height: 22px; border-radius: 11px;
+            background: var(--border); cursor: pointer;
+            position: relative; transition: background var(--transition);
+            flex-shrink: 0;
+        }
+        .toggle.on { background: var(--accent); }
+        .toggle::after {
+            content: ''; position: absolute; top: 3px; left: 3px;
+            width: 16px; height: 16px; border-radius: 50%;
+            background: #fff; transition: transform var(--transition);
+        }
+        .toggle.on::after { transform: translateX(18px); }
+        .toggle-label { font-size: 13px; font-weight: 500; }
+
+        /* Array editor */
+        .array-editor { display: flex; flex-direction: column; gap: 6px; }
+        .array-row { display: flex; gap: 6px; align-items: center; }
+        .array-row .form-input { flex: 1; }
+        .array-add { font-size: 12px; color: var(--accent); cursor: pointer; padding: 4px 0; }
+        .array-add:hover { color: var(--accent-hover); }
+
+        /* Channel form */
+        .channel-form { max-width: 560px; }
+        .form-section-title {
+            font-size: 13px; font-weight: 600; color: var(--text-secondary);
+            margin: 20px 0 12px; padding-bottom: 6px;
+            border-bottom: 1px solid var(--border);
+        }
+        .form-section-title:first-child { margin-top: 0; }
+
+        /* ── Auth panel ──────────────────────────────── */
+        .provider-grid {
+            display: grid; grid-template-columns: repeat(auto-fill, minmax(320px, 1fr));
+            gap: 14px;
+        }
+        .provider-card {
+            background: var(--bg-secondary); border: 1px solid var(--border);
+            border-radius: var(--radius); padding: 18px;
+            transition: border-color var(--transition);
+        }
+        .provider-card:hover { border-color: var(--text-muted); }
+        .provider-card-header { display: flex; align-items: center; justify-content: space-between; margin-bottom: 12px; }
+        .provider-name { font-size: 14px; font-weight: 600; display: flex; align-items: center; gap: 8px; }
+        .provider-badge {
+            font-size: 10px; font-weight: 600; padding: 2px 8px; border-radius: 20px;
+            text-transform: uppercase; letter-spacing: 0.05em;
+        }
+        .badge-active { background: var(--success-bg); color: var(--success); border: 1px solid rgba(34, 197, 94, 0.2); }
+        .badge-expired { background: var(--error-bg); color: var(--error); border: 1px solid rgba(239, 68, 68, 0.2); }
+        .badge-pending { background: var(--warning-bg); color: var(--warning); border: 1px solid rgba(245, 158, 11, 0.2); }
+        .badge-none { background: var(--bg-elevated); color: var(--text-muted); border: 1px solid var(--border); }
+        .provider-detail { font-size: 12px; color: var(--text-muted); margin-bottom: 4px; }
+        .provider-detail strong { color: var(--text-secondary); font-weight: 500; }
+        .provider-actions { margin-top: 12px; display: flex; gap: 8px; }
+        .device-code-box {
+            background: var(--bg-elevated); border: 1px solid var(--border);
+            border-radius: 8px; padding: 14px; margin-top: 10px; text-align: center;
+        }
+        .device-code-box .code {
+            font-family: 'JetBrains Mono', monospace; font-size: 22px; font-weight: 700;
+            color: var(--accent-hover); letter-spacing: 0.1em; margin: 8px 0;
+        }
+        .device-code-box .url { font-size: 12px; color: var(--text-secondary); word-break: break-all; }
+        .device-code-box .url a { color: var(--accent-hover); text-decoration: none; }
+        .device-code-box .url a:hover { text-decoration: underline; }
+        .device-code-box .hint { font-size: 11px; color: var(--text-muted); margin-top: 8px; }
+        .token-input-group { display: flex; gap: 8px; margin-top: 10px; }
+        .token-input-group input {
+            flex: 1; font-family: 'JetBrains Mono', monospace; font-size: 12px;
+            padding: 8px 12px; border-radius: 8px; border: 1px solid var(--border);
+            background: var(--bg-editor); color: var(--text-primary); outline: none;
+            transition: border-color var(--transition);
+        }
+        .token-input-group input:focus { border-color: var(--border-focus); }
+
+        /* ── Raw JSON editor ─────────────────────────── */
+        .editor-header { display: flex; align-items: center; justify-content: space-between; margin-bottom: 12px; }
+        .editor-label { font-size: 12px; font-weight: 500; color: var(--text-muted); text-transform: uppercase; letter-spacing: 0.06em; }
+        .file-path {
+            font-family: 'JetBrains Mono', monospace; font-size: 12px; color: var(--text-muted);
+            background: var(--bg-elevated); padding: 4px 10px; border-radius: 6px; border: 1px solid var(--border);
+        }
+        .editor-toolbar { display: flex; gap: 8px; margin-bottom: 12px; }
+        .editor-wrapper {
+            flex: 1; position: relative; border: 1px solid var(--border);
+            border-radius: var(--radius); overflow: hidden;
+            transition: border-color var(--transition), box-shadow var(--transition);
+            min-height: 400px;
+        }
+        .editor-wrapper:focus-within { border-color: var(--border-focus); box-shadow: 0 0 0 3px var(--accent-glow); }
+        .editor-wrapper.error { border-color: var(--error); box-shadow: 0 0 0 3px var(--error-bg); }
+        #editor {
+            width: 100%; height: 100%; min-height: 400px; resize: vertical;
+            background: var(--bg-editor); color: var(--text-primary);
+            font-family: 'JetBrains Mono', monospace; font-size: 13px; line-height: 1.65;
+            padding: 16px 20px; border: none; outline: none;
+            tab-size: 2; white-space: pre; overflow: auto;
+        }
+        .loading-overlay {
+            position: absolute; inset: 0; background: rgba(15, 17, 23, 0.85);
+            display: flex; align-items: center; justify-content: center;
+            z-index: 10; backdrop-filter: blur(4px);
+            opacity: 0; pointer-events: none; transition: opacity var(--transition);
+        }
+        .loading-overlay.active { opacity: 1; pointer-events: auto; }
+        .spinner {
+            width: 28px; height: 28px; border: 3px solid var(--border);
+            border-top-color: var(--accent); border-radius: 50%;
+            animation: spin 0.7s linear infinite;
+        }
+        @keyframes spin { to { transform: rotate(360deg); } }
+
+        /* ── Log panel ──────────────────────────────── */
+        .log-toolbar {
+            display: flex; align-items: center; justify-content: space-between;
+            margin-bottom: 12px; gap: 8px;
+        }
+        .log-toolbar-right { display: flex; align-items: center; gap: 12px; }
+        .log-autoscroll { display: flex; align-items: center; gap: 6px; font-size: 12px; color: var(--text-secondary); cursor: pointer; user-select: none; }
+        .log-autoscroll input { accent-color: var(--accent); cursor: pointer; }
+        .log-container {
+            background: var(--bg-editor); border: 1px solid var(--border);
+            border-radius: var(--radius); overflow: hidden; position: relative;
+            min-height: 300px; max-height: calc(100vh - 260px);
+            display: flex; flex-direction: column;
+        }
+        .log-output {
+            flex: 1; overflow-y: auto; padding: 16px 20px;
+            font-family: 'JetBrains Mono', monospace; font-size: 12px; line-height: 1.7;
+            color: var(--text-primary); white-space: pre-wrap; word-break: break-all;
+            margin: 0;
+        }
+        .log-placeholder {
+            color: var(--text-muted); font-style: italic;
+            font-family: 'Inter', sans-serif; font-size: 13px;
+        }
+
+        /* ── Footer ──────────────────────────────────── */
+        .footer {
+            padding: 10px 24px; border-top: 1px solid var(--border);
+            font-size: 12px; color: var(--text-muted);
+            display: flex; align-items: center; justify-content: space-between;
+            flex-shrink: 0;
+        }
+
+        /* ── Responsive ──────────────────────────────── */
+        @media (max-width: 768px) {
+            :root { --sidebar-w: 180px; }
+            .header { padding: 10px 16px; flex-wrap: wrap; gap: 8px; }
+            .header h1 span { display: none; }
+            .content { padding: 16px; }
+        }
+        @media (max-width: 640px) {
+            .settings-layout { flex-direction: column; }
+            .sidebar {
+                width: 100%; border-right: none; border-bottom: 1px solid var(--border);
+                max-height: 200px; padding: 8px 0;
+            }
+            .model-grid { grid-template-columns: 1fr; }
+            .provider-grid { grid-template-columns: 1fr; }
+        }
+    </style>
+</head>
+
+<body>
+
+<header class="header">
+    <div class="header-left">
+        <div class="logo">P</div>
+        <h1>PicoClaw <span>Config</span></h1>
+    </div>
+    <div class="header-center">
+        <button class="btn btn-run btn-process" id="btnRunStop" disabled>
+            <span class="icon" id="btnRunStopIcon">&#9654;</span> <span id="btnRunStopText" data-i18n="start">Start</span>
+        </button>
+        <span class="process-hint" id="processHint"></span>
+    </div>
+    <div class="header-right">
+        <button class="theme-btn" id="btnTheme" onclick="cycleTheme()" title="Toggle theme"></button>
+        <button class="lang-btn" id="btnLang" onclick="toggleLang()">EN</button>
+    </div>
+</header>
+
+<div class="toast-container" id="toastContainer"></div>
+
+<main class="main">
+        <div class="settings-layout">
+            <!-- Sidebar -->
+            <nav class="sidebar" id="sidebar">
+                <div class="sidebar-group" data-group="providers">
+                    <div class="sidebar-group-title" onclick="toggleGroup(this)">
+                        <span data-i18n="sidebar.providers">Providers</span> <span class="arrow">&#9662;</span>
+                    </div>
+                    <div class="sidebar-items">
+                        <div class="sidebar-item active" data-panel="panelModels" data-i18n="sidebar.models">Models</div>
+                        <div class="sidebar-item" data-panel="panelAuth" data-i18n="sidebar.auth">Auth</div>
+                    </div>
+                </div>
+                <div class="sidebar-group" data-group="channels">
+                    <div class="sidebar-group-title" onclick="toggleGroup(this)">
+                        <span data-i18n="sidebar.channels">Channels</span> <span class="arrow">&#9662;</span>
+                    </div>
+                    <div class="sidebar-items">
+                        <div class="sidebar-item" data-panel="panelCh_telegram">Telegram</div>
+                        <div class="sidebar-item" data-panel="panelCh_discord">Discord</div>
+                        <div class="sidebar-item" data-panel="panelCh_slack">Slack</div>
+                        <div class="sidebar-item" data-panel="panelCh_wecom">WeCom</div>
+                        <div class="sidebar-item" data-panel="panelCh_wecom_app">WeCom App</div>
+                        <div class="sidebar-item" data-panel="panelCh_dingtalk">DingTalk</div>
+                        <div class="sidebar-item" data-panel="panelCh_feishu" data-i18n="sidebar.feishu">Feishu</div>
+                        <div class="sidebar-item" data-panel="panelCh_line">LINE</div>
+                        <div class="sidebar-item" data-panel="panelCh_whatsapp">WhatsApp</div>
+                        <div class="sidebar-item" data-panel="panelCh_qq">QQ</div>
+                        <div class="sidebar-item" data-panel="panelCh_onebot">OneBot</div>
+                        <div class="sidebar-item" data-panel="panelCh_maixcam">MaixCAM</div>
+                    </div>
+                </div>
+                <div class="sidebar-divider"></div>
+                <div class="sidebar-item standalone" data-panel="panelLogs" data-i18n="sidebar.logs">Logs</div>
+                <div class="sidebar-item standalone" data-panel="panelRawJson" data-i18n="sidebar.rawjson">Raw JSON</div>
+            </nav>
+
+            <!-- Content -->
+            <div class="content" id="contentArea">
+                <div class="content-panel active" id="panelModels">
+                    <div class="panel-title" data-i18n="models.title">Models</div>
+                    <div class="panel-desc" data-i18n="models.desc">Manage LLM model configurations. Models without an API key are grayed out. Only available models can be set as primary.</div>
+                    <div style="margin-bottom: 14px;">
+                        <button class="btn btn-sm btn-primary" onclick="showAddModelModal()" data-i18n="models.add">+ Add Model</button>
+                    </div>
+                    <div class="model-grid" id="modelGrid"></div>
+                </div>
+
+                <div class="content-panel" id="panelAuth">
+                    <div class="panel-title" data-i18n="auth.title">Provider Authentication</div>
+                    <div class="panel-desc" id="authDesc"></div>
+                    <div class="provider-grid" id="providerGrid">
+                        <div class="provider-card" id="card-openai">
+                            <div class="provider-card-header">
+                                <span class="provider-name">OpenAI</span>
+                                <span class="provider-badge badge-none" id="badge-openai" data-i18n="auth.notLoggedIn">Not logged in</span>
+                            </div>
+                            <div id="details-openai"></div>
+                            <div class="provider-actions" id="actions-openai">
+                                <button class="btn btn-sm btn-primary" onclick="loginProvider('openai')" data-i18n="auth.loginDevice">Login (Device Code)</button>
+                            </div>
+                        </div>
+                        <div class="provider-card" id="card-anthropic">
+                            <div class="provider-card-header">
+                                <span class="provider-name">Anthropic</span>
+                                <span class="provider-badge badge-none" id="badge-anthropic" data-i18n="auth.notLoggedIn">Not logged in</span>
+                            </div>
+                            <div id="details-anthropic"></div>
+                            <div class="provider-actions" id="actions-anthropic">
+                                <button class="btn btn-sm btn-primary" onclick="showTokenInput('anthropic')" data-i18n="auth.loginToken">Login (API Token)</button>
+                            </div>
+                        </div>
+                        <div class="provider-card" id="card-google-antigravity">
+                            <div class="provider-card-header">
+                                <span class="provider-name">Google Antigravity</span>
+                                <span class="provider-badge badge-none" id="badge-google-antigravity" data-i18n="auth.notLoggedIn">Not logged in</span>
+                            </div>
+                            <div id="details-google-antigravity"></div>
+                            <div class="provider-actions" id="actions-google-antigravity">
+                                <button class="btn btn-sm btn-primary" onclick="loginProvider('google-antigravity')" data-i18n="auth.loginOAuth">Login (Browser OAuth)</button>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+
+                <!-- Channel Panels -->
+                <div class="content-panel" id="panelCh_telegram"></div>
+                <div class="content-panel" id="panelCh_discord"></div>
+                <div class="content-panel" id="panelCh_slack"></div>
+                <div class="content-panel" id="panelCh_wecom"></div>
+                <div class="content-panel" id="panelCh_wecom_app"></div>
+                <div class="content-panel" id="panelCh_dingtalk"></div>
+                <div class="content-panel" id="panelCh_feishu"></div>
+                <div class="content-panel" id="panelCh_line"></div>
+                <div class="content-panel" id="panelCh_whatsapp"></div>
+                <div class="content-panel" id="panelCh_qq"></div>
+                <div class="content-panel" id="panelCh_onebot"></div>
+                <div class="content-panel" id="panelCh_maixcam"></div>
+
+                <!-- Logs Panel -->
+                <div class="content-panel" id="panelLogs">
+                    <div class="panel-title" data-i18n="logs.title">Gateway Logs</div>
+                    <div class="panel-desc" data-i18n="logs.desc">Real-time output from the gateway process.</div>
+                    <div class="log-toolbar">
+                        <div>
+                            <button class="btn btn-sm" onclick="clearLogDisplay()" data-i18n="logs.clear">Clear Display</button>
+                        </div>
+                        <div class="log-toolbar-right">
+                            <label class="log-autoscroll">
+                                <input type="checkbox" id="logAutoScrollCb" checked onchange="logAutoScrollEnabled=this.checked">
+                                <span data-i18n="logs.autoScroll">Auto-scroll</span>
+                            </label>
+                        </div>
+                    </div>
+                    <div class="log-container">
+                        <pre class="log-output" id="logOutput"><span class="log-placeholder" id="logPlaceholder" data-i18n="logs.noLogs">No logs available. Start the gateway to see output here.</span></pre>
+                    </div>
+                </div>
+
+                <!-- Raw JSON Panel -->
+                <div class="content-panel" id="panelRawJson">
+                    <div class="panel-title" data-i18n="raw.title">Raw JSON</div>
+                    <div class="panel-desc" data-i18n="raw.desc">Directly edit the configuration file.</div>
+                    <div class="editor-header">
+                        <span class="editor-label">config.json</span>
+                        <span class="file-path" id="filePath">-</span>
+                    </div>
+                    <div class="editor-toolbar">
+                        <button class="btn btn-sm" id="btnReload" onclick="loadConfig()">
+                            <span class="icon">&#8635;</span> <span data-i18n="raw.reload">Reload</span>
+                        </button>
+                        <button class="btn btn-sm" id="btnFormat" onclick="formatJson()">
+                            <span class="icon">{ }</span> <span data-i18n="raw.format">Format</span>
+                        </button>
+                        <button class="btn btn-sm btn-primary" id="btnSave" onclick="saveRawConfig()" data-i18n="save">Save</button>
+                    </div>
+                    <div class="editor-wrapper" id="editorWrapper">
+                        <textarea id="editor" spellcheck="false"></textarea>
+                        <div class="loading-overlay" id="loading">
+                            <div class="spinner"></div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+</main>
+
+<!-- Model Edit Modal -->
+<div class="modal-overlay" id="modelModal">
+    <div class="modal">
+        <div class="modal-title" id="modalTitle"></div>
+        <div id="modalBody"></div>
+        <div class="modal-actions">
+            <button class="btn btn-sm" onclick="closeModelModal()" data-i18n="cancel">Cancel</button>
+            <button class="btn btn-sm btn-primary" id="modalSaveBtn" onclick="saveModelFromModal()" data-i18n="save">Save</button>
+        </div>
+    </div>
+</div>
+
+<footer class="footer">
+    <span>PicoClaw Config</span>
+    <span id="jsonStatus">-</span>
+</footer>
+
+<script>
+// ── Theme ───────────────────────────────────────────
+const themeIcons = { light: '\u2600\uFE0F', dark: '\uD83C\uDF19', system: '\uD83D\uDCBB' };
+const themeOrder = ['system', 'light', 'dark'];
+let currentThemeSetting = localStorage.getItem('picoclaw-theme') || 'system';
+
+function getSystemTheme() {
+    return window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light';
+}
+function applyTheme() {
+    const resolved = currentThemeSetting === 'system' ? getSystemTheme() : currentThemeSetting;
+    document.documentElement.setAttribute('data-theme', resolved);
+    const btn = document.getElementById('btnTheme');
+    if (btn) btn.textContent = themeIcons[currentThemeSetting];
+}
+function cycleTheme() {
+    const idx = themeOrder.indexOf(currentThemeSetting);
+    currentThemeSetting = themeOrder[(idx + 1) % themeOrder.length];
+    localStorage.setItem('picoclaw-theme', currentThemeSetting);
+    applyTheme();
+}
+// Listen for system theme changes
+window.matchMedia('(prefers-color-scheme: dark)').addEventListener('change', () => {
+    if (currentThemeSetting === 'system') applyTheme();
+});
+// Apply immediately to avoid flash
+applyTheme();
+
+// ── i18n ────────────────────────────────────────────
+const i18nData = {
+    en: {
+        // Header & global
+        'start': 'Start',
+        'stop': 'Stop',
+        'save': 'Save',
+        'cancel': 'Cancel',
+        'edit': 'Edit',
+        'delete': 'Delete',
+        'enabled': 'Enabled',
+        'comingSoon': 'Coming soon',
+        // Sidebar
+        'sidebar.providers': 'Providers',
+        'sidebar.models': 'Models',
+        'sidebar.auth': 'Auth',
+        'sidebar.channels': 'Channels',
+        'sidebar.feishu': 'Feishu',
+        'sidebar.logs': 'Logs',
+        'sidebar.rawjson': 'Raw JSON',
+        // Models
+        'models.title': 'Models',
+        'models.desc': 'Manage LLM model configurations. Models without an API key are grayed out. Only available models can be set as primary.',
+        'models.add': '+ Add Custom Model',
+        'models.noModels': 'No models configured.',
+        'models.primary': 'Primary',
+        'models.noKey': 'No Key',
+        'models.setPrimary': 'Set Primary',
+        'models.editModel': 'Edit Model',
+        'models.addModel': 'Add Model',
+        'models.advancedOptions': 'Advanced Options',
+        'models.deleteConfirm': 'Delete model "{name}"?',
+        'models.requiredFields': 'Model Name and Model ID are required',
+        // Model fields
+        'field.modelName': 'Model Name',
+        'field.modelId': 'Model ID',
+        'field.modelIdHint': 'Format: protocol/model-id',
+        'field.apiKey': 'API Key',
+        'field.apiBase': 'API Base',
+        'field.proxy': 'Proxy',
+        'field.authMethod': 'Auth Method',
+        'field.connectMode': 'Connect Mode',
+        'field.workspace': 'Workspace',
+        'field.rpm': 'RPM Limit',
+        'field.requestTimeout': 'Request Timeout (s)',
+        // Auth
+        'auth.title': 'Provider Authentication',
+        'auth.desc': 'Login to providers using OAuth or API tokens. Credentials are stored locally in <code style="font-family:\'JetBrains Mono\',monospace;font-size:12px;background:var(--bg-elevated);padding:2px 6px;border-radius:4px;">~/.picoclaw/auth.json</code>.',
+        'auth.notLoggedIn': 'Not logged in',
+        'auth.active': 'Active',
+        'auth.expired': 'Expired',
+        'auth.needsRefresh': 'Needs Refresh',
+        'auth.authenticating': 'Authenticating...',
+        'auth.loginDevice': 'Login (Device Code)',
+        'auth.loginToken': 'Login (API Token)',
+        'auth.loginOAuth': 'Login (Browser OAuth)',
+        'auth.logout': 'Logout',
+        'auth.retry': 'Retry',
+        'auth.waiting': 'Waiting...',
+        'auth.pasteKey': 'Paste your API key here...',
+        'auth.step1': 'Step 1: Click the link below',
+        'auth.step2': 'Step 2: Enter this code',
+        'auth.step3': 'Step 3: Complete auth in browser, this page updates automatically',
+        'auth.method': 'Method',
+        'auth.email': 'Email',
+        'auth.account': 'Account',
+        'auth.project': 'Project',
+        'auth.expires': 'Expires',
+        // Channel
+        'ch.configure': 'Configure {name} channel settings.',
+        'ch.docLink': 'Configuration Guide',
+        'ch.accessControl': 'Access Control',
+        'ch.allowFrom': 'Allow From (User IDs)',
+        'ch.addItem': '+ Add',
+        'ch.mentionOnly': 'Mention Only',
+        'ch.mentionOnlyHint': 'Only respond when mentioned',
+        'ch.groupTrigger': 'Group Trigger Prefixes',
+        // Logs
+        'logs.title': 'Gateway Logs',
+        'logs.desc': 'Real-time output from the gateway process.',
+        'logs.clear': 'Clear Display',
+        'logs.autoScroll': 'Auto-scroll',
+        'logs.noLogs': 'No logs available. Start the gateway to see output here.',
+        'logs.noCapture': 'Logs are not available. The gateway was not started from this launcher.',
+        // Raw JSON
+        'raw.title': 'Raw JSON',
+        'raw.desc': 'Directly edit the configuration file.',
+        'raw.reload': 'Reload',
+        'raw.format': 'Format',
+        // Status messages
+        'status.configLoaded': 'Config loaded',
+        'status.configSaved': 'Config saved',
+        'status.loadFailed': 'Load failed',
+        'status.saveFailed': 'Save failed',
+        'status.formatted': 'Formatted',
+        'status.invalidJson': 'Invalid JSON, please fix before saving',
+        'status.jsonValid': 'JSON valid',
+        'status.jsonInvalid': 'JSON invalid',
+        'status.saved': '{name} saved',
+        'status.tokenEmpty': 'Token cannot be empty',
+        'status.tokenSaved': 'Token saved for {name}',
+        'status.loggedOut': 'Logged out from {name}',
+        'status.loginFailed': 'Login failed',
+        'status.logoutFailed': 'Logout failed',
+        'status.openingBrowser': 'Opening browser for authentication...',
+        'status.loginStarted': 'Login started...',
+        'status.loginSuccess': 'Login successful!',
+        // Process
+        'process.running': 'Service running',
+        'process.notRunning': 'Service not running',
+        'process.starting': 'Starting gateway...',
+        'process.started': 'Gateway started',
+        'process.startFailed': 'Failed to start gateway',
+        'process.stopping': 'Stopping gateway...',
+        'process.stopped': 'Gateway stopped',
+        'process.stopFailed': 'Failed to stop gateway',
+        'process.needModel': 'At least one model with API key is required',
+        'process.needChannel': 'At least one channel must be enabled',
+        'process.checkLogs': 'Check Logs for details',
+        'process.needBoth': 'Need model with API key and enabled channel to start',
+    },
+    zh: {
+        'start': '\u542F\u52A8',
+        'stop': '\u505C\u6B62',
+        'save': '\u4FDD\u5B58',
+        'cancel': '\u53D6\u6D88',
+        'edit': '\u7F16\u8F91',
+        'delete': '\u5220\u9664',
+        'enabled': '\u542F\u7528',
+        'comingSoon': '\u5373\u5C06\u63A8\u51FA',
+        'sidebar.providers': '\u63D0\u4F9B\u5546',
+        'sidebar.models': '\u6A21\u578B',
+        'sidebar.auth': '\u8BA4\u8BC1',
+        'sidebar.channels': '\u901A\u9053',
+        'sidebar.feishu': '\u98DE\u4E66',
+        'sidebar.logs': '\u65E5\u5FD7',
+        'sidebar.rawjson': '\u539F\u59CB JSON',
+        'models.title': '\u6A21\u578B',
+        'models.desc': '\u7BA1\u7406 LLM \u6A21\u578B\u914D\u7F6E\u3002\u6CA1\u6709 API Key \u7684\u6A21\u578B\u663E\u793A\u4E3A\u7070\u8272\u3002\u53EA\u6709\u53EF\u7528\u6A21\u578B\u624D\u80FD\u8BBE\u4E3A\u4E3B\u6A21\u578B\u3002',
+        'models.add': '+ \u6DFB\u52A0\u81EA\u5B9A\u4E49\u6A21\u578B',
+        'models.noModels': '\u6682\u65E0\u6A21\u578B\u914D\u7F6E\u3002',
+        'models.primary': '\u4E3B\u6A21\u578B',
+        'models.noKey': '\u65E0 Key',
+        'models.setPrimary': '\u8BBE\u4E3A\u4E3B\u6A21\u578B',
+        'models.editModel': '\u7F16\u8F91\u6A21\u578B',
+        'models.addModel': '\u6DFB\u52A0\u6A21\u578B',
+        'models.advancedOptions': '\u9AD8\u7EA7\u9009\u9879',
+        'models.deleteConfirm': '\u786E\u5B9A\u5220\u9664\u6A21\u578B\u201C{name}\u201D\uFF1F',
+        'models.requiredFields': '\u6A21\u578B\u540D\u79F0\u548C\u6A21\u578B ID \u4E3A\u5FC5\u586B\u9879',
+        'field.modelName': '\u6A21\u578B\u540D\u79F0',
+        'field.modelId': '\u6A21\u578B ID',
+        'field.modelIdHint': '\u683C\u5F0F\uFF1A\u534F\u8BAE/\u6A21\u578B\u6807\u8BC6',
+        'field.apiKey': 'API Key',
+        'field.apiBase': 'API \u5730\u5740',
+        'field.proxy': '\u4EE3\u7406',
+        'field.authMethod': '\u8BA4\u8BC1\u65B9\u5F0F',
+        'field.connectMode': '\u8FDE\u63A5\u6A21\u5F0F',
+        'field.workspace': '\u5DE5\u4F5C\u533A',
+        'field.rpm': 'RPM \u9650\u5236',
+        'field.requestTimeout': '\u8BF7\u6C42\u8D85\u65F6 (\u79D2)',
+        'auth.title': '\u63D0\u4F9B\u5546\u8BA4\u8BC1',
+        'auth.desc': '\u901A\u8FC7 OAuth \u6216 API Token \u767B\u5F55\u63D0\u4F9B\u5546\u3002\u51ED\u8BC1\u5B58\u50A8\u5728\u672C\u5730 <code style="font-family:\'JetBrains Mono\',monospace;font-size:12px;background:var(--bg-elevated);padding:2px 6px;border-radius:4px;">~/.picoclaw/auth.json</code>\u3002',
+        'auth.notLoggedIn': '\u672A\u767B\u5F55',
+        'auth.active': '\u5DF2\u6FC0\u6D3B',
+        'auth.expired': '\u5DF2\u8FC7\u671F',
+        'auth.needsRefresh': '\u9700\u8981\u5237\u65B0',
+        'auth.authenticating': '\u8BA4\u8BC1\u4E2D...',
+        'auth.loginDevice': '\u767B\u5F55 (\u8BBE\u5907\u7801)',
+        'auth.loginToken': '\u767B\u5F55 (API Token)',
+        'auth.loginOAuth': '\u767B\u5F55 (\u6D4F\u89C8\u5668 OAuth)',
+        'auth.logout': '\u767B\u51FA',
+        'auth.retry': '\u91CD\u8BD5',
+        'auth.waiting': '\u7B49\u5F85\u4E2D...',
+        'auth.pasteKey': '\u8BF7\u7C98\u8D34 API Key...',
+        'auth.step1': '\u7B2C 1 \u6B65\uFF1A\u70B9\u51FB\u4E0B\u65B9\u94FE\u63A5',
+        'auth.step2': '\u7B2C 2 \u6B65\uFF1A\u8F93\u5165\u4EE5\u4E0B\u4EE3\u7801',
+        'auth.step3': '\u7B2C 3 \u6B65\uFF1A\u5728\u6D4F\u89C8\u5668\u4E2D\u5B8C\u6210\u8BA4\u8BC1\uFF0C\u672C\u9875\u9762\u4F1A\u81EA\u52A8\u66F4\u65B0',
+        'auth.method': '\u65B9\u5F0F',
+        'auth.email': '\u90AE\u7BB1',
+        'auth.account': '\u8D26\u53F7',
+        'auth.project': '\u9879\u76EE',
+        'auth.expires': '\u8FC7\u671F\u65F6\u95F4',
+        'ch.configure': '\u914D\u7F6E {name} \u901A\u9053\u8BBE\u7F6E\u3002',
+        'ch.docLink': '\u914D\u7F6E\u6307\u5357',
+        'ch.accessControl': '\u8BBF\u95EE\u63A7\u5236',
+        'ch.allowFrom': '\u5141\u8BB8\u7684\u7528\u6237 ID',
+        'ch.addItem': '+ \u6DFB\u52A0',
+        'ch.mentionOnly': '\u4EC5\u63D0\u53CA\u65F6\u54CD\u5E94',
+        'ch.mentionOnlyHint': '\u53EA\u5728\u88AB @\u63D0\u53CA\u65F6\u56DE\u590D',
+        'ch.groupTrigger': '\u7FA4\u804A\u89E6\u53D1\u524D\u7F00',
+        'logs.title': 'Gateway \u65E5\u5FD7',
+        'logs.desc': 'Gateway \u8FDB\u7A0B\u7684\u5B9E\u65F6\u8F93\u51FA\u3002',
+        'logs.clear': '\u6E05\u9664\u663E\u793A',
+        'logs.autoScroll': '\u81EA\u52A8\u6EDA\u52A8',
+        'logs.noLogs': '\u6682\u65E0\u65E5\u5FD7\u3002\u542F\u52A8 Gateway \u540E\u53EF\u5728\u6B64\u67E5\u770B\u8F93\u51FA\u3002',
+        'logs.noCapture': '\u65E5\u5FD7\u4E0D\u53EF\u7528\u3002Gateway \u4E0D\u662F\u901A\u8FC7\u6B64\u542F\u52A8\u5668\u542F\u52A8\u7684\u3002',
+        'raw.title': '\u539F\u59CB JSON',
+        'raw.desc': '\u76F4\u63A5\u7F16\u8F91\u914D\u7F6E\u6587\u4EF6\u3002',
+        'raw.reload': '\u91CD\u65B0\u52A0\u8F7D',
+        'raw.format': '\u683C\u5F0F\u5316',
+        'status.configLoaded': '\u914D\u7F6E\u5DF2\u52A0\u8F7D',
+        'status.configSaved': '\u914D\u7F6E\u5DF2\u4FDD\u5B58',
+        'status.loadFailed': '\u52A0\u8F7D\u5931\u8D25',
+        'status.saveFailed': '\u4FDD\u5B58\u5931\u8D25',
+        'status.formatted': '\u5DF2\u683C\u5F0F\u5316',
+        'status.invalidJson': 'JSON \u683C\u5F0F\u65E0\u6548\uFF0C\u8BF7\u4FEE\u6B63\u540E\u518D\u4FDD\u5B58',
+        'status.jsonValid': 'JSON \u6709\u6548',
+        'status.jsonInvalid': 'JSON \u65E0\u6548',
+        'status.saved': '{name} \u5DF2\u4FDD\u5B58',
+        'status.tokenEmpty': 'Token \u4E0D\u80FD\u4E3A\u7A7A',
+        'status.tokenSaved': '\u5DF2\u4FDD\u5B58 {name} \u7684 Token',
+        'status.loggedOut': '\u5DF2\u4ECE {name} \u767B\u51FA',
+        'status.loginFailed': '\u767B\u5F55\u5931\u8D25',
+        'status.logoutFailed': '\u767B\u51FA\u5931\u8D25',
+        'status.openingBrowser': '\u6B63\u5728\u6253\u5F00\u6D4F\u89C8\u5668\u8FDB\u884C\u8BA4\u8BC1...',
+        'status.loginStarted': '\u767B\u5F55\u5DF2\u542F\u52A8...',
+        'status.loginSuccess': '\u767B\u5F55\u6210\u529F\uFF01',
+        'process.running': '\u670D\u52A1\u5DF2\u542F\u52A8',
+        'process.notRunning': '\u670D\u52A1\u672A\u542F\u52A8',
+        'process.starting': '\u6B63\u5728\u542F\u52A8 Gateway...',
+        'process.started': 'Gateway \u5DF2\u542F\u52A8',
+        'process.startFailed': 'Gateway \u542F\u52A8\u5931\u8D25',
+        'process.stopping': '\u6B63\u5728\u505C\u6B62 Gateway...',
+        'process.stopped': 'Gateway \u5DF2\u505C\u6B62',
+        'process.stopFailed': 'Gateway \u505C\u6B62\u5931\u8D25',
+        'process.needModel': '\u81F3\u5C11\u9700\u8981\u4E00\u4E2A\u914D\u7F6E\u4E86 API Key \u7684\u6A21\u578B',
+        'process.needChannel': '\u81F3\u5C11\u9700\u8981\u542F\u7528\u4E00\u4E2A\u901A\u9053',
+        'process.checkLogs': '\u8BF7\u67E5\u770B\u65E5\u5FD7\u4E86\u89E3\u8BE6\u60C5',
+        'process.needBoth': '\u9700\u8981\u914D\u7F6E\u6A21\u578B\u548C\u542F\u7528\u901A\u9053\u624D\u80FD\u542F\u52A8',
+    }
+};
+
+let currentLang = localStorage.getItem('picoclaw-lang') || (navigator.language.startsWith('zh') ? 'zh' : 'en');
+
+function t(key, params) {
+    let s = (i18nData[currentLang] && i18nData[currentLang][key]) || i18nData.en[key] || key;
+    if (params) {
+        Object.keys(params).forEach(k => { s = s.replace('{' + k + '}', params[k]); });
+    }
+    return s;
+}
+
+function applyI18n() {
+    document.querySelectorAll('[data-i18n]').forEach(el => {
+        const key = el.dataset.i18n;
+        const val = t(key);
+        if (el.tagName === 'INPUT' || el.tagName === 'TEXTAREA') {
+            el.placeholder = val;
+        } else {
+            el.textContent = val;
+        }
+    });
+    document.getElementById('authDesc').innerHTML = t('auth.desc');
+    document.getElementById('btnLang').textContent = currentLang === 'en' ? 'EN' : '\u4E2D';
+    document.documentElement.lang = currentLang === 'zh' ? 'zh-CN' : 'en';
+}
+
+function toggleLang() {
+    currentLang = currentLang === 'en' ? 'zh' : 'en';
+    localStorage.setItem('picoclaw-lang', currentLang);
+    applyI18n();
+    // Re-render process button text
+    updateRunStopButton(gatewayRunning);
+    // Re-render dynamic panels
+    renderModels();
+    const activePanel = document.querySelector('.content-panel.active');
+    if (activePanel) {
+        const id = activePanel.id;
+        if (id === 'panelAuth') loadAuthStatus();
+        if (id.startsWith('panelCh_')) renderChannelForm(id.replace('panelCh_', ''));
+    }
+}
+
+// ── State ───────────────────────────────────────────
+let configData = null;
+let configPath = '';
+let authPollTimer = null;
+let editingModelIndex = -1;
+
+// ── Channel schemas ─────────────────────────────────
+const channelSchemas = {
+    telegram: {
+        title: 'Telegram', configKey: 'telegram', docSlug: 'telegram',
+        fields: [
+            { key: 'token', label: 'Bot Token', type: 'password', placeholder: 'Telegram bot token from @BotFather' },
+            { key: 'proxy', label: 'Proxy', type: 'text', placeholder: 'http://proxy:port' },
+        ]
+    },
+    discord: {
+        title: 'Discord', configKey: 'discord', docSlug: 'discord',
+        fields: [
+            { key: 'token', label: 'Bot Token', type: 'password', placeholder: 'Discord bot token' },
+            { key: 'mention_only', label: 'ch.mentionOnly', type: 'toggle', hint: 'ch.mentionOnlyHint', i18nLabel: true },
+        ]
+    },
+    slack: {
+        title: 'Slack', configKey: 'slack', docSlug: 'slack',
+        fields: [
+            { key: 'bot_token', label: 'Bot Token', type: 'password', placeholder: 'xoxb-...' },
+            { key: 'app_token', label: 'App Token', type: 'password', placeholder: 'xapp-...' },
+        ]
+    },
+    wecom: {
+        title: 'WeCom (Bot)', configKey: 'wecom', docSlug: 'wecom-bot',
+        fields: [
+            { key: 'token', label: 'Token', type: 'password', placeholder: 'Verification token' },
+            { key: 'encoding_aes_key', label: 'Encoding AES Key', type: 'password', placeholder: '43-char AES key' },
+            { key: 'webhook_url', label: 'Webhook URL', type: 'text', placeholder: 'https://qyapi.weixin.qq.com/...' },
+            { key: 'webhook_host', label: 'Webhook Host', type: 'text', placeholder: '0.0.0.0' },
+            { key: 'webhook_port', label: 'Webhook Port', type: 'number', placeholder: '18793' },
+            { key: 'webhook_path', label: 'Webhook Path', type: 'text', placeholder: '/webhook/wecom' },
+            { key: 'reply_timeout', label: 'Reply Timeout (s)', type: 'number', placeholder: '5' },
+        ]
+    },
+    wecom_app: {
+        title: 'WeCom (App)', configKey: 'wecom_app', docSlug: 'wecom-app',
+        fields: [
+            { key: 'corp_id', label: 'Corp ID', type: 'text', placeholder: 'Corporation ID' },
+            { key: 'corp_secret', label: 'Corp Secret', type: 'password', placeholder: 'Corporation secret' },
+            { key: 'agent_id', label: 'Agent ID', type: 'number', placeholder: 'Agent ID (number)' },
+            { key: 'token', label: 'Token', type: 'password', placeholder: 'Verification token' },
+            { key: 'encoding_aes_key', label: 'Encoding AES Key', type: 'password', placeholder: '43-char AES key' },
+            { key: 'webhook_host', label: 'Webhook Host', type: 'text', placeholder: '0.0.0.0' },
+            { key: 'webhook_port', label: 'Webhook Port', type: 'number', placeholder: '18792' },
+            { key: 'webhook_path', label: 'Webhook Path', type: 'text', placeholder: '/webhook/wecom-app' },
+            { key: 'reply_timeout', label: 'Reply Timeout (s)', type: 'number', placeholder: '5' },
+        ]
+    },
+    dingtalk: {
+        title: 'DingTalk', configKey: 'dingtalk', docSlug: 'dingtalk',
+        fields: [
+            { key: 'client_id', label: 'Client ID', type: 'text', placeholder: 'App key / Client ID' },
+            { key: 'client_secret', label: 'Client Secret', type: 'password', placeholder: 'App secret' },
+        ]
+    },
+    feishu: {
+        title: 'Feishu', configKey: 'feishu', docSlug: 'feishu',
+        fields: [
+            { key: 'app_id', label: 'App ID', type: 'text', placeholder: 'Feishu app ID' },
+            { key: 'app_secret', label: 'App Secret', type: 'password', placeholder: 'Feishu app secret' },
+            { key: 'encrypt_key', label: 'Encrypt Key', type: 'password', placeholder: 'Event encrypt key' },
+            { key: 'verification_token', label: 'Verification Token', type: 'password', placeholder: 'Event verification token' },
+        ]
+    },
+    line: {
+        title: 'LINE', configKey: 'line', docSlug: 'line',
+        fields: [
+            { key: 'channel_secret', label: 'Channel Secret', type: 'password', placeholder: 'LINE channel secret' },
+            { key: 'channel_access_token', label: 'Channel Access Token', type: 'password', placeholder: 'LINE channel access token' },
+            { key: 'webhook_host', label: 'Webhook Host', type: 'text', placeholder: '0.0.0.0' },
+            { key: 'webhook_port', label: 'Webhook Port', type: 'number', placeholder: '18791' },
+            { key: 'webhook_path', label: 'Webhook Path', type: 'text', placeholder: '/webhook/line' },
+        ]
+    },
+    whatsapp: {
+        title: 'WhatsApp', configKey: 'whatsapp', docSlug: null,
+        fields: [
+            { key: 'bridge_url', label: 'Bridge URL', type: 'text', placeholder: 'ws://localhost:3001' },
+        ]
+    },
+    qq: {
+        title: 'QQ', configKey: 'qq', docSlug: 'qq',
+        fields: [
+            { key: 'app_id', label: 'App ID', type: 'text', placeholder: 'QQ bot App ID' },
+            { key: 'app_secret', label: 'App Secret', type: 'password', placeholder: 'QQ bot App Secret' },
+        ]
+    },
+    onebot: {
+        title: 'OneBot', configKey: 'onebot', docSlug: 'onebot',
+        fields: [
+            { key: 'ws_url', label: 'WebSocket URL', type: 'text', placeholder: 'ws://127.0.0.1:3001' },
+            { key: 'access_token', label: 'Access Token', type: 'password', placeholder: 'Access token' },
+            { key: 'reconnect_interval', label: 'Reconnect Interval (s)', type: 'number', placeholder: '5' },
+            { key: 'group_trigger_prefix', label: 'ch.groupTrigger', type: 'array', placeholder: 'Trigger word', i18nLabel: true },
+        ]
+    },
+    maixcam: {
+        title: 'MaixCAM', configKey: 'maixcam', docSlug: 'maixcam',
+        fields: [
+            { key: 'host', label: 'Host', type: 'text', placeholder: '0.0.0.0' },
+            { key: 'port', label: 'Port', type: 'number', placeholder: '18790' },
+        ]
+    },
+};
+
+// ── Sidebar ─────────────────────────────────────────
+function toggleGroup(el) {
+    el.parentElement.classList.toggle('collapsed');
+}
+
+document.querySelectorAll('.sidebar-item').forEach(item => {
+    item.addEventListener('click', () => {
+        document.querySelectorAll('.sidebar-item').forEach(i => i.classList.remove('active'));
+        item.classList.add('active');
+        const panelId = item.dataset.panel;
+        document.querySelectorAll('.content-panel').forEach(p => p.classList.remove('active'));
+        const panel = document.getElementById(panelId);
+        if (panel) panel.classList.add('active');
+
+        if (panelId === 'panelModels') renderModels();
+        if (panelId === 'panelAuth') loadAuthStatus();
+        if (panelId === 'panelRawJson') syncEditorFromConfig();
+        if (panelId.startsWith('panelCh_')) {
+            renderChannelForm(panelId.replace('panelCh_', ''));
+        }
+    });
+});
+
+// ── Status messages ─────────────────────────────────
+function showStatus(text, type) {
+    const container = document.getElementById('toastContainer');
+    const toast = document.createElement('div');
+    toast.className = 'toast ' + type;
+    toast.textContent = (type === 'success' ? '\u2713 ' : '\u2717 ') + text;
+    container.appendChild(toast);
+    setTimeout(() => {
+        toast.classList.add('fade-out');
+        setTimeout(() => toast.remove(), 300);
+    }, 3000);
+}
+
+// ── Config API ──────────────────────────────────────
+async function loadConfig() {
+    try {
+        const res = await fetch('/api/config');
+        if (!res.ok) throw new Error('HTTP ' + res.status + ': ' + (await res.text()));
+        const data = await res.json();
+        configData = data.config;
+        configPath = data.path || '';
+        document.getElementById('filePath').textContent = configPath || '-';
+        renderModels();
+        if (!pendingAction) updateRunStopButton(gatewayRunning);
+    } catch (e) {
+        showStatus(t('status.loadFailed') + ': ' + e.message, 'error');
+    }
+}
+
+async function saveConfig() {
+    if (!configData) return;
+    try {
+        const res = await fetch('/api/config', {
+            method: 'PUT',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(configData),
+        });
+        if (!res.ok) throw new Error('HTTP ' + res.status + ': ' + (await res.text()));
+        showStatus(t('status.configSaved'), 'success');
+    } catch (e) {
+        showStatus(t('status.saveFailed') + ': ' + e.message, 'error');
+    }
+    // Refresh start button state after config changes
+    if (!pendingAction) updateRunStopButton(gatewayRunning);
+}
+
+// ── Raw JSON editor ─────────────────────────────────
+function syncEditorFromConfig() {
+    const editor = document.getElementById('editor');
+    if (configData) editor.value = JSON.stringify(configData, null, 2);
+    document.getElementById('filePath').textContent = configPath || '-';
+    validateJson();
+}
+
+async function saveRawConfig() {
+    const obj = validateJson();
+    if (obj === null) { showStatus(t('status.invalidJson'), 'error'); return; }
+    configData = obj;
+    await saveConfig();
+    document.getElementById('editor').value = JSON.stringify(configData, null, 2);
+}
+
+function formatJson() {
+    const obj = validateJson();
+    if (obj !== null) {
+        document.getElementById('editor').value = JSON.stringify(obj, null, 2);
+        showStatus(t('status.formatted'), 'success');
+    }
+}
+
+function validateJson() {
+    const editor = document.getElementById('editor');
+    const jsonStatus = document.getElementById('jsonStatus');
+    const editorWrap = document.getElementById('editorWrapper');
+    const val = editor.value.trim();
+    if (!val) { jsonStatus.textContent = '-'; editorWrap.classList.remove('error'); return null; }
+    try {
+        const obj = JSON.parse(val);
+        jsonStatus.textContent = '\u2713 ' + t('status.jsonValid');
+        jsonStatus.style.color = 'var(--success)';
+        editorWrap.classList.remove('error');
+        return obj;
+    } catch (e) {
+        jsonStatus.textContent = '\u2717 ' + t('status.jsonInvalid') + ': ' + e.message;
+        jsonStatus.style.color = 'var(--error)';
+        editorWrap.classList.add('error');
+        return null;
+    }
+}
+
+document.getElementById('editor').addEventListener('input', validateJson);
+document.addEventListener('keydown', (e) => {
+    if ((e.ctrlKey || e.metaKey) && e.key === 's') {
+        e.preventDefault();
+        if (document.getElementById('panelRawJson').classList.contains('active')) saveRawConfig();
+        else saveConfig();
+    }
+});
+
+// ── Models Panel ────────────────────────────────────
+function renderModels() {
+    const grid = document.getElementById('modelGrid');
+    if (!configData || !configData.model_list) {
+        grid.innerHTML = `<div style="color:var(--text-muted);font-size:13px;">${t('models.noModels')}</div>`;
+        return;
+    }
+
+    const primaryModelName = (configData.agents && configData.agents.defaults)
+        ? (configData.agents.defaults.model_name || configData.agents.defaults.model || '')
+        : '';
+
+    // Build index array sorted: primary first, then the rest in original order
+    const indices = configData.model_list.map((_, i) => i);
+    indices.sort((a, b) => {
+        const ap = configData.model_list[a].model_name === primaryModelName ? 0 : 1;
+        const bp = configData.model_list[b].model_name === primaryModelName ? 0 : 1;
+        return ap !== bp ? ap - bp : a - b;
+    });
+
+    const isModelAvailable = isModelAvailableGlobal;
+
+    let html = '';
+    indices.forEach(idx => {
+        const m = configData.model_list[idx];
+        const available = isModelAvailable(m);
+        const isPrimary = m.model_name === primaryModelName;
+        const protocol = m.model ? m.model.split('/')[0] : '';
+
+        html += `<div class="model-card ${available ? '' : 'unavailable'}">`;
+        html += `<div class="model-card-head">`;
+        html += `<div class="model-name">${esc(m.model_name)}`;
+        if (protocol) html += ` <span class="model-protocol">${esc(protocol)}</span>`;
+        html += `</div>`;
+        if (isPrimary) html += `<span class="badge-primary">${t('models.primary')}</span>`;
+        else if (!available) html += `<span class="badge-nokey">${t('models.noKey')}</span>`;
+        html += `</div>`;
+
+        html += `<div class="model-detail"><strong>Model:</strong> ${esc(m.model || '-')}</div>`;
+        if (m.api_base) html += `<div class="model-detail"><strong>API Base:</strong> ${esc(m.api_base)}</div>`;
+        if (m.api_key) html += `<div class="model-detail"><strong>API Key:</strong> ${maskKey(m.api_key)}</div>`;
+        if (m.auth_method) html += `<div class="model-detail"><strong>Auth:</strong> ${esc(m.auth_method)}</div>`;
+        if (m.proxy) html += `<div class="model-detail"><strong>Proxy:</strong> ${esc(m.proxy)}</div>`;
+
+        html += `<div class="model-actions">`;
+        html += `<button class="btn btn-sm" onclick="showEditModelModal(${idx})">${t('edit')}</button>`;
+        if (available && !isPrimary) {
+            html += `<button class="btn btn-sm btn-success" onclick="setPrimaryModel(${idx})">${t('models.setPrimary')}</button>`;
+        }
+        html += `<button class="btn btn-sm btn-danger" onclick="deleteModel(${idx})">${t('delete')}</button>`;
+        html += `</div></div>`;
+    });
+    grid.innerHTML = html;
+}
+
+function setPrimaryModel(idx) {
+    if (!configData || !configData.model_list[idx]) return;
+    if (!configData.agents) configData.agents = {};
+    if (!configData.agents.defaults) configData.agents.defaults = {};
+    configData.agents.defaults.model_name = configData.model_list[idx].model_name;
+    saveConfig().then(renderModels);
+}
+
+function deleteModel(idx) {
+    if (!configData || !configData.model_list) return;
+    const name = configData.model_list[idx].model_name;
+    if (!confirm(t('models.deleteConfirm', { name }))) return;
+    configData.model_list.splice(idx, 1);
+    saveConfig().then(renderModels);
+}
+
+// ── Model Modal ─────────────────────────────────────
+const modelFieldsRequired = [
+    { key: 'model_name', labelKey: 'field.modelName', type: 'text', placeholder: 'e.g. gpt-4o', required: true },
+    { key: 'model', labelKey: 'field.modelId', type: 'text', placeholder: 'e.g. openai/gpt-4o', required: true, hintKey: 'field.modelIdHint' },
+    { key: 'api_key', labelKey: 'field.apiKey', type: 'password', placeholder: 'API key' },
+    { key: 'api_base', labelKey: 'field.apiBase', type: 'text', placeholder: 'https://api.openai.com/v1' },
+];
+const modelFieldsOptional = [
+    { key: 'proxy', labelKey: 'field.proxy', type: 'text', placeholder: 'http://proxy:port' },
+    { key: 'auth_method', labelKey: 'field.authMethod', type: 'text', placeholder: 'oauth / token' },
+    { key: 'connect_mode', labelKey: 'field.connectMode', type: 'text', placeholder: 'stdio / grpc' },
+    { key: 'workspace', labelKey: 'field.workspace', type: 'text', placeholder: 'Workspace path' },
+    { key: 'rpm', labelKey: 'field.rpm', type: 'number', placeholder: 'RPM' },
+    { key: 'request_timeout', labelKey: 'field.requestTimeout', type: 'number', placeholder: 'Seconds' },
+];
+const modelFields = [...modelFieldsRequired, ...modelFieldsOptional];
+
+function showEditModelModal(idx) {
+    editingModelIndex = idx;
+    const m = configData.model_list[idx];
+    document.getElementById('modalTitle').textContent = t('models.editModel') + ': ' + m.model_name;
+    renderModalBody(m);
+    document.getElementById('modelModal').classList.add('active');
+}
+
+function showAddModelModal() {
+    editingModelIndex = -1;
+    document.getElementById('modalTitle').textContent = t('models.addModel');
+    renderModalBody({});
+    document.getElementById('modelModal').classList.add('active');
+}
+
+function closeModelModal() {
+    document.getElementById('modelModal').classList.remove('active');
+}
+
+function renderModalBody(data) {
+    const hasOptionalValues = modelFieldsOptional.some(f => {
+        const v = data[f.key];
+        return v !== undefined && v !== null && v !== '' && v !== 0;
+    });
+
+    function renderField(f) {
+        const val = data[f.key] !== undefined && data[f.key] !== null ? data[f.key] : '';
+        const label = t(f.labelKey);
+        let h = `<div class="form-group">`;
+        h += `<label class="form-label">${label}${f.required ? ' *' : ''}</label>`;
+        h += `<input class="form-input ${f.type === 'number' ? 'form-input-number' : ''}" `;
+        h += `type="${f.type === 'password' ? 'password' : f.type === 'number' ? 'number' : 'text'}" `;
+        h += `data-field="${f.key}" value="${esc(String(val))}" placeholder="${f.placeholder || ''}">`;
+        if (f.hintKey) h += `<div class="form-hint">${t(f.hintKey)}</div>`;
+        h += `</div>`;
+        return h;
+    }
+
+    let html = '';
+    modelFieldsRequired.forEach(f => { html += renderField(f); });
+
+    html += `<div class="collapsible-header" onclick="this.classList.toggle('open');this.nextElementSibling.classList.toggle('open')">`;
+    html += `<span class="arrow">&#9656;</span> ${t('models.advancedOptions')}`;
+    html += `</div>`;
+    html += `<div class="collapsible-body">`;
+    modelFieldsOptional.forEach(f => { html += renderField(f); });
+    html += `</div>`;
+
+    document.getElementById('modalBody').innerHTML = html;
+}
+
+function saveModelFromModal() {
+    const inputs = document.querySelectorAll('#modalBody input[data-field]');
+    const obj = {};
+    inputs.forEach(input => {
+        const key = input.dataset.field;
+        let val = input.value.trim();
+        if (input.type === 'number' && val) val = parseInt(val, 10) || 0;
+        if (val !== '' && val !== 0) obj[key] = val;
+        else if (key === 'model_name' || key === 'model') obj[key] = val;
+    });
+
+    if (!obj.model_name || !obj.model) {
+        showStatus(t('models.requiredFields'), 'error');
+        return;
+    }
+
+    if (!configData.model_list) configData.model_list = [];
+
+    if (editingModelIndex >= 0) {
+        configData.model_list[editingModelIndex] = { ...configData.model_list[editingModelIndex], ...obj };
+        modelFields.forEach(f => {
+            if (!f.required && (obj[f.key] === '' || obj[f.key] === 0)) {
+                delete configData.model_list[editingModelIndex][f.key];
+            }
+        });
+    } else {
+        configData.model_list.push(obj);
+        // Auto-set as primary model
+        if (!configData.agents) configData.agents = {};
+        if (!configData.agents.defaults) configData.agents.defaults = {};
+        configData.agents.defaults.model_name = obj.model_name;
+    }
+
+    closeModelModal();
+    saveConfig().then(renderModels);
+}
+
+document.getElementById('modelModal').addEventListener('click', function(e) {
+    if (e.target === this) closeModelModal();
+});
+
+// ── Channel Forms ───────────────────────────────────
+function renderChannelForm(chKey) {
+    const schema = channelSchemas[chKey];
+    if (!schema) return;
+    const panel = document.getElementById('panelCh_' + chKey);
+    const chData = (configData && configData.channels && configData.channels[schema.configKey]) || {};
+
+    let html = `<div class="panel-title">${schema.title}</div>`;
+    html += `<div class="panel-desc">${t('ch.configure', { name: schema.title })}`;
+    if (schema.docSlug) {
+        const docBase = currentLang === 'zh' ? 'https://docs.picoclaw.io/zh-Hans/docs/channels/' : 'https://docs.picoclaw.io/docs/channels/';
+        html += ` <a class="doc-link" href="${docBase}${schema.docSlug}" target="_blank" rel="noopener noreferrer">\u{1F4D6} ${t('ch.docLink')}</a>`;
+    }
+    html += `</div>`;
+    html += `<div class="channel-form" id="chForm_${chKey}">`;
+
+    // Enabled toggle
+    html += `<div class="toggle-row">`;
+    html += `<div class="toggle ${chData.enabled ? 'on' : ''}" id="chToggle_${chKey}" onclick="toggleChannelEnabled('${chKey}', this)"></div>`;
+    html += `<span class="toggle-label">${t('enabled')}</span>`;
+    html += `</div>`;
+
+    schema.fields.forEach(f => {
+        const label = f.i18nLabel ? t(f.label) : f.label;
+        if (f.type === 'toggle') {
+            const hint = f.i18nLabel && f.hint ? t(f.hint) : (f.hint || '');
+            html += `<div class="toggle-row">`;
+            html += `<div class="toggle ${chData[f.key] ? 'on' : ''}" data-chfield="${f.key}" onclick="this.classList.toggle('on')"></div>`;
+            html += `<span class="toggle-label">${label}</span>`;
+            if (hint) html += `<span class="form-hint" style="margin-left:8px;">${hint}</span>`;
+            html += `</div>`;
+        } else if (f.type === 'array') {
+            const arr = chData[f.key] || [];
+            html += `<div class="form-group">`;
+            html += `<label class="form-label">${label}</label>`;
+            html += `<div class="array-editor" data-chfield="${f.key}" data-placeholder="${f.placeholder || ''}">`;
+            arr.forEach(v => {
+                html += `<div class="array-row">`;
+                html += `<input class="form-input" type="text" value="${esc(String(v))}" placeholder="${f.placeholder || ''}">`;
+                html += `<button class="btn btn-sm btn-danger" onclick="removeArrayRow(this)">&times;</button>`;
+                html += `</div>`;
+            });
+            html += `<div class="array-add" onclick="addArrayRow(this.parentElement)">${t('ch.addItem')}</div>`;
+            html += `</div></div>`;
+        } else {
+            const val = chData[f.key] !== undefined && chData[f.key] !== null ? chData[f.key] : '';
+            html += `<div class="form-group">`;
+            html += `<label class="form-label">${label}</label>`;
+            html += `<input class="form-input ${f.type === 'number' ? 'form-input-number' : ''}" `;
+            html += `type="${f.type === 'password' ? 'password' : f.type === 'number' ? 'number' : 'text'}" `;
+            html += `data-chfield="${f.key}" value="${esc(String(val))}" placeholder="${f.placeholder || ''}">`;
+            html += `</div>`;
+        }
+    });
+
+    // Allow from
+    const allowFrom = chData.allow_from || [];
+    html += `<div class="form-section-title">${t('ch.accessControl')}</div>`;
+    html += `<div class="form-group">`;
+    html += `<label class="form-label">${t('ch.allowFrom')}</label>`;
+    html += `<div class="array-editor" data-chfield="allow_from" data-placeholder="User / Chat ID">`;
+    allowFrom.forEach(v => {
+        html += `<div class="array-row">`;
+        html += `<input class="form-input" type="text" value="${esc(String(v))}" placeholder="User / Chat ID">`;
+        html += `<button class="btn btn-sm btn-danger" onclick="removeArrayRow(this)">&times;</button>`;
+        html += `</div>`;
+    });
+    html += `<div class="array-add" onclick="addArrayRow(this.parentElement)">${t('ch.addItem')}</div>`;
+    html += `</div></div>`;
+
+    html += `<div style="margin-top:20px;">`;
+    html += `<button class="btn btn-primary" onclick="saveChannelForm('${chKey}')">${t('save')}</button>`;
+    html += `</div></div>`;
+
+    panel.innerHTML = html;
+}
+
+function toggleChannelEnabled(chKey, el) { el.classList.toggle('on'); }
+
+function addArrayRow(container) {
+    const placeholder = container.dataset.placeholder || '';
+    const addBtn = container.querySelector('.array-add');
+    const row = document.createElement('div');
+    row.className = 'array-row';
+    row.innerHTML = `<input class="form-input" type="text" value="" placeholder="${placeholder}">` +
+        `<button class="btn btn-sm btn-danger" onclick="removeArrayRow(this)">&times;</button>`;
+    container.insertBefore(row, addBtn);
+    row.querySelector('input').focus();
+}
+
+function removeArrayRow(btn) { btn.parentElement.remove(); }
+
+function saveChannelForm(chKey) {
+    const schema = channelSchemas[chKey];
+    if (!schema || !configData) return;
+
+    if (!configData.channels) configData.channels = {};
+    const chObj = configData.channels[schema.configKey] || {};
+
+    const toggle = document.getElementById('chToggle_' + chKey);
+    chObj.enabled = toggle ? toggle.classList.contains('on') : false;
+
+    const form = document.getElementById('chForm_' + chKey);
+    schema.fields.forEach(f => {
+        if (f.type === 'toggle') {
+            const el = form.querySelector(`[data-chfield="${f.key}"].toggle`);
+            if (el) chObj[f.key] = el.classList.contains('on');
+        } else if (f.type === 'array') {
+            const container = form.querySelector(`.array-editor[data-chfield="${f.key}"]`);
+            if (container) {
+                const vals = [];
+                container.querySelectorAll('.array-row input').forEach(input => {
+                    const v = input.value.trim();
+                    if (v) vals.push(v);
+                });
+                chObj[f.key] = vals;
+            }
+        } else {
+            const input = form.querySelector(`input[data-chfield="${f.key}"]`);
+            if (input) {
+                let val = input.value.trim();
+                if (f.type === 'number' && val) {
+                    val = parseInt(val, 10);
+                    if (isNaN(val)) val = 0;
+                }
+                chObj[f.key] = val === '' ? (f.type === 'number' ? 0 : '') : val;
+            }
+        }
+    });
+
+    const afContainer = form.querySelector('.array-editor[data-chfield="allow_from"]');
+    if (afContainer) {
+        const vals = [];
+        afContainer.querySelectorAll('.array-row input').forEach(input => {
+            const v = input.value.trim();
+            if (v) vals.push(v);
+        });
+        chObj.allow_from = vals;
+    }
+
+    configData.channels[schema.configKey] = chObj;
+    saveConfig().then(() => showStatus(t('status.saved', { name: schema.title }), 'success'));
+}
+
+// ── Auth API ────────────────────────────────────────
+let authProviderMap = {}; // { 'openai': { status: 'active', ... }, ... }
+
+async function loadAuthStatus() {
+    try {
+        const res = await fetch('/api/auth/status');
+        if (!res.ok) return;
+        const data = await res.json();
+        const providers = data.providers || [];
+        authProviderMap = {};
+        providers.forEach(p => { authProviderMap[p.provider] = p; });
+        renderAuthStatus(providers, data.pending_device);
+    } catch (e) {
+        console.error('Failed to load auth status:', e);
+    }
+}
+
+function renderAuthStatus(providersList, pendingDevice) {
+    const providerMap = {};
+    providersList.forEach(p => { providerMap[p.provider] = p; });
+
+    ['openai', 'anthropic', 'google-antigravity'].forEach(name => {
+        const badge = document.getElementById('badge-' + name);
+        const details = document.getElementById('details-' + name);
+        const actions = document.getElementById('actions-' + name);
+        const p = providerMap[name];
+
+        if (p) {
+            const badgeClass = p.status === 'active' ? 'badge-active' :
+                p.status === 'expired' ? 'badge-expired' : 'badge-pending';
+            const badgeText = p.status === 'active' ? t('auth.active') :
+                p.status === 'expired' ? t('auth.expired') : t('auth.needsRefresh');
+            badge.className = 'provider-badge ' + badgeClass;
+            badge.textContent = badgeText;
+
+            let dh = '';
+            if (p.auth_method) dh += `<div class="provider-detail"><strong>${t('auth.method')}:</strong> ${p.auth_method}</div>`;
+            if (p.email) dh += `<div class="provider-detail"><strong>${t('auth.email')}:</strong> ${p.email}</div>`;
+            if (p.account_id) dh += `<div class="provider-detail"><strong>${t('auth.account')}:</strong> ${p.account_id}</div>`;
+            if (p.project_id) dh += `<div class="provider-detail"><strong>${t('auth.project')}:</strong> ${p.project_id}</div>`;
+            if (p.expires_at) {
+                const d = new Date(p.expires_at);
+                dh += `<div class="provider-detail"><strong>${t('auth.expires')}:</strong> ${d.toLocaleString()}</div>`;
+            }
+            details.innerHTML = dh;
+            actions.innerHTML = `<button class="btn btn-sm btn-danger" onclick="logoutProvider('${name}')">${t('auth.logout')}</button>`;
+        } else {
+            badge.className = 'provider-badge badge-none';
+            badge.textContent = t('auth.notLoggedIn');
+            details.innerHTML = '';
+            if (name === 'openai') {
+                actions.innerHTML = `<button class="btn btn-sm btn-primary" onclick="loginProvider('openai')">${t('auth.loginDevice')}</button>`;
+            } else if (name === 'anthropic') {
+                actions.innerHTML = `<button class="btn btn-sm btn-primary" onclick="showTokenInput('anthropic')">${t('auth.loginToken')}</button>`;
+            } else {
+                actions.innerHTML = `<button class="btn btn-sm btn-primary" onclick="loginProvider('google-antigravity')">${t('auth.loginOAuth')}</button>`;
+            }
+        }
+    });
+
+    if (pendingDevice && pendingDevice.status === 'pending') {
+        const name = pendingDevice.provider;
+        const badge = document.getElementById('badge-' + name);
+        const details = document.getElementById('details-' + name);
+        const actions = document.getElementById('actions-' + name);
+        if (badge) { badge.className = 'provider-badge badge-pending'; badge.textContent = t('auth.authenticating'); }
+        if (pendingDevice.device_url && pendingDevice.user_code && details) {
+            details.innerHTML = `
+            <div class="device-code-box">
+              <div class="hint" style="margin-bottom:8px;font-size:12px;">${t('auth.step1')}</div>
+              <div class="url"><a href="${pendingDevice.device_url}" target="_blank">${pendingDevice.device_url} &#8599;</a></div>
+              <div class="hint" style="margin-top:10px;margin-bottom:4px;font-size:12px;">${t('auth.step2')}</div>
+              <div class="code">${pendingDevice.user_code}</div>
+              <div class="hint">${t('auth.step3')}</div>
+            </div>`;
+        }
+        if (pendingDevice.error && details) {
+            details.innerHTML = `<div class="provider-detail" style="color:var(--error)">${pendingDevice.error}</div>`;
+            if (actions) actions.innerHTML = `<button class="btn btn-sm btn-primary" onclick="loginProvider('${name}')">${t('auth.retry')}</button>`;
+        } else if (actions) {
+            actions.innerHTML = `<button class="btn btn-sm" disabled><span class="spinner" style="width:14px;height:14px;border-width:2px;display:inline-block;vertical-align:middle;margin-right:6px;"></span>${t('auth.waiting')}</button>`;
+        }
+        startAuthPolling();
+    } else {
+        stopAuthPolling();
+    }
+}
+
+function startAuthPolling() {
+    stopAuthPolling();
+    authPollTimer = setInterval(() => loadAuthStatus(), 3000);
+}
+
+function stopAuthPolling() {
+    if (authPollTimer) { clearInterval(authPollTimer); authPollTimer = null; }
+}
+
+async function loginProvider(provider) {
+    const actions = document.getElementById('actions-' + provider);
+    const original = actions ? actions.innerHTML : '';
+    if (actions) actions.querySelectorAll('.btn').forEach(b => { b.disabled = true; b.style.opacity = '0.5'; });
+
+    try {
+        const res = await fetch('/api/auth/login', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ provider }),
+        });
+        if (!res.ok) throw new Error(await res.text());
+        const data = await res.json();
+
+        if (data.status === 'redirect' && data.auth_url) {
+            showStatus(t('status.openingBrowser'), 'success');
+            window.open(data.auth_url, '_blank');
+            if (actions) actions.innerHTML = original;
+            return;
+        }
+        if (data.status === 'pending') {
+            showStatus(data.message || t('status.loginStarted'), 'success');
+            if (data.device_url && data.user_code) {
+                const badge = document.getElementById('badge-' + provider);
+                const details = document.getElementById('details-' + provider);
+                if (badge) { badge.className = 'provider-badge badge-pending'; badge.textContent = t('auth.authenticating'); }
+                if (details) {
+                    details.innerHTML = `
+                    <div class="device-code-box">
+                      <div class="hint" style="margin-bottom:8px;font-size:12px;">${t('auth.step1')}</div>
+                      <div class="url"><a href="${data.device_url}" target="_blank">${data.device_url} &#8599;</a></div>
+                      <div class="hint" style="margin-top:10px;margin-bottom:4px;font-size:12px;">${t('auth.step2')}</div>
+                      <div class="code">${data.user_code}</div>
+                      <div class="hint">${t('auth.step3')}</div>
+                    </div>`;
+                }
+                if (actions) {
+                    actions.innerHTML = `<button class="btn btn-sm" disabled><span class="spinner" style="width:14px;height:14px;border-width:2px;display:inline-block;vertical-align:middle;margin-right:6px;"></span>${t('auth.waiting')}</button>`;
+                }
+            }
+            startAuthPolling();
+        } else if (data.status === 'success') {
+            showStatus(data.message || t('status.loginSuccess'), 'success');
+            loadAuthStatus();
+        }
+    } catch (e) {
+        showStatus(t('status.loginFailed') + ': ' + e.message, 'error');
+        if (actions) actions.innerHTML = original;
+    }
+}
+
+function showTokenInput(provider) {
+    const actions = document.getElementById('actions-' + provider);
+    actions.innerHTML = `
+    <div class="token-input-group">
+      <input type="password" id="tokenInput-${provider}" placeholder="${t('auth.pasteKey')}" />
+      <button class="btn btn-sm btn-primary" onclick="submitToken('${provider}')">${t('save')}</button>
+      <button class="btn btn-sm" onclick="loadAuthStatus()">${t('cancel')}</button>
+    </div>`;
+    document.getElementById('tokenInput-' + provider).focus();
+}
+
+async function submitToken(provider) {
+    const input = document.getElementById('tokenInput-' + provider);
+    const token = input.value.trim();
+    if (!token) { showStatus(t('status.tokenEmpty'), 'error'); return; }
+    try {
+        const res = await fetch('/api/auth/login', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ provider, token }),
+        });
+        if (!res.ok) throw new Error(await res.text());
+        showStatus(t('status.tokenSaved', { name: provider }), 'success');
+        loadAuthStatus();
+    } catch (e) {
+        showStatus(t('status.loginFailed') + ': ' + e.message, 'error');
+    }
+}
+
+async function logoutProvider(provider) {
+    try {
+        const res = await fetch('/api/auth/logout', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ provider }),
+        });
+        if (!res.ok) throw new Error(await res.text());
+        showStatus(t('status.loggedOut', { name: provider }), 'success');
+        loadAuthStatus();
+    } catch (e) {
+        showStatus(t('status.logoutFailed') + ': ' + e.message, 'error');
+    }
+}
+
+// ── Process API (Start/Stop/Status) ─────────────────
+let gatewayRunning = false;
+let processPolling = null;
+let pendingAction = null; // { type: 'start'|'stop', retries: 0 }
+const MAX_RETRIES = 10;
+
+function isModelAvailableGlobal(m) {
+    if (m.api_key) return true;
+    if (m.auth_method === 'oauth') {
+        const protocol = m.model ? m.model.split('/')[0] : '';
+        const providerName = protocol === 'google-antigravity' ? 'google-antigravity' : protocol;
+        const authInfo = authProviderMap[providerName];
+        return !!(authInfo && authInfo.status === 'active');
+    }
+    if (m.auth_method) return true;
+    return false;
+}
+
+function checkStartPrereqs() {
+    const primaryModelName = configData && configData.agents && configData.agents.defaults
+        ? (configData.agents.defaults.model_name || '') : '';
+    const hasModel = !!(primaryModelName && configData.model_list &&
+        configData.model_list.some(m => m.model_name === primaryModelName && isModelAvailableGlobal(m)));
+    const hasChannel = configData && configData.channels &&
+        Object.keys(channelSchemas).some(k => {
+            const cfg = configData.channels[channelSchemas[k].configKey];
+            return cfg && cfg.enabled;
+        });
+    return { hasModel, hasChannel, canStart: hasModel && hasChannel };
+}
+
+function updateRunStopButton(running) {
+    gatewayRunning = running;
+    const btn = document.getElementById('btnRunStop');
+    const icon = document.getElementById('btnRunStopIcon');
+    const text = document.getElementById('btnRunStopText');
+    const hint = document.getElementById('processHint');
+    if (running) {
+        btn.disabled = false;
+        btn.className = 'btn btn-stop btn-process';
+        icon.innerHTML = '&#9632;';
+        text.textContent = t('stop');
+        hint.textContent = '(' + t('process.running') + ')';
+        hint.style.color = '';
+    } else {
+        const prereqs = checkStartPrereqs();
+        btn.disabled = !prereqs.canStart;
+        btn.className = 'btn btn-run btn-process';
+        icon.innerHTML = '&#9654;';
+        text.textContent = t('start');
+        if (!prereqs.canStart) {
+            const reason = !prereqs.hasModel && !prereqs.hasChannel ? t('process.needBoth')
+                : !prereqs.hasModel ? t('process.needModel')
+                : t('process.needChannel');
+            hint.textContent = '(' + reason + ')';
+            hint.style.color = 'var(--danger, #e74c3c)';
+        } else {
+            hint.textContent = '(' + t('process.notRunning') + ')';
+            hint.style.color = '';
+        }
+    }
+}
+
+function setButtonLoading(actionType) {
+    const btn = document.getElementById('btnRunStop');
+    const icon = document.getElementById('btnRunStopIcon');
+    const text = document.getElementById('btnRunStopText');
+    const hint = document.getElementById('processHint');
+    btn.disabled = true;
+    btn.className = 'btn btn-process';
+    icon.innerHTML = '<span class="btn-spinner"></span>';
+    text.textContent = actionType === 'start' ? t('process.starting') : t('process.stopping');
+    hint.textContent = '';
+}
+
+async function checkProcessStatus() {
+    let running = false;
+    try {
+        const params = new URLSearchParams({ log_offset: logOffset, log_run_id: logRunID });
+        const res = await fetch('/api/process/status?' + params);
+        if (res.ok) {
+            const data = await res.json();
+            running = data.process_status === 'running';
+            handleLogData(data);
+        }
+    } catch (e) { /* treat as not running */ }
+
+    if (pendingAction) {
+        const expected = pendingAction.type === 'start';
+        if (running === expected) {
+            showStatus(expected ? t('process.started') : t('process.stopped'), 'success');
+            pendingAction = null;
+            restoreNormalPolling();
+            updateRunStopButton(running);
+        } else {
+            pendingAction.retries++;
+            if (pendingAction.retries >= MAX_RETRIES) {
+                let msg = pendingAction.type === 'start' ? t('process.startFailed') : t('process.stopFailed');
+                if (pendingAction.type === 'start') msg += ' — ' + t('process.checkLogs');
+                showStatus(msg, 'error');
+                pendingAction = null;
+                restoreNormalPolling();
+                updateRunStopButton(running);
+            }
+        }
+    } else {
+        updateRunStopButton(running);
+    }
+}
+
+function restoreNormalPolling() {
+    clearInterval(processPolling);
+    processPolling = setInterval(checkProcessStatus, 5000);
+}
+
+async function startGateway() {
+    const prereqs = checkStartPrereqs();
+    if (!prereqs.canStart) {
+        const reason = !prereqs.hasModel && !prereqs.hasChannel ? t('process.needBoth')
+            : !prereqs.hasModel ? t('process.needModel')
+            : t('process.needChannel');
+        showStatus(reason, 'error');
+        return;
+    }
+    setButtonLoading('start');
+    // Set pending BEFORE fetch so polls don't overwrite loading state
+    pendingAction = { type: 'start', retries: 0 };
+    clearInterval(processPolling);
+    processPolling = setInterval(checkProcessStatus, 1000);
+    try {
+        const res = await fetch('/api/process/start', { method: 'POST' });
+        if (!res.ok) throw new Error(await res.text());
+    } catch (e) {
+        showStatus(t('process.startFailed') + ': ' + e.message + ' — ' + t('process.checkLogs'), 'error');
+        pendingAction = null;
+        restoreNormalPolling();
+        updateRunStopButton(false);
+    }
+}
+
+async function stopGateway() {
+    setButtonLoading('stop');
+    pendingAction = { type: 'stop', retries: 0 };
+    clearInterval(processPolling);
+    processPolling = setInterval(checkProcessStatus, 1000);
+    try {
+        const res = await fetch('/api/process/stop', { method: 'POST' });
+        if (!res.ok) throw new Error(await res.text());
+    } catch (e) {
+        showStatus(t('process.stopFailed') + ': ' + e.message, 'error');
+        pendingAction = null;
+        restoreNormalPolling();
+        updateRunStopButton(true);
+    }
+}
+
+document.getElementById('btnRunStop').addEventListener('click', () => {
+    if (gatewayRunning) { stopGateway(); } else { startGateway(); }
+});
+
+// Poll status every 5 seconds
+checkProcessStatus();
+processPolling = setInterval(checkProcessStatus, 5000);
+
+// ── Log Panel ───────────────────────────────────────
+let logOffset = 0;
+let logRunID = -1;
+let logAutoScrollEnabled = true;
+let logHasContent = false;
+
+function handleLogData(data) {
+    const output = document.getElementById('logOutput');
+    const placeholder = document.getElementById('logPlaceholder');
+    if (!output) return;
+
+    const serverRunID = data.log_run_id;
+    const serverSource = data.log_source;
+    const lines = data.logs || [];
+    const total = data.log_total || 0;
+
+    // External gateway (not launched by us) — show appropriate placeholder
+    if (serverSource === 'none') {
+        if (!logHasContent) {
+            if (placeholder) {
+                placeholder.textContent = gatewayRunning ? t('logs.noCapture') : t('logs.noLogs');
+                placeholder.style.display = '';
+            }
+        }
+        return;
+    }
+
+    // Gateway restarted — clear display
+    if (serverRunID !== logRunID && logRunID !== -1) {
+        output.textContent = '';
+        logHasContent = false;
+    }
+    logRunID = serverRunID;
+
+    // Append new lines
+    if (lines.length > 0) {
+        // Hide placeholder
+        if (placeholder) placeholder.style.display = 'none';
+
+        // Remove placeholder node text if it's still the only content
+        if (!logHasContent) {
+            output.textContent = '';
+        }
+
+        output.textContent += lines.join('\n') + '\n';
+        logHasContent = true;
+
+        // Auto-scroll
+        if (logAutoScrollEnabled) {
+            output.scrollTop = output.scrollHeight;
+        }
+    }
+
+    logOffset = total;
+
+    // Show placeholder if we've never had content
+    if (!logHasContent && placeholder) {
+        placeholder.textContent = t('logs.noLogs');
+        placeholder.style.display = '';
+    }
+}
+
+function clearLogDisplay() {
+    const output = document.getElementById('logOutput');
+    const placeholder = document.getElementById('logPlaceholder');
+    if (output) output.textContent = '';
+    logHasContent = false;
+    // Re-add placeholder
+    if (output && placeholder) {
+        output.appendChild(placeholder);
+        placeholder.textContent = t('logs.noLogs');
+        placeholder.style.display = '';
+    }
+    // Keep logOffset/logRunID so we don't re-fetch old lines
+}
+
+// ── Utilities ───────────────────────────────────────
+function esc(s) {
+    const div = document.createElement('div');
+    div.textContent = s;
+    return div.innerHTML;
+}
+
+function maskKey(key) {
+    if (!key || key.length < 8) return '****';
+    return key.substring(0, 4) + '...' + key.substring(key.length - 4);
+}
+
+// ── Init ────────────────────────────────────────────
+applyI18n();
+loadConfig();
+loadAuthStatus().then(() => renderModels());
+
+if (window.location.hash === '#auth') {
+    document.querySelector('[data-panel="panelAuth"]').click();
+    window.location.hash = '';
+}
+</script>
+</body>
+
+</html>
diff --git a/cmd/picoclaw-launcher/main.go b/cmd/picoclaw-launcher/main.go
new file mode 100644
index 000000000..3323c31a8
--- /dev/null
+++ b/cmd/picoclaw-launcher/main.go
@@ -0,0 +1,127 @@
+// PicoClaw Launcher - Standalone HTTP service
+//
+// Provides a web-based JSON editor for picoclaw config files,
+// with OAuth provider authentication support.
+//
+// Usage:
+//
+//	go build -o picoclaw-launcher ./cmd/picoclaw-launcher/
+//	./picoclaw-launcher [config.json]
+//	./picoclaw-launcher -public config.json
+
+package main
+
+import (
+	"embed"
+	"flag"
+	"fmt"
+	"io/fs"
+	"log"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"time"
+
+	"github.com/sipeed/picoclaw/cmd/picoclaw-launcher/internal/server"
+)
+
+//go:embed internal/ui/index.html
+var staticFiles embed.FS
+
+func main() {
+	public := flag.Bool("public", false, "Listen on all interfaces (0.0.0.0) instead of localhost only")
+	flag.Usage = func() {
+		fmt.Fprintf(os.Stderr, "PicoClaw Launcher - A web-based configuration editor\n\n")
+		fmt.Fprintf(os.Stderr, "Usage: %s [options] [config.json]\n\n", os.Args[0])
+		fmt.Fprintf(os.Stderr, "Arguments:\n")
+		fmt.Fprintf(os.Stderr, "  config.json    Path to the configuration file (default: ~/.picoclaw/config.json)\n\n")
+		fmt.Fprintf(os.Stderr, "Options:\n")
+		flag.PrintDefaults()
+		fmt.Fprintf(os.Stderr, "\nExamples:\n")
+		fmt.Fprintf(os.Stderr, "  %s                          Use default config path\n", os.Args[0])
+		fmt.Fprintf(os.Stderr, "  %s ./config.json             Specify a config file\n", os.Args[0])
+		fmt.Fprintf(
+			os.Stderr,
+			"  %s -public ./config.json     Allow access from other devices on the network\n",
+			os.Args[0],
+		)
+	}
+	flag.Parse()
+
+	configPath := server.DefaultConfigPath()
+	if flag.NArg() > 0 {
+		configPath = flag.Arg(0)
+	}
+
+	absPath, err := filepath.Abs(configPath)
+	if err != nil {
+		log.Fatalf("Failed to resolve config path: %v", err)
+	}
+
+	var addr string
+	if *public {
+		addr = "0.0.0.0:" + server.DefaultPort
+	} else {
+		addr = "127.0.0.1:" + server.DefaultPort
+	}
+
+	mux := http.NewServeMux()
+	server.RegisterConfigAPI(mux, absPath)
+	server.RegisterAuthAPI(mux, absPath)
+	server.RegisterProcessAPI(mux, absPath)
+
+	staticFS, err := fs.Sub(staticFiles, "internal/ui")
+	if err != nil {
+		log.Fatalf("Failed to create sub filesystem: %v", err)
+	}
+	mux.Handle("/", http.FileServer(http.FS(staticFS)))
+
+	// Print startup banner
+	fmt.Println("=============================================")
+	fmt.Println("  PicoClaw Launcher")
+	fmt.Println("=============================================")
+	fmt.Printf("  Config file : %s\n", absPath)
+	fmt.Printf("  Listen addr : %s\n\n", addr)
+	fmt.Println("  Open the following URL in your browser")
+	fmt.Println("  to view and edit the configuration:")
+	fmt.Println()
+	fmt.Printf("    >> http://localhost:%s <<\n", server.DefaultPort)
+	if *public {
+		if ip := server.GetLocalIP(); ip != "" {
+			fmt.Printf("    >> http://%s:%s <<\n", ip, server.DefaultPort)
+		}
+	}
+	fmt.Println()
+	// fmt.Println("=============================================")
+
+	go func() {
+		// Wait briefly to ensure the server is ready before opening the browser
+		time.Sleep(500 * time.Millisecond)
+		url := "http://localhost:" + server.DefaultPort
+		if err := openBrowser(url); err != nil {
+			log.Printf("Warning: Failed to auto-open browser: %v\n", err)
+		}
+	}()
+
+	if err := http.ListenAndServe(addr, mux); err != nil {
+		log.Fatalf("Server failed: %v", err)
+	}
+}
+
+// openBrowser automatically opens the given URL in the default browser.
+func openBrowser(url string) error {
+	var err error
+	switch runtime.GOOS {
+	case "linux":
+		err = exec.Command("xdg-open", url).Start()
+	case "windows":
+		err = exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start()
+	case "darwin":
+		err = exec.Command("open", url).Start()
+	default:
+		err = fmt.Errorf("unsupported platform")
+	}
+	return err
+}
diff --git a/cmd/picoclaw-launcher/winres/winres.json b/cmd/picoclaw-launcher/winres/winres.json
new file mode 100644
index 000000000..01ea7364c
--- /dev/null
+++ b/cmd/picoclaw-launcher/winres/winres.json
@@ -0,0 +1,22 @@
+{
+  "RT_GROUP_ICON": {
+    "APP": {
+      "0000": "../icon.ico"
+    }
+  },
+  "RT_MANIFEST": {
+    "#1": {
+      "0409": {
+        "identity": {
+          "name": "PicoClaw Launcher",
+          "version": "0.0.0.0"
+        },
+        "description": "PicoClaw Launcher - Web-based configuration editor",
+        "minimum-os": "win7",
+        "execution-level": "asInvoker",
+        "dpi-awareness": "system",
+        "use-common-controls-v6": true
+      }
+    }
+  }
+}
diff --git a/pkg/auth/oauth.go b/pkg/auth/oauth.go
index ba757ffd4..91c9e25c5 100644
--- a/pkg/auth/oauth.go
+++ b/pkg/auth/oauth.go
@@ -66,7 +66,8 @@ func decodeBase64(s string) string {
 	return string(data)
 }
 
-func generateState() (string, error) {
+// GenerateState generates a random state string for OAuth CSRF protection.
+func GenerateState() (string, error) {
 	buf := make([]byte, 32)
 	if _, err := rand.Read(buf); err != nil {
 		return "", err
@@ -80,7 +81,7 @@ func LoginBrowser(cfg OAuthProviderConfig) (*AuthCredential, error) {
 		return nil, fmt.Errorf("generating PKCE: %w", err)
 	}
 
-	state, err := generateState()
+	state, err := GenerateState()
 	if err != nil {
 		return nil, fmt.Errorf("generating state: %w", err)
 	}
@@ -127,7 +128,7 @@ func LoginBrowser(cfg OAuthProviderConfig) (*AuthCredential, error) {
 
 	fmt.Printf("Open this URL to authenticate:\n\n%s\n\n", authURL)
 
-	if err := openBrowser(authURL); err != nil {
+	if err := OpenBrowser(authURL); err != nil {
 		fmt.Printf("Could not open browser automatically.\nPlease open this URL manually:\n\n%s\n\n", authURL)
 	}
 
@@ -153,7 +154,7 @@ func LoginBrowser(cfg OAuthProviderConfig) (*AuthCredential, error) {
 		if result.err != nil {
 			return nil, result.err
 		}
-		return exchangeCodeForTokens(cfg, result.code, pkce.CodeVerifier, redirectURI)
+		return ExchangeCodeForTokens(cfg, result.code, pkce.CodeVerifier, redirectURI)
 	case manualInput := <-manualCh:
 		if manualInput == "" {
 			return nil, fmt.Errorf("manual input canceled")
@@ -169,7 +170,7 @@ func LoginBrowser(cfg OAuthProviderConfig) (*AuthCredential, error) {
 		if code == "" {
 			return nil, fmt.Errorf("could not find authorization code in input")
 		}
-		return exchangeCodeForTokens(cfg, code, pkce.CodeVerifier, redirectURI)
+		return ExchangeCodeForTokens(cfg, code, pkce.CodeVerifier, redirectURI)
 	case <-time.After(5 * time.Minute):
 		return nil, fmt.Errorf("authentication timed out after 5 minutes")
 	}
@@ -186,6 +187,59 @@ type deviceCodeResponse struct {
 	Interval     int
 }
 
+// DeviceCodeInfo holds the device code information returned by the OAuth provider.
+type DeviceCodeInfo struct {
+	DeviceAuthID string `json:"device_auth_id"`
+	UserCode     string `json:"user_code"`
+	VerifyURL    string `json:"verify_url"`
+	Interval     int    `json:"interval"`
+}
+
+// RequestDeviceCode requests a device code from the OAuth provider.
+// Returns the info needed for the user to authenticate in a browser.
+func RequestDeviceCode(cfg OAuthProviderConfig) (*DeviceCodeInfo, error) {
+	reqBody, _ := json.Marshal(map[string]string{
+		"client_id": cfg.ClientID,
+	})
+
+	resp, err := http.Post(
+		cfg.Issuer+"/api/accounts/deviceauth/usercode",
+		"application/json",
+		strings.NewReader(string(reqBody)),
+	)
+	if err != nil {
+		return nil, fmt.Errorf("requesting device code: %w", err)
+	}
+	defer resp.Body.Close()
+
+	body, _ := io.ReadAll(resp.Body)
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("device code request failed: %s", string(body))
+	}
+
+	deviceResp, err := parseDeviceCodeResponse(body)
+	if err != nil {
+		return nil, fmt.Errorf("parsing device code response: %w", err)
+	}
+
+	if deviceResp.Interval < 1 {
+		deviceResp.Interval = 5
+	}
+
+	return &DeviceCodeInfo{
+		DeviceAuthID: deviceResp.DeviceAuthID,
+		UserCode:     deviceResp.UserCode,
+		VerifyURL:    cfg.Issuer + "/codex/device",
+		Interval:     deviceResp.Interval,
+	}, nil
+}
+
+// PollDeviceCodeOnce makes a single poll attempt to check if the user has authenticated.
+// Returns (credential, nil) on success, (nil, nil) if still pending, or (nil, err) on failure.
+func PollDeviceCodeOnce(cfg OAuthProviderConfig, deviceAuthID, userCode string) (*AuthCredential, error) {
+	return pollDeviceCode(cfg, deviceAuthID, userCode)
+}
+
 func parseDeviceCodeResponse(body []byte) (deviceCodeResponse, error) {
 	var raw struct {
 		DeviceAuthID string          `json:"device_auth_id"`
@@ -318,7 +372,7 @@ func pollDeviceCode(cfg OAuthProviderConfig, deviceAuthID, userCode string) (*Au
 	}
 
 	redirectURI := cfg.Issuer + "/deviceauth/callback"
-	return exchangeCodeForTokens(cfg, tokenResp.AuthorizationCode, tokenResp.CodeVerifier, redirectURI)
+	return ExchangeCodeForTokens(cfg, tokenResp.AuthorizationCode, tokenResp.CodeVerifier, redirectURI)
 }
 
 func RefreshAccessToken(cred *AuthCredential, cfg OAuthProviderConfig) (*AuthCredential, error) {
@@ -410,7 +464,8 @@ func buildAuthorizeURL(cfg OAuthProviderConfig, pkce PKCECodes, state, redirectU
 	return cfg.Issuer + "/oauth/authorize?" + params.Encode()
 }
 
-func exchangeCodeForTokens(cfg OAuthProviderConfig, code, codeVerifier, redirectURI string) (*AuthCredential, error) {
+// ExchangeCodeForTokens exchanges an authorization code for tokens.
+func ExchangeCodeForTokens(cfg OAuthProviderConfig, code, codeVerifier, redirectURI string) (*AuthCredential, error) {
 	data := url.Values{
 		"grant_type":    {"authorization_code"},
 		"code":          {code},
@@ -552,7 +607,8 @@ func base64URLDecode(s string) ([]byte, error) {
 	return base64.StdEncoding.DecodeString(s)
 }
 
-func openBrowser(url string) error {
+// OpenBrowser opens the given URL in the user's default browser.
+func OpenBrowser(url string) error {
 	switch runtime.GOOS {
 	case "darwin":
 		return exec.Command("open", url).Start()
diff --git a/pkg/auth/oauth_test.go b/pkg/auth/oauth_test.go
index 0cb589069..230ac7c2a 100644
--- a/pkg/auth/oauth_test.go
+++ b/pkg/auth/oauth_test.go
@@ -219,9 +219,9 @@ func TestExchangeCodeForTokens(t *testing.T) {
 		Port:     1455,
 	}
 
-	cred, err := exchangeCodeForTokens(cfg, "test-code", "test-verifier", "http://localhost:1455/auth/callback")
+	cred, err := ExchangeCodeForTokens(cfg, "test-code", "test-verifier", "http://localhost:1455/auth/callback")
 	if err != nil {
-		t.Fatalf("exchangeCodeForTokens() error: %v", err)
+		t.Fatalf("ExchangeCodeForTokens() error: %v", err)
 	}
 
 	if cred.AccessToken != "mock-access-token" {