§
    ËÐ)jØA  ã                  óf  — U d Z ddlmZ ddlZddlZddlZddlmZ ddlm	Z	 ddl
mZmZmZ ddlmZ  ej        e¦  «        Z ed¦  «        Zd	ed
<   d1d„Zdaded<   d2d„Z	 d3d4d„Z	 d3d5d„Zd6d„Zd6d„Z	 d3d7d „Zdad!ed"<   d8d$„Z	 d3d9d%„Zg d&¢Z d'ed(<   	 d3d9d)„Z!	 d3d:d,„Z"	 d3d;d-„Z#	 d3d9d.„Z$d<d0„Z%dS )=uÜ  File passthrough registry for remote terminal backends.

Remote backends (Docker, Modal, SSH) create sandboxes with no host files.
This module ensures that credential files, skill directories, and host-side
cache directories (documents, images, audio, screenshots) are mounted or
synced into those sandboxes so the agent can access them.

**Credentials and skills** â€” session-scoped registry fed by skill declarations
(``required_credential_files``) and user config (``terminal.credential_files``).

**Cache directories** â€” gateway-cached uploads, browser screenshots, TTS
audio, and processed images.  Mounted read-only so the remote terminal can
reference files the host side created (e.g. ``unzip`` an uploaded archive).

Remote backends call :func:`get_credential_file_mounts`,
:func:`get_skills_directory_mount` / :func:`iter_skills_files`, and
:func:`get_cache_directory_mounts` / :func:`iter_cache_files` at sandbox
creation time and before each command (for resync on Modal).
é    )ÚannotationsN)Ú
ContextVar)ÚPath)ÚDictÚListÚOptional)Úcfg_getÚ_registered_fileszContextVar[Dict[str, str]]Ú_registered_files_varÚreturnúDict[str, str]c                 ó’   — 	 t                                ¦   «         S # t          $ r! i } t                                | ¦  «         | cY S w xY w)zSGet or create the registered credential files dict for the current context/session.)r   ÚgetÚLookupErrorÚset)Úvals    ú=/home/wildlama/.hermes/hermes-agent/tools/credential_files.pyÚ_get_registeredr   &   sV   € ðÝ$×(Ò(Ñ*Ô*Ð*øÝð ð ð Ø ˆÝ×!Ò! #Ñ&Ô&Ð&Øˆ
ˆ
ˆ
ðøøøs   ‚ ›(AÁAzList[Dict[str, str]] | NoneÚ_config_filesr   c                 ó"   — ddl m}   | ¦   «         S )Nr   ©Úget_hermes_home)Úhermes_constantsr   r   s    r   Ú_resolve_hermes_homer   4   s"   € Ø0Ð0Ð0Ð0Ð0Ð0Øˆ?ÑÔÐó    ú/root/.hermesÚrelative_pathÚstrÚcontainer_baseÚboolc                ó:  — t          ¦   «         }t          j                             | ¦  «        rt                               d| ¦  «         dS || z  }ddlm}  |||¦  «        }|rt                               d| |¦  «         dS |                     ¦   «         }| 	                    ¦   «         st           
                    d|¦  «         dS |                     d¦  «        › d| › }t          |¦  «        t          ¦   «         |<   t           
                    d||¦  «         d	S )
a  Register a credential file for mounting into remote sandboxes.

    *relative_path* is relative to ``HERMES_HOME`` (e.g. ``google_token.json``).
    Returns True if the file exists on the host and was registered.

    Security: rejects absolute paths and path traversal sequences (``..``).
    The resolved host path must remain inside HERMES_HOME so that a malicious
    skill cannot declare ``required_credential_files: ['../../.ssh/id_rsa']``
    and exfiltrate sensitive host files into a container sandbox.
    zMcredential_files: rejected absolute path %r (must be relative to HERMES_HOME)Fr   ©Úvalidate_within_dirz1credential_files: rejected path traversal %r (%s)z)credential_files: skipping %s (not found)ú/z%credential_files: registered %s -> %sT)r   ÚosÚpathÚisabsÚloggerÚwarningÚtools.path_securityr#   ÚresolveÚis_fileÚdebugÚrstripr   r   )r   r   Úhermes_homeÚ	host_pathr#   Úcontainment_errorÚresolvedÚcontainer_paths           r   Úregister_credential_filer4   9   s;  € õ 'Ñ(Ô(€Kõ 
„w‡}‚}]Ñ#Ô#ð ÝŠØ[Øñ	
ô 	
ð 	
ð ˆuà˜mÑ+€Ið 8Ð7Ð7Ð7Ð7Ð7à+Ð+¨I°{ÑCÔCÐØð ÝŠØ?ØØñ	
ô 	
ð 	
ð
 ˆuà× Ò Ñ"Ô"€HØ×ÒÑÔð ÝŠÐ@À(ÑKÔKÐKØˆuà&×-Ò-¨cÑ2Ô2ÐDÐD°]ÐDÐD€NÝ(+¨H©¬…OÑÔnÑ%Ý
‡L‚LÐ8¸(ÀNÑSÔSÐSØˆ4r   ÚentriesÚlistú	List[str]c                ób  — g }| D ]©}t          |t          ¦  «        r|                     ¦   «         }nUt          |t          ¦  «        r?|                     d¦  «        p|                     d¦  «        pd                     ¦   «         }nŒ|sŒ„t          ||¦  «        s|                     |¦  «         Œª|S )zûRegister multiple credential files from skill frontmatter entries.

    Each entry is either a string (relative path) or a dict with a ``path``
    key.  Returns the list of relative paths that were NOT found on the host
    (i.e. missing files).
    r&   ÚnameÚ )Ú
isinstancer   ÚstripÚdictr   r4   Úappend)r5   r   ÚmissingÚentryÚrel_paths        r   Úregister_credential_filesrB   k   s¸   € ð €GØð 
%ð 
%ˆÝeSÑ!Ô!ð 	Ø—{’{‘}”}ˆHˆHÝ˜tÑ$Ô$ð 	ØŸ	š	 &Ñ)Ô)ÐD¨U¯YªY°vÑ->Ô->ÐDÀ"×KÒKÑMÔMˆHˆHàØð 	ØÝ'¨°.ÑAÔAð 	%ØNŠN˜8Ñ$Ô$Ð$øØ€Nr   úList[Dict[str, str]]c                 ó0  — t           t           S g } 	 ddlm} t          ¦   «         } |¦   «         }t	          |dd¦  «        }t          |t          ¦  «        rddlm} |D ]ü}t          |t          ¦  «        rå| 
                    ¦   «         rÑ| 
                    ¦   «         }t          j                             |¦  «        rt                               d|¦  «         Œz||z  } |||¦  «        }	|	rt                               d||	¦  «         Œª|                     ¦   «         }
|
                     ¦   «         r*d	|› }|                      t          |
¦  «        |d
œ¦  «         Œýn2# t&          $ r%}t                               d|¦  «         Y d}~nd}~ww xY w| a t           S )z=Load ``terminal.credential_files`` from config.yaml (cached).Nr   )Úread_raw_configÚterminalÚcredential_filesr"   z2credential_files: rejected absolute config path %rz8credential_files: rejected config path traversal %r (%s)z/root/.hermes/©r0   r3   z8Could not read terminal.credential_files from config: %s)r   Úhermes_cli.configrE   r   r	   r;   r6   r*   r#   r   r<   r%   r&   r'   r(   r)   r+   r,   r>   Ú	Exception)ÚresultrE   r/   ÚcfgÚ
cred_filesr#   ÚitemÚrelr0   r1   Úresolved_pathr3   Úes                r   Ú_load_config_filesrR   „   sñ  € õ Ð ÝÐà#%€Fð VØ5Ð5Ð5Ð5Ð5Ð5Ý*Ñ,Ô,ˆØˆoÑÔˆÝ˜S *Ð.@ÑAÔAˆ
Ýj¥$Ñ'Ô'ñ 	Ø?Ð?Ð?Ð?Ð?Ð?à"ð ð Ý˜d¥CÑ(Ô(ð ¨T¯ZªZ©\¬\ð ØŸ*š*™,œ,CÝ”w—}’} SÑ)Ô)ð !ÝŸšØPÐRUñô ð ð !Ø +¨cÑ 1IØ(;Ð(;¸IÀ{Ñ(SÔ(SÐ%Ø(ð !ÝŸšØVØÐ!2ñô ð ð !Ø$-×$5Ò$5Ñ$7Ô$7MØ$×,Ò,Ñ.Ô.ð Ø)?¸#Ð)?Ð)?˜ØŸšÝ),¨]Ñ);Ô);Ø.<ð'ð 'ñ ô ð øøøõ ð Vð Vð VÝŠÐQÐSTÑUÔUÐUÐUÐUÐUÐUÐUøøøøðVøøøð €MÝÐs   ’E
E Å
FÅ'FÆFc                 óx  — i } t          ¦   «                              ¦   «         D ]+\  }}t          |¦  «                             ¦   «         r|| |<   Œ,t	          ¦   «         D ]@}|d         }|| vr2t          |d         ¦  «                             ¦   «         r|d         | |<   ŒAd„ |                      ¦   «         D ¦   «         S )zÁReturn all credential files that should be mounted into remote sandboxes.

    Each item has ``host_path`` and ``container_path`` keys.
    Combines skill-registered files and user config.
    r3   r0   c                ó   — g | ]
\  }}||d œ‘ŒS )rH   © )Ú.0ÚcpÚhps      r   ú
<listcomp>z.get_credential_file_mounts.<locals>.<listcomp>Å   s4   € ð ð ð áˆBð ¨BÐ/Ð/ðð ð r   )r   Úitemsr   r,   rR   )Úmountsr3   r0   r@   rW   s        r   Úget_credential_file_mountsr\   ±   sÙ   € ð  €Fõ &5Ñ%6Ô%6×%<Ò%<Ñ%>Ô%>ð /ð /Ñ!ˆ˜	å	‰?Œ?×"Ò"Ñ$Ô$ð 	/Ø%.ˆF>Ñ"øõ $Ñ%Ô%ð ,ð ,ˆØÐ#Ô$ˆØVÐÐ¥ U¨;Ô%7Ñ 8Ô 8× @Ò @Ñ BÔ BÐØ˜{Ô+ˆF2‰Jøðð à—l’l‘n”nðñ ô ð r   úlist[Dict[str, str]]c                óâ  — g }t          ¦   «         }|dz  }|                     ¦   «         r=t          |¦  «        }|                     ||                      d¦  «        › ddœ¦  «         	 ddlm} t           |¦   «         ¦  «        D ]X\  }}|                     ¦   «         r?t          |¦  «        }|                     ||                      d¦  «        › d|› dœ¦  «         ŒYn# t          $ r Y nw xY w|S )aM  Return mount info for all skill directories (local + external).

    Skills may include ``scripts/``, ``templates/``, and ``references/``
    subdirectories that the agent needs to execute inside remote sandboxes.

    **Security:** Bind mounts follow symlinks, so a malicious symlink inside
    the skills tree could expose arbitrary host files to the container.  When
    symlinks are detected, this function creates a sanitized copy (regular
    files only) in a temp directory and returns that path instead.  When no
    symlinks are present (the common case), the original directory is returned
    directly with zero overhead.

    Returns a list of dicts with ``host_path`` and ``container_path`` keys.
    The local skills dir mounts at ``<container_base>/skills``, external dirs
    at ``<container_base>/external_skills/<index>``.
    Úskillsr$   ú/skillsrH   r   ©Úget_external_skills_dirsú/external_skills/)	r   Úis_dirÚ_safe_skills_pathr>   r.   Úagent.skill_utilsrb   Ú	enumerateÚImportError)r   r[   r/   Ú
skills_dirr0   rb   ÚidxÚext_dirs           r   Úget_skills_directory_mountrl   Ë   sI  € ð& €FÝ&Ñ(Ô(€KØ˜xÑ'€JØ×ÒÑÔð Ý% jÑ1Ô1ˆ	ØŠØ"Ø!/×!6Ò!6°sÑ!;Ô!;ÐDÐDÐDð
ð 
ñ 	ô 	ð 	ð
Ø>Ð>Ð>Ð>Ð>Ð>Ý%Ð&>Ð&>Ñ&@Ô&@ÑAÔAð 	ð 	‰LˆCØ~Š~ÑÔð Ý-¨gÑ6Ô6	Ø—’Ø!*Ø)7×)>Ò)>¸sÑ)CÔ)CÐ&[Ð&[ÐVYÐ&[Ð&[ðð ñ ô ð øð	øõ ð ð ð Øˆðøøøð €Ms   Á(A6C Ã
C,Ã+C,zPath | NoneÚ_safe_skills_tempdirri   c                óÖ  ‡	‡
— d„ |                       d¦  «        D ¦   «         }|st          | ¦  «        S |D ]0}t                               d|t	          j        |¦  «        ¦  «         Œ1ddl}ddlŠ
ddl}t          r5t           
                    ¦   «         r‰
                     t          d¬¦  «         t          |                     d¬	¦  «        ¦  «        Š	‰	a	|                       d¦  «        D ]½}|                     ¦   «         rŒ|                     | ¦  «        }‰	|z  }| 
                    ¦   «         r|                     dd¬
¦  «         Œ]|                     ¦   «         rL|j                             dd¬
¦  «         ‰
                     t          |¦  «        t          |¦  «        ¦  «         Œ¾ˆ	ˆ
fd„}|                     |¦  «         t                               d‰	¦  «         t          ‰	¦  «        S )z@Return *skills_dir* if symlink-free, else a sanitized temp copy.c                ó:   — g | ]}|                      ¦   «         ¯|‘ŒS rU   )Ú
is_symlink)rV   Úps     r   rY   z%_safe_skills_path.<locals>.<listcomp>ÿ   s%   € ÐCÐCÐCa°A·L²L±N´NÐCÐCÐCÐCr   Ú*z:credential_files: skipping symlink in skills dir: %s -> %sr   NT©Úignore_errorszhermes-skills-safe-)Úprefix)ÚparentsÚexist_okc                 ób   •— ‰                       ¦   «         r‰                     ‰ d¬¦  «         d S d S )NTrs   )rd   Úrmtree)Úsafe_dirÚshutils   €€r   Ú_cleanupz#_safe_skills_path.<locals>._cleanup  s;   ø€ Ø?Š?ÑÔð 	8ØMŠM˜(°$ˆMÑ7Ô7Ð7Ð7Ð7ð	8ð 	8r   z8credential_files: created symlink-safe skills copy at %s)Úrglobr   r(   r)   r%   ÚreadlinkÚatexitr{   Útempfilerm   rd   ry   r   Úmkdtemprp   Úrelative_toÚmkdirr,   ÚparentÚcopy2ÚregisterÚinfo)ri   ÚsymlinksÚlinkr   r€   rN   rO   Útargetr|   rz   r{   s            @@r   re   re   û   s  øø€ ð DÐC˜:×+Ò+¨CÑ0Ô0ÐCÑCÔC€HØð Ý:‰ŒÐàð 0ð 0ˆÝŠÐSØRœ[¨Ñ.Ô.ñ	0ô 	0ð 	0ð 	0ð €M€M€MØ€M€M€MØ€O€O€Oõ ð @Õ 4× ;Ò ;Ñ =Ô =ð @ØŠÕ*¸$ˆÑ?Ô?Ð?åH×$Ò$Ð,AÐ$ÑBÔBÑCÔC€HØ#Ðà× Ò  Ñ%Ô%ð 	1ð 	1ˆØ?Š?ÑÔð 	ØØ×Ò˜zÑ*Ô*ˆØ˜C‘ˆØ;Š;‰=Œ=ð 	1ØLŠL °ˆLÑ5Ô5Ð5Ð5Ø\Š\‰^Œ^ð 	1ØŒM×Ò¨°tÐÑ<Ô<Ð<ØLŠL˜T™œ¥C¨¡K¤KÑ0Ô0Ð0øð8ð 8ð 8ð 8ð 8ð 8ð ‡O‚OHÑÔÐÝ
‡K‚KÐJÈHÑUÔUÐUÝˆx‰=Œ=Ðr   c                óP  — g }t          ¦   «         }|dz  }|                     ¦   «         r˜|                      d¦  «        › d}|                     d¦  «        D ]j}|                     ¦   «         s|                     ¦   «         sŒ+|                     |¦  «        }|                     t          |¦  «        |› d|› dœ¦  «         Œk	 ddl	m
} t           |¦   «         ¦  «        D ]´\  }}	|	                     ¦   «         sŒ|                      d¦  «        › d|› }|	                     d¦  «        D ]j}|                     ¦   «         s|                     ¦   «         sŒ+|                     |	¦  «        }|                     t          |¦  «        |› d|› dœ¦  «         ŒkŒµn# t          $ r Y nw xY w|S )	a>  Yield individual (host_path, container_path) entries for skills files.

    Includes both the local skills dir and any external dirs configured via
    skills.external_dirs.  Skips symlinks entirely.  Preferred for backends
    that upload files individually (Daytona, Modal) rather than mounting a
    directory.
    r_   r$   r`   rr   rH   r   ra   rc   )r   rd   r.   r}   rp   r,   r‚   r>   r   rf   rb   rg   rh   )
r   rK   r/   ri   Úcontainer_rootrN   rO   rb   rj   rk   s
             r   Úiter_skills_filesr   &  s  € ð $&€Få&Ñ(Ô(€KØ˜xÑ'€JØ×ÒÑÔð 	Ø*×1Ò1°#Ñ6Ô6Ð?Ð?Ð?ˆØ×$Ò$ SÑ)Ô)ð 	ð 	ˆDØŠÑ Ô ð ¨¯ª©¬ð ØØ×"Ò" :Ñ.Ô.ˆCØMŠMÝ  ™YœYØ%3Ð";Ð";°cÐ";Ð";ðð ñ ô ð ð ðØ>Ð>Ð>Ð>Ð>Ð>Ý%Ð&>Ð&>Ñ&@Ô&@ÑAÔAð 	ð 	‰LˆCØ—>’>Ñ#Ô#ð ØØ .× 5Ò 5°cÑ :Ô :ÐRÐRÈSÐRÐRˆNØŸš cÑ*Ô*ð ð Ø—?’?Ñ$Ô$ð ¨D¯LªL©N¬Nð ØØ×&Ò& wÑ/Ô/Ø—’Ý!$ T¡¤Ø)7Ð&?Ð&?¸#Ð&?Ð&?ðð ñ ô ð ð ð	ð		øõ ð ð ð Øˆðøøøð €Ms   ÃCF Æ
F#Æ"F#))zcache/documentsÚdocument_cache)zcache/imagesÚimage_cache)zcache/audioÚaudio_cache)zcache/screenshotsÚbrowser_screenshotszlist[tuple[str, str]]Ú_CACHE_DIRSc                óî   — ddl m} g }t          D ]d\  }} |||¦  «        }|                     ¦   «         r?|                      d¦  «        › d|› }|                     t          |¦  «        |dœ¦  «         Œe|S )a   Return mount entries for each cache directory that exists on disk.

    Used by Docker to create bind mounts.  Each entry has ``host_path`` and
    ``container_path`` keys.  The host path is resolved via
    ``get_hermes_dir()`` for backward compatibility with old directory layouts.
    r   ©Úget_hermes_dirr$   rH   )r   r•   r’   rd   r.   r>   r   )r   r•   r[   Únew_subpathÚold_nameÚhost_dirr3   s          r   Úget_cache_directory_mountsr™   b  s§   € ð 0Ð/Ð/Ð/Ð/Ð/à#%€FÝ!,ð ð ÑˆXØ!> +¨xÑ8Ô8ˆØ?Š?ÑÔð 	à .× 5Ò 5°cÑ :Ô :ÐJÐJ¸[ÐJÐJˆNØMŠMÝ  ™]œ]Ø"0ðð ñ ô ð øð €Mr   r0   úOptional[str]c                ó  — t          | ¦  «        }t          |¬¦  «        D ]l}t          |d         ¦  «        }	 |                     |¦  «        }n# t          $ r Y Œ:w xY wt	          j        |d         |                     ¦   «         ¦  «        c S dS )aê  Map a host cache path to its mounted path under *container_base*.

    Returns the POSIX container path when *host_path* lives under one of the
    auto-mounted cache directories, otherwise ``None``.  Backend-agnostic: the
    caller decides which ``container_base`` applies (Docker ``/root/.hermes``,
    SSH ``<remote_home>/.hermes``, etc.) and whether translation is wanted.
    Always joins with ``posixpath`` because container/remote paths are POSIX
    regardless of the host OS.
    ©r   r0   r3   N)r   r™   r‚   Ú
ValueErrorÚ	posixpathÚjoinÚas_posix)r0   r   r&   Úmountr˜   rO   s         r   Úmap_cache_path_to_containerr¢   z  s¢   € õ 	‰?Œ?€DÝ+¸>ÐJÑJÔJð Gð GˆÝ˜˜kÔ*Ñ+Ô+ˆð	Ø×"Ò" 8Ñ,Ô,ˆCˆCøÝð 	ð 	ð 	ØˆHð	øøøåŒ~˜eÐ$4Ô5°s·|²|±~´~ÑFÔFÐFÐFÐFØˆ4s   ¸AÁ
AÁAc                ó|   — t           j                             dd¦  «        dk    r| S t          | |¬¦  «        }||n| S )a  Translate a host cache path to its mounted path inside the sandbox.

    Returns the input unchanged if it is not under any auto-mounted cache
    directory, or if the active terminal backend does not require path
    translation (only Docker for now).
    ÚTERMINAL_ENVÚlocalÚdockerrœ   )r%   Úenvironr   r¢   )r0   r   Úmappeds      r   Úto_agent_visible_cache_pathr©   ’  sF   € õ 
„z‡~‚~n gÑ.Ô.°(Ò:Ð:ØÐå(¨À>ÐRÑRÔR€FØÐ'ˆ6ˆ6¨YÐ6r   c                ó¦  — ddl m} g }t          D ]À\  }} |||¦  «        }|                     ¦   «         sŒ&|                      d¦  «        › d|› }|                     d¦  «        D ]j}|                     ¦   «         s|                     ¦   «         sŒ+|                     |¦  «        }| 	                    t          |¦  «        |› d|› dœ¦  «         ŒkŒÁ|S )zëReturn individual (host_path, container_path) entries for cache files.

    Used by Modal to upload files individually and resync before each command.
    Skips symlinks.  The container paths use the new ``cache/<subdir>`` layout.
    r   r”   r$   rr   rH   )r   r•   r’   rd   r.   r}   rp   r,   r‚   r>   r   )	r   r•   rK   r–   r—   r˜   rŒ   rN   rO   s	            r   Úiter_cache_filesr«   §  s  € ð 0Ð/Ð/Ð/Ð/Ð/à#%€FÝ!,ð ð ÑˆXØ!> +¨xÑ8Ô8ˆØŠÑ Ô ð 	ØØ*×1Ò1°#Ñ6Ô6ÐFÐF¸ÐFÐFˆØ—N’N 3Ñ'Ô'ð 	ð 	ˆDØŠÑ Ô ð ¨¯ª©¬ð ØØ×"Ò" 8Ñ,Ô,ˆCØMŠMÝ  ™YœYØ%3Ð";Ð";°cÐ";Ð";ðð ñ ô ð ð ð		ð €Mr   ÚNonec                 óF   — t          ¦   «                              ¦   «          dS )z8Reset the skill-scoped registry (e.g. on session reset).N)r   ÚclearrU   r   r   Úclear_credential_filesr¯   Â  s    € åÑÔ×ÒÑÔÐÐÐr   )r   r   )r   r   )r   )r   r   r   r   r   r    )r5   r6   r   r   r   r7   )r   rC   )r   r   r   r]   )ri   r   r   r   )r   r   r   rC   )r0   r   r   r   r   rš   )r0   r   r   r   r   r   )r   r¬   )&Ú__doc__Ú
__future__r   Úloggingr%   rž   Úcontextvarsr   Úpathlibr   Útypingr   r   r   rI   r	   Ú	getLoggerÚ__name__r(   r   Ú__annotations__r   r   r   r4   rB   rR   r\   rl   rm   re   r   r’   r™   r¢   r©   r«   r¯   rU   r   r   ú<module>r¹      sŽ  ððð ð ð( #Ð "Ð "Ð "Ð "Ð "à €€€Ø 	€	€	€	Ø Ð Ð Ð Ø "Ð "Ð "Ð "Ð "Ð "Ø Ð Ð Ð Ð Ð Ø 'Ð 'Ð 'Ð 'Ð 'Ð 'Ð 'Ð 'Ð 'Ð 'Ø %Ð %Ð %Ð %Ð %Ð %à	ˆÔ	˜8Ñ	$Ô	$€ð 5?°JÐ?RÑ4SÔ4SÐ Ð SÐ SÐ SÑ Sðð ð ð ð .2€Ð 1Ð 1Ð 1Ñ 1ðð ð ð ð *ð/ð /ð /ð /ð /ðh *ðð ð ð ð ð2*ð *ð *ð *ðZð ð ð ð6 *ð*ð *ð *ð *ð *ðZ %)Ð Ð (Ð (Ð (Ñ (ð(ð (ð (ð (ðX *ð+ð +ð +ð +ð +ðh&ð &ð &€ð ð ð ñ ð *ðð ð ð ð ð4 *ðð ð ð ð ð4 *ð7ð 7ð 7ð 7ð 7ð, *ðð ð ð ð ð6ð ð ð ð ð r   