From ca7fbf43daf64e6e640432745349f31d440bb605 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Mon, 18 Nov 2019 10:28:18 -0600
Subject: [PATCH] TUN-2547: TunnelRPC definitions for Authenticate flow

---
 go.mod                           |   1 -
 tunnelrpc/pogs/auth_outcome.go   |  83 ++++
 tunnelrpc/pogs/auth_serialize.go |  78 +++
 tunnelrpc/pogs/auth_test.go      | 109 ++++
 tunnelrpc/pogs/tunnelrpc.go      |   1 +
 tunnelrpc/tunnelrpc.capnp        |   8 +
 tunnelrpc/tunnelrpc.capnp.go     | 820 ++++++++++++++++++++++---------
 7 files changed, 876 insertions(+), 224 deletions(-)
 create mode 100644 tunnelrpc/pogs/auth_outcome.go
 create mode 100644 tunnelrpc/pogs/auth_serialize.go
 create mode 100644 tunnelrpc/pogs/auth_test.go

diff --git a/go.mod b/go.mod
index bce9d655..c55ae1b9 100644
--- a/go.mod
+++ b/go.mod
@@ -57,7 +57,6 @@ require (
 	golang.org/x/sync v0.0.0-20190423024810-112230192c58
 	golang.org/x/sys v0.0.0-20191008105621-543471e840be
 	golang.org/x/text v0.3.2 // indirect
-	google.golang.org/appengine v1.4.0 // indirect
 	google.golang.org/genproto v0.0.0-20191007204434-a023cd5227bd // indirect
 	google.golang.org/grpc v1.24.0 // indirect
 	gopkg.in/coreos/go-oidc.v2 v2.1.0
diff --git a/tunnelrpc/pogs/auth_outcome.go b/tunnelrpc/pogs/auth_outcome.go
new file mode 100644
index 00000000..9f72711e
--- /dev/null
+++ b/tunnelrpc/pogs/auth_outcome.go
@@ -0,0 +1,83 @@
+package pogs
+
+import (
+	"fmt"
+	"time"
+)
+
+// AuthenticateResponse is the serialized response from the Authenticate RPC.
+// It's a 1:1 representation of the capnp message, so it's not very useful for programmers.
+// Instead, you should call the `Outcome()` method to get a programmer-friendly sum type, with one
+// case for each possible outcome.
+type AuthenticateResponse struct {
+	PermanentErr      string
+	RetryableErr      string
+	Jwt               []byte
+	HoursUntilRefresh uint8
+}
+
+// Outcome turns the deserialized response of Authenticate into a programmer-friendly sum type.
+func (ar AuthenticateResponse) Outcome() AuthOutcome {
+	// If there was a network error, then cloudflared should retry later,
+	// because origintunneld couldn't prove whether auth was correct or not.
+	if ar.RetryableErr != "" {
+		return &AuthUnknown{Err: fmt.Errorf(ar.RetryableErr), HoursUntilRefresh: ar.HoursUntilRefresh}
+	}
+
+	// If the user's authentication was unsuccessful, the server will return an error explaining why.
+	// cloudflared should fatal with this error.
+	if ar.PermanentErr != "" {
+		return &AuthFail{Err: fmt.Errorf(ar.PermanentErr)}
+	}
+
+	// If auth succeeded, return the token and refresh it when instructed.
+	if ar.PermanentErr == "" && len(ar.Jwt) > 0 {
+		return &AuthSuccess{Jwt: ar.Jwt, HoursUntilRefresh: ar.HoursUntilRefresh}
+	}
+
+	// Otherwise the state got messed up.
+	return nil
+}
+
+// AuthOutcome is a programmer-friendly sum type denoting the possible outcomes of Authenticate.
+//go-sumtype:decl AuthOutcome
+type AuthOutcome interface {
+	isAuthOutcome()
+}
+
+// AuthSuccess means the backend successfully authenticated this cloudflared.
+type AuthSuccess struct {
+	Jwt               []byte
+	HoursUntilRefresh uint8
+}
+
+// RefreshAfter is how long cloudflared should wait before rerunning Authenticate.
+func (ao *AuthSuccess) RefreshAfter() time.Duration {
+	return hoursToTime(ao.HoursUntilRefresh)
+}
+
+func (ao *AuthSuccess) isAuthOutcome() {}
+
+// AuthFail means this cloudflared has the wrong auth and should exit.
+type AuthFail struct {
+	Err error
+}
+
+func (ao *AuthFail) isAuthOutcome() {}
+
+// AuthUnknown means the backend couldn't finish checking authentication. Try again later.
+type AuthUnknown struct {
+	Err               error
+	HoursUntilRefresh uint8
+}
+
+// RefreshAfter is how long cloudflared should wait before rerunning Authenticate.
+func (ao *AuthUnknown) RefreshAfter() time.Duration {
+	return hoursToTime(ao.HoursUntilRefresh)
+}
+
+func (ao *AuthUnknown) isAuthOutcome() {}
+
+func hoursToTime(hours uint8) time.Duration {
+	return time.Duration(hours) * time.Hour
+}
diff --git a/tunnelrpc/pogs/auth_serialize.go b/tunnelrpc/pogs/auth_serialize.go
new file mode 100644
index 00000000..b6caa7c3
--- /dev/null
+++ b/tunnelrpc/pogs/auth_serialize.go
@@ -0,0 +1,78 @@
+package pogs
+
+import (
+	"context"
+
+	"github.com/cloudflare/cloudflared/tunnelrpc"
+
+	"zombiezen.com/go/capnproto2/pogs"
+	"zombiezen.com/go/capnproto2/server"
+)
+
+func (i TunnelServer_PogsImpl) Authenticate(p tunnelrpc.TunnelServer_authenticate) error {
+	originCert, err := p.Params.OriginCert()
+	if err != nil {
+		return err
+	}
+	hostname, err := p.Params.Hostname()
+	if err != nil {
+		return err
+	}
+	options, err := p.Params.Options()
+	if err != nil {
+		return err
+	}
+	pogsOptions, err := UnmarshalRegistrationOptions(options)
+	if err != nil {
+		return err
+	}
+
+	server.Ack(p.Options)
+	resp, err := i.impl.Authenticate(p.Ctx, originCert, hostname, pogsOptions)
+	if err != nil {
+		return err
+	}
+	result, err := p.Results.NewResult()
+	if err != nil {
+		return err
+	}
+	return MarshalAuthenticateResponse(result, resp)
+}
+
+func MarshalAuthenticateResponse(s tunnelrpc.AuthenticateResponse, p *AuthenticateResponse) error {
+	return pogs.Insert(tunnelrpc.AuthenticateResponse_TypeID, s.Struct, p)
+}
+
+func (c TunnelServer_PogsClient) Authenticate(ctx context.Context, originCert []byte, hostname string, options *RegistrationOptions) (*AuthenticateResponse, error) {
+	client := tunnelrpc.TunnelServer{Client: c.Client}
+	promise := client.Authenticate(ctx, func(p tunnelrpc.TunnelServer_authenticate_Params) error {
+		err := p.SetOriginCert(originCert)
+		if err != nil {
+			return err
+		}
+		err = p.SetHostname(hostname)
+		if err != nil {
+			return err
+		}
+		registrationOptions, err := p.NewOptions()
+		if err != nil {
+			return err
+		}
+		err = MarshalRegistrationOptions(registrationOptions, options)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	retval, err := promise.Result().Struct()
+	if err != nil {
+		return nil, err
+	}
+	return UnmarshalAuthenticateResponse(retval)
+}
+
+func UnmarshalAuthenticateResponse(s tunnelrpc.AuthenticateResponse) (*AuthenticateResponse, error) {
+	p := new(AuthenticateResponse)
+	err := pogs.Extract(p, tunnelrpc.AuthenticateResponse_TypeID, s.Struct)
+	return p, err
+}
diff --git a/tunnelrpc/pogs/auth_test.go b/tunnelrpc/pogs/auth_test.go
new file mode 100644
index 00000000..50ae1ec1
--- /dev/null
+++ b/tunnelrpc/pogs/auth_test.go
@@ -0,0 +1,109 @@
+package pogs
+
+import (
+	"fmt"
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/cloudflare/cloudflared/tunnelrpc"
+	"github.com/stretchr/testify/assert"
+	capnp "zombiezen.com/go/capnproto2"
+)
+
+// Ensure the AuthOutcome sum is correct
+var _ AuthOutcome = &AuthSuccess{}
+var _ AuthOutcome = &AuthFail{}
+var _ AuthOutcome = &AuthUnknown{}
+
+// Unit tests for AuthenticateResponse.Outcome()
+func TestAuthenticateResponseOutcome(t *testing.T) {
+	type fields struct {
+		PermanentErr      string
+		RetryableErr      string
+		Jwt               []byte
+		HoursUntilRefresh uint8
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   AuthOutcome
+	}{
+		{"success",
+			fields{Jwt: []byte("asdf"), HoursUntilRefresh: 6},
+			&AuthSuccess{Jwt: []byte("asdf"), HoursUntilRefresh: 6},
+		},
+		{"fail",
+			fields{PermanentErr: "bad creds"},
+			&AuthFail{Err: fmt.Errorf("bad creds")},
+		},
+		{"error",
+			fields{RetryableErr: "bad conn", HoursUntilRefresh: 6},
+			&AuthUnknown{Err: fmt.Errorf("bad conn"), HoursUntilRefresh: 6},
+		},
+		{"nil (no fields are set)",
+			fields{},
+			nil,
+		},
+		{"nil (too few fields are set)",
+			fields{HoursUntilRefresh: 6},
+			nil,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ar := AuthenticateResponse{
+				PermanentErr:      tt.fields.PermanentErr,
+				RetryableErr:      tt.fields.RetryableErr,
+				Jwt:               tt.fields.Jwt,
+				HoursUntilRefresh: tt.fields.HoursUntilRefresh,
+			}
+			if got := ar.Outcome(); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("AuthenticateResponse.Outcome() = %T, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestWhenToRefresh(t *testing.T) {
+	expected := 4 * time.Hour
+	actual := hoursToTime(4)
+	if expected != actual {
+		t.Fatalf("expected %v hours, got %v", expected, actual)
+	}
+}
+
+// Test that serializing and deserializing AuthenticationResponse undo each other.
+func TestSerializeAuthenticationResponse(t *testing.T) {
+
+	tests := []*AuthenticateResponse{
+		&AuthenticateResponse{
+			Jwt:               []byte("\xbd\xb2\x3d\xbc\x20\xe2\x8c\x98"),
+			HoursUntilRefresh: 24,
+		},
+		&AuthenticateResponse{
+			PermanentErr: "bad auth",
+		},
+		&AuthenticateResponse{
+			RetryableErr:      "bad connection",
+			HoursUntilRefresh: 24,
+		},
+	}
+
+	for i, testCase := range tests {
+		_, seg, err := capnp.NewMessage(capnp.SingleSegment(nil))
+		capnpEntity, err := tunnelrpc.NewAuthenticateResponse(seg)
+		if !assert.NoError(t, err) {
+			t.Fatal("Couldn't initialize a new message")
+		}
+		err = MarshalAuthenticateResponse(capnpEntity, testCase)
+		if !assert.NoError(t, err, "testCase index %v failed to marshal", i) {
+			continue
+		}
+		result, err := UnmarshalAuthenticateResponse(capnpEntity)
+		if !assert.NoError(t, err, "testCase index %v failed to unmarshal", i) {
+			continue
+		}
+		assert.Equal(t, testCase, result, "testCase index %v didn't preserve struct through marshalling and unmarshalling", i)
+	}
+}
diff --git a/tunnelrpc/pogs/tunnelrpc.go b/tunnelrpc/pogs/tunnelrpc.go
index 981d5299..0e99cffe 100644
--- a/tunnelrpc/pogs/tunnelrpc.go
+++ b/tunnelrpc/pogs/tunnelrpc.go
@@ -327,6 +327,7 @@ type TunnelServer interface {
 	GetServerInfo(ctx context.Context) (*ServerInfo, error)
 	UnregisterTunnel(ctx context.Context, gracePeriodNanoSec int64) error
 	Connect(ctx context.Context, parameters *ConnectParameters) (ConnectResult, error)
+	Authenticate(ctx context.Context, originCert []byte, hostname string, options *RegistrationOptions) (*AuthenticateResponse, error)
 }
 
 func TunnelServer_ServerToClient(s TunnelServer) tunnelrpc.TunnelServer {
diff --git a/tunnelrpc/tunnelrpc.capnp b/tunnelrpc/tunnelrpc.capnp
index 5664dcc3..8cffa64d 100644
--- a/tunnelrpc/tunnelrpc.capnp
+++ b/tunnelrpc/tunnelrpc.capnp
@@ -274,11 +274,19 @@ struct FailedConfig {
 	reason @4 :Text;
 }
 
+struct AuthenticateResponse {
+    permanentErr @0 :Text;
+    retryableErr @1 :Text;
+    jwt @2 :Data;
+    hoursUntilRefresh @3 :UInt8;
+}
+
 interface TunnelServer {
     registerTunnel @0 (originCert :Data, hostname :Text, options :RegistrationOptions) -> (result :TunnelRegistration);
     getServerInfo @1 () -> (result :ServerInfo);
     unregisterTunnel @2 (gracePeriodNanoSec :Int64) -> ();
     connect @3 (parameters :CapnpConnectParameters) -> (result :ConnectResult);
+    authenticate @4 (originCert :Data, hostname :Text, options :RegistrationOptions) -> (result :AuthenticateResponse);
 }
 
 interface ClientService {
diff --git a/tunnelrpc/tunnelrpc.capnp.go b/tunnelrpc/tunnelrpc.capnp.go
index 34e07f10..75f03a41 100644
--- a/tunnelrpc/tunnelrpc.capnp.go
+++ b/tunnelrpc/tunnelrpc.capnp.go
@@ -2625,6 +2625,121 @@ func (p FailedConfig_config_Promise) ReverseProxy() ReverseProxyConfig_Promise {
 	return ReverseProxyConfig_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
 }
 
+type AuthenticateResponse struct{ capnp.Struct }
+
+// AuthenticateResponse_TypeID is the unique identifier for the type AuthenticateResponse.
+const AuthenticateResponse_TypeID = 0x82c325a07ad22a65
+
+func NewAuthenticateResponse(s *capnp.Segment) (AuthenticateResponse, error) {
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 3})
+	return AuthenticateResponse{st}, err
+}
+
+func NewRootAuthenticateResponse(s *capnp.Segment) (AuthenticateResponse, error) {
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 3})
+	return AuthenticateResponse{st}, err
+}
+
+func ReadRootAuthenticateResponse(msg *capnp.Message) (AuthenticateResponse, error) {
+	root, err := msg.RootPtr()
+	return AuthenticateResponse{root.Struct()}, err
+}
+
+func (s AuthenticateResponse) String() string {
+	str, _ := text.Marshal(0x82c325a07ad22a65, s.Struct)
+	return str
+}
+
+func (s AuthenticateResponse) PermanentErr() (string, error) {
+	p, err := s.Struct.Ptr(0)
+	return p.Text(), err
+}
+
+func (s AuthenticateResponse) HasPermanentErr() bool {
+	p, err := s.Struct.Ptr(0)
+	return p.IsValid() || err != nil
+}
+
+func (s AuthenticateResponse) PermanentErrBytes() ([]byte, error) {
+	p, err := s.Struct.Ptr(0)
+	return p.TextBytes(), err
+}
+
+func (s AuthenticateResponse) SetPermanentErr(v string) error {
+	return s.Struct.SetText(0, v)
+}
+
+func (s AuthenticateResponse) RetryableErr() (string, error) {
+	p, err := s.Struct.Ptr(1)
+	return p.Text(), err
+}
+
+func (s AuthenticateResponse) HasRetryableErr() bool {
+	p, err := s.Struct.Ptr(1)
+	return p.IsValid() || err != nil
+}
+
+func (s AuthenticateResponse) RetryableErrBytes() ([]byte, error) {
+	p, err := s.Struct.Ptr(1)
+	return p.TextBytes(), err
+}
+
+func (s AuthenticateResponse) SetRetryableErr(v string) error {
+	return s.Struct.SetText(1, v)
+}
+
+func (s AuthenticateResponse) Jwt() ([]byte, error) {
+	p, err := s.Struct.Ptr(2)
+	return []byte(p.Data()), err
+}
+
+func (s AuthenticateResponse) HasJwt() bool {
+	p, err := s.Struct.Ptr(2)
+	return p.IsValid() || err != nil
+}
+
+func (s AuthenticateResponse) SetJwt(v []byte) error {
+	return s.Struct.SetData(2, v)
+}
+
+func (s AuthenticateResponse) HoursUntilRefresh() uint8 {
+	return s.Struct.Uint8(0)
+}
+
+func (s AuthenticateResponse) SetHoursUntilRefresh(v uint8) {
+	s.Struct.SetUint8(0, v)
+}
+
+// AuthenticateResponse_List is a list of AuthenticateResponse.
+type AuthenticateResponse_List struct{ capnp.List }
+
+// NewAuthenticateResponse creates a new list of AuthenticateResponse.
+func NewAuthenticateResponse_List(s *capnp.Segment, sz int32) (AuthenticateResponse_List, error) {
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 8, PointerCount: 3}, sz)
+	return AuthenticateResponse_List{l}, err
+}
+
+func (s AuthenticateResponse_List) At(i int) AuthenticateResponse {
+	return AuthenticateResponse{s.List.Struct(i)}
+}
+
+func (s AuthenticateResponse_List) Set(i int, v AuthenticateResponse) error {
+	return s.List.SetStruct(i, v.Struct)
+}
+
+func (s AuthenticateResponse_List) String() string {
+	str, _ := text.MarshalList(0x82c325a07ad22a65, s.List)
+	return str
+}
+
+// AuthenticateResponse_Promise is a wrapper for a AuthenticateResponse promised by a client call.
+type AuthenticateResponse_Promise struct{ *capnp.Pipeline }
+
+func (p AuthenticateResponse_Promise) Struct() (AuthenticateResponse, error) {
+	s, err := p.Pipeline.Struct()
+	return AuthenticateResponse{s}, err
+}
+
 type TunnelServer struct{ Client capnp.Client }
 
 // TunnelServer_TypeID is the unique identifier for the type TunnelServer.
@@ -2710,6 +2825,26 @@ func (c TunnelServer) Connect(ctx context.Context, params func(TunnelServer_conn
 	}
 	return TunnelServer_connect_Results_Promise{Pipeline: capnp.NewPipeline(c.Client.Call(call))}
 }
+func (c TunnelServer) Authenticate(ctx context.Context, params func(TunnelServer_authenticate_Params) error, opts ...capnp.CallOption) TunnelServer_authenticate_Results_Promise {
+	if c.Client == nil {
+		return TunnelServer_authenticate_Results_Promise{Pipeline: capnp.NewPipeline(capnp.ErrorAnswer(capnp.ErrNullClient))}
+	}
+	call := &capnp.Call{
+		Ctx: ctx,
+		Method: capnp.Method{
+			InterfaceID:   0xea58385c65416035,
+			MethodID:      4,
+			InterfaceName: "tunnelrpc/tunnelrpc.capnp:TunnelServer",
+			MethodName:    "authenticate",
+		},
+		Options: capnp.NewCallOptions(opts),
+	}
+	if params != nil {
+		call.ParamsSize = capnp.ObjectSize{DataSize: 0, PointerCount: 3}
+		call.ParamsFunc = func(s capnp.Struct) error { return params(TunnelServer_authenticate_Params{Struct: s}) }
+	}
+	return TunnelServer_authenticate_Results_Promise{Pipeline: capnp.NewPipeline(c.Client.Call(call))}
+}
 
 type TunnelServer_Server interface {
 	RegisterTunnel(TunnelServer_registerTunnel) error
@@ -2719,6 +2854,8 @@ type TunnelServer_Server interface {
 	UnregisterTunnel(TunnelServer_unregisterTunnel) error
 
 	Connect(TunnelServer_connect) error
+
+	Authenticate(TunnelServer_authenticate) error
 }
 
 func TunnelServer_ServerToClient(s TunnelServer_Server) TunnelServer {
@@ -2728,7 +2865,7 @@ func TunnelServer_ServerToClient(s TunnelServer_Server) TunnelServer {
 
 func TunnelServer_Methods(methods []server.Method, s TunnelServer_Server) []server.Method {
 	if cap(methods) == 0 {
-		methods = make([]server.Method, 0, 4)
+		methods = make([]server.Method, 0, 5)
 	}
 
 	methods = append(methods, server.Method{
@@ -2787,6 +2924,20 @@ func TunnelServer_Methods(methods []server.Method, s TunnelServer_Server) []serv
 		ResultsSize: capnp.ObjectSize{DataSize: 0, PointerCount: 1},
 	})
 
+	methods = append(methods, server.Method{
+		Method: capnp.Method{
+			InterfaceID:   0xea58385c65416035,
+			MethodID:      4,
+			InterfaceName: "tunnelrpc/tunnelrpc.capnp:TunnelServer",
+			MethodName:    "authenticate",
+		},
+		Impl: func(c context.Context, opts capnp.CallOptions, p, r capnp.Struct) error {
+			call := TunnelServer_authenticate{c, opts, TunnelServer_authenticate_Params{Struct: p}, TunnelServer_authenticate_Results{Struct: r}}
+			return s.Authenticate(call)
+		},
+		ResultsSize: capnp.ObjectSize{DataSize: 0, PointerCount: 1},
+	})
+
 	return methods
 }
 
@@ -2822,6 +2973,14 @@ type TunnelServer_connect struct {
 	Results TunnelServer_connect_Results
 }
 
+// TunnelServer_authenticate holds the arguments for a server call to TunnelServer.authenticate.
+type TunnelServer_authenticate struct {
+	Ctx     context.Context
+	Options capnp.CallOptions
+	Params  TunnelServer_authenticate_Params
+	Results TunnelServer_authenticate_Results
+}
+
 type TunnelServer_registerTunnel_Params struct{ capnp.Struct }
 
 // TunnelServer_registerTunnel_Params_TypeID is the unique identifier for the type TunnelServer_registerTunnel_Params.
@@ -3448,6 +3607,207 @@ func (p TunnelServer_connect_Results_Promise) Result() ConnectResult_Promise {
 	return ConnectResult_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
 }
 
+type TunnelServer_authenticate_Params struct{ capnp.Struct }
+
+// TunnelServer_authenticate_Params_TypeID is the unique identifier for the type TunnelServer_authenticate_Params.
+const TunnelServer_authenticate_Params_TypeID = 0x85c8cea1ab1894f3
+
+func NewTunnelServer_authenticate_Params(s *capnp.Segment) (TunnelServer_authenticate_Params, error) {
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 3})
+	return TunnelServer_authenticate_Params{st}, err
+}
+
+func NewRootTunnelServer_authenticate_Params(s *capnp.Segment) (TunnelServer_authenticate_Params, error) {
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 3})
+	return TunnelServer_authenticate_Params{st}, err
+}
+
+func ReadRootTunnelServer_authenticate_Params(msg *capnp.Message) (TunnelServer_authenticate_Params, error) {
+	root, err := msg.RootPtr()
+	return TunnelServer_authenticate_Params{root.Struct()}, err
+}
+
+func (s TunnelServer_authenticate_Params) String() string {
+	str, _ := text.Marshal(0x85c8cea1ab1894f3, s.Struct)
+	return str
+}
+
+func (s TunnelServer_authenticate_Params) OriginCert() ([]byte, error) {
+	p, err := s.Struct.Ptr(0)
+	return []byte(p.Data()), err
+}
+
+func (s TunnelServer_authenticate_Params) HasOriginCert() bool {
+	p, err := s.Struct.Ptr(0)
+	return p.IsValid() || err != nil
+}
+
+func (s TunnelServer_authenticate_Params) SetOriginCert(v []byte) error {
+	return s.Struct.SetData(0, v)
+}
+
+func (s TunnelServer_authenticate_Params) Hostname() (string, error) {
+	p, err := s.Struct.Ptr(1)
+	return p.Text(), err
+}
+
+func (s TunnelServer_authenticate_Params) HasHostname() bool {
+	p, err := s.Struct.Ptr(1)
+	return p.IsValid() || err != nil
+}
+
+func (s TunnelServer_authenticate_Params) HostnameBytes() ([]byte, error) {
+	p, err := s.Struct.Ptr(1)
+	return p.TextBytes(), err
+}
+
+func (s TunnelServer_authenticate_Params) SetHostname(v string) error {
+	return s.Struct.SetText(1, v)
+}
+
+func (s TunnelServer_authenticate_Params) Options() (RegistrationOptions, error) {
+	p, err := s.Struct.Ptr(2)
+	return RegistrationOptions{Struct: p.Struct()}, err
+}
+
+func (s TunnelServer_authenticate_Params) HasOptions() bool {
+	p, err := s.Struct.Ptr(2)
+	return p.IsValid() || err != nil
+}
+
+func (s TunnelServer_authenticate_Params) SetOptions(v RegistrationOptions) error {
+	return s.Struct.SetPtr(2, v.Struct.ToPtr())
+}
+
+// NewOptions sets the options field to a newly
+// allocated RegistrationOptions struct, preferring placement in s's segment.
+func (s TunnelServer_authenticate_Params) NewOptions() (RegistrationOptions, error) {
+	ss, err := NewRegistrationOptions(s.Struct.Segment())
+	if err != nil {
+		return RegistrationOptions{}, err
+	}
+	err = s.Struct.SetPtr(2, ss.Struct.ToPtr())
+	return ss, err
+}
+
+// TunnelServer_authenticate_Params_List is a list of TunnelServer_authenticate_Params.
+type TunnelServer_authenticate_Params_List struct{ capnp.List }
+
+// NewTunnelServer_authenticate_Params creates a new list of TunnelServer_authenticate_Params.
+func NewTunnelServer_authenticate_Params_List(s *capnp.Segment, sz int32) (TunnelServer_authenticate_Params_List, error) {
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 3}, sz)
+	return TunnelServer_authenticate_Params_List{l}, err
+}
+
+func (s TunnelServer_authenticate_Params_List) At(i int) TunnelServer_authenticate_Params {
+	return TunnelServer_authenticate_Params{s.List.Struct(i)}
+}
+
+func (s TunnelServer_authenticate_Params_List) Set(i int, v TunnelServer_authenticate_Params) error {
+	return s.List.SetStruct(i, v.Struct)
+}
+
+func (s TunnelServer_authenticate_Params_List) String() string {
+	str, _ := text.MarshalList(0x85c8cea1ab1894f3, s.List)
+	return str
+}
+
+// TunnelServer_authenticate_Params_Promise is a wrapper for a TunnelServer_authenticate_Params promised by a client call.
+type TunnelServer_authenticate_Params_Promise struct{ *capnp.Pipeline }
+
+func (p TunnelServer_authenticate_Params_Promise) Struct() (TunnelServer_authenticate_Params, error) {
+	s, err := p.Pipeline.Struct()
+	return TunnelServer_authenticate_Params{s}, err
+}
+
+func (p TunnelServer_authenticate_Params_Promise) Options() RegistrationOptions_Promise {
+	return RegistrationOptions_Promise{Pipeline: p.Pipeline.GetPipeline(2)}
+}
+
+type TunnelServer_authenticate_Results struct{ capnp.Struct }
+
+// TunnelServer_authenticate_Results_TypeID is the unique identifier for the type TunnelServer_authenticate_Results.
+const TunnelServer_authenticate_Results_TypeID = 0xfc5edf80e39c0796
+
+func NewTunnelServer_authenticate_Results(s *capnp.Segment) (TunnelServer_authenticate_Results, error) {
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
+	return TunnelServer_authenticate_Results{st}, err
+}
+
+func NewRootTunnelServer_authenticate_Results(s *capnp.Segment) (TunnelServer_authenticate_Results, error) {
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
+	return TunnelServer_authenticate_Results{st}, err
+}
+
+func ReadRootTunnelServer_authenticate_Results(msg *capnp.Message) (TunnelServer_authenticate_Results, error) {
+	root, err := msg.RootPtr()
+	return TunnelServer_authenticate_Results{root.Struct()}, err
+}
+
+func (s TunnelServer_authenticate_Results) String() string {
+	str, _ := text.Marshal(0xfc5edf80e39c0796, s.Struct)
+	return str
+}
+
+func (s TunnelServer_authenticate_Results) Result() (AuthenticateResponse, error) {
+	p, err := s.Struct.Ptr(0)
+	return AuthenticateResponse{Struct: p.Struct()}, err
+}
+
+func (s TunnelServer_authenticate_Results) HasResult() bool {
+	p, err := s.Struct.Ptr(0)
+	return p.IsValid() || err != nil
+}
+
+func (s TunnelServer_authenticate_Results) SetResult(v AuthenticateResponse) error {
+	return s.Struct.SetPtr(0, v.Struct.ToPtr())
+}
+
+// NewResult sets the result field to a newly
+// allocated AuthenticateResponse struct, preferring placement in s's segment.
+func (s TunnelServer_authenticate_Results) NewResult() (AuthenticateResponse, error) {
+	ss, err := NewAuthenticateResponse(s.Struct.Segment())
+	if err != nil {
+		return AuthenticateResponse{}, err
+	}
+	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
+	return ss, err
+}
+
+// TunnelServer_authenticate_Results_List is a list of TunnelServer_authenticate_Results.
+type TunnelServer_authenticate_Results_List struct{ capnp.List }
+
+// NewTunnelServer_authenticate_Results creates a new list of TunnelServer_authenticate_Results.
+func NewTunnelServer_authenticate_Results_List(s *capnp.Segment, sz int32) (TunnelServer_authenticate_Results_List, error) {
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1}, sz)
+	return TunnelServer_authenticate_Results_List{l}, err
+}
+
+func (s TunnelServer_authenticate_Results_List) At(i int) TunnelServer_authenticate_Results {
+	return TunnelServer_authenticate_Results{s.List.Struct(i)}
+}
+
+func (s TunnelServer_authenticate_Results_List) Set(i int, v TunnelServer_authenticate_Results) error {
+	return s.List.SetStruct(i, v.Struct)
+}
+
+func (s TunnelServer_authenticate_Results_List) String() string {
+	str, _ := text.MarshalList(0xfc5edf80e39c0796, s.List)
+	return str
+}
+
+// TunnelServer_authenticate_Results_Promise is a wrapper for a TunnelServer_authenticate_Results promised by a client call.
+type TunnelServer_authenticate_Results_Promise struct{ *capnp.Pipeline }
+
+func (p TunnelServer_authenticate_Results_Promise) Struct() (TunnelServer_authenticate_Results, error) {
+	s, err := p.Pipeline.Struct()
+	return TunnelServer_authenticate_Results{s}, err
+}
+
+func (p TunnelServer_authenticate_Results_Promise) Result() AuthenticateResponse_Promise {
+	return AuthenticateResponse_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
+}
+
 type ClientService struct{ Client capnp.Client }
 
 // ClientService_TypeID is the unique identifier for the type ClientService.
@@ -3681,233 +4041,246 @@ func (p ClientService_useConfiguration_Results_Promise) Result() UseConfiguratio
 	return UseConfigurationResult_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
 }
 
-const schema_db8274f9144abc7e = "x\xda\xacY{\x8c\\\xe5u?\xe7~\xb3{\xd7\x8f" +
-	"\xf1\xcc\xed\x1d\x843\xf5j+\x0b\x1a\xec`\x17\xe3\xd0" +
-	"\xe2m\xc9\xec\xc3vv7k{\xee\xce\xae\x01c$" +
-	"_\xcf|\xbb{\xd7w\xee\x1d\xdf\x87\xd9\xb5L\x8c-" +
-	"S`\x0b\xc1&\xb1\x84\x89\x89\xc0\x8d\xcbCv\x83\x89" +
-	"Q\x0b\x05\x14\xaa\xa6\x84&\x11q\x8b\xab\xd0\x12\x09\x02" +
-	"V\x15TDM\"!\xaa\x84[\x9d\xfb\xde\xd9e\x8d" +
-	"\xab\xfc\xb3;:s\xbe\xef;\xcf\xdfy\xccu\x99\x05" +
-	"]\xc2\x9a\x163\x0b\xa0\x1coi\xf5Z\xfe\xf8\xfc\xdb" +
-	"\x8d\xb7\xc5C \x15\xd1\xfb\xfa\x8b\x03\x85O\x9c\x83\xff" +
-	"\x09-\x82\x08\xb0\xf6\xd1\xd6\x01\x94\xcf\xb4\x8a\x00\xf2\xe9" +
-	"\xd6;\x00\xbd\xbf\xa8\xbf~\xe2O\x8f\xfe\x98\x98\x85\x84" +
-	"\x19p\xed\x15\xe2^\x94W\x88\xc4y\xb5\xb8\x05\xd0\xfb" +
-	"\xb7\xeb\xf6\xbd\xb7\xe3\xd7G\xee\x9dym\x86n\xbdI" +
-	"\x9cFyD\x14\x81y\x8f\xdeV\xf8\x17|\xec\xe3#" +
-	" ]\x83\x00-H_\xaf\x11\x17\x0a\x80r\xbfX\x02" +
-	"\xf4^\xbf\xf6\xc5\x17\x0e\x7f\xff\x9eo\x83\xf2ED\x08" +
-	"\xcek\xe2\xff\"\xa0|\xa7\xcfp\xf1\xbb_\xca\x9c~" +
-	"\xfd\x0f\xbe\xe33x'\xcf\xdd\xfc\xec\xe1\xef\xff\xd1\xfb" +
-	"0\"\x88\x98\x01X{R\xb4\x88\xf7\x8c\xf8_\x80\xde" +
-	"\xb7~\xfe\xd2\xe6\xfa\x91GN\x80\xf4\xc5\xe8\xae#m" +
-	"\x82\x00\x19\xef\x86\xff\xb8\xb0e\xd3\xb3\xa3O\x04\xdf\x04" +
-	"r\xdc\xdd\xf6,\x1d=\xdaF\xcf\xfc\xe8\x8e\xfc\xfd\xdd" +
-	"\x7f\xf6\xe0\x13\xa0\x141m\xa6\x16\xe2|\xbem\x1a\xe5" +
-	"sm\xf4\xf1\xa7m7#\xa07\xbd\xee\xa5\xad\xbf\xfe" +
-	"K\xfbiPVa\xc6\xfb\xa7\xfb\xde\xdd\xb3\xe2\xa9\xd1" +
-	"W}\xa9\x18\xc0\xda\x0d\x0b\xff\x95\xae\xbeu\xe1\xf7\x00" +
-	"\xbd\xec?\xac\xdc\xfc\xe0{\x83g\xe8\xea\x94Q\x03!" +
-	">Y\xd8\x89\xf2\x82Ed\xd7\x96E\xc4\xfd\xb3k\xb7" +
-	"\xbe\xfc\xf23cg\x9a\x05\xf1\xfdur\xd1\x00\xca\xcf" +
-	"\xfb\xdc\xcf\xf9\xdcW\xf4\xe3[?X\x93\xf9\xbbP/" +
-	"\xe6\x9bo\xf1\xfb\xbe\xf9\x16\x13\xc3m\xbf}\xee\x1f7" +
-	"|\xf8\xc6\xf3i\x07\xb4g\x05r\xc0\x9a,)\xbem" +
-	"\x1a\xebouv\xbd\x0c\xca5\x88\xde\xc4\xd1}N\xdf" +
-	"\xc3\x0fx0\x82\"\x0a\x00ko\xcd\xee\xa5\xcbx\x96" +
-	"\xa2\xa3\xfd\x83\x9e\xac\xf1\xe1\xc1\x1f4\x85\x92\xff\xea+" +
-	"\xd9\x01\x94\xcfgI\xb4s\xd9\xef\x01~\xfc\xf4=\x87" +
-	"\xfb\xdf]\xff\xaaR\xc4L\xb3\xd2\xf5%{Q>\xb0" +
-	"\x84>\xde\xb9\xa4\x83\xec\x19[\xb0\x89\xdd\xd7\xfatn" +
-	"\x02\xe5Wr\xf4\xf1\xa5\x9c\xcf>p\xdb7\x1fj\xb9" +
-	"\xf0\xcdW\x9bMJ\xf1\xb9\xf6\xb5\xbc\x85\xf2/\xf2\xf4" +
-	"\xf1\xcd\xfc\x13\x02\xa0W|\xe6\xcf\xff\xb6\xa7\xf6\xe6\x8f" +
-	"\xe7H\x01\xf9\x87\xf2G\xf29\x99>\xfdT&\x1d\xef" +
-	"\xf9\xd2\xd4\xde\xcdWO\x9fo\xb6\xbf/\xf8\x8a\xc24" +
-	"\xca\xdd\x05\xe2\xbe\xa9@\xdc\xc2\x05\xf5\x0bw\xfd\xfbW" +
-	"\xdeJE\xdc\xe9\xc2/\x112\xde\xe6\xad\xb7M,\xb8" +
-	"\xf3\xddw\xd3\x11\xf7x\xc1\xf7\xccs\x052\xfcY\xe9" +
-	"!\xf9\xc5\xc7\xff\xe6=zHl\xb6\xe6\xf9\xc26\x94" +
-	"\x7fE\x0f\xad\xbdP\xf0u\x88#\x7f\xae\xb8x\xe7\xca" +
-	"N\x94/^Ir}p%\xc9u\xc3\x8en\xbe\xfd" +
-	"\xc6[\xde\x07\xa9\xc8f\xe4\xf1\xaa\xa5\x9d(\xdf\xb4\x94" +
-	"\x0e\xad[*\xa2\xfc+\xfa\xe8}cl\xdbk\x17{" +
-	"\x1f\xff\x9f\xe6\xcb}\x85\xce\xd1\x91w\xfc#\xbfX\xea" +
-	"\x9b\x7f\xed\x9a\xbf\xfa\xe0\xe8_\xf7^\x9cu\xfb\x8ab" +
-	"\x0f\xca\xeb\x8a$\xc7\x0d\xc5\xaf\xca\xbc\xe8_\xfe\xf5\xf5" +
-	"[\xd6-\x7f\xe5\xa3\xb4%6\x15?\"K\xa8E\xb2" +
-	"\xc4\xe8\x8d\xff\xfd\xd5\xab\xbf\xf1\xcf\x1f5\xb9\xc7g<" +
-	"P\\\x89\xf2\x11\xff\xc6\x07\x88\xf9\xc3\x8d\xdfy\xa3\x98" +
-	"+\xfef.A\xcf\x14'P\xfea\xd1\x8f\xc6\xa2/" +
-	"\xe8-\xbf|\xe4\x8e\xd2\xb7\x7f\xf31\xe9\xc5\x9aP\xea" +
-	"\xe2\x1fnC\xb9e\x19\xdd\x8c\xcb(U\x06O\xbd\xf9" +
-	"\x95\xf1\xa3?\xfa\xa4\xd9\x08\xbeCN/;\x88\xf2+" +
-	">\xf7K\xcb\x08k\xf6}x\xac\xef\xc1\xed\xa7>M" +
-	"ku\xb2\xfd\x05\xdf\xbf\xed\xa4U\x9cJs\x05\xd2\xf9" +
-	"\xf6\x1e\x94/\xb4\xd3u\xef\xb4\x97`\x95\xe7\xb8\x86\xc1" +
-	"u\xab\x91\xa9\xfeI\xf4\xb1\xba\xba\xaa6\x8cFg\xaf" +
-	"i\x18\xbc\xeaT\xdcj\x95\xdb6@\x19Qic\x19" +
-	"\x80\x0c\x02H+\x1e\x01P\xaee\xa8\xdc(\xa0\x84X" +
-	" \x14\x95n\x98\x00P\xbe\xccP\xe9\x12\xd0\xb3\xb9\xb5" +
-	"\x87[\x83&VUG3\x8d\xcd*\xabs\\\x0c\x02" +
-	".\x06\xf4\xaa\xba\xc6\x0d\xa7\xd7\x84\x9c1\xaa\x8da>" +
-	"\x09\x05@\xcc\x03\xce'\xd8\x86I\xcdv4cl\xd8" +
-	"\xa7\x97\xca\xa6\xaeU\xa7H\xba\xc5\x04\x1dR{'\xdd" +
-	"!]\xb1\x0d\x00\x05I\xea\x01(ic\x86iq\xaf" +
-	"\xa6\xd9UR\x0aX\xd5\xd9\xbfS\xd5U\xa3\xca\xe3\x87" +
-	"Zf?\xd4\xc7u\xdd\xbc\xd9\xb4\xf4\xda\x16K\x1b\xd3" +
-	"\x8c^\x93\x84\xf5-\x11\x1f\x13\xe70\x9c\xaf[\x85[" +
-	"{\xb4*_\xed\xda<8\xe7Z\xbe\x1d\xae\x1a\xe2\xb6" +
-	"\xab;6\x80\x92\x89\xad\x99\xed\x04P\xda\x18*\x05\x01" +
-	"K\x96\xcf\x80\xf9\x04\x13\x9al\xd2:\xfb\xcd\xc0\x16\x15" +
-	"\xdf\xe4\xab]\xc3\xe2c\x9a\xedp+ _U*\xab" +
-	"\x96Z\xb7\xd3\x0f\x92\xfb\xf2\x0c\x95e\x02zc\x96Z" +
-	"\xe5en\xa1f\xd66\xab\x86Ya\xbc\x8a- `" +
-	"\xcb\xfc\x8e\xd8\xa8j:\xaf\x05\xda\xad\xaev\xf8\xff\x95" +
-	"<\xcb,\xf6<\xff\x11u\x1b\x80\xb2\x83\xa1\xa2\x0b\x98" +
-	"\xc5O\xbd H\xb4\xbd\x00\xca8C\xc5\x110+\xfc" +
-	"\xce+\xf8^\xdb\xbd\x1c@\xd1\x19*\x93\x02f\xd9o" +
-	"\xbd\x02\x154\xc9\xa5\x80r\x18*wQ@\xb9\x0d\xb2" +
-	"\xa9\x0d\xcc\xb40\x9f$Yh\x1d^\x1b#K\x1bP" +
-	"\xe2U24\xe6\xa3Z\x100\x885s\x1c\xf3I\xa1" +
-	"\x0b\x8fY|\x0f\xb7l^\x86\x9ceNNa>\xa9" +
-	"\x09MV\xcf^\xae\xd5#G\xc7\xa7\xe6?_\x0d\xf2" +
-	"\xed\xaar\xc7,g\x91\x1d\x173T\x96\x0a\xe85\xe8" +
-	"[\xeep`\x96\x8d\xf9\xa4\x81h\x92v\x8ep\xee\xa5" +
-	"\xbfaV\x97\xc3[\xac0\xb1\x97\xc6\x8f\x1d\xa3\xc7\x1e" +
-	"f\xa8|7\x95\xd8\x8f[\x00\xcac\x0c\x95S\x02\xa2" +
-	"\x10x\xec\xa9\x13\x00\xca)\x86\xca\xdf\x0b(1!p" +
-	"\xd8s+\x01\x94g\x18*?\x11P\xca\xb0\x025K" +
-	"\xd2k\x14l?a\xa8\xfc\\@\xa9%S\xc0\x16\x00" +
-	"\xe9\xfcN\x00\xe5\x0d\x86\xca\xdb\x02zf\x90_\xa4\x94" +
-	"\x83Y\x100\xebc\x84\xe9\xd6Fu\x15:,^\xeb" +
-	"_\x1f\xd3\x0d\xb7^\xb6\xf8\x1e\x0dM\xd7\xeev\x1c^" +
-	"\x17\x1b\x8e\x8d\xad `+`\xceQ\xc7l\\\x02X" +
-	"f\x88\xf9\xa4\x04\x03\x121\xbe\x13-^\xdb\xca-[" +
-	"c\xa6\x11\x83\x92f8\xdcp\x06U\x10wr=\xa6" +
-	"\xce\x93uCa\xecP\xe4\x84i`&H\x81c\xca" +
-	"b\x96Y\xe6y\xa1\x117\x90m\xba\x18*\x83\x02\xb6" +
-	"\xe3\xa7D&;\xf6\x0f\x01(}\x0c\x95a\x01\xdb\x85" +
-	"\xdf\x11\x99,\xa9\x90\x1f\xca\x0c\x95\xed\x02\xe6\xc6\x1d\xa7" +
-	"\x81\xf9\xa4v\x87\xce\xbe\x83\xef\xb4\xcd\xea.\x0eHp" +
-	"\x11\x17\x92\xf0\xdb\xf1\x10\xbe\x80\xe95\xcc'\x9dsS" +
-	"\xa4\xb0\xcf\x82\xfe\x92\xb3\xc1\xb2L\xcbG\xd68<6" +
-	"\\\x9f(\x11EG\xff\xb6D\x03I\xe8\x0a\xd4Rv" +
-	"&\xf2wTU\xd7N\xc0\xdf\xe2\x8e5\xd5=\xea\x00" +
-	"\xe3V\x8c3\xf6\xb8\xe9\xea\xb5!\x0e\xa2cM!\x82" +
-	"\x808?\xfa\xac7\xfbR\x86\x0f\xc28%'\xc9\xb4" +
-	"\x9e\xa1RN\xe4\xdcD\xb4A\x86\xca-$gh\xfe" +
-	"\x112\xff0C\xa5!\xa0\xa7S\xfe\x1a}&0\xdb" +
-	"\x89\xc5\x0d\x88e\xd3\x0fN\x11\x04\x14\x01=\xb7a;" +
-	"\x16W\xeb\x80q\xb4\x11\xff\x92\xcb\x80\xe9&\xb8(\xab" +
-	"9?\xef\xe7\xd6!N\xc5M\x03i%\xc2\\\x1c\xe9" +
-	"I\x8c=w2\x8d\x9b\xb6c\xa8u\x0e\x00\x91b\xfb" +
-	"\xcd\x06\xe1$\xa1H\xdc\xd86\xc5\xc6\xe5W\xb7\xa0\xd2" +
-	"\xcc\xa8m'R\xa5\xa6\x1a\x9eF\xffx\xafi\x88\x97" +
-	"]\xfeC\x04\x0b\xd0uuX-\xa93\x89\xca\xce\x0a" +
-	"*%W1T\xaeK\x97\x9dUd\xa2k\x18*_" +
-	"\x16P\xe4\x16U\x90xB\x0a\x1e\xddo\x07\xad\x0e\xe6" +
-	"\x93\xe1\xf5\xd2\xe2t\xbb\xce87\x1c-\xe8rf\x85" +
-	"\xe1\xf2$]b\x17\xf6_\x9f\xf2k\xe4\xc2M;\x13" +
-	"\xbf\x8a\xbb\xf8T\xe4\xa5\x0e^W\xb5\x04\x8dB\xe7v" +
-	"\x83\xf8\xb5\x84g\xden),\x8bAQ,\x05\xde\"" +
-	"!\x0b\xb1\x90wN\x03(w1T\xeeO\x09y\xdf" +
-	"C\x00\xca\xfd\x0c\x95\x87SB\x1e%#\x1ef\xa8\x1c" +
-	"'\xccg\x01R\x1d#\x07\x1fg\xa8<) f\x02" +
-	"\xc8?I\x90\xff$C\xe5\xac\xe0\x03v_w\xafi" +
-	"`(\x84\x0d\x10\xc1\xb57\xceU\xcb\xd9\xc9Ut\xfa" +
-	"\x0d\x87[{T\xd4#H\xd8\xefhun\xbaN\x0c" +
-	"\x11uu\xd2o9\xb0\xd6\x17\x9c\x12U\xc7\xc6\x05 " +
-	"\xe0\x02\xcaH\x9b[\xbd\x16\xaf!yC\xd5\xcb*s" +
-	"\xc6?\x8f\x81f\x82xn\x0e\xf3P\xc3\xb2\x8f\xa1r" +
-	"/A\x09\xa6\xa6p\xe9\xee\x09\x10|$!\x9dw\xf7" +
-	"$-\x8c_\x10\xa9\xcc\xb9d\xc6I\x86\xca\xa1\xb0 " +
-	"\xb6\x02H\x07\xc8:\x87\x18*\x87\x85H\xb4>\x13J" +
-	"A\x866\xbb:\xec\x91\xf7\x13jj<\xd17\xec\x17" +
-	"44\x8da\xdfP\x98X\xaaj\xd6\x1b\x16\x85\xb2f" +
-	"\x1a\x8a\xab\xea\x1as\xa6\xe2\x83\xf3\xda\x82 )H\xe5" +
-	"-\x8d\x0e\xdfYd\x8c\xeb\"c\xc8\xdd8\x00P\xe9" +
-	"B\x86\x95AL\xc2E\xee\xc7\x1e\x80\xcaz\xa2\x971" +
-	"\x89\x18y\x13\x16\x01*}D\x1fF\x011\x88\x19Y" +
-	"\xc1\xa7\x01*\xc3D\xde\x81I\xab \xdf\xee_\xbf\x9d" +
-	"\xe8\xe3\x98t\x0b2\xc7\x95\x00\x95\x1dD\xdfG\xf4V" +
-	"\xc1\xb7\xa4<\x85\x13\x00\x95I\xa2\x1f\"\xba\xd8R\xa0" +
-	"AG>\x80\x16@\xe5.\xa2\xdfO\xf4\xb6\xa5\x05l" +
-	"\x03\x90\xef\xf3\xe9\xf7\x12\xfd[D_\xf0\x85\x02.\x00" +
-	"\x90\x8f\xe0A\x80\xcaa\xa2\x1f'\xfaB,\xe0B\x00" +
-	"\xf9\x18>\x02P9N\xf4'\x89\xbe\xa8\xb5\x80\x8b\x00" +
-	"\xe4\x93\xbe<\x8f\x11\xfd\x14\xc6\xb8\xd6_K\xc3+\x85" +
-	"\x95\x96\xb4\x17\xcc\xb4c\xd7\xf2p\x84\xc1\x00\xfb\xcbf" +
-	"\x8ef\x18\xcc%\x8b0@\xcc\x01z\x0d\xd3\xd47\xcf" +
-	"\x84\xedKu8aX@\xce4\xfakq\x9e\x05\xc1" +
-	"4hBGU\xd5\xfb\x1bI\xcfcw\xbb\x8e\xe96" +
-	"\xa0\xa3\xa6:\xbc\x16\x17^\xcb56Zf}\x18\xb9" +
-	"U\xd7\x0cU\x87\xf8\x9b\xf9b+\xe7\xbaZmV\xd2" +
-	"\x09\xcd\x81\xd6\xd1\xe8\x1cV\xc7\x9a\x06\xca\x95\x09j\xc7" +
-	" \xb4\xea\xfa\x04\xb4s\xe9\xe4\xe8\xd8\xa3\xea.\x9f\xf5" +
-	"\xd2\x1c]\xefHS\x85\x0a\xea\xc6\xacq\xb6'y=" +
-	"~\xdc\x0aG\xdc>!\xa9\x0d\x91\x15F\xc3\xd9\x07:" +
-	"\xe8\xee\x94?\xe2\x85I\xe8\x8f\xcf\xdb\x0d\x8cq'\xf8" +
-	"\xd4o\x8c\x9aTFE\xb5n\xff?O\x0fq;G" +
-	"\xa3\xc7%'\xccx\x05r\xe9:\xd77<\\N\xc6" +
-	"`\x16\x80d\x1a\x17\x86\xd2\xb8\x90\xc0\xc2D:\xfd\xa3" +
-	"\xeePV\xfc<,\x13};&\xf3\x83|+\x9e\x98" +
-	"\x91\xff\x99\xee\x00\x17\xb8\x7f}\x8d\xe8\x0d\x1f\x170\xc0" +
-	"\x85\xba\x7f\xbfN\xf4\xc94.\xb88=\x13\x17X\x84" +
-	"\x0b\x94\xcf\x87\x88~\xd8\xc7\x85L\x80\x0b\x0f\xe0\xb33" +
-	"\xf2\x7fAK\x80\x0b\xc7\xf0\x85\x19\xf9\xbf\xb05\xc0\x85" +
-	"\x93>\xff\x93D?\xeb\xe3BO\x80\x0bg|\x1cy" +
-	"\x86\xe8/\x12.\xb8\x96^q,\xcd\x00\x1cK\x82\xb5" +
-	"\xda\xf8\x1a\xe7\x8dn\xc8\xe9\xda\x1e\x1ecvMS\xf5" +
-	"\xf5\xae\xaaCG\xc5Q\xab\xbb\x92\x16X\xb7\xfbT\xa3" +
-	"f\xe3\xb8\xba\x8b\x13\xd2\x8b\xe9\x9a\xe8\xe8\xf6Vni" +
-	"\xa3\x80I\xd3\x1c\xf7\x08\xb9\xb2i6\xb7\x0e~\xef\xc5" +
-	"\xad\x00T\xe2\xef\xea\xead\x7fM\xe7\xbd\x18u\x0a\xcc" +
-	"H*\x8dF\xdf\x98\x86\x81A\xf9\x1e\xd6:f\xd6\xe5" +
-	"F\xd8\x86G\xf5}\xb8\xd4T\xb8\xf9d\x83W\x9d^" +
-	"\x13\x0dG3\\>\xeb\x82\xea\xb8k\xec\xe2\xb5\x0dh" +
-	"T\xcd\x9af\x8c\xc1\xac\xfe\x9f}\xd6\xf6!\xd5\xd0\xf8" +
-	"\xd9\x8c\xa9\xd5\xbd\xb4\xa2\x13\x04\x1fK\xa8<K\x9d\xc9" +
-	"\x14]\xaa\xfa\xa7J\x16W\xed\xd4\x008\xcfk\xe1\xb2" +
-	")H2z-\xcfZ\x00\xe2E8F\xdbFi\xf7" +
-	"^\x10$M\xc4dI\x8b\xd1NV\xba\xdd\x02A\x1a" +
-	"\x11Q\x88\x7f\x7f\xc0\xe8\xb7\x03\xa9\x7f\x1a\x04i\x83\x88" +
-	",\xfe\xd1\x00\xa3]\x9f\xb4\xae\x07\x04i\x95\xe8E\x13" +
-	"\x03\x94\x02q\xba\xd0\x8b\x12\x1f:\xfc\xd4\xefB/\xda" +
-	"C`4Y\x00t\xe1\xfe\xb0,tazy\xc5>" +
-	"\xab\xbd\x9f\xbbM\xecIZ\x99\x08#\x0fL'\x9dL" +
-	"<R=\xf0t\xbaK\x0c7\x03\xc7\x0e\x86{\x85\xb3" +
-	"\xa9\xcd\xc0\x19j\x1d\xcf2T~&$\xf52\x0a\xbb" +
-	"h\xdf\x83\xa6\x15\xcdx\xf3\xac}\xc2\xe0\x0c;\xb8\xe6" +
-	"\xe5\x8fW3\xc7\xfd\x0e\x0f\x83\xablH\x10;\xbd\x11" +
-	"Z\x92\xda\x08a4]\x8a3\x00>\xbd\x1fZr\x89" +
-	"Q%=+\xf9\x15'\xe3GM\xf4\xeb\x08F\xbfS" +
-	"I\x12y?+z\xd1<\x85Q\xb9\"\xe7\xa5]v" +
-	"\x99C\xe5\x10\xef\xb0?O%\x88\xf6\xdb\x97\xde\x0d\x04" +
-	"\xef\xe4(\xd8\x02\x85\xe2{'R[*\xdd\x0c\xe7\xa1" +
-	"\xdc\xe6tK;\x8f\xad\x02\x81\xa3\x064G\x87\x9b\xc2" +
-	"oy\xaa\x93\x8e\xe3oy\xd2\x9b\xc7S\xca\xdd\x03a" +
-	"P>\x167\x9c\xd2\xa3\xd3\xc9\x06+\x0e\xbf\xa7\x06\x92" +
-	")\xc5\x9f\x09C9E\xd7J`S7\xc7\x065\x83" +
-	"\xdb\xd4\x825M\xfa\x0dn\xd5U\x83\x1b\xe8\x10\x18\xb9" +
-	"\x16!\xeaL\xe4\xea_\x9f\xea\xdc\xe6S\xbf\x12\x06{" +
-	"\x10\xebayM\xcd\x91'R+\x96Hy\xe5\x85p" +
-	"u\xb1#\xa5\xfc\xed4Gng\xa8\x8c\x0b\xe8\xa9\xae" +
-	"c\x8e4j*:|\xa3\xc5w\xbb\\4\xaaS\xc9" +
-	"<E\x13E\xd5\x1e\xc1\x06\xf5~\x1b-^\xda\xed\xf2" +
-	"4C\xb4\x18\x06Q3k\xb36\xc2s4[7\xf3" +
-	"\x9d\x15\xb3\xba\x8b;3\x16\xe6\x01\\F\xaa\xa8C\xc9" +
-	"V8\xd2D\x1bJv\xc21\x8c\xec\xa6\x80j0T" +
-	"\xf6\xa5`dj:q\xf8\xdc\xd5\xf5\xf7S\x10\xe7Q" +
-	"r\xce\xad\xedP\x89\x7f\xaeDK~\x9f\xb9\xccM\x07" +
-	"\xc4\xd9\x86\xa9_O\xe9\x11!\xbc\xfc\xff\x02\x00\x00\xff" +
-	"\xff~Y\x81&"
+const schema_db8274f9144abc7e = "x\xda\xccZ{p\x1d\xe5u?g\xf7\xca+)\x96" +
+	"\xef\xdd\xacl\xb0\xb0\xb8\xae\xc7n\xb0\x03.Fq\x0b" +
+	"j'W\x0f\xdbH\x8al\xdf\xd5\xc3\x80\xb0;^\xdd" +
+	"\xfbIZy\xef\xee\xf5>l\xc9c\xe2\xc7\xd8\x05T" +
+	"\x1cl\x82;\x98\x98\x8c\xed\xc6\xc5\xa6N\x83\x89\x996" +
+	"\x14\x98\xa4\xed\x14h\xd2\x12R\xe8\xc4)\x9d\x12\x8c\xa7" +
+	"\x13\xa6\x0c\x05\xd2a\xe8`\xb6s\xf6\xad+!\xd9\x99" +
+	"\xfe\xd1\x7f\xec\x9ds\xcf\xf78\xaf\xdfy|\xba\xf5\xe5" +
+	"\x9a\x16nU\xd5\xcey\x00\xf2\x99\xaa9.[\xf1\xb3" +
+	"]'\x96\xfd\xed~\x90\x1b\x10\xdd\xaf?\xdfU\xff\x89" +
+	"\xbd\xff_\xa1\x8a\x17\x00\x9a~K\xd8\x85\xd2jA\x00" +
+	"\x90V\x09\xff\x01\xe8V\xfd\xf6\x1bo\x95\xdf\x12\x0e\x80" +
+	"\xd8\x90d\xe6\x88y~u\x17J\xcb\xab\x89yY\xf5" +
+	"N@\xf7\x0fJ\xaf\x9e\xfa\xdd\xa3?&f.f\x06" +
+	"l:T\xbd\x0b\xa5\x93\x1e\xe7\x13\xd5\x1b\x01\xdd\x8f\x1e" +
+	"\xbd\xfe\xcfO\xfe\xd3\xcb\x07A\xfc\x12Bp\xf6\xb3\xd5" +
+	"\xbf@@\xe9\x95\xea\xef\x01\xba\xff|\xeb\xeew\xb6~" +
+	"t\xe4\x81\xc9\xe7\xa6\x88O\xad\x99@i_\x8d\x00\xbc" +
+	"\xfb\xc4\xbd\xf5\xff\x80'>>\x02\xe2M\xb4\x0d\xd2\xcf" +
+	"[jj9@\xc9\xa9\xc9\x01\xba\xaf\xde\xfc\xfcs\x87" +
+	"\xbf\x7f\xff\xb7@\xfe\x12\"\xf8\xeb\x8f\xd6\xfc\x0f\x9ds" +
+	"\xd6c\xf8\xe0;_N}\xf7\xd5/~\xdbcpO" +
+	"\xbfv\xd73\x87\xbf\xbf\xf8]\xe8\xe7\x04L\x014\xbd" +
+	"Vc\x12\xef\xbf\xd5\x90.\x1e\xfd\xf9\x0b\x1bJG\x1e" +
+	"?\xe5_\xda\xdb\xeb\x85Z\x8e\x83\x94\xbb\xfa\x17\x977" +
+	"\xae\x7ff\xe8\xc9@\x1c\xef\x1e\xe7k\x9f\xa1\xa5?\xaa" +
+	"\xa5c^\xde\x99y\xa8\xf5\xf7\x1e~\xb2R\xe9U\xc4" +
+	"y\xb9v\x02\xa5+\xb5\xf4\xf9I\xed]\x08\xe8N\xdc" +
+	"\xf1\xc2\xa6\x8f\xfe\xc8z\x0a\xe4[0\xe5\xfe\xdd\x83\x97" +
+	"v,?;\xf4\x92w+\x1e\xa0i\xfb\xdc\x9f\xd1\xd6" +
+	"\x07\xe7\x92\xa6\xea\xfez\xc5\x86\x87\xdf\xe9>O['" +
+	"\xb4\xee_bY]3J\xab\xeb<{\xd6\x11\xf7O" +
+	"o\xde\xf4\xe2\x8bO\x0f\x9f\xaf\xbc\x88g\xd0\xd7\xea\xba" +
+	"P\xba\xecq\xff\xd2\xe3\x9e\xdf\x89o\xfepU\xea/" +
+	"\x93f::\xef]O}\xf3\x88\xe1\xdeO\x9f\xfd\x9b" +
+	"\xb5\xef\xbf\xfe\x83\xa4\x01:\xd3\x1c\x19`K\x9a\x04\x1f" +
+	"\x98\xc0\xd2\x9b\xcd-/\x82|\x13\xa2;zt\xb7\xdd" +
+	"\xf1\xd8!\x17\xfaQ@\x0e\xa0\xe9`z\x17mv$" +
+	"M\xee\xd3\xf8^[\x9d\xfe\xfe\xfe\x1fV\xf8\x9aw\xea" +
+	"{\xe9.\x940CW\xbb\x92\xfe\x1e\xe0\xc7O\xdd\x7f" +
+	"\xb8\xf3\xd2\x9a\x97\xe4\x06LU\x0a},\xb3\x0b\xa5\xef" +
+	"\x12o\xd3\xd9L\x96\xf4\x19i\xb0\x82\xdd\x93\xfa\xa28" +
+	"\x8a\xd2{\"}\xfeJ\xf4\xd8\xbb\xee\xfd\xe6#U\x97" +
+	"\xbf\xf9R\xa5J).\x9a\xfe\xfb\x8b&J5\x12}" +
+	"VIOr\x80n\xc3\xd3\xbf\xff\x17m\xc5\x8b?\x9e" +
+	"&F\xa4\x0f\xe6\x7f(]\x99O_\x9f\xcc'\x19\xef" +
+	"\xff\xf2\xf8\xae\x0d\xcb&\xde\xa8\xd4\xbfw\xf1\xfe\x05\x13" +
+	"(\x95\x16\x10\xb7\xba\x80\xb8\xb9\xcb\xca\xc2\xbd\xff\xf2\xd5" +
+	"7\x13\x1ewq\xc1\xdb\x08)w\xc3\xa6{Gk\xee" +
+	"\xbbt)\xe9q\xff\xb8\xc0\xb3\xcc/\x17\x90\xe2/\x88" +
+	"\x8fH\xcf\x9f\xfc\xb3w\xe8 \xa1R\x9bx\xdd\x00J" +
+	"\xf3\xaf\xa3O\xf1:O\x86\xc8\xf3\xa7\xf3\x8b\xba\x86f" +
+	"\x94\x1a\x1b\xe8^\x0b\x1b\xe8^\xab\xb7\xb6\xb2\xcd\xb7\xdf" +
+	"\xfd.\x88\x0d\xfc\xa4@\xbf\x878U\xe2lb\x0dw" +
+	"\xa2\xd4z\x83\x00\xe0~cx\xe0\x95\x0f\xdaO\xfeW" +
+	"\xe5\xe6\x9e@\xcbohF\xe9\x0e\xe2kZ}\x83\xa7" +
+	"\xfe\xa6U\x7f\xfc\xde\xd1?m\xff`\xca\xee\xfb\x16\xb5" +
+	"\xa1td\x11\xdd\xe3\xd0\xa2;\xa5\x17\x16y\x9b\x7f}" +
+	"\xcd\xc6;\x96\xfc\xe8\xc3\xa4&N/\xfa\x904\xf1\x83" +
+	"E\xa4\x89\xa1\xdb\xff\xf3\xcee\xdf\xf8\xfb\x0f+\xcc\xe3" +
+	"1^\\\xb4\x02\xa5_y;^&\xe6\xf7\xd7}\xfb" +
+	"\xf5\x86t\xc3\xaf\xa7\xbbhM\xe3(J\x8d\x8d\xf4\xb9" +
+	"\xb0\xd1\xbb\xe8\xddo?\xbe3\xf7\xad_\x7fLr\xf1" +
+	"\x15(\xd5y\xe3\x00J[n\xa4\x9d\xef\xb9\x91B\xa5" +
+	"\xfb\xdc\xc5\xaf\x8e\x1c}\xf9\x93iq\xb7*\xbb\x1f\xa5" +
+	"\x85Y\xe2\x9e\x9f%\xac\xf9\x13\xe1\xf8\xa5\xbd\xff\xfe\x87" +
+	"\x9f&\xa5\xba\x92}\x9b\xa4\x12\x17\x93T\xbb\xdf?\xd6" +
+	"\xf1\xf0\xe6s\x9f%\x19V-~\x8e\x18Z=\x86(" +
+	"\xd6\xa6\xf34eq\x1bJ\xdb\x17\xd3y\xa5\xc59\xb8" +
+	"\xc5\xb5\x1d]g\x9aYN\x15~'\xfc,\xac,(" +
+	"e\xbd\xdc\xdc\xea\xd8#L\xb7\xd5\x82b\xb3\x1e\x96\xb3" +
+	"\xca\x86n\xb1<\xa2\x9c\xe1S\x00)\x04\x10\x95Q\x00" +
+	"y+\x8f\xb2\xc6\xa1\x88XOX+\xaaD\x1c\xe1Q" +
+	"\xb69\x149\xae\x9e\x02^\xdc\xbe\x04@\xd6x\x94\xc7" +
+	"8D\xbe\x9e\xe0Lt\x1e\x01\x90\xc7x\x94\x0fp\xe8" +
+	"\x96\x99YRt\xa6C\xda^k\x9a8\x178\x9c\x0b" +
+	"\xe8\x9a\xcc6\xc7\x95A\x0d\xd2,A\x16Fw\xdaX" +
+	"\x07\x1c\xd6\x01\xba#\x86cZ\xfd\xba\x8d\xaa\xd6\xc3\x86" +
+	"Lf\xe1\x08\xce\x01\x0e\xe7\x00\xce$^\xbb\xa1\xeb\xac" +
+	"`\xf7:\x85\x02\xb3,\x00\x92\xac:\x92l\xf9\xe3\x00" +
+	"\xf2\xcd<\xca\xb7'$[M\x92}\x85G\xb9\x85C" +
+	"\xd7b\xe6\x0efv\x1bXPl\xd5\xd07(|\x89" +
+	"E\xd7.h*\xd3\xedv\x03\xd2\xfa\x90:\x8c\x998" +
+	"\x14\x0013\xf3\xc5\xd6\x8e\xa9\x96\xad\xea\xc3}\x1e=" +
+	"\x9774\xb50N\xb7\x9b\xebi\xb2\xb1\x99\xf6\x10\xe7" +
+	"\x0f\x00 '\x8am\x009uX7L\xe6\x16U\xab" +
+	"@B\x01_\xb0\xf7\x0c*\x9a\xa2\x17Xt\xd0\x9c\xa9" +
+	"\x07\xf9\x07\xf4zr\xacT\x12\xd6^\x9aWL\x85/" +
+	"Y\xf2\xdcH\x1fk\x07\x00\xe45<\xca\xf9\x84>\xd6" +
+	"w\x01\xc8\xdd<\xcaw',\xdd\xdf\x06 \xe7y\x94" +
+	"7s\xe8\x1a\xa6:\xac\xea\xed\x0cx3i0\xcb\xd6" +
+	"\x95\x12\x03\x80Pa{\x8c2)\xd1\xc2L\x0c\xc2\x15" +
+	"\x9a\xaa\x9a*@\x07\xd34\xe3.\xc3\xd4\x8a\x1b\xfds" +
+	"\x0c\xd2\xb6g\xcah\x990\x8d\xe5=\xe3\x90\xdcj\x81" +
+	"\xadt,\xe6\xafsL\xcf\x90K{\x98\xe5h\xb6\x05" +
+	" \xa7\"\xf1\xeb\x9a\x01\xe4j\x1e\xe5z\x0es\xa6\xc7" +
+	"\x80\x99\x18\xd4+\xae:\x9b\xae\x1d\xddd\xc3\xaae3" +
+	"\xd3'/\xcd\x91\xc2KV\xf2@\xf2\xbf\x0c\x8f\xf2\"" +
+	"\x0e\xddaS)\xb0<3Q5\x8a\x1b\x14\xdd\xe8\xe5" +
+	"Y\x01\xab\x80\xc3\xaa\x99=i\x9d\xa2j\xac\xe8K\xb7" +
+	"\xb2\x90\xf5\xfe\xa7\xe8\x9d\xeb\xba~\xf8\x0e\xc4\xe1[\x87" +
+	"\x9f\xb9A\xfc\xee\x8a\xe3\xb7\x8e\xbb\xe2N\x0d\xe0:\xfe" +
+	"S7\x08a\x8a\x08\x9bGy/E\x84S&\x9dZ" +
+	"\xc0\x1b&fb\x94\x0c\xb4\xc3\x8a\xc3\xa4i\x1dr\xac" +
+	"@\x8a\xc6L\x98\xcc}\x06\xa1h\x8c`&\xaeT\x82" +
+	"e&\xdb\xc1L\x8b\xe5!m\x1ac\xe3\x98\x89\x93z" +
+	"\x85\xd6\xeb\xaeU\xeb\xa1\xa1\xa3U3\xaf/\xf8\x80\xb1" +
+	"4\x9f\x9db,\xd2\xe3\\\x1e\xe5\xeb\x09\xc8\xe8Wf" +
+	"\x93\xcb\x93;G\x15\xe0\xec\xee\xdcN\xff\x06\xb0\x94\x0f" +
+	"v1\x03d\xba>:\xec\x18\x1d\xf6\x18\x8f\xf2w\x12" +
+	"\x91x\xd2\x04\x90O\xf0(\x9f\xe3\x10\x83@<{\x0a" +
+	"@>\xc7\xa3\xfcW\x1c\x8a<\xe7\x1b\xec\xd9\x15\x00\xf2" +
+	"\xd3<\xca?\xe1PL\xf1\xf5T\xed\x8a\xaf\x90\xb3\xfd" +
+	"\x84G\xf9\xe7\x1c\x8aU\xa9z\xac\x02\x10\xdf\x18\x04\x90" +
+	"_\xe7Q~\xeb\xf3\xe2\xb8\xa0\x19NqHS k" +
+	"\xb2b\xe7\x9a\x88\xae;\xa5\xbc\xc9v\xa8h8V\xab" +
+	"m\xb3\x92P\xb6\xad\x10\x92\xd3\xb62l\xe1<\xc0<" +
+	"\x8f\x98\x89k(@\"F{\xa2\xc9\x8a\x9b\x98i\xa9" +
+	"\xbc\xa1G\xa8\xaa\xea6\xd3\xedn\x05\x84A\xa6E\xd4" +
+	"\x19\xa2\xae'\xf0\x1d\xf2\x9c \x0c\x8c\x18)p\x98\x00" +
+	"n\x91\xeb\x06J\\K\xbai\xe1Q\xee\xe6\xb0\x11?" +
+	"#2\xe9\xb1\xb3\x07@\xee\xe0Q\xee\xe3\xb0\x91\xbbB" +
+	"d\xd2\xa4<\x10\xe3\\z\xc4\xb6\xcb\x98\x89\x8b\xaf\xc0" +
+	"\xd8;\xd9\xa0e\x14\xb61@\x82\x8b\xa8\x12\x08~\x1d" +
+	"\x09\xe0\x0bx\xad\x88\x99\xb8\xf5\xa9\xf0\x14\xfe\xf3rW" +
+	"\x8e2\xa5az\xa9!\x06\xea\xdbb!B\xef\xe8\x1c" +
+	"\x88%\x10\xb9\x16_,y0\xbe\x7f\xb6\xa08\x16\x9b" +
+	"\x9ct[\x87l\xe0\x99\x19\xe1\x8c5b8Z\xb1\x87" +
+	"\x81`\x9b\xe3\x88\xc0!\xce\x8c>k\x8c\x8e\x84\xe2}" +
+	"7\x9e>\xa1D\xf9d \x99O\x02\xf5\xf7\x93\xfa\xfb" +
+	"x\x94\xcb\x1c\xba\x1a\xc5\xaf\xdea\x00o\xd9\xd1u}" +
+	"b\xde\xf0\x9cS\x00\x0e\x05@\xd7)[\xb6\xc9\x94\x12" +
+	"`\xe4m\xc4?\xef\x1a`\xba\x02.\xf2J\xda\x8b\xfb" +
+	"\xffOI\xf1\xda\xb3\x9b\x9fi&\xe5\xb6S\x89TS" +
+	"\x08V\xa3\xb7\xbc\xdd\xd0\x85k\xae_\x02\x04\xf3\xd1u" +
+	"e\x90-\xa9\xb4\x0a\xd3\xcerJ%Ky\x94oM" +
+	"\xa6\x9d[HE7\xf1(\x7f\x85C\x81\x99\x94A\xa2" +
+	"\x16\xd7?t\x8f\xe5\xd7j\x98\x89\xc7\x13\xb3_'Q" +
+	"\xc6\xaa\x86>\xc5\x0d\x97\xc4\xe1\x12\x99\xb0\xf3\xb6\x84]" +
+	"C\x13\xae\x1f\x8c\xed*lc\xe3\xa1\x95\xb2\xac\xa4\xa8" +
+	"1\x1a\x05\xc6m\x05\xe1k1\xcf\x8c\xe5^\x90\x16\xfd" +
+	"\xa4\x98\xf3\xadE\x97\xac\x8f.y\xdf\x04\x80\xbc\x97G" +
+	"\xf9\xa1\xc4%\x1f\xa4\xea\xf9!\x1e\xe5\xc7\x12\x97<J" +
+	"J<\xcc\xa3|\x9c0?\xa8\xb3\x8f\x91\x81\x8f\xf3(" +
+	"\x9f\xe1\x10S>\xe4\x9f&\xc8?\xc3\xa3|\x81\xf3\x00" +
+	"\xbb\xa3\xb5\xdd\xd01\xb8\x84\x05\x10U\xd0#L1\xed" +
+	"A\xa6\xa0\xdd\xa9\xdb\xcc\xdc\xa1\xa0\x16B\xc2\x1e[-" +
+	"1\xc3\xb1#\x88()c^\xc9\x81\xc5\x0e\x7f\x95\xa0" +
+	"\xd8\x16\xd6\x00\x875\x14\x91\x163\xdbMVD\xb2\x86" +
+	"\xa2\xe5\x15\xde\x1e\xb9\x1a\x05M\x06\xf1\xf44\xea\xa1\x82" +
+	"e7\x8f\xf2\x03\x04%\x98\x18\xa3\x88\x07G\x81\xf3\x90" +
+	"\x84d\xde\xde\x16\x970^B\xac\xaahB\xbc\x848" +
+	"\x07@\xdcG\xda9\xc0\xa3|\x98\x0b\xaf\xd6a@\xce" +
+	"\x8f\xd0JS\x07E\xfe\x1eBM\x95\xc5\xf2\x06\xf5\x82" +
+	"\x8a\x86\xde\xe7)\x0acM\x15\x8cR\xd9$WV\x0d" +
+	"]v\x14M\xe5\xed\xf1h\xe1\x8c\xba H\xf2Cy" +
+	"c9\xeb\x19\x8b\x94qk\xa8\x0c\xa9\x15\xbb\x00z[" +
+	"\x90\xc7\xden\x8c\xddE\xea\xc46\x80\xde5D\xcfc" +
+	"\xec1\xd2zl\x00\xe8\xed z\x1fF\xbd\x99$\xe3" +
+	"S\x00\xbd}D\xde\x8aq\xa9 m\xf1\xb6\xdfL\xf4" +
+	"\x11\x8c\xab\x05\x89\xe1\x0a\x80\xde\xadD\xdfM\xf49\x9c" +
+	"\xa7Ii\x1cG\x01z\xc7\x88~\x80\xe8BU=5" +
+	"\xa2\xd2>4\x01z\xf7\x12\xfd!\xa2W__\x8f\xd5" +
+	"\x00\xd2\x83\x1e\xfd\x01\xa2?J\xf4\x9a\x85\xf5X\x03 " +
+	"\x1d\xc1\xfd\x00\xbd\x87\x89~\x9c\xe8\xb5X\x8f\xb5\x00\xd2" +
+	"1|\x1c\xa0\xf78\xd1\xcf\x10\xfd\x0bs\xea\xf1\x0b\x00" +
+	"\xd2i\xef>'\x88~\x0e#\\\xeb,&\xe1\x95\xdc" +
+	"J\x8d\xcb\x0b\xde\xb0\"\xd3\xb2\xa0\x07C\x1f\xfb\xf3F" +
+	"\x9a\x9a0L\xc7\xa3N@L\x03\xbae\xc3\xd06L" +
+	"\x86\xed\xd9*\x9c\xc0- m\xe8\x9d\xc5(\xce|g" +
+	"\xea6 [P\xb4\xcer\\\xf3X\xad\x8em8e" +
+	"\xc8\x16\x15\x9b\x15\xa3\xc4k:\xfa:\xd3(\xf5!3" +
+	"K\xaa\xaeh\x10\xfd2\x93o\xa5\x1dG-N\x09:" +
+	"\xae\xd2\xd1\xb2\xe5\xe6>e\xb8\xa2#^\x11\xa3v\x04" +
+	"B\xb7\xdc\x16\x83v:\x19\x1c\xd9\x1d\x8a\xe6\xb0)'" +
+	"MS\xf5\xf6Wd(?oL\xe9\xc7\xdb\xe2\xd3\xa3" +
+	"\xc3\xcd\xa0G\xef\xe0\xe2\xdc\x10ja(\xe8} K" +
+	"{'\xec\x11M\xbc\x02{\\m50\xccl\xff\xab" +
+	"S\x1f2(\x8d\x0aJ\xc9\xfa\x0dW\xf70+M\xad" +
+	"\xc7\xac\x1df4\xc3\x9a=\xcfu\xf4\xf5\xe5\xe36\x98" +
+	"\xf7A2\x89\x0b=I\\\x88aa4\x19\xfeau" +
+	"(\xc9^\x1c\xe6\x89\xbe\x19\xe3\xfeA\xba\x07OM\x8a" +
+	"\xffT\xab\x8f\x0b\xcc\xdb\xbeH\xf4\xb2\x87\x0b\xe8\xe3B" +
+	"\xc9\xdb_#\xfaX\x12\x17\x1c\x9c\x98\x8c\x0b|\x88\x0b" +
+	"\x14\xcf\x07\x88~\xd8\xc3\x85\x94\x8f\x0b\x87\xf0\x99I\xf1" +
+	"_S\xe5\xe3\xc21|nR\xfc\xd7\xce\xf1q\xe1\xb4" +
+	"\xc7\x7f\x86\xe8\x17<\\h\xf3q\xe1\xbc\x87#O\x13" +
+	"\xfdy\xc2\x05\xc7\xd4zmS\xd5\x01\x87cg-\x94" +
+	"\xbf\xc6X\xb9\x15\xd2\x9a\xba\x83E\x98]T\x15m\x8d" +
+	"\xa3h\x90\xed\xb5\x95\xc2\xb6\xb8\x04\xd6\xac\x0eE/Z" +
+	"8\xa2lc\x84\xf4B2'\xda\x9a\xb5\x89\x99\xea\x10" +
+	"`\\4G5B:o\x18\x95\xa5\x83W{1\xd3" +
+	"\x07\x95\xe8\xb7\x922\xd6Y\xd4X;\x86\x95\x02\xaf\xc7" +
+	"\x99F\xa5_\x0c]G?}\xf7\xa9\xd9\xc9y\xb9\x1c" +
+	"\x94\xe1a~\xef\xcbU$n6Vf\x05\xbb\xdd@" +
+	"\xddVu\x87M\xd9\xa00\xe2\xe8\xdbXq-\xea\x05" +
+	"\xa3\xa8\xea\xc30\xa5\xfe\xe7?o\xfa\x90(h\xbch" +
+	"\xc6\xc4\xdb\x8b\xb8\xbc\x198\x0fK(=\x8b\xcdq\x17" +
+	"\x9d+x\xabr&S\xacD\x038\xc3i\xc1\xb4\xcc" +
+	"\x0f2\xbf>\xa8\x02\x88^20\x1c\x17\x8bGv\x01" +
+	"'>(`<e\xc7p\xa8.\xdeg\x02':\x02" +
+	"r\xd1\x03\x12\x86\x8f?\xa2:\x01\x9c\xc8\x04\xe4\xa3W" +
+	"\x1f\x0cg\xb1\xe2=m\xc0\x89\xeb\x05LE\x0f\\\x18" +
+	"\x0er\xc5V*A\xee\x10\xdc\xb0\x9b\x80\x9c\x7f\xd5\x16" +
+	"tCP\x80\xac\x07\x0b-\xe8\x863\x0a\x0c\xbb\x0e\x80" +
+	"\x16\xdc\x13\xa4\x8c\x16t\xc3)\x1d\xa4\x0b\x8a\xcdZ0" +
+	"9\xe9\xe2?\xaf\x17\x98\xbe\xa6l\x8b\xeb\x9e\x10P\xf7" +
+	"M\xc4eO\xd4\x7f\x1dz*YR\x06c\x84c\xfb" +
+	"\x83!\xc4\x85\xc4\x18\xe1<\xd5\x99\x17x\x94\x7f\xca\xc5" +
+	"\xc95\xf4\xd1p8\x84\x86\x196\x843\xcc\x88\x02O" +
+	"\x0e\xca\xbd\xcaI\x91[4F\xbcr\x10\xfd\xad,\x88" +
+	"\xe1=9>\x9a\x97\x18\x1fa\xd8\x8a\x0a\x93\xb2Ar" +
+	"\x984o\x96\xbe&\xd9Xy\xe9)\xe5\xb9X\xf8\x16" +
+	"\x86\xe1\xab\xa4(\x92\xab\xd4\x09n\xd8|a\x98\xdb\xc8" +
+	"\x9aI\x93]c\x07\xda\xc3\xb2\xd6\xd5\xa4\x8d\xf05c" +
+	"\xf6A\x82\x7fN\x9a\xbc\xcf\x17(\xdaw41\xd2\xd2" +
+	"\x8c\xa0yJoH\xd6\xbf3\xe8\xca\xbfpX\xad\xa6" +
+	"iq\x85\xfb-I\x94\xdd\x91\xff-\x89\x0b\xf9\xa8\xa5" +
+	"9\xd8\x158\xe5\x89\xf8\xe5\xe0\x89\x89x\xdc\x15\xb9\xdf" +
+	"\xd9\xae\xb8\xa5\xf1\x1a\xc8\xf0\xb1\xc01c\x8c\xd5\x8c\xe1" +
+	"nUg\x16\xd5k\x15c\x81\xf0\x05\x02mB.\xc7" +
+	"$\xf8\x9d\x0cs\x9dk\x12e\xdeL\xe2\xf7\x06\xce\xee" +
+	"\xfbz\x90\x8b\x13M\xe7\xa9\xc4<&\x14^~.\x98" +
+	"slM\x08\xbf\x85\x9a\xce\xcd<\xca#\x9c\x17\xfcF" +
+	"\x7f\xb9\xa8\xa0\xcd\xd6\x99l\xbb\xc3\x04\xbd0\x1e7_" +
+	"\xd4~\x14\xac~,S\xa1\xb8\xced\xb9\xed\x0eK2" +
+	"\x84Sd\x10T\xa38e|<Mev\x17\x1b\xec" +
+	"5\x0a\xdb\x98=i\xba^\xf1\x02\xd4\x13\x8f\x90\xa3\x07" +
+	"\xa0\x9e\xe4\x03P\x00#\xdb\xc9\xa1\xca<\xca\xbb\x130" +
+	"2>\x11\x1b|\xfaT\xfc\x7f\x93=\x7f\xa3G\x10*" +
+	"D\x85\xab)\xd2\xa2\xbf\xac\x98}\xc4;\xed@\xb9'" +
+	"\xc7\xae*\xac\xe3\xa7\xbdk\x1c\xc2@\x14\xdb\x98x\x99" +
+	"\xa7C\xb8`\xf3\xff\x0d\x00\x00\xff\xff\xdfs7\x9d"
 
 func init() {
 	schemas.Register(schema_db8274f9144abc7e,
+		0x82c325a07ad22a65,
 		0x8407e070e0d52605,
 		0x84cb9536a2cf6d3c,
+		0x85c8cea1ab1894f3,
 		0x8891f360e47c30d3,
 		0x91f7a001ca145b9d,
 		0x9b87b390babc2ccf,
@@ -3939,6 +4312,7 @@ func init() {
 		0xf41a0f001ad49e46,
 		0xf7f49b3f779ae258,
 		0xf9c895683ed9ac4c,
+		0xfc5edf80e39c0796,
 		0xfeac5c8f4899ef7c,
 		0xff8d9848747c956a)
 }