diff --git a/bindings_ffi/src/mls.rs b/bindings_ffi/src/mls.rs
index 8cd097362..6870a388c 100644
--- a/bindings_ffi/src/mls.rs
+++ b/bindings_ffi/src/mls.rs
@@ -2552,6 +2552,9 @@ mod tests {
         let bo_group = bo.group(alix_group.id()).unwrap();
 
         bo_group.send("bo1".as_bytes().to_vec()).await.unwrap();
+        // Temporary workaround for OpenMLS issue - make sure Alix's epoch is up-to-date
+        // https://github.com/xmtp/libxmtp/issues/1116
+        alix_group.sync().await.unwrap();
         alix_group.send("alix1".as_bytes().to_vec()).await.unwrap();
 
         // Move the group forward by 3 epochs (as Alix's max_past_epochs is
@@ -2755,6 +2758,9 @@ mod tests {
         log::info!("Caro sending fifth message");
         // Caro sends a message in the group
         caro_group.update_installations().await.unwrap();
+        // Temporary workaround for OpenMLS issue - make sure Caro's epoch is up-to-date
+        // https://github.com/xmtp/libxmtp/issues/1116
+        caro_group.sync().await.unwrap();
         caro_group
             .send("Fifth message".as_bytes().to_vec())
             .await
diff --git a/xmtp_id/src/associations/mod.rs b/xmtp_id/src/associations/mod.rs
index 022a948bf..287e447e5 100644
--- a/xmtp_id/src/associations/mod.rs
+++ b/xmtp_id/src/associations/mod.rs
@@ -18,7 +18,7 @@ pub use self::serialization::{map_vec, try_map_vec, DeserializationError};
 pub use self::signature::*;
 pub use self::state::{AssociationState, AssociationStateDiff};
 
-// Apply a single IdentityUpdate to an existing AssociationState
+/// Apply a single [`IdentityUpdate`] to an existing [`AssociationState`] and return a new [`AssociationState`]
 pub fn apply_update(
     initial_state: AssociationState,
     update: IdentityUpdate,
@@ -26,7 +26,7 @@ pub fn apply_update(
     update.update_state(Some(initial_state), update.client_timestamp_ns)
 }
 
-// Get the current state from an array of `IdentityUpdate`s. Entire operation fails if any operation fails
+/// Get the current state from an array of `IdentityUpdate`s. Entire operation fails if any operation fails
 pub fn get_state<Updates: AsRef<[IdentityUpdate]>>(
     updates: Updates,
 ) -> Result<AssociationState, AssociationError> {
diff --git a/xmtp_id/src/associations/verified_signature.rs b/xmtp_id/src/associations/verified_signature.rs
index 94b933889..023055d86 100644
--- a/xmtp_id/src/associations/verified_signature.rs
+++ b/xmtp_id/src/associations/verified_signature.rs
@@ -49,6 +49,10 @@ impl VerifiedSignature {
         ))
     }
 
+    /**
+     * Verifies an ECDSA signature against the provided signature text and ensures that the recovered
+     * address matches the expected address.
+     */
     pub fn from_recoverable_ecdsa_with_expected_address<Text: AsRef<str>>(
         signature_text: Text,
         signature_bytes: &[u8],
@@ -95,6 +99,8 @@ impl VerifiedSignature {
         ))
     }
 
+    /// Verifies a legacy delegated signature and recovers the wallet address responsible
+    /// associated with the signer.
     pub fn from_legacy_delegated<Text: AsRef<str>>(
         signature_text: Text,
         signature_bytes: &[u8],
@@ -120,6 +126,7 @@ impl VerifiedSignature {
         ))
     }
 
+    /// Verifies a smart contract wallet signature using the provided signature verifier.
     pub async fn from_smart_contract_wallet<Text: AsRef<str>>(
         signature_text: Text,
         signature_verifier: &dyn SmartContractSignatureVerifier,
diff --git a/xmtp_mls/IDENTITY.md b/xmtp_mls/IDENTITY.md
deleted file mode 100644
index 12dd180f5..000000000
--- a/xmtp_mls/IDENTITY.md
+++ /dev/null
@@ -1,176 +0,0 @@
-# XMTP Identity Structure
-
-In XMTP v3, a messaging account is represented by an Ethereum wallet address. An account consists of multiple app installations that may send and receive messages on behalf of it. Each installation is a separate cryptographic identity with its own set of keys.
-
-```
-Amal's account (Ethereum wallet address)
-│
-├── Converse app (mobile phone)
-│   └── Installation key bundle 1
-│
-├── Coinbase Wallet app (mobile phone)
-│   └── Installation key bundle 2
-│
-├── Lenster app (tablet)
-│   └── Installation key bundle 3
-│
-└── Coinbase Wallet app (tablet)
-    └── Installation key bundle 4
-```
-
-Using per-installation keys provides the following benefits:
-
-- Installation private keys are never shared across devices or published onto the network.
-- The user may enumerate the installations that have messaging access to their account.
-- The user may revoke keys on a per-installation level.
-
-## Identity lifecycle
-
-### Ethereum wallet
-
-As of Nov 30 2023, an Ethereum wallet consists of a secp256k1 keypair, and is identified by a public address, which is the hex-encoding of the last 20 bytes of the Keccak-256 hash of the public key, prepended by `0x`. Wallet keys do not expire and are not rotatable - in the event of a compromise, the user must create a new wallet. The user is expected to have a pre-existing Ethereum wallet prior to onboarding with XMTP.
-
-The wallet keys can be used to sign arbitrary text, with most wallet software requiring explicit [user acceptance](https://docs.metamask.io/wallet/how-to/sign-data/#use-personal_sign) of the signature text. The signature text is formatted according to version `0x45` of [EIP-191](https://eips.ethereum.org/EIPS/eip-191), and is signed via a recoverable ECDSA signature.
-
-Wallet signature requests originating from XMTP will additionally prepend context to the EIP-191 `message` field to prevent collisions between signatures in different contexts:
-
-```
-XMTP: <Label>\n\n
-```
-
-| Label                   | Described in section                                    |
-| ----------------------- | ------------------------------------------------------- |
-| Grant messaging access  | [Installation registration](#installation-registration) |
-| Revoke messaging access | [Installation revocation](#installation-revocation)     |
-
-### Installation registration
-
-XMTP installations consist of a long-lived Ed25519 key-pair (the 'installation key') and are identified via the Ethereum addressing format. The public installation key is used as the `signature_key` in all MLS leaf nodes and nowhere else, and is associated with the account's wallet via a wallet-signed credential. Every new app installation gains messaging access as follows:
-
-1. The new Ed25519 key pair (installation key) is generated and stored on the device.
-2. The app prompts the user to sign the public key with their Ethereum wallet. The user is expected to inspect the text and reject the signing request if the data is invalid, for example if the account address is not the one they intended. The format for version 1 of the association text is as follows:
-
-   ```
-   XMTP : Grant Messaging Access
-
-   Current Time: <ISO 8601 date and time in UTC>
-   Account Address: <ethereum address>
-   Installation ID: <hex(last_20_bytes(keccak256(Ed25519PublicKey)))>
-
-   For more info: https://xmtp.org/signatures/
-   ```
-
-3. The signature and related data is then protobuf-serialized to form the MLS Credential:
-
-   ```
-   struct {
-        association_text_version: i32,
-        signature: bytes,
-        created_ns: u64,
-        account_address: string,
-   } GrantMessagingAccessAssociation;
-
-
-   struct {
-       installation_public_key: bytes,
-       association: GrantMessagingAccessAssociation
-   } MlsCredential;
-   ```
-
-4. A last resort KeyPackage (containing the credential and signed by the installation key per the [MLS spec](https://www.rfc-editor.org/rfc/rfc9420.html#name-key-packages)) is generated and stored on the device.
-5. The app publishes the last resort key package to the server, which implicitly serves as a registration. The server will provide all identity updates (registrations and revocations) for a given wallet address to any client that requests it.
-
-### Credential validation
-
-Apps built on XMTP have a reduced need for safety numbers to be shown, as clients can locally validate that a credential is valid.
-
-Credential validation must be performed by clients at the [events described by the MLS spec](https://www.rfc-editor.org/rfc/rfc9420.html#name-credential-validation) as follows:
-
-1. Verify that the referenced `installation_public_key` matches the `signature_key` of the leaf node.
-1. Derive the association text using the `association_text_version`, `creation_iso8601_time`, `installation_public_key`, with a label of `Grant Messaging Access`.
-1. Recover the wallet public key from the recoverable ECDSA `signature` on the association text.
-1. Derive the wallet address from the public key and verify that it matches the `account_address` on the association.
-
-### Installation revocation
-
-_Note: Revocation is not scheduled to be built until Q2 2024 or later_
-
-Users may revoke an installation as follows:
-
-1. Enumerate active installations by querying for all identity updates under the account. The user may identify each installation by the creation time as well as the installation public key of the credential.
-1. Select the installation to revoke.
-1. The app prompts the user to sign the revocation with their Ethereum wallet. The user is expected to inspect the text and reject the signing request if the data is invalid, for example if the account address is not the one they intended. The format for version 1 of the association text is as follows:
-
-   ```
-   XMTP : Revoke Messaging Access
-
-   Current Time: <ISO 8601 date and time in UTC>
-   Account Address: <ethereum address>
-   Installation ID: <hex(last_20_bytes(keccak256(Ed25519PublicKey)))>
-
-   For more info: https://xmtp.org/signatures/
-   ```
-
-1. The signature and related data is then protobuf-serialized to form the revocation:
-
-   ```
-   struct {
-        association_text_version: i32,
-        signature: bytes,
-        created_ns: u64,
-        account_address: string,
-   } RevokeMessagingAccessAssociation;
-
-   struct {
-       installation_public_key: bytes,
-       association: RevokeMessagingAccessAssociation
-   } InstallationRevocation;
-   ```
-
-1. The app publishes the revocation to the server. The server will provide all identity updates (registrations and revocations) for a given wallet address to any client that requests it.
-1. The installation performing the revocation enumerates all known groups that it is a member of, and submits proposals to remove the revoked installation. Additional removals may also occur via the process described in [Installation synchronization](#installation-synchronization).
-
-Validation of revocation payloads is identical to the process described in [Credential Validation](#credential-validation), except that a label of `Revoke Messaging Access` is used.
-
-Once an installation is revoked, it cannot be re-registered or re-provisioned. The time displayed on the revocation is for informational purposes only.
-
-Revocations may not apply immediately on all groups. In order to ensure transcript consistency, payloads from revoked installations are considered valid if they were published before the installation was removed from the group.
-
-### Installation synchronization
-
-At any time in the course of a conversation, the list of valid installations for the participating wallet addresses may change via registration or revocation.
-
-Clients must perform the following validation prior to publishing each payload on the group, as well as periodically. XMTP clients may perform performance optimizations, such as caching installation lists with a short TTL.
-
-1. Assemble a list of wallet addresses in the conversation from the leaf nodes.
-1. Fetch all identity updates on those wallet addresses.
-1. Validate the credentials and revocations and construct a list of valid installations (registered installations minus revoked installations).
-1. Publish a commit to remove nodes from the conversation that are not in the list of valid installations.
-1. Publish a commit to add nodes to the conversation that are in the list of valid installations and not already present.
-
-These commits must include an attached proof (credential or revocation). When validating add/remove commits, clients must verify either that the proposer has permissions to add/remove accounts from the group, or that a proof of installation revocation was attached to the commit.
-
-### Server trust
-
-We currently rely on trust in centralized XMTP servers, which could do the following if malicious.
-
-1. **Omit payloads**. A malicious server could hide registrations (and application messages) from valid installations in order to censor them, or revocations for invalid installations in order to prevent post-compromise recovery.
-   - Decentralization efforts within XMTP aim to produce an immutable log of identity updates (H1 2024), with immutability of conversation payloads coming later.
-1. **Reorder payloads**. A malicious server could reorder messages and commits within a conversation.
-   - Decentralization efforts within XMTP aim to produce a consensus-driven ordering of commits at minimum (H2+ 2024).
-
-Note, however, that a malicious server is unable to forge registration and revocation payloads without access to the wallet keys used to sign them.
-
-## Account-level membership
-
-At the user level, messages are exchanged between accounts, however at the cryptographic level, messages are exchanged between installations. Because of this two-layer system, there must exist a mechanism for mapping between accounts and installations in a conversation.
-
-We use an implicit mapping - an account is considered a participant of a conversation if one or more installations from the account are present in the tree.
-
-- **Listing accounts**. To list accounts, we enumerate unique wallet addresses from the credentials of the leaf nodes in the conversation.
-- **Adding accounts**. To add an account, publish a commit adding one or more installations belonging to the account to the conversation. Note that if we fail to include all valid installations belonging to the account, it will be resolved via the process described in [Installation Synchronization](#installation-synchronization).
-- **Removing accounts**. To remove an account, publish a commit removing _all_ installations belonging to the account from the conversation. It is important that all installations belonging to the account that are present in the tree during the epoch in which the commit is published are removed, and we ensure this is the case by enforcing linear ordering of epochs.
-
-### Other approaches
-
-Account/user trees are another approach for solving this problem, however we assume the complexity of managing key packages and welcome messages in this system is higher than the current system, and have therefore deferred this. We are open to feedback otherwise!
diff --git a/xmtp_mls/README.md b/xmtp_mls/README.md
index 935f7c685..fdde5b18c 100644
--- a/xmtp_mls/README.md
+++ b/xmtp_mls/README.md
@@ -1,196 +1,320 @@
 # XMTP MLS
 
 This document describes how XMTP implements [Messaging Layer Security](https://messaginglayersecurity.rocks/) (MLS).
+:::
+
+## Crate `xmtp-mls`
+
+The `xmtp-mls` crate contains the core of XMTP's MLS implementation. It uses [OpenMLS](https://github.com/openmls/openmls) to implement the MLS protocol.
+
+## Clients
+
+An XMTP MLS client has the following responsibilities
+
+1. Manage connections to the network through an API client
+2. Manage the state of its local SQLite database
+3. Provide an `MlsProvider` to the OpenMLS library for all cryptographic operations
+4. Authenticate messages and identities
+
+These primitives are then used to construct and modify groups, send messages, read and authenticate messages from other users, and modify a user's inbox state.
+
+Each client instance and SQLite database is bound to a single Inbox ID and a single Installation ID. If a developer wishes to operate using a different Inbox ID or Installation ID, they must create a new client with a new database.
+
+### Initialization
+
+When initializing a new client instance with a fresh database the SDK will generate a new identity private key and store it in its local SQLite database for future use. Subsequent instantiations of the client will use the keys stored in the database.
+This means that XMTP does not use unique keys for each group but reuses the signature key for all groups of the client.
+
+The client must then attach its installation keys to an XMTP Inbox before it can create or be added to groups. The process for this depends on the state of the inbox at the time of client creation.
+
+1. There is no inbox registered with the network for the wallet address/nonce combination specified as part of client setup.
+2. There is an inbox registered with the network for the wallet address/nonce combination specified, but the inbox does not yet have the installation keys registered.
+3. The inbox is registered with the network and the client's installation keys are associated with the inbox.
+
+In the case of (1), the client will generate an identity update that includes the `CreateInbox` and `AddAssociation` actions, sign it with the installation keys, and then expects the application to gather the required wallet signature before proceeding. Once the required wallet signature has been provided the client will upload a key package signed by the installation key and the signed identity update to the server. If both requests are accepted, the client is ready to send and receive messages and join groups. If the nonce is `0`, and the application has a set of XMTP V2 keys available, we allow `CreateInbox` actions to be signed with the V2 keys instead of the wallet. Each set of V2 keys is signed by a wallet, so we treat the V2 key as a proxy for the wallet. This allows for a one-time migration of existing XMTP users to the new inbox system.
+
+For (2), the client will generate an `AddAssociation` identity update linking the installation keys with the inbox. The client will sign the update with its installation keys. The application is expected to gather a wallet signature from any wallet already linked to the inbox and attach that signature to the identity update as well. Once the signature has been collected, the client will upload a signed key package and the signed identity update to the server. V2 keys may only be used to sign this update if the `nonce` for the inbox is `0` and the V2 keys have not been used to sign any previous identity updates.
+
+In the case of (3), the client is available for immediate use and the application does not need to provide any additional signatures or upload a new key package.
+
+### Create Group
+
+Any client may create a new group and can control the initial [permission policies](#permissions-and-metadata) applied to that group.
+
+Groups are initialized with one member (the creator's installation), and the `GroupMembership` extension will have the creator's `inbox_id` mapped to a `sequence_id` of 0. The first time any action is performed on the group (sending a message, adding members, updating metadata, etc) the client is expected to create a commit that updates the creator's `sequence_id` to the current value in the `GroupMembership` mapping. This will automatically add the creator's other installations to the group if any exist.
+
+The creator of the group will always be specified as the only member of the `super_admin_list` in the group's metadata at the time of creation.
+
+Any valid `PolicySet` can be specified as part of group creation. A `PolicySet` is considered valid if it can be serialized according to the Protocol Buffer type.
+
+### Sync Welcomes
+
+Each client is able to use the `QueryWelcomes` API to get a list of their welcome messages. This API is paginated using a cursor. The client persists its last seen cursor in its local database so that any call to `sync_welcomes` will only return unseen results.
+
+For each welcome found in the sync, the client will attempt the Join by Invite flow specified below.
+
+### Join by Invite
+
+Each Welcome message contains two layers of encryption. The outer payload is encrypted with HPKE, using the `hpke_init_key` from the recipient's key package. The plaintext of this decrypted payload is a TLS serialized standard MLS welcome message.
+
+The client must validate the MLS welcome message according to the spec, and additionally ensure that the members of the MLS group match the expected list of installations according to the `GroupMembership` mapping at the specified `sequence_id` for each member.
+The Welcome contains the MLS ratchet tree of the group such that no additional queries are required.
+
+### Key Rotation
+
+Group members are expected to periodically update their path encryption secret. This happens:
+
+1. Before sending their first message to the group
+2. Before sending a message, if 3 months have elapsed since their last path update.
+
+Signature keys are not rotated, as their public key forms a persistent identity for the account.
+
+### Revocation
+
+Installations and wallets may be revoked by publishing a `RevokeAssociation` IdentityUpdate as specified in [XIP-46](https://github.com/xmtp/XIPs/blob/main/XIPs/xip-46-multi-wallet-identity.md).
+
+Revoking an installation does not immediately remove it from groups that it is already a member of. Instead, any group member is allowed to update the group membership to point to the latest `sequence_id` for that member, which will remove the installation from the group. Clients will periodically check for updates to group member installations as part of their `sync` process, so this typically happens quickly, but the protocol makes no guarantees about the timeliness of group member removals following revocation.
+
+XMTP does not detect or remove inactive clients. Inactive clients need to be detected by the application, which should then trigger a removal of the client.
+
+## Identity
+
+When initializing a client with a new database, we need to link the randomly generated installation keys with an XMTP inbox. We do this by creating a specific string that describes the association (as described in XIP-46) and signing it. The signature needs to be recoverable to an address that is already linked to the Inbox ID.
+
+For `CreateInbox` actions, this must be an address where `SHA256(CONCAT(wallet_address, nonce)) == inbox_id`. For `AddAssociation` actions, the recovered address must be an existing member of the inbox that has not been revoked.
+
+### From EOA Wallet Signature
+
+The signer of an Externally Owned Account (EOA) wallet can be verified and recovered by recovering the address using the ECDSA signature and the expected signature text. The recovered address must match the expected address, since an ECDSA signature will recover to a random address if the `recover_signer` function is executed against different text than what was actually signed.
+
+### From a Smart Contract Wallet Signature
+
+Smart Contract Wallets are a cryptocurrency wallets where the signature can only be verified by calling a specific smart contract on an EVM compatible blockchain according to the [ERC-1271](https://eips.ethereum.org/EIPS/eip-1271) specification. Smart Wallet signatures are not recoverable and the ERC-1271 specification does not make any assumptions about the format of the signature or the type of verification performed in the smart contract.
+
+The Smart Contract used to validate the signature is mutable, so a signature that was valid at one point in time may be invalid at an earlier or later time. In order to make our signature validation deterministic, we store a block number alongside the signature so that other users may verify the signature at the point in time at which it was originally signed. If the smart contract changes later in a way that invalidates the signature, we consider that out of scope of our security model and do not need to invalidate the association. Associations remain valid until they are revoked.
+
+Client applications must include RPC URLs for all XMTP supported blockchains as part of client instantiation in order to validate smart wallet signatures. The signature is validated using the [EIP-6492](https://eips.ethereum.org/EIPS/eip-6492) standard and a "universal validator" smart contract, which allows for the verification of ERC-1271 signatures from Smart Contract Wallets that have not yet been deployed.
+
+### From V2 Identity
+
+XMTP V2 is a legacy protocol which used a different identity model. In order to migrate users from V2 -> MLS, we allow signatures using their legacy keys in a narrow set of circumstances.
+
+**Legacy V2 keys may only be used to create one association (globally)**
+
+We enforce this in two ways. Legacy V2 keys may only be used on an Inbox ID with nonce 0. Replay protection prevents the same Legacy V2 key from being used multiple times on that inbox ID.
+
+We chose these restrictions because the legacy identity model shares keys between multiple apps and devices. If those keys were compromised, any associated installations would also need to be treated as compromised. We did not want to allow users to have all of their installation keys associated with one set of legacy keys, since that would mean that all installations would need to be revoked if any installations needed to be revoked.
+
+A legacy keypair includes a signature to link the XMTP public key with a given wallet. The challenge for the signature is in the following format:
 
-## Database Schema
-
-Foreign key constraints and indexes omitted for simplicity.
-
-```sql
-CREATE TABLE groups (
-    -- Random ID generated by group creator
-    "id" BLOB PRIMARY KEY NOT NULL,
-    -- Based on the timestamp of the welcome message
-    "created_at_ns" BIGINT NOT NULL,
-    -- Enum of GROUP_MEMBERSHIP_STATE
-    "membership_state" INT NOT NULL
-);
-
--- Allow for efficient sorting of groups
-CREATE INDEX groups_created_at_idx ON groups(created_at_ns);
-
-CREATE INDEX groups_membership_state ON groups(membership_state);
-
--- Successfully processed messages meant to be returned to the user
-CREATE TABLE group_messages (
-    "id" BLOB PRIMARY KEY NOT NULL,
-    -- Derived via SHA256(CONCAT(decrypted_message_bytes, conversation_id, timestamp))
-    "group_id" BLOB NOT NULL,
-    -- Message contents after decryption
-    "decrypted_message_bytes" BLOB NOT NULL,
-    -- Based on the timestamp of the message
-    "sent_at_ns" BIGINT NOT NULL,
-    -- Enum GROUP_MESSAGE_KIND
-    "kind" INT NOT NULL,
-    -- Could remove this if we added a table mapping installation_ids to wallet addresses
-    "sender_installation_id" BLOB NOT NULL,
-    "sender_account_address" TEXT NOT NULL,
-    -- Enum: 1 = 'published' or 2 = 'unpublished'
-    "delivery_status" INT NOT NULL,
-    FOREIGN KEY (group_id) REFERENCES groups(id)
-);
-
-CREATE INDEX group_messages_group_id_sort_idx ON group_messages(group_id, sent_at_ns);
-
--- Used to keep track of the last seen message timestamp in a topic
-CREATE TABLE topic_refresh_state (
-    "topic" TEXT PRIMARY KEY NOT NULL,
-    "last_message_timestamp_ns" BIGINT NOT NULL
-);
-
--- This table is required to retry messages that do not send successfully due to epoch conflicts
-CREATE TABLE group_intents (
-    -- Serial ID auto-generated by the DB
-    "id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
-    -- Enum INTENT_KIND
-    "kind" INT NOT NULL,
-    "group_id" BLOB NOT NULL,
-    -- Some sort of serializable blob that can be used to re-try the message if the first attempt failed due to conflict
-    "publish_data" BLOB NOT NULL,
-    -- Data needed after applying a commit, such as welcome messages
-    "post_commit_data" BLOB NOT NULL,
-    -- INTENT_STATE,
-    "state" INT NOT NULL,
-    -- The hash of the encrypted, concrete, form of the message if it was published.
-    "message_hash" BLOB,
-    FOREIGN KEY (group_id) REFERENCES groups(id)
-);
-
-CREATE INDEX group_intents_group_id_id ON group_intents(group_id, id);
 ```
+XMTP : Create Identity
+$SERIALIZED_V2_PUBLIC_KEY
+
+For more info: https://xmtp.org/signatures/
+```
+
+To validate a V2 identity signature you must first recover the wallet address from the signature on the public key, then verify that the signature on the association challenge recovers to the same public key. If the chain of signatures validates correctly you can treat the association as if it was signed by the wallet.
+
+### Uniqueness
+
+The system must protect against re-use of signatures, since that could be used to compromise the protocol. Signature re-use between different inboxes is protected against by including the Inbox ID in all challenge text. Within the same inbox, the raw signature must be stored and clients must check that any new identity action does not re-use previously seen identity actions.
+
+## Validation
+
+There are two levels of validation for MLS based applications.
+The validation that the MLS protocol performs, here implemented with OpenMLS, and the validation required by the application for the MLS protocol to provide its guarantees.
+
+### Commits
+
+In addition to all validations performed by OpenMLS, `libxmtp` is expected to perform the following additional validations on commit messages.
+
+1. Ensure the commit is allowed according to the permissions policies on the group (see below).
+2. Validate the credentials and key packages of any new members to the group according to the guides below.
+3. Ensure that the actual change in MLS group members matches the expected change in membership found by diffing the previous `GroupMembership` struct and the new `GroupMembership`.
+
+There is currently non mechanism to detect, report, or recover from group splits due to invalid commits.
+This may have to be solved by the application rather than the SDK.
+
+### Key Packages
+
+New clients are expected to upload a Key Package to the network signed by their installation public key. This Key Package is visible to all other users on the network and used to encrypt welcome messages to invite the installation to conversations.
+
+When validating another user's Key Package, clients must perform all the standard MLS validations (signature and message authenticity checks), and additionally validate that the installation key is associated with the `inbox_id` referenced in the Key Package's credential.
+
+This validation is performed by downloading the latest identity updates for the `inbox_id` and ensuring that the installation key is present in the list of associated keys.
+
+Clients are expected to regularly rotate their key package to limit the impact if the HPKE keypair referenced in the key package is compromised. This rotation is expected to happen any time the client receives a new welcome message. Clients may batch this rotation, so that if they receive N welcome messages at once they only have to rotate one time. Clients are expected to keep at most 2 HPKE keypairs (one from the current Key Package and one from the previous Key Package).
+
+### Credentials
+
+The MLS credential used in Key Packages and leaf nodes contains a single field: `inbox_id`. Clients are expected to validate this credential by resolving the state of that `inbox_id` (as described in XIP-46
+) and ensuring that the installation key that has signed the credential is a current member of the inbox.
+
+XMTP currently does not implement credential rotation because they are long-lived connection between the MLS client and the `inbox_id`.
+
+## Group Policies
+
+Each group is configured with a set of policies that control which users are allowed to perform certain restricted actions.
+
+- `add_member_policy`: Add new Inboxes to the group
+- `remove_member_policy`: Remove Inboxes from the group
+- `update_metadata_policy`: A mapping containing policies for each metadata field
+- `add_admin_policy`: Designate the "admin" role to a member of the group
+- `remove_admin_policy`: Remove the "admin" designation for a group member
+- `update_permissions_policy`: Update the set of policies for a group.
+
+By default, each group has the creator's Inbox ID specified as a "super admin".
+
+These policies are stored in a MLS GroupContextExtension represented by the `GroupMutablePermissions` struct.
+
+### Where are these enforced?
+
+Policies are enforced as part of commit validation. All restricted actions are communicated through MLS commit messages. Any commit that makes changes to the group state and violates the policies specified on the group must be rejected wholly (a commit that includes valid and invalid changes must be completely rejected).
+
+### Permissions and Metadata
+
+XMTP uses the following GroupContextExtensions in each MLS group.
+
+1. `GroupMembers`: Stores the list of `inbox_id`s and the current `sequence_id` for each inbox. Governed by the `add_member_policy` and `remove_member_policy`.
+2. `GroupMutableMetadata`: User-defined metadata for the group. Changes are governed by the `update_metadata_policy` and changes to the list of admins contained in this metadata is governed by the `add_admin_policy` and `remove_admin_policy`.
+3. `GroupMutablePermissions`: Store the current permissions policies for the group. Changes are governed by the `update_permissions_policy`
+
+## Storage
+
+### Sqlite backend
+
+The XMTP SQLite database is optionally encrypted using [SQLCipher](https://www.zetetic.net/sqlcipher/). App developers are strongly encouraged to use an encryption key for the database, and to store that encryption key securely, but the derivation, storage, and encryption of this key is considered out of scope for the protocol and is the responsibility of the app.
+
+The database is used for both, the MLS state, as well as the decrypted messages.
+
+## Crate `xmtp-id`
+
+- Implements XIP 43
+- Handles signature validation
+
+:::warning
+Possibly small changes that need to be documented
+:::
+
+## MLS
+
+In this section we describe the parameters, selected for instating MLS, as well as map the [MLS architecture](https://datatracker.ietf.org/doc/html/draft-ietf-mls-architecture) to the deployed system.
+
+### Parameter Selection
+
+The MLS group is [built](https://github.com/xmtp/libxmtp/blob/428826ecc7b86ac49787db4c9a49eb0e63e7a05e/xmtp_mls/src/groups/mod.rs#L1218-L1225) with the following paramters.
+
+- ciphersuite: MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519
+- maximum past epochs: 3
+- maximum forward ratchets: 1000 (OpenMLS default)
 
-## Enums
+The number of maximum past epochs limits the amount of key material that is kept for past epochs.
+It is a trade-off between functionality and forward secrecy and should only be enabled if the Delivery Service cannot guarantee that application messages will be sent in the same epoch in which they were generated.
+The value of 3 here is lower than the default value of 5 in OpenMLS and thus increases security over the default setting.
 
-### GROUP_MEMBERSHIP_STATE
+The number of maximum forward ratchet is defined by OpenMLS' default of 1000.
+This defines how many ratchets into the future OpenMLS does in order to try finding the correct key to decrypt a message.
 
-- ALLOWED // User has agreed to be a member of the group
-- REJECTED // User has rejected an invite to the group or left
-- PENDING // User has neither accepted or rejected whether they should join the group
+The cryptographic primitives are defined in the ciphersuite:
+x25519 is used for key exchange,
+Chach20Poly1305 as AEAD for symmetric encryption,
+Sha2-256 for hashing, and
+Ed25519 for signatures.
 
-### INTENT_STATE
+XMTP uses the [MLS secret tree](https://www.rfc-editor.org/rfc/rfc9420.html#name-secret-tree) and AEAD for encrypting application messages.
 
-- TO_SEND // Either has never been sent to the network or needs to be re-sent
-- PUBLISHED // Sent to the network but has not been read back or committed
-- COMMITTED // Committed messages could be deleted
+### Authentication Service (AS)
 
-### INTENT_KIND
+The purpose of the AS is to link the public key in the leaf nodes to a user.
+The tasks of the AS are defined in [RFC 9420 Section 5.3.1](https://www.rfc-editor.org/rfc/rfc9420.html#section-5.3.1).
+In particular does the AS ensure that presented identifiers in the credential are correctly associated with the `signature_key` field in the leaf node.
 
-- SEND_MESSAGE // An intent to send a message to the group
-- ADD_MEMBERS // An intent to add members to the group
-- REMOVE_MEMBERS // An intent to remove members from the group
-- KEY_UPDATE // An intent to update your own group key
+XMTP does not implement a separate AS service, but implements a direct binding of the XMTP Inbox ID with the public signature key of the member's leaf nodes.
+See [XIP 46](https://github.com/xmtp/XIPs/blob/main/XIPs/xip-46-multi-wallet-identity.md) for details.
 
-### OUTBOUND_WELCOME_STATE
+### Delivery Service (DS)
 
-- PENDING // Needs to wait for commit to be applied before sending
-- READY_TO_SEND
-- SENT // Messages may be deleted at this point. We may decide to remove this state altogether.
+The DS describes the set of mechanisms used to transport messages and key packages between clients. XMTP uses a central server that chat messages and invite/Welcome messages can be submitted to and read from without special permission. However, it is per-IP rate-limited in order in order to mitigate spam.
 
-### GROUP_MESSAGE_KIND
+The server provides APIs for submitting and reading (MLS-encrypted) chat messages by their group ID and Welcome messages by the installation key. Reading a message from the server does not chage the server state. The order in which the server receives the messages determines the order in which they are returned to clients.
 
-- APPLICATION
-- MEMBER_ADDED
-- MEMBER_REMOVED
+Clients can query group invites (in the form of Welcome messages) by their installation key. The Welcome messages have an additional layer of encryption using HPKE, applied at the client side. This is done because when creating a commit with several Add proposals, a large part of the Welcome messages sent to each user is shared, which would make it possible to see that the several users have been added to the same group. The additional layer of encryption makes these messages unlinkable.
 
-## State Machine
+It is possible that a client fails to decrypt an incoming messages. Possible sources of decryption failures could be that an attacker mounts a DoS attack by sending spam, or that the group state of clients somehow diverged, such that honest clients use different encryption keys and thus produce undecryptable messages. This should not be possible and would require a bug in the XMTP SDK or OpenMLS, and that bug to be tripped inadvertently or adversarially.
 
-The [following diagram](https://app.excalidraw.com/s/4nwb0c8ork7/6pPH1kQDoj3) illustrates some common flows in the state machine
+Should decryption of an incoming message fail, In the SDK, messages that fail to decrypt are just dropped. The XMTP messaging app uses telemetry to notifiy the developers of decryption failures, so they have some understanding of whether this problem needs additinal mitigation. Should the data indicate that this is in fact a real problem, methods for group state fork discovery and recovery mechanisms will be developed and deployed.
 
-![MLS State Machine](../img/mls-state-machine.png "MLS State Machine")
+## Security Considerations
 
-For the first version of MLS in XMTP, all members commit their own proposals immediately, and immediately discard any proposals from other members upon receiving them. Future versions of XMTP will have more sophisticated logic, such as batching proposals, allowing members to commit proposals from other members, as well as more sophisticated validation logic for which proposals are permitted from which members.
+This section defines the threat model XMTP has for libxmtp.
 
-### Known missing items from the state machine
+**Out of scope** are the following areas
 
-- Key updates
-- Processing incoming welcome messages
-- Tracking group membership at the account/user level
-- Permissioning for adding/removing accounts/users
-- Mechanism for syncing installations under each account/user
+- Physical attacks on endpoints
+- Network privacy (IP addresses)
+- Deniability of messages
+- Membership privacy (inherited from MLS)
+- Attacks based on the ciphertext size (XMTP does not use extra padding)
 
-### Add members to a group
+### Security properties
 
-Simplified high level flow for adding members to a group:
+The security of XMTP rests on that of MLS. The chosen configuration of MLS provides privacy and authenticity of all messages. It also provides both Forward Secrecy and Post-Compromise Security. Since no ciphersuite has been standardized that provides protection against Quantum Adversaries (even HNDL attacks), XMTP also does not provide security against such attackers.
 
-1. Create a `group_intent` for adding the members
-1. Fetch Key Packages for all new members
-1. Convert the intent into concrete commit and welcome messages for the current epoch
-   1. Write the welcome messages to the `post_commit_data` field for later
-1. Publish commit message
-1. Sync the state of the group with the network
-1. If no conflicts: Publish welcome messages to new members.
-   If conflicts: Go back to step 2 and try again (reset the intent's state to `TO_SEND` and clear the `publish_data` and `post_commit_data` fields)
+#### Endpoint security
 
-### Remove members from a group
+In the XMTP messaging app, private key material is stored in the secure key storage of the mobile operating systems. XMTP encourages app developers using the SDK to do the same, but ultimately it is their decision.
 
-Simplified high level flow for removing members from a group:
+### Credential Validation
 
-1. Create a `group_intent` for removing the members
-1. Convert the intent into concrete commit for the current epoch
-1. Publish commit to the network
-1. Sync the state of the group with the network
-1. If no conflicts: Done.
-   If conflicts: Go back to step 2 and try again (reset the intent's state to `TO_SEND` and clear the `publish_data` and `post_commit_data` fields)
+Identities, linked to credentials, rely on Ethereum wallet addresses.
+XMTP does not expect any validation beyond that.
+This can be seen as a type of key transparency mechanism.
 
-### Send a message
+### Denial of Service and Spam Protection
 
-Simplified high level flow for sending a group message:
+XMTP implements IP based rate limiting for all API endpoints for DoS and spam protection.
+No other authentication is required.
 
-1. Create a `group_intent` for sending the message
-1. Convert the intent into a concrete message for the current epoch
-1. Publish message to the network
-1. Sync the state of the group with the network (can be debounced or otherwise only done periodically)
-1. If no conflicts: Mark the message as committed.
-   If conflicts: Go back to step 2 and try again (reset the intent's state to `TO_SEND` and clear the `publish_data` and `post_commit_data` fields)
+### Privacy
 
-### Syncing group state
+XMTP offers push notifications with FCM. Push token privacy is not in scope for XMTP's threat model.
 
-The latest payloads on a group could be synced from the server in the following cases:
+But XMTP adds additional anonymity to Welcome messages by encrypting them with HPKE to hide their metadata. Further, only private messages that leak the minimum amount of metadata are used.
 
-- Push notifications
-- Application-triggered subscription
-- Application-triggered pull
-- Commit publishing flow
+### Consent
 
-Any syncing strategy must be able to handle the following constraints:
+XMTP allows blocking invites to groups if unwanted, based on the inviter.
 
-- Payload syncing could be initiated concurrently from multiple locations
-- Due to forward secrecy constraints, each payload may only be decrypted successfully once
+### Trust in Backend
 
-These are the following possible strategies, each with their own limitations:
+The backend maintains a directory that maps Wallet Addresses to Inbox IDs and may return wrong information. Backends are able to hide revocations of bindings.
 
-- Co-ordinated: Syncing can only happen in one location at a time via locks/queues
-- Unco-ordinated: Allow syncing to happen in parallel
+### Transport Channels
 
-The latter is simpler to implement in the short-term, but raises the following potential challenges:
+The [MLS architecture](https://datatracker.ietf.org/doc/html/draft-ietf-mls-architecture) recommends in Section 8.1. to use transport channels that are reliable and hide metadata.
+This is because MLS messages may still leak metadata.
+However, note that [XMTP uses private messages everywhere](https://github.com/xmtp/libxmtp/blob/3af97cb69435e5b9daa4577bad6a3bd187834d97/xmtp_mls/src/groups/mod.rs#L1222C29-L1222C45), which has the highest metadata hiding properties possible in MLS.
+Further note that the secure transport is supposed to protect MLS and XMTP metadata but is not necessary for the end-to-end security of the MLS-based messaging.
 
-- How to handle concurrent decryption failures and return the latest data regardless
-- How to handle updating the `last_message_timestamp_ns` on the `topic_refresh_state` table
-- How to know if a failure is due to the message having already been decrypted, or permanent failure
+To hide the reamining metadata, XMTP uses GRPC with TLS.
+TLS is instantiated through [Rustls](https://github.com/xmtp/libxmtp/blob/3af97cb69435e5b9daa4577bad6a3bd187834d97/xmtp_api_grpc/src/grpc_api_helper.rs#L59).
 
-For the initial version, this simple strategy can be used to pull the latest payloads:
+:::warning
+A specific (set of) ciphersuite should be picked to use for TLS. Update here when that's done.
+:::
 
-1. Read the `last_message_timestamp_ns` from the database and pull all payloads from the server with timestamp greater than it
-1. For each payload, attempt to decrypt it
-   1. If it succeeds, process the payload. Write the result, update the cryptographic state, and update the `last_message_timestamp_ns`, together in a single transaction. Set `last_message_timestamp_ns` to the larger value out of the value in the database and the payload's timestamp.
-   1. If it fails, only attempt to update `last_message_timestamp_ns` in the database to the larger value out of the value in the database and the payload's timestamp.
-1. To return the result of the sync, pull the latest data from the database rather than using the in-memory data from the syncing process
+### Last Resort Key Packages Only
 
-This strategy effectively means that the processing of each payload succeeds or fails atomically. In the event of failure due to concurrency, the actual result can be read from the database.
+[Section 10 of the MLS RFC](https://www.rfc-editor.org/rfc/rfc9420.html#section-10) states that key packages are intended to be used only once and SHOULD NOT be reused.
+This is to ensure that the keys used to encrypt welcome messages are ephemeral, i.e. used only once.
+[Section 16.8](https://www.rfc-editor.org/rfc/rfc9420.html#name-keypackage-reuse) gives more detail on the security impact of reusing key packages.
 
-For now, we can put off the issue of detecting if a decryption failure is due to concurrency or permanent failure. If OpenMLS cryptographic state is entirely database-driven, we may be able to detect that a failure is due to concurrency by the fact that `last_message_timestamp_ns` has already been updated. If OpenMLS cryptographic state is partially driven by in-memory data, we can record per-payload successes and failures in a separate table, with successes always overwriting failures.
+While there have been [discussions](https://mailarchive.ietf.org/arch/msg/mls/0a-Q30vGLla4eFmJNPGWW8W5baE/) on the exact security impact of re-using key packages, it remains an open question how an attack on re-used key packages would look like.
 
-### Updating your list of conversations
+Reusing a key package is equivalent to using the same static key to encrypt towards multiple times.
+While this is not a security issue in itself, it allows a potential attacker to collect multiple ciphertexts for the same public key, which combined with other factors like weak randomness, can lead to serious attacks.
 
-1. Read from the welcome topic for your `installation_id`, filtering for messages since `last_message_timestamp`
-1. For each message, create a group with a `GROUP_MEMBERSHIP_STATE` of pending
+Due to the decentralized nature of the XMTP protocol, it is almost impossible to use ephemeral key packages.
+Instead, XMTP implements a protocol to ensure that key packages are rotated as soon after use as possible.
+In particular does a client change its key package after receiving a welcome message that used the published key package.
diff --git a/xmtp_mls/migrations/2024-10-03-004750_add_rotated_at_ns/down.sql b/xmtp_mls/migrations/2024-10-03-004750_add_rotated_at_ns/down.sql
new file mode 100644
index 000000000..d114c0a72
--- /dev/null
+++ b/xmtp_mls/migrations/2024-10-03-004750_add_rotated_at_ns/down.sql
@@ -0,0 +1,3 @@
+ALTER TABLE GROUPS
+    DROP COLUMN rotated_at_ns;
+
diff --git a/xmtp_mls/migrations/2024-10-03-004750_add_rotated_at_ns/up.sql b/xmtp_mls/migrations/2024-10-03-004750_add_rotated_at_ns/up.sql
new file mode 100644
index 000000000..db8fef9c9
--- /dev/null
+++ b/xmtp_mls/migrations/2024-10-03-004750_add_rotated_at_ns/up.sql
@@ -0,0 +1,3 @@
+ALTER TABLE GROUPS
+    ADD COLUMN rotated_at_ns BIGINT NOT NULL DEFAULT 0;
+
diff --git a/xmtp_mls/migrations/README.md b/xmtp_mls/migrations/README.md
index 6612df812..ab8fbc634 100644
--- a/xmtp_mls/migrations/README.md
+++ b/xmtp_mls/migrations/README.md
@@ -22,4 +22,4 @@ Edit the `up.sql` and `down.sql` files created
 cargo run --bin update-schema
 ```
 
-This updates the generated `schema.rs` file. You can now update the models and queries to reference it in `xmtp_mls/src/storage/encrypted_store/`.
+Make sure you run this from `xmtp_mls/`. This updates the generated `schema.rs` file. You can now update the models and queries to reference it in `xmtp_mls/src/storage/encrypted_store/`.
diff --git a/xmtp_mls/src/client.rs b/xmtp_mls/src/client.rs
index 8a6687247..969d45ef2 100644
--- a/xmtp_mls/src/client.rs
+++ b/xmtp_mls/src/client.rs
@@ -63,7 +63,7 @@ use crate::{
     Fetch, XmtpApi,
 };
 
-/// Which network the Client is connected to
+/// Enum representing the network the Client is connected to
 #[derive(Clone, Copy, Default, Debug)]
 pub enum Network {
     Local(&'static str),
@@ -130,7 +130,7 @@ impl crate::retry::RetryableError for ClientError {
     }
 }
 
-/// An enum of errors that can occur when reading and processing a message off the network
+/// Errors that can occur when reading and processing a message off the network
 #[derive(Debug, Error)]
 pub enum MessageProcessingError {
     #[error("[{0}] already processed")]
@@ -305,11 +305,11 @@ where
             local_events: tx,
         }
     }
-
+    /// Retrieves the client's installation public key, sometimes also called `installation_id`
     pub fn installation_public_key(&self) -> Vec<u8> {
         self.context.installation_public_key()
     }
-
+    /// Retrieves the client's inbox ID
     pub fn inbox_id(&self) -> String {
         self.context.inbox_id()
     }
@@ -319,6 +319,7 @@ where
         self.context.mls_provider()
     }
 
+    /// Calls the server to look up the `inbox_id` associated with a given address
     pub async fn find_inbox_id_from_address(
         &self,
         address: String,
@@ -333,6 +334,8 @@ where
         }
     }
 
+    /// Calls the server to look up the `inbox_id`s` associated with a list of addresses.
+    /// If no `inbox_id` is found, returns None.
     pub async fn find_inbox_ids_from_addresses(
         &self,
         addresses: Vec<String>,
@@ -350,11 +353,13 @@ where
         Ok(inbox_ids)
     }
 
-    /// Get sequence id, may not be consistent with the backend
+    /// Get the highest `sequence_id` from the local database for the client's `inbox_id`.
+    /// This may not be consistent with the latest state on the backend.
     pub fn inbox_sequence_id(&self, conn: &DbConnection) -> Result<i64, StorageError> {
         self.context.inbox_sequence_id(conn)
     }
 
+    /// Get the [`AssociationState`] for the client's `inbox_id`
     pub async fn inbox_state(
         &self,
         refresh_from_network: bool,
@@ -368,8 +373,8 @@ where
         Ok(state)
     }
 
-    // set the consent record in the database
-    // if the consent record is an address also set the inboxId
+    /// Set a consent record in the local database.
+    /// If the consent record is an address set the consent state for both the address and `inbox_id`
     pub async fn set_consent_states(
         &self,
         mut records: Vec<StoredConsentRecord>,
@@ -408,8 +413,7 @@ where
         Ok(())
     }
 
-    // get the consent record from the database
-    // if the consent record is an address also get the inboxId instead
+    /// Get the consent state for a given entity
     pub async fn get_consent_state(
         &self,
         entity_type: ConsentType,
@@ -432,25 +436,29 @@ where
         }
     }
 
+    /// Gets a reference to the client's store
     pub fn store(&self) -> &EncryptedMessageStore {
         &self.context.store
     }
 
+    /// Release the client's database connection
     pub fn release_db_connection(&self) -> Result<(), ClientError> {
         let store = &self.context.store;
         store.release_connection()?;
         Ok(())
     }
 
+    /// Reconnect to the client's database if it has previously been released
     pub fn reconnect_db(&self) -> Result<(), ClientError> {
         self.context.store.reconnect()?;
         Ok(())
     }
-
+    /// Get a reference to the client's identity struct
     pub fn identity(&self) -> &Identity {
         &self.context.identity
     }
 
+    /// Get a reference (in an Arc) to the client's local context
     pub fn context(&self) -> &Arc<XmtpMlsLocalContext> {
         &self.context
     }
@@ -460,6 +468,7 @@ where
     }
 
     /// Create a new group with the default settings
+    /// Applies a custom [`PolicySet`] to the group if one is specified
     pub fn create_group(
         &self,
         permissions_policy_set: Option<PolicySet>,
@@ -480,6 +489,7 @@ where
         Ok(group)
     }
 
+    /// Create a group with an initial set of members added
     pub async fn create_group_with_members(
         &self,
         account_addresses: Vec<String>,
@@ -648,6 +658,8 @@ where
         Ok(())
     }
 
+    /// Query for group messages that have a `sequence_id` > than the highest cursor
+    /// found in the local database
     pub(crate) async fn query_group_messages(
         &self,
         group_id: &Vec<u8>,
@@ -663,6 +675,8 @@ where
         Ok(welcomes)
     }
 
+    /// Query for welcome messages that have a `sequence_id` > than the highest cursor
+    /// found in the local database
     pub(crate) async fn query_welcome_messages(
         &self,
         conn: &DbConnection,
@@ -678,6 +692,7 @@ where
         Ok(welcomes)
     }
 
+    /// Fetches the current key package from the network for each of the `installation_id`s specified
     #[tracing::instrument(level = "trace", skip_all)]
     pub(crate) async fn get_key_packages_for_installation_ids(
         &self,
@@ -692,6 +707,8 @@ where
             .collect::<Result<_, _>>()?)
     }
 
+    /// In a database transaction, increment the cursor for a given entity and
+    /// apply the update after the provided `ProcessingFn` has completed successfully.
     pub(crate) async fn process_for_id<Fut, ProcessingFn, ReturnValue>(
         &self,
         entity_id: &Vec<u8>,
@@ -717,7 +734,7 @@ where
             .await
     }
 
-    /// Download all unread welcome messages and convert to groups.
+    /// Download all unread welcome messages and converts to a group struct, ignoring malformed messages.
     /// Returns any new groups created in the operation
     pub async fn sync_welcomes(&self) -> Result<Vec<MlsGroup>, ClientError> {
         let envelopes = self.query_welcome_messages(&self.store().conn()?).await?;
@@ -787,7 +804,7 @@ where
         Ok(groups)
     }
 
-    /// Sync all groups for the current user and return the number of groups that were synced.
+    /// Sync all groups for the current installation and return the number of groups that were synced.
     /// Only active groups will be synced.
     pub async fn sync_all_groups(&self, groups: Vec<MlsGroup>) -> Result<usize, GroupError> {
         // Acquire a single connection to be reused
diff --git a/xmtp_mls/src/configuration.rs b/xmtp_mls/src/configuration.rs
index 039299de2..96a918495 100644
--- a/xmtp_mls/src/configuration.rs
+++ b/xmtp_mls/src/configuration.rs
@@ -16,6 +16,10 @@ const NS_IN_SEC: i64 = 1_000_000_000;
 
 const NS_IN_HOUR: i64 = NS_IN_SEC * 60 * 60;
 
+const NS_IN_DAY: i64 = NS_IN_HOUR * 24;
+
+pub const GROUP_KEY_ROTATION_INTERVAL_NS: i64 = 30 * NS_IN_DAY;
+
 pub const SYNC_UPDATE_INSTALLATIONS_INTERVAL_NS: i64 = NS_IN_HOUR / 2; // 30 min
 
 pub const SEND_MESSAGE_UPDATE_INSTALLATIONS_INTERVAL_NS: i64 = 5 * NS_IN_SEC;
diff --git a/xmtp_mls/src/groups/group_membership.rs b/xmtp_mls/src/groups/group_membership.rs
index a614a7ea2..ac3e8d323 100644
--- a/xmtp_mls/src/groups/group_membership.rs
+++ b/xmtp_mls/src/groups/group_membership.rs
@@ -30,6 +30,7 @@ impl GroupMembership {
         self.members.keys().cloned().collect()
     }
 
+    // Convert the mapping to a vector of `inbox_id`/`sequence_id` tuples
     pub fn to_filters(&self) -> Vec<(String, i64)> {
         self.members
             .iter()
diff --git a/xmtp_mls/src/groups/group_metadata.rs b/xmtp_mls/src/groups/group_metadata.rs
index d80ea93ec..333125022 100644
--- a/xmtp_mls/src/groups/group_metadata.rs
+++ b/xmtp_mls/src/groups/group_metadata.rs
@@ -23,6 +23,7 @@ pub enum GroupMetadataError {
     MissingDmMember,
 }
 
+/// `GroupMetadata` is immutable and created at the time of group creation.
 #[derive(Debug, Clone, PartialEq)]
 pub struct GroupMetadata {
     pub conversation_type: ConversationType,
@@ -96,6 +97,13 @@ impl TryFrom<&Extensions> for GroupMetadata {
     }
 }
 
+/**
+ * XMTP supports the following types of conversation
+ *
+ * Group: A conversation with 1->N members and complex permissions and roles
+ * DM: A conversation between 2 members with simplified permissions
+ * Sync: A conversation between all the devices of a single member with simplified permissions
+ */
 #[derive(Debug, Clone, PartialEq)]
 pub enum ConversationType {
     Group,
diff --git a/xmtp_mls/src/groups/intents.rs b/xmtp_mls/src/groups/intents.rs
index f5394fa74..d1f8a1ed7 100644
--- a/xmtp_mls/src/groups/intents.rs
+++ b/xmtp_mls/src/groups/intents.rs
@@ -26,6 +26,11 @@ use xmtp_proto::xmtp::mls::database::{
 };
 
 use crate::{
+    configuration::GROUP_KEY_ROTATION_INTERVAL_NS,
+    storage::{
+        db_connection::DbConnection,
+        group_intent::{IntentKind, NewGroupIntent, StoredGroupIntent},
+    },
     types::Address,
     verified_key_package_v2::{KeyPackageVerificationError, VerifiedKeyPackageV2},
 };
@@ -34,6 +39,7 @@ use super::{
     group_membership::GroupMembership,
     group_mutable_metadata::MetadataField,
     group_permissions::{MembershipPolicies, MetadataPolicies, PermissionsPolicies},
+    GroupError, MlsGroup,
 };
 
 #[derive(Debug, Error)]
@@ -48,6 +54,52 @@ pub enum IntentError {
     Generic(String),
 }
 
+impl MlsGroup {
+    pub fn queue_intent(
+        &self,
+        intent_kind: IntentKind,
+        intent_data: Vec<u8>,
+    ) -> Result<StoredGroupIntent, GroupError> {
+        self.context.store.transaction(|provider| {
+            let conn = provider.conn_ref();
+            self.queue_intent_with_conn(conn, intent_kind, intent_data)
+        })
+    }
+
+    pub fn queue_intent_with_conn(
+        &self,
+        conn: &DbConnection,
+        intent_kind: IntentKind,
+        intent_data: Vec<u8>,
+    ) -> Result<StoredGroupIntent, GroupError> {
+        if intent_kind == IntentKind::SendMessage {
+            self.maybe_insert_key_update_intent(conn)?;
+        }
+
+        let intent = conn.insert_group_intent(NewGroupIntent::new(
+            intent_kind,
+            self.group_id.clone(),
+            intent_data,
+        ))?;
+
+        if intent_kind != IntentKind::SendMessage {
+            conn.update_rotated_at_ns(self.group_id.clone())?;
+        }
+
+        Ok(intent)
+    }
+
+    fn maybe_insert_key_update_intent(&self, conn: &DbConnection) -> Result<(), GroupError> {
+        let last_rotated_at_ns = conn.get_rotated_at_ns(self.group_id.clone())?;
+        let now_ns = crate::utils::time::now_ns();
+        let elapsed_ns = now_ns - last_rotated_at_ns;
+        if elapsed_ns > GROUP_KEY_ROTATION_INTERVAL_NS {
+            self.queue_intent_with_conn(conn, IntentKind::KeyUpdate, vec![])?;
+        }
+        Ok(())
+    }
+}
+
 #[derive(Debug, Clone)]
 pub struct SendMessageIntentData {
     pub message: Vec<u8>,
@@ -669,6 +721,15 @@ impl TryFrom<Vec<u8>> for PostCommitAction {
 
 #[cfg(test)]
 mod tests {
+    use openmls::prelude::{MlsMessageBodyIn, MlsMessageIn, ProcessedMessageContent};
+    use tls_codec::Deserialize;
+    use xmtp_cryptography::utils::generate_local_wallet;
+    use xmtp_proto::xmtp::mls::api::v1::{group_message, GroupMessage};
+
+    use crate::{
+        builder::ClientBuilder, groups::GroupMetadataOptions, utils::test::TestClient, Client,
+    };
+
     use super::*;
 
     #[test]
@@ -709,4 +770,107 @@ mod tests {
 
         assert_eq!(intent.field_value, restored_intent.field_value);
     }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
+    async fn test_key_rotation_before_first_message() {
+        let client_a = ClientBuilder::new_test_client(&generate_local_wallet()).await;
+        let client_b = ClientBuilder::new_test_client(&generate_local_wallet()).await;
+
+        // client A makes a group with client B, and then sends a message to client B.
+        let group_a = client_a
+            .create_group(None, GroupMetadataOptions::default())
+            .expect("create group");
+        group_a
+            .add_members_by_inbox_id(&client_a, vec![client_b.inbox_id()])
+            .await
+            .unwrap();
+        group_a
+            .send_message(b"First message from A", &client_a)
+            .await
+            .unwrap();
+
+        // No key rotation needed, because A's commit to add B already performs a rotation.
+        // Group should have a commit to add client B, followed by A's message.
+        verify_num_payloads_in_group(&client_a, &group_a, 2).await;
+
+        // Client B sends a message to Client A
+        let groups_b = client_b.sync_welcomes().await.unwrap();
+        assert_eq!(groups_b.len(), 1);
+        let group_b = groups_b[0].clone();
+        group_b
+            .send_message(b"First message from B", &client_b)
+            .await
+            .expect("send message");
+
+        // B must perform a key rotation before sending their first message.
+        // Group should have a commit to add B, A's message, B's key rotation and then B's message.
+        let payloads_a = verify_num_payloads_in_group(&client_a, &group_a, 4).await;
+        let payloads_b = verify_num_payloads_in_group(&client_b, &group_b, 4).await;
+
+        // Verify key rotation payload
+        for i in 0..payloads_a.len() {
+            assert_eq!(payloads_a[i].encode_to_vec(), payloads_b[i].encode_to_vec());
+        }
+        verify_commit_updates_leaf_node(&client_a, &group_a, &payloads_a[2]);
+
+        // Client B sends another message to Client A, and Client A sends another message to Client B.
+        group_b
+            .send_message(b"Second message from B", &client_b)
+            .await
+            .expect("send message");
+        group_a
+            .send_message(b"Second message from A", &client_a)
+            .await
+            .expect("send message");
+
+        // Group should only have 2 additional messages - no more key rotations needed.
+        verify_num_payloads_in_group(&client_a, &group_a, 6).await;
+        verify_num_payloads_in_group(&client_b, &group_b, 6).await;
+    }
+
+    async fn verify_num_payloads_in_group(
+        client: &Client<TestClient>,
+        group: &MlsGroup,
+        num_messages: usize,
+    ) -> Vec<GroupMessage> {
+        let messages = client
+            .api_client
+            .query_group_messages(group.group_id.clone(), None)
+            .await
+            .unwrap();
+        assert_eq!(messages.len(), num_messages);
+        messages
+    }
+
+    fn verify_commit_updates_leaf_node(
+        client: &Client<TestClient>,
+        group: &MlsGroup,
+        payload: &GroupMessage,
+    ) {
+        let msgv1 = match &payload.version {
+            Some(group_message::Version::V1(value)) => value,
+            _ => panic!("error msgv1"),
+        };
+
+        let mls_message_in = MlsMessageIn::tls_deserialize_exact(&msgv1.data).unwrap();
+        let mls_message = match mls_message_in.extract() {
+            MlsMessageBodyIn::PrivateMessage(mls_message) => mls_message,
+            _ => panic!("error mls_message"),
+        };
+
+        let provider = client.mls_provider().unwrap();
+        let mut openmls_group = group.load_mls_group(&provider).unwrap();
+        let decrypted_message = openmls_group
+            .process_message(&provider, mls_message)
+            .unwrap();
+
+        let staged_commit = match decrypted_message.into_content() {
+            ProcessedMessageContent::StagedCommitMessage(staged_commit) => *staged_commit,
+            _ => panic!("error staged_commit"),
+        };
+
+        // Check there is indeed some updated leaf node, which means the key update works.
+        let path_update_leaf_node = staged_commit.update_path_leaf_node();
+        assert!(path_update_leaf_node.is_some());
+    }
 }
diff --git a/xmtp_mls/src/groups/message_history.rs b/xmtp_mls/src/groups/message_history.rs
index ed9896c10..8f09e1a32 100644
--- a/xmtp_mls/src/groups/message_history.rs
+++ b/xmtp_mls/src/groups/message_history.rs
@@ -265,7 +265,7 @@ where
             })?;
 
         // publish the intent
-        if let Err(err) = sync_group.publish_intents(&conn.into(), self).await {
+        if let Err(err) = sync_group.publish_messages(self).await {
             tracing::error!("error publishing sync group intents: {:?}", err);
         }
         Ok(())
diff --git a/xmtp_mls/src/groups/mod.rs b/xmtp_mls/src/groups/mod.rs
index 684c7b2a4..ef546ebac 100644
--- a/xmtp_mls/src/groups/mod.rs
+++ b/xmtp_mls/src/groups/mod.rs
@@ -86,7 +86,7 @@ use crate::{
         consent_record::{ConsentState, ConsentType, StoredConsentRecord},
         db_connection::DbConnection,
         group::{GroupMembershipState, Purpose, StoredGroup},
-        group_intent::{IntentKind, NewGroupIntent},
+        group_intent::IntentKind,
         group_message::{DeliveryStatus, GroupMessageKind, StoredGroupMessage},
         sql_key_store,
     },
@@ -253,6 +253,10 @@ pub enum UpdateAdminListType {
     RemoveSuper,
 }
 
+/// Represents a group, which can contain anywhere from 1 to MAX_GROUP_SIZE inboxes.
+///
+/// This is a wrapper around OpenMLS's `MlsGroup` that handles our application-level configuration
+/// and validations.
 impl MlsGroup {
     // Creates a new group instance. Does not validate that the group exists in the DB
     pub fn new(context: Arc<XmtpMlsLocalContext>, group_id: Vec<u8>, created_at_ns: i64) -> Self {
@@ -271,7 +275,7 @@ impl MlsGroup {
         Ok(self.context.store.conn()?.into())
     }
 
-    // Load the stored MLS group from the OpenMLS provider's keystore
+    // Load the stored OpenMLS group from the OpenMLS provider's keystore
     #[tracing::instrument(level = "trace", skip_all)]
     pub(crate) fn load_mls_group(
         &self,
@@ -445,8 +449,12 @@ impl MlsGroup {
             ),
         };
 
+        // Ensure that the list of members in the group's MLS tree matches the list of inboxes specified
+        // in the `GroupMembership` extension.
         validate_initial_group_membership(client, provider.conn_ref(), &mls_group).await?;
 
+        // Insert or replace the group in the database.
+        // Replacement can happen in the case that the user has been removed from and subsequently re-added to the group.
         let stored_group = provider.conn_ref().insert_or_replace_group(to_store)?;
 
         Ok(Self::new(
@@ -456,7 +464,7 @@ impl MlsGroup {
         ))
     }
 
-    // Decrypt a welcome message using HPKE and then create and save a group from the stored message
+    /// Decrypt a welcome message using HPKE and then create and save a group from the stored message
     pub async fn create_from_encrypted_welcome<ApiClient: XmtpApi>(
         client: &Client<ApiClient>,
         provider: &XmtpOpenMlsProvider,
@@ -534,7 +542,7 @@ impl MlsGroup {
         ))
     }
 
-    /// Send a message on this users XMTP [`Client`].
+    /// Send a message on this user's XMTP [`Client`].
     pub async fn send_message<ApiClient>(
         &self,
         message: &[u8],
@@ -562,7 +570,8 @@ impl MlsGroup {
         message_id
     }
 
-    /// Publish all unpublished messages
+    /// Publish all unpublished messages. This happens by calling `sync_until_last_intent_resolved`
+    /// which publishes all pending intents and reads them back from the network.
     pub async fn publish_messages<ApiClient>(
         &self,
         client: &Client<ApiClient>,
@@ -584,7 +593,10 @@ impl MlsGroup {
         Ok(())
     }
 
-    /// Update group installations
+    /// Checks the network to see if any group members have identity updates that would cause installations
+    /// to be added or removed from the group.
+    ///
+    /// If so, adds/removes those group members
     pub async fn update_installations<ApiClient>(
         &self,
         client: &Client<ApiClient>,
@@ -631,9 +643,7 @@ impl MlsGroup {
             .map_err(GroupError::EncodeError)?;
 
         let intent_data: Vec<u8> = SendMessageIntentData::new(encoded_envelope).into();
-        let intent =
-            NewGroupIntent::new(IntentKind::SendMessage, self.group_id.clone(), intent_data);
-        intent.store(conn)?;
+        self.queue_intent_with_conn(conn, IntentKind::SendMessage, intent_data)?;
 
         // store this unpublished message locally before sending
         let message_id = calculate_message_id(&self.group_id, message, &now.to_string());
@@ -661,8 +671,8 @@ impl MlsGroup {
         }
     }
 
-    // Query the database for stored messages. Optionally filtered by time, kind, delivery_status
-    // and limit
+    /// Query the database for stored messages. Optionally filtered by time, kind, delivery_status
+    /// and limit
     pub fn find_messages(
         &self,
         kind: Option<GroupMessageKind>,
@@ -687,8 +697,8 @@ impl MlsGroup {
     /**
      * Add members to the group by account address
      *
-     * If any existing members have new installations that have not been added, the missing installations
-     * will be added as part of this process as well.
+     * If any existing members have new installations that have not been added or removed, the
+     * group membership will be updated to include those changes as well.
      */
     #[tracing::instrument(level = "trace", skip_all)]
     pub async fn add_members<ApiClient>(
@@ -742,18 +752,24 @@ impl MlsGroup {
             return Ok(());
         }
 
-        let intent = provider
-            .conn_ref()
-            .insert_group_intent(NewGroupIntent::new(
-                IntentKind::UpdateGroupMembership,
-                self.group_id.clone(),
-                intent_data.into(),
-            ))?;
+        let intent = self.queue_intent_with_conn(
+            provider.conn_ref(),
+            IntentKind::UpdateGroupMembership,
+            intent_data.into(),
+        )?;
 
         self.sync_until_intent_resolved(&provider, intent.id, client)
             .await
     }
 
+    /// Removes members from the group by their account addresses.
+    ///
+    /// # Arguments
+    /// * `client` - The XMTP client.
+    /// * `account_addresses_to_remove` - A vector of account addresses to remove from the group.
+    ///
+    /// # Returns
+    /// A `Result` indicating success or failure of the operation.
     pub async fn remove_members<ApiClient: XmtpApi>(
         &self,
         client: &Client<ApiClient>,
@@ -766,6 +782,14 @@ impl MlsGroup {
             .await
     }
 
+    /// Removes members from the group by their inbox IDs.
+    ///
+    /// # Arguments
+    /// * `client` - The XMTP client.
+    /// * `inbox_ids` - A vector of inbox IDs to remove from the group.
+    ///
+    /// # Returns
+    /// A `Result` indicating success or failure of the operation.
     pub async fn remove_members_by_inbox_id<ApiClient: XmtpApi>(
         &self,
         client: &Client<ApiClient>,
@@ -777,18 +801,18 @@ impl MlsGroup {
             .get_membership_update_intent(client, &provider, vec![], inbox_ids)
             .await?;
 
-        let intent = provider
-            .conn_ref()
-            .insert_group_intent(NewGroupIntent::new(
-                IntentKind::UpdateGroupMembership,
-                self.group_id.clone(),
-                intent_data.into(),
-            ))?;
+        let intent = self.queue_intent_with_conn(
+            provider.conn_ref(),
+            IntentKind::UpdateGroupMembership,
+            intent_data.into(),
+        )?;
 
         self.sync_until_intent_resolved(&provider, intent.id, client)
             .await
     }
 
+    /// Updates the name of the group. Will error if the user does not have the appropriate permissions
+    /// to perform these updates.
     pub async fn update_group_name<ApiClient>(
         &self,
         client: &Client<ApiClient>,
@@ -797,19 +821,15 @@ impl MlsGroup {
     where
         ApiClient: XmtpApi,
     {
-        let conn = self.context.store.conn()?;
         let intent_data: Vec<u8> =
             UpdateMetadataIntentData::new_update_group_name(group_name).into();
-        let intent = conn.insert_group_intent(NewGroupIntent::new(
-            IntentKind::MetadataUpdate,
-            self.group_id.clone(),
-            intent_data,
-        ))?;
+        let intent = self.queue_intent(IntentKind::MetadataUpdate, intent_data)?;
 
-        self.sync_until_intent_resolved(&conn.into(), intent.id, client)
+        self.sync_until_intent_resolved(&client.mls_provider()?, intent.id, client)
             .await
     }
 
+    /// Updates the permission policy of the group. This requires super admin permissions.
     pub async fn update_permission_policy<ApiClient: XmtpApi>(
         &self,
         client: &Client<ApiClient>,
@@ -817,8 +837,6 @@ impl MlsGroup {
         permission_policy: PermissionPolicyOption,
         metadata_field: Option<MetadataField>,
     ) -> Result<(), GroupError> {
-        let conn = client.store().conn()?;
-
         if permission_update_type == PermissionUpdateType::UpdateMetadata
             && metadata_field.is_none()
         {
@@ -832,16 +850,13 @@ impl MlsGroup {
         )
         .into();
 
-        let intent = conn.insert_group_intent(NewGroupIntent::new(
-            IntentKind::UpdatePermission,
-            self.group_id.clone(),
-            intent_data,
-        ))?;
+        let intent = self.queue_intent(IntentKind::UpdatePermission, intent_data)?;
 
-        self.sync_until_intent_resolved(&conn.into(), intent.id, client)
+        self.sync_until_intent_resolved(&client.mls_provider()?, intent.id, client)
             .await
     }
 
+    /// Retrieves the group name from the group's mutable metadata extension.
     pub fn group_name(&self, provider: impl OpenMlsProvider) -> Result<String, GroupError> {
         let mutable_metadata = self.mutable_metadata(provider)?;
         match mutable_metadata
@@ -855,6 +870,7 @@ impl MlsGroup {
         }
     }
 
+    /// Updates the description of the group.
     pub async fn update_group_description<ApiClient>(
         &self,
         client: &Client<ApiClient>,
@@ -863,16 +879,11 @@ impl MlsGroup {
     where
         ApiClient: XmtpApi,
     {
-        let conn = self.context.store.conn()?;
         let intent_data: Vec<u8> =
             UpdateMetadataIntentData::new_update_group_description(group_description).into();
-        let intent = conn.insert_group_intent(NewGroupIntent::new(
-            IntentKind::MetadataUpdate,
-            self.group_id.clone(),
-            intent_data,
-        ))?;
+        let intent = self.queue_intent(IntentKind::MetadataUpdate, intent_data)?;
 
-        self.sync_until_intent_resolved(&conn.into(), intent.id, client)
+        self.sync_until_intent_resolved(&client.mls_provider()?, intent.id, client)
             .await
     }
 
@@ -889,6 +900,7 @@ impl MlsGroup {
         }
     }
 
+    /// Updates the image URL (square) of the group.
     pub async fn update_group_image_url_square<ApiClient>(
         &self,
         client: &Client<ApiClient>,
@@ -897,20 +909,16 @@ impl MlsGroup {
     where
         ApiClient: XmtpApi,
     {
-        let conn = self.context.store.conn()?;
         let intent_data: Vec<u8> =
             UpdateMetadataIntentData::new_update_group_image_url_square(group_image_url_square)
                 .into();
-        let intent = conn.insert_group_intent(NewGroupIntent::new(
-            IntentKind::MetadataUpdate,
-            self.group_id.clone(),
-            intent_data,
-        ))?;
+        let intent = self.queue_intent(IntentKind::MetadataUpdate, intent_data)?;
 
-        self.sync_until_intent_resolved(&conn.into(), intent.id, client)
+        self.sync_until_intent_resolved(&client.mls_provider()?, intent.id, client)
             .await
     }
 
+    /// Retrieves the image URL (square) of the group from the group's mutable metadata extension.
     pub fn group_image_url_square(
         &self,
         provider: impl OpenMlsProvider,
@@ -935,16 +943,11 @@ impl MlsGroup {
     where
         ApiClient: XmtpApi,
     {
-        let conn = self.context.store.conn()?;
         let intent_data: Vec<u8> =
             UpdateMetadataIntentData::new_update_group_pinned_frame_url(pinned_frame_url).into();
-        let intent = conn.insert_group_intent(NewGroupIntent::new(
-            IntentKind::MetadataUpdate,
-            self.group_id.clone(),
-            intent_data,
-        ))?;
+        let intent = self.queue_intent(IntentKind::MetadataUpdate, intent_data)?;
 
-        self.sync_until_intent_resolved(&conn.into(), intent.id, client)
+        self.sync_until_intent_resolved(&client.mls_provider()?, intent.id, client)
             .await
     }
 
@@ -964,11 +967,13 @@ impl MlsGroup {
         }
     }
 
+    /// Retrieves the admin list of the group from the group's mutable metadata extension.
     pub fn admin_list(&self, provider: impl OpenMlsProvider) -> Result<Vec<String>, GroupError> {
         let mutable_metadata = self.mutable_metadata(provider)?;
         Ok(mutable_metadata.admin_list)
     }
 
+    /// Retrieves the super admin list of the group from the group's mutable metadata extension.    
     pub fn super_admin_list(
         &self,
         provider: impl OpenMlsProvider,
@@ -977,6 +982,7 @@ impl MlsGroup {
         Ok(mutable_metadata.super_admin_list)
     }
 
+    /// Checks if the given inbox ID is an admin of the group at the most recently synced epoch.
     pub fn is_admin(
         &self,
         inbox_id: String,
@@ -986,6 +992,7 @@ impl MlsGroup {
         Ok(mutable_metadata.admin_list.contains(&inbox_id))
     }
 
+    /// Checks if the given inbox ID is a super admin of the group at the most recently synced epoch.
     pub fn is_super_admin(
         &self,
         inbox_id: String,
@@ -995,6 +1002,7 @@ impl MlsGroup {
         Ok(mutable_metadata.super_admin_list.contains(&inbox_id))
     }
 
+    /// Updates the admin list of the group and syncs the changes to the network.
     pub async fn update_admin_list<ApiClient>(
         &self,
         client: &Client<ApiClient>,
@@ -1004,7 +1012,6 @@ impl MlsGroup {
     where
         ApiClient: XmtpApi,
     {
-        let conn = self.context.store.conn()?;
         let intent_action_type = match action_type {
             UpdateAdminListType::Add => AdminListActionType::Add,
             UpdateAdminListType::Remove => AdminListActionType::Remove,
@@ -1013,13 +1020,9 @@ impl MlsGroup {
         };
         let intent_data: Vec<u8> =
             UpdateAdminListIntentData::new(intent_action_type, inbox_id).into();
-        let intent = conn.insert_group_intent(NewGroupIntent::new(
-            IntentKind::UpdateAdminList,
-            self.group_id.clone(),
-            intent_data,
-        ))?;
+        let intent = self.queue_intent(IntentKind::UpdateAdminList, intent_data)?;
 
-        self.sync_until_intent_resolved(&conn.into(), intent.id, client)
+        self.sync_until_intent_resolved(&client.mls_provider()?, intent.id, client)
             .await
     }
 
@@ -1063,27 +1066,26 @@ impl MlsGroup {
     where
         ApiClient: XmtpApi,
     {
-        let conn = self.context.store.conn()?;
-        let intent = conn.insert_group_intent(NewGroupIntent::new(
-            IntentKind::KeyUpdate,
-            self.group_id.clone(),
-            vec![],
-        ))?;
-
-        self.sync_until_intent_resolved(&conn.into(), intent.id, client)
+        let intent = self.queue_intent(IntentKind::KeyUpdate, vec![])?;
+        self.sync_until_intent_resolved(&client.mls_provider()?, intent.id, client)
             .await
     }
 
+    /// Checks if the the current user is active in the group.
+    ///
+    /// If the current user has been kicked out of the group, `is_active` will return `false`
     pub fn is_active(&self, provider: impl OpenMlsProvider) -> Result<bool, GroupError> {
         let mls_group = self.load_mls_group(provider)?;
         Ok(mls_group.is_active())
     }
 
+    /// Get the `GroupMetadata` of the group.
     pub fn metadata(&self, provider: impl OpenMlsProvider) -> Result<GroupMetadata, GroupError> {
         let mls_group = self.load_mls_group(provider)?;
         Ok(extract_group_metadata(&mls_group)?)
     }
 
+    /// Get the `GroupMutableMetadata` of the group.
     pub fn mutable_metadata(
         &self,
         provider: impl OpenMlsProvider,
@@ -1433,6 +1435,9 @@ fn build_group_config(
         .build())
 }
 
+/**
+ * Ensures that the membership in the MLS tree matches the inboxes specified in the `GroupMembership` extension.
+ */
 async fn validate_initial_group_membership<ApiClient: XmtpApi>(
     client: &Client<ApiClient>,
     conn: &DbConnection,
@@ -1564,7 +1569,7 @@ mod tests {
         storage::{
             consent_record::ConsentState,
             group::Purpose,
-            group_intent::{IntentKind, IntentState, NewGroupIntent},
+            group_intent::{IntentKind, IntentState},
             group_message::{GroupMessageKind, StoredGroupMessage},
         },
         xmtp_openmls_provider::XmtpOpenMlsProvider,
@@ -3412,13 +3417,9 @@ mod tests {
             return;
         }
 
-        let conn = provider.conn_ref();
-        conn.insert_group_intent(NewGroupIntent::new(
-            IntentKind::UpdateGroupMembership,
-            group.group_id.clone(),
-            intent_data.into(),
-        ))
-        .unwrap();
+        group
+            .queue_intent(IntentKind::UpdateGroupMembership, intent_data.into())
+            .unwrap();
     }
 
     /**
diff --git a/xmtp_mls/src/groups/sync.rs b/xmtp_mls/src/groups/sync.rs
index c5c10f824..6862568b5 100644
--- a/xmtp_mls/src/groups/sync.rs
+++ b/xmtp_mls/src/groups/sync.rs
@@ -30,7 +30,7 @@ use crate::{
     retry_async,
     storage::{
         db_connection::DbConnection,
-        group_intent::{IntentKind, IntentState, NewGroupIntent, StoredGroupIntent, ID},
+        group_intent::{IntentKind, IntentState, StoredGroupIntent, ID},
         group_message::{DeliveryStatus, GroupMessageKind, StoredGroupMessage},
         refresh_state::EntityKind,
         serialization::{db_deserialize, db_serialize},
@@ -537,6 +537,10 @@ impl MlsGroup {
         let intent = provider
             .conn_ref()
             .find_group_intent_by_payload_hash(sha256(envelope.data.as_slice()));
+        tracing::info!(
+            "Processing envelope with hash {:?}",
+            hex::encode(sha256(envelope.data.as_slice()))
+        );
 
         match intent {
             // Intent with the payload hash matches
@@ -1007,10 +1011,10 @@ impl MlsGroup {
 
     /**
      * Checks each member of the group for `IdentityUpdates` after their current sequence_id. If updates
-     * are found the method will construct an [`UpdateGroupMembershipIntentData`] and publish a change
+     * are found the method will construct an [`UpdateGroupMembershipIntentData`] and create a change
      * to the [`GroupMembership`] that will add any missing installations.
      *
-     * This is designed to handle cases where existing members have added a new installation to their inbox
+     * This is designed to handle cases where existing members have added a new installation to their inbox or revoked an installation
      * and the group has not been updated to include it.
      */
     pub(super) async fn add_missing_installations<ApiClient>(
@@ -1032,12 +1036,11 @@ impl MlsGroup {
 
         debug!("Adding missing installations {:?}", intent_data);
 
-        let conn = provider.conn_ref();
-        let intent = conn.insert_group_intent(NewGroupIntent::new(
+        let intent = self.queue_intent_with_conn(
+            provider.conn_ref(),
             IntentKind::UpdateGroupMembership,
-            self.group_id.clone(),
             intent_data.into(),
-        ))?;
+        )?;
 
         self.sync_until_intent_resolved(provider, intent.id, client)
             .await
@@ -1108,6 +1111,11 @@ impl MlsGroup {
         ))
     }
 
+    /**
+     * Sends welcome messages to the installations specified in the action
+     *
+     * Internally, this breaks the request into chunks to avoid exceeding the GRPC max message size limits
+     */
     #[tracing::instrument(level = "trace", skip_all)]
     pub(super) async fn send_welcomes<ApiClient>(
         &self,
diff --git a/xmtp_mls/src/groups/validated_commit.rs b/xmtp_mls/src/groups/validated_commit.rs
index ead219534..e644238fc 100644
--- a/xmtp_mls/src/groups/validated_commit.rs
+++ b/xmtp_mls/src/groups/validated_commit.rs
@@ -202,6 +202,7 @@ impl MetadataFieldChange {
  *      new [`GroupMembership`].
  * 5. All proposals in a commit must come from the same installation
  * 6. No PSK proposals will be allowed
+ * 7. New installations may be missing from the commit but still be present in the expected diff.
  */
 #[derive(Debug, Clone)]
 pub struct ValidatedCommit {
@@ -371,6 +372,10 @@ struct ProposalChanges {
     credentials_to_verify: Vec<CommitParticipant>,
 }
 
+/**
+ * Extracts the installations added and removed via proposals in the commit.
+ * Also returns a list of credentials from existing members that need verification (caused by update proposals)
+ */
 fn get_proposal_changes(
     staged_commit: &StagedCommit,
     openmls_group: &OpenMlsGroup,
@@ -420,6 +425,11 @@ fn get_proposal_changes(
     })
 }
 
+/**
+ * Extracts the latest `GroupMembership` from the staged commit.
+ *
+ * Returns an error if the extension is not found.
+ */
 fn get_latest_group_membership(
     staged_commit: &StagedCommit,
 ) -> Result<GroupMembership, CommitValidationError> {
@@ -501,7 +511,7 @@ async fn extract_expected_diff<'diff, ApiClient: XmtpApi>(
 
 /// Compare the list of installations added and removed in the commit to the expected diff based on the changes
 /// to the inbox state.
-/// Satisfies Rule 3
+/// Satisfies Rule 3 and Rule 7
 fn expected_diff_matches_commit(
     expected_diff: &InstallationDiff,
     added_installations: HashSet<Vec<u8>>,
@@ -512,7 +522,6 @@ fn expected_diff_matches_commit(
     // 1. In the expected diff
     // 2. Already a member of the group (for example, the group creator is already a member on the first commit)
 
-    // TODO: Replace this logic with something else
     let unknown_adds = added_installations
         .into_iter()
         .filter(|installation_id| {
@@ -609,6 +618,11 @@ pub fn extract_group_membership(
     Err(CommitValidationError::MissingGroupMembership)
 }
 
+/**
+ * Extracts the changes to the mutable metadata in the commit.
+ *
+ * Returns an error if the extension is not found in either the old or new group context.
+ */
 fn extract_metadata_changes(
     immutable_metadata: &GroupMetadata,
     // We already have the old mutable metadata, so save parsing it a second time
@@ -672,6 +686,9 @@ fn extract_permissions_changed(
     Ok(!old_group_permissions.eq(&new_group_permissions))
 }
 
+/**
+ * Gets the list of inboxes present in the new group membership that are not present in the old group membership.
+ */
 fn get_added_members(
     old: &[String],
     new: &[String],
@@ -684,6 +701,9 @@ fn get_added_members(
         .collect()
 }
 
+/**
+ * Gets the list of inboxes present in the old group membership that are not present in the new group membership.
+ */
 fn get_removed_members(
     old: &[String],
     new: &[String],
@@ -709,6 +729,9 @@ fn build_inbox(
     }
 }
 
+/**
+ * Extracts the changes to the mutable metadata in the commit.
+ */
 fn mutable_metadata_field_changes(
     old_metadata: &GroupMutableMetadata,
     new_metadata: &GroupMutableMetadata,
@@ -740,6 +763,7 @@ fn mutable_metadata_field_changes(
         .collect()
 }
 
+/// Extracts the inbox ID from a credential.
 fn inbox_id_from_credential(
     credential: &OpenMlsCredential,
 ) -> Result<String, CommitValidationError> {
@@ -862,206 +886,3 @@ impl From<ValidatedCommit> for GroupUpdatedProto {
         }
     }
 }
-
-// TODO:nm bring these tests back in add/remove members PR
-/*
-#[cfg(test)]
-mod tests {
-    use openmls::{
-        credentials::{BasicCredential, CredentialWithKey},
-        extensions::ExtensionType,
-        messages::proposals::ProposalType,
-        prelude::Capabilities,
-        prelude_test::KeyPackage,
-    };
-    use xmtp_api_grpc::Client as GrpcClient;
-    use xmtp_cryptography::utils::generate_local_wallet;
-
-    use super::ValidatedCommit;
-    use crate::{
-        builder::ClientBuilder,
-        configuration::{
-            CIPHERSUITE, GROUP_MEMBERSHIP_EXTENSION_ID, MUTABLE_METADATA_EXTENSION_ID,
-        },
-        Client,
-    };
-
-    fn get_key_package(client: &Client<GrpcClient>) -> KeyPackage {
-        client
-            .identity()
-            .new_key_package(client.mls_provider().unwrap())
-            .unwrap()
-    }
-
-    #[tokio::test]
-    async fn test_membership_changes() {
-        let amal = ClientBuilder::new_test_client(&generate_local_wallet()).await;
-        let bola = ClientBuilder::new_test_client(&generate_local_wallet()).await;
-        let bola_key_package = get_key_package(&bola);
-
-        let amal_group = amal.create_group(None, Default::default()).unwrap();
-        let amal_provider = amal.mls_provider().unwrap();
-        let mut mls_group = amal_group.load_mls_group(&amal_provider).unwrap();
-        // Create a pending commit to add bola to the group
-        mls_group
-            .add_members(
-                &amal_provider,
-                &amal.identity().installation_keys,
-                &[bola_key_package],
-            )
-            .unwrap();
-
-        let mut staged_commit = mls_group.pending_commit().unwrap();
-
-        let validated_commit = ValidatedCommit::from_staged_commit(
-            &amal,
-            amal_provider.conn_ref(),
-            staged_commit,
-            &mls_group,
-        )
-        .await
-        .unwrap();
-
-        assert_eq!(validated_commit.added_inboxes.len(), 1);
-        assert_eq!(validated_commit.added_inboxes[0].inbox_id, bola.inbox_id());
-        // Amal is the creator of the group and the actor
-        assert!(validated_commit.actor.is_creator);
-        // Bola is not the creator of the group
-        assert!(!validated_commit.added_inboxes[0].is_creator);
-
-        // Merge the commit adding bola
-        mls_group.merge_pending_commit(&amal_provider).unwrap();
-        // Now we are going to remove bola
-
-        let bola_leaf_node = mls_group
-            .members()
-            .find(|m| {
-                m.signature_key
-                    .eq(&bola.identity().installation_keys.public())
-            })
-            .unwrap()
-            .index;
-        mls_group
-            .remove_members(
-                &amal_provider,
-                &amal.identity().installation_keys,
-                &[bola_leaf_node],
-            )
-            .unwrap();
-
-        staged_commit = mls_group.pending_commit().unwrap();
-        let remove_message = ValidatedCommit::from_staged_commit(
-            &amal,
-            amal_provider.conn_ref(),
-            staged_commit,
-            &mls_group,
-        )
-        .await
-        .unwrap();
-
-        assert_eq!(remove_message.removed_inboxes.len(), 1);
-    }
-
-    #[tokio::test]
-    async fn test_installation_changes() {
-        let wallet = generate_local_wallet();
-        let amal_1 = ClientBuilder::new_test_client(&wallet).await;
-        let amal_2 = ClientBuilder::new_test_client(&wallet).await;
-
-        let amal_1_provider = amal_1.mls_provider().unwrap();
-        let amal_2_provider = amal_2.mls_provider().unwrap();
-
-        let amal_group = amal_1.create_group(None, Default::default()).unwrap();
-        let mut amal_mls_group = amal_group.load_mls_group(&amal_1_provider).unwrap();
-
-        let amal_2_kp = amal_2.identity().new_key_package(&amal_2_provider).unwrap();
-
-        // Add Amal's second installation to the existing group
-        amal_mls_group
-            .add_members(
-                &amal_1_provider,
-                &amal_1.identity().installation_keys,
-                &[amal_2_kp],
-            )
-            .unwrap();
-
-        let staged_commit = amal_mls_group.pending_commit().unwrap();
-
-        let validated_commit = ValidatedCommit::from_staged_commit(
-            &amal_1,
-            amal_1_provider.conn_ref(),
-            staged_commit,
-            &amal_mls_group,
-        )
-        .await
-        .unwrap();
-
-        assert_eq!(validated_commit.added_inboxes.len(), 1);
-        assert_eq!(
-            validated_commit.added_inboxes[0].inbox_id,
-            amal_2.inbox_id()
-        )
-    }
-
-    #[tokio::test]
-    async fn test_bad_key_package() {
-        let amal = ClientBuilder::new_test_client(&generate_local_wallet()).await;
-        let bola = ClientBuilder::new_test_client(&generate_local_wallet()).await;
-
-        let amal_provider = amal.mls_provider().unwrap();
-        let bola_provider = bola.mls_provider().unwrap();
-
-        let amal_group = amal.create_group(None, Default::default()).unwrap();
-        let mut amal_mls_group = amal_group.load_mls_group(&amal_provider).unwrap();
-
-        let capabilities = Capabilities::new(
-            None,
-            Some(&[CIPHERSUITE]),
-            Some(&[
-                ExtensionType::LastResort,
-                ExtensionType::ApplicationId,
-                ExtensionType::Unknown(MUTABLE_METADATA_EXTENSION_ID),
-                ExtensionType::Unknown(GROUP_MEMBERSHIP_EXTENSION_ID),
-                ExtensionType::ImmutableMetadata,
-            ]),
-            Some(&[ProposalType::GroupContextExtensions]),
-            None,
-        );
-
-        // Create a key package with a malformed credential
-        let bad_key_package = KeyPackage::builder()
-            .leaf_node_capabilities(capabilities)
-            .build(
-                CIPHERSUITE,
-                &bola_provider,
-                &bola.identity().installation_keys,
-                CredentialWithKey {
-                    // Broken credential
-                    credential: BasicCredential::new(vec![1, 2, 3]).into(),
-                    signature_key: bola.identity().installation_keys.to_public_vec().into(),
-                },
-            )
-            .unwrap();
-
-        amal_mls_group
-            .add_members(
-                &amal_provider,
-                &amal.identity().installation_keys,
-                &[bad_key_package.key_package().clone()],
-            )
-            .unwrap();
-
-        let staged_commit = amal_mls_group.pending_commit().unwrap();
-
-        let validated_commit = ValidatedCommit::from_staged_commit(
-            &amal,
-            amal_provider.conn_ref(),
-            staged_commit,
-            &amal_mls_group,
-        )
-        .await;
-
-        assert!(validated_commit.is_err());
-    }
-}
-*/
diff --git a/xmtp_mls/src/hpke.rs b/xmtp_mls/src/hpke.rs
index 99964fb1d..19906a351 100644
--- a/xmtp_mls/src/hpke.rs
+++ b/xmtp_mls/src/hpke.rs
@@ -39,6 +39,7 @@ impl RetryableError for HpkeError {
     }
 }
 
+/// Encrypt a welcome message using the provided HPKE private key
 #[tracing::instrument(level = "trace", skip_all)]
 pub fn encrypt_welcome(welcome_payload: &[u8], hpke_key: &[u8]) -> Result<Vec<u8>, HpkeError> {
     let crypto = RustCrypto::default();
@@ -56,6 +57,7 @@ pub fn encrypt_welcome(welcome_payload: &[u8], hpke_key: &[u8]) -> Result<Vec<u8
     Ok(serialized_ciphertext)
 }
 
+/// Decrypt a welcome message using the private key associated with the provided public key
 pub fn decrypt_welcome(
     provider: &XmtpOpenMlsProvider,
     hpke_public_key: &[u8],
diff --git a/xmtp_mls/src/identity.rs b/xmtp_mls/src/identity.rs
index acb481ff0..6a4af7c24 100644
--- a/xmtp_mls/src/identity.rs
+++ b/xmtp_mls/src/identity.rs
@@ -48,6 +48,19 @@ use xmtp_id::{
 };
 use xmtp_proto::xmtp::identity::MlsCredential;
 
+/**
+ * The identity strategy determines how the [`ClientBuilder`] constructs an identity on startup.
+ *
+ * [`IdentityStrategy::CreateIfNotFound`] will attempt to create a new identity if one isn't found in the store.
+ * This is the default behavior.
+ *
+ * [`IdentityStrategy::CachedOnly`] will attempt to get an identity from the store. If not found, it will
+ * return an error. This is useful if you don't want to create a new identity on startup because the caller
+ * does not have access to a signer.
+ *
+ * [`IdentityStrategy::ExternalIdentity`] allows you to provide an already-constructed identity to the
+ * client. This is useful for testing and not expected to be used in production.
+ */
 #[derive(Debug, Clone)]
 pub enum IdentityStrategy {
     /// Tries to get an identity from the disk store. If not found, getting one from backend.
@@ -60,6 +73,14 @@ pub enum IdentityStrategy {
 }
 
 impl IdentityStrategy {
+    /**
+     * Initialize an identity from the given strategy. If a stored identity is found in the database,
+     * it will return that identity.
+     *
+     * If a stored identity is found, it will validate that the inbox_id of the stored identity matches
+     * the inbox_id configured on the strategy.
+     *
+     **/
     pub(crate) async fn initialize_identity<ApiClient: XmtpApi>(
         self,
         api_client: &ApiClientWrapper<ApiClient>,
@@ -209,7 +230,9 @@ impl Identity {
     /// Users will be required to sign with their wallet, and the legacy is ignored even if it's provided.
     ///
     /// If the address is NOT associated with an inbox_id, a new inbox_id will be generated.
-    /// Prioritize legacy key if provided, otherwise use wallet to sign.
+    /// If a legacy key is provided, it will be used to sign the identity update and no wallet signature is needed.
+    ///
+    /// If no legacy key is provided, a wallet signature is always required.
     pub(crate) async fn new<ApiClient: XmtpApi>(
         inbox_id: InboxId,
         address: String,
@@ -261,11 +284,13 @@ impl Identity {
 
             Ok(identity)
         } else if let Some(legacy_signed_private_key) = legacy_signed_private_key {
+            // The legacy signed private key may only be used if the nonce is 0
             if nonce != 0 {
                 return Err(IdentityError::NewIdentity(
                     "Nonce must be 0 if legacy key is provided".to_string(),
                 ));
             }
+            // If the inbox_id found on the network does not match the one generated from the address and nonce, we must error
             if inbox_id != generate_inbox_id(&address, &nonce) {
                 return Err(IdentityError::NewIdentity(
                     "Inbox ID doesn't match nonce & address".to_string(),
@@ -378,6 +403,9 @@ impl Identity {
         self.credential.clone()
     }
 
+    /**
+     * Sign the given text with the installation private key.
+     */
     pub(crate) fn sign<Text: AsRef<str>>(&self, text: Text) -> Result<Vec<u8>, IdentityError> {
         let mut prehashed = Sha512::new();
         prehashed.update(text.as_ref());
@@ -387,6 +415,7 @@ impl Identity {
         Ok(signature.to_vec())
     }
 
+    /// Generate a new key package and store the associated keys in the database.
     pub(crate) fn new_key_package(
         &self,
         provider: impl OpenMlsProvider<StorageProvider = SqlKeyStore>,
@@ -458,6 +487,7 @@ impl Identity {
         Ok(StoredIdentity::try_from(self)?.store(provider.conn_ref())?)
     }
 
+    /// Upload a new key package to the network, which will replace any existing key packages for the installation.
     pub(crate) async fn rotate_key_package<ApiClient: XmtpApi>(
         &self,
         provider: &XmtpOpenMlsProvider,
@@ -483,6 +513,7 @@ impl Identity {
         Ok(())
     }
 
+    /// Delete a key package from the local database.
     pub(crate) fn delete_key_package(
         &self,
         provider: &XmtpOpenMlsProvider,
diff --git a/xmtp_mls/src/identity_updates.rs b/xmtp_mls/src/identity_updates.rs
index 40fe9f5dc..172813993 100644
--- a/xmtp_mls/src/identity_updates.rs
+++ b/xmtp_mls/src/identity_updates.rs
@@ -90,6 +90,9 @@ where
         Ok(needs_update)
     }
 
+    /// Get the association state for all provided `inbox_id`/optional `sequence_id` tuples, using the cache when available
+    /// If the association state is not available in the cache, this falls back to reconstructing the association state
+    /// from Identity Updates in the network.
     pub async fn batch_get_association_state<InboxId: AsRef<str>>(
         &self,
         conn: &DbConnection,
@@ -108,6 +111,7 @@ where
         Ok(association_states)
     }
 
+    /// Get the latest association state available on the network for the given `inbox_id`
     pub async fn get_latest_association_state<InboxId: AsRef<str>>(
         &self,
         conn: &DbConnection,
@@ -118,6 +122,8 @@ where
         self.get_association_state(conn, inbox_id, None).await
     }
 
+    /// Get the association state for a given inbox_id up to the (and inclusive of) the `to_sequence_id`
+    /// If no `to_sequence_id` is provided, use the latest value in the database
     pub async fn get_association_state<InboxId: AsRef<str>>(
         &self,
         conn: &DbConnection,
@@ -125,7 +131,6 @@ where
         to_sequence_id: Option<i64>,
     ) -> Result<AssociationState, ClientError> {
         let inbox_id = inbox_id.as_ref();
-        // TODO: Refactor this so that we don't have to fetch all the identity updates if the value is in the cache
         let updates = conn.get_identity_updates(inbox_id, None, to_sequence_id)?;
         let last_sequence_id = updates
             .last()
@@ -165,6 +170,8 @@ where
         Ok(association_state)
     }
 
+    /// Calculate the changes between the `starting_sequence_id` and `ending_sequence_id` for the
+    /// provided `inbox_id`
     pub(crate) async fn get_association_state_diff<InboxId: AsRef<str>>(
         &self,
         conn: &DbConnection,
@@ -178,6 +185,7 @@ where
             starting_sequence_id,
             ending_sequence_id
         );
+        // If no starting sequence ID, get all updates from the beginning of the inbox's history up to the ending sequence ID
         if starting_sequence_id.is_none() {
             return Ok(self
                 .get_association_state(conn, inbox_id.as_ref(), ending_sequence_id)
@@ -185,10 +193,12 @@ where
                 .as_diff());
         }
 
+        // Get the initial state to compare against
         let initial_state = self
             .get_association_state(conn, inbox_id.as_ref(), starting_sequence_id)
             .await?;
 
+        // Get any identity updates that need to be applied
         let incremental_updates =
             conn.get_identity_updates(inbox_id.as_ref(), starting_sequence_id, ending_sequence_id)?;
 
@@ -216,6 +226,7 @@ where
         )
         .await?;
         let mut final_state = initial_state.clone();
+        // Apply each update sequentially, aborting in the case of error
         for update in incremental_updates {
             final_state = apply_update(final_state, update)?;
         }
@@ -233,6 +244,8 @@ where
         Ok(initial_state.diff(&final_state))
     }
 
+    /// Generate a `CreateInbox` signature request for the given wallet address.
+    /// If no nonce is provided, use 0
     pub async fn create_inbox(
         &self,
         wallet_address: String,
@@ -267,6 +280,7 @@ where
         Ok(signature_request)
     }
 
+    /// Generate a `AssociateWallet` signature request using an existing wallet and a new wallet address
     pub fn associate_wallet(
         &self,
         existing_wallet_address: String,
@@ -281,6 +295,7 @@ where
             .build())
     }
 
+    /// Revoke the given wallets from the association state for the client's inbox
     pub async fn revoke_wallets(
         &self,
         wallets_to_revoke: Vec<String>,
@@ -305,6 +320,7 @@ where
         Ok(builder.build())
     }
 
+    /// Revoke the given installations from the association state for the client's inbox
     pub async fn revoke_installations(
         &self,
         installation_ids: Vec<Vec<u8>>,
@@ -331,6 +347,12 @@ where
         Ok(builder.build())
     }
 
+    /**
+     * Apply a signature request to the client's inbox by publishing the identity update to the network.
+     *
+     * This will error if the signature request is missing signatures, if the signatures are invalid,
+     * if the update fails other verifications, or if the update fails to be published to the network.
+     **/
     pub async fn apply_signature_request(
         &self,
         signature_request: SignatureRequest,
@@ -341,6 +363,10 @@ where
             .build_identity_update()
             .map_err(IdentityUpdateError::from)?;
 
+        identity_update
+            .to_verified(self.smart_contract_signature_verifier().as_ref())
+            .await?;
+
         // We don't need to validate the update, since the server will do this for us
         self.api_client
             .publish_identity_update(identity_update)
@@ -443,7 +469,8 @@ where
     }
 }
 
-/// For the given list of `inbox_id`s get all updates from the network that are newer than the last known `sequence_id`, write them in the db, and return the updates
+/// For the given list of `inbox_id`s get all updates from the network that are newer than the last known `sequence_id`,
+/// write them in the db, and return the updates
 #[tracing::instrument(level = "trace", skip_all)]
 pub async fn load_identity_updates<ApiClient: XmtpApi>(
     api_client: &ApiClientWrapper<ApiClient>,
@@ -486,6 +513,7 @@ pub async fn load_identity_updates<ApiClient: XmtpApi>(
     Ok(updates)
 }
 
+/// Convert a list of unverified updates to verified updates using the given smart contract verifier
 async fn verify_updates(
     updates: Vec<UnverifiedIdentityUpdate>,
     scw_verifier: &dyn SmartContractSignatureVerifier,
diff --git a/xmtp_mls/src/mutex_registry.rs b/xmtp_mls/src/mutex_registry.rs
index 0946d0bdb..1d6cf296f 100644
--- a/xmtp_mls/src/mutex_registry.rs
+++ b/xmtp_mls/src/mutex_registry.rs
@@ -2,6 +2,7 @@ use std::{collections::HashMap, sync::Arc};
 
 use tokio::sync::Mutex;
 
+/// A registry of mutexes that can be locked and unlocked by a given key.
 #[derive(Debug, Clone)]
 pub struct MutexRegistry {
     mutexes: HashMap<Vec<u8>, Arc<Mutex<()>>>,
diff --git a/xmtp_mls/src/storage/encrypted_store/group.rs b/xmtp_mls/src/storage/encrypted_store/group.rs
index f790f81b7..6445a2611 100644
--- a/xmtp_mls/src/storage/encrypted_store/group.rs
+++ b/xmtp_mls/src/storage/encrypted_store/group.rs
@@ -39,6 +39,8 @@ pub struct StoredGroup {
     pub added_by_inbox_id: String,
     /// The sequence id of the welcome message
     pub welcome_id: Option<i64>,
+    /// The last time the leaf node encryption key was rotated
+    pub rotated_at_ns: i64,
     /// The inbox_id of the DM target
     pub dm_inbox_id: Option<String>,
 }
@@ -65,6 +67,7 @@ impl StoredGroup {
             purpose,
             added_by_inbox_id,
             welcome_id: Some(welcome_id),
+            rotated_at_ns: 0,
             dm_inbox_id,
         }
     }
@@ -85,6 +88,7 @@ impl StoredGroup {
             purpose: Purpose::Conversation,
             added_by_inbox_id,
             welcome_id: None,
+            rotated_at_ns: 0,
             dm_inbox_id,
         }
     }
@@ -104,6 +108,7 @@ impl StoredGroup {
             purpose: Purpose::Sync,
             added_by_inbox_id: "".into(),
             welcome_id: None,
+            rotated_at_ns: 0,
             dm_inbox_id: None,
         }
     }
@@ -195,6 +200,34 @@ impl DbConnection {
         Ok(())
     }
 
+    pub fn get_rotated_at_ns(&self, group_id: Vec<u8>) -> Result<i64, StorageError> {
+        let last_ts: Option<i64> = self.raw_query(|conn| {
+            let ts = dsl::groups
+                .find(&group_id)
+                .select(dsl::rotated_at_ns)
+                .first(conn)
+                .optional()?;
+            Ok::<Option<i64>, StorageError>(ts)
+        })?;
+
+        last_ts.ok_or(StorageError::NotFound(format!(
+            "installation time for group {}",
+            hex::encode(group_id)
+        )))
+    }
+
+    /// Updates the 'last time checked' we checked for new installations.
+    pub fn update_rotated_at_ns(&self, group_id: Vec<u8>) -> Result<(), StorageError> {
+        self.raw_query(|conn| {
+            let now = crate::utils::time::now_ns();
+            diesel::update(dsl::groups.find(&group_id))
+                .set(dsl::rotated_at_ns.eq(now))
+                .execute(conn)
+        })?;
+
+        Ok(())
+    }
+
     pub fn get_installations_time_checked(&self, group_id: Vec<u8>) -> Result<i64, StorageError> {
         let last_ts = self.raw_query(|conn| {
             let ts = dsl::groups
diff --git a/xmtp_mls/src/storage/encrypted_store/group_intent.rs b/xmtp_mls/src/storage/encrypted_store/group_intent.rs
index b5104f9ac..91b7a7b6e 100644
--- a/xmtp_mls/src/storage/encrypted_store/group_intent.rs
+++ b/xmtp_mls/src/storage/encrypted_store/group_intent.rs
@@ -124,6 +124,9 @@ impl Delete<StoredGroupIntent> for DbConnection {
     }
 }
 
+/// NewGroupIntent is the data needed to create a new group intent.
+/// Do not use this struct directly outside of the storage module.
+/// Use the `queue_intent` method on `MlsGroup` instead.
 #[derive(Insertable, Debug, PartialEq, Clone)]
 #[diesel(table_name = group_intents)]
 pub struct NewGroupIntent {
diff --git a/xmtp_mls/src/storage/encrypted_store/schema.rs b/xmtp_mls/src/storage/encrypted_store/schema.rs
index 7266406cd..d6a7b85f7 100644
--- a/xmtp_mls/src/storage/encrypted_store/schema.rs
+++ b/xmtp_mls/src/storage/encrypted_store/schema.rs
@@ -53,6 +53,7 @@ diesel::table! {
         purpose -> Integer,
         added_by_inbox_id -> Text,
         welcome_id -> Nullable<BigInt>,
+        rotated_at_ns -> BigInt,
         dm_inbox_id -> Nullable<Text>,
     }
 }
diff --git a/xmtp_mls/src/verified_key_package_v2.rs b/xmtp_mls/src/verified_key_package_v2.rs
index 5dd5ecef3..bf607dc0e 100644
--- a/xmtp_mls/src/verified_key_package_v2.rs
+++ b/xmtp_mls/src/verified_key_package_v2.rs
@@ -24,6 +24,7 @@ pub enum KeyPackageVerificationError {
     Decode(#[from] DecodeError),
 }
 
+/// A wrapper around the MLS key package struct with some additional fields
 pub struct VerifiedKeyPackageV2 {
     pub inner: KeyPackage,
     pub credential: MlsCredential,
diff --git a/xmtp_proto/src/gen/xmtp.xmtpv4.rs b/xmtp_proto/src/gen/xmtp.xmtpv4.rs
index 59c20d24b..3a7ab7e21 100644
--- a/xmtp_proto/src/gen/xmtp.xmtpv4.rs
+++ b/xmtp_proto/src/gen/xmtp.xmtpv4.rs
@@ -24,7 +24,7 @@ pub struct AuthenticatedData {
 pub struct ClientEnvelope {
     #[prost(message, optional, tag="6")]
     pub aad: ::core::option::Option<AuthenticatedData>,
-    #[prost(oneof="client_envelope::Payload", tags="1, 2, 3, 4, 5")]
+    #[prost(oneof="client_envelope::Payload", tags="1, 2, 3, 4, 5, 7")]
     pub payload: ::core::option::Option<client_envelope::Payload>,
 }
 /// Nested message and enum types in `ClientEnvelope`.
@@ -42,6 +42,8 @@ pub mod client_envelope {
         UploadKeyPackage(super::super::mls::api::v1::UploadKeyPackageRequest),
         #[prost(message, tag="5")]
         RevokeInstallation(super::super::mls::api::v1::RevokeInstallationRequest),
+        #[prost(message, tag="7")]
+        IdentityUpdate(super::super::identity::associations::IdentityUpdate),
     }
 }
 /// Wraps client envelope with payer signature
@@ -255,66 +257,74 @@ impl Misbehavior {
 }
 /// Encoded file descriptor set for the `xmtp.xmtpv4` package
 pub const FILE_DESCRIPTOR_SET: &[u8] = &[
-    0x0a, 0x85, 0x47, 0x0a, 0x24, 0x78, 0x6d, 0x74, 0x70, 0x76, 0x34, 0x2f, 0x6d, 0x65, 0x73, 0x73,
+    0x0a, 0xc9, 0x48, 0x0a, 0x24, 0x78, 0x6d, 0x74, 0x70, 0x76, 0x34, 0x2f, 0x6d, 0x65, 0x73, 0x73,
     0x61, 0x67, 0x65, 0x5f, 0x61, 0x70, 0x69, 0x2f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f,
     0x61, 0x70, 0x69, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x78, 0x6d, 0x74, 0x70, 0x2e,
     0x78, 0x6d, 0x74, 0x70, 0x76, 0x34, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61,
     0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70,
-    0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x25, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2f, 0x61,
-    0x73, 0x73, 0x6f, 0x63, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x73, 0x69, 0x67, 0x6e,
-    0x61, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x14, 0x6d, 0x6c, 0x73,
-    0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x6c, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-    0x6f, 0x22, 0xba, 0x01, 0x0a, 0x0b, 0x56, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x43, 0x6c, 0x6f, 0x63,
-    0x6b, 0x12, 0x64, 0x0a, 0x16, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x64, 0x5f, 0x74, 0x6f, 0x5f,
-    0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28,
-    0x0b, 0x32, 0x30, 0x2e, 0x78, 0x6d, 0x74, 0x70, 0x2e, 0x78, 0x6d, 0x74, 0x70, 0x76, 0x34, 0x2e,
-    0x56, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4e, 0x6f, 0x64, 0x65,
-    0x49, 0x64, 0x54, 0x6f, 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x45, 0x6e,
-    0x74, 0x72, 0x79, 0x52, 0x12, 0x6e, 0x6f, 0x64, 0x65, 0x49, 0x64, 0x54, 0x6f, 0x53, 0x65, 0x71,
-    0x75, 0x65, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x1a, 0x45, 0x0a, 0x17, 0x4e, 0x6f, 0x64, 0x65, 0x49,
-    0x64, 0x54, 0x6f, 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x45, 0x6e, 0x74,
-    0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52,
-    0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
-    0x01, 0x28, 0x04, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x9a,
-    0x01, 0x0a, 0x11, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64,
-    0x44, 0x61, 0x74, 0x61, 0x12, 0x2b, 0x0a, 0x11, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x6f,
-    0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52,
-    0x10, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x6f,
-    0x72, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x74, 0x6f, 0x70, 0x69,
-    0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x54,
-    0x6f, 0x70, 0x69, 0x63, 0x12, 0x35, 0x0a, 0x09, 0x6c, 0x61, 0x73, 0x74, 0x5f, 0x73, 0x65, 0x65,
-    0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x78, 0x6d, 0x74, 0x70, 0x2e, 0x78,
-    0x6d, 0x74, 0x70, 0x76, 0x34, 0x2e, 0x56, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x43, 0x6c, 0x6f, 0x63,
-    0x6b, 0x52, 0x08, 0x6c, 0x61, 0x73, 0x74, 0x53, 0x65, 0x65, 0x6e, 0x22, 0x87, 0x04, 0x0a, 0x0e,
-    0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x45, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x12, 0x49,
-    0x0a, 0x0d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18,
-    0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x78, 0x6d, 0x74, 0x70, 0x2e, 0x6d, 0x6c, 0x73,
-    0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x73,
-    0x73, 0x61, 0x67, 0x65, 0x49, 0x6e, 0x70, 0x75, 0x74, 0x48, 0x00, 0x52, 0x0c, 0x67, 0x72, 0x6f,
-    0x75, 0x70, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x4f, 0x0a, 0x0f, 0x77, 0x65, 0x6c,
-    0x63, 0x6f, 0x6d, 0x65, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01,
-    0x28, 0x0b, 0x32, 0x24, 0x2e, 0x78, 0x6d, 0x74, 0x70, 0x2e, 0x6d, 0x6c, 0x73, 0x2e, 0x61, 0x70,
-    0x69, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x65, 0x6c, 0x63, 0x6f, 0x6d, 0x65, 0x4d, 0x65, 0x73, 0x73,
-    0x61, 0x67, 0x65, 0x49, 0x6e, 0x70, 0x75, 0x74, 0x48, 0x00, 0x52, 0x0e, 0x77, 0x65, 0x6c, 0x63,
-    0x6f, 0x6d, 0x65, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x63, 0x0a, 0x15, 0x72, 0x65,
-    0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x61, 0x74,
-    0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x78, 0x6d, 0x74, 0x70,
-    0x2e, 0x6d, 0x6c, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x67, 0x69,
-    0x73, 0x74, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-    0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x14, 0x72, 0x65, 0x67, 0x69, 0x73,
-    0x74, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12,
-    0x58, 0x0a, 0x12, 0x75, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x70, 0x61,
-    0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x78, 0x6d,
-    0x74, 0x70, 0x2e, 0x6d, 0x6c, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70,
-    0x6c, 0x6f, 0x61, 0x64, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x52, 0x65,
-    0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x10, 0x75, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x4b,
-    0x65, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x5d, 0x0a, 0x13, 0x72, 0x65, 0x76,
-    0x6f, 0x6b, 0x65, 0x5f, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-    0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x78, 0x6d, 0x74, 0x70, 0x2e, 0x6d, 0x6c,
-    0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x49,
-    0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65,
-    0x73, 0x74, 0x48, 0x00, 0x52, 0x12, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x49, 0x6e, 0x73, 0x74,
-    0x61, 0x6c, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x03, 0x61, 0x61, 0x64, 0x18,
+    0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x27, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2f, 0x61,
+    0x73, 0x73, 0x6f, 0x63, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x61, 0x73, 0x73, 0x6f,
+    0x63, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x25, 0x69,
+    0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2f, 0x61, 0x73, 0x73, 0x6f, 0x63, 0x69, 0x61, 0x74,
+    0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x70,
+    0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x14, 0x6d, 0x6c, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31,
+    0x2f, 0x6d, 0x6c, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xba, 0x01, 0x0a, 0x0b, 0x56,
+    0x65, 0x63, 0x74, 0x6f, 0x72, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x12, 0x64, 0x0a, 0x16, 0x6e, 0x6f,
+    0x64, 0x65, 0x5f, 0x69, 0x64, 0x5f, 0x74, 0x6f, 0x5f, 0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63,
+    0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x78, 0x6d, 0x74,
+    0x70, 0x2e, 0x78, 0x6d, 0x74, 0x70, 0x76, 0x34, 0x2e, 0x56, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x43,
+    0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x49, 0x64, 0x54, 0x6f, 0x53, 0x65, 0x71,
+    0x75, 0x65, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x12, 0x6e, 0x6f,
+    0x64, 0x65, 0x49, 0x64, 0x54, 0x6f, 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x49, 0x64,
+    0x1a, 0x45, 0x0a, 0x17, 0x4e, 0x6f, 0x64, 0x65, 0x49, 0x64, 0x54, 0x6f, 0x53, 0x65, 0x71, 0x75,
+    0x65, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b,
+    0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a,
+    0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x76, 0x61,
+    0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x9a, 0x01, 0x0a, 0x11, 0x41, 0x75, 0x74, 0x68,
+    0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x12, 0x2b, 0x0a,
+    0x11, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74,
+    0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x10, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74,
+    0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x61,
+    0x72, 0x67, 0x65, 0x74, 0x5f, 0x74, 0x6f, 0x70, 0x69, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c,
+    0x52, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x54, 0x6f, 0x70, 0x69, 0x63, 0x12, 0x35, 0x0a,
+    0x09, 0x6c, 0x61, 0x73, 0x74, 0x5f, 0x73, 0x65, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
+    0x32, 0x18, 0x2e, 0x78, 0x6d, 0x74, 0x70, 0x2e, 0x78, 0x6d, 0x74, 0x70, 0x76, 0x34, 0x2e, 0x56,
+    0x65, 0x63, 0x74, 0x6f, 0x72, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x52, 0x08, 0x6c, 0x61, 0x73, 0x74,
+    0x53, 0x65, 0x65, 0x6e, 0x22, 0xde, 0x04, 0x0a, 0x0e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x45,
+    0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x12, 0x49, 0x0a, 0x0d, 0x67, 0x72, 0x6f, 0x75, 0x70,
+    0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22,
+    0x2e, 0x78, 0x6d, 0x74, 0x70, 0x2e, 0x6d, 0x6c, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31,
+    0x2e, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x49, 0x6e, 0x70,
+    0x75, 0x74, 0x48, 0x00, 0x52, 0x0c, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x73, 0x73, 0x61,
+    0x67, 0x65, 0x12, 0x4f, 0x0a, 0x0f, 0x77, 0x65, 0x6c, 0x63, 0x6f, 0x6d, 0x65, 0x5f, 0x6d, 0x65,
+    0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x78, 0x6d,
+    0x74, 0x70, 0x2e, 0x6d, 0x6c, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x65,
+    0x6c, 0x63, 0x6f, 0x6d, 0x65, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x49, 0x6e, 0x70, 0x75,
+    0x74, 0x48, 0x00, 0x52, 0x0e, 0x77, 0x65, 0x6c, 0x63, 0x6f, 0x6d, 0x65, 0x4d, 0x65, 0x73, 0x73,
+    0x61, 0x67, 0x65, 0x12, 0x63, 0x0a, 0x15, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x5f,
+    0x69, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01,
+    0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x78, 0x6d, 0x74, 0x70, 0x2e, 0x6d, 0x6c, 0x73, 0x2e, 0x61, 0x70,
+    0x69, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x49, 0x6e, 0x73,
+    0x74, 0x61, 0x6c, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+    0x48, 0x00, 0x52, 0x14, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74,
+    0x61, 0x6c, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x58, 0x0a, 0x12, 0x75, 0x70, 0x6c, 0x6f,
+    0x61, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x04,
+    0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x78, 0x6d, 0x74, 0x70, 0x2e, 0x6d, 0x6c, 0x73, 0x2e,
+    0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x4b, 0x65, 0x79,
+    0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00,
+    0x52, 0x10, 0x75, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61,
+    0x67, 0x65, 0x12, 0x5d, 0x0a, 0x13, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x5f, 0x69, 0x6e, 0x73,
+    0x74, 0x61, 0x6c, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32,
+    0x2a, 0x2e, 0x78, 0x6d, 0x74, 0x70, 0x2e, 0x6d, 0x6c, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76,
+    0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x61,
+    0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x12, 0x72,
+    0x65, 0x76, 0x6f, 0x6b, 0x65, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x61, 0x74, 0x69, 0x6f,
+    0x6e, 0x12, 0x55, 0x0a, 0x0f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x75, 0x70,
+    0x64, 0x61, 0x74, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x78, 0x6d, 0x74,
+    0x70, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x61, 0x73, 0x73, 0x6f, 0x63,
+    0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
+    0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x0e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69,
+    0x74, 0x79, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x30, 0x0a, 0x03, 0x61, 0x61, 0x64, 0x18,
     0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x78, 0x6d, 0x74, 0x70, 0x2e, 0x78, 0x6d, 0x74,
     0x70, 0x76, 0x34, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65,
     0x64, 0x44, 0x61, 0x74, 0x61, 0x52, 0x03, 0x61, 0x61, 0x64, 0x42, 0x09, 0x0a, 0x07, 0x70, 0x61,
@@ -506,324 +516,328 @@ pub const FILE_DESCRIPTOR_SET: &[u8] = &[
     0x0b, 0x58, 0x6d, 0x74, 0x70, 0x5c, 0x58, 0x6d, 0x74, 0x70, 0x76, 0x34, 0xe2, 0x02, 0x17, 0x58,
     0x6d, 0x74, 0x70, 0x5c, 0x58, 0x6d, 0x74, 0x70, 0x76, 0x34, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65,
     0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0c, 0x58, 0x6d, 0x74, 0x70, 0x3a, 0x3a, 0x58,
-    0x6d, 0x74, 0x70, 0x76, 0x34, 0x4a, 0xc8, 0x27, 0x0a, 0x07, 0x12, 0x05, 0x01, 0x00, 0xb1, 0x01,
+    0x6d, 0x74, 0x70, 0x76, 0x34, 0x4a, 0x8c, 0x28, 0x0a, 0x07, 0x12, 0x05, 0x01, 0x00, 0xb3, 0x01,
     0x01, 0x0a, 0x23, 0x0a, 0x01, 0x0c, 0x12, 0x03, 0x01, 0x00, 0x12, 0x1a, 0x19, 0x20, 0x4d, 0x65,
     0x73, 0x73, 0x61, 0x67, 0x65, 0x20, 0x41, 0x50, 0x49, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x58, 0x4d,
     0x54, 0x50, 0x20, 0x56, 0x34, 0x0a, 0x0a, 0x08, 0x0a, 0x01, 0x02, 0x12, 0x03, 0x03, 0x00, 0x14,
     0x0a, 0x09, 0x0a, 0x02, 0x03, 0x00, 0x12, 0x03, 0x05, 0x00, 0x26, 0x0a, 0x09, 0x0a, 0x02, 0x03,
-    0x01, 0x12, 0x03, 0x06, 0x00, 0x2f, 0x0a, 0x09, 0x0a, 0x02, 0x03, 0x02, 0x12, 0x03, 0x07, 0x00,
-    0x1e, 0x0a, 0x08, 0x0a, 0x01, 0x08, 0x12, 0x03, 0x09, 0x00, 0x45, 0x0a, 0x09, 0x0a, 0x02, 0x08,
-    0x0b, 0x12, 0x03, 0x09, 0x00, 0x45, 0x0a, 0xb7, 0x01, 0x0a, 0x02, 0x04, 0x00, 0x12, 0x04, 0x0d,
-    0x00, 0x0f, 0x01, 0x1a, 0xaa, 0x01, 0x20, 0x54, 0x68, 0x65, 0x20, 0x6c, 0x61, 0x73, 0x74, 0x20,
-    0x73, 0x65, 0x65, 0x6e, 0x20, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x20, 0x70, 0x65, 0x72, 0x20, 0x6f,
-    0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x20, 0x4f, 0x72, 0x69, 0x67, 0x69,
-    0x6e, 0x61, 0x74, 0x6f, 0x72, 0x73, 0x20, 0x74, 0x68, 0x61, 0x74, 0x20, 0x68, 0x61, 0x76, 0x65,
-    0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x65, 0x6e, 0x20, 0x73, 0x65, 0x65, 0x6e, 0x20, 0x61,
-    0x72, 0x65, 0x20, 0x6f, 0x6d, 0x69, 0x74, 0x74, 0x65, 0x64, 0x2e, 0x0a, 0x20, 0x45, 0x6e, 0x74,
-    0x72, 0x69, 0x65, 0x73, 0x20, 0x4d, 0x55, 0x53, 0x54, 0x20, 0x62, 0x65, 0x20, 0x73, 0x6f, 0x72,
-    0x74, 0x65, 0x64, 0x20, 0x69, 0x6e, 0x20, 0x61, 0x73, 0x63, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67,
-    0x20, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x2c, 0x20, 0x73, 0x6f, 0x20, 0x74, 0x68, 0x61, 0x74, 0x20,
-    0x73, 0x6d, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x20, 0x6e, 0x6f, 0x64, 0x65, 0x20, 0x49, 0x44, 0x27,
-    0x73, 0x20, 0x61, 0x70, 0x70, 0x65, 0x61, 0x72, 0x20, 0x66, 0x69, 0x72, 0x73, 0x74, 0x2e, 0x0a,
-    0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x00, 0x01, 0x12, 0x03, 0x0d, 0x08, 0x13, 0x0a, 0x0b, 0x0a, 0x04,
-    0x04, 0x00, 0x02, 0x00, 0x12, 0x03, 0x0e, 0x02, 0x31, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x00, 0x02,
-    0x00, 0x06, 0x12, 0x03, 0x0e, 0x02, 0x15, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x00, 0x02, 0x00, 0x01,
-    0x12, 0x03, 0x0e, 0x16, 0x2c, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x00, 0x02, 0x00, 0x03, 0x12, 0x03,
-    0x0e, 0x2f, 0x30, 0x0a, 0x53, 0x0a, 0x02, 0x04, 0x01, 0x12, 0x04, 0x12, 0x00, 0x16, 0x01, 0x1a,
-    0x47, 0x20, 0x44, 0x61, 0x74, 0x61, 0x20, 0x76, 0x69, 0x73, 0x69, 0x62, 0x6c, 0x65, 0x20, 0x74,
-    0x6f, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61,
-    0x74, 0x20, 0x68, 0x61, 0x73, 0x20, 0x62, 0x65, 0x65, 0x6e, 0x20, 0x61, 0x75, 0x74, 0x68, 0x65,
-    0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65, 0x20,
-    0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x01, 0x01, 0x12,
-    0x03, 0x12, 0x08, 0x19, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x01, 0x02, 0x00, 0x12, 0x03, 0x13, 0x02,
-    0x1f, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x01, 0x02, 0x00, 0x05, 0x12, 0x03, 0x13, 0x02, 0x08, 0x0a,
-    0x0c, 0x0a, 0x05, 0x04, 0x01, 0x02, 0x00, 0x01, 0x12, 0x03, 0x13, 0x09, 0x1a, 0x0a, 0x0c, 0x0a,
-    0x05, 0x04, 0x01, 0x02, 0x00, 0x03, 0x12, 0x03, 0x13, 0x1d, 0x1e, 0x0a, 0x0b, 0x0a, 0x04, 0x04,
-    0x01, 0x02, 0x01, 0x12, 0x03, 0x14, 0x02, 0x19, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x01, 0x02, 0x01,
-    0x05, 0x12, 0x03, 0x14, 0x02, 0x07, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x01, 0x02, 0x01, 0x01, 0x12,
-    0x03, 0x14, 0x08, 0x14, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x01, 0x02, 0x01, 0x03, 0x12, 0x03, 0x14,
-    0x17, 0x18, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x01, 0x02, 0x02, 0x12, 0x03, 0x15, 0x02, 0x1c, 0x0a,
-    0x0c, 0x0a, 0x05, 0x04, 0x01, 0x02, 0x02, 0x06, 0x12, 0x03, 0x15, 0x02, 0x0d, 0x0a, 0x0c, 0x0a,
-    0x05, 0x04, 0x01, 0x02, 0x02, 0x01, 0x12, 0x03, 0x15, 0x0e, 0x17, 0x0a, 0x0c, 0x0a, 0x05, 0x04,
-    0x01, 0x02, 0x02, 0x03, 0x12, 0x03, 0x15, 0x1a, 0x1b, 0x0a, 0x0a, 0x0a, 0x02, 0x04, 0x02, 0x12,
-    0x04, 0x18, 0x00, 0x21, 0x01, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x02, 0x01, 0x12, 0x03, 0x18, 0x08,
-    0x16, 0x0a, 0x0c, 0x0a, 0x04, 0x04, 0x02, 0x08, 0x00, 0x12, 0x04, 0x19, 0x02, 0x1f, 0x03, 0x0a,
-    0x0c, 0x0a, 0x05, 0x04, 0x02, 0x08, 0x00, 0x01, 0x12, 0x03, 0x19, 0x08, 0x0f, 0x0a, 0x0b, 0x0a,
-    0x04, 0x04, 0x02, 0x02, 0x00, 0x12, 0x03, 0x1a, 0x04, 0x38, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02,
-    0x02, 0x00, 0x06, 0x12, 0x03, 0x1a, 0x04, 0x25, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x00,
-    0x01, 0x12, 0x03, 0x1a, 0x26, 0x33, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x00, 0x03, 0x12,
-    0x03, 0x1a, 0x36, 0x37, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x02, 0x02, 0x01, 0x12, 0x03, 0x1b, 0x04,
-    0x3c, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x01, 0x06, 0x12, 0x03, 0x1b, 0x04, 0x27, 0x0a,
-    0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x01, 0x01, 0x12, 0x03, 0x1b, 0x28, 0x37, 0x0a, 0x0c, 0x0a,
-    0x05, 0x04, 0x02, 0x02, 0x01, 0x03, 0x12, 0x03, 0x1b, 0x3a, 0x3b, 0x0a, 0x0b, 0x0a, 0x04, 0x04,
-    0x02, 0x02, 0x02, 0x12, 0x03, 0x1c, 0x04, 0x4a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x02,
-    0x06, 0x12, 0x03, 0x1c, 0x04, 0x2f, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x02, 0x01, 0x12,
-    0x03, 0x1c, 0x30, 0x45, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x02, 0x03, 0x12, 0x03, 0x1c,
-    0x48, 0x49, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x02, 0x02, 0x03, 0x12, 0x03, 0x1d, 0x04, 0x43, 0x0a,
-    0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x03, 0x06, 0x12, 0x03, 0x1d, 0x04, 0x2b, 0x0a, 0x0c, 0x0a,
-    0x05, 0x04, 0x02, 0x02, 0x03, 0x01, 0x12, 0x03, 0x1d, 0x2c, 0x3e, 0x0a, 0x0c, 0x0a, 0x05, 0x04,
-    0x02, 0x02, 0x03, 0x03, 0x12, 0x03, 0x1d, 0x41, 0x42, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x02, 0x02,
-    0x04, 0x12, 0x03, 0x1e, 0x04, 0x46, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x04, 0x06, 0x12,
-    0x03, 0x1e, 0x04, 0x2d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x04, 0x01, 0x12, 0x03, 0x1e,
-    0x2e, 0x41, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x04, 0x03, 0x12, 0x03, 0x1e, 0x44, 0x45,
-    0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x02, 0x02, 0x05, 0x12, 0x03, 0x20, 0x02, 0x1c, 0x0a, 0x0c, 0x0a,
-    0x05, 0x04, 0x02, 0x02, 0x05, 0x06, 0x12, 0x03, 0x20, 0x02, 0x13, 0x0a, 0x0c, 0x0a, 0x05, 0x04,
-    0x02, 0x02, 0x05, 0x01, 0x12, 0x03, 0x20, 0x14, 0x17, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02,
-    0x05, 0x03, 0x12, 0x03, 0x20, 0x1a, 0x1b, 0x0a, 0x38, 0x0a, 0x02, 0x04, 0x03, 0x12, 0x04, 0x24,
-    0x00, 0x27, 0x01, 0x1a, 0x2c, 0x20, 0x57, 0x72, 0x61, 0x70, 0x73, 0x20, 0x63, 0x6c, 0x69, 0x65,
-    0x6e, 0x74, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x20, 0x77, 0x69, 0x74, 0x68,
-    0x20, 0x70, 0x61, 0x79, 0x65, 0x72, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65,
-    0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x03, 0x01, 0x12, 0x03, 0x24, 0x08, 0x15, 0x0a, 0x22, 0x0a,
-    0x04, 0x04, 0x03, 0x02, 0x00, 0x12, 0x03, 0x25, 0x02, 0x25, 0x22, 0x15, 0x20, 0x50, 0x72, 0x6f,
-    0x74, 0x6f, 0x62, 0x75, 0x66, 0x20, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64,
-    0x0a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x03, 0x02, 0x00, 0x05, 0x12, 0x03, 0x25, 0x02, 0x07, 0x0a,
-    0x0c, 0x0a, 0x05, 0x04, 0x03, 0x02, 0x00, 0x01, 0x12, 0x03, 0x25, 0x08, 0x20, 0x0a, 0x0c, 0x0a,
-    0x05, 0x04, 0x03, 0x02, 0x00, 0x03, 0x12, 0x03, 0x25, 0x23, 0x24, 0x0a, 0x0b, 0x0a, 0x04, 0x04,
-    0x03, 0x02, 0x01, 0x12, 0x03, 0x26, 0x02, 0x4b, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x03, 0x02, 0x01,
-    0x06, 0x12, 0x03, 0x26, 0x02, 0x36, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x03, 0x02, 0x01, 0x01, 0x12,
-    0x03, 0x26, 0x37, 0x46, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x03, 0x02, 0x01, 0x03, 0x12, 0x03, 0x26,
-    0x49, 0x4a, 0x0a, 0x8e, 0x01, 0x0a, 0x02, 0x04, 0x04, 0x12, 0x04, 0x2b, 0x00, 0x30, 0x01, 0x1a,
-    0x81, 0x01, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x63, 0x68, 0x61, 0x69,
-    0x6e, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73, 0x2c, 0x20, 0x74, 0x68, 0x65,
-    0x20, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x6f, 0x72, 0x5f, 0x73, 0x69, 0x64, 0x20,
-    0x69, 0x73, 0x20, 0x73, 0x65, 0x74, 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x6d,
-    0x61, 0x72, 0x74, 0x20, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x2c, 0x0a, 0x20, 0x62,
-    0x75, 0x74, 0x20, 0x74, 0x68, 0x65, 0x20, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x6f,
-    0x72, 0x5f, 0x6e, 0x73, 0x20, 0x69, 0x73, 0x20, 0x73, 0x65, 0x74, 0x20, 0x62, 0x79, 0x20, 0x74,
-    0x68, 0x65, 0x20, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x20, 0x6e, 0x6f,
-    0x64, 0x65, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x04, 0x01, 0x12, 0x03, 0x2b, 0x08, 0x22, 0x0a,
-    0x0b, 0x0a, 0x04, 0x04, 0x04, 0x02, 0x00, 0x12, 0x03, 0x2c, 0x02, 0x20, 0x0a, 0x0c, 0x0a, 0x05,
-    0x04, 0x04, 0x02, 0x00, 0x05, 0x12, 0x03, 0x2c, 0x02, 0x08, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04,
-    0x02, 0x00, 0x01, 0x12, 0x03, 0x2c, 0x09, 0x1b, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x00,
-    0x03, 0x12, 0x03, 0x2c, 0x1e, 0x1f, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x04, 0x02, 0x01, 0x12, 0x03,
-    0x2d, 0x02, 0x24, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x01, 0x05, 0x12, 0x03, 0x2d, 0x02,
-    0x08, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x01, 0x01, 0x12, 0x03, 0x2d, 0x09, 0x1f, 0x0a,
-    0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x01, 0x03, 0x12, 0x03, 0x2d, 0x22, 0x23, 0x0a, 0x0b, 0x0a,
-    0x04, 0x04, 0x04, 0x02, 0x02, 0x12, 0x03, 0x2e, 0x02, 0x1a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04,
-    0x02, 0x02, 0x05, 0x12, 0x03, 0x2e, 0x02, 0x07, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x02,
-    0x01, 0x12, 0x03, 0x2e, 0x08, 0x15, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x02, 0x03, 0x12,
-    0x03, 0x2e, 0x18, 0x19, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x04, 0x02, 0x03, 0x12, 0x03, 0x2f, 0x02,
-    0x23, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x03, 0x06, 0x12, 0x03, 0x2f, 0x02, 0x0f, 0x0a,
-    0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x03, 0x01, 0x12, 0x03, 0x2f, 0x10, 0x1e, 0x0a, 0x0c, 0x0a,
-    0x05, 0x04, 0x04, 0x02, 0x03, 0x03, 0x12, 0x03, 0x2f, 0x21, 0x22, 0x0a, 0x43, 0x0a, 0x02, 0x04,
-    0x05, 0x12, 0x04, 0x33, 0x00, 0x36, 0x01, 0x1a, 0x37, 0x20, 0x41, 0x6e, 0x20, 0x61, 0x6c, 0x74,
-    0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x20, 0x74, 0x6f, 0x20, 0x61, 0x20, 0x73, 0x69,
-    0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x62, 0x6c, 0x6f, 0x63,
-    0x6b, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x20, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x0a,
-    0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x05, 0x01, 0x12, 0x03, 0x33, 0x08, 0x17, 0x0a, 0x0b, 0x0a, 0x04,
-    0x04, 0x05, 0x02, 0x00, 0x12, 0x03, 0x34, 0x02, 0x1a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x05, 0x02,
-    0x00, 0x05, 0x12, 0x03, 0x34, 0x02, 0x08, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x05, 0x02, 0x00, 0x01,
-    0x12, 0x03, 0x34, 0x09, 0x15, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x05, 0x02, 0x00, 0x03, 0x12, 0x03,
-    0x34, 0x18, 0x19, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x05, 0x02, 0x01, 0x12, 0x03, 0x35, 0x02, 0x1f,
-    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x05, 0x02, 0x01, 0x05, 0x12, 0x03, 0x35, 0x02, 0x08, 0x0a, 0x0c,
-    0x0a, 0x05, 0x04, 0x05, 0x02, 0x01, 0x01, 0x12, 0x03, 0x35, 0x09, 0x1a, 0x0a, 0x0c, 0x0a, 0x05,
-    0x04, 0x05, 0x02, 0x01, 0x03, 0x12, 0x03, 0x35, 0x1d, 0x1e, 0x0a, 0x28, 0x0a, 0x02, 0x04, 0x06,
-    0x12, 0x04, 0x39, 0x00, 0x3f, 0x01, 0x1a, 0x1c, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x20,
-    0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x6f, 0x72, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c,
-    0x6f, 0x70, 0x65, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x06, 0x01, 0x12, 0x03, 0x39, 0x08, 0x1a,
-    0x0a, 0x22, 0x0a, 0x04, 0x04, 0x06, 0x02, 0x00, 0x12, 0x03, 0x3a, 0x02, 0x29, 0x22, 0x15, 0x20,
-    0x50, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x20, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x69,
-    0x7a, 0x65, 0x64, 0x0a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06, 0x02, 0x00, 0x05, 0x12, 0x03, 0x3a,
-    0x02, 0x07, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06, 0x02, 0x00, 0x01, 0x12, 0x03, 0x3a, 0x08, 0x24,
-    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06, 0x02, 0x00, 0x03, 0x12, 0x03, 0x3a, 0x27, 0x28, 0x0a, 0x0c,
-    0x0a, 0x04, 0x04, 0x06, 0x08, 0x00, 0x12, 0x04, 0x3b, 0x02, 0x3e, 0x03, 0x0a, 0x0c, 0x0a, 0x05,
-    0x04, 0x06, 0x08, 0x00, 0x01, 0x12, 0x03, 0x3b, 0x08, 0x0d, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x06,
-    0x02, 0x01, 0x12, 0x03, 0x3c, 0x04, 0x52, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06, 0x02, 0x01, 0x06,
-    0x12, 0x03, 0x3c, 0x04, 0x38, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06, 0x02, 0x01, 0x01, 0x12, 0x03,
-    0x3c, 0x39, 0x4d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06, 0x02, 0x01, 0x03, 0x12, 0x03, 0x3c, 0x50,
-    0x51, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x06, 0x02, 0x02, 0x12, 0x03, 0x3d, 0x04, 0x29, 0x0a, 0x0c,
-    0x0a, 0x05, 0x04, 0x06, 0x02, 0x02, 0x06, 0x12, 0x03, 0x3d, 0x04, 0x13, 0x0a, 0x0c, 0x0a, 0x05,
-    0x04, 0x06, 0x02, 0x02, 0x01, 0x12, 0x03, 0x3d, 0x14, 0x24, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06,
-    0x02, 0x02, 0x03, 0x12, 0x03, 0x3d, 0x27, 0x28, 0x0a, 0x1f, 0x0a, 0x02, 0x05, 0x00, 0x12, 0x04,
-    0x42, 0x00, 0x48, 0x01, 0x1a, 0x13, 0x20, 0x4d, 0x69, 0x73, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69,
-    0x6f, 0x72, 0x20, 0x74, 0x79, 0x70, 0x65, 0x73, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x05, 0x00, 0x01,
-    0x12, 0x03, 0x42, 0x05, 0x10, 0x0a, 0x0b, 0x0a, 0x04, 0x05, 0x00, 0x02, 0x00, 0x12, 0x03, 0x43,
-    0x02, 0x1e, 0x0a, 0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02, 0x00, 0x01, 0x12, 0x03, 0x43, 0x02, 0x19,
-    0x0a, 0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02, 0x00, 0x02, 0x12, 0x03, 0x43, 0x1c, 0x1d, 0x0a, 0x0b,
-    0x0a, 0x04, 0x05, 0x00, 0x02, 0x01, 0x12, 0x03, 0x44, 0x02, 0x23, 0x0a, 0x0c, 0x0a, 0x05, 0x05,
-    0x00, 0x02, 0x01, 0x01, 0x12, 0x03, 0x44, 0x02, 0x1e, 0x0a, 0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02,
-    0x01, 0x02, 0x12, 0x03, 0x44, 0x21, 0x22, 0x0a, 0x0b, 0x0a, 0x04, 0x05, 0x00, 0x02, 0x02, 0x12,
-    0x03, 0x45, 0x02, 0x2e, 0x0a, 0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02, 0x02, 0x01, 0x12, 0x03, 0x45,
-    0x02, 0x29, 0x0a, 0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02, 0x02, 0x02, 0x12, 0x03, 0x45, 0x2c, 0x2d,
-    0x0a, 0x0b, 0x0a, 0x04, 0x05, 0x00, 0x02, 0x03, 0x12, 0x03, 0x46, 0x02, 0x2b, 0x0a, 0x0c, 0x0a,
-    0x05, 0x05, 0x00, 0x02, 0x03, 0x01, 0x12, 0x03, 0x46, 0x02, 0x26, 0x0a, 0x0c, 0x0a, 0x05, 0x05,
-    0x00, 0x02, 0x03, 0x02, 0x12, 0x03, 0x46, 0x29, 0x2a, 0x0a, 0x0b, 0x0a, 0x04, 0x05, 0x00, 0x02,
-    0x04, 0x12, 0x03, 0x47, 0x02, 0x2c, 0x0a, 0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02, 0x04, 0x01, 0x12,
-    0x03, 0x47, 0x02, 0x27, 0x0a, 0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02, 0x04, 0x02, 0x12, 0x03, 0x47,
-    0x2a, 0x2b, 0x0a, 0x4a, 0x0a, 0x02, 0x04, 0x07, 0x12, 0x04, 0x4b, 0x00, 0x4e, 0x01, 0x1a, 0x3e,
-    0x20, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x20, 0x6e, 0x6f, 0x64, 0x65, 0x20, 0x6d, 0x69,
-    0x73, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2c, 0x20, 0x73, 0x75, 0x62, 0x6d, 0x69,
-    0x74, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x20, 0x62, 0x79, 0x20, 0x6e, 0x6f, 0x64, 0x65, 0x73, 0x20,
-    0x6f, 0x72, 0x20, 0x62, 0x79, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73, 0x0a, 0x0a, 0x0a,
-    0x0a, 0x03, 0x04, 0x07, 0x01, 0x12, 0x03, 0x4b, 0x08, 0x19, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x07,
-    0x02, 0x00, 0x12, 0x03, 0x4c, 0x02, 0x17, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x07, 0x02, 0x00, 0x06,
-    0x12, 0x03, 0x4c, 0x02, 0x0d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x07, 0x02, 0x00, 0x01, 0x12, 0x03,
-    0x4c, 0x0e, 0x12, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x07, 0x02, 0x00, 0x03, 0x12, 0x03, 0x4c, 0x15,
-    0x16, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x07, 0x02, 0x01, 0x12, 0x03, 0x4d, 0x02, 0x2c, 0x0a, 0x0c,
-    0x0a, 0x05, 0x04, 0x07, 0x02, 0x01, 0x04, 0x12, 0x03, 0x4d, 0x02, 0x0a, 0x0a, 0x0c, 0x0a, 0x05,
-    0x04, 0x07, 0x02, 0x01, 0x06, 0x12, 0x03, 0x4d, 0x0b, 0x1d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x07,
-    0x02, 0x01, 0x01, 0x12, 0x03, 0x4d, 0x1e, 0x27, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x07, 0x02, 0x01,
-    0x03, 0x12, 0x03, 0x4d, 0x2a, 0x2b, 0x0a, 0x4a, 0x0a, 0x02, 0x04, 0x08, 0x12, 0x04, 0x51, 0x00,
-    0x59, 0x01, 0x1a, 0x3e, 0x20, 0x51, 0x75, 0x65, 0x72, 0x79, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x65,
-    0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73, 0x2c, 0x20, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64,
-    0x20, 0x62, 0x79, 0x20, 0x71, 0x75, 0x65, 0x72, 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73, 0x75,
-    0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x20, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
-    0x73, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x08, 0x01, 0x12, 0x03, 0x51, 0x08, 0x16, 0x0a, 0x0c,
-    0x0a, 0x04, 0x04, 0x08, 0x08, 0x00, 0x12, 0x04, 0x52, 0x02, 0x57, 0x03, 0x0a, 0x0c, 0x0a, 0x05,
-    0x04, 0x08, 0x08, 0x00, 0x01, 0x12, 0x03, 0x52, 0x08, 0x0e, 0x0a, 0x1d, 0x0a, 0x04, 0x04, 0x08,
-    0x02, 0x00, 0x12, 0x03, 0x54, 0x04, 0x14, 0x1a, 0x10, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74,
-    0x20, 0x71, 0x75, 0x65, 0x72, 0x69, 0x65, 0x73, 0x0a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02,
-    0x00, 0x05, 0x12, 0x03, 0x54, 0x04, 0x09, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02, 0x00, 0x01,
-    0x12, 0x03, 0x54, 0x0a, 0x0f, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02, 0x00, 0x03, 0x12, 0x03,
-    0x54, 0x12, 0x13, 0x0a, 0x1b, 0x0a, 0x04, 0x04, 0x08, 0x02, 0x01, 0x12, 0x03, 0x56, 0x04, 0x22,
-    0x1a, 0x0e, 0x20, 0x4e, 0x6f, 0x64, 0x65, 0x20, 0x71, 0x75, 0x65, 0x72, 0x69, 0x65, 0x73, 0x0a,
-    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02, 0x01, 0x05, 0x12, 0x03, 0x56, 0x04, 0x0a, 0x0a, 0x0c,
-    0x0a, 0x05, 0x04, 0x08, 0x02, 0x01, 0x01, 0x12, 0x03, 0x56, 0x0b, 0x1d, 0x0a, 0x0c, 0x0a, 0x05,
-    0x04, 0x08, 0x02, 0x01, 0x03, 0x12, 0x03, 0x56, 0x20, 0x21, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x08,
-    0x02, 0x02, 0x12, 0x03, 0x58, 0x02, 0x1c, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02, 0x02, 0x06,
-    0x12, 0x03, 0x58, 0x02, 0x0d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02, 0x02, 0x01, 0x12, 0x03,
-    0x58, 0x0e, 0x17, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02, 0x02, 0x03, 0x12, 0x03, 0x58, 0x1a,
-    0x1b, 0x0a, 0x2a, 0x0a, 0x02, 0x04, 0x09, 0x12, 0x04, 0x5c, 0x00, 0x62, 0x01, 0x1a, 0x1e, 0x20,
-    0x42, 0x61, 0x74, 0x63, 0x68, 0x20, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x20,
-    0x74, 0x6f, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73, 0x0a, 0x0a, 0x0a, 0x0a,
-    0x03, 0x04, 0x09, 0x01, 0x12, 0x03, 0x5c, 0x08, 0x26, 0x0a, 0x39, 0x0a, 0x04, 0x04, 0x09, 0x03,
-    0x00, 0x12, 0x04, 0x5e, 0x02, 0x60, 0x03, 0x1a, 0x2b, 0x20, 0x53, 0x69, 0x6e, 0x67, 0x6c, 0x65,
-    0x20, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x72, 0x65,
-    0x71, 0x75, 0x65, 0x73, 0x74, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f,
-    0x70, 0x65, 0x73, 0x0a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x09, 0x03, 0x00, 0x01, 0x12, 0x03, 0x5e,
-    0x0a, 0x23, 0x0a, 0x0d, 0x0a, 0x06, 0x04, 0x09, 0x03, 0x00, 0x02, 0x00, 0x12, 0x03, 0x5f, 0x04,
-    0x1d, 0x0a, 0x0e, 0x0a, 0x07, 0x04, 0x09, 0x03, 0x00, 0x02, 0x00, 0x06, 0x12, 0x03, 0x5f, 0x04,
-    0x12, 0x0a, 0x0e, 0x0a, 0x07, 0x04, 0x09, 0x03, 0x00, 0x02, 0x00, 0x01, 0x12, 0x03, 0x5f, 0x13,
-    0x18, 0x0a, 0x0e, 0x0a, 0x07, 0x04, 0x09, 0x03, 0x00, 0x02, 0x00, 0x03, 0x12, 0x03, 0x5f, 0x1b,
-    0x1c, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x09, 0x02, 0x00, 0x12, 0x03, 0x61, 0x02, 0x32, 0x0a, 0x0c,
-    0x0a, 0x05, 0x04, 0x09, 0x02, 0x00, 0x04, 0x12, 0x03, 0x61, 0x02, 0x0a, 0x0a, 0x0c, 0x0a, 0x05,
-    0x04, 0x09, 0x02, 0x00, 0x06, 0x12, 0x03, 0x61, 0x0b, 0x24, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x09,
-    0x02, 0x00, 0x01, 0x12, 0x03, 0x61, 0x25, 0x2d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x09, 0x02, 0x00,
-    0x03, 0x12, 0x03, 0x61, 0x30, 0x31, 0x0a, 0x57, 0x0a, 0x02, 0x04, 0x0a, 0x12, 0x04, 0x65, 0x00,
-    0x67, 0x01, 0x1a, 0x4b, 0x20, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x65, 0x64, 0x20, 0x72, 0x65,
-    0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x62, 0x61, 0x74, 0x63, 0x68,
-    0x20, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x20, 0x2d, 0x20, 0x63, 0x61, 0x6e,
-    0x20, 0x62, 0x65, 0x20, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x20, 0x65, 0x6e, 0x76,
-    0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73, 0x20, 0x61, 0x74, 0x20, 0x6f, 0x6e, 0x63, 0x65, 0x0a, 0x0a,
-    0x0a, 0x0a, 0x03, 0x04, 0x0a, 0x01, 0x12, 0x03, 0x65, 0x08, 0x27, 0x0a, 0x0b, 0x0a, 0x04, 0x04,
-    0x0a, 0x02, 0x00, 0x12, 0x03, 0x66, 0x02, 0x2c, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0a, 0x02, 0x00,
-    0x04, 0x12, 0x03, 0x66, 0x02, 0x0a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0a, 0x02, 0x00, 0x06, 0x12,
-    0x03, 0x66, 0x0b, 0x1d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0a, 0x02, 0x00, 0x01, 0x12, 0x03, 0x66,
-    0x1e, 0x27, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0a, 0x02, 0x00, 0x03, 0x12, 0x03, 0x66, 0x2a, 0x2b,
-    0x0a, 0x25, 0x0a, 0x02, 0x04, 0x0b, 0x12, 0x04, 0x6a, 0x00, 0x6d, 0x01, 0x1a, 0x19, 0x20, 0x51,
-    0x75, 0x65, 0x72, 0x79, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73, 0x20, 0x72,
-    0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x0b, 0x01, 0x12, 0x03,
-    0x6a, 0x08, 0x1d, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x0b, 0x02, 0x00, 0x12, 0x03, 0x6b, 0x02, 0x1b,
-    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0b, 0x02, 0x00, 0x06, 0x12, 0x03, 0x6b, 0x02, 0x10, 0x0a, 0x0c,
-    0x0a, 0x05, 0x04, 0x0b, 0x02, 0x00, 0x01, 0x12, 0x03, 0x6b, 0x11, 0x16, 0x0a, 0x0c, 0x0a, 0x05,
-    0x04, 0x0b, 0x02, 0x00, 0x03, 0x12, 0x03, 0x6b, 0x19, 0x1a, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x0b,
-    0x02, 0x01, 0x12, 0x03, 0x6c, 0x02, 0x13, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0b, 0x02, 0x01, 0x05,
-    0x12, 0x03, 0x6c, 0x02, 0x08, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0b, 0x02, 0x01, 0x01, 0x12, 0x03,
-    0x6c, 0x09, 0x0e, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0b, 0x02, 0x01, 0x03, 0x12, 0x03, 0x6c, 0x11,
-    0x12, 0x0a, 0x26, 0x0a, 0x02, 0x04, 0x0c, 0x12, 0x04, 0x70, 0x00, 0x72, 0x01, 0x1a, 0x1a, 0x20,
-    0x51, 0x75, 0x65, 0x72, 0x79, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73, 0x20,
-    0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x0c, 0x01,
-    0x12, 0x03, 0x70, 0x08, 0x1e, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x0c, 0x02, 0x00, 0x12, 0x03, 0x71,
-    0x02, 0x2c, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0c, 0x02, 0x00, 0x04, 0x12, 0x03, 0x71, 0x02, 0x0a,
-    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0c, 0x02, 0x00, 0x06, 0x12, 0x03, 0x71, 0x0b, 0x1d, 0x0a, 0x0c,
-    0x0a, 0x05, 0x04, 0x0c, 0x02, 0x00, 0x01, 0x12, 0x03, 0x71, 0x1e, 0x27, 0x0a, 0x0c, 0x0a, 0x05,
-    0x04, 0x0c, 0x02, 0x00, 0x03, 0x12, 0x03, 0x71, 0x2a, 0x2b, 0x0a, 0x0a, 0x0a, 0x02, 0x04, 0x0d,
-    0x12, 0x04, 0x74, 0x00, 0x76, 0x01, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x0d, 0x01, 0x12, 0x03, 0x74,
-    0x08, 0x1e, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x0d, 0x02, 0x00, 0x12, 0x03, 0x75, 0x02, 0x23, 0x0a,
-    0x0c, 0x0a, 0x05, 0x04, 0x0d, 0x02, 0x00, 0x06, 0x12, 0x03, 0x75, 0x02, 0x0f, 0x0a, 0x0c, 0x0a,
-    0x05, 0x04, 0x0d, 0x02, 0x00, 0x01, 0x12, 0x03, 0x75, 0x10, 0x1e, 0x0a, 0x0c, 0x0a, 0x05, 0x04,
-    0x0d, 0x02, 0x00, 0x03, 0x12, 0x03, 0x75, 0x21, 0x22, 0x0a, 0x0a, 0x0a, 0x02, 0x04, 0x0e, 0x12,
-    0x04, 0x78, 0x00, 0x7a, 0x01, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x0e, 0x01, 0x12, 0x03, 0x78, 0x08,
-    0x1f, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x0e, 0x02, 0x00, 0x12, 0x03, 0x79, 0x02, 0x2d, 0x0a, 0x0c,
-    0x0a, 0x05, 0x04, 0x0e, 0x02, 0x00, 0x06, 0x12, 0x03, 0x79, 0x02, 0x14, 0x0a, 0x0c, 0x0a, 0x05,
-    0x04, 0x0e, 0x02, 0x00, 0x01, 0x12, 0x03, 0x79, 0x15, 0x28, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0e,
-    0x02, 0x00, 0x03, 0x12, 0x03, 0x79, 0x2b, 0x2c, 0x0a, 0x43, 0x0a, 0x02, 0x04, 0x0f, 0x12, 0x05,
-    0x7d, 0x00, 0x84, 0x01, 0x01, 0x1a, 0x36, 0x20, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x20,
-    0x74, 0x6f, 0x20, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x76, 0x65, 0x20, 0x74, 0x68, 0x65, 0x20,
-    0x58, 0x49, 0x44, 0x73, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x67, 0x69, 0x76,
-    0x65, 0x6e, 0x20, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x0a, 0x0a, 0x0a, 0x0a,
-    0x03, 0x04, 0x0f, 0x01, 0x12, 0x03, 0x7d, 0x08, 0x1a, 0x0a, 0x35, 0x0a, 0x04, 0x04, 0x0f, 0x03,
-    0x00, 0x12, 0x05, 0x7f, 0x02, 0x81, 0x01, 0x03, 0x1a, 0x26, 0x20, 0x41, 0x20, 0x73, 0x69, 0x6e,
-    0x67, 0x6c, 0x65, 0x20, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x20, 0x66, 0x6f, 0x72, 0x20,
-    0x61, 0x20, 0x67, 0x69, 0x76, 0x65, 0x6e, 0x20, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x0a,
-    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0f, 0x03, 0x00, 0x01, 0x12, 0x03, 0x7f, 0x0a, 0x11, 0x0a, 0x0e,
-    0x0a, 0x06, 0x04, 0x0f, 0x03, 0x00, 0x02, 0x00, 0x12, 0x04, 0x80, 0x01, 0x04, 0x17, 0x0a, 0x0f,
-    0x0a, 0x07, 0x04, 0x0f, 0x03, 0x00, 0x02, 0x00, 0x05, 0x12, 0x04, 0x80, 0x01, 0x04, 0x0a, 0x0a,
-    0x0f, 0x0a, 0x07, 0x04, 0x0f, 0x03, 0x00, 0x02, 0x00, 0x01, 0x12, 0x04, 0x80, 0x01, 0x0b, 0x12,
-    0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x0f, 0x03, 0x00, 0x02, 0x00, 0x03, 0x12, 0x04, 0x80, 0x01, 0x15,
-    0x16, 0x0a, 0x0c, 0x0a, 0x04, 0x04, 0x0f, 0x02, 0x00, 0x12, 0x04, 0x83, 0x01, 0x02, 0x20, 0x0a,
-    0x0d, 0x0a, 0x05, 0x04, 0x0f, 0x02, 0x00, 0x04, 0x12, 0x04, 0x83, 0x01, 0x02, 0x0a, 0x0a, 0x0d,
-    0x0a, 0x05, 0x04, 0x0f, 0x02, 0x00, 0x06, 0x12, 0x04, 0x83, 0x01, 0x0b, 0x12, 0x0a, 0x0d, 0x0a,
-    0x05, 0x04, 0x0f, 0x02, 0x00, 0x01, 0x12, 0x04, 0x83, 0x01, 0x13, 0x1b, 0x0a, 0x0d, 0x0a, 0x05,
-    0x04, 0x0f, 0x02, 0x00, 0x03, 0x12, 0x04, 0x83, 0x01, 0x1e, 0x1f, 0x0a, 0x42, 0x0a, 0x02, 0x04,
-    0x10, 0x12, 0x06, 0x87, 0x01, 0x00, 0x8f, 0x01, 0x01, 0x1a, 0x34, 0x20, 0x52, 0x65, 0x73, 0x70,
-    0x6f, 0x6e, 0x73, 0x65, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, 0x20, 0x58, 0x49,
-    0x44, 0x73, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x72, 0x65, 0x71, 0x75, 0x65,
-    0x73, 0x74, 0x65, 0x64, 0x20, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x0a, 0x0a,
-    0x0b, 0x0a, 0x03, 0x04, 0x10, 0x01, 0x12, 0x04, 0x87, 0x01, 0x08, 0x1b, 0x0a, 0x37, 0x0a, 0x04,
-    0x04, 0x10, 0x03, 0x00, 0x12, 0x06, 0x89, 0x01, 0x02, 0x8c, 0x01, 0x03, 0x1a, 0x27, 0x20, 0x41,
-    0x20, 0x73, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-    0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20, 0x67, 0x69, 0x76, 0x65, 0x6e, 0x20, 0x61, 0x64, 0x64,
-    0x72, 0x65, 0x73, 0x73, 0x0a, 0x0a, 0x0d, 0x0a, 0x05, 0x04, 0x10, 0x03, 0x00, 0x01, 0x12, 0x04,
-    0x89, 0x01, 0x0a, 0x12, 0x0a, 0x0e, 0x0a, 0x06, 0x04, 0x10, 0x03, 0x00, 0x02, 0x00, 0x12, 0x04,
-    0x8a, 0x01, 0x04, 0x17, 0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x10, 0x03, 0x00, 0x02, 0x00, 0x05, 0x12,
-    0x04, 0x8a, 0x01, 0x04, 0x0a, 0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x10, 0x03, 0x00, 0x02, 0x00, 0x01,
-    0x12, 0x04, 0x8a, 0x01, 0x0b, 0x12, 0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x10, 0x03, 0x00, 0x02, 0x00,
-    0x03, 0x12, 0x04, 0x8a, 0x01, 0x15, 0x16, 0x0a, 0x0e, 0x0a, 0x06, 0x04, 0x10, 0x03, 0x00, 0x02,
-    0x01, 0x12, 0x04, 0x8b, 0x01, 0x04, 0x21, 0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x10, 0x03, 0x00, 0x02,
-    0x01, 0x04, 0x12, 0x04, 0x8b, 0x01, 0x04, 0x0c, 0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x10, 0x03, 0x00,
-    0x02, 0x01, 0x05, 0x12, 0x04, 0x8b, 0x01, 0x0d, 0x13, 0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x10, 0x03,
-    0x00, 0x02, 0x01, 0x01, 0x12, 0x04, 0x8b, 0x01, 0x14, 0x1c, 0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x10,
-    0x03, 0x00, 0x02, 0x01, 0x03, 0x12, 0x04, 0x8b, 0x01, 0x1f, 0x20, 0x0a, 0x0c, 0x0a, 0x04, 0x04,
-    0x10, 0x02, 0x00, 0x12, 0x04, 0x8e, 0x01, 0x02, 0x22, 0x0a, 0x0d, 0x0a, 0x05, 0x04, 0x10, 0x02,
-    0x00, 0x04, 0x12, 0x04, 0x8e, 0x01, 0x02, 0x0a, 0x0a, 0x0d, 0x0a, 0x05, 0x04, 0x10, 0x02, 0x00,
-    0x06, 0x12, 0x04, 0x8e, 0x01, 0x0b, 0x13, 0x0a, 0x0d, 0x0a, 0x05, 0x04, 0x10, 0x02, 0x00, 0x01,
-    0x12, 0x04, 0x8e, 0x01, 0x14, 0x1d, 0x0a, 0x0d, 0x0a, 0x05, 0x04, 0x10, 0x02, 0x00, 0x03, 0x12,
-    0x04, 0x8e, 0x01, 0x20, 0x21, 0x0a, 0x1f, 0x0a, 0x02, 0x06, 0x00, 0x12, 0x06, 0x92, 0x01, 0x00,
-    0xb1, 0x01, 0x01, 0x1a, 0x11, 0x20, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
-    0x6e, 0x20, 0x41, 0x50, 0x49, 0x0a, 0x0a, 0x0b, 0x0a, 0x03, 0x06, 0x00, 0x01, 0x12, 0x04, 0x92,
-    0x01, 0x08, 0x16, 0x0a, 0x28, 0x0a, 0x04, 0x06, 0x00, 0x02, 0x00, 0x12, 0x06, 0x94, 0x01, 0x02,
-    0x99, 0x01, 0x03, 0x1a, 0x18, 0x20, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x20,
-    0x74, 0x6f, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73, 0x0a, 0x0a, 0x0d, 0x0a,
-    0x05, 0x06, 0x00, 0x02, 0x00, 0x01, 0x12, 0x04, 0x94, 0x01, 0x06, 0x1d, 0x0a, 0x0d, 0x0a, 0x05,
-    0x06, 0x00, 0x02, 0x00, 0x02, 0x12, 0x04, 0x94, 0x01, 0x1e, 0x3c, 0x0a, 0x0d, 0x0a, 0x05, 0x06,
-    0x00, 0x02, 0x00, 0x06, 0x12, 0x04, 0x94, 0x01, 0x47, 0x4d, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00,
-    0x02, 0x00, 0x03, 0x12, 0x04, 0x94, 0x01, 0x4e, 0x6d, 0x0a, 0x0f, 0x0a, 0x05, 0x06, 0x00, 0x02,
-    0x00, 0x04, 0x12, 0x06, 0x95, 0x01, 0x04, 0x98, 0x01, 0x06, 0x0a, 0x13, 0x0a, 0x09, 0x06, 0x00,
-    0x02, 0x00, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x12, 0x06, 0x95, 0x01, 0x04, 0x98, 0x01, 0x06, 0x0a,
-    0x12, 0x0a, 0x0a, 0x06, 0x00, 0x02, 0x00, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x04, 0x12, 0x04, 0x96,
-    0x01, 0x06, 0x29, 0x0a, 0x12, 0x0a, 0x0a, 0x06, 0x00, 0x02, 0x00, 0x04, 0xb0, 0xca, 0xbc, 0x22,
-    0x07, 0x12, 0x04, 0x97, 0x01, 0x06, 0x0f, 0x0a, 0x21, 0x0a, 0x04, 0x06, 0x00, 0x02, 0x01, 0x12,
-    0x06, 0x9c, 0x01, 0x02, 0xa1, 0x01, 0x03, 0x1a, 0x11, 0x20, 0x51, 0x75, 0x65, 0x72, 0x79, 0x20,
-    0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73, 0x0a, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00,
-    0x02, 0x01, 0x01, 0x12, 0x04, 0x9c, 0x01, 0x06, 0x14, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02,
-    0x01, 0x02, 0x12, 0x04, 0x9c, 0x01, 0x15, 0x2a, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x01,
-    0x03, 0x12, 0x04, 0x9c, 0x01, 0x35, 0x4b, 0x0a, 0x0f, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x01, 0x04,
-    0x12, 0x06, 0x9d, 0x01, 0x04, 0xa0, 0x01, 0x06, 0x0a, 0x13, 0x0a, 0x09, 0x06, 0x00, 0x02, 0x01,
-    0x04, 0xb0, 0xca, 0xbc, 0x22, 0x12, 0x06, 0x9d, 0x01, 0x04, 0xa0, 0x01, 0x06, 0x0a, 0x12, 0x0a,
-    0x0a, 0x06, 0x00, 0x02, 0x01, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x04, 0x12, 0x04, 0x9e, 0x01, 0x06,
-    0x25, 0x0a, 0x12, 0x0a, 0x0a, 0x06, 0x00, 0x02, 0x01, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x07, 0x12,
-    0x04, 0x9f, 0x01, 0x06, 0x0f, 0x0a, 0x22, 0x0a, 0x04, 0x06, 0x00, 0x02, 0x02, 0x12, 0x06, 0xa4,
-    0x01, 0x02, 0xa9, 0x01, 0x03, 0x1a, 0x12, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x20,
-    0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x0a, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02,
-    0x02, 0x01, 0x12, 0x04, 0xa4, 0x01, 0x06, 0x15, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x02,
-    0x02, 0x12, 0x04, 0xa4, 0x01, 0x16, 0x2c, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x02, 0x03,
-    0x12, 0x04, 0xa4, 0x01, 0x37, 0x4e, 0x0a, 0x0f, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x02, 0x04, 0x12,
-    0x06, 0xa5, 0x01, 0x04, 0xa8, 0x01, 0x06, 0x0a, 0x13, 0x0a, 0x09, 0x06, 0x00, 0x02, 0x02, 0x04,
-    0xb0, 0xca, 0xbc, 0x22, 0x12, 0x06, 0xa5, 0x01, 0x04, 0xa8, 0x01, 0x06, 0x0a, 0x12, 0x0a, 0x0a,
-    0x06, 0x00, 0x02, 0x02, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x04, 0x12, 0x04, 0xa6, 0x01, 0x06, 0x26,
-    0x0a, 0x12, 0x0a, 0x0a, 0x06, 0x00, 0x02, 0x02, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x07, 0x12, 0x04,
-    0xa7, 0x01, 0x06, 0x0f, 0x0a, 0x1f, 0x0a, 0x04, 0x06, 0x00, 0x02, 0x03, 0x12, 0x06, 0xab, 0x01,
-    0x02, 0xb0, 0x01, 0x03, 0x1a, 0x0f, 0x20, 0x47, 0x65, 0x74, 0x20, 0x69, 0x6e, 0x62, 0x6f, 0x78,
-    0x20, 0x69, 0x64, 0x73, 0x0a, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x03, 0x01, 0x12, 0x04,
-    0xab, 0x01, 0x06, 0x11, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x03, 0x02, 0x12, 0x04, 0xab,
-    0x01, 0x12, 0x24, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x03, 0x03, 0x12, 0x04, 0xab, 0x01,
-    0x2f, 0x42, 0x0a, 0x0f, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x03, 0x04, 0x12, 0x06, 0xac, 0x01, 0x04,
-    0xaf, 0x01, 0x06, 0x0a, 0x13, 0x0a, 0x09, 0x06, 0x00, 0x02, 0x03, 0x04, 0xb0, 0xca, 0xbc, 0x22,
-    0x12, 0x06, 0xac, 0x01, 0x04, 0xaf, 0x01, 0x06, 0x0a, 0x12, 0x0a, 0x0a, 0x06, 0x00, 0x02, 0x03,
-    0x04, 0xb0, 0xca, 0xbc, 0x22, 0x04, 0x12, 0x04, 0xad, 0x01, 0x06, 0x23, 0x0a, 0x12, 0x0a, 0x0a,
-    0x06, 0x00, 0x02, 0x03, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x07, 0x12, 0x04, 0xae, 0x01, 0x06, 0x0f,
-    0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+    0x01, 0x12, 0x03, 0x06, 0x00, 0x31, 0x0a, 0x09, 0x0a, 0x02, 0x03, 0x02, 0x12, 0x03, 0x07, 0x00,
+    0x2f, 0x0a, 0x09, 0x0a, 0x02, 0x03, 0x03, 0x12, 0x03, 0x08, 0x00, 0x1e, 0x0a, 0x08, 0x0a, 0x01,
+    0x08, 0x12, 0x03, 0x0a, 0x00, 0x45, 0x0a, 0x09, 0x0a, 0x02, 0x08, 0x0b, 0x12, 0x03, 0x0a, 0x00,
+    0x45, 0x0a, 0xb7, 0x01, 0x0a, 0x02, 0x04, 0x00, 0x12, 0x04, 0x0e, 0x00, 0x10, 0x01, 0x1a, 0xaa,
+    0x01, 0x20, 0x54, 0x68, 0x65, 0x20, 0x6c, 0x61, 0x73, 0x74, 0x20, 0x73, 0x65, 0x65, 0x6e, 0x20,
+    0x65, 0x6e, 0x74, 0x72, 0x79, 0x20, 0x70, 0x65, 0x72, 0x20, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e,
+    0x61, 0x74, 0x6f, 0x72, 0x2e, 0x20, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x6f, 0x72,
+    0x73, 0x20, 0x74, 0x68, 0x61, 0x74, 0x20, 0x68, 0x61, 0x76, 0x65, 0x20, 0x6e, 0x6f, 0x74, 0x20,
+    0x62, 0x65, 0x65, 0x6e, 0x20, 0x73, 0x65, 0x65, 0x6e, 0x20, 0x61, 0x72, 0x65, 0x20, 0x6f, 0x6d,
+    0x69, 0x74, 0x74, 0x65, 0x64, 0x2e, 0x0a, 0x20, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x20,
+    0x4d, 0x55, 0x53, 0x54, 0x20, 0x62, 0x65, 0x20, 0x73, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x20, 0x69,
+    0x6e, 0x20, 0x61, 0x73, 0x63, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x20, 0x6f, 0x72, 0x64, 0x65,
+    0x72, 0x2c, 0x20, 0x73, 0x6f, 0x20, 0x74, 0x68, 0x61, 0x74, 0x20, 0x73, 0x6d, 0x61, 0x6c, 0x6c,
+    0x65, 0x72, 0x20, 0x6e, 0x6f, 0x64, 0x65, 0x20, 0x49, 0x44, 0x27, 0x73, 0x20, 0x61, 0x70, 0x70,
+    0x65, 0x61, 0x72, 0x20, 0x66, 0x69, 0x72, 0x73, 0x74, 0x2e, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04,
+    0x00, 0x01, 0x12, 0x03, 0x0e, 0x08, 0x13, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x00, 0x02, 0x00, 0x12,
+    0x03, 0x0f, 0x02, 0x31, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x00, 0x02, 0x00, 0x06, 0x12, 0x03, 0x0f,
+    0x02, 0x15, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x00, 0x02, 0x00, 0x01, 0x12, 0x03, 0x0f, 0x16, 0x2c,
+    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x00, 0x02, 0x00, 0x03, 0x12, 0x03, 0x0f, 0x2f, 0x30, 0x0a, 0x53,
+    0x0a, 0x02, 0x04, 0x01, 0x12, 0x04, 0x13, 0x00, 0x17, 0x01, 0x1a, 0x47, 0x20, 0x44, 0x61, 0x74,
+    0x61, 0x20, 0x76, 0x69, 0x73, 0x69, 0x62, 0x6c, 0x65, 0x20, 0x74, 0x6f, 0x20, 0x74, 0x68, 0x65,
+    0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x74, 0x20, 0x68, 0x61, 0x73,
+    0x20, 0x62, 0x65, 0x65, 0x6e, 0x20, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61,
+    0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e,
+    0x74, 0x2e, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x01, 0x01, 0x12, 0x03, 0x13, 0x08, 0x19, 0x0a,
+    0x0b, 0x0a, 0x04, 0x04, 0x01, 0x02, 0x00, 0x12, 0x03, 0x14, 0x02, 0x1f, 0x0a, 0x0c, 0x0a, 0x05,
+    0x04, 0x01, 0x02, 0x00, 0x05, 0x12, 0x03, 0x14, 0x02, 0x08, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x01,
+    0x02, 0x00, 0x01, 0x12, 0x03, 0x14, 0x09, 0x1a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x01, 0x02, 0x00,
+    0x03, 0x12, 0x03, 0x14, 0x1d, 0x1e, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x01, 0x02, 0x01, 0x12, 0x03,
+    0x15, 0x02, 0x19, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x01, 0x02, 0x01, 0x05, 0x12, 0x03, 0x15, 0x02,
+    0x07, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x01, 0x02, 0x01, 0x01, 0x12, 0x03, 0x15, 0x08, 0x14, 0x0a,
+    0x0c, 0x0a, 0x05, 0x04, 0x01, 0x02, 0x01, 0x03, 0x12, 0x03, 0x15, 0x17, 0x18, 0x0a, 0x0b, 0x0a,
+    0x04, 0x04, 0x01, 0x02, 0x02, 0x12, 0x03, 0x16, 0x02, 0x1c, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x01,
+    0x02, 0x02, 0x06, 0x12, 0x03, 0x16, 0x02, 0x0d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x01, 0x02, 0x02,
+    0x01, 0x12, 0x03, 0x16, 0x0e, 0x17, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x01, 0x02, 0x02, 0x03, 0x12,
+    0x03, 0x16, 0x1a, 0x1b, 0x0a, 0x0a, 0x0a, 0x02, 0x04, 0x02, 0x12, 0x04, 0x19, 0x00, 0x23, 0x01,
+    0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x02, 0x01, 0x12, 0x03, 0x19, 0x08, 0x16, 0x0a, 0x0c, 0x0a, 0x04,
+    0x04, 0x02, 0x08, 0x00, 0x12, 0x04, 0x1a, 0x02, 0x21, 0x03, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02,
+    0x08, 0x00, 0x01, 0x12, 0x03, 0x1a, 0x08, 0x0f, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x02, 0x02, 0x00,
+    0x12, 0x03, 0x1b, 0x04, 0x38, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x00, 0x06, 0x12, 0x03,
+    0x1b, 0x04, 0x25, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x00, 0x01, 0x12, 0x03, 0x1b, 0x26,
+    0x33, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x00, 0x03, 0x12, 0x03, 0x1b, 0x36, 0x37, 0x0a,
+    0x0b, 0x0a, 0x04, 0x04, 0x02, 0x02, 0x01, 0x12, 0x03, 0x1c, 0x04, 0x3c, 0x0a, 0x0c, 0x0a, 0x05,
+    0x04, 0x02, 0x02, 0x01, 0x06, 0x12, 0x03, 0x1c, 0x04, 0x27, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02,
+    0x02, 0x01, 0x01, 0x12, 0x03, 0x1c, 0x28, 0x37, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x01,
+    0x03, 0x12, 0x03, 0x1c, 0x3a, 0x3b, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x02, 0x02, 0x02, 0x12, 0x03,
+    0x1d, 0x04, 0x4a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x02, 0x06, 0x12, 0x03, 0x1d, 0x04,
+    0x2f, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x02, 0x01, 0x12, 0x03, 0x1d, 0x30, 0x45, 0x0a,
+    0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x02, 0x03, 0x12, 0x03, 0x1d, 0x48, 0x49, 0x0a, 0x0b, 0x0a,
+    0x04, 0x04, 0x02, 0x02, 0x03, 0x12, 0x03, 0x1e, 0x04, 0x43, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02,
+    0x02, 0x03, 0x06, 0x12, 0x03, 0x1e, 0x04, 0x2b, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x03,
+    0x01, 0x12, 0x03, 0x1e, 0x2c, 0x3e, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x03, 0x03, 0x12,
+    0x03, 0x1e, 0x41, 0x42, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x02, 0x02, 0x04, 0x12, 0x03, 0x1f, 0x04,
+    0x46, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x04, 0x06, 0x12, 0x03, 0x1f, 0x04, 0x2d, 0x0a,
+    0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x04, 0x01, 0x12, 0x03, 0x1f, 0x2e, 0x41, 0x0a, 0x0c, 0x0a,
+    0x05, 0x04, 0x02, 0x02, 0x04, 0x03, 0x12, 0x03, 0x1f, 0x44, 0x45, 0x0a, 0x0b, 0x0a, 0x04, 0x04,
+    0x02, 0x02, 0x05, 0x12, 0x03, 0x20, 0x04, 0x42, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x05,
+    0x06, 0x12, 0x03, 0x20, 0x04, 0x2d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x05, 0x01, 0x12,
+    0x03, 0x20, 0x2e, 0x3d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x05, 0x03, 0x12, 0x03, 0x20,
+    0x40, 0x41, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x02, 0x02, 0x06, 0x12, 0x03, 0x22, 0x02, 0x1c, 0x0a,
+    0x0c, 0x0a, 0x05, 0x04, 0x02, 0x02, 0x06, 0x06, 0x12, 0x03, 0x22, 0x02, 0x13, 0x0a, 0x0c, 0x0a,
+    0x05, 0x04, 0x02, 0x02, 0x06, 0x01, 0x12, 0x03, 0x22, 0x14, 0x17, 0x0a, 0x0c, 0x0a, 0x05, 0x04,
+    0x02, 0x02, 0x06, 0x03, 0x12, 0x03, 0x22, 0x1a, 0x1b, 0x0a, 0x38, 0x0a, 0x02, 0x04, 0x03, 0x12,
+    0x04, 0x26, 0x00, 0x29, 0x01, 0x1a, 0x2c, 0x20, 0x57, 0x72, 0x61, 0x70, 0x73, 0x20, 0x63, 0x6c,
+    0x69, 0x65, 0x6e, 0x74, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x20, 0x77, 0x69,
+    0x74, 0x68, 0x20, 0x70, 0x61, 0x79, 0x65, 0x72, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75,
+    0x72, 0x65, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x03, 0x01, 0x12, 0x03, 0x26, 0x08, 0x15, 0x0a,
+    0x22, 0x0a, 0x04, 0x04, 0x03, 0x02, 0x00, 0x12, 0x03, 0x27, 0x02, 0x25, 0x22, 0x15, 0x20, 0x50,
+    0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x20, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x69, 0x7a,
+    0x65, 0x64, 0x0a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x03, 0x02, 0x00, 0x05, 0x12, 0x03, 0x27, 0x02,
+    0x07, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x03, 0x02, 0x00, 0x01, 0x12, 0x03, 0x27, 0x08, 0x20, 0x0a,
+    0x0c, 0x0a, 0x05, 0x04, 0x03, 0x02, 0x00, 0x03, 0x12, 0x03, 0x27, 0x23, 0x24, 0x0a, 0x0b, 0x0a,
+    0x04, 0x04, 0x03, 0x02, 0x01, 0x12, 0x03, 0x28, 0x02, 0x4b, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x03,
+    0x02, 0x01, 0x06, 0x12, 0x03, 0x28, 0x02, 0x36, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x03, 0x02, 0x01,
+    0x01, 0x12, 0x03, 0x28, 0x37, 0x46, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x03, 0x02, 0x01, 0x03, 0x12,
+    0x03, 0x28, 0x49, 0x4a, 0x0a, 0x8e, 0x01, 0x0a, 0x02, 0x04, 0x04, 0x12, 0x04, 0x2d, 0x00, 0x32,
+    0x01, 0x1a, 0x81, 0x01, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x63, 0x68,
+    0x61, 0x69, 0x6e, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73, 0x2c, 0x20, 0x74,
+    0x68, 0x65, 0x20, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x6f, 0x72, 0x5f, 0x73, 0x69,
+    0x64, 0x20, 0x69, 0x73, 0x20, 0x73, 0x65, 0x74, 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65, 0x20,
+    0x73, 0x6d, 0x61, 0x72, 0x74, 0x20, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x2c, 0x0a,
+    0x20, 0x62, 0x75, 0x74, 0x20, 0x74, 0x68, 0x65, 0x20, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61,
+    0x74, 0x6f, 0x72, 0x5f, 0x6e, 0x73, 0x20, 0x69, 0x73, 0x20, 0x73, 0x65, 0x74, 0x20, 0x62, 0x79,
+    0x20, 0x74, 0x68, 0x65, 0x20, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x20,
+    0x6e, 0x6f, 0x64, 0x65, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x04, 0x01, 0x12, 0x03, 0x2d, 0x08,
+    0x22, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x04, 0x02, 0x00, 0x12, 0x03, 0x2e, 0x02, 0x20, 0x0a, 0x0c,
+    0x0a, 0x05, 0x04, 0x04, 0x02, 0x00, 0x05, 0x12, 0x03, 0x2e, 0x02, 0x08, 0x0a, 0x0c, 0x0a, 0x05,
+    0x04, 0x04, 0x02, 0x00, 0x01, 0x12, 0x03, 0x2e, 0x09, 0x1b, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04,
+    0x02, 0x00, 0x03, 0x12, 0x03, 0x2e, 0x1e, 0x1f, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x04, 0x02, 0x01,
+    0x12, 0x03, 0x2f, 0x02, 0x24, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x01, 0x05, 0x12, 0x03,
+    0x2f, 0x02, 0x08, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x01, 0x01, 0x12, 0x03, 0x2f, 0x09,
+    0x1f, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x01, 0x03, 0x12, 0x03, 0x2f, 0x22, 0x23, 0x0a,
+    0x0b, 0x0a, 0x04, 0x04, 0x04, 0x02, 0x02, 0x12, 0x03, 0x30, 0x02, 0x1a, 0x0a, 0x0c, 0x0a, 0x05,
+    0x04, 0x04, 0x02, 0x02, 0x05, 0x12, 0x03, 0x30, 0x02, 0x07, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04,
+    0x02, 0x02, 0x01, 0x12, 0x03, 0x30, 0x08, 0x15, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x02,
+    0x03, 0x12, 0x03, 0x30, 0x18, 0x19, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x04, 0x02, 0x03, 0x12, 0x03,
+    0x31, 0x02, 0x23, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x03, 0x06, 0x12, 0x03, 0x31, 0x02,
+    0x0f, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x03, 0x01, 0x12, 0x03, 0x31, 0x10, 0x1e, 0x0a,
+    0x0c, 0x0a, 0x05, 0x04, 0x04, 0x02, 0x03, 0x03, 0x12, 0x03, 0x31, 0x21, 0x22, 0x0a, 0x43, 0x0a,
+    0x02, 0x04, 0x05, 0x12, 0x04, 0x35, 0x00, 0x38, 0x01, 0x1a, 0x37, 0x20, 0x41, 0x6e, 0x20, 0x61,
+    0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x20, 0x74, 0x6f, 0x20, 0x61, 0x20,
+    0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x62, 0x6c,
+    0x6f, 0x63, 0x6b, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x20, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64,
+    0x73, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x05, 0x01, 0x12, 0x03, 0x35, 0x08, 0x17, 0x0a, 0x0b,
+    0x0a, 0x04, 0x04, 0x05, 0x02, 0x00, 0x12, 0x03, 0x36, 0x02, 0x1a, 0x0a, 0x0c, 0x0a, 0x05, 0x04,
+    0x05, 0x02, 0x00, 0x05, 0x12, 0x03, 0x36, 0x02, 0x08, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x05, 0x02,
+    0x00, 0x01, 0x12, 0x03, 0x36, 0x09, 0x15, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x05, 0x02, 0x00, 0x03,
+    0x12, 0x03, 0x36, 0x18, 0x19, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x05, 0x02, 0x01, 0x12, 0x03, 0x37,
+    0x02, 0x1f, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x05, 0x02, 0x01, 0x05, 0x12, 0x03, 0x37, 0x02, 0x08,
+    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x05, 0x02, 0x01, 0x01, 0x12, 0x03, 0x37, 0x09, 0x1a, 0x0a, 0x0c,
+    0x0a, 0x05, 0x04, 0x05, 0x02, 0x01, 0x03, 0x12, 0x03, 0x37, 0x1d, 0x1e, 0x0a, 0x28, 0x0a, 0x02,
+    0x04, 0x06, 0x12, 0x04, 0x3b, 0x00, 0x41, 0x01, 0x1a, 0x1c, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x65,
+    0x64, 0x20, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x6f, 0x72, 0x20, 0x65, 0x6e, 0x76,
+    0x65, 0x6c, 0x6f, 0x70, 0x65, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x06, 0x01, 0x12, 0x03, 0x3b,
+    0x08, 0x1a, 0x0a, 0x22, 0x0a, 0x04, 0x04, 0x06, 0x02, 0x00, 0x12, 0x03, 0x3c, 0x02, 0x29, 0x22,
+    0x15, 0x20, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x20, 0x73, 0x65, 0x72, 0x69, 0x61,
+    0x6c, 0x69, 0x7a, 0x65, 0x64, 0x0a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06, 0x02, 0x00, 0x05, 0x12,
+    0x03, 0x3c, 0x02, 0x07, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06, 0x02, 0x00, 0x01, 0x12, 0x03, 0x3c,
+    0x08, 0x24, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06, 0x02, 0x00, 0x03, 0x12, 0x03, 0x3c, 0x27, 0x28,
+    0x0a, 0x0c, 0x0a, 0x04, 0x04, 0x06, 0x08, 0x00, 0x12, 0x04, 0x3d, 0x02, 0x40, 0x03, 0x0a, 0x0c,
+    0x0a, 0x05, 0x04, 0x06, 0x08, 0x00, 0x01, 0x12, 0x03, 0x3d, 0x08, 0x0d, 0x0a, 0x0b, 0x0a, 0x04,
+    0x04, 0x06, 0x02, 0x01, 0x12, 0x03, 0x3e, 0x04, 0x52, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06, 0x02,
+    0x01, 0x06, 0x12, 0x03, 0x3e, 0x04, 0x38, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06, 0x02, 0x01, 0x01,
+    0x12, 0x03, 0x3e, 0x39, 0x4d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06, 0x02, 0x01, 0x03, 0x12, 0x03,
+    0x3e, 0x50, 0x51, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x06, 0x02, 0x02, 0x12, 0x03, 0x3f, 0x04, 0x29,
+    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x06, 0x02, 0x02, 0x06, 0x12, 0x03, 0x3f, 0x04, 0x13, 0x0a, 0x0c,
+    0x0a, 0x05, 0x04, 0x06, 0x02, 0x02, 0x01, 0x12, 0x03, 0x3f, 0x14, 0x24, 0x0a, 0x0c, 0x0a, 0x05,
+    0x04, 0x06, 0x02, 0x02, 0x03, 0x12, 0x03, 0x3f, 0x27, 0x28, 0x0a, 0x1f, 0x0a, 0x02, 0x05, 0x00,
+    0x12, 0x04, 0x44, 0x00, 0x4a, 0x01, 0x1a, 0x13, 0x20, 0x4d, 0x69, 0x73, 0x62, 0x65, 0x68, 0x61,
+    0x76, 0x69, 0x6f, 0x72, 0x20, 0x74, 0x79, 0x70, 0x65, 0x73, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x05,
+    0x00, 0x01, 0x12, 0x03, 0x44, 0x05, 0x10, 0x0a, 0x0b, 0x0a, 0x04, 0x05, 0x00, 0x02, 0x00, 0x12,
+    0x03, 0x45, 0x02, 0x1e, 0x0a, 0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02, 0x00, 0x01, 0x12, 0x03, 0x45,
+    0x02, 0x19, 0x0a, 0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02, 0x00, 0x02, 0x12, 0x03, 0x45, 0x1c, 0x1d,
+    0x0a, 0x0b, 0x0a, 0x04, 0x05, 0x00, 0x02, 0x01, 0x12, 0x03, 0x46, 0x02, 0x23, 0x0a, 0x0c, 0x0a,
+    0x05, 0x05, 0x00, 0x02, 0x01, 0x01, 0x12, 0x03, 0x46, 0x02, 0x1e, 0x0a, 0x0c, 0x0a, 0x05, 0x05,
+    0x00, 0x02, 0x01, 0x02, 0x12, 0x03, 0x46, 0x21, 0x22, 0x0a, 0x0b, 0x0a, 0x04, 0x05, 0x00, 0x02,
+    0x02, 0x12, 0x03, 0x47, 0x02, 0x2e, 0x0a, 0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02, 0x02, 0x01, 0x12,
+    0x03, 0x47, 0x02, 0x29, 0x0a, 0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02, 0x02, 0x02, 0x12, 0x03, 0x47,
+    0x2c, 0x2d, 0x0a, 0x0b, 0x0a, 0x04, 0x05, 0x00, 0x02, 0x03, 0x12, 0x03, 0x48, 0x02, 0x2b, 0x0a,
+    0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02, 0x03, 0x01, 0x12, 0x03, 0x48, 0x02, 0x26, 0x0a, 0x0c, 0x0a,
+    0x05, 0x05, 0x00, 0x02, 0x03, 0x02, 0x12, 0x03, 0x48, 0x29, 0x2a, 0x0a, 0x0b, 0x0a, 0x04, 0x05,
+    0x00, 0x02, 0x04, 0x12, 0x03, 0x49, 0x02, 0x2c, 0x0a, 0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02, 0x04,
+    0x01, 0x12, 0x03, 0x49, 0x02, 0x27, 0x0a, 0x0c, 0x0a, 0x05, 0x05, 0x00, 0x02, 0x04, 0x02, 0x12,
+    0x03, 0x49, 0x2a, 0x2b, 0x0a, 0x4a, 0x0a, 0x02, 0x04, 0x07, 0x12, 0x04, 0x4d, 0x00, 0x50, 0x01,
+    0x1a, 0x3e, 0x20, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x20, 0x6e, 0x6f, 0x64, 0x65, 0x20,
+    0x6d, 0x69, 0x73, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2c, 0x20, 0x73, 0x75, 0x62,
+    0x6d, 0x69, 0x74, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x20, 0x62, 0x79, 0x20, 0x6e, 0x6f, 0x64, 0x65,
+    0x73, 0x20, 0x6f, 0x72, 0x20, 0x62, 0x79, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73, 0x0a,
+    0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x07, 0x01, 0x12, 0x03, 0x4d, 0x08, 0x19, 0x0a, 0x0b, 0x0a, 0x04,
+    0x04, 0x07, 0x02, 0x00, 0x12, 0x03, 0x4e, 0x02, 0x17, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x07, 0x02,
+    0x00, 0x06, 0x12, 0x03, 0x4e, 0x02, 0x0d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x07, 0x02, 0x00, 0x01,
+    0x12, 0x03, 0x4e, 0x0e, 0x12, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x07, 0x02, 0x00, 0x03, 0x12, 0x03,
+    0x4e, 0x15, 0x16, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x07, 0x02, 0x01, 0x12, 0x03, 0x4f, 0x02, 0x2c,
+    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x07, 0x02, 0x01, 0x04, 0x12, 0x03, 0x4f, 0x02, 0x0a, 0x0a, 0x0c,
+    0x0a, 0x05, 0x04, 0x07, 0x02, 0x01, 0x06, 0x12, 0x03, 0x4f, 0x0b, 0x1d, 0x0a, 0x0c, 0x0a, 0x05,
+    0x04, 0x07, 0x02, 0x01, 0x01, 0x12, 0x03, 0x4f, 0x1e, 0x27, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x07,
+    0x02, 0x01, 0x03, 0x12, 0x03, 0x4f, 0x2a, 0x2b, 0x0a, 0x4a, 0x0a, 0x02, 0x04, 0x08, 0x12, 0x04,
+    0x53, 0x00, 0x5b, 0x01, 0x1a, 0x3e, 0x20, 0x51, 0x75, 0x65, 0x72, 0x79, 0x20, 0x66, 0x6f, 0x72,
+    0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73, 0x2c, 0x20, 0x73, 0x68, 0x61, 0x72,
+    0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x71, 0x75, 0x65, 0x72, 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20,
+    0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x20, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69,
+    0x6e, 0x74, 0x73, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x08, 0x01, 0x12, 0x03, 0x53, 0x08, 0x16,
+    0x0a, 0x0c, 0x0a, 0x04, 0x04, 0x08, 0x08, 0x00, 0x12, 0x04, 0x54, 0x02, 0x59, 0x03, 0x0a, 0x0c,
+    0x0a, 0x05, 0x04, 0x08, 0x08, 0x00, 0x01, 0x12, 0x03, 0x54, 0x08, 0x0e, 0x0a, 0x1d, 0x0a, 0x04,
+    0x04, 0x08, 0x02, 0x00, 0x12, 0x03, 0x56, 0x04, 0x14, 0x1a, 0x10, 0x20, 0x43, 0x6c, 0x69, 0x65,
+    0x6e, 0x74, 0x20, 0x71, 0x75, 0x65, 0x72, 0x69, 0x65, 0x73, 0x0a, 0x0a, 0x0c, 0x0a, 0x05, 0x04,
+    0x08, 0x02, 0x00, 0x05, 0x12, 0x03, 0x56, 0x04, 0x09, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02,
+    0x00, 0x01, 0x12, 0x03, 0x56, 0x0a, 0x0f, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02, 0x00, 0x03,
+    0x12, 0x03, 0x56, 0x12, 0x13, 0x0a, 0x1b, 0x0a, 0x04, 0x04, 0x08, 0x02, 0x01, 0x12, 0x03, 0x58,
+    0x04, 0x22, 0x1a, 0x0e, 0x20, 0x4e, 0x6f, 0x64, 0x65, 0x20, 0x71, 0x75, 0x65, 0x72, 0x69, 0x65,
+    0x73, 0x0a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02, 0x01, 0x05, 0x12, 0x03, 0x58, 0x04, 0x0a,
+    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02, 0x01, 0x01, 0x12, 0x03, 0x58, 0x0b, 0x1d, 0x0a, 0x0c,
+    0x0a, 0x05, 0x04, 0x08, 0x02, 0x01, 0x03, 0x12, 0x03, 0x58, 0x20, 0x21, 0x0a, 0x0b, 0x0a, 0x04,
+    0x04, 0x08, 0x02, 0x02, 0x12, 0x03, 0x5a, 0x02, 0x1c, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02,
+    0x02, 0x06, 0x12, 0x03, 0x5a, 0x02, 0x0d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02, 0x02, 0x01,
+    0x12, 0x03, 0x5a, 0x0e, 0x17, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x08, 0x02, 0x02, 0x03, 0x12, 0x03,
+    0x5a, 0x1a, 0x1b, 0x0a, 0x2a, 0x0a, 0x02, 0x04, 0x09, 0x12, 0x04, 0x5e, 0x00, 0x64, 0x01, 0x1a,
+    0x1e, 0x20, 0x42, 0x61, 0x74, 0x63, 0x68, 0x20, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62,
+    0x65, 0x20, 0x74, 0x6f, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73, 0x0a, 0x0a,
+    0x0a, 0x0a, 0x03, 0x04, 0x09, 0x01, 0x12, 0x03, 0x5e, 0x08, 0x26, 0x0a, 0x39, 0x0a, 0x04, 0x04,
+    0x09, 0x03, 0x00, 0x12, 0x04, 0x60, 0x02, 0x62, 0x03, 0x1a, 0x2b, 0x20, 0x53, 0x69, 0x6e, 0x67,
+    0x6c, 0x65, 0x20, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x20,
+    0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x65, 0x6e, 0x76, 0x65,
+    0x6c, 0x6f, 0x70, 0x65, 0x73, 0x0a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x09, 0x03, 0x00, 0x01, 0x12,
+    0x03, 0x60, 0x0a, 0x23, 0x0a, 0x0d, 0x0a, 0x06, 0x04, 0x09, 0x03, 0x00, 0x02, 0x00, 0x12, 0x03,
+    0x61, 0x04, 0x1d, 0x0a, 0x0e, 0x0a, 0x07, 0x04, 0x09, 0x03, 0x00, 0x02, 0x00, 0x06, 0x12, 0x03,
+    0x61, 0x04, 0x12, 0x0a, 0x0e, 0x0a, 0x07, 0x04, 0x09, 0x03, 0x00, 0x02, 0x00, 0x01, 0x12, 0x03,
+    0x61, 0x13, 0x18, 0x0a, 0x0e, 0x0a, 0x07, 0x04, 0x09, 0x03, 0x00, 0x02, 0x00, 0x03, 0x12, 0x03,
+    0x61, 0x1b, 0x1c, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x09, 0x02, 0x00, 0x12, 0x03, 0x63, 0x02, 0x32,
+    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x09, 0x02, 0x00, 0x04, 0x12, 0x03, 0x63, 0x02, 0x0a, 0x0a, 0x0c,
+    0x0a, 0x05, 0x04, 0x09, 0x02, 0x00, 0x06, 0x12, 0x03, 0x63, 0x0b, 0x24, 0x0a, 0x0c, 0x0a, 0x05,
+    0x04, 0x09, 0x02, 0x00, 0x01, 0x12, 0x03, 0x63, 0x25, 0x2d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x09,
+    0x02, 0x00, 0x03, 0x12, 0x03, 0x63, 0x30, 0x31, 0x0a, 0x57, 0x0a, 0x02, 0x04, 0x0a, 0x12, 0x04,
+    0x67, 0x00, 0x69, 0x01, 0x1a, 0x4b, 0x20, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x65, 0x64, 0x20,
+    0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x62, 0x61, 0x74,
+    0x63, 0x68, 0x20, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x20, 0x2d, 0x20, 0x63,
+    0x61, 0x6e, 0x20, 0x62, 0x65, 0x20, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x20, 0x65,
+    0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73, 0x20, 0x61, 0x74, 0x20, 0x6f, 0x6e, 0x63, 0x65,
+    0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x0a, 0x01, 0x12, 0x03, 0x67, 0x08, 0x27, 0x0a, 0x0b, 0x0a,
+    0x04, 0x04, 0x0a, 0x02, 0x00, 0x12, 0x03, 0x68, 0x02, 0x2c, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0a,
+    0x02, 0x00, 0x04, 0x12, 0x03, 0x68, 0x02, 0x0a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0a, 0x02, 0x00,
+    0x06, 0x12, 0x03, 0x68, 0x0b, 0x1d, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0a, 0x02, 0x00, 0x01, 0x12,
+    0x03, 0x68, 0x1e, 0x27, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0a, 0x02, 0x00, 0x03, 0x12, 0x03, 0x68,
+    0x2a, 0x2b, 0x0a, 0x25, 0x0a, 0x02, 0x04, 0x0b, 0x12, 0x04, 0x6c, 0x00, 0x6f, 0x01, 0x1a, 0x19,
+    0x20, 0x51, 0x75, 0x65, 0x72, 0x79, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73,
+    0x20, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x0b, 0x01,
+    0x12, 0x03, 0x6c, 0x08, 0x1d, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x0b, 0x02, 0x00, 0x12, 0x03, 0x6d,
+    0x02, 0x1b, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0b, 0x02, 0x00, 0x06, 0x12, 0x03, 0x6d, 0x02, 0x10,
+    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0b, 0x02, 0x00, 0x01, 0x12, 0x03, 0x6d, 0x11, 0x16, 0x0a, 0x0c,
+    0x0a, 0x05, 0x04, 0x0b, 0x02, 0x00, 0x03, 0x12, 0x03, 0x6d, 0x19, 0x1a, 0x0a, 0x0b, 0x0a, 0x04,
+    0x04, 0x0b, 0x02, 0x01, 0x12, 0x03, 0x6e, 0x02, 0x13, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0b, 0x02,
+    0x01, 0x05, 0x12, 0x03, 0x6e, 0x02, 0x08, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0b, 0x02, 0x01, 0x01,
+    0x12, 0x03, 0x6e, 0x09, 0x0e, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0b, 0x02, 0x01, 0x03, 0x12, 0x03,
+    0x6e, 0x11, 0x12, 0x0a, 0x26, 0x0a, 0x02, 0x04, 0x0c, 0x12, 0x04, 0x72, 0x00, 0x74, 0x01, 0x1a,
+    0x1a, 0x20, 0x51, 0x75, 0x65, 0x72, 0x79, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65,
+    0x73, 0x20, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x0a, 0x0a, 0x0a, 0x0a, 0x03, 0x04,
+    0x0c, 0x01, 0x12, 0x03, 0x72, 0x08, 0x1e, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x0c, 0x02, 0x00, 0x12,
+    0x03, 0x73, 0x02, 0x2c, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0c, 0x02, 0x00, 0x04, 0x12, 0x03, 0x73,
+    0x02, 0x0a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0c, 0x02, 0x00, 0x06, 0x12, 0x03, 0x73, 0x0b, 0x1d,
+    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0c, 0x02, 0x00, 0x01, 0x12, 0x03, 0x73, 0x1e, 0x27, 0x0a, 0x0c,
+    0x0a, 0x05, 0x04, 0x0c, 0x02, 0x00, 0x03, 0x12, 0x03, 0x73, 0x2a, 0x2b, 0x0a, 0x0a, 0x0a, 0x02,
+    0x04, 0x0d, 0x12, 0x04, 0x76, 0x00, 0x78, 0x01, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x0d, 0x01, 0x12,
+    0x03, 0x76, 0x08, 0x1e, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x0d, 0x02, 0x00, 0x12, 0x03, 0x77, 0x02,
+    0x23, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0d, 0x02, 0x00, 0x06, 0x12, 0x03, 0x77, 0x02, 0x0f, 0x0a,
+    0x0c, 0x0a, 0x05, 0x04, 0x0d, 0x02, 0x00, 0x01, 0x12, 0x03, 0x77, 0x10, 0x1e, 0x0a, 0x0c, 0x0a,
+    0x05, 0x04, 0x0d, 0x02, 0x00, 0x03, 0x12, 0x03, 0x77, 0x21, 0x22, 0x0a, 0x0a, 0x0a, 0x02, 0x04,
+    0x0e, 0x12, 0x04, 0x7a, 0x00, 0x7c, 0x01, 0x0a, 0x0a, 0x0a, 0x03, 0x04, 0x0e, 0x01, 0x12, 0x03,
+    0x7a, 0x08, 0x1f, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x0e, 0x02, 0x00, 0x12, 0x03, 0x7b, 0x02, 0x2d,
+    0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x0e, 0x02, 0x00, 0x06, 0x12, 0x03, 0x7b, 0x02, 0x14, 0x0a, 0x0c,
+    0x0a, 0x05, 0x04, 0x0e, 0x02, 0x00, 0x01, 0x12, 0x03, 0x7b, 0x15, 0x28, 0x0a, 0x0c, 0x0a, 0x05,
+    0x04, 0x0e, 0x02, 0x00, 0x03, 0x12, 0x03, 0x7b, 0x2b, 0x2c, 0x0a, 0x43, 0x0a, 0x02, 0x04, 0x0f,
+    0x12, 0x05, 0x7f, 0x00, 0x86, 0x01, 0x01, 0x1a, 0x36, 0x20, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+    0x74, 0x20, 0x74, 0x6f, 0x20, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x76, 0x65, 0x20, 0x74, 0x68,
+    0x65, 0x20, 0x58, 0x49, 0x44, 0x73, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x67,
+    0x69, 0x76, 0x65, 0x6e, 0x20, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x0a, 0x0a,
+    0x0a, 0x0a, 0x03, 0x04, 0x0f, 0x01, 0x12, 0x03, 0x7f, 0x08, 0x1a, 0x0a, 0x36, 0x0a, 0x04, 0x04,
+    0x0f, 0x03, 0x00, 0x12, 0x06, 0x81, 0x01, 0x02, 0x83, 0x01, 0x03, 0x1a, 0x26, 0x20, 0x41, 0x20,
+    0x73, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x20, 0x66,
+    0x6f, 0x72, 0x20, 0x61, 0x20, 0x67, 0x69, 0x76, 0x65, 0x6e, 0x20, 0x61, 0x64, 0x64, 0x72, 0x65,
+    0x73, 0x73, 0x0a, 0x0a, 0x0d, 0x0a, 0x05, 0x04, 0x0f, 0x03, 0x00, 0x01, 0x12, 0x04, 0x81, 0x01,
+    0x0a, 0x11, 0x0a, 0x0e, 0x0a, 0x06, 0x04, 0x0f, 0x03, 0x00, 0x02, 0x00, 0x12, 0x04, 0x82, 0x01,
+    0x04, 0x17, 0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x0f, 0x03, 0x00, 0x02, 0x00, 0x05, 0x12, 0x04, 0x82,
+    0x01, 0x04, 0x0a, 0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x0f, 0x03, 0x00, 0x02, 0x00, 0x01, 0x12, 0x04,
+    0x82, 0x01, 0x0b, 0x12, 0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x0f, 0x03, 0x00, 0x02, 0x00, 0x03, 0x12,
+    0x04, 0x82, 0x01, 0x15, 0x16, 0x0a, 0x0c, 0x0a, 0x04, 0x04, 0x0f, 0x02, 0x00, 0x12, 0x04, 0x85,
+    0x01, 0x02, 0x20, 0x0a, 0x0d, 0x0a, 0x05, 0x04, 0x0f, 0x02, 0x00, 0x04, 0x12, 0x04, 0x85, 0x01,
+    0x02, 0x0a, 0x0a, 0x0d, 0x0a, 0x05, 0x04, 0x0f, 0x02, 0x00, 0x06, 0x12, 0x04, 0x85, 0x01, 0x0b,
+    0x12, 0x0a, 0x0d, 0x0a, 0x05, 0x04, 0x0f, 0x02, 0x00, 0x01, 0x12, 0x04, 0x85, 0x01, 0x13, 0x1b,
+    0x0a, 0x0d, 0x0a, 0x05, 0x04, 0x0f, 0x02, 0x00, 0x03, 0x12, 0x04, 0x85, 0x01, 0x1e, 0x1f, 0x0a,
+    0x42, 0x0a, 0x02, 0x04, 0x10, 0x12, 0x06, 0x89, 0x01, 0x00, 0x91, 0x01, 0x01, 0x1a, 0x34, 0x20,
+    0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68,
+    0x65, 0x20, 0x58, 0x49, 0x44, 0x73, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x72,
+    0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x64, 0x20, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
+    0x65, 0x73, 0x0a, 0x0a, 0x0b, 0x0a, 0x03, 0x04, 0x10, 0x01, 0x12, 0x04, 0x89, 0x01, 0x08, 0x1b,
+    0x0a, 0x37, 0x0a, 0x04, 0x04, 0x10, 0x03, 0x00, 0x12, 0x06, 0x8b, 0x01, 0x02, 0x8e, 0x01, 0x03,
+    0x1a, 0x27, 0x20, 0x41, 0x20, 0x73, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x72, 0x65, 0x73, 0x70,
+    0x6f, 0x6e, 0x73, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20, 0x67, 0x69, 0x76, 0x65, 0x6e,
+    0x20, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x0a, 0x0a, 0x0d, 0x0a, 0x05, 0x04, 0x10, 0x03,
+    0x00, 0x01, 0x12, 0x04, 0x8b, 0x01, 0x0a, 0x12, 0x0a, 0x0e, 0x0a, 0x06, 0x04, 0x10, 0x03, 0x00,
+    0x02, 0x00, 0x12, 0x04, 0x8c, 0x01, 0x04, 0x17, 0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x10, 0x03, 0x00,
+    0x02, 0x00, 0x05, 0x12, 0x04, 0x8c, 0x01, 0x04, 0x0a, 0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x10, 0x03,
+    0x00, 0x02, 0x00, 0x01, 0x12, 0x04, 0x8c, 0x01, 0x0b, 0x12, 0x0a, 0x0f, 0x0a, 0x07, 0x04, 0x10,
+    0x03, 0x00, 0x02, 0x00, 0x03, 0x12, 0x04, 0x8c, 0x01, 0x15, 0x16, 0x0a, 0x0e, 0x0a, 0x06, 0x04,
+    0x10, 0x03, 0x00, 0x02, 0x01, 0x12, 0x04, 0x8d, 0x01, 0x04, 0x21, 0x0a, 0x0f, 0x0a, 0x07, 0x04,
+    0x10, 0x03, 0x00, 0x02, 0x01, 0x04, 0x12, 0x04, 0x8d, 0x01, 0x04, 0x0c, 0x0a, 0x0f, 0x0a, 0x07,
+    0x04, 0x10, 0x03, 0x00, 0x02, 0x01, 0x05, 0x12, 0x04, 0x8d, 0x01, 0x0d, 0x13, 0x0a, 0x0f, 0x0a,
+    0x07, 0x04, 0x10, 0x03, 0x00, 0x02, 0x01, 0x01, 0x12, 0x04, 0x8d, 0x01, 0x14, 0x1c, 0x0a, 0x0f,
+    0x0a, 0x07, 0x04, 0x10, 0x03, 0x00, 0x02, 0x01, 0x03, 0x12, 0x04, 0x8d, 0x01, 0x1f, 0x20, 0x0a,
+    0x0c, 0x0a, 0x04, 0x04, 0x10, 0x02, 0x00, 0x12, 0x04, 0x90, 0x01, 0x02, 0x22, 0x0a, 0x0d, 0x0a,
+    0x05, 0x04, 0x10, 0x02, 0x00, 0x04, 0x12, 0x04, 0x90, 0x01, 0x02, 0x0a, 0x0a, 0x0d, 0x0a, 0x05,
+    0x04, 0x10, 0x02, 0x00, 0x06, 0x12, 0x04, 0x90, 0x01, 0x0b, 0x13, 0x0a, 0x0d, 0x0a, 0x05, 0x04,
+    0x10, 0x02, 0x00, 0x01, 0x12, 0x04, 0x90, 0x01, 0x14, 0x1d, 0x0a, 0x0d, 0x0a, 0x05, 0x04, 0x10,
+    0x02, 0x00, 0x03, 0x12, 0x04, 0x90, 0x01, 0x20, 0x21, 0x0a, 0x1f, 0x0a, 0x02, 0x06, 0x00, 0x12,
+    0x06, 0x94, 0x01, 0x00, 0xb3, 0x01, 0x01, 0x1a, 0x11, 0x20, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63,
+    0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x50, 0x49, 0x0a, 0x0a, 0x0b, 0x0a, 0x03, 0x06, 0x00,
+    0x01, 0x12, 0x04, 0x94, 0x01, 0x08, 0x16, 0x0a, 0x28, 0x0a, 0x04, 0x06, 0x00, 0x02, 0x00, 0x12,
+    0x06, 0x96, 0x01, 0x02, 0x9b, 0x01, 0x03, 0x1a, 0x18, 0x20, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72,
+    0x69, 0x62, 0x65, 0x20, 0x74, 0x6f, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73,
+    0x0a, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x00, 0x01, 0x12, 0x04, 0x96, 0x01, 0x06, 0x1d,
+    0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x00, 0x02, 0x12, 0x04, 0x96, 0x01, 0x1e, 0x3c, 0x0a,
+    0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x00, 0x06, 0x12, 0x04, 0x96, 0x01, 0x47, 0x4d, 0x0a, 0x0d,
+    0x0a, 0x05, 0x06, 0x00, 0x02, 0x00, 0x03, 0x12, 0x04, 0x96, 0x01, 0x4e, 0x6d, 0x0a, 0x0f, 0x0a,
+    0x05, 0x06, 0x00, 0x02, 0x00, 0x04, 0x12, 0x06, 0x97, 0x01, 0x04, 0x9a, 0x01, 0x06, 0x0a, 0x13,
+    0x0a, 0x09, 0x06, 0x00, 0x02, 0x00, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x12, 0x06, 0x97, 0x01, 0x04,
+    0x9a, 0x01, 0x06, 0x0a, 0x12, 0x0a, 0x0a, 0x06, 0x00, 0x02, 0x00, 0x04, 0xb0, 0xca, 0xbc, 0x22,
+    0x04, 0x12, 0x04, 0x98, 0x01, 0x06, 0x29, 0x0a, 0x12, 0x0a, 0x0a, 0x06, 0x00, 0x02, 0x00, 0x04,
+    0xb0, 0xca, 0xbc, 0x22, 0x07, 0x12, 0x04, 0x99, 0x01, 0x06, 0x0f, 0x0a, 0x21, 0x0a, 0x04, 0x06,
+    0x00, 0x02, 0x01, 0x12, 0x06, 0x9e, 0x01, 0x02, 0xa3, 0x01, 0x03, 0x1a, 0x11, 0x20, 0x51, 0x75,
+    0x65, 0x72, 0x79, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x73, 0x0a, 0x0a, 0x0d,
+    0x0a, 0x05, 0x06, 0x00, 0x02, 0x01, 0x01, 0x12, 0x04, 0x9e, 0x01, 0x06, 0x14, 0x0a, 0x0d, 0x0a,
+    0x05, 0x06, 0x00, 0x02, 0x01, 0x02, 0x12, 0x04, 0x9e, 0x01, 0x15, 0x2a, 0x0a, 0x0d, 0x0a, 0x05,
+    0x06, 0x00, 0x02, 0x01, 0x03, 0x12, 0x04, 0x9e, 0x01, 0x35, 0x4b, 0x0a, 0x0f, 0x0a, 0x05, 0x06,
+    0x00, 0x02, 0x01, 0x04, 0x12, 0x06, 0x9f, 0x01, 0x04, 0xa2, 0x01, 0x06, 0x0a, 0x13, 0x0a, 0x09,
+    0x06, 0x00, 0x02, 0x01, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x12, 0x06, 0x9f, 0x01, 0x04, 0xa2, 0x01,
+    0x06, 0x0a, 0x12, 0x0a, 0x0a, 0x06, 0x00, 0x02, 0x01, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x04, 0x12,
+    0x04, 0xa0, 0x01, 0x06, 0x25, 0x0a, 0x12, 0x0a, 0x0a, 0x06, 0x00, 0x02, 0x01, 0x04, 0xb0, 0xca,
+    0xbc, 0x22, 0x07, 0x12, 0x04, 0xa1, 0x01, 0x06, 0x0f, 0x0a, 0x22, 0x0a, 0x04, 0x06, 0x00, 0x02,
+    0x02, 0x12, 0x06, 0xa6, 0x01, 0x02, 0xab, 0x01, 0x03, 0x1a, 0x12, 0x20, 0x50, 0x75, 0x62, 0x6c,
+    0x69, 0x73, 0x68, 0x20, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x0a, 0x0a, 0x0d, 0x0a,
+    0x05, 0x06, 0x00, 0x02, 0x02, 0x01, 0x12, 0x04, 0xa6, 0x01, 0x06, 0x15, 0x0a, 0x0d, 0x0a, 0x05,
+    0x06, 0x00, 0x02, 0x02, 0x02, 0x12, 0x04, 0xa6, 0x01, 0x16, 0x2c, 0x0a, 0x0d, 0x0a, 0x05, 0x06,
+    0x00, 0x02, 0x02, 0x03, 0x12, 0x04, 0xa6, 0x01, 0x37, 0x4e, 0x0a, 0x0f, 0x0a, 0x05, 0x06, 0x00,
+    0x02, 0x02, 0x04, 0x12, 0x06, 0xa7, 0x01, 0x04, 0xaa, 0x01, 0x06, 0x0a, 0x13, 0x0a, 0x09, 0x06,
+    0x00, 0x02, 0x02, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x12, 0x06, 0xa7, 0x01, 0x04, 0xaa, 0x01, 0x06,
+    0x0a, 0x12, 0x0a, 0x0a, 0x06, 0x00, 0x02, 0x02, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x04, 0x12, 0x04,
+    0xa8, 0x01, 0x06, 0x26, 0x0a, 0x12, 0x0a, 0x0a, 0x06, 0x00, 0x02, 0x02, 0x04, 0xb0, 0xca, 0xbc,
+    0x22, 0x07, 0x12, 0x04, 0xa9, 0x01, 0x06, 0x0f, 0x0a, 0x1f, 0x0a, 0x04, 0x06, 0x00, 0x02, 0x03,
+    0x12, 0x06, 0xad, 0x01, 0x02, 0xb2, 0x01, 0x03, 0x1a, 0x0f, 0x20, 0x47, 0x65, 0x74, 0x20, 0x69,
+    0x6e, 0x62, 0x6f, 0x78, 0x20, 0x69, 0x64, 0x73, 0x0a, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02,
+    0x03, 0x01, 0x12, 0x04, 0xad, 0x01, 0x06, 0x11, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x03,
+    0x02, 0x12, 0x04, 0xad, 0x01, 0x12, 0x24, 0x0a, 0x0d, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x03, 0x03,
+    0x12, 0x04, 0xad, 0x01, 0x2f, 0x42, 0x0a, 0x0f, 0x0a, 0x05, 0x06, 0x00, 0x02, 0x03, 0x04, 0x12,
+    0x06, 0xae, 0x01, 0x04, 0xb1, 0x01, 0x06, 0x0a, 0x13, 0x0a, 0x09, 0x06, 0x00, 0x02, 0x03, 0x04,
+    0xb0, 0xca, 0xbc, 0x22, 0x12, 0x06, 0xae, 0x01, 0x04, 0xb1, 0x01, 0x06, 0x0a, 0x12, 0x0a, 0x0a,
+    0x06, 0x00, 0x02, 0x03, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x04, 0x12, 0x04, 0xaf, 0x01, 0x06, 0x23,
+    0x0a, 0x12, 0x0a, 0x0a, 0x06, 0x00, 0x02, 0x03, 0x04, 0xb0, 0xca, 0xbc, 0x22, 0x07, 0x12, 0x04,
+    0xb0, 0x01, 0x06, 0x0f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 ];
 include!("xmtp.xmtpv4.serde.rs");
 include!("xmtp.xmtpv4.tonic.rs");
diff --git a/xmtp_proto/src/gen/xmtp.xmtpv4.serde.rs b/xmtp_proto/src/gen/xmtp.xmtpv4.serde.rs
index de9f87e49..73f2e3992 100644
--- a/xmtp_proto/src/gen/xmtp.xmtpv4.serde.rs
+++ b/xmtp_proto/src/gen/xmtp.xmtpv4.serde.rs
@@ -557,6 +557,9 @@ impl serde::Serialize for ClientEnvelope {
                 client_envelope::Payload::RevokeInstallation(v) => {
                     struct_ser.serialize_field("revokeInstallation", v)?;
                 }
+                client_envelope::Payload::IdentityUpdate(v) => {
+                    struct_ser.serialize_field("identityUpdate", v)?;
+                }
             }
         }
         struct_ser.end()
@@ -580,6 +583,8 @@ impl<'de> serde::Deserialize<'de> for ClientEnvelope {
             "uploadKeyPackage",
             "revoke_installation",
             "revokeInstallation",
+            "identity_update",
+            "identityUpdate",
         ];
 
         #[allow(clippy::enum_variant_names)]
@@ -590,6 +595,7 @@ impl<'de> serde::Deserialize<'de> for ClientEnvelope {
             RegisterInstallation,
             UploadKeyPackage,
             RevokeInstallation,
+            IdentityUpdate,
         }
         impl<'de> serde::Deserialize<'de> for GeneratedField {
             fn deserialize<D>(deserializer: D) -> std::result::Result<GeneratedField, D::Error>
@@ -617,6 +623,7 @@ impl<'de> serde::Deserialize<'de> for ClientEnvelope {
                             "registerInstallation" | "register_installation" => Ok(GeneratedField::RegisterInstallation),
                             "uploadKeyPackage" | "upload_key_package" => Ok(GeneratedField::UploadKeyPackage),
                             "revokeInstallation" | "revoke_installation" => Ok(GeneratedField::RevokeInstallation),
+                            "identityUpdate" | "identity_update" => Ok(GeneratedField::IdentityUpdate),
                             _ => Err(serde::de::Error::unknown_field(value, FIELDS)),
                         }
                     }
@@ -679,6 +686,13 @@ impl<'de> serde::Deserialize<'de> for ClientEnvelope {
                                 return Err(serde::de::Error::duplicate_field("revokeInstallation"));
                             }
                             payload__ = map_.next_value::<::std::option::Option<_>>()?.map(client_envelope::Payload::RevokeInstallation)
+;
+                        }
+                        GeneratedField::IdentityUpdate => {
+                            if payload__.is_some() {
+                                return Err(serde::de::Error::duplicate_field("identityUpdate"));
+                            }
+                            payload__ = map_.next_value::<::std::option::Option<_>>()?.map(client_envelope::Payload::IdentityUpdate)
 ;
                         }
                     }