From 249d759e6ac41ac42ccd0c85668c4ebfc2782d99 Mon Sep 17 00:00:00 2001
From: maaz519 <maaz@insigniaconsultancy.com>
Date: Tue, 9 Jun 2026 02:02:40 +0530
Subject: [PATCH] good forst commit

---
 .claude/settings.local.json                   |   39 +-
 .env.example                                  |   23 +-
 apps/api/check-groups.ts                      |   51 +
 apps/api/check-pending.ts                     |   28 +
 apps/api/list-users.ts                        |    9 +
 apps/api/package.json                         |   18 +-
 .../migration.sql                             |  101 +
 .../migration.sql                             |  201 ++
 .../migration.sql                             |   28 +
 .../migration.sql                             |   18 +
 .../20260608_rules_engine/migration.sql       |   32 +
 .../migration.sql                             |   38 +
 apps/api/prisma/schema.prisma                 |  420 ++-
 apps/api/prisma/seed.ts                       |   59 +
 apps/api/src/app.module.ts                    |   20 +-
 apps/api/src/common/tenant-context.ts         |   13 +
 apps/api/src/main.ts                          |   18 +-
 .../accounts/accounts.controller.spec.ts      |   50 -
 .../modules/accounts/accounts.controller.ts   |   22 -
 .../src/modules/accounts/accounts.module.ts   |   11 -
 .../modules/accounts/accounts.service.spec.ts |  121 -
 .../src/modules/accounts/accounts.service.ts  |   59 -
 apps/api/src/modules/audit/audit.module.ts    |    9 +
 .../src/modules/audit/audit.service.spec.ts   |   61 +
 apps/api/src/modules/audit/audit.service.ts   |   35 +
 apps/api/src/modules/audit/audit.types.ts     |   42 +
 apps/api/src/modules/auth/auth.controller.ts  |   39 +
 apps/api/src/modules/auth/auth.module.ts      |   33 +
 .../api/src/modules/auth/auth.service.spec.ts |  254 ++
 apps/api/src/modules/auth/auth.service.ts     |  218 ++
 .../modules/auth/current-admin.decorator.ts   |    9 +
 .../modules/auth/current-member.decorator.ts  |    9 +
 .../modules/auth/current-tenant.decorator.ts  |    9 +
 apps/api/src/modules/auth/dto/login.dto.ts    |   14 +
 apps/api/src/modules/auth/dto/signup.dto.ts   |   24 +
 apps/api/src/modules/auth/jwt-auth.guard.ts   |   48 +
 apps/api/src/modules/auth/jwt.strategy.ts     |   20 +
 .../src/modules/auth/member-auth.decorator.ts |    8 +
 .../api/src/modules/auth/member-auth.guard.ts |   14 +
 .../src/modules/auth/password.util.spec.ts    |   34 +
 apps/api/src/modules/auth/password.util.ts    |    9 +
 apps/api/src/modules/auth/public.decorator.ts |    4 +
 apps/api/src/modules/auth/roles.decorator.ts  |    5 +
 apps/api/src/modules/auth/roles.guard.ts      |   23 +
 .../src/modules/bot/bot-admin.controller.ts   |   39 +
 apps/api/src/modules/bot/bot.controller.ts    |   24 +
 apps/api/src/modules/bot/bot.module.ts        |   15 +
 apps/api/src/modules/bot/bot.service.spec.ts  |  189 ++
 apps/api/src/modules/bot/bot.service.ts       |  304 +++
 .../modules/groups/groups.controller.spec.ts  |   44 +-
 .../src/modules/groups/groups.controller.ts   |   84 +-
 .../src/modules/groups/groups.service.spec.ts |  136 +-
 apps/api/src/modules/groups/groups.service.ts |  252 +-
 .../src/modules/health/health.controller.ts   |    2 +
 .../modules/messages/messages.controller.ts   |   45 +
 .../src/modules/messages/messages.module.ts   |   17 +
 .../modules/messages/messages.service.spec.ts |  154 ++
 .../src/modules/messages/messages.service.ts  |  254 ++
 apps/api/src/modules/my/my.controller.ts      |   56 +
 apps/api/src/modules/my/my.module.ts          |   11 +
 apps/api/src/modules/my/my.service.spec.ts    |  136 +
 apps/api/src/modules/my/my.service.ts         |  190 ++
 .../modules/onboarding/onboarding.module.ts   |   13 +
 .../onboarding/onboarding.service.spec.ts     |  174 ++
 .../modules/onboarding/onboarding.service.ts  |  230 ++
 .../public-onboarding.controller.ts           |   49 +
 .../modules/routes/routes.controller.spec.ts  |   34 +-
 .../src/modules/routes/routes.controller.ts   |   33 +-
 .../src/modules/routes/routes.service.spec.ts |  131 +-
 apps/api/src/modules/routes/routes.service.ts |  150 +-
 .../api/src/modules/rules/rules.controller.ts |   45 +
 apps/api/src/modules/rules/rules.module.ts    |   10 +
 .../src/modules/rules/rules.service.spec.ts   |   80 +
 apps/api/src/modules/rules/rules.service.ts   |   90 +
 .../modules/search/search.controller.spec.ts  |   19 +-
 .../src/modules/search/search.controller.ts   |    5 +-
 .../src/modules/search/search.service.spec.ts |   50 +-
 apps/api/src/modules/search/search.service.ts |    6 +-
 .../super-admin/super-admin.controller.ts     |   21 +
 .../modules/super-admin/super-admin.guard.ts  |   23 +
 .../modules/super-admin/super-admin.module.ts |   25 +
 .../super-admin/super-admin.service.ts        |   35 +
 .../src/modules/tenant/tenant.controller.ts   |   24 +
 apps/api/src/modules/tenant/tenant.module.ts  |   12 +
 apps/api/src/modules/tenant/tenant.service.ts |   86 +
 apps/api/src/prisma/prisma.service.spec.ts    |    6 +
 apps/api/src/queues/forward.queue.ts          |   35 +
 apps/api/src/queues/redis-connection.ts       |    4 +
 apps/web/app/_lib/api.ts                      |   61 +
 apps/web/app/_lib/auth-context.test.tsx       |   79 +
 apps/web/app/_lib/auth-context.tsx            |   74 +
 apps/web/app/_lib/sidebar.tsx                 |  146 +
 apps/web/app/_lib/super-admin-context.tsx     |   72 +
 apps/web/app/accounts/AccountCard.test.tsx    |  100 -
 apps/web/app/accounts/AccountCard.tsx         |   72 -
 apps/web/app/accounts/AccountsList.test.tsx   |  104 -
 apps/web/app/accounts/AccountsList.tsx        |   60 -
 apps/web/app/accounts/page.tsx                |   25 -
 apps/web/app/admin/bots/page.tsx              |  132 +
 apps/web/app/admin/layout.tsx                 |    3 +
 apps/web/app/admin/login/page.tsx             |   60 +
 apps/web/app/admin/page.tsx                   |   58 +
 apps/web/app/admin/tenants/[id]/page.tsx      |  119 +
 apps/web/app/admin/tenants/page.tsx           |   99 +
 apps/web/app/api/accounts/[id]/qr/route.ts    |    7 -
 apps/web/app/api/accounts/route.ts            |   16 -
 .../app/api/admin/bots/[id]/assign/route.ts   |   21 +
 apps/web/app/api/admin/bots/[id]/route.ts     |   18 +
 .../app/api/admin/bots/qr/[token]/route.ts    |   17 +
 apps/web/app/api/admin/bots/route.ts          |   33 +
 apps/web/app/api/admin/tenants/[id]/route.ts  |   35 +
 apps/web/app/api/admin/tenants/route.ts       |   16 +
 apps/web/app/api/auth/login/route.ts          |   19 +
 apps/web/app/api/auth/logout/route.ts         |   12 +
 apps/web/app/api/auth/me/route.ts             |    9 +
 apps/web/app/api/auth/signup/route.ts         |   19 +
 apps/web/app/api/auth/super/login/route.ts    |   19 +
 apps/web/app/api/auth/super/logout/route.ts   |    9 +
 apps/web/app/api/auth/super/me/route.ts       |   16 +
 apps/web/app/api/bot/[id]/route.ts            |   13 +
 apps/web/app/api/bot/attach/route.ts          |   15 +
 apps/web/app/api/bot/initiate/route.ts        |   20 +
 apps/web/app/api/bot/qr/[token]/route.ts      |   13 +
 apps/web/app/api/bot/reveal/route.ts          |   17 +
 apps/web/app/api/bot/route.ts                 |   10 +
 apps/web/app/api/groups/[id]/share/route.ts   |   17 +
 .../[id]/unshare/[targetTenantId]/route.ts    |   14 +
 .../app/api/groups/claim-token-info/route.ts  |   12 +
 .../app/api/groups/claim-with-token/route.ts  |   13 +
 apps/web/app/api/groups/shared-by-me/route.ts |    9 +
 apps/web/app/api/groups/shared/route.ts       |    9 +
 .../app/api/messages/[id]/approve/route.ts    |   19 +
 apps/web/app/api/messages/[id]/route.ts       |   13 +
 .../app/api/messages/pending/count/route.ts   |    9 +
 apps/web/app/api/messages/pending/route.ts    |    9 +
 apps/web/app/api/my/account/route.ts          |   15 +
 apps/web/app/api/my/groups/[id]/route.ts      |   13 +
 apps/web/app/api/my/groups/route.ts           |    9 +
 apps/web/app/api/my/logout/route.ts           |    7 +
 apps/web/app/api/my/opt-in/route.ts           |   10 +
 apps/web/app/api/my/opt-out/route.ts          |   10 +
 apps/web/app/api/my/profile/route.ts          |    9 +
 apps/web/app/api/onboard/verify-otp/route.ts  |   30 +
 apps/web/app/api/routes/[id]/route.ts         |   11 +-
 apps/web/app/api/routes/batch/route.ts        |   13 +
 apps/web/app/api/routes/route.ts              |   23 +-
 apps/web/app/api/rules/[id]/route.ts          |   28 +
 apps/web/app/api/rules/route.ts               |   19 +
 apps/web/app/claim-group/page.tsx             |  120 +
 apps/web/app/groups/GroupsTabs.tsx            |   28 +
 apps/web/app/groups/RouteManager.test.tsx     |   62 +-
 apps/web/app/groups/RouteManager.tsx          |  168 +-
 apps/web/app/groups/page.tsx                  |   91 +-
 apps/web/app/layout.tsx                       |   22 +-
 apps/web/app/login/page.test.tsx              |   88 +
 apps/web/app/login/page.tsx                   |  113 +
 apps/web/app/messages/[id]/page.tsx           |  158 ++
 apps/web/app/messages/pending/page.tsx        |  105 +
 apps/web/app/my/groups/GroupOptOutButton.tsx  |   44 +
 apps/web/app/my/groups/[id]/page.tsx          |   88 +
 apps/web/app/my/groups/page.tsx               |   89 +
 apps/web/app/my/page.tsx                      |   74 +
 .../app/my/settings/DeleteAccountButton.tsx   |   44 +
 .../app/my/settings/MemberLogoutButton.tsx    |   24 +
 apps/web/app/my/settings/page.tsx             |   36 +
 apps/web/app/onboard/OnboardingForm.tsx       |  163 ++
 apps/web/app/onboard/page.tsx                 |   66 +
 apps/web/app/search/page.tsx                  |   42 +-
 apps/web/app/settings/bot/BotSettingsCard.tsx |   87 +
 apps/web/app/settings/bot/page.tsx            |   41 +
 apps/web/app/settings/rules/RuleManager.tsx   |  189 ++
 apps/web/app/settings/rules/page.tsx          |   36 +
 apps/web/app/signup/SignupForm.tsx            |  142 +
 apps/web/app/signup/page.tsx                  |   24 +
 apps/web/next-env.d.ts                        |    2 +-
 apps/web/tsconfig.tsbuildinfo                 |    1 +
 apps/worker/package.json                      |    2 +
 apps/worker/src/core/approval.test.ts         |  158 +-
 apps/worker/src/core/approval.ts              |  128 +-
 apps/worker/src/core/approve-message.ts       |   86 +
 apps/worker/src/email/email.service.spec.ts   |   46 +
 apps/worker/src/email/email.service.ts        |   86 +
 apps/worker/src/main.ts                       |  138 +-
 .../src/queues/forward.processor.test.ts      |    1 +
 .../worker/src/queues/index.processor.test.ts |    4 +-
 apps/worker/src/queues/index.processor.ts     |    1 +
 .../src/queues/ingest.processor.test.ts       |   73 +-
 apps/worker/src/queues/ingest.processor.ts    |  123 +-
 .../src/whatsapp/command-handler.test.ts      |  124 +
 apps/worker/src/whatsapp/command-handler.ts   |  232 ++
 apps/worker/src/whatsapp/group-sync.test.ts   |  255 +-
 apps/worker/src/whatsapp/group-sync.ts        |  129 +
 apps/worker/src/whatsapp/match-rules.test.ts  |  103 +
 apps/worker/src/whatsapp/match-rules.ts       |  109 +
 apps/worker/src/whatsapp/normalizer.ts        |    8 +-
 apps/worker/src/whatsapp/otp-sender.ts        |   57 +
 apps/worker/src/whatsapp/session.ts           |    5 +-
 backups/phase2b-pre-20260604T160707Z.sql      |  319 +++
 .../plans/2026-05-28-admin-dashboard.md       | 1198 +++++++++
 .../plans/2026-05-29-whatsapp-qr-dashboard.md | 2395 +++++++++++++++++
 .../2026-06-02-phase1-tenants-auth-audit.md   |  203 ++
 .../2026-06-04-phase2b-bot-shared-hidden.md   |  268 ++
 .../plans/Insignia_TOWER_Architecture.pdf     |  Bin 0 -> 173050 bytes
 packages/config/src/index.test.ts             |   14 +-
 packages/config/src/index.ts                  |    5 +-
 packages/search/src/index.test.ts             |    5 +-
 packages/search/src/index.ts                  |   12 +-
 packages/types/src/auth.ts                    |   61 +
 packages/types/src/bot.ts                     |   35 +
 packages/types/src/index.ts                   |    4 +
 packages/types/src/message.ts                 |    4 +
 packages/types/src/onboarding.ts              |   86 +
 packages/types/src/rule.ts                    |   31 +
 pnpm-lock.yaml                                |  372 ++-
 scripts/backup-before-phase2b.sh              |   57 +
 215 files changed, 15425 insertions(+), 1240 deletions(-)
 create mode 100644 apps/api/check-groups.ts
 create mode 100644 apps/api/check-pending.ts
 create mode 100644 apps/api/list-users.ts
 create mode 100644 apps/api/prisma/migrations/20260602070712_phase1_tenants_auth_audit/migration.sql
 create mode 100644 apps/api/prisma/migrations/20260604160800_phase2b_bot_claim/migration.sql
 create mode 100644 apps/api/prisma/migrations/20260604170000_phase2b_otp_challenge/migration.sql
 create mode 100644 apps/api/prisma/migrations/20260608194802_add_superadmin_and_tenant_flags/migration.sql
 create mode 100644 apps/api/prisma/migrations/20260608_rules_engine/migration.sql
 create mode 100644 apps/api/prisma/migrations/20260608_token_claim_group_access/migration.sql
 create mode 100644 apps/api/prisma/seed.ts
 create mode 100644 apps/api/src/common/tenant-context.ts
 delete mode 100644 apps/api/src/modules/accounts/accounts.controller.spec.ts
 delete mode 100644 apps/api/src/modules/accounts/accounts.controller.ts
 delete mode 100644 apps/api/src/modules/accounts/accounts.module.ts
 delete mode 100644 apps/api/src/modules/accounts/accounts.service.spec.ts
 delete mode 100644 apps/api/src/modules/accounts/accounts.service.ts
 create mode 100644 apps/api/src/modules/audit/audit.module.ts
 create mode 100644 apps/api/src/modules/audit/audit.service.spec.ts
 create mode 100644 apps/api/src/modules/audit/audit.service.ts
 create mode 100644 apps/api/src/modules/audit/audit.types.ts
 create mode 100644 apps/api/src/modules/auth/auth.controller.ts
 create mode 100644 apps/api/src/modules/auth/auth.module.ts
 create mode 100644 apps/api/src/modules/auth/auth.service.spec.ts
 create mode 100644 apps/api/src/modules/auth/auth.service.ts
 create mode 100644 apps/api/src/modules/auth/current-admin.decorator.ts
 create mode 100644 apps/api/src/modules/auth/current-member.decorator.ts
 create mode 100644 apps/api/src/modules/auth/current-tenant.decorator.ts
 create mode 100644 apps/api/src/modules/auth/dto/login.dto.ts
 create mode 100644 apps/api/src/modules/auth/dto/signup.dto.ts
 create mode 100644 apps/api/src/modules/auth/jwt-auth.guard.ts
 create mode 100644 apps/api/src/modules/auth/jwt.strategy.ts
 create mode 100644 apps/api/src/modules/auth/member-auth.decorator.ts
 create mode 100644 apps/api/src/modules/auth/member-auth.guard.ts
 create mode 100644 apps/api/src/modules/auth/password.util.spec.ts
 create mode 100644 apps/api/src/modules/auth/password.util.ts
 create mode 100644 apps/api/src/modules/auth/public.decorator.ts
 create mode 100644 apps/api/src/modules/auth/roles.decorator.ts
 create mode 100644 apps/api/src/modules/auth/roles.guard.ts
 create mode 100644 apps/api/src/modules/bot/bot-admin.controller.ts
 create mode 100644 apps/api/src/modules/bot/bot.controller.ts
 create mode 100644 apps/api/src/modules/bot/bot.module.ts
 create mode 100644 apps/api/src/modules/bot/bot.service.spec.ts
 create mode 100644 apps/api/src/modules/bot/bot.service.ts
 create mode 100644 apps/api/src/modules/messages/messages.controller.ts
 create mode 100644 apps/api/src/modules/messages/messages.module.ts
 create mode 100644 apps/api/src/modules/messages/messages.service.spec.ts
 create mode 100644 apps/api/src/modules/messages/messages.service.ts
 create mode 100644 apps/api/src/modules/my/my.controller.ts
 create mode 100644 apps/api/src/modules/my/my.module.ts
 create mode 100644 apps/api/src/modules/my/my.service.spec.ts
 create mode 100644 apps/api/src/modules/my/my.service.ts
 create mode 100644 apps/api/src/modules/onboarding/onboarding.module.ts
 create mode 100644 apps/api/src/modules/onboarding/onboarding.service.spec.ts
 create mode 100644 apps/api/src/modules/onboarding/onboarding.service.ts
 create mode 100644 apps/api/src/modules/onboarding/public-onboarding.controller.ts
 create mode 100644 apps/api/src/modules/rules/rules.controller.ts
 create mode 100644 apps/api/src/modules/rules/rules.module.ts
 create mode 100644 apps/api/src/modules/rules/rules.service.spec.ts
 create mode 100644 apps/api/src/modules/rules/rules.service.ts
 create mode 100644 apps/api/src/modules/super-admin/super-admin.controller.ts
 create mode 100644 apps/api/src/modules/super-admin/super-admin.guard.ts
 create mode 100644 apps/api/src/modules/super-admin/super-admin.module.ts
 create mode 100644 apps/api/src/modules/super-admin/super-admin.service.ts
 create mode 100644 apps/api/src/modules/tenant/tenant.controller.ts
 create mode 100644 apps/api/src/modules/tenant/tenant.module.ts
 create mode 100644 apps/api/src/modules/tenant/tenant.service.ts
 create mode 100644 apps/api/src/queues/forward.queue.ts
 create mode 100644 apps/api/src/queues/redis-connection.ts
 create mode 100644 apps/web/app/_lib/api.ts
 create mode 100644 apps/web/app/_lib/auth-context.test.tsx
 create mode 100644 apps/web/app/_lib/auth-context.tsx
 create mode 100644 apps/web/app/_lib/sidebar.tsx
 create mode 100644 apps/web/app/_lib/super-admin-context.tsx
 delete mode 100644 apps/web/app/accounts/AccountCard.test.tsx
 delete mode 100644 apps/web/app/accounts/AccountCard.tsx
 delete mode 100644 apps/web/app/accounts/AccountsList.test.tsx
 delete mode 100644 apps/web/app/accounts/AccountsList.tsx
 delete mode 100644 apps/web/app/accounts/page.tsx
 create mode 100644 apps/web/app/admin/bots/page.tsx
 create mode 100644 apps/web/app/admin/layout.tsx
 create mode 100644 apps/web/app/admin/login/page.tsx
 create mode 100644 apps/web/app/admin/page.tsx
 create mode 100644 apps/web/app/admin/tenants/[id]/page.tsx
 create mode 100644 apps/web/app/admin/tenants/page.tsx
 delete mode 100644 apps/web/app/api/accounts/[id]/qr/route.ts
 delete mode 100644 apps/web/app/api/accounts/route.ts
 create mode 100644 apps/web/app/api/admin/bots/[id]/assign/route.ts
 create mode 100644 apps/web/app/api/admin/bots/[id]/route.ts
 create mode 100644 apps/web/app/api/admin/bots/qr/[token]/route.ts
 create mode 100644 apps/web/app/api/admin/bots/route.ts
 create mode 100644 apps/web/app/api/admin/tenants/[id]/route.ts
 create mode 100644 apps/web/app/api/admin/tenants/route.ts
 create mode 100644 apps/web/app/api/auth/login/route.ts
 create mode 100644 apps/web/app/api/auth/logout/route.ts
 create mode 100644 apps/web/app/api/auth/me/route.ts
 create mode 100644 apps/web/app/api/auth/signup/route.ts
 create mode 100644 apps/web/app/api/auth/super/login/route.ts
 create mode 100644 apps/web/app/api/auth/super/logout/route.ts
 create mode 100644 apps/web/app/api/auth/super/me/route.ts
 create mode 100644 apps/web/app/api/bot/[id]/route.ts
 create mode 100644 apps/web/app/api/bot/attach/route.ts
 create mode 100644 apps/web/app/api/bot/initiate/route.ts
 create mode 100644 apps/web/app/api/bot/qr/[token]/route.ts
 create mode 100644 apps/web/app/api/bot/reveal/route.ts
 create mode 100644 apps/web/app/api/bot/route.ts
 create mode 100644 apps/web/app/api/groups/[id]/share/route.ts
 create mode 100644 apps/web/app/api/groups/[id]/unshare/[targetTenantId]/route.ts
 create mode 100644 apps/web/app/api/groups/claim-token-info/route.ts
 create mode 100644 apps/web/app/api/groups/claim-with-token/route.ts
 create mode 100644 apps/web/app/api/groups/shared-by-me/route.ts
 create mode 100644 apps/web/app/api/groups/shared/route.ts
 create mode 100644 apps/web/app/api/messages/[id]/approve/route.ts
 create mode 100644 apps/web/app/api/messages/[id]/route.ts
 create mode 100644 apps/web/app/api/messages/pending/count/route.ts
 create mode 100644 apps/web/app/api/messages/pending/route.ts
 create mode 100644 apps/web/app/api/my/account/route.ts
 create mode 100644 apps/web/app/api/my/groups/[id]/route.ts
 create mode 100644 apps/web/app/api/my/groups/route.ts
 create mode 100644 apps/web/app/api/my/logout/route.ts
 create mode 100644 apps/web/app/api/my/opt-in/route.ts
 create mode 100644 apps/web/app/api/my/opt-out/route.ts
 create mode 100644 apps/web/app/api/my/profile/route.ts
 create mode 100644 apps/web/app/api/onboard/verify-otp/route.ts
 create mode 100644 apps/web/app/api/routes/batch/route.ts
 create mode 100644 apps/web/app/api/rules/[id]/route.ts
 create mode 100644 apps/web/app/api/rules/route.ts
 create mode 100644 apps/web/app/claim-group/page.tsx
 create mode 100644 apps/web/app/groups/GroupsTabs.tsx
 create mode 100644 apps/web/app/login/page.test.tsx
 create mode 100644 apps/web/app/login/page.tsx
 create mode 100644 apps/web/app/messages/[id]/page.tsx
 create mode 100644 apps/web/app/messages/pending/page.tsx
 create mode 100644 apps/web/app/my/groups/GroupOptOutButton.tsx
 create mode 100644 apps/web/app/my/groups/[id]/page.tsx
 create mode 100644 apps/web/app/my/groups/page.tsx
 create mode 100644 apps/web/app/my/page.tsx
 create mode 100644 apps/web/app/my/settings/DeleteAccountButton.tsx
 create mode 100644 apps/web/app/my/settings/MemberLogoutButton.tsx
 create mode 100644 apps/web/app/my/settings/page.tsx
 create mode 100644 apps/web/app/onboard/OnboardingForm.tsx
 create mode 100644 apps/web/app/onboard/page.tsx
 create mode 100644 apps/web/app/settings/bot/BotSettingsCard.tsx
 create mode 100644 apps/web/app/settings/bot/page.tsx
 create mode 100644 apps/web/app/settings/rules/RuleManager.tsx
 create mode 100644 apps/web/app/settings/rules/page.tsx
 create mode 100644 apps/web/app/signup/SignupForm.tsx
 create mode 100644 apps/web/app/signup/page.tsx
 create mode 100644 apps/web/tsconfig.tsbuildinfo
 create mode 100644 apps/worker/src/core/approve-message.ts
 create mode 100644 apps/worker/src/email/email.service.spec.ts
 create mode 100644 apps/worker/src/email/email.service.ts
 create mode 100644 apps/worker/src/whatsapp/command-handler.test.ts
 create mode 100644 apps/worker/src/whatsapp/command-handler.ts
 create mode 100644 apps/worker/src/whatsapp/match-rules.test.ts
 create mode 100644 apps/worker/src/whatsapp/match-rules.ts
 create mode 100644 apps/worker/src/whatsapp/otp-sender.ts
 create mode 100644 backups/phase2b-pre-20260604T160707Z.sql
 create mode 100644 docs/superpowers/plans/2026-05-28-admin-dashboard.md
 create mode 100644 docs/superpowers/plans/2026-05-29-whatsapp-qr-dashboard.md
 create mode 100644 docs/superpowers/plans/2026-06-02-phase1-tenants-auth-audit.md
 create mode 100644 docs/superpowers/plans/2026-06-04-phase2b-bot-shared-hidden.md
 create mode 100644 docs/superpowers/plans/Insignia_TOWER_Architecture.pdf
 create mode 100644 packages/types/src/auth.ts
 create mode 100644 packages/types/src/bot.ts
 create mode 100644 packages/types/src/onboarding.ts
 create mode 100644 packages/types/src/rule.ts
 create mode 100755 scripts/backup-before-phase2b.sh

diff --git a/.claude/settings.local.json b/.claude/settings.local.json
index 61369e3..c811a8f 100644
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@@ -73,7 +73,44 @@
       "Bash(grep -v \"^$\")",
       "Bash(npm info *)",
       "Bash(pnpm --filter @tower/search test)",
-      "Bash(pnpm --filter @tower/search build)"
+      "Bash(pnpm --filter @tower/search build)",
+      "Bash(pnpm --filter @tower/worker test -- --testPathPattern approval)",
+      "Bash(pnpm --filter @tower/worker test -- approval)",
+      "Bash(xargs ls -la)",
+      "Bash(xargs ls)",
+      "Bash(pnpm --filter @tower/worker test -- --testPathPattern=index.processor)",
+      "Bash(python3 -c \"import sys,json; d=json.load\\(sys.stdin\\); print\\(json.dumps\\(d.get\\('dependencies',{}\\), indent=2\\)\\)\")",
+      "Bash(pnpm --filter @tower/worker test index.processor)",
+      "Bash(pnpm --filter @tower/api test)",
+      "Bash(pnpm --filter @tower/api build)",
+      "Bash(pnpm --filter @tower/api test -- search.controller.spec.ts)",
+      "Bash(pnpm --filter @tower/api test -- search.service.spec.ts)",
+      "Bash(pnpm --filter @tower/api test -- --testPathPattern=groups.service)",
+      "Bash(pnpm --filter @tower/api test -- --testPathPattern=groups)",
+      "Bash(pnpm --filter @tower/api exec jest --testPathPattern=groups)",
+      "Bash(pnpm --filter @tower/api test -- --testPathPattern=routes.service)",
+      "Bash(pnpm --filter @tower/api test -- --testPathPattern=\"routes/routes.service\")",
+      "Bash(pnpm --filter @tower/api test -- --testPathPattern=\"routes\")",
+      "Bash(pnpm --filter @tower/api test -- --testPathPattern=routes)",
+      "Bash(pnpm --filter @tower/api exec jest --testPathPattern=routes)",
+      "Bash(pnpm --filter @tower/web test -- --testPathPattern=app/page)",
+      "Bash(pnpm --filter @tower/web test -- --testPathPattern 'app/page')",
+      "Bash(pnpm --filter @tower/web test -- --testPathPattern=search/page)",
+      "Bash(pnpm --filter @tower/web test -- apps/web/app/search/page.test.tsx)",
+      "Bash(pnpm --filter @tower/web test -- --testPathPattern=groups/RouteManager)",
+      "Bash(git -C /Users/maaz/Documents/insignia-work/tower status)",
+      "Bash(git -C /Users/maaz/Documents/insignia-work/tower show --stat HEAD)",
+      "Bash(pnpm -r build)",
+      "Bash(pnpm exec *)",
+      "Bash(pnpm add *)",
+      "Bash(mkdir -p /Users/maaz/Documents/insignia-work/tower/apps/web/app/api/accounts/\\\\[id\\\\]/qr)",
+      "Bash(pnpm jest *)",
+      "Bash(cd /Users/maaz/Documents/insignia-work/tower/apps/api && pnpm test --no-coverage 2>&1 | tail -15 && cd ../worker && pnpm test --no-coverage 2>&1 | tail -15 && cd ../web && pnpm test --no-coverage 2>&1 | tail -15)",
+      "Read(//Users/maaz/Documents/insignia-work/**)",
+      "Bash(psql postgresql://tower:tower_dev@localhost:5433/tower_dev -c \"SELECT id, name, platform, \\\\\"accountId\\\\\" FROM \\\\\"Group\\\\\" LIMIT 10;\")"
+    ],
+    "additionalDirectories": [
+      "/Users/maaz/Documents/insignia-work/tower/apps/web/app/api/accounts/[id]"
     ]
   }
 }
diff --git a/.env.example b/.env.example
index 8f9b6fc..7ee94df 100644
--- a/.env.example
+++ b/.env.example
@@ -20,4 +20,25 @@ LOG_LEVEL=debug
 
 # WhatsApp
 WHATSAPP_SESSION_PATH=./sessions
-TOWER_ADMIN_JIDS=
+
+# TOWER Portal (used by worker command-handler to construct onboarding links)
+TOWER_PORTAL_BASE_URL=http://localhost:3000
+
+# Auth
+BCRYPT_ROUNDS=10
+JWT_EXPIRES_IN=7d
+MEMBER_JWT_EXPIRES_IN=30d
+
+# Default seed admin (only used in dev)
+SEED_ADMIN_EMAIL=admin@tower.local
+SEED_ADMIN_PASSWORD=tower_dev_password
+
+# SMTP (optional — leave SMTP_HOST blank to skip email notifications).
+# Defaults shown are for Ethereal (https://ethereal.email), a fake SMTP for testing.
+# Generate fresh creds at https://ethereal.email/create and paste them below.
+SMTP_HOST=smtp.ethereal.email
+SMTP_PORT=587
+SMTP_SECURE=false
+SMTP_USER=garrett.padberg@ethereal.email
+SMTP_PASS=c93RRyQMb9WFysYZ6q
+SMTP_FROM=TOWER <noreply@tower.local>
diff --git a/apps/api/check-groups.ts b/apps/api/check-groups.ts
new file mode 100644
index 0000000..de051b6
--- /dev/null
+++ b/apps/api/check-groups.ts
@@ -0,0 +1,51 @@
+import { PrismaClient } from '@prisma/client';
+
+const prisma = new PrismaClient();
+
+async function main() {
+  const groups = await prisma.group.findMany({
+    orderBy: { createdAt: 'desc' },
+    take: 10,
+    select: {
+      id: true,
+      name: true,
+      platformId: true,
+      claimStatus: true,
+      accountId: true,
+      tenantId: true,
+      claimExpiresAt: true,
+      createdAt: true,
+    },
+  });
+  console.log(`Found ${groups.length} groups:`);
+  for (const g of groups) {
+    console.log(JSON.stringify(g, null, 2));
+  }
+
+  const accounts = await prisma.account.findMany({
+    where: { isBot: true },
+    select: { id: true, jid: true, status: true, displayName: true, createdAt: true },
+  });
+  console.log(`\nFound ${accounts.length} bot accounts:`);
+  for (const a of accounts) {
+    console.log(JSON.stringify(a, null, 2));
+  }
+
+  const audits = await prisma.auditEvent.findMany({
+    where: { action: { in: ['GROUP_PENDING_CLAIM', 'BOT_PAIRED', 'BOT_INITIATED'] } },
+    orderBy: { createdAt: 'desc' },
+    take: 10,
+    select: { action: true, resourceId: true, createdAt: true, payload: true, tenantId: true },
+  });
+  console.log(`\nFound ${audits.length} relevant audit events:`);
+  for (const a of audits) {
+    console.log(JSON.stringify(a, null, 2));
+  }
+}
+
+main()
+  .catch((e) => {
+    console.error(e);
+    process.exit(1);
+  })
+  .finally(() => prisma.$disconnect());
diff --git a/apps/api/check-pending.ts b/apps/api/check-pending.ts
new file mode 100644
index 0000000..5ae43cf
--- /dev/null
+++ b/apps/api/check-pending.ts
@@ -0,0 +1,28 @@
+import { PrismaClient } from '@prisma/client';
+
+const prisma = new PrismaClient();
+
+async function main() {
+  const total = await prisma.group.count({ where: { claimStatus: 'PENDING_CLAIM' } });
+  const perTenant = await prisma.tenant.findMany({
+    where: { groups: { some: { claimStatus: 'PENDING_CLAIM' } } },
+    select: {
+      id: true,
+      name: true,
+      slug: true,
+      _count: { select: { groups: { where: { claimStatus: 'PENDING_CLAIM' } } } },
+    },
+  });
+  const sample = await prisma.group.findMany({
+    where: { claimStatus: 'PENDING_CLAIM' },
+    take: 3,
+    select: { id: true, name: true, platform: true, platformId: true, createdAt: true },
+  });
+  console.log('TOTAL PENDING_CLAIM:', total);
+  console.log('PER TENANT:', JSON.stringify(perTenant, null, 2));
+  console.log('SAMPLE:', JSON.stringify(sample, null, 2));
+}
+
+main()
+  .catch((e) => { console.error(e); process.exit(1); })
+  .finally(() => prisma.$disconnect());
diff --git a/apps/api/list-users.ts b/apps/api/list-users.ts
new file mode 100644
index 0000000..8b01a0b
--- /dev/null
+++ b/apps/api/list-users.ts
@@ -0,0 +1,9 @@
+import { PrismaClient } from '@prisma/client';
+const p = new PrismaClient();
+(async () => {
+  const tenants = await p.tenant.findMany({ select: { id: true, slug: true, name: true } });
+  const admins = await p.admin.findMany({ select: { id: true, email: true, role: true, tenant: { select: { slug: true } } } });
+  console.log('TENANTS:', JSON.stringify(tenants, null, 2));
+  console.log('ADMINS:', JSON.stringify(admins, null, 2));
+  await p.$disconnect();
+})();
diff --git a/apps/api/package.json b/apps/api/package.json
index f6dc5aa..680a925 100644
--- a/apps/api/package.json
+++ b/apps/api/package.json
@@ -6,18 +6,31 @@
     "dev": "nest start --watch",
     "start": "node dist/main",
     "test": "jest",
-    "test:e2e": "jest --config ./test/jest-e2e.json"
+    "test:e2e": "jest --config ./test/jest-e2e.json",
+    "db:seed": "ts-node prisma/seed.ts"
+  },
+  "prisma": {
+    "seed": "ts-node prisma/seed.ts"
   },
   "dependencies": {
     "@nestjs/common": "^11.0.0",
     "@nestjs/config": "^4.0.0",
     "@nestjs/core": "^11.0.0",
+    "@nestjs/jwt": "^11.0.0",
+    "@nestjs/passport": "^11.0.0",
     "@nestjs/platform-express": "^11.0.0",
     "@prisma/client": "^6.0.0",
     "@tower/config": "workspace:*",
     "@tower/logger": "workspace:*",
     "@tower/search": "workspace:*",
     "@tower/types": "workspace:*",
+    "bcryptjs": "^2.4.3",
+    "bullmq": "^5.0.0",
+    "ioredis": "^5.0.0",
+    "class-transformer": "^0.5.1",
+    "class-validator": "^0.14.1",
+    "passport": "^0.7.0",
+    "passport-jwt": "^4.0.1",
     "qrcode": "^1.5.4",
     "reflect-metadata": "^0.2.0",
     "rxjs": "^7.8.0"
@@ -26,13 +39,16 @@
     "@nestjs/cli": "^11.0.0",
     "@nestjs/schematics": "^11.0.0",
     "@nestjs/testing": "^11.0.0",
+    "@types/bcryptjs": "^2.4.6",
     "@types/jest": "^29.0.0",
     "@types/node": "^22.0.0",
+    "@types/passport-jwt": "^4.0.1",
     "@types/qrcode": "^1.5.6",
     "dotenv": "^17.4.2",
     "jest": "^29.0.0",
     "prisma": "^6.0.0",
     "ts-jest": "^29.0.0",
+    "ts-node": "^10.9.2",
     "typescript": "^5.7.0"
   }
 }
diff --git a/apps/api/prisma/migrations/20260602070712_phase1_tenants_auth_audit/migration.sql b/apps/api/prisma/migrations/20260602070712_phase1_tenants_auth_audit/migration.sql
new file mode 100644
index 0000000..0ba0440
--- /dev/null
+++ b/apps/api/prisma/migrations/20260602070712_phase1_tenants_auth_audit/migration.sql
@@ -0,0 +1,101 @@
+-- CreateEnum
+CREATE TYPE "AdminRole" AS ENUM ('OWNER', 'ADMIN', 'VIEWER');
+
+-- CreateEnum
+CREATE TYPE "ActorType" AS ENUM ('ADMIN', 'SYSTEM', 'ADAPTER');
+
+-- CreateTable: Tenant (must come first — referenced by everything else)
+CREATE TABLE "Tenant" (
+    "id" TEXT NOT NULL,
+    "slug" TEXT NOT NULL,
+    "name" TEXT NOT NULL,
+    "settings" JSONB NOT NULL DEFAULT '{}',
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "Tenant_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "Tenant_slug_key" ON "Tenant"("slug");
+
+-- Insert default tenant so existing rows can be backfilled
+INSERT INTO "Tenant" ("id", "slug", "name", "settings", "updatedAt")
+VALUES ('default', 'default', 'Default Tenant', '{}', CURRENT_TIMESTAMP);
+
+-- Add tenantId columns as nullable first
+ALTER TABLE "Account" ADD COLUMN "tenantId" TEXT;
+ALTER TABLE "Approval" ADD COLUMN "tenantId" TEXT;
+ALTER TABLE "ConsentRecord" ADD COLUMN "tenantId" TEXT;
+ALTER TABLE "Group" ADD COLUMN "tenantId" TEXT;
+ALTER TABLE "Message" ADD COLUMN "tenantId" TEXT;
+ALTER TABLE "SyncRoute" ADD COLUMN "tenantId" TEXT;
+
+-- Backfill all existing rows to the default tenant
+UPDATE "Account" SET "tenantId" = 'default';
+UPDATE "Approval" SET "tenantId" = 'default';
+UPDATE "ConsentRecord" SET "tenantId" = 'default';
+UPDATE "Group" SET "tenantId" = 'default';
+UPDATE "Message" SET "tenantId" = 'default';
+UPDATE "SyncRoute" SET "tenantId" = 'default';
+
+-- Now enforce NOT NULL
+ALTER TABLE "Account" ALTER COLUMN "tenantId" SET NOT NULL;
+ALTER TABLE "Approval" ALTER COLUMN "tenantId" SET NOT NULL;
+ALTER TABLE "ConsentRecord" ALTER COLUMN "tenantId" SET NOT NULL;
+ALTER TABLE "Group" ALTER COLUMN "tenantId" SET NOT NULL;
+ALTER TABLE "Message" ALTER COLUMN "tenantId" SET NOT NULL;
+ALTER TABLE "SyncRoute" ALTER COLUMN "tenantId" SET NOT NULL;
+
+-- CreateTable: Admin (new — NOT NULL tenantId is fine, we'll seed default admin later)
+CREATE TABLE "Admin" (
+    "id" TEXT NOT NULL,
+    "tenantId" TEXT NOT NULL,
+    "email" TEXT NOT NULL,
+    "passwordHash" TEXT NOT NULL,
+    "role" "AdminRole" NOT NULL DEFAULT 'ADMIN',
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "Admin_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable: AuditEvent (new — NOT NULL tenantId is fine)
+CREATE TABLE "AuditEvent" (
+    "id" TEXT NOT NULL,
+    "tenantId" TEXT NOT NULL,
+    "actorType" "ActorType" NOT NULL,
+    "actorId" TEXT,
+    "action" TEXT NOT NULL,
+    "resourceType" TEXT NOT NULL,
+    "resourceId" TEXT NOT NULL,
+    "payload" JSONB NOT NULL DEFAULT '{}',
+    "traceId" TEXT,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "AuditEvent_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE INDEX "Admin_tenantId_idx" ON "Admin"("tenantId");
+CREATE UNIQUE INDEX "Admin_tenantId_email_key" ON "Admin"("tenantId", "email");
+
+CREATE INDEX "AuditEvent_tenantId_createdAt_idx" ON "AuditEvent"("tenantId", "createdAt");
+CREATE INDEX "AuditEvent_resourceType_resourceId_idx" ON "AuditEvent"("resourceType", "resourceId");
+
+CREATE INDEX "Account_tenantId_idx" ON "Account"("tenantId");
+CREATE INDEX "Approval_tenantId_idx" ON "Approval"("tenantId");
+CREATE INDEX "ConsentRecord_tenantId_idx" ON "ConsentRecord"("tenantId");
+CREATE INDEX "Group_tenantId_idx" ON "Group"("tenantId");
+CREATE INDEX "Message_tenantId_idx" ON "Message"("tenantId");
+CREATE INDEX "SyncRoute_tenantId_idx" ON "SyncRoute"("tenantId");
+
+-- AddForeignKey
+ALTER TABLE "Admin" ADD CONSTRAINT "Admin_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+ALTER TABLE "AuditEvent" ADD CONSTRAINT "AuditEvent_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+ALTER TABLE "Group" ADD CONSTRAINT "Group_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+ALTER TABLE "Message" ADD CONSTRAINT "Message_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+ALTER TABLE "Approval" ADD CONSTRAINT "Approval_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+ALTER TABLE "SyncRoute" ADD CONSTRAINT "SyncRoute_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+ALTER TABLE "ConsentRecord" ADD CONSTRAINT "ConsentRecord_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+ALTER TABLE "Account" ADD CONSTRAINT "Account_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
diff --git a/apps/api/prisma/migrations/20260604160800_phase2b_bot_claim/migration.sql b/apps/api/prisma/migrations/20260604160800_phase2b_bot_claim/migration.sql
new file mode 100644
index 0000000..19f2bd4
--- /dev/null
+++ b/apps/api/prisma/migrations/20260604160800_phase2b_bot_claim/migration.sql
@@ -0,0 +1,201 @@
+
+-- CreateEnum
+CREATE TYPE "GroupClaimStatus" AS ENUM ('PENDING_CLAIM', 'CLAIMED', 'RELEASED', 'EXPIRED');
+
+-- CreateEnum
+CREATE TYPE "ConsentScope" AS ENUM ('INGEST', 'ARCHIVE', 'REPLICATE', 'DISPLAY');
+
+-- CreateEnum
+CREATE TYPE "ConsentStatus" AS ENUM ('GRANTED', 'REVOKED');
+
+-- CreateEnum
+CREATE TYPE "MemberOptOutReason" AS ENUM ('STOP_KEYWORD', 'SELF_PORTAL', 'ADMIN_ACTION');
+
+-- AlterEnum
+ALTER TYPE "AccountStatus" ADD VALUE 'PAIRING';
+
+-- AlterEnum
+ALTER TYPE "ActorType" ADD VALUE 'MEMBER';
+
+-- DropForeignKey
+ALTER TABLE "Account" DROP CONSTRAINT "Account_tenantId_fkey";
+
+-- DropForeignKey
+ALTER TABLE "Group" DROP CONSTRAINT "Group_tenantId_fkey";
+
+-- DropIndex
+DROP INDEX "Account_tenantId_idx";
+
+-- DropIndex
+DROP INDEX "ConsentRecord_groupId_memberJid_consentType_key";
+
+-- DropIndex
+DROP INDEX "ConsentRecord_tenantId_idx";
+
+-- AlterTable
+ALTER TABLE "Account" DROP COLUMN "tenantId",
+ADD COLUMN     "isBot" BOOLEAN NOT NULL DEFAULT true,
+ADD COLUMN     "pairingExpiresAt" TIMESTAMP(3),
+ADD COLUMN     "pairingToken" TEXT;
+
+-- AlterTable
+ALTER TABLE "ConsentRecord" DROP COLUMN "consentType",
+DROP COLUMN "grantedAt",
+DROP COLUMN "memberJid",
+ADD COLUMN     "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ADD COLUMN     "effectiveAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ADD COLUMN     "policyVersion" TEXT NOT NULL,
+ADD COLUMN     "proofEventId" TEXT NOT NULL,
+ADD COLUMN     "retentionDays" INTEGER NOT NULL DEFAULT 90,
+ADD COLUMN     "scopes" "ConsentScope"[],
+ADD COLUMN     "status" "ConsentStatus" NOT NULL DEFAULT 'GRANTED',
+ADD COLUMN     "userId" TEXT NOT NULL;
+
+-- AlterTable
+ALTER TABLE "Group" ADD COLUMN     "claimExpiresAt" TIMESTAMP(3),
+ADD COLUMN     "claimStatus" "GroupClaimStatus" NOT NULL DEFAULT 'PENDING_CLAIM',
+ADD COLUMN     "claimedAt" TIMESTAMP(3),
+ADD COLUMN     "claimedByAdminId" TEXT,
+ALTER COLUMN "tenantId" DROP NOT NULL;
+
+-- AlterTable
+ALTER TABLE "Message" ADD COLUMN     "senderTowerUserId" TEXT;
+
+-- CreateTable
+CREATE TABLE "TenantBot" (
+    "id" TEXT NOT NULL,
+    "tenantId" TEXT NOT NULL,
+    "accountId" TEXT NOT NULL,
+    "isActive" BOOLEAN NOT NULL DEFAULT true,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "TenantBot_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable
+CREATE TABLE "TowerUser" (
+    "id" TEXT NOT NULL,
+    "tenantId" TEXT NOT NULL,
+    "phoneHash" TEXT NOT NULL,
+    "jid" TEXT NOT NULL,
+    "displayName" TEXT,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "TowerUser_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable
+CREATE TABLE "TowerSession" (
+    "id" TEXT NOT NULL,
+    "userId" TEXT NOT NULL,
+    "tokenHash" TEXT NOT NULL,
+    "expiresAt" TIMESTAMP(3) NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "TowerSession_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable
+CREATE TABLE "MemberOptOut" (
+    "id" TEXT NOT NULL,
+    "tenantId" TEXT NOT NULL,
+    "userId" TEXT NOT NULL,
+    "groupId" TEXT,
+    "reason" "MemberOptOutReason" NOT NULL,
+    "notes" TEXT,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "MemberOptOut_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE INDEX "TenantBot_accountId_idx" ON "TenantBot"("accountId");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "TenantBot_tenantId_accountId_key" ON "TenantBot"("tenantId", "accountId");
+
+-- CreateIndex
+CREATE INDEX "TowerUser_phoneHash_idx" ON "TowerUser"("phoneHash");
+
+-- CreateIndex
+CREATE INDEX "TowerUser_tenantId_idx" ON "TowerUser"("tenantId");
+
+-- CreateIndex
+CREATE INDEX "TowerUser_jid_idx" ON "TowerUser"("jid");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "TowerUser_tenantId_phoneHash_key" ON "TowerUser"("tenantId", "phoneHash");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "TowerSession_tokenHash_key" ON "TowerSession"("tokenHash");
+
+-- CreateIndex
+CREATE INDEX "TowerSession_userId_idx" ON "TowerSession"("userId");
+
+-- CreateIndex
+CREATE INDEX "TowerSession_expiresAt_idx" ON "TowerSession"("expiresAt");
+
+-- CreateIndex
+CREATE INDEX "MemberOptOut_tenantId_userId_idx" ON "MemberOptOut"("tenantId", "userId");
+
+-- CreateIndex
+CREATE INDEX "MemberOptOut_groupId_idx" ON "MemberOptOut"("groupId");
+
+-- CreateIndex
+CREATE INDEX "MemberOptOut_userId_idx" ON "MemberOptOut"("userId");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "Account_pairingToken_key" ON "Account"("pairingToken");
+
+-- CreateIndex
+CREATE INDEX "Account_isBot_idx" ON "Account"("isBot");
+
+-- CreateIndex
+CREATE INDEX "Account_status_idx" ON "Account"("status");
+
+-- CreateIndex
+CREATE INDEX "ConsentRecord_tenantId_groupId_userId_idx" ON "ConsentRecord"("tenantId", "groupId", "userId");
+
+-- CreateIndex
+CREATE INDEX "ConsentRecord_status_idx" ON "ConsentRecord"("status");
+
+-- CreateIndex
+CREATE INDEX "ConsentRecord_userId_idx" ON "ConsentRecord"("userId");
+
+-- CreateIndex
+CREATE INDEX "Group_claimStatus_idx" ON "Group"("claimStatus");
+
+-- CreateIndex
+CREATE INDEX "Message_senderTowerUserId_idx" ON "Message"("senderTowerUserId");
+
+-- AddForeignKey
+ALTER TABLE "TenantBot" ADD CONSTRAINT "TenantBot_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "TenantBot" ADD CONSTRAINT "TenantBot_accountId_fkey" FOREIGN KEY ("accountId") REFERENCES "Account"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "Group" ADD CONSTRAINT "Group_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "Group" ADD CONSTRAINT "Group_claimedByAdminId_fkey" FOREIGN KEY ("claimedByAdminId") REFERENCES "Admin"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "Message" ADD CONSTRAINT "Message_senderTowerUserId_fkey" FOREIGN KEY ("senderTowerUserId") REFERENCES "TowerUser"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "TowerUser" ADD CONSTRAINT "TowerUser_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "TowerSession" ADD CONSTRAINT "TowerSession_userId_fkey" FOREIGN KEY ("userId") REFERENCES "TowerUser"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "ConsentRecord" ADD CONSTRAINT "ConsentRecord_userId_fkey" FOREIGN KEY ("userId") REFERENCES "TowerUser"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "MemberOptOut" ADD CONSTRAINT "MemberOptOut_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "MemberOptOut" ADD CONSTRAINT "MemberOptOut_userId_fkey" FOREIGN KEY ("userId") REFERENCES "TowerUser"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
diff --git a/apps/api/prisma/migrations/20260604170000_phase2b_otp_challenge/migration.sql b/apps/api/prisma/migrations/20260604170000_phase2b_otp_challenge/migration.sql
new file mode 100644
index 0000000..ab4b45c
--- /dev/null
+++ b/apps/api/prisma/migrations/20260604170000_phase2b_otp_challenge/migration.sql
@@ -0,0 +1,28 @@
+-- CreateTable
+CREATE TABLE "OtpChallenge" (
+    "id" TEXT NOT NULL,
+    "tenantId" TEXT NOT NULL,
+    "jid" TEXT NOT NULL,
+    "phoneHash" TEXT NOT NULL,
+    "code" TEXT NOT NULL,
+    "scopes" "ConsentScope"[],
+    "retentionDays" INTEGER NOT NULL DEFAULT 90,
+    "policyVersion" TEXT NOT NULL,
+    "groupId" TEXT NOT NULL,
+    "expiresAt" TIMESTAMP(3) NOT NULL,
+    "consumedAt" TIMESTAMP(3),
+    "sentAt" TIMESTAMP(3),
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "OtpChallenge_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE INDEX "OtpChallenge_tenantId_jid_idx" ON "OtpChallenge"("tenantId", "jid");
+
+-- CreateIndex
+CREATE INDEX "OtpChallenge_expiresAt_idx" ON "OtpChallenge"("expiresAt");
+
+-- CreateIndex
+CREATE INDEX "OtpChallenge_sentAt_idx" ON "OtpChallenge"("sentAt");
+
diff --git a/apps/api/prisma/migrations/20260608194802_add_superadmin_and_tenant_flags/migration.sql b/apps/api/prisma/migrations/20260608194802_add_superadmin_and_tenant_flags/migration.sql
new file mode 100644
index 0000000..2a870e9
--- /dev/null
+++ b/apps/api/prisma/migrations/20260608194802_add_superadmin_and_tenant_flags/migration.sql
@@ -0,0 +1,18 @@
+-- AlterTable
+ALTER TABLE "Tenant" ADD COLUMN     "isActive" BOOLEAN NOT NULL DEFAULT true,
+ADD COLUMN     "isForwardingPaused" BOOLEAN NOT NULL DEFAULT false;
+
+-- CreateTable
+CREATE TABLE "SuperAdmin" (
+    "id" TEXT NOT NULL,
+    "email" TEXT NOT NULL,
+    "passwordHash" TEXT NOT NULL,
+    "name" TEXT,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "SuperAdmin_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "SuperAdmin_email_key" ON "SuperAdmin"("email");
diff --git a/apps/api/prisma/migrations/20260608_rules_engine/migration.sql b/apps/api/prisma/migrations/20260608_rules_engine/migration.sql
new file mode 100644
index 0000000..91a9028
--- /dev/null
+++ b/apps/api/prisma/migrations/20260608_rules_engine/migration.sql
@@ -0,0 +1,32 @@
+-- CreateEnum
+CREATE TYPE "RuleMatchType" AS ENUM ('HASHTAG', 'PREFIX', 'REACTION_EMOJI');
+
+-- CreateEnum
+CREATE TYPE "RuleAction" AS ENUM ('FLAG', 'AUTO_APPROVE', 'SKIP', 'REJECT');
+
+-- CreateTable
+CREATE TABLE "TenantRule" (
+    "id" TEXT NOT NULL,
+    "tenantId" TEXT NOT NULL,
+    "matchType" "RuleMatchType" NOT NULL,
+    "matchValue" TEXT NOT NULL,
+    "action" "RuleAction" NOT NULL,
+    "priority" INTEGER NOT NULL DEFAULT 0,
+    "isActive" BOOLEAN NOT NULL DEFAULT true,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "TenantRule_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE INDEX "TenantRule_tenantId_isActive_idx" ON "TenantRule"("tenantId", "isActive");
+
+-- CreateIndex
+CREATE INDEX "TenantRule_tenantId_matchType_idx" ON "TenantRule"("tenantId", "matchType");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "TenantRule_tenantId_matchType_matchValue_key" ON "TenantRule"("tenantId", "matchType", "matchValue");
+
+-- AddForeignKey
+ALTER TABLE "TenantRule" ADD CONSTRAINT "TenantRule_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
diff --git a/apps/api/prisma/migrations/20260608_token_claim_group_access/migration.sql b/apps/api/prisma/migrations/20260608_token_claim_group_access/migration.sql
new file mode 100644
index 0000000..3143248
--- /dev/null
+++ b/apps/api/prisma/migrations/20260608_token_claim_group_access/migration.sql
@@ -0,0 +1,38 @@
+-- CreateTable: GroupClaimToken
+CREATE TABLE "GroupClaimToken" (
+    "id" TEXT NOT NULL,
+    "groupId" TEXT NOT NULL,
+    "token" TEXT NOT NULL,
+    "creatorJid" TEXT NOT NULL,
+    "expiresAt" TIMESTAMP(3) NOT NULL,
+    "consumedAt" TIMESTAMP(3),
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "GroupClaimToken_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable: GroupAccess
+CREATE TABLE "GroupAccess" (
+    "id" TEXT NOT NULL,
+    "groupId" TEXT NOT NULL,
+    "tenantId" TEXT NOT NULL,
+    "grantedBy" TEXT NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "GroupAccess_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "GroupClaimToken_token_key" ON "GroupClaimToken"("token");
+CREATE INDEX "GroupClaimToken_expiresAt_idx" ON "GroupClaimToken"("expiresAt");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "GroupAccess_groupId_tenantId_key" ON "GroupAccess"("groupId", "tenantId");
+CREATE INDEX "GroupAccess_tenantId_idx" ON "GroupAccess"("tenantId");
+
+-- AddForeignKey
+ALTER TABLE "GroupClaimToken" ADD CONSTRAINT "GroupClaimToken_groupId_fkey" FOREIGN KEY ("groupId") REFERENCES "Group"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "GroupAccess" ADD CONSTRAINT "GroupAccess_groupId_fkey" FOREIGN KEY ("groupId") REFERENCES "Group"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+ALTER TABLE "GroupAccess" ADD CONSTRAINT "GroupAccess_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "Tenant"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
diff --git a/apps/api/prisma/schema.prisma b/apps/api/prisma/schema.prisma
index 7188a46..8475200 100644
--- a/apps/api/prisma/schema.prisma
+++ b/apps/api/prisma/schema.prisma
@@ -7,45 +7,211 @@ datasource db {
   url      = env("DATABASE_URL")
 }
 
-model Group {
-  id          String   @id @default(cuid())
-  platform    String
-  platformId  String
-  name        String
-  description String?
-  isActive    Boolean  @default(true)
-  accountId   String?
-  account     Account? @relation(fields: [accountId], references: [id])
-  createdAt   DateTime @default(now())
-  updatedAt   DateTime @updatedAt
+// ============================================================================
+// Tenancy
+// ============================================================================
 
+model Tenant {
+  id                  String   @id @default(cuid())
+  slug                String   @unique
+  name                String
+  isActive            Boolean  @default(true)
+  isForwardingPaused  Boolean  @default(false)
+  settings            Json     @default("{}")
+  createdAt           DateTime @default(now())
+  updatedAt           DateTime @updatedAt
+
+  admins         Admin[]
+  tenantBots     TenantBot[]
+  groups         Group[]
   messages       Message[]
-  syncRoutesFrom SyncRoute[]     @relation("sourceGroup")
-  syncRoutesTo   SyncRoute[]     @relation("targetGroup")
+  approvals      Approval[]
+  syncRoutes     SyncRoute[]
   consentRecords ConsentRecord[]
+  memberOptOuts  MemberOptOut[]
+  towerUsers     TowerUser[]
+  auditEvents    AuditEvent[]
+  rules          TenantRule[]
+  groupAccesses  GroupAccess[]
+}
 
-  @@unique([platform, platformId])
+enum AdminRole {
+  OWNER
+  ADMIN
+  VIEWER
+}
+
+model Admin {
+  id           String    @id @default(cuid())
+  tenantId     String
+  tenant       Tenant    @relation(fields: [tenantId], references: [id])
+  email        String
+  passwordHash String
+  role         AdminRole @default(ADMIN)
+  createdAt    DateTime  @default(now())
+  updatedAt    DateTime  @updatedAt
+
+  claimedGroups Group[] @relation("claimer")
+
+  @@unique([tenantId, email])
+  @@index([tenantId])
+}
+
+model SuperAdmin {
+  id           String   @id @default(cuid())
+  email        String   @unique
+  passwordHash String
+  name         String?
+  createdAt    DateTime @default(now())
+  updatedAt    DateTime @updatedAt
+}
+
+enum ActorType {
+  ADMIN
+  SYSTEM
+  ADAPTER
+  MEMBER
+}
+
+model AuditEvent {
+  id           String    @id @default(cuid())
+  tenantId     String
+  tenant       Tenant    @relation(fields: [tenantId], references: [id])
+  actorType    ActorType
+  actorId      String?
+  action       String
+  resourceType String
+  resourceId   String
+  payload      Json      @default("{}")
+  traceId      String?
+  createdAt    DateTime  @default(now())
+
+  @@index([tenantId, createdAt])
+  @@index([resourceType, resourceId])
+}
+
+// ============================================================================
+// WhatsApp accounts (Phase 2B: bots only, tenant-less, accessed via TenantBot)
+// ============================================================================
+
+enum AccountStatus {
+  ACTIVE
+  DISCONNECTED
+  BANNED
+  PAIRING
+}
+
+model Account {
+  id               String        @id @default(cuid())
+  // tenantId REMOVED in Phase 2B — bots are global, access scoped via TenantBot
+  platform         String
+  jid              String
+  sessionPath      String
+  displayName      String?
+  status           AccountStatus @default(ACTIVE)
+  qrCode           String?
+  isBot            Boolean       @default(true)
+  pairingToken     String?       @unique
+  pairingExpiresAt DateTime?
+  createdAt        DateTime      @default(now())
+  updatedAt        DateTime      @updatedAt
+
+  tenants TenantBot[]
+  groups  Group[]
+
+  @@unique([platform, jid])
+  @@index([isBot])
+  @@index([status])
+}
+
+// Many-to-many: which tenants may claim groups from which bot.
+// Phase 2B ships with implicit "all tenants" (UI auto-grants on first claim),
+// but the table is wired so multi-bot + restricted sharing works in later phases.
+model TenantBot {
+  id        String   @id @default(cuid())
+  tenantId  String
+  tenant    Tenant   @relation(fields: [tenantId], references: [id])
+  accountId String
+  account   Account  @relation(fields: [accountId], references: [id])
+  isActive  Boolean  @default(true)
+  createdAt DateTime @default(now())
+
+  @@unique([tenantId, accountId])
   @@index([accountId])
 }
 
+// ============================================================================
+// Groups + claim lifecycle
+// ============================================================================
+
+enum GroupClaimStatus {
+  PENDING_CLAIM
+  CLAIMED
+  RELEASED
+  EXPIRED
+}
+
+model Group {
+  id               String           @id @default(cuid())
+  // tenantId nullable: null while PENDING_CLAIM/EXPIRED, set once CLAIMED
+  tenantId         String?
+  tenant           Tenant?          @relation(fields: [tenantId], references: [id])
+  platform         String
+  platformId       String
+  name             String
+  description      String?
+  isActive         Boolean          @default(true)
+  accountId        String?
+  account          Account?         @relation(fields: [accountId], references: [id])
+  claimStatus      GroupClaimStatus @default(PENDING_CLAIM)
+  claimedAt        DateTime?
+  claimedByAdminId String?
+  claimedByAdmin   Admin?           @relation("claimer", fields: [claimedByAdminId], references: [id])
+  claimExpiresAt   DateTime?
+  createdAt        DateTime         @default(now())
+  updatedAt        DateTime         @updatedAt
+
+  messages        Message[]
+  syncRoutesFrom  SyncRoute[]        @relation("sourceGroup")
+  syncRoutesTo    SyncRoute[]        @relation("targetGroup")
+  consents        ConsentRecord[]
+  claimTokens     GroupClaimToken[]
+  groupAccesses   GroupAccess[]
+
+  @@unique([platform, platformId])
+  @@index([accountId])
+  @@index([tenantId])
+  @@index([claimStatus])
+}
+
+// ============================================================================
+// Message ingest + approval
+// ============================================================================
+
 model Message {
-  id            String        @id @default(cuid())
-  platform      String
-  platformMsgId String
-  sourceGroupId String
-  sourceGroup   Group         @relation(fields: [sourceGroupId], references: [id])
-  senderJid     String
-  senderName    String?
-  content       String
-  mediaUrl      String?
-  tags          String[]
-  status        MessageStatus @default(PENDING)
-  createdAt     DateTime      @default(now())
-  updatedAt     DateTime      @updatedAt
+  id                 String        @id @default(cuid())
+  tenantId           String
+  tenant             Tenant        @relation(fields: [tenantId], references: [id])
+  platform           String
+  platformMsgId      String
+  sourceGroupId      String
+  sourceGroup        Group         @relation(fields: [sourceGroupId], references: [id])
+  senderJid          String
+  senderName         String?
+  senderTowerUserId  String?
+  senderTowerUser    TowerUser?    @relation("senderTowerUser", fields: [senderTowerUserId], references: [id])
+  content            String
+  mediaUrl           String?
+  tags               String[]
+  status             MessageStatus @default(PENDING)
+  createdAt          DateTime      @default(now())
+  updatedAt          DateTime      @updatedAt
 
   approval Approval?
 
   @@unique([platform, platformMsgId])
+  @@index([tenantId])
+  @@index([senderTowerUserId])
 }
 
 enum MessageStatus {
@@ -58,12 +224,16 @@ enum MessageStatus {
 
 model Approval {
   id        String           @id @default(cuid())
+  tenantId  String
+  tenant    Tenant           @relation(fields: [tenantId], references: [id])
   messageId String           @unique
   message   Message          @relation(fields: [messageId], references: [id])
   adminId   String
   decision  ApprovalDecision
   notes     String?
   decidedAt DateTime         @default(now())
+
+  @@index([tenantId])
 }
 
 enum ApprovalDecision {
@@ -73,6 +243,8 @@ enum ApprovalDecision {
 
 model SyncRoute {
   id            String   @id @default(cuid())
+  tenantId      String
+  tenant        Tenant   @relation(fields: [tenantId], references: [id])
   sourceGroupId String
   sourceGroup   Group    @relation("sourceGroup", fields: [sourceGroupId], references: [id])
   targetGroupId String
@@ -81,37 +253,183 @@ model SyncRoute {
   createdAt     DateTime @default(now())
 
   @@unique([sourceGroupId, targetGroupId])
+  @@index([tenantId])
+}
+
+// ============================================================================
+// Group claiming + sharing
+// ============================================================================
+
+model GroupClaimToken {
+  id          String    @id @default(cuid())
+  groupId     String
+  group       Group      @relation(fields: [groupId], references: [id])
+  token       String     @unique
+  creatorJid  String
+  expiresAt   DateTime
+  consumedAt  DateTime?
+  createdAt   DateTime   @default(now())
+
+  @@index([expiresAt])
+}
+
+model GroupAccess {
+  id        String   @id @default(cuid())
+  groupId   String
+  group     Group    @relation(fields: [groupId], references: [id])
+  tenantId  String
+  tenant    Tenant   @relation(fields: [tenantId], references: [id])
+  grantedBy String
+  createdAt DateTime @default(now())
+
+  @@unique([groupId, tenantId])
+  @@index([tenantId])
+}
+
+// ============================================================================
+// Member onboarding (Phase 2B)
+// ============================================================================
+
+enum ConsentScope {
+  INGEST
+  ARCHIVE
+  REPLICATE
+  DISPLAY
+}
+
+enum ConsentStatus {
+  GRANTED
+  REVOKED
+}
+
+enum MemberOptOutReason {
+  STOP_KEYWORD
+  SELF_PORTAL
+  ADMIN_ACTION
+}
+
+// Hashed identity: SHA-256 of E.164 phone number (pepper via JWT_SECRET).
+model TowerUser {
+  id          String   @id @default(cuid())
+  tenantId    String
+  tenant      Tenant   @relation(fields: [tenantId], references: [id])
+  phoneHash   String
+  jid         String
+  displayName String?
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+
+  consents ConsentRecord[]
+  optOuts  MemberOptOut[]
+  sessions TowerSession[]
+  messages Message[]      @relation("senderTowerUser")
+
+  @@unique([tenantId, phoneHash])
+  @@index([phoneHash])
+  @@index([tenantId])
+  @@index([jid])
+}
+
+model TowerSession {
+  id        String   @id @default(cuid())
+  userId    String
+  user      TowerUser @relation(fields: [userId], references: [id])
+  tokenHash String   @unique
+  expiresAt DateTime
+  createdAt DateTime @default(now())
+
+  @@index([userId])
+  @@index([expiresAt])
 }
 
 model ConsentRecord {
-  id          String    @id @default(cuid())
-  groupId     String
-  group       Group     @relation(fields: [groupId], references: [id])
-  memberJid   String
-  consentType String
-  grantedAt   DateTime  @default(now())
-  revokedAt   DateTime?
+  id            String        @id @default(cuid())
+  tenantId      String
+  tenant        Tenant        @relation(fields: [tenantId], references: [id])
+  groupId       String
+  group         Group         @relation(fields: [groupId], references: [id])
+  userId        String
+  user          TowerUser     @relation(fields: [userId], references: [id])
+  scopes        ConsentScope[]
+  retentionDays Int           @default(90)
+  policyVersion String
+  status        ConsentStatus @default(GRANTED)
+  proofEventId  String
+  effectiveAt   DateTime      @default(now())
+  revokedAt     DateTime?
+  createdAt     DateTime      @default(now())
 
-  @@unique([groupId, memberJid, consentType])
+  @@index([tenantId, groupId, userId])
+  @@index([status])
+  @@index([userId])
 }
 
-enum AccountStatus {
-  ACTIVE
-  DISCONNECTED
-  BANNED
+model MemberOptOut {
+  id        String            @id @default(cuid())
+  tenantId  String
+  tenant    Tenant            @relation(fields: [tenantId], references: [id])
+  userId    String
+  user      TowerUser         @relation(fields: [userId], references: [id])
+  groupId   String?
+  reason    MemberOptOutReason
+  notes     String?
+  createdAt DateTime          @default(now())
+
+  @@index([tenantId, userId])
+  @@index([groupId])
+  @@index([userId])
 }
 
-model Account {
-  id          String        @id @default(cuid())
-  platform    String
-  jid         String
-  sessionPath String
-  displayName String?
-  status      AccountStatus @default(ACTIVE)
-  qrCode      String?
-  groups      Group[]
-  createdAt   DateTime      @default(now())
-  updatedAt   DateTime      @updatedAt
+model OtpChallenge {
+  id        String   @id @default(cuid())
+  tenantId  String
+  jid       String
+  phoneHash String
+  code      String
+  scopes    ConsentScope[]
+  retentionDays Int      @default(90)
+  policyVersion String
+  groupId   String
+  expiresAt DateTime
+  consumedAt DateTime?
+  sentAt    DateTime?
+  createdAt DateTime @default(now())
 
-  @@unique([platform, jid])
+  @@index([tenantId, jid])
+  @@index([expiresAt])
+  @@index([sentAt])
+}
+
+// ============================================================================
+// Tenant Rules Engine
+// ============================================================================
+
+enum RuleMatchType {
+  HASHTAG
+  PREFIX
+  REACTION_EMOJI
+}
+
+enum RuleAction {
+  FLAG
+  AUTO_APPROVE
+  SKIP
+  REJECT
+}
+
+model TenantRule {
+  id         String        @id @default(cuid())
+  tenantId   String
+  tenant     Tenant        @relation(fields: [tenantId], references: [id])
+  matchType  RuleMatchType
+  matchValue String
+  action     RuleAction
+  priority   Int           @default(0)
+  isActive   Boolean       @default(true)
+  createdAt  DateTime      @default(now())
+  updatedAt  DateTime      @updatedAt
+
+  @@unique([tenantId, matchType, matchValue])
+  @@index([tenantId, isActive])
+  @@index([tenantId, matchType])
 }
diff --git a/apps/api/prisma/seed.ts b/apps/api/prisma/seed.ts
new file mode 100644
index 0000000..700ce96
--- /dev/null
+++ b/apps/api/prisma/seed.ts
@@ -0,0 +1,59 @@
+/* eslint-disable no-console */
+import { PrismaClient, AdminRole } from '@prisma/client';
+import * as bcrypt from 'bcryptjs';
+
+const prisma = new PrismaClient();
+
+const DEFAULT_TENANT_SLUG = 'default';
+const SEED_ADMIN_EMAIL = process.env['SEED_ADMIN_EMAIL'] ?? 'admin@tower.local';
+const SEED_ADMIN_PASSWORD = process.env['SEED_ADMIN_PASSWORD'] ?? 'tower_dev_password';
+const SUPER_ADMIN_EMAIL = process.env['SUPER_ADMIN_EMAIL'] ?? 'super@tower.local';
+const SUPER_ADMIN_PASSWORD = process.env['SUPER_ADMIN_PASSWORD'] ?? 'super_dev_password';
+const BCRYPT_ROUNDS = Number(process.env['BCRYPT_ROUNDS'] ?? '10');
+
+async function main(): Promise<void> {
+  const tenant = await prisma.tenant.upsert({
+    where: { slug: DEFAULT_TENANT_SLUG },
+    update: {},
+    create: { slug: DEFAULT_TENANT_SLUG, name: 'Default Tenant' },
+  });
+
+  const passwordHash = await bcrypt.hash(SEED_ADMIN_PASSWORD, BCRYPT_ROUNDS);
+  const admin = await prisma.admin.upsert({
+    where: { tenantId_email: { tenantId: tenant.id, email: SEED_ADMIN_EMAIL } },
+    update: { passwordHash, role: AdminRole.OWNER },
+    create: {
+      tenantId: tenant.id,
+      email: SEED_ADMIN_EMAIL,
+      passwordHash,
+      role: AdminRole.OWNER,
+    },
+  });
+
+  const superPasswordHash = await bcrypt.hash(SUPER_ADMIN_PASSWORD, BCRYPT_ROUNDS);
+  const superAdmin = await prisma.superAdmin.upsert({
+    where: { email: SUPER_ADMIN_EMAIL },
+    update: { passwordHash: superPasswordHash },
+    create: {
+      email: SUPER_ADMIN_EMAIL,
+      passwordHash: superPasswordHash,
+      name: 'Super Admin',
+    },
+  });
+
+  console.log('Seed complete:');
+  console.log(`  Tenant:     ${tenant.slug} (${tenant.id})`);
+  console.log(`  Admin:      ${admin.email} (${admin.id}) role=${admin.role}`);
+  console.log(`  SuperAdmin: ${superAdmin.email} (${superAdmin.id})`);
+  console.log(`  Password:   ${SEED_ADMIN_PASSWORD}  (dev only — change for production)`);
+  console.log(`  Super pwd:  ${SUPER_ADMIN_PASSWORD}  (dev only — change for production)`);
+}
+
+main()
+  .catch((err) => {
+    console.error('Seed failed:', err);
+    process.exit(1);
+  })
+  .finally(async () => {
+    await prisma.$disconnect();
+  });
diff --git a/apps/api/src/app.module.ts b/apps/api/src/app.module.ts
index d2e36d8..3b78eb3 100644
--- a/apps/api/src/app.module.ts
+++ b/apps/api/src/app.module.ts
@@ -1,21 +1,37 @@
 import { Module } from '@nestjs/common';
 import { ConfigModule } from '@nestjs/config';
 import { PrismaModule } from './prisma/prisma.module';
+import { AuthModule } from './modules/auth/auth.module';
+import { AuditModule } from './modules/audit/audit.module';
 import { HealthModule } from './modules/health/health.module';
 import { SearchModule } from './modules/search/search.module';
 import { GroupsModule } from './modules/groups/groups.module';
 import { RoutesModule } from './modules/routes/routes.module';
-import { AccountsModule } from './modules/accounts/accounts.module';
+import { BotModule } from './modules/bot/bot.module';
+import { OnboardingModule } from './modules/onboarding/onboarding.module';
+import { MyModule } from './modules/my/my.module';
+import { MessagesModule } from './modules/messages/messages.module';
+import { RulesModule } from './modules/rules/rules.module';
+import { SuperAdminModule } from './modules/super-admin/super-admin.module';
+import { TenantModule } from './modules/tenant/tenant.module';
 
 @Module({
   imports: [
     ConfigModule.forRoot({ isGlobal: true }),
     PrismaModule,
+    AuthModule,
+    AuditModule,
     HealthModule,
     SearchModule,
     GroupsModule,
     RoutesModule,
-    AccountsModule,
+    BotModule,
+    OnboardingModule,
+    MyModule,
+    MessagesModule,
+    RulesModule,
+    SuperAdminModule,
+    TenantModule,
   ],
 })
 export class AppModule {}
diff --git a/apps/api/src/common/tenant-context.ts b/apps/api/src/common/tenant-context.ts
new file mode 100644
index 0000000..da37828
--- /dev/null
+++ b/apps/api/src/common/tenant-context.ts
@@ -0,0 +1,13 @@
+import { AdminRole } from '@tower/types';
+
+export interface TenantContext {
+  tenantId: string;
+  adminId: string | null;
+  role: AdminRole | null;
+}
+
+export const emptyTenantContext: TenantContext = {
+  tenantId: '',
+  adminId: null,
+  role: null,
+};
diff --git a/apps/api/src/main.ts b/apps/api/src/main.ts
index dd42ec7..bb3ef4f 100644
--- a/apps/api/src/main.ts
+++ b/apps/api/src/main.ts
@@ -1,9 +1,25 @@
 import 'reflect-metadata';
-import { NestFactory } from '@nestjs/core';
+import { NestFactory, Reflector } from '@nestjs/core';
+import { ClassSerializerInterceptor, ValidationPipe } from '@nestjs/common';
 import { AppModule } from './app.module';
+import { JwtAuthGuard } from './modules/auth/jwt-auth.guard';
+import { validateEnv } from '@tower/config';
 
 async function bootstrap() {
+  validateEnv();
+
   const app = await NestFactory.create(AppModule);
+
+  app.useGlobalPipes(
+    new ValidationPipe({
+      whitelist: true,
+      forbidNonWhitelisted: true,
+      transform: true,
+    }),
+  );
+  app.useGlobalInterceptors(new ClassSerializerInterceptor(app.get(Reflector)));
+  app.useGlobalGuards(new JwtAuthGuard(app.get(Reflector)));
+
   const port = process.env['API_PORT'] ?? 3001;
   await app.listen(port);
   console.log(`TOWER API running on port ${port}`);
diff --git a/apps/api/src/modules/accounts/accounts.controller.spec.ts b/apps/api/src/modules/accounts/accounts.controller.spec.ts
deleted file mode 100644
index 3fe9cdd..0000000
--- a/apps/api/src/modules/accounts/accounts.controller.spec.ts
+++ /dev/null
@@ -1,50 +0,0 @@
-import { Test, TestingModule } from '@nestjs/testing';
-import { AccountsController } from './accounts.controller';
-import { AccountsService } from './accounts.service';
-
-const mockAccounts = [
-  { id: 'acc_1', platform: 'whatsapp', jid: '111@s.whatsapp.net', displayName: 'Test', status: 'ACTIVE' },
-];
-const mockCreated = { id: 'acc_new', platform: 'whatsapp', jid: 'pending_x@placeholder', displayName: 'New', status: 'ACTIVE' };
-
-const mockService = {
-  list: jest.fn().mockResolvedValue(mockAccounts),
-  getQr: jest.fn().mockResolvedValue({ status: 'DISCONNECTED', qrDataUrl: 'data:image/png;base64,fake' }),
-  create: jest.fn().mockResolvedValue(mockCreated),
-};
-
-describe('AccountsController', () => {
-  let controller: AccountsController;
-
-  beforeEach(async () => {
-    jest.clearAllMocks();
-    const module: TestingModule = await Test.createTestingModule({
-      controllers: [AccountsController],
-      providers: [{ provide: AccountsService, useValue: mockService }],
-    }).compile();
-    controller = module.get<AccountsController>(AccountsController);
-  });
-
-  it('list() returns accounts from service', async () => {
-    const result = await controller.list();
-    expect(result).toEqual(mockAccounts);
-    expect(mockService.list).toHaveBeenCalled();
-  });
-
-  it('getQr() calls service with the account id', async () => {
-    const result = await controller.getQr('acc_1');
-    expect(mockService.getQr).toHaveBeenCalledWith('acc_1');
-    expect(result.qrDataUrl).toBe('data:image/png;base64,fake');
-  });
-
-  it('create() calls service with displayName from body', async () => {
-    const result = await controller.create({ displayName: 'New' });
-    expect(mockService.create).toHaveBeenCalledWith('New');
-    expect(result).toEqual(mockCreated);
-  });
-
-  it('create() calls service with undefined when no displayName', async () => {
-    await controller.create({});
-    expect(mockService.create).toHaveBeenCalledWith(undefined);
-  });
-});
diff --git a/apps/api/src/modules/accounts/accounts.controller.ts b/apps/api/src/modules/accounts/accounts.controller.ts
deleted file mode 100644
index 09ea552..0000000
--- a/apps/api/src/modules/accounts/accounts.controller.ts
+++ /dev/null
@@ -1,22 +0,0 @@
-import { Controller, Get, Param, Post, Body } from '@nestjs/common';
-import { AccountsService } from './accounts.service';
-
-@Controller('accounts')
-export class AccountsController {
-  constructor(private readonly service: AccountsService) {}
-
-  @Get()
-  list() {
-    return this.service.list();
-  }
-
-  @Get(':id/qr')
-  getQr(@Param('id') id: string) {
-    return this.service.getQr(id);
-  }
-
-  @Post()
-  create(@Body() body: { displayName?: string }) {
-    return this.service.create(body.displayName);
-  }
-}
diff --git a/apps/api/src/modules/accounts/accounts.module.ts b/apps/api/src/modules/accounts/accounts.module.ts
deleted file mode 100644
index 1018a20..0000000
--- a/apps/api/src/modules/accounts/accounts.module.ts
+++ /dev/null
@@ -1,11 +0,0 @@
-import { Module } from '@nestjs/common';
-import { ConfigModule } from '@nestjs/config';
-import { AccountsController } from './accounts.controller';
-import { AccountsService } from './accounts.service';
-
-@Module({
-  imports: [ConfigModule],
-  controllers: [AccountsController],
-  providers: [AccountsService],
-})
-export class AccountsModule {}
diff --git a/apps/api/src/modules/accounts/accounts.service.spec.ts b/apps/api/src/modules/accounts/accounts.service.spec.ts
deleted file mode 100644
index 7116d68..0000000
--- a/apps/api/src/modules/accounts/accounts.service.spec.ts
+++ /dev/null
@@ -1,121 +0,0 @@
-import { Test, TestingModule } from '@nestjs/testing';
-import { ConfigService } from '@nestjs/config';
-import { AccountsService } from './accounts.service';
-import { PrismaService } from '../../prisma/prisma.service';
-import * as QRCode from 'qrcode';
-
-jest.mock('qrcode', () => ({
-  toDataURL: jest.fn().mockResolvedValue('data:image/png;base64,fakedata'),
-}));
-
-const mockAccounts = [
-  { id: 'acc_1', platform: 'whatsapp', jid: '111@s.whatsapp.net', displayName: 'Test Account', status: 'ACTIVE' },
-];
-
-const mockCreatedAccount = {
-  id: 'acc_new',
-  platform: 'whatsapp',
-  jid: 'pending_uuid@placeholder',
-  displayName: 'My Number',
-  status: 'DISCONNECTED',
-};
-
-const mockPrisma = {
-  account: {
-    findMany: jest.fn().mockResolvedValue(mockAccounts),
-    findUnique: jest.fn(),
-    create: jest.fn().mockResolvedValue(mockCreatedAccount),
-  },
-};
-
-const mockConfig = {
-  get: jest.fn().mockImplementation((key: string, def: string) =>
-    key === 'WHATSAPP_SESSION_PATH' ? './sessions' : def,
-  ),
-};
-
-describe('AccountsService', () => {
-  let service: AccountsService;
-
-  beforeEach(async () => {
-    jest.clearAllMocks();
-    const module: TestingModule = await Test.createTestingModule({
-      providers: [
-        AccountsService,
-        { provide: PrismaService, useValue: mockPrisma },
-        { provide: ConfigService, useValue: mockConfig },
-      ],
-    }).compile();
-    service = module.get<AccountsService>(AccountsService);
-  });
-
-  describe('list()', () => {
-    it('returns accounts from Prisma without qrCode field', async () => {
-      const result = await service.list();
-      expect(result).toEqual(mockAccounts);
-      expect(mockPrisma.account.findMany).toHaveBeenCalledWith(
-        expect.objectContaining({ select: expect.not.objectContaining({ qrCode: true }) }),
-      );
-    });
-  });
-
-  describe('getQr()', () => {
-    it('returns null qrDataUrl when account has no qrCode', async () => {
-      mockPrisma.account.findUnique.mockResolvedValue({ status: 'ACTIVE', qrCode: null });
-      const result = await service.getQr('acc_1');
-      expect(result).toEqual({ status: 'ACTIVE', qrDataUrl: null });
-      expect(QRCode.toDataURL).not.toHaveBeenCalled();
-    });
-
-    it('converts qrCode string to data URL when qrCode is present', async () => {
-      mockPrisma.account.findUnique.mockResolvedValue({ status: 'DISCONNECTED', qrCode: 'raw-qr-string' });
-      const result = await service.getQr('acc_1');
-      expect(QRCode.toDataURL).toHaveBeenCalledWith('raw-qr-string');
-      expect(result).toEqual({ status: 'DISCONNECTED', qrDataUrl: 'data:image/png;base64,fakedata' });
-    });
-
-    it('returns not_found status when account does not exist', async () => {
-      mockPrisma.account.findUnique.mockResolvedValue(null);
-      const result = await service.getQr('nonexistent');
-      expect(result).toEqual({ status: 'not_found', qrDataUrl: null });
-    });
-  });
-
-  describe('create()', () => {
-    it('creates account with platform whatsapp and status DISCONNECTED', async () => {
-      await service.create('My Number');
-      expect(mockPrisma.account.create).toHaveBeenCalledWith(
-        expect.objectContaining({
-          data: expect.objectContaining({
-            platform: 'whatsapp',
-            status: 'DISCONNECTED',
-            displayName: 'My Number',
-          }),
-        }),
-      );
-    });
-
-    it('generates a unique sessionPath under WHATSAPP_SESSION_PATH', async () => {
-      await service.create();
-      const call = mockPrisma.account.create.mock.calls[0][0];
-      expect(call.data.sessionPath).toMatch(/^\.\/sessions\/.+/);
-    });
-
-    it('generates a placeholder jid prefixed with pending_', async () => {
-      await service.create();
-      const call = mockPrisma.account.create.mock.calls[0][0];
-      expect(call.data.jid).toMatch(/^pending_/);
-    });
-
-    it('sets displayName to null when not provided', async () => {
-      await service.create();
-      const call = mockPrisma.account.create.mock.calls[0][0];
-      expect(call.data.displayName).toBeNull();
-    });
-
-    it('returns the created account summary', async () => {
-      const result = await service.create('My Number');
-      expect(result).toEqual(mockCreatedAccount);
-    });
-  });
-});
diff --git a/apps/api/src/modules/accounts/accounts.service.ts b/apps/api/src/modules/accounts/accounts.service.ts
deleted file mode 100644
index 868d4a2..0000000
--- a/apps/api/src/modules/accounts/accounts.service.ts
+++ /dev/null
@@ -1,59 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import { ConfigService } from '@nestjs/config';
-import { randomUUID } from 'crypto';
-import { PrismaService } from '../../prisma/prisma.service';
-import * as QRCode from 'qrcode';
-
-export interface AccountSummary {
-  id: string;
-  platform: string;
-  jid: string;
-  displayName: string | null;
-  status: string;
-}
-
-export interface AccountQr {
-  status: string;
-  qrDataUrl: string | null;
-}
-
-@Injectable()
-export class AccountsService {
-  constructor(
-    private readonly prisma: PrismaService,
-    private readonly config: ConfigService,
-  ) {}
-
-  list(): Promise<AccountSummary[]> {
-    return this.prisma.account.findMany({
-      orderBy: { createdAt: 'asc' },
-      select: { id: true, platform: true, jid: true, displayName: true, status: true },
-    });
-  }
-
-  async getQr(id: string): Promise<AccountQr> {
-    const account = await this.prisma.account.findUnique({
-      where: { id },
-      select: { status: true, qrCode: true },
-    });
-    if (!account) return { status: 'not_found', qrDataUrl: null };
-    if (!account.qrCode) return { status: account.status, qrDataUrl: null };
-    const qrDataUrl = await QRCode.toDataURL(account.qrCode);
-    return { status: account.status, qrDataUrl };
-  }
-
-  async create(displayName?: string): Promise<AccountSummary> {
-    const sessionBase = this.config.get<string>('WHATSAPP_SESSION_PATH', './sessions');
-    const uid = randomUUID();
-    return this.prisma.account.create({
-      data: {
-        platform: 'whatsapp',
-        jid: `pending_${uid}@placeholder`,
-        sessionPath: `${sessionBase}/${uid}`,
-        displayName: displayName ?? null,
-        status: 'DISCONNECTED',
-      },
-      select: { id: true, platform: true, jid: true, displayName: true, status: true },
-    });
-  }
-}
diff --git a/apps/api/src/modules/audit/audit.module.ts b/apps/api/src/modules/audit/audit.module.ts
new file mode 100644
index 0000000..8f9397d
--- /dev/null
+++ b/apps/api/src/modules/audit/audit.module.ts
@@ -0,0 +1,9 @@
+import { Global, Module } from '@nestjs/common';
+import { AuditService } from './audit.service';
+
+@Global()
+@Module({
+  providers: [AuditService],
+  exports: [AuditService],
+})
+export class AuditModule {}
diff --git a/apps/api/src/modules/audit/audit.service.spec.ts b/apps/api/src/modules/audit/audit.service.spec.ts
new file mode 100644
index 0000000..56109ae
--- /dev/null
+++ b/apps/api/src/modules/audit/audit.service.spec.ts
@@ -0,0 +1,61 @@
+import { Test } from '@nestjs/testing';
+import { ActorType } from '@prisma/client';
+import { AuditService } from './audit.service';
+import { PrismaService } from '../../prisma/prisma.service';
+import { AuditAction } from './audit.types';
+
+describe('AuditService', () => {
+  let service: AuditService;
+  let prisma: { auditEvent: { create: jest.Mock } };
+
+  beforeEach(async () => {
+    prisma = { auditEvent: { create: jest.fn().mockResolvedValue({}) } };
+    const moduleRef = await Test.createTestingModule({
+      providers: [
+        AuditService,
+        { provide: PrismaService, useValue: prisma },
+      ],
+    }).compile();
+    service = moduleRef.get(AuditService);
+  });
+
+  it('writes an audit event with the explicit tenantId and admin actor by default', async () => {
+    await service.log({
+      tenantId: 'tnt-1',
+      actorId: 'adm-1',
+      action: AuditAction.ROUTE_CREATED,
+      resourceType: 'SyncRoute',
+      resourceId: 'r-1',
+      payload: { foo: 'bar' },
+    });
+    expect(prisma.auditEvent.create).toHaveBeenCalledWith({
+      data: expect.objectContaining({
+        tenantId: 'tnt-1',
+        actorType: ActorType.ADMIN,
+        actorId: 'adm-1',
+        action: 'ROUTE_CREATED',
+        resourceType: 'SyncRoute',
+        resourceId: 'r-1',
+        payload: { foo: 'bar' },
+      }),
+    });
+  });
+
+  it('allows explicit tenantId override (e.g. system actor)', async () => {
+    await service.log({
+      tenantId: 'tnt-override',
+      actorType: ActorType.SYSTEM,
+      actorId: null,
+      action: AuditAction.AUTH_LOGIN,
+      resourceType: 'Admin',
+      resourceId: 'a-1',
+    });
+    expect(prisma.auditEvent.create).toHaveBeenCalledWith({
+      data: expect.objectContaining({
+        tenantId: 'tnt-override',
+        actorType: ActorType.SYSTEM,
+        actorId: null,
+      }),
+    });
+  });
+});
diff --git a/apps/api/src/modules/audit/audit.service.ts b/apps/api/src/modules/audit/audit.service.ts
new file mode 100644
index 0000000..44ff894
--- /dev/null
+++ b/apps/api/src/modules/audit/audit.service.ts
@@ -0,0 +1,35 @@
+import { Injectable } from '@nestjs/common';
+import { PrismaService } from '../../prisma/prisma.service';
+import { ActorType } from '@prisma/client';
+import { AuditActionValue } from './audit.types';
+
+export interface AuditLogInput {
+  action: AuditActionValue;
+  resourceType: string;
+  resourceId: string;
+  actorType?: ActorType;
+  actorId?: string | null;
+  payload?: Record<string, unknown>;
+  traceId?: string | null;
+  tenantId: string;
+}
+
+@Injectable()
+export class AuditService {
+  constructor(private readonly prisma: PrismaService) {}
+
+  async log(input: AuditLogInput): Promise<void> {
+    await this.prisma.auditEvent.create({
+      data: {
+        tenantId: input.tenantId,
+        actorType: input.actorType ?? ActorType.ADMIN,
+        actorId: input.actorId ?? null,
+        action: input.action,
+        resourceType: input.resourceType,
+        resourceId: input.resourceId,
+        payload: (input.payload ?? {}) as object,
+        traceId: input.traceId ?? null,
+      },
+    });
+  }
+}
diff --git a/apps/api/src/modules/audit/audit.types.ts b/apps/api/src/modules/audit/audit.types.ts
new file mode 100644
index 0000000..1f52426
--- /dev/null
+++ b/apps/api/src/modules/audit/audit.types.ts
@@ -0,0 +1,42 @@
+import { ActorType } from '@prisma/client';
+
+export { ActorType };
+
+// Initial set of audit actions — expand in later phases
+export const AuditAction = {
+  AUTH_LOGIN: 'AUTH_LOGIN',
+  AUTH_LOGIN_FAILED: 'AUTH_LOGIN_FAILED',
+  AUTH_LOGOUT: 'AUTH_LOGOUT',
+  AUTH_SIGNUP: 'AUTH_SIGNUP',
+  ROUTE_CREATED: 'ROUTE_CREATED',
+  ROUTE_DELETED: 'ROUTE_DELETED',
+  ACCOUNT_CREATED: 'ACCOUNT_CREATED',
+  MESSAGE_INGESTED: 'MESSAGE_INGESTED',
+  MESSAGE_APPROVED: 'MESSAGE_APPROVED',
+  MESSAGE_FORWARDED: 'MESSAGE_FORWARDED',
+  MESSAGE_INDEXED: 'MESSAGE_INDEXED',
+  BOT_INITIATED: 'BOT_INITIATED',
+  BOT_PAIRED: 'BOT_PAIRED',
+  BOT_REVEALED: 'BOT_REVEALED',
+  BOT_REMOVED: 'BOT_REMOVED',
+  BOT_ACCESS_GRANTED: 'BOT_ACCESS_GRANTED',
+  GROUP_PENDING_CLAIM: 'GROUP_PENDING_CLAIM',
+  GROUP_CLAIMED: 'GROUP_CLAIMED',
+  GROUP_RELEASED: 'GROUP_RELEASED',
+  GROUP_EXPIRED: 'GROUP_EXPIRED',
+  GROUP_CLAIM_TOKEN_SENT: 'GROUP_CLAIM_TOKEN_SENT',
+  GROUP_CLAIMED_WITH_TOKEN: 'GROUP_CLAIMED_WITH_TOKEN',
+  GROUP_SHARED: 'GROUP_SHARED',
+  GROUP_UNSHARED: 'GROUP_UNSHARED',
+  GROUP_CLAIM_TOKEN_REGENERATED: 'GROUP_CLAIM_TOKEN_REGENERATED',
+  GROUP_BOT_REMOVED: 'GROUP_BOT_REMOVED',
+  GROUP_BOT_RE_ADDED: 'GROUP_BOT_RE_ADDED',
+  MEMBER_ONBOARDED: 'MEMBER_ONBOARDED',
+  MEMBER_OPT_OUT: 'MEMBER_OPT_OUT',
+  MEMBER_OPT_IN: 'MEMBER_OPT_IN',
+  MEMBER_DELETED: 'MEMBER_DELETED',
+  OTP_REQUESTED: 'OTP_REQUESTED',
+  OTP_VERIFIED: 'OTP_VERIFIED',
+} as const;
+
+export type AuditActionValue = (typeof AuditAction)[keyof typeof AuditAction];
diff --git a/apps/api/src/modules/auth/auth.controller.ts b/apps/api/src/modules/auth/auth.controller.ts
new file mode 100644
index 0000000..a5468cb
--- /dev/null
+++ b/apps/api/src/modules/auth/auth.controller.ts
@@ -0,0 +1,39 @@
+import { Body, Controller, Get, HttpCode, HttpStatus, Post, UseGuards } from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { LoginDto } from './dto/login.dto';
+import { SignupDto } from './dto/signup.dto';
+import { Public } from './public.decorator';
+import { JwtAuthGuard } from './jwt-auth.guard';
+import { CurrentAdmin } from './current-admin.decorator';
+
+@Controller('auth')
+export class AuthController {
+  constructor(private readonly authService: AuthService) {}
+
+  @Public()
+  @Post('login')
+  @HttpCode(HttpStatus.OK)
+  async login(@Body() dto: LoginDto) {
+    return this.authService.login(dto);
+  }
+
+  @Public()
+  @Post('signup')
+  @HttpCode(HttpStatus.OK)
+  async signup(@Body() dto: SignupDto) {
+    return this.authService.signup(dto);
+  }
+
+  @UseGuards(JwtAuthGuard)
+  @Post('logout')
+  @HttpCode(HttpStatus.OK)
+  async logout(@CurrentAdmin() admin: any) {
+    return this.authService.logout(admin.sub, admin.tenantId);
+  }
+
+  @UseGuards(JwtAuthGuard)
+  @Get('me')
+  async me(@CurrentAdmin() admin: any) {
+    return this.authService.me(admin.sub, admin.tenantId);
+  }
+}
diff --git a/apps/api/src/modules/auth/auth.module.ts b/apps/api/src/modules/auth/auth.module.ts
new file mode 100644
index 0000000..841feda
--- /dev/null
+++ b/apps/api/src/modules/auth/auth.module.ts
@@ -0,0 +1,33 @@
+import { Module, forwardRef } from '@nestjs/common';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { JwtModule } from '@nestjs/jwt';
+import { PassportModule } from '@nestjs/passport';
+import { AuthService } from './auth.service';
+import { AuthController } from './auth.controller';
+import { JwtStrategy } from './jwt.strategy';
+import { JwtAuthGuard } from './jwt-auth.guard';
+import { RolesGuard } from './roles.guard';
+import { AuditModule } from '../audit/audit.module';
+import { BotModule } from '../bot/bot.module';
+
+@Module({
+  imports: [
+    AuditModule,
+    forwardRef(() => BotModule),
+    PassportModule,
+    JwtModule.registerAsync({
+      imports: [ConfigModule],
+      inject: [ConfigService],
+      useFactory: (config: ConfigService) => ({
+        secret: config.get<string>('JWT_SECRET') ?? '',
+        signOptions: {
+          expiresIn: (config.get<string>('JWT_EXPIRES_IN') ?? '7d') as `${number}d` | `${number}h` | `${number}m` | `${number}s`,
+        },
+      }),
+    }),
+  ],
+  controllers: [AuthController],
+  providers: [AuthService, JwtStrategy, JwtAuthGuard, RolesGuard],
+  exports: [AuthService, JwtAuthGuard, RolesGuard, JwtModule],
+})
+export class AuthModule {}
diff --git a/apps/api/src/modules/auth/auth.service.spec.ts b/apps/api/src/modules/auth/auth.service.spec.ts
new file mode 100644
index 0000000..ba5ee7d
--- /dev/null
+++ b/apps/api/src/modules/auth/auth.service.spec.ts
@@ -0,0 +1,254 @@
+import { Test } from '@nestjs/testing';
+import { ConflictException, UnauthorizedException } from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import { AuthService } from './auth.service';
+import { PrismaService } from '../../prisma/prisma.service';
+import { AuditService } from '../audit/audit.service';
+import { BotService } from '../bot/bot.service';
+import { verifyPassword, hashPassword } from './password.util';
+
+jest.mock('./password.util', () => ({
+  verifyPassword: jest.fn(),
+  hashPassword: jest.fn(),
+}));
+
+describe('AuthService', () => {
+  let service: AuthService;
+  let prisma: any;
+  let jwt: { signAsync: jest.Mock };
+  let audit: { log: jest.Mock };
+  let bot: { assignBotToTenant: jest.Mock };
+
+  beforeEach(async () => {
+    prisma = {
+      tenant: { findUnique: jest.fn(), create: jest.fn() },
+      admin: { findUnique: jest.fn(), findFirst: jest.fn(), findMany: jest.fn(), create: jest.fn() },
+      $transaction: jest.fn(),
+    };
+    jwt = { signAsync: jest.fn().mockResolvedValue('signed-jwt-token') };
+    audit = { log: jest.fn().mockResolvedValue(undefined) };
+    bot = { assignBotToTenant: jest.fn().mockResolvedValue({ id: 'bot-1', status: 'ACTIVE' }) };
+    (verifyPassword as jest.Mock).mockReset();
+    (hashPassword as jest.Mock).mockReset().mockResolvedValue('hashed-pw');
+
+    const moduleRef = await Test.createTestingModule({
+      providers: [
+        AuthService,
+        { provide: PrismaService, useValue: prisma },
+        { provide: JwtService, useValue: jwt },
+        { provide: AuditService, useValue: audit },
+        { provide: BotService, useValue: bot },
+      ],
+    }).compile();
+    service = moduleRef.get(AuthService);
+  });
+
+  describe('login', () => {
+    it('returns token + admin on valid credentials', async () => {
+      prisma.tenant.findUnique.mockResolvedValue({ id: 'tnt-1', slug: 'default' });
+      prisma.admin.findUnique.mockResolvedValue({
+        id: 'adm-1',
+        email: 'admin@tower.local',
+        passwordHash: 'hash',
+        role: 'OWNER',
+        tenantId: 'tnt-1',
+      });
+      (verifyPassword as jest.Mock).mockResolvedValue(true);
+
+      const res = await service.login({
+        tenantSlug: 'default',
+        email: 'admin@tower.local',
+        password: 'secret123',
+      });
+
+      expect(res.token).toBe('signed-jwt-token');
+      expect(res.admin).toEqual({
+        id: 'adm-1',
+        email: 'admin@tower.local',
+        role: 'OWNER',
+        tenantId: 'tnt-1',
+        tenantSlug: 'default',
+      });
+      expect(audit.log).toHaveBeenCalledWith(
+        expect.objectContaining({ action: 'AUTH_LOGIN', resourceId: 'adm-1' }),
+      );
+    });
+
+    it('rejects unknown tenant', async () => {
+      prisma.tenant.findUnique.mockResolvedValue(null);
+      await expect(
+        service.login({ tenantSlug: 'nope', email: 'a@b.c', password: 'secret123' }),
+      ).rejects.toThrow(UnauthorizedException);
+    });
+
+    it('rejects unknown admin', async () => {
+      prisma.tenant.findUnique.mockResolvedValue({ id: 'tnt-1', slug: 'default' });
+      prisma.admin.findUnique.mockResolvedValue(null);
+      await expect(
+        service.login({ tenantSlug: 'default', email: 'a@b.c', password: 'secret123' }),
+      ).rejects.toThrow(UnauthorizedException);
+      expect(audit.log).toHaveBeenCalledWith(
+        expect.objectContaining({ action: 'AUTH_LOGIN_FAILED' }),
+      );
+    });
+
+    it('rejects bad password', async () => {
+      prisma.tenant.findUnique.mockResolvedValue({ id: 'tnt-1', slug: 'default' });
+      prisma.admin.findUnique.mockResolvedValue({
+        id: 'adm-1',
+        email: 'a@b.c',
+        passwordHash: 'hash',
+        role: 'OWNER',
+        tenantId: 'tnt-1',
+      });
+      (verifyPassword as jest.Mock).mockResolvedValue(false);
+      await expect(
+        service.login({ tenantSlug: 'default', email: 'a@b.c', password: 'wrong1234' }),
+      ).rejects.toThrow(UnauthorizedException);
+    });
+
+    it('logs in by email alone when no tenantSlug is given and the email is unique', async () => {
+      prisma.admin.findMany.mockResolvedValue([{ tenantId: 'tnt-2' }]);
+      prisma.tenant.findUnique.mockResolvedValue({ id: 'tnt-2', slug: 'other' });
+      prisma.admin.findUnique.mockResolvedValue({
+        id: 'adm-2',
+        email: 'a@b.c',
+        passwordHash: 'hash',
+        role: 'OWNER',
+        tenantId: 'tnt-2',
+      });
+      (verifyPassword as jest.Mock).mockResolvedValue(true);
+
+      const res = await service.login({ email: 'a@b.c', password: 'secret123' });
+
+      expect(res.token).toBe('signed-jwt-token');
+      expect(res.admin.tenantSlug).toBe('other');
+      expect(res.admin.tenantId).toBe('tnt-2');
+    });
+
+    it('rejects when email belongs to multiple tenants', async () => {
+      prisma.admin.findMany.mockResolvedValue([{ tenantId: 'tnt-1' }, { tenantId: 'tnt-2' }]);
+      await expect(
+        service.login({ email: 'shared@x.com', password: 'secret123' }),
+      ).rejects.toThrow(/multiple tenants/);
+    });
+
+    it('rejects when email matches no admin', async () => {
+      prisma.admin.findMany.mockResolvedValue([]);
+      await expect(
+        service.login({ email: 'nobody@x.com', password: 'secret123' }),
+      ).rejects.toThrow(UnauthorizedException);
+    });
+  });
+
+  describe('me', () => {
+    it('returns admin profile', async () => {
+      prisma.admin.findFirst.mockResolvedValue({
+        id: 'adm-1',
+        email: 'a@b.c',
+        role: 'OWNER',
+        tenantId: 'tnt-1',
+        tenant: { slug: 'default' },
+      });
+      const res = await service.me('adm-1', 'tnt-1');
+      expect(res).toEqual({
+        admin: {
+          id: 'adm-1',
+          email: 'a@b.c',
+          role: 'OWNER',
+          tenantId: 'tnt-1',
+          tenantSlug: 'default',
+        },
+      });
+    });
+
+    it('throws when admin not found', async () => {
+      prisma.admin.findFirst.mockResolvedValue(null);
+      await expect(service.me('x', 'y')).rejects.toThrow(UnauthorizedException);
+    });
+  });
+
+  describe('logout', () => {
+    it('writes audit and returns ok', async () => {
+      const res = await service.logout('adm-1', 'tnt-1');
+      expect(res).toEqual({ ok: true });
+      expect(audit.log).toHaveBeenCalledWith(
+        expect.objectContaining({ action: 'AUTH_LOGOUT', resourceId: 'adm-1' }),
+      );
+    });
+  });
+
+  describe('signup', () => {
+    const baseReq = {
+      tenantName: 'Delhi Traders',
+      tenantSlug: 'delhi',
+      email: 'priya@delhi.test',
+      password: 'strongpass1',
+    };
+
+    it('creates tenant + owner admin atomically and returns token', async () => {
+      prisma.tenant.findUnique.mockResolvedValue(null);
+      prisma.$transaction.mockImplementation(async (cb: any) =>
+        cb({
+          tenant: {
+            create: jest.fn().mockResolvedValue({ id: 'tnt-new', slug: 'delhi', name: 'Delhi Traders' }),
+          },
+          admin: {
+            create: jest.fn().mockResolvedValue({
+              id: 'adm-new',
+              tenantId: 'tnt-new',
+              email: 'priya@delhi.test',
+              role: 'OWNER',
+            }),
+          },
+          tenantRule: { create: jest.fn().mockResolvedValue({}) },
+        }),
+      );
+
+      const res = await service.signup(baseReq);
+
+      expect(res.token).toBe('signed-jwt-token');
+      expect(res.admin).toEqual({
+        id: 'adm-new',
+        email: 'priya@delhi.test',
+        role: 'OWNER',
+        tenantId: 'tnt-new',
+        tenantSlug: 'delhi',
+      });
+      expect(audit.log).toHaveBeenCalledWith(
+        expect.objectContaining({
+          action: 'AUTH_SIGNUP',
+          tenantId: 'tnt-new',
+          resourceId: 'tnt-new',
+        }),
+      );
+    });
+
+    it('rejects a taken slug with 409', async () => {
+      prisma.tenant.findUnique.mockResolvedValue({ id: 'tnt-existing', slug: 'delhi' });
+      await expect(service.signup(baseReq)).rejects.toBeInstanceOf(ConflictException);
+      expect(prisma.$transaction).not.toHaveBeenCalled();
+    });
+
+    it('hashes the password before storing', async () => {
+      prisma.tenant.findUnique.mockResolvedValue(null);
+      prisma.$transaction.mockImplementation(async (cb: any) =>
+        cb({
+          tenant: { create: jest.fn().mockResolvedValue({ id: 'tnt-x', slug: 'x', name: 'X' }) },
+          admin: {
+            create: jest.fn().mockImplementation(async ({ data }: any) => ({
+              id: 'adm-x',
+              tenantId: 'tnt-x',
+              email: data.email,
+              role: data.role,
+            })),
+          },
+          tenantRule: { create: jest.fn().mockResolvedValue({}) },
+        }),
+      );
+
+      await service.signup({ ...baseReq, password: 'plaintext' });
+      expect(hashPassword).toHaveBeenCalledWith('plaintext');
+    });
+  });
+});
diff --git a/apps/api/src/modules/auth/auth.service.ts b/apps/api/src/modules/auth/auth.service.ts
new file mode 100644
index 0000000..0c74f3f
--- /dev/null
+++ b/apps/api/src/modules/auth/auth.service.ts
@@ -0,0 +1,218 @@
+import { ConflictException, Injectable, UnauthorizedException } from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import {
+  AdminRole,
+  JwtPayload,
+  LoginRequest,
+  LoginResponse,
+  SignupRequest,
+  SignupResponse,
+} from '@tower/types';
+import { AdminRole as PrismaAdminRole } from '@prisma/client';
+import { PrismaService } from '../../prisma/prisma.service';
+import { verifyPassword } from './password.util';
+import { AuditService } from '../audit/audit.service';
+import { AuditAction } from '../audit/audit.types';
+import { hashPassword } from './password.util';
+import { BotService } from '../bot/bot.service';
+
+@Injectable()
+export class AuthService {
+  constructor(
+    private readonly prisma: PrismaService,
+    private readonly jwt: JwtService,
+    private readonly audit: AuditService,
+    private readonly bot: BotService,
+  ) {}
+
+  async login(req: LoginRequest): Promise<LoginResponse> {
+    let tenant: { id: string; slug: string } | null = null;
+
+    if (req.tenantSlug) {
+      tenant = await this.prisma.tenant.findUnique({ where: { slug: req.tenantSlug } });
+      if (!tenant) {
+        throw new UnauthorizedException('Invalid credentials');
+      }
+    } else {
+      // Look up by email across all tenants. Most users belong to one tenant.
+      const matches = await this.prisma.admin.findMany({
+        where: { email: req.email },
+        select: { tenantId: true },
+      });
+      if (matches.length === 0) {
+        throw new UnauthorizedException('Invalid credentials');
+      }
+      if (matches.length > 1) {
+        // Disambiguate by requiring the client to send tenantSlug.
+        throw new UnauthorizedException(
+          'Email is registered in multiple tenants — please specify tenantSlug',
+        );
+      }
+      const found = await this.prisma.tenant.findUnique({ where: { id: matches[0].tenantId } });
+      if (!found) {
+        throw new UnauthorizedException('Invalid credentials');
+      }
+      tenant = found;
+    }
+
+    const admin = await this.prisma.admin.findUnique({
+      where: { tenantId_email: { tenantId: tenant.id, email: req.email } },
+    });
+    if (!admin) {
+      await this.recordFailedLogin(req.email, 'no_admin', tenant.id);
+      throw new UnauthorizedException('Invalid credentials');
+    }
+    const ok = await verifyPassword(req.password, admin.passwordHash);
+    if (!ok) {
+      await this.recordFailedLogin(req.email, 'bad_password', tenant.id, admin.id);
+      throw new UnauthorizedException('Invalid credentials');
+    }
+
+    const payload: JwtPayload = {
+      kind: 'admin',
+      sub: admin.id,
+      tenantId: admin.tenantId,
+      role: admin.role as AdminRole,
+      email: admin.email,
+    };
+    const token = await this.jwt.signAsync(payload);
+    await this.audit.log({
+      tenantId: tenant.id,
+      actorId: admin.id,
+      action: AuditAction.AUTH_LOGIN,
+      resourceType: 'Admin',
+      resourceId: admin.id,
+      payload: { email: admin.email },
+    });
+
+    return {
+      token,
+      admin: {
+        id: admin.id,
+        email: admin.email,
+        role: admin.role as AdminRole,
+        tenantId: admin.tenantId,
+        tenantSlug: tenant.slug,
+      },
+    };
+  }
+
+  async me(adminId: string, tenantId: string): Promise<{ admin: LoginResponse['admin'] }> {
+    const admin = await this.prisma.admin.findFirst({
+      where: { id: adminId, tenantId },
+      include: { tenant: true },
+    });
+    if (!admin) throw new UnauthorizedException('Admin not found');
+    return {
+      admin: {
+        id: admin.id,
+        email: admin.email,
+        role: admin.role as AdminRole,
+        tenantId: admin.tenantId,
+        tenantSlug: admin.tenant.slug,
+      },
+    };
+  }
+
+  async logout(adminId: string, tenantId: string): Promise<{ ok: true }> {
+    await this.audit.log({
+      tenantId,
+      actorId: adminId,
+      action: AuditAction.AUTH_LOGOUT,
+      resourceType: 'Admin',
+      resourceId: adminId,
+    });
+    return { ok: true };
+  }
+
+  async signup(req: SignupRequest): Promise<SignupResponse> {
+    const existingSlug = await this.prisma.tenant.findUnique({ where: { slug: req.tenantSlug } });
+    if (existingSlug) {
+      throw new ConflictException('That tenant slug is already taken');
+    }
+
+    const passwordHash = await hashPassword(req.password);
+
+    const { tenant, admin } = await this.prisma.$transaction(async (tx) => {
+      const tenant = await tx.tenant.create({
+        data: { slug: req.tenantSlug, name: req.tenantName },
+      });
+      const admin = await tx.admin.create({
+        data: {
+          tenantId: tenant.id,
+          email: req.email,
+          passwordHash,
+          role: PrismaAdminRole.OWNER,
+        },
+      });
+
+      // Seed default rules: FLAG for #important and #event hashtags, PREFIX for /tower
+      const defaults: Array<{ matchType: any; matchValue: string; action: any; priority: number }> = [
+        { matchType: 'HASHTAG' as const, matchValue: '#important', action: 'FLAG' as const, priority: 0 },
+        { matchType: 'HASHTAG' as const, matchValue: '#event', action: 'FLAG' as const, priority: 1 },
+        { matchType: 'PREFIX' as const, matchValue: '/tower', action: 'FLAG' as const, priority: 2 },
+      ];
+      for (const rule of defaults) {
+        await tx.tenantRule.create({
+          data: { tenantId: tenant.id, ...rule },
+        }).catch(() => {
+          // Ignore duplicate errors; rules are best-effort during signup
+        });
+      }
+
+      return { tenant, admin };
+    });
+
+    const payload: JwtPayload = {
+      kind: 'admin',
+      sub: admin.id,
+      tenantId: tenant.id,
+      role: PrismaAdminRole.OWNER,
+      email: admin.email,
+    };
+    const token = await this.jwt.signAsync(payload);
+
+    await this.audit.log({
+      tenantId: tenant.id,
+      actorId: admin.id,
+      action: AuditAction.AUTH_SIGNUP,
+      resourceType: 'Tenant',
+      resourceId: tenant.id,
+      payload: { email: admin.email, tenantSlug: tenant.slug },
+    });
+
+    // Auto-assign the least-loaded bot
+    await this.bot.assignBotToTenant(tenant.id);
+
+    return {
+      token,
+      admin: {
+        id: admin.id,
+        email: admin.email,
+        role: PrismaAdminRole.OWNER,
+        tenantId: tenant.id,
+        tenantSlug: tenant.slug,
+      },
+    };
+  }
+
+  private async recordFailedLogin(
+    email: string,
+    reason: string,
+    tenantId?: string,
+    adminId?: string,
+  ): Promise<void> {
+    if (!tenantId) return; // cannot audit without a tenant
+    await this.audit.log({
+      tenantId,
+      actorId: adminId ?? null,
+      action: AuditAction.AUTH_LOGIN_FAILED,
+      resourceType: 'Admin',
+      resourceId: adminId ?? email,
+      payload: { email, reason },
+    });
+  }
+
+  // Helper used by the seed script
+  static hashForSeed = hashPassword;
+}
diff --git a/apps/api/src/modules/auth/current-admin.decorator.ts b/apps/api/src/modules/auth/current-admin.decorator.ts
new file mode 100644
index 0000000..036ac2c
--- /dev/null
+++ b/apps/api/src/modules/auth/current-admin.decorator.ts
@@ -0,0 +1,9 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+import { JwtPayload } from '@tower/types';
+
+export const CurrentAdmin = createParamDecorator(
+  (_data: unknown, ctx: ExecutionContext): JwtPayload | null => {
+    const request = ctx.switchToHttp().getRequest();
+    return (request.user as JwtPayload | undefined) ?? null;
+  },
+);
diff --git a/apps/api/src/modules/auth/current-member.decorator.ts b/apps/api/src/modules/auth/current-member.decorator.ts
new file mode 100644
index 0000000..9c28a55
--- /dev/null
+++ b/apps/api/src/modules/auth/current-member.decorator.ts
@@ -0,0 +1,9 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+import { MemberJwtPayload } from '@tower/types';
+
+export const CurrentMember = createParamDecorator(
+  (_data: unknown, ctx: ExecutionContext): MemberJwtPayload => {
+    const request = ctx.switchToHttp().getRequest();
+    return request.user as MemberJwtPayload;
+  },
+);
diff --git a/apps/api/src/modules/auth/current-tenant.decorator.ts b/apps/api/src/modules/auth/current-tenant.decorator.ts
new file mode 100644
index 0000000..944b282
--- /dev/null
+++ b/apps/api/src/modules/auth/current-tenant.decorator.ts
@@ -0,0 +1,9 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+import { TenantContext } from '../../common/tenant-context';
+
+export const CurrentTenantContext = createParamDecorator(
+  (_data: unknown, ctx: ExecutionContext): TenantContext => {
+    const request = ctx.switchToHttp().getRequest();
+    return request.tenantContext as TenantContext;
+  },
+);
diff --git a/apps/api/src/modules/auth/dto/login.dto.ts b/apps/api/src/modules/auth/dto/login.dto.ts
new file mode 100644
index 0000000..f903384
--- /dev/null
+++ b/apps/api/src/modules/auth/dto/login.dto.ts
@@ -0,0 +1,14 @@
+import { IsEmail, IsOptional, IsString, MinLength } from 'class-validator';
+
+export class LoginDto {
+  @IsOptional()
+  @IsString()
+  tenantSlug?: string;
+
+  @IsEmail()
+  email!: string;
+
+  @IsString()
+  @MinLength(6)
+  password!: string;
+}
diff --git a/apps/api/src/modules/auth/dto/signup.dto.ts b/apps/api/src/modules/auth/dto/signup.dto.ts
new file mode 100644
index 0000000..6dc73b2
--- /dev/null
+++ b/apps/api/src/modules/auth/dto/signup.dto.ts
@@ -0,0 +1,24 @@
+import { IsEmail, IsString, Matches, MaxLength, MinLength } from 'class-validator';
+
+export class SignupDto {
+  @IsString()
+  @MinLength(2)
+  @MaxLength(80)
+  tenantName!: string;
+
+  // Lowercase, alphanumeric + dashes, 2-40 chars, must start with a letter
+  @IsString()
+  @Matches(/^[a-z][a-z0-9-]{1,39}$/, {
+    message:
+      'tenantSlug must be 2-40 chars, start with a letter, and contain only lowercase letters, digits, and dashes',
+  })
+  tenantSlug!: string;
+
+  @IsEmail()
+  email!: string;
+
+  @IsString()
+  @MinLength(8)
+  @MaxLength(128)
+  password!: string;
+}
diff --git a/apps/api/src/modules/auth/jwt-auth.guard.ts b/apps/api/src/modules/auth/jwt-auth.guard.ts
new file mode 100644
index 0000000..e1a4c2b
--- /dev/null
+++ b/apps/api/src/modules/auth/jwt-auth.guard.ts
@@ -0,0 +1,48 @@
+import { ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { AuthGuard } from '@nestjs/passport';
+import { AdminJwtPayload, JwtPayload, MemberJwtPayload } from '@tower/types';
+import { IS_PUBLIC_KEY } from './public.decorator';
+
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') {
+  constructor(private readonly reflector: Reflector) {
+    super();
+  }
+
+  canActivate(context: ExecutionContext) {
+    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+    if (isPublic) return true;
+    return super.canActivate(context);
+  }
+
+  // After JWT validation, attach a TenantContext to the request so that
+  // controllers, services, and the AuditService can read tenantId/adminId/role
+  // without re-parsing the token.
+  handleRequest<TUser = JwtPayload>(err: unknown, user: TUser, info: unknown, context: ExecutionContext): TUser {
+    if (err || !user) {
+      throw err ?? new UnauthorizedException(info instanceof Error ? info.message : 'Invalid or missing token');
+    }
+    const payload = user as unknown as JwtPayload;
+    const request = context.switchToHttp().getRequest();
+    if (payload.kind === 'admin') {
+      const admin = payload as AdminJwtPayload;
+      request.tenantContext = {
+        tenantId: admin.tenantId,
+        adminId: admin.sub,
+        role: admin.role,
+      };
+    } else {
+      const member = payload as MemberJwtPayload;
+      request.tenantContext = {
+        tenantId: member.tenantId,
+        adminId: null,
+        role: null,
+      };
+    }
+    return user;
+  }
+}
diff --git a/apps/api/src/modules/auth/jwt.strategy.ts b/apps/api/src/modules/auth/jwt.strategy.ts
new file mode 100644
index 0000000..ff1c9c9
--- /dev/null
+++ b/apps/api/src/modules/auth/jwt.strategy.ts
@@ -0,0 +1,20 @@
+import { Injectable } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { PassportStrategy } from '@nestjs/passport';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+import { JwtPayload } from '@tower/types';
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy) {
+  constructor(config: ConfigService) {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKey: config.get<string>('JWT_SECRET') ?? '',
+    });
+  }
+
+  async validate(payload: JwtPayload): Promise<JwtPayload> {
+    return payload;
+  }
+}
diff --git a/apps/api/src/modules/auth/member-auth.decorator.ts b/apps/api/src/modules/auth/member-auth.decorator.ts
new file mode 100644
index 0000000..d639f53
--- /dev/null
+++ b/apps/api/src/modules/auth/member-auth.decorator.ts
@@ -0,0 +1,8 @@
+import { applyDecorators, SetMetadata, UseGuards } from '@nestjs/common';
+import { MemberAuthGuard } from './member-auth.guard';
+import { JwtAuthGuard } from './jwt-auth.guard';
+
+export const MEMBER_AUTH_KEY = 'member-auth';
+
+export const MemberAuth = () =>
+  applyDecorators(SetMetadata(MEMBER_AUTH_KEY, true), UseGuards(JwtAuthGuard, MemberAuthGuard));
diff --git a/apps/api/src/modules/auth/member-auth.guard.ts b/apps/api/src/modules/auth/member-auth.guard.ts
new file mode 100644
index 0000000..7010a77
--- /dev/null
+++ b/apps/api/src/modules/auth/member-auth.guard.ts
@@ -0,0 +1,14 @@
+import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
+import { MemberJwtPayload } from '@tower/types';
+
+@Injectable()
+export class MemberAuthGuard implements CanActivate {
+  canActivate(context: ExecutionContext): boolean {
+    const request = context.switchToHttp().getRequest();
+    const user = request.user as MemberJwtPayload | undefined;
+    if (!user || user.kind !== 'member') {
+      throw new UnauthorizedException('Member authentication required');
+    }
+    return true;
+  }
+}
diff --git a/apps/api/src/modules/auth/password.util.spec.ts b/apps/api/src/modules/auth/password.util.spec.ts
new file mode 100644
index 0000000..3631f7c
--- /dev/null
+++ b/apps/api/src/modules/auth/password.util.spec.ts
@@ -0,0 +1,34 @@
+jest.mock('bcryptjs', () => ({
+  __esModule: true,
+  hash: jest.fn(),
+  compare: jest.fn(),
+}));
+
+import * as bcrypt from 'bcryptjs';
+import { hashPassword, verifyPassword } from './password.util';
+
+const mockedBcrypt = bcrypt as unknown as { hash: jest.Mock; compare: jest.Mock };
+
+describe('password util', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('hashes and verifies a password roundtrip', async () => {
+    mockedBcrypt.hash.mockResolvedValue('$2a$10$hashedvalue');
+    mockedBcrypt.compare.mockResolvedValue(true);
+
+    const hash = await hashPassword('secret', 4);
+    expect(hash).toBe('$2a$10$hashedvalue');
+    expect(mockedBcrypt.hash).toHaveBeenCalledWith('secret', 4);
+
+    const ok = await verifyPassword('secret', hash);
+    expect(ok).toBe(true);
+  });
+
+  it('rejects wrong password', async () => {
+    mockedBcrypt.compare.mockResolvedValue(false);
+    const ok = await verifyPassword('wrong', '$2a$10$hashedvalue');
+    expect(ok).toBe(false);
+  });
+});
diff --git a/apps/api/src/modules/auth/password.util.ts b/apps/api/src/modules/auth/password.util.ts
new file mode 100644
index 0000000..c50fab3
--- /dev/null
+++ b/apps/api/src/modules/auth/password.util.ts
@@ -0,0 +1,9 @@
+import * as bcrypt from 'bcryptjs';
+
+export async function hashPassword(plain: string, rounds: number = 10): Promise<string> {
+  return bcrypt.hash(plain, rounds);
+}
+
+export async function verifyPassword(plain: string, hash: string): Promise<boolean> {
+  return bcrypt.compare(plain, hash);
+}
diff --git a/apps/api/src/modules/auth/public.decorator.ts b/apps/api/src/modules/auth/public.decorator.ts
new file mode 100644
index 0000000..b3845e1
--- /dev/null
+++ b/apps/api/src/modules/auth/public.decorator.ts
@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+
+export const IS_PUBLIC_KEY = 'isPublic';
+export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);
diff --git a/apps/api/src/modules/auth/roles.decorator.ts b/apps/api/src/modules/auth/roles.decorator.ts
new file mode 100644
index 0000000..7a6a203
--- /dev/null
+++ b/apps/api/src/modules/auth/roles.decorator.ts
@@ -0,0 +1,5 @@
+import { SetMetadata } from '@nestjs/common';
+import { AdminRole } from '@tower/types';
+
+export const ROLES_KEY = 'roles';
+export const Roles = (...roles: AdminRole[]) => SetMetadata(ROLES_KEY, roles);
diff --git a/apps/api/src/modules/auth/roles.guard.ts b/apps/api/src/modules/auth/roles.guard.ts
new file mode 100644
index 0000000..a3411f6
--- /dev/null
+++ b/apps/api/src/modules/auth/roles.guard.ts
@@ -0,0 +1,23 @@
+import { CanActivate, ExecutionContext, ForbiddenException, Injectable } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { AdminRole } from '@tower/types';
+import { ROLES_KEY } from './roles.decorator';
+
+@Injectable()
+export class RolesGuard implements CanActivate {
+  constructor(private readonly reflector: Reflector) {}
+
+  canActivate(context: ExecutionContext): boolean {
+    const required = this.reflector.getAllAndOverride<AdminRole[] | undefined>(ROLES_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+    if (!required || required.length === 0) return true;
+    const request = context.switchToHttp().getRequest();
+    const role = request.tenantContext?.role as AdminRole | null | undefined;
+    if (!role || !required.includes(role)) {
+      throw new ForbiddenException(`Role ${role ?? 'none'} not in required: ${required.join(', ')}`);
+    }
+    return true;
+  }
+}
diff --git a/apps/api/src/modules/bot/bot-admin.controller.ts b/apps/api/src/modules/bot/bot-admin.controller.ts
new file mode 100644
index 0000000..27751dc
--- /dev/null
+++ b/apps/api/src/modules/bot/bot-admin.controller.ts
@@ -0,0 +1,39 @@
+import { Body, Controller, Delete, Get, Param, Post, UseGuards } from '@nestjs/common';
+import { BotService } from './bot.service';
+import { SuperAdminGuard } from '../super-admin/super-admin.guard';
+import { IsOptional, IsString } from 'class-validator';
+
+class InitiateBotDto {
+  @IsOptional() @IsString() displayName?: string;
+}
+
+@Controller('admin/bots')
+@UseGuards(SuperAdminGuard)
+export class BotAdminController {
+  constructor(private readonly service: BotService) {}
+
+  @Get()
+  list() {
+    return this.service.listAll();
+  }
+
+  @Post('initiate')
+  initiate(@Body() body: InitiateBotDto) {
+    return this.service.superInitiate(body.displayName);
+  }
+
+  @Get('qr/:token')
+  getQr(@Param('token') token: string) {
+    return this.service.superGetQr(token);
+  }
+
+  @Post(':id/assign')
+  assign(@Param('id') id: string, @Body() body: { tenantId: string }) {
+    return this.service.assignTenant(body.tenantId, id);
+  }
+
+  @Delete(':id')
+  remove(@Param('id') id: string) {
+    return this.service.superRemove(id);
+  }
+}
diff --git a/apps/api/src/modules/bot/bot.controller.ts b/apps/api/src/modules/bot/bot.controller.ts
new file mode 100644
index 0000000..f0271b1
--- /dev/null
+++ b/apps/api/src/modules/bot/bot.controller.ts
@@ -0,0 +1,24 @@
+import { Body, Controller, Get, Post, UseGuards } from '@nestjs/common';
+import { BotService } from './bot.service';
+import { CurrentTenantContext } from '../auth/current-tenant.decorator';
+import { TenantContext } from '../../common/tenant-context';
+import { JwtAuthGuard } from '../auth/jwt-auth.guard';
+import { RolesGuard } from '../auth/roles.guard';
+import { Roles } from '../auth/roles.decorator';
+
+@Controller('admin/bot')
+@UseGuards(JwtAuthGuard, RolesGuard)
+@Roles('OWNER', 'ADMIN')
+export class BotController {
+  constructor(private readonly service: BotService) {}
+
+  @Get()
+  get(@CurrentTenantContext() ctx: TenantContext) {
+    return this.service.get(ctx.tenantId);
+  }
+
+  @Post('reveal')
+  reveal(@CurrentTenantContext() ctx: TenantContext) {
+    return this.service.reveal(ctx.tenantId, ctx.adminId ?? '');
+  }
+}
diff --git a/apps/api/src/modules/bot/bot.module.ts b/apps/api/src/modules/bot/bot.module.ts
new file mode 100644
index 0000000..63ea263
--- /dev/null
+++ b/apps/api/src/modules/bot/bot.module.ts
@@ -0,0 +1,15 @@
+import { Module, forwardRef } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
+import { BotController } from './bot.controller';
+import { BotAdminController } from './bot-admin.controller';
+import { BotService } from './bot.service';
+import { AuthModule } from '../auth/auth.module';
+import { SuperAdminModule } from '../super-admin/super-admin.module';
+
+@Module({
+  imports: [ConfigModule, forwardRef(() => AuthModule), SuperAdminModule],
+  controllers: [BotController, BotAdminController],
+  providers: [BotService],
+  exports: [BotService],
+})
+export class BotModule {}
diff --git a/apps/api/src/modules/bot/bot.service.spec.ts b/apps/api/src/modules/bot/bot.service.spec.ts
new file mode 100644
index 0000000..8015d78
--- /dev/null
+++ b/apps/api/src/modules/bot/bot.service.spec.ts
@@ -0,0 +1,189 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { BotService } from './bot.service';
+import { PrismaService } from '../../prisma/prisma.service';
+import { AuditService } from '../audit/audit.service';
+import { ConfigService } from '@nestjs/config';
+
+describe('BotService', () => {
+  let service: BotService;
+  const mockPrisma: any = {
+    account: {
+      findFirst: jest.fn(),
+      create: jest.fn(),
+      findUnique: jest.fn(),
+    },
+    tenantBot: {
+      create: jest.fn(),
+      deleteMany: jest.fn(),
+      count: jest.fn(),
+      findUnique: jest.fn(),
+    },
+  };
+  const mockAudit = { log: jest.fn() };
+  const mockConfig = { get: jest.fn().mockReturnValue('./sessions') };
+
+  beforeEach(async () => {
+    jest.clearAllMocks();
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        BotService,
+        { provide: PrismaService, useValue: mockPrisma },
+        { provide: AuditService, useValue: mockAudit },
+        { provide: ConfigService, useValue: mockConfig },
+      ],
+    }).compile();
+    service = module.get<BotService>(BotService);
+  });
+
+  describe('initiate', () => {
+    it('creates Account + TenantBot and returns pairingToken', async () => {
+      mockPrisma.account.findFirst.mockResolvedValue(null);
+      const created = { id: 'acc-1', jid: 'pending_x@placeholder', displayName: null };
+      mockPrisma.account.create.mockResolvedValue(created);
+      mockPrisma.tenantBot.create.mockResolvedValue({});
+
+      const res = await service.initiate('tnt-1', 'adm-1', 'MyBot');
+
+      expect(res.pairingToken).toBeTruthy();
+      expect(res.expiresAt).toBeTruthy();
+      expect(mockPrisma.account.create).toHaveBeenCalledWith(
+        expect.objectContaining({
+          data: expect.objectContaining({
+            isBot: true,
+            status: 'PAIRING',
+            displayName: 'MyBot',
+          }),
+        }),
+      );
+      expect(mockPrisma.tenantBot.create).toHaveBeenCalledWith({
+        data: { tenantId: 'tnt-1', accountId: 'acc-1', isActive: true },
+      });
+      expect(mockAudit.log).toHaveBeenCalledWith(
+        expect.objectContaining({ action: 'BOT_INITIATED', resourceId: 'acc-1' }),
+      );
+    });
+
+    it('rejects if any account already exists', async () => {
+      mockPrisma.account.findFirst.mockResolvedValue({ id: 'acc-existing' });
+      await expect(service.initiate('tnt-1', 'adm-1')).rejects.toThrow(/already configured/);
+    });
+  });
+
+  describe('get', () => {
+    it('returns { bot: null, shared: false } when no bot paired', async () => {
+      mockPrisma.account.findFirst.mockResolvedValue(null);
+      expect(await service.get('tnt-1')).toEqual({ bot: null, shared: false });
+    });
+
+    it('hides jid when bot is not ACTIVE', async () => {
+      mockPrisma.account.findFirst.mockResolvedValue({
+        id: 'acc-1',
+        platform: 'whatsapp',
+        jid: 'pending_x@placeholder',
+        displayName: null,
+        status: 'PAIRING',
+        isBot: true,
+        createdAt: new Date(),
+        updatedAt: new Date(),
+      });
+      const res = await service.get('tnt-1');
+      expect(res.bot?.jid).toBeNull();
+      expect(res.bot?.status).toBe('PAIRING');
+    });
+
+    it('shows jid when bot is ACTIVE', async () => {
+      mockPrisma.account.findFirst.mockResolvedValue({
+        id: 'acc-1',
+        platform: 'whatsapp',
+        jid: '1234567890:12@s.whatsapp.net',
+        displayName: null,
+        status: 'ACTIVE',
+        isBot: true,
+        createdAt: new Date(),
+        updatedAt: new Date(),
+      });
+      const res = await service.get('tnt-1');
+      expect(res.bot?.jid).toBe('1234567890:12@s.whatsapp.net');
+    });
+
+    it('reports shared=true when caller has no own bot but another tenant does', async () => {
+      mockPrisma.account.findFirst
+        .mockResolvedValueOnce(null) // own bot lookup: none
+        .mockResolvedValueOnce({
+          id: 'acc-shared',
+          platform: 'whatsapp',
+          jid: 'shared:1@s.whatsapp.net',
+          displayName: null,
+          status: 'ACTIVE',
+          isBot: true,
+          createdAt: new Date(),
+          updatedAt: new Date(),
+        });
+      const res = await service.get('tnt-new');
+      expect(res.shared).toBe(true);
+      expect(res.bot).toBeNull();
+      expect(res.sharedBotId).toBe('acc-shared');
+    });
+  });
+
+  const fullAccount = (overrides: Partial<any> = {}) => ({
+    id: 'acc-1',
+    platform: 'whatsapp',
+    jid: 'shared:1@s.whatsapp.net',
+    displayName: null,
+    status: 'ACTIVE',
+    isBot: true,
+    createdAt: new Date('2026-01-01T00:00:00Z'),
+    updatedAt: new Date('2026-01-01T00:00:00Z'),
+    ...overrides,
+  });
+
+  describe('attach', () => {
+    it('creates TenantBot link and writes audit', async () => {
+      mockPrisma.account.findUnique.mockResolvedValue(fullAccount({ id: 'acc-shared' }));
+      mockPrisma.tenantBot.findUnique.mockResolvedValue(null);
+
+      const res = await service.attach('tnt-new', 'adm-new', 'acc-shared');
+      expect(res.bot.id).toBe('acc-shared');
+      expect(mockPrisma.tenantBot.create).toHaveBeenCalledWith({
+        data: { tenantId: 'tnt-new', accountId: 'acc-shared', isActive: true },
+      });
+      expect(mockAudit.log).toHaveBeenCalledWith(
+        expect.objectContaining({ action: 'BOT_ACCESS_GRANTED' }),
+      );
+    });
+
+    it('is idempotent when TenantBot link already exists', async () => {
+      mockPrisma.account.findUnique.mockResolvedValue(fullAccount({ id: 'acc-shared' }));
+      mockPrisma.tenantBot.findUnique.mockResolvedValue({ tenantId: 'tnt-new', accountId: 'acc-shared' });
+
+      await service.attach('tnt-new', 'adm-new', 'acc-shared');
+      expect(mockPrisma.tenantBot.create).not.toHaveBeenCalled();
+    });
+
+    it('rejects banned bots', async () => {
+      mockPrisma.account.findUnique.mockResolvedValue(fullAccount({ id: 'acc-banned', status: 'BANNED' }));
+      await expect(service.attach('tnt-new', 'adm-new', 'acc-banned')).rejects.toThrow(/banned/);
+    });
+  });
+
+  describe('reveal', () => {
+    it('throws when no active bot', async () => {
+      mockPrisma.account.findFirst.mockResolvedValue({ id: 'acc-1', status: 'PAIRING', jid: 'x' });
+      await expect(service.reveal('tnt-1', 'adm-1')).rejects.toThrow(/No active bot/);
+    });
+
+    it('returns jid and writes audit event', async () => {
+      mockPrisma.account.findFirst.mockResolvedValue({
+        id: 'acc-1',
+        status: 'ACTIVE',
+        jid: '1234567890:12@s.whatsapp.net',
+      });
+      const res = await service.reveal('tnt-1', 'adm-1');
+      expect(res.jid).toBe('1234567890:12@s.whatsapp.net');
+      expect(mockAudit.log).toHaveBeenCalledWith(
+        expect.objectContaining({ action: 'BOT_REVEALED', payload: { jid: '1234567890:12@s.whatsapp.net' } }),
+      );
+    });
+  });
+});
diff --git a/apps/api/src/modules/bot/bot.service.ts b/apps/api/src/modules/bot/bot.service.ts
new file mode 100644
index 0000000..4c3265f
--- /dev/null
+++ b/apps/api/src/modules/bot/bot.service.ts
@@ -0,0 +1,304 @@
+import { ConflictException, Injectable, Logger, NotFoundException } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { randomUUID } from 'crypto';
+import { PrismaService } from '../../prisma/prisma.service';
+import { AuditService } from '../audit/audit.service';
+import { AuditAction } from '../audit/audit.types';
+import * as QRCode from 'qrcode';
+import type { BotInitiateResponse, BotQrResponse, BotRevealResponse, BotStatus, BotSummary } from '@tower/types';
+
+const PAIRING_TTL_MS = 5 * 60 * 1000;
+
+@Injectable()
+export class BotService {
+  private readonly logger = new Logger(BotService.name);
+
+  constructor(
+    private readonly prisma: PrismaService,
+    private readonly config: ConfigService,
+    private readonly audit: AuditService,
+  ) {}
+
+  async initiate(tenantId: string, adminId: string, displayName?: string): Promise<BotInitiateResponse> {
+    const existing = await this.prisma.account.findFirst({
+      where: { isBot: true, status: { in: ['PAIRING', 'ACTIVE', 'DISCONNECTED'] } },
+    });
+    if (existing) {
+      throw new ConflictException('A bot is already configured. Remove it before pairing a new one.');
+    }
+
+    const sessionBase = this.config.get<string>('WHATSAPP_SESSION_PATH', './sessions');
+    const uid = randomUUID();
+    const pairingToken = randomUUID();
+    const expiresAt = new Date(Date.now() + PAIRING_TTL_MS);
+
+    const account = await this.prisma.account.create({
+      data: {
+        platform: 'whatsapp',
+        jid: `pending_${uid}@placeholder`,
+        sessionPath: `${sessionBase}/${uid}`,
+        displayName: displayName ?? null,
+        status: 'PAIRING',
+        isBot: true,
+        pairingToken,
+        pairingExpiresAt: expiresAt,
+      },
+    });
+
+    await this.prisma.tenantBot.create({
+      data: { tenantId, accountId: account.id, isActive: true },
+    });
+
+    await this.audit.log({
+      tenantId,
+      actorId: adminId,
+      action: AuditAction.BOT_INITIATED,
+      resourceType: 'Account',
+      resourceId: account.id,
+      payload: { displayName: account.displayName },
+    });
+
+    return {
+      pairingToken,
+      expiresAt: expiresAt.toISOString(),
+      qrDataUrl: null,
+    };
+  }
+
+  async getQr(tenantId: string, pairingToken: string): Promise<BotQrResponse> {
+    const account = await this.prisma.account.findFirst({
+      where: { pairingToken, tenants: { some: { tenantId } } },
+    });
+    if (!account) {
+      throw new NotFoundException('Pairing token not found for this tenant');
+    }
+    if (account.pairingExpiresAt && account.pairingExpiresAt < new Date()) {
+      return {
+        status: account.status as BotStatus,
+        qrDataUrl: null,
+        pairingToken: account.pairingToken ?? '',
+        expiresAt: account.pairingExpiresAt.toISOString(),
+      };
+    }
+    if (!account.qrCode) {
+      return {
+        status: account.status as BotStatus,
+        qrDataUrl: null,
+        pairingToken: account.pairingToken ?? '',
+        expiresAt: account.pairingExpiresAt?.toISOString() ?? new Date().toISOString(),
+      };
+    }
+    const qrDataUrl = await QRCode.toDataURL(account.qrCode);
+    return {
+      status: account.status as BotStatus,
+      qrDataUrl,
+      pairingToken: account.pairingToken ?? '',
+      expiresAt: account.pairingExpiresAt?.toISOString() ?? new Date().toISOString(),
+    };
+  }
+
+  async get(tenantId: string): Promise<{ bot: BotSummary | null; shared: boolean; sharedBotId?: string }> {
+    const own = await this.prisma.account.findFirst({
+      where: { tenants: { some: { tenantId } } },
+      orderBy: { createdAt: 'asc' },
+    });
+    if (own) {
+      return { bot: this.toSummary(own), shared: false };
+    }
+    // No own bot — is there a shared bot we could attach to?
+    const shared = await this.prisma.account.findFirst({
+      where: {
+        isBot: true,
+        status: { in: ['ACTIVE', 'DISCONNECTED', 'PAIRING'] },
+        tenants: { some: {} },
+      },
+      orderBy: { createdAt: 'asc' },
+    });
+    if (shared) {
+      return { bot: null, shared: true, sharedBotId: shared.id };
+    }
+    return { bot: null, shared: false };
+  }
+
+  async attach(tenantId: string, adminId: string, accountId: string): Promise<{ bot: BotSummary }> {
+    const account = await this.prisma.account.findUnique({ where: { id: accountId } });
+    if (!account || !account.isBot) throw new NotFoundException('Bot not found');
+    if (account.status === 'BANNED') {
+      throw new ConflictException('Bot is banned and cannot be shared');
+    }
+    const existing = await this.prisma.tenantBot.findUnique({
+      where: { tenantId_accountId: { tenantId, accountId } },
+    });
+    if (!existing) {
+      await this.prisma.tenantBot.create({
+        data: { tenantId, accountId, isActive: true },
+      });
+      await this.audit.log({
+        tenantId,
+        actorId: adminId,
+        action: AuditAction.BOT_ACCESS_GRANTED,
+        resourceType: 'Account',
+        resourceId: accountId,
+        payload: { reason: 'tenant attached to shared bot' },
+      });
+    }
+    return { bot: this.toSummary(account) };
+  }
+
+  private toSummary(account: any): BotSummary {
+    return {
+      id: account.id,
+      platform: account.platform,
+      jid: account.status === 'ACTIVE' ? account.jid : null,
+      displayName: account.displayName,
+      status: account.status as BotStatus,
+      isBot: account.isBot,
+      createdAt: account.createdAt.toISOString(),
+      updatedAt: account.updatedAt.toISOString(),
+    };
+  }
+
+  /**
+   * Find the least-loaded ACTIVE bot and assign it to the tenant.
+   * Returns null if no bot is available in the pool.
+   * Idempotent — skips if the tenant already has a TenantBot.
+   */
+  async assignBotToTenant(tenantId: string): Promise<BotSummary | null> {
+    const existing = await this.prisma.tenantBot.findFirst({
+      where: { tenantId },
+      include: { account: true },
+    });
+    if (existing) {
+      return this.toSummary(existing.account);
+    }
+
+    const candidates = await this.prisma.account.findMany({
+      where: { isBot: true, status: 'ACTIVE' },
+      include: { _count: { select: { tenants: true } } },
+    });
+    if (candidates.length === 0) {
+      this.logger.warn({ tenantId }, 'No ACTIVE bot available to assign');
+      return null;
+    }
+
+    const best = candidates.reduce((a, b) =>
+      a._count.tenants <= b._count.tenants ? a : b,
+    );
+
+    await this.prisma.tenantBot.create({
+      data: { tenantId, accountId: best.id, isActive: true },
+    });
+    this.logger.log({ tenantId, accountId: best.id, tenantCount: best._count.tenants }, 'Bot auto-assigned');
+
+    return this.toSummary(best);
+  }
+
+  async reveal(tenantId: string, adminId: string): Promise<BotRevealResponse> {
+    const account = await this.prisma.account.findFirst({
+      where: { tenants: { some: { tenantId } } },
+    });
+    if (!account || account.status !== 'ACTIVE') {
+      throw new NotFoundException('No active bot to reveal');
+    }
+    await this.audit.log({
+      tenantId,
+      actorId: adminId,
+      action: AuditAction.BOT_REVEALED,
+      resourceType: 'Account',
+      resourceId: account.id,
+      payload: { jid: account.jid },
+    });
+    return { jid: account.jid, revealedAt: new Date().toISOString() };
+  }
+
+  // ---------------------------------------------------------------------------
+  // Super admin bot management
+  // ---------------------------------------------------------------------------
+
+  async listAll(): Promise<any[]> {
+    const bots = await this.prisma.account.findMany({
+      where: { isBot: true },
+      orderBy: { createdAt: 'desc' },
+      include: { _count: { select: { tenants: true } } },
+    });
+    return bots.map((b) => ({
+      id: b.id,
+      jid: b.status === 'ACTIVE' ? b.jid : null,
+      displayName: b.displayName,
+      status: b.status,
+      platform: b.platform,
+      tenantCount: b._count.tenants,
+      createdAt: b.createdAt.toISOString(),
+      updatedAt: b.updatedAt.toISOString(),
+    }));
+  }
+
+  async superInitiate(displayName?: string): Promise<{ pairingToken: string; expiresAt: string }> {
+    const sessionBase = this.config.get<string>('WHATSAPP_SESSION_PATH', './sessions');
+    const uid = randomUUID();
+    const pairingToken = randomUUID();
+    const expiresAt = new Date(Date.now() + PAIRING_TTL_MS);
+
+    await this.prisma.account.create({
+      data: {
+        platform: 'whatsapp',
+        jid: `pending_${uid}@placeholder`,
+        sessionPath: `${sessionBase}/${uid}`,
+        displayName: displayName ?? null,
+        status: 'PAIRING',
+        isBot: true,
+        pairingToken,
+        pairingExpiresAt: expiresAt,
+      },
+    });
+
+    return { pairingToken, expiresAt: expiresAt.toISOString() };
+  }
+
+  async superGetQr(pairingToken: string): Promise<any> {
+    const account = await this.prisma.account.findFirst({
+      where: { pairingToken },
+    });
+    if (!account) throw new NotFoundException('Pairing token not found');
+    if (account.pairingExpiresAt && account.pairingExpiresAt < new Date()) {
+      return { status: account.status, qrDataUrl: null, pairingToken, expiresAt: account.pairingExpiresAt.toISOString() };
+    }
+    if (!account.qrCode) {
+      return { status: account.status, qrDataUrl: null, pairingToken, expiresAt: account.pairingExpiresAt?.toISOString() ?? new Date().toISOString() };
+    }
+    const qrDataUrl = await QRCode.toDataURL(account.qrCode);
+    return { status: account.status, qrDataUrl, pairingToken, expiresAt: account.pairingExpiresAt?.toISOString() ?? new Date().toISOString() };
+  }
+
+  async assignTenant(tenantId: string, accountId: string): Promise<any> {
+    const account = await this.prisma.account.findUnique({ where: { id: accountId } });
+    if (!account || !account.isBot) throw new NotFoundException('Bot not found');
+    if (account.status !== 'ACTIVE') throw new ConflictException('Bot is not ACTIVE');
+
+    const tenant = await this.prisma.tenant.findUnique({ where: { id: tenantId } });
+    if (!tenant) throw new NotFoundException('Tenant not found');
+
+    const existing = await this.prisma.tenantBot.findFirst({ where: { tenantId } });
+    if (existing) throw new ConflictException('Tenant already has a bot assigned');
+
+    await this.prisma.tenantBot.create({
+      data: { tenantId, accountId: account.id, isActive: true },
+    });
+
+    return { ok: true, accountId: account.id, jid: account.jid };
+  }
+
+  async superRemove(accountId: string): Promise<{ ok: true }> {
+    const account = await this.prisma.account.findUnique({
+      where: { id: accountId },
+      include: { _count: { select: { tenants: true } } },
+    });
+    if (!account || !account.isBot) throw new NotFoundException('Bot not found');
+    if (account._count.tenants > 0) {
+      throw new ConflictException(`Cannot remove bot — ${account._count.tenants} tenant(s) still assigned. Reassign them first.`);
+    }
+
+    await this.prisma.account.delete({ where: { id: accountId } });
+    return { ok: true };
+  }
+}
diff --git a/apps/api/src/modules/groups/groups.controller.spec.ts b/apps/api/src/modules/groups/groups.controller.spec.ts
index 6e3770a..eea170a 100644
--- a/apps/api/src/modules/groups/groups.controller.spec.ts
+++ b/apps/api/src/modules/groups/groups.controller.spec.ts
@@ -1,11 +1,25 @@
 import { Test, TestingModule } from '@nestjs/testing';
 import { GroupsController } from './groups.controller';
 import { GroupsService } from './groups.service';
+import type { TenantContext } from '../../common/tenant-context';
+
+const ctx: TenantContext = { tenantId: 'tnt-A', adminId: 'adm_1', role: 'OWNER' };
 
 const mockGroups = [
-  { id: 'grp_1', name: 'Alpha', platform: 'whatsapp', platformId: '111@g.us', isActive: true, accountId: 'acc_1' },
+  { id: 'grp_1', name: 'Alpha', platform: 'whatsapp', platformId: '111@g.us', isActive: true, accountId: 'acc_1', tenantId: 'tnt-A' },
 ];
-const mockService = { list: jest.fn().mockResolvedValue(mockGroups) };
+
+const mockService = {
+  list: jest.fn().mockResolvedValue(mockGroups),
+  listShared: jest.fn().mockResolvedValue([]),
+  listSharedByMe: jest.fn().mockResolvedValue([]),
+  getClaimTokenInfo: jest.fn(),
+  claimWithToken: jest.fn(),
+  share: jest.fn(),
+  unshare: jest.fn(),
+  regenerateToken: jest.fn(),
+  listUnclaimed: jest.fn().mockResolvedValue([]),
+};
 
 describe('GroupsController', () => {
   let controller: GroupsController;
@@ -22,9 +36,29 @@ describe('GroupsController', () => {
     controller = module.get<GroupsController>(GroupsController);
   });
 
-  it('returns groups from service', async () => {
-    const result = await controller.list();
+  it('list() delegates to service', async () => {
+    const result = await controller.list(ctx);
     expect(result).toEqual(mockGroups);
-    expect(mockService.list).toHaveBeenCalled();
+    expect(mockService.list).toHaveBeenCalledWith('tnt-A');
+  });
+
+  it('listShared() delegates to service', async () => {
+    await controller.listShared(ctx);
+    expect(mockService.listShared).toHaveBeenCalledWith('tnt-A');
+  });
+
+  it('claimWithToken() delegates to service', async () => {
+    await controller.claimWithToken(ctx, { token: 'abc123' });
+    expect(mockService.claimWithToken).toHaveBeenCalledWith('abc123', 'adm_1');
+  });
+
+  it('share() delegates to service', async () => {
+    await controller.share(ctx, 'grp_1', { targetTenantId: 'tnt-B' });
+    expect(mockService.share).toHaveBeenCalledWith('tnt-A', 'adm_1', 'grp_1', 'tnt-B');
+  });
+
+  it('listUnclaimed() delegates to service', async () => {
+    await controller.listUnclaimed();
+    expect(mockService.listUnclaimed).toHaveBeenCalledWith();
   });
 });
diff --git a/apps/api/src/modules/groups/groups.controller.ts b/apps/api/src/modules/groups/groups.controller.ts
index 0e16891..7d3144d 100644
--- a/apps/api/src/modules/groups/groups.controller.ts
+++ b/apps/api/src/modules/groups/groups.controller.ts
@@ -1,12 +1,86 @@
-import { Controller, Get } from '@nestjs/common';
+import { Body, Controller, Delete, Get, Param, Post, Query, UseGuards } from '@nestjs/common';
 import { GroupsService } from './groups.service';
+import { CurrentTenantContext } from '../auth/current-tenant.decorator';
+import { TenantContext } from '../../common/tenant-context';
+import { JwtAuthGuard } from '../auth/jwt-auth.guard';
+import { RolesGuard } from '../auth/roles.guard';
+import { Roles } from '../auth/roles.decorator';
+import { IsString } from 'class-validator';
 
-@Controller('groups')
+class ClaimWithTokenDto {
+  @IsString() token!: string;
+}
+
+class ShareDto {
+  @IsString() targetTenantId!: string;
+}
+
+@Controller()
+@UseGuards(JwtAuthGuard, RolesGuard)
 export class GroupsController {
   constructor(private readonly groupsService: GroupsService) {}
 
-  @Get()
-  list() {
-    return this.groupsService.list();
+  @Get('groups')
+  list(@CurrentTenantContext() ctx: TenantContext) {
+    return this.groupsService.list(ctx.tenantId);
+  }
+
+  @Get('groups/shared')
+  listShared(@CurrentTenantContext() ctx: TenantContext) {
+    return this.groupsService.listShared(ctx.tenantId);
+  }
+
+  @Get('groups/shared-by-me')
+  listSharedByMe(@CurrentTenantContext() ctx: TenantContext) {
+    return this.groupsService.listSharedByMe(ctx.tenantId);
+  }
+
+  @Get('admin/groups/claim-token-info')
+  getClaimTokenInfo(@Query('token') token: string) {
+    return this.groupsService.getClaimTokenInfo(token);
+  }
+
+  @Post('admin/groups/claim-with-token')
+  @Roles('OWNER')
+  claimWithToken(
+    @CurrentTenantContext() ctx: TenantContext,
+    @Body() body: ClaimWithTokenDto,
+  ) {
+    return this.groupsService.claimWithToken(body.token, ctx.adminId ?? '');
+  }
+
+  @Post('admin/groups/:id/share')
+  @Roles('OWNER')
+  share(
+    @CurrentTenantContext() ctx: TenantContext,
+    @Param('id') id: string,
+    @Body() body: ShareDto,
+  ) {
+    return this.groupsService.share(ctx.tenantId, ctx.adminId ?? '', id, body.targetTenantId);
+  }
+
+  @Delete('admin/groups/:id/share/:targetTenantId')
+  @Roles('OWNER')
+  unshare(
+    @CurrentTenantContext() ctx: TenantContext,
+    @Param('id') id: string,
+    @Param('targetTenantId') targetTenantId: string,
+  ) {
+    return this.groupsService.unshare(ctx.tenantId, id, targetTenantId);
+  }
+
+  @Post('admin/groups/:id/regenerate-token')
+  @Roles('OWNER')
+  regenerateToken(
+    @CurrentTenantContext() ctx: TenantContext,
+    @Param('id') id: string,
+  ) {
+    return this.groupsService.regenerateToken(ctx.tenantId, ctx.adminId ?? '', id);
+  }
+
+  @Get('admin/groups/unclaimed')
+  @Roles('OWNER')
+  listUnclaimed() {
+    return this.groupsService.listUnclaimed();
   }
 }
diff --git a/apps/api/src/modules/groups/groups.service.spec.ts b/apps/api/src/modules/groups/groups.service.spec.ts
index 3fda63e..b0f99f3 100644
--- a/apps/api/src/modules/groups/groups.service.spec.ts
+++ b/apps/api/src/modules/groups/groups.service.spec.ts
@@ -1,37 +1,141 @@
 import { Test, TestingModule } from '@nestjs/testing';
+import { ConflictException, NotFoundException } from '@nestjs/common';
 import { GroupsService } from './groups.service';
 import { PrismaService } from '../../prisma/prisma.service';
+import { AuditService } from '../audit/audit.service';
 
-const mockGroups = [
-  { id: 'grp_1', name: 'Alpha', platform: 'whatsapp', platformId: '111@g.us', isActive: true, accountId: 'acc_1' },
-  { id: 'grp_2', name: 'Beta', platform: 'whatsapp', platformId: '222@g.us', isActive: true, accountId: null },
-];
+const mockGroup = { id: 'grp_1', name: 'Alpha', platform: 'whatsapp', platformId: '111@g.us', isActive: true, accountId: 'acc_1', tenantId: 'tnt-A' };
 
 describe('GroupsService', () => {
   let service: GroupsService;
-  const mockPrisma = { group: { findMany: jest.fn().mockResolvedValue(mockGroups) } };
-
-  beforeEach(() => {
-    jest.clearAllMocks();
-  });
+  const mockPrisma: any = {
+    group: {
+      findMany: jest.fn().mockResolvedValue([mockGroup]),
+      findUnique: jest.fn().mockResolvedValue(mockGroup),
+      findFirst: jest.fn(),
+      update: jest.fn().mockResolvedValue(mockGroup),
+    },
+    groupClaimToken: {
+      findUnique: jest.fn(),
+      create: jest.fn(),
+      update: jest.fn(),
+    },
+    groupAccess: {
+      findMany: jest.fn(),
+      findUnique: jest.fn(),
+      create: jest.fn(),
+      delete: jest.fn(),
+    },
+    tenantBot: { findUnique: jest.fn(), count: jest.fn(), create: jest.fn() },
+    admin: { findUnique: jest.fn() },
+    tenant: { findMany: jest.fn() },
+    $transaction: jest.fn(),
+  };
+  const mockAudit = { log: jest.fn() };
 
   beforeEach(async () => {
+    jest.clearAllMocks();
     const module: TestingModule = await Test.createTestingModule({
       providers: [
         GroupsService,
         { provide: PrismaService, useValue: mockPrisma },
+        { provide: AuditService, useValue: mockAudit },
       ],
     }).compile();
     service = module.get<GroupsService>(GroupsService);
   });
 
-  it('returns all groups ordered by name', async () => {
-    const result = await service.list();
-    expect(result).toHaveLength(2);
-    expect(result[0].name).toBe('Alpha');
-    expect(mockPrisma.group.findMany).toHaveBeenCalledWith({
-      orderBy: { name: 'asc' },
-      select: { id: true, name: true, platform: true, platformId: true, isActive: true, accountId: true },
+  describe('list', () => {
+    it('returns groups for the given tenant including shared groups', async () => {
+      const result = await service.list('tnt-A');
+      expect(result).toHaveLength(1);
+      expect(mockPrisma.group.findMany).toHaveBeenCalledWith(
+        expect.objectContaining({
+          where: expect.objectContaining({ OR: expect.any(Array) }),
+        }),
+      );
+    });
+  });
+
+  describe('listUnclaimed', () => {
+    it('returns groups with no tenantId', async () => {
+      await service.listUnclaimed();
+      expect(mockPrisma.group.findMany).toHaveBeenCalledWith(
+        expect.objectContaining({ where: { tenantId: null } }),
+      );
+    });
+  });
+
+  describe('getClaimTokenInfo', () => {
+    it('throws NotFound for invalid token', async () => {
+      mockPrisma.groupClaimToken.findUnique.mockResolvedValueOnce(null);
+      await expect(service.getClaimTokenInfo('bad')).rejects.toThrow(NotFoundException);
+    });
+  });
+
+  describe('claimWithToken', () => {
+    const mockToken = {
+      id: 'tok_1', groupId: 'grp_1', token: 'abc123', creatorJid: 'creator@jid',
+      expiresAt: new Date(Date.now() + 3600000), consumedAt: null,
+    };
+
+    beforeEach(() => {
+      mockPrisma.admin.findUnique.mockResolvedValue({ id: 'adm_1', tenantId: 'tnt-A' });
+      mockPrisma.groupClaimToken.findUnique.mockResolvedValue(mockToken);
+      mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp_1', tenantId: null, accountId: 'acc_1' });
+      mockPrisma.tenantBot.findUnique.mockResolvedValue({ tenantId: 'tnt-A', accountId: 'acc_1' });
+      mockPrisma.$transaction.mockResolvedValue([mockGroup]);
+    });
+
+    it('throws NotFound when admin does not exist', async () => {
+      mockPrisma.admin.findUnique.mockResolvedValueOnce(null);
+      await expect(service.claimWithToken('abc123', 'bad_admin')).rejects.toThrow(NotFoundException);
+    });
+
+    it('throws Conflict when token is consumed', async () => {
+      mockPrisma.groupClaimToken.findUnique.mockResolvedValueOnce({ ...mockToken, consumedAt: new Date() });
+      await expect(service.claimWithToken('abc123', 'adm_1')).rejects.toThrow(ConflictException);
+    });
+
+    it('throws Conflict when token is expired', async () => {
+      mockPrisma.groupClaimToken.findUnique.mockResolvedValueOnce({ ...mockToken, expiresAt: new Date(Date.now() - 1000) });
+      await expect(service.claimWithToken('abc123', 'adm_1')).rejects.toThrow(ConflictException);
+    });
+
+    it('throws Conflict when group is already claimed', async () => {
+      mockPrisma.group.findUnique.mockResolvedValueOnce({ id: 'grp_1', tenantId: 'tnt-B', accountId: 'acc_1' });
+      await expect(service.claimWithToken('abc123', 'adm_1')).rejects.toThrow(ConflictException);
+    });
+  });
+
+  describe('share / unshare', () => {
+    const sharedAccess = { id: 'acc_1', groupId: 'grp_1', tenantId: 'tnt-B', grantedBy: 'adm_1' };
+
+    it('share creates a GroupAccess record', async () => {
+      mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp_1', tenantId: 'tnt-A' });
+      mockPrisma.groupAccess.findUnique.mockResolvedValue(null);
+      mockPrisma.groupAccess.create.mockResolvedValue(sharedAccess);
+      const result = await service.share('tnt-A', 'adm_1', 'grp_1', 'tnt-B');
+      expect(result).toEqual(sharedAccess);
+    });
+
+    it('share throws Conflict if already shared', async () => {
+      mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp_1', tenantId: 'tnt-A' });
+      mockPrisma.groupAccess.findUnique.mockResolvedValue(sharedAccess);
+      await expect(service.share('tnt-A', 'adm_1', 'grp_1', 'tnt-B')).rejects.toThrow(ConflictException);
+    });
+
+    it('unshare deletes the GroupAccess record', async () => {
+      mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp_1', tenantId: 'tnt-A' });
+      mockPrisma.groupAccess.findUnique.mockResolvedValue(sharedAccess);
+      mockPrisma.groupAccess.delete.mockResolvedValue(sharedAccess);
+      await expect(service.unshare('tnt-A', 'grp_1', 'tnt-B')).resolves.not.toThrow();
+    });
+
+    it('unshare throws NotFound if no share exists', async () => {
+      mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp_1', tenantId: 'tnt-A' });
+      mockPrisma.groupAccess.findUnique.mockResolvedValue(null);
+      await expect(service.unshare('tnt-A', 'grp_1', 'tnt-B')).rejects.toThrow(NotFoundException);
     });
   });
 });
diff --git a/apps/api/src/modules/groups/groups.service.ts b/apps/api/src/modules/groups/groups.service.ts
index 5069987..d2c89ac 100644
--- a/apps/api/src/modules/groups/groups.service.ts
+++ b/apps/api/src/modules/groups/groups.service.ts
@@ -1,5 +1,8 @@
-import { Injectable } from '@nestjs/common';
+import { ConflictException, Injectable, NotFoundException, ForbiddenException } from '@nestjs/common';
 import { PrismaService } from '../../prisma/prisma.service';
+import { AuditService } from '../audit/audit.service';
+import { AuditAction } from '../audit/audit.types';
+import { randomBytes } from 'crypto';
 
 export interface GroupSummary {
   id: string;
@@ -8,16 +11,257 @@ export interface GroupSummary {
   platformId: string;
   isActive: boolean;
   accountId: string | null;
+  tenantId: string | null;
 }
 
+const TOKEN_TTL_MS = 48 * 60 * 60 * 1000;
+
 @Injectable()
 export class GroupsService {
-  constructor(private readonly prisma: PrismaService) {}
+  constructor(
+    private readonly prisma: PrismaService,
+    private readonly audit: AuditService,
+  ) {}
 
-  list(): Promise<GroupSummary[]> {
+  list(tenantId: string): Promise<GroupSummary[]> {
     return this.prisma.group.findMany({
+      where: {
+        OR: [
+          { tenantId },
+          { groupAccesses: { some: { tenantId } } },
+        ],
+      },
       orderBy: { name: 'asc' },
-      select: { id: true, name: true, platform: true, platformId: true, isActive: true, accountId: true },
+      select: {
+        id: true, name: true, platform: true, platformId: true,
+        isActive: true, accountId: true, tenantId: true,
+      },
     });
   }
+
+  async listUnclaimed(): Promise<GroupSummary[]> {
+    return this.prisma.group.findMany({
+      where: { tenantId: null },
+      orderBy: { name: 'asc' },
+      select: {
+        id: true, name: true, platform: true, platformId: true,
+        isActive: true, accountId: true, tenantId: true,
+      },
+    });
+  }
+
+  async listShared(tenantId: string): Promise<(GroupSummary & { sharedByTenantName: string })[]> {
+    const accesses = await this.prisma.groupAccess.findMany({
+      where: { tenantId },
+      include: {
+        group: {
+          select: {
+            id: true, name: true, platform: true, platformId: true,
+            isActive: true, accountId: true, tenantId: true,
+          },
+        },
+      },
+    });
+    const ownerTenantIds: string[] = [...new Set(accesses.map((a) => a.group.tenantId).filter((id): id is string => !!id))];
+    const tenants = ownerTenantIds.length > 0
+      ? await this.prisma.tenant.findMany({
+          where: { id: { in: ownerTenantIds } },
+          select: { id: true, name: true },
+        })
+      : [];
+    const tenantMap = new Map(tenants.map((t) => [t.id, t.name]));
+    return accesses.map((a) => ({
+      ...a.group,
+      sharedByTenantName: a.group.tenantId ? tenantMap.get(a.group.tenantId) ?? 'Unknown' : 'Unknown',
+    }));
+  }
+
+  async listSharedByMe(tenantId: string) {
+    const accesses = await this.prisma.groupAccess.findMany({
+      where: { group: { tenantId } },
+      include: {
+        group: { select: { id: true, name: true } },
+        tenant: { select: { id: true, name: true } },
+      },
+      orderBy: { createdAt: 'desc' },
+    });
+    // Group by group
+    const grouped = new Map<string, { groupId: string; groupName: string; sharedWith: { tenantId: string; tenantName: string; grantedAt: Date }[] }>();
+    for (const a of accesses) {
+      const key = a.group.id;
+      if (!grouped.has(key)) {
+        grouped.set(key, { groupId: a.group.id, groupName: a.group.name, sharedWith: [] });
+      }
+      grouped.get(key)!.sharedWith.push({
+        tenantId: a.tenantId,
+        tenantName: a.tenant.name,
+        grantedAt: a.createdAt,
+      });
+    }
+    return [...grouped.values()];
+  }
+
+  async getClaimTokenInfo(token: string) {
+    const record = await this.prisma.groupClaimToken.findUnique({
+      where: { token },
+      include: { group: { select: { name: true } } },
+    });
+    if (!record) throw new NotFoundException('Invalid token');
+    return {
+      groupName: record.group.name,
+      expiresAt: record.expiresAt.toISOString(),
+      isConsumed: record.consumedAt !== null,
+      isExpired: record.expiresAt < new Date(),
+    };
+  }
+
+  async claimWithToken(token: string, adminId: string): Promise<GroupSummary> {
+    const admin = await this.prisma.admin.findUnique({
+      where: { id: adminId },
+      select: { tenantId: true },
+    });
+    if (!admin) throw new NotFoundException('Admin not found');
+
+    const record = await this.prisma.groupClaimToken.findUnique({
+      where: { token },
+    });
+    if (!record) throw new NotFoundException('Invalid token');
+    if (record.consumedAt) throw new ConflictException('Token has already been used');
+    if (record.expiresAt < new Date()) throw new ConflictException('Token has expired');
+
+    const group = await this.prisma.group.findUnique({
+      where: { id: record.groupId },
+    });
+    if (!group) throw new NotFoundException('Group not found');
+    if (group.tenantId) throw new ConflictException('Group is already claimed');
+
+    // Account-binding: ensure the claiming tenant has a TenantBot link
+    if (group.accountId) {
+      const myLink = await this.prisma.tenantBot.findUnique({
+        where: { tenantId_accountId: { tenantId: admin.tenantId, accountId: group.accountId } },
+      });
+      if (!myLink) {
+        const anyLinks = await this.prisma.tenantBot.count({
+          where: { accountId: group.accountId },
+        });
+        if (anyLinks === 0) {
+          throw new ConflictException('Bot account has no tenant binding — cannot claim');
+        }
+        await this.prisma.tenantBot.create({
+          data: { tenantId: admin.tenantId, accountId: group.accountId, isActive: true },
+        });
+        await this.audit.log({
+          tenantId: admin.tenantId,
+          actorId: adminId,
+          action: AuditAction.BOT_ACCESS_GRANTED,
+          resourceType: 'Account',
+          resourceId: group.accountId,
+          payload: { reason: 'auto-grant on token claim', groupId: group.id },
+        });
+      }
+    }
+
+    const [updated] = await this.prisma.$transaction([
+      this.prisma.group.update({
+        where: { id: group.id },
+        data: { tenantId: admin.tenantId, claimStatus: 'CLAIMED' },
+        select: {
+          id: true, name: true, platform: true, platformId: true,
+          isActive: true, accountId: true, tenantId: true,
+        },
+      }),
+      this.prisma.groupClaimToken.update({
+        where: { id: record.id },
+        data: { consumedAt: new Date() },
+      }),
+    ]);
+
+    await this.audit.log({
+      tenantId: admin.tenantId,
+      actorId: adminId,
+      action: AuditAction.GROUP_CLAIMED_WITH_TOKEN,
+      resourceType: 'Group',
+      resourceId: group.id,
+      payload: { groupName: group.name },
+    });
+
+    return updated;
+  }
+
+  async share(tenantId: string, adminId: string, groupId: string, targetTenantId: string) {
+    const group = await this.prisma.group.findUnique({ where: { id: groupId } });
+    if (!group) throw new NotFoundException('Group not found');
+    if (group.tenantId !== tenantId) throw new NotFoundException('Group not found');
+
+    const existing = await this.prisma.groupAccess.findUnique({
+      where: { groupId_tenantId: { groupId, tenantId: targetTenantId } },
+    });
+    if (existing) throw new ConflictException('Group already shared with this tenant');
+
+    const access = await this.prisma.groupAccess.create({
+      data: { groupId, tenantId: targetTenantId, grantedBy: adminId },
+    });
+
+    await this.audit.log({
+      tenantId,
+      actorId: adminId,
+      action: AuditAction.GROUP_SHARED,
+      resourceType: 'Group',
+      resourceId: groupId,
+      payload: { targetTenantId, groupName: group.name },
+    });
+
+    return access;
+  }
+
+  async unshare(tenantId: string, groupId: string, targetTenantId: string) {
+    const group = await this.prisma.group.findUnique({ where: { id: groupId } });
+    if (!group) throw new NotFoundException('Group not found');
+    if (group.tenantId !== tenantId) throw new NotFoundException('Group not found');
+
+    const existing = await this.prisma.groupAccess.findUnique({
+      where: { groupId_tenantId: { groupId, tenantId: targetTenantId } },
+    });
+    if (!existing) throw new NotFoundException('Share not found');
+
+    await this.prisma.groupAccess.delete({
+      where: { groupId_tenantId: { groupId, tenantId: targetTenantId } },
+    });
+
+    await this.audit.log({
+      tenantId,
+      action: AuditAction.GROUP_UNSHARED,
+      resourceType: 'Group',
+      resourceId: groupId,
+      payload: { targetTenantId },
+    });
+  }
+
+  async regenerateToken(tenantId: string, adminId: string, groupId: string) {
+    const group = await this.prisma.group.findUnique({ where: { id: groupId } });
+    if (!group) throw new NotFoundException('Group not found');
+    // Allow regenerate for owned groups OR unclaimed groups (support case)
+    if (group.tenantId && group.tenantId !== tenantId) throw new NotFoundException('Group not found');
+
+    const token = randomBytes(32).toString('hex');
+    const record = await this.prisma.groupClaimToken.create({
+      data: {
+        groupId,
+        token,
+        creatorJid: token, // placeholder — support will need to extract jid from group metadata
+        expiresAt: new Date(Date.now() + TOKEN_TTL_MS),
+      },
+    });
+
+    await this.audit.log({
+      tenantId: group.tenantId ?? tenantId,
+      actorId: adminId,
+      action: AuditAction.GROUP_CLAIM_TOKEN_REGENERATED,
+      resourceType: 'Group',
+      resourceId: groupId,
+      payload: { tokenId: record.id },
+    });
+
+    return { token, expiresAt: record.expiresAt.toISOString() };
+  }
 }
diff --git a/apps/api/src/modules/health/health.controller.ts b/apps/api/src/modules/health/health.controller.ts
index 73f6be0..fd25e9f 100644
--- a/apps/api/src/modules/health/health.controller.ts
+++ b/apps/api/src/modules/health/health.controller.ts
@@ -1,7 +1,9 @@
 import { Controller, Get } from '@nestjs/common';
+import { Public } from '../auth/public.decorator';
 
 @Controller('health')
 export class HealthController {
+  @Public()
   @Get()
   check() {
     return {
diff --git a/apps/api/src/modules/messages/messages.controller.ts b/apps/api/src/modules/messages/messages.controller.ts
new file mode 100644
index 0000000..371461a
--- /dev/null
+++ b/apps/api/src/modules/messages/messages.controller.ts
@@ -0,0 +1,45 @@
+import { Body, Controller, Get, Param, Post, UseGuards } from '@nestjs/common';
+import { MessagesService } from './messages.service';
+import { JwtAuthGuard } from '../auth/jwt-auth.guard';
+import { RolesGuard } from '../auth/roles.guard';
+import { Roles } from '../auth/roles.decorator';
+import { CurrentTenantContext } from '../auth/current-tenant.decorator';
+import { TenantContext } from '../../common/tenant-context';
+
+@Controller('admin/messages')
+@UseGuards(JwtAuthGuard, RolesGuard)
+@Roles('OWNER', 'ADMIN')
+export class MessagesController {
+  constructor(private readonly messagesService: MessagesService) {}
+
+  @Get('pending')
+  listPending(@CurrentTenantContext() ctx: TenantContext) {
+    return this.messagesService.listPending(ctx.tenantId);
+  }
+
+  @Get('pending/count')
+  pendingCount(@CurrentTenantContext() ctx: TenantContext) {
+    return this.messagesService.pendingCount(ctx.tenantId);
+  }
+
+  @Get(':id')
+  get(
+    @CurrentTenantContext() ctx: TenantContext,
+    @Param('id') id: string,
+  ) {
+    return this.messagesService.get(ctx.tenantId, id);
+  }
+
+  @Post(':id/approve')
+  approve(
+    @CurrentTenantContext() ctx: TenantContext,
+    @Param('id') id: string,
+  ) {
+    return this.messagesService.approve(ctx.tenantId, ctx.adminId ?? '', id);
+  }
+
+  @Post('reindex')
+  reindex(@CurrentTenantContext() ctx: TenantContext) {
+    return this.messagesService.reindexApproved(ctx.tenantId);
+  }
+}
diff --git a/apps/api/src/modules/messages/messages.module.ts b/apps/api/src/modules/messages/messages.module.ts
new file mode 100644
index 0000000..ce36158
--- /dev/null
+++ b/apps/api/src/modules/messages/messages.module.ts
@@ -0,0 +1,17 @@
+import { Module } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
+import { MessagesController } from './messages.controller';
+import { MessagesService } from './messages.service';
+import { forwardQueueProvider, indexQueueProvider, FORWARD_QUEUE, INDEX_QUEUE } from '../../queues/forward.queue';
+
+@Module({
+  imports: [ConfigModule],
+  controllers: [MessagesController],
+  providers: [
+    MessagesService,
+    forwardQueueProvider,
+    indexQueueProvider,
+  ],
+  exports: [FORWARD_QUEUE, INDEX_QUEUE],
+})
+export class MessagesModule {}
diff --git a/apps/api/src/modules/messages/messages.service.spec.ts b/apps/api/src/modules/messages/messages.service.spec.ts
new file mode 100644
index 0000000..016e275
--- /dev/null
+++ b/apps/api/src/modules/messages/messages.service.spec.ts
@@ -0,0 +1,154 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { ConfigService } from '@nestjs/config';
+import { ConflictException, NotFoundException } from '@nestjs/common';
+import { MessagesService } from './messages.service';
+import { PrismaService } from '../../prisma/prisma.service';
+import { AuditService } from '../audit/audit.service';
+import { FORWARD_QUEUE, INDEX_QUEUE } from '../../queues/forward.queue';
+
+describe('MessagesService', () => {
+  let service: MessagesService;
+  const mockPrisma: any = {
+    message: { findMany: jest.fn(), findUnique: jest.fn(), updateMany: jest.fn() },
+    groupAccess: { findUnique: jest.fn() },
+    approval: { create: jest.fn() },
+    $transaction: jest.fn(),
+  };
+  const mockAudit = { log: jest.fn() };
+  const mockForwardQueue = { add: jest.fn().mockResolvedValue({}) };
+  const mockIndexQueue = { add: jest.fn().mockResolvedValue({}) };
+
+  beforeEach(async () => {
+    jest.clearAllMocks();
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        MessagesService,
+        { provide: PrismaService, useValue: mockPrisma },
+        { provide: AuditService, useValue: mockAudit },
+        { provide: FORWARD_QUEUE, useValue: mockForwardQueue },
+        { provide: INDEX_QUEUE, useValue: mockIndexQueue },
+      ],
+    }).compile();
+    service = module.get<MessagesService>(MessagesService);
+  });
+
+  describe('listPending', () => {
+    it('returns PENDING messages with source group info', async () => {
+      mockPrisma.message.findMany.mockResolvedValue([
+        {
+          id: 'msg-1',
+          content: 'hello #important',
+          senderJid: '111@s.whatsapp.net',
+          senderName: 'Alice',
+          tags: ['#important'],
+          createdAt: new Date('2026-01-01T00:00:00Z'),
+          sourceGroupId: 'grp-1',
+          sourceGroup: { name: 'Notes', platformId: '111@g.us' },
+        },
+      ]);
+      const res = await service.listPending('tnt-1');
+      expect(res).toHaveLength(1);
+      expect(res[0].sourceGroupName).toBe('Notes');
+      expect(mockPrisma.message.findMany).toHaveBeenCalledWith(
+        expect.objectContaining({
+          where: {
+            status: 'PENDING',
+            OR: [
+              { tenantId: 'tnt-1' },
+              { sourceGroup: { groupAccesses: { some: { tenantId: 'tnt-1' } } } },
+            ],
+          },
+        }),
+      );
+    });
+  });
+
+  describe('approve', () => {
+    const baseMessage = {
+      id: 'msg-1',
+      tenantId: 'tnt-1',
+      content: 'hello #important',
+      senderJid: '111@s.whatsapp.net',
+      senderName: 'Alice',
+      platform: 'whatsapp',
+      tags: ['#important'],
+      status: 'PENDING',
+      sourceGroupId: 'grp-1',
+      approval: null,
+      sourceGroup: {
+        name: 'Notes',
+        accountId: 'acc-1',
+        syncRoutesFrom: [
+          {
+            targetGroup: { platformId: '222@g.us', accountId: 'acc-1' },
+          },
+        ],
+      },
+    };
+
+    it('marks APPROVED, enqueues forward + index, writes audit', async () => {
+      mockPrisma.message.findUnique.mockResolvedValue(baseMessage);
+      mockPrisma.message.updateMany.mockResolvedValue({ count: 1 });
+      mockPrisma.approval.create.mockResolvedValue({});
+      mockPrisma.$transaction.mockImplementation(async (cb: any) => cb(mockPrisma));
+
+      const res = await service.approve('tnt-1', 'adm-1', 'msg-1');
+      expect(res.status).toBe('APPROVED');
+      expect(res.routesForwarded).toBe(1);
+      expect(res.indexEnqueued).toBe(true);
+      expect(mockForwardQueue.add).toHaveBeenCalledWith(
+        'forward',
+        expect.objectContaining({ toGroupJid: '222@g.us', content: 'hello #important' }),
+        expect.objectContaining({ attempts: 3 }),
+      );
+      expect(mockIndexQueue.add).toHaveBeenCalledWith('index', expect.any(Object), expect.any(Object));
+      expect(mockAudit.log).toHaveBeenCalledWith(
+        expect.objectContaining({ action: 'MESSAGE_APPROVED' }),
+      );
+    });
+
+    it('rejects non-existent message', async () => {
+      mockPrisma.message.findUnique.mockResolvedValue(null);
+      await expect(service.approve('tnt-1', 'adm-1', 'missing')).rejects.toThrow(NotFoundException);
+    });
+
+    it('rejects message from a different tenant without group access', async () => {
+      mockPrisma.message.findUnique.mockResolvedValue({ ...baseMessage, tenantId: 'tnt-other' });
+      mockPrisma.groupAccess.findUnique.mockResolvedValue(null);
+      await expect(service.approve('tnt-1', 'adm-1', 'msg-1')).rejects.toThrow(NotFoundException);
+    });
+
+    it('rejects already-approved message', async () => {
+      mockPrisma.message.findUnique.mockResolvedValue({ ...baseMessage, status: 'APPROVED' });
+      await expect(service.approve('tnt-1', 'adm-1', 'msg-1')).rejects.toThrow(ConflictException);
+    });
+
+    it('rejects when message has an existing Approval row', async () => {
+      mockPrisma.message.findUnique.mockResolvedValue({ ...baseMessage, approval: { id: 'apr-1' } });
+      await expect(service.approve('tnt-1', 'adm-1', 'msg-1')).rejects.toThrow(/already been approved/);
+    });
+
+    it('returns routesForwarded=0 when no routes configured', async () => {
+      mockPrisma.message.findUnique.mockResolvedValue({
+        ...baseMessage,
+        sourceGroup: { ...baseMessage.sourceGroup, syncRoutesFrom: [] },
+      });
+      mockPrisma.message.updateMany.mockResolvedValue({ count: 1 });
+      mockPrisma.approval.create.mockResolvedValue({});
+      mockPrisma.$transaction.mockImplementation(async (cb: any) => cb(mockPrisma));
+
+      const res = await service.approve('tnt-1', 'adm-1', 'msg-1');
+      expect(res.routesForwarded).toBe(0);
+      expect(mockForwardQueue.add).not.toHaveBeenCalled();
+      expect(mockIndexQueue.add).toHaveBeenCalled();
+    });
+
+    it('handles concurrent approval (updateMany.count=0) as conflict', async () => {
+      mockPrisma.message.findUnique.mockResolvedValue(baseMessage);
+      mockPrisma.message.updateMany.mockResolvedValue({ count: 0 });
+      mockPrisma.$transaction.mockImplementation(async (cb: any) => cb(mockPrisma));
+
+      await expect(service.approve('tnt-1', 'adm-1', 'msg-1')).rejects.toThrow(/concurrent update/);
+    });
+  });
+});
diff --git a/apps/api/src/modules/messages/messages.service.ts b/apps/api/src/modules/messages/messages.service.ts
new file mode 100644
index 0000000..c4727c3
--- /dev/null
+++ b/apps/api/src/modules/messages/messages.service.ts
@@ -0,0 +1,254 @@
+import { ConflictException, Inject, Injectable, NotFoundException, forwardRef } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { Queue } from 'bullmq';
+import { ForwardJobData, IndexJobData } from '@tower/types';
+import { PrismaService } from '../../prisma/prisma.service';
+import { AuditService } from '../audit/audit.service';
+import { AuditAction } from '../audit/audit.types';
+import { createForwardQueue, createIndexQueue, FORWARD_QUEUE, INDEX_QUEUE } from '../../queues/forward.queue';
+
+export interface PendingMessage {
+  id: string;
+  content: string;
+  senderJid: string;
+  senderName: string | null;
+  tags: string[];
+  createdAt: string;
+  sourceGroupId: string;
+  sourceGroupName: string;
+  sourceGroupPlatformId: string;
+}
+
+@Injectable()
+export class MessagesService {
+  constructor(
+    private readonly prisma: PrismaService,
+    private readonly audit: AuditService,
+    @Inject(FORWARD_QUEUE) private readonly forwardQueue: Queue<ForwardJobData>,
+    @Inject(INDEX_QUEUE) private readonly indexQueue: Queue<IndexJobData>,
+  ) {}
+
+  async get(tenantId: string, id: string): Promise<any> {
+    const msg = await this.prisma.message.findUnique({
+      where: { id },
+      include: {
+        sourceGroup: true,
+        senderTowerUser: true,
+        approval: true,
+      },
+    });
+    if (!msg) throw new NotFoundException('Message not found');
+    if (msg.tenantId !== tenantId) {
+      const access = await this.prisma.groupAccess.findUnique({
+        where: { groupId_tenantId: { groupId: msg.sourceGroupId, tenantId } },
+      });
+      if (!access) throw new NotFoundException('Message not found');
+    }
+    return {
+      id: msg.id,
+      tenantId: msg.tenantId,
+      platform: msg.platform,
+      platformMsgId: msg.platformMsgId,
+      sourceGroupId: msg.sourceGroupId,
+      sourceGroup: msg.sourceGroup,
+      senderJid: msg.senderJid,
+      senderName: msg.senderName,
+      senderTowerUser: msg.senderTowerUser,
+      content: msg.content,
+      mediaUrl: msg.mediaUrl,
+      tags: msg.tags,
+      status: msg.status,
+      createdAt: msg.createdAt.toISOString(),
+      updatedAt: msg.updatedAt.toISOString(),
+      approval: msg.approval
+        ? {
+            id: msg.approval.id,
+            adminId: msg.approval.adminId,
+            decision: msg.approval.decision,
+            notes: msg.approval.notes,
+            decidedAt: msg.approval.decidedAt.toISOString(),
+          }
+        : null,
+    };
+  }
+
+  async pendingCount(tenantId: string): Promise<{ count: number }> {
+    const count = await this.prisma.message.count({
+      where: {
+        status: 'PENDING',
+        OR: [
+          { tenantId },
+          { sourceGroup: { groupAccesses: { some: { tenantId } } } },
+        ],
+      },
+    });
+    return { count };
+  }
+
+  async listPending(tenantId: string): Promise<PendingMessage[]> {
+    const rows = await this.prisma.message.findMany({
+      where: {
+        status: 'PENDING',
+        OR: [
+          { tenantId },
+          { sourceGroup: { groupAccesses: { some: { tenantId } } } },
+        ],
+      },
+      orderBy: { createdAt: 'desc' },
+      include: {
+        sourceGroup: { select: { name: true, platformId: true } },
+      },
+    });
+    return rows.map((m: any) => ({
+      id: m.id,
+      content: m.content,
+      senderJid: m.senderJid,
+      senderName: m.senderName,
+      tags: m.tags ?? [],
+      createdAt: m.createdAt.toISOString(),
+      sourceGroupId: m.sourceGroupId,
+      sourceGroupName: m.sourceGroup?.name ?? '(unknown group)',
+      sourceGroupPlatformId: m.sourceGroup?.platformId ?? '',
+    }));
+  }
+
+  async approve(tenantId: string, adminId: string, messageId: string): Promise<{ id: string; status: string; routesForwarded: number; indexEnqueued: boolean }> {
+    const message = await this.prisma.message.findUnique({
+      where: { id: messageId },
+      include: {
+        approval: true,
+        sourceGroup: {
+          include: {
+            syncRoutesFrom: { where: { isActive: true }, include: { targetGroup: true } },
+          },
+        },
+      },
+    });
+    if (!message) throw new NotFoundException('Message not found');
+    if (message.tenantId !== tenantId) {
+      const access = await this.prisma.groupAccess.findUnique({
+        where: { groupId_tenantId: { groupId: message.sourceGroupId, tenantId } },
+      });
+      if (!access) throw new NotFoundException('Message not found');
+    }
+    if (message.status !== 'PENDING') {
+      throw new ConflictException(`Message is already ${message.status}`);
+    }
+    if (message.approval) {
+      throw new ConflictException('Message has already been approved');
+    }
+
+    let approved = false;
+    await this.prisma.$transaction(async (tx: any) => {
+      const updated = await tx.message.updateMany({
+        where: { id: message.id, status: 'PENDING' },
+        data: { status: 'APPROVED' },
+      });
+      if (updated.count === 0) return;
+      approved = true;
+      await tx.approval.create({
+        data: {
+          tenantId: message.tenantId,
+          messageId: message.id,
+          adminId,
+          decision: 'APPROVED',
+        },
+      });
+    });
+
+    if (!approved) {
+      throw new ConflictException('Message could not be approved (concurrent update)');
+    }
+
+    const validRoutes = (message.sourceGroup?.syncRoutesFrom ?? []).filter(
+      (r: any) => r.targetGroup != null,
+    );
+    const forwardJobs: ForwardJobData[] = validRoutes.map((route: any) => ({
+      tenantId: message.tenantId,
+      messageId: message.id,
+      content: message.content,
+      sourceGroupName: message.sourceGroup.name,
+      senderName: message.senderName ?? undefined,
+      toGroupJid: route.targetGroup.platformId,
+      fromAccountId: route.targetGroup.accountId ?? message.sourceGroup.accountId ?? '',
+    }));
+
+    for (const job of forwardJobs) {
+      await this.forwardQueue.add('forward', job, {
+        attempts: 3,
+        backoff: { type: 'exponential', delay: 2000 },
+      });
+    }
+
+    const indexDoc: IndexJobData = {
+      tenantId: message.tenantId,
+      messageId: message.id,
+      content: message.content,
+      senderName: message.senderName ?? null,
+      sourceGroupId: message.sourceGroupId,
+      sourceGroupName: message.sourceGroup.name,
+      tags: message.tags ?? [],
+      platform: message.platform,
+      approvedAt: new Date().toISOString(),
+    };
+    await this.indexQueue.add('index', indexDoc, {
+      attempts: 3,
+      backoff: { type: 'exponential', delay: 1000 },
+    });
+
+    await this.audit.log({
+      tenantId,
+      actorId: adminId,
+      action: AuditAction.MESSAGE_APPROVED,
+      resourceType: 'Message',
+      resourceId: message.id,
+      payload: {
+        routesForwarded: forwardJobs.length,
+        contentPreview: message.content.slice(0, 80),
+      },
+    });
+
+    return {
+      id: message.id,
+      status: 'APPROVED',
+      routesForwarded: forwardJobs.length,
+      indexEnqueued: true,
+    };
+  }
+
+  async reindexApproved(tenantId: string): Promise<{ reindexed: number }> {
+    const messages = await this.prisma.message.findMany({
+      where: {
+        status: 'APPROVED',
+        OR: [
+          { tenantId },
+          { sourceGroup: { groupAccesses: { some: { tenantId } } } },
+        ],
+      },
+      include: {
+        sourceGroup: { select: { name: true } },
+        approval: { select: { decidedAt: true } },
+      },
+    });
+
+    for (const msg of messages) {
+      const indexDoc: IndexJobData = {
+        tenantId: msg.tenantId,
+        messageId: msg.id,
+        content: msg.content,
+        senderName: msg.senderName ?? null,
+        sourceGroupId: msg.sourceGroupId,
+        sourceGroupName: msg.sourceGroup?.name ?? '(unknown)',
+        tags: msg.tags ?? [],
+        platform: msg.platform,
+        approvedAt: (msg.approval?.decidedAt ?? msg.updatedAt).toISOString(),
+      };
+      await this.indexQueue.add('index', indexDoc, {
+        attempts: 3,
+        backoff: { type: 'exponential', delay: 1000 },
+      });
+    }
+
+    return { reindexed: messages.length };
+  }
+}
diff --git a/apps/api/src/modules/my/my.controller.ts b/apps/api/src/modules/my/my.controller.ts
new file mode 100644
index 0000000..7373889
--- /dev/null
+++ b/apps/api/src/modules/my/my.controller.ts
@@ -0,0 +1,56 @@
+import { Body, Controller, Delete, Get, Param, Post } from '@nestjs/common';
+import { MyService } from './my.service';
+import { MemberAuth } from '../auth/member-auth.decorator';
+import { CurrentMember } from '../auth/current-member.decorator';
+import type { MemberJwtPayload } from '@tower/types';
+import { IsArray, IsInt, IsOptional, IsString, Min } from 'class-validator';
+import { ConsentScope, MemberOptOutReason } from '@tower/types';
+
+class OptOutDto {
+  @IsString() @IsOptional() groupId?: string;
+  @IsArray() @IsOptional() scopes?: ConsentScope[];
+  @IsString() @IsOptional() reason?: MemberOptOutReason;
+  @IsString() @IsOptional() notes?: string;
+}
+
+class OptInDto {
+  @IsString() groupId!: string;
+  @IsArray() scopes!: ConsentScope[];
+  @IsInt() @Min(1) @IsOptional() retentionDays?: number;
+}
+
+@Controller('my')
+@MemberAuth()
+export class MyController {
+  constructor(private readonly service: MyService) {}
+
+  @Get('profile')
+  profile(@CurrentMember() member: MemberJwtPayload) {
+    return this.service.getProfile(member.sub, member.tenantId);
+  }
+
+  @Get('groups')
+  listGroups(@CurrentMember() member: MemberJwtPayload) {
+    return this.service.listGroups(member.sub, member.tenantId);
+  }
+
+  @Get('groups/:id')
+  getGroup(@CurrentMember() member: MemberJwtPayload, @Param('id') id: string) {
+    return this.service.getGroup(member.sub, member.tenantId, id);
+  }
+
+  @Post('opt-out')
+  optOut(@CurrentMember() member: MemberJwtPayload, @Body() body: OptOutDto) {
+    return this.service.optOut(member.sub, member.tenantId, body);
+  }
+
+  @Post('opt-in')
+  optIn(@CurrentMember() member: MemberJwtPayload, @Body() body: OptInDto) {
+    return this.service.optIn(member.sub, member.tenantId, body);
+  }
+
+  @Delete('account')
+  deleteAccount(@CurrentMember() member: MemberJwtPayload) {
+    return this.service.deleteAccount(member.sub, member.tenantId);
+  }
+}
diff --git a/apps/api/src/modules/my/my.module.ts b/apps/api/src/modules/my/my.module.ts
new file mode 100644
index 0000000..1c6bd75
--- /dev/null
+++ b/apps/api/src/modules/my/my.module.ts
@@ -0,0 +1,11 @@
+import { Module } from '@nestjs/common';
+import { MyController } from './my.controller';
+import { MyService } from './my.service';
+import { AuthModule } from '../auth/auth.module';
+
+@Module({
+  imports: [AuthModule],
+  controllers: [MyController],
+  providers: [MyService],
+})
+export class MyModule {}
diff --git a/apps/api/src/modules/my/my.service.spec.ts b/apps/api/src/modules/my/my.service.spec.ts
new file mode 100644
index 0000000..e321ddb
--- /dev/null
+++ b/apps/api/src/modules/my/my.service.spec.ts
@@ -0,0 +1,136 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { MyService } from './my.service';
+import { PrismaService } from '../../prisma/prisma.service';
+import { AuditService } from '../audit/audit.service';
+import { NotFoundException, BadRequestException } from '@nestjs/common';
+
+describe('MyService', () => {
+  let service: MyService;
+  const mockPrisma: any = {
+    towerUser: { findFirst: jest.fn(), delete: jest.fn() },
+    consentRecord: {
+      findMany: jest.fn(),
+      findFirst: jest.fn(),
+      update: jest.fn(),
+      updateMany: jest.fn(),
+      create: jest.fn(),
+      deleteMany: jest.fn(),
+    },
+    group: { findFirst: jest.fn() },
+    memberOptOut: { create: jest.fn(), deleteMany: jest.fn() },
+    towerSession: { deleteMany: jest.fn() },
+    $transaction: jest.fn(),
+  };
+  const mockAudit = { log: jest.fn() };
+
+  beforeEach(async () => {
+    jest.clearAllMocks();
+    mockPrisma.$transaction.mockImplementation((cb: (tx: typeof mockPrisma) => Promise<unknown>) => cb(mockPrisma));
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        MyService,
+        { provide: PrismaService, useValue: mockPrisma },
+        { provide: AuditService, useValue: mockAudit },
+      ],
+    }).compile();
+    service = module.get<MyService>(MyService);
+  });
+
+  describe('getProfile', () => {
+    it('returns member profile', async () => {
+      mockPrisma.towerUser.findFirst.mockResolvedValue({
+        id: 'u-1',
+        tenantId: 'tnt-1',
+        jid: '1234@s.whatsapp.net',
+        displayName: 'Alice',
+        createdAt: new Date('2026-01-01T00:00:00Z'),
+      });
+      const res = await service.getProfile('u-1', 'tnt-1');
+      expect(res.id).toBe('u-1');
+      expect(res.displayName).toBe('Alice');
+    });
+
+    it('throws when not found', async () => {
+      mockPrisma.towerUser.findFirst.mockResolvedValue(null);
+      await expect(service.getProfile('u-x', 'tnt-1')).rejects.toThrow(NotFoundException);
+    });
+  });
+
+  describe('listGroups', () => {
+    it('returns groups with consent metadata', async () => {
+      mockPrisma.consentRecord.findMany.mockResolvedValue([
+        {
+          group: { id: 'g-1', name: 'UP Parivar' },
+          tenantId: 'tnt-1',
+          groupId: 'g-1',
+          scopes: ['INGEST', 'DISPLAY'],
+          retentionDays: 90,
+          policyVersion: 'v1',
+          status: 'GRANTED',
+          effectiveAt: new Date('2026-01-01T00:00:00Z'),
+        },
+      ]);
+      const res = await service.listGroups('u-1', 'tnt-1');
+      expect(res).toHaveLength(1);
+      expect(res[0].name).toBe('UP Parivar');
+      expect(res[0].scopes).toContain('INGEST');
+    });
+  });
+
+  describe('optOut', () => {
+    it('throws when no matching consent', async () => {
+      mockPrisma.consentRecord.findMany.mockResolvedValue([]);
+      await expect(service.optOut('u-1', 'tnt-1', { groupId: 'g-1' })).rejects.toThrow(NotFoundException);
+    });
+
+    it('revokes consent and creates MemberOptOut', async () => {
+      mockPrisma.consentRecord.findMany.mockResolvedValue([
+        { id: 'c-1', groupId: 'g-1', scopes: ['INGEST', 'DISPLAY'] },
+      ]);
+      const res = await service.optOut('u-1', 'tnt-1', { groupId: 'g-1', reason: 'SELF_PORTAL' });
+      expect(res.revoked).toBe(1);
+      expect(mockPrisma.consentRecord.update).toHaveBeenCalledWith(
+        expect.objectContaining({
+          where: { id: 'c-1' },
+          data: expect.objectContaining({ status: 'REVOKED' }),
+        }),
+      );
+      expect(mockPrisma.memberOptOut.create).toHaveBeenCalledWith(
+        expect.objectContaining({ data: expect.objectContaining({ reason: 'SELF_PORTAL' }) }),
+      );
+      expect(mockAudit.log).toHaveBeenCalledWith(
+        expect.objectContaining({ action: 'MEMBER_OPT_OUT' }),
+      );
+    });
+  });
+
+  describe('optIn', () => {
+    it('rejects empty scopes', async () => {
+      await expect(
+        service.optIn('u-1', 'tnt-1', { groupId: 'g-1', scopes: [] }),
+      ).rejects.toThrow(BadRequestException);
+    });
+
+    it('creates a new consent record', async () => {
+      mockPrisma.group.findFirst.mockResolvedValue({ id: 'g-1', tenantId: 'tnt-1' });
+      mockPrisma.towerUser.findFirst.mockResolvedValue({ id: 'u-1', tenantId: 'tnt-1' });
+      mockPrisma.consentRecord.findFirst.mockResolvedValue(null);
+      mockPrisma.consentRecord.create.mockResolvedValue({ id: 'c-new' });
+      const res = await service.optIn('u-1', 'tnt-1', { groupId: 'g-1', scopes: ['INGEST'] });
+      expect(res.ok).toBe(true);
+      expect(res.consentId).toBe('c-new');
+    });
+  });
+
+  describe('deleteAccount', () => {
+    it('cascades deletes and writes audit', async () => {
+      const res = await service.deleteAccount('u-1', 'tnt-1');
+      expect(res.ok).toBe(true);
+      expect(mockPrisma.consentRecord.deleteMany).toHaveBeenCalled();
+      expect(mockPrisma.towerSession.deleteMany).toHaveBeenCalled();
+      expect(mockAudit.log).toHaveBeenCalledWith(
+        expect.objectContaining({ action: 'MEMBER_DELETED', resourceId: 'u-1' }),
+      );
+    });
+  });
+});
diff --git a/apps/api/src/modules/my/my.service.ts b/apps/api/src/modules/my/my.service.ts
new file mode 100644
index 0000000..8dbf9c4
--- /dev/null
+++ b/apps/api/src/modules/my/my.service.ts
@@ -0,0 +1,190 @@
+import { BadRequestException, Injectable, Logger, NotFoundException, UnauthorizedException } from '@nestjs/common';
+import { PrismaService } from '../../prisma/prisma.service';
+import { AuditService } from '../audit/audit.service';
+import { AuditAction } from '../audit/audit.types';
+import { ConsentScope, MemberGroupSummary, MemberOptOutReason, MemberProfile, OptInRequest, OptOutRequest } from '@tower/types';
+import { ConsentStatus, MemberOptOutReason as MemberOptOutReasonEnum } from '@prisma/client';
+
+@Injectable()
+export class MyService {
+  private readonly logger = new Logger(MyService.name);
+
+  constructor(
+    private readonly prisma: PrismaService,
+    private readonly audit: AuditService,
+  ) {}
+
+  async getProfile(userId: string, tenantId: string): Promise<MemberProfile> {
+    const user = await this.prisma.towerUser.findFirst({ where: { id: userId, tenantId } });
+    if (!user) throw new NotFoundException('User not found');
+    return {
+      id: user.id,
+      tenantId: user.tenantId,
+      jid: user.jid,
+      displayName: user.displayName,
+      createdAt: user.createdAt.toISOString(),
+    };
+  }
+
+  async listGroups(userId: string, tenantId: string): Promise<MemberGroupSummary[]> {
+    const consents = await this.prisma.consentRecord.findMany({
+      where: { userId, tenantId },
+      include: { group: true },
+    });
+    return consents.map((c) => ({
+      id: c.group.id,
+      name: c.group.name,
+      tenantId: c.tenantId,
+      scopes: c.scopes as ConsentScope[],
+      retentionDays: c.retentionDays,
+      policyVersion: c.policyVersion,
+      consentStatus: c.status as ConsentStatus,
+      joinedAt: c.effectiveAt.toISOString(),
+    }));
+  }
+
+  async getGroup(userId: string, tenantId: string, groupId: string): Promise<MemberGroupSummary> {
+    const consent = await this.prisma.consentRecord.findFirst({
+      where: { userId, tenantId, groupId },
+      include: { group: true },
+    });
+    if (!consent) throw new NotFoundException('Not a member of this group');
+    return {
+      id: consent.group.id,
+      name: consent.group.name,
+      tenantId: consent.tenantId,
+      scopes: consent.scopes as ConsentScope[],
+      retentionDays: consent.retentionDays,
+      policyVersion: consent.policyVersion,
+      consentStatus: consent.status as ConsentStatus,
+      joinedAt: consent.effectiveAt.toISOString(),
+    };
+  }
+
+  async optOut(
+    userId: string,
+    tenantId: string,
+    body: OptOutRequest,
+  ): Promise<{ ok: true; revoked: number }> {
+    const where = body.groupId
+      ? { userId, tenantId, groupId: body.groupId }
+      : { userId, tenantId };
+    const consents = await this.prisma.consentRecord.findMany({ where });
+    if (consents.length === 0) {
+      throw new NotFoundException('No matching consent records');
+    }
+    const reason = body.reason ?? MemberOptOutReasonEnum.SELF_PORTAL;
+    await this.prisma.$transaction(async (tx) => {
+      for (const consent of consents) {
+        if (body.scopes && body.scopes.length > 0) {
+          const remaining = (consent.scopes as ConsentScope[]).filter((s) => !body.scopes!.includes(s));
+          if (remaining.length === 0) {
+            await tx.consentRecord.update({
+              where: { id: consent.id },
+              data: { status: ConsentStatus.REVOKED, revokedAt: new Date() },
+            });
+          } else {
+            await tx.consentRecord.update({
+              where: { id: consent.id },
+              data: { scopes: remaining },
+            });
+          }
+        } else {
+          await tx.consentRecord.update({
+            where: { id: consent.id },
+            data: { status: ConsentStatus.REVOKED, revokedAt: new Date() },
+          });
+        }
+        await tx.memberOptOut.create({
+          data: {
+            tenantId,
+            userId,
+            groupId: consent.groupId,
+            reason,
+            notes: body.notes ?? null,
+          },
+        });
+      }
+    });
+    await this.audit.log({
+      tenantId,
+      action: AuditAction.MEMBER_OPT_OUT,
+      resourceType: 'TowerUser',
+      resourceId: userId,
+      payload: { groupId: body.groupId, scopes: body.scopes, reason },
+    });
+    return { ok: true, revoked: consents.length };
+  }
+
+  async optIn(
+    userId: string,
+    tenantId: string,
+    body: OptInRequest,
+  ): Promise<{ ok: true; consentId: string }> {
+    if (body.scopes.length === 0) {
+      throw new BadRequestException('At least one scope is required');
+    }
+    const group = await this.prisma.group.findFirst({ where: { id: body.groupId, tenantId } });
+    if (!group) throw new NotFoundException('Group not found in your tenant');
+
+    const user = await this.prisma.towerUser.findFirst({ where: { id: userId, tenantId } });
+    if (!user) throw new UnauthorizedException('User not found');
+
+    const existing = await this.prisma.consentRecord.findFirst({
+      where: { userId, tenantId, groupId: body.groupId },
+    });
+
+    let consent;
+    if (existing) {
+      consent = await this.prisma.consentRecord.update({
+        where: { id: existing.id },
+        data: {
+          scopes: body.scopes,
+          retentionDays: body.retentionDays ?? existing.retentionDays,
+          status: ConsentStatus.GRANTED,
+          revokedAt: null,
+          effectiveAt: new Date(),
+        },
+      });
+    } else {
+      consent = await this.prisma.consentRecord.create({
+        data: {
+          tenantId,
+          groupId: body.groupId,
+          userId,
+          scopes: body.scopes,
+          retentionDays: body.retentionDays ?? 90,
+          policyVersion: 'v1',
+          status: ConsentStatus.GRANTED,
+          proofEventId: 'self',
+        },
+      });
+    }
+
+    await this.audit.log({
+      tenantId,
+      action: AuditAction.MEMBER_OPT_IN,
+      resourceType: 'TowerUser',
+      resourceId: userId,
+      payload: { groupId: body.groupId, scopes: body.scopes },
+    });
+
+    return { ok: true, consentId: consent.id };
+  }
+
+  async deleteAccount(userId: string, tenantId: string): Promise<{ ok: true }> {
+    await this.prisma.$transaction(async (tx) => {
+      await tx.consentRecord.deleteMany({ where: { userId, tenantId } });
+      await tx.memberOptOut.deleteMany({ where: { userId, tenantId } });
+      await tx.towerSession.deleteMany({ where: { userId } });
+      await tx.towerUser.delete({ where: { id: userId } });
+    });
+    await this.audit.log({
+      tenantId,
+      action: AuditAction.MEMBER_DELETED,
+      resourceType: 'TowerUser',
+      resourceId: userId,
+    });
+    return { ok: true };
+  }
+}
diff --git a/apps/api/src/modules/onboarding/onboarding.module.ts b/apps/api/src/modules/onboarding/onboarding.module.ts
new file mode 100644
index 0000000..08ab23c
--- /dev/null
+++ b/apps/api/src/modules/onboarding/onboarding.module.ts
@@ -0,0 +1,13 @@
+import { Module } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
+import { OnboardingService } from './onboarding.service';
+import { PublicOnboardingController } from './public-onboarding.controller';
+import { AuthModule } from '../auth/auth.module';
+
+@Module({
+  imports: [ConfigModule, AuthModule],
+  controllers: [PublicOnboardingController],
+  providers: [OnboardingService],
+  exports: [OnboardingService],
+})
+export class OnboardingModule {}
diff --git a/apps/api/src/modules/onboarding/onboarding.service.spec.ts b/apps/api/src/modules/onboarding/onboarding.service.spec.ts
new file mode 100644
index 0000000..ce94b94
--- /dev/null
+++ b/apps/api/src/modules/onboarding/onboarding.service.spec.ts
@@ -0,0 +1,174 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { OnboardingService } from './onboarding.service';
+import { PrismaService } from '../../prisma/prisma.service';
+import { JwtService } from '@nestjs/jwt';
+import { AuditService } from '../audit/audit.service';
+import { ConfigService } from '@nestjs/config';
+import { UnauthorizedException, NotFoundException, ConflictException } from '@nestjs/common';
+import { createHash } from 'crypto';
+
+const PEPPER = 'pepper-secret-must-be-32-chars-min';
+const TEST_PHONE = '+19198765432';
+const TEST_PHONE_HASH = createHash('sha256').update(`${PEPPER}:${TEST_PHONE}`).digest('hex');
+
+describe('OnboardingService', () => {
+  let service: OnboardingService;
+  const mockPrisma: any = {
+    group: { findUnique: jest.fn() },
+    tenant: { findUnique: jest.fn() },
+    otpChallenge: { create: jest.fn(), findUnique: jest.fn(), update: jest.fn() },
+    towerUser: { upsert: jest.fn() },
+    consentRecord: { findFirst: jest.fn(), create: jest.fn(), update: jest.fn() },
+  };
+  const mockJwt = { signAsync: jest.fn().mockResolvedValue('member-jwt'), verify: jest.fn() };
+  const mockAudit = { log: jest.fn() };
+  const mockConfig = { get: jest.fn().mockReturnValue('pepper-secret-must-be-32-chars-min') };
+
+  beforeEach(async () => {
+    jest.clearAllMocks();
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        OnboardingService,
+        { provide: PrismaService, useValue: mockPrisma },
+        { provide: JwtService, useValue: mockJwt },
+        { provide: AuditService, useValue: mockAudit },
+        { provide: ConfigService, useValue: mockConfig },
+      ],
+    }).compile();
+    service = module.get<OnboardingService>(OnboardingService);
+  });
+
+  function validToken(): string {
+    return Buffer.from(
+      JSON.stringify({ tenantId: 'tnt-1', groupId: 'grp-1', jid: '1234@s.whatsapp.net' }),
+      'utf8',
+    ).toString('base64url');
+  }
+
+  describe('decodeOnboardingToken', () => {
+    it('rejects garbage', () => {
+      expect(() => service.decodeOnboardingToken('!!!')).toThrow(UnauthorizedException);
+    });
+    it('rejects missing fields', () => {
+      const tok = Buffer.from(JSON.stringify({ groupId: 'x' }), 'utf8').toString('base64url');
+      expect(() => service.decodeOnboardingToken(tok)).toThrow(UnauthorizedException);
+    });
+    it('decodes a valid token', () => {
+      const out = service.decodeOnboardingToken(validToken());
+      expect(out.tenantId).toBe('tnt-1');
+      expect(out.jid).toBe('1234@s.whatsapp.net');
+    });
+  });
+
+  describe('getOnboardInfo', () => {
+    it('throws when group is not claimed', async () => {
+      mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp-1', name: 'Foo', tenantId: null });
+      await expect(service.getOnboardInfo(validToken())).rejects.toThrow(ConflictException);
+    });
+    it('returns group + tenant + policy info', async () => {
+      mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp-1', name: 'UP Parivar', tenantId: 'tnt-1' });
+      mockPrisma.tenant.findUnique.mockResolvedValue({ id: 'tnt-1', name: 'UP Parivar Dallas' });
+      const res = await service.getOnboardInfo(validToken());
+      expect(res.groupName).toBe('UP Parivar');
+      expect(res.tenantName).toBe('UP Parivar Dallas');
+      expect(res.defaultScopes).toContain('INGEST');
+    });
+  });
+
+  describe('requestOtp', () => {
+    it('creates a challenge with a 6-digit code', async () => {
+      mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp-1', tenantId: 'tnt-1' });
+      mockPrisma.otpChallenge.create.mockResolvedValue({ id: 'ch-1' });
+      const res = await service.requestOtp(validToken(), '+19198765432');
+      expect(res.ok).toBe(true);
+      expect(res.challengeId).toBeTruthy();
+      expect(res.expiresInSeconds).toBe(300);
+      expect(mockPrisma.otpChallenge.create).toHaveBeenCalledWith(
+        expect.objectContaining({
+          data: expect.objectContaining({
+            jid: '1234@s.whatsapp.net',
+            policyVersion: 'v1',
+          }),
+        }),
+      );
+    });
+
+    it('rejects if group is not claimable', async () => {
+      mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp-1', tenantId: null });
+      await expect(service.requestOtp(validToken(), '+19198765432')).rejects.toThrow(ConflictException);
+    });
+  });
+
+  describe('verifyOtp', () => {
+    it('rejects unknown challenge', async () => {
+      mockPrisma.otpChallenge.findUnique.mockResolvedValue(null);
+      await expect(
+        service.verifyOtp(validToken(), 'ch-x', '+19198765432', '123456', [], undefined),
+      ).rejects.toThrow(NotFoundException);
+    });
+
+    it('rejects consumed challenge', async () => {
+      mockPrisma.otpChallenge.findUnique.mockResolvedValue({
+        id: 'ch-1',
+        code: '123456',
+        consumedAt: new Date(),
+        expiresAt: new Date(Date.now() + 60000),
+        phoneHash: 'a',
+      });
+      await expect(
+        service.verifyOtp(validToken(), 'ch-1', '+19198765432', '123456', [], undefined),
+      ).rejects.toThrow(UnauthorizedException);
+    });
+
+    it('rejects wrong code', async () => {
+      mockPrisma.otpChallenge.findUnique.mockResolvedValue({
+        id: 'ch-1',
+        code: '111111',
+        consumedAt: null,
+        expiresAt: new Date(Date.now() + 60000),
+        phoneHash: 'computed-hash',
+      });
+      await expect(
+        service.verifyOtp(validToken(), 'ch-1', '+19198765432', '123456', [], undefined),
+      ).rejects.toThrow(/Invalid code/);
+    });
+
+    it('creates TowerUser, ConsentRecord, and member JWT on success', async () => {
+      mockPrisma.otpChallenge.findUnique.mockResolvedValue({
+        id: 'ch-1',
+        code: '123456',
+        consumedAt: null,
+        expiresAt: new Date(Date.now() + 60000),
+        phoneHash: TEST_PHONE_HASH,
+        tenantId: 'tnt-1',
+        jid: '1234@s.whatsapp.net',
+        groupId: 'grp-1',
+      });
+      mockPrisma.towerUser.upsert.mockResolvedValue({
+        id: 'user-1',
+        tenantId: 'tnt-1',
+        jid: '1234@s.whatsapp.net',
+        displayName: '1234@s.whatsapp.net',
+      });
+      mockPrisma.consentRecord.findFirst.mockResolvedValue(null);
+      mockPrisma.consentRecord.create.mockResolvedValue({
+        id: 'consent-1',
+        scopes: ['INGEST', 'DISPLAY'],
+        retentionDays: 90,
+        policyVersion: 'v1',
+      });
+
+      const res = await service.verifyOtp(validToken(), 'ch-1', '+19198765432', '123456', [], undefined);
+      expect(res.memberToken).toBe('member-jwt');
+      expect(res.user.id).toBe('user-1');
+      expect(res.consent.scopes).toContain('INGEST');
+      expect(mockPrisma.otpChallenge.update).toHaveBeenCalledWith({
+        where: { id: 'ch-1' },
+        data: { consumedAt: expect.any(Date) },
+      });
+      expect(mockAudit.log).toHaveBeenCalledWith(
+        expect.objectContaining({ action: 'MEMBER_ONBOARDED' }),
+      );
+    });
+  });
+});
diff --git a/apps/api/src/modules/onboarding/onboarding.service.ts b/apps/api/src/modules/onboarding/onboarding.service.ts
new file mode 100644
index 0000000..fc2f443
--- /dev/null
+++ b/apps/api/src/modules/onboarding/onboarding.service.ts
@@ -0,0 +1,230 @@
+import { BadRequestException, ConflictException, Injectable, Logger, NotFoundException, UnauthorizedException } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { JwtService } from '@nestjs/jwt';
+import { createHash, randomBytes } from 'crypto';
+import { PrismaService } from '../../prisma/prisma.service';
+import { AuditService } from '../audit/audit.service';
+import { AuditAction } from '../audit/audit.types';
+import { ConsentScope, OnboardingTokenPayload, PublicOnboardInfo, RequestOtpResponse, VerifyOtpResponse } from '@tower/types';
+import { ConsentStatus } from '@prisma/client';
+
+const POLICY_VERSION = 'v1';
+const OTP_TTL_MIN = 5;
+const DEFAULT_SCOPES: ConsentScope[] = ['INGEST', 'DISPLAY'];
+const DEFAULT_RETENTION_DAYS = 90;
+
+function hashPhone(phone: string, pepper: string): string {
+  const normalized = phone.replace(/[^\d+]/g, '');
+  return createHash('sha256').update(`${pepper}:${normalized}`).digest('hex');
+}
+
+@Injectable()
+export class OnboardingService {
+  private readonly logger = new Logger(OnboardingService.name);
+  private readonly policyVersion = POLICY_VERSION;
+
+  constructor(
+    private readonly prisma: PrismaService,
+    private readonly jwt: JwtService,
+    private readonly config: ConfigService,
+    private readonly audit: AuditService,
+  ) {}
+
+  decodeOnboardingToken(token: string): OnboardingTokenPayload {
+    // Phase 2B: token is base64url({groupId, jid, tenantId}) — no signature.
+    // The OTP step (sent via DM to the jid) is the real authentication.
+    try {
+      const json = Buffer.from(token, 'base64url').toString('utf8');
+      const parsed = JSON.parse(json) as OnboardingTokenPayload;
+      if (!parsed.groupId || !parsed.jid || !parsed.tenantId) {
+        throw new Error('Missing required fields');
+      }
+      return parsed;
+    } catch {
+      throw new UnauthorizedException('Invalid onboarding link');
+    }
+  }
+
+  async getOnboardInfo(token: string): Promise<PublicOnboardInfo> {
+    const payload = this.decodeOnboardingToken(token);
+    const group = await this.prisma.group.findUnique({ where: { id: payload.groupId } });
+    if (!group) throw new NotFoundException('Group not found');
+    if (!group.tenantId) {
+      throw new ConflictException('Group is not yet claimed by a tenant');
+    }
+    const tenant = await this.prisma.tenant.findUnique({ where: { id: payload.tenantId } });
+    if (!tenant) throw new NotFoundException('Tenant not found');
+    return {
+      groupName: group.name,
+      tenantName: tenant.name,
+      policyVersion: this.policyVersion,
+      defaultScopes: DEFAULT_SCOPES,
+      defaultRetentionDays: DEFAULT_RETENTION_DAYS,
+    };
+  }
+
+  async requestOtp(token: string, phone: string): Promise<RequestOtpResponse> {
+    const payload = this.decodeOnboardingToken(token);
+    if (payload.jid !== this.normalizeJid(payload.jid)) {
+      // sanity
+    }
+    if (!phone || phone.length < 6) {
+      throw new BadRequestException('Invalid phone number');
+    }
+    const group = await this.prisma.group.findUnique({ where: { id: payload.groupId } });
+    if (!group || !group.tenantId) {
+      throw new ConflictException('Group is not claimable');
+    }
+
+    const pepper = this.config.get<string>('JWT_SECRET') ?? '';
+    const phoneHash = hashPhone(phone, pepper);
+    const code = String(Math.floor(100000 + Math.random() * 900000));
+    const expiresAt = new Date(Date.now() + OTP_TTL_MIN * 60 * 1000);
+    const challengeId = randomBytes(16).toString('hex');
+
+    const challenge = await this.prisma.otpChallenge.create({
+      data: {
+        id: challengeId,
+        tenantId: payload.tenantId,
+        jid: payload.jid,
+        phoneHash,
+        code,
+        scopes: DEFAULT_SCOPES,
+        retentionDays: DEFAULT_RETENTION_DAYS,
+        policyVersion: this.policyVersion,
+        groupId: payload.groupId,
+        expiresAt,
+      },
+    });
+
+    await this.audit.log({
+      tenantId: payload.tenantId,
+      action: AuditAction.OTP_REQUESTED,
+      resourceType: 'OtpChallenge',
+      resourceId: challenge.id,
+      payload: { jid: payload.jid },
+    });
+
+    return {
+      ok: true,
+      challengeId,
+      expiresInSeconds: OTP_TTL_MIN * 60,
+    };
+  }
+
+  async verifyOtp(
+    token: string,
+    challengeId: string,
+    phone: string,
+    code: string,
+    scopes: ConsentScope[],
+    retentionDays?: number,
+  ): Promise<VerifyOtpResponse> {
+    const payload = this.decodeOnboardingToken(token);
+    const pepper = this.config.get<string>('JWT_SECRET') ?? '';
+    const phoneHash = hashPhone(phone, pepper);
+
+    const challenge = await this.prisma.otpChallenge.findUnique({ where: { id: challengeId } });
+    if (!challenge) throw new NotFoundException('Challenge not found');
+    if (challenge.consumedAt) throw new UnauthorizedException('Challenge already used');
+    if (challenge.expiresAt < new Date()) throw new UnauthorizedException('Challenge expired');
+    if (challenge.code !== code) throw new UnauthorizedException('Invalid code');
+    if (challenge.phoneHash !== phoneHash) throw new UnauthorizedException('Phone mismatch');
+
+    const effectiveScopes = scopes.length > 0 ? scopes : DEFAULT_SCOPES;
+    const effectiveRetention = retentionDays ?? DEFAULT_RETENTION_DAYS;
+
+    const user = await this.prisma.towerUser.upsert({
+      where: { tenantId_phoneHash: { tenantId: payload.tenantId, phoneHash } },
+      update: { jid: payload.jid, displayName: payload.jid },
+      create: {
+        tenantId: payload.tenantId,
+        phoneHash,
+        jid: payload.jid,
+        displayName: payload.jid,
+      },
+    });
+
+    const existing = await this.prisma.consentRecord.findFirst({
+      where: { tenantId: payload.tenantId, groupId: payload.groupId, userId: user.id },
+    });
+
+    let consent;
+    if (existing) {
+      consent = await this.prisma.consentRecord.update({
+        where: { id: existing.id },
+        data: {
+          scopes: effectiveScopes,
+          retentionDays: effectiveRetention,
+          policyVersion: this.policyVersion,
+          status: ConsentStatus.GRANTED,
+          revokedAt: null,
+          effectiveAt: new Date(),
+        },
+      });
+    } else {
+      consent = await this.prisma.consentRecord.create({
+        data: {
+          tenantId: payload.tenantId,
+          groupId: payload.groupId,
+          userId: user.id,
+          scopes: effectiveScopes,
+          retentionDays: effectiveRetention,
+          policyVersion: this.policyVersion,
+          status: ConsentStatus.GRANTED,
+          proofEventId: 'pending',
+        },
+      });
+    }
+
+    await this.prisma.consentRecord.update({
+      where: { id: consent.id },
+      data: { proofEventId: consent.id },
+    });
+
+    await this.prisma.otpChallenge.update({
+      where: { id: challengeId },
+      data: { consumedAt: new Date() },
+    });
+
+    await this.audit.log({
+      tenantId: payload.tenantId,
+      action: AuditAction.MEMBER_ONBOARDED,
+      resourceType: 'TowerUser',
+      resourceId: user.id,
+      payload: {
+        jid: payload.jid,
+        groupId: payload.groupId,
+        consentId: consent.id,
+        scopes: effectiveScopes,
+      },
+    });
+
+    const memberToken = await this.jwt.signAsync({
+      kind: 'member',
+      sub: user.id,
+      tenantId: user.tenantId,
+      jid: user.jid,
+      phoneHash: user.phoneHash,
+    } as const);
+
+    return {
+      memberToken,
+      user: {
+        id: user.id,
+        tenantId: user.tenantId,
+        jid: user.jid,
+        displayName: user.displayName,
+      },
+      consent: {
+        scopes: consent.scopes as ConsentScope[],
+        retentionDays: consent.retentionDays,
+        policyVersion: consent.policyVersion,
+      },
+    };
+  }
+
+  private normalizeJid(jid: string): string {
+    return jid.trim();
+  }
+}
diff --git a/apps/api/src/modules/onboarding/public-onboarding.controller.ts b/apps/api/src/modules/onboarding/public-onboarding.controller.ts
new file mode 100644
index 0000000..dcff222
--- /dev/null
+++ b/apps/api/src/modules/onboarding/public-onboarding.controller.ts
@@ -0,0 +1,49 @@
+import { Body, Controller, Get, Param, Post, UseGuards } from '@nestjs/common';
+import { OnboardingService } from './onboarding.service';
+import { IsArray, IsInt, IsOptional, IsString, Min, MinLength } from 'class-validator';
+import { ConsentScope } from '@tower/types';
+import { Public } from '../auth/public.decorator';
+
+class RequestOtpDto {
+  @IsString() @MinLength(8) onboardingToken!: string;
+  @IsString() @MinLength(6) phone!: string;
+}
+
+class VerifyOtpDto {
+  @IsString() @MinLength(8) onboardingToken!: string;
+  @IsString() challengeId!: string;
+  @IsString() @MinLength(6) phone!: string;
+  @IsString() @MinLength(6) code!: string;
+  @IsArray() @IsOptional() scopes?: ConsentScope[];
+  @IsInt() @Min(1) @IsOptional() retentionDays?: number;
+}
+
+@Controller('public')
+export class PublicOnboardingController {
+  constructor(private readonly service: OnboardingService) {}
+
+  @Get('onboard/:token')
+  @Public()
+  getOnboardInfo(@Param('token') token: string) {
+    return this.service.getOnboardInfo(token);
+  }
+
+  @Post('auth/request-otp')
+  @Public()
+  requestOtp(@Body() body: RequestOtpDto) {
+    return this.service.requestOtp(body.onboardingToken, body.phone);
+  }
+
+  @Post('auth/verify-otp')
+  @Public()
+  verifyOtp(@Body() body: VerifyOtpDto) {
+    return this.service.verifyOtp(
+      body.onboardingToken,
+      body.challengeId,
+      body.phone,
+      body.code,
+      body.scopes ?? [],
+      body.retentionDays,
+    );
+  }
+}
diff --git a/apps/api/src/modules/routes/routes.controller.spec.ts b/apps/api/src/modules/routes/routes.controller.spec.ts
index 20d4993..516f7ec 100644
--- a/apps/api/src/modules/routes/routes.controller.spec.ts
+++ b/apps/api/src/modules/routes/routes.controller.spec.ts
@@ -1,6 +1,9 @@
 import { Test, TestingModule } from '@nestjs/testing';
 import { RoutesController } from './routes.controller';
 import { RoutesService } from './routes.service';
+import type { TenantContext } from '../../common/tenant-context';
+
+const ctx: TenantContext = { tenantId: 'tnt_1', adminId: 'adm_1', role: 'OWNER' };
 
 const mockRoute = {
   id: 'rt_1',
@@ -12,6 +15,7 @@ const mockRoute = {
 const mockService = {
   list: jest.fn().mockResolvedValue([mockRoute]),
   create: jest.fn().mockResolvedValue(mockRoute),
+  createBatch: jest.fn().mockResolvedValue([mockRoute, { ...mockRoute, id: 'rt_2', targetGroupId: 'grp_3', targetGroup: { name: 'Gamma' } }]),
   remove: jest.fn().mockResolvedValue(undefined),
 };
 
@@ -27,25 +31,31 @@ describe('RoutesController', () => {
     controller = module.get<RoutesController>(RoutesController);
   });
 
-  it('list() delegates to service with no filter', async () => {
-    const result = await controller.list(undefined);
+  it('list() delegates to service with tenantId and no filter', async () => {
+    const result = await controller.list(ctx, undefined);
     expect(result).toEqual([mockRoute]);
-    expect(mockService.list).toHaveBeenCalledWith(undefined);
+    expect(mockService.list).toHaveBeenCalledWith('tnt_1', undefined);
   });
 
-  it('list() passes sourceGroupId filter to service', async () => {
-    await controller.list('grp_1');
-    expect(mockService.list).toHaveBeenCalledWith('grp_1');
+  it('list() passes sourceGroupId filter to service along with tenantId', async () => {
+    await controller.list(ctx, 'grp_1');
+    expect(mockService.list).toHaveBeenCalledWith('tnt_1', 'grp_1');
   });
 
-  it('create() extracts body fields and delegates to service', async () => {
-    const result = await controller.create({ sourceGroupId: 'grp_1', targetGroupId: 'grp_2' });
+  it('create() extracts body fields and delegates to service with tenantId', async () => {
+    const result = await controller.create(ctx, { sourceGroupId: 'grp_1', targetGroupId: 'grp_2' });
     expect(result).toEqual(mockRoute);
-    expect(mockService.create).toHaveBeenCalledWith('grp_1', 'grp_2');
+    expect(mockService.create).toHaveBeenCalledWith('tnt_1', 'grp_1', 'grp_2');
   });
 
-  it('remove() delegates id to service', async () => {
-    await controller.remove('rt_1');
-    expect(mockService.remove).toHaveBeenCalledWith('rt_1');
+  it('remove() delegates tenantId and id to service', async () => {
+    await controller.remove(ctx, 'rt_1');
+    expect(mockService.remove).toHaveBeenCalledWith('tnt_1', 'rt_1');
+  });
+
+  it('createBatch() extracts body fields and delegates to service with tenantId', async () => {
+    const result = await controller.createBatch(ctx, { sourceGroupId: 'grp_1', targetGroupIds: ['grp_2', 'grp_3'] });
+    expect(result).toHaveLength(2);
+    expect(mockService.createBatch).toHaveBeenCalledWith('tnt_1', 'grp_1', ['grp_2', 'grp_3']);
   });
 });
diff --git a/apps/api/src/modules/routes/routes.controller.ts b/apps/api/src/modules/routes/routes.controller.ts
index 6c4e4e0..678d7bf 100644
--- a/apps/api/src/modules/routes/routes.controller.ts
+++ b/apps/api/src/modules/routes/routes.controller.ts
@@ -1,23 +1,44 @@
 import { Body, Controller, Delete, Get, HttpCode, Param, Post, Query } from '@nestjs/common';
 import { RoutesService } from './routes.service';
+import { CurrentTenantContext } from '../auth/current-tenant.decorator';
+import { TenantContext } from '../../common/tenant-context';
+import { IsString } from 'class-validator';
+
+class CreateRouteDto {
+  @IsString() sourceGroupId!: string;
+  @IsString() targetGroupId!: string;
+}
+
+class BatchCreateRouteDto {
+  @IsString() sourceGroupId!: string;
+  @IsString({ each: true }) targetGroupIds!: string[];
+}
 
 @Controller('routes')
 export class RoutesController {
   constructor(private readonly routesService: RoutesService) {}
 
   @Get()
-  list(@Query('sourceGroupId') sourceGroupId?: string) {
-    return this.routesService.list(sourceGroupId);
+  list(
+    @CurrentTenantContext() ctx: TenantContext,
+    @Query('sourceGroupId') sourceGroupId?: string,
+  ) {
+    return this.routesService.list(ctx.tenantId, sourceGroupId);
   }
 
   @Post()
-  create(@Body() body: { sourceGroupId: string; targetGroupId: string }) {
-    return this.routesService.create(body.sourceGroupId, body.targetGroupId);
+  create(@CurrentTenantContext() ctx: TenantContext, @Body() body: CreateRouteDto) {
+    return this.routesService.create(ctx.tenantId, body.sourceGroupId, body.targetGroupId);
+  }
+
+  @Post('batch')
+  createBatch(@CurrentTenantContext() ctx: TenantContext, @Body() body: BatchCreateRouteDto) {
+    return this.routesService.createBatch(ctx.tenantId, body.sourceGroupId, body.targetGroupIds);
   }
 
   @Delete(':id')
   @HttpCode(204)
-  remove(@Param('id') id: string) {
-    return this.routesService.remove(id);
+  async remove(@CurrentTenantContext() ctx: TenantContext, @Param('id') id: string) {
+    await this.routesService.remove(ctx.tenantId, id);
   }
 }
diff --git a/apps/api/src/modules/routes/routes.service.spec.ts b/apps/api/src/modules/routes/routes.service.spec.ts
index 79374a9..c24db52 100644
--- a/apps/api/src/modules/routes/routes.service.spec.ts
+++ b/apps/api/src/modules/routes/routes.service.spec.ts
@@ -3,6 +3,7 @@ import { BadRequestException, ConflictException, NotFoundException } from '@nest
 import { Prisma } from '@prisma/client';
 import { RoutesService } from './routes.service';
 import { PrismaService } from '../../prisma/prisma.service';
+import { AuditService } from '../audit/audit.service';
 
 const mockRoute = {
   id: 'rt_1',
@@ -14,15 +15,32 @@ const mockRoute = {
   targetGroup: { name: 'Beta' },
 };
 
+const mockRoute2 = {
+  id: 'rt_2',
+  sourceGroupId: 'grp_1',
+  targetGroupId: 'grp_3',
+  isActive: true,
+  createdAt: new Date(),
+  sourceGroup: { name: 'Alpha' },
+  targetGroup: { name: 'Gamma' },
+};
+
 describe('RoutesService', () => {
   let service: RoutesService;
-  const mockPrisma = {
+  const mockPrisma: any = {
+    $transaction: jest.fn((ops: any[]) => Promise.all(ops)),
     syncRoute: {
       findMany: jest.fn().mockResolvedValue([mockRoute]),
+      findFirst: jest.fn().mockResolvedValue(mockRoute),
       create: jest.fn().mockResolvedValue(mockRoute),
       delete: jest.fn().mockResolvedValue(mockRoute),
     },
+    group: {
+      findFirst: jest.fn().mockResolvedValue({ id: 'g' }),
+      findMany: jest.fn().mockResolvedValue([{ id: 'grp_2', name: 'Beta' }, { id: 'grp_3', name: 'Gamma' }]),
+    },
   };
+  const mockAudit: any = { log: jest.fn().mockResolvedValue(undefined) };
 
   beforeEach(async () => {
     jest.clearAllMocks();
@@ -30,53 +48,51 @@ describe('RoutesService', () => {
       providers: [
         RoutesService,
         { provide: PrismaService, useValue: mockPrisma },
+        { provide: AuditService, useValue: mockAudit },
       ],
     }).compile();
     service = module.get<RoutesService>(RoutesService);
   });
 
   describe('list', () => {
-    it('returns all routes with group names', async () => {
-      const result = await service.list();
+    it('returns routes for tenant', async () => {
+      const result = await service.list('tnt-1');
       expect(result).toHaveLength(1);
-      expect(result[0].sourceGroup.name).toBe('Alpha');
-      expect(mockPrisma.syncRoute.findMany).toHaveBeenCalledWith({
-        where: undefined,
-        include: {
-          sourceGroup: { select: { name: true } },
-          targetGroup: { select: { name: true } },
-        },
-        orderBy: { createdAt: 'desc' },
-      });
+      expect(mockPrisma.syncRoute.findMany).toHaveBeenCalledWith(
+        expect.objectContaining({ where: { tenantId: 'tnt-1' } }),
+      );
     });
 
     it('filters by sourceGroupId when provided', async () => {
-      await service.list('grp_1');
+      await service.list('tnt-1', 'grp_1');
       expect(mockPrisma.syncRoute.findMany).toHaveBeenCalledWith(
-        expect.objectContaining({ where: { sourceGroupId: 'grp_1' } }),
+        expect.objectContaining({ where: { tenantId: 'tnt-1', sourceGroupId: 'grp_1' } }),
       );
     });
   });
 
   describe('create', () => {
-    it('creates a route and returns it with group names', async () => {
-      const result = await service.create('grp_1', 'grp_2');
+    it('creates a route within the tenant and writes audit', async () => {
+      const result = await service.create('tnt-1', 'grp_1', 'grp_2');
       expect(result).toEqual(mockRoute);
       expect(mockPrisma.syncRoute.create).toHaveBeenCalledWith({
-        data: { sourceGroupId: 'grp_1', targetGroupId: 'grp_2' },
+        data: { tenantId: 'tnt-1', sourceGroupId: 'grp_1', targetGroupId: 'grp_2' },
         include: {
           sourceGroup: { select: { name: true } },
           targetGroup: { select: { name: true } },
         },
       });
+      expect(mockAudit.log).toHaveBeenCalledWith(
+        expect.objectContaining({ action: 'ROUTE_CREATED', resourceId: 'rt_1' }),
+      );
     });
 
     it('throws BadRequestException when sourceGroupId is empty', async () => {
-      await expect(service.create('', 'grp_2')).rejects.toThrow(BadRequestException);
+      await expect(service.create('tnt-1', '', 'grp_2')).rejects.toThrow(BadRequestException);
     });
 
     it('throws BadRequestException when targetGroupId is empty', async () => {
-      await expect(service.create('grp_1', '')).rejects.toThrow(BadRequestException);
+      await expect(service.create('tnt-1', 'grp_1', '')).rejects.toThrow(BadRequestException);
     });
 
     it('throws ConflictException when route already exists (Prisma P2002)', async () => {
@@ -85,36 +101,87 @@ describe('RoutesService', () => {
         clientVersion: '6.0.0',
       });
       mockPrisma.syncRoute.create.mockRejectedValueOnce(p2002);
-      await expect(service.create('grp_1', 'grp_2')).rejects.toThrow(ConflictException);
+      await expect(service.create('tnt-1', 'grp_1', 'grp_2')).rejects.toThrow(ConflictException);
     });
 
     it('throws BadRequestException when source and target are the same group', async () => {
-      await expect(service.create('grp_1', 'grp_1')).rejects.toThrow(BadRequestException);
+      await expect(service.create('tnt-1', 'grp_1', 'grp_1')).rejects.toThrow(BadRequestException);
     });
 
-    it('throws BadRequestException when a group ID does not exist (Prisma P2003)', async () => {
-      const p2003 = new Prisma.PrismaClientKnownRequestError('Foreign key constraint', {
-        code: 'P2003',
-        clientVersion: '6.0.0',
-      });
-      mockPrisma.syncRoute.create.mockRejectedValueOnce(p2003);
-      await expect(service.create('grp_1', 'bad_grp')).rejects.toThrow(BadRequestException);
+    it('throws BadRequestException when a group is not in this tenant', async () => {
+      mockPrisma.group.findFirst.mockResolvedValueOnce(null);
+      await expect(service.create('tnt-1', 'grp_1', 'grp_x')).rejects.toThrow(BadRequestException);
+    });
+  });
+
+  describe('createBatch', () => {
+    beforeEach(() => {
+      jest.clearAllMocks();
+      mockPrisma.syncRoute.create
+        .mockResolvedValueOnce(mockRoute)
+        .mockResolvedValueOnce(mockRoute2);
+      mockPrisma.syncRoute.findMany.mockResolvedValue([]);
+      mockPrisma.group.findMany.mockResolvedValue([
+        { id: 'grp_2', name: 'Beta' },
+        { id: 'grp_3', name: 'Gamma' },
+      ]);
+    });
+
+    it('creates multiple routes in batch', async () => {
+      const result = await service.createBatch('tnt-1', 'grp_1', ['grp_2', 'grp_3']);
+      expect(result).toHaveLength(2);
+      expect(mockPrisma.$transaction).toHaveBeenCalled();
+      expect(mockAudit.log).toHaveBeenCalledWith(
+        expect.objectContaining({
+          action: 'ROUTE_CREATED',
+          payload: expect.objectContaining({ count: 2 }),
+        }),
+      );
+    });
+
+    it('throws BadRequestException when targetGroupIds is empty', async () => {
+      await expect(service.createBatch('tnt-1', 'grp_1', [])).rejects.toThrow(BadRequestException);
+    });
+
+    it('throws BadRequestException when source is also a target', async () => {
+      await expect(service.createBatch('tnt-1', 'grp_1', ['grp_1'])).rejects.toThrow(BadRequestException);
+    });
+
+    it('throws BadRequestException when a target group is not in this tenant', async () => {
+      mockPrisma.group.findMany.mockResolvedValueOnce([{ id: 'grp_2', name: 'Beta' }]);
+      await expect(service.createBatch('tnt-1', 'grp_1', ['grp_2', 'grp_x'])).rejects.toThrow(BadRequestException);
+    });
+
+    it('throws ConflictException when any route already exists', async () => {
+      mockPrisma.syncRoute.findMany.mockResolvedValue([{ targetGroupId: 'grp_2' }]);
+      await expect(service.createBatch('tnt-1', 'grp_1', ['grp_2', 'grp_3'])).rejects.toThrow(ConflictException);
     });
   });
 
   describe('remove', () => {
-    it('deletes a route by id', async () => {
-      await service.remove('rt_1');
+    it('deletes a route and writes audit', async () => {
+      await service.remove('tnt-1', 'rt_1');
+      expect(mockPrisma.syncRoute.findFirst).toHaveBeenCalledWith({
+        where: { id: 'rt_1', tenantId: 'tnt-1' },
+      });
       expect(mockPrisma.syncRoute.delete).toHaveBeenCalledWith({ where: { id: 'rt_1' } });
+      expect(mockAudit.log).toHaveBeenCalledWith(
+        expect.objectContaining({ action: 'ROUTE_DELETED', resourceId: 'rt_1' }),
+      );
     });
 
-    it('throws NotFoundException when route does not exist (Prisma P2025)', async () => {
+    it('throws NotFoundException when route is not in this tenant', async () => {
+      mockPrisma.syncRoute.findFirst.mockResolvedValueOnce(null);
+      await expect(service.remove('tnt-1', 'bad_id')).rejects.toThrow(NotFoundException);
+    });
+
+    it('throws NotFoundException on Prisma P2025', async () => {
       const p2025 = new Prisma.PrismaClientKnownRequestError('Record not found', {
         code: 'P2025',
         clientVersion: '6.0.0',
       });
       mockPrisma.syncRoute.delete.mockRejectedValueOnce(p2025);
-      await expect(service.remove('bad_id')).rejects.toThrow(NotFoundException);
+      await expect(service.remove('tnt-1', 'rt_1')).rejects.toThrow(NotFoundException);
     });
   });
 });
diff --git a/apps/api/src/modules/routes/routes.service.ts b/apps/api/src/modules/routes/routes.service.ts
index b1fd9cc..4aecd49 100644
--- a/apps/api/src/modules/routes/routes.service.ts
+++ b/apps/api/src/modules/routes/routes.service.ts
@@ -1,52 +1,174 @@
 import { BadRequestException, ConflictException, Injectable, NotFoundException } from '@nestjs/common';
 import { Prisma } from '@prisma/client';
 import { PrismaService } from '../../prisma/prisma.service';
+import { AuditService } from '../audit/audit.service';
+import { AuditAction } from '../audit/audit.types';
+
+export interface BatchCreateResult {
+  created: Array<{ id: string; sourceGroupId: string; targetGroupId: string; sourceGroup: { name: string }; targetGroup: { name: string } }>;
+  skipped: string[];
+}
 
 const routeInclude = {
-  sourceGroup: { select: { name: true } },
-  targetGroup: { select: { name: true } },
+  sourceGroup: { select: { name: true, tenantId: true } },
+  targetGroup: { select: { name: true, tenantId: true } },
 } as const;
 
 @Injectable()
 export class RoutesService {
-  constructor(private readonly prisma: PrismaService) {}
+  constructor(
+    private readonly prisma: PrismaService,
+    private readonly audit: AuditService,
+  ) {}
 
-  list(sourceGroupId?: string) {
+  list(tenantId: string, sourceGroupId?: string) {
     return this.prisma.syncRoute.findMany({
-      where: sourceGroupId ? { sourceGroupId } : undefined,
-      include: routeInclude,
+      where: {
+        tenantId,
+        ...(sourceGroupId ? { sourceGroupId } : {}),
+      },
+      include: {
+        sourceGroup: { select: { name: true } },
+        targetGroup: { select: { name: true } },
+      },
       orderBy: { createdAt: 'desc' },
     });
   }
 
-  async create(sourceGroupId: string, targetGroupId: string) {
+  async create(tenantId: string, sourceGroupId: string, targetGroupId: string) {
     if (!sourceGroupId || !targetGroupId) {
       throw new BadRequestException('sourceGroupId and targetGroupId are required');
     }
     if (sourceGroupId === targetGroupId) {
       throw new BadRequestException('Source and target groups cannot be the same');
     }
+
+    // Source must be owned by this tenant AND active; target can be owned OR shared AND active
+    const [source, target] = await Promise.all([
+      this.prisma.group.findFirst({ where: { id: sourceGroupId, tenantId, isActive: true }, select: { id: true } }),
+      this.prisma.group.findFirst({
+        where: {
+          id: targetGroupId,
+          isActive: true,
+          OR: [
+            { tenantId },
+            { groupAccesses: { some: { tenantId } } },
+          ],
+        },
+        select: { id: true },
+      }),
+    ]);
+    if (!source) throw new BadRequestException('Source group is not available or the bot has been removed from it');
+    if (!target) throw new BadRequestException('Target group is not available or the bot has been removed from it');
+
     try {
-      return await this.prisma.syncRoute.create({
-        data: { sourceGroupId, targetGroupId },
-        include: routeInclude,
+      const route = await this.prisma.syncRoute.create({
+        data: { tenantId, sourceGroupId, targetGroupId },
+        include: {
+          sourceGroup: { select: { name: true } },
+          targetGroup: { select: { name: true } },
+        },
       });
+      await this.audit.log({
+        tenantId,
+        action: AuditAction.ROUTE_CREATED,
+        resourceType: 'SyncRoute',
+        resourceId: route.id,
+        payload: { sourceGroupId, targetGroupId },
+      });
+      return route;
     } catch (e) {
       if (e instanceof Prisma.PrismaClientKnownRequestError) {
         if (e.code === 'P2002') {
           throw new ConflictException('A route between these groups already exists');
         }
-        if (e.code === 'P2003') {
-          throw new BadRequestException('One or both group IDs do not exist');
-        }
       }
       throw e;
     }
   }
 
-  async remove(id: string) {
+  async createBatch(tenantId: string, sourceGroupId: string, targetGroupIds: string[]) {
+    if (!sourceGroupId || !targetGroupIds.length) {
+      throw new BadRequestException('sourceGroupId and at least one targetGroupId are required');
+    }
+
+    if (targetGroupIds.includes(sourceGroupId)) {
+      throw new BadRequestException('Source and target groups cannot be the same');
+    }
+
+    // Source group must exist in this tenant AND be active
+    const source = await this.prisma.group.findFirst({ where: { id: sourceGroupId, tenantId, isActive: true }, select: { id: true } });
+    if (!source) {
+      throw new BadRequestException('Source group is not available or the bot has been removed from it');
+    }
+
+    // All target groups must be owned OR shared AND active
+    const targets = await this.prisma.group.findMany({
+      where: {
+        id: { in: targetGroupIds },
+        isActive: true,
+        OR: [
+          { tenantId },
+          { groupAccesses: { some: { tenantId } } },
+        ],
+      },
+      select: { id: true, name: true },
+    });
+    if (targets.length !== targetGroupIds.length) {
+      const found = new Set(targets.map((t) => t.id));
+      const missing = targetGroupIds.filter((id) => !found.has(id));
+      throw new BadRequestException(`Target groups not found or not shared: ${missing.join(', ')}`);
+    }
+
+    // Check for existing conflicts — reject the whole batch
+    const existing = await this.prisma.syncRoute.findMany({
+      where: { tenantId, sourceGroupId, targetGroupId: { in: targetGroupIds } },
+      select: { targetGroupId: true },
+    });
+    if (existing.length > 0) {
+      const names = existing.map((e) => {
+        const t = targets.find((t) => t.id === e.targetGroupId);
+        return t?.name ?? e.targetGroupId;
+      });
+      throw new ConflictException(`Routes already exist for: ${names.join(', ')}`);
+    }
+
+    const created = await this.prisma.$transaction(
+      targetGroupIds.map((targetGroupId) =>
+        this.prisma.syncRoute.create({
+          data: { tenantId, sourceGroupId, targetGroupId },
+          include: {
+            sourceGroup: { select: { name: true } },
+            targetGroup: { select: { name: true } },
+          },
+        }),
+      ),
+    );
+
+    await this.audit.log({
+      tenantId,
+      action: AuditAction.ROUTE_CREATED,
+      resourceType: 'SyncRoute',
+      resourceId: created.map((r) => r.id).join(','),
+      payload: { sourceGroupId, targetGroupIds, count: created.length },
+    });
+
+    return created;
+  }
+
+  async remove(tenantId: string, id: string) {
+    // Verify ownership before delete
+    const existing = await this.prisma.syncRoute.findFirst({ where: { id, tenantId } });
+    if (!existing) throw new NotFoundException(`Route ${id} not found`);
+
     try {
       await this.prisma.syncRoute.delete({ where: { id } });
+      await this.audit.log({
+        tenantId,
+        action: AuditAction.ROUTE_DELETED,
+        resourceType: 'SyncRoute',
+        resourceId: id,
+      });
     } catch (e) {
       if (e instanceof Prisma.PrismaClientKnownRequestError && e.code === 'P2025') {
         throw new NotFoundException(`Route ${id} not found`);
diff --git a/apps/api/src/modules/rules/rules.controller.ts b/apps/api/src/modules/rules/rules.controller.ts
new file mode 100644
index 0000000..4b2e481
--- /dev/null
+++ b/apps/api/src/modules/rules/rules.controller.ts
@@ -0,0 +1,45 @@
+import { Body, Controller, Delete, Get, Param, Post, Put, UseGuards } from '@nestjs/common';
+import { RulesService } from './rules.service';
+import { JwtAuthGuard } from '../auth/jwt-auth.guard';
+import { RolesGuard } from '../auth/roles.guard';
+import { Roles } from '../auth/roles.decorator';
+import { CurrentTenantContext } from '../auth/current-tenant.decorator';
+import { TenantContext } from '../../common/tenant-context';
+import { CreateRuleRequest, UpdateRuleRequest } from '@tower/types';
+
+@Controller('admin/rules')
+@UseGuards(JwtAuthGuard, RolesGuard)
+@Roles('OWNER', 'ADMIN')
+export class RulesController {
+  constructor(private readonly rulesService: RulesService) {}
+
+  @Get()
+  list(@CurrentTenantContext() ctx: TenantContext) {
+    return this.rulesService.list(ctx.tenantId);
+  }
+
+  @Post()
+  create(
+    @CurrentTenantContext() ctx: TenantContext,
+    @Body() body: CreateRuleRequest,
+  ) {
+    return this.rulesService.create(ctx.tenantId, body);
+  }
+
+  @Put(':id')
+  update(
+    @CurrentTenantContext() ctx: TenantContext,
+    @Param('id') id: string,
+    @Body() body: UpdateRuleRequest,
+  ) {
+    return this.rulesService.update(ctx.tenantId, id, body);
+  }
+
+  @Delete(':id')
+  remove(
+    @CurrentTenantContext() ctx: TenantContext,
+    @Param('id') id: string,
+  ) {
+    return this.rulesService.remove(ctx.tenantId, id);
+  }
+}
diff --git a/apps/api/src/modules/rules/rules.module.ts b/apps/api/src/modules/rules/rules.module.ts
new file mode 100644
index 0000000..00736ad
--- /dev/null
+++ b/apps/api/src/modules/rules/rules.module.ts
@@ -0,0 +1,10 @@
+import { Module } from '@nestjs/common';
+import { RulesController } from './rules.controller';
+import { RulesService } from './rules.service';
+
+@Module({
+  controllers: [RulesController],
+  providers: [RulesService],
+  exports: [RulesService],
+})
+export class RulesModule {}
diff --git a/apps/api/src/modules/rules/rules.service.spec.ts b/apps/api/src/modules/rules/rules.service.spec.ts
new file mode 100644
index 0000000..78a6daa
--- /dev/null
+++ b/apps/api/src/modules/rules/rules.service.spec.ts
@@ -0,0 +1,80 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { ConflictException, NotFoundException } from '@nestjs/common';
+import { RulesService } from './rules.service';
+import { PrismaService } from '../../prisma/prisma.service';
+
+describe('RulesService', () => {
+  let service: RulesService;
+  const mockPrisma: any = {
+    tenantRule: { findMany: jest.fn(), findUnique: jest.fn(), findFirst: jest.fn(), create: jest.fn(), update: jest.fn(), delete: jest.fn() },
+  };
+
+  beforeEach(async () => {
+    jest.clearAllMocks();
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        RulesService,
+        { provide: PrismaService, useValue: mockPrisma },
+      ],
+    }).compile();
+    service = module.get<RulesService>(RulesService);
+  });
+
+  describe('list', () => {
+    it('returns rules ordered by priority', async () => {
+      mockPrisma.tenantRule.findMany.mockResolvedValue([
+        { id: 'r1', tenantId: 'tnt-1', matchType: 'HASHTAG', matchValue: '#important', action: 'FLAG', priority: 0, isActive: true, createdAt: new Date('2026-01-01'), updatedAt: new Date('2026-01-01') },
+        { id: 'r2', tenantId: 'tnt-1', matchType: 'PREFIX', matchValue: '/tower', action: 'FLAG', priority: 1, isActive: true, createdAt: new Date('2026-01-02'), updatedAt: new Date('2026-01-02') },
+      ]);
+      const res = await service.list('tnt-1');
+      expect(res).toHaveLength(2);
+      expect(res[0].matchValue).toBe('#important');
+      expect(mockPrisma.tenantRule.findMany).toHaveBeenCalledWith(expect.objectContaining({ where: { tenantId: 'tnt-1' } }));
+    });
+  });
+
+  describe('create', () => {
+    it('creates and returns a rule', async () => {
+      mockPrisma.tenantRule.findUnique.mockResolvedValue(null);
+      mockPrisma.tenantRule.create.mockResolvedValue({
+        id: 'r1', tenantId: 'tnt-1', matchType: 'HASHTAG', matchValue: '#event', action: 'FLAG', priority: 0, isActive: true, createdAt: new Date('2026-01-01'), updatedAt: new Date('2026-01-01'),
+      });
+      const res = await service.create('tnt-1', { matchType: 'HASHTAG', matchValue: '#event', action: 'FLAG' });
+      expect(res.matchValue).toBe('#event');
+    });
+
+    it('rejects duplicate rule', async () => {
+      mockPrisma.tenantRule.findUnique.mockResolvedValue({ id: 'existing' });
+      await expect(service.create('tnt-1', { matchType: 'HASHTAG', matchValue: '#event', action: 'FLAG' })).rejects.toThrow(ConflictException);
+    });
+  });
+
+  describe('update', () => {
+    it('updates and returns a rule', async () => {
+      mockPrisma.tenantRule.findFirst.mockResolvedValue({ id: 'r1', tenantId: 'tnt-1' });
+      mockPrisma.tenantRule.update.mockResolvedValue({
+        id: 'r1', tenantId: 'tnt-1', matchType: 'HASHTAG', matchValue: '#event', action: 'AUTO_APPROVE', priority: 0, isActive: true, createdAt: new Date('2026-01-01'), updatedAt: new Date('2026-01-02'),
+      });
+      const res = await service.update('tnt-1', 'r1', { action: 'AUTO_APPROVE' });
+      expect(res.action).toBe('AUTO_APPROVE');
+    });
+
+    it('throws on non-existent rule', async () => {
+      mockPrisma.tenantRule.findFirst.mockResolvedValue(null);
+      await expect(service.update('tnt-1', 'missing', { action: 'AUTO_APPROVE' })).rejects.toThrow(NotFoundException);
+    });
+  });
+
+  describe('remove', () => {
+    it('deletes a rule', async () => {
+      mockPrisma.tenantRule.findFirst.mockResolvedValue({ id: 'r1', tenantId: 'tnt-1' });
+      mockPrisma.tenantRule.delete.mockResolvedValue({});
+      await expect(service.remove('tnt-1', 'r1')).resolves.toBeUndefined();
+    });
+
+    it('throws on non-existent rule', async () => {
+      mockPrisma.tenantRule.findFirst.mockResolvedValue(null);
+      await expect(service.remove('tnt-1', 'missing')).rejects.toThrow(NotFoundException);
+    });
+  });
+});
diff --git a/apps/api/src/modules/rules/rules.service.ts b/apps/api/src/modules/rules/rules.service.ts
new file mode 100644
index 0000000..d0d2d39
--- /dev/null
+++ b/apps/api/src/modules/rules/rules.service.ts
@@ -0,0 +1,90 @@
+import { ConflictException, Injectable, NotFoundException } from '@nestjs/common';
+import { CreateRuleRequest, TenantRuleData, UpdateRuleRequest } from '@tower/types';
+import { PrismaService } from '../../prisma/prisma.service';
+
+@Injectable()
+export class RulesService {
+  constructor(private readonly prisma: PrismaService) {}
+
+  async list(tenantId: string): Promise<TenantRuleData[]> {
+    const rows = await this.prisma.tenantRule.findMany({
+      where: { tenantId },
+      orderBy: { priority: 'asc' },
+    });
+    return rows.map((r: any) => ({
+      id: r.id,
+      tenantId: r.tenantId,
+      matchType: r.matchType,
+      matchValue: r.matchValue,
+      action: r.action,
+      priority: r.priority,
+      isActive: r.isActive,
+      createdAt: r.createdAt.toISOString(),
+      updatedAt: r.updatedAt.toISOString(),
+    }));
+  }
+
+  async create(tenantId: string, req: CreateRuleRequest): Promise<TenantRuleData> {
+    const existing = await this.prisma.tenantRule.findUnique({
+      where: { tenantId_matchType_matchValue: { tenantId, matchType: req.matchType, matchValue: req.matchValue } },
+    });
+    if (existing) {
+      throw new ConflictException('A rule with this matchType + matchValue already exists');
+    }
+
+    const row = await this.prisma.tenantRule.create({
+      data: {
+        tenantId,
+        matchType: req.matchType,
+        matchValue: req.matchValue,
+        action: req.action,
+        priority: req.priority ?? 0,
+        isActive: req.isActive ?? true,
+      },
+    });
+
+    return {
+      id: row.id,
+      tenantId: row.tenantId,
+      matchType: row.matchType as any,
+      matchValue: row.matchValue,
+      action: row.action as any,
+      priority: row.priority,
+      isActive: row.isActive,
+      createdAt: row.createdAt.toISOString(),
+      updatedAt: row.updatedAt.toISOString(),
+    };
+  }
+
+  async update(tenantId: string, id: string, req: UpdateRuleRequest): Promise<TenantRuleData> {
+    const rule = await this.prisma.tenantRule.findFirst({ where: { id, tenantId } });
+    if (!rule) throw new NotFoundException('Rule not found');
+
+    const data: any = {};
+    if (req.matchType !== undefined) data.matchType = req.matchType;
+    if (req.matchValue !== undefined) data.matchValue = req.matchValue;
+    if (req.action !== undefined) data.action = req.action;
+    if (req.priority !== undefined) data.priority = req.priority;
+    if (req.isActive !== undefined) data.isActive = req.isActive;
+
+    const row = await this.prisma.tenantRule.update({ where: { id }, data });
+
+    return {
+      id: row.id,
+      tenantId: row.tenantId,
+      matchType: row.matchType as any,
+      matchValue: row.matchValue,
+      action: row.action as any,
+      priority: row.priority,
+      isActive: row.isActive,
+      createdAt: row.createdAt.toISOString(),
+      updatedAt: row.updatedAt.toISOString(),
+    };
+  }
+
+  async remove(tenantId: string, id: string): Promise<void> {
+    const rule = await this.prisma.tenantRule.findFirst({ where: { id, tenantId } });
+    if (!rule) throw new NotFoundException('Rule not found');
+    await this.prisma.tenantRule.delete({ where: { id } });
+  }
+}
diff --git a/apps/api/src/modules/search/search.controller.spec.ts b/apps/api/src/modules/search/search.controller.spec.ts
index 9c7bf80..7b86d47 100644
--- a/apps/api/src/modules/search/search.controller.spec.ts
+++ b/apps/api/src/modules/search/search.controller.spec.ts
@@ -1,9 +1,12 @@
 import { Test, TestingModule } from '@nestjs/testing';
 import { SearchController } from './search.controller';
 import { SearchService } from './search.service';
+import type { TenantContext } from '../../common/tenant-context';
 
 const mockSearchService = { search: jest.fn() };
 
+const ctx: TenantContext = { tenantId: 'tnt_1', adminId: 'adm_1', role: 'OWNER' };
+
 describe('SearchController', () => {
   let controller: SearchController;
 
@@ -18,26 +21,28 @@ describe('SearchController', () => {
 
   it('calls service with all parsed params', async () => {
     mockSearchService.search.mockResolvedValue({ hits: [], total: 0, page: 2, limit: 10, query: 'hello' });
-    await controller.search('hello', 'grp-1', 'important,event', '2', '10');
-    expect(mockSearchService.search).toHaveBeenCalledWith('hello', 'grp-1', ['important', 'event'], 2, 10);
+    await controller.search(ctx, 'hello', 'grp-1', 'important,event', '2', '10');
+    expect(mockSearchService.search).toHaveBeenCalledWith(
+      'tnt_1', 'hello', 'grp-1', ['important', 'event'], 2, 10,
+    );
   });
 
   it('defaults page to 1 and limit to 20 when not provided', async () => {
     mockSearchService.search.mockResolvedValue({ hits: [], total: 0, page: 1, limit: 20, query: '' });
-    await controller.search('');
-    expect(mockSearchService.search).toHaveBeenCalledWith('', undefined, undefined, 1, 20);
+    await controller.search(ctx, '');
+    expect(mockSearchService.search).toHaveBeenCalledWith('tnt_1', '', undefined, undefined, 1, 20);
   });
 
   it('returns the service result directly', async () => {
     const expected = { hits: [{ id: 'msg-1' }], total: 1, page: 1, limit: 20, query: 'test' };
     mockSearchService.search.mockResolvedValue(expected);
-    const result = await controller.search('test');
+    const result = await controller.search(ctx, 'test');
     expect(result).toEqual(expected);
   });
 
   it('splits tags on comma and trims whitespace', async () => {
     mockSearchService.search.mockResolvedValue({ hits: [], total: 0, page: 1, limit: 20, query: '' });
-    await controller.search('', undefined, ' important , event ');
-    expect(mockSearchService.search).toHaveBeenCalledWith('', undefined, ['important', 'event'], 1, 20);
+    await controller.search(ctx, '', undefined, ' important , event ');
+    expect(mockSearchService.search).toHaveBeenCalledWith('tnt_1', '', undefined, ['important', 'event'], 1, 20);
   });
 });
diff --git a/apps/api/src/modules/search/search.controller.ts b/apps/api/src/modules/search/search.controller.ts
index 84f78fa..0537cd7 100644
--- a/apps/api/src/modules/search/search.controller.ts
+++ b/apps/api/src/modules/search/search.controller.ts
@@ -1,5 +1,7 @@
 import { Controller, Get, Query } from '@nestjs/common';
 import { SearchService } from './search.service';
+import { CurrentTenantContext } from '../auth/current-tenant.decorator';
+import { TenantContext } from '../../common/tenant-context';
 
 @Controller('search')
 export class SearchController {
@@ -7,6 +9,7 @@ export class SearchController {
 
   @Get()
   search(
+    @CurrentTenantContext() ctx: TenantContext,
     @Query('q') q = '',
     @Query('groupId') groupId?: string,
     @Query('tags') tags?: string,
@@ -16,6 +19,6 @@ export class SearchController {
     const tagList = tags
       ? tags.split(',').map((t) => t.trim()).filter(Boolean)
       : undefined;
-    return this.searchService.search(q, groupId, tagList, Number(page), Number(limit));
+    return this.searchService.search(ctx.tenantId, q, groupId, tagList, Number(page), Number(limit));
   }
 }
diff --git a/apps/api/src/modules/search/search.service.spec.ts b/apps/api/src/modules/search/search.service.spec.ts
index f932582..28429d8 100644
--- a/apps/api/src/modules/search/search.service.spec.ts
+++ b/apps/api/src/modules/search/search.service.spec.ts
@@ -34,70 +34,76 @@ describe('SearchService', () => {
     expect(searchPkg.configureIndex).toHaveBeenCalledWith(mockClient);
   });
 
+  it('always filters by tenantId', async () => {
+    mockSearch.mockResolvedValue({ hits: [], totalHits: 0 });
+    await service.search('tnt-1', 'test');
+    expect(mockSearch).toHaveBeenCalledWith(
+      'test',
+      expect.objectContaining({ filter: 'tenantId = "tnt-1"' }),
+    );
+  });
+
   it('returns hits and total', async () => {
     mockSearch.mockResolvedValue({ hits: [{ id: 'msg-1', content: 'hello' }], totalHits: 1 });
-    const result = await service.search('hello');
+    const result = await service.search('tnt-1', 'hello');
     expect(result.hits).toHaveLength(1);
     expect(result.total).toBe(1);
     expect(result.query).toBe('hello');
   });
 
-  it('searches with no filter when no groupId or tags', async () => {
+  it('applies sourceGroupId filter alongside tenant', async () => {
     mockSearch.mockResolvedValue({ hits: [], totalHits: 0 });
-    await service.search('test');
-    expect(mockSearch).toHaveBeenCalledWith('test', expect.objectContaining({ filter: undefined }));
-  });
-
-  it('applies sourceGroupId filter', async () => {
-    mockSearch.mockResolvedValue({ hits: [], totalHits: 0 });
-    await service.search('hello', 'grp-1');
+    await service.search('tnt-1', 'hello', 'grp-1');
     expect(mockSearch).toHaveBeenCalledWith(
       'hello',
-      expect.objectContaining({ filter: 'sourceGroupId = "grp-1"' }),
+      expect.objectContaining({ filter: 'tenantId = "tnt-1" AND sourceGroupId = "grp-1"' }),
     );
   });
 
-  it('applies tags filter', async () => {
+  it('applies tags filter alongside tenant', async () => {
     mockSearch.mockResolvedValue({ hits: [], totalHits: 0 });
-    await service.search('hello', undefined, ['#important']);
+    await service.search('tnt-1', 'hello', undefined, ['#important']);
     expect(mockSearch).toHaveBeenCalledWith(
       'hello',
-      expect.objectContaining({ filter: 'tags = "#important"' }),
+      expect.objectContaining({ filter: 'tenantId = "tnt-1" AND tags = "#important"' }),
     );
   });
 
-  it('combines groupId and tags filters with AND', async () => {
+  it('combines groupId and tags filters with AND, all behind tenant', async () => {
     mockSearch.mockResolvedValue({ hits: [], totalHits: 0 });
-    await service.search('hello', 'grp-1', ['#important', '#event']);
+    await service.search('tnt-1', 'hello', 'grp-1', ['#important', '#event']);
     expect(mockSearch).toHaveBeenCalledWith(
       'hello',
       expect.objectContaining({
-        filter: 'sourceGroupId = "grp-1" AND tags = "#important" AND tags = "#event"',
+        filter:
+          'tenantId = "tnt-1" AND sourceGroupId = "grp-1" AND tags = "#important" AND tags = "#event"',
       }),
     );
   });
 
   it('defaults page to 1 and hitsPerPage to 20', async () => {
     mockSearch.mockResolvedValue({ hits: [], totalHits: 0 });
-    await service.search('hello');
+    await service.search('tnt-1', 'hello');
     expect(mockSearch).toHaveBeenCalledWith(
       'hello',
       expect.objectContaining({ page: 1, hitsPerPage: 20 }),
     );
   });
 
-  it('escapes double-quotes in groupId to prevent filter injection', async () => {
+  it('escapes double-quotes in filter values to prevent injection', async () => {
     mockSearch.mockResolvedValue({ hits: [], totalHits: 0 });
-    await service.search('hello', 'grp"1"OR id EXISTS');
+    await service.search('tnt-1', 'hello', 'grp"1"OR id EXISTS');
     expect(mockSearch).toHaveBeenCalledWith(
       'hello',
-      expect.objectContaining({ filter: 'sourceGroupId = "grp\\"1\\"OR id EXISTS"' }),
+      expect.objectContaining({
+        filter: 'tenantId = "tnt-1" AND sourceGroupId = "grp\\"1\\"OR id EXISTS"',
+      }),
     );
   });
 
-  it('clamps page to minimum 1 and limit to maximum 100', async () => {
+  it('clamps page to min 1 and limit to max 100', async () => {
     mockSearch.mockResolvedValue({ hits: [], totalHits: 0 });
-    await service.search('hello', undefined, undefined, 0, 999);
+    await service.search('tnt-1', 'hello', undefined, undefined, 0, 999);
     expect(mockSearch).toHaveBeenCalledWith(
       'hello',
       expect.objectContaining({ page: 1, hitsPerPage: 100 }),
diff --git a/apps/api/src/modules/search/search.service.ts b/apps/api/src/modules/search/search.service.ts
index 50002b0..01b68b5 100644
--- a/apps/api/src/modules/search/search.service.ts
+++ b/apps/api/src/modules/search/search.service.ts
@@ -30,6 +30,7 @@ export class SearchService implements OnModuleInit {
   }
 
   async search(
+    tenantId: string,
     query: string,
     groupId?: string,
     tags?: string[],
@@ -39,12 +40,13 @@ export class SearchService implements OnModuleInit {
     const safePage = Math.max(1, Math.floor(Number.isFinite(page) ? page : 1));
     const safeLimit = Math.min(100, Math.max(1, Math.floor(Number.isFinite(limit) ? limit : 20)));
 
-    const filters: string[] = [];
+    // Always filter by tenant — non-negotiable for multi-tenant isolation
+    const filters: string[] = [`tenantId = "${SearchService.escapeFilterValue(tenantId)}"`];
     if (groupId) filters.push(`sourceGroupId = "${SearchService.escapeFilterValue(groupId)}"`);
     if (tags?.length) filters.push(...tags.map((t) => `tags = "${SearchService.escapeFilterValue(t)}"`));
 
     const result = await this.client.index<MeiliDocument>(MESSAGES_INDEX).search(query, {
-      filter: filters.length ? filters.join(' AND ') : undefined,
+      filter: filters.join(' AND '),
       page: safePage,
       hitsPerPage: safeLimit,
       sort: ['approvedAt:desc'],
diff --git a/apps/api/src/modules/super-admin/super-admin.controller.ts b/apps/api/src/modules/super-admin/super-admin.controller.ts
new file mode 100644
index 0000000..301ecf0
--- /dev/null
+++ b/apps/api/src/modules/super-admin/super-admin.controller.ts
@@ -0,0 +1,21 @@
+import { Body, Controller, Get, Post, Req, UseGuards } from '@nestjs/common';
+import { SuperAdminService } from './super-admin.service';
+import { SuperAdminGuard } from './super-admin.guard';
+import { Public } from '../auth/public.decorator';
+
+@Controller('auth/super')
+export class SuperAdminController {
+  constructor(private readonly superAdminService: SuperAdminService) {}
+
+  @Public()
+  @Post('login')
+  login(@Body() body: { email: string; password: string }) {
+    return this.superAdminService.login(body.email, body.password);
+  }
+
+  @UseGuards(SuperAdminGuard)
+  @Get('me')
+  me(@Req() req: any) {
+    return this.superAdminService.me(req.user.sub);
+  }
+}
diff --git a/apps/api/src/modules/super-admin/super-admin.guard.ts b/apps/api/src/modules/super-admin/super-admin.guard.ts
new file mode 100644
index 0000000..a9a1351
--- /dev/null
+++ b/apps/api/src/modules/super-admin/super-admin.guard.ts
@@ -0,0 +1,23 @@
+import { CanActivate, ExecutionContext, Global, Injectable, UnauthorizedException } from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+
+@Injectable()
+export class SuperAdminGuard implements CanActivate {
+  constructor(private readonly jwtService: JwtService) {}
+
+  canActivate(context: ExecutionContext): boolean {
+    const req = context.switchToHttp().getRequest();
+    const authHeader = req.headers.authorization;
+    if (!authHeader?.startsWith('Bearer ')) throw new UnauthorizedException();
+
+    const token = authHeader.slice(7);
+    try {
+      const payload = this.jwtService.verify(token);
+      if (payload.kind !== 'superadmin') throw new UnauthorizedException('Not a super admin');
+      req.user = payload;
+      return true;
+    } catch {
+      throw new UnauthorizedException();
+    }
+  }
+}
diff --git a/apps/api/src/modules/super-admin/super-admin.module.ts b/apps/api/src/modules/super-admin/super-admin.module.ts
new file mode 100644
index 0000000..bb34ee8
--- /dev/null
+++ b/apps/api/src/modules/super-admin/super-admin.module.ts
@@ -0,0 +1,25 @@
+import { Global, Module } from '@nestjs/common';
+import { JwtModule } from '@nestjs/jwt';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { SuperAdminController } from './super-admin.controller';
+import { SuperAdminService } from './super-admin.service';
+import { SuperAdminGuard } from './super-admin.guard';
+import { PrismaModule } from '../../prisma/prisma.module';
+
+@Global()
+@Module({
+  imports: [
+    PrismaModule,
+    JwtModule.registerAsync({
+      imports: [ConfigModule],
+      inject: [ConfigService],
+      useFactory: (config: ConfigService) => ({
+        secret: config.get<string>('JWT_SECRET') ?? '',
+      }),
+    }),
+  ],
+  controllers: [SuperAdminController],
+  providers: [SuperAdminService, SuperAdminGuard],
+  exports: [SuperAdminGuard, JwtModule],
+})
+export class SuperAdminModule {}
diff --git a/apps/api/src/modules/super-admin/super-admin.service.ts b/apps/api/src/modules/super-admin/super-admin.service.ts
new file mode 100644
index 0000000..9e57ba1
--- /dev/null
+++ b/apps/api/src/modules/super-admin/super-admin.service.ts
@@ -0,0 +1,35 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import { ConfigService } from '@nestjs/config';
+import * as bcrypt from 'bcryptjs';
+import { PrismaService } from '../../prisma/prisma.service';
+
+@Injectable()
+export class SuperAdminService {
+  constructor(
+    private readonly prisma: PrismaService,
+    private readonly jwtService: JwtService,
+    private readonly config: ConfigService,
+  ) {}
+
+  async login(email: string, password: string): Promise<{ token: string; superAdmin: { id: string; email: string; name: string | null } }> {
+    const admin = await this.prisma.superAdmin.findUnique({ where: { email } });
+    if (!admin) throw new UnauthorizedException('Invalid credentials');
+
+    const valid = await bcrypt.compare(password, admin.passwordHash);
+    if (!valid) throw new UnauthorizedException('Invalid credentials');
+
+    const token = this.jwtService.sign(
+      { kind: 'superadmin', sub: admin.id, email: admin.email },
+      { secret: this.config.get<string>('JWT_SECRET'), expiresIn: '7d' },
+    );
+
+    return { token, superAdmin: { id: admin.id, email: admin.email, name: admin.name } };
+  }
+
+  async me(adminId: string): Promise<{ id: string; email: string; name: string | null }> {
+    const admin = await this.prisma.superAdmin.findUnique({ where: { id: adminId } });
+    if (!admin) throw new UnauthorizedException('Super admin not found');
+    return { id: admin.id, email: admin.email, name: admin.name };
+  }
+}
diff --git a/apps/api/src/modules/tenant/tenant.controller.ts b/apps/api/src/modules/tenant/tenant.controller.ts
new file mode 100644
index 0000000..2c4cfaa
--- /dev/null
+++ b/apps/api/src/modules/tenant/tenant.controller.ts
@@ -0,0 +1,24 @@
+import { Body, Controller, Get, Param, Patch, UseGuards } from '@nestjs/common';
+import { TenantService } from './tenant.service';
+import { SuperAdminGuard } from '../super-admin/super-admin.guard';
+
+@Controller('admin/tenants')
+@UseGuards(SuperAdminGuard)
+export class TenantController {
+  constructor(private readonly tenantService: TenantService) {}
+
+  @Get()
+  list() {
+    return this.tenantService.list();
+  }
+
+  @Get(':id')
+  get(@Param('id') id: string) {
+    return this.tenantService.get(id);
+  }
+
+  @Patch(':id')
+  update(@Param('id') id: string, @Body() body: { isActive?: boolean; isForwardingPaused?: boolean }) {
+    return this.tenantService.update(id, body);
+  }
+}
diff --git a/apps/api/src/modules/tenant/tenant.module.ts b/apps/api/src/modules/tenant/tenant.module.ts
new file mode 100644
index 0000000..1eaa0c6
--- /dev/null
+++ b/apps/api/src/modules/tenant/tenant.module.ts
@@ -0,0 +1,12 @@
+import { Module } from '@nestjs/common';
+import { TenantController } from './tenant.controller';
+import { TenantService } from './tenant.service';
+import { PrismaModule } from '../../prisma/prisma.module';
+import { SuperAdminModule } from '../super-admin/super-admin.module';
+
+@Module({
+  imports: [PrismaModule, SuperAdminModule],
+  controllers: [TenantController],
+  providers: [TenantService],
+})
+export class TenantModule {}
diff --git a/apps/api/src/modules/tenant/tenant.service.ts b/apps/api/src/modules/tenant/tenant.service.ts
new file mode 100644
index 0000000..91885fb
--- /dev/null
+++ b/apps/api/src/modules/tenant/tenant.service.ts
@@ -0,0 +1,86 @@
+import { Injectable, NotFoundException } from '@nestjs/common';
+import { PrismaService } from '../../prisma/prisma.service';
+
+@Injectable()
+export class TenantService {
+  constructor(private readonly prisma: PrismaService) {}
+
+  async list(): Promise<any[]> {
+    const tenants = await this.prisma.tenant.findMany({
+      orderBy: { createdAt: 'desc' },
+      include: {
+        _count: { select: { groups: true, admins: true, messages: true, tenantBots: true } },
+        tenantBots: { include: { account: { select: { jid: true, displayName: true, status: true } } } },
+      },
+    });
+    return tenants.map((t) => ({
+      id: t.id,
+      slug: t.slug,
+      name: t.name,
+      isActive: t.isActive,
+      isForwardingPaused: t.isForwardingPaused,
+      createdAt: t.createdAt.toISOString(),
+      stats: {
+        groups: t._count.groups,
+        admins: t._count.admins,
+        messages: t._count.messages,
+        bots: t._count.tenantBots,
+      },
+      bot: t.tenantBots[0]
+        ? { jid: t.tenantBots[0].account.jid, displayName: t.tenantBots[0].account.displayName, status: t.tenantBots[0].account.status }
+        : null,
+    }));
+  }
+
+  async get(id: string): Promise<any> {
+    const t = await this.prisma.tenant.findUnique({
+      where: { id },
+      include: {
+        _count: { select: { groups: true, admins: true, messages: true, rules: true, syncRoutes: true } },
+        tenantBots: { include: { account: { select: { id: true, jid: true, displayName: true, status: true, createdAt: true } } } },
+        admins: { select: { id: true, email: true, role: true, createdAt: true } },
+      },
+    });
+    if (!t) throw new NotFoundException('Tenant not found');
+    return {
+      id: t.id,
+      slug: t.slug,
+      name: t.name,
+      isActive: t.isActive,
+      isForwardingPaused: t.isForwardingPaused,
+      createdAt: t.createdAt.toISOString(),
+      stats: {
+        groups: t._count.groups,
+        admins: t._count.admins,
+        messages: t._count.messages,
+        rules: t._count.rules,
+        routes: t._count.syncRoutes,
+      },
+      bot: t.tenantBots[0]
+        ? { id: t.tenantBots[0].account.id, jid: t.tenantBots[0].account.jid, displayName: t.tenantBots[0].account.displayName, status: t.tenantBots[0].account.status, linkedSince: t.tenantBots[0].createdAt.toISOString() }
+        : null,
+      admins: t.admins,
+    };
+  }
+
+  async update(id: string, data: { isActive?: boolean; isForwardingPaused?: boolean }): Promise<any> {
+    const t = await this.prisma.tenant.findUnique({ where: { id } });
+    if (!t) throw new NotFoundException('Tenant not found');
+
+    const updated = await this.prisma.tenant.update({
+      where: { id },
+      data: {
+        ...(data.isActive !== undefined && { isActive: data.isActive }),
+        ...(data.isForwardingPaused !== undefined && { isForwardingPaused: data.isForwardingPaused }),
+      },
+    });
+
+    return {
+      id: updated.id,
+      slug: updated.slug,
+      name: updated.name,
+      isActive: updated.isActive,
+      isForwardingPaused: updated.isForwardingPaused,
+    };
+  }
+}
diff --git a/apps/api/src/prisma/prisma.service.spec.ts b/apps/api/src/prisma/prisma.service.spec.ts
index cd752c1..6ecd8e2 100644
--- a/apps/api/src/prisma/prisma.service.spec.ts
+++ b/apps/api/src/prisma/prisma.service.spec.ts
@@ -22,8 +22,14 @@ describe('PrismaService', () => {
   });
 
   it('creates and retrieves a Group, then cleans up', async () => {
+    const tenant = await prisma.tenant.upsert({
+      where: { slug: 'default' },
+      update: {},
+      create: { id: 'tnt_test', slug: 'default', name: 'Default Tenant' },
+    });
     const group = await prisma.group.create({
       data: {
+        tenantId: tenant.id,
         platform: 'whatsapp',
         platformId: `test-group-${Date.now()}@g.us`,
         name: 'Test Group',
diff --git a/apps/api/src/queues/forward.queue.ts b/apps/api/src/queues/forward.queue.ts
new file mode 100644
index 0000000..8e43455
--- /dev/null
+++ b/apps/api/src/queues/forward.queue.ts
@@ -0,0 +1,35 @@
+import { Provider } from '@nestjs/common';
+import { Queue } from 'bullmq';
+import { ConfigService } from '@nestjs/config';
+import { ForwardJobData, IndexJobData } from '@tower/types';
+import { parseRedisUrl } from './redis-connection';
+
+export const FORWARD_QUEUE = 'FORWARD_QUEUE';
+export const INDEX_QUEUE = 'INDEX_QUEUE';
+
+export function createForwardQueue(redisUrl: string): Queue<ForwardJobData> {
+  return new Queue<ForwardJobData>('tower-forward', {
+    connection: parseRedisUrl(redisUrl),
+  });
+}
+
+export function createIndexQueue(redisUrl: string): Queue<IndexJobData> {
+  return new Queue<IndexJobData>('tower-index', {
+    connection: parseRedisUrl(redisUrl),
+  });
+}
+
+export const forwardQueueProvider: Provider = {
+  provide: FORWARD_QUEUE,
+  useFactory: (config: ConfigService) =>
+    createForwardQueue(config.get<string>('REDIS_URL', 'redis://localhost:6379')),
+  inject: [ConfigService],
+};
+
+export const indexQueueProvider: Provider = {
+  provide: INDEX_QUEUE,
+  useFactory: (config: ConfigService) =>
+    createIndexQueue(config.get<string>('REDIS_URL', 'redis://localhost:6379')),
+  inject: [ConfigService],
+};
+
diff --git a/apps/api/src/queues/redis-connection.ts b/apps/api/src/queues/redis-connection.ts
new file mode 100644
index 0000000..05d70b4
--- /dev/null
+++ b/apps/api/src/queues/redis-connection.ts
@@ -0,0 +1,4 @@
+export function parseRedisUrl(url: string) {
+  const { hostname, port } = new URL(url);
+  return { host: hostname, port: parseInt(port || '6379', 10), maxRetriesPerRequest: null };
+}
diff --git a/apps/web/app/_lib/api.ts b/apps/web/app/_lib/api.ts
new file mode 100644
index 0000000..62fb540
--- /dev/null
+++ b/apps/web/app/_lib/api.ts
@@ -0,0 +1,61 @@
+import { cookies } from 'next/headers';
+
+export const TOKEN_COOKIE = 'tower_token';
+export const MEMBER_COOKIE = 'tower_member_token';
+const MEMBER_MAX_AGE_SECONDS = 60 * 60 * 24 * 30;
+
+export function getApiBaseUrl(): string {
+  return process.env['API_URL'] ?? 'http://localhost:3001';
+}
+
+export async function getToken(): Promise<string | undefined> {
+  const store = await cookies();
+  return store.get(TOKEN_COOKIE)?.value;
+}
+
+export async function getMemberToken(): Promise<string | undefined> {
+  const store = await cookies();
+  return store.get(MEMBER_COOKIE)?.value;
+}
+
+function withAuthHeader(headers: Headers, token: string | undefined): void {
+  headers.set('Accept', 'application/json');
+  if (token && !headers.has('Authorization')) {
+    headers.set('Authorization', `Bearer ${token}`);
+  }
+}
+
+export async function apiFetch(path: string, init: RequestInit = {}): Promise<Response> {
+  const token = await getToken();
+  const headers = new Headers(init.headers);
+  withAuthHeader(headers, token);
+  if (init.body && !headers.has('Content-Type')) {
+    headers.set('Content-Type', 'application/json');
+  }
+  return fetch(`${getApiBaseUrl()}${path}`, { ...init, headers, cache: 'no-store' });
+}
+
+export async function memberApiFetch(path: string, init: RequestInit = {}): Promise<Response> {
+  const token = await getMemberToken();
+  const headers = new Headers(init.headers);
+  withAuthHeader(headers, token);
+  if (init.body && !headers.has('Content-Type')) {
+    headers.set('Content-Type', 'application/json');
+  }
+  return fetch(`${getApiBaseUrl()}${path}`, { ...init, headers, cache: 'no-store' });
+}
+
+export function buildMemberCookie(token: string): string {
+  return `${MEMBER_COOKIE}=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=${MEMBER_MAX_AGE_SECONDS}`;
+}
+
+export function clearMemberCookie(): string {
+  return `${MEMBER_COOKIE}=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0`;
+}
+
+export function jsonResponse(body: unknown, status = 200, extraHeaders: Record<string, string> = {}): Response {
+  return new Response(JSON.stringify(body), {
+    status,
+    headers: { 'Content-Type': 'application/json', ...extraHeaders },
+  });
+}
diff --git a/apps/web/app/_lib/auth-context.test.tsx b/apps/web/app/_lib/auth-context.test.tsx
new file mode 100644
index 0000000..3e13df3
--- /dev/null
+++ b/apps/web/app/_lib/auth-context.test.tsx
@@ -0,0 +1,79 @@
+import { act, render, screen, waitFor } from '@testing-library/react';
+import { AuthProvider, useAuth } from './auth-context';
+
+function Probe() {
+  const { admin, loading, error, logout } = useAuth();
+  return (
+    <div>
+      <div data-testid="loading">{String(loading)}</div>
+      <div data-testid="admin">{admin?.email ?? 'null'}</div>
+      <div data-testid="error">{error ?? 'null'}</div>
+      <button type="button" onClick={() => void logout()}>logout</button>
+    </div>
+  );
+}
+
+let fetchSpy: jest.SpyInstance;
+
+beforeEach(() => {
+  fetchSpy = jest.spyOn(global, 'fetch');
+});
+
+afterEach(() => {
+  jest.restoreAllMocks();
+});
+
+describe('AuthProvider', () => {
+  it('exposes a loading state then sets admin from /api/auth/me', async () => {
+    fetchSpy.mockResolvedValue(
+      new Response(JSON.stringify({ admin: { id: 'a-1', email: 'me@x.com', role: 'OWNER', tenantId: 't1', tenantSlug: 'default', tenantName: 'Default' } }), {
+        status: 200,
+        headers: { 'Content-Type': 'application/json' },
+      }),
+    );
+    render(
+      <AuthProvider>
+        <Probe />
+      </AuthProvider>,
+    );
+    await waitFor(() => expect(screen.getByTestId('admin')).toHaveTextContent('me@x.com'));
+    expect(screen.getByTestId('loading')).toHaveTextContent('false');
+  });
+
+  it('sets admin to null on 401', async () => {
+    fetchSpy.mockResolvedValue(
+      new Response(JSON.stringify({ message: 'Unauthorized' }), {
+        status: 401,
+        headers: { 'Content-Type': 'application/json' },
+      }),
+    );
+    render(
+      <AuthProvider>
+        <Probe />
+      </AuthProvider>,
+    );
+    await waitFor(() => expect(screen.getByTestId('admin')).toHaveTextContent('null'));
+  });
+
+  it('calls POST /api/auth/logout when logout is invoked', async () => {
+    fetchSpy
+      .mockResolvedValueOnce(
+        new Response(JSON.stringify({ admin: { id: 'a-1', email: 'me@x.com' } }), {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        }),
+      )
+      .mockResolvedValueOnce(new Response(null, { status: 204 }));
+    render(
+      <AuthProvider>
+        <Probe />
+      </AuthProvider>,
+    );
+    await waitFor(() => expect(screen.getByTestId('admin')).toHaveTextContent('me@x.com'));
+    await act(async () => {
+      screen.getByText('logout').click();
+    });
+    await waitFor(() => expect(fetchSpy).toHaveBeenCalledWith('/api/auth/logout', expect.objectContaining({ method: 'POST' })));
+    expect(screen.getByTestId('admin')).toHaveTextContent('null');
+  });
+});
diff --git a/apps/web/app/_lib/auth-context.tsx b/apps/web/app/_lib/auth-context.tsx
new file mode 100644
index 0000000..9b52aee
--- /dev/null
+++ b/apps/web/app/_lib/auth-context.tsx
@@ -0,0 +1,74 @@
+'use client';
+
+import { createContext, useCallback, useContext, useEffect, useState } from 'react';
+
+export interface AuthAdmin {
+  id: string;
+  email: string;
+  name?: string | null;
+  role: 'OWNER' | 'ADMIN' | 'VIEWER';
+  tenantId: string;
+  tenantSlug: string;
+  tenantName?: string;
+}
+
+interface AuthState {
+  admin: AuthAdmin | null;
+  loading: boolean;
+  error: string | null;
+  refresh: () => Promise<void>;
+  logout: () => Promise<void>;
+}
+
+const AuthContext = createContext<AuthState | null>(null);
+
+export function AuthProvider({ children }: { children: React.ReactNode }) {
+  const [admin, setAdmin] = useState<AuthAdmin | null>(null);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+
+  const refresh = useCallback(async () => {
+    setLoading(true);
+    setError(null);
+    try {
+      const res = await fetch('/api/auth/me', { credentials: 'include' });
+      if (res.status === 401) {
+        setAdmin(null);
+        return;
+      }
+      if (!res.ok) {
+        setError('Unable to verify session');
+        setAdmin(null);
+        return;
+      }
+      const data = await res.json();
+      setAdmin(data.admin ?? null);
+    } catch (e) {
+      setError(e instanceof Error ? e.message : 'Network error');
+      setAdmin(null);
+    } finally {
+      setLoading(false);
+    }
+  }, []);
+
+  const logout = useCallback(async () => {
+    await fetch('/api/auth/logout', { method: 'POST', credentials: 'include' });
+    setAdmin(null);
+  }, []);
+
+  useEffect(() => {
+    void refresh();
+  }, [refresh]);
+
+  return (
+    <AuthContext.Provider value={{ admin, loading, error, refresh, logout }}>
+      {children}
+    </AuthContext.Provider>
+  );
+}
+
+export function useAuth(): AuthState {
+  const ctx = useContext(AuthContext);
+  if (!ctx) throw new Error('useAuth must be used within <AuthProvider>');
+  return ctx;
+}
diff --git a/apps/web/app/_lib/sidebar.tsx b/apps/web/app/_lib/sidebar.tsx
new file mode 100644
index 0000000..365b4f1
--- /dev/null
+++ b/apps/web/app/_lib/sidebar.tsx
@@ -0,0 +1,146 @@
+'use client';
+
+import Link from 'next/link';
+import { usePathname, useRouter } from 'next/navigation';
+import { useEffect, useState } from 'react';
+import { useSuperAdmin } from './super-admin-context';
+import { useAuth } from './auth-context';
+
+const NAV_LINKS = [
+  { href: '/search', label: 'Search' },
+  { href: '/groups', label: 'Groups & Routes' },
+  { href: '/messages/pending', label: 'Pending messages' },
+  { href: '/settings/rules', label: 'Rules' },
+  { href: '/settings/bot', label: 'Bot' },
+];
+
+const SUPER_ADMIN_LINKS = [
+  { href: '/admin', label: 'Dashboard' },
+  { href: '/admin/tenants', label: 'Tenants' },
+  { href: '/admin/bots', label: 'Bot Pool' },
+];
+
+const PUBLIC_PATHS = ['/login', '/signup', '/onboard'];
+const ADMIN_PATHS = ['/admin'];
+const MEMBER_PATHS = ['/my'];
+
+export function Sidebar() {
+  const { admin, loading, logout } = useAuth();
+  const { admin: superAdmin, logout: superLogout } = useSuperAdmin();
+  const pathname = usePathname();
+  const router = useRouter();
+  const [pendingCount, setPendingCount] = useState<number | null>(null);
+
+  useEffect(() => {
+    fetch('/api/messages/pending/count')
+      .then((r) => r.ok ? r.json() : null)
+      .then((data) => setPendingCount(data?.count ?? null))
+      .catch(() => setPendingCount(null));
+  }, []);
+
+  useEffect(() => {
+    if (loading) return;
+    if (PUBLIC_PATHS.some((p) => pathname.startsWith(p))) return;
+    if (ADMIN_PATHS.some((p) => pathname.startsWith(p))) return;
+    if (MEMBER_PATHS.some((p) => pathname.startsWith(p))) return;
+    if (!admin) {
+      router.replace(`/login?next=${encodeURIComponent(pathname)}`);
+    }
+  }, [loading, admin, pathname, router]);
+
+  if (PUBLIC_PATHS.some((p) => pathname.startsWith(p))) {
+    return (
+      <nav className="w-52 shrink-0 bg-white border-r border-gray-200 p-4">
+        <span className="font-bold text-base">TOWER</span>
+      </nav>
+    );
+  }
+
+  if (ADMIN_PATHS.some((p) => pathname.startsWith(p))) {
+    return (
+      <nav className="w-52 shrink-0 bg-white border-r border-gray-200 p-4 flex flex-col">
+        <span className="font-bold text-base mb-4">TOWER Admin</span>
+        <div className="flex flex-col gap-1 flex-1">
+          {SUPER_ADMIN_LINKS.map((link) => (
+            <Link key={link.href} href={link.href} className="rounded px-3 py-2 text-sm hover:bg-gray-100">
+              {link.label}
+            </Link>
+          ))}
+        </div>
+        <div className="border-t border-gray-200 pt-3 mt-3 flex flex-col gap-2">
+          <div className="px-3 text-xs text-gray-500">
+            <div className="font-medium text-gray-700 truncate">{superAdmin?.email}</div>
+            <div className="uppercase tracking-wide">Super Admin</div>
+          </div>
+          <button
+            type="button"
+            onClick={() => void superLogout()}
+            className="text-left rounded px-3 py-2 text-sm hover:bg-gray-100"
+          >
+            Sign out
+          </button>
+        </div>
+      </nav>
+    );
+  }
+
+  if (MEMBER_PATHS.some((p) => pathname.startsWith(p))) {
+    return (
+      <nav className="w-52 shrink-0 bg-white border-r border-gray-200 p-4 flex flex-col">
+        <span className="font-bold text-base mb-4">TOWER</span>
+        <div className="flex flex-col gap-1 flex-1">
+          <Link href="/my" className="rounded px-3 py-2 text-sm hover:bg-gray-100">
+            Profile
+          </Link>
+          <Link href="/my/groups" className="rounded px-3 py-2 text-sm hover:bg-gray-100">
+            Groups
+          </Link>
+          <Link href="/my/settings" className="rounded px-3 py-2 text-sm hover:bg-gray-100">
+            Settings
+          </Link>
+        </div>
+        <div className="border-t border-gray-200 pt-3 mt-3 text-xs text-gray-500 px-3">
+          Member portal
+        </div>
+      </nav>
+    );
+  }
+
+  return (
+    <nav className="w-52 shrink-0 bg-white border-r border-gray-200 p-4 flex flex-col">
+      <span className="font-bold text-base mb-4">TOWER</span>
+      <div className="flex flex-col gap-1 flex-1">
+        {NAV_LINKS.map((link) => (
+          <Link
+            key={link.href}
+            href={link.href}
+            className="rounded px-3 py-2 text-sm hover:bg-gray-100 flex items-center justify-between"
+          >
+            <span>{link.label}</span>
+            {link.href === '/messages/pending' && pendingCount !== null && pendingCount > 0 && (
+              <span className="bg-blue-600 text-white text-[11px] font-bold rounded-full w-5 h-5 flex items-center justify-center">
+                {pendingCount > 99 ? '99+' : pendingCount}
+              </span>
+            )}
+          </Link>
+        ))}
+      </div>
+      {admin && (
+        <div className="border-t border-gray-200 pt-3 mt-3 flex flex-col gap-2">
+          <div className="px-3 text-xs text-gray-500">
+            <div className="font-medium text-gray-700 truncate">{admin.name ?? admin.email}</div>
+            <div className="truncate">{admin.tenantName}</div>
+            <div className="uppercase tracking-wide">{admin.role}</div>
+          </div>
+          <button
+            type="button"
+            onClick={() => void logout()}
+            className="text-left rounded px-3 py-2 text-sm hover:bg-gray-100"
+          >
+            Sign out
+          </button>
+        </div>
+      )}
+    </nav>
+  );
+}
diff --git a/apps/web/app/_lib/super-admin-context.tsx b/apps/web/app/_lib/super-admin-context.tsx
new file mode 100644
index 0000000..68f1262
--- /dev/null
+++ b/apps/web/app/_lib/super-admin-context.tsx
@@ -0,0 +1,72 @@
+'use client';
+
+import { createContext, useCallback, useContext, useEffect, useState } from 'react';
+
+interface SuperAdmin {
+  id: string;
+  email: string;
+  name: string | null;
+}
+
+interface SuperAdminState {
+  admin: SuperAdmin | null;
+  loading: boolean;
+  login: (email: string, password: string) => Promise<void>;
+  logout: () => Promise<void>;
+}
+
+const SuperAdminContext = createContext<SuperAdminState | null>(null);
+
+export function SuperAdminProvider({ children }: { children: React.ReactNode }) {
+  const [admin, setAdmin] = useState<SuperAdmin | null>(null);
+  const [loading, setLoading] = useState(true);
+
+  const checkSession = useCallback(async () => {
+    try {
+      const res = await fetch('/api/auth/super/me', { credentials: 'include' });
+      if (res.ok) {
+        const data = await res.json();
+        setAdmin(data);
+      } else {
+        setAdmin(null);
+      }
+    } catch {
+      setAdmin(null);
+    } finally {
+      setLoading(false);
+    }
+  }, []);
+
+  useEffect(() => { void checkSession(); }, [checkSession]);
+
+  const login = useCallback(async (email: string, password: string) => {
+    const res = await fetch('/api/auth/super/login', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ email, password }),
+    });
+    if (!res.ok) {
+      const err = await res.json().catch(() => ({ message: 'Login failed' }));
+      throw new Error(err.message ?? 'Login failed');
+    }
+    const data = await res.json();
+    setAdmin(data.superAdmin);
+  }, []);
+
+  const logout = useCallback(async () => {
+    await fetch('/api/auth/super/logout', { method: 'POST', credentials: 'include' });
+    setAdmin(null);
+  }, []);
+
+  return (
+    <SuperAdminContext.Provider value={{ admin, loading, login, logout }}>
+      {children}
+    </SuperAdminContext.Provider>
+  );
+}
+
+export function useSuperAdmin(): SuperAdminState {
+  const ctx = useContext(SuperAdminContext);
+  if (!ctx) throw new Error('useSuperAdmin must be used within <SuperAdminProvider>');
+  return ctx;
+}
diff --git a/apps/web/app/accounts/AccountCard.test.tsx b/apps/web/app/accounts/AccountCard.test.tsx
deleted file mode 100644
index 7dd6fba..0000000
--- a/apps/web/app/accounts/AccountCard.test.tsx
+++ /dev/null
@@ -1,100 +0,0 @@
-import { render, screen, waitFor } from '@testing-library/react';
-import { AccountCard } from './AccountCard';
-
-const activeAccount = {
-  id: 'acc_1',
-  jid: '111@s.whatsapp.net',
-  displayName: 'My Account',
-  status: 'ACTIVE',
-  platform: 'whatsapp',
-};
-
-const disconnectedAccount = {
-  id: 'acc_2',
-  jid: '222@s.whatsapp.net',
-  displayName: null,
-  status: 'DISCONNECTED',
-  platform: 'whatsapp',
-};
-
-let fetchSpy: jest.SpyInstance;
-
-beforeEach(() => {
-  fetchSpy = jest.spyOn(global, 'fetch');
-});
-
-afterEach(() => {
-  jest.restoreAllMocks();
-});
-
-describe('AccountCard', () => {
-  it('shows displayName and Connected badge when ACTIVE', () => {
-    render(<AccountCard account={activeAccount} />);
-    expect(screen.getByText('My Account')).toBeInTheDocument();
-    expect(screen.getByText('Connected')).toBeInTheDocument();
-  });
-
-  it('falls back to jid when displayName is null', () => {
-    render(<AccountCard account={disconnectedAccount} />);
-    expect(screen.getByText('222@s.whatsapp.net')).toBeInTheDocument();
-  });
-
-  it('shows Awaiting scan badge when DISCONNECTED', () => {
-    fetchSpy.mockResolvedValue(
-      new Response(JSON.stringify({ status: 'DISCONNECTED', qrDataUrl: null }), {
-        status: 200,
-        headers: { 'Content-Type': 'application/json' },
-      }),
-    );
-    render(<AccountCard account={disconnectedAccount} />);
-    expect(screen.getByText('Awaiting scan')).toBeInTheDocument();
-  });
-
-  it('does not fetch QR when account is ACTIVE', () => {
-    render(<AccountCard account={activeAccount} />);
-    expect(fetchSpy).not.toHaveBeenCalled();
-  });
-
-  it('fetches QR from /api/accounts/:id/qr when DISCONNECTED', async () => {
-    fetchSpy.mockResolvedValue(
-      new Response(JSON.stringify({ status: 'DISCONNECTED', qrDataUrl: null }), {
-        status: 200,
-        headers: { 'Content-Type': 'application/json' },
-      }),
-    );
-    render(<AccountCard account={disconnectedAccount} />);
-    await waitFor(() =>
-      expect(fetchSpy).toHaveBeenCalledWith('/api/accounts/acc_2/qr'),
-    );
-  });
-
-  it('shows QR image when qrDataUrl is returned', async () => {
-    fetchSpy.mockResolvedValue(
-      new Response(
-        JSON.stringify({ status: 'DISCONNECTED', qrDataUrl: 'data:image/png;base64,abc123' }),
-        { status: 200, headers: { 'Content-Type': 'application/json' } },
-      ),
-    );
-    render(<AccountCard account={disconnectedAccount} />);
-    await waitFor(() => {
-      expect(screen.getByRole('img', { name: /qr code/i })).toBeInTheDocument();
-    });
-    expect(screen.getByRole('img', { name: /qr code/i })).toHaveAttribute(
-      'src',
-      'data:image/png;base64,abc123',
-    );
-  });
-
-  it('shows waiting message when DISCONNECTED but no QR yet', async () => {
-    fetchSpy.mockResolvedValue(
-      new Response(JSON.stringify({ status: 'DISCONNECTED', qrDataUrl: null }), {
-        status: 200,
-        headers: { 'Content-Type': 'application/json' },
-      }),
-    );
-    render(<AccountCard account={disconnectedAccount} />);
-    await waitFor(() => {
-      expect(screen.getByText(/waiting for qr/i)).toBeInTheDocument();
-    });
-  });
-});
diff --git a/apps/web/app/accounts/AccountCard.tsx b/apps/web/app/accounts/AccountCard.tsx
deleted file mode 100644
index b68b215..0000000
--- a/apps/web/app/accounts/AccountCard.tsx
+++ /dev/null
@@ -1,72 +0,0 @@
-'use client';
-import { useEffect, useState } from 'react';
-
-interface Account {
-  id: string;
-  jid: string;
-  displayName: string | null;
-  status: string;
-  platform: string;
-}
-
-export function AccountCard({ account }: { account: Account }) {
-  const [qrDataUrl, setQrDataUrl] = useState<string | null>(null);
-  const isDisconnected = account.status === 'DISCONNECTED';
-
-  useEffect(() => {
-    if (!isDisconnected) {
-      setQrDataUrl(null);
-      return;
-    }
-
-    async function fetchQr() {
-      try {
-        const res = await fetch(`/api/accounts/${account.id}/qr`);
-        if (!res.ok) return;
-        const data = await res.json();
-        setQrDataUrl(data.qrDataUrl ?? null);
-      } catch {
-        // ignore fetch errors (e.g. network issues)
-      }
-    }
-
-    fetchQr();
-    const interval = setInterval(fetchQr, 5000);
-    return () => clearInterval(interval);
-  }, [account.id, isDisconnected]);
-
-  return (
-    <div className="border rounded-lg p-4 bg-white">
-      <div className="flex items-center justify-between mb-2">
-        <div>
-          <p className="font-medium">{account.displayName ?? account.jid}</p>
-          {account.displayName && (
-            <p className="text-xs text-gray-500">{account.jid}</p>
-          )}
-        </div>
-        <span
-          className={`text-xs px-2 py-1 rounded-full font-medium ${
-            account.status === 'ACTIVE'
-              ? 'bg-green-100 text-green-700'
-              : 'bg-yellow-100 text-yellow-700'
-          }`}
-        >
-          {account.status === 'ACTIVE' ? 'Connected' : 'Awaiting scan'}
-        </span>
-      </div>
-
-      {isDisconnected && qrDataUrl && (
-        <div className="mt-3">
-          <p className="text-sm text-gray-600 mb-2">
-            Open WhatsApp → Linked Devices → Link a Device → scan below
-          </p>
-          <img src={qrDataUrl} alt="WhatsApp QR Code" className="w-48 h-48" />
-        </div>
-      )}
-
-      {isDisconnected && !qrDataUrl && (
-        <p className="text-sm text-gray-500 mt-2">Waiting for QR code from worker...</p>
-      )}
-    </div>
-  );
-}
diff --git a/apps/web/app/accounts/AccountsList.test.tsx b/apps/web/app/accounts/AccountsList.test.tsx
deleted file mode 100644
index 5cab37c..0000000
--- a/apps/web/app/accounts/AccountsList.test.tsx
+++ /dev/null
@@ -1,104 +0,0 @@
-import { render, screen, fireEvent, waitFor } from '@testing-library/react';
-import { AccountsList } from './AccountsList';
-
-const mockAccounts = [
-  { id: 'acc_1', jid: '111@s.whatsapp.net', displayName: 'Account One', status: 'ACTIVE', platform: 'whatsapp' },
-  { id: 'acc_2', jid: '222@s.whatsapp.net', displayName: null, status: 'DISCONNECTED', platform: 'whatsapp' },
-];
-
-let fetchSpy: jest.SpyInstance;
-
-beforeEach(() => {
-  fetchSpy = jest.spyOn(global, 'fetch');
-});
-
-afterEach(() => {
-  jest.restoreAllMocks();
-});
-
-describe('AccountsList', () => {
-  it('renders an AccountCard for each initial account', () => {
-    render(<AccountsList initialAccounts={mockAccounts} />);
-    expect(screen.getByText('Account One')).toBeInTheDocument();
-    expect(screen.getByText('222@s.whatsapp.net')).toBeInTheDocument();
-  });
-
-  it('shows empty state when no accounts', () => {
-    render(<AccountsList initialAccounts={[]} />);
-    expect(screen.getByText(/no accounts yet/i)).toBeInTheDocument();
-  });
-
-  it('renders Add Account button', () => {
-    render(<AccountsList initialAccounts={[]} />);
-    expect(screen.getByRole('button', { name: /add account/i })).toBeInTheDocument();
-  });
-
-  it('renders display name input', () => {
-    render(<AccountsList initialAccounts={[]} />);
-    expect(screen.getByPlaceholderText(/display name/i)).toBeInTheDocument();
-  });
-
-  it('calls POST /api/accounts when Add Account is clicked', async () => {
-    fetchSpy.mockResolvedValue(
-      new Response(
-        JSON.stringify({ id: 'acc_new', jid: 'pending_x@placeholder', displayName: null, status: 'ACTIVE', platform: 'whatsapp' }),
-        { status: 201, headers: { 'Content-Type': 'application/json' } },
-      ),
-    );
-    render(<AccountsList initialAccounts={[]} />);
-    fireEvent.click(screen.getByRole('button', { name: /add account/i }));
-    await waitFor(() =>
-      expect(fetchSpy).toHaveBeenCalledWith('/api/accounts', expect.objectContaining({ method: 'POST' })),
-    );
-  });
-
-  it('adds new account to list after successful POST', async () => {
-    const newAccount = { id: 'acc_new', jid: 'pending_x@placeholder', displayName: 'New Device', status: 'ACTIVE', platform: 'whatsapp' };
-    fetchSpy.mockResolvedValue(
-      new Response(JSON.stringify(newAccount), {
-        status: 201,
-        headers: { 'Content-Type': 'application/json' },
-      }),
-    );
-    render(<AccountsList initialAccounts={[]} />);
-    const input = screen.getByPlaceholderText(/display name/i);
-    fireEvent.change(input, { target: { value: 'New Device' } });
-    fireEvent.click(screen.getByRole('button', { name: /add account/i }));
-    await waitFor(() => expect(screen.getByText('New Device')).toBeInTheDocument());
-  });
-
-  it('sends displayName in POST body when entered', async () => {
-    fetchSpy.mockResolvedValue(
-      new Response(
-        JSON.stringify({ id: 'acc_new', jid: 'pending_x@placeholder', displayName: 'Test Name', status: 'ACTIVE', platform: 'whatsapp' }),
-        { status: 201, headers: { 'Content-Type': 'application/json' } },
-      ),
-    );
-    render(<AccountsList initialAccounts={[]} />);
-    const input = screen.getByPlaceholderText(/display name/i);
-    fireEvent.change(input, { target: { value: 'Test Name' } });
-    fireEvent.click(screen.getByRole('button', { name: /add account/i }));
-    await waitFor(() =>
-      expect(fetchSpy).toHaveBeenCalledWith(
-        '/api/accounts',
-        expect.objectContaining({
-          body: JSON.stringify({ displayName: 'Test Name' }),
-        }),
-      ),
-    );
-  });
-
-  it('clears the input after successful account creation', async () => {
-    fetchSpy.mockResolvedValue(
-      new Response(
-        JSON.stringify({ id: 'acc_new', jid: 'pending_x@placeholder', displayName: null, status: 'ACTIVE', platform: 'whatsapp' }),
-        { status: 201, headers: { 'Content-Type': 'application/json' } },
-      ),
-    );
-    render(<AccountsList initialAccounts={[]} />);
-    const input = screen.getByPlaceholderText(/display name/i) as HTMLInputElement;
-    fireEvent.change(input, { target: { value: 'My Device' } });
-    fireEvent.click(screen.getByRole('button', { name: /add account/i }));
-    await waitFor(() => expect(input.value).toBe(''));
-  });
-});
diff --git a/apps/web/app/accounts/AccountsList.tsx b/apps/web/app/accounts/AccountsList.tsx
deleted file mode 100644
index 4b638d7..0000000
--- a/apps/web/app/accounts/AccountsList.tsx
+++ /dev/null
@@ -1,60 +0,0 @@
-'use client';
-import { useState } from 'react';
-import { AccountCard } from './AccountCard';
-
-interface Account {
-  id: string;
-  jid: string;
-  displayName: string | null;
-  status: string;
-  platform: string;
-}
-
-export function AccountsList({ initialAccounts }: { initialAccounts: Account[] }) {
-  const [accounts, setAccounts] = useState<Account[]>(initialAccounts);
-  const [displayName, setDisplayName] = useState('');
-
-  async function handleAdd() {
-    try {
-      const res = await fetch('/api/accounts', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ displayName: displayName || undefined }),
-      });
-      if (!res.ok) return;
-      const account: Account = await res.json();
-      setAccounts((prev) => [...prev, account]);
-      setDisplayName('');
-    } catch {}
-  }
-
-  return (
-    <div>
-      <div className="flex gap-2 mb-6">
-        <input
-          type="text"
-          value={displayName}
-          onChange={(e) => setDisplayName(e.target.value)}
-          placeholder="Display name (optional)"
-          className="flex-1 border rounded px-3 py-2 text-sm"
-        />
-        <button
-          onClick={handleAdd}
-          className="bg-blue-600 text-white rounded px-4 py-2 text-sm hover:bg-blue-700"
-        >
-          Add Account
-        </button>
-      </div>
-
-      {accounts.length === 0 ? (
-        <p className="text-gray-500">No accounts yet. Add one above to get started.</p>
-      ) : (
-        <div className="flex flex-col gap-3">
-          {accounts.map((a) => (
-            <AccountCard key={a.id} account={a} />
-          ))}
-        </div>
-      )}
-    </div>
-  );
-}
diff --git a/apps/web/app/accounts/page.tsx b/apps/web/app/accounts/page.tsx
deleted file mode 100644
index d076132..0000000
--- a/apps/web/app/accounts/page.tsx
+++ /dev/null
@@ -1,25 +0,0 @@
-import { AccountsList } from './AccountsList';
-
-interface Account {
-  id: string;
-  jid: string;
-  displayName: string | null;
-  status: string;
-  platform: string;
-}
-
-export default async function AccountsPage() {
-  const apiUrl = process.env.API_URL ?? 'http://localhost:3001';
-  let accounts: Account[] = [];
-  try {
-    const res = await fetch(`${apiUrl}/accounts`, { cache: 'no-store' });
-    if (res.ok) accounts = await res.json();
-  } catch {}
-
-  return (
-    <div className="max-w-2xl">
-      <h1 className="text-xl font-semibold mb-6">Accounts</h1>
-      <AccountsList initialAccounts={accounts} />
-    </div>
-  );
-}
diff --git a/apps/web/app/admin/bots/page.tsx b/apps/web/app/admin/bots/page.tsx
new file mode 100644
index 0000000..486f2ef
--- /dev/null
+++ b/apps/web/app/admin/bots/page.tsx
@@ -0,0 +1,132 @@
+'use client';
+
+import { useEffect, useState } from 'react';
+import { useSuperAdmin } from '../../_lib/super-admin-context';
+import { useRouter } from 'next/navigation';
+
+export default function BotsPage() {
+  const { admin, loading } = useSuperAdmin();
+  const router = useRouter();
+  const [bots, setBots] = useState<any[]>([]);
+  const [initiating, setInitiating] = useState(false);
+  const [pairingInfo, setPairingInfo] = useState<{ token: string; expiresAt: string } | null>(null);
+
+  async function load() {
+    const res = await fetch('/api/admin/bots');
+    if (res.ok) setBots(await res.json());
+  }
+
+  useEffect(() => {
+    if (loading) return;
+    if (!admin) { router.replace('/admin/login'); return; }
+    void load();
+  }, [admin, loading, router]);
+
+  async function initiateBot() {
+    setInitiating(true);
+    try {
+      const res = await fetch('/api/admin/bots', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({}),
+      });
+      if (res.ok) {
+        const data = await res.json();
+        setPairingInfo(data);
+      }
+    } finally {
+      setInitiating(false);
+      void load();
+    }
+  }
+
+  async function removeBot(id: string) {
+    if (!confirm('Remove this bot? Only possible if no tenants are assigned.')) return;
+    const res = await fetch(`/api/admin/bots/${id}`, { method: 'DELETE' });
+    if (res.ok) {
+      void load();
+    } else {
+      const err = await res.json();
+      alert(err.message ?? 'Failed to remove bot');
+    }
+  }
+
+  function getQrUrl() {
+    if (!pairingInfo) return null;
+    return `/api/admin/bots/qr/${pairingInfo.token}`;
+  }
+
+  if (loading) return <p className="text-gray-500">Loading...</p>;
+  if (!admin) return null;
+
+  return (
+    <div>
+      <div className="flex items-center justify-between mb-6">
+        <h1 className="text-2xl font-bold">Bot Pool</h1>
+        <button
+          onClick={initiateBot}
+          disabled={initiating}
+          className="bg-blue-600 text-white rounded-lg px-4 py-2 text-sm disabled:opacity-50"
+        >
+          {initiating ? 'Creating...' : 'Add Bot'}
+        </button>
+      </div>
+
+      {pairingInfo && (
+        <div className="bg-yellow-50 border border-yellow-200 rounded-xl p-4 mb-6">
+          <p className="text-sm font-medium mb-2">New bot created — scan QR to pair</p>
+          <p className="text-xs text-gray-600 mb-2">Expires: {pairingInfo.expiresAt}</p>
+          <a
+            href={getQrUrl() ?? '#'}
+            target="_blank"
+            rel="noopener noreferrer"
+            className="text-blue-600 text-sm underline"
+          >
+            View QR Code
+          </a>
+        </div>
+      )}
+
+      <div className="bg-white rounded-xl border overflow-hidden">
+        <table className="w-full text-sm">
+          <thead className="bg-gray-50 text-left">
+            <tr>
+              <th className="px-4 py-3 font-medium">JID</th>
+              <th className="px-4 py-3 font-medium">Name</th>
+              <th className="px-4 py-3 font-medium">Status</th>
+              <th className="px-4 py-3 font-medium">Tenants</th>
+              <th className="px-4 py-3 font-medium">Created</th>
+              <th className="px-4 py-3 font-medium"></th>
+            </tr>
+          </thead>
+          <tbody className="divide-y">
+            {bots.map((b: any) => (
+              <tr key={b.id} className="hover:bg-gray-50">
+                <td className="px-4 py-3 font-mono text-xs">{b.jid?.slice(0, 30) ?? 'pending...'}</td>
+                <td className="px-4 py-3">{b.displayName ?? '—'}</td>
+                <td className="px-4 py-3">
+                  <span className={`text-xs font-medium px-2 py-1 rounded-full ${
+                    b.status === 'ACTIVE' ? 'bg-green-100 text-green-700' :
+                    b.status === 'PAIRING' ? 'bg-yellow-100 text-yellow-700' :
+                    'bg-gray-100 text-gray-500'
+                  }`}>{b.status}</span>
+                </td>
+                <td className="px-4 py-3">{b.tenantCount}</td>
+                <td className="px-4 py-3 text-xs text-gray-500">{new Date(b.createdAt).toLocaleDateString()}</td>
+                <td className="px-4 py-3">
+                  <button
+                    onClick={() => removeBot(b.id)}
+                    className="text-red-600 text-xs hover:underline"
+                  >
+                    Remove
+                  </button>
+                </td>
+              </tr>
+            ))}
+          </tbody>
+        </table>
+        {bots.length === 0 && <p className="p-4 text-gray-400">No bots in the pool.</p>}
+      </div>
+    </div>
+  );
+}
diff --git a/apps/web/app/admin/layout.tsx b/apps/web/app/admin/layout.tsx
new file mode 100644
index 0000000..d571fab
--- /dev/null
+++ b/apps/web/app/admin/layout.tsx
@@ -0,0 +1,3 @@
+export default function AdminLayout({ children }: { children: React.ReactNode }) {
+  return <>{children}</>;
+}
diff --git a/apps/web/app/admin/login/page.tsx b/apps/web/app/admin/login/page.tsx
new file mode 100644
index 0000000..45f9028
--- /dev/null
+++ b/apps/web/app/admin/login/page.tsx
@@ -0,0 +1,60 @@
+'use client';
+
+import { FormEvent, useState } from 'react';
+import { useRouter } from 'next/navigation';
+import { useSuperAdmin } from '../../_lib/super-admin-context';
+
+export default function SuperAdminLoginPage() {
+  const { login } = useSuperAdmin();
+  const router = useRouter();
+  const [email, setEmail] = useState('');
+  const [password, setPassword] = useState('');
+  const [error, setError] = useState('');
+  const [busy, setBusy] = useState(false);
+
+  async function handleSubmit(e: FormEvent) {
+    e.preventDefault();
+    setError('');
+    setBusy(true);
+    try {
+      await login(email, password);
+      router.replace('/admin');
+    } catch (err: any) {
+      setError(err.message ?? 'Login failed');
+    } finally {
+      setBusy(false);
+    }
+  }
+
+  return (
+    <div className="max-w-sm mx-auto mt-24">
+      <h1 className="text-xl font-bold mb-4">Super Admin Login</h1>
+      <form onSubmit={handleSubmit} className="flex flex-col gap-3">
+        <input
+          type="email"
+          placeholder="Email"
+          value={email}
+          onChange={(e) => setEmail(e.target.value)}
+          required
+          className="border rounded px-3 py-2 text-sm"
+        />
+        <input
+          type="password"
+          placeholder="Password"
+          value={password}
+          onChange={(e) => setPassword(e.target.value)}
+          required
+          className="border rounded px-3 py-2 text-sm"
+        />
+        {error && <p className="text-red-600 text-sm">{error}</p>}
+        <button
+          type="submit"
+          disabled={busy}
+          className="bg-blue-600 text-white rounded px-4 py-2 text-sm font-medium disabled:opacity-50"
+        >
+          {busy ? 'Signing in...' : 'Sign in'}
+        </button>
+      </form>
+    </div>
+  );
+}
diff --git a/apps/web/app/admin/page.tsx b/apps/web/app/admin/page.tsx
new file mode 100644
index 0000000..aa63bce
--- /dev/null
+++ b/apps/web/app/admin/page.tsx
@@ -0,0 +1,58 @@
+'use client';
+
+import { useEffect, useState } from 'react';
+import { useSuperAdmin } from '../_lib/super-admin-context';
+import { useRouter } from 'next/navigation';
+import Link from 'next/link';
+
+export default function AdminDashboard() {
+  const { admin, loading } = useSuperAdmin();
+  const router = useRouter();
+  const [tenants, setTenants] = useState<any[]>([]);
+  const [bots, setBots] = useState<any[]>([]);
+
+  useEffect(() => {
+    if (loading) return;
+    if (!admin) { router.replace('/admin/login'); return; }
+    fetch('/api/admin/tenants').then(r => r.ok && r.json()).then(d => setTenants(d ?? [])).catch(() => {});
+    fetch('/api/admin/bots').then(r => r.ok && r.json()).then(d => setBots(d ?? [])).catch(() => {});
+  }, [admin, loading, router]);
+
+  if (loading) return <p className="text-gray-500">Loading...</p>;
+  if (!admin) return null;
+
+  const totalTenants = tenants.length;
+  const activeTenants = tenants.filter((t: any) => t.isActive).length;
+  const totalBots = bots.length;
+  const totalMessages = tenants.reduce((s: number, t: any) => s + (t.stats?.messages ?? 0), 0);
+
+  return (
+    <div>
+      <h1 className="text-2xl font-bold mb-6">Admin Dashboard</h1>
+      <div className="grid grid-cols-4 gap-4 mb-8">
+        <div className="bg-white rounded-xl border p-4">
+          <div className="text-xs text-gray-500 uppercase tracking-wide">Tenants</div>
+          <div className="text-2xl font-bold mt-1">{totalTenants}</div>
+          <div className="text-xs text-gray-400">{activeTenants} active</div>
+        </div>
+        <div className="bg-white rounded-xl border p-4">
+          <div className="text-xs text-gray-500 uppercase tracking-wide">Bot Accounts</div>
+          <div className="text-2xl font-bold mt-1">{totalBots}</div>
+          <div className="text-xs text-gray-400">in pool</div>
+        </div>
+        <div className="bg-white rounded-xl border p-4">
+          <div className="text-xs text-gray-500 uppercase tracking-wide">Messages</div>
+          <div className="text-2xl font-bold mt-1">{totalMessages}</div>
+        </div>
+        <div className="bg-white rounded-xl border p-4">
+          <div className="text-xs text-gray-500 uppercase tracking-wide">Avg tenants/bot</div>
+          <div className="text-2xl font-bold mt-1">{totalBots ? Math.round(totalTenants / totalBots) : 0}</div>
+        </div>
+      </div>
+      <div className="flex gap-4">
+        <Link href="/admin/tenants" className="bg-blue-600 text-white rounded-lg px-4 py-2 text-sm">Manage Tenants</Link>
+        <Link href="/admin/bots" className="bg-blue-600 text-white rounded-lg px-4 py-2 text-sm">Manage Bots</Link>
+      </div>
+    </div>
+  );
+}
diff --git a/apps/web/app/admin/tenants/[id]/page.tsx b/apps/web/app/admin/tenants/[id]/page.tsx
new file mode 100644
index 0000000..417a8ae
--- /dev/null
+++ b/apps/web/app/admin/tenants/[id]/page.tsx
@@ -0,0 +1,119 @@
+'use client';
+
+import { useEffect, useState } from 'react';
+import { useSuperAdmin } from '../../../_lib/super-admin-context';
+import { useRouter, useParams } from 'next/navigation';
+
+export default function TenantDetailPage() {
+  const { admin, loading } = useSuperAdmin();
+  const router = useRouter();
+  const params = useParams();
+  const [tenant, setTenant] = useState<any>(null);
+  const [busy, setBusy] = useState(false);
+
+  async function load() {
+    const res = await fetch(`/api/admin/tenants/${params.id}`);
+    if (res.ok) setTenant(await res.json());
+  }
+
+  useEffect(() => {
+    if (loading) return;
+    if (!admin) { router.replace('/admin/login'); return; }
+    void load();
+  }, [admin, loading, router, params.id]);
+
+  async function toggleActive() {
+    setBusy(true);
+    await fetch(`/api/admin/tenants/${params.id}`, {
+      method: 'PATCH',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ isActive: !tenant.isActive }),
+    });
+    await load();
+    setBusy(false);
+  }
+
+  async function togglePaused() {
+    setBusy(true);
+    await fetch(`/api/admin/tenants/${params.id}`, {
+      method: 'PATCH',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ isForwardingPaused: !tenant.isForwardingPaused }),
+    });
+    await load();
+    setBusy(false);
+  }
+
+  if (loading) return <p className="text-gray-500">Loading...</p>;
+  if (!admin) return null;
+  if (!tenant) return <p className="text-gray-500">Loading tenant...</p>;
+
+  return (
+    <div className="max-w-2xl">
+      <h1 className="text-2xl font-bold mb-2">{tenant.name}</h1>
+      <p className="text-gray-500 text-sm mb-6">Slug: {tenant.slug}</p>
+
+      <div className="grid grid-cols-2 gap-4 mb-8">
+        <div className="bg-white rounded-xl border p-4">
+          <div className="text-xs text-gray-500 uppercase">Status</div>
+          <button
+            onClick={toggleActive}
+            disabled={busy}
+            className={`mt-1 text-sm font-medium px-3 py-1 rounded-full ${tenant.isActive ? 'bg-green-100 text-green-700' : 'bg-red-100 text-red-700'}`}
+          >
+            {tenant.isActive ? 'Active' : 'Inactive'}
+          </button>
+        </div>
+        <div className="bg-white rounded-xl border p-4">
+          <div className="text-xs text-gray-500 uppercase">Forwarding</div>
+          <button
+            onClick={togglePaused}
+            disabled={busy}
+            className={`mt-1 text-sm font-medium px-3 py-1 rounded-full ${tenant.isForwardingPaused ? 'bg-yellow-100 text-yellow-700' : 'bg-green-100 text-green-700'}`}
+          >
+            {tenant.isForwardingPaused ? 'Paused' : 'Active'}
+          </button>
+        </div>
+        <div className="bg-white rounded-xl border p-4">
+          <div className="text-xs text-gray-500 uppercase">Groups</div>
+          <div className="text-xl font-bold mt-1">{tenant.stats?.groups ?? 0}</div>
+        </div>
+        <div className="bg-white rounded-xl border p-4">
+          <div className="text-xs text-gray-500 uppercase">Messages</div>
+          <div className="text-xl font-bold mt-1">{tenant.stats?.messages ?? 0}</div>
+        </div>
+        <div className="bg-white rounded-xl border p-4">
+          <div className="text-xs text-gray-500 uppercase">Rules</div>
+          <div className="text-xl font-bold mt-1">{tenant.stats?.rules ?? 0}</div>
+        </div>
+        <div className="bg-white rounded-xl border p-4">
+          <div className="text-xs text-gray-500 uppercase">Routes</div>
+          <div className="text-xl font-bold mt-1">{tenant.stats?.routes ?? 0}</div>
+        </div>
+      </div>
+
+      {tenant.bot && (
+        <div className="bg-white rounded-xl border p-4 mb-6">
+          <h2 className="font-semibold text-sm mb-2">Assigned Bot</h2>
+          <div className="text-xs space-y-1">
+            <p><span className="text-gray-500">JID:</span> <span className="font-mono">{tenant.bot.jid}</span></p>
+            <p><span className="text-gray-500">Name:</span> {tenant.bot.displayName ?? '—'}</p>
+            <p><span className="text-gray-500">Status:</span> {tenant.bot.status}</p>
+            <p><span className="text-gray-500">Linked:</span> {tenant.bot.linkedSince}</p>
+          </div>
+        </div>
+      )}
+
+      {tenant.admins && tenant.admins.length > 0 && (
+        <div className="bg-white rounded-xl border p-4">
+          <h2 className="font-semibold text-sm mb-2">Admins</h2>
+          <div className="text-xs space-y-1">
+            {tenant.admins.map((a: any) => (
+              <p key={a.id}>{a.email} — <span className="uppercase">{a.role}</span></p>
+            ))}
+          </div>
+        </div>
+      )}
+    </div>
+  );
+}
diff --git a/apps/web/app/admin/tenants/page.tsx b/apps/web/app/admin/tenants/page.tsx
new file mode 100644
index 0000000..8ec1fd9
--- /dev/null
+++ b/apps/web/app/admin/tenants/page.tsx
@@ -0,0 +1,99 @@
+'use client';
+
+import { useEffect, useState } from 'react';
+import { useSuperAdmin } from '../../_lib/super-admin-context';
+import { useRouter } from 'next/navigation';
+import Link from 'next/link';
+
+export default function TenantsPage() {
+  const { admin, loading } = useSuperAdmin();
+  const router = useRouter();
+  const [tenants, setTenants] = useState<any[]>([]);
+
+  async function load() {
+    const res = await fetch('/api/admin/tenants');
+    if (res.ok) setTenants(await res.json());
+  }
+
+  useEffect(() => {
+    if (loading) return;
+    if (!admin) { router.replace('/admin/login'); return; }
+    void load();
+  }, [admin, loading, router]);
+
+  async function toggleActive(id: string, current: boolean) {
+    await fetch(`/api/admin/tenants/${id}`, {
+      method: 'PATCH',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ isActive: !current }),
+    });
+    void load();
+  }
+
+  async function togglePaused(id: string, current: boolean) {
+    await fetch(`/api/admin/tenants/${id}`, {
+      method: 'PATCH',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ isForwardingPaused: !current }),
+    });
+    void load();
+  }
+
+  if (loading) return <p className="text-gray-500">Loading...</p>;
+  if (!admin) return null;
+
+  return (
+    <div>
+      <h1 className="text-2xl font-bold mb-6">Tenants</h1>
+      <div className="bg-white rounded-xl border overflow-hidden">
+        <table className="w-full text-sm">
+          <thead className="bg-gray-50 text-left">
+            <tr>
+              <th className="px-4 py-3 font-medium">Name</th>
+              <th className="px-4 py-3 font-medium">Slug</th>
+              <th className="px-4 py-3 font-medium">Bot</th>
+              <th className="px-4 py-3 font-medium">Groups</th>
+              <th className="px-4 py-3 font-medium">Messages</th>
+              <th className="px-4 py-3 font-medium">Active</th>
+              <th className="px-4 py-3 font-medium">Paused</th>
+            </tr>
+          </thead>
+          <tbody className="divide-y">
+            {tenants.map((t: any) => (
+              <tr key={t.id} className="hover:bg-gray-50">
+                <td className="px-4 py-3">
+                  <Link href={`/admin/tenants/${t.id}`} className="text-blue-600 hover:underline font-medium">
+                    {t.name}
+                  </Link>
+                </td>
+                <td className="px-4 py-3 text-gray-500">{t.slug}</td>
+                <td className="px-4 py-3 text-xs">
+                  {t.bot ? <span className="font-mono">{t.bot.jid?.slice(0, 20)}...</span> : <span className="text-gray-400">—</span>}
+                </td>
+                <td className="px-4 py-3">{t.stats.groups}</td>
+                <td className="px-4 py-3">{t.stats.messages}</td>
+                <td className="px-4 py-3">
+                  <button
+                    onClick={() => toggleActive(t.id, t.isActive)}
+                    className={`text-xs font-medium px-2 py-1 rounded-full ${t.isActive ? 'bg-green-100 text-green-700' : 'bg-red-100 text-red-700'}`}
+                  >
+                    {t.isActive ? 'Active' : 'Inactive'}
+                  </button>
+                </td>
+                <td className="px-4 py-3">
+                  <button
+                    onClick={() => togglePaused(t.id, t.isForwardingPaused)}
+                    className={`text-xs font-medium px-2 py-1 rounded-full ${t.isForwardingPaused ? 'bg-yellow-100 text-yellow-700' : 'bg-gray-100 text-gray-500'}`}
+                  >
+                    {t.isForwardingPaused ? 'Paused' : 'Active'}
+                  </button>
+                </td>
+              </tr>
+            ))}
+          </tbody>
+        </table>
+        {tenants.length === 0 && <p className="p-4 text-gray-400">No tenants yet.</p>}
+      </div>
+    </div>
+  );
+}
diff --git a/apps/web/app/api/accounts/[id]/qr/route.ts b/apps/web/app/api/accounts/[id]/qr/route.ts
deleted file mode 100644
index 6dabbf5..0000000
--- a/apps/web/app/api/accounts/[id]/qr/route.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-const API_URL = process.env.API_URL ?? 'http://localhost:3001';
-
-export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
-  const { id } = await params;
-  const res = await fetch(`${API_URL}/accounts/${id}/qr`, { cache: 'no-store' });
-  return Response.json(await res.json(), { status: res.status });
-}
diff --git a/apps/web/app/api/accounts/route.ts b/apps/web/app/api/accounts/route.ts
deleted file mode 100644
index dbbd90c..0000000
--- a/apps/web/app/api/accounts/route.ts
+++ /dev/null
@@ -1,16 +0,0 @@
-const API_URL = process.env.API_URL ?? 'http://localhost:3001';
-
-export async function GET() {
-  const res = await fetch(`${API_URL}/accounts`, { cache: 'no-store' });
-  return Response.json(await res.json(), { status: res.status });
-}
-
-export async function POST(req: Request) {
-  const body = await req.json();
-  const res = await fetch(`${API_URL}/accounts`, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify(body),
-  });
-  return Response.json(await res.json(), { status: res.status });
-}
diff --git a/apps/web/app/api/admin/bots/[id]/assign/route.ts b/apps/web/app/api/admin/bots/[id]/assign/route.ts
new file mode 100644
index 0000000..5b34344
--- /dev/null
+++ b/apps/web/app/api/admin/bots/[id]/assign/route.ts
@@ -0,0 +1,21 @@
+import { getApiBaseUrl, jsonResponse } from '../../../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }): Promise<Response> {
+  const { id } = await params;
+  const body = await req.json().catch(() => ({}));
+  const token = await (await import('next/headers')).cookies().then(c => c.get('tower_super_token')?.value);
+  const res = await fetch(`${getApiBaseUrl()}/admin/bots/${id}/assign`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Accept: 'application/json',
+      ...(token ? { Authorization: `Bearer ${token}` } : {}),
+    },
+    body: JSON.stringify(body),
+    cache: 'no-store',
+  });
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/admin/bots/[id]/route.ts b/apps/web/app/api/admin/bots/[id]/route.ts
new file mode 100644
index 0000000..160e39f
--- /dev/null
+++ b/apps/web/app/api/admin/bots/[id]/route.ts
@@ -0,0 +1,18 @@
+import { getApiBaseUrl, jsonResponse } from '../../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }): Promise<Response> {
+  const { id } = await params;
+  const token = await (await import('next/headers')).cookies().then(c => c.get('tower_super_token')?.value);
+  const res = await fetch(`${getApiBaseUrl()}/admin/bots/${id}`, {
+    method: 'DELETE',
+    headers: {
+      Accept: 'application/json',
+      ...(token ? { Authorization: `Bearer ${token}` } : {}),
+    },
+    cache: 'no-store',
+  });
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/admin/bots/qr/[token]/route.ts b/apps/web/app/api/admin/bots/qr/[token]/route.ts
new file mode 100644
index 0000000..545821d
--- /dev/null
+++ b/apps/web/app/api/admin/bots/qr/[token]/route.ts
@@ -0,0 +1,17 @@
+import { getApiBaseUrl, jsonResponse } from '../../../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(_req: Request, { params }: { params: Promise<{ token: string }> }): Promise<Response> {
+  const { token } = await params;
+  const tokenCookie = await (await import('next/headers')).cookies().then(c => c.get('tower_super_token')?.value);
+  const res = await fetch(`${getApiBaseUrl()}/admin/bots/qr/${token}`, {
+    headers: {
+      Accept: 'application/json',
+      ...(tokenCookie ? { Authorization: `Bearer ${tokenCookie}` } : {}),
+    },
+    cache: 'no-store',
+  });
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/admin/bots/route.ts b/apps/web/app/api/admin/bots/route.ts
new file mode 100644
index 0000000..9449deb
--- /dev/null
+++ b/apps/web/app/api/admin/bots/route.ts
@@ -0,0 +1,33 @@
+import { getApiBaseUrl, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(): Promise<Response> {
+  const token = await (await import('next/headers')).cookies().then(c => c.get('tower_super_token')?.value);
+  const res = await fetch(`${getApiBaseUrl()}/admin/bots`, {
+    headers: {
+      Accept: 'application/json',
+      ...(token ? { Authorization: `Bearer ${token}` } : {}),
+    },
+    cache: 'no-store',
+  });
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
+
+export async function POST(req: Request): Promise<Response> {
+  const body = await req.json().catch(() => ({}));
+  const token = await (await import('next/headers')).cookies().then(c => c.get('tower_super_token')?.value);
+  const res = await fetch(`${getApiBaseUrl()}/admin/bots/initiate`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Accept: 'application/json',
+      ...(token ? { Authorization: `Bearer ${token}` } : {}),
+    },
+    body: JSON.stringify(body),
+    cache: 'no-store',
+  });
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/admin/tenants/[id]/route.ts b/apps/web/app/api/admin/tenants/[id]/route.ts
new file mode 100644
index 0000000..e73557f
--- /dev/null
+++ b/apps/web/app/api/admin/tenants/[id]/route.ts
@@ -0,0 +1,35 @@
+import { getApiBaseUrl, jsonResponse } from '../../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }): Promise<Response> {
+  const { id } = await params;
+  const token = await (await import('next/headers')).cookies().then(c => c.get('tower_super_token')?.value);
+  const res = await fetch(`${getApiBaseUrl()}/admin/tenants/${id}`, {
+    headers: {
+      Accept: 'application/json',
+      ...(token ? { Authorization: `Bearer ${token}` } : {}),
+    },
+    cache: 'no-store',
+  });
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
+
+export async function PATCH(req: Request, { params }: { params: Promise<{ id: string }> }): Promise<Response> {
+  const { id } = await params;
+  const body = await req.json().catch(() => ({}));
+  const token = await (await import('next/headers')).cookies().then(c => c.get('tower_super_token')?.value);
+  const res = await fetch(`${getApiBaseUrl()}/admin/tenants/${id}`, {
+    method: 'PATCH',
+    headers: {
+      'Content-Type': 'application/json',
+      Accept: 'application/json',
+      ...(token ? { Authorization: `Bearer ${token}` } : {}),
+    },
+    body: JSON.stringify(body),
+    cache: 'no-store',
+  });
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/admin/tenants/route.ts b/apps/web/app/api/admin/tenants/route.ts
new file mode 100644
index 0000000..5d22820
--- /dev/null
+++ b/apps/web/app/api/admin/tenants/route.ts
@@ -0,0 +1,16 @@
+import { getApiBaseUrl, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(): Promise<Response> {
+  const token = await (await import('next/headers')).cookies().then(c => c.get('tower_super_token')?.value);
+  const res = await fetch(`${getApiBaseUrl()}/admin/tenants`, {
+    headers: {
+      Accept: 'application/json',
+      ...(token ? { Authorization: `Bearer ${token}` } : {}),
+    },
+    cache: 'no-store',
+  });
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/auth/login/route.ts b/apps/web/app/api/auth/login/route.ts
new file mode 100644
index 0000000..32c5469
--- /dev/null
+++ b/apps/web/app/api/auth/login/route.ts
@@ -0,0 +1,19 @@
+import { getApiBaseUrl, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(req: Request): Promise<Response> {
+  const body = await req.json();
+  const upstream = await fetch(`${getApiBaseUrl()}/auth/login`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+    body: JSON.stringify(body),
+    cache: 'no-store',
+  });
+  const payload = await upstream.json();
+  if (!upstream.ok) return jsonResponse(payload, upstream.status);
+  const token: string | undefined = payload?.token;
+  if (!token) return jsonResponse({ message: 'Login response missing token' }, 502);
+  const cookieValue = `tower_token=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=${60 * 60 * 24 * 7}`;
+  return jsonResponse({ admin: payload.admin }, 200, { 'Set-Cookie': cookieValue });
+}
diff --git a/apps/web/app/api/auth/logout/route.ts b/apps/web/app/api/auth/logout/route.ts
new file mode 100644
index 0000000..39ba3c3
--- /dev/null
+++ b/apps/web/app/api/auth/logout/route.ts
@@ -0,0 +1,12 @@
+import { TOKEN_COOKIE, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(): Promise<Response> {
+  const cookieValue = `${TOKEN_COOKIE}=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0`;
+  return new Response(null, { status: 204, headers: { 'Set-Cookie': cookieValue } });
+}
+
+export function GET(): Response {
+  return jsonResponse({ message: 'Use POST to log out' }, 405);
+}
diff --git a/apps/web/app/api/auth/me/route.ts b/apps/web/app/api/auth/me/route.ts
new file mode 100644
index 0000000..3f8579a
--- /dev/null
+++ b/apps/web/app/api/auth/me/route.ts
@@ -0,0 +1,9 @@
+import { apiFetch, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(): Promise<Response> {
+  const res = await apiFetch('/auth/me');
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/auth/signup/route.ts b/apps/web/app/api/auth/signup/route.ts
new file mode 100644
index 0000000..262d0d9
--- /dev/null
+++ b/apps/web/app/api/auth/signup/route.ts
@@ -0,0 +1,19 @@
+import { getApiBaseUrl, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(req: Request): Promise<Response> {
+  const body = await req.json();
+  const upstream = await fetch(`${getApiBaseUrl()}/auth/signup`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+    body: JSON.stringify(body),
+    cache: 'no-store',
+  });
+  const payload = await upstream.json();
+  if (!upstream.ok) return jsonResponse(payload, upstream.status);
+  const token: string | undefined = payload?.token;
+  if (!token) return jsonResponse({ message: 'Signup response missing token' }, 502);
+  const cookieValue = `tower_token=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=${60 * 60 * 24 * 7}`;
+  return jsonResponse({ admin: payload.admin }, 200, { 'Set-Cookie': cookieValue });
+}
diff --git a/apps/web/app/api/auth/super/login/route.ts b/apps/web/app/api/auth/super/login/route.ts
new file mode 100644
index 0000000..2a76ed5
--- /dev/null
+++ b/apps/web/app/api/auth/super/login/route.ts
@@ -0,0 +1,19 @@
+import { getApiBaseUrl, jsonResponse } from '../../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(req: Request): Promise<Response> {
+  const body = await req.json().catch(() => ({}));
+  const res = await fetch(`${getApiBaseUrl()}/auth/super/login`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+    body: JSON.stringify(body),
+    cache: 'no-store',
+  });
+  const payload = await res.json();
+  const headers: Record<string, string> = {};
+  if (res.ok && payload.token) {
+    headers['Set-Cookie'] = `tower_super_token=${payload.token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=${7 * 24 * 60 * 60}`;
+  }
+  return jsonResponse(payload, res.status, headers);
+}
diff --git a/apps/web/app/api/auth/super/logout/route.ts b/apps/web/app/api/auth/super/logout/route.ts
new file mode 100644
index 0000000..6ab3bb8
--- /dev/null
+++ b/apps/web/app/api/auth/super/logout/route.ts
@@ -0,0 +1,9 @@
+import { jsonResponse } from '../../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(): Promise<Response> {
+  return jsonResponse({ ok: true }, 200, {
+    'Set-Cookie': 'tower_super_token=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0',
+  });
+}
diff --git a/apps/web/app/api/auth/super/me/route.ts b/apps/web/app/api/auth/super/me/route.ts
new file mode 100644
index 0000000..3feba42
--- /dev/null
+++ b/apps/web/app/api/auth/super/me/route.ts
@@ -0,0 +1,16 @@
+import { getApiBaseUrl, jsonResponse } from '../../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(): Promise<Response> {
+  const token = await (await import('next/headers')).cookies().then(c => c.get('tower_super_token')?.value);
+  const res = await fetch(`${getApiBaseUrl()}/auth/super/me`, {
+    headers: {
+      Accept: 'application/json',
+      ...(token ? { Authorization: `Bearer ${token}` } : {}),
+    },
+    cache: 'no-store',
+  });
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/bot/[id]/route.ts b/apps/web/app/api/bot/[id]/route.ts
new file mode 100644
index 0000000..00c0b04
--- /dev/null
+++ b/apps/web/app/api/bot/[id]/route.ts
@@ -0,0 +1,13 @@
+import { apiFetch, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function DELETE(
+  _req: Request,
+  { params }: { params: Promise<{ id: string }> },
+): Promise<Response> {
+  const { id } = await params;
+  const res = await apiFetch(`/admin/bot/${id}`, { method: 'DELETE' });
+  const payload = await res.json().catch(() => ({}));
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/bot/attach/route.ts b/apps/web/app/api/bot/attach/route.ts
new file mode 100644
index 0000000..3d4e86d
--- /dev/null
+++ b/apps/web/app/api/bot/attach/route.ts
@@ -0,0 +1,15 @@
+import { apiFetch, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(req: Request): Promise<Response> {
+  const body = await req.json();
+  const res = await apiFetch('/admin/bot/attach', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+    body: JSON.stringify(body),
+  }).catch(() => null);
+  if (!res) return jsonResponse({ message: 'Upstream unavailable' }, 502);
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/bot/initiate/route.ts b/apps/web/app/api/bot/initiate/route.ts
new file mode 100644
index 0000000..8e485cb
--- /dev/null
+++ b/apps/web/app/api/bot/initiate/route.ts
@@ -0,0 +1,20 @@
+import { getApiBaseUrl, getToken, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(req: Request): Promise<Response> {
+  const body = await req.json().catch(() => ({}));
+  const token = await getToken();
+  const res = await fetch(`${getApiBaseUrl()}/admin/bot/initiate`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Accept: 'application/json',
+      ...(token ? { Authorization: `Bearer ${token}` } : {}),
+    },
+    body: JSON.stringify(body),
+    cache: 'no-store',
+  });
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/bot/qr/[token]/route.ts b/apps/web/app/api/bot/qr/[token]/route.ts
new file mode 100644
index 0000000..c983f87
--- /dev/null
+++ b/apps/web/app/api/bot/qr/[token]/route.ts
@@ -0,0 +1,13 @@
+import { apiFetch, jsonResponse } from '../../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(
+  _req: Request,
+  { params }: { params: Promise<{ token: string }> },
+): Promise<Response> {
+  const { token } = await params;
+  const res = await apiFetch(`/admin/bot/qr/${token}`);
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/bot/reveal/route.ts b/apps/web/app/api/bot/reveal/route.ts
new file mode 100644
index 0000000..d53b6d3
--- /dev/null
+++ b/apps/web/app/api/bot/reveal/route.ts
@@ -0,0 +1,17 @@
+import { getApiBaseUrl, getToken, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(): Promise<Response> {
+  const token = await getToken();
+  const res = await fetch(`${getApiBaseUrl()}/admin/bot/reveal`, {
+    method: 'POST',
+    headers: {
+      Accept: 'application/json',
+      ...(token ? { Authorization: `Bearer ${token}` } : {}),
+    },
+    cache: 'no-store',
+  });
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/bot/route.ts b/apps/web/app/api/bot/route.ts
new file mode 100644
index 0000000..1e7cfdb
--- /dev/null
+++ b/apps/web/app/api/bot/route.ts
@@ -0,0 +1,10 @@
+import { apiFetch, jsonResponse } from '../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(): Promise<Response> {
+  const res = await apiFetch('/admin/bot').catch(() => null);
+  if (!res) return jsonResponse({ message: 'Upstream unavailable' }, 502);
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/groups/[id]/share/route.ts b/apps/web/app/api/groups/[id]/share/route.ts
new file mode 100644
index 0000000..5a8cc8e
--- /dev/null
+++ b/apps/web/app/api/groups/[id]/share/route.ts
@@ -0,0 +1,17 @@
+import { apiFetch, jsonResponse } from '../../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(
+  req: Request,
+  { params }: { params: Promise<{ id: string }> },
+): Promise<Response> {
+  const { id } = await params;
+  const body = await req.json();
+  const res = await apiFetch(`/admin/groups/${id}/share`, {
+    method: 'POST',
+    body: JSON.stringify(body),
+  });
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/groups/[id]/unshare/[targetTenantId]/route.ts b/apps/web/app/api/groups/[id]/unshare/[targetTenantId]/route.ts
new file mode 100644
index 0000000..ff02af0
--- /dev/null
+++ b/apps/web/app/api/groups/[id]/unshare/[targetTenantId]/route.ts
@@ -0,0 +1,14 @@
+import { apiFetch } from '../../../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function DELETE(
+  _req: Request,
+  { params }: { params: Promise<{ id: string; targetTenantId: string }> },
+): Promise<Response> {
+  const { id, targetTenantId } = await params;
+  const res = await apiFetch(`/admin/groups/${id}/share/${targetTenantId}`, { method: 'DELETE' });
+  if (res.status === 204) return new Response(null, { status: 204 });
+  const body = await res.text();
+  return new Response(body, { status: res.status, headers: { 'Content-Type': 'application/json' } });
+}
diff --git a/apps/web/app/api/groups/claim-token-info/route.ts b/apps/web/app/api/groups/claim-token-info/route.ts
new file mode 100644
index 0000000..4aef895
--- /dev/null
+++ b/apps/web/app/api/groups/claim-token-info/route.ts
@@ -0,0 +1,12 @@
+import { apiFetch, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(req: Request): Promise<Response> {
+  const { searchParams } = new URL(req.url);
+  const token = searchParams.get('token');
+  if (!token) return new Response(JSON.stringify({ message: 'token required' }), { status: 400 });
+  const res = await apiFetch(`/admin/groups/claim-token-info?token=${encodeURIComponent(token)}`);
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/groups/claim-with-token/route.ts b/apps/web/app/api/groups/claim-with-token/route.ts
new file mode 100644
index 0000000..a9b1280
--- /dev/null
+++ b/apps/web/app/api/groups/claim-with-token/route.ts
@@ -0,0 +1,13 @@
+import { apiFetch, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(req: Request): Promise<Response> {
+  const body = await req.json();
+  const res = await apiFetch('/admin/groups/claim-with-token', {
+    method: 'POST',
+    body: JSON.stringify(body),
+  });
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/groups/shared-by-me/route.ts b/apps/web/app/api/groups/shared-by-me/route.ts
new file mode 100644
index 0000000..deeaa46
--- /dev/null
+++ b/apps/web/app/api/groups/shared-by-me/route.ts
@@ -0,0 +1,9 @@
+import { apiFetch, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(): Promise<Response> {
+  const res = await apiFetch('/groups/shared-by-me');
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/groups/shared/route.ts b/apps/web/app/api/groups/shared/route.ts
new file mode 100644
index 0000000..be88b39
--- /dev/null
+++ b/apps/web/app/api/groups/shared/route.ts
@@ -0,0 +1,9 @@
+import { apiFetch, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(): Promise<Response> {
+  const res = await apiFetch('/groups/shared');
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/messages/[id]/approve/route.ts b/apps/web/app/api/messages/[id]/approve/route.ts
new file mode 100644
index 0000000..dd62f62
--- /dev/null
+++ b/apps/web/app/api/messages/[id]/approve/route.ts
@@ -0,0 +1,19 @@
+import { apiFetch, jsonResponse } from '../../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(
+  _req: Request,
+  { params }: { params: Promise<{ id: string }> },
+): Promise<Response> {
+  const { id } = await params;
+  const res = await apiFetch(`/admin/messages/${id}/approve`, { method: 'POST' });
+  const body = await res.text();
+  let payload: unknown = body;
+  try {
+    payload = JSON.parse(body);
+  } catch {
+    /* keep as text */
+  }
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/messages/[id]/route.ts b/apps/web/app/api/messages/[id]/route.ts
new file mode 100644
index 0000000..24022ab
--- /dev/null
+++ b/apps/web/app/api/messages/[id]/route.ts
@@ -0,0 +1,13 @@
+import { apiFetch, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(
+  _req: Request,
+  { params }: { params: Promise<{ id: string }> },
+): Promise<Response> {
+  const { id } = await params;
+  const res = await apiFetch(`/admin/messages/${id}`);
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/messages/pending/count/route.ts b/apps/web/app/api/messages/pending/count/route.ts
new file mode 100644
index 0000000..bac4cce
--- /dev/null
+++ b/apps/web/app/api/messages/pending/count/route.ts
@@ -0,0 +1,9 @@
+import { apiFetch, jsonResponse } from '../../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(): Promise<Response> {
+  const res = await apiFetch('/admin/messages/pending/count');
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/messages/pending/route.ts b/apps/web/app/api/messages/pending/route.ts
new file mode 100644
index 0000000..1a8a057
--- /dev/null
+++ b/apps/web/app/api/messages/pending/route.ts
@@ -0,0 +1,9 @@
+import { apiFetch, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(_req: Request): Promise<Response> {
+  const res = await apiFetch('/admin/messages/pending');
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/my/account/route.ts b/apps/web/app/api/my/account/route.ts
new file mode 100644
index 0000000..2c61c5b
--- /dev/null
+++ b/apps/web/app/api/my/account/route.ts
@@ -0,0 +1,15 @@
+import { clearMemberCookie, jsonResponse, memberApiFetch } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function DELETE(): Promise<Response> {
+  const res = await memberApiFetch('/my/account', { method: 'DELETE' });
+  if (res.status === 204) {
+    return new Response(null, {
+      status: 204,
+      headers: { 'Set-Cookie': clearMemberCookie() },
+    });
+  }
+  const body = await res.json().catch(() => ({}));
+  return jsonResponse(body, res.status, { 'Set-Cookie': clearMemberCookie() });
+}
diff --git a/apps/web/app/api/my/groups/[id]/route.ts b/apps/web/app/api/my/groups/[id]/route.ts
new file mode 100644
index 0000000..aa64ce9
--- /dev/null
+++ b/apps/web/app/api/my/groups/[id]/route.ts
@@ -0,0 +1,13 @@
+import { jsonResponse, memberApiFetch } from '../../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(
+  _req: Request,
+  { params }: { params: Promise<{ id: string }> },
+): Promise<Response> {
+  const { id } = await params;
+  const res = await memberApiFetch(`/my/groups/${id}`);
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/my/groups/route.ts b/apps/web/app/api/my/groups/route.ts
new file mode 100644
index 0000000..ba8dc75
--- /dev/null
+++ b/apps/web/app/api/my/groups/route.ts
@@ -0,0 +1,9 @@
+import { jsonResponse, memberApiFetch } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(): Promise<Response> {
+  const res = await memberApiFetch('/my/groups');
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/my/logout/route.ts b/apps/web/app/api/my/logout/route.ts
new file mode 100644
index 0000000..2bd172d
--- /dev/null
+++ b/apps/web/app/api/my/logout/route.ts
@@ -0,0 +1,7 @@
+import { clearMemberCookie } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(): Promise<Response> {
+  return new Response(null, { status: 204, headers: { 'Set-Cookie': clearMemberCookie() } });
+}
diff --git a/apps/web/app/api/my/opt-in/route.ts b/apps/web/app/api/my/opt-in/route.ts
new file mode 100644
index 0000000..1b82066
--- /dev/null
+++ b/apps/web/app/api/my/opt-in/route.ts
@@ -0,0 +1,10 @@
+import { jsonResponse, memberApiFetch } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(req: Request): Promise<Response> {
+  const body = await req.json();
+  const res = await memberApiFetch('/my/opt-in', { method: 'POST', body: JSON.stringify(body) });
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/my/opt-out/route.ts b/apps/web/app/api/my/opt-out/route.ts
new file mode 100644
index 0000000..72f5130
--- /dev/null
+++ b/apps/web/app/api/my/opt-out/route.ts
@@ -0,0 +1,10 @@
+import { jsonResponse, memberApiFetch } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(req: Request): Promise<Response> {
+  const body = await req.json();
+  const res = await memberApiFetch('/my/opt-out', { method: 'POST', body: JSON.stringify(body) });
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/my/profile/route.ts b/apps/web/app/api/my/profile/route.ts
new file mode 100644
index 0000000..95e9c11
--- /dev/null
+++ b/apps/web/app/api/my/profile/route.ts
@@ -0,0 +1,9 @@
+import { jsonResponse, memberApiFetch } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(): Promise<Response> {
+  const res = await memberApiFetch('/my/profile');
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
diff --git a/apps/web/app/api/onboard/verify-otp/route.ts b/apps/web/app/api/onboard/verify-otp/route.ts
new file mode 100644
index 0000000..9c0f350
--- /dev/null
+++ b/apps/web/app/api/onboard/verify-otp/route.ts
@@ -0,0 +1,30 @@
+import { buildMemberCookie, getApiBaseUrl, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(req: Request): Promise<Response> {
+  const body = await req.json().catch(() => ({}));
+  const upstream = await fetch(`${getApiBaseUrl()}/public/auth/verify-otp`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+    body: JSON.stringify(body),
+    cache: 'no-store',
+  });
+  const payload = (await upstream.json().catch(() => ({}))) as {
+    memberToken?: string;
+    user?: { id: string; tenantId: string; jid: string; displayName: string | null };
+    consent?: { scopes: string[]; retentionDays: number; policyVersion: string };
+    message?: string;
+  };
+  if (!upstream.ok) {
+    return jsonResponse(payload, upstream.status);
+  }
+  if (!payload.memberToken) {
+    return jsonResponse({ message: 'Upstream response missing memberToken' }, 502);
+  }
+  return jsonResponse(
+    { user: payload.user, consent: payload.consent },
+    200,
+    { 'Set-Cookie': buildMemberCookie(payload.memberToken) },
+  );
+}
diff --git a/apps/web/app/api/routes/[id]/route.ts b/apps/web/app/api/routes/[id]/route.ts
index aa65fe0..d3bbd49 100644
--- a/apps/web/app/api/routes/[id]/route.ts
+++ b/apps/web/app/api/routes/[id]/route.ts
@@ -1,11 +1,14 @@
-const API_URL = process.env.API_URL ?? 'http://localhost:3001';
+import { apiFetch } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
 
 export async function DELETE(
   _req: Request,
   { params }: { params: Promise<{ id: string }> },
-) {
+): Promise<Response> {
   const { id } = await params;
-  const res = await fetch(`${API_URL}/routes/${id}`, { method: 'DELETE' });
+  const res = await apiFetch(`/routes/${id}`, { method: 'DELETE' });
   if (res.status === 204) return new Response(null, { status: 204 });
-  return Response.json(await res.json(), { status: res.status });
+  const body = await res.text();
+  return new Response(body, { status: res.status, headers: { 'Content-Type': 'application/json' } });
 }
diff --git a/apps/web/app/api/routes/batch/route.ts b/apps/web/app/api/routes/batch/route.ts
new file mode 100644
index 0000000..fab7c10
--- /dev/null
+++ b/apps/web/app/api/routes/batch/route.ts
@@ -0,0 +1,13 @@
+import { apiFetch, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function POST(req: Request): Promise<Response> {
+  const body = await req.json();
+  const res = await apiFetch('/routes/batch', {
+    method: 'POST',
+    body: JSON.stringify(body),
+  });
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/api/routes/route.ts b/apps/web/app/api/routes/route.ts
index b595330..0669628 100644
--- a/apps/web/app/api/routes/route.ts
+++ b/apps/web/app/api/routes/route.ts
@@ -1,19 +1,22 @@
-const API_URL = process.env.API_URL ?? 'http://localhost:3001';
+import { apiFetch, jsonResponse } from '../../_lib/api';
 
-export async function GET(req: Request) {
+export const dynamic = 'force-dynamic';
+
+export async function GET(req: Request): Promise<Response> {
   const { searchParams } = new URL(req.url);
-  const url = new URL(`${API_URL}/routes`);
-  searchParams.forEach((v, k) => url.searchParams.set(k, v));
-  const res = await fetch(url, { cache: 'no-store' });
-  return Response.json(await res.json(), { status: res.status });
+  const query = searchParams.toString();
+  const path = query ? `/routes?${query}` : '/routes';
+  const res = await apiFetch(path);
+  const body = await res.json();
+  return jsonResponse(body, res.status);
 }
 
-export async function POST(req: Request) {
+export async function POST(req: Request): Promise<Response> {
   const body = await req.json();
-  const res = await fetch(`${API_URL}/routes`, {
+  const res = await apiFetch('/routes', {
     method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
     body: JSON.stringify(body),
   });
-  return Response.json(await res.json(), { status: res.status });
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
 }
diff --git a/apps/web/app/api/rules/[id]/route.ts b/apps/web/app/api/rules/[id]/route.ts
new file mode 100644
index 0000000..49e2ecb
--- /dev/null
+++ b/apps/web/app/api/rules/[id]/route.ts
@@ -0,0 +1,28 @@
+import { apiFetch, jsonResponse } from '../../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function PUT(
+  req: Request,
+  { params }: { params: Promise<{ id: string }> },
+): Promise<Response> {
+  const { id } = await params;
+  const body = await req.json();
+  const res = await apiFetch(`/admin/rules/${id}`, {
+    method: 'PUT',
+    body: JSON.stringify(body),
+  });
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
+
+export async function DELETE(
+  _req: Request,
+  { params }: { params: Promise<{ id: string }> },
+): Promise<Response> {
+  const { id } = await params;
+  const res = await apiFetch(`/admin/rules/${id}`, { method: 'DELETE' });
+  if (res.status === 204) return new Response(null, { status: 204 });
+  const body = await res.text();
+  return new Response(body, { status: res.status, headers: { 'Content-Type': 'application/json' } });
+}
diff --git a/apps/web/app/api/rules/route.ts b/apps/web/app/api/rules/route.ts
new file mode 100644
index 0000000..ce8acc3
--- /dev/null
+++ b/apps/web/app/api/rules/route.ts
@@ -0,0 +1,19 @@
+import { apiFetch, jsonResponse } from '../../_lib/api';
+
+export const dynamic = 'force-dynamic';
+
+export async function GET(): Promise<Response> {
+  const res = await apiFetch('/admin/rules');
+  const body = await res.json();
+  return jsonResponse(body, res.status);
+}
+
+export async function POST(req: Request): Promise<Response> {
+  const body = await req.json();
+  const res = await apiFetch('/admin/rules', {
+    method: 'POST',
+    body: JSON.stringify(body),
+  });
+  const payload = await res.json();
+  return jsonResponse(payload, res.status);
+}
diff --git a/apps/web/app/claim-group/page.tsx b/apps/web/app/claim-group/page.tsx
new file mode 100644
index 0000000..1d0f208
--- /dev/null
+++ b/apps/web/app/claim-group/page.tsx
@@ -0,0 +1,120 @@
+'use client';
+
+import { Suspense, useEffect, useState } from 'react';
+import { useRouter, useSearchParams } from 'next/navigation';
+
+interface TokenInfo {
+  groupName: string;
+  expiresAt: string;
+  isConsumed: boolean;
+  isExpired: boolean;
+}
+
+function ClaimGroupContent() {
+  const router = useRouter();
+  const searchParams = useSearchParams();
+  const token = searchParams.get('token');
+  const [info, setInfo] = useState<TokenInfo | null>(null);
+  const [error, setError] = useState<string | null>(null);
+  const [busy, setBusy] = useState(false);
+  const [success, setSuccess] = useState(false);
+
+  useEffect(() => {
+    if (!token) {
+      setError('No claim token provided');
+      return;
+    }
+    fetch(`/api/groups/claim-token-info?token=${encodeURIComponent(token)}`)
+      .then((r) => r.json().catch(() => null))
+      .then((data) => {
+        if (data?.groupName) setInfo(data);
+        else setError('Invalid or expired claim link');
+      })
+      .catch(() => setError('Failed to load claim info'));
+  }, [token]);
+
+  async function handleClaim() {
+    if (!token) return;
+    setBusy(true);
+    setError(null);
+    try {
+      const res = await fetch('/api/groups/claim-with-token', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ token }),
+      });
+      if (res.status === 401) {
+        router.push(`/signup?redirect=/claim-group?token=${encodeURIComponent(token)}`);
+        return;
+      }
+      if (!res.ok) {
+        const body = await res.json().catch(() => ({}));
+        setError(body.message ?? 'Claim failed');
+        return;
+      }
+      setSuccess(true);
+    } finally {
+      setBusy(false);
+    }
+  }
+
+  if (error && !info) {
+    return (
+      <div className="max-w-md mx-auto mt-16 text-center">
+        <h1 className="text-xl font-semibold mb-4">Claim Group</h1>
+        <p className="text-red-600 text-sm">{error}</p>
+      </div>
+    );
+  }
+
+  if (success) {
+    return (
+      <div className="max-w-md mx-auto mt-16 text-center">
+        <h1 className="text-xl font-semibold mb-4">Group Claimed!</h1>
+        <p className="text-green-600 text-sm mb-4">{info?.groupName ?? 'Group'} has been added to your tenant.</p>
+        <a href="/groups" className="text-blue-600 hover:underline text-sm">Go to Groups</a>
+      </div>
+    );
+  }
+
+  return (
+    <div className="max-w-md mx-auto mt-16">
+      <h1 className="text-xl font-semibold mb-4">Claim Group</h1>
+      {info && (
+        <div className="border border-gray-200 rounded-lg p-4 mb-4">
+          <p className="text-sm mb-1">
+            <span className="text-gray-500">Group:</span>{' '}
+            <span className="font-medium">{info.groupName}</span>
+          </p>
+          <p className="text-sm text-gray-500">
+            Expires: {new Date(info.expiresAt).toLocaleDateString()}
+          </p>
+          {info.isConsumed && (
+            <p className="text-sm text-amber-600 mt-2">This link has already been used.</p>
+          )}
+          {info.isExpired && (
+            <p className="text-sm text-red-600 mt-2">This link has expired.</p>
+          )}
+        </div>
+      )}
+      {error && (
+        <p className="text-red-600 text-sm mb-4 bg-red-50 border border-red-200 rounded px-3 py-2">{error}</p>
+      )}
+      <button
+        onClick={handleClaim}
+        disabled={busy || !info || info.isConsumed || info.isExpired}
+        className="w-full rounded-lg bg-blue-600 px-4 py-2 text-sm font-medium text-white hover:bg-blue-700 disabled:opacity-50"
+      >
+        {busy ? 'Claiming…' : 'Claim this group'}
+      </button>
+    </div>
+  );
+}
+
+export default function ClaimGroupPage() {
+  return (
+    <Suspense fallback={<div className="max-w-md mx-auto mt-16 text-center"><p className="text-gray-500 text-sm">Loading…</p></div>}>
+      <ClaimGroupContent />
+    </Suspense>
+  );
+}
diff --git a/apps/web/app/groups/GroupsTabs.tsx b/apps/web/app/groups/GroupsTabs.tsx
new file mode 100644
index 0000000..d1e7965
--- /dev/null
+++ b/apps/web/app/groups/GroupsTabs.tsx
@@ -0,0 +1,28 @@
+'use client';
+import Link from 'next/link';
+
+interface Props {
+  current: 'mine' | 'shared' | 'all';
+  counts: { mine: number; shared: number };
+}
+
+export function GroupsTabs({ current, counts }: Props) {
+  const tabs: { key: Props['current']; label: string; href: string }[] = [
+    { key: 'mine', label: `My Groups (${counts.mine})`, href: '/groups' },
+    { key: 'shared', label: `Shared with me (${counts.shared})`, href: '/groups?tab=shared' },
+  ];
+  return (
+    <div className="flex border-b border-gray-200">
+      {tabs.map((t) => (
+        <Link key={t.key} href={t.href}
+          className={`px-4 py-2 text-sm border-b-2 -mb-px transition-colors ${
+            current === t.key
+              ? 'border-blue-600 text-blue-700 font-medium'
+              : 'border-transparent text-gray-600 hover:text-gray-900'
+          }`}>
+          {t.label}
+        </Link>
+      ))}
+    </div>
+  );
+}
diff --git a/apps/web/app/groups/RouteManager.test.tsx b/apps/web/app/groups/RouteManager.test.tsx
index 99c8783..3e15ecb 100644
--- a/apps/web/app/groups/RouteManager.test.tsx
+++ b/apps/web/app/groups/RouteManager.test.tsx
@@ -2,8 +2,9 @@ import { render, screen, fireEvent, waitFor } from '@testing-library/react';
 import { RouteManager } from './RouteManager';
 
 const groups = [
-  { id: 'grp_1', name: 'Alpha', platform: 'whatsapp' },
-  { id: 'grp_2', name: 'Beta', platform: 'whatsapp' },
+  { id: 'grp_1', name: 'Alpha', platform: 'whatsapp', isActive: true },
+  { id: 'grp_2', name: 'Beta', platform: 'whatsapp', isActive: true },
+  { id: 'grp_3', name: 'Gamma', platform: 'whatsapp', isActive: true },
 ];
 
 const routes = [
@@ -27,46 +28,77 @@ afterEach(() => {
 });
 
 describe('RouteManager', () => {
-  it('renders existing routes with source → target names', () => {
+  it('renders routes grouped by source group', () => {
     render(<RouteManager groups={groups} initialRoutes={routes} />);
     expect(screen.getByText('Alpha')).toBeInTheDocument();
     expect(screen.getByText('Beta')).toBeInTheDocument();
   });
 
-  it('renders two group select dropdowns for adding a route', () => {
+  it('shows source dropdown and target checkboxes', () => {
     render(<RouteManager groups={groups} initialRoutes={routes} />);
-    expect(screen.getAllByRole('combobox')).toHaveLength(2);
+    expect(screen.getByRole('combobox')).toBeInTheDocument();
+    expect(screen.queryByRole('checkbox')).not.toBeInTheDocument();
   });
 
-  it('calls POST /api/routes when Add route is submitted', async () => {
+  it('shows target checkboxes when a source is selected', () => {
+    render(<RouteManager groups={groups} initialRoutes={routes} />);
+    fireEvent.change(screen.getByRole('combobox'), { target: { value: 'grp_1' } });
+    expect(screen.getAllByRole('checkbox')).toHaveLength(2);
+  });
+
+  it('calls POST /api/routes/batch with selected targetIds', async () => {
     fetchSpy.mockResolvedValueOnce(
       new Response(
-        JSON.stringify({ id: 'rt_new', sourceGroupId: 'grp_1', targetGroupId: 'grp_2', sourceGroup: { name: 'Alpha' }, targetGroup: { name: 'Beta' } }),
+        JSON.stringify([
+          { id: 'rt_new', sourceGroupId: 'grp_1', targetGroupId: 'grp_2', sourceGroup: { name: 'Alpha' }, targetGroup: { name: 'Beta' } },
+          { id: 'rt_new2', sourceGroupId: 'grp_1', targetGroupId: 'grp_3', sourceGroup: { name: 'Alpha' }, targetGroup: { name: 'Gamma' } },
+        ]),
         { status: 201, headers: { 'Content-Type': 'application/json' } },
       ),
     );
     render(<RouteManager groups={groups} initialRoutes={[]} />);
-    const [sourceSelect, targetSelect] = screen.getAllByRole('combobox');
-    fireEvent.change(sourceSelect, { target: { value: 'grp_1' } });
-    fireEvent.change(targetSelect, { target: { value: 'grp_2' } });
-    fireEvent.click(screen.getByRole('button', { name: /add route/i }));
+    fireEvent.change(screen.getByRole('combobox'), { target: { value: 'grp_1' } });
+    const checkboxes = screen.getAllByRole('checkbox');
+    fireEvent.click(checkboxes[0]);
+    fireEvent.click(checkboxes[1]);
+    fireEvent.click(screen.getByRole('button', { name: /create 2 routes/i }));
     await waitFor(() => {
       expect(fetchSpy).toHaveBeenCalledWith(
-        '/api/routes',
-        expect.objectContaining({ method: 'POST' }),
+        '/api/routes/batch',
+        expect.objectContaining({
+          method: 'POST',
+          body: JSON.stringify({ sourceGroupId: 'grp_1', targetGroupIds: ['grp_2', 'grp_3'] }),
+        }),
       );
     });
   });
 
+  it('shows error message on 409 conflict', async () => {
+    fetchSpy.mockResolvedValueOnce(
+      new Response(
+        JSON.stringify({ message: 'Routes already exist for: Beta' }),
+        { status: 409, headers: { 'Content-Type': 'application/json' } },
+      ),
+    );
+    render(<RouteManager groups={groups} initialRoutes={routes} />);
+    fireEvent.change(screen.getByRole('combobox'), { target: { value: 'grp_1' } });
+    fireEvent.click(screen.getAllByRole('checkbox')[0]);
+    fireEvent.click(screen.getByRole('button', { name: /create 1 route/i }));
+    await waitFor(() => {
+      expect(screen.getByText('Routes already exist for: Beta')).toBeInTheDocument();
+    });
+  });
+
   it('shows a delete button for each existing route', () => {
     render(<RouteManager groups={groups} initialRoutes={routes} />);
-    expect(screen.getByRole('button', { name: /delete/i })).toBeInTheDocument();
+    const deleteBtn = screen.getByRole('button', { name: /delete route to beta/i });
+    expect(deleteBtn).toBeInTheDocument();
   });
 
   it('calls DELETE /api/routes/:id when a route is deleted', async () => {
     fetchSpy.mockResolvedValueOnce(new Response(null, { status: 204 }));
     render(<RouteManager groups={groups} initialRoutes={routes} />);
-    fireEvent.click(screen.getByRole('button', { name: /delete/i }));
+    fireEvent.click(screen.getByRole('button', { name: /delete route to beta/i }));
     await waitFor(() => {
       expect(fetchSpy).toHaveBeenCalledWith(
         '/api/routes/rt_1',
diff --git a/apps/web/app/groups/RouteManager.tsx b/apps/web/app/groups/RouteManager.tsx
index 1500c8b..fd303ba 100644
--- a/apps/web/app/groups/RouteManager.tsx
+++ b/apps/web/app/groups/RouteManager.tsx
@@ -6,6 +6,7 @@ interface Group {
   id: string;
   name: string;
   platform: string;
+  isActive: boolean;
 }
 
 interface Route {
@@ -25,23 +26,51 @@ export function RouteManager({
 }) {
   const [routes, setRoutes] = useState<Route[]>(initialRoutes);
   const [sourceId, setSourceId] = useState('');
-  const [targetId, setTargetId] = useState('');
+  const [targetIds, setTargetIds] = useState<Set<string>>(new Set());
   const [busy, setBusy] = useState(false);
+  const [error, setError] = useState<string | null>(null);
 
-  async function addRoute() {
-    if (!sourceId || !targetId) return;
+  // Group routes by source group name
+  const grouped = new Map<string, { sourceId: string; targets: Route[] }>();
+  for (const r of routes) {
+    const key = r.sourceGroup.name;
+    if (!grouped.has(key)) grouped.set(key, { sourceId: r.sourceGroupId, targets: [] });
+    grouped.get(key)!.targets.push(r);
+  }
+
+  function toggleTarget(id: string) {
+    setTargetIds((prev) => {
+      const next = new Set(prev);
+      if (next.has(id)) next.delete(id);
+      else next.add(id);
+      return next;
+    });
+    setError(null);
+  }
+
+  async function addRoutes() {
+    if (!sourceId || targetIds.size === 0) return;
     setBusy(true);
+    setError(null);
     try {
-      const res = await fetch('/api/routes', {
+      const res = await fetch('/api/routes/batch', {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ sourceGroupId: sourceId, targetGroupId: targetId }),
+        body: JSON.stringify({ sourceGroupId: sourceId, targetGroupIds: [...targetIds] }),
       });
-      if (!res.ok) return;
-      const created: Route = await res.json();
-      setRoutes((prev) => [created, ...prev]);
+      if (res.status === 409) {
+        const errBody = await res.json();
+        setError(errBody.message ?? 'Some routes already exist');
+        return;
+      }
+      if (!res.ok) {
+        setError('Failed to create routes');
+        return;
+      }
+      const created: Route[] = await res.json();
+      setRoutes((prev) => [...created, ...prev]);
       setSourceId('');
-      setTargetId('');
+      setTargetIds(new Set());
     } finally {
       setBusy(false);
     }
@@ -52,6 +81,8 @@ export function RouteManager({
     if (res.ok) setRoutes((prev) => prev.filter((r) => r.id !== id));
   }
 
+  const eligibleTargets = groups.filter((g) => g.id !== sourceId && g.platform === 'whatsapp' && g.isActive);
+
   return (
     <div className="flex flex-col gap-6">
       <section>
@@ -59,24 +90,26 @@ export function RouteManager({
         {routes.length === 0 ? (
           <p className="text-sm text-gray-400">No routes configured.</p>
         ) : (
-          <ul className="flex flex-col gap-2">
-            {routes.map((route) => (
-              <li
-                key={route.id}
-                className="flex items-center justify-between rounded-lg border border-gray-200 bg-white px-4 py-3"
-              >
-                <span className="text-sm">
-                  <span className="font-medium">{route.sourceGroup.name}</span>
-                  <span className="mx-2 text-gray-400">→</span>
-                  <span className="font-medium">{route.targetGroup.name}</span>
-                </span>
-                <button
-                  onClick={() => deleteRoute(route.id)}
-                  className="text-xs text-red-500 hover:underline"
-                  aria-label="Delete route"
-                >
-                  Delete
-                </button>
+          <ul className="flex flex-col gap-3">
+            {[...grouped.entries()].map(([sourceName, { sourceId: sId, targets }]) => (
+              <li key={sId} className="rounded-lg border border-gray-200 bg-white px-4 py-3">
+                <div className="flex items-start gap-3">
+                  <span className="text-sm font-semibold text-gray-700 whitespace-nowrap mt-1 min-w-[120px]">{sourceName}</span>
+                  <div className="flex flex-col gap-1.5 flex-1">
+                    {targets.map((r) => (
+                      <div key={r.id} className="flex items-center justify-between group">
+                        <span className="text-sm text-gray-600">{r.targetGroup.name}</span>
+                        <button
+                          onClick={() => deleteRoute(r.id)}
+                          className="text-xs text-red-400 hover:text-red-600 opacity-0 group-hover:opacity-100 transition-opacity"
+                          aria-label={`Delete route to ${r.targetGroup.name}`}
+                        >
+                          Delete
+                        </button>
+                      </div>
+                    ))}
+                  </div>
+                </div>
               </li>
             ))}
           </ul>
@@ -84,37 +117,60 @@ export function RouteManager({
       </section>
 
       <section>
-        <h2 className="text-base font-semibold mb-3">Add route</h2>
-        <div className="flex gap-2 items-center flex-wrap">
-          <select
-            value={sourceId}
-            onChange={(e) => setSourceId(e.target.value)}
-            className="rounded-lg border border-gray-200 px-3 py-2 text-sm"
-            aria-label="Source group"
-          >
-            <option value="">Source group…</option>
-            {groups.map((g) => (
-              <option key={g.id} value={g.id}>{g.name}</option>
-            ))}
-          </select>
-          <span className="text-gray-400">→</span>
-          <select
-            value={targetId}
-            onChange={(e) => setTargetId(e.target.value)}
-            className="rounded-lg border border-gray-200 px-3 py-2 text-sm"
-            aria-label="Target group"
-          >
-            <option value="">Target group…</option>
-            {groups.map((g) => (
-              <option key={g.id} value={g.id}>{g.name}</option>
-            ))}
-          </select>
+        <h2 className="text-base font-semibold mb-3">Add routes</h2>
+        <div className="flex flex-col gap-3">
+          <div className="flex gap-2 items-center">
+            <select
+              value={sourceId}
+              onChange={(e) => { setSourceId(e.target.value); setTargetIds(new Set()); setError(null); }}
+              className="rounded-lg border border-gray-200 px-3 py-2 text-sm"
+              aria-label="Source group"
+            >
+              <option value="">Source group…</option>
+              {groups.filter((g) => g.platform === 'whatsapp' && g.isActive).map((g) => (
+                <option key={g.id} value={g.id}>{g.name}</option>
+              ))}
+            </select>
+            <span className="text-gray-400 text-sm">→</span>
+            <span className="text-xs text-gray-500">
+              {targetIds.size} target{targetIds.size !== 1 ? 's' : ''} selected
+            </span>
+          </div>
+
+          {sourceId && eligibleTargets.length > 0 && (
+            <div className="rounded-lg border border-gray-200 bg-white p-3 max-h-48 overflow-y-auto">
+              {eligibleTargets.map((g) => {
+                const checked = targetIds.has(g.id);
+                return (
+                  <label
+                    key={g.id}
+                    className={`flex items-center gap-2 px-2 py-1.5 rounded cursor-pointer text-sm transition-colors ${
+                      checked ? 'bg-blue-50 text-blue-700' : 'hover:bg-gray-50'
+                    }`}
+                  >
+                    <input
+                      type="checkbox"
+                      checked={checked}
+                      onChange={() => toggleTarget(g.id)}
+                      className="rounded border-gray-300"
+                    />
+                    {g.name}
+                  </label>
+                );
+              })}
+            </div>
+          )}
+
+          {error && (
+            <p className="text-sm text-red-600 bg-red-50 border border-red-200 rounded px-3 py-2">{error}</p>
+          )}
+
           <button
-            onClick={addRoute}
-            disabled={!sourceId || !targetId || busy}
-            className="rounded-lg bg-blue-600 px-4 py-2 text-sm font-medium text-white hover:bg-blue-700 disabled:opacity-50"
+            onClick={addRoutes}
+            disabled={!sourceId || targetIds.size === 0 || busy}
+            className="self-start rounded-lg bg-blue-600 px-4 py-2 text-sm font-medium text-white hover:bg-blue-700 disabled:opacity-50"
           >
-            Add route
+            {busy ? 'Creating…' : `Create ${targetIds.size} route${targetIds.size !== 1 ? 's' : ''}`}
           </button>
         </div>
       </section>
diff --git a/apps/web/app/groups/page.tsx b/apps/web/app/groups/page.tsx
index 7945f75..cfd600a 100644
--- a/apps/web/app/groups/page.tsx
+++ b/apps/web/app/groups/page.tsx
@@ -1,9 +1,19 @@
 import { RouteManager } from './RouteManager';
+import { GroupsTabs } from './GroupsTabs';
+import { apiFetch } from '../_lib/api';
 
 interface Group {
   id: string;
   name: string;
   platform: string;
+  platformId: string;
+  isActive: boolean;
+  accountId: string | null;
+  tenantId: string | null;
+}
+
+interface SharedGroup extends Group {
+  sharedByTenantName: string;
 }
 
 interface Route {
@@ -14,27 +24,82 @@ interface Route {
   targetGroup: { name: string };
 }
 
-async function fetchJson<T>(url: string): Promise<T | null> {
+type FetchResult<T> = { ok: true; data: T } | { ok: false; status: number; error: string };
+
+async function fetchJson<T>(path: string): Promise<FetchResult<T>> {
+  let res: Response;
   try {
-    const res = await fetch(url, { cache: 'no-store' });
-    if (!res.ok) return null;
-    return res.json();
-  } catch {
-    return null;
+    res = await apiFetch(path);
+  } catch (err) {
+    return { ok: false, status: 0, error: `API unreachable: ${(err as Error).message}` };
   }
+  if (!res.ok) {
+    const body = await res.text().catch(() => '');
+    return { ok: false, status: res.status, error: body.slice(0, 200) || res.statusText };
+  }
+  return { ok: true, data: (await res.json()) as T };
 }
 
-export default async function GroupsPage() {
-  const apiUrl = process.env.API_URL ?? 'http://localhost:3001';
-  const [groups, routes] = await Promise.all([
-    fetchJson<Group[]>(`${apiUrl}/groups`),
-    fetchJson<Route[]>(`${apiUrl}/routes`),
+export default async function GroupsPage({
+  searchParams,
+}: {
+  searchParams: Promise<{ tab?: 'mine' | 'shared' }>;
+}) {
+  const { tab: rawTab } = await searchParams;
+  const tab: 'mine' | 'shared' = rawTab === 'shared' ? 'shared' : 'mine';
+  const [groupsR, sharedR, routesR] = await Promise.all([
+    fetchJson<Group[]>('/groups'),
+    tab === 'shared' ? fetchJson<SharedGroup[]>('/groups/shared') : Promise.resolve(null),
+    fetchJson<Route[]>('/routes'),
   ]);
 
+  const groups = groupsR?.ok ? groupsR.data : [];
+  const shared = sharedR && sharedR.ok ? sharedR.data : [];
+  const routes = routesR?.ok ? routesR.data : [];
+  const errors = [groupsR, sharedR, routesR]
+    .filter((r): r is { ok: false; status: number; error: string } => !!r && !r.ok && r.status !== 401)
+    .map((e) => `${e.status === 0 ? 'API unreachable' : `API ${e.status}`}: ${e.error}`);
+
   return (
-    <div className="max-w-2xl">
+    <div className="max-w-3xl">
       <h1 className="text-xl font-semibold mb-6">Groups &amp; Routes</h1>
-      <RouteManager groups={groups ?? []} initialRoutes={routes ?? []} />
+      {errors.length > 0 && (
+        <div className="mb-4 rounded border border-red-200 bg-red-50 p-3 text-sm text-red-800">
+          <div className="font-medium mb-1">Failed to load some data</div>
+          <ul className="list-disc pl-5 space-y-0.5">
+            {errors.map((e) => <li key={e}>{e}</li>)}
+          </ul>
+        </div>
+      )}
+      <GroupsTabs current={tab} counts={{ mine: groups.length, shared: shared.length }} />
+      {tab === 'shared' && (
+        <div className="mt-4">
+          <h2 className="text-sm font-medium mb-2">Shared with me</h2>
+          <p className="text-xs text-gray-500 mb-3">
+            Groups other tenants have shared with you. You can use them as TARGET groups in your routes.
+          </p>
+          {shared.length === 0 ? (
+            <p className="text-sm text-gray-400 italic">No groups shared with you yet.</p>
+          ) : (
+            <ul className="space-y-2">
+              {shared.map((g) => (
+                <li key={g.id} className="border border-gray-200 rounded bg-white px-4 py-3 flex items-center justify-between">
+                  <div>
+                    <span className="text-sm font-medium">{g.name}</span>
+                    {!g.isActive && <span className="ml-2 text-xs text-red-500 font-medium">(Bot removed)</span>}
+                    <span className="text-xs text-gray-400 ml-2">shared by {g.sharedByTenantName}</span>
+                  </div>
+                </li>
+              ))}
+            </ul>
+          )}
+        </div>
+      )}
+      {tab === 'mine' && (
+        <div className="mt-4">
+          <RouteManager groups={groups} initialRoutes={routes} />
+        </div>
+      )}
     </div>
   );
 }
diff --git a/apps/web/app/layout.tsx b/apps/web/app/layout.tsx
index 1a37ebb..d8bb845 100644
--- a/apps/web/app/layout.tsx
+++ b/apps/web/app/layout.tsx
@@ -1,6 +1,9 @@
 import type { Metadata } from 'next';
 import Link from 'next/link';
 import './globals.css';
+import { AuthProvider } from './_lib/auth-context';
+import { SuperAdminProvider } from './_lib/super-admin-context';
+import { Sidebar } from './_lib/sidebar';
 
 export const metadata: Metadata = {
   title: 'Insignia TOWER',
@@ -11,19 +14,12 @@ export default function RootLayout({ children }: { children: React.ReactNode })
   return (
     <html lang="en">
       <body className="flex min-h-screen bg-gray-50 text-gray-900 antialiased">
-        <nav className="w-52 shrink-0 bg-white border-r border-gray-200 p-4 flex flex-col gap-1">
-          <span className="font-bold text-base mb-4">TOWER</span>
-          <Link href="/search" className="rounded px-3 py-2 text-sm hover:bg-gray-100">
-            Search
-          </Link>
-          <Link href="/groups" className="rounded px-3 py-2 text-sm hover:bg-gray-100">
-            Groups &amp; Routes
-          </Link>
-          <Link href="/accounts" className="rounded px-3 py-2 text-sm hover:bg-gray-100">
-            Accounts
-          </Link>
-        </nav>
-        <main className="flex-1 overflow-auto p-6">{children}</main>
+        <AuthProvider>
+          <SuperAdminProvider>
+            <Sidebar />
+            <main className="flex-1 overflow-auto p-6">{children}</main>
+          </SuperAdminProvider>
+        </AuthProvider>
       </body>
     </html>
   );
diff --git a/apps/web/app/login/page.test.tsx b/apps/web/app/login/page.test.tsx
new file mode 100644
index 0000000..65b983c
--- /dev/null
+++ b/apps/web/app/login/page.test.tsx
@@ -0,0 +1,88 @@
+import { fireEvent, render, screen, waitFor } from '@testing-library/react';
+import LoginPage from './page';
+import { AuthProvider } from '../_lib/auth-context';
+import { SuperAdminProvider } from '../_lib/super-admin-context';
+
+const pushMock = jest.fn();
+const refreshMock = jest.fn();
+
+jest.mock('next/navigation', () => ({
+  useRouter: () => ({ push: pushMock, refresh: refreshMock, replace: jest.fn() }),
+  useSearchParams: () => new URLSearchParams(),
+}));
+
+function authResponse(body: unknown, status = 200) {
+  return new Response(JSON.stringify(body), { status, headers: { 'Content-Type': 'application/json' } });
+}
+
+const UNAUTHORIZED = () => Promise.resolve(new Response('Unauthorized', { status: 401 }));
+
+function mockFetch(responses: Record<string, (url: string, init?: RequestInit) => Response | Promise<Response>>) {
+  fetchSpy.mockImplementation((url: string, init?: RequestInit) => {
+    const handler = responses[url];
+    if (handler) return handler(url, init);
+    return responses['default']?.(url, init) ?? UNAUTHORIZED();
+  });
+}
+
+beforeEach(() => {
+  jest.clearAllMocks();
+  fetchSpy = jest.spyOn(global, 'fetch');
+  mockFetch({ default: UNAUTHORIZED });
+});
+
+afterEach(() => {
+  jest.restoreAllMocks();
+});
+
+function renderWithProvider(ui: React.ReactElement) {
+  return render(
+    <AuthProvider>
+      <SuperAdminProvider>{ui}</SuperAdminProvider>
+    </AuthProvider>,
+  );
+}
+
+describe('LoginPage', () => {
+  it('renders email and password fields and a submit button', async () => {
+    renderWithProvider(<LoginPage />);
+    expect(await screen.findByLabelText(/email/i)).toBeInTheDocument();
+    expect(await screen.findByLabelText(/password/i)).toBeInTheDocument();
+    expect(await screen.findByRole('button', { name: /sign in/i })).toBeInTheDocument();
+  });
+
+  it('posts credentials to /api/auth/login and redirects on success', async () => {
+    mockFetch({
+      '/api/auth/login': () => authResponse({ admin: { id: 'a-1', email: 'me@x.com' } }),
+      '/api/auth/me': () => authResponse({ admin: { id: 'a-1', email: 'me@x.com', role: 'OWNER', tenantId: 't1', tenantSlug: 'default', tenantName: 'Default' } }),
+    });
+    renderWithProvider(<LoginPage />);
+    await screen.findByLabelText(/email/i);
+    fireEvent.change(screen.getByLabelText(/email/i), { target: { value: 'me@x.com' } });
+    fireEvent.change(screen.getByLabelText(/password/i), { target: { value: 'secret' } });
+    fireEvent.click(screen.getByRole('button', { name: /sign in/i }));
+    await waitFor(() =>
+      expect(fetchSpy).toHaveBeenCalledWith(
+        '/api/auth/login',
+        expect.objectContaining({
+          method: 'POST',
+          body: JSON.stringify({ email: 'me@x.com', password: 'secret' }),
+        }),
+      ),
+    );
+    expect(pushMock).toHaveBeenCalledWith('/');
+  });
+
+  it('shows an error message on 401', async () => {
+    mockFetch({
+      '/api/auth/login': () => authResponse({ message: 'Invalid email or password' }, 401),
+    });
+    renderWithProvider(<LoginPage />);
+    await screen.findByLabelText(/email/i);
+    fireEvent.change(screen.getByLabelText(/email/i), { target: { value: 'me@x.com' } });
+    fireEvent.change(screen.getByLabelText(/password/i), { target: { value: 'wrong' } });
+    fireEvent.click(screen.getByRole('button', { name: /sign in/i }));
+    expect(await screen.findByRole('alert')).toHaveTextContent(/invalid email or password/i);
+    expect(pushMock).not.toHaveBeenCalled();
+  });
+});
diff --git a/apps/web/app/login/page.tsx b/apps/web/app/login/page.tsx
new file mode 100644
index 0000000..5275e16
--- /dev/null
+++ b/apps/web/app/login/page.tsx
@@ -0,0 +1,113 @@
+'use client';
+
+import { useRouter, useSearchParams } from 'next/navigation';
+import { Suspense, useEffect, useState } from 'react';
+import { useAuth } from '../_lib/auth-context';
+import { useSuperAdmin } from '../_lib/super-admin-context';
+
+function LoginForm() {
+  const router = useRouter();
+  const searchParams = useSearchParams();
+  const { refresh } = useAuth();
+  const { admin: superAdmin, loading: superLoading } = useSuperAdmin();
+  const next = searchParams.get('next') ?? '/';
+  const [email, setEmail] = useState('');
+  const [password, setPassword] = useState('');
+  const [submitting, setSubmitting] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+  const [redirecting, setRedirecting] = useState(false);
+
+  useEffect(() => {
+    if (!superLoading && superAdmin) {
+      setRedirecting(true);
+      router.replace('/admin');
+    }
+  }, [superAdmin, superLoading, router]);
+
+  if (superLoading) {
+    return <div className="bg-white p-6 rounded-xl border border-gray-200 h-64 animate-pulse" />;
+  }
+
+  if (redirecting) {
+    return <p className="text-sm text-gray-500">Redirecting to admin panel…</p>;
+  }
+
+  async function onSubmit(e: React.FormEvent) {
+    e.preventDefault();
+    setSubmitting(true);
+    setError(null);
+    try {
+      const res = await fetch('/api/auth/login', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ email, password }),
+        credentials: 'include',
+      });
+      if (!res.ok) {
+        const data = await res.json().catch(() => ({}));
+        setError(data?.message ?? 'Invalid email or password');
+        return;
+      }
+      await refresh();
+      router.push(next);
+      router.refresh();
+    } catch (err) {
+      setError(err instanceof Error ? err.message : 'Network error');
+    } finally {
+      setSubmitting(false);
+    }
+  }
+
+  return (
+    <form onSubmit={onSubmit} className="flex flex-col gap-4 bg-white p-6 rounded-xl border border-gray-200">
+      <label className="flex flex-col gap-1 text-sm">
+        <span className="font-medium text-gray-700">Email</span>
+        <input
+          type="email"
+          value={email}
+          onChange={(e) => setEmail(e.target.value)}
+          required
+          autoComplete="username"
+          className="rounded border border-gray-300 px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-200"
+        />
+      </label>
+      <label className="flex flex-col gap-1 text-sm">
+        <span className="font-medium text-gray-700">Password</span>
+        <input
+          type="password"
+          value={password}
+          onChange={(e) => setPassword(e.target.value)}
+          required
+          autoComplete="current-password"
+          className="rounded border border-gray-300 px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-200"
+        />
+      </label>
+      {error && <p className="text-sm text-red-600" role="alert">{error}</p>}
+      <button
+        type="submit"
+        disabled={submitting}
+        className="rounded bg-blue-600 text-white py-2 font-medium hover:bg-blue-700 disabled:opacity-50"
+      >
+        {submitting ? 'Signing in…' : 'Sign in'}
+      </button>
+    </form>
+  );
+}
+
+export default function LoginPage() {
+  return (
+    <div className="max-w-sm mx-auto mt-16">
+      <h1 className="text-2xl font-semibold mb-2">Sign in</h1>
+      <p className="text-sm text-gray-500 mb-6">TOWER administrative console</p>
+      <Suspense fallback={<div className="bg-white p-6 rounded-xl border border-gray-200 h-64" />}>
+        <LoginForm />
+      </Suspense>
+      <p className="text-sm text-gray-500 mt-6 text-center">
+        New here?{' '}
+        <a href="/signup" className="text-blue-600 hover:underline">
+          Create a community
+        </a>
+      </p>
+    </div>
+  );
+}
diff --git a/apps/web/app/messages/[id]/page.tsx b/apps/web/app/messages/[id]/page.tsx
new file mode 100644
index 0000000..4fed4b4
--- /dev/null
+++ b/apps/web/app/messages/[id]/page.tsx
@@ -0,0 +1,158 @@
+import Link from 'next/link';
+import { apiFetch } from '../../_lib/api';
+
+interface MessageDetail {
+  id: string;
+  tenantId: string;
+  platform: string;
+  platformMsgId: string;
+  sourceGroupId: string;
+  sourceGroup: {
+    id: string;
+    name: string;
+    platformId: string;
+    claimStatus: string;
+    isActive: boolean;
+    createdAt: string;
+  } | null;
+  senderJid: string;
+  senderName: string | null;
+  senderTowerUser: {
+    id: string;
+    jid: string;
+    phoneHash: string;
+    displayName: string | null;
+    createdAt: string;
+  } | null;
+  content: string;
+  mediaUrl: string | null;
+  tags: string[];
+  status: string;
+  createdAt: string;
+  updatedAt: string;
+  approval: {
+    id: string;
+    adminId: string;
+    decision: string;
+    notes: string | null;
+    decidedAt: string;
+  } | null;
+}
+
+function Field({ label, children }: { label: string; children: React.ReactNode }) {
+  return (
+    <div className="grid grid-cols-[160px_1fr] gap-2 text-sm py-2 border-b border-gray-100">
+      <span className="text-gray-500 font-medium">{label}</span>
+      <span className="text-gray-900 break-words">{children ?? <span className="text-gray-300">—</span>}</span>
+    </div>
+  );
+}
+
+export default async function MessageDetailPage({
+  params,
+}: {
+  params: Promise<{ id: string }>;
+}) {
+  const { id } = await params;
+
+  let msg: MessageDetail | null = null;
+  let error: string | null = null;
+  try {
+    const res = await apiFetch(`/admin/messages/${id}`);
+    if (res.ok) {
+      msg = await res.json();
+    } else {
+      error = `API returned ${res.status}`;
+    }
+  } catch {
+    error = 'Failed to load message';
+  }
+
+  if (error || !msg) {
+    return (
+      <div className="max-w-2xl">
+        <Link href="/search" className="text-sm text-blue-600 hover:underline mb-4 inline-block">&larr; Back to search</Link>
+        <p className="text-red-600 text-sm">{error ?? 'Message not found'}</p>
+      </div>
+    );
+  }
+
+  return (
+    <div className="max-w-2xl">
+      <Link href="/search" className="text-sm text-blue-600 hover:underline mb-4 inline-block">&larr; Back to search</Link>
+      <h1 className="text-xl font-semibold mb-6">Message Detail</h1>
+
+      <div className="border border-gray-200 rounded-lg p-4 mb-6">
+        <p className="text-sm whitespace-pre-wrap bg-gray-50 rounded p-3 mb-2">{msg.content}</p>
+        <div className="flex flex-wrap gap-1">
+          {msg.tags.map((tag) => (
+            <span key={tag} className="rounded-full bg-blue-50 px-2 py-0.5 text-xs text-blue-600">{tag}</span>
+          ))}
+        </div>
+      </div>
+
+      <div className="border border-gray-200 rounded-lg p-4">
+        <h2 className="text-sm font-semibold text-gray-700 mb-3">Metadata</h2>
+
+        <Field label="Status">
+          <span className={`font-medium ${msg.status === 'APPROVED' ? 'text-green-600' : msg.status === 'REJECTED' ? 'text-red-600' : 'text-amber-600'}`}>
+            {msg.status}
+          </span>
+        </Field>
+        <Field label="Message ID">{msg.id}</Field>
+        <Field label="Platform">{msg.platform}</Field>
+        <Field label="Platform Msg ID">{msg.platformMsgId}</Field>
+        <Field label="Created">{new Date(msg.createdAt).toLocaleString()}</Field>
+        <Field label="Updated">{new Date(msg.updatedAt).toLocaleString()}</Field>
+
+        <div className="mt-4 pt-2 border-t border-gray-200">
+          <h3 className="text-xs font-semibold text-gray-500 uppercase mb-2">Sender</h3>
+          <Field label="JID">{msg.senderJid}</Field>
+          <Field label="Name">{msg.senderName}</Field>
+          {msg.senderTowerUser && (
+            <>
+              <Field label="Display Name">{msg.senderTowerUser.displayName}</Field>
+              <Field label="Phone Hash">{msg.senderTowerUser.phoneHash}</Field>
+              <Field label="Tower User ID">{msg.senderTowerUser.id}</Field>
+            </>
+          )}
+        </div>
+
+        <div className="mt-4 pt-2 border-t border-gray-200">
+          <h3 className="text-xs font-semibold text-gray-500 uppercase mb-2">Source Group</h3>
+          {msg.sourceGroup ? (
+            <>
+              <Field label="Name">{msg.sourceGroup.name}</Field>
+              <Field label="Platform ID">{msg.sourceGroup.platformId}</Field>
+              <Field label="Claim Status">{msg.sourceGroup.claimStatus}</Field>
+              <Field label="Active">{msg.sourceGroup.isActive ? 'Yes' : 'No'}</Field>
+            </>
+          ) : (
+            <Field label="Group">(deleted)</Field>
+          )}
+        </div>
+
+        {msg.approval && (
+          <div className="mt-4 pt-2 border-t border-gray-200">
+            <h3 className="text-xs font-semibold text-gray-500 uppercase mb-2">Approval</h3>
+            <Field label="Decision">
+              <span className={`font-medium ${msg.approval.decision === 'APPROVED' ? 'text-green-600' : 'text-red-600'}`}>
+                {msg.approval.decision}
+              </span>
+            </Field>
+            <Field label="Admin ID">{msg.approval.adminId}</Field>
+            <Field label="Decided At">{new Date(msg.approval.decidedAt).toLocaleString()}</Field>
+            <Field label="Notes">{msg.approval.notes}</Field>
+          </div>
+        )}
+
+        {msg.mediaUrl && (
+          <div className="mt-4 pt-2 border-t border-gray-200">
+            <h3 className="text-xs font-semibold text-gray-500 uppercase mb-2">Media</h3>
+            <Field label="Media URL">{msg.mediaUrl}</Field>
+          </div>
+        )}
+      </div>
+    </div>
+  );
+}
diff --git a/apps/web/app/messages/pending/page.tsx b/apps/web/app/messages/pending/page.tsx
new file mode 100644
index 0000000..6709e65
--- /dev/null
+++ b/apps/web/app/messages/pending/page.tsx
@@ -0,0 +1,105 @@
+import { apiFetch } from '../../_lib/api';
+
+interface PendingMessage {
+  id: string;
+  content: string;
+  senderJid: string;
+  senderName: string | null;
+  tags: string[];
+  createdAt: string;
+  sourceGroupId: string;
+  sourceGroupName: string;
+  sourceGroupPlatformId: string;
+}
+
+type FetchResult<T> = { ok: true; data: T } | { ok: false; status: number; error: string };
+
+async function fetchPending(): Promise<FetchResult<PendingMessage[]>> {
+  try {
+    const res = await apiFetch('/admin/messages/pending');
+    if (!res.ok) {
+      const body = await res.text().catch(() => '');
+      return { ok: false, status: res.status, error: body.slice(0, 200) || res.statusText };
+    }
+    return { ok: true, data: (await res.json()) as PendingMessage[] };
+  } catch (err) {
+    return { ok: false, status: 0, error: `API unreachable: ${(err as Error).message}` };
+  }
+}
+
+export default async function PendingMessagesPage() {
+  const result = await fetchPending();
+  const messages = result.ok ? result.data : [];
+  const error = !result.ok ? (result.status === 0 ? 'API unreachable' : `API ${result.status}: ${result.error}`) : null;
+
+  return (
+    <div className="max-w-3xl">
+      <h1 className="text-xl font-semibold mb-2">Pending messages</h1>
+      <p className="text-sm text-gray-500 mb-6">
+        Flagged messages waiting for an admin to approve. Approving forwards them to every active
+        route from the source group and indexes them in search.
+      </p>
+
+      {error && (
+        <div className="mb-4 rounded border border-red-200 bg-red-50 p-3 text-sm text-red-800">
+          Failed to load: {error}
+        </div>
+      )}
+
+      {!error && messages.length === 0 && (
+        <div className="rounded-xl border border-gray-200 bg-white p-6 text-sm text-gray-500">
+          No pending messages right now. New flagged messages will appear here as they arrive.
+        </div>
+      )}
+
+      <ul className="space-y-3">
+        {messages.map((m) => (
+          <PendingMessageRow key={m.id} message={m} />
+        ))}
+      </ul>
+    </div>
+  );
+}
+
+function PendingMessageRow({ message }: { message: PendingMessage }) {
+  return (
+    <li className="rounded-xl border border-gray-200 bg-white p-4 flex flex-col gap-2">
+      <div className="flex items-baseline justify-between gap-2">
+        <div className="text-sm font-medium text-gray-900">{message.sourceGroupName}</div>
+        <div className="text-xs text-gray-500">
+          {new Date(message.createdAt).toLocaleString()}
+        </div>
+      </div>
+      <div className="text-xs text-gray-500">
+        From <span className="font-mono">{message.senderName ?? message.senderJid}</span>
+        {message.tags.length > 0 && (
+          <span className="ml-2 inline-flex flex-wrap gap-1">
+            {message.tags.map((t) => (
+              <span
+                key={t}
+                className="rounded bg-blue-50 px-1.5 py-0.5 text-[10px] font-medium text-blue-700"
+              >
+                {t}
+              </span>
+            ))}
+          </span>
+        )}
+      </div>
+      <div className="text-sm text-gray-800 whitespace-pre-wrap break-words">
+        {message.content}
+      </div>
+      <form
+        action={`/api/messages/${message.id}/approve`}
+        method="post"
+        className="flex justify-end pt-1"
+      >
+        <button
+          type="submit"
+          className="rounded bg-blue-600 px-3 py-1.5 text-sm font-medium text-white hover:bg-blue-700"
+        >
+          Approve &amp; forward
+        </button>
+      </form>
+    </li>
+  );
+}
diff --git a/apps/web/app/my/groups/GroupOptOutButton.tsx b/apps/web/app/my/groups/GroupOptOutButton.tsx
new file mode 100644
index 0000000..939f556
--- /dev/null
+++ b/apps/web/app/my/groups/GroupOptOutButton.tsx
@@ -0,0 +1,44 @@
+'use client';
+
+import { useRouter } from 'next/navigation';
+import { useState, useTransition } from 'react';
+
+export function GroupOptOutButton({ groupId, groupName }: { groupId: string; groupName: string }) {
+  const router = useRouter();
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+
+  function handleClick() {
+    if (!window.confirm(`Revoke consent for "${groupName}"? Your messages will no longer be archived from this group.`)) {
+      return;
+    }
+    setError(null);
+    startTransition(async () => {
+      const res = await fetch('/api/my/opt-out', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+        body: JSON.stringify({ groupId }),
+      });
+      if (!res.ok) {
+        const body = (await res.json().catch(() => ({}))) as { message?: string };
+        setError(body.message ?? 'Opt-out failed');
+        return;
+      }
+      router.refresh();
+    });
+  }
+
+  return (
+    <div className="flex flex-col items-end gap-1">
+      <button
+        type="button"
+        onClick={handleClick}
+        disabled={pending}
+        className="rounded border border-red-200 px-3 py-1 text-xs text-red-700 hover:bg-red-50 disabled:opacity-50"
+      >
+        {pending ? 'Revoking…' : 'Revoke consent'}
+      </button>
+      {error && <span className="text-xs text-red-600">{error}</span>}
+    </div>
+  );
+}
diff --git a/apps/web/app/my/groups/[id]/page.tsx b/apps/web/app/my/groups/[id]/page.tsx
new file mode 100644
index 0000000..ae8271b
--- /dev/null
+++ b/apps/web/app/my/groups/[id]/page.tsx
@@ -0,0 +1,88 @@
+import { getApiBaseUrl, getMemberToken } from '../../../_lib/api';
+import Link from 'next/link';
+
+interface MemberGroupSummary {
+  id: string;
+  name: string;
+  tenantId: string;
+  scopes: string[];
+  retentionDays: number;
+  policyVersion: string;
+  consentStatus: 'GRANTED' | 'REVOKED' | 'PENDING';
+  joinedAt: string;
+}
+
+async function fetchGroup(token: string, id: string): Promise<MemberGroupSummary | null> {
+  const res = await fetch(`${getApiBaseUrl()}/my/groups/${id}`, {
+    headers: { Accept: 'application/json', Authorization: `Bearer ${token}` },
+    cache: 'no-store',
+  }).catch(() => null);
+  if (!res || !res.ok) return null;
+  return (await res.json()) as MemberGroupSummary;
+}
+
+export default async function MyGroupDetailPage({ params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params;
+  const token = await getMemberToken();
+  if (!token) {
+    return (
+      <div className="max-w-2xl mx-auto mt-12 p-6 rounded-lg border border-yellow-200 bg-yellow-50">
+        <h1 className="text-lg font-semibold text-yellow-800">Sign in required</h1>
+        <p className="text-sm text-yellow-700">Complete onboarding to view group details.</p>
+      </div>
+    );
+  }
+
+  const group = await fetchGroup(token, id);
+  if (!group) {
+    return (
+      <div className="max-w-2xl mx-auto mt-12 p-6 rounded-lg border border-red-200 bg-red-50">
+        <h1 className="text-lg font-semibold text-red-800">Group not found</h1>
+        <p className="text-sm text-red-700">
+          You aren&apos;t a member of this group, or it has been removed.
+        </p>
+        <Link href="/my/groups" className="text-sm text-blue-600 underline mt-3 inline-block">
+          ← Back to your groups
+        </Link>
+      </div>
+    );
+  }
+
+  return (
+    <div className="max-w-2xl mx-auto mt-12 p-6 rounded-lg border border-gray-200 bg-white">
+      <Link href="/my/groups" className="text-xs text-gray-500 underline">
+        ← All groups
+      </Link>
+      <h1 className="text-xl font-semibold mt-2 mb-4">{group.name}</h1>
+      <dl className="text-sm space-y-2">
+        <div>
+          <dt className="inline font-medium">Status: </dt>
+          <dd className="inline">{group.consentStatus}</dd>
+        </div>
+        <div>
+          <dt className="inline font-medium">Scopes: </dt>
+          <dd className="inline">{group.scopes.join(', ')}</dd>
+        </div>
+        <div>
+          <dt className="inline font-medium">Retention: </dt>
+          <dd className="inline">{group.retentionDays} days</dd>
+        </div>
+        <div>
+          <dt className="inline font-medium">Policy version: </dt>
+          <dd className="inline">{group.policyVersion}</dd>
+        </div>
+        <div>
+          <dt className="inline font-medium">Joined: </dt>
+          <dd className="inline">{new Date(group.joinedAt).toLocaleString()}</dd>
+        </div>
+      </dl>
+      <p className="mt-4 text-xs text-gray-500">
+        Use the &quot;Revoke consent&quot; button on{' '}
+        <Link href="/my/groups" className="underline">
+          your groups list
+        </Link>{' '}
+        to opt out of this group.
+      </p>
+    </div>
+  );
+}
diff --git a/apps/web/app/my/groups/page.tsx b/apps/web/app/my/groups/page.tsx
new file mode 100644
index 0000000..79741de
--- /dev/null
+++ b/apps/web/app/my/groups/page.tsx
@@ -0,0 +1,89 @@
+import { getApiBaseUrl, getMemberToken } from '../../_lib/api';
+import Link from 'next/link';
+import { GroupOptOutButton } from './GroupOptOutButton';
+
+interface MemberGroupSummary {
+  id: string;
+  name: string;
+  tenantId: string;
+  scopes: string[];
+  retentionDays: number;
+  policyVersion: string;
+  consentStatus: 'GRANTED' | 'REVOKED' | 'PENDING';
+  joinedAt: string;
+}
+
+async function fetchGroups(token: string): Promise<MemberGroupSummary[] | null> {
+  const res = await fetch(`${getApiBaseUrl()}/my/groups`, {
+    headers: { Accept: 'application/json', Authorization: `Bearer ${token}` },
+    cache: 'no-store',
+  }).catch(() => null);
+  if (!res || !res.ok) return null;
+  return (await res.json()) as MemberGroupSummary[];
+}
+
+export default async function MyGroupsPage() {
+  const token = await getMemberToken();
+  if (!token) {
+    return (
+      <div className="max-w-2xl mx-auto mt-12 p-6 rounded-lg border border-yellow-200 bg-yellow-50">
+        <h1 className="text-lg font-semibold text-yellow-800">Sign in required</h1>
+        <p className="text-sm text-yellow-700">Complete onboarding to view your groups.</p>
+      </div>
+    );
+  }
+
+  const groups = await fetchGroups(token);
+  if (!groups) {
+    return (
+      <div className="max-w-2xl mx-auto mt-12 p-6 rounded-lg border border-red-200 bg-red-50">
+        <h1 className="text-lg font-semibold text-red-800">Couldn&apos;t load your groups</h1>
+        <p className="text-sm text-red-700">Your session may have expired. Please try signing out and back in.</p>
+      </div>
+    );
+  }
+
+  return (
+    <div className="max-w-2xl mx-auto mt-12 p-6">
+      <h1 className="text-xl font-semibold mb-4">Your groups</h1>
+      {groups.length === 0 ? (
+        <p className="text-sm text-gray-500">
+          You haven&apos;t joined any TOWER-managed groups yet.
+        </p>
+      ) : (
+        <ul className="flex flex-col gap-3">
+          {groups.map((g) => (
+            <li key={g.id} className="rounded-xl border border-gray-200 bg-white p-4">
+              <div className="flex items-start justify-between gap-4">
+                <div>
+                  <Link href={`/my/groups/${g.id}`} className="text-sm font-medium text-blue-600 underline">
+                    {g.name}
+                  </Link>
+                  <div className="mt-1 text-xs text-gray-500">
+                    Status:{' '}
+                    <span
+                      className={
+                        g.consentStatus === 'GRANTED'
+                          ? 'text-green-700'
+                          : g.consentStatus === 'REVOKED'
+                            ? 'text-red-700'
+                            : 'text-yellow-700'
+                      }
+                    >
+                      {g.consentStatus}
+                    </span>
+                    {' · '}Retention {g.retentionDays}d · Policy {g.policyVersion}
+                  </div>
+                  <div className="mt-1 text-xs text-gray-500">
+                    Scopes: {g.scopes.join(', ')}
+                  </div>
+                </div>
+                {g.consentStatus === 'GRANTED' && <GroupOptOutButton groupId={g.id} groupName={g.name} />}
+              </div>
+            </li>
+          ))}
+        </ul>
+      )}
+    </div>
+  );
+}
diff --git a/apps/web/app/my/page.tsx b/apps/web/app/my/page.tsx
new file mode 100644
index 0000000..90d1ad2
--- /dev/null
+++ b/apps/web/app/my/page.tsx
@@ -0,0 +1,74 @@
+import { getMemberToken, getApiBaseUrl } from '../_lib/api';
+import Link from 'next/link';
+
+interface MemberProfile {
+  id: string;
+  tenantId: string;
+  jid: string;
+  displayName: string | null;
+  createdAt: string;
+}
+
+async function fetchProfile(token: string): Promise<MemberProfile | null> {
+  const res = await fetch(`${getApiBaseUrl()}/my/profile`, {
+    headers: { Accept: 'application/json', Authorization: `Bearer ${token}` },
+    cache: 'no-store',
+  }).catch(() => null);
+  if (!res || !res.ok) return null;
+  return (await res.json()) as MemberProfile;
+}
+
+export default async function MyPage() {
+  const token = await getMemberToken();
+  if (!token) {
+    return (
+      <div className="max-w-md mx-auto mt-12 p-6 rounded-lg border border-yellow-200 bg-yellow-50">
+        <h1 className="text-lg font-semibold text-yellow-800">Member portal</h1>
+        <p className="text-sm text-yellow-700">
+          No member session. Complete onboarding via the link a group admin sent you.
+        </p>
+      </div>
+    );
+  }
+
+  const profile = await fetchProfile(token);
+  if (!profile) {
+    return (
+      <div className="max-w-md mx-auto mt-12 p-6 rounded-lg border border-red-200 bg-red-50">
+        <h1 className="text-lg font-semibold text-red-800">Couldn&apos;t load your account</h1>
+        <p className="text-sm text-red-700">
+          Your session may have expired. Please complete onboarding again.
+        </p>
+        <form method="POST" action="/api/my/logout" className="mt-4">
+          <button type="submit" className="text-sm text-blue-600 underline">
+            Sign out
+          </button>
+        </form>
+      </div>
+    );
+  }
+
+  return (
+    <div className="max-w-2xl mx-auto mt-12 p-6 rounded-lg border border-gray-200 bg-white">
+      <h1 className="text-xl font-semibold mb-4">Your account</h1>
+      <dl className="text-sm space-y-1 mb-6">
+        <div>
+          <dt className="inline font-medium">Display name: </dt>
+          <dd className="inline">{profile.displayName ?? '—'}</dd>
+        </div>
+        <div>
+          <dt className="inline font-medium">JID: </dt>
+          <dd className="inline">{profile.jid}</dd>
+        </div>
+        <div>
+          <dt className="inline font-medium">Joined: </dt>
+          <dd className="inline">{new Date(profile.createdAt).toLocaleDateString()}</dd>
+        </div>
+      </dl>
+      <div className="flex flex-col gap-2 text-sm">
+        <Link href="/my/groups" className="text-blue-600 underline">Manage your groups →</Link>
+        <Link href="/my/settings" className="text-blue-600 underline">Privacy &amp; account settings →</Link>
+      </div>
+    </div>
+  );
+}
diff --git a/apps/web/app/my/settings/DeleteAccountButton.tsx b/apps/web/app/my/settings/DeleteAccountButton.tsx
new file mode 100644
index 0000000..b909a75
--- /dev/null
+++ b/apps/web/app/my/settings/DeleteAccountButton.tsx
@@ -0,0 +1,44 @@
+'use client';
+
+import { useRouter } from 'next/navigation';
+import { useState, useTransition } from 'react';
+
+export function DeleteAccountButton() {
+  const router = useRouter();
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+
+  function handleClick() {
+    if (
+      !window.confirm(
+        'Permanently delete your TOWER account? This cannot be undone.',
+      )
+    ) {
+      return;
+    }
+    setError(null);
+    startTransition(async () => {
+      const res = await fetch('/api/my/account', { method: 'DELETE' });
+      if (!res.ok) {
+        const body = (await res.json().catch(() => ({}))) as { message?: string };
+        setError(body.message ?? 'Delete failed');
+        return;
+      }
+      router.replace('/');
+    });
+  }
+
+  return (
+    <div className="flex flex-col items-start gap-1">
+      <button
+        type="button"
+        onClick={handleClick}
+        disabled={pending}
+        className="rounded border border-red-300 bg-white px-3 py-1.5 text-sm text-red-700 hover:bg-red-50 disabled:opacity-50"
+      >
+        {pending ? 'Deleting…' : 'Delete my account'}
+      </button>
+      {error && <span className="text-xs text-red-700">{error}</span>}
+    </div>
+  );
+}
diff --git a/apps/web/app/my/settings/MemberLogoutButton.tsx b/apps/web/app/my/settings/MemberLogoutButton.tsx
new file mode 100644
index 0000000..7465412
--- /dev/null
+++ b/apps/web/app/my/settings/MemberLogoutButton.tsx
@@ -0,0 +1,24 @@
+'use client';
+
+import { useRouter } from 'next/navigation';
+import { useState, useTransition } from 'react';
+
+export function MemberLogoutButton() {
+  const router = useRouter();
+  const [pending, startTransition] = useTransition();
+  return (
+    <button
+      type="button"
+      disabled={pending}
+      onClick={() =>
+        startTransition(async () => {
+          await fetch('/api/my/logout', { method: 'POST' });
+          router.replace('/');
+        })
+      }
+      className="rounded border border-gray-300 px-3 py-1.5 text-sm hover:bg-gray-50 disabled:opacity-50"
+    >
+      {pending ? 'Signing out…' : 'Sign out'}
+    </button>
+  );
+}
diff --git a/apps/web/app/my/settings/page.tsx b/apps/web/app/my/settings/page.tsx
new file mode 100644
index 0000000..dfab028
--- /dev/null
+++ b/apps/web/app/my/settings/page.tsx
@@ -0,0 +1,36 @@
+import { getMemberToken } from '../../_lib/api';
+import { DeleteAccountButton } from './DeleteAccountButton';
+import { MemberLogoutButton } from './MemberLogoutButton';
+
+export default async function MySettingsPage() {
+  const token = await getMemberToken();
+  if (!token) {
+    return (
+      <div className="max-w-2xl mx-auto mt-12 p-6 rounded-lg border border-yellow-200 bg-yellow-50">
+        <h1 className="text-lg font-semibold text-yellow-800">Sign in required</h1>
+        <p className="text-sm text-yellow-700">Complete onboarding to manage your account.</p>
+      </div>
+    );
+  }
+
+  return (
+    <div className="max-w-2xl mx-auto mt-12 p-6 flex flex-col gap-6">
+      <section className="rounded-xl border border-gray-200 bg-white p-5">
+        <h2 className="text-base font-semibold mb-2">Session</h2>
+        <p className="text-sm text-gray-600 mb-3">
+          Sign out of your member portal. Your consent records are kept until you delete your account.
+        </p>
+        <MemberLogoutButton />
+      </section>
+
+      <section className="rounded-xl border border-red-200 bg-red-50 p-5">
+        <h2 className="text-base font-semibold text-red-800 mb-2">Delete your account</h2>
+        <p className="text-sm text-red-700 mb-3">
+          This permanently deletes your TOWER user record, all consent records, opt-out history, and
+          sessions. The messages themselves stay in their original groups. This cannot be undone.
+        </p>
+        <DeleteAccountButton />
+      </section>
+    </div>
+  );
+}
diff --git a/apps/web/app/onboard/OnboardingForm.tsx b/apps/web/app/onboard/OnboardingForm.tsx
new file mode 100644
index 0000000..2481f8a
--- /dev/null
+++ b/apps/web/app/onboard/OnboardingForm.tsx
@@ -0,0 +1,163 @@
+'use client';
+
+import { useState } from 'react';
+
+interface Props {
+  token: string;
+  defaultScopes: string[];
+  defaultRetentionDays: number;
+}
+
+type Step = 'phone' | 'code' | 'done';
+
+export function OnboardingForm({ token, defaultScopes, defaultRetentionDays }: Props) {
+  const [step, setStep] = useState<Step>('phone');
+  const [phone, setPhone] = useState('');
+  const [challengeId, setChallengeId] = useState<string | null>(null);
+  const [code, setCode] = useState('');
+  const [retentionDays, setRetentionDays] = useState(defaultRetentionDays);
+  const [scopes, setScopes] = useState<string[]>(defaultScopes);
+  const [busy, setBusy] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+
+  async function requestOtp() {
+    setError(null);
+    setBusy(true);
+    try {
+      const res = await fetch(`${process.env['NEXT_PUBLIC_API_URL'] ?? 'http://localhost:3001'}/public/auth/request-otp`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+        body: JSON.stringify({ onboardingToken: token, phone }),
+      });
+      if (!res.ok) {
+        const body = (await res.json().catch(() => ({}))) as { message?: string };
+        setError(body.message ?? 'Failed to send code');
+        return;
+      }
+      const data = (await res.json()) as { challengeId: string };
+      setChallengeId(data.challengeId);
+      setStep('code');
+    } finally {
+      setBusy(false);
+    }
+  }
+
+  async function verifyOtp() {
+    setError(null);
+    setBusy(true);
+    try {
+      const res = await fetch('/api/onboard/verify-otp', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+        body: JSON.stringify({
+          onboardingToken: token,
+          challengeId,
+          phone,
+          code,
+          scopes,
+          retentionDays,
+        }),
+      });
+      if (!res.ok) {
+        const body = (await res.json().catch(() => ({}))) as { message?: string };
+        setError(body.message ?? 'Verification failed');
+        return;
+      }
+      setStep('done');
+    } finally {
+      setBusy(false);
+    }
+  }
+
+  if (step === 'done') {
+    return (
+      <div>
+        <p className="text-sm text-green-700 mb-4">You&apos;re verified. Your session is set.</p>
+        <a href="/my" className="inline-block px-4 py-2 bg-blue-600 text-white rounded text-sm">
+          Go to your portal →
+        </a>
+      </div>
+    );
+  }
+
+  if (step === 'phone') {
+    return (
+      <div className="space-y-3">
+        <label className="block text-sm">
+          <span className="font-medium">Your WhatsApp phone number</span>
+          <input
+            type="tel"
+            value={phone}
+            onChange={(e) => setPhone(e.target.value)}
+            placeholder="+1 234 567 8900"
+            className="mt-1 w-full border rounded px-3 py-2"
+          />
+        </label>
+        {error && <p className="text-sm text-red-600">{error}</p>}
+        <button
+          type="button"
+          onClick={requestOtp}
+          disabled={busy || phone.length < 6}
+          className="px-4 py-2 bg-blue-600 text-white rounded disabled:opacity-50"
+        >
+          Send verification code
+        </button>
+        <p className="text-xs text-gray-500">
+          We&apos;ll DM a 6-digit code to your WhatsApp.
+        </p>
+      </div>
+    );
+  }
+
+  return (
+    <div className="space-y-3">
+      <label className="block text-sm">
+        <span className="font-medium">Verification code</span>
+        <input
+          type="text"
+          inputMode="numeric"
+          pattern="[0-9]{6}"
+          value={code}
+          onChange={(e) => setCode(e.target.value)}
+          placeholder="123456"
+          className="mt-1 w-full border rounded px-3 py-2"
+        />
+      </label>
+      <fieldset className="text-sm">
+        <legend className="font-medium mb-1">Scopes</legend>
+        {['INGEST', 'ARCHIVE', 'REPLICATE', 'DISPLAY'].map((s) => (
+          <label key={s} className="block">
+            <input
+              type="checkbox"
+              checked={scopes.includes(s)}
+              onChange={(e) =>
+                setScopes((prev) => (e.target.checked ? [...prev, s] : prev.filter((x) => x !== s)))
+              }
+            />{' '}
+            {s}
+          </label>
+        ))}
+      </fieldset>
+      <label className="block text-sm">
+        <span className="font-medium">Retention (days)</span>
+        <input
+          type="number"
+          min={1}
+          max={3650}
+          value={retentionDays}
+          onChange={(e) => setRetentionDays(Number(e.target.value))}
+          className="mt-1 w-32 border rounded px-3 py-2"
+        />
+      </label>
+      {error && <p className="text-sm text-red-600">{error}</p>}
+      <button
+        type="button"
+        onClick={verifyOtp}
+        disabled={busy || code.length < 6}
+        className="px-4 py-2 bg-blue-600 text-white rounded disabled:opacity-50"
+      >
+        Verify and join
+      </button>
+    </div>
+  );
+}
diff --git a/apps/web/app/onboard/page.tsx b/apps/web/app/onboard/page.tsx
new file mode 100644
index 0000000..5003d1e
--- /dev/null
+++ b/apps/web/app/onboard/page.tsx
@@ -0,0 +1,66 @@
+import { OnboardingForm } from './OnboardingForm';
+
+interface PublicOnboardInfo {
+  groupName: string;
+  tenantName: string;
+  policyVersion: string;
+  defaultScopes: string[];
+  defaultRetentionDays: number;
+}
+
+export default async function OnboardPage({
+  searchParams,
+}: {
+  searchParams: Promise<{ token?: string }>;
+}) {
+  const { token } = await searchParams;
+  if (!token) {
+    return (
+      <div className="max-w-md mx-auto mt-12 p-6 rounded-lg border border-red-200 bg-red-50">
+        <h1 className="text-lg font-semibold text-red-800">Invalid link</h1>
+        <p className="text-sm text-red-700">This onboarding link is missing the token parameter.</p>
+      </div>
+    );
+  }
+
+  let info: PublicOnboardInfo | null = null;
+  let error: string | null = null;
+  try {
+    const res = await fetch(
+      `${process.env['API_URL'] ?? 'http://localhost:3001'}/public/onboard/${encodeURIComponent(token)}`,
+      { headers: { Accept: 'application/json' }, cache: 'no-store' },
+    );
+    if (res.ok) {
+      info = (await res.json()) as PublicOnboardInfo;
+    } else {
+      const body = (await res.json().catch(() => ({}))) as { message?: string };
+      error = body.message ?? `Onboarding link rejected (${res.status})`;
+    }
+  } catch (e) {
+    error = e instanceof Error ? e.message : 'Network error';
+  }
+
+  if (error || !info) {
+    return (
+      <div className="max-w-md mx-auto mt-12 p-6 rounded-lg border border-red-200 bg-red-50">
+        <h1 className="text-lg font-semibold text-red-800">Cannot start onboarding</h1>
+        <p className="text-sm text-red-700">{error ?? 'Unknown error'}</p>
+      </div>
+    );
+  }
+
+  return (
+    <div className="max-w-md mx-auto mt-12 p-6 rounded-lg border border-gray-200 bg-white">
+      <h1 className="text-xl font-semibold mb-2">Join {info.groupName}</h1>
+      <p className="text-sm text-gray-600 mb-1">Managed by {info.tenantName}</p>
+      <p className="text-xs text-gray-500 mb-4">
+        Policy version: {info.policyVersion} · Default retention: {info.defaultRetentionDays} days
+      </p>
+      <OnboardingForm
+        token={token}
+        defaultScopes={info.defaultScopes}
+        defaultRetentionDays={info.defaultRetentionDays}
+      />
+    </div>
+  );
+}
diff --git a/apps/web/app/search/page.tsx b/apps/web/app/search/page.tsx
index 8a5adaf..f126e12 100644
--- a/apps/web/app/search/page.tsx
+++ b/apps/web/app/search/page.tsx
@@ -1,3 +1,6 @@
+import Link from 'next/link';
+import { apiFetch } from '../_lib/api';
+
 interface MeiliHit {
   id: string;
   content: string;
@@ -52,20 +55,25 @@ export function SearchResults({
           </p>
           <ul className="flex flex-col gap-3">
             {hits.map((hit) => (
-              <li key={hit.id} className="rounded-xl border border-gray-200 bg-white p-4">
-                <p className="text-sm">{hit.content}</p>
-                <div className="mt-2 flex flex-wrap items-center gap-2 text-xs text-gray-400">
-                  <span>{hit.senderName}</span>
-                  <span>·</span>
-                  <span>{hit.sourceGroupName}</span>
-                  <span>·</span>
-                  <span>{new Date(hit.approvedAt).toLocaleDateString()}</span>
-                  {hit.tags.map((tag) => (
-                    <span key={tag} className="rounded-full bg-blue-50 px-2 py-0.5 text-blue-600">
-                      {tag}
-                    </span>
-                  ))}
-                </div>
+              <li key={hit.id}>
+                <Link
+                  href={`/messages/${hit.id}`}
+                  className="block rounded-xl border border-gray-200 bg-white p-4 hover:border-blue-300 hover:shadow-sm transition-colors"
+                >
+                  <p className="text-sm">{hit.content}</p>
+                  <div className="mt-2 flex flex-wrap items-center gap-2 text-xs text-gray-400">
+                    <span>{hit.senderName}</span>
+                    <span>·</span>
+                    <span>{hit.sourceGroupName}</span>
+                    <span>·</span>
+                    <span>{new Date(hit.approvedAt).toLocaleDateString()}</span>
+                    {hit.tags.map((tag) => (
+                      <span key={tag} className="rounded-full bg-blue-50 px-2 py-0.5 text-blue-600">
+                        {tag}
+                      </span>
+                    ))}
+                  </div>
+                </Link>
               </li>
             ))}
           </ul>
@@ -81,14 +89,10 @@ export default async function SearchPage({
   searchParams: Promise<{ q?: string; page?: string }>;
 }) {
   const { q = '', page = '1' } = await searchParams;
-  const apiUrl = process.env.API_URL ?? 'http://localhost:3001';
-  const url = new URL(`${apiUrl}/search`);
-  url.searchParams.set('q', q);
-  url.searchParams.set('page', page);
 
   let data: SearchResponse = { hits: [], total: 0, page: 1, limit: 20, query: q };
   try {
-    const res = await fetch(url, { cache: 'no-store' });
+    const res = await apiFetch(`/search?q=${encodeURIComponent(q)}&page=${page}`);
     if (res.ok) data = await res.json();
   } catch {
     // API unavailable — render empty results
diff --git a/apps/web/app/settings/bot/BotSettingsCard.tsx b/apps/web/app/settings/bot/BotSettingsCard.tsx
new file mode 100644
index 0000000..44986f3
--- /dev/null
+++ b/apps/web/app/settings/bot/BotSettingsCard.tsx
@@ -0,0 +1,87 @@
+'use client';
+
+import { useState } from 'react';
+
+type Status = 'ACTIVE' | 'DISCONNECTED' | 'BANNED' | 'PAIRING';
+
+interface BotSummary {
+  id: string;
+  jid: string | null;
+  displayName: string | null;
+  status: Status;
+}
+
+export function BotSettingsCard({ initial }: { initial: { bot: BotSummary | null; shared: boolean; sharedBotId?: string } }) {
+  const [bot, setBot] = useState<BotSummary | null>(initial.bot);
+  const [revealedJid, setRevealedJid] = useState<string | null>(null);
+  const [error, setError] = useState<string | null>(null);
+
+  async function onReveal() {
+    setError(null);
+    const res = await fetch('/api/bot/reveal', {
+      method: 'POST',
+      credentials: 'include',
+    });
+    if (res.ok) {
+      const data = (await res.json()) as { jid: string };
+      setRevealedJid(data.jid);
+    } else {
+      setError('Reveal failed');
+    }
+  }
+
+  if (!bot) {
+    return (
+      <div className="rounded-lg border border-gray-200 p-6 bg-white">
+        <h2 className="text-lg font-medium mb-2">Bot</h2>
+        <p className="text-sm text-gray-600">
+          No bot assigned yet. Contact your platform administrator to get one assigned.
+        </p>
+      </div>
+    );
+  }
+
+  return (
+    <div className="rounded-lg border border-gray-200 p-6 bg-white">
+      <div className="flex items-center justify-between mb-3">
+        <h2 className="text-lg font-medium">Bot</h2>
+        <span
+          className={`text-xs px-2 py-1 rounded ${
+            bot.status === 'ACTIVE'
+              ? 'bg-green-100 text-green-800'
+              : bot.status === 'PAIRING'
+                ? 'bg-yellow-100 text-yellow-800'
+                : 'bg-red-100 text-red-800'
+          }`}
+        >
+          {bot.status}
+        </span>
+      </div>
+      <dl className="text-sm space-y-1 mb-4">
+        <div>
+          <dt className="inline font-medium">Number: </dt>
+          <dd className="inline">
+            {revealedJid ?? (bot.jid ? '••••••••••' : '—')}
+            {!revealedJid && bot.status === 'ACTIVE' && (
+              <button
+                type="button"
+                onClick={onReveal}
+                className="ml-2 text-xs text-blue-600 underline"
+              >
+                Reveal
+              </button>
+            )}
+          </dd>
+        </div>
+        <div>
+          <dt className="inline font-medium">Display name: </dt>
+          <dd className="inline">{bot.displayName ?? '—'}</dd>
+        </div>
+      </dl>
+      <p className="text-xs text-gray-400">
+        Bot is assigned by the platform administrator. Contact support to change or remove it.
+      </p>
+      {error && <p className="text-sm text-red-600 mt-2">{error}</p>}
+    </div>
+  );
+}
diff --git a/apps/web/app/settings/bot/page.tsx b/apps/web/app/settings/bot/page.tsx
new file mode 100644
index 0000000..a384605
--- /dev/null
+++ b/apps/web/app/settings/bot/page.tsx
@@ -0,0 +1,41 @@
+import { BotSettingsCard } from './BotSettingsCard';
+import { apiFetch } from '../../_lib/api';
+
+interface BotSummary {
+  id: string;
+  platform: string;
+  jid: string | null;
+  displayName: string | null;
+  status: 'ACTIVE' | 'DISCONNECTED' | 'BANNED' | 'PAIRING';
+  isBot: boolean;
+  createdAt: string;
+  updatedAt: string;
+}
+
+interface BotState {
+  bot: BotSummary | null;
+  shared: boolean;
+}
+
+export default async function BotSettingsPage() {
+  let state: BotState = { bot: null, shared: false };
+  try {
+    const res = await apiFetch('/admin/bot');
+    if (res.ok) {
+      state = (await res.json()) as BotState;
+    }
+  } catch {
+    state = { bot: null, shared: false };
+  }
+
+  return (
+    <div className="max-w-2xl">
+      <h1 className="text-xl font-semibold mb-6">Bot Settings</h1>
+      <p className="text-sm text-gray-600 mb-4">
+        TOWER runs on a dedicated WhatsApp number. Adding the bot to a group makes it eligible for
+        claim by any tenant admin. The bot number is hidden from members and the public web.
+      </p>
+      <BotSettingsCard initial={state} />
+    </div>
+  );
+}
diff --git a/apps/web/app/settings/rules/RuleManager.tsx b/apps/web/app/settings/rules/RuleManager.tsx
new file mode 100644
index 0000000..08abac9
--- /dev/null
+++ b/apps/web/app/settings/rules/RuleManager.tsx
@@ -0,0 +1,189 @@
+'use client';
+
+import { useState } from 'react';
+
+interface RuleData {
+  id: string;
+  matchType: 'HASHTAG' | 'PREFIX' | 'REACTION_EMOJI';
+  matchValue: string;
+  action: 'FLAG' | 'AUTO_APPROVE' | 'SKIP' | 'REJECT';
+  priority: number;
+  isActive: boolean;
+  createdAt: string;
+  updatedAt: string;
+}
+
+const MATCH_TYPE_LABELS: Record<string, string> = {
+  HASHTAG: 'Hashtag',
+  PREFIX: 'Prefix',
+  REACTION_EMOJI: 'Reaction Emoji',
+};
+
+const ACTION_LABELS: Record<string, string> = {
+  FLAG: 'Flag (Pending)',
+  AUTO_APPROVE: 'Auto-approve',
+  SKIP: 'Skip (Silent Drop)',
+  REJECT: 'Reject (Visible)',
+};
+
+export function RuleManager({ initial }: { initial: RuleData[] }) {
+  const [rules, setRules] = useState<RuleData[]>(initial);
+  const [matchType, setMatchType] = useState<'HASHTAG' | 'PREFIX' | 'REACTION_EMOJI'>('HASHTAG');
+  const [matchValue, setMatchValue] = useState('');
+  const [action, setAction] = useState<'FLAG' | 'AUTO_APPROVE' | 'SKIP' | 'REJECT'>('FLAG');
+  const [priority, setPriority] = useState(0);
+  const [busy, setBusy] = useState(false);
+  const [error, setError] = useState('');
+
+  async function addRule() {
+    if (!matchValue.trim()) return;
+    setBusy(true);
+    setError('');
+    try {
+      const res = await fetch('/api/rules', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ matchType, matchValue: matchValue.trim(), action, priority }),
+      });
+      if (!res.ok) {
+        const err = await res.json().catch(() => ({ message: 'Failed to create rule' }));
+        setError(err.message ?? 'Failed to create rule');
+        return;
+      }
+      const created: RuleData = await res.json();
+      setRules((prev) => [...prev, created].sort((a, b) => a.priority - b.priority));
+      setMatchValue('');
+      setAction('FLAG');
+      setPriority(0);
+    } finally {
+      setBusy(false);
+    }
+  }
+
+  async function toggleRule(rule: RuleData) {
+    const res = await fetch(`/api/rules/${rule.id}`, {
+      method: 'PUT',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ isActive: !rule.isActive }),
+    });
+    if (res.ok) {
+      const updated: RuleData = await res.json();
+      setRules((prev) => prev.map((r) => (r.id === rule.id ? updated : r)));
+    }
+  }
+
+  async function deleteRule(id: string) {
+    const res = await fetch(`/api/rules/${id}`, { method: 'DELETE' });
+    if (res.ok) setRules((prev) => prev.filter((r) => r.id !== id));
+  }
+
+  return (
+    <div className="flex flex-col gap-6">
+      <section className="border border-gray-200 rounded-lg p-4">
+        <h2 className="text-base font-semibold mb-3">Add Rule</h2>
+        <div className="flex flex-wrap items-end gap-3">
+          <div className="flex flex-col gap-1">
+            <label className="text-xs text-gray-500">Type</label>
+            <select
+              value={matchType}
+              onChange={(e) => setMatchType(e.target.value as any)}
+              className="border border-gray-300 rounded px-3 py-2 text-sm"
+            >
+              <option value="HASHTAG">Hashtag</option>
+              <option value="PREFIX">Prefix</option>
+              <option value="REACTION_EMOJI">Reaction Emoji</option>
+            </select>
+          </div>
+          <div className="flex flex-col gap-1">
+            <label className="text-xs text-gray-500">Value</label>
+            <input
+              value={matchValue}
+              onChange={(e) => setMatchValue(e.target.value)}
+              placeholder={matchType === 'REACTION_EMOJI' ? '⭐' : '#important'}
+              className="border border-gray-300 rounded px-3 py-2 text-sm w-40"
+            />
+          </div>
+          <div className="flex flex-col gap-1">
+            <label className="text-xs text-gray-500">Action</label>
+            <select
+              value={action}
+              onChange={(e) => setAction(e.target.value as any)}
+              className="border border-gray-300 rounded px-3 py-2 text-sm"
+            >
+              <option value="FLAG">Flag (Pending)</option>
+              <option value="AUTO_APPROVE">Auto-approve</option>
+              <option value="SKIP">Skip (Silent Drop)</option>
+              <option value="REJECT">Reject (Visible)</option>
+            </select>
+          </div>
+          <div className="flex flex-col gap-1">
+            <label className="text-xs text-gray-500">Priority</label>
+            <input
+              type="number"
+              value={priority}
+              onChange={(e) => setPriority(Number(e.target.value))}
+              className="border border-gray-300 rounded px-3 py-2 text-sm w-20"
+            />
+          </div>
+          <button
+            type="button"
+            onClick={() => void addRule()}
+            disabled={busy || !matchValue.trim()}
+            className="bg-blue-600 text-white rounded px-4 py-2 text-sm hover:bg-blue-700 disabled:opacity-40"
+          >
+            {busy ? 'Adding...' : 'Add Rule'}
+          </button>
+        </div>
+        {error && <p className="text-red-600 text-sm mt-2">{error}</p>}
+      </section>
+
+      <section>
+        <h2 className="text-base font-semibold mb-3">Active Rules</h2>
+        {rules.length === 0 ? (
+          <p className="text-sm text-gray-400">No rules configured. Messages without matching rules are ignored.</p>
+        ) : (
+          <table className="w-full text-sm">
+            <thead>
+              <tr className="border-b border-gray-200 text-left text-gray-500">
+                <th className="pb-2 pr-3">Type</th>
+                <th className="pb-2 pr-3">Value</th>
+                <th className="pb-2 pr-3">Action</th>
+                <th className="pb-2 pr-3">Priority</th>
+                <th className="pb-2 pr-3">Active</th>
+                <th className="pb-2" />
+              </tr>
+            </thead>
+            <tbody>
+              {rules.map((rule) => (
+                <tr key={rule.id} className="border-b border-gray-100">
+                  <td className="py-2 pr-3">{MATCH_TYPE_LABELS[rule.matchType] ?? rule.matchType}</td>
+                  <td className="py-2 pr-3 font-mono">{rule.matchValue}</td>
+                  <td className="py-2 pr-3">{ACTION_LABELS[rule.action] ?? rule.action}</td>
+                  <td className="py-2 pr-3">{rule.priority}</td>
+                  <td className="py-2 pr-3">
+                    <button
+                      type="button"
+                      onClick={() => void toggleRule(rule)}
+                      className={`text-xs rounded px-2 py-0.5 ${rule.isActive ? 'bg-green-100 text-green-800' : 'bg-gray-100 text-gray-500'}`}
+                    >
+                      {rule.isActive ? 'ON' : 'OFF'}
+                    </button>
+                  </td>
+                  <td className="py-2">
+                    <button
+                      type="button"
+                      onClick={() => void deleteRule(rule.id)}
+                      className="text-red-600 hover:text-red-800 text-xs"
+                    >
+                      Delete
+                    </button>
+                  </td>
+                </tr>
+              ))}
+            </tbody>
+          </table>
+        )}
+      </section>
+    </div>
+  );
+}
diff --git a/apps/web/app/settings/rules/page.tsx b/apps/web/app/settings/rules/page.tsx
new file mode 100644
index 0000000..ab309b4
--- /dev/null
+++ b/apps/web/app/settings/rules/page.tsx
@@ -0,0 +1,36 @@
+import { RuleManager } from './RuleManager';
+import { apiFetch } from '../../_lib/api';
+
+interface RuleData {
+  id: string;
+  matchType: 'HASHTAG' | 'PREFIX' | 'REACTION_EMOJI';
+  matchValue: string;
+  action: 'FLAG' | 'AUTO_APPROVE' | 'SKIP' | 'REJECT';
+  priority: number;
+  isActive: boolean;
+  createdAt: string;
+  updatedAt: string;
+}
+
+export default async function RulesSettingsPage() {
+  let rules: RuleData[] = [];
+  try {
+    const res = await apiFetch('/admin/rules');
+    if (res.ok) {
+      rules = (await res.json()) as RuleData[];
+    }
+  } catch {
+    rules = [];
+  }
+
+  return (
+    <div className="max-w-2xl">
+      <h1 className="text-xl font-semibold mb-6">Rules Engine</h1>
+      <p className="text-sm text-gray-600 mb-4">
+        Configure which hashtags, prefixes, and reaction emojis trigger message processing
+        and what action TOWER should take. Rules are matched in priority order.
+      </p>
+      <RuleManager initial={rules} />
+    </div>
+  );
+}
diff --git a/apps/web/app/signup/SignupForm.tsx b/apps/web/app/signup/SignupForm.tsx
new file mode 100644
index 0000000..fba7489
--- /dev/null
+++ b/apps/web/app/signup/SignupForm.tsx
@@ -0,0 +1,142 @@
+'use client';
+
+import { useRouter } from 'next/navigation';
+import { useState } from 'react';
+import { useAuth } from '../_lib/auth-context';
+
+function slugify(input: string): string {
+  return input
+    .toLowerCase()
+    .trim()
+    .replace(/[^a-z0-9]+/g, '-')
+    .replace(/^-+|-+$/g, '')
+    .slice(0, 40);
+}
+
+export function SignupForm({ redirect }: { redirect?: string }) {
+  const router = useRouter();
+  const { refresh } = useAuth();
+  const [tenantName, setTenantName] = useState('');
+  const [tenantSlug, setTenantSlug] = useState('');
+  const [slugTouched, setSlugTouched] = useState(false);
+  const [email, setEmail] = useState('');
+  const [password, setPassword] = useState('');
+  const [confirmPassword, setConfirmPassword] = useState('');
+  const [submitting, setSubmitting] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+
+  const computedSlug = slugify(tenantName);
+  const effectiveSlug = slugTouched ? tenantSlug : computedSlug;
+
+  async function onSubmit(e: React.FormEvent) {
+    e.preventDefault();
+    setError(null);
+    if (password !== confirmPassword) {
+      setError('Passwords do not match');
+      return;
+    }
+    if (effectiveSlug.length < 2) {
+      setError('Tenant name must produce a valid slug (lowercase letters, digits, dashes)');
+      return;
+    }
+    setSubmitting(true);
+    try {
+      const res = await fetch('/api/auth/signup', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ tenantName, tenantSlug: effectiveSlug, email, password }),
+        credentials: 'include',
+      });
+      if (!res.ok) {
+        const data = (await res.json().catch(() => ({}))) as { message?: string };
+        const messages = Array.isArray((data as { message?: unknown }).message)
+          ? ((data as unknown as { message: string[] }).message.join(', '))
+          : data.message;
+        setError(messages ?? 'Signup failed');
+        return;
+      }
+      await refresh();
+      router.push(redirect || '/');
+    } finally {
+      setSubmitting(false);
+    }
+  }
+
+  return (
+    <form onSubmit={onSubmit} className="space-y-3">
+      <label className="block text-sm">
+        <span className="font-medium">Community / organization name</span>
+        <input
+          type="text"
+          value={tenantName}
+          onChange={(e) => setTenantName(e.target.value)}
+          placeholder="Delhi Traders"
+          required
+          className="mt-1 w-full border rounded px-3 py-2"
+        />
+      </label>
+      <label className="block text-sm">
+        <span className="font-medium">URL slug</span>
+        <input
+          type="text"
+          value={effectiveSlug}
+          onChange={(e) => {
+            setSlugTouched(true);
+            setTenantSlug(slugify(e.target.value));
+          }}
+          placeholder="delhi"
+          required
+          className="mt-1 w-full border rounded px-3 py-2 font-mono text-sm"
+        />
+        <span className="block text-xs text-gray-500 mt-1">
+          Lowercase letters, digits, dashes. 2–40 chars.
+        </span>
+      </label>
+      <label className="block text-sm">
+        <span className="font-medium">Your email</span>
+        <input
+          type="email"
+          value={email}
+          onChange={(e) => setEmail(e.target.value)}
+          placeholder="you@example.com"
+          required
+          className="mt-1 w-full border rounded px-3 py-2"
+        />
+      </label>
+      <label className="block text-sm">
+        <span className="font-medium">Password</span>
+        <input
+          type="password"
+          value={password}
+          onChange={(e) => setPassword(e.target.value)}
+          placeholder="At least 8 characters"
+          minLength={8}
+          required
+          className="mt-1 w-full border rounded px-3 py-2"
+        />
+      </label>
+      <label className="block text-sm">
+        <span className="font-medium">Confirm password</span>
+        <input
+          type="password"
+          value={confirmPassword}
+          onChange={(e) => setConfirmPassword(e.target.value)}
+          minLength={8}
+          required
+          className="mt-1 w-full border rounded px-3 py-2"
+        />
+      </label>
+      {error && <p className="text-sm text-red-600">{error}</p>}
+      <button
+        type="submit"
+        disabled={submitting}
+        className="w-full px-4 py-2 bg-blue-600 text-white rounded disabled:opacity-50"
+      >
+        {submitting ? 'Creating account…' : 'Create community'}
+      </button>
+      <p className="text-xs text-gray-500 text-center">
+        You&apos;ll be the first OWNER. You can invite others from settings later.
+      </p>
+    </form>
+  );
+}
diff --git a/apps/web/app/signup/page.tsx b/apps/web/app/signup/page.tsx
new file mode 100644
index 0000000..bcab566
--- /dev/null
+++ b/apps/web/app/signup/page.tsx
@@ -0,0 +1,24 @@
+import { SignupForm } from './SignupForm';
+
+export default async function SignupPage({
+  searchParams,
+}: {
+  searchParams: Promise<{ redirect?: string }>;
+}) {
+  const { redirect } = await searchParams;
+  return (
+    <div className="min-h-screen flex items-center justify-center bg-gray-50 p-4">
+      <div className="w-full max-w-md bg-white rounded shadow p-6">
+        <h1 className="text-xl font-semibold mb-1">Create your TOWER community</h1>
+        <p className="text-sm text-gray-500 mb-6">
+          Already have an account?{' '}
+          <a href="/login" className="text-blue-600 hover:underline">
+            Sign in
+          </a>
+          .
+        </p>
+        <SignupForm redirect={redirect} />
+      </div>
+    </div>
+  );
+}
diff --git a/apps/web/next-env.d.ts b/apps/web/next-env.d.ts
index c4b7818..9edff1c 100644
--- a/apps/web/next-env.d.ts
+++ b/apps/web/next-env.d.ts
@@ -1,6 +1,6 @@
 /// <reference types="next" />
 /// <reference types="next/image-types/global" />
-import "./.next/dev/types/routes.d.ts";
+import "./.next/types/routes.d.ts";
 
 // NOTE: This file should not be edited
 // see https://nextjs.org/docs/app/api-reference/config/typescript for more information.
diff --git a/apps/web/tsconfig.tsbuildinfo b/apps/web/tsconfig.tsbuildinfo
new file mode 100644
index 0000000..f0498b8
--- /dev/null
+++ b/apps/web/tsconfig.tsbuildinfo
@@ -0,0 +1 @@
+{"fileNames":["../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es5.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2015.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2016.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2017.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2018.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2019.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2020.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2021.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2022.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2023.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2024.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.esnext.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.dom.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.dom.iterable.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2015.core.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2015.collection.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2015.generator.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2015.iterable.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2015.promise.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2015.proxy.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2015.reflect.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2015.symbol.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2015.symbol.wellknown.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2016.array.include.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2016.intl.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2017.arraybuffer.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2017.date.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2017.object.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2017.sharedmemory.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2017.string.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2017.intl.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2017.typedarrays.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2018.asyncgenerator.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2018.asynciterable.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2018.intl.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2018.promise.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2018.regexp.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2019.array.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2019.object.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2019.string.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2019.symbol.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2019.intl.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2020.bigint.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2020.date.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2020.promise.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2020.sharedmemory.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2020.string.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2020.symbol.wellknown.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2020.intl.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2020.number.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2021.promise.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2021.string.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2021.weakref.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2021.intl.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2022.array.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2022.error.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2022.intl.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2022.object.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2022.string.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2022.regexp.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2023.array.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2023.collection.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2023.intl.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2024.arraybuffer.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2024.collection.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2024.object.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2024.promise.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2024.regexp.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2024.sharedmemory.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.es2024.string.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.esnext.array.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.esnext.collection.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.esnext.intl.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.esnext.disposable.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.esnext.promise.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.esnext.decorators.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.esnext.iterator.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.esnext.float16.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.esnext.error.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.esnext.sharedmemory.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.decorators.d.ts","../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.decorators.legacy.d.ts","../../node_modules/.pnpm/@types+react@19.2.15/node_modules/@types/react/global.d.ts","../../node_modules/.pnpm/csstype@3.2.3/node_modules/csstype/index.d.ts","../../node_modules/.pnpm/@types+react@19.2.15/node_modules/@types/react/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/styled-jsx/types/css.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/styled-jsx/types/macro.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/styled-jsx/types/style.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/styled-jsx/types/global.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/styled-jsx/types/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/get-page-files.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/compatibility/disposable.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/compatibility/indexable.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/compatibility/iterators.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/compatibility/index.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/globals.typedarray.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/buffer.buffer.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/globals.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/web-globals/abortcontroller.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/web-globals/domexception.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/web-globals/events.d.ts","../../node_modules/.pnpm/buffer@6.0.3/node_modules/buffer/index.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/header.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/readable.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/file.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/fetch.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/formdata.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/connector.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/client.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/errors.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/dispatcher.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/global-dispatcher.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/global-origin.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/pool-stats.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/pool.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/handlers.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/balanced-pool.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/agent.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/mock-interceptor.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/mock-agent.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/mock-client.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/mock-pool.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/mock-errors.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/proxy-agent.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/env-http-proxy-agent.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/retry-handler.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/retry-agent.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/api.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/interceptors.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/util.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/cookies.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/patch.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/websocket.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/eventsource.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/filereader.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/diagnostics-channel.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/content-type.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/cache.d.ts","../../node_modules/.pnpm/undici-types@6.21.0/node_modules/undici-types/index.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/web-globals/fetch.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/web-globals/navigator.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/web-globals/storage.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/assert.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/assert/strict.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/async_hooks.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/buffer.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/child_process.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/cluster.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/console.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/constants.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/crypto.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/dgram.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/diagnostics_channel.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/dns.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/dns/promises.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/domain.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/events.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/fs.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/fs/promises.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/http.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/http2.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/https.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/inspector.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/inspector.generated.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/module.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/net.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/os.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/path.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/perf_hooks.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/process.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/punycode.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/querystring.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/readline.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/readline/promises.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/repl.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/sea.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/sqlite.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/stream.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/stream/promises.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/stream/consumers.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/stream/web.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/string_decoder.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/test.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/timers.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/timers/promises.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/tls.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/trace_events.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/tty.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/url.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/util.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/v8.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/vm.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/wasi.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/worker_threads.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/zlib.d.ts","../../node_modules/.pnpm/@types+node@22.19.19/node_modules/@types/node/index.d.ts","../../node_modules/.pnpm/@types+react@19.2.15/node_modules/@types/react/canary.d.ts","../../node_modules/.pnpm/@types+react@19.2.15/node_modules/@types/react/experimental.d.ts","../../node_modules/.pnpm/@types+react-dom@19.2.3_@types+react@19.2.15/node_modules/@types/react-dom/index.d.ts","../../node_modules/.pnpm/@types+react-dom@19.2.3_@types+react@19.2.15/node_modules/@types/react-dom/canary.d.ts","../../node_modules/.pnpm/@types+react-dom@19.2.3_@types+react@19.2.15/node_modules/@types/react-dom/experimental.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/fallback.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/compiled/webpack/webpack.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/modern-browserslist-target.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/entry-constants.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/constants.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/bundler.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/config.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/load-custom-routes.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/image-config.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/webpack/plugins/subresource-integrity-plugin.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/body-streams.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/request/search-params.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/segment-cache/vary-params-decoding.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/vary-params.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/request/params.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-kind.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-definitions/route-definition.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-matches/route-match.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/app-router-headers.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/cache-control.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/app-router-types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/cache-handlers/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/use-cache/use-cache-wrapper.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/resume-data-cache/cache-store.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/resume-data-cache/resume-data-cache.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/constants.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/render-result.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/response-cache/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/response-cache/index.d.ts","../../node_modules/.pnpm/@types+react@19.2.15/node_modules/@types/react/jsx-runtime.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/next-devtools/userspace/pages/pages-dev-overlay-setup.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/static-paths/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-definitions/app-page-route-definition.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/adapter/setup-node-env.external.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/instrumentation/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/setup-exception-listeners.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/worker.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/experimental/ppr.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/page-types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/segment-config/app/app-segment-config.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/segment-config/pages/pages-segment-config.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/analysis/get-page-static-info.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/webpack/loaders/get-module-build-info.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/webpack/plugins/middleware-plugin.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/require-hook.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/node-polyfill-crypto.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/node-environment-baseline.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/node-environment-extensions/error-inspect.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/node-environment-extensions/console-file.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/node-environment-extensions/console-exit.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/node-environment-extensions/console-dim.external.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/node-environment-extensions/unhandled-rejection.external.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/node-environment-extensions/random.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/node-environment-extensions/date.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/node-environment-extensions/web-crypto.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/node-environment-extensions/node-crypto.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/node-environment-extensions/fast-set-immediate.external.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/node-environment.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/page-extensions-type.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/app-page/module.compiled.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-definitions/app-route-route-definition.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/i18n-provider.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/next-url.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/compiled/@edge-runtime/cookies/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/spec-extension/cookies.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/spec-extension/request.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/deep-readonly.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/incremental-cache/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/router/utils/middleware-route-matcher.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/webpack/plugins/flight-manifest-plugin.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/webpack/plugins/next-font-manifest-plugin.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-definitions/locale-route-definition.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-definitions/pages-route-definition.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/mitt.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/with-router.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/router.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/route-loader.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/page-loader.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/bloom-filter.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/router/router.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/router-context.shared-runtime.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/loadable-context.shared-runtime.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/loadable.shared-runtime.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/image-config-context.shared-runtime.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/readonly-url-search-params.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/hooks-client-context.shared-runtime.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/head-manager-context.shared-runtime.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/flight-data-helpers.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/segment-cache/cache-key.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/router-reducer/fetch-server-response.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/segment-cache/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/segment-cache/segment-value-encoding.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/segment-cache/scheduler.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/segment-cache/cache-map.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/segment-cache/vary-path.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/segment-cache/cache.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/router-reducer/ppr-navigations.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/segment-cache/navigation.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/router-reducer/router-reducer-types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/app-router-context.shared-runtime.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/server-inserted-html.shared-runtime.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/pages/vendored/contexts/entrypoints.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/pages/module.compiled.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/templates/pages.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/pages/module.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/render.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/webpack/plugins/pages-manifest-plugin.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-definitions/pages-api-route-definition.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-matches/pages-api-route-match.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-matchers/route-matcher.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-matcher-providers/route-matcher-provider.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-matcher-managers/route-matcher-manager.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/normalizers/normalizer.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/normalizers/locale-route-normalizer.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/normalizers/request/pathname-normalizer.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/normalizers/request/suffix.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/normalizers/request/rsc.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/normalizers/request/next-data.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/after/builtin-request-context.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/normalizers/request/segment-prefix-rsc.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/pages/builtin/_error.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/load-default-error-components.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/base-server.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/after/after.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/after/after-context.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/use-cache/cache-life.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/work-async-storage-instance.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/lazy-result.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/create-error-handler.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/action-revalidation-kind.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/work-async-storage.external.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/async-storage/work-store.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/http.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/hooks-server-context.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/app-route/shared-modules.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/redirect-status-code.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/redirect-error.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/spec-extension/adapters/request-cookies.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/async-storage/draft-mode-provider.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/spec-extension/adapters/headers.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/cache-signal.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/instant-validation/boundary-tracking.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/instant-validation/instant-validation-error.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/router/utils/parse-relative-url.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/instant-validation/instant-samples.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/dynamic-rendering.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/work-unit-async-storage-instance.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/implicit-tags.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/staged-rendering.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/work-unit-async-storage.external.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/templates/app-route.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/action-async-storage-instance.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/action-async-storage.external.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/app-route/module.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/app-route/module.compiled.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/segment-config/app/app-segments.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/get-supported-browsers.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/utils.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/rendering-mode.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/router-utils/build-prefetch-segment-data-route.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/cpu-profile.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/turborepo-access-trace/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/turborepo-access-trace/result.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/turborepo-access-trace/helpers.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/turborepo-access-trace/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/export/routes/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/export/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/export/worker.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/worker.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/coalesced-function.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/router-utils/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/trace/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/trace/trace.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/trace/shared.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/trace/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/load-jsconfig.d.ts","../../node_modules/.pnpm/@next+env@16.2.6/node_modules/@next/env/dist/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/webpack/plugins/telemetry-plugin/use-cache-tracker-utils.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/webpack/plugins/telemetry-plugin/telemetry-plugin.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/telemetry/storage.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/build-context.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/webpack-config.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/swc/generated-native.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/define-env.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/swc/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/swc/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/dev/parse-version-info.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/next-devtools/shared/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/dev/dev-indicator-server-state.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/next-devtools/dev-overlay/cache-indicator.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/parse-stack.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/next-devtools/server/shared.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/next-devtools/shared/stack-frame.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/next-devtools/dev-overlay/utils/get-error-by-type.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/next-devtools/dev-overlay/container/runtime-error/render-error.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/next-devtools/dev-overlay/shared.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/dev/debug-channel.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/dev/hot-reloader-types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/spec-extension/fetch-event.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/spec-extension/response.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/segment-config/middleware/middleware-config.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/router/utils/parse-url.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/base-http/node.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/async-callback-set.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/router/utils/route-regex.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/router/utils/route-matcher.d.ts","../../node_modules/.pnpm/sharp@0.34.5/node_modules/sharp/lib/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/image-optimizer.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/next-server.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/lru-cache.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/dev-bundler-service.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/dev/static-paths-worker.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/dev/next-dev-server.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/next.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/render-server.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/router-server.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/router/utils/path-match.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/router-utils/filesystem.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/router-utils/setup-dev-bundler.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/router-utils/router-server-context.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/route-module.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/load-components.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/adapter.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/webpack/loaders/metadata/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/webpack/loaders/next-app-loader/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/lib/app-dir-module.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/app-render.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/app-page/vendored/contexts/entrypoints.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/error-boundary.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/layout-router.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/render-from-template-context.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/client-page.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/client-segment.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/http-access-fallback/error-boundary.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/metadata/types/alternative-urls-types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/metadata/types/extra-types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/metadata/types/metadata-types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/metadata/types/manifest-types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/metadata/types/opengraph-types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/metadata/types/twitter-types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/metadata/types/metadata-interface.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/metadata/types/resolvers.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/metadata/types/icons.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/metadata/resolve-metadata.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/metadata/metadata.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/lib/framework/boundary-components.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/rsc/preloads.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/rsc/postpone.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/rsc/taint.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/collect-segment-data.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/instant-validation/instant-validation.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/next-devtools/userspace/app/segment-explorer-node.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/app-render/entry-base.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/templates/app-page.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/app-page/helpers/prerender-manifest-matcher.d.ts","../../node_modules/.pnpm/@types+react@19.2.15/node_modules/@types/react/jsx-dev-runtime.d.ts","../../node_modules/.pnpm/@types+react@19.2.15/node_modules/@types/react/compiler-runtime.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/app-page/vendored/rsc/entrypoints.d.ts","../../node_modules/.pnpm/@types+react-dom@19.2.3_@types+react@19.2.15/node_modules/@types/react-dom/client.d.ts","../../node_modules/.pnpm/@types+react-dom@19.2.3_@types+react@19.2.15/node_modules/@types/react-dom/static.d.ts","../../node_modules/.pnpm/@types+react-dom@19.2.3_@types+react@19.2.15/node_modules/@types/react-dom/server.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/app-page/vendored/ssr/entrypoints.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/route-modules/app-page/module.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/request/fallback-params.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/spec-extension/image-response.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/spec-extension/user-agent.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/spec-extension/url-pattern.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/after/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/request/connection.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/exports/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/request-meta.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/cli/next-test.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/size-limit.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/config-shared.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/base-http/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/api-utils/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/build/adapter/build-complete.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/html-context.shared-runtime.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/utils.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/pages/_app.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/app.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/spec-extension/unstable-cache.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/spec-extension/revalidate.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/web/spec-extension/unstable-no-store.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/use-cache/cache-tag.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/cache.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/pages/_document.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/document.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/dynamic.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dynamic.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/pages/_error.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/catch-error.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/api/error.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/error.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/head.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/head.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/request/cookies.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/request/headers.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/server/request/draft-mode.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/headers.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/get-img-props.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/image-component.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/shared/lib/image-external.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/image.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/link.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/link.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/unrecognized-action-error.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/redirect.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/not-found.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/forbidden.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/unauthorized.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/unstable-rethrow.server.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/unstable-rethrow.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/navigation.react-server.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/components/navigation.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/navigation.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/router.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/client/script.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/script.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/compiled/@edge-runtime/primitives/url.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/compiled/@vercel/og/satori/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/dist/compiled/@vercel/og/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/server.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/types/global.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/types/compiled.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/types.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/index.d.ts","../../node_modules/.pnpm/next@16.2.6_@babel+core@7.29.7_react-dom@19.2.6_react@19.2.6__react@19.2.6/node_modules/next/image-types/global.d.ts","./.next/dev/types/routes.d.ts","./next-env.d.ts","../../node_modules/.pnpm/@types+yargs-parser@21.0.3/node_modules/@types/yargs-parser/index.d.ts","../../node_modules/.pnpm/@types+yargs@17.0.35/node_modules/@types/yargs/index.d.ts","../../node_modules/.pnpm/@types+yargs@17.0.35/node_modules/@types/yargs/index.d.mts","../../node_modules/.pnpm/@types+istanbul-lib-coverage@2.0.6/node_modules/@types/istanbul-lib-coverage/index.d.ts","../../node_modules/.pnpm/chalk@4.1.2/node_modules/chalk/index.d.ts","../../node_modules/.pnpm/@types+istanbul-lib-report@3.0.3/node_modules/@types/istanbul-lib-report/index.d.ts","../../node_modules/.pnpm/@types+istanbul-reports@3.0.4/node_modules/@types/istanbul-reports/index.d.ts","../../node_modules/.pnpm/@sinclair+typebox@0.27.10/node_modules/@sinclair/typebox/typebox.d.ts","../../node_modules/.pnpm/@jest+schemas@29.6.3/node_modules/@jest/schemas/build/index.d.ts","../../node_modules/.pnpm/@jest+types@29.6.3/node_modules/@jest/types/build/index.d.ts","../../node_modules/.pnpm/@types+stack-utils@2.0.3/node_modules/@types/stack-utils/index.d.ts","../../node_modules/.pnpm/jest-message-util@29.7.0/node_modules/jest-message-util/build/index.d.ts","../../node_modules/.pnpm/@jest+console@29.7.0/node_modules/@jest/console/build/index.d.ts","../../node_modules/.pnpm/@types+graceful-fs@4.1.9/node_modules/@types/graceful-fs/index.d.ts","../../node_modules/.pnpm/jest-haste-map@29.7.0/node_modules/jest-haste-map/build/index.d.ts","../../node_modules/.pnpm/jest-resolve@29.7.0/node_modules/jest-resolve/build/index.d.ts","../../node_modules/.pnpm/collect-v8-coverage@1.0.3/node_modules/collect-v8-coverage/index.d.ts","../../node_modules/.pnpm/@jest+test-result@29.7.0/node_modules/@jest/test-result/build/index.d.ts","../../node_modules/.pnpm/@jest+reporters@29.7.0/node_modules/@jest/reporters/build/index.d.ts","../../node_modules/.pnpm/jest-changed-files@29.7.0/node_modules/jest-changed-files/build/index.d.ts","../../node_modules/.pnpm/emittery@0.13.1/node_modules/emittery/index.d.ts","../../node_modules/.pnpm/jest-watcher@29.7.0/node_modules/jest-watcher/build/index.d.ts","../../node_modules/.pnpm/jest-runner@29.7.0/node_modules/jest-runner/build/index.d.ts","../../node_modules/.pnpm/@jest+core@29.7.0_ts-node@10.9.2_@types+node@22.19.19_typescript@5.9.3_/node_modules/@jest/core/build/index.d.ts","../../node_modules/.pnpm/jest-cli@29.7.0_@types+node@22.19.19_ts-node@10.9.2_@types+node@22.19.19_typescript@5.9.3_/node_modules/jest-cli/build/index.d.ts","../../node_modules/.pnpm/jest@29.7.0_@types+node@22.19.19_ts-node@10.9.2_@types+node@22.19.19_typescript@5.9.3_/node_modules/jest/build/index.d.ts","../../node_modules/.pnpm/@types+aria-query@5.0.4/node_modules/@types/aria-query/index.d.ts","../../node_modules/.pnpm/@testing-library+jest-dom@6.9.1/node_modules/@testing-library/jest-dom/types/matchers.d.ts","../../node_modules/.pnpm/@testing-library+jest-dom@6.9.1/node_modules/@testing-library/jest-dom/types/jest.d.ts","../../node_modules/.pnpm/@testing-library+jest-dom@6.9.1/node_modules/@testing-library/jest-dom/types/index.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/matches.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/wait-for.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/query-helpers.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/queries.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/get-queries-for-element.d.ts","../../node_modules/.pnpm/pretty-format@27.5.1/node_modules/pretty-format/build/types.d.ts","../../node_modules/.pnpm/pretty-format@27.5.1/node_modules/pretty-format/build/index.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/screen.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/wait-for-element-to-be-removed.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/get-node-text.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/events.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/pretty-dom.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/role-helpers.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/config.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/suggestions.d.ts","../../node_modules/.pnpm/@testing-library+dom@10.4.1/node_modules/@testing-library/dom/types/index.d.ts","../../node_modules/.pnpm/@types+react-dom@19.2.3_@types+react@19.2.15/node_modules/@types/react-dom/test-utils/index.d.ts","../../node_modules/.pnpm/@testing-library+react@16.3.2_@testing-library+dom@10.4.1_@types+react-dom@19.2.3_@type_6d47d6ccd2a6a07f1dbfe4f0136d418d/node_modules/@testing-library/react/types/index.d.ts","./jest.setup.ts","./next.config.ts","./app/_lib/api.ts","./app/api/auth/login/route.ts","./app/api/auth/logout/route.ts","./app/api/auth/me/route.ts","./app/api/auth/signup/route.ts","./app/api/bot/route.ts","./app/api/bot/[id]/route.ts","./app/api/bot/attach/route.ts","./app/api/bot/initiate/route.ts","./app/api/bot/qr/[token]/route.ts","./app/api/bot/reveal/route.ts","./app/api/groups/[id]/claim/route.ts","./app/api/groups/[id]/release/route.ts","./app/api/my/account/route.ts","./app/api/my/groups/route.ts","./app/api/my/groups/[id]/route.ts","./app/api/my/logout/route.ts","./app/api/my/opt-in/route.ts","./app/api/my/opt-out/route.ts","./app/api/my/profile/route.ts","./app/api/onboard/verify-otp/route.ts","./app/api/routes/route.ts","./app/api/routes/[id]/route.ts","./app/_lib/auth-context.tsx","./app/_lib/sidebar.tsx","./app/layout.tsx","./app/page.tsx","./app/page.test.tsx","./app/_lib/auth-context.test.tsx","./app/groups/groupstabs.tsx","./app/groups/pendingclaimlist.tsx","./app/groups/routemanager.tsx","./app/groups/routemanager.test.tsx","./app/groups/page.tsx","./app/login/page.tsx","./app/login/page.test.tsx","./app/my/page.tsx","./app/my/groups/groupoptoutbutton.tsx","./app/my/groups/page.tsx","./app/my/groups/[id]/page.tsx","./app/my/settings/deleteaccountbutton.tsx","./app/my/settings/memberlogoutbutton.tsx","./app/my/settings/page.tsx","./app/onboard/onboardingform.tsx","./app/onboard/page.tsx","./app/search/page.tsx","./app/search/page.test.tsx","./app/settings/bot/botsettingscard.tsx","./app/settings/bot/page.tsx","./app/signup/page.tsx","./.next/dev/types/cache-life.d.ts","./.next/dev/types/validator.ts"],"fileIdsList":[[97,146,163,164,488,489,490,491],[97,146,163,164],[97,146,163,164,231,529,532,535,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,612,613,620,621,623,625,626,629,631,632,635,636],[97,146,163,164,231,506],[97,146,163,164,231,584,610],[85,97,146,163,164,231],[85,97,146,163,164,231,512,522,610],[97,146,163,164,231,587],[97,146,163,164,231,512],[97,146,163,164,231,587,616,617,618],[85,97,146,163,164,231,522],[97,146,163,164,231,584,618],[97,146,163,164,231,512,530,533,610,611],[97,146,163,164,231,584,610,621],[85,97,146,163,164,231,522,610],[97,146,163,164,231,512,587],[97,146,163,164,231,512,587,624],[97,146,163,164,231,587,627,628],[97,146,163,164,231,630],[97,146,163,164,231,584,613],[97,146,163,164,231,584,632],[97,146,163,164,231,587,634],[97,146,163,164,231,584],[97,146,163,164,533,534,535],[97,146,163,164,231,533],[97,146,149,163,164,190,196,546,548],[97,146,163,164,546,554,555,556,558,559],[97,146,163,164,196,546,554],[97,146,163,164,544],[97,146,163,164,540,546,549,551,552,553],[97,146,163,164,196,539,540,541,543,545],[97,146,163,164,570],[97,146,163,164,567,568,569,570,571,574,575,576,577,578,579,580,581],[97,146,163,164,563],[97,146,163,164,573],[97,146,163,164,567,568,569],[97,146,163,164,567,568],[97,146,163,164,570,571,573],[97,146,163,164,568],[97,146,163,164,565],[97,146,163,164,562,564],[85,97,146,163,164,201,464,582,583],[97,146,158,163,164,196],[97,146,163,164,540],[97,146,163,164,542],[97,143,144,146,163,164],[97,145,146,163,164],[146,163,164],[97,146,151,163,164,181],[97,146,147,152,157,163,164,166,178,189],[97,146,147,148,157,163,164,166],[92,93,94,97,146,163,164],[97,146,149,163,164,190],[97,146,150,151,158,163,164,167],[97,146,151,163,164,178,186],[97,146,152,154,157,163,164,166],[97,145,146,153,163,164],[97,146,154,155,163,164],[97,146,156,157,163,164],[97,145,146,157,163,164],[97,146,157,158,159,163,164,178,189],[97,146,157,158,159,163,164,173,178,181],[97,139,146,154,157,160,163,164,166,178,189],[97,146,157,158,160,161,163,164,166,178,186,189],[97,146,160,162,163,164,178,186,189],[95,96,97,98,99,100,101,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195],[97,146,157,163,164],[97,146,163,164,165,189],[97,146,154,157,163,164,166,178],[97,146,163,164,167],[97,146,163,164,168],[97,145,146,163,164,169],[97,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195],[97,146,163,164,171],[97,146,163,164,172],[97,146,157,163,164,173,174],[97,146,163,164,173,175,190,192],[97,146,158,163,164],[97,146,157,163,164,178,179,181],[97,146,163,164,180,181],[97,146,163,164,178,179],[97,146,163,164,181],[97,146,163,164,182],[97,143,146,163,164,178,183,189],[97,146,157,163,164,184,185],[97,146,163,164,184,185],[97,146,151,163,164,166,178,186],[97,146,163,164,187],[97,146,163,164,166,188],[97,146,160,163,164,172,189],[97,146,151,163,164,190],[97,146,163,164,178,191],[97,146,163,164,165,192],[97,146,163,164,193],[97,139,146,163,164],[97,139,146,157,159,163,164,169,178,181,189,191,192,194],[97,146,163,164,178,195],[85,89,97,146,163,164,197,198,199,201,483,528],[85,97,146,163,164],[85,89,97,146,163,164,197,198,199,200,464,483,528],[85,89,97,146,163,164,197,198,200,201,483,528],[85,97,146,163,164,201,464,465],[85,97,146,163,164,201,464],[85,89,97,146,163,164,198,199,200,201,483,528],[85,89,97,146,163,164,197,199,200,201,483,528],[83,84,97,146,163,164],[97,146,163,164,538],[97,146,163,164,537],[97,146,163,164,196],[97,146,163,164,539],[97,146,163,164,196,546,550],[97,146,163,164,546,547],[97,146,163,164,551],[97,146,163,164,546,554,558],[97,146,163,164,196,546,554,557],[97,146,163,164,546,560,561],[97,146,163,164,486],[97,146,163,164,434,497,498],[97,146,163,164,206,207,209,221,245,360,371,479],[97,146,163,164,209,240,241,242,244,479],[97,146,163,164,209,377,379,381,382,384,479,481],[97,146,163,164,209,243,280,479],[97,146,163,164,207,209,220,221,227,233,238,359,360,361,370,479,481],[97,146,163,164,479],[97,146,163,164,216,222,241,261,356],[97,146,163,164,209],[97,146,163,164,202,216,222],[97,146,163,164,388],[97,146,163,164,385,386,388],[97,146,163,164,385,387,479],[97,146,160,163,164,261,458,476],[97,146,160,163,164,332,335,351,356,476],[97,146,160,163,164,304,476],[97,146,163,164,364],[97,146,163,164,363,364,365],[97,146,163,164,363],[91,97,146,160,163,164,202,209,221,227,233,239,241,245,246,259,260,327,357,358,371,479,483],[97,146,163,164,206,209,243,280,377,378,383,479,531],[97,146,163,164,243,531],[97,146,163,164,206,260,429,479,531],[97,146,163,164,531],[97,146,163,164,209,243,244,531],[97,146,163,164,380,531],[97,146,163,164,246,359,362,369],[85,97,146,163,164,434],[97,146,163,164,172,216,231],[97,146,163,164,216,231],[85,97,146,163,164,301],[85,97,146,163,164,222,231,434],[97,146,163,164,216,287,301,302,513,520],[97,146,163,164,286,514,515,516,517,519],[97,146,163,164,337],[97,146,163,164,337,338],[97,146,163,164,220,222,289,290],[97,146,163,164,222,296,297],[97,146,163,164,222,291,299],[97,146,163,164,296],[97,146,163,164,214,222,289,290,291,292,293,294,295,296,299],[97,146,163,164,222,289,296,297,298,300],[97,146,163,164,222,290,292,293],[97,146,163,164,290,292,295,297],[97,146,163,164,518],[97,146,163,164,222],[85,97,146,163,164,210,507],[85,97,146,163,164,189],[85,97,146,163,164,243,278],[85,97,146,163,164,243,371],[97,146,163,164,276,281],[85,97,146,163,164,277,485],[85,89,97,146,160,163,164,197,198,199,200,201,483,527],[97,146,160,163,164,222],[97,146,160,163,164,221,226,307,324,366,367,371,426,428,479,480],[97,146,163,164,259,368],[97,146,163,164,483],[97,146,163,164,208],[85,97,146,163,164,213,216,431,447,449],[97,146,163,164,172,216,431,446,447,448,530],[97,146,163,164,440,441,442,443,444,445],[97,146,163,164,442],[97,146,163,164,446],[97,146,163,164,231,395,396,398],[85,97,146,163,164,222,389,390,391,392,397],[97,146,163,164,395,397],[97,146,163,164,393],[97,146,163,164,394],[85,97,146,163,164,231,277,485],[85,97,146,163,164,231,484,485],[85,97,146,163,164,231,485],[97,146,163,164,324,325],[97,146,163,164,325],[97,146,160,163,164,480,485],[97,146,163,164,354],[97,145,146,163,164,353],[97,146,163,164,216,222,228,230,332,345,349,351,428,431,468,469,476,480],[97,146,163,164,222,271,293],[97,146,163,164,332,343,346,351],[85,97,146,163,164,213,216,332,335,351,354,388,435,436,437,438,439,450,451,452,453,454,455,456,457,531],[97,146,163,164,213,216,241,332,339,340,341,344,345],[97,146,163,164,178,222,241,343,350,431,432,476],[97,146,163,164,347],[97,146,160,163,164,172,210,222,226,236,268,269,272,324,327,392,426,427,468,479,480,481,483,531],[97,146,163,164,213,214,216],[97,146,163,164,332],[97,145,146,163,164,241,268,269,326,327,328,329,330,331,480],[97,146,163,164,351],[97,145,146,163,164,215,216,226,230,266,332,339,340,341,342,343,346,347,348,349,350,469],[97,146,160,163,164,266,267,339,480,481],[97,146,163,164,241,269,324,327,332,428,480],[97,146,160,163,164,479,481],[97,146,160,163,164,178,476,480,481],[97,146,160,163,164,172,202,216,221,228,230,233,236,243,263,268,269,270,271,272,307,308,310,313,315,318,319,320,321,323,371,426,428,476,479,480,481],[97,146,160,163,164,178],[97,146,163,164,209,210,211,239,476,477,478,483,485,531],[97,146,163,164,206,207,479],[97,146,163,164,400],[97,146,160,163,164,178,189,218,384,388,389,390,391,392,398,399,531],[97,146,163,164,172,189,202,216,218,230,233,269,308,313,323,324,377,404,405,406,412,415,416,426,428,476,479],[97,146,163,164,233,239,246,259,269,327,479],[97,146,160,163,164,189,210,221,230,269,410,476,479],[97,146,163,164,430],[97,146,160,163,164,400,413,414,423],[97,146,163,164,476,479],[97,146,163,164,329,469],[97,146,163,164,230,268,371,485],[97,146,160,163,164,172,208,313,373,377,406,412,415,418,476],[97,146,160,163,164,246,259,377,419],[97,146,163,164,209,270,371,421,479,481],[97,146,160,163,164,189,392,479],[97,146,160,163,164,243,270,371,372,373,382,400,420,422,479],[91,97,146,160,163,164,268,425,483,485],[97,146,163,164,322,426],[97,146,160,163,164,172,216,219,221,222,228,230,236,245,246,259,269,272,308,310,320,323,324,371,404,405,406,407,409,411,426,428,476,485],[97,146,160,163,164,178,246,412,417,423,476],[97,146,163,164,249,250,251,252,253,254,255,256,257,258],[97,146,163,164,263,314],[97,146,163,164,316],[97,146,163,164,314],[97,146,163,164,316,317],[97,146,160,163,164,220,221,222,226,227,480],[97,146,160,163,164,172,208,210,228,232,268,271,272,306,426,476,481,483,485],[97,146,160,163,164,172,189,212,219,220,230,232,269,424,469,475,480],[97,146,163,164,339],[97,146,163,164,340],[97,146,163,164,222,233,468],[97,146,163,164,341],[97,146,163,164,215],[97,146,163,164,217,229],[97,146,160,163,164,217,221,228],[97,146,163,164,224,229],[97,146,163,164,225],[97,146,163,164,217,218],[97,146,163,164,217,273],[97,146,163,164,217],[97,146,163,164,219,263,312],[97,146,163,164,311],[97,146,163,164,216,218,219],[97,146,163,164,219,309],[97,146,163,164,216,218],[97,146,163,164,268,371],[97,146,163,164,468],[97,146,160,163,164,189,228,230,234,268,371,425,428,431,432,433,459,460,463,467,469,476,480],[97,146,163,164,282,285,287,288,301,302],[85,97,146,163,164,199,201,231,461,462],[85,97,146,163,164,199,201,231,461,462,466],[97,146,163,164,355],[97,146,163,164,241,262,267,268,332,333,334,335,336,338,351,352,354,357,425,428,479,481],[97,146,163,164,301],[97,146,160,163,164,306,476],[97,146,163,164,306],[97,146,160,163,164,228,274,303,305,307,425,476,483,485],[97,146,163,164,282,283,284,285,287,288,301,302,484],[91,97,146,160,163,164,172,189,217,218,230,236,268,269,272,371,423,424,426,476,479,480,483],[97,146,163,164,213,216,223],[97,146,163,164,267,269,401,404],[97,146,163,164,267,402,470,471,472,473,474],[97,146,160,163,164,263,479],[97,146,160,163,164],[97,146,163,164,266,351],[97,146,163,164,265],[97,146,163,164,267,320],[97,146,163,164,264,266,479],[97,146,160,163,164,212,267,401,402,403,476,479,480],[85,97,146,163,164,216,222,300],[85,97,146,163,164,214],[97,146,163,164,204,205],[85,97,146,163,164,210],[85,97,146,163,164,216,286],[85,91,97,146,163,164,268,272,483,485],[97,146,163,164,210,507,508],[85,97,146,163,164,281],[85,97,146,163,164,172,189,208,275,277,279,280,485],[97,146,163,164,216,243,480],[97,146,163,164,216,408],[85,97,146,158,160,163,164,172,206,208,281,379,483,484],[85,97,146,163,164,197,198,199,200,201,483,528],[85,86,87,88,89,97,146,163,164],[97,146,151,163,164],[97,146,163,164,374,375,376],[97,146,163,164,374],[85,89,97,146,160,162,163,164,172,196,197,198,199,200,201,202,208,236,241,418,446,481,482,485,528],[97,146,163,164,493],[97,146,163,164,495],[97,146,163,164,499],[97,146,163,164,501],[97,146,163,164,503,504,505],[97,146,163,164,509],[90,97,146,163,164,487,492,494,496,500,502,506,510,512,522,523,525,529,530,531,532],[97,146,163,164,511],[97,146,163,164,521],[97,146,163,164,277],[97,146,163,164,524],[97,145,146,163,164,267,401,402,404,470,471,473,474,526,528],[97,146,163,164,572],[97,146,163,164,178,196],[97,111,115,146,163,164,189],[97,111,146,163,164,178,189],[97,106,146,163,164],[97,108,111,146,163,164,186,189],[97,146,163,164,166,186],[97,106,146,163,164,196],[97,108,111,146,163,164,166,189],[97,103,104,107,110,146,157,163,164,178,189],[97,111,118,146,163,164],[97,103,109,146,163,164],[97,111,132,133,146,163,164],[97,107,111,146,163,164,181,189,196],[97,132,146,163,164,196],[97,105,106,146,163,164,196],[97,111,146,163,164],[97,105,106,107,108,109,110,111,112,113,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,133,134,135,136,137,138,146,163,164],[97,111,126,146,163,164],[97,111,118,119,146,163,164],[97,109,111,119,120,146,163,164],[97,110,146,163,164],[97,103,106,111,146,163,164],[97,111,115,119,120,146,163,164],[97,115,146,163,164],[97,109,111,114,146,163,164,189],[97,103,108,111,118,146,163,164],[97,146,163,164,178],[97,106,111,132,146,163,164,194,196]],"fileInfos":[{"version":"c430d44666289dae81f30fa7b2edebf186ecc91a2d4c71266ea6ae76388792e1","affectsGlobalScope":true,"impliedFormat":1},{"version":"45b7ab580deca34ae9729e97c13cfd999df04416a79116c3bfb483804f85ded4","impliedFormat":1},{"version":"3facaf05f0c5fc569c5649dd359892c98a85557e3e0c847964caeb67076f4d75","impliedFormat":1},{"version":"e44bb8bbac7f10ecc786703fe0a6a4b952189f908707980ba8f3c8975a760962","impliedFormat":1},{"version":"5e1c4c362065a6b95ff952c0eab010f04dcd2c3494e813b493ecfd4fcb9fc0d8","impliedFormat":1},{"version":"68d73b4a11549f9c0b7d352d10e91e5dca8faa3322bfb77b661839c42b1ddec7","impliedFormat":1},{"version":"5efce4fc3c29ea84e8928f97adec086e3dc876365e0982cc8479a07954a3efd4","impliedFormat":1},{"version":"feecb1be483ed332fad555aff858affd90a48ab19ba7272ee084704eb7167569","impliedFormat":1},{"version":"ee7bad0c15b58988daa84371e0b89d313b762ab83cb5b31b8a2d1162e8eb41c2","impliedFormat":1},{"version":"27bdc30a0e32783366a5abeda841bc22757c1797de8681bbe81fbc735eeb1c10","impliedFormat":1},{"version":"8fd575e12870e9944c7e1d62e1f5a73fcf23dd8d3a321f2a2c74c20d022283fe","impliedFormat":1},{"version":"2ab096661c711e4a81cc464fa1e6feb929a54f5340b46b0a07ac6bbf857471f0","impliedFormat":1},{"version":"080941d9f9ff9307f7e27a83bcd888b7c8270716c39af943532438932ec1d0b9","affectsGlobalScope":true,"impliedFormat":1},{"version":"2e80ee7a49e8ac312cc11b77f1475804bee36b3b2bc896bead8b6e1266befb43","affectsGlobalScope":true,"impliedFormat":1},{"version":"c57796738e7f83dbc4b8e65132f11a377649c00dd3eee333f672b8f0a6bea671","affectsGlobalScope":true,"impliedFormat":1},{"version":"dc2df20b1bcdc8c2d34af4926e2c3ab15ffe1160a63e58b7e09833f616efff44","affectsGlobalScope":true,"impliedFormat":1},{"version":"515d0b7b9bea2e31ea4ec968e9edd2c39d3eebf4a2d5cbd04e88639819ae3b71","affectsGlobalScope":true,"impliedFormat":1},{"version":"0559b1f683ac7505ae451f9a96ce4c3c92bdc71411651ca6ddb0e88baaaad6a3","affectsGlobalScope":true,"impliedFormat":1},{"version":"0dc1e7ceda9b8b9b455c3a2d67b0412feab00bd2f66656cd8850e8831b08b537","affectsGlobalScope":true,"impliedFormat":1},{"version":"ce691fb9e5c64efb9547083e4a34091bcbe5bdb41027e310ebba8f7d96a98671","affectsGlobalScope":true,"impliedFormat":1},{"version":"8d697a2a929a5fcb38b7a65594020fcef05ec1630804a33748829c5ff53640d0","affectsGlobalScope":true,"impliedFormat":1},{"version":"4ff2a353abf8a80ee399af572debb8faab2d33ad38c4b4474cff7f26e7653b8d","affectsGlobalScope":true,"impliedFormat":1},{"version":"fb0f136d372979348d59b3f5020b4cdb81b5504192b1cacff5d1fbba29378aa1","affectsGlobalScope":true,"impliedFormat":1},{"version":"d15bea3d62cbbdb9797079416b8ac375ae99162a7fba5de2c6c505446486ac0a","affectsGlobalScope":true,"impliedFormat":1},{"version":"68d18b664c9d32a7336a70235958b8997ebc1c3b8505f4f1ae2b7e7753b87618","affectsGlobalScope":true,"impliedFormat":1},{"version":"eb3d66c8327153d8fa7dd03f9c58d351107fe824c79e9b56b462935176cdf12a","affectsGlobalScope":true,"impliedFormat":1},{"version":"38f0219c9e23c915ef9790ab1d680440d95419ad264816fa15009a8851e79119","affectsGlobalScope":true,"impliedFormat":1},{"version":"69ab18c3b76cd9b1be3d188eaf8bba06112ebbe2f47f6c322b5105a6fbc45a2e","affectsGlobalScope":true,"impliedFormat":1},{"version":"a680117f487a4d2f30ea46f1b4b7f58bef1480456e18ba53ee85c2746eeca012","affectsGlobalScope":true,"impliedFormat":1},{"version":"2f11ff796926e0832f9ae148008138ad583bd181899ab7dd768a2666700b1893","affectsGlobalScope":true,"impliedFormat":1},{"version":"4de680d5bb41c17f7f68e0419412ca23c98d5749dcaaea1896172f06435891fc","affectsGlobalScope":true,"impliedFormat":1},{"version":"954296b30da6d508a104a3a0b5d96b76495c709785c1d11610908e63481ee667","affectsGlobalScope":true,"impliedFormat":1},{"version":"ac9538681b19688c8eae65811b329d3744af679e0bdfa5d842d0e32524c73e1c","affectsGlobalScope":true,"impliedFormat":1},{"version":"0a969edff4bd52585473d24995c5ef223f6652d6ef46193309b3921d65dd4376","affectsGlobalScope":true,"impliedFormat":1},{"version":"9e9fbd7030c440b33d021da145d3232984c8bb7916f277e8ffd3dc2e3eae2bdb","affectsGlobalScope":true,"impliedFormat":1},{"version":"811ec78f7fefcabbda4bfa93b3eb67d9ae166ef95f9bff989d964061cbf81a0c","affectsGlobalScope":true,"impliedFormat":1},{"version":"717937616a17072082152a2ef351cb51f98802fb4b2fdabd32399843875974ca","affectsGlobalScope":true,"impliedFormat":1},{"version":"d7e7d9b7b50e5f22c915b525acc5a49a7a6584cf8f62d0569e557c5cfc4b2ac2","affectsGlobalScope":true,"impliedFormat":1},{"version":"71c37f4c9543f31dfced6c7840e068c5a5aacb7b89111a4364b1d5276b852557","affectsGlobalScope":true,"impliedFormat":1},{"version":"576711e016cf4f1804676043e6a0a5414252560eb57de9faceee34d79798c850","affectsGlobalScope":true,"impliedFormat":1},{"version":"89c1b1281ba7b8a96efc676b11b264de7a8374c5ea1e6617f11880a13fc56dc6","affectsGlobalScope":true,"impliedFormat":1},{"version":"74f7fa2d027d5b33eb0471c8e82a6c87216223181ec31247c357a3e8e2fddc5b","affectsGlobalScope":true,"impliedFormat":1},{"version":"d6d7ae4d1f1f3772e2a3cde568ed08991a8ae34a080ff1151af28b7f798e22ca","affectsGlobalScope":true,"impliedFormat":1},{"version":"063600664504610fe3e99b717a1223f8b1900087fab0b4cad1496a114744f8df","affectsGlobalScope":true,"impliedFormat":1},{"version":"934019d7e3c81950f9a8426d093458b65d5aff2c7c1511233c0fd5b941e608ab","affectsGlobalScope":true,"impliedFormat":1},{"version":"52ada8e0b6e0482b728070b7639ee42e83a9b1c22d205992756fe020fd9f4a47","affectsGlobalScope":true,"impliedFormat":1},{"version":"3bdefe1bfd4d6dee0e26f928f93ccc128f1b64d5d501ff4a8cf3c6371200e5e6","affectsGlobalScope":true,"impliedFormat":1},{"version":"59fb2c069260b4ba00b5643b907ef5d5341b167e7d1dbf58dfd895658bda2867","affectsGlobalScope":true,"impliedFormat":1},{"version":"639e512c0dfc3fad96a84caad71b8834d66329a1f28dc95e3946c9b58176c73a","affectsGlobalScope":true,"impliedFormat":1},{"version":"368af93f74c9c932edd84c58883e736c9e3d53cec1fe24c0b0ff451f529ceab1","affectsGlobalScope":true,"impliedFormat":1},{"version":"af3dd424cf267428f30ccfc376f47a2c0114546b55c44d8c0f1d57d841e28d74","affectsGlobalScope":true,"impliedFormat":1},{"version":"995c005ab91a498455ea8dfb63aa9f83fa2ea793c3d8aa344be4a1678d06d399","affectsGlobalScope":true,"impliedFormat":1},{"version":"959d36cddf5e7d572a65045b876f2956c973a586da58e5d26cde519184fd9b8a","affectsGlobalScope":true,"impliedFormat":1},{"version":"965f36eae237dd74e6cca203a43e9ca801ce38824ead814728a2807b1910117d","affectsGlobalScope":true,"impliedFormat":1},{"version":"3925a6c820dcb1a06506c90b1577db1fdbf7705d65b62b99dce4be75c637e26b","affectsGlobalScope":true,"impliedFormat":1},{"version":"0a3d63ef2b853447ec4f749d3f368ce642264246e02911fcb1590d8c161b8005","affectsGlobalScope":true,"impliedFormat":1},{"version":"8cdf8847677ac7d20486e54dd3fcf09eda95812ac8ace44b4418da1bbbab6eb8","affectsGlobalScope":true,"impliedFormat":1},{"version":"8444af78980e3b20b49324f4a16ba35024fef3ee069a0eb67616ea6ca821c47a","affectsGlobalScope":true,"impliedFormat":1},{"version":"3287d9d085fbd618c3971944b65b4be57859f5415f495b33a6adc994edd2f004","affectsGlobalScope":true,"impliedFormat":1},{"version":"b4b67b1a91182421f5df999988c690f14d813b9850b40acd06ed44691f6727ad","affectsGlobalScope":true,"impliedFormat":1},{"version":"df83c2a6c73228b625b0beb6669c7ee2a09c914637e2d35170723ad49c0f5cd4","affectsGlobalScope":true,"impliedFormat":1},{"version":"436aaf437562f276ec2ddbee2f2cdedac7664c1e4c1d2c36839ddd582eeb3d0a","affectsGlobalScope":true,"impliedFormat":1},{"version":"8e3c06ea092138bf9fa5e874a1fdbc9d54805d074bee1de31b99a11e2fec239d","affectsGlobalScope":true,"impliedFormat":1},{"version":"87dc0f382502f5bbce5129bdc0aea21e19a3abbc19259e0b43ae038a9fc4e326","affectsGlobalScope":true,"impliedFormat":1},{"version":"b1cb28af0c891c8c96b2d6b7be76bd394fddcfdb4709a20ba05a7c1605eea0f9","affectsGlobalScope":true,"impliedFormat":1},{"version":"2fef54945a13095fdb9b84f705f2b5994597640c46afeb2ce78352fab4cb3279","affectsGlobalScope":true,"impliedFormat":1},{"version":"ac77cb3e8c6d3565793eb90a8373ee8033146315a3dbead3bde8db5eaf5e5ec6","affectsGlobalScope":true,"impliedFormat":1},{"version":"56e4ed5aab5f5920980066a9409bfaf53e6d21d3f8d020c17e4de584d29600ad","affectsGlobalScope":true,"impliedFormat":1},{"version":"4ece9f17b3866cc077099c73f4983bddbcb1dc7ddb943227f1ec070f529dedd1","affectsGlobalScope":true,"impliedFormat":1},{"version":"0a6282c8827e4b9a95f4bf4f5c205673ada31b982f50572d27103df8ceb8013c","affectsGlobalScope":true,"impliedFormat":1},{"version":"1c9319a09485199c1f7b0498f2988d6d2249793ef67edda49d1e584746be9032","affectsGlobalScope":true,"impliedFormat":1},{"version":"e3a2a0cee0f03ffdde24d89660eba2685bfbdeae955a6c67e8c4c9fd28928eeb","affectsGlobalScope":true,"impliedFormat":1},{"version":"811c71eee4aa0ac5f7adf713323a5c41b0cf6c4e17367a34fbce379e12bbf0a4","affectsGlobalScope":true,"impliedFormat":1},{"version":"51ad4c928303041605b4d7ae32e0c1ee387d43a24cd6f1ebf4a2699e1076d4fa","affectsGlobalScope":true,"impliedFormat":1},{"version":"60037901da1a425516449b9a20073aa03386cce92f7a1fd902d7602be3a7c2e9","affectsGlobalScope":true,"impliedFormat":1},{"version":"d4b1d2c51d058fc21ec2629fff7a76249dec2e36e12960ea056e3ef89174080f","affectsGlobalScope":true,"impliedFormat":1},{"version":"22adec94ef7047a6c9d1af3cb96be87a335908bf9ef386ae9fd50eeb37f44c47","affectsGlobalScope":true,"impliedFormat":1},{"version":"196cb558a13d4533a5163286f30b0509ce0210e4b316c56c38d4c0fd2fb38405","affectsGlobalScope":true,"impliedFormat":1},{"version":"73f78680d4c08509933daf80947902f6ff41b6230f94dd002ae372620adb0f60","affectsGlobalScope":true,"impliedFormat":1},{"version":"c5239f5c01bcfa9cd32f37c496cf19c61d69d37e48be9de612b541aac915805b","affectsGlobalScope":true,"impliedFormat":1},{"version":"8e7f8264d0fb4c5339605a15daadb037bf238c10b654bb3eee14208f860a32ea","affectsGlobalScope":true,"impliedFormat":1},{"version":"782dec38049b92d4e85c1585fbea5474a219c6984a35b004963b00beb1aab538","affectsGlobalScope":true,"impliedFormat":1},{"version":"7e29f41b158de217f94cb9676bf9cbd0cd9b5a46e1985141ed36e075c52bf6ad","affectsGlobalScope":true,"impliedFormat":1},{"version":"ac51dd7d31333793807a6abaa5ae168512b6131bd41d9c5b98477fc3b7800f9f","impliedFormat":1},{"version":"bd7dee3446a5b94651d58000ddfda40296f073e9372891f65003a524b4620697","impliedFormat":1},{"version":"acd8fd5090ac73902278889c38336ff3f48af6ba03aa665eb34a75e7ba1dccc4","impliedFormat":1},{"version":"d6258883868fb2680d2ca96bc8b1352cab69874581493e6d52680c5ffecdb6cc","impliedFormat":1},{"version":"1b61d259de5350f8b1e5db06290d31eaebebc6baafd5f79d314b5af9256d7153","impliedFormat":1},{"version":"f258e3960f324a956fc76a3d3d9e964fff2244ff5859dcc6ce5951e5413ca826","impliedFormat":1},{"version":"643f7232d07bf75e15bd8f658f664d6183a0efaca5eb84b48201c7671a266979","impliedFormat":1},{"version":"21da358700a3893281ce0c517a7a30cbd46be020d9f0c3f2834d0a8ad1f5fc75","impliedFormat":1},{"version":"6c7176368037af28cb72f2392010fa1cef295d6d6744bca8cfb54985f3a18c3e","affectsGlobalScope":true,"impliedFormat":1},{"version":"ab41ef1f2cdafb8df48be20cd969d875602483859dc194e9c97c8a576892c052","affectsGlobalScope":true,"impliedFormat":1},{"version":"437e20f2ba32abaeb7985e0afe0002de1917bc74e949ba585e49feba65da6ca1","affectsGlobalScope":true,"impliedFormat":1},{"version":"21d819c173c0cf7cc3ce57c3276e77fd9a8a01d35a06ad87158781515c9a438a","impliedFormat":1},{"version":"98cffbf06d6bab333473c70a893770dbe990783904002c4f1a960447b4b53dca","affectsGlobalScope":true,"impliedFormat":1},{"version":"3af97acf03cc97de58a3a4bc91f8f616408099bc4233f6d0852e72a8ffb91ac9","affectsGlobalScope":true,"impliedFormat":1},{"version":"808069bba06b6768b62fd22429b53362e7af342da4a236ed2d2e1c89fcca3b4a","affectsGlobalScope":true,"impliedFormat":1},{"version":"1db0b7dca579049ca4193d034d835f6bfe73096c73663e5ef9a0b5779939f3d0","affectsGlobalScope":true,"impliedFormat":1},{"version":"9798340ffb0d067d69b1ae5b32faa17ab31b82466a3fc00d8f2f2df0c8554aaa","affectsGlobalScope":true,"impliedFormat":1},{"version":"f26b11d8d8e4b8028f1c7d618b22274c892e4b0ef5b3678a8ccbad85419aef43","affectsGlobalScope":true,"impliedFormat":1},{"version":"4967529644e391115ca5592184d4b63980569adf60ee685f968fd59ab1557188","impliedFormat":1},{"version":"5929864ce17fba74232584d90cb721a89b7ad277220627cc97054ba15a98ea8f","impliedFormat":1},{"version":"763fe0f42b3d79b440a9b6e51e9ba3f3f91352469c1e4b3b67bfa4ff6352f3f4","impliedFormat":1},{"version":"25c8056edf4314820382a5fdb4bb7816999acdcb929c8f75e3f39473b87e85bc","impliedFormat":1},{"version":"c464d66b20788266e5353b48dc4aa6bc0dc4a707276df1e7152ab0c9ae21fad8","impliedFormat":1},{"version":"78d0d27c130d35c60b5e5566c9f1e5be77caf39804636bc1a40133919a949f21","impliedFormat":1},{"version":"c6fd2c5a395f2432786c9cb8deb870b9b0e8ff7e22c029954fabdd692bff6195","impliedFormat":1},{"version":"1d6e127068ea8e104a912e42fc0a110e2aa5a66a356a917a163e8cf9a65e4a75","impliedFormat":1},{"version":"5ded6427296cdf3b9542de4471d2aa8d3983671d4cac0f4bf9c637208d1ced43","impliedFormat":1},{"version":"7f182617db458e98fc18dfb272d40aa2fff3a353c44a89b2c0ccb3937709bfb5","impliedFormat":1},{"version":"cadc8aced301244057c4e7e73fbcae534b0f5b12a37b150d80e5a45aa4bebcbd","impliedFormat":1},{"version":"385aab901643aa54e1c36f5ef3107913b10d1b5bb8cbcd933d4263b80a0d7f20","impliedFormat":1},{"version":"9670d44354bab9d9982eca21945686b5c24a3f893db73c0dae0fd74217a4c219","impliedFormat":1},{"version":"0b8a9268adaf4da35e7fa830c8981cfa22adbbe5b3f6f5ab91f6658899e657a7","impliedFormat":1},{"version":"11396ed8a44c02ab9798b7dca436009f866e8dae3c9c25e8c1fbc396880bf1bb","impliedFormat":1},{"version":"ba7bc87d01492633cb5a0e5da8a4a42a1c86270e7b3d2dea5d156828a84e4882","impliedFormat":1},{"version":"4893a895ea92c85345017a04ed427cbd6a1710453338df26881a6019432febdd","impliedFormat":1},{"version":"c21dc52e277bcfc75fac0436ccb75c204f9e1b3fa5e12729670910639f27343e","impliedFormat":1},{"version":"13f6f39e12b1518c6650bbb220c8985999020fe0f21d818e28f512b7771d00f9","impliedFormat":1},{"version":"9b5369969f6e7175740bf51223112ff209f94ba43ecd3bb09eefff9fd675624a","impliedFormat":1},{"version":"4fe9e626e7164748e8769bbf74b538e09607f07ed17c2f20af8d680ee49fc1da","impliedFormat":1},{"version":"24515859bc0b836719105bb6cc3d68255042a9f02a6022b3187948b204946bd2","impliedFormat":1},{"version":"ea0148f897b45a76544ae179784c95af1bd6721b8610af9ffa467a518a086a43","impliedFormat":1},{"version":"24c6a117721e606c9984335f71711877293a9651e44f59f3d21c1ea0856f9cc9","impliedFormat":1},{"version":"dd3273ead9fbde62a72949c97dbec2247ea08e0c6952e701a483d74ef92d6a17","impliedFormat":1},{"version":"405822be75ad3e4d162e07439bac80c6bcc6dbae1929e179cf467ec0b9ee4e2e","impliedFormat":1},{"version":"0db18c6e78ea846316c012478888f33c11ffadab9efd1cc8bcc12daded7a60b6","impliedFormat":1},{"version":"e61be3f894b41b7baa1fbd6a66893f2579bfad01d208b4ff61daef21493ef0a8","impliedFormat":1},{"version":"bd0532fd6556073727d28da0edfd1736417a3f9f394877b6d5ef6ad88fba1d1a","impliedFormat":1},{"version":"89167d696a849fce5ca508032aabfe901c0868f833a8625d5a9c6e861ef935d2","impliedFormat":1},{"version":"615ba88d0128ed16bf83ef8ccbb6aff05c3ee2db1cc0f89ab50a4939bfc1943f","impliedFormat":1},{"version":"a4d551dbf8746780194d550c88f26cf937caf8d56f102969a110cfaed4b06656","impliedFormat":1},{"version":"8bd86b8e8f6a6aa6c49b71e14c4ffe1211a0e97c80f08d2c8cc98838006e4b88","impliedFormat":1},{"version":"317e63deeb21ac07f3992f5b50cdca8338f10acd4fbb7257ebf56735bf52ab00","impliedFormat":1},{"version":"4732aec92b20fb28c5fe9ad99521fb59974289ed1e45aecb282616202184064f","impliedFormat":1},{"version":"2e85db9e6fd73cfa3d7f28e0ab6b55417ea18931423bd47b409a96e4a169e8e6","impliedFormat":1},{"version":"c46e079fe54c76f95c67fb89081b3e399da2c7d109e7dca8e4b58d83e332e605","impliedFormat":1},{"version":"bf67d53d168abc1298888693338cb82854bdb2e69ef83f8a0092093c2d562107","impliedFormat":1},{"version":"b52476feb4a0cbcb25e5931b930fc73cb6643fb1a5060bf8a3dda0eeae5b4b68","affectsGlobalScope":true,"impliedFormat":1},{"version":"f9501cc13ce624c72b61f12b3963e84fad210fbdf0ffbc4590e08460a3f04eba","affectsGlobalScope":true,"impliedFormat":1},{"version":"e7721c4f69f93c91360c26a0a84ee885997d748237ef78ef665b153e622b36c1","affectsGlobalScope":true,"impliedFormat":1},{"version":"0fa06ada475b910e2106c98c68b10483dc8811d0c14a8a8dd36efb2672485b29","impliedFormat":1},{"version":"33e5e9aba62c3193d10d1d33ae1fa75c46a1171cf76fef750777377d53b0303f","impliedFormat":1},{"version":"2b06b93fd01bcd49d1a6bd1f9b65ddcae6480b9a86e9061634d6f8e354c1468f","impliedFormat":1},{"version":"6a0cd27e5dc2cfbe039e731cf879d12b0e2dded06d1b1dedad07f7712de0d7f4","affectsGlobalScope":true,"impliedFormat":1},{"version":"13f5c844119c43e51ce777c509267f14d6aaf31eafb2c2b002ca35584cd13b29","impliedFormat":1},{"version":"e60477649d6ad21542bd2dc7e3d9ff6853d0797ba9f689ba2f6653818999c264","impliedFormat":1},{"version":"c2510f124c0293ab80b1777c44d80f812b75612f297b9857406468c0f4dafe29","affectsGlobalScope":true,"impliedFormat":1},{"version":"5524481e56c48ff486f42926778c0a3cce1cc85dc46683b92b1271865bcf015a","impliedFormat":1},{"version":"4c829ab315f57c5442c6667b53769975acbf92003a66aef19bce151987675bd1","affectsGlobalScope":true,"impliedFormat":1},{"version":"b2ade7657e2db96d18315694789eff2ddd3d8aea7215b181f8a0b303277cc579","impliedFormat":1},{"version":"9855e02d837744303391e5623a531734443a5f8e6e8755e018c41d63ad797db2","impliedFormat":1},{"version":"4d631b81fa2f07a0e63a9a143d6a82c25c5f051298651a9b69176ba28930756d","impliedFormat":1},{"version":"836a356aae992ff3c28a0212e3eabcb76dd4b0cc06bcb9607aeef560661b860d","impliedFormat":1},{"version":"1e0d1f8b0adfa0b0330e028c7941b5a98c08b600efe7f14d2d2a00854fb2f393","impliedFormat":1},{"version":"41670ee38943d9cbb4924e436f56fc19ee94232bc96108562de1a734af20dc2c","affectsGlobalScope":true,"impliedFormat":1},{"version":"c906fb15bd2aabc9ed1e3f44eb6a8661199d6c320b3aa196b826121552cb3695","impliedFormat":1},{"version":"22295e8103f1d6d8ea4b5d6211e43421fe4564e34d0dd8e09e520e452d89e659","impliedFormat":1},{"version":"58647d85d0f722a1ce9de50955df60a7489f0593bf1a7015521efe901c06d770","impliedFormat":1},{"version":"73b5fa37db36eeac90c4d752e39586f1b57187400c4f5280fd05f16437287a45","impliedFormat":1},{"version":"a10f0e1854f3316d7ee437b79649e5a6ae3ae14ffe6322b02d4987071a95362e","impliedFormat":1},{"version":"e208f73ef6a980104304b0d2ca5f6bf1b85de6009d2c7e404028b875020fa8f2","impliedFormat":1},{"version":"d163b6bc2372b4f07260747cbc6c0a6405ab3fbcea3852305e98ac43ca59f5bc","impliedFormat":1},{"version":"e6fa9ad47c5f71ff733744a029d1dc472c618de53804eae08ffc243b936f87ff","affectsGlobalScope":true,"impliedFormat":1},{"version":"a6f137d651076822d4fe884287e68fd61785a0d3d1fdb250a5059b691fa897db","impliedFormat":1},{"version":"24826ed94a78d5c64bd857570fdbd96229ad41b5cb654c08d75a9845e3ab7dde","impliedFormat":1},{"version":"8b479a130ccb62e98f11f136d3ac80f2984fdc07616516d29881f3061f2dd472","impliedFormat":1},{"version":"928af3d90454bf656a52a48679f199f64c1435247d6189d1caf4c68f2eaf921f","affectsGlobalScope":true,"impliedFormat":1},{"version":"bceb58df66ab8fb00170df20cd813978c5ab84be1d285710c4eb005d8e9d8efb","affectsGlobalScope":true,"impliedFormat":1},{"version":"3f16a7e4deafa527ed9995a772bb380eb7d3c2c0fd4ae178c5263ed18394db2c","impliedFormat":1},{"version":"933921f0bb0ec12ef45d1062a1fc0f27635318f4d294e4d99de9a5493e618ca2","impliedFormat":1},{"version":"71a0f3ad612c123b57239a7749770017ecfe6b66411488000aba83e4546fde25","impliedFormat":1},{"version":"77fbe5eecb6fac4b6242bbf6eebfc43e98ce5ccba8fa44e0ef6a95c945ff4d98","impliedFormat":1},{"version":"4f9d8ca0c417b67b69eeb54c7ca1bedd7b56034bb9bfd27c5d4f3bc4692daca7","impliedFormat":1},{"version":"814118df420c4e38fe5ae1b9a3bafb6e9c2aa40838e528cde908381867be6466","impliedFormat":1},{"version":"a3fc63c0d7b031693f665f5494412ba4b551fe644ededccc0ab5922401079c95","impliedFormat":1},{"version":"80523c00b8544a2000ae0143e4a90a00b47f99823eb7926c1e03c494216fc363","impliedFormat":1},{"version":"37ba7b45141a45ce6e80e66f2a96c8a5ab1bcef0fc2d0f56bb58df96ec67e972","impliedFormat":1},{"version":"45650f47bfb376c8a8ed39d4bcda5902ab899a3150029684ee4c10676d9fbaee","impliedFormat":1},{"version":"746911b62b329587939560deb5c036aca48aece03147b021fa680223255d5183","affectsGlobalScope":true,"impliedFormat":1},{"version":"18fd40412d102c5564136f29735e5d1c3b455b8a37f920da79561f1fde068208","impliedFormat":1},{"version":"c8d3e5a18ba35629954e48c4cc8f11dc88224650067a172685c736b27a34a4dc","impliedFormat":1},{"version":"f0be1b8078cd549d91f37c30c222c2a187ac1cf981d994fb476a1adc61387b14","affectsGlobalScope":true,"impliedFormat":1},{"version":"0aaed1d72199b01234152f7a60046bc947f1f37d78d182e9ae09c4289e06a592","impliedFormat":1},{"version":"2b55d426ff2b9087485e52ac4bc7cfafe1dc420fc76dad926cd46526567c501a","impliedFormat":1},{"version":"66ba1b2c3e3a3644a1011cd530fb444a96b1b2dfe2f5e837a002d41a1a799e60","impliedFormat":1},{"version":"7e514f5b852fdbc166b539fdd1f4e9114f29911592a5eb10a94bb3a13ccac3c4","impliedFormat":1},{"version":"5b7aa3c4c1a5d81b411e8cb302b45507fea9358d3569196b27eb1a27ae3a90ef","affectsGlobalScope":true,"impliedFormat":1},{"version":"5987a903da92c7462e0b35704ce7da94d7fdc4b89a984871c0e2b87a8aae9e69","affectsGlobalScope":true,"impliedFormat":1},{"version":"ea08a0345023ade2b47fbff5a76d0d0ed8bff10bc9d22b83f40858a8e941501c","impliedFormat":1},{"version":"47613031a5a31510831304405af561b0ffaedb734437c595256bb61a90f9311b","impliedFormat":1},{"version":"ae062ce7d9510060c5d7e7952ae379224fb3f8f2dd74e88959878af2057c143b","impliedFormat":1},{"version":"8a1a0d0a4a06a8d278947fcb66bf684f117bf147f89b06e50662d79a53be3e9f","affectsGlobalScope":true,"impliedFormat":1},{"version":"358765d5ea8afd285d4fd1532e78b88273f18cb3f87403a9b16fef61ac9fdcfe","impliedFormat":1},{"version":"9f55299850d4f0921e79b6bf344b47c420ce0f507b9dcf593e532b09ea7eeea1","impliedFormat":1},{"version":"2beff543f6e9a9701df88daeee3cdd70a34b4a1c11cb4c734472195a5cb2af54","impliedFormat":1},{"version":"2e07abf27aa06353d46f4448c0bbac73431f6065eef7113128a5cd804d0c384d","impliedFormat":1},{"version":"be1cc4d94ea60cbe567bc29ed479d42587bf1e6cba490f123d329976b0fe4ee5","impliedFormat":1},{"version":"42bc0e1a903408137c3df2b06dfd7e402cdab5bbfa5fcfb871b22ebfdb30bd0b","impliedFormat":1},{"version":"9894dafe342b976d251aac58e616ac6df8db91fb9d98934ff9dd103e9e82578f","impliedFormat":1},{"version":"413df52d4ea14472c2fa5bee62f7a40abd1eb49be0b9722ee01ee4e52e63beb2","impliedFormat":1},{"version":"db6d2d9daad8a6d83f281af12ce4355a20b9a3e71b82b9f57cddcca0a8964a96","impliedFormat":1},{"version":"446a50749b24d14deac6f8843e057a6355dd6437d1fac4f9e5ce4a5071f34bff","impliedFormat":1},{"version":"182e9fcbe08ac7c012e0a6e2b5798b4352470be29a64fdc114d23c2bab7d5106","impliedFormat":1},{"version":"2f4e6b4d39426a1b85ecf4bdeb9dddbf4d9b3397d95d8555d46f925c9519ec7d","impliedFormat":1},{"version":"78a2869ad0cbf3f9045dda08c0d4562b7e1b2bfe07b19e0db072f5c3c56e9584","impliedFormat":1},{"version":"89d5d28d4f57e000b836ac273079be1b75710e28ce14750d081fb420d37e2ca5","impliedFormat":1},{"version":"fd4e24ccff3966390600d7f5d6aa1fed5a512e92ada735ea5fbc933d313ad3d3","impliedFormat":1},{"version":"b7cddfe1aa6b86b5fad3c9ccb30d05b3ccb165aebbf112f48d2d8a5f69dd98b1","impliedFormat":1},{"version":"a86f82d646a739041d6702101afa82dcb935c416dd93cbca7fd754fd0282ce1f","impliedFormat":1},{"version":"ad0d1d75d129b1c80f911be438d6b61bfa8703930a8ff2be2f0e1f8a91841c64","impliedFormat":1},{"version":"bd2c7ada3dee03653d3f601011d30072194bc3970cd93208f9588fbdc0c69347","impliedFormat":1},{"version":"e480da45d32313e7174b265674da504f075f59ef326852f0c5a5d863b438ae85","impliedFormat":1},{"version":"ad54850f61fcf5d014e11be80d2f46fea9265cfa7e77456da876f7833ef81769","impliedFormat":1},{"version":"6f7c9e8bd2b5b6a080b07080065f94900bd3c7e5ebbd3047bc33fcce2fab1dd8","impliedFormat":1},{"version":"3e7efde639c6a6c3edb9847b3f61e308bf7a69685b92f665048c45132f51c218","impliedFormat":1},{"version":"df45ca1176e6ac211eae7ddf51336dc075c5314bc5c253651bae639defd5eec5","impliedFormat":1},{"version":"8a0e762ceb20c7e72504feef83d709468a70af4abccb304f32d6b9bac1129b2c","impliedFormat":1},{"version":"da5950ee2a90721df6f3fba45f5d05308f7e4c35835392215dd2cd404505e2de","impliedFormat":1},{"version":"ce75b1aebb33d510ff28af960a9221410a3eaf7f18fc5f21f9404075fba77256","impliedFormat":1},{"version":"f42d5fed19610d485c646a0c430e768115567d078c7fc855c57b0c578b3d6cd3","impliedFormat":1},{"version":"ee8df1cb8d0faaca4013a1b442e99130769ce06f438d18d510fed95890067563","impliedFormat":1},{"version":"d5630f2ad9b4541e5ce891648121022f9412ecdca1820baa1f0104f70fd7eff7","impliedFormat":1},{"version":"4d15375ab13497104bc8fe56fdef2b5fd6853f29255737d23a33fa306ff7fd69","impliedFormat":1},{"version":"2cd3fc1d0d6a1e85baffd2d4f50f5efb192b5446eef567e97c94765402f0aad4","impliedFormat":1},{"version":"e4cbf2f1e89ecccaddd2c045e600ae41b732295953fb06247c7dcbc2d281ed30","impliedFormat":1},{"version":"6dcedaef57dff0d79a05ab0ab602cde74db803d1e765468bf91263786a383e1b","impliedFormat":1},{"version":"8c1697d90c394a6fd955b98eae01238eff628e129b987a68aea10f898a48e7da","impliedFormat":1},{"version":"7580e62139cb2b44a0270c8d01abcbfcba2819a02514a527342447fa69b34ef1","impliedFormat":1},{"version":"42c169fb8c2d42f4f668c624a9a11e719d5d07dacbebb63cbcf7ef365b0a75b3","impliedFormat":1},{"version":"f374cb24e93e7798c4d9e83ff872fa52d2cdb36306392b840a6ddf46cb925cb6","impliedFormat":1},{"version":"d10d63718e1646c2279e3b33831f82c60e31f622b2b7020f1196409ca4c09242","impliedFormat":1},{"version":"106c6025f1d99fd468fd8bf6e5bda724e11e5905a4076c5d29790b6c3745e50c","impliedFormat":1},{"version":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","impliedFormat":1},{"version":"148679c6d0f449210a96e7d2e562d589e56fcde87f843a92808b3ff103f1a774","impliedFormat":1},{"version":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","impliedFormat":1},{"version":"02436d7e9ead85e09a2f8e27d5f47d9464bced31738dec138ca735390815c9f0","impliedFormat":1},{"version":"f8d5ff8eafd37499f2b6a98659dd9b45a321de186b8db6b6142faed0fea3de77","impliedFormat":1},{"version":"c86fe861cf1b4c46a0fb7d74dffe596cf679a2e5e8b1456881313170f092e3fa","impliedFormat":1},{"version":"a22dd55aa4d39906252000ab8e8a1b83b195eef7f4274eb51e457c1f11cf6580","impliedFormat":1},{"version":"540cc83ab772a2c6bc509fe1354f314825b5dba3669efdfbe4693ecd3048e34f","impliedFormat":1},{"version":"121b0696021ab885c570bbeb331be8ad82c6efe2f3b93a6e63874901bebc13e3","impliedFormat":1},{"version":"612d9da66bb046a9c1e2e8d026245ded881fc4b9f98cbfae714415d57ee0ae0b","impliedFormat":1},{"version":"32c2ad9494dad5d11b0564a619fee18f388db6c1e9e2cd3c360b3122549691eb","impliedFormat":1},{"version":"6c301d40aec56a74ec7bd7324e31a728dadf9bfba3e96def02938d3d973534ec","impliedFormat":1},{"version":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","impliedFormat":1},{"version":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","impliedFormat":1},{"version":"8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881","impliedFormat":1},{"version":"8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881","impliedFormat":1},{"version":"aa14cee20aa0db79f8df101fc027d929aec10feb5b8a8da3b9af3895d05b7ba2","impliedFormat":1},{"version":"493c700ac3bd317177b2eb913805c87fe60d4e8af4fb39c41f04ba81fae7e170","impliedFormat":1},{"version":"aeb554d876c6b8c818da2e118d8b11e1e559adbe6bf606cc9a611c1b6c09f670","impliedFormat":1},{"version":"acf5a2ac47b59ca07afa9abbd2b31d001bf7448b041927befae2ea5b1951d9f9","impliedFormat":1},{"version":"8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881","impliedFormat":1},{"version":"d71291eff1e19d8762a908ba947e891af44749f3a2cbc5bd2ec4b72f72ea795f","impliedFormat":1},{"version":"c0480e03db4b816dff2682b347c95f2177699525c54e7e6f6aa8ded890b76be7","impliedFormat":1},{"version":"25a5f6fd3a2243c859eddc99ab5fba11d970af2fe7a5df9c32b7668f76f97b01","impliedFormat":1},{"version":"8d207e1f9d2c30d6f77dfa693f3827c3fbf0d89240297e10bdfe1041d433df68","impliedFormat":1},{"version":"b620391fe8060cf9bedc176a4d01366e6574d7a71e0ac0ab344a4e76576fcbb8","impliedFormat":1},{"version":"6ac6715916fa75a1f7ebdfeacac09513b4d904b667d827b7535e84ff59679aff","impliedFormat":1},{"version":"2652448ac55a2010a1f71dd141f828b682298d39728f9871e1cdf8696ef443fd","impliedFormat":1},{"version":"d682336018141807fb602709e2d95a192828fcb8d5ba06dda3833a8ea98f69e3","impliedFormat":1},{"version":"6124e973eab8c52cabf3c07575204efc1784aca6b0a30c79eb85fe240a857efa","impliedFormat":1},{"version":"0d891735a21edc75df51f3eb995e18149e119d1ce22fd40db2b260c5960b914e","impliedFormat":1},{"version":"3b414b99a73171e1c4b7b7714e26b87d6c5cb03d200352da5342ab4088a54c85","impliedFormat":1},{"version":"4fbd3116e00ed3a6410499924b6403cc9367fdca303e34838129b328058ede40","impliedFormat":1},{"version":"9c82171d836c47486074e4ca8e059735bf97b205e70b196535b5efd40cbe1bc5","impliedFormat":1},{"version":"8c70ddc0c22d85e56011d49fddfaae3405eb53d47b59327b9dd589e82df672e7","impliedFormat":1},{"version":"2f9c89cbb29d362290531b48880a4024f258c6033aaeb7e59fbc62db26819650","impliedFormat":1},{"version":"a365c4d3bed3be4e4e20793c999c51f5cd7e6792322f14650949d827fbcd170f","impliedFormat":1},{"version":"c5426dbfc1cf90532f66965a7aa8c1136a78d4d0f96d8180ecbfc11d7722f1a5","impliedFormat":1},{"version":"65a15fc47900787c0bd18b603afb98d33ede930bed1798fc984d5ebb78b26cf9","impliedFormat":1},{"version":"9d202701f6e0744adb6314d03d2eb8fc994798fc83d91b691b75b07626a69801","impliedFormat":1},{"version":"de9d2df7663e64e3a91bf495f315a7577e23ba088f2949d5ce9ec96f44fba37d","impliedFormat":1},{"version":"c7af78a2ea7cb1cd009cfb5bdb48cd0b03dad3b54f6da7aab615c2e9e9d570c5","impliedFormat":1},{"version":"1ee45496b5f8bdee6f7abc233355898e5bf9bd51255db65f5ff7ede617ca0027","impliedFormat":1},{"version":"273782b8454e78f6a8b30d2cfbf6860499c930595095fcc1689637115f0eddda","affectsGlobalScope":true,"impliedFormat":1},{"version":"3fbdd025f9d4d820414417eeb4107ffa0078d454a033b506e22d3a23bc3d9c41","affectsGlobalScope":true,"impliedFormat":1},{"version":"dba114fb6a32b355a9cfc26ca2276834d72fe0e94cd2c3494005547025015369","impliedFormat":1},{"version":"a8f8e6ab2fa07b45251f403548b78eaf2022f3c2254df3dc186cb2671fe4996d","affectsGlobalScope":true,"impliedFormat":1},{"version":"fa6c12a7c0f6b84d512f200690bfc74819e99efae69e4c95c4cd30f6884c526e","impliedFormat":1},{"version":"f1c32f9ce9c497da4dc215c3bc84b722ea02497d35f9134db3bb40a8d918b92b","impliedFormat":1},{"version":"b73c319af2cc3ef8f6421308a250f328836531ea3761823b4cabbd133047aefa","affectsGlobalScope":true,"impliedFormat":1},{"version":"e433b0337b8106909e7953015e8fa3f2d30797cea27141d1c5b135365bb975a6","impliedFormat":1},{"version":"9f9bb6755a8ce32d656ffa4763a8144aa4f274d6b69b59d7c32811031467216e","impliedFormat":1},{"version":"5c32bdfbd2d65e8fffbb9fbda04d7165e9181b08dad61154961852366deb7540","impliedFormat":1},{"version":"ddff7fc6edbdc5163a09e22bf8df7bef75f75369ebd7ecea95ba55c4386e2441","impliedFormat":1},{"version":"0c05e9842ec4f8b7bfebfd3ca61604bb8c914ba8da9b5337c4f25da427a005f2","impliedFormat":1},{"version":"faed7a5153215dbd6ebe76dfdcc0af0cfe760f7362bed43284be544308b114cf","impliedFormat":1},{"version":"7029e566b8df176f703fb59fd437a38670c7a0e02c58b2d66dfb5b2e2b2defdb","impliedFormat":1},{"version":"7f2aa4d4989a82530aaac3f72b3dceca90e9c25bee0b1a327e8a08a1262435ad","impliedFormat":1},{"version":"d96b39301d0ded3f1a27b47759676a33a02f6f5049bfcbde81e533fd10f50dcb","impliedFormat":1},{"version":"e9f147ecca73d9346a4c073432843c159ccbe50bdcb678a78f6da10eae2cecf4","impliedFormat":1},{"version":"de061f7d72bd65c06fc1419f841dfdcb29a8e22fe6fa527d1e6eb20b897d4de0","impliedFormat":1},{"version":"663beafc2446079574570cba86e9b15f986f908ddb1b01274509970126fee945","impliedFormat":1},{"version":"a3102887d5058bf4cb5b37fa6964c09e9527c42053b3b5c642b89878620748de","impliedFormat":1},{"version":"0aaaa1727edd29673d85c9b26d7ca4d54e5407a48586903c51b48b7f7d196f61","impliedFormat":1},{"version":"d35bca0b261bff02635758c48e8ab99c61c420d0dfabbcf467e847171d876b7d","impliedFormat":1},{"version":"3bc12c40d90c342ff88a3d876996c555ed5cbee5fe8c3308a240b321f401ee46","impliedFormat":1},{"version":"ba130768aae855a5477e9e148e5c879548e6e7ccbcc56fd1934c8a18ea5b7569","impliedFormat":1},{"version":"2e4f37ffe8862b14d8e24ae8763daaa8340c0df0b859d9a9733def0eee7562d9","impliedFormat":1},{"version":"d38530db0601215d6d767f280e3a3c54b2a83b709e8d9001acb6f61c67e965fc","impliedFormat":1},{"version":"6ac6715916fa75a1f7ebdfeacac09513b4d904b667d827b7535e84ff59679aff","impliedFormat":1},{"version":"b499af2054a037a162b3b72cd886f48bbf32a3502c865c6e29fac7d2ab3ce0b5","impliedFormat":1},{"version":"b83cb14474fa60c5f3ec660146b97d122f0735627f80d82dd03e8caa39b4388c","impliedFormat":1},{"version":"48773ca557b0319c2ee62ae249cf52a81709e8be139920d6479a66274de7c4ed","impliedFormat":1},{"version":"7274fbffbd7c9589d8d0ffba68157237afd5cecff1e99881ea3399127e60572f","impliedFormat":1},{"version":"b73cbf0a72c8800cf8f96a9acfe94f3ad32ca71342a8908b8ae484d61113f647","impliedFormat":1},{"version":"bae6dd176832f6423966647382c0d7ba9e63f8c167522f09a982f086cd4e8b23","impliedFormat":1},{"version":"20865ac316b8893c1a0cc383ccfc1801443fbcc2a7255be166cf90d03fac88c9","impliedFormat":1},{"version":"c9958eb32126a3843deedda8c22fb97024aa5d6dd588b90af2d7f2bfac540f23","impliedFormat":1},{"version":"461d0ad8ae5f2ff981778af912ba71b37a8426a33301daa00f21c6ccb27f8156","impliedFormat":1},{"version":"e927c2c13c4eaf0a7f17e6022eee8519eb29ef42c4c13a31e81a611ab8c95577","impliedFormat":1},{"version":"fcafff163ca5e66d3b87126e756e1b6dfa8c526aa9cd2a2b0a9da837d81bbd72","impliedFormat":1},{"version":"70246ad95ad8a22bdfe806cb5d383a26c0c6e58e7207ab9c431f1cb175aca657","impliedFormat":1},{"version":"f00f3aa5d64ff46e600648b55a79dcd1333458f7a10da2ed594d9f0a44b76d0b","impliedFormat":1},{"version":"772d8d5eb158b6c92412c03228bd9902ccb1457d7a705b8129814a5d1a6308fc","impliedFormat":1},{"version":"802e797bcab5663b2c9f63f51bdf67eff7c41bc64c0fd65e6da3e7941359e2f7","impliedFormat":1},{"version":"b01bd582a6e41457bc56e6f0f9de4cb17f33f5f3843a7cf8210ac9c18472fb0f","impliedFormat":1},{"version":"8b4327413e5af38cd8cb97c59f48c3c866015d5d642f28518e3a891c469f240e","impliedFormat":1},{"version":"4cceef18d7f088e797a463e90b7a9dad10c6bc667724b7686e3e740ae00122be","impliedFormat":1},{"version":"7ee86fbb3754388e004de0ef9e6505485ddfb3be7640783d6d015711c03d302d","impliedFormat":1},{"version":"cc1954b539604b1e562319119ac7e888172208b32ca873f9a357a92c826bd046","impliedFormat":1},{"version":"a67b87d0281c97dfc1197ef28dfe397fc2c865ccd41f7e32b53f647184cc7307","impliedFormat":1},{"version":"771ffb773f1ddd562492a6b9aaca648192ac3f056f0e1d997678ff97dbb6bf9b","impliedFormat":1},{"version":"43e96a3d5d1411ab40ba2f61d6a3192e58177bcf3b133a80ad2a16591611726d","impliedFormat":1},{"version":"232f70c0cf2b432f3a6e56a8dc3417103eb162292a9fd376d51a3a9ea5fbbf6f","impliedFormat":1},{"version":"bb8f2dbc03533abca2066ce4655c119bff353dd4514375beb93c08590c03e023","impliedFormat":1},{"version":"706dd95827e7ebaabda91d5db2b755233e0952d98570e9c032b0f066a15c1177","affectsGlobalScope":true,"impliedFormat":1},{"version":"0b103e9abfe82d14c0ad06a55d9f91d6747154ef7cacc73cf27ecad2bfb3afcf","impliedFormat":1},{"version":"cd9304972e6d616197fb44fce00540a904f38b54306a1951b5dbeaf3c01ab5bd","impliedFormat":1},{"version":"77438e2c397a3db78407621cfc57241a305b310ddea2c185f1d555248297f587","impliedFormat":1},{"version":"120599fd965257b1f4d0ff794bc696162832d9d8467224f4665f713a3119078b","impliedFormat":1},{"version":"43ba4f2fa8c698f5c304d21a3ef596741e8e85a810b7c1f9b692653791d8d97a","impliedFormat":1},{"version":"5433f33b0a20300cca35d2f229a7fc20b0e8477c44be2affeb21cb464af60c76","impliedFormat":1},{"version":"db036c56f79186da50af66511d37d9fe77fa6793381927292d17f81f787bb195","impliedFormat":1},{"version":"a6805fcafed712aea7759f8bc731014f9d22738c1d6ef9d43b8091d1d48346d5","impliedFormat":1},{"version":"c49469a5349b3cc1965710b5b0f98ed6c028686aa8450bcb3796728873eb923e","impliedFormat":1},{"version":"4a889f2c763edb4d55cb624257272ac10d04a1cad2ed2948b10ed4a7fda2a428","impliedFormat":1},{"version":"7bb79aa2fead87d9d56294ef71e056487e848d7b550c9a367523ee5416c44cfa","impliedFormat":1},{"version":"d88ea80a6447d7391f52352ec97e56b52ebec934a4a4af6e2464cfd8b39c3ba8","impliedFormat":1},{"version":"142617b3cdf902b69c6464c9fbd942b60ab3e733ca18c032b19e0f7e2adbefe8","impliedFormat":1},{"version":"0b603555f1881f87256ffd6344d3e3ed6d466c2e701eabf381f28be8c2125892","impliedFormat":1},{"version":"897e4f7662488e3ecc79e743bdd3b78f13bdb69a97851afa5b440c4211e32ea9","impliedFormat":1},{"version":"e2e1c6d3b2d93add5200bd7bc1a8cccb4e446836b2111ece45db8683a2c765de","impliedFormat":1},{"version":"251b03d5cd243854ce870d9a9a39f491faf69898c5d6b5eee28cc7649c57417b","impliedFormat":1},{"version":"27ff4196654e6373c9af16b6165120e2dd2169f9ad6abb5c935af5abd8c7938c","impliedFormat":1},{"version":"2c4de79f406d137390608e8c0a44fba2ff8e00bacfcae7c9d1781fef10e9440d","impliedFormat":1},{"version":"07ba23a10465791be5d22deaf5ef7de7658774ddff53721e5ea17fedea1bc721","impliedFormat":1},{"version":"dca8c645c5afeb03b1ecedbf16323f33e7d0afaa6256c8e047e6e38087a97f53","impliedFormat":1},{"version":"775f181bd4a533d6f8b5e55ec1d9f1624559720ae8a70e9432258da26b38d27c","impliedFormat":1},{"version":"796273b2edc72e78a04e86d7c58ae94d370ab93a0ddf40b1aa85a37a1c29ecd7","impliedFormat":1},{"version":"5df15a69187d737d6d8d066e189ae4f97e41f4d53712a46b2710ff9f8563ec9f","impliedFormat":1},{"version":"7715134a0cf07dd41a9da2895d708625a3a303a0385e355ecaaf0b8bfaef2550","impliedFormat":1},{"version":"6ac6715916fa75a1f7ebdfeacac09513b4d904b667d827b7535e84ff59679aff","impliedFormat":1},{"version":"622694a8522b46f6310c2a9b5d2530dde1e2854cb5829354e6d1ff8f371cf469","impliedFormat":1},{"version":"cd8ce8d68567f62dd580b3c3c37777ac3f5b81944c7417f5ea83030eab533385","impliedFormat":1},{"version":"e5c939d896565dcac0f6fbdbada11284e7728ef26a069561c09aa5aa4a788393","impliedFormat":1},{"version":"9e2739b32f741859263fdba0244c194ca8e96da49b430377930b8f721d77c000","impliedFormat":1},{"version":"a9e6c0ff3f8186fccd05752cf75fc94e147c02645087ac6de5cc16403323d870","impliedFormat":1},{"version":"49af4b52f0d4d2304c5f2c6fe5fab3e153e0acc38830d0202821b877c097dd02","impliedFormat":1},{"version":"49c346823ba6d4b12278c12c977fb3a31c06b9ca719015978cb145eb86da1c61","impliedFormat":1},{"version":"bfac6e50eaa7e73bb66b7e052c38fdc8ccfc8dbde2777648642af33cf349f7f1","impliedFormat":1},{"version":"92f7c1a4da7fbfd67a2228d1687d5c2e1faa0ba865a94d3550a3941d7527a45d","impliedFormat":1},{"version":"f53b120213a9289d9a26f5af90c4c686dd71d91487a0aa5451a38366c70dc64b","impliedFormat":1},{"version":"e68b8e5a1df7c1be2bc105141456ecba70215806e1c28bfbc5c12bfce4be6e68","impliedFormat":1},{"version":"511c8f02329808d47d00b859c532ae9115590048b17325a946c74dac48428650","impliedFormat":1},{"version":"57d67b72e06059adc5e9454de26bbfe567d412b962a501d263c75c2db430f40e","impliedFormat":1},{"version":"b5f9e66625783eefcbe3d2da074b2e7ba2066d61ce3fc6ef4f22805ad946cab4","impliedFormat":1},{"version":"e37115962d284b9f7a37c2bdd2add50f88365dde41f5e0ff591ffc48a8ec7575","impliedFormat":1},{"version":"6459054aabb306821a043e02b89d54da508e3a6966601a41e71c166e4ea1474f","impliedFormat":1},{"version":"bb37588926aba35c9283fe8d46ebf4e79ffe976343105f5c6d45f282793352b2","impliedFormat":1},{"version":"f89488602bec98a142072fae7ea5ba99431a569ff580c64b7be39896474799d8","impliedFormat":1},{"version":"bbbc47961f39a57df103cf4ca3bb8f8732b4b6678a18225a0aa76d59c466956c","impliedFormat":1},{"version":"2e6114a7dd6feeef85b2c80120fdbfb59a5529c0dcc5bfa8447b6996c97a69f5","impliedFormat":1},{"version":"2ffb043dc5163458e473b7010859f86e01dc4edffcae0a93d885d028b426a546","impliedFormat":1},{"version":"c8f004e6036aa1c764ad4ec543cf89a5c1893a9535c80ef3f2b653e370de45e6","impliedFormat":1},{"version":"dd80b1e600d00f5c6a6ba23f455b84a7db121219e68f89f10552c54ba46e4dc9","impliedFormat":1},{"version":"b064c36f35de7387d71c599bfcf28875849a1dbc733e82bd26cae3d1cd060521","impliedFormat":1},{"version":"05c7280d72f3ed26f346cbe7cbbbb002fb7f15739197cbbee6ab3fd1a6cb9347","impliedFormat":1},{"version":"8de9fe97fa9e00ec00666fa77ab6e91b35d25af8ca75dabcb01e14ad3299b150","impliedFormat":1},{"version":"04b7b2e0832dfd3c31e81df3975e8d8fda28e7ff999b0aa2932608a8f6661d5c","impliedFormat":1},{"version":"ca2d34c6ed5cbd3070b8b6f32f42ae54adcc6499c1e4b99f0a5798b3f27cc653","impliedFormat":1},{"version":"9ec68995e66dd6b9dac834bf5ae85fde802714ea2e82151a5d1d53ef01b463ef","impliedFormat":1},{"version":"5c4d626b4902f2ef8a1cc146d761d276cef988016dc674e3b98fbad70e64bc9f","impliedFormat":1},{"version":"fdfaa0aad899524962e2955287b5b991ffe3be50f64e02eb60c933ca44644a94","impliedFormat":1},{"version":"53c972a0f9bc3a4ec70fff7314123ea8cfcf75b3703046f767d2dc1eea87b2fb","impliedFormat":1},{"version":"f974e4a06953682a2c15d5bd5114c0284d5abf8bc0fe4da25cb9159427b70072","impliedFormat":1},{"version":"50256e9c31318487f3752b7ac12ff365c8949953e04568009c8705db802776fb","impliedFormat":1},{"version":"7d73b24e7bf31dfb8a931ca6c4245f6bb0814dfae17e4b60c9e194a631fe5f7b","impliedFormat":1},{"version":"d130c5f73768de51402351d5dc7d1b36eaec980ca697846e53156e4ea9911476","impliedFormat":1},{"version":"413586add0cfe7369b64979d4ec2ed56c3f771c0667fbde1bf1f10063ede0b08","impliedFormat":1},{"version":"06472528e998d152375ad3bd8ebcb69ff4694fd8d2effaf60a9d9f25a37a097a","impliedFormat":1},{"version":"7303b45138d2511035056a5901a1490ebdcbf055cbb1276f8629c5121cbe733e","impliedFormat":1},{"version":"27f874cd5327507eeff699a74567f60c1215b94509f4308633a7b01922471ed2","impliedFormat":1},{"version":"a401617604fa1f6ce437b81689563dfdc377069e4c58465dbd8d16069aede0a5","impliedFormat":1},{"version":"2c6cf04bc525caf6546e859e8ef10bfb9573837ec0bc5ec7b53a7b1b8ca72781","impliedFormat":1},{"version":"8695dec09ad439b0ceef3776ea68a232e381135b516878f0901ed2ea114fd0fe","impliedFormat":1},{"version":"304b44b1e97dd4c94697c3313df89a578dca4930a104454c99863f1784a54357","impliedFormat":1},{"version":"0a437ae178f999b46b6153d79095b60c42c996bc0458c04955f1c996dc68b971","impliedFormat":1},{"version":"74b2a5e5197bd0f2e0077a1ea7c07455bbea67b87b0869d9786d55104006784f","impliedFormat":1},{"version":"4a7baeb6325920044f66c0f8e5e6f1f52e06e6d87588d837bdf44feb6f35c664","impliedFormat":1},{"version":"87cc05fe13108f02e12da7e3efd8e360fef78d96a0c9e11408ea1b1b9fb3e03d","impliedFormat":1},{"version":"1abbf67c218d23c2ce76887caac2df6c7dab3d97ba2b65348432b876f510002a","impliedFormat":1},{"version":"1a82deef4c1d39f6882f28d275cad4c01f907b9b39be9cbc472fcf2cf051e05b","impliedFormat":1},{"version":"4b20fcf10a5413680e39f5666464859fc56b1003e7dfe2405ced82371ebd49b6","impliedFormat":1},{"version":"c06ef3b2569b1c1ad99fcd7fe5fba8d466e2619da5375dfa940a94e0feea899b","impliedFormat":1},{"version":"f7d628893c9fa52ba3ab01bcb5e79191636c4331ee5667ecc6373cbccff8ae12","impliedFormat":1},{"version":"1d879125d1ec570bf04bc1f362fdbe0cb538315c7ac4bcfcdf0c1e9670846aa6","impliedFormat":1},{"version":"dad97c99382889e9c7d1a9d8275500ff71235130fae9f8916fdbf3641d56e592","impliedFormat":1},{"version":"a6dba407fc287f1e25454e75028c91bbc00675f2d1c4e8b3edcc36c08611a486","impliedFormat":1},{"version":"d663134457d8d669ae0df34eabd57028bddc04fc444c4bc04bc5215afc91e1f4","impliedFormat":1},{"version":"e91f7b1344577a02f051b9b471f33044fef8334a76dc9e1de003d17595a5219b","impliedFormat":1},{"version":"c0723195c85e19656d6b5b9fdb81d3f3403c1ae4679e722c6ea058c516b38d12","impliedFormat":1},{"version":"b55eb9f72166093b5460d34b34f5d8699c968de3bc3fc696e40f2c93f2ebf650","impliedFormat":1},{"version":"71d9eb4c4e99456b78ae182fb20a5dfc20eb1667f091dbb9335b3c017dd1c783","impliedFormat":1},{"version":"cfa846a7b7847a1d973605fbb8c91f47f3a0f0643c18ac05c47077ebc72e71c7","impliedFormat":1},{"version":"1594da19968752a22b2ac48c2d0e60575700e745c577a8a4a676b841238ad5bb","impliedFormat":1},{"version":"e0cee12109e0a10a4c3d6769fcc7644b7c1ea7f52365bea51728f5af29f8a137","impliedFormat":1},{"version":"7d4254b4c6c67a29d5e7f65e67d72540480ac2cfb041ca484847f5ae70480b62","impliedFormat":1},{"version":"3536968defef8a75514f547ead5e2e9c1e984820290ec9b00c5fdfb6ef786535","impliedFormat":1},{"version":"d83773870080c30a230e322ce13a9c6f3398e8dacea4ea8a83e26370f3bac23e","impliedFormat":1},{"version":"dcfeaf98d66314fec29a9076c4290e45d0b196a65827becc19138e9c7b855f37","impliedFormat":1},{"version":"6849fe9210fe4946d5f085bfed36758f33dc6ae15a751338d178dd4daa017c46","impliedFormat":1},{"version":"888cda0fa66d7f74e985a3f7b1af1f64b8ff03eb3d5e80d051c3cbdeb7f32ab7","impliedFormat":1},{"version":"60681e13f3545be5e9477acb752b741eae6eaf4cc01658a25ec05bff8b82a2ef","impliedFormat":1},{"version":"ffae4e1e06aa848a1e4bcef162cd1c48e5909b26223515981310af9c036bdfc7","impliedFormat":1},{"version":"a57b1802794433adec9ff3fed12aa79d671faed86c49b09e02e1ac41b4f1d33a","impliedFormat":1},{"version":"34e16eb7c31768a11a08aebcfb3d70d7b8f0b016197e98d8419e566ceae6d6c8","impliedFormat":1},{"version":"f94ec1f7e4b709d26960306c9082a7a1b728a6e13089346aa48ba57c74cbf47e","impliedFormat":1},{"version":"9a11cb4033405e96c247cd5aa29790212aaffdd127869e8a5219103f0b389fd5","impliedFormat":1},{"version":"01479d9d5a5dda16d529b91811375187f61a06e74be294a35ecce77e0b9e8d6c","impliedFormat":1},{"version":"aff5213585cb72e94054dfe17250ff315f3569b3919d1ef1ad235f37c4ee894e","impliedFormat":1},{"version":"fb2ea35e1be6388d722d7725e2b49c697d34d9c890c3b96758faaeb86d35cef8","impliedFormat":1},{"version":"ce0df82a9ae6f914ba08409d4d883983cc08e6d59eb2df02d8e4d68309e7848b","impliedFormat":1},{"version":"1a4dc28334a926d90ba6a2d811ba0ff6c22775fcc13679521f034c124269fd40","impliedFormat":1},{"version":"f05315ff85714f0b87cc0b54bcd3dde2716e5a6b99aedcc19cad02bf2403e08c","impliedFormat":1},{"version":"5fad3b31fc17a5bc58095118a8b160f5260964787c52e7eb51e3d4fcf5d4a6f0","impliedFormat":1},{"version":"72105519d0390262cf0abe84cf41c926ade0ff475d35eb21307b2f94de985778","impliedFormat":1},{"version":"456006a6975b26c0a1785feddae165f6d307e2d601ffde27e21fc4a790e448a4","impliedFormat":1},{"version":"c857e0aae3f5f444abd791ec81206020fbcc1223e187316677e026d1c1d6fe08","impliedFormat":1},{"version":"ccf6dd45b708fb74ba9ed0f2478d4eb9195c9dfef0ff83a6092fa3cf2ff53b4f","impliedFormat":1},{"version":"1fe0d18b111e1145a7e7601855bccd4ca20f24e3b9a5aba6bb1fa9d1a7059170","impliedFormat":1},{"version":"5632c3c26d420c063eebe64c45b1248b9492a67bf44f1d0c57e9dc8f6cf449bb","impliedFormat":1},{"version":"0df5aa619ab12993a39ea6dae062ee46eadbb4d738916460e636ada52bced75b","impliedFormat":1},{"version":"8fca3039857709484e5893c05c1f9126ab7451fa6c29e19bb8c2411a2e937345","impliedFormat":1},{"version":"35069c2c417bd7443ae7c7cafd1de02f665bf015479fec998985ffbbf500628c","impliedFormat":1},{"version":"10ab7be91f87ebe8916b62cf28af2e45b5601fc7b0e311adf838f912c6b31dd8","impliedFormat":1},{"version":"bc636fbc08e0979ceb7eb0731a33000283d77a33b62e1f71ee65be50394e40ba","impliedFormat":1},{"version":"7e0b7f91c5ab6e33f511efc640d36e6f933510b11be24f98836a20a2dc914c2d","impliedFormat":1},{"version":"045b752f44bf9bbdcaffd882424ab0e15cb8d11fa94e1448942e338c8ef19fba","impliedFormat":1},{"version":"2894c56cad581928bb37607810af011764a2f511f575d28c9f4af0f2ef02d1ab","impliedFormat":1},{"version":"0a72186f94215d020cb386f7dca81d7495ab6c17066eb07d0f44a5bf33c1b21a","impliedFormat":1},{"version":"75bbd3be047d539988a0ff0b56384ef7a6a25f3b676ad96bee547d44c31622a7","impliedFormat":1},{"version":"42960001a776b089ade681ab5cfddc936e0afb0615133ec1841f3dee89d3e1bf","impliedFormat":1},{"version":"0aedb02516baf3e66b2c1db9fef50666d6ed257edac0f866ea32f1aa05aa474f","impliedFormat":1},{"version":"da47712b394d944328245482603bc6f416d3949b67c9392279caab595076b510","affectsGlobalScope":true,"impliedFormat":1},{"version":"37d0071d8f0a06dc55c2c5e0ec3391affd4fd107c53410bf358196ec0bf3923f","impliedFormat":1},{"version":"b213dad76ca37fd552274c9499056e1c0d9c1bd38a55bb7f68b22ba6b84c3ad7","impliedFormat":1},{"version":"56ccb49443bfb72e5952f7012f0de1a8679f9f75fc93a5c1ac0bafb28725fc5f","impliedFormat":1},{"version":"20fa37b636fdcc1746ea0738f733d0aed17890d1cd7cb1b2f37010222c23f13e","impliedFormat":1},{"version":"d90b9f1520366d713a73bd30c5a9eb0040d0fb6076aff370796bc776fd705943","impliedFormat":1},{"version":"bc03c3c352f689e38c0ddd50c39b1e65d59273991bfc8858a9e3c0ebb79c023b","impliedFormat":1},{"version":"19df3488557c2fc9b4d8f0bac0fd20fb59aa19dec67c81f93813951a81a867f8","affectsGlobalScope":true,"impliedFormat":1},{"version":"b25350193e103ae90423c5418ddb0ad1168dc9c393c9295ef34980b990030617","affectsGlobalScope":true,"impliedFormat":1},{"version":"bef86adb77316505c6b471da1d9b8c9e428867c2566270e8894d4d773a1c4dc2","impliedFormat":1},{"version":"5a49adaef698b7ad7e6127949fa1b0bbd3d46b7cbd11c54e392a4dcdd51f5190","impliedFormat":1},{"version":"6ee598cdfdd0fa52039dca135b3dfff7b49035dc13292143e0a93843e3861967","impliedFormat":1},{"version":"27be6622e2922a1b412eb057faa854831b95db9db5035c3f6d4b677b902ab3b7","impliedFormat":1},{"version":"5c634644d45a1b6bc7b05e71e05e52ec04f3d73d9ac85d5927f647a5f965181a","impliedFormat":1},{"version":"2489bf04d77dc025ba67f49f1a56eb24b9db477d5ff88123d887e163ed1776aa","impliedFormat":1},{"version":"63a7595a5015e65262557f883463f934904959da563b4f788306f699411e9bac","impliedFormat":1},{"version":"4ba137d6553965703b6b55fd2000b4e07ba365f8caeb0359162ad7247f9707a6","impliedFormat":1},{"version":"0b77b819b5417775fccb20c678293cf614c054a5b1a65421a5b933a9124ba998","impliedFormat":1},{"version":"eb5acb58487367e502d994b57e2c58255d8241f481ea8efa8e79af23af3f41c2","impliedFormat":1},{"version":"9252d498a77517aab5d8d4b5eb9d71e4b225bbc7123df9713e08181de63180f6","impliedFormat":1},{"version":"b1f1d57fde8247599731b24a733395c880a6561ec0c882efaaf20d7df968c5af","impliedFormat":1},{"version":"6715dc4eb59c8ea9abe2b78c235ed331dc710a06fe56798868dbc4d40cd1b707","impliedFormat":1},{"version":"35e6379c3f7cb27b111ad4c1aa69538fd8e788ab737b8ff7596a1b40e96f4f90","impliedFormat":1},{"version":"1fffe726740f9787f15b532e1dc870af3cd964dbe29e191e76121aa3dd8693f2","impliedFormat":1},{"version":"5a3ea721d03a361ccbdd7390ccd75f6e84cbca3a3f01f4b331ecc9af31890c49","impliedFormat":1},{"version":"e7dfaee4af38d45b1cab8a1ee0b3bc1f85ddcf64545ed391d675d78ae6526274","affectsGlobalScope":true,"impliedFormat":1},{"version":"e8daa443eaf9a27fd382cc1f8ebe30330c0f4d89511cfb469166874806751d35","impliedFormat":1},{"version":"af48e58339188d5737b608d41411a9c054685413d8ae88b8c1d0d9bfabdf6e7e","impliedFormat":1},{"version":"616775f16134fa9d01fc677ad3f76e68c051a056c22ab552c64cc281a9686790","impliedFormat":1},{"version":"65c24a8baa2cca1de069a0ba9fba82a173690f52d7e2d0f1f7542d59d5eb4db0","impliedFormat":1},{"version":"f9fe6af238339a0e5f7563acee3178f51db37f32a2e7c09f85273098cee7ec49","impliedFormat":1},{"version":"1de8c302fd35220d8f29dea378a4ae45199dc8ff83ca9923aca1400f2b28848a","impliedFormat":1},{"version":"77e71242e71ebf8528c5802993697878f0533db8f2299b4d36aa015bae08a79c","impliedFormat":1},{"version":"98a787be42bd92f8c2a37d7df5f13e5992da0d967fab794adbb7ee18370f9849","impliedFormat":1},{"version":"332248ee37cca52903572e66c11bef755ccc6e235835e63d3c3e60ddda3e9b93","impliedFormat":1},{"version":"94e8cc88ae2ef3d920bb3bdc369f48436db123aa2dc07f683309ad8c9968a1e1","impliedFormat":1},{"version":"4545c1a1ceca170d5d83452dd7c4994644c35cf676a671412601689d9a62da35","impliedFormat":1},{"version":"320f4091e33548b554d2214ce5fc31c96631b513dffa806e2e3a60766c8c49d9","impliedFormat":1},{"version":"a2d648d333cf67b9aeac5d81a1a379d563a8ffa91ddd61c6179f68de724260ff","impliedFormat":1},{"version":"d90d5f524de38889d1e1dbc2aeef00060d779f8688c02766ddb9ca195e4a713d","impliedFormat":1},{"version":"07ed3ddab975995eea41b22f3010506fb9f5fb301d04820b07d7a1aee5477d7c","impliedFormat":1},{"version":"969d8b0965849f4bae7cab0ba90bd1e1220e95999c2c6f01117fa7500901c017","impliedFormat":1},{"version":"6ec840ee5e2bc103f557fe38b1d585ee250540468713d7634ee066de372bf332","impliedFormat":1},{"version":"b0309e1eda99a9e76f87c18992d9c3689b0938266242835dd4611f2b69efe456","impliedFormat":1},{"version":"47699512e6d8bebf7be488182427189f999affe3addc1c87c882d36b7f2d0b0e","impliedFormat":1},{"version":"6ceb10ca57943be87ff9debe978f4ab73593c0c85ee802c051a93fc96aaf7a20","impliedFormat":1},{"version":"1de3ffe0cc28a9fe2ac761ece075826836b5a02f340b412510a59ba1d41a505a","impliedFormat":1},{"version":"e46d6cc08d243d8d0d83986f609d830991f00450fb234f5b2f861648c42dc0d8","impliedFormat":1},{"version":"1c0a98de1323051010ce5b958ad47bc1c007f7921973123c999300e2b7b0ecc0","impliedFormat":1},{"version":"ff863d17c6c659440f7c5c536e4db7762d8c2565547b2608f36b798a743606ca","impliedFormat":1},{"version":"5412ad0043cd60d1f1406fc12cb4fb987e9a734decbdd4db6f6acf71791e36fe","impliedFormat":1},{"version":"ad036a85efcd9e5b4f7dd5c1a7362c8478f9a3b6c3554654ca24a29aa850a9c5","impliedFormat":1},{"version":"fedebeae32c5cdd1a85b4e0504a01996e4a8adf3dfa72876920d3dd6e42978e7","impliedFormat":1},{"version":"e297c0a524edee7677939122f90027bfbe5f2698939d9a85728e5044b39c7124","impliedFormat":1},{"version":"cdf21eee8007e339b1b9945abf4a7b44930b1d695cc528459e68a3adc39a622e","impliedFormat":1},{"version":"bc9ee0192f056b3d5527bcd78dc3f9e527a9ba2bdc0a2c296fbc9027147df4b2","impliedFormat":1},{"version":"b62381cae176db34f003cc6172ee8f3e0122014889d66391aa73698105cf4934","impliedFormat":1},{"version":"1d9c0a9a6df4e8f29dc84c25c5aa0bb1da5456ebede7a03e03df08bb8b27bae6","impliedFormat":1},{"version":"84380af21da938a567c65ef95aefb5354f676368ee1a1cbb4cae81604a4c7d17","impliedFormat":1},{"version":"1af3e1f2a5d1332e136f8b0b95c0e6c0a02aaabd5092b36b64f3042a03debf28","impliedFormat":1},{"version":"30d8da250766efa99490fc02801047c2c6d72dd0da1bba6581c7e80d1d8842a4","impliedFormat":1},{"version":"03566202f5553bd2d9de22dfab0c61aa163cabb64f0223c08431fb3fc8f70280","impliedFormat":1},{"version":"41eb514d9ce0a6e87957f08a4b7af70d93f87637f37dee706e2d92a6601c25a9","impliedFormat":1},{"version":"e7765aa8bcb74a38b3230d212b4547686eb9796621ffb4367a104451c3f9614f","impliedFormat":1},{"version":"1de80059b8078ea5749941c9f863aa970b4735bdbb003be4925c853a8b6b4450","impliedFormat":1},{"version":"1d079c37fa53e3c21ed3fa214a27507bda9991f2a41458705b19ed8c2b61173d","impliedFormat":1},{"version":"5bf5c7a44e779790d1eb54c234b668b15e34affa95e78eada73e5757f61ed76a","impliedFormat":1},{"version":"5835a6e0d7cd2738e56b671af0e561e7c1b4fb77751383672f4b009f4e161d70","impliedFormat":1},{"version":"4b7f74b772140395e7af67c4841be1ab867c11b3b82a51b1aeb692822b76c872","impliedFormat":1},{"version":"7bd01f0f28cd3aeb2046274d85208e245965f6f2948edf4f7b2057bcf9f22ccc","impliedFormat":99},{"version":"d2f2cf2b8cc92bea913cda4a076e0f790b23a21e84f989d12f0116a7fe3906e0","impliedFormat":99},{"version":"6de125ea94866c736c6d58d68eb15272cf7d1020a5b459fea1c660027eca9a90","affectsGlobalScope":true,"impliedFormat":1},{"version":"f5b20bc288ee49989c95b20847fc93b96bf61cc0845598897a6a53a967dd7d07","affectsGlobalScope":true,"impliedFormat":1},{"version":"064ac1c2ac4b2867c2ceaa74bbdce0cb6a4c16e7c31a6497097159c18f74aa7c","impliedFormat":1},{"version":"3dc14e1ab45e497e5d5e4295271d54ff689aeae00b4277979fdd10fa563540ae","impliedFormat":1},{"version":"d3b315763d91265d6b0e7e7fa93cfdb8a80ce7cdd2d9f55ba0f37a22db00bdb8","impliedFormat":1},{"version":"b789bf89eb19c777ed1e956dbad0925ca795701552d22e68fd130a032008b9f9","impliedFormat":1},{"version":"0405c745f276c12f963d9f641451651661d3293041f18d47cae93b5bf0b5fc13","affectsGlobalScope":true},"7ad303e40d4fddf44f156129e397511953a71481c5cfd86b1862649aaaf240cc",{"version":"bae8d023ef6b23df7da26f51cea44321f95817c190342a36882e93b80d07a960","impliedFormat":1},{"version":"26a770cec4bd2e7dbba95c6e536390fffe83c6268b78974a93727903b515c4e7","impliedFormat":1},{"version":"dd5115b329c19c4385af13eda13e3ab03355e711c3f313173fd54ed7d08cfd39","impliedFormat":99},{"version":"035a5df183489c2e22f3cf59fc1ed2b043d27f357eecc0eb8d8e840059d44245","impliedFormat":1},{"version":"0d14fa22c41fdc7277e6f71473b20ebc07f40f00e38875142335d5b63cdfc9d2","impliedFormat":1},{"version":"a4809f4d92317535e6b22b01019437030077a76fec1d93b9881c9ed4738fcc54","impliedFormat":1},{"version":"5f53fa0bd22096d2a78533f94e02c899143b8f0f9891a46965294ee8b91a9434","impliedFormat":1},{"version":"e1028394c1cf96d5d057ecc647e31e457b919092f882ed0c7092152b077fed9d","impliedFormat":1},{"version":"f315e1e65a1f80992f0509e84e4ae2df15ecd9ef73df975f7c98813b71e4c8da","impliedFormat":1},{"version":"e00243d23c495ca2170c9b9e20b5c92331239100b51efdc2b4401cdad859bbef","impliedFormat":1},{"version":"ab82804a14454734010dcdcd43f564ff7b0389bee4c5692eec76ff5b30d4cf66","impliedFormat":1},{"version":"6fa5d56af71f07dc276aae3f6f30807a9cccf758517fb39742af72e963553d80","impliedFormat":1},{"version":"253b95673c4e01189af13e855c76a7f7c24197f4179954521bf2a50db5cfe643","impliedFormat":1},{"version":"afe73051ff6a03a9565cbd8ebb0e956ee3df5e913ad5c1ded64218aabfa3dcb5","impliedFormat":1},{"version":"31f24e33f22172ba0cc8cdc640779fb14c3480e10b517ad1b4564e83fa262a2b","impliedFormat":1},{"version":"f380ae8164792d9690a74f6b567b9e43d5323b580f074e50f68f983c0d073b5b","impliedFormat":1},{"version":"0fd641a3b3e3ec89058051a284135a3f30b94a325fb809c4e4159ec5495b5cdc","impliedFormat":1},{"version":"7b20065444d0353a2bc63145481e519e02d9113a098a2db079da21cb60590ef0","impliedFormat":1},{"version":"9f162ee475383c13e350c73e24db5adc246fba830b9d0cc11d7048af9bbd0a29","impliedFormat":1},{"version":"ce7c3363c40cd2fcc994517c7954954d1c70de2d972df7e45fa83837593b8687","impliedFormat":1},{"version":"6ab1224e0149cc983d5da72ff3540bc0cad8ee7b23cf2a3da136f77f76d01763","impliedFormat":1},{"version":"e059fb0805a29ea3976d703a6f082c1493ac5583ca8011e8c5b86d0a23667d0d","impliedFormat":1},{"version":"16fbf548a0337a83d30552e990b6832fd24bbc47042a8c491e1dc93029b4222f","impliedFormat":1},{"version":"0c4c7303956a4726568c801dcd81e9fbce32fbf74565f735bbcf46ba66417769","impliedFormat":1},{"version":"f39848c7895fd6373d5e30089e7fb1d10c464e7eeb37ce1ea47d188a707b162c","impliedFormat":1},{"version":"9249c34e7282d17a2749677c3521ea625f73c2b48792af08fa9c5e09abc6a882","impliedFormat":1},{"version":"ae77d81a5541a8abb938a0efedf9ac4bea36fb3a24cc28cfa11c598863aba571","impliedFormat":1},{"version":"f329dfad7970297cbf07ddc8fce2ad4a24e2a3855917c661922ef86eb24dd1f1","impliedFormat":1},{"version":"841784cfa9046a2b3e453d638ea5c3e53680eb8225a45db1c13813f6ea4095e5","affectsGlobalScope":true,"impliedFormat":1},{"version":"646ef1cff0ec3cf8e96adb1848357788f244b217345944c2be2942a62764b771","impliedFormat":1},{"version":"3cfb7c0c642b19fb75132154040bb7cd840f0002f9955b14154e69611b9b3f81","impliedFormat":1},{"version":"8387ec1601cf6b8948672537cf8d430431ba0d87b1f9537b4597c1ab8d3ade5b","impliedFormat":1},{"version":"d16f1c460b1ca9158e030fdf3641e1de11135e0c7169d3e8cf17cc4cc35d5e64","impliedFormat":1},{"version":"a934063af84f8117b8ce51851c1af2b76efe960aa4c7b48d0343a1b15c01aedf","impliedFormat":1},{"version":"e3c5ad476eb2fca8505aee5bdfdf9bf11760df5d0f9545db23f12a5c4d72a718","impliedFormat":1},{"version":"462bccdf75fcafc1ae8c30400c9425e1a4681db5d605d1a0edb4f990a54d8094","impliedFormat":1},{"version":"5923d8facbac6ecf7c84739a5c701a57af94a6f6648d6229a6c768cf28f0f8cb","impliedFormat":1},{"version":"d0570ce419fb38287e7b39c910b468becb5b2278cf33b1000a3d3e82a46ecae2","impliedFormat":1},{"version":"3aca7f4260dad9dcc0a0333654cb3cde6664d34a553ec06c953bce11151764d7","impliedFormat":1},{"version":"a0a6f0095f25f08a7129bc4d7cb8438039ec422dc341218d274e1e5131115988","impliedFormat":1},{"version":"b58f396fe4cfe5a0e4d594996bc8c1bfe25496fbc66cf169d41ac3c139418c77","impliedFormat":1},{"version":"45785e608b3d380c79e21957a6d1467e1206ac0281644e43e8ed6498808ace72","impliedFormat":1},{"version":"bece27602416508ba946868ad34d09997911016dbd6893fb884633017f74e2c5","impliedFormat":1},{"version":"2a90177ebaef25de89351de964c2c601ab54d6e3a157cba60d9cd3eaf5a5ee1a","impliedFormat":1},{"version":"82200e963d3c767976a5a9f41ecf8c65eca14a6b33dcbe00214fcbe959698c46","impliedFormat":1},{"version":"b4966c503c08bbd9e834037a8ab60e5f53c5fd1092e8873c4a1c344806acdab2","impliedFormat":1},{"version":"3d3208d0f061e4836dd5f144425781c172987c430f7eaee483fadaa3c5780f9f","impliedFormat":1},{"version":"34a8a5b4c21e7a6d07d3b6bce72371da300ec1aed58961067e13f1f4dc849712","impliedFormat":1},{"version":"32a2eb76c54115dac8d3e69cc17458c4b11ea5a21869cdfbd7930ede7530bd52","signature":"a46d66851af2c056e805fdd574bf5ec3adb1181c43c5e41f0a1c592e338afe64"},{"version":"8d0a08ceba47917e3f3667a238807ae13018e6f76133753542626b827b7bdb3e","signature":"fe30465f81a37f23a168022109187dbd1951404e3ec2fbc6516d584c597f1325"},{"version":"62d97e6a1566c6233262b5de854241b68128d51fe49c65eb1329f26a686e263d","signature":"4a10be7c30a11996bf5752d7256207227e9e8cb64e985b9fb2904a002b9b6502"},{"version":"9109c457faa11e4e122379d2c0b72b1b733b3bfa5cefc03f22b3b7106b423930","signature":"131ec4ba95a194783a3ef845c6c54cd22966f62dc8b65040fbba51ce470261fc"},{"version":"386786974044aaade3854f63b870246fb0766a2556cb68a44cac289e2fd9cac3","signature":"58f744f4520828eecd9a0587d6faf65a68fede43393c2de82a4acfc352637cbf"},{"version":"1fab86663f650569edb41a10810fdb909f9b636dbb57ed8fabdc0dde770fa0f6","signature":"439adc231d360317c411ce4c88b98492a63e242b8c1d1664b5c534bcd7662d4b"},{"version":"071d68ed5f23e36981c63466c618bf5e33ccf0e88f56c80c956df162adf856e1","signature":"131ec4ba95a194783a3ef845c6c54cd22966f62dc8b65040fbba51ce470261fc"},{"version":"91cab884fcbe2fa48858e16cb5fc36da20b0fef888e6c0488cd56faecb02a500","signature":"439adc231d360317c411ce4c88b98492a63e242b8c1d1664b5c534bcd7662d4b"},{"version":"96f86abc428e52cb4b2eb4a7ef675cfabcb4d99a51f6e102762fac26ed687747","signature":"3704be09b2e5297a18c95ef01c369c8548ee6ee4afe41c6536b52df1105d0961"},{"version":"be8f1069dd25e34d4c000b927c0f5f909ce5f65735df2b2804f714217e573d2a","signature":"131ec4ba95a194783a3ef845c6c54cd22966f62dc8b65040fbba51ce470261fc"},{"version":"428738754103b3eab401fd038ae9d74e4bf77bcf4dd765aba138d993e23e3535","signature":"131ec4ba95a194783a3ef845c6c54cd22966f62dc8b65040fbba51ce470261fc"},{"version":"d55a874ed2783bbf4aaa13333384296efae2b934a14e6e415d6fb043e8ac7b0b","signature":"13c9020c88ebb4a44fe64a82fed9395798b9aebb49177137b3b42666ea150371"},{"version":"975180250120397db0ddcc723994886e0345128c4f40528d1ca6ad0c15aef2d1","signature":"691bb3e7aad52b4557579f838a5f87e203b74b916eb794b1bdc326d02bf34de2"},{"version":"557f30573e112f344238b0321121c9d6741b5a07de59240d2afa8a73badc2d72","signature":"37f379552fcce4c75400013076cdc42f0b3bbefd16ee978cd87c5bccc94d173f"},{"version":"12c0d1d96bf61f8462dde5d85db8610a53cde158d677ccc60eed3cae1d2f4da0","signature":"37f379552fcce4c75400013076cdc42f0b3bbefd16ee978cd87c5bccc94d173f"},{"version":"ca4d3b3b5d9cc4b51c23f59c4c9b6c71e25f21aff3e56010c90f2bad77ceaf0e","signature":"d7ccf6184e7f93272615ae70633ca9e5c5a5e454b4f0b781835b4652effc95f9"},{"version":"fcb420804f308c76d637cb55b0525d2626307abd8caa876a5cdab9447a91fd14","signature":"439adc231d360317c411ce4c88b98492a63e242b8c1d1664b5c534bcd7662d4b"},{"version":"32af6a49e41856c4c7a4cbc0290c8cd5dcc98b4beeb7a81c466f4a2fd44b62cf","signature":"429f3f57fd9f5c60809df3da1ea885d4b4b848f198918350b2868eb6450b9aa3"},{"version":"f79a083745f83b82e0c8ee6d36ce76d48e705cab5aee03f78b08a0ccc6a2c843","signature":"691bb3e7aad52b4557579f838a5f87e203b74b916eb794b1bdc326d02bf34de2"},{"version":"d16bc26ae8216d0d0e927b031b723f7b10a17bde1ddaf9670d4d4ace645aa065","signature":"131ec4ba95a194783a3ef845c6c54cd22966f62dc8b65040fbba51ce470261fc"},{"version":"f5980d624c06a7365308880028eef90f4c303698c65fbcf88980eefc6d108674","signature":"131ec4ba95a194783a3ef845c6c54cd22966f62dc8b65040fbba51ce470261fc"},{"version":"43be7414a7c18e8864e694b1c1e03f67c528754f431133aab2e6768a72085108","signature":"439adc231d360317c411ce4c88b98492a63e242b8c1d1664b5c534bcd7662d4b"},{"version":"45dbb46df27b22b8c45dc7c37ef4c5b75e59048468d03c4e0afcdde913e7c67e","signature":"131ec4ba95a194783a3ef845c6c54cd22966f62dc8b65040fbba51ce470261fc"},{"version":"6fbc3fcd34f226f4d2aad9fec2585277e285f2a2e9953f3952b942027ef92ac4","signature":"755685c3a8437b328bdb165da474d7198c3fa674b577e237a6a0d5f9ca69b70d"},{"version":"25227d6938565ee8fd597d9f3447a5ccb26956b1cc42eedf030ae157df2cea11","signature":"3704be09b2e5297a18c95ef01c369c8548ee6ee4afe41c6536b52df1105d0961"},{"version":"18e68b87913d4c78c975aad1310f4fb562467a6b6f391ebf5ab957d02161a14c","signature":"bffa58f023fd56d847f5dc3feec4fc7e4e00ffb8537720a4d50540be97ed14b7"},{"version":"4ce750a17effe2816acfe591ea3b53a02f04f27f8e574461aa1c49b81b2433fc","signature":"ff53dc24dd9f26eaca109b151c98025c3e47f72426866ab0bcd101e453dbc9dd"},{"version":"0b472738e1f60363dc43ce6574c53a4e2af98723fe3b00151a980bcd69079b34","signature":"ac9ef23443101f1bedc7a70fce40117a8f90b67184bd0e705196d930a342b86f"},{"version":"87ce72f614a0a36d078ac9149c1cfca6f497ffeeb30fd343e1cd64ea8b48c1c7","signature":"ff6dfda5378fc7b1ffb6f75724fa0b04c32109d9459a9df45de1ae5186b44a1c"},{"version":"5e596d359e7bc189f8557b8a3acb220aa05d552390fee951c6c083bd6b3e865f","signature":"8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881"},{"version":"7fe85776186a87720d347474c108ccc33b2c4d323bb249df50f5a42e3829f198","signature":"8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881"},{"version":"a3375d47af258077e30b0f2945ff925e386cf4f0a68a6a8733e91b44d154edff","signature":"738b65cbb4e4fabe95f46cf4a6f41235581ae2690fea880e3cf147f0cf81becd"},{"version":"da7d1496bece3c769275c25bad4c49a3ee1131f3725dd588c656888a1a978c2a","signature":"c378b096fee5448b4ac5299d72b6626f5662211c2a88bad6dff5c1255a283558"},{"version":"d62aa073aa1036168f02c738115a40cae79292d4f729ce5f71ecdb5ce11e73c5","signature":"571035eb938292d482b20f06e178226ff80bde3859559cf5e27045628df1eb82"},{"version":"624d87ff4530fdcdf5acaab5194b6f9c3a8cbd609feea9cf7b11fe051334d5e0","signature":"8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881"},{"version":"188ce27ee8a9e8487a7cdbb0c98278736ff727f7237ba43bbb816d5f9baa6370","signature":"4473b2662aa2bfeb8f651f781643fe66a0b08d53a1deacc6e4df2de2e5628133"},{"version":"8c0fb08a1520ac4e164a445df53aa5cd3a741079543ad70b460cc52dac949623","signature":"26ba71f79eb1ccc526399c703ceb9595712a793b7d939584ca92df4a3ce4fea8"},{"version":"5a836dd7cb14ea297e7fc274a6669a5a0210f6cde83319fb9d0f2f2ccfad9a6c","signature":"8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881"},{"version":"1ee6c2b9f49070b9d45ff8f822e64f83c3835b7a8675b12d18564a2c2334e3c9","signature":"2937356fbfa7776a641dd44c956406dfb41635b13c69e1281a7bf52a59486f84"},{"version":"fe2afbd0b1e3dc477b1bac9a12dbd1ebefba0012a29e026b70d36262601f6aaa","signature":"3b96427184d663a055585324543a58030c9e40c6918c803d46471d2f5cdf7c84"},{"version":"8e675fba3440939c5d7769e464dfd0b9ba29847940cc95d02570a63dec2004de","signature":"daa65f371b57b8a7ee28ae4bc9604b659bb0bf7d6704c13523bc1dd9d80015f2"},{"version":"ca8c7550b5649547839cdf78bafc1289c446e6da62b2e52793e33c1ef6ead380","signature":"77d1bde70b8f35ac0c09f901594135c0fcdaaa70ab6e50bc2a9d9055934eb089"},{"version":"f2f9792d17f61d6268afb32799d62802e2401e7c721a172fa1b313205d4da75d","signature":"737539acff8d7ea0a367055ec1218d8d2b5e60168e107a3ee0961c67fcf186a1"},{"version":"76bd54e58bf7b683ca4f311eca599d314a14714b0b4c60f70ff45e4357509879","signature":"cc5009d26a7ca8bd5e88cd604584049123ebdd1fe682c49d34d7afcddd204603"},{"version":"9176422857f1369ea5c0e7d536eade399a45bfff56811240eb358067882f3172","signature":"49d9c6855bc9d4c4751b82fb966e179bd8a9364d84050ce61c2ac7fbb009af09"},{"version":"ffb383b6abbcc8334c9122e531df75492558f54b3126b3676b927f52c9af8127","signature":"b4014bce1fbe5461bce6836d2cb17f45d22a6bde4f108cbe3754303052e29c8e"},{"version":"3ade81d3c280fbe937f8a007f85e819b5cf139fc5c040784931e92ba013e9a87","signature":"558ffcd74aa40d1cd2c1402a287f3157a6218ecfa7567343dfc3ee084a94f7df"},{"version":"a5ab2e5dffc6fbfb3150bd1610f65be16aceedfb8230129de2574a5bb2bbd96b","signature":"875f9d588470e9bbb3f48aea8e8bfdb41e6b18d679e9c5c2399109b80bac1192"},{"version":"e11126b1d76234244de410c9b739d530ddd43df3cb1d694263517caf107869be","signature":"8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881"},{"version":"a51bfbd9f50b84fd3836d9200d97dc1322344c34b26f7cc8da5f33773a167354","signature":"1b10bc8bc10ecf55564e4428aaeb9c6daf57d4e00191643b373916df62f8198a"},{"version":"2c4e576963fa839840370e29d9f4f3504747a5f229d4f7a59db010b1cd365cf0","signature":"52aa3f512c91442aef74c75ec789fd659c83912d8cd6315513d83b5ce13e57cd"},{"version":"ee558bc4ddedefc2602f6fa938d2afd2c21fe9404f6e5cf705b1e23ee82a6c0d","signature":"ef38fc7498f6f123b36fcb4a4c22f9df96c764ea263417be343d43376416ff73"},"d1986184a09a52db8228cb2bb2a61a8c05c9354e5b93cec8e2628d8579c892d7",{"version":"7871a13d74f840767cecde7920e08cd6d4bf64c9a62ad65be1fa1d67346e6a47","signature":"8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881"}],"root":[535,536,[585,638]],"options":{"allowJs":true,"esModuleInterop":true,"jsx":4,"module":99,"skipLibCheck":true,"strict":true,"target":4},"referencedMap":[[637,1],[535,2],[638,3],[587,4],[615,5],[610,6],[611,7],[588,8],[589,8],[590,8],[591,8],[593,8],[594,8],[595,8],[596,8],[597,8],[592,8],[598,8],[599,8],[600,8],[602,8],[601,8],[603,8],[604,8],[605,8],[606,8],[607,8],[609,8],[608,8],[616,9],[620,10],[617,11],[619,12],[618,6],[612,13],[622,14],[621,15],[626,16],[624,11],[625,17],[623,16],[627,11],[628,11],[629,18],[630,6],[631,19],[614,20],[613,9],[633,21],[632,8],[634,6],[635,22],[636,15],[585,23],[536,24],[586,25],[549,26],[560,27],[555,28],[545,29],[554,30],[546,31],[379,2],[544,2],[580,2],[577,2],[576,2],[571,32],[582,33],[567,34],[578,35],[570,36],[569,37],[579,2],[574,38],[581,2],[575,39],[568,2],[566,40],[565,41],[564,34],[584,42],[563,2],[550,43],[540,2],[542,44],[543,45],[143,46],[144,46],[145,47],[97,48],[146,49],[147,50],[148,51],[92,2],[95,52],[93,2],[94,2],[149,53],[150,54],[151,55],[152,56],[153,57],[154,58],[155,58],[156,59],[157,60],[158,61],[159,62],[98,2],[96,2],[160,63],[161,64],[162,65],[196,66],[163,67],[164,2],[165,68],[166,69],[167,70],[168,71],[169,72],[170,73],[171,74],[172,75],[173,76],[174,76],[175,77],[176,2],[177,78],[178,79],[180,80],[179,81],[181,82],[182,83],[183,84],[184,85],[185,86],[186,87],[187,88],[188,89],[189,90],[190,91],[191,92],[192,93],[193,94],[99,2],[100,2],[101,2],[140,95],[141,2],[142,2],[194,96],[195,97],[200,98],[464,99],[201,100],[199,101],[466,102],[465,103],[583,99],[197,104],[462,2],[198,105],[83,2],[85,106],[461,99],[231,99],[547,2],[537,2],[539,107],[538,108],[102,2],[541,2],[553,109],[84,2],[557,2],[556,2],[561,110],[551,111],[548,112],[552,113],[559,114],[558,115],[562,116],[487,117],[492,1],[499,118],[482,119],[235,2],[243,120],[383,121],[386,122],[358,2],[371,123],[378,124],[260,2],[360,2],[241,2],[357,125],[403,126],[242,2],[233,127],[385,128],[387,129],[388,130],[459,131],[352,132],[305,133],[365,134],[366,135],[364,136],[363,2],[359,137],[384,138],[244,139],[429,2],[430,140],[271,141],[245,142],[272,141],[308,141],[211,141],[381,143],[380,2],[370,144],[477,2],[220,2],[498,145],[437,146],[438,147],[434,148],[516,2],[335,2],[439,6],[435,149],[521,150],[520,151],[515,2],[286,2],[338,152],[337,2],[514,153],[436,99],[291,154],[298,155],[300,156],[290,2],[295,157],[297,158],[299,159],[294,160],[292,2],[296,161],[517,2],[513,2],[519,162],[518,2],[289,163],[508,164],[511,165],[279,166],[278,167],[277,168],[524,99],[276,169],[265,2],[526,2],[527,99],[528,170],[203,2],[367,171],[368,172],[369,173],[207,2],[372,2],[227,174],[202,2],[451,99],[209,175],[450,176],[449,177],[440,2],[441,2],[448,2],[443,2],[446,178],[442,2],[444,179],[447,180],[445,179],[240,2],[237,2],[238,141],[392,2],[397,181],[398,182],[396,183],[394,184],[395,185],[390,2],[457,6],[232,6],[486,186],[493,187],[497,188],[326,189],[325,2],[320,2],[473,190],[481,191],[353,192],[354,193],[432,194],[342,2],[455,195],[330,99],[347,196],[458,197],[343,2],[346,198],[344,2],[456,199],[453,200],[452,2],[454,2],[350,2],[428,201],[215,202],[328,203],[332,204],[348,205],[351,206],[340,207],[333,208],[480,209],[406,210],[324,211],[212,212],[479,213],[208,214],[399,215],[391,2],[400,216],[417,217],[389,2],[416,218],[91,2],[411,219],[236,2],[431,220],[407,2],[221,2],[223,2],[362,2],[415,221],[239,2],[263,222],[349,223],[269,224],[329,2],[414,2],[393,2],[419,225],[420,226],[361,2],[422,227],[424,228],[423,229],[373,2],[413,212],[426,230],[323,231],[412,232],[418,233],[248,2],[252,2],[251,2],[250,2],[255,2],[249,2],[258,2],[257,2],[254,2],[253,2],[256,2],[259,234],[247,2],[315,235],[314,2],[319,236],[316,237],[318,238],[321,236],[317,237],[228,239],[307,240],[476,241],[474,2],[503,242],[505,243],[469,244],[504,245],[216,246],[213,246],[246,2],[230,247],[229,248],[225,249],[226,250],[234,251],[262,251],[273,251],[309,252],[274,252],[218,253],[217,2],[313,254],[312,255],[311,256],[310,257],[219,258],[460,259],[261,260],[468,261],[433,262],[463,263],[467,264],[356,265],[355,266],[336,267],[322,268],[304,269],[306,270],[303,271],[425,272],[327,2],[491,2],[224,273],[427,274],[475,275],[334,2],[264,276],[341,277],[339,278],[266,279],[401,280],[470,2],[267,281],[402,281],[489,2],[488,2],[490,2],[472,2],[471,2],[404,282],[331,2],[301,283],[222,284],[280,2],[206,285],[268,2],[495,99],[205,2],[507,286],[288,99],[501,6],[287,287],[484,288],[285,286],[210,2],[509,289],[283,99],[284,99],[275,2],[204,2],[282,290],[281,291],[270,292],[345,75],[405,75],[421,2],[409,293],[408,2],[293,163],[214,2],[302,99],[478,174],[485,294],[86,99],[89,295],[90,296],[87,99],[88,2],[382,297],[377,298],[376,2],[375,299],[374,2],[483,300],[494,301],[496,302],[500,303],[502,304],[506,305],[534,306],[510,306],[533,307],[512,308],[522,309],[523,310],[525,311],[529,312],[532,174],[531,2],[530,109],[573,313],[572,2],[410,314],[81,2],[82,2],[13,2],[14,2],[16,2],[15,2],[2,2],[17,2],[18,2],[19,2],[20,2],[21,2],[22,2],[23,2],[24,2],[3,2],[25,2],[26,2],[4,2],[27,2],[31,2],[28,2],[29,2],[30,2],[32,2],[33,2],[34,2],[5,2],[35,2],[36,2],[37,2],[38,2],[6,2],[42,2],[39,2],[40,2],[41,2],[43,2],[7,2],[44,2],[49,2],[50,2],[45,2],[46,2],[47,2],[48,2],[8,2],[54,2],[51,2],[52,2],[53,2],[55,2],[9,2],[56,2],[57,2],[58,2],[60,2],[59,2],[61,2],[62,2],[10,2],[63,2],[64,2],[65,2],[11,2],[66,2],[67,2],[68,2],[69,2],[70,2],[1,2],[71,2],[72,2],[12,2],[76,2],[74,2],[79,2],[78,2],[73,2],[77,2],[75,2],[80,2],[118,315],[128,316],[117,315],[138,317],[109,318],[108,319],[137,109],[131,320],[136,321],[111,322],[125,323],[110,324],[134,325],[106,326],[105,109],[135,327],[107,328],[112,329],[113,2],[116,329],[103,2],[139,330],[129,331],[120,332],[121,333],[123,334],[119,335],[122,336],[132,109],[114,337],[115,338],[124,339],[104,340],[127,331],[126,329],[130,2],[133,341]],"semanticDiagnosticsPerFile":[[614,[{"start":85,"length":8,"messageText":"Cannot find name 'describe'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":117,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":183,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":278,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":352,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":451,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":525,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304}]],[615,[{"start":509,"length":11,"messageText":"Namespace 'global.jest' has no exported member 'SpyInstance'.","category":1,"code":2694},{"start":523,"length":10,"messageText":"Cannot find name 'beforeEach'.","category":1,"code":2304},{"start":555,"length":4,"messageText":"Cannot use namespace 'jest' as a value.","category":1,"code":2708},{"start":589,"length":9,"messageText":"Cannot find name 'afterEach'.","category":1,"code":2304},{"start":609,"length":4,"messageText":"Cannot use namespace 'jest' as a value.","category":1,"code":2708},{"start":638,"length":8,"messageText":"Cannot find name 'describe'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":673,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":1142,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":1214,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":1289,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":1633,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":1706,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":2178,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":2348,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":2406,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":2457,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304}]],[619,[{"start":449,"length":11,"messageText":"Namespace 'global.jest' has no exported member 'SpyInstance'.","category":1,"code":2694},{"start":463,"length":10,"messageText":"Cannot find name 'beforeEach'.","category":1,"code":2304},{"start":495,"length":4,"messageText":"Cannot use namespace 'jest' as a value.","category":1,"code":2708},{"start":529,"length":9,"messageText":"Cannot find name 'afterEach'.","category":1,"code":2304},{"start":549,"length":4,"messageText":"Cannot use namespace 'jest' as a value.","category":1,"code":2708},{"start":578,"length":8,"messageText":"Cannot find name 'describe'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":613,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":751,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":810,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":873,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":1014,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":1080,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":1830,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":1900,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":1971,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":2104,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":2190,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":2507,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":2582,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304}]],[622,[{"start":180,"length":4,"messageText":"Cannot use namespace 'jest' as a value.","category":1,"code":2708},{"start":211,"length":4,"messageText":"Cannot use namespace 'jest' as a value.","category":1,"code":2708},{"start":223,"length":4,"messageText":"Cannot use namespace 'jest' as a value.","category":1,"code":2708},{"start":330,"length":4,"messageText":"Cannot use namespace 'jest' as a value.","category":1,"code":2708},{"start":417,"length":11,"messageText":"Namespace 'global.jest' has no exported member 'SpyInstance'.","category":1,"code":2694},{"start":431,"length":10,"messageText":"Cannot find name 'beforeEach'.","category":1,"code":2304},{"start":452,"length":4,"messageText":"Cannot use namespace 'jest' as a value.","category":1,"code":2708},{"start":487,"length":4,"messageText":"Cannot use namespace 'jest' as a value.","category":1,"code":2708},{"start":521,"length":9,"messageText":"Cannot find name 'afterEach'.","category":1,"code":2304},{"start":541,"length":4,"messageText":"Cannot use namespace 'jest' as a value.","category":1,"code":2708},{"start":679,"length":8,"messageText":"Cannot find name 'describe'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":711,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":822,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":887,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":955,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":1042,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":1968,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":2042,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":2201,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":2254,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":2804,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":2898,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304}]],[633,[{"start":288,"length":8,"messageText":"Cannot find name 'describe'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":324,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":458,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":528,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":752,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":817,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":889,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":1027,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":1088,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":1259,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":1319,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":1474,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304},{"start":1575,"length":2,"messageText":"Cannot find name 'it'. Do you need to install type definitions for a test runner? Try `npm i --save-dev @types/jest` or `npm i --save-dev @types/mocha`.","category":1,"code":2582},{"start":1707,"length":6,"messageText":"Cannot find name 'expect'.","category":1,"code":2304}]]],"affectedFilesPendingEmit":[638,587,615,610,611,588,589,590,591,593,594,595,596,597,592,598,599,600,602,601,603,604,605,606,607,609,608,616,620,617,619,618,612,622,621,626,624,625,623,627,628,629,630,631,614,613,633,632,634,635,636,585,586],"version":"5.9.3"}
\ No newline at end of file
diff --git a/apps/worker/package.json b/apps/worker/package.json
index 0ba0d4e..fbc73a3 100644
--- a/apps/worker/package.json
+++ b/apps/worker/package.json
@@ -18,11 +18,13 @@
     "@whiskeysockets/baileys": "7.0.0-rc13",
     "bullmq": "^5.0.0",
     "ioredis": "^5.0.0",
+    "nodemailer": "^8.0.10",
     "qrcode-terminal": "^0.12.0"
   },
   "devDependencies": {
     "@types/jest": "^29.0.0",
     "@types/node": "^22.0.0",
+    "@types/nodemailer": "^8.0.0",
     "@types/qrcode-terminal": "^0.12.2",
     "dotenv": "^17.4.2",
     "jest": "^29.0.0",
diff --git a/apps/worker/src/core/approval.test.ts b/apps/worker/src/core/approval.test.ts
index 7c18ddd..936bd41 100644
--- a/apps/worker/src/core/approval.test.ts
+++ b/apps/worker/src/core/approval.test.ts
@@ -1,6 +1,9 @@
-import { handleStarReaction } from './approval';
+import { handleReaction } from './approval';
+import { approveMessage } from './approve-message';
 import { NormalizedReaction } from '@tower/types';
 
+jest.mock('./approve-message');
+
 function makeReaction(overrides: Partial<NormalizedReaction> = {}): NormalizedReaction {
   return {
     reactorJid: '919876543210@s.whatsapp.net',
@@ -12,131 +15,88 @@ function makeReaction(overrides: Partial<NormalizedReaction> = {}): NormalizedRe
   };
 }
 
-const adminJids = ['919876543210@s.whatsapp.net'];
-
 function makeMessage(overrides: object = {}) {
   return {
     id: 'msg_1',
+    tenantId: 'tnt_1',
     status: 'PENDING',
-    approval: null,
-    content: 'hello world',
-    senderName: 'Alice',
-    sourceGroupId: 'grp_1',
-    tags: ['#important'],
-    platform: 'whatsapp',
-    sourceGroup: { name: 'UP Parivar Dallas', syncRoutesFrom: [] },
+    sourceGroup: { platformId: '120363043312345678@g.us' },
     ...overrides,
   };
 }
 
-function makePrisma(messageOverrides: object = {}, txCount = 1) {
+function makePool(isAdmin: boolean) {
   return {
-    message: { findUnique: jest.fn().mockResolvedValue(makeMessage(messageOverrides)) },
-    $transaction: jest.fn().mockImplementation(async (fn: any) =>
-      fn({
-        message: { updateMany: jest.fn().mockResolvedValue({ count: txCount }) },
-        approval: { create: jest.fn().mockResolvedValue({}) },
+    get: jest.fn().mockReturnValue({
+      groupMetadata: jest.fn().mockResolvedValue({
+        participants: [
+          { id: '919876543210@s.whatsapp.net', admin: isAdmin ? 'admin' : undefined },
+          { id: 'other@s.whatsapp.net', admin: 'superadmin' },
+        ],
       }),
-    ),
-  } as any;
+    }),
+  };
 }
 
-describe('handleStarReaction', () => {
-  it('returns null for non-star emoji', async () => {
-    expect(await handleStarReaction(makeReaction({ emoji: '👍' }), adminJids, {} as any)).toBeNull();
-  });
+const mockPrisma = {
+  message: { findUnique: jest.fn() },
+  tenantRule: { findMany: jest.fn() },
+};
 
-  it('returns null when reactor is not an admin', async () => {
-    expect(
-      await handleStarReaction(makeReaction({ reactorJid: 'stranger@s.whatsapp.net' }), adminJids, {} as any),
-    ).toBeNull();
+const mockForwardQueue = { add: jest.fn() };
+const mockIndexQueue = { add: jest.fn() };
+
+describe('handleReaction', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    mockPrisma.message.findUnique.mockResolvedValue(makeMessage());
+    (approveMessage as jest.Mock).mockResolvedValue({ forwardJobs: [], indexDoc: {} });
   });
 
   it('returns null when message not found', async () => {
-    const prisma = { message: { findUnique: jest.fn().mockResolvedValue(null) } } as any;
-    expect(await handleStarReaction(makeReaction(), adminJids, prisma)).toBeNull();
-    expect(prisma.message.findUnique).toHaveBeenCalledWith({
-      where: { platform_platformMsgId: { platform: 'whatsapp', platformMsgId: 'TARGET_MSG_123' } },
-      include: {
-        approval: true,
-        sourceGroup: {
-          include: { syncRoutesFrom: { where: { isActive: true }, include: { targetGroup: true } } },
-        },
-      },
-    });
+    mockPrisma.message.findUnique.mockResolvedValue(null);
+    expect(await handleReaction(makeReaction(), mockPrisma, makePool(true))).toBeNull();
   });
 
-  it('returns null when message status is not PENDING', async () => {
-    const prisma = {
-      message: { findUnique: jest.fn().mockResolvedValue(makeMessage({ status: 'REJECTED' })) },
-    } as any;
-    expect(await handleStarReaction(makeReaction(), adminJids, prisma)).toBeNull();
+  it('returns null when message is not PENDING', async () => {
+    mockPrisma.message.findUnique.mockResolvedValue(makeMessage({ status: 'APPROVED' }));
+    expect(await handleReaction(makeReaction(), mockPrisma, makePool(true))).toBeNull();
   });
 
-  it('returns null when approval record already exists', async () => {
-    const prisma = {
-      message: {
-        findUnique: jest.fn().mockResolvedValue(makeMessage({ status: 'APPROVED', approval: { id: 'appr_1' } })),
-      },
-    } as any;
-    expect(await handleStarReaction(makeReaction(), adminJids, prisma)).toBeNull();
+  it('returns null when no reaction rule matches', async () => {
+    mockPrisma.tenantRule.findMany.mockResolvedValue([]);
+    expect(await handleReaction(makeReaction(), mockPrisma, makePool(true))).toBeNull();
   });
 
-  it('returns null on double-approval race (updateMany count=0)', async () => {
-    const result = await handleStarReaction(makeReaction(), adminJids, makePrisma({}, 0));
-    expect(result).toBeNull();
+  it('returns null when reactor is not a group admin', async () => {
+    mockPrisma.tenantRule.findMany.mockResolvedValue([
+      { id: 'r1', matchType: 'REACTION_EMOJI', matchValue: '⭐', action: 'AUTO_APPROVE', priority: 0 },
+    ]);
+    expect(await handleReaction(makeReaction(), mockPrisma, makePool(false))).toBeNull();
   });
 
-  it('returns ApprovalResult with empty forwardJobs and valid indexDoc when no sync routes', async () => {
-    const result = await handleStarReaction(makeReaction(), adminJids, makePrisma());
+  it('approves when reactor is admin and reaction rule matches', async () => {
+    mockPrisma.tenantRule.findMany.mockResolvedValue([
+      { id: 'r1', matchType: 'REACTION_EMOJI', matchValue: '⭐', action: 'AUTO_APPROVE', priority: 0 },
+    ]);
+    const result = await handleReaction(makeReaction(), mockPrisma, makePool(true));
     expect(result).not.toBeNull();
-    expect(result!.forwardJobs).toEqual([]);
-    expect(result!.indexDoc).toMatchObject({
-      messageId: 'msg_1',
-      content: 'hello world',
-      senderName: 'Alice',
-      sourceGroupId: 'grp_1',
-      sourceGroupName: 'UP Parivar Dallas',
-      tags: ['#important'],
-      platform: 'whatsapp',
-    });
-    expect(result!.indexDoc.approvedAt).toMatch(/^\d{4}-\d{2}-\d{2}T/);
+    expect(approveMessage).toHaveBeenCalledWith('msg_1', 'tnt_1', '919876543210@s.whatsapp.net', mockPrisma);
   });
 
-  it('returns ForwardJobData for each active sync route', async () => {
-    const prisma = makePrisma({
-      content: 'important announcement',
-      senderName: 'Bob',
-      sourceGroup: {
-        name: 'Source Group',
-        syncRoutesFrom: [
-          { targetGroup: { platformId: '999@g.us', accountId: 'acc_2' } },
-          { targetGroup: { platformId: '888@g.us', accountId: null } },
-        ],
-      },
-    });
+  it('returns null when socket not available', async () => {
+    mockPrisma.tenantRule.findMany.mockResolvedValue([
+      { id: 'r1', matchType: 'REACTION_EMOJI', matchValue: '⭐', action: 'AUTO_APPROVE', priority: 0 },
+    ]);
+    const pool = { get: jest.fn().mockReturnValue(undefined) };
+    expect(await handleReaction(makeReaction(), mockPrisma, pool)).toBeNull();
+  });
 
-    const result = await handleStarReaction(makeReaction(), adminJids, prisma);
-    expect(result!.forwardJobs).toHaveLength(2);
-    expect(result!.forwardJobs[0]).toMatchObject({
-      messageId: 'msg_1',
-      content: 'important announcement',
-      sourceGroupName: 'Source Group',
-      senderName: 'Bob',
-      toGroupJid: '999@g.us',
-      fromAccountId: 'acc_2',
-    });
-    expect(result!.forwardJobs[1]).toMatchObject({
-      toGroupJid: '888@g.us',
-      fromAccountId: 'acc_1',
-    });
-    expect(result!.indexDoc).toMatchObject({
-      messageId: 'msg_1',
-      content: 'important announcement',
-      senderName: 'Bob',
-      sourceGroupId: 'grp_1',
-      tags: ['#important'],
-      platform: 'whatsapp',
-    });
+  it('returns null when approveMessage returns null', async () => {
+    mockPrisma.tenantRule.findMany.mockResolvedValue([
+      { id: 'r1', matchType: 'REACTION_EMOJI', matchValue: '⭐', action: 'AUTO_APPROVE', priority: 0 },
+    ]);
+    (approveMessage as jest.Mock).mockResolvedValue(null);
+    expect(await handleReaction(makeReaction(), mockPrisma, makePool(true))).toBeNull();
   });
 });
diff --git a/apps/worker/src/core/approval.ts b/apps/worker/src/core/approval.ts
index 5f9c059..7600d20 100644
--- a/apps/worker/src/core/approval.ts
+++ b/apps/worker/src/core/approval.ts
@@ -1,80 +1,106 @@
 import { NormalizedReaction, ForwardJobData, IndexJobData } from '@tower/types';
+import { createLogger } from '@tower/logger';
+import { matchReactionRules, TenantRuleRow } from '../whatsapp/match-rules';
+import { approveMessage } from './approve-message';
+
+const logger = createLogger('approval');
 
 export interface ApprovalResult {
   forwardJobs: ForwardJobData[];
   indexDoc: IndexJobData;
 }
 
-export async function handleStarReaction(
+export async function handleReaction(
   reaction: NormalizedReaction,
-  adminJids: string[],
   prisma: any,
+  pool: any,
+  forwardQueue?: any,
+  indexQueue?: any,
 ): Promise<ApprovalResult | null> {
-  if (reaction.emoji !== '⭐') return null;
-  if (!adminJids.includes(reaction.reactorJid)) return null;
+  logger.info({ emoji: reaction.emoji, reactorJid: reaction.reactorJid }, 'Reaction received');
 
+  // Find the target message to resolve tenant
   const message = await prisma.message.findUnique({
     where: {
       platform_platformMsgId: {
-        // TODO: derive platform from NormalizedReaction when multi-platform support is added
         platform: 'whatsapp',
         platformMsgId: reaction.targetMsgId,
       },
     },
-    include: {
-      approval: true,
-      sourceGroup: {
-        include: {
-          syncRoutesFrom: { where: { isActive: true }, include: { targetGroup: true } },
-        },
-      },
-    },
+    select: { id: true, tenantId: true, status: true, sourceGroup: { select: { platformId: true } } },
   });
 
   if (!message) return null;
   if (message.status !== 'PENDING') return null;
-  if (message.approval) return null;
 
-  let approved = false;
-  await prisma.$transaction(async (tx: any) => {
-    const updated = await tx.message.updateMany({
-      where: { id: message.id, status: 'PENDING' },
-      data: { status: 'APPROVED' },
-    });
-    if (updated.count === 0) return;
-    approved = true;
-    await tx.approval.create({
-      data: {
-        messageId: message.id,
-        adminId: reaction.reactorJid,
-        decision: 'APPROVED',
-      },
-    });
+  // Load active reaction rules for this tenant
+  const ruleRows: TenantRuleRow[] = await prisma.tenantRule.findMany({
+    where: { tenantId: message.tenantId, isActive: true, matchType: 'REACTION_EMOJI' },
+    select: { id: true, matchType: true, matchValue: true, action: true, priority: true },
+    orderBy: { priority: 'asc' },
   });
 
-  if (!approved) return null;
+  const matched = matchReactionRules(reaction.emoji, ruleRows);
+  if (!matched) {
+    logger.info({ emoji: reaction.emoji }, 'No reaction rule matched — ignoring');
+    return null;
+  }
 
-  const forwardJobs: ForwardJobData[] = message.sourceGroup.syncRoutesFrom
-    .filter((route: any) => route.targetGroup != null)
-    .map((route: any) => ({
-      messageId: message.id,
-      content: message.content,
-      sourceGroupName: message.sourceGroup.name,
-      senderName: message.senderName ?? undefined,
-      toGroupJid: route.targetGroup.platformId,
-      fromAccountId: route.targetGroup.accountId ?? reaction.accountId,
-    }));
+  logger.info({ emoji: reaction.emoji, action: matched.action }, 'Reaction rule matched');
 
-  const indexDoc: IndexJobData = {
-    messageId: message.id,
-    content: message.content,
-    senderName: message.senderName ?? null,
-    sourceGroupId: message.sourceGroupId,
-    sourceGroupName: message.sourceGroup.name,
-    tags: message.tags,
-    platform: message.platform,
-    approvedAt: new Date().toISOString(),
-  };
+  // For approval-type actions, verify the reactor is a group admin
+  if (matched.action === 'AUTO_APPROVE' || matched.action === 'FLAG') {
+    const sock = pool.get(reaction.accountId);
+    if (!sock) {
+      logger.warn({ accountId: reaction.accountId }, 'No active socket for group admin check');
+      return null;
+    }
 
-  return { forwardJobs, indexDoc };
+    let isAdmin = false;
+    try {
+      const metadata = await sock.groupMetadata(reaction.sourceGroupJid);
+      const participantJids = metadata.participants?.map((p: any) => ({ id: p.id, admin: p.admin })) ?? [];
+      logger.info({ participantJids, reactorJid: reaction.reactorJid }, 'Group metadata participants');
+
+      // Compare both with and without server suffix
+      const reactorBase = reaction.reactorJid.replace(/@.+$/, '');
+      isAdmin = metadata.participants?.some(
+        (p: any) => {
+          const pBase = p.id.replace(/@.+$/, '');
+          return (p.id === reaction.reactorJid || pBase === reactorBase) &&
+            (p.admin === 'admin' || p.admin === 'superadmin');
+        },
+      ) ?? false;
+    } catch (err) {
+      logger.warn({ err, reactorJid: reaction.reactorJid }, 'Failed to check group admin status — rejecting reaction');
+      return null;
+    }
+
+    if (!isAdmin) {
+      logger.warn({ reactorJid: reaction.reactorJid }, 'Reactor is not a group admin — ignoring reaction');
+      return null;
+    }
+  }
+
+  // Handle the matched action
+  if (matched.action === 'SKIP' || matched.action === 'REJECT') {
+    // For reactions, SKIP and REJECT don't make sense for already-PENDING messages.
+    // We simply don't act on them.
+    logger.info({ action: matched.action }, 'Reaction matched SKIP/REJECT — no action taken');
+    return null;
+  }
+
+  // AUTO_APPROVE or FLAG — approve the message (both lead to approval for reactions)
+  const result = await approveMessage(message.id, message.tenantId, reaction.reactorJid, prisma);
+  if (!result) {
+    logger.warn({ messageId: message.id }, 'Could not approve message via reaction');
+    return null;
+  }
+
+  logger.info(
+    { messageId: message.id, forwardCount: result.forwardJobs.length },
+    'Message approved by reaction',
+  );
+
+  return result;
 }
diff --git a/apps/worker/src/core/approve-message.ts b/apps/worker/src/core/approve-message.ts
new file mode 100644
index 0000000..efe4131
--- /dev/null
+++ b/apps/worker/src/core/approve-message.ts
@@ -0,0 +1,86 @@
+import { ForwardJobData, IndexJobData } from '@tower/types';
+import { createLogger } from '@tower/logger';
+
+const logger = createLogger('approve-message');
+
+export interface ApproveMessageResult {
+  forwardJobs: ForwardJobData[];
+  indexDoc: IndexJobData;
+}
+
+/**
+ * Approve a PENDING message: mark APPROVED in a transaction, create an Approval row,
+ * and return the forward jobs + index document.
+ * Returns null if the message is not in PENDING state or is already approved.
+ */
+export async function approveMessage(
+  messageId: string,
+  tenantId: string,
+  adminId: string, // JID of the reactor or system
+  prisma: any,
+): Promise<ApproveMessageResult | null> {
+  const message = await prisma.message.findUnique({
+    where: { id: messageId },
+    include: {
+      approval: true,
+      sourceGroup: {
+        include: {
+          syncRoutesFrom: {
+            where: { isActive: true, targetGroup: { isActive: true } },
+            include: { targetGroup: { select: { platformId: true, isActive: true, accountId: true } } },
+          },
+        },
+      },
+    },
+  });
+
+  if (!message) return null;
+  if (message.status !== 'PENDING') return null;
+  if (message.approval) return null;
+
+  let approved = false;
+  await prisma.$transaction(async (tx: any) => {
+    const updated = await tx.message.updateMany({
+      where: { id: message.id, status: 'PENDING' },
+      data: { status: 'APPROVED' },
+    });
+    if (updated.count === 0) return;
+    approved = true;
+    await tx.approval.create({
+      data: {
+        tenantId: message.tenantId,
+        messageId: message.id,
+        adminId,
+        decision: 'APPROVED',
+      },
+    });
+  });
+
+  if (!approved) return null;
+
+  const forwardJobs: ForwardJobData[] = (message.sourceGroup?.syncRoutesFrom ?? [])
+    .filter((route: any) => route.targetGroup != null)
+    .map((route: any) => ({
+      tenantId: message.tenantId,
+      messageId: message.id,
+      content: message.content,
+      sourceGroupName: message.sourceGroup.name,
+      senderName: message.senderName ?? undefined,
+      toGroupJid: route.targetGroup.platformId,
+      fromAccountId: route.targetGroup.accountId ?? message.sourceGroup.accountId ?? '',
+    }));
+
+  const indexDoc: IndexJobData = {
+    tenantId: message.tenantId,
+    messageId: message.id,
+    content: message.content,
+    senderName: message.senderName ?? null,
+    sourceGroupId: message.sourceGroupId,
+    sourceGroupName: message.sourceGroup.name,
+    tags: message.tags ?? [],
+    platform: message.platform,
+    approvedAt: new Date().toISOString(),
+  };
+
+  return { forwardJobs, indexDoc };
+}
diff --git a/apps/worker/src/email/email.service.spec.ts b/apps/worker/src/email/email.service.spec.ts
new file mode 100644
index 0000000..1553f28
--- /dev/null
+++ b/apps/worker/src/email/email.service.spec.ts
@@ -0,0 +1,46 @@
+import { createEmailService, EmailService } from './email.service';
+
+describe('email.service', () => {
+  const originalEnv = process.env;
+
+  beforeEach(() => {
+    process.env = { ...originalEnv };
+    delete process.env['SMTP_HOST'];
+    delete process.env['SMTP_PORT'];
+    delete process.env['SMTP_USER'];
+    delete process.env['SMTP_PASS'];
+    delete process.env['SMTP_FROM'];
+    delete process.env['SMTP_SECURE'];
+  });
+
+  afterAll(() => {
+    process.env = originalEnv;
+  });
+
+  it('returns a no-op service when SMTP_HOST is unset', () => {
+    const service = createEmailService();
+    expect(service).toBeDefined();
+    expect(typeof service.sendPendingClaimNotification).toBe('function');
+  });
+
+  it('logs but does not throw when no-op service is asked to send', async () => {
+    const service: EmailService = createEmailService();
+    await expect(
+      service.sendPendingClaimNotification({
+        to: 'owner@example.com',
+        groupName: 'Family Chat',
+        expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+      }),
+    ).resolves.toBeUndefined();
+  });
+
+  it('creates a transport when SMTP_HOST is set', () => {
+    process.env['SMTP_HOST'] = 'smtp.ethereal.email';
+    process.env['SMTP_PORT'] = '587';
+    process.env['SMTP_USER'] = 'user@test';
+    process.env['SMTP_PASS'] = 'pass';
+    process.env['SMTP_FROM'] = 'TOWER <noreply@tower.local>';
+    const service = createEmailService();
+    expect(service).toBeDefined();
+  });
+});
diff --git a/apps/worker/src/email/email.service.ts b/apps/worker/src/email/email.service.ts
new file mode 100644
index 0000000..4445702
--- /dev/null
+++ b/apps/worker/src/email/email.service.ts
@@ -0,0 +1,86 @@
+import { createLogger } from '@tower/logger';
+import nodemailer, { Transporter } from 'nodemailer';
+
+const logger = createLogger('email');
+
+export interface EmailService {
+  sendPendingClaimNotification(input: {
+    to: string;
+    groupName: string;
+    expiresAt: Date;
+  }): Promise<void>;
+}
+
+interface SmtpConfig {
+  host: string;
+  port: number;
+  user?: string;
+  pass?: string;
+  from: string;
+  secure: boolean;
+}
+
+function readSmtpConfig(): SmtpConfig | null {
+  const host = process.env['SMTP_HOST']?.trim();
+  if (!host) return null;
+  return {
+    host,
+    port: Number(process.env['SMTP_PORT'] ?? 587),
+    user: process.env['SMTP_USER']?.trim() || undefined,
+    pass: process.env['SMTP_PASS']?.trim() || undefined,
+    from: process.env['SMTP_FROM']?.trim() || 'TOWER <noreply@tower.local>',
+    secure: (process.env['SMTP_SECURE'] ?? '').toLowerCase() === 'true',
+  };
+}
+
+export function createEmailService(): EmailService {
+  const cfg = readSmtpConfig();
+  if (!cfg) {
+    logger.warn('SMTP_HOST not set — email notifications disabled');
+    return new NoopEmailService();
+  }
+  const transporter: Transporter = nodemailer.createTransport({
+    host: cfg.host,
+    port: cfg.port,
+    secure: cfg.secure,
+    ...(cfg.user ? { auth: { user: cfg.user, pass: cfg.pass ?? '' } } : {}),
+  });
+  logger.info({ host: cfg.host, port: cfg.port, from: cfg.from }, 'SMTP transport ready');
+  return new SmtpEmailService(transporter, cfg.from);
+}
+
+class NoopEmailService implements EmailService {
+  async sendPendingClaimNotification(input: { to: string; groupName: string; expiresAt: Date }): Promise<void> {
+    logger.info(
+      { to: input.to, groupName: input.groupName, expiresAt: input.expiresAt.toISOString() },
+      '[email-disabled] would send GROUP_PENDING_CLAIM notification',
+    );
+  }
+}
+
+class SmtpEmailService implements EmailService {
+  constructor(
+    private readonly transporter: Transporter,
+    private readonly from: string,
+  ) {}
+
+  async sendPendingClaimNotification(input: { to: string; groupName: string; expiresAt: Date }): Promise<void> {
+    const expiresInDays = Math.max(1, Math.ceil((input.expiresAt.getTime() - Date.now()) / (24 * 60 * 60 * 1000)));
+    const subject = `[TOWER] New group awaiting claim: ${input.groupName}`;
+    const text = [
+      `A WhatsApp group joined the TOWER bot and needs to be claimed by a tenant admin.`,
+      ``,
+      `Group:    ${input.groupName}`,
+      `Claim by: ${input.expiresAt.toISOString()} (within ${expiresInDays} day${expiresInDays === 1 ? '' : 's'})`,
+      ``,
+      `Sign in to your TOWER portal and go to Groups → Pending Claim to take ownership.`,
+      `If no owner claims it before the deadline, the bot will stop listening and the group will be marked EXPIRED.`,
+    ].join('\n');
+    try {
+      await this.transporter.sendMail({ from: this.from, to: input.to, subject, text });
+      logger.info({ to: input.to, groupName: input.groupName }, 'Sent GROUP_PENDING_CLAIM notification');
+    } catch (err) {
+      logger.error({ err, to: input.to, groupName: input.groupName }, 'Failed to send GROUP_PENDING_CLAIM notification');
+    }
+  }
+}
diff --git a/apps/worker/src/main.ts b/apps/worker/src/main.ts
index dfde1db..dca01f0 100644
--- a/apps/worker/src/main.ts
+++ b/apps/worker/src/main.ts
@@ -9,9 +9,12 @@ import { createForwardWorker } from './queues/forward.processor';
 import { createIndexQueue } from './queues/index.queue';
 import { createIndexWorker } from './queues/index.processor';
 import { WhatsAppSessionPool } from './whatsapp/session-pool';
-import { detectTags, isFlagged } from './whatsapp/tag-detector';
+import { matchContentRules, TenantRuleRow } from './whatsapp/match-rules';
 import { syncGroups } from './whatsapp/group-sync';
-import { handleStarReaction } from './core/approval';
+import { handleReaction } from './core/approval';
+import { approveMessage } from './core/approve-message';
+import { startOtpSenderLoop } from './whatsapp/otp-sender';
+import { handleCommand } from './whatsapp/command-handler';
 
 const logger = createLogger('tower-worker');
 
@@ -19,11 +22,6 @@ async function bootstrap() {
   const env = validateEnv();
   const prisma = new PrismaClient();
   await prisma.$connect();
-
-  const adminJids = env.TOWER_ADMIN_JIDS
-    ? env.TOWER_ADMIN_JIDS.split(',').map((j) => j.trim()).filter(Boolean)
-    : [];
-
   const meiliClient = createMeiliClient(env.MEILI_URL, env.MEILI_MASTER_KEY);
   await configureIndex(meiliClient).catch((err) =>
     logger.warn({ err }, 'Failed to configure Meilisearch index — search may be degraded'),
@@ -34,7 +32,7 @@ async function bootstrap() {
   const indexQueue = createIndexQueue(env.REDIS_URL);
   const pool = new WhatsAppSessionPool();
 
-  const ingestWorker = createIngestWorker(env.REDIS_URL, prisma);
+  const ingestWorker = createIngestWorker(env.REDIS_URL, prisma, pool, forwardQueue, indexQueue);
   const forwardWorker = createForwardWorker(env.REDIS_URL, pool);
   const indexWorker = createIndexWorker(env.REDIS_URL, meiliClient);
 
@@ -54,8 +52,12 @@ async function bootstrap() {
         account.id,
         account.sessionPath,
         async (msg, accountId) => {
-          const tags = detectTags(msg.content, msg.senderJid, adminJids);
-          if (!isFlagged(tags)) return;
+          logger.info({ groupJid: msg.sourceGroupJid, senderJid: msg.senderJid, content: msg.content?.slice(0, 80) }, 'Message received');
+
+          // Command handler intercepts STOP/START/PORTAL from non-bot members
+          await handleCommand(msg, accountId, prisma, pool).catch((err) =>
+            logger.error({ err }, 'Command handler error'),
+          );
 
           const groupMap = groupMaps.get(accountId);
           if (!groupMap) {
@@ -68,9 +70,76 @@ async function bootstrap() {
             return;
           }
 
+          // Resolve tenant from the group; drop messages from unclaimed groups
+          const group = await prisma.group.findUnique({
+            where: { id: sourceGroupId },
+            select: { tenantId: true },
+          });
+          if (!group || !group.tenantId) {
+            logger.info({ sourceGroupId }, 'Group not yet claimed — message dropped');
+            return;
+          }
+
+          // Check tenant state
+          const tenant = await prisma.tenant.findUnique({
+            where: { id: group.tenantId },
+            select: { isActive: true, isForwardingPaused: true },
+          });
+          if (!tenant || !tenant.isActive) {
+            logger.info({ tenantId: group.tenantId, sourceGroupId }, 'Tenant is inactive — message dropped');
+            return;
+          }
+          if (tenant.isForwardingPaused) {
+            logger.info({ tenantId: group.tenantId, sourceGroupId }, 'Forwarding paused for tenant — message dropped');
+            return;
+          }
+
+          // Load active rules for this tenant
+          const ruleRows: TenantRuleRow[] = await prisma.tenantRule.findMany({
+            where: { tenantId: group.tenantId, isActive: true },
+            select: { id: true, matchType: true, matchValue: true, action: true, priority: true },
+            orderBy: { priority: 'asc' },
+          });
+
+          const { tags, effectiveAction } = matchContentRules(msg.content, ruleRows);
+          logger.info({ tags, effectiveAction }, 'Rule match result');
+
+          // No matching rules — drop the message
+          if (tags.length === 0) return;
+
+          // SKIP action — silently drop
+          if (effectiveAction === 'SKIP') {
+            logger.info({ platformMsgId: msg.platformMsgId }, 'Message skipped by rule');
+            return;
+          }
+
+          // For AUTO_APPROVE, check if the sender is a group admin
+          let finalAction = effectiveAction;
+          if (effectiveAction === 'AUTO_APPROVE') {
+            try {
+              const sock = pool.get(accountId);
+              if (sock) {
+                const metadata = await sock.groupMetadata(msg.sourceGroupJid);
+                const isAdmin = metadata.participants?.some(
+                  (p: any) => p.id === msg.senderJid && (p.admin === 'admin' || p.admin === 'superadmin'),
+                );
+                if (isAdmin) {
+                  finalAction = 'AUTO_APPROVE';
+                } else {
+                  logger.info({ senderJid: msg.senderJid }, 'Sender is not a group admin — downgrading AUTO_APPROVE to FLAG');
+                  finalAction = 'FLAG';
+                }
+              }
+            } catch (err) {
+              logger.warn({ err, senderJid: msg.senderJid }, 'Failed to check group admin status — downgrading to FLAG');
+              finalAction = 'FLAG';
+            }
+          }
+
           await ingestQueue.add(
             'ingest',
             {
+              tenantId: group.tenantId,
               platformMsgId: msg.platformMsgId,
               platform: 'whatsapp',
               accountId,
@@ -79,14 +148,15 @@ async function bootstrap() {
               senderName: msg.senderName,
               content: msg.content,
               tags,
+              effectiveAction: finalAction ?? undefined,
             },
             { attempts: 3, backoff: { type: 'exponential', delay: 1000 } },
           );
 
-          logger.info({ platformMsgId: msg.platformMsgId, tags }, 'Message enqueued');
+          logger.info({ platformMsgId: msg.platformMsgId, tags, effectiveAction: finalAction }, 'Message enqueued');
         },
         async (reaction) => {
-          const result = await handleStarReaction(reaction, adminJids, prisma);
+          const result = await handleReaction(reaction, prisma, pool, forwardQueue, indexQueue);
           if (!result) return;
 
           const { forwardJobs, indexDoc } = result;
@@ -110,13 +180,13 @@ async function bootstrap() {
         },
         async (groups, accountId) => {
           logger.info({ count: Object.keys(groups).length, accountId }, 'Syncing groups');
-          const map = await syncGroups(groups, accountId, prisma);
+          const map = await syncGroups(groups, accountId, prisma, pool);
           groupMaps.set(accountId, map);
         },
         async (qr, accountId) => {
           await prisma.account.update({
             where: { id: accountId },
-            data: { qrCode: qr },
+            data: { qrCode: qr, status: 'PAIRING' },
           }).catch((err) => logger.error({ accountId, err }, 'Failed to store QR in DB'));
           logger.info({ accountId }, 'QR code updated');
         },
@@ -133,6 +203,12 @@ async function bootstrap() {
               data: { status: 'DISCONNECTED' },
             }).catch((err) => logger.error({ accountId, err }, 'Failed to update account status'));
             logger.info({ accountId }, 'Account logged out — awaiting QR scan');
+          } else if (status === 'disconnected') {
+            await prisma.account.update({
+              where: { id: accountId },
+              data: { status: 'DISCONNECTED' },
+            }).catch((err) => logger.error({ accountId, err }, 'Failed to update account status'));
+            logger.info({ accountId }, 'Account disconnected');
           }
         },
       );
@@ -141,14 +217,14 @@ async function bootstrap() {
     }
   }
 
-  // Load ACTIVE and DISCONNECTED accounts at startup (DISCONNECTED ones need re-auth)
+  // Load bot accounts at startup: ACTIVE, DISCONNECTED (need re-auth), PAIRING (mid-pairing)
   const accounts = await prisma.account.findMany({
-    where: { status: { in: ['ACTIVE', 'DISCONNECTED'] }, platform: 'whatsapp' },
+    where: { isBot: true, status: { in: ['ACTIVE', 'DISCONNECTED', 'PAIRING'] }, platform: 'whatsapp' },
     select: { id: true, sessionPath: true },
   });
 
   if (accounts.length === 0) {
-    logger.warn('No WhatsApp accounts found — add one via the dashboard');
+    logger.warn('No bot accounts found — pair one via /settings/bot');
   }
 
   for (const account of accounts) {
@@ -157,16 +233,18 @@ async function bootstrap() {
 
   logger.info({ accountCount: accounts.length }, 'Tower worker ready');
 
-  // Poll every 30s for accounts added via the dashboard while worker is running
+  // Poll every 30s for accounts added via the dashboard while worker is running.
+  // Every 60s, also re-fetch groups for each active session so newly-added groups
+  // are detected without requiring a worker restart.
   setInterval(async () => {
     try {
       const all = await prisma.account.findMany({
-        where: { status: { in: ['ACTIVE', 'DISCONNECTED'] }, platform: 'whatsapp' },
+        where: { isBot: true, status: { in: ['ACTIVE', 'DISCONNECTED', 'PAIRING'] }, platform: 'whatsapp' },
         select: { id: true, sessionPath: true },
       });
       for (const account of all) {
         if (!pool.get(account.id)) {
-          logger.info({ accountId: account.id }, 'New account detected — starting session');
+          logger.info({ accountId: account.id }, 'New bot account detected — starting session');
           await startAccount(account);
         }
       }
@@ -175,6 +253,26 @@ async function bootstrap() {
     }
   }, 30_000);
 
+  setInterval(async () => {
+    try {
+      for (const [accountId, sock] of pool.getAll()) {
+        try {
+          const groups = await sock.groupFetchAllParticipating();
+          logger.info({ count: Object.keys(groups).length, accountId }, 'Periodic group re-sync');
+          const map = await syncGroups(groups, accountId, prisma, pool);
+          groupMaps.set(accountId, map);
+        } catch (err) {
+          logger.warn({ accountId, err }, 'Periodic group re-sync failed');
+        }
+      }
+    } catch (err) {
+      logger.error({ err }, 'Error in periodic group re-sync loop');
+    }
+  }, 60_000);
+
+  // OTP-sender loop: pick up unsent OtpChallenges and DM them via the bot
+  startOtpSenderLoop(prisma, pool, logger);
+
   const shutdown = async () => {
     logger.info('Shutting down...');
     await pool.closeAll();
diff --git a/apps/worker/src/queues/forward.processor.test.ts b/apps/worker/src/queues/forward.processor.test.ts
index f93c822..18f64fb 100644
--- a/apps/worker/src/queues/forward.processor.test.ts
+++ b/apps/worker/src/queues/forward.processor.test.ts
@@ -4,6 +4,7 @@ import { ForwardJobData } from '@tower/types';
 const mockPool = { sendMessage: jest.fn().mockResolvedValue(undefined) };
 
 const baseJob: ForwardJobData = {
+  tenantId: 'tnt_1',
   messageId: 'msg_1',
   content: 'Event this Saturday at the temple',
   sourceGroupName: 'UP Parivar Dallas',
diff --git a/apps/worker/src/queues/index.processor.test.ts b/apps/worker/src/queues/index.processor.test.ts
index 139180a..b1407f7 100644
--- a/apps/worker/src/queues/index.processor.test.ts
+++ b/apps/worker/src/queues/index.processor.test.ts
@@ -9,6 +9,7 @@ jest.mock('@tower/search', () => ({
 
 function makeJob(overrides: Partial<IndexJobData> = {}): IndexJobData {
   return {
+    tenantId: 'tnt-1',
     messageId: 'msg-1',
     content: 'hello world',
     senderName: 'Alice',
@@ -24,11 +25,12 @@ function makeJob(overrides: Partial<IndexJobData> = {}): IndexJobData {
 describe('processIndexJob', () => {
   beforeEach(() => jest.clearAllMocks());
 
-  it('calls indexMessage with MeiliDocument shape', async () => {
+  it('calls indexMessage with MeiliDocument shape including tenantId', async () => {
     const mockClient = {} as any;
     await processIndexJob(makeJob(), mockClient);
     expect(indexMessage).toHaveBeenCalledWith(mockClient, {
       id: 'msg-1',
+      tenantId: 'tnt-1',
       content: 'hello world',
       senderName: 'Alice',
       sourceGroupId: 'grp-1',
diff --git a/apps/worker/src/queues/index.processor.ts b/apps/worker/src/queues/index.processor.ts
index e49d554..9e79fc8 100644
--- a/apps/worker/src/queues/index.processor.ts
+++ b/apps/worker/src/queues/index.processor.ts
@@ -10,6 +10,7 @@ export async function processIndexJob(job: IndexJobData, meiliClient: MeiliSearc
   }
   const doc: MeiliDocument = {
     id: job.messageId,
+    tenantId: job.tenantId,
     content: job.content,
     senderName: job.senderName ?? '',
     sourceGroupId: job.sourceGroupId,
diff --git a/apps/worker/src/queues/ingest.processor.test.ts b/apps/worker/src/queues/ingest.processor.test.ts
index 33dd3e4..ee4b91f 100644
--- a/apps/worker/src/queues/ingest.processor.test.ts
+++ b/apps/worker/src/queues/ingest.processor.test.ts
@@ -1,17 +1,24 @@
 import { processIngestJob } from './ingest.processor';
 import { IngestJobData } from '@tower/types';
+import { approveMessage } from '../core/approve-message';
+
+jest.mock('../core/approve-message');
 
 const mockPrisma = {
-  message: {
-    upsert: jest.fn(),
-  },
+  message: { upsert: jest.fn(), findUnique: jest.fn() },
+  group: { findUnique: jest.fn() },
+  tenant: { findUnique: jest.fn() },
+  memberOptOut: { findFirst: jest.fn() },
+  towerUser: { upsert: jest.fn() },
+  approval: { upsert: jest.fn() },
 };
 
 const sampleJob: IngestJobData = {
+  tenantId: 'tnt-1',
   platformMsgId: 'WA_MSG_001',
   platform: 'whatsapp',
   accountId: 'account-1',
-  sourceGroupId: 'clxxxxxx',
+  sourceGroupId: 'grp-1',
   senderJid: '919876543210@s.whatsapp.net',
   senderName: 'Alice',
   content: '#important update from the committee',
@@ -19,21 +26,40 @@ const sampleJob: IngestJobData = {
 };
 
 describe('processIngestJob', () => {
-  beforeEach(() => jest.clearAllMocks());
-
-  it('upserts a message with PENDING status', async () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp-1', claimStatus: 'CLAIMED' });
+    mockPrisma.tenant.findUnique.mockResolvedValue({ isActive: true, isForwardingPaused: false });
+    mockPrisma.memberOptOut.findFirst.mockResolvedValue(null);
+    mockPrisma.towerUser.upsert.mockResolvedValue({ id: 'user-1' });
     mockPrisma.message.upsert.mockResolvedValue({ id: 'msg-db-id' });
+    (approveMessage as jest.Mock).mockResolvedValue({ forwardJobs: [], indexDoc: {} });
+  });
 
+  it('drops message when group is not CLAIMED', async () => {
+    mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp-1', claimStatus: 'PENDING_CLAIM' });
     await processIngestJob(sampleJob, mockPrisma as any);
+    expect(mockPrisma.message.upsert).not.toHaveBeenCalled();
+  });
 
+  it('drops message when sender has opted out', async () => {
+    mockPrisma.memberOptOut.findFirst.mockResolvedValue({ id: 'opt-1' });
+    await processIngestJob(sampleJob, mockPrisma as any);
+    expect(mockPrisma.message.upsert).not.toHaveBeenCalled();
+  });
+
+  it('upserts a message with PENDING status by default', async () => {
+    await processIngestJob(sampleJob, mockPrisma as any);
     expect(mockPrisma.message.upsert).toHaveBeenCalledWith({
       where: { platform_platformMsgId: { platform: 'whatsapp', platformMsgId: 'WA_MSG_001' } },
       create: {
+        tenantId: 'tnt-1',
         platform: 'whatsapp',
         platformMsgId: 'WA_MSG_001',
-        sourceGroupId: 'clxxxxxx',
+        sourceGroupId: 'grp-1',
         senderJid: '919876543210@s.whatsapp.net',
         senderName: 'Alice',
+        senderTowerUserId: 'user-1',
         content: '#important update from the committee',
         tags: ['#important'],
         status: 'PENDING',
@@ -51,4 +77,35 @@ describe('processIngestJob', () => {
     mockPrisma.message.upsert.mockRejectedValue(new Error('DB connection lost'));
     await expect(processIngestJob(sampleJob, mockPrisma as any)).rejects.toThrow('DB connection lost');
   });
+
+  it('creates REJECTED message when effectiveAction is REJECT', async () => {
+    mockPrisma.message.upsert.mockResolvedValue({ id: 'msg-rejected' });
+    await processIngestJob({ ...sampleJob, effectiveAction: 'REJECT' }, mockPrisma as any);
+    expect(mockPrisma.message.upsert).toHaveBeenCalledWith(
+      expect.objectContaining({
+        create: expect.objectContaining({ status: 'REJECTED' }),
+      }),
+    );
+    expect(mockPrisma.approval.upsert).toHaveBeenCalledWith({
+      where: { messageId: 'msg-rejected' },
+      update: {},
+      create: {
+        tenantId: 'tnt-1',
+        messageId: 'msg-rejected',
+        adminId: 'system',
+        decision: 'REJECTED',
+      },
+    });
+  });
+
+  it('calls approveMessage when effectiveAction is AUTO_APPROVE', async () => {
+    mockPrisma.message.upsert.mockResolvedValue({ id: 'msg-auto' });
+    await processIngestJob({ ...sampleJob, effectiveAction: 'AUTO_APPROVE' }, mockPrisma as any);
+    expect(approveMessage).toHaveBeenCalledWith('msg-auto', 'tnt-1', 'system', mockPrisma);
+  });
+
+  it('does not call approveMessage for FLAG (default)', async () => {
+    await processIngestJob(sampleJob, mockPrisma as any);
+    expect(approveMessage).not.toHaveBeenCalled();
+  });
 });
diff --git a/apps/worker/src/queues/ingest.processor.ts b/apps/worker/src/queues/ingest.processor.ts
index 26cb1b2..19a543c 100644
--- a/apps/worker/src/queues/ingest.processor.ts
+++ b/apps/worker/src/queues/ingest.processor.ts
@@ -1,9 +1,71 @@
-import { Worker } from 'bullmq';
-import { IngestJobData } from '@tower/types';
+import { Worker, Queue } from 'bullmq';
+import { IngestJobData, ForwardJobData, IndexJobData } from '@tower/types';
 import { parseRedisUrl } from './redis-connection';
+import { approveMessage } from '../core/approve-message';
+import { createLogger } from '@tower/logger';
 
-export async function processIngestJob(job: IngestJobData, prisma: any): Promise<void> {
-  await prisma.message.upsert({
+const logger = createLogger('ingest-processor');
+
+export async function processIngestJob(
+  job: IngestJobData,
+  prisma: any,
+  pool?: any,
+  forwardQueue?: Queue<ForwardJobData>,
+  indexQueue?: Queue<IndexJobData>,
+): Promise<void> {
+  // Defensive: drop messages from non-CLAIMED groups
+  const group = await prisma.group.findUnique({
+    where: { id: job.sourceGroupId },
+    select: { claimStatus: true },
+  });
+  if (!group || group.claimStatus !== 'CLAIMED') {
+    return;
+  }
+
+  // Safety net: drop if tenant is inactive or paused
+  const tenant = await prisma.tenant.findUnique({
+    where: { id: job.tenantId },
+    select: { isActive: true, isForwardingPaused: true },
+  });
+  if (!tenant || !tenant.isActive || tenant.isForwardingPaused) {
+    return;
+  }
+
+  // If the sender has opted out of this group, drop the message
+  const phoneHash = `jid:${job.senderJid}`;
+  const optOut = await prisma.memberOptOut.findFirst({
+    where: {
+      tenantId: job.tenantId,
+      groupId: job.sourceGroupId,
+      user: { jid: job.senderJid, phoneHash },
+    },
+    select: { id: true },
+  });
+  if (optOut) {
+    return;
+  }
+
+  // Resolve or create TowerUser for sender
+  const user = await prisma.towerUser.upsert({
+    where: { tenantId_phoneHash: { tenantId: job.tenantId, phoneHash } },
+    update: {},
+    create: {
+      tenantId: job.tenantId,
+      phoneHash,
+      jid: job.senderJid,
+      displayName: job.senderName ?? job.senderJid,
+    },
+  });
+
+  // Determine the initial status based on effectiveAction
+  let initialStatus: string;
+  if (job.effectiveAction === 'REJECT') {
+    initialStatus = 'REJECTED';
+  } else {
+    initialStatus = 'PENDING';
+  }
+
+  const msg = await prisma.message.upsert({
     where: {
       platform_platformMsgId: {
         platform: job.platform,
@@ -11,23 +73,70 @@ export async function processIngestJob(job: IngestJobData, prisma: any): Promise
       },
     },
     create: {
+      tenantId: job.tenantId,
       platform: job.platform,
       platformMsgId: job.platformMsgId,
       sourceGroupId: job.sourceGroupId,
       senderJid: job.senderJid,
       senderName: job.senderName,
+      senderTowerUserId: user.id,
       content: job.content,
       tags: job.tags,
-      status: 'PENDING',
+      status: initialStatus,
     },
     update: {},
   });
+
+  // For REJECT, create an approval record so it's searchable as rejected
+  if (job.effectiveAction === 'REJECT') {
+    await prisma.approval.upsert({
+      where: { messageId: msg.id },
+      update: {},
+      create: {
+        tenantId: job.tenantId,
+        messageId: msg.id,
+        adminId: 'system',
+        decision: 'REJECTED',
+      },
+    });
+    logger.info({ messageId: msg.id }, 'Message rejected by rule');
+    return;
+  }
+
+  // For AUTO_APPROVE, immediately approve via approveMessage helper
+  if (job.effectiveAction === 'AUTO_APPROVE') {
+    const result = await approveMessage(msg.id, job.tenantId, 'system', prisma);
+    if (result) {
+      if (forwardQueue) {
+        for (const fwd of result.forwardJobs) {
+          await forwardQueue.add('forward', fwd, {
+            attempts: 3,
+            backoff: { type: 'exponential', delay: 2000 },
+          });
+        }
+      }
+      if (indexQueue) {
+        await indexQueue.add('index', result.indexDoc, {
+          attempts: 3,
+          backoff: { type: 'exponential', delay: 1000 },
+        });
+      }
+      logger.info({ messageId: msg.id, forwardCount: result.forwardJobs.length }, 'Message auto-approved');
+    }
+    return;
+  }
 }
 
-export function createIngestWorker(redisUrl: string, prisma: any): Worker<IngestJobData> {
+export function createIngestWorker(
+  redisUrl: string,
+  prisma: any,
+  pool?: any,
+  forwardQueue?: Queue<ForwardJobData>,
+  indexQueue?: Queue<IndexJobData>,
+): Worker<IngestJobData> {
   return new Worker<IngestJobData>(
     'tower-ingest',
-    async (job) => processIngestJob(job.data, prisma),
+    async (job) => processIngestJob(job.data, prisma, pool, forwardQueue, indexQueue),
     { connection: parseRedisUrl(redisUrl) },
   );
 }
diff --git a/apps/worker/src/whatsapp/command-handler.test.ts b/apps/worker/src/whatsapp/command-handler.test.ts
new file mode 100644
index 0000000..4427710
--- /dev/null
+++ b/apps/worker/src/whatsapp/command-handler.test.ts
@@ -0,0 +1,124 @@
+import { handleCommand } from './command-handler';
+import type { NormalizedMessage } from '@tower/types';
+
+function makeMsg(overrides: Partial<NormalizedMessage> = {}): NormalizedMessage {
+  return {
+    platformMsgId: 'WA_MSG_001',
+    sourceGroupJid: '120363043312345678@g.us',
+    senderJid: '919876543210@s.whatsapp.net',
+    senderName: 'Alice',
+    content: '',
+    accountId: 'acc-1',
+    ...overrides,
+  };
+}
+
+const mockPrisma: any = {
+  group: { findUnique: jest.fn() },
+  towerUser: { upsert: jest.fn() },
+  consentRecord: { findFirst: jest.fn(), create: jest.fn(), update: jest.fn(), updateMany: jest.fn() },
+  memberOptOut: { create: jest.fn() },
+  auditEvent: { create: jest.fn() },
+};
+
+const mockPool: any = {
+  sendMessage: jest.fn().mockResolvedValue(undefined),
+};
+
+describe('handleCommand', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('returns false for non-command messages', async () => {
+    const handled = await handleCommand(makeMsg({ content: 'hello world' }), 'acc-1', mockPrisma, mockPool);
+    expect(handled).toBe(false);
+    expect(mockPool.sendMessage).not.toHaveBeenCalled();
+  });
+
+  describe('STOP', () => {
+    it('creates opt-out and revokes consent for claimed group', async () => {
+      mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp-1', tenantId: 'tnt-1', claimStatus: 'CLAIMED' });
+      mockPrisma.towerUser.upsert.mockResolvedValue({ id: 'user-1' });
+      mockPrisma.consentRecord.updateMany.mockResolvedValue({ count: 1 });
+      mockPrisma.memberOptOut.create.mockResolvedValue({});
+      mockPrisma.auditEvent.create.mockResolvedValue({});
+
+      const handled = await handleCommand(
+        makeMsg({ content: 'STOP' }),
+        'acc-1',
+        mockPrisma,
+        mockPool,
+      );
+      expect(handled).toBe(true);
+      expect(mockPrisma.consentRecord.updateMany).toHaveBeenCalled();
+      expect(mockPrisma.memberOptOut.create).toHaveBeenCalledWith(
+        expect.objectContaining({ data: expect.objectContaining({ reason: 'STOP_KEYWORD' }) }),
+      );
+      expect(mockPool.sendMessage).toHaveBeenCalledWith(
+        'acc-1',
+        '919876543210@s.whatsapp.net',
+        expect.stringContaining("opted out"),
+      );
+    });
+
+    it('is a no-op for non-claimed groups', async () => {
+      mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp-1', claimStatus: 'PENDING_CLAIM' });
+      const handled = await handleCommand(
+        makeMsg({ content: 'STOP' }),
+        'acc-1',
+        mockPrisma,
+        mockPool,
+      );
+      expect(handled).toBe(false);
+      expect(mockPrisma.consentRecord.updateMany).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('START', () => {
+    it('re-grants default scopes', async () => {
+      mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp-1', tenantId: 'tnt-1', claimStatus: 'CLAIMED' });
+      mockPrisma.towerUser.upsert.mockResolvedValue({ id: 'user-1' });
+      mockPrisma.consentRecord.findFirst.mockResolvedValue({
+        id: 'c-1',
+        scopes: ['INGEST'],
+        retentionDays: 90,
+      });
+      mockPrisma.consentRecord.update.mockResolvedValue({});
+
+      const handled = await handleCommand(
+        makeMsg({ content: 'start' }),
+        'acc-1',
+        mockPrisma,
+        mockPool,
+      );
+      expect(handled).toBe(true);
+      expect(mockPrisma.consentRecord.update).toHaveBeenCalledWith(
+        expect.objectContaining({
+          where: { id: 'c-1' },
+          data: expect.objectContaining({ status: 'GRANTED' }),
+        }),
+      );
+    });
+  });
+
+  describe('PORTAL', () => {
+    it('sends an onboarding link', async () => {
+      mockPrisma.group.findUnique.mockResolvedValue({ id: 'grp-1', tenantId: 'tnt-1', claimStatus: 'CLAIMED' });
+      mockPrisma.towerUser.upsert.mockResolvedValue({ id: 'user-1' });
+
+      const handled = await handleCommand(
+        makeMsg({ content: 'portal' }),
+        'acc-1',
+        mockPrisma,
+        mockPool,
+      );
+      expect(handled).toBe(true);
+      expect(mockPool.sendMessage).toHaveBeenCalledWith(
+        'acc-1',
+        '919876543210@s.whatsapp.net',
+        expect.stringContaining('/onboard?token='),
+      );
+    });
+  });
+});
diff --git a/apps/worker/src/whatsapp/command-handler.ts b/apps/worker/src/whatsapp/command-handler.ts
new file mode 100644
index 0000000..7a02b61
--- /dev/null
+++ b/apps/worker/src/whatsapp/command-handler.ts
@@ -0,0 +1,232 @@
+import type { NormalizedMessage } from '@tower/types';
+import { createLogger } from '@tower/logger';
+import { WhatsAppSessionPool } from './session-pool';
+
+const logger = createLogger('command-handler');
+
+const PORTAL_BASE = process.env['TOWER_PORTAL_BASE_URL'] ?? 'http://localhost:3000';
+
+const STOP_REGEX = /^\s*stop\s*$/i;
+const START_REGEX = /^\s*start\s*$/i;
+const PORTAL_REGEX = /^\s*portal\s*$/i;
+const COMMANDS_REGEX = /^\s*commands\s*$/i;
+
+export async function handleCommand(
+  msg: NormalizedMessage,
+  accountId: string,
+  prisma: any,
+  pool: WhatsAppSessionPool,
+): Promise<boolean> {
+  if (!msg.content) return false;
+  const text = msg.content.trim();
+
+  if (STOP_REGEX.test(text)) {
+    return await handleStop(msg, accountId, prisma, pool);
+  }
+  if (START_REGEX.test(text)) {
+    return await handleStart(msg, accountId, prisma, pool);
+  }
+  if (PORTAL_REGEX.test(text)) {
+    return await handlePortal(msg, accountId, prisma, pool);
+  }
+  if (COMMANDS_REGEX.test(text)) {
+    return await handleCommands(msg, accountId, pool);
+  }
+  return false;
+}
+
+async function handleStop(
+  msg: NormalizedMessage,
+  accountId: string,
+  prisma: any,
+  pool: WhatsAppSessionPool,
+): Promise<boolean> {
+  const group = await prisma.group.findUnique({
+    where: { platform_platformId: { platform: 'whatsapp', platformId: msg.sourceGroupJid } },
+    select: { id: true, tenantId: true, claimStatus: true },
+  });
+  if (!group || group.claimStatus !== 'CLAIMED' || !group.tenantId) {
+    return false;
+  }
+  // Find or create a TowerUser by jid (phone not yet known for STOP-only flow)
+  const phoneHash = `stop:${msg.senderJid}`;
+  const user = await prisma.towerUser.upsert({
+    where: { tenantId_phoneHash: { tenantId: group.tenantId, phoneHash } },
+    update: { jid: msg.senderJid },
+    create: {
+      tenantId: group.tenantId,
+      phoneHash,
+      jid: msg.senderJid,
+      displayName: msg.senderName ?? msg.senderJid,
+    },
+  });
+  // Revoke all active consents in this group
+  await prisma.consentRecord.updateMany({
+    where: { userId: user.id, tenantId: group.tenantId, groupId: group.id, status: 'GRANTED' },
+    data: { status: 'REVOKED', revokedAt: new Date() },
+  });
+  await prisma.memberOptOut.create({
+    data: {
+      tenantId: group.tenantId,
+      userId: user.id,
+      groupId: group.id,
+      reason: 'STOP_KEYWORD',
+    },
+  });
+  await prisma.auditEvent.create({
+    data: {
+      tenantId: group.tenantId,
+      actorType: 'MEMBER',
+      actorId: user.id,
+      action: 'MEMBER_OPT_OUT',
+      resourceType: 'TowerUser',
+      resourceId: user.id,
+      payload: { jid: msg.senderJid, groupId: group.id, reason: 'STOP_KEYWORD' },
+    },
+  });
+  try {
+    await pool.sendMessage(
+      accountId,
+      msg.senderJid,
+      "You've been opted out. Type START in this group to rejoin.",
+    );
+  } catch (err) {
+    logger.warn({ err, jid: msg.senderJid }, 'Failed to send STOP confirmation DM');
+  }
+  logger.info({ jid: msg.senderJid, groupId: group.id }, 'STOP processed');
+  return true;
+}
+
+async function handleStart(
+  msg: NormalizedMessage,
+  accountId: string,
+  prisma: any,
+  pool: WhatsAppSessionPool,
+): Promise<boolean> {
+  const group = await prisma.group.findUnique({
+    where: { platform_platformId: { platform: 'whatsapp', platformId: msg.sourceGroupJid } },
+    select: { id: true, tenantId: true, claimStatus: true },
+  });
+  if (!group || group.claimStatus !== 'CLAIMED' || !group.tenantId) {
+    return false;
+  }
+  const phoneHash = `stop:${msg.senderJid}`;
+  const user = await prisma.towerUser.upsert({
+    where: { tenantId_phoneHash: { tenantId: group.tenantId, phoneHash } },
+    update: { jid: msg.senderJid },
+    create: {
+      tenantId: group.tenantId,
+      phoneHash,
+      jid: msg.senderJid,
+      displayName: msg.senderName ?? msg.senderJid,
+    },
+  });
+  const existing = await prisma.consentRecord.findFirst({
+    where: { userId: user.id, tenantId: group.tenantId, groupId: group.id },
+  });
+  if (existing) {
+    await prisma.consentRecord.update({
+      where: { id: existing.id },
+      data: {
+        status: 'GRANTED',
+        scopes: existing.scopes.length > 0 ? existing.scopes : ['INGEST', 'DISPLAY'],
+        retentionDays: existing.retentionDays,
+        revokedAt: null,
+        effectiveAt: new Date(),
+      },
+    });
+  } else {
+    await prisma.consentRecord.create({
+      data: {
+        tenantId: group.tenantId,
+        groupId: group.id,
+        userId: user.id,
+        scopes: ['INGEST', 'DISPLAY'],
+        retentionDays: 90,
+        policyVersion: 'v1',
+        status: 'GRANTED',
+        proofEventId: user.id,
+      },
+    });
+  }
+  try {
+    await pool.sendMessage(
+      accountId,
+      msg.senderJid,
+      "Welcome back. Your default scopes (INGEST, DISPLAY) are re-granted. Visit your portal to customize: " +
+        `${PORTAL_BASE}/my`,
+    );
+  } catch (err) {
+    logger.warn({ err, jid: msg.senderJid }, 'Failed to send START confirmation DM');
+  }
+  logger.info({ jid: msg.senderJid, groupId: group.id }, 'START processed');
+  return true;
+}
+
+async function handlePortal(
+  msg: NormalizedMessage,
+  accountId: string,
+  prisma: any,
+  pool: WhatsAppSessionPool,
+): Promise<boolean> {
+  const group = await prisma.group.findUnique({
+    where: { platform_platformId: { platform: 'whatsapp', platformId: msg.sourceGroupJid } },
+    select: { id: true, tenantId: true, claimStatus: true },
+  });
+  if (!group || group.claimStatus !== 'CLAIMED' || !group.tenantId) {
+    return false;
+  }
+  // Reuse same phoneHash scheme as STOP/START so the same user is found
+  const phoneHash = `stop:${msg.senderJid}`;
+  const user = await prisma.towerUser.upsert({
+    where: { tenantId_phoneHash: { tenantId: group.tenantId, phoneHash } },
+    update: { jid: msg.senderJid },
+    create: {
+      tenantId: group.tenantId,
+      phoneHash,
+      jid: msg.senderJid,
+      displayName: msg.senderName ?? msg.senderJid,
+    },
+  });
+  const onboardingToken = await issueOnboardingToken(prisma, group.tenantId, group.id, msg.senderJid);
+  try {
+    await pool.sendMessage(
+      accountId,
+      msg.senderJid,
+      `Manage your data: ${PORTAL_BASE}/onboard?token=${onboardingToken}`,
+    );
+  } catch (err) {
+    logger.warn({ err, jid: msg.senderJid }, 'Failed to send PORTAL link DM');
+  }
+  return true;
+}
+
+async function handleCommands(
+  msg: NormalizedMessage,
+  accountId: string,
+  pool: WhatsAppSessionPool,
+): Promise<boolean> {
+  try {
+    await pool.sendMessage(
+      accountId,
+      msg.senderJid,
+      'TOWER commands: STOP (opt out), START (rejoin), PORTAL (get your data link).',
+    );
+  } catch (err) {
+    logger.warn({ err, jid: msg.senderJid }, 'Failed to send COMMANDS reply');
+  }
+  return true;
+}
+
+async function issueOnboardingToken(
+  prisma: any,
+  tenantId: string,
+  groupId: string,
+  jid: string,
+): Promise<string> {
+  // For Phase 2B the onboarding token is the base64url({groupId, jid, tenantId}) shape.
+  // The API re-verifies this token (decodes the payload) and trusts the OTP step
+  // for actual authentication. In a future phase we can sign with JWT_SECRET here.
+  const payload = { tenantId, groupId, jid };
+  return Buffer.from(JSON.stringify(payload), 'utf8').toString('base64url');
+}
diff --git a/apps/worker/src/whatsapp/group-sync.test.ts b/apps/worker/src/whatsapp/group-sync.test.ts
index 7488503..35e8cbd 100644
--- a/apps/worker/src/whatsapp/group-sync.test.ts
+++ b/apps/worker/src/whatsapp/group-sync.test.ts
@@ -1,45 +1,48 @@
 import { syncGroups } from './group-sync';
 import { GroupMetadata } from '@whiskeysockets/baileys';
 
+const makeGroup = (id: string, name: string, desc?: string, participants?: any[]): GroupMetadata => ({
+  id,
+  subject: name,
+  desc,
+  participants: participants ?? [],
+  creation: 0,
+  owner: undefined,
+  restrict: false,
+  announce: false,
+  subjectOwner: undefined,
+  subjectTime: 0,
+  size: 0,
+  ephemeralDuration: 0,
+  inviteCode: undefined,
+});
+
 const mockGroups: Record<string, GroupMetadata> = {
-  '120363043312345678@g.us': {
-    id: '120363043312345678@g.us',
-    subject: 'UP Parivar Dallas',
-    desc: 'Main community group',
-    participants: [],
-    creation: 0,
-    owner: undefined,
-    restrict: false,
-    announce: false,
-    subjectOwner: undefined,
-    subjectTime: 0,
-    size: 0,
-    ephemeralDuration: 0,
-    inviteCode: undefined,
-  },
-  '999999999@g.us': {
-    id: '999999999@g.us',
-    subject: 'Events Committee',
-    desc: undefined,
-    participants: [],
-    creation: 0,
-    owner: undefined,
-    restrict: false,
-    announce: false,
-    subjectOwner: undefined,
-    subjectTime: 0,
-    size: 0,
-    ephemeralDuration: 0,
-    inviteCode: undefined,
-  },
+  '120363043312345678@g.us': makeGroup('120363043312345678@g.us', 'UP Parivar Dallas', 'Main community group', [
+    { id: 'superadmin@s.whatsapp.net', admin: 'superadmin' },
+    { id: 'admin@s.whatsapp.net', admin: 'admin' },
+  ]),
+  '999999999@g.us': makeGroup('999999999@g.us', 'Events Committee', undefined, [
+    { id: 'creator@s.whatsapp.net', admin: 'superadmin' },
+  ]),
 };
 
 const mockPrisma = {
   group: {
+    findUnique: jest.fn().mockResolvedValue(null),
+    findMany: jest.fn().mockResolvedValue([]),
     upsert: jest.fn(),
+    update: jest.fn(),
   },
+  tenant: { findFirst: jest.fn().mockResolvedValue({ id: 'tenant-system' }) },
+  groupClaimToken: { create: jest.fn().mockResolvedValue({ id: 'tok_1' }) },
+  auditEvent: { create: jest.fn().mockResolvedValue(undefined) },
 };
 
+const mockPool = {
+  sendMessage: jest.fn().mockResolvedValue(undefined),
+} as any;
+
 describe('syncGroups', () => {
   beforeEach(() => jest.clearAllMocks());
 
@@ -48,59 +51,187 @@ describe('syncGroups', () => {
       .mockResolvedValueOnce({ id: 'db-group-1' })
       .mockResolvedValueOnce({ id: 'db-group-2' });
 
-    const result = await syncGroups(mockGroups, 'account-1', mockPrisma as any);
+    const result = await syncGroups(mockGroups, 'account-1', mockPrisma as any, mockPool);
 
     expect(mockPrisma.group.upsert).toHaveBeenCalledTimes(2);
     expect(result.get('120363043312345678@g.us')).toBe('db-group-1');
     expect(result.get('999999999@g.us')).toBe('db-group-2');
   });
 
-  it('calls upsert with correct create payload', async () => {
+  it('upserts with no claimStatus, isActive, and accountId', async () => {
     mockPrisma.group.upsert.mockResolvedValue({ id: 'db-group-1' });
 
     await syncGroups(
       { '120363043312345678@g.us': mockGroups['120363043312345678@g.us'] },
       'account-1',
       mockPrisma as any,
-    );
-
-    expect(mockPrisma.group.upsert).toHaveBeenCalledWith({
-      where: { platform_platformId: { platform: 'whatsapp', platformId: '120363043312345678@g.us' } },
-      create: {
-        platform: 'whatsapp',
-        platformId: '120363043312345678@g.us',
-        name: 'UP Parivar Dallas',
-        description: 'Main community group',
-        isActive: true,
-        accountId: 'account-1',
-      },
-      update: {
-        name: 'UP Parivar Dallas',
-        description: 'Main community group',
-        accountId: 'account-1',
-      },
-    });
-  });
-
-  it('handles groups with no description', async () => {
-    mockPrisma.group.upsert.mockResolvedValue({ id: 'db-group-2' });
-
-    await syncGroups(
-      { '999999999@g.us': mockGroups['999999999@g.us'] },
-      'account-1',
-      mockPrisma as any,
+      mockPool,
     );
 
     expect(mockPrisma.group.upsert).toHaveBeenCalledWith(
       expect.objectContaining({
-        create: expect.objectContaining({ description: undefined, accountId: 'account-1' }),
+        where: { platform_platformId: { platform: 'whatsapp', platformId: '120363043312345678@g.us' } },
+        create: expect.objectContaining({
+          isActive: true,
+          accountId: 'account-1',
+        }),
+        update: expect.objectContaining({
+          name: 'UP Parivar Dallas',
+          accountId: 'account-1',
+        }),
+      }),
+    );
+    // No claimStatus or claimExpiresAt in upsert
+    expect(mockPrisma.group.upsert.mock.calls[0][0].create).not.toHaveProperty('claimStatus');
+  });
+
+  it('sends intro message AND DMs claim link to superadmin on new group', async () => {
+    mockPrisma.group.upsert.mockResolvedValue({ id: 'db-group-1' });
+
+    await syncGroups(
+      { '120363043312345678@g.us': mockGroups['120363043312345678@g.us'] },
+      'account-1',
+      mockPrisma as any,
+      mockPool,
+    );
+
+    // Intro message to group
+    expect(mockPool.sendMessage).toHaveBeenCalledWith(
+      'account-1',
+      '120363043312345678@g.us',
+      expect.stringContaining("I'm TOWER"),
+    );
+
+    // Claim link DM to superadmin
+    expect(mockPool.sendMessage).toHaveBeenCalledWith(
+      'account-1',
+      'superadmin@s.whatsapp.net',
+      expect.stringContaining('tower.app/claim-group?token='),
+    );
+  });
+
+  it('generates GroupClaimToken for new group', async () => {
+    mockPrisma.group.upsert.mockResolvedValue({ id: 'db-group-1' });
+
+    await syncGroups(
+      { '120363043312345678@g.us': mockGroups['120363043312345678@g.us'] },
+      'account-1',
+      mockPrisma as any,
+      mockPool,
+    );
+
+    expect(mockPrisma.groupClaimToken.create).toHaveBeenCalledWith(
+      expect.objectContaining({
+        data: expect.objectContaining({
+          groupId: 'db-group-1',
+          creatorJid: 'superadmin@s.whatsapp.net',
+        }),
       }),
     );
   });
 
-  it('returns an empty map when given empty groups', async () => {
-    const result = await syncGroups({}, 'account-1', mockPrisma as any);
+  it('emits GROUP_CLAIM_TOKEN_SENT audit event', async () => {
+    mockPrisma.group.upsert.mockResolvedValue({ id: 'db-group-1' });
+
+    await syncGroups(
+      { '120363043312345678@g.us': mockGroups['120363043312345678@g.us'] },
+      'account-1',
+      mockPrisma as any,
+      mockPool,
+    );
+
+    expect(mockPrisma.auditEvent.create).toHaveBeenCalledWith(
+      expect.objectContaining({
+        data: expect.objectContaining({
+          action: 'GROUP_CLAIM_TOKEN_SENT',
+          resourceType: 'Group',
+          resourceId: 'db-group-1',
+          actorType: 'SYSTEM',
+        }),
+      }),
+    );
+  });
+
+  it('does NOT send claim link when group is already claimed (bot re-added)', async () => {
+    mockPrisma.group.findUnique.mockResolvedValue({ id: 'db-group-1', tenantId: 'tnt-A', accountId: 'old-account' });
+    mockPrisma.group.upsert.mockResolvedValue({ id: 'db-group-1' });
+
+    await syncGroups(
+      { '120363043312345678@g.us': mockGroups['120363043312345678@g.us'] },
+      'account-1',
+      mockPrisma as any,
+      mockPool,
+    );
+
+    // Intro still sent
+    expect(mockPool.sendMessage).toHaveBeenCalledWith(
+      'account-1',
+      '120363043312345678@g.us',
+      expect.any(String),
+    );
+
+    // But no token generated
+    expect(mockPrisma.groupClaimToken.create).not.toHaveBeenCalled();
+  });
+
+  it('returns empty map when given empty groups', async () => {
+    const result = await syncGroups({}, 'account-1', mockPrisma as any, mockPool);
     expect(result.size).toBe(0);
     expect(mockPrisma.group.upsert).not.toHaveBeenCalled();
   });
+
+  // --- removal / re-add detection -------------------------------------------
+
+  it('marks groups inactive and emits GROUP_BOT_REMOVED when bot is removed', async () => {
+    mockPrisma.group.upsert.mockResolvedValue({ id: 'db-group-current' });
+    mockPrisma.group.findMany
+      .mockResolvedValueOnce([{ id: 'db-group-stale', platformId: 'old-group@g.us', tenantId: 'tnt-A', name: 'Old Group' }])
+      .mockResolvedValueOnce([]);
+
+    await syncGroups(mockGroups, 'account-1', mockPrisma as any, mockPool);
+
+    expect(mockPrisma.group.update).toHaveBeenCalledWith(
+      expect.objectContaining({ where: { id: 'db-group-stale' }, data: { isActive: false } }),
+    );
+    expect(mockPrisma.auditEvent.create).toHaveBeenCalledWith(
+      expect.objectContaining({
+        data: expect.objectContaining({
+          action: 'GROUP_BOT_REMOVED',
+          tenantId: 'tnt-A',
+          resourceId: 'db-group-stale',
+        }),
+      }),
+    );
+  });
+
+  it('marks groups active and emits GROUP_BOT_RE_ADDED when bot is re-added', async () => {
+    mockPrisma.group.upsert.mockResolvedValue({ id: 'db-group-1' });
+    mockPrisma.group.findMany
+      .mockResolvedValueOnce([])
+      .mockResolvedValueOnce([{ id: 'db-group-returned', platformId: '120363043312345678@g.us', tenantId: 'tnt-A', name: 'Returned Group' }]);
+
+    await syncGroups(mockGroups, 'account-1', mockPrisma as any, mockPool);
+
+    expect(mockPrisma.group.update).toHaveBeenCalledWith(
+      expect.objectContaining({ where: { id: 'db-group-returned' }, data: { isActive: true } }),
+    );
+    expect(mockPrisma.auditEvent.create).toHaveBeenCalledWith(
+      expect.objectContaining({
+        data: expect.objectContaining({
+          action: 'GROUP_BOT_RE_ADDED',
+          tenantId: 'tnt-A',
+          resourceId: 'db-group-returned',
+        }),
+      }),
+    );
+  });
+
+  it('does not touch any groups when all current groups are accounted for', async () => {
+    mockPrisma.group.upsert.mockResolvedValue({ id: 'db-group-1' });
+    mockPrisma.group.findMany.mockResolvedValue([]);
+
+    await syncGroups(mockGroups, 'account-1', mockPrisma as any, mockPool);
+
+    expect(mockPrisma.group.update).not.toHaveBeenCalled();
+  });
 });
diff --git a/apps/worker/src/whatsapp/group-sync.ts b/apps/worker/src/whatsapp/group-sync.ts
index 11dfc5b..244a7ad 100644
--- a/apps/worker/src/whatsapp/group-sync.ts
+++ b/apps/worker/src/whatsapp/group-sync.ts
@@ -1,16 +1,32 @@
+import { randomBytes } from 'crypto';
 import { GroupMetadata } from '@whiskeysockets/baileys';
 import { createLogger } from '@tower/logger';
+import { WhatsAppSessionPool } from './session-pool';
 
 const logger = createLogger('group-sync');
 
+const TOKEN_TTL_MS = 48 * 60 * 60 * 1000;
+
+const INTRO_MESSAGE =
+  "Hi, I'm TOWER. I'll be archiving messages from this group.";
+
+const CLAIM_DM = (groupName: string, token: string) =>
+  `TOWER was added to "${groupName}". Claim it here (one-time, expires 48h): tower.app/claim-group?token=${token}`;
+
 export async function syncGroups(
   groups: Record<string, GroupMetadata>,
   accountId: string,
   prisma: any,
+  pool: WhatsAppSessionPool,
 ): Promise<Map<string, string>> {
   const jidToDbId = new Map<string, string>();
 
   for (const [jid, meta] of Object.entries(groups)) {
+    const existing = await prisma.group.findUnique({
+      where: { platform_platformId: { platform: 'whatsapp', platformId: jid } },
+      select: { id: true, tenantId: true, accountId: true },
+    });
+
     const group = await prisma.group.upsert({
       where: { platform_platformId: { platform: 'whatsapp', platformId: jid } },
       create: {
@@ -28,8 +44,121 @@ export async function syncGroups(
       },
     });
     jidToDbId.set(jid, group.id);
+
+    // New or re-added group — send intro + DM claim link to superadmin
+    if (!existing || existing.accountId !== accountId) {
+      logger.info({ jid, groupId: group.id, name: meta.subject }, 'New group detected — sending intro');
+
+      // Intro message to group
+      try {
+        await pool.sendMessage(accountId, jid, INTRO_MESSAGE);
+      } catch (err) {
+        logger.warn({ jid, err }, 'Failed to post intro message');
+      }
+
+      // If the group is already claimed (bot re-added), don't generate a new token
+      if (existing?.tenantId) {
+        logger.info({ jid, groupId: group.id, tenantId: existing.tenantId }, 'Group already claimed — skipping token');
+        continue;
+      }
+
+      // Find superadmin (the group creator)
+      const superadmin = meta.participants?.find((p: any) => p.admin === 'superadmin');
+      if (!superadmin) {
+        logger.warn({ jid, groupId: group.id }, 'No superadmin found in group metadata — cannot send claim link');
+        continue;
+      }
+
+      // Generate claim token
+      const token = randomBytes(32).toString('hex');
+      await prisma.groupClaimToken.create({
+        data: {
+          groupId: group.id,
+          token,
+          creatorJid: superadmin.id,
+          expiresAt: new Date(Date.now() + TOKEN_TTL_MS),
+        },
+      });
+
+      // DM the superadmin
+      try {
+        await pool.sendMessage(accountId, superadmin.id, CLAIM_DM(meta.subject, token));
+        logger.info({ jid, groupId: group.id, superadminJid: superadmin.id }, 'Claim link DM sent');
+      } catch (err) {
+        logger.warn({ jid, superadminJid: superadmin.id, err }, 'Failed to DM claim link to superadmin');
+      }
+
+      // Audit event
+      const auditTenantId = await firstTenantId(prisma);
+      await prisma.auditEvent
+        .create({
+          data: {
+            tenantId: auditTenantId ?? 'system',
+            actorType: 'SYSTEM',
+            action: 'GROUP_CLAIM_TOKEN_SENT',
+            resourceType: 'Group',
+            resourceId: group.id,
+            payload: { jid, name: meta.subject, superadminJid: superadmin.id },
+          },
+        })
+        .catch((err: unknown) => logger.warn({ err }, 'Failed to write GROUP_CLAIM_TOKEN_SENT audit event'));
+    }
+  }
+
+  // --- Detect removed groups ------------------------------------------------
+  const currentJids = new Set(Object.keys(groups));
+  const activeDbGroups = await prisma.group.findMany({
+    where: { accountId, isActive: true },
+    select: { id: true, platformId: true, tenantId: true, name: true },
+  });
+
+  const removedGroups = activeDbGroups.filter((g: any) => !currentJids.has(g.platformId));
+  for (const g of removedGroups) {
+    logger.info({ groupId: g.id, name: g.name, platformId: g.platformId }, 'Bot removed from group');
+    await prisma.group.update({ where: { id: g.id }, data: { isActive: false } });
+    await prisma.auditEvent
+      .create({
+        data: {
+          tenantId: g.tenantId ?? (await firstTenantId(prisma)) ?? 'system',
+          actorType: 'SYSTEM',
+          action: 'GROUP_BOT_REMOVED',
+          resourceType: 'Group',
+          resourceId: g.id,
+          payload: { name: g.name, platformId: g.platformId },
+        },
+      })
+      .catch((err: unknown) => logger.warn({ err }, 'Failed to write GROUP_BOT_REMOVED audit event'));
+  }
+
+  // --- Detect re-added groups -----------------------------------------------
+  const inactiveDbGroups = await prisma.group.findMany({
+    where: { accountId, isActive: false },
+    select: { id: true, platformId: true, tenantId: true, name: true },
+  });
+
+  const reAddedGroups = inactiveDbGroups.filter((g: any) => currentJids.has(g.platformId));
+  for (const g of reAddedGroups) {
+    logger.info({ groupId: g.id, name: g.name, platformId: g.platformId }, 'Bot re-added to group');
+    await prisma.group.update({ where: { id: g.id }, data: { isActive: true } });
+    await prisma.auditEvent
+      .create({
+        data: {
+          tenantId: g.tenantId ?? (await firstTenantId(prisma)) ?? 'system',
+          actorType: 'SYSTEM',
+          action: 'GROUP_BOT_RE_ADDED',
+          resourceType: 'Group',
+          resourceId: g.id,
+          payload: { name: g.name, platformId: g.platformId },
+        },
+      })
+      .catch((err: unknown) => logger.warn({ err }, 'Failed to write GROUP_BOT_RE_ADDED audit event'));
   }
 
   logger.info({ count: jidToDbId.size, accountId }, 'Groups synced');
   return jidToDbId;
 }
+
+async function firstTenantId(prisma: any): Promise<string | null> {
+  const t = await prisma.tenant.findFirst({ select: { id: true } });
+  return t?.id ?? null;
+}
diff --git a/apps/worker/src/whatsapp/match-rules.test.ts b/apps/worker/src/whatsapp/match-rules.test.ts
new file mode 100644
index 0000000..ec611db
--- /dev/null
+++ b/apps/worker/src/whatsapp/match-rules.test.ts
@@ -0,0 +1,103 @@
+import { matchContentRules, matchReactionRules, TenantRuleRow } from './match-rules';
+
+const makeRule = (overrides: Partial<TenantRuleRow> = {}): TenantRuleRow => ({
+  id: 'r1',
+  matchType: 'HASHTAG',
+  matchValue: '#gooo',
+  action: 'FLAG',
+  priority: 0,
+  ...overrides,
+});
+
+describe('matchContentRules', () => {
+  it('matches hashtag at start of message', () => {
+    const result = matchContentRules('#gooo hello', [makeRule()]);
+    expect(result.tags).toContain('#gooo');
+    expect(result.effectiveAction).toBe('FLAG');
+  });
+
+  it('matches hashtag in middle of message', () => {
+    const result = matchContentRules('hello #gooo world', [makeRule()]);
+    expect(result.tags).toContain('#gooo');
+  });
+
+  it('matches hashtag at end of message', () => {
+    const result = matchContentRules('hello #gooo', [makeRule()]);
+    expect(result.tags).toContain('#gooo');
+  });
+
+  it('matches hashtag with punctuation after', () => {
+    const result = matchContentRules('check #gooo, please', [makeRule()]);
+    expect(result.tags).toContain('#gooo');
+  });
+
+  it('does not match hashtag as part of another word', () => {
+    const result = matchContentRules('this is #goooogle', [makeRule()]);
+    expect(result.tags).not.toContain('#gooo');
+  });
+
+  it('does not match hashtag attached to preceding text', () => {
+    const result = matchContentRules('foo#gooo bar', [makeRule()]);
+    expect(result.tags).not.toContain('#gooo');
+  });
+
+  it('matches PREFIX rule when text starts with prefix', () => {
+    const result = matchContentRules('/tower help', [
+      makeRule({ matchType: 'PREFIX', matchValue: '/tower', action: 'FLAG' }),
+    ]);
+    expect(result.tags).toContain('/tower...');
+  });
+
+  it('does not match PREFIX when text does not start with it', () => {
+    const result = matchContentRules('do /tower help', [
+      makeRule({ matchType: 'PREFIX', matchValue: '/tower', action: 'FLAG' }),
+    ]);
+    expect(result.tags).toEqual([]);
+  });
+
+  it('returns no matches when no rules match', () => {
+    const result = matchContentRules('hello world', [makeRule()]);
+    expect(result.tags).toEqual([]);
+    expect(result.effectiveAction).toBeNull();
+  });
+
+  it('SKIP takes precedence over FLAG', () => {
+    const result = matchContentRules('#gooo event', [
+      makeRule({ matchValue: '#gooo', action: 'FLAG', priority: 0 }),
+      makeRule({ id: 'r2', matchValue: '#gooo', action: 'SKIP', priority: 1, matchType: 'HASHTAG' }),
+    ]);
+    expect(result.effectiveAction).toBe('SKIP');
+  });
+
+  it('REJECT takes precedence over AUTO_APPROVE', () => {
+    const result = matchContentRules('#gooo event', [
+      makeRule({ matchValue: '#gooo', action: 'AUTO_APPROVE', priority: 0 }),
+      makeRule({ id: 'r2', matchValue: '#gooo', action: 'REJECT', priority: 1, matchType: 'HASHTAG' }),
+    ]);
+    expect(result.effectiveAction).toBe('REJECT');
+  });
+
+  it('AUTO_APPROVE takes precedence over FLAG', () => {
+    const result = matchContentRules('#gooo event', [
+      makeRule({ matchValue: '#gooo', action: 'FLAG', priority: 0 }),
+      makeRule({ id: 'r2', matchValue: '#gooo', action: 'AUTO_APPROVE', priority: 1, matchType: 'HASHTAG' }),
+    ]);
+    expect(result.effectiveAction).toBe('AUTO_APPROVE');
+  });
+});
+
+describe('matchReactionRules', () => {
+  it('matches reaction emoji', () => {
+    const result = matchReactionRules('⭐', [
+      makeRule({ matchType: 'REACTION_EMOJI', matchValue: '⭐', action: 'AUTO_APPROVE' }),
+    ]);
+    expect(result).toEqual({ action: 'AUTO_APPROVE' });
+  });
+
+  it('returns null when no reaction rule matches', () => {
+    const result = matchReactionRules('👍', [
+      makeRule({ matchType: 'REACTION_EMOJI', matchValue: '⭐', action: 'AUTO_APPROVE' }),
+    ]);
+    expect(result).toBeNull();
+  });
+});
diff --git a/apps/worker/src/whatsapp/match-rules.ts b/apps/worker/src/whatsapp/match-rules.ts
new file mode 100644
index 0000000..8866ca4
--- /dev/null
+++ b/apps/worker/src/whatsapp/match-rules.ts
@@ -0,0 +1,109 @@
+/**
+ * DB-driven rule matching — replaces the old hardcoded tag-detector.ts.
+ * Loads active TenantRule rows from the DB and matches them against
+ * message content (for HASHTAG / PREFIX rules) or reaction emoji (for REACTION_EMOJI rules).
+ */
+
+export interface TenantRuleRow {
+  id: string;
+  matchType: 'HASHTAG' | 'PREFIX' | 'REACTION_EMOJI';
+  matchValue: string;
+  action: 'FLAG' | 'AUTO_APPROVE' | 'SKIP' | 'REJECT';
+  priority: number;
+}
+
+export interface MatchResult {
+  tags: string[];
+  effectiveAction: 'FLAG' | 'AUTO_APPROVE' | 'SKIP' | 'REJECT' | null;
+}
+
+/**
+ * Match message content against a set of HASHTAG and PREFIX rules.
+ * Returns detected tags and the most important effective action.
+ * SKIP and REJECT take precedence over AUTO_APPROVE and FLAG.
+ * Within the same precedence tier, the highest priority (lowest number) wins.
+ */
+export function matchContentRules(
+  text: string,
+  rules: TenantRuleRow[],
+): MatchResult {
+  const tags: string[] = [];
+  const relevantRules = rules.filter(
+    (r) => r.matchType === 'HASHTAG' || r.matchType === 'PREFIX',
+  );
+
+  let effectiveAction: MatchResult['effectiveAction'] = null;
+
+  // Action precedence: SKIP > REJECT > AUTO_APPROVE > FLAG
+  const actionRank: Record<string, number> = {
+    SKIP: 4,
+    REJECT: 3,
+    AUTO_APPROVE: 2,
+    FLAG: 1,
+  };
+
+  for (const rule of relevantRules) {
+    let matched = false;
+
+    if (rule.matchType === 'HASHTAG') {
+      // Match the hashtag as a standalone token.
+      // `\b` doesn't work here because `#` is a non-word character,
+      // so `\b#gooo` fails at the start of a message. Use `(?:^|\W)`
+      // to allow start-of-string or a non-word char before the hashtag.
+      const escaped = escapeRegex(rule.matchValue);
+      const pattern = new RegExp(`(?:^|\\W)${escaped}(?:$|\\W)`, 'i');
+      if (pattern.test(text)) {
+        tags.push(rule.matchValue);
+        matched = true;
+      }
+    } else if (rule.matchType === 'PREFIX') {
+      // Match if text starts with the prefix
+      if (text.trimStart().startsWith(rule.matchValue)) {
+        tags.push(`${rule.matchValue}...`);
+        matched = true;
+      }
+    }
+
+    if (matched) {
+      const rank = actionRank[rule.action] ?? 0;
+      const currentRank = effectiveAction ? (actionRank[effectiveAction] ?? 0) : 0;
+      if (rank > currentRank) {
+        effectiveAction = rule.action;
+      }
+    }
+  }
+
+  return { tags, effectiveAction };
+}
+
+/**
+ * Match a reaction emoji against REACTION_EMOJI rules.
+ * Returns the first matching rule action, or null.
+ */
+/**
+ * Strip Unicode variation selectors (U+FE0F–U+FE0F) and other
+ * formatting codepoints that can differ between platforms.
+ */
+function stripVariationSelectors(s: string): string {
+  return [...s].filter((c) => c.codePointAt(0) !== 0xfe0f).join('');
+}
+
+export function matchReactionRules(
+  emoji: string,
+  rules: TenantRuleRow[],
+): { action: 'FLAG' | 'AUTO_APPROVE' | 'SKIP' | 'REJECT' } | null {
+  const reactionRules = rules.filter((r) => r.matchType === 'REACTION_EMOJI');
+  const cleanEmoji = stripVariationSelectors(emoji);
+
+  for (const rule of reactionRules) {
+    if (cleanEmoji === stripVariationSelectors(rule.matchValue)) {
+      return { action: rule.action };
+    }
+  }
+
+  return null;
+}
+
+function escapeRegex(str: string): string {
+  return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
diff --git a/apps/worker/src/whatsapp/normalizer.ts b/apps/worker/src/whatsapp/normalizer.ts
index 902923d..57676b9 100644
--- a/apps/worker/src/whatsapp/normalizer.ts
+++ b/apps/worker/src/whatsapp/normalizer.ts
@@ -46,6 +46,7 @@ export function normalizeMessage(
 export function normalizeReaction(
   msg: proto.IWebMessageInfo,
   accountId: string,
+  selfJid?: string,
 ): NormalizedReaction | null {
   const key = msg.key;
   if (!key) return null;
@@ -53,8 +54,7 @@ export function normalizeReaction(
   const remoteJid = key.remoteJid ?? '';
   // only group messages (group JIDs end with @g.us)
   if (!remoteJid.endsWith('@g.us')) return null;
-  // skip our own outgoing messages
-  if (key.fromMe) return null;
+  // Allow fromMe reactions — admin may star from the connected account
 
   const reaction = msg.message?.reactionMessage;
   if (!reaction) return null;
@@ -62,8 +62,8 @@ export function normalizeReaction(
   const targetMsgId = reaction.key?.id;
   if (!targetMsgId) return null;
 
-  // Ensure reactorJid is not empty (group message must have a participant)
-  const reactorJid = key.participant;
+  // For fromMe reactions Baileys uses LID internally; use selfJid (PN format) to match TOWER_ADMIN_JIDS
+  const reactorJid = key.fromMe ? (selfJid ?? key.participant) : key.participant;
   if (!reactorJid) return null;
 
   return {
diff --git a/apps/worker/src/whatsapp/otp-sender.ts b/apps/worker/src/whatsapp/otp-sender.ts
new file mode 100644
index 0000000..35f5008
--- /dev/null
+++ b/apps/worker/src/whatsapp/otp-sender.ts
@@ -0,0 +1,57 @@
+import { WhatsAppSessionPool } from './session-pool';
+import { createLogger } from '@tower/logger';
+
+const POLL_INTERVAL_MS = 5_000;
+const MAX_ATTEMPTS = 3;
+
+const OTP_MESSAGE = (code: string): string =>
+  `Your TOWER verification code is ${code}. It expires in 5 minutes. Reply STOP to opt out.`;
+
+export function startOtpSenderLoop(
+  prisma: any,
+  pool: WhatsAppSessionPool,
+  logger: ReturnType<typeof createLogger>,
+): void {
+  let running = false;
+
+  const tick = async (): Promise<void> => {
+    if (running) return;
+    running = true;
+    try {
+      const pending = await prisma.otpChallenge.findMany({
+        where: { sentAt: null, expiresAt: { gt: new Date() } },
+        orderBy: { createdAt: 'asc' },
+        take: 10,
+      });
+      for (const challenge of pending) {
+        const accounts = await prisma.account.findMany({
+          where: { isBot: true, status: 'ACTIVE' },
+          select: { id: true },
+        });
+        if (accounts.length === 0) {
+          logger.warn({ challengeId: challenge.id }, 'No active bot — OTP delivery deferred');
+          continue;
+        }
+        const account = accounts[0];
+        try {
+          await pool.sendMessage(account.id, challenge.jid, OTP_MESSAGE(challenge.code));
+          await prisma.otpChallenge.update({
+            where: { id: challenge.id },
+            data: { sentAt: new Date() },
+          });
+          logger.info({ challengeId: challenge.id, jid: challenge.jid }, 'OTP sent');
+        } catch (err) {
+          logger.error({ err, challengeId: challenge.id }, 'Failed to send OTP');
+        }
+      }
+    } catch (err) {
+      logger.error({ err }, 'otp-sender tick failed');
+    } finally {
+      running = false;
+    }
+  };
+
+  setTimeout(() => void tick(), 3_000);
+  setInterval(() => void tick(), POLL_INTERVAL_MS);
+  logger.info(`otp-sender loop scheduled (every ${POLL_INTERVAL_MS / 1000}s)`);
+}
diff --git a/apps/worker/src/whatsapp/session.ts b/apps/worker/src/whatsapp/session.ts
index b1e2cdd..e835369 100644
--- a/apps/worker/src/whatsapp/session.ts
+++ b/apps/worker/src/whatsapp/session.ts
@@ -37,7 +37,7 @@ export async function createWhatsAppSession(
     version,
     auth: state,
     printQRInTerminal: false,
-    logger: logger as any,
+    logger: { level: 'silent', trace: () => {}, debug: () => {}, info: () => {}, warn: () => {}, error: () => {}, fatal: () => {}, child: () => ({ level: 'silent', trace: () => {}, debug: () => {}, info: () => {}, warn: () => {}, error: () => {}, fatal: () => {}, child: () => ({} as any) }) } as any,
   });
 
   sock.ev.on('creds.update', saveCreds);
@@ -91,10 +91,11 @@ export async function createWhatsAppSession(
   });
 
   sock.ev.on('messages.upsert', ({ messages, type }) => {
+    logger.info({ type, count: messages.length }, 'messages.upsert received');
     if (type !== 'notify') return;
     for (const msg of messages) {
       if (msg.message?.reactionMessage) {
-        const reaction = normalizeReaction(msg, accountId);
+        const reaction = normalizeReaction(msg, accountId, sock.user?.id);
         if (reaction) {
           void Promise.resolve(onReaction(reaction)).catch((err) =>
             logger.error({ err }, 'Error processing reaction'),
diff --git a/backups/phase2b-pre-20260604T160707Z.sql b/backups/phase2b-pre-20260604T160707Z.sql
new file mode 100644
index 0000000..0eefe55
--- /dev/null
+++ b/backups/phase2b-pre-20260604T160707Z.sql
@@ -0,0 +1,319 @@
+--
+-- PostgreSQL database dump
+--
+
+\restrict IirtrUcG6cYkagSJO1iPjb4tmnvXR7Zp0YeDWGaP17VSpqXMw7sP520vA1uA4QT
+
+-- Dumped from database version 17.10
+-- Dumped by pg_dump version 18.1
+
+SET statement_timeout = 0;
+SET lock_timeout = 0;
+SET idle_in_transaction_session_timeout = 0;
+SET transaction_timeout = 0;
+SET client_encoding = 'UTF8';
+SET standard_conforming_strings = on;
+SELECT pg_catalog.set_config('search_path', '', false);
+SET check_function_bodies = false;
+SET xmloption = content;
+SET client_min_messages = warning;
+SET row_security = off;
+
+--
+-- Data for Name: Account; Type: TABLE DATA; Schema: public; Owner: -
+--
+
+INSERT INTO public."Account" VALUES ('cmpyeuxg9000joie6pdh4q6tn', 'whatsapp', '917991186361:52@s.whatsapp.net', './sessions/1c28dee9-42bf-424c-b004-2c58be22807a', 'bot 1', 'ACTIVE', '2026-06-03 18:39:36.153', '2026-06-04 15:37:31.898', NULL, 'default');
+
+
+--
+-- Data for Name: Group; Type: TABLE DATA; Schema: public; Owner: -
+--
+
+INSERT INTO public."Group" VALUES ('cmpyex4t00011oi4agsizlyet', 'whatsapp', '120363091621625330@g.us', 'Ghost themes and other stuffs', NULL, true, '2026-06-03 18:41:18.996', '2026-06-04 15:37:34.447', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4t80015oi4alhx7g099', 'whatsapp', '120363361923692164@g.us', 'Badminton ', NULL, true, '2026-06-03 18:41:19.004', '2026-06-04 15:37:34.453', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4tg0019oi4a7w8eacnm', 'whatsapp', '120363166637164226@g.us', 'SIH Trial ', 'Mental health and well-being surveillance, assessment and tracking solution among children.', true, '2026-06-03 18:41:19.012', '2026-06-04 15:37:34.461', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4tk001boi4a29py1s5i', 'whatsapp', '120363147210272115@g.us', 'Software Engg. Practical', NULL, true, '2026-06-03 18:41:19.016', '2026-06-04 15:37:34.465', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4tt001foi4aomdtbfqx', 'whatsapp', '120363145678835102@g.us', 'Black Moon(Status code 0)', NULL, true, '2026-06-03 18:41:19.025', '2026-06-04 15:37:34.472', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4u2001joi4a8ugk3yzi', 'whatsapp', '120363082158265074@g.us', 'Newtown chats', NULL, true, '2026-06-03 18:41:19.034', '2026-06-04 15:37:34.479', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4uc001noi4aox909hjw', 'whatsapp', '120363409544933614@g.us', 'Frontend team', NULL, true, '2026-06-03 18:41:19.044', '2026-06-04 15:37:34.485', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4uj001roi4aaeprhj17', 'whatsapp', '120363025055847943@g.us', 'PES (IT DEPARTMENT)', NULL, true, '2026-06-03 18:41:19.052', '2026-06-04 15:37:34.493', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4qe0003oi4a8i6jvd9a', 'whatsapp', '120363419994057575@g.us', 'GCCD 2024', 'Hi everyone! This community is for consolidating the groups of GCCD 2024', true, '2026-06-03 18:41:18.903', '2026-06-04 15:37:34.365', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4qv0005oi4ai622f59j', 'whatsapp', '120363405418436958@g.us', 'GetOnGlobal – Student Jobs & Internships Community', 'This group is created to share verified job and internship opportunities for students and fresh graduates via GetOnGlobal.
+
+🔹 Roles across Tech, Marketing, Business, HR, Operations, Content & more
+🔹 Opportunities sourced from companies and consolidated from platforms like LinkedIn, Naukri & Indeed ,  in one place
+🔹 Only genuine, student-relevant openings
+🔹 Free to apply,  no consultancies or agents
+
+📌 Group Guidelines
+
+This is an information-only group
+
+No spam, promotions, or irrelevant messages
+
+Job updates and important announcements only
+
+🌐 Login and Explore more opportunities: https://getonglobal.com/login', true, '2026-06-03 18:41:18.919', '2026-06-04 15:37:34.371', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4r70007oi4awre7kb6w', 'whatsapp', '120363316815908381@g.us', '2x Your Tech Salary!', 'career growth anonymous ama: https://forms.gle/wyQzq6VEDPUjKXvUA', true, '2026-06-03 18:41:18.932', '2026-06-04 15:37:34.377', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4rb0009oi4afuhoim9i', 'whatsapp', '120363046525525646@g.us', 'Flutter Kolkata', 'LinkedIn: https://www.linkedin.com/company/flutter-kolkata/
+Twitter: https://twitter.com/flutterkolkata
+Meetup: https://www.meetup.com/flutter-kolkata/', true, '2026-06-03 18:41:18.936', '2026-06-04 15:37:34.382', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4rh000boi4a0si32avj', 'whatsapp', '120363028115545670@g.us', 'GDG TINT', '✨ Welcome to GDG TINT – Official Community! ✨
+
+This is where our Google Developer Group comes alive 🚀.
+📢 Get updates on upcoming events, registrations & workshops.
+🎁 Swags, 🏅 Certificates & 💡 endless learning opportunities.
+🤝 Connect, collaborate & grow with like-minded innovators.
+
+👉 Stay active, stay curious — the journey starts from here!', true, '2026-06-03 18:41:18.942', '2026-06-04 15:37:34.387', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4rl000doi4a0ebawjak', 'whatsapp', '120363421697588133@g.us', '🤝', NULL, true, '2026-06-03 18:41:18.946', '2026-06-04 15:37:34.392', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4rp000foi4ae1jqmyo5', 'whatsapp', '917991186361-1602734655@g.us', 'Hello', NULL, true, '2026-06-03 18:41:18.95', '2026-06-04 15:37:34.399', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4rt000hoi4aee57z5bs', 'whatsapp', '120363036603589801@g.us', 'GDSC TINT', 'Google developer student club (Techno International New Town)', true, '2026-06-03 18:41:18.954', '2026-06-04 15:37:34.404', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4rw000joi4au1dxokdx', 'whatsapp', '917991186361-1599906899@g.us', 'Notes', NULL, true, '2026-06-03 18:41:18.957', '2026-06-04 15:37:34.409', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4s1000loi4at4f4gn59', 'whatsapp', '120363304047844813@g.us', 'Groww ', NULL, true, '2026-06-03 18:41:18.961', '2026-06-04 15:37:34.413', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4s6000noi4a1e4zgvho', 'whatsapp', '120363078924145528@g.us', 'Bio project 4th sem', 'Evolution merits and demerits of four kingdom classification system', true, '2026-06-03 18:41:18.966', '2026-06-04 15:37:34.419', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4sb000poi4agj4u504t', 'whatsapp', '120363425930536990@g.us', 'Test', NULL, true, '2026-06-03 18:41:18.971', '2026-06-04 15:37:34.424', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4sf000roi4ar8hh9t2g', 'whatsapp', '120363421516033542@g.us', 'Badminton', NULL, true, '2026-06-03 18:41:18.976', '2026-06-04 15:37:34.428', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4sk000toi4awf9oru12', 'whatsapp', '120363040646143584@g.us', 'Temp Group', NULL, true, '2026-06-03 18:41:18.98', '2026-06-04 15:37:34.432', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4sn000voi4apo1tlxul', 'whatsapp', '917667219914-1620970092@g.us', 'BILLIONAIRE 💸🤑', NULL, true, '2026-06-03 18:41:18.984', '2026-06-04 15:37:34.437', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4sr000xoi4a3xg3x1pc', 'whatsapp', '120363040957438115@g.us', 'Ghost busters', NULL, true, '2026-06-03 18:41:18.988', '2026-06-04 15:37:34.44', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4sv000zoi4aymxy653c', 'whatsapp', '120363362120782803@g.us', 'Website SHA-SIB', NULL, true, '2026-06-03 18:41:18.992', '2026-06-04 15:37:34.443', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4t40013oi4a44cvfalg', 'whatsapp', '120363299087048686@g.us', 'Cure India', NULL, true, '2026-06-03 18:41:19', '2026-06-04 15:37:34.451', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4tc0017oi4ar7b7n16b', 'whatsapp', '120363027735137241@g.us', 'Coding at 8:00 PM ', NULL, true, '2026-06-03 18:41:19.008', '2026-06-04 15:37:34.457', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4to001doi4aee3kbc3o', 'whatsapp', '120363023952184318@g.us', 'Roleplay English lab', NULL, true, '2026-06-03 18:41:19.021', '2026-06-04 15:37:34.468', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4tx001hoi4azvf3sszu', 'whatsapp', '120363225243281416@g.us', 'Final year project 2k25', NULL, true, '2026-06-03 18:41:19.03', '2026-06-04 15:37:34.476', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4u7001loi4aml3xz4nx', 'whatsapp', '917991186361-1542385862@g.us', 'Champions FC🏆🏆', NULL, true, '2026-06-03 18:41:19.039', '2026-06-04 15:37:34.483', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4uf001poi4a6wcxst66', 'whatsapp', '120363425512461112@g.us', 'Last Picnic : 2025', NULL, true, '2026-06-03 18:41:19.047', '2026-06-04 15:37:34.489', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4uo001toi4apja3xvnh', 'whatsapp', '120363404757646832@g.us', 'Kolkata Alumni Group', NULL, true, '2026-06-03 18:41:19.056', '2026-06-04 15:37:34.496', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4w2002noi4a56mummy0', 'whatsapp', '120363403208352516@g.us', 'Indoor Badminton', NULL, true, '2026-06-03 18:41:19.107', '2026-06-04 15:37:34.537', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4w5002poi4aa1zp0goq', 'whatsapp', '120363426335640528@g.us', 'Trippppppp 2026🥳☠️', NULL, true, '2026-06-03 18:41:19.109', '2026-06-04 15:37:34.539', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4w7002roi4aalczafbf', 'whatsapp', '120363405219530495@g.us', 'Frontend Architecture', NULL, true, '2026-06-03 18:41:19.112', '2026-06-04 15:37:34.542', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wa002toi4a6s9tfdc9', 'whatsapp', '120363421909745460@g.us', 'Vigilante (nights watch)', NULL, true, '2026-06-03 18:41:19.114', '2026-06-04 15:37:34.544', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wc002voi4a87m62hxt', 'whatsapp', '120363040554039206@g.us', 'IT 91-117( MAR & MOOCs)', NULL, true, '2026-06-03 18:41:19.116', '2026-06-04 15:37:34.547', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4we002xoi4ar0wzs6rd', 'whatsapp', '120363296509388526@g.us', 'Bonfire cashback ', NULL, true, '2026-06-03 18:41:19.118', '2026-06-04 15:37:34.55', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wf002zoi4amus3o1yo', 'whatsapp', '919709543186-1592561406@g.us', 'JFC ( jalwabad ⚽ club )🏅🏆', NULL, true, '2026-06-03 18:41:19.12', '2026-06-04 15:37:34.553', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wh0031oi4a2kyx81ku', 'whatsapp', '918372931099-1632713760@g.us', 'IT~SEC-B {Gr-B}×(90-120+)', 'You Can''t able see the Group Description', true, '2026-06-03 18:41:19.122', '2026-06-04 15:37:34.556', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wj0033oi4aayhpd8ml', 'whatsapp', '120363029459299752@g.us', 'Favor Talk', 'https://chat.whatsapp.com/I20Uxv9c7uJ72u76EkRqbh', true, '2026-06-03 18:41:19.123', '2026-06-04 15:37:34.558', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wl0035oi4an9txx0ho', 'whatsapp', '120363241166896279@g.us', 'GCCD 2024 - Volunteers', 'Gallery: https://photos.app.goo.gl/qJsgfvTcwVjVmgZN8', true, '2026-06-03 18:41:19.125', '2026-06-04 15:37:34.562', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wm0037oi4a7a3f46e0', 'whatsapp', '120363418215294345@g.us', 'GCCD 2024', 'Hi everyone! This community is for consolidating the groups of GCCD 2024', true, '2026-06-03 18:41:19.127', '2026-06-04 15:37:34.564', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wo0039oi4adnihcta8', 'whatsapp', '120363040006122845@g.us', 'Section B grp B', NULL, true, '2026-06-03 18:41:19.128', '2026-06-04 15:37:34.566', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wq003boi4aib8gcfr5', 'whatsapp', '120363215496516107@g.us', '(BYT) players⚽', NULL, true, '2026-06-03 18:41:19.13', '2026-06-04 15:37:34.569', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wr003doi4atxywd1xg', 'whatsapp', '120363040875673509@g.us', 'Scared to Compile', NULL, true, '2026-06-03 18:41:19.132', '2026-06-04 15:37:34.573', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wt003foi4af3ffciw8', 'whatsapp', '919831648328-1633427796@g.us', 'ESEE-101_IT Sec-B', NULL, true, '2026-06-03 18:41:19.134', '2026-06-04 15:37:34.576', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wv003hoi4ayu21koer', 'whatsapp', '120363147549214249@g.us', 'Announcements: Team GCCD Kol 2023', NULL, true, '2026-06-03 18:41:19.135', '2026-06-04 15:37:34.579', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wx003joi4ai5177r1p', 'whatsapp', '120363418024300654@g.us', 'Smart Traders', 'Join our community of traders using technical analysis and charts to navigate the markets! We share insights, strategies, and grow together.', true, '2026-06-03 18:41:19.137', '2026-06-04 15:37:34.582', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4wz003loi4a7h87bf7o', 'whatsapp', '120363053461427064@g.us', 'Biology_IT2', 'https://drive.google.com/drive/folders/1j0IIxwxXDWWUPmtMw2VAUDnFZs-BZOp-?usp=sharing
+For biology notes', true, '2026-06-03 18:41:19.14', '2026-06-04 15:37:34.585', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4x1003noi4a6qwopw75', 'whatsapp', '120363030674740428@g.us', 'Team CCD Kol 2023', 'Join our discord server: https://discord.gg/XmMcWw88wG
+
+Assets: bit.ly/ccdkol-drive
+Calendar: bit.ly/ccdkol-calendar
+Ideas: bit.ly/ccdkol-ideas
+
+Site: https://gdgcloud.kolkata.dev/ccd2023/
+
+------ For Promotion -----
+Hi all! 👋🏻
+
+The Early Bird tickets for GCCD Kolkata 2023 are selling on our website - https://gdgcloud.kolkata.dev/ccd2023/
+
+Do grab this limited time offer to be a part of the largest GDG event of India 🙌🏻', true, '2026-06-03 18:41:19.142', '2026-06-04 15:37:34.589', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4x4003poi4a0mrqwxid', 'whatsapp', '120363147415708960@g.us', 'HSMC 501( IT 2 5th sem) room no. 512', NULL, true, '2026-06-03 18:41:19.144', '2026-06-04 15:37:34.591', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4yz0053oi4acadwjd9x', 'whatsapp', '120363307557973980@g.us', 'AHMAD ISLAMIC SHOP 🛍️🖊️📖', 'All islamic items 
+Books Topi tasbeeh jainamaz Imamah dastarkhan atar surma miswak kurta deeniyat bag
+Naqab hijab stole namazi dupatta nosepiece hand gloves hijab cap 
+Islamic frames and ect...
+available in AHMAD ISLAMIC SHOP 🛍️🛍️🛍️ JALWABAD KODERMA.....', true, '2026-06-03 18:41:19.212', '2026-06-04 15:37:34.672', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4us001voi4ad4g04gh9', 'whatsapp', '120363025552200286@g.us', 'IT 2nd YEAR Football TEAM', NULL, true, '2026-06-03 18:41:19.06', '2026-06-04 15:37:34.498', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4uy001xoi4akkmpi19q', 'whatsapp', '120363041015742302@g.us', 'Programming Family', NULL, true, '2026-06-03 18:41:19.067', '2026-06-04 15:37:34.502', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4v1001zoi4avk0c1rlp', 'whatsapp', '918822941338-1504768869@g.us', 'CHAMPIONS 24/25', 'YNWA', true, '2026-06-03 18:41:19.07', '2026-06-04 15:37:34.504', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4v90023oi4aab8tky4o', 'whatsapp', '120363043213339962@g.us', 'Football in the evening', NULL, true, '2026-06-03 18:41:19.077', '2026-06-04 15:37:34.509', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4vc0025oi4aqor19pnl', 'whatsapp', '120363419711088937@g.us', 'Badminton Group', NULL, true, '2026-06-03 18:41:19.081', '2026-06-04 15:37:34.511', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4vg0027oi4adi1ler8g', 'whatsapp', '120363190036428682@g.us', 'Swing trading group', 'No buy and sell recommendations, apna research karo aur paisa dalo', true, '2026-06-03 18:41:19.084', '2026-06-04 15:37:34.514', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4vj0029oi4ag15uhnob', 'whatsapp', '120363423949147374@g.us', 'SmartTraders', NULL, true, '2026-06-03 18:41:19.088', '2026-06-04 15:37:34.516', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4vm002boi4aeu05s64q', 'whatsapp', '120363186126252211@g.us', 'attendance grp', NULL, true, '2026-06-03 18:41:19.09', '2026-06-04 15:37:34.52', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4vp002doi4awqxd0g8t', 'whatsapp', '120363152038989582@g.us', 'GDSC TINT CORE FAMILY ', NULL, true, '2026-06-03 18:41:19.093', '2026-06-04 15:37:34.524', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4vr002foi4a6i4f9vmb', 'whatsapp', '120363047091467792@g.us', 'GCCDKol23 Tech Team', 'Tracker : https://docs.google.com/spreadsheets/d/1Ykvb7jNSg9yHb-UxuMbxwHiBzJ0LdXv9XMN6XVFVTqE/edit?usp=share_link
+Assets: https://drive.google.com/drive/folders/1a-AKCerRqlxWDvVCfI15IPgZn8lDhL3-?usp=share_link', true, '2026-06-03 18:41:19.096', '2026-06-04 15:37:34.527', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4vx002joi4a4au0rz6t', 'whatsapp', '120363300447195016@g.us', 'Cricket group jalwabad ', NULL, true, '2026-06-03 18:41:19.101', '2026-06-04 15:37:34.532', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4w0002loi4a88g8s8zh', 'whatsapp', '916202741771-1614420259@g.us', 'Volleyball group 🏐🏐🏐', 'Lets play 🏐', true, '2026-06-03 18:41:19.104', '2026-06-04 15:37:34.534', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4y3004hoi4ahecnd1a0', 'whatsapp', '916291921472-1630224681@g.us', 'IT 2nd Yr 21-25 [Zombie]', NULL, true, '2026-06-03 18:41:19.18', '2026-06-04 15:37:34.632', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4y6004joi4al6sl1ea0', 'whatsapp', '919836783659-1633320903@g.us', 'IT PCC CS 401 2023', 'https://drive.google.com/drive/folders/1rlAs-Wj3vtTUszPaFkO2smYoS3u55-RP?usp=sharing', true, '2026-06-03 18:41:19.182', '2026-06-04 15:37:34.635', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4y8004loi4awwcse2x2', 'whatsapp', '120363408028058943@g.us', 'GetOnGlobal – Student Jobs & Internships Community', 'This group is created to share verified job and internship opportunities for students and fresh graduates via GetOnGlobal.
+
+🔹 Roles across Tech, Marketing, Business, HR, Operations, Content & more
+🔹 Opportunities sourced from companies and consolidated from platforms like LinkedIn, Naukri & Indeed ,  in one place
+🔹 Only genuine, student-relevant openings
+🔹 Free to apply,  no consultancies or agents
+
+📌 Group Guidelines
+
+This is an information-only group
+
+No spam, promotions, or irrelevant messages
+
+Job updates and important announcements only
+
+🌐 Login and Explore more opportunities: https://getonglobal.com/login', true, '2026-06-03 18:41:19.185', '2026-06-04 15:37:34.638', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4yb004noi4aszd5j3vj', 'whatsapp', '120363300776568990@g.us', 'IT 2025- Placement', NULL, true, '2026-06-03 18:41:19.188', '2026-06-04 15:37:34.641', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4yi004roi4a5fpk9psx', 'whatsapp', '120363370617329912@g.us', 'RAJA MEN''S WEAR', 'Jisko purchase karna hoga 
+Admin se contact kare ya shop me aye 
+Address --   domchach   bazar rode
+Shop name  --    RAJA MENS WERE', true, '2026-06-03 18:41:19.194', '2026-06-04 15:37:34.647', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4ye004poi4a6hn8rhdj', 'whatsapp', '919547386871-1630685586@g.us', 'IT Gàñg ✌️😎', 'We, the crs and other students are planning for a picnic to be held in the month of December(This is entirely for IT 2nd yr and IT faculty members)
+https://forms.gle/CqoEvFmCJt6Rk5Rx8
+Those who are interested please do fill this form by tonight. All the details regarding venue time and transportation have been provided in the form. 
+We expect Maximum participation from all of u. 
+Thank u!', true, '2026-06-03 18:41:19.191', '2026-06-04 15:37:34.644', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4yk004toi4a71evei30', 'whatsapp', '120363041567264567@g.us', 'IT 21-25 pass out', NULL, true, '2026-06-03 18:41:19.197', '2026-06-04 15:37:34.651', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4yn004voi4a7y8xot3z', 'whatsapp', '120363044280156067@g.us', 'Kullo Yaomin Dars', 'https://youtube.com/@masjidahlehadeestantibagh?si=stb0EgDVtjn-8HyR
+
+https://youtube.com/@SalafiManhajInfo?feature=shared
+
+https://www.facebook.com/salafimanhaj.info?mibextid=avESrC
+
+https://youtube.com/@SalafyFiqhChannel?si=r9eB9NyJrOWwSiio
+
+https://youtube.com/@KOLKATADUROOS?si=J-LnsLeis7pir6V7', true, '2026-06-03 18:41:19.199', '2026-06-04 15:37:34.656', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4yq004xoi4aqskjeeta', 'whatsapp', '120363032274974565@g.us', 'GDSC TINT 2022-26 BATCH', '*Chapter Link- https://gdsc.community.dev/techno-international-new-town-kolkata/*', true, '2026-06-03 18:41:19.202', '2026-06-04 15:37:34.659', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4yt004zoi4arovg0e17', 'whatsapp', '120363046537944466@g.us', 'GDSC TINT 2024 & 2025 Batch', '*Chapter Link- https://gdsc.community.dev/techno-international-new-town-kolkata/*', true, '2026-06-03 18:41:19.206', '2026-06-04 15:37:34.663', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4yw0051oi4abwmq8ggo', 'whatsapp', '918886506452-1391527464@g.us', 'HYDERABAD KOP', 'Proud Supporters of LFC, from Hyderabad 
+
+Facebook: https://www.facebook.com/LFCHYD/
+
+Twitter: 
+https://www.twitter.com/LFCHyderabad/
+
+Instagram: https://www.instagram.com/lfchyderabad/', true, '2026-06-03 18:41:19.209', '2026-06-04 15:37:34.667', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4x8003toi4a1qp29dqr', 'whatsapp', '120363219816095532@g.us', 'ITB 3rd yr Data mining', NULL, true, '2026-06-03 18:41:19.148', '2026-06-04 15:37:34.594', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4xa003voi4awsnsza8y', 'whatsapp', '120363162116192826@g.us', 'OOP IT Section - 2 ', NULL, true, '2026-06-03 18:41:19.151', '2026-06-04 15:37:34.599', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4xd003xoi4atb6q5w37', 'whatsapp', '120363145013908615@g.us', 'IT2 3rd yr..PECIT601B', NULL, true, '2026-06-03 18:41:19.153', '2026-06-04 15:37:34.602', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4xf003zoi4a1g74veze', 'whatsapp', '120363025948895203@g.us', 'IT SecB Official(for CRs)', NULL, true, '2026-06-03 18:41:19.156', '2026-06-04 15:37:34.604', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4xi0041oi4ahfxtiuc5', 'whatsapp', '120363039820394484@g.us', 'IT SecB 21-25', NULL, true, '2026-06-03 18:41:19.158', '2026-06-04 15:37:34.608', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4xk0043oi4akj7rs22o', 'whatsapp', '120363026816739904@g.us', 'Project Management & Entrepreneurship - IT B', NULL, true, '2026-06-03 18:41:19.16', '2026-06-04 15:37:34.61', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4xo0047oi4a195vuw64', 'whatsapp', '916207217274-1632722516@g.us', 'BÏG Légèñds øf sêc B 😎🤟', 'Srijita will not be able to appear for CA4 exam.', true, '2026-06-03 18:41:19.165', '2026-06-04 15:37:34.613', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4xm0045oi4adf0i03qh', 'whatsapp', '120363407823175256@g.us', 'Launch Circle | Founders & Makers 🚀', 'Accurated community for founders makers and product hunt enthusiasts. 
+•Share what you are building. •Get honest feedback before launch.
+• Support each other on Product Hunt 
+• Learn what actually works.
+
+No spam. No noise. Only real builders helping builders.
+Built for people who are serious about launching.', true, '2026-06-03 18:41:19.162', '2026-06-04 15:37:34.616', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4xr0049oi4aiiyi3pzi', 'whatsapp', '120363422997971960@g.us', 'GetonGlobal - Jobs & Internship Opportunities', 'This group is created to share verified job and internship opportunities for students and fresh graduates via GetOnGlobal.
+🔹 Roles across Tech, Marketing, Business, HR, Operations, Content & more
+🔹 Opportunities sourced from companies and consolidated from platforms like LinkedIn, Naukri & Indeed — in one place
+🔹 Only genuine, student-relevant openings
+🔹 Free to apply — no consultancies or agents
+📌 Group Guidelines
+This is an information-only group
+No spam, promotions, or irrelevant messages
+Job updates and important announcements only
+🌐 Login & Explore more opportunities: https://getonglobal.com/login', true, '2026-06-03 18:41:19.167', '2026-06-04 15:37:34.619', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4xt004boi4axn3lom8w', 'whatsapp', '120363149657307975@g.us', 'Kolkata Devs', 'GCCD 23 + KCD 23 + GCCD 24', true, '2026-06-03 18:41:19.169', '2026-06-04 15:37:34.623', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4xw004doi4a7soxwlq7', 'whatsapp', '120363319566506827@g.us', 'TINT IT 2025 Cloud Computing 4th yr', NULL, true, '2026-06-03 18:41:19.172', '2026-06-04 15:37:34.626', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4xz004foi4a5z2zwsq3', 'whatsapp', '120363025469070351@g.us', 'IT_Discrete Math_PCC-CS401', 'IT_Discrete Math_PCC-CS401', true, '2026-06-03 18:41:19.175', '2026-06-04 15:37:34.629', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4z20055oi4a2mvjmq2e', 'whatsapp', '120363045907651579@g.us', 'GDG TINT', 'Google Developer Student Club, is a student run technological community at TINT. Initiated and currently lead by Srinjoy Ghosh (IT ''24), in it''s second session since inception. We focus on a lot of technological domains ranging from web, android development to machine learning, blockchain and new innovations.', true, '2026-06-03 18:41:19.215', '2026-06-04 15:37:34.676', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4q30001oi4a2j2o3evi', 'whatsapp', '120363423608102552@g.us', 'Launch Circle | Founders & Makers 🚀', 'Accurated community for founders makers and product hunt enthusiasts. 
+•Share what you are building. •Get honest feedback before launch.
+• Support each other on Product Hunt 
+• Learn what actually works.
+
+No spam. No noise. Only real builders helping builders.
+Built for people who are serious about launching.
+
+🚀 How to Submit Your Launch
+If you’re launching on Product Hunt:
+Post your launch details in the group "Hunting Zone 🎯"
+Tag an admin
+Use the format below
+We’ll review and share it in the announcement channel 🙌
+Format:
+• Product Name:
+• Tagline:
+• Launch Link:
+• What it does (1–2 lines):
+Note:
+Please engage in the community before submitting 🙌
+
+Submission Rule 🚀
+To get featured in announcements:
+• Be active in the community
+• Support others
+• No spam / low-effort launches
+We prioritize contributors 🙌', true, '2026-06-03 18:41:18.891', '2026-06-04 15:37:34.345', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4v50021oi4aocq87eq1', 'whatsapp', '120363172540111215@g.us', 'Attendance debo na', 'Debjit:"who made this pic ?💀"
+Arnab:"why"', true, '2026-06-03 18:41:19.074', '2026-06-04 15:37:34.506', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4vu002hoi4a1wmp217j', 'whatsapp', '120363275798229147@g.us', 'GCCD 2024 - Web', 'Task Tracker: https://docs.google.com/spreadsheets/d/1pr3sf32ze6Agfw28lDUlIEU6mowa-PErcpstgwjRbjk/edit?usp=sharing
+
+GitHub: https://github.com/gdgcloudkol
+
+CCD24: https://github.com/gdgcloudkol/ccd2024
+
+Figma: https://www.figma.com/file/zWThTpdalD7txb1zunLJYc/GCCD-2024-Design-Team?type=design&node-id=0%3A1&mode=design&t=q54UqpqzjN6fsin3-1', true, '2026-06-03 18:41:19.099', '2026-06-04 15:37:34.53', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4z50057oi4attk9h874', 'whatsapp', '120363149099070324@g.us', 'GDSC TINT', NULL, true, '2026-06-03 18:41:19.218', '2026-06-04 15:37:34.68', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4z90059oi4a8qxykebe', 'whatsapp', '120363408759413814@g.us', 'Team Sajid Hussain (लल्लू भैया) Koderma FC', NULL, true, '2026-06-03 18:41:19.221', '2026-06-04 15:37:34.684', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4zc005boi4a6faffhcu', 'whatsapp', '917778819822-1592455690@g.us', 'Flutter Kolkata', 'LinkedIn: https://www.linkedin.com/company/flutter-kolkata/
+Twitter: https://twitter.com/flutterkolkata
+Meetup: https://www.meetup.com/flutter-kolkata/
+
+Flutter Kolkata - https://chat.whatsapp.com/GlQHgukaqQoBM8xsLvxDEs
+Telegram:- https://t.me/flutterkolkatameetup', true, '2026-06-03 18:41:19.224', '2026-06-04 15:37:34.689', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4x6003roi4a89yaxbto', 'whatsapp', '120363407403128982@g.us', 'Hunting Zone 🎯', '🚀 How to Submit Your Launch
+If you’re launching on Product Hunt:
+Post your launch details here
+Tag an admin
+Use the format below
+We’ll review and share it in the announcement channel 🙌
+Format:
+• Product Name:
+• Tagline:
+• Launch Link:
+• What it does (1–2 lines):
+Note:
+Please engage in the community before submitting 🙌
+
+Submission Rule 🚀
+To get featured in announcements:
+• Be active in the community
+• Support others
+• No spam / low-effort launches
+We prioritize contributors 🙌', true, '2026-06-03 18:41:19.146', '2026-06-04 15:37:34.597', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4ze005doi4axfls7ub1', 'whatsapp', '120363222750751830@g.us', 'TINT 2025 MJ', NULL, true, '2026-06-03 18:41:19.227', '2026-06-04 15:37:34.694', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4zh005foi4a2x4cdjwc', 'whatsapp', '120363047320489722@g.us', 'Flutter Kolkata', 'LinkedIn: https://www.linkedin.com/company/flutter-kolkata/
+Twitter: https://twitter.com/flutterkolkata
+Meetup: https://www.meetup.com/flutter-kolkata/', true, '2026-06-03 18:41:19.23', '2026-06-04 15:37:34.699', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4zk005hoi4ag4m7t97k', 'whatsapp', '120363333741605614@g.us', 'Vyson Waitlist', '​Get a personal 1:1 FAANG mentor here: https://vyson.dev/', true, '2026-06-03 18:41:19.233', '2026-06-04 15:37:34.704', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+INSERT INTO public."Group" VALUES ('cmpyex4zn005joi4a5awz3qky', 'whatsapp', '120363338024346424@g.us', '2x Your Tech Salary!', '‎Hi everyone! This community is for members to chat in topic-based groups and get important announcements.', true, '2026-06-03 18:41:19.236', '2026-06-04 15:37:34.709', 'cmpyeuxg9000joie6pdh4q6tn', 'default');
+
+
+--
+-- Data for Name: Message; Type: TABLE DATA; Schema: public; Owner: -
+--
+
+
+
+--
+-- Data for Name: Approval; Type: TABLE DATA; Schema: public; Owner: -
+--
+
+
+
+--
+-- Data for Name: ConsentRecord; Type: TABLE DATA; Schema: public; Owner: -
+--
+
+
+
+--
+-- Data for Name: SyncRoute; Type: TABLE DATA; Schema: public; Owner: -
+--
+
+
+
+--
+-- PostgreSQL database dump complete
+--
+
+\unrestrict IirtrUcG6cYkagSJO1iPjb4tmnvXR7Zp0YeDWGaP17VSpqXMw7sP520vA1uA4QT
+
diff --git a/docs/superpowers/plans/2026-05-28-admin-dashboard.md b/docs/superpowers/plans/2026-05-28-admin-dashboard.md
new file mode 100644
index 0000000..ca3cc66
--- /dev/null
+++ b/docs/superpowers/plans/2026-05-28-admin-dashboard.md
@@ -0,0 +1,1198 @@
+# Admin Dashboard Implementation Plan
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** Build a Next.js admin dashboard with a full-text search page and a groups/routes management page that lets admins configure which WhatsApp groups forward messages to which.
+
+**Architecture:** Two new NestJS modules (`GroupsModule`, `RoutesModule`) expose REST endpoints the dashboard consumes. The Next.js web app (App Router, server components) calls NestJS directly server-to-server for read operations; client-side mutations (add/delete sync routes) go through Next.js Route Handler proxies to avoid CORS. A sidebar nav wraps both pages in the shared layout.
+
+**Tech Stack:** Next.js 16, React 19, Tailwind CSS 4, NestJS 11, Prisma 6 (`@prisma/client` already in `apps/api`), `@testing-library/react`, `jest-environment-jsdom`, `@nestjs/testing`, TypeScript 5
+
+---
+
+## Codebase orientation
+
+- `apps/api/src/prisma/prisma.service.ts` — `PrismaService extends PrismaClient`; `PrismaModule` is `@Global()` so every module gets it injected without re-importing.
+- `apps/api/src/app.module.ts` — imports `ConfigModule`, `PrismaModule`, `HealthModule`, `SearchModule`. Add new modules here.
+- NestJS test pattern: `Test.createTestingModule({ providers: [Service, { provide: PrismaService, useValue: mockPrisma }] })`.
+- `apps/web` uses `next/jest` in `jest.config.js`, `jest-environment-jsdom`, `@testing-library/react`. `fetch` is available as a global in tests.
+- `process.env.API_URL ?? 'http://localhost:3001'` is the server-side base URL for all server→API calls. Not a public env var.
+- Prisma schema key models: `Group { id, name, platform, platformId, isActive, accountId }`, `SyncRoute { id, sourceGroupId, targetGroupId, isActive, createdAt }`.
+
+---
+
+## File Map
+
+**Create:**
+- `apps/api/src/modules/groups/groups.module.ts`
+- `apps/api/src/modules/groups/groups.service.ts`
+- `apps/api/src/modules/groups/groups.service.spec.ts`
+- `apps/api/src/modules/groups/groups.controller.ts`
+- `apps/api/src/modules/groups/groups.controller.spec.ts`
+- `apps/api/src/modules/routes/routes.module.ts`
+- `apps/api/src/modules/routes/routes.service.ts`
+- `apps/api/src/modules/routes/routes.service.spec.ts`
+- `apps/api/src/modules/routes/routes.controller.ts`
+- `apps/api/src/modules/routes/routes.controller.spec.ts`
+- `apps/web/app/search/page.tsx` — server component + exported `SearchResults` for testing
+- `apps/web/app/search/page.test.tsx`
+- `apps/web/app/groups/page.tsx` — server component, fetches groups + routes
+- `apps/web/app/groups/RouteManager.tsx` — `'use client'` component for add/delete
+- `apps/web/app/groups/RouteManager.test.tsx`
+- `apps/web/app/api/routes/route.ts` — GET + POST proxy
+- `apps/web/app/api/routes/[id]/route.ts` — DELETE proxy
+
+**Modify:**
+- `apps/api/src/app.module.ts` — add `GroupsModule`, `RoutesModule`
+- `apps/web/app/layout.tsx` — add sidebar nav
+- `apps/web/app/page.tsx` — dashboard home with navigation cards
+- `apps/web/app/page.test.tsx` — update tests for new home page content
+
+---
+
+### Task 1: GroupsModule API — GET /groups
+
+**Files:**
+- Create: `apps/api/src/modules/groups/groups.service.ts`
+- Create: `apps/api/src/modules/groups/groups.service.spec.ts`
+- Create: `apps/api/src/modules/groups/groups.controller.ts`
+- Create: `apps/api/src/modules/groups/groups.controller.spec.ts`
+- Create: `apps/api/src/modules/groups/groups.module.ts`
+
+- [ ] **Step 1: Write the failing service test**
+
+Create `apps/api/src/modules/groups/groups.service.spec.ts`:
+
+```typescript
+import { Test, TestingModule } from '@nestjs/testing';
+import { GroupsService } from './groups.service';
+import { PrismaService } from '../../prisma/prisma.service';
+
+const mockGroups = [
+  { id: 'grp_1', name: 'Alpha', platform: 'whatsapp', platformId: '111@g.us', isActive: true, accountId: 'acc_1' },
+  { id: 'grp_2', name: 'Beta', platform: 'whatsapp', platformId: '222@g.us', isActive: true, accountId: null },
+];
+
+describe('GroupsService', () => {
+  let service: GroupsService;
+  const mockPrisma = { group: { findMany: jest.fn().mockResolvedValue(mockGroups) } };
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        GroupsService,
+        { provide: PrismaService, useValue: mockPrisma },
+      ],
+    }).compile();
+    service = module.get<GroupsService>(GroupsService);
+  });
+
+  it('returns all groups ordered by name', async () => {
+    const result = await service.list();
+    expect(result).toHaveLength(2);
+    expect(result[0].name).toBe('Alpha');
+    expect(mockPrisma.group.findMany).toHaveBeenCalledWith({
+      orderBy: { name: 'asc' },
+      select: { id: true, name: true, platform: true, platformId: true, isActive: true, accountId: true },
+    });
+  });
+});
+```
+
+- [ ] **Step 2: Run test to verify it fails**
+
+```bash
+pnpm --filter @tower/api test -- --testPathPattern=groups.service
+```
+Expected: FAIL with "Cannot find module './groups.service'"
+
+- [ ] **Step 3: Implement GroupsService**
+
+Create `apps/api/src/modules/groups/groups.service.ts`:
+
+```typescript
+import { Injectable } from '@nestjs/common';
+import { PrismaService } from '../../prisma/prisma.service';
+
+@Injectable()
+export class GroupsService {
+  constructor(private readonly prisma: PrismaService) {}
+
+  list() {
+    return this.prisma.group.findMany({
+      orderBy: { name: 'asc' },
+      select: { id: true, name: true, platform: true, platformId: true, isActive: true, accountId: true },
+    });
+  }
+}
+```
+
+- [ ] **Step 4: Run service test to verify it passes**
+
+```bash
+pnpm --filter @tower/api test -- --testPathPattern=groups.service
+```
+Expected: PASS (1 test)
+
+- [ ] **Step 5: Write the failing controller test**
+
+Create `apps/api/src/modules/groups/groups.controller.spec.ts`:
+
+```typescript
+import { Test, TestingModule } from '@nestjs/testing';
+import { GroupsController } from './groups.controller';
+import { GroupsService } from './groups.service';
+
+const mockGroups = [
+  { id: 'grp_1', name: 'Alpha', platform: 'whatsapp', platformId: '111@g.us', isActive: true, accountId: 'acc_1' },
+];
+const mockService = { list: jest.fn().mockResolvedValue(mockGroups) };
+
+describe('GroupsController', () => {
+  let controller: GroupsController;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [GroupsController],
+      providers: [{ provide: GroupsService, useValue: mockService }],
+    }).compile();
+    controller = module.get<GroupsController>(GroupsController);
+  });
+
+  it('returns groups from service', async () => {
+    const result = await controller.list();
+    expect(result).toEqual(mockGroups);
+    expect(mockService.list).toHaveBeenCalled();
+  });
+});
+```
+
+- [ ] **Step 6: Implement GroupsController and GroupsModule**
+
+Create `apps/api/src/modules/groups/groups.controller.ts`:
+
+```typescript
+import { Controller, Get } from '@nestjs/common';
+import { GroupsService } from './groups.service';
+
+@Controller('groups')
+export class GroupsController {
+  constructor(private readonly groupsService: GroupsService) {}
+
+  @Get()
+  list() {
+    return this.groupsService.list();
+  }
+}
+```
+
+Create `apps/api/src/modules/groups/groups.module.ts`:
+
+```typescript
+import { Module } from '@nestjs/common';
+import { GroupsController } from './groups.controller';
+import { GroupsService } from './groups.service';
+
+@Module({
+  controllers: [GroupsController],
+  providers: [GroupsService],
+})
+export class GroupsModule {}
+```
+
+- [ ] **Step 7: Run controller test to verify it passes**
+
+```bash
+pnpm --filter @tower/api test -- --testPathPattern=groups.controller
+```
+Expected: PASS (1 test)
+
+- [ ] **Step 8: Commit**
+
+```bash
+git add apps/api/src/modules/groups/
+git commit -m "feat(api): add GroupsModule with GET /groups endpoint"
+```
+
+---
+
+### Task 2: RoutesModule API — GET /routes, POST /routes, DELETE /routes/:id — wire both into AppModule
+
+**Files:**
+- Create: `apps/api/src/modules/routes/routes.service.ts`
+- Create: `apps/api/src/modules/routes/routes.service.spec.ts`
+- Create: `apps/api/src/modules/routes/routes.controller.ts`
+- Create: `apps/api/src/modules/routes/routes.controller.spec.ts`
+- Create: `apps/api/src/modules/routes/routes.module.ts`
+- Modify: `apps/api/src/app.module.ts`
+
+A populated `SyncRoute` record (with includes) looks like:
+```
+{ id, sourceGroupId, targetGroupId, isActive, createdAt, sourceGroup: { name }, targetGroup: { name } }
+```
+
+- [ ] **Step 1: Write the failing service tests**
+
+Create `apps/api/src/modules/routes/routes.service.spec.ts`:
+
+```typescript
+import { Test, TestingModule } from '@nestjs/testing';
+import { BadRequestException, NotFoundException } from '@nestjs/common';
+import { RoutesService } from './routes.service';
+import { PrismaService } from '../../prisma/prisma.service';
+
+const mockRoute = {
+  id: 'rt_1',
+  sourceGroupId: 'grp_1',
+  targetGroupId: 'grp_2',
+  isActive: true,
+  createdAt: new Date(),
+  sourceGroup: { name: 'Alpha' },
+  targetGroup: { name: 'Beta' },
+};
+
+describe('RoutesService', () => {
+  let service: RoutesService;
+  const mockPrisma = {
+    syncRoute: {
+      findMany: jest.fn().mockResolvedValue([mockRoute]),
+      create: jest.fn().mockResolvedValue(mockRoute),
+      delete: jest.fn().mockResolvedValue(mockRoute),
+    },
+  };
+
+  beforeEach(async () => {
+    jest.clearAllMocks();
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        RoutesService,
+        { provide: PrismaService, useValue: mockPrisma },
+      ],
+    }).compile();
+    service = module.get<RoutesService>(RoutesService);
+  });
+
+  describe('list', () => {
+    it('returns all routes with group names', async () => {
+      const result = await service.list();
+      expect(result).toHaveLength(1);
+      expect(result[0].sourceGroup.name).toBe('Alpha');
+      expect(mockPrisma.syncRoute.findMany).toHaveBeenCalledWith({
+        where: undefined,
+        include: {
+          sourceGroup: { select: { name: true } },
+          targetGroup: { select: { name: true } },
+        },
+        orderBy: { createdAt: 'desc' },
+      });
+    });
+
+    it('filters by sourceGroupId when provided', async () => {
+      await service.list('grp_1');
+      expect(mockPrisma.syncRoute.findMany).toHaveBeenCalledWith(
+        expect.objectContaining({ where: { sourceGroupId: 'grp_1' } }),
+      );
+    });
+  });
+
+  describe('create', () => {
+    it('creates a route and returns it with group names', async () => {
+      const result = await service.create('grp_1', 'grp_2');
+      expect(result).toEqual(mockRoute);
+      expect(mockPrisma.syncRoute.create).toHaveBeenCalledWith({
+        data: { sourceGroupId: 'grp_1', targetGroupId: 'grp_2' },
+        include: {
+          sourceGroup: { select: { name: true } },
+          targetGroup: { select: { name: true } },
+        },
+      });
+    });
+
+    it('throws BadRequestException when sourceGroupId is empty', async () => {
+      await expect(service.create('', 'grp_2')).rejects.toThrow(BadRequestException);
+    });
+
+    it('throws BadRequestException when targetGroupId is empty', async () => {
+      await expect(service.create('grp_1', '')).rejects.toThrow(BadRequestException);
+    });
+  });
+
+  describe('remove', () => {
+    it('deletes a route by id', async () => {
+      await service.remove('rt_1');
+      expect(mockPrisma.syncRoute.delete).toHaveBeenCalledWith({ where: { id: 'rt_1' } });
+    });
+
+    it('throws NotFoundException when route does not exist (Prisma P2025)', async () => {
+      mockPrisma.syncRoute.delete.mockRejectedValueOnce({ code: 'P2025' });
+      await expect(service.remove('bad_id')).rejects.toThrow(NotFoundException);
+    });
+  });
+});
+```
+
+- [ ] **Step 2: Run tests to verify they fail**
+
+```bash
+pnpm --filter @tower/api test -- --testPathPattern=routes.service
+```
+Expected: FAIL with "Cannot find module './routes.service'"
+
+- [ ] **Step 3: Implement RoutesService**
+
+Create `apps/api/src/modules/routes/routes.service.ts`:
+
+```typescript
+import { BadRequestException, Injectable, NotFoundException } from '@nestjs/common';
+import { PrismaService } from '../../prisma/prisma.service';
+
+const routeInclude = {
+  sourceGroup: { select: { name: true } },
+  targetGroup: { select: { name: true } },
+} as const;
+
+@Injectable()
+export class RoutesService {
+  constructor(private readonly prisma: PrismaService) {}
+
+  list(sourceGroupId?: string) {
+    return this.prisma.syncRoute.findMany({
+      where: sourceGroupId ? { sourceGroupId } : undefined,
+      include: routeInclude,
+      orderBy: { createdAt: 'desc' },
+    });
+  }
+
+  create(sourceGroupId: string, targetGroupId: string) {
+    if (!sourceGroupId || !targetGroupId) {
+      throw new BadRequestException('sourceGroupId and targetGroupId are required');
+    }
+    return this.prisma.syncRoute.create({
+      data: { sourceGroupId, targetGroupId },
+      include: routeInclude,
+    });
+  }
+
+  async remove(id: string) {
+    try {
+      await this.prisma.syncRoute.delete({ where: { id } });
+    } catch (e) {
+      if ((e as { code?: string })?.code === 'P2025') {
+        throw new NotFoundException(`Route ${id} not found`);
+      }
+      throw e;
+    }
+  }
+}
+```
+
+- [ ] **Step 4: Run service tests to verify they pass**
+
+```bash
+pnpm --filter @tower/api test -- --testPathPattern=routes.service
+```
+Expected: PASS (7 tests)
+
+- [ ] **Step 5: Write the failing controller tests**
+
+Create `apps/api/src/modules/routes/routes.controller.spec.ts`:
+
+```typescript
+import { Test, TestingModule } from '@nestjs/testing';
+import { RoutesController } from './routes.controller';
+import { RoutesService } from './routes.service';
+
+const mockRoute = {
+  id: 'rt_1',
+  sourceGroupId: 'grp_1',
+  targetGroupId: 'grp_2',
+  sourceGroup: { name: 'Alpha' },
+  targetGroup: { name: 'Beta' },
+};
+const mockService = {
+  list: jest.fn().mockResolvedValue([mockRoute]),
+  create: jest.fn().mockResolvedValue(mockRoute),
+  remove: jest.fn().mockResolvedValue(undefined),
+};
+
+describe('RoutesController', () => {
+  let controller: RoutesController;
+
+  beforeEach(async () => {
+    jest.clearAllMocks();
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [RoutesController],
+      providers: [{ provide: RoutesService, useValue: mockService }],
+    }).compile();
+    controller = module.get<RoutesController>(RoutesController);
+  });
+
+  it('list() delegates to service with no filter', async () => {
+    const result = await controller.list(undefined);
+    expect(result).toEqual([mockRoute]);
+    expect(mockService.list).toHaveBeenCalledWith(undefined);
+  });
+
+  it('list() passes sourceGroupId filter to service', async () => {
+    await controller.list('grp_1');
+    expect(mockService.list).toHaveBeenCalledWith('grp_1');
+  });
+
+  it('create() extracts body fields and delegates to service', async () => {
+    const result = await controller.create({ sourceGroupId: 'grp_1', targetGroupId: 'grp_2' });
+    expect(result).toEqual(mockRoute);
+    expect(mockService.create).toHaveBeenCalledWith('grp_1', 'grp_2');
+  });
+
+  it('remove() delegates id to service', async () => {
+    await controller.remove('rt_1');
+    expect(mockService.remove).toHaveBeenCalledWith('rt_1');
+  });
+});
+```
+
+- [ ] **Step 6: Implement RoutesController, RoutesModule, and wire into AppModule**
+
+Create `apps/api/src/modules/routes/routes.controller.ts`:
+
+```typescript
+import { Body, Controller, Delete, Get, HttpCode, Param, Post, Query } from '@nestjs/common';
+import { RoutesService } from './routes.service';
+
+@Controller('routes')
+export class RoutesController {
+  constructor(private readonly routesService: RoutesService) {}
+
+  @Get()
+  list(@Query('sourceGroupId') sourceGroupId?: string) {
+    return this.routesService.list(sourceGroupId);
+  }
+
+  @Post()
+  create(@Body() body: { sourceGroupId?: string; targetGroupId?: string }) {
+    return this.routesService.create(body.sourceGroupId ?? '', body.targetGroupId ?? '');
+  }
+
+  @Delete(':id')
+  @HttpCode(204)
+  remove(@Param('id') id: string) {
+    return this.routesService.remove(id);
+  }
+}
+```
+
+Create `apps/api/src/modules/routes/routes.module.ts`:
+
+```typescript
+import { Module } from '@nestjs/common';
+import { RoutesController } from './routes.controller';
+import { RoutesService } from './routes.service';
+
+@Module({
+  controllers: [RoutesController],
+  providers: [RoutesService],
+})
+export class RoutesModule {}
+```
+
+Replace `apps/api/src/app.module.ts` in full:
+
+```typescript
+import { Module } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
+import { PrismaModule } from './prisma/prisma.module';
+import { HealthModule } from './modules/health/health.module';
+import { SearchModule } from './modules/search/search.module';
+import { GroupsModule } from './modules/groups/groups.module';
+import { RoutesModule } from './modules/routes/routes.module';
+
+@Module({
+  imports: [
+    ConfigModule.forRoot({ isGlobal: true }),
+    PrismaModule,
+    HealthModule,
+    SearchModule,
+    GroupsModule,
+    RoutesModule,
+  ],
+})
+export class AppModule {}
+```
+
+- [ ] **Step 7: Run controller tests and full API suite**
+
+```bash
+pnpm --filter @tower/api test -- --testPathPattern=routes.controller
+```
+Expected: PASS (4 tests)
+
+```bash
+pnpm --filter @tower/api test
+```
+Expected: All API test suites pass
+
+- [ ] **Step 8: Commit**
+
+```bash
+git add apps/api/src/modules/routes/ apps/api/src/app.module.ts
+git commit -m "feat(api): add RoutesModule with GET/POST/DELETE /routes endpoints"
+```
+
+---
+
+### Task 3: Web dashboard layout and home page
+
+**Files:**
+- Modify: `apps/web/app/layout.tsx`
+- Modify: `apps/web/app/page.tsx`
+- Modify: `apps/web/app/page.test.tsx`
+
+- [ ] **Step 1: Write the failing tests**
+
+Replace `apps/web/app/page.test.tsx` in full:
+
+```tsx
+import { render, screen } from '@testing-library/react';
+import Home from './page';
+
+describe('Home page', () => {
+  it('renders the TOWER heading', () => {
+    render(<Home />);
+    expect(screen.getByRole('heading', { name: /insignia tower/i })).toBeInTheDocument();
+  });
+
+  it('renders a link to the search page', () => {
+    render(<Home />);
+    expect(screen.getByRole('link', { name: /search/i })).toHaveAttribute('href', '/search');
+  });
+
+  it('renders a link to the groups page', () => {
+    render(<Home />);
+    expect(screen.getByRole('link', { name: /groups/i })).toHaveAttribute('href', '/groups');
+  });
+});
+```
+
+- [ ] **Step 2: Run tests to verify the two new ones fail**
+
+```bash
+pnpm --filter @tower/web test -- --testPathPattern=app/page
+```
+Expected: 2 failures — "renders a link to the search page" and "renders a link to the groups page"
+
+- [ ] **Step 3: Update layout.tsx and page.tsx**
+
+Replace `apps/web/app/layout.tsx` in full:
+
+```tsx
+import type { Metadata } from 'next';
+import Link from 'next/link';
+import './globals.css';
+
+export const metadata: Metadata = {
+  title: 'Insignia TOWER',
+  description: 'Community Knowledge Infrastructure Platform',
+};
+
+export default function RootLayout({ children }: { children: React.ReactNode }) {
+  return (
+    <html lang="en">
+      <body className="flex min-h-screen bg-gray-50 text-gray-900 antialiased">
+        <nav className="w-52 shrink-0 bg-white border-r border-gray-200 p-4 flex flex-col gap-1">
+          <span className="font-bold text-base mb-4">TOWER</span>
+          <Link href="/search" className="rounded px-3 py-2 text-sm hover:bg-gray-100">
+            Search
+          </Link>
+          <Link href="/groups" className="rounded px-3 py-2 text-sm hover:bg-gray-100">
+            Groups &amp; Routes
+          </Link>
+        </nav>
+        <main className="flex-1 overflow-auto p-6">{children}</main>
+      </body>
+    </html>
+  );
+}
+```
+
+Replace `apps/web/app/page.tsx` in full:
+
+```tsx
+import Link from 'next/link';
+
+export default function Home() {
+  return (
+    <div className="flex flex-col gap-6 max-w-xl">
+      <h1 className="text-3xl font-bold tracking-tight">Insignia TOWER</h1>
+      <p className="text-gray-500">Community Knowledge Infrastructure Platform</p>
+      <div className="flex gap-4">
+        <Link
+          href="/search"
+          className="flex-1 rounded-xl border border-gray-200 bg-white p-5 hover:border-blue-400 transition-colors"
+        >
+          <h2 className="font-semibold mb-1">Search</h2>
+          <p className="text-sm text-gray-500">Full-text search of approved messages</p>
+        </Link>
+        <Link
+          href="/groups"
+          className="flex-1 rounded-xl border border-gray-200 bg-white p-5 hover:border-blue-400 transition-colors"
+        >
+          <h2 className="font-semibold mb-1">Groups</h2>
+          <p className="text-sm text-gray-500">Manage groups and sync routes</p>
+        </Link>
+      </div>
+    </div>
+  );
+}
+```
+
+- [ ] **Step 4: Run tests to verify all 3 pass**
+
+```bash
+pnpm --filter @tower/web test -- --testPathPattern=app/page
+```
+Expected: PASS (3 tests)
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add apps/web/app/layout.tsx apps/web/app/page.tsx apps/web/app/page.test.tsx
+git commit -m "feat(web): add sidebar nav layout and dashboard home page"
+```
+
+---
+
+### Task 4: Web search page
+
+**Files:**
+- Create: `apps/web/app/search/page.tsx`
+- Create: `apps/web/app/search/page.test.tsx`
+
+The page is an async server component. It reads `searchParams.q` and `searchParams.page`, fetches from `${API_URL}/search` server-to-server, and delegates rendering to an exported `SearchResults` component (which is pure JSX and testable with RTL).
+
+- [ ] **Step 1: Write the failing tests**
+
+Create `apps/web/app/search/page.test.tsx`:
+
+```tsx
+import { render, screen } from '@testing-library/react';
+import { SearchResults } from './page';
+
+const makeHit = (id: string, content: string) => ({
+  id,
+  content,
+  senderName: 'Alice',
+  sourceGroupName: 'UP Parivar Dallas',
+  tags: ['#important'],
+  approvedAt: 1748390400000,
+});
+
+describe('SearchResults', () => {
+  it('shows "no results" when hits array is empty', () => {
+    render(<SearchResults hits={[]} total={0} q="missing" page={1} />);
+    expect(screen.getByText(/no results/i)).toBeInTheDocument();
+  });
+
+  it('renders each hit content', () => {
+    render(
+      <SearchResults
+        hits={[makeHit('m1', 'Hello world'), makeHit('m2', 'Event tonight')]}
+        total={2}
+        q="hello"
+        page={1}
+      />,
+    );
+    expect(screen.getByText('Hello world')).toBeInTheDocument();
+    expect(screen.getByText('Event tonight')).toBeInTheDocument();
+  });
+
+  it('shows the total result count', () => {
+    render(<SearchResults hits={[makeHit('m1', 'Test')]} total={42} q="test" page={1} />);
+    expect(screen.getByText(/42/)).toBeInTheDocument();
+  });
+
+  it('shows sender name and group name for each hit', () => {
+    render(<SearchResults hits={[makeHit('m1', 'Test')]} total={1} q="test" page={1} />);
+    expect(screen.getByText(/alice/i)).toBeInTheDocument();
+    expect(screen.getByText(/UP Parivar Dallas/i)).toBeInTheDocument();
+  });
+
+  it('shows tags for each hit', () => {
+    render(<SearchResults hits={[makeHit('m1', 'Test')]} total={1} q="test" page={1} />);
+    expect(screen.getByText('#important')).toBeInTheDocument();
+  });
+});
+```
+
+- [ ] **Step 2: Run tests to verify they fail**
+
+```bash
+pnpm --filter @tower/web test -- --testPathPattern=search/page
+```
+Expected: FAIL with "Cannot find module './page'"
+
+- [ ] **Step 3: Implement the search page**
+
+Create `apps/web/app/search/page.tsx`:
+
+```tsx
+interface MeiliHit {
+  id: string;
+  content: string;
+  senderName: string;
+  sourceGroupName: string;
+  tags: string[];
+  approvedAt: number;
+}
+
+interface SearchResponse {
+  hits: MeiliHit[];
+  total: number;
+  page: number;
+  limit: number;
+  query: string;
+}
+
+export function SearchResults({
+  hits,
+  total,
+  q,
+  page,
+}: {
+  hits: MeiliHit[];
+  total: number;
+  q: string;
+  page: number;
+}) {
+  return (
+    <div className="flex flex-col gap-4">
+      <form method="GET" className="flex gap-2">
+        <input
+          name="q"
+          defaultValue={q}
+          placeholder="Search approved messages…"
+          className="flex-1 rounded-lg border border-gray-200 px-3 py-2 text-sm focus:outline-none focus:ring-2 focus:ring-blue-400"
+        />
+        <button
+          type="submit"
+          className="rounded-lg bg-blue-600 px-4 py-2 text-sm font-medium text-white hover:bg-blue-700"
+        >
+          Search
+        </button>
+      </form>
+
+      {hits.length === 0 ? (
+        <p className="text-gray-500 text-sm">No results{q ? ` for "${q}"` : ''}.</p>
+      ) : (
+        <>
+          <p className="text-sm text-gray-500">
+            {total} result{total !== 1 ? 's' : ''}
+          </p>
+          <ul className="flex flex-col gap-3">
+            {hits.map((hit) => (
+              <li key={hit.id} className="rounded-xl border border-gray-200 bg-white p-4">
+                <p className="text-sm">{hit.content}</p>
+                <div className="mt-2 flex flex-wrap items-center gap-2 text-xs text-gray-400">
+                  <span>{hit.senderName}</span>
+                  <span>·</span>
+                  <span>{hit.sourceGroupName}</span>
+                  <span>·</span>
+                  <span>{new Date(hit.approvedAt).toLocaleDateString()}</span>
+                  {hit.tags.map((tag) => (
+                    <span key={tag} className="rounded-full bg-blue-50 px-2 py-0.5 text-blue-600">
+                      {tag}
+                    </span>
+                  ))}
+                </div>
+              </li>
+            ))}
+          </ul>
+        </>
+      )}
+    </div>
+  );
+}
+
+export default async function SearchPage({
+  searchParams,
+}: {
+  searchParams: Promise<{ q?: string; page?: string }>;
+}) {
+  const { q = '', page = '1' } = await searchParams;
+  const apiUrl = process.env.API_URL ?? 'http://localhost:3001';
+  const url = new URL(`${apiUrl}/search`);
+  url.searchParams.set('q', q);
+  url.searchParams.set('page', page);
+
+  let data: SearchResponse = { hits: [], total: 0, page: 1, limit: 20, query: q };
+  try {
+    const res = await fetch(url, { cache: 'no-store' });
+    if (res.ok) data = await res.json();
+  } catch {
+    // API unavailable — render empty results
+  }
+
+  return (
+    <div className="max-w-2xl">
+      <h1 className="text-xl font-semibold mb-4">Search</h1>
+      <SearchResults hits={data.hits} total={data.total} q={q} page={Number(page)} />
+    </div>
+  );
+}
+```
+
+- [ ] **Step 4: Run tests to verify they pass**
+
+```bash
+pnpm --filter @tower/web test -- --testPathPattern=search/page
+```
+Expected: PASS (5 tests)
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add apps/web/app/search/
+git commit -m "feat(web): add search page with full-text message search UI"
+```
+
+---
+
+### Task 5: Web groups page — RouteManager, groups page, and Route Handler proxies
+
+**Files:**
+- Create: `apps/web/app/groups/RouteManager.tsx`
+- Create: `apps/web/app/groups/RouteManager.test.tsx`
+- Create: `apps/web/app/groups/page.tsx`
+- Create: `apps/web/app/api/routes/route.ts`
+- Create: `apps/web/app/api/routes/[id]/route.ts`
+
+Types used throughout this task:
+- `Group`: `{ id: string; name: string; platform: string }`
+- `Route`: `{ id: string; sourceGroupId: string; targetGroupId: string; sourceGroup: { name: string }; targetGroup: { name: string } }`
+
+- [ ] **Step 1: Write the failing RouteManager tests**
+
+Create `apps/web/app/groups/RouteManager.test.tsx`:
+
+```tsx
+import { render, screen, fireEvent, waitFor } from '@testing-library/react';
+import { RouteManager } from './RouteManager';
+
+const groups = [
+  { id: 'grp_1', name: 'Alpha', platform: 'whatsapp' },
+  { id: 'grp_2', name: 'Beta', platform: 'whatsapp' },
+];
+
+const routes = [
+  {
+    id: 'rt_1',
+    sourceGroupId: 'grp_1',
+    targetGroupId: 'grp_2',
+    sourceGroup: { name: 'Alpha' },
+    targetGroup: { name: 'Beta' },
+  },
+];
+
+let fetchSpy: jest.SpyInstance;
+
+beforeEach(() => {
+  fetchSpy = jest.spyOn(global, 'fetch');
+});
+
+afterEach(() => {
+  jest.restoreAllMocks();
+});
+
+describe('RouteManager', () => {
+  it('renders existing routes with source → target names', () => {
+    render(<RouteManager groups={groups} initialRoutes={routes} />);
+    expect(screen.getByText('Alpha')).toBeInTheDocument();
+    expect(screen.getByText('Beta')).toBeInTheDocument();
+  });
+
+  it('renders two group select dropdowns for adding a route', () => {
+    render(<RouteManager groups={groups} initialRoutes={routes} />);
+    expect(screen.getAllByRole('combobox')).toHaveLength(2);
+  });
+
+  it('calls POST /api/routes when Add route is submitted', async () => {
+    fetchSpy.mockResolvedValueOnce(
+      new Response(
+        JSON.stringify({ id: 'rt_new', sourceGroupId: 'grp_1', targetGroupId: 'grp_2', sourceGroup: { name: 'Alpha' }, targetGroup: { name: 'Beta' } }),
+        { status: 201, headers: { 'Content-Type': 'application/json' } },
+      ),
+    );
+    render(<RouteManager groups={groups} initialRoutes={[]} />);
+    const [sourceSelect, targetSelect] = screen.getAllByRole('combobox');
+    fireEvent.change(sourceSelect, { target: { value: 'grp_1' } });
+    fireEvent.change(targetSelect, { target: { value: 'grp_2' } });
+    fireEvent.click(screen.getByRole('button', { name: /add route/i }));
+    await waitFor(() => {
+      expect(fetchSpy).toHaveBeenCalledWith(
+        '/api/routes',
+        expect.objectContaining({ method: 'POST' }),
+      );
+    });
+  });
+
+  it('shows a delete button for each existing route', () => {
+    render(<RouteManager groups={groups} initialRoutes={routes} />);
+    expect(screen.getByRole('button', { name: /delete/i })).toBeInTheDocument();
+  });
+
+  it('calls DELETE /api/routes/:id when a route is deleted', async () => {
+    fetchSpy.mockResolvedValueOnce(new Response(null, { status: 204 }));
+    render(<RouteManager groups={groups} initialRoutes={routes} />);
+    fireEvent.click(screen.getByRole('button', { name: /delete/i }));
+    await waitFor(() => {
+      expect(fetchSpy).toHaveBeenCalledWith(
+        '/api/routes/rt_1',
+        expect.objectContaining({ method: 'DELETE' }),
+      );
+    });
+  });
+});
+```
+
+- [ ] **Step 2: Run tests to verify they fail**
+
+```bash
+pnpm --filter @tower/web test -- --testPathPattern=groups/RouteManager
+```
+Expected: FAIL with "Cannot find module './RouteManager'"
+
+- [ ] **Step 3: Implement RouteManager**
+
+Create `apps/web/app/groups/RouteManager.tsx`:
+
+```tsx
+'use client';
+
+import { useState } from 'react';
+
+interface Group {
+  id: string;
+  name: string;
+  platform: string;
+}
+
+interface Route {
+  id: string;
+  sourceGroupId: string;
+  targetGroupId: string;
+  sourceGroup: { name: string };
+  targetGroup: { name: string };
+}
+
+export function RouteManager({
+  groups,
+  initialRoutes,
+}: {
+  groups: Group[];
+  initialRoutes: Route[];
+}) {
+  const [routes, setRoutes] = useState<Route[]>(initialRoutes);
+  const [sourceId, setSourceId] = useState('');
+  const [targetId, setTargetId] = useState('');
+  const [busy, setBusy] = useState(false);
+
+  async function addRoute() {
+    if (!sourceId || !targetId) return;
+    setBusy(true);
+    try {
+      const res = await fetch('/api/routes', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ sourceGroupId: sourceId, targetGroupId: targetId }),
+      });
+      if (!res.ok) return;
+      const created: Route = await res.json();
+      setRoutes((prev) => [created, ...prev]);
+      setSourceId('');
+      setTargetId('');
+    } finally {
+      setBusy(false);
+    }
+  }
+
+  async function deleteRoute(id: string) {
+    const res = await fetch(`/api/routes/${id}`, { method: 'DELETE' });
+    if (res.ok) setRoutes((prev) => prev.filter((r) => r.id !== id));
+  }
+
+  return (
+    <div className="flex flex-col gap-6">
+      <section>
+        <h2 className="text-base font-semibold mb-3">Active sync routes</h2>
+        {routes.length === 0 ? (
+          <p className="text-sm text-gray-400">No routes configured.</p>
+        ) : (
+          <ul className="flex flex-col gap-2">
+            {routes.map((route) => (
+              <li
+                key={route.id}
+                className="flex items-center justify-between rounded-lg border border-gray-200 bg-white px-4 py-3"
+              >
+                <span className="text-sm">
+                  <span className="font-medium">{route.sourceGroup.name}</span>
+                  <span className="mx-2 text-gray-400">→</span>
+                  <span className="font-medium">{route.targetGroup.name}</span>
+                </span>
+                <button
+                  onClick={() => deleteRoute(route.id)}
+                  className="text-xs text-red-500 hover:underline"
+                  aria-label="Delete route"
+                >
+                  Delete
+                </button>
+              </li>
+            ))}
+          </ul>
+        )}
+      </section>
+
+      <section>
+        <h2 className="text-base font-semibold mb-3">Add route</h2>
+        <div className="flex gap-2 items-center flex-wrap">
+          <select
+            value={sourceId}
+            onChange={(e) => setSourceId(e.target.value)}
+            className="rounded-lg border border-gray-200 px-3 py-2 text-sm"
+            aria-label="Source group"
+          >
+            <option value="">Source group…</option>
+            {groups.map((g) => (
+              <option key={g.id} value={g.id}>{g.name}</option>
+            ))}
+          </select>
+          <span className="text-gray-400">→</span>
+          <select
+            value={targetId}
+            onChange={(e) => setTargetId(e.target.value)}
+            className="rounded-lg border border-gray-200 px-3 py-2 text-sm"
+            aria-label="Target group"
+          >
+            <option value="">Target group…</option>
+            {groups.map((g) => (
+              <option key={g.id} value={g.id}>{g.name}</option>
+            ))}
+          </select>
+          <button
+            onClick={addRoute}
+            disabled={!sourceId || !targetId || busy}
+            className="rounded-lg bg-blue-600 px-4 py-2 text-sm font-medium text-white hover:bg-blue-700 disabled:opacity-50"
+          >
+            Add route
+          </button>
+        </div>
+      </section>
+    </div>
+  );
+}
+```
+
+- [ ] **Step 4: Run RouteManager tests to verify they pass**
+
+```bash
+pnpm --filter @tower/web test -- --testPathPattern=groups/RouteManager
+```
+Expected: PASS (5 tests)
+
+- [ ] **Step 5: Implement the groups page and route handler proxies**
+
+Create `apps/web/app/groups/page.tsx`:
+
+```tsx
+import { RouteManager } from './RouteManager';
+
+interface Group {
+  id: string;
+  name: string;
+  platform: string;
+}
+
+interface Route {
+  id: string;
+  sourceGroupId: string;
+  targetGroupId: string;
+  sourceGroup: { name: string };
+  targetGroup: { name: string };
+}
+
+async function fetchJson<T>(url: string): Promise<T | null> {
+  try {
+    const res = await fetch(url, { cache: 'no-store' });
+    if (!res.ok) return null;
+    return res.json();
+  } catch {
+    return null;
+  }
+}
+
+export default async function GroupsPage() {
+  const apiUrl = process.env.API_URL ?? 'http://localhost:3001';
+  const [groups, routes] = await Promise.all([
+    fetchJson<Group[]>(`${apiUrl}/groups`),
+    fetchJson<Route[]>(`${apiUrl}/routes`),
+  ]);
+
+  return (
+    <div className="max-w-2xl">
+      <h1 className="text-xl font-semibold mb-6">Groups &amp; Routes</h1>
+      <RouteManager groups={groups ?? []} initialRoutes={routes ?? []} />
+    </div>
+  );
+}
+```
+
+Create `apps/web/app/api/routes/route.ts`:
+
+```typescript
+const API_URL = process.env.API_URL ?? 'http://localhost:3001';
+
+export async function GET(req: Request) {
+  const { searchParams } = new URL(req.url);
+  const url = new URL(`${API_URL}/routes`);
+  searchParams.forEach((v, k) => url.searchParams.set(k, v));
+  const res = await fetch(url, { cache: 'no-store' });
+  return Response.json(await res.json(), { status: res.status });
+}
+
+export async function POST(req: Request) {
+  const body = await req.json();
+  const res = await fetch(`${API_URL}/routes`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(body),
+  });
+  return Response.json(await res.json(), { status: res.status });
+}
+```
+
+Create `apps/web/app/api/routes/[id]/route.ts`:
+
+```typescript
+const API_URL = process.env.API_URL ?? 'http://localhost:3001';
+
+export async function DELETE(
+  _req: Request,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  const { id } = await params;
+  const res = await fetch(`${API_URL}/routes/${id}`, { method: 'DELETE' });
+  return new Response(null, { status: res.status });
+}
+```
+
+- [ ] **Step 6: Run the full test suite to verify everything passes**
+
+```bash
+pnpm test
+```
+Expected: All test suites pass (worker: 9, API: 8, search: 1, web: 3, config: 1)
+
+- [ ] **Step 7: Commit**
+
+```bash
+git add apps/web/app/groups/ apps/web/app/api/
+git commit -m "feat(web): add groups page with RouteManager and route handler proxies"
+```
diff --git a/docs/superpowers/plans/2026-05-29-whatsapp-qr-dashboard.md b/docs/superpowers/plans/2026-05-29-whatsapp-qr-dashboard.md
new file mode 100644
index 0000000..43ffce9
--- /dev/null
+++ b/docs/superpowers/plans/2026-05-29-whatsapp-qr-dashboard.md
@@ -0,0 +1,2395 @@
+# WhatsApp QR Re-Authentication Dashboard Implementation Plan
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** When WhatsApp logs out (or on first-time setup), automatically restart the auth flow and surface the QR code in the admin dashboard so any admin can re-authenticate by scanning — no terminal access needed. Admins can also add new WhatsApp accounts directly from the dashboard without touching the database or restarting the worker.
+
+**Architecture:** The worker's `session.ts` detects `loggedOut`, clears stale session files, and restarts the Baileys connection to generate a fresh QR; this raw QR string is written to `Account.qrCode` in the database via Prisma. The NestJS API exposes a new `/accounts` module that reads account status and converts the raw QR string to a PNG data URL using the `qrcode` package. The Next.js web app adds an Accounts page with a client component that shows a connected/disconnected badge, polls for QR images, and lets admins add new accounts. The worker polls the DB every 30 seconds for new accounts and starts sessions automatically — no restart needed.
+
+**Tech Stack:** Baileys (WhatsApp), Prisma 6 (PostgreSQL), NestJS 11, Next.js 16 App Router, `qrcode` npm package, React Testing Library
+
+---
+
+## File Structure
+
+**Modified:**
+- `apps/api/prisma/schema.prisma` — add `qrCode String?` to Account model
+- `apps/worker/src/whatsapp/session.ts` — add `onQr`/`onStatus` callbacks (with JID); on `loggedOut` clear session files and restart
+- `apps/worker/src/whatsapp/session-pool.ts` — thread `onQr`/`onStatus` (with JID) callbacks through `add()`
+- `apps/worker/src/main.ts` — Prisma-writing handlers + extract `startAccount()` helper + 30s polling loop; initial load includes DISCONNECTED accounts
+- `apps/api/src/modules/accounts/accounts.service.ts` — list + QR + create account
+- `apps/api/src/modules/accounts/accounts.controller.ts` — `GET /accounts`, `GET /accounts/:id/qr`, `POST /accounts`
+- `apps/api/src/app.module.ts` — add `AccountsModule`
+- `apps/web/app/api/accounts/route.ts` — Next.js proxy → `GET` + `POST /accounts`
+- `apps/web/app/layout.tsx` — add Accounts nav link
+
+**Created:**
+- `apps/api/src/modules/accounts/accounts.module.ts` — NestJS module
+- `apps/api/src/modules/accounts/accounts.service.spec.ts` — unit tests
+- `apps/api/src/modules/accounts/accounts.controller.spec.ts` — unit tests
+- `apps/web/app/api/accounts/[id]/qr/route.ts` — Next.js proxy → `GET /accounts/:id/qr`
+- `apps/web/app/accounts/AccountCard.tsx` — client component with status badge + QR polling
+- `apps/web/app/accounts/AccountCard.test.tsx` — unit tests
+- `apps/web/app/accounts/AccountsList.tsx` — client component: manages accounts state + add account form
+- `apps/web/app/accounts/AccountsList.test.tsx` — unit tests
+- `apps/web/app/accounts/page.tsx` — server component
+
+**Test files updated:**
+- `apps/worker/src/whatsapp/session.test.ts` — update `onStatus('connected')` assertion to include jid
+- `apps/worker/src/whatsapp/session-pool.test.ts` — add QR and status callback threading tests
+
+---
+
+## Task 1: Prisma Schema Migration — Add `qrCode` to Account
+
+**Files:**
+- Modify: `apps/api/prisma/schema.prisma`
+
+- [ ] **Step 1: Add `qrCode` field to Account model in schema.prisma**
+
+  Open `apps/api/prisma/schema.prisma`. The `Account` model currently ends with:
+  ```prisma
+  model Account {
+    id          String        @id @default(cuid())
+    platform    String
+    jid         String
+    sessionPath String
+    displayName String?
+    status      AccountStatus @default(ACTIVE)
+    groups      Group[]
+    createdAt   DateTime      @default(now())
+    updatedAt   DateTime      @updatedAt
+
+    @@unique([platform, jid])
+  }
+  ```
+
+  Change it to:
+  ```prisma
+  model Account {
+    id          String        @id @default(cuid())
+    platform    String
+    jid         String
+    sessionPath String
+    displayName String?
+    status      AccountStatus @default(ACTIVE)
+    qrCode      String?
+    groups      Group[]
+    createdAt   DateTime      @default(now())
+    updatedAt   DateTime      @updatedAt
+
+    @@unique([platform, jid])
+  }
+  ```
+
+- [ ] **Step 2: Create and apply the migration**
+
+  ```bash
+  cd apps/api && pnpm exec prisma migrate dev --name add_account_qr_code
+  ```
+
+  Expected output:
+  ```
+  Environment variables loaded from .env
+  Prisma schema loaded from prisma/schema.prisma
+  Datasource "db": PostgreSQL database "tower_dev" at "localhost:5433"
+
+  Applying migration `20260529000000_add_account_qr_code`
+
+  The following migration(s) have been applied:
+
+  migrations/
+    └─ 20260529000000_add_account_qr_code/
+      └─ migration.sql
+
+  Your database is now in sync with your schema.
+  ```
+
+  `prisma migrate dev` automatically regenerates the Prisma client after migration. No separate `prisma generate` needed.
+
+- [ ] **Step 3: Commit**
+
+  ```bash
+  git add apps/api/prisma/schema.prisma apps/api/prisma/migrations/
+  git commit -m "feat: add qrCode field to Account for QR re-auth"
+  ```
+
+---
+
+## Task 2: Worker Session — QR/Status Callbacks + Auto-Restart on Logout
+
+**Files:**
+- Modify: `apps/worker/src/whatsapp/session.ts`
+- Create: `apps/worker/src/whatsapp/session.test.ts`
+
+- [ ] **Step 1: Write the failing tests for session.ts**
+
+  Create `apps/worker/src/whatsapp/session.test.ts`:
+
+  ```typescript
+  import { Boom } from '@hapi/boom';
+  import { createWhatsAppSession } from './session';
+  import * as fs from 'fs/promises';
+
+  // Capture connection.update handler so tests can trigger it
+  let connectionUpdateHandler: (update: any) => Promise<void>;
+  let credsUpdateHandler: () => void;
+
+  const mockSock = {
+    ev: {
+      on: jest.fn().mockImplementation((event: string, handler: any) => {
+        if (event === 'connection.update') connectionUpdateHandler = handler;
+        if (event === 'creds.update') credsUpdateHandler = handler;
+        if (event === 'messages.upsert') { /* no-op */ }
+      }),
+    },
+    end: jest.fn(),
+    groupFetchAllParticipating: jest.fn().mockResolvedValue({}),
+  };
+
+  jest.mock('@whiskeysockets/baileys', () => ({
+    default: jest.fn().mockReturnValue(mockSock),
+    useMultiFileAuthState: jest.fn().mockResolvedValue({ state: {}, saveCreds: jest.fn() }),
+    fetchLatestBaileysVersion: jest.fn().mockResolvedValue({ version: [2, 0, 0] }),
+    DisconnectReason: { loggedOut: 401 },
+  }));
+
+  jest.mock('qrcode-terminal', () => ({ generate: jest.fn() }));
+
+  jest.mock('fs/promises', () => ({
+    rm: jest.fn().mockResolvedValue(undefined),
+    mkdir: jest.fn().mockResolvedValue(undefined),
+  }));
+
+  describe('createWhatsAppSession', () => {
+    beforeEach(() => {
+      jest.clearAllMocks();
+    });
+
+    it('calls onQr with raw QR string when QR event fires', async () => {
+      const onQr = jest.fn();
+      await createWhatsAppSession('acc_1', '/sessions/1', jest.fn(), jest.fn(), jest.fn(), undefined, onQr);
+      await connectionUpdateHandler({ qr: 'test-qr-string' });
+      expect(onQr).toHaveBeenCalledWith('test-qr-string');
+    });
+
+    it('calls onStatus with "connected" when connection opens', async () => {
+      const onStatus = jest.fn();
+      await createWhatsAppSession('acc_1', '/sessions/1', jest.fn(), jest.fn(), jest.fn(), undefined, undefined, onStatus);
+      await connectionUpdateHandler({ connection: 'open' });
+      expect(onStatus).toHaveBeenCalledWith('connected');
+    });
+
+    it('calls onStatus with "disconnected" on non-logout close', async () => {
+      const onStatus = jest.fn();
+      await createWhatsAppSession('acc_1', '/sessions/1', jest.fn(), jest.fn(), jest.fn(), undefined, undefined, onStatus);
+      const error = new Boom('Connection lost', { statusCode: 408 });
+      await connectionUpdateHandler({ connection: 'close', lastDisconnect: { error } });
+      expect(onStatus).toHaveBeenCalledWith('disconnected');
+    });
+
+    it('calls onStatus with "logged_out" on loggedOut close', async () => {
+      const onStatus = jest.fn();
+      await createWhatsAppSession('acc_1', '/sessions/1', jest.fn(), jest.fn(), jest.fn(), undefined, undefined, onStatus);
+      const error = new Boom('Logged out', { statusCode: 401 });
+      await connectionUpdateHandler({ connection: 'close', lastDisconnect: { error } });
+      expect(onStatus).toHaveBeenCalledWith('logged_out');
+    });
+
+    it('deletes session directory on loggedOut', async () => {
+      await createWhatsAppSession('acc_1', '/sessions/1', jest.fn(), jest.fn(), jest.fn());
+      const error = new Boom('Logged out', { statusCode: 401 });
+      await connectionUpdateHandler({ connection: 'close', lastDisconnect: { error } });
+      expect(fs.rm).toHaveBeenCalledWith('/sessions/1', { recursive: true, force: true });
+      expect(fs.mkdir).toHaveBeenCalledWith('/sessions/1', { recursive: true });
+    });
+
+    it('does not delete session directory on non-logout close', async () => {
+      await createWhatsAppSession('acc_1', '/sessions/1', jest.fn(), jest.fn(), jest.fn());
+      const error = new Boom('Timeout', { statusCode: 408 });
+      await connectionUpdateHandler({ connection: 'close', lastDisconnect: { error } });
+      expect(fs.rm).not.toHaveBeenCalled();
+    });
+  });
+  ```
+
+- [ ] **Step 2: Run tests to verify they fail**
+
+  ```bash
+  cd apps/worker && pnpm test -- --testPathPattern=session.test.ts --no-coverage
+  ```
+
+  Expected: FAIL — `session.test.ts` has import errors or assertion failures since `session.ts` doesn't yet export the right callbacks.
+
+- [ ] **Step 3: Implement the changes in session.ts**
+
+  Replace the full contents of `apps/worker/src/whatsapp/session.ts`:
+
+  ```typescript
+  import makeWASocket, {
+    useMultiFileAuthState,
+    fetchLatestBaileysVersion,
+    DisconnectReason,
+    WASocket,
+    GroupMetadata,
+  } from '@whiskeysockets/baileys';
+  import { Boom } from '@hapi/boom';
+  import { rm, mkdir } from 'fs/promises';
+  import qrcode from 'qrcode-terminal';
+  import { NormalizedMessage, NormalizedReaction } from '@tower/types';
+  import { normalizeMessage, normalizeReaction } from './normalizer';
+  import { createLogger } from '@tower/logger';
+
+  const logger = createLogger('whatsapp-session');
+
+  export type OnMessageCallback = (msg: NormalizedMessage) => Promise<void> | void;
+  export type OnReactionCallback = (reaction: NormalizedReaction) => Promise<void> | void;
+  export type OnGroupsCallback = (groups: Record<string, GroupMetadata>) => Promise<void> | void;
+  export type OnQrCallback = (qr: string) => Promise<void> | void;
+  export type OnStatusCallback = (status: 'connected' | 'disconnected' | 'logged_out') => Promise<void> | void;
+
+  export async function createWhatsAppSession(
+    accountId: string,
+    sessionPath: string,
+    onMessage: OnMessageCallback,
+    onReaction: OnReactionCallback,
+    onGroups: OnGroupsCallback,
+    onReconnect?: (newSocket: WASocket) => void,
+    onQr?: OnQrCallback,
+    onStatus?: OnStatusCallback,
+  ): Promise<WASocket> {
+    const { state, saveCreds } = await useMultiFileAuthState(sessionPath);
+    const { version } = await fetchLatestBaileysVersion();
+
+    const sock = makeWASocket({
+      version,
+      auth: state,
+      printQRInTerminal: false,
+      logger: logger as any,
+    });
+
+    sock.ev.on('creds.update', saveCreds);
+
+    sock.ev.on('connection.update', async ({ connection, qr, lastDisconnect }) => {
+      if (qr) {
+        qrcode.generate(qr, { small: true });
+        await Promise.resolve(onQr?.(qr)).catch((err) =>
+          logger.error({ err }, 'Error storing QR'),
+        );
+      }
+
+      if (connection === 'close') {
+        const reason = (lastDisconnect?.error as Boom)?.output?.statusCode;
+        const isLoggedOut = reason === DisconnectReason.loggedOut;
+        logger.info({ reason, isLoggedOut }, 'Connection closed');
+
+        if (isLoggedOut) {
+          logger.info({ accountId }, 'Logged out — clearing session and restarting for QR');
+          await onStatus?.('logged_out');
+          await rm(sessionPath, { recursive: true, force: true });
+          await mkdir(sessionPath, { recursive: true });
+          setTimeout(async () => {
+            const newSocket = await createWhatsAppSession(
+              accountId, sessionPath, onMessage, onReaction, onGroups, onReconnect, onQr, onStatus,
+            );
+            onReconnect?.(newSocket);
+          }, 1000);
+        } else {
+          await onStatus?.('disconnected');
+          logger.info('Reconnecting in 5s...');
+          setTimeout(async () => {
+            const newSocket = await createWhatsAppSession(
+              accountId, sessionPath, onMessage, onReaction, onGroups, onReconnect, onQr, onStatus,
+            );
+            onReconnect?.(newSocket);
+          }, 5000);
+        }
+      } else if (connection === 'open') {
+        await onStatus?.('connected');
+        try {
+          logger.info({ accountId }, 'WhatsApp connected');
+          const groups = await sock.groupFetchAllParticipating();
+          await Promise.resolve(onGroups(groups)).catch((err) =>
+            logger.error({ err }, 'Group sync error'),
+          );
+        } catch (err) {
+          logger.error({ err }, 'Failed to fetch groups on connect');
+        }
+      }
+    });
+
+    sock.ev.on('messages.upsert', ({ messages, type }) => {
+      if (type !== 'notify') return;
+      for (const msg of messages) {
+        if (msg.message?.reactionMessage) {
+          const reaction = normalizeReaction(msg, accountId);
+          if (reaction) {
+            void Promise.resolve(onReaction(reaction)).catch((err) =>
+              logger.error({ err }, 'Error processing reaction'),
+            );
+          }
+          continue;
+        }
+        const normalized = normalizeMessage(msg, accountId);
+        if (!normalized) continue;
+        void Promise.resolve(onMessage(normalized)).catch((err) =>
+          logger.error({ err }, 'Error processing message'),
+        );
+      }
+    });
+
+    return sock;
+  }
+  ```
+
+- [ ] **Step 4: Run tests to verify they pass**
+
+  ```bash
+  cd apps/worker && pnpm test -- --testPathPattern=session.test.ts --no-coverage
+  ```
+
+  Expected: PASS — 6 tests pass.
+
+- [ ] **Step 5: Commit**
+
+  ```bash
+  git add apps/worker/src/whatsapp/session.ts apps/worker/src/whatsapp/session.test.ts
+  git commit -m "feat: add onQr/onStatus callbacks to session; auto-restart on loggedOut"
+  ```
+
+---
+
+## Task 3: Worker Session Pool + main.ts — Thread Callbacks and Update DB
+
+**Files:**
+- Modify: `apps/worker/src/whatsapp/session-pool.ts`
+- Modify: `apps/worker/src/whatsapp/session-pool.test.ts`
+- Modify: `apps/worker/src/main.ts`
+
+- [ ] **Step 1: Add QR callback threading test to session-pool.test.ts**
+
+  Open `apps/worker/src/whatsapp/session-pool.test.ts`. Add this test at the end of the `describe` block (before the closing `}`):
+
+  ```typescript
+  it('add() injects accountId into onQr callback', async () => {
+    const onQr = jest.fn();
+    const { createWhatsAppSession } = require('./session');
+
+    let capturedOnQr: any;
+    (createWhatsAppSession as jest.Mock).mockImplementationOnce(
+      (_id: string, _path: string, _onMsg: any, _onReaction: any, _onGroups: any, _onReconnect: any, qrCb: any) => {
+        capturedOnQr = qrCb;
+        return Promise.resolve({ sendMessage: jest.fn(), logout: jest.fn(), end: jest.fn() });
+      },
+    );
+
+    await pool.add('acc_1', './sessions/1', jest.fn(), jest.fn(), jest.fn(), onQr);
+    await capturedOnQr('test-qr');
+    expect(onQr).toHaveBeenCalledWith('test-qr', 'acc_1');
+  });
+  ```
+
+- [ ] **Step 2: Run tests to verify the new test fails**
+
+  ```bash
+  cd apps/worker && pnpm test -- --testPathPattern=session-pool.test.ts --no-coverage
+  ```
+
+  Expected: FAIL — the new `add() injects accountId into onQr callback` test fails because `pool.add()` doesn't yet accept `onQr`.
+
+- [ ] **Step 3: Update session-pool.ts to thread onQr and onStatus**
+
+  Replace `apps/worker/src/whatsapp/session-pool.ts` with:
+
+  ```typescript
+  import type { WASocket } from '@whiskeysockets/baileys';
+  import { Boom } from '@hapi/boom';
+  import { NormalizedMessage, NormalizedReaction } from '@tower/types';
+  import { createWhatsAppSession } from './session';
+  import { createLogger } from '@tower/logger';
+
+  const logger = createLogger('session-pool');
+
+  export type PoolMessageCallback = (msg: NormalizedMessage, accountId: string) => Promise<void> | void;
+  export type PoolReactionCallback = (reaction: NormalizedReaction, accountId: string) => Promise<void> | void;
+  export type PoolGroupsCallback = (groups: any, accountId: string) => Promise<void> | void;
+  export type PoolQrCallback = (qr: string, accountId: string) => Promise<void> | void;
+  export type PoolStatusCallback = (status: string, accountId: string) => Promise<void> | void;
+
+  export class WhatsAppSessionPool {
+    private sessions = new Map<string, WASocket>();
+
+    async add(
+      accountId: string,
+      sessionPath: string,
+      onMessage: PoolMessageCallback,
+      onReaction: PoolReactionCallback,
+      onGroups: PoolGroupsCallback,
+      onQr?: PoolQrCallback,
+      onStatus?: PoolStatusCallback,
+    ): Promise<void> {
+      logger.info({ accountId }, 'Starting session');
+      const sock = await createWhatsAppSession(
+        accountId,
+        sessionPath,
+        (msg) => onMessage(msg, accountId),
+        (reaction) => onReaction(reaction, accountId),
+        (groups) => onGroups(groups, accountId),
+        (newSocket) => {
+          logger.info({ accountId }, 'Session reconnected — updating pool');
+          this.sessions.set(accountId, newSocket);
+        },
+        onQr ? (qr) => onQr(qr, accountId) : undefined,
+        onStatus ? (status) => onStatus(status, accountId) : undefined,
+      );
+      this.sessions.set(accountId, sock);
+    }
+
+    get(accountId: string): WASocket | undefined {
+      return this.sessions.get(accountId);
+    }
+
+    getAll(): Map<string, WASocket> {
+      return this.sessions;
+    }
+
+    async sendMessage(accountId: string, groupJid: string, text: string): Promise<void> {
+      const sock = this.sessions.get(accountId);
+      if (!sock) {
+        const available = Array.from(this.sessions.keys()).join(', ') || 'none';
+        throw new Error(`No active session for account ${accountId}. Active accounts: [${available}]`);
+      }
+      await sock.sendMessage(groupJid, { text });
+    }
+
+    async remove(accountId: string): Promise<void> {
+      const sock = this.sessions.get(accountId);
+      if (sock) {
+        await sock.logout().catch(() => {});
+        this.sessions.delete(accountId);
+        logger.info({ accountId }, 'Session removed');
+      }
+    }
+
+    async closeAll(): Promise<void> {
+      logger.info({ count: this.sessions.size }, 'Closing all WhatsApp sessions');
+      for (const [accountId, sock] of this.sessions) {
+        try {
+          sock.end(new Boom('Shutdown', { statusCode: 401 }));
+          logger.info({ accountId }, 'Session closed');
+        } catch (err) {
+          logger.error({ accountId, err }, 'Error closing session');
+        }
+      }
+      this.sessions.clear();
+    }
+  }
+  ```
+
+- [ ] **Step 4: Run session-pool tests to verify all pass**
+
+  ```bash
+  cd apps/worker && pnpm test -- --testPathPattern=session-pool.test.ts --no-coverage
+  ```
+
+  Expected: PASS — all tests including the new QR threading test pass.
+
+- [ ] **Step 5: Update main.ts to pass QR/status handlers**
+
+  In `apps/worker/src/main.ts`, find the `pool.add(...)` call (around line 62). It currently has 5 arguments (accountId, sessionPath, onMessage, onReaction, onGroups). Add two more callbacks after the groups callback:
+
+  ```typescript
+  await pool.add(
+    account.id,
+    account.sessionPath,
+    async (msg, accountId) => {
+      const tags = detectTags(msg.content, msg.senderJid, adminJids);
+      if (!isFlagged(tags)) return;
+
+      const groupMap = groupMaps.get(accountId);
+      if (!groupMap) {
+        logger.error({ accountId }, 'No group map for account — message dropped');
+        return;
+      }
+      const sourceGroupId = groupMap.get(msg.sourceGroupJid);
+      if (!sourceGroupId) {
+        logger.warn({ jid: msg.sourceGroupJid, accountId }, 'Unknown group — skipping message');
+        return;
+      }
+
+      await ingestQueue.add(
+        'ingest',
+        {
+          platformMsgId: msg.platformMsgId,
+          platform: 'whatsapp',
+          accountId,
+          sourceGroupId,
+          senderJid: msg.senderJid,
+          senderName: msg.senderName,
+          content: msg.content,
+          tags,
+        },
+        { attempts: 3, backoff: { type: 'exponential', delay: 1000 } },
+      );
+
+      logger.info({ platformMsgId: msg.platformMsgId, tags }, 'Message enqueued');
+    },
+    async (reaction) => {
+      const result = await handleStarReaction(reaction, adminJids, prisma);
+      if (!result) return;
+
+      const { forwardJobs, indexDoc } = result;
+
+      await indexQueue.add('index', indexDoc, {
+        attempts: 3,
+        backoff: { type: 'exponential', delay: 1000 },
+      });
+
+      for (const job of forwardJobs) {
+        await forwardQueue.add('forward', job, {
+          attempts: 3,
+          backoff: { type: 'exponential', delay: 2000 },
+        });
+      }
+
+      logger.info(
+        { messageId: indexDoc.messageId, forwardCount: forwardJobs.length },
+        'Message approved — indexed and forwarded',
+      );
+    },
+    async (groups, accountId) => {
+      logger.info({ count: Object.keys(groups).length, accountId }, 'Syncing groups');
+      const map = await syncGroups(groups, accountId, prisma);
+      groupMaps.set(accountId, map);
+    },
+    async (qr, accountId) => {
+      await prisma.account.update({
+        where: { id: accountId },
+        data: { qrCode: qr },
+      }).catch((err) => logger.error({ accountId, err }, 'Failed to store QR in DB'));
+      logger.info({ accountId }, 'QR code updated');
+    },
+    async (status, accountId) => {
+      if (status === 'connected') {
+        await prisma.account.update({
+          where: { id: accountId },
+          data: { qrCode: null, status: 'ACTIVE' },
+        }).catch((err) => logger.error({ accountId, err }, 'Failed to update account status'));
+        logger.info({ accountId }, 'Account connected — QR cleared');
+      } else if (status === 'logged_out') {
+        await prisma.account.update({
+          where: { id: accountId },
+          data: { status: 'DISCONNECTED' },
+        }).catch((err) => logger.error({ accountId, err }, 'Failed to update account status'));
+        logger.info({ accountId }, 'Account logged out — awaiting QR scan');
+      }
+    },
+  );
+  ```
+
+  The full `main.ts` after this change:
+
+  ```typescript
+  import { PrismaClient } from '@prisma/client';
+  import { createLogger } from '@tower/logger';
+  import { validateEnv } from '@tower/config';
+  import { createMeiliClient, configureIndex } from '@tower/search';
+  import { createIngestQueue } from './queues/ingest.queue';
+  import { createIngestWorker } from './queues/ingest.processor';
+  import { createForwardQueue } from './queues/forward.queue';
+  import { createForwardWorker } from './queues/forward.processor';
+  import { createIndexQueue } from './queues/index.queue';
+  import { createIndexWorker } from './queues/index.processor';
+  import { WhatsAppSessionPool } from './whatsapp/session-pool';
+  import { detectTags, isFlagged } from './whatsapp/tag-detector';
+  import { syncGroups } from './whatsapp/group-sync';
+  import { handleStarReaction } from './core/approval';
+
+  const logger = createLogger('tower-worker');
+
+  async function bootstrap() {
+    const env = validateEnv();
+    const prisma = new PrismaClient();
+    await prisma.$connect();
+
+    const adminJids = env.TOWER_ADMIN_JIDS
+      ? env.TOWER_ADMIN_JIDS.split(',').map((j) => j.trim()).filter(Boolean)
+      : [];
+
+    const meiliClient = createMeiliClient(env.MEILI_URL, env.MEILI_MASTER_KEY);
+    await configureIndex(meiliClient).catch((err) =>
+      logger.warn({ err }, 'Failed to configure Meilisearch index — search may be degraded'),
+    );
+
+    const ingestQueue = createIngestQueue(env.REDIS_URL);
+    const forwardQueue = createForwardQueue(env.REDIS_URL);
+    const indexQueue = createIndexQueue(env.REDIS_URL);
+    const pool = new WhatsAppSessionPool();
+
+    const ingestWorker = createIngestWorker(env.REDIS_URL, prisma);
+    const forwardWorker = createForwardWorker(env.REDIS_URL, pool);
+    const indexWorker = createIndexWorker(env.REDIS_URL, meiliClient);
+
+    ingestWorker.on('completed', (job) => logger.info({ jobId: job.id }, 'Ingest job completed'));
+    ingestWorker.on('failed', (job, err) => logger.error({ jobId: job?.id, err }, 'Ingest job failed'));
+    forwardWorker.on('completed', (job) => logger.info({ jobId: job.id }, 'Forward job completed'));
+    forwardWorker.on('failed', (job, err) => logger.error({ jobId: job?.id, err }, 'Forward job failed'));
+    indexWorker.on('completed', (job) => logger.info({ jobId: job.id }, 'Index job completed'));
+    indexWorker.on('failed', (job, err) => logger.error({ jobId: job?.id, err }, 'Index job failed'));
+
+    const accounts = await prisma.account.findMany({
+      where: { status: 'ACTIVE', platform: 'whatsapp' },
+    });
+
+    if (accounts.length === 0) {
+      logger.warn('No active WhatsApp accounts found — seed one in the Account table (see docs)');
+    }
+
+    const groupMaps = new Map<string, Map<string, string>>();
+
+    for (const account of accounts) {
+      groupMaps.set(account.id, new Map());
+
+      try {
+        await pool.add(
+          account.id,
+          account.sessionPath,
+          async (msg, accountId) => {
+            const tags = detectTags(msg.content, msg.senderJid, adminJids);
+            if (!isFlagged(tags)) return;
+
+            const groupMap = groupMaps.get(accountId);
+            if (!groupMap) {
+              logger.error({ accountId }, 'No group map for account — message dropped');
+              return;
+            }
+            const sourceGroupId = groupMap.get(msg.sourceGroupJid);
+            if (!sourceGroupId) {
+              logger.warn({ jid: msg.sourceGroupJid, accountId }, 'Unknown group — skipping message');
+              return;
+            }
+
+            await ingestQueue.add(
+              'ingest',
+              {
+                platformMsgId: msg.platformMsgId,
+                platform: 'whatsapp',
+                accountId,
+                sourceGroupId,
+                senderJid: msg.senderJid,
+                senderName: msg.senderName,
+                content: msg.content,
+                tags,
+              },
+              { attempts: 3, backoff: { type: 'exponential', delay: 1000 } },
+            );
+
+            logger.info({ platformMsgId: msg.platformMsgId, tags }, 'Message enqueued');
+          },
+          async (reaction) => {
+            const result = await handleStarReaction(reaction, adminJids, prisma);
+            if (!result) return;
+
+            const { forwardJobs, indexDoc } = result;
+
+            await indexQueue.add('index', indexDoc, {
+              attempts: 3,
+              backoff: { type: 'exponential', delay: 1000 },
+            });
+
+            for (const job of forwardJobs) {
+              await forwardQueue.add('forward', job, {
+                attempts: 3,
+                backoff: { type: 'exponential', delay: 2000 },
+              });
+            }
+
+            logger.info(
+              { messageId: indexDoc.messageId, forwardCount: forwardJobs.length },
+              'Message approved — indexed and forwarded',
+            );
+          },
+          async (groups, accountId) => {
+            logger.info({ count: Object.keys(groups).length, accountId }, 'Syncing groups');
+            const map = await syncGroups(groups, accountId, prisma);
+            groupMaps.set(accountId, map);
+          },
+          async (qr, accountId) => {
+            await prisma.account.update({
+              where: { id: accountId },
+              data: { qrCode: qr },
+            }).catch((err) => logger.error({ accountId, err }, 'Failed to store QR in DB'));
+            logger.info({ accountId }, 'QR code updated');
+          },
+          async (status, accountId) => {
+            if (status === 'connected') {
+              await prisma.account.update({
+                where: { id: accountId },
+                data: { qrCode: null, status: 'ACTIVE' },
+              }).catch((err) => logger.error({ accountId, err }, 'Failed to update account status'));
+              logger.info({ accountId }, 'Account connected — QR cleared');
+            } else if (status === 'logged_out') {
+              await prisma.account.update({
+                where: { id: accountId },
+                data: { status: 'DISCONNECTED' },
+              }).catch((err) => logger.error({ accountId, err }, 'Failed to update account status'));
+              logger.info({ accountId }, 'Account logged out — awaiting QR scan');
+            }
+          },
+        );
+      } catch (err) {
+        logger.error({ accountId: account.id, err }, 'Failed to start session — skipping account');
+      }
+    }
+
+    logger.info({ accountCount: accounts.length }, 'Tower worker ready');
+
+    const shutdown = async () => {
+      logger.info('Shutting down...');
+      await pool.closeAll();
+      await ingestWorker.close();
+      await forwardWorker.close();
+      await indexWorker.close();
+      await ingestQueue.close();
+      await forwardQueue.close();
+      await indexQueue.close();
+      await prisma.$disconnect();
+      process.exit(0);
+    };
+
+    process.on('SIGTERM', shutdown);
+    process.on('SIGINT', shutdown);
+  }
+
+  bootstrap().catch((err) => {
+    console.error('Worker failed to start', err);
+    process.exit(1);
+  });
+  ```
+
+- [ ] **Step 6: Run all worker tests**
+
+  ```bash
+  cd apps/worker && pnpm test --no-coverage
+  ```
+
+  Expected: PASS — all worker tests pass.
+
+- [ ] **Step 7: Commit**
+
+  ```bash
+  git add apps/worker/src/whatsapp/session-pool.ts apps/worker/src/whatsapp/session-pool.test.ts apps/worker/src/main.ts
+  git commit -m "feat: thread QR/status callbacks through session pool; persist to DB in main"
+  ```
+
+---
+
+## Task 4: API AccountsModule — List Accounts + QR Endpoint
+
+**Files:**
+- Create: `apps/api/src/modules/accounts/accounts.service.ts`
+- Create: `apps/api/src/modules/accounts/accounts.service.spec.ts`
+- Create: `apps/api/src/modules/accounts/accounts.controller.ts`
+- Create: `apps/api/src/modules/accounts/accounts.controller.spec.ts`
+- Create: `apps/api/src/modules/accounts/accounts.module.ts`
+- Modify: `apps/api/src/app.module.ts`
+
+- [ ] **Step 1: Install `qrcode` in the API**
+
+  ```bash
+  pnpm add qrcode --filter @tower/api
+  pnpm add @types/qrcode --filter @tower/api --save-dev
+  ```
+
+  Expected: `qrcode` and `@types/qrcode` added to `apps/api/package.json`.
+
+- [ ] **Step 2: Write the failing service tests**
+
+  Create `apps/api/src/modules/accounts/accounts.service.spec.ts`:
+
+  ```typescript
+  import { Test, TestingModule } from '@nestjs/testing';
+  import { AccountsService } from './accounts.service';
+  import { PrismaService } from '../../prisma/prisma.service';
+  import * as QRCode from 'qrcode';
+
+  jest.mock('qrcode', () => ({
+    toDataURL: jest.fn().mockResolvedValue('data:image/png;base64,fakedata'),
+  }));
+
+  const mockAccounts = [
+    { id: 'acc_1', platform: 'whatsapp', jid: '111@s.whatsapp.net', displayName: 'Test Account', status: 'ACTIVE' },
+  ];
+
+  const mockPrisma = {
+    account: {
+      findMany: jest.fn().mockResolvedValue(mockAccounts),
+      findUnique: jest.fn(),
+    },
+  };
+
+  describe('AccountsService', () => {
+    let service: AccountsService;
+
+    beforeEach(async () => {
+      jest.clearAllMocks();
+      const module: TestingModule = await Test.createTestingModule({
+        providers: [
+          AccountsService,
+          { provide: PrismaService, useValue: mockPrisma },
+        ],
+      }).compile();
+      service = module.get<AccountsService>(AccountsService);
+    });
+
+    describe('list()', () => {
+      it('returns accounts from Prisma without qrCode field', async () => {
+        const result = await service.list();
+        expect(result).toEqual(mockAccounts);
+        expect(mockPrisma.account.findMany).toHaveBeenCalledWith(
+          expect.objectContaining({ select: expect.not.objectContaining({ qrCode: true }) }),
+        );
+      });
+    });
+
+    describe('getQr()', () => {
+      it('returns null qrDataUrl when account has no qrCode', async () => {
+        mockPrisma.account.findUnique.mockResolvedValue({ status: 'ACTIVE', qrCode: null });
+        const result = await service.getQr('acc_1');
+        expect(result).toEqual({ status: 'ACTIVE', qrDataUrl: null });
+        expect(QRCode.toDataURL).not.toHaveBeenCalled();
+      });
+
+      it('converts qrCode string to data URL when qrCode is present', async () => {
+        mockPrisma.account.findUnique.mockResolvedValue({ status: 'DISCONNECTED', qrCode: 'raw-qr-string' });
+        const result = await service.getQr('acc_1');
+        expect(QRCode.toDataURL).toHaveBeenCalledWith('raw-qr-string');
+        expect(result).toEqual({ status: 'DISCONNECTED', qrDataUrl: 'data:image/png;base64,fakedata' });
+      });
+
+      it('returns not_found status when account does not exist', async () => {
+        mockPrisma.account.findUnique.mockResolvedValue(null);
+        const result = await service.getQr('nonexistent');
+        expect(result).toEqual({ status: 'not_found', qrDataUrl: null });
+      });
+    });
+  });
+  ```
+
+- [ ] **Step 3: Run tests to verify they fail**
+
+  ```bash
+  cd apps/api && pnpm test -- --testPathPattern=accounts.service.spec.ts --no-coverage
+  ```
+
+  Expected: FAIL — `accounts.service.ts` does not exist yet.
+
+- [ ] **Step 4: Implement accounts.service.ts**
+
+  Create `apps/api/src/modules/accounts/accounts.service.ts`:
+
+  ```typescript
+  import { Injectable } from '@nestjs/common';
+  import { PrismaService } from '../../prisma/prisma.service';
+  import * as QRCode from 'qrcode';
+
+  export interface AccountSummary {
+    id: string;
+    platform: string;
+    jid: string;
+    displayName: string | null;
+    status: string;
+  }
+
+  export interface AccountQr {
+    status: string;
+    qrDataUrl: string | null;
+  }
+
+  @Injectable()
+  export class AccountsService {
+    constructor(private readonly prisma: PrismaService) {}
+
+    list(): Promise<AccountSummary[]> {
+      return this.prisma.account.findMany({
+        orderBy: { createdAt: 'asc' },
+        select: { id: true, platform: true, jid: true, displayName: true, status: true },
+      });
+    }
+
+    async getQr(id: string): Promise<AccountQr> {
+      const account = await this.prisma.account.findUnique({
+        where: { id },
+        select: { status: true, qrCode: true },
+      });
+      if (!account) return { status: 'not_found', qrDataUrl: null };
+      if (!account.qrCode) return { status: account.status, qrDataUrl: null };
+      const qrDataUrl = await QRCode.toDataURL(account.qrCode);
+      return { status: account.status, qrDataUrl };
+    }
+  }
+  ```
+
+- [ ] **Step 5: Run service tests to verify they pass**
+
+  ```bash
+  cd apps/api && pnpm test -- --testPathPattern=accounts.service.spec.ts --no-coverage
+  ```
+
+  Expected: PASS — 4 tests pass.
+
+- [ ] **Step 6: Write the failing controller tests**
+
+  Create `apps/api/src/modules/accounts/accounts.controller.spec.ts`:
+
+  ```typescript
+  import { Test, TestingModule } from '@nestjs/testing';
+  import { AccountsController } from './accounts.controller';
+  import { AccountsService } from './accounts.service';
+
+  const mockAccounts = [
+    { id: 'acc_1', platform: 'whatsapp', jid: '111@s.whatsapp.net', displayName: 'Test', status: 'ACTIVE' },
+  ];
+  const mockService = {
+    list: jest.fn().mockResolvedValue(mockAccounts),
+    getQr: jest.fn().mockResolvedValue({ status: 'DISCONNECTED', qrDataUrl: 'data:image/png;base64,fake' }),
+  };
+
+  describe('AccountsController', () => {
+    let controller: AccountsController;
+
+    beforeEach(async () => {
+      jest.clearAllMocks();
+      const module: TestingModule = await Test.createTestingModule({
+        controllers: [AccountsController],
+        providers: [{ provide: AccountsService, useValue: mockService }],
+      }).compile();
+      controller = module.get<AccountsController>(AccountsController);
+    });
+
+    it('list() returns accounts from service', async () => {
+      const result = await controller.list();
+      expect(result).toEqual(mockAccounts);
+      expect(mockService.list).toHaveBeenCalled();
+    });
+
+    it('getQr() calls service with the account id', async () => {
+      const result = await controller.getQr('acc_1');
+      expect(mockService.getQr).toHaveBeenCalledWith('acc_1');
+      expect(result.qrDataUrl).toBe('data:image/png;base64,fake');
+    });
+  });
+  ```
+
+- [ ] **Step 7: Run controller tests to verify they fail**
+
+  ```bash
+  cd apps/api && pnpm test -- --testPathPattern=accounts.controller.spec.ts --no-coverage
+  ```
+
+  Expected: FAIL — `accounts.controller.ts` does not exist yet.
+
+- [ ] **Step 8: Implement accounts.controller.ts and accounts.module.ts**
+
+  Create `apps/api/src/modules/accounts/accounts.controller.ts`:
+
+  ```typescript
+  import { Controller, Get, Param } from '@nestjs/common';
+  import { AccountsService } from './accounts.service';
+
+  @Controller('accounts')
+  export class AccountsController {
+    constructor(private readonly service: AccountsService) {}
+
+    @Get()
+    list() {
+      return this.service.list();
+    }
+
+    @Get(':id/qr')
+    getQr(@Param('id') id: string) {
+      return this.service.getQr(id);
+    }
+  }
+  ```
+
+  Create `apps/api/src/modules/accounts/accounts.module.ts`:
+
+  ```typescript
+  import { Module } from '@nestjs/common';
+  import { AccountsController } from './accounts.controller';
+  import { AccountsService } from './accounts.service';
+
+  @Module({
+    controllers: [AccountsController],
+    providers: [AccountsService],
+  })
+  export class AccountsModule {}
+  ```
+
+- [ ] **Step 9: Wire AccountsModule into app.module.ts**
+
+  Open `apps/api/src/app.module.ts`. Add the import and module:
+
+  ```typescript
+  import { Module } from '@nestjs/common';
+  import { ConfigModule } from '@nestjs/config';
+  import { PrismaModule } from './prisma/prisma.module';
+  import { HealthModule } from './modules/health/health.module';
+  import { SearchModule } from './modules/search/search.module';
+  import { GroupsModule } from './modules/groups/groups.module';
+  import { RoutesModule } from './modules/routes/routes.module';
+  import { AccountsModule } from './modules/accounts/accounts.module';
+
+  @Module({
+    imports: [
+      ConfigModule.forRoot({ isGlobal: true }),
+      PrismaModule,
+      HealthModule,
+      SearchModule,
+      GroupsModule,
+      RoutesModule,
+      AccountsModule,
+    ],
+  })
+  export class AppModule {}
+  ```
+
+- [ ] **Step 10: Run all API tests**
+
+  ```bash
+  cd apps/api && pnpm test --no-coverage
+  ```
+
+  Expected: PASS — all tests pass including the new accounts tests.
+
+- [ ] **Step 11: Commit**
+
+  ```bash
+  git add apps/api/src/modules/accounts/ apps/api/src/app.module.ts apps/api/package.json pnpm-lock.yaml
+  git commit -m "feat: add AccountsModule with list and QR endpoints"
+  ```
+
+---
+
+## Task 5: Web Route Handlers — Proxy Accounts Endpoints
+
+**Files:**
+- Create: `apps/web/app/api/accounts/route.ts`
+- Create: `apps/web/app/api/accounts/[id]/qr/route.ts`
+
+- [ ] **Step 1: Create the accounts list proxy**
+
+  Create `apps/web/app/api/accounts/route.ts`:
+
+  ```typescript
+  const API_URL = process.env.API_URL ?? 'http://localhost:3001';
+
+  export async function GET() {
+    const res = await fetch(`${API_URL}/accounts`, { cache: 'no-store' });
+    return Response.json(await res.json(), { status: res.status });
+  }
+  ```
+
+- [ ] **Step 2: Create the QR proxy**
+
+  Create `apps/web/app/api/accounts/[id]/qr/route.ts`:
+
+  ```typescript
+  const API_URL = process.env.API_URL ?? 'http://localhost:3001';
+
+  export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+    const { id } = await params;
+    const res = await fetch(`${API_URL}/accounts/${id}/qr`, { cache: 'no-store' });
+    return Response.json(await res.json(), { status: res.status });
+  }
+  ```
+
+- [ ] **Step 3: Commit**
+
+  ```bash
+  git add apps/web/app/api/accounts/
+  git commit -m "feat: add Next.js proxy routes for accounts list and QR endpoints"
+  ```
+
+---
+
+## Task 6: Web Accounts UI — AccountCard + Page + Nav
+
+**Files:**
+- Create: `apps/web/app/accounts/AccountCard.tsx`
+- Create: `apps/web/app/accounts/AccountCard.test.tsx`
+- Create: `apps/web/app/accounts/page.tsx`
+- Modify: `apps/web/app/layout.tsx`
+
+- [ ] **Step 1: Write the failing AccountCard tests**
+
+  Create `apps/web/app/accounts/AccountCard.test.tsx`:
+
+  ```typescript
+  import { render, screen, waitFor, act } from '@testing-library/react';
+  import { AccountCard } from './AccountCard';
+
+  const activeAccount = {
+    id: 'acc_1',
+    jid: '111@s.whatsapp.net',
+    displayName: 'My Account',
+    status: 'ACTIVE',
+    platform: 'whatsapp',
+  };
+
+  const disconnectedAccount = {
+    id: 'acc_2',
+    jid: '222@s.whatsapp.net',
+    displayName: null,
+    status: 'DISCONNECTED',
+    platform: 'whatsapp',
+  };
+
+  let fetchSpy: jest.SpyInstance;
+
+  beforeEach(() => {
+    fetchSpy = jest.spyOn(global, 'fetch');
+  });
+
+  afterEach(() => {
+    jest.restoreAllMocks();
+  });
+
+  describe('AccountCard', () => {
+    it('shows displayName and Connected badge when ACTIVE', () => {
+      render(<AccountCard account={activeAccount} />);
+      expect(screen.getByText('My Account')).toBeInTheDocument();
+      expect(screen.getByText('Connected')).toBeInTheDocument();
+    });
+
+    it('falls back to jid when displayName is null', () => {
+      render(<AccountCard account={disconnectedAccount} />);
+      expect(screen.getByText('222@s.whatsapp.net')).toBeInTheDocument();
+    });
+
+    it('shows Awaiting scan badge when DISCONNECTED', () => {
+      fetchSpy.mockResolvedValue(
+        new Response(JSON.stringify({ status: 'DISCONNECTED', qrDataUrl: null }), {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        }),
+      );
+      render(<AccountCard account={disconnectedAccount} />);
+      expect(screen.getByText('Awaiting scan')).toBeInTheDocument();
+    });
+
+    it('does not fetch QR when account is ACTIVE', () => {
+      render(<AccountCard account={activeAccount} />);
+      expect(fetchSpy).not.toHaveBeenCalled();
+    });
+
+    it('fetches QR from /api/accounts/:id/qr when DISCONNECTED', async () => {
+      fetchSpy.mockResolvedValue(
+        new Response(JSON.stringify({ status: 'DISCONNECTED', qrDataUrl: null }), {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        }),
+      );
+      render(<AccountCard account={disconnectedAccount} />);
+      await waitFor(() =>
+        expect(fetchSpy).toHaveBeenCalledWith('/api/accounts/acc_2/qr'),
+      );
+    });
+
+    it('shows QR image when qrDataUrl is returned', async () => {
+      fetchSpy.mockResolvedValue(
+        new Response(
+          JSON.stringify({ status: 'DISCONNECTED', qrDataUrl: 'data:image/png;base64,abc123' }),
+          { status: 200, headers: { 'Content-Type': 'application/json' } },
+        ),
+      );
+      render(<AccountCard account={disconnectedAccount} />);
+      await waitFor(() => {
+        expect(screen.getByRole('img', { name: /qr code/i })).toBeInTheDocument();
+      });
+      expect(screen.getByRole('img', { name: /qr code/i })).toHaveAttribute(
+        'src',
+        'data:image/png;base64,abc123',
+      );
+    });
+
+    it('shows waiting message when DISCONNECTED but no QR yet', async () => {
+      fetchSpy.mockResolvedValue(
+        new Response(JSON.stringify({ status: 'DISCONNECTED', qrDataUrl: null }), {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        }),
+      );
+      render(<AccountCard account={disconnectedAccount} />);
+      await waitFor(() => {
+        expect(screen.getByText(/waiting for qr/i)).toBeInTheDocument();
+      });
+    });
+  });
+  ```
+
+- [ ] **Step 2: Run tests to verify they fail**
+
+  ```bash
+  cd apps/web && pnpm test -- --testPathPattern=AccountCard.test.tsx --no-coverage
+  ```
+
+  Expected: FAIL — `AccountCard.tsx` does not exist yet.
+
+- [ ] **Step 3: Implement AccountCard.tsx**
+
+  Create `apps/web/app/accounts/AccountCard.tsx`:
+
+  ```tsx
+  'use client';
+  import { useEffect, useState } from 'react';
+
+  interface Account {
+    id: string;
+    jid: string;
+    displayName: string | null;
+    status: string;
+    platform: string;
+  }
+
+  export function AccountCard({ account }: { account: Account }) {
+    const [qrDataUrl, setQrDataUrl] = useState<string | null>(null);
+    const isDisconnected = account.status === 'DISCONNECTED';
+
+    useEffect(() => {
+      if (!isDisconnected) {
+        setQrDataUrl(null);
+        return;
+      }
+
+      async function fetchQr() {
+        const res = await fetch(`/api/accounts/${account.id}/qr`);
+        if (!res.ok) return;
+        const data = await res.json();
+        setQrDataUrl(data.qrDataUrl ?? null);
+      }
+
+      fetchQr();
+      const interval = setInterval(fetchQr, 5000);
+      return () => clearInterval(interval);
+    }, [account.id, isDisconnected]);
+
+    return (
+      <div className="border rounded-lg p-4 bg-white">
+        <div className="flex items-center justify-between mb-2">
+          <div>
+            <p className="font-medium">{account.displayName ?? account.jid}</p>
+            <p className="text-xs text-gray-500">{account.jid}</p>
+          </div>
+          <span
+            className={`text-xs px-2 py-1 rounded-full font-medium ${
+              account.status === 'ACTIVE'
+                ? 'bg-green-100 text-green-700'
+                : 'bg-yellow-100 text-yellow-700'
+            }`}
+          >
+            {account.status === 'ACTIVE' ? 'Connected' : 'Awaiting scan'}
+          </span>
+        </div>
+
+        {isDisconnected && qrDataUrl && (
+          <div className="mt-3">
+            <p className="text-sm text-gray-600 mb-2">
+              Open WhatsApp → Linked Devices → Link a Device → scan below
+            </p>
+            <img src={qrDataUrl} alt="WhatsApp QR Code" className="w-48 h-48" />
+          </div>
+        )}
+
+        {isDisconnected && !qrDataUrl && (
+          <p className="text-sm text-gray-500 mt-2">Waiting for QR code from worker...</p>
+        )}
+      </div>
+    );
+  }
+  ```
+
+- [ ] **Step 4: Run AccountCard tests to verify they pass**
+
+  ```bash
+  cd apps/web && pnpm test -- --testPathPattern=AccountCard.test.tsx --no-coverage
+  ```
+
+  Expected: PASS — all 7 tests pass.
+
+- [ ] **Step 5: Implement accounts/page.tsx**
+
+  Create `apps/web/app/accounts/page.tsx`:
+
+  ```tsx
+  import { AccountCard } from './AccountCard';
+
+  interface Account {
+    id: string;
+    jid: string;
+    displayName: string | null;
+    status: string;
+    platform: string;
+  }
+
+  export default async function AccountsPage() {
+    const apiUrl = process.env.API_URL ?? 'http://localhost:3001';
+    let accounts: Account[] = [];
+    try {
+      const res = await fetch(`${apiUrl}/accounts`, { cache: 'no-store' });
+      if (res.ok) accounts = await res.json();
+    } catch {}
+
+    return (
+      <div className="max-w-2xl">
+        <h1 className="text-xl font-semibold mb-6">Accounts</h1>
+        {accounts.length === 0 ? (
+          <p className="text-gray-500">No accounts found.</p>
+        ) : (
+          <div className="flex flex-col gap-3">
+            {accounts.map((a) => (
+              <AccountCard key={a.id} account={a} />
+            ))}
+          </div>
+        )}
+      </div>
+    );
+  }
+  ```
+
+- [ ] **Step 6: Add Accounts link to layout.tsx**
+
+  Open `apps/web/app/layout.tsx`. Find the `<nav>` block and add the Accounts link after the Groups & Routes link:
+
+  ```tsx
+  import type { Metadata } from 'next';
+  import Link from 'next/link';
+  import './globals.css';
+
+  export const metadata: Metadata = {
+    title: 'Insignia TOWER',
+    description: 'Community Knowledge Infrastructure Platform',
+  };
+
+  export default function RootLayout({ children }: { children: React.ReactNode }) {
+    return (
+      <html lang="en">
+        <body className="flex min-h-screen bg-gray-50 text-gray-900 antialiased">
+          <nav className="w-52 shrink-0 bg-white border-r border-gray-200 p-4 flex flex-col gap-1">
+            <span className="font-bold text-base mb-4">TOWER</span>
+            <Link href="/search" className="rounded px-3 py-2 text-sm hover:bg-gray-100">
+              Search
+            </Link>
+            <Link href="/groups" className="rounded px-3 py-2 text-sm hover:bg-gray-100">
+              Groups &amp; Routes
+            </Link>
+            <Link href="/accounts" className="rounded px-3 py-2 text-sm hover:bg-gray-100">
+              Accounts
+            </Link>
+          </nav>
+          <main className="flex-1 overflow-auto p-6">{children}</main>
+        </body>
+      </html>
+    );
+  }
+  ```
+
+- [ ] **Step 7: Run all web tests**
+
+  ```bash
+  cd apps/web && pnpm test --no-coverage
+  ```
+
+  Expected: PASS — all web tests pass including AccountCard tests.
+
+- [ ] **Step 8: Run the full test suite**
+
+  ```bash
+  cd /path/to/tower && pnpm test --no-coverage
+  ```
+
+  Expected: PASS — all test suites across worker, API, and web pass.
+
+- [ ] **Step 9: Commit**
+
+  ```bash
+  git add apps/web/app/accounts/ apps/web/app/layout.tsx
+  git commit -m "feat: add Accounts page with QR code display for WhatsApp re-authentication"
+  ```
+
+---
+
+## How It Works End-to-End
+
+1. **Normal operation:** Account has `status: ACTIVE`, `qrCode: null`. Dashboard shows green "Connected" badge.
+
+2. **WhatsApp logout detected:** Worker's `session.ts` receives `DisconnectReason.loggedOut`, calls `onStatus('logged_out')`, deletes session files, recreates the directory, restarts Baileys after 1 second. `main.ts` updates `Account.status = DISCONNECTED` in DB.
+
+3. **New QR generated:** Baileys fires `qr` event with a fresh QR string. Worker calls `onQr(qrString)`. `main.ts` writes `qrString` to `Account.qrCode` in DB.
+
+4. **Admin opens dashboard:** Navigates to `http://localhost:3000/accounts`. Server component fetches `GET /accounts` from API. AccountCard renders with "Awaiting scan" badge.
+
+5. **QR polling:** AccountCard's `useEffect` calls `GET /api/accounts/:id/qr` immediately and every 5 seconds. API's `AccountsService.getQr()` reads `Account.qrCode` from DB, converts to PNG data URL via `qrcode`, returns it. AccountCard shows `<img src="data:image/png;base64,...">`.
+
+6. **Admin scans:** Scans QR with WhatsApp (Linked Devices → Link a Device). Baileys fires `connection: 'open'`. Worker calls `onStatus('connected', jid)`. `main.ts` clears `Account.qrCode = null`, sets `Account.status = ACTIVE`, and updates `Account.jid` with the real WhatsApp JID. Next poll shows `qrDataUrl: null` and the card updates to show "Connected".
+
+---
+
+## Extension: Add Account from Dashboard
+
+Tasks 7–9 add the ability to create new WhatsApp accounts from the dashboard UI and have the worker automatically pick them up without a restart.
+
+---
+
+## Task 7: Worker — JID Update on Connect + Poll for New Accounts
+
+**Files:**
+- Modify: `apps/worker/src/whatsapp/session.ts` — pass `sock.user?.id` (JID) to `onStatus('connected')`
+- Modify: `apps/worker/src/whatsapp/session.test.ts` — update assertion for `onStatus('connected')` to include JID
+- Modify: `apps/worker/src/whatsapp/session-pool.ts` — update `PoolStatusCallback` to accept optional `jid`
+- Modify: `apps/worker/src/whatsapp/session-pool.test.ts` — add status JID threading test
+- Modify: `apps/worker/src/main.ts` — update `onStatus` handler to update JID; extract `startAccount()` helper; add 30s polling; change initial load to include DISCONNECTED accounts
+
+- [ ] **Step 1: Update `OnStatusCallback` in session.ts to carry optional JID**
+
+  Open `apps/worker/src/whatsapp/session.ts`. Change the type and the `connection === 'open'` handler:
+
+  ```typescript
+  // Change this type:
+  export type OnStatusCallback = (status: 'connected' | 'disconnected' | 'logged_out', jid?: string) => Promise<void> | void;
+  ```
+
+  In the `connection.update` handler, change the `connection === 'open'` branch from:
+  ```typescript
+  } else if (connection === 'open') {
+    await onStatus?.('connected');
+  ```
+  to:
+  ```typescript
+  } else if (connection === 'open') {
+    await onStatus?.('connected', sock.user?.id ?? undefined);
+  ```
+
+- [ ] **Step 2: Update session.ts test — `onStatus('connected')` now includes jid**
+
+  Open `apps/worker/src/whatsapp/session.test.ts`. Find:
+  ```typescript
+  it('calls onStatus with "connected" when connection opens', async () => {
+    const onStatus = jest.fn();
+    await createWhatsAppSession('acc_1', '/sessions/1', jest.fn(), jest.fn(), jest.fn(), undefined, undefined, onStatus);
+    await connectionUpdateHandler({ connection: 'open' });
+    expect(onStatus).toHaveBeenCalledWith('connected');
+  });
+  ```
+
+  Change the assertion to:
+  ```typescript
+  expect(onStatus).toHaveBeenCalledWith('connected', undefined);
+  ```
+
+  (`mockSock.user` is not set in the mock so `sock.user?.id` is `undefined`.)
+
+- [ ] **Step 3: Run session tests to verify they pass**
+
+  ```bash
+  cd apps/worker && pnpm test -- --testPathPattern=session.test.ts --no-coverage
+  ```
+
+  Expected: PASS — all 6 session tests pass.
+
+- [ ] **Step 4: Update `PoolStatusCallback` in session-pool.ts**
+
+  Open `apps/worker/src/whatsapp/session-pool.ts`. Change:
+  ```typescript
+  export type PoolStatusCallback = (status: string, accountId: string) => Promise<void> | void;
+  ```
+  to:
+  ```typescript
+  export type PoolStatusCallback = (status: string, accountId: string, jid?: string) => Promise<void> | void;
+  ```
+
+  In the `add()` method, change the `onStatus` wrapper from:
+  ```typescript
+  onStatus ? (status) => onStatus(status, accountId) : undefined,
+  ```
+  to:
+  ```typescript
+  onStatus ? (status, jid?) => onStatus(status, accountId, jid) : undefined,
+  ```
+
+- [ ] **Step 5: Add status JID threading test to session-pool.test.ts**
+
+  Open `apps/worker/src/whatsapp/session-pool.test.ts`. Add this test at the end of the `describe` block:
+
+  ```typescript
+  it('add() injects accountId and jid into onStatus callback', async () => {
+    const onStatus = jest.fn();
+    const { createWhatsAppSession } = require('./session');
+
+    let capturedOnStatus: any;
+    (createWhatsAppSession as jest.Mock).mockImplementationOnce(
+      (_id: string, _path: string, _onMsg: any, _onReaction: any, _onGroups: any, _onReconnect: any, _onQr: any, statusCb: any) => {
+        capturedOnStatus = statusCb;
+        return Promise.resolve({ sendMessage: jest.fn(), logout: jest.fn(), end: jest.fn() });
+      },
+    );
+
+    await pool.add('acc_1', './sessions/1', jest.fn(), jest.fn(), jest.fn(), undefined, onStatus);
+    await capturedOnStatus('connected', '1234@s.whatsapp.net');
+    expect(onStatus).toHaveBeenCalledWith('connected', 'acc_1', '1234@s.whatsapp.net');
+  });
+  ```
+
+- [ ] **Step 6: Run session-pool tests to verify all pass**
+
+  ```bash
+  cd apps/worker && pnpm test -- --testPathPattern=session-pool.test.ts --no-coverage
+  ```
+
+  Expected: PASS — all tests pass including the new status threading test.
+
+- [ ] **Step 7: Rewrite main.ts with startAccount() helper + polling + JID update**
+
+  Replace the full contents of `apps/worker/src/main.ts`:
+
+  ```typescript
+  import { PrismaClient } from '@prisma/client';
+  import { createLogger } from '@tower/logger';
+  import { validateEnv } from '@tower/config';
+  import { createMeiliClient, configureIndex } from '@tower/search';
+  import { createIngestQueue } from './queues/ingest.queue';
+  import { createIngestWorker } from './queues/ingest.processor';
+  import { createForwardQueue } from './queues/forward.queue';
+  import { createForwardWorker } from './queues/forward.processor';
+  import { createIndexQueue } from './queues/index.queue';
+  import { createIndexWorker } from './queues/index.processor';
+  import { WhatsAppSessionPool } from './whatsapp/session-pool';
+  import { detectTags, isFlagged } from './whatsapp/tag-detector';
+  import { syncGroups } from './whatsapp/group-sync';
+  import { handleStarReaction } from './core/approval';
+
+  const logger = createLogger('tower-worker');
+
+  async function bootstrap() {
+    const env = validateEnv();
+    const prisma = new PrismaClient();
+    await prisma.$connect();
+
+    const adminJids = env.TOWER_ADMIN_JIDS
+      ? env.TOWER_ADMIN_JIDS.split(',').map((j) => j.trim()).filter(Boolean)
+      : [];
+
+    const meiliClient = createMeiliClient(env.MEILI_URL, env.MEILI_MASTER_KEY);
+    await configureIndex(meiliClient).catch((err) =>
+      logger.warn({ err }, 'Failed to configure Meilisearch index — search may be degraded'),
+    );
+
+    const ingestQueue = createIngestQueue(env.REDIS_URL);
+    const forwardQueue = createForwardQueue(env.REDIS_URL);
+    const indexQueue = createIndexQueue(env.REDIS_URL);
+    const pool = new WhatsAppSessionPool();
+
+    const ingestWorker = createIngestWorker(env.REDIS_URL, prisma);
+    const forwardWorker = createForwardWorker(env.REDIS_URL, pool);
+    const indexWorker = createIndexWorker(env.REDIS_URL, meiliClient);
+
+    ingestWorker.on('completed', (job) => logger.info({ jobId: job.id }, 'Ingest job completed'));
+    ingestWorker.on('failed', (job, err) => logger.error({ jobId: job?.id, err }, 'Ingest job failed'));
+    forwardWorker.on('completed', (job) => logger.info({ jobId: job.id }, 'Forward job completed'));
+    forwardWorker.on('failed', (job, err) => logger.error({ jobId: job?.id, err }, 'Forward job failed'));
+    indexWorker.on('completed', (job) => logger.info({ jobId: job.id }, 'Index job completed'));
+    indexWorker.on('failed', (job, err) => logger.error({ jobId: job?.id, err }, 'Index job failed'));
+
+    const groupMaps = new Map<string, Map<string, string>>();
+
+    async function startAccount(account: { id: string; sessionPath: string }) {
+      groupMaps.set(account.id, new Map());
+      try {
+        await pool.add(
+          account.id,
+          account.sessionPath,
+          async (msg, accountId) => {
+            const tags = detectTags(msg.content, msg.senderJid, adminJids);
+            if (!isFlagged(tags)) return;
+
+            const groupMap = groupMaps.get(accountId);
+            if (!groupMap) {
+              logger.error({ accountId }, 'No group map for account — message dropped');
+              return;
+            }
+            const sourceGroupId = groupMap.get(msg.sourceGroupJid);
+            if (!sourceGroupId) {
+              logger.warn({ jid: msg.sourceGroupJid, accountId }, 'Unknown group — skipping message');
+              return;
+            }
+
+            await ingestQueue.add(
+              'ingest',
+              {
+                platformMsgId: msg.platformMsgId,
+                platform: 'whatsapp',
+                accountId,
+                sourceGroupId,
+                senderJid: msg.senderJid,
+                senderName: msg.senderName,
+                content: msg.content,
+                tags,
+              },
+              { attempts: 3, backoff: { type: 'exponential', delay: 1000 } },
+            );
+
+            logger.info({ platformMsgId: msg.platformMsgId, tags }, 'Message enqueued');
+          },
+          async (reaction) => {
+            const result = await handleStarReaction(reaction, adminJids, prisma);
+            if (!result) return;
+
+            const { forwardJobs, indexDoc } = result;
+
+            await indexQueue.add('index', indexDoc, {
+              attempts: 3,
+              backoff: { type: 'exponential', delay: 1000 },
+            });
+
+            for (const job of forwardJobs) {
+              await forwardQueue.add('forward', job, {
+                attempts: 3,
+                backoff: { type: 'exponential', delay: 2000 },
+              });
+            }
+
+            logger.info(
+              { messageId: indexDoc.messageId, forwardCount: forwardJobs.length },
+              'Message approved — indexed and forwarded',
+            );
+          },
+          async (groups, accountId) => {
+            logger.info({ count: Object.keys(groups).length, accountId }, 'Syncing groups');
+            const map = await syncGroups(groups, accountId, prisma);
+            groupMaps.set(accountId, map);
+          },
+          async (qr, accountId) => {
+            await prisma.account.update({
+              where: { id: accountId },
+              data: { qrCode: qr },
+            }).catch((err) => logger.error({ accountId, err }, 'Failed to store QR in DB'));
+            logger.info({ accountId }, 'QR code updated');
+          },
+          async (status, accountId, jid?) => {
+            if (status === 'connected') {
+              await prisma.account.update({
+                where: { id: accountId },
+                data: { qrCode: null, status: 'ACTIVE', ...(jid ? { jid } : {}) },
+              }).catch((err) => logger.error({ accountId, err }, 'Failed to update account status'));
+              logger.info({ accountId, jid }, 'Account connected — QR cleared');
+            } else if (status === 'logged_out') {
+              await prisma.account.update({
+                where: { id: accountId },
+                data: { status: 'DISCONNECTED' },
+              }).catch((err) => logger.error({ accountId, err }, 'Failed to update account status'));
+              logger.info({ accountId }, 'Account logged out — awaiting QR scan');
+            }
+          },
+        );
+      } catch (err) {
+        logger.error({ accountId: account.id, err }, 'Failed to start session — skipping account');
+      }
+    }
+
+    // Load ACTIVE and DISCONNECTED accounts at startup (DISCONNECTED ones need re-auth)
+    const accounts = await prisma.account.findMany({
+      where: { status: { in: ['ACTIVE', 'DISCONNECTED'] }, platform: 'whatsapp' },
+      select: { id: true, sessionPath: true },
+    });
+
+    if (accounts.length === 0) {
+      logger.warn('No WhatsApp accounts found — add one via the dashboard');
+    }
+
+    for (const account of accounts) {
+      await startAccount(account);
+    }
+
+    logger.info({ accountCount: accounts.length }, 'Tower worker ready');
+
+    // Poll every 30s for accounts added via the dashboard while worker is running
+    setInterval(async () => {
+      try {
+        const all = await prisma.account.findMany({
+          where: { status: { in: ['ACTIVE', 'DISCONNECTED'] }, platform: 'whatsapp' },
+          select: { id: true, sessionPath: true },
+        });
+        for (const account of all) {
+          if (!pool.get(account.id)) {
+            logger.info({ accountId: account.id }, 'New account detected — starting session');
+            await startAccount(account);
+          }
+        }
+      } catch (err) {
+        logger.error({ err }, 'Error polling for new accounts');
+      }
+    }, 30_000);
+
+    const shutdown = async () => {
+      logger.info('Shutting down...');
+      await pool.closeAll();
+      await ingestWorker.close();
+      await forwardWorker.close();
+      await indexWorker.close();
+      await ingestQueue.close();
+      await forwardQueue.close();
+      await indexQueue.close();
+      await prisma.$disconnect();
+      process.exit(0);
+    };
+
+    process.on('SIGTERM', shutdown);
+    process.on('SIGINT', shutdown);
+  }
+
+  bootstrap().catch((err) => {
+    console.error('Worker failed to start', err);
+    process.exit(1);
+  });
+  ```
+
+- [ ] **Step 8: Run all worker tests**
+
+  ```bash
+  cd apps/worker && pnpm test --no-coverage
+  ```
+
+  Expected: PASS — all worker tests pass.
+
+- [ ] **Step 9: Commit**
+
+  ```bash
+  git add apps/worker/src/whatsapp/session.ts apps/worker/src/whatsapp/session.test.ts apps/worker/src/whatsapp/session-pool.ts apps/worker/src/whatsapp/session-pool.test.ts apps/worker/src/main.ts
+  git commit -m "feat: pass JID on connect; extract startAccount() helper; poll 30s for new accounts"
+  ```
+
+---
+
+## Task 8: API — POST /accounts Endpoint
+
+**Files:**
+- Modify: `apps/api/src/modules/accounts/accounts.service.ts` — add `create()` with ConfigService
+- Modify: `apps/api/src/modules/accounts/accounts.service.spec.ts` — add create() tests
+- Modify: `apps/api/src/modules/accounts/accounts.controller.ts` — add `POST /accounts`
+- Modify: `apps/api/src/modules/accounts/accounts.controller.spec.ts` — add controller test
+- Modify: `apps/api/src/modules/accounts/accounts.module.ts` — add ConfigModule import
+
+- [ ] **Step 1: Write failing tests for create()**
+
+  Open `apps/api/src/modules/accounts/accounts.service.spec.ts`. Add `ConfigService` to the mock providers and a new `describe('create()')` block.
+
+  The full updated file:
+
+  ```typescript
+  import { Test, TestingModule } from '@nestjs/testing';
+  import { ConfigService } from '@nestjs/config';
+  import { AccountsService } from './accounts.service';
+  import { PrismaService } from '../../prisma/prisma.service';
+  import * as QRCode from 'qrcode';
+
+  jest.mock('qrcode', () => ({
+    toDataURL: jest.fn().mockResolvedValue('data:image/png;base64,fakedata'),
+  }));
+
+  const mockAccounts = [
+    { id: 'acc_1', platform: 'whatsapp', jid: '111@s.whatsapp.net', displayName: 'Test Account', status: 'ACTIVE' },
+  ];
+
+  const mockCreatedAccount = {
+    id: 'acc_new',
+    platform: 'whatsapp',
+    jid: 'pending_uuid@placeholder',
+    displayName: 'My Number',
+    status: 'ACTIVE',
+  };
+
+  const mockPrisma = {
+    account: {
+      findMany: jest.fn().mockResolvedValue(mockAccounts),
+      findUnique: jest.fn(),
+      create: jest.fn().mockResolvedValue(mockCreatedAccount),
+    },
+  };
+
+  const mockConfig = {
+    get: jest.fn().mockImplementation((key: string, def: string) =>
+      key === 'WHATSAPP_SESSION_PATH' ? './sessions' : def,
+    ),
+  };
+
+  describe('AccountsService', () => {
+    let service: AccountsService;
+
+    beforeEach(async () => {
+      jest.clearAllMocks();
+      const module: TestingModule = await Test.createTestingModule({
+        providers: [
+          AccountsService,
+          { provide: PrismaService, useValue: mockPrisma },
+          { provide: ConfigService, useValue: mockConfig },
+        ],
+      }).compile();
+      service = module.get<AccountsService>(AccountsService);
+    });
+
+    describe('list()', () => {
+      it('returns accounts from Prisma without qrCode field', async () => {
+        const result = await service.list();
+        expect(result).toEqual(mockAccounts);
+        expect(mockPrisma.account.findMany).toHaveBeenCalledWith(
+          expect.objectContaining({ select: expect.not.objectContaining({ qrCode: true }) }),
+        );
+      });
+    });
+
+    describe('getQr()', () => {
+      it('returns null qrDataUrl when account has no qrCode', async () => {
+        mockPrisma.account.findUnique.mockResolvedValue({ status: 'ACTIVE', qrCode: null });
+        const result = await service.getQr('acc_1');
+        expect(result).toEqual({ status: 'ACTIVE', qrDataUrl: null });
+        expect(QRCode.toDataURL).not.toHaveBeenCalled();
+      });
+
+      it('converts qrCode string to data URL when qrCode is present', async () => {
+        mockPrisma.account.findUnique.mockResolvedValue({ status: 'DISCONNECTED', qrCode: 'raw-qr-string' });
+        const result = await service.getQr('acc_1');
+        expect(QRCode.toDataURL).toHaveBeenCalledWith('raw-qr-string');
+        expect(result).toEqual({ status: 'DISCONNECTED', qrDataUrl: 'data:image/png;base64,fakedata' });
+      });
+
+      it('returns not_found status when account does not exist', async () => {
+        mockPrisma.account.findUnique.mockResolvedValue(null);
+        const result = await service.getQr('nonexistent');
+        expect(result).toEqual({ status: 'not_found', qrDataUrl: null });
+      });
+    });
+
+    describe('create()', () => {
+      it('creates account with platform whatsapp and status ACTIVE', async () => {
+        await service.create('My Number');
+        expect(mockPrisma.account.create).toHaveBeenCalledWith(
+          expect.objectContaining({
+            data: expect.objectContaining({
+              platform: 'whatsapp',
+              status: 'ACTIVE',
+              displayName: 'My Number',
+            }),
+          }),
+        );
+      });
+
+      it('generates a unique sessionPath under WHATSAPP_SESSION_PATH', async () => {
+        await service.create();
+        const call = mockPrisma.account.create.mock.calls[0][0];
+        expect(call.data.sessionPath).toMatch(/^\.\/sessions\/.+/);
+      });
+
+      it('generates a placeholder jid prefixed with pending_', async () => {
+        await service.create();
+        const call = mockPrisma.account.create.mock.calls[0][0];
+        expect(call.data.jid).toMatch(/^pending_/);
+      });
+
+      it('sets displayName to null when not provided', async () => {
+        await service.create();
+        const call = mockPrisma.account.create.mock.calls[0][0];
+        expect(call.data.displayName).toBeNull();
+      });
+
+      it('returns the created account summary', async () => {
+        const result = await service.create('My Number');
+        expect(result).toEqual(mockCreatedAccount);
+      });
+    });
+  });
+  ```
+
+- [ ] **Step 2: Run tests to verify create() tests fail**
+
+  ```bash
+  cd apps/api && pnpm test -- --testPathPattern=accounts.service.spec.ts --no-coverage
+  ```
+
+  Expected: FAIL — `create()` method does not exist yet.
+
+- [ ] **Step 3: Update accounts.service.ts to add create()**
+
+  Replace `apps/api/src/modules/accounts/accounts.service.ts`:
+
+  ```typescript
+  import { Injectable } from '@nestjs/common';
+  import { ConfigService } from '@nestjs/config';
+  import { randomUUID } from 'crypto';
+  import { PrismaService } from '../../prisma/prisma.service';
+  import * as QRCode from 'qrcode';
+
+  export interface AccountSummary {
+    id: string;
+    platform: string;
+    jid: string;
+    displayName: string | null;
+    status: string;
+  }
+
+  export interface AccountQr {
+    status: string;
+    qrDataUrl: string | null;
+  }
+
+  @Injectable()
+  export class AccountsService {
+    constructor(
+      private readonly prisma: PrismaService,
+      private readonly config: ConfigService,
+    ) {}
+
+    list(): Promise<AccountSummary[]> {
+      return this.prisma.account.findMany({
+        orderBy: { createdAt: 'asc' },
+        select: { id: true, platform: true, jid: true, displayName: true, status: true },
+      });
+    }
+
+    async getQr(id: string): Promise<AccountQr> {
+      const account = await this.prisma.account.findUnique({
+        where: { id },
+        select: { status: true, qrCode: true },
+      });
+      if (!account) return { status: 'not_found', qrDataUrl: null };
+      if (!account.qrCode) return { status: account.status, qrDataUrl: null };
+      const qrDataUrl = await QRCode.toDataURL(account.qrCode);
+      return { status: account.status, qrDataUrl };
+    }
+
+    async create(displayName?: string): Promise<AccountSummary> {
+      const sessionBase = this.config.get<string>('WHATSAPP_SESSION_PATH', './sessions');
+      const uid = randomUUID();
+      return this.prisma.account.create({
+        data: {
+          platform: 'whatsapp',
+          jid: `pending_${uid}@placeholder`,
+          sessionPath: `${sessionBase}/${uid}`,
+          displayName: displayName ?? null,
+          status: 'ACTIVE',
+        },
+        select: { id: true, platform: true, jid: true, displayName: true, status: true },
+      });
+    }
+  }
+  ```
+
+- [ ] **Step 4: Run service tests to verify all pass**
+
+  ```bash
+  cd apps/api && pnpm test -- --testPathPattern=accounts.service.spec.ts --no-coverage
+  ```
+
+  Expected: PASS — all 9 tests pass.
+
+- [ ] **Step 5: Add POST handler to accounts.controller.ts and controller test**
+
+  Replace `apps/api/src/modules/accounts/accounts.controller.ts`:
+
+  ```typescript
+  import { Body, Controller, Get, Param, Post } from '@nestjs/common';
+  import { AccountsService } from './accounts.service';
+
+  @Controller('accounts')
+  export class AccountsController {
+    constructor(private readonly service: AccountsService) {}
+
+    @Get()
+    list() {
+      return this.service.list();
+    }
+
+    @Get(':id/qr')
+    getQr(@Param('id') id: string) {
+      return this.service.getQr(id);
+    }
+
+    @Post()
+    create(@Body() body: { displayName?: string }) {
+      return this.service.create(body.displayName);
+    }
+  }
+  ```
+
+  Open `apps/api/src/modules/accounts/accounts.controller.spec.ts`. Add a test for `create()`:
+
+  ```typescript
+  import { Test, TestingModule } from '@nestjs/testing';
+  import { AccountsController } from './accounts.controller';
+  import { AccountsService } from './accounts.service';
+
+  const mockAccounts = [
+    { id: 'acc_1', platform: 'whatsapp', jid: '111@s.whatsapp.net', displayName: 'Test', status: 'ACTIVE' },
+  ];
+  const mockCreated = { id: 'acc_new', platform: 'whatsapp', jid: 'pending_uuid@placeholder', displayName: 'New', status: 'ACTIVE' };
+  const mockService = {
+    list: jest.fn().mockResolvedValue(mockAccounts),
+    getQr: jest.fn().mockResolvedValue({ status: 'DISCONNECTED', qrDataUrl: 'data:image/png;base64,fake' }),
+    create: jest.fn().mockResolvedValue(mockCreated),
+  };
+
+  describe('AccountsController', () => {
+    let controller: AccountsController;
+
+    beforeEach(async () => {
+      jest.clearAllMocks();
+      const module: TestingModule = await Test.createTestingModule({
+        controllers: [AccountsController],
+        providers: [{ provide: AccountsService, useValue: mockService }],
+      }).compile();
+      controller = module.get<AccountsController>(AccountsController);
+    });
+
+    it('list() returns accounts from service', async () => {
+      const result = await controller.list();
+      expect(result).toEqual(mockAccounts);
+      expect(mockService.list).toHaveBeenCalled();
+    });
+
+    it('getQr() calls service with the account id', async () => {
+      const result = await controller.getQr('acc_1');
+      expect(mockService.getQr).toHaveBeenCalledWith('acc_1');
+      expect(result.qrDataUrl).toBe('data:image/png;base64,fake');
+    });
+
+    it('create() calls service with displayName from body', async () => {
+      const result = await controller.create({ displayName: 'New' });
+      expect(mockService.create).toHaveBeenCalledWith('New');
+      expect(result.id).toBe('acc_new');
+    });
+
+    it('create() calls service with undefined when displayName not provided', async () => {
+      await controller.create({});
+      expect(mockService.create).toHaveBeenCalledWith(undefined);
+    });
+  });
+  ```
+
+- [ ] **Step 6: Add ConfigModule to accounts.module.ts**
+
+  Replace `apps/api/src/modules/accounts/accounts.module.ts`:
+
+  ```typescript
+  import { Module } from '@nestjs/common';
+  import { ConfigModule } from '@nestjs/config';
+  import { AccountsController } from './accounts.controller';
+  import { AccountsService } from './accounts.service';
+
+  @Module({
+    imports: [ConfigModule],
+    controllers: [AccountsController],
+    providers: [AccountsService],
+  })
+  export class AccountsModule {}
+  ```
+
+- [ ] **Step 7: Run all API tests**
+
+  ```bash
+  cd apps/api && pnpm test --no-coverage
+  ```
+
+  Expected: PASS — all tests pass.
+
+- [ ] **Step 8: Commit**
+
+  ```bash
+  git add apps/api/src/modules/accounts/
+  git commit -m "feat: add POST /accounts to create new WhatsApp account from dashboard"
+  ```
+
+---
+
+## Task 9: Web — AccountsList Client Component + Add Account Form
+
+**Files:**
+- Modify: `apps/web/app/api/accounts/route.ts` — add POST handler
+- Create: `apps/web/app/accounts/AccountsList.tsx` — client component: state, add form, renders AccountCards
+- Create: `apps/web/app/accounts/AccountsList.test.tsx` — unit tests
+- Modify: `apps/web/app/accounts/page.tsx` — use AccountsList instead of rendering cards directly
+
+> **Note:** `AccountCard.tsx` is already created in Task 6. `AccountsList` uses it.
+
+- [ ] **Step 1: Add POST proxy to the accounts route handler**
+
+  Open `apps/web/app/api/accounts/route.ts` (created in Task 5). Replace its contents with:
+
+  ```typescript
+  const API_URL = process.env.API_URL ?? 'http://localhost:3001';
+
+  export async function GET() {
+    const res = await fetch(`${API_URL}/accounts`, { cache: 'no-store' });
+    return Response.json(await res.json(), { status: res.status });
+  }
+
+  export async function POST(req: Request) {
+    const body = await req.json();
+    const res = await fetch(`${API_URL}/accounts`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    });
+    return Response.json(await res.json(), { status: res.status });
+  }
+  ```
+
+- [ ] **Step 2: Write failing tests for AccountsList**
+
+  Create `apps/web/app/accounts/AccountsList.test.tsx`:
+
+  ```tsx
+  import { render, screen, fireEvent, waitFor } from '@testing-library/react';
+  import { AccountsList } from './AccountsList';
+
+  const activeAccount = {
+    id: 'acc_1',
+    jid: '111@s.whatsapp.net',
+    displayName: 'My Account',
+    status: 'ACTIVE',
+    platform: 'whatsapp',
+  };
+
+  const newAccount = {
+    id: 'acc_new',
+    jid: 'pending_uuid@placeholder',
+    displayName: 'New',
+    status: 'ACTIVE',
+    platform: 'whatsapp',
+  };
+
+  let fetchSpy: jest.SpyInstance;
+
+  beforeEach(() => {
+    fetchSpy = jest.spyOn(global, 'fetch');
+  });
+
+  afterEach(() => {
+    jest.restoreAllMocks();
+  });
+
+  describe('AccountsList', () => {
+    it('renders initial accounts', () => {
+      render(<AccountsList initialAccounts={[activeAccount]} />);
+      expect(screen.getByText('My Account')).toBeInTheDocument();
+    });
+
+    it('shows empty state message when no accounts', () => {
+      render(<AccountsList initialAccounts={[]} />);
+      expect(screen.getByText(/no accounts yet/i)).toBeInTheDocument();
+    });
+
+    it('renders Add Account button', () => {
+      render(<AccountsList initialAccounts={[]} />);
+      expect(screen.getByRole('button', { name: /add account/i })).toBeInTheDocument();
+    });
+
+    it('calls POST /api/accounts with displayName when Add Account clicked', async () => {
+      fetchSpy.mockResolvedValueOnce(
+        new Response(JSON.stringify(newAccount), {
+          status: 201,
+          headers: { 'Content-Type': 'application/json' },
+        }),
+      );
+      render(<AccountsList initialAccounts={[]} />);
+      fireEvent.change(screen.getByPlaceholderText(/account name/i), { target: { value: 'New' } });
+      fireEvent.click(screen.getByRole('button', { name: /add account/i }));
+      await waitFor(() =>
+        expect(fetchSpy).toHaveBeenCalledWith(
+          '/api/accounts',
+          expect.objectContaining({ method: 'POST' }),
+        ),
+      );
+    });
+
+    it('appends new account card to list after successful creation', async () => {
+      fetchSpy.mockResolvedValueOnce(
+        new Response(JSON.stringify(newAccount), {
+          status: 201,
+          headers: { 'Content-Type': 'application/json' },
+        }),
+      );
+      render(<AccountsList initialAccounts={[activeAccount]} />);
+      fireEvent.change(screen.getByPlaceholderText(/account name/i), { target: { value: 'New' } });
+      fireEvent.click(screen.getByRole('button', { name: /add account/i }));
+      await waitFor(() => expect(screen.getByText('New')).toBeInTheDocument());
+      expect(screen.getByText('My Account')).toBeInTheDocument();
+    });
+
+    it('clears the input after successful add', async () => {
+      fetchSpy.mockResolvedValueOnce(
+        new Response(JSON.stringify(newAccount), {
+          status: 201,
+          headers: { 'Content-Type': 'application/json' },
+        }),
+      );
+      render(<AccountsList initialAccounts={[]} />);
+      const input = screen.getByPlaceholderText(/account name/i);
+      fireEvent.change(input, { target: { value: 'New' } });
+      fireEvent.click(screen.getByRole('button', { name: /add account/i }));
+      await waitFor(() => expect(input).toHaveValue(''));
+    });
+  });
+  ```
+
+- [ ] **Step 3: Run tests to verify they fail**
+
+  ```bash
+  cd apps/web && pnpm test -- --testPathPattern=AccountsList.test.tsx --no-coverage
+  ```
+
+  Expected: FAIL — `AccountsList.tsx` does not exist yet.
+
+- [ ] **Step 4: Implement AccountsList.tsx**
+
+  Create `apps/web/app/accounts/AccountsList.tsx`:
+
+  ```tsx
+  'use client';
+  import { useState } from 'react';
+  import { AccountCard } from './AccountCard';
+
+  interface Account {
+    id: string;
+    jid: string;
+    displayName: string | null;
+    status: string;
+    platform: string;
+  }
+
+  export function AccountsList({ initialAccounts }: { initialAccounts: Account[] }) {
+    const [accounts, setAccounts] = useState<Account[]>(initialAccounts);
+    const [displayName, setDisplayName] = useState('');
+    const [busy, setBusy] = useState(false);
+
+    async function handleAdd() {
+      setBusy(true);
+      try {
+        const res = await fetch('/api/accounts', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ displayName: displayName.trim() || undefined }),
+        });
+        if (!res.ok) return;
+        const account: Account = await res.json();
+        setAccounts((prev) => [...prev, account]);
+        setDisplayName('');
+      } finally {
+        setBusy(false);
+      }
+    }
+
+    return (
+      <div className="flex flex-col gap-4">
+        <div className="border rounded-lg p-4 bg-white flex gap-2 items-center">
+          <input
+            type="text"
+            placeholder="Account name (optional)"
+            value={displayName}
+            onChange={(e) => setDisplayName(e.target.value)}
+            onKeyDown={(e) => e.key === 'Enter' && !busy && handleAdd()}
+            className="flex-1 border rounded px-3 py-2 text-sm"
+          />
+          <button
+            onClick={handleAdd}
+            disabled={busy}
+            className="bg-blue-600 text-white text-sm px-4 py-2 rounded hover:bg-blue-700 disabled:opacity-50"
+          >
+            {busy ? 'Adding...' : 'Add Account'}
+          </button>
+        </div>
+
+        {accounts.length === 0 ? (
+          <p className="text-gray-500 text-sm">No accounts yet. Add one above to get started.</p>
+        ) : (
+          accounts.map((a) => <AccountCard key={a.id} account={a} />)
+        )}
+      </div>
+    );
+  }
+  ```
+
+- [ ] **Step 5: Run AccountsList tests to verify they pass**
+
+  ```bash
+  cd apps/web && pnpm test -- --testPathPattern=AccountsList.test.tsx --no-coverage
+  ```
+
+  Expected: PASS — all 6 tests pass.
+
+- [ ] **Step 6: Update accounts/page.tsx to use AccountsList**
+
+  Replace `apps/web/app/accounts/page.tsx`:
+
+  ```tsx
+  import { AccountsList } from './AccountsList';
+
+  interface Account {
+    id: string;
+    jid: string;
+    displayName: string | null;
+    status: string;
+    platform: string;
+  }
+
+  export default async function AccountsPage() {
+    const apiUrl = process.env.API_URL ?? 'http://localhost:3001';
+    let accounts: Account[] = [];
+    try {
+      const res = await fetch(`${apiUrl}/accounts`, { cache: 'no-store' });
+      if (res.ok) accounts = await res.json();
+    } catch {}
+
+    return (
+      <div className="max-w-2xl">
+        <h1 className="text-xl font-semibold mb-6">Accounts</h1>
+        <AccountsList initialAccounts={accounts} />
+      </div>
+    );
+  }
+  ```
+
+- [ ] **Step 7: Run all web tests**
+
+  ```bash
+  cd apps/web && pnpm test --no-coverage
+  ```
+
+  Expected: PASS — all web tests pass.
+
+- [ ] **Step 8: Run the full test suite**
+
+  ```bash
+  pnpm test --no-coverage
+  ```
+
+  Expected: PASS — all test suites across worker, API, and web pass.
+
+- [ ] **Step 9: Commit**
+
+  ```bash
+  git add apps/web/app/api/accounts/route.ts apps/web/app/accounts/
+  git commit -m "feat: add AccountsList with add-account form; POST /api/accounts proxy"
+  ```
+
+---
+
+## Full End-to-End Flow (with extension)
+
+**Adding a new account:**
+1. Admin opens `http://localhost:3000/accounts`, types a name (optional), clicks "Add Account"
+2. `POST /api/accounts` → `POST /accounts` → DB record created with placeholder JID and a fresh session path, `status: ACTIVE`
+3. Worker's 30s polling detects the new account (not yet in pool), calls `startAccount()`
+4. Baileys starts with empty session dir → fires `qr` event → QR written to DB
+5. Within 30s the account card appears and shows the QR (polls every 5s)
+6. Admin scans → Baileys fires `connection: 'open'` → real JID written to DB, `qrCode` cleared, `status: ACTIVE`
+7. Card shows green "Connected" badge
diff --git a/docs/superpowers/plans/2026-06-02-phase1-tenants-auth-audit.md b/docs/superpowers/plans/2026-06-02-phase1-tenants-auth-audit.md
new file mode 100644
index 0000000..7fa24cf
--- /dev/null
+++ b/docs/superpowers/plans/2026-06-02-phase1-tenants-auth-audit.md
@@ -0,0 +1,203 @@
+# Phase 1 — Tenants, JWT Auth, Audit Log
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** Introduce multi-tenancy and JWT-based admin authentication across the entire TOWER stack. Every existing model, endpoint, and queue payload is retrofitted to be tenant-scoped. An `AuditEvent` log captures every privileged action. The web app gains a `/login` page and a bearer-token cookie session.
+
+**Architecture:** All Prisma models gain a non-nullable `tenantId` foreign key. The API mounts a global `JwtAuthGuard` that decodes the bearer token, populates `request.tenantContext`, and rejects unauthenticated requests (with `@Public()` opt-out for `/health`). The web app stores the JWT in an HTTP-only `tower_token` cookie and forwards it on the server side via an `apiFetch` helper. New `Auth` and `Audit` modules live under `apps/api/src/modules/`.
+
+**Tech Stack:** NestJS 11, Passport JWT, bcryptjs (pure JS, no native binding), Prisma 6, Next.js 16, React 19, Jest 29, TypeScript 5.7.
+
+---
+
+## File Map
+
+**Created**
+
+```
+apps/api/prisma/seed.ts                                                        # default tenant + OWNER admin
+apps/api/prisma/migrations/20260602070712_phase1_tenants_auth_audit/migration.sql  # hand-edited for backfill
+apps/api/src/common/tenant-context.ts
+apps/api/src/modules/auth/password.util.ts                                    # bcryptjs hash/verify
+apps/api/src/modules/auth/password.util.spec.ts
+apps/api/src/modules/auth/public.decorator.ts                                # @Public()
+apps/api/src/modules/auth/current-admin.decorator.ts                          # @CurrentAdmin()
+apps/api/src/modules/auth/current-tenant.decorator.ts                        # @CurrentTenantContext()
+apps/api/src/modules/auth/roles.decorator.ts                                  # @Roles(...)
+apps/api/src/modules/auth/jwt.strategy.ts
+apps/api/src/modules/auth/jwt-auth.guard.ts
+apps/api/src/modules/auth/roles.guard.ts
+apps/api/src/modules/auth/auth.service.ts
+apps/api/src/modules/auth/auth.service.spec.ts
+apps/api/src/modules/auth/auth.controller.ts
+apps/api/src/modules/auth/auth.module.ts
+apps/api/src/modules/auth/dto/login.dto.ts
+apps/api/src/modules/audit/audit.types.ts                                     # AuditAction constants
+apps/api/src/modules/audit/audit.service.ts
+apps/api/src/modules/audit/audit.service.spec.ts
+apps/api/src/modules/audit/audit.module.ts                                    # @Global()
+packages/types/src/auth.ts                                                    # AdminRole, JwtPayload, LoginRequest/Response
+apps/web/app/_lib/api.ts                                                      # server-side apiFetch with bearer
+apps/web/app/_lib/auth-context.tsx                                            # client AuthProvider
+apps/web/app/_lib/auth-context.test.tsx
+apps/web/app/_lib/sidebar.tsx                                                 # auth-aware nav + Sign out
+apps/web/app/login/page.tsx
+apps/web/app/login/page.test.tsx
+apps/web/app/api/auth/login/route.ts
+apps/web/app/api/auth/logout/route.ts
+apps/web/app/api/auth/me/route.ts
+```
+
+**Modified**
+
+```
+apps/api/prisma/schema.prisma                                                 # Tenant, Admin, AuditEvent, tenantId on 6 models
+apps/api/package.json                                                         # bcryptjs, passport-jwt, @nestjs/jwt/passport, db:seed
+apps/api/src/main.ts                                                          # global ValidationPipe + global JwtAuthGuard
+apps/api/src/app.module.ts                                                    # imports AuthModule, AuditModule
+apps/api/src/modules/health/health.controller.ts                              # @Public()
+apps/api/src/modules/groups/{controller,service,*.spec}.ts                     # tenant filter
+apps/api/src/modules/routes/{controller,service,*.spec}.ts                     # tenant filter + audit
+apps/api/src/modules/accounts/{controller,service,*.spec,module}.ts            # tenant filter + audit + @Roles on create
+apps/api/src/modules/search/{controller,service,*.spec}.ts                    # tenant filter
+apps/api/src/prisma/prisma.service.spec.ts                                    # backfill tenant on test data
+packages/types/src/message.ts                                                 # tenantId on IngestJobData/ForwardJobData/IndexJobData
+packages/types/src/index.ts                                                   # re-export ./auth
+packages/config/src/index.ts                                                  # BCRYPT_ROUNDS, JWT_EXPIRES_IN
+packages/search/src/index.ts                                                  # MeiliDocument.tenantId; configureIndex adds filterable
+packages/search/src/index.test.ts                                             # tenantId in fixture + filterable assertion
+apps/worker/src/main.ts                                                       # tenantId on startAccount + ingest job
+apps/worker/src/queues/ingest.processor.ts + .test.ts                         # writes tenantId to Message
+apps/worker/src/queues/index.processor.ts + .test.ts                          # writes tenantId to MeiliDocument
+apps/worker/src/queues/forward.processor.test.ts                              # tenantId in baseJob
+apps/worker/src/core/approval.ts                                              # propagates tenantId to Approval/forwardJobs/indexDoc
+apps/worker/src/whatsapp/group-sync.ts                                        # resolves tenantId from Account
+apps/web/app/api/accounts/route.ts                                            # uses apiFetch
+apps/web/app/api/accounts/[id]/qr/route.ts                                    # uses apiFetch
+apps/web/app/api/routes/route.ts                                              # uses apiFetch
+apps/web/app/api/routes/[id]/route.ts                                         # uses apiFetch
+apps/web/app/layout.tsx                                                       # AuthProvider + Sidebar
+.env.example                                                                  # BCRYPT_ROUNDS, JWT_EXPIRES_IN, SEED_ADMIN_*
+```
+
+---
+
+## Tasks
+
+### Task 1: Add Tenant model + tenantId on every existing model
+
+- [x] Add `Tenant { id, slug (unique), name, createdAt, updatedAt }` to schema
+- [x] Add non-nullable `tenantId` FK on Group, Message, Approval, SyncRoute, ConsentRecord, Account
+- [x] Hand-edit the auto-generated migration to: create Tenant, INSERT default tenant, ADD COLUMN nullable, UPDATE backfill, SET NOT NULL, add FK
+- [x] Apply migration; verify existing rows have `tenantId = '<default tenant id>'`
+
+### Task 2: Add Admin model + password util
+
+- [x] `Admin { id, tenantId, email (unique per tenant), name, role: AdminRole, passwordHash, createdAt, updatedAt }` + `AdminRole { OWNER, ADMIN, VIEWER }` enum
+- [x] `password.util.ts` exporting `hashPassword(plain, rounds)` and `verifyPassword(plain, hash)` using `bcryptjs`
+- [x] `password.util.spec.ts` (mocks bcryptjs)
+
+### Task 3: Add AuditEvent model + AuditService
+
+- [x] `AuditEvent { id, tenantId, actorType: ActorType, actorId?, action, resourceType, resourceId, payload (Json), traceId?, createdAt }` + `ActorType { ADMIN, SYSTEM, WORKER }`
+- [x] `audit.types.ts` exporting `AuditAction` constants (`AUTH_LOGIN`, `AUTH_LOGOUT`, `ROUTE_CREATED`, `ROUTE_DELETED`, `ACCOUNT_CREATED`, etc.)
+- [x] `AuditService` with `.log({ action, resourceType, resourceId, actorType?, actorId?, payload?, traceId?, tenantId? })`
+  - Throws if no `tenantId` can be resolved (from input override or injected `TenantContext`)
+- [x] `AuditModule` registered as `@Global()`
+
+### Task 4: TenantContext type
+
+- [x] `apps/api/src/common/tenant-context.ts` exporting `interface TenantContext { tenantId: string; adminId: string; role: AdminRole }`
+
+### Task 5: Auth guards, strategy, decorators
+
+- [x] `JwtStrategy` (passport-jwt) — `validate()` returns `{ sub, email, tenantId, role }`
+- [x] `JwtAuthGuard` extends `AuthGuard('jwt')` — checks `@Public()` via Reflector; `handleRequest` populates `request.tenantContext`
+- [x] `RolesGuard` reads `@Roles(...)` metadata; throws `ForbiddenException` on mismatch
+- [x] `@Public()`, `@CurrentAdmin()`, `@CurrentTenantContext()`, `@Roles(... @Input)` decorators
+
+### Task 6: AuthModule + endpoints
+
+- [x] `AuthService.login(email, password)` — finds Admin, verifies hash, signs JWT, returns `{ token, admin }`, writes `AUTH_LOGIN` audit
+- [x] `AuthService.me(adminId)` — returns admin profile (with tenant)
+- [x] `AuthService.logout(adminId)` — writes `AUTH_LOGOUT` audit
+- [x] `AuthController`: `POST /auth/login` (public), `POST /auth/logout` (auth), `GET /auth/me` (auth)
+- [x] `LoginDto` with `class-validator` (`@IsEmail`, `@IsString`, `@MinLength`)
+- [x] `auth.service.spec.ts`
+
+### Task 7: Wire global guards in main.ts
+
+- [x] `app.useGlobalPipes(new ValidationPipe({ whitelist: true, transform: true }))`
+- [x] `app.useGlobalInterceptors(new ClassSerializerInterceptor(app.get(Reflector)))`
+- [x] `app.useGlobalGuards(new JwtAuthGuard(app.get(Reflector)))`
+- [x] Mark `HealthController` with `@Public()`
+
+### Task 8: Retrofit existing controllers/services
+
+- [x] Groups: read `@CurrentTenantContext()`, filter by `tenantId`
+- [x] Routes: read `@CurrentTenantContext()`, filter by `tenantId`, write `ROUTE_CREATED` / `ROUTE_DELETED` audit
+- [x] Accounts: read `@CurrentTenantContext()`, filter by `tenantId`, write `ACCOUNT_CREATED` audit, gate `POST` with `@Roles('OWNER', 'ADMIN')`
+- [x] Search: ALWAYS filter Meilisearch query by `tenantId` (non-negotiable)
+- [x] Updated spec files for all four
+
+### Task 9: Seed script
+
+- [x] `apps/api/prisma/seed.ts` upserts `'default'` tenant and an OWNER admin from `SEED_ADMIN_EMAIL` / `SEED_ADMIN_PASSWORD` env vars
+- [x] `db:seed` script in `apps/api/package.json`
+- [x] `SEED_ADMIN_EMAIL` / `SEED_ADMIN_PASSWORD` in `.env.example`
+
+### Task 10: MeiliDocument tenantId
+
+- [x] `MeiliDocument.tenantId: string`
+- [x] `configureIndex` adds `tenantId` to `filterableAttributes`
+- [x] `index.test.ts` asserts `tenantId` in filterable list
+
+### Task 11: Tenant propagation through the worker
+
+- [x] `IngestJobData.tenantId`, `ForwardJobData.tenantId`, `IndexJobData.tenantId`
+- [x] `index.processor.ts` writes `tenantId` to `MeiliDocument`
+- [x] `ingest.processor.ts` writes `tenantId` to `Message`
+- [x] `group-sync.ts` resolves `tenantId` from the `Account` record before upserting groups
+- [x] `approval.ts` propagates `tenantId` to `Approval`, `forwardJobs`, and `indexDoc`
+- [x] `worker/main.ts` includes `tenantId` in `startAccount` and in the ingest job data
+
+### Task 12: Web login page + AuthProvider
+
+- [x] `apps/web/app/_lib/auth-context.tsx` — `AuthProvider` + `useAuth()` exposing `{ admin, loading, error, refresh, logout }`
+- [x] `apps/web/app/login/page.tsx` — form posting to `/api/auth/login`, redirects to `?next=…` on success
+  - Split into `LoginForm` wrapped in `<Suspense>` (required by `useSearchParams` in static gen)
+- [x] `auth-context.test.tsx` (3 tests) + `login/page.test.tsx` (3 tests)
+
+### Task 13: Web auth API routes + apiFetch
+
+- [x] `apps/web/app/_lib/api.ts` — `apiFetch(path, init)` reads `tower_token` cookie, sets `Authorization: Bearer …`, forwards to `API_URL`
+- [x] `apps/web/app/api/auth/login/route.ts` — POST credentials to API, on success sets HTTP-only `tower_token` cookie
+- [x] `apps/web/app/api/auth/logout/route.ts` — POST clears cookie
+- [x] `apps/web/app/api/auth/me/route.ts` — GET forwards to API
+- [x] Retrofit existing route handlers (`/api/accounts`, `/api/accounts/[id]/qr`, `/api/routes`, `/api/routes/[id]`) to use `apiFetch`
+
+### Task 14: Config + env
+
+- [x] `BCRYPT_ROUNDS` (default 10), `JWT_EXPIRES_IN` (default `7d`) in `@tower/config`
+- [x] `SEED_ADMIN_EMAIL`, `SEED_ADMIN_PASSWORD` in `.env.example`
+
+### Task 15: Verification
+
+- [x] `pnpm turbo build` — green across all 15 packages
+- [x] `pnpm turbo test` — 13 API suites (58 tests) + 10 worker suites (68 tests) + 7 web suites (34 tests) all green
+- [x] Seed ran: `admin@tower.local` / `OWNER` on `default` tenant
+- [x] Migration backfilled 99 groups, 3 messages, 1 approval, 1 sync route, 1 account to `default` tenant
+- [x] Sidebar shows admin name, tenant, role, and Sign out button; redirects to `/login?next=…` when unauthenticated
+- [x] This plan doc written to `docs/superpowers/plans/2026-06-02-phase1-tenants-auth-audit.md`
+
+---
+
+## Notes / Gotchas
+
+- **bcrypt 5.x native binding** fails to load in the pnpm environment. Switched to **`bcryptjs`** (pure JS, identical API).
+- **Prisma migration backfill**: Prisma's default migration can't add a non-nullable FK to a table that already has rows. Hand-edited the generated `migration.sql` to: create Tenant → INSERT default → ADD COLUMN nullable → UPDATE backfill → SET NOT NULL → add FK.
+- **JWT_EXPIRES_IN typing**: `string` is not assignable to `@nestjs/jwt`'s strict `StringValue` template literal type. Cast at the call site: `process.env['JWT_EXPIRES_IN'] as \`${number}d\` | ...`.
+- **passport-jwt user cast**: TypeScript needs `user as unknown as JwtPayload` in `JwtAuthGuard.handleRequest` because the generic `TUser` doesn't structurally overlap with `JwtPayload`.
+- **bcryptjs mock**: `jest.mock('bcryptjs')` alone doesn't expose `jest.fn()`s. Use a factory: `jest.mock('bcryptjs', () => ({ __esModule: true, hash: jest.fn(), compare: jest.fn() }))`.
+- **`useSearchParams` static gen**: requires a `<Suspense>` boundary around the component that uses it. Split `LoginPage` into `LoginPage` (shell) and `LoginForm` (inner, wrapped in Suspense).
+- **Worker is uncommitted-modification territory**: `selfJid` handling in `normalizer.ts` was changed recently. The retrofit was careful not to touch that file or behavior.
diff --git a/docs/superpowers/plans/2026-06-04-phase2b-bot-shared-hidden.md b/docs/superpowers/plans/2026-06-04-phase2b-bot-shared-hidden.md
new file mode 100644
index 0000000..b08c13b
--- /dev/null
+++ b/docs/superpowers/plans/2026-06-04-phase2b-bot-shared-hidden.md
@@ -0,0 +1,268 @@
+# Phase 2B — Bot-Number Model (shared, hidden, multi-tenant-ready)
+
+**Date**: 2026-06-04
+**Status**: In progress
+**Supersedes**: Self-scan account model (current `Account` rows + `POST /accounts`)
+
+## Goals
+
+1. Migrate TOWER from self-scan (admin pairs personal WhatsApp) to a dedicated **bot-number** model.
+2. Bot is **shared** across all tenants. Schema is multi-bot-ready but ships with one bot.
+3. Bot's phone number is **hidden** from public web surfaces. Admins see it in `/settings/bot` behind a reveal toggle.
+4. **Hard-delete** all data from self-scan era. Preserve `Tenant`, `Admin`, pre-migration `AuditEvent`.
+5. Add **member onboarding** so group members become first-class TOWER users with `/my` portal + opt-out.
+
+## Locked decisions
+
+| Decision | Choice |
+|---|---|
+| Which tenants get claim notifications | All OWNERs of all tenants |
+| Unclaimed group TTL (7 days) | Mark `EXPIRED`, bot stops listening |
+| Welcome message timing | Generic intro on join, full onboarding link after claim |
+| Migration of tenants/admins | Preserve `Tenant` + `Admin`; truncate data |
+
+## 1. Schema changes
+
+```prisma
+model Account {
+  id          String        @id @default(cuid())
+  platform    String
+  jid         String
+  sessionPath String
+  displayName String?
+  status      AccountStatus @default(ACTIVE)
+  qrCode      String?
+  isBot       Boolean       @default(true)
+  pairingToken String?       @unique
+  pairingExpiresAt DateTime?
+  tenants     TenantBot[]
+  groups      Group[]
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+
+  @@unique([platform, jid])
+  @@index([isBot])
+}
+
+model TenantBot {
+  id        String   @id @default(cuid())
+  tenantId  String
+  tenant    Tenant   @relation(fields: [tenantId], references: [id])
+  accountId String
+  account   Account  @relation(fields: [accountId], references: [id])
+  isActive  Boolean  @default(true)
+  createdAt DateTime @default(now())
+
+  @@unique([tenantId, accountId])
+  @@index([accountId])
+}
+
+model Group {
+  id                String   @id @default(cuid())
+  tenantId          String?
+  tenant            Tenant?  @relation(fields: [tenantId], references: [id])
+  platform          String
+  platformId        String
+  name              String
+  description       String?
+  isActive          Boolean  @default(true)
+  accountId         String?
+  account           Account? @relation(fields: [accountId], references: [id])
+  claimStatus       GroupClaimStatus @default(PENDING_CLAIM)
+  claimedAt         DateTime?
+  claimedByAdminId  String?
+  claimExpiresAt    DateTime?
+  createdAt         DateTime @default(now())
+  updatedAt         DateTime @updatedAt
+
+  messages       Message[]
+  syncRoutesFrom SyncRoute[]     @relation("sourceGroup")
+  syncRoutesTo   SyncRoute[]     @relation("targetGroup")
+  consents       ConsentRecord[]
+
+  @@unique([platform, platformId])
+  @@index([accountId])
+  @@index([tenantId])
+  @@index([claimStatus])
+}
+
+enum GroupClaimStatus {
+  PENDING_CLAIM
+  CLAIMED
+  RELEASED
+  EXPIRED
+}
+
+enum ConsentScope { INGEST ARCHIVE REPLICATE DISPLAY }
+enum ConsentStatus { GRANTED REVOKED }
+enum MemberOptOutReason { STOP_KEYWORD SELF_PORTAL ADMIN_ACTION }
+
+model TowerUser {
+  id          String   @id @default(cuid())
+  tenantId    String
+  tenant      Tenant   @relation(fields: [tenantId], references: [id])
+  phoneHash   String
+  jid         String
+  displayName String?
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+  consents    ConsentRecord[]
+  optOuts     MemberOptOut[]
+  sessions    TowerSession[]
+  messages    Message[] @relation("senderTowerUser")
+
+  @@unique([tenantId, phoneHash])
+  @@index([phoneHash])
+  @@index([tenantId])
+}
+
+model TowerSession {
+  id          String   @id @default(cuid())
+  userId      String
+  user        TowerUser @relation(fields: [userId], references: [id])
+  tokenHash   String   @unique
+  expiresAt   DateTime
+  createdAt   DateTime @default(now())
+
+  @@index([userId])
+}
+
+model ConsentRecord {
+  id            String        @id @default(cuid())
+  tenantId      String
+  tenant        Tenant        @relation(fields: [tenantId], references: [id])
+  groupId       String
+  group         Group         @relation(fields: [groupId], references: [id])
+  userId        String
+  user          TowerUser     @relation(fields: [userId], references: [id])
+  scopes        ConsentScope[]
+  retentionDays Int           @default(90)
+  policyVersion String
+  status        ConsentStatus @default(GRANTED)
+  proofEventId  String
+  effectiveAt   DateTime      @default(now())
+  revokedAt     DateTime?
+  createdAt     DateTime      @default(now())
+
+  @@index([tenantId, groupId, userId])
+  @@index([status])
+}
+
+model MemberOptOut {
+  id        String            @id @default(cuid())
+  tenantId  String
+  userId    String
+  user      TowerUser         @relation(fields: [userId], references: [id])
+  groupId   String?
+  reason    MemberOptOutReason
+  notes     String?
+  createdAt DateTime          @default(now())
+
+  @@index([tenantId, userId])
+  @@index([groupId])
+}
+```
+
+`Message` gets `senderTowerUserId String?` + `senderTowerUser TowerUser? @relation(...)`.
+
+`Tenant` back-relations: `tenantBots TenantBot[]`, `towerUsers TowerUser[]`, `consentRecords ConsentRecord[]` (already), `memberOptOuts MemberOptOut[]`.
+
+## 2. Migration
+
+`apps/api/prisma/migrations/<ts>_phase2b_bot_claim/migration.sql`:
+
+```sql
+-- Hard delete data; preserve Tenant, Admin, AuditEvent
+TRUNCATE TABLE
+  "Approval", "SyncRoute", "Message", "ConsentRecord",
+  "MemberOptOut", "TowerSession", "TowerUser",
+  "Group", "Account", "TenantBot"
+RESTART IDENTITY CASCADE;
+
+-- DDL handled by Prisma migrate diff
+```
+
+Pre-migration: `scripts/backup-before-phase2b.sh` (pg_dump data tables only).
+
+## 3. API surface
+
+### Removed
+- `POST /accounts`
+- `GET /accounts/:id/qr`
+- `TOWER_ADMIN_JIDS` env var
+
+### Bot management (OWNER)
+| Method | Path | Purpose |
+|---|---|---|
+| POST | `/admin/bot/initiate` | Create bot row + return pairingToken |
+| GET  | `/admin/bot/qr/:token` | Poll QR |
+| POST | `/admin/bot/confirm` | Mark paired, create TenantBot for caller's tenant |
+| GET  | `/admin/bot` | Current bot summary |
+| POST | `/admin/bot/reveal` | Returns jid (audit-logged) |
+| DELETE | `/admin/bot/:id` | Logout + delete session |
+
+### Group claim (OWNER)
+| Method | Path | Purpose |
+|---|---|---|
+| GET  | `/admin/groups/pending` | List PENDING_CLAIM groups |
+| POST | `/admin/groups/:id/claim` | First-claim-wins |
+| POST | `/admin/groups/:id/release` | Back to PENDING_CLAIM |
+| GET  | `/admin/groups` | `?status=pending|claimed|expired` |
+
+### Public auth (no JWT)
+| Method | Path | Purpose |
+|---|---|---|
+| POST | `/public/auth/request-otp` | Send OTP via bot DM |
+| POST | `/public/auth/verify-otp` | Issue member JWT |
+| GET  | `/public/onboard/:token` | Group + tenant name only |
+
+### Member portal (member JWT)
+| Method | Path | Purpose |
+|---|---|---|
+| GET    | `/my/profile` | Self view |
+| GET    | `/my/groups` | Groups the user is in |
+| GET    | `/my/groups/:id` | Group metadata + scopes |
+| POST   | `/my/opt-out` | Body `{ groupId?, scopes? }` |
+| POST   | `/my/opt-in` | Re-grant |
+| DELETE | `/my/account` | Hard delete self |
+
+## 4. Worker changes
+
+- `main.ts`: read `isBot=true` accounts at startup; resolve `tenantId` from `Group.tenantId` per message.
+- `group-sync.ts`: on `group-participants.update` with bot JID → upsert with `claimStatus=PENDING_CLAIM`, `claimExpiresAt=now+7d`, `tenantId=null`. Post generic intro. Emit audit.
+- `claim-expiry.processor.ts` (NEW): hourly BullMQ repeatable job, mark expired.
+- `otp-sender.ts` (NEW): DM OTP via pool.
+- `command-handler.ts` (NEW): `STOP` / `START` / `PORTAL` keyword handler.
+- `ingest.ts`: filter non-CLAIMED, opt-out aware, set `senderTowerUserId`.
+
+## 5. Web UI
+
+- `/settings/bot`: pairing UI, status, reveal number toggle, copy, remove.
+- `/groups`: tabs `My Tenant | Pending Claim | All Claimed`. Claim/release buttons.
+- `/onboard` (public): OTP flow, consent scope picker.
+- `/my/*` (member): dashboard, group detail with opt-out, settings, delete account.
+
+## 6. Risks / explicit deviations from PDF
+
+- Baileys vs WhatsApp Business Platform (PDF line 62-68): user chose Baileys.
+- Opt-in vs opt-out default: tenant-scoped `consentMode` toggle, default `OPT_OUT`. ADR.
+- ABAC PDP not implemented (RBAC + scopes).
+- OpenLineage / OpenTelemetry not in Phase 2B.
+
+## 7. Execution order
+
+1. Backup script
+2. Schema + migration + truncate
+3. Bot service + /admin/bot/* API
+4. Worker: read isBot=true accounts
+5. Pair the new SIM (manual)
+6. group-sync PENDING_CLAIM + intro
+7. /admin/groups/pending + claim/release API + UI tabs
+8. Claim-expiry worker
+9. Member models + TowerUser/ConsentRecord/OptOut
+10. OTP + /public/auth/* + /onboard
+11. /my/* portal + opt-out
+12. Command handler
+13. Ingest filter
+14. Reveal-number audit
+15. Test + lint + typecheck
diff --git a/docs/superpowers/plans/Insignia_TOWER_Architecture.pdf b/docs/superpowers/plans/Insignia_TOWER_Architecture.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..9d16edf0e8493981ddfcf95f5b8196baf8eaa2be
GIT binary patch
literal 173050
zcmdqJWl)?;w>FH+;O_3u;1b;3-QC>@?t$R$9^Bn6cyJE{2rj`b5ac7-$+P!!&R3`E
zea@e^-kPeJS@*qqb@%G7n)|x0)kC2uD$W38WCKtTZ*5P_0ayXd00(1hz?(M!CRHy-
zGXRr_k*krdg9U&|-pJ0(<>w84egKoAk%gJ8k+GTWuPaRQZgwsJo!7QM+o=GUL|@-s
z0l=TGdcXV?++1y~>|finygDiW)!yaR;ivKHWM*&rvsbo%^e*CTX5{MN44{5~0g(W4
zczs!b*n*hRypGGt)z<9Sbtw>g5El@u*E{yF??xa7AgUk=AQ~WIAj+@bg+QD^Oh7DO
z@3?}Py?%2AaeKY;8sYB_+5geuU(@|Lv7f_pHnaaZfnS4_Gc&a^5_a(XHA7|qHwQC-
zosIc*W=tXu_O7pvE&z_dJeAE{9Ne5uUgydA*99SadxzKC+<#dT&JJ#le{!ViY-I1^
z__HGuuh&RFvu5UQWn!i*A^dZMe-H9!>_2NFZe{Cg<_usGw>5G#6E!n&Fnt}ZteL%q
zt0jQzS0}ISTwGssX9w`iI?<7d#cx5eH$sAXNC;09IgPAT+u?|E0JJSnk4K{F%pL`5
z2BEw+f*TrnmjwdqJh?IAFp@h46d*OID;YgX&pBC1*CG!864=PMQLiP2d0auu@xxap
z+xq^>$^UC*|Jh*2t#1^Z*r-H_t$p1yLG<^fj>VzP!m$>nV=RKo8J{}arS9_=ht<>*
zB;?EPr=7W7gY{>rrj4g$3QZA8%l&&EYOKPr+L*=$sl(ghvs={r=BHcr9}v00JNMIr
zq)h(l@l@p87#FEMg)4<ApU-rjZ-3lYaF#!r>qnI!-Og{VSdPpiX$^$Yiee(uE1e^1
z(A3fs*0`aMxOOiTjk?p;uYnfspsIQZzMmBY5hL(oThww;#sbuW?9jI{TF#6lTAWa~
z@9+{Jh=3*zM5Agg(IlRQ@aH!iFx;EABWs#E5_Ywzn{-cS;ur-t!@&xJe2CYKaMwb!
zgQd&zS!f}K1Jcgerp0_-dVpXUf?B$Q5}1Ojy-h~At?%<}%k*nY92M{?zk)DvENA8S
zZjIc>s8Nw_XPq7=uL4sz;e`!LVy0+kr-fV<!@^c6;>FV`q<LTz2W0>WiskuKWNR5v
ze-zLddIYQ3i|(E4aGQpE^4&ZQ4o<Wosq_sGl_90FMVmk=f*Co>K__yaT8eVXo2Wr!
zBh=9bskHj?%K-YFX{cIx!9!c)g2j~XY=Z~Z+uoy|`eCD6>@`D2h*Sa+f6pc)LJ@%P
zz!R{|l(eHAb5l7;zwZSYQ{38NOwnGiN$A8>p}%Wu{Jp;i*z#uFYraC&WL-{xci@YK
zKy&We%N3G8_&zW++qWa9M{)7FQbBIA+p5Rff#ZWyv^~GIu}dNB#Hf`Gvqo<Xc+bq^
zhc<-kn~BF^7?@P5iKz<(_9cZ?(Y6x@g}&7LqoRAWE0X7@qekDk96sx_?1fQ+L+lT3
z5GO1z&<**=6LYuU-kv&`vrKV1fCZYUiP0y<L`MzcSMIX62c=+Ke#8BSIPP2+aLa7F
z2~w=8@vR+T-5LR?Nb>1^|Cy@+XjJF+%|A!aajqVbWP}cK359jh$NMDMhKTdU?%Cx8
z{PD#>b3b=tX`;vQlRtbz+XT;Qs1_x}<)}OyUs(DwShii4M;>J>^EXi_rxXTe!|_Ox
z@BK_tNJ9fvVC}8>ZzO9eu7e#rYoM+94g+~qW|zSStnh4aa|HU)6f$@Rq0cyK48Q}X
zd>1-xbGCo@KKeygptWud>}g$zU12YOA<VvOld6K36!6OCNaBrTs8XqxX^&nHNQ<75
zw;&5eX+<ZFzh%5Ss9$I7<D<8BAqOcdc(0kxM%>UC_?@;S({@@?Q_pYio@-u~l@>G8
z7|W4txC7MXjg@|{sDfceE=TTw?9{~*1^iv>J!+T<S$D|Shn}mu=NhKv9R<U=jeJm#
z%T}+%lOJ6EyrVXoUiQyHE8e?<!#D_UbgnFig4@9LG=s4sV5iQxtq9E!^uIocT_sjt
zt61J(S9SNc{P=!L!CzB<TX{dA#!Gk_{P<%z1Df9Uaa!^MS}`ztk8s`_rmm$yj!@)@
zN^2!?52@7~(6Zel05Vy{Kh^9N3i@apLr#?plsr+=2$9N;*;E=T4)KAyK_Mr>bvn_h
z6OJ73lM>C3ek3PI@;#;h@yG_pqNoCt(-G~)kC1cK)g{?MTAl|1n|Ti1j#0Ky4G-SY
zBPJbQ$=N+ZBMiow#^CKf<&Df%()TKHHimt1e(Ie;T0xFL(45&u+5{^YF1G&Mrg}r|
z<0a><x>FGy7}OR~!I-WN9r?~;R*8js{h$=4JMvqFAY8ySLO#uyJBinTR3Pg?QxqY5
zK=IU5=AzfYuE!RO2-UXnC(gp!+3bOdQ4}ghNydbMH(Y`6M~t+XhDsYGl)~1HFg_om
zr@`lJL%Sih=ZzN32d2dg@K_tw3uY02IPuPxYJ@G1BeOP@#Zn9M8V@S*hGt<>RRQTu
zi6C{QnW1*-fmF)7r;&PZVgX~0PSP+=s?OW@c3Tri^VOu=+TZ3su!=4+m$+dLK2m!-
z*T3IcZtE8OQuc9;G@@<(60<)kt8k|aFDjCZLM*o;0Zjg)Qti2yp#XM<L+fNwQ~>Xt
zGIFxbWz@*$(9}>{Q_mDE#T>X35ypc^eq|{HXoH27+%FlC&@Q|;5D9{B;u95X`-PDA
zRgW60cZ{Q9---J)fM9#3$|5H=?T{W(3JGB*JB{I)Bm`9=bUs0xQKOsM!K1`&5`(IV
zml~QO+RS7g>K3P#*Ba*Y)PA<d?mDnFNw|%Gc3Hi7&B7A${xEn2iq9owIt<Jr&j)N9
zGeKlS3V){`Bq)KF$qRbgl7hxj^Kl+(C8h1K6IE?2c5nA7-GN%EAGRleTfHB>d6bFM
zt~#vx)Jq&^n3>6}Qlg6IF=`rUGv;UnVnCX9k!hPHKn8w5MW$lE4B<97Qze_!UX7i{
zU>%M?!FgSk1xZt=R)nlYh^Xm*g2EsXP=Jw4A+>Oa-1;<`zh(S_c|y9zBY-EGkOAj!
z8oHwe;$Q^*=n8D*j~!I#)}c%FR-c`ro8YFf8vij>n-Tz3j0MKFZUTiyP6f^iYV`SV
zZmZn257XGO$tXQ&c6Cqo1O;}I6UKs41B&|-F)Kz;)ac+Nh_ntmzgKENE}&$juQosi
z7PmORd0eOV#xL-+ZWR~xZS@RcKO+SxgvC>e=lMh9{f!W4ADsnL4gIpNEDOHs_11;q
z`VUI8)GVE`90b^ge)l{J8XlUGAK~D|%yADR9|G_4M{?1yeR@9B`Y|}yl=f#B#sK-N
zXW~GhaqEXxODPZnnVHMkaknIGtVBf?Nlsi$aO)>=Fl)s{Mkc6VZwN~VedjD7`MIQ<
zg7`kd5Z_3xB&iuJOA)I%=v5TGSF_6aw))#{H&u7X2*X!QJ}82qP>m!i_3;qJyG9oV
zfk3`2ts(&cwV@q5rG{PRc=E%cvAF(**~pR(hmY89{d>+l>V|1<JytU!lz#cG%v3fx
zS;d=yM`lgT0Jwq^WTEEpQ1mP7aWUzwf%eW>=eD4r5EGYkQ?gtfwbC>+fn-k&p+;!A
zb0um56e)I*QUYIof>7<uIGGQ`wSH(?HhzL+xI?CIuAuYZ>?fl8s78TB2`<J9YE+M}
zV&ow}uU?gj@Q3w<wku6jFhTp_Lezs$N!w0)lPG;6tybOvS5glr6qy(|ue8RpR0`L~
zOnz6EZ8y0<82D8;%5liqEMA0xMFkjA^qpSs(*s@)?SzuIBL9K*%r4B0kM`oewD7g!
z3||g?n$P7l2~Vjf>{n2+d>5%<yH!b#?@1G&q2QSEs<d%!jWEEbYSW0)gF%sxS!DL{
zdiBmUZ#l$2!Dd=m(=3xP99AYK2hWRhu#<d{&&(DMIY}jyap%buKa_#SK-(2rF(w3P
z;*6p?@OdQoR&u~T4-}DN!$N>Oe+927D9+CV%N3$~ZyN1Z;fv5Gxd<`P0imy$z^)i}
zH8Lg%Rz9!TCrmPO9icF#kyFM4$3tsUF)>y--_1dFlm`MdLz>j9{^k_NXHE-UV5#B2
zHh&)AO_E<OU3fs;iwm{$6b=EcTsqPVmWoNhMjtcUppyg5xr8^j#!t*e+|fMNHV%h~
zCUf+?&L|T}ew<MGiqB*K(}>rx5uH!5yOLP^t572W>8PluW*4%ASJy7uD%+b)_3Yb<
z#9401;k<_>+-Xwoy+{wTd8>5-u^1^$$d3-l$tEsgFupN)ki3k2E{!R}$IF?%)$?$c
zYFkT5*r4H%lOyzHj|pHKfTN2~e6m>QluIRPlMusVX!saj78|)#V^30+><OWw@yVCw
zLf@V`^9(_&DHxXAImY*lKuNiif*5v6;o6htR1|^H!Pu|}50!)IdXuU}oj#s&W|ttx
zdkCKvoWim|^j2<O`l?y?@$Q@O`FDz%Nd3O26TPELRelLt17V~%Ag<U@z--Yt-<qL4
z@{t^?a=&GKE|>6YM0rqQ$IA~<kkMvjbrkqu@igD|#xvW1FpX!+r>1Q@e9i*=vpNIv
zJ&Lm)JeoB=Nd`)XA%Eq5@&b2Imk7UkZOHI}a|l$Ecc{dgL2cCP3}tg}Y}i}v^tz3P
zEw+K=kb$L%3O#+NtqC1|C>H*uW+#rWPGyX-<kJe(mi-Pj>N%;veU2R>ix+24ou)UU
zA;<RzvO5IZk&G1D6Dnr{A5HVP5@Q>$6^QScKc{%?D+=T8qggn5?d!LH37=qcmqaMh
zN8g<HD(uOQ?#q1v)n?>O_=)p=gOlHg?<Z#YiEUU}fLwo2;7_ph^P0{p!ust7Wc~*R
z5)lFb8JPi0CPu$L{{~9HpLp#LQhN1bX5?UJ=H_B%`{nz$^^X=m;po4$VEOIK@(%z8
z{3j~@EAF3&|MdDd^!l@RAR9L`kedVe+xcJSKl=YC0R0*HFV}xY{gaKK$of~`+<!&=
z9rTa&cTAT5k}GD$U!!2=`qSd)m|m^FTl~bTf07{nifDf!)Sq8C0KnhC_NT=O0RBd`
zKP@i6>x%t`@2_~-^%a)d|6vC-6^yOTOn$|A?S)Cq(^W#n^%b!G3M^#nXlcX@__d_3
zOu#P_2>7*je@qqt@HbEJ>n<zc*9!c(%LV}cO!Xg=9RU29#XlxD0Qehi{}q`T@GBv|
zXa*)lX9p7%GuPLx#q>&iyiy5fo~{5UDZ5wDFZ}yc<oBo4U(Cht4aoA(t@XcR3Rr&6
z>~E@o<>&VLIsCu40+!#i`OnCLU*Z3?nEwM?!17lPU)Sevx<GF{hJ4tqst<%k5pFht
z=yK>h43mp3`Td>9`H*nKzL0d**H72y#i2?;qA=|BG<ee%IOhtUyGR!X-`6tJogCCH
zJZ@FhmOd4%Y`QKUetIAAcH2pQEuxfYv6<E8;oi$1CAjZw;`j#1Mi*O0<sIcYK}W6=
z+LLz|B1MVu_lqhYM{Z9Etks)I=!d%>Hx)NT@gqpb3eRRg&Nf~uv|gSCs6#iarWh&P
zCn;05;xsMv;1^nNa{YQV5;ki5?`9rw{1By?cB>n&zYhp|(-vC-o-ZxdZcXi${59uF
z461sbqP1S!xv>oR*I2QpsKlCm;|Y8$o%11_YdK0HDl%voXdNOrbT*2c8YaUg(WN~;
z+D2n&#R_&h34&l~l(Lb8?bxK^)q<i2N9(yCeK1AaolMbG*^i{69^i6SX(DkSx=I{T
zI0ai*SGm!fOfrpub%?Toe*4wVFDSb0izPB_@B0)~r+AmGATfj%sms;4Xxij<JGSsn
zn<c@_vVkx412tEmoxc0QT|UfJr`<KDi&y@()~{@n1y8QDu!@xGwqDhO8{z%sLb~h+
z->N=cI@zto^?CeuR92&*cE+S8kLIFkbVxgp0)Zn#Dc?e9X)Wj-uzGz^vovN3KdwGD
z#@PW!EZT@d)krDNHpsoG6R<9%6>)PmmOZb+Uc;cOY^fxAS~xdSTRFHysT2v*!YGa)
z<AB?G9FY^%r&`?`tjEC5{`;{5k3f##IucQPm`9POFPc$1iyRN89Y>`$brb_d^0ifl
zgapDN{sGakw58FNN#x1R3KG?6QtyclJX}4&KeN~K)xOW)7!U(eN67hTWyR*OJdR^|
zUJm9i=4QRD61||k+mE4()9LyCh0*IGKMF;h<`|2Q)9YgOCcHvm<Hu=V*PZ&y+cT_+
zmo_YoyR)akt~;2>ikE@#-0eI6uiL>lQ390$z9eB8MVU2HOT6LbSxUtgb3_K6hQ&6%
z9JkKvC5jRy6yevAU@ZXAg^FgfN<R8&Lj5R$&yYh%PC7%i81=<;gyW?+Sa>sWOdSX&
zk_SP3{_aC|m{o`&61KMtohd}f_Kv&iJ(|9EUjaEfUE01)-fiB^?Y%c9y4h7Zl{wXf
zpkAT=L}0#P*D`B2_)8YOxfdlC6)umyoryWmSvB1|9S2=ZPD_L5DR+Uon@8{m_eZRc
z&#pI+{AhkL7C9FN6cYw6v>WGqNb$iEz1_Vk8@}P=sYoN9sxd?YnlI*0Tcd8t->m71
zLj*9cDN^6xm}A(E`L)eOt2@cLy6JBFh(n_<9()l#*qm7cOaG>vI%6P)1-KEZYd^Sv
zic<&{>d_YBusH_fSw=+Y4Acp*q}s$(5<FHGToB_9%tvvevbq?GAbh9nhWX_7l{4tO
zy6Y$i9ARInksk0M!;mtwewSZ2uMP&Uud)L2&9L|6IE;5@g2<AH*E>)?y2_KjPb%TE
zQrr-$lJ6kbB8?#Mqp7Ueip<Pd3-N-amZFOf7-lwEyrS1EF7&S}w`-+M4zr0iB8hUR
z*jw-vXTF+EWH@Sk%7Z@WPF}&|7_}SEFm#|5br774$r&Jsw|0<UMLS|*bGgMV>Svb1
z&r>b`N;32IlCE7&6+)Fd7|8QhvG@Q2^h<e8g*qm4oPbqha3)*^R+xgsH8S`U4~Yc%
znq(D3rc&s|vo#t*HAz4_a^I)L&wk|gBXLvFLG?9H%eG1%5&P}+rZE-k5=<LO@Mz=*
zJ_5EY7+1_n4C*Qse&l~ePVlpM!qa*27C+4|faA-Q-m#*O>)13dfDpH&Q$z%Pr(?Wv
zA{E-j-4YC2mdoJ1<=~`kE38|(Jv7jf1xYA42s(=WT*-AGn{sgb4KDk{Se|^x-M|wf
zfq=H13Z@FZ>YeJYe$6}Xx9XY*YqZGh^`7NqtGBg5>uV^b*K9qB2x@D5A5r*L5fD7W
z%q);^-l6eBk@+F+J)p|ozQ6zGYu;iI(8l<%KbAzVO=YTFo2v3AD7BNJ6f)&=F*|+r
zS4tf^ly{_?>VY3wCHv7n6E1CLzAeA2Yj_NLx{iaclN5C{f3wS@NT3diCUwo~d3c`}
zC}|RR#t6md0xEU|(anpeI^t`Ic@X=ff~fA(y?KEsv1t+}xACMNXm(~q;(|h4Q^Uei
zun&*OVov?{qvH9weB>vCGTQawn-;;IUcLSAFBrRSrBM=}tj-TIKXChwp<bxeqvKuE
z>8j{6Ew|1yKWB!n(@kzK`4DA(#~&<M9ldQySc&K>)1CYVnVE9E7mJm7oa`{1moQB$
zn<cf&kyLyW8n#hD@y@W2vaS!}{P<lhOiXJ)ZYk=%4I~pan%Y(n&7!*)U524mLWtNT
zwKTqd8fqChg*1pVQch(AYWV3op0cc55)64kk&$*140RA_5v2H(A1U3Cv856z#o~J{
z*+S6?OTl7aT-OS)tI2GKh3p0%7n1%Z{bIH(ghgzTBF%~)Q1UGF>8l2oj1ax{R8d#b
zE~DBcNg%|u#bla^JRIoIq<Tq<eP3oST-#B36>(7r7;t0Tk-p6;8CI4N;JFl&%Fo9{
zV<^7^u#OQ#W!U4_4Sw)IpNEL(7f%mj19G7x;uOE%QKuoKNnWG6wPflrE#M>HSB`FV
z8St}j)qkr@PURvf`;iJDNqM2|3;0m<;f+t+^Yx(9?S^c?y5)i>meL0PQKpb@gSZ;k
zIoZ;86rMRRP&nl0)*_Cn7bAiD$cy3K@fzMB`hLd<{djXJu`ZrmWl7z9u`WPqk@edL
z;(KYe-YmuLXIs?B{DA3w!yRN%XiJS+5@wAI{BFn-YY`6q+eB%(&VKY}$49Mq8lX+`
z$@@quHQk~|hVnE90!1)639?=74;TS1-%p>UHcy{OT<_w*U1BxoZwa5@hb~r0R^seR
z(+HT$c~AEB^24;^ffdywUuHq#>^@PX9-&xoyI}60<;wOckJW_v+(fFaUQ$#nGHF%E
z_?JjQJY3^kdIdx@9`xJDHBaswsrM%Wxwf6EwzUxwdodAeRK6m+^jfAj9h?KTbvt0|
zu2Blz3MhyXuD?-eBU2O%Z2MxjOqbEkd<9z1qB1ZQfGY}$N1+mcy*sc>!z2LXU=OIA
zUz;*v52G7QgJ>QCQvlZ~G)gkZnJ6ie3%2JJ_uBu|vj0g7^c`M=HV}g<cBa%WJt_G3
zaF6pH80C`7h7`6VL<zTj+p2+(ex`(8MNG!97i^nljj3#pv9#DY?&8NNnVhvK>(8R^
zg3kqy^lh-hj}o59EBBZyr=2;9_3#s<@u!dvh5LBtmUe~O17e`&T}z6hf->GKYQnji
z>9`!aGTVNtP-avnchg}Nf4fBS;~NPv7Tw2ev|Gpieq-S+=1xzg9kS$_^I3!V*dUr>
zY9u0ZA{E#-FD`HwG7^uT8dYC@?E4OGd>W6b<6;)kp~&b&Ka{v6xri$$$_<d-YbrrX
z@LRcRk4cp3fuZFMi<nHiT;JCmG0`Q!?z$c^yE%17&yzvMIWTVoxt^KMFs!&S7-*cf
zK_dF_tlSfM)p*2I-+W9UCiH2)^0u2$IGHDIg=x%(XKm15;N5y5NQLDzTyf?DMP6f4
z60Jt=@KhLY?q=jxO6;oj!m!AiGYr(ac#@m=y>IPhMJ)8wJ=neX$Cp@dS6k9~!yISX
z8{-1_DaX5k)u^V)5GDhsYJQ8ign7JtVG1h!qd}?sYPdm(DYQY+%7YdIbX84jAgmxg
zwemK}f~=z*u559tqijp7y>awzTZxufwcpm{8|ldReNPg!m0)2AGetWfP^)H{tJEND
zX~9N$GRT)^XlcS0X_bv9@&?(YkKaS7CX@=bl)pJ!yI23hUBNfEylEVPyiREYm7ke6
z>&Cyjc~pJiut`3g(DBr?-{duab5!b;wUiTeJBFeiTIP|+7c{Cop=$|eC~aM3?u5Zc
zrhsLWq9~ICvFwxo=$_{$cZZxRN~J>;$O;%Mh=GR9y0=DcKc{b(i2EP}ftwu36vx*X
zEvatPTzRycQ6*`uX7RcSR$ezjKHtAKLA};A>bY4-6P2_E!Wj<62~C<l_bMU3<l9C4
zp7o$xi0nY8F|)zeBlVZoTo5^ItAx51RR8PqH|3f$q)8mOcr9rD=!&qDx7SAF7Sa3B
z(Nrq=FCT*f+%w|YzK5Ab(UWv?35E=<sa-#vx~EL<;VW;_6i^DU%G**1n{l@33-a>&
zq``<K?qqM4APDhqTCQt2&O9}@ow=yzqx*lWVf>g)70D`3J5ft=k!2EXfuH{ay=O|J
z2kMf-`Tj0zsU~hUys)2F$~FG_VgZj<N^X|$vr*s$bOm#AS_@f-MaV99O$@)yTUMgW
z_5+E5>wZvWG!uf+caEjAoyNx0=ml4eq$ATta8Hq(>phD#Xt*;c5QBrQ)gt=Dn}mrX
zkK_*~M<L<nZJii4C0JEUY_iwgU&VENkHO(5M9dyc)nK|~;lhb}I^%E0=mQ))b;#^s
z*Cxi4IO5^oR@#Z3*@f$o<A)j^&QG5l;1qMCN^X+q)bGu49DMYc^W&E~p8Z^!N$#F#
zosWi;B21RtutU%)nQkt%aa<XleMWcAB+%|BC8v}6LFS|rHfG76(D1w%^4%4U$|J?M
zqE5@x&?3yG(sI?oNkrSVR7Uywf>R%Gx(<9+PaOQp@got$^i&@L!`;EsFBnpVVky~0
zSQDK|i_XLv#dKk}B!j}AB`w6i+(U(ZaCt-BD`58#6t!46=?qzfNqU|xfdg5RSBeSO
zo2F`43of}D8`nI~3x{{~eY?xz^c=zRVyt&>3;~9=hV+wReyqeOw@DGwS}9%%y=Q#Q
zW>w%WI?A=;8>ab9`EYe18e8ypc;G4zVRlQU)7VIsAP$CMY$6uI1;pC37Z5@;ZjDR8
zVTkr`Qr*Eh!~H+zU7U&cQ~Je8%#Lnd$}MSxKuu6M5L_t5Bj9ES!2;v*_r-#Wc;Tfj
z0GFWx(diDo;>q=aI%Y9YF&s7yScW5gglO&K9SLWh9>QmGROH9eoTr7OS753-%GYdD
z_u3|i1WXeqN-#s)V0;4E-*>!%K4r|F#S@_Ld@1`b*;TWKL3%ibYGn+i9NcU&_qlp{
zK{PG&`3#?FMmpJDU~Ui36N6$$sx|3HvIa$ODYhU6i>YTJvniGa&79|fvA?<4ajte4
zUi}QDO=(h3*J*vaI~8TD%jd;x&fB}8{-d<C2MW_cGy*yN69wQE2?fF`Ej?Do`RG%5
z<5#V|+c=kbv5;rv`mPeHiBF~lp^F~_qWYRqAr}FUHCXJgkB2mSX0IBN_gA25dOjDP
z(v9&UJ}&AK4sINhwdJxpvxRU(=T~z&Bpb)v6)8WL5!cesgo%miwmCJQon!mL7f1GF
z;K2En_l;h8_$dB%mMVC?-K<P0nGg9fYK-&mZ0k$Fc_K0t6yoB1PpCgDT(4g~!D$Fv
z=(<@^_C2Md(I?8=bc*>Od<ki_bS+{`IU=?rQ~n0d4u{Yd<vylo3x+d_{yg&ylG_p8
z<>CR7m|8J%ttIvmQj<QtwRwx_JWT9NUM3nZ5L6s4gZm<|-%?WYeO}~{rDGnh<jO<u
zK3<HgXk<a_d)j7FR%2qX_7$aB#p!idSF51S$+EK$6$`DS*$)Q6`2iYtwCY8D@t8A>
z80;_D7~4u{evvprS+g<V`;;E$-n`k}#5*I#pZ4vNjrwCMS%)^O8U;FM$O2XrcPeMd
zLfHyPHMdzMx#ws@$}OkXM0d@VMcdSDNoqQ68~L!0jVs!(KGnTxsAXU7rT!qmt^K`%
z;?6NbomDd$V6fo86*4Hyd){6)ce&i-b>~^>mLrd~jR74!qU|}4(Ci?qE;ymRdq2=x
z>Cw6KtlnB#=*B>!DKKpA(el{s0kR;HSjoSbh^*xbi~TKn%0)IsUEoe;#mnZK$U6VS
zz30L7Geyw?H{+tKHAfWT8_~rEZ%p}K4utS-rs5p?Mk}uU11=Cw629u`SyKK3{dmG~
zYvYH+lidqc-<^gNynRqr>#rh~=!Z@ekVkV}q<p>3@8>CT4`<@y2!${XXEwR4)Je6q
z{I#FC>J}plEOv*4kEPno@x9#H^2v!u*6H1WATIk8Ek_et5ACgAk+opnSRQHdK{i|Q
zrLsJ{t1P)8_b%s3xI&D{pP)M8*AD0U)`g3mPzWQJho-_N)L*-8XEea+M=o)}8B~-n
zu7XaT=tStoQ)?Q}-7yZ_h-S=Lqc)Gj(r;cOoOi3E`Qo*Ut*@2l>Xr|+6bfq-3R)ih
zC8?2CaiU{vJ6v&5^DwCvjdiid_YV8m5mh_u^>NWS@eE-D#%6$xHMs<7y8<@bwY#`Y
z<3Si#@#Kw!hQP9xi6@BOgd<`W+i+y8g2oKF$b{!GzTU#d`)U7JFyNvClHnG$Qowh9
z2AP{yBjl3EWlL96jswL*of+3&EWYgGxiqSeVT+js@P7R^AnJ{^d4g{;QERZQ8Y!_Q
zWQ;^|rg8I<fH|qyRtTaYQe+E<R?%T0i!kMu(NNHfforA@8B|7;RrrzfjbL=jbKho}
z>-67th28FzM%ieb`rKpsa*r!wwNOAt8C6mdMZ;M+?g;Zww<O-|CB-@C4{#Uc#*q+N
zBXsJ?f5EXU$iA~j^`XQ7ekzbW$JwpvCMwfD=MK~L1d7A)!;$vwhe@5M$DCz|XQ<_1
zU?>->cyQ2_THaE)oCqmmt<Get#B3&o+Q|e?!X8RhX=5V$(ss5O)W9JtwwC%mBZp~Q
z7a#Vasm$kgzeQgdmffH@piC_9-oyRCTBQSN%|kmyB(8k_adS08b#QZEH(if}*&}6$
z<f`1VojD?!%BVbNfN^FLMXl+^<YlX97V?^6cRsPya`!sf&#T`OoeLG$6%$=-B4Y-^
zfxcQgT{+_$n!agCQdqOVkUgpyB6?~SJ_D*UxPIU3Ph1g{D&@W(uHz0H_h5gfWXK$~
zq*F$iwR~Z3{M^og^ZcAu6>;R8WIRS0%IZi%A>{5;5WW#2`!xZz7whFAc-cmV)9a=^
zoCxKf=PtR>CzLUW(_zC=ULFYzLaH+eScgHZdE!*@7A-DcC?5451%V1|i5tL00|cfj
zo_<UNuX5r1q>76MCSD?OH3yC{t5`@5uw8?s!Rj>Y_fc)ez)QF+!;_#J`N4>DoCiB!
z@p&d&2GMQw<{O)5s&$^dSiA}sS#cmdEbl@oveHeE$Z}aRg_LXSsMX=&M%UZxBwA^9
zpO2B#b8!qO{ql)4s-RTk8mm{()dqu#eFhWmAOh@-6~3o*t^_P;O2u&ggQ*Hb-`^R0
zI}Q70Lh-)cu%W>f0+JppzP7{K;TEBM2;*Ixzb+&DCo1PhWuciAn7W|JaBahOHvb=k
zM;Av-_eZ-&Hs;T<h}49xQN>y{>GLsl2cg1Noe31_)BavdHb)VtKAb`=Xl!^QKk!=~
z?!!);TKR~k6CUPh!ai>(6euF0>lh@NMjlh@4SSC4xQbj4ca9VrRLW6}esRDnvS^VW
zSAwbu17Enu>$g958))cCFEq&^_4hquvynKQ91@|>rEhw<6n3>J`$#f5H(ez@=yLf;
zvfhZzb-$DL+<|m=zK>xN6-7X>FKfaTd)of>X(2~u%x8=1`1FVUH~5Ep|Jn>Hk^im|
z{o<;BlG^N?9Nd32p<g`t&x`-iiCF$wEB9M10RlNW*#BrBY=2pQYacBC6hD5o;QXzR
z{M4728UI-SXz||^nLo<PKQ)zKr2fBn_<xEj{}N7^{=2C1?}E##>cR4VrN;6q*8Ix!
zAI;@et@)M5KlXpsVAudGe`zv5)u8`agJJ!ru=T&vU|4?_cK)rwu>R4T{?cGre+x|i
znFjMK{J+-zf6!o9|5ASbO@q;1wZ|VuArKNG+@pwe@fy!0)eQS``h&s&wzUFdFl5WE
zEQ;toyKSE)cRU)gL88Nm#m-7D3ULoIaf!8g``Z+m>Q*`}7(vvX$*dC_HMfPb46iv_
z5}k*q$__{MEtiXS-?=T}@}0uO6rIZTLKNRldpmf3>C<j{P9Dv|L*td|wdog)lg=l^
z#7--Lm#0gnn(m|%PXA(@N~PC=%|jkZtimBvVJnNo`IEa1TlU?G+hc{#WRIt8xk#jY
z_utJ2d=_No#eJ?k*j63Xe%Q%)_}d!zkgV2l)NFm9NvYt%vD0$XS)9&?kEeuDFWV%j
zR?cg)>{%?!dw*V~uB}BvHo<F1+ZIyHODt|p98eI`h<9AcDHQ@w55irM1=DW5lU%Y;
zc94L@gBt`EA`+cYFE2U3SC>OfFD}E6g90XplQnEvy%2{b&Pryhc~Src1pQcQiF)Em
z@tIb$_0p^hM@zM%JOg2i+N26#2~=-guRK3?1+m*WGNdDTKk>zNuNwZPwp6QkISYMA
zBDQdAbjwXz3NF|!y~vDsrn|Z?4pp>3hfJlGv|TVwReO0Ex2gaOs6Guw{1_iVejElx
z%|H;>tmzGgPAq)Z)(~#lSU9PO1ur^BujCD19gtocQhZTsOaDPUjGc*gTDl@3F6TpN
zT^yQ`6>UT%y_X>7%_3AS3^7u(xFX#L2hPlADBs=(hnu=g{xB0}e28J_K>yLt#mZ^b
zYLlK636x6(#sQLUeJPNvjxdN1pd7AMdH7mZ(x2@(721p`foszxbJ(E!xZ|f<;%9e`
zC=?t8Zw$okvhpEczM}If^f(CQKHqor7+n%C2e`g{xS{m|s&hf-f4ptnrYtdNdaaDK
zeE#xy71MF0b(P4Abo$2fblvN|_8wGm?h*Rj%BAHVE8{WX<;8b7$8S|$KB`r`A>771
zJO@HIb@o^T2;V8BzGVISQ!(V33ANxAeQylONQVrSmPAbN!8ncC?gCZ<u2e+LMC`ee
zcMwU2OR!gpA9H24OOl{zMBz7&yGxVBH=RS;fHkdWnZw3PeNe=06O$=1A;xOA*D3(*
z_r62K&?B>J59bu|`-2CP75TgF2J`+6y}V(kD|8K)MsE8UY`*;$58yg*=yWd+Qvq9G
ztB!FxvYXqUa9@eY<UP&vE%V*f!?VQNDNL8ennR?6f};lzH@%y0yIH`0*>5K2)WE`0
zLuQQkJ33ZU2Yp?p)=C;o$MeUpEGQG<Ws2ubq7v!Y*2wZ=4<6Gs14kpzfP)|<uunw`
z{J08Kd2Wt{IpBV?IX<1V(_r%B*v@1aFs$q_CsMtuDU(B9+swqyXjNaoTOwk2MD@>f
zq7p)WOP7GhUA@M&gqNp|f$!61(aS|0trEWEz=WI^*Z!1`P(u;S!y|HvVFODNm^LR|
z2yk5=;|DaCHtSBCQDm0C5cgYWfFX=)t#Oqp`mj)VsfaQiOWF&P?c;`lpHztp)QZ<2
zEewfOVwyrq=#yfq;O60L`VhA#^qE0IRiHp(f9j(9w#O*oG_5G4%ysDdY%a~`Z2oap
zY{MjaRe?N(M_<6u!58esyEiB8u`AGE{kZFbDXL~2y}Bj`yAyyCWxG2Iwk}jU1PV^%
z(jKjDC2Gv0L2Ef>>)4xu0R>9t4UqB1dr)7-^ggCn5^>N8KXS#G>i6Ix$>XA%(KbM#
zLP^&0cd<O@cl7|<X~EY+%G<!<pVAr*U)uvp?38dzPthSd_BuUQdfg}V_{~FW11d!U
z)SLWJ9Cqdo7{)cr`Ndbph6~3W87JF%(({(4cxlv?lGkW^d|1om<QH);*rT`nrZ+TK
z31lPh%`UP+=VzjY3|%NG22gkmjV8Zqo@_e=RcML1-(IPDI0=~Seq+@lRhw+PBcTg8
zb5E#I2ojlVx9h>WCk<5rMQe*MX^V~KH^X~`$z^?%(~P*o<~8hYP1PbuUkX{xZE)nF
z^!oJSPGv7`>aB?Gu7B(gb?9$P2j2XpyS}!Vqt&wZwvBJjyh>V+efJi~$jslK!LKc}
z<E#(M$6?DfwWB3cc*4lVubl~PDQFf**lzC7F)sHaaj6j7o!<HQwXT~8h*G{(E}dmD
zY!=-KH}H!bAP#HAR^bQQQNTVk76D1BzkJ1{=kKzsqm#g5;9CIi60<EAJPyX(<f8PB
z!=V*4%+`n7k8cddR-zy!i{c=sVOTf-v_fE$N?L@9De^d?*zdiQAqLRmyq}KTn@0}@
zYKv}_ix!xtNOKH<NJE)u2~N_`SBZxa(9_0U>W<Dd^~*Zyi@pzIj6)sCaMm4vw}8mf
zNUbxmT%RBb6}5H=k1@|=8rnu@4#*~Lsfqtmej!qN;oYte5p}|Ayk29|hqzg<Psesb
zbFZmx!>~MIMN|wyXq6n)%W|>$7-th&L+Aa*@f}bipS-l<L(OQ38lxB3lJ_*0Nd!Zd
zQt8S8;nD<{$>qq+)~?jLgB{sm^&1ZPP*!bcqY^Ml?g&vSi}*q5=tS-Peo1q7F0Sed
z-Q{-EzPm1_yc<;5Qpx7A(3vpnZs#O`P7OOE(HkN8P|!XKVxf^TN1<|6u3$G>-9V9;
z$YO{rosqJldNaI2RjxD7B!I=teAzj1KMxk;^6f6d7qut^4W3Vm!s;Th>En1U(odVx
zU(T6>zLWgeEdOZ4Ov1NUL5Gi15s6cLC69qf)F#cs=u}iK8%DRvt#Fww&-(65SARa2
zN2^C!d6$cth>#i(_f9_&7k5ZH7Q4J4tZ6LBGOheWe15r4{M%F2+4C>K;Y4j8gxa+=
zUIpn%$Mq#(Sm!xD58pO@p((x_yUCbZbx9U5g=ds-gYWC3@sN5S_s)wy&;)r0GUS3I
zRyL-OEG%KF;q^QNd!$tjYW4HCxOtXDHqCF)4C3f2na*I+QhSDsZ}sx?I9uXs*gjqE
z4o8bLz((2C+@pCMl_Q{)!)Mp7WZxZrdq1~AVwH0<dh*`Qd6E4rH~z%bNfjmh#X!gP
zeg;68%~qD+Hhb2%N|id^&dOtSMT&MLZG^Vz!XK)_F$>2r9go}kJR&0dz$mivRf*!e
zh^|~dd>$`4Y-iwmeAJ=iF$PX1RNMD<D|$<#W{`-Z#kWxVVnsY1^Dv+LRN57bQ^jYF
zA(9vu?<uB37-ln(aM;IYG9}C9fe5owre<aGz(6r+H`innT#R0bHoaUEb;(g6oTl?9
zz&K8x^JYS4djfTeud0^$igU8Ldi|&+icwB+P%{&jZjGXGe+%HL7Vza`P(y^wZXTu+
z4Z%Ddqg#-5Uk5spPXSPT5S%jkX=8N>RuH66OM@zno#_Gkt%`eR_&{*h^HX${G?cV5
zORQzR$;4)4IpVJ6eU+FuT9joCuvHbK6+dwFv*c84s@olyz0#7<UT8dDYJ~Ucc<l9|
zp6yp>x#7FRGu#;*p|#kck>VnuK4-pqwR)D8G30l~kCD$`Ok$iSzq*dS$=`0$bL2BZ
zaF5LxGCk$Im&2un^Zgim(q6*2?;F6sGpy90Yj!qK@WwHHf7#plkmRci<>ocdw3C8A
zb=nzg{wXx>(IfPm)wE!uo7mC4YxPN};|}Ezpe7gZfqNCiMj!@lxsDUxY~mETjwb@H
zWv8-<E4MH>2JSsV;H-cNXG{MnBr6d@bYnI~HE%DrZj?-opYIsdEMIWZwIw+CI=_qd
zu?kxkns8J8LU9*bZo<Y}cVOFc&*n)XYrKfPcq+R#o5sUgfm~=~cqApiW1S(KuRaE7
z7V{+4Fb!4v!sHItL`{qHWrVeAkru&ORkBde3pmG-!v23pjK7|&e?Ee<aB%|vAjV%$
z_5TGivi{c!JVwrctFQZG{f+;AL4|)k-TxmWyI&CK|K4&rcEGQU{4dMpSpSK`|94RB
zcgf*DpxR%M_)odq>p{F<)pP$LRQo6V|DO)mvHlCd{#`DoD`QVEjA54%0Dj%8jE}t%
zKqeEmR{b*EfIYtipnhktdQI#Z#(*6w{|(}twm$e<U$7~{D3_pnoDvul>HfOk7q=gE
zqZ0M^)JW9Arac4I)l*g7cUk2+kJXFO<%h??xBa}KxeeP79k^K1`*EGlKEto&Y@z}&
zHmSyvkx^6Q&}iB0uE3g9{^>i78=)r#+WYF~^Oh@t?uV}Oo@ca$&C2GP?}AH8_et=y
zHjNjIbSnNYH^t>XYW_EVPhbX#M{spgzP^t}V!j2GHK=}9;P!8|j~_BK_@AnuAK}#e
z+uAXhi1g|)c!L>_o5!IzRDnv6Ggbt_!)h_AST{>v1Wk6rc8xRDO7D(Nn6rJw=lGB-
z;E@GK$&aG17?;;R5~hJ(%KxCmbyArQ)GkS!$_I|3q61$`<rXJ7$DE}asW=c7#z|Hw
z#miY90!r>b8+M+v@%FYaPLf9enBQm60&{eXvxeZ8@*7(u%nLNOn(ev98d9JwIoMjY
z?9Ll(L2NdbH<dZC<vmvAJ?!p@kl2x!c}j5clzS^sEr&9*8m#C)n>8rKhuvxh0WIL)
zl~s++u#ZagCvil}G_mu9Qc{3Ufb<iwV@r7zLQ2a)o8o8WfQrEz!RT@sTD~voXU3w8
z$k$E)c(y{BC)(rlAx(&zkk2-GQ3{r1O-2J$87SenQ3&OtN$BKG<I=xrL#Kcq5OJ_5
z%BXBq<vh@R3taIxiM6^t&<{QpJAWiS$C_|2W-qU3Y7ydGiL;rZF_x6;+k<Rygdw~I
zUBtjpB+@FAKC;vKiQHy<^K#cWVLfYJWtDNw?|i!Cp)m)&siT?>Wqm|v1v{sAH{nPx
z=O?*JUbdcK>E3r0W|zi#+k8+I3mpucD^K;^I!}sEEe}rH!AAxQdwBk392EmcH48`%
zk9ZmacAafb7TZ<Pg>Uf)TON%EdM*T@_<Q#!jszBB7X;47k4lbm?~cAW96@)O;X_YE
zTCmZj1sIfZt+$`H(G8u;M!EA(f8KPqm^D;1K;6_0NK4b=47mw~bA`=(fO0@6kO5kY
zD!M4mVMy?Jk0#!FPAK4FpbW9gf6XNXmJjj5@{lt;=-;${uFg@*-P$LFzp3<&sTp1%
z)3sBBZv9+IsLq7LSE&!eR~i!o;umS)0A7H{U%}tU)O_y^9qXlga<$D5`B2~ua7BvE
z3%6BQI8UUlr*0U$vr|9Yd@)(`>McHiox<$NFNZC;T<!I1v%bt)_YIk$glvsVEOg9I
zXC?3YX48d<jz$<$qD+ny?j7XLI4jG|m^OvT$olznQK@ZWz1Wqp`kNc{PU-_e`svC=
zo`FP;ye2-bnkJ>4ilA0B6-Av7Z2VTP*ysVZq6#6LAOv9=&SCh497A-n`=S#UmIV_z
zy-6!1kh`QA*c9_Orj&vNosgroDR`>WFsT#op=%&pk@jj3X-v49P`YTAWnDY-T!6xm
zC&P8BWO>zmGN5V(a-v<p<Eh?C8Eg8i%-q|QBk^0!YkR|BL{X_Yzk_Qp8iv}h=)B?j
zZN2Cn{o*-trj?_Pk!f?HXA!gc!UQBTn`7R#jJ2jNwkOM24AX<bgpzn#T<0=%noL@4
z8O)B4f%yJ;{ud$J3Q%+C4RdVPC^({z9l^wn!5}V@M#uPlyGcCXPh??{h^qDgrSEP=
zx$8xw^Abf-M<k0pt>)i4G76rMqUeiQ8t4XLwWyj0nN$`->jt@AV(&S*L)$}cKq`xP
zlY|GRuS1e}P1+U|lJS1;_Ge7YRwlq!1@9L}ychL-QmLtQ(dSeoom@f@DGAS3$>W)-
zfQEx=j&1uM!26cD*ab01{J!pCakedj69fgbQ)AWWZ2jZv4JvxwiJr{!x;Rrygp2%P
zzFh&VdC^$K88PgagM#o>VOuqQ^*e4IM>v(MI2tDjCxL+yKH1gPwU<@3PKi${U+q<V
zRSCXSJ$5}rdEXsUbRe~51aq1&v;#bXM@<^HG^^##qmo%$G2dI@9rL=bbH}^X%oLoE
z8;~lQIq&20Ad=KZg~0@t%-bhwc(>hV3)umhtlavJ)Yk{Vm1$cTb+qLQL6xMOJd@-S
z?v6y2(y~v6&kSUREkjg;)h(qs;FcTYGzWvC%%rfhn}AAi5UXtJiOdM{2{0xI@xupj
zFn5H&u2RP-j(m3lKF4163&O)q%cmkmIYTzFyaw-bnml24IO?(wqHhr`?G`PK5>)HX
zB8xJLmlCW~zM`l$5s3*|L2?L*RBFa`1COTqOSb{WgJChuD*1cG9^l}vd3j%pzoUaX
zo!+}8+r7~dm?kyfX)??whUdZ{50p|ChN*>tQu2w6tR;T9PN|fWfJm^yA!A{ru%tO5
zv0N>*5(cCHLi(XbPSP?}R~}s_G=Z7&qohrWu;g`G5`6JB8;OyMy|HF)0u1Fj>Ih2{
zRkOJ4d+vTceYdqOj3GHi`-C9glZ;(*`!H=ZrL<!u%yOr`bR{#V@Kl96tf-32PPQM&
zFS+r1*&i64uP?mkA&>iIYtAFuTYKVy-X0L)T#_*134GnP)R)hpMaJ;<B0wF8ml0G%
zGzsaxTyV$>Jj=5o2R3UdcFE;H>GAVqOb-i=E9QXhYMX{Q5tGJ<v=d)q0}Cxlth#8o
z8pqhX@@m9HBif_FnAh8D$=&xZ7hzHRJxvO2!p0W})Ke<D3cGYE4hxXRGRy_p`!Kt<
z8^QZX>4P{kQX!fIJ+cNm$jUyrDYZ<YsiGMMQ7$G}Yo}V;=SeECL#mdVgHkLcSxSJ;
z;7jL8zOGKSWciARcdhalq!`2UFUSC4ojlkrP+-(|fD3Pi;EtRpA5#FqOj38<{&CZO
zt3B78?Ik;UR;Q~S^8*2O>UGDgis?X`#UciWlh{LuLSEX=U5IsU%(aCHbh%J~7;(gw
zimFH+H_l=yF0(36&d@%}{9UgWzm>;k$p{px8fA^cOCQ8XGLb&j5vT}HW(DJOVNP^K
z=@4bV3`dyJmQkT&WJE(a9Kckpoe=&PlMJsBE%=ku0d&BL;A)pJ!BPQ=b0OLCV464#
zalB5HR_o|ixaID?N_&_lit^Y}0iq#`!bdMz{8Ik-;t36IawX;oa~f@bzMx)3fS_t$
z3?S%kx~e40(nax$xn4_XwX^vo|J2OB?Yz|I0KUS}<Il#ug5F;~i~+pu!Pg!2NwjOY
zxT@SUr&o$U*GLhJj77ca4X|{66zL;9%g#fxJs%_A;tf*7thGo=*`72!OjpK4rQnm1
zKJ=OA=9EHxm1eP>6XEuJ7NwnLaumU$uDJvZlVT(bjgD4Wr489cL>Xm-0J-0QQdE%3
z7jNcm*tDszvVZ8qUur%)OLJ&JiO0?OJwjMvEJOGr^Bj8t2&KdhEiBbHmalF;yXX>S
zSvB|BP%nFIaC6@hP<p!4yb&YH@;BGhL(?#&5F0Bc8K$}hoi9`V1QN=RoHrs%J6LiM
z43E0Kn3f%alS^H5gzmeEvf{xda%Yqo%PU021s;X_nMFq<M!BfdFS1OSjLQMN`b3Zn
z-7&6cJ~cP3c>aW{T7--kY=9y9jNa#?)C6>%;n}5n{~lkvLfvG;!jn}dfH-$AV+Tx}
z-^L|U*K@Q(*RC8cev%_FX7=qZ6(xNe#J)cRtc<HZq>70sE4=Bt{>v?2&OEoo{o~Am
z4GLmlvydBMGJ=GM7WNyHZ9ZCDW9bd#AIP^<Q6VHIH)iqWGSL`q4LdfC(&>m-)Zpr}
zU+**xBjv5Jc|Mw=d>09MJ8>ZRL50haK8KZ_$5b5;As_9X!yR$<zGU^6;sa(8iw9DR
zA3OM;=|0DlH29}jFK{<XWW#6dS^@*7CHFyKFLMYIl+utr_3;h$IL%Sn7vnSMI|+0Y
zMJ*?Pi0y{4Ix8(Vq13t-8#c@yf=v!?qBj!tcgF;|+G%Z7*|I?Q_zsn=Em!j^mj|6-
zz~tH}F?6)n?HxDn0Z7B*U0ivzz2I^9c3Tlw%(TxKmOBl#RdQM_Fc*_CmIuLk%HSg4
z#@|6ld3N)x`lko4-0G$i@Zt;}QVm4!Vs)knuMF|-=joO3XQA^}qJ9~bt`2a%h-Y5k
zL>U6oPJ`|;v&9OA0>{8VXi>8^;AI>HQ7y53VAHuS^2I0kqD`vPym7lxZGU4i7&eNi
za8JI{XG}rQvuE6r)*9h<cXT2)$td=uV|!aq>1`8_t9<!(W9!Wxl`sDpn)yDQG&$Eg
z#w`)M*?x*UVlTCVa;?}IB6s^7v*P}0M9;(dS{cK%D;rh;>HEf=OC|jfcMQyO$Wm+8
zwa;k0Czv_7qEMjj`F)<$R~#=DcW3-&8<dDC%bWNBi*;M3x<2mf6;3dh$@pAZ77h?N
z*YXv3<6sy4l93!o6kJO>)JcxW5#l^lYykCE5D0H-w71)3G(2cA77Kk6;&`i~xOhmi
zABfC3&Ghber%f3hw1*up|Ej?y$96QIK?$FR?I;wyZc!cP%tu-RUz==HSpapvI1N8d
z3IsnNA3TNGkIzjuOgn6EYD&Wo`__962pjdEtb_QU>cA9AR2EULsuo27G=Vy4qgrDR
z_TPGCA(OHylX6W<ipa9VdaBbDQ2b-T-94DI;hTp0YWOVtqF%`Rq9`Z@-v(s*<XOi~
z#h<<FcnRx>iD`u)5PJQm32-h$YeA2vY+-Mznb(t}M0s}5Q6TbeElE4~L9T*rJt7+%
zPDHq^1L6C3>9@8nKK_2y+ZQDgo;-wSEM~~EQRgM51c_NC@63ao!&3KSloAmvXF#%%
zrb{*XKAGJUc6@(t_u?ZW`DPajty%As66foW&^5)By;SHpj%RVbNUgn+J1@jp)bS{H
zq;{(JRIxz_*oUANhqo5W8r3*4>{56<A9h`MW*RGM&F^hQ>>{*np^8H3s1I}t2Azu^
z(QT}=wS>am)$UPm;kSdK>upeCX^ua!%N*zSl>2pEQsBM)V5jhoLEvm{D6i%Pe0jG+
z`2U9=`6FVpa<X&$;YWT!>Horyu>JGk+h2-02Qw!Z8|xoM{kQcGe&i=U|9^%bc|B_Q
zTf6>!Qjr7jD<yxV?!Tq)U&PLTdcKhDr~dpWY5yz2<aK3!@gaW`CTxFBOa7&8v;98O
z`JWLczrz0+=>J5Ru>Ez6@ii-d6DE2S3HZZK_E4lgX~E><SOOsA$ZQLhFGTB=AVM%j
zqCp@q%0-AVYLb9K!Dds5?|T}Tbl*QT5DuXD!T6{1>7{qgH8dRLXl*i!#w|ZBFQ_H2
zB;Tm1t1sqqHgn=VTs3?R$A*9I_U^iW{U4sc4j7^>`45X+FCEKKb7Kq)wp>Py_wha$
zb+p~WJ>4N?YGexJCkQz3KkT3MJpF&ny=819ZJTCUW@cxZnX$|+Gjp1mvCPa|W@aig
zGcz+YGcz+o*&cuI^t8ISS1s+%t~5V0rOXH^l@amW&vmY|qdR{1^eMv%ZsX<5I5V}<
zuYgN^RuP_q-Sjecg`xZsJaNUl%-xrz{7|s|M}^?iKA%@vkp<%Oi0@{3E^_0qolw`i
z{oRJm_+itK=FLJ8oaT+^>@P0I6@g%Kj8a0Vulw<HiE(N8D^Bjj;*;54d0h^B;3*!X
zrlH6j39=0?GXDVJR62y{W%USB3nZ*(keBO0t~OM|M5?^RWdJRK2-m%M71?92g>*Ik
z&8KNW$t#OlImNJdZFf*W$2BcW&(NZZB?OjGR4TD~n9i<e7p_TSbuETwf#zYE647nR
z2}D~Oa2ZAOmmH6O4FivMw&&jAsqe^|=d&-@7$nc3@Tr6pK2cb=y{w^iGf%sdGhU*;
ziZ$6HP<(wbEmcU@fP7qSDY*7#GHL!#ZZ?fiwHOa+3Bf&o$%&5^{~S#=JW64IAe!(V
zF(9b*+V^K^L2|$!O})-#-s!h#OBPWQ!?Y@NOki~bduZvvkf3Nlff*5#*=>l{No8a<
zbascOsN53oyY1gOzFZ{FcMPxcxuKu%gTBaagx3VGtC0=G)`oeqja5;=a5^kvCqFBQ
zI|gW!uO092%5rJ{nwwn6MgQ#w8vG6Xh(fgK{@RFkp*1vlx)x$Q4w3$AXvgbrem$j|
zy&v9X$?N{N>h~*>Ql`g;&-&rORb@N|!7C<FLaiI4Z9GQTM*G(LlE;tDw-t|?w>6L7
zOB-h&Zyi?z&c81{n%?;QTDv+iw%(GnyLi^ypZ5;qF^Eef23~@~W~TA8BIxcAFm*kJ
zf$Y>)EDrwy4J*ikU;hOf_BW|o$*R%NPJ=cK;Ddpog&flvZo;n2%5ta7{G?|yAiX+6
zh!;Qh@8NS6wfWwM7$HV8;qs%cs@0}#s!g_y;`v2vBk$7e34VELgC;vVXLRWKg6!j}
z<8p~#$0>{P5i8R(h)=fl$MqXY!tZ&Wq0fRQ&y9Cm)k`dIZ@<sZ-mCkkAJ5v+H+O%y
z{swEkVvWwBZCy?i>^%J`wt9ZYU;4yll@G_a8#~_k{rlXIlQuG-#>#(!S&(BOxE`mM
z2$073w8zye9QLvZQ*R~bNTtlA$MguOw>{T9I(}RC5*{i#3f-R#qSYlP;km==u?{#f
zxu3htYJJNX$hz9P;ys;Z?7;QpI{Zcu=D)B}bpY;8#j0MGc#Ul@S>2;Jzyd7Mr)`yF
zW@t3}q$uU6l~XIgFx?Y)0{PG=M;3z|QLbL9qwM$7SD6bA6{U{AnHbO@At~(N8m&}-
zK?$^#CTqBsjAd0YW0WBYaRQU9Q=xduiF;#cPpL;!jQ{{e$@m3txJ&Km=eG+>?Z^z1
z(n<^US0f^SEv+yvUMjJgsg->NEKIwNYROs7CX)R{vy(jT3BqIVh|=l@s3q~eWIuq|
zxARvP{uIy9V>vYydXhL5=hO%bI8d^ff9Y7<a}5V;bwrS|;{s~XZk}XY{jzuiX3y;r
z1n9S44uEJfkKgNRR<h5?9+RNSR9@%>%n??j3{<1a^=75R+eUXuvF@~@9_K81WzN;s
zCl+u(X|xvJJQbn^coy6BMZ~gvku@e(kTPLVK{36f1xs0H`N1~7UsPYeyg;$b5+<jC
zCO2PFRaH@wuhxaRb{boRXDxb)2_}__j3%XXCwEgAs91TTaj5DhtCntZRx3~EyIKoO
zDO)*2J!&ktkeVqsg{;PQP4_*YK%S^{`j+3!ny$zeyPrEq*TiJ-lvN|mXKd*0UFocr
zTF0^l=qvOq2(XJc-Ad<Mc?mFv`=SUDy6wE@7&IP}ym&JDF4ReQG+vH7lf@kU+_|HA
zKrFzkt#Yz;rbv$7ToS+~Ro9@+b0npJ>W_57K4+y{kR(0IsA@uKk|Ot^7tCf$)Ht{1
zhU1KSbQpefJ;;6urRkzEM74<OkIuienC(XE7&DTNV_kS$IWwkqlXYG%f5_{aiYoJD
zAujNRq#}SQ50l+@a;KB?F*~9I$LUtKuSnZ3#UqSvd{BddacmeN&;2Dr=xjaRm;#{X
zvgnbJi}9@C(Fw~*9Ii<G_KQ1%u0^HJ1u_EN$&b&E>ID?qf`>a~5IZ3opVD;cgQf?z
zbC_S*3c~-M#|&At*QgR*Vc%-G=3(zjwKSfjQMnegMqX<#ZD>pLLX}xFL5z22&-yKV
z^-|DkPP)?lOq#x2lH?`irY-WmcIj)Y1tS;Q6}ynty-PwZNd5N4!vgla@>_kD0{0=;
z129A`lm<o4*;i@Da8L`xxLN`L9#D)ATbO!d7&2X0ku&rff4^_Wnyj58othm}Q=ke<
zgNPPgK$i>zkMo>$1>E`76d*J!yqje^x_d5knpPqpd8ArZghOru!NeYG44CTGx-lvG
zL=Fdwl1GAAzpz!>_OymXdjvO!D?wrm+6o2*2YOs2(w0N*Z3z#X8KgtZaNlp#X39x_
zx2!g=c)i8j7=pN+kl4Fc+FjlEAp6$O1QG?|lYo==4@K9M;A%YHR;7yoPs3?(>Q3Wa
zID|D=6(&1~K@Ii5juwsb6-L8NNA2piVFN?rxF;i%(5pDE!JD;)vm?Vz2loZ9jg6~J
zm#OH>cieK49lm<O<*K}nJEQj=@uJ<#N7{_7HI{dur>#zb-<_A<<JLP!s`qep7~~^N
zx=T1-9&j!Btc5|Go(Wc|6%5NP0SiE_pO5*+FdhK`i7etZaY3vq3gN+4mGU*H$0f-<
z$m|LV7Pij<t`Mo_`sVRj{B4UgG6or9(J7LYw4C*A<O7oBQjCbpmG6G0#>B;k<bG`O
zjhx^s4f_*j2eJIc;jfn(UUm1k!!mkloi*^_p?W61y{L4E0yF`zYSrIu(SAe-AQQ2l
zmJC|^0J0?L1Z~Pg$+_a157~>CgaS5UoodMEW?RjTmh?ny^^~}=%JVT1!4DWg@`(|w
zLk@rXNq(-KJr30SnBe0uU?|h74qQM}xC_a69$t}jpaUt38Ze&<OmuZ=%BlnF=YFkf
z^Uz(4X9rS2pf^v#wXJ*EhP(X^GB;31ZI3=GNd3O}WBPklZYqMJ(j2E+$7pf_z>;yn
z(da~Wk_AjBV<wUZTfEHYFS2gz&aZDGKY30v{YrRFJKGoHw)rD#?oAmMg<J%<txjsd
zeUFhCrl2;Cw$p_ymx{(XOajpTVP5F$WwL;NjP+slY6ODY5K*al0xW-hMl3fOcIf=5
zc8T>2>3u*~3<tEn`O-(i8;NO8Cxx6cpa=LoAH!}I#@3*vw)Mw(k<C?&zyY;zRc-`z
z;-t-vwwIl9iO_Cmr(xX8Own}9gnHG63fnne+8I+t>!!kquQX!oSnk#C<Ht{l67-I>
zQ{TbQfZ5VCBB-7@%!o3vp+S_7B(gAXHw=G*Hp`Y}85;YEd^Cq;eK6rMtn0~LX`x@^
zSXdg><_PpS=FH$leiQ3p9D|wCSq}$%uqeUkd2U2xf0vud>pRMgQa)`a!$VNBZq@g9
zHp(Q)A2t<tUT#)2QqqSTp)Bm(Oiv2$jhZHJl6cd)H-z<m8)4#vCCZ21wAbN0Eu+|E
zJjg?s4?s8f9f?pBE$tpin4haDn{!ZzO6WVaON#gY8>6<tFTr<mdEs}`r7kAPs6OKh
zp?K++z=_&6K>YNL>R~-km2g$JJUbsfOb&H?A;V!-f#&=hN9;9!&U53}g{9u~M?H!}
ze$H&Cf(&l80$z}{t`Pb$tZu#Cx)ewgxQYR8DZ_pW&wY)=f{|32&RK?`5PZn@@wTNF
zKh~dCW7zdklwrg|&xg1}>Ci0BJCeRhVFnW^BuyfER}8z9(+g{$G%>Ee$-{WDN@Cz`
z3SQqGX=+ibVdTu^<t(N~I&v|7b!z{jzlmMkM!S;uJ}<6#WZ}zH2q8XiWB%w^nwUP>
zi9XfC?tk@@!k3V0?;4r$`-9eX3UQh|oA5QPLQD@(meDlUnad0;T*NOFbWTneemi2(
zmOGUdi#zb#l0HSvS8$MA*Nj$;7{$My#8l-b%}-+Mx@i`BBb#QS1u{%-b?tHA(VgH#
z1VE!?$4ph>n4N}^t0tYa85@o6)gLYn{RP!mFXIl%b0n!O`{e=A8${c1GQnVEMx=Yn
zsZ}bSvr@hJaZO=<h>#%g`r0Gvn4fqQ-%A+yssQ=Ysc9ID_wP0YG<~lt`cYjs2t@$R
z{1|~#1qR%YzZl7QY~@gON%0i(0e~O^eEYZZ`6D8o+_w)R(-S0X5iumCBStCT`5W(E
zZ!ZhV6JJ;>Li|wuNs8#FN%NP>zRS%M3kak~EU<-Js!EGsd%kUkV2X{Zo2RF(tzCaU
zISHQ(_{o<P&dUIBO=m?pMBgRsfP-qs5S?X^kCG%8|3Fa|paX>fs~c*44F#dEiigS!
zg;Zt?Q>XpD>^y!%S~@Ej@gG7RQ;Ox~6qrER>OIVE@6qg^B~VBf`f@}#U40rZ*lhZ8
z2n+C~zQiLc;eLaM>Cp(f^{>titzq9a#olCDps3j(ITT}Bj16lmXvRftzQGa9$+8Is
zeb?hP6oDbBL&k2&JWGg`_c1~&zZq;OCz0+e1y<LbsG_lm$c=0RXzCDc_N@#So`cME
z$cy8qpL?-#GGfVeS?V;Hn@A^)Rp=c-72^*f&1WsOtKD$xDw;tt=8R=isAMKnrA8ai
zAsRZj$YPQMZy*RKjg+Ux(r)A-;d4`29KOpr9Bot8A&WT|-@<B-XTBpd)+X>G#h$#~
zqvql7P0me1pcLY0w`Mu%?o3r#4`d<Di|q(G2HAAAvaY}I|ElK_#){yUmwuHj%qXLa
zdxfEJc!BsBkhN$HJ`ku>TN!%Co*FeX!zlTV-7<<*+&zP1YSuCo<9Z*&Q}WXZYBAx2
zR4}s{%p!`Gfl4zRYzHI|!-WtX@Dm@{24?Y)%~e9}Lb&V?gR8!>?h8ugq6b!V$q&Kq
zqBk&J-IvN$?Ihd=Rxq`SN7*ZXkOr^J1FN~S$<t`(K6BERJtsm0&DJV-Bv@)s54+eN
z&L+A#_Bd*WDL`|M+($GivYK76&HbR&TfS||L((~bP79&YTw=j!$JCUK7Y@@-ZND;8
zvy6P8h7QCHC$vP?w;ion#xBPVuh2cMAxCyw%Z!;s_OhMnH;`Tjs#@L0@E}<p>`Uhi
z0>?Bi_N}t*k0o!EbvD0w=uhn(1X4TPFxON+wLwW4>c^8zIv`fAMupQ5{78C0W=v8T
z9a&?zIIs#-b#oKKgzTsOah1~zwsmy;oQ~S2Rj3}TRM`bsyRD}luSeZ1+l8O0s)P#f
zOCzikB>J|*S0mBdtGrXCmLnE_MAM2RS;}LNji+sI9`!vdb^LIZf`Ym0aU>E~6ktOt
z`m&E5p7Okp9VyStK}5V8ub6y00#oW`4{P=HnrSya{*p2){j~LVgo;SQ4W)2Culite
zam`^a+<pt>ppvv?wW(-&re#Sy;C7j{mht9-)jdDc@~?QyBep=Q>!YY&{$KaVSIVx;
z-UMCQoQbL>@wnSFiM~W#S@&Xm^pkpwN%8aY^oQJJr?3{fzy<oHL6wFvW&Q(g<pb3h
zEf>;9cwW`f7=_Xdm|ULJSlbV;=a`BVyPeF0UYYd@LA8c1Ww{I6MD}v~=F5<C$>1{(
z(ICcOdTkf9v0nWp6<HUv;#EX-YW>O)8IBl6Y)=fP!pun3>SOYCx(d<LbzAVfivv7;
zMHq7@Fmy<arySl!d6uvaYyAE;Keynyj+X&h$JD-^M!X}0#X0?YFc#=0jM8G|1njP6
zI|CICg&LEFtJ!6d(T$`s2J_u?1+nZ2ts)ErV1-btY*7nW24p@9=#+TyS<EJ#yN2VG
zv2fjzF79fa32CNMLj%&gcfu)?bYG>M_62fja?-hHD2><?Y$if3ZrRqV$#K83cxJ>;
z#QiIk{@^q#=bB}U%azKhS&aKxDi5JmYCFCzI=y<Xyw0}p2Wvd%<7OP}0DWLtAm+@o
zX{iwvWN}xugbFwoTW}-uo<mRsrVQ-p5%kBwM8%9sbB<~gA^>zd*GEi$3I4#-UdWLM
z2VtN5dbTz#3U9x6g>b{vu1&ag4sj~{{KLxfxGm}1M_+qz=L;LD_J02iJDq^qj8?su
zNWpa?^mTeBU#G_u+biv;5XfIaXEK82B7d-^a4^elueajZODV-$wFEoPF-xRa-)}f^
z`GVV>JO>v~yE$w(5qB6~x#fFoI6noTtzRj?3Jr_(^V{k3bB<TcM^LG?b7VzSp=KcG
znDa}Mo#k-!4fmt0?FOG!9|4CS2<BC76$+MtQxJEgPax7s<sw!sRlT5!74w+u44I6V
zyUYy>Ed6O;JBt(lx0*x9gwtWyp)6^gnGCvFnb7z~D=1Q#s<Ip6h$gZKBfi|CwQOKV
zcB^H8C@Zoez3PW%=lSV_txqCiCYvRV+5<gc^VU=ZLL)n<TkMz1)})z`trh`XNc;dr
zgiV`PIOR}jOcfQUm}7)2y{lN$^F#7MrRq34-o~!f&w0Ar@$TpSm!+&uK8A4K7+=u%
zLKg4?jR-8Of@x`mXj$EchH3q7hN9;}PK39UOxiz08!`HZj?7g&7N>Cu2v|=rcoxak
zjH^5p#qy;}W$f*0W=0X?dh<y7@A|`hLdI78lx!)t&J;w3KDBrE^df`YkS>LFFoJ{M
zL^jtgwSdSu1_*ONV0SE8j>4Z7u&><CqXqurYl+)3B|?sV-f%!5s}V$2=S>)v46*mj
zrnb3Fk|04F)bKA!XrF~(aw`(@bULWj9O6(``Xq;m6oppGQOJ<|icIPx`lwvtj>sCo
zA3Y3<Ooql?sZpgwhDJfvKKq%$W$b*cG@nQlKpL&?>gw?Fvc|x&M%I3g{PznHk6Cs8
zjOeKNaM(>X2r)|LL0Vn95-jFTv6V;i0JnY?UHq}i+_4n}rlYoBV>cUyV`NbF%t<iX
zm1Lxy;_7z?kkq~Fl2!WSZsN}N_@fapWX4PvcL^NMTedRoRjPQA+~W^|*Resvv{oNI
z)U8K`u$PsXb>-Z~&<^|kQ&p`~vbr`oqvqodmM`j0jsvM+Bom5<LtNzJ2^{7o%YhD5
z)v@%ePlyq$w?=p(l8f2u7|<#y+zkhs`85%&3Jl;f+xzHeurq#^c9FfUuEo>i^Wqq=
z*ik@~MY5P&ZG`k|dI6jpK}G5(fe_U*KLedv)q!?l(y)feIK}l!0h;2w375~AKrsxF
zPBIaE7=2D#Rl~MyNxSACR>UK#(Gqj}Lje?EzBZLtOP~YkgTlQ-rp#<yup_D6rbv8{
zoF<W7GUbR_DQ*_OIhJP`NidqY9W_MM{Mg;bWk)khK|}A3M%Jp3H2MXPN3S}d+|hJc
zOX<3hx;aI}5Kq#hyni!5G;iz|rec^FT(Ni^y6!-}#9=z$0ld;G{%G&g%P%cXq!rMq
zo`Q}t00D8uXMoh3o+MSrl2WUFZ)(9gHo10CddZRgY#|g1jT#aDEvVvX+m6ngX2I)E
z;c=!wo)s>`Mzv;@c<mG?h_9lt3f_7lFBmVzg@Y8;tOcqyXWNRvK)3{*&j;|po&dK9
zbFpQGZU)_E63rpMSQ5g+-QeUll!5}+Fg;3V1zr=IzcH<#>!c40OyWC?TDa?^Q9tN<
zs{N6rbHg)EDDn8GlXhl=mzXHHdIs^e&F1$U82TPNe0*o0(5iCC7bJrV{iM)ka@&{%
z-RIhU-RHDm!$}KZdj=cRKkVbfb+!N<^sNv17j$D}G*uMEWeF>-r4{D3zOcL7VXL#>
zfi^v76hl0&XF$*r1Ca)8*E8CW-vnnyIQT3Z?wscNk4qJB5L-0b`UMP5e<HFsw+qmN
z7aMn-tnU`>6W6pJ<TKILhv7`}or5go=vz5*tgUhAeWT<%-I-zjm~K0R8mPT#bDAsb
zOb>vd5njKCDk=~>e*3|N<W6ye`usR<tH@$ytv93d8UtuuD2BSx0~8m-AkasqUH3(T
zh8J5DczQtD%Nv#mi5Z6|9#UDbZp2?IRxgTebX*QSKM6d|*p0eWmkL*&AMXLBrAp3r
zto7lIsYUOZG+gLHcI>!L-C2S@^Z+RSQ`2@~Db$mrdTWEd0VkC8j2VJbaUd4J!0*VJ
zmr6^(p}o6uZ$h$O$Mz~ByG&St8eRuB<O<|mu!uUH0GOGZ;$ULVIC9Q!91kLL!eWMk
zj_B0FV!n}q+0Hi3%TeXUmz0GhJgPu3;rZk!afRe4y)mrw85(^0FfUc~w(~)B2I%P>
z+eiwk`kQ=g2AA4$oEJ0AkW_MgHYmU@Gb938kbDqCz%*$&@A)>#49ke&Xdwx#%nYeb
zE{s1kj`VD@Eg+ChWp4(blW&LREw<1ibN;m$-!d0Dm4&3<K`YCCX5z%rA)r@9m6<Gc
z8vQ#{v3|3h8f7^oAW->WNp3m)IeCwR@?3w)!u^T6ihOQJodP$h(z;yHpiMcOxJ<zl
z;9ubI@}Y&!wquwxhGK$w{(ea|ylJvsz2$el!G*74n|ulIB&SN|$n~^;J+;)O{OrYT
z+Q(cM6Y5HO3Sv>u%h($-+1Q;LSR}gDt*xQ59UnY&D6mMU<hCC#4jMfPD#(qmfzZgy
zgUkr0lVfq7RkNM3HBcHEfDCyKlIFy~3Gpj<+naa7>BqZ`vH3kdP)Im3K)y|ikrp(B
zYgW8kh{txQVDUa(vaAv8M9zj1kxk53B4S7}Qt4v4b(=fgR6ZT3`7toF@|mhE%HE?P
z%C2j0?-{NlwQxA%p*U<<uF(1dYX-R)WId(4s#>to!I+m;)p>1Mj@IgS>YYP(ku;4U
z2f21lm!%0tT9e98_ldpHY7TmF*}!5otCBb&{hFU?F&ndVA#qIm_JP4eJKGmK@%z5y
z=k6hO1%9mbXwI&a1`mibBo9?5bwy_2%^v0<^Zr5}*FLSbbM2Hsp8{WL+QV3;pZ{W<
zeNKKPT?Ky2_8v0w^z122A=7a~ZCUMUtW|+aI$0S$lur;-e0aaz`4Pp2>W0ghgVXel
zc?96-lC%K76G5^s-k8}R7_Y9#8>buD@{qJ8E$%_f`u*v9?HNRQz=R$}KnJC*(GQR@
z!m$`z<g0cXT$|!!sW1RR84}uupG^E8pl`Kdf-f!AN1Wb<o*DT)8DO;0I4<``iPEx4
z)v}Zjx*Jvvl?zI}JVt#vqMRXp1zc*YxDBfdN{#6uv!pCDX^%?GjG>r3{i<i%s+MB_
zjVptm%nmWQc(tgHpR69sc&MlWn%|9E@>JkA2q1AEPx~py?sB@gs}Vnl)y@9-0z75F
zzQVrkSS*M<q0PQeO)Mx3v8AwnWCM8pq=N6DRenntm_*Y)2TDl0m8`hQ&k?78798WE
z{z&L^;y~?XN=_Zrt%0)TVxKTq$r~rj1SYaTc9T4@tezq;h*f=!fu*DC2P{u7AoI`^
zl4Un58-GbJQq1ZpH*Xvd>g(O7`l(uAY}6OHdQW9tikLu`C|D4<KrTz9q8`7BqVTsN
zQESMIPSq~y?VGlZ9-$wft$?mc>y*Ho4iiMXw84SU(>H_0QnjqfEiTt6k8g%oKqf~O
zi%<M+g7iH^{)AeX!1Z-JA0)!TBG3NI1!_ivnFLQk7nMyASHdEriCAi=t13qxh26UA
znHOC0uWmh7_p!~=3hK&k_Rsaa0%g78l%}nqsdsUuorXY1h!=yyt|F2~ZV&bvzT->2
ze(}Qw8Ed``8+QH8GtVb^m#(^vrz-;8Z+PWAg}j=N16K{Z?Ii;afr6Bjn^=FI$%!NZ
zrE=F?GU9r0R$kLd*^+BoxK>UY8ILKsdvR-4K5PlOvkVsbM1Q@7eF27{{+zFcJU0?Y
zaKCQK>W2)Dhv6u$z%(e$vp|E(51tuemmK!B^vh$wOu{1HTV{(LNLj|O*I-Vmw0cOb
zQ7p|4z|Gp~3uXy=DwVb%HmIp!O7mAvXO@?9*>&MxfD)_{MMCz{_~5CN+VgMLB~Rkt
z4?t6of;R_FUA19I;7*|s`&O}MDntcpQp7DE;J~$F8k%gC1mJ_vq%s}z7U$eb6AX3`
zu3CQ!1{L-c>7mQE&IexR4YZ{J?28jFt-3PjY!*0S!N3K!npY|KF6RFnkCt7cYzf_j
z^-=aPwhjr=m#!5AwG!E*Jsb$?p6CpiMDoEW=fVDp{ObJ6%hS%$<}A1D?Wc!_Cu$AV
zUip<Xf>zgy!W0T7fPIQk9B}Z5y$+NX<tjxDVDq(liNFNN3gCnW#b5#=L*?a*nW(Yx
zptu@>>4hmrDeEUq(}>>}*+fY5E#t%$EdTUQ{`{q-^mbYNC?2ESuaz2n&<?~%5DWwA
zqysTv6H^2_^d=lZ^7u2u?|>MMPtVAQ<*rAqvaPzkKD<Hd9Yc4J6~Y8F2Iep2C~rPU
zG#dluJ2yPr;aoq>BIKX8cDoV+f4#8CALquOZs1L!UJN%jlEUI5z<dwD{acLSE6rg$
zS`>;WLGH`n{F9Y*1agdBQ~YM%vON7l;v72F^m+6;l*pIc0N<L|A_?5$0X^7vfi|=^
zfeb}S6E%=cDoziSm}4iA%xq((P`I^HS|UD{dXto@0orkpYBzVuMYw9HmH-{|eN(z9
zSj|cX`P9hSG<zIO!F^(#Uv;wi4u}wS3DGn-QAw)xlwR^cwMz<Dpj+VY>B2-MckN7V
zXRY8mLKFJOv+1^}sbyhbj}9xWVsmoAesfq>DEySgNzAl9CF<Ogb!k}t5f_PoypcqW
zUFUnLB^2Ieh_|`CA3_lERR<Hk?_>u;pMWJ)Ibz@nmKB%Jz>Z_nGGb)tg<Nqh9yXpB
z>xQQM`@D>}3wdLnla~QkYD~fnvVPcu+%iW|V7T)Z*#&+IuDxS|oyn;MtRt)5He1<=
zK#sY03`Thh;qz)$y?szf;z!Dw`e@2!$Tm;6E8Wt5ls>_RJ;$?qE8oa76YclP4)2$C
z+iWIY%p-U=dK!cQ30+<>*-X8OYh0RaRqm?|@}cpb*6J9i`aT}T1u8_Pqi(l@2hrJP
z<<h5E>_X=VjTPlK@fExNlucnyZ`q+RFVb8Rd?lk+RYxF4uyYu$qk&-iSq8DHHj`J%
zvU5-BFLp*8PAXF8jg`3LM<J_4BAwQP0hx05z(gv~J3TO(QTrgSnv;bd+y@SzrMnZW
zJVQCtiD4!s<FQ`|hfOlmp<g6<qec{^d{DEKp25&irOf!V4Dl!!i=^~lJ_L1Mo~>Q?
z_;AQ8HGi=}Jx&YujU~5^9L))8ZR%1AJ&=XJYm!wOSvRrmb>&l(bd3&9#%_;zn*D!m
z4LS6Jzn;@T2XBhf2`<7j#I9&0$80_M-nR!siny2=ATJFjL~Hc6^&CDLHXf&>Cf^>N
zo(%7=$}Xus@54G0qp9u<Um%f#(8(s5T{;r{edrD(IvVTBryJ`m1w-^(rS+t9`!wxZ
z>n!7Y#tPY`=Ct#JdQ~alz|v?BLYh{QjN%>CmKH<RbIROa$_s0098D@|+BIir!w35t
zDV5YQA{!C5jNpK}GyOWP%qwcv+F6#g>_jEE#K00U{iAdm`cto>c@I+S?)~HUhe$#k
zsYj>gTggJyz|v+Ax1Q9I{u#FtW-D+J21p$3OozvftInN*^)lt)wwY%oP~BO#53If?
zj+7Ty-{|Rhlk-N;(V>N`>zW6XrclIoea?Qun`{&P3l=*{&S^bg$+oPK0HSRi0==71
z`+ieLE&-Q6-Ih)-L3AOSSoEnI5LrlBTgZnpN%W1`2c#58)@c0WMQ!U3-Q7qWp8kUD
zSqN{A7vf6Rd@YxTv=6P&biC#g&^i~;lkEFb9SbQXDapoSDflF@Wfsz05^@gk^}l0J
zPJy`-#?Th@GZ->P>t8)AA`S}Pk!*AxQ={Yv^De%;NVsW^v6n%`^?rwIyARuM!IuOW
z5Gfv={w`NuO)8M@FTYWv*D?NUZ0w&<&%e??9E{BW-q-(6py*$3{)Zx#e=<k^9uxY1
z49Wddjq-nN{mK77^(HL;5k>poi-7$bA@?65VE>a|`(Ml)>%aA%{J)HV{ilH6e^YP5
z`ajXU{}ch!8nGrFLiwtgN0o!JN<xB!&oWX+-B-8_x51AvrVL{;`KcvJ0^>L1M+z;y
z5{H0!z2ei=yR|)aJp%O^%-8!Px0ER_b;7JRRa!R)Ax^o9W@$LYGZssoufA20&dYm4
z*R|;Sx83H)^se9uZk%dVmRiSG0PL#Wi7F`n=S%Ho@^N`i_^&p5q2FCrQ>$0<!$=oU
zUD_WvYg=WHX?*f9ljb;)NRD`kvLo5mGB{VYOc&8x<J7lnk7rM-L(gASNr*P}!OcX_
zt+0d+ndcn_cjMOSV_VWCuNmK)V1uqz<-kl|N`ottS?y(-C7}=i4S<}n$mptdApT3<
zBV$Q^jlNzK=Ylh_cpYVK#YAZXtY-8ZNCGf-@#mG_gf?wAXpGCM%S=eHAEFXhh9_c%
zL{fIhWKM9cbEjgGVlHou!!TX2WgBM6@G+SEU4_7JBKEK8!74pz2<UWVDlB8B#TPLL
zy_B=~rKX#qzFA(zW35_1)Br+Qv%&p!WAdrj9o9>NFYMcR?9<l#*r_~36x~xY5rUOV
z<R{tOPnR~4|B)6MHs5fB8o`k#1+-9(s+8hIEv!G$GOw7Sa-@PW1wno+7Lpx>qLVA-
zB;1pGfTzrb6WZ<v(Kh5J3u<QIhfj=C;y=VrmTq-OASjI-6*nrs6ZDbc$lwALtHFO~
zB3@6!)>bLwCWc$7M=8gXW73?HrxDt+!hglt_nr9^#9tdRRPvWc;iduoZCX!LA+J@|
zfzUb@1Pqr!(Ke@UEKd#;xQ;=pW-Rd;9hVeQuz0gS1u%!+1buk;<7O`vKXx-gwgrdh
zPb1?!Ghv<4DL-#AD&T)EdtYxOZGB<|4n;x5m_>K#ko{P6+RRf_@K|?<->X`6NzG#a
zY`?qBP`zwl|J(F}QJHpVeb;n2c1SR>Hlb_xp7m8i`*gt7+2V0jz*WWaIjDVS?eSOp
zZO87SNrH9Pq12c6+%Hf<Lo<zW3&HDA3nq$fYIXaTvR6+|2X$M)2Qx(7B_OdMkV+)9
zB_PF+rbHwPG@v(c-A##1;50*O=%f@Lr>t~<<#UfjW_3iqFM3=tiOI2!N{v61cj)4<
zL`?mW$}{}M+@p6<OdMtH9SYnrc6vrk;p4ZgarfYL{uFL~n-Ka|)SNpMbv;al@4lYS
zS_PW(mvZLanBceWLB3c7FF)i}<Frs9>@-FK-!CUWs7zuGvh^e2Nm{31!o6bUCJ0|g
z@cCm94fU;@@#|~b1;)kA$KBw{0S}=3A};*WAXwWbM*6wh7=LuNSS%j?4C9&Np{@YL
z!{=UqgmxKh?GR*^QM5Ky<psJsjg1N_%Dgld$5*7R!JgM;H;0S?q2Y=@Knz|yss&6!
z0u~;;5C;L0k*&nv3Al>Agf+IJ&dpE4)Z>VyhU{nAD`yoCgPo#IkzMl|9%d%31z(?L
zp}<ctGq<W(1Iv2t2oU()>}-ewTVHHNx2$k44l<-u2BBnBK4cI{v!k?Z@9ss^tqIsp
zNIEQ=oi!L{BomcZ=B`qc#NRk4EZKHAx1A%uLR%LI1~H(u+XMAcs)NsUg*=(Qf*J86
zit~f%Ayd1DS0xpRcI!0R6F|cf6M&&y4N~6<6z&zbQbF7w!t#w!)`lJzy3UaGEliI|
z(feg2x^GZ^>e_{TfmO4LM3xt>U6)JwDjISO2cxA3I%SgiJszMQkf6+9L_E1NM5<cP
zKL+{>jw0H0u$B~k`hf#39?#qY{+FA@-tLqUQxH{7SjA*ti^FrE66uj=*GwAb{_6OB
z>$<fMGv_l}Qmr&{C&id!6l`}nXG9Y$J%sop=0cC0_ToNjdnbHMasa$ZnArHk37`7}
zyyd>Z5?S(ga)Xtb=#8SAt6aSaj@hngthUb26;PA=)LN-R_C<wTV1vI)Xs2kQ_reZ`
z&>nB!R@=l@N-!_>u+?u_$7htfxy;kdDA`R<5&w&JKM#Z~Xv9Y)VhUiS2Pb#a60;Iz
zUkj22Y%@r~jBqe+g<511vgDot{JDAbvb~Z&&5tMROt-~9@SoJOQr=8d5;>%e)Js&S
z)JnqW8D7pjX2P<R5zZ8)B$@uikhS@i6qg<BQ%lo&p~-YYNk+;(B-#s^g-i6SqnwNr
z<{EYAo`A|9H<D!#x~$k}>IQv3^=zXV_jlxBI$>$KHdaVqN@wPkjacDyS&e*9Tk~%h
zV3j*H7)Def)Q<DXMW-3h@HkA&{I|;*YW%7fc}t9%?$fvXLDR0BEY+sGiH1JYaF;j<
za2kDLs3Oe&kY3TL?R0Qb_Py#-Rv>2o2}>>~?Bsm*so9J7q(|Lbs8P_x{8q)|MO9pd
zn1cC(JVVl}1Svi53hoIYN0tXln-4f>#U1{{kyfd&JLoFVKFFEHV=aQ?Vd(=|DQ5YR
z&maan<sw)w%XSM|Y%4S^eD=B!c^aZ5_l(E-qB03>HFCq-H_=A&&2V&nuZ(vD7!B_K
zU8YB-9Ti~@07%i_Ny4lEEd*nFS)eP)zUMc8z4(i|Iw@zZ>J7sw!zJQ9CDOIO+xj@-
z$%(6of&RQw@skL0i!!j}5|v^fpyNRC+ah|c3GAs?O&nq5obz*cE=QJNmyd3NfHk`5
zSbeEr_`5qrR1hQVy#Jt1!P{Vt4bP9Qac35`afY*Sr<Fmo8k~*@gab=b+}!C?-E6Q3
zFyDB@AlGYH#2|yBUJHF;c>w*iN15y3&5G-s$W?KFSddW=p5ZuSj|*GVW&!^i+u%_Q
z6IKR_dcEy?-NAAYiYBN7^<3N*G{+I+qTAbe>bLLMAP}bC1~i|)S+8=8^`J$q=g5Ew
z6F41{JS+FB;xS3VDlw7&sF@84<Y!F?SDEErD#%4AnkO4YLnofoDvHm$jwVf&&ki)T
z0r``w39IH&l|)oi!*<plei3v7r~jcF*g~{P$Pcrk53577b;jmNnH!0!1<SCSK)X^<
zAWq+XHgyd`k7ac{jW2_3@{FKj7HEaFfpA7@@mM}nK*P0IbAF4@I`!&x>f&nh%vjar
zwc6g|cK38k%$mM&F1=VLvNi08j`}ivoSd9!@QN6V1%WDrq79)1TirY$6|3d5gn^|6
z#q@!`Y|w|RFbMuK%K%0RcPgU`Gh3}n>KI+z2Y|jKdokRdMK@_`OvXV*v5}9<g@xg8
zCDr>yB>|%>2c4I{Daj9$sjU$^#oEVTNs|Q@mFL=jwrE0I0_F7#RWreSyzKSOLnwU+
zrizh3$Ny7X0}nPV;6=(=^%k8oJ~FQ(AaoQUSE|+MD;Uu$d;tDa_aFvLYidotMJM8^
zY*xVCX4~aAbe&sm1+~E{8&%szS#C`FbSrfWEG$vtye5pb+(78Mb9q=aVVcll`4Tyk
z7EE;N5B619sEg4y)s}RD(-2CDM4D_Rjtc&J&#rN~IVs1^S%?XX#-?1yBHCOuwxlOl
zv1?xRi*v~_q(4a_JzP|B!0sr3^sv;iQlctEfsy3xML%ots;~x^N`pzenHOY9Y(ggg
zKxhAz8212AAo1f9QjTp=U;mSBw@%U2_c{ClA;ZhHl#2w;03uoItry`9NZVY0`?`Wc
zjAKu{b0q2YFj!PY4nzG7!_3>6??z~odc*a!4Hgq<3UQJu`K0_r(W#y^L<p%Azv>MK
zNE)~f0OP^9v^R`mNLRjDF(6*w0^6qKNi}cKDg;foLsr+OnKBq<APKZg=R;)f$A6xg
zkvQZU1JWygsc`KCT&YbULfY(rk2+_)L!{ow_+Byp;#l`nGml`E7Rz?7bQZK!7${u^
z*C11xvmt5FxhND|tJ&=6PpZ*nJ)vO2suzBWR!f$JdgmHg2>$!N!p8fRv0)<G^uyNp
zRe$<~AJ_|U%ngd6)k=;ja;Kbr2|KP|_Fk_cmXXz2$0;6-H@1Q6J(+<;G~Q_VfN_J7
zM!StOO^g`U!?8oa{u#SCiJ^h-Fsw&_`wVHZ4Rdvf2S22_sV7?%y~DLl!e9b%RdS4`
z<Iy7MxphDdlb0CL0{A#Vzc?y7X_XS8pgz&EmqX-Jmhhcam4N?at10z^#w5S-Feei+
zz>UDgSfGp-#tdcwZT9Ps;a`W;M}XysU5EnI>YnZQS$E{gMBGEyZBjIQcWX$p9Qjn7
zsaSJUBH+nMbKUI)j=G9aj6FCW6y%~6-06@BajBvepdEV_jCmWc55X6Z;Bny?3+N;U
zZA#1HPU<iyX51`p^g2@ZliveFq;r+|iT$ne*-W>DO}Q33gF6bi@tm;{iMrl>J-ml`
zi4WW8z{Pj~l+*f0uoy~>=*sLfO(^Nbn%9d7Jj<z_xpfN@`bO)E=<GZj9?=-%_%>~M
z$aGd?o4tpb$bY7bsp(-<dP4Ts#LHCcLaUw2e;NOzdG8T6t*RLz_3P#GQViX+@(%9O
zv;$&rmHm~r{gR!?NAjFTb4(YUkZ^Z!i&x}HEh^j(v~&{+&s+R-mW-9+JS{(!SO-$n
zix&6yhYv{t+a&<Fe!EmaQtUi^0V!ZR3H0s-5MAIV)sVKKpg0M81z(@^_#Fz()HDD(
zoc+46;&e-dkl$qbU^JoHl^?%6);MZ50+vqLpQaU^ha?VZgJP6&SS=AttW-aVVUT1b
z+Fj&G_{eZDk7-x@0Zx9im69Eo17gI5HXyy@LN^gbzv9(7YPr^6gaR9`9hI{XupB`W
z9d>%2oAS~d&u`<?jG0(Lsm3Y;`a4y(rfc(uWm0^k*o2s>?a3mb$A7GEP?z!qvamS<
zr0*)bmo|=r{48BK13qi{$JbMFeXz|NSwftK-V#RS4mWP0B)f~gL&#LE#lFy30n5&F
zXvBGS5kK=%+U^38EY!K9S~c%J*Vf-!w=y@)c6X!JFz2Sq+?`X5W{j65*RwQ>gu~8M
z$kuly7XR<QldcwLhNa&E7xqG%B$@GR>)g91&T#~<l;ts7CDTQ{MwvTZ_rgLF+Ij}n
z=1N?5tOU*^psku7YeY=WA-MAzj5m?oN9{4E09Swh^a9xyVvX<E&I^=T*<4n7;47+b
zrE&YS)gwcQf#uBZKM69wgrH&c6sAg+M1PpPdW>=Vw%K6=ct;)N#E$^wq=BZd_Qd4y
zDtBQNYRf7*u6fgM+<)CI+@`Z+v-9Y^_781;rEba17iQ7^&P0Ht=a#Ix2F+>+HU}2Q
zIJysvNG@3KSO0da$dp|v+IjaSavQgEgfGaJ3RM|dxL*@jJmalr=m(l)7!TjYp~)m8
zmLny%nQhL_DH8CRd9$4*#3SG?wWn?+1`2$s7-L6{EB@<j=bzR3zeYC99PIyIvir}Z
z;Qu<?`Cshdzm$ak>ahJs>-V3Wfd5^!?LVB{|G5Q7|IYjUZ}EJr|DW-EtpA1QWBt!O
z-xt66zfpkn&)5I^pzgmL=KSCAd|GSPq^bZqW>oP9<bJ%HZZN?Z0XdE*sm+k|8s?Po
z1*{_`H-5Z8=my_!s96KL-43MB(4@S64K7X@9b+5LL)K3b#4C$H)gP)EW1C0kb&D<Y
z7#(;(*{&|E9|jE1TImnE_stBAg{acoT$8_tr0?w(gX0t#|2`{pHsiMEh5!0}3HSc#
z_IvdcCB<{5>t^jBi|;ez<oBoQD3R+~U3h3^U1-5iBQ`Y*A=b*zv8$@YgQItouG6e-
zm!iK4_>yDMU6v!V2k6p0x*t(%mrsqKLb6+%XM7+1_gU6I2IlfCl6F_hN1e-S{gI^U
z69f<!57F(EnGZxB5N3?eg6Fx;EHQyOo)qJYYV!Bc{WwtIa(02{Xa?e)h%F#+{EW*#
zjf$)#+2l_wLs=0jUHzCMgxHmFcJ;XVLT~qp2pdvM3G54L9f0C=kBE<g=H5Zl1=^;_
zSYMhzCc9XvFHPVV!Z*4W6IlAC31kY+ciQ9+Z|U1`4%R&cbA4NcTDt9NZ+WX}(VXJ@
zmnM+f1oBH0s46kP`=tp)z(4p$6UZ~CR|z1u>tJUM&glmx*H}XrJWVFCB;;m8@b~9|
zB+awCXDd1K(`O$8<bq%ncZ1P@d&E5OE;+tGN52TZemVx-b7V>$bezDMVWq=BP=A<4
zL~{8?Q(AQ4<<#%w@x-#jf~r=a1K;Rs5P~?D?)x4Ky9NkM-<v*`CkPbTlQ{+Vqq@81
zzW~1B%BC3#E+w&?fh72N&YmPcH}C-H&u?k?%5pgBR8plE$<bPj@yVUjCXV7D@7M!6
zH4)0|UzWh)f3pO_{#}I0<bIL*9PHqGzp)wSMq2mL`hC0NcDvh$OcJ5+8XudM?z!5v
z`Ck4uByj#Qv%&Fvzun*;y!Fgp=?!+?aVe$M;e1_jsk`xK>lvx?x81ez)0BVZ8^OoN
z)}_o7*@naQ?q$zNkI*;A6)(3Yz89g-$51s#m2OW7kUD>oo%)G`^w|xA2`Miw5uq!^
z;&_L6A#V|1DTv%q6)xmO{O`xun~`9zNP}2*HiOsS|0NN;D{lLe2<|Lxgx8S6_iPVY
z+g6EOfiuo_dfm7`>AS3VY<0MT{N_2vcbRG}dUjvMbC$jS#QXR%1mbVUcXlD|<Kw$W
zZS7q`FPlBl=MgwQ*|B=_4IVk<-zHaG?o`P>drKx}zOqdVaoYtrQZ+TTiFqC|Yt7wl
ztt`sWSDLZdg_MXk<qWb<OG-{cFjfb5F*Cv#U@WF0pYf}+IdZt^-YvVDS&Cf+8ZtBD
zhMj+>!{zaUy$iX(xno<=@Zh~NscVP7tvw7&vFd;toK9(rXif#gC?SW3Z5a>Czhc$f
z0yAKKifi(AD(SI`Vhqd~x6l^2<ygL4+Ql%!ho#i^VkK8ip@}!_cYukWlCHe$2piD`
z9T@gcTUbpr(!%_kN#`xFNuTrlp^T|@K=<fO)|(r`T!&hsS!G~NP~qexUPq0V!4#@I
zpmX6Ra0qRB;Cc9CWSi5W=I3Q`;_+m;`0M5bd6u-A<sW8bIYxL)R=tm1Dvb=7um8`G
zo>@eRZ?jo$ZFY@ls!R4E14uY8)-*Wv8#tMbMCCz5**AP?QVNj-NFgr#2+S=go0AdT
z9hBm(gzz3Oy+Q^|RIt5aauUXQ{+N<%xE_9pnPAk*+nE-S$l4#*+W3U2n({ccF|RD;
z3oT>~)+qx)CD`Ii8T(@u?^VX1V+WF7h-9N8LIOxcie>h_q<<1<L&Bfi{N73#Q#w*2
zNz0T5;9RaI1%ipv5BZpqG%^9-?@p9D(a*|r5v$(6X?)uml%-xlwaBU{JjgzNW>FuI
z<5!eYff7dlNO5GeltUY|fc<3xEA(5?)jy6-ZoxlK&<%=5N97ezQ%@A$$$3vn%0(ol
zMP~gMO+m=k8ydVnT>>f(%P3#SEyt*THAbfY8WI8l-pjh%g!UNqd$fqDW-)3Ya6kvz
z_{-lmTi>nVPbM;Jt3-2eXk;cdu!rec=*O;?bGp=Bz$65gRzd0oA${-@qs+27RL|+G
z_0K`;SYNsefVGc#kR&12o%c+tVz`nVf*ue;FzhI_Q^iwJT^8I5dMQv~;-KSY4k@BB
z;Th22gTDQ~JCe%sJ3mj$&$AOr-fNj>75j=FxQSi=2Y%rDB2zO+$9mySIUNfLUWjfI
z>P4{>cC%8pn9$RnRycQMcbNy&IEvLMnl9Z^x<-p_dv|t(FW;PCFS0ok^u?+e-&IuW
z(DhvWWg9o%ZL>$(k=EsP|BzRv$_sgAmNP-5>)n22BJytuUblFCU*E+armMn$8!C(=
zw<nOW$7B<uOq=AT*p{4&$cx=v*W1FbY|<qH-KO#}q9o0%5K$@}Dm{`ULR$2Kuxio%
zD8KI-dAUg;(jorn5Np~qO2|BAEd`PI5IJO+19Vp4r<j)esQ8iMlT^+ng!&$!Yzn3`
zzkvCo8_9X-YAC>xKkG~8KT0YzPfl@vkDabpP&i-rAM_CtQ;C|espq|6T4Wp*Q+Vn!
zh+H1*WMJ|gqx|_iVE!QRw8HFy*nqJlAHV_pL=m%yj|@~_3IojzNfFnM2;*2aPykV^
z4da@vmPD6gaP80WiaQ~Hg{Bmfl)e+wY^UI*07n(arm)8GSBjAn2Vo7KKNh}?sbNoI
zvR0C#&T-8ztt5^!`0mz<CHpJ48c(Ua(boBFO!at-?q-^36|?rwEQC^on%TQD99SSV
zfDq=K6oGs0l*bH=+Oa>TmLAa?Vbm>4^;E_M4GLe{T-$TqhpieB@Wc&HZRf*#Xr3#e
zQTFvgvTTKA34-a$s`?+kdNayp%%lcvlmXE@rR-O;S@4xn0zF$0Gv2E_0XolaM>~UD
zwtGZB(!B#@HOe~He$QsDcd5tvfUIen$EUIOHp~6Z_JI0~QYYZH*}X%@-tp4uDsbAf
zlYUPAyxpg%?~tko4Kj56>pEvZB;Cg-o-P12-byf=kj|XQ7Aia;4`GSBz#&}q6+SY^
zLPS}03nS^3pDC&v1LJI5SFRPHr47q#)sw8?4y40ffUuz!bJ{6JyoDJd0%eOTCDacG
zWm7rvWX(<&uv4O{-Yr)6(NeXbqoCO|yRgt(P?=5DsHv*81<-tCY7tyhOINiQXmkzL
zLIzTSxw%rbAnTjlN$&R|b+Os^VEsY<wxh)}L93T$!p0&ux7o=yWy#-!3L~eV{0txZ
znvD$nL#<Kl_su69UPhYLze5;$mNU)5c?Fx;z2ruUFw+?qy5s96{i~0qMJYQKp3PKK
zd4jEJ_sc}6BF(e0UQRT{mR3TG-sms6j6G=W^?d8qY(+ys3h_gW(rFv@;<>Ovw*nEp
zG{A?nI-WD6eeIX*DItQbxpvm_l{bu^GZOe^G1sODZuYBQqaDHSHz8~d(ntmk+-7tj
zKD#HSUA7z<m=Y{ks6XaPiw7!H6e8q+>&$J>4`UCCE61t|<6VLtx2M6#v?tfT10Kqt
zqc=64Y`mqB*})40+VuIcW^w+6tVSn%J9*vq=Cz~lxS(#kz#Z@=yj}BkZAmHOA;}Rf
zA%f=~Kkw(XMW_Y_h#e||)g0lCsoQ-d4V(%y-&QQHH9Wh*Zc$0IKA2rmR9M&yEcmQ*
zWQEh23h4r9Di@+WVULV}1b0=`FzMtNg)6r?G@ey)D(lAT6o3qMNKD^Xq*-E5w6xvh
zmqDt6#(;Q%g1v58Yks43Zdtg$)H}b&lJ&c-G@qrqY*W2kSdfZ5<mQY596&0;S5Fdr
zxQ~kpY}E}}CzR=VW=RZ739X!h*-V8>&oFVpc$G7kEqhuX+dN*7nkR#S`INkw$ykmC
z0wo??ULs8CRjnN_9#sLR8o3Wm;e=$AU(*n$1YKDC>!&PH+U|djagzxBb3|^i9LBd6
z%%rRsKRSZhOO-Z&UZk{)*s7-q-uAF9^|bxfjDWWM5o28XtsW;QDk-diTCP|Hg3dQX
z38bCHI%YMPIvdP~HOWbNJ7p|`DQ(?s=37Ni-`_VBNLCZ}N-Qe<?L0bDIA?lz^wL1z
z{OWjy;l0ItFDshTmAub4I8_Aim5!O0HaX;ioAV*h)>9Bnwuz}N!$RqwbR>UM3wlZP
z9G%bB-qb~|k8ulI?R%&}D^Sxb>&L-V*c@2v`ljLNgNBnfKKl7FPoSLIhJ!IttG+*{
zn&M}VtDA!1z#%~D(@fu7hw4HqT2i$`6x2-f4>96iF=SoV_V^;Z^N8SC!csAi)1vEh
z4A?oi8|DnR5w^qx22qPs=J?d^tOudv+1Q)4&1(7rP!io?P^=m-h+C}-w84AGbz_K|
z9|j)0>|Ta3;WO||;#uYSJwd<{=W_WO20jmVHYU+9m+RY6m9O`zBB`%2lgvq(sbosJ
zLlt{T990^j*=bF$xF@L6nZTPTOVX0S0gCA8f)O+E4md^dMC#1sWa+4S#D0Hpiog|y
z_B11vsKwO^d{R}+9SyuF;a1sX7i9LUl?84jOG<YWCkO>4(iYGil$RqZ{lf)UDsXfI
zahk>>67&SIiaOJ{p)o0dyM5V`_>@WnY^Gn=SETZtrGRq@0zzKZ-0`#9Z7|*v*(*?2
z7Yw%;2FpaPC;QEBU|9|GVGW$nnbG-Te2P%83u1_*ff@54?ub`K8*8oqgS)c|j_XU4
zyv5AS%*@OzS<K8VS<GNDGqXy}47Qk=nVBVv*`n3oGt;{>-7&Ed-TN>bQ4hD`R-Bg;
z=T>FbFZ1)~sJ^NQXD8rs&&2@8znaXxyn*iBfyPls8kBnZas7O)2anfn4<<4X7S#R{
zh5?3u(@eZ7Cpx>mA`KbUmOZF0*&bLS(Iy3gESXIF3r+^)5PQDOex!jXWRf`$9vP-=
zPvch)q-CFpSc4;K%@pf#mON@FuZq>7hGJgM)3O`m{DYAiB5|o3epB9aT!<3S18GZ-
z;KJVKZHkmH4I1>w8#Ww&?2i>#^ps~=RsLz}^n=}Q?|HU>SV%I~J|)F@Q4T8$)x=;w
z(O4nPv*ikG$VipR<)!X}#As?Ilpb^?OQ2LET%b%SZG7nTh<ZhR!iQhZI`4~lHH&%L
zqR_`YU3epl(l4!6S=sE?0B+ks9t7reYpPi5EA061cN)0n5bFNlU)mrh5vJiuP~L1j
z(_;&oxg$&9XKvFl)Jw{enac5Z*B(H$F%H4Pp?1aAHkWSO!<SAfUqVbw3&|LH9@7A;
zJUDOeE~$Cv30p_>ZMzDPJ~_wc4PE10LLQ@?dFoUh122q&LYjIJta+DLcgrOF1e6Tw
z2^cILeNN4>&uFr?eH>fQNpo|o2EwMt9|lc^k6{uk5I6j#xxn76)ibwDVxFJhXRn3X
z2)Hy?aUYI9jnE}3e0mA0H{o6S;cnudhssuoUi}1Od-$5W&Q65;%(S@g%f8iK%G$`6
z0Qr$9F!x;3-lTJb5FI;)m>KuF+l%DbEiY&vJ}uTYW)x%L9R3`M5|*;L#glqqs9_;#
zXpx=VjJdx)9q(?e$uy5&8@yYu)_ElF;G&(>TC$ojSciO1W_PK?7`ZXL)fm&7`PQ3x
z)B4rE;iu<}tR$JIFHR^xCOYD1|5>*kYUaqJlUChxZ;<UZogD|^bbZcx$|62mI1Qd{
z>&*8CZTZ$S1HhbDS@M{i{aNu1;rr1|`Vai7|7h-JWoG<ah1DN3<iGe;fBcfaSsee<
z{i^?6NcGPdRR1#Ci0$uaBewrc8?paWw9%jC|F(PojX}l!k7%Q@&tXbvwqh_K9g<mY
zel~D@%)jJ12=qY10T5(!&7w+$1k3>juxpGVpB>%96i-gT`xNb?y}9v(1o2LG^6DEo
zmX5<%j)h=iVZXTM7F1pAR5zT;D^4@j+{%k`f4sn4qP|bct=VbmP-ctVj9%l7<vO6e
zaoOrd5K+nT*ARSlUYs6i*ZnQn)ny~US`$CQaen#E`Ei!|UF{s>djW3N0y{RrF*kK?
zf{<A@`=+Vss$JJI<ru@-)Rs-|u6f0)@Gqs2Sb@qB`Tc#>UXG7$+gR-l--X$d$5nZL
z)pPSR8HX$TJ|*0k^2!%#oF|0=Q7q9C7g&6CE+st`{Uew8W|*oO@isZKQMYdA2Q0Bi
z!AfSqFJy_O?2~N<P8cwZAp6-5x~#j!0FY!kid+%%1TxCrKLy=xqmI%^6s~^?y6MG7
z{}gmDcI&xk;2DZonj?#XGZqwojXFxeESc$bDLtSY{yHzc&Yo7lZ@nVeP}eu%8Jc_a
zX;KYB;5-|wuiI{|HywQcV^WoH<0uKLL(T8XPOdnkAJnguN*41a8;oO-GgYZ_wbDOJ
zrp*>Rl{JZ%Oc#*?umqzd@Mx**8U@Ra{h~x>SOAbHA>H91U;m<w+NK3z4-!<m``8#W
zosW(^DA}P&;`7E?fVdBwFH`_FGa43%hSpYTmFOOVX7yGe8gL5u?1rU9#g~g5Z*1>^
zXI<AruJ4$wJ<~|MZlLdZi`9+du2m20$MiVZTFw!SWo66lM(7{`q2K-Bq`*{&X-uV>
z&Tq@q$4NsF?v`+P|F~4OQ3F3eaU%t!f5VN?o-UA-@O{?aFM9Ml-+7p0@i++Q@O?VJ
z>Q$b#hbk(0%{wI)Os#Tc2yA%1rF_hM&-~c%ENa<!Md|v8?%LY=eO;ygtz+ZWZ!72e
z$SvbC^JANR>(#I3t;!AZ_l}&`ovPPIsg}J8z+KLtH)QHpdpiBn)jHcE&r)jNvAM0i
zhrJo&Fay+QH#6%<B~P#PF0}2o>{ebEVYP~zcn}K)o32At!9{kX1cbf|g;C^LR<8ix
zj$HI6Br&Pav!~NEuWd{w-z&fW(u0E!&Jx7y3I4l)#pb{dgp9|`7eN8b_h7HnZ08|~
zr*|y=^V^1pjL_~FtQW{-5S<P22sa0YBCql9kDT|L#OJq1uchW$EBt|X&r|}ZSp0bG
z1Xl%=mbnwQ-Vy_=3|Jq|x_#VhthEdw4Sqnj3!>`Nl?hCQ;N`OP&w@F8woQwh%3BP}
z-WD_g2gIkj95)4a1z4iH0<0I-cMwq^B8c6?0?BpKP$8J6-khV7L?l)8>2s@I1|b=2
zn2F#>4mOYgfV396B&w2et+;z$r}N{4Qxz<DK|x73Nx3zuyDES}ry`Hyc9AROSIW(1
za+USw>@t_~ezS*(jpBHu_L|>WaTF(YbheVXjoXs-*-2I)kc=Zk_bi*Wp@l{-sREQH
zzT#kH=1Qwga>B+vDo{dw0{BmO7Wt!JiIaO-ZYGBrO^glEOhQr~e|?aOCDx3lu^B{t
z7Q|2-3iv~&BZbL73K6iZ12OBVMP!FWcLiE2Lm*TqxD5;pi<QAi8HEhPDAK}52ssCo
z@gr;-h<h51QcU(c--d}0+>Eba783c>3>2^eS$>0sE_6Y(5Eib9HZ)S)5ZbU5<Z6Ki
ziHYKa=0GEJEgtRHfl@#NCKT`Bt_7+zxSEWrldgT!D_X{ar<y(exZ+HY1zThUELpnj
z_$?<|^E^Mt`&!Y*pfdP#zA|{QmIOhQCM-KxAUe!(aupo^(4=-6hjn79jvSWEEjn15
zf98>-6X896Vc;7w83+ln47WrfNgwtVCT^0{NejR-zaI$HuJ?;I5E)*4V>G)+IW|dL
zULlKrk0K+Oj9;AQZ+KK2%Ht~!aw`^trolcZwe$LUsk`KH#Pzff=0kz+{N1gPY(i!*
z#{tKpCA_y1Om%{{&|n#k+k~pfYR5Of<AX~k%Ww1Aoi%vK1ZJi3Vz<VSp_n)brTZw;
ztq9rn85W^yMj!^|C>m)yZn|j{bm%39Qes9iw_u)4=zapTB?4ut!>RyPg;gK2)qyfx
zLffvuaJRr6nJwF!Q>s-Uxxs3EwMI0X*O>1DV|zs!yX%1Yc^HK|P3IGZ|K`gUdNWT`
zfk5ow3=fhxAcn0zlus=`Hs1SraNZ_pLgITQ?%u*Ht2^~r^LwIZ8u8(%qG%4Wr%-4i
zSX1l7f)VoqnOun@t?f}g<pe7rz7wC4IK6<XdLF^IDD7Aw<m8w0?TlnSmT_%b3fRWt
z+o_F&?O==(+*y)sjlp52qJEjaXX5r8Bc?3;0uw%u=`ypROcsyrj{;3?-b3tSqPiOh
zi0@VcWvj4JmLP}<nSzd;$D|Y*%_q2)1R!Za&{v8gi-C}wP1nLCCMo14pe5-j<%7)4
zp}rYWNEuaym?Sp!CdjGvh20JK5##vV(nBq_L$x~`MY<jp3TxcL>*By_q?8jumVbc=
zftD)}QpqwXeG+LL#TijV%D~(8MFfPPLYJ{57Y48gvbj>pB$QXduqPBjOD$ju)6G;1
zE72%f8V`UwhU3~MWHq8U)z51cc&eAVdd!x4u*X52c}_+nuwV5&YXJoefx=PKF94TI
zXp!NRVSs8J_)B(1oB6?&_VTE~b$LIl1U84OSxAQ4ODn%<*3nng=NTvw&Cjo$faAb+
zXtc9$0D5e0sLLoGQZA=qhI2ajK#aZSdB1nUSq5^k5|?jA2Zd$NvcIra5pC+WXSZ*p
zk+Zuxwc@dzBBQ45(u0Cp9Vo}F$U=qranI09du^{4M!{zc6~;7|;tcv$L~TYVLC$l>
zIR?yf*yRJ^vl6g}R>tuQqCI9(Xse7Xv`KWW*LgEiPgB=zi?d9l(R!ooB&OsIsAv=@
zrlX@uwps!YdTotxS)f!FVQM6TDM(C>cveFZ8qkK5lv@UrxbNlzGP><23Y`HN$kZwg
z0SQ*pjpIlVqI9xMdgG)BE^#Ui^Qz1fR><+KX>$9-wG+W2#~?UHfLmxfo>6c)JLGS?
z&%L}{WmuCgm<)%CK-{$AQW{{Kh-w9NRa_tvRHF08lKs$qL4=jtL(oE7Fh<r2+a_Ut
zXoJw$pOcKNP@)#PU30d?&<CL@xu(`_0hPezs7ihy3!>HG#nmu)RRdLpO^fB5s^xk)
zjaK<^L4B(^PJ3Z+cy(q6L{c{L6{x|UjDvB0hGJ^-fnO>V5J!F}BH%~GA7Z#x;QQX+
zltCD83)2Myw*%!^cm}I2h=3I-P>%diM(EUc_oUkeqTO^)oK7Uy<8GgXeeqL!w`EGU
z<#q-I4cedthug@^&h<XKTAg+5H_n;hUoUpWJTy|<JQw8zl$n<ZR#P|!>T4-^h~3M~
zm-2~kWDi4RD6&N?T2z)ply8q1Dbm!yZ{$nm6CGxqR|ku@N@3+_rpTy6Yn+(DV<Qzz
zvS;Fw<Qq8#eA9~cay$av01axU#4NoJ*>o)t=GZ}mTV&U31&$Mj0y`1rsB(*N%~xrr
ziW6psA#W-E0)ZUnC<?087$S`>^DLp#pyJ%m2H`b4KohvKf0G<xOONfiD>$TF+-Mcu
zUg~j!I+K)2u;G3!=I)@xm~~d^yM;_?%u!qhMpI#cim6+CrL#;ymlk2XE3GY;KZJOY
z-;RI)(}+`9t0Lo~c$Xqtt5V_OSD`~zre^Fuo>U*F0;D=h*<BwZW?CZgdA!ssL#Udl
zX`ANT<L1#`YzWa8AJcFsbT*-^Q%I@A>bWJTP!$Absb^&J2nFjH%gDFHDMfijLUmz+
z^}D=<fsp4(1(3n)LuFQO<P`HzsVT*TWV^CeBt!I_bu-njCc#+9(0DJ`S3p>J3dM+U
zSXgAeEXw463DO8=g<=-#(N}hIV%Y_A@2CF?Je*;-Q$psB=5SS?1tMCJrG|)%xNG%)
zw81M#c~s~#M*pt;lyG{KzZLHcNTtT4&*GBdX&*HzwTW802#yFhT&lsdsqcT+NorU2
zb2;%6CV+cI_a%&T2e7=&Ci%Mud;`-$rb;h4`!UfP!4<?=UQD%)0tr@jO^tB`JAm0T
z3>H@c)|TuEU8pb>AazRB?T<>VUaGKZp+9U~)noDORd#0a=2aICs2*?)*oFQ@O&WA&
zO!Pc^>zX#rFxh#15P5rmO~iD-eBsM93m!Y;`8xm&ITI~Qg0((j?$=lBTdjH8z})Ec
zs$dJHboHdqd&;hj$j*($_{K`0!ALTvJ6jfM<H>CIXvmSLG#ZjNG3jRYVBvHFXr#^a
z<?E_epQp$uw<@VW9q(umCiSrwn<^d|>LN*8iP(IW*`bgWnmkBUwmmvd5J5G`bx3-b
zgCRG;J_7y{Gdx5YHkJ^(L#IMIKcFBRp6o3}8xM8RBBQ6Ja|wQPr7RnA;+8{j8sEQi
z#^$Zr4nGTl$MY7E8_u?*n4O5V#@}#GD<@W{_Ioqu@itXW|Ek&Nsqy6C!8Zz>VSJ_{
zpIZM-gxVKa<(w<byR>?4*4Ia9LZMFO!QZ<J@c3R)ymYo)hJlr74LZ=;ZOsHKOnf(o
z5b<LwFnh%UqX7X7CLUfhFYr5KfEz#Zq2)1P&H$C}aT++IX)t6PxN4eiJ8SX<hzZvp
zQ^{o;B;bpf=-~SoKo|viFYs^N1D?G;w}8EL;~+;+rdFmGi>Ele)fN#`^l61?O)!iK
z1qHvBFN#tXttM2)A{Df@-z{KljjQe{r@zks^m8&y2Zlea;6g1#H3{69ID0(a`gtSP
za^sz`Z$XCAaSRzp_Eqh8Klv*IchZ+5;2=&Qhxv9cXGywRxB%v8PC8keIfrkl2qXUa
z^VE6%?7wD>2zhP^^L#^M18({bAIywz(pPXKYKMQjJBZID9&WA*xu3>w)AMU{YkmH$
zsNORjLDRtGEJWjsi;cl>jo;k@+Hfmc&}ah*y!Mkw^moTfy3+gsc}!x2g{EZ-5iSP-
z`(x(gPoOMTw@jZL(6^W=ztz2y-V&Loz503e{7}<@2VH)ih+@nayHRN{owv^CK472b
z*HMC#Fe~2glM=E%6l*)lDqFoQ^f3rT1ufemTw<PXC(f05;1ul_yM1{UE(w@azm@A!
zsv0Fwh9f@%dFYGhOU3KDS(R)WhC-5Y30*DSjkhXbbhew)Sir93`AfZD2{(<7AM?Zf
z$Y+QOu@Gd%AiCxO^SRKVze$O)&nZJ7i_Qhv@@MAJktBeCrB@h`8Hh8SLLl^6A}j=@
zS`rqqKHn~u`*Nv6St3_3Rpm36LN)f|qEec#mMelNS4D<dH7ydCqwURyX?&#wHXo=?
zE?DQhC$m4z2reWNA6rub)2(YP6`2$MCZtYHSt=#liKZVuI_-VShKTNPwH4%wlS}PB
zoGa%(t=DB`LoEP@V)B#n>yZ~4jci2^5$^4791=>xnJ$Z;6A(1GVxpZG4fyw9LbDxu
zJk2ToN+mb{O>xRDRQ<VK`w`<!Ea%t`^1e;mX#`&`k73ZeAUBCO&|DD|8Bn%pTfGC$
zC~bjl75Ov;+`WgPpZTCkS(AC*VV4hFxn7aAV@I;c1(bRB(AJw%oH~H2%_B=<?u<m6
zYe?q+$^n+@2@qcf9`EAS_A!%u0ry*?+)R(*m-1yb0+vAE*4hmBKAE!Et0bRJ?n4SX
zxx@7U`D{%$R<$3_q9-7eE%?~0Ufu-!9=&XxL$1g2uy1kJu1YcJWXMhLI@2s;1t{6B
zh6=e0j=BTB$`Pr&8mVYIap5E2dTF%N&ydm5Trp6@K0WkXu`ehw!n?I~$AfR;@EHP+
zrsRC{RcsjPPsO^k*_wKk*XWV`KF)O|?RM9$C-L=mou6Y*eVxgFjRf2{dUZ}qM})_(
znCJnr)FNETlxlE0FM4=pcauDJQNqE8BPPkT_|)g@_GGJGK%#}mofEFW-+A{YAUm9H
zh~{+QL)}-zzHh#|7NnBAja1T1wbim5AAP8d6w~~@$@j<9`OE!bW&0feZTijRuj@aC
z(q9+<N8s>}=kzz5=zqG&_x~ng$o?;b(%AnFN@M@eP#XI`1*QF2{%@Q4-+6xj2uhQ+
z`)h!@Rw$uUttmwd7}rWX)^fqg<u@WOQh-!OF<p2erDi??5ZoH0+Fz6T=t^{MWgLgQ
zB;~j;hvkRKgnUKy7Ct4vy@ZbAvmst7SW|;tNt<<fdD~Xz#Y&C#!aZHbCLVm&`L*wB
z`&;XPP)$N?^$+jCktxpb&72?X-~?Xu{1pVwwc>L<m3-I!?;rU->%PI_o!>6sJs(~e
zeAj;De)wzEil+mzOZKMQFxjxrl3dyETi*_ElQUlP-+p17i?q|v=OF0Po?nNOorkCB
z5L{3E;Iu7KJx`_c`CaStAhqS&x*pL{g;urvIiL@lUXvumCv0A@RvPTmJ_)!<Y{@zs
zdepgdL7HamK7Mr~O`5*P8KVCV8xl}Tq8sh9m^mK|j0@tZ)<SRLkf5GZsXRlrbz%Vt
zZ4aNFl;omo_mlJ&RJNGy2*q5mpe*>2Vx~3QYw+qg<k%v<3?f{2bOiQH4Bd<xQD1V+
z1Ny#(PBJH5Tfw5stkBS&-`N3>03CSPgDk9CL=Wf2MBK&bm4GW74<^Qv+vh~}>Rqb6
z&xz`8;I8R~FM`!R^q&*eb@H|6N(|bLfekxmv!knKsDIOo1L1-6yU+I|-iU%EeT68b
z`zr4TtaHqV@n9eAs)D&A9AIHZ_JE&EV?bU$spP|mGbl;A=1nWOrk&insoWrmjxD;J
z2~A%?ZoaRfrv+XCB5jHi!yW(I)#H>Q9HRb%93LZ6;sU&dg!2OOHQ(kkS=gz{aj=5k
z5?f0J*1oKIxzY$6BtXR5?;szTnuUf<N}Z=sIW|pdAK~tT)k?4{WW_0kiQv&5(Mu=n
z#v8NAAq4h)0!SL)dv0^%bwmBT=w99)=<IoqImJk1UAB|Gv<(9IH^(c>7uVa8!?r^L
z>&L~I#mtYYmZrc%wcE!-JL^mKttvJ_-)Zm1(JsF?wA|RmCB1>2+>`Ci)i&#k<d5C2
zSqrb3lh*Iy3|+SGEJ@$Kb=;)hKWvXZbOfGm#y9PtT7!hBMD@?HA6cckKg@F;#m`{c
zDZ@7|SujA`lM5DFE8!Uy*$1nIHJ(kUG9Jw<Kzwy!r{vy!j&1c-fzSTVG@s^XWA62;
zjFP8zTt+ChU_OOtxyAd9JwxK@L+!S4W#9#ZbJgb4^5gUkdVHB6LhR*uqUH9&xon#N
zX>ZP?!=2$+<GekF)aMoQKR@(o-#VHj*hTd$iFmNT`!e*hKJ1evu{8yA;h5<>s*o1(
zQ4V!R$L)%sy`@6|F*8Hw&C&Q=YEV=2BexNPr=(~xvSZJJmt~ZW`@}n(&1{rckcZ5j
zDr8{h^(1b%+DQw3X)@>wa=gWK_jVa$47aVPNSXgPBs$qEFs|w(fC0-cBYXjSnh1~(
zIc$jOIG&sr?y@Lr4+WwT%1kM_nayifH~>w>!pIp9ISyc=61p?60$@|b1v-f2L^rS>
z^mJBdFZL7iaNZP!10j0>M&@#D))NDdIU6vuAlFH#+ig~I6RU?BLb>UEcyFY_2&De4
z0q|4YNB#60x;-9}l`mu=YiNRAl(T=~nlwFKb76{ZY3FD~cCo0?RjHvKw=>`4&Yvq)
z@(}4SX!@AM(WOY{Jhm?FUmXFHoCJfc1z3v)21uqIvpUdP<1XVuYJ+PCcvR<Sq2Nj)
zimRr=_Cuc5F>%F;_C%qpNX(A-4}nUf)-)-looSH@w3gcPnXTmo!<wMP!k~J>DDzRn
z1Nn3-_7YvgnL5|i5)SQhLu*tw&o><>qU?nkt#FS6S5S0EpG}?qp3`i-rk{?3FN>iu
z<!IdmFSZ2BgrZ#@?mMeQubO^t(ay(CGKV<K^p~+qj)sh|W7>R#SqCMIfYXPHd6#oC
z$4btrlv^u1rT6Dg<?8p(<sN101T(e)>;X@L9{VtV%`k6j?4Be5ZAD9zOtzFRK$}N4
z+6I3!ET&{dE#N~6rmI!ht?JKCAAFBnxj=WPN7CZn?6=1G^=NO|t+(7PJnLz^kq?!M
z$R*;NXB9{^b?u`JgOHbtYQYXhhpIzn2FCkiSx6rTd?{Q~DB#(ll+`8u@Mr=@fdB_J
z`jA8vjEKi%pbkQp1jKFm6*gCZJlcQia?dU^c$_~8v8=#WMKr)H@qWr@kpZS9u7WJ@
z4&V_>gF}tqI7KAa9!*^q9(yfu3_n&O<f*vW-pOjMcMO5Z=gcC{XVgQWUT)1ep@}aA
zMg@*Eu)Ie`6@!WTBBV3rVI%}fMW04G09IMZ37#?R?HGVMv|ONkujaTL<{Ti_H?hK1
z6%F<6w0*z-0GpITt^D$2@*)kDrU;oA7mP|R?YXCY0B<b-QcH(%BoanLNBtB-vUyK>
zU_utRhAk!$+I-|xIa=ny1P!rw4+}X3ngrTa&%eP$^RPZTbCE-aS7n*>d6nF;8L%u_
z%U{dLFwQC@B{3Q>uFpb<>B>dH^2@{!*wn&o8Hx&@hXTu0SZRn}H6+_e>8mQUf-En3
zn#gKxeGRF$Au4zYT!5*%<m|5qXn`bX3h#!1QOyJ}4j@jqFO$VC2^>VQ7qqR#2Eu2h
zde(eh9@%5kHeyW$J<qdb6?g(vt}0G<>>E&eLYLk5>XmK@gQz0m6!&sKMVpEpH>G;9
zps}FpYP^kv7&SuIyn6;VfzAA;RxdMz?u(WyA(t~8;H)p`PNs+}EbEEi>-O_Z@4pn(
zsNGUF#w(Q+9aAmaAZydU+??V=Ygk;c;|o1I+<M+79;(7m5!w(c<p@vN+-6K#Kkep(
z?ay$N%E2E`diNYqZN|ooX22$M1=+6{iZu>YNUkAr7sfwu@)QQF?n}FB3Umw-o40XU
z<kXIP@P4#US@TrpJZOR`R%8|}Yo>VU9TP0|@vXjCFNt)&aOx|e0%m|3{7h!0D+Ik%
zL6fWFwrA0jOj`4kWofF=%+g4QSpj}hDw#;xAzb8zlVVa~O$&{Fc;XtJDM)$E>{?OG
z-@cYQ=+e7%kj}GH_tC5#XfYE*xeSU2aR)90xA^*-@Kmc{Zh+psKphtfOUIW%G{{F_
z%eqB)P`WSt#4&SI!y?AhueGYIEigDjlPX!|m@Jp6x6`7ayH!5O4^fKre%A>|i>EVp
zJ7~sk&1zLS=*B`)>BvcL;f@Qtbs;+&y~}9sl4_1Y2jQ+PcgE9-n<atn)ccC&y-_HN
z(irc&fxSB*HG2;nee5YTkbLx;oVPJRM=J$^!$E@y-dtJsCoXJYpn8QUHDF$LkYX7i
z-YR84b4qUPA=$370g5)Ane)&^7giF}KgXbsCjZlF6~a9k7+M*~)_mF+Om!wch<Wo=
zGA|Wb+K)zt(l`VsO1;a%In?rMkhQO)8yo3-P9^6sfClX=`gnTl57e(%nX*Qaruuq4
zqHjf^I<0VMA~J3S6E1L7zii+WEW1kMwQpq|Vh@o+L?`f}eK})~ZN(oCwGU5Sxe~;1
z+DB|Dok~2cI}dMBO)sYIS9~_zCE)C?>XGS~@NQbC^P@a<QgXoC9-iBE^>SLbsgZ4C
zBI}keR#g*aX08-yq?-FkQ@F`23vc0lG-P6Q2}kN+ICq!9&~S0ef)11RmjMet`Onfy
zHW<l+ja>Q5^yGGyKkE8#lA|bHB{9!O){zEcB1|F@v@4&af;xGg+kpk#N$I(bNn)~l
zPJ3nrgCoe)D>A+T|Ly>F4!5cY0m-A9bfE1Jm_cX|38qD=X3$_$UskJKFr7>C-)nCr
z1xY<A#&9p6oiT(-#HO<^HN;S6Q0GJi7qH_V31A_H^5UvMbR~73cJ?LuMJP4=!b<!L
z-$NWumHL7x|Jfrn096^x5CJ`P{shSo;TS1~xg$dhfMm!}YA;c3*DHd7EXOb$mMK_?
z8OB0QaY;<C6^))nO__{>iM^kssKf<jBX$r(Lt(Dh7crN8_{~^v7L3C474+Fu{<tV0
z=1xh0nsc?9=sw|#`l1Zr#yM{Zkh%$4fS*H+<+^n6rX)J$k!Jv*Kj%cH{j|1itAep&
zl`1I(exavMRUph5jz65lOl{mCWmETSjJ9Cid*B%TEDoZb>LTubv{vx~$U14r$#B4d
z7Uu?BHVA*Yok>X+!M$Q*?gnv|h=Gc)KeGAPxjmOwjc4f8hH2KO09Rhx4T#*DlkWYO
z+#l|FRw5RqhL#cU^!Yis79nh_`fZ-lDV%g6+EUFZ<jhm!t;nN=&KUx`>EY)7q-*rs
zVYV15wdaMUVevLRmay~fH0rgs<C;ANS#dU8>4G`fRSHQm@iy9XbiL2Y$;kH+#X2L+
zY&SX(8J%N$b67|=Z3YRp7`6P|TG)sR&HGjdbF!jcxnXjr6uE79CgQQ048tRK>qrd(
z!Q4nWQ)#to%ZjzPqb17cI3){YD;!lhDbHn$N_@W}m`Nt9Lv0m3`&Upj+~wu7(1^2;
zMpni&gBwH|D*6#BOeS-X%{t|zCaZgPy?nJu8yq%p4ruw-_2O+#>$;I0L(qhFerZ|m
z4ocn{Sp}1t*OdOe(b)<LRYQ~?yV)U!ry1O_S%q5Kb(k?L%%<i{B#dX?Jz-I7HKMVi
zC<&#YVsKjs_ucLB?4krX->U7YqbQ`&R7$tA>_CgDKwG)5+K}c$Q;VVQMvr`3uF#>5
z+a4tzrBbt5BF@iYjP~WlP;C6_Fr1VcH1AcJ5ptwPPnd0ielFX-JCyYF10A4J=uG|Z
zPj%@MbKEMQ_U7jyly42V=^v84A&`5u(s#AT)Uw(p$@!V-cBuyi610hyP!@4Yv6{Sg
zH%Bj}9_D&aNMn_7dd=8s?fXBpb+*23uxor@F`QNk6_c^Oc9JC^EP6Q1f4vH5dpNdq
ziR#5rQ<$?X3UhJ_edt)Q(#TeraW5J?wh00!7E2P(_wJd@)#|g0e0nyn7m0zpWrZ87
zhMn$2E=h#{MKL)0`gF|Mwz=a6*T$}?Q8S02udo>8SeWV6XxBaQ{l*vtX@ibtL7q}~
z5^;_yQIOU$L&~A2aV*Si0fc^5?_(#m+uNCZ_Lurhx~TQO)pMk%vd}G}`VG-F18<f<
zj_<0+Hhtq>u-h(@R07FsY(_3UUTeuIYtAJ^Zsp~84`As7Nb4Pa;~!Wk|G`PIaDGm%
z`wt7{FMa-BER;VI{%@-Lf4YUj#01U!?<RzhjlG58zi3b&`@f8vV*fjCiv2%xQyl*k
zH}z-vzwPFK<Dqc;18z!N#))(Q>02<o=p7L3!;C~bp^@e3+x9kOm~Itf@0hffrC}3<
z5hP(468kdJyXHF?|C50IzQog5)=Bv<4~s&NT8t{Aq8z(c?gr)x=C0B5_m+ihtCOR?
zkzhCI?-EPrQ*`u6lSCc|PcbV~Kf~X3e$WrZp>hx`A&_%h9~-StdIPou8dJ~Z5pSGc
zW+?W)zg|UKb$w7s*{iKtcmvK#y`{l>xoz9WMjN}lyHbV;RxkN2a(B#0JcwM&hW8L?
z_M!gNGuf@XuAe>(rSSXAbb1%9+NoPR{5FxLn*`TgOr-zAO9AK4af8QJ;7Xz2FL~fK
zoeNtx&QvRh??0qX@{712^izX?Dlmt8?zO|PyVZRm5!|%g5+nHr%^l~;{fx_<NGpUi
zn3wsdok?3bcbSX#Pdk&8$sLgVZIyq=6)R7-r>z8X(3dpDM8rK!ls#7QpYW<%0a2ng
z{k9!krwwLstk~S^m99^+{C+<!eQHw>Li#r3LfV>NV`V46#gG0fXG){?7jGZo%A6Gb
ztDMPX)f#Fr%Mf`^E4kn-AvTE0mOE9;+8J6`8W<Z$l=sv?%A){Gx*UWVzT8|8i5%7+
z2O@3I-3r#t&<``=|DdH5a7HBympn)XOR^@jp-IsLg99M7mHSLo5Ad-@s_zZh1U;64
zMJ8Z<es~_&TtSF`bO^BDN(jLH4&U}5zCwt0En@3$T3rLQ*-$nfqZ%qH*EtN(0{;a|
z-OGZhFw=w=Zp!V?)0iQ@LHs_0%klGoYbv2N#(uPqN9E23(I+?VAPW}YlNh_zUyX(T
zc%SPc<aOos`|9<+LF-XheTy$Hb^aWbne~0GbL-XRa-sv_(ff976KA4kf}g)*<`>7u
z8V?BZ)nQ@>#{<8OueI;M(N@OCm*-o(z&3$z?_Se6AItpwHEOt&Xm$$JlnY=Gm-O>h
z-!GtHHjk(HfwgdSF7U8n_sM`_z`_jET_iLtb@JGFPkF|%_ES!0!;%j3i)kjESO*dx
z()MrZ#e5yIm7hv5eySLY2f#{wUp@42TJ>JYVwKMz(fP>p2<c+TkkJva%IUR>y?z0!
zWg(<^dO%(_z2)jGs+jWAWykn=YQJRc3(mKL{K1gnh8^fCAqcFMwS6HY`Lp}7f`<12
za^hG9S>B4*x^sUj5rV&W0p;~Ap$4CA=qZMuApd|WXyzUartl$@_Uc?U(7MG#xG_5v
zVFQ?D!_oqdt1efLU&qYo6_X$-6pu;yFpQkgPnjG6o~a=+9oV_2l+FUKl+w)A+_9fD
z3=+3hlvY1p5#~1t{fwo<8m57g<P~Nu8d!=0Nr2HbHq#7CO5n&(P;`{#2#VAE=z2oF
zNufB0>1i{0gMO2*wzYCXLZWxj_ivc0uy>L~kbC~dP~yoz<O!9)mXNe!*5ud^x@F6y
zuB`#ahFKBlC~8!|r%mZnEuK7FkDCQGO9dhq8Fmx8k+GhcdN4SUXO9|R!L`68pdW3)
z*m1Si@HE$EugrXvne`xtIg%0y5v<5f$|9m^z~SQBm`@Z|p?_UG+b2M|m`uD#kB)Np
z5gr?FuRs;l!UXtAc*_?+q>*8Ur$P1IJq4f;9;EtA3JeR=IE^bgtYTTzFeajptpNwu
z@pDNO@@j)Tl0IOXkz}+5M1vLAmAZsS;uckPUtH9WlMZi7S>mZdzku<YE;=`Qs%d}{
znia{RJj3)lGVD}9On60yq;B?n#3F==Qv)v9)gd6xD;{2-#8c^zrD)6|lihSE>p87?
zHf|yHP@}bjEM@A!_u@R!r)xOUKM;?AB(%8TG2EaX(5#ue6sBEYOqkAmil?i4gK81D
z@9B$|M4XS)TJ{xh+1~YZt5#@6<<m4H#cU1r7I4kCDfEnu%vJyaJD@7l4g!Xt2+sVQ
zsE>wvL9>!gw9tm!C=!i6(1Ppw#Oq2fj^a-%f@uMaRTq@D2Ye>*L|N*GGxgG&M!!Sz
zq;K>RiGu~<X>)yR@r}i=O2ASG5NUxPU}XZA{N5~j;<LmNj-?rCkAtpf4}kiZ$zMuK
z-PKppRrM74(Lu*FWWgYKNHqk@GR1FbjNw$j1a7ONmA{r7B<MrcG7?1k5B-J;P~j$i
zRy}VZ)fiw8$U%dF#-^x+<GhVPKJO6GZxg{#Iz(&3=@m(iQNw{;`=sV`ny$g4o*(wC
ztf4o*rZwGyLs7zGHZakXoN<q&!H_RI*tR2?7T4UtbFtX$d}Y_*qbHiUWH*0W8Tu&E
zX<Z3o)ZRyonlr6$j$hU-%&(1)TEVRRX_QK8T%Bex)O0PLwDKT!cJ6rSw+&vjt~6?s
zsa%|pD6MbtODIyYuhBzy5_UEENfgNAF)Ljo)QyNXzka?W6w`Z12cx|oI_5O;1){%E
zRi1xI5A(|asD0bfG~~&QnasK+RH!fTWj51y-$_$tEn@Ep-?ueT?O26AALyCkiztO9
zTuM&5dh6-*xj8wgd*mJZ0Zy7%H{y9Ece44x;3&h35b6=HA3~*67(}i}CrD^x&?yN;
zOVrQs(bS<gYBXC1LKDbAkR9i{0CLlKKp9BBiDkB8ZB+^=tVSX6j^B5~jo75V{i-X5
zO+@D;RhW-*g#&%C#8(+VKBj;#R}j^P53gme#tJpGeE6uek(Qu7H0Y?T@&-7Fr&*l2
zESHA42@>f*E&Y2hpQm%J00!$m+81ZCe^jFasqnlct@0{m5J%yZC#tf_@~2VaMkpq2
z!_#P4OKTPn371O`s84k?$L@S1SDM>MnW1}Ty|#GS)*kXofo;4M<~UK!WsC}r33_fR
zypB}UK$wCKZh2v=QGmeGAWr-#BFlM^T?gVhPem#2w6Fw$Su>1Wx($Ay8=k*>+hIXd
zWaA`-?UAWXvM%>34lC3gldHor+Eg1J#aF7beBa5?FM8`n>vR_ir-(-r?SS)#P_;;M
zzqF%iICcDJOMDJ}08FU&H~)6$QFGjH4S5Z<GWe%dw1S7Gwr<IR<B2+wjiB%_DJqy|
z632s1&c8liLGrS=Yz#|xiI?7YjR(yN%k1o>(#7cWIFXd23$8<r-@|R<U^qx#+>G9Y
zUCG`SDMn|^B!3T7t!=-uTY$|LK(MKQ9-w$sL004@6_XXgOni_4PCn672vfGumNZ(i
zM__JlH1igAZAfDD*^tpJkN`+VlsCr!Lhei3!bH_%LbX!l{s5@}%I=&NA%(_DJyZ84
zf&`*PdYKT7uOyIWOn~h?;5EOSP^b!pY&SikEKw{~3!5#TJ2oC?qP?ye+ddDCXJ@v6
z#y3=y`4;v~zw0eS16$cXv>`dhVOZcI(${VOQRPwOpe}=(WvMM!lFnR^r5!hI5e^5c
ztrFuzj5XT4TaW7OY%YH$*4&UPn=St?aQ<4|72kpVyu?}e24#x)*nGR}^NPtC#bz$z
z_k<2q1OwFpumh6nJc0mK{)2+5P?V4s*KjVQ=n%h#Jv6`27Rp(AgG0g;gv^RZoB@hl
zJtNv1vz}ELY}(U+jcZ^4enGna7hXZP%^hXoMB-<W@k$7soV*pfd$-2<JC!P}$yWrA
zG7nAZ54=~jMV;yC{JHch`wt=<xK{?p+N>O%l8LpG9@hxM5vq)zPwa=Hmr}Yg<0qop
zMeGvrs3|e4C}7R4E~{G03o@`lKxg4lOQn>(v2gKvBXJWuqG)mTQO(>$7|20|yRBbs
znHU_+pYdojfmu+MhWbUZqNkp5RttNyrsG18(;tjU1rr^w?p((;{H_?0zRS0Q4x9=l
zS4w%!#0Es0<ic>LEK*r886qjg<&VLlWmh(+EZbzeTuv^XOlGbm!>BC9+;tL+4<7N=
ztQ`kDG!|EGYxp_ShUg*TMlPbYc{MKrEW+sd<u*C83eOfO8qJ^4RAp1!JCh8f7#mbQ
z{c|xUQrmS$UwUZv_LYEoT(w$6OTf**Z2c9;j2*Wf)cN*NiEsAVCQkF9)$Ec6GdYLt
zBQSp-#V`<`NUh7mWTRwfu2p_SCEl=bo)mHoZlTb-3n13KOmhW)=Au1??GVpFI=A0^
z>T2}m-hHE9pB4><KF}^o4h1t2t_)xv%#go7qmRAABxX}P%)H1rQy}HNo!}_y%gWc#
z`+`JV6#G1p@FO{m$hV~3^qaq?EKuDJviOc3G`jdap9IJc<V<v&iY7%#*P}ekk6A0*
zZ3WoTyTDd?R6ROftc)_@jG{Cm7za3pd@5w)x2XF({QNy2Y_y>tbvF97Z3t&4Yp~&N
zLB)NZ^`}Lpdt({&^I*TdCDTgeP^Y<B1oF)XZ-6?q#0%(BXaWsA#TFjkl=}E~3<bv^
z@T-2<9}_3D;(@acb2ydT_GR9i-qx!JLZT)7XxAz`*2rIQYI-BzoX4(1AaZY=YX}kO
zGup$Fhxni(BY`+G#C}%39nvn0el|D4lCx7A=f7N>1mu2z{Pvt${d=|jM@{`DyI5F0
z_1nLz?LSKHzpCy3uUd5ecPfeDkJ|nl!0=CnlsNunzyinL0Sg@e8Cc->r+|e&%l}`A
z?SB9)WKI0lqBAsxNu@*=AjtbAlCht%tYwQJUc--^#f;gIndQNqa0J*TNmNmu5QvJQ
zI|IWo9;_YYOtKxw#vSJUNM)&`q;>3DTkE;uj)Rf<N871yw%63#hVqZoihmC(fqVv)
z==GZQn>ZD?L-&*SSQZ8LNPpkf|5c0pbYuEvklzpjpK`tm@%zogYtc9SYp2!ayW{iF
z)c2azsdrH>&I(&r{%HplezL&vf79Li-`Q!#rq<-YZ}Rs{$vp=z7bOsUUrxv!9;pbj
z>+G>a_zWt|d<K=)5CqiDDb{4J?|R0ScyUxUA640F^CH5T!{p8|d1D+4+e<qq&q{4E
zv<jkKv!#<R0Vls$A};bYOaX$@<chXgZas(e=!QTeJm+l|{Zc{@)Y)?Up_8OCN}_wy
zQkpzlRAcJ-ymd~Jf0Q@X*fEIGXD_lB5gX5J$Si$f80>UZ1~XHRjM3-M*`>UcACxeP
zG!CoNxNKGT;95~|-<ok=iE+ADf3T;S20FO?@Nrv8`EXEn0x57TZy*ALO%~+)w_arW
zzj~1y8HzBS#1qpN%W-v6y-8&)=UP6Ib>(9v<XK?iSH;kjBnquk6=%u8ykjgS(a)q3
z1_W#LwKLOrFuW0EY9TQ4(zMNNcEO#34XQY`NIHhF^XSQXnczx(LmbM^;=Dz@*1nMD
za5<cjtzW{js7RHI&yS8XyE+KZk19Ubh9O4S5dUot!YhRPPw`!E-Sk7qZ6(fnhALl5
zb|FQz!5$L-!Jl1+x{$d+DMe+CKi9LLl*t>=wMhsTWsT}3hDFmA8u%xv#Q0f^jP|5X
z@$+W??BU`~!28+U1fS<Zu$b@J8Sk&8l0-q_L!o(MqWmgHrd`Gd`xbuthW8S#?`6%z
zj{i_eY)r-n>lWVA<y!@p&AZRlq>$6}_OacBe#YhAr2vASfcts(9xLv4WFXJe+j)=m
zgqy_q2*!CEMH8RIKqLk#1E)Lp{D?e;lcc+hv7W_h50;ipdX)_h?2U}D4m1)U>sd^r
zqeHS8=8_vGf0|jj3yB#A1{>aWl0*TYW$bmQrS4a@&#vT;yC4@faEhO$%`2gd)mAy|
zUA8fX4f-4<obO*GzT4%9v~0Ee32&8>b2L9g#7x=`5_Nj4^7dSly!!g@VQ}Vl@*EVf
z;1ZBbcug34cMcuRJcn|2PI>Si-4d`N*z4s^YTnLBNYI5;3dj5UF%Z}z$J+NWeJ=*i
zj!A;Zy5r;T3^l<|3gFWxd+959*n8OD5$iaAJ%mOo?&jREX{xwyWTI<Ge9)?;(jiHP
z2}3l_$1hT4?s4G)+^V9D@4~hUc;|sz{iN?lf7<bYcLPrZR-zrvXCtyg1sBzslt$`b
zTT#>!t7xGwwCbL{y3s5wsk&jhi*X+QVFjbuSst;Pj9OyVo<{fqxRGnvu^oe_YctiG
zOQU45M^`WV+L^LCBAV#kjY=|Kq|!7wsBn_X43;<P5b#SYG(q1d0fyJ&d28?|_$P#E
z6G8WKQ^)cuh7yV4xfgaw%*}0cQHhJsRWp=&MSXNAr{)3`SDWMIK>bodRfWd;%S1?W
zUUfg|+fL?)CB9u|3`1$eO*Tio&c68XTfV|W7hZLJgg{LCdIphvVDSon!P1=IqYFoI
z3c7^B*JaZrN^T5Tq8xR4N4wpTME5327;JIz3V1q|ezI^Z-jl?i8rpbu_Pw5SBxtbX
z+W>z{mP1GrYr0bTM=5Mtl<@O*IVmQ%xg~bzpMyAG$#k1ZY)glP!<Yh{xht(wg}<(P
z#@Rfm;KSM^)eR6Jn#1PPi)qbEW7ukD7F&qiF5E#Bp&E}e@t_^nOxsmGMO1R??H$Pk
zHyYi^&Do$bg7x$y)`5>u#4Zq&FOeU7sb+olnC9XNW#@`ckyh0(nEi@m8R-<45USj7
z+Eci0nW3rtHR614r`HA|He7~<bE59qUiOri*H{hJt;dm-5@HED6UI_?IXI4YIK3Up
zQLMr>4NN$~Lh>#quTo4S3>&SET};ZVz-19Uva>(mcg>=Oty>k&p6QopWsU-1QF(-W
z`)!Q<0ARVIR%jX@;KKiScE2M`q>E<{%S)kyKyGm`S`|>`e|I0AD;$Rt$%`pQmdRx8
zc(R}MA%v3ICcDhNCtn0(9#);lp}f&o&a);6<N36T$PC6IctlPm+b~8*SHY@bpvh1<
z3#$#dOx$z%a>!LFg_{m3w@XfxXM?T_`4FNBTf@w8URU>%ub*RRdUMUJ%!y?%4GL5D
z8~2_^p@)zw5ZrN~)40DcYz9#2v)b(p(uV})8xP@~<t@(DkuoAB`neYad}%f^bd{3^
zTy*5E+HJ$(^Dox{o70}Qv?q?lPPzRia1_n~WH36_s%>Nd8E8x^`hMLul!+Y~!^(bE
zvonFvRe~%bUgbr?PxLeGD2Blrpi~=Z`We5Z#-M?u`u2dTM$n1XaVN1nvOHC-@_axM
zwOWSI;;20o%*}iTq!zU*dZUVVu^vxj?yzB;Yxic>a_lW{&dE0h&17@uao@BNJK1Mw
zS+0>z46P_|0yQ|y3$<GHcxo@rGhuNW=!bgtyxMj|hAXjXutW=o6cH^0Tp<0$bXbzS
zbTV(vqo`t@kbq8rDWWv$ooW%Vh${7PkdD(fykd7bs`{0BRWhfoMNG!BC(Oi`?W(=Q
zMQEo=dnPb#lY`^Uv~GjWqeD_`h6?i1A3AL)P<>p}c+b{^hI4ru)Ut%u1z&)y@WDgj
zeL{5(*z9Xv>?h*CJ*y)&j~G}=DvJQ^5UZY6sb2{9YT`uv(1U;~&^FQ%+MOdE2T%V=
z0{S`Vhw}@;REc3MRpdA6ElAioY%(oUCb2%yc7iM0hHJd)H<8*rvM&i4!V8C3TY)@h
zmzNXYmISlDXmuE3#;o?@;IOiS|0I%sRk9$LNaJam0sU!o6Ul7>435gky~p^iDGt4{
zx{z5hDsQxLeSB3yIH_DX5F}q0c-rDS&{mFvo=Z5}9-MgGrAPwT5&RsCNd<9>4_r+#
zu|FcI<0@BlV;(z9nOX9Vlkg#=k?M@Fb7r_qlA`pg5$GTZ1ko9b1&rdokoG7!cK>V)
zS!g*d*-CJ@?&a!8;pP>eO{bWf^{l$xES(LnDHnDWzg6dRfzWdhj7=*s_%uhBNTCN*
zTwIx=aN$p0uxeTOUyKl@Gvp--;&fBOS~}u*Uo4y(c>OQy$OT{gLhh`Hl911Vj1o;-
zWk!g`Mg4tP36#3)!BD9S^BQ5O#DjgK(2Ew3A(q%|lk4Xdr7a`t5tFI&En<o4!pT>|
zW2bOLex#&XhSSCG#;K5tM~@l|vWS{eiC1Q2Pp1ew0bK+lR_bXLa@83H*c`csuIWLo
z^s>jh-T;|eB8+1uY+3k9|LBIGU6D^gBngdg(ht4iY4FQRG17_$(UrF+@VAVX@(b+4
z1kr#dAIducDDQ_`B7Q#ZxYECBqo?jV5=}xW(DXWn3iO-{2%p!hYj7D81AH#64JNYz
zEg)KCCf?(XqZ)Ea?{Pw|`~pfz+%%~rx0^gj#x4jLrBtp9=|4Mf`&gSVUM+lsxCw6I
z8<bTRjXaEgT>j=1FyG+18Wf%6Kw(SKAnW(9uoA6uR19yIsxD{Z4p(Jcr=(}N9t=<=
zTc^w`55a*^UT`-wr7lw~MlLs?E`#q^-iro{6xF3xTF_E2M6Ob<rnA*>DxLL~+w4p|
zUo5OyFHFp8f5Qq#&Q5e!8wfCGTT~yZ=m#YOBx4qH+Cdtj3s*3G4Yyzm(Zs3}rJyN*
zD%(v!gs3c69GBK_8V;Bh-RKW5(v|kilw|`+V_-`ACR<-1MUSPMa;zgfl8_y&A*rd;
z0mAoqeQ=g%zKXbW>+$LhA({6$IrS7gSnB}{II{gU9ls0h5itCSJ(B{e3%r~FsGu~^
z)agPIt|4Aq3Ybm{WMoz14Fz0A<w$C*oiY(*GvNn3u5KanSpQU}UC+-I)KCe>Z*w2?
zQiIQ2y8fUFZO#>DkpDhjV|CHU{5xbtbB=G=_Xc5fVA9Oj3=oDIbi#>W!iVk=QsA;$
zE1->cAK#MP+|3NHsTFgD<^sj08l_n_O<X04DbJ`qtz)3m9HL0GhKoWbCuKHHh$lwc
za7%teVyic^Az((fnk^fgw5pI9tPstF>6^6USh$*nV#bn00Y+aS1jl%CN@%6r6kO_|
znwlS7u9Z>0Pn?v;s!nmt$g8}Ut$uu?_~7k}zQ0)cfnk<icnniD6gd05{}UG)24U+S
z;YLMqu6!VoD*p%Hg2Af&t0=jE*T|DHDJyzqVfu2vha`hT7E6f@UnbOTQ=VlfnLN)`
z?2bp4RZwHL<J$t$4LT~W;eFt2RH14a1_=|FJt8lGPZj3sX&`ISysB2%X*k6<Q5IMz
zxyB{fxJ~}zZ&mdW6*}Xym?A{i%Hz^bm^p%@l(fcBnH4{ii~thOM*DSI^fkLt5Dibs
zK%EeE9kZ+sbaZidhu`4lL|3^y-8MtudbRf^Tz)MvVw>u1l#QVR0J2ixf&DB)@T>J!
zf;zNToZyNK=(|}G2Wd8ZThnV!Hkc?8%_D76gTIW6uOVfS2ZZMK4zDBLfo-3B5?z<a
zW75Rup)2|_`?M<$+9zD0?M}+NyxL{<xCE@f;-nH($5<Ay`^d8jeAi~e)qb$IS9bOx
ziHp1_U_7&i6447rZ9^o5^;erV5Bw4!6i>)%fgA{4B^+0PL1d_kPXp>9hOhvEBY`-7
zsR6d864KKP0m9=xB31;C?Em{*fjtHi(v%oN%C3PDQWRmH$5XIKtw0jlFM{&9B&_J#
z3SEp^tc80)%M-|t_-sbsUBeB3aTEI{1deN@4r9$4v_36*?v#vJ^=^i%k&@vHc<~kd
zxnvs?j2EidmqbqMZL&+nF8XVnP;fnAx|0@>ONsV<lJgSw#(GNJeWvg{O5{B0cru0=
z9BN`)CB$}AVzCtwx@$s7HEh-yQnIpevy7gaR7}1fi)nVzGL99oTp8~RFu@9u<fUww
zGE+_DP*uX2W0iM=mGCbyUub+6C+(QebP40YK_`sWx>iXYs>ZdNJ7LV|G7J`P?2Am)
zh$hX{Jms}Ec^dPdR@a;W$#M5sp+=VvUKn3o5!@jAjDVvCgPoY$LhxXJa>||?xHq)J
zg}Pd0RqLJH2I*hdDraGJLc<#zWy8#6BUNk_s@d&BD^}^vnZs=q*9+@NGnq|;L#*^4
zsJ45$%`@s1ntQX^@?}2GlC900l{#+zinYH^1E)m&a+xxu*BkRV&%5nL&(}L^<gPy}
z{}j>_dAM=t^L`Pf@8aC7<=7r+Hz_*r)0pSoKIG*x_}i)Yf3f$Lv2lKRnzoslnVFd(
zW{8<$W@ctPW@ct)=9rn8Ic8>NJL_b+|2s3?nti42FZ*g`ms~1YN2=$P9_e@2b*>xv
z^*s3M-NCzZ?)aqtmbs(L?z=%VrraD?59?4lx)5x26qhyM+2(Y^fI!w-UCIzQP3n$t
z-$kwk(|Ig8ivVX|6`a%;dg~bjCr*WYg?CA9O`V2vmx&K21Hk#S@cc7>TNbTnCcD6}
zq~uiH5)Ef;dLWPR^Ct+nYe?_Sd=sRjD3;F9{b82N>Ddj3<ebTCyvK}Ao2o3b<rn*m
zktcW+^b~KiUw7&=4?Cu#7EHX0&u06kHI}{_yNyFRbcO1)->NqU(y+?m?G<u2_qh79
z4tY-kLY4GlMT7)`S?fQZLbO2&Uh>tNYJHQ1EzEQ_=<aU$4OTl+{z(${ckYCRiSsW%
z&!3p(za?RRl9<23lmFYflfRO${|LhVcQE#^C1L+I?1cRvu#->Q_aA|@fVH)aqXQJj
zzl5FqS^lrh{2#Crj(>ukWPIv+mJow9bhkw4frdi9LDn(hP}{B^dSBClh)^NnhN8#D
z(Go)p*1#I<^~?AGs2#H2h^y^k-Vi;Px4veW+Xo5NNl-ycBCOoXKDI0zmtC&k36*m%
z%x-Qzpl?vVX}6nwH?_-kgd3qAa>;m)NIzOiUo6Ck+Zjr}_Ya-KYE^AA;hUbaS(|(C
zFuW0Z9l1>U{`??Y_I^;E;9tKgx(lo&wy(%ETroG;Rw4De%f2-FyBTb=0sM)Zx(lIA
z>1G!m`v#fQE%9n%({3$Z<;P~@-EsXxIKA@g!hr(Lg;qU^SUlBf=O`GP5~DoWj2W)~
zkaAQ4`oe!^Pi}BoGrdG-cu~q>P{c<_$|7&+me&V}Xb9Yjz0f0@DUZGs&W#*Sry5Fx
znc}okS{!m4Jxly{^_1?%SfLXeVS0Tr?_@QlFEA!wRb354i3LoPS0o#BkcgN&+UA<S
zK{FyWC$+{-&o6Rn@<mhhPoDtm8V0L*=zy&<@;Cci1ZMkJ1lCUF>;8v6$<t)RMlChl
z6lXk$_)FH4_P=F41)#!D`EazKvL3n8qnO{ao`R51`~)A)6l?cbF9jO6Uye=!l%y(m
zrGQ)PICq&MLTQkRKHw-}u0_$ePQ-+eytlG+#;|cXzb-}@dteoSv=$ZCspzzALhHLf
z@AT{CIpY-Gt_4FUM3xT7$JY)mv&b{`bE|1Bw!KeVkEw!UqtOBlj$g1>PGmGxsj$ju
zocY?JVs#41ApG4Lc7e|$)&L%b!Iej|I27uPFMWLNhJx>p=<B`f=yUS6?;jtZN@?eH
zUn!5bdo|bJ07_)s>TZ^FRF^rwx%ccF&@b;5OJ3K*9@+Ho?7!TmSu`fT<G<bYoCY^P
zncNN?=u8Ap@Z&WNZ8k<nStv@|N1^YH<FR3!#FtAlkhSM#(lx9e9ag~7MH@qdJ(CjB
z1%^x}JBg{gHA^nlq+ebc6Zk3hiGa}k7WA;>qjQ=?e|v7<Mi9|FMEN*E4VrVk^x>H`
zZ*p5bV<Dd~NICL)^H}$s$=EpzKLB{CH|}~y%9gpBkhw+L<gtRg#x3Q3YKWEvf3n8s
zm$j32v0@c#&Lek8U#h;o4v6;{0Qv+|s$K#pdT2c#F;<~fD09g(`k_6$g1Mcavo?u)
zgw~yA-z*h>sciz_;SHK!sx<T^zD%N6t>nAYenIk%;6`R7%7PtL_(9l;L7L6uZNZVB
zfJ$SnF3YnDC|wyAGA2V2t^%ylaiL$fgOn#kN->QtpKrgX#zGS8cueX?FV9Ha$-P$=
zaqQ`wVF=NU<Vf~eCKdNMO=JrkI7Ex+J*iwcuP4t6%QbuymISRRjE%xdk2)B<?snrF
zqFltRqEuiWuD(x2XECN^XW5Y^raYLJ5t@)DM9N^MUDEzzZ>@H3fN>El|GKJ$4a8OG
zCdEd*GVe!{X->#jLLlC_bDq$Bvs|s8I>^MiPQ>Xpw#(^it~+(Q=Y)GL4s_H2JW9ie
zk56>cS}r~=p7Wkymyq}^Gt^ZRg88R~5i{M-G}Z)peto8QXR9D2LO&!eiPQ74KUX$K
zmbMp;9(!p<skSDq)C^t%gAgZt#ro2(M>?JDS_Mel0XAv`(@W&XE;uzWL(hT3*D1WN
z9uEkM&xoUJ!9)SMsTx@UzTYj4;VPpFj=3rksck2`DW<eBw4hxd>H3}^uPaK++VP7;
zSSR)HTxr$}TGl_AMn1?}VdSu6)uCNiX~D_|Ja^>c460WweF1aB6LzEnw0VJz(%sH*
z-&wcuP_xiVlb6o1Y2wNm=)he<lP$jvqGg82GGpouO$zc7n!Z#ctu|G~F}aPDkOJ|9
z?VD9_xeL=!oUOWT>a%Ci55Tyi0#nq8Ly+$%l>iW6HQgbQHl`+5WO_=pi2WEghz{={
z0uhi{`?otX5d)}iMkpXal+zZ-<N$s=F(iiy03hmeEU(G{1r$JE!pH!HLqOrA=E)pY
zdPOUPKw{JlBnTSKK)NGfDL9HHnQiU+3U)gfH_I65$s{9RK(n?H#UcHvNPH|o6jbE5
z47@zi6oCRT+{olw^mw;tg^#t0eLX2F2_&b4-i03ClOdf>Q<2~l01xjf8AxePV1P4y
zB>fSQH!>M~N2w&eE2gIMCDVyzxi_GccSxn^K#&*Z_9=rKG6^fr**%zhF*|$14R*Dz
z3m-GXA<@($lVvedb$~>Szrk2f95n|S*mUY2Dcc(2y_>NrM%gw-E}dddwPnI!bZ8vT
z8PB5wyP((Ix`?D)?Q#m|Ohfe-n03tgw!OIZT4lX(1K8rRWlxoodaDb^atnNwWjXND
z>`4NdFzgb0dW<Nh*Xc6uCpqFt<5m)%>4|XxN&z$Y+D@p))Wd4-6f}licnk6cp(#GH
zL6Rh;e^x5E7=S(nWFs)it0D!je#D^r5;U&c?$pwhQ;`U=a$lDse-9+tNzy}|gi>4q
z#g{}RUYw{u7F8}G=7qC5mcpErBzFEqhOAk#4<ZjUUDii7(Rj;9raj!3kzh^~k%=4_
zP#ZL@y#2@iTK#?yt3Y;TZVlb>tU9V@0UDyCnh0Rr{k58-gokUdT5EgFH!ZVXCW346
zHq6PHeem`qhZY2v9?Qa$_TY2tKpJU=7M-tXhGx>kl(PMW2&6)bhljC7!#vDh+=iHP
zG~hJqz)9~&IItjWvQ#<@_W>WrTH`K(2?9=RLH%p0DvbMZ@Mc+g&eg`C#(^go<ukVz
z5R}^+6}_Kup*)fiE^K+FaE!xAkyEe??oX{5gW<cRKL6_6p-j%RY_n*{vU;Lxja=dC
z2`J%$mIV`F2%Fp4XEvAKjuuC8;3sZ9A#E}t?>O=>71v&{Q-iH$?Gysnn<R;y0EZD@
z(1-%a!@3dS6=g?ldEClwNbwM<yTX3Rgk><%U_oS~DfQgYJczWCwKouH2)l^e;YEUN
z98kCfNhuY+p;gJ0l1d_7LrZR78s#*=AUziBZsA;hv6V`|pvNFjjiB|KFkEFK66QE4
zT&SX=l4g`V%|W{8DUG41c0RtsUg);@#1c6dwDTktIgMMwDcFn$?&t#_!orOEb16=B
z4lx+Fh-BR(h7&tIBDz2hwIRBxDd0XB=yHv8dtv^1Nu#zP7#FwdWkA|nwy6UKrNM8U
z)qv9)UnuSj6B!^h`-13Q@ebjQPK-Bt$(?2@{5z<>L_n-~<KoS_o<3J}fH$DnnFt>t
zMPjXoi5TF;;jmqfESzwP=H;e8x-bPE4V!RUr~qKsZzFG*w*2JTf!uyqgPy~{RqR$}
z)Zp}o1;v6}lM!Q+lHr6(9KpJCCJQ4niwHD(89E37np4C&4+(;Aal(oUa{i$ln&Jlr
zoQXntz!`W{?eB@@yJiYiA37>3fIHYAfB$2q0u-E4ftkmM3~{hP2yGJ7U+gI(s1JZd
zof39IRcWH+tTft{Zj3^|Btht~lmzp#jcmjfHN|bvT**wHT63V#G_@@1{97G`Amy<B
zKo5CvG5zv(%8D&YC*}p~bm-t%-v*0cpU2lu(y!Vu!KPXL=}%6hbXU)it8_UbqU0wE
zWh-t3K?|OqR#IO=mX^PmEF-{ecNd&qI<TDLptl%Gs=W*@;rl|kAaq78OIu&tn{+XT
z;vBTK`-wUz(_g<rZW6j=+1%w>K<CSk>CT8vp`VbcRA)j02%p@l5f(F>2!&C=1$R5I
z%n@WhVnjqkUt?J;0eD4}*f)O&07rhaCJiIr+t!MadjysK#aG~@6Ifp9fDQ43tnK`0
zPUgF_E|XR8l%w?)Bj1d)Bc2Z&etVx7JRd$DZnEleMvtPlH&6DcqvA5!F8<GjDcL#R
zuAQm(`dyip%IzAV>hgo7r$@Ttd(RZVHO$#~?h|37$%zG44fr+swOw*vn|00G_+rP4
z@wdYn+mfAy=^X>1Oxt=qIMBkjmrL@7@1_3e7GH&-1+W$%s3qC_zrFz&H1DxOi^xmo
z!(PMMgv|h`Jn@LE#n>P9rA-q}5D`?FiFh~kT`i^n%oBevOT1UN<DpmuvXQ>Q7`q87
zlP~PiYGQlvNEco3OOp5IvN85^!dX4iO;_&oqL9O1r3vKRqCkbvixR{pNhZQwW`Pvh
zU8XMRq=L>}Im`D&F6u>@F_Xs5Vc9P?(BU)DJjl&2k(fcNTNKe6eV{bA8jO=pl(d_a
zF?jx3Gdehj@u>37Uvm=V<>+Y`pgM%b^%EzAJf97xIjkuG>uK^fmGjzirV4LUimlx{
z<2dJ#wNGOc`5R0f%@%CJs(re2eg>&!E&RyLeXezvFrt0c`%G&*Vc3~G0EXWVxa*z4
z%Rx`^(;`vpu+k(>>DsOk{`&<ooaEayBKb##OP-}($@-?tH2=*8g3m(`#}f4rj4XZ7
zaO39X7CoU^N50M+%SN#baMe`Pc%&`zvuoN$|Jo6Q>9prM`AW{cl9tST2}W!3&2yes
zht56t7a{%`F2@RQ`vjgO`d_8Os?1-p%)WK1qt;8COcKovNm0J~tN|B=SI!daw=hi<
z&+os1ILN#T3G9-6M1pB4lSB&OgE3=JWznumtJZ&HgM=*b!Tx#{6leK5nl3NuM7dzz
z^74jbp>H@i*92I_RdBk@Tw%=vBY%7aY^7++l9WjCaC`6`Nzq6pjcr<XqUoN@2KN4r
zZ~B$?Piwe?qrH)y)!*ruKa=3^k&&78)8g?rWaiHl`rm_s|6e0BjI5s*;LjxfFC_&W
z|2AfZ;~$tAj{nNcaQsWm%%A1|KP3f!U6sFmZd^0YH77pBzKD3f;J^;@Kp-v8NEp6`
zs^=fSMrgrkXIWs?cBV#?A_#Kypa(}oGXdOax&m$Zo^U<yg!anQGB45=;;7H<NpUIs
zcFu+_sy=_J%Ua!^glrNnj!!qP5ZVW)!Vll!dGQ)38Ntt6`fp57^6;lTvK7bE%BR-A
z)7$Is7%r3frhiSnsQuy%c$@zI^!VJB{jT`9`4LRwYNA<3IO{M=XacP_y1W(M^d7xw
zO>(35YvT1?$kU3Ho-DDP=c7h6D+a}J(B>mpU##Q!)6qR=@*ZF9`0M^fn}=(;2Aw>f
zFkNpLjccAV-e)gTf^n;qBu-@azK3L2>8!GLkUCT1A|w?Fsuj<N!^#(6lx@z`^J)e)
zk;)d3!WCJmE>Dgn*4@OOLVo28LNW!1N+|+flDjJOgJge3J#?TnLEI1uu`+N&zjHb*
zUDv>do&*9gMN~-8aw|*Krlwcg^1X665F?R-O-9VZ!p)Da2<pcvs&^t>&N()&Wr6>(
zy-S}xd(^LMrCSgKTlJO{;wH%gRGY7qDx7y?sO8Ag=MIoX3Jj!8F0CZh_Tm9%28mN0
z^<-j+^*(d}e$gn#3TTdBN>6<%#Fn6Q0w^P5sl}usVU;jXdVy+5NKZosVHuJmZ|3n@
zBPYcT&u#+&Iv$EBa3yHapkpDXih2?n>7s`NaaJLkAWI@EQ%VX8FPG@wSzo$Ox@Lx)
zUod|3G$R7pfPCaFR7LtWZ-AgjQYDoP>;+IZ!ltv2`yv3{0b5p3<(R8UkVHDi%w;Xd
zWAIN;>CON>u(ozwF`=~w2Ujp6AU`u|pyN0_<txtfyx0D^`snKXMIS&u06qLryh+1N
zKUt2zK-t2N>lr^+{mT85zct(D=c#wc{oO_7RBLu?cH5?n(-YhenYNCLVvS43E=P}u
z_PO`4&0j&k9_0ePU!luB|NYXt?SAs-$6edU?i^ceymuk>iwJdpGsJnt+2-<9np(R;
zF)=h3x))|57VVx9;3Q~Bp;`n{g^Kkwm^v)fE7(I}DQi!~v*A&w6|U8-B@o+7xOrgY
z^{B-gGxfZA4fQsHMCR&60r%Nt>$~+Lu1j=lu&X;jpqH=g;nN4kCj1reX%-)7do&RE
zlUq0H!?mN|Xtdm0OgZ1##ct?m=Jk~9XT>}0L@WOmJG@W!u0@5@G%pxe-{I@i1Y~D=
zv%x(7rS+~0yuAIOmA7B^{EFHmWzEpf&k0`cB>Hr5em@?mQ4!Q)v^pi@o4TB$4F^pV
zE*|vriz=$2FYj}~8SW~MrSH_V*e-8KrdB*u(2hVEq*57dN?ih9ff7r#RE?&B3iJ_B
zJF1j3)L@REYV=mlmXaw(En8TwIU8k+7!b)o9+LoO!anhjq|jstnw~xfy|I{j_I15;
z<o11zo)ZE(5c5hn-BP4xX4pXXy#&2&v^o4?{OiS|p7jV~v*kbxN1;P2d*ORKu)qYc
z$e(IVO$VeERyafum45J8Z)qeGag`l2hv^H43xlhDsATNyM2q$FSGRa=jNK=vK@-?u
z__+DZQupCyK<-ZJ>|ApFzFTQHrM^qmnhIk$L7ath2BgKrNTwC{1#vHZbU)9x-%SaE
zbr<?B96YDGv!(W<$;N*n7`6rj36D~E{`ghK&)XWN@XdKhFJ-ZB&OKLSNiVa54k9qe
z_Y)RJYnogn!Cqmn*wXZ|t*MBbPjoA%>ycJURU-H{b1^8&otSKS7ttsjbWdy=Hhzg%
z?lQkYXz*%D0xpeLH-dZS#=QEtLX%x<RybuSI#otkxT*N;VC^wjlsvjQbQ!hM4O|-Z
zfF*WTQ-0^zKOZdrV8sY@atb5Un}0EKK(?t0LPx;cC3r(O2u=nHNN+V`M~!C?arm<>
z*)$5Lh&am^nE<|-#byIoMd3EKsBF#P@)TP4G0=dWg?*Q4UWzn$EgTG==8gv;Ajiid
z1Lmw7LyL0kh3vER7v2P8I<<i6WF3-r$tnR((65oE+@l7%!(^EZULZb}&xa}s4U7K}
z5svQ40FSZq+CvM(7n{dxB#Pl&YRSu|x<e$@tE#rW&13<T+{6RFQH=ZzM>g942p`76
z@>b$*t9@^LG}h{Z2Ai*Lzk4B~7+rm3_!krMFQObK36D!uF(YD>Z8H<laG?V06091K
zVt?XVh#_%K;@WUNY(=I(HP{T`f_Og=vBKOHGA;rJ5F>0#g{etVSNnNg=g<jAtbT-i
zC>k>K)8SMf7eiiL_<lcmIdE#GsGU3kRg;ZtJqQ1-3RJGJ?x*oQ6HMpI8qf-%lIcJk
zE0IHcZ7Ow>YACbeJaTkuxJ}-Qg9EyoNVLrev?bTUBMf|^)V(<3cfLzSiKr<;DmHWs
zvMKNw%3_(pQK0qi!n(7_X9SJWGiA7Xh3J^zWulJZS2aCSvJ)aKmn1VQ{ZM`cXLM0|
zkfzW}#KWpbKl()MOvxU&(<hOZrES<l1O%a;S_Ta5TnJFc$U&gTvVO2hF)PhAK5bf#
zX|OCPzEp@=1j9RO33Ys8i59gXU*)abA&|$-k;&mW#vV|b)TI-#OB>^Om=C?`nI8FF
zW<V8D=0Pw^EdvlzOra5~#(vX56L>xdXF;<;^pI}?NSTnTvZ+pToUp0@rP7=eAVOjj
zGWJ*u@b+QaHEG>g)sQue=^$dOzNQf&ZK@*@FrqQ(7|jIij3SlZ>7!&~y4=i)>|tJ?
zEMwz76PR$no3vhQge;abm8w}A2*p`KNmt^%{c0?pvtCC?k<{b?67}r6a*)^Q+soI&
zFW`u)W93$RPRmrtmNgj&@odD;XE>RA=hLcML@TXvNhDox7NmP@7K!bJ>s~3U)bcm#
z70Qy3=47o11&iIH=B1`*iu9$UIn|ugBZVZa(DperRoO9E(`U4qtn4WH<k3AO0_I5<
zxFCz+x~w^j{{C^gthx!Av;x21Svh1)Z5oJJlfZX<ycbn9i3rg;b?g?yMmDj?g;h;9
z73AfM@r6j^O{|Hk+HWhp&UM4a)ik6HKewd6d60fFt5$!nJWG@nQtE*AKus8vFaA27
z==Hq2HWrCW%kFrMgvmXz(u;VTFqFFYBwBOuG`uA@Iu;_Vb(MkXz%+6w#8fy9N*lX(
z3%H2qZ<7K)VA{$tSLf-Y5CyDM@0o?<meiBB51a(t5=A?*L=d}Mo+EV)X*=E_?>vsO
z(Z(vW6hz4EY1Plvw^Srr@H7aCLfHvs6<g;O3a!8n<&_Vm<<LWwH<1@6wd$wE0I_d4
z+oVq<q;YDU*cjQzn_;%<{LVW(f%Jpc>Xk5i4&VOb(AKNy!JJ5o^5-ldoPK>~ff?gt
zto7(93oX8sg1(la88z8$ZR3rzg!&VPr^wblsad%o$M#JKGFP8gNxn$jeZht?m(a17
z%#dfJ_zMo5wcLcc`cX_g8$Frc<I~2%P{vf(1hlU@M^T$<H6`aOs3C9A+X@LQwPKSH
zQ@rsmWHJXj``{#JtxKmH5>!E6cTP`d>D@VQr-WVma6R7viRRoU=cYR`uB>9~4>bo9
z9-YH*r0gZ7!<2cAR7doB&Ln;{68~V&izuYqa)-wGNaTx;Rpj6?Y_V<)$>D8S69aG~
z&ylkiIulL){X-$`nxXroe#UaAvJ`(2l@Cul-)lr05rq#-{!Q%$_VqE2EoY4hug*c&
zh*|%gDVO}-o*7j<w$iKSs!{r9wtYN!tM9e?@U9CJtzDL}c49S0k~uKLWin?>I+lp$
zgCb#hgZ)4ijEsUj!uIA!vqbKn4ka@rByQM8*q#XzB4@53-EKG_C$1Hw`Is(E;r=Mc
z5Vtgtei@TE<`FiaukOu1lz{bp8+}xLXbF<GFiHd)sD;oizN`%r?dUODBEtW8HrsYg
zA4GG8w%qlPO153HnSWs`af)2ZvV@BzZBm32qd!nP(cs=QP2re8X#ByoD^3PS&tqjb
zC_s;aU_$$fZ_0#CgT#gZNnPOE_aD4f^6xbZgSDO`A|x#krR6qP5n`q!o5J93P}0nh
z4mmd`4$KS>5{KRSW$g-e89^=~*mLAN5GscYd4o@@HYz*o@sd|2M6hP$xi_Bmy35le
zyF<;e_H5yF9kNU~hxjeU>U^o@n9p9nK-4WXzT-0~-Xmn`Qc*l2t%YPI&qQ<?qGUDD
zF|d)c2A{Dov1JI8N(G|M+T2W-&%hz2OAVrCC3i=U)LFKiUuO`QfJK?7>6V;0lEG|U
zE@_Dpk*mjO$~j=;uXIiyBooo)ZfIsV_oAM6Zya!<OEgu>t7)!v?Mns=7^qCCsmyy&
zL1RA@etykV)s%F95`IzDgFA-%*1Cp$Fvrc%i8I+TzEC+9QT;9L(z=80RD<HjVV~rw
z20R+uBWX<-%<5+B{{C|+20BeAl9zKlwLW)kN4e45&kxd->aiE7m5H~cm~fT&G1I!O
z#+1!CfjDy{4AzQTmJX)$XL`hjvBp*5^J7h&*#?)~z3${N5Lpj&<c=j8<UTy%3QngP
zSFEV4K{_hMyoUrVM_|fm;h&Q})Uxa)Gmd>&U!g0sz7Kq!A0nq4S&SY2+GI5!SGe}Z
zl2$dhtlBEj*3iMu<+aPD^{7CY*WC}4zAa+440oYX-wu@Uqgdnpyh@h%rZ{0##?l6$
z%e~dGmTB2b7BAG=IxntH)vh3a$;ht0_OA6T9PCF{qYWQcxEwlMf0VwKP%`optZ;?%
zSj)s=gAYQN?94NWwE7%0q=Q<QKDH*&Hh%yBSxyq#SL@~+;RLjkZ0)e*_Ng>5==Pm{
ztj?pGF?;+g#&<iH{>yf|qEDsl_7kjZ)2qhgoeVnJ;avhwsm-@a7szkUBdR+v2$RrS
zZAmWbr#ctD$p|+)vM2*Mng{5m)LhA?bDHH{k!+Eao`}pvg4M2;IaAH<H%EeUA%PT=
zbG{ktX5UXf+S%G_Zb)~BU2>AvJj{%yKMfobI$k~hNJ4P@orGX!XJPs);P^c}|F?kS
z&wTyYNc?|03Gr`2A2|MP=mW<;pbs4X6@B3Rm(Yhl%m1}|{{#BK`OnaYwcmk8&=5gP
zcuUAmznv~YavUw_NXZoVCTWg@q`sh9f%s@}xbCO5H0je?3K5gcbn^)WyeZeuX$ir#
z?BNlB<UrV){L0L_s5<FeTIhJm{bSsKfB!UYRM&?;1f!u#9>%oWdk*bCHiv4{sVD1;
zhs95wVk2j=Ix^bOcjR_$Hkq714(|m&9OEB;|MgJ)$vxozbMArK=-KM^{&H3Jx?aWm
zQ@OD>WRtW<Zhu3y9shm1>9Eqe%i{QF_S#gJ()qWsuh-_^2NZCk|IZyo(|<aO<SLlt
z2>$9Q3TN>DhmIo3|5Hbi*=I+Q!asBrjsCr(=(Nt)*dRE4AFgWz{OX|tUgf5zxn-@h
z#bWH&^1P+4l8h5ufln1u$v}EW{V~m`QN4Vuln3EJ3bT~Hdbz!$)=ex+q4c4GMWjsb
zR|#?E5R7OpRfP@HT!k4z%-}o|@!!@B<loi}$=^lV7^9@6KEW2IY{!!`w|_hNWAfL@
zpW11H-o<$aHQJk;al-|$TC5x%%U-$Uv`&qUyW}U}%3mA!r_TmQU_xS7>xfUm>TR=F
zEB~S0Fg2Z_>@6rVzb#XPfx!FlWg|gVNd4WUZIvzCp&y5_F<s8?3iQGn){*nyJBnn<
z#ocZUUL7xOHh&?f4n<+dn8|i_!q6`|ZS+x;@*c13?Ug^+-CnwQZ@kUFJ!WRJ@^{>B
z$3N_~J;cYGN6+l;!bUHpSW1Ub%9t?oxP~%XJ5Dg9s9|g3c_RNl!;=AxNK5m1h9|CB
zlA2@4#q=YEtjvYTnEaD&xK0r1U^R>Wa9`j~q54fX97A53I?~xjI!@#tv~yZUrM(*$
zuMAv%`ZaJ^rmoxrT$<bf6B9BIc;E2YtJA+VKen$}OkRD|JfnP<wYwxt0M<Nb$tHy5
zjh$^bJ_o3_dD=J(XECYZ?W+$~nz~wFa^<DSR?rU4ctIC`#Cp8AWj0Fn{@LDE!Kq~f
zkAXZHpjVx?FC%RhQO^_RPP>I@fc~R$PkPXBQ`AU`;Fq=%ElEBQylj{{=fNf$NOOvH
z{x&5ODT>*md8Vngs0H;7j{YLnN(+^FKFS5OZ^IcaF<1~)0>C+qaMn8{TgkP)?jQwD
z+&~BxqrjJNVXkII|Hx2~GNm#`<h)5rv9C`|=v1RIJ@iTTWH$n0e#U+aEc%OON>*g%
zS_>@<vdZCzU)e-T2U=L9PbS9WAL+ct=sMhr8hgZ=b0Xo8HN;@5x90;0o5XLaexCt$
zT8pWoa={<wBy7fYqZz#3$Kk<h-NJD1Pm~{X)ODVQR0Rxujg^Ku>N5YBYme^Y#-MXa
zr|&eCNsfw9Trp)K+P7MqTd~xw!i~uA@-u0S-JndfjaFe3+0+|R!6j)#)iP|qc#|X%
zhV|~X?*@u^JBmZRy&q<Mm_2g~<BT%y^Ebjv8xMAm42NUzBrTS9B_Al^!Y`pNHsu<)
z$ek%stO|3WbXW2KtY&RNxV#{Qy%JrhU}Gh57Q?B-_0^yJcAm_I?$`4I%n&L@DFKk(
zr*$pyRj9g`RDOgmenjRr&dU{`*UiTzw^o)R<w^@)Z6)ygR5wMl_pJ9y7LUo4b;UBq
zP{#sGgszYDvqB4gzFCK$fGj$}0`W3l-vZw}IB4Ufd~D|I727u+e^M>7dUu%n6ikNU
zk)3m*Q(m%ub_xtslW5wnfqZ+X#6{igLZECq{W09(DybS$#H!YjVJ@SA+&)&$Hoi$q
zKWOikL*%t&_iACA`VGV3#T1_c5un3-!1HP|_u$Sg9j%3N>yr*T#=q+O5)D#8x#+vo
z<<+j5M9HBdF(&B?(<mePhJeqOb;X7BXdbyiDvK9L`U#g&NEDQzB36hZA5#p=3FLkH
zNX0AbL1N8u0GS4YP+h|s(6s0vzifEioqOCFH_xZI(*`O~X<_ZwF=rw>suhgJk#2Lj
znknWX#O;ldu0j3q{Tj`dCKPsz)$G~j2JiaZ19mm5r>T@O)D)CFFzQDi&J3c1CS7MJ
z(T=D4AhXJ$mxlLN(xI(49?i*R9~62<cyyCuz;^dBU><>4?Y|=J3IPkCTuVI20;Z@*
z;txHDlGiN}>rFe{u!2}>4bH^)Vj7><mc)c_HyoJ^=*qhfu!PuFaoCU?kubj!_1e9R
z9EONwZ4Jrbdp<%L$;JhnqBJin*Wl28aZ7c8bEzZ9Z_v!sYm!YXcgu|OgxoOv?df@p
zO;x6ij=Q4hoVEEmNGLRzLIpnA<kOwuSyOW|CIWGrLT%R%I0V{igTrlw9ygcbN7j5B
zk$UU8?Pd;XF+)za$^+S~0cq)u%ivdJhfxs%svPkHtX`kNkFEWOWMoOeqX$fEFbV1@
z1DGlnpgGJ0pfZlwDwsm<IUb8TbC{pnVLPOkur&dyshY*8K0sm~gbZa`e*zJj=a(w5
zY-0(^Pf}aK+={e7sUBjOa<QC7si3ijnVj#qJ0j+o0rENC43I*MaKgi+Q^bUBh2u`Q
zp2ja3{XI!Zl)s{1tspG<bIbZM;|}WK{WxqarLYAj;W0SBzy9*c7#IiQ3}*+iN0Xj4
z`rIJ<2kli3d%s^e5y94WsGR)$5idymhd8~Q#PH|3JB8wt&t<g}AQz6DmgG%lK-06=
zi(;U%;aSx<_nLrNf+!)Bv(=zkruV|t8i2A9k!orzg%Veu>mXkS5yCyXwN7i?Cb#UG
zbblnfik)1jG*39M7Q<wu_(|>TpyQyen~>#48c@xOO(;VBIO%_Do6C>`-rXd;YTYzA
zVr$08=Ga|l&1sqPn59pNa1p7wN4b1l4iifj@cvpW&4r7#uKe)oiMX+Dm4%8ti{$_C
zv55+%0my#rDD!~qW*x{*d$5qPf95UU*m@eqIV{Tcsz^v20CFiZLf#!(pp1V><+IZs
znY=aV)+{#X51qq-@Fj{y`HLN2Nx&fO6G&X2PzFE(6{KKko^V1Ln)?^EBNV)BKpcYn
zMT3T2u6fsnZFL%A1d|#a&|CpEX!gD>&gf&{IoX7I1l!w<WSg1fuWVEKY;+;I2O_7M
z3fk5sQ{^PiQ^5fiR@q`=jGPkb>`jFlvt(A1FDb4kS$PvP+j*$$lV;5GN9`Svw>_Oe
z%;DG|#%NXz4tylq4yPGE>+QycM;dRuftb2ndF&V>qRMfX`t-_kjf>_=Rszp0^9`nL
z4Y5MgRQrm$hZI1~q2w>}m+mZb$(+7*RALktVPs^(+3|siiRx;oBJ2~jFH&@8>~ybD
z8&5iHlx#?DO(2$mvrJm3-Rj*!bm7~d-4nlkAa$AA2BeW$u`iY(rzi}aHjTl;2xD){
zq9g8T1>F(4KL=sDMGJTZdx&us)qplgQRFbkZ;uHbtP>;ZYEgTZwxM`tjG6&!F_oRY
zV$Oj?C_3^)!95T9Jo7`_@j2FMd=G^Xf?P>FASF{7Z*uIm;5Y?cZ}Hj~Qj}_c1HrV1
z_bQPvBoM}Cpq@GTBH~YD#;puKMedY0fFMLYlsC>WrIEIm*FM1=ju@|i6}b)K6!F%G
zBs;~v0>(8LT`){U_`P*TG`m*V=OD9aWCTMj9)9sr5DSVYUf<pqkk*~=df#kn6?0XE
zdLK6+wPYbDv<zN0jbY|&auZ#{o9%7`x!hg9?wEdMeenz2glx<~(uuAOOf$uoUmYbq
zaa^1)56W0-n&h$$4p8~nzz}JjNeWg~$gZ=F&X$f+XFa{By$4)IBJY}5TILI23b+x0
zmabnvU9XG!-}=H&7S_s8Pv)vtPcJ%jS1^-2iY@yo<8k%X&VCxA&|MKJVCa<jU+ZND
z$Xpak*V;1oxab*r0-p@+5JlKXZQOGU4m^RCPky<!GV}PVqs8V~)P{kNh34crSc0Kr
zz5t<sJ04iUsgGBtY*AZ&EpmTiwE%T*_U+v15wF(K<9ve}`+C$cSrv`Ic9hHFbrk9i
z=|tC4Ol(t8%w#o88dsD{2t2UhI#aU5MyJz0Uq$`iUyzZnL5lF1qmGXiCYZIFp>r+)
zY?(TOzR?_{6z)Kft-Td}SDx0HwX;OKqf$MW$EsJ`<q~O3(C1NmCE{CBhDyOqh##x?
zZiKeyCQ(m=d&Q)fdB1+kuOumHorbnx!k22<AVZPm5*yThgwD4v=<T!;yrf7)MjUl!
z=YyNFk4I0qtfodj+@@NzHN0BQ)B^+cV-IaPc=EZar{OmuGQ051*pV6}v2C8*;leyC
zeOQgICfRgTv+G~T0ee<EgpDN*r7BYkcc-q3r<Sj`n5ms^O@91+4cF7;mBrIMnU}M>
za(x~XHc3HfWL-(fM>RKzhd);_KMx}?0KR(u;|Ts|<oZ3EF|#oIK@fgF|1<9We)6As
zME*>KzhC3wfua}ve<S#x!WGVc8&kmf4@?2)e`N|jkBa;`j38!j<7E416BME7mF)Gb
z9c=aNjjRpapy-7@UlBHPHZw3%5EF#@ge5+I|3;1cS^lrx`=3Vef5sI2M_I66I6y}T
zDluT)=%_eNpS4Rzd3!ivyg?YGNG#DO76!s%*@MAZi%jsvdo+9xzwSoIFjWU4=Cdt$
zsY4oeWX6`lnnG~)F7={nsFLe3qsrWSGp)+z_%MH4=!*A)-($ghb4SQVay<9ZbMV<9
zL-<#Rxt9#%qvx|GoaN2rY_OZhh0llAN><ZmZp`Ic^mqPWV`KdH=j`7Lk=mK*RuGOI
zPJ|}W0-XlIbllfIt|rt)IxV|Ca(Mfv8b`xR#~OL~n)7&+6^@uYpSfk$ETmtpzKVS}
z&HldfLq|(1e5lQ0amRGlkeOwLD9CG6>C4Sv0mfA+303&&slUXaQ*GlQ*5-Zc=%+(a
zP+$QVVM&9)r*2{%3*XbR@GB|@FiJb5R^3T~Dbd2@o}9i(JuyYD!%>00=aKu+w>-Ym
z+h&c>0VhiNSW4k_+6J`uz_u1hw#5f2e+qz~rX>j2&18$%5w^&Mov56Ol?ug?KM5bX
zHU&)PeAdc=z13h4&f735Q2mc>UHWW4=>pqt4&eEAUWfWoDO9nd?X-o<leyYe%Y5=n
zowK@Bpj!GGOUZj}I7oUOwV6|u^<+bICZL&sAoxy45?*=0lFHzQyk*(|q>g$Ko_4~Y
zv>rOKCI&&0<cL@Q#3x@MeR%9$!bX)JTRUk2b=SdOcuI^K-XloT+hI0sq_B_3IVX)R
zaO~q=Pm1egee_x${DFGiebf~`biczW<8Ma<k_GW5l;6P)Hqc1cY}%?HsxBpSq(Hr_
z$p9`05dvRxtpK_(E-9j55p2JQOdWdd^8t_M(%mlFh)!kD<M9;Z!O}1Mkx~gAMfG;f
zSjF>^`|f%;wfPPkSR4f&V-?-SN3Wf6Dfp#$@4<DNY)Gf^lKq$IN87#pE&tn3Ywz_J
zwOhsdj{CJr^v55cQ+mU_#O-CJ5B-O~EI$xPz<2L{(uqZ}$F*IXwW+AWTQVn!<ato6
z(t1Q<3%ATcY@Hd0<Uu<_zQa6v1A=@JH#J`eP<;-xIYbqDG}B1&AUFq5P7%S>m{Cur
zyU<%~>2pgUvd7b0VeRY8%j+Q;$ig0}PtjI3uNaBqZA~hns_f^~4xcT1{R|-%o&NK{
ztUf;qe>(!1FZpBB`Xlu6_{rhzyU#8z-yvcYoZX<=?G9+S7{@kZr>kGzD=nFBG}Gp1
zvv4&WVD`;VxO5ZGsrLisb+f_b^W8XdPeQM*rMDgLS0j&hmzC+3=JVX>Bi`V_u0?Pg
zHtQn6<Y!h4QtBRao)~dPg%&({AXX9mHADwSAB65jHjgs<(3EaQG~-4jt23U4uYr@(
zpXDHuJ&mXtz~gXz^8P+h6l0iQ3NPEl<?KxDMG+@`3#IX_RgvO4slOlx2-MBH6$%p#
zY|*Z2u`sahNOkYQs20;}#v|UQ5DMoh#VS!C7i@W+2`X8YOsAS#fgYB9qvCMZqRjy^
zpq<>8>XVowK0zm+h+847(WEi#rHG)xi5;ad+8DSxAG*5XfoAmWglqzRHj(wZg-SeO
z1m(Vy06l~f&TubShpEx7tYJ4filYF<P`LKav<$Z{u=L8xB}kUKiuoAydA;R~yATK~
zo&ZMJg#nQemR4$+%0?IdD%IkZJxk7b<`HSZXDH(xG8V#bGBE-L(^_FZZ3dy66YJV(
zoi5(GewM`}1>!M>BO-^KAy3H3qJPUM7v@W!y$R;~C8+>%a?g?gok2&`D+05#eQ%2)
zos1M;TJl6b?s&7NgnBABN={@bfQQvF!1vHUJK?0{HYc6|&JE}LOV2C{Dq0@`e(Ih(
z)xsCKEo^T#K<MyNnHw$SOhM{}RG7|!o~mUioD-{W?L}P8(pR$REOR}HSf{L_e5`A9
zkW&HxkDy3XGOlo@M=SSGQ-ELT?4{9!ixKs>1W*?!Z3~FzNkL_s+Gmxm0`j=bD)YFG
zQMX4{-Fl0Fv|{Qwbo&Zg217cb56(evZ`O^V$m}mFgtEdCCZ7ROsG!ACK+>UuBu=3A
z%UfDieJz^9H=KBZaEa2N8s7pt#0|&|L(i;oX#{2#ooj_&QhP)#i80T2E)nY%VIWTf
z3O{sN;e7bbyn**X#KfL*6P!m)<e)slzQdz!dJlqaqloIaWwCpD^l#$TWV#M-&Na3{
zx7jVPTkvfsxQ1PB?kbQ-;MqI#5|-Pwh;=k0fBB)+pQ1Sn$$rdiU(4q>NgbL-C=x?*
zWTuB|fLXD5YY<DdN>xB=4%#SOnIk@*L1XNdohUpJnq?vCJx+|oYNDWNj8N}CJ<h3b
z-ls@yY8g0NQZyvxh|9FB>5ut7lPe}%n1)9c@uZL@PgtoyU7~CbI<ygw1cFIj7qq0h
z4fs=w#D+YMnkx$ECc3Z8Hzgd(d`KQD4lPu2p97_-YPW`OCO;RJ3(mFB&_J8)bQ|xe
zWsG@xXHu756wT|}`<D78IAhqM<}d;u5i$FMxht!pJ9CT%tQ9eJVxwVzV#P>>X4OFH
z%2;}^;7q=^yl%5~f&xLML5}MhvrO<r$`e*Wl_#sSb3u-#xO>!rs4t+bOjD8Pn^R_9
z3zZDD%77UuCt`8ho^S@#NN6WYl48nqhELid3)gJS(cGwVBW~DXLC@#IAb`Z;7bTtY
zGN_tGpYtwV&JUz%Wm+-97D)@JQF|pRwJ3!M5v!ekdkR~tF+JYmE?5n?xmUVJM)0n2
zM+}l;6H8|Co%oLBV5^*drw{}67+rj(y-KTQFfhDsfQ%a06*Y{+Vh)!<*=0C8^vNJ@
zp{iYt*!UHzje(KRTi&+*$j(>MA1&f`6v5&92}8{fcWE-fFC%^GT}H)v6~ym}bx0+H
zvtd-UJ5;zqfTux$N{E)Ib4bc^mGYpdu}~33mNk-vd6wfL)}A#Ta-~Yd5LKoLvkg_j
zdlF_qw5xeWWySAUEX0jc_mf-WJD-2>9GqQ^b=DMWL**)ugiBQ#9t>zjVrrQzQlhBY
z`qxG79*A4>o*B?WKR>IFge6V*HEEp2t2_B`!C*_Q1a~DZ6^%VxK)`V@3P7N5POpfm
zA)ytU1Dm|s5Z<Fx=6pJ?k-Ruli#J$7Y~j;`iP%k8gDVLy+nm|1umU!VmQr8wo!aT%
zE7xFQ1f>v=7*}mRE&NpGIWm^3G27E5#WS%732?}1NIgZSG6k9XEoJhc6-3G$GD>9!
z9P*{Tc9O;_ap}5=`zU3mGWo>7l&R`&l34ksGL0HD87G9f62}s`ih)`&?QCbf7y2G+
zwOR{71P1cUit~KJUyOviQFDK^H<Z$$+gcItl$`DqMT*O0Mk2uKrNTesUdFn2f5jpB
zB^x`Qgz4|Gs^>Xb{<=#w!X2I%FV>D}o*p?;LwSl>?Ez!Lv%M~^vhQQlHHGKjxw0R@
zsnHDAL3NWtJIOm)UA(Z8ann)Vh87oNs;Iq4&VC{%Sd?gQ(U=9xIMZqQ4)HS}2G*))
zv9(GcnO9>bG^?^?ww`b{;viJ%-ZF%*-}(h3a|q*-16>3wPK>o;VR{*b)<jV_klTjb
z9_<ClWHwV|QvXZxfWyaXLYVZPr3krwQ(hys1*Km^V#^{N4S#!u01*?z_0UM(u$H(D
zZ9zF#LI{rUF<uc|VIFd@-+Jgr78Xj+;yw9BUC&AezkvP}XA!AJ-NxZhWqc|uul{I{
z2Xu{wEPA}_tN8qTG+_q2ItOR9?Q|zf#u+p)n7h!grAM%BpAGHGZ{@R_onJ#KHMq~-
zRp>;NC9<)3C6c96QA8ZDa6@HASO}>Q9m9@<Un#SY2{i-|>k{`9Vo;M5xti)SW^)q{
zSjc#a<wP8@a5=?~mq(Rm(L@}}R>F>yz#-)&#h`Mj&ivjQ&7$qmSJz<AN6|oUkox)6
zC`(h=C~`v2C^DsS!UUI^C^kNcQ}0rcmL)@jq~YsBO9ejbbuV{bzb5!Ox^i3@Yyaw$
z+G-A^a#Ecd<duOLbZ9X<Yc-<>b!|@--f7o4tqmOlcHW|3_s_2?2Dk}=Ee(SzwZJ(n
zY-&iT&kQ<kS3nG=(~R2Yt>+U^zK)$Rnt^J-4AOR#Qocl}25cZG3R(w{-8g}epE!Xe
zy3+DW>%7AO=19rf7hfXe&=qtouSCDpr$n^%m*m!>O17)diLnri(P~#RVwxx%RO~Fw
z0$WVx&LZ?QxS}eBe-jwOOHlZ{!`27khZ-FDfy?JztMi$2+oO+bKpd3G6chl2a(J<R
z_6r3sZ}eu%bt;Mq`=4^f`fOR={6uiyUfB2SX(KG{R1t&Wsbajmsm}p#ukz|{vvFDS
zeD5QmKnpck5u6aM3^|9jvJyAb7Xj%|qh_M@QhI8=`(Z7@fM#{c&922Tqda@~(4f3w
zX&#((z!6EODl<|msg$=CurIs~ITEUh%Q#a;JV04mMj>OiAZaIQp%OKh5|fdWw$H+a
z6l1EKTe^xgVLxm9`QQvAwZNxh`@FlFS<JER(Utu`TS&weml&kiwnk}_7uXjF!Qa^t
z5pB`VxA2J3y?c$sW+p@v=tH+&VUq9x4yE}NxSnULP)98jj4wxzKOKdxTJW^L3s93h
zqJ0>Sdw=go^c<G(5(q#OM&nMEovQTbG4i(`HR9P4Nd<P>_dIWehv_^TZL}H`@ds6m
zSb(bN5P|G707aKy1<911o}csP#G|=?3F~;4!}P`!9B=<<!JzcFEut06{TMB5p631f
z5`A+Rx2dSxw&X3{6WqQTrBVwA&aKvAUY2cn3uz?{kF!Yrrar|N>|wG#@WT&8U4<0u
z2ZJ+dmrA3wu%fpCd>zBV)m3?@J{;X`_#A4cg%T0@k`8&=Ac|N4V(#TWuRnXJiROkI
zn<HI6(lBof-;BdY@<erYhQZjy@y?d@<WHM@-RY@cfFn!ZqW>hE_=^u<`^+i+KFa<R
zKH$%+{MUH<|H6s?2q*q+d;sS^@By6vl@DNK_?G~IKkNUseg8u`!N~AW2m#G8YuwLX
zQ$HWr@!lj*li0{_O*mMKC7aOzY8*M@VR`pEb8+nurprMBztf5A{i$Ip=wCuf&w&7(
z%FLgTfYx=~V_X6{ioiyyLvdSqd25@D^5aqQA3<o_Z%QD0sCqS9U6UeH=w|d9x%l!L
z!K>X|D~ynm&RfAo%5iaeK*HlB=)-#xuZce|Hha}WC*$q>wX5WztxFMl(i}Sy-VrxZ
zb|j}(2K%y(>3nLFc7E^i{6}`<Cnccd@kt3Z46!?`BGdl1Bk*4@JD0EFtGB+^d0jV}
zccsz~)K7pGE@wKbJ!<{&gJS*hgI3uWG?jGyCqL-?MaZWgRQT~r1=AORPe_1$vQ5_k
z9oiOV_>Uh{NB}%ehCExyB#x9qkn>J%anfbfUSb%TJ9yQ8xG6j~ErKtHZ4>JVx^V@P
zP11u#fCYfn+`Qj4sh=Yfu}UcM2f<L@x1Cyf+{UUoD6TB5^>OwmH8!6{8_Sv)*rL9l
z4}Dr1A46rvp!p8J^`KITUx@$cK?##5L`4+NsXv=Ja{pN~2Nzh#eThHWzCRj8DBLhd
zNEV<-2?GcnP7c;?DZ_XmpngeW0T9(v_isDs3jtd|>@dY`EkLF{mkZS=a7NP*Qp3io
zq#}YBYp~LYSOG<mI3YJ*ntOQw|IYdF8A{X+**{<u_i!Nc$bx+2&QvvsI#fQe9noQ{
zf0_~GN=ug|258Vg;9mi-!=XxCRm|hu*M5AO5hNnm?~Y;3yW4}7fyXcwc{ND_qmH_h
zM^tSjw)ih|_co@^J0iP2p5R&VxbeOe{d|33`BTjyDRHhnCH>H8_G{X+_GWT4GqLE|
zX&?8kvu!6`=jwGc@lj>NO6Aj&(8czv_vcSUwU)UzpuO);uh|Dnjn0?B4<FhKo5C5c
zK^%MrHLqvymbHUnhZL7mic#U&jXnD_Nj*6oB;Ck>`ohLP5mlhRnF1QTz|DbL7pgP&
zrni(FhiTzVTomvgJf1EFSo|sGFi}-BVDbZ(P<$~iUop*MmA$H8;IU%6c0m>`m;#@0
zcbMm~hD!$~fWMmO<AYBReu}zqvHkAzs!Z1s`C8n(3e?*7SU%yEuqgnWJ^_9^{$bow
ztL@0Q$|Lj!o$4v6=;m~%9wS&G!2=e@jw#a)Y9<v+womOVg32^VzKC2%V-6S)d&Dh!
z%Y_-aN@Wl83yMhBY#apvcmSl?Y<w0<pS5AcDJbWx21M;)A`Fe{XYcjvdLTygAWBZi
z89{iIY90%JYAAM&qk>$)0<!7RU@ZW$xWbX2ff-banN+a&EJwuF*;+-&psrIjF6Fe{
zxm}M;fWG;Pyho$2UxYo*RL+x3VEsBC8k>}#xHB=Zc?Fm%h#0)M_2pok%}88ZebIUb
zL#ev4(mr*_ml+2*g+ox}yrepyHq&7aa=&KJ>q%o&wkPpEe$zvuXOIXjS9=C>kVa4*
zL|r8YtIMpxUZB=y>QN<sFfZRNXar~w`P|#HQIi&;F#qv>)DBJmLszgVyJe5O7QEfa
z1+j5fro#voI$si$eK7E}a6q9X`BaR8>a9=!J#T{$Or<dhQ-LvzLf2MWVI)WN*A%@V
zBi$>4jx*?G(LNG--4ysV`t2JVW-C>2I}Ss^8n`|yU`|WE-giJ^VbaCzmuyB#RVzV*
zC3QL5z*RnN;w+(W<r8$+?=jzXI{RsPrQY;_1EZnvF;~QNo{4kdeR&QpA-_*X^6EPa
zqT&hU1iNCj@18o_ypG%5i5g9l)T<`_Je6$0I@z{Ap)9ylMa9udx?bHnO$c1OR-xv%
zlMQ*(8qTUm(DxNAjuS~9kUY?Y@&(R0sm~a@lFdwSrt!I|Ob95U8*?*y0WE2!fkaJK
z7TB%>;c!QRKxP!lvsG)v?=@P$8%u05EqbZQ>pE$max8q?9n7$q%V3rm=8XHc@MU36
zD8|qoiELR1uyDBW2}yGghcc5o)?OyBZwO^eg@oL0((sf!orJtJhk&5)PN4t<I9Y*q
zX-JY!kN?qBO;Yff3H14G!8WdJT~bmPH2+CGCJqV;OhJ-<K+=6qlbSX(P#k8Suv;a;
zdl?k5d7>f^qEBn99N6~>CR>;|gv~RMoc#%NhxT+_)j8Gs0-mIx%e&hkhnx&tihJ=H
zTQc0z#~5LaFzL3r1=KQGk%~KmV5J+m-?!=6os&twwnqKDIy^jrF?=y>5kB7Vu0mOb
zN`dc(XsEgfjQ8kdl4+eFlTTGiL=LsOkf|=E00E|;5Kgke;Vnr(&=)Ldb!Q?du%wRT
zh(y)nNSM6F0r&l3n-L0iMGRBdWW$KOM*owM$gquwn2<bZviu|UCevCLxfr71L^5G(
z%a=t<uK2{g{?~;JcY?lH@ZB&VoLfUCw7{@4|9LOa@@By%Kdpq=49aaoQ?0Ck!>=)>
zF@<|=3=%OYa%AExT5#Sq324iCz8s>~&1iIa%ZE7Kn|C7*=L63W3A+_NP<DlsNHs20
z$bBSY3i7EWJx3=lGl6zg4LMc_FVk{ucx-to5ETwo0rqGf6Npt&DI9luLW(B_;(o$p
zq%NFRNLOuBl!@d-OM0p5IJVF5sd<jg-vO9f`3iK|1lR_Z#wzvjO_E1OWE}AO4Z<Id
zJN0iQOVh|*_2WZF%W{a4OVDZh7NuQMjPL&!b?+D?O0=wrwr$(CZJWDo+qP}nw(aiS
z+-=+5ZM&z>Ju~Osd3WB#+&A-QBI-}Ah!ra%v#O%LFTcz@b~{;x_cWqTujL}WzKmY3
zWus<x$U>#{Z3?X#yiI9W<(kF<`cu*{a)(+o;O&x4nx5v{1a`k<x9r~iCK~|RN2##K
z4$9Tpf;E%YqUl`vCOc=>Fs%lPI;!!g&SMr*n+msu@ziFpnvqQroir<~?!G{gbMCAO
zHKEvqi!7$8NcfX2H_&x1P5v3gQK6K}tV}$nC_4e+NFpE@Y<XL<Iv0=7&gS_*>DBu<
zEQ!bxU{P6Tz9V7Y(pZ=omryN{p8~XW_h+_nn_^`miUtFq#Gp0fAb5oJdHFP5z7OyL
z&)3HZ{^i|Uv^sR2=9<~6bH{u9EP2S_I;>q}rvB7xXgsxyqH8!yAvwBZiX}rX=YnAa
z<2KH{$}$QQtD!*a#d~_kR)-jSeLtt>lTS~SCFW=H7lAOJ>#}-S$V29sLd4<?NGcff
zH~~mX&b4zgV&jYg*(K(pM5jO!jF2EXW^iC6OyFo@dO2o-AjHI)<F6uP1R(8{vqT<s
zKpGQ1Q0j&P<|GiIWwI<nJvxPI1WS%HMpJ~@zbrV*6kC+(lY}Vti6Z60QDj!ss93`t
z>x;87Iy<F0C&gjf-@3pZvNL3`23*upnkG-8>iK~}#)Q(K=ragYNRCXu>6FKu$RYwq
znK&;Jmx2`p$t?;`S-|i|g2zN4tOtGtH}Uw^20?(jW{7tq3zbo&{!BtfF({f)%O(qi
zb1p?bNMcd^*+V4b$S^U^NFG6Ji931KS>!$(JjRk2RK0BgwGdGIuy_KnyngIcEXz0B
z2zn<Rrk%?g2gcPr4Q}X~4)fS0#S0l}g>uK3x4#Jo^^}o1I+UTk&-b3qbJ5n*%7K5M
zSiWZS;VWh4<ctNOVbfGxIKj3tIz|4{({w1O`nx>x{7rsIVu!4Mt|Nk=)w2xi66%@^
z$f&_Of}$^<Xo7ybM(lO4<L8Eh9kB%cgsfqI6NDl=OGLblxbUMfI&vH0gv^spZLhNE
ze5;bK$_sfl<t`Qb;LA0->mdSr97cpqglQ~NY9K@)ia9+hyR*YuawcmAkw@&%79<X_
ze3zyruq0e2kEdOX?A}qf+eFACm|Hp<s<oU?=MfNR+(ZOR+#WMRb(@GvJ#-QVty7n6
zA@3$-JcZ9=;lS@O2H!K{^uQFIzwISi*6-@MD&X=VOBJ5{$P<jkF}~<{{BQ%dmy1G6
z3qBo@mtIDcPkJ-}UU8-Ac(|p+Q-XO$!;y=-Rqs$Ul5;IQqbj@i&^oS8>+QghTvZt2
zv_=^x9y19TtgM8j6(C8<n_xybBXh?<tQeoT2jm2}2d&bv5<xpNV(pku6<=Ty`UOvx
zUIGn9I^#Y=H(gAo*6?_!2t}`K+CCdk=6r_|^qkiOg%CQ=n3M!`8@K>tr`{b2``v+N
z?rTZmS`sTjGlZ4cJaKeEtNIWS*9H1s!?{F%v~dNLH{qPpe96#4OrVITtUT%IWLM6q
zXDvp>4_K9V;}%?=CFXYvS^qHej(z@sNN1sdJQ)Q`IYodA5q0_Q@K$7Oq^>J$Cgw?@
z?=a{`R9%f_=5{mOsYu|8blLK(`~-Dz8N5jK9qXqKtvEi#t`0uW;FY~x(=&e0v-`w#
z#)HYol82AGL2#_1x4@S{c<{kZ;a@=fKO8>Eh5W9!o%rh*x(4g`+i{$`_TJv(uF~BC
z+`I@4>mL#OFSoFmzmJTnx4im`_R_;vnK{DnJ%UD(9Mti5$K|a)n9AeH%mxjBi1PXP
z-=Mf!0PkdGlOVBD9C1b2euj3^@fp6ew+I_*^1!V6My0BX=zU42E4U@gSH&?=F>}P9
zO<IV5bHWGk`3M6mz!W-~2n6fSL$6esNLz++BF7+2EZO7?6*h?ofrwGUbNz9VYW`Di
z`iU><T`17_U8gK`$L7-gm!*&#sV24RD6OGX>_)Om-M<UM0?{jUZGsr@2$4|B6A*XU
z_~zE&{=H*vq?*fyAni%h=j5j;!UulT$>7R=<OKc+0sjFOf4U<4Ymmr40q8$g|D9yv
z-$3fWVCDbytib=7HVBLi|Hm{7j12!lw7|&l->ViF8UD9q3;#UfUm^UTG6VnL!i9i;
z2p4cU1^qE@CsbudEmz(N38FwqSPLzby<_nnh%koGq7#rg0f7#|o1WMY#T{*3+?Fo)
z6pB4Ll3-a0G<-V$dQ{DHv{j1PS+0d=^1*KevjX{<)%|5>MG_K2uVy%l7`EaO@zY%)
zb4M4M;G;*Mz^<WStV5?eeXjD<{0^7eUex>W_<C0JLw$Vy&c}*QU8nv_aTx+DSkNd&
zWmTx~D8Ca|d8hKZW%h{3N4<37jqK=iwx9W?E~^T%`HGIWQD^cgEUTusMBj(_*tXL4
z^X8AKX2W#SY|v4!D!d4wx)YbUp;eq#(4E&c%u8>zYf6&J5(6!57%{DfmueAcQV{qD
zLM>t&#Vj=3Vx|K&imi`OKgB1-YLW-V)G7)hA2M=0C?t=t36*7=$JxP1MbVv)cva48
zh0R;nFz8aq!q@k<FvArB!4wrsCCkz(iW!DVtF31xVE#q*s>Y91THXhk3I$VJ!TzxM
zAqB3j879Dn&T2Q#=v>~?Lb+fWxX7_C1Ba^i%}1&*iY!^yONx+kL!Vf|eWEdtRICtt
zECL^cAuF(uEo+SJWg&ig<%8g}Vn}}FgGtGP7sF)Y0eZj`I8inY%~D8b7|_Weh_-<2
zDYS!>23f<TgqapG;+$>p80901jfinnq9uh$ki?Y!j!z+b9*cIX0sjMVIG75vIJn5Z
zBL8W15wPZG7PoXU*9Z0)rN0mr&&RS6l3ZS!s>;14BDzQvG#XzSI0aoQ2!ZwlxNK&k
zpsHH=Lklb`D~%_e(x29;Pyk-DW^Q?4;$9OXf^ZS(NP(5ql!AR9p>WFkRramEZ^V6z
z9Q8^fODvV`&~nkQvn(4b2>GnPk(KQ%=c#_z`qqAFeR^LTV)ywfeuAfIJ>zY^AN7cX
z?A>h-UA{epc|JEs&*v+Br%JIpq>RRtxI7=}G7H(YsLj}GawB^MafZAB0iVG9ZjNds
zq%otLg@{@My9Q}4N}m*Nj803I;u5Q~k4K}wHAxcWmoWnQ8Yd-7azEI;u=mpO*6gV+
zT`K0Piml8!uV1g6t~xl!tbO*+J$S?Pm9HF?kaaMtS|8>0+@~-gA8QKYmiNz5kq@{a
zbP48B*1rA)E+MbX$*mKc^Xn<CUHI{8k9~<vl2yK|>@;Jv{cFi3>FE4QlcE6x@RW4R
zx2%Hc!2sDsbDT#E0gY9rDm+rgX21;2P{vne1O+8?G2MLTz=N9jODuDI8-M{cqd=Z9
z5No%<)E=%AVWd6OK%g+0z!im_aLHblrX>Oguqt{b<}oyKNJ2!uMGLi`GPN7V+!Lju
zr9Y8bDZcl!35d&hu%7@UgLxJci#AC!a6@i+I*1(mMY9ARGc#q{)H+w3MEEoPXr4KK
zgF$Qmp)Isa2}01t-G~P>s+vp?H-A_cnK0Pxc%%GvyEY3<m(n9Ub)VUC*s6I9ghHbk
zG@BV=GQ1%H<S7I5;fjYQgfz<kx(B-`XDlk~kIAHeQ*xYrGy<5w8YezK5aSie;0MN{
zCy>$y2_nNB#T+Bz8GgKHY@RT}rDWk%&3T-=<+EmEccWyaw$JazC&wgPK~+Q`(Q;C<
zGN%M>q;jfeZNVcZ7W()kBIjJi>G66u_EJTAVS`D3&yk2qYaOH>kzWhdCuH5$3_g;?
z_{1$?Ue|=5Kr@$v7o#uUTLxxl9`nD2lOI?tOuWKm_-eN0kI-d#1!IAeB~E=O_%&v4
z|E4@l@DV|nXTv@zsjW~J@mZpuP0_Jj1htNTpG$%(HYQNyGboF3z?#L+*^fZMdR-4-
z2h7#O4{~=7YhWaSA_88S5<L=vEGT)#J;a#d;FJiY7jOU*#|wxJV{%ZPDiR%Se!wt-
zO{*L1!aNS8NY4nY1iDO|<g6`Qwq}i+D!|#?2(L{Nq{+_WiitX{8PBS(1+%c-E}I|^
z<i)1qgp0;_LN24~b4KE|a;55!C7mo?2k51)&UA(!2d{c&0VxC^@q^j<_3HR3=Uv62
zs6<tqFVj>AR-9rDkhX-S7lWMyUT&9UH|ZOZrohlH(^VL6gG)|GEK_8YV0t&o2H;|z
zOOpH8ymaczSVb{r+-#4|Al_vcSImKxpGXGl5wJ=&cE#oCeBhA1_O$DJcI8obP;Gxg
zxaF3S;TF5Ms@$u#{L#L=$2;hdwA^kgKCFqf+J%?ssLKgbgDZs<iEwCIrwxe+*DE%n
zBDlTc&Qb3(;v*m^6l2DvKtK-+WFn=|PXN;A>gg7R2H<R`XN36;0E?2|KgYlcU@BzZ
zQX-(kpH3igmi-*_^FWwu5dz47J{1y})DM>Urt}&|j|%}t(V@`9=~om9_-HLxoVgu;
z^rhdMYR0uoa0)yA8Sc&3zAOozQ^Dps`GCQ$c_zU0`0EL8<G|pSEdBUJ7SMRA#2qmK
zU4}<CAQ9|~&+pq68YD`^D7m-xYFT*AxESBvQpu-1h+tIIeqk1U)|)KV5;ZRK!pWie
z8e}_CtI(HqM~!x)1n`lJ>5_<6Lf-#oaw>^V_Fei$d*{6t(ywI!`3@849Y1IQ)d`=N
zEPUM*cca?|B73#}iDRw|xp0WwEz>)wn|MWe*EZji$YbTWXbli%^DD2VK0N-xe-_oW
zM*3k(ITcF8JQdk96f8JbQSKDeIJj1bh3L}9L`W^6G!X~PN+8EE=FqzqG|~dJP(X*B
zBkyOJu%P$UD-JyfQf!!Yz9=QpB}QYearA-*7-o(cO`KkBA%TzdGS#$O>t;KxUHPOY
zIJ#zAgoV8r_(XM&O6o`oCG*e-Rg)M*rJYVjkwtafye^zgL_H}Gt(u2IX_YhFd}}3q
z75t3{{^Ez=W0wkvDjB>&u!~jovTFRYL(C;(ZNvJ4Zyl~B4e+QXP37RVtocP=A{U-=
z_h!bQ6O;I+LsePuh6fewc5<DY&NQOGL&YP_hmOf?vG80uwndK?^H;qOah;o^9h1HX
zuhq&AImK^D-3Z%Z`_gHhqtuOa`9M)>Mn!?vxU!bq1P)QEzeUz~6*YvF2c3{+X8nIN
zPe}3vMgOh=%%u85VvEQY5ROhnW0eva!xkM@<01l*{o9G1BZ3=0P>!1i2Ac4^c}|^U
zldu4(E-ltL+Q}UZGt7(z{vTe_5niSmbxYl>C$*y(VVi$y(nUCkhWov0;m)3HXgFEl
zU}$Z;-r8%!Sh@fL__eLXs7h(diS@fZjM6ZZ<f*4!T{eOd-(t^nO3K=ZJ5W2qE1J4t
z0StK!J|#WCC}mY*r#*(kVUmjbY=42dU8cGCwpvS{PeuzTnFzaALf(6-m3O`D$&qAJ
z>y5yU<9R|7oA|xzyyVVaF{c$<*8pxFT$E<ioDJd{mA{nu?4c4bdx3J+-;{a6f-NZ8
zG$<Yy+$<Az5Jce!Xe!aK66;S<uD`+<Jlx-8Tl>u6Zdks{9fryDbhsR*Owqr^xVg)e
z7-efPOqo;ac)i-9f}Nq&Dh$^&9R||d3JgIdHYXuXYM{6frVx0-EF3<=4Re8*7g(`+
zk|6f!nSbQ;9xY!*+oH3VF-G$$6B+Doq-r#9g9_-AVdPXyqN|L;iQYn-RB&)=Vh5}b
z^;PV0{(y%>z2Q3kDN)%t*~)eB0`Z_9PQQHWSChCr23DJyx1?Jcb=`0!7tg7}DJTTa
z6&gg}DVCzzW7RDfu)rbB4mEB%;E+<c`rPG_3*cx&OLnjVgl+@6Cxe?l%-2L5h!eI2
zjZ`qTrvg_%F|?;Ca}IK-N=$DzbY~E!Bur4V7^&$e@(CKc`w98K?L_-W$cc!3gqJH4
ze?s0&YFC;l1-0HVEa8wsbL#DnRdab$k2*S1N%B)UncWHn;mX>4aA|O~?@Pta)3S4S
zCACL-9I3qg`Uq8CI0RmanO!iknr(!j(qSJN8Ds>SOw;~l^vgI|{^p*5wgvAbWc7|V
z&o}NP8!ky0ZzE*&Y4P^Ple}b|R)H?#(xcR3ou<TOk4>8t(?)o93uUC%6K`$yR;VX4
zS(lMKJlKL%hST6@mb&gmeonHmGoL^YLa7cq^(!-*p=$9#Bi(5;_lg`eFdoc99v};w
zpV^j+-OIe26wNzOy5-`2<j~3Zb-{wI_!-QWK777(#W|vn@}%zPWes-EaavX|M`Sko
z>9*m5?NH_s^$eQ`cIUNgm%fW;IQ40E(Xb=wH`Q`-crO;JC0G05Acj}xQBWBH&NAUg
zk=?+!0m;49x?vZaZHIQL>qE$v^wHKT#=|TAFs-D-{|L?gE5*&k_^%#+|3ppyFEsm4
zX!S2F^nWj${om^1$N1l}|NkgM_~l`5@?VP)=#^azo&W9jABzl7^g;$sCjVBZKrgEz
zrlP4qE$C=rU`;DzXKgI|3yNOU*2vD-!qyCmUeega*4e_@gI3}n>Uk%lADMxHt@A&&
zI{lCdj12$CqANk^{G4W|Vr%iU%j9SAp9%5*M_<qQA9L;hJp6yntpAinjQ`BF|MwO#
z{sYx3{X4}!<3CLNZ%@mA%25i|1|I+Br~ibPetI<iM=$+btp2@CO#i=al2xWv5VvzS
zw=nw881+w)!hi25rhh32{;QtkpTYcZo)Y_?aSTlV<U4-C{;!6MCQ5&7gBTFH?@{?m
z!yq=&e<dI&rBot?@%>td2k<J87*-$Qym@BrlFckmb)USNoF26GEXSkf21)IGm0Uqk
zXIDQk$c@znwkp84{^@fZ1lI>~?P;x@DCW>J2{<z0s;q=U;}bW|`4VD-H@P^dli2GC
z>|4*f;f;45{<p|!hanI)n%ra@#<^kE=|DFVQ9ZKJ#>CJU;t!kU7Y2S5Fc~7WrI<XJ
z>5BPH%q1bEI}a&!?mi`Q{V~~$<dQ20@!mtF9Ombedv($<SGKe+(K_M;#3ke<0;Jqn
z@-GDHa;vfwvIH`i2JS^EQHcX#NGPDf>H__!foKZM@p~VSwVw7%-2{zoohOp-$Ko-*
zGP|t=pIqg5nCqjIq;3~W(PBxun;D1;rO2Mn2c47p+CLs+Z>K)l^j9cwuDECVd)=<K
zj#W@~__;(QRsVy}BjZ1!^}iOIe-cmsJ~q+b;NHoi+uxHsJ(qkNS`)TxYp`nqLXCtV
zfga|F;qe5l`Xm%vV)Y6r;gP>ktx<-7c|k?xh2Sa3J#!zuheLPI#<vQ}&E&4&5JPz0
zzo(k8gS(!$XZ+ajWjsvt%#PW2^s<nG5rvQ}MPcUadM;CMI{x^6QYKrANTf5^JUw9l
zu7gJrdZQ8ABwwh@<G;)cvTYzN#uY37O2t$rm*@0-Ou$C8!~*F%V+DrFj_US^?*qPj
zWwvcM+4ldWe<$d}EQq9B*>S!!UiSDUc1nnL$84L<W7ld1;Ds$@rwji$)N~?~^BHHL
z=Sk>CFBA*k4ovX}N=p$9TUZ04M9vx1$@CngN8IR+R)~Wemnkpj)Z+n??zcfR^mnxP
zDGl6it~rI_T-@x!WjQi$;HEi?W>gLZzQ-H}3rdp$dBD|hT#2o;PtaQd_*_zj&r9th
zTYDc?Pwcc1^w)30UlC#gpN!^IZ=tV9tfhFOM4F)}i|9HLJ?2bYKs)&Pu<!+8b9O%i
z7n*KV**l?g)neX?zADs|P81P4({zS#Q=am{XQR^Pb+R%e92M|1C6OwKE9ezqSPS)v
zP6}ipy~A+>iB7qk;WgucC;!HKg7AjOR40;|5<D|?TToy{*@`&LNj1av#N@OGa8Kk&
zZRK)BxE~6I%$8=HVrvJ4C6#Hgx@ep$vmjoI+X?xdJtJ@@Y)#0rSSiJo>5Aet!~c09
z{eV&%+1l|iJC9g|mI!%z0EvwDf7TAV606H^o8_P7AKzazWC4i@WdFu9J79<f9FB_z
z&=5gm#4p5~-5@i+tT9Kn3_|4e*A)Q|VDl3hol9Gd5q8Ju1>^Vsmi)yO(ml#Ea$(A6
z$oNh(%N+^jFV>b{HmCal{y^sm?{xE_wCQiQmvzJS!NDiDKIV2Pu4;U3I@6G&J;`I6
zD;*>8>Hk3yUMm1SYnXpoH%Hfu{R#hu@rnEioio676=SwbZja3u+eeHvPW))hrXih6
z)@LBb0MAfYk9q;{#Py`}q-;ysCY4T;e$ti>pV7y-BY!E~1HalZaBozOM&U`Gzi;ut
z^oEe@3*!^}C3Fisa~(y#TeU~aesJ_+@PYl|^}+Xr<{43Khj%6oHlSrk<m4~smJl{J
zbo2DQ>y_>;#YgT(%+G+6H2PqunNFV0R+_^(={<aI9ep|QWc+sx(i%#vG`cGrdzg2K
zceH0BXTR!|^27SeYLCt!;w5alaGF13Ec++f*#*!=L|_4^u&;J1+5c&a5!4n?_zg_U
z7b`bJ0pb8MTCk<kj<&M5=Z@10B|q%8XYwN0jmICF_nTe-J|AAhzm;6Vk10}yOnDrs
zF?v(nb?6zuBMOI5ToSx_b5tY)WFZN2LPnpAiCqZa)&PxB+P@K=VI%$d$0<pZD>C5G
znQ>DFb|&cc*sC=cwog7+P*-3teB(Wnxcl2D(@rNIgW#_;y}^0I{6pWOyCJ$lLG?l}
z5-({S*k*e~<{lV24}^fb12~N_?Q6sBz)+2hQ5UoKAkjk<yODkcSR=s>4Ri0aZ19lv
zbZ^qz`Ww5?ZM*1-pkKV2lgMDjL|!<Tzw;6fF0Li`9~f;%09~n_h@aUa@=pY?Y6$5Q
z&~E{nvwkHt7!wEGq`hE1knZ~6d1B~=*@?~U!EJ)m|4wmdd<%EaP;`f^l;f3Dr`aob
zK?y|5=U$^cwS4gNwMTt}@iF>}Tw3K8;A<&rVJMs_qQ7Z6HJdEy1wI?`XUT+7I@axf
z=M9(YA=_;l?vDeECs?_^F4#&3r_>$S8=(^@o0UJsz5*by1dy0dI+l4-yU<fkskrJl
z=r=jV-0i|Vb=*y-2P6e2ly_1CEc-(sJ>g%4JqyADN()l)EKo_?!sy~=>3dH00Qd1^
zrXB4!k`+L_zK6baD*I9^HhM#~JM`!K+V`t1juRADXvdJBuHU2|9(U7b6U!F6E$f~3
znQjNUya$9AEc^>PUn3MxJ8D~erx3pZ!U$Plm;&<hNAQauS4$o<Dae8VK4-nVCKP`F
z%*5M)nd^wIU`Kp&FSr|{Oh8^M)F&#=IKX#0*K*^Fn5zu#oD0&@)(^2A<0d$c62C5b
zYBy_#eI;uf@Qis=+(OU-Cz!=2tOwYltlAYRNCz`$w5P#e=wJ@jU4U-c&#e#gR7e$H
z9hA-w&~x7q3%1Mif$~v{$*~yPsEGQkCZo{6NwkzTX$%(_D=GMDI;%^#2;U|^eK8v+
zcR27^KG==4enV)w%Jvbk6bWl=X^F|a(v8;>lpDgxxVix{yDauSCpKmBS^54{ajv70
zKtummLvy~!%b~Db%Ya8U9)Bt-*vYA}Noc@-=j5?nM=s2^&7zV>y0G7gMwo#L52wZk
zu5CDTV^!UGEdGiGKL-XhiJr>b7Ft;GvczS5a7wl1ri2x?obz(W66-8;BqUQEUajc-
zYItv8&VHjSsBq7f$KcRiVuzh#9mDo-{rphP0~U3SAQw^qelYmE84Oh0-to<D>-vUi
zHO?jv1YVnP0=O8sTuK*u5pE-pB&d>2@972ZsvBl2(r@<m8Mr_ZSga+qXgI7*v~ajW
zT5}^PF!|j1Wd_HOUBLp0;s!4VY&>_HhfFpU+*wn3b(L9xzpOSN{cHoCvhHM;u$rjb
zir(f&J(paarJMzF5po&cOD}Auj>JA;#DLehi^p2_gWu9<cvm<azH7s7!jlsNUl|6O
zIvtK0?U%D-x9B@DvsOmLJixxvP?lM0%Y#+dphU|tP(vGIyfFtGH@r6!3_m|UDxH4H
zML`yl_to}UD7XkY4UVeJFtYY0*qx5P#%2uW7xK8`0|R?0MWf=xHmn8a2S0Pkxi`&^
zQtsVAqwRO+xwoR+erC-XxUF7f1Xt>0r+e<@rZiSA{Mt%Er--tMDij7pu-UU3noYb_
zJXN;y%vi^+>278J6(mm_s@EbLfS9pH25YTb@mz59@NA<UfCpRm0SE|Gh`Xbs$;7EV
zh<?gXkXg*p0l?b6lVU4PvK|>pArc(GP&zyEr`lWed4FSFvhLKH7X~pNo)y4`oc)Os
z@J^h_*<Y;%`xI-exg{1SZ#ry_wIFAVLXxF5!PN6aVFh;v!?UdA?{r8WyEx!@7b5FA
zuZ`iwV4lu%C)mvCLTJzT=w-#(yGv1_3o&^#JiP8&c7e^-skGzSdk_8QpW=0G;8AA6
zM9BmMqb*PcU6%r;sc5y0RiKvxS_OFvBY<R8K)99Gvnk>E6){ev*SbCn^xsjwi@98)
zekP)QA2bUSt$Y#E_dfLFdh=W^q`;RZM#Z)d!70>7(pO7?0Gb_*Y*@8AYu%2HUX_oT
z=IU{^oARxRHPmMCwpUoQPm2L61+D8|*agVU_V@tQg21jKw|5ELFx}pZ!ME=&H^!-P
zczsFwO!XcD2eIDm?7sZzRG}(TbjkDD>BkDVVENZ1g)Y?1I|AiPoqsezRln9<qpO)3
zs$hz&HY7V`+9q}va3?XiUU0kzs1RoTw?MMGXXPwm(D&7o1RMJ^F+fFfnIZ3yVhJIm
z4fyZKADEYNmWUq~mWH^i6k&@W@9obtupC5iK<x+g^|Rrb!=|xuxWWc62;I>gOXV7o
zJKzP8kM_q$m=aL4g%1f^Z|~f(uho23FXy^fFBiLirxd+~QxkwTaBD#!p(6>ePK6Wh
zPpJ50U(I%B+b(o>>nQqk^GZWGa#4qJ=%faA>mUes>p+2pg^IXQkXY(oE99L&z5eQ&
zDy3+of%s5x4<%-2r;ak|aBZAR7um#%+ljkT*mvY|a%^nE6cVYML5B%7mQ^7|?9idp
zY11pM(DL!Sw_SqqW2nG<Z7_}rRkO-sDU1of!4bbPA+)f%vD;ssk4LnGV=O@2Bfrjn
zu;iNa06JBvQ4{u*BXU@u5Q?3LuVqzT*HAH3DcG5oIhRobq&=6SJMbhyJFlbtyH}R*
zxx>dR?T|#RsR&27Ph~b?aU((~l3q?dA;O5l+v)B0NSUqU*Zp<Br^jBssrE^K@BWEC
z^!@7_y}S21?`;>GZ|HXBR>=tvHZN<GPr57}^_UR{yjw=XXTm06ZW4H>hMjDLXP7Vz
z1UDdYVsm1C^uBF17nTRtm(5QaUd8a$-2YJ&I=%2hz1Zz+Xb$eUDnBs=b#i(c2+)rO
zi;j}=a!YGrLaGq3wB1cL-oR+jdeYx%^rlC;aPOj8Um%I9Q`U7a@{b27HN`6VQ~DL{
zEs`C#uA#Z(t&uCQnqHCJvPKW?3C2_7=!IjgHWjmDz9k0?V1A2*yP27C7@R@y7iwh%
z=C<O(-i-=pRb~AUWJBG=1nt7GB_L3Y+l}$=>1~&sh(j~4i+7r_G#KGFIAhTeC@E4z
z=}2x#IV3wOL<7f+_|UDoXrr1*wC<lj{W$xeYIRchGtj#9wHGQ0(W3Y6aT}vI_K&G)
zkClh5)>`gP2U*lpeRbVe88t3y-XHHfco~ns@$Z66tKHfU6Q);Di^SpZ+(YJU9Pc+N
zfze>rT&j0mVAXiIo*Ul3cq(rr2%j(f9=AuPl&AbK7v5>K)PM0LDZW3jd+IROb8t>-
zZ#o^tN3fGu4X_G)-ZC*IS%)@IGZU4p0tB@nap;*1%1{n51##epC{k|1)ywP2L%J4P
zw124}Q=OTgYn%g3U&%uaEJ3G}?^#q#FG|j%kK_sV#8?LhxL~joE-nLi1bmAH;@q>l
z&kHXn$-#ps=3#CFs@I(j+Ri8erWt|hJr}$R_`hG7v8Ny!35u<@3+p$9&IyZc@pyD}
zquL?2N^04>7qgQ(R2R){VBlnNZ!r#W6LavY{gmW+(^sUiCBqznOSi16p5fl1eP=#o
zx<-E_d`rAZIGujg=e=wwheZRGv7hY_S#~@jaW`PcH`xhlKh1ffH4X4QE0Q9--Yn^@
zZwO&;CYTolG@@8q4w~@Q38TN5<2jzD^mu!8_j5bfvBvh`c+!YX@a497PHo1;rSlK9
zbPr_ZRMX3gZx%duO-Y*GZ@28u+YI!rcRgi&71=TD-9xFbt_<17tGx|z@InS50b@y+
zR}<=p+mcuLS6g#mwOS#C3F_+f$R~3||AOoZ9|fLbuwY_=Yv`~}w=vRSBf#(18mN;p
z>h<JESwh>BXLtFfSS>~br(1rSqNg$adon4m*N>R2gnachbD-j*Emf&FIY_)p2)fZB
zhS4I<&(7ZO)aD8H+u(bze=nbdfrY_J|7o?~=z{pm<|36Q0X|fbP!AJl5bgmU1_mbb
z_3J~xH~w~Hwc*0?dt`Q`I%aL7vDG9>F1f}mtjWuCC$)#fOZF+jnlURjYUNVW6j`Um
zOc??xQV3Wdq|J2zqrmm<H(j8L7dM`jh|>~MO1bmJA}yU97nHUNye!=Ddfd5_Bte-K
zfV>v5x(=^)nBav>b2b2Lin(QlD@VY_A7oj5i3{<y3Sn+sm1bD(OI7352P)OYDvmk8
zh9W8hAFKt#euZKM0udoPnG>L0!5i@oeD<Xn96yAR{@JO(_#Ce7F1Ks3&3O=a2N6$B
zYA=`D9)($Ieqt2&RCM)6Z|$9rEjwhNQnuJU!c0Bz`j@wcrZjkZ_8IM~;cSm91Da0<
z@u_x3HTfJDujLgxzxTnGuG%xdPC_wp3yvEp2(b!mF4JV%`|cycHnW-uBCT|@j+(0<
z_Q$sFUHSV2aPIHOv&Z#)LU=VH+Pn6)L~Uu6Blk4>q9-i&x}}017MP$Ej8|>dZ&B^!
z?pj(xIN<T;Q-A7ye1tNX$TeDr8d+WtqkPZDq9`Y|6WfWc+;>O1G%sxq&Ahn#AjoUQ
z9c^zE&`3Ilg)<m#Kp<QdQrQf^0`yFqv;O3C70g7XN+87m@A7dK{o7Pg-hz3rfatV@
zJEn81K!wM4MHYHLj^!3k;?b!bCzHC)P0srfcw8n~Ms8vD58E#<=rX@{^PJZuaJzK=
z11}<GTWuz<W!zl)jEsZOn7nyy@0rpF=~}(7iK&9LE01BGN75T)gfv_b=ahudUWUrW
zdR5X2K-Pj-r8?#B!aH27V-0$(el$zr=7@Dwo4lt^G6N!_lob#;RTjXC%F>ntbeLIV
zTd-hiMU9v_2x{ViSvZR@!h0e*5u$Ycu4kgu5d3^s9$)r0%@HPCh%!2BBwaKNLi0Mp
zr~xFHRk&U18-%DT`DTAaMjZDnCRf;1#2neB<ly}AcvMBiKc%oibf>Or?-fH!Zc8&N
za3zA!hqC@PssVp+^>I1sfs;gYX5zVfH@a4MOl(JQnJ4RJ^gfF`q7QfRWk3<w5fRh|
zYydm*vA0CD)N7pKT;X7?XMIhyPCgdNIC1IBej~bUAAmRnvtpL-I&-X#n+{nmY_eq?
zCvQ2MF89j->jDE^Be`ET&7#gPx-t#SIvycqjG=_zp|OMJ?LUzXT`9HgnQmUba1Oze
zW$P9uA@zvWtzhP;E}eC0yLQF2`~?^t;<J9Kr%$)C8butcm>Q<X6<Za^nsu!_cI4ZP
zqn`<vgqlVMP@)zbF0qw_rjXF?w^WWImes_LN7L)C3R#l&$8rPI0af^hK!EBb@*{ex
zYJ<h^)Bierog!b3Ps;J5?|sWeXXJKjd6k3OdtFPi)$B1{Yy3-enEkpSPkLNo<aOou
zsNBELk?)SEKNnVbnm^~3>R8n-qm8~gVS}32V&in#cIkrSjO*BaGS8z;KT6;e;0FIH
zz<+_JD{?(Bqe1hM<4FM{6qU#TE`hRcxZ+4miilJI5@lVHP)~@Ps)R(`a`2|J!8nqv
z?$Kcl2@_=y6A=dNnw#a+tUGL3-|x4GIrh!Y>%m29EYA)I$c&W)gk<85nIGDbKHMpQ
zS~lF6FMv2EbkQrop4*aDb~p!&ZMR}(Yt3zz>vJuCtY<&B)ArSHA0bLCKAFzzd1&qW
zYx*>FD#tCojQ_341B!hg^@Wh<X!w4o+TD1da_N}{EIAhV>k(KAwb_~9P<b>a*Hv6e
zHBbt_wT&kjyUJSGx2n4eNBIy!Ju%wfF$F0knSxcSXON<KbOO+lZ13b5F;GMBm#F@f
z4k-}WPWf7Wf+rZWAS@0st8j>ArG-B}H!W+GoBHg4j*q<m<>4OWt!Vc2gu^7Y)68bX
zlph3cU6Z{26?|Lfkj%=@ocPIiNCr--N7TPTw@*dhzam?BOAK9YnU-_8thC`H*m3OI
z`S$n_SG68DHl>}(LL(P-%j-0wY8C8^>re-%?j~dCqv{rx-}B~kANjF26Ps9jOJ3II
zKL>m`dpl}NYD=z699(gu54iGwsm49VOZ^lP^grb5)SW5r1U+yFT!E{&j?MOb9bQx~
z(=>8Io0;5B3q=w^R;Hj~g%sE4Y}%R2)sWTk#U0M+oy;W?%pBpR9FxT^Z#3|#qj5}3
z(sG=`K77dA=x3<OvgXJ_Zp{Nn#Fhq&vSHC&7_$IcT1b)H470JOyj!!(FtzHS3x;=4
z#Ds0yU#8*r`Z=oJ2M(K_klStFzu3H!FR`=8V=*>za<n;YW@}-U$(wld=9>GSk0q3q
z+EAUp&R<@qGhcIXJ;U-iJ}f1Pt;kzmUAX<xfws%)z45ioc?z3zFl)c9XY8#jnr2kd
zAgD#iJIY0ETWxKB%Kx0i)9Ny6`}=%qGfJ37e1=uUVwr@a)|si}?Vt5`YxiCIdvI#X
zevifJI8@4?Gls>;(USxwS~8+qYf^)1&+`oW>{lo!ds)UkQ4EgMec3U;=JoGseZfrm
zrKp$t2T<v!z8f?20A{3Wq(jsS2_P#au$bdv`w^o8_N;okI6NNP0Hfv7o$R6cF1=lx
z`?2R4KapBp_oMK${yg?QMb08Dw!A)EYVqEFIHxL)DvzQL2mGWK@5{^QZ9jQxg<Dz%
z-LJusYR)h`vGB7Pk6w0a>5YN2V<V2q6vyBVy59HfBld;ykaK2$<jmM+bRe>n1KRVD
zU4Wvwmyf=AKF9)UfXzRffbO-?@7Ll&=jDVds-&+%?GR|r(A0_DfaqhmtXM=2?ciy)
z<q*Zz1=@vAVkz1&T+mZQ${7}$Fb<s`tVZ}FL5^t*#L`IA5*T3#0Mn8E(lpq|?(Czt
zh1MWV^hva=sFQLNpuq<2Xd@S-LnF|^MjFu~ODE8QwA^b7jtwmWYf#(r+~e%U+K_2d
zHAo3?@!r3MU@2izeFZw+*6I3K0S>^VCU!UtZx#jhTx2m}uI*<rgQi6W9V=65o5?^3
zkRHy@P3n45mp{8oii-oPq*8o!vY0AsY0VBn7<@C5JCu!&fGLqFTztW2p008lv=&tD
zNCx}S#kFCEdaS=%Tb!=F?_K86)lhprx$tbS_TjSiBnNXw&o1UP^FLSxJkVFKhfm8D
zncE;{>ZhpRB6)`zm3|Z7h72bF)iJLqUlW$(UgGWFwikJT%B5krqU(zY-L834%fECE
zzPQFqE<U6slcWPZ2iC0*ozBe`b&Ou%)$lGqtZoX!JX3%Y9!*0R)mNcRF1a>Zsy*ix
zb>ig8F}!7IPLs@om9g@R29X-lH0>l=Ze{2k6`1<Pi`8&zFV5QqOQAc6W~#d8FTrub
zI2Rn77t@3}N8sC^dC&n(i)fh8Q#tH6P#lCCGc}xQGF^n6q{_Bi%+IsR%5Snwe#|f0
z?^X3tb{cAL)$c#I8Jryd_E#MFXzKu8Q?p5D`Fs`mC>d6UYc(e_&|~)-l02ZpXA#@y
zdd|8hX|ee2UlmzC#n0)I*oD=7MZjektxi>AUw30G^!Js$I4(Ud86TrUfa(`?i|v)|
zwpNE$Nl7+EJ4oKl(Y*_?s0<)EiX(Qr%e>a)HEJ!`N)V`PN$ib-GgNw5;^v;bW&@17
z#V9gNULQC0I!qR`MOBvZ=&yWiJU=9!1|i~^H67E7osE&g>x9R0eM$;QdG99wOQBi?
zs8;Ie?b_KwMRb~KM6R*C=mvW%=fen)7>hzm-Y_6I<k6-%22|dJ`kBAd*s!|>K{p0g
z_E!M+Ti25_lSl4=a)y@~lqSdcLGn9Kf8Dk>y*Jp9GTqOyyRqc^+4sfSbhcEv&Boh~
zXO7!;YDyaS3<OS%1<GR`=M0Ow5mrAPcYe86PN2S4dJA{QY-8%yPOMNj(=-QYRoQpI
zK}n}I_18uPytr0=ETk9rFlpBy;>0Eg*1K{5hIm%UIY$oOd`AvKBNX>o51@$g)vZXz
z2*1UY3OZvJv;(5>$}~Q+?yPNZ_BgKJbk%uO-V1BLyyB(^lc}ib@t-&HZU$7ZRvnLj
zuQ@#*Tm6l6TvMA-`w?~c_1SD}TgYJ#j}hyCX9wm|na9k@ANKoG?&fsh&>gh~=^v4V
z(h{VPDFp<I1k@RgAz%g&qQF>{WCF%QQim|Q3;-g{5<l+aX#hi{$~~T)e}~j??3P_n
z!M#APMs@|)V8D?m&CEO22NPx7KxjFAVLNs+PbNEoPiNA9nYVsG)aZfN=mFKF&Egb+
zY0fx-3aQhe>Y?=^tRXqXNQfYobP))?TfKP3W2rIiN+js3Q>uhJTD%{9*L=#JK_<v?
z?Ln2Uf6w>2$cUTiF_kzG+iWbDapUJF_kguu6WHrvkZ9XnXLn{d4BG75ob&D@J>u;o
z#{YhQiC;K@LFIz_3>g^2aR_Hhz@?Q{Fl}gSg8pa&d0u}yw==K%n|Dg?f}J!RM%jkh
zF;J;(8Gsnwqp{^NE{Qp<p>{n;H(~R0iEdxHf(2|t$OP`UJJF28hW(J}x|FNB0WYSQ
zZc}bbwNW(d&X6l}(|^mjHEDbjj`{TY&ZE`bT1hHt1I!o+YQs7Ff$#4Cqo*fyj||v`
zg7CH^Yl5IkLuo9T*e_ovHlIEUKA(L6e)<A7yjom2)ztaEK1$2d!;uu=b8nDWyMxMq
z-$?VA%+J#A)OP#sW%y;DOgafCf#>J_QbW;r`DjrjXvm&KkfhVk*%+ucjc1LL15pHV
zb~H@)n_=ow!}JJU&S$lnw60MhMybpih%;p^ECzo^$f0lC_551`!*L>`Y??BtlyN5c
z^l$-hw3i}T1&H;Dt=mQ5u-Ao#o+#Kp%d`H9<d%PLGXH&|>1am&$aw|oei6#YcuE!p
z@0voIgoBDP2Sm+gx!Fsy4^tapbrkEQO}8>Rbu8y#O)Y-%i9v#Nj3HJIiz_}!NEK&M
z1}7XV%HGJ^1?D7IO3k{o*kGOkTvKw{g^unB?pqt;Y7Mad6+4f{uMZ-M$DPwS$rx-P
zs3F-%GLcOp#q`4b9v$4@1sY&hjz}DYNc;y0gO-Vyu@I<bz%(F~P!tg~!G>Jf)lpa^
z9HvYk63Q{)PRDS6UGEexKmNW9^b@oZ-2ZBshdU79IC3YmpdN`xHr%u21xvUtL*toO
zNqsJnfzIw4<-oZzN3Izj#}35MTU&Fe_JqC3=7LaFeUN|1cPe+Ue_IN7N5#WLsSso)
zOayR8zBfc;!djnAB5q<M9e7eJ`UA=-os*vV^AHdw1Gp7Vu9<~Z(|uQ2@7j@y)!Xab
zYRE**a#d*x8huG;C=}HUw)yae&Wiwd!}|=wQl0Tv<GxH!4x1XRRF)zKZ%BC7sl*;c
zDE~kMU_1-j&W=a&Vy0UryMOytcS`m7$LA}z<Ock)KF0W{AROORk3Yxa3<Mhl3Mq}b
zJxQas0>R{P^NH70pZf0%6v82HW`c&BzaBW-ZrNUYo3r>8IKT#A(_?_eNPPtqGBVMW
zFwmReL>uvqZzM<ddA*WRnHj6@R8`=~gCXEBpDJ&1U{!LdIwVm`CEA=)k!$t8h~&wc
zS1aaeJm@k;`ABV&o+ZE!ndfI3-H^M))=B#4dPx0*VjIPajqW7xSl>$?YO1GFj>p}S
zyw<u(ypC8!FzRGTn^w=}VP4so@=(DNxLo6Zk;fsAN*<UD(5I~?7Q<&HzfG{R1;|z1
zCX#qb#6L<3nO0JxLy$^mQ$d(?%hEQba)hrESW1TIR_m?<XcQVmk)wJB6vl+gAxDlW
zj7CE+AyK+oRZ<!*0Ivm0b3MdynG2TlF0Gux*+DiHlBAT7zlIb2F@Xsn2^eLdk`9NG
zA%!%oh22<hXpOoG<rMJL0x~pI)?|1Qi;;6Q2_&RJYjC$`j2;vutu8Old0@*XK!hm|
zhba%9aI7$ZiJL2rUXTwWPMfXzu2lmE_B4|=lXjV{3!(-9eTzU#)>WvkkYnBu?G+q>
zw~qn(9aV9_oy@@cmQ@``s)z)^0i+KsAxpe`3*d|RN4=ju1NZpkSZ|6y;OyG0_p2kd
z=kF#F7J%|!!8?(P?U8SzRgzG2;AnZ{9D)`9&hR_bl=|ik7PiQIahVK)KnNtv1cZPD
ze_a9U&=Ou#i?}tWFJ7x*qZCAjWUvwq15@f6sI_VwB?--yD5c{9w3!XD7%3@}v{T?$
zqMwfvl6f#)3IL~cqEZyTv69MCBVO~pKmki^xi5#Ugg+Ex_Q+U)50Yrikqjw~1IujX
zQm0x4f>sJtmC<J)Z{j{hyM1&Tr4dYMjmZ^YlSxy%GS9$G9piOGUZhMqC1R3{UW2Z8
z{2Ga^X={|t<e$PsSEWDHiN7h@vKJ3RRh3dn3_KAxQ571e<B50^jajs-*IPIZ#s)-5
z0(Z%y<tfM<3g{`(#SnzsBcoAC*dZZ@#`X6U_c-@(9izQv<)HWxN#&qI3<h}&I&OIO
zD%diTPT%tBC|HP~A%BJHk9y*e9W?y;D0Tt|$mhP_n`xPpJ^@$!+lfe1l%$WjrU=1n
z5v?&=gS=Ap*XF0?dX_o*hr>6IMXhrB-}DoWiCP4;a%r1q4z>0)uhjR{_cSn-0Z0i5
z&ul@r*=tCs+N(^IQ#yw27gtPTjkF<)t`UedQ|z^=wWcPmCU&#?y$j_v60JBpu~j%z
zp9<FF=c@_Lhc4)mIFlgu61BTi7$ATi(2sT!cZ<bNNp38Nt{imJ7%cGAPt&(Z9e0G@
zQEg*9mglS}`<Xh|i<iGA?@zeo__%ufUS@@H9!0O^uk9Yl?byt|Ov)9DuT3WuxaF5V
zXzl*<2DOU)PVZaqpOZ&8xzo6N;R}lSYt|IS%72$)MXvo`P`5WP=4HOyt+#v|l4m*>
zTiSOuj3-z1x}h-`>~omlELpG!W?Q2D-XOk+TXj0jH(39QO?v)KA#dAZyE!LB&FTQ&
z9y{4cYngF&=i)ceW6ko?Ug$FjCDS_a1kM9KI2R1reWTUR?4h}%@LcSf>zW&#SwMd~
z4o#bow)yjTbcIToFp~-uNa)tejYQEt-3AcRMzBdS2@pO7KRuIyuS;2NUkyPAYlncR
zvdoo>`sAtijCadLC47L(9FlPd#DYJG=ndKlr4zU6ZKunVdyR@Pl%$S^(Rb_WIGn5Q
zqw5x-5V?jcIUg&I>3U2o89D3-?4Z=v1HsL_=v+FdWQ@X!K1F9qyRQ8^EJ_YFp>XrX
z6m?@syXBY3>BC^H?RP9%{@)0>`e?<ev)JHm3n1HhS7=lefdjPq#ItqXfE988#RKoO
zzDS(iS=5Jf&4V&ID-#;svm?*#S<fMXp;o&o*L%==xy{J1ea-Ij!dV^#6&LTBT>kG@
zk0MK<g>rEC=+oO?ZmLb)pzBfQ8|UtIYex1D*QuD1{+(^xT<#r6f%}IT9xbs1u^RJw
zAp>Kg(`pB`6rXaRYzFC!lKGaqskxrkqQuFl?hE7|M|!QAnq|81&O`f+P1m;VKg)l7
zJ3du6yg!9CGRUW(H&c7GHSyFlr=)e;iq~z5tlQR8SMgdu*GJX{GtZY<mTEm&^4j`K
zx*VFknzGurC~yh{z$Col&5M$B9E#8Mv3yY??T$BIgg*>&kJ6@M_wAcmqzVydhTW&T
zRt=lmS(vqqDr)q!nWg!HtZh5Zmxdix^<e<cO|~b!>t|36Jmbw5_g+A+=UNU+`+PRv
z&Z(!M%`TbzT#TnrtIAZqZx1w<9)<7R@($q^`+Qaw@{AvK-?CrPwePi!ik*m=iTpnN
z4Uko0*CmIP^cucF9?%bl#QHvCpDubr>d>14rEgxe`QrE)Q?fMOq50*zN^a6UNh;YU
zjI53Bu!@)$EvC;BGC~%jPE6^ibg>n4mX8y%H%Ve*DgyK!jkm{6sXgjM)>6AuPjfun
z#J;niPbl)@qnbauKg?57qnF2B*7Lgq<}}t9PrYpfx1nrIw$VJQo@8>NVLW1H4vGLd
z^F8i^yUVK^R@s;BKnBONK3>Sa$@p*a36vEf9)h5zO(4QLyD(WmltUO<Fy!V*+rc)Y
zS9Yh`VetovzPPPGs+`f9wxUSBpDFR5FzNK>)yRJv4dC@NduGW!aDDU;^ZEx|;Tsn#
zZk6A1$N#)cnO03~9@%n}1;{+K5eu>r$Y<_y`ydPonicA$u6VP=$vzs%nUiNPb=*2C
z9s+pb1kcNI<Wsn87t>U<7uAV1`ei11*leg1%~WghK~+=^w`Eop+Y91XMJk6X0Jve6
z!1tC#T8C!$#>v~&!e#n&)hoj_cA||d^wYHh?5FM;&>GHcmKbp0?6g{+0)5np@88?q
z*0;|yhU`y}$BHY1A#QNAlvgnu+g*>_D4uH{%RGVnGoJdd9|_|Hgl2KQMkjp??`{iU
zudU0DHln&Jjrqpwu;6O6Zx>wAl)aIHS{H4{RVNs8NEOMnM_9#cN>$BbNbZvfK&ga4
zNThl6V|1md2v@da-3TKk=8Q)~V_X<oz!|cd<5+`<{;RLvroY5ucLeo+RW4Nhw#Vdg
znT?2UEpNpE?tG9o<GMjVwtwPt0(n1QYdWC|Qso8d<iXcO6`+pU4y2F>gcB0!)b7?s
z8j&=5Y<c4v^_(%<u6g6TCeNjRW$rGlpb`_Iu$QbvTHY=?u03iD!#X8vUn^KffDDro
z&Jqq2vW5t<!-h)+g9A+mKm{52K5ukWAMAH@(Ln@<iC8hTsTXs`jyRqhZ;TAHFWA@g
z87*8Uprh%zKZVA}(K?(4yFaW7>LK4`@VSJR+3&W<{dBfDI2;|J;SzSED-m#v4gI=Z
zZG~o3FTPiqrusvRfqRj}LxMLTKF0WjF{+4ejMoNNM~c1rxJjmH96y*AzBpxpc4A2A
z-|fwgau8Pd=hcBB5{A$qdXu5uqHSFhTYr6=HFS_T!E=#-t^?SZ$uIyBa2+ZNy{YB`
z{lX#DWTU}wEGk3w82Xr_-Kf9HD<6yl1iU^FLI;&%7y~>wN)^<9C{vD|mGlD_{o*rL
zy5>{QdQG_Np&7Lc9A<TH_n1Y4th!_Z!M&oKGVw_+V%`Jmd6Yc}=zQUo{;I!Yr{UAL
zw!|G30ZCP{53vl!EKu^sphVjsAU+Z>7`U&)1^xG==<T!ssQNKEY(#A&$ZnzQ5yF(i
zFFZESrX*_&I-qvPZY&YJ3T&$QV7tSl^SF8WyEv+6u;<i|&^O9A2%b^m^R`oINzd3%
z*5~Yx<~O3QC@;nBqTX>S-c_Dj5xA<j26%_K@wjqB(@){wY%yi70kny(d?XV72j~T|
z+wIhs$hIszi^ADLPEa!hH1*3cMZ?VK9s#LbP?x?c1|9ZZmCoq!a{6AClkJg$mM=sg
zV?3iNl#N=7#u4bj^%NbViiW5vQ|(bVNMfQOO;khUkpvOl6cE~AB&i1wQm7n#ARmLS
z+LmJmU-^!+6a~Iq#!C!3LPQ+-E_;L+7~5+o4{oktz&WyCwIM{GgU3p5Et>Ftv6T;|
zi03$PeHip<VixqHj&NE`xqv;*3gztpRCLfx?v<}3bgwv7`HDAr4hbD|-di7&A2{u^
z1Kxgk4G=%s_mlOrTEX3(TYmz?&)nLn@8x!x3JwyZR0B>iea_Uq`7?$A+s+p`>A`LR
zS&d1kU6sLd1`u!2-{VAh&}{e4yR-zX99tj}cTvB=XO1K6;9pV<Ky;h!@O$;0Wj6i`
zXKw)<$<8ETntALoGcz+Yvpr^}F*7qWjG38n%*;GyW@c)$J!U@pz5Vw#?l$f&E~2ZI
zl2XbnrJ^IMTGB_V@N-6Gz|RMy<G=~bfl)Y*nS6H53<u2|2XjlK!z~-8qV&X=Xrn94
z-@47j3Fpt6JCgjLs7EQD;u~qE1k9BuBuuAw_AG2a+YW*w1kJ8%mNqJPi<nL+g5@*?
z6)IqZ822kL)HDl#&W;<B(jXLY!B4U6Zxq}8vA|`0C^ZD8lr-EHTzQq@LC&>s%CKo6
zp+8y-KnO^@5XDnLqDfn_{=i*v1c3;kPJKf(m0os8gC$|51ZUoC>`M;lU+rP(_pEBr
zrkcL}`*hU)hZ&5kKBXoZX!fP6yRJ${h<p#p5FkR4*)SeOp<`t2tc>9XwdGf`o$<Kh
z#<&$BiWH4P1`c}S&-;0<Zh=tV0`;wcL(nvdwzLV1<FL>Up8<lqLTp_)ofEl1UPz+J
z>nel+sd<tbwdn|DZ?;B#AyL$11L>%Nx<Knr*w9$)B%{^TO%5|?P2U;!%fb^NX1WXh
zhRel(3IyJ8`p5OJFfdLO{TI^84V7oLQX`JX2soa;fhxx8we}RvbzvpFdfw%+A1FyX
zXoex*QR-W)Z0*#|Bo?Ow_)qjW3U&Qgds>zodTy6zmjnGn1GEBOgl)mL;L3Qa-8;N`
zu#ei^u|OS16zhVw`nxB~>B(b`Nw~W!N($7+*pYbSpTu+twLw-!GX72-CA?}{s{JgR
z$UaMnI=&cbI?JhBIXnBQ9S!%nVSP3=EbgE*9D@*-?p>d0R?cRnALch1x{^RIFLlV8
zDjaJ>UWh?UQf4+|ZH96w>*4PV<#^b5oq^v5H)IR?-bmybz?~0DjY^xeOe3M)S34eC
zBwMn4gXk1FE8Ui=SXN!h(Zwt*73<K_p8fiMS7$+CngPkYITD6Grjl$n=4Sv!xu-JW
z7onArnJ1;cl1lk;(M0-bwa4a4MMdH1R@b^tm!V7jEuCFq2d>xpAV1nGKi6)U^h4gc
zRc65~CQI|MCOvL<rmUW({_uaQ%!eJ1ElJPj;<&Gc^z{|(mvt_<Ug+$asK((3MD!lC
z3BAwm&4gmBoiVRnb{<7kjQXi-wL3lqy`0p+^l1=7KCtrJB|q&gcn>8HP~DV(jHCc#
z;WhER(cC`z?8{`adQhn(<&6pd;Y`M-j=77zV>fxDxI(qktE?_3Vo9x>JJAjlMu5d8
z(P;DshzVi@Wo2#`8}2BgaL0QiGIDT39sxF>kn5ZGZ2Try!Y<OGjFt+IHxzk03hJNB
z5j~_$gq<N96KJ|o*uUY}Qp`P?|7E#k`533EDnn$|payeVQt{vxU*7`}KIyX>V!~;$
zJSs0<Y4zQO?@z<w>OQ_8ohzX`fOpFFSmrT*H_B$>&suJYL*doo_ndR|%yG+H1vbpR
zWbJ_lzBM)6ck?W$pW*K3o8z2opXTSUiLOx6The>*&Bwp??e``2*?S&zOm@9<xx0sR
zguhvQ#$HJKJw2pxTzSjv*xGt;ysr2X(Zf7hx%oEPsXJmq$dcHg0TIh>PQ7F%NkCp^
z{OWTKWD*C*;>d+!B%op>z^mK^Vdnv)Ob^@K#|J#8h$BdfC2JPv!5|$-NVp3RHuUge
z{Gd5^6%EGm?4(d}EJD;t^v!-%-t2g_d9hI~=ZOAH+t4%Jw_Zn!-*IR66sy?1hTHym
z!*;yez;>uyFaB~=EXqfJtv3qUmg?!eoFhboW;>u#IU*8bRd#aQBx+`3Wte?5YLZ2B
z5tL<8YW6I15ob13^0zn7NDqTaEY~<QMU7zmI+`|01Xh1B6dN~O@Y$)!+|N{^0UPn&
z1r%;X##r92XCVZw$wEX!4W?rahA~fw3Nz-Xw7)W@ShQYBh9rt{$GP<#<40lJzw-Lz
z*rx8b7!7jVC%v4HbU3DuX)qh~|Ni}q63rS%E#gq`uZEqTei43t&oxwbzPI@<ayAXm
z;x3atKUDV7zV6K!r|ksIB8$M=(k4~kkTt4qiq6tTNYR<7(Acpj%~rl6Ol$gX_Q#Od
zVh<6%-`S`>^9?kf$wNTUJB(J*g&Q|@N4yAowbQXmh68N)fA;x=8`m<wHJM=7K4mGt
zoqY?6Z&^3Dwit#lVQ1fWmL3YfI9|>%9tgqxb8O;)Cl_iW@4)3h-mX4yT(Uo@28Pm0
zn#~d><v@0@o>)&AI#DYwB3w`Izl~|0+G3O<49U?RvSy3YX89@>jY~%m@TRP))ny@D
zasbDjhxnsEy)8g$GP1Pzda~+w2{T0M9Vi%krb@#Mw>OK$8tF)i#>#sf)|iMTk07a8
z!ktG3uyWl@$|~U08sa-OufMf5E=UT_c%Q@A7>K!l>o_4=g#8~8nw+tu`v~uS)3eLF
z&&N93hw(ob2;4OZmn^C6WC*F>O%J0wf45=nQA^`_|D5`K{6#}L#6Ii|E)Us0MW?~z
zxH6$)f9(O%v&RqMowrH6`)QAez1SZu*0eAcem3T_d(9QLcI>>Y?NYd=jdA>kHrxeV
zUQrQ70U$8U<FeezaWJ5p{z>v`E!m#w7^9UwVEx&-Ou+OrPj@$UpCH<094mbSmH0x^
ztp4FUFD+OqP{I)Q)x?^-Niq8enLy#}jpb2Bj{<zAfR8>h*Bw|M1f7a;8ncQrLhEQ{
zS^!gyz9cxp1}Cn)$QyP!+d9|f;d0N|vx?W1zq<o5wxxQTk@CBx$HH*i)YPS6h-Qav
zv{42vY(7{FLseQvCrt*2inYsBk*1|QTVw&rXyUGe;v|L}0p_qw1A7}b?4S!atgv&|
zTg6_**oqqU!#ynxebpR<`zZ`0YK|he_useNdQ=sq2xVHEn`fR4)`cVEx2HtVdvzRr
z;Elr?fjVi0IeP<zbl`mO;}%n<38;8-Bg%J498`|hdyXh82UjV(0pdqcF9mi|v|FV-
zVsMb&?UU>l@~~VNVX=cJMAO{cfLqS2IDU`NP4|3h4d?913KpkhUnAB@k0&_{9N4aI
znbui>%8SSd%i8^9?_y7r-dmeFBxY&1-v?fqOG`x$)NYoB6yP=0M7wrt5-e~beFJME
zM|<x-U3QkSsbRHO^M%FHbOW!)x@`ygjO+EZt>16xk1lPpeLntTDqU7ZJ>2h$bnq6a
z@!!8@FW?)3L;BtfKaJ^eF_e3Jys<ev)W`5&mzS{f!~gO4ZuKe_d#c+oC$Vf#SCtQ1
zhR_3w<J-q?Ai3S4&4+oJy0hKG;M$5ShrUO)EEk^sIUF?Yyr28{B5;sNi8FK7>2^>s
zjs;Km<Jsx?TL-&W<V{}WpGF>h&crWLmkh&cOWRih<=tyO_mxN@cNxnO)o*|+nliOE
zki%~3i=*-a#3ra~x#~GHu%I~qfc}uvJc%xmd|m$=n83bhnnB)A{IamAZj%jGzda@^
zY(lTM@dR|->MS&niz?0C9ViFdgbyO-wYdsRnA`diC-T6<v5zHe5i3zXPlg*0FTEwL
zT{TZbo6IH*Jah#D@-Zprx<8i%4`%_A5q9L}pA-(nHP`o(gntC$k4(4Ev3S%#cDL0W
z&|zi*U={EAhleLcJ9_=$lVkt#a;rR|B(Hh&AFT>Bk7+8y7PT;F13h|!>fy#`29B)Z
zy+tRLl=n{2iqM=w!#AIi=nckv$5hy=Vi$&c^8+qB-Ja7sT!N)MsI*4Vbn}%z{yXHa
z#1)d~<1(sBY6-__{(q%cWwp-jTWB5GbXQo1obln6E7}{)94@mjN_iEIWn4`rS{*N~
zI#+G@2OPjh+EejMm34rJGmOqlp3t+7p1e{HYZf)5g8eTf{bw-I@l%Sg*A7w+*o$2E
z<&E7@+}uQvUlnQj<vOB{?xpl<aL?TDA+xawBfpni!>)L)3@t~k7rYkq7361*aXo=$
zY)3p2<w?-YoGf$6b=4GzBx7W&a3q%ug&+GMro|Zte=aP?5UdiZ7)7mNP$8CrYbKIm
z=K`NkUt_KcY}69rpWB6$w7)i3zHMW@Yi@T5oUZC@Rf;fTtDD7yW+|cU{3x<i8-T&-
z5xxeyLG+4w>U!$mSogm%y|O;U%~IQ&QcInhYn_0lz%@RfV{B81bohp2ez4jiyl!yu
za(kFLux>)JJv)Tii#AjW8?{aT4vEG5NG)$jUyp8zDD>(PdvCw)%6|gUZ4=<?@1nxn
zp(e{D$#^U;1{v48tN)Q(ie)0z78Re~-srM6e@^LBUL(5Ef2pw6hI`@Ck@3x$`gjqD
zUH9T%l)Wnhaa?LqplhLR1R7Bl%0$VzMG1{4S=9)9V<#-MuI{Hjrut~rP$s;gkZ3*V
z78u;DoW(a!29&YMfVzx2J4dw7bOXFrJySED8!<v_FiBb1umHV*8(w8k%ol3m``^8h
zmYEX0I+AzY*IyilF-L=1dvFn<dqvmEnNg51ADSBnI3{F=b6mO4aLbIj7E^xxx^KTE
z>d4AwPpx#?ZI4Jw+XkT3{s_PE<s7^{btH#H=zUk{mM9lZ)o?ajU7cMeuWq{=5sKAV
zxsLNTy=9O;oWDKcFKBm<kK(;L127tj$+uZdKTnD=9jo#F4z19%L{fZN4%%HM#paqS
zaUHCQVldHd7`cL_%drgL5H?!VfGa3MK!RN9p5fd?T7mB^zW$x>2Q6ne{);9q$}S>X
z^p&1SOZDgPs9CkSdDwWZfs#_VRuKoS#Ak$^ER#sOQ(lMg(xxylkW6b9`NNnBEDvcA
zFoNcj{$lY{N6E<>B~Nym74yTo+NgHONp%PAq$RZgop*{`Wl(yXEXI9HFU8lHyMj>f
zK(7fzQ$JXVLIwO&tW)dTYU0zUyIrnEo#)ioxEGmcb>5Mz{qDuv%3bb#gxAYIODY$t
z_Tb$jMmT6NsQ9FD8K~<jLN%N$+#*6vP;GzCrMRojO$(*VrJ3){w||Y_)~Eh<THlxA
znhPxjKzFP6iax)LCS_rN_$M4{ZSk7Dw;+WsZMy9d$E>^UX~w(KAF8F>dVL_=xJoNd
zy`H3*ve|kaVy<qf9NwLA0jlABmI}mTHmeBfc4e4UG?S<?vHrj<gtS2f`@l%fyI%es
znuOvH7TM1E_2yKa4{*^+$+-ZS)UOz}*>LKQc6*-mb5}6GkiYk<H9OHY8kSc3#C?dm
zrg~D$GMm!x&V#=cEtNCqz4ukTrKTP|#OUcD2%mNOuClt)cDg(}V628v9_Eb8-9)-q
zxX2u_kH70o@pf6BCS(A`j(z`0RoTUFi1JCbG3qa9F<-C5QQF0^%`nI~H!=>d3Qt(D
zkRoNZ=#=_gcen%~gYvTtxpE+kcPdj(r>#}At949Bka3`Mv2n$7sguJU03@>9=ESOY
zq)ke4Tiox_%(Lp)15cWk>Nbp9=7Qz6|E7_RKvP~i#8z2SH8^jiKix3PQjk+3vNpSc
z??@x^*me#~#~#wztiDVlwX)i94y5t{%=l(JApi_1w>3if(BjmhggXLbBJ6Ye(RD7h
zFLlv<3nh@&8*O&I6xM7#iT@hkR=AMGToy;o6kEhloMvj>+?NY|l*aK>u<_bTS*1Cq
zd75u-JSiGmG3b@U&7GV##sRwv>H6@fmZ^#W+J1_5^^9c-M?5yRq^G2yqyD{#+|5{U
zzj(@CYunIlSg$VxC`=KHw%@pjH>!55x>oxN&(w=r4|LG)vJ%Y{E)9>$9(r7(Z;vMa
ziVF!?059yhG9`x%7+4%+h;92e(9(dBg0i=pDM7hRaKI736wleIr&lF;O4>$F8JoH!
zC+UM%SjkG95=XGe2}Kpk{ljFiHDHq6kUsk0E@ECxY)@<pg=fwcVr*G_S)U{ZrHv&C
z1%kXbwUSmDD}Y1&6sZS2p!-(Dk&C4<2%vbuJ)aQPP_oBkS;n1n7;`x~A%6raNNpQL
zV4oG@d9ZL;xr8_ANqbqq!xvv-L4z%VsRy2<<+$B-!OF3>tohUtaO>p22H*>tJ6*D3
zwizg42&}QGG^tmWO+mN#X$2=vll>?AC-iy1lApNem^TE^l4*~yx0tB$thlMRx0oP%
zOONAum$s!t!d(<J7D4B^;QDtNaLMAE#ek-}yd$)9O#pNV=do2fMj9$$+@I=^rRV|k
zsAQ9gWI)4^J_vStr@d1%=|r{M%%MbTsiAu#PdRVgWM&Z7v=&fy?M9Q0Kb7g(Ze*XH
z?Nf|qND0qn+i@Q<3es#^`t<roG{@)ZSUmVJCR%dOmg<}7z!i1Wp1iMb1#${W6^>G>
z3etTGu5(J%M$O-%7qz<%D}gHZ^u3XEwhEi$K>P+^^n>CqG6cJrKsmQ10Gil#{OHD+
zw^hGYlnddupwHl`AYaK?l(*dOppO`mk>H(@!&;neef7i;i?Gx1&|}Zt=5epG(S;D+
zv!1aHqt$Psq+wF1jxEW>9lb@0TV}=_$H<bw&XLZI36^%P4a@b=jgoa7hf^Dm^%Q5w
zfEzYfOk`*4Bm(kh&7+j{GGQnG7cUQQEq-hF3*1EyFlAl?%vGI_Z{UF$7fog-d(5yy
z(PpCVqW*z29EE@Ccl%$L*6jxZs6^Xt<Zz4(hbCrRN$Z4i(2`<s)^8ABH?I+LnACv0
zFF+}oBclAhYi6#Z9A#W94lu$It`-Vc6~s?)$iwyBo#0ikiB|Sp#*i)@hIsHqzzZiV
zHK31=e|_{z#r}ak^beB{SAV^X*3lez&2XMh%pUwT08ngwNl|e$5y=T;u3mEihu_!L
zU^bFNgtx+SoLE>}jGrj}c%1LLYtHTo?NJHvq0)zx_4A?PFmh|@)0b4tMbFk1@c@S0
z1JH%hlGEaxC3qzc@DzmQS5R$-BatH~1~}lIRCVN)_N<k_*}8C063f{a_$m5DB$AvI
z&<HD<M5zv@TkuN9c}b!XL*GagpE@|XQ+FO(aG;XZN6<(H>Eq2RqGlnoy=nwYijFnP
zRoA3Xq0b*+wQjC5s9R9blqoJ_HDwzwgBGH|HK_JisS@B6mrUCWcz>%w&E1xI40Toi
zz$MeC&C-0jb=N%|2MQrmugJ<hI-JXBJEkg)q2q7q0bVhU9=v9Md34KoXNyi1=$!06
z!#q3R%-SzBr}F2Y#y0!CI~A2Jpn-WUg2q7^)Ik#JY$w=DdoT>I(wMwhAcd+lfM5`E
zb((h9!Afm2PTPeeQCdSYBo#6Kn-ImQGgAv@7*8cCUx;neIR)mRWffV)Aw{wg;NZZ?
zE`mWdA$qgiy3S*s&7-Chl3YL5axm-Qp5_6EYsi1dmmEEUU%r)ZyMnw9eXR8q^o;x*
z&fA}bIw`?FVmg2E(G^W+yg0*)q$6I^T7~MUn_u8E6Y*3ucF@l}cA$n~?9}@Dp$T#{
zC%x?uUO6ZR;A&ac>$~0RyV{2+6kzxsXx-k=k=xmX4>>mop#w5i;a7s*lkv{4+S88K
zs)ZCbdb$yjry|HcbukYpj;$xCKou?`EfG*>J`OA4PC`lN-Xv{fZhx(`MxjH0>qiXf
zjWWS@>8M3mbL|M^J#;+ee>jIQf+IX<$$UxVS>lAK$ph(T)p~8(R9B(s7>U2@^LfR5
zSLZ0Q&;M@p=0&I%?(s|5j<^eSi)xrL^OGdRCq#=!R-rce*A%?WFA7@JA^w~g!AN|#
z+i-w-f5xhSC%98EI~08sq24kW^zYD_>0fsZLv`SFS9)xdU;7SCVpYbZ2-vYN!^Hci
z`;}*W_q0!N)X>vwI&%C6e+$}q_^|NVd43azYiQ^n4-1kINfu^w#9W>)@}|{ABjT{1
zZN8Eq6US$K58p#2b$m$-FrU5ZwI&VWU>CyC=_K!<kc8P?9r?!n<PbiIOR+oeVV&Tj
zZO9UWmf#SK#w}k|0ys|R`&Inj*G;?VpU`s!D=sfZhr^p!J{O)`<^AngdFeI3n#yri
z1RgZj9C9uJZqXdM?X<hd7``~g!77TnxZwBhz#*vHx^(rP!J$V--@3=G5)x_T6Xqm)
z(d5JR4@dk1w+znsP9(8~;Dq+9U>uj3suvYc#aoN}LIHZ7PCH!+;^P8+?|7W4`t+ZB
z&H>syr$jWlVRCltfxyer&4CyVmZYEOaNj3-r1QdMJ=W6{s?Vk)IGG%f@H!2tqZ&Sf
zjtngN#I+D2Qj0U>aenU17E`S@GGWhoX^ae!Eo4VkFi+*PfSXTe*5>yPkTXasY=v@t
zt490v3oL_`IU_Di*4dhi0>GD>>srUf6&o-km9^RnSmx5o<Rp7+G?>F-rQ1OD`!%Q6
zuaGJjGRRGs!^xCjLex7ba<gl1`7{xNe5irLss=}c!C_<HKaA)PjJl+a3lvfp=bKIb
zl2LV>a`Y(E-Wqpt!xht9%O1!5J&?$A_T%Dr77a_`t!DR~Zy6Ky=TgEVpX5$V+m~%n
zjAoBp>b$5{#Ncg4ylnLRPAXzuJ(Tf~2;EMqF?T|wUn!oQLTd}2mlhZuS4Ro3knHP?
z4<}C1u<D%g3%u9c{ZrMNcdz{jWNqmDS5UHifBo)0&^RB?%heKjIY)Hg0x`Z<erUh!
z>y=l2NW9AlZ*}s2cy%d>|LiJauDOGaAS2N>i538LzP*{^r=M0Re(e*t+-DXoq(W}W
zb2-Fi$>_x7B%Fs?DUI_4mF*#)QL($^f&xvmN*v&e85DTaBJ^ecgAn&ynS34}c1IHG
z;CqO0m|!ZDfi_uWz%;(k4O)=(RixxCr|PR3i?kd1U7#x=lqI1|$Q1)S8ZXGh;<X9@
zOB4RG4Lut%_!fe~H*+fl&+pcwWlQ2zlkx3Modxa!UHF;M#)^t`Jrs;WIQAmQfxhEI
zaMdKt@ajEdB|`}}mM*{)A^2sC01xyUAmjO_`dod>uBvB_uQtsxZHk!4540l%RZbuS
z_B_3n(s$`V=!;*7YL)_43)4GDlnCkkTates!rs;GqerGYZow8X6wD|1QpxsqX#i)v
zH2}OS@^ber$dwSMtJL}f@1mV#JraWPVDWK=@1y&^iihv_^J-4}__`zsi521ZZTO%d
z(x4#3Fd9;31A9qW16IUx#NddoWFAR@N{}K&4Y1xyC=kS)M5M$K5p#8#+G&{Q@2gV3
z_!=px<iT^$YVK<HyDm8&HW}c73(q}$JEp+89eviGDvw-!j+!GAz~B@fln9@T;?@qH
zhM%!P<6SY%SApGbxl40mDr8Gd{f|gBp?!fcs8S^(-r**u<qY6-^ItmUXX>HI8}YBy
zMwMff#BIqA3O=M_Kcae+_gl60ci^i6opI*p`2#wc5=Q;nf86sm=d{>vcf;>#1~izu
zi{<L!gA^AasDeD$z5Vc^d*B>=vmGrQ%ptZ09i{x4E2HGsw6-UewEdyBUnIeK&#{am
z@TvotL-*I|Dc6QXCo+X6sg^A)%cw}mwf2kd@zDn#!~OvQx64Aok9dqMs!PaBlR<+|
zgPpx3qB`Wban3fZt-d>+b{Xi)Gz|<m-jHGE281`P^DC*FxOcU<*IU(&w<sGu+r+(e
zuFEBtQ9K8gWDh#v7HSVCOS^9pZoQ;hoEOTKHwe$(C(+o_9rze%>^%)T_T>#ISfB5W
z$MJ1n64k+LIF+rT%iaQ23S}pBP!p64nKit_M=ic*iFsatdc&Qsg)lUT^Mm0g%Nly!
z&BGdULUhOvO(((a#X6vmdMH<m>EYzF&Q^!c+dLBv?3Fd~UB}i<DOFA)K7g~JNp<25
zB_iUw7VY>V%=5ebHpg1e@qpJrTfM=Ug5FDwhkVqDxPoFp0GyAhsy<(+o<xQx?viqW
zk531(EF%|sb!Nldx}b>g8xwiuKWNUhkHvjhjxuUSTtA1;L^CzW=VB`)KSNd^039Jb
zXHjrIr;iVe#!KtCM-|a9SGWrD=HfD3Hi2^cx#GNHa)7vZz_%nXK`c(y@d=27N?W@(
z@>#}DdEdeTnAG?T_ZwUzy|8K>Fs0qC4c_Q1VGk)!YUi!_PsJDQD~L6wu2+wWV~P}B
z<%L{d6>hJ5+D6irI{kPE(B03RZinG9CQBH^`S0I1R}E0qxf_-$aW_jUzYT6I>Rw7O
zGMl+p7qd2QE*kUXtT!gUgfEG@;@%m}u!!eW#y3#tEzU^hLk@f5A8zTefIq!+SC{i3
zG@3G8PUj5Uc6G(Qi}DMNDLfci|H7?`DVeE2zSFQH#^K7^tDa4ke&u*0nV9wL?L>59
zZTySHGWJ4!SbHzM4C#Us>TZ*tBXr?#Cwgm}jYYLnyX#U4TCwDQ#(2d2d^m#@NYF2C
zmgIwFT_ujKhuo&QAMS2hIk(Pd2-WytW`<t^oH|q=@+#-cL+Y(S?|oZ1%<vp=bK6CF
z58)0^{Kn-mogz{0#haVcRTvH76rQLe%>EoOd)Zd8<lFno0fCtz0n2M$`GNMdWu>ud
zKAvZoss{&de_k4Rgi$%Dtx54_I7iCk+h8~!Z47pvL2&<varp7ZDW*9c?|M=A0^Wd@
zBgmdRq-kAtsi#w@x@nT&Tw-5Po2_ps!n^NOd75kZW}vi$g*fbQT*xWGJ^ttdpO80x
zN$@l&;TEIE<k%wrwVFaH?DSN~;}M9XpSYETdW3B4hkGX8zMV7GxhSnNk@QY$?gx&e
zEo*Q?jzT`)xBLDQ7QKn0(8ihA_Nf{Zvs;3fJHC0Pm&k~QYNI#z<phbRcskV6$06m4
zlz{H+i)mt~P?O#)2p(v6u$+=;o4@Pu+^1;!djhyn*<e)nbpG5+tK-Lok<}H-AwKxv
zLG&<+YUtWWcM8rvNR`is`~Ih6TY$*l^h=Fp*>boU<v9%rH{dyiPY5u1Ih){2)~g(<
zI#LS)Nzd?SS03pFJjT}I-O&-f&NDvV(RJS`Ae_A6E5Rp#-%vQfctFp<-lg#cU}GQ3
za~nJ8^-H^hE<i+IZ+fVEUTm~kS~3s&3i9w9o5WvufwBJlco8Uhc=E_B)RTU@^UMpq
zsW^wTMk8hFpe;+;DbPJZ43Y=Yi`<$^@cBI@uxekZQze%I^8PpfnGs_{%#}w#sT+7R
zD&MC#RgbfS?}Pa6#nbOP3)V~ixjW)H0?r#QW4*?On)?{7sF&-T_l5DY&k4m_YqDnR
zUeHxA5+1WpY?A-_QSFW$f^p0HvVCVJ{*zox2sI>KBoH{}^NR$+pXXXUFihR#T0ZpW
zjL}XEvLC*;a}?enCl32U-R!{*m=>I`)QG-`9t`QP$ff9kb4=6Cm~gjuE+HO4ZA=aJ
zVc6uyp^W*@jX^Ie<)*qjDcAM~JT6{6($9E+0t5qQ`P}GQ7LUon$+cw$wG@^VG83D9
z9h#{R`JQ!mT(@tJ6CW0wv5vt6<pMCh#V@>PQ4CfKM>SI(fyqc&S`to&D*5%zLI?)m
z_+CKz$ojItpV0}v8O#aRVr7~8wd2^^0>AiE@n&5(pN+y_#Wc82S=;>`Yj{e#WU0tv
z2DN@?MgT3}@j>=W%v$;O3<gM%z=zPIq_Fa<zY%=t*Mk$ln|w!mHvn3Es}J;-2b#a3
z8BeWm-PVI0|LIwn<_+La(KY(GmM!y!5ZFS^K)#FG5cV=Wi9RwmJJapQ{TNelrMCxm
zeg<aSI*lytoFaYTpc`;|Zw^%IIeI2K#j%nSJ~Lac`{`K!2KZ6ij1bOS#$g&EwBlm&
zl4Nb#q$ijY=e-F$Z%XE!@$jTb?}{5fTWNux4pYeGw^^_wal<`-1PjPEs;JiMYto*y
z`+R3mYtZT6NR7$mno>9SjO4`snpK-j+G3eru0=mxi(X~^QT|S?L;MlV>Kqw(%xKqN
z!WkAd<vbmQ*p8-0N!RT1v0?cnx(EO`KjYuEpLYBTGC<MC5S-_B%hSQKgw&q&<>Y>l
zdaHF2PwWn{4|lsBS|zRGM??RkN8#DTJBN5PAv)gCuBe}lcEViIyzz9hNa%vcKEXb8
znI%o^7e}YUrYH}H)9oRi?4ky>sqkNX>*#u#RP1>G0pIr3@X?ZYidM0x_Fg0&m98oJ
zAnT@X0rC;vqBobuNz|3gHati^cdSL2F;#px!1$$<2nz?S3Ch~@kTJ-WqIbc1u~75(
zFQ3}W^fQvXw>zWO)lZa{4o|mkNMEMck?DcsO{|l?BdofQs-e$)tbl<fv*#yfzSGQR
z)!B6#)3M8GGr*JiGV;_ke+}Cht{heq)<eq!g+tSQgJVkkq^a=Wk=KJ^=XU0lEYoZa
ze0E{@=6B~fPpB7~clg52tf}I8{u^6|QA~$)VaG?Wh$U)UdJRKOu`FT)2&p^&d2EdR
zbtTzFIpWK^zIKrdqsbrYzW!v_I_kS*9z;8=9(|$rBr^G|V&s|yTf#Bq@Wn}de8LwZ
z)NY*)ODebChRmkEUdb!GCo)Q_IF`r~ZxBM&@O6vgDW`v*LJDjLS6qcBIbTSvvG)@Y
z_JK<L3MO(~HD9tEr`#v8K01q8`R_A*Xzvz0CEf4SXcn#HVfW{RPUyUGw9uPrZpT`G
ztq4_F?`A4of1by91YgBJy$GE_;362-6?Ki(Z)%bqN-3)+vo|lhm|e_LleQmuEgQEo
zpe?`A)hrEpu^2J~m4yG$C2M^k^Ov@@Uu#<*e%~o@Jq<UZzQ%sj!fy(f7Av%i%L6Y}
zOSUHZWP#!r;e*d29%T7lEm00G&Wg-ZcRrDK!LW?wksO1D9<be3lCT&gSL%qXtwT4t
z^79GCvo~W@9NXU&ZPtCXw}Q%~o8A!{O+8>)1~ft4W&xMOf^`KW4>gbyiV1F@`<<T+
zo+NHZb3%9YDEbs*6~w>c*{S-b!$7!b907Q{?Rs6vE*A?_{^ZkmU29w;$0U{BDPw?%
zAMBJmS)M{m8-p&=%ct;iT+83V3+vzEG8Opu5`_1w^L0Ormn5bAD+YmhlyJ-hOuInm
zZAJ9Far+H{b&FeT1vuu$)j4)>4gKwkgKGuc44Cg))Z2b7?ET!)_{=Wy=i#A`u@j>~
zO|^);Mf~)?%BL<J8hCE?r1`%2hIEI43mX&@T?u(Rho+ByUrK-T9Nze>`{Vs>-PV5+
zNH+-kMb|QYZ|k(M{f6gpiU~Io$c;YgZkY?72Q-owfo{yg^rq!N-L>Bv<W{qt=FocG
zAcfX$)M|Zu{ti92JMypNhJwo;Vml8d_MO?f%^Kq(RpAQ6$M=%;oRvEpD+JA*L~$4F
z;7ijZ1A}Lc>Aj;C>%FPK)6KBX?z;+WX4XYc@77Ja2b}wGRY-!Na6LC&`f1%W<Zejs
z)M3j;dD5SwZK_TeP8QgWsuM036~3d-lfPC0!e#a7Y&d@<jN1L3Th7Sy9*p^)#9P(6
zg{N^(hqbOgFx`~};kATp`9yeI;aXGDMlLlf?yMZmY-iL%ma*>YR72f(C0@~zJRl3?
zN=k|U%Cm14igz?$y&!4aR54uyeR$SzKSqz|YIHT;hS_6WV@36Ou&#e|eQ4SQPd+#n
zR%@MqP@`hq6nGR)+&PxO)Xrw~dz2yHqHRCE@L|4mG+x(mNnYj1_~xZ`68Rj^1S0FY
z^-Ut@tUp`3fY0H`3G5n%)P2oRH>)UH4CL%rWdnm?QAw1R@g<*#p7>kAChY#zTf&3u
z{Lqb|#nHt^=Vh*5cMPKwMNU-95pXtZgVffqj>TBLi^j|wKeCg<-UsU;GuG~;utrO5
z?%yL__LETQqjszPiA$5E_pniQ>}SluSZ#5agO7OfXVDlZi{Y2ok96Oj)`{+y7}^F}
z@GVbaSw`DKLp($J<+}YtUby17+_Jf9yiH^Rt?D`lO*wo<uPeyL?JYS5&G7+N1ZU%y
zl9QP)#5F53xO-=IX&F%5&7;uWux>!9Hbah?tV=FAFYA+fyLdHoIfgm|u69&8GaMYI
zIcvk2ZxI^`Z?B2Vx9Exw7w^zRHk~YQA*N<Lp--|Z%&xDsiI<_FEk5H@TPylnlOA)8
z1%_qbTl8!+TQB&I08e=DK;tOuPIasopM#&58gw>8TsPxIdcF@x($X252ihSg3YSLd
z1zWdgau=t0CE6Z4FQ7*<RpDGN?q}SYH@A$-=9k<qR?;upamk}=nbNt(-<Bj#gC2}n
zf}_D6W#t{OTm;+bL<WB?LhlXSC~snDgKUcTK2R*8&vETA7f?1D=T44Ut84l5_Pq4i
z=c1J^p_~R4=VqcVLVJs{46N1)-IGsrR%0LO1Uf9`W`<KBXs$1ZJ`2GPXM{)tv2kOn
zhj=R$Mv=SIc93j}aMqxC@e6YD15cSJI%)zWL)I>B_}ktBn%+txQ?yK*y~wwGop9og
zh*SCoh6cDs9!(ox6rCSBOy1DkVm4BxFS%agUC*06hxbmMb;<7dBG^C%quBOoC&*5N
z0uumBF@7KVxCh&6lNm)Z8ci(2K%fU40-UuDcC-F_&0AaQM;+po{e#~YJ$Vow&k+Kx
z%MPE1QZ3%lm>#pQQ2-g+t<v`rR-V^y%sCrZ*lTMz8%wMP{EO8^4rF^rjhpBpR>-$g
z<t*o?Y&oo(Grh0y$y+Fm_lvV&m2ozIeB6UKLAZ_)78M{yJ%)SvAgQg^rk+`A*4&9l
zcKBmL7E{_7w(%nW{)lKCtZiP2?i_;n2tp6dsaBiAmQ?RsK1Et}!5-w+I7=x}XfCOR
zR0AM3p&LbgzN>!HL9!Z6{(CsM@-Vj2uP0#bB-$-Aji10?um_$)fZJUTye}L5CTCvJ
z%pJ9Wz3(0Mc9^pD{0_|lyt!AyNuKSi)$d-zJM0p75B!YCC8`y}OZSm}>6nXb4Zs3`
zE*ETpV&8eU^b4Q|xq@bWTZeT;1HAPZ>DME_3&UJBld>SJ!<`k~RkAH)dN-a`A}mk8
zQh@H9oJu@=zf+SZIO8HfY}o`ZS%Jom*@Gd~5qJYL_R2tNbQ<EtvA+c3^ZcMYf+5f3
zV3*x_V#%H|Q{I(YR<`yNU38HjUaj&H(z%6x^%<4|VTh0Fz<&-l6gOznH1uoqdiUsU
z2YSd}&&%#)8NR^)?<iy0n)8pSL5FfrsD)4YArHX!@#US_L}vZFc_HT`KW-b|D16`A
z?8rxFb18U|0rY}%z2Cu!_FHw0pR7bC@pIwkEVWgq${Jc)N6w(O<GFT0WHQ!NU$R#+
z8Fw3i?Wm$0wffW!A)Yx;SJ|vPuTB7459r{D0k19Z_$-OC+uU%)!AelBTSNMQT}_p5
zOT}z!_d&DI6W5NHVd%IYJN9z5^rfUSa+w|bW9dPw_CX1~oxW{-Epn`Lp{2(+*p;f*
zmYwb)dC%b;_ClY|QLornzjKt0<y4`7xxG@jr<%0|Gu9Z^{!$>hjc6lgfu6y1Yv9=~
zMCM3_1$W0fuY2`GFZ`9)>Im|MM`=>~$*POz#1mdxzg^C-U3tys+<=$-^1I|DO?3=c
z`8U?AIrxIwe9JtgtoqfW4tZqUM2f4rYy;dvFTrr2+Uz*T5tzsJRgdtE6Poc5V>@)>
zcMmQ3TKHKT@Tp2DZtGK;nY4;EH#{LdbHQ!2M}B7@+(I8H7_;t%(>$MXSJtSQm2K7%
zd)#W-d~OwPJ<iaewI@E9YVTK@H?~4pok?AXGwG$lb>!3TOr0>6mwZI*EvL{Ma-UNK
z&mC5&#_pTlv-Zs9nay(JZXypz!!$hS_suO%#|!$s#xPC6l0v;2`e`$Wn9BANasIbK
zcdgx7E$d;fiMPj`d}`F^szhMiqv0&IGpx<6>rI0MZ}gqBxAji#-^5zHGfgEm@O1mG
z?~@+g371+puh_zyv1bLQ`?SmyeOR${Q)Nqpxp*8<IPYAOZ-XmCvNo#-)_Wh#(t8%R
zTzy+))wWE1TjbTlBIN1AN4s$Ey1;>#zw&cAJ$TmK1Fz^OgmJy_R<C~v<Dcnsirqr1
zvzOJ_OuvIwT!njwSN$fk@Mj|<<imVVgxQ|>RlvIF&t{O{l!Md=sz+ti#rrthvjl99
z3%@EcM3wxmmQSZn{t9)e8M$+XY-~k7`X_xB^i)EAKJSP!e{=g%$%Yux(tN9$PQ(Tu
z`)xY8M<BnPkoc{34)YN--%J1dDCW38M(7zK7L4^(WkxuRJ}gR48$y0pUI8179ywO<
zl_g`>QW2s~%sWjV)?=1dm{>RV5I?q|;$GMuc0N%w$8H$$|G%$25Q^7ds!jnRvjzL4
zNs1IH-7A)GD!!t4ik4*Ku%zZ0=CFPeUeEqi0tLBEt&0*cV5b6F&8S$C6Yy5`Cp#Ek
zjX_5|h^fs=<;7aZ7GP@PWDa)D)^;KSfCXWz^fh_2Kc?c?)}SV(#LEuAN%6Q#7~2Z^
zxHYg>`9ce~<UJrP)&)&`Ors+3Q^W=PKeW!>S?I&2K>fhYO5bkG#%^v~k@E{wrxwT>
zws&)otDMd`?MU~S!BZivfZ>7g(*38LKUM82#n(L)8}C-@<4~AM6H6<LTK#@k<{Jh3
z9yaP~X=D(2-#A%2WC$=M=JQGp_(>U@b1Ng14!eLatHws`i^gU8%m#}#hSP#lN_2xI
z=>|m52*#;AD*wR;<9Lf-Wh={kiy<DV47v=B>v(S}U?Zjd5vkjff@1yq9(0sIDFbvB
z{MKc9GFPdAn?mvgvqDx5dR*8YTtYXuu|PKr-n<M22sh8U&`DAi)7(5o3G;Y`+Yb$4
zX_iE?E?MMF&^sLwI`th_^9Pr&fpwpXc6V@GqKm&;19-Zib({sBVk3Kk-V73BUHEJ~
zbR)E+|3MzwDj16+NZWu2F6!-H1d;-LkywS&BsRrUk+QIMty7tE0daGkpm!P1WHJA$
zvWXL;#mi|t^r|5aB^3T~v`T|UNm|gmJTPmFpZ%*$a6L?vUhdY5tiUkF=Dd^$KW2s;
zchaeax-qH-Fd7Fi%Dz6O^FJl<&3}Ebhcb6)d@0k;kR9`PwyRff{FN)*9A4l#)x%a9
zm>d!<x#C}?{C%~SEsu1GhIY0sibT5HdWPx8RRkNd10S+GL}SG2y}3Uocf;mvB44BV
z@%Rrs|CX-&#^z9n$TA+1YO}0q#C683M!Gl`6Aq)ksQ|0^{H`jzeK|$nYP{VYRfL|Y
z+i#&4u7C`-#*>A>`@$c-Lk)!Ul5bFH8^626Pq!5pa8GPTLHoHaaF>L<wKl}Sb3=E!
zL7lJx3%P5=IuGg27CN+0CtY0eiK9^}uHto$xS?ss9IGYV(TipNKZ>8J?^I5LXx^b#
zac@-`v)lYHKx9EH)u_$r0b?gXSRl{w!Vjg~8h;k_O0|x$rdK7TtAsdyGOQq7Gr2Pg
zHC1ygt(SF`sw#<-coW7iAm(9P*0*JhaL4B4^Hr;gaAi~qho96-g*(86{{}E9SyWcV
z>^qW;5p%yCvN^Z5@uVi>kHZ~;v75Q4xpTT>v-lSC59M5LZ6g$wj^zq0mZf%|AbA}o
z=mp;b3F^1DQRE+m3Lj0A*`!F_TxpP2F?l8b`gN5yi}DiO0y7WJ0`Vhm2uGie0pStx
z_^|{3k?;!WDmO?OD5=NFEWyDpF|Ys!=b%pkKKdV7n`5--_Vdi5(H;eeXePTvXmL!A
zf90L+=Vbo^8IFiv1-R&+b||pojQ=I?P(Xai!NgF}1RMd|P%z@(aRlwadJ$3nlgH!u
z+Y<*F&9gHMD*lg5j^n=lDQDX~_U=H2;^X-2Tm|+c!1Hsw_Wf600$3b|L$N202#0d}
zUpa_abg%?TKN`Z0#jgMu=Ud+l(7&=E2UgFQ?CcWd!f<O@g9A1uSc8L-9H`F;_4P$T
z1KI2Fodz<iSWUvT^m_(pkG4KuPsiPMC8RB{+i7sK?w@ib{Y?grzHO*LVj3I+yP#e~
z2yylQ<W;syLBvrxeg_r6;QS*e*(rx_tAdQ%9|*Y*2p7CdP+l8UsvJ>v22B?22^~!v
z<RK_VO+%UmPUFvd<vl2MO|K-9qC7!Y63mr|jKA*xpi=I^*jCktsDWPwIRk;S#|3%^
zQ$O+3XXjnPFsxv1!f1z^LM!O~k<e+_aoVBP(cY0wy9rT!f>2a0nJ=EF2~c>-{53TN
zOhfcY^Igq<760HqG#l5?_if?5S2gE}|FRMXP<eJzX?0x5v#JG6TDnBlX2!*TP+r=i
zh-4MVI?e;PZ+eFTG0|XkdVOy~VwtN^a@HVOt<MIq&xKe98i)Mr4-^Y(1X3JyC-xk#
z&rUv;^?4LK_4W}F1#426X7gY0<}%6AkX1c$1(1}v0`f-}5s!WUc~Or@;3v_-Ar$7s
zT&p5HD^yB)!~Nfa%_8Fnh;IS1Y~tg%1lYu%XAxbBdEA1h;T+d)!I4rTkIbhz2M7-p
zY{(3Wj!R0gvHiRU8Hv6f-ktAM_(As5laln7(5$$BVS|p6_$NH@F&ZPJy#@Z=w!d0O
zBJsivkW8bdGT_EqD!dA;nu(topFJk<4TB49_qwTD4w5rgqeKRVES=kNk;r~HG6;#2
zcQF(zG$gId%4S&Gs7g#%>QME@yuP}Xrerd7yQuVmh?3~%<ik?gLND7P5A#&T@Y8gr
z`KJD+Ni=hJM)*~jdwpv{xnz-4xMt@9jabN10cslJ&FVN;*)GKmAG6s#1LTvd!^bSE
zOV<-8cPk`?e#$1~+ZuO$w6WJupR8G`<+aB?bsHHrm?%QAkeLa<Pbaq3XU!KyFIsO}
zuW-Jcsna>{-!Wd+Pbo?DPwe(<9tS1%om{>ryK)LoO7Agz>c3HPq}YG7M5z{{MbRrq
z^xZWp&7k-`R_`&NB>t&o59Y-TmTGZEM3tq0(@W4%HdWv2ds-1SC~$L-jLN5>7By4X
zQ7@Seisu^G%>_T+S?ouYgiS8CB^Eud(Kk1zEGn9$lAt!@tysuaAWnaxaOA6>`Y00R
z<_^uF!qP+9oNr~p(GOi{ZJ>B9xPH%&ZYmqGm>ou3n@^UJl5RRau=qP{k5iQrLm^s+
zK#Ez|N*b?#KqhfWO~Owe$Va(vgh9-$gSH%3MU7l2Et5|pnUa)Ba_kg5w}5jWgQKwb
zAe}Cg-yeTyM<!b2|Hsc&L{>GqaP*3rG*gOl<Vt$LLsG0boP@KOL_vS)QzQxwcAO#~
zaf*jClVTDWolU$km*JLO%eF~x;*BGF!GF!rOs$;1FVC#^+@Ft(GsYw?0Wsbot-p|g
zoyypKSQ;<ehw@b)qsnl2$&#_nz^WQg<s#xCHw@}7-nuZ!cXf2?jznZ_@Z1lIPv7V*
zBPMzacoQ>OXUlJB(l?U?SQ^t>P?Z~*F{gby7?*0P2>8J~Ll{lBT_>ci8a74+g(jgv
zTvES|o-+Sf8tWUcWmf5-LS)oJ(`jjLU?KIyfCjJ@ZY!RU+^R~bi>n%?`_?>60Y?su
zlY~49ZI5z@Dc&ezSBIR$W-76Cdp;^gP6ggu$pkZUuDL5Bx&v(Zt50WWOSvx}34U|&
zHFaX2KU}ULZccog|B)K(5j`v3gzZIbW?j$N_(0~pbUa&98Rdevi-O0F#^NUi#cwMS
z%D(3|gLE<jR%mGA(+Up}lL90uaP*-nD^hG;44FSwV?W9}R6<6zf+JR=vp|`3dtvy{
zd-&wCa7U8P>$%#Sw8$>?s4N^Imr>SKisPbnKwr5pp7f2=&FA#XaX6Aq>83QY^^!D_
zl#(t*0gK<DSlF)=u|_s>6-4i4nu)h7C`3(fY%2>oOo_9&q<dA)h9~JJvMKqi<!W`Z
z&R>JLxjM@XO}Sbp6VIsEfouCsxzhAW&St4~nxsM{iKv4|CjZ>CdS`wF#sGYQewwLR
z{V$A}e+W<iVa)umq$FWUkuRFlR~^&;D_QDOS;^he$=F)b#>5up3sa?NY-;`q404B|
z5Hzy=X-o-2FYjPv?C?dOqEHc5`phdi+u2zeTYrM6K5;i+e5@~XUoa{Mb2}$nhfm<t
zzbGU6&(4)?#U({#4eb6;a@8ldN)3jUl?{eo?UPu=@OiPbesOacV3^pyxKs@PRDPxG
zOiZ67t52xTKfI<-K9d#<GxHbJ=u7dlf)nO*YsXhlOq~B!r31sv@JZVKRAFX=Vdng&
z2bM1rY;0^WY@a=`f42PU_Fq$9(pM?RXRlxKSM8VPf3*I))tBC9IVa1P_5YOWz_5K5
ze;NC%()us2zufui@_(jZPJfksU0;U3u7BMAOgT6>KW~MD@zaNYU19m`>eKzt;xCo|
zH2sply!uMNE*%(7W*A2HFT5DzXYs$*KZk^!1BUsZ(PI8*xIXdY44=9>Us3vRfYeuT
z{_hj$f5h*fc*+@Af6~hSR~ng^m4T@v49mZ97ZS2{`?OEX#>5Uo%lzpP)0fRp!ueN-
z=mozBWlo=i%kdvvnG*~x)8{zQOF9`?nHvh)m|7Ws`a>^lU?*X0Zff?a`{_Tu(&vm+
zh2i+D_?lavn5)mJ%=p>t|3VG>ha>i%d-;EcVf~Bz`k%n1V5R>F!?F^dm4GUfQVAEv
zr#gr9>nxNQAP|Os^*-N-k5`t8?Wu4zF}14h_kK^!FfrQ6I9CQHF2^pQh1-~+(nrO?
zLbmI5Dj3{?>i$jpLg2Lj6HCm@QOQ*>z3ys*G;~JJ>Mpk(<|5!~!J;OLvu5F_%g)~Z
z?8VlsH<AXXF4DYIC-11vmr_fgaCWiP<;f&-G5RL-G1WsK#8A#exx@e<4c^282{k*+
ziz%J6o&c_YE6PWts-gq{x~WcOJ}GZd7jNTIAjyX-_$JCkjFkV!ofQEz$X*Zt)5=pk
z0tPu!UqshEf1njGAWix%A8tt{6;L-`MJFZ#HfJUg%d0_8y3Y?S*d-b+JRV+dBAB_p
zQ%J%bKTg6v{>O-nkeM+}^5pb1YA<a+bmEC@R2o`sqQ41-^x`cUrrQc%1%%kgFp!$-
zgNm%7&BFrcLHH_59qsPzsCuNVbzw$xX~`|6CeNFi9YSuY^3r3f?*S6#=DWxL^4rGv
zMaBC67S6Ak{|~I~zu9J)ozPw=qW2uSD&7yb<G1UkWXx&fBt`)^l79YXnyn%>tw=^J
zP!ypAz#<)ikOcX=-mq@F{$NlT(>fX{3wQbkOP0=R#yUJ|s$FzrRIzDW<tNAA=ihw0
zwmxKvpPlbihT6Bv;rpNn!5fL-kC~I{!fnHRt`JJyF$nE<MPcc)KkiXw5kR~!d|>Ii
z_9K3UV5nsU$97`ok%pR1rSskRJv7=Pw)x;_&)Kpmw^+U!*L1_&kC{&C)tv>jAtxAo
zxCfn>=sFxn9{1I*jUt{*8~EP89*?25t({jw;c7x04WZMeH!|G41Jv|Ce1fdH(OmMr
zzxMUbQT!=U_@397a`h5nbK?l3H?!v?-Q{1-9l;;OmM`lDzZ#?~SiReCw_wtM+*q(x
z@cGR5)`qnarAmY-8=Rgo(|U!P`)-3n)li^o1{&E9(SSag6;LJG9*YkNt5<M3ExXQb
zw;($lJvyCchSP?!5h0FBCp<S@^7^fmA1fFwH@Ky7TD_&x&U6R*mSlD0t!p~miXzga
z$JKTxr!NQASCn@r!gCrFpyX9jhl_cYsLFAJ*Z{>leBh?t(qadv87q(?jP1sPbw1E8
z330&(>m45WXko*!esC?MWq^>0D$2=%%^T*j!^M+H5@a4c6WlqBFr^OR>J4Nq%Duhj
z?-R_|mu}Z`C9=Z+lV`yK@;n#)?&s?GG<om@fx!qYRt7oR7biVaJ#%WtFSolDD-A9S
zpvLG+3U-Y{zY|QzZItg%(%b%swcPQ<eZb<cutRg`X;~K($9{u<`xa_X&x0mU#yecJ
zuV8~1zZ34g&5b<af8B-u`G3jeHm(TqOUuyH(c|7v$#;QXVCHx+ggo(S+ZtRCtf61m
zcaPq$u1u-g0(e9@_O3TmSHAJZ!qrpaH#3z0&RhJmLC`BVFTCui>Otyj+(+OJ^vfZ=
zIOY)%rWmiGi9^j6y=&86SCH=1Zb5azbt0c6+wseh55|uip{+g`7Q8D1&W3lqTZ&sN
z^3_njpvw{fGmSpBOAmWAvKvwtOxMz`*0rG<u@6LZzta8Q)Ya0X=c}z(Cc$F_i4amD
zT$f~Bn6}&n8A5{h)rNc*DZc}7RpgkRvo`P2A03!V&5_FBOP32<uhgv}bp6a1m<O2C
zpr}5_zVbc;g@me<xYzseA?|W6{*i*$->;odl~4D5Td@d-3~&WMB2Mz|=61Nz4_|b9
zS|$Lv6}`*B_NaWIF#&O{KvM&>ZkUn#QICSJB$h9*kH#292v@GtCfwn5Y&l{l!x~03
zUQ^`t60jQ57bNHV{|5kYK##wDa*UHW8|UPFTopH*%W<=~CEOL<y<8jjHuo|28F!RB
z0p9|z@}+zkpXM|CaQ*`RGX7EiOa4n?n(&tJxu}Zs#T8<Q_&-uV=?rO{G+xR{w@W*u
zcjacl&flW#=tb1+gAZ`axuM*4bQ`JRL*x(S4}i}Xpqbog0+>oR;#K4t+)m1cW#S+*
z2#-OB`8166Yh)ccN(OPG@kl%Y%_V)zyNO=@S=iL`zeR`mm!WTefIBY}HGD1kPSns=
zj7S!q`8%#RpW)s@A90^ziQj<!!mBud50R(2aexKC;?EEoQG$CIy}-5LYtVKw6e0Dv
zyaw=i41N~)!bIE`|G*UxN5%ja_2>SMZb0+MpV1+p<5lQBJd?i|-G*xL)#yv~6i`JE
zVS!jB`tTcM4!@dsa62OWGtj#%F2|hUMK|Ic_n`P4`4C-(_VFtEgnJ%ZzmL4Yjph#v
z=i=Ew0oR}vsHLzRT_H5`f5I0d4o^lY{s3^dtGT{>0=CxySD6MpZ3j^IF5m-aa-*Rp
z2$(Yp@M02hhzH?&Kkx}2FlY|Y_!Qt`e?aZxMACsS791G34nq7}`E$|K!c*vh!o_Go
z;ZD>O_`%A;)o{m+=yP;C+K6w;UxgN;7*Nh9c$6@V>=T9+dXm-TLo$Kfd+PkcXs2)x
zeFNVYVCM|sCA6CV08Ky*g*Aou0J|%J!#;p6MCYJ`(93_q6VB##qni8}vZXMLTL}IA
z6pb%DT`0vWnq9aAjYTh`CnW(*mohNNZTL^n->c9pa&BP>H!D8}#^H7t1p`LwGT=Wq
z8-piJJkw}6<MjGL1G5AA*VWea?bEy0X+5hmRXr*z(y8)fSt4E<D~U$Jp<ux8^LpGa
z-RZDvHdT=&QQ$d(QT5Q|u;zGMy19){C(k~+C*4m@hl=UlDw^BkP&Mq-bK2s~?6ml)
zXBu$kML#*yFwZo)&cu4W9@Y1(jt@=7+x8Ag#yjxT@r?lAIwaW?Z#%@`(F|V8U^~Ex
z1Y8gw8k{{O-iDjwL)(TeoxOT!^ANb*7MnUaIe3=Zvl?wtZ2;N;Y6~P6Zoz>wFat<n
z=)f%m$#!T|TR1snXj>>bgtnlKOAVbqvu)h?#-T$Zi9}P+>NY%hM)JZolsv1=nPI1(
z!R#?@;@~!kJtjVf_6FS&-%`DM^%~FtE^N+dGm|r?Pit)BrZ>@NxH9nEA#H&x4+c-}
z!p+@-8&`He8sSzC4bF+v-PNmC#@p79Z|r_FLCdBlxCdNIQp1{84}(Xqfk7NOAr4O?
zH#If3;hW%*aoQ8wE3<#Il0#`t^W1owk~}Lpd-dFAn40kFHgxV4iLK$Vv9oXhg@?vh
zPi#yk+8QFsrs+eXTfAuXxmRop8S&7mM|xIo(Ou@iZgDt^fM)Lw%<4MEAa**1MxNU>
zvY56gIRX%(Ej}X-Eon?bp9auk)&R76#sD}CK1~>|YMTi&GN(-$+`L*JNbBkKZ9+;<
z##jFv0R|)weS2!n^kR*e(*KPpNb#f#)!?`Vw`DSIRaF#4q`@$!(8e>^eqGP%r5z-h
zT&Txk1H*^L!Pri38rTblKarpld`pLcE`*)7*71$zejHsG*@}!_nWi?<Opolgj`$|g
zBdykvuFIQ~fXVHMs;j;>Io<W=)cu~Jvj?_e|NqC~S?2MP6OtpxPi>43UEN$9+mRDb
z*)xw1=sH$}+B}0Bxd<sjB*L+yfRxj^PNqAJS{t8&KanBz%nnHgtYkGfKCDe|KHDst
z)I{Qcc~M8<FujUxPF_}QX4}Bbsr!RY**~Ru+G-9O45D)6#Hp)StEU_TR5KqqqPPK!
zM-v+p@xg6q5>RFe{yGY~2hd+rq|JaK8%$3C{4=YHyQiEODZ)+gq1f58dKfUe)vJdk
z<HJ@rub$pfXuU8Q*ORMvl2^&As}~M!wh*VIu<Mpc+pslFFjlkiKp+Z&&f1d1tHy6J
z@Tv(@8+U^75MMR1aVx=OaPwJBTgu^B<IXrj2CF5smR8c8INd=bF?4b(k=gl?od!a!
z>?qGF*#3+Tj98s))nPQFgP3)?RY#zXH|q>mM?aLu44&B79eWr_HuVH-B$z4K0s@U)
zLMY)%xKdDH5V|Mg-0l;GfR3X$zZ=d(zQUJ$lkg6Tpi<n&SXo&zpoA#AQbMLUU-Y~f
zeckhV^oJ4=6CYA|&WjX5bRm#RI#O(s9#J((589oQ9&ortSHR)nya9)w_yUd)@dfQ+
z;)|$J&KprnIB(D%6J0@jspyKRY9x|EiWkg4doY*^IJ|*?!$(qH4opHR<q|va4r74B
zVYjQQf+E3SAb?b#*Xz>Ha7d!akuy;6ZhPQvd&*(BvSS_V9K>;1LcKep+zs~y9N6y4
z#$hl!$cAn4XJ!X8`q5nG&_VrR*Y-$#y<TsYsDXm@W~q19ch<YIy`WqvoR+yp-?Q?x
zAl*2B^6AqX=W;CpPqMDYlc-C0YB>6<@g=#0FTo`}3C@%7Brcxv%<Jdmzr($z+&cvi
znsVQiO>d3F{`}ih?wy=}ZOUbM;K=;%LipKx@VtBQru+o@yC;9oJ^9J_+5BYEfagIc
z7J-g2klz7z-2kH$El|jhGPgjGL}h`>t3L{OK?5k!goLyyQ-hf?`jOn|BlU;s^@H{G
zsMitb$B{n0Q!Z$ttHuRQa}k_x!M8t)Z_l?J!gp?@+l~1J@SJD!pWqw722|0Q?J6M7
zb1)0zj5Oxz3Bf9^M=If92Z;lufnz~Gz7({*^?+pSZ5!@~5k8VTa!^0S#*>!%A-(eu
zcDb{Cde_v|_`IT2(XU_s9ec-3>6`7x?cLjQOL}x@`g!o&GjRu*OXdTvRvV#(WFbdJ
z<I(WQBqCv9A)FB67v4&Hb}*-ZfqIQT)TcLU!8uP|!gnU=fjhQu2L%tbO@voM>p7G%
zf`m4<-fZG##IJ|r>v`77qq*E6XrS4sU3>TLrPqROPqIJ*9Gb8bafMH|db6aX@QD%k
zX7A%L;ns1RIl?VP7!Vc%adAlHzCz?H+<~8ghx6O6ggXN^9n#_6fJhW`a)2`wM=}{7
zuEF@3wfV-7@a-{r2e9=JIWFvmk^aaSqH3CU)+EGA)nT&%%t}?Z+W}@JXV_h}^Z4t?
z?c@QOf1bw*5(UC30@etAQ>7ShsEK54Z-g1z7Y?-RI++B(H-^jU1SqO$Py#`*+QUZ3
z=@cg+UDIf3w?i4$1jFvE73jSj^j-pvgC$OckZl*P$2TE!3R*HSh#B((JN2VGVZs{%
zS?tQv?xI`<n+Fp~mncegFzGeqc>9^}OuX;2UQ76^&bYeth2d{r0IjTtk&|E)VkEc|
zNrkW4=?KUjg&*2!_oWV~p#ZC)g8(&0wozb<NLinuxO98a;}Iv>;Xu2~#ejbrimn3`
z^9nJzgAt%7#A5VlEb4$GF^%>%)<Iq}G@=Fq@lxGINW2s<wb#3QX}K5mIz&6rK+8R#
zsz<hvt_NyvH(?Jn6sL<=&pBY&+#WJ1=B0J?-do|;W(UY50KPTY$p6yQG8yxE^l9v2
zM!!MAAn_&P74aqMb@`2`G(v0ACOYP6GaXmDuk_sPe%bwb`18o&u=a}WMGuMSQN2Wu
z>Ef>ohhY>CAQ`p_%y2lS>ar-l84Y`*(Xbp1118JiC})r99ps5^V_n$QfrHy=4-jqg
zHcT{?jwD0Gj>7kB^a1$6(CMhFiv#Zf@*02|_$9I&#gUE&7@BK)1G#`)O0EOJwu_X5
z6uEuNEsW5B9FArvRlqO;S#;Jn9O}#+bh#<6K(W$sTE+oHV)6(y06v%&D2H>4nwl66
zrF@BWf54!A{pxDd$uh=6YWjkO1egVXymX>J38Wr>@Vku<Ty_1!c&F!wKfZJH?5AIS
zY+7v7rZekj?7nu-=NHYp>*3X&eII_asqxvDpI9}$50!dhz&%~q1r%t<FYZKI;h6C}
z?YCW|rND?$WTj#fCMyL-m?A3`lSo-9$qaQ_Daj0JWwV|RoXkprl_Dz@R+<FvZq#OL
z4{Fb7Z)n0OZj}9Qo^!)QAx-2YLA7xba0a{mO^yfI$a8i?G&?VGFOip!403+Gp(37#
zQ_!0#-$5>VQ4mz4q_kGGSO5TDv{T#z;GgXj_0<mC->^$YS+Z7YP1H$iorIFS&F-y5
zpmf9uN9e`$8UPONpx2P?jt;zr&Fi;7_KX7@p%YZEf1xu50HX9L$W1!6+3d>GGQ24=
zfhB;txf9uesk*a3H}4v@nk-k=Gt2QMCH3?cO~5nY9K)*_wyf4VE~^>otX39<ZO<&j
zf~F!zIpu>gpwZOf8W)IM7w5v{-p(7zBX_;_T6?|@U+^Ti<HR{n<~IOR-qSgc&iGEi
z-4%SAX+#5zI4>YkQixd3bM;u{L0a@e4Tw<gxj`<<vligy4Zzb`pWv@gZx09!4t_g9
zaBxj~_nvqf1PC!DC%d-;-DLDyY`ejBm+f)eVVi(#IIZ?qhpCg*S?YH6GgY#w4v9Wf
zsuxAU!P}lwsgz9$^*n3Fa!}kvsh(E{*aix{_y(TDdCYHcT1~14A=}BsD;@OC&O^E>
zYgr?a{ss(q3tH4-HMC3Y?kx&ltJRkHh1M^^8$iDh*~knxDg+Vpl7dnkPH{v^@w}Mo
zP4GIh4|I%I1Qb?qNH#T%gQhr!aiT4#XN|~aU38!@)i>bB4?Hn|`#t?}=WpzMXd`{z
zRG>W#q-_k9p&N}}Yr?lg$kpMiBjm#HtO%K>O?Qx~!0<>v#}EgJgk*_FdWFk{>^;0V
z1}fcVBbg{m)R(HI^<`!8`a~jz&W|ln&kxKk*UygwTbrAt?E?-34Cv4iIzrIEPNtR|
z1ttVc_n<4lq!oNnE{D@~wf+0`KZA5<GCUnS2a)I~;y>e<zfbu~1D?2i@q@vgq5r(~
z0Y+1AXzUjz9eeSda`)WP0|#ZEyl~*0b!#8+@BQeTr<xyIGUlA-OY-+o{3vw7q&5M!
zk&uIw>_iv@T9L_~V1Uw5tPw1Lr))QHlB<Zk$y<si9W!i<%ZRk(sWf8yM5869`)4vv
zr7|w$XG#S-W@G$KRoQ)5sW{mE87wgvJDfVB{qNh0zz>XZ5PIJxsxeTWC^9Z7PU@xi
z)-RT4E6w^UZms@?@S3<=Kdjqip$ShW<Mi3KHvM1PzwG~VD7?noc?V}x6@lk9yF(Tw
zNds6GH3@Vu+G8ivQsR>4g+qknXq}JNadBSr!c|I45agK1i5+C2p&(iN+5n4;?7}vL
zvCVL6aWqTf&K<|^<3HuOwLm%@7#p^6+HUDnja#c>jqdACX`e){lUgMr-Q|4$1Cz8u
z@Poe~;Bh#lA3B7B4fWwe4F?(e9HKg%We#MDVvFMXN`22B$DTba1#=5nHL}e%VPsnj
z%(8ag$;r|#5Xh+T1C?z}cu`C47noVsCkeVDSP)=4aOnzB;z-RON#n=Qbw0G=L;ODv
z3@eM)2)m9A!!PHDkg53IotNKw3$^j?1&aC_@XLitP!+yuC*onIdf05@B%U9ZoSeKU
zxmdYT5$A+26Ba7KorD`~VufGff)!OUe~Hpj)V&l-<)VNQVUkMmxMNjSJ$j&MNeo81
z6jUiB2RjORc16%q6971B*fqE!m=-lEctj99MvCg5qMOPRQKa)I%CuD?!yM5|u}Ykn
zvhJ3$?v|o=^U%Ac(pr?>O;hPTG>U;0^bT6M8rnlIiZKZsQ|Z~UI8%S)McwykJ5zlr
zP}F;mwKD`W0nyZiRi^#sGJ~cCyENNeeJ2%eW7z&^s=yp6PS8nZ27bUvsKH2;xQr_c
z2!Y)JOA7{LtFNDGDiSRnB#9G!O+6-^1lHKsWH$icOVS(PT71#PH{Cv^^*3wscj42Q
z4>)J!u<IYq{{_!KKRtNrz=`*)$!`*NHSL^r{!=v-FSlO2rMVAxuFHSX=n<FpIKE!e
z2Fx3F?iGEgWpPpAOJOPS))MsH_8DYu3Bl%^vc7(0TtJ~X>T92Y7NR93t?0&*wdg_N
zIqpgOPOjblx_v)7Sn{tDm&0A+Dk<Tr#7b9HG+sK~KG{3PH#sz0m{)R@`xf_u+yjmW
zqZ{!PWTWdnhX;94Soi8-o*GSCE3=sD6GJPrx)WhO;)!WoB*rUx+IbF2$1%p?(g2&f
z0Gql1o4P<cE@NPCRA16)E9FpZ#x!Qn!gR1HfY|`x2sPgt4w(!b4&_>4urqiO4v2iR
ztQ-c_T@KtkAf+iUCqA#+U(>fA-~Q_9`QLtiDF4AjoAKaR|B9;zy;Ae)UC;b|+Waq8
zJpLIWeZD*X8@%98pW{he4!qTK{hg2Hzq{k5{MV~rrV{H>;NMe$zMQB8hYWYT6c3h7
zdT{A6Cz1me1_vw*4p0m(D|Sr5r3OVng(0S*Qmj;htcD>pW2xcN5}l2Qu2RC&nZl|6
zuMzq`7DE4EA$05)5W2XVI|YmT^d5YL(T|HrvM38OFY{t37!DHArUKQeoapm={T@Fj
zMz}x%yB$yj<!A!?RaXLKsI^xGpXE45F+SiA_}xA)0env-`W6-U3c&J5@sH0<y|!t|
z;xSj=vG=C@7M#7~$v#6z-*?HFP5HNlUA~f07v}fvc{-neW_sUE{rU|3`l&DeQx${0
zKL)&wM%`_w-SCM*OqL}HaXcM-Rf*Y<EKzLhrMqjTiQGAHHEt(r*v>1&6mE>2F$`1w
z56nSP{tK7T2Ax;L$>Ok%wircj^pS%<;|zUzn?4uw_ZVM(;!!Sh;yvz0Vb`X7!}EFj
zCTI~TMf^?BLj^r%oX&c9yM((s2_1YmPU1E~!nXfky)ta9TUwC`<bT#Db<ni`+NXn{
zWt!c|{j@(DxsOkLPTD%h(Y_4a)Oiu*Kl6eA>;(Rk!efkZ#2fLE<_dhi?7?oXyc{Lm
z0g?iHpD_p@Z3o6;Am-o_F;T%dU6CrcD5>0{q;g70I_+wCoa105Dw>&va**|uX(>fh
z<s&wKOiQVu_a=*4D{w^#8?q8MWF>6KO44x^tBlpC%mJc?(lgFGh1HDKb4QC~p|ioD
zmOA4*)MBR|LN{ag@T0~n(9aM)8Ht9Yp(rP6X+7mjm!{<upH8NN_L2nhJ3R?F+3Sf*
zuvaFe5;$rDLh`zxh$)E#D(9d;^qD|VRHyG!2`FiSO<b39ox<S!0qHaX91aX&;Bh?g
zxc)9~6q$c}e*gME=hwAw!{h$44&yu1n-drAxb&u1FHa0uiOC(;9zKIKJdZmMELyx1
zpa19g@#6N2JMQkiuyyqK8^^9%w<rHY>-7HEMd$JrD3$|Wa=6S05jKn*D~Uu0laq?d
z=8tTi0Hc01TuciU=+JVkgu}<%DFBC$8*KO~N)zg3+BV>H=55+mQ)_N}_BOYbJ<M$~
zWo}Di<~A5My;D_oy*4ha6*dci5TH5Uj@F|##P>o58izhbhmqipL*-h;38rOBDIr*-
zkZ&yt`KLu86up?*$tdJ8{{5zId=o6wt*xM2=9*d-)pvI3Zq(#u^2hps9qM}JRjQo9
z$n`IL$xUba*yn~mi(D)&A(x4(?5kX&!f?OcMp3^5huis>Q&B9OS1g=YXrmNH-f2~p
zt>dzF9Dt)cn5azKItt$~L!SY(M>g|x2AHCs));<@>9$<lgX12<GtSfO;XOEwOx@3P
z6<VC(uSL!<(!IkPibHy?<!F}z1nMvoAcqcRU=&c!)89{pY`;1f1g|J2%hH23OABX=
zm|OX3({HZ-&0f4dxbf=2i?8LrKN0G9bM7Y;yFh0Z&ZT^vc#IfV);}vN11r=zv7b6z
zox-i)KH#LK>WAEiAb==EGjUldtl?J+&+^~Mg39AM{(YV()cK~k6SZ8N7NCG^)3R<_
zyAAf`;+Ch|61LsF&F!c4pBSfy;F+n^>9P_Eoep%QsEVu#9M8uE)hh_FC&wibED=#v
zkwAD1crPPa<%kU<zJm-joV^9SUT70`3kL*VI7g;+w%!tsgJsbsaZ(3aVZ>~VW^9ZB
z*%$@b;{R7I_4||ZXCpOMGAG4&Cz#*VRY7@1J&k45*V7;HDQdA$2ODgI%pW7kdc9l^
z_DK-zlL*)+)KK{IfF{$QN_P%#(_C~A4}<OLsugvIt5((>daXhsRR_95=A)ZVB0u%r
zxRf#&%<52<r@yjD76|W?9ex1)S&@#l&7GCYyjkAxX6e{(PXXx5b~AjM=#6p9qFe@1
z3yG2wPGI<xT=%|8{*0y02gvmW)Oqx<u&c8N`JnTK6ZexZzRB}NT;i($mjraZp<%*v
zF#*ZcZ_+`YHWCss*%rs9fMZj@{jZgQqd!xu#9vaZzQ~!fpGrt7BcaiM0&eiHO|*UY
zBP2SZeL5E~G`Y$K4Ir#E9m_kB4D`;#wCu3Em<$8%1b{#t+LaX2-1M;E)HnrUA}clr
zk`<!bL`M61k?@c0V1%zD>h&x3?FXxGC(OQ4V`VQZfQRkgt?%Ezo4R8&8FNZer08BR
zl^8=5S;?`IXQjYO%8ZO8g$PqEK<-hQ>p1BjP+2Ki?gQ$_H%cj#7O)mq-L+0u2pWg5
z0~9$KG&<UGdN&5Jo4iCOBRA5?WW!$6VMJ>}*liJ}eL2$W2-9c*_07)Yx^ZU{XCuaS
zh&W|0iOBp?ZH4xG7)ot~Hp0pE;8XT$M<aJ0ztq0WvC=Nvh#+U}{TyS-NN$K^$fNCN
zIn?{f1KhpRz4AuxX-RYwr^C@(AiyVxtl90o1sOnDJJ)$GHZUQwtf)2+JPwCW=c(D<
z>L%`8WFxZUK3j#j+=2T5M^;qkpfTMsYTVGSvtipV=&%FZ;4IPs8z*K+SQN1gO#q5J
z7wTB=Ad_E=3(Z2S0FsVu+~yht{5nJ<ak=_nC*#x9lL33-Zo3C_C<t1e8SX58!}=lS
z;aGVMb8x^0`1(ml#;=f8I1X6)J|czpnIB_hn+C@!856M=e%RtrX>HNh`|gfJ)=`~c
z{@xw^vyQ&~8MwVC)E0fZnWjZ8IUscqtd#VDWUxQbuRl(>k}jOYuKRI0KCibwREICX
z!b|zdoAZsruH)a|arU@}xD&^Q@oyck;}0B<Q|fvcBuOdNpYh8(xL{FGezlzfZX1h?
zd3?2UQ1g>X95sSVC?pfm9V8jJyG$gGlNFv2MUr`rDJ+y*Si+XpfH0<2aZwa34ML#!
z&r}P+Bu%ivj5MQ<T-=7^wsE#*+d^BbO|Z#b3cJP>b{4L)L!<t8nmb?A+<$K3se`(y
zDw$lSo=tMDrRbXPG!+#f3O9AkXR|ALHp3Rb=L!d21U4_np+JnMQ|%Mxuw6EWWuf1@
zcMQwQMqd-`o0WjcQxktj2*AE3NNba3wA7Z&N)9jlJaqra4iA7OCRhTXkAgpJ>Eimh
z8*!Q_P=kSW!rVXnI!AWBej*POzMQ`fCcE``E6suc+u~#4UF1L!>^DY+o!F~;y^%m9
z!t*-swFPVu{+YlI$7>EQ5C}#{yu@&g^^6S|;YOiRnW9f}UErA-xF9$=JSB2V-~pnC
zVjSm=*%Y6pVEL>$_fbk?g2I=MgE2<KVqHN=I$@HfKLT)=i3*7-P;{o)$#i}sI)x34
z2ZmcqaEX&iAt%EHC%d^bO))?=-Lp(f7Q1n{P;|yg!_0Dl<ho{ibWsPR!E8*uAh}$N
zM@NaiJT<_XsnB0XHGPq*mZXzqXa-(|`@MySJ=dP!@yfpZu8qIPB_I3+N3Qt#jz8o-
zAaCON_>ouhPyY4O{QB*`$5Vfu|4)7&uEmjU*mhU`bJGjLcLJT+Q4k$AVzXTHykw+4
z(tDnMo|m_2G2n<O5HxL8w>6}0Ye)h3VFwF%rK$RAxL9b6x%FhdC{T_VJ!#M7a6F9R
zFC4V9A+xg~v$G+y|6lFhpWE=E?(+MjtFOfz+TyTUMm)87sr|*A8!-YSn@G3-?(%Dp
z9(Rtu<j$sl=HJM#!dJcgXl_)W8}l~{yBzLWJLbQX@9cb@!)vaac7xAOJxPs)+k}4t
z4*O6ge%!d{g7msH2?hK6h%L&OQWMf!>P?DOLeD@ZJxHhz3`~y_Mg>NsbHb!#WBO9z
zD(*^Q4Yx+P2R+C=fu7^uL+|-NN1q2i4~C;c22}}z1U@I+8N4_BUYbw&tJ1apY<fg+
zM09BB(B#PUWVz8b$u~7RwPbSXl=zggIl@K0dFiXtw?%JD|0Vd>bjTLOfcx)mjbssx
z)%A{K`JgvgB@7gJ!ucyXsWKh(3rI|Gp0GgZ4id^^F(*gl@|dKAt!WQi(;n_}42RR6
zAe}6aMLHhK_V7>|qSNKENQVN(>2%^e=a6u`s<nz#B^WLw7%n6jE+o>xXl;yeY(Zw|
zFv78gdYmMjlXNq>s5M(;!+eNE8$OUlt{VLf{f%7FsfZR)(bTdi1!i`-LhNRDQ{sZ!
zenqNsQ4;H)uHgT@a#8ltM;`y(>-m>Ax8b30P)b|S`NhWh&jEpbnEwn%{yKZwd9xnL
zWmaadI&U|g_R)uU=C0r5pZsWh{?l7~<sQb_tysM)|3My3&i|oeP>ABo29Rx=faZdz
z3~Y;p+vdRTe$lC=7s>NWd4(lz$gGrDSx${hI;3_pkZ-!oEo;yOfDk|1<__1w_VBi{
zidq-lFR7^2i(6-L3&;Pwtt4$8hx7H~mL4}o0FZK=6FnzB!8R>AKe|X+=D5Onle)@z
zpZytUhx04PmrfmY!MMxmb-A1_r>3|gBoX$jqMK$>2th^h2g0FPfSJRl$8@*hqq7(Y
zphOvCBSAnIha9tzDrO;7tjj)*r5z886pvV-!D0g<H41B4yg_6!hFrXSVR>sgS6&um
zSQKPf6l7Qw{NHjE@xRL9B(=(Z?m;Uu>(Ieq(cfyOnK8x!h8yf;d$DW?GZ{kY${6bQ
zq2iH+$5q*IW}W&#mwO-;n7D=MS`LuA;ZW8ElGzPEhY`){U}x!NrSR(#wN2fE5dnX|
zljKe#z`T--k+IZ@#0Ii@&)ZkN`OfIdNuvr!UY)dHO3%c|zu^rx-8<&K$Md~~U1NWL
z#l!EHq{_!!mT$p*Zd^0KCUsuM)%3q&`0N!_3!7H>lK+SB4(d&Qw-Z$qQ+Co;?oNuu
zGbt3*=>&vW8D^#33Oi{QV6%Xz1w^Rgb~;nXg3QOnO3ca`+zfs(w}j_Y6?I%TI+z<F
zjVc*hI;4D9#RRTNnpQHU@@9`CNs))nak&MgEFf(G6&8?W({G+^0x1hfTR;Ux!eJDu
zw5Q8SIaiVD=d4W*Ne%5aH9k2xDRqf$u6>^4BJZr=6}BtwS30lJFDqZ1TEVTh-E3d&
zyj8!c{D#z>_IsW8`eH?st7jtZj-<m%x(7}p)FbTX`}RqrS-=PEJ+Fw|93hdE-`+D;
zk-{m#FHjz724Z79l~~NrF=ZeF{48g>C+Q}~a&3AYGQSa{XR6#`w+V@8Nh~5uBF_;K
zr^?HqP84F1o?(Nc`t2Zl5BX6~=BH)at&Zb(9B#%7@meh64%}uqdeTSIM?;IxQLMzF
z?mjF=AJm71df*;ZJ#sk6q#m@{rSzUX!hI83H=fSYVPFJs+D(;gda~OhLw8qn*gcU_
zYp74rW1Aa&kh!Od0V0dx7o$XaXD)M)7DwnP0G-jGEe+B&QMXmgNixITcNo!m`o~C3
z-(vityds^ht7W-I{$gaw=MDJz03#|Y9@5iZv|sT1Yc73u!nkRJ@|TRCbMdv`-~ITH
zD}-InP0zG#$PU0CHnv{5;`k%4=l}Hp{y<-F>y)z=4;gxKGB7>U|M6Lu{$}Q!x0gF^
zxo!D*V{2;WRSw#|^s;@6mwZhrt2gLfyIA(XCq_tQ{7Yh`$ULypfAhnN%mXX^f*;mJ
zA%VnT_7PiPqI8hO+u~-l{6#U2NiPm_0B^^|e8R5`8{?01kvV>Exko;;xa0|oE9OnJ
zoZeC1@j!P^3CtE4B?og~=qyXrj6HSpp|Xq-nxX2+m+-6e5y8G`)3JZij2zJX%U}e&
zSToeLvypF<-;jAf#ZEt%QMLRac^H3=ywv%W@Rd{25OL8IJW=sllEZ6ZrPuPDdeg+R
z<Vcq#NAzL@;ec@(^K9heejN9Y^OI)(LVv5D^Z$ZE%AyIDnW@H$Nmr&AQ7!ycyTpjf
z7yTQi7*V^#h??_JbMB-VG5vd^^<2^Q+NJO_l{ABLxW-jf^qJ$8`Cwgq^Q$xS$KU-!
z{@B7-hi|&({T;%t6I(vcpLqN>Z2y`Ydt&P=+b?_-dtp=+&@G1195{T)@CelmWf(){
zgGDEEm)rRm15h_JsLK)ky@_n5bB#EPr2h@$`ZCQwwXs|`uiZqxFH9+b%V|kisfLR;
z|H5GM0GG2M11pP}mu>;fBxYEsNKj+}6QS3~d-ad^x@u|wks4SEVZ<o!CEzMl$)(g@
zT5qjcyIH<jS*z{V4r{i!HclfvvB|{bwJ$1IvmqI7+0ejJIpAtlQR1@Tm1O||-V?z~
zh@iluzK*L%R%Xd~7Li#%p)xy8#;x*N8TK(Y?8K<dUO@2eWE~-d*0|!rIDzyQnuWE(
zZsD*X2pweAHe2&X(>>Ed(`e~0sGBLn;n1OA!%q^<i+Lp8@lzYOA}8R<|7=y<m~Lb*
zbr231Fres(sf5$|F;5I)s~?y>2sX<v<jqmemcTWpucZc)Gdq9(Cw$FmrDZ+wn%6pC
z1&jNG)`iQK@jX}^15{9HDb+s7)jN^1kT;!AW+=#EVFl=eoy7xO*8yhZc9>ZxfKa08
zc|D0DJY)PED~VRT><B{|r-eOEOQwKc@NPSGmkQJ-VUE)tDDCRuP6xB7pDXL`7aW0x
zyGFQ&2OH58SEGAMP`_Wk-&ve$qejQ!P{vm))M`V7A=*gaL}8+Ko^PfwQ=8{oA}rCa
z@;L<`bwj#k;BbUtT0;ZFs{oUr6g^@bF9<}G06kRbu3~pMotoF<cKiH+U=XaP`fUOV
z#_3jbyXe-K>XVf?5(tT7;9VF61zC>yf?l65=++b^=5qt+c4<y$Tz7eO-Q`v^Ip`Cd
zE*+Q{G)drsy3?sBvP_^&LATrGLUK3|2<vAmcsz<D4N4#U3?$(3JK{9EA{6Stw`?&L
z(p)$+x-%T?><ouGgJXuy8uG=diyh!g6;PVVWc{+)m7}}+0Z-ik`mA*5d-gz4zsG{Q
z7l4jVKt~tFTDMBmf=nDuL1ooR94-159Z<7PGX!IRiMES!sLL_bO)lUXkBP7zH*7pL
zIEiU?6vmI{uX_E{^6&r^2fq2!*krWl7r)Ifcq#u@g%t4S-vG|naNj-uDCa)u4ClZ7
z*DdYb3&)1>xi#@w!;e2sC2J3mtZjhb8ctIm{P%|Yr<uKO2PJr?-Bo)w9xk7)aH?!m
zEWC1P$YIB}m<A{j69Hv9>l-@v6wxK~9FIAIF|Vk+tg7jfL~W&te*{?($2=eduU6Wk
zwU`z%wX|T%!`AT7TDU}rNg}bSF%5X$OL#l9mdD$T2$Fis2JoG8v<9$!!w!rDaXbpy
zsicJoAAJO-lt%9BM;~da*AMC^x>6GAU0F7=Y;i&holKZ7bIumgv2V$-P>w>%5?LHf
zWEC2x31tbG70ia9%%i3b_v=rEG?o&+9^|`mXP@{3A3pI$6SuLQdv4}An>L-0E~YsR
zx8&!LAk$ff85y3-V4@3R21#y?5J`N27g89pgfL*N3YkQejOXP?iVJmUfZbY|W2LBg
zTnS&&RpYw_-}>Q)`8m?~dw%@z9y*5=`8l|qJ*mM6@Iposb&h0!ltlr=#0xx^l4#V|
zP}$R-S00+m0%*VR2%M;^aV6^#xIMr4!w>PT`8oH974#W}zvbtEKJpL5A<&O;16`Mb
zLj2$}yCuQ)>CM5gl=9Ey=Ujh1wcO7se8orkGf*Y!Pc|CWie0G+*~3*m>{V4+dp}?Q
z$iS)*RXKaEYOZ}wRdesv_7y!I^gk4S#_p@M;<go3?+Q`qsnD~PJ3=p2?g{Oy{FCqF
zN_mJM$0&PsQ60kVKADbLN0pbc6e<mr1~b)FwOKw}J%T^Gda~S<xk#RqS*oqn-q3!u
z|Cn+0uXSKv?^RwK=$r5cFX(Y;57Hyr%hBMt-LcM5a0u%hn;qXdI7e5)sY9b$jl+sL
zQ=V-k=z0qWTUFr@>8cV(nsRRk^TazGQ7+Iyo;B=2reFl`@kXO`LW)gCLo3w2QO?$5
zx<0*ooZ|;e;W$B8PEf}vQ!`VEa;miz&A4w(t*xA=Q(I0`Lg;dfa#KrT&XB)SwG|-N
zu5wFBE$<-b8IB4ArS)_?-8;QGEo7-1f?6D4-o0-DN0`4d-6zZZ^|54a@9gd@S)aw(
z0PVm$dg}m7$ql4}WxbgF(u)bRUW|G4Dt|@XCz4XJK_sG==~rHJ5dhQP9n5E;F^5Hv
zIV&{Uevx@DMF(?Su>2IU&wws>B~=SsObaKI(SeSSGDWdVXJp>Y%;%p|J@H_s;ZSGh
zpt;JV>)IC6I5ZbwP&0_xKQ!oyT2d@{Pc5DP>|0k`VP-_1L73^|_xZg3Kr+qI)Mx-{
z)=9rQu72juxtm`ezWD6Ac^_SjYlg16?uwGO;DY@(uX=Wzt^~?njs`B=bLq6c^XJTd
zEM0QLq+!q9G-ml2ufrZLPpJ!fp5D|FY`JBmG5ws=mK{ER)9C~7$CXjNa&)h=o6j42
z`sI|GRsc287>|xh@EgWeSkRp1LY**F5E@F`N=a#HS+pj4R&-(M+EQ_#r`}&59_1eu
z&dE7@qci6}KRj2y#6H`(z`r28yYxftqrgX@&ph7-z774o<UnbmG!z$lIeU3~3k^;~
z808!%TqJx{@^Ai_uIWAp51c&`1!<%Dq7GZo@@NDt?S$sQ8Yza{<@;?|w;8r(TdR#X
zbN+0MVr;=;fcB{6i#u#(W*lj!xM`zHE|~L@V%7vY_qHY2Md*`U3|(9`h)E~JGkW07
z&=51VYD_(fGna~`2-%InOka=N@L|lC;s!hxbC_!Llx{GksS=9en4unKHV<}F)WZz*
zFzq76ZFZ`kHV+3`vKC9&#i7{n{-@X}6s;DSnNq9{EOHim>V~bR!?l4W$x@u7zE#wc
z0FLegqdG=>I!cyRa9~r{^ewLS!9AaDU$o`I%`Ha$`(M30kJL`OW9joxUbggkVOQtB
zZy$U6n~U?`<==k<-}}m>TlT)S|24LfZ(QLk?htU@F#gw06et`v%2;TXjiACxCo6Sx
zOyzDiMy=yICwAH}O(I$dte$sAZBj7G+pxnY$#lRZHeiy*!aX`2Fo_Y?-gjR!y$ySE
zed&*yBEuC8mqrJB1_vg1CIp&2&4Gu=L)?S*C-f)6nrsiLbIBZTu5g*Q(B5i)O53jN
zP`7KEUt6L5op6q_3!IlauXA!vOnGOzH_L2lhGwlr>(K#p7;HDE(}qsAF$zt$5YpLU
zX)?}ohs^kLS%g{fM=Y-TPh&a5rE*)Q6!cQi8VyGVEH8uEW(Kpu`Z2eH!7##L=x{be
zf-pmZ5m6sQHy=YiALDnv@_iC6l^P@>Ianl2rI$%eI?=H^i;W$WeIm7cx*P*0f}CV<
zxkbfA&2*szsETlO(GlvkUt}fVxw5_V+(GzbP8>ib%h16A%D<4S)=fP%U5*-xQ(XO)
zlJ8#lDF2^DU*Ejxucezq*G*mZ>=QT6y$#<KcyS*t!RqsvEZ@8#GVhY#zVrU8*8|TP
z2DtR8nN^QpF|Jk#Z%^54?L+KBowqJJg-le>^-hRhOlAtRlo{UU=<d>Yh4(xkhd%dw
z?)@(CkI?6gxA;p-Ghxb*MusVOl1>Ao_cZ@NQfD7YhT4aDM?|NnlkFGVKNr9BAHzo+
zI`)Artvi9|*d!MMro)}Wbbfe|F`XJZpWna8W-;Y*S|^-}1QiSkQo6q1g>{$VYIe1{
zfG<(ZHMx_^O<97AiDSyATq4DD7vokg<`$vz=yK3`bXh4GE-Uqd0!A|<q$O^1F&mp-
zx2ZapOU#^?*y_Poq<zw-QbFP=evFkkDaPoB$vr7%(iOuQrbtL(hBKj9?YM57hWhB3
z6Qql|uu3x<4LDBy!J>bJ{!X$QnrD!xqk;`2n~51TyU2Tz)o=r5?YZu~%jUj&L-W18
zwsppzzijD~8?RcnVa20sjz7K*bF0UnNgT(95%=3~{^qrh-rhqc(nyd<G2k>lz>Y_a
zKq-p)$RsW&<djLaS=>C~Qe~D+_EDvzI8+CXb1763rDcWtL*bbBXqfNg9vJEqJ<~lp
zd}egKds^t+=ydn|@bu_1ahdNZIU3ZFA3N=Vz&Jm3L2>@5bFIE!C%Vo@qN;>;k!LBD
zSe$*g!KO+Fg1*NCY$0Gqr%z2xH^Z<2!w&ipb57Z<rGa)U3D8b&rBqbaw%M^gTuQU%
zQt4W{eUYj`rMT2jWy3UjBY%y_OpDp;3=i~j$tbU?wdUHSdXodhyUlx)&AZ7fqHM<f
zZ1!Q^Pn9sa42!57ggU^1qb=RtVKgc8Ama<U`p%a6;$pqxDh!rWX0Zh`8t#=6%u|LF
zX{Ow8=kKci=gzP5-(l}x-@^`k;wyFQO*7VXeniG=118^m^)q;K;PG}`3Nlo~mHAKd
zKkD(#yJq8iRt%o~6qPw1K!;Z09TdPljF?x!&QPyV?~oB%7<x#1*#3-N4%;j3ZK2&E
zK17Gr2$$BD$aYS1Mpf)18Lx-uM5M0sVsF92#?WK%#ibE!Faw&YV)BS1cVd=3vaQd6
zT9!qUiI&!`ML1+o>J1ropkCx<p4v+0sV$@QjH-)1+V6{zEN?NA^$ipAELn^#2M0a>
zMW&TM9t^#VccBD2id7WMWR7+xI2zfaW+tP$LzzQ4>dLKW>wB{<GaK5gyF^72Wzc(d
z#T`K|(HX&D*jFuIjx#`yi>RShLs#7aIRc-iY}!W`a&BF>&J(_2>8NRu0e#OMvTq;v
z;F^|swZo>kA5n)jU%2MPML>CH<;Qd10OiF{75<&kY_kd8YFo-X$~M$1DkY(kYFpY{
zoy^+$dC##8^G=o;ZL@91)PMUNrzNW^&Pbk7F{)y1_4;b5U!q@+hU#IqVTqwVCMG8K
zm?O<d%;?cv-CF%o#aD@cCcmq21^l9~gKTN9jCv#{iuE|^%>;2P+Ku*u(b+++F?1ms
zb*e+lqMGXW)ud{=FP{G1TIu(LQNf&@sbFw_0P6uG&>UzD@YOISWKuQb#sS8S16|xW
zz_@Y1&yF!yDhrRgncZP=<A9mi$ADuNtsgUHGt61y#3@u(%8;p)AyX+srqc3Poco-g
zItxy|)Y;%13z`P2cQRh>WHjmwQ(SSD(Wg73^vO=fo1Kg|J42c3B?-!&Gh<GYX-hHq
zqIc)ej72l@JxbpVagZ$or`!5s;z~<^E*oLC1P!$llS>EctYl(OH&%VoW?SFEORiZJ
zbl|0Je>uG1kGH;j<x{i%vi{fKJn+;tS8v>O<+6>9;qj@yGpF`%y9L*Od_Tr(?r%LY
z_lJGUp5v<ixcim2fBV{RDb=n-i2I7g6z<uH{6JE^0L^?oU@*fg#n*8|xm|XiRrvy;
z+JNlRTwYGV$QczRuT9k~nX6gT&6cNCF^^?RF>3nN78JZ&!G0!i{RUh7Q^`s%omhoh
zur9U?h-vdmn4ZUSzu819UOLe%j%K56q6>%E{?Q#Q$#M(}fb^*CSKH=4>?aHT>-}y1
zf}i&jFPmyFn^G^Ed~eFkI@6(5hv^$H;()ye5YG~1ijnVQMu2e()3lIjW4dzBj+u4<
zB8)u{W_FD64IdZmuDG>iipj759XS;NtaWpy4M07Pj88a3hm>-NS_Io=;1G!V{+6Q*
zeTPJiX&U(bK3CGkre5^9R<>Wed+7@!+b^3p?$&y+1HQjA_r$}U7my7rubOb%HJvX3
zcUT3JTTfRlAPGNhgot|5^;}#Is}|#BCoE@!2?!RzGYg6Ns+n7xW2MMSiIs41r=?1F
zS_^kOt%bXtMhSCkGeeDIrN~N&mDnWMv#gZd;*%-Bo;;AnO#9K{AFHfY)+=qwZsk+u
zup%L)R9UFBD(i|>2b6-MmMWmXOFZEek*4VxJ=s&Q#YhxHUKOR3fcSO%dcKX{%^%>!
z-TYymAU@9ThdrJ*O+7-NT%3NMO+T;F=krWZ@Rp$9t>7MOr%F+QA0z)12^Q6}7XrXk
zXRzf}ri8wzdxZ7W4_mDc^S!FQy`BHZzJ14ieERrDAXW>H<;UZJY&P9^kg>=N9+<Hv
z%?!dhOuy90K!RxuYpk@J^`>FWN{y9vR`Nnh7{u2ID+D1R3xdS+gcm#r+iisNYP?IZ
zNo+{d){xpnDe7{r1xXzU02j2URCTQlm)aU^V{IHwzc%{QAuOh2GsD`(d^)xmv-UMQ
ziZ+?q`HYv^LLTp?#PFYTQEE%qkI|{Wz6CXmrlxa-Ej8*IP*+XON?kUW?m1-LnU-}m
zf)$4pK_(IXB#nfQFz(OTC=C@#z*bkZ=VzDoEA8K}z2?mOM(|(%@sB@V^?+l<o&2=p
z>-UVFNqHpD688gJqw(4f&I;|FjQm;D^1acA5mvXiW>{~~VCtMWS)8hHPW!)vqavqR
ztAovKB-H{G3t&0AESqT(cezU3V%)<Pava{~uBcV0LJM2Bz$y}~!nhG?M4lITvA;4L
zW>xH|Hma9%m#H6de;1{vM4S}UQcBK>1C$2)SbG!SBsNM-$~F8I!UM`{;-C2U#e?G4
z(tpGsWuIGB1&-qhT@a$ku%pOw%3KD*@qEf$8lnQR@ichI3p5~Pvmur5z)nLEc;<>N
zlj+{jIJ1RyGX-=lsM5t%APoC#Y=~?rWFobRq$UcJ6vm*{HK4J;(CFfwK8!Ilv_j@$
zB}SjrBLs|?8Q6$f`Y5E?|CShjQFnx5_*7KZXp%(BQJN$HCUsXV2&|<*mc|8mYq<zr
zHzEOo$@Ls7ixCg|NClTFH*!P?+G)-(nBL|aJ`7c<F3Bo#Nl86j@3FOnF8g?QYn*Mi
zB#Q6xU<uzXh^-mfiNwP0tqGP}ywy)PpKR6HViDM|J&kR)*sO$cYUI;Lxj*Ky?DfOb
zyxw|N(8RB;L3;7GTO#J^IM-x)HczH@pyINU8jO=z0%n7s{W?Dvzw$|b!*#;06EEYo
z{L;>ur1Z)>eJj-sKmh&O>bKE`y}J}SMRF8ZymgZkr^p8C<UUmroWlLh*to!WJzL?{
ze}K8tt+vkG_U>bD%gmK<MhcV^r%)=a6FwFAu}~ZqxKd%E&?*!J9;CWTI8)HmJ28Rp
z11)<U!n@I7K&5U{|A&)OzoeVgH_^(p59Fe8U?p@E3Ra3ok@=%B{He^Ja(@=RF;~a2
zy`O&Q6x`6x7Rs4gn3x7#K1n{?i9AJ?qIb&~HUXCflvu+TwSb5Pge{=NdaXv(0wNX=
zwgAmaZm?T`!vdTZ;IXuK-2&Ve;IaUZr3C60;I;sl1=y{uR@nj+8t5Bsv)88hgZx3|
zZ-LL_!h6EeI0?w{q!Nt86^={BqN0zg-4Yg);gGKGPvNzx^(m49+2cs9bzv9JoHs0~
z*2SVB%z5Lb6X{~_zM_-qBFu%uM30NbL0nc+bT>y1&Ka?w+$}YdA!{(THi9GU0g<i;
zMA!o&)QRY#4~Q@wF~WR(5z4HXvKrCoqas$wB|@K2iAYV7-9E{fU6L`oWD4&`m^wB|
zDWWWoV=S-aXDp9NQsggcq$e!f^@!nRs;P;R4wDO(r#kSmZ9kQ)rk|RbBHg^#x$f_G
zp!=OHQr@!2Tuj$Mxu;H(g}W{Hb!c8s+N-%D*lqV&imT;u_-|?seOD37Aq%jVSTVhp
znZDgM+zox7n!EJA(re#*^x196X=g0FyS;JdsO1Cs^gUxPxUg~8<{h0C<dI7*7<kVU
zo%fNg%a)CM@Q%(8i}uVHKuLbQ#qbE6=ph^R4*l=km!8AiQIE(|IavlMcZH7c*Y^hx
z1PehvE_)qbzZ>isEc)%L-Jv-wq;*&n=P2gu0aPAjHcXJ&Gd5<)*q9|_>#}5QjE&gJ
z*crw5(tw)7EEyZkOk>DlQ;RW=qXv^*HfAi@F#OrZ1S#99rdCbxaF8qvt`D{acL(_(
zM{0b2hBtnOLw<%m{*<{s%H=99+xtahM*WE~<LYM2@I~&n+i?HXI2sesk9JQCG|ihM
z%)mM2K*m}Z%a+?T96D*?_(hkZ%BrMtqMmk%jtF+D?jpj_mEA2=h%&?|2H3h`#mdJn
z`?z_-I9+Y8ns@f%r}^}Kn};qO-S?W##bm{T`Dfnwb|-r~#gM{Rd<D$B9fj~KJAA=n
z0{vHvw4Ia@%%V_;9dJu(NE<GmEl(Dk<cq~QvRtbVbPx2`1&8V*-6Q=&gVTg*%DH;Z
zo%5d?oG;8*X6p0Z^Zhe}mt&tI3ik83iNZwnJna&0mM}}bL{kG%UUC7W>YihF#LBw+
z!SFCsv^>H*91(^(QrBw<CFW@^#!{@H7z2t6Xbv;SRB@3F19lsZ@>Fea2_s3D;&hQM
zU>VCZmHK=N+=`wtpE@Z4b})1?jRS{iD3l}3K^<f4oivDra!{0E2XjLf`3K{ch%K2$
z20V^3CW4p)6BS?A$TWaHVd|)40x)+9Cg?4h9H?2jQ}M%EtwTN1EZ1U!FhRLcxKQD#
zx<b$L==}i^keO79x;s9GJaO~y{(}8i{o|HT^M`hBUAbcGwwqRNB_3RH+tU2sI`{tL
zdK|;{x8HjEkH35CO=#@O{2V?3Sm8!7e6O)Y(|hWt>mzl(A>I}zrSTqGvZSxCZ^>CD
z3*&3!^1#5r$T@*?B2Dsn+O)v5$Xt1zHb<Wym>1a{f5-cA@Z<11v4h@&u><i!+@It#
zdd64B57dY8=jc=Q&u#xG$?G<kgY!pepj7ln9X8|$SqKrb5F%7u0t!(1eiiGgp*E|n
zDj#QP5jTpNl3y4$mOL4>GAAudp=)iZ88lTXZr8Ca$|cxSLu!ga2s8X(h9Xi3{c<$a
z3WDn0f}r{-LC~W=4T7=+3t;#x2wFP4e-NJ%1?>ugX6QTGPSzF|6tNX2+3w*_k0lTM
zJ};q;t_l~|ZN^tVG4RgWtM<>m?9;2J-hP_vsin)FdwR*@E%`aZuU3yAzou~i<N4#a
zj2hT^oO@#Lp10n6>&*`+H#j>#hdTiCuA?YkW?W(;8B!G-L`IS;G_k?g5E>a;8(SX}
zYCW})hS(6#kjMnjgvbofj7W2=HTJIfp8E^&Yweq$-h-5B8DEyvX(PxmZ7P{VKGgma
z{Ja0_&=-*t#EE&kHypJ|4$&LsVX^~`8f49P_ef*W?TKg*%87NS;cRxcI{6rLd&by|
zJDJ<l+2!_hGPkFbxjmg7X4WCyr?cTS*9?i~={d&XmblooyV!)g*yOv)e->}*9)B!n
z{D%2ACFb9h{HBd&MjuLIKlN-D9h=>}nwC%VNd3>J7PVkkF%a3W=*T=J+EiV2-=tsV
zzq|CEYk$}BSZCt-Ws9HMy!5ii^K*ziXbe6LOY8GDJayZ#!Q7_3dw=`-yYIhFHRYRN
za$kdab)ip;(Y-ua=W&v+<p=W<_>1@@yr{TjMON${mtsepjBSh%k*ZX#m9bnF_h1hx
zD-KTg;rj1>!7dBo2gB7(l!}a5o}z!5u0gSz6*|T}e9ter1`q1FBa7%eW$1Wit=B~&
z{f(6lw&FOqh`vV1qzW@EAb}jb>9I5BG@N(-8E2g}=zMRCPj6^Bd*IU*!yB3xb-oL2
zZYX@kZGn;L&4K1)22M;RHpI$G3mYpeAZ-CD3n;g=-E(jy-{K(f$z&$Bok=FPt%+?r
z6Wg{Ywr$?nwr$%twzHY<+gH0=^=k2}+CQ2H-F@!4t?F|=KKb9{)%be8?$nhn(&Ou-
zG+JcaMKa`j*e#dWlqIajV~=KCbE&*h7^{5U*3EtxI(Y!)50E4jya=1$VscGokjgMh
zE0n68OgN;lpKoqxUeR=SZ)xulLr0H)I8xzJvaA`GoGjOj)s){*_ey%Max&icoPW6W
z;`bDGZ`%nOu{_=^cuPq9E@uQH_IG!Fdkd98=gyN)pA?Ep<;%c0Q*kO)h?-L1M;3Xu
zoz=zC!P>?Lma6%%%^_f6xBRGMucIa65Gcrz5XcI8oS8Z!Kzc^i^?|>P>Bobm<<=@1
z-EeHfM-Fft+pwz{2UZ%=i#=aMgv+EU+lfJvhddK)j7|O49;Bt3+(8ct&PBxM9#_U1
z*uIY5hFrKWNLs93Ql6qBuMc`fK^CxeGbEF)grdin_#*^=ESLPEwZ}z-+OgTqrLeDb
zo3S;0`c9!KlqFVKS(6x{q{dY+GR9@p6@z<AqolXsCn%(3X}`JdDJHPF(2-9ITbY=b
zZJJ8w5tZgIgArSWM{hx1U>U|p6`sVI;$U0Tz_}}Q;4~)6m^i4NCL3N^rNYE9%2SWS
zm&4O<LS~b5UYP?*kj`Fb5}xoaaky?O*@RW#0AW0NXi5dTu?mIGENXV1&SCcMYo1R@
z5f&=9zF4<L#^;y9>v{ISQ@HVdi5H-B^UIL^)?Sigi$zpStTVTRXZE9{L{S>ML{uzI
zl8spKutcOxhEz;Y>+oPd8K5tLXLGLc%T)BRhZ$!qV~d!ZzXyKQ3b9-k0Ik%BiuKBF
z4$3ODm6KY4_22`U?Aa%gkc+QorDakYT!$ykUfz{M5tVDKt`p{qr!NRuco~f*3(>Q2
z-HMxtqk}M=xiw7o_e$vClNnA{9|m=Od5MeZu6K1Mz(Ot=S98~GcX?tipRY~v9necm
zAC~J2yvaTWpA3BQDYKC2N#L5L<d<yb0K|n;ii2n!6$WWk2ZD)%xlvinhOFGo;zGCF
zZ9gJ-rJ&C*kPDPe0ewGZ%@!prXRJ&+iE0cF`tJ@zFluTF(5Wzo>*hlFY`;I#2e~V1
z6;hx$wxiV>&0<75#Wa)sd9iFhBGtyeKX77nvX2(86M#LXezZC<HoAzfM_E?v8q3Sx
z)==@jKi6tF4>;PEyF=HO_uP$GZLoeYpwP!&I5r-03m;SUFOaxytT=8ncW_L0oA*({
z&;C$>-K;_mG>!G8m6h1R<JD4jTY_kAug8R^N#gc`b$?|+(51oPRorbnmG3Mtcx*kD
z_ol$e1~W)jD*`b}0$ZbUSV{ParQ1U}Wf%k2*8jtdz5z}5Jk+OI6*H(Dp{o^?jgCZ;
zw80N6Z@X8ohOUig4UHz?sR~n=P5{BE_?HB^mY-s`Xb9y?0w`3as-NO9QhvWl*2r&<
z+Ym`FiZLuDRTC*pWRCu7<?yVxwNs`*3W<s`)<E)~2XvL3r_!8S<$OBF;Dw}>LeW}I
zDbv2CrTf`MT?zf=$)QZpP~W6G`a;Z`p4)Hm@yk|MEGxe64sNm(zir>w9!3E)B+pOR
zoXoSfcS+YeLJgw4zcFGJ+A1c?CEPOFA6b&BxMpY3ej|L(y}9`#q!A1&3?+Dx7>15u
zkUv6*)|&VdU+ZjjJK~^o*NgVnrb?=-cra3`n7^#0)_)PXFjDv9a>}x*zaJppZY547
z7e<kzJK!&$SSsX2rhD;ocV%SOOb!RCXaQ7-!jw7eWUhAF#*raYGIdXQpU?v_<>#ba
zV$SH*{vMQTid}OHQY8^(Q(A%2wb?$RL#JKvGnbp>8>*Y!N^Xa*SCLo1hC-*1w@Osr
zPcvo*5m>@b^^hZtoIyeXrEk4wm8iNlW`M<&*?MWh`E{}ej^!D;J|a+DX!SuV1P+Sw
zL<m2lJoXNJV_l1_M%G$Ze>X?!(348>nsj-^%G}~VKZy)0gb)=`OAdOF<m6G|^m3Ad
z>KT^lU<#B7#K9viSOb)OA--UWr(-mY-H&IHspCNfbJ%Az+gwg{YhJA{X;ptyxu1I&
zno3CQf8B}8Iya9ipU2I_3fCFZxd!@|%;+AhW;}iOXt@~(qs?fFFVC&!3l|IsKnIy!
z>-p}0Duy^K*_s)+A;HAx$G=`Z=1rd5t&%7->S*8Qt>59vZyc+P5(ZR`QuEr<Kd>WF
zKxhSk+AV^JQME*O7SSj}FFQ62iS32y)gY6$8<%HD1CFM7e)ms?f)fFfDeU?}LGbCt
z`jwQqE)!5qUPfS8n|2PibH6=%pLs%hpw2HpFd83BjIA&7@qcBdg7p3I3ylD2m^g@;
zLU+lJj4X_h%*+Nr+lN~6B8-R{-ST583IPH1v0WDc-8Ajx2cUE`)hbmD>kyJWc;huT
zinReLvFzMzd_9+Xze%@0I6Y+lWMvo_FIurDFRU%j_%+A|ZphjBmW&S_jal9f3i)K0
zs-Koo#^IM(oh+c1IlDRKi7i44^ViXpP@(t`Rc`52Nid=(Ex+Z4PI;)$9hS4K>dVFR
z8egg#T$snO?gI<bMT&`_n*_XQ_O$qqOYSa1rl)IjoduO>qSD7N?46Synu8BIq+R1O
zUPP`rRy4dzjAPfI&E2}N7wy~G>7#^G&mW!zjHvi+nf3Nkn%^UHtQ2)`nZg9#Onq!?
z*x3|IBBvAvj*SvN<}Uvn9WAMCGwRz%q#Qg|m))6%e?LI;G<UH-)p(0;9Kxs0&DDL7
zm1}Y@C!+rYHc-K2&5~5o3Bi?9j%fZG1)f<r{=6_Xx}yCCzajJ4U6gku?o{W)!P9;i
z*w<^U>9b%03rp#W7Ish0MRX{0`q0!MHQfMc{x&W|hPiAcG6)uRcLh*aNr>FA`*?GN
zU&M%up6@0(m24c^oU@-FwbHs--X6;7%oXMI+SxC`#=Y06i(UC5y`&sMc%KeT-(O~>
zi5Fj!v-IxXJxNy8(jx8e<|$!wqxjEoP%y8e!|n6pGmm-v#0o=o4-XjB515+x-YrXr
z0h5xPkNz_D&F?19GLnrT2ZMebMg%k`drTW<m#niaVPAr3>>}ujxFhUa!tpPjt8y^x
z1XB5qS9%`94(k}1N38yUcxOq)6nrg|{Xu8a{8z*%2CZ|;l4w2|E`SI6hgHLzzr8fC
z&HeK7l>XIZ?9u6I9`C}zpTgp{cTkyn%p6fn{puTCMJ3M~x9dV(uOB*G=4ZW{#`uBd
z>uJR@Z1`_3Sqwu@^NRBim5J82tL@!Kd7{A+^GbJbdjv+aD~;VljavE>FLjUou&u26
zXg*B@kWQ=^o@@hPSVRpg<n@9ZNEPic==JxOxBKQ#ukGQfSPwT)1i<m}YWWk?xJt`q
zghTErEN8jWC9hM3Pe9)0>_wFqZCIXgaCNlkZ0@{Ne!k5T7`Lz9N!nPBV>5DaH=fqO
zy}V2P=LnoP@*D}BmD+uunf_&Jb!Vl>+Xb|S0|u~F8U5J__9b*TjvB5hyFm1H{ikp@
z@LFEAv&g(XABgu&KX^ZYR#TqJRiopa{UOCh64H6NT8EsCrN}|trKDlb<3}A=TW_tv
zrd}J;eUQSLIA^h~wQ`k!fsb9y2gg2Kry5dP{yYZr`*4m9*{H|p>*Sw-uF-d`9F?Ee
zW$taAupP)xedzWt#k_pgCTyG#Z_%4nu~60I<#7<PlcWw$Jk$r}JHHRbI+t52unHH;
zj#?J;N@O2;Wjp=E*>J)ib09;rbzlWO+*AWRW6+O<D*v!;cE}4|_GcqeK@^AZ@!h$$
zmr^*4k%59-M}&}9%XJ6((sW!lw>ayK1j{|9#PcXu##wjrGNX>Dpoh}v%P!~TF1`;u
z?S$ea)6<CXgy1~Ncf?iIYYc&Z;1nKKA|o2};%Hll8#Pw`SOXmyV+d|!39R8veBKAP
zb0mVb)X^$|G_X3*L<|*e)QTt2WJt7^v?VUGFAQnHHiJ(phXdbMZXkH0oj2ys#Z{ZD
zpL}`WYn-(!{UWTHHvwzU8>^(O-Xx*%2mU{w6>mA`a7^5^FtuhqSfZXY(gsU(eB(I&
zG$+d#uY#|hlEUwK@M-s^*50}OQ2I^#G#a7e3cJK}D&@mc<Y!UOz0ecx+c35?odi+l
z#Y{_zGyCSog$jN6qTuThOl~h8%GtI^@KO)Qj!0t1EdgiWjNR+{`eWdwB<xx|3<<dx
z=xIig%s+aFes_$&9fo*0u=2fDfBkJ8blsoyyEGIW1UJGRdVlE7&(--pvmItN```9E
z_B9m?l@Qvv?IgBR3sT)#BGzH+XgaZ~2O7KHEH%_E%va49lOfjrQZfFJl$CL#EoVFL
zZJN}Ym>u-xLH6o3)|HL@>X`<37;xZ((Py&Y_DEMQzs8b$h;e)_X+8}luTI*DD3oW%
zNS|v$*IXiN_sk)4lzo|CIrI|2JdCXCq(OOldg=yllHU>H{RdSufkFGvkBQ{~MXzib
zT}eJ%?5eMXU+}Rd9tlw8I>=c+)FJE?wUNE8LDojBiN_*w9@&CBY3~e!Plu9b1eduG
z9n}^s+*tx$ovRHLMUN5k^;z<FS;p3Ri97E~W|Ub-${$$asqP#xRk3y!zZxY7XQ1!S
zT`GodvYcF+V&B!VZLIS|ameyGo)#Cqj^|Wpp%H^UP+%|fs2^Ri>f8b!LR*Q#cvt4Q
ztW6qu7Nt)&J>KJDa;=)}dvWV?3&CkR&sQk>)&yuPD~n5vv}yblJ&@aQ<TF>x>)J}D
zc!-e9Q8=X#6`luHZcK|76|^zp2{QJUi*$;Fd#40YTqOt##7nH>88l&7MO+633n_N{
zUF<`hEetXl1jguSZ{H==bl=C^%k1Ks``l&OyL4p972T5iH{@^VZ>amXv|l8N$~wDD
zw)eqLS_i~YZEF@uC9^8|5HZFBdvp#F4zFkHS}xXpEaSJuj)>U~kzyrWl7ye(d8V<2
z{ejU2P2_ae@+;$q3Y5<|&S{xiB#2V<ZoL9beZ8hujK9kd&v`P45x<Vmibsy5IvU#v
zLtj0M6OSQb@zA7#PZ_;vKuHqfA*VHe7UY@TmZT-j*<`b(a$Ja?T9SE?g_6>CuQQ+A
zYY8}8oV1~~Q(B>2>ZlWD*Qg1Cq(@7H=UCmFHMWyzH)>r|P+hbz(J|}nEz~Lz{ertv
z55>kK&crv}x)Q~oHCJh`9OF{wWOsw%Xf$hoQ`sT=w1YQ4chOvPoSx;1znAFU;F>P~
zvy*Po8M<VoN0G%yHwt3gOD*zo_)TPw^u#46>LF%=Cd{Kh_~UW;&}-Tl-wMxI^W!1#
zHPX?rv5C(!@HKv~sZ@cW@|_|}0^Pw?cLw=B$+|cI^xnB6F;MMY=s}0>@crdb)27qK
zbHejs+*i%(NqX532`eVc0*(Sy)a6mm;?Up8SY*V2NiKdSV6yc>7-{}wvkxV{Pv-3S
zp`?V;e&O)X+rWF%W7p#knhm;*KVfGB_f4wS<xyb?10zjMvrUXNXjss@JJGIW1P3WM
zNWVkbi3z?M{UAWHoi)LScoBoehbaLUA|s3EQ;Qz)gYw2GA>!FoHCQt(4no3@CxiYD
zYA8#haK?EHuT_EJKgN(Fn^L+#juI2+d5jF0AGA)5*~E_{q2O&T59yShySEp+M~`#y
z45Mkiosme8$jGv5h@DsRLMm>rz|L4rPUy3L;+{NVuIemZJ4~(He7&zu8y&dE*my4&
z1CY$kLEJIg1{oKXmpIEC52Ze@ymAnrD2V;>9O!6TvOJ9p!ySlhDrP;|{as(pL32)j
z9ufwO0PgM}?Z!4G8%~J-F{@oEA(#BABwik7zy8gyxCVhjf_@S6bV}sccPI*lc-bZ@
zpXU=i3*K+L_$n%wb_8<_{0WXpV@^5c)LsfcZ$ji1rBOd;s5;~OvaB7Bw-e^&Ws<Iw
z3Lgc+-)fM8-f~L3EXU$9CD5|wf%zaO7h3-J&Wcl8w%o#XY0B$nzj<&3;IZ#cxI(*T
zDzsjx<{VX?3VnNe&fQ)Mb!5`3?^<Rj**~_RpSNa5z{+mU--Ws%J<mJM58KoZGwlOk
zzgChOKh3kdlS)A+d72-jUYBi_@t$nN9aHLqTfcjG&ORYBfL6I}>s0eX!!0xCKf!P?
z^KVvuyr)92pHp}0Mx3)<v999Ig*6`G01|6_<b*|9W*B2gD8o!cRV5Y~<|5-~GIK|_
zoT*O*el^;uK4yLK_!19-><bsUdfe5_$Gp1j3>_?llVrmcyD)>oD0ah*3?RvGoV!69
z2UG59Q-Arha8%%ccp62x<`iM_<K<U!!LzzL*h8?5H`to8k95!*Vsa6oCjQ_lvsDpJ
zp%2^x-k(F|qPF$<!y_WV!t>7&d4Dz$P}ZLj)!Dti6ptbP%3s0~l8(^!iOreM{byiB
zz3E#)6X0+|T&#ND>;iybFR*mZd^`?QbW@mQNHU0hG~CeYe%CTJqp)p)=r$=DBLT0R
zt{g~Ccx5YJP2Xj*%gE|^K<*lbH8`w9d&%nY=Y1!>+xgn=Ft><uMxe|sf@aEy8v5Kc
zWp02=PaDl(R#6Ta*Bc{K8*|#U2m<EwxdqGSK$##ODyEZiaTw(`UtN1HiUnT-rKg}x
z5Fg8su5`f5`O>q*y^_UtW4x@VyjDnKgRQ`<1k_*F-F8}h-#F@kDWX8|b3_Oo*l@nq
zIglGRUeV3~VEU?7%918jCw}jwBG}rhME2=e98OU0&x)_X@G6b+>ae_xdD;)YW_)Oe
z-GO_I;7t#NJHsFj**~YSAHS)>j(wK~EA=7Fml9P;c!kQ;+lYS!*|=;A;1Jv(np`nd
zC0Lz3XN+RAwdKgTD>A9@pTHq~KtE91GxW!1eIP%;OcH<3q<ng(q#?aggcjPI?Z`$<
z2VVy7*7!uegSqUzRVhfOsIy1A2U+PR?cOy<?t0otfZsfOattj;Rz&U*WfO|adV#D>
zbAT{3HxTYnwj$u+ufp=&n3b<sB^y$QraB4*EB<co&t0(lzMF1W-!n|lv%O44>8p67
zg_G#Rxkmysamfxj<__`PFdW@V8blnX@5%5cIe?7t<ec2VK7Lakze0g!y-ocQ6Zeav
zmJdb*cW&Sh#znO(_j^^e5qtOt$X)0H_~;AyCe|;Gd@{AFYDN=ESP_sY(;;wQZt77o
zPQ|AAEWuYuq3!TILC%r6yz|da&gukL_1}J#<Z)C7Td~v}X;z~!z?z1%JAnG{g16_x
z;^Pk3AGhtvC+W<Rk9q_b#b$FnZvx?XoGx)MsUM4>xKeucK}U_*dH94uSyx}pJU4r?
zIFIS4G_>9&cW0YTUok}wM;#~z(T1EGvk37e)~;(k3@`^7V)t=IF&Di#ERo+2e^Wmu
z?_ZiT^&c;4;e-q0@j5*7?9r{b#~L2@0!VMA7O<F&0Mjo$ukKy?+`e`?^9+U34XGJd
zb-|p8E9ZO8gK{#wEkiNJQR1#Qu<N9Q(;*Dr+Me9h*EsyG0$?Mr6?V@*PLQ86%cMjy
zXp2^5BXJz*pMS3TmS~dJQ2(iM)!d?&YsbGE`+NcK;QtJF`yFmID%Y-!tVnF=Mfy01
zK7qW|m1NrN4f>=^%BOt&7h^M^2`3%j%KgR;Dpf5S+5JfHOzd%(5dRer>lmF&N~B}6
z)GS*fi#`Cu&{b>P1wZ)k2PQ5zSph$4q$PSgCyWl>Uh9W6ci2Syb02!$45Kee4m|ho
zx#^$D*ND&kSbbL*JyKh3KQzJFwKrvqbG+BTE;~RQz=^$Q{l=AF%;8e`RRL;-dt!oX
z=zby_Y;U+s$*eIzbMT&5QNVwI_~tdFw?KMclx5z}B$*}A*n8##zehCFj%vl4`*Htk
zQ_JsCOvDO#M*FKXoW?{83=m>XCmf~!j-v!TdJGguE~@hujwdHFOTD$5bMRIioOblB
ziit8J!w1<?^o1Y1aXH!wF^wW)9^wtWHO%XlGk=S;#sy|QS4+gcE@V!H8_|<hoYbUK
zNQYY#zEm%@@GKX+UbrRVOg%kx&Mn>>*+Ig|+kc>@^%3`U)Ff0n=(2IDe}$=3iPh&}
zgD8sy+cLr?le3F-9pN3j56JiQ`J{<F-Dnl`lzoTt5@%{rLqcB{<KPFg2*yxJGjmN<
zDqA{jqOg}V9=wn4YB^k#Hkh|3lNh%v#CD&@J+z6?xbYpzVuee3O&aK<v}4Jk#GO&0
zyr8NfSJ^vDR|C+(&env!T>zV6>~f@g`1&TJ+in?r&f>EHV#U8U>1#E&AC%9Z>nHsi
zsu8t|VGH#^Tf>G!#NHZOrlS6i?qwFk{L8*ieL~DR{+$QX45t`p|H{Z0+DN0LFfu*O
zUy${jYn%j{sq1lJ@3%~j3d7HpyZgt3J~~+}cgbcN!j0T~t8bt#jj-d!C*iOk4jb=k
z*`DYi#-q<~p*0qGxzRO?Zs-oVHA#dg`&+-h+#~BowcZ^!Ag^5{oSUA3YZFx5I6OGG
zyS3s?(y+|bHP}352jZXS5WoO%-hCZfo8yA$ZqaQn0)L*ZAP;t<oRrWUa`}R{;+rlG
z$~p%f1+_VC(H+_Ig}uQJLHN9lT>ir9-s%`dNTbsMRX>N%)(dC3b3<AzYgy~KXoy;+
zIX?4$EvQ>GMKK{TAva+@GD&JUt37^WSszaz7P*OAV134+ocPG{>8OQvfpod@c2<Y-
zRq=($?u6#f$8p=kJ0dl{noX06CgzR*5+wi^0qzNHh0&ho{^eJ4o((7dtzNFcW{(Hv
z+QU*+K%zt$PCEm*Ra!<>A+k<A?)%iJ;3oc;h1G3%!1vF$xRqZ9ZUioTdB9s>-g!lu
zuzz`5Zd#{;y`Xm0R(XTGaOpCPIr|#<-hbWUgV|1EP{n8ejrVL_B$DO*nuo$M3bV&J
zY_6TXSU5@Wu6NRKXlwGU*=zZ+JI!JaW;#~^K9<50u%WW)bbh06kCT+kowmxKrpx@R
z2&M{eyoCxlDevu2oZczMjdqMgtU1!c2&^pUtbK=i{-eowIrJ*I<=Qcp#AsEQ02l#L
z2NCqq44w$g^3QF(<1moHczvTj5RPKdg$F^lRJGPUh0-ryg=>DHJ~FRz{`R(jJFB_u
z77)%ok$ivA@G(b!orR(B!jYU9q~F|%v8Rjj)067Ggl%K#P3H59DvZ3<$k~t5b=*TO
zmta|)pqQElhMBvWpSM1{OHoCK?~3j%8&`2>rfwnTGJ}W@v#yi##vHQ2X!&=oSx}i8
zCNhmD?^bv-FSZii_NT>pdX^yUvU}k<WdyX@9~!tI;c^SyHX0`He4gVvaym;{V02b2
z-jEz|7oT97)#06G8RR`sFUq7+tTPUGj0=yq=!P12D9<aHA;#{4ewZch)6EC7^hI;8
zfq9Z3<{tl>uvX@wnL@dB{h}`u?q!q17cHn)sC&9oy`h}|yudZ-Y2-FM_!H2(Uma2A
zTD!HWx90g-({`4wAQ1uSovN$7<~j@3d#T!tSLjqO`1@etIbzNkaQ9T&*bLXM?R{nr
z3x|ckO<kPyfUBudeejtKvWI{Jv$n_=*!804k{LAt=_d2xHlF_7gpD*pJKVf8j%yKz
zT$Th1U%T;*qSP)R?Fp$}r4fB)Ynky>?ZmrsyEQf7vO|z^EQM)JljtEWu@rt9*2aCP
z$scbfZ2x`ao3rLV{S}$HcU$6ej-k{nxqXZDj~mtm>D{~JhU1p)v26^A&KRKVJ;#Bq
z19tcoFSyal3+jTih|Wcww&Maft<AtArTW0@t>beEleE?!*Q{2O7q%m94v|(&n-ex}
zS}XP9q(c2;{tBzFH$=?~#upElSc+}qJZm;;lUc*}SpAj<kh$=|&2Iqe)OKE#9Ifvk
zes*<lKJE8p4~H(67|BHMUp^?OL}-O|K;X?DM!4Isal0z-nqXKbH&|!OeC_tkS$Y8b
z?LW~S6e!E1>LG9KA)70V0BDfr&_{+lsLg{IPWNB!>sC$LG-oZ=k;fK7_gWldSn&8>
zKvjA-q!QP2YAWO*&<ENgM~BSq+e2(76~Q^p^CNY3F|n-jyDGh~&X+~k=bol?ocI>@
zbIyeGw0b`;vjmPaVAC+n;*6LhHbBRHXjzjJm@D?Rk1uYlr)>`}Xc@cbWy`=>2hrc?
z4&S?$M-9h*|EU)@HqNRVpm(ktx1lT;N3y~(KfYq|;ROn8MK{5ls!T~v|6x)lpcNH~
z$o?n*(VMWB-OFd>PYd92Vw08v?_r=817Ax)%kQ<lh=yxo1c-vKQAWl_=|6EQ^F;1z
zC&M+Nzhht9mb<hTf}U%66L~8g`?$}`3=LMFG;45dZJdc*+X{1Rc?rAm{K%q<vh+f<
zpDp6^z6gKF^34Q;IyZlZ9ZS|xt;K!0!1eC@LibUR_k~WSfdYr`K#dDr8|E4P%Z-`2
zCS|I#-@)=B-I_zWyKiQfASX54YTLN9MvqvnYaVXLu}U^=(ef&Ycg<{^Y3=Dc)C#KV
zdHe+$>AD-|#rQ+Rv-L#nC|U1(V~@NqBO(u^`g-U=k)`US|2w?TqL7Z=b^n31w5Lr<
z)^?Nn{#VaR>fo_t>40huz4H2!dqxhaku_F0>@u2|>&u_&Kld}fFRKW9-u<|Z4leP#
z154b_RGaw#WTs%GK|Bu&HfOP_tcu{BeIL2<;GeAvE0JG^X?OXyM?Dk$!tf_;p9P3>
zg2aIv?VeyK^XEajBDcRoO5Qu9ONRf2@%rV9<zV_5+N6Ozf;OvLuNV5joyZZz<m3_7
z4dF_KcSPHH&N4=2>@yR^ou<ss^=5z<qANGZ(RVoJq-mHu^tDC#j(gIP8=4^P#<YRl
z39uH^#?y7|c%PTu`{&R--mT!@TTCg&d+2V-LCuam+^k#d*p3Ve2Zu1thqpwg$$4?c
zyaVTQiUuw@?g>-W8y4yX-obW9Qwm}G9j_Ke=P#G<ake}eM{1IR=WALY7<XKm9yI%J
zY|h+YT2_Cqe3#b=ANHg+=FSdmvAy)tz+E3OCZ4&&Qi(E~CQoPfOJoLb<jUsqYKY&=
zvAl(Km(u$L->E1LJh_@lVx=><hCSPGw}?fum>XtI1ipKw8v$7r>JJ^}B+^SG4#|ze
zvn>`TVFXSb(XTMh*des)QlX|<ia6fh#C=|7Ac~@BeO@%W6r8;G-uusMta|{a&AVO%
zHq>;39g`2`LJiHPow%KC&VaK{$hWB-ZnkM7zyT<>9bW9FvW(+|{JO_C%k@^{cT6wM
zXZVU7Tl@n?C6VP_nW6_j?X8uZLr)(bH~5|d(3UchB873DteUApc~*nxWC8Etwt*IH
z4k_MFyYd?<-rT{Jx3PlYEO*;ub~tJa_9T0pmHTu_%6h6nyl0Wc^K|A$I2!JeCs22(
zii8u9v8)yOWs-ajH!9#o-aZd+*7y@*UHWzl9+wRp3Bw~-_jI;CksihkTyWkYKJs%0
z1bFhWgQ~awkIBX5Dm;hFK>v9drEX2EsdMSzJJyiAtje-EeBl-!S3g+&BG{6T4+vRs
zgKY3LdND^lXm6A$28;nO@Wz%ZsvwOEEAEy%znVA5{f=znNvmh+whuGT_p-C=3yO!R
z{dVefMmL)MTK8wUn~3|E$23^iL?h~c+@s<}%PtPxB!73zBTC%I@>mY&S0;%}6$?oF
zZ}@AG&E&n+oQKv9xTzU2mJgsjFZ%vwk;=RSRB0dK=T6+i_M8ppcaS594iifgP6j%x
z7piW3?4)T1%YL>=FRu7!?5Unj6UIubH>T#y17h&6BHYj>O)mY<1&3He0hNFx?yzj=
zFQPzUa8BIv8b@C9c6&Jaq(k4unK(<|W=m4AmtSu6UHXw7<8G&hEU6zBt&Inx3GFAF
za*+b@KPQt4_g>w~S-|a|+2ixPd|#%}T|RF}l7g<2b27iJhfc0(?x!d1*9SlRviv4T
zt3S_d`OKPCxoywv!xh(ic1t+$<^CfV=3?R^Z0~tSbLh&MjC}HaE0b&1pY5?687M?y
zgpx_W6=r+MIq?i=fpN(9?*v8v*@<i#*%Tu!Ypl=HhW#v!wnqE?pf?>B3(U+X*oX2+
z@YoB&<C^;wv=r>6EE{j^jN69uXp05gLuaCqbyo7Ij}bBJ%sL82U!W*uq|#8GaUQA<
z-1{pdF)CJI>VC50S|{Xo!|IK*_NRYyoe3OVJsG?qhJ6?>+;+oJ{cO4cQ{O<5C6~ey
zm}@fogYJvvTMMJNF82xSmwH2hk7tr7FZ$Mb9Ov8(W$G?_p!6lvFJ2dPkE*B<uFYxx
zOgoC1!QVLUp~*>Lpj?e<<A)*pYCGHu!1I+xXio-1SDkD`6M>x@Y#LPH<Gume#W!}m
z;o4g$b8DbQgk)w`!%OO%eS~-m$eRlr-3<E!_v!||KU`=>(ej~USlwW89$@earxdf^
z(AK*+$ihU;-EhQsCAkqt3*i@_sPDo>+Z=YU9g042(tNnec=<*?Y_aSD)MflShvh{^
z0`sHjp;2&!XRi7_EYg`}*TtAQvg)IcJK?q#dysR~R?~eYbM)$dw5zQAC;VVjjh2r2
zneQ9smetUr2qu<Vq9%U*T|IFrzNb6LL3UnoS}n;4FhAo*Cx>a{F!Nj5*&`X;vZ7w)
zxCSrVB>T{vqIQ~oyW)7_<Sz%CO!KWr5l&#^b#q9f<H|deuOaoQBD>M$venq^4{M_u
z3q;P6tjF%eUn6*sztxBqi7BH8p~MQ*ZXFE7zq<<Y#_wxmn=P%78_EwQs!<Sh2qzk2
zcw4&8%bn?t(q0u(`}e(E?(TfKWWSid^iZEDdE)Aev$J^KNQ{$5yXGJoyLLr!e@8js
z8Jg_Ik<qbp7<DvtNRx;vLg&z1VAqShy*ORhr3x9Pe<D8VHg?xI&=P#xTR!3)ei{*7
zGsewVnsi=VHRQ~RIBoYN_SEirVP9)FPv6jHHTSB8%`g&(oYjo-4$?m8ZE{bQ1Z9vu
zf0$DTPxrWfB?9+wGap@>%ouI9ht2I?fpSyi#&40u=ZPa4d@)`fv&J_ZVkG)}o#C2@
ziDFgRy(#Lx7Og)7-DS1a*rn2??VeG34F7tHuqZL=VM3gRZ?duDihg%T=sG@2CbDS;
zq%_0T8UXIVcvbiiWM$Y@qrHXhyHHnd4(Uwh3Ao-35<G(@UxZmtQM!RrT9^!_#aQ=Z
zbAr*3T;JJUM#FyKviOm?KVAq<GyeJAIz=V=(-u{(RUG?_p2wh4_#voM^YP*qJ=deo
zGU-ZCD+v*`E!^nW3);`9cG=4I)?Z3EaA=ekLLVGk_Sm2kHa6`MzfAn&V&2I`%U-#1
zbCQRZvT=hP39#O|r$zgCv92;AZ7;%^1$SlN&Gz&N2YSSsbZ$6v$*W`pG9*R3CR(FS
zNUog;X3~SN#|D?2kG0@7-a4_9P~Uh1$OY?Jk*JF&fB5HZ0bv-1e)#_vNBaERwCdBW
zio)=5zx)Uld#pX@Gp|2LT}3T&uFR$fdQSJwjpy;|;1SHCf_5T@sm+}0^?SDrO6AU4
z=o9Bzxo*EDbRw$|Rz5XNfG>cqf<zRSWNhJeJ0i-0mxDKewt{3psC1;kkAW+HeR+&r
zksCK3k`WGaQn5#10e6KdJ2U0g1)(6er3M-JGV8<Xo8Uw9Rz2#Wi&%yGsJ<aqa)y0=
z9NgAu-J}#7fj$AG1RSm`lo(3@2gI0JxINRQC`Fbxq#N2ZmOh^vwe)7s+bystk2D77
z&`(?SO*rdup_bt=JHM$2y$1D!@{6e#7|C(}P+YeaE2)lHhkB`4t1!zi=2tQyAqL=<
z&LD)}<DMWVF3He~hgS9_-Q!;E56ISCjO66?2iM^(!4>ZayuQi3#-N3GY92Nvf>QdP
zbzygT@u9z5K7hP$pkFAcwuun)vD3k-LRx^|g9f?4FaB{!Y8KL7)`Ww&qNzZ<f(yNa
ztI)e*k+cqLjH&;ar>m;FKr<zyv4t7_Iyl9%NZ+?|XNl5j&b9=Kqx2^cOvF;5bqe96
z$jOw9jefb<h&6s(j3qRR<p7;j1@`RcM!p;04^nHweO7XO3}{Jk8W4x%`<}X_6Q5Qe
zB|h#iG`-AU_rkQg%DS{qK=Xa7eaM|yf20Us2@B{6*_m)&wYY?=<PGQ`(@H#-y2#C_
z^g+j-e>?luBGI-qMJ^`r)+7Ug3=-j!xYZ%T)mW`TWeOV+dRE*@RPpyH!IHt&Adh~x
z9?j4(VhRwgnk0!`F7suHJ+lE=$Q|_<lw2q<=(1=7NwdBp(@@^1poJ=K&w%UhOKjsl
zboC|mU|ai#&;~AQf+Ood9cqDmj*Yb;KF39pf7j~|^ae=esa{Doo)7!#A5c6A^zMky
z%_I~TP|8WD#FA9(@p2T~Zs1uQEh95Ga4D_j8P`~q$v>3KI~U3~s+Xh{%uy?zR4AN`
z#JAYTxBM>nY_1Q?pDT!Ou^joKD3lSq;*ea=lmM7JlRxn)n470?3>4S$m0y%98C3x*
z#1c9Tl6xb<BpDvaSv%&F!TfrRjFusnm(hKbL4e$_`wXTlrU8|C-MW-%&q04yQ*GRA
zdEsfd`6M6`dWd-G%G7&v3zD7Vn+cB19VMD6@=Z^3)Yr5NPWQ9Ab9gxa8n}pGr2D57
zVO77Kf;*&Sy!m85Nuw=}ezqS@!RuwY;(Bk{s;oUqKfxFdLlF@!bv_{9mL5r#Rwkv7
zUa9|?t2!6XLeV|`f%^L5{e75o?z4rvv%CmXpB7wu?Y8cqL0(OHj*W($N#Zs1Nxm;I
zUY<e`iVs{4PzRsQ6=&)_f(+z)VcC-stg;c%tK3s2?#p2zg+K62f2FFF>v}ZZXxP(u
zib$P_UIR^XOpCKVpcXr)GG*Gnw$RJ_TEnd4wjRq$_Ee@d19WVvZX;-p9zNLf-ir{O
z7>{E$T4tRn38Y4q&QxO~W=FbGI><<poF|+ZAHHt0k2P$l1i>+~uYs?TwZL{KtmVEo
z$kpN;h9HHpP^1yPV@Sk`i=ZD66V}N~nqC&g!i~`UsW&k82a^G`aFR)CeNIv@HpQgw
zz994oItr4zCjkFgSv2n8&sLcS?|1Lv4HTx-lU=if;?fG)(i7*g?9!WSU}xF+O7Y`>
zRLO$_K=wpmNs+lD*Gtw`DNip$jkl_)bOXbEVGlOcP6SpH*iRh+6_K@8ta|F8VC8u_
zH>@Elm&>}IIa+sAxN2@j*1C?mzr0^fFg>%KAkr-9Tw%#0o$i_3tp7GsdNO=x&bcu6
zVCX+zU0C|Qaq?Oc*GRTWrUPHLmiw9@HoixFg0P>aXI#_DkzZ3-SSpu7_9oYHt?~#u
z_^R~GNKaSGJHpDj{GPb_4uydC-a_xoTbTrv-}$vt<#`t6zA>j^wQ2-*y+w@o?50Hd
zxx_MSb78XL>mxZ?wAae~G|jQGN-M{`0<WOk@Th;1wChaRjPG@R5?6u$EkpIZM98k8
zSXdG<1F@3nU7Ya?<hlLZw}<Y@82k?20c&L;+v*xyoAL0HUL!|bmUdv3TG#EfMrG5F
z){gVG*H>6ZvqxdCc6GM5HcWInZf9jrsYSJfJH{5}18WSfJF>>2>$7exO4g}4y<Jl4
z<kVE9WjZ!y7u7|3N^_P-j8*R~JyU8^v9gb)JVBPkpTJ4e2n?6_RnVt<2x;>lMa<E&
zSTR@xvxLLD`lQx$CAkN4B`oV?uRNE)+qDU1)HA{)n3yrnCj0xIHNceeLUd<SA<tBO
zE)T>d068d=F5Wsv<_dt2-a7#}4fN+cv{G7NYb3OZbOL1Wd{0``mR{~XP+a+_f9y8x
z-q+l|uW!0n<z2&8&f;jSaRQN3@|-*=eZIC;AhD){X_7u9oX<LKd3x)`0^m02TeD@3
zMV7AY#H^1jjRPII@Rr|`I2FB^TBI#ji}N|ip^F=Y0T+tQ+I%SCS$;Lr84RwJ4&-=v
zX6CY8>IJGLj=MHB<M`-}kV(t^extZ?3h2-{X2F8dpPdn@dugimQ!_VwL7edh&7gv=
z`A>Q${r{wQ{+DH9DaB6=_WuV;O#j#JmH#L6|0+tX1;q;WPd1-W=_k4SN%sDweE%A~
z|7Lyv1^@mPdjB=21;xPhS1JC4f7$=q#Q(&n|4jTD{F(e;k^Va={1+bnixB^JZ1}Gh
z{FnUwS0d(5RQE4D{5R|WH?H`9xWoU->EGM@HzoWx=YP-tTPFUy%<#D%e}})}f2V)9
z`Y)-N>0f)n{COCEkNuwr|F(%gBmX^sPoJ3nFH!tAjQwAvF$42o>6o46vjqP#uk@cx
z^Jn@``uUSB{?wZPGRA)~W46z=|FFe>v;I4L27mI%jQ^B7<39!epH$<2g8xm&{*TJ{
ze^!nE*0=u*8nZBcg2sP;zJGznbj+W-@?QguKdtNk3>yC}h<_B@f8)%bYV-fCfcv+&
z{#OAvFn&EUjSeC3!WByAT)VsqmPIf$x)eaMpUZ2u0{+EaG={|o$1bL^G9_-EM)7wH
z(te!r!5B`QSQdO1yeDhOtq8_i49T=pJG=vCMR$zJ(cE3g%%{ZFg6!RD&rM<~$+JO&
zoB{92N%Yb#>OIgqiek019fyzQCOLD_t#I@l=koaG5$@3zxeJ|9k`*9XD(+&YpHq4F
z2;hkmWj{OK+I9WBLj9iT{G-zt6JVrlG60)Nqkl#=_ZAY{9xg+Cud|~-Johr+ET}yD
zRlf@;^X9hmKIaQGsE&+RSC(W~sGuOS{hSLsEZwHtM*x&PAc<En*9mJ*V6FJUC<tfA
zl0z|`B}+nHXQRzApni}0wJ8KU^J9()Qz0ZpvV(gTuJ@EH*RtMJ0~TCz9En-I7Juo0
zu2}%6Y%Rg&@OwKom~p{E0-+*~u2xGrrjpnsm@ZkyrmN@mo@R3_|IsmQk7Yk$4>F-m
z<_P`TiMW#JeE2$|^u=9H6hWPm31S?@BaebH8z-QZ7H#6_Lw&S4U?fLPb%NO<iJ_{D
zEQ$8IMTaxEK4LD7<R~`50kS}nI@G8vcSV46msQL?ybu>zkLhd^dcym`m9qT|$r+ZQ
z0#RG5jrU-D`tG)2eLye0_VEVYdCmg)Kb?I4o@4%9|Nr+A_TQNQYsEQpcXiR6PdIG9
zm@h1iRcy^)c@>wTuq0Mnu+nIdpb%q8M0c%>ZHuQGMhMpj9l(HLN<-Fw3qlkVKn`}8
zIW8p7NhZYxXNZ>m?C$fHb@pvKrxV5@&JaU}Bu?+;8u3TIR_bQ+g;GhI(@|k(CT}h<
z&;7jpaNT{P*|?QZFP&bw=iG?FUJ8e!Sh1t#5q2#7clhc9PLtDS(BtsWu8;KU8PCNH
zo7GHG9c+B#^0wIOP#sNHW}f5tO|3CiTpm5GMZKPDfl(Ry^X{gD7Ef?^-WoR(%z@Rb
zw+E{wUiyw2tIyW<juhc)6KB}G9$mNU%V*(tseF|<O{OPZyR=d4^q;1h@#*G0qd&`t
zaKY}@2adiyV5Zmp;->L%Bg>pxJMKL-E00}0L7Qm-|5q=EH}>Z5LOLE1&S|fmv`w^o
zSB#f7I&UbOl_HYP3HZs%o7Mv!hJ~=lt@EA-csr5p7x6s$2x627OEGvO6vIb$<rY2F
zS_>>Gb6kSY|HgWrq_vp2{Mlop#n=D|$=rI5s-!+<M8TZzY<R6=L#Ns<q}1@a=|X-0
zLy3tudv3~3UJ<bQCo>y;u^QMcy;Q}x1&+kvoT>>2z~tx8WN{<@&;<ci8IruQleyhE
zb?(COnB4jqH%htpeNlA~*4f=qBYZJq`n;*sj4GO*mYN(3k~m0Tjq%LXsilFsfuIl!
z#geHiG-4_auJ`mXDTID|qXy2n6r4$uHu5+*W|r8@5rb4__M9yPg)=q-`Xb?(RJF53
zDl=XpaMK1gMq)+LT*--4=LgC<euf~2%;QF*Q8;N6JAIfiazpi$0gzh2fqJo_00$=$
z)@HI;S&FLgbZpv;Ds&7(_)QwKJ%4Rssx+h6BH+6~y-q)F$=hyfoqN;(X;+|;mBm6i
zWT2`eKN|8XU<yv1A&nsR)JJzdk<HSvW=_{zzuZQHI0V{yvf`pAt&1PZ&N!jl)G^&k
z-XuBj2#tyO8_A944$u4*$Q#5UD$k<XB`WlInDT23Bf&S0v#L?LsA#NFrh(M@nZ9x&
zShKiY&~bIOuK}UC35CkDhkSGI;mX2!5f}-2bL9#8*h#V>UtuM;Gyz-*N`<wd%5VkD
z<`sRH2e;*>c0UyI5~NFl)0mxqy9l_s#PMK;>TOUSaEGWJh+B$HwrG+^L_L`AOBw7}
z6}~UaKPv_4V8L&Z?5)JyQjx>Y+{^5G*;=USOZFSPa^+XflG@;<4)et(Y<UwK(YBRR
zYHm^KYoo4+n_4`XPBb@BTKkPNnA+H@+n2nJWFG`vu`6O|cE<K!8FS-JjHr2kI5;in
zo6bbC2A1ZK;2YeqFq^;kQ5Erg;a1RzNlqxKlpISft`r|jErBO7qMi#zs#QMe4N=3s
zi|Mm~yn}^gu5=!c4GdB$5ZdJ&`juKgklW9vcO~puU1CD7t=cB06Hbz>ymDI^Z4I&)
z=12SeS`OdeV@^eY=R|2p#1nQeuLJFKRj|k0;xC>PAOZeeNWcu`SRK2sKDQciVC#5c
zpHj~ql0g|YB%oQ$JP4g80JL1O!Y1s*B}$zBwiJaRwu9NbzILMKR}GV;-fnry3;66G
zZ=(HN!aL27Lh2j`sEO6;G-*bc;}n~P(QE!2s>^UuJJ8Yj%w?8yQZ>$OcnBNU_idtG
z?s0YF+=ARjHQ;lSsNNLvkBb4+YCgbBZh1c6mw9bQ?sj>tkf9ji$Y0q)4o5p{7yd!+
z2-ROxu?<MRO{@Q6F*klw7b`V2YY|e4-!MIGe&lB;5ZaVsEO~P^6B?DL60;J`ia}9>
z%!t{sqnnkvnh%l%gwoCtxHz5sW*wIgpGA(2ACWFiO~=aWtBJ>g2bq-jXnjnxtqLlx
zgxikP>n|Y?mu`q>`~ISJfS?qWPx1|3GYAvRxWho@R8)Q*isaH=Fe>}TxEmpH&oM`L
z0f*Hg=bm3m0$L(fsvN$A@>sT|f5Q(-3`1)cYc<_U&Ml@j#9d#Wpd<X#Kd#5nQqUwh
zN^)U0XSI?bj?+=@6Ql6fQY$5<L1XvsA4TL<7Y!3g<xIeXB#5JEPf1)xJNMtLXwr4m
zH`()>-!trNUqSbT1QZ>cf!~wX^-IleMOeV_YsH|Te|Ge_6&8<>a>`g??xk5<_SSM_
zkWH~x^gXlag4d@j04MHaPe1i`L}nyZj3iXQoq}H}roE2=EXyCFi(ASS0HaseL|%yH
zMxRe!tV^u8wYZMQ48gUwn(Np#s-mU$j%6|EsSQAWJPBBcuu86DgK(r25N&d`1c*id
zGVkSEB$56Z0HOvSfLz04n;Mpa_~W+`=rqjNWl^R83qmY@7Gzig4J2a(=ocT$?*rc(
zsBMFQ_NKbenn6cwdU=ARRrI;YOHQ8y90%if1JVq!AsUXjXsXXC+cXTwvJ_K*Bmyi!
zoS?u^{8kzM5?(jD-Xc^7M62|r&{EMiod7M`M?#Crt*|QW&xJGp$Rre+%h})g)Zi^T
zA}U|F`NYxlh=f@Q7qOUFkIAOjs7#uE*(2c7QlGkoVT91a9g}(5mPH~x>7D8$tQF=7
z+O$R@bt6vQqusX(gnxU=;1J()J|>I#0O??YIA4$>Z2A-kwzQ{cC{LZUFd(mA9OH+g
zPRL@s!E~^`WzEYGvi;42%eJtOXrFTBon)M)V3_%5@C|uO3Q}3XK>pw*e;ot3hJ8ao
z8io#cd3{8FoEIY)(&s%0Uz4Hgz?sFqIlmaMK8cf#-gNRLk%T2nTJM2P>pD$XUd{08
zxe`#ZY~%{4;(awbnABGPNdNvQJS%+s_@vSK?s)Eb!5#GQh%m7kdc#dMa<YtPqnmh*
zLsexHk|GuB8am9dO0ZOA7Z-A&3r34LHjETk1Qp*8Ov%?#+qzkprzuuB`AJ|shi)ln
z5y=<Fx_}1p*>_UdeC2~#c%!4EqmxtLZt2NG10>24LgRU|nMG)y%9^A1xyqWlhQdiX
zpwsGOXJIAqL1Iuqf>VSaKx{Po+tJRGw{s8^iUJk&o_C}jH{4-PuoJ}isGGAHoA!_n
zC`x13gIp?390J}<HC)zByh@z^JC^8z!B%a9rm|ZwIdI3!e_3wYAat?+s&aN6(Y)+(
zaNaCze#iM`WwqrEErAx#!sPhw$@ON%9j?$E`zv%OgUjKD`58-at+bMc>t5y8#sDc6
z73cGDhdtRZ&QdEpkd~aPKCma^aAUxQzHaqjjU8=PVMVs%1=5|1m}IbX<OhBf>paj7
zsuCOyaXV`QYtFN8qe*Mt66YV+H3m9+sWBP_yC)0G&G0JLf6koA=GUg>(^malez>R;
zxTsg!qk!ZwNIHk!=GhNOlH9-<u~;+vS0lVx^8fZI<zwwk6-#VdZ-E5sPV1ZsdgN@j
zzHC_AyuxKKbMW{;zvr#y^?nX#YoDZZmrOOVN{wa9uox(?NC;d;A0Oome}bMgcOG0j
zvqJ5h&rw)&K2ba$SD3k4<F%iC(s2FpAo0d^4>l2}*6x)lfIcP55dqcWHE<Ry+J9EJ
zPJWH;uiuQz8DC92$x)6}L3TlFs99wZOAN^qxZW2~_melqbphz;u4yEK>Pl(}R5oO?
z_=w~6dcDAp?sPhgD+KShq4dUt`JgI7kd6OA`L3_m51@*%@M*>hk}%t<(wu0#VMc7y
z&u6Zwsz{`2THd(?-b1Gyot*b{-Z$_Gefb#DE=Nl!bnq`B$t$dP+F)-euKnyDF*UNx
zks34tF#6`(Z<z-^cQ7(iIuBd`z$q)S44xWVO$HHjt+kMB!H(3-%PH$9tj2II)=#L^
zZd%k2l)B^>&~(r}@Rt2nE?cg8)iVLaE7dT!w3K#n!H69g@VN>wGO75+h#3`@xMFDq
z4%b}QKzXYfx)!ubS9b|OSNHk3<k%r{oZK$yt<-n6zbuphik8-D8b(6jZI4~5tcPRv
zN{=W#Tm{>ut5<c5!K?@SB9v<Y#+I54`_@b*^gX92W2?H=2!AN)nbMM7OZgQ4^zT<(
zLwUOvl+Bz~$d;o-bQeIlpv2!;oM<krx!VYw1R7_mJBF$_FS0s%2y=A&zLN@j5x48i
zOxtxQjG$)DG1hgiukyuP;==_>&^!?OJh8z*FQ?fvG6IC<ef({p=4WWgpj*DVw^FTH
zY*-a$D-Z5um`Mej1wMU0;Q&3e<ba+((#0ffA!vH?JUjDKp=5e~y(&uF)L3mf5Fy3K
zX1^ZVxyu<^aC{+UosWWF;%)>}h!DS10B8t{!@G%(=2D+wv$En^T())xPyQiSUdW-G
zk<zBbf%d?}(~1n+mprf#&l>iK!&w$wk>}L+YU&5lib?UZ5r2QU;Qg>45bE(zJY8{8
z-nsGm)YWOMIho>@JcGK^9o@AUPW#s3vdoj_2eVkX-<Dc8eOW(*YfkVi{Y5^w?;U&c
z&Ws?hnzp7L!vBncP5$OLdcZ_ZG3K_Ci4k!>{-&mEsnZUu_;5Jg+NI@n8eAVbZ)W=t
z`O0?ZJ;}V)=O!B47eZ{IG-EY@%dl1yFY{`ltu!RTdHsAH3q>Tq_)6t)VB0EYyv_wy
zU>mUF)<OS}ZZOI{K6~h09md<~ZESV<W!ZIo?d6sGoh7Ua&B?rGtiM??GOn!2BF5H<
zctUx|gsRFEhjz^5uqr}>>Y9e~Yx{)ocmYvgST^HX?rZ0|U<oglA=L_!r7%-yRh0}N
zB*|y|OOKq0ii&&d(B1rkG?X}ms9Dh;Q9?;aC&C|UuRH;HpUngFt*;i>#>YpkRlVOL
zOZxoJMGbo68^`n*q?Cit?nMFZrIprV-b4*QP8_TngTbHejFAwHkCUmE#mfyjCHUv7
zvtegQw|N0G&|{-!YBDvmJ==gXf>D;=Sr>jxoWa|}B&JE2kj|}j1K^bR^Ur341RlF`
zp2~Y)f8&!EjzSdVI;qhd2SQ&_C3{&~k4hd-ouHa~Zqx{fq#;+-3@ikZsJJS`ad&jc
z*zNO#EBRK`?vJ*zMzQBjGgkj;r^4bvj^MEEw`?j%vXy`WN;|o16C&crN}^=?g?>-)
znIKn!{qquTX>8604Nm!*X;*mp-6*(Hw$8x`!qLeQdqb)NfKHPbkjwN9EBC+A_U7Si
zecz*hRZG>>NvW|q>0lmWOtjU~z7=h$p@tx)8fz9Ls*1Kqw2B&IsG+51QDdkQ1TmB#
z#u}ogB&H-{_{IBk@AJLi-*fMMe*gR)&*5b6m37u$Yn>x!=XKUb<i9GY$*FW+8C(0h
zXKf52j5sEAl8PqjiTiJEIaH4Pkg`;N8SHU!If|nt<;(2|_^*#59|JglX2$3{b(UqE
z5F+a4z3wp3d~!3jXFyh8Qlwq>xfG|sJ;j_)*Bccd7Dkrew!YYO@iipW6Fkl_b@hA9
z#mKq)Tup;_+kM_mV$e@65C_MsS5u(PXSt#@YS2H%4Gd(q^75#`AwzvjUdT<&yLW5?
z;8~ha?aC3OI@x5i$aF;CYp=-5hWYv(q^uCRM}QP7j=w)FgRYI-t5RJ4`mGrr?rnGT
zH2BN6yPx0J=)Uxztmy5{axbRRo^}Y>p;wcLUXy7d<$)95`nyfQ*7^llH`Wr^5D@}d
z>yt|{l}uUR$?p2c`9<3)_n(NjFP{dVem3he;K`}ShXCs~oFM7!13s~z(<l^uz^@eJ
zSajT#|7l9px!~2jn3OLQtJ~jHJd=k`=M)lULkA1}_Vxo#{xpU_{6#oi&91Un&*bVk
z(>E7Y^o=Enh2QUv%BN~xsWQEM<EK4w1X3px^g2jyM6G6#tLx1%finr~kqH+v8d5)e
zeWibS^2FsS!wZj)*DcN-d#7Xg((u#D%{M22<wB5h^hi#7Fr}&)>2v#y_=n9?)?HVs
zpVwUfC;%85MZA8nH3z<UJVK*3h!i#S(8xb<xvR(9ANN2{?cBB&r8#0bb-X0${uXs$
zU?++2y<XokWcauaqVIjCSApq$nWU}<frfPfhjlfdP4P#r^gf_la^K|}hn&$}h~#9L
zTUY4TSslx<mzexhL^Tz8(I(@5qS`)Fr6x7~hGsb=s6D&TV9QZyfV-A;)hqG={}E}G
zj0T?T1R9{VUS)*63BIG-WOd|nirm808y;6??*42uV9uDcE73oQgR0a7^WVPnI5Tak
zoB94~uIVqP7N#ol$!d@m133Pzrd~|I(8p<^Urw7!n%Xt~8@a(gzQtcUHyOU7p<R`x
z`gb7k^b}rjR4t>aZ|jPb?GtbGewyjS0f{z;>+tt|?#T~uf9;CYQJ=mE#l83d`EV`;
zjJqP%B<wmQn|Arp$M+)>iFnQXu8ogdX*@jY84)_SIPNN;9~a;8pVNeU{>^$WQi|9_
z-ytn0#!rYp^{Lzt!c8e(p_H@zzUg!42=c_ZN!gc;K(U`9@lnY_cNRu3DN(@fJmNk^
z2^W5S>*RSWV|V=WOxfUR#GLZw9Ld0j9((sERGb|tQZ9PQwf&pmvzniF_Kz$K<)Uv(
zzO&j4$hwKXzW@IAo!)ig)$-JPP-xYFwor_m%U{Hha(&ljfu<Jos`Bjqi60JJaFr36
ztJ`BsBR@GU%^2eX6%J_4KduJEh#q#E8gLT!pVn;WWr4i?(Z@eNy(^x$DRb=Llkc^J
zfKQ{{mY;loUJ_qks(N`@*<I=x;-kg&I{VI>vAgioT$5+RkIbh9dqpg<>Lbf`t(|}K
zUZbW<_8o8M-vO1@OKqy2A~uQADKiR}`;(JZ0aV}b|2)Q1i-vC`x_Tn8vYne{r{Pi#
zt@=-s+ht1hlA{DB8|_Wf>Gvl{aYJ*~X1|T$)VIb7Qh)R>i+SLZe~P0`uKcWNJ6kI;
zTYOBBc+hOY6%3?*&^nqN0<=mqx~eG$2VOBZPJT|b*bJ7pksqSQO!2d6U0nD+_fEvf
zulmYQ-dn?-pis+Yv4T*2V2SOsb-zBc<&(y&78}qS%|y3o7ndY!-EUFR`r_7Co}^%Y
zS!2yEoE1f&3qHLE`g?@Cysfk3ABtt0Oxcm&KL=pfKKyn7eog5)@4y!0SRZN5S8mI@
z=aDtAaH5xR@6+7ajmmeHzj4_E=x=39FV`l4zMF-W&t+odilZ`;uFpK!-CZPsRD%tl
z;d&rWGX#p1oHi%M#&`Jg(I0Ssn}-;cx%uMS$G6NLMAm<~YCN1ShqN0XX<d$rw!CNY
z$T4sFZRT7~`xB#cp-f2vSBR?ss-tJAsfR%Nsn40Rf9;Pt1!5Nzzl6Nh3cq*4J7gUx
z5u6fA-2w8W_O-P2T27v}31d`EyGgatb_cO1O4`qoPV%SA#X3o(j|Z<)@y>w*QQ(>S
zV{aH;<29dc%A39L3Y_zqXJVxBzSoxfdm?^Gip%=13Oo=IaLsrI`<o&a=!nu{W=NGD
z{7#T)g8uoHCIQ+h49b=~`N>Z8*25d%>+{zi{=Igi-tiBzC~RXwj+_>Bh1Nnc*mbTg
zpbu}jUH^DW5112mvZ8b;+0^8pNEcfb4&7&G1SW0g1<g!Nf*!xfO9l^hy9!*`Ra7z0
zJQLn={pT^N;{(N%FA1^FOdwYg9f{u*CNoPrzG<e0R?l44a|)Vz)O1q`nY#6@yCZj#
z6BMjqIg;bNRTHr97&4?C0=;qB*Ued#Z#HQZ15|Ehm1COo+^cRl7X0b4nMq}o!+4|^
z&RgQl(D6%mttl@4(L-;3K>oQjVckCE6l;bOzg&FoG1b+2fGF(cMgDqHM!dn>XDT}_
zxf&qn4(<x^0iwvlR2?PibpG)Gy`h4=A^;N2AJRCVc~2Q_G^dun7g&afxtXzfJl*Q?
zU-}T*m_9?w2WMVOY4GJQCyXcu6n=Syi(Gi4D+DeQye|Kwn%tj3FbKOcN!HdI8xK|q
zE)9AYIJYk{6?~ii)nv;E3?ACqFIk@iD;4c>uaAcX!RS}}Q6d_je0y&!WW8$`_~+o+
z?cF|<1}eQZhB%J&Pg5@p+1*8kzDncSBxyV-xVR<7g@Pz<ts9lmP6MuZ*a4Fx1<SV!
zx@{H%a}T~u*N+^C4_~{8#Jq>H2LX2u@@PjiOHnwsN!9jOwKcpA#~w?yPw7gs#b^Gk
zImVuRygpQ9C$Qv5>FeY$sd%t%m{RXWHO}30JH{(7*#auYa6hjt+`27X#zxT+p{uq8
zz6=o8yPX7vpkwZgGxiosITDKZk1pE!ABbNpy^l$|$`C1D^||QCcKMYcPw0#k`!0O(
zqT7lEPn!9e=|n(JV_SrK)(HpkbmkFC@9y|Gf4@}T8zFtIE@62Zeq4!$gvS3gSIweK
z@aCA&z59vtBEM3Se=6omDELtx{yg6pjjwt*s|GoFgu!5+HjXyEU2W2JCOK03h{2hC
zW`|aD)YiUF#qO<el5MMX88PPeQj0p<rWrd&y-XA)ss!^r!Y`UH^lH&O#5|V{1%^id
z$<IB(%H1}q0X#A#@2d38MufNc^(HNs=6Y$#KYc~I-O$dr+~)#2@s(<v7cI>TD6Mkk
zZ3D<Ma<qHLz48x>?~v*X3FLMw5&h4vg^U~eW&?k}O&}XT`XrXceDF&IwaGRe26?14
zFzR)Yzsi11ZQJ{g^dBbYC0+i9;9oT=S=BQuq;k+}b;=R#7{Q<(>`}@Mr2THq^p?o0
zgksA{08N~YdMQkv_F>bRzO9-C6`<)>=*VVsURHgVUKIl36WshE21p`6ysaYBq1Id%
zfis{7Qs*G|MVXfzE=@d@9(}WQX9Q=#ZWw{&q8QI@_}o(3pqUG8bRHe&bWycc4Pq$l
zD72E$SrV%DgL)&kyv!u*;#Nu%t6$Z8Nk7(Sa}Uf-zq~l~uGZ4LdiMou{l;B`73wu^
z5${>C(;|GW=oY1$iV`ye3ZXS8g0m}2?>wZQTws>rbtAmi-|fB9{Z$}U79dCwotAfL
zIsyvoeEpg*)vW8YIhLg%917yL_B>juaV3v)0d8=+p<~O}%T9YB(s<`w@X?RU1&c9|
zs*=`W?oA;`_G|GNdv0yy#{0cf%>Imc!|UxQ4#bXv&jogXI!ME8hOam)PIswB9lQ+=
z_t{q%c?`lxIDRYpfKd#MS>z2#)HIJPGyCOm$M+<<HpDY}b7`E9&a<VL$0Ysvoxsn<
z%-<s)C)X@eIlOD)4up&dfpMYooxu#7%ZMU1DI>EN9lKZNCc5j6?L7?TmiVQ1W5ofu
z_WRiA4U#Q?lOWWQJbs}(lk<J+m#L5~-?kLL;UjLG?rhR*(#MXm;f_qa3ch`LW;cKm
ztm$^_%@MX&yr)#!Wnb~1+C}C-qDfJ6f+GeTZ(>1@m9LFE#pd3xVuP&YC>(Ip`@?j*
zo%#liBvrR~ykmDX#!nyFS<HiW^6nj>Z%9W{FZTD>n1egX9H_vEnh5tZwj|<dqncJh
z;u}M=96+H|e3##}2S)?K%f|WizRqy$-lZc;Fes=npCqSrzoG>ZSRu65^j=#-m9xR>
zcc34b5lpVE6YcAn6IdEe6r5pDU$MO*P`Or&0``xr>{gbwN>X-@dz-3`erSjrO5NvR
zJ(#}O&s`VYyc{Or(>{M@MC=F@hXub0y}F{&TyTp2^)Vm0nAFTyo@iT`NE1=_U=Nt=
z=w2eYhZ2%!8{t>uP&-QJnZEAQ#rAOefb(TEHDmAOl*f_rD=uLt#P*NT)~x|t83yZM
z_NKzwk6iS^^7j6-6LGJ=f0suv;wnQ|*j&M}zOYvs&45|a*CA}ZmqxsbHA|~9OGOsR
zXYOlvB8QZ>TS8}Hy7f#5nshH@bym4E<c=m?fk-Rtgy*ixxP~3>&rR9Xrqsm-Y|kqD
zzJt0wVTMmiPflg8qC?}ohMoF{_hMGh_Zyz8R`vKUSQQO&!ace5SAMMf{_0R@<t>b{
zr5z@_PaKVE4EB}Yg)w2wdzS6gp#$U?P3&M(vxWwrT1cZ?F2t?KS5|zF-4_gxD^AY1
z-OfxHfIVtoqWG@l#r?JDHF8oeISA9^>sE9N8|Yoz+3fXqf0!Gm@}3J18|XoE5w8*d
z!JQnuYuW8ud4XGR^fb-}_u29LjjR5aOFj144H&#Q<g{tqZg;Cycc**dkU3Y<%`(4-
zPX+W9MLvI@!2-Ti&y{Z$YpKhN6!eF+6pVk;0+g#8T)D8@_qE16U)oZd@OkIU{qsZa
zz5o!GgmBI0bh-+7*{=1%j-CC0zte9B^S}F2SLJ{CQun{01{O`=Z|?_v>G&_qqU+`9
zci5+RQtqyuujAp%lX3>nbe}!9xb@iG4k~lk%iZDsFQ(={5W*p_^M7D!)KyeZ%9*j4
z4tdt52#{y}W#J?&5(WTJWAPL!thU1jRaP&6MTDrRtFl@TS(!sPh6RdPo>XOVFxD(k
z<fPK!!ITd9kV7<v)uhhaVKo6152gNvY*?CDfQdCr`AM}yX|+RXHMK+Vg!PLBqOfR`
zL+s>G`adj+!r`~!3JU6nT3J>cTK6Bz6cm+CDkvTXK!If<t5^O|u>wm*LFw?Q3QC8E
zRbi<+<X2d-D*wu|z!{b-3ms8c`?p6$jm5MaYE@7@#C`w@hir_3sv>Lqmx56}G)ILc
zf7r^RU|8d4$*TX)Q7Wq)%CiU*)^;eb$f8gVZ8<bwk!6u0Ywxi2(0-MF0UJe@ZxsLI
z)PKFI#PY%akY~A7k!3ZjpJnfVZ2vbJ|2YQBy^1RT_Nx5bt9;nUlKoFFD~yW&dRy^d
zcdM~%{m<AHS+*+z)DI<D<2=;*uf?p<Dzf+=R_nj`4}fLip*E%e5nnYH4E678`9rU$
zu>8!5r@SI-I~<SFzvEGsKg<OdZTR2dpZ^?HNr9CQ|BmGl5n^dzNvZwI9Vs1V3M)%k
z?_wngtA~|mDy&3eX;NlkME^!f=|53oQAey+*2n<=jvK%lH$a62H>t65fF-BO%78<f
zNtv~=@|5)+RhC~>l@H^rs(cvdL*H7nen6nZllPFmP*6CG-~Z$={_B+ezj8?b%USxr
zC6NvxDj7wV9STaUkSoZuto<(%Nu3opxkL4itn;2FC4W-xp`V@m3&<T$XLm=IF>*R~
zFCRF*aCY%K2~bx5Kaog>4*PE;5=+s44dnk0lpKckzXK)Kk8!T8@~0Y>Z*6}TeeGVO
zd@lClm2;ts5p{b<ES}fCetxDRlrj}~RrQA79sB6f3sEzqwE^|CSD5>y!H;Z<2Twa=
z?nTN^yNDHu^qJ;?P2eh>&1&zM{)TG)y+On1=Ban-##VNL1Mp_xZ0Qq7mFJrYQmxdu
z9BWqbjqIJaH%H>4Vly3sKAb%&SD{nzuI2?Weu4Z4!h6D?W$U~yG|o5vWUk-k3Utot
zK2ZOOD8qx<A_JAryaO%%9wo6mA3s#n;<`WvdqL;kh`T2Amp7eFE3|SvuxgcQcy9k?
zJg?}CnqD=Zmp_L@#kU5D?^_|+|C@_9D;xhmI*@fW{C_)e6~<lVr1xy$E0aEjXEyCM
z)J)<13Z^FhUdi|}nBgaWN<mWc1eeh5D?;+e&gr#UHXrN1{pct0#K7qnpF894T+y|)
z>VBHiG0nqHzkA<WS|I69s@<@|c1c(mE!26+S5xdvUv+*RA#gce<5_*c>R7cK0km}x
zcD_Qo$hpS3)q>2Znb1gv0hz{~(B$cT!SVH<Y1;6=f+e_$msfC6@ZCr`##ceD2G^lf
zX_0+i=)S64-QRYJy&dj@&1wsPPx3f9<b%T-ZRkSU+&*m{J`v;DwDoLH4^(fkcA&sb
zFlv~S$_#^`7ZfD}Ti=f3$3tg}JZs@J$|Jz0<*hHf<1%uXzexw{>%cH6T6Fc}{05lZ
zL3<?^L-T_{*VI?{=lh1vO6xVrTk~GpA_<u9#WG=<7H0dVmCrxjh0Mr330f(CP<caT
zCG{Y)3*Cda4s~6N670_Cg44$s#w0my0ndiD{9K|@qzAvFj$kP;p!F)zh_`c#(#DBK
z2`9y*IwCs!t(ElV?SCuY^0Dsk{$`~tQ+bUb(^HIVt8xU)1?wuM`6$?>$kb;3?nYZl
zS9T+;<Otm*R({fzQUvRs72N$PMeJPgBPDE2#!2J7Mxv2{J9p#MDBP8`G+O6xv^)W<
z$*P>WT3%EN{1Liew_1>2;|OwdB91EvbbhTBiCkEjUW<&VcO)(t_P7I8q&%dPaiib)
zf!oeLjrK&V0C~}Ixa&Ncv07m2!8AAbruHLwzkkwhEt<o3xH6P9q{41)tQXYj?*AU{
zLhWcU2F>NdQbp#B+;Vqcczx8)=vgnQzrVkU?n3PY7)ogC{aDo1uxkMwsLqUa=OuTB
zQltKU_ezp>Wyl=9qH*1s(G=r&&WxK?5jT;&tLu*Ae0+ruqQb}ALfy<l-N-^6Y@wc0
zY?W1PRak8GrC9WtsjR6f;>Im(Vxs=1ME%6Xvt3<|U0w5CT>@QQiCtZTpArjh-7@34
zrFguOf!#OSb{_TWbpP&DWb}PZ7@-`c8?C1|7vR7u3G(Gb91qguu1f418KzVqdE!Ti
z&+25oL=b%jj3H%Gqo3L7n4bQAaC_UXpYbFwes$_c*zDxqP_+ngh=|wd7y24-v&KwM
zI63pGqpJ3HSfzF^DCK*31rx9~it(cTuG*bybUSFGht)leJ5V(Rc*Y-C-Yo(sYM5LY
z2y;s^LTu;X4Z|&zf9QIdtD&VeE;ONPRf>4i-@DjBnPH56Fcn%w`Szyn^u0XMs*{)k
zPp9QtY)fHw(*?C^Lg=W<d3GI&CTc%wEO8}pirP1&y-h;GWJ08w-^P32TX7uUB%4Vv
zm!|)eV?L64Ut4XccYX%{Xaw3PXUP<rKUaCg)my&&Bn0I6_sjgyvC7v;Subd*0mp##
zrm6M3{zc$ifL<}Yb)W>;y62QjU_J9SRQ_qXCbmXWUvG8P6X#|rGDd^u5UYGVmXHHe
zZhOP~D@yQs6H{hY`npCEpT+YUpXg#Za!fmIjyIEr6SBTRm&Ac}9bY-FH^`V@Cb%89
zoZGSZ$7}%d(eMNyWyRE7jPgX4^&nq!8IY`Ty@&U;cgsIF%{ESn_vU%q#SWOuM)pe+
zMB06p`Nyzo0Ie^3)x#tNJMKs@$#{|Q^aakPGJVWBK9g$#(I2@MOQhcl4k(3`B@fso
z7+^DNirw*JK-_>q(ps(w(ZXXjP=Da2HNmApJ#q~l%WsH%psSy!6{y~3<(grq@oC<-
zDRX|K$@-%!!xjRP+^M+pGP_s3Md`T6aT3?|30Vz;I>LbOL&Lt@8R?o2&pw)|;yh*_
zB;j8yV%CSGgv<0UTX-7TszTwtTxf1|>iCe;YE{!uKGQgOV!Q2|pcRp-IF&cSNyP6Z
z)Z;+0UY|5ocgJka&zEzD`MR<tzDw8Wxkv!A^yh8apE$p9`RR0{{X3cY9g#0m8NPPw
zAY^r4G#3a_j{YZW!(L_!+D-=>Rvd|oNLs5fQE)T2V_Y9p5w9PfVmCp%?Y=<uDqb(G
zUk%O!4#I8sN(NLmp#^{E=U;ogJ{u7BpiJjw+VorNqBRK<F*LKXc;$XlX<bw2Qy6-X
z{>rFNRooA@h}&S-CB5y}0+-<z2*+Q$eeVY42AY=<yIy?Lu&N}Posg|Wt8$}V-=iN1
z+A}|fjkkNe_H&P*j&-hYU98l2A`xe{Nqf_&Gx#JVpd+iHw1yPDIC}q@SK<)-qrlRm
zvFD9X%i6l!v<to?lTRYXQV)14HL-rYm78y7UR)d8DCEl&t8R!nUi5c#Fb-wlRK)jO
z1iNa3lTb=o3=QWcy7{Cj)@~K^3>%J|>khkL=J%`XcSUGMWL&t+bzHQ}ukjM0=O$in
zpBASH%o^bg#>U4Wuvb0JyJA;uMhPqC8t!{<cv;J^iQ#-O$NYj;bwL~N6w9c<!A3-$
zb-j4G#sk&(&>f34_PEo$<Qm(?JE*dJldt0^w#0nMLe^h8qOBLUnruG4MmZ%hyD6MI
z%4kQ{%#K^PMe&`89_~D&V^2x7A4|G8cFINljuA$;$bZMXIW$053FNAfYDNNp=I2@1
zNc_MX>Xt#$FhXk^5}$xQ5Jr~Tq{?xlzZPKZ93z(cPCaUi$8Gm!!iO<n-++RN2sDox
zQ|%g&Xz4|0i1MmvP`_0_x<&xD><9?U6>Im&3?H~Akt4GBbxb@*{7$TY`)F9U>f&6R
zLDlF%+m1L4d?EEnqwtbA(zl#56-UVweke*{kM~B60&Y*N2lb`=%|VuirX7BU*2*uV
zFR5pRRhRMrV%>Kejx>E;vN4{&B2-g-k1$p@x;}x<@8$C3WtRv*jRskp4RM+~Z3aZP
z)D^pZ)jjX2WKF1cjI8!<e!9vW8r~ne#$H@HEmjfT*gn!bwkHkLgAWaG2@~wT75)9u
zFHz|i<;T14H?+88LR!ArrJ1(ohA_*2r*38*(=8kOKqF~hqgMmDzKAQP#_V6__Xyd4
zHmt$#-#tW9$NH&s>8zQ3CEL#XKSDb)Cfzgs<{&=wT6RBN!KGf)&X{#x{`{x*@2^jB
zWY>>ayCJ(F$y+s(W%$q&TXIfuHQbe<o{uiXaczKq=NInXD|XJtXf$0jn<G~!gk35O
z`Yd{<^0}$gyI_$A?c7@);w5b(W1^NB^E+`s{NJaOxwfkgjiqPy{9jjog>6lspN4hq
z4E2gmS(GdzIgM&`Jc_iog-;FY2tOj+HQn4(_HeqN)*Nc!c;C7&AV|E0X3V%Wxxkz+
zh3+Hj6yw#qc+Z~ioEn<nu|hCwO7FqVv3_Cw#+Dhp+hMLc@UgPq-4ER>Y9*R}tJxJ}
zvV~f0g`l=R;DiNw&0Qf=pw4i$Y<coR&K_*q>qh#!V%^N6T0^t6h+}?F{OL*3NEPu;
zj&h!n#Gul7X>h3*mqm+FZ|_{K+$@f%QL=9w3=U{KXLX@NuXHF=yw``=HJ|CSpE7L~
z$Qve9o_qOCH{Aga+i}S9vy0Y~CO@;A2HPUv0Kb6A$`eknP)g3tsVZkH7DaB$&5(Vq
zO772}nu?fQuRk$i^o!10UFv&;jQOo<0_JRbaY2JsT&CXS;e!6qv*M6+Qki9)c3-s)
zGaulao3})?KEnYp+i+^NJ;<V7i!*BJEh%p*E+-jBq5FqamK5uoy5|a*M0NcklriQp
z<e&N*Vl{vvf{C{2Ua`TwFjn=UDI*UF1=)F6+C-^Rs<7|iUd-ByUi9|0RruuCisk-4
z`UR`O153Tac-$iix$>Roo~83{n%GMFN9=VC@dcX|cSPB|A8sY0WWJ((lj8KTb42CZ
z((0y*@b_q`N0ZjAPP2g#RA?W4(g7+GJ1j6wSX`~x^&b{5>uvu~{(j&_F3`E^iC2M}
zSHzY<`NWQb*VeFQ%BrbXa-JKn<=^Lw(Z#GP@Qt85Lciqwks;OnqmVt!F9!ur4;|J0
z>ftVLks|e3@2>THcdf196d>41NXkXqEGf1}JYw5xxSb<d;YEdwClnXgUflot^Pt+_
zl3tk%L4$#b?yg(Po>R)g8YSNXF`^tA(CBI^sGcB{y0j6pV#63vqt~zQ%g)ZM$@lHi
zqQ*hv7dQa<FO+{9)iuBT^)ehNQC^Nxg`1o&)*)GDE~U1&20kBCz3q%wN)`D&Y1j&2
zpX6@V4d99Isj{oKD~em@No)yywU<@}dX)Mo-0=-xw!!pzku-mRZ^9NkRkA_H!tLv}
zG0DBPt0aGCtXCr;u8TKh4|xJ~2d3^in+4kQ&aLcr$iw5&+W~K^yy_(h#Ljr)n1E!>
zR*)VWlS5P9t~s>%$L+~VQ!p_@^%X(nIG&ds2KM}{2r|!)K4Hm~pl>_eg-FqIeq<Aj
zX`%np{NsO3Zb+<Q>Zj(V#M-46r-Xv_roqgfL0>VFpa}04bg1d?{y+X9$<^Ko)Z#5!
zz`m^#K}1gKQGT+poOU5_$hejkT;Y<*Vf1Nuk^e18DSXKhxATO%R&Ip57Wh3S-R*#b
z4pZ!dUlO0>srAT2!<TlKE!9Wj6!b?k@7loX&4m3wKEo~f#|9AApWowF91h8-Cw^Z!
znL8x^T&1WKs(~VTNS_)+Rrqz&TRz8G0Aq8(g6(k<zrR}&H<I`zemMK}$-$a>*Q!g#
z6h<DbKzr|@dXG6$k$_GP$dS?Q8(zP5@>UU1ZQj}E+1#*&o#$sw_!*gn_8th~y{Ij>
z^d<BSi8@7z^(~CY`cGg`q@ii?qls5k;j1<wzlYVTa~Z9_ywXaFepyb8g=3DP?hP84
zayGqNiYQU|2GNXbcj)jx0~1m*DUSO~*&7NUyt6D?wypUaME|7`tAG`aj3ZD#pSXX(
zMu@-Re$<aM#Hc%uFVFgQ35}@Z$sep-5`UE_MNj{Xos|qjnpL~4Zd|W^!pqoEw5OFF
zkBcWS_xB#NuDR=N4bkMvaP9Mta~Sk<r0|uwtwP}IlL8w>_dRHZC7g3pCu)IMpu4!c
z#nc>7ckflNPL0N|TkPK4s|1IRtvZqO#N*vMa}XmwjlS#)!g%i-;2mhZU=XUj;X>{Z
z|9#@oG(0TYbKgOT?t0T`i~Kv<_`o09;crDA0)1UuE1-rO7M8wk<Xk^x%z~K?%I=h5
z`@()jv+B48twe@?cR3B*9K@<U2RIR;!{y#rbK%?H0eTJY^a`OouaD^$3;xiBiRX$Z
z>VesQb@%Nvlo93<3UWKyF5KC;(72`wICXsSX_}UHxncKXn}{*FG{U$|^_)e_Viqqr
z>Mub*^Kx6TF>meat=VWsNphcO@+X?h<BZ^k>b();K}{7Iwy{5$Xtx;0dB)e;ZQOc2
z0<faFd}=A~srbsv)_H1X-qIWwxXJSdt~xd>Y;`M7{JmmpDAloFJQ-pEu<n8!NBvmJ
ztW0;^EM8i>wRT|vHX3C1wej>f>}px}Oc6C`=&pC;3}~b7c$oVQhLW63)C!iNK;3DB
z*Z|Po&O;NvM0kUOuA^_yGOjG7ch9NG_Hx(4S)AA&ZSN24+X7NnvLMw>WGhP~tA{e%
zx%(1jPU^~JQ0>H_-MY!sXZ_6=c0zwmB*#hFpR$Q6COo)hSDyX^fojqFcJ@>nmC8=P
zK7#z)xO36GXhshLx92};d!X#3%#_rQ`OU)+<|Fo9(<mwywND0_3ggc|Nn3qfW&F8b
zIM>RMP;|E`Usfs=w_*c9xJkFwA%(8g^mvDVjc4}kT5XhM0n9-wx0*};YM3n68LdJv
zN5djvr;Kv-9UJ4KP~G1AE1DEg9~tw(KGx|`K;<=zfT7d#h17VaN5giu(b?ZpbjkP&
z^k~#rme#lqM?56L#aDee#=CAU+RAK89DZXPX2rkGi80PrL-#zkf(U2-kc*JR!Tl0l
z4CBY4pt6Hj_}Oi`wJX1ty-mx$?PTt_&qrsax!`WMi#zYsc|cAN17vbqeP063L97<f
zwx58tgh+3nzNoVeyNG)zd~3zXj);95t<i~q+^&8sDuK?0{5Fm2f|R}qJXRLnmjTF&
zF9<7m1F8U~W%&q&WatEGYwLIzM(zSN*Qq5gigV@7i6)$Wrq46JJ`UAu`bkgafv!OE
zI$fb1vo|sxr<X2bY)bj=1MM{1f<q&KQ}%zq#gi@kF~LtdR=NEkj@Q>P<^kr+G*c(p
zxw^OLazMF6^YVk}MV%U$R_W5%f;k7X^ex2O{baC$Q-x#N`$qW{d53YHwvqFj?6ZUN
zwdF`vv32!aN7d-iUP;5Zw5YLblOBIyD%%6Ny9%Cl16?XQa6{X1hd6Wg;fSrInyxM9
zr1lF<?8Jz_@tFGd=kgccD}?h|Lk#Z#&Pt-v1|^X*xA&hrvk%P&v9)JT5p=LHtJ4aJ
zN%f?PGEOW0S<MUUj27=at}Y2*WvQ>g5!FwB>jCECWoAILe50zaKLuq<LY%Ud-HAga
z+=LKajgO#5G&Xg9-yS#L$KBSn)%piCn>nkO@Cj{A)bAX{Kco9f>x)~;DGf_?_cysA
z9kCGhCWZ5&gju!o%SSV7^fPs6&r3j)oS!;dabob(NcQD*wQ4ramH<A-F}re}u1&<&
zagEkl^$YKVhjN`~vkPP5wUM1yI^S-6Ae|m;7mtKAc3*Z-HvP!C<2Z|N*a1~a-{xMA
zz$lBK-_TrJw_`H)EG$H_Nb^U-ID&t{9BS>w?9^Y1ex9whzKLbtM(EojJK!MZ<6^vj
z4i<E2Qvgm{k7xe#W1Ep$lI8sVLLlaKmtp@_ajw$*lHq^~%Q_(H<_&IQEA4Z=d!>BT
zitnFBj%LXFJyDENl-QhxD3Js_lUY;9H|(GVIXDmL27I9XxZX+@u{7a>^KJ`jVU|sj
zXzx6}wUT#60ZgIrDWlm&#clIGeR|+XM7EJXfsdTfBDLGD(SM|LC9R?~Ht_5Ua;Nb+
z858`QV?h}^tDZDj5Q3N?WQaaVW<Y9vc|J21DtXRkU$4A2PpvnhGhGt!59ps&unHGv
zy>r^;85fq%b=kt)&sbX-J#DO@Ypk4hXrFzf9#wS*Z$S$x#WN>mt7m7IyE)rMwTAV_
zwwUk{KT3C#(84u$-u5%IY-tGK?3Mnp^FGXDn&Cjvv8TdC84Y&Hwgfxc=z=Z2r=ey-
z<yGKdnU|<w_@sjNv_SAX;H6=qMebfhN<FZteVpXIKm&%JkARpI^B1<FFSr#H^!Qtp
zUetzrEkS<<uQ`(DJJ#1LwnNL(LyHl!K}{HG)l5>8RobFFKd>$eW-l_%f4`o?ruKjm
zNQuR5TZP1XYfC5T0M8LjMzk`gigU}7A6NvYT*FOn*c70HU=(HZd{O@6VWIo)AkA;(
z=z)6;(X`DV1eM8wuvYYPN3j6I=x-stZmLLLqBf%XWoR^n>`Ftw8F!uso<m8z8n@u+
zv&?ih$O-?Ew+_1CGgW9n5Up&U4AM9^Rr`t)A>&u*9^KCA@4Y7MKNA=XE)-m+KTgXG
zFPTcq(!%iHQMb{v&>O*U?y)X({d*?Ym(CBHk0@!c?Sdj_i`_5F^T`DFI@@J&j_6Pr
zpA<u4LWZAhdq58&y`KedWEaxjx-~o7O&w=mX=v5aKE;pS=k@JjUer=;^l-Fn4Ia<&
z3F1hLtWI|v@jmjsC;P|tEU?+VgC+o<((>F2lIYp9Wyo^3dEaxd6!Qr?R(>Wau7DS=
z&VloRh}~}-l0@FPZT8&6DScg@TqWJ>TMlD07~z=$ZL$ad@_oN0z9*6!IwD%E-6W1T
zSU};A+zl8h$Z0g?0{$Am$iA7dOt0<oZNn@5f?fM+gRTC%5v1LMj>3n~73>+5$>Xq@
zruBNRHNvCo?dccw5P37fu#Q>f=X|IPqHS}?bx<0Si$S^{B(o0ZV&8jHa_hT_BueD%
zJTpjP;RC?~VYUMVGL;Q-q61wT!n_7l#$3+yaD8jt=JMrmdySN%hM0qJ_<%PMh^UvX
z$XoSxrV&}cWt+LDLH;lrEwh1ZnEEaKf*pQzs<mduKYXjk5YJc<$TZXO2F`6r3Xz&}
zJDY_&$p_}`lX_UqGd9Kwf}5d*OHJBJ%~f`S1v>o;K0FCit@c_oxBPVa5kK==7dEY}
zhYg00Z|{{|`x#Ko6|;H@%Ql@*!p%tkcAB5UP(W*8`zDhfr?Uf-eTqMkVhJ9U)^b8-
zZjXZ4q+GKn6*NGW3}x<mHX5upC!004hJ?|9&leOwN=_<G$7;2ogbeW1A};5zl2-0@
zkj^Xvu)bZrgmw5QTuvyVzxWJ>LKewZL&DNeuD8?yb@8?}ho2Eh+#kTaZJ>2{G@<$C
z5Zjdd+0&#JUmK;g-+ZAau`*0o(Fl9%X>@9~5bBP282l}b8vjlX&(yKWO%^s=<R{u7
zI&B+lRd2h!FM(;rL$X5+qa26J&y~NR3}w5a{yaKKpEd{e-pHAXS1G+e%?{}#UG#3s
zGn&Uaye@xbWnL1Bgz{U5X9nDT!nwRD+Aw2fkE?F=IX;rVVUcNg9U(Z^O;UtvcX*qM
z^H)vrGMpQOCLG~vNo+PP>@3@q78+9rM0|W!>O(karL$c@VIDU|tF6QxTA_v7hU?R6
zl@dma^3B_YdRu$WuSfASm3W{YijXLqh#jAX$qy?dWNZ!Qt1q}6-y!BZyVLaU_UGT`
z5c2H~q~8%OeNi9Ki0s`KL9wrgh%Rzt6<Uxqqeh8Nrj`VTvaEtN6%v)Rr-WQY8|b$^
z2*USxTk5LL?Q8oblIUvv(@iR0t$%wZR*`5~?)>IXE4eCnp8!P7X7;WP_aNNTXdw`j
z=&6=0iG3w*_Xw;`e}EmHe{>`BH!f+uD<m3zeeE(Gc5CTk>Dp3x`YuQq+Q1PmUTR<i
z{()c7FXNp<KM{0eTX*%t?`t4=*I~O!Fvmr)uF5@#L=0ooV^|c3uGzg{P3iG=LojAC
zaep!iuT$L;99y=8uQIGM$!T^9VeSXQS3T_4%4BG$!NTOKzr+PR_;yJ;e&dW*Go~c5
zYMF2jQEG2hl-<FJ6l9*BOd2k9AFQ6r(VC1Y|Ndr8Wl^2J376hP68y=PD(?W98=4MP
z?^MKtvA&2^8FF}#CtbrzJhVb0s?HtT65V_CmnL=1W+N$b+%s#Uq<*0`q87WmK3TK6
zz9+==PlR2cT+ZdETpgK;l!-Fp33~;*KtYnvI@ea+h3_Yk&g_Ee142^2c%g=6#fiv&
zuD3T{bhf$GPv)==L52Ir5nCF<r*dKAjx^y}E2D~86)`G?H=CY$gxo=oy<*=Bycsca
zx=Hnfa|&bk*{wO}Z&{Z6k7S#hG$#A0wGR7MYTH-h;xVd!%r*Xu(zVWRXo<Z?$xJH=
zWJQMdSl-`ya=u{}b`&M~OT~}Fxu20<>?KmiK6*PK{>B{gM_H-%!q}U&@ZodS#4o|2
zHXmMO^Y%qp-7dZ3Z)tKKuRv~J6yM#b=R>4K$fDv_qjGFs%Z6%#kY8xa4~D13LT4vV
zhDwFPTbPaJSW1c{T~y#ER)Moy@0SxbmSEUm=E%g88yOQ^<U4)vj7-Mf6|zA}Nloo_
ztQ)Ha&u6Iysd*J7O=ed%aZe8sS2p#RhJo`^+(eoF>CyfvdrqDhl8cYkF^y%&cD(8~
z&Ia9W7IQ=$f}mLgF>4j57RM36g{^aVX10}K!?tfR0%p7!1G_70>|2%mF&qyGOCh|N
zJX<*x9ds6pl7|<|bu*vNPVebuO7QHjWe1xVM@vJxEi(nTJ_a=I;>H{$5;mY~0s1cG
zla*F8+GScZaym2$YX$IyGhu`e!xG+*m|8xK{q9q=YUyi{<Y8)v>!&tNxnccS)zH%Z
zGV@F=uLdIvKvFk9O+u04-zP`m5S!jGcJ$5t<C2XLtyzAm*&s2!a~Z)mEZ$+~`ffkR
z$T1|JqZ$wMjBHbMsndvioUT+H{q`1LLafyHaTjwfqt9f!I#M}l{WGgzUA4Z8zs~+>
z7y>-4wB?_pq`MdCS-H9-1g?$`+b+}H905__?{U=hUq5s};{mx}5QH06%+It!w`j;>
zpS4%LEmJ;9MXyLd6i{fL&+Rw9ccTCM<IJ#vSD&kDMBtuO66k_^y_)Rc^%q4;W44UA
z$eeN9&KPeD)L~*SppSg5^OVN1(YyRV4uE<!j{v#ZE;^}x*8T(vqeXky*(<q>{PXim
z=>~ldO4FIW1+}Y-WhDwItr~f4hOZ3;Qif_tC)ZW2j<t)Y!9W<fZPbS6X<m%(%kEUj
z`(h>dT2h<ElH^n}MWcN-uC_JAZ-Eo=9&%?9g73dA%Fc8+zI}Z%@Q(r~MlIwRvy*iZ
z(iWDS!c%B;s`?So0s42yIl7ivR8APeIh4;ocJa2vjtSyL1-^$i9f{AP2k$rXZQ#8x
zAqwdG!TX^HP}Ep1dZ$Emhof-|zqk8JoKkB8uW4C#s|B?Gv=>h?8;961d=&}_f%BTO
zC>(Y4SXG<i_BxwfPuXWI+O1%A$xqCn`;NF*-#iRRV`GBh$sN>d9Z}HPpl`_1*8$q+
z7^ENUG!!$!S!>eT^{nEBz$!IRr?Yktig@CF?RwMqv*&5BhB@^v+tnim=*tc5WtlC2
z4Xt_g6HHEM>wb;S2Tp`<oH2~@GxW0QakzPjR>^ej9S@bSJf$~SlOeX^UP)|0Ge6!U
zx0p0^_t_vCO49K{xy_~F7Sz;zu$|uX-`8+R5`a9|@Tg(G83{=<H!ZpFUZW?3e_QW%
z0zRllfANnnwa5D=dA>&xV*6;%7w$avWg7-V%NgXf2IElJ*W(rk4X_tce>B}CVj$u(
zgiln{VQ>;Bk(2V*u^SM>p!i0VGIl?qw5MB^m58iW8#Jc3-Yxq=;bEi~<(NQ?3oQ~G
z0d3f^mlG#rupdiBWVbewA<m9|sj^e#C-Po&t*41gzpaUI1E<ll%p{;(ZqICN;K{OR
zcZgaPeyX+EO`-Q<2$;+5deDr2I{s!E_?I$8oV$+XpXtxv@QDGB?>Sao|4HucM#e-u
zhHQHf33ZXV!@25>GUp%FTUM*f>O>bBR8i7tinI3;V2WP3LE2o6BHWCo?~kGy06`Kb
znFf<ZNeqirANPp)9=B`ER0@|uAbn4U+(S+G;B>KzV>2i1f<BTy)`SDU#Zdo1UkBPZ
za5ifos3WWGY2i(b&rd93kL=FCzAi0Feq^7lu2~cY0o-kqU3P+sYk<2vA=>nb=>)<_
z5SCw)b5ueK+7dX;`02*p-a$0k#;GA%@aCl&C6CgcB5u7p$k(^feqJIw*Mk=}$zNSh
z0VioD&u&bQn@Q+J?tT{EXxmO=f(v%@=FEM!giAcCB7{U}r%{&E{v4?AwjUJrqjJXl
z+bLbUS8SH$&7hB<+P$c7Dk#4Izg_9h>#4cp2zsb_&cg(ocYSu1cl`%g%hXXTsJ1yE
zxwD&jW@R>M)lHn=apO1hGNc4(#J>Fzc6kz9=0V$tS>@kWju)78_O?tc`*EPfnpN9{
z6*;<`h8-c(gT`<E_Pl%!T3GLfV1KF20CF-5&6Qrt^5AXdMz$+^r~qy%V8xD-d152~
z>^d!N*Fx&oGfBPuj7zo#9sZtiiC8a?ClA9*(cYkSEDnYldzUDwU74%pd4jRSi8<Gx
zqO&&WY7yEb(R9Y8LaqxCjcGlt82<ezELLXMZX3Dtn`3Mi|L&;qJ&~qk*yd^EhD|F`
zw#lXoLkT&Jk%%_x^O@h%lBrB+P%WyjfWynhlX}4DK*x;)4>Q=iih|`^_^Y07H#E(h
z+&++LkH-yxpJ-oCcX<G7S~1*}CYY`zX#Ek9BQ_&wD%5yE&`sN2o_S4(X<(NXVd)`F
zVc3VFL^jzs^!z29&%r<|oJ&8Q=b^8mJyRkb(6ZAj`qatrsrn6@^6r9Z(qwe=xLg{i
zSQi9V$SNmOC}F-~8+~nDDLpLh<)U%Q=;Ke^L;-XhT@*wFb%@WyG`qP=7>};*j7kYZ
z3bNTJD6=?}1ufLKepM-pU!79drg*FM(ZdT>O2X$i%mL?lK!ZFm&wiz*=upkgbZuWY
z)N6dOPqElO-|~fpK$&y+Tq@&K!{A!o`u+xwT2cQO^z>A#?zF0S9fG6x!qD6Ee?kRv
zT0_Q8R%1P$jc?rSpKBCA`M(19VzgWQUh*}ABRIBIk2G-}+0D+#dz_2@VStDT5_UO@
z2^r>TgKwzx+M8I3(;;9UxO3!KaiZ1igjVuku$n|T+4T?p)pRTul6Q&U7)nnc7aVb3
zIjw?dS-!HOj`H_-vzrl)MBWw*HW7rUAlY(ZptL8xTPaSXPyrj?a;MvYL9x`dYg=b_
zvUo+XO|{5=N_`1Ob@UYZv9|D(SsS^&KM-Nm9PL~OGHr(Q?aFLB1{IIs!`-2vja@3H
z_I1c27wYo2y3jdqaH#c2eyTp3g#L!J!>;-T#MF)tZ}N_Biq+&sxd|~e>I8loIo+Vu
zBqB(H?K&SR%bZp^9yH0%2+Yd%GAEX8U);x$#7s;_An3nP{7xhp6TN>?oQ0x~y~c28
zBW7)OGn4U36o&BRhAsZ&#H=~bw&%(+bw6SjQB2!ii--Q%Rzq8&Y4%_oimO>DOJdhE
zoH?8woYhHo9`V{Dd5<ALeuDeD1fcU2T7R?sZokx;F%%;=gCEV2#kQ)$TbUlQD%%UQ
zCDw@1$^%~UzTu}$KL}hHGQ@gXiGxDktxx6Xk3?c;@#Rt=%f4J@fVtM%_p6!y6TXXg
z62{hduw*+mQyvXz&QFlENuD-u(%w~O%1Vq+eS@lJ-6z5&aR~|ui=;J*4wlr1P*{^$
z3Q=pV(Y7MXgpj!nP4-Re@Xtb}$Xwl!-$V1Y$3ys-+DkjpB$<$Q=c?swp%{_805<xx
z%s=&;4PrjpLd!RH{V8Trb-X#t1c{YrWr(ugKQO*!<sI{Y^X<e54Qu8P_EL-sauz{h
ztvTH_<$it1+Cr;HI`cgVUaWo}#N=8jWqZq|)2o$?Tj0c`xfzR0%5AK(3l~6bt_8}O
z85I@tYC$mg<c;N<8*O9&tf99?;UU4jG~0PM#UWosyo<T!@gXd_9VEN01_CUwX`dmd
z;kLQrKJM5ghmLoVl}0#8pk`BF@nt#t;a$EAZ5(Tzjx2mJ!5!Ja=dD#P{vM^e<r_l~
zj<rr$)68~3j-d3?iw##*{#jHqXML=3aSUdA-T<#^wQqc^-YY_>1s_45hF`GPEmS)H
zewG7#T1yf%_L4C<+>BYEX-%i$yOj$K=%#(;3a;FW(~U~IV*8Ufy&^_4*GJEW4Iix#
z&ppRf>xkJZn(cxZZjc^M7v1GsL8)Aq2>!XRiVrO1x6X;fyHXg0ibjbAwq@7Gxm420
z;rntSR+m?wq$JhTe60p=+#K}xw@3~}QDbM>8ocZ^TbB!LN>9}C-Homp+nX#4!aP}M
zwO<*<MmC&Mz5gh|qp~T%+`#W5c<t<t#`*Khd0_t3lH!`Zt&eWMdUoNN9^%ZB5zFTG
zJHw$R`G3d0CeKyMs#u4>d#3%P{DqX0G#OB9&nSBo@hbFD+G-+rV>EE_2Rf@JI4-a#
zC~TVW4B^dG*rE#CC~17cx;4<8yPCX8gwG>+wP{T`NK0z!>!xK*=iO~v>`vq5IdYI~
z48__kbWPCqz$bI@@_9DR_amov*;X*mO`>QUD}uRl4WOORY{&$Z+3M9y=v3|BwZ<uv
z1vf}TgV)nQe|0{r?^{Seo!6o7HflF8i{gc6;H~UHknvMRv-mOU1<sLU`>UNvxtfL^
z0fjv6iQ3>c$RKO(S|}GFUlV-Q&yM&RfZ|%9KfoNLc(s4+J=RZx?|il%>=!T4*o9r4
z<_h(-$~S<f@8BcsCT2E-#{rqiFhuMWBU~`^VE+*(mZL=q>5r?9(Gcq*KVf)2wEh%f
zFg<e8A$C0!ou`Ml5Hv3s3ESLhhTu`Fw%}vrhCOvRydd!aP@PM73#8QgZi~IN86(~x
zoB2q`&N}xgO_c(MNaivNC+B)MVzkdjY-M1--LI<UA)ZRoY=5^Z+NA*0=BERN9e(+C
z*F;wz3wgO{ORNqD9-ZTc*;{PtJSk|=kI7W>0FlB$n{PS%+KCr8&sK!5as)MPWFlxv
zT3(h{{ilm^_9~#Q4X-$`@Sw&mK=Nt^lGY0Fwwy%HE4eySP3SatsoM!O*GbuyYY}FX
zq@UXD^<T~pwKjd3Uzg<13|u)_58)g!)+UYcRl;+5m?1*O3mL|FPqOPo&ql12ON5Kg
z=zCAmfw!Z(boLw2>(75Rl@f>mV1#%?lD6~Qta5`HyVqpcpS?@%lQ>>{$knQ46As@5
zj~oJbY+P7D>%N3voVG8X^i|!ngrKzPKHNV5h|=lDNL<#K)Z6@u9P+>WB+6a$@o-qc
z6tgsw1CubVUKnba*yr_Te0T?@vC#qGt&6}*tnWGisov*G1*h@L$))&^dx$6NJ9G2A
zP3rlr>oiCklN*da``+gW1{Bchn?VcV{nqO7vZ06kFa;g9Kr&5UuYH716p>2RI!Ikh
zC3tMs>u=TFJL@0p*Aoyy0%0Hg@VsCi1*Gx#X3|O)mB_8ou*sad&t^?iaPk^)VdRS6
z+xgaIDZGG<+X(-bLUR&swtSiz?V%@;6;}PRqQNZEdgOjZtCrJbc~W8=XXrm`B6KYC
z4*XzozAJbRk7EFp#~{I?QsKav+7*07we|b06iB>EGTwRYHYcg?xk)qzmv={59wF3v
z`sOl0vLg~I&ecZNYxRx2x|xi3s##Qz&=!mfY*-Z8`AMP)X9oc)p5Lvs_=t4|K5_m9
zbn91funhEQQKc+v6JZ@=M9tn=7yvJ_cyrS!olafm!^r&vy1OD>n!{YxEdDg)Y8SmD
z?M^sp1^6dSl!Y^Yg4CItqDr%*6=tPTC-YYTm%+9flpLcaOZ3C58_v+$-0}2GtdMe0
zX-|2&B0R-wn14itGVWgm3#--6be2nw$|d1;6mBMPG6g2Fp0&YZuEd(QRlJ(Tj^d+a
z8f56q^Cod58_|E;0LnWr^q81vXFc6$h^<~G{H!ZN2C3HcP%p`m(QXm*)3h!vbOT&2
zPh^sRbAE5vK_c0|NaTHmeFg<u42G9L#io7CvE~8r-4Ru<r_65c+}RRhwovlXMup(~
zP1}Pf`K;@IYjeGtL?BjpprGQp(}hIh8P+}2-n1JBGH&WD9W=YA6?D5e1}^~65szun
zI0}QLecMWk9&b{<tI*p*eTo3Tv<Mq!JqQXGcT>b@lcsdqNa75!t6@_ohGq7xIOx|C
zB!XsDUO}YYxyy8Ythb?RPO~s5nV{oTOx%}dt(gud*np3k6Nq-ylvS=A(pLL&c35vY
zmv}4dU%Mw9E?13QiOv}Z8Z5LC{YtQ)GY<14PV7~6iTNMk%!0viTEcjK0d|KFFh2q=
zsduh^EUR5*whikn#GxZ-kqy`A+wnODQ#JXlg|z0;-yTiv*?g7e_wX6#{EB>531?Iz
zJ#LYi&_;W)+1e?-wk>RF!DPX_N}T@>_Y6qtN(9~iN3ll<=C^Ojl=Rmc6RQCNR-+q@
zFEuE`FLDwMBbOFFxwV!$r>oxaw;LQa+rS5x0L8(-*fkLxH8_xIOxKoG+DaPwAD7@@
zm-_kjv8(ezE9&Q4W(n6{U~&Aj&7cxaW|M(l!e0dgISH~RQ$4&QlrL)j_sgnLcx8s`
z6QGT8P*eFqCnRzU<$ngmQOZ8)JO?$-H`<xtVa-obs4aq%6OcXU(RFb_l9eq}*c3VY
z@Okpo=?YP3Mza@~b;FG>@P8}2d}ORyJ&Uh@MvaGPwHdc3`YS2w9af_sGVuzt;t#ul
z5d*1XRE7E4et5{tk#F>0BVNIjZiYlwFvgx=LNVX$)BbUR?l@Mdvz8^@7&{pQm9tFP
z1rkq*bE4<9&cm&@{VBj3?#WOC3d+(`U1Rm}u2mqbZo(5^+OuRV!Ev8Mo90ZTPsnv8
z^<UqBvF^kCzR9*}*>tJegS)k7)jT5B8yY^7(YgOmd*>O}RMz(UnMVgk6i^xIMPRJd
zKuDow6crsrq)S%;K_Q?ZHBBits?t<SR6wLi3!n%jDhdcl5DlS+9(w2@4bH|X&+{hp
zzSlX|xz4w<zl8PAz1qF*wf0KF{w?cmW3?gqpPP4&bul8$SCG10rYl&LP%qay-{uJx
zNW)AiK}k_<eTFsJ@PPSC+&=Hr6l4vm={@;oRrVNXqEUWD8JCsD6{~NFqA|`Zc&AlZ
z9$<&I`A|mUtW}ez;Y$rVe!E--HZuHNuWcwM<UP;+ymX7U>w=5l7o%4nLE$vTrMGBX
zmnk|V!To@`A{09}dn9wpR(^KVRU_Y~bNv&hkJ`UhvMrcKN=+YPpwf$d_o*wAQVXpE
zskH+({RAB%riPo9KRY#eTBXxF!_#iC#$_IU9ZhfEF*fq(;_)U@(xnWm=h2LeM^A%O
z9YplGb&!!_jrB8oDsJk#AFG++1T`-<xELfY??AE{6+_{N$%SS;gNxS62#!#=ZoJ|v
zxEU*PJ2p_fd@CvOf=r3E4K`w8Wm2XkE^M5kdS0>F!)7&8zmF`_9I1Y_>M;(wE6k;t
zzO<wsGM<Jg(K|7FksJ}Ky(&LruvqQMpq1mAs&W<XF{XTu;i=98+aY%q@gIlD!N5<>
zkjKn(iO|rYrH|;U2Rxtlc`p+<GTIr@F4eT#Fu@u_I&i~z4XxJej3xg_bhtDUFE%4j
zLij~JLx}a$LlrrW#+@H7C-n?tv=JjlF#N1fjbYa!vCyeXl4FE%fGfE#`3#SI^j6*;
z?^!m-;@LUG###pNm#lpnOFx1isg)aeM^F#*r#<r-KxAujLcG)5H6I%M(69xanyL4m
zJ8ukLeZhq<i&fq>Y(JJE7br?Uv9@Dx@6L^W$m<j8H<_uPq(Z7;B+6KKn3sFy)cUz5
z@`StyD@?>#x1Jey)=<3O>uMK$iS*PqZ*hR+Ynl1`DUN7}TV8p}1Fqw_)<DWToOrj@
zSX)jOf*Kh%MpgjfxNXVw!K()wBofb9I=E)T&eTtL>e#oDG0rFj#X#hI-{?YtfwuU=
z^qB)xv#EEA+Pt~l6?JYgb?zxss5%qUJZGv@_+Sevyfs^F%w*N5px&$4@z`y;RAW>q
z`L0(`!EIgg4kfkmAYrP!!7|Hv{W`-=`kXb~xYg$lBIE;WfHoNF@wGCtY=nF!?6KK`
zL#LZ&ebr;ujrCBaUYt_Sz(`;dR}oL$(wD6@qjd4*vVPlA1LF}$*ir}*SHcUqyTByf
zF!is$VuMF|q&MqL$Z#ytLdii?hGm&un1P!zyO#Fytb(iA6`M4kyeo9RKYIQ24SL<~
zd*~%y5|%}bkjg6T6ZUsogZ|pBInOj@S8k(Uex&4Tf!5!BZ*eG8Iw34_?WSfx4UFm-
zxV+Y<%I+3BzFw_ld*yboF!IBL)Wa=f7~=#r^zL<a*~Y`6StGs{=?$H|VqIY~_*%C(
zrq-RfVHxg`Z<$Z%>+*22SA4ZLqR8oC%(;;Jbn2D?da1>Y#las@+7nmQM(G7%=(3XG
zuAS5R7p+4XV^rm$U5T$~OYd(#+WVMtHW@x)BE>Q|0(xE>9BYMHwjDYB6&yShdDDyQ
zr^Au;H3JcU$hr_0@p-g5f;g-$Mc$(*j<)EUN}S%=X=!YFFI*ZLYnC!sCt9y49;9Dv
zSfY0)dR~7DDIdwSOO)#w3Cg-`dq{j*WBd+HF68e1>x~T0_IMg?K4UE8P%B~?d#hp3
zk|Z+N>@9w5OPBaj8oFrZ^dOm+@+lLK+L*e&E?<u~+d=|<r!!c0HW(LTELAHe2v7f(
zw7559;vQ9(yFY5(??bgR6%+pxi?@~YW2w15J>gvVp*RgrU=IS#6k<0nq}m;9+qQbd
zGL=-bWA%x|J=(?%*uIu+v+uAID?(Hu9PRDZgKffHvaU)n$P<=Y{czYI62@^dlvK6x
zit4d4?n1}}y|~4dKhc{zVND%V4Q`@6rMv4V&W3$Ja5xIk;*9t9N1bnt9HX4&8f(QW
zkwpgzLyoR@i)Y}X88%gjEveDY%r&Dd<8*=-8>3ld;Y&*)RURvmX-24uz41+de$?3F
zsoV^1xK^Y^7OX94G(ECwI1Z_SmW{V}N3H}m_g*%}w;CHW;;v!inHQ3_qV2agRwkQr
z{bZT1%*SAzABj-T;nHZ|+o80cpIIRvCgq858?NNVX^<E_$J}|&V_G#va(lp{wk9n*
zf3ccV-_r22;rrsno*(<)hUAycxjS2CF<l4jXQTV<MvM+Oc=b$OAm0f2c*p5N@nGgw
zqPr-h(nn{gZf{G+^q%YTAhmd@rJhFO72VOLZDZk2530@!J)Xf064L6<R(OiWCVfFy
z4a&aLi10!BGG+Q_Bht2Gzp^nGq%+dfb8Rjw{=!WhM8CUGgP<N+a@+qJzGL}HW@TmL
z#0$SkX6dY?e5rog&s8!AEwC(m=Jl5@pOv;s8~kj=;=MRXmBCi8?W^0ds-v7@iHKG<
z?rCL+`i_~X=LI8D+cYI>k6y({7d5`>UQ-g?k{+*5CQSRhY&+gSj}FG%{j__flIFjA
z+0*b%L>(kSKZ2k>yRBi{V`}N5+E&L`m%QbsA}**we-E^7i9hF1S0Y^(KSt5O#TXUJ
z#XU}u+1=W+a_30P>2n4yY6c!F2Q>UU*B*fs-!$Y^Q9$r1hL3q~=nM2W*Mpx;8aART
z3n$NwPXB%geg5V~!KZ@9ynFK%raiB%I@H|Py<2G#y~ppZYlH;&$kh?MOV6kyUPM+~
zxA>(@3vX3Q#PSM~jSh_&ADry{Ddgt_(xKWuEp(O^n09z<?*8<vlk0i=C|u#_0aQ-x
zbA|-GUv0Ags1qLZ+bH|;{h_+|BmEDEF5b?nL2jx@7geTK>bf`0O+5(fn8kA*t*%U*
zBJ>W!t`ji8cA#<Hd9HVXZC$3+KU1k<tx@v&Oeo2G%E)Z0U-7b-ncIn9OH`;P-D*)A
z^#QnZp)hr_t9n@VOrgr{ORM@rr^1YWp;J<>#VRIxQBC2ONd@n5daj7l^UzKYx(J?r
z;*n+&y&q<Wde(aTS5oEKji3&TLAxZBjN;CTbG7{q|9XAGJ7Xs|>bDYvcRBXAp6h2(
zyGs~S`a5Q6PM)m;hpC5|I)*#P1{|YWa_U;5{E-{o4~Ux0e%fMU9qW##d>|G96XzyE
zFBf1atBF@gv|lGboqSd4QJ^1=Z(n=T9!kjZhZ^B(ZN{GJSK5T*GLjAxhF}~1Dc8_<
zmsd=miR~C&caO+^W^EcZ&U#Q_Y`k}Jdrnr{{j@u0CJilJY$wpwC$oIQiMixN{l~5n
zU)52MD}rztOqbyctsZtRud#1EK2OTI7qDTw=}+1sk2oewnvHeWmEm6Qv(6;w`-6Fw
zX81i}vT9>@zd|+p3IV)GhPA@ig^#t=YPvNglNpnNIJ|;$p8JC9j28CwwMoEU0VoV(
z;pbId6?zLi8S%_58?!mF-5T#n!#RU_Ic??-22>}>$7F-@^Hz(k+FP>A$Z8%d9cA*V
z(^rB`svKvW>?cOoZ10mXc67b6x+}qX&LoGmYUR#+5sbM(#G45-(<jJP6<6gktX>r&
zgLhFrd#H&P7&S*WmHUzy;PTW#0(k0c<pEQ&8k;vt+uy!kYyAB4K?!p=4Q5G7KuL0y
zs|?36fm`S7y<w2gIa-Z{Qs6S4y1OUwVEANRe9XnXWL#D*-Hf+{Y+c>9A$8n|dLQ1m
zlTDeiy;gKfawy<XUTE}S<4@$63ZL%Eh%_hSb5qqfDv^#=uFZz_9dr@%97k;7`IzKt
zhaTLcFV?lN&iqqY=uy0jG_vhvaQ^&rSYszq!txbGNbDnr6Gu*K082!LYWXCw+@_|T
z{fNEWY7idSF66k{<ciSZo{+A`xcfs-Shv#EDP9KIv)`&0WbbdpM3vy<Ry|KPVBd2|
z3MV$4mrR+DHiB-lJcZR6>PrVgoZ#lK3KhGT)V8KM^rqJj)<i&KkkVhOJa!a-Fu3K$
zgqD@F&P+xso!OkB?`GxVH6TmX%1lrwBiAqbs@Iq;(iE6K8N47JIIVb~$;-&&>;ScQ
z$z*v(C5d@t38}31?cKVq`yr<yuHO=2^^sN~k(v_Wm8ezI*&%T&@6l;;wti^vx5aNX
z7jtr!ANMUVJ&^LRP#QROb~N;^uV3nN70lv|r62j1y71dg%L-qrL_ayp7oq$U%MTp4
zU`RLxC439>a%Px*+#h=)eQgS+<fJlEl~aGweT8_ailB<UV4gKCulQh*;+-TE?EP!c
zjU)Q9lbNyC7o2<L9K5A`CY{FCX`fasL_Vj9;I&fpCNF)tDRqi%cBy4<7oJIpxcOOn
z50(;A<jL4$wB|6hpqS6py|kSsA9j}HZ{wTCj&TntVe3eSg}GH^Q)ZB5+#9!RvK1`x
z_L!tE(Kg6smrMA8{h|1ZCH6`8QoC9*_v$R&DMzeh`!n>3i$-HZUeDwkqfX$S7B@Q}
zl{;=0UAdSfOnk2}uB!S|U5JR^9^!z!=hr*fCGvLjoC700?dqq5IS-G>N?OeaT6KgR
zS8~4mP1R_HMxn0TICF%33N6Yy#X1{q#k%MXuf7)kB-v5;lj&Bctqci67wrQRq7b#1
zt2IR!3j&Ywmi{q&`dMAA%S`lK+#=?qO)aTyX8Ann8TP8l@4+4}vpt4x`<c8Bi0Ba}
z^MKUFrmvPvtye}5TxqhGeQ*@bRu6Il+n~!#w6olC)X92z2>$FV`96mR{APFOEVei~
z=;{6!PCdU|-zr*Dta;w84+Z|HHF2){nwmB4=n4b6VRy~cIm8iSFU+}@RK_r|6vk?%
zit3OGuEl3m@TO2A)4{Qa?#AUmcKs==INSm1U>obYZ>m!+w+`B{F5Y5jok`AVEuF-n
zwJt9qVQnRS_R^oQ8dH-w$_>*weRnGKc6%1MFS<@rQ8^_DEwr<iA@}##1>aah^lw-5
zl4~qGs6A+2H0;%_4{qCa#3Nf77Z%c%6*-Gv_H~HN<{kdx|Hh~xGs_*~I-(;{H85|G
za?QzX9?K4G8qo`^Ix)pG>yuo3*d$Vj+B*uWD2$t<Ttn6#YR>lyP@EVzMVOA{zT>Tw
z^}Wcgx07T=Vj9f1lhOKzgUi!Ihj+e=Ue1|Nnfdz3+pDncm0X`v+JXV`t($Fe<JL$o
zhI3Pi`h@$LEt4-+vJVG4(CIlnUZ)yc&p==9U^{<)ElxGv(KEQ76^nUsVuRWC5OOix
zYgxJTlv0p7B@N!l<yxkMNplrPBxAfL9{Lh|GzglUv3Kh>JTZd9omt=+2BV&8qsT6g
z)W%=*8t&4BTr-td15m+TzHP>TJj=CZMebt8$&T$v^sQFNVc=;lv(Dy~Hs76j`8zEN
z>OsY4ST*GrXNvA9#dxBzAL~bdeoQIXG5gm0n~q}9PbGIT_*d8+>FVRB?Fe=uuom}F
zvs~3wl@g(FW6{WS)7{_`Q%T6&_2iX8^Du60u+aQ<gKt&9KW6{9V4lM!?j?X<V<8%z
zibrtGlSk2cp5c)d7Z>}z!ia9`;Zbv@E;3E>W4E@&j54MIFq)0LUi*U^bFT*|Dsyh3
zZqLe+3c*+vDgt@VwD`BoVuQSEGB$Ry^b*65^IrHY_3I_iQILLXKTy`IUN)h=80B?m
zmD#?|yr+Ag(qw%jFPw`_yrEejM!V?qc=+(UZA;U#uc-moUou{nPsC)lP8tpbss;Yb
zb4`|eRl$DaP@Ptdt4ML{Z^n_*t=kB~2X@E|-5p053n6utvZ#eWKl&s!@@P+ouyg+b
zEG{T^=wFds@u-_P5PppD`b4IJV%J#A*drBY;P{Sngyjs%>z9@yA6C3nTp?XC*6<G}
z$`r+#Nxr2@Vv=bN-Wx$>ai>NscvWlF#0Npi)UT?Ngl|4;nv{o#w^l)gU;K^wmwKgU
zByrD=BF7sNNoJiPk9svMX!Hr<ZzCsVLn1O=+%XRB<b~>!#uj0ZT-+oV$<1xi+@<g-
zsVha^(A<&E=j_K*jRpA1yAu{#*No=x(=JKRgzc=c8hF*s)6dQ?1NW0Avc`RV{5$68
zFFzB<N_Md5DEnL7z7ItUwXMqwy9-OkRvn2|fqko`dfi*>+_~$nW=iL}3X9vj^iwF)
zUek)kJ33EnuzpG5I8JXLe&#KQSNQ0V{<(o6G_v$$q3+WnMEWK0#KD(dPu6si(fQ0c
zRrfu)FbkbO9{@9HA}9F1!nQiqt=L_vq4auAI@a60vBN_256;?)xb74x`{Z@&-N5y<
z6@X-w*8DG0$WQ%iR7bT&WYKu6DcVjRFHD{GTtz!Hk^O$`A*bwfCp6v&RM3aC$DB%9
z321Th17F&LIb+oD)=i4(yHIqbJ@jX8=S}l0+o&UkSb$U{LU3Wbl90iHZF70*{<e^=
zjYAgUisy6tX);3L*viQd_hv4X5oizI;0~@36=;R82*UdqAzNuXdwI7PXL?!wpS?Cr
zvT!C>UpXTVqZa(P&oX{Tk+gy~exG+JE5RwR`BoVY8+7C`#_1she-RRG7uwqUAaOs0
zC-*Pp27Z)<FlG1OA&b<JcA`zZ(LO^228>SFy))eChuNs%YGUwHuA5lf>d$VNcMmK2
zQ?MTcGahvAD@nyz6_X^#bX0X5_fZ$PDTa(@J@jyXS6<1_INGi-jAg?@42TkJtg;q0
z`}7j<74{o8Bb%77g*D{3JYAt$t(ugtV=cXnRc22q5iHCG+_rtzI>{DSk;-M7zYB??
z;qKdvEo;1^HP)s!)v58`$x!@qSk!AXvR1@Lyi8}D{RD65{cCWvt1ids>C+X&KB`+x
z*zC;ods6&o;p2G4WMdx#oE+!ty;-Akh9T+|&vWN~Xr{VJ6E&89Ku+V2J-_Gwp)0_E
zLyNerf=A}(aVrTMvaB!63XS_1wbhNGgN?4Mh~pNd{Tv?o9-6oZdBIRgGYIvdB;aAH
z{_G4hhm2EOi?3MG(z!*81;uNW;l<7RZ;$jD%aeisf1O7i9Z8Ft!zI!Ss7gu3h=c6;
z<3lE_FIb#&F>Rmz{P9B@i4{v%eK+pT*<;TR20ojY`Q^$8WqhP{@Zo1%#{G1tT=Y`N
z=d)aw1M9Jk=%$eeE;2QC6~b=G)r$)E%X)sGP;qyIJ)gMK?gSDgTJl{n##ySLc!rn_
zv{x;eR)~+qx;QtM<C~Vz@$5xM*I9g9jZ=gHDowQQhDJt>ZtvX+1=<GAW)5-K5Ni`E
z-Iri6!HO`tcQ#<|%%$bhiO&_SU*lVcCT9>L#(S673GM6*XC;aL8jI`4=}VmB{_95;
zjiu<O_RX3xOQRvVwM3t=g!T?Ee4-w((-S`>g^;FIPK1|g>_88A(@i8Xv-#3qwf5c{
z&)RG3J#r_<Kqm?o=1(nn94J>!;AzE0x2$-qCRnZ3MR0OvFb@XQbZRX-+;;0zPjVP>
z(}}B>VW`MKdem)d!>aA-tNhyfy=^d<I8*28Qn_#46HjV7!7b5-e5=-ZhEli>V{2%3
z_I~Z}Xa+jwV>=_wi*c7BncmIG=|}xaVfv8{t|dB?j?cSh=PvZuj4WMR^@%X}$$xjB
z*=zIBd~$M|ON98n9oSB9qAR-?UDw-Fr$xkjUs9?HG+~rOmb>M)`p0;c?<csWEr#Es
zBLgrY$${3R=RURFU24JC$YoTU(Wg49-&`-&%q;wG|2(Yxk8k>2P6OWHtPh{|NNJ;Z
zPC6^NY5iosU(i;+zi_HL+BA3W_Qx#a!w{R1B<7u23~5aqFXgBt$xdj{y*@i*7Gavx
zr}VR{DwQGS-LJLHct2;6ye)D4z|)s&<=>Q^C@hq=^LQswH^?WQ@Cmb&eYUQSsSx)8
z|LsH-h!c4j?a)!uQfJJ$H^0^J@G{9G)W*a9R!NioR>R$s6~B@sI4d%rI1l@9-E7Vt
zgQbN#&bZSJgFF@cG3(y-*iqc+4lPrnY{cW_>1~<ehW1Rk2iRYGlD^^#QF+OzUx^lq
zd*GBYViLx&r{=(TNL0d=RR@Q3g!1hAk<rQnJZs~071|~Fbkh+BZ6oqm7iqjH!SjJ;
z(wmnDThM*_NApz2<T|pNi4srg*TCZ(;RShjX!GK`nbKsqN|>lj$zx}6kCh8@CJMK;
zw&9f?T*IBcKJ;oI@6M>v#o6DAw{$aoox?4&*hKc1CR4LHxrL0DY|FX0hr|;d%tmbG
zvHcR3#R<n;9ybjrBaKw_*)LXjN1n1u+c~xEb!u6UE~jM`qQI#wWJ>>@pu)`l1D<ou
z!409qTR?5#^tz92`DmLg+(Dw2x2Jz%u<&$?&Z!{HyucusJ#)|fuQ(|d`fLX&8N~M2
zQN;bK!?C{4k~-FgQ)js)2DqgxCk%I&*IQMwer==VYy1&HI9>YG`$2=Pd+=p?>yq{2
zw{Ozc>XkRL=J8?`UYb8<AzZ5&mFuR!=d9f<1E)PwQN!y$vFwwR#~8hK6HL_s<<P<u
zl%@3AO<ARO-K~u~^tDznpOjJ08H40)kpyw-V>FBR+8E*I*+$T@mwvf)dVFpDcrNS8
z^zF{CjO*V*rq<${1B*V(y?=|KFmBi&PGVfqQW``bYoyBR!8HsVt)#E*Id<Jy{9Kl6
zi3p2%cG$qMS9xPrw6bt5tK&)&^WI^y`7sHaM9Hi#@a>wgJ2`?e<D#%gbMKa2q@~s~
zPm-;}(89~$6;$MxcUj`J#%9#JIOPrFi!-JnRz}MqxP!$8a_^a|JVJr^+PYOcTQxF%
zBS@KQM47bw9d8;$+#^JDV;5<+%OEUhm(jl=HZ;h+2Mj_OrOUhJZcC(2W%Ri7+{_OV
ztrbx%OGTM+;P`t;p^TOx8aqq$BW>hEpQXVKn(Z-}8HZij2YEZpo0#6~A<uqCm`E(L
ze#Q)VV7^?lO}A8am?0P!mjx7%r%#KOS`XUKe!HL8`_eOYieMHu@UbDX<4agfo$AKG
z!SNr)e_XxapUC*g;^a1-8c(DbQS6=I{y*TMz_A2YsM0=dPjqRk*siMG`_tYQr6}lz
zeSR3*aFW>mGHAaVWqXD~&3kr%dl70}qXFv6iK#zdT!6Gi@jPY?efJrsZ9#1}h+$Mv
zQC$X2<D3hPZOb(&wrAM=&D3b6zK}!Nv<+EWc7`wOQE$NPS39#H?l*=$Z4PSrrtQW<
z%9v2=LZn!l^iKDv{+^3(9ikM36r?ic?(8}&CS8#+XEZ{GnfN)~6pf;o-EdFr)$p%d
zIYocJZG<5^VnM%GysscoN-jZ7o$=6xESITZ$9%n#-AXKMo0Las=GLgYvBKVbi7<RO
zt+|DL4}N<A)_Y^Isj<e<kmeg2+(bPU`*BHhdKP=zWh8djMUs>Q{;HjH@ScFE3{bq+
zqnXb1Sf~@Caz<C3SC)w1cB>A4r6Q>R9lN@%n3-;v<?cR)<m#S&UNBv<%XyDb_zPZ*
z@u-(~Nol!O1s&SEbiii>WU37n>j=Fl55juMxb-9`ZTr-Ku!Sg+a5uY*HpF%^s(;`L
zMQ$K};a=K~Rg1!<{Ya|3fsw)z3NOq?2q)JwOrMC(>|!yWIet5nmUS6Ek(rwQy!^@S
zbzRZE5kqCH!458)7WEDl4WW$Da)xNEp<iYf!o<gK;t09Nmlse-X|++PbIn?RjAgU`
zrAVBq#P0upZF*oGQLnM>KQCGc*Zk=J?e$(IO1)-0aLB)0O@}8nOsiIx`}96O6w__e
zeZR0cg~Tf?#vC+Uy=C34(BdvT_u7w@KO;(YSv}j7b!|5P>fyey{zm59rz$L(+P&!2
z=&<P3YsVslC2_k;UDu0TRB_{WE%+3*@|XBlJ5M#j9;uSLwOiTv*6~~lCAd!0Dg9;H
zbX@l>-#QonPY|#4nQ&B<M(-7>0YRbLA-K+<HzgBE<&@WTXNB?>@(|{Zb;ALyz+o#^
zAon2`9)6!&J$Q!;XE?J0+mu;>=Se!j+6IZUP?g(+z;csd3^v#`xY)(*p-ZAd*>nsc
zyZd-B=2Wnu!6j;%=YevwS@!R{7RG`xwyVoCmlxO@KR&!BVfYVZI)HZhZ!+D#8HNA*
zSW$CpjkBiy*S#;h|3Bi2>TD7=|Hrd>zn=m7H(2z~6JbFBLsR=Z_;d61J45qNvZgkG
z{{%tdz-hCaBu=>ACUx?kj*<Od@&6&d@jt!skNiduP^!k}8Mkl%P73=@>HO;)+0E3y
z>5U+Ox%ofP8=?Olz41G0@W0X<H_?@w{m=!_mw&M-0fOWoB0%!|Px&v(tS*2o{oD4h
zgJ^Z&dH`?oZ}~60B^Ws0_iu3%9=TZ=bQ3}PxB6F<>40_r7QdqoH%$SgDfr(l`!m0x
zp@`NW@p$%vmuH}emf2;GKwzXc8)zl+XHfh}O9b4xDS|gCi@?ifyQ~0^=pQeCqySRs
zrU>~X1u$1PQ{RsnwgO<G-&5a%#YzNVmTtcH9lmM>1jZjp0J3S~9|T}E0jTG{5uc#}
zo|i<l_kO3q0w)81zjXEjz))Siy_fciY^H(e13~rnet&DP-yhodg!Z4>pLXAEAp&+F
zu#SMHqbFD%Sm&?u{;mTI(gyM8)rEot%F~7F{)49X4|!p5f%0Iw|DZvk0(NkaK$~^p
z5PmzDHWbd^7MM01tjkv(3<OMKK1~}8I9pH?><3s^pbl-Y9)v$Hz*dFvw;2Rf!aqiU
zro-P4Km-4S2Itpc09lw{1M2;Uyl@>bU*A9=Z8*PQKwuyg`R%|!qXjj={(`k(f_cF@
zf^`5`U;gr7dIIAMf`J9w3<HA&d<p|Y1U1+{<b@0L7XT82VSH@?G;MyL0-BDXou0rv
z(t!bpU%v8mHwzTdpiut!1MIW~>~ui_^Gz2p<oB~K6rwFqFH{f0?|WUS9!$^<CRiR!
zTaUjjV1Ufb?-xMR<Bw-R6PUkX9k{@J0|VS;exHJ&Ado<LP;G(r4-D0Y3)+FT`F#q8
z>OuMI0PxNb{=9&u!yiL{1{So_6=*XMxdQVSxOWN689hB1oWFg5oj`2pK>)BeU%UWN
zZ-KQ5qOC39XF${CZ!@6j@sArsTNlbdz7TCafwdR{tabeU12n<%z`6o{hJYag;|2i(
z6PT}W5ST86-!FhBFy8<TENBPRB2XSoU@ZY)+dBL{1wh;aaSzyO3)%^e8x(+N^S1>G
zfeMT{6e2ih06UOC-p!jlUq7IL8UGjo(^6MZ1H<_9ZcbmmI)FQ#Hb@{ZNEgQEKfq2;
zusmR&%NGYgP8k1M0_26l`PL?oE?iHCU(<%`=<&q?2n^i1`P%{@-udST2n>Tk`PMaH
zudBnqzJMUW&YaILATV4T%3m)8F0k$bc0jBD>v#bBFyIo@1o{Tp@yGaPUjBR3rUv8p
zDG&w%;|6H__vFnzq27PQ>GgmMmwi10L^k)l)|bOQ0k}IzM9a$G|GLQL-W~YxbIR|M
fzsTm6{ZF>~g@Ehd_ntsWx?q^dzJ13nPKf+3DCO#v

literal 0
HcmV?d00001

diff --git a/packages/config/src/index.test.ts b/packages/config/src/index.test.ts
index 04add03..e2ad172 100644
--- a/packages/config/src/index.test.ts
+++ b/packages/config/src/index.test.ts
@@ -48,13 +48,23 @@ describe('validateEnv', () => {
     expect(result.WHATSAPP_SESSION_PATH).toBe('./sessions');
   });
 
-  it('applies default TOWER_ADMIN_JIDS of empty string when not set', () => {
+  it('applies default TOWER_PORTAL_BASE_URL of http://localhost:3000 when not set', () => {
     const env = {
       DATABASE_URL: 'postgresql://user:pass@localhost:5432/db',
       REDIS_URL: 'redis://localhost:6379',
       JWT_SECRET: 'a'.repeat(32),
     };
     const result = validateEnv(env as NodeJS.ProcessEnv);
-    expect(result.TOWER_ADMIN_JIDS).toBe('');
+    expect(result.TOWER_PORTAL_BASE_URL).toBe('http://localhost:3000');
+  });
+
+  it('applies default MEMBER_JWT_EXPIRES_IN of 30d when not set', () => {
+    const env = {
+      DATABASE_URL: 'postgresql://user:pass@localhost:5432/db',
+      REDIS_URL: 'redis://localhost:6379',
+      JWT_SECRET: 'a'.repeat(32),
+    };
+    const result = validateEnv(env as NodeJS.ProcessEnv);
+    expect(result.MEMBER_JWT_EXPIRES_IN).toBe('30d');
   });
 });
diff --git a/packages/config/src/index.ts b/packages/config/src/index.ts
index 5b96a7d..b6db80c 100644
--- a/packages/config/src/index.ts
+++ b/packages/config/src/index.ts
@@ -10,7 +10,10 @@ const envSchema = z.object({
   MEILI_MASTER_KEY: z.string().default('tower_meili_dev_key'),
   LOG_LEVEL: z.enum(['trace', 'debug', 'info', 'warn', 'error']).default('info'),
   WHATSAPP_SESSION_PATH: z.string().default('./sessions'),
-  TOWER_ADMIN_JIDS: z.string().default(''),
+  TOWER_PORTAL_BASE_URL: z.string().url().default('http://localhost:3000'),
+  BCRYPT_ROUNDS: z.coerce.number().int().min(4).max(15).default(10),
+  JWT_EXPIRES_IN: z.string().default('7d'),
+  MEMBER_JWT_EXPIRES_IN: z.string().default('30d'),
 });
 
 export type Env = z.infer<typeof envSchema>;
diff --git a/packages/search/src/index.test.ts b/packages/search/src/index.test.ts
index f9d41c5..9566aa6 100644
--- a/packages/search/src/index.test.ts
+++ b/packages/search/src/index.test.ts
@@ -26,13 +26,13 @@ describe('MESSAGES_INDEX', () => {
 });
 
 describe('configureIndex', () => {
-  it('sets searchable, filterable, and sortable attributes on the correct index', async () => {
+  it('sets searchable, filterable (including tenantId), and sortable attributes on the correct index', async () => {
     const { client, mockIndex, mockUpdateSettings } = makeMockClient();
     await configureIndex(client);
     expect(mockIndex).toHaveBeenCalledWith('tower-messages');
     expect(mockUpdateSettings).toHaveBeenCalledWith({
       searchableAttributes: ['content', 'senderName', 'sourceGroupName'],
-      filterableAttributes: ['sourceGroupId', 'tags', 'platform'],
+      filterableAttributes: ['tenantId', 'sourceGroupId', 'tags', 'platform'],
       sortableAttributes: ['approvedAt'],
     });
   });
@@ -43,6 +43,7 @@ describe('indexMessage', () => {
     const { client, mockIndex, mockAddDocuments } = makeMockClient();
     const doc: MeiliDocument = {
       id: 'msg-1',
+      tenantId: 'tnt-1',
       content: 'Hello community',
       senderName: 'Alice',
       sourceGroupId: 'grp-1',
diff --git a/packages/search/src/index.ts b/packages/search/src/index.ts
index 6ae224e..b9bcd2e 100644
--- a/packages/search/src/index.ts
+++ b/packages/search/src/index.ts
@@ -4,6 +4,7 @@ export { MeiliSearch } from 'meilisearch';
 
 export interface MeiliDocument {
   id: string;              // DB Message.id
+  tenantId: string;        // tenant owner — required for multi-tenant filter
   content: string;
   senderName: string;      // empty string when null
   sourceGroupId: string;
@@ -20,15 +21,22 @@ export function createMeiliClient(url: string, masterKey: string): MeiliSearch {
 }
 
 export async function configureIndex(client: MeiliSearch): Promise<void> {
+  // Ensure the index exists with the correct primary key
+  // (Meilisearch v1.11 can't infer it when multiple fields end with `id`)
+  try {
+    await client.getIndex(MESSAGES_INDEX);
+  } catch {
+    await client.createIndex(MESSAGES_INDEX, { primaryKey: 'id' });
+  }
   await client.index(MESSAGES_INDEX).updateSettings({
     searchableAttributes: ['content', 'senderName', 'sourceGroupName'],
-    filterableAttributes: ['sourceGroupId', 'tags', 'platform'],
+    filterableAttributes: ['tenantId', 'sourceGroupId', 'tags', 'platform'],
     sortableAttributes: ['approvedAt'],
   });
 }
 
 export async function indexMessage(client: MeiliSearch, doc: MeiliDocument): Promise<void> {
-  await client.index(MESSAGES_INDEX).addDocuments([doc]);
+  await client.index(MESSAGES_INDEX).addDocuments([doc], { primaryKey: 'id' });
 }
 
 export async function deleteMessage(client: MeiliSearch, id: string): Promise<void> {
diff --git a/packages/types/src/auth.ts b/packages/types/src/auth.ts
new file mode 100644
index 0000000..0959347
--- /dev/null
+++ b/packages/types/src/auth.ts
@@ -0,0 +1,61 @@
+export type AdminRole = 'OWNER' | 'ADMIN' | 'VIEWER';
+
+export type JwtKind = 'admin' | 'member' | 'superadmin';
+
+export interface AdminJwtPayload {
+  kind: 'admin';
+  sub: string;
+  tenantId: string;
+  role: AdminRole;
+  email: string;
+}
+
+export interface MemberJwtPayload {
+  kind: 'member';
+  sub: string;
+  tenantId: string;
+  jid: string;
+  phoneHash: string;
+}
+
+export interface SuperAdminJwtPayload {
+  kind: 'superadmin';
+  sub: string;
+  email: string;
+}
+
+export type JwtPayload = AdminJwtPayload | MemberJwtPayload | SuperAdminJwtPayload;
+
+export interface LoginRequest {
+  tenantSlug?: string;
+  email: string;
+  password: string;
+}
+
+export interface LoginResponse {
+  token: string;
+  admin: {
+    id: string;
+    email: string;
+    role: AdminRole;
+    tenantId: string;
+    tenantSlug: string;
+  };
+}
+
+export interface SignupRequest {
+  tenantName: string;
+  tenantSlug: string;
+  email: string;
+  password: string;
+}
+
+export type SignupResponse = LoginResponse;
+
+export interface AdminProfile {
+  id: string;
+  email: string;
+  role: AdminRole;
+  tenantId: string;
+  tenantSlug: string;
+}
diff --git a/packages/types/src/bot.ts b/packages/types/src/bot.ts
new file mode 100644
index 0000000..7b60a5e
--- /dev/null
+++ b/packages/types/src/bot.ts
@@ -0,0 +1,35 @@
+export type BotStatus = 'ACTIVE' | 'DISCONNECTED' | 'BANNED' | 'PAIRING';
+
+export interface BotSummary {
+  id: string;
+  platform: string;
+  jid: string | null;
+  displayName: string | null;
+  status: BotStatus;
+  isBot: boolean;
+  createdAt: string;
+  updatedAt: string;
+}
+
+export interface BotInitiateResponse {
+  pairingToken: string;
+  expiresAt: string;
+  qrDataUrl: string | null;
+}
+
+export interface BotAttachResponse {
+  attached: true;
+  bot: BotSummary;
+}
+
+export interface BotQrResponse {
+  status: BotStatus;
+  qrDataUrl: string | null;
+  pairingToken: string;
+  expiresAt: string;
+}
+
+export interface BotRevealResponse {
+  jid: string;
+  revealedAt: string;
+}
diff --git a/packages/types/src/index.ts b/packages/types/src/index.ts
index f545587..317f895 100644
--- a/packages/types/src/index.ts
+++ b/packages/types/src/index.ts
@@ -1 +1,5 @@
+export * from './auth';
 export * from './message';
+export * from './bot';
+export * from './onboarding';
+export * from './rule';
diff --git a/packages/types/src/message.ts b/packages/types/src/message.ts
index a2b87e1..254e04b 100644
--- a/packages/types/src/message.ts
+++ b/packages/types/src/message.ts
@@ -59,6 +59,7 @@ export interface SyncRoute {
 }
 
 export interface IngestJobData {
+  tenantId: string;
   platformMsgId: string;
   platform: Platform;
   accountId: string;          // which bot account received this message
@@ -67,9 +68,11 @@ export interface IngestJobData {
   senderName?: string;
   content: string;
   tags: string[];
+  effectiveAction?: 'FLAG' | 'AUTO_APPROVE' | 'SKIP' | 'REJECT';
 }
 
 export interface ForwardJobData {
+  tenantId: string;
   messageId: string;          // DB id of the approved Message record
   content: string;
   sourceGroupName: string;
@@ -79,6 +82,7 @@ export interface ForwardJobData {
 }
 
 export interface IndexJobData {
+  tenantId: string;
   messageId: string;       // DB Message.id (cuid)
   content: string;
   senderName: string | null;
diff --git a/packages/types/src/onboarding.ts b/packages/types/src/onboarding.ts
new file mode 100644
index 0000000..18685e7
--- /dev/null
+++ b/packages/types/src/onboarding.ts
@@ -0,0 +1,86 @@
+export type ConsentScope = 'INGEST' | 'ARCHIVE' | 'REPLICATE' | 'DISPLAY';
+export type ConsentStatus = 'GRANTED' | 'REVOKED';
+export type MemberOptOutReason = 'STOP_KEYWORD' | 'SELF_PORTAL' | 'ADMIN_ACTION';
+
+export interface OnboardingTokenPayload {
+  groupId: string;
+  jid: string;
+  tenantId: string;
+  iat?: number;
+  exp?: number;
+}
+
+export interface PublicOnboardInfo {
+  groupName: string;
+  tenantName: string;
+  policyVersion: string;
+  defaultScopes: ConsentScope[];
+  defaultRetentionDays: number;
+}
+
+export interface RequestOtpRequest {
+  onboardingToken: string;
+  phone: string;
+}
+
+export interface RequestOtpResponse {
+  ok: true;
+  challengeId: string;
+  expiresInSeconds: number;
+}
+
+export interface VerifyOtpRequest {
+  onboardingToken: string;
+  challengeId: string;
+  phone: string;
+  code: string;
+  scopes: ConsentScope[];
+  retentionDays?: number;
+}
+
+export interface VerifyOtpResponse {
+  memberToken: string;
+  user: {
+    id: string;
+    tenantId: string;
+    jid: string;
+    displayName: string | null;
+  };
+  consent: {
+    scopes: ConsentScope[];
+    retentionDays: number;
+    policyVersion: string;
+  };
+}
+
+export interface MemberProfile {
+  id: string;
+  tenantId: string;
+  jid: string;
+  displayName: string | null;
+  createdAt: string;
+}
+
+export interface MemberGroupSummary {
+  id: string;
+  name: string;
+  tenantId: string;
+  scopes: ConsentScope[];
+  retentionDays: number;
+  policyVersion: string;
+  consentStatus: ConsentStatus;
+  joinedAt: string;
+}
+
+export interface OptOutRequest {
+  groupId?: string;
+  scopes?: ConsentScope[];
+  reason?: MemberOptOutReason;
+  notes?: string;
+}
+
+export interface OptInRequest {
+  groupId: string;
+  scopes: ConsentScope[];
+  retentionDays?: number;
+}
diff --git a/packages/types/src/rule.ts b/packages/types/src/rule.ts
new file mode 100644
index 0000000..0f59cc8
--- /dev/null
+++ b/packages/types/src/rule.ts
@@ -0,0 +1,31 @@
+export type RuleMatchType = 'HASHTAG' | 'PREFIX' | 'REACTION_EMOJI';
+
+export type RuleAction = 'FLAG' | 'AUTO_APPROVE' | 'SKIP' | 'REJECT';
+
+export interface TenantRuleData {
+  id: string;
+  tenantId: string;
+  matchType: RuleMatchType;
+  matchValue: string;
+  action: RuleAction;
+  priority: number;
+  isActive: boolean;
+  createdAt: string;
+  updatedAt: string;
+}
+
+export interface CreateRuleRequest {
+  matchType: RuleMatchType;
+  matchValue: string;
+  action: RuleAction;
+  priority?: number;
+  isActive?: boolean;
+}
+
+export interface UpdateRuleRequest {
+  matchType?: RuleMatchType;
+  matchValue?: string;
+  action?: RuleAction;
+  priority?: number;
+  isActive?: boolean;
+}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index a6a28ea..7f535f1 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -25,16 +25,22 @@ importers:
     dependencies:
       '@nestjs/common':
         specifier: ^11.0.0
-        version: 11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2)
+        version: 11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2)
       '@nestjs/config':
         specifier: ^4.0.0
-        version: 4.0.4(@nestjs/common@11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2))(rxjs@7.8.2)
+        version: 4.0.4(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(rxjs@7.8.2)
       '@nestjs/core':
         specifier: ^11.0.0
-        version: 11.1.24(@nestjs/common@11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/platform-express@11.1.24)(reflect-metadata@0.2.2)(rxjs@7.8.2)
+        version: 11.1.24(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/platform-express@11.1.24)(reflect-metadata@0.2.2)(rxjs@7.8.2)
+      '@nestjs/jwt':
+        specifier: ^11.0.0
+        version: 11.0.2(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))
+      '@nestjs/passport':
+        specifier: ^11.0.0
+        version: 11.0.5(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(passport@0.7.0)
       '@nestjs/platform-express':
         specifier: ^11.0.0
-        version: 11.1.24(@nestjs/common@11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.24)
+        version: 11.1.24(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.24)
       '@prisma/client':
         specifier: ^6.0.0
         version: 6.19.3(prisma@6.19.3(typescript@5.9.3))(typescript@5.9.3)
@@ -50,6 +56,27 @@ importers:
       '@tower/types':
         specifier: workspace:*
         version: link:../../packages/types
+      bcryptjs:
+        specifier: ^2.4.3
+        version: 2.4.3
+      bullmq:
+        specifier: ^5.0.0
+        version: 5.77.6
+      class-transformer:
+        specifier: ^0.5.1
+        version: 0.5.1
+      class-validator:
+        specifier: ^0.14.1
+        version: 0.14.4
+      ioredis:
+        specifier: ^5.0.0
+        version: 5.11.0
+      passport:
+        specifier: ^0.7.0
+        version: 0.7.0
+      passport-jwt:
+        specifier: ^4.0.1
+        version: 4.0.1
       qrcode:
         specifier: ^1.5.4
         version: 1.5.4
@@ -68,13 +95,19 @@ importers:
         version: 11.1.0(chokidar@4.0.3)(prettier@3.8.3)(typescript@5.9.3)
       '@nestjs/testing':
         specifier: ^11.0.0
-        version: 11.1.24(@nestjs/common@11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.24)(@nestjs/platform-express@11.1.24)
+        version: 11.1.24(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.24)(@nestjs/platform-express@11.1.24)
+      '@types/bcryptjs':
+        specifier: ^2.4.6
+        version: 2.4.6
       '@types/jest':
         specifier: ^29.0.0
         version: 29.5.14
       '@types/node':
         specifier: ^22.0.0
         version: 22.19.19
+      '@types/passport-jwt':
+        specifier: ^4.0.1
+        version: 4.0.1
       '@types/qrcode':
         specifier: ^1.5.6
         version: 1.5.6
@@ -90,6 +123,9 @@ importers:
       ts-jest:
         specifier: ^29.0.0
         version: 29.4.11(@babel/core@7.29.7)(@jest/transform@29.7.0)(@jest/types@29.6.3)(babel-jest@29.7.0(@babel/core@7.29.7))(jest-util@29.7.0)(jest@29.7.0(@types/node@22.19.19)(ts-node@10.9.2(@types/node@22.19.19)(typescript@5.9.3)))(typescript@5.9.3)
+      ts-node:
+        specifier: ^10.9.2
+        version: 10.9.2(@types/node@22.19.19)(typescript@5.9.3)
       typescript:
         specifier: ^5.7.0
         version: 5.9.3
@@ -178,6 +214,9 @@ importers:
       ioredis:
         specifier: ^5.0.0
         version: 5.11.0
+      nodemailer:
+        specifier: ^8.0.10
+        version: 8.0.10
       qrcode-terminal:
         specifier: ^0.12.0
         version: 0.12.0
@@ -188,6 +227,9 @@ importers:
       '@types/node':
         specifier: ^22.0.0
         version: 22.19.19
+      '@types/nodemailer':
+        specifier: ^8.0.0
+        version: 8.0.0
       '@types/qrcode-terminal':
         specifier: ^0.12.2
         version: 0.12.2
@@ -998,6 +1040,17 @@ packages:
       '@nestjs/websockets':
         optional: true
 
+  '@nestjs/jwt@11.0.2':
+    resolution: {integrity: sha512-rK8aE/3/Ma45gAWfCksAXUNbOoSOUudU0Kn3rT39htPF7wsYXtKfjALKeKKJbFrIWbLjsbqfXX5bIJNvgBugGA==}
+    peerDependencies:
+      '@nestjs/common': ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0
+
+  '@nestjs/passport@11.0.5':
+    resolution: {integrity: sha512-ulQX6mbjlws92PIM15Naes4F4p2JoxGnIJuUsdXQPT+Oo2sqQmENEZXM7eYuimocfHnKlcfZOuyzbA33LwUlOQ==}
+    peerDependencies:
+      '@nestjs/common': ^10.0.0 || ^11.0.0
+      passport: ^0.5.0 || ^0.6.0 || ^0.7.0
+
   '@nestjs/platform-express@11.1.24':
     resolution: {integrity: sha512-CeMKbRBm05aOBiWhIHWO2xDeHbxynBF9ySQv3gRjObz2N5+uJnYriAYkHvVqvC4JIydmMPmT5VdICFNlNz3qyA==}
     peerDependencies:
@@ -1339,6 +1392,15 @@ packages:
   '@types/babel__traverse@7.28.0':
     resolution: {integrity: sha512-8PvcXf70gTDZBgt9ptxJ8elBeBjcLOAcOtoO/mPJjtji1+CdGbHgm77om1GrsPxsiE+uXIpNSK64UYaIwQXd4Q==}
 
+  '@types/bcryptjs@2.4.6':
+    resolution: {integrity: sha512-9xlo6R2qDs5uixm0bcIqCeMCE6HiQsIyel9KQySStiyqNl2tnj2mP3DX1Nf56MD6KMenNNlBBsy3LJ7gUEQPXQ==}
+
+  '@types/body-parser@1.19.6':
+    resolution: {integrity: sha512-HLFeCYgz89uk22N5Qg3dvGvsv46B8GLvKKo1zKG4NybA8U2DiEO3w9lqGg29t/tfLRJpJ6iQxnVw4OnB7MoM9g==}
+
+  '@types/connect@3.4.38':
+    resolution: {integrity: sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==}
+
   '@types/eslint-scope@3.7.7':
     resolution: {integrity: sha512-MzMFlSLBqNF2gcHWO0G1vP/YQyfvrxZ0bF+u7mzUdZ1/xK4A4sru+nraZz5i3iEIk1l1uyicaDVTB4QbbEkAYg==}
 
@@ -1348,9 +1410,18 @@ packages:
   '@types/estree@1.0.9':
     resolution: {integrity: sha512-GhdPgy1el4/ImP05X05Uw4cw2/M93BCUmnEvWZNStlCzEKME4Fkk+YpoA5OiHNQmoS7Cafb8Xa3Pya8m1Qrzeg==}
 
+  '@types/express-serve-static-core@5.1.1':
+    resolution: {integrity: sha512-v4zIMr/cX7/d2BpAEX3KNKL/JrT1s43s96lLvvdTmza1oEvDudCqK9aF/djc/SWgy8Yh0h30TZx5VpzqFCxk5A==}
+
+  '@types/express@5.0.6':
+    resolution: {integrity: sha512-sKYVuV7Sv9fbPIt/442koC7+IIwK5olP1KWeD88e/idgoJqDm3JV/YUiPwkoKK92ylff2MGxSz1CSjsXelx0YA==}
+
   '@types/graceful-fs@4.1.9':
     resolution: {integrity: sha512-olP3sd1qOEe5dXTSaFvQG+02VdRXcdytWLAZsAq1PecU8uqQAhkrnbli7DagjtXKW/Bl7YJbUsa8MPcuc8LHEQ==}
 
+  '@types/http-errors@2.0.5':
+    resolution: {integrity: sha512-r8Tayk8HJnX0FztbZN7oVqGccWgw98T/0neJphO91KkmOzug1KkofZURD4UaD5uH8AqcFLfdPErnBod0u71/qg==}
+
   '@types/istanbul-lib-coverage@2.0.6':
     resolution: {integrity: sha512-2QF/t/auWm0lsy8XtKVPG19v3sSOQlJe/YHZgfjb/KBBHOGSV+J2q/S671rcq9uTBrLAXmZpqJiaQbMT+zNU1w==}
 
@@ -1369,15 +1440,39 @@ packages:
   '@types/json-schema@7.0.15':
     resolution: {integrity: sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==}
 
+  '@types/jsonwebtoken@9.0.10':
+    resolution: {integrity: sha512-asx5hIG9Qmf/1oStypjanR7iKTv0gXQ1Ov/jfrX6kS/EO0OFni8orbmGCn0672NHR3kXHwpAwR+B368ZGN/2rA==}
+
+  '@types/ms@2.1.0':
+    resolution: {integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==}
+
   '@types/node@22.19.19':
     resolution: {integrity: sha512-dyh/xO2Fh5bYrfWaaqGrRQQGkNdmYw6AmaAUvYeUMNTWQtvb796ikLdmTchRmOlOiIJ1TDXfWgVx1QkUlQ6Hew==}
 
+  '@types/nodemailer@8.0.0':
+    resolution: {integrity: sha512-fyf8jWULsCo0d0BuoQ75i6IeoHs47qcqxWc7yUdUcV0pOZGjUTTOvwdG1PRXUDqN/8A64yQdQdnA2pZgcdi+cA==}
+
+  '@types/passport-jwt@4.0.1':
+    resolution: {integrity: sha512-Y0Ykz6nWP4jpxgEUYq8NoVZeCQPo1ZndJLfapI249g1jHChvRfZRO/LS3tqu26YgAS/laI1qx98sYGz0IalRXQ==}
+
+  '@types/passport-strategy@0.2.38':
+    resolution: {integrity: sha512-GC6eMqqojOooq993Tmnmp7AUTbbQSgilyvpCYQjT+H6JfG/g6RGc7nXEniZlp0zyKJ0WUdOiZWLBZft9Yug1uA==}
+
+  '@types/passport@1.0.17':
+    resolution: {integrity: sha512-aciLyx+wDwT2t2/kJGJR2AEeBz0nJU4WuRX04Wu9Dqc5lSUtwu0WERPHYsLhF9PtseiAMPBGNUOtFjxZ56prsg==}
+
   '@types/qrcode-terminal@0.12.2':
     resolution: {integrity: sha512-v+RcIEJ+Uhd6ygSQ0u5YYY7ZM+la7GgPbs0V/7l/kFs2uO4S8BcIUEMoP7za4DNIqNnUD5npf0A/7kBhrCKG5Q==}
 
   '@types/qrcode@1.5.6':
     resolution: {integrity: sha512-te7NQcV2BOvdj2b1hCAHzAoMNuj65kNBMz0KBaxM6c3VGBOhU0dURQKOtH8CFNI/dsKkwlv32p26qYQTWoB5bw==}
 
+  '@types/qs@6.15.1':
+    resolution: {integrity: sha512-GZHUBZR9hckSUhrxmp1nG6NwdpM9fCunJwyThLW1X3AyHgd9IlHb6VANpQQqDr2o/qQp6McZ3y/IA2rVzKzSbw==}
+
+  '@types/range-parser@1.2.7':
+    resolution: {integrity: sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==}
+
   '@types/react-dom@19.2.3':
     resolution: {integrity: sha512-jp2L/eY6fn+KgVVQAOqYItbF0VY/YApe5Mz2F0aykSO8gx31bYCZyvSeYxCHKvzHG5eZjc+zyaS5BrBWya2+kQ==}
     peerDependencies:
@@ -1386,12 +1481,21 @@ packages:
   '@types/react@19.2.15':
     resolution: {integrity: sha512-eRwcGNHve+E8qtEQSSRl6urh+rFop4v8gm6O8rGv25CodbvFdLjA1vVQ1KkiFE0w0UPOnb8tDiFKL5lp0rtY5Q==}
 
+  '@types/send@1.2.1':
+    resolution: {integrity: sha512-arsCikDvlU99zl1g69TcAB3mzZPpxgw0UQnaHeC1Nwb015xp8bknZv5rIfri9xTOcMuaVgvabfIRA7PSZVuZIQ==}
+
+  '@types/serve-static@2.2.0':
+    resolution: {integrity: sha512-8mam4H1NHLtu7nmtalF7eyBH14QyOASmcxHhSfEoRyr0nP/YdoesEtU+uSRvMe96TW/HPTtkoKqQLl53N7UXMQ==}
+
   '@types/stack-utils@2.0.3':
     resolution: {integrity: sha512-9aEbYZ3TbYMznPdcdr3SmIrLXwC/AKZXQeCf9Pgao5CKb8CyHuEX5jzWPTkvregvhRJHcpRO6BFoGW9ycaOkYw==}
 
   '@types/tough-cookie@4.0.5':
     resolution: {integrity: sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA==}
 
+  '@types/validator@13.15.10':
+    resolution: {integrity: sha512-T8L6i7wCuyoK8A/ZeLYt1+q0ty3Zb9+qbSSvrIVitzT3YjZqkTZ40IbRsPanlB4h1QB3JVL1SYCdR6ngtFYcuA==}
+
   '@types/yargs-parser@21.0.3':
     resolution: {integrity: sha512-I4q9QU9MQv4oEOz4tAHJtNz1cwuLxn2F3xcc2iV5WdqLPpUnj30aUuxt1mAxYTG+oe8CZMV/+6rU4S4gRDzqtQ==}
 
@@ -1634,6 +1738,9 @@ packages:
     engines: {node: '>=6.0.0'}
     hasBin: true
 
+  bcryptjs@2.4.3:
+    resolution: {integrity: sha512-V/Hy/X9Vt7f3BbPJEi8BdVFMByHi+jNXrYkW3huaybV/kQ0KJg0Y6PkEMbn+zeT+i+SiKZ/HMqJGIIt4LZDqNQ==}
+
   bl@4.1.0:
     resolution: {integrity: sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==}
 
@@ -1664,6 +1771,9 @@ packages:
   bser@2.1.1:
     resolution: {integrity: sha512-gQxTNE/GAfIIrmHLUE3oJyp5FO6HRBfhjnw4/wMmA63ZGDJnWBmgY/lyQBpnDUkGmAhbSe39tx2d/iTOAfglwQ==}
 
+  buffer-equal-constant-time@1.0.1:
+    resolution: {integrity: sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==}
+
   buffer-from@1.1.2:
     resolution: {integrity: sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==}
 
@@ -1756,6 +1866,12 @@ packages:
   cjs-module-lexer@1.4.3:
     resolution: {integrity: sha512-9z8TZaGM1pfswYeXrUpzPrkx8UnWYdhJclsiYMm6x/w5+nN+8Tf/LnAgfLGQCm59qAOxU8WwHEq2vNwF6i4j+Q==}
 
+  class-transformer@0.5.1:
+    resolution: {integrity: sha512-SQa1Ws6hUbfC98vKGxZH3KFY0Y1lm5Zm0SY8XX9zbK7FJCyVEac3ATW0RIpwzW+oOfmHE5PMPufDG9hCfoEOMw==}
+
+  class-validator@0.14.4:
+    resolution: {integrity: sha512-AwNusCCam51q703dW82x95tOqQp6oC9HNUl724KxJJOfnKscI8dOloXFgyez7LbTTKWuRBA37FScqVbJEoq8Yw==}
+
   cli-cursor@3.1.0:
     resolution: {integrity: sha512-I/zHAwsKf9FqGoXM4WWRACob9+SNukZTd94DWF57E4toouRulbCxcUh6RKUEOQlYTHJnzkPMySvPNaaSLNfLZw==}
     engines: {node: '>=8'}
@@ -2025,6 +2141,9 @@ packages:
     resolution: {integrity: sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==}
     engines: {node: '>= 0.4'}
 
+  ecdsa-sig-formatter@1.0.11:
+    resolution: {integrity: sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==}
+
   ee-first@1.1.1:
     resolution: {integrity: sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==}
 
@@ -2645,6 +2764,16 @@ packages:
   jsonfile@6.2.1:
     resolution: {integrity: sha512-zwOTdL3rFQ/lRdBnntKVOX6k5cKJwEc1HdilT71BWEu7J41gXIB2MRp+vxduPSwZJPWBxEzv4yH1wYLJGUHX4Q==}
 
+  jsonwebtoken@9.0.3:
+    resolution: {integrity: sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==}
+    engines: {node: '>=12', npm: '>=6'}
+
+  jwa@2.0.1:
+    resolution: {integrity: sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==}
+
+  jws@4.0.1:
+    resolution: {integrity: sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==}
+
   keyv@5.6.0:
     resolution: {integrity: sha512-CYDD3SOtsHtyXeEORYRx2qBtpDJFjRTGXUtmNEMGyzYOKj1TE3tycdlho7kA1Ufx9OYWZzg52QFBGALTirzDSw==}
 
@@ -2656,6 +2785,9 @@ packages:
     resolution: {integrity: sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==}
     engines: {node: '>=6'}
 
+  libphonenumber-js@1.13.4:
+    resolution: {integrity: sha512-/lhWr7vq8foWN9Apksnd9v8/cfwzW6g6qKOCo25XBGkNaVCHucXO57hLy4CWHGvytvLz6Nt3J5Gs8p3jlCGFXA==}
+
   libsignal@6.0.0:
     resolution: {integrity: sha512-d/5V3YFtDljbFMufz4ncyUYGYhJl+vzAe+c2EFFBQ6bz1h8Q3IOMEGXYMzlibU60I+e8GagMMpji18iez3P1hA==}
 
@@ -2747,12 +2879,33 @@ packages:
   lodash.defaults@4.2.0:
     resolution: {integrity: sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ==}
 
+  lodash.includes@4.3.0:
+    resolution: {integrity: sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==}
+
   lodash.isarguments@3.1.0:
     resolution: {integrity: sha512-chi4NHZlZqZD18a0imDHnZPrDeBbTtVN7GXMwuGdRH9qotxAjYs3aVLKc7zNOG9eddR5Ksd8rvFEBc9SsggPpg==}
 
+  lodash.isboolean@3.0.3:
+    resolution: {integrity: sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==}
+
+  lodash.isinteger@4.0.4:
+    resolution: {integrity: sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==}
+
+  lodash.isnumber@3.0.3:
+    resolution: {integrity: sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==}
+
+  lodash.isplainobject@4.0.6:
+    resolution: {integrity: sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==}
+
+  lodash.isstring@4.0.1:
+    resolution: {integrity: sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==}
+
   lodash.memoize@4.1.2:
     resolution: {integrity: sha512-t7j+NzmgnQzTAYXcsHYLgimltOV1MXHtlOWf6GjL9Kj8GK5FInw5JotxvbOs+IvV1/Dzo04/fCGfLVs7aXb4Ag==}
 
+  lodash.once@4.1.1:
+    resolution: {integrity: sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==}
+
   lodash@4.18.1:
     resolution: {integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==}
 
@@ -2940,6 +3093,10 @@ packages:
     resolution: {integrity: sha512-GYVXHE2KnrzAfsAjl4uP++evGFCrAU1jta4ubEjIG7YWt/64Gqv66a30yKwWczVjA6j3bM4nBwH7Pk1JmDHaxQ==}
     engines: {node: '>=18'}
 
+  nodemailer@8.0.10:
+    resolution: {integrity: sha512-BLFuSth7QtHOkBzyqTehWWyub0NTRDuK2Q2SQfnGLsrJnzyU+Yeh4WpV1eZGuARFj1xQJHIdnTuJZLP+b9R1GQ==}
+    engines: {node: '>=6.0.0'}
+
   normalize-path@3.0.0:
     resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==}
     engines: {node: '>=0.10.0'}
@@ -3025,6 +3182,17 @@ packages:
     resolution: {integrity: sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==}
     engines: {node: '>= 0.8'}
 
+  passport-jwt@4.0.1:
+    resolution: {integrity: sha512-UCKMDYhNuGOBE9/9Ycuoyh7vP6jpeTp/+sfMJl7nLff/t6dps+iaeE0hhNkKN8/HZHcJ7lCdOyDxHdDoxoSvdQ==}
+
+  passport-strategy@1.0.0:
+    resolution: {integrity: sha512-CB97UUvDKJde2V0KDWWB3lyf6PC3FaZP7YxZ2G8OAtn9p4HI9j9JLP9qjOGZFvyl8uwNT8qM+hGnz/n16NI7oA==}
+    engines: {node: '>= 0.4.0'}
+
+  passport@0.7.0:
+    resolution: {integrity: sha512-cPLl+qZpSc+ireUvt+IzqbED1cHHkDoVYMo30jbJIdOOjQ1MQYZBPiNvmi8UM6lJuOpTPXJGZQk0DtC4y61MYQ==}
+    engines: {node: '>= 0.4.0'}
+
   path-exists@4.0.0:
     resolution: {integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==}
     engines: {node: '>=8'}
@@ -3054,6 +3222,9 @@ packages:
   pathe@2.0.3:
     resolution: {integrity: sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==}
 
+  pause@0.0.1:
+    resolution: {integrity: sha512-KG8UEiEVkR3wGEb4m5yZkVCzigAD+cVEJck2CzYZO37ZGJfctvVptVO192MwrtPhzONn6go8ylnOdMhKqi4nfg==}
+
   perfect-debounce@1.0.0:
     resolution: {integrity: sha512-xCy9V055GLEqoFaHoC1SoLIaLmWctgCUaBaWxDZ7/Zx4CTyX7cJQLJOok/orfjZAh9kEYpjJa4d0KcJmCbctZA==}
 
@@ -3721,6 +3892,10 @@ packages:
   util-deprecate@1.0.2:
     resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==}
 
+  utils-merge@1.0.1:
+    resolution: {integrity: sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==}
+    engines: {node: '>= 0.4.0'}
+
   v8-compile-cache-lib@3.0.1:
     resolution: {integrity: sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==}
 
@@ -3728,6 +3903,10 @@ packages:
     resolution: {integrity: sha512-kiGUalWN+rgBJ/1OHZsBtU4rXZOfj/7rKQxULKlIzwzQSvMJUUNgPwJEEh7gU6xEVxC0ahoOBvN2YI8GH6FNgA==}
     engines: {node: '>=10.12.0'}
 
+  validator@13.15.35:
+    resolution: {integrity: sha512-TQ5pAGhd5whStmqWvYF4OjQROlmv9SMFVt37qoCBdqRffuuklWYQlCNnEs2ZaIBD1kZRNnikiZOS1eqgkar0iw==}
+    engines: {node: '>= 0.10'}
+
   vary@1.1.2:
     resolution: {integrity: sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==}
     engines: {node: '>= 0.8'}
@@ -4652,7 +4831,7 @@ snapshots:
       - uglify-js
       - webpack-cli
 
-  '@nestjs/common@11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2)':
+  '@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2)':
     dependencies:
       file-type: 21.3.4
       iterare: 1.2.1
@@ -4661,20 +4840,23 @@ snapshots:
       rxjs: 7.8.2
       tslib: 2.8.1
       uid: 2.0.2
+    optionalDependencies:
+      class-transformer: 0.5.1
+      class-validator: 0.14.4
     transitivePeerDependencies:
       - supports-color
 
-  '@nestjs/config@4.0.4(@nestjs/common@11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2))(rxjs@7.8.2)':
+  '@nestjs/config@4.0.4(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(rxjs@7.8.2)':
     dependencies:
-      '@nestjs/common': 11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2)
+      '@nestjs/common': 11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2)
       dotenv: 17.4.1
       dotenv-expand: 12.0.3
       lodash: 4.18.1
       rxjs: 7.8.2
 
-  '@nestjs/core@11.1.24(@nestjs/common@11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/platform-express@11.1.24)(reflect-metadata@0.2.2)(rxjs@7.8.2)':
+  '@nestjs/core@11.1.24(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/platform-express@11.1.24)(reflect-metadata@0.2.2)(rxjs@7.8.2)':
     dependencies:
-      '@nestjs/common': 11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2)
+      '@nestjs/common': 11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2)
       '@nuxt/opencollective': 0.4.1
       fast-safe-stringify: 2.1.1
       iterare: 1.2.1
@@ -4684,12 +4866,23 @@ snapshots:
       tslib: 2.8.1
       uid: 2.0.2
     optionalDependencies:
-      '@nestjs/platform-express': 11.1.24(@nestjs/common@11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.24)
+      '@nestjs/platform-express': 11.1.24(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.24)
 
-  '@nestjs/platform-express@11.1.24(@nestjs/common@11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.24)':
+  '@nestjs/jwt@11.0.2(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))':
     dependencies:
-      '@nestjs/common': 11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2)
-      '@nestjs/core': 11.1.24(@nestjs/common@11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/platform-express@11.1.24)(reflect-metadata@0.2.2)(rxjs@7.8.2)
+      '@nestjs/common': 11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2)
+      '@types/jsonwebtoken': 9.0.10
+      jsonwebtoken: 9.0.3
+
+  '@nestjs/passport@11.0.5(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(passport@0.7.0)':
+    dependencies:
+      '@nestjs/common': 11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2)
+      passport: 0.7.0
+
+  '@nestjs/platform-express@11.1.24(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.24)':
+    dependencies:
+      '@nestjs/common': 11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2)
+      '@nestjs/core': 11.1.24(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/platform-express@11.1.24)(reflect-metadata@0.2.2)(rxjs@7.8.2)
       cors: 2.8.6
       express: 5.2.1
       multer: 2.1.1
@@ -4711,13 +4904,13 @@ snapshots:
     transitivePeerDependencies:
       - chokidar
 
-  '@nestjs/testing@11.1.24(@nestjs/common@11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.24)(@nestjs/platform-express@11.1.24)':
+  '@nestjs/testing@11.1.24(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.24)(@nestjs/platform-express@11.1.24)':
     dependencies:
-      '@nestjs/common': 11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2)
-      '@nestjs/core': 11.1.24(@nestjs/common@11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/platform-express@11.1.24)(reflect-metadata@0.2.2)(rxjs@7.8.2)
+      '@nestjs/common': 11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2)
+      '@nestjs/core': 11.1.24(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/platform-express@11.1.24)(reflect-metadata@0.2.2)(rxjs@7.8.2)
       tslib: 2.8.1
     optionalDependencies:
-      '@nestjs/platform-express': 11.1.24(@nestjs/common@11.1.24(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.24)
+      '@nestjs/platform-express': 11.1.24(@nestjs/common@11.1.24(class-transformer@0.5.1)(class-validator@0.14.4)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.24)
 
   '@next/env@16.2.6': {}
 
@@ -4983,6 +5176,17 @@ snapshots:
     dependencies:
       '@babel/types': 7.29.7
 
+  '@types/bcryptjs@2.4.6': {}
+
+  '@types/body-parser@1.19.6':
+    dependencies:
+      '@types/connect': 3.4.38
+      '@types/node': 22.19.19
+
+  '@types/connect@3.4.38':
+    dependencies:
+      '@types/node': 22.19.19
+
   '@types/eslint-scope@3.7.7':
     dependencies:
       '@types/eslint': 9.6.1
@@ -4995,10 +5199,25 @@ snapshots:
 
   '@types/estree@1.0.9': {}
 
+  '@types/express-serve-static-core@5.1.1':
+    dependencies:
+      '@types/node': 22.19.19
+      '@types/qs': 6.15.1
+      '@types/range-parser': 1.2.7
+      '@types/send': 1.2.1
+
+  '@types/express@5.0.6':
+    dependencies:
+      '@types/body-parser': 1.19.6
+      '@types/express-serve-static-core': 5.1.1
+      '@types/serve-static': 2.2.0
+
   '@types/graceful-fs@4.1.9':
     dependencies:
       '@types/node': 22.19.19
 
+  '@types/http-errors@2.0.5': {}
+
   '@types/istanbul-lib-coverage@2.0.6': {}
 
   '@types/istanbul-lib-report@3.0.3':
@@ -5022,16 +5241,45 @@ snapshots:
 
   '@types/json-schema@7.0.15': {}
 
+  '@types/jsonwebtoken@9.0.10':
+    dependencies:
+      '@types/ms': 2.1.0
+      '@types/node': 22.19.19
+
+  '@types/ms@2.1.0': {}
+
   '@types/node@22.19.19':
     dependencies:
       undici-types: 6.21.0
 
+  '@types/nodemailer@8.0.0':
+    dependencies:
+      '@types/node': 22.19.19
+
+  '@types/passport-jwt@4.0.1':
+    dependencies:
+      '@types/jsonwebtoken': 9.0.10
+      '@types/passport-strategy': 0.2.38
+
+  '@types/passport-strategy@0.2.38':
+    dependencies:
+      '@types/express': 5.0.6
+      '@types/passport': 1.0.17
+
+  '@types/passport@1.0.17':
+    dependencies:
+      '@types/express': 5.0.6
+
   '@types/qrcode-terminal@0.12.2': {}
 
   '@types/qrcode@1.5.6':
     dependencies:
       '@types/node': 22.19.19
 
+  '@types/qs@6.15.1': {}
+
+  '@types/range-parser@1.2.7': {}
+
   '@types/react-dom@19.2.3(@types/react@19.2.15)':
     dependencies:
       '@types/react': 19.2.15
@@ -5040,10 +5288,21 @@ snapshots:
     dependencies:
       csstype: 3.2.3
 
+  '@types/send@1.2.1':
+    dependencies:
+      '@types/node': 22.19.19
+
+  '@types/serve-static@2.2.0':
+    dependencies:
+      '@types/http-errors': 2.0.5
+      '@types/node': 22.19.19
+
   '@types/stack-utils@2.0.3': {}
 
   '@types/tough-cookie@4.0.5': {}
 
+  '@types/validator@13.15.10': {}
+
   '@types/yargs-parser@21.0.3': {}
 
   '@types/yargs@17.0.35':
@@ -5329,6 +5588,8 @@ snapshots:
 
   baseline-browser-mapping@2.10.32: {}
 
+  bcryptjs@2.4.3: {}
+
   bl@4.1.0:
     dependencies:
       buffer: 5.7.1
@@ -5378,6 +5639,8 @@ snapshots:
     dependencies:
       node-int64: 0.4.0
 
+  buffer-equal-constant-time@1.0.1: {}
+
   buffer-from@1.1.2: {}
 
   buffer@5.7.1:
@@ -5473,6 +5736,14 @@ snapshots:
 
   cjs-module-lexer@1.4.3: {}
 
+  class-transformer@0.5.1: {}
+
+  class-validator@0.14.4:
+    dependencies:
+      '@types/validator': 13.15.10
+      libphonenumber-js: 1.13.4
+      validator: 13.15.35
+
   cli-cursor@3.1.0:
     dependencies:
       restore-cursor: 3.1.0
@@ -5684,6 +5955,10 @@ snapshots:
       es-errors: 1.3.0
       gopd: 1.2.0
 
+  ecdsa-sig-formatter@1.0.11:
+    dependencies:
+      safe-buffer: 5.2.1
+
   ee-first@1.1.1: {}
 
   effect@3.21.0:
@@ -6560,6 +6835,30 @@ snapshots:
     optionalDependencies:
       graceful-fs: 4.2.11
 
+  jsonwebtoken@9.0.3:
+    dependencies:
+      jws: 4.0.1
+      lodash.includes: 4.3.0
+      lodash.isboolean: 3.0.3
+      lodash.isinteger: 4.0.4
+      lodash.isnumber: 3.0.3
+      lodash.isplainobject: 4.0.6
+      lodash.isstring: 4.0.1
+      lodash.once: 4.1.1
+      ms: 2.1.3
+      semver: 7.8.1
+
+  jwa@2.0.1:
+    dependencies:
+      buffer-equal-constant-time: 1.0.1
+      ecdsa-sig-formatter: 1.0.11
+      safe-buffer: 5.2.1
+
+  jws@4.0.1:
+    dependencies:
+      jwa: 2.0.1
+      safe-buffer: 5.2.1
+
   keyv@5.6.0:
     dependencies:
       '@keyv/serialize': 1.1.1
@@ -6568,6 +6867,8 @@ snapshots:
 
   leven@3.1.0: {}
 
+  libphonenumber-js@1.13.4: {}
+
   libsignal@6.0.0:
     dependencies:
       curve25519-js: 0.0.4
@@ -6634,10 +6935,24 @@ snapshots:
 
   lodash.defaults@4.2.0: {}
 
+  lodash.includes@4.3.0: {}
+
   lodash.isarguments@3.1.0: {}
 
+  lodash.isboolean@3.0.3: {}
+
+  lodash.isinteger@4.0.4: {}
+
+  lodash.isnumber@3.0.3: {}
+
+  lodash.isplainobject@4.0.6: {}
+
+  lodash.isstring@4.0.1: {}
+
   lodash.memoize@4.1.2: {}
 
+  lodash.once@4.1.1: {}
+
   lodash@4.18.1: {}
 
   log-symbols@4.1.0:
@@ -6815,6 +7130,8 @@ snapshots:
 
   node-releases@2.0.46: {}
 
+  nodemailer@8.0.10: {}
+
   normalize-path@3.0.0: {}
 
   npm-run-path@4.0.1:
@@ -6899,6 +7216,19 @@ snapshots:
 
   parseurl@1.3.3: {}
 
+  passport-jwt@4.0.1:
+    dependencies:
+      jsonwebtoken: 9.0.3
+      passport-strategy: 1.0.0
+
+  passport-strategy@1.0.0: {}
+
+  passport@0.7.0:
+    dependencies:
+      passport-strategy: 1.0.0
+      pause: 0.0.1
+      utils-merge: 1.0.1
+
   path-exists@4.0.0: {}
 
   path-is-absolute@1.0.1: {}
@@ -6918,6 +7248,8 @@ snapshots:
 
   pathe@2.0.3: {}
 
+  pause@0.0.1: {}
+
   perfect-debounce@1.0.0: {}
 
   picocolors@1.1.1: {}
@@ -7578,6 +7910,8 @@ snapshots:
 
   util-deprecate@1.0.2: {}
 
+  utils-merge@1.0.1: {}
+
   v8-compile-cache-lib@3.0.1: {}
 
   v8-to-istanbul@9.3.0:
@@ -7586,6 +7920,8 @@ snapshots:
       '@types/istanbul-lib-coverage': 2.0.6
       convert-source-map: 2.0.0
 
+  validator@13.15.35: {}
+
   vary@1.1.2: {}
 
   w3c-xmlserializer@4.0.0:
diff --git a/scripts/backup-before-phase2b.sh b/scripts/backup-before-phase2b.sh
new file mode 100755
index 0000000..7fd7031
--- /dev/null
+++ b/scripts/backup-before-phase2b.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Phase 2B pre-migration backup
+# pg_dump data tables (Account, Group, Message, Approval, SyncRoute, ConsentRecord)
+# to ./backups/phase2b-pre-<timestamp>.sql
+# Tenant, Admin, AuditEvent are NOT dumped (preserved by migration).
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ROOT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
+BACKUP_DIR="$ROOT_DIR/backups"
+TIMESTAMP="$(date -u +%Y%m%dT%H%M%SZ)"
+OUT_FILE="$BACKUP_DIR/phase2b-pre-$TIMESTAMP.sql"
+
+mkdir -p "$BACKUP_DIR"
+
+if [ -z "${DATABASE_URL:-}" ]; then
+  if [ -f "$ROOT_DIR/.env" ]; then
+    set -a
+    # shellcheck disable=SC1091
+    . "$ROOT_DIR/.env"
+    set +a
+  fi
+fi
+
+if [ -z "${DATABASE_URL:-}" ]; then
+  echo "ERROR: DATABASE_URL is not set and no .env file was found" >&2
+  exit 1
+fi
+
+TABLES=(
+  "Account"
+  "Group"
+  "Message"
+  "Approval"
+  "SyncRoute"
+  "ConsentRecord"
+)
+
+ARGS=()
+for t in "${TABLES[@]}"; do
+  # pg_dump -t needs extra quoting to preserve PascalCase identifiers
+  ARGS+=("-t" "\"$t\"")
+done
+
+echo "Dumping data-only backup of ${TABLES[*]} to $OUT_FILE"
+pg_dump "$DATABASE_URL" \
+  --data-only \
+  --no-owner \
+  --no-privileges \
+  --inserts \
+  "${ARGS[@]}" \
+  -f "$OUT_FILE"
+
+echo "Done. Size: $(wc -c < "$OUT_FILE") bytes"
+echo "To restore (NOT recommended after Phase 2B has run):"
+echo "  psql \"\$DATABASE_URL\" -f $OUT_FILE"