From 1c9ca4cfa29805d6189da3d209a02c1e9342b8d5 Mon Sep 17 00:00:00 2001
From: oskar <oskar@kapalla.org>
Date: Fri, 9 Jan 2026 18:35:06 +0100
Subject: [PATCH] init backend

---
 back001/.gitignore                            |  28 ++
 back001/README.md                             |  46 ++++
 back001/app/build.gradle.kts                  |  36 +++
 .../kotlin/com/mosenioring/app/Application.kt |  17 ++
 .../mosenioring/app/config/MessagingConfig.kt |  33 +++
 .../mosenioring/app/config/SecurityConfig.kt  |  34 +++
 .../mosenioring/app/outbox/OutboxPublisher.kt |  43 +++
 .../app/src/main/resources/application.yml    |  81 ++++++
 .../main/resources/db/migration/V1__init.sql  | 141 ++++++++++
 back001/build.gradle.kts                      |  55 ++++
 back001/common/build.gradle.kts               |  24 ++
 .../com/mosenioring/common/BaseEntity.kt      |  38 +++
 .../kotlin/com/mosenioring/common/Events.kt   |  10 +
 .../mosenioring/common/outbox/OutboxEvent.kt  |  24 ++
 .../common/outbox/OutboxRepository.kt         |   7 +
 .../common/outbox/OutboxService.kt            |  28 ++
 .../common/security/LocalAuthFilter.kt        |  34 +++
 .../common/security/PatientAccess.kt          |   8 +
 .../common/security/PatientAccessChecker.kt   |  26 ++
 .../common/security/SecurityUtils.kt          |  35 +++
 .../common/tenant/TenantContext.kt            |  38 +++
 .../mosenioring/common/tenant/TenantFilter.kt |  30 +++
 .../mosenioring/common/web/PageResponse.kt    |   8 +
 .../common/web/ProblemDetailsAdvice.kt        |  54 ++++
 .../common/PatientAccessCheckerTest.kt        |  54 ++++
 .../mosenioring/common/TenantContextTest.kt   |  29 ++
 back001/docker-compose.yml                    |  61 +++++
 back001/docker/keycloak/realm.json            |  31 +++
 back001/gradle.properties                     |   2 +
 back001/gradle/wrapper/gradle-wrapper.jar     | Bin 0 -> 43453 bytes
 .../gradle/wrapper/gradle-wrapper.properties  |   7 +
 back001/gradlew                               | 249 ++++++++++++++++++
 back001/gradlew.bat                           |  92 +++++++
 back001/modules/audit/build.gradle.kts        |  12 +
 .../com/mosenioring/audit/AuditEvent.kt       |  30 +++
 .../com/mosenioring/audit/AuditRepository.kt  |   5 +
 .../mosenioring/audit/service/AuditService.kt |  28 ++
 back001/modules/clinical/build.gradle.kts     |  14 +
 .../mosenioring/clinical/MedicationPlan.kt    |  21 ++
 .../com/mosenioring/clinical/TestOrder.kt     |  24 ++
 .../clinical/api/ClinicalController.kt        |  45 ++++
 .../clinical/repo/ClinicalRepositories.kt     |  13 +
 .../clinical/service/ClinicalServices.kt      |  64 +++++
 back001/modules/identity/build.gradle.kts     |  14 +
 .../com/mosenioring/identity/Patient.kt       |  18 ++
 .../mosenioring/identity/PatientCaregiver.kt  |  21 ++
 .../com/mosenioring/identity/PatientDoctor.kt |  21 ++
 .../kotlin/com/mosenioring/identity/Tenant.kt |  18 ++
 .../kotlin/com/mosenioring/identity/User.kt   |  24 ++
 .../identity/api/IdentityController.kt        |  70 +++++
 .../identity/repo/IdentityRepositories.kt     |  22 ++
 .../repo/PatientRelationshipRepositoryImpl.kt |  16 ++
 .../identity/service/IdentityServices.kt      |  97 +++++++
 back001/modules/integrations/build.gradle.kts |  13 +
 .../mosenioring/integrations/FileMetadata.kt  |  27 ++
 .../integrations/api/FilesController.kt       |  32 +++
 .../integrations/repo/FileRepository.kt       |   8 +
 .../integrations/service/FhirGateway.kt       |  10 +
 .../integrations/service/FileService.kt       |  90 +++++++
 back001/modules/messaging/build.gradle.kts    |  14 +
 .../com/mosenioring/messaging/Message.kt      |  24 ++
 .../messaging/api/MessagingController.kt      |  28 ++
 .../messaging/repo/MessageRepository.kt       |   6 +
 .../messaging/service/MessageService.kt       |  31 +++
 .../modules/notifications/build.gradle.kts    |  13 +
 .../api/NotificationsController.kt            |  25 ++
 .../service/NotificationService.kt            |  30 +++
 back001/requests.http                         |  55 ++++
 back001/settings.gradle.kts                   |  13 +
 .../notification-worker/build.gradle.kts      |  16 ++
 .../worker/NotificationListener.kt            |  41 +++
 .../worker/NotificationWorkerApplication.kt   |  11 +
 .../worker/WorkerMessagingConfig.kt           |  23 ++
 .../src/main/resources/application.yml        |  30 +++
 74 files changed, 2520 insertions(+)
 create mode 100644 back001/.gitignore
 create mode 100644 back001/README.md
 create mode 100644 back001/app/build.gradle.kts
 create mode 100644 back001/app/src/main/kotlin/com/mosenioring/app/Application.kt
 create mode 100644 back001/app/src/main/kotlin/com/mosenioring/app/config/MessagingConfig.kt
 create mode 100644 back001/app/src/main/kotlin/com/mosenioring/app/config/SecurityConfig.kt
 create mode 100644 back001/app/src/main/kotlin/com/mosenioring/app/outbox/OutboxPublisher.kt
 create mode 100644 back001/app/src/main/resources/application.yml
 create mode 100644 back001/app/src/main/resources/db/migration/V1__init.sql
 create mode 100644 back001/build.gradle.kts
 create mode 100644 back001/common/build.gradle.kts
 create mode 100644 back001/common/src/main/kotlin/com/mosenioring/common/BaseEntity.kt
 create mode 100644 back001/common/src/main/kotlin/com/mosenioring/common/Events.kt
 create mode 100644 back001/common/src/main/kotlin/com/mosenioring/common/outbox/OutboxEvent.kt
 create mode 100644 back001/common/src/main/kotlin/com/mosenioring/common/outbox/OutboxRepository.kt
 create mode 100644 back001/common/src/main/kotlin/com/mosenioring/common/outbox/OutboxService.kt
 create mode 100644 back001/common/src/main/kotlin/com/mosenioring/common/security/LocalAuthFilter.kt
 create mode 100644 back001/common/src/main/kotlin/com/mosenioring/common/security/PatientAccess.kt
 create mode 100644 back001/common/src/main/kotlin/com/mosenioring/common/security/PatientAccessChecker.kt
 create mode 100644 back001/common/src/main/kotlin/com/mosenioring/common/security/SecurityUtils.kt
 create mode 100644 back001/common/src/main/kotlin/com/mosenioring/common/tenant/TenantContext.kt
 create mode 100644 back001/common/src/main/kotlin/com/mosenioring/common/tenant/TenantFilter.kt
 create mode 100644 back001/common/src/main/kotlin/com/mosenioring/common/web/PageResponse.kt
 create mode 100644 back001/common/src/main/kotlin/com/mosenioring/common/web/ProblemDetailsAdvice.kt
 create mode 100644 back001/common/src/test/kotlin/com/mosenioring/common/PatientAccessCheckerTest.kt
 create mode 100644 back001/common/src/test/kotlin/com/mosenioring/common/TenantContextTest.kt
 create mode 100644 back001/docker-compose.yml
 create mode 100644 back001/docker/keycloak/realm.json
 create mode 100644 back001/gradle.properties
 create mode 100644 back001/gradle/wrapper/gradle-wrapper.jar
 create mode 100644 back001/gradle/wrapper/gradle-wrapper.properties
 create mode 100755 back001/gradlew
 create mode 100644 back001/gradlew.bat
 create mode 100644 back001/modules/audit/build.gradle.kts
 create mode 100644 back001/modules/audit/src/main/kotlin/com/mosenioring/audit/AuditEvent.kt
 create mode 100644 back001/modules/audit/src/main/kotlin/com/mosenioring/audit/AuditRepository.kt
 create mode 100644 back001/modules/audit/src/main/kotlin/com/mosenioring/audit/service/AuditService.kt
 create mode 100644 back001/modules/clinical/build.gradle.kts
 create mode 100644 back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/MedicationPlan.kt
 create mode 100644 back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/TestOrder.kt
 create mode 100644 back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/api/ClinicalController.kt
 create mode 100644 back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/repo/ClinicalRepositories.kt
 create mode 100644 back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/service/ClinicalServices.kt
 create mode 100644 back001/modules/identity/build.gradle.kts
 create mode 100644 back001/modules/identity/src/main/kotlin/com/mosenioring/identity/Patient.kt
 create mode 100644 back001/modules/identity/src/main/kotlin/com/mosenioring/identity/PatientCaregiver.kt
 create mode 100644 back001/modules/identity/src/main/kotlin/com/mosenioring/identity/PatientDoctor.kt
 create mode 100644 back001/modules/identity/src/main/kotlin/com/mosenioring/identity/Tenant.kt
 create mode 100644 back001/modules/identity/src/main/kotlin/com/mosenioring/identity/User.kt
 create mode 100644 back001/modules/identity/src/main/kotlin/com/mosenioring/identity/api/IdentityController.kt
 create mode 100644 back001/modules/identity/src/main/kotlin/com/mosenioring/identity/repo/IdentityRepositories.kt
 create mode 100644 back001/modules/identity/src/main/kotlin/com/mosenioring/identity/repo/PatientRelationshipRepositoryImpl.kt
 create mode 100644 back001/modules/identity/src/main/kotlin/com/mosenioring/identity/service/IdentityServices.kt
 create mode 100644 back001/modules/integrations/build.gradle.kts
 create mode 100644 back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/FileMetadata.kt
 create mode 100644 back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/api/FilesController.kt
 create mode 100644 back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/repo/FileRepository.kt
 create mode 100644 back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/service/FhirGateway.kt
 create mode 100644 back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/service/FileService.kt
 create mode 100644 back001/modules/messaging/build.gradle.kts
 create mode 100644 back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/Message.kt
 create mode 100644 back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/api/MessagingController.kt
 create mode 100644 back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/repo/MessageRepository.kt
 create mode 100644 back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/service/MessageService.kt
 create mode 100644 back001/modules/notifications/build.gradle.kts
 create mode 100644 back001/modules/notifications/src/main/kotlin/com/mosenioring/notifications/api/NotificationsController.kt
 create mode 100644 back001/modules/notifications/src/main/kotlin/com/mosenioring/notifications/service/NotificationService.kt
 create mode 100644 back001/requests.http
 create mode 100644 back001/settings.gradle.kts
 create mode 100644 back001/workers/notification-worker/build.gradle.kts
 create mode 100644 back001/workers/notification-worker/src/main/kotlin/com/mosenioring/worker/NotificationListener.kt
 create mode 100644 back001/workers/notification-worker/src/main/kotlin/com/mosenioring/worker/NotificationWorkerApplication.kt
 create mode 100644 back001/workers/notification-worker/src/main/kotlin/com/mosenioring/worker/WorkerMessagingConfig.kt
 create mode 100644 back001/workers/notification-worker/src/main/resources/application.yml

diff --git a/back001/.gitignore b/back001/.gitignore
new file mode 100644
index 0000000..ca51a52
--- /dev/null
+++ b/back001/.gitignore
@@ -0,0 +1,28 @@
+# Gradle
+.gradle/
+build/
+**/build/
+
+# IntelliJ IDEA
+.idea/
+*.iml
+*.ipr
+*.iws
+out/
+
+# Kotlin
+*.class
+
+# Logs
+*.log
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Env/local
+.env
+.env.*
+
+# Wrapper cache
+.gradle-wrapper/
diff --git a/back001/README.md b/back001/README.md
new file mode 100644
index 0000000..b5d45e9
--- /dev/null
+++ b/back001/README.md
@@ -0,0 +1,46 @@
+# Mosenioring Backend
+
+Production-ready Kotlin/Spring Boot 3 modular monolith skeleton for patient-caregiver-doctor coordination.
+
+## Requirements
+- Java 21
+- Docker + Docker Compose
+
+## Local Dev
+1) Start dependencies:
+
+```bash
+docker compose up -d
+```
+
+2) Run the API:
+
+```bash
+./gradlew :app:bootRun -Dspring.profiles.active=local
+```
+
+3) Run the worker:
+
+```bash
+./gradlew :workers:notification-worker:bootRun
+```
+
+## Auth (local profile)
+For local development, add headers:
+- `X-Local-User`: user id
+- `X-Local-Tenant`: tenant id
+- `X-Local-Roles`: comma-separated roles (ADMIN, DOCTOR, CAREGIVER)
+
+## OpenAPI
+- http://localhost:8080/swagger-ui/index.html
+
+## Key services
+- Postgres: localhost:5432 (mosenioring/mosenioring)
+- Keycloak: http://localhost:8081 (admin/admin)
+- RabbitMQ: http://localhost:15672 (guest/guest)
+- MinIO: http://localhost:9001 (minio/minio123)
+
+## Notes
+- Tenant ID is enforced via `TenantFilter` using JWT claim `tenant_id`, or `X-Tenant-Id` header (local).
+- Medication plan creation publishes a `MedicationPlanCreated` outbox event.
+- Worker consumes and emits `NotificationRequested` events with idempotency via Redis.
diff --git a/back001/app/build.gradle.kts b/back001/app/build.gradle.kts
new file mode 100644
index 0000000..87ed9c3
--- /dev/null
+++ b/back001/app/build.gradle.kts
@@ -0,0 +1,36 @@
+plugins {
+    kotlin("jvm")
+    kotlin("plugin.spring")
+    kotlin("plugin.jpa")
+    id("org.springframework.boot")
+    id("io.spring.dependency-management")
+}
+
+dependencies {
+    implementation(project(":common"))
+    implementation(project(":modules:identity"))
+    implementation(project(":modules:clinical"))
+    implementation(project(":modules:messaging"))
+    implementation(project(":modules:notifications"))
+    implementation(project(":modules:audit"))
+    implementation(project(":modules:integrations"))
+
+    implementation("org.springframework.boot:spring-boot-starter-web")
+    implementation("org.springframework.boot:spring-boot-starter-security")
+    implementation("org.springframework.boot:spring-boot-starter-validation")
+    implementation("org.springframework.boot:spring-boot-starter-data-jpa")
+    implementation("org.springframework.boot:spring-boot-starter-amqp")
+    implementation("org.springframework.boot:spring-boot-starter-actuator")
+    implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
+    implementation("org.springframework.boot:spring-boot-starter-data-redis")
+    implementation("org.flywaydb:flyway-core")
+    implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0")
+    implementation("io.micrometer:micrometer-registry-prometheus")
+    implementation("io.micrometer:micrometer-tracing-bridge-otel")
+    implementation("io.opentelemetry:opentelemetry-exporter-otlp:1.38.0")
+    implementation("software.amazon.awssdk:s3:2.25.63")
+
+    runtimeOnly("org.postgresql:postgresql")
+
+    testImplementation("org.springframework.boot:spring-boot-starter-test")
+}
diff --git a/back001/app/src/main/kotlin/com/mosenioring/app/Application.kt b/back001/app/src/main/kotlin/com/mosenioring/app/Application.kt
new file mode 100644
index 0000000..11b62d2
--- /dev/null
+++ b/back001/app/src/main/kotlin/com/mosenioring/app/Application.kt
@@ -0,0 +1,17 @@
+package com.mosenioring.app
+
+import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.runApplication
+import org.springframework.data.jpa.repository.config.EnableJpaRepositories
+import org.springframework.boot.autoconfigure.domain.EntityScan
+import org.springframework.scheduling.annotation.EnableScheduling
+
+@SpringBootApplication(scanBasePackages = ["com.mosenioring"])
+@EntityScan("com.mosenioring")
+@EnableJpaRepositories("com.mosenioring")
+@EnableScheduling
+class Application
+
+fun main(args: Array<String>) {
+    runApplication<Application>(*args)
+}
diff --git a/back001/app/src/main/kotlin/com/mosenioring/app/config/MessagingConfig.kt b/back001/app/src/main/kotlin/com/mosenioring/app/config/MessagingConfig.kt
new file mode 100644
index 0000000..ff559c7
--- /dev/null
+++ b/back001/app/src/main/kotlin/com/mosenioring/app/config/MessagingConfig.kt
@@ -0,0 +1,33 @@
+package com.mosenioring.app.config
+
+import com.mosenioring.common.Events
+import org.springframework.amqp.core.Binding
+import org.springframework.amqp.core.BindingBuilder
+import org.springframework.amqp.core.DirectExchange
+import org.springframework.amqp.core.Queue
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+
+@Configuration
+class MessagingConfig {
+
+    @Bean
+    fun medicationExchange(): DirectExchange = DirectExchange(Events.MEDICATION_EXCHANGE)
+
+    @Bean
+    fun notificationExchange(): DirectExchange = DirectExchange(Events.NOTIFICATION_EXCHANGE)
+
+    @Bean
+    fun medicationQueue(): Queue = Queue(Events.MEDICATION_QUEUE, true)
+
+    @Bean
+    fun notificationQueue(): Queue = Queue(Events.NOTIFICATION_QUEUE, true)
+
+    @Bean
+    fun medicationBinding(medicationExchange: DirectExchange, medicationQueue: Queue): Binding =
+        BindingBuilder.bind(medicationQueue).to(medicationExchange).with(Events.MEDICATION_PLAN_CREATED)
+
+    @Bean
+    fun notificationBinding(notificationExchange: DirectExchange, notificationQueue: Queue): Binding =
+        BindingBuilder.bind(notificationQueue).to(notificationExchange).with(Events.NOTIFICATION_REQUESTED)
+}
diff --git a/back001/app/src/main/kotlin/com/mosenioring/app/config/SecurityConfig.kt b/back001/app/src/main/kotlin/com/mosenioring/app/config/SecurityConfig.kt
new file mode 100644
index 0000000..f1584be
--- /dev/null
+++ b/back001/app/src/main/kotlin/com/mosenioring/app/config/SecurityConfig.kt
@@ -0,0 +1,34 @@
+package com.mosenioring.app.config
+
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.http.HttpMethod
+import com.mosenioring.common.security.LocalAuthFilter
+import org.springframework.security.config.Customizer.withDefaults
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter
+import org.springframework.beans.factory.ObjectProvider
+
+@Configuration
+@EnableMethodSecurity
+class SecurityConfig {
+
+    @Bean
+    fun filterChain(http: HttpSecurity, localAuthFilterProvider: ObjectProvider<LocalAuthFilter>): SecurityFilterChain {
+        http
+            .csrf { it.disable() }
+            .authorizeHttpRequests {
+                it.requestMatchers("/actuator/**", "/v3/api-docs/**", "/swagger-ui/**").permitAll()
+                it.requestMatchers(HttpMethod.POST, "/api/v1/tenants").hasRole("ADMIN")
+                it.anyRequest().authenticated()
+            }
+            .oauth2ResourceServer { it.jwt(withDefaults()) }
+        val localAuthFilter = localAuthFilterProvider.ifAvailable
+        if (localAuthFilter != null) {
+            http.addFilterBefore(localAuthFilter, BearerTokenAuthenticationFilter::class.java)
+        }
+        return http.build()
+    }
+}
diff --git a/back001/app/src/main/kotlin/com/mosenioring/app/outbox/OutboxPublisher.kt b/back001/app/src/main/kotlin/com/mosenioring/app/outbox/OutboxPublisher.kt
new file mode 100644
index 0000000..3f9ae2c
--- /dev/null
+++ b/back001/app/src/main/kotlin/com/mosenioring/app/outbox/OutboxPublisher.kt
@@ -0,0 +1,43 @@
+package com.mosenioring.app.outbox
+
+import com.mosenioring.common.Events
+import com.mosenioring.common.outbox.OutboxRepository
+import org.slf4j.LoggerFactory
+import org.springframework.amqp.rabbit.core.RabbitTemplate
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.scheduling.annotation.Scheduled
+import org.springframework.stereotype.Component
+import org.springframework.transaction.annotation.Transactional
+
+@Component
+class OutboxPublisher(
+    private val repository: OutboxRepository,
+    private val rabbitTemplate: RabbitTemplate,
+    @Value("\${app.outbox.publish-delay-ms:2000}") private val publishDelayMs: Long
+) {
+    private val logger = LoggerFactory.getLogger(javaClass)
+
+    @Scheduled(fixedDelayString = "\${app.outbox.publish-delay-ms:2000}")
+    @Transactional
+    fun publishPending() {
+        val pending = repository.findTop50ByStatusOrderByCreatedAtAsc("PENDING")
+        if (pending.isEmpty()) {
+            return
+        }
+        pending.forEach { event ->
+            val exchange = when (event.eventType) {
+                Events.MEDICATION_PLAN_CREATED -> Events.MEDICATION_EXCHANGE
+                Events.NOTIFICATION_REQUESTED -> Events.NOTIFICATION_EXCHANGE
+                else -> null
+            }
+            if (exchange == null) {
+                logger.warn("Unknown event type {}", event.eventType)
+                event.status = "FAILED"
+                return@forEach
+            }
+            rabbitTemplate.convertAndSend(exchange, event.eventType, event.payload)
+            event.status = "PUBLISHED"
+        }
+        repository.saveAll(pending)
+    }
+}
diff --git a/back001/app/src/main/resources/application.yml b/back001/app/src/main/resources/application.yml
new file mode 100644
index 0000000..359f0cc
--- /dev/null
+++ b/back001/app/src/main/resources/application.yml
@@ -0,0 +1,81 @@
+spring:
+  application:
+    name: mosenioring-backend
+  datasource:
+    url: jdbc:postgresql://localhost:5432/mosenioring
+    username: mosenioring
+    password: mosenioring
+  jpa:
+    open-in-view: false
+    hibernate:
+      ddl-auto: validate
+    properties:
+      hibernate:
+        jdbc:
+          time_zone: UTC
+  flyway:
+    enabled: true
+  rabbitmq:
+    host: localhost
+    port: 5672
+    username: guest
+    password: guest
+  data:
+    redis:
+      host: localhost
+      port: 6379
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          issuer-uri: http://localhost:8081/realms/mosenioring
+
+storage:
+  s3:
+    endpoint: http://localhost:9000
+    region: us-east-1
+    access-key: minio
+    secret-key: minio123
+    bucket: mosenioring
+
+app:
+  outbox:
+    publish-delay-ms: 2000
+  tenant:
+    header: X-Tenant-Id
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health,info,prometheus
+  tracing:
+    sampling:
+      probability: 1.0
+
+logging:
+  level:
+    root: INFO
+
+---
+spring:
+  config:
+    activate:
+      on-profile: local
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          issuer-uri: http://localhost:8081/realms/mosenioring
+
+app:
+  security:
+    local-auth-enabled: true
+
+---
+spring:
+  config:
+    activate:
+      on-profile: dev
+  datasource:
+    url: jdbc:postgresql://localhost:5432/mosenioring
diff --git a/back001/app/src/main/resources/db/migration/V1__init.sql b/back001/app/src/main/resources/db/migration/V1__init.sql
new file mode 100644
index 0000000..87e1860
--- /dev/null
+++ b/back001/app/src/main/resources/db/migration/V1__init.sql
@@ -0,0 +1,141 @@
+create table tenants (
+    id varchar(64) primary key,
+    name varchar(255) not null,
+    tenant_id varchar(64) not null,
+    created_at timestamptz not null,
+    updated_at timestamptz not null,
+    created_by varchar(128),
+    updated_by varchar(128)
+);
+
+create table users (
+    id varchar(64) primary key,
+    email varchar(255) not null,
+    role varchar(64) not null,
+    status varchar(32) not null,
+    tenant_id varchar(64) not null,
+    created_at timestamptz not null,
+    updated_at timestamptz not null,
+    created_by varchar(128),
+    updated_by varchar(128)
+);
+
+create table patients (
+    id varchar(64) primary key,
+    full_name varchar(255) not null,
+    tenant_id varchar(64) not null,
+    created_at timestamptz not null,
+    updated_at timestamptz not null,
+    created_by varchar(128),
+    updated_by varchar(128)
+);
+
+create table patient_caregivers (
+    id varchar(64) primary key,
+    patient_id varchar(64) not null,
+    user_id varchar(64) not null,
+    tenant_id varchar(64) not null,
+    created_at timestamptz not null,
+    updated_at timestamptz not null,
+    created_by varchar(128),
+    updated_by varchar(128)
+);
+
+create table patient_doctors (
+    id varchar(64) primary key,
+    patient_id varchar(64) not null,
+    user_id varchar(64) not null,
+    tenant_id varchar(64) not null,
+    created_at timestamptz not null,
+    updated_at timestamptz not null,
+    created_by varchar(128),
+    updated_by varchar(128)
+);
+
+create table medication_plans (
+    id varchar(64) primary key,
+    patient_id varchar(64) not null,
+    description text not null,
+    tenant_id varchar(64) not null,
+    created_at timestamptz not null,
+    updated_at timestamptz not null,
+    created_by varchar(128),
+    updated_by varchar(128)
+);
+
+create table tests (
+    id varchar(64) primary key,
+    patient_id varchar(64) not null,
+    test_name varchar(255) not null,
+    status varchar(64) not null,
+    tenant_id varchar(64) not null,
+    created_at timestamptz not null,
+    updated_at timestamptz not null,
+    created_by varchar(128),
+    updated_by varchar(128)
+);
+
+create table messages (
+    id varchar(64) primary key,
+    patient_id varchar(64) not null,
+    sender_id varchar(64) not null,
+    body text not null,
+    tenant_id varchar(64) not null,
+    created_at timestamptz not null,
+    updated_at timestamptz not null,
+    created_by varchar(128),
+    updated_by varchar(128)
+);
+
+create table files (
+    id varchar(64) primary key,
+    patient_id varchar(64),
+    file_name varchar(255) not null,
+    content_type varchar(255) not null,
+    storage_key varchar(512) not null,
+    tenant_id varchar(64) not null,
+    created_at timestamptz not null,
+    updated_at timestamptz not null,
+    created_by varchar(128),
+    updated_by varchar(128)
+);
+
+create table audit_events (
+    id varchar(64) primary key,
+    actor_id varchar(128) not null,
+    action varchar(128) not null,
+    resource varchar(128) not null,
+    resource_id varchar(64),
+    patient_id varchar(64),
+    tenant_id varchar(64) not null,
+    created_at timestamptz not null,
+    updated_at timestamptz not null,
+    created_by varchar(128),
+    updated_by varchar(128)
+);
+
+create table outbox_events (
+    id varchar(64) primary key,
+    event_type varchar(128) not null,
+    payload text not null,
+    status varchar(32) not null,
+    tenant_id varchar(64) not null,
+    created_at timestamptz not null,
+    updated_at timestamptz not null,
+    created_by varchar(128),
+    updated_by varchar(128)
+);
+
+create index idx_users_tenant on users(tenant_id);
+create index idx_patients_tenant on patients(tenant_id);
+create index idx_patient_caregivers_tenant on patient_caregivers(tenant_id);
+create index idx_patient_doctors_tenant on patient_doctors(tenant_id);
+create index idx_medication_plans_tenant on medication_plans(tenant_id);
+create index idx_tests_tenant on tests(tenant_id);
+create index idx_messages_tenant on messages(tenant_id);
+create index idx_files_tenant on files(tenant_id);
+create index idx_audit_events_tenant on audit_events(tenant_id);
+create index idx_outbox_events_tenant on outbox_events(tenant_id);
+
+create unique index idx_patient_caregivers_unique on patient_caregivers(tenant_id, patient_id, user_id);
+create unique index idx_patient_doctors_unique on patient_doctors(tenant_id, patient_id, user_id);
diff --git a/back001/build.gradle.kts b/back001/build.gradle.kts
new file mode 100644
index 0000000..06557c2
--- /dev/null
+++ b/back001/build.gradle.kts
@@ -0,0 +1,55 @@
+import io.spring.gradle.dependencymanagement.dsl.DependencyManagementExtension
+import org.gradle.api.plugins.JavaPluginExtension
+import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
+
+plugins {
+    kotlin("jvm") version "1.9.23" apply false
+    kotlin("plugin.spring") version "1.9.23" apply false
+    kotlin("plugin.jpa") version "1.9.23" apply false
+    id("org.springframework.boot") version "3.2.5" apply false
+    id("io.spring.dependency-management") version "1.1.4" apply false
+}
+
+allprojects {
+    group = "com.mosenioring"
+    version = "0.1.0"
+
+    repositories {
+        mavenCentral()
+    }
+}
+
+subprojects {
+    plugins.withId("io.spring.dependency-management") {
+        the<DependencyManagementExtension>().apply {
+            imports {
+                mavenBom("org.springframework.boot:spring-boot-dependencies:3.2.5")
+            }
+        }
+    }
+
+    tasks.withType<KotlinCompile> {
+        kotlinOptions {
+            jvmTarget = "21"
+            freeCompilerArgs = listOf("-Xjsr305=strict")
+        }
+    }
+
+    plugins.withId("java") {
+        extensions.configure<JavaPluginExtension> {
+            toolchain {
+                languageVersion.set(JavaLanguageVersion.of(21))
+            }
+        }
+    }
+
+    plugins.withId("org.jetbrains.kotlin.jvm") {
+        extensions.configure<org.jetbrains.kotlin.gradle.dsl.KotlinJvmProjectExtension> {
+            jvmToolchain(21)
+        }
+    }
+
+    tasks.withType<Test> {
+        useJUnitPlatform()
+    }
+}
diff --git a/back001/common/build.gradle.kts b/back001/common/build.gradle.kts
new file mode 100644
index 0000000..942b203
--- /dev/null
+++ b/back001/common/build.gradle.kts
@@ -0,0 +1,24 @@
+plugins {
+    kotlin("jvm")
+    kotlin("plugin.spring")
+    kotlin("plugin.jpa")
+    id("io.spring.dependency-management")
+    id("java-library")
+}
+
+dependencies {
+    api("org.springframework.boot:spring-boot-starter-web")
+    api("org.springframework.boot:spring-boot-starter-security")
+    api("org.springframework.boot:spring-boot-starter-data-jpa")
+    api("org.springframework.boot:spring-boot-starter-validation")
+    api("org.springframework.boot:spring-boot-starter-actuator")
+    api("org.springframework.security:spring-security-oauth2-resource-server")
+    api("org.springframework.security:spring-security-oauth2-jose")
+    api("com.fasterxml.jackson.module:jackson-module-kotlin")
+    api("org.jetbrains.kotlin:kotlin-reflect")
+    api("io.opentelemetry:opentelemetry-api:1.38.0")
+    api("org.jetbrains.kotlinx:kotlinx-coroutines-core:1.8.1")
+
+    testImplementation("org.springframework.boot:spring-boot-starter-test")
+    testImplementation("org.mockito:mockito-core:5.12.0")
+}
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/BaseEntity.kt b/back001/common/src/main/kotlin/com/mosenioring/common/BaseEntity.kt
new file mode 100644
index 0000000..03cd468
--- /dev/null
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/BaseEntity.kt
@@ -0,0 +1,38 @@
+package com.mosenioring.common
+
+import jakarta.persistence.Column
+import jakarta.persistence.MappedSuperclass
+import jakarta.persistence.PrePersist
+import jakarta.persistence.PreUpdate
+import java.time.Instant
+
+@MappedSuperclass
+abstract class BaseEntity {
+
+    @Column(name = "tenant_id", nullable = false, updatable = false)
+    lateinit var tenantId: String
+
+    @Column(name = "created_at", nullable = false, updatable = false)
+    lateinit var createdAt: Instant
+
+    @Column(name = "updated_at", nullable = false)
+    lateinit var updatedAt: Instant
+
+    @Column(name = "created_by")
+    var createdBy: String? = null
+
+    @Column(name = "updated_by")
+    var updatedBy: String? = null
+
+    @PrePersist
+    fun onCreate() {
+        val now = Instant.now()
+        createdAt = now
+        updatedAt = now
+    }
+
+    @PreUpdate
+    fun onUpdate() {
+        updatedAt = Instant.now()
+    }
+}
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/Events.kt b/back001/common/src/main/kotlin/com/mosenioring/common/Events.kt
new file mode 100644
index 0000000..1f67f87
--- /dev/null
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/Events.kt
@@ -0,0 +1,10 @@
+package com.mosenioring.common
+
+object Events {
+    const val MEDICATION_PLAN_CREATED = "MedicationPlanCreated"
+    const val NOTIFICATION_REQUESTED = "NotificationRequested"
+    const val MEDICATION_EXCHANGE = "medication.events"
+    const val NOTIFICATION_EXCHANGE = "notification.events"
+    const val MEDICATION_QUEUE = "medication.plan.created"
+    const val NOTIFICATION_QUEUE = "notification.requested"
+}
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/outbox/OutboxEvent.kt b/back001/common/src/main/kotlin/com/mosenioring/common/outbox/OutboxEvent.kt
new file mode 100644
index 0000000..ec9113e
--- /dev/null
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/outbox/OutboxEvent.kt
@@ -0,0 +1,24 @@
+package com.mosenioring.common.outbox
+
+import com.mosenioring.common.BaseEntity
+import jakarta.persistence.Column
+import jakarta.persistence.Entity
+import jakarta.persistence.Id
+import jakarta.persistence.Table
+
+@Entity
+@Table(name = "outbox_events")
+class OutboxEvent(
+    @Id
+    @Column(name = "id")
+    val id: String,
+
+    @Column(name = "event_type", nullable = false)
+    val eventType: String,
+
+    @Column(name = "payload", nullable = false, columnDefinition = "text")
+    val payload: String,
+
+    @Column(name = "status", nullable = false)
+    var status: String = "PENDING"
+) : BaseEntity()
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/outbox/OutboxRepository.kt b/back001/common/src/main/kotlin/com/mosenioring/common/outbox/OutboxRepository.kt
new file mode 100644
index 0000000..798550c
--- /dev/null
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/outbox/OutboxRepository.kt
@@ -0,0 +1,7 @@
+package com.mosenioring.common.outbox
+
+import org.springframework.data.jpa.repository.JpaRepository
+
+interface OutboxRepository : JpaRepository<OutboxEvent, String> {
+    fun findTop50ByStatusOrderByCreatedAtAsc(status: String): List<OutboxEvent>
+}
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/outbox/OutboxService.kt b/back001/common/src/main/kotlin/com/mosenioring/common/outbox/OutboxService.kt
new file mode 100644
index 0000000..140a726
--- /dev/null
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/outbox/OutboxService.kt
@@ -0,0 +1,28 @@
+package com.mosenioring.common.outbox
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.mosenioring.common.security.SecurityUtils
+import com.mosenioring.common.tenant.TenantContext
+import org.springframework.context.annotation.Profile
+import org.springframework.stereotype.Service
+import java.util.UUID
+
+@Service
+@Profile("!worker")
+class OutboxService(
+    private val repository: OutboxRepository,
+    private val objectMapper: ObjectMapper
+) {
+    fun enqueue(eventType: String, payload: Any): OutboxEvent {
+        val tenantId = TenantContext.getTenantId() ?: "unknown"
+        val event = OutboxEvent(
+            id = UUID.randomUUID().toString(),
+            eventType = eventType,
+            payload = objectMapper.writeValueAsString(payload)
+        )
+        event.tenantId = tenantId
+        event.createdBy = SecurityUtils.currentUserId()
+        event.updatedBy = SecurityUtils.currentUserId()
+        return repository.save(event)
+    }
+}
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/security/LocalAuthFilter.kt b/back001/common/src/main/kotlin/com/mosenioring/common/security/LocalAuthFilter.kt
new file mode 100644
index 0000000..ecd04e2
--- /dev/null
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/security/LocalAuthFilter.kt
@@ -0,0 +1,34 @@
+package com.mosenioring.common.security
+
+import jakarta.servlet.FilterChain
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
+import org.springframework.context.annotation.Profile
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
+import org.springframework.security.core.authority.SimpleGrantedAuthority
+import org.springframework.security.core.context.SecurityContextHolder
+import org.springframework.stereotype.Component
+import org.springframework.web.filter.OncePerRequestFilter
+
+@Component
+@Profile("local")
+class LocalAuthFilter : OncePerRequestFilter() {
+
+    override fun doFilterInternal(
+        request: HttpServletRequest,
+        response: HttpServletResponse,
+        filterChain: FilterChain
+    ) {
+        val userId = request.getHeader("X-Local-User")
+        val tenantId = request.getHeader("X-Local-Tenant")
+        val rolesHeader = request.getHeader("X-Local-Roles")
+        if (!userId.isNullOrBlank() && !tenantId.isNullOrBlank()) {
+            val roles = rolesHeader?.split(",")?.map { it.trim() }?.filter { it.isNotBlank() }?.toSet() ?: emptySet()
+            val authorities = roles.map { SimpleGrantedAuthority("ROLE_$it") }
+            val principal = LocalUserPrincipal(userId, tenantId, roles)
+            val auth = UsernamePasswordAuthenticationToken(principal, "N/A", authorities)
+            SecurityContextHolder.getContext().authentication = auth
+        }
+        filterChain.doFilter(request, response)
+    }
+}
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/security/PatientAccess.kt b/back001/common/src/main/kotlin/com/mosenioring/common/security/PatientAccess.kt
new file mode 100644
index 0000000..7934feb
--- /dev/null
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/security/PatientAccess.kt
@@ -0,0 +1,8 @@
+package com.mosenioring.common.security
+
+import org.springframework.security.access.prepost.PreAuthorize
+
+@Target(AnnotationTarget.FUNCTION, AnnotationTarget.CLASS)
+@Retention(AnnotationRetention.RUNTIME)
+@PreAuthorize("@patientAccessChecker.hasAccess(#patientId)")
+annotation class PatientAccess
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/security/PatientAccessChecker.kt b/back001/common/src/main/kotlin/com/mosenioring/common/security/PatientAccessChecker.kt
new file mode 100644
index 0000000..7d82fc9
--- /dev/null
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/security/PatientAccessChecker.kt
@@ -0,0 +1,26 @@
+package com.mosenioring.common.security
+
+import com.mosenioring.common.tenant.TenantContext
+import org.springframework.context.annotation.Profile
+import org.springframework.stereotype.Component
+
+interface PatientRelationshipRepository {
+    fun isCaregiverOf(tenantId: String, patientId: String, userId: String): Boolean
+    fun isDoctorOf(tenantId: String, patientId: String, userId: String): Boolean
+}
+
+@Component
+@Profile("!worker")
+class PatientAccessChecker(
+    private val relationships: PatientRelationshipRepository
+) {
+    fun hasAccess(patientId: String): Boolean {
+        val tenantId = TenantContext.getTenantId() ?: return false
+        if (SecurityUtils.hasRole("ADMIN")) {
+            return true
+        }
+        val userId = SecurityUtils.currentUserId() ?: return false
+        return relationships.isCaregiverOf(tenantId, patientId, userId) ||
+            relationships.isDoctorOf(tenantId, patientId, userId)
+    }
+}
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/security/SecurityUtils.kt b/back001/common/src/main/kotlin/com/mosenioring/common/security/SecurityUtils.kt
new file mode 100644
index 0000000..b30dfb9
--- /dev/null
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/security/SecurityUtils.kt
@@ -0,0 +1,35 @@
+package com.mosenioring.common.security
+
+import org.springframework.security.core.Authentication
+import org.springframework.security.core.context.SecurityContextHolder
+import org.springframework.security.oauth2.jwt.Jwt
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
+
+object SecurityUtils {
+    fun currentUserId(): String? {
+        val authentication = SecurityContextHolder.getContext().authentication ?: return null
+        return when (authentication) {
+            is JwtAuthenticationToken -> authentication.token.subject
+            else -> (authentication.principal as? LocalUserPrincipal)?.userId
+        }
+    }
+
+    fun currentTenantId(): String? {
+        val authentication = SecurityContextHolder.getContext().authentication ?: return null
+        return when (authentication) {
+            is JwtAuthenticationToken -> authentication.token.getClaimAsString("tenant_id")
+            else -> (authentication.principal as? LocalUserPrincipal)?.tenantId
+        }
+    }
+
+    fun hasRole(role: String, authentication: Authentication? = null): Boolean {
+        val auth = authentication ?: SecurityContextHolder.getContext().authentication ?: return false
+        return auth.authorities.any { it.authority == "ROLE_$role" }
+    }
+}
+
+data class LocalUserPrincipal(
+    val userId: String,
+    val tenantId: String,
+    val roles: Set<String>
+)
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/tenant/TenantContext.kt b/back001/common/src/main/kotlin/com/mosenioring/common/tenant/TenantContext.kt
new file mode 100644
index 0000000..9f89817
--- /dev/null
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/tenant/TenantContext.kt
@@ -0,0 +1,38 @@
+package com.mosenioring.common.tenant
+
+import kotlinx.coroutines.ThreadContextElement
+import kotlin.coroutines.AbstractCoroutineContextElement
+import kotlin.coroutines.CoroutineContext
+
+object TenantContext {
+    private val current = ThreadLocal<String?>()
+
+    fun getTenantId(): String? = current.get()
+
+    fun setTenantId(tenantId: String?) {
+        current.set(tenantId)
+    }
+
+    fun clear() {
+        current.remove()
+    }
+
+    fun asContextElement(tenantId: String?): CoroutineContext = TenantContextElement(tenantId)
+}
+
+class TenantContextElement(
+    private val tenantId: String?
+) : ThreadContextElement<String?>,
+    AbstractCoroutineContextElement(Key) {
+    companion object Key : CoroutineContext.Key<TenantContextElement>
+
+    override fun updateThreadContext(context: CoroutineContext): String? {
+        val previous = TenantContext.getTenantId()
+        TenantContext.setTenantId(tenantId)
+        return previous
+    }
+
+    override fun restoreThreadContext(context: CoroutineContext, oldState: String?) {
+        TenantContext.setTenantId(oldState)
+    }
+}
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/tenant/TenantFilter.kt b/back001/common/src/main/kotlin/com/mosenioring/common/tenant/TenantFilter.kt
new file mode 100644
index 0000000..ad50452
--- /dev/null
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/tenant/TenantFilter.kt
@@ -0,0 +1,30 @@
+package com.mosenioring.common.tenant
+
+import com.mosenioring.common.security.SecurityUtils
+import jakarta.servlet.FilterChain
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.stereotype.Component
+import org.springframework.web.filter.OncePerRequestFilter
+
+@Component
+class TenantFilter(
+    @Value("\${app.tenant.header:X-Tenant-Id}") private val tenantHeader: String
+) : OncePerRequestFilter() {
+
+    override fun doFilterInternal(
+        request: HttpServletRequest,
+        response: HttpServletResponse,
+        filterChain: FilterChain
+    ) {
+        val tenantId = SecurityUtils.currentTenantId()
+            ?: request.getHeader(tenantHeader)
+        TenantContext.setTenantId(tenantId)
+        try {
+            filterChain.doFilter(request, response)
+        } finally {
+            TenantContext.clear()
+        }
+    }
+}
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/web/PageResponse.kt b/back001/common/src/main/kotlin/com/mosenioring/common/web/PageResponse.kt
new file mode 100644
index 0000000..04f4255
--- /dev/null
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/web/PageResponse.kt
@@ -0,0 +1,8 @@
+package com.mosenioring.common.web
+
+data class PageResponse<T>(
+    val items: List<T>,
+    val page: Int,
+    val size: Int,
+    val total: Long
+)
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/web/ProblemDetailsAdvice.kt b/back001/common/src/main/kotlin/com/mosenioring/common/web/ProblemDetailsAdvice.kt
new file mode 100644
index 0000000..df2193f
--- /dev/null
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/web/ProblemDetailsAdvice.kt
@@ -0,0 +1,54 @@
+package com.mosenioring.common.web
+
+import jakarta.servlet.http.HttpServletRequest
+import org.springframework.http.HttpStatus
+import org.springframework.http.ProblemDetail
+import org.springframework.validation.FieldError
+import org.springframework.web.ErrorResponseException
+import org.springframework.web.bind.MethodArgumentNotValidException
+import org.springframework.web.bind.annotation.ExceptionHandler
+import org.springframework.web.bind.annotation.RestControllerAdvice
+
+@RestControllerAdvice
+class ProblemDetailsAdvice {
+
+    @ExceptionHandler(MethodArgumentNotValidException::class)
+    fun handleValidation(ex: MethodArgumentNotValidException, request: HttpServletRequest): ProblemDetail {
+        val detail = ProblemDetail.forStatus(HttpStatus.BAD_REQUEST)
+        detail.title = "Validation failed"
+        detail.type = java.net.URI.create("https://httpstatuses.io/400")
+        detail.setProperty("path", request.requestURI)
+        detail.setProperty("errors", ex.bindingResult.fieldErrors.map { it.toErrorMap() })
+        return detail
+    }
+
+    @ExceptionHandler(ErrorResponseException::class)
+    fun handleErrorResponse(ex: ErrorResponseException, request: HttpServletRequest): ProblemDetail {
+        val detail = ex.body
+        detail.setProperty("path", request.requestURI)
+        return detail
+    }
+
+    @ExceptionHandler(IllegalArgumentException::class)
+    fun handleIllegalArgument(ex: IllegalArgumentException, request: HttpServletRequest): ProblemDetail {
+        val detail = ProblemDetail.forStatus(HttpStatus.BAD_REQUEST)
+        detail.title = "Invalid request"
+        detail.detail = ex.message
+        detail.type = java.net.URI.create("https://httpstatuses.io/400")
+        detail.setProperty("path", request.requestURI)
+        return detail
+    }
+
+    @ExceptionHandler(IllegalStateException::class)
+    fun handleIllegalState(ex: IllegalStateException, request: HttpServletRequest): ProblemDetail {
+        val detail = ProblemDetail.forStatus(HttpStatus.CONFLICT)
+        detail.title = "Conflict"
+        detail.detail = ex.message
+        detail.type = java.net.URI.create("https://httpstatuses.io/409")
+        detail.setProperty("path", request.requestURI)
+        return detail
+    }
+
+    private fun FieldError.toErrorMap(): Map<String, Any?> =
+        mapOf("field" to field, "message" to (defaultMessage ?: "invalid"))
+}
diff --git a/back001/common/src/test/kotlin/com/mosenioring/common/PatientAccessCheckerTest.kt b/back001/common/src/test/kotlin/com/mosenioring/common/PatientAccessCheckerTest.kt
new file mode 100644
index 0000000..c09882a
--- /dev/null
+++ b/back001/common/src/test/kotlin/com/mosenioring/common/PatientAccessCheckerTest.kt
@@ -0,0 +1,54 @@
+package com.mosenioring.common
+
+import com.mosenioring.common.security.LocalUserPrincipal
+import com.mosenioring.common.security.PatientAccessChecker
+import com.mosenioring.common.security.PatientRelationshipRepository
+import com.mosenioring.common.tenant.TenantContext
+import org.junit.jupiter.api.Assertions.assertFalse
+import org.junit.jupiter.api.Assertions.assertTrue
+import org.junit.jupiter.api.BeforeEach
+import org.junit.jupiter.api.Test
+import org.mockito.Mockito
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
+import org.springframework.security.core.authority.SimpleGrantedAuthority
+import org.springframework.security.core.context.SecurityContextHolder
+
+class PatientAccessCheckerTest {
+
+    private lateinit var relationships: PatientRelationshipRepository
+    private lateinit var checker: PatientAccessChecker
+
+    @BeforeEach
+    fun setup() {
+        relationships = Mockito.mock(PatientRelationshipRepository::class.java)
+        checker = PatientAccessChecker(relationships)
+        TenantContext.setTenantId("t1")
+    }
+
+    @Test
+    fun `allows admin`() {
+        val auth = UsernamePasswordAuthenticationToken("admin", "n/a", listOf(SimpleGrantedAuthority("ROLE_ADMIN")))
+        SecurityContextHolder.getContext().authentication = auth
+        assertTrue(checker.hasAccess("p1"))
+    }
+
+    @Test
+    fun `denies when no relationship`() {
+        val principal = LocalUserPrincipal("user1", "t1", emptySet())
+        val auth = UsernamePasswordAuthenticationToken(principal, "n/a", emptyList())
+        SecurityContextHolder.getContext().authentication = auth
+        Mockito.`when`(relationships.isCaregiverOf("t1", "p1", "user1")).thenReturn(false)
+        Mockito.`when`(relationships.isDoctorOf("t1", "p1", "user1")).thenReturn(false)
+        assertFalse(checker.hasAccess("p1"))
+    }
+
+    @Test
+    fun `allows caregiver relationship`() {
+        val principal = LocalUserPrincipal("user2", "t1", setOf("CAREGIVER"))
+        val auth = UsernamePasswordAuthenticationToken(principal, "n/a", emptyList())
+        SecurityContextHolder.getContext().authentication = auth
+        Mockito.`when`(relationships.isCaregiverOf("t1", "p1", "user2")).thenReturn(true)
+        Mockito.`when`(relationships.isDoctorOf("t1", "p1", "user2")).thenReturn(false)
+        assertTrue(checker.hasAccess("p1"))
+    }
+}
diff --git a/back001/common/src/test/kotlin/com/mosenioring/common/TenantContextTest.kt b/back001/common/src/test/kotlin/com/mosenioring/common/TenantContextTest.kt
new file mode 100644
index 0000000..8c7488a
--- /dev/null
+++ b/back001/common/src/test/kotlin/com/mosenioring/common/TenantContextTest.kt
@@ -0,0 +1,29 @@
+package com.mosenioring.common
+
+import com.mosenioring.common.tenant.TenantContext
+import kotlinx.coroutines.runBlocking
+import kotlinx.coroutines.withContext
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.Assertions.assertNull
+import org.junit.jupiter.api.Test
+
+class TenantContextTest {
+
+    @Test
+    fun `sets and clears tenant context`() {
+        TenantContext.setTenantId("t1")
+        assertEquals("t1", TenantContext.getTenantId())
+        TenantContext.clear()
+        assertNull(TenantContext.getTenantId())
+    }
+
+    @Test
+    fun `propagates tenant context to coroutine`() = runBlocking {
+        TenantContext.setTenantId("t2")
+        val result = withContext(TenantContext.asContextElement("t2")) {
+            TenantContext.getTenantId()
+        }
+        assertEquals("t2", result)
+        TenantContext.clear()
+    }
+}
diff --git a/back001/docker-compose.yml b/back001/docker-compose.yml
new file mode 100644
index 0000000..ce6d3f7
--- /dev/null
+++ b/back001/docker-compose.yml
@@ -0,0 +1,61 @@
+version: "3.9"
+
+services:
+  postgres:
+    image: postgres:16
+    environment:
+      POSTGRES_DB: mosenioring
+      POSTGRES_USER: mosenioring
+      POSTGRES_PASSWORD: mosenioring
+    ports:
+      - "5432:5432"
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:22.0.5
+    command: start-dev --import-realm
+    environment:
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+    ports:
+      - "8081:8080"
+    volumes:
+      - ./docker/keycloak/realm.json:/opt/keycloak/data/import/realm.json:ro
+
+  rabbitmq:
+    image: rabbitmq:3.12-management
+    ports:
+      - "5672:5672"
+      - "15672:15672"
+
+  redis:
+    image: redis:7
+    ports:
+      - "6379:6379"
+
+  minio:
+    image: minio/minio:RELEASE.2024-04-06T05-26-02Z
+    environment:
+      MINIO_ROOT_USER: minio
+      MINIO_ROOT_PASSWORD: minio123
+    command: server /data --console-address ":9001"
+    ports:
+      - "9000:9000"
+      - "9001:9001"
+    volumes:
+      - minio:/data
+
+  minio-init:
+    image: minio/mc:latest
+    depends_on:
+      - minio
+    entrypoint: ["/bin/sh", "-c"]
+    command: >
+      "mc alias set local http://minio:9000 minio minio123 &&
+       mc mb -p local/mosenioring &&
+       mc anonymous set public local/mosenioring"
+
+volumes:
+  pgdata:
+  minio:
diff --git a/back001/docker/keycloak/realm.json b/back001/docker/keycloak/realm.json
new file mode 100644
index 0000000..b656185
--- /dev/null
+++ b/back001/docker/keycloak/realm.json
@@ -0,0 +1,31 @@
+{
+  "realm": "mosenioring",
+  "enabled": true,
+  "displayName": "Mosenioring",
+  "roles": {
+    "realm": [
+      { "name": "ADMIN" },
+      { "name": "DOCTOR" },
+      { "name": "CAREGIVER" }
+    ]
+  },
+  "clients": [
+    {
+      "clientId": "mosenioring-backend",
+      "enabled": true,
+      "publicClient": true,
+      "directAccessGrantsEnabled": true,
+      "standardFlowEnabled": true,
+      "redirectUris": ["*"]
+    }
+  ],
+  "users": [
+    {
+      "username": "admin",
+      "enabled": true,
+      "email": "admin@example.com",
+      "credentials": [{ "type": "password", "value": "admin", "temporary": false }],
+      "realmRoles": ["ADMIN"]
+    }
+  ]
+}
diff --git a/back001/gradle.properties b/back001/gradle.properties
new file mode 100644
index 0000000..4a42352
--- /dev/null
+++ b/back001/gradle.properties
@@ -0,0 +1,2 @@
+org.gradle.jvmargs=-Xmx1g -Dfile.encoding=UTF-8
+kotlin.code.style=official
diff --git a/back001/gradle/wrapper/gradle-wrapper.jar b/back001/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 0000000000000000000000000000000000000000..e6441136f3d4ba8a0da8d277868979cfbc8ad796
GIT binary patch
literal 43453
zcma&N1CXTcmMvW9vTb(Rwr$&4wr$(C?dmSu>@vG-+vuvg^_??!{yS%8zW-#zn-LkA
z5&1^$^{lnmUON?}LBF8_K|(?T0Ra(xUH{($5eN!MR#ZihR#HxkUPe+_R8Cn`RRs(P
z_^*#_XlXmGv7!4;*Y%p4nw?{bNp@UZHv1?Um8r6)Fei3p@ClJn0ECfg1hkeuUU@Or
zDaPa;U3fE=3L}DooL;8f;P0ipPt0Z~9P0)lbStMS)ag54=uL9ia-Lm3nh|@(Y?B`;
zx_#arJIpXH!U{fbCbI^17}6Ri*H<>OLR%c|^mh8+)*h~K8Z<V--Q23O4&HBVn~<)q
zmUaP7+TjluBM%#s1Ki#^GurGElkc7{cc6Skz+1nDVk%wAAQYx1^*wA%KSY>!9)DPf
zR2h?lbDZQ`p9P;&DQ4F0sur@TMa!Y}S8irn(%d-gi0*WxxCSk*A?3lGh=gcYN?FGl
z7D=Js!i~0=u3rox^e<cs4tSN~YA?c-d185$YFNA$Eq1&U{wh#b^OveuKoBPy0oYZ4
zAY2?B=x8yX9}pVM=cLrvugywt!e@Y3lH)i?7fvT*a`O;c)CJQ>O3i@$0=n{K1lPNU
zwmfjRVmLOCRfe=seV&P*1Iq=^i`502keY8Uy-WNPwVNNtJFx?IwA<BCEY82WDKJP<
zB^CxjFxi=mg*OyI?K3GoDfk;?-K<Z#JoxhYNeEUf896)l%7gL``44}zn)7|Rf;)SC
z_EfJr4I+3i(GiHN`R+vHqf}1wXtH?65<wKlxV1BU(#3XgtH<$Fir3S(7QeRA3)u89
zID&66K{&mq$DsB}s&o?H60{cskfh*hvn8hQW#~Q!qM04QtZvx3JEpqeKWE6|+OZW=
z(LB7}flr|t7va%>yR<KG!FYzS$bs7qXcpM&wV@~>PZo2<wCq%CszVO$mosTTuv*Mz
zOLoi?e^7B~xS22~QW8Rmnt{(AtL<HGi<_P9`0pH;3)@S9Eg`gt2X<om7C^q}pKX|*
zTy3X{nOr-xyt4=Qx1IjrzGb!_SyAv^SZcf;air&-;Ua+)5k0z=#R7@UW%)3oEjGA|
zZ#DE3px@h1k7w%|4rVIO=0Aid2A%?nBZrupg^_z5J-$$YKeDZ&q8+k7zccb<dc4D;
zz}+UYkl_eUNL3PW+reZ6UUB}=sHp~$z%Q}gZ-#ow+ffQIj|A3`B9LO*6%t@)0PV!x
ziJ=9fw_>Wo1+S(xF37LJZ~%i)kpFQ3Fw=mXfd@>%+)RpYQLnr}B~~zoof(JVm^^&f
zxKV^+3D3$A1G;qh4gPVjhrC8e(VYUHv#dy^)(RoUFM?o%W-EHxufuWf(l*@-l+7vt
z=l`qmR56K~F|v<^Pd*p~1_y^P0P^aPC##d8+HqX4IR1gu+7w#~TBFphJxF)T$2WEa
zxa?H&6=Qe7d(#tha?_1uQys2KtHQ{)Qco)qwGjrdNL7thd^G5i8Os)CHqc>iOidS}
z%nFEDdm=GXBw=yXe1W-ShHHFb?Cc70+$W~z_+}nAoHFYI1MV1wZegw*0y^tC*s%3h
zhD3tN8b=Gv&rj}!SUM6|ajSPp*58KR7MPpI{oAJCtY~JECm)*m_x>AZEu>DFgUcby
z1Qaw8lU4jZpQ_$;*7RME+gq1Ky<fW-rh4ehZ;%u960Gt5OF)<y$00S=6tVE=%Pt~(
z!&BP&2I%`@>SGG#Wql>aL~k9tLrSO()LWn*q&YxHE<sT^`N@Q|)S3y<ZACaLXO56z
zncP$~M5K!npWqz?)C50MMw=XqFtDO!3JHI*t-^8Ga&lGPHX2F0pIGdZ3w5ewE+{kf
z-&Ygi?@-h(ADD|ljIBw%VHHf1xuQ~}IeIQ5JqlA4#*Nlvd`IfDYzFa?PB=RCcFpZ4
z|HFmPZM=;^DQ_z<IPz$$+yG(H4803QQAA7vQF7;_gv|AD1bH*R-CP3f<<utDpH)Ht
zI@{uO12adp{;132YoKPx?C9{&;MtHdHb*0F0;Z~D42}#*l+WD2u?r>uzmwd1?aAtI
zBJ>P=&$=l1efe1CDU;`Fd+_;&wI07?V0aAIgc(<VS*?#8Zt!w88FJrjasA1!6>!{a
z0Jg6Y=inXc3^n!U0Atk`iCFIQooHqcWhO(qrieUOW8X(x?(RD}iYDLMjSwffH2~tB
z)oDgNBLB^AJBM1M^c5HdRx6fBfka`(LD-qrlh5jqH~);#nw|iyp)()xVYak3;Ybik
z0j`(+69aK*B>)e_p%=wu8XC&9e{AO4c~O1U`5X9}?0mrd*m$_EUek{R?DNSh(=br#
z#Q61gBzEpmy`$pA<eVn3dnmk^xq`=o2)~2c0ywsuTQsC?1WZZehsJYfK@LQ>*6!87
zSDD+=@fTY7<4A?GLqpA?Pb2z$pbCc4B4zL{BeZ?F-8`s$?>*lXXtn*NC61>|*w7J*
z$?!iB{6R-0=KFmyp1nnEmLsA-H0a6l+1uaH^g%c(p{iT&YFrbQ$&PRb8Up#X3@Zsk
zD^^&LK~111%cqlP%!_gFNa^dTYT?rhkGl}5=fL{a`UViaXWI$k-UcHJwmaH1s=S$4
z%4)PdWJX;hh5UoK?6aWoyLxX&NhNRqKam7tcOkLh{%j3K^4Mgx1@i|Pi&}<^5>hs5
zm8?uOS>%)NzT(%PjVPGa?X%`N2TQCKbeH2l;cTnHiHppPSJ<7y-yEIiC!P*ikl&!B
z%+?>VttCOQM@ShFguHVjxX^?mHX^hSaO_;pnyh^v9EumqSZTi+#f&_Vaija0Q-e*|
z7ulQj6Fs*bbmsWp{`auM04gGwsYYdNNZcg|ph0OgD>7O}Asn7^<IivRZw`Wa$`V6)
zgX@^QL9j}-Od{q5<J*k0+1U=R5+PCYj(U}4VpX+BjfI~+dttS?HJ6uZSGH#H-twTo
zaptG40+PAc$fs*zLFkOfGfc+xGs<T?rLGIA%SU7c%jh!E1SNN~*-`ccW8wo4gv2Sj
zhify^C(ygi)uGwqXDLqVbH>Z=eI>`$2*v78;sj-}oMoEj&@)9+ycEOo92xSyY344^
z11Hb8^kdOvbf^GNAK++bYioknrpdN>+u8R?JxG=!2Kd9r=YWCOJYXYuM0cOq^FhEd
zBg2puKy__7VT3-r*dG4c62Wgxi52EMCQ`bKgf*#*ou(D4-ZN$+m<X+=`m<r!lO%3T
zMp}MJd(WDoQ2&6(LClZxpv<vZPPM3Ngkye2VhB=i|B12g5ouw(%`gbWtRq8~sU|o*
z$kQ8Jb~6&{ak;r$7@?#t*q9RfAOj=^uAf1z5Y8`N%M`oM@?!~VqN{g%-u$XR1u1Im
zGE&AzFpIcER(5jtCPR%RZ)!+|*rU~jZBiOKdqYjO(%yK3Lz;{##(@QEVo>g&7$u!!
z-^<eVk1WtrWdvAzoBMHoB$s2RXJCv}%muyVFFJ``?>+Z%;-3IDwqZ|K=ah85OLwkO
zKxNBh+4QHh)u9D?MFtpbl)<T1$eOrb4-+U|WDC2BesgFRlgt`klbeQ^1S`7`r+uZ8
zH&U=geA}Si;CUcKvBA&^@<o1GQ7`{1Y(cCHZv|73JIJOvVwLOMZP%Q|)y@^j2e<+z
zWVo=#FL!4XNKS~-_1`gw*qi$0j6P7ym_LTvG>us}9+V!D%w9jfAMYEb>%$A;u)rrI
zuBudh;5PN}_6J_}l55P3l_)&RMlH{m!)ai-i$g)&*M`eN$XQMw{v^r@-125^RRCF0
z^2>|DxhQw(mtNEI2Kj(;<s2pnue6O@?^QaAp;Ze6z9nX*w}4h7342+0lU$@;Knnve
zqqY2Ci=`)@>KblC7x=JlK$@78`O~>V!`|1Lm-^JR$-5pUANAnb(5}B}JGjBsliK4&
zk6y(;$e&h)lh2)L=bvZKbvh@>vLlreBdH8No2>$#%_Wp1U0N7Ank!6$dFSi#xzh|(
zRi{U<eziQYNZ-=4ReK3@^LFvNQI~(Pdvp+X@J@g#bd~m0wFc+sW3Xf5tyA3xKp;T3
zy14<o-`F}$ET-DQ;B;yNy?d>w%-4W!{IXZ)fWx@XX6;&(m_F%c6~X8hx=BN1&q}*(
zoaNjWabE{oUPb!Bt$eyd#$5j9rItB-h*5JiNi(v^e|XKAj*8(k<5-2$&ZBR5fF|JA
z9&m4fbzNQnAU}r8ab>fFV%J0z5awe#UZ|bz?Ur)U9bCIKWEzi2%A+5CLqh?}K4JHi
z4vtM;+u<SJ)DEVF_yZnTw01M`(s#^BNx+c|MQ6ogb50Jjul0L;!#OmrYCs)iE)7(t
z?%I~O!zVNt#Bf3#O2WXsGz!B}&s@MfyDeaoqqf=GELN3g$+DA`&&GKy(`Ya~A@6vK
zn|WZ-+tB`DH^+SjI&K3KekF%-QIP%R{F)inWc~@cEO-=3Or<lm9g9}|`|ky#v{5*;
zKA5d<ecC{<o9p<U4UUK$m|+q#@(>PsVz{Lfr;78W78gC;z*yTch~4YkLr&m-7%-xc
ztw6Mh2<b07B|^BQBjvq{FXx?kyJ);`+G*=&9PMD`1uf<{+pNnnsIQx~kaB?*5<-7a
zqY)GyF_w$>d>_iO<o;tRi5=dcnU&wcur@4T5Z=-$xFUEsp-yX${|jSF|HMDPq3?MS
zw;p9zjR`yYJOfJZsK~C-S=JQ?nX{z_y@06JFIpheAo-rOG|5&Gxv)%95gpu@ESfi|
z7Auc&hjVL;&81Pc#L`^d9gJb`wEtLVH8q|h{>*$Rd8(-Cr1_V8EO1f*^@wRoSozS)
zy1UoC@pruAaC8Z_7~_w4Q6n*&B0AjOmMWa;s<dwKr_&w<X$Z*rmLmKUI3S>Iav&gu
z|J5&|{=a@vR!~k-OjKEgPFCzcJ>#A1uL&7xTDn;{X<DkOU(-L87#5hf4{m?aj!I6-
zPEt$K07IXK8mI0TYf-jhke2QjQw3v?qN5h0-#Fel0)Krq1f)#^AFsfd|K$I={`Xs9
z{JIr8M>BdeM}V=l3B8fE1--DHjSaxoSjNKEM9|U9#m2<eS=8Og#NOG$&X&%|8sOyg
zpZ6&%KPd&uh?v{hRMVvQjUL}gY3)Mk3{XQXF{><3>n{Iuo`r3UZp;>GkT2YBNAh|b
z^jTq-hJp(ebZh#Lk8hVBP%qXwv-@vbvoREX$TqRGTgEi$%_F9tZES@z8Bx}$#5eeG
zk^UsLBH{bc2VBW)*EdS({yw=?qmevwi?BL6*=12k9zM5gJv1>y#ML4!)iiPzVaH9%
zgSImetD@dam~e>{LvVh!phhzpW+iFvWpGT#CVE5TQ40n%F|p(sP5mXxna+Ev7PDwA
zamaV4m*^~*xV+&p;W749xhb_X=$|LD;FHuB&JL5?*Y2-oIT(wYY2;73<^#46S~Gx|
z^cez%V7x$81}UWqS13Gz80379Rj;6~WdiXWOSsdmzY39L;Hg3MH43o*y8ib<ko|2T
z<o~B%-$Y4Q9z_t97c`{g0veSfFt63Osbpe2Osn@<=nrAVk_JfMGt&lMGw9leshc#5
z*hkn0u>NBBH`(av4|u;YPq%{R;IuYow<+GEsf@R?=@tT@!}?#>zIIn0CoyV!hq3mw
zHj>OOjfJM3F{RG#6ujzo?y32m^tgSXf@v=J$ELdJ+=5j|=F-~hP$G&}tDZsZE?5rX
ztGj`!S>)CFmdkccxM9eGIcGnS2AfK#gXwj%esuIBNJQP1WV~b~+D7PJTmWGTSDrR`
zEAu4B8l>NPuhsk5a`rReSya2nfV<T&F{)-N{)9$`9a!^D!-03RDN<TPH!aW46TC4L
z>1EK01+G!x8aBdTs3Io$u5!6n6KX%uv@DxAp3F@{4UYg4SWJtQ-W~0MDb|j-$lwVn
znAm*Pl!?Ps&3wO=R115RWKb*JKoexo*)uhhHBncEDMSVa_PyA>k{Zm2(wMQ(5NM3#
z)jkza|GoWEQo4^s*wE(gHz?Xsg4`}HUAcs42cM1-qq_=+=!Gk^y710j=66(cSWqUe
zklbm8+zB_<cF$~mH3zum`PN7rn^cr1XvcjzxFO{ms_482AyMFYi+#o7!*vecrNhft
z48z<2q#fIw=ce!MXuptfT4+M8FP&|QfB3H@2)dceSR<*e5@hq<#7<$5tC^!RO8Zi<
zd_Wl!>syQv5A2rj!Vbw8;|$@C!vfNmNV!yJ<MblqN@23-5g1<aeoul%Um5K((_QY}
ze%_@BuNzay69}2PhmC<;m}2=FevDzrp!V!u4u|#h@B=rfKt+v!U`0k7>IWDQ>{+2x
zKjuFX`~~HKG~^6h5FntRpnnHt=D&rq0>IJ9#F0eM)Y-)GpRjiN7gkA8wvnG#K=q{q
z9dBn8_~wm4J<3J_vl|9H{7q6u2A!cW{bp#r*-f{gOV^e=8S{nc1DxMHFwuM$;aVI^
zz6A*}m8N-&x8;aunp1w7_vtB*pa+OYBw=TMc6Q<xVqo{NJ3h9-a)s5XuYMqZ=Y{7{
z$O63J`)FM-y*mko#!-UBa!3~eYtX1hjRQY2jMxAx=q5uKNm#uaKIak>K=mbA-|Cf*
zvyh8D4LRJImooUaSb7t*fVfih<97Gf@VE0|z>NcBwBQze);Rh!k3K_sfunToZY;f2
z^HmC4KjHRVg+eKYj;PRN^|E0>Gj_zagfRbrki68I^#~6-HaHg3BUW%<xsJq4AotN+
zH6twFV=)FlAbs*F6vGws^==x5Tl0AIbcP{&2yxB=)*u+bvK^L6$Vp}U2{9nj{bK~d
zee7tC)@DR<dI`D%cA(%7M9Ui3a)^iG?m=oJO0E^``<|5il2sf1fZHvy=D@e0<I)<l
zI!|d{`X3u}lz2(4Vn>+clM1<yhZZgPANro5CwhUb>xQEdPYt_g<2K+z!$>*$9nQ>;
zf9Bei{?zY^-e{q_*|W#2rJG`2fy@{%6u0i_VEWTq$*(ZN37|8lFFFt)nCG({r!q#9
z5VK_kkS<W$zJN%xs9<lngf<utn=i|I;bCdr-Lr<EzK)tkE-pYh-fc0wqKz?&U8TTN
zh_eAdl<>J3?zOH)OezMT{!YkCuSSn!<oaxO4?NS?VufjhPn>K#-Rhl$uUM(bq*jY?
zi1xbMVthJ`E>d>(f3)~fozjg^@eheMF6<)I`oeJYx4*+M&%c9VArn(OM-wp%M<-`x
z7sLP1&3^%Nld9Dhm@$3f2}87!quhI<BVn6Upp<cc;cU|)&2W%nk!Ak8tXK8aT!m*5
z^9zmeeS|PCG$hgM&Uh}0wp+#$jK3YCwOT&nx$??=a@_oQemQ~hS6nx6fB5r~bFSPp
z`alXuTYys4S5dCK)KDGR@7`I-JV^ewQ_BGM^o>@nwd@3~fZl_3LYW-B?Ia>ui`ELg
z&Qfe!7<FViITCBP{rA>m6ze=mZ<W0bN&bq-0D3>`Ia9$z|ARSw|IdMpooY4YiPN8K
z4B(ts3p%<w%rbophph+BzYj>2i(Td=<hfIaF6Ll8+9!48Ti=xpXB{FgJbk;>tgEHX
z0UQ_>URBtG+-?0E;E7Ld^dyZ;jjw0}XZ(}-QzC6+NN=40oDb2^v!L1g9xRvE#@IBR
zO!b-2N7wVfLV;mhEaXQ9XAU+>=XVA6f&T4Z-@AX!leJ8obP^P^wP0aICND?~w&N<u
ztispy>ykJ#54x3_@r7IDMdRNy4Hh;h*!u(Ol(#0bJdwEo$5437-UBjQ+j=Ic>Q2z`
zJNDf0yO6@mr6y1#n3)s(W|$iE_i8r@Gd@!DWD<Q)gT}bxTg_YpJQ5s|m8}+B)KBN6
zYnlzh>qZ7J&~gAm1#~maIGJ<sH@F<m!Fuh_fvrMbcDJNJ5~Yg;LF}NFN}&Y&LL76S
zv)~8W2?_rx`P;4LB-=JqsI{I~4U8DnSSIHWU2rHf%vWsA2-d=78An8z4q|lvgQ2iB
zhUUI!H+|C+_qp(Tjzu5usOu}cEoivZK&XA==sh0cD|Eg7eERXx?KwHI=}A9S_rx8S
zd)VLh_s!Juqi^!0xv7jH)UdSkEY~N|;QMWvs;HN`dMsdK=Dw2mtAHHcK8_+kS%a_V
zGgeQoaMM>1sls^gxL9LLG_Nh<XXk<>U!pTGty!TbhzQnu)I*S^54U6Yu%ZeCg`R>Q
zhBv$n5j<?~h)Y%y=zErI?{tl!(JWSDXxco7X8WI-6K;9Z-h&~kIv?$!6<k(g(xee?
z53>0v%O_j{QYWG!R9W?5_b&67KB$t}&e2LdMvd(PxN6Ir!H4>PNlerpBL>Zvyy!yw
z-SOo8caEpDt(}|gKPBd$qND5#a5nju^O>V&;f890?yEOfkSG^HQVmEbM3Ugzu+UtH
zC(INPDdraBN?P%kE;*Ae%Wto&sgw(crfZ#Qy(<4nk;S|hD3j{IQRI6Yq|f^basLY;
z-HB&Je%Gg}Jt@={_C{L$!RM;$$|<j7k-g{75e!h)4SlFvEZ*AkqrJI;EWu$Zx+OwM
zm{5Yk>iD6vu#3w?v?*;&()uB|I-XqEKqZPS!reW9JkLewLb!70T7n`i!gNtb1%vN-
zySZj{8-1>6E%H&=V}LM#xmt`J3XQoaD|@XygXjdZ1+P77-=;=eYpoEQ01B@L*a(uW
zrZeZz?HJsw_4g0vhUgkg@VF8<-X$B8pOqCuWAl28uB|@r`19DTUQQsb^pfqB6QtiT
z*`_UZ`fT}vtUY#%sq2{rchyfu*pCg;uec2$-$N_xgjZcoumE5vSI{+s@iLWoz^Mf;
zuI8kDP{!XY6OP~q5}%1&L}CtfH^N<3o4L@J@zg1-mt{9L`s^z$Vgb|mr{@WiwAqKg
zp#t-lhrU>F8o0s1q_9y`gQNf~Vb!F%70f}$>i7o4ho<sjDlFD=G`r<7$U?bJN+x5S
z@0&tQ=-XO1uDq(HCa$X)-l<u1!s<!W`30F78UcZaZKc8)G0af1Dsh%OOWh5)q+Q+n
zySBnE+3;9^#)U#Gq);&Cu=mtjNpsS~S0yjE@m4{Kq525G&cO_+b-_B$LeXWt_@XTq
z`)(;=^RDS@oh5dPjKyGAP?-Dbh507E5zZ=D2_C*6s^HXiA)B3f=65_M+rC&rMIUP6
zi4@u>$`uciNf=xgJ>&!gSt0g;M>*x4-`U)ysFW&Vs^Vk6m%?iuWU+o&m(2Jm26<Ea
z?or_^bK_`R)hBTfrBqA3Y^o7$K~Nzo)sh-vT%yWcc1I5wF1nkvk%!X_Vl_MK1IHC=
zt}Dt+sOmg0sH-?}kqNB|M_}ZXui7H;?;?xCCSIPSHh8@h^K8WU5X(!3W|>Y(3%TL;
zA7T)BP{WS!&xmxNw%J=$MPfn(9*^*TV;$JwRy8Zl*yUZi8jWYF>==j~&S|Xinsb%c
z2?B+kpet*muEW7@AzjBA^wAJBY8i|#C{WtO_or&Nj2{=6JTTX05}|H>N2B|Wf!*3_
z7hW*j6p3TvpghEc6-wufFiY!%-GvOx*bZrhZu+7?iSrZL5q9}igiF^*R3%DE4aCHZ
zqu>xS8LkW+Auv%z-<1Xs92u23R$nk@Pk}MU5!gT|c7vGlEA%G^2th&Q*zfg%-D^=f
z&J_}jskj|Q;73NP4<UD^T*M!yxMr=U!@&!rJfydk7CE7PGb<{)^=nM9Le#FQ=GkV~
z)_A$YPAn35??iNa@`g-wBX><4k*Y%pXPU2Thoqr+5uH1yEYM|VtBPW6lXaetokD0u
z9qVek6Q&wk)tFbQ8(^HGf3Wp16gKmr>G;#G(HRBx?F`9AIRboK+;OfHaLJ(P>IP0w
zyTbTkx_THEOs%Q&aPrxbZrJlio+hCC_HK<4%f3ZoSAyG7Dn`=X=&h@m*|UYO-4Hq0
z-Bq&+Ie!S##4A6OGoC~>ZW`Y5J)*ouaFl_e9GA*VSL!O_@xGiBw!AF}1{tB)z(w%c
zS1Hmrb9OC8>0a_$BzeiN?rkPLc9%&;1CZW*4}CDDNr2gcl_3z+WC15&H1Zc2{o~i)
z)LLW=WQ{?ricmC`G1GfJ0Yp4Dy~Ba;j6ZV4r{8xRs`13{dD!xXmr^Aga|C=iSmor%
z8hi|pTXH)5Yf&v~exp3o+sY4B^^b*eYkkCYl*T{*=-0HniSA_1F53eCb{x~1k3*`W
zr~};p1A`k{1DV9=UPnLDgz{aJH=-LQo<5%+Em!DNN252xwIf*wF_zS^!(XSm(9eoj
z=*dXG&n0>)_)N5<wxn0{TP0tnD=JAzVUcIUoR85Xt>oc6v!>-bd(2ragD8O=M|wGW
z!xJQS<)u70m&6OmrF0WSsr@I%T*c#Qo#Ha4d3COcX+9}hM5!7JIGF>7<~C(Ear^Sn
zm^ZFkV6~Ula6+8S?oOROOA6$C&q&dp`>oR-2Ym3(HT@O7Sd5c~+kjrmM)YmgPH*tL
zX+znN>`tv;5eOfX?h{AuX^LK~V#gPCu=)Tigtq9&?7Xh$qN|%A$?V*v=&-2F$zTUv
z`C#WyIrChS5|Kgm_GeudCFf;)!WH7FI60j^0o#65o6`w*S7R@)88n$1nrgU(oU0M9
zx+EuMkC>(4j1;m6N<sS-ys^qbJhGY7%0ZoC7dK=j7bGdau`J`{>oGqEkpJYJ?vc|B
zOlwT3<tNmX!mXZdsEW2s2`|?DC8;N?2tT*Lfq)F*|4vf>t&UgL!pX_P*6g36`ZXQ;
z9~Cv}ANFnJGp(;ZhS(@FT;3e)0)Kp;h^x;$*xZn*k0U6-&Fw<BqOnDKEdld8!Qk{Z
zjI1+R_ciEqL3CLOv$+J~YVpzIy`S&V{koIi$Lj}ZFEMN=!rL1?_EjSryIV+OBiiJ-
zIqT$oSMA>I=uOGaODdrsp-!K$Ac32^c{+FhI-HkYd5v=`PGsg%6I`4d9Jy)uW0y%)
zm&j^9WBAp*P8#kGJUhB!L?a%h$hJgQrx!6KCB_TRo%9{t0J7KW8!o1B!NC)VGLM5!
zpZy5Jc{`r{1e(jd%jsG7k%I+m#C<kI0i<ajCqQC!(pKlSsMl7M2N^mP%W`BGKb?hm
zBK`pddcg5+WhE#$46+K<Z!1CW-hZdo7hAw13ZUVqwW*}&ujL=eh{m~phuOy=JiBMN
z7FaCUn6boJ!M=6PtLN6%cveGkd12|1B{)kEYGTx#IiMN&re0`}NP-_{E-#FxOo3*P
zkAXSt{et292KfgGN`AR|C`p{MRpxF-I?+`ZY1Vsv>GS*BPA65ZVW~fLYw0dA-H_}O
zrkGFL&P1PG9p2(%Qi<evvBkNEkQkM%A>EWm6x;U-U&I#;Em$nx-_I^wtgw3xUPVVu
zqSuKnx&dIT-XT+T10p;yjo1Y)z(x1fb8Dzfn8e&#9yu?e%!_ptzGB|8GrCfu%p?(_
zQccdaaVK$5bz;*rnyK{_SQYM>;aES6Qs^lj9lEs6_J+%nIiuQC*fN;z8md>r_~Mfl
zU%p5Dt_YT>gQqfr@`cR!$NWr~+`CZb%dn;WtzrAOI>P_JtsB76<bUr7Lsb65vEd}g
z5JhMCmn#UeH#6Cew?bxogM)$x5ed{E)%2nWY5rb@Clvh$(JzQ#!CsQ(2I4QnhDDJ^
zYL%2bf8?`y)Ro=x{(dw<4^)(H^z7~3nfYFh-r7yBBb=l3V8dE-Dr&a%qs<OYcajo2
z(4Nw|k5_OQ@6zHmcIK%waj!yoZT(S1YlEFN?8-_lp9nf>PYe*<%H(y>qx-`Kq!X_;
z<{RpAqYhE=L1r*M<cT6p|4(5fVa-WIh|@AphR|cJ1`?N>)gNF3B8r(<%8mo*SR2hu
zccLRZwGARt)H<F*kMvg%oJV~29ud_q>lo1euqTyM>^!HK*!Q2P;4UYry<i)yWXzKa
zM^_qppY~vnIrhL_!;Z9msXMZTTwR{e`yH5t=HdD1Pni7?LqOpLoX}u5n5RfkGBvQ1
z@cdMeR4T6rp^S~>sje@;(<|$&%vQekbn|0Ruu_Io(w4#%p6ld2Yp7tlA`Y$cciThP
zKzNGIMPXX%&Ud0uQh!uQZz|FB`4KGD?3!ND?wQt6!n*f4EmCoJUh&b?;B{|lxs#F-
z31~HQ`SF4x$&v00@(P+j1pAaj5!s`)b2RDBp*PB=2IB>oBF!*6vwr7Dp%zpAx*dPr
zb@Zjq^XjN?O4QcZ*O+8>)|HlrR>oD*?WQl5ri3R#2?*W6iJ>>kH%KnnME&TT<gNU{
zn$Veg044#l=Z-&wsmEZhnw7IwT7Cd}hiZ%ke)-GzAR-Dt6)8Cb6>@Z<Y-SEE^OC5H
z=$M0HjdWR5p?n;s9OTXrEa1eGt}G;Eu)ifSop!$z#6V<>zrHS$Q%LC?n|e>V+D+8D
zYc4)QddFz7I8#}y#Wj6>4P%34dZH<AWj}HgE@5&D9Ra@o(Km_Gm}5Zb61p%9mDz1%
zya$Vd!_U~pDN*Y5%lo}-K~}4&F)rTjJ7uGyV@~kB-XNrIGRiB=UrNxJtX;JHb(EyQ
z{!R%v{vC7m|L3bx6lCRb7!mP~Is!r!q&OXpE5nKnH3@l({o}PrL`o>~OUDb?uP%-E
zwjXM(?Sg~1!|wI(RVu<h{6ESg9k500(D<HXwz52OGq(JEKS2CJR}8N&E-#%vhhaRN
zL#Q6%yUcel+!a#~g&e7w4$3s62d$Dv;SxCxhT}>xbu)-rH+O=igSho_pDCw(c6b=P
zKk4ATlB?bj9+HHlh<_!&z0rx13K3ZrAR8W)!@Y}o`?a*JJsD+twZIv`W)@Y?Amu_u
zz``@-e2X}27$i(2=9rvIu5uTUOVhzwu%mNazS|lZb&PT;XE2|B&W1>=B58#*!~D&)
zfVmJGg8UdP*fx(>Cj^?yS^zH#o-$Q-*$SnK(ZVFkw+er=>N^7!)FtP3y~Xxnu^nzY
zikgB>Nj0%;WOltWIob|}%lo?_C7<``a5hEkx&1ku$|)i>Rh6@3h*`slY=9U}(Ql_<
zaNG*J8vb&@zpdhAvv`?{=zDedJ23TD&Zg__snRAH4eh~^oawdYi6A3w8<<tS1{)`*
zH!u#2_lf&B)x2)tE$?4|aMAYUFZ{|Se7->Ozh@Kw)<E~4fKYaJ{OS+>#bdktM^GVb
zrG08?0bG?|NG+w^&JvD*7LAbjED{_Zkc`3H!My>0u5Q}m!+6VokMLXxl`Mkd=g&Xx
z-a>m*#G3SLlhbKB!)tnzfWOBV;u;ftU}S!NdD5+YtOjLg?X}dl>7m^gOpihrf1;PY
zvll&>dIuUGs{Q<Ww4SS<E23Sm*si$^C!!snD|AFym<+q$`*o0wokE?J{^g?f3>nd-
zwIR3oIrct8Va^Tm0t#(bJD7c$Z7DO9*7NnRZorrSm`b`cxz>OI<bVZt$VQ!oMxCu0
zbb7D5OIXV5Ynn@Y6)HLT=1`a=nh7{ee{vr<=$>C;jSE3DO8`hX955ui`s%||YQtt2
z5DNA&pG-V+4oI2s*x^>-$6J?p=I>C|9wZF8z;VjR??Icg?1w2v5Me+FgAeGGa8(3S
z4vg*$>zC-WIVZtJ7}o9{D-7d>zCe|z#<9>CFve-OPAYsneTb^JH!Enaza#j}^mXy1
z+ULn^10<XTm*l1Jg2Z;UvGEN!6Wq%I@OP4p{k`RNRKlKFWPt_of11^Gr%_Mg*mVP3
zm?)&3I719~aYcs)TY&q^$zmQ=xoC++VJH@~YG6>+rWLF6j2>Ya@@Kq?26>AqK{A_|
zQKb*~F1>sE*=d?A?W7N2j?L09_7n+H<SF8|SM#pTc9|9|rf1w*m4Y0Vdj643qA#D|
z!hJzb_-}IrrhkWr{zk_YC%(c-)UJl6Ma!mcbvj&~#yN-UhH?ZQ3TPq4hTVQ$(?eJ6
zNfJ_K+VJDBXN=l!7{2}lq?-$`fq|e&PEONfZDU<_SM+s2_3$vT_yqV<R&KG=K{zS}
zKQF$?mYsg%vV|E_E=a*SL!`7*AeN6GMVDXC59yPgi$F2!7&8e}EyHVLwCm{i%<pN!
zdc`SbZK}JQj7?6K&|261iHrsnVjdhxu_l_NKs&yy#;#^%8?Jlg`wcTlNZ3urUtEYd
zsFE!K0}Eg39)z+J6mLW)#Kn<ok4*6AAE=n*vh*;TpgGnnM|npykFpO|a0`4#SjP^b
z2<JG#Qk^#3FeFS`0eooK9|wEmCcvRKI*~6mamFTd^UW9Eg4!J4N9qz*C$3a#F;Sad
zi#o9LaqNG5TsiT<`SDtY^`)zkYx$(C5;&K9#(Zj}HolT_st~#C`VS8q%#q1)HN+hT
zz9IjVUdZNIp@;b88oR`~DvQL_zmsBy>Gi{VY;MoTGr_)G9)ot$p!-UY5zZ2Xtbm=t
z@dpPSGw<TLTZo~Zyx(+AKWvR~{L4S^5I;5+QT9bcQ-4cC{QnLfRBf&Pov~kv@`W6V
zA|h{EGx|7msvR1t`a-jF$JZ>gH=QtIcEulQNI>S-#ifbnO5EWkI;$A|pxJd885oM+
zGZ0_0gDvG8q2xebj+fbCHYfAXuZStH2j~|d^sBAzo46(K8n59+T6rzBwK)^rfPT+B
zyIFw)9YC-V^rhtK`!3jrhmW-sTmM+tPH+;nwjL#-SjQPUZ53L@A>y*rt(#M(qsiB2
zx6B)dI}6Wlsw%bJ8h|(lhkJVogQZA&n<jl%@&gd%^X|lsDQwDHEiKLCz}r`kC^h0t
z(!vYS%C)Ku?w$ti5R##9jSkNC#5)Juc{8XfEhczdGQy8yNrZL6+d0~%V=N|iF{V)E
zLT(gH!$j8Mf(1>{?Vgs6gNSXzuZpEyu*xySy8ro07QZ7Vk1!3tJphN_5V7qOiyK8p
z#@jcDD8nmtYi1^l8ml;AF<#IPK?!pqf9D4moYk>d99Im}Jtwj6c#+A;f)CQ*f-hZ<
z=p_T86jog%!p)D&5g9taSwYi&e<jP@@Q_fbXtVO&n9{e#)jg+D#~q=hoZ<9PIa)>P
z#JuEK%+NULWus;0w32-SYFku#i}d~+{Pkho&^{;RxzP&0!RCm3-9K6`>KZpnzS6?L
z^H^V*s!8<>x8bomvD%rh>Zp3>Db%kyin;qtl+jAv8Oo~1g~mqGAC&Qi_wy|xEt2iz
zWAJEfTV%cl2Cs<1L&DLRVVH05EDq`pH7Oh7sR<WSzBWU(MxAIA&4v~INVdLKA><BK
zwCgTxJU0mM{;1UV<^ZRk0SQNNN(;SRZsH7^EDWVUu%^mFfvW{m5jOQuQWSy`f586I
zTj}Z4e5WsvkNmBd`TJdfe=^>`NNkL%wi}8n>IXcO40hp+J+sC!W?!krJf!GJNE8uj
zg-y~Ns-<~D?yqbzVRB}G>0A^f0!^N7l=$m0OdZuqA<e9rzV|ixGyk9uS=Vov2_ECA
z^Sd0M$B)O&tv@%@UmTb%ngcl58ED9TyFp$y4JjFU+g+9EWUl?am<e#4uCGy9Tmt)z
z2Y|kWUahugFHsF<J6o!<?X(Ncsy&Wg9<QLPD}g-`PWGHWDY5P6;<Y+5J1vz2Z|PSy
zBN?Q^NkxnWq>OQq<EC8_d&#T2smn`YINd-HF@)Op)pBRHnx+Q|Hsv_BpWAPsT1>Lc
zX?AEGr1Ht+inZ-Qiwnl@Z0qukd__a!C*CKuGdy5#nD7VUBM^6OCpxCa2A(X;e0&V4
zM&WR8+wErQ7UIc6LY~Q9x%Sn*Tn>>P`^t&idaOEnOd(Ufw#>NoR^1QdhJ8s`h^|R_
zXX`c5*O~Xdvh%q;7L!_!ohf$NfEBmCde|#uVZvEo>OfEq%+Ns7&_f$OR9xsihRpBb
z+cjk8LyDm@U{YN>+r46?nn{7Gh(;WhFw6GAxtcKD+YWV?uge>;+q#Xx4!GpRkVZYu
zzsF}1)7$?%s9g9CH=Zs+B%M_)+~*j3L0&Q9u7!|+T`^O{xE6qvAP?XWv9_MrZKdo&
z%IyU)$Q95AB4!#hT!_dA>4e@zjOBD*Y=XjtMm)V|+IXzjuM;(l+8aA5#Kaz_$rR6!
zj>#&^DidYD$nUY(D$mH`9eb|dtV0b{S>H6FBfq>t5`;OxA4Nn{J(+XihF(stSch<f
zIn>e7$es&~N$epi&PDM_N`As;*9D^L==2Q7Z2zD+CiU(|+-kL*VG+&9!Yb3LgPy?A
zm<g7T4Wx!m(zMlVE_2jX$1$$5DcfL6>7Z&^qRG_JIxK7-FBzZI3Q<;{`DIxtc48k>
zc|0dmX;Z=W$+)qE)~`yn6MdoJ4co;%!`ddy+FV538Y)j(vg}5*k(WK)KWZ3WaOG!8
z!syGn=s{H$odtpqFrT#JGM*utN7B((abXnpDM6w56nhw}OY}0TiTG1#f*VFZr+^-g
zbP10`$LPq_;PvrA1XXlyx2uM^mrjTzX}w{yuLo-cOClE8MMk47T25G8M!9Z5ypOSV
zAJUBGEg5L2fY)ZGJb^E34R2z<C?_X1)4xsl9%Z|w&L9k!F(V>J?}Vf>{~gB!8=5Z)
z9y$>5c)=;o0HeHHSuE4U)#vG&KF|I%-cF6f$~pdYJWk_dD}iOA>iA$O$+4%@>JU08
zS`ep)$XLPJ+n0_i@PkF#ri6T8?ZeAot$6JIYHm&P6EB=BiaNY|aA$W0I+nz*zkz_z
zkEru!tj!QUffq%)8y0y`T&`fuus-1p>=^hnBiBqD^hXrPs`PY9tU3m0np~rISY09>
z`P3s=-kt_cYcxWd{de@}TwSqg<T-v~${38)1dqT{JCO5}Gk$$yZP*X!5)RaGFqqkZ
zeHhqUgXb37$91~LS-3Zi29CKKki0sBTh7unqEK$%FG?oo$Sp>*xVhp;E9zCsnXo6z
z?f&Sv^U7n4`xr=mXle94HzOdN!2kB~4=%)u&N!+2;z6UYKUDqi-s6AZ!haB;@&B`?
z_TRX0%@suz^TRdCb?!vNJYPY8L_}&07uySH9%W^Tc&1pia6y1q#?*Drf}GjGbPjBS
zbOPcUY#*$3sL2x4v_i*Y=N7E<UbOmi3K%)5<dOJui+{^+b*shA_w8&X4_Icv*!}kT
zW@BG{C%f{(K^kE?tjU`Led*kAj6wB_3f*UyIEV0T9TyMo4`NS;oA7Ec+71eFa;K|G
zCyaKKi1bvX9fTLQ+uAgF*@ZR8fB%|JlT8A-jK$7FMyxW>$mR}J%|GUI(>WEr+28+V
z%v5{#e!UF*6~G&%;l*q*$V?&r$Pp^sE^i-0$+RH3ERUUdQ0>rAq2(2QAbG}$y{de(
z>{qD~GGuO<V3ijl7+~xmS#nUvH{qF0*%7G(r|}BSXsu}HwrFbXWzcYJouIY*34axA
z(n@XsPrv%6;|GSbkH9Og>k559Y@%$?N^1ApVL_a704>8OD%8Y%8B;FCt%AoPu8*D1
zLB5X>b}Syz81pn;xnB}%0FnwazlWfUV<Vu@5P52pgIa+J{M)H4nAC<>)Z-~rZg6~b
z6!9J$EcE&sEbzcy?CI~=boWA&eeIa%z(7SE^qgVLz??1Vbc1*aRvc%Mri)AJaAG!p
z$X!_9Ds;Zz)f+;%s&d<S0a>RcJt2==P{^j3bf0M=nJd&xwUGlUFn?H=2W(*2I2Gdu
zv!gYCwM10aeus)`RIZSrCK=&oKaO_Ry~D1B5!y0R=%!i2*KfXGYX&gNv_u+n9wiR5
z*e$Zjju&ODRW3phN925%S(jL+bCHv6rZtc?!*`1<n2%>TyYXT6%Ju=|X;6D@lq$8T
zW{Y|e39ioPez(pBH%k)HzFITXHvnD6hw^lIoUMA;qAJ^CU?top1fo@s7xT13Fvn1H
z6JWa-6+FJF#x>~+A;D~;VDs2<i>6>^oH0EI`IYT2iagy23?nyJ==i{g4%HrAf1-*v
zK1)~@&(KkwR7TL}L(A@C_S0G;-GMDy=MJn2$FP5s<%wC)4jC5PXoxrQBFZ_k0P<n-
z??iM<JF!BTjD>{{s@<jPT1+pTPdk3<izB+}jAtjokIz)aPR$L&4%}45Et}?jz0w{(
zC4G}+Nu0D*w=ay`v91hMo+V&V8q(a!`~K-2<yR0H)sK+mcY?TAaSS8F<Q+!pSc;`*
z*c@5)+ZpT%-!K3O=Z0(hI8LH7KqK>sz+gX`-!=T8rcB(=7vW}^K6oLWMmp(rwDh}b
zwaGGd>yEy6fHv%jM$yJXo5oMAQ>c9j`**}F?MCry;T@47@r?&sKHgVe$MCqk#Z_3S
z1GZI~nOEN*P~+UaFGnj{{Jo@16`(qVNtbU>O0Hf57-P>x8Jikp=`s8xWs^dAJ9lCQ
z)GFm+=OV%AMVqVATtN@|vp61VVAHRn87}%PC^RAzJ%JngmZTasWBAWsoAqBU+8L8u
z4A&Pe?fmTm0?mK-BL9t+{y7o(7jm+RpOhL9Kn<D3v{}Wpv2i&ghEZe;t&DmOA_QYc
zM+NIUU}=*bkxOJsLKV3e^oGG8rufTpa8R~7Iki1y+fC(UT;;{l19@qfxO@0^!xMA?
z#|<YBZ6;vAb>Y#E&qu^}B6=K_dB}*VlSEiC9fn)+V=J;OnN)Ta5v66ic1rG+dGAJ1
z1%Zb_+!$=tQ~lxQrzv3x#CPb?CekEkA}0MYSgx$Jdd}q8+R=ma$|&1a#)TQ=l$1tQ
z=tL9&_^vJ)Pk}EDO-va`UCT1m#Uty1{v^A3P~83_#v^ozH}6*9mIjIr;t3Uv%@VeW
zGL6(CwCUp)Jq%G0bIG%?{_*Y#5IHf*5M@wPo6A{$Um++Co$wLC=J1aoG93&T7Ho}P
z=mGEPP7Gb<mBTnJH7dKM2CB)0*o-AW2E4i5R+rHU%4A2BTVwOqj4zmJqsb|5^*{DT
zv^HFARK6@^_1|vU{>voG!uD$k(H3A$Z))+i{Hy?QHdk>3xSBXR0j!11O^mEe9RH<y
zF3MI;^J1vHI9U>mw!pvzv?Ua~2_l2Yh~_!s1qS`|0~0)<BWX>YsbHSz8!mG)WiJE|
z2<APmuYD%tKwB@0u<C~CKyaC}XX{?mylzkDSuLMkAoj?zp*zFF7q515SrGD~s}ATn
z`Ded41yk>f($6TQtt6L_f~ApQYQKSb=`053LgrQq7G@98#igV>y#i==-nEjQ!XNu9
z<h*hnP2Pol+z>~;mE+gtj4IDDNQJ~JVk5Ux6&LCSFL!y=>79kE9=V}J7tD==Ga+IW
zX)r7>VZ9dY=V&}DR))xUoV!u(Z|%3ciQi_2jl}3=$Agc<a_3#EUXJj<z2jVv6VHGT
zV^v1FiRwA!kPmt}m$qdr&9#-6{QeZqtM3|tRl$sws3Gy`no`Kj@X-)O(^sv>(`RPb
z8kEBpvY>1FGQ9W$n>Cq=DIpski};nE)`p3IUw1Oz0|wxll^)4dq3;CCY@RyJgFgc#
zKouFh!`?Xuo{IMz^xi-h=StCis_M7y<P{h0$_I#EukRYag9%BMRXh|%Xl7C<>q$u)
z?XHvw*HP0VgR+KR6wI)jEMX|ssqYvSf*_3W8zVTQzD?3>H!#>InzpSO)@SC8q*ii-
z%%h}_#0{4JG;Jm`4zg};BPTGkYamx$Xo#O~lBirRY)q=5M45n{GCfV<Kqrcu9<z@R
zSE>7h9qwyu1NxOMoP4)jjZMxmT|IQQh0U7C$EbnMN<3)Kk?fFHYq$d|ICu>KbY_hO
zTZM+uKHe(cIZfEqyzyYSUBZa8;Fcut-GN!HSA9ius`lt<SmSV9vasBl&hE7ciOunD
z?%e1Hl-5B3e+<+8CD{j5U*D3h89nV<zn^0g+t=uRKgZiGu)3h;vu#^y`HqWe_=jGm
zW2p}*n<!QH%pQ2EV`&z|LD#BOpj0QS9R5#$q}3&-+@GL4F^wO-bcSo|J^I_{LATPF
z2$`fUCOO=XxYVD!<7Yz4te$d-_>NebF46ZX_BbZNU}}ZOm{M2&nAN<H$fJIKS=j8q
zwXlN!l^_4>L9@0qvih15(|`S~z}m&h!u4x~(%MAO$jHRWNfuxWF#B)E&g3ghSQ9|>
z(MFaLQj)NE0lowyjvg8z0#m6FIuKE9lDO~Glg}nSb7`~^&#(Lw{}GVOS>U)m8bF}x
zVjbXljBm<v)#bs=9p`s>34Cs-yM6TVusr+3kYFjr28STT3g056y3cH5Tmge~ASxBj
z%|yb>$eF;WgrcOZf569sDZOVwoo%8>XO>XQOX1OyN9I-SQgrm;U;+#3OI(zrWyow3
zk==|{<m8xZ#>lt2xrQ%FIXOTejR>;wv(Pb8u8}BUpx?yd(Abh<shPyABw|Ens8m6@
zIg($GO4)<g4x5icbki?U&2%56@tYd`zRs}Nk6R~4!AjVAihB3r8oDhQ8f)v^r}|(y
z4B&Q<ARRqYXKQGAeJa_KHe`)04jUO~B=%q#SUlU@pU?apz0v{Al@s`Cvzo)u;2>6?
zsoO3VYWkeLnF43&@*#MQ9-i-d0t*xN-UEyNKeyNMHw|A(k(_6QKO=nKMCxD(W(Yop
zsRQ)QeL4X3Lxp^L%wzi2-WVSsf61dqliPUM7srDB?Wm6Lzn0&{*}|IsKQW;02(Y&|
zaTKv|`U(pSzuvR6Rduu$wzK_W-Y-7>7s?G$)U}&uK;<>vU}^^ns@Z!p+9?St1s)dG
zK%y6xkPyyS1$~&6v{kl?Md6gwM|>mt6Upm>oa8RLD^8T{0?HC!Z>;(Bob7el(DV6x
zi`I)$&E&ngwFS@bi4^xFLAn`=fzTC;aimE^!cMI2n@Vo%Ae-ne`RF((&5y6xsjjAZ
zVguVoQ?Z9uk$2ON;ersE%PU*xGO@T*;j1BO5#TuZKEf(mB7|g7pcEA=nYJ{s3vlbg
zd4-DUlD{*6o%Gc^N!Nptgay>j6E5;3psI+C3Q!1ZIbeCubW%w4pq9)MSDyB{HLm|k
zxv-{$$A*pS@csolri$Ge<4VZ}e~78JOL-EVyrbxKra^d{?|NnPp86!q>t<&IP07?Z
z^>~IK^k#OEKgRH+LjllZXk7iA>2cfH6+(e&9ku5poo~6y{GC5>(bRK7hwjiurqAiZ
zg*DmtgY}v83IjE&AbiWgMyFbaRUPZ{lYiz$U^&Zt2YjG<%m((&_JUbZcfJ22(>bi5
z!J?<7AySj0JZ&<-qXX;mcV!f~>G=sB0KnjWca4}vrtunD^1TrpfeS^4dvFr!65knK
zZh`d;*VOkPs4*-9kL>$GP0`<?hW@{z#_gXtp%=2VbN+$~z+M($Vf(dl@)t-*82<$(
zHi{FrD1wO9L~*Rc0{A2WU%f?ar(T9V1JpQ?M0Q|&{UES|#Z~k2-mj@z)8Rw^(XeYc
zomT(B0EF!##4dQq_*NN<%Bo5)&+gCXSGZo`b>(M!j~B;#x?Ba<KDM~HJ!|Zzy=p2e
z8;av`GLw{_*RgO(W|UK-<iDeT!t_x1c=M3%wGk|fDk<e0lLe8-5ga6apKYJD`*a3G
zBl?Ps)hDb7X`7bW5S=IHr0Mm?fr|$zCf+gmZUrit$5n+)JZG>~&s6CopvO86oM?-?
zOw#dIRc;6A<R&%m3DDJhF+|tb*0Yw8mV{a-bf^E~gh66MdsMHkog<r9`fVIVE+h@O
zi)iM`rmA-Fs^c=>6T?B`Qp%^<<Dyu<%Kg0H=lq;E!p&UHzSpD1)q%^v)Y8yQkp>U5
z19x(ywSH$_N+Io!6;e?`tWaM$`=D<O;$E>b!gzx|lQ${DG!zb1Zl&|{kX0y6xvO1o
z220r<-oaS^^R2pEyY;=Qllqpmue|5yI~D|iI!IGt@iod{Opz@*ml^w2bNs)p`M(Io
z|E;;m*Xpjd9l)4G#KaWfV(t8YUn@A;nK^#xgv=LtnArX|vWQVuw3}B${h+frU2>9^
z!l6)!Uo4`5k`<<;E(ido7M6lKTgWezNLq>U*=uz<KVOwgK<qq^3FEy1LAV}ep3|Zt
z>&s=cc$1%>VrAeOoUtA|T6gO4>UNqsdK=NF*8|~*sl&wI=x9-EGiq*aqV!(VVXA57
zw9*o6Ir8Lj1npUXvlevtn(_+^X5rzdR>#(}4YcB9O50q97%rW2me5_L=%ffYPUSRc
z!vv?Kv>dH994Qi>U(a<0KF6NH5b16enCp+mw^Hb3Xs1^tThFpz!3QuN#}KBbww`(h
z7GO)1olDqy6?T$()R7y%NYx*B0k_2IBiZ14&8|JPFxeMF{vSTxF-Vi3+ZOI=Thq2}
zyQgjYY1_7^ZQHh{?P))4+qUiQJLi1&{yE>h?~jU%tjdV0h|FENbM3X(KnJdPKc?~k
zh=^Ixv*+smUll!DTWH!jrV*wSh*(mx0o6}1@JExzF(#9FXgmTXVoU+>kDe68N)dkQ
zH#_98Zv$}lQwjKL@yBd;U(UD0UCl322=pav<=6g>03{O_3oKTq;9bLFX1ia*lw;#K
zOiYDcBJf)82->83N_Y(J7Kr_3lE)hAu;)Q(nUVydv+l+nQ$?|%MWTy`t>{hav<vVD
zHx;qQ>FSQloHwiIkGK9YZ79^9?AZo0ZyQlVR#}lF%dn5n%xYksXf8gnBm=wO7g_^!
zauQ-bH1Dc@3ItZ-9D_*pH}p!IG7j8A_o<ZOCWxl^<k=*NA9oUpW$0D`yCb}VfC~vb
z4IkfiRDM@RHlIGG_SRrrd~6$XYP~2Y^<fekveOOZRCv69S{4_se`>94#~>$LR|TFq
zZ-b00*nuw|-5C2lJDCw&8p5N~Z1J&TrcyErds&!l3$eSz%`(*izc;-?HAFD9AHb-|
z>)id`QCrzRws^9(#&=pIx9OEf2rmlob8sK&xPCWS+nD~qzU|qG6KwA{zbikcfQrdH
z<yJStD<g^`?^d44p$8FFXwD2dL810^xg@~^x$C_H#3NSLs8fBVu~K)3BMKCOp^;|&
zKPz+s!|fXFr%*`Dg*#A{!QB-jnah3y4$Pe0L2%RM)706&eqyFTNAO2gMd<bcjBp>+
zQg>O<`K4L8rN7`GJB0*3<3`z({lWe#K!4AZLsI{%z#ja^OpfjU{!{)x0ZH~RB0W5X
zTwN^w=|nA!4PEU2=LR05x~}|B&ZP?#pNgDMwD*ajI6oJqv!L81gu=KpqH22avXf0w
zX3HjbCI!n9>l046)5rr5&v5ja!xkKK42zmqHzPx$9Nn_MZk`gLeSLgC=LFf;H1O#B
zn=8|^1iRrujHfbgA+8i<9jaXc;CQBAmQvMGQPhFec2H1knCK2x!T`e6soyrqCamX%
zTQ4dX_E*8so)E*TB$*io{$c6X)~{aWfaqdTh=xEeGvOAN9H&-t5tEE-qso<+C!2>+
zskX51H-H}#X{A75wqFe-J{?o8Bx|>fTBtl&tc<VVc3-U5wTq>bdR|<Uon(X?ZiT<<
zWC=zLEjacGDZ|?>132Ztqu5X0i-pisB-z8n71%q%>EF}yy5?z=Ve`}hVh{Drv1YWL
zW=%ug_&chF11gDv3D6B)Tz5g<uwqk#dj|RK7gNl@*lm*xHRBk*7MnT4(@7VIDfO0u
zB?1X+)GR^0j1A{Q#WUmQX%LN=W?aGzO$5=2@yxjXBzxbGO*{DYkV!aJ!$~-FNzvt;
z?r)HU;0!4T-%vWzAiHJ?*-ivIq!#dErMvhpJJ^QyZ5n0qmMn+}I>54H0mDHNj<FD1
z&CIP+ZDDy<;b2`JW=0_p9c4p<zwE30JFgdhO2HQiMRBb%Y9ZJ>uKZ+)CKFk4Z|$RD
zfRuKLW`1B>B?*RUfVd0+u8h3r-{@fZ{k)c!93t1b0+Q9vOaRnEn1*IL>5Z4E4dZ!7
ztp4GP-^1d>8~LMeb}bW!(aAnB1tM_*la=Xx)q(I0Y@__Zd$!KYb8T2VBRw%e$iSdZ
zkwdMwd}eV9q*;YvrBFTv1>1+}{H!JK2M*C|TNe$ZSA>UHKk);wz$(F$rXVc|sI^lD
zV^?_J!3cLM;GJuBMbftbaRUs$;F}HDEDtIeHQ)^EJJ1F9FKJTGH<(Jj`phE6OuvE)
zqK^K`;3S{Y#1M@8yRQwH`?kHMq4tHX#rJ>5lY3DM#o@or4&^_xtBC(|JpGTfrbGkA
z2Tu+AyT^pHannww!4^!$5?@5v`LYy~T`qs7SYt$JgrY(w%C+IWA;ZkwEF)u5sDvOK
zGk;G>Mh&elvXDcV69J_h02l&O;!{$({fng9Rlc3ID#tmB^FIG^w{HLUpF+iB`|<Dd
z$~}?*yaE3d3m&(}pR(IuL%&h+j{wz$6(l^GO8O{^N!08Gnw7N>NnX)EH+Nua)3Y(c
z&{(nX_ht=QbJ%DzAya}!&uNu!4V0xI)QE$SY__m)SAKcN0P(&JcoK*Lxr@P<Bj^D-
zi(H(l^zsWRcIm}YCou&G1we!7IMt1dAI3MKk4-3tybIvwniaUWp=||&s9lB&iptb>
zY&P=}&B3*UWNlc|&$Oh{BEqwK2+N2U$4WB7Fd|aIal`FGANUa9E-O)!gV`((ZGCc$
zBJA|FFrl<?%m-}hcKbonJcfriSKJrE#oY4SQUGFcnL~;J2>g~9OBp#f7aHodCe{6=
zay$6vN~zj1ddMZ9gQ4p32(7wD?(dE>KA2;SOzXRmPBiBc6g`eOsy+pVcHu=;Yd8@{
zSGgXf@%sKKQz~;!J;|2fC@emm#^_rnO0e<D`xKOl)v&1gxhN0@LroTIseY?HHF`U$
zRCxyayrK2fk|YppMxAKP{J=gze_dhnAkmEFp<%l9vvc1zcx#Lz*hP4TNeag4(W!Be
zM4c#}`np`hRl02rJ50(%WD@_u_Qk1TUrpL44g>sEn^QxXgJYd`#FPWOUU5b;9eMAF
zZhfiZb|gk8aJIw*YLp4!*(=3l8Cp{(%p?ho22*vN9+5NLV0TTazNY$B5L6UKUrd$n
zjbX%#m7&F#U?QNOBXkiiWB*_tk+H?N3`vg;1F-I+83{M2!8<^nydGr5XX}tC!10&e
z7D36bLaB56WrjL&HiiMVtpff|K%|*{t*ltt^5ood{FOG0<>k&1h95qPio)<rMG98B
zE?gDMmn^Zo(`Ek7uvNsnUgUfUfwFF7?z~>2`eL${YAGIx(b4VN*~nKn6E~SIQUuRH
zQ+5zP6jfnP$S0iJ<xI2U>@~t!Ai3o`X7biohl<ds?PbGDArmkAV12ldkGzY{P*80E
zF=Wk3w#9|J1dAeV)Rlk?%L=ol!+m5%A|(KP`fR=nD^&iHT@Z5DaZ(w0hqfh|V>i;E
zT#yXyl{bojG@-TGZzpdVDXhbmF%F9+-^YSIv|<!(knL3!Z+}F~)r$<ET0f@9KVjok
zfvU`%FUbk|yAc)S0rB`JBWTLd7hPAAqP2ltlwee5T}#_Gpbl80w-LA;|BD>MT1l3j
zrxOFq>gd2%U}?6}8mIj?M<N%?8n+3Rx8(2-`*c@op88}5-iqw*PHkqnj$k8#t^|g>
zc077Zc9fq(-)4+gXv?Az26IO6eV`RAJz8e3)SC7~>%rlzDwySVx*q$ygTR5kW2ds-
z!HBgcq0KON9*8Ff$X0wOq$`T7ml(@TF)VeoF}x1OttjuVHn3~sHrMB++}f7f9H%@f
z=|kP_?#+fve@{0MlbkC9tyvQ_R?lRdRJ@$qcB(8*jyMyeME5ns6ypVI1Xm*Zr{DuS
zZ!1)rQfa89c~;l~VkCiH<d?V{)&8(@3=6jm=fW<)H`CSQ9+iNwDH;4S!Xw4H9nux4
zKNscQ&OV9zHF_+cIJ=X)qIF;(!)}sl`hhO)dHz6nA0^W{a9q1^gzxvh-bS1(N273|
zq;PSR{n|+%3`+}9Q7}{mC7k)HXlUhkBKH%A@-sEx!4Mlk=^P1dtF=-lC3U?55B}ez
z`Fd)kItC)!X+F!>I|PCBd`S*2RLNQM8!g9L6?n`^evQNEwfO@&JJRme+uopQX0%Jo
zgd5G&#&{nX{o?TQwQvF1<^Cg3?2co;_06=~Hcb6~4XWpNFL!WU{+CK;>gH%|BLO<b
zgJpht0ltX3sE2RJAUcld5MW}&%<sw};dL~bdZ0?zVg~mRcaNBgUZe;8@DKXRQmlOf
zAIhHBNh=}LzcTdUnfgd6#GEx350bi`lb)LaBso2CW!*0Xe!UJNwIWeg)QXy=e3bwZ
zIJ8=;u}r&BGoF;ftQ-dJ!kBp#;lHIlNwC)v?OHP&#Mh~B%=jdgWQCSqpANGQEkG%n
zM?zk5@$%!-gPc55s943P-Mv1>h7@!hsa(>pNDAmpcuVO-?;Bic17R}^|6@8DahH)G
z!EmhsfunLL|3b=M0MeK2vqZ|OqUqS8npxwge$w-4pFVXFq$_EKrZY?BuP@Az@(k`L
z`<G71X#W|!P3Z{wEvg5Ob7@MbwprRM&*~yi*+R-9I8&p-;yM=Q)z$bTY1}y<i9f;W
zGBCz3n1=6)vV6bV+;GN8E|c1rg49&nk_(FLVA<i_4OxA`vE>ViQBSk`y+YwRT;&W|
z2e3UfkCo^uTA4}Qmmtqs+nk<f8_TTXgg$0%V(GO^t)<!()wOU}JKa$=7V(Fd-u5kW
zfKQU%n`CZ_1jFoAu|=do)|56^VkbaXtt)NlpAubGIJ@ET@k0K*McoNg@OCSSeKJ`(
z*rHh**zg=F3rmZ2ux+4MzedRxj4$W0VqcP)lO*|#;Iw4z!Gidd%|ry%SN>#gNr2W4
zTH%hhErhB)pkXR{B!q5P3-OM+M;qu~f>}IjtF%>w{~K-0*jPVLl?Chz&zIdxp}bjx
zStp&Iufr58FTQ36AHU)0+CmvaOpKF;W@sMTFpJ`j;3d)J_$tNQI^c<^1o<49Z(~K>
z;EZTBaVT%14(bFw2ob@?JLQ2@(1pCdg3S%E4*dJ}dA*v}_a4_P(a`cHnBFJxNobAv
zf&Zl-Yt*lhn-wjZsq<9<PjKts@j|?j*H<KG_l+Ikza{2Tyz(8wgaT$KKCTR@fUFh?
z9>v-IsXxAxMZ58C@e0!rzhJ+D@9^3~?~yllY^s$?&oNwyH!#~6x4gUrfxplCvK#!f
z$viuszW>MFEcFL?>ux*((!L$;R?xc*myjRIjgnQX7<gW>9@UPD$6Dz0jutM@7h_pq
z0Zr)#O<^y_K6jfY^X%A-ip>P%3saX{!v;fxT-*0C_j4=UMH+Xth(XVkVGiiKE#f)q
z%Jp=JT)uy{&}Iq2E*xr4YsJ5>w^=#-mRZ4vPXpI6q~1aFwi+lQcimO45V-JXP;>(Q
zo={U`{=_JF`EQj87Wf}{Qy35s8r1*9Mxg({CvOt}?Vh9d&(}iI-quvs-rm~P;eRA@
zG5?1HO}puruc@S{YNAF3vmUc2B4!k*yi))<5BQmvd3tr}cIs#9)*AX>t`=~{f#Uz0
z0&Nk!7sSZwJe}=)-R^$0{yeS!V`Dh7w{w5rZ9ir!Z7Cd7dwZcK;BT#V0bzTt>;@Cl
z#|#A!-IL6CZ@eHH!CG>OO8!%G8&8t4)Ro@}USB*k>oEUo0LsljsJ-%5Mo^MJF2I8-
z#v7a5VdJ-Cd%(a+y6QwTmi+?f8Nxtm{g-+WGL>t;s#epv7ug>inqimZCVm!uT5Pf6
ziEgQt7^%xJf#!aPWbuC_3Nxfb&CFbQy!(8ANp<Dkrrv&eXZOx^ui15L`|GC6Zo9J8
zt4l&YYgkq79`qbC=O@Wu>kWLI4oSnH?Q3f?0k1t$3d+lkQs{~(>06l&v|MpcFsyAv
zin6N!-;pggosR*vV=DO(#+}4ps|5$`u<dyVk_IJiOQUOA<$>dE%Kdmp?G7B#y%<bi
zGVk-OWo?nx8M9(n3)OkC>H`R|i8skKOd9Xzx8xgR$>Zo2R2Ytktq^w#ul4uicxW#{
zFjG_RNlBroV_n;a7U(KIpcp*{M~e~@>Q#Av90Jc5v%0c>egEdY4v3%|K1XvB{O_8G
zkTWLC>OZKf;XguMH2-Pw{BKbFzaY;4v2seZV0>^7Q~d4O=AwaPhP3h|!hw5aqOtT@
z!SNz}$of**Bl3TK209@F=T<Nh*u*7J=P_EEnnD=hbiG0v_)iQwN<!vDIogn=iGRs3
zt_h!RUdkzWHMpc*d}k%tjHimct$!p&AH8pRZ+FJo|9w~+h(n#lp$57vBXGLddx*%@
z5%Aj-8?hH;TIkF9$}Pwu0)KjO*p&uKv6>n1+mgZa8yh(Png%Zd6Mt}^NSjy)etQrF
zme*llAW=N_8R*O~d2!apJnF%(JcN??=`$qs3Y+~xs>L9x`0^NIn!8mMRFA_tg`etw
z3k{9J<p4JZCS-C}49WuHGGruT=x>Ajnl@ygIiJcNHTy02GMAvBVqEss&t2<2mnw!;
zU`J)0>lWiqVqo|ex7!+@0i>B~BSU1A_0w#Ee+2pJx0BFiZ7RDHEvE*ptc9md(B{&+
zKE>TM)+Pd>HEmdJao7U@S>nL(qq*A)#eLOuIfA<xx)>S@j`_sK0UEY6OAJJ-kOrHG
zjHx`g!9j*_jRcJ%>CE9K2MVf?BUZKFHY?EpV6ai7sET-tqk=nDFh-(65rhjtlKEY%
z@G&cQ<5BKatfdA1FKuB=i>CCC5(|9TMW%K~GbA4}80I5%B}(gck#Wlq@$nO3%@QP_
z8nvPkJFa|znk>V92cA!K1rKtr)skHEJD;k8P|R8RkCq1Rh^&}Evwa4BUJz2f!2=MH
zo4j8Y$YL2313}H~F7@J7mh>u%556Hw0VUOz-Un@ZASCL)y8}4XXS`t1AC*^>PLwIc
zUQok5PFS=*#)Z!3JZN&eZ6ZDP^-c@StY*t20JhCnbMxXf=LK#;`4KHEqMZ-Ly9KsS
zI2VUJGY&PmdbM+iT)zek)<hjl_Ql0Z<Zn_qAb)m1SGqs~RuzvnShAB@_vF{e+592q
z$DB!xBIZfcH*9&k=wlV*!)l9TjLaF6{FU=1emb_fuvC;885YA6nM5}UqhPTc%&*tY
z3h;oOpGO3Hx+t7EjPYfzaZ}+D=ndS&SDnV=GA-}a=$GiNOi~a`1gJao%JzT9!|NX9
z<CC9{n}y#@=&Y6rk@_w$wqbKs!E-bTFZW}3bqJ;f!@40M^ykqGs3;>#Qc#_i4uH43
z@T5SZBrhNCiK~~esjsO9!qBpaWK<`>!-`b71Y5R<QKZFC;tbrvH*7OQFB+SCa^&~y
zposW2PUqn>eXQ4AJU~T<enI;Gq30%Z%SsfHco3Z`w^cm#%0^~onRV&P&#QErx)JwE
z+PM!k!qYC}ESrBrHoDQz*X1YmFa#(SZW<AV$!J0LWu4IDbZ2bw=%%Iq9Hg*REoc?;
z{E60bn(-sNYKAv{(YDGA5Ne~oOSP*!BJYblyeWN+CVy8q4{fMj;2#8%D!ii%2bR=s
z%l;FFHzQ~S|A8UKuFT*34q|LzMc~~o#;)Kw9DtS!bp3JQi_@L6HQjXe7-;AjHEUja
z>2Njri1CEp5oKw;Lnm)-Y@Z3sEY}X<ceQi^_CPpPY_VEPYF+%Om#`r)SPUG}UXq2Y
zpr9=;`h)oB6MR*Xk2Eh4r7Hb|{>IgSy%xo=uek(kAAH5MsV$V3uTUsoTzxp_rF=tx
z<QsYQ(;?5S(qGqiH7>V07vlJNKtJhCu`b}*#m&5LV4TAE&%KtHViDAdv#c^x`J7bg
z&N;#I2GkF@SIGht6p-V}`!F_~lCXjl1BdTLIjD2hH$J^YFN`7f{Q?OHPFEM$65^!u
zNwkelo*5+$ZT|oQ%o%;rBX$+?xhvjb)SHgNHE_yP%wYkkvXHS{Bf$OiKJ5d1gI0j<
zF6N}Aq=(WDo(J{e-uOecxPD>XZ@|u-tgTR<972`q8;&ZD!cep^@B5CaqFz|oU!iFj
zU0;<Kr(xN%j}{P50=dczD~4jn(p0D1`)Q|ld@m)3cU?5-DDA%Lq4Vd2?$jcNa3@4}
zt0;5Pk0HJXk<P(S=!%ZtD121Ne##d}^nRI9>6fQX&~15E53EW&w1s9gQQ~Zk16X%6
zjG`j0yq}4deX2?Tr(03kg>C(!7a|b9qFI?jcE^Y>-VhudI@&LI6Qa}WQ>4H_!UVyF
z((cm&!3gmq@;BD#5P~0;_2qg<pD9=9nXg$TuH}wQh9<MTT}D~YJ$+K3jbd)SV}wix
zf+zmLDPNc@nH3C;GngJH(K9z-$bm-ym&hXvg&{t=h}^v&Zpkgh>ZhtJS|>WdtjY=q
zLnHH~Fm!cxw|Z?Vw8*~?I$g#9j&uvgm7vPr#&iZgPP~v~BI4jOv;*OQ?jYJtzO<^y
z7-#C={r7CO810!^s(MT!@@Vz_SVU)7VBi(e1%1rvS!?PTa}Uv`J!EP3s6Y!xUgM^8
z4f!fq<3Wer_#;u!5ECZ|^c1{|q_lh3m^9|nsMR1#Qm|?4Yp5~|e<cTgyd3~1T9l&*
zeQ01<P2U~{V&q4>r2?W^7~cl;_r4WSme_o68J9p03~Hc%X#VcX!xAu%1`R!dfGJCp
zV*&m47>s^%Ib0~-2f$6oSgn3jg8m%UA;ArcdcRyM5;}|r;)?a^D*lel5C`V5G=c~k
zy*w_&BfySOxE!(~PI$*dwG><<WF75p<o9EVVze~dTW<Z_^0lybcm7u?o5{_6x)ND;
zb8GQ#!>+-%KT5p?whOUMA*k<9*gi#T{h3DAxzAPxN&Xws8o9Cp*`PA5>d9*Z-ynV#
z9yY*1WR^D8|C%I@vo+d8r^pjJ$>eo|j>XiLWvTWLl(^;JHCsoPgem6PvegHb-OTf|
zvTgsHSa;BkbG=(NgPO|CZu9gUCGr$8*EoH2_Z#^BnxF0yM~t`|9ws_xZ8X8iZYqh!
zAh;HXJ)3P&)Q0(&F>!LN0g#bdbis-cQxyGn9Qgh`q+~49Fqd2epikEUw9ca<Icy-f
zOt40c5j7j)$)tP9?uvS*(MhNoK9DyuR}iw#hq(_Yg;FQNx_fxU*Eu(iTCigNUM7t<
z>M%V6WgP)532RMRW}8gNS%V%Hx7apSz}tn@bQy!<=lbhmAH=FsMD?leawbnP5BWM0
z5{)@EEIYMu5;u)!+HQ<i|FmCtfdneL-c-Zq4Plvb%6L#`yCeba4_fn4B8J3*R<jzl
zfvYN4K`&;0Sxn>WhQ;D3_Cm_NADNeb-f56}<{41aYq8p4=93d=-=q0Yx#knGYfXVt
z+kMxlus}t2T5FEyCN~!}90<Qw*O-2+V!RyNwDJ!D4}()%&9a2ilTUH&u5D!U%eI_q
zx}xGi`t`GnBsEW*ontVcR-ikx88LbjAhe<X@Zi_w7Y34lxFFrZ2Q&%wKjDtka2LVK
zHc8~1#H%sr<^E7ZD2HEuJ^9vl!WfP^A{M0b1kd0=9ymV8H)Sd)K8ApeV;=DNu1w7T
zq3y-B$08B=*qJh`RBSq*hM$V1Wi(wSS$C7SwYBw1{q+D%@|+@4!e&J2mmVQuQ$1nJ
zGVp>O_X@@PQpuy;kuGz@bWft%diBTx?d)_xWd_-(!LmVrh**oKg!1CNF&LX4{*j|)
zIvjCR0I2UUuuEXh<9}oT_zT#jOrJAHNLFT~Ilh9hGJPI1<5`C-WA{tUYlyMeoy!+U
zhA#=p!u1R7DNg9u4|QfED-2TuKI}>p#2P9--z;Bbf4Op*;Q9LCbO&aL2i<0O$ByoI
z!9;Ght733FC>Pz>$_mw(F`zU?`m@>gE`9_p*=7o=7av`-&ifU(^)UU`Kg3Kw`h9-1
z6`e6+im=|m2v`pN(2dE%%n8YyQz;#3Q-|x`91z?gj68cMrHl}C25|6(_dIGk*8cA3
zRHB|Nwv{@sP4W+Y<?>ZM)VKI>R<dU=sQkg7!lDS83Q3{+&sk$J+O!cATJ_o5Pb&W_
z)bdtK2>lB`n=Oj~Rzx~M+Khz$N$45rLn6k1nvvD^&HtsMA4`s=MmuOJID@$s8Ph4E
zAmSV^+s-z8cfv~Yd(40Sh4JG#F~aB>WFoX7ykaOr3JaJ&Lb49=B8Vk-SQT9%7TYhv
z?-Pprt{|=Y5ZQ1?od|A<_IJU93|l4oAfBm?3-wk{O<8ea+`}u%(kub(LFo2zFtd?4
zwpN|2mBNywv+d^y_8#<$r>*5+$wRTCygFLcrwT(qc^n&@9r+}Kd_u@Ithz(6Qb4}A
zWo_HdBj#V$VE#l6pD0a=NfB0l^6W^g`vm^sta>Tly?$E&{F?TTX~DsKF~poFfmN%2
z4x`Dc{u{Lkqz&y!33;X}weD}&;7p>xiI&ZUb1H9iD25a(gI|`|;G^NwJPv=1S5e)j
z;U;`?n}j<Q^Xq~o28<9wN;wOTm1lpjZMh*aUX(~T_Y3#ZnG~Ye&HG?FC8<&_!tool
z+@`jls~3x-4`e?M70izyrpLQDV~@R;Ddqa8ubupC&5hxJ!0Qn2&@6(rv>nY6rA{V^
zxTd{bK)Gi^odL3l989DQlN+Zs39Xe&otGeY(b5>rlIqfc7Ap4}EC?j<{M=hlH{1+d
zw|c}}yx88_xQr`{98Z!d^FNH77=u(p-L{W6RvIn40f-BldeF-YD>p6#)(Qzf)lfZj
z?3wAMtPPp>vMehkT`3gToPd%|D8~4`5WK{`#+}{L{jR<c)T{dJNa_2~nx}yzR>UMt
zrFz+O$C7y8$M&E4@+p+o<?<4i!4ikchlAhrd(TAazwXC#eTotZ4)SbD2SX9vq+(V^
zQt>V5c%uYzbqd2Y%SSgYy#xh4G3hQv>V*BnuKQhBa#=o<cI|?w3{ulWOpdl|%RYTA
zSx@6KnTs$R(CM2sHs-QJn!^oj_3M4<ToCw0Dysc#3eTjWBJ-T+adb-$?`_4mF<8?g
zSKY1V7KhH!;LK22fSg)B*<uJ7m~6W3CUps0^d9*o2V_Gub>ZB~w{azUB+q%bRe_R^
z>fHBilnRTUfaJ201czL8^~Ix#+qOHSO)A|xWLqOxB$dT2W~)e-r9;bm=;p;RjYahB
z*1hegN(VKK+ztr~h1}YP@6cfj{e#|sS`;3tJhIJK=tVJ-*h-5y9n*&cYCSdg#EHE#
zSIx=r#qOaLJoVVf6v;(okg6?*L_55atl^W(gm^yjR?$GplNP>BZsBYEf_>wM0Lc;T
zhf&gpzOWNxS>m+mN92N0{;4uw`P+9^*|-1~$<g_U{SU`H<rGXK<wL9(P>uXpggj4-
z^SFc4`uzj2OwdEVT@}Q`(^EcQ_5(ZtXTql*yGzdS&vrS_w<Vq*ng}zPHZxXbJ~5By
z5q!Q1MEDSMNOWX9zY-~b`9@lU+AIe>>~~ra|Nb5abwf}Y!uq6R5f&6g2ge~2p(%c<
z@O)cz%%rr4*cRJ5f`n@lvHNk@lE1a*96Kw6lJ~B-XfJW%?&-y?;E&?1AacU@`N`!O
z6}V>8^%RZ7SQnZ-<!aS@7Sy5FdEA^NVBSolPfAv!POl_VDW*<OY|VOa1x+Nt4h}kC
zF5f5bMcr5zsZz*#rv_qyg5_y;>z$(jsX`amu*5Fj8g!3RTRwK^`2_QH<oOlcTv0T*
zq^FmDESBJUwy8>e;_2y_n|6gSaGyPmI#kA0sYV<_qOZc#-2BO%hX)f$s-Z3xlI!ub
z^;3ru11DA`4heAu%}HIXo&ctujzE2!6DIGE{?Zs>2}J+p&C$rc7gJC<HidCCr+8PF
zWiTVZ>35gxhflorvsb%sGOxpuWhF)dL_&7&Z99=5M0b~Qa;Mo!j&Ti_kXW!86N%n=
zSC@6Lw>UQ__F&+&Rzv?gscwAz8IP!n63>SP)^62(HK98nGjLY2*e^OwOq`3O|C92?
z;TVhZ2SK%9AGW4ZavTB9?)mUbOoF`V7S=XM;#3EUpR+^oHtdV!GK^nXzCu>tpR|89
zdD{fnvCaN^^LL%amZ^}-E+214g&^56rpdc@yv0b<3<Gcz@z*K79?oK~*UzGlKFJXT
z{XOryj|k?!nDS(G1LtLxYD^Cq?c?_!zYn!x^#tLjQ6=Wb!)yrQsQW$6U<7{9%v7a-
zv*ocK5QN4V3`xVyd7lYi<tse4LzLtbxdam8l#%xfBL@jXus_3m`H&T(SG4<1{Xtfu
zMb*~2c3zevaj8sJ+%2=tK7#q$!xF@Xc_%7Ws0|ayo4RjQhmCcKBx<ij=1uikr$^Pt
z9|pP=(@t-<MX5uDFk4~}Y&YCR_($i(L2tZ?=zYb8^M2`}T)&sKMTvyh6Hf2vk#&E}
zXFWd3BT@?-Qm?6K=3M(cZ#LOR`xDd$o~J$T>}Ys?)f|fXN4oHf$six)-@<;W&&_kj
z-B}M5U*1sb4)77aR=@%I?|Wkn-QJVuA96an25;~!gq(g1@O-5VGo7y&E_srxL6ZfS
z*R%$gR}dyONgju*D&?geiSj7SZ@ftyA|<I`YtD1a%3oCr%5@GGkBtN{5mnwPyOw=G
z)5mh1d5f2bd0O6v9}uRb?jQWt0Hmbh{Lw~%;q96e<JYrfUt;Ww3`|kuk8YLozMnJA
zL-%S-b>}(*Y4KbvU!YLsi1EDQQCnb+-cM=K1io78o!v<D2B&P2)99nqSy|&vmf_z?
z=eWr~Nb^z}4FA|*1-U>*);o<<Bb~caN#d%78rHzz&LtUD8*+uiPJdUJ<!gd#RBLsK
z$C!13l?*$0KTH~HOk{`~({IY19$^eGtD0+`Ng;Krabee-ZmxY?a!#sR^lIs7X@lqE
z)iFHx46*Kc<U3%gK1Qg`N*=%M8g<Qr@DDqezg1<>XwjaQH%)uIP&Zm?)Nfbfn;jIr
z)d#!$gOe3QHp}2NBak@yYv3m(CPKkwI|{;d=gi552u?xj9ObCU^DJFQp4t4e1tPzM
zvsRIGZ6VF+{6PvqsplMZWhz10YwS={?`~O0Ec$`-!klNUYtzWA^f9m7tkEzCy<_nS
z=&<(awFeZvt51>@o_~>PLs05CY)$;}Oo$VDO)?l-{CS1Co=nxjqben*O1BR>#9`0^
zkwk^k-wcLCLGh|XLjdWv0_Hg54B&OzCE^3NCP}~OajK-LuRW53CkV~Su0U>zN%yQP
zH8UH#W5P3-!ToO-2k&)}nFe`t+mdqCxxAHgcifup^gKpMObbox9LFK;LP3}0dP-UW
z?Zo*^nrQ6*$FtZ(>kLCc2LY*|{!dUn$^RW~m9leoF|@Jy|M5p-G~j%+P0_#orRKf8
zvuu5<*XO!B?1E}-*SY~MOa$6c%2cM+xa8}_8x*aVn~57v&W(0mqN1W`5a7*VN{SUH
zXz98DDyCnX2EPl-`Lesf`=AQT%YSDb`$%;(jUT<emmKF_zfZmU9B12q_dyZ<_@h~k
zvEq1`Vx6X|zFHC1f>rNen$NPJrlpPDP}prI>Ml!r6bCT;mjsg<oj3+@ct5lWE*J;5
z4E~(;FwK{V8;n^S+p_aly?)G^7&y`S%eK)TJhe8?@}L_b8H};V-{Fr!7~z`5Jn&~y
zle5N-{eo+>@X^#&<}CGf0Jt<ps|x+2W>R{Ecwd&)2zuhr#nqdgHj+g2n}GK9CHuwO
zk><uMX@X}I+5rrj?NaO6BMSeLuD{-~8R-Gl2xdC9#?M&n3M8$1#r~F<bd_yU6EE{Y
z#eCFVb$%8`qmYLY$VN_bTcap4)*3IM0tVFqt0C)EHHU4$9K2ap4$RYn7cYx68f*63
zqjgq9d3s#J0z)IOp-dbsoyDl3q&F;wDIxirPuXzvw6-Mhm_%B8`dB@kd7fLXw-%?$
zoq?`st6r0!H5QKHrVxu9;wFCr4k6@&eG$(7Z2Wi#T=t;uR8LkI#eWjbL4#SB+RR!}
zkvLwWmhxM!7BIsi5NeXcxeg6+4^H8NJB5=2mJzA06v|{=fl0X|ig2$)&h*GM&JpHp
zr`8`GjG!&l9EyWchuo>oZxy{v<eHuSsx&-tHadS1q^a4f?|RTjYB^sRK14!iW+^lB
z!ebp33Hf8OUb(D`D*|G{AftC98wHP4tb?H!)=@9haZJ)F+0;HQc5`Qlnk&U!fz)-9
z%lX#G)XFlYmyE^D)O;h749_^`>cOL)$8-}L^iV<p27<5%t|ClWJe$Rd_|U|Ck(u@6
zTgwrC&(m^cFeKDxIl7TOJH#1Wo==_x;yAITBFJ1z$*I>fJHAGfwN$prHjY<ZwGVKY
zZ8+b}fUD+>V0ju}8%jWquw>}_W6j~m<}Jf!G?~r5&Rx)!9JNX!ts#SGe2HzobV5);
zpj@&`cNcO&q+%*<%D<T}5E&SDWDa4Lg;*h`<xw$&SGrTg$|CXl_i7+njSd+)yvyz7
z+0<o|PMTJL)R>7za|?m5qlmFK$=MJ_iv{aRs+BGVrs)98BlN^nMr{V_fcl_;<BiuS
ztTFCwthZrVHPPZYBIYp#EouQ9MTH{-OaLh9+PRHAG3=cqP}nnZd8AjsX8sR)@*@Na
z!0>jkzRju+c-y?gqBC_@J0dFLq-D9@VN&-`R9U;nv$Hg?>$oe4N&Ht$V_(JR3TG^!
zzJsbQb<dCovVFFYER#ii{pf+`)Dd4mJA8V_i{)g*7b35$IR9(S%Er0t1yr7X5aERc
zeK=jG4aV7X*X+)C@a&31a^^wDy<E&Lu}Ry(`Um&dxXGiHJfU<|q(iByYWWLIS^^>i
zFE6-{#9{G{+Z}ww!ycl*7rRdmU#_&|DqPfX3CR1I{Kk;bHwF6jh0opI`UV2W{*|nn
zf_Y@%wW6APb&9Rr<YY$Si*BvV^N#m{QYOko?PXQXU(La}0lCv3qWQ$bi`=<yuf89@
zA3M_;xKTP6E^K#?{F`hD*rTDZhZ!h73@a^*&yKH>bEN=PQRBEpM(N1w`81s=(xQj6
z-eO0k9=Al|>Ej|Mw&G`%q8e$2xVz1v4DXAi8G};R$y)ww638Y=9y$ZYFDM$}vzusg
zUf+~BPX>(SjA|tgaFZr_e0{)+z9i6G#lgt=F_n$d=beAt0Sa0a7>z-?vcjl3e+W}+
z1&9=|vC=$co}-Zh*%3588G?v&U7%N1<wSL*V~9}~r(eJ^+Xr3`-m(Sj@@;y|({lFw
zG+a0jI%A@viPJ_TgyiV93C-_fon>Qf-wNWJ)(v`iO5KHSkC5&g7CrKu8V}uQGcfcz
zmBz#Lbqwqy#Z~UzHgOQ;Q-rPxrRNvl(&u6ts4~0=KkeS;zqU<rCYLCOgtuj&A3yvF
z)|<)nA^eF$@T!K+ig@JbUkyVVJP%Y)>Rz%!-ERppmd%0v>iRlEf+H$yl{_8TMJzo0
z>n)`On|7=WQdsqhXI?#V{>+~}qt-cQbokEbgwV3QvSP7&hK4R{Z{aGHVS3;+h{|Hz
z6$Js}_AJr383c_+6sNR|$qu6dqHXQTc6?(XWPCVZv=)D#6_;D_8P-=zOGEN5&?~8S
zl5jQ?NL$c%O)*bOohdNwGIKM#jSAC?BVY={@A#c9GmX0=T(0G}xs`-%f3r=m6-cpK
z!%waekyAvm9C3%>sixdZj+I(wQlbB4wv9xKI*T13DYG^T%}zZYJ|0$Oj^YtY+d$V$
zAVudSc-)FMl|54n=N{BnZTM|!>=bhaja?o7s+v1*U$!v!qQ%`T-6fBvmdPbVmro&d
zk07TOp*KuxRUSTLRrBj{mjsnF8`d}rMViY8j`jo~Hp$fkv9F_g(jUo#Arp;Xw0M$~
zRIN!B22~$kx;QYmOkos@%|5k)!QypDMVe}1M9tZfkpXKGOxvKXB!=lo`p?|R1l=tA
zp(1}c6T3Fwj_CPJwVsYtgeRKg?9?}%oRq0F+r+kdB=bFUdVDRPa;<s*Z4&z%Yqy%U
zOeHw$WK*_?C+%QKv}yj&a(!5Ni>E~~>2$w}>O>v=?|e>#(-Lyx?nbg=ckJ#5U6;RT
zNvHhXk$<cTrzyFrc-kzJ80|Sr7cPKJYnxQh*Fg9@b51h^!>P}m9wSvFyU3}=7!y?Y
z=fg$PbV8d7g25&-jOcs{%}wTDKm>!Vk);&rr;O1nvO0VrU&Q?TtYVU=ir`te8SLlS
zKSNmV=+vF|ATGg`4$N1uS|n??f}C_4Sz!f|4Ly8#yTW-FBfvS48Tef|-46C(wE<BN
zM?~(EkSJJWr_!W7-HptZRmK`p&C>O_%pPhUC5$-~Y?!0vFZ^Gu`x=m7X99_?C-`|h
zfmMM&Y@zdfitA@KPw4Mc(YHcY1)3*1xv<iSQWzdA1>W9V-r4n-9ZuBpFcf{yz+SR{
zo$ZSU_|fgwF~aakGr(9Be`~A|3)B=9`$M-TWKipq-NqRDRQc}ABo*s_5kV%doIX<z
zw8f$0lCeVGD0^!OedVm2t32)213YQ46v=o)@UsVzy`KZ%hr__m!jsQbd@}{{Vg1hz
z`m2-BpqxgapTIephm4Cik^T6BeWfmt%BA@BRlvqT0ILcR0(vVdxD!}~F3BI!@Yuk*
zM2~`l5+!SvcPoj}AC@Q9McO3!2ke!m5VcW3F%a(IA*N@sL73(w3O(3~t5el4Dq{JU
z21IfDfV)n^u4cGvvfJlGe~Q~Yzeudy#8j^ja>7LRLRau_gd@Rd_aLFXGSU+U?uAqh
z8qusWW<lz^u{++i(BMS0kYpMurHwdx8=v!VDug!+!?SoQ%5#Z9_%%XQ)=}5@(OGY$
z!*NFRMlh?b0mZ-o&{hRY(q#;?AsyI_fTbU3vvt{86Gd^<UxrFKXriAuhLyoz-Rb+|
z<1fH@C7QEgQz2VdIb}M#v@~+roe%YIUs5B>cvgQ&wu{|sRXmv?sl=xc<$6AR$+cl&
zFNh5q1~kffG{3lDUdvEZu5c(aAG~+64FxdlfwY^*;JSS|m~CJusvi-!$XR`6@XtY2
znDHSz7}_Bx7zGq-^5{stTRy|I@N=>*y$zz>m^}^{d&~h;0kYiq8<^W<E|75Z!A4X;
zB0ckyjy2crb1=uu;OnTA+AN(`$!y~N){ZywsrcJ<-RJ-6@#;QH|7$vRI{)h?@p2NX
z`N+$B?J?QE9;Pm%%)e)K9b55SBEW5@Zc4|{XhN6&8tG6ODyNFgS%k;enJu!|jBjTn
zO3=N;{~$Us+^lM79~#+NVdMuMV*xv4<srsN5l%(Xfx|TFiWsSLu6VKb8+BQX%9T6)
zLIA<^s*!o98&YNSoO#lh*yl=4IaXWU@%j6|nHVJL2?PUhARrz8&IkW*Q<47%jpzTI
z4gPog-xBcuLB=pm_-|9W&~MFVz_3-f?M6(XIxnIg#$zC^5E`10kVD2)wtP_r+-MVn
zDB)nM192c6VQ(1fw5pgW;z9QPF|WVy-Pi3Kqyd;SXdDvK@g#36c@VC&u=_B=n%w}x
z9G42<h(@l93n9W)B(s=&>q7Dz0w31ShO^~LUfW6rfitR0(=3;Uue`Y%y@ex#eKPOW
zO~V?)M#AeHB2kovn1v=n^D?2{2jhIQd9t|_Q+c|ZFaWt+r&#yrOu-!4pXAJuxM+Cx
z*H&>eZ0v8Y`t}8{TV6smOj=__gFC=eah)mZt9gwz>>W$!>b3O;Rm^Ig*POZP8Rl0f
zT~o=Nu1J|lO>}xX&#P<uNYpwDdsi81$~7Dv-8cIS(lR52^!TF;6k;WMGV`thcu^6S
z@T3rgu^2l&lSgk|u&dqJ2P;_lKd-gsz+E~nyy$zL@l8HyyxzgF#YH#@jXdT>58%Yl
z83`HRs5#32Qm9mdCrMlV<JBDhyZ+y^N%S92djDerOElqpRE}K*p`=oMP>|NKNC+Z~
z9OB8xk5HJ>gBLi+m@(pvpw)<om*<*&g*ukIpJ5#uX6#7U*X+*MN|7vZ8*HK)=`Y9r
z)#d;zRimk{mmRK`xtmKSn@imtSD%un-#&@aHsi(XFSqmU+t2^tlw;mwe}X*y&#AIH
zlv#=?W?e4tr=1o`K<LAS)WBGaORGt!_L??}o8QF5X|ARAXjcw9(=`^ih&uvZ?3o=4
ztCfj-M@ZND9Dnt(PEoh14OzzWaAN5QQ)tU}4*nXvp1HQ^w*zt7KrnA5B`0hYyAdFC
zH+>1(OaVJKs*$Ou#@Knd#bk+V@y;YXT?)4eP9E5{J%KGtYinNYJUH9PU3A}66c>Xn
zZ{Bn0<;8$WCOAL$^NqTjwM?5d=RHgw3!72WRo0c;+houoUA@HWLZM;^U$&sycWrFd
zE7ekt9;kb0`lps{>R(}YnXlyGY}5pPd9zBpgXeJTY_jwaJGSJQC#-KJqmh-;ad&F-
z-Y)E>!&`Rz!HtC<wKL>z>%yO<y&s#nmyWumg2@9<En(?C^(|rjP3fstXvL7F_}@s~
zK?}vRELPAe=@^SDzf;4gMIY~6wbR)ERQj~L^17FRR>J|v(u7P*I$jqEY3}(Z-orn4
zlI?CYKNl`6I){#2P1h)y(6?i;^z`N3bxTV%wNvQW+eu|x=kbj~s8rhCR*0H=iGkSj
zk2<D*!UmdR0qg)7cV>3lr9kr|p7#qKL=UjgO`@UnvzU)`&fI>1Qs7ubq{@+lK{hH*
zvl6eSb9%yngRn^T<;jG1SVa)eA>T^XX=yUS@NCKpk?ovCW1D@!=@kn;l_BrG;hOTC
z6K&H{<8K#dI(A+zw-MWxS+~{g$tI7|SfP$EYKxA}LlVO^sT#Oby^grkdZ^^lA}uEF
zBSj$weBJG{+Bh@Yffzsw=HyChS(dtLE3i*}Zj@~!_T-Ay7z=B)+*~3|?w`Zd)Co2t
zC&4DyB<B`NVJ>!o&YgSw+fJn6`sn$e)29`kUwAc+1MND7YjV%lO;H2}fNy>hD#=gT
ze+-aFNpyKIoXY~Vq-}OWPBe?Rfu^{ps8>Xy%42r@RV#*QV~P83jdlFNgkPN=T|Kt7
zV*M`Rh*30&AWlb$;ae130e@}Tqi3zx2^JQHpM>j$6x`#{mu%tZlwx9Gj@Hc92IuY*
zarmT|*d0E~vt6<+r?W^UW0&#U&)8B6+1+;k^2|FWBRP9?C4Rk)HAh&=AS8FS|NQaZ
z2j!iZ)nbEyg4ZTp-zHwVlfLC~tXIrv(xrP8PAtR{*c;T24ycA-;auWsya-!kF~CWZ
zw_uZ|%urXgUbc@x=L=_g@QJ@m#5beS@6W195Hn7>_}z@Xt{DIEA`A&V82bc^#!q8$
zFh?z_Vn|ozJ;NPd^5uu(9tspo8t%&-U9Ckay-s@DnM*R5rtu|4)~e)`z0P-sy?)kc
zs_k&J@0&0!q4~%cKL)2l;N*T&0;mqX5T{Qy60%JtKTQZ-xb%KOcgqwJmb%MOOKk7N
zgq})R_6**{8A|6H?fO+2`#QU)p$Ei2&nbj6TpLSIT^D$|`TcSeh+)}VMb}LmvZ{O|
ze*1IdCt3+yhdYVxcM)Q_V0bIXLgr6~%JS<<&dxIgfL=Vnx4YHuU@I34JXA|+$_S3~
zy~X#gO_X!cSs^XM{yzDGNM>?v(+sF#<0;AH^YrE8smx<36bUsH<L8f?5hvib^(w-z
zQO~nQ$dVU0i#a3ki#~Zfn+z)A0X6&+uTO~YY-95PED8rYa#tnOB_5j0D(OiyL`p9s
zv+IJ_k!HYz5YcKEc7QF88Nvot?2oM%4aDY1Bzw#ErO+K${;d;Xz}Qst%^Hxe<y|{#
z0i<}um0l#qNYBrEHp~^dRc(MW&*nx$<xOZo&ngs@b)HTJL5#EBLw4XB%N{_Unwz1|
zV8i$e7agBMpxq^UD+OBzpAA4~Wm`dImRWzuo^(m(ArJer$O=jb))nZ!p#}ai;I|`b
zxh~i8wmS;I?uK@A5wM9(c}p9|(M`BOW}{O$gH|yS=WST0IY5xeK;n^|OTOu06VXGL
ziLV81^Z>bN#y57K8WEu(`qHvQ6cAZPo=J5C(lSmUCZ57Rj6cx!e^rfaI5%w}unz}4
zoX=nt)FVNV%QDJH`o!u9olLD4O5fl)xp+#RloZlaA92o3x4->?rB4`gS$;<QP`qnB
zxyR|2?xCkFimDvX6HOV?^)Ex~)EDlr;3{Zk;-f=p?%7c@-P$(ps9BR^)$rFZsteaA
z;pEqzR194rw0JOm6L~PJ9F(nNaRn+j%W1SvOz`}E|6u-%XnRuFO#whbo=$_b&QmEc
zz35A#zc{~jeDG0s#(%Oyh`}`Lr28fKNg=;!oXo#n2s2b!wHSqmp4gLtkq~?+{}p*~
zmyPE6L~1+ln$95dm03gaCX?Mx^?0LvGdEce@^Fw=4Li}NJ(PPrnJG8UTM7f;`bHcw
z$Z`@wnD>WO{R;Z3>cG3IgFX2EA?PK^M}@%1%A;?f6}s&CV$cIyEr#q5;yHdNZ9h{|
z-=dX+a5elJoDo?Eq&Og!nN6A)5yYpnGEp}?=!C-V)(*~z-+<AB{~}$sb=b_3)fww3
z1aC=mU#wAjt*hH!O=_Rq0hO_a&wY#~Xao9@|NW*<bx}+viW;viI*Z+I?~t{%B+v(!
zDDr@@d60%bC|=S0vZozViq<m)h@uyR_WM|>?kY1Q7qs#Rsy%hu_60rdbB+QQNr?S1
z?;xtjUv|*E3}HmuNyB9aFL5H~3Ho0UsmuMZELp1a#CA1g`P{-mT?B<X1H9ohvAM^;
z+8=gDne1h_tC$>chuLEtK}!QZ=3AWakRu~?f9V~3F;TV`5%9Pcs_$gq&CcU}r8gOO
zC2&SWPsSG{&o-LIGTBqp6SLQZPvYKp$$7L4WRRZ0BR$Kf0I0SCFkqveCp@f)o8W)!
z$%7D1R`&j7W9Q9CGus_)b%+B#J2G;l*FLz#s$hw{BHS~WNLODV#(!u_2Pe&tMsq={
zdm7>_WecWF#D=?eMjLj=-_z`aHMZ=3_-&E8;ibPmM}61i6J3i<Ry9$0oO(dC+M{8z
zs~&fm$9WhF63%!K_Mm6jbUbs_bSm8+)$j`QmCxcnfVz-~LWI0Pvt$(Iiice=m6f#A
znKpqTEVc`=3la-JE~IF8T$O7$xw2vGNtATg%;ITCJQ$<SdLX>s*=dKf%HC>=xbj4$
zS|Q-hWQ8T5mWde6h@;mS+?k=89?1FU<%qH9B(l&O>k|u_aD|DY*@~(`_pb|B#rJ&g
zR0(~(6<MTX1VH`>8fpUPz6TdS@4JT5MOPrqDh5_H(eX1$P2SQrkvN8sTxwV>l0)Qq
z0pzTuvtEAKRDkKGhhv^jk%|HQ1DdF%5oKq5BS>szk-CIke{%js?~%@$uaN3^Uz6Wf
z_iyx{bZ(;9y4X&>LPV=L=d+A}7I4GkK0c1Xts{rrW1Q7apHf-))`BgC^0^F(>At1*
za@e7{lq%yAkn*NH8Q1{@{lKhRg*^TfGvv!Sn*ed*x@6>M%aaqySxR|oNadYt1mpUZ
z6H(<Ni{=BqKRj2FW+}Co`K?u{@WLS%pQm3TU}Q0c616}yg+(R+@sl}k&>rupHYf&Z
z29$5g#|0MX#aR6TZ$@eGxxABRKakDYtD%5BmKp;HbG_ZbT+=81E&=XRk6m_3t9PvD
zr5Cqy(v?gHcYvYvXkNH@S#Po~q(_7MOuCAB8G$a9BC##gw^5mW16cML=T=ERL7wsk
zzNEayTG?mtB=x*wc@ifBCJ|irFVMOvH)AFRW8WE~U()QT=HBCe@s$dA9O!@`zAAT)
zaOZ7l6vyR+Nk_OOF!ZlZmjoImKh)dxFbbR~z(cM<ohJsx2;$$S(LMO!JiV@-OGlmm
z`NdjOOy9O@m26&M`?ASmTQ{@=-K%#U)U7w<-rclq>hfeX1l7S_`;h|v3gI}<v)x_w
zvu)Dq)`qX%>n9$sSQ>+3@AF<e#LTCwgPu=4ybha;DXu-e#IUo*sWeYFrWHoigJs{Q
zYu_ff&j$_|OP<X2&rv4d2FV^~F@43}*F8@FN!r^c>Ay9=B_y$)q;Wdl|C-X|VV3w8
z2S#>|5dGA8^9%Bu&fhmVRrTX>Z7{~3V&0UpJNEl0=N32euvDGCJ>#6dUSi&PxFW*s
zS`}TB>?}H(T2lxBJ!V#2taV;q%zd6fOr=SGHpoSG*4PDaiG0pdb5`jelVipkEk%FV
zThLc@Hc_AL1#D&T4D=w@UezYNJ%0=f3iVRuVL5H?eeZM}4W*bomebEU@e2d`M<~uW
zf#Bugwf`VezG|^Qbt6R_=U0}|=k;mIIakz99*>FrsQR{0aQRP6ko?5<7bkDN8evZ&
zB@_KqQG?ErKL=1*ZM9_5?Pq%lcS4uLSzN(Mr5=t6xHLS~Ym`UgM@D&VNu8e?_=<G2
z$Y^_uSNUz|Ag`4k$;;4dC>nSFtF$u@hpPSmI4Vo_t&v?>$~K4y(O~Rb*(MFy_igM7
z*~yYUyR6yQgzWnWMUgDov!!g=lInM+=lOmOk4L`O?{i&qxy&D*_qorRbDwj6?)!ef
z#JLd7F6Z2I$S0iYI={rZNk*<{HtIl^mx=h>Cim*04K4+Z4IJtd*-)%6XV2(M<qEcY
zKpTExU9W`Sp|>CscPiw_a+y*?BKbTS@BZ3AUao^%Zi#PhoY9Vib4N>SE%4>=Jco0v
zH_Miey{E;FkdlZSq)e<{`+S3W=*ttvD#hB8w=|2aV*D=yOV}<n%QCtpFj!1iP3=++
zF%bul8RQG~xNUT@7_D%fDp&f9U3+!yV(BF^EJ6M?ggfgy%D_aSJLQh<Q8L9^3Z4lP
zSliD?8{L~ZN{}ULe$or4iOcd9fCXx)uXD>(&p%0LbEWH$&@$X3x~CiF-?ejQ*N+-M
zc8zT@3iwkdRT2t(XS`d7`tJQAjRmKAhiw{WOqpuvFp`i@Q@!KMhwKgs<K(HF*wpN5
zv(vj1XA8yT@r9sbul0J^6}T8DTrg3?UvaTK(_8@BG(vOS@R#A};jf~t=|7FM{G%;V
z$moCx(glgj5-;%1QM|u%2d3FX97|2!-{zNf(~wZQL8&V6ON(xoE>A}%@sw8Xo5Y=F
zhRJZg)O4uqNWj?V&&vth*H#je6T}}p_<>!Dr#89q@uSjWv~JuW(>FqoJ5^ho0%K?E
z9?x_Q;kmcsQ@5=}z@tdljMSt9-Z3xn$k)kEjK|qXS>EfuDmu(Z8|(W?g<kN}okBu|
z`906+8rq=5w?nFA6VC1#eQVZ_=+&soKuCq9J4-B?5ajOsO<ZqBE?J2XT_J8fPV98+
zk#wtSBTro80%$s5KaeCr*oviwvkprv-mw0v@x!YSCMmDCbzwIduaRkq+nkD$>Y6-l
z@R_#M8=vxKMAoi&PwnaIYw2COJM@atcgfr=zK1bvjW?9B`-+Voe$Q+H$j!1$Tjn+*
z&LY<%)L@;zhnJlB^Og6I<R<r5yYZK!bg%i+z^Gb9&z&*Z#pVBay5jNKYESI$cqK!;
zs%j&*N?LE3ILkbKV_0UUpL<A`zeQtv+?k$&h|~*OX&e)^SV^abQ&PMGXtX3fI2kT=
z2Y%RbH`bf;|K;F8Mxo)Ov25Y*lHOz#D>&BOR-m?{IW;tyYC%FZ!&Z>kGjHJ6cqM-F
z&19n+e1=9AH1VrVeHrIzqlC`w9=*zfmrerF?JMzO&|Mmv;!4DKc(sp+jy^Dx?(8>1
zH&yS_4yL7m&GWX~mdfgH*AB4<e8V;o9`b8>{CKo;+egw=PrvkTaoBU+P-4u?E|&!c
z)DKc;>$$B6u*Zr1SjUh<mc1^2+c=@@6(J4|#?}T_|M2b62=4`4F-ba1m43BpL!aCj
zR^w2TEDEd$X7pi$++6T@mH_M(zN#-+gi}U5eaDqd^tUG_>2)FeuWLWHl5TH(UHWkf
zLs>7px!c5n;rbe^lO@ql<wf#W%s8knI~Th~JR_Kl+2&@Zoorl!op+Ba_ZYj2yD(^E
z$}7%1B7{$MlPHueM^5x<Vc5^Pd5$8yYQ@u;!UngDNs9O`zY)-uu_X-;n9-+TuAb`^
z<H1e|G%#k-<p?8qbT%m<kMd#1>YLzlDVp(z?6r<WUtyWnlD^G9B?_Ur{&KCOuHNMq
zk|B^K_<0Q-9-+@;d#BY&2k-R$to<44{eG#pW>PZel=YB)Uv&n!2{+Mb$-vQl=xKw(
zve&>xYx+jW_NJh!FV||r?;hdP<!CWxpcsZKiv4>*jOXYcLCp>DOtJ?2S^)DkM{{Eb
zS$!L$e_o0(^}n3tA1R3-$SNvgBq;DOEo}fNc|tB%%#g4RA3{|euq)p+xd3I8^4E&m
zFrD%}nvG^HUAIKe9_{tXB;tl|G<%>yk6R;8L2)KUJw4yHJXUO<O#J#etA!EQr#Ixj
zZuFu$GT+Wpqx#)|V^@Cm`sHrRN~=Je%6V#~5_a6U7SazOW-GgiQtB4%%~2(B0iBsg
z;PpJsF|+l@`Wy@y_OtfS`JgrB)rNO1MTjsxeQ7|k!FQ^3n6kbM;^~mT&4KxW*m77y
zq%{h&JwttX7mQ1|xDfr$rzHoYHzjn|^DmxVimK9<IM)^a;|9O2LO78(*WR_|D40bM
z4}thc%eqOsDqUE<D1~O4evp0zw~wzT!F>PM>(-+jxq4R;z8H#>rnJy*)8N+$wA$^F
z<U&lTYAkA<S9x1+2s?lu2|Zd2nj#EvZB!v_&9eAD+8*)ghmbT+{)~_^Px6pMeOz2X
zv~Wjk&YGtROVvA~E^msuyea-{C!TM*WVVa4lhy%2Gi&UvdDpYWzNapW2o<z2pU37x
zeudIr){wxOzdWU}R?Ue;nbpX4`c>N+H*3t)eFEgxLw+Nw3};4WV$qj&_D`%ADV2%r
zJCPCo%{=z7;`F98(us5JnT(G@sKTZ^;2FVitXyLe-S5(hV&Ium+1pIUB(CZ#h|g)u
zSLJJ<@HgrDiA-}V_6B^x1>c9B6%~847JkQ!^KLZ2skm;q*edo;UA)~?SghG8;QbHh
z_6M;ouo_1rq9=x$<`Y@EA{C%6-pEV}B(1#sDoe_e1s3^Y>n#1Sw;N|}8D|s|VPd+g
z-_$QhCz`vLxxrVMx3ape1xu3*wjx=yKSlM~nFgkNWb4?DDr*!?U)L_VeffF<+!j|b
zZ$Wn2$TDv3C3V@BHpSgv3JUif8%hk%OsGZ=OxH@8&4`bbf$`aAMchl^qN>Eyu3JH}
z9-S!x8-s4fE=lad%Pkp8hAs~u?|uRnL48O|;<hL9ZDZTaoVqCgAV4_fXA_B>*DEU!
zuS0{cpk%1E0nc__2%;apFsTm0bKtd&A0~S3Cj^?72-*Owk3V!ZG*PswDfS~}2<8le
z5+W^`Y(&R)yVF*tU_s!XMcJS`;<i5$MCe|U*GT!0%*LADX`D^%6_<=D#Ru0`TRN8+
zm@tIK)49`32a<@shitOU#x<QU%nW!IzfjK>(Tr`J0%>p=Z&InR%D3@KEzzI+-2)HK
zuoNZ&o=wUC&+*?ofPb0a(E6(<2Amd6%uSu_^-<1?hsxs~0K5^f(L<W1_uUGAdyXWF
z-9E^}>sGqgEF^+0_H=uNk9S0bb!|O8d?m5gQjUKevPaO+*VfSn^2892K~%crWM8+6
z25@V?Y@J<9w%@NXh-2!}SK_(X)O4AM1-WTg>sj1{lj5@=q&dxE^9xng1_z9w9DK>|
z6Iybcd0<ba%T-PM@iR4f+hWNy2(Dh#%r^4ZjOOcYUhl?lcc*@SuVYF<0NRX~sTl15
z&yX+gisvpMdp($7GpQ}~BtfayBnqkt65sVAS)H#))Ya=X_9qRpsELVk)K-Umx|Q>e
zy<csGv$iOY<#zt!tLyihB^h0nm-w?)HRS0&_TFyZkN{(*U!r-+J#Pt@VJw|c&+Ad7
zGuhURv<S1E^2YPq{$<>i;Ew!KBRIfGPGytQ6}z}MeXCfLY0?9%RiyagSp_D1?N&c{
zyo>VbJ4Gy`@Fv+5cKgUgs~na$>BV{*em7PU3%lloy_aEovR+J7TfQKh8BJXyL6<F;
zULuFu;b(C;CC(l^>|P8un-Jnq(ghd!_HEOh$zlv2$~y3krgeH;9zC}V3<xe_B^^Vb
z>f`uDtW(%mT#944DQa~^8ZI+zAUu4U(j0YcDfKR$bK#gvn_{JZ<YX};laf~yTsdEA
zA~Ra?VD!R`MyGN9;7}SV*B=q$h>>|gZ5+)u?T$w<UlM8Es^_5l0fa>7Q%F^;!Wk?G
z(le7r!ufT*cxS}PR6hIVtXa)i`d$-_1KkyBU>qmgz-=T};uxx&sKgv48akIWQ89F{
z0<y9Cbjk%^#=J+qPnsNw%*mP1XLirQj9jh94t22gxgVWwR*I>XiY?WM^~;|T8zBOr
zs#zuOONzH?svv*jokd5SK8wG>+yMC)LYL|vLqm^PMHcT=`}V$=nIRHe2?h)8WQa6O
zPAU}d`1y(>kZiP~Gr=mtJLMu`i<2CspL|q2DqAgAD^7*$xzM`PU4^ga`ilE134XBQ
z99P(LhHU@7qvl9Yzg$M`+dlS=x^(m-_3t|h>S}E0bcFMn=C|KamQ)=w2^e)35p`zY
zRV8X?d;s^>Cof2SPR&nP3E+-LCkS0J$H!eh8~k0qo$}00b=7!H_I2O+Ro@3O$nPdm
ztmbOO^B+IHzQ5w>@@@J4cKw5&^_w6s!s=H%&byAbUtczPQ7}wfTqxxtQNfn*u73Qw
zGuWsrky_ajPx-5`R<)6xHf>C(oqGf_Fw|-U*GfS?xLML$kv;h_pZ@Kk$y0X(S+K80
z6^|z)*`5VUkawg}=z`S;VhZhxyDfrE0$<offD>(PMurAxl~<>lfZa>JZ288ULK7D`
zl9|#L^JL}Y$j*j`0-K6kH#?bRmg#5L3iB4Z)%iF@SqT+Lp|{i`m%R-|ZE94Np7Pa5
zCqC^V3}B(FR340pmF*qaa}M}+h6}mqE~7Sh!9bDv9YRT|>vBNAqv09zXHMlcuhKD|
zcjjA(b*XCIwJ33?CB!+;{)vX@9xns_b-VO{i0y?}{!sdXj1GM8+$#v>W7nw;+O_9B
z_{4L;C6ol?(?W0<6taGEn1^uG=?Q3i29sE`RfYCaV$3DKc_;?HsL?D_fSYg}SuO5U
zOB_f4^vZ_x%o`5|C@9C5+o=mFy@au{s)sKw!UgC&L35aH(sgDxRE2De%(%OT=VUdN
ziVLEmdOvJ&5*tCMKRyXctCwQu_RH%;m<lO9)YlolKp~SHA~$RD@rJEPJ4LfFabjtz
zzIU?%C*Qz8oJB~DbsOtV|5q`38L}^8Uq{e{^Ki<?YLnvYT2b=9GoWdOL!w)E5Yy?N
zCPB}zb-LW~opI;Pm$>*$YK&m;jtbdH#Ak~13T1^f89tn`A%QEHWs~jnY~E}p_Z$XC
z=?YXLCkzVSK+Id`xZYTegb@W8_baLt-Fq`Tv|=)JPbFsKRm)4UW;yT+J`<<s6L^~#
zDKX^stn#n?Mc#=>)%#ue9DPOkje)YF2fsCilK9MIIK>p*`fkoD5nGfmLwt)!KOT+>
zOFq*VZktDDyM3P5UOg`~XL#cbzC}eL%qMB=Q5$d89MKuN<r)TznqqP**!jJ?cnTT2
zaaf?rvaC;><?H&|zm@ni*?D9zRWNdd5|h7<r<^y7j=M<<S|!iYxdgG*6u6u?mWfD3
zB)<Dfkbae`fO#+9WEYybHeZv}*cbdmPDkPU(jb+Sl1(!A;;QmZ9oNWRty}&5QMWy9
zX_w<YIby`Y;2BC{-IfA^=3f)~-*KF*rKr=krZyJeUl;NhG@Ajb2fr2VF0H7ZuP8_;
zl#_lD<2+R)LHx3c896sfpWG@kpwT@>#$6|4gx_Jt0Gfn8w&q}%lq4QU%6#jT*MRT%
zrLz~C8FYKHawn-EQWN1B75O&quS+Z81(zN)G>~vN8VwC+e+y(`>HcxC{MrJ;H1Z4k
zZWuv$w_F0-Ub%MVcpIc){4PGL^I7M{>;hS?;eH!;<Yf7EM>gmcOE66z3;Z1Phqo(t
zVP(Hg6q#0gIKgsg7L7WE!{Y#1nI(45tx2{$34dDd#!Z0NIyrm)HOn5W#7;f4pQci#
zDW!FI(g4e668kI9{2+mLwB+=#9bfqgX%!B34V-$wwSN(_cm*^{y0jQtv*4}eO^sOV
z*9xoNvX)c9isB}Tgx&ZRjp3kwhTVK?r9;n<haxnrRq){mtk9A+#MWR@iL>!x>^XYT
z@Q^7zp{rkIs{2mUSE^2!Gf6$6;j~&4=-0cSJJDizZp6LTe8b45;{AKM%v99}{{FfC
zz709%u0mC=1KXTo(=TqmZQ;c?$M3z(!xah>aywrj40sc2y3rKFw4jCq+Y+u=CH@_V
zxz|qeTwa>+<|H%8Dz5u>ZI5MmjTFwXS-Fv!TDd*`>3{krWoNVx$<133`(ftS?ZPyY
z&4@ah^3^i`vL$BZa>O|Nt?ucewzsF)0zX3qmM^|waXr=T0pfIb0*$AwU=?Ipl|1Y;
z*Pk6{C-p4MY;j@IJ|DW<V4g+WfmkDAI{!240rBm;^p*C?EK5<-i6<dFN`<4WIVA6x
zQ_A}VBKmDESd)f<tKV+_7{`O-ZQ=Kw_N>>QHZQJcp;Z~?8(Q+Kk3^0qJ}SCk^*n4W
zu9ZFwLHUx-$6xvaQ)SUQcYd6fF8&x)V`1bIuX@>{mE$b|Yd(qomn3;bPwnDUc0F=;
zh*6_((%bqAYQWQ~odER?h>1mkL4kpb3s7`0m@rDKGU*oyF)$j~Ffd4fXV$?`f~rHf
z<dmhsigJ=rWi_aV`WXyhB>B%Y)@5SXZvfwm10RY5X?TEo)PK_`L6qgBp=#>fO49$D
zDq8Ozj0q6213tV5Qq=;fZ0$|KroY{Dz=l@lU^J)?Ko@ti20TRplXzphBi>XGx4bou
zEWrkNjz0t5j!_ke{g5I#PUlEU$Km8g8TE|XK=MkU@PT4T><2OVamoK;wJ}3X0L$vX
zgd7gNa359*nc)R-0!`2X@FOTB`+oETOPc=ubp5R)VQgY+5BTZZJ2<L28T@@Z{~(FZ
zheu(w_rw1D2_zLx!dpDtOmwLC!DhBIo<Q>?9QwnO=<wr%&Gfr?0?EHFALMv;_+d?S
zzAg%@ydS-+C)WJy(gMckj>dnulIUF3gFn;BODC2)65)HeVd%t86sL7Rv^Y+nbn+&l
z6BAJY(ETvwI)Ts$aiE8rht4KD*qNyE{8{x6R|%akbTBzw;2+6<pQ&SDXNQj*or8md
z6z#{?Yky9DqRtSV0CMnGmM?NZ;=ja)lj3y_HwGOxfijBU4|3qigw`1zRQjL!B8PR+
zaRn%p#eR@M4(R@Wz!rx^(f#sKB!vBtl{_H&pMv^{xCn<;&`rM&o>Echkt+W+`u^XX
z_z&x%n<Jwv#rI=O_ITYt8jK&7Lbvimxh?Mpm*TNff4FbaUEWX?w*B~|ab(^T*a99t
zcJ#fCD8IP<V1pf_@pm2K2=}<d0_Y2*QClSUBi8yzf&VOuJ`CJAoEUwr?!mKD=5}o2
zV^&)q)<B;SMXmbXj|caU)A+-MMW5C}&8F^$XYi3}kDOaQe6Z+qH3z$S;;<vL9ydXD
zI5~P97&YCq9}$m^On$P-pTjcf#j%4IH8Sc*nG=+l4{M+gXHaFf{g{b8PUBySZmJ4r
UfUyy3EX0IC28@JalTrWuAK7&_a{vGU

literal 0
HcmV?d00001

diff --git a/back001/gradle/wrapper/gradle-wrapper.properties b/back001/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 0000000..b82aa23
--- /dev/null
+++ b/back001/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,7 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
diff --git a/back001/gradlew b/back001/gradlew
new file mode 100755
index 0000000..1aa94a4
--- /dev/null
+++ b/back001/gradlew
@@ -0,0 +1,249 @@
+#!/bin/sh
+
+#
+# Copyright © 2015-2021 the original authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+#
+#   Gradle start up script for POSIX generated by Gradle.
+#
+#   Important for running:
+#
+#   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+#       noncompliant, but you have some other compliant shell such as ksh or
+#       bash, then to run this script, type that shell name before the whole
+#       command line, like:
+#
+#           ksh Gradle
+#
+#       Busybox and similar reduced shells will NOT work, because this script
+#       requires all of these POSIX shell features:
+#         * functions;
+#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+#         * compound commands having a testable exit status, especially «case»;
+#         * various built-in commands including «command», «set», and «ulimit».
+#
+#   Important for patching:
+#
+#   (2) This script targets any POSIX shell, so it avoids extensions provided
+#       by Bash, Ksh, etc; in particular arrays are avoided.
+#
+#       The "traditional" practice of packing multiple parameters into a
+#       space-separated string is a well documented source of bugs and security
+#       problems, so this is (mostly) avoided, by progressively accumulating
+#       options in "$@", and eventually passing that to Java.
+#
+#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+#       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+#       see the in-line comments for details.
+#
+#       There are tweaks for specific operating systems such as AIX, CygWin,
+#       Darwin, MinGW, and NonStop.
+#
+#   (3) This script is generated from the Groovy template
+#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       within the Gradle project.
+#
+#       You can find Gradle at https://github.com/gradle/gradle/.
+#
+##############################################################################
+
+# Attempt to set APP_HOME
+
+# Resolve links: $0 may be a link
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
+    [ -h "$app_path" ]
+do
+    ls=$( ls -ld "$app_path" )
+    link=${ls#*' -> '}
+    case $link in             #(
+      /*)   app_path=$link ;; #(
+      *)    app_path=$APP_HOME$link ;;
+    esac
+done
+
+# This is normally unused
+# shellcheck disable=SC2034
+APP_BASE_NAME=${0##*/}
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD=maximum
+
+warn () {
+    echo "$*"
+} >&2
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+} >&2
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "$( uname )" in                #(
+  CYGWIN* )         cygwin=true  ;; #(
+  Darwin* )         darwin=true  ;; #(
+  MSYS* | MINGW* )  msys=true    ;; #(
+  NONSTOP* )        nonstop=true ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD=$JAVA_HOME/jre/sh/java
+    else
+        JAVACMD=$JAVA_HOME/bin/java
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD=java
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+fi
+
+# Increase the maximum file descriptors if we can.
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+    case $MAX_FD in #(
+      max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
+        MAX_FD=$( ulimit -H -n ) ||
+            warn "Could not query maximum file descriptor limit"
+    esac
+    case $MAX_FD in  #(
+      '' | soft) :;; #(
+      *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
+        ulimit -n "$MAX_FD" ||
+            warn "Could not set maximum file descriptor limit to $MAX_FD"
+    esac
+fi
+
+# Collect all arguments for the java command, stacking in reverse order:
+#   * args from the command line
+#   * the main class name
+#   * -classpath
+#   * -D...appname settings
+#   * --module-path (only if needed)
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if "$cygwin" || "$msys" ; then
+    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
+
+    JAVACMD=$( cygpath --unix "$JAVACMD" )
+
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    for arg do
+        if
+            case $arg in                                #(
+              -*)   false ;;                            # don't mess with options #(
+              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
+                    [ -e "$t" ] ;;                      #(
+              *)    false ;;
+            esac
+        then
+            arg=$( cygpath --path --ignore --mixed "$arg" )
+        fi
+        # Roll the args list around exactly as many times as the number of
+        # args, so each arg winds up back in the position where it started, but
+        # possibly modified.
+        #
+        # NB: a `for` loop captures its iteration list before it begins, so
+        # changing the positional parameters here affects neither the number of
+        # iterations, nor the values presented in `arg`.
+        shift                   # remove old arg
+        set -- "$@" "$arg"      # push replacement arg
+    done
+fi
+
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
+
+set -- \
+        "-Dorg.gradle.appname=$APP_BASE_NAME" \
+        -classpath "$CLASSPATH" \
+        org.gradle.wrapper.GradleWrapperMain \
+        "$@"
+
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
+#
+# In Bash we could simply go:
+#
+#   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+#   set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
+
+eval "set -- $(
+        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+        xargs -n1 |
+        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+        tr '\n' ' '
+    )" '"$@"'
+
+exec "$JAVACMD" "$@"
diff --git a/back001/gradlew.bat b/back001/gradlew.bat
new file mode 100644
index 0000000..25da30d
--- /dev/null
+++ b/back001/gradlew.bat
@@ -0,0 +1,92 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%"=="" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if %ERRORLEVEL% equ 0 goto execute
+
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto execute
+
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
+
+goto fail
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+
+:end
+@rem End local scope for the variables with windows NT shell
+if %ERRORLEVEL% equ 0 goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
diff --git a/back001/modules/audit/build.gradle.kts b/back001/modules/audit/build.gradle.kts
new file mode 100644
index 0000000..6acd1d2
--- /dev/null
+++ b/back001/modules/audit/build.gradle.kts
@@ -0,0 +1,12 @@
+plugins {
+    kotlin("jvm")
+    kotlin("plugin.spring")
+    kotlin("plugin.jpa")
+    id("io.spring.dependency-management")
+    id("java-library")
+}
+
+dependencies {
+    api(project(":common"))
+    implementation("org.springframework.boot:spring-boot-starter-data-jpa")
+}
diff --git a/back001/modules/audit/src/main/kotlin/com/mosenioring/audit/AuditEvent.kt b/back001/modules/audit/src/main/kotlin/com/mosenioring/audit/AuditEvent.kt
new file mode 100644
index 0000000..a071758
--- /dev/null
+++ b/back001/modules/audit/src/main/kotlin/com/mosenioring/audit/AuditEvent.kt
@@ -0,0 +1,30 @@
+package com.mosenioring.audit
+
+import com.mosenioring.common.BaseEntity
+import jakarta.persistence.Column
+import jakarta.persistence.Entity
+import jakarta.persistence.Id
+import jakarta.persistence.Table
+
+@Entity
+@Table(name = "audit_events")
+class AuditEvent(
+    @Id
+    @Column(name = "id")
+    val id: String,
+
+    @Column(name = "actor_id", nullable = false)
+    val actorId: String,
+
+    @Column(name = "action", nullable = false)
+    val action: String,
+
+    @Column(name = "resource", nullable = false)
+    val resource: String,
+
+    @Column(name = "resource_id")
+    val resourceId: String?,
+
+    @Column(name = "patient_id")
+    val patientId: String?
+) : BaseEntity()
diff --git a/back001/modules/audit/src/main/kotlin/com/mosenioring/audit/AuditRepository.kt b/back001/modules/audit/src/main/kotlin/com/mosenioring/audit/AuditRepository.kt
new file mode 100644
index 0000000..b5b89d3
--- /dev/null
+++ b/back001/modules/audit/src/main/kotlin/com/mosenioring/audit/AuditRepository.kt
@@ -0,0 +1,5 @@
+package com.mosenioring.audit
+
+import org.springframework.data.jpa.repository.JpaRepository
+
+interface AuditRepository : JpaRepository<AuditEvent, String>
diff --git a/back001/modules/audit/src/main/kotlin/com/mosenioring/audit/service/AuditService.kt b/back001/modules/audit/src/main/kotlin/com/mosenioring/audit/service/AuditService.kt
new file mode 100644
index 0000000..389e02d
--- /dev/null
+++ b/back001/modules/audit/src/main/kotlin/com/mosenioring/audit/service/AuditService.kt
@@ -0,0 +1,28 @@
+package com.mosenioring.audit.service
+
+import com.mosenioring.audit.AuditEvent
+import com.mosenioring.audit.AuditRepository
+import com.mosenioring.common.security.SecurityUtils
+import com.mosenioring.common.tenant.TenantContext
+import org.springframework.stereotype.Service
+import java.util.UUID
+
+@Service
+class AuditService(
+    private val repository: AuditRepository
+) {
+    fun record(action: String, resource: String, resourceId: String?, patientId: String?) {
+        val event = AuditEvent(
+            id = UUID.randomUUID().toString(),
+            actorId = SecurityUtils.currentUserId() ?: "system",
+            action = action,
+            resource = resource,
+            resourceId = resourceId,
+            patientId = patientId
+        )
+        event.tenantId = TenantContext.getTenantId() ?: "unknown"
+        event.createdBy = event.actorId
+        event.updatedBy = event.actorId
+        repository.save(event)
+    }
+}
diff --git a/back001/modules/clinical/build.gradle.kts b/back001/modules/clinical/build.gradle.kts
new file mode 100644
index 0000000..22ead93
--- /dev/null
+++ b/back001/modules/clinical/build.gradle.kts
@@ -0,0 +1,14 @@
+plugins {
+    kotlin("jvm")
+    kotlin("plugin.spring")
+    kotlin("plugin.jpa")
+    id("io.spring.dependency-management")
+    id("java-library")
+}
+
+dependencies {
+    api(project(":common"))
+    implementation(project(":modules:audit"))
+    implementation("org.springframework.boot:spring-boot-starter-data-jpa")
+    implementation("org.springframework.boot:spring-boot-starter-validation")
+}
diff --git a/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/MedicationPlan.kt b/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/MedicationPlan.kt
new file mode 100644
index 0000000..962ad79
--- /dev/null
+++ b/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/MedicationPlan.kt
@@ -0,0 +1,21 @@
+package com.mosenioring.clinical
+
+import com.mosenioring.common.BaseEntity
+import jakarta.persistence.Column
+import jakarta.persistence.Entity
+import jakarta.persistence.Id
+import jakarta.persistence.Table
+
+@Entity
+@Table(name = "medication_plans")
+class MedicationPlan(
+    @Id
+    @Column(name = "id")
+    val id: String,
+
+    @Column(name = "patient_id", nullable = false)
+    val patientId: String,
+
+    @Column(name = "description", nullable = false)
+    val description: String
+) : BaseEntity()
diff --git a/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/TestOrder.kt b/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/TestOrder.kt
new file mode 100644
index 0000000..97263c1
--- /dev/null
+++ b/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/TestOrder.kt
@@ -0,0 +1,24 @@
+package com.mosenioring.clinical
+
+import com.mosenioring.common.BaseEntity
+import jakarta.persistence.Column
+import jakarta.persistence.Entity
+import jakarta.persistence.Id
+import jakarta.persistence.Table
+
+@Entity
+@Table(name = "tests")
+class TestOrder(
+    @Id
+    @Column(name = "id")
+    val id: String,
+
+    @Column(name = "patient_id", nullable = false)
+    val patientId: String,
+
+    @Column(name = "test_name", nullable = false)
+    val testName: String,
+
+    @Column(name = "status", nullable = false)
+    val status: String
+) : BaseEntity()
diff --git a/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/api/ClinicalController.kt b/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/api/ClinicalController.kt
new file mode 100644
index 0000000..8691e44
--- /dev/null
+++ b/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/api/ClinicalController.kt
@@ -0,0 +1,45 @@
+package com.mosenioring.clinical.api
+
+import com.mosenioring.clinical.service.MedicationPlanService
+import com.mosenioring.clinical.service.TestOrderService
+import jakarta.validation.Valid
+import jakarta.validation.constraints.NotBlank
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.*
+
+@RestController
+@RequestMapping("/api/v1")
+class ClinicalController(
+    private val medicationPlanService: MedicationPlanService,
+    private val testOrderService: TestOrderService
+) {
+    @PostMapping("/patients/{id}/medications")
+    fun createMedicationPlan(
+        @PathVariable id: String,
+        @Valid @RequestBody request: CreateMedicationPlanRequest
+    ): ResponseEntity<MedicationPlanResponse> {
+        val plan = medicationPlanService.createMedicationPlan(id, request.description)
+        return ResponseEntity.ok(MedicationPlanResponse(plan.id, plan.patientId, plan.description))
+    }
+
+    @PostMapping("/patients/{id}/tests")
+    fun createTestOrder(
+        @PathVariable id: String,
+        @Valid @RequestBody request: CreateTestOrderRequest
+    ): ResponseEntity<TestOrderResponse> {
+        val order = testOrderService.createTestOrder(id, request.testName)
+        return ResponseEntity.ok(TestOrderResponse(order.id, order.patientId, order.testName, order.status))
+    }
+}
+
+data class CreateMedicationPlanRequest(
+    @field:NotBlank val description: String
+)
+
+data class CreateTestOrderRequest(
+    @field:NotBlank val testName: String
+)
+
+data class MedicationPlanResponse(val id: String, val patientId: String, val description: String)
+
+data class TestOrderResponse(val id: String, val patientId: String, val testName: String, val status: String)
diff --git a/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/repo/ClinicalRepositories.kt b/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/repo/ClinicalRepositories.kt
new file mode 100644
index 0000000..0e214c4
--- /dev/null
+++ b/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/repo/ClinicalRepositories.kt
@@ -0,0 +1,13 @@
+package com.mosenioring.clinical.repo
+
+import com.mosenioring.clinical.MedicationPlan
+import com.mosenioring.clinical.TestOrder
+import org.springframework.data.jpa.repository.JpaRepository
+
+interface MedicationPlanRepository : JpaRepository<MedicationPlan, String> {
+    fun findByIdAndTenantId(id: String, tenantId: String): MedicationPlan?
+}
+
+interface TestOrderRepository : JpaRepository<TestOrder, String> {
+    fun findByIdAndTenantId(id: String, tenantId: String): TestOrder?
+}
diff --git a/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/service/ClinicalServices.kt b/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/service/ClinicalServices.kt
new file mode 100644
index 0000000..b405c14
--- /dev/null
+++ b/back001/modules/clinical/src/main/kotlin/com/mosenioring/clinical/service/ClinicalServices.kt
@@ -0,0 +1,64 @@
+package com.mosenioring.clinical.service
+
+import com.mosenioring.audit.service.AuditService
+import com.mosenioring.clinical.MedicationPlan
+import com.mosenioring.clinical.TestOrder
+import com.mosenioring.clinical.repo.MedicationPlanRepository
+import com.mosenioring.clinical.repo.TestOrderRepository
+import com.mosenioring.common.Events
+import com.mosenioring.common.outbox.OutboxService
+import com.mosenioring.common.security.PatientAccess
+import com.mosenioring.common.security.SecurityUtils
+import com.mosenioring.common.tenant.TenantContext
+import org.springframework.security.access.prepost.PreAuthorize
+import org.springframework.stereotype.Service
+import org.springframework.transaction.annotation.Transactional
+import java.util.UUID
+
+@Service
+class MedicationPlanService(
+    private val repository: MedicationPlanRepository,
+    private val outboxService: OutboxService,
+    private val auditService: AuditService
+) {
+    @Transactional
+    @PatientAccess
+    fun createMedicationPlan(patientId: String, description: String): MedicationPlan {
+        val tenantId = TenantContext.getTenantId() ?: throw IllegalStateException("Missing tenant")
+        val plan = MedicationPlan(UUID.randomUUID().toString(), patientId, description)
+        plan.tenantId = tenantId
+        plan.createdBy = SecurityUtils.currentUserId()
+        plan.updatedBy = SecurityUtils.currentUserId()
+        val saved = repository.save(plan)
+        outboxService.enqueue(
+            Events.MEDICATION_PLAN_CREATED,
+            mapOf(
+                "eventId" to UUID.randomUUID().toString(),
+                "tenantId" to tenantId,
+                "patientId" to patientId,
+                "medicationPlanId" to saved.id
+            )
+        )
+        auditService.record("MEDICATION_PLAN_CREATED", "medication_plan", saved.id, patientId)
+        return saved
+    }
+}
+
+@Service
+class TestOrderService(
+    private val repository: TestOrderRepository,
+    private val auditService: AuditService
+) {
+    @Transactional
+    @PatientAccess
+    fun createTestOrder(patientId: String, testName: String): TestOrder {
+        val tenantId = TenantContext.getTenantId() ?: throw IllegalStateException("Missing tenant")
+        val order = TestOrder(UUID.randomUUID().toString(), patientId, testName, "ORDERED")
+        order.tenantId = tenantId
+        order.createdBy = SecurityUtils.currentUserId()
+        order.updatedBy = SecurityUtils.currentUserId()
+        val saved = repository.save(order)
+        auditService.record("TEST_ORDER_CREATED", "test", saved.id, patientId)
+        return saved
+    }
+}
diff --git a/back001/modules/identity/build.gradle.kts b/back001/modules/identity/build.gradle.kts
new file mode 100644
index 0000000..22ead93
--- /dev/null
+++ b/back001/modules/identity/build.gradle.kts
@@ -0,0 +1,14 @@
+plugins {
+    kotlin("jvm")
+    kotlin("plugin.spring")
+    kotlin("plugin.jpa")
+    id("io.spring.dependency-management")
+    id("java-library")
+}
+
+dependencies {
+    api(project(":common"))
+    implementation(project(":modules:audit"))
+    implementation("org.springframework.boot:spring-boot-starter-data-jpa")
+    implementation("org.springframework.boot:spring-boot-starter-validation")
+}
diff --git a/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/Patient.kt b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/Patient.kt
new file mode 100644
index 0000000..451dee0
--- /dev/null
+++ b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/Patient.kt
@@ -0,0 +1,18 @@
+package com.mosenioring.identity
+
+import com.mosenioring.common.BaseEntity
+import jakarta.persistence.Column
+import jakarta.persistence.Entity
+import jakarta.persistence.Id
+import jakarta.persistence.Table
+
+@Entity
+@Table(name = "patients")
+class Patient(
+    @Id
+    @Column(name = "id")
+    val id: String,
+
+    @Column(name = "full_name", nullable = false)
+    val fullName: String
+) : BaseEntity()
diff --git a/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/PatientCaregiver.kt b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/PatientCaregiver.kt
new file mode 100644
index 0000000..4a8c207
--- /dev/null
+++ b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/PatientCaregiver.kt
@@ -0,0 +1,21 @@
+package com.mosenioring.identity
+
+import com.mosenioring.common.BaseEntity
+import jakarta.persistence.Column
+import jakarta.persistence.Entity
+import jakarta.persistence.Id
+import jakarta.persistence.Table
+
+@Entity
+@Table(name = "patient_caregivers")
+class PatientCaregiver(
+    @Id
+    @Column(name = "id")
+    val id: String,
+
+    @Column(name = "patient_id", nullable = false)
+    val patientId: String,
+
+    @Column(name = "user_id", nullable = false)
+    val userId: String
+) : BaseEntity()
diff --git a/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/PatientDoctor.kt b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/PatientDoctor.kt
new file mode 100644
index 0000000..a916eae
--- /dev/null
+++ b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/PatientDoctor.kt
@@ -0,0 +1,21 @@
+package com.mosenioring.identity
+
+import com.mosenioring.common.BaseEntity
+import jakarta.persistence.Column
+import jakarta.persistence.Entity
+import jakarta.persistence.Id
+import jakarta.persistence.Table
+
+@Entity
+@Table(name = "patient_doctors")
+class PatientDoctor(
+    @Id
+    @Column(name = "id")
+    val id: String,
+
+    @Column(name = "patient_id", nullable = false)
+    val patientId: String,
+
+    @Column(name = "user_id", nullable = false)
+    val userId: String
+) : BaseEntity()
diff --git a/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/Tenant.kt b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/Tenant.kt
new file mode 100644
index 0000000..a9a1c33
--- /dev/null
+++ b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/Tenant.kt
@@ -0,0 +1,18 @@
+package com.mosenioring.identity
+
+import com.mosenioring.common.BaseEntity
+import jakarta.persistence.Column
+import jakarta.persistence.Entity
+import jakarta.persistence.Id
+import jakarta.persistence.Table
+
+@Entity
+@Table(name = "tenants")
+class Tenant(
+    @Id
+    @Column(name = "id")
+    val id: String,
+
+    @Column(name = "name", nullable = false)
+    val name: String
+) : BaseEntity()
diff --git a/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/User.kt b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/User.kt
new file mode 100644
index 0000000..6f19e19
--- /dev/null
+++ b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/User.kt
@@ -0,0 +1,24 @@
+package com.mosenioring.identity
+
+import com.mosenioring.common.BaseEntity
+import jakarta.persistence.Column
+import jakarta.persistence.Entity
+import jakarta.persistence.Id
+import jakarta.persistence.Table
+
+@Entity
+@Table(name = "users")
+class User(
+    @Id
+    @Column(name = "id")
+    val id: String,
+
+    @Column(name = "email", nullable = false)
+    val email: String,
+
+    @Column(name = "role", nullable = false)
+    val role: String,
+
+    @Column(name = "status", nullable = false)
+    val status: String
+) : BaseEntity()
diff --git a/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/api/IdentityController.kt b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/api/IdentityController.kt
new file mode 100644
index 0000000..994a342
--- /dev/null
+++ b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/api/IdentityController.kt
@@ -0,0 +1,70 @@
+package com.mosenioring.identity.api
+
+import com.mosenioring.identity.service.PatientService
+import com.mosenioring.identity.service.TenantService
+import com.mosenioring.identity.service.UserService
+import jakarta.validation.Valid
+import jakarta.validation.constraints.Email
+import jakarta.validation.constraints.NotBlank
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.*
+
+@RestController
+@RequestMapping("/api/v1")
+class IdentityController(
+    private val tenantService: TenantService,
+    private val userService: UserService,
+    private val patientService: PatientService
+) {
+
+    @PostMapping("/tenants")
+    fun createTenant(@Valid @RequestBody request: CreateTenantRequest): ResponseEntity<TenantResponse> {
+        val tenant = tenantService.createTenant(request.name)
+        return ResponseEntity.ok(TenantResponse(tenant.id, tenant.name))
+    }
+
+    @PostMapping("/users/invite")
+    fun inviteUser(@Valid @RequestBody request: InviteUserRequest): ResponseEntity<UserResponse> {
+        val user = userService.inviteUser(request.email, request.role)
+        return ResponseEntity.ok(UserResponse(user.id, user.email, user.role, user.status))
+    }
+
+    @PostMapping("/patients")
+    fun createPatient(@Valid @RequestBody request: CreatePatientRequest): ResponseEntity<PatientResponse> {
+        val patient = patientService.createPatient(request.fullName)
+        return ResponseEntity.ok(PatientResponse(patient.id, patient.fullName))
+    }
+
+    @PostMapping("/patients/{id}/caregivers/{userId}")
+    fun linkCaregiver(@PathVariable id: String, @PathVariable userId: String): ResponseEntity<LinkResponse> {
+        val link = patientService.linkCaregiver(id, userId)
+        return ResponseEntity.ok(LinkResponse(link.id, link.patientId, link.userId))
+    }
+
+    @PostMapping("/patients/{id}/doctors/{userId}")
+    fun linkDoctor(@PathVariable id: String, @PathVariable userId: String): ResponseEntity<LinkResponse> {
+        val link = patientService.linkDoctor(id, userId)
+        return ResponseEntity.ok(LinkResponse(link.id, link.patientId, link.userId))
+    }
+}
+
+data class CreateTenantRequest(
+    @field:NotBlank val name: String
+)
+
+data class InviteUserRequest(
+    @field:Email val email: String,
+    @field:NotBlank val role: String
+)
+
+data class CreatePatientRequest(
+    @field:NotBlank val fullName: String
+)
+
+data class TenantResponse(val id: String, val name: String)
+
+data class UserResponse(val id: String, val email: String, val role: String, val status: String)
+
+data class PatientResponse(val id: String, val fullName: String)
+
+data class LinkResponse(val id: String, val patientId: String, val userId: String)
diff --git a/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/repo/IdentityRepositories.kt b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/repo/IdentityRepositories.kt
new file mode 100644
index 0000000..75441a6
--- /dev/null
+++ b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/repo/IdentityRepositories.kt
@@ -0,0 +1,22 @@
+package com.mosenioring.identity.repo
+
+import com.mosenioring.identity.*
+import org.springframework.data.jpa.repository.JpaRepository
+
+interface TenantRepository : JpaRepository<Tenant, String>
+
+interface UserRepository : JpaRepository<User, String> {
+    fun findByIdAndTenantId(id: String, tenantId: String): User?
+}
+
+interface PatientRepository : JpaRepository<Patient, String> {
+    fun findByIdAndTenantId(id: String, tenantId: String): Patient?
+}
+
+interface PatientCaregiverRepository : JpaRepository<PatientCaregiver, String> {
+    fun existsByTenantIdAndPatientIdAndUserId(tenantId: String, patientId: String, userId: String): Boolean
+}
+
+interface PatientDoctorRepository : JpaRepository<PatientDoctor, String> {
+    fun existsByTenantIdAndPatientIdAndUserId(tenantId: String, patientId: String, userId: String): Boolean
+}
diff --git a/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/repo/PatientRelationshipRepositoryImpl.kt b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/repo/PatientRelationshipRepositoryImpl.kt
new file mode 100644
index 0000000..0b8db89
--- /dev/null
+++ b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/repo/PatientRelationshipRepositoryImpl.kt
@@ -0,0 +1,16 @@
+package com.mosenioring.identity.repo
+
+import com.mosenioring.common.security.PatientRelationshipRepository
+import org.springframework.stereotype.Repository
+
+@Repository
+class PatientRelationshipRepositoryImpl(
+    private val caregiverRepository: PatientCaregiverRepository,
+    private val doctorRepository: PatientDoctorRepository
+) : PatientRelationshipRepository {
+    override fun isCaregiverOf(tenantId: String, patientId: String, userId: String): Boolean =
+        caregiverRepository.existsByTenantIdAndPatientIdAndUserId(tenantId, patientId, userId)
+
+    override fun isDoctorOf(tenantId: String, patientId: String, userId: String): Boolean =
+        doctorRepository.existsByTenantIdAndPatientIdAndUserId(tenantId, patientId, userId)
+}
diff --git a/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/service/IdentityServices.kt b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/service/IdentityServices.kt
new file mode 100644
index 0000000..b970eac
--- /dev/null
+++ b/back001/modules/identity/src/main/kotlin/com/mosenioring/identity/service/IdentityServices.kt
@@ -0,0 +1,97 @@
+package com.mosenioring.identity.service
+
+import com.mosenioring.audit.service.AuditService
+import com.mosenioring.common.security.SecurityUtils
+import com.mosenioring.common.tenant.TenantContext
+import com.mosenioring.identity.*
+import com.mosenioring.identity.repo.*
+import org.springframework.security.access.prepost.PreAuthorize
+import org.springframework.stereotype.Service
+import org.springframework.transaction.annotation.Transactional
+import java.util.UUID
+
+@Service
+class TenantService(
+    private val tenantRepository: TenantRepository,
+    private val auditService: AuditService
+) {
+    @Transactional
+    @PreAuthorize("hasRole('ADMIN')")
+    fun createTenant(name: String): Tenant {
+        val tenant = Tenant(UUID.randomUUID().toString(), name)
+        tenant.tenantId = tenant.id
+        tenant.createdBy = SecurityUtils.currentUserId()
+        tenant.updatedBy = SecurityUtils.currentUserId()
+        val saved = tenantRepository.save(tenant)
+        auditService.record("TENANT_CREATED", "tenant", saved.id, null)
+        return saved
+    }
+}
+
+@Service
+class UserService(
+    private val userRepository: UserRepository,
+    private val auditService: AuditService
+) {
+    @Transactional
+    @PreAuthorize("hasRole('ADMIN')")
+    fun inviteUser(email: String, role: String): User {
+        val tenantId = TenantContext.getTenantId() ?: throw IllegalStateException("Missing tenant")
+        val user = User(UUID.randomUUID().toString(), email, role, "INVITED")
+        user.tenantId = tenantId
+        user.createdBy = SecurityUtils.currentUserId()
+        user.updatedBy = SecurityUtils.currentUserId()
+        val saved = userRepository.save(user)
+        auditService.record("USER_INVITED", "user", saved.id, null)
+        return saved
+    }
+}
+
+@Service
+class PatientService(
+    private val patientRepository: PatientRepository,
+    private val caregiverRepository: PatientCaregiverRepository,
+    private val doctorRepository: PatientDoctorRepository,
+    private val auditService: AuditService
+) {
+    @Transactional
+    @PreAuthorize("hasAnyRole('ADMIN','DOCTOR','CAREGIVER')")
+    fun createPatient(fullName: String): Patient {
+        val tenantId = TenantContext.getTenantId() ?: throw IllegalStateException("Missing tenant")
+        val patient = Patient(UUID.randomUUID().toString(), fullName)
+        patient.tenantId = tenantId
+        patient.createdBy = SecurityUtils.currentUserId()
+        patient.updatedBy = SecurityUtils.currentUserId()
+        val saved = patientRepository.save(patient)
+        auditService.record("PATIENT_CREATED", "patient", saved.id, saved.id)
+        return saved
+    }
+
+    @Transactional
+    @PreAuthorize("hasRole('ADMIN')")
+    fun linkCaregiver(patientId: String, userId: String): PatientCaregiver {
+        val tenantId = TenantContext.getTenantId() ?: throw IllegalStateException("Missing tenant")
+        patientRepository.findByIdAndTenantId(patientId, tenantId) ?: throw IllegalArgumentException("Patient not found")
+        val link = PatientCaregiver(UUID.randomUUID().toString(), patientId, userId)
+        link.tenantId = tenantId
+        link.createdBy = SecurityUtils.currentUserId()
+        link.updatedBy = SecurityUtils.currentUserId()
+        val saved = caregiverRepository.save(link)
+        auditService.record("CARE_GIVER_LINKED", "patient_caregiver", saved.id, patientId)
+        return saved
+    }
+
+    @Transactional
+    @PreAuthorize("hasRole('ADMIN')")
+    fun linkDoctor(patientId: String, userId: String): PatientDoctor {
+        val tenantId = TenantContext.getTenantId() ?: throw IllegalStateException("Missing tenant")
+        patientRepository.findByIdAndTenantId(patientId, tenantId) ?: throw IllegalArgumentException("Patient not found")
+        val link = PatientDoctor(UUID.randomUUID().toString(), patientId, userId)
+        link.tenantId = tenantId
+        link.createdBy = SecurityUtils.currentUserId()
+        link.updatedBy = SecurityUtils.currentUserId()
+        val saved = doctorRepository.save(link)
+        auditService.record("DOCTOR_LINKED", "patient_doctor", saved.id, patientId)
+        return saved
+    }
+}
diff --git a/back001/modules/integrations/build.gradle.kts b/back001/modules/integrations/build.gradle.kts
new file mode 100644
index 0000000..43c81ef
--- /dev/null
+++ b/back001/modules/integrations/build.gradle.kts
@@ -0,0 +1,13 @@
+plugins {
+    kotlin("jvm")
+    kotlin("plugin.spring")
+    kotlin("plugin.jpa")
+    id("io.spring.dependency-management")
+    id("java-library")
+}
+
+dependencies {
+    api(project(":common"))
+    implementation("org.springframework.boot:spring-boot-starter-data-jpa")
+    implementation("software.amazon.awssdk:s3:2.25.63")
+}
diff --git a/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/FileMetadata.kt b/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/FileMetadata.kt
new file mode 100644
index 0000000..8bf3d78
--- /dev/null
+++ b/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/FileMetadata.kt
@@ -0,0 +1,27 @@
+package com.mosenioring.integrations
+
+import com.mosenioring.common.BaseEntity
+import jakarta.persistence.Column
+import jakarta.persistence.Entity
+import jakarta.persistence.Id
+import jakarta.persistence.Table
+
+@Entity
+@Table(name = "files")
+class FileMetadata(
+    @Id
+    @Column(name = "id")
+    val id: String,
+
+    @Column(name = "patient_id")
+    val patientId: String?,
+
+    @Column(name = "file_name", nullable = false)
+    val fileName: String,
+
+    @Column(name = "content_type", nullable = false)
+    val contentType: String,
+
+    @Column(name = "storage_key", nullable = false)
+    val storageKey: String
+) : BaseEntity()
diff --git a/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/api/FilesController.kt b/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/api/FilesController.kt
new file mode 100644
index 0000000..4792d95
--- /dev/null
+++ b/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/api/FilesController.kt
@@ -0,0 +1,32 @@
+package com.mosenioring.integrations.api
+
+import com.mosenioring.integrations.service.FileService
+import com.mosenioring.integrations.service.PresignResponse
+import jakarta.validation.Valid
+import jakarta.validation.constraints.NotBlank
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.*
+
+@RestController
+@RequestMapping("/api/v1")
+class FilesController(
+    private val fileService: FileService
+) {
+    @PostMapping("/files/presign-upload")
+    fun presignUpload(@Valid @RequestBody request: PresignUploadRequest): ResponseEntity<PresignResponse> {
+        val response = fileService.presignUpload(request.fileName, request.contentType, request.patientId)
+        return ResponseEntity.ok(response)
+    }
+
+    @GetMapping("/files/{fileId}/presign-download")
+    fun presignDownload(@PathVariable fileId: String): ResponseEntity<PresignResponse> {
+        val response = fileService.presignDownload(fileId)
+        return ResponseEntity.ok(response)
+    }
+}
+
+data class PresignUploadRequest(
+    @field:NotBlank val fileName: String,
+    @field:NotBlank val contentType: String,
+    val patientId: String?
+)
diff --git a/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/repo/FileRepository.kt b/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/repo/FileRepository.kt
new file mode 100644
index 0000000..0940f99
--- /dev/null
+++ b/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/repo/FileRepository.kt
@@ -0,0 +1,8 @@
+package com.mosenioring.integrations.repo
+
+import com.mosenioring.integrations.FileMetadata
+import org.springframework.data.jpa.repository.JpaRepository
+
+interface FileRepository : JpaRepository<FileMetadata, String> {
+    fun findByIdAndTenantId(id: String, tenantId: String): FileMetadata?
+}
diff --git a/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/service/FhirGateway.kt b/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/service/FhirGateway.kt
new file mode 100644
index 0000000..c1d97cb
--- /dev/null
+++ b/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/service/FhirGateway.kt
@@ -0,0 +1,10 @@
+package com.mosenioring.integrations.service
+
+import org.springframework.stereotype.Service
+
+@Service
+class FhirGateway {
+    fun submitObservation(payload: String): String {
+        return "stub-${payload.hashCode()}"
+    }
+}
diff --git a/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/service/FileService.kt b/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/service/FileService.kt
new file mode 100644
index 0000000..daf5138
--- /dev/null
+++ b/back001/modules/integrations/src/main/kotlin/com/mosenioring/integrations/service/FileService.kt
@@ -0,0 +1,90 @@
+package com.mosenioring.integrations.service
+
+import com.mosenioring.common.security.SecurityUtils
+import com.mosenioring.common.tenant.TenantContext
+import com.mosenioring.integrations.FileMetadata
+import com.mosenioring.integrations.repo.FileRepository
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.stereotype.Service
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider
+import software.amazon.awssdk.regions.Region
+import software.amazon.awssdk.services.s3.S3Configuration
+import software.amazon.awssdk.services.s3.presigner.S3Presigner
+import software.amazon.awssdk.services.s3.presigner.model.GetObjectPresignRequest
+import software.amazon.awssdk.services.s3.presigner.model.PutObjectPresignRequest
+import software.amazon.awssdk.services.s3.model.GetObjectRequest
+import software.amazon.awssdk.services.s3.model.PutObjectRequest
+import java.net.URI
+import java.time.Duration
+import java.util.UUID
+
+@Service
+class FileService(
+    private val repository: FileRepository,
+    @Value("\${storage.s3.endpoint}") private val endpoint: String,
+    @Value("\${storage.s3.region}") private val region: String,
+    @Value("\${storage.s3.access-key}") private val accessKey: String,
+    @Value("\${storage.s3.secret-key}") private val secretKey: String,
+    @Value("\${storage.s3.bucket}") private val bucket: String
+) {
+    private fun presigner(): S3Presigner {
+        val creds = AwsBasicCredentials.create(accessKey, secretKey)
+        return S3Presigner.builder()
+            .endpointOverride(URI.create(endpoint))
+            .region(Region.of(region))
+            .credentialsProvider(StaticCredentialsProvider.create(creds))
+            .serviceConfiguration(S3Configuration.builder().pathStyleAccessEnabled(true).build())
+            .build()
+    }
+
+    fun presignUpload(fileName: String, contentType: String, patientId: String?): PresignResponse {
+        val tenantId = TenantContext.getTenantId() ?: throw IllegalStateException("Missing tenant")
+        val fileId = UUID.randomUUID().toString()
+        val storageKey = "$tenantId/$fileId/$fileName"
+        val metadata = FileMetadata(fileId, patientId, fileName, contentType, storageKey)
+        metadata.tenantId = tenantId
+        metadata.createdBy = SecurityUtils.currentUserId()
+        metadata.updatedBy = SecurityUtils.currentUserId()
+        repository.save(metadata)
+
+        val presigner = presigner()
+        try {
+            val request = PutObjectRequest.builder()
+                .bucket(bucket)
+                .key(storageKey)
+                .contentType(contentType)
+                .build()
+            val presignRequest = PutObjectPresignRequest.builder()
+                .signatureDuration(Duration.ofMinutes(15))
+                .putObjectRequest(request)
+                .build()
+            val presigned = presigner.presignPutObject(presignRequest)
+            return PresignResponse(fileId, presigned.url().toString())
+        } finally {
+            presigner.close()
+        }
+    }
+
+    fun presignDownload(fileId: String): PresignResponse {
+        val tenantId = TenantContext.getTenantId() ?: throw IllegalStateException("Missing tenant")
+        val metadata = repository.findByIdAndTenantId(fileId, tenantId) ?: throw IllegalArgumentException("File not found")
+        val presigner = presigner()
+        try {
+            val request = GetObjectRequest.builder()
+                .bucket(bucket)
+                .key(metadata.storageKey)
+                .build()
+            val presignRequest = GetObjectPresignRequest.builder()
+                .signatureDuration(Duration.ofMinutes(15))
+                .getObjectRequest(request)
+                .build()
+            val presigned = presigner.presignGetObject(presignRequest)
+            return PresignResponse(metadata.id, presigned.url().toString())
+        } finally {
+            presigner.close()
+        }
+    }
+}
+
+data class PresignResponse(val fileId: String, val url: String)
diff --git a/back001/modules/messaging/build.gradle.kts b/back001/modules/messaging/build.gradle.kts
new file mode 100644
index 0000000..22ead93
--- /dev/null
+++ b/back001/modules/messaging/build.gradle.kts
@@ -0,0 +1,14 @@
+plugins {
+    kotlin("jvm")
+    kotlin("plugin.spring")
+    kotlin("plugin.jpa")
+    id("io.spring.dependency-management")
+    id("java-library")
+}
+
+dependencies {
+    api(project(":common"))
+    implementation(project(":modules:audit"))
+    implementation("org.springframework.boot:spring-boot-starter-data-jpa")
+    implementation("org.springframework.boot:spring-boot-starter-validation")
+}
diff --git a/back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/Message.kt b/back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/Message.kt
new file mode 100644
index 0000000..a603fe9
--- /dev/null
+++ b/back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/Message.kt
@@ -0,0 +1,24 @@
+package com.mosenioring.messaging
+
+import com.mosenioring.common.BaseEntity
+import jakarta.persistence.Column
+import jakarta.persistence.Entity
+import jakarta.persistence.Id
+import jakarta.persistence.Table
+
+@Entity
+@Table(name = "messages")
+class Message(
+    @Id
+    @Column(name = "id")
+    val id: String,
+
+    @Column(name = "patient_id", nullable = false)
+    val patientId: String,
+
+    @Column(name = "sender_id", nullable = false)
+    val senderId: String,
+
+    @Column(name = "body", nullable = false)
+    val body: String
+) : BaseEntity()
diff --git a/back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/api/MessagingController.kt b/back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/api/MessagingController.kt
new file mode 100644
index 0000000..66e2e6d
--- /dev/null
+++ b/back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/api/MessagingController.kt
@@ -0,0 +1,28 @@
+package com.mosenioring.messaging.api
+
+import com.mosenioring.messaging.service.MessageService
+import jakarta.validation.Valid
+import jakarta.validation.constraints.NotBlank
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.*
+
+@RestController
+@RequestMapping("/api/v1")
+class MessagingController(
+    private val messageService: MessageService
+) {
+    @PostMapping("/patients/{id}/messages")
+    fun addMessage(
+        @PathVariable id: String,
+        @Valid @RequestBody request: AddMessageRequest
+    ): ResponseEntity<MessageResponse> {
+        val message = messageService.addMessage(id, request.body)
+        return ResponseEntity.ok(MessageResponse(message.id, message.patientId, message.senderId, message.body))
+    }
+}
+
+data class AddMessageRequest(
+    @field:NotBlank val body: String
+)
+
+data class MessageResponse(val id: String, val patientId: String, val senderId: String, val body: String)
diff --git a/back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/repo/MessageRepository.kt b/back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/repo/MessageRepository.kt
new file mode 100644
index 0000000..91a3d2c
--- /dev/null
+++ b/back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/repo/MessageRepository.kt
@@ -0,0 +1,6 @@
+package com.mosenioring.messaging.repo
+
+import com.mosenioring.messaging.Message
+import org.springframework.data.jpa.repository.JpaRepository
+
+interface MessageRepository : JpaRepository<Message, String>
diff --git a/back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/service/MessageService.kt b/back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/service/MessageService.kt
new file mode 100644
index 0000000..92bdb12
--- /dev/null
+++ b/back001/modules/messaging/src/main/kotlin/com/mosenioring/messaging/service/MessageService.kt
@@ -0,0 +1,31 @@
+package com.mosenioring.messaging.service
+
+import com.mosenioring.audit.service.AuditService
+import com.mosenioring.common.security.PatientAccess
+import com.mosenioring.common.security.SecurityUtils
+import com.mosenioring.common.tenant.TenantContext
+import com.mosenioring.messaging.Message
+import com.mosenioring.messaging.repo.MessageRepository
+import org.springframework.stereotype.Service
+import org.springframework.transaction.annotation.Transactional
+import java.util.UUID
+
+@Service
+class MessageService(
+    private val repository: MessageRepository,
+    private val auditService: AuditService
+) {
+    @Transactional
+    @PatientAccess
+    fun addMessage(patientId: String, body: String): Message {
+        val tenantId = TenantContext.getTenantId() ?: throw IllegalStateException("Missing tenant")
+        val senderId = SecurityUtils.currentUserId() ?: throw IllegalStateException("Missing user")
+        val message = Message(UUID.randomUUID().toString(), patientId, senderId, body)
+        message.tenantId = tenantId
+        message.createdBy = senderId
+        message.updatedBy = senderId
+        val saved = repository.save(message)
+        auditService.record("MESSAGE_ADDED", "message", saved.id, patientId)
+        return saved
+    }
+}
diff --git a/back001/modules/notifications/build.gradle.kts b/back001/modules/notifications/build.gradle.kts
new file mode 100644
index 0000000..688b5f1
--- /dev/null
+++ b/back001/modules/notifications/build.gradle.kts
@@ -0,0 +1,13 @@
+plugins {
+    kotlin("jvm")
+    kotlin("plugin.spring")
+    kotlin("plugin.jpa")
+    id("io.spring.dependency-management")
+    id("java-library")
+}
+
+dependencies {
+    api(project(":common"))
+    implementation("org.springframework.boot:spring-boot-starter-data-jpa")
+    implementation("org.springframework.boot:spring-boot-starter-amqp")
+}
diff --git a/back001/modules/notifications/src/main/kotlin/com/mosenioring/notifications/api/NotificationsController.kt b/back001/modules/notifications/src/main/kotlin/com/mosenioring/notifications/api/NotificationsController.kt
new file mode 100644
index 0000000..e0a9694
--- /dev/null
+++ b/back001/modules/notifications/src/main/kotlin/com/mosenioring/notifications/api/NotificationsController.kt
@@ -0,0 +1,25 @@
+package com.mosenioring.notifications.api
+
+import com.mosenioring.notifications.service.NotificationService
+import jakarta.validation.Valid
+import jakarta.validation.constraints.NotBlank
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.*
+
+@RestController
+@RequestMapping("/api/v1")
+class NotificationsController(
+    private val notificationService: NotificationService
+) {
+    @PostMapping("/notifications/test")
+    fun enqueueTest(@Valid @RequestBody request: NotificationRequest): ResponseEntity<NotificationResponse> {
+        val eventId = notificationService.enqueueTestNotification(request.message)
+        return ResponseEntity.ok(NotificationResponse(eventId))
+    }
+}
+
+data class NotificationRequest(
+    @field:NotBlank val message: String
+)
+
+data class NotificationResponse(val eventId: String)
diff --git a/back001/modules/notifications/src/main/kotlin/com/mosenioring/notifications/service/NotificationService.kt b/back001/modules/notifications/src/main/kotlin/com/mosenioring/notifications/service/NotificationService.kt
new file mode 100644
index 0000000..ee1463a
--- /dev/null
+++ b/back001/modules/notifications/src/main/kotlin/com/mosenioring/notifications/service/NotificationService.kt
@@ -0,0 +1,30 @@
+package com.mosenioring.notifications.service
+
+import com.mosenioring.common.Events
+import com.mosenioring.common.outbox.OutboxService
+import com.mosenioring.common.security.SecurityUtils
+import com.mosenioring.common.tenant.TenantContext
+import org.springframework.stereotype.Service
+import org.springframework.transaction.annotation.Transactional
+import java.util.UUID
+
+@Service
+class NotificationService(
+    private val outboxService: OutboxService
+) {
+    @Transactional
+    fun enqueueTestNotification(message: String): String {
+        val tenantId = TenantContext.getTenantId() ?: throw IllegalStateException("Missing tenant")
+        val eventId = UUID.randomUUID().toString()
+        outboxService.enqueue(
+            Events.NOTIFICATION_REQUESTED,
+            mapOf(
+                "eventId" to eventId,
+                "tenantId" to tenantId,
+                "message" to message,
+                "requestedBy" to (SecurityUtils.currentUserId() ?: "unknown")
+            )
+        )
+        return eventId
+    }
+}
diff --git a/back001/requests.http b/back001/requests.http
new file mode 100644
index 0000000..5c2d6e6
--- /dev/null
+++ b/back001/requests.http
@@ -0,0 +1,55 @@
+### Local tenant setup (use local profile + headers)
+POST http://localhost:8080/api/v1/tenants
+X-Local-User: admin
+X-Local-Tenant: tenant-demo
+X-Local-Roles: ADMIN
+Content-Type: application/json
+
+{
+  "name": "Demo Tenant"
+}
+
+### Invite user
+POST http://localhost:8080/api/v1/users/invite
+X-Local-User: admin
+X-Local-Tenant: tenant-demo
+X-Local-Roles: ADMIN
+Content-Type: application/json
+
+{
+  "email": "doc@example.com",
+  "role": "DOCTOR"
+}
+
+### Create patient
+POST http://localhost:8080/api/v1/patients
+X-Local-User: admin
+X-Local-Tenant: tenant-demo
+X-Local-Roles: ADMIN
+Content-Type: application/json
+
+{
+  "fullName": "Jane Doe"
+}
+
+### Create medication plan
+POST http://localhost:8080/api/v1/patients/{patientId}/medications
+X-Local-User: admin
+X-Local-Tenant: tenant-demo
+X-Local-Roles: ADMIN
+Content-Type: application/json
+
+{
+  "description": "Take 5mg daily"
+}
+
+### Test notification
+POST http://localhost:8080/api/v1/notifications/test
+X-Local-User: admin
+X-Local-Tenant: tenant-demo
+X-Local-Roles: ADMIN
+Content-Type: application/json
+
+{
+  "message": "Test notification"
+}
diff --git a/back001/settings.gradle.kts b/back001/settings.gradle.kts
new file mode 100644
index 0000000..d9a5e9c
--- /dev/null
+++ b/back001/settings.gradle.kts
@@ -0,0 +1,13 @@
+rootProject.name = "mosenioring-backend"
+
+include(
+    ":app",
+    ":common",
+    ":modules:identity",
+    ":modules:clinical",
+    ":modules:messaging",
+    ":modules:notifications",
+    ":modules:audit",
+    ":modules:integrations",
+    ":workers:notification-worker"
+)
diff --git a/back001/workers/notification-worker/build.gradle.kts b/back001/workers/notification-worker/build.gradle.kts
new file mode 100644
index 0000000..d893875
--- /dev/null
+++ b/back001/workers/notification-worker/build.gradle.kts
@@ -0,0 +1,16 @@
+plugins {
+    kotlin("jvm")
+    kotlin("plugin.spring")
+    id("org.springframework.boot")
+    id("io.spring.dependency-management")
+}
+
+dependencies {
+    implementation(project(":common"))
+    implementation("org.springframework.boot:spring-boot-starter-amqp")
+    implementation("org.springframework.boot:spring-boot-starter-data-redis")
+    implementation("org.springframework.boot:spring-boot-starter-actuator")
+    implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
+
+    testImplementation("org.springframework.boot:spring-boot-starter-test")
+}
diff --git a/back001/workers/notification-worker/src/main/kotlin/com/mosenioring/worker/NotificationListener.kt b/back001/workers/notification-worker/src/main/kotlin/com/mosenioring/worker/NotificationListener.kt
new file mode 100644
index 0000000..68fa89b
--- /dev/null
+++ b/back001/workers/notification-worker/src/main/kotlin/com/mosenioring/worker/NotificationListener.kt
@@ -0,0 +1,41 @@
+package com.mosenioring.worker
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.mosenioring.common.Events
+import org.slf4j.LoggerFactory
+import org.springframework.amqp.rabbit.annotation.RabbitListener
+import org.springframework.amqp.rabbit.core.RabbitTemplate
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.data.redis.core.StringRedisTemplate
+import org.springframework.stereotype.Component
+import java.time.Duration
+
+@Component
+class NotificationListener(
+    private val redisTemplate: StringRedisTemplate,
+    private val rabbitTemplate: RabbitTemplate,
+    private val objectMapper: ObjectMapper,
+    @Value("\${app.idempotency.ttl-seconds:3600}") private val ttlSeconds: Long
+) {
+    private val logger = LoggerFactory.getLogger(javaClass)
+
+    @RabbitListener(queues = [Events.MEDICATION_QUEUE])
+    fun onMedicationPlanCreated(payload: String) {
+        val node = objectMapper.readTree(payload)
+        val eventId = node["eventId"]?.asText() ?: return
+        val idempotencyKey = "medication:$eventId"
+        val acquired = redisTemplate.opsForValue().setIfAbsent(idempotencyKey, "1", Duration.ofSeconds(ttlSeconds))
+        if (acquired != true) {
+            logger.info("Duplicate event ignored: {}", eventId)
+            return
+        }
+        val notificationPayload = mapOf(
+            "eventId" to eventId,
+            "tenantId" to node["tenantId"]?.asText(),
+            "patientId" to node["patientId"]?.asText(),
+            "message" to "Medication plan created"
+        )
+        rabbitTemplate.convertAndSend(Events.NOTIFICATION_EXCHANGE, Events.NOTIFICATION_REQUESTED, objectMapper.writeValueAsString(notificationPayload))
+        logger.info("Notification requested for medication plan event {}", eventId)
+    }
+}
diff --git a/back001/workers/notification-worker/src/main/kotlin/com/mosenioring/worker/NotificationWorkerApplication.kt b/back001/workers/notification-worker/src/main/kotlin/com/mosenioring/worker/NotificationWorkerApplication.kt
new file mode 100644
index 0000000..581ff48
--- /dev/null
+++ b/back001/workers/notification-worker/src/main/kotlin/com/mosenioring/worker/NotificationWorkerApplication.kt
@@ -0,0 +1,11 @@
+package com.mosenioring.worker
+
+import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.runApplication
+
+@SpringBootApplication(scanBasePackages = ["com.mosenioring"])
+class NotificationWorkerApplication
+
+fun main(args: Array<String>) {
+    runApplication<NotificationWorkerApplication>(*args)
+}
diff --git a/back001/workers/notification-worker/src/main/kotlin/com/mosenioring/worker/WorkerMessagingConfig.kt b/back001/workers/notification-worker/src/main/kotlin/com/mosenioring/worker/WorkerMessagingConfig.kt
new file mode 100644
index 0000000..df789be
--- /dev/null
+++ b/back001/workers/notification-worker/src/main/kotlin/com/mosenioring/worker/WorkerMessagingConfig.kt
@@ -0,0 +1,23 @@
+package com.mosenioring.worker
+
+import com.mosenioring.common.Events
+import org.springframework.amqp.core.Binding
+import org.springframework.amqp.core.BindingBuilder
+import org.springframework.amqp.core.DirectExchange
+import org.springframework.amqp.core.Queue
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+
+@Configuration
+class WorkerMessagingConfig {
+
+    @Bean
+    fun medicationExchange(): DirectExchange = DirectExchange(Events.MEDICATION_EXCHANGE)
+
+    @Bean
+    fun medicationQueue(): Queue = Queue(Events.MEDICATION_QUEUE, true)
+
+    @Bean
+    fun medicationBinding(medicationExchange: DirectExchange, medicationQueue: Queue): Binding =
+        BindingBuilder.bind(medicationQueue).to(medicationExchange).with(Events.MEDICATION_PLAN_CREATED)
+}
diff --git a/back001/workers/notification-worker/src/main/resources/application.yml b/back001/workers/notification-worker/src/main/resources/application.yml
new file mode 100644
index 0000000..0f788a4
--- /dev/null
+++ b/back001/workers/notification-worker/src/main/resources/application.yml
@@ -0,0 +1,30 @@
+spring:
+  application:
+    name: notification-worker
+  profiles:
+    active: worker
+  main:
+    web-application-type: none
+  autoconfigure:
+    exclude:
+      - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
+      - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+  rabbitmq:
+    host: localhost
+    port: 5672
+    username: guest
+    password: guest
+  data:
+    redis:
+      host: localhost
+      port: 6379
+
+app:
+  idempotency:
+    ttl-seconds: 3600
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health,info,prometheus