!MPG7QIgCQ&Ds;(L9ndbg}!!7*JS0|pMyw9exiys&hhnd
z`6BENMnu5O)EMin86@~F60V~FN`%Wn85NYz=#{IkgZ~niz;rqPEaUXKM>UO8|F0^Y
z`Zu}Mp!Q;;@M?oA2IgU=gGXadT2z-*^Zc#9b~IAm4CWw1xEiViN?GK8xh#}*IIu{F
zYA7yLfR44VnbjZVjr%%)c}%b5bbv0xOVxCAh${70WM4s5!Pey*M-v9^~MnoCtJ
zV>>bLo{c6oJ_9cE{=%@A*guqWgB6UT%+Z}jptR5)ORA-uZA))N7Ty<*Zae3A`7HwD
zj5$7){jHTx?MkIj%#QCTo>=6Z<|I_oSulax%_0A8X!|O>&Tp3AlO2i4AYs%k0Z_nT
zT`ci3j%UIts8GR%CbA^Ifib}CX}zo|SHrE|*?qfcG*G~IRpmlBe2$bm!)bBpV+H{h
zlH=x&nYCVBp}+z+L|mNlUicqOH9PVe;_ub)4@%!PQrdl*V4Gqu_}+`UNx*WTMJv!j
z+T8`EjY_^}7R~@AT7p#kBlqJjL49&9wPTKpI+y`MTaApmVUcy)u+?x!JbBv?uNFuB
zllMe;f$WQh<6u%?x3zY9v`s~~h2XqwIu8X8Lw67AmhZShJkUV7v1vxq
z#8-1vkS8r#DoU8Wq?S{x@~m#tbMx{;o0fs#h|eKfD#;*oz5g+^3qm&AOcr=y6ip2YqKuOb
zM%VQ}8=l%~m+>huG1-9S<4Ec`M7;g&cE`uduf+5|K+jh|_2Dw|Loekgo@ApSsnGh%
z^AVvEUag@shIxD#Gb4g3bgRuBX-BNoTd+4M2mX=n)^JIf~}Z|Ehd-k8E{G2tx2#-oyAWJtyxG{SJ3K9z_psS6@Z96A(f}&$PJG0>s3oO@qEPkW6M+^sv#8^6Y}=#{v5o7N
z(~>g`^@22WB<}|yTlSv~ZtQ=#HGVs~x6hp2#hiReoJn8fU5V&@2i;cQ;Y4;Tj^vbn
zY`XB>6Y8D#!Dj7Y;AG3DhEo>F;E}RCJrOKjmSf?(eV(v@UWkj;B
zEUX!^p${BacaQ#F2mJvKN^o;nHHPo3nf$t;FFvq5SsqfIg^)#JBmOLuwR1vohoV*=
z3Hb4-e&+?j!Dg4)n$fx2K7uvsMuq*9hi6R^H^~NnwOFdPGg3}AND0iWKA46{A5m*N
z$#CC1{9^oqE5nZnj7%BPP6=>V;k>|J%@2!mOU63e@6ebDL>#$KyR9#lUE8;dR2l3i0+HXIpA~koCH`{`9gVO&%`B~qxJM|
zz4@i|x_#N11(>~C^{tG+#+H)ChjJiG-WqGr?qhkDs#^YWtcmaSvPA589=bpV`tQL6
zrgx@l{5>J&=V=`%T6p?VODE0S#y`rA(;|2|=q!=;^*_K05Tco0*RCI;q8V|p&oC5z
zErr9UCE5}`7V|8^bBPeZ;{XP>JPM3fyvP!5u2SeOb=J7YGuCy#<*PTf0!&hPnpEq^ZVz{5=XOO-Az8j+dzvY{43J%J(t<8Legg`
zG*G^eVPzot?fSu?I4$HPnzgTMvV#mRel5zDGLm^XGe|=#5ch8KC!wxb-)$++#H8rV
z3t!FnSO~exQGeaToeIbuGd{mii<52vyfueO3wkIJ;#{lH`b{K
zPWe@oM`6sU)63h$)ZeW{qLXbahfZVWB$TUMEl98bx%gx;MH`da7v_)a0t5MKwhGm8tW@$H|aP`)YZdKF#2?
znEzRrM!-IeqD$SIlCeLqKD95G%l<++`GsrM=Z6E{Yrr!Gj7mrz=E^e}fjBQx_XrG;
zTllofOlbo=n$lyisqV6*uw9b*gPmjSfxz14(>mEpr|^Eh6=gi=FH92m+k=cado~Ez
zO=Li3Qub-L<~eRVxmvMqreLMYWbq(wZT4#|pdVgk$0~(ox?J
zOrHWibQI$j;nRug_$!5Ak;6lEI%WwwTPaM;kXTZc``dHwlD(ua4{hx)1%#L>qyj^#
zS*T){=F)A6Q#aBcp`tM-xpVopOJ`&2SHTW<2fWqi^)itZw}Y&9oIs%l9ACw-qNe1%
z5_+)&$p|}~2@5~5;Bgy}nNGSk9a2|4UL_gd%-rvbW-gml48>BWZ-@nxk%Cr}3W5pP
zWo}LLfu2*}6nrTi2lgrU(k{F3y%l`qX-3dM1E7d}SvQot+>{NE=c%hDl|^lcQi^^l
zHe!@I8JmMP=icIPrYra;s1jVq8u*LF(|)5nM|3iAw`5`glG=rz*egmR#+@0zEPaNt
z#Md@F-1ypL(&qMp!su3{byD(Nsi)&EnXe~Xja4LSSC=&~@gh#9F|H
z*COVbEbd99Y&<664WmND4{)XKuTdJrohkBO?64
z_`QfNCqdPtnMO~}s^`=I-=I|W(OdJECg?r7!?rY5`D-`clnnF%zN@)`am}WHoqgB_
zueHm;ZTtISXL`HS8mz$aU9#(gOYZK=!i+;M_dFrc(h!T+l%z*GiojL<+i`RB9)oE!
znDRF^HIy9ELSy@+(B0Kv5yxo1XD6(;tq~CqU~P`vi(-*LR7lxsc(7=Na7ltsICTgU3kvnfB@fLaVKZHtVI_H0U_yZbjpKQBM
zu39DHV@ZGQcmkzeNn~L6Zr}m5k%CR&z^((dx(R9?p}i&%`@unL=?@ZxgTGs6uD;kh
zzxYzv#~V^iGTh&Nlz&i{9LAP!fRi6%mdCgRsq4sBG%?Z2uJOEzN)AHW)uJUnj
zc$WZcF}CW@cdV}I+&h`v!m0}SpAmPrN#<@E?%yj544k1b1g^$Dcn6>$-6797b^XS<
zseb(aP1NtAHLh#vDSWjoHc&nAkF2_zS&87=md4wbQ{d@ttiZ)vSr$l-72)4V4CUq{
znD|(*3Pn0>5W^XP_H$H`}mQ-Gu@kLe2tZRDuW3f1K1~OvyJVKal3YAl2H6P_$pr
zz(Aj6HhR#FRM7bY*-5ajgjZ
z(PTL?@G>e;IY;C#K304}ocND+e%+5rU+k0njBv=hUQenNE!9gM
z0Xu{uJ-1}ufB!dxMI1c32%gi3j5SCeWi{=UoKv9rxC+6UQsBnx%bO{EW!Jv7K&y~d
zLdz-dDfivzX+_hzzyI9(Tf9(~g}Z?jP4|V$;*Zj9|5S1Jxh~Ht<7!f|Fn-5zZ2EmT
z+FkUAH(Ha0m%7c(>(#5(&J(5iv)JP(bU^Cw%$JE?S^r-IIa=yZFDk*(^im-l@-*6U
zLL~KdqshJET&6RYWv`l#Mne|!K9><~|?5s379HEI$r!%+w<|3ZO`R%?JQ@2~zoA9U5
z<=oh=?0n@*QQPYy%fDxmPtVz5CzLYoL1LbUQe`-6QN~%Xfb(WKvz|7Nk;V^7w-SS`c
z)=s1?xnSpJdWTc?jBzkSP2+4?!U|c?7Lu(Y^e?L}_z(xKUZW{CaEEP1l%As>4DAgs
z3QIQK+{QWq0o<0-m*`mW^@5k@W~}d7Ug@%lv*5vi@*zoJ&
z-Pq`+4D3tTlfe!R{$-c{@qNz)UzsPD^hC5bi4qmr!?&kb1Ja|8OSpeixZT0uV{CN3
zj48WQ1DiyQmxgnOFuQR!=#6D3*stvtRImQ8mU&o5wwa2YZF*OO`CXqa*S9ZK(2+vX
ze@&5%T+6%>k6a_i=YDc~3+S4wmVf>^==8Mly2(D<^mF;;S#D)f>&Qmv>2xDIa2?0n
zR`AUCv(~deR@Z7CUF7IP%ns_j+m%`aC+V``qnE1PxC(8cbn#+@z-V=!`#^MUWi8a2
zE*j&6-#oB7gXNJW5V4oYva|RIDKw;u<|)hz`Any@Q@Sp4R?pmYrC@|F(iCij#qof?
zx`;=EDHV`Uig@O`I<2v`o_i4c@-|~c00^x0Y+8tAlJMvGjMVc9-P7S|hb$Nz*kE~U
zwR#5!-zh>qRlPU@d>^5NY;k9eiHIo*ArrDhmQaf9`!X{mX|c74vP||ZrjjMhj3rBn$-d9n$JmC3
z*_Ze9Jn!%KzSre1*IZ}L-1m3+EZ_Sa!+uYTA4R{sqEG4ff58gacv+>m?9ia>$H&H`
z6;|Xtm{gTWXXLR#=dgu#BvRpaNyK?)X3?#z|73lUjB=IKOA2vMjM)JvCI76@i|=GL
zTCaFZ)aig*u0!AWSn<8lSdvv1T#%@!$3GTfPoo2MLY0OT`f`os8&=YC=^5*>0u^je
zWv%OT4LD7
z9}f_?1#X`F?c6(XwWir!bbBr_d*!oLY^LmQht7*>(z1POYmW>b`}Y;9D*FkG*zZo!
zpD|wMk5GakpDGVYKPmm<90ZbK?q?ez$`D0BCfD!$^yh2!ktnji@}7OMmx6o{pie_j
zgZ&SoEXnDUOq+*)MS%Fc_1N!9Q{#i#thBPRw@FPmkS&V$MhogVGJ6^i>HY~iy-_Q=
z<$j%d+8^bZN$8E2T`}5o-Mox2y0TvRBQ0ZD;wAN&XAcGFw_IH-hhR{8s_$OCGfzu9
ztd|&XrZDwA#C2v=M;D6MIX!*2*A!@V5Dymq)_+TV(Qb#OKI4&V-wN-gJX%_`bm%NC
z-fI<}+tE**9~-rQxo6LckeI}{IrFiDQ>@?AM5oee9N91UR0mvMGk%X#Z2E-J@UapKDMQvyl4zE#s7D$B@FGg`iol2!WNx73<-!gL%h^
zjT!GgpCey>I+8v_(BFTsxeB-?X})^!##41cm^EpVn;QA7H^bDPey~bec@&(-W=+zb
zMhr^I^reBnT3r3?^knLQr&7!-Pg{xhC#(zuw$^&gV)vKMDD``1(Y+~MNP`A)?yoB<
zcc;#xBR)N|WUJ=66`Nd^d;I!cg?rt-;I@gSuObQ-(w~EF^cR~?dMxeD**Ra>Klq{s
zzdz^i`7VQdEk%hMUv6}03yEv#cst#J=u73S7)H#-Xr*AGuOWgFo^sLp?S1pz0N#9p
zx(;W#j;kDTERG*K|6nfd33aiXoGJ2+yp99*a~6Ja$#Fi)=iY6fwUr03aAFGcIeIp}L8(0SVv!g?s3cgF*K?|d@eYw>R`Dq63{Bc2W5+0oOHJ{
z(F?Aqv>q2W+g(&zXnK3cBK|=he~Oz65H5%AX9YsUce-BCcb64pdfKyt4Euvkb*FHy
zN}bfn)7z$sf=BNUB;B8>fb_E%#;pl`?*<8zSXQt2&+R=9GZC(N$dpNk*ozx=6`}wo
zuTVDjY#DeQ6)L5Y{!ymwutV6yVZ`Z2#pH)8CQxStM3j%1#A4Yqv>Mq3x`8+Z0jG2&
zitEak?<7%F^QG@6V-{}xtQ>Nad&o29H%{5SWOUx2*V;A7+nzW%K{HWd%7SDC|euiww`54Uz8cJz_gFv`GaCKnyQw
zKMwL6m0o?4Dth_kS(VO{;>RjZKQlXDfHHfv$Y$}Hcw+_NL!%e9{|wGEc3yGFytZ*0
zh+|2_Hz7Fj=XPFzS2T<7pUadu40dyFex^PnNNN54;+rAdewb|7H9>n?xl}Mndlm)n
zZ80%?rYiR1<0ZtMQ^ahcCq9DRd0bgTVN1600z+y%W$&q}H!XL7$C4meYorzJVN=6P
zirV^1VV6>3AE1Ub0Tf#Ht|xe@$gf{fBPU3wwI6ojOq#)%^erldHEkY|L$PPeAHxv{
zoe|4{2s%OKV_tFgB15RV`js+#_wFs@XQH&13Cdi0_Q~t{dJewr^`{Ksu;#O9WB=8{
zpNPo+`2T-j7l&>sXX&g)6isW@^uh9${ONb_@}x<#v1aHu75fJ7G)n$S>Doox_2m?|L7ijFbtUu+o7VAW?if!$@QU^nXFts#70dFLf%)2ebAPqj
zdKI`{3zdxx5B8lnggQ1jIaXXooi&<;_kO%@*w*3)d!9*>-TO&Ob{J!*B=T(c4iLB#
zVoIGON834DwHZIRFXV+?a)^4c8tE0C^oU>~%^Uj{l8RB$r__JuUXk`@RrN_3>yqES$d+Tl#_W{cl;JT7oVqUuw-U+pcy0IY=tFu@{va
z3Esi)SNCgjvv(=uxw8WCz@_;A4w=24VDxVpetya3<}zTi=_DDKfV&d=YJq{ple
zxZMBH+EkO0h%$aGfe{d8?;rwEL?(UUBE+{6egYb6i?k=
zT?_N1%vOzk(FHf^E|z;!)m1MBfw3nL`&j>;VNxEdgjeOmZr9>E$bu;vWnR
zS&wkr(3ji-PDmY>s^GKS{V-UXaMLmcq0E1QfsI`2rL*r_Z44U|eYRMN0W()EjOi&^
zH(_pa&E0|!FEST{{;PFN_xW2=mFy9g@D0Kvt2CMR7gA{_J`hc>wy1m{X7(dL#04Li
z^YmQ^Ry&K{QAzt`U|-V|G~m2rddpU-n)tz>T(I7VJ{xRrNuilnQH8gcozH3=PHc_
ziG0rhg{iRVS;o&;%vEySCG1~^5Avo*fcrt9nkp+fL%4bjXHIG0A&jh0vowmw`QaznmE3
zyF4E*oO5y{^F`c~)7$gy3YA7XyqwKuDRaxz5xPU*%F#44^CQ-i%*R&{-J`G#6!{Tj
zIwJdEYDx)=Tm}RJh3y>r8#ndKzg39LQ{ZC=`>AZC{apsf0>SAi(8v4j2rlpGM
zS^m%%%U4z}G@K9&34(K`FlgmvYo4C-6
zD7fmAQHAh1bP24Xc0nw*z)R~Qe^7zSLRWSvq^*faEjJ_(=7R3dV`!Tjubx$`9U)DM
zFEZY!4k|p5{ODOPjj6#bYmj0{(4Ci@O0MYG$msm4?r3P;-}hKQCi2Xy`nds2eZXH8
z<=y`$$5bxD$w`;>yeR`O+A`5F7s4gj;y
zX;3iGv-O+w+XA-#iHAOrk`yv%Hg9Yr@>O@-Uk%d%A{g@MtM?l?5p%)JAi-IpN9&>R
zyWnNX9m(GmaoEz%xLOx(@PN3v9dH4vhHrU5y$3d-Z_=V|O=j^@NXKVOe%fidZ~R}VaxDjica6gEtA{#
z`Q9z{Sr;W({ANr|=9!JvVLsHoi7dUVh#1|L<
z1zkj6-~nM!n4k*X&fG>{B?f+n)&{tPd7pDWE3;`vYmgUi=fEZ?RN?UO9dF($lDDdT
z6@uY~O+|4vs8vkH@o8`_V3XMFS9WUebnAO$ns-$EaS^YGdcH80dSbDj
zogV3S%=>k`47)-F0tE^S77k8lKIW$y_YD-;j3l^|?d8-7mOnwty09`$5rezKDx<
zE~u5^)fE$+n|8}a2ncbv!YAQI@WJV@)oC)CP^r`DevQ@s^-MHr#Cbb$H1Fsj)$8FG
zBV;MFqu~2=DECPP>wRlkc&&Mg@32c4*F8{@p$?y-;COnk;M_X=L;qOPciXhs5^D`o
zEJek*W
zzmef$3l_6iEoOzZS-AxsJC5&xUa`L%n=JqN%$tW*RSs^5#UbPw4Ofy*NrWTIHJQ|V
z@`1oqVvyT8nYjKhIiZoB)0{3wCV>juRw8T}Z?_Y+a3m1|54O!APz|;>l*qq+kO#H2
z>puoy8qIYoEWVB44eAo1VEry
z3g@R=zH6^@u^~oWIWp@o(}B$M-WDLUT$$VeR_Vs^HZmL+F~B11U<6`*u0+55<&!az
zJ^5|o^dB3~HzWET#`D7(bIByw#)@y~O0L7>LL+A+Bm(ja1-X|?s3oIs7ElYu%*R!x
zH3T{CuiYc7FYn7e{dA&i*xUjUwbCPLfcLgUJtFA8?MsV9x&-ol7Wbx*|EwmGzPKO<
zr6uROM9Zw)!?-`2Y28gE5j<;p8%<`YGpi%8Nbb)jY%Yc}O|T+kSJBmPXR@Txv})QP
zmtRu#BQw=gE}=ha9%KZ)pzNLu?hfI<7}7{i(akwHoSBUO3l?jQ<0os
z^#;E!*3W4nC)#LbXw+^e+Hm1Ba^Wm3
z+mF6O!Txs0aks)qcJg&qQ2bV!y}zLK5$P5Y5Gc@ntmH!7>(CeIaQkT
zXCmS_(QWtUbNF01@#jdla%**!zGo~N!Vu%OIJATR&wd_uk$)L+HEGY-4Kk#
zEPyrb4wu}L)xcQN3@*T5>>$#PKnXa6|N?VPP0HXC;3@x9M@F_tY1iGx|_~Cj=
z%F`IW%L4omRrDDcTmzwQM1&rpXWO+8GwcwS0T0TJW+Z(i2SymRR#l%}vhbPL`TpICkUTy3SKkdiq~#ca$O>0Al)w$?+`FS?h(x#+fMLsnZ$?6pKl%xX67
z&eq|3GP#go%Yb9?1QA2f?f+gkaCht>C2-Zm`YW(+F7~0#j?uXGwiMDhe9zi_wP0>6
z_k0+DaDL*0?t=3rD%^#}{vmLchAze0>O-I0@JOckx9#J}v4@;q-l%Zd+qo?^dLa3v
z4UzUuthFWSk}YyJIo9OKfv4fo_ed+HnE_C_W^hIr{K85WJ}s9L&Q{G$xGVTp;s_rI
zM19hKq3pZ0QsFR^C^s=59G~E}%(Gn~j@D^cyzq=x8syAgPk4b<#teG5RUW<1Y(>xk5G*3_k*)33}Rj;gOI31+z2aRCGQs`XJVQI9r;{RGMUF
zHAtjM)_7XODlDsnS}{7urpc>pcH0TNT%=!p_VBzMfypdCx)u|at`jlHkUUSH|EeTi
z6w4PEAq2YJQA?f~{G~)N%*_u5Hi$@08DwamOCZbu?GkkN5D_zS
zzdh`)l2$^s;FST5xi^pDeZJ(?%6}JdwWuxEaw!?PWAK@5ckHVSH>g9Bizaa!)?(T<
zJJoW-Iq?>9c?ct0=VnGAfrG|UqgabaqtgDlzu;fG
zHO{v~T7leB&et9d^xmdup*@axUvYl?2MacnvNWTqjE#7cqKR9K_w}g(e(DnEN+NE?
zBMqqW1OdOeagZT!%b6Ql_z#eh(Jo{F#Dt1oRjhE?)wxZ5G$E@|OqOG85tL4_Tt}M-
zx(?kMhqIfuIv;;)G?=8pw|6|tsT8uJ8IX<#Kp^Eq5tadlpUFF00$AN|rC3h4WW?!GYl#%mOV=R)}{8bdh3xz9;OsCnlyzsXZ6(OY9flQ_(A13EX9J6dDA
zpkps2DiALS0%cv!vAcM(}PHI4e%UmJ;;fBgwI&a#O@J`wg>45Ie(is(s!qFJ#6%OBbq&qW6nTHB
z=-YePWqjSj4+I3=A8R`44UblM)uAPP%8Xoxm`Ov7_a7-;Y`)QYy9$g8aNAEK*vG$Z
zsKW0-7!=0f0HfDJ-?;~wgQhZ*BOavpf$e5S3n_>n;_UZ^ZuhSVT$TWVWhHtQbm^(=bb%kwn~l4A#k8M#{MUXw+x1re$5H~H?+
z_BC(Jv<)XelxLd00X;ATZ15h{)IPE!t*-7M28NQSzbDR_TI<8H)40kUXk!)bYk5?a
zNw05Tmg~4r){_>nqonC7`)v^nRZ(7*gmR18nT-yMfp|t6Q_)FhHs{rp72NlOKuI#S
zQ~8}H)6<-$%}~g^D|={|8c{=DY(0Ne37kZ=d2`VAUIa~Jppf!1-q0l%`5q{5urMlD
zUp$k-&I;83mF3FiY`+>M8{}X(H$i9lfV2F%Ub>#qtJN?KFsw)5nrT1)wNLd-!734ngYG$
zS@`@=E@6wGcRWW#CDt?dKsq1jNc+Dv@YOzB3m_1&XC8mjg<)O
z@WXuxZ94nK*mtWSQ+U(YeNfSdocngAo%$yRM)c7UFAP|7sd&^H?t9bqybbTREWB>S
z`@SrEbQo(aqdXvovZup?pkLk!Ii(GHlULp%1OgpsyS}B5;Z&`cfD0bGV8?J8@-#Dj
z-r-zG{t8^BgFHs73m7>T3cuTXl)xTfl{7cQOUQwM>%
z`IF0P2SXFEz=5wHaVLM*N!oB-TOj)`Y;6_C35v6G{Onlv(-K_E+Gw(5?G9tbxD1JW
z5{lSoVmPgZUXkvp*MOwEAyH;f&2G$SGB6>x%sz7J-|tV>axyMt`eY=h>M-r466*Ki
zNkB~(9;YdnQ{?o9blr~C6zt%~z1^XxKIroe=9!*LSeJ$nTGe|UPldskEnr~{lMDZT
ztmg~cF(RGHqM{4>pf-F+-7?eWz3E}_B@#O*W=?0f&z;k68VAG(M}*w2e
zXG&KuWT*Ba`OlGD0uY5>-VlhzUP1V0h3*$#0(SuJ5a;-Gaf7a307E4qFVmb^MQ^dk
zQb>!C_U7l1pjEbF&pOc|Q48Jr=I?D*8|Ww|^2Dg(So@QBgS_b;*Ff;{Uh5|{V?+dYxEN=krs*%#Gi_F?mM4O#>p-AXvcv}K&1
zE?nACdv$c2_F@lQfJmviIYEe7(9JCOaboo|#_O$anMc93JCH3v4UoJ?c-ey0`AR9c
z0z_DmS?NIjgp;=XV9#tq%#$M;tL(WoxcWzxiIMt&T5_%P*FHj5w`m>@`m>aE!xr+!
zEnB~_Ir4;$CD}DOHhqJj5xH}g?o
z0r;#1Ji=)5?YXYcS*TzEMSs|Q7Oyaf%AxH^nHW(a)5im1;=x2UO;LchUvAUwgYBez
zSY1#t*$)|pw*AR2n<3ZkyrOeNcPNt;*Q!p*uKX6IqCN0=LL0Gg9R!lWZkx(;?6B{2
zEFP>zP=5{Sr(E9ugWsf9*rsI3sP7{^V8J_9zbaIPc{QNAnh8tSc$}l59&niNcSK)C#Q%34VBY
zB|o=n5uHj}f4It8cW7=&qu9oJo#3Xm9^A9f3j{I))t1=!0YGW-i5Pof8naIjfdy$M
z))~UkH+o;5i10zal%Yo`jv4=4WxurMlIwoeL&5!)&Bo+Ni4-2MWS({1h6>b1}
zfr;gC(TYY#6aIC&ngW>Pdc4a3t>cEe-|io=7Dzw*
zUUfI0yP%W)8J%fd*LE=QQx$FsVY%sk0SBq*9ml&yRx<;1OULiCRLh?S^;X$YQD(wb(-liyLBs+
z$=ESU`XFcS^$xxNhargzC^jdBSgt*n+$L@}(MHy?&*Af}L%H2r=u4Xdpy*a0bCl-f
z>ALY)mkl4{3wg^9e#m%BQreoV6F2r@T+{)2!z9y5SzBZOb!X~Yj1qtSrO%}ih7h+C
z(s09(I!tV(HHP+U=zV~hBt|0_+{&Bjwz{vl?{f6a{I0XfgK7?hPu7Kd$7pJ=9S`f$
zx5VQDo!vAG-KL&&@mk%V-dJC?^T7e#@ca4vUC1jxyOY2a76YgOmJNZ=LduhCwX0wr
z{!7kj7gnyhY9A=3qO)$R|12>-`$a39!UJwS)<2Sob^e!n!;vI82+st2<@nC6x+W8Wij@yzR
zMEAkhzdBjlG_m6#knl`0vFg(;vw-kg$`OIX`IMw^_CPEg({+DVji;;iLQPvk=I6G~
z;H-+6*ltZTu#rnxn-=TvhJ*+Qb67DrSk|;g=
zx8zbu#27y|PYccC6hp%XIl86EssJA5PX~cEmv2pMWVv?r;;!v})~ucCuw@}^Xy6$w
zZADu>b;idB2d~8DiyOP<_CwX?uqM<4+i50QyqVAjjS=A`D*GqBA%rYx22APEjb~UHiwX
zG*LfTQ0DJ*ldffU^&5Er%y#YCHYs6Av1^ROUx0vwJ4oMt9Mq;b*yLJVqFa(levt_0
z28z2?d(*(*c1{rIhycyf3j=LR346u?{HpZ&&W@8iL1AL2XFmqkxvggOA=esc>)EdwZ$>0w
zAtm*uL`i*7wcr^QSCMqfnFwFyu$?XadJRPlf7G7;5;PQr*ZGnb`BOAU=c_Q+YaFx>
zly!1S3tgGvZiyn0`yPWnC_xs%6QmwL7$(H^thc_mxtnjrLJ6mR7YTTDmH|*sMaTKb
zt68|;0E(NV{`%6vcqxw0hfUI$@nEm4PcnQ){ALod6|GlhWvCa0;8yv_m-~uVVUln+
zoFtS~cqg(8+0f^vQwA%)I^lC_4sR$BV>ZJ0eqD+&3$c=~arlt(_lv@y26n;V(P=$i
zl3TM#c9$_IIqoapSu&bM|c9#1+~*459LEUw!;WYmZ(?JbT2o3mJWx=kZwslIynZ29~$JJvE_
z*Uwsww(cYwGn&3<^kmfvN2j_uc%tsi#pRcMu}#HHV-i;~mvekAMpB^O
zZ{lgbNS~8SiEZ;^<<}YVB0u?tb#41E1`x1yu}T^S@y+w#&h9RB8{^M=s1Z@bQ|x%$
zPzw?KBN0DR-sp59Ws(*x*yNcvKx|??o5o^ml>L(@Pi%xDZWmH-Jx?|=Z8UwW@`Qs$
zCIXQ9Xr&b8pxB2bLP5@osCgaw{?bQLZ1h;?PqnQ5*LxQGf^^
z0WAlp9H>+74k*rYCY3bp(_p}UV@l+|MBapM14EWm
zs_?R}PFr2u!mauREl{Z`R`AqtTHCcyOHnbl2i)SIf}fAuX)(`efDx257qC7O!ai>6
z(t>ob4PQ>r7w5M9{gP39Dxq^b)nlQZyQ;IXQNr3fAaY=(I(s|f)LD@GBS0Lhw!g!J
zzu3jj&%b1J*Uih>tqo8MN^Dsk&y!=F8%={ZR|_c=w^P@1ky9(m@b0H`H$wutVlpzZTWn=Sc3=YsjUjl}(iTGJYR%g~8>!uvm^u2t!J
z4w-cZ=F5*yoG;f{gu{>7JLvb~@XbLRS}v3-VHSyPoJP7fBf@D>P*MP>a8A_vos{75->g_uT>=zjK%p;zwEpd81K{kiLw^?bq((50&wmN#2Iqtuni6#;Tv+&<
zGjfBR*L~nMcH)eh&zh+Fqw=Bej>l_`P14Nuu;f$en7)9?5yn8@#B{{|5)Xwz)~d!-
z3LG9-mbG1f_ETJIyoXQ8Bo3TRTE}auZn6@h*lmWz^+?EUD0VtL;K(g~72(
zSIlT42e`*4nQIyLHPM8%VF%n_V7R{Aqp$T%Uw{6d@{XpbP!)jeyLoajsd
zc56U{&cOVm3CIx@Ho{y84u~&1CK=zxKX?%o@+m#QKO6uzB=*%8guJ8kpq`3{W7oR915ai>&fb0^uPY7pZt2c!KFs3AcsVufgwzzg%>74Wd
z4G5IJeclPQNT;9xm+*c@Oy_n<8O2#&Ev&@cYybD*&xh!;kk7P(j3>72>%}a;$q&_b
zb*bvV(FW^^2a70^M)AnCHKMmDe4PQkOcZf90v2Fj*Enf(L~Tf2Y$EF9H261Bk{@Pe
z#wg9&AUkff9QG?eddSXb7I|F{QPz?c`Sjo5&+5SglPlkRyZl{a&;&r9!bF_RFv2#N3*uz(BX3!ZD
zHwAZjv<7Wdq8waQAUyKv=t*%5r?n4R$_lv>kCdlJvF=Re(Lb!~(I1KzzychJw3quj
z>M*xhjN8}jvbzFYV>s7)CjQrAL*;OF+lhOR@4^_PHyoZCS2C-Z{2+
zBoY3TtM$~a7VRx|(!?0P82S9Q4yXkV6x=~FNp^CU?HJ?up
zk~l~b{Y{L}q$sZ3QF~=KY}{q4IHrV9RH?g{cS?3NwfeNn?d`+iGAz7VE;t^1NYL!u
zJprIMzS6Qws5o_x#@|w`vI#JsIibsM`=CG9m}j~$qx}q>HXz7;uHwA|DjkHeGV8%FK0ccB*
zC}{UJ-_q;DwQA#l7@NK)GlptVMF8X5iPX}3ihgRsO9`9Omp^XZCYI)b$TUi+e#z(;
zGA!6Lj7skt`CH~0y~qz~QrQGFNH1c_vx7jJ9aoLfU5~BqBmDgqa^leOc0KHX=VayP
z4Dx9ow)nN4-SL{W6q!BKs~728eEe-Kc^_MFEJL#IyB4!6Ky20KU}=5p7XQoqunRzJ
zVOr?vDG~EUDn9{5@|9yFU?Li=zt&~iXGK6|4tDhrDHJsX;wp-MPPBGs{LGsn(%Az&
zH|`dy?^djb`4*b_~<5`UDBxrdJ2>9B^NrHCGj?qRac0MvIty!)=
zQv&|{$urAE?t5PT!_ox!s)*{PN!rFiI_nlqrHoP^Ru$p_hz0%jHNREFuaVe=YfMsR
z-l86Y-$EEj0KhwVi{lW=0Ed2>?=u2ugvy7|#kTi~
z*V0H5(8>8km{C4bj(vR>_qb(?r|1N2;$F&7#0zeg>un-Idm3p1!TQ}8t(-KKBNE2_
z0Ox@pdpH*<0tbBs;XjQ7cBS-g@Zjn#dPrmIo5Y0U8p|PE#h*e~hLJdpC)P`{jE*Ww
z<$jWbT9L+xaaylgx7Cx!-~R-)Jkdg*ZrJtAxzsD!&)0`S2Xsj*iMxcJgy!$reQ7h2
zXH89BfRxepM_oigrC+|ZkY)q+uiV0k0BU^`e7w69)rT}{B;2p=M7c==5bsAW#^J-s
zb-HS9DE97huBrXI>b$bixd=46?$Gj`pTgx&`SxE20RssTqA7S#(H)?`KJ^o^OMeh~QXqFJyESE<_UTFk_
zG!2gkqz4_6Mlzi`w0DA}=I*8&%2hA`pQQ{*VC4f+-l60UVUmOS5B9`G%uU?aQH@Os
zlNzM~k!CVFJh1fka=`i>8d;j#T5p@Hqo0=2=jN}+AP(!pHG{m0ckR^%k>ZNxtq*|yev
zHgB<*bhmTcM3%m@%!cr4AzPvFW^$`ne0?l{($cj~51w6_tX;P+?*F)-Q`Qunr|0mv
zs(J1J?W6}7F+t+KyFL;6+!8RJ>Ti-&1*DHbdQp*KA~My+yM~Yd_-@kq*QXTDYwOj4
zPS%|ffdPf3{ubioG%v)BC7mO{Cm*8BIVUE1L`k!A&A#|{MZl=J>qi>^Ek%dHJ3=TH
zO;xylM(_6u{fhc7jDuA4HVf!p+fR*@2a}pZi&oaa%4Bz}>hA>=P)r
z#HrHHPQ1iFD_N@}Ee~Jjth~0;PDLAKAe^Y^o*QRNEWGM}Zz^*55lj*snEL3W{^ca5
zI7h)P8x-$ZYVhEKaFF2U-EQCsJ@THrdv8|i58tRQue;g>Un!yA{)0E2J&&-`q|Fk*
zOl|3`5r>iM*gK&trZH|=pT329?|@hFI_jwT*_5l-mw5I*?)*we%)9;SR$BlL*7SoJ
z=<#r{j8*oRGtzNuZ)Ev)UyCEfhb#n+z4IG>xnoo_Q1%4gB0=q|%v$wd`i_7=X<*S#
zs*SlGr2N7|2XikVBGm?LUknIb1Js%94WehX+!9{z-ffI>KMv!d{sD)X7wfU=>_H)aLeGh~D0eMxX!A{gL7}K#ZVLn
zG&TT`UL49hq6Fr#UQh2hzhl^ZZwNn)y`cZVk_=#?)4SLpP&(`g-yzKsf1ldiiTkDf
zK{1Pu8DXvJnHvz?2H-V{{eLE%Cv((!Et>X-#C(C`h
zCs=ItAWc^YA*O12a(O*MWA{nfT*CD&1)X1BQx&3~(I-}2A?*lFJ&07LuMdkp$4=~$
za7pEg(q6?J{dlul|8v)M
zp$5$N4O-w^LBrtWSE@jF{Y{6hy6$_yxyo{djGUW2c7%J+siYiYJ(h*|cC4`GrB>iV^ZF$
z9SE^IHi$Bo@dpghp;-979fY}87r9KOu{y7zCU8sYhF=H35=)U>rDb5jo(mj^d$N39
ze|ROl*8RYK+7H=qjw_RGroQX1sSK^HWqKz***~d_
zo1S3q+g`6fGpJkZ;&=&D6IS|v?ZLbjNf1bS*96G3^G|YkSd-14i4UWvN+aV5s1)%5
zwiuLlYBm(ncdqAW)cf-%o`ro?kc}6LJGRWeGz>0c6~o~d*VdJ|`uZ@A&-+isCb&-wk2w%XqVxLIE4N@rS6%0X
zUXXA=2bUePnjfqu5)69_y0*U_wf#3Q0lhmadHL^*?K@F-p=KzM{KNL;7+b;@ziiqs
z(I)tpuSgo@l>Z0FA-1X+&DMsBzHlH!`>eOxMz`zx%cI_}`*4{*1alz=l)&DNad*qo
zs!>zA{bh3B|3794HQ*%uTvh?a?M^t>GNk*+-p9wHYP8N*$e6YkBVch!!*)ZEr8LbS
z1tpSQL7`!Abv{87cY2aZW$x3n;{Y_OL`qLxj?QpnWpIG;swXZGiy5(wufNX~uV)lG
zXNy~VM$`U@L=*>Zx*U`rWOM8kxc)li%w_&DffE0U;q{f037cuxix)SODrgZFG~&sA
z7p%+h&%jV_mDO@2^d3aftC5iR@WL;eIw4OFCn;Lr{%z-{J{$tjHPAC*Igrwf<+ATv
z1?S%2nzr>A*=qnG7J{ozgAdS?dW+H=1zOH$C$9o>&r^58DM9#aHP&JsCNz}$qPjL!
z1Fy$h*b59@%mkQs8S6nFLqH
z^N!EzduJ6l)?{0@P9=|O3ub-<({DF?g$#`lp&LD6Veot;vSVBg*Y2VtIN|hVOIhEA
zPWugp5l&2Wn>K*VhA|F^VBe70$nOn?YyYvV0K@T$#wL_0A{Q4V9DD}=PBT{z_C}U&
zE=`qs^EQ58l0x^0lIN-+S^ebq%*}X%J1mFPq7sU;BCIade`$+-PVO&niNK-r=DLzZ
z*;h$L|LDZd1TcKoGkU+-xNw>M$}<|WOr`^i^P}}DRKV+9ZosFt*rhp@!!fNFPItr@
zuERfal9hR^D7@~v7&NYFY8
z$-3ir6!l%7tA2@ovhNaH88C{4{9wP|2xNVvgrE(=R2KZmPxcv%y3;%nW()b|Z6wnNt;-qlf)wUs;9zLYYW;lju!Q-PbQgcKcj;*lWS~
zI2*#KLTI(0?$Jfpgb^KsVxlafWv_Z;UUhDBe`MxU1kxXF&h`pQ4+^;}j98L>nmQIKY~Up=LGUJkPLL$#*r+Ia7aN=j}(Fxk+fbbS){$bLjD
zL*q>Bk}t|h@no|1OV!0EBX}yee(qAmc_M-Vh!BceqR8oUacK
zjh0gzTEDdne>ITh+O9cd`nR%1j)O6LHjA=BnY1L6j$>}m?rY&Cbk{}PJAl@o9ub?*7nwo8ynyyiUmrX@R
z6CE*yE$`mb9m)3Xj
ztKCKZJp=Ed$yleY43hxMhr#LLs&w_i>)PIt8=r_*+Hy`T)i
z;^yiX9LRlvUe2jtNnG$lw5R4Nto7!daG`RnMigml_`xFIhGZiq^2XZ;=rC==68p&0
zQk)P*<3CPN8?X)}Rt5ip%}}cJ?F!1sj(bza`LDq-T)pi|!uW*0eqpBh<o96ELw$;)
zY>O0FX?Zp*UrZ&>N6uDd2awaWjqQJIEpv}SbRn49u8*NpYH;rZNg6M{K}jaMej5Ht
z{?kH9hJ{h|2uj>)4raOTjhnu-7#tsDG{T{3a`ks(h6APqLQUTsYD@8o(=HczVXto*
z)O$xTWL#ByND%F>WQKfR&cWTSKj9I}R1TQ{TJ$)l4UHawKYT1M26P$J(GVxde2episI?x
zSKB!#HFB+{LG=87Ax|wb0!mlUKZpgnT>`RnoqGK4(jnfL8V`unfvV`;!S*c`w^F5M7w6-lAId>YG@DgUhni((tWr2nA2X$p)N0bv#7)a%&DR^JQtG+>pmrA24dlv7tRBqjHxzcMW21gOZ!Q3=qXw`CaY^$|0LW*SS0=mop7M#V$x+oI_SOcL*-46U6U2at
zi>lUAhK;+DJOrJTJW?Q|n~-tgO(U@2@a@^3nc79D<f07x46cZbbE
zix9({kB!_}dtI*rM$W3|l%oze-zqHtKUq8?q_>mD=nmTIuVH2_+Twi^OW1S%GTHCy
z&z-#Y#;4n;c&Tu>AfPU8cv`9~DbOOb!MjIVlq;TuYru%^?c%wmZ(5;AxFszWvl0#c
zs#=X#SY_HLL`+f>PmgA7Di+5Q5kZ};9||{8G|~+U@{_%ao@&K%yey46iqJ(;+Gcjo
zoYqP{etoG&m!St7zhC%I*W+49*|I@SjTtR5Te3)oXZ=UyKKqg=7GsKHJ`~%wo~0+t
zk;=E)B^UAr?_ToNK#}%}8)=$AkC*hu+LGez5S)|u`c+B@;Jg3({HQyDaG+cH4=Bm*
zhZ~8w2)CAf(tgWLL_YoHjCKya(UU{p&sFzseltj)tw`U(hHk$vP-t>-?;Bf89Q9W2
znuAS7@$JkqM-K538-XkHIfaf~_d1i+B~v97pKDBsszTJ#qs5>(;L$Gb2=Mn^4>T)C
z${y{C{_eo_Fj0gP`~{ZVgcyCnn38mWR1EBb0Oi-X4B*Q`qM
zb1M46UMs*z0H$XjcLR@{@P2_AZpbpvoJiYR%`1+kydbQS@|>AtpFmgatA=iQ2F0GJ1|-s<#tHtdF$jq
ziG%QxJ_$Btm4r=XXgK}WSJs>c2-gqnQd;wl1Sx*PYIi)sZhI6U8i#oo
zon3`tmf)6U{IvIGdt84j7D~PVt&Ch8g690(A6)&HlyRvS#hY;0tn9_Nw7;1NcTAK&
ySugM4Gaw-l
-
-
-
-
-
+
+
+
+
+ {/* Top-level boundary so the public lazy routes (login, password
+ reset, confirm-email) have a Suspense ancestor on cold chunk
+ fetch — the protected routes also have AppShell's own. */}
+
+ }
+ >
+
+
+
+
+
+
+
+ );
+}
+
+/**
+ * Console toaster — a refined card with a per-type tone (left accent stripe +
+ * tinted icon chip), display-face title, and a body description lifted toward
+ * the foreground so it stays readable on the near-black dark surface. Theme is
+ * sourced from the in-app ThemeProvider (not sonner's "system") so the toast
+ * tracks the console's own light/dark toggle, not the OS preference. All
+ * surface styling lives in globals.css under the `.fsh-toast` selectors.
+ */
+function FshToaster() {
+ const { theme } = useTheme();
+ return (
+ ,
+ error: ,
+ warning: ,
+ info: ,
+ loading: ,
+ }}
+ toastOptions={{
+ duration: 4200,
+ classNames: {
+ toast: "fsh-toast",
+ title: "fsh-toast-title",
+ description: "fsh-toast-description",
+ closeButton: "fsh-toast-close",
+ actionButton: "fsh-toast-action",
+ cancelButton: "fsh-toast-cancel",
+ },
+ }}
+ />
);
}
diff --git a/clients/admin/src/api/audits.ts b/clients/admin/src/api/audits.ts
new file mode 100644
index 0000000000..731ae4be66
--- /dev/null
+++ b/clients/admin/src/api/audits.ts
@@ -0,0 +1,200 @@
+import { apiFetch } from "@/lib/api-client";
+import type { PagedResponse } from "@/lib/api-types";
+
+export type AuditEventType = "None" | "EntityChange" | "Security" | "Activity" | "Exception";
+
+export type AuditSeverity =
+ | "None"
+ | "Trace"
+ | "Debug"
+ | "Information"
+ | "Warning"
+ | "Error"
+ | "Critical";
+
+export type AuditTag =
+ | "None"
+ | "PiiMasked"
+ | "OutOfQuota"
+ | "Sampled"
+ | "RetainedLong"
+ | "HealthCheck"
+ | "Authentication"
+ | "Authorization";
+
+export const AUDIT_EVENT_TYPES: AuditEventType[] = [
+ "EntityChange",
+ "Security",
+ "Activity",
+ "Exception",
+];
+
+export const AUDIT_SEVERITIES: AuditSeverity[] = [
+ "Trace",
+ "Debug",
+ "Information",
+ "Warning",
+ "Error",
+ "Critical",
+];
+
+export type AuditSummaryDto = {
+ id: string;
+ occurredAtUtc: string;
+ eventType: AuditEventType;
+ severity: AuditSeverity;
+ tenantId?: string | null;
+ userId?: string | null;
+ userName?: string | null;
+ traceId?: string | null;
+ correlationId?: string | null;
+ requestId?: string | null;
+ source?: string | null;
+ tags: AuditTag | number;
+};
+
+export type AuditDetailDto = AuditSummaryDto & {
+ receivedAtUtc: string;
+ spanId?: string | null;
+ payload: unknown;
+};
+
+export type AuditSummaryAggregateDto = {
+ eventsByType: Partial>;
+ eventsBySeverity: Partial>;
+ eventsBySource: Record;
+ eventsByTenant: Record;
+};
+
+export type ListAuditsParams = {
+ pageNumber?: number;
+ pageSize?: number;
+ sort?: string;
+ fromUtc?: string;
+ toUtc?: string;
+ tenantId?: string;
+ userId?: string;
+ eventType?: AuditEventType;
+ severity?: AuditSeverity;
+ source?: string;
+ correlationId?: string;
+ traceId?: string;
+ search?: string;
+};
+
+const ROOT = "/api/v1/audits";
+
+// ──────────────────────────────────────────────────────────────────────
+// Enum normalization
+//
+// The server serializes audit enums as INTEGERS by default (System.Text.Json
+// has no JsonStringEnumConverter registered for these). The client surface
+// types them as string unions, so every code path that does
+// `eventType.toUpperCase()` / `severity === "Warning"` would explode at
+// runtime. Rather than fix every call site or change the server-side
+// contract (which other consumers may also rely on), we normalize at the
+// API boundary — one place, one fix.
+//
+// Index mirrors the C# enum declarations in
+// `src/Modules/Auditing/Modules.Auditing.Contracts/AuditEnums.cs`.
+// ──────────────────────────────────────────────────────────────────────
+
+const EVENT_TYPE_BY_INT: readonly AuditEventType[] = [
+ "None",
+ "EntityChange",
+ "Security",
+ "Activity",
+ "Exception",
+];
+
+const SEVERITY_BY_INT: readonly AuditSeverity[] = [
+ "None",
+ "Trace",
+ "Debug",
+ "Information",
+ "Warning",
+ "Error",
+ "Critical",
+];
+
+function coerceEventType(raw: unknown): AuditEventType {
+ if (typeof raw === "string") return raw as AuditEventType;
+ if (typeof raw === "number") return EVENT_TYPE_BY_INT[raw] ?? "None";
+ return "None";
+}
+
+function coerceSeverity(raw: unknown): AuditSeverity {
+ if (typeof raw === "string") return raw as AuditSeverity;
+ if (typeof raw === "number") return SEVERITY_BY_INT[raw] ?? "None";
+ return "None";
+}
+
+function normalizeSummary(dto: T): T {
+ return {
+ ...dto,
+ eventType: coerceEventType((dto as { eventType: unknown }).eventType),
+ severity: coerceSeverity((dto as { severity: unknown }).severity),
+ };
+}
+
+export async function listAudits(params: ListAuditsParams = {}): Promise> {
+ const q = new URLSearchParams();
+ q.set("PageNumber", String(params.pageNumber ?? 1));
+ q.set("PageSize", String(params.pageSize ?? 25));
+ if (params.sort) q.set("Sort", params.sort);
+ if (params.fromUtc) q.set("FromUtc", params.fromUtc);
+ if (params.toUtc) q.set("ToUtc", params.toUtc);
+ if (params.tenantId) q.set("TenantId", params.tenantId);
+ if (params.userId) q.set("UserId", params.userId);
+ if (params.eventType) q.set("EventType", params.eventType);
+ if (params.severity) q.set("Severity", params.severity);
+ if (params.source) q.set("Source", params.source);
+ if (params.correlationId) q.set("CorrelationId", params.correlationId);
+ if (params.traceId) q.set("TraceId", params.traceId);
+ if (params.search?.trim()) q.set("Search", params.search.trim());
+ const page = await apiFetch>(`${ROOT}/?${q.toString()}`);
+ return { ...page, items: page.items.map(normalizeSummary) };
+}
+
+export async function getAudit(id: string): Promise {
+ const dto = await apiFetch(`${ROOT}/${encodeURIComponent(id)}`);
+ return normalizeSummary(dto);
+}
+
+export async function getAuditSummary(params: {
+ fromUtc?: string;
+ toUtc?: string;
+ tenantId?: string;
+} = {}): Promise {
+ const q = new URLSearchParams();
+ if (params.fromUtc) q.set("FromUtc", params.fromUtc);
+ if (params.toUtc) q.set("ToUtc", params.toUtc);
+ if (params.tenantId) q.set("TenantId", params.tenantId);
+ const qs = q.toString();
+ const raw = await apiFetch<{
+ eventsByType: Record;
+ eventsBySeverity: Record;
+ eventsBySource: Record;
+ eventsByTenant: Record;
+ }>(`${ROOT}/summary${qs ? `?${qs}` : ""}`);
+
+ // The server keys the histograms by the same integer enum form. Translate
+ // them to the string union so the rest of the UI can index them by name.
+ const eventsByType: Partial> = {};
+ for (const [k, v] of Object.entries(raw.eventsByType ?? {})) {
+ const key = coerceEventType(/^\d+$/.test(k) ? Number(k) : k);
+ eventsByType[key] = (eventsByType[key] ?? 0) + v;
+ }
+ const eventsBySeverity: Partial> = {};
+ for (const [k, v] of Object.entries(raw.eventsBySeverity ?? {})) {
+ const key = coerceSeverity(/^\d+$/.test(k) ? Number(k) : k);
+ eventsBySeverity[key] = (eventsBySeverity[key] ?? 0) + v;
+ }
+
+ return {
+ eventsByType,
+ eventsBySeverity,
+ eventsBySource: raw.eventsBySource ?? {},
+ eventsByTenant: raw.eventsByTenant ?? {},
+ };
+}
diff --git a/clients/admin/src/api/billing.ts b/clients/admin/src/api/billing.ts
new file mode 100644
index 0000000000..2a0941fd77
--- /dev/null
+++ b/clients/admin/src/api/billing.ts
@@ -0,0 +1,254 @@
+import { apiFetch, ApiRequestError } from "@/lib/api-client";
+import type { PagedResponse } from "@/lib/api-types";
+import { env } from "@/env";
+import { tokenStore } from "@/auth/token-store";
+
+// ─── shared enums ────────────────────────────────────────────────────
+
+export type InvoiceStatus = "Draft" | "Issued" | "Paid" | "Void" | (string & {});
+
+export type SubscriptionStatus = "Active" | "Suspended" | "Cancelled" | (string & {});
+
+export type InvoiceLineItemKind = "BaseFee" | "Overage" | "Adjustment" | (string & {});
+
+export type PlanInterval = "Monthly" | "Yearly" | (string & {});
+
+export type InvoicePurpose = "Usage" | "Subscription" | (string & {});
+
+export type QuotaResource =
+ | "ApiCalls"
+ | "StorageBytes"
+ | "Users"
+ | "ActiveFeatureFlags"
+ | (string & {});
+
+// ─── plans ───────────────────────────────────────────────────────────
+
+export type BillingPlanDto = {
+ id: string;
+ key: string;
+ name: string;
+ currency: string;
+ monthlyBasePrice: number;
+ overageRates: Partial>;
+ isActive: boolean;
+ interval: PlanInterval;
+ annualPrice?: number | null;
+};
+
+export type CreatePlanInput = {
+ key: string;
+ name: string;
+ currency: string;
+ monthlyBasePrice: number;
+ overageRates?: Partial> | null;
+ interval?: PlanInterval;
+ annualPrice?: number | null;
+};
+
+export type UpdatePlanInput = {
+ planId: string;
+ name: string;
+ monthlyBasePrice: number;
+ overageRates?: Partial> | null;
+ interval?: PlanInterval;
+ annualPrice?: number | null;
+};
+
+/** Price charged for one billing term: annual price (or 12x monthly) for yearly plans, else monthly. */
+export function planTermPrice(plan: Pick): number {
+ return plan.interval === "Yearly"
+ ? plan.annualPrice ?? plan.monthlyBasePrice * 12
+ : plan.monthlyBasePrice;
+}
+
+export function getPlans(includeInactive = false): Promise {
+ const query = new URLSearchParams({ includeInactive: includeInactive ? "true" : "false" });
+ return apiFetch(`/api/v1/billing/plans?${query.toString()}`);
+}
+
+export function createPlan(input: CreatePlanInput): Promise {
+ return apiFetch(`/api/v1/billing/plans`, {
+ method: "POST",
+ body: JSON.stringify({
+ key: input.key,
+ name: input.name,
+ currency: input.currency,
+ monthlyBasePrice: input.monthlyBasePrice,
+ overageRates: input.overageRates ?? null,
+ interval: input.interval ?? "Monthly",
+ annualPrice: input.annualPrice ?? null,
+ }),
+ });
+}
+
+export function updatePlan(input: UpdatePlanInput): Promise {
+ return apiFetch(`/api/v1/billing/plans/${encodeURIComponent(input.planId)}`, {
+ method: "PUT",
+ body: JSON.stringify({
+ planId: input.planId,
+ name: input.name,
+ monthlyBasePrice: input.monthlyBasePrice,
+ overageRates: input.overageRates ?? null,
+ interval: input.interval ?? "Monthly",
+ annualPrice: input.annualPrice ?? null,
+ }),
+ });
+}
+
+// ─── subscriptions ───────────────────────────────────────────────────
+
+export type SubscriptionDto = {
+ id: string;
+ tenantId: string;
+ planId: string;
+ planKey: string;
+ startUtc: string;
+ endUtc?: string | null;
+ status: SubscriptionStatus;
+};
+
+export type AssignSubscriptionInput = {
+ tenantId: string;
+ planKey: string;
+};
+
+export function getSubscription(tenantId?: string): Promise {
+ const query = new URLSearchParams();
+ if (tenantId) query.set("tenantId", tenantId);
+ const suffix = query.toString() ? `?${query.toString()}` : "";
+ return apiFetch(`/api/v1/billing/subscriptions${suffix}`);
+}
+
+export function assignSubscription(input: AssignSubscriptionInput): Promise {
+ return apiFetch(`/api/v1/billing/subscriptions`, {
+ method: "POST",
+ body: JSON.stringify(input),
+ });
+}
+
+// ─── invoices ────────────────────────────────────────────────────────
+
+export type InvoiceLineItemDto = {
+ id: string;
+ kind: InvoiceLineItemKind;
+ resource?: QuotaResource | null;
+ description: string;
+ quantity: number;
+ unitPrice: number;
+ amount: number;
+};
+
+export type InvoiceDto = {
+ id: string;
+ tenantId: string;
+ invoiceNumber: string;
+ periodYear: number;
+ periodMonth: number;
+ currency: string;
+ subtotalAmount: number;
+ status: InvoiceStatus;
+ createdAtUtc: string;
+ issuedAtUtc?: string | null;
+ dueAtUtc?: string | null;
+ paidAtUtc?: string | null;
+ voidedAtUtc?: string | null;
+ notes?: string | null;
+ lineItems: InvoiceLineItemDto[];
+ purpose: InvoicePurpose;
+ periodStartUtc?: string | null;
+ periodEndUtc?: string | null;
+};
+
+export type ListInvoicesParams = {
+ tenantId?: string;
+ status?: InvoiceStatus;
+ periodYear?: number;
+ periodMonth?: number;
+ pageNumber?: number;
+ pageSize?: number;
+};
+
+export function listInvoices(params: ListInvoicesParams = {}): Promise> {
+ const query = new URLSearchParams();
+ if (params.tenantId) query.set("tenantId", params.tenantId);
+ if (params.status) query.set("status", params.status);
+ if (params.periodYear) query.set("periodYear", String(params.periodYear));
+ if (params.periodMonth) query.set("periodMonth", String(params.periodMonth));
+ query.set("pageNumber", String(params.pageNumber ?? 1));
+ query.set("pageSize", String(params.pageSize ?? 20));
+ return apiFetch