From 588b836d9ab76ac7cc830c1b85845d9e937b6c70 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Mon, 9 Dec 2024 01:04:31 +0100
Subject: [PATCH 01/66] NORY-31: upgrade oryd/kratos image version

---
 docker/ory-dev/docker-compose.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/ory-dev/docker-compose.yaml b/docker/ory-dev/docker-compose.yaml
index e633d31..190a121 100644
--- a/docker/ory-dev/docker-compose.yaml
+++ b/docker/ory-dev/docker-compose.yaml
@@ -2,7 +2,7 @@ services:
 
   ory-kratos-migrate:
     container_name: ory-kratos-migrate
-    image: oryd/kratos:v1.1.0
+    image: oryd/kratos:v1.3.1
     restart: on-failure
     volumes:
       - ./ory/kratos:/etc/config/kratos
@@ -18,7 +18,7 @@ services:
 
   ory-kratos:
     container_name: ory-kratos
-    image: oryd/kratos:v1.1.0
+    image: oryd/kratos:v1.3.1
     restart: unless-stopped
     ports:
       - 127.0.0.1:4433:4433 # public
-- 
2.45.3


From 07c0d3b696b17f2f911f2fdbb1195ca2b09c0c68 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 15 Dec 2024 03:34:50 +0100
Subject: [PATCH 02/66] NORY-36: add Ory Keto to Docker Compose setup

---
 docker/ory-dev/docker-compose.yaml | 34 +++++++++++++++++++++++
 docker/ory-dev/ory/keto/keto.yaml  | 43 ++++++++++++++++++++++++++++++
 docker/ory-dev/postgres/init.sql   |  3 +++
 3 files changed, 80 insertions(+)
 create mode 100644 docker/ory-dev/ory/keto/keto.yaml

diff --git a/docker/ory-dev/docker-compose.yaml b/docker/ory-dev/docker-compose.yaml
index 190a121..1b603e5 100644
--- a/docker/ory-dev/docker-compose.yaml
+++ b/docker/ory-dev/docker-compose.yaml
@@ -70,6 +70,39 @@ services:
     networks:
       - internal
 
+  ory-keto-migrate:
+    container_name: ory-keto-migrate
+    image: oryd/keto:v0.12.0
+    restart: on-failure
+    volumes:
+      - ./ory/keto:/etc/config/keto
+      - ory-keto-data:/home/ory
+      - ory-keto-data:/var/lib/sqlite
+    command: migrate -c /etc/config/keto/keto.yaml up --yes
+    depends_on:
+      ory-postgres:
+        condition: service_healthy
+    networks:
+      - internal
+
+
+  ory-keto:
+    container_name: ory-keto
+    image: oryd/keto:v0.12.0
+    restart: unless-stopped
+    ports:
+      - 127.0.0.1:4466:4466 # public
+      - 127.0.0.1:4467:4467 # admin
+    volumes:
+      - ./ory/keto:/etc/config/keto
+      - ory-keto-data:/home/ory
+      - ory-keto-data:/var/lib/sqlite
+    command: serve -c /etc/config/keto/keto.yaml all
+    depends_on:
+      ory-keto-migrate:
+        condition: service_completed_successfully
+    networks:
+      - internal
 
   ory-mailslurper:
     container_name: ory-mailslurper
@@ -111,4 +144,5 @@ networks:
 volumes:
   ory-kratos-data:
   ory-hydra-data:
+  ory-keto-data:
   ory-postgres-data:
diff --git a/docker/ory-dev/ory/keto/keto.yaml b/docker/ory-dev/ory/keto/keto.yaml
new file mode 100644
index 0000000..21dad3d
--- /dev/null
+++ b/docker/ory-dev/ory/keto/keto.yaml
@@ -0,0 +1,43 @@
+#
+# Documentation: https://www.ory.sh/docs/keto/reference/configuration
+# Configuration UI: https://www.ory.sh/docs/keto/reference/configuration-editor
+#
+
+#
+# Configure the Keto logging
+#
+log:
+  level: info
+  format: text
+  leak_sensitive_values: true
+
+#
+# Configure the datasource. Alternative for development purposes is 'memory' (not persistent!)
+#
+dsn: postgres://postgres:postgres@ory-postgres:5432/keto?sslmode=disable&max_conns=20&max_idle_conns=4
+
+#
+# Set the required namespaces
+#
+namespaces:
+  - id: 0
+    name: roles
+
+serve:
+  read:
+    host: 0.0.0.0
+    port: 4466
+    cors:
+      enabled: true
+      allowed_origins:
+        - http://localhost:3000
+        - http://localhost:4000
+
+  write:
+    host: 0.0.0.0
+    port: 4467
+    cors:
+      enabled: true
+      allowed_origins:
+        - http://localhost:3000
+        - http://localhost:4000
diff --git a/docker/ory-dev/postgres/init.sql b/docker/ory-dev/postgres/init.sql
index 1e2b2ed..45836a3 100644
--- a/docker/ory-dev/postgres/init.sql
+++ b/docker/ory-dev/postgres/init.sql
@@ -3,3 +3,6 @@ GRANT ALL PRIVILEGES ON DATABASE kratos TO postgres;
 
 CREATE DATABASE hydra;
 GRANT ALL PRIVILEGES ON DATABASE hydra TO postgres;
+
+CREATE DATABASE keto;
+GRANT ALL PRIVILEGES ON DATABASE keto TO postgres;
-- 
2.45.3


From aa037678cb4eb8ae12a9db4300d2dc6abedb3fcd Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 15 Dec 2024 03:37:07 +0100
Subject: [PATCH 03/66] NORY-36: remove webauthn from identity schema

---
 docker/ory-dev/ory/kratos/identity.schema.json | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/docker/ory-dev/ory/kratos/identity.schema.json b/docker/ory-dev/ory/kratos/identity.schema.json
index b937fc1..c3572c0 100644
--- a/docker/ory-dev/ory/kratos/identity.schema.json
+++ b/docker/ory-dev/ory/kratos/identity.schema.json
@@ -15,9 +15,6 @@
             "credentials": {
               "password": {
                 "identifier": true
-              },
-              "webauthn": {
-                "identifier": true
               }
             },
             "recovery": {
-- 
2.45.3


From 488cfa59d2f29f618036d7623ab4be3efd85b242 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 15 Dec 2024 03:37:24 +0100
Subject: [PATCH 04/66] NORY-36: add Ory Keto APIs to dashboard project

---
 dashboard/src/ory/sdk/server/index.ts | 64 ++++++++++++++++++++++++++-
 1 file changed, 63 insertions(+), 1 deletion(-)

diff --git a/dashboard/src/ory/sdk/server/index.ts b/dashboard/src/ory/sdk/server/index.ts
index fb2a176..7649433 100644
--- a/dashboard/src/ory/sdk/server/index.ts
+++ b/dashboard/src/ory/sdk/server/index.ts
@@ -1,6 +1,14 @@
 'use server';
 
-import { Configuration, FrontendApi, IdentityApi, MetadataApi, OAuth2Api } from '@ory/client';
+import {
+    Configuration,
+    FrontendApi,
+    IdentityApi,
+    MetadataApi,
+    OAuth2Api,
+    PermissionApi,
+    RelationshipApi,
+} from '@ory/client';
 
 
 // ####################################################################################
@@ -92,3 +100,57 @@ const kratosMetadataApi = new MetadataApi(
 export async function getKratosMetadataApi() {
     return kratosMetadataApi;
 }
+
+
+// ####################################################################################
+// Relationship API
+// ####################################################################################
+
+const relationshipApi = new RelationshipApi(new Configuration(
+    {
+        basePath: process.env.ORY_KETO_ADMIN_URL,
+        baseOptions: {
+            withCredentials: true,
+        },
+    },
+));
+
+export async function getRelationshipApi() {
+    return relationshipApi;
+}
+
+
+// ####################################################################################
+// Permission API
+// ####################################################################################
+
+const permissionApi = new PermissionApi(new Configuration(
+    {
+        basePath: process.env.ORY_KETO_ADMIN_URL,
+        baseOptions: {
+            withCredentials: true,
+        },
+    },
+));
+
+export async function getPermissionApi() {
+    return permissionApi;
+}
+
+
+// ####################################################################################
+// Keto Metadata API
+// ####################################################################################
+
+const ketoMetadataApi = new MetadataApi(new Configuration(
+    {
+        basePath: process.env.ORY_KETO_ADMIN_URL,
+        baseOptions: {
+            withCredentials: true,
+        },
+    },
+));
+
+export async function getKetoMetadataApi() {
+    return ketoMetadataApi;
+}
-- 
2.45.3


From 9f497ce99dbee869030e028c5c7018915af588d9 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 15 Dec 2024 03:37:35 +0100
Subject: [PATCH 05/66] NORY-36: add Ory Keto to dashboard stack overview

---
 dashboard/src/app/page.tsx | 38 +++++++++++++++++++++++++++++++++++---
 1 file changed, 35 insertions(+), 3 deletions(-)

diff --git a/dashboard/src/app/page.tsx b/dashboard/src/app/page.tsx
index 72fa7dc..cf379ab 100644
--- a/dashboard/src/app/page.tsx
+++ b/dashboard/src/app/page.tsx
@@ -1,4 +1,4 @@
-import { getHydraMetadataApi, getKratosMetadataApi } from '@/ory/sdk/server';
+import { getHydraMetadataApi, getKetoMetadataApi, getKratosMetadataApi } from '@/ory/sdk/server';
 import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card';
 import { Badge } from '@/components/ui/badge';
 
@@ -17,6 +17,7 @@ export default async function RootPage() {
     const kratosDBStatusData = await fetch(process.env.ORY_KRATOS_ADMIN_URL + '/health/ready');
     const kratosDBStatus = await kratosDBStatusData.json() as { status: string };
 
+
     const hydraMetadataApi = await getHydraMetadataApi();
 
     const hydraVersion = await hydraMetadataApi
@@ -30,13 +31,27 @@ export default async function RootPage() {
     const hydraDBStatusData = await fetch(process.env.ORY_KRATOS_ADMIN_URL + '/health/ready');
     const hydraDBStatus = await hydraDBStatusData.json() as { status: string };
 
+
+    const ketoMetadataApi = await getKetoMetadataApi();
+
+    const ketoVersion = await ketoMetadataApi
+        .getVersion()
+        .then(res => res.data.version)
+        .catch(() => '');
+
+    const ketoStatusData = await fetch(process.env.ORY_KETO_ADMIN_URL + '/health/alive');
+    const ketoStatus = await ketoStatusData.json() as { status: string };
+
+    const ketoDBStatusData = await fetch(process.env.ORY_KETO_ADMIN_URL + '/health/ready');
+    const ketoDBStatus = await ketoDBStatusData.json() as { status: string };
+
     return (
         <div className="flex flex-col space-y-4">
             <div>
                 <p className="text-3xl font-bold leading-tight tracking-tight">Software Stack</p>
                 <p className="text-lg font-light">See the list of all applications in your stack</p>
             </div>
-            <div className="flex flex-row space-x-4">
+            <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
                 <Card className="flex-1">
                     <CardHeader>
                         <CardTitle>
@@ -73,7 +88,24 @@ export default async function RootPage() {
                         </Badge>
                     </CardContent>
                 </Card>
-                <div className="flex-1"></div>
+                <Card className="flex-1">
+                    <CardHeader>
+                        <CardTitle>
+                            Ory Keto
+                        </CardTitle>
+                        <CardDescription>
+                            Version {ketoVersion}
+                        </CardDescription>
+                    </CardHeader>
+                    <CardContent className="space-x-1">
+                        <Badge variant={kratosStatus.status === 'ok' ? 'success' : 'destructive'}>
+                            Keto {ketoStatus.status.toUpperCase()}
+                        </Badge>
+                        <Badge variant={kratosStatus.status === 'ok' ? 'success' : 'destructive'}>
+                            Database {ketoDBStatus.status.toUpperCase()}
+                        </Badge>
+                    </CardContent>
+                </Card>
                 <div className="flex-1"></div>
             </div>
         </div>
-- 
2.45.3


From 66775a001e08208ada1f95e7414c3c3e7328d403 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 15 Dec 2024 04:28:26 +0100
Subject: [PATCH 06/66] NORY-36: add error page for unauthorised users

---
 .../app/{ => (inside)}/application/page.tsx   |  0
 dashboard/src/app/(inside)/layout.tsx         | 37 +++++++++++++++++++
 dashboard/src/app/{ => (inside)}/page.tsx     |  0
 .../src/app/{ => (inside)}/user/[id]/page.tsx |  0
 .../src/app/{ => (inside)}/user/action.ts     |  0
 .../app/{ => (inside)}/user/data-table.tsx    |  4 +-
 .../src/app/{ => (inside)}/user/page.tsx      |  2 +-
 .../src/app/(outside)/unauthorised/page.tsx   | 11 ++++++
 dashboard/src/app/layout.tsx                  | 31 +---------------
 dashboard/src/components/error.tsx            |  4 +-
 10 files changed, 54 insertions(+), 35 deletions(-)
 rename dashboard/src/app/{ => (inside)}/application/page.tsx (100%)
 create mode 100644 dashboard/src/app/(inside)/layout.tsx
 rename dashboard/src/app/{ => (inside)}/page.tsx (100%)
 rename dashboard/src/app/{ => (inside)}/user/[id]/page.tsx (100%)
 rename dashboard/src/app/{ => (inside)}/user/action.ts (100%)
 rename dashboard/src/app/{ => (inside)}/user/data-table.tsx (99%)
 rename dashboard/src/app/{ => (inside)}/user/page.tsx (97%)
 create mode 100644 dashboard/src/app/(outside)/unauthorised/page.tsx

diff --git a/dashboard/src/app/application/page.tsx b/dashboard/src/app/(inside)/application/page.tsx
similarity index 100%
rename from dashboard/src/app/application/page.tsx
rename to dashboard/src/app/(inside)/application/page.tsx
diff --git a/dashboard/src/app/(inside)/layout.tsx b/dashboard/src/app/(inside)/layout.tsx
new file mode 100644
index 0000000..5c8f890
--- /dev/null
+++ b/dashboard/src/app/(inside)/layout.tsx
@@ -0,0 +1,37 @@
+import '../globals.css';
+import { Toaster } from '@/components/ui/sonner';
+import React from 'react';
+import { SidebarInset, SidebarProvider, SidebarTrigger } from '@/components/ui/sidebar';
+import { AppSidebar } from '@/components/app-sidebar';
+import { Separator } from '@/components/ui/separator';
+import { Breadcrumb, BreadcrumbItem, BreadcrumbLink, BreadcrumbList } from '@/components/ui/breadcrumb';
+
+export default function InsideLayout({ children }: Readonly<{ children: React.ReactNode }>) {
+    return (
+        <SidebarProvider className="max-h-screen min-h-screen">
+            <AppSidebar className="mx-1"/>
+            <SidebarInset className="overflow-hidden p-6 space-y-6">
+                <header className="flex h-4 items-center gap-2">
+                    <SidebarTrigger className="-ml-1 p-1"/>
+                    <Separator orientation="vertical" className="mr-2 h-4"/>
+                    {
+                        // TODO: implement dynamic Breadcrumbs
+                    }
+                    <Breadcrumb>
+                        <BreadcrumbList>
+                            <BreadcrumbItem className="hidden md:block">
+                                <BreadcrumbLink href="/">
+                                    Ory Dashboard
+                                </BreadcrumbLink>
+                            </BreadcrumbItem>
+                        </BreadcrumbList>
+                    </Breadcrumb>
+                </header>
+                <div className="flex-1 overflow-scroll">
+                    {children}
+                </div>
+            </SidebarInset>
+            <Toaster/>
+        </SidebarProvider>
+    );
+}
diff --git a/dashboard/src/app/page.tsx b/dashboard/src/app/(inside)/page.tsx
similarity index 100%
rename from dashboard/src/app/page.tsx
rename to dashboard/src/app/(inside)/page.tsx
diff --git a/dashboard/src/app/user/[id]/page.tsx b/dashboard/src/app/(inside)/user/[id]/page.tsx
similarity index 100%
rename from dashboard/src/app/user/[id]/page.tsx
rename to dashboard/src/app/(inside)/user/[id]/page.tsx
diff --git a/dashboard/src/app/user/action.ts b/dashboard/src/app/(inside)/user/action.ts
similarity index 100%
rename from dashboard/src/app/user/action.ts
rename to dashboard/src/app/(inside)/user/action.ts
diff --git a/dashboard/src/app/user/data-table.tsx b/dashboard/src/app/(inside)/user/data-table.tsx
similarity index 99%
rename from dashboard/src/app/user/data-table.tsx
rename to dashboard/src/app/(inside)/user/data-table.tsx
index 5819331..6476d7f 100644
--- a/dashboard/src/app/user/data-table.tsx
+++ b/dashboard/src/app/(inside)/user/data-table.tsx
@@ -6,7 +6,7 @@ import { DataTable } from '@/components/ui/data-table';
 import { CircleCheck, CircleX, Copy, MoreHorizontal, Trash, UserCheck, UserMinus, UserPen, UserX } from 'lucide-react';
 import { HoverCard, HoverCardContent, HoverCardTrigger } from '@/components/ui/hover-card';
 import React, { useEffect, useRef, useState } from 'react';
-import { FetchIdentityPageProps } from '@/app/user/page';
+import { FetchIdentityPageProps } from '@/app/(inside)/user/page';
 import { Spinner } from '@/components/ui/spinner';
 import {
     DropdownMenu,
@@ -29,7 +29,7 @@ import {
     AlertDialogHeader,
     AlertDialogTitle,
 } from '@/components/ui/alert-dialog';
-import { blockIdentity, deleteIdentity, deleteIdentitySessions, unblockIdentity } from '@/app/user/action';
+import { blockIdentity, deleteIdentity, deleteIdentitySessions, unblockIdentity } from '@/app/(inside)/user/action';
 
 interface IdentityDataTableProps {
     data: Identity[];
diff --git a/dashboard/src/app/user/page.tsx b/dashboard/src/app/(inside)/user/page.tsx
similarity index 97%
rename from dashboard/src/app/user/page.tsx
rename to dashboard/src/app/(inside)/user/page.tsx
index 6fe3108..f02c636 100644
--- a/dashboard/src/app/user/page.tsx
+++ b/dashboard/src/app/(inside)/user/page.tsx
@@ -1,5 +1,5 @@
 import React from 'react';
-import { IdentityDataTable } from '@/app/user/data-table';
+import { IdentityDataTable } from '@/app/(inside)/user/data-table';
 import { getIdentityApi } from '@/ory/sdk/server';
 import { SearchInput } from '@/components/search-input';
 
diff --git a/dashboard/src/app/(outside)/unauthorised/page.tsx b/dashboard/src/app/(outside)/unauthorised/page.tsx
new file mode 100644
index 0000000..dcd45fb
--- /dev/null
+++ b/dashboard/src/app/(outside)/unauthorised/page.tsx
@@ -0,0 +1,11 @@
+import { ErrorDisplay } from '@/components/error';
+
+export default async function UnauthorizedPage() {
+    return (
+        <div className="bg-background min-h-screen p-16">
+            <ErrorDisplay
+                title="Unauthorised"
+                message="You are unauthorised to access this application!"/>
+        </div>
+    );
+}
diff --git a/dashboard/src/app/layout.tsx b/dashboard/src/app/layout.tsx
index 8fda46d..6c716cf 100644
--- a/dashboard/src/app/layout.tsx
+++ b/dashboard/src/app/layout.tsx
@@ -2,13 +2,8 @@ import type { Viewport } from 'next';
 import { Inter } from 'next/font/google';
 import './globals.css';
 import { cn } from '@/lib/utils';
-import { Toaster } from '@/components/ui/sonner';
 import React from 'react';
 import { ThemeProvider } from 'next-themes';
-import { SidebarInset, SidebarProvider, SidebarTrigger } from '@/components/ui/sidebar';
-import { AppSidebar } from '@/components/app-sidebar';
-import { Separator } from '@/components/ui/separator';
-import { Breadcrumb, BreadcrumbItem, BreadcrumbLink, BreadcrumbList } from '@/components/ui/breadcrumb';
 
 const inter = Inter({ subsets: ['latin'] });
 
@@ -56,31 +51,7 @@ export default function RootLayout({ children }: Readonly<{ children: React.Reac
             enableSystem
             disableTransitionOnChange
         >
-            <SidebarProvider className="max-h-screen min-h-screen">
-                <AppSidebar className="mx-1"/>
-                <SidebarInset className="overflow-hidden p-6 space-y-6">
-                    <header className="flex h-4 items-center gap-2">
-                        <SidebarTrigger className="-ml-1 p-1"/>
-                        <Separator orientation="vertical" className="mr-2 h-4"/>
-                        {
-                            // TODO: implement dynamic Breadcrumbs
-                        }
-                        <Breadcrumb>
-                            <BreadcrumbList>
-                                <BreadcrumbItem className="hidden md:block">
-                                    <BreadcrumbLink href="/">
-                                        Ory Dashboard
-                                    </BreadcrumbLink>
-                                </BreadcrumbItem>
-                            </BreadcrumbList>
-                        </Breadcrumb>
-                    </header>
-                    <div className="flex-1 overflow-scroll">
-                        {children}
-                    </div>
-                </SidebarInset>
-                <Toaster/>
-            </SidebarProvider>
+            {children}
         </ThemeProvider>
         </body>
         </html>
diff --git a/dashboard/src/components/error.tsx b/dashboard/src/components/error.tsx
index e264180..246431d 100644
--- a/dashboard/src/components/error.tsx
+++ b/dashboard/src/components/error.tsx
@@ -5,9 +5,9 @@ interface ErrorDisplayProps {
 
 export async function ErrorDisplay({ title, message }: ErrorDisplayProps) {
     return (
-        <div className="space-y-4">
+        <>
             <p className="text-3xl font-bold leading-tight tracking-tight">{title}</p>
             <p className="text-lg font-light">{message}</p>
-        </div>
+        </>
     );
 }
\ No newline at end of file
-- 
2.45.3


From 9ff25c4a6e5887c9b0834ddeb9ed7202361e1a1b Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 15 Dec 2024 04:28:58 +0100
Subject: [PATCH 07/66] NORY-36: add permission check to dashboard middleware

---
 dashboard/src/middleware.ts | 39 +++++++++++++++++++++++++++++++------
 1 file changed, 33 insertions(+), 6 deletions(-)

diff --git a/dashboard/src/middleware.ts b/dashboard/src/middleware.ts
index 4ef97c3..27c3d02 100644
--- a/dashboard/src/middleware.ts
+++ b/dashboard/src/middleware.ts
@@ -1,13 +1,13 @@
-import { NextResponse } from 'next/server';
+import { NextRequest, NextResponse } from 'next/server';
 import { cookies } from 'next/headers';
-import { getFrontendApi } from '@/ory/sdk/server';
+import { getFrontendApi, getPermissionApi } from '@/ory/sdk/server';
 
-export async function middleware() {
+export async function middleware(request: NextRequest) {
 
-    const api = await getFrontendApi();
+    const frontendApi = await getFrontendApi();
     const cookie = await cookies();
 
-    const session = await api
+    const session = await frontendApi
         .toSession({ cookie: 'ory_kratos_session=' + cookie.get('ory_kratos_session')?.value })
         .then((response) => response.data)
         .catch(() => null);
@@ -25,7 +25,34 @@ export async function middleware() {
         return NextResponse.redirect(url);
     }
 
-    return NextResponse.next();
+    if (request.nextUrl.pathname === '/unauthorised') {
+        return NextResponse.next();
+    }
+
+    const permissionApi = await getPermissionApi();
+    const isAdmin = await permissionApi.checkPermission({
+        namespace: 'roles',
+        object: 'admin',
+        relation: 'member',
+        subjectId: session!.identity!.id,
+    })
+        .then(({ data: { allowed } }) => {
+            console.log('is_admin', session!.identity!.id, allowed);
+            return allowed;
+        })
+        .catch((response) => {
+            console.log('is_admin', session!.identity!.id, response, 'check failed');
+            return false;
+        });
+
+    if (isAdmin) {
+        return NextResponse.next();
+    } else {
+        console.log('MISSING PERMISSION');
+        const url = `${process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL}/unauthorised`;
+        console.log('REDIRECT TO', url);
+        return NextResponse.redirect(url!);
+    }
 }
 
 export const config = {
-- 
2.45.3


From 08e65e0ec3f14ce9a59f8000bb92c06564e49dbd Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 15 Dec 2024 16:37:12 +0100
Subject: [PATCH 08/66] NORY-36: remove async from error display

---
 dashboard/src/components/error.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dashboard/src/components/error.tsx b/dashboard/src/components/error.tsx
index 246431d..5e5ac12 100644
--- a/dashboard/src/components/error.tsx
+++ b/dashboard/src/components/error.tsx
@@ -3,7 +3,7 @@ interface ErrorDisplayProps {
     message: string;
 }
 
-export async function ErrorDisplay({ title, message }: ErrorDisplayProps) {
+export function ErrorDisplay({ title, message }: ErrorDisplayProps) {
     return (
         <>
             <p className="text-3xl font-bold leading-tight tracking-tight">{title}</p>
-- 
2.45.3


From faa3485ca87d8932107e1e22414b73cf4fd80479 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 15 Dec 2024 16:37:33 +0100
Subject: [PATCH 09/66] NORY-36: add logout button to /unauthorised

---
 dashboard/src/app/(outside)/unauthorised/page.tsx | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/dashboard/src/app/(outside)/unauthorised/page.tsx b/dashboard/src/app/(outside)/unauthorised/page.tsx
index dcd45fb..538882b 100644
--- a/dashboard/src/app/(outside)/unauthorised/page.tsx
+++ b/dashboard/src/app/(outside)/unauthorised/page.tsx
@@ -1,11 +1,20 @@
-import { ErrorDisplay } from '@/components/error';
+'use client';
 
-export default async function UnauthorizedPage() {
+import { ErrorDisplay } from '@/components/error';
+import { Button } from '@/components/ui/button';
+import { LogoutLink } from '@/ory';
+import { LogOut } from 'lucide-react';
+
+export default function UnauthorizedPage() {
     return (
         <div className="bg-background min-h-screen p-16">
             <ErrorDisplay
                 title="Unauthorised"
                 message="You are unauthorised to access this application!"/>
+            <Button className="mt-8 space-x-2" onClick={LogoutLink()}>
+                <LogOut className="h-4 w-4"/>
+                <span>Logout</span>
+            </Button>
         </div>
     );
 }
-- 
2.45.3


From 40a46f6457e50a67e3d19688799f662a91b3ec04 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 15 Dec 2024 16:37:51 +0100
Subject: [PATCH 10/66] NORY-36: improve permission check in middleware

---
 dashboard/src/middleware.ts | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/dashboard/src/middleware.ts b/dashboard/src/middleware.ts
index 27c3d02..52d7714 100644
--- a/dashboard/src/middleware.ts
+++ b/dashboard/src/middleware.ts
@@ -25,10 +25,6 @@ export async function middleware(request: NextRequest) {
         return NextResponse.redirect(url);
     }
 
-    if (request.nextUrl.pathname === '/unauthorised') {
-        return NextResponse.next();
-    }
-
     const permissionApi = await getPermissionApi();
     const isAdmin = await permissionApi.checkPermission({
         namespace: 'roles',
@@ -46,15 +42,25 @@ export async function middleware(request: NextRequest) {
         });
 
     if (isAdmin) {
+        if (request.nextUrl.pathname === '/unauthorised') {
+            return redirect('/', 'HAS PERMISSION BUT ACCESSING /unauthorized');
+        }
         return NextResponse.next();
     } else {
-        console.log('MISSING PERMISSION');
-        const url = `${process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL}/unauthorised`;
-        console.log('REDIRECT TO', url);
-        return NextResponse.redirect(url!);
+        if (request.nextUrl.pathname === '/unauthorised') {
+            return NextResponse.next();
+        }
+        return redirect('/unauthorised', 'MISSING SESSION');
     }
 }
 
+function redirect(path: string, reason: string) {
+    console.log(reason);
+    const url = `${process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL}${path}`;
+    console.log('REDIRECT TO', url);
+    return NextResponse.redirect(url!);
+}
+
 export const config = {
     matcher: '/((?!api|_next/static|_next/image|favicon.png|sitemap.xml|robots.txt).*)',
 };
-- 
2.45.3


From 67758135c39f2b44b296d906eab96b0b715a44a9 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Mon, 16 Dec 2024 00:25:47 +0100
Subject: [PATCH 11/66] NORY-36: add script to assign admin role to identity

---
 docker/ory-dev/keto-make-admin.sh | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 docker/ory-dev/keto-make-admin.sh

diff --git a/docker/ory-dev/keto-make-admin.sh b/docker/ory-dev/keto-make-admin.sh
new file mode 100644
index 0000000..cb60efe
--- /dev/null
+++ b/docker/ory-dev/keto-make-admin.sh
@@ -0,0 +1,19 @@
+# this script gives the referenced identity the admin role
+# make sure to provide the id of the identity
+
+# check if a identity id argument was provided
+if [ -z "$1" ]; then
+  echo "Error: please provide an identity id."
+  exit 1
+fi
+
+# set user id variable
+IDENTITY_ID=$1
+
+# execute Ory Keto CLI command to make user an admin
+docker compose exec ory-keto \
+    ory create relation-tuples \
+    \{'namespace':'roles','object':'admin','relation':'member','subject_id':IDENTITY_ID}
+
+# respond with success message
+echo "Identity $IDENTITY_ID was given the admin role."
\ No newline at end of file
-- 
2.45.3


From 1e93ced78bd0dfabcee81c936cda851b8f9ad34c Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Tue, 17 Dec 2024 17:36:16 +0100
Subject: [PATCH 12/66] NORY-36: show user ID on /unauthorized page

---
 .../src/app/(outside)/unauthorised/page.tsx   | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/dashboard/src/app/(outside)/unauthorised/page.tsx b/dashboard/src/app/(outside)/unauthorised/page.tsx
index 538882b..21905ef 100644
--- a/dashboard/src/app/(outside)/unauthorised/page.tsx
+++ b/dashboard/src/app/(outside)/unauthorised/page.tsx
@@ -2,15 +2,34 @@
 
 import { ErrorDisplay } from '@/components/error';
 import { Button } from '@/components/ui/button';
-import { LogoutLink } from '@/ory';
+import { kratos, LogoutLink } from '@/ory';
 import { LogOut } from 'lucide-react';
+import { useEffect, useState } from 'react';
+import { Session } from '@ory/client';
+import { Skeleton } from '@/components/ui/skeleton';
 
 export default function UnauthorizedPage() {
+
+    const [session, setSession] = useState<Session | undefined>(undefined);
+
+    useEffect(() => {
+        kratos.toSession()
+            .then((response) => setSession(response.data));
+    }, []);
+
     return (
         <div className="bg-background min-h-screen p-16">
             <ErrorDisplay
                 title="Unauthorised"
                 message="You are unauthorised to access this application!"/>
+
+            {
+                session ?
+                    <p className="text-xs text-neutral-500">USER ID {session.identity?.id}</p>
+                    :
+                    <Skeleton className="w-72 h-4"/>
+            }
+
             <Button className="mt-8 space-x-2" onClick={LogoutLink()}>
                 <LogOut className="h-4 w-4"/>
                 <span>Logout</span>
-- 
2.45.3


From 9d5e19a91e2a3646f355b36eecfc09419170072f Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Tue, 17 Dec 2024 18:14:21 +0100
Subject: [PATCH 13/66] NORY-36: refactor admin-role script to curl command

---
 docker/ory-dev/keto-make-admin.sh | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/docker/ory-dev/keto-make-admin.sh b/docker/ory-dev/keto-make-admin.sh
index cb60efe..a08624b 100644
--- a/docker/ory-dev/keto-make-admin.sh
+++ b/docker/ory-dev/keto-make-admin.sh
@@ -10,10 +10,15 @@ fi
 # set user id variable
 IDENTITY_ID=$1
 
-# execute Ory Keto CLI command to make user an admin
-docker compose exec ory-keto \
-    ory create relation-tuples \
-    \{'namespace':'roles','object':'admin','relation':'member','subject_id':IDENTITY_ID}
+# execute curl to Ory Keto write endpoint
+curl --request PUT \
+  --url http://localhost:4467/admin/relation-tuples \
+  --data '{
+           "namespace": "roles",
+           "object": "admin",
+           "relation": "member",
+           "subject_id": "'"$IDENTITY_ID"'"
+         }'
 
-# respond with success message
-echo "Identity $IDENTITY_ID was given the admin role."
\ No newline at end of file
+# write success response to terminal
+echo "Applied admin role to the user with ID $IDENTITY_ID"
-- 
2.45.3


From b7f8c72a4f0a9e50fa7aa9aff358ca75bce11572 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Tue, 17 Dec 2024 18:24:59 +0100
Subject: [PATCH 14/66] NORY-36: update README.md

---
 README.md                | 25 ++++++++++++++++---------
 authentication/README.md |  2 +-
 dashboard/README.md      |  2 +-
 docker/README.md         | 20 +++++++++++---------
 4 files changed, 29 insertions(+), 20 deletions(-)

diff --git a/README.md b/README.md
index 3eeceaf..cdfd27b 100644
--- a/README.md
+++ b/README.md
@@ -1,15 +1,14 @@
 # Next-Ory
 
-Get started with ORY authentication quickly and easily.
+Get started with the Ory stack quickly and easily.
 
 > [!Warning]  
 > This project is work in progress. There is no guarantee that everything will work as it should and breaking changes in
 > the future are possible.
 
-The goal of this project is to create an easy-to-use setup to self-host [Ory Kratos](https://www.ory.sh/kratos)
-and [Ory Hydra](https://www.ory.sh/hydra). It will contain an authentication UI, implementing all self-service flows for
-Ory Kratos and Ory Hydra, as well as an admin UI. All UI components are written in NextJS and Typescript, and styled
-using shadcn/ui and TailwindCSS.
+The goal of this project is to create an easy-to-use setup to self-host the [Ory](https://www.ory.sh) stack with all its
+components. It will contain an authentication UI, implementing all self-service flows for Ory Kratos and Ory Hydra, as
+well as an admin UI. All UI components are written in NextJS and Typescript, and styled using shadcn/ui and TailwindCSS.
 
 ## Getting started
 
@@ -41,6 +40,15 @@ bun install
 bun run dev
 ```
 
+To access the admin dashboard, the `identity` has to be a `member` of the `admin` role. (Relation: roles:admin@<
+identity_id>#member) <br/>
+The identity ID is displayed on the screen when accessing the dashboard without sufficient permissions. <br/>
+Use the identity ID to execute the following script with the identity ID as an argument.
+
+```bash
+sh docker/ory-dev/keto-make-admin.sh <identity_id>
+```
+
 ## Deployment
 
 *soon.*
@@ -58,11 +66,10 @@ Hydra. It is implemented in a way, that customizing style and page layout is ver
 
 ## Admin Dashboard
 
-Right now I am working on the admin dashboard for Ory Kratos. It will provide you with an overview of your instance and
-let you manage users, OAuth2 applications and more. It is ***work in progress*** and should not be used in anything
-important as it is not yet protected by Keto permissions but only by a valid Kratos session!
+Right now I am working on the admin dashboard for all Ory applications. It will provide you with an overview of your
+instances and let you manage users, OAuth2 applications and more. It is ***work in progress*** and should be handled
+with caution.
 
 ![A browser window showing the home page of the dashboard UI in dark mode](./documentation/.img/d-dashboard-dark.png)
 
 ![A browser window showing the users page of the dashboard UI in dark mode](./documentation/.img/d-users-dark.png)
-
diff --git a/authentication/README.md b/authentication/README.md
index 0e6613c..40979b3 100644
--- a/authentication/README.md
+++ b/authentication/README.md
@@ -1,6 +1,6 @@
 # Next-Ory - Authentication
 
-This directory contains a NextJS 14 (app router) UI Node, implementing all Ory Kratos and Ory Hydra UI flows.
+This directory contains a NextJS 15 (app router) UI Node, implementing all Ory Kratos and Ory Hydra UI flows.
 
 ## Stack
 
diff --git a/dashboard/README.md b/dashboard/README.md
index 1d8021d..dcca7ae 100644
--- a/dashboard/README.md
+++ b/dashboard/README.md
@@ -1,6 +1,6 @@
 # Next-Ory - Dashboard
 
-This directory contains a NextJS 15 (app router) UI Node, implementing the admin dashboard to the ORY Kratos instance.
+This directory contains a NextJS 15 (app router) UI Node, implementing the admin dashboard for the Ory admin APIs.
 
 ## Stack
 
diff --git a/docker/README.md b/docker/README.md
index da0d4a8..0a39252 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -1,6 +1,6 @@
 # Starting as a container
 
-Starting this project in a container makes testing it really easy. \
+Starting this project in a container makes testing it really easy.
 
 ```bash
 # move to the environment you want to start (here development)
@@ -17,7 +17,7 @@ sh ./hydra-test-consent.sh
 ```
 
 These commands will start up multiple containers in the background.
-Then continue with starting the authentication UI development server as described in the authentication README.
+Then continue with starting the authentication UI development server as described in the root README.
 
 ## Services and Ports
 
@@ -28,13 +28,15 @@ If you start up the environment on a remote server, you will need to tunnel the
 
 | Service        | Port (Public) | Description                                                               |
 |----------------|---------------|---------------------------------------------------------------------------|
-| Console        | 4411 (✗)      | Admin dashboard for Kratos data management (soon)                         |
+| Console        | 4000 (✗)      | Admin dashboard for Kratos data management (soon)                         |
 | Authentication | 3000 (✗)      | User interface for authentication and account management (no docker yet)  |
-| ORY Kratos     | 4433 (✗)      | User management system handling users and self-service flows (Public API) |
-| ORY Kratos     | 4434 (✗)      | User management system handling users and self-service flows (Admin API)  |
+| Ory Kratos     | 4433 (✗)      | User management system handling users and self-service flows (Public API) |
+|                | 4434 (✗)      | User management system handling users and self-service flows (Admin API)  |
 | Mailslurper    | 4436 (✗)      | Mock mailing server (Dashboard)                                           |
-| Mailslurper    | 4437 (✗)      | Mock mailing server (API)                                                 |
-| ORY Hydra      | 4444 (✗)      | OAuth2 and OIDC server connected to Kratos (Public API)                   |
-| ORY Hydra      | 4445 (✗)      | OAuth2 and OIDC server connected to Kratos (Admin API)                    |
-| ORY Hydra      | 5555 (✗)      | Hydra test application to test the consent flow                           |
+|                | 4437 (✗)      | Mock mailing server (API)                                                 |
+| Ory Hydra      | 4444 (✗)      | OAuth2 and OIDC server connected to Kratos (Public API)                   |
+|                | 4445 (✗)      | OAuth2 and OIDC server connected to Kratos (Admin API)                    |
+|                | 5555 (✗)      | Hydra test application to test the consent flow                           |
+| Ory Keto       | 4466 (✗)      | Read Endpoint for Ory Keto authorization ("Public" API)                   |
+|                | 4467 (✗)      | Write Endpoint for Ory Keto authorization ("Admin" API)                   |
 | Postgres DB    | 4455 (✗)      | Postgres database for storing user data                                   |
-- 
2.45.3


From daab1bf3ee85556384fe87f09ecab2ff8a3f84dd Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Tue, 17 Dec 2024 18:40:01 +0100
Subject: [PATCH 15/66] NORY-36: fix app description

---
 authentication/src/app/layout.tsx | 2 +-
 dashboard/src/app/layout.tsx      | 2 +-
 docker/ory-dev/.env               | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/authentication/src/app/layout.tsx b/authentication/src/app/layout.tsx
index 9c43841..d3513e3 100644
--- a/authentication/src/app/layout.tsx
+++ b/authentication/src/app/layout.tsx
@@ -11,7 +11,7 @@ const inter = Inter({ subsets: ['latin'] });
 const APP_NAME = 'Next Ory';
 const APP_DEFAULT_TITLE = 'Next Ory';
 const APP_TITLE_TEMPLATE = `%s | ${APP_DEFAULT_TITLE}`;
-const APP_DESCRIPTION = 'Get started with ORY authentication quickly and easily.';
+const APP_DESCRIPTION = 'Get started with Ory authentication quickly and easily.';
 
 export const metadata = {
     applicationName: APP_NAME,
diff --git a/dashboard/src/app/layout.tsx b/dashboard/src/app/layout.tsx
index 6c716cf..3cbf18b 100644
--- a/dashboard/src/app/layout.tsx
+++ b/dashboard/src/app/layout.tsx
@@ -10,7 +10,7 @@ const inter = Inter({ subsets: ['latin'] });
 const APP_NAME = 'Next Ory';
 const APP_DEFAULT_TITLE = 'Next Ory';
 const APP_TITLE_TEMPLATE = `%s | ${APP_DEFAULT_TITLE}`;
-const APP_DESCRIPTION = 'Get started with ORY authentication quickly and easily.';
+const APP_DESCRIPTION = 'Get started with Ory authentication quickly and easily.';
 
 export const metadata = {
     applicationName: APP_NAME,
diff --git a/docker/ory-dev/.env b/docker/ory-dev/.env
index 2d3b681..5714cfa 100644
--- a/docker/ory-dev/.env
+++ b/docker/ory-dev/.env
@@ -1,2 +1,2 @@
-# The URL of ORY Hydras admin API
+# The URL of Ory Hydras admin API
 HYDRA_ADMIN_API=http://hydra:4445
-- 
2.45.3


From fe1c5cc83af26ccbd98c9dc0fc7a49b58a1dd0ff Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Thu, 26 Dec 2024 12:31:41 +0100
Subject: [PATCH 16/66] NORY-26: add protocol to middleware redirects

---
 authentication/src/middleware.ts | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/authentication/src/middleware.ts b/authentication/src/middleware.ts
index c4c06ed..d7c682a 100644
--- a/authentication/src/middleware.ts
+++ b/authentication/src/middleware.ts
@@ -12,14 +12,13 @@ export async function middleware(request: NextRequest) {
         .then((response) => response.data)
         .catch(() => null);
 
+    const nodeHost = request.nextUrl.protocol + '//' + request.nextUrl.host;
+
     if (!session && !request.nextUrl.pathname.startsWith('/flow')) {
 
         console.log('NO SESSION');
 
-        const url = request.nextUrl.host +
-            '/flow/login?return_to=' +
-            request.nextUrl.host +
-            request.nextUrl.pathname;
+        const url = nodeHost + '/flow/login?return_to=' + request.nextUrl.toString();
 
         console.log('REDIRECT TO', url);
 
@@ -30,7 +29,7 @@ export async function middleware(request: NextRequest) {
 
         console.log('SESSION EXISTS');
 
-        const returnTo = request.nextUrl.searchParams.get('return_to') ?? request.nextUrl.host;
+        const returnTo = request.nextUrl.searchParams.get('return_to') ?? nodeHost;
 
         console.log('REDIRECT TO', returnTo);
 
@@ -41,5 +40,5 @@ export async function middleware(request: NextRequest) {
 }
 
 export const config = {
-    matcher: '/((?!api|_next/static|_next/image|favicon.png|sitemap.xml|robots.txt|sw.js).*)',
+    matcher: '/((?!api|_next/static|_next/image|favicon.png|sitemap.xml|robots.txt|sw.js|manifest.json|icon-72.png|icon-128.png|icon-144.png|icon-192.png|icon-512.png|mt-logo-orange.png).*)',
 };
-- 
2.45.3


From b2552cb729c20104e15b32ef3e6c79c07f759504 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Thu, 26 Dec 2024 12:32:29 +0100
Subject: [PATCH 17/66] NORY-26: add documentation for setting up an admin
 account

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index cdfd27b..8a10ca6 100644
--- a/README.md
+++ b/README.md
@@ -31,6 +31,9 @@ bun install
 bun run dev
 ```
 
+Create an account using the authentication UI on http://localhost:3000.
+The verification code can be found on the dummy SMTP dashboard on http://localhost:4436.
+
 Inside another terminal session we can start the dashboard UI:
 
 ```bash
-- 
2.45.3


From b903517e88d0e8561a0d93aa2e04c3fc191b130b Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Thu, 26 Dec 2024 12:34:53 +0100
Subject: [PATCH 18/66] NORY-26: remove case on top of error handling

---
 authentication/src/ory/hooks.tsx | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/authentication/src/ory/hooks.tsx b/authentication/src/ory/hooks.tsx
index 5c81e04..a03dd8d 100644
--- a/authentication/src/ory/hooks.tsx
+++ b/authentication/src/ory/hooks.tsx
@@ -18,12 +18,6 @@ export const HandleError = (
     return async (
         error: AxiosError<any, unknown>,
     ): Promise<AxiosError | void> => {
-        if (!error.response || error.response?.status === 0) {
-            window.location.href = `/flow/error?error=${encodeURIComponent(
-                JSON.stringify(error.response),
-            )}`;
-            return Promise.resolve();
-        }
 
         const responseData = error.response?.data || {};
 
-- 
2.45.3


From cb1812cde0ca2257a6733c3e810ad3b23e26f329 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Thu, 26 Dec 2024 15:37:20 +0100
Subject: [PATCH 19/66] NORY-26: limit error width and add horizontal margin

---
 authentication/src/app/flow/error/page.tsx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/authentication/src/app/flow/error/page.tsx b/authentication/src/app/flow/error/page.tsx
index e35626f..fa87dc4 100644
--- a/authentication/src/app/flow/error/page.tsx
+++ b/authentication/src/app/flow/error/page.tsx
@@ -51,7 +51,7 @@ export default function Error() {
 
     return (
         <>
-            <Card>
+            <Card className="mx-4 md:mx-8 max-w-5xl">
                 <CardHeader>
                     <CardTitle>An error occurred</CardTitle>
                 </CardHeader>
@@ -61,7 +61,7 @@ export default function Error() {
                     </p>
                 </CardContent>
             </Card>
-            <Button variant="ghost" asChild>
+            <Button asChild>
                 <Link href="/" className="inline-flex space-x-2" passHref>
                     Go back
                 </Link>
-- 
2.45.3


From f86a5ba9a1b85d7c1d068a0ede1954f3a2169485 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 27 Dec 2024 10:28:22 +0100
Subject: [PATCH 20/66] NORY-42: add status card component

---
 dashboard/src/components/status-card.tsx | 62 ++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 dashboard/src/components/status-card.tsx

diff --git a/dashboard/src/components/status-card.tsx b/dashboard/src/components/status-card.tsx
new file mode 100644
index 0000000..d6d4038
--- /dev/null
+++ b/dashboard/src/components/status-card.tsx
@@ -0,0 +1,62 @@
+import { Card, CardDescription, CardFooter, CardHeader, CardTitle } from '@/components/ui/card';
+import { Badge } from '@/components/ui/badge';
+import { Tooltip, TooltipContent, TooltipTrigger } from '@/components/ui/tooltip';
+
+export type MetadataApiReady = {
+    status?: 'ok',
+    errors?: string[]
+}
+
+interface StatusCardProps {
+    title: string;
+    version?: string;
+    name: string;
+    status: MetadataApiReady;
+    className?: string;
+}
+
+export function StatusCard({ title, version, name, status, className }: StatusCardProps) {
+
+    return (
+        <Card className={className}>
+            <CardHeader>
+                <CardTitle>
+                    {title}
+                </CardTitle>
+                <CardDescription>
+                    {
+                        version ?
+                            <span>Version {version}</span>
+                            :
+                            <span>OFFLINE</span>
+                    }
+                </CardDescription>
+            </CardHeader>
+            <CardFooter className="space-x-1">
+                {
+                    status.status && (
+                        <Badge variant="success">
+                            {name} {status.status.toUpperCase()}
+                        </Badge>
+                    )
+                }
+                {
+                    status.errors && (
+                        <Tooltip>
+                            <TooltipTrigger>
+                                <Badge variant="destructive">
+                                    {name} Error
+                                </Badge>
+                            </TooltipTrigger>
+                            <TooltipContent>
+                                {
+                                    status.errors.map((error) => <span>{error}</span>)
+                                }
+                            </TooltipContent>
+                        </Tooltip>
+                    )
+                }
+            </CardFooter>
+        </Card>
+    );
+}
-- 
2.45.3


From 3e07b5480f71022779cb5e6454f42750a5c1833b Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 27 Dec 2024 10:29:36 +0100
Subject: [PATCH 21/66] NORY-42: refactor status cards on dashboard

Simplified requests and replaced UI with new status card component
---
 dashboard/src/app/(inside)/page.tsx | 127 +++++++++-------------------
 1 file changed, 41 insertions(+), 86 deletions(-)

diff --git a/dashboard/src/app/(inside)/page.tsx b/dashboard/src/app/(inside)/page.tsx
index cf379ab..604a7e2 100644
--- a/dashboard/src/app/(inside)/page.tsx
+++ b/dashboard/src/app/(inside)/page.tsx
@@ -1,49 +1,40 @@
 import { getHydraMetadataApi, getKetoMetadataApi, getKratosMetadataApi } from '@/ory/sdk/server';
-import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card';
-import { Badge } from '@/components/ui/badge';
+import { MetadataApiReady, StatusCard } from '@/components/status-card';
 
 export default async function RootPage() {
 
     const kratosMetadataApi = await getKratosMetadataApi();
-
-    const kratosVersion = await kratosMetadataApi
-        .getVersion()
+    const kratosVersion = await kratosMetadataApi.getVersion()
         .then(res => res.data.version)
-        .catch(() => '');
-
-    const kratosStatusData = await fetch(process.env.ORY_KRATOS_ADMIN_URL + '/health/alive');
-    const kratosStatus = await kratosStatusData.json() as { status: string };
-
-    const kratosDBStatusData = await fetch(process.env.ORY_KRATOS_ADMIN_URL + '/health/ready');
-    const kratosDBStatus = await kratosDBStatusData.json() as { status: string };
+        .catch(() => undefined);
+    const kratosStatus = await fetch(process.env.ORY_KRATOS_ADMIN_URL + '/health/ready')
+        .then((response) => response.json() as MetadataApiReady)
+        .catch(() => {
+            return { errors: ['No instance running'] } as MetadataApiReady;
+        });
 
 
     const hydraMetadataApi = await getHydraMetadataApi();
-
-    const hydraVersion = await hydraMetadataApi
-        .getVersion()
+    const hydraVersion = await hydraMetadataApi.getVersion()
         .then(res => res.data.version)
-        .catch(() => '');
-
-    const hydraStatusData = await fetch(process.env.ORY_KRATOS_ADMIN_URL + '/health/alive');
-    const hydraStatus = await hydraStatusData.json() as { status: string };
-
-    const hydraDBStatusData = await fetch(process.env.ORY_KRATOS_ADMIN_URL + '/health/ready');
-    const hydraDBStatus = await hydraDBStatusData.json() as { status: string };
+        .catch(() => undefined);
+    const hydraStatus = await fetch(process.env.ORY_HYDRA_ADMIN_URL + '/health/ready')
+        .then((response) => response.json() as MetadataApiReady)
+        .catch(() => {
+            return { errors: ['No instance running'] } as MetadataApiReady;
+        });
 
 
     const ketoMetadataApi = await getKetoMetadataApi();
-
-    const ketoVersion = await ketoMetadataApi
-        .getVersion()
+    const ketoVersion = await ketoMetadataApi.getVersion()
         .then(res => res.data.version)
-        .catch(() => '');
+        .catch(() => undefined);
+    const ketoStatus = await fetch(process.env.ORY_KETO_ADMIN_URL + '/health/ready')
+        .then((response) => response.json() as MetadataApiReady)
+        .catch(() => {
+            return { errors: ['No instance running'] } as MetadataApiReady;
+        });
 
-    const ketoStatusData = await fetch(process.env.ORY_KETO_ADMIN_URL + '/health/alive');
-    const ketoStatus = await ketoStatusData.json() as { status: string };
-
-    const ketoDBStatusData = await fetch(process.env.ORY_KETO_ADMIN_URL + '/health/ready');
-    const ketoDBStatus = await ketoDBStatusData.json() as { status: string };
 
     return (
         <div className="flex flex-col space-y-4">
@@ -52,61 +43,25 @@ export default async function RootPage() {
                 <p className="text-lg font-light">See the list of all applications in your stack</p>
             </div>
             <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-                <Card className="flex-1">
-                    <CardHeader>
-                        <CardTitle>
-                            Ory Kratos
-                        </CardTitle>
-                        <CardDescription>
-                            Version {kratosVersion}
-                        </CardDescription>
-                    </CardHeader>
-                    <CardContent className="space-x-1">
-                        <Badge variant={kratosStatus.status === 'ok' ? 'success' : 'destructive'}>
-                            Kratos {kratosStatus.status.toUpperCase()}
-                        </Badge>
-                        <Badge variant={kratosStatus.status === 'ok' ? 'success' : 'destructive'}>
-                            Database {kratosDBStatus.status.toUpperCase()}
-                        </Badge>
-                    </CardContent>
-                </Card>
-                <Card className="flex-1">
-                    <CardHeader>
-                        <CardTitle>
-                            Ory Hydra
-                        </CardTitle>
-                        <CardDescription>
-                            Version {hydraVersion}
-                        </CardDescription>
-                    </CardHeader>
-                    <CardContent className="space-x-1">
-                        <Badge variant={kratosStatus.status === 'ok' ? 'success' : 'destructive'}>
-                            Hydra {hydraStatus.status.toUpperCase()}
-                        </Badge>
-                        <Badge variant={kratosStatus.status === 'ok' ? 'success' : 'destructive'}>
-                            Database {hydraDBStatus.status.toUpperCase()}
-                        </Badge>
-                    </CardContent>
-                </Card>
-                <Card className="flex-1">
-                    <CardHeader>
-                        <CardTitle>
-                            Ory Keto
-                        </CardTitle>
-                        <CardDescription>
-                            Version {ketoVersion}
-                        </CardDescription>
-                    </CardHeader>
-                    <CardContent className="space-x-1">
-                        <Badge variant={kratosStatus.status === 'ok' ? 'success' : 'destructive'}>
-                            Keto {ketoStatus.status.toUpperCase()}
-                        </Badge>
-                        <Badge variant={kratosStatus.status === 'ok' ? 'success' : 'destructive'}>
-                            Database {ketoDBStatus.status.toUpperCase()}
-                        </Badge>
-                    </CardContent>
-                </Card>
-                <div className="flex-1"></div>
+                <StatusCard
+                    title="Ory Kratos"
+                    version={kratosVersion}
+                    name="Kratos"
+                    status={kratosStatus}
+                    className="flex-1"/>
+                <StatusCard
+                    title="Ory Hydra"
+                    version={hydraVersion}
+                    name="Hydra"
+                    status={hydraStatus}
+                    className="flex-1"/>
+                <StatusCard
+                    title="Ory Keto"
+                    version={ketoVersion}
+                    name="Keto"
+                    status={ketoStatus}
+                    className="flex-1"/>
+                <div className="flex-1"/>
             </div>
         </div>
     );
-- 
2.45.3


From 2c9a97b4c706dc5aaf641a338e646d3ddf1e07ad Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 27 Dec 2024 10:31:48 +0100
Subject: [PATCH 22/66] NORY-39: replace hover card with tooltips

---
 .../src/app/(inside)/user/data-table.tsx      | 26 +++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/dashboard/src/app/(inside)/user/data-table.tsx b/dashboard/src/app/(inside)/user/data-table.tsx
index 6476d7f..39f9ae1 100644
--- a/dashboard/src/app/(inside)/user/data-table.tsx
+++ b/dashboard/src/app/(inside)/user/data-table.tsx
@@ -4,7 +4,6 @@ import { ColumnDef } from '@tanstack/react-table';
 import { Identity } from '@ory/client';
 import { DataTable } from '@/components/ui/data-table';
 import { CircleCheck, CircleX, Copy, MoreHorizontal, Trash, UserCheck, UserMinus, UserPen, UserX } from 'lucide-react';
-import { HoverCard, HoverCardContent, HoverCardTrigger } from '@/components/ui/hover-card';
 import React, { useEffect, useRef, useState } from 'react';
 import { FetchIdentityPageProps } from '@/app/(inside)/user/page';
 import { Spinner } from '@/components/ui/spinner';
@@ -30,6 +29,7 @@ import {
     AlertDialogTitle,
 } from '@/components/ui/alert-dialog';
 import { blockIdentity, deleteIdentity, deleteIdentitySessions, unblockIdentity } from '@/app/(inside)/user/action';
+import { Tooltip, TooltipContent, TooltipTrigger } from '@/components/ui/tooltip';
 
 interface IdentityDataTableProps {
     data: Identity[];
@@ -83,24 +83,24 @@ export function IdentityDataTable({ data, pageSize, pageToken, query, fetchIdent
                             <span>{email.value}</span>
                             {
                                 email.verified ?
-                                    <HoverCard>
-                                        <HoverCardTrigger>
+                                    <Tooltip>
+                                        <TooltipTrigger>
                                             <CircleCheck/>
-                                        </HoverCardTrigger>
-                                        <HoverCardContent>
+                                        </TooltipTrigger>
+                                        <TooltipContent>
                                             <span>This email was confirmed at </span>
                                             {new Date(email.verified_at!!).toLocaleString()}
-                                        </HoverCardContent>
-                                    </HoverCard>
+                                        </TooltipContent>
+                                    </Tooltip>
                                     :
-                                    <HoverCard>
-                                        <HoverCardTrigger>
+                                    <Tooltip>
+                                        <TooltipTrigger>
                                             <CircleX/>
-                                        </HoverCardTrigger>
-                                        <HoverCardContent>
+                                        </TooltipTrigger>
+                                        <TooltipContent>
                                             This email is not confirmed yet
-                                        </HoverCardContent>
-                                    </HoverCard>
+                                        </TooltipContent>
+                                    </Tooltip>
                             }
                         </div>
                     );
-- 
2.45.3


From bc30c83dcb1a1862a2c937eda21067cd93344a36 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 28 Dec 2024 23:10:45 +0100
Subject: [PATCH 23/66] NORY-47: add shadcn textarea component

---
 dashboard/src/components/ui/textarea.tsx | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 dashboard/src/components/ui/textarea.tsx

diff --git a/dashboard/src/components/ui/textarea.tsx b/dashboard/src/components/ui/textarea.tsx
new file mode 100644
index 0000000..fcbdc98
--- /dev/null
+++ b/dashboard/src/components/ui/textarea.tsx
@@ -0,0 +1,22 @@
+import * as React from 'react';
+
+import { cn } from '@/lib/utils';
+
+const Textarea = React.forwardRef<
+    HTMLTextAreaElement,
+    React.ComponentProps<'textarea'>
+>(({ className, ...props }, ref) => {
+    return (
+        <textarea
+            className={cn(
+                'flex min-h-[80px] w-full rounded-md border border-input bg-background px-3 py-2 text-base ring-offset-background placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50 md:text-sm',
+                className,
+            )}
+            ref={ref}
+            {...props}
+        />
+    );
+});
+Textarea.displayName = 'Textarea';
+
+export { Textarea };
-- 
2.45.3


From 9170454ae2b1de1a331f5d3d60f2dd04b68e88ba Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 28 Dec 2024 23:41:05 +0100
Subject: [PATCH 24/66] NORY-47: refactor dynamic zodSchema generation

---
 dashboard/src/lib/forms/identity-form.ts | 112 +++++++++++++----------
 1 file changed, 63 insertions(+), 49 deletions(-)

diff --git a/dashboard/src/lib/forms/identity-form.ts b/dashboard/src/lib/forms/identity-form.ts
index c891884..c15f4c2 100644
--- a/dashboard/src/lib/forms/identity-form.ts
+++ b/dashboard/src/lib/forms/identity-form.ts
@@ -1,22 +1,39 @@
+'use client';
+
 import { z } from 'zod';
 
-// interface for a list of properties
+export const literalSchema = z.union([z.string(), z.number(), z.boolean(), z.null()]);
+type Literal = z.infer<typeof literalSchema>;
+type Json = Literal | { [key: string]: Json } | Json[];
+export const jsonSchema: z.ZodType<Json> = z.lazy(() =>
+    z.union([literalSchema, z.array(jsonSchema), z.record(jsonSchema)]),
+);
+
+// Interface for a list of properties
 export interface KratosSchemaProperties {
     [key: string]: {
-        type: string;
+        type: 'string' | 'number' | 'integer' | 'boolean' | 'object' | 'array' | 'null';
         format?: string;
         title: string;
         minLength?: number;
         maxLength?: number;
         minimum?: number;
         maximum?: number;
-        required?: boolean;
+        required: boolean;
         description?: string;
-        properties?: KratosSchemaProperties
+        properties?: KratosSchemaProperties;
+        enum?: any[];
+        pattern?: string;
+        items?: KratosSchemaProperties;
+        oneOf?: KratosSchemaProperties[];
+        anyOf?: KratosSchemaProperties[];
+        allOf?: KratosSchemaProperties[];
+        dependencies?: { [key: string]: string[] | KratosSchemaProperties };
+        additionalProperties?: boolean;
     };
 }
 
-// interface for the kratos identity schema
+// Interface for the Kratos identity schema
 export interface KratosSchema {
     $id: string;
     $schema: string;
@@ -32,53 +49,50 @@ export interface KratosSchema {
     };
 }
 
-export function generateZodSchema(properties: KratosSchemaProperties) {
+export function kratosSchemaToZod(schema: KratosSchema): z.ZodObject<any> {
 
-    const zodSchema = z.object({});
+    // Function to recursively convert Kratos properties to Zod types
+    function convertProperties(properties: KratosSchemaProperties): { [key: string]: z.ZodTypeAny } {
+        const zodProps: { [key: string]: z.ZodTypeAny } = {};
+        for (const key in properties) {
+            const prop = properties[key];
 
-    for (const [key, value] of Object.entries(properties)) {
-        let zodType;
-        switch (value.type) {
-            case 'string':
-                zodType = z.string();
-                if (value.format === 'email') {
-                    zodType = z.string().email();
-                }
-                if (value.minLength) {
-                    zodType = zodType.min(value.minLength);
-                }
-                if (value.maxLength) {
-                    zodType = zodType.max(value.maxLength);
-                }
-                break;
-            case 'integer':
-            case 'number':
-                zodType = z.number();
-                if (value.minimum) {
-                    zodType = zodType.min(value.minimum);
-                }
-                if (value.maximum) {
-                    zodType = zodType.max(value.maximum);
-                }
-                break;
-            case 'boolean':
-                zodType = z.boolean();
-                break;
-            case 'object':
-                const schemaCopy = structuredClone(schema);
-                schemaCopy.properties.traits.properties = value.properties!;
-                zodType = generateZodSchema(schemaCopy);
-                break;
-            default:
-                zodType = z.any();
+            let zodType;
+            switch (prop.type) {
+                case 'string':
+                    zodType = z.string();
+                    if (prop.format === 'email') zodType = zodType.email();
+                    if (prop.minLength) zodType = zodType.min(prop.minLength);
+                    if (prop.maxLength) zodType = zodType.max(prop.maxLength);
+                    if (prop.pattern) zodType = zodType.regex(new RegExp(prop.pattern));
+                    break;
+                case 'number':
+                case 'integer':
+                    zodType = z.number();
+                    if (prop.minimum) zodType = zodType.min(prop.minimum);
+                    if (prop.maximum) zodType = zodType.max(prop.maximum);
+                    break;
+                case 'boolean':
+                    zodType = z.boolean();
+                    break;
+                case 'object':
+                    zodType = z.object(convertProperties(prop.properties || {}));
+                    break;
+                case 'array':
+                    zodType = z.array(
+                        prop.items ? kratosSchemaToZod({ properties: { item: prop.items } } as any).shape.item : z.any(),
+                    );
+                    break;
+                default:
+                    zodType = z.any(); // Fallback to any for unknown types
+            }
+
+            if (prop.enum) zodType = zodType.refine((val) => prop.enum!.includes(val));
+
+            zodProps[key] = zodType;
         }
-
-        if (!value.required) {
-            zodType = zodType.nullable();
-        }
-
-        zodSchema.extend({ [key]: zodType });
+        return zodProps;
     }
 
-    return zodSchema;
+    return z.object(convertProperties(schema.properties.traits.properties));
 }
-- 
2.45.3


From 52db0c8a5f974cc88df2d45dcabab7edade4bd9f Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 28 Dec 2024 23:42:55 +0100
Subject: [PATCH 25/66] NORY-47: add zod-utils to dashboard project

---
 dashboard/bun.lockb    | Bin 228956 -> 229372 bytes
 dashboard/package.json |   3 ++-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/dashboard/bun.lockb b/dashboard/bun.lockb
index af3b2c649510603414dde671c7ba74f7a6c692d3..ec6a87b494fe9f97dc3d5c6a66a88bb89738459b 100755
GIT binary patch
delta 42279
zcmeFad3a6N7yp0nkxQ<Md5VZBrXZ$>Btov#Eao`~B0_=)5+#VlRH4Qmx~W-fNEJnu
zP;GUjt(NLQRaIN9q1vLKR;c>D))^vvwBOJ7d49h?e$UhMcw2kD_u6}}z4ma1dv5Mm
zfBO7+&u3}FK(80?zFF$<J0DKXaBlmp^o={N;NHt(yZ!NerNiYiQv9!eF*dW1Lyo%3
z`d1y~T|+Yzhoc{|jKh(29>R^Bnli%3S<C-L(LaTM3^_3&E<O$J3u-BWeiXhKvY5-1
zcf1^qQs`Hg9jTDnq=>^&0c9PsI5IvpH6b<L;i!TxjisdqjY}Dk;7FoEsXU67q_Q)3
z;E%kB?u(2k(+}ANDfPWWep%!`WJ%;^ORliwTvL|GnoL3(PDV;E;@$d0XTwZ?JoiC8
zSlFb;#f?izqQ7g=vCK-3OCBq|FOHv5zr*tX2KiFm#Dvt8u}>s8o}s5z(HA16`WZ;c
zPmD`VnLN(nI8oYcr>T`cK51k+)n+=XKu8C^w<<h?lmL8W$)wbvQDakvJ5FLG6~7HH
zvUfSN!j~-lYjkmV_{6yQgj9#4Z+X*hHBub8hLrp*mi=<1+YwAa5+;sHXzFm-4ZcEH
zrKgiCnj`ZuQbxj$@XIi7(NAi1+&wCp)qbfv3suc*R@v;t_@s$(X|$d^RbobYhE6(@
zmY6V3I(!E^(F?;%)C17zf0ofh>_4yKaNuXwyGZdtC!}JZZOKa2OdnE^Qht0~T4K<c
z1buy>QkjP+Beut@n;lI~8kaOaE;V%zymWka4YTZNqy!|#;wJ={ZH+)mov}4d`^HEK
zw0A92-X&k+unJvf-eRP*cLY1+@T^(2%?eH;rQrXmB6nTWk%ubEszgx4;X+7h$e#Lx
z^krV5nH%bxxv7b96UP&>n?Vi-J<2+TBq~`iBV{5!gQSO9Q!F_MDGSMiq~fdqOS+Ma
zW!Ciu4hJKh^(9hTeH$r5vD1>PkW8`6tT|>PYdlgW?qExHv}7n!#&l9MGu~;bW0QvC
zXajhOS877?6A2R?j`)<ZDG0~r5HqgVkuolAnwxejHEXO>$EINBXc#JbrX%Zin8U$X
zWPOROhCFD=XDvAmDG?ZK$w;I`qM9WOAte$&P@%~8krI(zNZDGJwlXJ#-GSNYKJdv2
z$s<!U@nmJBIRwdM6eDA~Rd6a&LRl3lD<wV3bTkGjj)q&(*OIqen~t8f<YA;Zy55qr
zkpAcimh6Pg6i*wH5KqfkGS6c+oJ7bZ#N!gCq&YaMbu{_Hmb})%+(bV^R>bbGCAT0e
zpf5$rm`_K_(2hq+2m4zxx`U&UK}12w6tCaKY%mO6rtJ8X)HHT>$M8w1!&BJbqPpr6
zi_|XlK{vBLKm213Wu@pjMH<DF?P-Q74k@kO?O}TH3sNS+)Lv#I?^&`^Z-=8aybn^w
zBW+?cri#Nce$u$~c+MTguoG|N^(NjGGRyRHI9P~TCy~{VH~Kmp)segUo9ksAIy+j{
z2B+Ejesqa#W2BsrP9bF$J&BZ9`3yA6r=Ux$VvrK6HkN#SkZHHolmoNIk&tfK1(u;p
zf!49+^jeFQ?kq&gdYMjsIb;<o6#iw)v9d!=$DTyW?7E{@cUN%!pohDwCe>zPN$B20
ziqk{m&GC2#DQ$O0%0AixDRqA_!W^ec31+A`aT(+Gk;MmKC!O0*eKL{OApMY8`VrbZ
zrk`=w$$T!!tovD{jCtf}bC{Bok`sbP40kj_m)Wn4G40|~)5pb+NlIIQz4($gcEsq^
zg2M(c{U1LuAuTN_VPamQ*_UsT(udS!Qznc^N=r%^S1I)#gp7YYQYws3Ng0zwM?TkA
z6|I`tccR0=&YTsBl*Qz0$*mL2YX3q?m%6Y*WV|0fJ+zo)c4tJw@JXX^Gg*A)xJWsf
zFCQT#L<f-)dW94(icdDm)yNt-HZCnKVT5C1Qu4&Okq(D_Zp*_!41d;R9&6M@XLU$~
z=UK(;PBq=DjFd_Ixh0PwrL!aS+{dbB4w`PpJZaRpl!<gXA(f~hi)5I5+~_9^XSbqP
zqLhvlCzEJJ#$?jOq#z0Y6iXk3H0B9XT5V&=+nHt%t|MiP!{G5YGpiv9S@<<A*>$Gb
zsj&%9jFXnzpi6#ZOSV8t1tSs?#s?*(Ix1P^N+AtCB|dFp(zt|#)JbVcV^bX?lg5n*
znl#>VcD5Ow6P6qwG&UtZ?y)p#8Jm=xl;$|0Uno`~bLL#rf3C8Ei2EpgytznoIAch^
zznN#|kIlBW2Bb7A*9OT+scEBAQ^tkh_EGF)ksqCJ#>szyX}2G}6#VDtGFq=8#cuLb
z#v0AcdI3Tj8kI7hCFF4Iq<}QAccD3)TaYq*!xxzq^g~LZm%z&`vQLJGa6s&KSPtJ=
zY}(IRW;*Z<QU-8j%ETZpyA#_jm3&TyQ<j*!%Dtz}5uaokzN?!nzW;L5p^Frd3b>q{
zm@q0~$}Dtov;+Aik<F3P(;&<K5ap%E@zhrux$POVozlwG4<So3JF@&&nj>Duk~EN-
zkmhh8ljFvVjGH(yF5R(;28&|9g@UpbEkRa5&P2)-9FG(SF4H053$HdK`xNCQzYC5C
zUkzOx4?)iqBEa&{jg&e68wS$Ar^r&s*O0RB2CXyo-RKhP=a5qISSx=pvLt#BqzqAW
zq(m$bDfX!wOujt2bi}cg_)EoK;;|SWMM|jlBE^AqmRyW1i5`oTou?gACedofTI{ot
zWsvrcGhn=FH^N#Q6Udj2w%lym#iEx*Z#|Fr`;%x2Aw8*!6wh9H(j2=Sq<Fp-DLu;G
zYC5tAT^ve_8y`1(Y=R?jn`u7@UK~rsfojOwNZIoGzu<7xL@voOPl+CMvD=zC!Stvb
z8PdQ`q!gTp6vqZ4#n59_bS1^q&3g~dvFOsX!$^r_v0Y|^_ja0&|A;Q-Z&><yq(tf@
zvN$p`Zc0K>JUiiA7LkjT2s}fDV))J;vw;_p(i8h`Z3Vj68Mm<POY_jB!VyR*cjsku
zXu6<_1I;YSyf!+T`HC^*nOSKhWSI;?N(5%^H+#apZQR(n5eaGNG6chrGG=caFz1S2
zuC=^UQ`6GNCpfk`v;_^`+1l{ww0AeXl{fNIQ1kDuc4(V<WPPoy2KDDA3}0F#{I7+z
zyiYCt@$}ceOW$6;$n)xl9oOn#mm0mdN9ju?U6(Y6qlMn8M}$_RklrF7Qj0C5PpuQ_
zT&1T6czjEGIUF5novuA_{HdP|sG|+=(r*Vuy0>H08Y4|VGA2~3=+dXwjMN6W^n*1c
zU7K7~pl8&Ka9+{FYk9Q3h4rbmBHbN}7*7kb3hOg#hB{x=^J;nAx8a&mO(Chq-O$_N
z=!WK{J8Oq(4cz*{+L4-fQT;ZeYf-%gE-uz{>v)`h>3RG=Ll3X(ai1WfosBA}R;yG@
zKUg=?Ia<%F>v3+=!vj5B{G<nZv|2v;)WAsh2;$ooYo~q$Corhzael9-*YjwB#r1>r
zBHe=-*~YdH&V_n-eUJMfTmz#CDfEM$Ti>JAE1}=6AL$-j!r^F{U*9WwdIOL93S0}r
zJgR=ER<opjyFsM0j~*W6ajz(8HeXne3JP_fL2HL$34LZjsI!Bfhs8d2p^;{VV?tei
zrKw(TRV%{TU(apmaj!v_cxe(L_c^r34O_bIuF8N}u8awF4$^ZQdE8II^}xc*XzwhV
zbl!}1Ri+sCCYBa!X@!lNSEDsI%LRtI&!S1q40g>hZ+0tDy!0b=L*2vB#09eIhPpOM
zo_;qV!ug{f-qho+Ufv$wD5@EXCMAnV?A<wN;*86v=XW%T8F|d7#ufCb!I93fdTy}C
z`L3Q9%uHeFi?=R4DmlzqQJ>l@(z!s-ZRT;GWzES{bV?t!dcJy#kVxlvJw3$Z+@<G+
zcwFDIn49Z&+qZO9(pxl-bPmzen|s{Pu>DK>ngri<6|J*=xKV@_;wMJ#WH#S0vJ2@9
zqVq#NH`L?osORzjDm^^R<NR1p5A(RIuyKi3wB0<^oru=lEYmd9wNCQ%yAxV^laLq@
zF=l9$D*D0jNaqwiFWlq$sfxqVM{l*JrFT_x(J?fQLfz}oq*_W050flWis(^cq3*zH
z4o7=5W8t}{qe<1~h`xqq`YZu1S>54iYFNr#c|2buz|J&1y`{(bxt`n7<1SUhELB9-
zrMnZF41`;s84~J#8qI30Zm9M{4gEF?xn6)hzmK#Gb<WhoBR%f7EY91QKJ#i87)|$w
zXfp1Fjgc;0%hb$q?}jFW#{{Lhm(cp5ncXQ|+w8cvu{pH0G-5I=%p2u#42@~$Jgeun
z_P8t5F&p)k0d@C8Gbfv9i!6=32kjV|H0m;XT%oQx5gf)E8H6U$rvJgA?p2n?s%Q}E
z{sK*6V-94gK>haPGSkA_cwDas5-9y{{RpjOJ^f&tNOx2{9ztNt%%~sgPO&tXgvYs7
zPjBmSUw~_7Sj-Fy^$n?SuGB~Fy1qG9u7iWwoPQX5vNKOlZ|8B9qq$M~-MSI3>7?R~
z)Ok{IMyhoqhhwObTA!c#i&U(^4Pwh1Bq{eRk}|yt33Zif;&2SmGulPCl1TM2Qin<P
zGEya&UOkM|(EQXcQr!&hZhk5{*x~46a4J9bU4E(&L1-_z?m46+_Qb4dsQXPcs*o|R
z6YBoW%F}eV63r8$w}_5(r-qm&#_VzK)^nph?t5^ut{uhzc4IwCl@9$#a46e(dKZuD
z7r4g8ShWh(Z+D4w`G<3Jq~Gll;hIH?D3Q95pK8sJo7{R*#EaZN^HVVqM&#gL&QFzK
z;>8$tiTSA`r1~3N#a29Tm6UUX9^S*_yr8G|@MzT{^@BYkog?+U9v=5bT$YJOAi_dj
zXVJp-j2;oLvL36bD~VKZsl@#%DQd))Y2;oLMOX4QCu?MAzBcRu?ezz=DsAXmzU8zB
zw9{zTl%R!Rf_q<Ej24q$?#BnT*6rwWex5?>o3H)!fEL9b)7!|4nir<$_4T-mbZ|JB
zXPg?HOT)Z7niZ9hv3LLWfEL}!tk%rifF>20+RX>F_FN_O%+FJ3-Sf2{(4uWkYZ9$b
z9UxnD?f{SbWq3xG86+oyU-a-8k2}6g{;c90xDky>XEw^Fnumo?S9@{GiJ>c6Yb+Qe
zPV|fP+<~0X;8<%iy*Vq?>!!CD6zQC$rw{VD&UbS-I_MdLBDC7w_1l9YU5oIvgMN2V
zg!@xca*APl3Ji4><=h^sXAEiSO@gJKWp0%zXhhUBa_>Wv$z&992M_{T5T-T>jUeGf
zRIO0=YiKlW<<;qB?x2RHbB>-n#N$3`ahxmIM;j1o`p$kRXP7By%qcXPhzHRcqj90d
zg~1iHFuhgN2zQM>W+*rra4j`lPao!SZ-A4P&MBc$sOuB7F8blt5w2033r6dQ6I*(b
z7^1gIZ0XH>8fMnYx#}d^a6=Psf(Mv8sCj0bjV3WLLhe3>Mje(`l^M%SwX}G&!TH+j
zXc7bC0@2-YpxvIduozAHYvz54#<Y=I@TDee!qnu-?h7=t7AaSY>hEi*XfhtAXFJf$
zI>j;%jhWAQP^Ytpo|oWp?_yoD#$`im7V7+2Pao-V*B@eDE|_(sqDkaUZ6BK1b0X|+
z%=*9I^9^VWp=EgkjmcqYj}zE@&Gj@|AK4_`zmt*~W7gg*&TN?(6CdV{VpT^|AE6Ov
z(|LCbMn>E)y5jx}O+r91*2BE`{3<E;E86|xXg0#`8auXoI-0b=1urMyZ_p%k3~_j<
zRy#qTIwsPYsppRIxO3U{%&5v`=}k20HO<uvb#)p^bNb=%2-iGPTyHIF=}p26iv+33
zD0}c^D5s%W!-aMc?S23w5^XK&g)lFacE*XsKS`fDF48$b&mHG+?@lV%pZ}nVV_Y=U
z4doItJ;mdktLLV8+^>$d2g*r1CCAvM<W{H;S{S7mbS~Ex>bc`RuFv3_$|7<V87s@_
zZg7O#LrSKd5mzovb0@G!;Y|PKTC!@gS+84<A}}-2*m}7Zi;4{8(mHpd$6ah3kK#-Z
z>xH_zqsf+FSh!cBapslXk8%4DEgX$8#nP2x*38vfG#8F&Y-!dm_?4cX=5bG*=y33l
zsUw5(6G`(7AX-$aIkIdX%|hKf(Yj$tU0hTCspn4exD(UN4V%8P?dPIN919ss<EEbe
zgvZ@>lDS23cBjTHw5C|F0TIDHXbsRP&A$D$o<7;*s`CV!z6_Y_2~s`u!($@c?~>w-
zLVu->ij&P6x$F-Lb@f4Ot{*1O3rI;E3K?77YiP2$aY@cqt9wfRjHQO2Xy$T}aa@8X
z<H-D_5ARu;d0xMV)=a-!E5a3=E>|QOV<MdKdfrrzYaKchmdmlPNVPV~A88%xj+mMs
zC1%WgG|3}oY@6STX7s4WG<!RsN3LYF7J5cNgnJ*U=GYS-wwkMGre|1b0n_!V8IevN
z9A|jk>!+KYWj|&Kp0YHz?qp{xnPCotktg;uJnkcKY+N!emV|lFFt-thF|NsIvI`iu
zQSQBH5=CRoT|Y{m^x7SiY0o4^+Brc_&tet9N$)t-;DlF}IWER2!rdB8<^pSq89o&)
z5{+3vj1E|q#^t>8H$88r#~nK}f79aBv>8oC&-Cy!w3dd(tZ|i^g=TDfT}eqB%-sp>
zSZESEqYdrwEPZNPr0a&57#(OZ+YF|8<1zwGjLnJrtfk>P4g7${(9-Feb4<6HcubVx
zXfhmzmHSyVse!O93-h)N*$Wsq-??TMbBGn$9nG5a%!nmuZ7IgQWcHpy3p1K}>`6|f
zMs=K;onPqb^E_IWZ2jOo<34nr$Gs=p?5yFx>nF4@J)>EKtLA*!a+sp-exwFag;ST!
z>I*a(R)T}?wHM@viitQ3t+Nrr3#4RVaCKOi*HdyUAyv&M)y1Tz7&Hs9b%eXtLi>tA
z&Y*qK%<$8m>s>VNDp-hR7v)cGh9w!zY(YY^9j$e~S69*c<!e!k&8f$>#=XTPw8u>s
z2-JSGwtB0;2(9oEed?k}=L$V{k;nbZGP{#eL&LnEHphoSXddcJ*3%bzT-)I|o6sd+
z-M)s9F`k6R%^>_)QoW3J#J^$7?LMKoo<(aft-8M<C1X!)9}n|hQNYOE3r%(>^W^(1
zT4&pB_xBH2R(Zw_g;NjnLg`|7_8O@^X5EZiO_d*d`uzb~N5juLE6qh<&e-^TO|I+K
zqcx)jGw)PE%~fO-lTptIiEy<d#lqo9Rk|L&+~fWb-Hg8UyvDQU#H1T+m?P1o8|IbT
zOK7HLR7|L=(rVe5TZKfpN0Vx2dd^MIF0_6|v|MZK0LeV@pqZs*vs;1I#puxmQiJV&
zYpvGmEmWj?$yz&pa-KhfW`(9_s5^3<?UZyn8%-t%I}8_H@9XI+J+2b#jp1g%;z`M<
zm?7DYW=%Wx|Ep-`j>nGgYO;ZPjDg4`Wm?HS-Ro$Ci<|X3q`1&xvUJ~Q&o|lCR-nl$
zG26I+W=<qoaKW4MHCmjDX3h}_!ErRMmGQFvbM}&jch5#M>tjLj_$qe|kFTCLcMr~~
zi$h&K(1z%D>qNMBk_t20mcjc0%?fdFsH^*CS&HKCT2kf(qnswLp$(^uv0pm7>$&SZ
zZheb+XJpRaqiC{N*>^b?7T#(v!6S{ryip`LgqwT)m1tIn=<GLWoycQnWbQQEX78<B
z5b~TicZ0{7qv!GeEj@gr$Mr{!%;{DeBV5y7Fakm93@O$rsi5t~n%fxRP9-H59OjeJ
zBWUK}aQUI}aJt3DNLT+Cjj2ent)y706uU-hpy7-}=BXV8Z#Tb2Ye62Hc2k~-@6@M0
zZ=6w|_qd~XnZ=m#Tm){`!#8`J_w@A59`}Hk%rJ0a(I(XWESh*_?y{HA+8RDeV-0qj
z7hlBa`A~NPn&c5org9EiOEhA{V~&e@_*ReGYj6Ir5ygRMgUq@(#qQJdu($!&3a*4i
zU2F8RK6P89JLzS6sUBGu>fV87IwXtDXP-HT*wE{Tx?<1<7+d#lNl}q8_L}c2`t6)Z
z_u^N~>C7oJDojs*!K0PluOECN(yjK}>+T4y|Ar=W&A8&y8XVB4ZjW@P=(*eF8Ef8l
zkE?br4(WHdM=;vyFGf^v=rHbe9U8JRkfWf~^m8v(h$#dcV&pwqI>~De$^({#Q5zjK
zj)Kw)hJ_~|4m#q2Q$PM%g`U#(C?LoG8<JXg)afKXk1^`}zmwukG7w)UfI@oLofY)4
zJ1b^NFDC;z{z;166d*Dk$RSc{o+b*1NYT02GY*krKf{ulmdrxRk;O-@cEaHzHP_Hg
zDFvSdQen0w7a)ay3dm7V3ct``P3cW~xuuJg{1uiiQuJq}eQ97NC<54-jiaEHm~R47
z;5kb^kCfw4vM@Z`iE)UO`q>kVL!{KlVmIo0Nw0py&xirb)39X08Am}WEwjpu609TR
z5GggYHjG20w0syy3vU1^cLc~GQuwz;;V2+$7>4gaN`ZGJmqVl!I0l^hIo`P?;W#e;
zaXd<j^$8$ueFEh8U!>T73PgSm<Pa$f?<Y|>kWKBx|1R~|-4&cp{qUQn^VcaUUA$q`
zU`o+%TKsR8{EsDnN6PUiDbC&kB5wn!=MIoVr09PF$^T2{d2tfOg#G_WdQopl>X#-;
zS+cYx%QzW4$tWxTSyGbaEWMx<M*}SW|25g5K!xII9ZN4LB~*d%<@Joc74(IBz5foz
zrq$Z2L8O#?+|mn5nUU?_C9A!aFH({nEM24|JMy2{M_ar|skf`8ixj=PlfjfkPb)*D
z=)I9{<Y1&!G}Ou$DVy5}q^!`<NXZ(*e_}UIl!v5HDHi|V(pZV6K}ifH98%FNq&PAM
zDUK|%_@zj3V1=cxM2g+BNI67G{(7W1xY^3zYRMdn--VRPaoBF~4G3xYEu<VGrQ&xi
z{-~wDZ{>@W<OlpG4W2+s`BTVZ$n!`a<WET1zJEhXeZM2c{*INO=`AdWNXhU)O2JCV
z$B?y<vU@}zWm|t7DYLFUQVx;Qa3`dc?}nsqM|Vs1K*~{2O8Gu!ex{=@38{E6Qf!Ct
zUuoocr1WIE#m_(%MbAdckSs$=Lr){cffYzOM2apiDNFt;ix(;SvzBg3#=jsT2CFTD
zf0EL`I;+C<mfT>K6Djp<wDf{f_)YNAv7N};bxFv#HsmNMh5Fp$MHbRyk5<SO;wy_4
zDb<~`^na3K_ceCn_65scr10M&WvX7X_(w^}x}sTE7$l5>S1tLIRZyf1%zrFhq$K~a
zbdl2FElU?EdY+|=6#cfP7nI`oUCqxl_zMG>LYlC))RPa?(H9=@j+4?ZD@UYMS=iDG
zO6hYkix(;7id*(2EdG&FzjmO4^wUvNO6fki6=V@R%35X1S!G2EUtX+`6)oM@$`>gM
ztR}K7G7KrbYH8&^N=kjL$QP5={3m);A!}Sn7#VFPmqVl&w6k=PlI&>dBBjADNC`$S
zq-+%ft$dM^jO9P+z)*`9DaqlMOen-6Y6zi2$QG~?DGjf(<g-XQL<+y!(nX2`>yc9K
zd8A}*wd4y($=`_-2VSz|9!tKAl=}8b59HW~l%5<yN>AQG%3gK?DHVN+l!`t_%JE34
z`+sN-=oze}`Y$bc7Aduyw@QnY{BMx5f&FOdmypt(Ye@b%ezoLHq?G@|l6Ne5&yt16
zl>8!Ia${>Ij0U`g<q#<ix{=b2$B>kD6i4#UQCfKY+=q=ag{_SyL1-u}vN4i>j%NHP
zwS-u*Ia2JyExiSje~w5?_gH!xqy)E<CA%Z#C@7`g9$w5xN%XV~M2Z8wE&Wka7Qztn
zrGXJhaeS;*Zk$!Fpp^Pkto#W`iT4whoaSX+p-qPn!wf597E%t8a<YFKDLr3-6uW1v
ze36oT*3$nMSqA$Z*h@!uWs;B`{t!|cc+HYWkaCC={%vFl<SC@|;It*rAte&uA!TM=
zLCR533iUJpNj=xCd|S4&6C$N&H!OM6GK4Z#tgKpNZV18g@11=zQIH`0duMOl;Ty|B
z&Mz`c{=Ktzyh9iyChr0{M9K<02L8RXCkPMT;mfS~_s;%*zVrY0&i>y!d&j?b_W$15
zn<trnx}%q!R`TU!^zWTLm&<Y%<`5~D&i~%o6NG>7>>s$p|M$-R-#h#NpWoU0{_UN;
z?)!0C>l=j+&fYX5>OVOZzrQi}=*}D8)!0z3bE}_EbgvrMx%>P<H)D6?^lI?iq(;HP
z@9r#eD0s!B=7sM)|Hp(;7vG)vZLjb56w{A?Tv1>2akR6L9`jj$J^O@@ei6;3H#yN?
z4?F3juQ(CyETUgPyM)&6WVF+*FFV;^U-^lT{vWi*^r%nz>m5(|=$k)@cKYbo(Qcvj
zJr(UNp>I6ZU*GnrkM8<3+F45P`DuTBz-K=CKD08rllHtn_t6i37VRvjyFc%*A3#g~
zJla`7&qYi8!bkW2BHHPzCw<XhuXx%=KaS?7`=0KvA4SVJ9qshjkD*OD<D&<iiFQ`i
z)6ewR>wf8@pF^vz2Y%UKKaIBN%V=kSeg-Z3tdHL6Y_zkMKL0HJ`^rbZhE_)p|BC*h
zt^F$68K_@ITY1h$?|LrUSzljuj{be^qu)gf(mQ=k|Il`P9qnwS=b>#o@1w__k9IcE
zbI#MhZ+vv0Z=#*SddxTU?*jcp3(?&d=pS10g=lA}o{N_FE&cm8+8M4VeM|qoqkm`-
zy6<=N4=v-nXlE<^7}}KY>EHL!PLH1cJ^i~#|IniJz>D+`ZPCSOXB+(tTJ{h0?}un-
zJAM8S^zTRdht@$4|B?Qot^G0D*-5{Qw(=7FyA<t=)>mDkf0yYWT35Z(<^IlY`bPfm
zuIF8*cUS1$m1t*AJ?9F&yGrk_Mmu}!F<0r`PxKD0ukQYd-k~M`6fIw+L`%Fz@2*8V
zWAvnJ^zLVRhc-y}{h8jOW&9lNjMa~!P5Fi1{SxgQs;B=#?|!9sXmNVruk;RW(XY|G
zw|fRH`#Qb59_>uf=U=CHH|QPOC_VfJy+d1jBifmyUq)MbliuBoc8<|k-K2NF(L1zc
zz0+@u9@>uIqIn4>4{h6j=-+>$c`G*OKlJZ+`uBUZGgXiIo&Nnn|IjAs?my@sTJj&!
z&dGW%TH-DGcPpCL@se)QzdZVfHcj`<qkm`_dC|@c{TSMm+w|{tG%wPp-==?e=pWil
zJ@5|wLtAtw+BsW4gO>d#{rfYT_t)qDN&oKBKeTyz_+9#kw)SqcbH08VZRKC|@2_a*
zQ~IjE`t$z!b^c$Zce>Y~Z}4v9|0Q}J|1Vw9)7js-Y()<LKdqcjgsx&lELXcltWa(Z
z@r;TSp;WGjm8w)B#442};#qY>#A@a1g;=8|h*+zRiCCwqyAbPDIzrVg?DSFRT+V3c
zMip2X;<ONp3PU`n&IplR1fo?Dh|Ow#5r{Bvh-*S@RpH(cmxNgB4UwZRLpWbhQEtR`
zwMxW`>bi&>s#8(KPPI|QE|n+ZCDrpW#BP-%VvlkbL+n*CB3@RzMeI{<9~wE}LnFyP
zG_qgi3XxbG!oN5~u1YEnQLzNXaUl*V-x8F3RZS3aSRE7bnyOwB@w!SE@rF7n;)n_?
zg?LlV6!DfiBjRn<q%`6kH6NkE%24gK(p3AN3NHhHR4o&6OkEc7zKSY~_&}`^@u9jd
z;<)Nm4)KxNDB@$4hfv$fQ&DVrDmtlh%EN!6oD~qKRE&sE6>o0zcYdba6%n7SI1yi{
zT!c#WmA?8?^o&aKmA+Pzz6x<x`Bs8BDnv#lh;!<g5L5ghg8U%Pt8_nzx|Jc$32{LM
zR)#n&#G=X&->EY~Wcx$3@`t#n=KDj0Re`uB#E&Yx3dAKL)>eVItS$?&vMNN^st{Mz
zs;Uqjt3liq;+pDI4dRv%JE}qaqVj~;RvjX?I>dFAQypSJ4G5na5I0p!4G8Z5h{Hns
zN4Wza4hWGP0P%;)6(X@FgnvzlJe5=vqGBzG<3ij~zO^8Z3XxF@;;uR-#FW|)LA4?7
zsr1?qb?ZQ!6T+zi>p+|qVo@E4Lh6hV*>xdW)rD}W`E?<}0wJymQAC9YLR=DJZ6JhO
zT^3?xJ&3OLARbez>Opj@4{=urAJwTo#4RCq)Q2dc@`Tvd03x;lL@AZi0AfH8gijDe
z85I)*;oT78un^^xyCK8@A(9(HR8YA>BsPNZZv^41k{Ur&Yz%Q+2tVc97~-f98I2+Q
z)iEKaG=T_e0#Q|^H-V_z6ylr^)m30qh|@wWY6=mc&Ipkm4ACkWqL!K;3=!50;+hb3
zRCqIpOG2z|1`(((3$Zc;qH735eYGkCqGNN2yFvu1PR${139+L&L?e|a#I{g~*ieWj
zDkl_TKp2Ei7(}p&34`zshd3-mh;oNR91tQo93oWZ3X#|X!oLMXxJqgPQ85DIxDXM_
zmp>e!jtY?x0nthw6JknBh@h4b9+ln_qHZgQb3#O^z*Z2ag;>-IqK!HuM0O-Zt4N4;
zYJMaHUx6ncLUd5!9*9dqto1;2QkR8T*&3p2YlvvIsx?H%D2Tg4bXA?AAZ`h<BMPFs
z$`fMS;}EfrL-bTRk3$S-1L4yKqPL1^1L55k;;;~XmAfs(0U?sxLiAU;LL|0>@NWkZ
zqmtS|RBR7%T!=x+w>`vBAu`%S#HwRLOz8j-)B$3sO78$sw<E+kA>veEM~KrxEb0gm
zug(aO-3g*qCx`?!zY|1QXNYS;j8fs9Aub8AwlhSMx-7&>Sr=W2hI5QsCGK|Y0>K%R
z^S<iT1>%+vJGwxms5~LIb%luS3Nb<DbcGnu4Z^1zM5>DE2I1Wu;;;~tl)F2`0U?sR
zLrhk=LL~Np@b3YUu9A8{RO|_HT!?APw<p9=Au@VGWT<08Oz8y?)C(e0rT2oU+Z*DX
z5HnR^Z-~=EEb0w0Tb&UiyAMRGJ`i)&{5}w2eIc$1F;9i}g}5Zd+P)C;)ny@8_Jio!
z58^4csvkth{t$PCSfo1jhqxugj{Xo!RGtvq20+9PfLNw-20#pmf$)ie&{a$fg!e#*
z!$Pc3?tu^ogh(C;p;WFAiGv{g2SKb-NrNCN4u&``#A@X`7~-f98G|9#s$)V-iG>J?
zg;=lBV<GAefjB3`Min>&;<ONphCn>0&Ipk`6r$Boh|OyLP>8T$5Z8p*s=|jsToPjK
zFo+y=S%{T!5MARSwyRZf5FLj@+!bPn>NFhUmJmCJL+ny{LTrnNh>eHXt#aZa28@94
z83D0Z#f*UPPJlQp#6IOtfH)vTastGDl`BNzNC^Lt5V<O8Bt*qg5XXf$q<lv~92FvC
z6vSb5Oo%Co5J8C$udDP#h`LD-=Y%+-0+S$43$Z8(;w^PXi0si2twuw<qvnr>2pa=&
zO^EkY_!x*wLaZGFaZFtnV&zzfu45rSP^-p5bWDc0E5vctDH-CH5Id3~K2~``Y#Rp=
zI}YNc${7bSAO*rF1>%&7NrCVl4{=zC&y;&S!~r3a$3uLfa)n5o0O3CY;*3g~08w!w
z#Bm|cD&L6^M}^3k2yspw6Jkm#L{KWkd6k|DQ8x|ZoDdgOU>d|}Ar_@Ue5cL`kv$2b
z)g*|EYW^gMuqPm{3Gt%}e*)r?5Nn@+xU4P<v2rp**U1o9)vC!59j8Ft72=xeGzH?8
z5Id$o{G#%N*p?0vn+|bZ<)lLlm<r)D72>9fnF`@O4dSp6|55H~5C?=vo(A!U$`vAU
zI)wjph&+`v9in0e#Bm|+DBlc-qe5h4K-^WwgqSh|B4`H0J(WHKqHZR{IU$@XFcadm
z5Q{P)3aK+fWM@IN%7SpI`B@NQGa;@CQACB$gt#Qc+L;h;by<j&vmm<8f_O}=ng!8u
zHpE>ad{n2|5VwTbF&m<U$`fMS9EjLC5T#Vk9EbsPA$;aSlu<ErA-tc2I4ndt<$e<4
zfDp+~LR3(>LL|<E@Sg|atCHqHRLq7rE`*=*&4xHCL`F7*zd9zwl=%=r^C7CL^!X5V
z7eJg7qPhxP0C8G~MGGJT)EObNpMq%h6htjG|0#&Dg%H<-sH4IcvSs#I<ZStLKv}(U
zfS3Apq0?Ji=cS5oarTo8FWswOgQo+E8JSBLIlW!K^3q08wQLE!kbEb9C}2$^m9?C2
z%}{|)9Df&U9FJ$K@dl_{mD<96BDCB7`^MYUq9xABu9l^E!)HIa{hj+M`n=PqOYt{f
zUUel_;SClkxx}dO_iE<f%#y#NS@M1nFQ<_^Iw>uQ)*P;S`4x&Uze=X6wu;U)4cSj;
z1{&>nYX-k`4gBr)_xZM(c+pmqqA!by%lJ!`s?>hxUdahF8gtu!DssMRve|jo`SE_A
zEzYf)Yb)PpD1P6wPFgYR&-+F5u)e5dG&0Knw?B5f_gn8_IQZuh0&T=7KMv~ESK!>Q
zSh1-ucIE6p{}n$rsiFLRMfpg2=6;|3&cBkRD@}^_s38=iQA?Gpu6e4F{Og{12wl?p
zki|5TswY&}%EXkiX!+QoqS$eiwm5lzq?!;MWh_o!?~xZj<tU4ka`HLFa~4;@;)<y2
zRG%sDKjm0i@~2tlV;*_ukS`D!M`eqX7h)qV&fntXT`F-;jw%)>ZzG+NN;s-ooV*#=
z$KtA495d3v>y^Cl!BO2J<rSp{*5@k{EGZ-JPs#gL@_JH$#W7(W!>l)qYFeDU$vfQQ
z<W*uREAL9lyCibdwm5kMQqpqN(X1D^%Asrl;%QyWP~JtZV0j&AaTVZ<ni2IZP6p+?
zRbhRL^My;q8F8wC#Z@A0e-R`IPJA`KMq+;(q={u%nT!KK3N(e|pZp~~2Va;nxMr3e
zOVe=($Pr@MRVDo@kg}l`SB<p1w=PGxRkk|m_dz6Yx;k1|WDU|sfmAGSVN00+@EVYc
zTUuNXi7!XnhN@mo?aLZLq~n3S{3UOaeGe{zAHa{`l9y^&OIz$dNwH7BDfLb*t*XCF
zyBENAkVx^-pg9NyVai!sE92uK*&0NFHmbT%ok(^D(V&-#s;vcN4kj53hJa;MCNFN!
z2MfSLum~&$OTY{uZ#QRwSs)cm0#AU+K;G&d4&uQGkN`%5F+k?H%y)UE{T|Rr7t$QV
zjR`*mLMC}X&>su{F+jeOAYW6EFG<t~^6EtpXb75srXUzJ10kR}2nAt4zKe1fe5%^j
z(Yj||CV2&11x-OPXa?kEx~s(bCvXk0u8ei>WGTtVlRiLR4z2*?W$rsbUK*Cyic0}`
zA9@N!<UQ##pa`5dcnrJ&|038SUx(RAq7dXwjD7=8qR#{J`S58V?=P+fYrtBt9&7}g
z!1G`;*aEhK7r=HPZzb0Tb%3n>hM*}30nLHDLpc{bDKA^jBasc}gN0xTSPF&$*%0D@
zYyy2je-H!Y^=Cie52}D_U?NVlMH`#LD&%Ug2CN0^z(TMXECI`a4zg(9F&j(=@-4b?
zpd07{x`Givz9XQ6<v?ERUjx<xdG$Y=5$%JNr6o%#5_o{@M)Ea{m%whY7d%g0o55DF
z4deh{`7+8#Fbc>QR=NZErc7&<6R0&RT8(6NP{XOd4b&QDx=9xWkAdGQ{|At7OUcWe
z@{V|E@Fi`Z1uwzN_uJ%E`rpA*r00XLNz3N;4UqS7JA-J@1#|`7z&GGqa1<N^AAk?#
z-Q43OJ^~+u6W}EH1gr$|rt0h94R8SDf`dR_P7enyKm?FiW^<4|k-Y#f{Tkn6`xxie
zgN+~qEC)}31h4{UpOLLykysBpgJ|$Lkng$3Hv9_M1Ga<FaPsa{O;8)i%XfL83=RK5
znFXY;BIQMP`8sDbkeA@wfCMlSi~>nuG#CTM%e&DNKq{C9rh^PH17v|&U^bWo7J!9d
z5m*eCfTds=cpCHuyTIr4{x;J1&I{>HI5q>U!nu_|zPxh`$SEaL&JD8fj|Is<zF2k}
zPQE|zEymx0@4*k?M<8#_SEN#3aGCTPunxQlWbS_m-U4N)=L+`g;WvPd;9YPO90MN#
zUWCtdoFwrHI0fY6#NHI{P2qZA9r`wq0|Lpf2buvn)i(!Av7H6>V0!_`*;&4ZAupB7
zThC*GoMAtLzefIEWG!TIvB$Z+vMl8+Dre1u;8pNGI0D`T$H2QlPIz*HdmYHPx`Y>q
z&G?4Y#L@C`InmX~l+(GaRyqI4MUZ?AO}?5|6TTRb>k@o47G)!N+2duemwjJ4?FT9W
zUm%wj<-tAdWn^T&$;K`l{Ey%w_zrvvE`V=j5Tv)qfousbAWKxX2wAS#U><l36afUs
zfse*nT%3}0VIbv-0yppm;<#+&bHN-C4x~eJR__C3i)#z&$|<)EiB_OChyY<g&ew9@
zZUE|odO)t)e1Kfh6$gQ!E|7{PN&zaTq1Gs~EJ^DUSiYQKTrZVD%Jo<UP##nRb$~Qk
z3rMw6O$Z1E;-~0x7Hk9>f+j%Dkj;Sfrv+#U#LfdEL2C(U6p6<HU6a4iC4b^U{yK%x
zM=8i8lD}DC<aa`L23>(vBKb0<djToe14taYgPuSd5ePREWPw;P81x7IWL5PgF%S#_
z13-+WCn1x;XfO&41w%j_7zPr+2rwMPgONbWB!V$uEJy+4fSj;W!Bj8-q=WI`3EDR@
zgq#ROP6BCQGLVY`v5^X-@H9)#K+2{&8_WVSO!jcONY4igfTW)To4`h}4y*-hz-pjA
zZLGCa6`N?4Lv+;jU;~h*p9j+XX0QcFRj+{@a2UJ__NllgTBBNrNFD(D!7E^cg<Rx8
zEB&F`*F*~qf7n!N6=%N&=fGFsOK=99248@uz~`z~Q>|*IJymTfMWu=j;H;G{I91PE
z+y&(KR$9vZV5Ki13xUg)wDnu)u|NaAfS<unG8DGKM-bP5t^ZEiHkJy-!9S2viRAqX
zBwzBbgWteSa0C1Ylyb69fP18iAPWN*C<Ok3lTAdE?<4<7`Zlm5U<dGy#fdI?BBeqp
zC>2QlUGR_P9+5BQ?fULzS`|x$4_73HUY4<4KtgS&Z7F3RWhWO(@=fewKrWc%;>jD>
zy_XJTKB}P2NspxxyCGZpz}ZnML0V2wf=6|tU|kYD83Os1w+s(Mk!ci?)9<5(z#c>K
zUJ6MAWswpY@%~X|WW2@R?xi>_hwZSPHl58B^?qhW3ff-EM6nyS8?<{<u*{=+ZO;?w
zt;{cb0@{-=-|@@>jTbB=J+BO;@_gfmZ0$(cA(e*YmaHz2@((vEQI_aP<m!<22hzTA
z*x`|D#p+-KM%9p2fEY-ARg1TEu_>6YMShI}_5q}80=vF~w$|`u8s12T9JUj7x?n^e
z?wzb>JDk!hiIUwbqp||^6|BcDBlZns{mYVgxWJ<vkgFYItgT+#HnJq!lGg@A0@=t~
zAzOk75Dw(ZsWFf{V7WVP0_2W3M85qR4CGc>Zj)Pp$3bi0v1F7bw^Fe@CezWqkwt(D
z$i2H4@(S`ccpAvA*a0~nNE=H)Pav0ra^buf%mbO({5J-KQy>ZXB$x}jfjJ-p$T@U6
zG7cFArjeckCW9wHDwqV~fn0I)Lq>zXpbzK`x`5806X*ye9|toHucWcApgWMWd=F$V
z&>zGBdFU_z3<Sf#5D*KboZK}I0>TfqFdQj8FW6)0q;ycqB!CfMl#KsK5{Y0mko$^i
zIFN!A4<((3lpan56M&ptrXtfV%tX!xvp^P*aL)k3i!M?^y#UMyPl1JC5l9!~C#Y~K
zav8`2;`Q&KE&OlDn?Q!=22uwy@nmeTgI~cf;Aij?xD2iWnG2Ud6Uxa|q?DJQ{|H_H
zIba*eT*ZIOfmFB>DDVteVWl@A*MMiiYOn#U18c#03&L*%TP^*0<a0o5B~LC}g%cYo
zD|TA|<umgQBy%$mkHx^Q)UKeQBX)W_c0YiN;3XjZ_uxD5Ef5E#yf}XWd;{JG;>>yQ
zwT!>*)khGv17DFo3wD7o!5Q!hI1ToL55YU&3m}pB9DE8+fqmc;Adx)@PJoZWaqueG
z16~A%!<i&@0&!vo5C^2u-9UPC2ne?q90a-G01zi$24W-m(x{}Rx8kUz?K&l*qD%b`
z%S>rNNZSeNnKXXb;$`e*tR&P@xjl}rk(P22PO119I11ha?*ef`BJ?&8=U)fX>$kw0
z;0Sm_#$PItN<|j*&`yg3()b4;KWwCJhh^BrX>nK_m3kh|6Hc5LJ4s8OGAB04_}dMb
zgz1cgR6MthrSNCKp3&lr%w#)X>}4K^ZZ{&Gl5!IMb5@=mL76ww?nW7ZDP(8J*h?5?
zY^4H;f<1m>Ba_j#e>g2G!FH(NaGiyhi7R=ME@+b}y_QX*mnCJhklW9B4;fxVw;iz~
zCS1YF#6hX=VO}`tj7-{1)cqgiE%1koe=>==KrZGdA$j_2oG|1`^j&l(vIFuC=n4J;
zHvcDS$rFAPRmd(UyQbV>N`1ENJ@O?jXGNQnG7fp7CJovZNoHptjoO?vP#FDD_tWy|
zT(;n!fPC0h0u%@GhhSz<zeKDU>7t+;Ha`Mcs%~_tcax029nQxfrLv!aY$&ovi(VOC
z8t_A2MfxJsk#^-$aYZ<(T*{OuT@J|pUKS}Iqe)|SI|YX<(;hP!AK5TuCVvHFH<KAJ
zGgsz>{TLzueGqyDDzz(;@wL<T#Jd1z@B3eqmb%x0kAU4qCHb&SwoLI%9FUB|KpK9y
z!iOi7?YQvOa7ONHt0LtSjoPF`KusWgO}GG19n`S$rA%$DBo~b&#y`$~997;@Euu7e
zcJJ6fG)mLGy33PdHz#uY7mQ?Dn#Wp1QF7K>zhzX?IV7ZE<Awyw{$*kN*N(^uZrHSG
z!)A^z)XjEU{eT~6pgcw86AnDcIx%wbI9H`23pMAE#toY^ByM+9RC~==E9O#z+iUf-
zu)-?4z4kdT8xQTE`G(lP;ya~s(uoV%LvBzmm~z4FfQ3z`cKcNMe*U7IAabZrYJ5rU
zps4epx)7(8E!?Cbv*&GfL8y<^9fY6#3%v^_jy@dQ`SQC)rAB|gSB*MqzRm6525y}4
z@v3DNGD4*85SpdOMT|#cSuxuKuK3J-;#G2*(<&Loi>MhLwThMP-$U-6_tw5wy@o%F
zMKgkhUrmarJsq{Cya9c&qZZ7IOun78eOkO*o#>=hY;OOoaZ>b{a*dvzpCxV5B+lDE
ze0<}*FWt=tbZuni(B@pXs?u4j=x6^{@{A>WKdf53QVqkRvHafZX4SJZ9p9(MApG88
ze0ge@^=`47-`)0mJp;R7e4~vsYP}fzj)Ba9xr2`mo7tu4m9oyrRua{a#`n~z&RSPL
z`&XUaDJ|c<((~CvnsWyIm)KoY5z*9O|E%+{PVtY`nBVtHs|f}yUZq59U9DlMZuHFl
z?dJNQJvZ^>m_36Hznh9b#Og-0*0i$y<I0=oZwRQ@ZBrx`5>5Kvw3KSyMeE|6p-R0<
z4;QNXBA!u4x)9qF>fSS&uPWYEYvyPF?sCz!7rvZR<hx+1pb2TDH}CP`(bsBwS3I|W
zZ@JaYH+H{YG9(eZP}6R;I*&n!{R7PP8g=~h)}XR77eh^7wp1`@_fsR5?|${mW9N+~
zj4^*jo!@6nyu5w5^^yvD1-F)W)0&0Yzs`KTSl3Sn?)xQBbBb58mjAmpCYX`)vAWxh
zwc_WiDt6bN^|OEQdEJwT+HAX9d<%mivy`dULmlr<v)`*9yVLBK%C83<w0~f_@35cl
z-Ci2^yWyn~?XOjL3^143U)lcI;??E$U#T?r)iKyLZpgCc@pomlu7}oC3#hC<>7jMe
znpIZSdTJGU>1bn53feyk-E02mJF5)nT$F+`SVX#vzZ%z5tLGl<Z#=TjG71Fy*}vfY
zMx|PX4-Fmm4FzO%)6yRG3pIw=KM6gz<lwPm=Q!73z{ttq**`GtTe|evJ^>{@wTdz^
zK3A=J(Odf$r+ds8`|4M__r8dMHCnow&`ay8RjQ`m=!Nqs>P#=KUBKSz#s}|N$C0uG
zetkP*{F*O5JS9ysluWtVDylb8I;{pF{6+*APqVYuz3}wa^5s66i(MF<#rFwn2?ovY
zVo;2VcsuT;@ip4YO0Y(!8oPB#a&Fz8miXp?<(oC98-_WQ)wrhmx;G2DJ9=^S5ixJQ
zxvs<pm*#8%Qw}CpmFh!arlR_wHYs}jYQ6Sly)@@Y7+Kp#kdGm|HF|TC@B43+rCDpm
z+*Ly<+PpCavYY$YxDfD$y9Qt1U<)&rl>I~51D$Kmw*O=Oc*A33{P1gMAN;a^>H4P;
z1N)w9`9@nTq|-!wmAXLX&RMF&K!Ricg7(P)FP!M~+xm;lOa_h9g5!v4)R(F9$l%yb
zNeDFWT53jLq!kk9Vzrxsn!B$05ZZ50pc#(~e;wahx0%mMJdurxxpq<A!;qJP*>3)3
zKQeZ5!=Qp1(N8PuDp#LVtExIwE9Yk<36K3V-MzlsGG_VkUHvrPqTSI?>s#6W8SKQo
z=~-T$eI007)+ak$XaiNHKfc*Nr2TVt_E+8=Cd~43k{v87c(Cf(AK%8SF$h2Vhq&Lo
z)!^2yqt`aww_BywV-RBhboaEMhW}b@c1{6<w;Pz})!R=+1<W|LYSR6pU#e>qZEpV>
zcxAu5r!EGU`24<s{d?iR3^=!<c;|f;?&kyqsg?uq-~NU1&-NrPeQovSNG~S=lfiQg
zQYi!Q%l=97j^mzh`_~w+bN3DGA1#07$fiBbOJCf4Kj&rTiJ{N-ubfx+DzV{wpWWZy
zH@K;;Q#UU`iueaRv!al{Z|U#7Gu^NJ_x-aXz>C{wW7s&&*&Jg3!1+Pf#^=3`ZQX6m
zwQ!mB|2@x{g~ocgu3}jTysAHWpjN-=spjTy6;};aFAgNa=1-yX1D@}`GILaoOI(38
zX=qgFn5xcGF2w#t@&Pxe|F-4*4MrSI1N%qLe{WrUd%xI;K@vbS=Y174h>^E{6}|DE
z)P*O1{BHMsgF-ygVgt^4@$GNZqlzAGa6hM7n3_HazwBRH-+klezM(@p#NW3Vtaed(
zi2c*-buX1Eaj9L!8}|+DA8!xdJ$uBZu_+(i&pD{>Qq=EDTCYayE2=gd^H*rB_kDxg
zs>xttm8>=n!ESadb8DMd{P3JRudn!8bEd<{jx|YTirrH63wEmQG_9O!6sx(^hl90d
zd;`rHs|8oKe@Q(f^}Vpa694*DT4CR3?v`n-dc<lKLmIZ`27}s8r~J7ubXQuN`xc$Z
zsZ7r0BW1_L^uBrMeolf~8;fhRFpvPYYkYBXiw+x4-8WdTPGZ2z*jL5wEOu3~YkKCB
zVg4&NK6&5nwyKKnA-+*&EGArQv}Wq>^^7qxy$rW<7W6Ok`iZOWF1lYdMkPyl(lOx7
zlGSk3rSG1vb~ft1!T(kK>htw4zoEGNi3%C2MO3zb0DkAToAY`-yZab3Qm*mY)uKA6
zg+rMe{C2!?K5PHNy`0LsA1|S?s~K0~j{fR(YAR#@*nIHQ@l%hi-N4mlyt+D6tL~hx
ze1_q<{p0lO2DJEGdn>*Qo?A_9QBfEWy+LAU|G52`JAb@e^xAiG@7rBdOE9QhxTATh
z?)apmbAzn|^!o<YI;yvaX-)lFU?FGN*Ea8cr{j*7JC>ERLo>Ou=&VY`(bQm7KTfOf
znv7j-wY#5Ij<04+h|{WT^}DF$aomSA@1ov_)2f-5tG=3l3H4_jXQQaDs{C-R9xt~?
z4X0-xsQBSrL8hqP!?pT+@8aBW?K&@de;hBTxE|&?ebvw#McVz^wu|OunR4;MX}YKK
z8ljEki!5VCa3NBxml~g-RaBph&?;GlRpA7FYqer8^S5T>RYZaoY}=KY3N6dw`=1V0
zdZXIilbUm!TAiRp@YenpV&~Ia6&s1Km3ph%Be`0u(pQ}rFK5!eYQqfLSvZn*+Njsl
zi9?J!G7^!Z&Wd<aIVU65sog1v{puu|->JUlWZuy=ZT_zz@12vq$~b{KZm8H%oRZ7*
zQ?F%G@6u6Pdo8@58lR?BbcgpdKFrTLsZu7gSZ5?@4J5C1qSmyioo6{@HDotymf-6Y
z-z928|4;S3n52#TFB{Ww)ot|sHuL>4`u5+|nng69foi~5ZHQf??XfK%ti|_X^Hz4p
z#_`-hF5jM8S9QwzwHv0~57~5b<T9>U(S*p#iB<o&pR-K)BpV}fZ31GeiW2R0HAut*
z1H$(xB%}{Fo*z}S4^7puM6Gnb!{d}bPHSiPBj2`ltSX<Pb@5vmYrNT!mDAn-<eH~H
z;kJ(T!c`&9`c#I@1xq{_z5HqlHknV_qifBrJE|2E&Yp}9PBpFUP*r6DQ}j_&DZj#p
z<}s7j2$fl}9iu1JFH`W>98Wt`kE&K;!R)DKSMxxOW$si`uTC^4kW6Shbomi|FckUp
z4{BK&-F&F?*1~$w)dziiXzJxx_+UHv!LS>!DzSoWuE>WL_XDf?pF{k}TJ15@Y7bY{
zrf|n(hU$N->A~@MU@kZ<Z?n_{*^1Vv>Y4cyq_TQ5T`O;IPY?FMnk=gIRQ54*G5GBt
zZr=5LQ0dp2Ddp5wV*<;4qT@|<J@fuPQqx|d0rBSU{Pya`@7$W@UCX$N4{peHT8ntq
zU>c8Ux~rknaBHYapT?PDH1__+nZj)(S;OzB_oiv>T&MDLyzLzI%`~k+fg%rNRPy_1
zgn5fuWz|>TOgU8Uvf-?8)%b<lJ^g{kirQ6HN_ZxNr%O*Hm_;vbTTtTj&kJ*lHWEfo
zb*9@vYF7qVM7O7DrT?~ld#OAy|73@L^o;-Crre_jvEn1gPYs);RkA0~|2%O22QMC+
zA=Y~5TWcj|GKA(Xs-{l5e}1x;^FLRs8sMrGE^&L96no(G_PP3Q7B>ptstU8U`tDy7
z&C$tI(X-`*&38v;Ya{&@B$-3xSEJDSo*SBRH_YzJwNG=$v&uOK2cJ`ZbFgnTTJ@O2
zRuef|jh@4aTN|U+A-Rk?Nj6_Eb<IWGQ{i)Y688)*h?Qa7zx}oLxq6`~XQ?!_VK5g|
zjvTddE|nfuhY)_Ju#-m%rJbF=`fdNH=gh|C%I=E#1%r^<<9X1I!N@b7J$-}1@J@r_
zAwibM%ITN(b9&6Za&J-8dhR<wP0+RSRah;l*i^&z=!YL&snlag!~3Oq%<`nx&iV5G
z{ZDE!POa1gwPrV)#~!sYm#d>n6U>X4@~#;FZvL~m-VAFP!t*v-o}h+h%jJso%%P!W
z+4sza`lYKzPsI!Kd5j}l?Z~F1)>GXu?Bu~mqY~c3t1jDn#jrD;IkZuCu=DGVfjp2I
zmluAk>*!v77&PM~#}k`Ds?mH5k}xQNf$z~}?sIcr+Kz$suz8C5csDK0QyJJfjfZ;W
zy||xIYPS$u)dy1kAm!x|%;JrE`rgg>xUbQGv93Q-_b_OF5d#VJh3vCwySu&bZF$gy
z&uYk#o03-D#;5zweX}JwTr2W$*5Nx*bz8vYcj!bO+GEk8Npzn|GtbNOEV<RBY+p5V
zf#JmJ1zd#c>b(VAnHpg(Tg`ZG*d@)puZhg=xhZex*y$9to><IQ{!dZVe59qdn523=
z#k?y%Sv~ob_K{gfc`usyS*0w*E>F#0sEwkD>kGAg_DEKqYKHaeSGJdk@3naYwezr0
z9IHE3eYFVJk6|GXtF~7ku<7>Pdo?ZB8_To05{s#KgbG~D%pRm-5q?E7%vH2<dF!`7
zJusjm<{{?u$E|AnV!GH_eX&@p9`ZNCMZ-EZ$UvOQuKic!plmla@ccqt+Ny$<(9(4k
zw}f_Yt7-Rz)_A6RX^GrC%rx77qxg?G9rlj6Zn(=ca9(^-ccpY!)nuuh;|=?YmD^x1
z*W+Q&1TC-rR%xd43~7z-VUe|z8c)nNr)IyNA9RZ=`SN?zXgzW}tBx<_2I7SBTgC*s
z&4+YS)0kGvvnQPTO6;tU9ge8(81Pl^q-8iTNv##JNSzeY{HVll?UUv>lq=q8V0_{i
zEhyZKTVLGHQB|KNuCHJq3uH*@&G(o5+-N8UOip>OlcSQKrlKQi9(G#YdFs`tS%6LF
zsU8QkaxUh1>v`%|D8JZwW?)ArcDOb9n}~x{!7ZTq&~utR+HR?HD{kx#zRqm*l#Z9i
z1Nw66Q(dcKO&Pw_ow=Xx?w~fgOm10wTa%KHFWqR=X54cgQc=q(dQ>%8i(lWUCCeH1
zpVgt|T7+MGwmCcpmQ6qZ_=d?#DJ36b5bm+6)Cx-NR2Mc;YQL(!3UO3L?PRe07pTV1
zu>HKCcC3JXO_f-!mG?5H-~}Njs|-Fdu!LpZ)Njc`bMvh3bA3}@VSn=}qtTXSzeP>h
zK|RE9ui7mYyr4cn<Tq!25aBe<R3oMNn@#)vL)HD%Ol7#T8d0F8j}@I8t_rQ>F~{FK
zW_C14Wv<j*1q#dOA&-pAL*yN``z0*fsb5}1#HtjD;S}Xucfa^zbr{lb-4gRw=0x+K
zoZUVs*V!697TI2PT}qiD%J;z>h>)WcE6t!6Z~e>_ziGV(P|Vtlz9dJs-)kejzx;dl
zG;WxgT*gLnSuJ{&3e6~1CD`%}gYuY`@LKon(598m56g^)@8y@Oub$<cX$-KhR&D7s
zuQBSw)sjQZ&cUm-N|ggCE4xwsUb*Xg)SlYO@;j8*(w3@)JFsr2wy&mxJusB>MaeE7
z_G>w@?)>{59IVc-W<ia$yr?+$=&IKS<a}ot@XTbEx+hV5N<Fp}u}a0QK|H69zo1np
z6wIz?Ou5}^7j(#LRxJUU?E`QAR81b(^Er?_dHIx_QaCUrsQ%UI^(tL5a*U5hE~;PF
z<Kb@@$lc_&8&l>DSXF($VbHW8F9(<_M{_SzUDk5h7_iI?`l&0EPk&db`!35<PJJQE
zR2CK?U9gbLgqhF3Rr*V>MREd?(+d{yR#{i+v;!Mfw|~~k;oLt-9cOv^&B34)MF+e%
z_(t`yz2u`9c|y=6#PPtqQHwXSH+-X_HWCYSK#25OnOOJKIU#qdlcF6`S4CJR@2aYF
zH6&=cx$3XP?R2$D+wz&!NMlBg9BKZsZzHZm>&twM9QnM)(Lp6klx7hn`9!DerwiM>
zw&jCs_lx#d8!@m~fYqQGTgZ*90DJbTmK(SdG<Oy?Uee#FliRh%UIfV6Z>*mElV<hI
zs>X<iHASolY*Q&)42Mb;*ukv*z*w0Tyh0rIR(5|=sc5WrztYMa<)dw1|9JnB$Zq!|
zVL4^3Bg@nAs?l>qb|$4{7p~lX<`b7rYgLU>#&yFIa%4_4Tv<KvN>mN5?TmpXvRhQf
zb8JSd)NT>x5HW7|sLwe^`98084JotIJeO^Fe^kk92fgHMBkP=a`CB=E#V+Z8^^^8r
zSUF61!_7+hTdFl540nyax?pS#qF|OWclN7NyYRt?RXNpqm*%AvUadB4=G^sn)3n(m
zrm4MeSfgVNi!~4hhVLOeGsm7Y_VTy9e&Bp$&pC@U$F@*o)~%ea%-s8du(q!!w&l-3
z>+EJXr3I~1-)u8ZZv{_3cHgbtkZR*{sNHJRn(x+bWO-@z*b2Ql#avAoH1qtaI=`S*
z@=M)d?u<U=Zw>r);WzRgfov9R%nwDtEH9@=WAn3{erCJT5pl-ufwj4dskQz7{k$}m
zZP~&`gZEo77Nng03$ELL*u)=n^&buY#~Q7Z=7Ui-r()HnZ0P<A%#Em4*XkSI_Iy>w
z2%B+&GkW2xStp>sJFyshjS)2aO!eT@GMcikct%+-MyNM;vg=yI`H0oga<gi`i}U5*
zTKKixY~E=0ALOij=<EHnt-)p&cvS28<7r)YQUBQ2nV65VwXV$y483vQ46dBL)x2S@
z65KxS($p39`z$mWxJ`B2&6@}I-DEd)crP>Bx<4DJj=ao<|H#`cKE!YAn5g{sV7^3M
zmr^@b&pldwzmIav6Uf6i!X^3BF=`K=33y&mCHK*Xg2jCK`ya9UcvfSSR;%}D{;JPj
zLTz4+bEPXUFgQ*B9<E`ldJI2pRz<$d1Ca+BsiYQRV3l^7-Le`iYP)L{@bjH$-WaC7
z+IRa-t%TgJG&65MjQ-h<2H52iQpYBZOXCIGK3UUtmE3l#q_e{g<7L9E<!bvr!uQ|r
zpV&M1quyqzoV(N9=sRv6xASz>!bND`x?QtwAmm1Qf|A<<{_@a@SG3@elN2#dIk&PN
zd-?SjXBsXWpDCOtN1ke2F8tBe3T38$Vof$`FhBoS<@d97+)z!pf8eqqT7>yT!Mds7
zZ}-ThkydP%dU-!@oYdN7yd;<Pi1}BcO0eTcvMbVFlR|rrTpIc$A8v3@#0^bjhw1#^
z-tw>|8rN^ewZCz@Qnm<>%y}=#ylbk0%gy$fm8$?xgD=Om@-;eR+(=sC=%QS?Tt|+;
zPC8w#-|_Dn1iU@OurtDOTlE%$8$?AeS^J!wTDN}Xu#uW`GDS+lSbd+T4&@RF^S+7`
zF?UbC^4GQwa@(|Cg&fqX`@KjBdG@gB$hYaWPc4>r+KiWTnmFE36R>lCg+W~mjI)Eh
zH^&Lt*ilH!ZR8^&cz^e{&RgbgY~JUXr<dk`f4TiP7rsq-E!RAo{oQ$nC_mz@FJG-v
zf*STJH?D>K)znvwJ?+151Ru2#Rq&F%*|<OS`}^CI2X5tDoTvWjR>SY_yM0G>eT`N2
z_ZRop>DfB7G106O^)~e}1+7zkIe9Geh#@J^7ww<+-oM+Y2dV0Ba8dZ*pXH8v#him_
zNO_9T;f*0`TDkfYjd>I-FEnJT6pEUkn3k7ohAO4h^KbC@<G(BGz2B^Cn7S@S($r%|
z5HnS+BV10JFK$*g7J&VCc~Vw>Tw+Fc7gf@Em7;ESa*S3+tvRCAESmV1`JU>fx7GVc
zwAQNRTUz7Ho`uW{lsRD`A3CQL|0^vnY3$^raU(hm`lR;H^>^1X{+<w>P=5tKKK7;P
z(ob_sDV^$k>)2S=FVFRPI6o~lXk5yO1jn2K%}16x`t^|M-lqMESNvZpKkubl^U&oM
zqtD1bgNx32IrGh>5b~x#=IRz-Tza$XmK|1s^xRkK_WbbI(+AMyUboxh{Xd%cX84l#
zto$%{_@+(U+co^e%75wH<T6oh{f=EgmmPC#jiu#h92v9e7xdETYTg^0kM3^rk(1WT
zqrdRU&+B#!9bE4X`RzfuHT>}M`8TJH(%(;=6hAR8HNo-9JL4Z)-L>4r%{*<C9-r+y
z?fL%OtNFf!E;qX~EA%aXuWYlgUqzP<=AH1Ny**E~_@d%FW|$Am*#GQXnyZjEul^35
zl$JDBZ9Jh>_O-RCje;8Gr-K?d3{y=$(W<M1?`mb$TgSEd|7Y8Qt8H(wO`ma<NqW25
zIVSe?Tt7fZDgXgT{dDtMW<>=Mn?XucRj^Sx_)N#{WtSw%FX~u;@2Ufi@YFL;w{~Pw
Koj#+M`3L}F!f-|a

delta 41747
zcmeIbcUToy-!*(@<S3(JFCZ4|qJl^f2*R-|BK87yL=;p61q&*Iv7%y|n60tJuCb?x
z#+X<VBPK*mv72a2Q4<q2MUCxUYi19ix5;zA-}iji_5G2#T&(?DyZ?5Xa^`p*J$1SC
z$YqhYXRG1G`+o7pfGyv4^7!ui(%%oO{@Uz>nzQEB32f>1&R=0J{Xb1FV&hSNai1Cy
zC2FdMVYBrHm$%t6CnXIvlrIrc0`}OrnAlV(osg?E?Bmc&f~Pr|oD41td+_4Zl`}RK
zwb?4eC|}HGD+P{CNr_8|wb^v&EIc*EYjo1kI9mb=WZ`=?vyfG=i^J{=yBc^M3^%X`
z61jslFw1=j@fE-g!DYZzBo{Z?J@YSTGva438}Kcd1)p=)Cn??;7ofSoY=ZVs9vw3}
zDFOX02OC9Xro|+VV(+KJX8Gg5EM~amv2iI$qsGVCdZ5QOpofE5P6(Lk;$u>hCXBY(
zvdfwE{E9*tpPVo(4aH{IE<#`jqGf@d!E{7x$q6Z5!$&0zu`NI%W(<Z-E>qDgu&%UM
zz-EJojE#wnOF;)JndzdyY{(m6#=Fb(8d$UW*)kL3#tx73wb`r+Q{Yzi)Zf({q4{7A
z?>R7sJ61oh*4JFBn8gZRD^erl4u*uCNKP0VlZx6CC(&m%+o`H%XHw(iMzh2Fq<s`j
zuU|nvP8FkvNUvA7+0f3+>0q{@D_lxvw3U1o%r-RkF!LwJq{e%VjMFz4DVs47d6;%?
zO|zqk38NE|V^UI*ptIvGYMFVLg6WW9QunTH)>RYCHdU!(roRQ7j{XQX`CZubL+`rg
z%!>fCzNv@@56N`YGYeP%W`_T%pkwvThCEkL=2<v}4L$_s6t||ntG?VRFk?U?Gd3kY
zW^6KCw%f~QLys~Sf#H?RF<?%_9$@q^GeEK{m<#DqW19`$&%7e}7#L%jxf6^L&J<wQ
zIt|RB7%90o7*lLWW=k`W=>_JPyGgc7{v8eEnELvg{!UF9l`sSiy#XD5%1nt%93MB<
zW{XW4l?1X42{8S-6U=e3>3i&zGk$7j=FSPS+2Ht00cQ6mNbVy!2+Z!fNq!h;cKfpA
zLtu7$z2w<oc7GHY{>_XGHAmlSZ41~gSeIB9iNmmrY`wxve>X%#No43IGX{d`w@b32
z&03lbtpsL6|7>CM8Ob?dHguWfNnnmof5{GTHQ2QbcDH2~MSv~+$zitil;pko)uNR%
zF1I(UKPveRF!#qLU{~-Y$+6(dup_}7&R{S{%?r%#RFLc}`AIu-@?MWHN9zyRoQ%my
zDXG}IZ9~ST3`t6}6|p_(q)#eVuk4)8W_j+aF+DOH>wAhd$vEBB9KGt@%-DBfvlZLH
z9OJ<5W-T)$p9PnLegX{dXQqzzhg)s7<Z+|ZVsU!NMLBG(2jV%0V&h{*jYRx$#Vq$!
zFPjakE^|R|!|55ByCBqrFshHaI{Lw;dtOHdc0Uz1oqMaNxydbp&CzKMru$AroB12V
zX2UCi={}p}DgDfJLnSu?vtwrZSe&;YFvH{i=KShA!0cf-n5!cg@fE=r(E#@RZP~EX
z1I>oD9%PR1KG<ydY{ZjCf!)FD^_E(VjB7DwcQUZRcs8vXYx?J9Fq=~nTn2m(@vQBY
zq2_3w1=F8?ai%>_>Q|7C-Ax74&(UDk77C`jilcV+>Mnc_H>sJk^s8F^;K2!Ib$!5`
zEDyol0TUAv<Gh9rvHc92+x7<|%ycm+X`^FDCZx94TNbYzo*QqvBzbIHYHC8<*uAjX
znKfW`!Y9$>xS<KD2}z?<-h<6a;sIvoVv~|aCZHp_zP5OcjB;abHtfuqzmGB3*BQw}
z!7TLvm|fCR%`QEEdbkIjZ66vpWZZCcGm)DBj&;b#0hkA-iza|8fO~@3iciKH`E*AK
zH*N0(Q`@G;lxWhlYntiIHZtY+u-TIHU=D(glO=f;nEk4$A1+Ztan-MusGRZP6w{+I
zBTzh!q3Pzd=n7`-^-v}~J8o=(*9f#UK-#WgV*-F#woP(QhS|HFV2;!u$!6Pr0<+gw
zB^RG&^uRB3RNVN{M$HhI;8v!|_rNS*Xk1*fS3-*ItjzdXvi?TN>e{mDX1Uq=>5`Sh
zvuBuAT*{bnabweL*76OTX|@s<NnXQ7#SHI?LTaMWVM%81R?Rl!J?EIc@X(vORL+<Q
zm1}fnmf80UU^XQcTo$a)HEWv;W;*|Q<`NqYn?4(!l#J<avyGJblINS_5eugOYh;`G
z%Y*5=PS82x^2C*4n}`N5;RxBheGAMCEf<>&SOw;w3`-j8g=^(_b&(k#u+UsR?=3M0
z(O0IMuA8f~!YgJ+)*(If<I-<z-0--G4%qCV6XMI*+SoFGLk9NrCYTWu!CbB$D3F^;
z+^c3qC&9EQ3UfYQ0CNye34Ly<>KVOJF3niT+#NcBD}%$poIGA&R<jB1rhfD_(}5k3
zkMSC+qkb9jY{p&aw6B0!?J;l_@E$PBUkqk>lfjjEj=j0c6h=d!LkELdu&0?I(+yk(
zwhNde@f#|lV}1ZLz0d2W{snAy<RBOYX9{p>@Juipk_=`8`bmxem%+7nW)%du8K_`R
zl_-oTGqeSl2V0v!#bh(x(4^SZu?eH&yb;fyKG<NUs{)%->+vk}B>pRy9r+&2hNXZx
zK*PXncwcZyEWymSo6R0}gutGr#w5oK85L*y0Xj4ILTAH#&;SqcwIp*Fs_=%*RtI*c
zt>$^_5t!+$U9JRddTb<^`I>;Mfh)^&k5Enqx3kR%Fr#@pfXhhO?AatRU75SntnfWB
zTfSkJnSPhFSAyxO1>jQPn2B*-u}Nd&GNnBpOb_%xc}(~6n`Ze5Z^Hj<fOP}a9T7}u
z++AWvX#<-D)&w)-zPHVx(O|Q|clMZ^ij~ZsHs5QGc~dYw=L)7CmSc7Vcbze#Vur>w
zh0Tss%kehHEPbDu@f?^Lag~#rmK<l>Y*Xhp{%EteSF>wBwQrMgSie#>(|JwZ%*Kso
z#tnIEaJlPc)NfRMZtXCol&;lrxXmnLvvojzH1?Tej2=^`zM5A=pIawP^Ki1+S|E|C
zFZK>pvz_$fb;Gngh#eu?^u<ksoa`t@cc~kq4AOJ!I@A+(y?DJa?O;*khCH*VUbb$a
zQd7^W=g^Xh*=+vESA>OW>tS_<<)kmJ7pSgv);rb@Q`0qlF6fA+p8%CEuAe}ABXq5S
zLph*_<8O$b)xe=;qvLEr5tgo=Euk0p3{&ds;hqj9PS3*M^?EM;e#^gFO}MWO5-WN)
zGzIYu9m-lgx1mG*!9_3LC`@z1xcOKuQNs1CMh<NPw8lma%(PzD8avb<OX(dOhiRUr
zZMNq5<)!GkjUC!%XfGMb7dHx2ua?$3dW9)v^(-%k)*b7F)fd$ldj)E*!fFevv|hGO
zpyH&5dpne|dX~4tehynrb3G4^te|U699nca(_3(Ty+G|XSgnjo(PR51Sk3ip?-0!u
z!^gI(`sp=6&M>;dfJ;%;GFYtGboV7#Vfj`StbST(6bg@m)y&N2iF~lwKb8K{zLb`e
zUKVlHur09}DlPjUSZGF_5M_g&<?GPChV747)QGfIE1BgKGs+nTi><L6<-7%p{wik7
zt6P=y6MkWer>^-sl<9i7zeCHxqGkh;93%WkW&MPIn9^R?0vy^hEGN!Mg}qdNbk*ku
zgehKnZh%7>rEAR`_BB|i&Gbmm5cMlJeQvWb#a+*B=FoazZ)Xe8_Bw&~EwDQ3E<Pd3
zT|Eo24Y98VAr@_K6sTnBT98Ar>*4s@ThGGZ`Fd`UL%WEpN;V61Hw)D2VvC~RkjFPr
z>j%q>E9(=eEr&%<IkETZ#cF!-m%@|)J^Uqywzay=*3&42E`1D(>kxAp+4|Km3xT`q
zpb%-nO+kU$53t%HrLh>bU=Onbb9g7iGMmpq%Y)@>ro`|*EwH=;m8N=bbBChqTBt+&
z3|BAARg7NNiq<j*Mbl3Q1ZrJinYE#n>iSyxTrBG!WfC+tG*AiCv%(x&W^FT@voV+2
z)G0KwS{5wMC2Rxe>PcytbD#t+ds`q5vlZ1P!s-pn?9NeG^d-u~R-x3(cM4q8305n_
z8FNrsrfV%7+LzEcpPUW1m8x&eJUX$Xw9p1vvtY4SyT161AZHky64=QW1vxh`YeDz@
z0=3@KDynyD9H_kli{+c6`B?+KV{6X2tkw?u6i@g`k8B*G=6UMH+k|OPAYiZN9BCA&
zHEw8HsIOk2(pS%I<Iq+^<2q6F(?Nl5cVThWVu3z$7#p$MutsJqqcE@Y4<lCDtLL_L
z*gyBO*@kn%+k;VYtPxs?P>d0JjL;w>)W3-pI)KmsJ+fJICu|=57^$T&WHu@w(Eb^$
zC_S%jh`nA@%vK{b38C&r=u?Ec8lkF~W@cy<LY)om-TaWVA0E3JTF?B@>-nLd5o*U+
zttGs{;fBkwkTPJIv$t%6Ky8nV!>q?VeB`gsjR@0x0?Z`F+)+mBS|^A09yD_>IesOu
zFj=HcFY6zOO+B}h!@eDwk1<q#HPbsrhS@J*^2h0sks)?Ru;ChnR_BKv=ZE@Z?BOoN
z?#~ZZ3NbtfZA^aXQ-q?8bagT7&CpbY`WV_*2=y{T143=KmU?9E5M{NV+ts074%Lfy
z3sY+A;oThCKs1|k4bBJ(v@e4dtmkzNv7biB%wEr7v-My>S{gzq%bZDCbW3z6-+CX`
zpnR(umP~;)<r(WDtO5BcgIX81mco+L0$b4SXRHXgJ32q#hG(qDu=?c3^=yl_=UZE!
zv7W%{VZ|xk^zhye?L+K5m}59iV$ij|*dJMzY3+H&at=33Hsc1sVp*oO`x&bUt{A%I
z$MuBOCEr>PE5fqWUpne1qPSaY(GG14bPOx^2%H$U>sin|I^|C;G;bg*%ssPG?5yE^
z9oh+K<`U<LqIjfr%EA_;bkwzeIKx51BEvSu6U2{^`rLkDibK!s=diErY_ql3^ZJFT
z*E;JR`-j;(qNVNi$o?VPVuX0g!6t>8KZX^UZ#{v9wJtZ!#$C<*+e|qY7AKWyU4g~L
zVOqZM3Ot3DoW@yTGAz_@#@WAv)m(QO&|KFBIkW}c3vaA9V4<7b6c+?J!|j+xFtDd-
z6JW7(igBH=8CH;<?Hi(fgHQ|T*j48S>A8a)+JK(sO2+=!BFG6wC*7rGh*k&Zf)Qo`
z*tB=T8kldD#9SC`SUlG)fHfpP?lvrRPM#xMM43K7Gr0A`LP2a)NRTrOOi>z$^1w9i
zZ&=+Df}CN{1I7iT_7g0#HYSYdYxdcU6R<FISO{8jHQ(ap*DF{xW+}|~?K74S>f&ga
zm5+c$KbqEFSnXlq^oA=>7d?EKLmP$FiIt8ycp978Ha!>Gb!b=#GM5kBL-(6yjD>|2
z1dATJ1xxlDEg67a00Spe?t(>s8Tsr_Y3X?}&7IKWp4=(zZy^+>XU8;mMu7Dhmrq)7
zOnxb-VIC~_(`>VL4;E`TdY~=A;Ls1)zp)b9#F{e?_2D{p2dp+m;Rwji_y=miL(Rgm
zG;r=+1&hu?aW4g`*M{mRMuut4vCmP&2>=%e_(03@CsxI7SnMxqY#3-SI*c7~c_~C|
zgAgW|?D;ZSrdQ~rUtpOdx!6C*d3gTNA!;400{7i7u+V|d@wl8f&L|h+^%JARl#05R
z<j_VZ6rNmf!ZO>6iy&N7<|a9mR=Sq#(9$r)+Ziodj7!oySnvj}>dTHaugfsrBYE=D
z#yIRtp!sqU**|2g9_b&VJwk}BHhhZ<Rc)-pzF-s@uV)80cSe9ST+<ihG#Zv@-gw}O
zKP(Uz*;<N2%Z1h&DR8lgE0vO?&27L)q4k2r4Gh~JhAj(Luu;+JhJo4<SS%S=ft_&K
zm}IkIFO%Efay>WIp#_e$+3=69#(-=^(A@oLJ%QC7ao9F6)+19)Uz=By`*m%+L#vx=
z?$pL9UmFjL?n4SJh~0WFQYhohjR<FVlo$%j*C-M0(vn~`hK1bNuvh506CC#MpmpIm
zX@29)32#oE>99EOit4B5206oMZd8QzYcD&2cM&e|a(jg63S64vYI-s(Zf&?G$7Sm=
zSaRaxhN#p;W3gZaJ0TQ=RG7kO;0$S*r}Xz=`Rm#BLhQE@^3n4~hA19-_+*E@Uz#yj
zaW%Fap%zB|vMmF(`>;A2E#O>jH_42HLvT5~Mp|ZvzJVq80ko&#WVlXusS~1&MW`7{
zFz+k2z%pA0_o-JV>nGB~l$yFW)uHvDVs;kS=op<v($e&9*wXS~aU_g5rq6I_Q`60z
z)7%y=z~XjdGsd>zRC9X6ahPApu;@l(-0d3}$F6HP5i)1fVk{4DJvS2zD8uYxG2>eN
zFf0xX>P3ei!(uDY6<C3p=7xfq07s33#gv$}UV+LUJ^W>dR%M#Caq%W<2rLet*}^5T
z%=DN!_RnY;v!wXTW*wNnW3g$$qVtS8)JZSvCsM=gyO_l2zzu}xP4m{J=5#Z$IeGg?
z3#T_e^MDnGl;&7nl@=Bp;%dw=OEFT~`@q8N!^kZ|h<Q*scJDLPVPPg=S(cn>O?)g3
ztrM&^h{MdpU@d~hR+)7jhlTBhi>NnFyt5tZ#o2oCImRvN96XwtWA@kRf_*EjAU)4N
z#C{baY&!KqwDMWz7LSUtRlNeMov~G2Lx`gRPx%DetIg$IHP_i{gxGB36lA{yE6OOR
z-Msvh9VX}!SY3@1{<jEmTu?q5Uv9otDr=h#3%3@2A=+t#TA8(BTpDIub-*?Dcvvmi
zCi@nIdK;~Kf)M8%T#OqF-vw4~)L~DBh3yuP363t%Ph^KF-F0mNZW0z7T|<}eB18{j
z7j71)G}Lnu8^6T38>$;(KZ8(zqdH&R%CQU~Zf)pvMv(I>Rv$QUePGG0zPAy@lFiP3
z^-RLjOY?UWW`otyN@-sU3+p+txf237D`N|BdzF_=cx<FiMyRKm6dA8l&(AnVpismA
z-yy^qZ%$8-WtMe%agZ|%|NN*$g)RGsu$t+40U`Fkn1w|t&Gf8S99q`$!l%b?U~vxO
z))u>C?bq_pPnh9}uzH(KiVn1&h1FHh4hYfeuP{$d@EUG-M!~}1VGlflkU6zDB_2^X
za%0c3cVEeFb7HPWsJ~fioj~=kmHJ!}rgd6nxs40sRamBHx^)ZG9?Cd)0NZ)n)#jYQ
zZW0iv%+_<4IqaW8>uEH>V@>|vfo(h<7B^+{thNOfN3;mHc>6D~S{dWe{B<i8@871t
z!k&VA^L+@RR5ZEdT5B$F2kQ=tBV~+;eKoA^#@xNlP=0N#*5ywN)HWB^K(^3+9U-i&
zmzq1T&o2h|81r>)6&_bX^EH}ydO@JwWdk!sHVDy1A{1m)$*H*>mh`NDpuOZq<N5*3
z?28aLb95J{f;V6dF|DzIN=aQ?<IuWpGVgql0_DtvW$sjPh;|fKD>FShY2R!*1#WH-
zXzv9J(-G&%RS1P66}EQlXLn#VgJoR!DfM-2twR~6hvV-%de&Np{q3zrzO^Ctpf?N$
zAoMCia4SML5yGalHbnE;W}Yvx_hIHtg(ZhAG*Eqin?84Kn7zVwWBMW6P=w5EZy?my
zYz(^7VMpP6$rZ3T8L>n92C84}&`)eIPMI4Wn)5C*8%}{Zfeq2KHae8|^jySL+->>*
zQ=~Q4GAy3OjV)B$2#YJlJR{$L6>M4?1GQRv%s8CJ(2!xUxMa=K?m9hdv%`M)O=Fe7
zgO%ShZ_sh$h1$pJ;aeQqE@+|1fv3z30@a`2(obv&)9Sr#EzPoP0<{saWMkl>6R<c3
z(X>W^_Db(?PVqKuG((1t^Pqa>9lhflVOqpqbNb>GIvVGaHyrB8y?XI&VOr0e{B?#^
zw+9v{89avPv^R3}6WhX+#=5qh4^zXpJM7o?p+S1&_7IG8?)H!jFPqIq@F1%|6B;-Q
za}n5>)yDB6RuJO{R01%!jB+BtJPNZD>@GlAU@+fpW5yVOM`5Opsc#fCl#w|8H<;zd
z8Ksfk%}{|*U>DIJ@2Ibr+*zh2eKG=I+eZWR#TbA`VP?@|0dfk!gRJO@J1gr`b~*zd
z87yrgqi~REPojZ?%-oYDPm!Ds=24jKuwOP*lbLTi!188Fo(-msD+=QPXIKFv0v8g-
zL3Rcfo2J3cxJ24y+B(1ra4NJF18^QNj>1g$U}HAYzb<(#n8#XMtQ9EWq6lIWG7d5;
zz@}pyWEO~B!YB|sf^igPHf*QV$*Nv)ca03HZ%UQSQnBKUgUnjr1z7q)fa%`{c#x?d
zrh%g{Gu;t@d=%h8X8L0Q^^Yw-BVa_F0Q2}KW&wEs8+sDp@!v4hp9aWZ06f0n^Fyx1
z8;1G+j@hG|0Qo1fzG_cpV;=n?)nCCp$V_!x@*T-{CI1HI@gipP{{YDM0G4wf;6bMS
z0ATz>`nMDU8rA=gn9JP-<+F-Xl1oc2qoDtcD9b;R87wF5!pw$xNd13}jrlDLW=reH
z3JNn_RS!BRLUS4azrifZB~%tjR`v9^Dray4w}Qop)-smNU>j+Z8ElI`Oy5E3WHz^>
zw8^wPN$xClGWD)t4IB+-IsFy6vms#P)))ik5+4r6KU+NhFyTlV&oL#wG{@tgxD4W_
z$a3g^He?!@4VlXs!3we=umMYC!lg2y0P`R-ekGU<Tqol<NZus%?O@KFcfl<8pyWef
z9%MG)h}1u_TJ*6@KxXhb{;<M4Fbg^bE(yK_b^+f2bML<cW`Vzfnf|_vw^PJHrd}M(
ze3ii^z_q}fVHrUP6hpuP=9Fv==0Rq~?Z7M`0*tb4og_zsc@$>m?<V8BgIR7gm`VHL
zPdRWRm>o$o^$go&1d2nL3FeqA0JEZnU^ZY0m<O5mQW^iM)X7XQr2Qgh{4yE;EMxo&
z3#?#;EO4ddRWc))1+A8LVWz$YI(xPaTn~I&rYp>pzK}Y(2zTT&QXsRSvtUZ+rB0@P
zLE8VsOm`9K*paVgdNTEIz?{6_OP$R6pAi`Mqf9_%#_N)ANS(}~x+`rmgTG6g%zS@H
zn@sypX_IN+Q;n-dBLLH6w)`)d;31fk>Z#25B4$BGcmIY}ed)gX8SJ;lq9wDy60n)O
zq}2Z#W_lNyp3HJeOPkF2GLp+mE>}cua|jp-%7dA)qO>c4d62m{Yl16)1HkNlu#A5Z
zv%;4U&m^JvLpw~SCo|a6m}W-6OwdXuAT!uj+GJK34yMPtfVs=`k?~{(`{EBf&|m6g
z1_wzV0``Wz2+Yl6DNi$O*{hNTm<O5qGHH|9fR$ioTnlE@2FaVjjNb-k19nK>C3z2+
z<-G~!L1srX_94KY90GG6%mcHa(_j|#1(?S_F$?|@>BwJ6J|p?8<a1z_dkM^gjPx0{
z%Ls5k{LU0?--Fr1n_&F2-I9D8%mRLwd|&b-$&6&Y6aPqNgY42K(=G~T$DF}M_~u^;
z1n|#RT1J#*g#O2YCK>cgBdL0U@z2&2e^`vKWIr%kU~4ArKrsH<LZsbX+AY9zcst3R
zz&r{w%Z-Fi?(8Jj1_DNVyUGkNVy=yTh-U>cU^YBK<{K&V6=qg2O2&@{)88qQCxRKD
z=7cSffk`qV1I&ZWYlnqk_IwGL>2w)SW>84`zv1#o{|3@?V77yKy4c5xSiu3w?}K@e
zsUHTH2A=}62VY6P0H!CdfH|{%1oJ4&lzze=mh+2@f1WcauxGzYzAY0%G9E8@F@S^2
zmN%h+qcF1qUqgK{vwT0`1&<ms{^?nR(Xbd<aA9VFLjX2tsEq%A#(~ckz=Gpsf&aw+
zK5BrImPkjD={OzWi2VDg!Enb>xPk|nE94kJH+?KGycjSd{^=0|k{FL5SU?^?|DFVR
z{5Q<>|2}Fk-1Wcu=z+WBzmFQ4b3WrJ%#{9p)L^dEe;+mc`>4Tu!tn2-25bw3pFQxz
z^zWkvIN`;QAdFp<Cw(0MK5FPMJwayh-$xDqK5F>)QG>BLyzmjk|1Tdkl>LuK4SL$i
zRK4w~2tDYOi~h%{2&IVL@^l~lI;@SSBk&IJ9azgwyXd_>k5G!~Yd`O!clg{zw|^0#
z;8n{n`snvzy#uR+u6)@?-|~fv9`|Jg-Ui<TE9y%Zz2a99N@+djt3JB(S1$TTu*&LX
z&-Bsv!CHm-%IgWR;?KC~d1oT<R<hgKKDz5!7d`!Kgi=}0g>@X3*SQGAO;0=5N1u4k
zMZXNoUH3fSM{jW6MbADTp;Xh)!#W2m^g@JEL(jU<N1t=SMZX2BrXGB;j~;Xp^<9im
zYU?*(U56EUDMG2MFTaHTU2@SM!@?IcFQb2#UGyE7BNR{l0j&G527Dc%G}5<zjsAV@
zqPu((fp1hre}n#g<Dwsg)kN2>pnq3f^u#L>_}<!nSo>gAyBeYR=?PcSzpLmUtN`8Z
zTlDW+^zYjUB~Z_WbsU!0wFo6xPrHWxT|@t1h3KB&p?}|@f8RwYq564P=U|0?AAv7l
zWPOkReUJXZYN-eRfd1h-qN{$0P+IFZU|ok5`D29AR$u-j`u8LH2dljvejWY0j{aSb
zz}wmnVBLo`;6?<#ySnuT`ga5UyBVQG>d`m*D4q2^_}fL-enRhlLhpWxz}H^(!`cU{
z+RqV64?W>$^zLW$4puMS?G}1>3%$D)q4d#nVI7C%^-F{jt*8Bh-u;5!!Rn`b{)*oH
zir)Pip$yQ^!#W2m^mYWko||<Wy}OOx!HUs?@1S>g(7QVkO00eZ)^%8scO&o>+2wc9
zySwNetl@h2Z|L1`=-qD-N`n3X)_qt5eveQ_>RW$D?|w(`{)kW#_2@q^dVgT_U?u6=
zpXlG8=-;0a${2k=tbMSm-HT9C^n`op-#zpX);QhmKKgeb{ktEbOwe;-9f#%hAVNvg
z(;lFI570kYlXcI((7(UXzrP}sbp1T6bFe}mMkpD2)<g8~A^HbvnjZWJ{d<J|J&M5V
z?l)jvhZXraLYb*Ae~kV;M*m>V*2ABme^1cAClUDK=L1;xVGVd1q0G~_KJBB-U#cj5
zl<cL^_`6`~9{gP>G)jv^3~900Pg)|%svun?kX{joNlS%W5zwn*3`vMw(lSxg3A9|K
zkzNz0Nh^e>9kfzRBdrqWNvlQEqM$V*3nb<gRb0faqDq9aRs<J=5L67ps$vk<iyIWK
zQ;2kiuu&{`hOo>T!ea`XMYsl`g9c%T24Sms06}>}bSn<pCbp8c3#9~ThlnQa6njX!
zgjN!?Tf~s|i2bBDMOhcnTOxt<wm3|BN4S+jC9b7VNqQ+%k|S~{9H-z_8p3{&RvN;@
z(hx3FI3PUBAm@8x8tI@oPkLW8EerZUWRVVutE9ssxE$z+SWG%9Zje3{Ez5&G63ani
zS$P!uxIBveScF%Aeq5|2<%$QS6QWy1&?jOm=~JOp0_BNl(r021>7>vqqaf$XC@8Tq
z3OX(JLr^{!WnDpEhy>D?;xOqe;pPT9BgT-<id>L5?#8}WLDusktqS{Eg?*)PQFyvT
zXy6VZ+a1DXah}3C3ZYdYd?T`|LYPw(!Yv9{MQ}9;LDe9vss`bjxIy7Mg~;j<z8A}@
zLs(WF!ea_Qitri`I@Ex$qXvW<;sJ&G6b5)e_(^Q_fUv~_f=f*Zw?uSJ2vId59Hj88
z&}u<&t_2~n7KA%uKZSi1s?~<@n@Fe)A-*<*JPLmZw>l79>p)1a1L2;?rEr{rS6v7X
zL|R=46YD~_OyQyMtOub%JqX$LAUqc5DV(DaT3?A!pW4LS`buvxr#_ThP!vT3H$al0
z1`t*?fKWu-pm3c+q$dQsSndg7nJ0wD6pD%Ph7dY5gs`I_1Wi1kaG%0}Mi5Gft&JdT
zX#~NgF$5P8-55etV}uS;C@nNE2+m#*61^al75gddqfpHoLV1zk4I$neLLP;R!mSAe
z*Cr6sn?R^6aw#0A;N=6sO{DoinCJuHG6i?x*%U&9rVz55LZ~LrQ#eN<)E7bxk>v|v
zjxU5;6l#iKKL|m75LWp?s4Z?#xK1I`A3|NR+#kX+e+Z8$)ED6a5IO`v*bxB1Q#_z>
zpTdA<5E_ZC%^+-P2Eio|f|rO6gb;;qq=|zRng}fjf^!gr#2^Sw#eNF=C{zoE;3pD-
zA;bqm$fFP-++Kp<`Vxfnmmma+Tnfi2c!fX+7HJ_6CWb(`Od&*gHiyulIfU%y5JJUy
z3g;+<hC*<NtWXGZLLuCu&{714K?n+iunPZqgwk5vpm3c+qys`*vD^V+nFGRO3hhOB
z3kV%rK-kd&Lb!N9;XZ`{Eg?jRtt}yJX$irl6@*9;-3mffD+mWEbP-x>2+pk`B({do
zP3)(zk3zLJ5PFD&HW1?5K**!eOSrX#;Mx{KdRqv6L@tHn6ujC&h!$z>AWUor;WCAO
z!m~Yu2JInaw}&u5oTqS(LTCpFgG5#b2y;3>xJ4mG1cyTi3Wu;N973$PLE$=u$c_-=
z#PW_1mUV>in8I)o&c<}$GT4F6D+vN8U-*N<fKCubimja>Z0Q8SB@#lSh>nC16$#-W
zg(RVMhTz;8LSknKW5j+6`zTcF0wF~tbb%1x1wtN$al)-D1lO(*(z`;KAaW@jr{L8M
zLYheH24P}12$v~L7M|T9H0TZ?yE}w*ah}3C3ZXq9WQeRD5a#rNaErn;5!@3(P)`V}
zdP0~kZcw;RA+i^QnPPb_2+MjwcuZlo2=5J{LvIK>dPB$(4=CKHFrW{Fd17lH2wVC<
zaEXGDEuy0!L`6Y3NMWJSq9Hg(Lr9E<uvqM;u#ZBuz7TYg&=*2{UkG^=mI}9i5M28~
zNbd(hh+GQCDR}jVuw10|hcK}}gv%6G2+si!8VrDtJpjTgah}3C3ZVlbtPxoQA<P*F
z;TDCpB6tvlpg|B;4T7*<+@NrsLgZiw8^!X$5S9&w@R-785gr4fLkxr+F%Y(j2Ndp8
z7%&9FHnDXGge^lLxWq!(A);d;M8!flNMV=IhC*;23L$YQggs(Eg?$vN#X)#WB*a08
zkAsj$;T_>N41()02<gKh<cM4f$0>LXhp=Cy4TmssIE2d-4hYY92o2&PWXD4|D9%$j
zM<Fx;!UrNN0m7UF2)8I47QrJR1dV{OY6OI%;s%B56e34L_(&`t31Qht2#+azEW$@Y
z=r9Vxj!_VD#RCfWDGW%2@QK)(2w_Vi1eehe@<jA#2vMUU9HekkXh{&9lOQA}K{ze;
zQ`kqLS~7$$L_#uz_+$uq6uuH}V<5PWfsj51!da0^;W!1au@KISw6PE-j)icU!bRbk
z0--?)gzOXum&JJs=O~1xLik2xr9zmK3gH%ot0H(DgrIQ{R*i#jP28YxokHYz2;Yn4
z;~^{?58*L|A4T{C2puLs*f9aZ4e@}&eF_66LikB+od{veL<lZv5N?U+Gzd{?5DrrK
zRcMnSI8TC*I0?cXv7f>|3e_e<_)R2Ch7dm)LLP-bgxeGdu2UeSPl0ex<We|J!7ClY
z1Cf>vVPZOj%M>08&#4d^Oofm=6~be2p29f_p&7gYQN-K~UVvmkxdnw6Ael%KlnG%~
zCWIp528HVsBBw#Hi{;ZGESm=5F@<6x{ACCoUWTyaWeA#hK;b@x0n;Ir5L>51*fJf0
z%M1uEB6<dds2K<yq)=LDGa)$7gpfEBLRqn&!afSsW<e+~5@tb&p9LY0LPg;=8-nX>
z2<fvSR2I1uj#KcO1HnzC&4Dm+4us1T+=XWrga%m<va=vm6Xz+MqYye5LJg5M7s8ym
z5N=VZDT3!g2$~0B)jSBb#SIGADMZePP**IU4`JDS2#@FEPOVJs26~IyPU2Ly;%qOE
zPaIvu>4i8!`YceKL}s=UWW**fKx`b|0V&Sd%8Yf^E39ga?9N6~rHq)CjdSzsTXFw!
zXrWS4z3d`BTd2&n$Cbtlt41!Pq=}1^DEkAv_EI8e%ueN@Do*LjAvA08D~fP=%ftMi
zybglPFutG4OvOheq$cn|)Dh2|)k5j5s=xZ@jNYjXDPk1af0g2_=Cq^oYEde7<3Fhs
zmvfZ2a?qe4g`#HtCz0*M<BiHi`}}0|HD|5B-2$U?g0?6f6lG}6w5`gvBI+S~j`t2F
zOp!Ic?5sX0BT)Aergce0TkvL0<}rLHrwsenh;l{iKMso>mEg_)Qjs4&gyo#iQJy3e
z?<)UuY>zskTrJg6?a5Q~V7E#mA)m!FJ&)32Of9v1Mj0vdVYI6effviA#*c<Qq*hL9
ze07Jfi1H{8W<I{Y^Sab3NsX`ate2V_m{s#dr%h6;Vrm)28<_Z_m2tSsgnW@UL~2!~
z#<!+Q$;{QH#utyyuw)$7rN-Cdx=F2u)c7tlU&7?!AvMexo2T_gA^pZYd{Zh7-Dd0g
zfgiQ9zyP`eM{TK<LwJzX>PU@`D*3_)kGfLh>yOOCqn^|%BD@}8L+fWqkuMZgkgaYY
zHN5R+dkpaKlp2TV62d$hO3e-7I5dWhY9zHP2)_yNXbg>QbqDzE6COS?T}D+Hm|*;m
z5N%B%;vfGfKHFZY`N@RUVebQY_{(%P5Z(_kZ!@WRAk6pOc?8M4H4)}3B5Xjg)M_F8
z5!%cDWZ3qS6l)`V0ARr(QtL|p;%MO|I(w_NM5nsyzJ`M#@I5cSG<FsE7Ptm{2Ye6k
z<>l?b4pr2vr!LSqV>v_Dii7pk8Uy%3)NsHL@CO2bAOPRU<Cp%7xz`*V3WNbIfL1_j
zpbgL#Xa}?hIsjdOZa{aShX}5(*3RJj-!p+(z-%B3m<!AU<^z*~DL^{FNstVT1yX=i
zU?4CE7!1S!LxABxJiukbrNFo39|2G4Z`fQ4;{Z(mX0{#(^aOeVy#ap9f!}=Kmogdv
zo<KvO5#S9p0enQ+25RMs{Hn`e0AIKH0{9a6N`y90yJR#$&<AJ=@I|`oaP|%0CcqW;
z7<dBkCFSA(-x00=@a6CO0N)+vr+}pZzCS$<W$?Y~Gk_B`JKzlPTTxqqH-K#b_nF%&
zUb4J{gwtWq0Qd&^R{-BxTm~!$UISJFtARDZT3{Wp9@qeE2DSivIk`4a2k-<M0Zjm3
zzz^W-j4uPzff>L|U>0Ap%tBy3kPY+)xHSv}xE*u{dIG%xz6I?HQ~}(9YCsYijWdF=
zO}q+T1}q0&16BZ8z&v0+umD&Dqyw2i8ZaL9+eQKrKseA5hynO5gGIn%fFIK@2VMjC
zErOXC*lu91My@_CtmXjsC4SLk2e1>^4Xj03>wpcwMqm@bZ?nV#LjgB_=cN<C@7nO&
zH~g+qd7y$=+fZ#%{2|gm0v_AMg@&qk#%~D!4%`9w0w-S;=lkXSZooNU2lVX#U%meg
zn1k>v;3C4@<}L$#2e&=Y0SE^=0ujJv;2Yp0;23Zm$OTRSp8%ga*~IKds!PUF7<?=B
zJ>Vel4zL%<0r+luGawKM0{D9DCU9qP7l1GL@~yT{ftA2&U=pwxNCAcbOVCIicm-Gq
zv<Er>4glYf$uKtJw~%lbum#}vf;@nlKyBa%v_Ap9anCOu%tn}BR^WT=?SKvdUxIG|
z@SXHnU??yQ7!Je(iNI(e8JGy90h55qMX;Ij2Q>KZdL}Rpm<?nBbAfqcPh(sMbVYDG
z@C7=256myfJOQskTP6dq!d?n|g!Uc-cp~BXfO~xcFaqE=)cEx|eq-Ppq`d-M1+D?#
z0enrqBFe7>{DAOsU<L32zgaK^8FPU{Kp7OoS1MK_auu)|I0}3O90NW9@_^5PlfWr}
zpUHJaUVb~PKClAzMqm?A5ApSZrT|axen2+Tayjin+OPQqs`W6QqEfyyJ_Ses;($+}
z-$bI_;9B4k%z$*XdFJGqG6&cX@GSQ}@BwfPI11n_XPngD1M?eT)Cs0Z_Ci58eDD~H
zXE!#;xCr3|1W$Zbfp*Bmox3*Tcx6-?;JKdPXXDQ81vCb@n{!vM0=NOLKqa6e@C51k
zeZl+So4^g=2jDy4Ti_~ig%0@!fjoc{elq}%8LM&=crL)XISbGLJAn2XS4nV`k(SqZ
z#ekv!8#@!20Za#Yie)Dn13iF9pfyk*XazLqe|l9H0iJ{LJ~RJs0OQ=;2;30x1b8i1
z0&oFJ0u2Bbz=BJQ{Y}&+8N6^R56G+Er*u{spe#@Us0365Y5?^BR#^vNu`I?P@CDdT
z+C1s;dmvtb55SY3AHe<u10ev@@lpYo3>oZ(tp(5$=m@j}+5&BW<^VHB0PO+BcL2hH
zP5=vGJg+6X0nFD0;5ABTpew-Z5`tPLkOA}u`T@OZ^+KR05DoMN`T$YVjt7qd5`baA
zKwtnc7#IW$1!931U<eQgFwbyc1TYd94I~2G8O8!UIVA%Vfh4wO9KZ;QV<e}7Q-JZn
z1Yjz_0+^Y5DmfkCPVh1?4X6lM!&L;~IY1V`@H${E@H(&xSP85E#CJ{A=Jt6A%@fsp
z)f!%_5nKbX;`IP4-vDd`SkOUW3-BIrK#cKKo7CNk;JZK$uorj-U=hSVU_Zm+BVRQz
z_<aPQPii&wGU6@)7lHG@Ip8dC2AC@X{L~uw9IBfi_Fs04xmdvk87@3Gzn0n+@HH7`
zp6_M&M{qgdx@60~2fII@0KWjYfS&*>J`draIfE?W4+vIb7RW{PCzypW?pJ{EjJpl|
z2HXYi0KWs=yP4n#s3_PDH~}i~7}`@tBm5BjfVOdDJbh~U>@O+OW*nIXG9wFM{3F1~
zC*$df!ueSF^YP42t#G+UgD7Um2o}VIMOdLctcKBiKJ$yxX~@e{Ax{*=0cW5XVD+92
zeLkN#{zzn1!a}UD#U-IxjVXmNU)v_~dm$UhPFNK%J-x>v;0-2+#~KP=yvZTRU>*5G
zV2vSL&rGa<S9$adTVF741$pRlrnh=&6j-QCtNa%=wldGZRx8;$t5T~%t2b65?BR<F
zvgQeU%L!&pK&!_uYPgYy^)nND?hdf<ze{X+!g47q;vE&QI+*|YO6g{Lhn}m4a8=-W
z?_|`4=mD%jq8i|8G7-nGy40=SGfm-e9mMlm($Z=nTpO^;vvlUOhR0ehGA_f|S*?UN
z7KX%@8w>Z2>)CQAdqpq(U9Sq4W94Cb-g9zAus$BfH%pDBXBbFPr~$mBVXI%XrduPf
z6~J2&?qqy@KLmIQ2m-7d+dzby0zN=9z#s4h{D1%;m|tLT2{?c-$t@&rLcwKKT<60s
z1}+LX0e`_R0=@x$04xT$E4BkC0aJkmKvy6U7zJblvw+#a2p|aQc?q2{6Mtp^k-&6d
z3c!=+Wbj~cATSBx3BY)O_xWRiRA30eOAOxXcLaI@J%H{&1P~5%0NMkLX9L+N*2SB-
z&b&$CX}t>!JUlR-7YqhR0et}8^$h|B0Q~`G><9D(s1KBg0kh|Yd(2+4hs-k+hy{iL
zalmjO0T{{kUjq#o4TCLYI0eiejscPZo?Ozv6D2aiF9Xv64j<i}4p65}rmM4nIlx?C
z9xxwZ8RJmiLhvHsJ~Ob@e*mo!@f-Lq!11{QUIK8Y(sj3iUx8nMTfk4ib>Jqzx$q<4
zgM7SfWPbMi2Vg6(1=tKM19X7p@qcB=colz^0<QoJuLV{B%YoN`HNYxhC9qn8`s=_Z
zX|D&b1DKX^yiTRYG|bC%8v*9G;u*Jr<Iff|fmNuLpm0O1@Eb_?J@6f{3!r`t_!hVd
zSQW7GSAcJTT!4-F8n_HtjmkrK1IM2YxCr9{uoE~BoCDqg&H{UZPk;}BGXOpD74QY{
zIq)`c8lY=W0VjdafKPz~z#d>5U^RFL!feELU<1dWmF@=En|A@Y#r7t!AJ_-v0Bpot
z0Mjs@l`>3kv7roGg|b7mS;6zn@~K&k$Y9S{`Fk>gW6!aot68`;jt3EDM!J&)9|t}L
zjsYJ5Yy>@Y6ky}u2iWT)z+vDJ@BzRwSSA_eWLSax*0KSt`~>hKw{hIqXf~J)WkFVN
ztT<|HJkv4EGC3!#Fv~Y>j6YjLm$Kzn0%raaux2zH!<lTwGd<@4ZL1QN!+doAB^hUV
zkn@I(;1Ds7rSIhU(~TTk7C_fp<Htmtj8=x{!(0hggV-ah&<hB2;xdlm!fDuR?it-A
z8xK}_zd7r<gg?W!8e$CzwZet5LKgVEPK}-6q+N@$e+S<K{scw=Gk~W+D#u^NnXEeu
z1^fuiJNtIvzksg5W5CiMBFs4IYmt<@9CuCLQnElR?GqX1S<%v%hiO=!RnB9s|8R(`
z)Dl^N9rlZEpvyq#7W@;y54QL;+yy8Jq@x&mtOUXu5Q#KD09>lhuvu<l@A3bX`IX~;
z3*d&rJ(`8{F*_^ZM^!h$uHcDat8f-v85#>`o{9)p0Jy)G2lFE{R%Q)b;YzI`<M41Y
zW^g871h|`V#&hNte(q2Uc3<?W5(>2n;`mx&YvNsjX6^fz5oY1504_<Z4mXs+9g_`X
z1E6OZ>zEZkU*PkT%4#|F8Yqajvi$6gpUKrl*dM43P_GTG7T^K!BR0k}51(%F<FLUk
z@dwAD!=ha)wO&qgD|LyJ(n)k{uQsaPuZVH$pE=kGm(@6(pBlDcw7p8P`KmI|$GfSw
zFRlv2n)a%jI?YME+g@#`?y!p=+N)>qVf(=js++s@6S)(sCY-uDXW(7r^Fuy7xN#SE
zkN}?tmk0+n5$=(oVBvrjVExSO>RAU`Z+Tp56LK~4_F-+-FW=4`JL2GgjyH}O<@tDH
zHbjeTWNl{s=B`iD$>obHrw1TG(*V@yW3zshH+oy`n=UiQzh@Nc%dFFjic8_DYgOy_
zhPymC`p$b!LtaA)f3w<6MMas8sxLn6Z{1P#Q_6`69o2W#bI!s$LUnESt+Vl%Ei)lv
zWW^>+vNBmGs>BSieo*-C#}~9_QISn#4C?&LSxiA*cljH{nNt_O^=XY#RcaY2e7td`
zSw-xMfG-+qrss==x_mQtLvtUQ0KTw(*7#V-->&`T{y{oo{Loxf+gUtDR`-#}ihr3i
z`yU@XtyA%v6_l`0jG1?UPpW9zNsUzZY9g}}8nLdp`2${QciuU7(ed6?Rq^rm^A5(O
z(8S_CYK5XOF@Z!LGRdK;YW*m3qp#MFJw5Wx{zkieSv#E7HB$AhYW-^Q#;n(CH|)GF
z3@PYNbpBU-!XBx1!kdOk2hmRJ_mHRWjyu^fxXXUoMfjkHsL>hz&K3ifscvFaXVqU>
zAl7!qOerG{bXFq+tY0+lHTdVJe=Umn6Ip%HbhN_yZR6124(&NnCLkU$f##q@iO?>n
z)%vmHhD|y=y5Fw?r)HqpyjU>?3Gl95Xbz~g=#zss)D`n!iMw4?e|PI=kMl}Ke%be(
zUp-X?9rq4^zhXtpuE;ZA^aH8qT*dgV>T4*XY&WPbq7f-twC$$)1&Auf!_ds3^Y`{n
zxU~8gqv?iwUf3zawJXF9vjoods)yXo-$`3hG3RELneUB62^=>}jkE6JQ8(3Bz2Yu>
zx~rYkJMLm?chyzdC!TgkM(d}QyJwx*Sv{&_ab)Dkz-y<fich<%4K=rF=6erD20wS}
zcaRTNsay2Gputy=fy)>*B?;vnIMe!J<(Xyrj~X>YS&0N#09*sp#k3yiv@TYF+^rvJ
z?mBhUdzbdSwH@iC)4Ph3JuoHD))3WuqNR;RU{AGe?c|zR2$;fi!JNvsKTJ<vdG^yU
zSUxrcOr{oMO;0S7rL~Nw(wTj_eHl66Zthj10fskgVk2}x*41w;`KeOH&u1bg2%SaS
zy~QnLZD##w^W#y<?&Ml+E+7GS3?#UWtYwh({$G>hk3_w)QB{sXsSM>-ZPC0JR!+$}
zX0=13j~-cF`gOai+(U|rNKr*3^+LM>k$|-~Eq>>xhV3disY-1q6`)K7mjHKea%7#`
ziK7)zty~`Oii617%=&TZYPGJ`KBU#+vfwU=_45(3V##LqRaRbXcW+Iy(PCr#(5{lb
z(Jt%vqJJLRx7X$7huR<oJB_@(g`+pd!yyv;VLYtgp*|h;#;Ne%*L<%kQ@M5F{4rHz
zBVE-OI>)MtE>J(JBQBvzRk{SP29@rEj$6N69eu1>_nRFb{EQZu17>seG(B|nN#4!|
z{w~W9!(9opZyjFjMB9vw#to+s>^;(|ERJ9wvVY!?+tBH8YDIS=2p?F#b>02irjf4<
z+0|QBT8R=-YOku+Z%M~Ln3Cz_c&9z8!F=IH_Io2SB??ZmevSH<Idd*Kw;%Je6SqA-
zu46Z`D++zEe!e<lg3__uZ<opxBxs4tM2_;2`;G7KI(}<iK}>J)7+Kw|pTwU0^N`ym
zr*AEkV47$ejcy4M0jg^Kq;^&J2lKx7D}AP*pks|iW;FbIrLpknht^s@%Kg=w@r&MH
zaU;x0!C8$XWpfpIEHOZw?hEQ66w(;63gmA6<abS{(yxEhbI-R0xps>#OlQ(Rq%#Y$
zij|d^RaX7`Hpx~iz9P6Ec27CohQPNa;kI|}Yd1LMZr)=IeK4mbwsp)$eEH=7$tJ$)
zr#1>*)Xe<-UF-L=+YG){f8k#*<LaZSH?|FQ-TDde)MI<64X<?_*8@$xjq+@PBD6pH
zZ~YW^)NfOM-*n>jjqJafV3Zhx1bEMQ9;mAI+uuHKrp!P6<F!2n=?(>oL;Y3P0PEMn
zm%mi*SmplnrWB;GeouVQ-QV6BG_ZYaL5!Pl8GuGuKS18#dim1V+q&K@NYF>LL;}2Y
z-H++4A2459!++$HzyZz$>2kzErfVpk4nn#Xq2{JCyVSuM4?kG?wW>6O!X3d^TxPmR
zyhMzXRhfZmXT0$~XrSs>b+5zRNz+q44tf&*<TlGTeR#?tb`Hb@vwlSUT+*X=0(Ygh
zE=W;STpfr~Yl(*-cSj53?WD}MKHpDxsr}k73exo#P0+l6Nk~u~jfu@lKh%0s_lE@u
zmLaAFn|c28!PS<oomCK%Bhs1m3=()C!I)c3R!;h}p)m|*EB}-+bNiJ4;M7mYvJ0|S
z5}(j1%~~4QyqVs^uV35Xaj|7Vg8wV8HL@?nW4s2&CW9Bq^}%Y0`bRr)YA~jN^~2}t
zrrRfm#qVpRDm+nOlG?1FMsN4V)2&tav?|RjDC060FJ)AVQQgX0zoqWCBzDr_Rj=b>
z%>yrVt2J@SI}-8kk?qY3?bT5)ol%d*R!8dt%-t$htU-bR>&My`-QMzPyYZjaE=XYg
zocsBQ_l_06b!}!r%p2ksvQ|BcvUw8iFw54l@#ZMKAi?GKqSg@A*Zm$+ltGI3H@@{z
zhaGQssK71RpXb10B54SQ-c4i;Q5)I)JK&x{l#Ws>D*oc+5VfXyJwn_ag6sa@B1H9A
z)dN?Dj#yOr!mC5$r2C|kNR3q+;u2|1EV@5O9FE0BWn)o#sM<(rAwq_#ckqQcuQ(K9
z{UZGGL3fL_z1^mhs$k{fssfLgx{4uj>M*6c$c@8ALvA<m*)Yua^2jAKi=o5R#@bii
zaBGTwd5Go1R6m){wY>Gy^56aZZk0nGk58-k?#+W?YKSsJ1PsSov3_Fyvt6}9miOF)
zFBRg{Y)r$m-NlUIxUjm|Q+SW%Nw254GDdY3H;1cLuxnMDj0RK^HR3^y#k5JF)}kB5
zej;WpC{;8`11%D3nPitJI}w+Or+SI1(^S`2Q`L6rpS?sf3e^7WWqjP7xj^Klpl8Vm
zYGcL?PE>u1TXC{-t58{mnL`;RT8>Z${ZHi;AE^%ek2Gc@#i>-aipWe<%UKoYH>#g#
zIpGCmoB7le(c;i}b)Z$OmD}P%rO+kMC(n;=B<>`^N5P`oXi#S{l4Llwq8OZ_Iw?cN
z8c6O_`r!<SF@Cgf@zyhSN3P&0fcJZNI{u8$O}{)}UA{BTR{I(qezpy5t(NDfecWH9
zCgc7kTpUhDqxy=Ah3Hx5<mV||e!ggppqwlF#0pFqYjQn1b=1=X#S~7t7tEIY@}8TP
z&$!Dh+?t53MI>jZoR88sFDROQ$0YH1rl@Be%XyMNZ!K5ld+=Fr<jd>DujA0u=lU<#
z%Cjwfwu#S8uKWU@tta0hRt2&U>1T7@J-1$;S*ZW$<rfxejhcEbModk^9gOLu|Ei#8
z2jiK^AomD-2k#`uD_Ue^7MdZ??l{l(K+YGjdNQ^qbAa7bhnV*qpH#VBC#j;?Y+Qfw
zF3px9x=brr()s?oGDIX#!KAx4M9iIn2OuTI!6|4)RdIF-P6zd4aV21!4m2Z(Rrs=~
zo36ICFUpTm>We#5)tVwIT`gBAgOuIp4K;7<sxQBEW#WN~H;fh;H!81)(o>(QqqtSa
z*`Z?KR6MWoi!<|H-!ixKnKMOk8&n$#&tqnDy~GDo)yn@_skH{4nOS0R#(z%Zd_TN!
z$p3k4<Z0lUL3wqWTE&_X|M!FO;zm4EfmOINOC-LGftn&_zg#e^*6RHGZjG6ai*<A6
zvaO=;hythNuQgq?oPlI(#JCx1BW*{#ISPBlR;X%jy!d*CI?TO&f;klKwTi6i_PRgr
zEcrwr09Q+W#GsjI+F+436X}0W5IbjLhCNIW$7kZq`oReC2#m|4CbLk9kBB9`C&Vl@
z(%t%n_-}95yWB7^=^_dZ^!CGrl5LoHI*V6HN#<qLz1^?0FVb&3?>d`#<4J*!&HB;$
za!UB6-*bkqH`~Me!ObFaHnLtrRyWL@Vdouh_VNlsgFk?RJMGLzGNyOxFKN+FD;`Bw
zUYp?*Q&F6JMXgjFSAagr=7sC=Pd~d^rRzZNg4}qpF<Wh`jLE4uM~zn0&yq!Q7Pf~Z
z(QPTNan2$iFWf8HqpNkUHa%BWg1iIppbDSiC5!iwkoVQbE&We2Wv}yB8<ndOF$t}Z
zH`HxKiMc51@1L6fkt|xw#q}%S0^{x1isg0QkJLB+jv@ka=Zz;FC1uR$2f_CvM|5{b
zjK6m?#<+@X6z*OR2}&cY+wsNP<(a#;A%T358z2rNfzn1?WV#eQ9Vvr!A2eQZA*7dU
zN2KG;JwBZ1DN4_Sn}?#H@<{OG&a}mSz8!PVD9E3;<r5H70Wk~KzS-+>`pI5K8w@wk
z69bS{StnxN!ox@mC|?m<3`spRMr@yldzaslm$w`*HI3+5W!g8}jcSd@6y?M>%sW&(
zn1>6@uA=UITy+}G=VMLWk7^=jJ`%JLlR;Jg{yEaURIz(LCg>;Q#dq`7&&)C^IiW4v
zL|!&Z*eia_R)?dCE(_Fm<oK%R(}c%Dxc>Vzv)f&EoSty&tQ((8(|^c4Ym#|0x2<N>
zy1!;Vts|T6gU_Z#;zE>LQ_Nn7CEzL!fYcACh}$R-9nuz|L&ZeEBDLn<4G)U%D#k1_
z`af?G3fU<>pp_%`ybDhnPruD@F(Z5{Q<PfF`+-bzO&==t<JR_X4ZUNu2@j5OQ6>5<
zMmfdB!o@s)8|huE+NPPaIOtWcS85(Dhgm!ok0!W6km75Uh)1|(m!RThqR|qp<Lnvc
zd8o<eutPu09KuJ}ykA0k*)k(MRqSA%F!AvcROu@ok~)eeIz;*TLf={DjILNJyl-s$
z*_Tiduhh}dVIo~e@)WU$$%lzgNK?i45UYNVTwHWH&1!!5-S3n5bWC0|{yIw>%E6+0
zJWF(b1@o%PY;#VIh;M&?!j+JBjg-bCR&O!w72LQOJAfO$-hSg1)Mh-;t|)w$s@3HL
zP@=@;eOMPGP*5pU*}UGCre#_!T5A+!JdK(t)+|NVnPTB;v~ZQUwG_j;O}M?PhPZp+
zeH=da+_!kjH?3Zuun4*Mh#!9P6iKfl*GQqPKrTGbe+@KKtl5Q8xsWAxFUL(o34w|y
z&owWP*Ogkfe_Zx~7P4YvdO45)H*yyXNappz(!kv5Bn}ru;XCYi)+2qgD7_2|WjM;^
zYW=F}p-Vm9{&0g)uJPp1tlm{VwKubQn*~l5i7QcrEVsP)h9&vqEzxo)$#u=-<=I<$
z`pOof{(_RcmZP&ZL=4HyEnDg<IlsCWdE_}a?GvTnL@QJgxf4`H<k5ElqUmOk%pM`!
z;aB&53(d!Tr<(n&bpE8GxtkfTNfuq`c++|LZ7>G_<8b(WL<(`5X*P+UNT&PLgA0Yn
zO3bh?7K$<-U}2apQ7<nPUAJIa*AQ!0Vut>Jiuu^MQTP38y4IT%E`5TJM1ET+ZX<ty
zy2xBYCC>l8G-_{&F-8hsesJW181C|AI(^!^`Pc?o1^#psp{w9PPcdc{8srcI=!OoW
zCWp1R_yD5&U}WYzZJXBWwF8ISx)_<8`eA?8g)v=5i>v$9N={f|lSR#g2w~@5ELw8z
zt`m`KQN$h;Q4vLKxjS)o)bg4+vSq<|58asK&5j`fpGUaX`?2QNi(acO8;Enn6~u5V
zd~tKaxocIr?2<7!4c%QNzFv(5sVz1iz)#z7wA=-!?B)e2JVe<wXoRn51afbQbY)Re
z)b{>&YmVyvrIC&oAhv>m-h%bJN~~FjT!z~@B_6Vj_e2O?V$6j~)lvII-E_7s`1kSa
z+RvL@P^-*1U8KK`liN+C<9fXrv(p}$y6G!fs}F_^F>FtXZ$oZI=!;Fi8hfsj_yk$q
z9q2l<R`_y$>-RT(a;qR~1@ROKteGh*G<_|bXvYPJTr1+WwYc0jXR-K<;Z>r^4%NpA
zy^wQTcKIJH_rLEia?x#a(nv?eiM;%^Q^^VADEA|Cf#XvrthdUTGS+%FmV%%A$yd$M
zKHlbolQ|2+IvZU!d?MQ>SB`A3m&o1#KZJ>^+d<d`XvK<)8!)ANi_#lG<}fG|#ej{7
zYbhpdR3odN66S9I`ibFXZoTU?2-TnxUfWy{;>t!WI$53E;0&u09cENq$qB<JQxpgV
zp@QV8;?8bVYjn4w@Ytg|sYhQEPc~uN{@rx+e|9?NZv)c5(y`Kys0qG*K8@M5{4Gf4
zlns97#9;MPisrBs@xij>X~T+@UNGmG_;PFhbdqNot0wj4DiQVuZo~e^GlAs=x!0K$
z8C!^KiJa4NhmlP$+!13mjD}URH#O$^qHVZL@p;|c>0Bz^?|Xax6<$Wj&qSVcitN*1
z(TG#WtW^x$Zgs7a9oyM6lhe)p@Ap?Z0V{}yEKC+{tTK5%u2g6}y8r!d{A?Tlr-c7y
zq4K0=lwH`xa#HTzsXDn|$TGK@x{)<s|Il%%yj*v1taLH9ba|RF&lQII%_8Y3E6(hI
zb@5@;Ag@7&%a8Vj$8LONFB^je^@0`hV1wAO8|T4)O62}vgL(Dbr=L>wz}Gp`<v<rK
z%)(RJx&U&O*F%4oyI@CrCb!IG4XkmN^uq<-Vw^11A2y5aZ{h=W>n^T@aDNArK;8pY
z7B%+5GVW9OPRr!CV098r-v*5oYY``ozonLQpSRUK89aZ>SqA?T-5+n^srsX>V)R~Y
zOwZ(1Du@GnacwwHEPh+<C9i;SnaK~}@qbycA%!xYen+k1KIT8}wfv0_&26#*u@b4C
z&EzMG!vFnXbjGZ-xYcBt(ftgH<_%ZMd%d>pR7>*?!QZ^%H#;gD8*1f?OBt0gIu-A6
z_RO5TtIU@BWfZ3!#&@wYwW8*1Z0guhcgpm#Ra6C68@&3&Z2a5zFshE<X>RHrHjdtT
zu13*fs6W7b_d#C5E5-%7o02Jh!|NOF3y_}IHC69tmU#Pv?bD3*8h05hMN3?u%a5%^
z>OO1=yTn3Xv%iNtya=1u=ya700bQ&MQ(VZHH}CS=US9X8xjRL<{djlcTV$(;Y%f?I
zm8<*NHtaGl$eR{<^YHaSvo510xDW95^|6^PugJ#<e{<gfuNc=~ZaBp~+>i0L?pN;Y
z5kBu?!pKf*BKBQ$y5^ha_*d+mcdc>l4+o+ud7oq4X8F1Al0EEsaZ-auRfC49ia)ZH
zLF3IHy0?Kzx82(^q|=P^HLO>gaEdqYYtRndy|^je#qa}|n*D`-0C%Ga$i+t~>kfaL
zR_}`iyxBG0FKKFfS)4>VZ8;J&KmudoRVZqFQnpW2d(T)Wh3{z0O~pFpJhL?AErogR
zaR2)YX5%u|%{p8C-8ln3|L@*La#Qj6@%@9if<IbSoI7akT-I5|YT}CqAD7D3Nk-lw
zm@hV2w+8=oOW^hoJ=`a@eE`qNt8lrQnOiv@Psp=tobWn?Nquvbx%ccYaUpTy%)NY*
zhF3#K_s>oKzuZNi8?t}M?J6=3<I?#*KOn8M*Ia&0!F*As{h@(ka>YhtjoIYKJDuht
z4_VF69E}Tui)Dm*1Q!PXSy-7Iv#@HS%Mo~?sWfw3Ke}}4)RXTlF9g}b#PlPoU(+Vo
zmH3DtC9A`ew>Q?Af&_BuSpWA+(z27Kr_Sjl$|ze<m?qXHsO809N7OpS%N#M^s9bbZ
zG&riZaK%=JBQ+*r)P#i5L)-WJyxuR3_S8RQ7w;ZbtK&bQ5f{K2cZ!+aT)MZ~?n<+F
z*L?(=Hv~P0_3U4K#@k2i&gRGN87p2od;Lh{rdqJ+mbCqQ8+7~h_Bk)ud_vc`RiDqs
z9tmF9T*e1!!Ryv-YwO)!#_zs7p?u3W?zz2Tb7_yNwW!k6!y}un8w#Nu1Tp*2#^ZaM
zel{L<CD?C#{>$negBl*151aROpWgW9$mHSr2@!u(_32v#UgF*6jG%x|m5HUEq>PIl
z8<P@e+xt;+i4~C*#}2_uYHa4kUXwTU+2-Mv2%G7rRqj>lX$AkU(_nMM`6zf$56AeI
z&K^2yI<H!K&fO1HdlAvYQN&&JI<8g_KgJhv&-wJYdZDODIIhO#96qTQ+tn_LU#!Ow
zFS&U0an1b0Jc2w@5+=nZ4Qq^0%&3InqmzaeuTrsY*=e<Vd^+dArq5j`oNl~KX8AO|
Qh-lwRtt)~uihTHg0L>fN`v3p{

diff --git a/dashboard/package.json b/dashboard/package.json
index 569f906..4e18553 100644
--- a/dashboard/package.json
+++ b/dashboard/package.json
@@ -43,7 +43,8 @@
     "tailwindcss-animate": "^1.0.7",
     "ua-parser-js": "^2.0.0",
     "usehooks-ts": "^3.1.0",
-    "zod": "^3.22.4"
+    "zod": "^3.22.4",
+    "zod_utilz": "^0.8.3"
   },
   "devDependencies": {
     "@types/node": "^22.9.3",
-- 
2.45.3


From c99618f73751e2562065bced7131218f3b10219e Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 28 Dec 2024 23:43:13 +0100
Subject: [PATCH 26/66] NORY-47: create new dynamic-form component

---
 dashboard/src/components/dynamic-form.tsx | 99 +++++++++++++++++++++++
 1 file changed, 99 insertions(+)
 create mode 100644 dashboard/src/components/dynamic-form.tsx

diff --git a/dashboard/src/components/dynamic-form.tsx b/dashboard/src/components/dynamic-form.tsx
new file mode 100644
index 0000000..9020d46
--- /dev/null
+++ b/dashboard/src/components/dynamic-form.tsx
@@ -0,0 +1,99 @@
+'use client';
+
+import { FieldValues, Path, SubmitErrorHandler, SubmitHandler, UseFormReturn } from 'react-hook-form';
+import { Form, FormControl, FormDescription, FormField, FormItem, FormLabel } from '@/components/ui/form';
+import { Input } from '@/components/ui/input';
+import { Button } from '@/components/ui/button';
+import React, { ReactNode } from 'react';
+import { Checkbox } from '@/components/ui/checkbox';
+import { KratosSchemaProperties } from '@/lib/forms/identity-form';
+
+interface DynamicFormProps<T extends FieldValues> {
+    children?: ReactNode,
+    form: UseFormReturn<T>,
+    properties: KratosSchemaProperties,
+    onValid: SubmitHandler<T>,
+    onInvalid: SubmitErrorHandler<T>,
+    submitLabel?: string,
+}
+
+export function DynamicForm<T extends FieldValues>(
+    {
+        children,
+        form,
+        properties,
+        onValid,
+        onInvalid,
+        submitLabel,
+    }: DynamicFormProps<T>,
+) {
+
+    const generateFormFields = (data: KratosSchemaProperties, prefix = '') => {
+        return (
+            <React.Fragment key={prefix}>
+                {
+                    data && Object.entries(data).map(([key, value]) => {
+
+                        const fullFieldName = prefix ? `${prefix}.${key}` : key;
+
+                        if (value.type === 'object') {
+
+                            return generateFormFields(value.properties!, fullFieldName);
+
+                        } else if (value.type === 'boolean') {
+
+                            return (
+                                <FormField
+                                    {...form.register(fullFieldName as Path<T>)}
+                                    key={fullFieldName}
+                                    render={({ field }) => (
+                                        <FormItem className="flex items-center space-x-2 space-y-0">
+                                            <Checkbox {...field} checked={field.value}/>
+                                            <FormLabel>{key}</FormLabel>
+                                        </FormItem>
+                                    )}
+                                />
+                            );
+
+                        } else {
+
+                            return (
+                                <FormField
+                                    {...form.register(fullFieldName as Path<T>)}
+                                    key={fullFieldName}
+                                    render={({ field }) => (
+                                        <FormItem>
+                                            <FormLabel>{value.title}</FormLabel>
+                                            <FormControl>
+                                                <Input placeholder={value.title} {...field} />
+                                            </FormControl>
+                                            <FormDescription>{value.description}</FormDescription>
+                                        </FormItem>
+                                    )}
+                                />
+                            );
+                        }
+                    })
+                }
+            </React.Fragment>
+        );
+    };
+
+    return (
+        <Form {...form}>
+            <form className="grid grid-cols-1 gap-2" onSubmit={form.handleSubmit(onValid, onInvalid)}>
+                {generateFormFields(properties)}
+                {children}
+                <Button
+                    key="submit"
+                    type="submit"
+                    disabled={!form.formState.isDirty}
+                >
+                    {submitLabel ?? 'Submit'}
+                </Button>
+            </form>
+        </Form>
+    );
+}
+
+export default DynamicForm;
-- 
2.45.3


From 0485c224b0983da96912616c7143e8704c873725 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 29 Dec 2024 00:33:09 +0100
Subject: [PATCH 27/66] NORY-47: add action for updating an identity

---
 dashboard/src/app/(inside)/user/action.ts | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/dashboard/src/app/(inside)/user/action.ts b/dashboard/src/app/(inside)/user/action.ts
index 4c393cc..bd2ffbd 100644
--- a/dashboard/src/app/(inside)/user/action.ts
+++ b/dashboard/src/app/(inside)/user/action.ts
@@ -2,11 +2,28 @@
 
 import { getIdentityApi } from '@/ory/sdk/server';
 import { revalidatePath } from 'next/cache';
+import { UpdateIdentityBody } from '@ory/client/api';
 
 interface IdentityIdProps {
     id: string;
 }
 
+interface UpdatedIdentityProps {
+    id: string;
+    body: UpdateIdentityBody;
+}
+
+export async function updateIdentity({ id, body }: UpdatedIdentityProps) {
+
+    const identityApi = await getIdentityApi();
+    const { data } = await identityApi.updateIdentity({
+        id: id,
+        updateIdentityBody: body,
+    });
+
+    return data;
+}
+
 export async function deleteIdentitySessions({ id }: IdentityIdProps) {
 
     const identityApi = await getIdentityApi();
-- 
2.45.3


From 152ec171c5d28809a4c2460bf348e38e749565d7 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 29 Dec 2024 00:33:39 +0100
Subject: [PATCH 28/66] NORY-47: improve identity details layout

---
 dashboard/src/app/(inside)/user/[id]/page.tsx | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/dashboard/src/app/(inside)/user/[id]/page.tsx b/dashboard/src/app/(inside)/user/[id]/page.tsx
index 44806a3..35dd8b3 100644
--- a/dashboard/src/app/(inside)/user/[id]/page.tsx
+++ b/dashboard/src/app/(inside)/user/[id]/page.tsx
@@ -87,10 +87,7 @@ export default async function UserDetailsPage({ params }: { params: Promise<{ id
         });
 
     const sessions = await identityApi.listIdentitySessions({ id: identityId })
-        .then((response) => {
-            console.log('sessions', response.data);
-            return response.data;
-        })
+        .then((response) => response.data)
         .catch(() => {
             console.log('No sessions found');
         });
@@ -122,8 +119,8 @@ export default async function UserDetailsPage({ params }: { params: Promise<{ id
                 <p className="text-3xl font-bold leading-tight tracking-tight">{addresses[0].value}</p>
                 <p className="text-lg font-light">{identity.id}</p>
             </div>
-            <div className="grid grid-cols-1 md:grid-cols-2 gap-4">
-                <Card>
+            <div className="grid grid-cols-1 xl:grid-cols-2 gap-4">
+                <Card className="row-span-2">
                     <CardHeader>
                         <CardTitle>Traits</CardTitle>
                         <CardDescription>All identity properties specified in the identity schema</CardDescription>
-- 
2.45.3


From 45b396189161b017a0a116bbb53b2a5fb0bca945 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 29 Dec 2024 00:34:15 +0100
Subject: [PATCH 29/66] NORY-47: refactor identity traits form to use new
 dynamic-form component

---
 .../components/forms/IdentityTraitForm.tsx    | 152 ++++++++++--------
 1 file changed, 89 insertions(+), 63 deletions(-)

diff --git a/dashboard/src/components/forms/IdentityTraitForm.tsx b/dashboard/src/components/forms/IdentityTraitForm.tsx
index 8f863d8..ef4cda5 100644
--- a/dashboard/src/components/forms/IdentityTraitForm.tsx
+++ b/dashboard/src/components/forms/IdentityTraitForm.tsx
@@ -1,82 +1,108 @@
 'use client';
 
-import { Form, FormControl, FormField, FormItem, FormLabel } from '@/components/ui/form';
-import { Input } from '@/components/ui/input';
-import { generateZodSchema, KratosSchema, KratosSchemaProperties } from '@/lib/forms/identity-form';
-import { useForm, UseFormReturn } from 'react-hook-form';
+import { KratosSchema, kratosSchemaToZod } from '@/lib/forms/identity-form';
+import { useForm } from 'react-hook-form';
 import { z } from 'zod';
 import { zodResolver } from '@hookform/resolvers/zod';
-import { toast } from 'sonner';
 import { Identity } from '@ory/client';
-import { Checkbox } from '@/components/ui/checkbox';
+import { toast } from 'sonner';
+import DynamicForm from '@/components/dynamic-form';
+import { FormControl, FormDescription, FormField, FormItem, FormLabel } from '@/components/ui/form';
+import { Textarea } from '@/components/ui/textarea';
+import { zu } from 'zod_utilz';
+import { updateIdentity } from '@/app/(inside)/user/action';
+import { useState } from 'react';
 
 interface IdentityTraitFormProps {
     schema: KratosSchema;
     identity: Identity;
 }
 
-function renderUiNodes(form: UseFormReturn, properties: KratosSchemaProperties, prefix?: string): any {
-
-    let keyPrefix = prefix ? prefix + '.' : '';
-
-    return Object.entries(properties).map(([key, value]) => {
-            if (value.type === 'object') {
-                return renderUiNodes(form, value.properties!, key);
-            } else if (value.type === 'boolean') {
-                return (
-                    <FormField
-                        control={form.control}
-                        name={keyPrefix + key}
-                        key={key}
-                        className="space-y-0"
-                        render={({ field }) => (
-                            <FormItem className="flex items-center space-x-2 space-y-0">
-                                <Checkbox {...field} checked={field.value}/>
-                                <FormLabel>{value.title}</FormLabel>
-                            </FormItem>
-                        )}
-                    />
-                );
-            } else {
-                return (
-                    <FormField
-                        control={form.control}
-                        name={keyPrefix + key}
-                        key={key}
-                        render={({ field }) => (
-                            <FormItem>
-                                <FormLabel>{value.title}</FormLabel>
-                                <FormControl>
-                                    <Input placeholder={value.title} readOnly {...field} />
-                                </FormControl>
-                            </FormItem>
-                        )}
-                    />
-                );
-            }
-        },
-    );
-}
-
 export function IdentityTraitForm({ schema, identity }: IdentityTraitFormProps) {
 
-    const zodIdentitySchema = generateZodSchema(schema);
-    const form = useForm<z.infer<typeof zodIdentitySchema>>({
-        defaultValues: identity.traits,
-        resolver: zodResolver(zodIdentitySchema),
+    const [currentIdentity, setCurrentIdentity] = useState(identity);
+
+    const generated = kratosSchemaToZod(schema);
+    const metadata = z.object({
+        metadata_public: zu.stringToJSON(),
+        metadata_admin: zu.stringToJSON(),
     });
 
-    function onSubmit(values: z.infer<typeof zodIdentitySchema>) {
-        toast.message(JSON.stringify(values, null, 4));
-    }
+    const zodIdentitySchema = generated.merge(metadata);
+
+    const form = useForm<z.infer<typeof zodIdentitySchema>>({
+        resolver: zodResolver(zodIdentitySchema),
+        defaultValues: {
+            ...currentIdentity.traits,
+            metadata_public: currentIdentity.metadata_public ? JSON.stringify(currentIdentity.metadata_public) : '',
+            metadata_admin: currentIdentity.metadata_admin ? JSON.stringify(currentIdentity.metadata_admin) : '',
+        },
+    });
+
+    const onValid = (data: z.infer<typeof zodIdentitySchema>) => {
+
+        const traits = structuredClone(data);
+        delete traits['metadata_public'];
+        delete traits['metadata_admin'];
+
+        updateIdentity({
+            id: currentIdentity.id,
+            body: {
+                schema_id: currentIdentity.schema_id,
+                state: currentIdentity.state!,
+                traits: traits,
+                metadata_public: data.metadata_public,
+                metadata_admin: data.metadata_admin,
+            },
+        })
+            .then((identity) => {
+                setCurrentIdentity(identity);
+                toast.success('Identity updated');
+            })
+            .catch(() => {
+                toast.error('Updating identity failed');
+            });
+    };
+
+    const onInvalid = (data: z.infer<typeof zodIdentitySchema>) => {
+        console.log('data', data);
+        toast.error('Invalid values');
+    };
 
     return (
-        <Form {...form}>
-            <form onSubmit={onSubmit} className="grid grid-cols-1 gap-4">
-                {
-                    renderUiNodes(form, schema.properties.traits.properties)
-                }
-            </form>
-        </Form>
+        <DynamicForm
+            form={form}
+            properties={schema.properties.traits.properties}
+            onValid={onValid}
+            onInvalid={onInvalid}
+            submitLabel="Update Identity"
+        >
+            <FormField
+                {...form.register('metadata_public')}
+                key={'metadata_public'}
+                render={({ field }) => (
+                    <FormItem>
+                        <FormLabel>Public Metadata</FormLabel>
+                        <FormControl>
+                            <Textarea placeholder="Public Metadata" {...field} />
+                        </FormControl>
+                        <FormDescription>This has to be valid JSON</FormDescription>
+                    </FormItem>
+                )}
+            />
+            <FormField
+                {...form.register('metadata_admin')}
+                key={'metadata_admin'}
+                render={({ field }) => (
+                    <FormItem>
+                        <FormLabel>Admin Metadata</FormLabel>
+                        <FormControl>
+                            <Textarea placeholder="Admin Metadata" {...field} />
+                        </FormControl>
+                        <FormDescription>This has to be valid JSON</FormDescription>
+                    </FormItem>
+                )}
+            />
+        </DynamicForm>
     );
 }
-- 
2.45.3


From a7c13d27f5497692d520c91c7133e7f39a45cd98 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 29 Dec 2024 00:36:16 +0100
Subject: [PATCH 30/66] NORY-47: create script to generate some test users

---
 docker/ory-dev/generate-users.sh | 36 ++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 docker/ory-dev/generate-users.sh

diff --git a/docker/ory-dev/generate-users.sh b/docker/ory-dev/generate-users.sh
new file mode 100644
index 0000000..559b2d6
--- /dev/null
+++ b/docker/ory-dev/generate-users.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Check if the number of arguments is correct
+if [ $# -ne 2 ]; then
+  echo "Usage: $0 <schema_id> <count>"
+  exit 1
+fi
+
+# Get the schema ID and count from the arguments
+schema_id=$1
+count=$2
+
+# Loop through the count
+for i in $(seq 1 $count); do
+
+  # Create the JSON data with the email and name
+  data=$(cat <<EOF
+{
+  "schema_id": "$schema_id",
+  "state": "active",
+  "traits": {
+    "email": "user-$i@example.com",
+    "name": "User $i"
+  }
+}
+EOF
+)
+
+  # Execute the curl command
+  curl --request POST \
+    --url http://127.0.0.1:4434/admin/identities \
+    --data "$data"
+
+done
+
+exit 0
-- 
2.45.3


From 9a2e349340b1f8ea950edaf9088babc299c47933 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Mon, 30 Dec 2024 19:18:45 +0100
Subject: [PATCH 31/66] NORY-47: configure default values for JSON inputs

---
 dashboard/src/components/forms/IdentityTraitForm.tsx | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/dashboard/src/components/forms/IdentityTraitForm.tsx b/dashboard/src/components/forms/IdentityTraitForm.tsx
index ef4cda5..ea1d719 100644
--- a/dashboard/src/components/forms/IdentityTraitForm.tsx
+++ b/dashboard/src/components/forms/IdentityTraitForm.tsx
@@ -34,8 +34,10 @@ export function IdentityTraitForm({ schema, identity }: IdentityTraitFormProps)
         resolver: zodResolver(zodIdentitySchema),
         defaultValues: {
             ...currentIdentity.traits,
-            metadata_public: currentIdentity.metadata_public ? JSON.stringify(currentIdentity.metadata_public) : '',
-            metadata_admin: currentIdentity.metadata_admin ? JSON.stringify(currentIdentity.metadata_admin) : '',
+            metadata_public: currentIdentity.metadata_public ?
+                JSON.stringify(currentIdentity.metadata_public) : '{}',
+            metadata_admin: currentIdentity.metadata_admin ?
+                JSON.stringify(currentIdentity.metadata_admin) : '{}',
         },
     });
 
-- 
2.45.3


From 7cef969bb825f2b2d79c9df073baedf6c07e8d38 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Wed, 1 Jan 2025 23:10:38 +0100
Subject: [PATCH 32/66] NORY-47: create confirmation dialog wrapper component

---
 .../confirmation-dialog-wrapper.tsx           | 81 +++++++++++++++++++
 dashboard/src/components/ui/alert-dialog.tsx  |  2 +-
 2 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 dashboard/src/components/confirmation-dialog-wrapper.tsx

diff --git a/dashboard/src/components/confirmation-dialog-wrapper.tsx b/dashboard/src/components/confirmation-dialog-wrapper.tsx
new file mode 100644
index 0000000..dbd8c83
--- /dev/null
+++ b/dashboard/src/components/confirmation-dialog-wrapper.tsx
@@ -0,0 +1,81 @@
+'use client';
+
+import { Button, ButtonProps } from '@/components/ui/button';
+import {
+    AlertDialog,
+    AlertDialogAction,
+    AlertDialogCancel,
+    AlertDialogContent,
+    AlertDialogDescription,
+    AlertDialogFooter,
+    AlertDialogHeader,
+    AlertDialogTitle,
+    AlertDialogTrigger,
+} from '@/components/ui/alert-dialog';
+import { ReactNode } from 'react';
+import { Tooltip, TooltipContent, TooltipTrigger } from '@/components/ui/tooltip';
+
+interface ButtonWithConfirmDialogProps {
+    buttonProps?: ButtonProps,
+    onCancel?: () => any
+    onSubmit: () => any
+    tooltipContent?: string
+    dialogTitle: string
+    dialogDescription: string
+    dialogButtonCancel?: string
+    dialogButtonCancelProps?: ButtonProps
+    dialogButtonSubmit?: string
+    dialogButtonSubmitProps?: ButtonProps
+    children: ReactNode
+}
+
+export function ConfirmationDialogWrapper(
+    {
+        onCancel,
+        onSubmit,
+        tooltipContent,
+        dialogTitle,
+        dialogDescription,
+        dialogButtonCancel,
+        dialogButtonCancelProps,
+        dialogButtonSubmit,
+        dialogButtonSubmitProps,
+        children,
+    }: ButtonWithConfirmDialogProps) {
+    return (
+        <Tooltip>
+            <TooltipContent className={tooltipContent ? '' : 'hidden'}>
+                {tooltipContent}
+            </TooltipContent>
+            <AlertDialog>
+                <AlertDialogTrigger asChild>
+                    <TooltipTrigger asChild>
+                        {children}
+                    </TooltipTrigger>
+                </AlertDialogTrigger>
+                <AlertDialogContent>
+                    <AlertDialogHeader>
+                        <AlertDialogTitle>{dialogTitle}</AlertDialogTitle>
+                        <AlertDialogDescription>{dialogDescription}</AlertDialogDescription>
+                    </AlertDialogHeader>
+                    <AlertDialogFooter>
+                        <AlertDialogCancel asChild>
+                            <Button
+                                onClick={onCancel}
+                                {...dialogButtonCancelProps}>
+                                {dialogButtonCancel ?? 'Cancel'}
+                            </Button>
+                        </AlertDialogCancel>
+                        <AlertDialogAction asChild>
+                            <Button
+                                onClick={onSubmit}
+                                {...dialogButtonSubmitProps}>
+                                {dialogButtonSubmit ?? 'Confirm'}
+                            </Button>
+                        </AlertDialogAction>
+                    </AlertDialogFooter>
+                </AlertDialogContent>
+            </AlertDialog>
+        </Tooltip>
+    );
+}
\ No newline at end of file
diff --git a/dashboard/src/components/ui/alert-dialog.tsx b/dashboard/src/components/ui/alert-dialog.tsx
index d65d9d1..0fce158 100644
--- a/dashboard/src/components/ui/alert-dialog.tsx
+++ b/dashboard/src/components/ui/alert-dialog.tsx
@@ -104,7 +104,7 @@ const AlertDialogAction = React.forwardRef<
 >(({ className, ...props }, ref) => (
     <AlertDialogPrimitive.Action
         ref={ref}
-        className={cn(buttonVariants(), className)}
+        className={className}
         {...props}
     />
 ));
-- 
2.45.3


From 45117e72129c9e55f813688baa32c6c9fe223d79 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Wed, 1 Jan 2025 23:11:20 +0100
Subject: [PATCH 33/66] NORY-47: refactor identity actions

---
 dashboard/src/app/(inside)/user/action.ts     | 40 +++++++++++++++----
 .../src/app/(inside)/user/data-table.tsx      |  8 ++--
 2 files changed, 36 insertions(+), 12 deletions(-)

diff --git a/dashboard/src/app/(inside)/user/action.ts b/dashboard/src/app/(inside)/user/action.ts
index bd2ffbd..edf15dc 100644
--- a/dashboard/src/app/(inside)/user/action.ts
+++ b/dashboard/src/app/(inside)/user/action.ts
@@ -4,10 +4,6 @@ import { getIdentityApi } from '@/ory/sdk/server';
 import { revalidatePath } from 'next/cache';
 import { UpdateIdentityBody } from '@ory/client/api';
 
-interface IdentityIdProps {
-    id: string;
-}
-
 interface UpdatedIdentityProps {
     id: string;
     body: UpdateIdentityBody;
@@ -24,7 +20,7 @@ export async function updateIdentity({ id, body }: UpdatedIdentityProps) {
     return data;
 }
 
-export async function deleteIdentitySessions({ id }: IdentityIdProps) {
+export async function deleteIdentitySessions(id: string) {
 
     const identityApi = await getIdentityApi();
     const { data } = await identityApi.deleteIdentitySessions({ id });
@@ -34,7 +30,35 @@ export async function deleteIdentitySessions({ id }: IdentityIdProps) {
     return data;
 }
 
-export async function blockIdentity({ id }: IdentityIdProps) {
+export async function createRecoveryCode(id: string) {
+
+    const identityApi = await getIdentityApi();
+    const { data } = await identityApi.createRecoveryCodeForIdentity({
+        createRecoveryCodeForIdentityBody: {
+            identity_id: id,
+        },
+    });
+
+    console.log('Created recovery code for user', id, data);
+
+    return data;
+}
+
+export async function createRecoveryLink(id: string) {
+
+    const identityApi = await getIdentityApi();
+    const { data } = await identityApi.createRecoveryLinkForIdentity({
+        createRecoveryLinkForIdentityBody: {
+            identity_id: id,
+        },
+    });
+
+    console.log('Created recovery link for user', id, data);
+
+    return data;
+}
+
+export async function blockIdentity(id: string) {
 
     const identityApi = await getIdentityApi();
     const { data } = await identityApi.patchIdentity({
@@ -53,7 +77,7 @@ export async function blockIdentity({ id }: IdentityIdProps) {
     revalidatePath('/user');
 }
 
-export async function unblockIdentity({ id }: IdentityIdProps) {
+export async function unblockIdentity(id: string) {
 
     const identityApi = await getIdentityApi();
     const { data } = await identityApi.patchIdentity({
@@ -72,7 +96,7 @@ export async function unblockIdentity({ id }: IdentityIdProps) {
     revalidatePath('/user');
 }
 
-export async function deleteIdentity({ id }: IdentityIdProps) {
+export async function deleteIdentity(id: string) {
 
     const identityApi = await getIdentityApi();
     const { data } = await identityApi.deleteIdentity({ id });
diff --git a/dashboard/src/app/(inside)/user/data-table.tsx b/dashboard/src/app/(inside)/user/data-table.tsx
index 39f9ae1..0a478fe 100644
--- a/dashboard/src/app/(inside)/user/data-table.tsx
+++ b/dashboard/src/app/(inside)/user/data-table.tsx
@@ -259,7 +259,7 @@ export function IdentityDataTable({ data, pageSize, pageToken, query, fetchIdent
                                     </AlertDialogDescription>
                                 </AlertDialogHeader>
                                 <AlertDialogFooter>
-                                    <AlertDialogAction onClick={() => deleteIdentitySessions({ id: currentIdentity.id })}>
+                                    <AlertDialogAction onClick={() => deleteIdentitySessions(currentIdentity.id)}>
                                         Invalidate sessions
                                     </AlertDialogAction>
                                     <AlertDialogCancel>
@@ -281,7 +281,7 @@ export function IdentityDataTable({ data, pageSize, pageToken, query, fetchIdent
                                 </AlertDialogHeader>
                                 <AlertDialogFooter>
                                     <AlertDialogAction
-                                        onClick={() => blockIdentity({ id: currentIdentity.id })}>
+                                        onClick={() => blockIdentity(currentIdentity.id)}>
                                         Block identity
                                     </AlertDialogAction>
                                     <AlertDialogCancel>
@@ -303,7 +303,7 @@ export function IdentityDataTable({ data, pageSize, pageToken, query, fetchIdent
                                 </AlertDialogHeader>
                                 <AlertDialogFooter>
                                     <AlertDialogAction
-                                        onClick={() => unblockIdentity({ id: currentIdentity.id })}>
+                                        onClick={() => unblockIdentity(currentIdentity.id)}>
                                         Unblock identity
                                     </AlertDialogAction>
                                     <AlertDialogCancel>
@@ -326,7 +326,7 @@ export function IdentityDataTable({ data, pageSize, pageToken, query, fetchIdent
                                 </AlertDialogHeader>
                                 <AlertDialogFooter>
                                     <AlertDialogAction
-                                        onClick={() => deleteIdentity({ id: currentIdentity.id })}>
+                                        onClick={() => deleteIdentity(currentIdentity.id)}>
                                         Delete identity
                                     </AlertDialogAction>
                                     <AlertDialogCancel>
-- 
2.45.3


From ced4fb6513f985198febdebb0114f39af75c36ec Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Thu, 2 Jan 2025 00:45:29 +0100
Subject: [PATCH 34/66] NORY-47: create identity actions component

---
 .../components/identity/identity-actions.tsx  | 142 ++++++++++++++++++
 1 file changed, 142 insertions(+)
 create mode 100644 dashboard/src/components/identity/identity-actions.tsx

diff --git a/dashboard/src/components/identity/identity-actions.tsx b/dashboard/src/components/identity/identity-actions.tsx
new file mode 100644
index 0000000..b9bc763
--- /dev/null
+++ b/dashboard/src/components/identity/identity-actions.tsx
@@ -0,0 +1,142 @@
+'use client';
+
+import { Identity } from '@ory/client';
+import { Button } from '@/components/ui/button';
+import { Key, Link, Trash, UserCheck, UserMinus, UserX } from 'lucide-react';
+import { ConfirmationDialogWrapper } from '@/components/confirmation-dialog-wrapper';
+import {
+    blockIdentity,
+    createRecoveryCode,
+    createRecoveryLink,
+    deleteIdentity,
+    deleteIdentitySessions,
+    unblockIdentity,
+} from '@/app/(inside)/user/action';
+import { toast } from 'sonner';
+import { useRouter } from 'next/navigation';
+
+interface IdentityActionProps {
+    identity: Identity;
+}
+
+export function IdentityActions({ identity }: IdentityActionProps,
+) {
+
+    const router = useRouter();
+
+    return (
+        <div className="space-x-2">
+
+            <ConfirmationDialogWrapper
+                onSubmit={async () => {
+                    await createRecoveryCode(identity.id)
+                        .then((response) => {
+                            console.log('recovery code created', response);
+                            toast.success(response.recovery_code);
+                        })
+                        .catch(() => toast.error('Creating recovery code failed'));
+                }}
+                tooltipContent="Create recovery code"
+                dialogTitle="Create recovery code"
+                dialogDescription="Are you sure you want to create a recovery code for this identity?"
+                dialogButtonSubmit="Create code"
+            >
+                <Button size="icon">
+                    <Key className="h-4"/>
+                </Button>
+            </ConfirmationDialogWrapper>
+
+            <ConfirmationDialogWrapper
+                onSubmit={async () => {
+                    await createRecoveryLink(identity.id)
+                        .then((response) => {
+                            console.log('recovery link created', response);
+                            toast.success(response.recovery_link);
+                        })
+                        .catch(() => toast.error('Creating recovery link failed. It is likely magic-links are disabled on your Ory Kratos instance.'));
+                }}
+                tooltipContent="Create recovery link"
+                dialogTitle="Create recovery link"
+                dialogDescription="Are you sure you want to create a recovery link for this identity?"
+                dialogButtonSubmit="Create link"
+            >
+                <Button size="icon">
+                    <Link className="h-4"/>
+                </Button>
+            </ConfirmationDialogWrapper>
+
+            {
+                identity.state === 'active' ?
+                    <ConfirmationDialogWrapper
+                        onSubmit={async () => {
+                            await blockIdentity(identity.id)
+                                .then(() => toast.success('Identity deactivated'))
+                                .catch(() => toast.error('Deactivating identity failed'));
+                        }}
+                        tooltipContent="Deactivate identity"
+                        dialogTitle="Deactivate identity"
+                        dialogDescription="Are you sure you want to deactivate this identity? The user will not be able to sign-in or use any active session until re-activation!"
+                        dialogButtonSubmit="Deactivate"
+                    >
+                        <Button size="icon">
+                            <UserX className="h-4"/>
+                        </Button>
+                    </ConfirmationDialogWrapper>
+                    :
+                    <ConfirmationDialogWrapper
+                        onSubmit={async () => {
+                            await unblockIdentity(identity.id)
+                                .then(() => toast.success('Identity activated'))
+                                .catch(() => toast.error('Activating identity failed'));
+                        }}
+                        tooltipContent="Activate identity"
+                        dialogTitle="Activate identity"
+                        dialogDescription="Are you sure you want to activate this identity?"
+                        dialogButtonSubmit="Activate"
+                    >
+                        <Button size="icon">
+                            <UserCheck className="h-4"/>
+                        </Button>
+                    </ConfirmationDialogWrapper>
+            }
+
+            <ConfirmationDialogWrapper
+                onSubmit={async () => {
+                    await deleteIdentitySessions(identity.id)
+                        .then(() => toast.success('All sessions invalidated'))
+                        .catch(() => toast.error('Invalidating all sessions failed'));
+                }}
+                tooltipContent="Invalidate all sessions"
+                dialogTitle="Invalidate all sessions"
+                dialogDescription="Are you sure you want to invalidate and delete ALL session of this identity? This action is irreversible!"
+                dialogButtonSubmit="Invalidate sessions"
+                dialogButtonSubmitProps={{ variant: 'destructive' }}
+            >
+                <Button size="icon">
+                    <UserMinus className="h-4"/>
+                </Button>
+            </ConfirmationDialogWrapper>
+
+            <ConfirmationDialogWrapper
+                onSubmit={async () => {
+                    await deleteIdentity(identity.id)
+                        .then(() => {
+                            toast.success('Identity deleted');
+                            router.push('/user');
+                        })
+                        .catch(() => toast.error('Deleting identity failed'));
+                }}
+                tooltipContent="Delete identity"
+                dialogTitle="Delete identity"
+                dialogDescription="Are you sure you want to delete this identity? This action is irreversible!"
+                dialogButtonSubmit="Delete identity"
+                dialogButtonSubmitProps={{ variant: 'destructive' }}
+            >
+                <Button size="icon">
+                    <Trash className="h-4"/>
+                </Button>
+            </ConfirmationDialogWrapper>
+
+        </div>
+    );
+}
\ No newline at end of file
-- 
2.45.3


From 6edf6ee1b373258c9eec7fe8cae2350e5b7dcfee Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Thu, 2 Jan 2025 00:45:42 +0100
Subject: [PATCH 35/66] NORY-47: add identity actions to identity details page

---
 dashboard/src/app/(inside)/user/[id]/page.tsx | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/dashboard/src/app/(inside)/user/[id]/page.tsx b/dashboard/src/app/(inside)/user/[id]/page.tsx
index 35dd8b3..410d262 100644
--- a/dashboard/src/app/(inside)/user/[id]/page.tsx
+++ b/dashboard/src/app/(inside)/user/[id]/page.tsx
@@ -9,6 +9,7 @@ import { UAParser } from 'ua-parser-js';
 import { RecoveryIdentityAddress, VerifiableIdentityAddress } from '@ory/client';
 import { Badge } from '@/components/ui/badge';
 import { Check, X } from 'lucide-react';
+import { IdentityActions } from '@/components/identity/identity-actions';
 
 interface MergedAddress {
     recovery_id?: string;
@@ -120,7 +121,7 @@ export default async function UserDetailsPage({ params }: { params: Promise<{ id
                 <p className="text-lg font-light">{identity.id}</p>
             </div>
             <div className="grid grid-cols-1 xl:grid-cols-2 gap-4">
-                <Card className="row-span-2">
+                <Card className="row-span-3">
                     <CardHeader>
                         <CardTitle>Traits</CardTitle>
                         <CardDescription>All identity properties specified in the identity schema</CardDescription>
@@ -129,6 +130,15 @@ export default async function UserDetailsPage({ params }: { params: Promise<{ id
                         <IdentityTraitForm schema={identitySchema} identity={identity}/>
                     </CardContent>
                 </Card>
+                <Card>
+                    <CardHeader>
+                        <CardTitle>Actions</CardTitle>
+                        <CardDescription>Quick actions to manage the identity</CardDescription>
+                    </CardHeader>
+                    <CardContent>
+                        <IdentityActions identity={identity}/>
+                    </CardContent>
+                </Card>
                 <Card>
                     <CardHeader>
                         <CardTitle>Addresses</CardTitle>
-- 
2.45.3


From e6b90954543ef98b820d43dc2b386a946d1b2267 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Thu, 2 Jan 2025 11:33:07 +0100
Subject: [PATCH 36/66] NORY-47: fix alert dialog action styling

---
 .../src/app/(inside)/user/data-table.tsx      | 31 ++++++++++---------
 .../confirmation-dialog-wrapper.tsx           | 24 +++++---------
 dashboard/src/components/ui/alert-dialog.tsx  |  2 +-
 3 files changed, 26 insertions(+), 31 deletions(-)

diff --git a/dashboard/src/app/(inside)/user/data-table.tsx b/dashboard/src/app/(inside)/user/data-table.tsx
index 0a478fe..dd88dc8 100644
--- a/dashboard/src/app/(inside)/user/data-table.tsx
+++ b/dashboard/src/app/(inside)/user/data-table.tsx
@@ -15,7 +15,7 @@ import {
     DropdownMenuSeparator,
     DropdownMenuTrigger,
 } from '@/components/ui/dropdown-menu';
-import { Button } from '@/components/ui/button';
+import { Button, buttonVariants } from '@/components/ui/button';
 import Link from 'next/link';
 import { toast } from 'sonner';
 import {
@@ -259,12 +259,14 @@ export function IdentityDataTable({ data, pageSize, pageToken, query, fetchIdent
                                     </AlertDialogDescription>
                                 </AlertDialogHeader>
                                 <AlertDialogFooter>
-                                    <AlertDialogAction onClick={() => deleteIdentitySessions(currentIdentity.id)}>
-                                        Invalidate sessions
-                                    </AlertDialogAction>
                                     <AlertDialogCancel>
                                         Cancel
                                     </AlertDialogCancel>
+                                    <AlertDialogAction
+                                        className={buttonVariants({ variant: 'destructive' })}
+                                        onClick={() => deleteIdentitySessions(currentIdentity.id)}>
+                                        Invalidate sessions
+                                    </AlertDialogAction>
                                 </AlertDialogFooter>
                             </AlertDialogContent>
                         </AlertDialog>
@@ -280,13 +282,13 @@ export function IdentityDataTable({ data, pageSize, pageToken, query, fetchIdent
                                     </AlertDialogDescription>
                                 </AlertDialogHeader>
                                 <AlertDialogFooter>
+                                    <AlertDialogCancel>
+                                        Cancel
+                                    </AlertDialogCancel>
                                     <AlertDialogAction
                                         onClick={() => blockIdentity(currentIdentity.id)}>
                                         Block identity
                                     </AlertDialogAction>
-                                    <AlertDialogCancel>
-                                        Cancel
-                                    </AlertDialogCancel>
                                 </AlertDialogFooter>
                             </AlertDialogContent>
                         </AlertDialog>
@@ -302,13 +304,13 @@ export function IdentityDataTable({ data, pageSize, pageToken, query, fetchIdent
                                     </AlertDialogDescription>
                                 </AlertDialogHeader>
                                 <AlertDialogFooter>
+                                    <AlertDialogCancel>
+                                        Cancel
+                                    </AlertDialogCancel>
                                     <AlertDialogAction
                                         onClick={() => unblockIdentity(currentIdentity.id)}>
                                         Unblock identity
                                     </AlertDialogAction>
-                                    <AlertDialogCancel>
-                                        Cancel
-                                    </AlertDialogCancel>
                                 </AlertDialogFooter>
                             </AlertDialogContent>
                         </AlertDialog>
@@ -325,13 +327,14 @@ export function IdentityDataTable({ data, pageSize, pageToken, query, fetchIdent
                                     </AlertDialogDescription>
                                 </AlertDialogHeader>
                                 <AlertDialogFooter>
-                                    <AlertDialogAction
-                                        onClick={() => deleteIdentity(currentIdentity.id)}>
-                                        Delete identity
-                                    </AlertDialogAction>
                                     <AlertDialogCancel>
                                         Cancel
                                     </AlertDialogCancel>
+                                    <AlertDialogAction
+                                        className={buttonVariants({ variant: 'destructive' })}
+                                        onClick={() => deleteIdentity(currentIdentity.id)}>
+                                        Delete identity
+                                    </AlertDialogAction>
                                 </AlertDialogFooter>
                             </AlertDialogContent>
                         </AlertDialog>
diff --git a/dashboard/src/components/confirmation-dialog-wrapper.tsx b/dashboard/src/components/confirmation-dialog-wrapper.tsx
index dbd8c83..f1d791a 100644
--- a/dashboard/src/components/confirmation-dialog-wrapper.tsx
+++ b/dashboard/src/components/confirmation-dialog-wrapper.tsx
@@ -1,6 +1,6 @@
 'use client';
 
-import { Button, ButtonProps } from '@/components/ui/button';
+import { ButtonProps, buttonVariants } from '@/components/ui/button';
 import {
     AlertDialog,
     AlertDialogAction,
@@ -23,9 +23,8 @@ interface ButtonWithConfirmDialogProps {
     dialogTitle: string
     dialogDescription: string
     dialogButtonCancel?: string
-    dialogButtonCancelProps?: ButtonProps
     dialogButtonSubmit?: string
-    dialogButtonSubmitProps?: ButtonProps
+    dialogButtonSubmitProps?: typeof buttonVariants
     children: ReactNode
 }
 
@@ -37,7 +36,6 @@ export function ConfirmationDialogWrapper(
         dialogTitle,
         dialogDescription,
         dialogButtonCancel,
-        dialogButtonCancelProps,
         dialogButtonSubmit,
         dialogButtonSubmitProps,
         children,
@@ -59,19 +57,13 @@ export function ConfirmationDialogWrapper(
                         <AlertDialogDescription>{dialogDescription}</AlertDialogDescription>
                     </AlertDialogHeader>
                     <AlertDialogFooter>
-                        <AlertDialogCancel asChild>
-                            <Button
-                                onClick={onCancel}
-                                {...dialogButtonCancelProps}>
-                                {dialogButtonCancel ?? 'Cancel'}
-                            </Button>
+                        <AlertDialogCancel onClick={onCancel}>
+                            {dialogButtonCancel ?? 'Cancel'}
                         </AlertDialogCancel>
-                        <AlertDialogAction asChild>
-                            <Button
-                                onClick={onSubmit}
-                                {...dialogButtonSubmitProps}>
-                                {dialogButtonSubmit ?? 'Confirm'}
-                            </Button>
+                        <AlertDialogAction
+                            onClick={onSubmit}
+                            className={buttonVariants({ ...dialogButtonSubmitProps })}>
+                            {dialogButtonSubmit ?? 'Confirm'}
                         </AlertDialogAction>
                     </AlertDialogFooter>
                 </AlertDialogContent>
diff --git a/dashboard/src/components/ui/alert-dialog.tsx b/dashboard/src/components/ui/alert-dialog.tsx
index 0fce158..c6ec9fb 100644
--- a/dashboard/src/components/ui/alert-dialog.tsx
+++ b/dashboard/src/components/ui/alert-dialog.tsx
@@ -104,7 +104,7 @@ const AlertDialogAction = React.forwardRef<
 >(({ className, ...props }, ref) => (
     <AlertDialogPrimitive.Action
         ref={ref}
-        className={className}
+        className={(cn(buttonVariants(), className))}
         {...props}
     />
 ));
-- 
2.45.3


From 88115d143ef10e2e93b0210766a09804ca134234 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Thu, 2 Jan 2025 13:25:35 +0100
Subject: [PATCH 37/66] NORY-47: fix buttons jumping horizontally if tooltip is
 shown

---
 .../confirmation-dialog-wrapper.tsx           | 21 ++++++++++---------
 .../components/identity/identity-actions.tsx  | 17 +++++++--------
 2 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/dashboard/src/components/confirmation-dialog-wrapper.tsx b/dashboard/src/components/confirmation-dialog-wrapper.tsx
index f1d791a..2d40093 100644
--- a/dashboard/src/components/confirmation-dialog-wrapper.tsx
+++ b/dashboard/src/components/confirmation-dialog-wrapper.tsx
@@ -14,18 +14,19 @@ import {
 } from '@/components/ui/alert-dialog';
 import { ReactNode } from 'react';
 import { Tooltip, TooltipContent, TooltipTrigger } from '@/components/ui/tooltip';
+import type { VariantProps } from 'class-variance-authority';
 
 interface ButtonWithConfirmDialogProps {
-    buttonProps?: ButtonProps,
-    onCancel?: () => any
-    onSubmit: () => any
-    tooltipContent?: string
-    dialogTitle: string
-    dialogDescription: string
-    dialogButtonCancel?: string
-    dialogButtonSubmit?: string
-    dialogButtonSubmitProps?: typeof buttonVariants
-    children: ReactNode
+    buttonProps?: ButtonProps;
+    onCancel?: () => any;
+    onSubmit: () => any;
+    tooltipContent?: string;
+    dialogTitle: string;
+    dialogDescription: string;
+    dialogButtonCancel?: string;
+    dialogButtonSubmit?: string;
+    dialogButtonSubmitProps?: VariantProps<typeof buttonVariants>;
+    children: ReactNode;
 }
 
 export function ConfirmationDialogWrapper(
diff --git a/dashboard/src/components/identity/identity-actions.tsx b/dashboard/src/components/identity/identity-actions.tsx
index b9bc763..59997cf 100644
--- a/dashboard/src/components/identity/identity-actions.tsx
+++ b/dashboard/src/components/identity/identity-actions.tsx
@@ -25,8 +25,7 @@ export function IdentityActions({ identity }: IdentityActionProps,
     const router = useRouter();
 
     return (
-        <div className="space-x-2">
-
+        <>
             <ConfirmationDialogWrapper
                 onSubmit={async () => {
                     await createRecoveryCode(identity.id)
@@ -41,7 +40,7 @@ export function IdentityActions({ identity }: IdentityActionProps,
                 dialogDescription="Are you sure you want to create a recovery code for this identity?"
                 dialogButtonSubmit="Create code"
             >
-                <Button size="icon">
+                <Button className="mr-2" size="icon">
                     <Key className="h-4"/>
                 </Button>
             </ConfirmationDialogWrapper>
@@ -60,7 +59,7 @@ export function IdentityActions({ identity }: IdentityActionProps,
                 dialogDescription="Are you sure you want to create a recovery link for this identity?"
                 dialogButtonSubmit="Create link"
             >
-                <Button size="icon">
+                <Button className="mr-2" size="icon">
                     <Link className="h-4"/>
                 </Button>
             </ConfirmationDialogWrapper>
@@ -78,7 +77,7 @@ export function IdentityActions({ identity }: IdentityActionProps,
                         dialogDescription="Are you sure you want to deactivate this identity? The user will not be able to sign-in or use any active session until re-activation!"
                         dialogButtonSubmit="Deactivate"
                     >
-                        <Button size="icon">
+                        <Button className="mr-2" size="icon">
                             <UserX className="h-4"/>
                         </Button>
                     </ConfirmationDialogWrapper>
@@ -94,7 +93,7 @@ export function IdentityActions({ identity }: IdentityActionProps,
                         dialogDescription="Are you sure you want to activate this identity?"
                         dialogButtonSubmit="Activate"
                     >
-                        <Button size="icon">
+                        <Button className="mr-2" size="icon">
                             <UserCheck className="h-4"/>
                         </Button>
                     </ConfirmationDialogWrapper>
@@ -112,7 +111,7 @@ export function IdentityActions({ identity }: IdentityActionProps,
                 dialogButtonSubmit="Invalidate sessions"
                 dialogButtonSubmitProps={{ variant: 'destructive' }}
             >
-                <Button size="icon">
+                <Button className="mr-2" size="icon">
                     <UserMinus className="h-4"/>
                 </Button>
             </ConfirmationDialogWrapper>
@@ -132,11 +131,11 @@ export function IdentityActions({ identity }: IdentityActionProps,
                 dialogButtonSubmit="Delete identity"
                 dialogButtonSubmitProps={{ variant: 'destructive' }}
             >
-                <Button size="icon">
+                <Button className="mr-2" size="icon">
                     <Trash className="h-4"/>
                 </Button>
             </ConfirmationDialogWrapper>
 
-        </div>
+        </>
     );
 }
\ No newline at end of file
-- 
2.45.3


From e83041f8acfaa4c4b09087f19da81359d03c0c9c Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 3 Jan 2025 22:01:40 +0100
Subject: [PATCH 38/66] NORY-47: add action to delete identity credential

---
 dashboard/src/app/(inside)/user/action.ts | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/dashboard/src/app/(inside)/user/action.ts b/dashboard/src/app/(inside)/user/action.ts
index edf15dc..3544a07 100644
--- a/dashboard/src/app/(inside)/user/action.ts
+++ b/dashboard/src/app/(inside)/user/action.ts
@@ -2,7 +2,7 @@
 
 import { getIdentityApi } from '@/ory/sdk/server';
 import { revalidatePath } from 'next/cache';
-import { UpdateIdentityBody } from '@ory/client/api';
+import { DeleteIdentityCredentialsTypeEnum, UpdateIdentityBody } from '@ory/client';
 
 interface UpdatedIdentityProps {
     id: string;
@@ -17,6 +17,23 @@ export async function updateIdentity({ id, body }: UpdatedIdentityProps) {
         updateIdentityBody: body,
     });
 
+    console.log('Updated identity', data);
+
+    return data;
+}
+
+interface DeleteIdentityCredentialProps {
+    id: string;
+    type: DeleteIdentityCredentialsTypeEnum;
+}
+
+export async function deleteIdentityCredential({ id, type }: DeleteIdentityCredentialProps) {
+
+    const identityApi = await getIdentityApi();
+    const { data } = await identityApi.deleteIdentityCredentials({ id, type });
+
+    console.log('Credential removed', data);
+
     return data;
 }
 
-- 
2.45.3


From e1ee4bda436cad47b9072ac1589d34da703b20f2 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 3 Jan 2025 22:03:29 +0100
Subject: [PATCH 39/66] NORY-47: move identity credentials to client component

This also adds the possibility to delete identity credentials
---
 dashboard/src/app/(inside)/user/[id]/page.tsx | 22 +------
 .../identity/identity-credentials.tsx         | 61 +++++++++++++++++++
 2 files changed, 63 insertions(+), 20 deletions(-)
 create mode 100644 dashboard/src/components/identity/identity-credentials.tsx

diff --git a/dashboard/src/app/(inside)/user/[id]/page.tsx b/dashboard/src/app/(inside)/user/[id]/page.tsx
index 410d262..ad4eb12 100644
--- a/dashboard/src/app/(inside)/user/[id]/page.tsx
+++ b/dashboard/src/app/(inside)/user/[id]/page.tsx
@@ -10,6 +10,7 @@ import { RecoveryIdentityAddress, VerifiableIdentityAddress } from '@ory/client'
 import { Badge } from '@/components/ui/badge';
 import { Check, X } from 'lucide-react';
 import { IdentityActions } from '@/components/identity/identity-actions';
+import { IdentityCredentials } from '@/components/identity/identity-credentials';
 
 interface MergedAddress {
     recovery_id?: string;
@@ -190,26 +191,7 @@ export default async function UserDetailsPage({ params }: { params: Promise<{ id
                         <CardDescription>All authentication mechanisms registered with this identity</CardDescription>
                     </CardHeader>
                     <CardContent className="space-y-4">
-                        <Table>
-                            <TableHeader>
-                                <TableRow>
-                                    <TableHead>Type</TableHead>
-                                    <TableHead>Value</TableHead>
-                                </TableRow>
-                            </TableHeader>
-                            <TableBody>
-                                {
-                                    Object.entries(identity.credentials!).map(([key, value]) => {
-                                        return (
-                                            <TableRow key={key}>
-                                                <TableCell>{key}</TableCell>
-                                                <TableCell>{value.identifiers![0]}</TableCell>
-                                            </TableRow>
-                                        );
-                                    })
-                                }
-                            </TableBody>
-                        </Table>
+                        <IdentityCredentials identity={identity}/>
                     </CardContent>
                 </Card>
                 <Card>
diff --git a/dashboard/src/components/identity/identity-credentials.tsx b/dashboard/src/components/identity/identity-credentials.tsx
new file mode 100644
index 0000000..3cb06da
--- /dev/null
+++ b/dashboard/src/components/identity/identity-credentials.tsx
@@ -0,0 +1,61 @@
+'use client';
+
+import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '@/components/ui/table';
+import { ConfirmationDialogWrapper } from '@/components/confirmation-dialog-wrapper';
+import { deleteIdentityCredential } from '@/app/(inside)/user/action';
+import { Button } from '@/components/ui/button';
+import { Trash } from 'lucide-react';
+import { DeleteIdentityCredentialsTypeEnum, Identity } from '@ory/client';
+import { toast } from 'sonner';
+
+interface IdentityCredentialsProps {
+    identity: Identity;
+}
+
+export function IdentityCredentials({ identity }: IdentityCredentialsProps) {
+    return (
+        <Table>
+            <TableHeader>
+                <TableRow>
+                    <TableHead>Type</TableHead>
+                    <TableHead>Value</TableHead>
+                    <TableHead></TableHead>
+                </TableRow>
+            </TableHeader>
+            <TableBody>
+                {
+                    Object.entries(identity.credentials!).map(([key, value]) => {
+                        return (
+                            <TableRow key={key}>
+                                <TableCell>{key}</TableCell>
+                                <TableCell>{value.identifiers![0]}</TableCell>
+                                <TableCell>
+                                    {
+                                        Object.values(DeleteIdentityCredentialsTypeEnum).includes(key as DeleteIdentityCredentialsTypeEnum) &&
+                                        key !== 'password' && key !== 'code' &&
+                                        (
+                                            <ConfirmationDialogWrapper
+                                                onSubmit={async () => {
+                                                    deleteIdentityCredential({ id: identity.id, type: key as never })
+                                                        .then(() => toast.success(`Credential ${key} deleted`))
+                                                        .catch(() => toast.error(`Deleting credential ${key} failed`));
+                                                }}
+                                                dialogTitle="Delete credential"
+                                                dialogDescription={`Are you sure you want to remove the credential of type ${key} from this identity?`}
+                                                dialogButtonSubmit={`Delete ${key}`}
+                                                dialogButtonSubmitProps={{ variant: 'destructive' }}>
+                                                <Button size="icon" variant="outline">
+                                                    <Trash className="h-4"/>
+                                                </Button>
+                                            </ConfirmationDialogWrapper>
+                                        )
+                                    }
+                                </TableCell>
+                            </TableRow>
+                        );
+                    })
+                }
+            </TableBody>
+        </Table>
+    );
+}
\ No newline at end of file
-- 
2.45.3


From 86784d3b923810f1e359983c3d716c5f3d30a791 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 3 Jan 2025 22:07:11 +0100
Subject: [PATCH 40/66] NORY-47: revalidate user path after identity
 modification

---
 dashboard/src/app/(inside)/user/action.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dashboard/src/app/(inside)/user/action.ts b/dashboard/src/app/(inside)/user/action.ts
index 3544a07..7497f3c 100644
--- a/dashboard/src/app/(inside)/user/action.ts
+++ b/dashboard/src/app/(inside)/user/action.ts
@@ -19,6 +19,8 @@ export async function updateIdentity({ id, body }: UpdatedIdentityProps) {
 
     console.log('Updated identity', data);
 
+    revalidatePath('/user');
+
     return data;
 }
 
@@ -34,6 +36,8 @@ export async function deleteIdentityCredential({ id, type }: DeleteIdentityCrede
 
     console.log('Credential removed', data);
 
+    revalidatePath('/user');
+
     return data;
 }
 
@@ -44,6 +48,8 @@ export async function deleteIdentitySessions(id: string) {
 
     console.log('Deleted identity\'s sessions', data);
 
+    revalidatePath('/user');
+
     return data;
 }
 
-- 
2.45.3


From 95a068645e5668c06c2592016a3aead2c1f23246 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 3 Jan 2025 22:11:09 +0100
Subject: [PATCH 41/66] NORY-47: refactor identity actions

---
 dashboard/src/app/(inside)/user/data-table.tsx                  | 2 +-
 dashboard/src/components/forms/IdentityTraitForm.tsx            | 2 +-
 dashboard/src/components/identity/identity-actions.tsx          | 2 +-
 dashboard/src/components/identity/identity-credentials.tsx      | 2 +-
 .../src/{app/(inside)/user/action.ts => lib/action/identity.ts} | 0
 5 files changed, 4 insertions(+), 4 deletions(-)
 rename dashboard/src/{app/(inside)/user/action.ts => lib/action/identity.ts} (100%)

diff --git a/dashboard/src/app/(inside)/user/data-table.tsx b/dashboard/src/app/(inside)/user/data-table.tsx
index dd88dc8..8f4e3ac 100644
--- a/dashboard/src/app/(inside)/user/data-table.tsx
+++ b/dashboard/src/app/(inside)/user/data-table.tsx
@@ -28,7 +28,7 @@ import {
     AlertDialogHeader,
     AlertDialogTitle,
 } from '@/components/ui/alert-dialog';
-import { blockIdentity, deleteIdentity, deleteIdentitySessions, unblockIdentity } from '@/app/(inside)/user/action';
+import { blockIdentity, deleteIdentity, deleteIdentitySessions, unblockIdentity } from '@/lib/action/identity';
 import { Tooltip, TooltipContent, TooltipTrigger } from '@/components/ui/tooltip';
 
 interface IdentityDataTableProps {
diff --git a/dashboard/src/components/forms/IdentityTraitForm.tsx b/dashboard/src/components/forms/IdentityTraitForm.tsx
index ea1d719..cd054ff 100644
--- a/dashboard/src/components/forms/IdentityTraitForm.tsx
+++ b/dashboard/src/components/forms/IdentityTraitForm.tsx
@@ -10,7 +10,7 @@ import DynamicForm from '@/components/dynamic-form';
 import { FormControl, FormDescription, FormField, FormItem, FormLabel } from '@/components/ui/form';
 import { Textarea } from '@/components/ui/textarea';
 import { zu } from 'zod_utilz';
-import { updateIdentity } from '@/app/(inside)/user/action';
+import { updateIdentity } from '@/lib/action/identity';
 import { useState } from 'react';
 
 interface IdentityTraitFormProps {
diff --git a/dashboard/src/components/identity/identity-actions.tsx b/dashboard/src/components/identity/identity-actions.tsx
index 59997cf..6ecaa8b 100644
--- a/dashboard/src/components/identity/identity-actions.tsx
+++ b/dashboard/src/components/identity/identity-actions.tsx
@@ -11,7 +11,7 @@ import {
     deleteIdentity,
     deleteIdentitySessions,
     unblockIdentity,
-} from '@/app/(inside)/user/action';
+} from '@/lib/action/identity';
 import { toast } from 'sonner';
 import { useRouter } from 'next/navigation';
 
diff --git a/dashboard/src/components/identity/identity-credentials.tsx b/dashboard/src/components/identity/identity-credentials.tsx
index 3cb06da..f362971 100644
--- a/dashboard/src/components/identity/identity-credentials.tsx
+++ b/dashboard/src/components/identity/identity-credentials.tsx
@@ -2,7 +2,7 @@
 
 import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '@/components/ui/table';
 import { ConfirmationDialogWrapper } from '@/components/confirmation-dialog-wrapper';
-import { deleteIdentityCredential } from '@/app/(inside)/user/action';
+import { deleteIdentityCredential } from '@/lib/action/identity';
 import { Button } from '@/components/ui/button';
 import { Trash } from 'lucide-react';
 import { DeleteIdentityCredentialsTypeEnum, Identity } from '@ory/client';
diff --git a/dashboard/src/app/(inside)/user/action.ts b/dashboard/src/lib/action/identity.ts
similarity index 100%
rename from dashboard/src/app/(inside)/user/action.ts
rename to dashboard/src/lib/action/identity.ts
-- 
2.45.3


From 21ff2ad8f85695cc095e594cbc69ab285f27bbfb Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 3 Jan 2025 22:11:45 +0100
Subject: [PATCH 42/66] NORY-47: refactor identity traits form

---
 dashboard/src/app/(inside)/user/[id]/page.tsx                 | 4 ++--
 .../IdentityTraitForm.tsx => identity/identity-traits.tsx}    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)
 rename dashboard/src/components/{forms/IdentityTraitForm.tsx => identity/identity-traits.tsx} (97%)

diff --git a/dashboard/src/app/(inside)/user/[id]/page.tsx b/dashboard/src/app/(inside)/user/[id]/page.tsx
index ad4eb12..83cc3b3 100644
--- a/dashboard/src/app/(inside)/user/[id]/page.tsx
+++ b/dashboard/src/app/(inside)/user/[id]/page.tsx
@@ -2,7 +2,7 @@ import React from 'react';
 import { getIdentityApi } from '@/ory/sdk/server';
 import { ErrorDisplay } from '@/components/error';
 import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card';
-import { IdentityTraitForm } from '@/components/forms/IdentityTraitForm';
+import { IdentityTraits } from '@/components/identity/identity-traits';
 import { KratosSchema } from '@/lib/forms/identity-form';
 import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '@/components/ui/table';
 import { UAParser } from 'ua-parser-js';
@@ -128,7 +128,7 @@ export default async function UserDetailsPage({ params }: { params: Promise<{ id
                         <CardDescription>All identity properties specified in the identity schema</CardDescription>
                     </CardHeader>
                     <CardContent>
-                        <IdentityTraitForm schema={identitySchema} identity={identity}/>
+                        <IdentityTraits schema={identitySchema} identity={identity}/>
                     </CardContent>
                 </Card>
                 <Card>
diff --git a/dashboard/src/components/forms/IdentityTraitForm.tsx b/dashboard/src/components/identity/identity-traits.tsx
similarity index 97%
rename from dashboard/src/components/forms/IdentityTraitForm.tsx
rename to dashboard/src/components/identity/identity-traits.tsx
index cd054ff..1606db4 100644
--- a/dashboard/src/components/forms/IdentityTraitForm.tsx
+++ b/dashboard/src/components/identity/identity-traits.tsx
@@ -18,7 +18,7 @@ interface IdentityTraitFormProps {
     identity: Identity;
 }
 
-export function IdentityTraitForm({ schema, identity }: IdentityTraitFormProps) {
+export function IdentityTraits({ schema, identity }: IdentityTraitFormProps) {
 
     const [currentIdentity, setCurrentIdentity] = useState(identity);
 
-- 
2.45.3


From afab5645c2c227de2923abd9ad2a17cec9081e43 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 3 Jan 2025 22:52:45 +0100
Subject: [PATCH 43/66] NORY-47: add dialog to show recovery information

---
 .../components/identity/identity-actions.tsx  | 96 +++++++++++++++++--
 1 file changed, 89 insertions(+), 7 deletions(-)

diff --git a/dashboard/src/components/identity/identity-actions.tsx b/dashboard/src/components/identity/identity-actions.tsx
index 6ecaa8b..0ddcf32 100644
--- a/dashboard/src/components/identity/identity-actions.tsx
+++ b/dashboard/src/components/identity/identity-actions.tsx
@@ -1,8 +1,8 @@
 'use client';
 
 import { Identity } from '@ory/client';
-import { Button } from '@/components/ui/button';
-import { Key, Link, Trash, UserCheck, UserMinus, UserX } from 'lucide-react';
+import { Button, buttonVariants } from '@/components/ui/button';
+import { Copy, Key, Link, Trash, UserCheck, UserMinus, UserX } from 'lucide-react';
 import { ConfirmationDialogWrapper } from '@/components/confirmation-dialog-wrapper';
 import {
     blockIdentity,
@@ -14,6 +14,18 @@ import {
 } from '@/lib/action/identity';
 import { toast } from 'sonner';
 import { useRouter } from 'next/navigation';
+import { useState } from 'react';
+import {
+    AlertDialog,
+    AlertDialogAction,
+    AlertDialogContent,
+    AlertDialogDescription,
+    AlertDialogFooter,
+    AlertDialogHeader,
+    AlertDialogTitle,
+} from '@/components/ui/alert-dialog';
+import { Input } from '@/components/ui/input';
+import { Label } from '@/components/ui/label';
 
 interface IdentityActionProps {
     identity: Identity;
@@ -24,14 +36,84 @@ export function IdentityActions({ identity }: IdentityActionProps,
 
     const router = useRouter();
 
+    const [dialogVisible, setDialogVisible] = useState(false);
+    const [dialogLink, setDialogLink] = useState<string>('');
+    const [dialogCode, setDialogCode] = useState<string | undefined>(undefined);
+
     return (
         <>
+            <AlertDialog open={dialogVisible} onOpenChange={(value) => setDialogVisible(value)}>
+                <AlertDialogContent className="space-y-1">
+                    <AlertDialogHeader>
+                        <AlertDialogTitle>Recovery account</AlertDialogTitle>
+                        <AlertDialogDescription>
+                            You created a recovery flow. Provide the user with the following information so they can
+                            access their account again.
+                        </AlertDialogDescription>
+                    </AlertDialogHeader>
+                    <div>
+                        <Label>Link</Label>
+                        <div className="flex relative">
+                            <Input value={dialogLink} readOnly/>
+                            <Button
+                                className="absolute right-0"
+                                variant="outline"
+                                onClick={() => {
+                                    toast.info('Link copied to clipboard');
+                                    navigator.clipboard.writeText(dialogLink);
+                                }}
+                            >
+                                <Copy/>
+                            </Button>
+                        </div>
+                        <p className="mt-1 text-xs text-neutral-500">
+                            {
+                                dialogCode ?
+                                    'The user will need this link to access the recovery flow.'
+                                    :
+                                    'This magic link will authenticate the user automatically'
+                            }
+                        </p>
+                    </div>
+                    {
+                        dialogCode ?
+                            <div>
+                                <Label>Code</Label>
+                                <div className="flex relative">
+                                    <Input value={dialogCode} readOnly/>
+                                    <Button
+                                        className="absolute right-0"
+                                        variant="outline"
+                                        onClick={() => {
+                                            toast.info('Code copied to clipboard');
+                                            navigator.clipboard.writeText(dialogCode);
+                                        }}
+                                    >
+                                        <Copy/>
+                                    </Button>
+                                </div>
+                                <p className="mt-1 text-xs text-neutral-500">
+                                    The user will need to enter this code on the recovery page.
+                                </p>
+                            </div>
+                            :
+                            <></>
+                    }
+                    <AlertDialogFooter>
+                        <AlertDialogAction className={buttonVariants({ variant: 'destructive' })}>
+                            Close
+                        </AlertDialogAction>
+                    </AlertDialogFooter>
+                </AlertDialogContent>
+            </AlertDialog>
+
             <ConfirmationDialogWrapper
                 onSubmit={async () => {
                     await createRecoveryCode(identity.id)
                         .then((response) => {
-                            console.log('recovery code created', response);
-                            toast.success(response.recovery_code);
+                            setDialogLink(response.recovery_link);
+                            setDialogCode(response.recovery_code);
+                            setDialogVisible(true);
                         })
                         .catch(() => toast.error('Creating recovery code failed'));
                 }}
@@ -49,8 +131,9 @@ export function IdentityActions({ identity }: IdentityActionProps,
                 onSubmit={async () => {
                     await createRecoveryLink(identity.id)
                         .then((response) => {
-                            console.log('recovery link created', response);
-                            toast.success(response.recovery_link);
+                            setDialogLink(response.recovery_link);
+                            setDialogCode(undefined);
+                            setDialogVisible(true);
                         })
                         .catch(() => toast.error('Creating recovery link failed. It is likely magic-links are disabled on your Ory Kratos instance.'));
                 }}
@@ -135,7 +218,6 @@ export function IdentityActions({ identity }: IdentityActionProps,
                     <Trash className="h-4"/>
                 </Button>
             </ConfirmationDialogWrapper>
-
         </>
     );
 }
\ No newline at end of file
-- 
2.45.3


From 70e376615d8912a94cbc23af266a5ae87cb11527 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 10:16:22 +0100
Subject: [PATCH 44/66] NORY-41: add drizzle dependencies

---
 dashboard/bun.lockb    | Bin 229372 -> 269452 bytes
 dashboard/package.json |   6 ++++++
 2 files changed, 6 insertions(+)

diff --git a/dashboard/bun.lockb b/dashboard/bun.lockb
index ec6a87b494fe9f97dc3d5c6a66a88bb89738459b..5fcc46ea3c3bd8011de21e746ae83543666ec38c 100755
GIT binary patch
delta 68314
zcmeFacU%-pw>3O7GQyxJm@uOvL6M|H!6AtfOsFVgAWM=Af&>Qx3K+4~Hi2S9!JGps
zDk>-nD&~wCbI!hNPdA=9=kVR<x#_$Aoc;-`)~c#qyLN@HZU+4ROKtXk_4!8K%ndh7
z`^=w}`*GhQ<KFS%3;UL6xZb@lD;yel<6X_lhX=p6Qxed%AZMhOtUOyJCj!9;U~_>W
z{U-zoFgYqvp0gd_Rl(muZv>1D@(YNE_OXFL&=mYJ^u|B~F^6q|8sMrxb>JoBlil^G
zL-mI!3j~_LVqg=h7!Vg16c->6^kIZTO+R0>Me1kx&;h7~I&FYcf$f0dK&t)#`7MB#
zfYi(h9(VD$mdC}wCdi)+q;5=QCJBvYw(wjH>{>%kjr5C*3PpbpfumshB)^CW)O$lX
zN!GQ<S)c}wu|aWB6D9@;cB7|S&<lZNJr_vjLj2;Q5+enISIxL~Jox<R(D9RCRwn2J
zf!uGv8~luhDLOBB42?4ko)G0Pc#T42xQ2H$wk2oqJkNiClf(Y8egQ#o0zrH$uKWQY
zIno%hqWn_6{7#@m&`XdW5fmF7)Keg+Yp@yxsi%uubHnu#NaN5O!KYy^Wv+?zBvEZS
zvtJlV11;IG_FN~TLu38o(RxHO#Y`aRiGice#D@e$Qit2}Tn9)|cSJq(KV9BKl>g9C
zAb`K=4}s*v4uq8IZ{X3o6X(NRAk~ldiw`jj4`Mbn(2!k69V+|0GuP3G(8$nezqq(6
z=+yDmUAVfRfE19^ygpx>Yik;iY^HYQ$`1xo!1Z)EY!6Ox*auGYZZnYDy9*uYpPsMF
z8F&q(ivP-xzCP#3Uks&NBPir>7a%oMH}R91rAk_|lUPOMeq2;!WKgU?umzk-A2HxC
zF2pZ38lh}vBoLsd>2D1M0z@nQB9JENZXkM|&hnTHq~$dZhz8RgdDI7DjMLSDm;vcu
zddR(zrPm-qV^qQ8J|N~^`WhbR0ck>~@EFYF2q2C1LNjh0;^QWS`omFo=oH7epoodo
zp@66fQ2@aSb1vTM7F>t@fsL?W()XgrG!dhNQ3}^EORm9wKsD$#Kr$E|Y#2W&Iw&sR
zifcG2J}5E}<rjiexfwu;WD<`k9~v2NB>+Z8MNI(G^brW+q9=sLV}V4)O^8DKFmA&+
zaK%<2z@$mv3+x1Bc}(Qd3rHci=CK`+LjMEx3GV_a^v8MJ0BjFF8`usQ;lRzzx`_FL
z%gFPHposBsOpxHnjky~#8bgoaD~<%x*nRKKIXc3bbJPMzj<(|QV_%M60g|Kpcw7b~
z2UB_U0g|JRebIkP=t3Y*8v)7F*G?Q>22#VB7$O>i$e^Tn_$m0|&gnHgmIG-o-vMk5
zT*l)xAWiuQAkDE+K$=Sffz&}Wcf_9(`n=E)NNY`H2-jdsa9Rz~QE~COoe2CB;{2nq
z(RTFU>ZQUld8Bv;1EVl0CSuY}h)W_zM?oit`T}WE4;s!nV9fKkGG6G)8;A>vO$?2T
z7la1-Q+<I3bh^nY0coh%5!?_w08&rVfz-oTAWgm>Be@Q^d2yHvYzBQkkm|?Bnpu$D
z=!D2g0a1ZLvU#XLJ$M9c1PloAn-GoyH-((x#iIoRY(VM5$8ckt0NxqA=U8q(=nPJw
z--YtzP;YP=%AMYv<0HUnE=YhBiTOTU{kO=6<FfRdNVG!6Ngf^jxPskzeB;aYjIWU1
z0y>pHjsVe~-YJ0VVN)RO2ft9BLY)tL)brE4V{9Pjm?VgsJCniN(E4AF0@Q<aU^`&w
zc+PM*I2rN)wgs92X|is_K0!To4&i!uA4rjN3FREU08Wk-1F61u7&nJ<ffVU4Jog~P
z{7YYtf(S)=Z{Cm=kQ`|Mq)>K5!_?!3Knmf22u^>7VWRwNK<fE9AUWcf6dFa#SvQJv
zr~{BDaS2cr7!eu~WQh5-16<Y=LIyT?nmm4SlOhAcL*vzuK|P3{5Ew>=>L$y)NUovi
z*r53M(4g2<aGIP!K&t;SmcyXH(D=}($hfJfOq1>rbg~x^6%`(e@Q*@yio`)Wu#kax
zZnX%M6S$0FK&lWF=bsQdAyBX<k&DnOAVngZ$9Nvc@#w;1FCc|p3rIuNh{sP8IbOr#
z`H6@>6*$NX8+c@ROb3#K5j=YH*q=vpAWbrD9yNIUg$|JZg2#o3BJm*Hq$1-5f~8Xg
z0v+%a84|QLj^(j7oomn$oaVs%Y1|n9_0%zWIyaVqLH-GJ--<w}>FS1hG?|+LHGx0V
zxend{QbdQ&;OdQ^;1?es6ewU^8mX)HnaO4LoXPk%GLl`%<mS;CzRrX!&L>|W4O`o6
z4%L7(yahm-Utw{E^5d;vEber%aY1wn^P3PSSUHQ!4-JltipB5;#bE*g-Dh*UUl^i>
zs}>v!O_qKI2^y8naDe7#LTsoZO~gYyUkRl7#sJBonLJA8ah)><l0&J`X+gvSY2t_Q
zm@}X2?}VU<n27?xOmNDNmt%WD`eY=?KwwZ%v|(tRU>sl3Go9JgxT8#q;q12HG1_oK
zQ~(aDz|e@$ctHycH?<oS7n2YaJ4sNtr<Ot|zj25+!~g_e!R+e{{$euM-_|UbzZOXS
zS`H*P=;#@NyFwTaY38(M1jwMBK(LexkSCA|zFNX9&?d_`2R=fla$CV^`rQYozy?P}
zWA_sX9-%zdt6k2G@NFQC=&}`D{kcGL<P>yGAa|xh`|lQW1s?*bN4@g63Wrv44z$ka
z92*}MYlz3XkhGOt{x+0rh4PlGxjl6=%F_t{1g8Z%Zw=>A2VTe1N^DSYP|^X^Cr4$-
zS9eAt5((P#g7^yWV1Pot92Kdjch_+Zxvl5;JD@sr&kfvAyKi8!n{<>_!7h#bZDdpX
zr-0Pa{Xpth0g#&MjB=z)H*o<x4o>;g(H!YsynhiqAI-br0K}9|?*SzHje%tEBg!KV
zvh<+MobVI^Mg9hFcr8~TeIbzi&IHm(L;@*ben2W;xRuiffm27UfE3_nd^rJ-;!%sh
zlLMD|JPA~%yWb)t+94wiNK@q^MwBWX1vUrPZ7?fjT)DugfcV(Z$e@kLr=G{};>s-o
zr>T_$q`PDokRs#@B*$JZ;s)p*kQ}c9s>5b_ykE4R|AZhx*&eRIeq@j%dy&}*7zS(u
z{IpLX=n6CjY60&6sa$P3=fKOod?cV#y=Fji<STS4H;uPr1SC!mtTLKYnh>ZbLSQRk
zQ8CxxN+5YU^DtLo0ncSXicAcUdgzxFWEg;rEr92vfYjsbleuz1C7k^MK<Y@{BffbF
z;!g$TFFvr%=%D}^R02{1%a3zI@%$*~z$G5D1YD#VmvV+D@OTzTLsxeOG&sqX`|Dlw
zkGm(|<Nx~YlN<B@^4(K5k@Hxa$G_e_KcC<lcmkwV@c-QtZs`8A9g)?bVVbq)dHgT;
z<X?28?i`SYp`&H|?UH;M%hF#XLHpJfAZ7fh=6Zq`SAG-x0)t+I(<HnJBu8zpaO<B1
zQawDB&_k&p9)@W$*FB^%SGl>AZ^i8|e|<=e@=q8qkA2<KY8EQcWZZdF!(J?V=yd<E
z=gel!0+tm$v5yM8yJ^q&!CR#UKjxXgYV|hm?QGrLZ5uZ{>mC;CcqUyCH!j8O>b%<@
zFZR=UIOyfZ3wiehu9fX2V^S_pK9PCpocH_6HVymRMT|e^ySZJD%nTL#xeIHIXPLCH
z>-F=5g^}pPtPMrd`38CB{n)<oC-+PV?($@3Q_cNC^?ADasabg*2U50=Ss+WPe!25>
zYyAeY#;z@v%zf72aLXpH-T@(3dUx#A&+kd{qAu#%eVh`N-|el+SMP8_|LNeK8fhc$
z9T@6A!FTnq%Q^cU3j2kQjkVKTp{CjQY2KEJr-n)^4cd3m*pS!G<iN$J0p6!Srfa3H
z^<)^E=h|U&mSy_4`Yvgz)#79KX8OH^vug5hOdH?Nbn$h+l4F9G{dJ#;>|1~RYC5#s
zBIva85Vqfwh+`@mQiFZMg=aIBib8xedMB;kI63U4ip~WS$7Mcy8#WbL3^=<df5EQg
zl7~43%{BXfdb~LPZNA;dgQ5Fv3(OiuJi2}RNN!=zV(Xo++eM3aMt8On%CxJtMP!c%
z_HVM`>^cwjmj9r`JM1RPes)`|p6<|V>=x$-&kwXc+UZBt^k2L4zO`-{`PUfyH~TL8
zYv=#h`tIYh>g;sQ<65B|+$?rp{pQGZME1vM{x^H_U+aj?e`6Gxf-YVz2i2B$8+rP^
zQ{8gud1S*bm$SORm(5?7%ixN=cTX(skyp2D=2i|echm{out3{Iq}+gU)0PSym@I8O
zVJcIG@B0`@S37-UC4s;ND;KwnKV9@Tp0<of%g_E&89sOpW1`(!n8;*xwUd-1%N|)G
zCdbH9Xvs))?2zNCV<#>V!x*EcV<VC@WXg4<!gxlaYbOa-mcPeOZ^&rqSPIWDS<u?3
z2n1#@(twOe27(O&Q(|&-ErsrktDc=ukIBOK2}~KjZ)PO=cA^fA7&m>XFqg^Fx0AfW
z2IeL=Kt`<@NjE!57B)dCG$G@WY^6km8MxS1sK%6clZyJvK{5>+VqdNd>YZY;y4#5w
zG-1lSONB0s#K2CHg1e~6Z(j<TENIuD^^iB_p<^i$H)T|NNQJJ9YY#igEF7q8f7`2O
z%AiSbyXh@2o?~DsbYff$?SyemmZ6<w7jmfehD?s3rQ|c1GgwnbqpPKGJmYF)C%nXD
z8QF<@<5q0TROr|UCo&RaJIO(C3KwFoYbp5-<_IRFfQqFUJ6mRsk&Q5!k(k&?Hh~X8
zE`o_RzJgJUT%e^GQ;HDBQh5e%VD$i)1y`>d>VZ+eL=3ttv1rLLB}M~zGB9diL`+;l
zdCZ)yHll{DnCzZXiG8czV~fI*!N`!Z+|X$-az`vT)DlN03Y4;ZDh+1JdLf{^)`0QY
zV8ytaVXolBMNXp*hHNBLW@abc$VklXBwvw3Q&C7=#eig)+X?3}W%z!MkyzM?g*ZN2
zFax{UV47xG*a_2^G7CG&Zm8q~-0x~BR>c9<jZrhP5e;w0WLrojvmxNdM=`?a)iM$*
zJ7F;6itqcFEPQ{-lv&wH`gHg`*TSq+Kqz#m($i8>{5wm-#8UDNjDn>^{TKFOB)#o~
zEaTeSPSQwAAQ+Au3?t&?14b*c0YkNl!Klv&cvslq8RBGRDRJo}5cETyd;v<9gOPo1
zNN<60&eO0NcgBxBxRMxPzdsljF2j`B+6g}}l0J44lP+8>Ws0yQ1dK*S!c>`CO16V>
zt-(u?Sewb#l}cQ->t?t{A4}mXCQE83xzB4V^4YY$tHRJqYQbm{U<*K3O?5aXW~x%H
zR6uA9F<sHxd9V>+TyJ!AxhTLSc8LI<Ats2>7BEMYlutt8S4QGsC$Z4u8dZ@;EgFoQ
zc@)DUp1}pMCt%d7d`?L$^tl-!kT02JFp53;-^)_6k7o^;st_v`5DE>P4aVejqUo09
zWGBAe4MAcC_OKBeGm^e`65s9uff34KVj5UV=JHG|-`)-}Whfyq;1-FHsj{-v9}Y%q
z_TSlt^-uGK1-S4`@cXK7&la`r!IV2o#b)p(m{x*#IZ^?PT7O$5B>d!(kFh}DBTpUv
zo$6pB5R8>;$w-Z+l%$$c@?K$Lh)qld0xzb**+!g+)Npy~CQ?J?DI?6gA@bDZ->Gv*
z4U%i^d)1}FkQyM@_WVwX%<8m3NcE#!$r_|+P!Lfpv3p?L#MaQalr%Tz@~|MfSqjH7
zS?+d{1<<I3d|C-B8OZ=UNk^<vTKEF_z(#<PMFFE>W+^OW%21+-C4RaJO@*l{uoOpw
zp$}FzlA}n`WW${WJFW;TOv<Qv+NvNys|^iftKESl-IC<Hk>ooV?|`nQ*vJ|NXhRoA
zBh{C-YsoH3akVkKKZDU8!tDk|m}SHo(DaZ5f}zLAqZPS?XYvhRd=|`vrk<#+4dXUY
zD*lQ&AH)nCXe0LNBOh0!4)ZBnCG;3W4Jj2V3@}pHey1$#<U<WD=XdHkQlsSMobBsU
zc}R_vYafvEl&8`h1Of+Uptg<Zume**L@N5>z^HmiMNW>4n}<{~8R3Jc6dWr{@jftX
zrecVV_zhB=fqqW-@fn$tEJX?qQ+Lt%Nw`G@{bskpeCn9E4|XOWX3kJs6-v~}l5b#R
ze>1QCiflI+KZ#*n-9?dwgN^!K@5G;22Uqm@cV0Z0=WkY~z^qg-2Zq&UiDKLsw-Hjw
z1Bh4~xYc8dN|Fa~wm4SxC#FA;v&`kCfsrweRsM--4-yDGe&@x54gSrJgSpo+QIo+;
zxtCPrIhau$C6(l$m<{r<3@ojLgPCk-_Sk*+#X$FLFsvW0Rng8NjGMPq@(dz333Dtg
zCEd|7#-65YS4&Zt2ctS#s&)k;rc1g2mo9c`1IAukMa=~rAZzMSl`y1oRgwnP1giXi
zA=*5Q$sR2giH9@gqord1;Q~Q_red^>Xyb6kZH!c`j#&3+29B|jj6{kS1~z9nItL6(
zlV>Nuu&H77((U3c80G<=XElPGe_XxwVANfXeFnn_!j&rA{v0sMh#sG}35;$c@{%HD
zFGkfzDjDvjcxTxPh9RV_26x$SV3^Zjn7raXm`)~4MXIe55?0Kdo;H$oNZF%6L)uG3
z4@WWOzEX*{H@92heq>@P_5>Tis5#h3o?)tnp|Cv6lK3$K!MNY-0+_Fy!H{G)CcOXe
zyggtTFWQ+9iiW5}q2R0x07H*?wi=9fAuP6BD<zOI%)k&^6)YwSf_%f1YzO07qI;(X
zlGI-=Z!8$M>uJD?4Zj)fh~9p6R;XUVpV&t*ZbP6v6S&UX47E}L!77FGFe$p|&$x}3
zN_qzHbBn1mvlPVyFy#=pK*TELyYdmt@i(&ytm`y|XD8Snoz}*NGW2)J1TYE~7oJi@
zCT=;N?rqp!C6kbn{w}o_j9Qi-A|=1TczbBeBN%r^E)T32tRK&;R6@9jU|g_>R6~E8
zM8P;PZX_rod%^gwnORDHfl&ikEj@4&!jz!cq4D09qK#opdAL*}3g<*jLkzhs&(J5V
zlZjx|do<hKQhXK+_pjbI64eR6kDzFB92gfPir6l&KL++E7&jqkm_s7!N|LLG|6sT~
zwur=2jr@kRDv~LWl!|UdGOAHhiCL6l_maS<3-Tul(U~ZwJW483iDp!zr4qa7x{=Gl
z0i6NkZkSh)vO*nfT;Z0YrZJ3aj8yCugOx)IOPr0A6*JJxMsf@(a$O!}QTtd%H5Q9D
z_ID3(d|VAi!Im&NI6)}IaZh4+5|UbqT;mwkIH_bFL?_Ng9O5p3xq``yNZQ47n;}k&
zGptlVtmVyBb+?pcf{|q$<Of))T?I2HBLab-IgSb3=GQ!-?$C?#i#Pzxg^mPjdyu02
z421=n*jc#^v?7u7{LgB;ByP$4Sq-jN-C3{tt6tT8Qhjz=s1(vaw{{OIP0~NqbQ?+I
z<iCn^7l^4>-CwUNO!=#Y^ms|*zlmfvr(X5i-_)Z$C5=<LY4wM*WFYwO>c)DC9-UZ^
zNcFALxZ(b@)wFuml6qC~<iA>=-u_)2BT<2fBLIJ2?v&1y$4e!Lrw9a?%(Q#qY20Kg
zou?|6+o~WzI|iORv46Y;qveZ9*~e03KaEkHD3ugV;|>s5CfFl>fYFLX5$w8_)0uJ<
z$(+vJ>2OF!krQA&<u<VZB_F|hfT6m9rKn2=Q=TXlhiBjzBHu3$AVs?>w;!p_;D(fY
z0vrQoi#$B$8Cr^$fLSnVSh(kqGUIgIN<}ldBLW_K@w_n*%!R2~Y^#KXRDOcKh?JGw
z0}puDD3fE{5z`6GjG3crBThsL_uz0F(S}UMEk!E64*~lho@hE{aqAEpsRQ0?fN?>h
z{jY-0;~vO$v+GtY?XKg&_&W_6-VVk^t}4h%1;j$$ZQ2@*XVrO#_=$pNG39AeQNb)m
zb+S}agFNai?)exY&Dk82Fdl|hDj;N0o+T=n&8W(x67d||oaMbG%YI-KUV(gkw}bTq
zLqM@teF7uP^05~i%tapcUlM~<U#=9q**%vjPnSwQK(vRbEPpC;na7Qc{2(Hk4n}@(
zkKBjB=nja<fM|W^OUfUbMOO0}x2aM|{(NqjF(+`kehOwHuRwFKO-|ih!t4=y5|dAq
z9HgibOyF2c$r&(;pS%%~Z~@J6vBd%uk#`{)DH?L_1wjEA6~=9Gt(6K-@R*Gu>dtV^
za?>w_XV|@ww;qg)a3ybpkr51ZfR)O^-+e@o$AVE7rW9`13|LPvL<95VA{Ye|vlB-h
z%|)C^uDQWrVRDl=1d5t2X3A$uMI%^7HB&0u#xic1I8L)%ujL&PcU^+&Oof?^cnngw
zpXu62<|5_AHICb0)1@?u^xQZODL!5}D=q<ZlgF{mGR}4GA$25}m)uSXQUm06FbBnI
z%Q0`{XUnlj(dcl`t8>6Ot8~--35G}YUN({eD}GOPjLteRnga5plDG!Uo_rE(=i)#h
z_ihqWW+;J3<3W8h7`ISpp}zvdt-PC!NSeo#&yk8MRxzq`rDDB&dEe0I2&Ak~8@G51
zOVPS~rX1Nd5b=Hi56>Q}>3m8JZbk~>K$YfeexJQCVoSidZeWp!FMy#GR(k8ToMEoB
zL%@EQl4OIq)OAX70nAO#Xk6Q`Qz$7O0fwyyo616@@ZLhlM)DD<;aqvNKW2Shu&Kih
zHqf3$Uiu(qi&ETPyZjG^eeMbvg-o6&Zd3rq40N|uLc)TnFt-sWAca?~x;CQi1x)rr
zsYGd`;`z%PtgqYydOeT_M*hPZruviLC38kuiid8Z!JlJpBUz1<v%HQ69#bBJVfYZI
zK81DtCI1t_MlfnCY?Y80An!<<B5oH#Ao1XrP{d@jQpqWZ)F!3{R))srx`=pq;Oq%T
zdGH5)Jqkt>0&B?JQY6~KlrNEr`){EErskI;MMJ@bsRoR;CbX4irLq-c34#~Hn8u-C
z@)s(Sy-4we(34MK*j8Yw*S0z@s-#vbAXFI+;_z1iMk|5~c$@8*K=Qd8PARSww)J8#
z@&$Fk#5;aJdofljAl%ZVtb<^@IfO)cC!?Axm5kWQZ5DWgGuKj_2{w)ysBa^AgcQwi
zw4Gz6vg`Lanpuixf(?=fxf-b<T+`5XcH_~GnKR8+xSLU3DV3Z7H|KIO;{<!^b}Yn2
zA_b%Pave<va|Oe0j{WNrm<5>pAws0Omr>1^id^?HZh$3wne2S2nB6Czu=zIPcKgZW
zIY>=H3ZsKm1yWc}`B-!ZxLYN*J1i1EFm4Fwbdi4mrtFlUVXC24|ATe4<{;(GxdX=y
z4k^Cdm<-k%dDstoT8j1^V#?P_MM}kt>N=^UwwSAj+cfT5&WD-obyCsF!%R8yJ|E^f
zjA`LyDd~NL^GiNEC7EEfFfiHB-dQkfj;+IZ9_8|I`$C>87%flkhMRGe$=)CpuPu?U
z3T(Mwks2+pS_KC@k1=iqQptj2+-oZQ_(tDSbp9Aq4pDNvZY^r8#1FQ>2B99e>ud(2
zc>-o&DgFZHCEtiWPW+xtv6gBZ!R$~<fUD#0X8`R|{v8EWY_0n8Cj;>`Qt9NRb{naI
zd@Xb$j(g6qILUPjhXf2$EEvCe>sYF71CwvHu-J^L(xV!Z#t;YdX6i&0HOo_f82>|^
zUawm9H}&W+N#oP?83>2!{<p^VK&3egw|@JjqV}s^)upVyvN`pt*Xvca%j>f+;cses
zu%z+dL^}Wfgxdda?mC~TPn}(_da+)$?OASv{&N_7>Q&d)t3Ityl^9iUPqjE-t+N!z
zfZ+yZVWV~osk-UVoYBaYPaw6gQ0wLcr_!^@xj#npkD`m~Rcq>1P0rV6Aq{HXeE7re
zX{dGc;SW`#vOd+jUUkji)T5q~#(xuOG|j8(GdsCn^;Es8`h`D6{ttIY)~n|IRb3D%
zY5Z4B{tmUr#Xn}lA68@PRrl1Zeydltzf_N1(V|O?+a{?*wVJzWVycX{5>_+io1~(-
z)r@MPRMPx%-OZIAm7>9D?qKgWv=kLwX37htqT0)hYLQgreuZ%>l8RSf!M?~0EW!;C
zDY^@xuz{sU`>Wi&Oa=425x!Izp|&1%S>k~lGKyOaet?n>)>pn;K19lmtB>=I@ilJy
z=ibA`fc34*6YmDYgI|QL${#XJb-T`;rg|~z+DbArG)iA0e8DaGrHG`%4f&;r4WQWY
zdVMHF9_}dgsX#hY$n6gY(xrehff58Sd}-h-6kk*^3}18+5)a20ITC>{y8b7S>_*b(
zf$56mpkAb&#_;+786=0}@I@U=#248~#ur_`kwQ<Nr0|#uq>GUBG$OeEgv^UAT5`wf
z8#Ob9ir^w7K8*-2Lb5WQ#|$240O?XhG59RG$|2R8jW4n{m&f@)(sSe=q~;R%E*In(
z3*-#H#tNh<y^QCCRB<`a35l=37d4QFFJ*kK!xvqONO3E`7nR@0<EFZS+XR6wMQjMZ
zO|EiC4ea1KAsNIGQf_b$uPY)ow3pWjss4VR|3(Tu6+FP>LB0SXRlt!=ei4#G$MHoC
zpTrl{!!bdA5t3fc(LW)TJA*Gm+|1+`A(fZmwjj^IJ}$oqDFgeQ{Q8fO%3a16Ig0H>
ze*HU0<*(xl*iUeit0zZV<!^cZpF*a3yRnS=_ld7fNc=O;35kE<@hgwtc>E5et3D)m
zf8vXfjF256edCdmA|a*{O+5*pQ6JLUXo7qy(v&av?;sUb=j&<k^$5wK=D;Sv&h*)7
zx;pa({wI<49v#>v)4DwB@u<&ZH+lR~pc^lA2hyd8<f#>}|4*Zg43ej|d;^L|p^`$U
z88)2H|DQlI<;mHT$rIGjNWK9@q_yG=ow7#r`Gk}lgKzDDNxZIzBu&CMs-Mc|6H+^q
zc}^&j|4ss*F_kiy>RsISJ|B#x-Xb9FA@tjJRA2?Zk=d0*{(>Z};`RRs)lqI6Z)Ycv
z+}aJ401wlepax1HkOL?Af@OTcGeEisDZdg(4qoQ-ukv`E*Y5&p2E7E5-8VeG2hv4I
z4t(VGFSI5|_{J9?q~v#eqXvb@Bt!J8osEI&Ks8_oAl-L#fcPiS!#67514#MSB=ShQ
zl-J#Xbo?3tq?tBBh6L>jaX|SE97tCpkQz<~k^w45j-~TB1xS}7QvD1*e+H23&H+-<
zdHB{0m=C0mZ02>@RwPs*><7}A90O8A$ARPk{q8wkgv87E{Bm9=r1EEYULR8aSw8<S
zDEm_eHE^CcSjl4*Uy+auUEsMQl7107)xXS_yTX?vYz_St&;N`V|33@=KXclX|1%EI
z*nLA!bb+0zyMICIq&BY;Qc{=agcK<~AeHL|l;0C5K^fhFbp1z2<qS}ciW>3d2}w5w
z((*Lt_4<$+w&e4H-Q^Xncmvja1|dyGN1hXkn1}nd<hPK1yh=#T_UE}GlH|tcy8~%$
z4Cc$#hh%36pI;x6+d~`hr$Hp-4G-fhC?fTL6t5Ff#nF8EF}(ioAUQOaFHcBzd>Y7y
zixQjzzC8Nz=ntfekPHL>sbUb%$MgAwv<<}oTL3eF6rn6Wzdj^;*)kNMGIQ{agt>eL
zLQ3ZFoRIPt@SKp6i+D~*4K4*z#8v`nKi$CR6H;;$zEKB?cwI&bN^j+H2ha%oE|B)g
zhd^rh5s#07bP<yNgy)3hz;htgdjq7b_dI?AQvNp}Iq-u+ncx>M2$4$$MO2DM>WK<C
z^+X*gzf%CINN0Q_L)t|C1(MyaC`YKnqpln={(8Ki55zw~5BkO<RWJmno!<;d+#E<f
z><xtPf<8Rj1MyGLmq!;K2k<zA$KgP_2<1mePhKFT21Wp>XI?;RU^Ec_1U|g($LoPS
z2J;xkV+4=UJjMYjf+;|<n+C)`!4!Oxum7n?P{Y%J)Zh%B&jjM1U>473^L###hGsF3
zD}Zz<BH7D@P7SW)^XoyGeA#T`4Q&IGr~CMd2l$GLNQMvc`NcpQieo&U0#g2I9?N+B
z9FQ(TIzQb8Qb+G8Vf?AWeZBx8B_Hwp-@)c6{{`i#r{92dM^T1X)PO3FYUCv@LekZN
zO@Uf6Bq*;dkKKS2T4Nyj&<jY0&3Uxs(HcmXBGUP1Ft7i+DEoH{{x6l2{mEnMsRw$X
z2@K(T^1q81|No5!XupW!JD`X(q;b$`4oswcy8p-%e?gj*i6}sr#2X@{iYY*9U@EWI
zhg5GGpZ`}xmi)~jy~3hn@c+f@L;2+PqW=HiygsBD{EOF!6zc!XYeO<f<td{7^7SFg
z&=AqzcakSkfpig4#-Cmr*71K{AO7?D@SoR*+ybfZwISAt{B<I&z<*vJ{`2~<zSoVk
zx&HI|kUL2H^ZM|g*N6YSKK#?$LOPHCN%$B1pVx=@i6WhpaS_t?+Mnl&NYX#A5C3_6
z_|NOZe_kK{^ZHQnwc<ao59!|VUwpmz&+Ehgi`R!goBpKxJg%Ly&zD)ttX&E(sTtT_
z4)XbR^QC*2gL@6OjUU!co9+79(4zCnE<=j7TnBxwJP>Hnb-TXMZ{CXxo&4Oc4oA+K
zFV>r5=G)vH#)JaSD1A<>?ozUyv-o59m)pC`?46dsYwq#Z<6Flg)4Odc(AoU`+_7Em
zUwU49_TgFg9<nQ<@{ASR&q`}NG*^3Pwg2G1e`Sjejdt%IpkTP}b7o{*sWjkv`mfK*
zt9)C$nr_gi%&Pj;t@OKx`&AcBuvpsLvT32Gnv!4j%bOcLww84$Y5sVAdZRbhNh5xC
z7Pv|6X6vlGrC_&^dxy*Utd!C7$dZ9yXPr9Uq;-Q<wg*mJobh>E!PaIcZw2grdClmn
z{@3juS7v%u4q4gRS5h_on)f}i(^Xl=t#1a+Isdbn-~fG0qb?FfbzvZfH<}0*Z|}jL
zvFhDfJz#5elTVF1Us9`8j(e0@nfY9Hz^}PcdFr?oHSspfL~9rHUVM7Yvs0af^SU3(
zoxAeuWXVLc)(VC<D;oZ=WTgK2+T)YsExnER``u{Q=H$%xbM$8Fok*H};ZWau!;-Ev
z>h$_oFK?OOk&iD825Q)4Y+d-g@Q1on_VU=$5f6gMu8beMEsBPFtZ#9-lcr8WC*h<Y
z9<A>mtZ6k<N3-LZI~(?|*q>FLprdLq_}JX*myQlGZCY_;iO%v}2OG{F+BR{3%8r>y
z=XM>X4_nnmVymLv9d{qi-aTa65j~U53xnq-O&1=vl8Fy@XmIVB?C^lfOFsACe|@N9
z+(U0oGq)zQ_E#@GTw$`Ns9U_nmaO+ies(v?e<&E<rfB$-;nO7t=WkRWC62yiY*Zdm
zu-Sk0&E>6E9UrIu==68{mhJ@uG}E3h@3d}2_A1RmBaJ71eE+RYlU){f>}AJS-XG3f
zQ82t+(eQ}H;X~J1H`qGPNoP;o{PfE<?vsudSq9lnkS@yhE>#QL|80?q#;}9AMHg<F
zw(syGZr{fyKg(wnyI-yiv3=U|+CBxl^dZQ)OUcW?JHlx5t@F)f3+9&$9r0m7ucDXZ
z4xB8>?Y^Mt_|sM;T2t=S77uB({`$<J+k7JOzWcs&NeXUuxtCG5e!YrXWY6EAV0dSp
zRiIMf-65^AUv4Q#s#vsUi_*5EjpFonb#YG9KQyY%)=-`8Pd`~iv|ZidlTn3M#kWt{
z!82t)Q|)XbZ_c^-g|U#N-P=f;L*3ZzQZ(GMx_Im7%JD7oR<|<`PEoni!`Z$n%Czj!
z<R_oKnztC-ys$x+v!Rws)vFpe?D}xRaqn@j9UUL~S9QFXcqUg(``ZBpyYw;8y30Yy
z<Mhq057*}H4Afk6#;4+0bX;%!q?Y>ETGo!Y4PU-QZS;?_s`(=Y$|jp;#xJ>DJ^b=|
zuai~dyQx@(ODdcAPHyhasx=X|W<4cBci~<(Um_eS+{b<)*w1>X0uHbn2@bNtMu0=?
zD1u^kJHcUA(im`r^&>dS?k6Z=HPisd*ieGwYze^$woMa2DH}s@k}V@R#ddBAIL%HX
zC}XP#%Gqw}fHUkAg0t*3f(q7D18|PbA~?_9BdBDpn*plW9D)n%Q-X`ELv!IsHl(#s
zja}CqovLQvKoDMLU0VRIu=xa6*)IgwSdW%~>+D8?8?3Mus_M5x)u2|WdW+o-L3o>$
zXaerAegt>f{RH<|jn;tsY$!nuTSD-FZPNzukc|PbOFF_(bsHFZ%yw=I!9@!~Mq3C^
z*(wq~lVIKsLM=O`9fX2T5FV27f;DXq!K*WbMeT*|17Fn*IZ)~N9Iww`xAa`NQue+<
z-(Z(r5q6=$ZNI%ubiG_``)2K6^@urv##06cob+%Qd-ch*<zB@$``^~yzxiF`(v7L7
z9P`GrKROFr52!gXFSdnac|XUCF@8Deows~%QKMecBJ+d&*JWY*zAn9JH$&Vj_07%o
z4rRU59(8TBvgPCS6OC`TE&t-<WW{VaBi{h|{qGHXkKEnY1@1a`fdB8<oDL8|v>|*T
z;REZ?5kl*(5Y}~s@QHmx!f6sbwIF<9^R*x(=|B*7g7A&?=mbGu7s755ez3yM5U%P9
zo3P_M3*Cgj*zF`_>Y+r-E<$&aP{{gs5sqN3^r4iJ(m=>I(}wbdlmu-kVj+8slqKDu
z=yZjmEM#N5LUHL1rJ59pknN%a<ufT6I#3!3*$bo;7(g-Cg`y^8r|LrS>H*~;DNTiJ
zPdz9qhENvi!D9{fo*o?BM}o6Hgyw9HK7<e>2p>pj$vSj{(ApTnx^56O**7GdCc(2i
zgf?t`cL+%)5X1%$+OZx65cEwU>?WZDE9?Q`DhWY7AZW4MNyzL8p`{^&&a9sy1gl;U
zN=eXWHH;uUAtAvCf(~0k!V)tGI>r$6*cf97F6I!bN$AFQHi7V&gbWi125c1x1r`v@
zO(7VvQ%oUvSweV7f-!5_6M~8rghf3en6mds*hhkMF9^NZoL&$@tRZ|L!JKt4gV4G+
zgmq>REZH|CoF>839D+5QZw?{J27=fEf(`3o0YM*sHj>><LLXLW3E?UULHOg8LOXUl
z37LH$w6ucY!1`H1u#!S3CBcc+u!iu2gam5{&TI(@OY9)%^oG!%jp+@+#U4U639f8s
z8wj6C$gqLn&Q_67-~hqg7Q#SwiY){$M+gr|7|fdXfuQ09VNo9l9_&35_L1N$g)ofG
zkwOUR3*iF^o~(l%gx1bNwE=4%>OA$fFmyW-p?k=E*}<q=W703JiM{sYfa;OYXPz9t
z6E?a?=CRo1eETCeuWibg9!Q#~B^h0MNHFzrsnB-h$F~YMk&$d@3e28{S+*iY=q?+D
z%(_d-b6DK3OUtSbTDv&DSef{3Q!~fLuQMJ^Q)1aBpWZLXPVW1$)%g+MM<?ceY(Lq)
zyY@FPI~B8+iEWjSH)#>TbnD*?KZPQ5^m!Bd7;@dEl(#+Z><OFE896<wn+#)vyi}Lf
z>WtHN`u4_OHe=}AhtvEn%-H(&)Wg;}HA9>CU65u_n9_IC)D%<cm-L~pULACha;Hxv
zK_^(G&okFuN_RSZ+iB&V(%k;u?t4btrhea{Yx&X8+o1QT<PXF9u1g#3nLNc++)T|j
z_fFN;uZBLo)_3ck?_xDm=k<jWhrRO)<)7WH^LUJ+;RoU*yWXi)pZgnEl=WKuq`{_P
z4xX!&J)RsoI>E5%pdkO_8%NlhdbbnD4P7Gg|Mj|PX5pBCy$6j__jFW?Xf{l{6KvJl
z9jj<}WQRV+ruyP7aZQr)w2oacm9=;>Z(reec2i~efr6DE+8hmgAF8#=UVq%%`=dSk
z=y^~7G4EX2roDHXgkD=zXjWB0pTrm9lLYjUp>c|aXO8M!W^A|iPDRIII*)5VkNI?e
zL9@ukgBpIlFr&q^Z64}FHBD_Jdqh`1s#$#h+??-*M(fRTo@>pP?JBe>9C-D#%5>f^
zx$UE9_*9el>=kRr9(%rP?_#apISGw+Y+IH$_in>Jx84`u@_%f$Lx1z-=1<m~oixip
z(_iIG|I0b=UX`DlX7A=YZGrNS?3uh>`WT3>qFw(Jdr}fM%ciE<cyCD@8|@x5E-Ry*
zQsL>q$xRb9biCuU-)+6w<XKNA)1}88wm-TQzT(lHWARoQu6md4R*EfZFV@Y8bQtzi
zG<^5fsy-dV)iw9DS}=E{e%7l7PPR?;+L^r6D^R<i)vSS+lJ$(_=XWI1L8*J3H_Iko
zylpIf*l=QR?FFCa+%ULhoc=`au|TC04Erk@4xO{Ar~i6sd!J!1lqSYa9&@8#q-Eu_
zh5<E`Y}+NiE$U_GaXI>UQTXUK(-u7cn4~*q#=3EW*3}Q%`Y*az=&@~B0cTf4t0SP!
zF1>tL`lR3ERZ3(Fy#un1M+P1#Ho9y&s$=_4`ZnimCdOoGt8IHa^1J8Cmxp2+4;Z6=
zY29ok#&VBysa;Xooz8I{tpW?^w>yM_bosIitTRk@<JY847KbIeU+Q8T*>&!`UzZlR
zzIvp5{Z)fIBA2ux-ASXq-<2)(df}w|J>acP`M{4Y;)8D%20NXcx~$RqQ~Rxb<K%{w
z<c8_4Uw0|}x^+V~VS937>n5>=rWvv$W0NaBeI3@dX3Z2s4V6pcd#gt<x@oT~hIRTe
z<krrS4-*YrCjQL&TzYxplM6dnZuxRwZdag!Nh}kLS2VnE^EjR7YpWN1AL<&`^3JCQ
zn_KK(`PF0O$-(|F+s?VXVcxqJ4~99<kX~%Q<+_{W!e3iWt%{GXSvk&d>m0X1)opE_
z@rG#<2P@jm8<wWLb?Dy8=%MM8=MGqS@m9MnuNqZWTAr4TKAO1SHvUFSt&{gZY;8Y8
z+)SfHX-e;j=MzV(n`X6n_tn$&f#W2PWVvB(dkaxCd{BC1*ML2pMio0x+i_@P>O0H0
zpzlhl>&NHH9On(`Kj*;=i+i*79sQ7_)$`%OasCs!caMmeSGF(a$aQ@;gRL7*jiL`D
z3bC5g5!+Bj!{U>(sz!Zv5^UT2;_9n$kB3hjE!@&V34cC&)B(>MEfeg{M&y1!nfbw|
z>U_?U(MwnL8`5XQ+wb;ipKhqVYS&<uYOdU_e47x2DcTLKJuzQ9^7+QW{T4TxC&`t?
z*2F#CR+>5J+MDQoDqp9cG<#K)vTA0OdWCbf^>TlIl`)y?+D2b9EYu7w4-3j3JDPrN
zgdC<>O#gFI-KFH&E2&w{%#xU{KIUI?ZK?xi*))G!cz)a5MrQ*jU%t_;m4LmyRjSit
zTWCiU$4Zl@XRKCsz1hlK_GPj4^&1i6V{XzmiGM1zQA|)Y9MUapqSEo<@29s_6}g{i
z&~Ea{gJ)NK9Dd47NoS|ckS9*#cI7wu_3`_ev;jR|EDibi_`dUmPJ+1MyRRCl&q#Kd
zR><2;husK8yGqH<Eo)^uIbl~u>om>XvHn}D)}GlfRlA*x`8HI%{?NH8X&KBu@rkJ|
z-A{Si#I2ptJHTAe|Hkx;l~X@<)|}Vo`VQW(Jq$-G8t&U-*mc$EtfQ*EVA#F*npbB+
znH%4d+fH6u^!Vz;OOuu+_@44^t<*hZQ$QONS>DU%HfQ?RHZkht?mqKeyQi)0o71nl
z;GYVGI7-p5#<;_)-#^!go+rvnofhm=d+g1sU#|_8c^q!MOYhAaTi^JL*L7Qb`{Y*}
z-%)qd;T;C)?@RU>ZBt2eAMmKpC8zxva=Rk=&_(lhY5x%@NfI8Mll)AGZn`sJ%F)5u
zhm-Hz^AjD_^qKQ%Nk^vR$d=P9`*&0>yyq2|zq6=I<qV~Q6PXnkGpds+znAGgynQV}
zZa7{3F|Zg#ho5?RF(du^ZMvtVy0L5j0AW|zmmrVbpPv>K&N)7IjFIl*wH=jy4Sls?
zwf*EFOK%^sJz`gRWUo=W^@|S29?vcck!7))2jMAoogEHDaqJs95QPlJ$;HziLIRs_
zPbZ`y5X24;5?K!iI@^%2n}kWM&=EqC2ZSI;2r2A#67+{cXz2tYjrDVaaFv8o5@f7K
zUkI7QASCpKFoi84!D=`J9cKvB*cfLBPe`aHA%pGQ55f{p2pRn#%w(%ba2Wx?yg!62
zc1nK;pGkN~!YtO*1wz3{2#Z`G%wg}5;N=Cu*%iV(Hpdl$$|wjQNXTIw+#u{DVVxTU
zhJ8aqh&KdJ972VQ*nD>gtw%!;4}ie39s?kpCIK%7-Gxh8;XnvUV;}?#gs`05PJ;ee
z2rUOe$YuQoLAXjnDG4iCjlmEy$3aLK3?ZK_A;HQAg3b^KYuK0}5T1}wO~N|1vj>DF
zz7R4zAZ%c(NO19kU_KPWMs~_j2%kxKNJ1fNIt)UAKZHfYAZ%vuk>C{o!Ff1@t!&P4
z2r7XPK9I1Tb?}6+kA!ue5O%U}NC*jn;5h=qZZ>}egx2FBh(|)$%X*B2aGHeOB<yE}
zUJ#OkAq06rILK}%K|cgS%TW-DS-(*bu98qn!Vy-(8$xC%gamI0C2R=^R$&lyMngEx
z#*BvWgoJ7mO4-h1AS?-okTC|rDYl9PmkAKe$3iG$r;LU0nS_TVoMBDJK`4lTuxK2F
z3icieUXc)-eIT4?b9^AEL_zpKLKW-a3t=A#>wF<xWZ#ew5)HxA4?;DY?+2lE3<R-1
zge$CvKZMgH>?YwFD-3{;6bm6J0KyG+I|=%65LyO8xW)PfLbysoDG7I2jUWh_@emS%
zAlze1NU%zPpfesq4I48a!V?mzNqES14u-H~B7}@!2#?t+5?m4?n1?`k%1#M^@R@{%
zB-FB|p%4m^AS?=n@PfTZg4ZMn&S4N<u{mK7RFWZlAmI(`5DsA<3G2ckykp;x5RwAH
za{`19Z2klYty3Y0BOrWYJt82SCSf-TUsz!zgrqbGL6H!?vD-<|pA4a86oenFUlfF^
zB$Sfyi`9sRkST+Z5RG>OLJ@l`8t(?I(xK?YKxrUiV`HE^A*GrWv54&w3uVa^C>gO(
zltt_XQe37&F^_{H5wTO_pnN9fAt{YSY|nTo1=FA`iie^mV(*jUH64m`0+gmAc0mFZ
zl?*5!NYN0njuWBmBW2x0D9uIeTT()1K=Dk3(o)2(PK45WCKPcJ6ipF3GzrRSQg)Nl
zM#PFHK}pJl5;O@)I}y8s6#XnHEt8>i5V8KrP_B|vN{W_<ZI%KhGaHIdDwNKMMk*Am
zSx~A;(MB}VpgbWZBMpiUqCv`%*-*?UL(xMtCJRT1^hNA-!fuF#OgKW=oz0TrO`HLH
zkDv!@oenT$a|n#srv%2V!xVrCyOh9`eM8Wbb)5?6#pV;3v0n(xS&wM|3w9%cB`cf`
zuwq9MShL#+db5%YfDP+MV9VkjI})!UG-d##Y$$;pTS8#ZwwVcVU}Fdz*)jqrwsR(+
zFFT3AnXMw|$9BsSj+FJMk96{vQb%7q^T*o`rEZ&^JKa3`Q}=gUdi~12Ry9lKyJzZ@
z=j|G9(ofIIHO@})|LSp~(Cy%Wt~<O3JL*<9`aHn%PUymX`rX&M*V8VFb~QB`cX4#f
zn;F|+*fNQmQt=**1v7#S^E&)^C@Vc!<@Z{*q+x?E&Bn)UeqVL^R`+!ilMdBBTQSHh
zL37NOpcdmEO5+s_yDA#q_TGMFQ^y1YjV12EJH{>^8yvgoS*H>66U%aMO%wT~oUOGn
zdp>fn<nRQ8ZX*s~7{9+^<_x{NA)B0x!y8^dy{^Yb`YoY4kKGgv@6)(+v-sw@V?F(1
z*>|UI6@?j>UYeS3I?Xw6fnUnd{>`opGrjxZ*ViX0$p<oYI=<>Ve&*!tgnQlRJacTU
z>0$R)@kbW)Nw~U8X{c4(^-mWs+Sz%2>t2KRbd8fO*7T6})^y1}cw)x5&F$hEd`Yys
zSNSF2>C>`JwjY8H>|qxz+n81Bd8n0jKu^t>B>HvXI)?`+8gBluQqsOz#QN2$?V_Fy
zns!WC8l^R5XW>izoKx&l{Zp^KyY2J$={?^@v@iO_p3|=VHUvyvX4^7D*5}mn);(=Q
z%hD7K4^%W9^K5(m<Kdf6?wGm9CTQ}UggwX41`e8~<B)FDbW4|E)0-_A{$axkk87g-
zr!Nm3_C^?JBm7+OV2{hvW;KnTw)GLNg)Nwtp9Tjh+D&A}g-#qJ>$tLM#q9kf5~^<v
z&%N5`<D11lKU8&p5Ys!V$zjWLS;OC$7B!h$dwkxp8IO1GbiJ_R*gA(%gXX-hoRCMq
znO$diu%h8nJwl#!92Y%zq}F8BMu)76Yl6GGyu4%L(W9?g!2Yd|!X1|F{MECUgNkHA
zukih{=_Wz$as6V<x~*zgb#B#|e%He;DHtB2XgD|FP~NIxMbDgid~O<WW6`%CPV?HT
zKkqHPdZ%Ol*-fwKjXbbArD3PWjZghpIc8L^OLs>*rk*>nrSp-aFDpuPf7Z^G+vVP=
zc+}aIKbV)Vs?;)4?@;^Hq~Z1%%}jjX8DFXr9j!gR)_3WA`wj2Z7Pm;KX|7tbGCI#}
zMvtsLvaFmI$ss>KR~#6fsMdeU<iWgQ3dhho!w9*OrPM&@ROi+<ea**qG+Cz>zWT!r
z+mC0}uN-LoYlKz8JJU_db7jI=JB6k?HB+CKO*QjV^`AR8?&bKr#!+jsH(gXV<PFoa
z(lABCQ7!t9UaCAy*2_I~@PKza4t9O?#W*j2=cU|Uf$=$7!Yf|s{dL&cfrF2he7Lpi
z;?Wla_owVzyy|Mo^aq#i$4e^IdAsTKU_M;YaKdGA|J8>6s%;Brebx<B4-r}K-2e34
zmFl}Hy)E|nhel{@iDL`ebShc!ByIS^!jaydW@<AoSg+P&4)-0Lw(Pc4ZkT(g;;Cpi
zh27_8VC3-ObDU<+X-zMwyj8L*YS-yVQHm_Zv`^(~)9vo!@LkEegY<S6G<_DKa^TUN
z`EJ#rHrlIxX~+34a+piM?T>%*mn!rN@pYHdw~D=&0(#u`Roc@rE8Hu)YV!oA<j!g3
zaqF6$dRx2V@!Lg>N8Q#ccp+F&+GfMkbBu<~s&{&;jK>t+e!sW0=MH60?!laUsWMX0
zuvgsMNqQRQW$6~Nl?%3{%XF$*9d>$htEjs~yv8qVYR%`nH!V^+J&dp%RdT1F|KL=$
zoMQV~E?L&jJ!1RMYyPPPA7XmA^HQ{XZN~FxpM}P|<_m{*%MHIOJ9>VvQCZI>0ryhU
zLYp7Cp5IHXUvxU|ntN2|h3i9?zu797)qGa%X!W0dez#4vJ4}h<wqp5975RTh{W}tS
z#5uO#=5N1MwWL*a*!D#o78>uhJfZaLw#D<lCi!C$=U;D<Hg7_EpQC%VYaZq0Wv0Yd
z-;9_vS7x8}z5U$vk{;Hk{Mb>Py%jxv?R#rcO<9AZU(b#3(($Ru+hsp%)49ycQyaY<
zv#9i`^8L&MpGqvVO^mMg3K;+VWNLElx*EL>Ya4&i&9(7(yL$dmxm_3pj#jiQ(?2+%
zr_3(9XSVsmOI?+^XGRWtky$oQ@-C-u*piSBH;r;tH*^hbc8kqSiFE0|_glQzubnn`
z-W@y8;7|ka-fQ-|%MEkyRK_S8_WoJf(C~EAuT|E4Y+VGy-1jcJ-}2+L(y<3tog4UK
zz@Y$b^IIooKmQzc=ypmonMSQ2)5)<gby2zTh0;=sPK@3bZja|)s*F`MocUtRw}*pk
zTMCDUMs!%#c$ZEG>8SH<Dnpj9Hn7R;ssF}#c(c{3rs|H!)_5?_GS_n3L#HKM2Hx$o
zWb}9~&6?S}xHpd6JC$*~UGBl$Zsz9Est3B97&q9#TtC68YUhTtB~P@9ua8@q-0FPu
z&eEOlQx3J;y2~Yg+egFI+ry4upZMnbChIb{bX8@a;S*B0PlIspRD2X2UU$y-<gf;(
ztoL6@p4VpE@+ME4Of1>lUGq)TF=gG7j!8;w=E`2i+wANpT-pA<+XbEDnO*%nz7|cq
zqTSeYb{EI*4EL!Gfl4}NnXjVZ97`YP6RXwUw-5hbY@ek!ZQ!y)E9Xeo8W){fv-oJD
zbGt9w28Z{XImLGRvhfSHw|9Kkzg4W!yNI2`KE8-}J@Qp2`XeOxr(#dPCFrMUc)mqx
zU+;MTg_WM(&pd8B56oJ;W^P=Yb+@ZzN|&O}=nvU-<ZOI#*gfmOS)DCKD>pw}y1+EG
zMst_mi&^huEPt5Py$_>h=dWnjBYXA6ryHlUYTG<|<ed97r%B02E0Z~47i8f*yi1H0
z4j<9adz)a-fSS_o8}iE>eOhjoiEdR4-a3d?^KTnmlQNGxP;f6*0u&AZT6}7L>4rj&
zPTh+=zsz`dyTWf&a@Uu>r9)0wMMuO7KkPkPY|%&8|B*we@201_Y&t~+rFWfG6>WXE
zVAd7c$BnYX@=$Oe5eif^d_L_oyMI!A!KL(|MuS#Ouy0`!>u~Qu!_x;_kKH!gsfn)r
z+2)0TFE@S6Z0}{XKWE_gtIBV4E$>=9T@-ymd*7^OwF-8F6zyt7U3mWGP<Z96%TGez
z*UD;+ZS#BZ?M<bu`|#%j50>U7UbflvGuh-@*k`}lZ<>V`7U=jc{o!36{`R>In-^K$
zt%7?;$~in<(Qt@T*wn2CtA+$z%u_8^{URGJK4|~-LDc%Jg^v4HWK~8a1~*PAZdLej
zN$~Y+>Xtn<quW-DI3xS@_RP2$OMbRixf=;%a9Vy+305?m>U#8m)U%DnhSXe}v>%<U
znq*4P)DDlWj#~XT(aYk;<K&ka=1F7DTsShqcu(B+qd&jjUVW>2%Mw5Hp_8?qOIFtX
zp%$7GA&Pddp2=${+dtU8hjqeG*LBLn{gpRqn^aCytK8E`d5DpQvYqpoug{qt3vUfI
zpV{PCWs7X(i@67tvR+jUQ!VUg8kW^j9%9bnP({N=I=9BC^|+ax)6e?A=5cJOZ*$jU
z>En7@^`H8r$>?*hp3g5B8MJkX_o>ZA{biDt#mx*#QloZHQEorC!}45h;UpspL)}k*
z!W0ePTN~9P<Iz#&2FgwC_us9&mUVKu)cx6v+mBr54K5w~?br72OiO+J4l(VOpERhA
zWJYfL{?lMfqGMBK<*%B>36b-8yJSC{vn$_!1WI<!EzSJ9Bqv=vlKAD^<_30g5m%?!
z-CpW^?$Lrzh4*K?e&6Bt%%59Yjdj@ANc~sylLoGd6=ltDtm}Pv@W~<B)3@02hUG7H
z6&+Sy-O;U~@2&wS8_ij>ZQc_9SEFvm=A2yFW^iKn8DIR>lZ|DCB^P|gYrY*85^eqM
zqaa%+Zb68f;rmiA#^`8wlOpbCno9Eb<`Ig9Jz5*~AL*Lsx7Fv|zV&Gi*D_jLT0I))
zo@JFi<7(pY+JKhsQ<T>YEUsCzG{2Xgv%`ah;jZzE6K^TMn`oLYNebrAm@1v9|1|OH
zE+yv!cLrz;^)7#(6T19k`5n#sKklT=R=ZKGH2YSA13j+aYCcXqXYQ_^lA6u6;+U;R
z9QCE`zph*|UH{Xi=s>^H+w>wA|KtaiC`G%UKd-xV<I~XKqWcj?12?5#+jwXCl0{1@
zWlQFN>U?zQKy_x4QyXUI=$&VbnjiM9l{6oARW;gm)BP6<Iu(6dcq#**uOY+SK_yzz
zaPCz58}FND`&Rbu5Z)~~*X;4$HlJ+!tiSX;{!>=MX7hek74gMiKMO0pu5UW>Ys}?a
z??R`ZNWIU573{fh`{9)AK6kX@e)<!mXt>$*nzGrm_7A%g|MqzsPtQgtcWoHr-0EAX
zy@||sd*{&9mA@9>tjN!^95*CKYwkTG_oS5*2W>JeetG}0^`}Qg#)=1(SVg-U*_y#K
zQ%_cg48MJ>xlFv|>a?U8bHARn(A=nV*8G&%y~DbxYi9f!UeYI`r(K89I!pW9FWkF3
zO{?tKxJivvSHHHUKS+gtD)f#17E;}%bbHXXeCGpB>$_)MbqU*gIe7c)hD%EudKO>I
z@xFhqyVr`<W>1<|U)<D0$KHO7P-~yidD(}TGEwcqAvtHqt!dS<JVkC87J>1KhBq}m
zGjG(En|ebQnkr?5J!~{{S)W|Db2l66RVM4b`r7W*=aj~-)An_rcWRMe`1Lg-u58I)
zJv!{UIA^F&@}5PdyB^E!atD<JMY~^^>9S{wx|-bgS>9$!pzA=Jjvvi7xrDzdwJO<p
z@YJ&k(WC{+Uqej`qZemvySm6^GX8>omknJGzZ|G{&AH;m*4EwRhPi{vL`B25M+Z3V
z|FA~n+w$Pl+F@(HJ-oNqddIT#)zhnd2cK&p@((`2KDvKWl-1>;Z0z#B7oA7=GiUwI
zFLm@yF5Q(oqJzYX_n5X!`twqCm(rkiZEM16?R*w?8o&7b+?Qol7nGhfADSvWdVT*#
z7hi3Op+Qk{WzyEPgWEr9dsN*!rqyfK?46C$oEkOi?vS(SY<u2e+9#6acDemWpfr6`
z%lSp6S-qQ2mF>HnpTFI4WUHatC+5|-&Ri->S(WU2b^J(|F|+-SG)PX~(QnaY!$%#>
zUv`enc$C6EYPoXIz?;0`bQqqb=<wj-J^OSzcDnSsO>$gAhqNbyO?$fJ`0Z8-6x_OT
zX@~82+492XEi<oonN>5!VDI9tLj7TDN1b-vzi4>o9P1Sm)6?oawufQ*16y^MQu~6k
zlD3!MKHMykRNB~u#SDDpv1FJ>qx+B7+BSZFria$FaMdmjSD*WDUGurm^Y`;wwyLcC
z?Bh6BT&{1_W9NAn?&oU)6&Zy%MbWTwv2V3%j7$(^vG=V`wNr}bhQ_lJR6A8v_tZ4p
zH|V%yzMiSg>($~mljrJPG}vXR-+N6f*$dOvdEGSzONti0R+UGBJE){8+SOZfe%bk7
z-CN8#a{pYl;V>W1RvSjI=p|c|JnsJ2&X#Uou8s%KYT6aAdw<;Qtl7JYCu>J`&uG5R
z)>oYNvnqC;yFYgu<$n5;rf4`aOcbD#t6uzCP1G{t?9Tpr*+voz@9J3tCwvG@Z=?C9
z;e?CZT$<z^kGr!gcW}Y!xmMx3Y&s7(8<}W4;8~ZZ%xyEd$J~KpGCKt?#qi^qYXs@6
zX*OUAn?*2{y+<&OwVnl-&gKwguulnQunw~UGufpCne3a{!ohg7<BVo0dTV&L(j&6N
zga^I0rR6v+D@e-Q)b&$%^!ek_$DV8q>}s;JM`1<Tqam6%ch^jG&Ru^>d}d3T%fo4T
z9V^a!YpU5zcY%Vl*@|{!ntjq;xOd^2hTGOJ&b_f}lxicHRrjW!^;f)|)zR~0?S+ED
z73p8pg37<NN;8}nU8?!bS!LP1PTL$kA6(dyq4KplPr>jkMZ>c`k3KP_&%1#~7u$U;
zzwm8HylKCWf!Y`Mxf^HQj9GDaoc@|0dG;z7T`t5&e2?A!;)a&%OV3&n^WwCu@1EJa
zB2FnD1ZOK67Hd1@9$G4i-=5xdw`@_1tD)OwOf?G~6x*vsKbxbuE&8{<+Cu!P&5`Hj
z*}2(`FULADW#`PQr!m!eZo%_fwZMncXrtsJOn*AA?ou+?5xK><(;l&`I@<Euo+`Hy
zA-;?AZm(Vc!64gri{qQ**3TB~Ynt)qfYqx;?e}YiZEUx`mq*^7T~|t9i;83IJ!jC*
zEb9!<RWz(}C24NA;=aQkSZ}{D$K&CMLm{5xcP|UKnR&;(Xl1_IY2ebAeZH2)X4zcq
zH{-tHI9bx`R9Qx`L%S!_Uuq?NO4zBXV0fOQ;XY~62kmu*7oS-bkN0l7e&OTP`S;s6
z36~z<bnoS(w;$f$eB|YA?dR?j+q=J4xaKv>ihfpAFIP`Jc5=RX`6vG}3kAFL|FDa{
zBmDH^f*Jjt4>TB}a>yvQ*Uf<W8u<}J7w!LlwS5O%6v-3r?f~Y15+p1FDj1L)%!;U(
zF)Jn{Er^l?RE&#f!f=X-76W3=iV<_x^UOKxna_Nt^VBoEucl{q7g#+1@AuyR{G92o
z>gww1>gt}J!1Jhj6Ig)DhLyQ1z9fvV^4sLlIcHXG=$Jd-w&l6~xi4q+85<k-X8*R3
zC3=Eq=maZ_jn7`3F#Pr7dfPLW9C>^{GGxuTqZU@*Zj`pWvg=W*NjvkSVGC9*x81zd
z<mKKfuIJ<1KFU2|a-hk2yL<CW)&1*&^3lneRhux6X-Z?3_N%gE**_s0uY0D^M~BL?
z^V9K|8i=h-%Hzq6Qk1SFGUv^mru0!_r~CAD<rI_O@Rgr(A`#z)HfE_AxXIQ#?|g=G
zzY)gajM++7(!x>vU|^bkp649pKtWk8Zy{6m5R{$r;x;Hp7>nilEL4^duC~dG-=N%A
zjB-pC4uCf7cAj!eUe0P|T_t6fO-xd!q{OI`$|PaE%@#9do|v7IoGSX=sT3*$P3ary
z#--HB;e%shBNb~0=VdeHXHf(@w?bLM#4HU>%tQGeVrE|5RmxUMljoDsmb^h5l=F?K
ze8~aH3Gw)I4vGPJuIrUelw9EsB}7`1IyoVBh+5H`z1gm0<tKp+-$zRekBN7S7?8{s
z&sM4p=<ryqu7F|}c-!cUC}jTem#A%WBP_2XN!byxF>V9!*%fktub0`4Jmq!<!)(pV
z*r7~~AseL`{pkM_LMc-zqQp*P6{`sTns49v4-yqEAQyfnet$<lP1Tj64EzH1c<5tr
z^rIUWRF39yTgt$XZaPpNeV)gOGVr7O1(ZkMeyTwkwCPBD{gg=``;lKtrhR&PnHEl`
zc#U)V(T+9c(HH*SNqMw)OJzy94^kd&yHXx0*9@Q^?U+&?Y^Z2X8Tip=Cw)m&{NCC{
zBuF^zRMK~u=yRX}IHzB%$jCosRZ7aE3lI`WQ#L(hK|lGTmA>_3j67;3t^3I;^bt)T
z=}SelP^BXDPF!31G#>qEkx7~6z%VI~7KoH*0UU=EYB{a#D33mawT>j?N6RwGBgHpJ
zd9<XWJo<(ueZHE0v>Kv3Ye3%M)X++XGHrl$fV>EyJnGBZbb=o(An24nC~G0*(cDj`
zb^v|5i&{Avd8Axrz)x!NY>Cevd9|g+&Ea_(g#$9TLTl1KQ(|<)Ien^{ehhiks4Bo-
z%D`{F#8(yP`vBr!fIR$DR0H-)dD#*lIp9Hnev2eNXPh5W^yh`?1E*BDI<P>A|L|KX
z6(&zT2UG#%TPQVgeg+`H%O$>AI6nfA;1yEdTxr(w$znlnLKW80N!X#GFAur{9)Ks{
z1$YB70Db;yI6$ApqHlJ^00V%5Kr9dkxC0)5C*TFpmp#7#Ux9DHcYwTE2?&4@U<{Z5
z#pr94#c@&sC<&ATN&{tpvOqbYJYWh`04f4zfH`0RSOS#*E5I7C0c-&kU<XtN>;VUW
zhBFP{H^5tfhV6SHLZSE@Cp2FF0X_opP&g522s8p315JSdpc&8{XaNKQErHfRTc91#
z9tZ+D03Cr&Krri6U8v;R52v9(7!VGiW<?}$2~}PO=&QB#1>0S~ZWiV&n28^@%|&t(
zumzwFr_NjntO8~NvjB2wa$)jV@<#H$4gdv>+JFb(4fp^QG*-i@C{WPDvFX4hU@|Zg
zpe<0kUE;4q1DoO`0B8mT0xf}7Kx?24KwI6k$=e>F_s1#%0$>Cb1BwGTShpHNGtCP$
z^(F8MpqENs18;!3Ks}&7;0MsB)<y!OfYAVbt}hK310({2fFyuETGtuq0(1qs0o{Qf
zKrqk~=mqo!`k27a`r;%6=m&%XVL&(#0Yn07APR^EC_2(7SK9+Y0DT3u7eHSVhy>_s
zv#o$|fWB-R0?@Y@Mxy~OaC8Q`0^NXM;24GW%^=cSUt0nCKC3^_6qt(iuRtxFI|1~n
z@}IyH;3@DNcnQ1$UITA{x4=8#1Mm+p2<4K26o4Z32!NvbFThyfj0Q~SfeXMz;1X~d
zxCYz=ZUJin3ghbm3f+r=rND9^3PSn=1A#bzmN&zIY+w<v7+3-<1(pFbf!V+ufB~8b
z_-_*M3nhRQpexWB=mHD?Ucxu80QBMJBfwGM6mS|i1DphQ!llOJNE0DVd^D*g0yKx*
z1??ViA9x6?fy}kQdWwS^aIz7Y0|H$m%msc0(g1o}pc_z&DQgI3Chj=(U=?Zz_9pbe
zyE)#35xg~Ycapw=^%bB`>(fU7>C1vNv8Z8^en54g2CyA;dSNaA=goi_IG+x<;G8BM
zSAf3d$$+^)7BCN(57dS{H^3aQ04f1i<iXZBu>ouW6<`Nc1|FgiefF|6PzEptOn_p*
zcvLh2m<Xf;_rUuBNBU4`HgFM2T?Uo|D}k}VJYXa+5I6?2{stTu&}rvzLVE%<{U!tS
z4RV?p_W(P9O~8EQ)dlJS4FK97Jc<18KpiL)iprY<8A#JNlj$?MnZR6tKEay-&=+yH
z09%3WKpwDz+<7ms4>$lE2Yv@m04IUdz**oNa2~h{TnBCdH-THgZQu^@2ap4N0jfZ$
zmas$`8We=%DkwG%IDz!<z$Y}|GoYdQ{vbe8GTqOiE92^b0-&!Ky8|A8C*TeE0Dl5%
z2#o^#fTu`52g>7oJc?cbeg|qmMjhnSw|rj$uK+XfSOAuQtugxF4kwiXd%yvpuUPg(
z;fv6c-k)d!&|2>qXzzi)i3fs)0%HJLw$TS?Gf^fTxQcSufa|~w;3jYjxDDI^{s8U*
z_kjD<{||8T5O@SU2I%_i3Gftn20RB|0Iz@tP^2P`w2Y&@pVB}Xpe#Vkvks&blsO5|
z$7gBPbqTzcQD!HO^}$yapwF$=2O7{s&=6<@GzOXg{y<Y80B8m@2U-AuKue$%&>Cn1
zv<2D$?SUYmF5m_ws4`l%?FSA3hk$dyZ@_WjEN}{NK7;>`07rpE(2NKKVhYWI+W5t8
zq@|U!hPHMl0uzAIKudsLXGj97fv*fu0qBl2bP$6Nbsx>VjQ|=sWC0hT7C<|y<ZI4A
zd7uhV68INoDHi<${0+PV-qQM+rdFC_{{m>ry#?F^w&(rrCJZ#vY{fZEM$|nNA}Lg^
z2I%^0GmbQrbAgQj!lxKLX=G4PBWvUVG^|emhk--DLEr#DmL!YPfT7SpAz~LmmZmTP
zhj$bIxC>d5ESe)hHaVql0M~(Qz*XkyEmZAG9dH_;0dowHi<{tl67T|e4m<;%0Dl6H
zfk(g;;34n;xDVU|?gD=RcYxchleb`xM?VL73uYx>B8Q}|qFgf#zbO6x^FMXed#O5V
z#0Tm8BaY-5pJ=+I6FH*<y1g&b@F+2;e#7yL9-VrcrYM=8)?qR)$)RS@x{PEHjlvhv
ziKfIkMG#uQ(K^lqa8$bR#U1$_ZB<zUbkRjqBSm+b7ir-~qq`K|niR~GrP&}~!K?x;
z35iNvH2%wq)UtF+T9Ady^8%(~0lZ&J#Z9P;Ih|HDp`zlcnUf7p9RS+;wgs#KD?rwP
z#B$cM<~WsWun|RD+aXJK6nmUkmcXm5sb7NBrUp6zj)2@y3P-$wj+9MoqzAE)4%GnC
zob=#qWyxg3BC1FYvXz?XNC982hvdsbWC6S(GPi6<(u&M1cY~}Mug+SZjWnzcP}Q8=
zg2=Lxa{EXcP1Q7IQ;~v_sm;_1YE&J-RqP=<+FJAka?phyIJyC{!QJuJt6;{a))C5B
z`y$^<kLHbY+E@1!c}j|QL9(=H8()3>3o1rlCpVWAqB%uRA^oB<8?iJ5tVHP+`YaS%
zsdDaqnyxtQ0t5jxe&~9p9ncn_YaI&B{s3M31OQEemOu-j8PFUE1lj<dfsQ~2>DWm+
zu7up4IPXC;oCo7L2uP%Tp9Gx5193nsFc263!~p$)Xdntu1Cc-k5DtU^p+G+%1n3L&
z0eS<yfQA^^`*HNb(Gze7oB%h#5~v33qlaB-^e2On7B_2w-M}bd9*_m>0=58K0S43q
z{~R1Q1Dk;1KrXNv7zElX9K&#|3#`QXGGHmN1Xu(t2BrfoLH|XAlcB&EAPt~&Dlh~X
z45R==Ck06<s%#iA0*HlxkvNV9#sajY9}kQJCIC}`$-pFl%B2Gn0m`2uK{E{})N=h6
zQ!A;3RA>f}0n7qs0<(ckU@qVQ1?J;O3etHFj?}_zU?E@vtN@lvSdZgIU<0rYfVDM>
zH8>#xWzdmKy&c#F<N-T?od5|Lf=c$_xEH93{v)LwaBPnJ9yqthIdu=Mr1m3C<B}|A
zhqMZ?1#AE-zyhd5OFMD~bHEb?Jpd9wEjL5n6&x=Emw=<d0e}P^0S*I)fP>Qc861xT
z$AI5}Q@{z}ci^N1%0CTUl+x#@zs~~1OhhkKehx=sqQb;@0U!Y~ooMF)QkdwnP?@f;
zh<tt(e6%L50Nlbk<(uMMQy%}71LO)w`?5%v0Y2cIlqrpK+B}h!`iwkTffC3s4%|du
zF&s^R`#3ko@d1t>fj58=(qst%N1AlM<NO}=|2LeFX}<zrfPaBcz!TsOa1D?(zJYU6
z;yOSIP^Gs4YR#Vj<^2IX1|9(q0aD^FKs-c8rQ$hR>pqQtBFI9?q?D!#3LdEf%9E9#
zmQm$TrF`mp>MAld375O^8P2I3S(D`c4ZH{50dJ}Q$y{Wj*8pk%9H3VJ1-t@Y0xtj(
zLPF`Nub_NR3Q*<$0EVna-9}22!lWq4(a5cliIhp&6C<6=9xb0!1>_@?CS}N^q_|9{
zvP$%??9ikPIkHSAe)0oKqYjN$5EUfzmqcMA$|fYoAtk7b^z*6j$&A#uqzG9-?mj9@
z&M5O2Jg1RBwBywO)FQbu@?`Q{BGNf$;yl!93K|q{=}57{71)BbKA$ycvLbSqP@X;y
z)kpHIX)i~gK$+AU^4cX3UIlbVAPebDKrNgv#?ci=@}1f^RtH>wWTa_^qo`OzFW*_B
zjbciF!K^)rkjXWrbD9I?JSt8+RE1oWXhV=s)yR2Nod*l^7b<BQAe-VV#nt*iJ)ka7
z2N(^}WDY-^(=P0A6r<2e<Io#N5~FVcU*wT2iqjM<DEv}75Fq(2fJ#6!faV0q)`-GM
zFm3yia4O`FV-tX4cViqI0aTgXC;FAj{XwQDM<XvS0e*^9<jv%i)Zgxa8{iFkZycK<
z{|q^ip<zNoDU`}F-B1XnN}2=T!Amko0jiwFC{<igNrR3=jzEMcKn+9!t$-fLZ;fMn
zpbgLtXbVID;XoJ=3iJa)fWAN<pf}J9=m`V^w87XN=mvBJx&WPlPC!RMLp$z40J%<2
zU=+?r0waLoz%U>c7zzvl1_LQTGLQre0%#|bb~NLGIDkgRKwtn61M~-?fib`%m_7|h
z4d9ISDtwVan+rr3kIZqvFThyNAQqa4^K@V`P!W7<0lMCwfpi8i4fqw93QPf}134S<
zAAYYI8?lxFLNn_WBub+4-DT(3>~Z{lGwMI_$0h{`zIdy7e}G`^OINd{!BzEqZrtSV
z(cxMyg*rJlCLTg|c1;_x(R9_v63P%-C*n7oy$cY$l`B~FW`eh^d>6e;YxB9&o*C`a
zN!Y}CHxsOFX=lL<Rm{4SexZAK$DM*Q#M{l=%?B>Srh~!nIv6T|;h$5g#?9(~T?qzH
zH%~WMiZ%&UpmcnYx5H!iE<2IpL6l-jcBh$OWm_42XbBF}Pa8*;ecZaLR2GixgSWH=
zYkWn=1qa)K;IjbVs@lIy?(*K&8GK%D9&X@EWBtJ3J0A?zNEJ&7p3%Pc<-3v~45h80
zn1eE6)XlTe=D)4cQI50qC>ld^KJG=PwJaW2E4;q_d5HlHqySwOlv;m$Or1PAYL}pV
z2VQC`t!~IDe|?IMJF~n;B^{+2DAXet?Ate9-f5yrM{#HFEzp$aV4$WrO<q}ULzjoA
zQC(d(FS1Hc7STfR_Ki$PQO9EeI$~3wnVJ!oUy(k3Za!{xMDHcp)14QOoRr-O`h<A6
zdDnIGR*Yl}Me*>{NgO&PM#J#<J!*D;U$==BD~eTkdb@cllGI@la0*4npV#hKXB?R=
zC}%+(TgcpiBl+71s|KHACU%X|QSz8~pwJ#)b{i9j4!OkU<6!$I*vo)Dr-9cOrwOMU
zpbF{`*!vwj8wkJpCdr$ba%{=rPf<@qT}f5NCT7<Xx_)4tS_&@JOpLh)(B`@+1fGkU
z7H?uxe5%OrNj+?1!g5*)R<17Kpem0n`rTKxp?C!y#|pHF?9%4r@3AI-E$wQG*K;4W
z6t3ch@x85}?4Dx0ZK<l5bNA9i-l8OoLAo4eZ@_?8txLDY;X1QzkHZ7j1S!9lC`D4U
zC+u#v>T9_bDCNg}?xRGRoHSr>-!@N=iSoq88x?2MTEnj^6vtv0WjzwkX3eNH$`>4-
zzNpeeVb2ayRj%wN4z`WJM}E}d)8TD<jKk-F&xhC1k(F-)EA3^?=&*+kZ6j>MV{oo`
zE!TD`I;s>(#k3u0;XZRx8cBz6Oi-CD3=GO;Yy|Ob1s~aT^z<#K?916y5&1meNQxtD
zBN%)yNesmsmHlJ#vW6ZK1C0I<6dE<h%Dj8<*>?XZP`sfSs`$vhQc(*i0G_n*eU68Y
zX;<o*xw3I1beEg2M`ejJyI-Xy;kU}R&`~zAw(ZcEP^M`I?Tleu8nVOQY`b=|$)3@I
z63*;K7excvj2?n{F(eUO+39xhKHfF94a@Tp>2i5#()od#`-lpAky;&DhxU+-?}Hr@
zi^3B-v4!nXbRkRFi|W>5+>+78=Bm%us@H+y82W>Zv5naWq3B<%?_9x}#RdsJ%GYdh
z5bT)5b_WUVeZOM7Qd_%)zWDw*BkTi;dO=mxnu6d(LL0q1u<3-UZ+}qg@SfPk8g)Re
zWe{1YXf5|vUq1FWC)cZkTA>|2m<R^Evfn5VhnK8J9&|X%rXa=Mb`X4QGp)F9oG#P;
zQm<`))fALyC<RXxZQ2oKUa{VEsLuv>6y`%hg-%E%Fc%yIIAUNY!OQoP4G&n6Q@3}I
zxs^@9L>i|C8zq|ZD_bv#AYWEiVfRRIJ@#)WXc)lUJHx15*r?8^#>OtQ3s{`kCZzC+
z^~uhHOQ{ide4vU%FWcjlxd{%~I2GI7FO)(vjXpTpd8XV38{Gf{4Ycv5ePUzBDHnhN
z&P@LNh>ht2xqq|yIM}YV=X@PU$L_hcY0EmDEjP2XU7%DwX4e($(^#FZLW`;w9BGqY
zk@f;d>VnrtMkOw|dg>yH$JBv7Si%;8-}j#?e6aTDbg6ycx4+*L>lgcIY*p@V*=uG#
zx3su09+bL#cxJGdR8)nv0L7%QvC7=UD$Q?zfrdHS)&vw9dmlfK=zl19_Hsd4135I$
zbYKU&qc!nJQizD`dH7Iv`5Y5L*%LW5GmK;j-4K7Wkfhniv(%gCwF1qJ1?70;(4f4F
zBN;5n{m>HY6Nk-FD@6@Bm8u%s*A4Nf131Vp?W)|XdZ1(#a(0Sc;HZvoXuw7tSZPvX
zy%U%8BC=Pv+YJviml_DZ9jpl$@GX$I-r#%f%;lXAUURPX`$dlg<!FjHm?Q79UrCTb
zLx}N$H&<Dm-6VNZYCS9815K<^gWI6zF~82w+I)I}>Uqy7hS%h_xcBY!h8jL)=Ym4f
z1w+obGz;kgpA!RvwNi`~);v{-9YWmj^>M*w4H{o?N;6f;l>Oi!m+1Up#lYF&8@mgL
zn5BcE-Yn)6EZ~EGER0g!*$5nLqib`sze-QPRifpfUyLbGdDBQ7!8U@yce=#TcBryV
zr+2qZbqq^Ep)Ni2vG&J}$6qedQFgGeB>OZNXaO|hMfmG7V^`}jJYb$Zp~ENE76)5X
zTmT{-q^WE_O?l*9{)$de4W=Q!0A^1e6#_n5a$VlsKV#qgr;Ux36y(rPis9@u@iBJ3
z7Y^H)k`5QyLL5|YQHm_)Xk0$$kFJ~U>q=F0V;y@5R)Tc2Et->yk_AiE@JfH66<1q1
zo7L-$;39e35tz0N)Y)aSc$x9<D>sRqUyr;OaT%=?O#RrN-td8Ne11i6(Y*EJjZTbC
z3`<VNHLd#;5A!D8-vl&16-~#QKiV}hAt6>_TRVMx3IAzW_aFu#5Q~(QVTtNw=Y_ee
zS3avX02B(dpfteLK%;EB?_ZX0li$*c#FLi^1cgTCn(bdYY;5eJ`D!diEb`7SAkh$w
zn78hUe?lY$J1<@+8Wi%mv6pu}v+P&x1Wk*4N`-P*s@GK%YuO|&>P+Z*Qd=B4ic~Dw
zDMlPgzjUV8`*YS9c2e}7AW>SMQ<c>88F2-(Cq|?=!e@g-+C2(-wfaK#J%vPp4=e@+
zvtU|Mz{xa4a>xj=MPgf1vE+<|oqVoMzw_Z@pc5!kL@BtIG=<uTf#6L}jEzY_q&w2m
z&rSGy%1VmIKHPL)>SNm<6*UiiS$+EFUtl`Pa*EOoI3?xS_A${_o?z+Z=_dB9qDKSP
zxQ}4vHwYZGAPs&u^8JbvIm^ixImc9q^1;8{+U|XmTy>O{4cJtaRUHNgCZ9Bq&B;^G
z|M_5(j^l0vc7UXR1qY^^w5<9Sk5%e3Wu%V7wjrl%di!o$zmS#@I!e8UtXyA|4F(6M
zptKrK%*sD$Vf9wWF%%RBP`o#djeHWDa8gHM4Ot(QRpm(>bL@Qveyh{BgpT8CLzV#!
zp-t1wP(<#~ro8timfJh--~Ds$2+Horp;$hf-R=wDk88?;z{pHPgdkyX01FKfyi`}3
z@wskP@^5v&_5b#o#Eb5&c-@R`2!ZmYn{%^XOZc*_&c>8xIu2)0RFMDlp!vX_UEb~1
zQ39H?FDR?(2M#i83y()b>$hBdQO7Z|IrHcT>GQxrW{sFM>OiyMo&VKw>;Q#~=5_r-
zsNI~!6LgfT&Dm%w`vDweyg@JB7YzSUOYAhRyJZVbncTx{|GDSKe$|!rYr#&Ttg1UW
zFh{4kML&74%;9EJ9moG>&RVLCZLl!~NrfkkjcwTMP@%qH(UzTq;r%MN<^3V7czq(O
z{|*;HNmD*TkfH`C6t@D`d|$2F6i}X4wBluk!lx~(941(qx0g7)XGRP^xG)FHYX7#Z
zO_<;y^lZyw!J&!+2Tcgs!S$~Qha)PZMZOr<SP749%W}ZsHxC?E;K+Er>Qvy6Q&n{w
zn<dKifB!jF>g9v+I?9Q*>=j9W01jFcwVI%4Q+s9bEFH(!wya7xJgHJUzHZsKe9O^R
z>$kQtr_km@OPcEKSYo(f<yj9LG(df}FVDPdZ<=JTtcAAIudwa9g4daq561U~y0&BI
z!qLzY9ogG(p_X9QkyVZm9I&!)5`ihm;L2XS!mr$kr9=p|yw-KXwjk;)7?CKDBCz2%
zFkYQXN4v6p6pw0V1+ugl!A2uqe~1hNhb60HhhcoRb9gxT&@D5a=5fQ42gM?m`ShE9
z^yBk~7E}gF{E#m`fj{)#m$tjc8lkng&XFlGDQa)U;%Nt)rMPBJCkiGm{1OwAQ=;*%
zKozeyYp-dVR%u5h^dNpI0L=pOwvJ8(%g&rK;zji7^oq}`=qUD}ltvl1@-HV|dH9ft
zDv043-5@%gjfGQ%F;%;q5-DO+YoQEH0)t~T8!onN5%^Xot`0~vsZ{A$>HXJzLI@Rt
zpJMK4AyM8A2%70I@xcLInJyCL&EK`xOfX*jiOOI;!!HaJ3iW$WZ3`@s71&!>CJ_`<
zY@MYI=~~;w>CE_Pyds)Bs>3ZRqEPSL62a=2ak1RVX#Pw?Au}AD&5W;QuZ_;tDK`rg
znps=4Xf<`Dxp99^p=JC^P-u~r*00a>;!Dpt5rucr9#AwyGHu_Fz3H6YK&Rb#snC*-
z@gBy<ZQ^v4$DmlDj7fBxfq#^Cxkuu7=Y5kXt;;KBc68n}NT-}-7k(`}dH+t+o3|c}
zCkiH9{M>ydQqAUv{VN<@C7RAlBt^vXH(0vd>HVPh?X=S3T0y*w59-PeMPM)%9#CkR
zpBsAkZC7R*iBVLn8*3PeQM8H8h{T2CkVwIXpL@$$cOo%QBz0$QYK;H1?)(}gtKZw=
zEnYWoCnzzs;#vzgoV&AdwcsU}+MpI}gooYP30<Bry$3rJg-XoSn1&>YGXLl(p<=1|
zJ-9DC?!o3o30_hGE1R##ry1<wi(NJc9KK?Q?G19uAcuKG$qHKwZGxF!G+Lbz%zgLF
z#wrc6x^6lst}DbDVPP;E2M%FzFXonnIde-dc6Sigfm>OHfzat#FIIU3vTyZb4*k*E
zx4n34v&+SvPj9n(CM`BZ`zlKIW}&IzbnMMcAwa0#n|TaFiSE7mY_-09%B0u6zuo2~
zXtguAH`@c5LS}EK8Y5U`rU-%6_JG?Btti}0GNo%Db|x8<bz+QATiAn2;{>l#GEvfA
zu3W2(R7mjZ%K`=nA^&4FC1vrVQTqKvX{qt-T#8`B(&B`Qg*4@6`Wa0mSwcoXc3_AQ
zqLP&{WFpZTMbu>_O9=jv1aAH}p*)~1&9+Znv@j=C*J<BDq2XVql)AC1zx_Wtig_4|
zjYoIB?Zw)mgM?aPEC*>-Ko}qVUv|t`eZ^_ud|inGt|G|2B(?M>?94g6L=$VB;7urd
zn;<kVWQN1xEG1F!@+)jO9s=Av%17|k{OS&N=NHVpup7e!%Me<cJ4CQsiD;C3{Q2%P
zsG{VjKNwD<BiVxCs8Al41&0@lWFu+3{%?avmL`uAxv%8f<Q^%hW<gZD?0a(0=+##B
zzr9F`A#x?MaJ|71_}|{F?be?+c}x_0Js8^mx0Pk97HogPcK^Ib{=AlQA4qlmz!&5|
zSs)k-vi7oJ^?K(g#?H^zFMG}EXf_%lT^m*Z@9HbyTR&*G+$(bXjry~5<dydQSy~#7
zvR?mX7ip}>bDHGLs`~x;BJiZm>uL!WOuoy8nY%@Q)^W^FO%p5nv&4~5Wp95rc_gOM
z3;o$XO5g9#u8kCGnY=_DcH(Nilz58B*(!!Pj}n@jbdQlqC1es^fm*QrqlHR(1q)FB
z8YP&hIt}0}+sawD?xyaxcq#@eajT-&0A@PcaK#G;u#nLR$e*ObPgYGXf8|QCL_zr!
zIapVw@m9G0ga%q4C@@l3s7Cl-2KCQ7;eR=Sv_dI3DCAC;eD(iHr~katMT}6PT^x)5
z1#S`$#?pWJnK@k>1q;+|Tl9jgGMh3MD>x}Qa6A0W+NEba3m6AiR>!j;<AhqJlH<9r
zjf`h&D1Ul9yMrVCzEp+rg14${0{0!;Dn^Ss<@jJ98*?Tuu>BNv2`qFx8tI(ChL1<V
z%?WG+r4J^s<CGqs$iC3=aT4>Gfa8ZG7D>lnlG$7w@#X2069j87`R#Mls*RcrE&eVK
zn{T*?#Xg^+_+Y-|wJ6uRS497-^`%v<FYAN5D;iv2bO8hTb!G3suqVUk$am{7pT7j9
zA}Dw6>|eOnYi~W;{Dn-6{qGVbW@p1yKE>i5>nIh5@G^g9ro3I;<O6nf<T6zy%E3o7
zR+&|5`43SvT%4~&@@sc$`{J2fhwBQp1jP(0cm&MrmshO3priDXC`(q49`LG!(*+$R
zPNJk6uj}8hLj6=7B~7A~sL<GDhjR8QV~tk3Ss>A6-tpocS>ThnL%KpMC5qMO&z_x6
z_^EZ2-4f-H;#EuMr-HwZa#o_;92*trnR(-&j`BdF)T&s+TRBDZV6l$$k3<T${8F;K
zz4-?nrSwp)+^hyKst)*dUb>EAFHw$vNV6ZgtQ$5~WOI9iVu1!_+j{J}_%x!Ij?xMg
zOHevDKBsX}*;QDnBZWw$vXz=Y&E7ENHytHKqO1*!>6_G~`T`wgvP6juUGn|PjGfpE
zlU2x(C|(stb-%Z(bGVMO9h6E?!R`EFQ@bNIo_5fYZj9zVe*d-e?OJsbZo*&dxOrnQ
zO7U`Z=0xm6(bGtz{y(|1TN?Eq@&XKg;x>Y!5-23KqO$d^_j%Dv`6#1JEH@1cqOt?P
zLHB;6t~c4-&9yGZVIXp<A!n>a>7MdxSkLbkhf$XHzc30GXxO>gf`z>w9@hnv1DKDW
zI`hn?V~Crs_*F2W0)AO)#=hWO_^8RVOc#QcLbo)QI0?k_tkWE9IfbP0%Th~|o_0ZY
zV}BQvb=`b%`xcJ?rLld)DBUGXk{G*PzvoiXzU^@61k;jED_QBukW}=e0wdFy|70|H
zB1F&y@BFN4``XW1`5q$bKm;}dW=WLzPxU^wAJEwr6dx?(L0Oc>rlG8AJveBK#rpV+
zlDEg_t_26(Kt;&dlg8Y(poJ&X*e&9`469QJ*<XA9jRxJU+JKYpnqj}-W*WnXAguhJ
zLl%wWKQ|1U(c}IgToFN*56Sul3Jttzi#K=sI_hjUQ4i7Z700j;DqC|5@3edAH&ZqR
zohTu4pv&<z94NFU*eED*nBDk84MD-K0!6*PW7s;BRgC}#Z4lS@Y}?gl%pY{GK)T71
zHHO^<hwwa&eV&3HjjO*f=c(Ay5If1-L3~^&V=UjIZk*m}$)|p?BT<^}gFx#gY{XP_
zK+(5wM~`E<QxT^-PhbzH3TL=jOA{#VHIbe96%{v{$e#QvL<v{ZS;uL@R>?br&`Hc;
zI$9k&iCe70`tw6yUbUu2Imr4DP<Arkr&#M4yyWxv@71I>!7Xeivv`yhR!wH<(^2`N
zDQpiN+fHS#DIaYum4UWSo67t$1P8w&dKh(FoyvRVdb;zs#=X-^q7K~7quQTOWm7XC
z(|0;MkO4g#Pv_n|u+i-FK^JfR22Nk@q(xIwGFZ78*l`)1!Dr0_<^EjVa!ceJu_btx
z1CQ}%us+}rW@NC88PJ@Uuu@G#iBjm#x|y!C9S>K;*ugx9JxT0vX0SUX(|i_Ruy*fs
zGAPV+E9oQMg0`Q<YR?qf`I^t>9PTR{A9y@IoSreE{c^}KsIf@7%hu1tI^pPSc6=t(
z+Bt`Pq2u{E%wrY?EPvofRn%OIhe7AC(X*i4t2w;xkmPqKroVFUC)O?AD1AAaoq{Og
z(;W7gI72geOY{63k34)ooNkfRE)ujHkjW0@fipFe1<i(!&jBZmpaK0`ejIwY!7h>0
zn?~~LO!mucp`E}(n3ZrKlRcY_MT7WgiUsqUBUF~%?qVjpvjaDBA&WL?8#=G@G!4jD
zEXoo+{#_=^nS&-P7|X~;?N*Gvngd^QX3Qp2sIQvOcwg?AG4hXqoS_*gNw*oH?=r>`
zGg0#KT;{(FCI6bs(&pi)$YOZ>&`Ri*#d5Q7yr0F&Ftq1G7T*h5Qf}_f!N2bImvn%n
za`Tu!IE0P!*e(4dm*DD%Zp5R`^Z6{`SoY15PsQx`EqqZCx!9fg?A!*y!o&yOJfE4)
zMV<FiC)x0_>cFioTaPRg>l7a}khGH?(-EYy?Cc)=4T29@EPeq>7hUDF1?(=#-#Cvi
zi>wxn$oh3vS1+keP**44HB0ao<}G01S?K<vMe+h(ve{(Cin4COeD7>#x*0YcmCb@S
z;5a9nouS^y&1RvCaFqFvWi!=$XnrM|uOrU+y-)_7wBWH_H1zXq))5@q-jG@%_p2X$
zJb;#u<@__B*^cNEj5bTrvmz)ov%HLa`1C{i2y6$7^98KoxQM+VnR;DRcM)@dk%gc|
z%yd88NHV$*yohyNg?w1-)gHl$?OGt%sKOwb?mxJ6-npow^YGS^o$KJS+ePd(#Q2Q@
z2i?^uef|BM;O(UcNp*uG9Tb`?P1~L7-Y}`gB&jU4n!SiMUWiUv1`bPbSdBlPwJ&(}
z1BnCk!LCIt1XfiY1_zCwHJ5|e9Gj9mLFB-=^;Vo;#11S3$4!Z&#jt>RyAQS~%Q^69
ztJb@pE@I^{!u&o+wN=#w)_nKEfgZQPb67O{l*!>+aH*~?&qvm>p@$qPHekft<*=Z|
zsHHYIX!W=1ZR*6}EJs`qh!(D=z>d2(e*Kz)!-m@8{HNocjCuSKSPz=BdxJv#cJbNJ
zYY%KXY!u64;ep4NbJ!iyY#cZ+<)@8VcDUjV<6mjsrCAjm^QE#T6;pQP%nzI=QT*`g
zQx2;Q|5EJ%M+KA(Uf1WXV{GS3A_uhhRTS_*_F{?PBUmkFIZJfCER0&jzL1;NS;87F
z#S!l6kpr>smhf&>)O$Z<Ny{lCbSg>yA$(iHMuXE&y_5&4XJH#m8l|kbEGdBS5)TTg
zR{DN}XKiQA;9VoGw=_%HDXL``x}+pH%r8xCwr|DBm%6gkmuAB5+R-CdD)k5QGik6%
zLxjy+jN2U2NMmOxfp&VV7u-!?LwN+sP5+Pd51KC5K$iT0Ys$8~yPTa_$s3VKwv_|5
z6vPA`IxLNS<)9@GQ;LRG%zha*UD~YR&U3u^{<C@08wZIN5^X3qLmuLC^H!~3(=aXg
z?L<i$I;y}iL!Mm2-*e$kg~h;cppd({&2_B#tZ5Z2yG3_LkKI|pZY@Jhz~C}nj-%Aa
z!n+kLWI0-}Cx@jj7uu=XuH=(x&WUK#m%EH<+NDqgV|QE0?h>c0onGKU7P*$>f)*yI
zPv+vfi&=W7ask*aF&727z08@zCc#)}yoP;S@dN+&G3@_Rl>0&N$-O4`lB6RaKL1@@
zZj$7hKd4CNl-)v}zYFHeZUTErGrY{9XIwdIUs|mj30jAfXA<>#)_4tU_Mfw}Y+dc-
zfEo{=q*kIl9_1B;q|uLCEB3yuGo}Hkm9ZAnz}k&`q9|+mvDfRVcWD7h;Sb9RxuJ3c
z<ia4`T*PXx(`m#)*71gmY8K$H2mYexsiFtU^rh?z)uC4{+!Jwy7GL@SNLBP)SD*<$
z<orpI@=~K<r^w?YcY|Q8>V_2<g;uBbjyXq~+%gl5Dn5D1TVo|iGk8(6Fpr#~IVDc*
zpq4$BS17MMqohZ)nL{on8Yn0Bx52@ivXw2%6|Gn_lPYB^zhdjrTdCT8CvU9e7J6Z$
zpdNC!OXH*{33_uvK?(8*)9Z1*6!8*%-_F);#^PVveGp#dG1WFWhkWt=IgdGP$KWz}
zc}<UHC@St?Bk3~VeFy7EC4+Xb+$};aRs0S<PZr!wF;!}Iun$}Cu+1MkSUhAGC}}19
zvxDu~j*WLw0{gT@uw$FI;<<Nz{e)`~dN5n7X#puJ1Dgmw{8Cfm#P-WV5>TKZd$tW@
zO>V!`ZdsR7a%-eQs=m^eLGqq%Yc~kx>7vw!Ut;q1Yg^GsE?MxMCsXC0yTy05)3y}j
zPVL!bnbXLz6>J10y~Bi1@}tM_RXz9e*{ap@_zl<Wixr0kSoYCuC0+WdR^u{_X2h3G
zdk6b=Fs~=Nn#d8cm%Y!!1Neg=L!3=Nrj_2hf87|d72@S1eeB2#WuF#1^SqMT$O~dw
zapA|Gj%F!4V6B;ZS;h`L7q|%Aw4k2ia^7Z{ZwL9p1q(^On<elIM=L>I>8#t!D(=LN
z_)!#eMnO5A<o8_5%HE2J`}lR9r_ttvPx?*3Ll3wPM<YC>W?Iz4vayJZTbS@E)?%cY
zU%TNhZj1h+RRKK)iqMHm)h|2Yee#9!r31`k7d*XatGzhDB6lIO8z1DhvFLvKLG7wX
zLPXn$R%<++Z3c(!OvxTyZw{~FqN*DuC@Z0iDfEzb_o^dFhW}?(c)M}e?b9R?SXaxI
z;#bmEg6~1re>bk6n;c}bcMA@xb|`6$l1mQWALe{<8twSd(^hy&MtzW-18237;Gl;E
z|C-AOV5=jIEQ6AQdPsHP$^a3rGS*^6M!o_ON1iG8<*YPG`W1Z<Rm3F;JX4ygZHt&2
z(UU*-K8&@1J8=8<VoybUxx<`2-;1SSK_`;KUcr2M>ESJ}P;HC82<7kH$QGc@fd9C{
z{K3WL{KIVBet1~X7iO~i%YhmWEU!thfO9*5!s_+BS943>h)W&6on9EBMJhP|vzh-F
zGe-eW&=fIyQP)aeHrCx+qW!XZc!lZ75$^gic5VE&T>Ccw8sq&0+VlAcia9*BAO5WL
zxJrj<F^@8|;x2QPhpuufPc84nZikDl^mWr<onOTE8N|g(g@X2NZZbskt)^I!81D)z
zHyRbun~kSXrXp0xG)-&j-FHI^Q3Y&GdMaFw@oU9#-?wG|Yh@7+il+vaMn#1m8H3*9
z!!3qxd5QHX4BhhLl&V9x3i`LaIHk}XFS--ONrrBDaf+c^UYug+mKUcKy5*&<C;uHU
z4Zr2Z3mLlQ#VLkvd2x!NTV9;<09GJh;J3W^9WPGNyW^$N-tyukL$|y*#n3G;PBC=L
zi&OM&d1>!>af*D$tDpWYFHSOa%ZpPC-SXlT`No$1eJzo~#!M5eGzc;U9oAI2^E6*1
z7`okxVdm*&@OCSw81y}{j3M9C@Ir;0k9<NbWYG6Sib3BKDF%H{q!jW!(aA+pe&>^X
zPox<1J&|J2_e6?8-xDeMeNVdG%G;{vd^+C~3mNo1kz&yIM2bP*6DfMWr@P(CRgj%8
zpYMr<4Eml(G3a|D#h~wr6#296Y{EgIqF>>c0Uli9OR3j5(%xvx10igLg-a3wBks}B
zyQ=?QVrLFwQWl?@w=~9_B);+Lttu?+>}4+O)@9c55T>=)QaaD-=&f_-zCDCcaayZO
zUzQ(tNbvH!j#V<<)JdMy>f6@k)#x^xbgM&FJYnwH@}tw+F;ivq6$}=(I0j!K`+P{K
zrol^01>d6*7ft*t*VLF9?!A6>-qr|f<XTvF)35LwRx+jNSE43e<2p_|7vvk@6p81c
z#2rr!#2I*7ioal`(0^M>dRa=kCt~1bDe3hu120QSWoAJIT3LGSU%9o_DQ9|R%+m!c
zUUWu6_~0mNS%=ekcaLP%&KBRj5;uhFHZdZCVu!yGt9e*RP$sgh!-Boz0LkX;n|DBL
zZrh40z(dxO-(?@bu7gc8zXZ>ov)wM&a$>I23Z&^Oy=zq0KBdNOJ+u*NJES%9>tB6x
zsQrpl692HB+iP?>_4?XXq-m!=D4@rgq(k+lKbGiqOV(SmWNiz#HxfPf_E58?&24`t
z;nc?1DjAle4-Txdq#QD67H1O=EI+=<^Na)1mPoI;@G5(Kzgh?USk@82zQGaP1}61y
zb{ny*$65#Lvq;lk{+LSL%6&KYxpNa~TBIMX*RM;HA<)&Io29+2F?)AJ$a3%(y~sT=
zI&5%C0{-$tR7|QmDKaT$`0!Y@>%f?lytzk(+se{%PC`;#-r(Pa^*+rKqupIm%(X7v
zc=mKli5`wbVp2j%LPSC=P9tIy21iE4h9#*fkq{rRj!20~h<8m+Ns5V&MqYdv`zzSU
z-qjG9i!M~k)r(aqZdBDipLmH^Tb-*Xb9^OKwFZ-{4rh^5tZ7Ljryd~lri-l*PhIhV
z0G3146zPo;*RZ6duwmL%_^=dpm^Kv|mZH`s@J69JX-HTsdvjT^uS##D&`XA57S%4x
zlk=eD`9!0t<;52P!5|)8eb}2YYM#tZHRzY7G)kVa)MpZv(&rL0Skq`DC!Hj*9r{dS
z2Ag4L<WvEcp!Xq(%Fme6#mLEw?1y(ac{ZK7dW+UC&tLl#^XdIhX8%EOD$n0eL?%CB
zXA_N_@~V6hN>|e8`3~rMDOX(f;u95Q@bJO$ygSsXi3zTF2?($HNUq7>2=b4O3CEc`
z{z8X3KE*#VDJD5COiG30@0F;Nq*C7gsbMK$ZZQcmt7eEgDMB5q?SuT1T!)4w$N8&c
z;hjk_5hMdv5Nl724U1Q&Bu9kBs@-Auu<)>Cs1y?!E_$|mGWu4X6st~7mh>#3McB|}
z*W}27?h(PF#;!?`$*v^EKVF>>FU!-Hq8l*oLlcq)s*{qrMf?*IUDff?G4X0OjU0C*
zxqaBC<ASX@|9lA<R{V~MD}B3!owGD@%yTs}@^LH`8Iznsrf`d62Y(mr9Pj}eFynt$
z>>AXA!^8T~>J(SBG$B4JCYqhEWn|AZu|~s6<L|7vOUpJE=3`{15&zN)N=upOKYEUh
zB=}2N?qM;hu8D~eem>e9d>3bMDh3j)%rB_ic}}VxPx9dSgk)F!oS`xC-d_1~BEvLE
z$jz6>CB=k!dufHE&%%=<^Ko%m`MAR3Ba;$hBJ-&w=jp2vm84c{#cA^Cj~3~*fNNr?
z<;mXlJW{plB_yijwE`u1T)+JCBE!VS=F8N$%PQu}c9)gRpUX9hO-P83E~F<$Ps9+t
zTv;na65?VKll^?uvHern-?s&8S8Y>x1u_|Kkv~K94%W%j$k9bxBwsx!kuPni02e8#
ztF1yx7hOPVwYGqiHdG*=@lYUN+E9UfeSiY_(z*gQwT;&AO7QC^b?nu(?0Vh+ZoQNt
zX4!!7SupFR3^8+Kiv9>@y;RZ6qC;z$#Z=MEqW5T-#grjt*}`0By_6wl*}9xrFZCm4
zR1Gy`W~6k?P6g~tQ31TV5MhW_7gNBhOBiD1R+Xgc5{6hMN8l~fC3LJ+3+T!@xvDrf
z#HbCVP*i(vh>@$tC2G%$X5<#-jQQ-T(@`7w$@KCppp(cPl8lPyjrB3|s+4!It<f%r
zJhM2Xa^=`lPb1q9c~O7`Craz3P~ICC=`_X2lTMO48dI7&$zNu}nk>#eJShQ_oNO>!
zxnh=zbB#?1i&V44w*|Xqa`}9uBvhy6OTq%s5Bqp}^O-0pA|XlbIyfaJmNmU3sQmL)
zqNOE6k}ly&_dCS7H9280mLINhVVJfDCnhE&rLd-t1QiRpB$Q%T&kFWtv^Pg};#wvO
z%b2L7gg7lr$qEpwCjy&tVo0^tV+My_iY;<Aa<Y=ATK&12_G8%Mvx1|WOy&LgqX@1o
zQ#*f|q9bxqC5jHog-ggW0iGttwR~x~MBx&8V_htfFRfpqmfQ~gFboUoC-wPj$ozVN
z80>l}gWP(N7~Fa(gWS9y3<qXyTeX^SZo`qeC~n!3+7T><kHXxtrFme`OBvK#wle3|
zOZ|`=y1*tfH&XiC&iU<aC_HPm*7E8?G6d@q2IX=K7z)sZ<?4bm<mwXoa;xRnms>(V
zL~EsLIkj;aLbc}xWpZ5$2kF8xwfzd2+H-xG4hEtnczM_)Miv@nRLw_R;k(Kq77SAJ
zv{?vj^jI;%mG~6{FNcPn;<bTg;cElh>tpwvjsB;2BbWL4cvD1)AH<tNC1gLBM@hak
z8K+PQJ?}LfZ{!j`8*gNO?I_oaFz5!ol)gS%ZoLQtZoQO2ZtfvP#G68zaPA`FO%dF(
zCAGfD<4qxM+0q8%O(AaC>IUOYk=zF3jm)i$A>6_S<4qx6U5J6PbqRf2Yvpna7>qZC
z<my5U<mwXoa<x%J8)LNI0jn6~)W#TaYR?UFa$OC?8(C9r?b?2YOzpY8OeZ-mYL|lG
z)SgS6UU_ySjOH7$lg*55S!kkBvGUk_0Ux%Wu&sz4Ue@$9mMaE!>S(W9TwZ}SesCOi
zMk3^0GdAd^;HcaAN(zgQ&bNssX0ZLkjhw2>MSi?h=gm5G(cf^RT{u!wf0qtBlVLA}
zs*c)B!@F|WLL*tFY2O+m=pe4wbma_h)S(>h4AQQ@)LL#ODd8&a$x~1k_q_36LU(oN
zq?qQ(>G&&K^qVUkOEnzq=hN7su0wLnaCJgdZJdS0#ze;_M3s_1YLmWu#RaRO=W8FA
UihR))?aev_;K`-B8lxls2Qxsu!vFvP

delta 43210
zcmeHwcU%<LAMNfetE?3Z3WAC?f`WiFMHh@c_KvY4qJkhG*bCUPmr<`J*2IE|1sj&w
zOEihSYl<e(SYu1k81<bqa|ejgB)|9GpP7$`bHC?)Z!c4J)}6Y;>5o?hXZm<LeDdNz
zk==*C95&Lt=I5f1pId9Roz=C)Zy%M~?L0D}^xcbbsTLEDDziG4O?51<Xoktu0bI;v
zO8XXq4LmHNmlm@afAhgU2R%P{Ky+kO3bc#Jr7-NH&<lVISap8xU@{efeHZKm-imnU
zI~!@3-Y>7oR1&-dT!;yyl9Qv8qfDkUs@YsJvM$P^dKq;n4ZZ=}m0n2e25tss^23NP
z4&Dl8F)Jm{l{{YZU~nPC$Aj67D0Qg0dTMFZydbQdd33dZWdDR1w0ALVIHnDajE`gM
z3!#$C-Ned*A0wVTAUZiAZcwyo9$H!!_Ea!)9|dN7-^k>I!Tn99Q$_W1{AGM%Oz)w{
zHq}%H0;~Un%<wXpy>mixOtN>MxP+dj({N(OhoF<&I_nv3l=e5US>c`oBBP>{O{VrG
zbiYMlR^&dI@vEf&9I(w)1N{*_pii{F$z&9`4V}uC4tCLp>m-=t;D*lUFt1WCEAQA^
zmD01lqS`EFQv=-fMkK}zh)hB0@x$0>NRNSIV^aD?_h*Bj!;f|z=<M|hu+jcBt%dNv
zP{w3JJ=2bWSqBweO8<1pr9AXHB!HPdF*2pEcfV+LwWUbvE~KIF@p5`Y<74{ABt|AD
zZ-UN-k1emKy#!{5WJo=!f?ifHF!StMQTO)+v!fj=>HGrm?1u%gIq#-}S>As5fqSNn
zsjO#k8q9?Ml##89UXj-_N-Kp<VTCPV7GzBP&gue(vZ<@Fidg;Rg#P`b2bfGVVAFe9
zRh^UjMh-|sS3dDJnb6X-vtaaA+7>V;=sYl5o;E~sXE2vn7#IbnRgi20V~o=tRWq3|
z1JbU5QJd7XLkMt;)=ORh#@tIACpi(!3Ef3<W68l_j`hF*eH>Df<6?TEqSc_YACsfw
z2eCm>32_M^)5<`-zaN3w;CeyyOEsm<M~gWT6O!W+;Aip)*6rUzOeTy`+7++|c&Frr
zl81xY16?HB!R!eS$rdns;wJJVe-37kYyfk^nOO%DB^3dq1!Ex;gdHCp-y18=G~ccd
zK|J&V(C5g6!@%syvS3zxXkERcoxrSUP06m3e-GCydR6jnFe|zgoXWr$1WJRWB{u=H
zraoZSw3y^)VS2$a=rMM2|L7qpCLA7(bv=*d`;GLi^*q=Ge!C^F0+)n66U-qW(Fpy|
zu}y@)7Iu`}RB~M~r+(FDdVwLZIXM#(l2fp|n|cmR?wNpnuWoZaeOFYB`9#Gf4`Ia`
zz-9$}!JJcHw9x00o3s;JqW@U|CkXna88A2|ImHyyt0&W&UYPYw>mis!Q@pj_<&j{f
zd(ld7(E~6i)vz{tg+G&As;$XX6na50)29pwz_c@&5(oAl8kNv1x<D!%wHkw2fvCQb
zasA+M6a})YighrVu>R9dgFV2H+nY?~z#BU1%W(;8Y@}(+;Li$W!RFBUf{TIAg3E#@
zfY}oT-`CS8z-Ioboe<zy)RVlov+lTBa(^&eW+a#eoBrWl^=)o3m@S+N=5ic?cxP}K
z<VSsrtXT2xdc`JyIeDLV(<+{tHW3bNK^)i(e6xq1aYxw9s1BG3Jiwf!l`%4G=>afX
z*gZ<`xx-*qv?Z8(eJwE4U+ksNnNrbuPvhjO&7l*Tj`d#wj_isoWXK`-0L+S{f!US$
zP%vBk7{kIYJl03oFTiH}VK7_16U_9HLt+w=5&kenuh2p;C#^kJpBwQp@zLIxU)5n3
z#{5fDFyO3tWb)AdQT<|4CL;k`kP_D`mKkMF7U(P}aX@rRN=)>CXMOb^_zukU$?-Zz
z_lil0N$8*a3N|NQ6qxx%B_#BVLF+HTpL1?C@=j$JrXj$wipCb&KLzLd0VY!=*uh}#
z53Z6|C+P*g1ha>l!IwSo`YEy2K)t2CqI(WRXPM&J3LH0(jzfI{%pTvFg#C+SDIl<h
zg$An&3zW(CY_M+rG*~@Qz$aD33TMYolwMVa>D6!tvmF;C9|N<!y@u-@9-Hi~U2a7V
z=#v;ZAUT>>1(9*drp_bu_?SNZ69%9^qLb01;JhPsJu-HXR^8RGOYsz?BEV|KpaR@*
z2M&nw=Ew|@c4x3Q^}wu9J;}dgbh&*!0&@n0KxadIz|<>BZa!LXZ(Q`C{w%p3Y{vU)
z?2fsN05j+n9i8YMlWZy_6BbEQ^A#$SdUdRx?<vWN-f;<0xNri;#K)wVPL0#!qmz>c
zMh_TjGB%mf<Mn#uqSCu}Tx1_LQQsUga2{lPuT9kB<I?qZMS)ojUJAuyn~cRpLm)cH
zbQF$U8b>GT9aMU<?wAF;2=oiE+3-DJ`VF3<Pq?+PSx}#ZM65=WX+8W|z~-s?2(JQj
zM0-xt({})~gJ(eJ1k%s(=-pkY03FxK8b6<|Cm1(NufR1hN3M6m0B_u8^ldOxj~_Ba
zU)!%{>zm9#>32lcH;;~U^a|a8Khxvtc|dfZ=pkcZv!aa<@6-T+AOzS_Z<$~hGGL3N
zkYQ2qnt6IbMTKtf0y{x3JzpQ{V)NBIh0CNaK)(4PuR=68uNmNy;L%{tutYG6xs7^L
z&$CGHz$r+__+}`Mx`(V^ptLK<YS_S-(rG^<p81~x7Xj}9V~<Ns^IoD0nGo2aAA*^2
zobHg;1?&X76__It1ZKy0g6W^UOxH`mW<yM1WSn*d6{g=&F#BUOm=#zec{<pMS7Tif
z;NH>z%&D>nBgzEn;9_87Pl-s>{dy%tr3{GaADx7Fw!HRA-LEU`;;_TPJZ<=c*^nw=
zR&3h@eSk8+toUMZ0q(}>tMwL6gWv=^B{DIxXI!+&bB&&0AaqtN85QsVR|a!a>$uir
zstBHup`UTXVAIdoG+RJtkF5tY-2gBv_CA<?VaO+y8Qn?H1^tc+r*PP8*={hqvcLwt
zz*p<_n*Ru!89bKuw_x_vX>cKM<dA6ZC~R~GrM&~p9+-#x=y!ONp8qGC(EqG}aSu8d
z5p>jU%(3lEgv|_lftm367JX=%!Da;lB&T2{v!$uq^f6BXb1ifRQy-nBHv~85k#Ui|
zqEldV2zq4UWWzDrw_Q)@wnHwW<m8m0iP5IbPR`-h&HG9nHE*8pUd6I`nMb14$+=LI
z_oMn=tW~B)!^m61=9b^=R5`>v+cQF4=Gj=erKop2?dI~Tr&pM{s~Us93)Bp+uqsXt
zCR1Y+g?9Yu_`{-C;pU<*UpcmGIZbuy=Bj#D4YPfW1mQ@as7b-WHW#aInbgdb5cPJ|
zFzX5^jn#EkLzO#LHMW}F++NM77G`UlS9<`GmPgI38f^YV_4E$2{thibjSmjB`8b+P
zEs&{$>gOG7uBP7h4l_Hdo<3pb=4uT7PFFL0!jzZ!)H^<Q^C;D`dYJ7Ldh$Iav1l2V
zQZuTDnPb)4_`62+^bJ#P7Eoh-?dD2qjBl8&7rM1RoXzSZlnw{KFy)7WYOJ5#?5Sq>
zh1t4bJbkk(Fje*R53}urR!u7biIkg#)V2P0vzK}sQE`P$rrO#0ZBt`vgxT&utEIX7
z`3Ku7I_ViIs^82I)iWT>HWv!(kVo|k2)12@#r?9dn&}m6ZlvCZ$5!k>y|rA?wN|&H
zC_{~}7HaOOW(0=WK7bv7Smfv(Z2KD4yP7Zh(^eM4r`HE5&7IYZpfKAMXszIZJ`D)A
zUWHYkeQhqQ#sr7ix?+CW5sTU&w?(jmbYI_K+f`W1O<`}@N@9DW<)CI(54QDy#c~x|
z))kCXy)oE7I;&na?Y43y^h#P(KV;M$7L(@HGRlC(4zOw&{R)fSm6!9#?5oDq3Ny#4
z8Tfldy<IEJ_B)n3D+q54S%?}F8fKoXW`u^>u40XG2AbJ042Wm#Fms|BgTEWpjM`z=
z@33}*)ce&#%`U2EoiKAZHKtCOZ63CJmX3;h1zYdJdQV*!6siQesa|#Lws`EdA&9o9
zNl_tchCR&OSiOzE3sldrFxyFYeJY?wx`#Mow_?puew|=jUsyp}Lcf~9wk6qdnL)v}
zuVAsW9JFayM$HHhGY?U3hlknjVTHHT@?fWim(>>`<}y+(fyMmM;a<o?T6tB!uwa{~
zhso3saa?^N4lv&3nA-Lrq}QG!=2XsP^4FX=w(n+J?C2CVre2u&f|^k;%vPklo+>Z9
z*wzFV2gIf()eg4JhNTyT3Mx0tt6tuAn^y&6if7gfHjh?48-&>oO3hJC`Xt1$Vy;28
zeF=-hk2Q}*7OkXP`tY}a#X-dEtQ~CK2&;qEl0235#v?myFZHE`u0Y4kfc37{F63vv
zs%A6_vz2^DFVRu!tk$sf3CFIRCM}c?>liGSs7)wa$twDEFlno?Gc0yF+FmQzwm@2W
z)JIs!7h$nq^g%45-fqI_=J{Tjb+0G-NWJeLYIagH-V3wU^}<6Fcw%B8U4pc%+Mc#p
zjcFQYyACZt^GFH{t`b;PU!niF_nz`}sgfa`O*k;YvyZ=Q)NodwRaIk~*{#l~O&_iV
z>j;FRw9vN*MQWk&>LycnEwoe*HLLA_Kvzxb>}xW0X2`aUA-&ERsUm(RQ-m7dEYuo<
zP&+NO8=*E@s4%8oD=pMLJG23z7Mk`VJJhs>$<$2KM0V)=>`--dQA5Vs#vvq^8Wz_9
zSjd7)*eBTfGvn0wm9<sRHet5pKs`>IPv%TD1KKNST=FJuR9j$`GB2E}Y6Y98sxfWD
ztPi01as;h)f=#A6s&_<fhnlz%QsX;@TE`&NT?<{$4uxYT=-N_*x@xh1WQRJ1veTG$
zOLnL*=3^&K>zf_gk5ETVbE$*7Of9qwp}OjQ&rs!h9re!pcE!W4dUdudz3pmjXS;1V
zs?J%6xfO=p99B*B{`;ZU;$cPxF$lHQvicOEI%<5^+KzS67A+B`o6U^1(>>ejk=wHF
zrKR5QUfZ!Anw9M|{7=>;SaK#HyBg@)9BVqPPDVQGkF?bIcC{TFprwXv6R_H6TlfBC
z)x~bp)`(N)G*n}I*ll?mnM{~mI7{+$vbeFHnQs03C#z`_J!?H~87yX|TTlLEHN;gz
z>+CoIt7W!z6IN5hQv8~#cY4~DAx%}UD7$S7A~33$KUm$$gQn_Qh*8b5Cl$81<*+d4
z^kS6@&D7Xlc3Z*b#+v8pqB*Q^xR|*oDbt#(UeR{j?+~%dFtM?HD_$*BuikcLOba!(
zx83?}3zMml8s9rqsoYY%17RAf+ep3NJJfa#A)b1$YoT}Y;bf0VEUmh*u+r1?eKY|U
z`d7wng~hp~r>lU@;JVPQfw0hBJi$~8w(Wt1@@3pRZS>t$^Hj#QQP;-UZKtJ(lL$81
zYUp)z0=IRXdWOKl#Dc~7w-c5xEHoXL4tHRMsNOY0ZROkPU4rcvt?$`RjqPW*ErZCl
zj@>#a*m?$5Gj&~~P+Ol4CR41Q35t6Jt6R3!5;LubX7Ma|8dlHjxEc}qUaMcWj)lek
z&_=;_3>Gq?B|;oAi!pm;R1~Z(+16fI><;ZR(&qENQ5;)79Tr=z$6bMixx`#hm5Nv=
zy2VSsi?H-un647C&#{tWacK04t%IfKnK?bg5eAk6N9I@vuHo+_+HD)KRI%8(!-WPb
zKXp}OlkB#t=n<?9nMX1#j)9)zR#>v(O+p;88_0H}BFkW5EOkfgV_2<J@BXzN(W96z
zGW~2=7z<cQNDsrF9TgC%7mNBOhB(5InW6nBV4;t>al@*GQDGf)>pU#BA68h1V^nsI
zaC`_WXD9-CWj71w=n=430G15Swbx*=+mK0kuu?f%jU8mSrDE%&h}nlri5=2HKVYRk
zfyJidV%jg*+N3v%Ro8`w+9o2Tw~u3U6_(yXoKSv!j8Q}@tixg9w069<BLX?S7}_`6
zg3~Nm4S0T0O2??NL+wgLjJkHH-If`XyJf$?(kqIpDUD;**kN{Me5|^5nBDd%CObO|
z`#!4R)XzxACbfeVf;f!+pkQTcKXvVJyY)Oof37QQ-Z-wX`?W%CVF+>lp|y2_l?8F?
z+7Vc|5aq<fwN=@8J!hNhhwd2-3%fI}-255@D@WqhwIl7e0{!ts4k9kb{DN&QVR56-
zTx|1U1;E1Qh)wQGST$i`D!|j4pl6M%+cvn&goW)+?vY<5s<9L7wqXNICj8?hL+SSr
z)K3$%>L%+Wjq5Lr`+8U{;EBxY1uK6ft7|9PZGBVpEgkK{Mz{kOyHmR}RGy@$vFUbO
z{ek-4g|k2MOoQbQ7fg*o!M07Xs=-2X?CjqRRAVREt?vxNiGf3B8-x&7fIg3oz~buC
zFKS%|>)GOd2RB*mU<Ik`(BqR4Vt+u#KDY-KcRpOh<I>tTBzq#GDy?DZi-<!y0~UuA
z)4F<yqcrq${wr7ks<(HjwZ>3hwZsn!RicKfcc$8{OCVtW;$rP9gu=D-nT>*Np~H;M
z;{2Tii*fp0#&^=vTUCCzu}k<h3~_)_OI_y`YTJrX5R&M(B6nfwmGk>J#5_Wconcpc
zjZoLlu-lf7(A$gc8iRCJS~m4j4NTgR`gmw@O0SXX+L?CSeu&u6&`>V4(xdb)HfduV
z4~ugiorkr(85X-z8-MGMjAPqv-l@j4!k{ZjscP(OEG&p@Bkn3u4~H~;bhML*EgTl-
zg?=+J43-@hCIotFyY$p<2b7=F)H|x()^)V8qv4v%wh|TxQLp29ShY0^Gss$G3@q(B
zvN=Mv)cB3H9T8yHY56O=$8eroAM3G$Lao)ta&hwBtrtRc)F<ykX<4;R>n1E#QXiy>
z<8&*J7S|INM?>?pE`)`thcUY<y-+ZE)^)s|J2vc5A&xNgX^$PuHUn0DWPn+Tv(i~u
z%uX*V{{;Osi`(I_VCCWjHFkkrDU+_Q1r148?<}xeH>GPW4Gy*5LkMjN4YgLBq-{Rl
zp|%bPMIbwU-?|7(-^Dn|D^J!30;?V8_8zd_(-zuwgxFf`6lyIyg?Ad5@3u(@HPdvg
zUF&&Rt+Z=_N>hys3O1lUEDo<$qV)(YY|mJV#itolJ99*^EgqI$27BjYSm9b4*6S{;
z4%t@S>H56G28Vl(fw11ybH_r@f>mGj_6=3?%ur*O+LgJp)U`|P)(5jVJ6Y$z*?M<k
zZ^o7zKU<AmX19I}5w}d$LT#?9ab1Cetpj1{$*v;QMk|KZ>oLb@5-jUNSn%=<wOvDq
zV}+)o;VyG?dD+^);{K$c?-#=2&aZp^knNeYA;e)GdP3Vzx*&wRF;r_0LhW>SOpuDg
z=yz^zU%+atwe6kx`rOARwJyXl+u%;O6jlH-&?ocR+?F-(0#4ER+PK+52#<}tLzSTm
zRIgQb+m{gZo@cYmFVrU{<}9|$-musN{mN}4Ea@2)Y%R5jbHTfIs4W(u23pM@*@LYc
zV0A!O)pq>A=o>a63|0p<eoAcz1e$4WxsFg5qs2;{#j00^-8N&f(Q8~MmtpChlGHia
zW?y1dhwV*=#c6>(1s7nSFHvLH+O36`a+vS0tL=yY$3pLok74PPji;cyu=Gvt5hk_Y
zGUTHTK`KJJ7d9R1URc;za0mY!p>|r8TQ1jAYRktq7Zw+XUdDA;`uyR%s<8r=dVfM~
z2Lu|c@oTg|H*F48{m@vTtj$<hG8bHfpZri=yWVaq^O3$?U=vstY;6Urn|j|T)V3a>
z5Ut2Z@ga^d<bc!)wzgc!Wyb}u7$JGxh@JR8te!}MI*$leTCP&pZnWFfRr>9cK2?vx
z;>yJSiVEdfZLBvw`DqM`oq}%m3AW9LrB89L+H0_yAP$>6W=p^tV>iWhp%S}B_1a`t
zGS;ZEpr@cMVGbGWi*=hqt;5%{MGRd=sGSz_{+Nplnk^Y2UTJ90Pi^~Q>BGY74m`kK
zyUA|t_=&a^A%oQj>B;UR^uAslOyw!-j2qFUc_EH4Y9R{ewVJ_-%X;<BR-8cBt6tme
zwx%2OWH=w<8gS(Xb?r90@@j*62XPS_^}evEkD3JA7Q$k^^qut<tom9lxpJyy>K9(9
z^R{4HG%Uv9q=spn0joAFo`ys4gk<e@yUk&<F?j6B_hEI`^1}V3vURf>yTfjK46zPG
zJg7$3SKp#H!AZ?*8*Gb##R4#Z8-s1@V9APMS1PzwpHZl$f3UR^tO#w>&SXeWgPGvE
zP4zlvw@%-tbswH1pWCLcJ!V&mW~q0M*=-`rSbDsG`56}Hop!OMRNJnu{oJl3Y*+7q
zPHtDdzOY*>??8=I?=P?+AQYrK`&U;tdOD=~n6z7BlLGbyc;sg4{+jw{wm=J%`kUB{
zIF!WCq_~E({Lv5Ek&9DJ4v?@o`9Y&83Sh!s01q<lXn+;z1Mv9&!OXWWKGV{UzB)np
ztId}7lluR{tZ+QQ1||W_Ck5b<%`Bfa87O%Wm<O5qU>Z37j_Ef9AP)t2kXeD@G;ok<
z;{sDV$n;lloh*>bKpMa!P5Y~}72)yHCev>Mz>Lx*PX<$;0`SPq)Te5y&W;Grkv5s}
zbNPk<4+Jz}9+(Bp2l4_qBWOo%W>>BNn8AmVKLYc36X$`B%}hJU%pW_Fc6`F}nIZNX
zEko=b+L4=C5OxafATtAO0osw9>9++SZ`ERTra#uHc92=2-2lto$M!S9et-v=5r=5t
z$j$US43LiiJjnDv22lST;6bK-oCc1!aVjI|cnV-m&j39B4b%S|K)wL*AeR8{(ZKN!
z+~RK?*rNLY`6tN_BtMk=2+V_QR=1w1&Mr0m%0D=AGpqR&ApZ_9*XIBaGVMPA#=is#
z0R<@jZ>*L7uM#>SV<!~AGKxqpD!G{C;*7*WX3$yMxtSHMAoU7nz5HAPljnB$-)&a(
z9a%tbW>0xS=YWUF_%Llt$t@TW{{z!CT>6t)(7V#k&78RnpfjqWj8A2N;YLy*GuRk^
zn4qcD$;`O9w8^wvN^UK6GWE7#8@LOY`E-}@WNw$ez*yWJOtA<st{?u;u|JL1m{Nk&
z|BjvD#~!t)_s^G2WifMUf#-u+t%WidGUJzmxyP)O@v9|gNPPpCGiEoK`RtQ?5X^(j
zd=E>VFPzf;+$?u%1hnRT0cL@xq~lp|0odPy3xe-~x$XZ9W(L24>Hl2DJ5t0!rd|-t
zbfv)g!Ii+AS)pK_4c=8SwK)|VLf}DW3z~qLK?^YQHno)83d|!nGkrT5-yY12yMXE1
z4S$M)6TxiA2&s<(=YyS|iU4Q8EHDe24Q2)Af_ad&p^@<mq)w*)LTSH=8NW!zzl~EF
z!2*`Z43|n?CKHmG(Q;|$X6h@Tvt{eSmBIXm4UgPR>4MbBEbp>zr)mLabOi#nuk;9w
zsedi)zhnA+13zYbUHX%$e+TB|y(RTOGsd3+<L*cYG85jFd{63R4%IKxCNub(w8>2O
zRN7?P&!kPJ{kya^=GMvpYyLtyyaaPnDHPwr%*Z0+-^47#D&xuY&m-;JoXV~#AS1|3
zSV$%)EcJiGEWk<nlbKIZX_FaWOmcC_&K9};5zrh;fSJ%m+OA+8WUk+e;NsvAFng%B
zjDHiez&ePhOE~_}t}Fe?4A!@(o351dW3aJ|A~Wk|VD?QLFt?odWjxuU?!H=5`vO`|
zT8NFtA0My^=Dsl>%mNokUI^wvroKqpWR|uR%yb`t8MRvSS}^0+gV`|~C2wNSQP={3
z8EyshAhX)Lz^wK`Fn7RHU}kg<%ybvPJpPWEFTWs1z9jjw<SQ1;Tt-}lz>L2I^B_~d
z2IfxqqqJ{<*~0r^{4+h2`~=MOze#>B`ITe~A{n2Te<U-1$5bgef+^U*Y*~IV(wYi^
z@y}FL>cypAQgSKDr6qevt{}NGm_6tNX1=~){4)jM56epplz|{H3#=*aT44M$*`*yO
z?RsDiO%us2!8~#^Gj0W)+*-zyS%J3FmYn)0fvck%99TdvFl!zs6ZV%0b2AG_knu@i
z4$UCR!@-OnA$g?K$AEc|`TneFHUez<Trd;NlMZAC7fSoza54C=gFjok0nBsCE->@o
zBY8iV2buHFbO?dM;Im-1;F9F8!R(3e!JLG5z&vs@rJwMJ1w4}RZ(=s=G2+Qjq#uH&
z|DJWQ7vA`c!_e8a{b=C$Uzl?s9$;@L0n8@_;E~N7e~!t2&pQ5l*0G;60|%Lt<q!=V
zxtVk2FhD*6@F3Iwzh@o)J?r3nz#|TBD_Y?HA9EYa{fvV-)8;n!-?NVYo^|MZ(0|W5
z{(IK(ch5MuYcQVYum7HP<bLMCee}O)9sfP+`0rWAf6qE{KjYwzNt-+7f6qGp@1J$N
zEWEk?Z>MXD8-eDg<_zH%WbSBQD<+XX7S~Cih?>Embz&B2y|_)<AnJyIHi`wLO!0`c
zNi?Ym+ANlnwuon>t)g`;b4PJ0&|FY#t%X9egc)DSG;bH3NIOI(X{WH&2JI4&q)){T
z(r!_t4rq^vA?+3WN&AGW9kgF0kq(Gsq=TYd80e4~N;)h~la2__aL{LBH0h|gOgbj~
z>ViHOlSp5P>!dG5&38e^#VpbZahr5f)U5|PB^HoQi$|n0qDg(wS+N`>s)VCa)&^+Q
zdC|H7^a~<`bWxZaf-Z?pq{||cbVb-2fv$>3kht|Ok{)h^q+g37jiG-dVo2YL{iJKc
zwF&6DDEA)dJ28~>y*N$!L3lO=-4LTeBBCKOy3rIF{V4pJL2zsYVQw=Bx5ae|+bJ|?
z4&knt)f__K#t?p?a9`AI0l}pSgq1BIJP?m49Hr2{rMao{$Rt*@G<Og~-h*Oo1?7oJ
zv}pyUN>eCXsr+IRN^2;Ws6@Ah@|#I)qLSVWigOz%&rG6c8z>>op&X|2+$4&&g>s9^
zz_w6cn8X1p^IMn;iOTKF?<ucLVn916ja$O!d^=RoEXuV<1)owF-yVWRoTjj*6@<VJ
z5UgT!2M7_ZA>5#lSNL^=;MfMj+>Q`z;yQ)x6dFW8$S-C^K<L{R!Y>pGin^U3xU@rP
zWhV%Q#UlzwDYSndLJ_h2eF#I^L$G#+P)xM$453N~2wN#Q3v(9;mncMcflyLpQb_Lz
z!MQ60R}tA2LP!LJ!xY>^k!}!fQ5e__LTRy|!u(DUDs_iYRwQ+Y(D;1_=P8sE<$6GP
zN@08t2o=O>3Trw;2#kbKNsNw!5YYv~4GQlFzn%~ryF!@T6N0C>PGLKR22l{Iidj(*
z`gVix3k7dcw-*GL?hsb?f>2#NqHvT#`)CM$VtF)#Aw3{idqb!pTK9%fB@)6`3W37h
z2f`%^(S0BUi%bgXJs~*vg-}yO_Jt4<1>rD-P*EfX!Yv8|V<6NK`zg%t1))+bgfNj5
z3!!l|g!2^YigNuRJf$$cAB1}1G=(+2Aq2)jXdp(%L5S!>k3kR`iPM81IQFH-U<ggb
z=)n-SQ@BB)sqh;Dp>GU?xkDf{7uPAc#6oB=6hcceYbb=H6n>%5TGSl|VMsp+D~Ca7
zD;`m(5(lCEa0u<i^5GCJQLv7H&{4D=fj{Z-5Vlh2B+MhR(BBuGNS#F{sf)0U0(BLU
zq;6sdsk<nW3hE(ZNReVcsi$yF14W4>QZI3g6fMe)2K5$0Nqxj=QeWXY1{5PklVZhX
zQa|B078EBYk>bU5Qh!l%94JA|A|;C3q$E*yJSsk95ZgK)6;BqAC{!8DwoZUBP%NJS
z;SvSwL<oaL>xpdZ5Vn=VP+?Ao5Hb`(bUK9LB9p=`3eJ-tj1-ZRAj}^I;V^|%QDicN
z#={{DoD5;K*iYdpg-TN(j1@^!Agmby;XH-$qTEyn5hEdtp9*23I8DKE6okNO5GIMy
z(;#f8aD&1W;Wr&Z-&6>5r$d+~u2XPHgV10Ggc)Mi3<yUl{6b-ts5=wFkkJrU&V-<f
zM--}zfzW;ygt=n*EC`n<SZ6~JqV;SD>0=>mrLaJlRR|&DAVjMW7Kuy>w<tKzfv{La
z&Vew0JcPp(mWm>CAvB%<Vc=W{%f)^QPbpNI2jN4JG!Md>i4e|HSSiX02odQJ#tR6m
z#c2wTlOP1nhmavg&xf#`!VL-^3%>;r`c8&0cL9WT;yMMFDG(Yggs?%(S_t7Ng<mLS
zin@y+44DdH<st~1#Ulz;ra@@`0fen$`3Dd#QLrwCkR@6#hLAoT!d419gn0>skQor7
zmq6GhGAZ1m;Jg&VZV|Z@!u**K4pZ1GiY$ZBcou|#%OLC*`zbu7P-!`YgCc1;gf+7v
zoTqSDlv@EILWMAX1%%JUX$p>WAOwC0;g}fxA%yJ|Zcz9__<aPS?_3CTKZ0;vT&LhN
z4?=^L5Kf9&D<K@E@C$|0qV6gPLj;7Ct00^ek0?}`525{PoC(jH#fsH9?_Hu|T?6H!
zS+rRLC4B*utyC_Xg^~d!WFeI33@BI4ViT2HRGimB`PwXcu7xsx5tPGJzBP-YA46&U
z0hECsL%D7i2dF%yQt1;Y-<!pNPoS(>4COqP8)i{{9h8VAP{yx=@}pUtq2jm{O5l1Z
zx6NYAdMMke+@NyTEc`b>>AMWd+zn9fo5gojT$V#=uo21wvzWaR%26u6P<dn)?`A?7
zvI5G=Oejyx;xUyfA3~`Uj}H4qOo~T`U82x_6I^~nhi!sO`bSW#o1r{Ihi!%uvJ%Qx
zD$mhjTcF&c61@e=3v?Kj`KzEfZ-w#-9kvxp<JC|OL%{_{k!>jIDTRUCAXvnH3TxIt
zsFVf4Dw47wL}WlXPa&@;w;h7xS_tE}L$Ha{6t+_c+yNoK7`+2R-;W{Opiofw?S$a+
z2|{ysLMSY*Q#eYY!7d0z#H?KqhOC3|3x#5$?xzr{tcS4jQwYxD5rs<>+V6%?QY_yM
zA$<b`>mCTMqV*mKAsZoVrQjyadm-GS5WN>dX|do8g!!2eUYvnYRx~*aq46dN>&`+b
zC!SGwN}=mH2o*%eIS6YuLnwG2LM74ZJcNiX5Oz~|N7ycyTdE&=))qakm>tB%%jQ-E
zkK)M=J_k-)f}6O4!u%CZkcez-eTdI=^U*G;IcFWcVh%8yJ;aNv<|)=S_&~Uj7O7tI
zbP#L4GDnzeXPLh?@3r70w*Q)0*naiU|Fa=eR^)YaKgDd#I{v-6qoVi+X05+t?rCAd
ze8zt``Flf(^YT!%YX7lc*7E#HAG3J)y?GqPg2w-mHz^LEi;L6Wo4?RXPW;vEXg!&T
zs%Js#Xr`ET={Iv@vvoCIpe~e^dB?m+E6XPTb2C%ZtmA)}!^~#?tb#AiEgkVneHAUM
z9(fc;b8Ue}s9K5q5R@Hb+r|>n5mhOdF#gk{sJIv({-1GtFg7|%EXl8I%W^EJ42j9t
zsysE5$)l1uH(3eChaE3p=?7IOMDk`?_xZEU7YcY3kv{y`%tcf1iiOnpL5GLbib;(h
z%kv#E9>u{-$B*Veq{a_hN=lKR)31__rNFER3(b(4o7DIU7QQT@9qv-&t91BYi*}Tj
z8sCUuWqFj58eb~7%#3lAg~rz)wbx_XNzp?(@@+=GhQ*_t)cB%7HC7)7yOBxwE+t=+
zVC5@Ftq8(B*cCV`N{#OT_LLf5LS$OJ@sO&$mrlpZQsmoB4D)zLYR(9+0{9+J6{+zp
z#*(tqo>D6bP0JbNB{dGww+Qp7Dm7Px`=T;M+5gp~SPG)?j=489R@MzL-ZS@;e(un=
z1N8TYhJXC8#Z34rh^7TdzcR3Q0XzbwUs;4d1(-INT2}--0KV4Bqozz;4q?7;&I;6$
zT6u(z0?as6Y84RP12E&-QftNj#Zli!*cT|}MZqabUa@GpvNbgdD&OSbTOmIHH-MYK
zkH9T}uP|-^HUgQzCSWtL1=tE~1G0eazz$$1unYJU*bVFf_5%BW{lEd>AaDpcte~@x
zAn+N$eeD?VIq(JWC2$-#0h|O*0jGg8z*&InhwJ4dU?sq1vKm+eaCxi+J_h=tfw4dk
z5DbI>p#Z*;geB8dUn5~K!hyO#J)i;55NHH62ATlx0dUv8Nz)G89_Rpc1R{V=B6Frv
zGIbWpOa~?blYyzgG+;Ww|J!*KkP4&$V}N8}ATS6R3`7DwfheFC5Dmlv{Qxf6A^>0Q
zeFZ28TL3QKApllvDN_do_<y%X0G$B7f6aHYJw@gmrI`3~j^bV^1UBEne*v5WE&vyS
zOTcB|3UE~%pQY4G^+&J<5CHfBcQGmM0rvrIH^AyQ1AI@iAi&oZO9Fgl^*O-T82RpF
z5rA)d4nZD#3-mIO7n&oGAJ_-|6JQ;%9^i)=PdGt-hT{YX69InKa|z(fQ;UEPfW^R4
zU^%b?_y|}DtO8a8Yk`jez9(53cn9E?<pcNwfj|(zH@L<F6M%_8IxxuryTMchW&ksR
z?g00(NPv4+d!QrG3E&HvZa`_E4B!C_K&5fg(YCY&;6=a(z+zwtFcp{%%m8KqDv$<@
z1x5fvQNF1^&;n=%GzWSCv(XDGFb7x!d;ly476R!Q-F9H^2;2eeKp4P1l&__41Tulm
zz(>eyC9oP;17rYv!@f7r2Pnwb@LK|W|36&ZpQF@BEr(!v;3a%t0o-5BfC5+m2fzyC
z0rCQlfDOn8<OhC5lHY)z0X~7{o2`5u_6q8E71#)U1MmyNzXDSbo&<b@F!t?K(=`P6
z#^8HEQ=l2p9B2Vt1HJ=}0>^+afG>gLzzN_aa0)mLoB`$oe3x!7un*V{>;QHGe5JM~
zPzwkJ_)cF2U$SeBKpTLsB_2o3P6A7T<-kZ_4loFa2Iiu&^8f)X1>OUi0`CHR`JX44
zZNMhrV}M_4;MYtl0+oTo(4GN&QTR8cnanA17XiMN+XQF|@a5fl0N=Uo4fFwGfLNd(
zkO(9J$-r=61TYd91*8FEfU&?hU@|Zjm<CJ-W&ksRS-@-{wJrW^04|{Qzk{_e0wBBs
z6&nRCK;`BG{7S<yAPX8#dpx7@f0>R4_ywHbq4Bln@8J7A@B?rY_z~bs!7j+t6}XM?
z2fz~G0AKQD4}1w61d1V}J4nE{g_i-#fg`|C;23ZMI0c*r&H!ftzS7thY1<;L7r<-j
zH9!X7iFhv{0N_<j5HJ(IV}MQYz0S8`c;%tc36ZHl9MBgy0sTIlHiIjH3o!vIM|(TK
z3xb`%rvT68`+)<%G2jTmb2-o5djWo(g*ri>L?2{?qqg~7p2RDsayeH5cyZSV&JBTz
za3}!qdJFZ_R&90YK7cn+6<~|qfKq@fz)PkQz$^H3SUB140(XEPfg8a0z<0oP;2MC2
zDyHLEFBT~MEUBz<2Cy4o%Q&OA0Bkj9btYh}>GcS6i~j`RY+nm-Zm@SaPq-46Nf^CF
zo5TGDz+PjIu%|u)&}(_LC2~k)E>=ngzMhvAK9hiNfUkkC0G{1013cUDtT#nCFHtIp
zb4wH_v1W-<AoVIlCVU5|3{(QX1*owHevn~id{c&Rf!X7?B^&lr*j)h(lIa2P6L1eO
z;<YK0%f{xYzr{{xX2@F+?v~61k*0?LGh^H%fV=1u;4$zEpnb(n4kveC?!w%Sxih~+
zJa=pE)PEqz6)5j@UKu_0oL4jyDHzP{oe7!2bKr%HGve73)D4?+iD4c_#wJm2nNrM^
zS?CeDqL8(NxV~I*6Z@7aj#m0Oh}O%MVwHH(;J5eq6+xancp~8m#b^pk)m;nnykiuY
zPb)07AS9#w!U%Ig5^t(R?&NGQJB{D}V}}}@$KB>lon~}8YsfUrAKxYP(mIV*d{ZKJ
z5))`m(OMt)rh2)+#i$SKVdT&8$Z37*o01yC#-?z*jrm|S=S{WBorcYF2blNUe9=s{
zvQ~C~u^_&}R|Q}OuNTTbWYbyqcMvYE4RmRq>&gMkAbWtz0LEyR72Y2zWmCDO^1{QA
zD<I6%q>;?fnT6J=h+`?#c^EUn2<L9<>$T>xF}jJhMf3CIu5RwMh9A4A8qzsxgPEG!
zg`2K6LT{)}eZ<uR>;Sg|{^CMyAQY$xa0B-Rc-8I?_yNH{AW#Dc0D^#8z`H;=5XP?&
zGEi3vtC4Y0>>Da<M{r)i3h-XS0elDiJ1`sI*3t-^2=H;h44^f@QxZ?!(}9UVI?xZO
z3I7=I1YkVS0vN~h<VXaP5IF)I2@U~<BRm8c3=9I2fq_62&<OFoe`yM|2XI59our$A
z-vgQejRD59f~*t^YYwyo;*h=-xDC*eHID>%6BGfw5A*=K0bKzm<kf9wfO>a{o?x~-
zcZ=CdwvcI}fnGo#pf}JLhy{3Q<ADk!fLXy*8Yu{{g#&;jfIIXs@KA}-;IY6MAPr!p
zM*-AnliAgifl0s=U@9;TU><{z-%Ri<;2FS5{|eOSY2;@Fo&X%5$6$^<=RUjc5%3Ur
z0Q>~p18xI%0nUY6fFIKN0!+`A{|KxFGJrL}0$>in{N@7!m<P<&!WjP*2z&r61Qr3y
zfF;0UV5tQ4<-lrbe+2#zpfBV6Q8+dFFfIL70ZebiGj1io3Nv2IlU->z<gSPj{uuE$
zfg8X^fcg)>_rQ06Q2;A{9k>R34zM!c0^a~erA{DhRNyOwuL7wX@aGC}8Q2C~0<wTF
zfy2N>fIV>mI0u{swgP7WcI|246mSwa4txr10zLtZ3a>|)l~@O`0xUBVKx0x(yQH`o
zyc5^~YzJ70EdX20L@bnH_7*G3u#qXdlr{@^otZy1qY`Ww3*W8j7=MmE$BJFe%#Cr}
zgD?}aJDKq@;3)7Ja0Fl_*h7Z^R(>zQRv!co0Q-S`0P|p;<lGh1!W@5AfQ5enys6tb
zZmczH%!)E2qcuhxHCCQ}3^Py82_ww>4V#r=kFw&ah659y2aFlb%5Wwd@l3#ZK-(yU
z88IEZ|7#g%^dRRAE5RXR8bjyUvlltENS~^8i7|e3;$$=uydLICFe=0r8JS*1m=l+A
z4CnS?tGQ>ik<7iq8<?p1$?<1q_W`3K#*k3Uof!*chOg_?*c+U*E0Fmw;HSWEKs+!W
z;05tOFdv4s1@pn!iz*115oiQ{4zvbd0xtmSe}Ea+T9o@lDb}2M7}2jFGt3jAp)omq
zScZ|5aqj`SvtyQd#OP1(ERfIYxX0cD_&Gvhpb)^X;EzIX?2-Zq=L1^6=SP5R(FU8@
z<nEsQ(3sax05=To!L;3>Gk-VmU9c;7C>VLCYMC=*7l_Q9iAo^s3~&Q44lV|;Fk@VD
z7ix?N`=7IoGxaNgyA@|NXC?=|I^Y9TfZZ8f5_zuR1pqVU0KT5-b!f)M{td#+d<noc
zXB1KjnQ%*F9;^WM-2e-IJ-^o{jaG3^OGbDgBi`qg1@jRqZ|MR7-YiqE2(1E84k$0<
znT9vm?*NH>RD+|;K}8JSpwtuRHYfolQ=k;UN%~jsjcKiJem&UH+|AF|$5)tN;3;df
zjY>Xqn&`MusbQWirhoz$!#^MVmsU!vR&{)IPxuG=1o)sAcxhG)G3vSWGaY)i+M$@c
z)$pm|6M#)y6wFjy-44T{2poR<(%oLK){E6}@bmHWK^rcJx^Pe)n?#pP#l<ZjT3Z5+
zPR}-sD0s6;1?h+~Jj4t*2G)T?DL8!F@Uz8tzJBo{$Dt!)oDs98+L+00e|D>k7=IsM
zRxeI`%}Pv!gDV{Jq(sbWUhVufnH0mnOcdFqxZ=gds-PI|KqcYVC~v%1&st?qOFy)R
z)3qRCyuN)pWb)+RI~6leqih(LBzxe&vp(@BR(33z6T@YbA2DajHn*>AJ<&ZU#!ak4
zac;hFV7)6%UR`K?+aHdjxDX$IUvy3baeWiIzpH4n85AQ%f&z^nIi30ArEgqk9-5<=
zQ;>lhGT_5`8+f=&=<hKT+x5<gnJ->#R+{4-kLFuY;8ystu1VIRO(P#&SfaJhmp@u~
zRE&m$`J7m^MXBM2CzV=$vr~?&IQXphE$&JBu~^)O1KxHly;Z4N@g_DIju{`UJAqI2
zp5EVDD(_U}>x)6g06cdPaa$D^Z{vqp4=p_w=)OL0ksOcN$e6wK-qT}o)(0Q9b25jB
z%&mC&VU9TIX>oNke*JWad(5fp>D?Y9WewzA11CMPdm9>M{Oai4_(O{#er){(90D-<
zxL)5W9>D>xi003NpYfxjOD629x8_BmRqzYaXUSy|28X~O@?eWYO-AJDx~R_7mHoAn
zuq<!^Dr0;TPA-^La%3Q4`~p!4M2Tt4+xSUV_Zme*DxIph7!H9xn1fh&Vm}=4uH4lu
z^xG0qcsppZsJC6&8W@E!<FYFEY4IOh-V9rYR3XR}+n@2nurW>hIai-ODUAi{F@uHo
z4isqol5B(T>Ky*`gYPjP;h>G=ToDNeyyi2Ue#S4+=B-ok+sPl*_LY7ZnZsfO9D<CW
zv~{hMPYKF9G#?z$cdYrZs2wNO_%26#jBb|iPI0rn4#w0c(D#*1yxgI<pcy51qBV6z
z)14^F_-)XkkG5XA8usZZ#q5infY;y6L@FHcR@#D{n2T~$N(=KYtz+DFA&)YmB`tpu
zvkNYxMA>{6XKM{qW2!jKh<V~J-A;+JpCbOWi2oE~TQL!qoAGnA?R(sN_4~}oU(p1A
zl#Fg{FCM@z(D>b1hY0_6$MdW`42M8;795OUqV=lY_>ZTZi*s@XBL=NsCF<-(ql{mm
z-CJ$ZmC*Js@4<n6fZ2CKB<)6xHj0(IQ3vA}YL6Fae(wFP4?GpKKgNqY^(s+t4>B@-
zx^`k-&n3-2++^&7=pHvwcaO3NuONR7KX>EDZ0i@^xH@IpsmY3Y6mvq2e#j$=?p6HV
zu3!`7#?x!+whl30E%`}nu2$!7MEAXD?i>5VmwWQtXShYILsD}o@!4K9s)BgFS848U
z{FLsU)=|S-O{szr)s{8t{M=o9xeqfSj~KZR$%+ZFPpO)(OKJVIqR0B<MY30j4K#k@
zudMQ2x7I)Xl!$C<qLWb{<9Bk$J9UYR8)yDN>s>#tfFq*$e)O90BfM)1TzL7a-uVE{
zL2GNe7!3!!X18cRy1$f%{;N;n&fm_jwbyYZ{CEaHuO$e}0i}U$b2<Iwaa^=MfMjDu
zKaks{^7@MJ*!o=au8)sh&&j@*SPF-hNfq>sZOzb^2{o3v)pgK%fWz?uF+7F7h%;|Y
zEMNZ$l5$7D!t%hm*$FXEe;?lWK*XGtirEH*rxjnZ{}4)T36uLwuTBRKEGfLqs+em*
z;fbKD2t5dgVK8~J@yqw<u2;k24vM)ql;TkKiv&0XzM=2{eUkXXky}dX^4BZuvz6!h
zn426r!cpvI-fwZhT9_^#!2xd}=4U01Ul8t@RIyHY{=y-$N8xu`gux+jKT6`h-J<$|
z6|SEjEUuNLP1HBkPA)gu0mjc5zi<BFYQx`_aze0@$Xj<XPZw8N2jf?XI~@sXbLYKh
z_uz-KIvdkj6h4eP{B_HLLk%DQ0F&{{+|P<c_j?&|d;yaB;flr27n@O6B*kVl_^?v7
zrgK#c7+UfA8Pv&a#27zj+~)gL{pR%C&_OYeM;bTb_dszrr-(;~l~8jv;e7=4HGWq3
z+J5Jk<1Y36!GSwq4ekPsMI;>XBJXhe89z(hbg=oo)=$22%JCZ~Hozg!_#NZKRrc*;
zhTmP9<6!*K@$h>+9~Ky!u_7ntka)qQ^0$%GGIsU2^Wm7@gK`{<Ur%;-dp6}pjlvgl
zVr-)6XQ*8TarY=FOq>R}89&C{(!s5CeEtKG4rZQUuxL#~#A5o*6UULt&G<3rdfT3V
zefra-$vJ*!g&BUz6K~;uRB<sFZ$47~n{;}{X1$odsfS)squK+7^%yRa-ac=QA93Dk
zUH*~7vDKN{l)y&B86AHNH8OtPIdAdq#fRU1cY~a6Skm>x@?+TF&IakfSz0z&booMY
zaW{VLIpxT<(S6F_I-;P9v<ywdg2haD1Q|cO9Pwnt&#OLPwvwHrdl<ju{A+ljk2`c7
z;GGlmd9e6~X^r20_T7{`_4JS5XXbcVaBYLFHtmx`-wmysZ+Eqv7>^K9?Mu|m_&w>&
z$4|C)@75?P$D>P#=mC!);}@u_+$vW1Rs)yEIUdGuRM*HH+v`?b!WTI)J43{JroDpl
zxoGB=4e0kWxT|B1$M1;2#+Wwr>)JmhrHrkf6BA!Y{DHJ?W9#U9+r&b<$35RW_Z!7L
z6biSjfuj0xOqZE;#Ilo$i#YdCaTebmSFB>haV0>RZx@@6EB@}r??{hK{w(BW-<J<r
z0#4bOmc_#7oj~P$!u4z7O9_8$4c?GaFUO$?V%$;C?fu33b!z)$S58cHxM;z&W8lG#
zZQy%jaIHqm&*pe6MNApQG`^O8{=I?E+vddV4i_IFt@~AYl!b@?<ug4>&s{zt$K&^K
zaf-RS*44W$>3;POhW+ZL4X9rAnlff`$6|X=-90ibCvB&?q6~V&eJDKGu|9onegBci
zRh)>7X8(^J>*ao?AwJ(gR)5{{&NLJ^Pb#(Cji1V1zvjurHVZS4VP10s$3;)wMxyp9
zRLA&{?S^Y#Ww>X)TbS2++BLbUV<V9WkK)G9a@Uw0HEjRlWjG^8H4-13QaqFqjl>>!
z1R1~Ny(FU61?6B=88k_jvI@`AdA__jrbMRgY&D0RnB9#;fzv48_;v8h&wo3T@Ba7W
zb3E=h65;ePeowsd1k-!fR!68g9v+QF%4x+vs8(bBJiTY-=EIHGZE0LwJ4Nsm{vKkA
zqWsPq9V4P+#>Htd+NrHeWAPPoFZtKL8;mrSwUdHX51Joh5_A44Rhx<WXB00bsF_GS
zqj=x~c-9&0pV|d*ak2LdT<SI#N8sXkvN=BIM#<vTd8L%{MGJB7yyA~<8=U@5;s0}$
z&{CkUyp*vmMehs9X|Z^4L2(t!E-0mp@VV@8pCIFx#bXy88{Xxb_*60Ty2}seS>w0I
z7j%D|x52~u&2nOjw-!?`qRho&??t7C64_e(teY%JDbPl|dkNQ|Z_jzLm~jbPrAr(A
zf-I_yID`ZN1z_`X>E`OptdZrmxGLr#Oc>O}Wc=*;5BGMK+UM~C_uT!Zuc&=7yIsm>
zZA6dDSpNmv>ifru4dp`@w9DL&O*%l|07|tL>*1l4X)mVV#rej!y$A=Jmx<7?QT2N5
zh3^%}o!X1UJKzM^KZ7T<7o(^zf%`Y$toEYJSKzbl#h26{w-?v$fs1vRcU9?Dv1SMD
zanT!Aj}ddagE(~yW54jKQcbDZL3H_1@y};O%1ULIVw5TqDH}S9xUc@_Vr)kCT3fsS
zi%O!Ed%jlc|D}F<ef~`|jeaWlzPR?S(#_qd!e5t$?1Q(I<)X+O{za|(cNXs7VJt>;
z79*}<ksCiK?>auBUTJH$bC?XqWq*6I5gtLS@kq}F^X}8%Rz4egrPDf|qP3N5GJdT7
zkL|NEE>!BbC@01k6QhO3*!=r?>Yo0><7=g8_R#B<|7(|rcNI&%Ggi5)GPSF?$2KnR
zDm=c=#s7X}-dMUZ@r-HzyqlPL1KF36tL61&P`ta?cpvfqdfFQq<tm6Hpcn<oUUi?)
zUB46iak5(%bN9;5IsN{6f9pk8_`8XvuSL1S(KM|@SrXS6=D5Fjct@%B&(kw|ob=?~
z?EhTu%^vz0#LcPg({Y<VOwVabu1@&VCi7ZnWN!oi`xKM4{1=PHsEg6P#tbkvw%0et
z*Jr}No&j$wsEj_v+$;CgZ(=|7eo{AR@j-MKpKSQ!9AJ#t|60_)m`p}%jh;7Joz_##
ze2gvR15}ESP{-YL@|cU~k~w22tNoV~$LswgSBi0-F@`d$r|9tn^Z!6kG3<%*Z>Cd)
zDE+eM&?4W%Pscb`(sr{NKDg<q6(v4>sCbvtcCMCib3%=ScjwL8<=*l$xZ%=^m%!bl
zgz^BF2eDDY=YisqFBYD>oIM;RT0OvKe^%ESzwrUil+sVy9?FSc!UI<=%Eexy*2A29
z>_$G?w`Gu@axp1Q)b+2bm8?Bn7!<8PE4;O4a^VXX^5BlXHx$-VuX_Ezlw}OLF)L-a
z39p+<!~bEizHQF^@55|d7rZvS#;|Hr6ITa+9@YPc<@Z`S`bO*Gb*ztmlTv+hgA>8+
zr;W>*kFTGwgvU*#)&F}}x&QTp7oH+>Ela%%{>@dzg}x&0S4^z$`if=0Dqi^>_SL7w
zv%caS^#U=%@i(06c8bv7aB(>~MkM}*HMlTFcbl=GQQyaIYpY{k@d-X=^oKFxBP4LI
z9;;tYwjAuWH1PC>mvZLeZqpts9>YUX`iaU<!BO$zeR6WVm`;8bFAjiP@ul9vn2+IW
zeEb$YTITDN{iN6UE&J~tR{q*6IN>Vt4)&>mTM<)6g1%wpx$(GIdrR>_h{2;@F2daj
z!u=1_{46|pr&841<g1^v`h2L>3m>J`Fx^QIt>6(<IZ^-UsrTiuP3^ryZYX923Z9*%
zg~^x>DL)PE^vd}l((?WXt&T_(OOQ4&86F<+Jo@E{JEdB6^T|o8BBmT-9v)loUA%mr
zGf0c)OdPbu;_e?xRb@+Jmdgtz!t7QgN$=Z3oqT`GH+9<#t%m4bypAEJyu<_NQgGny
zcL{5!(k)7l#m!!bPhc=F%_}B}eJ@dsw?8uUk!jmszFxIx*`~vgxqLvUJ)SL56BT;<
z$1WjAogXDvFYMT}?5xdqwA6S?hvzLxqRT6EZ%cUauA%?4nopa@wsC_;fKL#c**Qtf
zghx;eJUFbbM`zi-9>4Kpc*swOhR7Iar_5c$X7rzr7(M|+!zU(*Z<zKi&-O8?1kySo
zSO2)pPd-1{w-3_F2b8Om=2o+~xbK7mpT|yLzN!6-ktf@071PG<MAF<I7MGwKaBzjg
z_4KPLnJqqd)EscjgU{p<!xK)O7KuYkk3UcwF}Nq={_Q$o?s_B*9-u#JsO8tRU8&LE
zegX$fIVNq7m`X_6p;Y73Wgl(EP#H0()*luxtD4Lwlh><QN`=7v4bR<C3?D}}OVKwO
zdwS~?&$`ErKt{Z7#tr^hG16>tb$|PV@md4LCbPv~DKuEzG+R!%zp)VQ&hDqd;*?^+
z4{Hw=cN9x+MI9>ISS(xcU&d(j&V86Zw%=^~xNuaPmHhAvPj1=FD#Ju=2Xyi=c<?d!
z$K@hc{679wMcG`8;Duo#5gtmf;bO7_D${v{*aLRYJ5rzQ^XG&gI=4N-1t|jgJQ$x-
zCy4@9i<k1=ND*SSc)V@ipmY^^aA+^5SAJ>loNhxNc<jk~tsW_+TT#j*yd1y}#v%`t
zJKSi#>o4#K&`-d>r;4wvsF%UMqlHr*q^LDoPqDAij~R_N_j;tY1fQf~rjHig=+PV=
zoN+^T{1R-f)r9kyBZ70ko`;KjJ$P`PhRpMxQ|@3<4E`wA3%vo4Ys}-+SbaTpX#GWt
zNT)5lFp$swuZ|Tyc`eP9Q{%*lycQR?-_Zi*)vwN+^rW+2(Nlh$xnFF^YjIUZj~Ack
zMaK@DAYOvqrcKbR*Z0Ae2W<jUJoN<JBlS;dmBkapsUUo0hbCoA5NVF6&Nigs^6r-W
z<ntLnRqu{8SRq{A842QqBf4q-1aS+VN|lMi-3Hr#qIl^84xcDm(e64?Z1h2<7{8>6
zVw}y=%snDeUp>)Ni-peqVslR|Q|(j6^oio0&El_rc34BsGG)<3(LW#N(z=QIXD+oX
zukmwwcjj`W<D$Zh-!)OJ$cO44g$M5x6T?S*ye~Dhko3TAaBZS^m=AO3CsZ@PrIveC
zx;~oQXN~yw-DQJk!jtO?BN3M_2INPB)=v^1CDDMaNn&4q@X<+PnG?A5WHGY<c<p3S
zh`eXANGyT|BI$+6!pQ^D;3?u8Mj5Op@pqpwRX@{|EBI)|vpl8s?My4w@LV-jY%GVS
zZiZ(uG~{7c`pgB6H$t?A_;V4U*lGolx2%T#X{xIt6N&<^7H4tN&tjGJatV5Sp&h2_
zt9R3eJnA{WhErs3p&_WwAAc^SdLc^<rROx!s}Q>R?OE!z@)q9~LJeN4;@dj(b^ZDD
zc|mAkgBhY#1#s6H;#6UD$&eZPdkP5)#@+g;%s%6DzF@pCCr4`f3{eIn6to1M&gi^T
zLHEopzHrt*@6|Tn%`)c7*!?agPCVjAjGRGwi?tz>bv8yj=qOSYMP7x%=iPA|-Zla$
z<Su&!F@+Ixzt<19e@!2b$8X3>+xu?M5I=FI7=y|0@05UNVTUE(b@zAIUj)!zZ7DHR
z)GmU#rq3Z4#bc)Uz#S>k(LDkzF5=T7mQsr6O!3eUV$e)+j~&urrYKMp9nuQf^2F-Y
z?8^?d2UM9P8-q=*%S;ho6yp>p3w9ZQbitm8jPIof7R;ELqQ^VPYsyR!R~mUOfG0PT
z%O!<R(X`$_NKeeS4`&LWa+VSfHL_=S=1k#K3~Bbr+$*Fu^n7y9gC8E^({e7yb2G(y
zRA0F<Q?x390r?r89FR4ShfIuEP%caJ^yg~@Z(p#sS>h9xQel=p0B7$EzVv;mmi$16
zLx!3K&Jx$)5!4JGynY+~(ZQlu9H#MPEIp!RT5Hji?aLN5Tqt9(ArG7-e2OFOICvC6
z+K5lOJT4d4h7X^3;p`V^`p4-eeky4RP_E4q{kcoX5#!*zM8?Xi*~0Du#@zIE1MgBr
zGv{1>M^uppJIH&Ez7O4rTyL$Dvg*97fG^&tM+~c$|GUsTP1RWiwHVAjye&6JoM759
z=vJP?il3WWZ_lbP?&qZKD05x5AYV|~9aA6V#29PEsIMF%x!XBg(Km7lh!09&@=1Sj
ziiT{gc(1&rBsX*;Gous!$u>H{$W-e=IR&$OY|T7zifcf3a<*dgmRqp<+c&J|)5Sh^
zx3PS4ZHJ}Yiwb=T9j(9jWY!FOi=3V`Dr~G+qalex%ydN$k48#<%J1HA^q^apl(Je%
z?dod=VmRr1=9lxlQ@1=W>$Qo4(OD(LH?COI3ucO<rNDBem0d#gD1|DHn<a*ovNQ`S
zHeX+I%RcYpbbqG<Pp#Zp(5<Cq%*(DbI^I3g@S=>t!ZPYBo0mPiQ14NkWk$SV8w_2W
zg?dM7=PJF&ii>5HEDlPZMf1?*Z(R)m|8_MP`<F4MaxDL5;AD;U#q@e|qdCT?8rd59
z>!;?|b-j%x9DGg2$=mQSI?&i?FO<od>)B^~qgd}HBD^em_q9{6?6vI8n|W7+n^7xc
zi5XV~M%lSqp$&>&7iX(q&eB`!VJYRFyiDKU3zm5L{==!)jFT0vy^NfU3L34^_v-8#
zh#uu+t5~hqosHAT+vj-4IpQTQMvU`V?&WW647oRqzd0ejR^fm2{Fm7pmk6)-yqwz}
ze8;QwWPOvY)V$oXLt$SP(-x|Bnl}0!>q?$l-*&>3TOE7RI0+jqG6q{-w8(iTc2=~s
zkZ-_=GL<YL*(>#JE3o!Tv8s}O)%kZT)xGvg{lc(gXS4gRZ?eW}&C#x4-cloD*o_r{
zf?DwM>Mibun=z&I3k82AeYNQJ438B(*N8dq;2Qqzk0e@Th@ZT0;(q(R`}-Nfw+gnK
zH{M_K9cI&j4E>?!tgM3vW6JyCDKp-w)IMgPks(GQt+GBt%&%hcaz6o2o+V#@MB`-s
zHbZ<<#p0oat)1tI1TvxfdL-cUnEqv+>^*;}V$GbaJFXQiJaGfAWyu@x(qf^fB|yHz
z`lg#?eiDo2C|mq`Nvo6eq55(C&{-Y7OZp8%h1acl0@thLz8Fu<dC_IOk?n++Gj)$Y
z*IAtL!a6oek-ewL>gF?gK&EjWAQG#h`~R_>%83kd3ZAw`>$I<HrOgqKs#;vl|MI0t
z_qV*Vi~iWLUQEXW7UNdXJqdSZJXhYY+c_ezWpQ*l&Xw97{lWF(t7@3_r`HQ7Z`{*<
zyI$|I+j&mhEm>>?ABpi&4wnG>+hn4Px206zV|ekILc6QOs#J9k!JE>!chg?cdL?6~
zR6SklqrjH_GCeLd^#>O6R?^k1UzjQdHi+N7EnfL5ZP4DzPy6el;AI6bet+B`M&P#A
z-Cy2=I=d{cRzf*$*UI+eJ-&XU>!RqF$IfNZ5xd~bidHR|sCH>P^e3%4nzOu14hq<$
z->`}bVb!kmuY-@&(O~VN!rMEo*(TAfIy$Y_CXrSh-HZnn3t_wcwOa-wcPErDpVmx-
z$*Y;)*7R&P?s8e<g=F-uafkiJ3Tsn#?k3U77x&LgH;ECxSXG~F5=(qh_~A`rJM?^C
zA@3^48~fWm=<d&_>kkg5937Sa;_+{u>rD^F<C4Gjv39%n`aUH$pj<b!#`#p<554XF
z!yn%Pk|*rsWy0=nae3RT$gXa0{4hj&9+OAx^~W9W>y<UO$Jce^N`vPc?eT!y+ix7T
z_n))x*p+{{2Q+T~+@EjJuVU-^D1GDl{N^qvQ?A=B<6LB%*l<B%^qGDk=4{2JMCbSh
zV&wj@3Ccg5DqbHk>E6otAI}ozpDa8oy_rBov8!Q)n*RDeQJ-!43P}O;Ia8y3-NbO`
zsspq%HTZ5`>Nb&98)K-wa8tqoZ7L%+*S6FM`fFxwv-He*fQuuuyP=Vh$NXFH=^t-Q
z1N=-WS;D;z+K&H#EvOEjGik4}mnexX`SnUWneS$ad37wc^7lQ6PaSaFI;4nac1r^O
zi`bYjOWATw@qGgB-r{AAcjGoTEjk-MY=ZF}h^8U~ZmA<2b$RZ#(i=-m+*oNMY~HlB
z>)ozPzHwU)%!JL)_fi+tx_IkA^HuAl|Ii)Vs<i&{;ic`c`Iw=_yB$vqI8bxOXEHv-
zR&&LQj~n=$k?|Y99$c($eYa!RVRMnkm7iH+)c$_uS3H1F6oQzzZ{^WUzY}JZUIO;o
zGe0d^*WGJhNf8rnDI2;H&$C(mtL=w>)bV2v*Nw3GbYXPK_Jv**5BTO&*xXAF*X-Ul
zY*4L>E{FAQ**?l54u)G66o?#{l7RnpuXoIl=mA+H>RP@wXZ5OQSr?FXa=0ab$*i<F
zmVk1iQ4fn-*37+@nk5VLiB9oONsdbB-#eyH*0BqgogSjZHp@t{>nL2t{$?puC@bFC
zL0C|(ek62=ZZjaJe)3cPr!hDjQ!S#en}Y{l*uzoExl)nQ721B8zH8MPm%*p2g{10U
Raj9a^2Boq%>gI6h{{VWi7>ED>

diff --git a/dashboard/package.json b/dashboard/package.json
index 4e18553..11080c0 100644
--- a/dashboard/package.json
+++ b/dashboard/package.json
@@ -30,10 +30,13 @@
     "@tanstack/react-table": "^8.20.5",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.0",
+    "dotenv": "^16.4.7",
+    "drizzle-orm": "^0.38.3",
     "lucide-react": "^0.462.0",
     "next": "15.0.3",
     "next-themes": "^0.4.3",
     "oslo": "^1.1.3",
+    "pg": "^8.13.1",
     "react": "19.0.0-rc-66855b96-20241106",
     "react-dom": "19.0.0-rc-66855b96-20241106",
     "react-hook-form": "^7.51.0",
@@ -48,14 +51,17 @@
   },
   "devDependencies": {
     "@types/node": "^22.9.3",
+    "@types/pg": "^8.11.10",
     "@types/react": "npm:types-react@19.0.0-rc.1",
     "@types/react-dom": "npm:types-react-dom@19.0.0-rc.1",
     "autoprefixer": "^10.0.1",
+    "drizzle-kit": "^0.30.1",
     "eslint": "^8",
     "eslint-config-next": "15.0.3",
     "postcss": "^8",
     "tailwindcss": "^3.3.0",
     "ts-node": "^10.9.2",
+    "tsx": "^4.19.2",
     "typescript": "^5.4.2"
   },
   "overrides": {
-- 
2.45.3


From a60800ad0183a235795cc5fc229f74d1e3fafac8 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 10:17:34 +0100
Subject: [PATCH 45/66] NORY-41: add basic drizzle configuration

---
 dashboard/drizzle.config.ts    | 14 ++++++++++++++
 dashboard/drizzle/relations.ts |  0
 dashboard/drizzle/schema.ts    |  0
 dashboard/src/db/index.ts      | 10 ++++++++++
 dashboard/src/db/schema.ts     |  0
 5 files changed, 24 insertions(+)
 create mode 100644 dashboard/drizzle.config.ts
 create mode 100644 dashboard/drizzle/relations.ts
 create mode 100644 dashboard/drizzle/schema.ts
 create mode 100644 dashboard/src/db/index.ts
 create mode 100644 dashboard/src/db/schema.ts

diff --git a/dashboard/drizzle.config.ts b/dashboard/drizzle.config.ts
new file mode 100644
index 0000000..21ed5ad
--- /dev/null
+++ b/dashboard/drizzle.config.ts
@@ -0,0 +1,14 @@
+'use server';
+
+import 'dotenv/config';
+import { defineConfig } from 'drizzle-kit';
+
+
+export default defineConfig({
+    out: './drizzle',
+    schema: './src/db/schema.ts',
+    dialect: 'postgresql',
+    dbCredentials: {
+        url: process.env.DATABASE_URL!,
+    },
+});
diff --git a/dashboard/drizzle/relations.ts b/dashboard/drizzle/relations.ts
new file mode 100644
index 0000000..e69de29
diff --git a/dashboard/drizzle/schema.ts b/dashboard/drizzle/schema.ts
new file mode 100644
index 0000000..e69de29
diff --git a/dashboard/src/db/index.ts b/dashboard/src/db/index.ts
new file mode 100644
index 0000000..8b0e187
--- /dev/null
+++ b/dashboard/src/db/index.ts
@@ -0,0 +1,10 @@
+'use server';
+
+import 'dotenv/config';
+import { drizzle } from 'drizzle-orm/node-postgres';
+
+const db = drizzle(process.env.DATABASE_URL!);
+
+export async function getDB() {
+    return db;
+}
diff --git a/dashboard/src/db/schema.ts b/dashboard/src/db/schema.ts
new file mode 100644
index 0000000..e69de29
-- 
2.45.3


From ebba31d6f621a0fedfe6ee195dd4804bf0a79848 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 10:19:20 +0100
Subject: [PATCH 46/66] NORY-41: pull drizzle schema from database

---
 dashboard/drizzle/0000_square_moondragon.sql |  484 ++
 dashboard/drizzle/meta/0000_snapshot.json    | 4700 ++++++++++++++++++
 dashboard/drizzle/meta/_journal.json         |   13 +
 dashboard/drizzle/relations.ts               |  334 ++
 dashboard/drizzle/schema.ts                  |  713 +++
 dashboard/src/db/schema.ts                   |  713 +++
 6 files changed, 6957 insertions(+)
 create mode 100644 dashboard/drizzle/0000_square_moondragon.sql
 create mode 100644 dashboard/drizzle/meta/0000_snapshot.json
 create mode 100644 dashboard/drizzle/meta/_journal.json

diff --git a/dashboard/drizzle/0000_square_moondragon.sql b/dashboard/drizzle/0000_square_moondragon.sql
new file mode 100644
index 0000000..5400fe7
--- /dev/null
+++ b/dashboard/drizzle/0000_square_moondragon.sql
@@ -0,0 +1,484 @@
+-- Current sql file was generated after introspecting the database
+-- If you want to run this migration please uncomment this code before executing migrations
+/*
+CREATE TABLE "schema_migration" (
+	"version" varchar(48) NOT NULL,
+	"version_self" integer DEFAULT 0 NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "identity_credentials" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"config" jsonb NOT NULL,
+	"identity_credential_type_id" uuid NOT NULL,
+	"identity_id" uuid NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"nid" uuid,
+	"version" integer DEFAULT 0 NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "identity_credential_types" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"name" varchar(32) NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "selfservice_login_flows" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"request_url" text NOT NULL,
+	"issued_at" timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"active_method" varchar(32) NOT NULL,
+	"csrf_token" varchar(255) NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"forced" boolean DEFAULT false NOT NULL,
+	"type" varchar(16) DEFAULT 'browser' NOT NULL,
+	"ui" jsonb,
+	"nid" uuid,
+	"requested_aal" varchar(4) DEFAULT 'aal1' NOT NULL,
+	"internal_context" jsonb NOT NULL,
+	"oauth2_login_challenge" uuid,
+	"oauth2_login_challenge_data" text,
+	"state" varchar(255),
+	"submit_count" integer DEFAULT 0 NOT NULL,
+	"organization_id" uuid
+);
+--> statement-breakpoint
+CREATE TABLE "networks" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "selfservice_registration_flows" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"request_url" text NOT NULL,
+	"issued_at" timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"active_method" varchar(32) NOT NULL,
+	"csrf_token" varchar(255) NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"type" varchar(16) DEFAULT 'browser' NOT NULL,
+	"ui" jsonb,
+	"nid" uuid,
+	"internal_context" jsonb NOT NULL,
+	"oauth2_login_challenge" uuid,
+	"oauth2_login_challenge_data" text,
+	"state" varchar(255),
+	"submit_count" integer DEFAULT 0 NOT NULL,
+	"organization_id" uuid
+);
+--> statement-breakpoint
+CREATE TABLE "identities" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"schema_id" varchar(2048) NOT NULL,
+	"traits" jsonb NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"nid" uuid,
+	"state" varchar(255) DEFAULT 'active' NOT NULL,
+	"state_changed_at" timestamp,
+	"metadata_public" jsonb,
+	"metadata_admin" jsonb,
+	"available_aal" varchar(4),
+	"organization_id" uuid
+);
+--> statement-breakpoint
+CREATE TABLE "identity_credential_identifiers" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"identifier" varchar(255) NOT NULL,
+	"identity_credential_id" uuid NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"nid" uuid,
+	"identity_credential_type_id" uuid NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "identity_verifiable_addresses" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"status" varchar(16) NOT NULL,
+	"via" varchar(16) NOT NULL,
+	"verified" boolean NOT NULL,
+	"value" varchar(400) NOT NULL,
+	"verified_at" timestamp,
+	"identity_id" uuid NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"nid" uuid
+);
+--> statement-breakpoint
+CREATE TABLE "courier_messages" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"type" integer NOT NULL,
+	"status" integer NOT NULL,
+	"body" text NOT NULL,
+	"subject" varchar(255) NOT NULL,
+	"recipient" varchar(255) NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"template_type" varchar(255) DEFAULT '' NOT NULL,
+	"template_data" "bytea",
+	"nid" uuid,
+	"send_count" integer DEFAULT 0 NOT NULL,
+	"channel" varchar(32)
+);
+--> statement-breakpoint
+CREATE TABLE "selfservice_errors" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"errors" jsonb NOT NULL,
+	"seen_at" timestamp,
+	"was_seen" boolean NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"csrf_token" varchar(255) DEFAULT '' NOT NULL,
+	"nid" uuid
+);
+--> statement-breakpoint
+CREATE TABLE "selfservice_verification_flows" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"request_url" text NOT NULL,
+	"issued_at" timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"csrf_token" varchar(255) NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"type" varchar(16) DEFAULT 'browser' NOT NULL,
+	"state" varchar(255) DEFAULT 'show_form' NOT NULL,
+	"active_method" varchar(32),
+	"ui" jsonb,
+	"nid" uuid,
+	"submit_count" integer DEFAULT 0 NOT NULL,
+	"oauth2_login_challenge" text,
+	"session_id" uuid,
+	"identity_id" uuid,
+	"authentication_methods" json
+);
+--> statement-breakpoint
+CREATE TABLE "selfservice_settings_flows" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"request_url" text NOT NULL,
+	"issued_at" timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"identity_id" uuid NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"active_method" varchar(32),
+	"state" varchar(255) DEFAULT 'show_form' NOT NULL,
+	"type" varchar(16) DEFAULT 'browser' NOT NULL,
+	"ui" jsonb,
+	"nid" uuid,
+	"internal_context" jsonb NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "continuity_containers" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"identity_id" uuid,
+	"name" varchar(255) NOT NULL,
+	"payload" jsonb,
+	"expires_at" timestamp NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"nid" uuid
+);
+--> statement-breakpoint
+CREATE TABLE "sessions" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"issued_at" timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"authenticated_at" timestamp NOT NULL,
+	"identity_id" uuid NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"token" varchar(39),
+	"active" boolean DEFAULT false,
+	"nid" uuid,
+	"logout_token" varchar(39),
+	"aal" varchar(4) DEFAULT 'aal1' NOT NULL,
+	"authentication_methods" jsonb NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "identity_recovery_addresses" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"via" varchar(16) NOT NULL,
+	"value" varchar(400) NOT NULL,
+	"identity_id" uuid NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"nid" uuid
+);
+--> statement-breakpoint
+CREATE TABLE "identity_verification_tokens" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"token" varchar(64) NOT NULL,
+	"used" boolean DEFAULT false NOT NULL,
+	"used_at" timestamp,
+	"expires_at" timestamp NOT NULL,
+	"issued_at" timestamp NOT NULL,
+	"identity_verifiable_address_id" uuid NOT NULL,
+	"selfservice_verification_flow_id" uuid NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"nid" uuid
+);
+--> statement-breakpoint
+CREATE TABLE "selfservice_recovery_flows" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"request_url" text NOT NULL,
+	"issued_at" timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"active_method" varchar(32),
+	"csrf_token" varchar(255) NOT NULL,
+	"state" varchar(32) NOT NULL,
+	"recovered_identity_id" uuid,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"type" varchar(16) DEFAULT 'browser' NOT NULL,
+	"ui" jsonb,
+	"nid" uuid,
+	"submit_count" integer DEFAULT 0 NOT NULL,
+	"skip_csrf_check" boolean DEFAULT false NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "identity_recovery_tokens" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"token" varchar(64) NOT NULL,
+	"used" boolean DEFAULT false NOT NULL,
+	"used_at" timestamp,
+	"identity_recovery_address_id" uuid,
+	"selfservice_recovery_flow_id" uuid,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"expires_at" timestamp DEFAULT '2000-01-01 00:00:00' NOT NULL,
+	"issued_at" timestamp DEFAULT '2000-01-01 00:00:00' NOT NULL,
+	"nid" uuid,
+	"identity_id" uuid NOT NULL,
+	"token_type" integer DEFAULT 0 NOT NULL,
+	CONSTRAINT "identity_recovery_tokens_token_type_ck" CHECK ((token_type = 1) OR (token_type = 2))
+);
+--> statement-breakpoint
+CREATE TABLE "identity_recovery_codes" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"code" varchar(64) NOT NULL,
+	"used_at" timestamp,
+	"identity_recovery_address_id" uuid,
+	"code_type" integer NOT NULL,
+	"expires_at" timestamp DEFAULT '2000-01-01 00:00:00' NOT NULL,
+	"issued_at" timestamp DEFAULT '2000-01-01 00:00:00' NOT NULL,
+	"selfservice_recovery_flow_id" uuid NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"nid" uuid NOT NULL,
+	"identity_id" uuid NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "session_devices" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"ip_address" varchar(50) DEFAULT '',
+	"user_agent" varchar(512) DEFAULT '',
+	"location" varchar(512) DEFAULT '',
+	"nid" uuid NOT NULL,
+	"session_id" uuid NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	CONSTRAINT "unique_session_device" UNIQUE("ip_address","user_agent","nid","session_id")
+);
+--> statement-breakpoint
+CREATE TABLE "identity_verification_codes" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"code_hmac" varchar(64) NOT NULL,
+	"used_at" timestamp,
+	"identity_verifiable_address_id" uuid,
+	"expires_at" timestamp DEFAULT '2000-01-01 00:00:00' NOT NULL,
+	"issued_at" timestamp DEFAULT '2000-01-01 00:00:00' NOT NULL,
+	"selfservice_verification_flow_id" uuid NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"nid" uuid NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "courier_message_dispatches" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"message_id" uuid NOT NULL,
+	"status" varchar(7) NOT NULL,
+	"error" json,
+	"nid" uuid NOT NULL,
+	"created_at" timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
+	"updated_at" timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "session_token_exchanges" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"nid" uuid NOT NULL,
+	"flow_id" uuid NOT NULL,
+	"session_id" uuid,
+	"init_code" varchar(64) NOT NULL,
+	"return_to_code" varchar(64) NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "identity_login_codes" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"code" varchar(64) NOT NULL,
+	"address" varchar(255) NOT NULL,
+	"address_type" char(36) NOT NULL,
+	"used_at" timestamp,
+	"expires_at" timestamp DEFAULT '2000-01-01 00:00:00' NOT NULL,
+	"issued_at" timestamp DEFAULT '2000-01-01 00:00:00' NOT NULL,
+	"selfservice_login_flow_id" uuid NOT NULL,
+	"identity_id" uuid NOT NULL,
+	"created_at" timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
+	"updated_at" timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
+	"nid" uuid NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "identity_registration_codes" (
+	"id" uuid PRIMARY KEY NOT NULL,
+	"code" varchar(64) NOT NULL,
+	"address" varchar(255) NOT NULL,
+	"address_type" char(36) NOT NULL,
+	"used_at" timestamp,
+	"expires_at" timestamp DEFAULT '2000-01-01 00:00:00' NOT NULL,
+	"issued_at" timestamp DEFAULT '2000-01-01 00:00:00' NOT NULL,
+	"selfservice_registration_flow_id" uuid NOT NULL,
+	"created_at" timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
+	"updated_at" timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
+	"nid" uuid NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "identity_credentials" ADD CONSTRAINT "identity_credentials_identity_id_fkey" FOREIGN KEY ("identity_id") REFERENCES "public"."identities"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_credentials" ADD CONSTRAINT "identity_credentials_identity_credential_type_id_fkey" FOREIGN KEY ("identity_credential_type_id") REFERENCES "public"."identity_credential_types"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_credentials" ADD CONSTRAINT "identity_credentials_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "selfservice_login_flows" ADD CONSTRAINT "selfservice_login_flows_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "selfservice_registration_flows" ADD CONSTRAINT "selfservice_registration_flows_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "identities" ADD CONSTRAINT "identities_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "identity_credential_identifiers" ADD CONSTRAINT "identity_credential_identifiers_identity_credential_id_fkey" FOREIGN KEY ("identity_credential_id") REFERENCES "public"."identity_credentials"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_credential_identifiers" ADD CONSTRAINT "identity_credential_identifiers_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "identity_credential_identifiers" ADD CONSTRAINT "identity_credential_identifiers_type_id_fk_idx" FOREIGN KEY ("identity_credential_type_id") REFERENCES "public"."identity_credential_types"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "identity_verifiable_addresses" ADD CONSTRAINT "identity_verifiable_addresses_identity_id_fkey" FOREIGN KEY ("identity_id") REFERENCES "public"."identities"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_verifiable_addresses" ADD CONSTRAINT "identity_verifiable_addresses_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "courier_messages" ADD CONSTRAINT "courier_messages_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "selfservice_errors" ADD CONSTRAINT "selfservice_errors_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "selfservice_verification_flows" ADD CONSTRAINT "selfservice_verification_flows_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "selfservice_settings_flows" ADD CONSTRAINT "selfservice_profile_management_requests_identity_id_fkey" FOREIGN KEY ("identity_id") REFERENCES "public"."identities"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "selfservice_settings_flows" ADD CONSTRAINT "selfservice_settings_flows_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "continuity_containers" ADD CONSTRAINT "continuity_containers_identity_id_fkey" FOREIGN KEY ("identity_id") REFERENCES "public"."identities"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "continuity_containers" ADD CONSTRAINT "continuity_containers_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "sessions" ADD CONSTRAINT "sessions_identity_id_fkey" FOREIGN KEY ("identity_id") REFERENCES "public"."identities"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "sessions" ADD CONSTRAINT "sessions_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "identity_recovery_addresses" ADD CONSTRAINT "identity_recovery_addresses_identity_id_fkey" FOREIGN KEY ("identity_id") REFERENCES "public"."identities"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_recovery_addresses" ADD CONSTRAINT "identity_recovery_addresses_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "identity_verification_tokens" ADD CONSTRAINT "identity_verification_tokens_identity_verifiable_address_i_fkey" FOREIGN KEY ("identity_verifiable_address_id") REFERENCES "public"."identity_verifiable_addresses"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_verification_tokens" ADD CONSTRAINT "identity_verification_tokens_selfservice_verification_flow_fkey" FOREIGN KEY ("selfservice_verification_flow_id") REFERENCES "public"."selfservice_verification_flows"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_verification_tokens" ADD CONSTRAINT "identity_verification_tokens_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "selfservice_recovery_flows" ADD CONSTRAINT "selfservice_recovery_requests_recovered_identity_id_fkey" FOREIGN KEY ("recovered_identity_id") REFERENCES "public"."identities"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "selfservice_recovery_flows" ADD CONSTRAINT "selfservice_recovery_flows_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "identity_recovery_tokens" ADD CONSTRAINT "identity_recovery_tokens_selfservice_recovery_request_id_fkey" FOREIGN KEY ("selfservice_recovery_flow_id") REFERENCES "public"."selfservice_recovery_flows"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_recovery_tokens" ADD CONSTRAINT "identity_recovery_tokens_nid_fk_idx" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "identity_recovery_tokens" ADD CONSTRAINT "identity_recovery_tokens_identity_recovery_address_id_fkey" FOREIGN KEY ("identity_recovery_address_id") REFERENCES "public"."identity_recovery_addresses"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_recovery_tokens" ADD CONSTRAINT "identity_recovery_tokens_identity_id_fk_idx" FOREIGN KEY ("identity_id") REFERENCES "public"."identities"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "identity_recovery_codes" ADD CONSTRAINT "identity_recovery_codes_identity_recovery_addresses_id_fk" FOREIGN KEY ("identity_recovery_address_id") REFERENCES "public"."identity_recovery_addresses"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_recovery_codes" ADD CONSTRAINT "identity_recovery_codes_selfservice_recovery_flows_id_fk" FOREIGN KEY ("selfservice_recovery_flow_id") REFERENCES "public"."selfservice_recovery_flows"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_recovery_codes" ADD CONSTRAINT "identity_recovery_codes_identity_id_fk" FOREIGN KEY ("identity_id") REFERENCES "public"."identities"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "identity_recovery_codes" ADD CONSTRAINT "identity_recovery_codes_networks_id_fk" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "session_devices" ADD CONSTRAINT "session_metadata_sessions_id_fk" FOREIGN KEY ("session_id") REFERENCES "public"."sessions"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "session_devices" ADD CONSTRAINT "session_metadata_nid_fk" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_verification_codes" ADD CONSTRAINT "identity_verification_codes_identity_verifiable_addresses_id_fk" FOREIGN KEY ("identity_verifiable_address_id") REFERENCES "public"."identity_verifiable_addresses"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_verification_codes" ADD CONSTRAINT "identity_verification_codes_selfservice_verification_flows_id_f" FOREIGN KEY ("selfservice_verification_flow_id") REFERENCES "public"."selfservice_verification_flows"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_verification_codes" ADD CONSTRAINT "identity_verification_codes_networks_id_fk" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "courier_message_dispatches" ADD CONSTRAINT "courier_message_dispatches_message_id_fk" FOREIGN KEY ("message_id") REFERENCES "public"."courier_messages"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "courier_message_dispatches" ADD CONSTRAINT "courier_message_dispatches_nid_fk" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_login_codes" ADD CONSTRAINT "identity_login_codes_selfservice_login_flows_id_fk" FOREIGN KEY ("selfservice_login_flow_id") REFERENCES "public"."selfservice_login_flows"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_login_codes" ADD CONSTRAINT "identity_login_codes_networks_id_fk" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "identity_login_codes" ADD CONSTRAINT "identity_login_codes_identity_id_fk" FOREIGN KEY ("identity_id") REFERENCES "public"."identities"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+ALTER TABLE "identity_registration_codes" ADD CONSTRAINT "identity_registration_codes_selfservice_registration_flows_id_f" FOREIGN KEY ("selfservice_registration_flow_id") REFERENCES "public"."selfservice_registration_flows"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "identity_registration_codes" ADD CONSTRAINT "identity_registration_codes_networks_id_fk" FOREIGN KEY ("nid") REFERENCES "public"."networks"("id") ON DELETE cascade ON UPDATE restrict;--> statement-breakpoint
+CREATE UNIQUE INDEX "schema_migration_version_idx" ON "schema_migration" USING btree ("version" text_ops);--> statement-breakpoint
+CREATE INDEX "schema_migration_version_self_idx" ON "schema_migration" USING btree ("version_self" int4_ops);--> statement-breakpoint
+CREATE INDEX "identity_credentials_id_nid_idx" ON "identity_credentials" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_credentials_nid_id_idx" ON "identity_credentials" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_credentials_nid_identity_id_idx" ON "identity_credentials" USING btree ("identity_id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE UNIQUE INDEX "identity_credential_types_name_idx" ON "identity_credential_types" USING btree ("name" text_ops);--> statement-breakpoint
+CREATE INDEX "selfservice_login_flows_id_nid_idx" ON "selfservice_login_flows" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "selfservice_login_flows_nid_id_idx" ON "selfservice_login_flows" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "selfservice_registration_flows_id_nid_idx" ON "selfservice_registration_flows" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "selfservice_registration_flows_nid_id_idx" ON "selfservice_registration_flows" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identities_id_nid_idx" ON "identities" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identities_nid_id_idx" ON "identities" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_credential_identifiers_id_nid_idx" ON "identity_credential_identifiers" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE UNIQUE INDEX "identity_credential_identifiers_identifier_nid_type_uq_idx" ON "identity_credential_identifiers" USING btree ("nid" uuid_ops,"identity_credential_type_id" uuid_ops,"identifier" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_credential_identifiers_nid_i_ici_idx" ON "identity_credential_identifiers" USING btree ("nid" text_ops,"identifier" text_ops,"identity_credential_id" text_ops);--> statement-breakpoint
+CREATE INDEX "identity_credential_identifiers_nid_id_idx" ON "identity_credential_identifiers" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_credential_identifiers_nid_identity_credential_id_idx" ON "identity_credential_identifiers" USING btree ("identity_credential_id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_verifiable_addresses_id_nid_idx" ON "identity_verifiable_addresses" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_verifiable_addresses_nid_id_idx" ON "identity_verifiable_addresses" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_verifiable_addresses_nid_identity_id_idx" ON "identity_verifiable_addresses" USING btree ("identity_id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_verifiable_addresses_status_via_idx" ON "identity_verifiable_addresses" USING btree ("nid" text_ops,"via" text_ops,"value" text_ops);--> statement-breakpoint
+CREATE UNIQUE INDEX "identity_verifiable_addresses_status_via_uq_idx" ON "identity_verifiable_addresses" USING btree ("nid" text_ops,"via" text_ops,"value" uuid_ops);--> statement-breakpoint
+CREATE INDEX "courier_messages_id_nid_idx" ON "courier_messages" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "courier_messages_nid_created_at_id_idx" ON "courier_messages" USING btree ("nid" timestamp_ops,"created_at" uuid_ops);--> statement-breakpoint
+CREATE INDEX "courier_messages_nid_id_idx" ON "courier_messages" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "courier_messages_nid_recipient_created_at_id_idx" ON "courier_messages" USING btree ("nid" timestamp_ops,"recipient" text_ops,"created_at" uuid_ops);--> statement-breakpoint
+CREATE INDEX "courier_messages_nid_status_created_at_id_idx" ON "courier_messages" USING btree ("nid" uuid_ops,"status" timestamp_ops,"created_at" uuid_ops);--> statement-breakpoint
+CREATE INDEX "courier_messages_status_idx" ON "courier_messages" USING btree ("status" int4_ops);--> statement-breakpoint
+CREATE INDEX "selfservice_errors_errors_nid_id_idx" ON "selfservice_errors" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "selfservice_verification_flows_id_nid_idx" ON "selfservice_verification_flows" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "selfservice_verification_flows_nid_id_idx" ON "selfservice_verification_flows" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "selfservice_settings_flows_id_nid_idx" ON "selfservice_settings_flows" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "selfservice_settings_flows_identity_id_nid_idx" ON "selfservice_settings_flows" USING btree ("identity_id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "selfservice_settings_flows_nid_id_idx" ON "selfservice_settings_flows" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "continuity_containers_id_nid_idx" ON "continuity_containers" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "continuity_containers_identity_id_nid_idx" ON "continuity_containers" USING btree ("identity_id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "continuity_containers_nid_id_idx" ON "continuity_containers" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "sessions_id_nid_idx" ON "sessions" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "sessions_identity_id_nid_sorted_idx" ON "sessions" USING btree ("identity_id" timestamp_ops,"nid" timestamp_ops,"authenticated_at" uuid_ops);--> statement-breakpoint
+CREATE UNIQUE INDEX "sessions_logout_token_uq_idx" ON "sessions" USING btree ("logout_token" text_ops);--> statement-breakpoint
+CREATE INDEX "sessions_nid_created_at_id_idx" ON "sessions" USING btree ("nid" uuid_ops,"created_at" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "sessions_nid_id_identity_id_idx" ON "sessions" USING btree ("nid" uuid_ops,"identity_id" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "sessions_token_nid_idx" ON "sessions" USING btree ("nid" uuid_ops,"token" text_ops);--> statement-breakpoint
+CREATE UNIQUE INDEX "sessions_token_uq_idx" ON "sessions" USING btree ("token" text_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_addresses_id_nid_idx" ON "identity_recovery_addresses" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_addresses_nid_id_idx" ON "identity_recovery_addresses" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_addresses_nid_identity_id_idx" ON "identity_recovery_addresses" USING btree ("identity_id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_addresses_status_via_idx" ON "identity_recovery_addresses" USING btree ("nid" text_ops,"via" text_ops,"value" text_ops);--> statement-breakpoint
+CREATE UNIQUE INDEX "identity_recovery_addresses_status_via_uq_idx" ON "identity_recovery_addresses" USING btree ("nid" text_ops,"via" text_ops,"value" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_verification_tokens_id_nid_idx" ON "identity_verification_tokens" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_verification_tokens_nid_id_idx" ON "identity_verification_tokens" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_verification_tokens_token_nid_used_flow_id_idx" ON "identity_verification_tokens" USING btree ("nid" uuid_ops,"token" bool_ops,"used" text_ops,"selfservice_verification_flow_id" uuid_ops);--> statement-breakpoint
+CREATE UNIQUE INDEX "identity_verification_tokens_token_uq_idx" ON "identity_verification_tokens" USING btree ("token" text_ops);--> statement-breakpoint
+CREATE INDEX "identity_verification_tokens_verifiable_address_id_idx" ON "identity_verification_tokens" USING btree ("identity_verifiable_address_id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_verification_tokens_verification_flow_id_idx" ON "identity_verification_tokens" USING btree ("selfservice_verification_flow_id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "selfservice_recovery_flows_id_nid_idx" ON "selfservice_recovery_flows" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "selfservice_recovery_flows_nid_id_idx" ON "selfservice_recovery_flows" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "selfservice_recovery_flows_recovered_identity_id_nid_idx" ON "selfservice_recovery_flows" USING btree ("recovered_identity_id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE UNIQUE INDEX "identity_recovery_addresses_code_uq_idx" ON "identity_recovery_tokens" USING btree ("token" text_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_tokens_id_nid_idx" ON "identity_recovery_tokens" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_tokens_identity_id_nid_idx" ON "identity_recovery_tokens" USING btree ("identity_id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_tokens_identity_recovery_address_id_idx" ON "identity_recovery_tokens" USING btree ("identity_recovery_address_id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_tokens_nid_id_idx" ON "identity_recovery_tokens" USING btree ("nid" uuid_ops,"id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_tokens_selfservice_recovery_flow_id_idx" ON "identity_recovery_tokens" USING btree ("selfservice_recovery_flow_id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_tokens_token_nid_used_idx" ON "identity_recovery_tokens" USING btree ("nid" bool_ops,"token" text_ops,"used" bool_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_codes_flow_id_idx" ON "identity_recovery_codes" USING btree ("selfservice_recovery_flow_id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_codes_id_nid_idx" ON "identity_recovery_codes" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_codes_identity_id_nid_idx" ON "identity_recovery_codes" USING btree ("identity_id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_codes_identity_recovery_address_id_nid_idx" ON "identity_recovery_codes" USING btree ("identity_recovery_address_id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_recovery_codes_nid_flow_id_idx" ON "identity_recovery_codes" USING btree ("nid" uuid_ops,"selfservice_recovery_flow_id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "session_devices_id_nid_idx" ON "session_devices" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "session_devices_session_id_nid_idx" ON "session_devices" USING btree ("session_id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_verification_codes_flow_id_idx" ON "identity_verification_codes" USING btree ("selfservice_verification_flow_id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_verification_codes_id_nid_idx" ON "identity_verification_codes" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_verification_codes_nid_flow_id_idx" ON "identity_verification_codes" USING btree ("nid" uuid_ops,"selfservice_verification_flow_id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_verification_codes_verifiable_address_nid_idx" ON "identity_verification_codes" USING btree ("identity_verifiable_address_id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "courier_message_dispatches_message_id_idx" ON "courier_message_dispatches" USING btree ("message_id" timestamp_ops,"created_at" timestamp_ops);--> statement-breakpoint
+CREATE INDEX "courier_message_dispatches_nid_idx" ON "courier_message_dispatches" USING btree ("nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "session_token_exchanges_nid_code_idx" ON "session_token_exchanges" USING btree ("init_code" uuid_ops,"nid" text_ops);--> statement-breakpoint
+CREATE INDEX "session_token_exchanges_nid_flow_id_idx" ON "session_token_exchanges" USING btree ("flow_id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_login_codes_flow_id_idx" ON "identity_login_codes" USING btree ("selfservice_login_flow_id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_login_codes_id_nid_idx" ON "identity_login_codes" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_login_codes_identity_id_idx" ON "identity_login_codes" USING btree ("identity_id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_login_codes_nid_flow_id_idx" ON "identity_login_codes" USING btree ("nid" uuid_ops,"selfservice_login_flow_id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_registration_codes_flow_id_idx" ON "identity_registration_codes" USING btree ("selfservice_registration_flow_id" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_registration_codes_id_nid_idx" ON "identity_registration_codes" USING btree ("id" uuid_ops,"nid" uuid_ops);--> statement-breakpoint
+CREATE INDEX "identity_registration_codes_nid_flow_id_idx" ON "identity_registration_codes" USING btree ("nid" uuid_ops,"selfservice_registration_flow_id" uuid_ops);
+*/
\ No newline at end of file
diff --git a/dashboard/drizzle/meta/0000_snapshot.json b/dashboard/drizzle/meta/0000_snapshot.json
new file mode 100644
index 0000000..4d455bc
--- /dev/null
+++ b/dashboard/drizzle/meta/0000_snapshot.json
@@ -0,0 +1,4700 @@
+{
+  "id": "00000000-0000-0000-0000-000000000000",
+  "prevId": "",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.schema_migration": {
+      "name": "schema_migration",
+      "schema": "",
+      "columns": {
+        "version": {
+          "name": "version",
+          "type": "varchar(48)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "version_self": {
+          "name": "version_self",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        }
+      },
+      "indexes": {
+        "schema_migration_version_idx": {
+          "name": "schema_migration_version_idx",
+          "columns": [
+            {
+              "expression": "version",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "schema_migration_version_self_idx": {
+          "name": "schema_migration_version_self_idx",
+          "columns": [
+            {
+              "expression": "version_self",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "int4_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.identity_credentials": {
+      "name": "identity_credentials",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "config": {
+          "name": "config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "identity_credential_type_id": {
+          "name": "identity_credential_type_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "identity_id": {
+          "name": "identity_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "version": {
+          "name": "version",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        }
+      },
+      "indexes": {
+        "identity_credentials_id_nid_idx": {
+          "name": "identity_credentials_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_credentials_nid_id_idx": {
+          "name": "identity_credentials_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_credentials_nid_identity_id_idx": {
+          "name": "identity_credentials_nid_identity_id_idx",
+          "columns": [
+            {
+              "expression": "identity_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "identity_credentials_identity_id_fkey": {
+          "name": "identity_credentials_identity_id_fkey",
+          "tableFrom": "identity_credentials",
+          "tableTo": "identities",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_credentials_identity_credential_type_id_fkey": {
+          "name": "identity_credentials_identity_credential_type_id_fkey",
+          "tableFrom": "identity_credentials",
+          "tableTo": "identity_credential_types",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_credential_type_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_credentials_nid_fk_idx": {
+          "name": "identity_credentials_nid_fk_idx",
+          "tableFrom": "identity_credentials",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.identity_credential_types": {
+      "name": "identity_credential_types",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "varchar(32)",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "identity_credential_types_name_idx": {
+          "name": "identity_credential_types_name_idx",
+          "columns": [
+            {
+              "expression": "name",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.selfservice_login_flows": {
+      "name": "selfservice_login_flows",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "request_url": {
+          "name": "request_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "issued_at": {
+          "name": "issued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "active_method": {
+          "name": "active_method",
+          "type": "varchar(32)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "csrf_token": {
+          "name": "csrf_token",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "forced": {
+          "name": "forced",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "type": {
+          "name": "type",
+          "type": "varchar(16)",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'browser'"
+        },
+        "ui": {
+          "name": "ui",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "requested_aal": {
+          "name": "requested_aal",
+          "type": "varchar(4)",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'aal1'"
+        },
+        "internal_context": {
+          "name": "internal_context",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "oauth2_login_challenge": {
+          "name": "oauth2_login_challenge",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "oauth2_login_challenge_data": {
+          "name": "oauth2_login_challenge_data",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "state": {
+          "name": "state",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "submit_count": {
+          "name": "submit_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "selfservice_login_flows_id_nid_idx": {
+          "name": "selfservice_login_flows_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "selfservice_login_flows_nid_id_idx": {
+          "name": "selfservice_login_flows_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "selfservice_login_flows_nid_fk_idx": {
+          "name": "selfservice_login_flows_nid_fk_idx",
+          "tableFrom": "selfservice_login_flows",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.networks": {
+      "name": "networks",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.selfservice_registration_flows": {
+      "name": "selfservice_registration_flows",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "request_url": {
+          "name": "request_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "issued_at": {
+          "name": "issued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "active_method": {
+          "name": "active_method",
+          "type": "varchar(32)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "csrf_token": {
+          "name": "csrf_token",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "varchar(16)",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'browser'"
+        },
+        "ui": {
+          "name": "ui",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "internal_context": {
+          "name": "internal_context",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "oauth2_login_challenge": {
+          "name": "oauth2_login_challenge",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "oauth2_login_challenge_data": {
+          "name": "oauth2_login_challenge_data",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "state": {
+          "name": "state",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "submit_count": {
+          "name": "submit_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "selfservice_registration_flows_id_nid_idx": {
+          "name": "selfservice_registration_flows_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "selfservice_registration_flows_nid_id_idx": {
+          "name": "selfservice_registration_flows_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "selfservice_registration_flows_nid_fk_idx": {
+          "name": "selfservice_registration_flows_nid_fk_idx",
+          "tableFrom": "selfservice_registration_flows",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.identities": {
+      "name": "identities",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "schema_id": {
+          "name": "schema_id",
+          "type": "varchar(2048)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "traits": {
+          "name": "traits",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "state": {
+          "name": "state",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'active'"
+        },
+        "state_changed_at": {
+          "name": "state_changed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "metadata_public": {
+          "name": "metadata_public",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "metadata_admin": {
+          "name": "metadata_admin",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "available_aal": {
+          "name": "available_aal",
+          "type": "varchar(4)",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "identities_id_nid_idx": {
+          "name": "identities_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identities_nid_id_idx": {
+          "name": "identities_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "identities_nid_fk_idx": {
+          "name": "identities_nid_fk_idx",
+          "tableFrom": "identities",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.identity_credential_identifiers": {
+      "name": "identity_credential_identifiers",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "identifier": {
+          "name": "identifier",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "identity_credential_id": {
+          "name": "identity_credential_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "identity_credential_type_id": {
+          "name": "identity_credential_type_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "identity_credential_identifiers_id_nid_idx": {
+          "name": "identity_credential_identifiers_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_credential_identifiers_identifier_nid_type_uq_idx": {
+          "name": "identity_credential_identifiers_identifier_nid_type_uq_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "identity_credential_type_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "identifier",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_credential_identifiers_nid_i_ici_idx": {
+          "name": "identity_credential_identifiers_nid_i_ici_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "identifier",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "identity_credential_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_credential_identifiers_nid_id_idx": {
+          "name": "identity_credential_identifiers_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_credential_identifiers_nid_identity_credential_id_idx": {
+          "name": "identity_credential_identifiers_nid_identity_credential_id_idx",
+          "columns": [
+            {
+              "expression": "identity_credential_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "identity_credential_identifiers_identity_credential_id_fkey": {
+          "name": "identity_credential_identifiers_identity_credential_id_fkey",
+          "tableFrom": "identity_credential_identifiers",
+          "tableTo": "identity_credentials",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_credential_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_credential_identifiers_nid_fk_idx": {
+          "name": "identity_credential_identifiers_nid_fk_idx",
+          "tableFrom": "identity_credential_identifiers",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        },
+        "identity_credential_identifiers_type_id_fk_idx": {
+          "name": "identity_credential_identifiers_type_id_fk_idx",
+          "tableFrom": "identity_credential_identifiers",
+          "tableTo": "identity_credential_types",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_credential_type_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.identity_verifiable_addresses": {
+      "name": "identity_verifiable_addresses",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "varchar(16)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "via": {
+          "name": "via",
+          "type": "varchar(16)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "verified": {
+          "name": "verified",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "value": {
+          "name": "value",
+          "type": "varchar(400)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "verified_at": {
+          "name": "verified_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "identity_id": {
+          "name": "identity_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "identity_verifiable_addresses_id_nid_idx": {
+          "name": "identity_verifiable_addresses_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_verifiable_addresses_nid_id_idx": {
+          "name": "identity_verifiable_addresses_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_verifiable_addresses_nid_identity_id_idx": {
+          "name": "identity_verifiable_addresses_nid_identity_id_idx",
+          "columns": [
+            {
+              "expression": "identity_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_verifiable_addresses_status_via_idx": {
+          "name": "identity_verifiable_addresses_status_via_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "via",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "value",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_verifiable_addresses_status_via_uq_idx": {
+          "name": "identity_verifiable_addresses_status_via_uq_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "via",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "value",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "identity_verifiable_addresses_identity_id_fkey": {
+          "name": "identity_verifiable_addresses_identity_id_fkey",
+          "tableFrom": "identity_verifiable_addresses",
+          "tableTo": "identities",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_verifiable_addresses_nid_fk_idx": {
+          "name": "identity_verifiable_addresses_nid_fk_idx",
+          "tableFrom": "identity_verifiable_addresses",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.courier_messages": {
+      "name": "courier_messages",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "body": {
+          "name": "body",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "subject": {
+          "name": "subject",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "recipient": {
+          "name": "recipient",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "template_type": {
+          "name": "template_type",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "''"
+        },
+        "template_data": {
+          "name": "template_data",
+          "type": "bytea",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "send_count": {
+          "name": "send_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "channel": {
+          "name": "channel",
+          "type": "varchar(32)",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "courier_messages_id_nid_idx": {
+          "name": "courier_messages_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "courier_messages_nid_created_at_id_idx": {
+          "name": "courier_messages_nid_created_at_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "timestamp_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "created_at",
+              "asc": false,
+              "nulls": "first",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "courier_messages_nid_id_idx": {
+          "name": "courier_messages_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "courier_messages_nid_recipient_created_at_id_idx": {
+          "name": "courier_messages_nid_recipient_created_at_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "timestamp_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "recipient",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "created_at",
+              "asc": false,
+              "nulls": "first",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "courier_messages_nid_status_created_at_id_idx": {
+          "name": "courier_messages_nid_status_created_at_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "status",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "timestamp_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "created_at",
+              "asc": false,
+              "nulls": "first",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "courier_messages_status_idx": {
+          "name": "courier_messages_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "int4_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "courier_messages_nid_fk_idx": {
+          "name": "courier_messages_nid_fk_idx",
+          "tableFrom": "courier_messages",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.selfservice_errors": {
+      "name": "selfservice_errors",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "errors": {
+          "name": "errors",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "seen_at": {
+          "name": "seen_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "was_seen": {
+          "name": "was_seen",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "csrf_token": {
+          "name": "csrf_token",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "''"
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "selfservice_errors_errors_nid_id_idx": {
+          "name": "selfservice_errors_errors_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "selfservice_errors_nid_fk_idx": {
+          "name": "selfservice_errors_nid_fk_idx",
+          "tableFrom": "selfservice_errors",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.selfservice_verification_flows": {
+      "name": "selfservice_verification_flows",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "request_url": {
+          "name": "request_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "issued_at": {
+          "name": "issued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "csrf_token": {
+          "name": "csrf_token",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "varchar(16)",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'browser'"
+        },
+        "state": {
+          "name": "state",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'show_form'"
+        },
+        "active_method": {
+          "name": "active_method",
+          "type": "varchar(32)",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "ui": {
+          "name": "ui",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "submit_count": {
+          "name": "submit_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "oauth2_login_challenge": {
+          "name": "oauth2_login_challenge",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "session_id": {
+          "name": "session_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "identity_id": {
+          "name": "identity_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "authentication_methods": {
+          "name": "authentication_methods",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "selfservice_verification_flows_id_nid_idx": {
+          "name": "selfservice_verification_flows_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "selfservice_verification_flows_nid_id_idx": {
+          "name": "selfservice_verification_flows_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "selfservice_verification_flows_nid_fk_idx": {
+          "name": "selfservice_verification_flows_nid_fk_idx",
+          "tableFrom": "selfservice_verification_flows",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.selfservice_settings_flows": {
+      "name": "selfservice_settings_flows",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "request_url": {
+          "name": "request_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "issued_at": {
+          "name": "issued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "identity_id": {
+          "name": "identity_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "active_method": {
+          "name": "active_method",
+          "type": "varchar(32)",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "state": {
+          "name": "state",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'show_form'"
+        },
+        "type": {
+          "name": "type",
+          "type": "varchar(16)",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'browser'"
+        },
+        "ui": {
+          "name": "ui",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "internal_context": {
+          "name": "internal_context",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "selfservice_settings_flows_id_nid_idx": {
+          "name": "selfservice_settings_flows_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "selfservice_settings_flows_identity_id_nid_idx": {
+          "name": "selfservice_settings_flows_identity_id_nid_idx",
+          "columns": [
+            {
+              "expression": "identity_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "selfservice_settings_flows_nid_id_idx": {
+          "name": "selfservice_settings_flows_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "selfservice_profile_management_requests_identity_id_fkey": {
+          "name": "selfservice_profile_management_requests_identity_id_fkey",
+          "tableFrom": "selfservice_settings_flows",
+          "tableTo": "identities",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "selfservice_settings_flows_nid_fk_idx": {
+          "name": "selfservice_settings_flows_nid_fk_idx",
+          "tableFrom": "selfservice_settings_flows",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.continuity_containers": {
+      "name": "continuity_containers",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "identity_id": {
+          "name": "identity_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "payload": {
+          "name": "payload",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "continuity_containers_id_nid_idx": {
+          "name": "continuity_containers_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "continuity_containers_identity_id_nid_idx": {
+          "name": "continuity_containers_identity_id_nid_idx",
+          "columns": [
+            {
+              "expression": "identity_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "continuity_containers_nid_id_idx": {
+          "name": "continuity_containers_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "continuity_containers_identity_id_fkey": {
+          "name": "continuity_containers_identity_id_fkey",
+          "tableFrom": "continuity_containers",
+          "tableTo": "identities",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "continuity_containers_nid_fk_idx": {
+          "name": "continuity_containers_nid_fk_idx",
+          "tableFrom": "continuity_containers",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.sessions": {
+      "name": "sessions",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "issued_at": {
+          "name": "issued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "authenticated_at": {
+          "name": "authenticated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "identity_id": {
+          "name": "identity_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token": {
+          "name": "token",
+          "type": "varchar(39)",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "active": {
+          "name": "active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false,
+          "default": false
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "logout_token": {
+          "name": "logout_token",
+          "type": "varchar(39)",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "aal": {
+          "name": "aal",
+          "type": "varchar(4)",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'aal1'"
+        },
+        "authentication_methods": {
+          "name": "authentication_methods",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "sessions_id_nid_idx": {
+          "name": "sessions_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sessions_identity_id_nid_sorted_idx": {
+          "name": "sessions_identity_id_nid_sorted_idx",
+          "columns": [
+            {
+              "expression": "identity_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "timestamp_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "timestamp_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "authenticated_at",
+              "asc": false,
+              "nulls": "first",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sessions_logout_token_uq_idx": {
+          "name": "sessions_logout_token_uq_idx",
+          "columns": [
+            {
+              "expression": "logout_token",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sessions_nid_created_at_id_idx": {
+          "name": "sessions_nid_created_at_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "created_at",
+              "asc": false,
+              "nulls": "first",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sessions_nid_id_identity_id_idx": {
+          "name": "sessions_nid_id_identity_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "identity_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sessions_token_nid_idx": {
+          "name": "sessions_token_nid_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "token",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sessions_token_uq_idx": {
+          "name": "sessions_token_uq_idx",
+          "columns": [
+            {
+              "expression": "token",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "sessions_identity_id_fkey": {
+          "name": "sessions_identity_id_fkey",
+          "tableFrom": "sessions",
+          "tableTo": "identities",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "sessions_nid_fk_idx": {
+          "name": "sessions_nid_fk_idx",
+          "tableFrom": "sessions",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.identity_recovery_addresses": {
+      "name": "identity_recovery_addresses",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "via": {
+          "name": "via",
+          "type": "varchar(16)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "value": {
+          "name": "value",
+          "type": "varchar(400)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "identity_id": {
+          "name": "identity_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "identity_recovery_addresses_id_nid_idx": {
+          "name": "identity_recovery_addresses_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_addresses_nid_id_idx": {
+          "name": "identity_recovery_addresses_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_addresses_nid_identity_id_idx": {
+          "name": "identity_recovery_addresses_nid_identity_id_idx",
+          "columns": [
+            {
+              "expression": "identity_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_addresses_status_via_idx": {
+          "name": "identity_recovery_addresses_status_via_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "via",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "value",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_addresses_status_via_uq_idx": {
+          "name": "identity_recovery_addresses_status_via_uq_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "via",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "value",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "identity_recovery_addresses_identity_id_fkey": {
+          "name": "identity_recovery_addresses_identity_id_fkey",
+          "tableFrom": "identity_recovery_addresses",
+          "tableTo": "identities",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_recovery_addresses_nid_fk_idx": {
+          "name": "identity_recovery_addresses_nid_fk_idx",
+          "tableFrom": "identity_recovery_addresses",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.identity_verification_tokens": {
+      "name": "identity_verification_tokens",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "token": {
+          "name": "token",
+          "type": "varchar(64)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "used": {
+          "name": "used",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "used_at": {
+          "name": "used_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "issued_at": {
+          "name": "issued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "identity_verifiable_address_id": {
+          "name": "identity_verifiable_address_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "selfservice_verification_flow_id": {
+          "name": "selfservice_verification_flow_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "identity_verification_tokens_id_nid_idx": {
+          "name": "identity_verification_tokens_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_verification_tokens_nid_id_idx": {
+          "name": "identity_verification_tokens_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_verification_tokens_token_nid_used_flow_id_idx": {
+          "name": "identity_verification_tokens_token_nid_used_flow_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "token",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "bool_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "used",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "selfservice_verification_flow_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_verification_tokens_token_uq_idx": {
+          "name": "identity_verification_tokens_token_uq_idx",
+          "columns": [
+            {
+              "expression": "token",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_verification_tokens_verifiable_address_id_idx": {
+          "name": "identity_verification_tokens_verifiable_address_id_idx",
+          "columns": [
+            {
+              "expression": "identity_verifiable_address_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_verification_tokens_verification_flow_id_idx": {
+          "name": "identity_verification_tokens_verification_flow_id_idx",
+          "columns": [
+            {
+              "expression": "selfservice_verification_flow_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "identity_verification_tokens_identity_verifiable_address_i_fkey": {
+          "name": "identity_verification_tokens_identity_verifiable_address_i_fkey",
+          "tableFrom": "identity_verification_tokens",
+          "tableTo": "identity_verifiable_addresses",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_verifiable_address_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_verification_tokens_selfservice_verification_flow_fkey": {
+          "name": "identity_verification_tokens_selfservice_verification_flow_fkey",
+          "tableFrom": "identity_verification_tokens",
+          "tableTo": "selfservice_verification_flows",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "selfservice_verification_flow_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_verification_tokens_nid_fk_idx": {
+          "name": "identity_verification_tokens_nid_fk_idx",
+          "tableFrom": "identity_verification_tokens",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.selfservice_recovery_flows": {
+      "name": "selfservice_recovery_flows",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "request_url": {
+          "name": "request_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "issued_at": {
+          "name": "issued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "active_method": {
+          "name": "active_method",
+          "type": "varchar(32)",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "csrf_token": {
+          "name": "csrf_token",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "state": {
+          "name": "state",
+          "type": "varchar(32)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "recovered_identity_id": {
+          "name": "recovered_identity_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "varchar(16)",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'browser'"
+        },
+        "ui": {
+          "name": "ui",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "submit_count": {
+          "name": "submit_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "skip_csrf_check": {
+          "name": "skip_csrf_check",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        }
+      },
+      "indexes": {
+        "selfservice_recovery_flows_id_nid_idx": {
+          "name": "selfservice_recovery_flows_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "selfservice_recovery_flows_nid_id_idx": {
+          "name": "selfservice_recovery_flows_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "selfservice_recovery_flows_recovered_identity_id_nid_idx": {
+          "name": "selfservice_recovery_flows_recovered_identity_id_nid_idx",
+          "columns": [
+            {
+              "expression": "recovered_identity_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "selfservice_recovery_requests_recovered_identity_id_fkey": {
+          "name": "selfservice_recovery_requests_recovered_identity_id_fkey",
+          "tableFrom": "selfservice_recovery_flows",
+          "tableTo": "identities",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "recovered_identity_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "selfservice_recovery_flows_nid_fk_idx": {
+          "name": "selfservice_recovery_flows_nid_fk_idx",
+          "tableFrom": "selfservice_recovery_flows",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.identity_recovery_tokens": {
+      "name": "identity_recovery_tokens",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "token": {
+          "name": "token",
+          "type": "varchar(64)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "used": {
+          "name": "used",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "used_at": {
+          "name": "used_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "identity_recovery_address_id": {
+          "name": "identity_recovery_address_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "selfservice_recovery_flow_id": {
+          "name": "selfservice_recovery_flow_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'2000-01-01 00:00:00'"
+        },
+        "issued_at": {
+          "name": "issued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'2000-01-01 00:00:00'"
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "identity_id": {
+          "name": "identity_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token_type": {
+          "name": "token_type",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        }
+      },
+      "indexes": {
+        "identity_recovery_addresses_code_uq_idx": {
+          "name": "identity_recovery_addresses_code_uq_idx",
+          "columns": [
+            {
+              "expression": "token",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_tokens_id_nid_idx": {
+          "name": "identity_recovery_tokens_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_tokens_identity_id_nid_idx": {
+          "name": "identity_recovery_tokens_identity_id_nid_idx",
+          "columns": [
+            {
+              "expression": "identity_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_tokens_identity_recovery_address_id_idx": {
+          "name": "identity_recovery_tokens_identity_recovery_address_id_idx",
+          "columns": [
+            {
+              "expression": "identity_recovery_address_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_tokens_nid_id_idx": {
+          "name": "identity_recovery_tokens_nid_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_tokens_selfservice_recovery_flow_id_idx": {
+          "name": "identity_recovery_tokens_selfservice_recovery_flow_id_idx",
+          "columns": [
+            {
+              "expression": "selfservice_recovery_flow_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_tokens_token_nid_used_idx": {
+          "name": "identity_recovery_tokens_token_nid_used_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "bool_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "token",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "used",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "bool_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "identity_recovery_tokens_selfservice_recovery_request_id_fkey": {
+          "name": "identity_recovery_tokens_selfservice_recovery_request_id_fkey",
+          "tableFrom": "identity_recovery_tokens",
+          "tableTo": "selfservice_recovery_flows",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "selfservice_recovery_flow_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_recovery_tokens_nid_fk_idx": {
+          "name": "identity_recovery_tokens_nid_fk_idx",
+          "tableFrom": "identity_recovery_tokens",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        },
+        "identity_recovery_tokens_identity_recovery_address_id_fkey": {
+          "name": "identity_recovery_tokens_identity_recovery_address_id_fkey",
+          "tableFrom": "identity_recovery_tokens",
+          "tableTo": "identity_recovery_addresses",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_recovery_address_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_recovery_tokens_identity_id_fk_idx": {
+          "name": "identity_recovery_tokens_identity_id_fk_idx",
+          "tableFrom": "identity_recovery_tokens",
+          "tableTo": "identities",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {
+        "identity_recovery_tokens_token_type_ck": {
+          "name": "identity_recovery_tokens_token_type_ck",
+          "value": "(token_type = 1) OR (token_type = 2)"
+        }
+      },
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.identity_recovery_codes": {
+      "name": "identity_recovery_codes",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "code": {
+          "name": "code",
+          "type": "varchar(64)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "used_at": {
+          "name": "used_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "identity_recovery_address_id": {
+          "name": "identity_recovery_address_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "code_type": {
+          "name": "code_type",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'2000-01-01 00:00:00'"
+        },
+        "issued_at": {
+          "name": "issued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'2000-01-01 00:00:00'"
+        },
+        "selfservice_recovery_flow_id": {
+          "name": "selfservice_recovery_flow_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "identity_id": {
+          "name": "identity_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "identity_recovery_codes_flow_id_idx": {
+          "name": "identity_recovery_codes_flow_id_idx",
+          "columns": [
+            {
+              "expression": "selfservice_recovery_flow_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_codes_id_nid_idx": {
+          "name": "identity_recovery_codes_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_codes_identity_id_nid_idx": {
+          "name": "identity_recovery_codes_identity_id_nid_idx",
+          "columns": [
+            {
+              "expression": "identity_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_codes_identity_recovery_address_id_nid_idx": {
+          "name": "identity_recovery_codes_identity_recovery_address_id_nid_idx",
+          "columns": [
+            {
+              "expression": "identity_recovery_address_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_recovery_codes_nid_flow_id_idx": {
+          "name": "identity_recovery_codes_nid_flow_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "selfservice_recovery_flow_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "identity_recovery_codes_identity_recovery_addresses_id_fk": {
+          "name": "identity_recovery_codes_identity_recovery_addresses_id_fk",
+          "tableFrom": "identity_recovery_codes",
+          "tableTo": "identity_recovery_addresses",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_recovery_address_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_recovery_codes_selfservice_recovery_flows_id_fk": {
+          "name": "identity_recovery_codes_selfservice_recovery_flows_id_fk",
+          "tableFrom": "identity_recovery_codes",
+          "tableTo": "selfservice_recovery_flows",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "selfservice_recovery_flow_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_recovery_codes_identity_id_fk": {
+          "name": "identity_recovery_codes_identity_id_fk",
+          "tableFrom": "identity_recovery_codes",
+          "tableTo": "identities",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        },
+        "identity_recovery_codes_networks_id_fk": {
+          "name": "identity_recovery_codes_networks_id_fk",
+          "tableFrom": "identity_recovery_codes",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.session_devices": {
+      "name": "session_devices",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "ip_address": {
+          "name": "ip_address",
+          "type": "varchar(50)",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "''"
+        },
+        "user_agent": {
+          "name": "user_agent",
+          "type": "varchar(512)",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "''"
+        },
+        "location": {
+          "name": "location",
+          "type": "varchar(512)",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "''"
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "session_id": {
+          "name": "session_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "session_devices_id_nid_idx": {
+          "name": "session_devices_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "session_devices_session_id_nid_idx": {
+          "name": "session_devices_session_id_nid_idx",
+          "columns": [
+            {
+              "expression": "session_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "session_metadata_sessions_id_fk": {
+          "name": "session_metadata_sessions_id_fk",
+          "tableFrom": "session_devices",
+          "tableTo": "sessions",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "session_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "session_metadata_nid_fk": {
+          "name": "session_metadata_nid_fk",
+          "tableFrom": "session_devices",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "unique_session_device": {
+          "columns": [
+            "ip_address",
+            "user_agent",
+            "nid",
+            "session_id"
+          ],
+          "nullsNotDistinct": false,
+          "name": "unique_session_device"
+        }
+      },
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.identity_verification_codes": {
+      "name": "identity_verification_codes",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "code_hmac": {
+          "name": "code_hmac",
+          "type": "varchar(64)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "used_at": {
+          "name": "used_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "identity_verifiable_address_id": {
+          "name": "identity_verifiable_address_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'2000-01-01 00:00:00'"
+        },
+        "issued_at": {
+          "name": "issued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'2000-01-01 00:00:00'"
+        },
+        "selfservice_verification_flow_id": {
+          "name": "selfservice_verification_flow_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "identity_verification_codes_flow_id_idx": {
+          "name": "identity_verification_codes_flow_id_idx",
+          "columns": [
+            {
+              "expression": "selfservice_verification_flow_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_verification_codes_id_nid_idx": {
+          "name": "identity_verification_codes_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_verification_codes_nid_flow_id_idx": {
+          "name": "identity_verification_codes_nid_flow_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "selfservice_verification_flow_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_verification_codes_verifiable_address_nid_idx": {
+          "name": "identity_verification_codes_verifiable_address_nid_idx",
+          "columns": [
+            {
+              "expression": "identity_verifiable_address_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "identity_verification_codes_identity_verifiable_addresses_id_fk": {
+          "name": "identity_verification_codes_identity_verifiable_addresses_id_fk",
+          "tableFrom": "identity_verification_codes",
+          "tableTo": "identity_verifiable_addresses",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_verifiable_address_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_verification_codes_selfservice_verification_flows_id_f": {
+          "name": "identity_verification_codes_selfservice_verification_flows_id_f",
+          "tableFrom": "identity_verification_codes",
+          "tableTo": "selfservice_verification_flows",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "selfservice_verification_flow_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_verification_codes_networks_id_fk": {
+          "name": "identity_verification_codes_networks_id_fk",
+          "tableFrom": "identity_verification_codes",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.courier_message_dispatches": {
+      "name": "courier_message_dispatches",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "message_id": {
+          "name": "message_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "varchar(7)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "error": {
+          "name": "error",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "courier_message_dispatches_message_id_idx": {
+          "name": "courier_message_dispatches_message_id_idx",
+          "columns": [
+            {
+              "expression": "message_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "timestamp_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "created_at",
+              "asc": false,
+              "nulls": "first",
+              "opclass": "timestamp_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "courier_message_dispatches_nid_idx": {
+          "name": "courier_message_dispatches_nid_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "courier_message_dispatches_message_id_fk": {
+          "name": "courier_message_dispatches_message_id_fk",
+          "tableFrom": "courier_message_dispatches",
+          "tableTo": "courier_messages",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "message_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "courier_message_dispatches_nid_fk": {
+          "name": "courier_message_dispatches_nid_fk",
+          "tableFrom": "courier_message_dispatches",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.session_token_exchanges": {
+      "name": "session_token_exchanges",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "flow_id": {
+          "name": "flow_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "session_id": {
+          "name": "session_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "init_code": {
+          "name": "init_code",
+          "type": "varchar(64)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "return_to_code": {
+          "name": "return_to_code",
+          "type": "varchar(64)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "session_token_exchanges_nid_code_idx": {
+          "name": "session_token_exchanges_nid_code_idx",
+          "columns": [
+            {
+              "expression": "init_code",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "text_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "session_token_exchanges_nid_flow_id_idx": {
+          "name": "session_token_exchanges_nid_flow_id_idx",
+          "columns": [
+            {
+              "expression": "flow_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.identity_login_codes": {
+      "name": "identity_login_codes",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "code": {
+          "name": "code",
+          "type": "varchar(64)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "address": {
+          "name": "address",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "address_type": {
+          "name": "address_type",
+          "type": "char(36)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "used_at": {
+          "name": "used_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'2000-01-01 00:00:00'"
+        },
+        "issued_at": {
+          "name": "issued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'2000-01-01 00:00:00'"
+        },
+        "selfservice_login_flow_id": {
+          "name": "selfservice_login_flow_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "identity_id": {
+          "name": "identity_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "identity_login_codes_flow_id_idx": {
+          "name": "identity_login_codes_flow_id_idx",
+          "columns": [
+            {
+              "expression": "selfservice_login_flow_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_login_codes_id_nid_idx": {
+          "name": "identity_login_codes_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_login_codes_identity_id_idx": {
+          "name": "identity_login_codes_identity_id_idx",
+          "columns": [
+            {
+              "expression": "identity_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_login_codes_nid_flow_id_idx": {
+          "name": "identity_login_codes_nid_flow_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "selfservice_login_flow_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "identity_login_codes_selfservice_login_flows_id_fk": {
+          "name": "identity_login_codes_selfservice_login_flows_id_fk",
+          "tableFrom": "identity_login_codes",
+          "tableTo": "selfservice_login_flows",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "selfservice_login_flow_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_login_codes_networks_id_fk": {
+          "name": "identity_login_codes_networks_id_fk",
+          "tableFrom": "identity_login_codes",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        },
+        "identity_login_codes_identity_id_fk": {
+          "name": "identity_login_codes_identity_id_fk",
+          "tableFrom": "identity_login_codes",
+          "tableTo": "identities",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "identity_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    },
+    "public.identity_registration_codes": {
+      "name": "identity_registration_codes",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "code": {
+          "name": "code",
+          "type": "varchar(64)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "address": {
+          "name": "address",
+          "type": "varchar(255)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "address_type": {
+          "name": "address_type",
+          "type": "char(36)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "used_at": {
+          "name": "used_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'2000-01-01 00:00:00'"
+        },
+        "issued_at": {
+          "name": "issued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'2000-01-01 00:00:00'"
+        },
+        "selfservice_registration_flow_id": {
+          "name": "selfservice_registration_flow_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "nid": {
+          "name": "nid",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "identity_registration_codes_flow_id_idx": {
+          "name": "identity_registration_codes_flow_id_idx",
+          "columns": [
+            {
+              "expression": "selfservice_registration_flow_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_registration_codes_id_nid_idx": {
+          "name": "identity_registration_codes_id_nid_idx",
+          "columns": [
+            {
+              "expression": "id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "identity_registration_codes_nid_flow_id_idx": {
+          "name": "identity_registration_codes_nid_flow_id_idx",
+          "columns": [
+            {
+              "expression": "nid",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            },
+            {
+              "expression": "selfservice_registration_flow_id",
+              "asc": true,
+              "nulls": "last",
+              "opclass": "uuid_ops",
+              "isExpression": false
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "identity_registration_codes_selfservice_registration_flows_id_f": {
+          "name": "identity_registration_codes_selfservice_registration_flows_id_f",
+          "tableFrom": "identity_registration_codes",
+          "tableTo": "selfservice_registration_flows",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "selfservice_registration_flow_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "identity_registration_codes_networks_id_fk": {
+          "name": "identity_registration_codes_networks_id_fk",
+          "tableFrom": "identity_registration_codes",
+          "tableTo": "networks",
+          "schemaTo": "public",
+          "columnsFrom": [
+            "nid"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "restrict"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {},
+      "policies": {},
+      "isRLSEnabled": false
+    }
+  },
+  "enums": {},
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "tables": {}
+  }
+}
\ No newline at end of file
diff --git a/dashboard/drizzle/meta/_journal.json b/dashboard/drizzle/meta/_journal.json
new file mode 100644
index 0000000..b7874f0
--- /dev/null
+++ b/dashboard/drizzle/meta/_journal.json
@@ -0,0 +1,13 @@
+{
+  "version": "7",
+  "dialect": "postgresql",
+  "entries": [
+    {
+      "idx": 0,
+      "version": "7",
+      "when": 1735943555589,
+      "tag": "0000_square_moondragon",
+      "breakpoints": true
+    }
+  ]
+}
\ No newline at end of file
diff --git a/dashboard/drizzle/relations.ts b/dashboard/drizzle/relations.ts
index e69de29..615b353 100644
--- a/dashboard/drizzle/relations.ts
+++ b/dashboard/drizzle/relations.ts
@@ -0,0 +1,334 @@
+import { relations } from 'drizzle-orm/relations';
+import {
+	continuityContainers,
+	courierMessageDispatches,
+	courierMessages,
+	identities,
+	identityCredentialIdentifiers,
+	identityCredentials,
+	identityCredentialTypes,
+	identityLoginCodes,
+	identityRecoveryAddresses,
+	identityRecoveryCodes,
+	identityRecoveryTokens,
+	identityRegistrationCodes,
+	identityVerifiableAddresses,
+	identityVerificationCodes,
+	identityVerificationTokens,
+	networks,
+	selfserviceErrors,
+	selfserviceLoginFlows,
+	selfserviceRecoveryFlows,
+	selfserviceRegistrationFlows,
+	selfserviceSettingsFlows,
+	selfserviceVerificationFlows,
+	sessionDevices,
+	sessions,
+} from './schema';
+
+export const identityCredentialsRelations = relations(identityCredentials, ({ one, many }) => ({
+	identity: one(identities, {
+		fields: [identityCredentials.identityId],
+		references: [identities.id],
+	}),
+	identityCredentialType: one(identityCredentialTypes, {
+		fields: [identityCredentials.identityCredentialTypeId],
+		references: [identityCredentialTypes.id],
+	}),
+	network: one(networks, {
+		fields: [identityCredentials.nid],
+		references: [networks.id],
+	}),
+	identityCredentialIdentifiers: many(identityCredentialIdentifiers),
+}));
+
+export const identitiesRelations = relations(identities, ({ one, many }) => ({
+	identityCredentials: many(identityCredentials),
+	network: one(networks, {
+		fields: [identities.nid],
+		references: [networks.id],
+	}),
+	identityVerifiableAddresses: many(identityVerifiableAddresses),
+	selfserviceSettingsFlows: many(selfserviceSettingsFlows),
+	continuityContainers: many(continuityContainers),
+	sessions: many(sessions),
+	identityRecoveryAddresses: many(identityRecoveryAddresses),
+	selfserviceRecoveryFlows: many(selfserviceRecoveryFlows),
+	identityRecoveryTokens: many(identityRecoveryTokens),
+	identityRecoveryCodes: many(identityRecoveryCodes),
+	identityLoginCodes: many(identityLoginCodes),
+}));
+
+export const identityCredentialTypesRelations = relations(identityCredentialTypes, ({ many }) => ({
+	identityCredentials: many(identityCredentials),
+	identityCredentialIdentifiers: many(identityCredentialIdentifiers),
+}));
+
+export const networksRelations = relations(networks, ({ many }) => ({
+	identityCredentials: many(identityCredentials),
+	selfserviceLoginFlows: many(selfserviceLoginFlows),
+	selfserviceRegistrationFlows: many(selfserviceRegistrationFlows),
+	identities: many(identities),
+	identityCredentialIdentifiers: many(identityCredentialIdentifiers),
+	identityVerifiableAddresses: many(identityVerifiableAddresses),
+	courierMessages: many(courierMessages),
+	selfserviceErrors: many(selfserviceErrors),
+	selfserviceVerificationFlows: many(selfserviceVerificationFlows),
+	selfserviceSettingsFlows: many(selfserviceSettingsFlows),
+	continuityContainers: many(continuityContainers),
+	sessions: many(sessions),
+	identityRecoveryAddresses: many(identityRecoveryAddresses),
+	identityVerificationTokens: many(identityVerificationTokens),
+	selfserviceRecoveryFlows: many(selfserviceRecoveryFlows),
+	identityRecoveryTokens: many(identityRecoveryTokens),
+	identityRecoveryCodes: many(identityRecoveryCodes),
+	sessionDevices: many(sessionDevices),
+	identityVerificationCodes: many(identityVerificationCodes),
+	courierMessageDispatches: many(courierMessageDispatches),
+	identityLoginCodes: many(identityLoginCodes),
+	identityRegistrationCodes: many(identityRegistrationCodes),
+}));
+
+export const selfserviceLoginFlowsRelations = relations(selfserviceLoginFlows, ({ one, many }) => ({
+	network: one(networks, {
+		fields: [selfserviceLoginFlows.nid],
+		references: [networks.id],
+	}),
+	identityLoginCodes: many(identityLoginCodes),
+}));
+
+export const selfserviceRegistrationFlowsRelations = relations(selfserviceRegistrationFlows, ({ one, many }) => ({
+	network: one(networks, {
+		fields: [selfserviceRegistrationFlows.nid],
+		references: [networks.id],
+	}),
+	identityRegistrationCodes: many(identityRegistrationCodes),
+}));
+
+export const identityCredentialIdentifiersRelations = relations(identityCredentialIdentifiers, ({ one }) => ({
+	identityCredential: one(identityCredentials, {
+		fields: [identityCredentialIdentifiers.identityCredentialId],
+		references: [identityCredentials.id],
+	}),
+	network: one(networks, {
+		fields: [identityCredentialIdentifiers.nid],
+		references: [networks.id],
+	}),
+	identityCredentialType: one(identityCredentialTypes, {
+		fields: [identityCredentialIdentifiers.identityCredentialTypeId],
+		references: [identityCredentialTypes.id],
+	}),
+}));
+
+export const identityVerifiableAddressesRelations = relations(identityVerifiableAddresses, ({ one, many }) => ({
+	identity: one(identities, {
+		fields: [identityVerifiableAddresses.identityId],
+		references: [identities.id],
+	}),
+	network: one(networks, {
+		fields: [identityVerifiableAddresses.nid],
+		references: [networks.id],
+	}),
+	identityVerificationTokens: many(identityVerificationTokens),
+	identityVerificationCodes: many(identityVerificationCodes),
+}));
+
+export const courierMessagesRelations = relations(courierMessages, ({ one, many }) => ({
+	network: one(networks, {
+		fields: [courierMessages.nid],
+		references: [networks.id],
+	}),
+	courierMessageDispatches: many(courierMessageDispatches),
+}));
+
+export const selfserviceErrorsRelations = relations(selfserviceErrors, ({ one }) => ({
+	network: one(networks, {
+		fields: [selfserviceErrors.nid],
+		references: [networks.id],
+	}),
+}));
+
+export const selfserviceVerificationFlowsRelations = relations(selfserviceVerificationFlows, ({ one, many }) => ({
+	network: one(networks, {
+		fields: [selfserviceVerificationFlows.nid],
+		references: [networks.id],
+	}),
+	identityVerificationTokens: many(identityVerificationTokens),
+	identityVerificationCodes: many(identityVerificationCodes),
+}));
+
+export const selfserviceSettingsFlowsRelations = relations(selfserviceSettingsFlows, ({ one }) => ({
+	identity: one(identities, {
+		fields: [selfserviceSettingsFlows.identityId],
+		references: [identities.id],
+	}),
+	network: one(networks, {
+		fields: [selfserviceSettingsFlows.nid],
+		references: [networks.id],
+	}),
+}));
+
+export const continuityContainersRelations = relations(continuityContainers, ({ one }) => ({
+	identity: one(identities, {
+		fields: [continuityContainers.identityId],
+		references: [identities.id],
+	}),
+	network: one(networks, {
+		fields: [continuityContainers.nid],
+		references: [networks.id],
+	}),
+}));
+
+export const sessionsRelations = relations(sessions, ({ one, many }) => ({
+	identity: one(identities, {
+		fields: [sessions.identityId],
+		references: [identities.id],
+	}),
+	network: one(networks, {
+		fields: [sessions.nid],
+		references: [networks.id],
+	}),
+	sessionDevices: many(sessionDevices),
+}));
+
+export const identityRecoveryAddressesRelations = relations(identityRecoveryAddresses, ({ one, many }) => ({
+	identity: one(identities, {
+		fields: [identityRecoveryAddresses.identityId],
+		references: [identities.id],
+	}),
+	network: one(networks, {
+		fields: [identityRecoveryAddresses.nid],
+		references: [networks.id],
+	}),
+	identityRecoveryTokens: many(identityRecoveryTokens),
+	identityRecoveryCodes: many(identityRecoveryCodes),
+}));
+
+export const identityVerificationTokensRelations = relations(identityVerificationTokens, ({ one }) => ({
+	identityVerifiableAddress: one(identityVerifiableAddresses, {
+		fields: [identityVerificationTokens.identityVerifiableAddressId],
+		references: [identityVerifiableAddresses.id],
+	}),
+	selfserviceVerificationFlow: one(selfserviceVerificationFlows, {
+		fields: [identityVerificationTokens.selfserviceVerificationFlowId],
+		references: [selfserviceVerificationFlows.id],
+	}),
+	network: one(networks, {
+		fields: [identityVerificationTokens.nid],
+		references: [networks.id],
+	}),
+}));
+
+export const selfserviceRecoveryFlowsRelations = relations(selfserviceRecoveryFlows, ({ one, many }) => ({
+	identity: one(identities, {
+		fields: [selfserviceRecoveryFlows.recoveredIdentityId],
+		references: [identities.id],
+	}),
+	network: one(networks, {
+		fields: [selfserviceRecoveryFlows.nid],
+		references: [networks.id],
+	}),
+	identityRecoveryTokens: many(identityRecoveryTokens),
+	identityRecoveryCodes: many(identityRecoveryCodes),
+}));
+
+export const identityRecoveryTokensRelations = relations(identityRecoveryTokens, ({ one }) => ({
+	selfserviceRecoveryFlow: one(selfserviceRecoveryFlows, {
+		fields: [identityRecoveryTokens.selfserviceRecoveryFlowId],
+		references: [selfserviceRecoveryFlows.id],
+	}),
+	network: one(networks, {
+		fields: [identityRecoveryTokens.nid],
+		references: [networks.id],
+	}),
+	identityRecoveryAddress: one(identityRecoveryAddresses, {
+		fields: [identityRecoveryTokens.identityRecoveryAddressId],
+		references: [identityRecoveryAddresses.id],
+	}),
+	identity: one(identities, {
+		fields: [identityRecoveryTokens.identityId],
+		references: [identities.id],
+	}),
+}));
+
+export const identityRecoveryCodesRelations = relations(identityRecoveryCodes, ({ one }) => ({
+	identityRecoveryAddress: one(identityRecoveryAddresses, {
+		fields: [identityRecoveryCodes.identityRecoveryAddressId],
+		references: [identityRecoveryAddresses.id],
+	}),
+	selfserviceRecoveryFlow: one(selfserviceRecoveryFlows, {
+		fields: [identityRecoveryCodes.selfserviceRecoveryFlowId],
+		references: [selfserviceRecoveryFlows.id],
+	}),
+	identity: one(identities, {
+		fields: [identityRecoveryCodes.identityId],
+		references: [identities.id],
+	}),
+	network: one(networks, {
+		fields: [identityRecoveryCodes.nid],
+		references: [networks.id],
+	}),
+}));
+
+export const sessionDevicesRelations = relations(sessionDevices, ({ one }) => ({
+	session: one(sessions, {
+		fields: [sessionDevices.sessionId],
+		references: [sessions.id],
+	}),
+	network: one(networks, {
+		fields: [sessionDevices.nid],
+		references: [networks.id],
+	}),
+}));
+
+export const identityVerificationCodesRelations = relations(identityVerificationCodes, ({ one }) => ({
+	identityVerifiableAddress: one(identityVerifiableAddresses, {
+		fields: [identityVerificationCodes.identityVerifiableAddressId],
+		references: [identityVerifiableAddresses.id],
+	}),
+	selfserviceVerificationFlow: one(selfserviceVerificationFlows, {
+		fields: [identityVerificationCodes.selfserviceVerificationFlowId],
+		references: [selfserviceVerificationFlows.id],
+	}),
+	network: one(networks, {
+		fields: [identityVerificationCodes.nid],
+		references: [networks.id],
+	}),
+}));
+
+export const courierMessageDispatchesRelations = relations(courierMessageDispatches, ({ one }) => ({
+	courierMessage: one(courierMessages, {
+		fields: [courierMessageDispatches.messageId],
+		references: [courierMessages.id],
+	}),
+	network: one(networks, {
+		fields: [courierMessageDispatches.nid],
+		references: [networks.id],
+	}),
+}));
+
+export const identityLoginCodesRelations = relations(identityLoginCodes, ({ one }) => ({
+	selfserviceLoginFlow: one(selfserviceLoginFlows, {
+		fields: [identityLoginCodes.selfserviceLoginFlowId],
+		references: [selfserviceLoginFlows.id],
+	}),
+	network: one(networks, {
+		fields: [identityLoginCodes.nid],
+		references: [networks.id],
+	}),
+	identity: one(identities, {
+		fields: [identityLoginCodes.identityId],
+		references: [identities.id],
+	}),
+}));
+
+export const identityRegistrationCodesRelations = relations(identityRegistrationCodes, ({ one }) => ({
+	selfserviceRegistrationFlow: one(selfserviceRegistrationFlows, {
+		fields: [identityRegistrationCodes.selfserviceRegistrationFlowId],
+		references: [selfserviceRegistrationFlows.id],
+	}),
+	network: one(networks, {
+		fields: [identityRegistrationCodes.nid],
+		references: [networks.id],
+	}),
+}));
\ No newline at end of file
diff --git a/dashboard/drizzle/schema.ts b/dashboard/drizzle/schema.ts
index e69de29..4aa73e5 100644
--- a/dashboard/drizzle/schema.ts
+++ b/dashboard/drizzle/schema.ts
@@ -0,0 +1,713 @@
+import {
+	boolean,
+	char,
+	check,
+	foreignKey,
+	index,
+	integer,
+	json,
+	jsonb,
+	pgTable,
+	text,
+	timestamp,
+	unique,
+	uniqueIndex,
+	uuid,
+	varchar,
+} from 'drizzle-orm/pg-core';
+import { sql } from 'drizzle-orm';
+
+export const schemaMigration = pgTable('schema_migration', {
+	version: varchar({ length: 48 }).notNull(),
+	versionSelf: integer('version_self').default(0).notNull(),
+}, (table) => [
+	uniqueIndex('schema_migration_version_idx').using('btree', table.version.asc().nullsLast().op('text_ops')),
+	index('schema_migration_version_self_idx').using('btree', table.versionSelf.asc().nullsLast().op('int4_ops')),
+]);
+
+export const identityCredentials = pgTable('identity_credentials', {
+	id: uuid().primaryKey().notNull(),
+	config: jsonb().notNull(),
+	identityCredentialTypeId: uuid('identity_credential_type_id').notNull(),
+	identityId: uuid('identity_id').notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	nid: uuid(),
+	version: integer().default(0).notNull(),
+}, (table) => [
+	index('identity_credentials_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_credentials_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	index('identity_credentials_nid_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.identityId],
+		foreignColumns: [identities.id],
+		name: 'identity_credentials_identity_id_fkey',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.identityCredentialTypeId],
+		foreignColumns: [identityCredentialTypes.id],
+		name: 'identity_credentials_identity_credential_type_id_fkey',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'identity_credentials_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityCredentialTypes = pgTable('identity_credential_types', {
+	id: uuid().primaryKey().notNull(),
+	name: varchar({ length: 32 }).notNull(),
+}, (table) => [
+	uniqueIndex('identity_credential_types_name_idx').using('btree', table.name.asc().nullsLast().op('text_ops')),
+]);
+
+export const selfserviceLoginFlows = pgTable('selfservice_login_flows', {
+	id: uuid().primaryKey().notNull(),
+	requestUrl: text('request_url').notNull(),
+	issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+	activeMethod: varchar('active_method', { length: 32 }).notNull(),
+	csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	forced: boolean().default(false).notNull(),
+	type: varchar({ length: 16 }).default('browser').notNull(),
+	ui: jsonb(),
+	nid: uuid(),
+	requestedAal: varchar('requested_aal', { length: 4 }).default('aal1').notNull(),
+	internalContext: jsonb('internal_context').notNull(),
+	oauth2LoginChallenge: uuid('oauth2_login_challenge'),
+	oauth2LoginChallengeData: text('oauth2_login_challenge_data'),
+	state: varchar({ length: 255 }),
+	submitCount: integer('submit_count').default(0).notNull(),
+	organizationId: uuid('organization_id'),
+}, (table) => [
+	index('selfservice_login_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('selfservice_login_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'selfservice_login_flows_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const networks = pgTable('networks', {
+	id: uuid().primaryKey().notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+});
+
+export const selfserviceRegistrationFlows = pgTable('selfservice_registration_flows', {
+	id: uuid().primaryKey().notNull(),
+	requestUrl: text('request_url').notNull(),
+	issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+	activeMethod: varchar('active_method', { length: 32 }).notNull(),
+	csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	type: varchar({ length: 16 }).default('browser').notNull(),
+	ui: jsonb(),
+	nid: uuid(),
+	internalContext: jsonb('internal_context').notNull(),
+	oauth2LoginChallenge: uuid('oauth2_login_challenge'),
+	oauth2LoginChallengeData: text('oauth2_login_challenge_data'),
+	state: varchar({ length: 255 }),
+	submitCount: integer('submit_count').default(0).notNull(),
+	organizationId: uuid('organization_id'),
+}, (table) => [
+	index('selfservice_registration_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('selfservice_registration_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'selfservice_registration_flows_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identities = pgTable('identities', {
+	id: uuid().primaryKey().notNull(),
+	schemaId: varchar('schema_id', { length: 2048 }).notNull(),
+	traits: jsonb().notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	nid: uuid(),
+	state: varchar({ length: 255 }).default('active').notNull(),
+	stateChangedAt: timestamp('state_changed_at', { mode: 'string' }),
+	metadataPublic: jsonb('metadata_public'),
+	metadataAdmin: jsonb('metadata_admin'),
+	availableAal: varchar('available_aal', { length: 4 }),
+	organizationId: uuid('organization_id'),
+}, (table) => [
+	index('identities_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identities_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'identities_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityCredentialIdentifiers = pgTable('identity_credential_identifiers', {
+	id: uuid().primaryKey().notNull(),
+	identifier: varchar({ length: 255 }).notNull(),
+	identityCredentialId: uuid('identity_credential_id').notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	nid: uuid(),
+	identityCredentialTypeId: uuid('identity_credential_type_id').notNull(),
+}, (table) => [
+	index('identity_credential_identifiers_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	uniqueIndex('identity_credential_identifiers_identifier_nid_type_uq_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.identityCredentialTypeId.asc().nullsLast().op('uuid_ops'), table.identifier.asc().nullsLast().op('uuid_ops')),
+	index('identity_credential_identifiers_nid_i_ici_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.identifier.asc().nullsLast().op('text_ops'), table.identityCredentialId.asc().nullsLast().op('text_ops')),
+	index('identity_credential_identifiers_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	index('identity_credential_identifiers_nid_identity_credential_id_idx').using('btree', table.identityCredentialId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.identityCredentialId],
+		foreignColumns: [identityCredentials.id],
+		name: 'identity_credential_identifiers_identity_credential_id_fkey',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'identity_credential_identifiers_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+	foreignKey({
+		columns: [table.identityCredentialTypeId],
+		foreignColumns: [identityCredentialTypes.id],
+		name: 'identity_credential_identifiers_type_id_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityVerifiableAddresses = pgTable('identity_verifiable_addresses', {
+	id: uuid().primaryKey().notNull(),
+	status: varchar({ length: 16 }).notNull(),
+	via: varchar({ length: 16 }).notNull(),
+	verified: boolean().notNull(),
+	value: varchar({ length: 400 }).notNull(),
+	verifiedAt: timestamp('verified_at', { mode: 'string' }),
+	identityId: uuid('identity_id').notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	nid: uuid(),
+}, (table) => [
+	index('identity_verifiable_addresses_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_verifiable_addresses_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	index('identity_verifiable_addresses_nid_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_verifiable_addresses_status_via_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('text_ops')),
+	uniqueIndex('identity_verifiable_addresses_status_via_uq_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.identityId],
+		foreignColumns: [identities.id],
+		name: 'identity_verifiable_addresses_identity_id_fkey',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'identity_verifiable_addresses_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const courierMessages = pgTable('courier_messages', {
+	id: uuid().primaryKey().notNull(),
+	type: integer().notNull(),
+	status: integer().notNull(),
+	body: text().notNull(),
+	subject: varchar({ length: 255 }).notNull(),
+	recipient: varchar({ length: 255 }).notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	templateType: varchar('template_type', { length: 255 }).default('').notNull(),
+	// TODO: failed to parse database type 'bytea'
+	templateData: varchar('template_data'),
+	nid: uuid(),
+	sendCount: integer('send_count').default(0).notNull(),
+	channel: varchar({ length: 32 }),
+}, (table) => [
+	index('courier_messages_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('courier_messages_nid_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('timestamp_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops')),
+	index('courier_messages_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	index('courier_messages_nid_recipient_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('timestamp_ops'), table.recipient.asc().nullsLast().op('text_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops')),
+	index('courier_messages_nid_status_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.status.asc().nullsLast().op('timestamp_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops')),
+	index('courier_messages_status_idx').using('btree', table.status.asc().nullsLast().op('int4_ops')),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'courier_messages_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const selfserviceErrors = pgTable('selfservice_errors', {
+	id: uuid().primaryKey().notNull(),
+	errors: jsonb().notNull(),
+	seenAt: timestamp('seen_at', { mode: 'string' }),
+	wasSeen: boolean('was_seen').notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	csrfToken: varchar('csrf_token', { length: 255 }).default('').notNull(),
+	nid: uuid(),
+}, (table) => [
+	index('selfservice_errors_errors_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'selfservice_errors_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const selfserviceVerificationFlows = pgTable('selfservice_verification_flows', {
+	id: uuid().primaryKey().notNull(),
+	requestUrl: text('request_url').notNull(),
+	issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+	csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	type: varchar({ length: 16 }).default('browser').notNull(),
+	state: varchar({ length: 255 }).default('show_form').notNull(),
+	activeMethod: varchar('active_method', { length: 32 }),
+	ui: jsonb(),
+	nid: uuid(),
+	submitCount: integer('submit_count').default(0).notNull(),
+	oauth2LoginChallenge: text('oauth2_login_challenge'),
+	sessionId: uuid('session_id'),
+	identityId: uuid('identity_id'),
+	authenticationMethods: json('authentication_methods'),
+}, (table) => [
+	index('selfservice_verification_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('selfservice_verification_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'selfservice_verification_flows_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const selfserviceSettingsFlows = pgTable('selfservice_settings_flows', {
+	id: uuid().primaryKey().notNull(),
+	requestUrl: text('request_url').notNull(),
+	issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+	identityId: uuid('identity_id').notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	activeMethod: varchar('active_method', { length: 32 }),
+	state: varchar({ length: 255 }).default('show_form').notNull(),
+	type: varchar({ length: 16 }).default('browser').notNull(),
+	ui: jsonb(),
+	nid: uuid(),
+	internalContext: jsonb('internal_context').notNull(),
+}, (table) => [
+	index('selfservice_settings_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('selfservice_settings_flows_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('selfservice_settings_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.identityId],
+		foreignColumns: [identities.id],
+		name: 'selfservice_profile_management_requests_identity_id_fkey',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'selfservice_settings_flows_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const continuityContainers = pgTable('continuity_containers', {
+	id: uuid().primaryKey().notNull(),
+	identityId: uuid('identity_id'),
+	name: varchar({ length: 255 }).notNull(),
+	payload: jsonb(),
+	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	nid: uuid(),
+}, (table) => [
+	index('continuity_containers_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('continuity_containers_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('continuity_containers_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.identityId],
+		foreignColumns: [identities.id],
+		name: 'continuity_containers_identity_id_fkey',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'continuity_containers_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const sessions = pgTable('sessions', {
+	id: uuid().primaryKey().notNull(),
+	issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+	authenticatedAt: timestamp('authenticated_at', { mode: 'string' }).notNull(),
+	identityId: uuid('identity_id').notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	token: varchar({ length: 39 }),
+	active: boolean().default(false),
+	nid: uuid(),
+	logoutToken: varchar('logout_token', { length: 39 }),
+	aal: varchar({ length: 4 }).default('aal1').notNull(),
+	authenticationMethods: jsonb('authentication_methods').notNull(),
+}, (table) => [
+	index('sessions_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('sessions_identity_id_nid_sorted_idx').using('btree', table.identityId.asc().nullsLast().op('timestamp_ops'), table.nid.asc().nullsLast().op('timestamp_ops'), table.authenticatedAt.desc().nullsFirst().op('uuid_ops')),
+	uniqueIndex('sessions_logout_token_uq_idx').using('btree', table.logoutToken.asc().nullsLast().op('text_ops')),
+	index('sessions_nid_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	index('sessions_nid_id_identity_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.identityId.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	index('sessions_token_nid_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.token.asc().nullsLast().op('text_ops')),
+	uniqueIndex('sessions_token_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
+	foreignKey({
+		columns: [table.identityId],
+		foreignColumns: [identities.id],
+		name: 'sessions_identity_id_fkey',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'sessions_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityRecoveryAddresses = pgTable('identity_recovery_addresses', {
+	id: uuid().primaryKey().notNull(),
+	via: varchar({ length: 16 }).notNull(),
+	value: varchar({ length: 400 }).notNull(),
+	identityId: uuid('identity_id').notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	nid: uuid(),
+}, (table) => [
+	index('identity_recovery_addresses_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_recovery_addresses_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	index('identity_recovery_addresses_nid_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_recovery_addresses_status_via_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('text_ops')),
+	uniqueIndex('identity_recovery_addresses_status_via_uq_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.identityId],
+		foreignColumns: [identities.id],
+		name: 'identity_recovery_addresses_identity_id_fkey',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'identity_recovery_addresses_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityVerificationTokens = pgTable('identity_verification_tokens', {
+	id: uuid().primaryKey().notNull(),
+	token: varchar({ length: 64 }).notNull(),
+	used: boolean().default(false).notNull(),
+	usedAt: timestamp('used_at', { mode: 'string' }),
+	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+	issuedAt: timestamp('issued_at', { mode: 'string' }).notNull(),
+	identityVerifiableAddressId: uuid('identity_verifiable_address_id').notNull(),
+	selfserviceVerificationFlowId: uuid('selfservice_verification_flow_id').notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	nid: uuid(),
+}, (table) => [
+	index('identity_verification_tokens_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_verification_tokens_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	index('identity_verification_tokens_token_nid_used_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.token.asc().nullsLast().op('bool_ops'), table.used.asc().nullsLast().op('text_ops'), table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
+	uniqueIndex('identity_verification_tokens_token_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
+	index('identity_verification_tokens_verifiable_address_id_idx').using('btree', table.identityVerifiableAddressId.asc().nullsLast().op('uuid_ops')),
+	index('identity_verification_tokens_verification_flow_id_idx').using('btree', table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.identityVerifiableAddressId],
+		foreignColumns: [identityVerifiableAddresses.id],
+		name: 'identity_verification_tokens_identity_verifiable_address_i_fkey',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.selfserviceVerificationFlowId],
+		foreignColumns: [selfserviceVerificationFlows.id],
+		name: 'identity_verification_tokens_selfservice_verification_flow_fkey',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'identity_verification_tokens_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const selfserviceRecoveryFlows = pgTable('selfservice_recovery_flows', {
+	id: uuid().primaryKey().notNull(),
+	requestUrl: text('request_url').notNull(),
+	issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+	activeMethod: varchar('active_method', { length: 32 }),
+	csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
+	state: varchar({ length: 32 }).notNull(),
+	recoveredIdentityId: uuid('recovered_identity_id'),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	type: varchar({ length: 16 }).default('browser').notNull(),
+	ui: jsonb(),
+	nid: uuid(),
+	submitCount: integer('submit_count').default(0).notNull(),
+	skipCsrfCheck: boolean('skip_csrf_check').default(false).notNull(),
+}, (table) => [
+	index('selfservice_recovery_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('selfservice_recovery_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	index('selfservice_recovery_flows_recovered_identity_id_nid_idx').using('btree', table.recoveredIdentityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.recoveredIdentityId],
+		foreignColumns: [identities.id],
+		name: 'selfservice_recovery_requests_recovered_identity_id_fkey',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'selfservice_recovery_flows_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityRecoveryTokens = pgTable('identity_recovery_tokens', {
+	id: uuid().primaryKey().notNull(),
+	token: varchar({ length: 64 }).notNull(),
+	used: boolean().default(false).notNull(),
+	usedAt: timestamp('used_at', { mode: 'string' }),
+	identityRecoveryAddressId: uuid('identity_recovery_address_id'),
+	selfserviceRecoveryFlowId: uuid('selfservice_recovery_flow_id'),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+	issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+	nid: uuid(),
+	identityId: uuid('identity_id').notNull(),
+	tokenType: integer('token_type').default(0).notNull(),
+}, (table) => [
+	uniqueIndex('identity_recovery_addresses_code_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
+	index('identity_recovery_tokens_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_recovery_tokens_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_recovery_tokens_identity_recovery_address_id_idx').using('btree', table.identityRecoveryAddressId.asc().nullsLast().op('uuid_ops')),
+	index('identity_recovery_tokens_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+	index('identity_recovery_tokens_selfservice_recovery_flow_id_idx').using('btree', table.selfserviceRecoveryFlowId.asc().nullsLast().op('uuid_ops')),
+	index('identity_recovery_tokens_token_nid_used_idx').using('btree', table.nid.asc().nullsLast().op('bool_ops'), table.token.asc().nullsLast().op('text_ops'), table.used.asc().nullsLast().op('bool_ops')),
+	foreignKey({
+		columns: [table.selfserviceRecoveryFlowId],
+		foreignColumns: [selfserviceRecoveryFlows.id],
+		name: 'identity_recovery_tokens_selfservice_recovery_request_id_fkey',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'identity_recovery_tokens_nid_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+	foreignKey({
+		columns: [table.identityRecoveryAddressId],
+		foreignColumns: [identityRecoveryAddresses.id],
+		name: 'identity_recovery_tokens_identity_recovery_address_id_fkey',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.identityId],
+		foreignColumns: [identities.id],
+		name: 'identity_recovery_tokens_identity_id_fk_idx',
+	}).onUpdate('restrict').onDelete('cascade'),
+	check('identity_recovery_tokens_token_type_ck', sql`(token_type = 1)
+														OR (token_type = 2)`),
+]);
+
+export const identityRecoveryCodes = pgTable('identity_recovery_codes', {
+	id: uuid().primaryKey().notNull(),
+	code: varchar({ length: 64 }).notNull(),
+	usedAt: timestamp('used_at', { mode: 'string' }),
+	identityRecoveryAddressId: uuid('identity_recovery_address_id'),
+	codeType: integer('code_type').notNull(),
+	expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+	issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+	selfserviceRecoveryFlowId: uuid('selfservice_recovery_flow_id').notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	nid: uuid().notNull(),
+	identityId: uuid('identity_id').notNull(),
+}, (table) => [
+	index('identity_recovery_codes_flow_id_idx').using('btree', table.selfserviceRecoveryFlowId.asc().nullsLast().op('uuid_ops')),
+	index('identity_recovery_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_recovery_codes_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_recovery_codes_identity_recovery_address_id_nid_idx').using('btree', table.identityRecoveryAddressId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_recovery_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceRecoveryFlowId.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.identityRecoveryAddressId],
+		foreignColumns: [identityRecoveryAddresses.id],
+		name: 'identity_recovery_codes_identity_recovery_addresses_id_fk',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.selfserviceRecoveryFlowId],
+		foreignColumns: [selfserviceRecoveryFlows.id],
+		name: 'identity_recovery_codes_selfservice_recovery_flows_id_fk',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.identityId],
+		foreignColumns: [identities.id],
+		name: 'identity_recovery_codes_identity_id_fk',
+	}).onUpdate('restrict').onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'identity_recovery_codes_networks_id_fk',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const sessionDevices = pgTable('session_devices', {
+	id: uuid().primaryKey().notNull(),
+	ipAddress: varchar('ip_address', { length: 50 }).default(''),
+	userAgent: varchar('user_agent', { length: 512 }).default(''),
+	location: varchar({ length: 512 }).default(''),
+	nid: uuid().notNull(),
+	sessionId: uuid('session_id').notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+}, (table) => [
+	index('session_devices_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('session_devices_session_id_nid_idx').using('btree', table.sessionId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.sessionId],
+		foreignColumns: [sessions.id],
+		name: 'session_metadata_sessions_id_fk',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'session_metadata_nid_fk',
+	}).onDelete('cascade'),
+	unique('unique_session_device').on(table.ipAddress, table.userAgent, table.nid, table.sessionId),
+]);
+
+export const identityVerificationCodes = pgTable('identity_verification_codes', {
+	id: uuid().primaryKey().notNull(),
+	codeHmac: varchar('code_hmac', { length: 64 }).notNull(),
+	usedAt: timestamp('used_at', { mode: 'string' }),
+	identityVerifiableAddressId: uuid('identity_verifiable_address_id'),
+	expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+	issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+	selfserviceVerificationFlowId: uuid('selfservice_verification_flow_id').notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+	nid: uuid().notNull(),
+}, (table) => [
+	index('identity_verification_codes_flow_id_idx').using('btree', table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
+	index('identity_verification_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_verification_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
+	index('identity_verification_codes_verifiable_address_nid_idx').using('btree', table.identityVerifiableAddressId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.identityVerifiableAddressId],
+		foreignColumns: [identityVerifiableAddresses.id],
+		name: 'identity_verification_codes_identity_verifiable_addresses_id_fk',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.selfserviceVerificationFlowId],
+		foreignColumns: [selfserviceVerificationFlows.id],
+		name: 'identity_verification_codes_selfservice_verification_flows_id_f',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'identity_verification_codes_networks_id_fk',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const courierMessageDispatches = pgTable('courier_message_dispatches', {
+	id: uuid().primaryKey().notNull(),
+	messageId: uuid('message_id').notNull(),
+	status: varchar({ length: 7 }).notNull(),
+	error: json(),
+	nid: uuid().notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+}, (table) => [
+	index('courier_message_dispatches_message_id_idx').using('btree', table.messageId.asc().nullsLast().op('timestamp_ops'), table.createdAt.desc().nullsFirst().op('timestamp_ops')),
+	index('courier_message_dispatches_nid_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.messageId],
+		foreignColumns: [courierMessages.id],
+		name: 'courier_message_dispatches_message_id_fk',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'courier_message_dispatches_nid_fk',
+	}).onDelete('cascade'),
+]);
+
+export const sessionTokenExchanges = pgTable('session_token_exchanges', {
+	id: uuid().primaryKey().notNull(),
+	nid: uuid().notNull(),
+	flowId: uuid('flow_id').notNull(),
+	sessionId: uuid('session_id'),
+	initCode: varchar('init_code', { length: 64 }).notNull(),
+	returnToCode: varchar('return_to_code', { length: 64 }).notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+}, (table) => [
+	index('session_token_exchanges_nid_code_idx').using('btree', table.initCode.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('text_ops')),
+	index('session_token_exchanges_nid_flow_id_idx').using('btree', table.flowId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+]);
+
+export const identityLoginCodes = pgTable('identity_login_codes', {
+	id: uuid().primaryKey().notNull(),
+	code: varchar({ length: 64 }).notNull(),
+	address: varchar({ length: 255 }).notNull(),
+	addressType: char('address_type', { length: 36 }).notNull(),
+	usedAt: timestamp('used_at', { mode: 'string' }),
+	expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+	issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+	selfserviceLoginFlowId: uuid('selfservice_login_flow_id').notNull(),
+	identityId: uuid('identity_id').notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+	nid: uuid().notNull(),
+}, (table) => [
+	index('identity_login_codes_flow_id_idx').using('btree', table.selfserviceLoginFlowId.asc().nullsLast().op('uuid_ops')),
+	index('identity_login_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_login_codes_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops')),
+	index('identity_login_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceLoginFlowId.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.selfserviceLoginFlowId],
+		foreignColumns: [selfserviceLoginFlows.id],
+		name: 'identity_login_codes_selfservice_login_flows_id_fk',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'identity_login_codes_networks_id_fk',
+	}).onUpdate('restrict').onDelete('cascade'),
+	foreignKey({
+		columns: [table.identityId],
+		foreignColumns: [identities.id],
+		name: 'identity_login_codes_identity_id_fk',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityRegistrationCodes = pgTable('identity_registration_codes', {
+	id: uuid().primaryKey().notNull(),
+	code: varchar({ length: 64 }).notNull(),
+	address: varchar({ length: 255 }).notNull(),
+	addressType: char('address_type', { length: 36 }).notNull(),
+	usedAt: timestamp('used_at', { mode: 'string' }),
+	expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+	issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+	selfserviceRegistrationFlowId: uuid('selfservice_registration_flow_id').notNull(),
+	createdAt: timestamp('created_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+	updatedAt: timestamp('updated_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+	nid: uuid().notNull(),
+}, (table) => [
+	index('identity_registration_codes_flow_id_idx').using('btree', table.selfserviceRegistrationFlowId.asc().nullsLast().op('uuid_ops')),
+	index('identity_registration_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+	index('identity_registration_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceRegistrationFlowId.asc().nullsLast().op('uuid_ops')),
+	foreignKey({
+		columns: [table.selfserviceRegistrationFlowId],
+		foreignColumns: [selfserviceRegistrationFlows.id],
+		name: 'identity_registration_codes_selfservice_registration_flows_id_f',
+	}).onDelete('cascade'),
+	foreignKey({
+		columns: [table.nid],
+		foreignColumns: [networks.id],
+		name: 'identity_registration_codes_networks_id_fk',
+	}).onUpdate('restrict').onDelete('cascade'),
+]);
diff --git a/dashboard/src/db/schema.ts b/dashboard/src/db/schema.ts
index e69de29..5514575 100644
--- a/dashboard/src/db/schema.ts
+++ b/dashboard/src/db/schema.ts
@@ -0,0 +1,713 @@
+import {
+    boolean,
+    char,
+    check,
+    foreignKey,
+    index,
+    integer,
+    json,
+    jsonb,
+    pgTable,
+    text,
+    timestamp,
+    unique,
+    uniqueIndex,
+    uuid,
+    varchar,
+} from 'drizzle-orm/pg-core';
+import { sql } from 'drizzle-orm';
+
+export const schemaMigration = pgTable('schema_migration', {
+    version: varchar({ length: 48 }).notNull(),
+    versionSelf: integer('version_self').default(0).notNull(),
+}, (table) => [
+    uniqueIndex('schema_migration_version_idx').using('btree', table.version.asc().nullsLast().op('text_ops')),
+    index('schema_migration_version_self_idx').using('btree', table.versionSelf.asc().nullsLast().op('int4_ops')),
+]);
+
+export const identityCredentials = pgTable('identity_credentials', {
+    id: uuid().primaryKey().notNull(),
+    config: jsonb().notNull(),
+    identityCredentialTypeId: uuid('identity_credential_type_id').notNull(),
+    identityId: uuid('identity_id').notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
+    version: integer().default(0).notNull(),
+}, (table) => [
+    index('identity_credentials_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_credentials_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('identity_credentials_nid_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identityId],
+        foreignColumns: [identities.id],
+        name: 'identity_credentials_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.identityCredentialTypeId],
+        foreignColumns: [identityCredentialTypes.id],
+        name: 'identity_credentials_identity_credential_type_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_credentials_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityCredentialTypes = pgTable('identity_credential_types', {
+    id: uuid().primaryKey().notNull(),
+    name: varchar({ length: 32 }).notNull(),
+}, (table) => [
+    uniqueIndex('identity_credential_types_name_idx').using('btree', table.name.asc().nullsLast().op('text_ops')),
+]);
+
+export const selfserviceLoginFlows = pgTable('selfservice_login_flows', {
+    id: uuid().primaryKey().notNull(),
+    requestUrl: text('request_url').notNull(),
+    issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+    activeMethod: varchar('active_method', { length: 32 }).notNull(),
+    csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    forced: boolean().default(false).notNull(),
+    type: varchar({ length: 16 }).default('browser').notNull(),
+    ui: jsonb(),
+    nid: uuid(),
+    requestedAal: varchar('requested_aal', { length: 4 }).default('aal1').notNull(),
+    internalContext: jsonb('internal_context').notNull(),
+    oauth2LoginChallenge: uuid('oauth2_login_challenge'),
+    oauth2LoginChallengeData: text('oauth2_login_challenge_data'),
+    state: varchar({ length: 255 }),
+    submitCount: integer('submit_count').default(0).notNull(),
+    organizationId: uuid('organization_id'),
+}, (table) => [
+    index('selfservice_login_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_login_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'selfservice_login_flows_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const networks = pgTable('networks', {
+    id: uuid().primaryKey().notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+});
+
+export const selfserviceRegistrationFlows = pgTable('selfservice_registration_flows', {
+    id: uuid().primaryKey().notNull(),
+    requestUrl: text('request_url').notNull(),
+    issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+    activeMethod: varchar('active_method', { length: 32 }).notNull(),
+    csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    type: varchar({ length: 16 }).default('browser').notNull(),
+    ui: jsonb(),
+    nid: uuid(),
+    internalContext: jsonb('internal_context').notNull(),
+    oauth2LoginChallenge: uuid('oauth2_login_challenge'),
+    oauth2LoginChallengeData: text('oauth2_login_challenge_data'),
+    state: varchar({ length: 255 }),
+    submitCount: integer('submit_count').default(0).notNull(),
+    organizationId: uuid('organization_id'),
+}, (table) => [
+    index('selfservice_registration_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_registration_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'selfservice_registration_flows_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identities = pgTable('identities', {
+    id: uuid().primaryKey().notNull(),
+    schemaId: varchar('schema_id', { length: 2048 }).notNull(),
+    traits: jsonb().notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
+    state: varchar({ length: 255 }).default('active').notNull(),
+    stateChangedAt: timestamp('state_changed_at', { mode: 'string' }),
+    metadataPublic: jsonb('metadata_public'),
+    metadataAdmin: jsonb('metadata_admin'),
+    availableAal: varchar('available_aal', { length: 4 }),
+    organizationId: uuid('organization_id'),
+}, (table) => [
+    index('identities_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identities_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identities_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityCredentialIdentifiers = pgTable('identity_credential_identifiers', {
+    id: uuid().primaryKey().notNull(),
+    identifier: varchar({ length: 255 }).notNull(),
+    identityCredentialId: uuid('identity_credential_id').notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
+    identityCredentialTypeId: uuid('identity_credential_type_id').notNull(),
+}, (table) => [
+    index('identity_credential_identifiers_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    uniqueIndex('identity_credential_identifiers_identifier_nid_type_uq_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.identityCredentialTypeId.asc().nullsLast().op('uuid_ops'), table.identifier.asc().nullsLast().op('uuid_ops')),
+    index('identity_credential_identifiers_nid_i_ici_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.identifier.asc().nullsLast().op('text_ops'), table.identityCredentialId.asc().nullsLast().op('text_ops')),
+    index('identity_credential_identifiers_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('identity_credential_identifiers_nid_identity_credential_id_idx').using('btree', table.identityCredentialId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identityCredentialId],
+        foreignColumns: [identityCredentials.id],
+        name: 'identity_credential_identifiers_identity_credential_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_credential_identifiers_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+    foreignKey({
+        columns: [table.identityCredentialTypeId],
+        foreignColumns: [identityCredentialTypes.id],
+        name: 'identity_credential_identifiers_type_id_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityVerifiableAddresses = pgTable('identity_verifiable_addresses', {
+    id: uuid().primaryKey().notNull(),
+    status: varchar({ length: 16 }).notNull(),
+    via: varchar({ length: 16 }).notNull(),
+    verified: boolean().notNull(),
+    value: varchar({ length: 400 }).notNull(),
+    verifiedAt: timestamp('verified_at', { mode: 'string' }),
+    identityId: uuid('identity_id').notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
+}, (table) => [
+    index('identity_verifiable_addresses_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_verifiable_addresses_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('identity_verifiable_addresses_nid_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_verifiable_addresses_status_via_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('text_ops')),
+    uniqueIndex('identity_verifiable_addresses_status_via_uq_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identityId],
+        foreignColumns: [identities.id],
+        name: 'identity_verifiable_addresses_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_verifiable_addresses_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const courierMessages = pgTable('courier_messages', {
+    id: uuid().primaryKey().notNull(),
+    type: integer().notNull(),
+    status: integer().notNull(),
+    body: text().notNull(),
+    subject: varchar({ length: 255 }).notNull(),
+    recipient: varchar({ length: 255 }).notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    templateType: varchar('template_type', { length: 255 }).default('').notNull(),
+    // TODO: failed to parse database type 'bytea'
+    templateData: varchar('template_data'),
+    nid: uuid(),
+    sendCount: integer('send_count').default(0).notNull(),
+    channel: varchar({ length: 32 }),
+}, (table) => [
+    index('courier_messages_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('courier_messages_nid_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('timestamp_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops')),
+    index('courier_messages_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('courier_messages_nid_recipient_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('timestamp_ops'), table.recipient.asc().nullsLast().op('text_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops')),
+    index('courier_messages_nid_status_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.status.asc().nullsLast().op('timestamp_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops')),
+    index('courier_messages_status_idx').using('btree', table.status.asc().nullsLast().op('int4_ops')),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'courier_messages_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const selfserviceErrors = pgTable('selfservice_errors', {
+    id: uuid().primaryKey().notNull(),
+    errors: jsonb().notNull(),
+    seenAt: timestamp('seen_at', { mode: 'string' }),
+    wasSeen: boolean('was_seen').notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    csrfToken: varchar('csrf_token', { length: 255 }).default('').notNull(),
+    nid: uuid(),
+}, (table) => [
+    index('selfservice_errors_errors_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'selfservice_errors_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const selfserviceVerificationFlows = pgTable('selfservice_verification_flows', {
+    id: uuid().primaryKey().notNull(),
+    requestUrl: text('request_url').notNull(),
+    issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+    csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    type: varchar({ length: 16 }).default('browser').notNull(),
+    state: varchar({ length: 255 }).default('show_form').notNull(),
+    activeMethod: varchar('active_method', { length: 32 }),
+    ui: jsonb(),
+    nid: uuid(),
+    submitCount: integer('submit_count').default(0).notNull(),
+    oauth2LoginChallenge: text('oauth2_login_challenge'),
+    sessionId: uuid('session_id'),
+    identityId: uuid('identity_id'),
+    authenticationMethods: json('authentication_methods'),
+}, (table) => [
+    index('selfservice_verification_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_verification_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'selfservice_verification_flows_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const selfserviceSettingsFlows = pgTable('selfservice_settings_flows', {
+    id: uuid().primaryKey().notNull(),
+    requestUrl: text('request_url').notNull(),
+    issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+    identityId: uuid('identity_id').notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    activeMethod: varchar('active_method', { length: 32 }),
+    state: varchar({ length: 255 }).default('show_form').notNull(),
+    type: varchar({ length: 16 }).default('browser').notNull(),
+    ui: jsonb(),
+    nid: uuid(),
+    internalContext: jsonb('internal_context').notNull(),
+}, (table) => [
+    index('selfservice_settings_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_settings_flows_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_settings_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identityId],
+        foreignColumns: [identities.id],
+        name: 'selfservice_profile_management_requests_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'selfservice_settings_flows_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const continuityContainers = pgTable('continuity_containers', {
+    id: uuid().primaryKey().notNull(),
+    identityId: uuid('identity_id'),
+    name: varchar({ length: 255 }).notNull(),
+    payload: jsonb(),
+    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
+}, (table) => [
+    index('continuity_containers_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('continuity_containers_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('continuity_containers_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identityId],
+        foreignColumns: [identities.id],
+        name: 'continuity_containers_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'continuity_containers_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const sessions = pgTable('sessions', {
+    id: uuid().primaryKey().notNull(),
+    issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+    authenticatedAt: timestamp('authenticated_at', { mode: 'string' }).notNull(),
+    identityId: uuid('identity_id').notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    token: varchar({ length: 39 }),
+    active: boolean().default(false),
+    nid: uuid(),
+    logoutToken: varchar('logout_token', { length: 39 }),
+    aal: varchar({ length: 4 }).default('aal1').notNull(),
+    authenticationMethods: jsonb('authentication_methods').notNull(),
+}, (table) => [
+    index('sessions_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('sessions_identity_id_nid_sorted_idx').using('btree', table.identityId.asc().nullsLast().op('timestamp_ops'), table.nid.asc().nullsLast().op('timestamp_ops'), table.authenticatedAt.desc().nullsFirst().op('uuid_ops')),
+    uniqueIndex('sessions_logout_token_uq_idx').using('btree', table.logoutToken.asc().nullsLast().op('text_ops')),
+    index('sessions_nid_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('sessions_nid_id_identity_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.identityId.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('sessions_token_nid_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.token.asc().nullsLast().op('text_ops')),
+    uniqueIndex('sessions_token_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
+    foreignKey({
+        columns: [table.identityId],
+        foreignColumns: [identities.id],
+        name: 'sessions_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'sessions_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityRecoveryAddresses = pgTable('identity_recovery_addresses', {
+    id: uuid().primaryKey().notNull(),
+    via: varchar({ length: 16 }).notNull(),
+    value: varchar({ length: 400 }).notNull(),
+    identityId: uuid('identity_id').notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
+}, (table) => [
+    index('identity_recovery_addresses_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_addresses_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_addresses_nid_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_addresses_status_via_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('text_ops')),
+    uniqueIndex('identity_recovery_addresses_status_via_uq_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identityId],
+        foreignColumns: [identities.id],
+        name: 'identity_recovery_addresses_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_recovery_addresses_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityVerificationTokens = pgTable('identity_verification_tokens', {
+    id: uuid().primaryKey().notNull(),
+    token: varchar({ length: 64 }).notNull(),
+    used: boolean().default(false).notNull(),
+    usedAt: timestamp('used_at', { mode: 'string' }),
+    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+    issuedAt: timestamp('issued_at', { mode: 'string' }).notNull(),
+    identityVerifiableAddressId: uuid('identity_verifiable_address_id').notNull(),
+    selfserviceVerificationFlowId: uuid('selfservice_verification_flow_id').notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
+}, (table) => [
+    index('identity_verification_tokens_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_tokens_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_tokens_token_nid_used_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.token.asc().nullsLast().op('bool_ops'), table.used.asc().nullsLast().op('text_ops'), table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
+    uniqueIndex('identity_verification_tokens_token_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
+    index('identity_verification_tokens_verifiable_address_id_idx').using('btree', table.identityVerifiableAddressId.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_tokens_verification_flow_id_idx').using('btree', table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identityVerifiableAddressId],
+        foreignColumns: [identityVerifiableAddresses.id],
+        name: 'identity_verification_tokens_identity_verifiable_address_i_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.selfserviceVerificationFlowId],
+        foreignColumns: [selfserviceVerificationFlows.id],
+        name: 'identity_verification_tokens_selfservice_verification_flow_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_verification_tokens_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const selfserviceRecoveryFlows = pgTable('selfservice_recovery_flows', {
+    id: uuid().primaryKey().notNull(),
+    requestUrl: text('request_url').notNull(),
+    issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
+    activeMethod: varchar('active_method', { length: 32 }),
+    csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
+    state: varchar({ length: 32 }).notNull(),
+    recoveredIdentityId: uuid('recovered_identity_id'),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    type: varchar({ length: 16 }).default('browser').notNull(),
+    ui: jsonb(),
+    nid: uuid(),
+    submitCount: integer('submit_count').default(0).notNull(),
+    skipCsrfCheck: boolean('skip_csrf_check').default(false).notNull(),
+}, (table) => [
+    index('selfservice_recovery_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_recovery_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_recovery_flows_recovered_identity_id_nid_idx').using('btree', table.recoveredIdentityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.recoveredIdentityId],
+        foreignColumns: [identities.id],
+        name: 'selfservice_recovery_requests_recovered_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'selfservice_recovery_flows_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityRecoveryTokens = pgTable('identity_recovery_tokens', {
+    id: uuid().primaryKey().notNull(),
+    token: varchar({ length: 64 }).notNull(),
+    used: boolean().default(false).notNull(),
+    usedAt: timestamp('used_at', { mode: 'string' }),
+    identityRecoveryAddressId: uuid('identity_recovery_address_id'),
+    selfserviceRecoveryFlowId: uuid('selfservice_recovery_flow_id'),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    nid: uuid(),
+    identityId: uuid('identity_id').notNull(),
+    tokenType: integer('token_type').default(0).notNull(),
+}, (table) => [
+    uniqueIndex('identity_recovery_addresses_code_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
+    index('identity_recovery_tokens_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_tokens_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_tokens_identity_recovery_address_id_idx').using('btree', table.identityRecoveryAddressId.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_tokens_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_tokens_selfservice_recovery_flow_id_idx').using('btree', table.selfserviceRecoveryFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_tokens_token_nid_used_idx').using('btree', table.nid.asc().nullsLast().op('bool_ops'), table.token.asc().nullsLast().op('text_ops'), table.used.asc().nullsLast().op('bool_ops')),
+    foreignKey({
+        columns: [table.selfserviceRecoveryFlowId],
+        foreignColumns: [selfserviceRecoveryFlows.id],
+        name: 'identity_recovery_tokens_selfservice_recovery_request_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_recovery_tokens_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+    foreignKey({
+        columns: [table.identityRecoveryAddressId],
+        foreignColumns: [identityRecoveryAddresses.id],
+        name: 'identity_recovery_tokens_identity_recovery_address_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.identityId],
+        foreignColumns: [identities.id],
+        name: 'identity_recovery_tokens_identity_id_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+    check('identity_recovery_tokens_token_type_ck', sql`(token_type = 1)
+                                                        OR (token_type = 2)`),
+]);
+
+export const identityRecoveryCodes = pgTable('identity_recovery_codes', {
+    id: uuid().primaryKey().notNull(),
+    code: varchar({ length: 64 }).notNull(),
+    usedAt: timestamp('used_at', { mode: 'string' }),
+    identityRecoveryAddressId: uuid('identity_recovery_address_id'),
+    codeType: integer('code_type').notNull(),
+    expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    selfserviceRecoveryFlowId: uuid('selfservice_recovery_flow_id').notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid().notNull(),
+    identityId: uuid('identity_id').notNull(),
+}, (table) => [
+    index('identity_recovery_codes_flow_id_idx').using('btree', table.selfserviceRecoveryFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_codes_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_codes_identity_recovery_address_id_nid_idx').using('btree', table.identityRecoveryAddressId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceRecoveryFlowId.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identityRecoveryAddressId],
+        foreignColumns: [identityRecoveryAddresses.id],
+        name: 'identity_recovery_codes_identity_recovery_addresses_id_fk',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.selfserviceRecoveryFlowId],
+        foreignColumns: [selfserviceRecoveryFlows.id],
+        name: 'identity_recovery_codes_selfservice_recovery_flows_id_fk',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.identityId],
+        foreignColumns: [identities.id],
+        name: 'identity_recovery_codes_identity_id_fk',
+    }).onUpdate('restrict').onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_recovery_codes_networks_id_fk',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const sessionDevices = pgTable('session_devices', {
+    id: uuid().primaryKey().notNull(),
+    ipAddress: varchar('ip_address', { length: 50 }).default(''),
+    userAgent: varchar('user_agent', { length: 512 }).default(''),
+    location: varchar({ length: 512 }).default(''),
+    nid: uuid().notNull(),
+    sessionId: uuid('session_id').notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+}, (table) => [
+    index('session_devices_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('session_devices_session_id_nid_idx').using('btree', table.sessionId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.sessionId],
+        foreignColumns: [sessions.id],
+        name: 'session_metadata_sessions_id_fk',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'session_metadata_nid_fk',
+    }).onDelete('cascade'),
+    unique('unique_session_device').on(table.ipAddress, table.userAgent, table.nid, table.sessionId),
+]);
+
+export const identityVerificationCodes = pgTable('identity_verification_codes', {
+    id: uuid().primaryKey().notNull(),
+    codeHmac: varchar('code_hmac', { length: 64 }).notNull(),
+    usedAt: timestamp('used_at', { mode: 'string' }),
+    identityVerifiableAddressId: uuid('identity_verifiable_address_id'),
+    expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    selfserviceVerificationFlowId: uuid('selfservice_verification_flow_id').notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid().notNull(),
+}, (table) => [
+    index('identity_verification_codes_flow_id_idx').using('btree', table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_codes_verifiable_address_nid_idx').using('btree', table.identityVerifiableAddressId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identityVerifiableAddressId],
+        foreignColumns: [identityVerifiableAddresses.id],
+        name: 'identity_verification_codes_identity_verifiable_addresses_id_fk',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.selfserviceVerificationFlowId],
+        foreignColumns: [selfserviceVerificationFlows.id],
+        name: 'identity_verification_codes_selfservice_verification_flows_id_f',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_verification_codes_networks_id_fk',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const courierMessageDispatches = pgTable('courier_message_dispatches', {
+    id: uuid().primaryKey().notNull(),
+    messageId: uuid('message_id').notNull(),
+    status: varchar({ length: 7 }).notNull(),
+    error: json(),
+    nid: uuid().notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+}, (table) => [
+    index('courier_message_dispatches_message_id_idx').using('btree', table.messageId.asc().nullsLast().op('timestamp_ops'), table.createdAt.desc().nullsFirst().op('timestamp_ops')),
+    index('courier_message_dispatches_nid_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.messageId],
+        foreignColumns: [courierMessages.id],
+        name: 'courier_message_dispatches_message_id_fk',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'courier_message_dispatches_nid_fk',
+    }).onDelete('cascade'),
+]);
+
+export const sessionTokenExchanges = pgTable('session_token_exchanges', {
+    id: uuid().primaryKey().notNull(),
+    nid: uuid().notNull(),
+    flowId: uuid('flow_id').notNull(),
+    sessionId: uuid('session_id'),
+    initCode: varchar('init_code', { length: 64 }).notNull(),
+    returnToCode: varchar('return_to_code', { length: 64 }).notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+}, (table) => [
+    index('session_token_exchanges_nid_code_idx').using('btree', table.initCode.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('text_ops')),
+    index('session_token_exchanges_nid_flow_id_idx').using('btree', table.flowId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+]);
+
+export const identityLoginCodes = pgTable('identity_login_codes', {
+    id: uuid().primaryKey().notNull(),
+    code: varchar({ length: 64 }).notNull(),
+    address: varchar({ length: 255 }).notNull(),
+    addressType: char('address_type', { length: 36 }).notNull(),
+    usedAt: timestamp('used_at', { mode: 'string' }),
+    expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    selfserviceLoginFlowId: uuid('selfservice_login_flow_id').notNull(),
+    identityId: uuid('identity_id').notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    nid: uuid().notNull(),
+}, (table) => [
+    index('identity_login_codes_flow_id_idx').using('btree', table.selfserviceLoginFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_login_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_login_codes_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops')),
+    index('identity_login_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceLoginFlowId.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.selfserviceLoginFlowId],
+        foreignColumns: [selfserviceLoginFlows.id],
+        name: 'identity_login_codes_selfservice_login_flows_id_fk',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_login_codes_networks_id_fk',
+    }).onUpdate('restrict').onDelete('cascade'),
+    foreignKey({
+        columns: [table.identityId],
+        foreignColumns: [identities.id],
+        name: 'identity_login_codes_identity_id_fk',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
+
+export const identityRegistrationCodes = pgTable('identity_registration_codes', {
+    id: uuid().primaryKey().notNull(),
+    code: varchar({ length: 64 }).notNull(),
+    address: varchar({ length: 255 }).notNull(),
+    addressType: char('address_type', { length: 36 }).notNull(),
+    usedAt: timestamp('used_at', { mode: 'string' }),
+    expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    selfserviceRegistrationFlowId: uuid('selfservice_registration_flow_id').notNull(),
+    createdAt: timestamp('created_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    updatedAt: timestamp('updated_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    nid: uuid().notNull(),
+}, (table) => [
+    index('identity_registration_codes_flow_id_idx').using('btree', table.selfserviceRegistrationFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_registration_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_registration_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceRegistrationFlowId.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.selfserviceRegistrationFlowId],
+        foreignColumns: [selfserviceRegistrationFlows.id],
+        name: 'identity_registration_codes_selfservice_registration_flows_id_f',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_registration_codes_networks_id_fk',
+    }).onUpdate('restrict').onDelete('cascade'),
+]);
-- 
2.45.3


From 8aa942be2d4c7f1b8bfa9cd7a0753cceaa1b8fd2 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 10:20:02 +0100
Subject: [PATCH 47/66] NORY-41: add database url to dashboard's .env.example

---
 dashboard/.env.example | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dashboard/.env.example b/dashboard/.env.example
index 0890e33..fbb1831 100644
--- a/dashboard/.env.example
+++ b/dashboard/.env.example
@@ -1,4 +1,6 @@
 
+DATABASE_URL=postgresql://postgres:postgres@localhost:5432/kratos
+
 ORY_KRATOS_ADMIN_URL=http://localhost:4434
 ORY_HYDRA_ADMIN_URL=http://localhost:4445
 
-- 
2.45.3


From 21dbd4cb05808015dde9ac3dcbf59102b0cd727b Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 10:52:05 +0100
Subject: [PATCH 48/66] NORY-41: implement drizzle query function

---
 dashboard/src/lib/action/identity.ts | 39 +++++++++++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/dashboard/src/lib/action/identity.ts b/dashboard/src/lib/action/identity.ts
index 7497f3c..9e1054c 100644
--- a/dashboard/src/lib/action/identity.ts
+++ b/dashboard/src/lib/action/identity.ts
@@ -2,7 +2,44 @@
 
 import { getIdentityApi } from '@/ory/sdk/server';
 import { revalidatePath } from 'next/cache';
-import { DeleteIdentityCredentialsTypeEnum, UpdateIdentityBody } from '@ory/client';
+import {
+    DeleteIdentityCredentialsTypeEnum,
+    Identity,
+    RecoveryIdentityAddress,
+    UpdateIdentityBody,
+    VerifiableIdentityAddress,
+} from '@ory/client';
+import { getDB } from '@/db';
+import { identities, identityRecoveryAddresses, identityVerifiableAddresses } from '@/db/schema';
+import { eq, ilike, or, sql } from 'drizzle-orm';
+
+interface QueryIdentitiesProps {
+    page: number,
+    pageSize?: number,
+    query?: string,
+}
+
+export async function queryIdentities({ page, pageSize, query }: QueryIdentitiesProps) {
+
+    const db = await getDB();
+    const results = await db.select()
+        .from(identities)
+        .leftJoin(identityVerifiableAddresses, eq(identities.id, identityVerifiableAddresses.identityId))
+        .leftJoin(identityRecoveryAddresses, eq(identities.id, identityRecoveryAddresses.identityId))
+        .where(or(
+            sql`${identities.traits}::text ILIKE
+            ${`%${query}%`}`,
+            ilike(identityVerifiableAddresses.value, `%${query}%`),
+        ));
+
+    return results.map((it) => {
+        const typed = it.identities as unknown as Identity;
+        typed.verifiable_addresses = [it.identity_verifiable_addresses] as unknown as VerifiableIdentityAddress[];
+        typed.recovery_addresses = [it.identity_verifiable_addresses] as unknown as RecoveryIdentityAddress[];
+        return typed;
+    });
+}
+
 
 interface UpdatedIdentityProps {
     id: string;
-- 
2.45.3


From 7df37e400188a3e66e096ac5d3764196b1b8f774 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 10:53:08 +0100
Subject: [PATCH 49/66] NORY-41: apply new query and temporarily remove
 pagination

---
 .../src/app/(inside)/user/data-table.tsx      | 97 +++++--------------
 dashboard/src/app/(inside)/user/page.tsx      | 57 ++---------
 2 files changed, 29 insertions(+), 125 deletions(-)

diff --git a/dashboard/src/app/(inside)/user/data-table.tsx b/dashboard/src/app/(inside)/user/data-table.tsx
index 8f4e3ac..510ee6c 100644
--- a/dashboard/src/app/(inside)/user/data-table.tsx
+++ b/dashboard/src/app/(inside)/user/data-table.tsx
@@ -4,9 +4,7 @@ import { ColumnDef } from '@tanstack/react-table';
 import { Identity } from '@ory/client';
 import { DataTable } from '@/components/ui/data-table';
 import { CircleCheck, CircleX, Copy, MoreHorizontal, Trash, UserCheck, UserMinus, UserPen, UserX } from 'lucide-react';
-import React, { useEffect, useRef, useState } from 'react';
-import { FetchIdentityPageProps } from '@/app/(inside)/user/page';
-import { Spinner } from '@/components/ui/spinner';
+import React, { useEffect, useState } from 'react';
 import {
     DropdownMenu,
     DropdownMenuContent,
@@ -33,13 +31,11 @@ import { Tooltip, TooltipContent, TooltipTrigger } from '@/components/ui/tooltip
 
 interface IdentityDataTableProps {
     data: Identity[];
-    pageSize: number;
-    pageToken: string | undefined;
+    page: number;
     query: string;
-    fetchIdentityPage: (props: FetchIdentityPageProps) => Promise<{ data: Identity[], tokens: Map<string, string> }>;
 }
 
-export function IdentityDataTable({ data, pageSize, pageToken, query, fetchIdentityPage }: IdentityDataTableProps) {
+export function IdentityDataTable({ data, page, query }: IdentityDataTableProps) {
 
     const columns: ColumnDef<Identity>[] = [
         {
@@ -81,27 +77,24 @@ export function IdentityDataTable({ data, pageSize, pageToken, query, fetchIdent
                     return (
                         <div className="flex flex-row space-x-2 items-center">
                             <span>{email.value}</span>
-                            {
-                                email.verified ?
-                                    <Tooltip>
-                                        <TooltipTrigger>
-                                            <CircleCheck/>
-                                        </TooltipTrigger>
-                                        <TooltipContent>
-                                            <span>This email was confirmed at </span>
-                                            {new Date(email.verified_at!!).toLocaleString()}
-                                        </TooltipContent>
-                                    </Tooltip>
-                                    :
-                                    <Tooltip>
-                                        <TooltipTrigger>
-                                            <CircleX/>
-                                        </TooltipTrigger>
-                                        <TooltipContent>
-                                            This email is not confirmed yet
-                                        </TooltipContent>
-                                    </Tooltip>
-                            }
+                            <Tooltip>
+                                <TooltipTrigger>
+                                    {
+                                        email.verified ? <CircleCheck/> : <CircleX/>
+                                    }
+                                </TooltipTrigger>
+                                <TooltipContent>
+                                    {
+                                        email.verified ?
+                                            <>
+                                                <span>This email was confirmed at </span>
+                                                {new Date(email.verified_at!!).toLocaleString()}
+                                            </>
+                                            :
+                                            <p>This email is not confirmed yet</p>
+                                    }
+                                </TooltipContent>
+                            </Tooltip>
                         </div>
                     );
                 }
@@ -189,49 +182,10 @@ export function IdentityDataTable({ data, pageSize, pageToken, query, fetchIdent
     ];
 
     const [items, setItems] = useState<Identity[]>(data);
-    const [nextToken, setNextToken] = useState<string | undefined>(pageToken);
 
-    // react on changes from ssr (query params)
     useEffect(() => {
         setItems(data);
-        setNextToken(pageToken);
-    }, [data, pageSize, pageToken, query]);
-
-    // infinite scroll handling
-    const infiniteScrollSensor = useRef(null);
-    useEffect(() => {
-        const observer = new IntersectionObserver(
-            (entries) => {
-                if (entries[0].isIntersecting) {
-                    fetchMore();
-                }
-            },
-            { threshold: 0.5 }, // Adjust threshold as needed
-        );
-
-        if (infiniteScrollSensor.current) {
-            observer.observe(infiniteScrollSensor.current);
-        }
-
-        return () => {
-            if (infiniteScrollSensor.current) {
-                observer.unobserve(infiniteScrollSensor.current);
-            }
-        };
-    }, [items]);
-
-    const fetchMore = async () => {
-        if (!nextToken) return;
-
-        const response = await fetchIdentityPage({
-            pageSize: pageSize,
-            pageToken: nextToken,
-            query: query,
-        });
-
-        setItems([...items, ...response.data]);
-        setNextToken(response.tokens.get('next') ?? undefined);
-    };
+    }, [data]);
 
     // quick actions
     const [currentIdentity, setCurrentIdentity] = useState<Identity | undefined>(undefined);
@@ -341,13 +295,6 @@ export function IdentityDataTable({ data, pageSize, pageToken, query, fetchIdent
                     </>
                 )
             }
-            {
-                nextToken && (
-                    <div className="flex w-full justify-center">
-                        <Spinner ref={infiniteScrollSensor} className="h-10"/>
-                    </div>
-                )
-            }
         </>
     );
 }
diff --git a/dashboard/src/app/(inside)/user/page.tsx b/dashboard/src/app/(inside)/user/page.tsx
index f02c636..c1acd7e 100644
--- a/dashboard/src/app/(inside)/user/page.tsx
+++ b/dashboard/src/app/(inside)/user/page.tsx
@@ -1,49 +1,7 @@
 import React from 'react';
 import { IdentityDataTable } from '@/app/(inside)/user/data-table';
-import { getIdentityApi } from '@/ory/sdk/server';
 import { SearchInput } from '@/components/search-input';
-
-export interface FetchIdentityPageProps {
-    pageSize: number;
-    pageToken: string;
-    query: string;
-}
-
-async function fetchIdentityPage({ pageSize, pageToken, query }: FetchIdentityPageProps) {
-    'use server';
-
-    const identityApi = await getIdentityApi();
-    const response = await identityApi.listIdentities({
-        pageSize: pageSize,
-        pageToken: pageToken,
-        previewCredentialsIdentifierSimilar: query,
-    });
-
-    return {
-        data: response.data,
-        tokens: parseTokens(response.headers.link),
-    };
-}
-
-function parseTokens(link: string) {
-
-    const parsed = link.split(',').map((it) => {
-        const startRel = it.lastIndexOf('rel="');
-        const endRel = it.lastIndexOf('"');
-        const rel = it.slice(startRel, endRel);
-
-        const startToken = it.lastIndexOf('page_token=');
-        const endToken = it.lastIndexOf('&');
-        const token = it.slice(startToken, endToken);
-
-        return [rel, token];
-    });
-
-    return new Map(parsed.map(obj => [
-        obj[0].replace('rel="', ''),
-        obj[1].replace('page_token=', ''),
-    ]));
-}
+import { queryIdentities } from '@/lib/action/identity';
 
 export default async function UserPage(
     {
@@ -54,12 +12,13 @@ export default async function UserPage(
 ) {
 
     const params = await searchParams;
+
+    const page = params.page ? Number(params.page) : 1;
     const query = params.query ? params.query as string : '';
 
     let pageSize = 250;
-    let pageToken: string = '00000000-0000-0000-0000-000000000000';
 
-    const initialFetch = await fetchIdentityPage({ pageSize, pageToken, query: query });
+    const initialData = await queryIdentities({ page, pageSize, query });
 
     return (
         <div className="space-y-4">
@@ -72,11 +31,9 @@ export default async function UserPage(
             <div className="space-y-2">
                 <SearchInput queryParamKey="query" placeholder="Search for identifiers (Email, Username...)"/>
                 <IdentityDataTable
-                    data={initialFetch.data}
-                    pageSize={pageSize}
-                    pageToken={initialFetch.tokens.get('next')}
-                    query={query}
-                    fetchIdentityPage={fetchIdentityPage}/>
+                    data={initialData}
+                    page={page}
+                    query={query}/>
             </div>
         </div>
     );
-- 
2.45.3


From 19e68b89297a50ed2faf98f2427271a33bdaa4aa Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 11:02:25 +0100
Subject: [PATCH 50/66] NORY-41: add shadcn-ui pagination component

---
 dashboard/bun.lockb                        | Bin 269452 -> 270420 bytes
 dashboard/package.json                     |   2 +-
 dashboard/src/components/ui/pagination.tsx | 117 +++++++++++++++++++++
 3 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 dashboard/src/components/ui/pagination.tsx

diff --git a/dashboard/bun.lockb b/dashboard/bun.lockb
index 5fcc46ea3c3bd8011de21e746ae83543666ec38c..457965a40f7a0aaced242625b14554add2363733 100755
GIT binary patch
delta 28554
zcmeHwd016d|NXh=a+PbTprRm{l0zzjTo5h_g65p_td#>Q3MwMvfFq!yIHh>h?JPJC
zIpBomh-R6VMyaWdR=%mFg_Tp&Z>@9o0rI8Z_xn8G@ALbo`><I1v-UjibI;*0|FGMo
zlWvOw>Rqh*;=(~IwlA4o)jee0fhqUu+;;mg%q1%K{IbC>&bhyI+MCr~6n>Uu_O7nJ
zIX@>k%$~B}q9~OVCAG;bisA!a1=|ap3ibxuhAE00cm!+@a940ua3gRvaI07&{ta+N
z*wf+^<r(nT;Bw$mV8-tYX8Z@k6~zv2JVH^PRg@P~m%>5euJm{j0jt2if&`h+5ikp~
z4$J~Rhm0$OOMyMXx3uUoFEl=tU}Sd~%+&ggR+KW}__+8O{~?2vPO!_v_DwXxMJG)h
zHF!ka*lk)~nJVr45X&9DqsPRI9UB)j#uGLxV*#@gi<1nF84@=(E@4#Cb7K{yEcEHn
zS-HUp2_xcS6y;~l_n9gw8^-BXOZ^^9-<YI9<KjjRQMx4?HH!eV26ZI6Nq#cH(7%>^
z5zHn#0%jL&k*rBhkvu|jZ-Y}(TS%dyWFIiAW0(A3ykUPOIUigB{wE~wl)Osv9LY;C
zb{H-uX=L0eG(pI8MX3$D3ivtj<23SMC3Q9&%<wZX`>w%Eqwn$&ioLV`d80R~rW?I9
zBxcY!j58%3?a9v>#N!~`1+D^K31$mS0JBB!X)B(sZof9$ur6qM&o)d+nq!QYVKR*C
zT%!!XLdQT$JqVk;4a~l4InOA|@Ff3<(eWdd=rO}aM~_L088$LuQ1r+oC49c&A2)1N
z!Wi^zOcF*1_#3H54@axuGkbwPAyQJ4;9w!!p#U6e<Hp4K4@ZUiNIM+N!PF4Ug4C3J
zeWB3^`CvAVCv*<{a$pW&7s>vaMs-KVj332}Yr>|#o6g=!YE?Lxz>t`j(f)Bs%9B(h
zK!Ij2SKWR@Gm_n-Im%T@*@M1hCNW8g<6_24R0hXJj~szSqn8?mjEzq6A38F6SQ66k
zMYuUBM&<Sk!@t>bqY_Rq^Nf!h6&D|uG<JAW!l)3Wvl`(%p|4(HG)4iK;pTze6(uEg
z`%0q#i@^-oew8t{rom<_4oet41nDT#WyIO5jqaQTX7`1zG2+(;vo!}p=TJ$Ci60*`
zMo|``01THV3w&{{5x!403y`9u?uUcjG&Et1e@yh?Sg$N2K!<h4Ec|f2vCy@X;Z|-i
zW~1Lmqb7$Dp7G<7{Kv!$i%ISUn>F-?KgVbpFlw4=k>M92K3m+0^eWVXW6EYDqkn-p
zs}^oCA{Kzzuit35%U4f{N3yggLFHmF7|eS11amaC1T&jsC^q%$+l}@cfOzz;f$XUN
z1b-IKF71c#XRe=utAfvhnf_KV(_0L#%#O0`GK6#pY|sf{Cfv*jkQxYPeQSZ)5oN$^
zm*0>f!?)RE=yzbVBA38OICU48;Z}oLklA1sV2tEJU^jM@0}d`CUSN)t1YtyY6<iUv
zxp;)78sUZ{3?4fsZd6Pw_*a3y+W{k-12#uiB`|lcQeal(*JVb*=7QNlQ^72FJlHJ-
zj<M0BqX&(QQDSn906pQsf^<iQHNd67USRF8qOfDnA5xU+;K{HV&Rh-WLT3xz0W;n%
zFblE_><O+e(>aGsY40nA_Gh2%gHQ#$23#53_PCK@IG81^dBTVgAZ>3jTc#|SHH=P<
z@gIyu?2luH{WF+dF&^nLoaK~}{;fPC-7zsq2_whHDEWD4e+C?b2{IN-%4q~(f>~fj
zbiQeHMFwn^c(mj>iqTSA&lm~2zGZMMn0@_QZ=(Qj!!}l-Kktx5JEN@e|I*g@Ki?Ts
z#v3L6tF3VfYREw~6U<rg^j=?76Qk??#})aDP5ysglmAc=bB~{juHzsTm-Xoxo;n{6
z_E8d;9xJXGHHk?Y96d66NX&fL9E8bWw#3zsjCmb=RePh-b85qD+Vx5SYVB+L%6Np@
z-6l`{_~NiiZ*On&$_*v`{H!JWnmzYj4_j-*vuFi=PWv-M6{T096%DJ4ZspW>+Hzp^
z(C!9>+dYOUN~EdVyTfV=OVtp{z6w@1!w>1*h1JLKgVh&jNalr*uzrHoNw*wLo%YRf
zg=xaC{BT8SX{3TQyTf7*7A>a<a)8AgRIMP$Y5xOO6Wz*b=2Tma(1wqXw67guh%Q>9
z(`mmdEktkVv{x8uR8iF&4yP>^R;0GGS-5>OTs;c2d?G^`&C(@aQC>3qP`H(_Sa780
z=Tu!rX~Q>1xr{=p+Rmd9bhKhCsSyd<@QIP?gamE-#7O)53B_wvX|!2D$HFknXl?kU
zNXtfT+oUM_$M9hrSu_W-YM5xoVnvc*g~3nJ6306&JG5<+qijDx3)1`>hui9mfv<MA
zNw~c~Tr4iC*wkq`q-~oLW&Z)1EOe;T9+_mMYu6lTk}O!Q5WbY=Xyvrr)V58Hvipry
zlorrjv>b=i&f{h~GlV@CRwGyn)3<*Mt1&E9OGL<8<BXK8T242oI(D2^KPA$>8)7pf
zu>f=#ETcP7DYe^p?M_OhEiM`5)9$8(+j8ORpu4OSO;_ha*Q!F-H-)a?NvN-OcV>hO
z9BuWeX9`_qC!1Q&Lf4u?*Udtg{}eOaxI))4xLO-U!Ni1XdW4JNKsgr{x-P@jQV-@e
z&2;rEbY&O1ZW^w%2v@AD9nl`;HAkS+a#V|(6=i>Ux}u<uII7Sk@51U?X!*`ChP;bb
zfC=y#EOsTDxP{a5iMDNal)ddtMd=C+T^{JPuYko#fe@p^w785Yd#!XuiGZT$sSkt|
z1Pk+HywkoIRs$n$kkfKpi<=W=D?Lk5I_s0Y7hGHfjJdQK7W=N0p3Wm!Ox3D68aZu^
zW-Cglwi5$zI9wbc(EXkEwXgzVmDU^)PWx?GM(-E23UkdcXFbPv0xXVi%xpBl7HMH7
zL^*Ar!)m1YXGgeTcMH_w$A_ye=4f~3N7|-Az!Yv6Za)eahZ)wFHcq?uT(g<Dvc<uo
zADRT?|CF?hN~!a3B@92k>1`chHPLp~54SIcD-=5B09K*%u#D27gH-E$ZTP}SwdH(m
z`@%?j%6y~3HhqQKCoQ{H5bU)70E?ZW`>8D#XxkS>+OroZ%Bv8KMe{dUY-2_5-;S>t
zO8{CA3!DavZK?OY?QQz8_V%(1&54E{SGz9MhA)n^XF_BxOKXW3C||>3_aJA~xyB-M
z&7t)&tVlgew$*Z2#_&K#S}tj~wJ3YjOrxVPq@tYmbXb9Ucn-k>u#E5+K(+!}`e5;2
zY~+EKoZ_?(gT?m4pljn)*DThC&x*8tz#y!F?OBZrR=hLZ-V!bbL~9HTbCrfoU%cOf
z#c~=w<+8-EO6h(t!eWo;A#IajVfdlnj>u5R_q8xr$_RvEgvF}iQgh^U3rc|15`Gw&
zjhyy<u$Y{Y)wi&Q!?J3LQCw`}Rzz9uYui>tsU4PUcUDB&W-Zq%;taQ)gbNi354Syn
z3#+kzxV`=gW9QS?aoY}9SUwI#xWd7~fCdW1j9IBKT-Z_%z{P6n`;F~KSbg+l`mMqe
zXoPR*v~7dcMcdgX-2NCYb_bG2$?L5)Q^lrXTM4U^7LR#&3obdZ(H+g#n0atGr@-P+
zvFJ^C0#>g=%VVuE=CC0&cG}y)GE(6zp9ia@<{ubtxvs^ni&EpVwe9O7ZKtzYL)P5B
z-e^YbQcay|^Yz;BtVml5#2#9FgK+y@xL!4LvbDoynGtO_T-|h?rE9d&tPw2RC|C#;
z7;fJW7yHPl_jkoZ+3RdFR~Du)3f4=7ArHZl?T+;B!-`~KZGoG)#jsq9;p$<8$H;g@
zy)gE=EoRD&;bE>YBH(2#wa%@D7M8jsSd9w(wiLH)AHxdO;v>Rs?%OzDkiFV*n^u2w
zq%8|VFYRtZgex2^^=uQdR5sae?&Dk?XTmbNC}*(Kb`Mq;%|9aC9=XHVy)kqmowgaU
zdg)Dd4KAa~93mB8FN}?W6bGw=-dhLYGP(mpM|Iz+)!!CrAH36SJI<1wu#A>Td<EyH
zU1p)Uw!aFCV*^WMxYM#$i`yP$`wChQy$H_Tg-Zx_r4(4kh~o}-0#<9pv~sbx+4dkE
zy&t;6WrX6guff97(lFe15iX>P0ai1|h^fyZdmJqG6uM(^m@5op5V6Hd?=>xE*cVn?
zy=`IHvSIbt3;73JeN5fndtYI4eoo5<ZQHIW`+aCZdQlUzoVHr~8S`#HxP3ZY9E`>y
z{st`BKTVvrng=)uS=>apx)|wW<;;UM$grk3)tU#j?Rz5a!w%xxJVV6DT@5P|7Ip&^
z`#LPPuu)r|T;m{yB^?7~G^|kg=|^G9X06`dC>-D7_C~3V4r$x>M%sc8qt4pSy*O3D
z)n9jcyupT~76(^ry6n5*>V$+`^yTC?ShAy9IMt>{^rW;S`r3nNU%_QWt9MjUUPd&O
z2IYPmR(DwXsm5OQm@)jYi#2wtJ&tL24n$hAw0Z}l?6Z#>(a>%Uot7Kgwu4b>_zCUK
z!AScOTuZaI7!~cD_A9VhEPWBR*E(rT4r4oxh1D2-DDpw4JzM(WNQx1A6BehavE};a
zY1<D)+MAs+`-fv=8LU_I=!rOj6=-pXqwE2v6{RV(@>&j#sUu)Df#s&<ba&b}!7^rM
z&K{@jHY}W0!y{bZEL<mooVKN~`snNPUAhoi-w4%KXSCr*A}uGhZAYSP)!#xF@|dJf
zdP}Q+G}8V71eO;4jpIVOw+mNktmPeGVQV=SW$CQ>=S8@{?5N#68g8p`)^x=ey51;s
zm3~K2+Uw!E!PQQ8ttxbVUFh;ZXZnsWbe$-4xt=$DyB4}u!qrAk??$1k?z^Uzpu6Ia
zN4UU&%ODi=mqJ&w_e?F_blK0r)k3d3deK()0*9-A({NjVxWcrZr&;g#w<BC&cGUb&
zhueZKny!>W*Sm!-ulHGRh8qG`JKeRj(Dk6u6_s!LW)!;e3td$|FntFXx?YE?jh^0*
zg{~$anp&Ff+WBUL3mmQVU}Z0vu5N`cQRw=_bg7QZTK#t-ZJRIalgcmL@}0KrohY^b
z746PDxN^E;uDt~q*U#eOo(qnC-d0<Fq-{SJsm}gLyK^qm@{LySe3UKns=hm)$KnJR
z*9QF*iHpG7=cDX*p)o$@jK9;?^cutBG+|4F>m~gpb{;OyKYdBFmA%doJfU@kD-b%y
zGs=-h-ALQtX*sj+_Io4jDON>M>Z^)^AEg0)*}x8PS#Tsp$<$j&y$kpm*sp*qgA>7}
z!O373@DwmVWTu}2X8f683pic!EEQjs@dHO8Gl97>z&tP$UJPcCCHPeVyczr~c(2s=
zgUi4^4z`2e1~a3xU>4v!m>)9j3)26hT2t4Ri&A)B2K*CiYpzz&%b72Ii!+nEBx7He
zd_{&Mvlt&qyEs$73Z3ykmf=2;;mDrQf08!XXs2QVy#Ey7|JXM2FJ7YmIzx68t62wB
zht++GS;@LmC)4RCZ8BS`feRd}*7Um35e=nxNzCAZ@Mn-<8IDZ75x5k%iPTGC7AHdb
zlNqn6<VdUR2sreC)<y;-Gh#bwlNs?PX_INUmo}Mp2Wb~)N}Z*D7ceJ84;ik9Rdz&?
zU?kL21}KSHu-?+2%#8a;yEwCD`b(Y6cmrklXsJj0n2wTI`}E@~ob1XF=}TsIF_MQ$
z9wz<C^p6EI-f(G;kp5(@G~>aQz;nTDkJqGs2|P$oa3KOP%wqgv2AYgOrgNFJ$@CY}
zCeyi6+GJ+97R>h92zJ$uePUEIM}{KPxnFWFH~{udFc-c%VCM3z<nO@zkg4C5Hkr8<
zfEn)rm|l-1{|cr*ex>N`rNUynxkxSrW`d>lPzJNuWnsI5J-}Sqp9eEY9sFYax-|X+
zGu?U!N3QRJaY%=s6dFkO2jfR^@RwwU3xds+yfK(|6EJHS1!fIjl-vr8AElk-j*`1d
z?kTx%3LO0O1v9~yrA?;&3YazP2WAEX!T3>zNPVc(<0OxioFI9O<Z+Ud!EC`)Fw;$$
z4hMdeS@^{aXG_iiGsAh(o)5;4vPjyQ(q0N?*Q}D94d$mfGu`#jnc+t1FFEB;0_VtX
zna}|+OL|O3JRu_%XC{17`kw-`E8dp;E|~uBNxmTU55fG9d5=-~3J%uvUtmV~Mg}0$
z`K`478?K1(zau<r%F=Mtcoxj`%S*1nQsP6_*Fg_B%0s9Hre8hD0bn+5BQVPl24=!d
zBu7Y&1oKmzd7kMZ^}l0%9saujO!)uM-`EFA%78WPg&I@=$IF`h@3WEr|6vBkdNEd3
zpg6NjlT+Zq!7*6|D2X{Jr@)^)RfZ!oUMiRi(rl@h#Eh3A{h#K2H7+#z=k$yQ!snmU
zv)&AUeL9zu<*x(i@k=~i|8sgaPSKo;JT>z}rd|BhOr17^{BwF{YbeS;r)PaQ{BwH#
z=k)x~>G_}2bFstnKd0ya&!^{R4{OJyv@FxU!8fiU)0;j1&|~DSd*8j)@X}ik+^UXW
zJ+1WEh>topSlMP}y@P$<Xmb6>%ik{hWc;U%t5;eX{nCdUPd_R@U}yU7CpZIGl;6w$
z4t{~>0r_zmd^suG?Snd3ZH{JJ=PYW`YeB?~9*xtV^gh!yGSprz^z4_<x{b-0Gv8~-
z`s_E~Rpax&pVhUj_vWLYk6u-|#iC<PzDyFoy=w6kF|S(MTk46NS1rB8p?;RK!lNGq
zKM~yzLTrBsXDIj!_x=z(2S6CtA3{TsN8#)MOF2<zfaN8NLnID>kUS6}E)PJ6VBtFu
zLfvQx=>s8zh<plHDTG8raEi2O2pNMQ+@#Q0I0iuo8w_FTAPC{&28CM`S`CKKRAdf@
zuzU!FpD9F%=0hN~je)Rf2!!UMfWjjRJ!2rW5ZN&hwho108w#P7=sFZapJ5OVP-r78
z!yvfELWmg#p`FN~aEO9OEQIzVIu=4~9E39zItuqV2%f_sjEjTNS>#bTOQH5~2wg?u
za0tmGAY7)<UHFcGP<JGR^brtxihK%JDTIuK&|9R9#IKBa2sbJ86^?jIZ_CSK4(Szf
z10-&Zf_JM?@a`uvM?vo|Zj%Ox<_VyIVg)H$6p#jqcB4UqMK)=Ocua~BT@yh=#WvC~
zVHpF86@5u@B8N0w*pombL^NrnI82Hc?qfltL>wtW<dH@TuW_J6kw_XN-XSFk-|;AF
z-3hGgcocP<$ft0XLdXON6GYks)-{=Rr7%%Ak|Bgmgs?Oj!enuS!YvA|CPJ7hGABY<
zJ_*9l6jDU<Nf6pjhOlW8gfvk=;Sq(NlOfCy*^?n`odUr&1wy*$It4<XsSplOm@O<*
zA-GP15Hl6R9Fare5CxBE5ax;KX%J#lAe^DFK)9zs@Jxj;E(O9ukw@Vyh1#hQGDTu4
zgyb{`mnmq%Hw{AF=@8P>AS@O66s}STnGQjSwCNBsW<a<}VTEwafDkql!qOQKR*4%F
zZc%786T%viITOP2bO=9FSSOmNLufk-!lrZx*`k2LBMLodLD(R&XF=FH8-i^%giWIB
zYzTcaARM5uMOZQ*xXytPlL29y$f0nEg2x;PJ4Eyx2(fb^oT0E&xX*>)IS<0Pxe#`X
zJPKzi)Sd?+M<mXJkUSs4WeWR*?|cY#7eGj#58;5wr*M@*$N~ttB5eVLjMpICq;Oa`
zUV{*}5W>>eARG}lDBPmZY9WMUB6A^x<%=NvOyPuRz6e6wObDA6LC6yY6dqCNnF-;v
z$j*eYbuk3nVhCqM*ToR}Xb=uicw1OB2(C*Y#Ap!S5jhkNQSev-;k<}m0wH!OgfkT0
z6YfhPcrJr5ZYhL|B9FpZ3bmI($QOyrAS4S2mnnQGd<BHM%ORu-2$w}Zg{u@omP7bR
zq%DV#u>!(P3fF{V1%$Ab5SFfh@Ugf-;TDBfD<OO;GFL)az6!$66h0TtS3zjI8p5Vk
z5N?P93XdrCTn*tXk-Zwi)-@1pYarYdUDrV9vlhYu3f~CJS_rP|AjGVNa9iY1I7Go?
z9fWU1^g0N!SrE=pxGUVVAb4g&7?%a%dyz-sEQQ+H5DG+MHiYE$5H3^rQTVQhP<I1_
z^z{&a7WoveQV7`q;h{*|03l-|gqsu|3&%zXVVfW<-3Z|qaf8Aw3avIl_)TPPg0Oru
zgr6z=A)0T7&~^)iO`9$4Rf{U_Z?^OjkErzAf*@9ry#+zGZiQgm3c)72ZiUci8-xQC
zN(;+22(H^9#B76L7daFTQSjIf;TaLV9YX952xlmi74ADAc)kwTxE&D6i#!TvDb#))
zg1bn39YXR>2$v~T6uvtl)ZGOkeJ2DDkx$_&g^*nks))2*5HfZ{xJkiFICet_+XG?g
zZV2Au28CM`TJ3>QO=RwYusjFC&lIYQ<~b1B?uD=^2ZFCCpzw%7&%F?8itN1*w(f&q
z+Xtbx=(-O=pZyRHP<TOD_Cs(z03l{SgnA-}!XXMC2O#)~=mQX94?;LY!C$x^gy5MA
zVcbCo4MiS>vlMFQLU4%0TnNdBAY7&pEPM|^sCyVf`XLA*BA>!l3L%FfI7QlF2pMlc
zxJjY0aJ&H_><EOVZ$JnaHz?eq(CP?;rXuqQgylye{7fNAG(QTV?J)?OjzVZI3Mf3H
z(DN9C79#r?gssOR*p5SJCAuDm(B}k%0~Fc_%LxdsCn3a~fY46lP&h=v<0ORkBKjnR
z*gOblD0CF=d6wRmP9l!fS>%Dl*;DYYeG1-PMdB&w-NZYj?!xypsE3$H>M8O`y+pk?
zLA^y9sgJlu>MI;)KsZg1UJ*A)uZqTRf%=I|5{?q20iyZaARHw~(V~Eaqr_RzV3AG2
zQGygBy1s*K`kX`I4!ncH4HK4g&~cg|#fcmeP7~)rBSbU_rwLNLaDNws(*!9&<dJZi
zcn_2)5=l5skdlP&1<+VAku*-^lg5jB7eNz58Yx*^BTW>J_d%1y9MWWQgEU1n&Ie5u
znWSmrHYr6k{{RJV`ymRx=>rrzO%zagM4{)05N3$%4<T&51i^L*Lb~XBiFLiqx>A@e
zESDj;UV#vE8NwWqL*Wnwk1G)7iRdd3Vn2d#hQb2j{t*Pvs}RP01Yx1bqi~i&?W+(n
zMdDSIZ?SlXq~-cvv$Xfr_SCDZeNoTFrvGttZuT?kFpK!%E6YrZcJq&uw~F{5EpOXm
z$Kke;uzX_iqpuigS6$UM<8v>3WqD%JmC+9@uD0E&xJ#Ow{}nSqu-vN;Ep08f+4Jys
zT)8=SEUT=#`sS~eqh)05e;KihrT2lMba+N}wfW*HA-BR@E1Q25G<alO0RPsNH*8j1
z$zA)5+8~7`A5_M5fqoxM`DBr}G*^ujmFB5kQrzU_O<VZ!YKJ!__%IAV?WD%LUVL(d
zpO>V@yBt+@1>c-XjrRw=rPe`ed~l|=)H+Iy57pE)v=pV26nV4J{3^RMG=AmEuc?2A
zo1bn{<BjG=QtJt3q00fkNUfLDcnhxuz)x?fv9c|71<xwz8ZO!0A(+q1^o7VfTx@|u
zaPu=-M&`}L9#Z48Nz9l}544fm7^!(cD<icesqy|_y1bYiD>dfhk^+&<F%BZ{K(Uz{
z%bP<JWk4@zd}M>4Nm66ePm|hYsj=yKdzCH3hoqRF50Jxz@tG>MYH;t9TFNvjJ_m6v
zL*c`REf~2v@G9K=q=M<J0lW^dM$=_DU$`4E0zNaO_B`AkQZt{>stJvEOIb-it%WpF
z_-C3*xUBIi8JPpdA#1l<YIUF;MyXl)HBx&4Zajdhf7U`{r8uzgxT*eGFT>S?h38Ba
zhTi}UKT3Vz1aCM~+$00~!JP;2!^goGumNxiV7RSP^M`x2tlf5Kbn?**JXEL`V29Ki
z!p7r@3e$aEYIt-`c@to|JKd$|nh6I!Cs&Ec73%Y1`D^N>Al_Bv9ZBA8<h|BWKmsrt
zNCd_Jjerm!6mZ(a-i7L{#=dB}=Yg6)Euc2Qsl}=E0C)&+3Oxp%0Gv9%0>6oVi_{q@
z*WkPk@Od{r`*s3237i5>18)Lnfc?M$;2^-svJGIxS<#(<0G0zQfRzAyHw(xHIFUGU
z96$&V1~djRam0X3^;&J-NlgQ$12ce`KsqoB7zd08CWyqvYWtK}IOBlfzzAR@z&XS@
z(+%hj@X4bA03Qj80|J1K03Q_^1Plgv185rhfR9!A0eyj&fquYS(DwrSfc*fUh-wA2
z=CfP#AuIs+;8=Ztk0yKv+y(9dKLGcEAAz5N2f#z%5%3G}E5K)wl7Wc;Cw3|@6POKT
z0DL~;3h)td6}Sdm2R?NPR+KN`xB=_|INSFEoZ*{+t-yAGw{7Bq(ZCpSO;dX}y^jX}
z7~lhq?*Qk3eBcA%Lx9gK9>&m~3r+;M!g2NDV)d$sU!tB);SKI&fHQbFQs$#s4FG@O
zAe!U=&<5_dKqlM^fk3!9yMq8er?MJY1FQws0a<_p=>-E`Kvlp8s0KU-R0nDRzBW9b
z`aB#pf!m10M>^a9cfbym0iFToBBOc0d|&~<M@xPI^C6fGqF||7(~Hk=z6-nuTn18s
zG$2{{FH?h4_-qHCHscd`i%<nVy2ppORsm}OJ^;29;3HaxfWyEM;3#kmI0c*r&H(QL
z7l4bv`@jdlCEzk}1^5K`4EP-Q0=Qwt9~^uM$5+7Dz$U<gqQ8JbbpUfI?GE0Gg3SbY
z<NShf7wQWsd@`;P5CVh(VL)TxJ774Xi~z!cd$4~1D#4wOBt8J}V7O8jy&nOckB;33
zegr%brYhhK)Bv6bY67)@+5n%K=!>{lRi%Y;7-iwg`~t8ZiOmF}02knU1bz%WVI(9x
z1(*eJ599Mr%aBNhB7PTY>uPrq{~qu?@B>f){0QVBojB2IxmrDdI}0CRoQ0_G1AJ16
z8wQ@PR;nTBbHHJ^n;=R}i&(#0ZSB<=ak>Cqfo?!|peYb6?k-o`l=*>67Cvr!^;J2B
zZXONhL7oF-030biD2+q1V}V-me-_}eq7Q78Na+o34m1N;`=&qy;16))^aJVvZ0<U_
zc`MX#S6tTlW~mj${4BMSrM_@qug<dsh{W}3b#ZjPTFDlUpiRW(^=eI9V>la%uGwnE
zYGH5&16jy42pkCffe)&rIE4QOwYrxR65kkP${}!v0>L6?gW5)>o3lanmg(kiQ2lI?
z2;hk?0Mr-kEO$Aeyq;r9FF1PwU4T!JOJ{H=pd-*8V6|TaUIJPIEr51F8=w`?8fXi2
z0D1u30KV9W++Fe(r27ioeSyw!zYI<S##j__WTV<QB@*q=k<bVn3~*QBhzkTffjYoR
z__HtAPiujlz%hU)FmC01+tN|s0B{gk0W?N<0p1Vn1Ev6bfgM01{I-Lmd58&vu?@y%
zU=y$r$Obk5nLr!(bLdY5W&qQHG++{t3`_vV1N3JBStw>U8JG%;MEq&sRDkEmg}`iJ
z7LZ}VA?7tW<^%HpMw|=G0jMvKSOjLxi`SU7WDOZd0~P~IfhE8)U^%c7sDT2k0keQ~
zb1t)jS-?6bXalwaTO@XabAUa-E`ZJbIzXK^nN58N$OR4qZvaOCrZFCw90#8OYNPv@
z$MfKp(EGye3pcx`2L0Ig9M5dJ>JT{9IpuwTsz4RM3*cC&3^)*x$1o<qntMRI3jPSV
z0=x~J0+`-gz!~68;IwqV4?YK+1>Uis|1ZGtE^r=rPXZpwMc}fuKLF<g3`@TtWKNA?
z7?<HL0gP|@)9*uo1*X55rs;1K1pUvFn5DV~cO}%QBJi2iE5PjzxB+Gcj8h(VIp7i8
zEKFIrp9Rc9{R+)20M2HL9rzTQE4Vc9HQc3my>JtbC%}(@4K`cC1*`%V;49b)m`(c!
z@H_Au@C$GU_yV{Nm<9d>ZWiKWfCXTtp98GqZGhSh;1-bb4SxL#U?IK)7>EIwDcx)?
zmXvNYQ8p=UX7DsK18Qa=STSb)t<>4~>?*c2(oQMt$M0kSHYXE)2s{9O27Urq2)59D
zfTh0+u+{~@55V`pJ%E|BJDx6>Sy&c;nLh@ubN)ZwZ0t9dnk8mQi`T~VqsEqDIJ(Ud
zZMvC(Ij&e3wkQj3`ZKN-U3!6YlLkw}k!%KF1dapRW+qICVcGo8ATs@EQ|Gv0A=pL5
zb@n}5kzLDhYz4FX7&nEZ(Two4n=^raW|NtjaU_?LesmWP!&-CANR`aBf|q;;U>6VP
zjW8%k%D;)l12ID;$iT&QYOD<h?Rq3$3;s2MRj~H~4dC7YZU{~T2Y~AV{=hic+~C;q
z^;LW`VS3b+o+-ljb+uwgrcocDx1V%#6Ero(XBg&TMx|debmn7f%r8i!y{=YCX$qO^
zE7#QsARK4{@am0MPwW_8&4mI}5RGdq=V1t#$rNt_Cp4zTb()I>*I(Lg0jA#u;JV!k
z;HIFrH4|sTEx}BjkzNEh2e^1Q14jYO%<S~ynVS8<w&zIWDCN?|m5RfeqmmuYYj<AL
zhrl0y9jgDG+WVYqCCw8i%C*#7)Js}JnMrGa%OTTX0hl@GC^LS#kWUX7z2J=ym>#jf
zFkmR~63`cVdvIr<1HiA<Is!4k5Yc>>+Pxe*`xSu8^)ywi-=+3SnF04rRBk#r4dAyd
zAplRY)MrDR1<VA}r9b1$0p<ep0iK9=0DA!q_F`ZWun>3+SO8=K&GzCKK5j2^2%^y=
zUJ)s~)oLPZx9VrN^bZSgI077j;?iz)Kq*WAz<}UDVfhVb;0}A#8LpQ8jRG8v1A=lt
z+M~W?DQzUB<ksD*jtUWbuB(-C&%*JgIzmK#rcPIF!*Z+MQs-OMR<XHTzg4?faIbdZ
zeboy$F}K}UgGKAR>OspDG2ll?H^jsr)ifXTZI^GZ3Ow^@x@&FK(myC5I3N^l8z+wb
zp!)kd0x&Mjw`e+#mCill)A?-#b08Rero{>Md$qngCr$)>uX@_&#OdEwrG70sf3LPu
z?;A3`_k6DgnZcx819$DJ|A5jw5RHFO{Y>9TGZFcc&Q$fI#8lBd$WPBUklC7V?Yy;h
zZuu)$N{v=6=_Am{SiOvLw=~l-bIOe<P`mxPK@JqQMK0Q+n#FP}SNx=YXu)m35f9X0
z6?Y4=9;o%pluywALM_!ZL0o!(I`}0B*N5s*+_O%2sCs#uul!uNqD}05@9hmy$VLHr
zAy0`757l5F^WC4FC)8gTlE3?RSqmJW`;8X&A0kEHL{aAvczTj}nY=hjyheU*tT^=u
zIc*RZL#>rX)MJ$Ld(rQ)>J?(XFYB|<PORAxbgZ$9B`_c;H~@=<`PR(1!x38>m5TpY
zk<U)C15v%rcZucQ%-mYBN}Gp80rJJ?2oU-e&Y@UdQv+XIIUu)Gd9^5j`R2~`+olb_
z=UV%NA|Lw%5%5Iy3^m{N>FOTocgV8j-J%fY+d$8j?jl;>ia%B4(_(^{g1A2N1)`~^
zlzVOJ+*X?vg%~kG>_LbS^KE4HE7T3P%=;?4D1`Y^(m|DfwU@76=|Pdt77-n8tti}n
zQA=SW6ogqTmNpvdqHz3zvG=uT5AreJj8?Wv%iC*rjeol+0k>q4`U|RNzDsT7!1aGz
z$voV=D1`Y&)gbq&y>7hGZBUU<w`6evaYM{k-F^8(olomK6F$Zma0Ud2U?`h!wk&n?
ze#M^FO5@>!8OT|;MtJ{<?lRxLSHaTmlb>>jZP1600}F+6PIN|q&{C<!Yx9O)i`v`M
zKkTMz`4S5@7PG=P`t=%nZ(`p+JWeAjvgG^;OBHK>MU!_&+!_dZ_T3A2s&?rgP!u;Q
zRebQP+EQJTn(O(S+Q-7%=f7h#KS2z9d7oO@*0)-xYBSzZEnxv6P7XYmG;#8GjM{Q(
z;-}x$4nCe~`d=KTHZ1QtsCwqUJIFmSz!A_0JARsY^$+CU5FzljLF%Z-jURO!-pv~!
z8U=&~U_S{@6N?Zcv>if}M+mR8nf6c9_v}Cj406=H@U^BMZaGILEgZERK1iE&8<r+M
z`$G-#nSi)l5rRhU`|;ex*kK3}irS;3v(uI~uzGs0L;&2(NPR7PZ_nSRUhJu7uQ$)G
zr30*9A!p$41^*ivACJxHbk0@x4`l+M!3TF9Qk!-fJ+WH)sR;NWVJ?V|m+rKBg;tr4
zJsti{9PN8lP5b<H_@hS|GXy@h;nS;X+x+SU`_O!*4+{0GwZ1KB29g#x>RPLcRu*eD
zwZTj=#A5BBR!tXsE!H5*J#o`wy=}Q5E~-{9JfCq}wGLC0=7?@q>jlfN!q>&>rMk`)
z5iY2p`L5X=zJ1m|N&lmk%nWUGP$V#5%Xwn1i#13MpD&JsE#HU&%CpnNvo>pewf+JT
zX0z7#t6o5L%$Lqy%c%2v<SQ9=y&<q?p^X=a*K9~KU*y?P(CgykB2wKlg<C0WkdOJw
z*pubH+16&?kOIAcK>^r|Yi5f63}L=?Hu><+PFs_98~{ORNo-I?8lFDpduYR!`7iN3
zT>&jREzlSU2=N8d@ZO^t1F=`v^PQsI_H*~*KtMAb5&osE9W8sr<kET>mzK5$tI<ov
zxzcEqp3B7V<oIPG$Q3m)R$&_oH+7jvh2mqrva^5EkLMQNYdAo!Ju=5pAw^tpwR);c
zmx)`9`>XJ_qhU)4@p}N|N<wt8gB?Qb39x$DFydPYG1G4C;1h=V#i125zhd~}^ZN$r
zX$A-2s{K_VzO!3X)dV3%m9cvIn6H+NsI%4K_Tr*!gybN@+*l~Y`ZCCMwaBc9dhHkA
zm$CX;P6_X4tl>W9D{~KJPWk-BtO<({4Fi|0(QLUG^9(9HeTAq|1*My}LY#cY>WO5s
zYay8eky8$Jn6^@sdltTnSBlZ@Ru30M+%B3w3!nC@#Ao!8Y(xkU7adlckNJLF-?9bk
zAD60TOjkWuGuEWlVvjGXWxi?mhun-sD_n1e>D3D2qJW$mltp=rf{6ZQtyNVSOFZjk
z_0V&Y<?;;u>m1E@_U_$XO1tD}Jx?|qDuS~7S}ccva@Iy_=o&Gk97fS!r>B=E_)o<u
zxe5QRWiJZ%7tnBC>qM8D91iQm`{mID<~x8BR?NJ$@wt;XWC5KxvdXR*v`#$dX7vm;
z-&Xs6=y#S*=RIDMAvyon;YtDH==zL2&&n4Hrv9mt>?T=W*}Ea;dvMD&TXx5La`!$6
z&xwZ7WWFi)?vSr<KggKeK~E`&bNraN>xSaXKCoO8zU~+&cSN{5rjao|JS{(ouGJ6-
z%{Z`;)l(dGw^qeNQr|nEmB|v{vEE);;@JwQcdaaAKXB{tZm)<jb>|e-CNN7htAH8T
z3?V9`R-Wl+R~+xN?JF4qrR<d@2EKr_24snm)sR*^LUNzFRz(C<NFDmM42fYhAxi}K
zS}R+F&2gKaCEO}vxm+w0ubI-i-jCnasH8^;VH0c>I~$>9hehYgRxj_f2*;+~dOvw~
zpB28jdbl7?Q90p06+1BRd>$fP1%&(X&V;L9RqedHs0j9K@da`Wt&y$YdQVN;c)G%M
zmj&EMIE7J2Cwv&!R$=U+tW~X7N*}Cy?XpEcCB*H65bg-k=k-_b`;P2(Ne_W*i4f&K
z4j*x^inS4zh3qOt9m7ue9qHmJ!KR*&G13CP(Vh!8hz=fL*?;QF4I&kGsAZ#ZD!voF
z%hq)4=F2jBOd|8m)6aYvey6>bSyuPKSi-utQCwi$UT7FQieBl`{1(SIpTAoa*L=Hm
z)`~Kr)eq1AzR1TM`LZ0cFXW8!a6!Y!Wnpz?EDJKUcpnBT>UiE7$VFDlX4U`RG;40A
z#YQuSm)S~FHjDRt&^ksK4;v2ka@F+y>s3ad^;N7Pvc%^6;Tl%e$9x_4*_J0R<}Qrv
zRMdKAX^mND)}iGVvB(Q;YQB)$r*+!+TUXWUdb~hxrRFQU1D5;NyVLx6obfQoc)(O9
zZ4sY&afizi6{><|->M6@h=Em6t3KIcQdMgQ?{9E3f^#YB+%UJhZ@6%u<Jy1*Ef6=V
z8iPgOG2}{M4j!Y7m2Jq%EWAGGDs$5?T+&Y;YDUZHJBr>!9wMu@)dfd~KfH0K`m6EY
z=)WEBav_ongetqv=db&zc*mQ|m>JuwkK7cWlAqc-&EZ%m%MlQW1%q2_p}*OF=3;r}
zxuUUL7+Gd%*(I7)M<@MxSCp+~uD*K8wGc{<N^=@p<d!X~VGe7v<K&R^aKR#9ATn!M
zgMHfUG1lg?l^?zQ!~8GI{RC&7r<%g7gR#sO<}3#K%DSL9a_=!me&Gi2*Mrz^qxc=C
z12cv(r-Nm~6`THlvxoe-oc}T4f0wAabu;l|?Tn|fv9se~huuT(uS%u$9n)wW4;%Ir
zx%vIomL^v#rfF`IW@nk_GCdD3V*@`>*mWh(BGv7H*j(E<-2KgD^D*C6-}@Dd&ymk^
zXUJuwXa<`j$*7@uDwL-P=F%w?MgF^@79JQ>W6us!V{*lk7pxsHDsYMErOrJh?$yT@
z-Y3nt`1|)uyk&<(U|p+c$yaE&HV#zGm)mFNo<1G-yd#5`sSYO>z4KyfUHz0I>RSDL
z${aR!(Wft>-7MaR#b<S`HPp$6m(|0FHKO^LFV7$K+>a+NU#-=+C|&Ka=u{6EaC(Zo
zfU71}*0aW%wRtL?*{EAZEUDk@nwZ)9%fyFh=SBhgCTZj+X4c1a`BUEF14^=SRM`Zo
z%(jeK5gFyNNbtiE<UbZyEpu4B?}r|naa7##v#!UNUke&wMUq!4-sXQXxZC`dJ|Uee
zp}yEWg1PknAwF(^V_w<g!p$G?y^o9f{<wZI{|P{kk0;gj^9dV@2*HSeeJK36SnQ7x
zD6e149lY&v@x<R+zfAOT{hQd-e;+#00Vq(-6JiQ3oqWuHo8aNOra@)(y+}QM2QLVX
ziz!dlIL>)g$I@i}7Y@HFqqSGNPrRp>UJoqm7dko*cSz9>qGnWs>!X@_=^^wh(7&#E
zMxN-<5SLe3BBdcl(si+-p*6VTzgK*p_`IRj7k~a?2}A{CwY^I$liu_BqH`dw(>@lH
z0}<_(Si@+zY&#T)=J7m*I}<1<ruTP&7?1kouT&aiI>cOo|9)!9b-CD;l6jOePUAj*
zar{MBn_EqrJt8v5I#g{uLTnDgcM?x`)l<7!(K^K*EV|y<7L0Kti}Uwa3-Ut2+xez(
z8g3q-#*Q5J&`0)T;mO>rxw&uIuy2_MR%4&{uwgi$9)Texu1>`Y_@CA=WBdK{f*0gt
z{sV@%YA=QEyZXzE`mp5pd&-hCVl|dTZ}Xo~l-u&|rmo^sUf5%taboCSEZ|$4x5S-L
z%#YZ&#B)yc@Y}-aL_@6_FGj-jHvcQqH_OJ}&yIR<gkLf`!UBQ<l@nr}6JJ-E|3)da
z!@CEw7w?}`6riLpbd9JF#9c%UHUBeHhRf@*1KgV=7ey`U`&=Vx!wDiH3=^`&1mjyY
z&nHhD-Oh!^6vgd5L5xO-Q1c%|eLQ1mYsa$dc|{>g`aai4U7H||Bd$gN_O?<fy`K8F
zw_X_e_};dnc&@Rvl(+f6s=7tK@8?s^eM?c&PefE>)Xe<nRy$h9^&1oQ!s?;`C4HT1
z<c%+FUu$e_S*9nRV&!GZoblq5#^`~PzFEiJ8Ap(^Q<QIl9w_OXbt6EDeWOSHO7uh2
z(2~AcH=>r<H+oc`3F7r8=z)^HSvTV1oAoacBDAD$){PJ)_Klu;3ck?~N3BcxX5EOZ
z_YLnZ;Y;;OVqv(|Ci|we;s3SR9geD%^v${vpv2D6Gp~~@en;j$=Kn0q&vvW!X5HJJ
z_3qO{BwZFk5!U*(QZDNce;59rkTxg#i^(2-V=%oMVc)@bCgQS4jj$%y8ga!4Y5u2>
zZ^NUb-wEo(?<^gdh>aY|{42tzDb|M-S43!2YllkapBE%7zgT`+MhD?$v3?|$HMOqC
z{}T~SBJo{Z!)xMbq&29_KzV!bix%Qhq_tToMgQc6MOjlVW!zdC_x{|g=bmb2tuj<p
zU578LZYEo6h=JKwH!)zHwT=)wt%12$H(S%kmg!R6MUOtPx)|o|;#-|YRgc>4X*IjQ
en{j0G2c8r18!VDx@IUp$gxzXwan{@A&Ho4d+D<(H

delta 28078
zcmeHwcUTqI-u0Y09OYm|ML{q~j3pKn5Dp507<<Rq(ln?jD58ipmUD;_u}enXSP_ja
z>Q!vmBbLN&h#EEKni#K%#%N-UEk(bzX7&KrYwmmB=eytY{gd;sSo^p3Z}&3g48yqt
z<!A0HKR58@&;}c$n$4ZD^uf;g4V#V}GOuO6XS=Vzajx$+;PSm|+1K~{?(3%T^L}P8
zfA#qE+_B+y=VFVZ_$Z3Y1@;9e4pfx#;32TRz_H+};Ktx;;B|u(r4qPRf}&Iee*-QB
zZkwnmWx=1pX8L_#rhk2~qS(Pp!KJ~Er5$T<uxm9Ot01DO%*Y?iideyZ;1^JEWpD|w
zH@Ksg;!(RvtzkxS)xgX?AM61hnm9DR!GM0s7TD!rrw=#$;!?*Y_aBltvW!;XQKj9S
zWJU2r?C=rsBS$92kC*_Pjfn@d5f4Tf96um&Wa6;o)OS-Ar400Mp|f%QhYcH&7_TU=
zX+fo`I7^N)n)WJ~vGJ+>MkOW<P<D(lTDBa_7EG5sQgR>3Z6$|**=7D<c5x}m4@VpJ
zHOXfr?=jfvS|bHbvJ1@S43+%4<TjE+!4(i+L$asjr)U86+mh#DuF#H8O-f82sVEE6
z6s0EY@!%K0Z|U4$aoutm1-5{|v70;D7`p;^adcL^XpF|BDaI%bi0?NF^GF$re&y$7
zq~j#40ImXl;xbx%8O$E-rmZXOZ*Ml$u!6OM(hZ##GK`6LLi!|4GwSd*m=mq)bc4%)
zId*Hotjplk2IJy}CMj_v1`UrJks3cJX;{Cwq*Nt)h7q4QD0$cjjBR`>W(T;#Ohb<w
zj9$X$7HljCr|SX&9Hxz^0H@lh5s3{3qd|M6oekz>(!i|HRLN0uj7|szvqBS~a|Mk6
za|$O&&YWvBHz|HJrlq1xh0XYpI{PZFNeD250rBy}8ziPGePqHOnon7OyT4{+TS<#4
zTg6!kW646|Q&UF8j~J))Pl!tzf=rJ<XC)KjQX33RiW_vnsVD)kZ%;BB=Piu*55R21
zVlc}bnwXq8G%<DL;M8Hsp{yNru1;m4(HT9!^!qVOUujNP*+oVL9w35_n_zQpeFK}l
zIB3}L0nF!HBw)f@i;dyD0_N~7T4JQ14Q53?fnEii8b5S&{0K$4x4`hb4rYTwmKpwg
zm$L#+#pRu2)NJ6e5e?$w`X@}xHXJs?u`&`kRu~)IMkL^HK7q~EIA^6%p=wf3Ol>eC
zeo*|_-AK=hIuTzUoDAlk5-<JlAw7G1G166d34yOy83napZM6Izm<fBVF~+rn_PCtC
zvjEw0l&>I`#eV{3J9mNEuC-tm697NzQ6C!pcL+A)r=U3My=C==O8X5~19}V?)7MoW
z%=}A(ncoBWqZ^#A_>G2e69PN_vds7c!@)HV%xY(VIS|QU_E#L3{_8gxdS}>dNI01N
zTS59MU{>T7`kfW{T=K`@@*Jr72>2pmBA7GfEJl<G4uH9<nVZKFr{OnXSpShD5|iWC
zA)YNCxy|sK51TV<ESN{G!C>~#+hA7g&U|Blu7X+d0&scc=^7a~Jg#3-ymD-Z;jjx4
ztVkXrtAhuFeZUWQDhda-A=n@M6_|dvTt)@%<jJ0Z&U6*PtjMp>={H&C69}fgwFLT~
zQ>qFCw!{Li4BoKMC@>q$noiwsBzRxiPB42W1<V%4jg4>6ADdWzX}<<$i@%s;_{HZN
z`F8}fAtT~bhb4`US3>jA|8yLI1u_y_N^LkWLpLxBSbWGBiXRRb6*wn(nqu@+=_5wQ
zNs>>3Idp&YGAdB-W5e&+BV^H$QMUNMbZGqF9~qsajT+aG{OqCe(P3j!-2ihH{CP`^
zq5I!9#CZ(`bJjj{kpJJe<bP<0d5oWkq2n_C?VP@hBV0crz<uiim=S-RH(C;(+CMHS
zZb1A`usI381hb-%7mW2UE@;Oqy`X9rweKqhs?#oRt?CtK-}?3oKXkWsg_}hysOzwK
z4OEowTA7dt`#6N6Ox>Obt1T>*UiPQ3x*2ix9QIh8DfBktVC{p|y3p#KpeUVnE4G=#
z?vYrSCp=SOwKQ@;o_VlX0_xEeCBR|{s^%Huu=gLVC{1;%pt(a`H(2u+6J=L%c%<m2
zWjY-8NNFK?Lx+7dte$#;*dT}PB&;ayRPzYCM-rL`U2m+t4=j3FG|&1D`!-nZjW|^9
z2`p9|aV^8$hnkLT{r)1Wp2JotSy5WC$JFJ?n#Vg)>g8mu{X0?i#>0xYZY(ULvZ$VV
zVwmPJKFZ>*wHqI8j~;Gxm_>_4xf(2^Q`o8tu)<LbMe`ivu$0r<O^CMjPEnL#ty7Z-
z+jNA&wK5SA_Jatq?y81vw)ko7CPv%4k1$(M5azJ2fW>_6S}gj<Eftl9RYHqx<*>BV
z+D(eK&w=&|G&ijv$YK8sRy)(f?mJRZ8pBeUzr72rCa_d36P_8cn6p(Y=;lx_j?|7j
zqwEz&DN1vQ$Se@!2g?{+G)mnuN}KMAvYi@(`f0OV5jNkkiqcUJ4Jr(6Eet&^40RZ1
z`U!;E>nW}x)K;7IUZmSQdH~s_6oz&chAiV5dumFgn;u}PnT4TCg`t267z?8&g`tgw
zp?ig)CRmj%wNCFwy6FLCmtPpNVHa<ym!$^~X`h8qCv-<SEw+)vQeCr8jkfPkQxpse
z=ORX=(YuP$qtHr+#p&;+c}6(wKf~f&L=V5>ur$}&WklOIOjeXwXc+NE4*MUlIKALe
z&tY+B_G!`fj46r|2~E-SKMX4v7IGZpus?uR9~M#vJ1j41_UX~KA?b?JMPK^65#p9$
ztSpcBjKM3R=kq2k=4#bq8#`=Su)?%cO(X255#kJi-oRm3aV5|QR!J>3(qZoeOD=7+
zbUrL&W8n-x3o9I+Sm<a+sSLxyT8MVoUV+tE>(n5^HU^<aTA48s>Y5B~`m8A1HxRI-
z8%EfxPcvp3cBVECyAzhtRb0}iWE{E$OQ6<tb5640fv{SjV59qUVHq8mnHBC1BMecP
zymiCfXP6Z%cqiO4L-Uv$rLLW!wVxYhzlJEb*`{w<Rc0ENUGr@0uy=>W4D~p5?M$tG
zW|ZAFOHtm0XzZeKu-MI5+!*9sSgm291A`s*hp?EnJ^^g?W^-Di`SuiqTIybz8^bNL
zH4iPyejggwT1hPvJ7?QD#sHyUw0R0FRs&6ewI3F{9#aB+^}F=MqHgT4glp60McZ@c
z8bgJN5$&+wgvDWG4a40t&H02GWa~jopDmdPu?URWM2GzZEcTsVglc(T^OzcC3ws|f
ztiNqILgCshM}&PXLUc4H@D*v<^v%4kX4KP|fC<tnp~tO;#R;Q(+OELD1gslj_n%kT
zHtf-F!D8;H6gDgkRxm8|!tii+80<pKO^j2O`9^kbT5QvBcNl{aWz{mHx!u|qMO%7m
z?G{C=n}s%gQIzd_!G@svwwJQ>hD1cz-b4udaf1l^Y=n9ng<>Z!x6s_zIo<leGI|LE
zVatNmUhh4hMMkytW00*EtloNF`3QB?^TO_6E3+6=MLX3d!u}RQ91=7PwVwsc$Q8#9
z+Y?yWQL!33E-@!J$7B^OW5x0CbqyA$i$(9w8cWSX8*4cZR%68BxX{F5-w4ZCA}GuD
zBP{HBjUp^jntge+dTP1WetDFwb`Iwzn?Dqxa3of=%w`UCRgUJ76J@&wvAZ^_euO=C
zg)#Z{a%~%7VM@=6bYEF`E`jrpELiB^q)0aekZq#~yY~l1wnmG)!ZKRS)0OG4u=^)P
zx+BoOuv`3A6?f_hD@xx+<{^Xw4Jz{hq3(u1hU(4LW@odZ)-}wOE$WL<B)p6{y12-~
z7Iy&_yUK_wwYHdLi-r}Z&5De$jY24rd8xT;wd1R!RJV0n`*G3k>x?;wzQF#t3>GVo
z<0;1A2CSZX)e8DMY~4QO$ajj2u&+R<m9BeYZ~P8cPrZMdtv4IX88HTyOpSSS3RXuH
zAL+iq?0ifVb<_s!__`?jClFaKwm@`(=SH(jGT*=%6fDM}d1&kbSeyx1KoJg$s@c~^
z+uHn%Bg+w5j8I#{7kl_MSjPO~ajnKCV-;ArzuOXFwa^D34<W;gJN-jg*i9Nm*g`hz
zxuWx@BE$_5wZqnR3KrLc(cM0|=A>bd4Jou(;yzfc4f?iaxZ4&*>7!S&KSIXhq|+W)
zGCLeFOKR;lMcaFBHFgP9HOFDgfYnDUgCoqh2ytE;yY>s)3Ol%|!!{LGXML`mN2se&
zUF^a&w<}6N-NFJ?r*7BU=SJC2Knyipunv_S=7z;1Ulc6%u+dr<tah-liDQ18gB1o#
zKN+@oXvelh<DAXDHCoNe)7o#1vWcDgjNOV;sa<+|5gLaOh6kZj2w^F0jj&hTZ5$o3
z*<q^0!IA^@ibKuWt!MQRBIX;Cwb^4Pn}yKpMr}~<dV3Y+RaoV;%qHRPFq*=^QLBkV
z-MLqrz9Y)wrXAZ6ZNIh8NQG`|=&-cX+T}&7+55HWc~SO9`;Eq;r`tR1O+PYfg$0gj
zm;tLLa^%6+VLu70iDB(<*lh=lI2^Iy*$x(0r*Vi)KcKbW6=nM%pX=h(;z)M{-q2HK
z;*_h0X5SrcfB&GOG=o-7KPx>0i*+xr6};-O+YgybGBy{dEU-Ew&e(J|!s2X!73{D*
zhSgi&jAIX*bBd$9?y%;uH_B2&YqvMrHu(rfkY`5fl_T2my;1hCkB!>mSc*Mn1gt1+
z*0@N^$J+FLQMMbfyJ)laMc5pl;8YQzXbXQw*b1Z_VSC}I5ffn>f=~yo%)v-E1ls9t
zPYXkBkC|F#Vd#s(P>theY*JxpdtvAaLT&W?TAeUMGxgA^eUWa3Qq_~Z=3(vn7KT13
z4Ba$C_P|rdB?V3fb~tP)u&}Q-i%<`q(vBaBvi%C7i+1Wzgst6aHtp0QHk$S|X-C)^
zoiSn}Y!eacpmjPL>4pHh7H*!OnxWSVLn{kIKNN;S3rxRBg`rOhL*+kXQ<-0{!q753
zROWD`TcK3{EE`R?l)})C!q9Jpq2}kLpF01XcKleB&Eq^5(y4k8maba6<I(Eu^V;;|
zxJ3Hg+;4fRIvf@^87!p64t4G4TKf}G>aEYU=_jHr9kgR7qHQa19goY36WEXt;(nl?
zD&lHy+R12p>_sCzmUaV&Ee95S+eFx|BZMm@oNzU~WGp&;8?&XrYN_kn5o)AQZXN}$
zQ#bN%;IO>Bb=v76cBf6j<$|i;R#2LN`5{w}l6nVlDcC*1mBC5ilHgRZ8+Z(uAF>tv
z4w&hkU<=qKIStHDF?Q-1q)UhQz|43Sn7(uHs{%L&TpGMl>YKnGuy=v&;DcZmbO_7}
zd<^D?O#7IOKQ47L{ZFX4=f%$n8Bv_+a8m03j#<DNnc=6B3uHPn^Z88L#hLn9H$+&q
zw=Pw2dc*uty8VA(qa*$s1#_T&LqlqT1K2swFxyx|>SP9MSzo0a14f6{2Gj9n#!6;~
z)s^<YWBS#DpH<uVMHOcWSfMi2^O&VLWIUOv!zDM7I+^pVg|x{`*HYSKrfVf_GVRt@
z+|=a<0bOV#9f~uh_A<T$m@BG_^m`sN<E}FPdCZD+lkwfGD4z*ll|pf5&%7peG84W5
zrvIB#|4*3yZ%KbL^XV(?zNHbM!`o!-tuL!MY4w+G@iKNGm>)8CniOy)a5|X%F-^ul
zkD1?e#M5OKe$k#S{mBewN*nCd9p0A$nZfzeCbPhWVD?Wo*d4q^#*-QR5Wm>Y4N@mF
zxJmLBa3Jij!Q2Y3gITd}%>nri0zYI%+>kbz75D+ngm=M=`bF|XFyns%vjTreek$35
zNam-~NirMa4x0@r??j*s0@c9u3BWIARD;I<z|8n1_>pT$t|hs)<T_ydDE0YEGW{FC
z=HBjXi~xmDFk9FZjLIv`BsT}+M`<a!t>li9yGrg3=7-GudPtj0yC;|p>kVf9Z-DXR
zRQk$@I2kcO@*v5BB@dN6TyiRyT{s@hj3<Keqom;%3w&4dWH1YSPuf$#_)%u)HWuVe
zDa-|PY!*mf0_LYUGvlSuSzxw|e;#wyd?@qT3}!`l%5=MBI-R*8F~E%XNQZr34#h#q
zpUC*5l8;IKG?*W9dGHl5TY44D{JxR#WCp*Lc5&7>#Nq<{bjOO|$4J1I{s!i8q$Fy^
z0z4#_VJ-0?Q!fuL2lfXu>Ltl9gW0nU!K_0FnE8g<F#ZfUq|gM+PjTicP8X^F_gQcM
z|H}f5md2t1RnU+G*^olk&-k7f@vP(jBimV6lmDOqZWzO)UvcJ`rb6c&7%k(U$DEX7
z5KkU!_`RYBm~cD<7Vxgj;Cal1lVyAnZ{2;m>0hVL=o);ApE8>^d+pzyGSiRo9EHD5
zo!J}4x&L3M&iW}dr_W!f&VQXc8^`p&PM!Zcb^hzrnP<#@ojU7B%K!d3xt^_l&d+Ou
zzfPTbD$RrNGpEii{_jtnw?2MYKVF=F%hJJ8TLkp6^b$wkvXl|&eIUFn3Mh>210l38
zgnA;aFN8XMAzY`>Km@%F;Ub0kZ$oG(u2RT&+fr7vj<dA41c}Tz2;p(?xE}|P5E0W4
z!VL<m`auX4cPV7`gV3Wt1c%7!520;;2(|$bnuyo|5FSz3P9Z{A;vuXZ03kjeLNk#|
zp?5q4uYnMvMchCL?gJqlp%5cH2SM0LVbmZ9uZVmK34<WiOn}fzq$EJ_PJnQpLK_i~
z2;nG&^h5~lL;;1di4Z~uL+BvV21BSb7{YZ5okY+O2p1{L9|EC^xJn^o2!vKi5Mo7U
z5`^$12=^(xDq@C0xItmnPzXK5T?$!4A@oRw&`abb<5$~c2)1DmUK6pyEWIqRi*=+o
zgk?CQ*A7E;{BT6SC2}EH`UrapsIQ14y)AZ;;)Lf2P(P7K>M!z11B6d1C|;zH28v^(
zK_XxzC_#)PC5i&lVDa)O&=8SEN)neyLq*VNP_mdt8YZrihKnX+Kq(@VG(y}YrHYub
zsOpU|Z0lH5b(FYEA!{t#Iu61Zku#2M9mlr517VzqeFwrL3fn1+7nbo5*1iKFemsPU
zB9}t%@esTwKyZq<2@u>TKsZ7nO?Xa(u#>{5i4Z1>d<qE@A=I1%Azh?Qg5W&~!g&f)
zMSv5+Q3~l!2-8FXg|SWup)LqBM4Agi9T$Y_6lRH_Gzb?d%uj<bM_i?lkp`jFyAU!(
z=DQHW--U3Wf+k`nL%2a<)no|s#a#+nlOgn&0zrtJDG=IDfnZCAuu#ONLwH1CJB7u<
z@*ae>=@8=IgRoTOQt1621h1(OvPIlf2<}rM9HEdSJToBdq%bN2!b*`(At3`o&1n!;
ziIiy&yr)4pPhpJ+m=576h4kqV)`<cNW2Zw1odIFJNSgtn&I}0GDQpx$Ga+20Fn=b5
zP2wtrjF}Kx&4Q3CGG{>up9SGQg{>lHHiR1#R?UX6UEHORH5)>YIS}$h&KwAB=RmN{
zg|JJ+&V}%Z!gdOKge4Qg+PM(oGa>8~xfFV5LhyPY!bc+ReF*OFLpVYqUwCQ|c2XFn
zK{zDxDI{nRYR-djM5N4v;5`q*c?zG1fcX%PQb?Z<;g~3(Fm^tK&;<}qh_nR|>MVe8
zox&**Bp_U*Fke78Bd$`&5D;2rK`0QJSrEdrAl#>LR>UlXaD&3Cg%Hk*yA-k(Lg=vw
z!Ud7D2twOM5NwMfToSR1Av~h6ox){dSps40VhHg|ApBkAQs}(|g4a?AUx~P-5ZsqS
zI6~p7@LUFACxubVAY2pq6cUy}sF@Anx=6`};GGTOJcaK>z;XyjDWorla8nde7`q%o
zXbyy1A}t3(og4_)Dclx8D<E8?Fn<MvAH`J)87m;PS_$E<$Xp2_d?keY6z++b4<Ov2
zu<8Q{_r+ZbSsy^?u?oUNk+TXy+f@*3t06oVv8y3GqOhI9Z^E($!rIjk;@3d<L*!EE
zy#|8UT1yA@sYUc#Yw0Q6*Frf0#bObj>)^7J!l-o+tRkO6!a4{wKZIZtDIY@c{t&`>
z3MECrdI(1;q_2ly7X=i?u7?o10YWK}wgEz&4G^wVC?kS4Lbym_{zeGp#8nCz8zHp%
z8w5|0`8NpRe}izJLPZg?3BnBut2ROK5_c(NZGzBaGlVK4XETJhn<3b8A^3>cTnLXS
zY^UHWEL$L~&4m!Z1wu8EOQH7`2wqzu_=~u$5Zt#yI6@&ncy5ERlftNN5Ne2g3JKdF
z)Z7lCrbyWi!FxM|^Au`}fE^HyQb^wc;bl=kVeAeFp?MJMiL^Wjb@Cuwr_ewI?SycV
z!u*{O8j7nFGIl~}wF^R!$lL`Xd>4fK6hcJIZU{FhtlAABRNSSIwHrc@JrEosXAgw7
zdmz~MLTDml_d<9?VLOEgVc7>^?Oq7+`yezExfFWugW$CvLbQn655avugd-GUgy%;P
zc2XGi5rkJnK81vjAk;hnp_NEE0KxkJg!2^Ih=6<uM=7M|Lue-oD2&aA5PA?o2a$FV
zLY;#Uu2bkFf)3#z+F48^brDxVBI6LETOCGptjIhJy_>j6dR4?60d*G(Nj=0}QcuzD
zV^A-VL+ULalU@_CpMY>SL3%@2j)LA4uaVvoxg?xQ90T<gaU`5dkm7{raS%==Nc}}V
z38xY#K=C34B)m_ca_3K=a)U&`N$5D6ASH?d63!-0frf}Q63!+_Lq*VO5Y8q@!^Bk*
z&L+-)QbZ;RXA`7U5%Vc%q*zEACGL_&i*^N|F(QXFRy-z+6S1Fx-Vy6a<AvocXo7f+
zG*RS|CJFmFkW<8gg!?&E{Kz>}JWY6>hp>~vsPhmei+l<R=ONVm974KC`J8S2oNc8r
zRRmmsaFjy&1qjnb0fn&_AcS6oFhitWgiz-qgzFS$iJ(gmE>f6(3Bnw4l|sfP2(7+=
zkeQbW@_xUro4Ryxp2t1QuNGVB5%|JI#9X)JLG~D#I#$1IIyq9DzHe!&t{;^bbscVq
zvzvdkS~1V_k!6i)yEPqu%aj-JgJrQ5(Rpt^vF!Db3BF~51rIFlw9A%KuUKs9c*>@{
zD7bHF=wtpNO#h_BK>mFvFVFNpipeW;&oao8x4f)+aH2=~8PxGy%4~6ZrWz$YW~tr0
ze02$rB_WR2GQ5e8ZDN*M(OE}EwU<%+62N@&p#wDDmge_oKN;C7ou$S{0PaaG7R+q<
z7|H{wb(0#ui+cs&=T)ik)^1B(!DW1RDe`;Rvk0@m9$<c9Qx<4}Fh5Dsk6&?lNNuRp
z`2AZtYk*I()I1S(gT}AEhC$=kBz%6RvHS*u5A0ZY8-d@o@mT|YM#{wezI~k3MoG;J
z8ovZ&%STI%Uyp5I&iL?&AJ%~t|C`jtN{tV+ECcu%Cp900d-1U#e)yOW6ITT`0Bq5C
zsd4n`%hpYhnjbVTsZEqxHE8%!PjBTUXsp}|K$vXtJn82Tt-frWbG{U-L)?a1v-S(5
z7Jx9GiPS#=8XNT@fF~aH&tmCU0~Q{2<R9!ROQ7LLc?tMPYRjZwP1yMWKiP(#Q-3t(
zAOt4nvrYI>Y6D9w_=V3(2n=$fehRz@d?2-#5ym5Q{9|xsmDK7Yd>E(&td?5VYy|LW
zywG5e$WbA|QPmq)PZeJ*Rx69rnd+yl`JLE105A0Uy<8$N7#IR10Yia?KqDXs2nP6U
z&+ot=z!Tu9D$2gEzE_hgh%4qU@H4=b@(XYu;0k#NJQAngS0_8qA$T6(b6b3dYd5e5
z*az$fJ^~H^n}E$gF0d6~AFzFEfVIH;fCg}sIj9^&4iE>V3&3?$A7})G0F42xBXLGk
zFE!!Ue-nU-z$AcQjJkj{U^tKhi~x8$s2lJq&>iR@PR&z0IJu^{ggOD80X{+VI>1L;
z1^|3=sV&eC;8QVu06qpZ31iX<Tnp$9^Z<GTA4A^)Yz4Lfe6*)I5ChDFJqzGdPc;GD
z40I~rVQSt0ZUVP}+rS;*C*UsdGjI=h06YZvOid~<65u)?4>*B$fyn^B)Gq)&1I_~H
zfb+mb;4<(fupZ#r-{^(~#RZ=OtOQm8e0V1T7y=9x?G~uLn%zc+e-7}$yu-i|fM5Kb
z0!{<`@^BYsIv)V!X2;Eq8`p54m-zbv^^lX_%JQpTuIPB=%qNR#19gBM=o376tv{Fb
z3hYdT=K%E(=4x*M@ZkypWC06-MZjX9KJp6$Dgj<V6~G(t0jdJNfS*lip;SZQ1>he@
z#ODx70i^*qzy_26(oxWRz*Hau-~$m4z<hFJnTX3$YxwY4#7}^uz^A}?fIC~NSem7V
zI3394ZKU9%WOLC3K7z)Fkrn`10H0)<3-H0Bt-v;52apHs1oi>@fdjx%;23ZmI02jj
z&H$eR1;7R167U6Z8TitQKcV?M0#|^qfaSpNz>BC<8#KX%dUgh{Ma8B7e17tnNL#4Z
zcE-W2A<zg20z!bs0H14$N0Na+7;qEzEub92>B!<U;22N`qtD0g_`K6?;0{m`K3+g&
zz!#_nya4zE)dAj~d<|*Os!AJW3NnZWc-;FQk-q@<>4c2N0BHaZVSFlQ0TN{Z7f}C;
zz$M@d;Ib+PFH&1u?ub*1RR1U*Q269s8j_p<_#6$76F4tXUV!^9a8ndl1K@)rO@Rm?
z5@==<RTrzRZQ%$9igAn8HXd)w9XM%|IKEhYF^)&%X~<?O@E$M;Xal4oyAi-ki0A17
zkLEpLqb5oZFk2Y~Gy@_4R-qnH7kC+{4b%e4<;5;hBix1GO0|-uj@bTzI>S<5#H><7
zY)udyF2=1=YuFqJHV{`=suin+As7TKM?sCifxuII&;+HSC|ITXR}O^~Tucr@xUof?
zUWFrx-)gmSO+9Cb0YGJ-B2X462Y3KQ#fe6%)Y4_lc*aGFoYiVQOH*-bwd(8a4&_y#
zGw>y9&<WfT=m4|>*bU8rwm=IY251Ac0$u@H0<D4eKsTT(&_y!es6%@V@_h~53+RGy
zZ*U4Q+@gqKYt&fh8!%o6A~7x>frG(8KtrG=5C~KTUIO+bo@0~><`H~7um_k3ECLn+
zyMe91Hb4MP;6ER{1;_>70X75cfE0eyvlf9kIE4di5dHvI39JCJfgE5C&<64Eg2w=9
zfD3Q}V}a4YC}1SOcvg^=VqxQe@jw#NPXJE>CIhp8biVw6>*_sVCNLeC1~6d;FcqLa
zLt-|VEic|;wvsJmnoM9WpaJg#^MD0F7Em1(SPW(b8D0*~W($@9O930O8dxQ<5xfcb
z8?XUjcYg>_r%h&8?*O&~dB9F!7r;D5qmaGeeLxKiA1hrQ+!A^(g#8hAa(uYdIrdx%
z?7C{O{QzH}D&P%x0aXCbg-SpW(lr8@o-MBk?Q`&X;2dxSH~=ue!@wcnAdoM^r@=>g
zivBSIp8zL;<G?ZCgaq|dz*%X33O)nSmvO-;oEm+YmVTcBOmD_Bt^i<#8E@uk#AEzr
zP4tSG;R|rAfEIZIUm{GsJi_IGvVd6tD_;h7Y2X3EtV}6{c@1M$>Q`uH1>B*R1TI4>
z0k-iH;Tsrk;A`MVz+J!!n?0d|72qktSAi!0yY>&@ci=bRF>nL80$c>l3V(qxD{%>6
z1z70c0XF74fSU6w{Q4HS4*UaPCB6peL<bhiFuRKtW!TJ=T}qn;Jj*PAnpp`pjD_En
zI>w$u<y6?!%-kHu@1+B~lNsL!egW<QKLe};d*~;CmA?hB)jtAvfZM<i01IcH&sNN=
zEGuw<>;EAF&+9gh8*9xPb5a#=jTuLcm8T!W%#?G&46|{j&C0MxS#dM|6DJG{#@C$D
ztPE$e>A(b>2ei#Xm=OzQ_uG+{ab^#4-mnrJqT)Kop1sJSWqS4k(>qNk&c;6rb0sj&
z=(3{1IFmVX8OLyOAGVr%2De)>_lgF<R@lY-oQe-3&52|dK&_aQ-a2OZtWJ%s;iO%G
z%wI&h0AL~PT%az(Ip79h_B1b%Y6JCvRM<87XEEFs>lBNqB_pY?K&IT`xMdCon4#(W
zvJCTxXlhJD9~Nll!?@AVS*WS8a9*o*K>7NStu?q6fWPchA`rptm)mYrpa~ETH~?N$
zvA4ny=0)B+$cS4nmnkp&m~ru*3x&qKxQ%l!;r2|sHNgCxt?-Nc`YQkr8fNCqxCJz3
z&P2_@(E#`MC~z}?g_%QEyiiU?b7(jbIf>oj&y9?eos*XHp&`oG|9Bt-4){AqB?b{@
zM$Etrn|lPeT652T-WJP3S^`gzmKEdNVBuWCEcn^{eAMWF70rn@5DDUe0YF=z7cyxF
z?gX?4IszTU?ak_|WqAqS8Q}20W)Yop)t+7num=HYz;(3E1$K(uT(x4)bOfgW?*fwn
z-p!!fR3HPG4)EN0J+KAHggqCS4a@>&0yBU)!17J_h0mQRQFV*TYi&hDZ&B-)Fk}(%
zm0D3u*`jt~-{>E4d5b!)(8?RLRc&u6Y3UOb7!=qj@8~u)IaFNvT76ed9GDk*OPy&|
z*A2=$en;(U!M8KH_f;Q!ZE@nh8X^*YQg`4~HthkVR$}o3HBDWeAoku>z14jQ;>ta>
zK>%{Z-kG4^@p3u#mCW1Y*X0wHWrZ;2n*{OF&uU%uc7o{ov+8ZX4Nu(Xa<vsHKdY^9
zSG~*6st;qU-&3oL^1rAROjlFH&H0#nDF1cw#yz#385?D0WWEnly^!J(F~Rlpq8qVj
z^9_+V)=n??`R65utCpKs-{n!bQTLW+US>&oeST59{c{&=FKm4tT3^j#>6o|cp?cPW
zJO8sDt08K9vN-ryt?QARtlw93O-L3G9;?CXoMch=SCtP;Wd4e}R}<?=wZxHM)et}P
zoswO~)Xfep*z`nJ8E41&!$hUukUV|3XiNTfgqT2nFhXo5znd!l@f)%&DegA0Ru*x;
zqe`y|=kKadsQDhID_1^Rx;}Vc6E{nvz~GQTtabBkjETD<*ETLO^xL8sPZ8A2T2Xxc
zyIO)@Lp8NlENLVO6_!6x-!{S*<Y&J2amBhxgYUT4{H!R0p`%6DKUD89^F@*Fo>BF7
zTIQWB@-SZ|d9-9#(fY>FgGDiGMvG-kE8jlpI;h-fQ|qSMyvW0Rb=Bp`16v0z_#(e3
z=GtiS1Je4MZ?x=J`FDFc|4I*vJW2`wC+HRP6_`gKxcn!4&_gS7Fkh0n%(v0*vp4&{
zUKG<-6hxs{Tu;y|eMDTOwc?9LubA)KT;DqJtr5|+mlP$LK1S?)qI&z8Z|Ds6oY?c~
z?r!~xJa&u`Kfxo^e0AD4Kh^qsUB|G?7<)%xNGRs3`KH7Y*MF|q!&+%HVuAxhxV$W)
z*;CcW*L<5>1xvdxf5{uPQlB<KjRHe(ZJq*$F!OzK1208y>Cqtkx@u{SV-K#t3*Qje
zbL5?IuRZlTgrq2vi)4vY9C(VFoA0DMdh+!5RlD{HEJ}O9DSmmXwp1TEw>P!+w&43P
z&0-Dl>*K;HFtV;}d#zgMYLkztmhiw(2j^RYOMGLo2CE}nqOxl3=r;kL_!hy{u$+58
z|IDr5qwq%9h#F%vbcso-)jLds2W}F$k{>sD)M;=xUwAYQ3=70zAR96G62Vnz#uwl8
zIC*3hVz8~C$;w8TIEl1=d*Okv6kJ~AbN9S6Cpilq$eT?&;aXs|2K!xx0~dX8($;&&
z&m;_jLm09^MQ^!8XRFoQ_X#}kg@J2!&Xyj3Ogz&=FJAAR3L?#F^}+Y8i$T6E(u@}c
zHtRfmT($Irk?=!4+~(dAnSs_y5y32WJiKt%-qkdyL-(p_Uv1DUq?fl4F*Om>vufJ{
z|GQh!WvHrIlNa2qb!`{kMF}FizO||t<Yuj=&YdjYbF+3-CruIO+^oU)g0iH|deagt
z?%GhTW};LH>mc<)h8S7GdfLx?Vd<3}>&x};wrV-D4+#urLzAY7J|)pm^A)D+1A4Fc
zHT~&JvI3}dRgqcJ>Z7imE;f|J&}GjMUxWS3ca~<&Ykv6L&feZg5Q=>r1B1Q`bhp-3
zXU`O`yIZTP7>)_<7!LDgrk65mJ&AfF!;Tb<FdXddnPRiMHQ3jDU1{9GfFo_PeD1@e
zv2m=35`Va(Sq7;i=Ze#ItG8%xw^sEtUr~CX?04(hY#ne{uX%7F-cm7ju5j5=Rr4*U
zV|U$m*qXLm4-X7SU>NQg7#aDQ?>!A)&|qG`p$h2!Nvs-LZx&V6!&=q1l4eZTp0Ou7
z$Ccm4V;ScQ-26os4{Ik&C9%{)uV$WyHAFo!PyFD4F55L<R4)ZCm@m46<rZy24X@4@
zE1>w9?}_Y_dhht0I}Q6HV`R&9aC?&Ysg%`QeLP=ylt$XOMYGZvjll~<^<ea=`Qk~B
z$YyDqEOXZtHGcjAF|#xhu3I2hm&QCXR<oB4=d%YEh_Yp@F7@mJF}DmdxsLmVTuG6&
z)&`YtF*irgL|;kw7Kp=TFfit;SBE#Bu>OEEqOA15VaZ!~mbKQy;j39$YlNTq>eii^
z6TWJ(e9T<<aZRFwJ`iGFS@glTSz@?9s`X=*C?8<;#(k*#is-Q(BDWlx_02-js2pM+
zEEJ!Xw|coDVObGW12LNxEhvu&gADf&Kl25x0cGy4cwC~IvB34>r2Cb{3mj;m`J&gK
z@-pTwbiW=hdkJ$D1$IWhvV7qxZ>_2tiA12E)k}O;&T5mj@%}f(&0Zo(S2wHY<%TJ3
zG)Q#yv^G{3EfMc|q8I<Xy1I9uaC%y8|5TOd_tw93Vu%Q6V)Y3#-)7qK$nQ;}Pozwj
zqlDU+?>qg;b)swCT8|gW80?jsmx<C9QFF7TkC%z&u*1w(rhXdsgQfEcul7ZGnJ-oS
zVsgHB<<oa3$`}k)@xk#iM^+J+F~Gj&t66Uk_{Yr$8RI+Zsq`HvK$NS50XBNw*L;<0
zIk#os^bPiN$=oqioyA*~u&9iw;f=>E_W2_j`u1zgBXOmYwJM*T2!)oMEy~tLn<i$9
zKre7cw%A(}JTF`H^TKNTAR9NbFyFn?k1pKbd)+lz26|(6w%E)RhqA?NjHjRZrrb+a
zL|_Hiz<(6g=5n^^`jWM>HAGHOKl5F-VIAM87nuDcj*{5Bg18Mm$QB(dV~&*;XB?R7
z)kKPq)hD$6a$Fgs5^H}RJGJ-1fIL0x;6Pq(3M?zc{Oe+i5vM9+oZmpw3UE04{g{i_
zs&?5_RI8zg!MD7wN-?1=MjbrEQwVt&nX+8?RY8ju%e1x%BX=%e+}fN8*b6r<7hU0@
z?p-dHR0IF>%;;$G7IUf=bvQe>x;I+o5Pf|iWB#~mAl1DUA{nwdE`Co|7|ryWJvQLU
zrBhdm>KeaN?1iUa@=D`nz@@&4_`ZXdSw?mQ=96=!_z50i=4+5Eotyc}{?#XL>mK^W
z#T=xyqrJ-)dW8A!n)zc<j5(j>{E)par@5CK+ACM+ejhA(=`DVSAsZ@^YFew<Fz;lX
z+5UfTn$0)7I+_zn_L86ZerDy<u803<bIqK2sEv`p%Z4pgZjGwkRPglGRrIjj7mDpp
zRsGD@JRfcO(V4tCQJssr&a9=exMbb^%ojV4fB18Q{JyIP!k-61boH*);-nu2!+aHV
zU{=7(-^aYjS*%|f;`ZX|1=V;A%NC8nVShfZ<~yg)uFmP+HAI-FGU!QTW_1kffUhNZ
zez^Sjpz^nOyYXnpYQV#MPxX_x=JdMtS?dcj1}jrGNH*V`ZfIEc3&!l@QAL`?RDDhw
z9jYHq^uF}6apQ>+0o*`PsYo7>o}KP;e=&E0KOZ@B@0UYvZcH+vIkn8;dq#fdIB0qo
z%6fgPSTRESak4Pp*e&HM``4qYF}MBVHyTT8bEz+ej!oZjwy2~3`M8JkD!nh{-YQG+
z;u(rL8O?Ph569+k6l;#&)q1^(9{^9*!17wZNxU6u^|Il7#+;Z&4b9;+cGJSM0<prs
za8Y`>p%(w_ZSL!G(yDV-it60ojZTr1o$J?J*u~a+;lbdUikQa;Lw-&Izdt{^$~48g
z%UH9VXCX%2E0xrbbw>BtFrVcy>d%fvh5L>^2<8Dz*16d1;Bj9bX~mbdtxGs`&!6)p
zSb>q-#PB9Kt@(Q$TtWOtt~N})KPlE26j{1zWL<P3VV>X_=O(6?oVW5gD;Cwo7#-Uo
zcGShiU=NqEnIC?w(L;}!JLc$nkA4z<Cr^|Qw0ejB`30T%zVniu$B!BQ@|_mE<P36f
zXM0%;smJq=oyN_j%)CQ~5?>6;C~{~hvf+T|Ki3CZeMClmYX!e#ID2A)diJWhyv4b5
zL491(e6>?FZ-D*gpVF!icZ%Wlap9A^Q!J@(%}`~vpYis)g?3g%?%(}wTxPFtQXZn6
zjd3xCy2@<D>IUeRe=bA(LQUrA_vg)(b?`8oVCJG<hMKK3Yg*V)^FhX4-Cg51m0$a)
zyyd$+qI5&+3f#=v)DXL*yx#CNUx0r*=8fK=T`D!v$4I~G>o5Ljh--iI{qTN|T&1>s
zv>{DzoPMl!?h_pwVVKP~%6Gr~PMvyw;XDY1;35yJJbRzm)(FQKd0k>2vp4J$enHl{
z9!KzO8t#?4{&hOy_*lg)M47r@EDORuU{u!2ABR=*1^t5)+B_Qbb;NF2Uz`%(%oabu
z+0Xo^4)v-G*WP?}+#TH`h!=;l&0*&b80TZ6Ms)ozlAHPH9{L65pZCTO2Sjo(F4x>d
zPB11{l-Lt&4XOCAO|K#>A=UuD+WE#6*u%B`I!?LdZ=Cf81>$5t_J!|rtEo?#P>~XX
zE3jy>6ggQsijP7tUh(<jixBkL1Y}$XeTLOowlOBGemtpE5=$fWKU>zuf-QD2WF83Q
zxi(I2>xZHn|NKy6Z2klBe62VdiVM+ahwqsqThYG3QN{Un;Wl$345$BckN>w91M)h+
zckv<PJUJ#%O-LH_&`%C6c3<OE+}uZvOucNF6|!|<e{#6T0qjp2inPx*Odh+<7W_{;
zWMMmbK`fnv{capKZc!yxYah1t;&0g4uv&OeP<eD%>~DfQH>Hml=lo^YoLm(v{@xEB
zn4DZs`mJCeHR*^b-4x5}<Pp)lDds>u@mf>#<kL}NHckCbZ>199fx(Rw{Z6kB9`DCJ
z-iqQ*Q)>xd^B?*&YO$zqUWsxl?^_1x&aaDd5x5#L{{v8l+lGX`o=wLVIXv&yuaQ(6
zE&4>@%zn*i<Mx{OufGO$J02Eal=gYIevPzeMvDzd>u3HKgSr*!gji-=%PC6xaJ2Xu
z9--zxH_{@0s4;lfqKqPs=iU1?at{#=BC%lg8@;kq^c%exkuhRIB+51akwntlE1rIy
zxhtk9SKP?m9BFOovFns^AiF(EJV6TI=iOxwY7!U}tmu93W87e`B>FbP<-gJQC5`wt
z!r2U6{JgvDhQo6^U(eb#TAXgi8>q62i{E88(muEI^|X6N3%@8d^?7&MjkLJS-W499
z&%4WRcs#fB_1yi%(kL8}pLdttNUC?fk8y*&l6V?rwfQ~o{<`6e`|H)CQCIUnVHM<*
zuXec3%`W<|=;d8FC%Q*l>%MgDoc>0z!v8+e=0G1Y-mBgSEEwKpbl`D{b7Dobb?i%L
z&KsWQ|DU)O5f^tXxHIoq;)*`7agg%Uc@fndhnhdmi{8zx9jllR@DIy6Q*Kg5M^WA~
z=yOa0k@h{-(dp*anfPxN;>{S`bki=1D>2q!kML-IS%*h<nv1F}tj+V@Zeev<JZ>~M
z)K0#6-@jt5GB9uHht?@0Ju>)sAU;{XqMpB7K-H>VH9ga6ym~TY&+5;-#}w2*D&v3m
K6@&fVzW+aiLeJ3v

diff --git a/dashboard/package.json b/dashboard/package.json
index 11080c0..9641b8b 100644
--- a/dashboard/package.json
+++ b/dashboard/package.json
@@ -20,7 +20,7 @@
     "@radix-ui/react-label": "^2.0.2",
     "@radix-ui/react-scroll-area": "^1.0.5",
     "@radix-ui/react-separator": "^1.1.0",
-    "@radix-ui/react-slot": "^1.1.0",
+    "@radix-ui/react-slot": "^1.1.1",
     "@radix-ui/react-tabs": "^1.1.1",
     "@radix-ui/react-tooltip": "^1.1.4",
     "@serwist/next": "^9.0.0-preview.21",
diff --git a/dashboard/src/components/ui/pagination.tsx b/dashboard/src/components/ui/pagination.tsx
new file mode 100644
index 0000000..db9b2d6
--- /dev/null
+++ b/dashboard/src/components/ui/pagination.tsx
@@ -0,0 +1,117 @@
+import * as React from 'react';
+import { ChevronLeft, ChevronRight, MoreHorizontal } from 'lucide-react';
+
+import { cn } from '@/lib/utils';
+import { ButtonProps, buttonVariants } from '@/components/ui/button';
+
+const Pagination = ({ className, ...props }: React.ComponentProps<'nav'>) => (
+    <nav
+        role="navigation"
+        aria-label="pagination"
+        className={cn('mx-auto flex w-full justify-center', className)}
+        {...props}
+    />
+);
+Pagination.displayName = 'Pagination';
+
+const PaginationContent = React.forwardRef<
+    HTMLUListElement,
+    React.ComponentProps<'ul'>
+>(({ className, ...props }, ref) => (
+    <ul
+        ref={ref}
+        className={cn('flex flex-row items-center gap-1', className)}
+        {...props}
+    />
+));
+PaginationContent.displayName = 'PaginationContent';
+
+const PaginationItem = React.forwardRef<
+    HTMLLIElement,
+    React.ComponentProps<'li'>
+>(({ className, ...props }, ref) => (
+    <li ref={ref} className={cn('', className)} {...props} />
+));
+PaginationItem.displayName = 'PaginationItem';
+
+type PaginationLinkProps = {
+    isActive?: boolean
+} & Pick<ButtonProps, 'size'> &
+    React.ComponentProps<'a'>
+
+const PaginationLink = ({
+                            className,
+                            isActive,
+                            size = 'icon',
+                            ...props
+                        }: PaginationLinkProps) => (
+    <a
+        aria-current={isActive ? 'page' : undefined}
+        className={cn(
+            buttonVariants({
+                variant: isActive ? 'outline' : 'ghost',
+                size,
+            }),
+            className,
+        )}
+        {...props}
+    />
+);
+PaginationLink.displayName = 'PaginationLink';
+
+const PaginationPrevious = ({
+                                className,
+                                ...props
+                            }: React.ComponentProps<typeof PaginationLink>) => (
+    <PaginationLink
+        aria-label="Go to previous page"
+        size="default"
+        className={cn('gap-1 pl-2.5', className)}
+        {...props}
+    >
+        <ChevronLeft className="h-4 w-4"/>
+        <span>Previous</span>
+    </PaginationLink>
+);
+PaginationPrevious.displayName = 'PaginationPrevious';
+
+const PaginationNext = ({
+                            className,
+                            ...props
+                        }: React.ComponentProps<typeof PaginationLink>) => (
+    <PaginationLink
+        aria-label="Go to next page"
+        size="default"
+        className={cn('gap-1 pr-2.5', className)}
+        {...props}
+    >
+        <span>Next</span>
+        <ChevronRight className="h-4 w-4"/>
+    </PaginationLink>
+);
+PaginationNext.displayName = 'PaginationNext';
+
+const PaginationEllipsis = ({
+                                className,
+                                ...props
+                            }: React.ComponentProps<'span'>) => (
+    <span
+        aria-hidden
+        className={cn('flex h-9 w-9 items-center justify-center', className)}
+        {...props}
+    >
+    <MoreHorizontal className="h-4 w-4"/>
+    <span className="sr-only">More pages</span>
+  </span>
+);
+PaginationEllipsis.displayName = 'PaginationEllipsis';
+
+export {
+    Pagination,
+    PaginationContent,
+    PaginationEllipsis,
+    PaginationItem,
+    PaginationLink,
+    PaginationNext,
+    PaginationPrevious,
+};
-- 
2.45.3


From 5e01a7f50f0ec9b2a5c1b738b0e3b99a3a1a5636 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 13:29:19 +0100
Subject: [PATCH 51/66] NORY-45: fix search input value lost on reload

---
 dashboard/src/app/(inside)/user/page.tsx  | 5 ++++-
 dashboard/src/components/search-input.tsx | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/dashboard/src/app/(inside)/user/page.tsx b/dashboard/src/app/(inside)/user/page.tsx
index c1acd7e..fe2d034 100644
--- a/dashboard/src/app/(inside)/user/page.tsx
+++ b/dashboard/src/app/(inside)/user/page.tsx
@@ -29,7 +29,10 @@ export default async function UserPage(
                 </p>
             </div>
             <div className="space-y-2">
-                <SearchInput queryParamKey="query" placeholder="Search for identifiers (Email, Username...)"/>
+                <SearchInput
+                    value={query}
+                    queryParamKey="query"
+                    placeholder="Search for identifiers (Email, Username...)"/>
                 <IdentityDataTable
                     data={initialData}
                     page={page}
diff --git a/dashboard/src/components/search-input.tsx b/dashboard/src/components/search-input.tsx
index fa6be17..600c566 100644
--- a/dashboard/src/components/search-input.tsx
+++ b/dashboard/src/components/search-input.tsx
@@ -5,13 +5,14 @@ import { useRouter, useSearchParams } from 'next/navigation';
 import { ChangeEvent, HTMLInputTypeAttribute } from 'react';
 
 interface SearchInputProps {
+    value: string;
     placeholder: string;
     queryParamKey: string;
     type?: HTMLInputTypeAttribute;
     className?: string;
 }
 
-export function SearchInput({ placeholder, queryParamKey, type, className }: SearchInputProps) {
+export function SearchInput({ value, placeholder, queryParamKey, type, className }: SearchInputProps) {
 
     const router = useRouter();
     const params = useSearchParams();
@@ -32,6 +33,7 @@ export function SearchInput({ placeholder, queryParamKey, type, className }: Sea
 
     return (
         <Input
+            value={value}
             type={type ?? 'text'}
             placeholder={placeholder}
             className={className}
-- 
2.45.3


From 2d2c02144649bf35dcdd9337f261c5fffef80ca2 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 13:30:14 +0100
Subject: [PATCH 52/66] NORY-45: prepare custom query for pagination

---
 dashboard/src/app/(inside)/user/page.tsx |  6 ++---
 dashboard/src/lib/action/identity.ts     | 28 ++++++++++++++++++++----
 2 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/dashboard/src/app/(inside)/user/page.tsx b/dashboard/src/app/(inside)/user/page.tsx
index fe2d034..92eee5e 100644
--- a/dashboard/src/app/(inside)/user/page.tsx
+++ b/dashboard/src/app/(inside)/user/page.tsx
@@ -16,9 +16,9 @@ export default async function UserPage(
     const page = params.page ? Number(params.page) : 1;
     const query = params.query ? params.query as string : '';
 
-    let pageSize = 250;
+    let pageSize = 50;
 
-    const initialData = await queryIdentities({ page, pageSize, query });
+    const { data, pageCount } = await queryIdentities({ page, pageSize, query });
 
     return (
         <div className="space-y-4">
@@ -34,7 +34,7 @@ export default async function UserPage(
                     queryParamKey="query"
                     placeholder="Search for identifiers (Email, Username...)"/>
                 <IdentityDataTable
-                    data={initialData}
+                    data={data}
                     page={page}
                     query={query}/>
             </div>
diff --git a/dashboard/src/lib/action/identity.ts b/dashboard/src/lib/action/identity.ts
index 9e1054c..4a93084 100644
--- a/dashboard/src/lib/action/identity.ts
+++ b/dashboard/src/lib/action/identity.ts
@@ -15,14 +15,14 @@ import { eq, ilike, or, sql } from 'drizzle-orm';
 
 interface QueryIdentitiesProps {
     page: number,
-    pageSize?: number,
+    pageSize: number,
     query?: string,
 }
 
 export async function queryIdentities({ page, pageSize, query }: QueryIdentitiesProps) {
 
     const db = await getDB();
-    const results = await db.select()
+    const result = await db.select()
         .from(identities)
         .leftJoin(identityVerifiableAddresses, eq(identities.id, identityVerifiableAddresses.identityId))
         .leftJoin(identityRecoveryAddresses, eq(identities.id, identityRecoveryAddresses.identityId))
@@ -30,14 +30,34 @@ export async function queryIdentities({ page, pageSize, query }: QueryIdentities
             sql`${identities.traits}::text ILIKE
             ${`%${query}%`}`,
             ilike(identityVerifiableAddresses.value, `%${query}%`),
-        ));
+        ))
+        .limit(pageSize)
+        .offset((page - 1) * pageSize);
 
-    return results.map((it) => {
+    const resultCount = await db.$count(
+        db.select()
+            .from(identities)
+            .leftJoin(identityVerifiableAddresses, eq(identities.id, identityVerifiableAddresses.identityId))
+            .leftJoin(identityRecoveryAddresses, eq(identities.id, identityRecoveryAddresses.identityId))
+            .where(or(
+                sql`${identities.traits}::text ILIKE
+                ${`%${query}%`}`,
+                ilike(identityVerifiableAddresses.value, `%${query}%`),
+            ))
+            .as('subquery'),
+    );
+
+    const resultTyped = result.map((it) => {
         const typed = it.identities as unknown as Identity;
         typed.verifiable_addresses = [it.identity_verifiable_addresses] as unknown as VerifiableIdentityAddress[];
         typed.recovery_addresses = [it.identity_verifiable_addresses] as unknown as RecoveryIdentityAddress[];
         return typed;
     });
+
+    return {
+        data: resultTyped,
+        pageCount: Math.ceil(resultCount / pageSize),
+    };
 }
 
 
-- 
2.45.3


From 9defc8a391afc36a927f2728f768faefd83c46e9 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 14:47:27 +0100
Subject: [PATCH 53/66] NORY-41: add new pagination

---
 dashboard/src/app/(inside)/user/page.tsx  |  10 ++-
 dashboard/src/components/pagination.tsx   | 101 ++++++++++++++++++++++
 dashboard/src/components/search-input.tsx |   5 +-
 dashboard/src/lib/action/identity.ts      |   8 ++
 4 files changed, 122 insertions(+), 2 deletions(-)
 create mode 100644 dashboard/src/components/pagination.tsx

diff --git a/dashboard/src/app/(inside)/user/page.tsx b/dashboard/src/app/(inside)/user/page.tsx
index 92eee5e..2c4b825 100644
--- a/dashboard/src/app/(inside)/user/page.tsx
+++ b/dashboard/src/app/(inside)/user/page.tsx
@@ -2,6 +2,7 @@ import React from 'react';
 import { IdentityDataTable } from '@/app/(inside)/user/data-table';
 import { SearchInput } from '@/components/search-input';
 import { queryIdentities } from '@/lib/action/identity';
+import { IdentityPagination } from '@/components/pagination';
 
 export default async function UserPage(
     {
@@ -17,6 +18,7 @@ export default async function UserPage(
     const query = params.query ? params.query as string : '';
 
     let pageSize = 50;
+    let paginationRange = 11;
 
     const { data, pageCount } = await queryIdentities({ page, pageSize, query });
 
@@ -31,12 +33,18 @@ export default async function UserPage(
             <div className="space-y-2">
                 <SearchInput
                     value={query}
+                    pageParamKey="page"
                     queryParamKey="query"
-                    placeholder="Search for identifiers (Email, Username...)"/>
+                    placeholder="Search for addresses and traits"/>
                 <IdentityDataTable
                     data={data}
                     page={page}
                     query={query}/>
+                <IdentityPagination
+                    page={page}
+                    pageCount={pageCount}
+                    pageParamKey="page"
+                    paginationRange={paginationRange}/>
             </div>
         </div>
     );
diff --git a/dashboard/src/components/pagination.tsx b/dashboard/src/components/pagination.tsx
new file mode 100644
index 0000000..6e16bc2
--- /dev/null
+++ b/dashboard/src/components/pagination.tsx
@@ -0,0 +1,101 @@
+'use client';
+
+import {
+    Pagination,
+    PaginationContent,
+    PaginationEllipsis,
+    PaginationItem,
+    PaginationLink,
+    PaginationNext,
+    PaginationPrevious,
+} from '@/components/ui/pagination';
+import { usePathname, useSearchParams } from 'next/navigation';
+
+interface IdentityPaginationProps {
+    page: number;
+    pageCount: number;
+    pageParamKey: string;
+    paginationRange: number;
+}
+
+export function IdentityPagination(
+    {
+        page,
+        pageCount,
+        pageParamKey,
+        paginationRange,
+    }: IdentityPaginationProps,
+) {
+
+    const pathname = usePathname();
+    const searchParams = useSearchParams();
+
+    function updatePage(page: number): string {
+        const newParams = new URLSearchParams(searchParams.toString());
+
+        if (page <= 1) {
+            newParams.delete(pageParamKey);
+        } else {
+            newParams.set(pageParamKey, page.toString());
+        }
+
+        return pathname + '?' + newParams.toString();
+    }
+
+    return (
+        <Pagination>
+            <PaginationContent>
+                {
+                    page > 1 && (
+                        <PaginationItem key={'previous'}>
+                            <PaginationPrevious
+
+                                href={updatePage(page - 1)}/>
+                        </PaginationItem>
+                    )
+                }
+                {
+                    page - (paginationRange / 2) > 1 &&
+                    <PaginationItem key={'ellipsis-previous'}>
+                        <PaginationEllipsis/>
+                    </PaginationItem>
+                }
+                {
+                    Array.from({ length: paginationRange }, (_, i) => {
+
+                        const difference = (i + 1) - Math.round(paginationRange / 2);
+                        const nextPage = page + difference;
+
+                        if (nextPage < 1 || nextPage > pageCount) {
+                            return;
+                        }
+
+                        return (
+                            <PaginationItem key={nextPage}>
+                                <PaginationLink
+                                    href={updatePage(nextPage)}
+                                    isActive={page === nextPage}
+                                >
+                                    {nextPage}
+                                </PaginationLink>
+                            </PaginationItem>
+                        );
+                    })
+                }
+                {
+                    page + (paginationRange / 2) < pageCount &&
+                    <PaginationItem key={'ellipsis-next'}>
+                        <PaginationEllipsis/>
+                    </PaginationItem>
+                }
+                {
+                    page < pageCount && (
+                        <PaginationItem key={'next'}>
+                            <PaginationNext href={updatePage(page + 1)}/>
+                        </PaginationItem>
+                    )
+                }
+            </PaginationContent>
+        </Pagination>
+    );
+}
\ No newline at end of file
diff --git a/dashboard/src/components/search-input.tsx b/dashboard/src/components/search-input.tsx
index 600c566..d40dd65 100644
--- a/dashboard/src/components/search-input.tsx
+++ b/dashboard/src/components/search-input.tsx
@@ -7,12 +7,13 @@ import { ChangeEvent, HTMLInputTypeAttribute } from 'react';
 interface SearchInputProps {
     value: string;
     placeholder: string;
+    pageParamKey: string;
     queryParamKey: string;
     type?: HTMLInputTypeAttribute;
     className?: string;
 }
 
-export function SearchInput({ value, placeholder, queryParamKey, type, className }: SearchInputProps) {
+export function SearchInput({ value, placeholder, pageParamKey, queryParamKey, type, className }: SearchInputProps) {
 
     const router = useRouter();
     const params = useSearchParams();
@@ -28,6 +29,8 @@ export function SearchInput({ value, placeholder, queryParamKey, type, className
             newParams.set(queryParamKey, value);
         }
 
+        newParams.delete(pageParamKey);
+
         router.replace('?' + newParams.toString());
     };
 
diff --git a/dashboard/src/lib/action/identity.ts b/dashboard/src/lib/action/identity.ts
index 4a93084..f8ff2b0 100644
--- a/dashboard/src/lib/action/identity.ts
+++ b/dashboard/src/lib/action/identity.ts
@@ -21,6 +21,13 @@ interface QueryIdentitiesProps {
 
 export async function queryIdentities({ page, pageSize, query }: QueryIdentitiesProps) {
 
+    if (page < 1 || pageSize < 1) {
+        return {
+            data: [],
+            pageCount: 0,
+        };
+    }
+
     const db = await getDB();
     const result = await db.select()
         .from(identities)
@@ -31,6 +38,7 @@ export async function queryIdentities({ page, pageSize, query }: QueryIdentities
             ${`%${query}%`}`,
             ilike(identityVerifiableAddresses.value, `%${query}%`),
         ))
+        .orderBy(identities.id)
         .limit(pageSize)
         .offset((page - 1) * pageSize);
 
-- 
2.45.3


From 836096b04151d7ef5aa687a7bba03a43c815f577 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 14:59:05 +0100
Subject: [PATCH 54/66] NORY-41: add identity id to query

---
 dashboard/src/lib/action/identity.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/dashboard/src/lib/action/identity.ts b/dashboard/src/lib/action/identity.ts
index f8ff2b0..f4ab65d 100644
--- a/dashboard/src/lib/action/identity.ts
+++ b/dashboard/src/lib/action/identity.ts
@@ -34,6 +34,8 @@ export async function queryIdentities({ page, pageSize, query }: QueryIdentities
         .leftJoin(identityVerifiableAddresses, eq(identities.id, identityVerifiableAddresses.identityId))
         .leftJoin(identityRecoveryAddresses, eq(identities.id, identityRecoveryAddresses.identityId))
         .where(or(
+            sql`${identities.id}::text ILIKE
+            ${`%${query}%`}`,
             sql`${identities.traits}::text ILIKE
             ${`%${query}%`}`,
             ilike(identityVerifiableAddresses.value, `%${query}%`),
@@ -48,6 +50,8 @@ export async function queryIdentities({ page, pageSize, query }: QueryIdentities
             .leftJoin(identityVerifiableAddresses, eq(identities.id, identityVerifiableAddresses.identityId))
             .leftJoin(identityRecoveryAddresses, eq(identities.id, identityRecoveryAddresses.identityId))
             .where(or(
+                sql`${identities.id}::text ILIKE
+                ${`%${query}%`}`,
                 sql`${identities.traits}::text ILIKE
                 ${`%${query}%`}`,
                 ilike(identityVerifiableAddresses.value, `%${query}%`),
@@ -64,6 +68,7 @@ export async function queryIdentities({ page, pageSize, query }: QueryIdentities
 
     return {
         data: resultTyped,
+        itemCount: resultCount,
         pageCount: Math.ceil(resultCount / pageSize),
     };
 }
-- 
2.45.3


From e92828b9cf582cdb68b86f97a69a277bc077abcf Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 14:59:32 +0100
Subject: [PATCH 55/66] NORY-41: show result count above identity table

---
 dashboard/src/app/(inside)/user/page.tsx | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/dashboard/src/app/(inside)/user/page.tsx b/dashboard/src/app/(inside)/user/page.tsx
index 2c4b825..efb1095 100644
--- a/dashboard/src/app/(inside)/user/page.tsx
+++ b/dashboard/src/app/(inside)/user/page.tsx
@@ -20,7 +20,7 @@ export default async function UserPage(
     let pageSize = 50;
     let paginationRange = 11;
 
-    const { data, pageCount } = await queryIdentities({ page, pageSize, query });
+    const { data, itemCount, pageCount } = await queryIdentities({ page, pageSize, query });
 
     return (
         <div className="space-y-4">
@@ -36,10 +36,13 @@ export default async function UserPage(
                     pageParamKey="page"
                     queryParamKey="query"
                     placeholder="Search for addresses and traits"/>
-                <IdentityDataTable
-                    data={data}
-                    page={page}
-                    query={query}/>
+                <div>
+                    <p className="text-xs text-neutral-500">{itemCount} item{itemCount && itemCount > 1 ? 's' : ''} found</p>
+                    <IdentityDataTable
+                        data={data}
+                        page={page}
+                        query={query}/>
+                </div>
                 <IdentityPagination
                     page={page}
                     pageCount={pageCount}
-- 
2.45.3


From 8032f11d3064eba62a95e111db5d97ba4032856e Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 14:59:59 +0100
Subject: [PATCH 56/66] NORY-41: refactor search to react on "enter" pressed

---
 dashboard/src/components/search-input.tsx | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/dashboard/src/components/search-input.tsx b/dashboard/src/components/search-input.tsx
index d40dd65..50e2d6a 100644
--- a/dashboard/src/components/search-input.tsx
+++ b/dashboard/src/components/search-input.tsx
@@ -2,7 +2,7 @@
 
 import { Input } from '@/components/ui/input';
 import { useRouter, useSearchParams } from 'next/navigation';
-import { ChangeEvent, HTMLInputTypeAttribute } from 'react';
+import { HTMLInputTypeAttribute, useState } from 'react';
 
 interface SearchInputProps {
     value: string;
@@ -18,9 +18,10 @@ export function SearchInput({ value, placeholder, pageParamKey, queryParamKey, t
     const router = useRouter();
     const params = useSearchParams();
 
-    const onSearchChange = (event: ChangeEvent<HTMLInputElement>) => {
+    const [searchInput, setSearchInput] = useState(value);
+
+    const onSearchChange = (value: string) => {
 
-        const value = event.target.value;
         const newParams = new URLSearchParams(params.toString());
 
         if (value.length < 1) {
@@ -34,12 +35,19 @@ export function SearchInput({ value, placeholder, pageParamKey, queryParamKey, t
         router.replace('?' + newParams.toString());
     };
 
+    const handleKeyDown = (event: React.KeyboardEvent<HTMLInputElement>) => {
+        if (event.key === 'Enter') {
+            onSearchChange(searchInput);
+        }
+    };
+
     return (
         <Input
-            value={value}
+            value={searchInput}
             type={type ?? 'text'}
             placeholder={placeholder}
             className={className}
-            onChange={onSearchChange}/>
+            onChange={(e) => setSearchInput(e.target.value)}
+            onKeyDown={handleKeyDown}/>
     );
 }
-- 
2.45.3


From a4957fc6275520e1a4a15606036a4d9d223f1388 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sat, 4 Jan 2025 15:26:04 +0100
Subject: [PATCH 57/66] NORY-41: refactor drizzle schema to match snake_case
 @ory/client types

---
 dashboard/drizzle/schema.ts          | 1261 +++++++++++++-------------
 dashboard/src/db/convert-case.ts     |   18 +
 dashboard/src/db/schema.ts           |  539 +++++------
 dashboard/src/lib/action/identity.ts |   14 +-
 4 files changed, 926 insertions(+), 906 deletions(-)
 create mode 100644 dashboard/src/db/convert-case.ts

diff --git a/dashboard/drizzle/schema.ts b/dashboard/drizzle/schema.ts
index 4aa73e5..4bd317b 100644
--- a/dashboard/drizzle/schema.ts
+++ b/dashboard/drizzle/schema.ts
@@ -1,713 +1,714 @@
 import {
-	boolean,
-	char,
-	check,
-	foreignKey,
-	index,
-	integer,
-	json,
-	jsonb,
-	pgTable,
-	text,
-	timestamp,
-	unique,
-	uniqueIndex,
-	uuid,
-	varchar,
+    boolean,
+    char,
+    check,
+    foreignKey,
+    index,
+    integer,
+    json,
+    jsonb,
+    pgTable,
+    text,
+    timestamp,
+    unique,
+    uniqueIndex,
+    uuid,
+    varchar,
 } from 'drizzle-orm/pg-core';
 import { sql } from 'drizzle-orm';
 
-export const schemaMigration = pgTable('schema_migration', {
-	version: varchar({ length: 48 }).notNull(),
-	versionSelf: integer('version_self').default(0).notNull(),
+export const schema_migration = pgTable('schema_migration', {
+    version: varchar({ length: 48 }).notNull(),
+    version_self: integer('version_self').default(0).notNull(),
 }, (table) => [
-	uniqueIndex('schema_migration_version_idx').using('btree', table.version.asc().nullsLast().op('text_ops')),
-	index('schema_migration_version_self_idx').using('btree', table.versionSelf.asc().nullsLast().op('int4_ops')),
+    uniqueIndex('schema_migration_version_idx').using('btree', table.version.asc().nullsLast().op('text_ops')),
+    index('schema_migration_version_self_idx').using('btree', table.version_self.asc().nullsLast().op('int4_ops')),
 ]);
 
-export const identityCredentials = pgTable('identity_credentials', {
-	id: uuid().primaryKey().notNull(),
-	config: jsonb().notNull(),
-	identityCredentialTypeId: uuid('identity_credential_type_id').notNull(),
-	identityId: uuid('identity_id').notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	nid: uuid(),
-	version: integer().default(0).notNull(),
+export const identity_credentials = pgTable('identity_credentials', {
+    id: uuid().primaryKey().notNull(),
+    config: jsonb().notNull(),
+    identity_credential_type_id: uuid('identity_credential_type_id').notNull(),
+    identity_id: uuid('identity_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
+    version: integer().default(0).notNull(),
 }, (table) => [
-	index('identity_credentials_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_credentials_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	index('identity_credentials_nid_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.identityId],
-		foreignColumns: [identities.id],
-		name: 'identity_credentials_identity_id_fkey',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.identityCredentialTypeId],
-		foreignColumns: [identityCredentialTypes.id],
-		name: 'identity_credentials_identity_credential_type_id_fkey',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'identity_credentials_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('identity_credentials_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_credentials_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('identity_credentials_nid_identity_id_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identity_id],
+        foreignColumns: [identities.id],
+        name: 'identity_credentials_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.identity_credential_type_id],
+        foreignColumns: [identity_credential_types.id],
+        name: 'identity_credentials_identity_credential_type_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_credentials_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityCredentialTypes = pgTable('identity_credential_types', {
-	id: uuid().primaryKey().notNull(),
-	name: varchar({ length: 32 }).notNull(),
+export const identity_credential_types = pgTable('identity_credential_types', {
+    id: uuid().primaryKey().notNull(),
+    name: varchar({ length: 32 }).notNull(),
 }, (table) => [
-	uniqueIndex('identity_credential_types_name_idx').using('btree', table.name.asc().nullsLast().op('text_ops')),
+    uniqueIndex('identity_credential_types_name_idx').using('btree', table.name.asc().nullsLast().op('text_ops')),
 ]);
 
-export const selfserviceLoginFlows = pgTable('selfservice_login_flows', {
-	id: uuid().primaryKey().notNull(),
-	requestUrl: text('request_url').notNull(),
-	issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-	activeMethod: varchar('active_method', { length: 32 }).notNull(),
-	csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	forced: boolean().default(false).notNull(),
-	type: varchar({ length: 16 }).default('browser').notNull(),
-	ui: jsonb(),
-	nid: uuid(),
-	requestedAal: varchar('requested_aal', { length: 4 }).default('aal1').notNull(),
-	internalContext: jsonb('internal_context').notNull(),
-	oauth2LoginChallenge: uuid('oauth2_login_challenge'),
-	oauth2LoginChallengeData: text('oauth2_login_challenge_data'),
-	state: varchar({ length: 255 }),
-	submitCount: integer('submit_count').default(0).notNull(),
-	organizationId: uuid('organization_id'),
+export const selfservice_login_flows = pgTable('selfservice_login_flows', {
+    id: uuid().primaryKey().notNull(),
+    request_url: text('request_url').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    active_method: varchar('active_method', { length: 32 }).notNull(),
+    csrf_token: varchar('csrf_token', { length: 255 }).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    forced: boolean().default(false).notNull(),
+    type: varchar({ length: 16 }).default('browser').notNull(),
+    ui: jsonb(),
+    nid: uuid(),
+    requested_aal: varchar('requested_aal', { length: 4 }).default('aal1').notNull(),
+    internal_context: jsonb('internal_context').notNull(),
+    oauth2login_challenge: uuid('oauth2_login_challenge'),
+    oauth2login_challenge_data: text('oauth2_login_challenge_data'),
+    state: varchar({ length: 255 }),
+    submit_count: integer('submit_count').default(0).notNull(),
+    organization_id: uuid('organization_id'),
 }, (table) => [
-	index('selfservice_login_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('selfservice_login_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'selfservice_login_flows_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('selfservice_login_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_login_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'selfservice_login_flows_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
 export const networks = pgTable('networks', {
-	id: uuid().primaryKey().notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    id: uuid().primaryKey().notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
 });
 
-export const selfserviceRegistrationFlows = pgTable('selfservice_registration_flows', {
-	id: uuid().primaryKey().notNull(),
-	requestUrl: text('request_url').notNull(),
-	issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-	activeMethod: varchar('active_method', { length: 32 }).notNull(),
-	csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	type: varchar({ length: 16 }).default('browser').notNull(),
-	ui: jsonb(),
-	nid: uuid(),
-	internalContext: jsonb('internal_context').notNull(),
-	oauth2LoginChallenge: uuid('oauth2_login_challenge'),
-	oauth2LoginChallengeData: text('oauth2_login_challenge_data'),
-	state: varchar({ length: 255 }),
-	submitCount: integer('submit_count').default(0).notNull(),
-	organizationId: uuid('organization_id'),
+export const selfservice_registration_flows = pgTable('selfservice_registration_flows', {
+    id: uuid().primaryKey().notNull(),
+    request_url: text('request_url').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    active_method: varchar('active_method', { length: 32 }).notNull(),
+    csrf_token: varchar('csrf_token', { length: 255 }).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    type: varchar({ length: 16 }).default('browser').notNull(),
+    ui: jsonb(),
+    nid: uuid(),
+    internal_context: jsonb('internal_context').notNull(),
+    oauth2login_challenge: uuid('oauth2_login_challenge'),
+    oauth2login_challenge_data: text('oauth2_login_challenge_data'),
+    state: varchar({ length: 255 }),
+    submit_count: integer('submit_count').default(0).notNull(),
+    organization_id: uuid('organization_id'),
 }, (table) => [
-	index('selfservice_registration_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('selfservice_registration_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'selfservice_registration_flows_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('selfservice_registration_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_registration_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'selfservice_registration_flows_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
 export const identities = pgTable('identities', {
-	id: uuid().primaryKey().notNull(),
-	schemaId: varchar('schema_id', { length: 2048 }).notNull(),
-	traits: jsonb().notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	nid: uuid(),
-	state: varchar({ length: 255 }).default('active').notNull(),
-	stateChangedAt: timestamp('state_changed_at', { mode: 'string' }),
-	metadataPublic: jsonb('metadata_public'),
-	metadataAdmin: jsonb('metadata_admin'),
-	availableAal: varchar('available_aal', { length: 4 }),
-	organizationId: uuid('organization_id'),
+    id: uuid().primaryKey().notNull(),
+    schema_id: varchar('schema_id', { length: 2048 }).notNull(),
+    traits: jsonb().notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
+    state: varchar({ length: 255 }).default('active').notNull(),
+    state_changed_at: timestamp('state_changed_at', { mode: 'string' }),
+    metadata_public: jsonb('metadata_public'),
+    metadata_admin: jsonb('metadata_admin'),
+    available_aal: varchar('available_aal', { length: 4 }),
+    organization_id: uuid('organization_id'),
 }, (table) => [
-	index('identities_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identities_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'identities_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('identities_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identities_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identities_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityCredentialIdentifiers = pgTable('identity_credential_identifiers', {
-	id: uuid().primaryKey().notNull(),
-	identifier: varchar({ length: 255 }).notNull(),
-	identityCredentialId: uuid('identity_credential_id').notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	nid: uuid(),
-	identityCredentialTypeId: uuid('identity_credential_type_id').notNull(),
+export const identity_credential_identifiers = pgTable('identity_credential_identifiers', {
+    id: uuid().primaryKey().notNull(),
+    identifier: varchar({ length: 255 }).notNull(),
+    identity_credential_id: uuid('identity_credential_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
+    identity_credential_type_id: uuid('identity_credential_type_id').notNull(),
 }, (table) => [
-	index('identity_credential_identifiers_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	uniqueIndex('identity_credential_identifiers_identifier_nid_type_uq_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.identityCredentialTypeId.asc().nullsLast().op('uuid_ops'), table.identifier.asc().nullsLast().op('uuid_ops')),
-	index('identity_credential_identifiers_nid_i_ici_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.identifier.asc().nullsLast().op('text_ops'), table.identityCredentialId.asc().nullsLast().op('text_ops')),
-	index('identity_credential_identifiers_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	index('identity_credential_identifiers_nid_identity_credential_id_idx').using('btree', table.identityCredentialId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.identityCredentialId],
-		foreignColumns: [identityCredentials.id],
-		name: 'identity_credential_identifiers_identity_credential_id_fkey',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'identity_credential_identifiers_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
-	foreignKey({
-		columns: [table.identityCredentialTypeId],
-		foreignColumns: [identityCredentialTypes.id],
-		name: 'identity_credential_identifiers_type_id_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('identity_credential_identifiers_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    uniqueIndex('identity_credential_identifiers_identifier_nid_type_uq_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.identity_credential_type_id.asc().nullsLast().op('uuid_ops'), table.identifier.asc().nullsLast().op('uuid_ops')),
+    index('identity_credential_identifiers_nid_i_ici_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.identifier.asc().nullsLast().op('text_ops'), table.identity_credential_id.asc().nullsLast().op('text_ops')),
+    index('identity_credential_identifiers_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('identity_credential_identifiers_nid_identity_credential_id_idx').using('btree', table.identity_credential_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identity_credential_id],
+        foreignColumns: [identity_credentials.id],
+        name: 'identity_credential_identifiers_identity_credential_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_credential_identifiers_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+    foreignKey({
+        columns: [table.identity_credential_type_id],
+        foreignColumns: [identity_credential_types.id],
+        name: 'identity_credential_identifiers_type_id_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityVerifiableAddresses = pgTable('identity_verifiable_addresses', {
-	id: uuid().primaryKey().notNull(),
-	status: varchar({ length: 16 }).notNull(),
-	via: varchar({ length: 16 }).notNull(),
-	verified: boolean().notNull(),
-	value: varchar({ length: 400 }).notNull(),
-	verifiedAt: timestamp('verified_at', { mode: 'string' }),
-	identityId: uuid('identity_id').notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	nid: uuid(),
+export const identity_verifiable_addresses = pgTable('identity_verifiable_addresses', {
+    id: uuid().primaryKey().notNull(),
+    status: varchar({ length: 16 }).notNull(),
+    via: varchar({ length: 16 }).notNull(),
+    verified: boolean().notNull(),
+    value: varchar({ length: 400 }).notNull(),
+    verified_at: timestamp('verified_at', { mode: 'string' }),
+    identity_id: uuid('identity_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
 }, (table) => [
-	index('identity_verifiable_addresses_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_verifiable_addresses_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	index('identity_verifiable_addresses_nid_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_verifiable_addresses_status_via_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('text_ops')),
-	uniqueIndex('identity_verifiable_addresses_status_via_uq_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.identityId],
-		foreignColumns: [identities.id],
-		name: 'identity_verifiable_addresses_identity_id_fkey',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'identity_verifiable_addresses_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('identity_verifiable_addresses_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_verifiable_addresses_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('identity_verifiable_addresses_nid_identity_id_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_verifiable_addresses_status_via_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('text_ops')),
+    uniqueIndex('identity_verifiable_addresses_status_via_uq_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identity_id],
+        foreignColumns: [identities.id],
+        name: 'identity_verifiable_addresses_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_verifiable_addresses_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const courierMessages = pgTable('courier_messages', {
-	id: uuid().primaryKey().notNull(),
-	type: integer().notNull(),
-	status: integer().notNull(),
-	body: text().notNull(),
-	subject: varchar({ length: 255 }).notNull(),
-	recipient: varchar({ length: 255 }).notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	templateType: varchar('template_type', { length: 255 }).default('').notNull(),
-	// TODO: failed to parse database type 'bytea'
-	templateData: varchar('template_data'),
-	nid: uuid(),
-	sendCount: integer('send_count').default(0).notNull(),
-	channel: varchar({ length: 32 }),
+export const courier_messages = pgTable('courier_messages', {
+    id: uuid().primaryKey().notNull(),
+    type: integer().notNull(),
+    status: integer().notNull(),
+    body: text().notNull(),
+    subject: varchar({ length: 255 }).notNull(),
+    recipient: varchar({ length: 255 }).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    template_type: varchar('template_type', { length: 255 }).default('').notNull(),
+    // todo: failed to parse database type 'bytea'
+    template_data: varchar('template_data'),
+    nid: uuid(),
+    send_count: integer('send_count').default(0).notNull(),
+    channel: varchar({ length: 32 }),
 }, (table) => [
-	index('courier_messages_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('courier_messages_nid_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('timestamp_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops')),
-	index('courier_messages_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	index('courier_messages_nid_recipient_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('timestamp_ops'), table.recipient.asc().nullsLast().op('text_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops')),
-	index('courier_messages_nid_status_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.status.asc().nullsLast().op('timestamp_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops')),
-	index('courier_messages_status_idx').using('btree', table.status.asc().nullsLast().op('int4_ops')),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'courier_messages_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('courier_messages_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('courier_messages_nid_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('timestamp_ops'), table.created_at.desc().nullsFirst().op('uuid_ops')),
+    index('courier_messages_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('courier_messages_nid_recipient_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('timestamp_ops'), table.recipient.asc().nullsLast().op('text_ops'), table.created_at.desc().nullsFirst().op('uuid_ops')),
+    index('courier_messages_nid_status_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.status.asc().nullsLast().op('timestamp_ops'), table.created_at.desc().nullsFirst().op('uuid_ops')),
+    index('courier_messages_status_idx').using('btree', table.status.asc().nullsLast().op('int4_ops')),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'courier_messages_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const selfserviceErrors = pgTable('selfservice_errors', {
-	id: uuid().primaryKey().notNull(),
-	errors: jsonb().notNull(),
-	seenAt: timestamp('seen_at', { mode: 'string' }),
-	wasSeen: boolean('was_seen').notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	csrfToken: varchar('csrf_token', { length: 255 }).default('').notNull(),
-	nid: uuid(),
+export const selfservice_errors = pgTable('selfservice_errors', {
+    id: uuid().primaryKey().notNull(),
+    errors: jsonb().notNull(),
+    seen_at: timestamp('seen_at', { mode: 'string' }),
+    was_seen: boolean('was_seen').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    csrf_token: varchar('csrf_token', { length: 255 }).default('').notNull(),
+    nid: uuid(),
 }, (table) => [
-	index('selfservice_errors_errors_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'selfservice_errors_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('selfservice_errors_errors_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'selfservice_errors_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const selfserviceVerificationFlows = pgTable('selfservice_verification_flows', {
-	id: uuid().primaryKey().notNull(),
-	requestUrl: text('request_url').notNull(),
-	issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-	csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	type: varchar({ length: 16 }).default('browser').notNull(),
-	state: varchar({ length: 255 }).default('show_form').notNull(),
-	activeMethod: varchar('active_method', { length: 32 }),
-	ui: jsonb(),
-	nid: uuid(),
-	submitCount: integer('submit_count').default(0).notNull(),
-	oauth2LoginChallenge: text('oauth2_login_challenge'),
-	sessionId: uuid('session_id'),
-	identityId: uuid('identity_id'),
-	authenticationMethods: json('authentication_methods'),
+export const selfservice_verification_flows = pgTable('selfservice_verification_flows', {
+    id: uuid().primaryKey().notNull(),
+    request_url: text('request_url').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    csrf_token: varchar('csrf_token', { length: 255 }).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    type: varchar({ length: 16 }).default('browser').notNull(),
+    state: varchar({ length: 255 }).default('show_form').notNull(),
+    active_method: varchar('active_method', { length: 32 }),
+    ui: jsonb(),
+    nid: uuid(),
+    submit_count: integer('submit_count').default(0).notNull(),
+    oauth2login_challenge: text('oauth2_login_challenge'),
+    session_id: uuid('session_id'),
+    identity_id: uuid('identity_id'),
+    authentication_methods: json('authentication_methods'),
 }, (table) => [
-	index('selfservice_verification_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('selfservice_verification_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'selfservice_verification_flows_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('selfservice_verification_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_verification_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'selfservice_verification_flows_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const selfserviceSettingsFlows = pgTable('selfservice_settings_flows', {
-	id: uuid().primaryKey().notNull(),
-	requestUrl: text('request_url').notNull(),
-	issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-	identityId: uuid('identity_id').notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	activeMethod: varchar('active_method', { length: 32 }),
-	state: varchar({ length: 255 }).default('show_form').notNull(),
-	type: varchar({ length: 16 }).default('browser').notNull(),
-	ui: jsonb(),
-	nid: uuid(),
-	internalContext: jsonb('internal_context').notNull(),
+export const selfservice_settings_flows = pgTable('selfservice_settings_flows', {
+    id: uuid().primaryKey().notNull(),
+    request_url: text('request_url').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    identity_id: uuid('identity_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    active_method: varchar('active_method', { length: 32 }),
+    state: varchar({ length: 255 }).default('show_form').notNull(),
+    type: varchar({ length: 16 }).default('browser').notNull(),
+    ui: jsonb(),
+    nid: uuid(),
+    internal_context: jsonb('internal_context').notNull(),
 }, (table) => [
-	index('selfservice_settings_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('selfservice_settings_flows_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('selfservice_settings_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.identityId],
-		foreignColumns: [identities.id],
-		name: 'selfservice_profile_management_requests_identity_id_fkey',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'selfservice_settings_flows_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('selfservice_settings_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_settings_flows_identity_id_nid_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_settings_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identity_id],
+        foreignColumns: [identities.id],
+        name: 'selfservice_profile_management_requests_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'selfservice_settings_flows_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const continuityContainers = pgTable('continuity_containers', {
-	id: uuid().primaryKey().notNull(),
-	identityId: uuid('identity_id'),
-	name: varchar({ length: 255 }).notNull(),
-	payload: jsonb(),
-	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	nid: uuid(),
+export const continuity_containers = pgTable('continuity_containers', {
+    id: uuid().primaryKey().notNull(),
+    identity_id: uuid('identity_id'),
+    name: varchar({ length: 255 }).notNull(),
+    payload: jsonb(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
 }, (table) => [
-	index('continuity_containers_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('continuity_containers_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('continuity_containers_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.identityId],
-		foreignColumns: [identities.id],
-		name: 'continuity_containers_identity_id_fkey',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'continuity_containers_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('continuity_containers_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('continuity_containers_identity_id_nid_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('continuity_containers_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identity_id],
+        foreignColumns: [identities.id],
+        name: 'continuity_containers_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'continuity_containers_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
 export const sessions = pgTable('sessions', {
-	id: uuid().primaryKey().notNull(),
-	issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-	authenticatedAt: timestamp('authenticated_at', { mode: 'string' }).notNull(),
-	identityId: uuid('identity_id').notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	token: varchar({ length: 39 }),
-	active: boolean().default(false),
-	nid: uuid(),
-	logoutToken: varchar('logout_token', { length: 39 }),
-	aal: varchar({ length: 4 }).default('aal1').notNull(),
-	authenticationMethods: jsonb('authentication_methods').notNull(),
+    id: uuid().primaryKey().notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    authenticated_at: timestamp('authenticated_at', { mode: 'string' }).notNull(),
+    identity_id: uuid('identity_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    token: varchar({ length: 39 }),
+    active: boolean().default(false),
+    nid: uuid(),
+    logout_token: varchar('logout_token', { length: 39 }),
+    aal: varchar({ length: 4 }).default('aal1').notNull(),
+    authentication_methods: jsonb('authentication_methods').notNull(),
 }, (table) => [
-	index('sessions_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('sessions_identity_id_nid_sorted_idx').using('btree', table.identityId.asc().nullsLast().op('timestamp_ops'), table.nid.asc().nullsLast().op('timestamp_ops'), table.authenticatedAt.desc().nullsFirst().op('uuid_ops')),
-	uniqueIndex('sessions_logout_token_uq_idx').using('btree', table.logoutToken.asc().nullsLast().op('text_ops')),
-	index('sessions_nid_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	index('sessions_nid_id_identity_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.identityId.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	index('sessions_token_nid_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.token.asc().nullsLast().op('text_ops')),
-	uniqueIndex('sessions_token_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
-	foreignKey({
-		columns: [table.identityId],
-		foreignColumns: [identities.id],
-		name: 'sessions_identity_id_fkey',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'sessions_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('sessions_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('sessions_identity_id_nid_sorted_idx').using('btree', table.identity_id.asc().nullsLast().op('timestamp_ops'), table.nid.asc().nullsLast().op('timestamp_ops'), table.authenticated_at.desc().nullsFirst().op('uuid_ops')),
+    uniqueIndex('sessions_logout_token_uq_idx').using('btree', table.logout_token.asc().nullsLast().op('text_ops')),
+    index('sessions_nid_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.created_at.desc().nullsFirst().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('sessions_nid_id_identity_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.identity_id.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('sessions_token_nid_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.token.asc().nullsLast().op('text_ops')),
+    uniqueIndex('sessions_token_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
+    foreignKey({
+        columns: [table.identity_id],
+        foreignColumns: [identities.id],
+        name: 'sessions_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'sessions_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityRecoveryAddresses = pgTable('identity_recovery_addresses', {
-	id: uuid().primaryKey().notNull(),
-	via: varchar({ length: 16 }).notNull(),
-	value: varchar({ length: 400 }).notNull(),
-	identityId: uuid('identity_id').notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	nid: uuid(),
+export const identity_recovery_addresses = pgTable('identity_recovery_addresses', {
+    id: uuid().primaryKey().notNull(),
+    via: varchar({ length: 16 }).notNull(),
+    value: varchar({ length: 400 }).notNull(),
+    identity_id: uuid('identity_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
 }, (table) => [
-	index('identity_recovery_addresses_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_recovery_addresses_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	index('identity_recovery_addresses_nid_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_recovery_addresses_status_via_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('text_ops')),
-	uniqueIndex('identity_recovery_addresses_status_via_uq_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.identityId],
-		foreignColumns: [identities.id],
-		name: 'identity_recovery_addresses_identity_id_fkey',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'identity_recovery_addresses_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('identity_recovery_addresses_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_addresses_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_addresses_nid_identity_id_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_addresses_status_via_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('text_ops')),
+    uniqueIndex('identity_recovery_addresses_status_via_uq_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identity_id],
+        foreignColumns: [identities.id],
+        name: 'identity_recovery_addresses_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_recovery_addresses_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityVerificationTokens = pgTable('identity_verification_tokens', {
-	id: uuid().primaryKey().notNull(),
-	token: varchar({ length: 64 }).notNull(),
-	used: boolean().default(false).notNull(),
-	usedAt: timestamp('used_at', { mode: 'string' }),
-	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-	issuedAt: timestamp('issued_at', { mode: 'string' }).notNull(),
-	identityVerifiableAddressId: uuid('identity_verifiable_address_id').notNull(),
-	selfserviceVerificationFlowId: uuid('selfservice_verification_flow_id').notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	nid: uuid(),
+export const identity_verification_tokens = pgTable('identity_verification_tokens', {
+    id: uuid().primaryKey().notNull(),
+    token: varchar({ length: 64 }).notNull(),
+    used: boolean().default(false).notNull(),
+    used_at: timestamp('used_at', { mode: 'string' }),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).notNull(),
+    identity_verifiable_address_id: uuid('identity_verifiable_address_id').notNull(),
+    selfservice_verification_flow_id: uuid('selfservice_verification_flow_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid(),
 }, (table) => [
-	index('identity_verification_tokens_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_verification_tokens_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	index('identity_verification_tokens_token_nid_used_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.token.asc().nullsLast().op('bool_ops'), table.used.asc().nullsLast().op('text_ops'), table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
-	uniqueIndex('identity_verification_tokens_token_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
-	index('identity_verification_tokens_verifiable_address_id_idx').using('btree', table.identityVerifiableAddressId.asc().nullsLast().op('uuid_ops')),
-	index('identity_verification_tokens_verification_flow_id_idx').using('btree', table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.identityVerifiableAddressId],
-		foreignColumns: [identityVerifiableAddresses.id],
-		name: 'identity_verification_tokens_identity_verifiable_address_i_fkey',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.selfserviceVerificationFlowId],
-		foreignColumns: [selfserviceVerificationFlows.id],
-		name: 'identity_verification_tokens_selfservice_verification_flow_fkey',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'identity_verification_tokens_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('identity_verification_tokens_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_tokens_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_tokens_token_nid_used_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.token.asc().nullsLast().op('bool_ops'), table.used.asc().nullsLast().op('text_ops'), table.selfservice_verification_flow_id.asc().nullsLast().op('uuid_ops')),
+    uniqueIndex('identity_verification_tokens_token_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
+    index('identity_verification_tokens_verifiable_address_id_idx').using('btree', table.identity_verifiable_address_id.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_tokens_verification_flow_id_idx').using('btree', table.selfservice_verification_flow_id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identity_verifiable_address_id],
+        foreignColumns: [identity_verifiable_addresses.id],
+        name: 'identity_verification_tokens_identity_verifiable_address_i_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.selfservice_verification_flow_id],
+        foreignColumns: [selfservice_verification_flows.id],
+        name: 'identity_verification_tokens_selfservice_verification_flow_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_verification_tokens_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const selfserviceRecoveryFlows = pgTable('selfservice_recovery_flows', {
-	id: uuid().primaryKey().notNull(),
-	requestUrl: text('request_url').notNull(),
-	issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-	expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-	activeMethod: varchar('active_method', { length: 32 }),
-	csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
-	state: varchar({ length: 32 }).notNull(),
-	recoveredIdentityId: uuid('recovered_identity_id'),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	type: varchar({ length: 16 }).default('browser').notNull(),
-	ui: jsonb(),
-	nid: uuid(),
-	submitCount: integer('submit_count').default(0).notNull(),
-	skipCsrfCheck: boolean('skip_csrf_check').default(false).notNull(),
+export const selfservice_recovery_flows = pgTable('selfservice_recovery_flows', {
+    id: uuid().primaryKey().notNull(),
+    request_url: text('request_url').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    active_method: varchar('active_method', { length: 32 }),
+    csrf_token: varchar('csrf_token', { length: 255 }).notNull(),
+    state: varchar({ length: 32 }).notNull(),
+    recovered_identity_id: uuid('recovered_identity_id'),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    type: varchar({ length: 16 }).default('browser').notNull(),
+    ui: jsonb(),
+    nid: uuid(),
+    submit_count: integer('submit_count').default(0).notNull(),
+    skip_csrf_check: boolean('skip_csrf_check').default(false).notNull(),
 }, (table) => [
-	index('selfservice_recovery_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('selfservice_recovery_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	index('selfservice_recovery_flows_recovered_identity_id_nid_idx').using('btree', table.recoveredIdentityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.recoveredIdentityId],
-		foreignColumns: [identities.id],
-		name: 'selfservice_recovery_requests_recovered_identity_id_fkey',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'selfservice_recovery_flows_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('selfservice_recovery_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_recovery_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_recovery_flows_recovered_identity_id_nid_idx').using('btree', table.recovered_identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.recovered_identity_id],
+        foreignColumns: [identities.id],
+        name: 'selfservice_recovery_requests_recovered_identity_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'selfservice_recovery_flows_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityRecoveryTokens = pgTable('identity_recovery_tokens', {
-	id: uuid().primaryKey().notNull(),
-	token: varchar({ length: 64 }).notNull(),
-	used: boolean().default(false).notNull(),
-	usedAt: timestamp('used_at', { mode: 'string' }),
-	identityRecoveryAddressId: uuid('identity_recovery_address_id'),
-	selfserviceRecoveryFlowId: uuid('selfservice_recovery_flow_id'),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-	issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-	nid: uuid(),
-	identityId: uuid('identity_id').notNull(),
-	tokenType: integer('token_type').default(0).notNull(),
+export const identity_recovery_tokens = pgTable('identity_recovery_tokens', {
+    id: uuid().primaryKey().notNull(),
+    token: varchar({ length: 64 }).notNull(),
+    used: boolean().default(false).notNull(),
+    used_at: timestamp('used_at', { mode: 'string' }),
+    identity_recovery_address_id: uuid('identity_recovery_address_id'),
+    selfservice_recovery_flow_id: uuid('selfservice_recovery_flow_id'),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    nid: uuid(),
+    identity_id: uuid('identity_id').notNull(),
+    token_type: integer('token_type').default(0).notNull(),
 }, (table) => [
-	uniqueIndex('identity_recovery_addresses_code_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
-	index('identity_recovery_tokens_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_recovery_tokens_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_recovery_tokens_identity_recovery_address_id_idx').using('btree', table.identityRecoveryAddressId.asc().nullsLast().op('uuid_ops')),
-	index('identity_recovery_tokens_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-	index('identity_recovery_tokens_selfservice_recovery_flow_id_idx').using('btree', table.selfserviceRecoveryFlowId.asc().nullsLast().op('uuid_ops')),
-	index('identity_recovery_tokens_token_nid_used_idx').using('btree', table.nid.asc().nullsLast().op('bool_ops'), table.token.asc().nullsLast().op('text_ops'), table.used.asc().nullsLast().op('bool_ops')),
-	foreignKey({
-		columns: [table.selfserviceRecoveryFlowId],
-		foreignColumns: [selfserviceRecoveryFlows.id],
-		name: 'identity_recovery_tokens_selfservice_recovery_request_id_fkey',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'identity_recovery_tokens_nid_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
-	foreignKey({
-		columns: [table.identityRecoveryAddressId],
-		foreignColumns: [identityRecoveryAddresses.id],
-		name: 'identity_recovery_tokens_identity_recovery_address_id_fkey',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.identityId],
-		foreignColumns: [identities.id],
-		name: 'identity_recovery_tokens_identity_id_fk_idx',
-	}).onUpdate('restrict').onDelete('cascade'),
-	check('identity_recovery_tokens_token_type_ck', sql`(token_type = 1)
-														OR (token_type = 2)`),
+    uniqueIndex('identity_recovery_addresses_code_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
+    index('identity_recovery_tokens_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_tokens_identity_id_nid_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_tokens_identity_recovery_address_id_idx').using('btree', table.identity_recovery_address_id.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_tokens_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_tokens_selfservice_recovery_flow_id_idx').using('btree', table.selfservice_recovery_flow_id.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_tokens_token_nid_used_idx').using('btree', table.nid.asc().nullsLast().op('bool_ops'), table.token.asc().nullsLast().op('text_ops'), table.used.asc().nullsLast().op('bool_ops')),
+    foreignKey({
+        columns: [table.selfservice_recovery_flow_id],
+        foreignColumns: [selfservice_recovery_flows.id],
+        name: 'identity_recovery_tokens_selfservice_recovery_request_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_recovery_tokens_nid_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+    foreignKey({
+        columns: [table.identity_recovery_address_id],
+        foreignColumns: [identity_recovery_addresses.id],
+        name: 'identity_recovery_tokens_identity_recovery_address_id_fkey',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.identity_id],
+        foreignColumns: [identities.id],
+        name: 'identity_recovery_tokens_identity_id_fk_idx',
+    }).onUpdate('restrict').onDelete('cascade'),
+    check('identity_recovery_tokens_token_type_ck', sql`(token_type = 1)
+                                                        or
+        (token_type = 2)`),
 ]);
 
-export const identityRecoveryCodes = pgTable('identity_recovery_codes', {
-	id: uuid().primaryKey().notNull(),
-	code: varchar({ length: 64 }).notNull(),
-	usedAt: timestamp('used_at', { mode: 'string' }),
-	identityRecoveryAddressId: uuid('identity_recovery_address_id'),
-	codeType: integer('code_type').notNull(),
-	expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-	issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-	selfserviceRecoveryFlowId: uuid('selfservice_recovery_flow_id').notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	nid: uuid().notNull(),
-	identityId: uuid('identity_id').notNull(),
+export const identity_recovery_codes = pgTable('identity_recovery_codes', {
+    id: uuid().primaryKey().notNull(),
+    code: varchar({ length: 64 }).notNull(),
+    used_at: timestamp('used_at', { mode: 'string' }),
+    identity_recovery_address_id: uuid('identity_recovery_address_id'),
+    code_type: integer('code_type').notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    selfservice_recovery_flow_id: uuid('selfservice_recovery_flow_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid().notNull(),
+    identity_id: uuid('identity_id').notNull(),
 }, (table) => [
-	index('identity_recovery_codes_flow_id_idx').using('btree', table.selfserviceRecoveryFlowId.asc().nullsLast().op('uuid_ops')),
-	index('identity_recovery_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_recovery_codes_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_recovery_codes_identity_recovery_address_id_nid_idx').using('btree', table.identityRecoveryAddressId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_recovery_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceRecoveryFlowId.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.identityRecoveryAddressId],
-		foreignColumns: [identityRecoveryAddresses.id],
-		name: 'identity_recovery_codes_identity_recovery_addresses_id_fk',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.selfserviceRecoveryFlowId],
-		foreignColumns: [selfserviceRecoveryFlows.id],
-		name: 'identity_recovery_codes_selfservice_recovery_flows_id_fk',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.identityId],
-		foreignColumns: [identities.id],
-		name: 'identity_recovery_codes_identity_id_fk',
-	}).onUpdate('restrict').onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'identity_recovery_codes_networks_id_fk',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('identity_recovery_codes_flow_id_idx').using('btree', table.selfservice_recovery_flow_id.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_codes_identity_id_nid_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_codes_identity_recovery_address_id_nid_idx').using('btree', table.identity_recovery_address_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfservice_recovery_flow_id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identity_recovery_address_id],
+        foreignColumns: [identity_recovery_addresses.id],
+        name: 'identity_recovery_codes_identity_recovery_addresses_id_fk',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.selfservice_recovery_flow_id],
+        foreignColumns: [selfservice_recovery_flows.id],
+        name: 'identity_recovery_codes_selfservice_recovery_flows_id_fk',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.identity_id],
+        foreignColumns: [identities.id],
+        name: 'identity_recovery_codes_identity_id_fk',
+    }).onUpdate('restrict').onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_recovery_codes_networks_id_fk',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const sessionDevices = pgTable('session_devices', {
-	id: uuid().primaryKey().notNull(),
-	ipAddress: varchar('ip_address', { length: 50 }).default(''),
-	userAgent: varchar('user_agent', { length: 512 }).default(''),
-	location: varchar({ length: 512 }).default(''),
-	nid: uuid().notNull(),
-	sessionId: uuid('session_id').notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+export const session_devices = pgTable('session_devices', {
+    id: uuid().primaryKey().notNull(),
+    ip_address: varchar('ip_address', { length: 50 }).default(''),
+    user_agent: varchar('user_agent', { length: 512 }).default(''),
+    location: varchar({ length: 512 }).default(''),
+    nid: uuid().notNull(),
+    session_id: uuid('session_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
 }, (table) => [
-	index('session_devices_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('session_devices_session_id_nid_idx').using('btree', table.sessionId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.sessionId],
-		foreignColumns: [sessions.id],
-		name: 'session_metadata_sessions_id_fk',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'session_metadata_nid_fk',
-	}).onDelete('cascade'),
-	unique('unique_session_device').on(table.ipAddress, table.userAgent, table.nid, table.sessionId),
+    index('session_devices_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('session_devices_session_id_nid_idx').using('btree', table.session_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.session_id],
+        foreignColumns: [sessions.id],
+        name: 'session_metadata_sessions_id_fk',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'session_metadata_nid_fk',
+    }).onDelete('cascade'),
+    unique('unique_session_device').on(table.ip_address, table.user_agent, table.nid, table.session_id),
 ]);
 
-export const identityVerificationCodes = pgTable('identity_verification_codes', {
-	id: uuid().primaryKey().notNull(),
-	codeHmac: varchar('code_hmac', { length: 64 }).notNull(),
-	usedAt: timestamp('used_at', { mode: 'string' }),
-	identityVerifiableAddressId: uuid('identity_verifiable_address_id'),
-	expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-	issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-	selfserviceVerificationFlowId: uuid('selfservice_verification_flow_id').notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-	nid: uuid().notNull(),
+export const identity_verification_codes = pgTable('identity_verification_codes', {
+    id: uuid().primaryKey().notNull(),
+    code_hmac: varchar('code_hmac', { length: 64 }).notNull(),
+    used_at: timestamp('used_at', { mode: 'string' }),
+    identity_verifiable_address_id: uuid('identity_verifiable_address_id'),
+    expires_at: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    selfservice_verification_flow_id: uuid('selfservice_verification_flow_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    nid: uuid().notNull(),
 }, (table) => [
-	index('identity_verification_codes_flow_id_idx').using('btree', table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
-	index('identity_verification_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_verification_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
-	index('identity_verification_codes_verifiable_address_nid_idx').using('btree', table.identityVerifiableAddressId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.identityVerifiableAddressId],
-		foreignColumns: [identityVerifiableAddresses.id],
-		name: 'identity_verification_codes_identity_verifiable_addresses_id_fk',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.selfserviceVerificationFlowId],
-		foreignColumns: [selfserviceVerificationFlows.id],
-		name: 'identity_verification_codes_selfservice_verification_flows_id_f',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'identity_verification_codes_networks_id_fk',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('identity_verification_codes_flow_id_idx').using('btree', table.selfservice_verification_flow_id.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfservice_verification_flow_id.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_codes_verifiable_address_nid_idx').using('btree', table.identity_verifiable_address_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.identity_verifiable_address_id],
+        foreignColumns: [identity_verifiable_addresses.id],
+        name: 'identity_verification_codes_identity_verifiable_addresses_id_fk',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.selfservice_verification_flow_id],
+        foreignColumns: [selfservice_verification_flows.id],
+        name: 'identity_verification_codes_selfservice_verification_flows_id_f',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_verification_codes_networks_id_fk',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const courierMessageDispatches = pgTable('courier_message_dispatches', {
-	id: uuid().primaryKey().notNull(),
-	messageId: uuid('message_id').notNull(),
-	status: varchar({ length: 7 }).notNull(),
-	error: json(),
-	nid: uuid().notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+export const courier_message_dispatches = pgTable('courier_message_dispatches', {
+    id: uuid().primaryKey().notNull(),
+    message_id: uuid('message_id').notNull(),
+    status: varchar({ length: 7 }).notNull(),
+    error: json(),
+    nid: uuid().notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
 }, (table) => [
-	index('courier_message_dispatches_message_id_idx').using('btree', table.messageId.asc().nullsLast().op('timestamp_ops'), table.createdAt.desc().nullsFirst().op('timestamp_ops')),
-	index('courier_message_dispatches_nid_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.messageId],
-		foreignColumns: [courierMessages.id],
-		name: 'courier_message_dispatches_message_id_fk',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'courier_message_dispatches_nid_fk',
-	}).onDelete('cascade'),
+    index('courier_message_dispatches_message_id_idx').using('btree', table.message_id.asc().nullsLast().op('timestamp_ops'), table.created_at.desc().nullsFirst().op('timestamp_ops')),
+    index('courier_message_dispatches_nid_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.message_id],
+        foreignColumns: [courier_messages.id],
+        name: 'courier_message_dispatches_message_id_fk',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'courier_message_dispatches_nid_fk',
+    }).onDelete('cascade'),
 ]);
 
-export const sessionTokenExchanges = pgTable('session_token_exchanges', {
-	id: uuid().primaryKey().notNull(),
-	nid: uuid().notNull(),
-	flowId: uuid('flow_id').notNull(),
-	sessionId: uuid('session_id'),
-	initCode: varchar('init_code', { length: 64 }).notNull(),
-	returnToCode: varchar('return_to_code', { length: 64 }).notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+export const session_token_exchanges = pgTable('session_token_exchanges', {
+    id: uuid().primaryKey().notNull(),
+    nid: uuid().notNull(),
+    flow_id: uuid('flow_id').notNull(),
+    session_id: uuid('session_id'),
+    init_code: varchar('init_code', { length: 64 }).notNull(),
+    return_to_code: varchar('return_to_code', { length: 64 }).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
 }, (table) => [
-	index('session_token_exchanges_nid_code_idx').using('btree', table.initCode.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('text_ops')),
-	index('session_token_exchanges_nid_flow_id_idx').using('btree', table.flowId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('session_token_exchanges_nid_code_idx').using('btree', table.init_code.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('text_ops')),
+    index('session_token_exchanges_nid_flow_id_idx').using('btree', table.flow_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
 ]);
 
-export const identityLoginCodes = pgTable('identity_login_codes', {
-	id: uuid().primaryKey().notNull(),
-	code: varchar({ length: 64 }).notNull(),
-	address: varchar({ length: 255 }).notNull(),
-	addressType: char('address_type', { length: 36 }).notNull(),
-	usedAt: timestamp('used_at', { mode: 'string' }),
-	expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-	issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-	selfserviceLoginFlowId: uuid('selfservice_login_flow_id').notNull(),
-	identityId: uuid('identity_id').notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-	nid: uuid().notNull(),
+export const identity_login_codes = pgTable('identity_login_codes', {
+    id: uuid().primaryKey().notNull(),
+    code: varchar({ length: 64 }).notNull(),
+    address: varchar({ length: 255 }).notNull(),
+    address_type: char('address_type', { length: 36 }).notNull(),
+    used_at: timestamp('used_at', { mode: 'string' }),
+    expires_at: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    selfservice_login_flow_id: uuid('selfservice_login_flow_id').notNull(),
+    identity_id: uuid('identity_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    nid: uuid().notNull(),
 }, (table) => [
-	index('identity_login_codes_flow_id_idx').using('btree', table.selfserviceLoginFlowId.asc().nullsLast().op('uuid_ops')),
-	index('identity_login_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_login_codes_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops')),
-	index('identity_login_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceLoginFlowId.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.selfserviceLoginFlowId],
-		foreignColumns: [selfserviceLoginFlows.id],
-		name: 'identity_login_codes_selfservice_login_flows_id_fk',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'identity_login_codes_networks_id_fk',
-	}).onUpdate('restrict').onDelete('cascade'),
-	foreignKey({
-		columns: [table.identityId],
-		foreignColumns: [identities.id],
-		name: 'identity_login_codes_identity_id_fk',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('identity_login_codes_flow_id_idx').using('btree', table.selfservice_login_flow_id.asc().nullsLast().op('uuid_ops')),
+    index('identity_login_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_login_codes_identity_id_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops')),
+    index('identity_login_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfservice_login_flow_id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.selfservice_login_flow_id],
+        foreignColumns: [selfservice_login_flows.id],
+        name: 'identity_login_codes_selfservice_login_flows_id_fk',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_login_codes_networks_id_fk',
+    }).onUpdate('restrict').onDelete('cascade'),
+    foreignKey({
+        columns: [table.identity_id],
+        foreignColumns: [identities.id],
+        name: 'identity_login_codes_identity_id_fk',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityRegistrationCodes = pgTable('identity_registration_codes', {
-	id: uuid().primaryKey().notNull(),
-	code: varchar({ length: 64 }).notNull(),
-	address: varchar({ length: 255 }).notNull(),
-	addressType: char('address_type', { length: 36 }).notNull(),
-	usedAt: timestamp('used_at', { mode: 'string' }),
-	expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-	issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-	selfserviceRegistrationFlowId: uuid('selfservice_registration_flow_id').notNull(),
-	createdAt: timestamp('created_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-	updatedAt: timestamp('updated_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-	nid: uuid().notNull(),
+export const identity_registration_codes = pgTable('identity_registration_codes', {
+    id: uuid().primaryKey().notNull(),
+    code: varchar({ length: 64 }).notNull(),
+    address: varchar({ length: 255 }).notNull(),
+    address_type: char('address_type', { length: 36 }).notNull(),
+    used_at: timestamp('used_at', { mode: 'string' }),
+    expires_at: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    selfservice_registration_flow_id: uuid('selfservice_registration_flow_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    nid: uuid().notNull(),
 }, (table) => [
-	index('identity_registration_codes_flow_id_idx').using('btree', table.selfserviceRegistrationFlowId.asc().nullsLast().op('uuid_ops')),
-	index('identity_registration_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-	index('identity_registration_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceRegistrationFlowId.asc().nullsLast().op('uuid_ops')),
-	foreignKey({
-		columns: [table.selfserviceRegistrationFlowId],
-		foreignColumns: [selfserviceRegistrationFlows.id],
-		name: 'identity_registration_codes_selfservice_registration_flows_id_f',
-	}).onDelete('cascade'),
-	foreignKey({
-		columns: [table.nid],
-		foreignColumns: [networks.id],
-		name: 'identity_registration_codes_networks_id_fk',
-	}).onUpdate('restrict').onDelete('cascade'),
+    index('identity_registration_codes_flow_id_idx').using('btree', table.selfservice_registration_flow_id.asc().nullsLast().op('uuid_ops')),
+    index('identity_registration_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_registration_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfservice_registration_flow_id.asc().nullsLast().op('uuid_ops')),
+    foreignKey({
+        columns: [table.selfservice_registration_flow_id],
+        foreignColumns: [selfservice_registration_flows.id],
+        name: 'identity_registration_codes_selfservice_registration_flows_id_f',
+    }).onDelete('cascade'),
+    foreignKey({
+        columns: [table.nid],
+        foreignColumns: [networks.id],
+        name: 'identity_registration_codes_networks_id_fk',
+    }).onUpdate('restrict').onDelete('cascade'),
 ]);
diff --git a/dashboard/src/db/convert-case.ts b/dashboard/src/db/convert-case.ts
new file mode 100644
index 0000000..9f00e61
--- /dev/null
+++ b/dashboard/src/db/convert-case.ts
@@ -0,0 +1,18 @@
+const fs = require('fs');
+const filepath = 'src/db/schema.ts';
+
+const schemaContent = fs.readFileSync(filepath, 'utf-8');
+
+const updatedSchema = schemaContent.replace(/([a-z])([A-Z])/g, '$1_$2').toLowerCase()
+    .replace(/primary_key/g, 'primaryKey')
+    .replace(/unique_index/g, 'uniqueIndex')
+    .replace(/not_null/g, 'notNull')
+    .replace(/nulls_first/g, 'nullsFirst')
+    .replace(/nulls_last/g, 'nullsLast')
+    .replace(/foreign_key/g, 'foreignKey')
+    .replace(/on_update/g, 'onUpdate')
+    .replace(/on_delete/g, 'onDelete')
+    .replace(/pg_table/g, 'pgTable')
+    .replace(/foreign_columns/g, 'foreignColumns');
+
+fs.writeFileSync(filepath, updatedSchema);
diff --git a/dashboard/src/db/schema.ts b/dashboard/src/db/schema.ts
index 5514575..4bd317b 100644
--- a/dashboard/src/db/schema.ts
+++ b/dashboard/src/db/schema.ts
@@ -17,35 +17,35 @@ import {
 } from 'drizzle-orm/pg-core';
 import { sql } from 'drizzle-orm';
 
-export const schemaMigration = pgTable('schema_migration', {
+export const schema_migration = pgTable('schema_migration', {
     version: varchar({ length: 48 }).notNull(),
-    versionSelf: integer('version_self').default(0).notNull(),
+    version_self: integer('version_self').default(0).notNull(),
 }, (table) => [
     uniqueIndex('schema_migration_version_idx').using('btree', table.version.asc().nullsLast().op('text_ops')),
-    index('schema_migration_version_self_idx').using('btree', table.versionSelf.asc().nullsLast().op('int4_ops')),
+    index('schema_migration_version_self_idx').using('btree', table.version_self.asc().nullsLast().op('int4_ops')),
 ]);
 
-export const identityCredentials = pgTable('identity_credentials', {
+export const identity_credentials = pgTable('identity_credentials', {
     id: uuid().primaryKey().notNull(),
     config: jsonb().notNull(),
-    identityCredentialTypeId: uuid('identity_credential_type_id').notNull(),
-    identityId: uuid('identity_id').notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    identity_credential_type_id: uuid('identity_credential_type_id').notNull(),
+    identity_id: uuid('identity_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     nid: uuid(),
     version: integer().default(0).notNull(),
 }, (table) => [
     index('identity_credentials_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     index('identity_credentials_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-    index('identity_credentials_nid_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_credentials_nid_identity_id_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.identityId],
+        columns: [table.identity_id],
         foreignColumns: [identities.id],
         name: 'identity_credentials_identity_id_fkey',
     }).onDelete('cascade'),
     foreignKey({
-        columns: [table.identityCredentialTypeId],
-        foreignColumns: [identityCredentialTypes.id],
+        columns: [table.identity_credential_type_id],
+        foreignColumns: [identity_credential_types.id],
         name: 'identity_credentials_identity_credential_type_id_fkey',
     }).onDelete('cascade'),
     foreignKey({
@@ -55,33 +55,33 @@ export const identityCredentials = pgTable('identity_credentials', {
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityCredentialTypes = pgTable('identity_credential_types', {
+export const identity_credential_types = pgTable('identity_credential_types', {
     id: uuid().primaryKey().notNull(),
     name: varchar({ length: 32 }).notNull(),
 }, (table) => [
     uniqueIndex('identity_credential_types_name_idx').using('btree', table.name.asc().nullsLast().op('text_ops')),
 ]);
 
-export const selfserviceLoginFlows = pgTable('selfservice_login_flows', {
+export const selfservice_login_flows = pgTable('selfservice_login_flows', {
     id: uuid().primaryKey().notNull(),
-    requestUrl: text('request_url').notNull(),
-    issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-    activeMethod: varchar('active_method', { length: 32 }).notNull(),
-    csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    request_url: text('request_url').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    active_method: varchar('active_method', { length: 32 }).notNull(),
+    csrf_token: varchar('csrf_token', { length: 255 }).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     forced: boolean().default(false).notNull(),
     type: varchar({ length: 16 }).default('browser').notNull(),
     ui: jsonb(),
     nid: uuid(),
-    requestedAal: varchar('requested_aal', { length: 4 }).default('aal1').notNull(),
-    internalContext: jsonb('internal_context').notNull(),
-    oauth2LoginChallenge: uuid('oauth2_login_challenge'),
-    oauth2LoginChallengeData: text('oauth2_login_challenge_data'),
+    requested_aal: varchar('requested_aal', { length: 4 }).default('aal1').notNull(),
+    internal_context: jsonb('internal_context').notNull(),
+    oauth2login_challenge: uuid('oauth2_login_challenge'),
+    oauth2login_challenge_data: text('oauth2_login_challenge_data'),
     state: varchar({ length: 255 }),
-    submitCount: integer('submit_count').default(0).notNull(),
-    organizationId: uuid('organization_id'),
+    submit_count: integer('submit_count').default(0).notNull(),
+    organization_id: uuid('organization_id'),
 }, (table) => [
     index('selfservice_login_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     index('selfservice_login_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
@@ -94,28 +94,28 @@ export const selfserviceLoginFlows = pgTable('selfservice_login_flows', {
 
 export const networks = pgTable('networks', {
     id: uuid().primaryKey().notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
 });
 
-export const selfserviceRegistrationFlows = pgTable('selfservice_registration_flows', {
+export const selfservice_registration_flows = pgTable('selfservice_registration_flows', {
     id: uuid().primaryKey().notNull(),
-    requestUrl: text('request_url').notNull(),
-    issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-    activeMethod: varchar('active_method', { length: 32 }).notNull(),
-    csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    request_url: text('request_url').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    active_method: varchar('active_method', { length: 32 }).notNull(),
+    csrf_token: varchar('csrf_token', { length: 255 }).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     type: varchar({ length: 16 }).default('browser').notNull(),
     ui: jsonb(),
     nid: uuid(),
-    internalContext: jsonb('internal_context').notNull(),
-    oauth2LoginChallenge: uuid('oauth2_login_challenge'),
-    oauth2LoginChallengeData: text('oauth2_login_challenge_data'),
+    internal_context: jsonb('internal_context').notNull(),
+    oauth2login_challenge: uuid('oauth2_login_challenge'),
+    oauth2login_challenge_data: text('oauth2_login_challenge_data'),
     state: varchar({ length: 255 }),
-    submitCount: integer('submit_count').default(0).notNull(),
-    organizationId: uuid('organization_id'),
+    submit_count: integer('submit_count').default(0).notNull(),
+    organization_id: uuid('organization_id'),
 }, (table) => [
     index('selfservice_registration_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     index('selfservice_registration_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
@@ -128,17 +128,17 @@ export const selfserviceRegistrationFlows = pgTable('selfservice_registration_fl
 
 export const identities = pgTable('identities', {
     id: uuid().primaryKey().notNull(),
-    schemaId: varchar('schema_id', { length: 2048 }).notNull(),
+    schema_id: varchar('schema_id', { length: 2048 }).notNull(),
     traits: jsonb().notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     nid: uuid(),
     state: varchar({ length: 255 }).default('active').notNull(),
-    stateChangedAt: timestamp('state_changed_at', { mode: 'string' }),
-    metadataPublic: jsonb('metadata_public'),
-    metadataAdmin: jsonb('metadata_admin'),
-    availableAal: varchar('available_aal', { length: 4 }),
-    organizationId: uuid('organization_id'),
+    state_changed_at: timestamp('state_changed_at', { mode: 'string' }),
+    metadata_public: jsonb('metadata_public'),
+    metadata_admin: jsonb('metadata_admin'),
+    available_aal: varchar('available_aal', { length: 4 }),
+    organization_id: uuid('organization_id'),
 }, (table) => [
     index('identities_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     index('identities_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
@@ -149,23 +149,23 @@ export const identities = pgTable('identities', {
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityCredentialIdentifiers = pgTable('identity_credential_identifiers', {
+export const identity_credential_identifiers = pgTable('identity_credential_identifiers', {
     id: uuid().primaryKey().notNull(),
     identifier: varchar({ length: 255 }).notNull(),
-    identityCredentialId: uuid('identity_credential_id').notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    identity_credential_id: uuid('identity_credential_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     nid: uuid(),
-    identityCredentialTypeId: uuid('identity_credential_type_id').notNull(),
+    identity_credential_type_id: uuid('identity_credential_type_id').notNull(),
 }, (table) => [
     index('identity_credential_identifiers_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    uniqueIndex('identity_credential_identifiers_identifier_nid_type_uq_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.identityCredentialTypeId.asc().nullsLast().op('uuid_ops'), table.identifier.asc().nullsLast().op('uuid_ops')),
-    index('identity_credential_identifiers_nid_i_ici_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.identifier.asc().nullsLast().op('text_ops'), table.identityCredentialId.asc().nullsLast().op('text_ops')),
+    uniqueIndex('identity_credential_identifiers_identifier_nid_type_uq_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.identity_credential_type_id.asc().nullsLast().op('uuid_ops'), table.identifier.asc().nullsLast().op('uuid_ops')),
+    index('identity_credential_identifiers_nid_i_ici_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.identifier.asc().nullsLast().op('text_ops'), table.identity_credential_id.asc().nullsLast().op('text_ops')),
     index('identity_credential_identifiers_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-    index('identity_credential_identifiers_nid_identity_credential_id_idx').using('btree', table.identityCredentialId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_credential_identifiers_nid_identity_credential_id_idx').using('btree', table.identity_credential_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.identityCredentialId],
-        foreignColumns: [identityCredentials.id],
+        columns: [table.identity_credential_id],
+        foreignColumns: [identity_credentials.id],
         name: 'identity_credential_identifiers_identity_credential_id_fkey',
     }).onDelete('cascade'),
     foreignKey({
@@ -174,31 +174,31 @@ export const identityCredentialIdentifiers = pgTable('identity_credential_identi
         name: 'identity_credential_identifiers_nid_fk_idx',
     }).onUpdate('restrict').onDelete('cascade'),
     foreignKey({
-        columns: [table.identityCredentialTypeId],
-        foreignColumns: [identityCredentialTypes.id],
+        columns: [table.identity_credential_type_id],
+        foreignColumns: [identity_credential_types.id],
         name: 'identity_credential_identifiers_type_id_fk_idx',
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityVerifiableAddresses = pgTable('identity_verifiable_addresses', {
+export const identity_verifiable_addresses = pgTable('identity_verifiable_addresses', {
     id: uuid().primaryKey().notNull(),
     status: varchar({ length: 16 }).notNull(),
     via: varchar({ length: 16 }).notNull(),
     verified: boolean().notNull(),
     value: varchar({ length: 400 }).notNull(),
-    verifiedAt: timestamp('verified_at', { mode: 'string' }),
-    identityId: uuid('identity_id').notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    verified_at: timestamp('verified_at', { mode: 'string' }),
+    identity_id: uuid('identity_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     nid: uuid(),
 }, (table) => [
     index('identity_verifiable_addresses_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     index('identity_verifiable_addresses_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-    index('identity_verifiable_addresses_nid_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_verifiable_addresses_nid_identity_id_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     index('identity_verifiable_addresses_status_via_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('text_ops')),
     uniqueIndex('identity_verifiable_addresses_status_via_uq_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.identityId],
+        columns: [table.identity_id],
         foreignColumns: [identities.id],
         name: 'identity_verifiable_addresses_identity_id_fkey',
     }).onDelete('cascade'),
@@ -209,27 +209,27 @@ export const identityVerifiableAddresses = pgTable('identity_verifiable_addresse
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const courierMessages = pgTable('courier_messages', {
+export const courier_messages = pgTable('courier_messages', {
     id: uuid().primaryKey().notNull(),
     type: integer().notNull(),
     status: integer().notNull(),
     body: text().notNull(),
     subject: varchar({ length: 255 }).notNull(),
     recipient: varchar({ length: 255 }).notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-    templateType: varchar('template_type', { length: 255 }).default('').notNull(),
-    // TODO: failed to parse database type 'bytea'
-    templateData: varchar('template_data'),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    template_type: varchar('template_type', { length: 255 }).default('').notNull(),
+    // todo: failed to parse database type 'bytea'
+    template_data: varchar('template_data'),
     nid: uuid(),
-    sendCount: integer('send_count').default(0).notNull(),
+    send_count: integer('send_count').default(0).notNull(),
     channel: varchar({ length: 32 }),
 }, (table) => [
     index('courier_messages_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    index('courier_messages_nid_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('timestamp_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops')),
+    index('courier_messages_nid_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('timestamp_ops'), table.created_at.desc().nullsFirst().op('uuid_ops')),
     index('courier_messages_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-    index('courier_messages_nid_recipient_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('timestamp_ops'), table.recipient.asc().nullsLast().op('text_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops')),
-    index('courier_messages_nid_status_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.status.asc().nullsLast().op('timestamp_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops')),
+    index('courier_messages_nid_recipient_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('timestamp_ops'), table.recipient.asc().nullsLast().op('text_ops'), table.created_at.desc().nullsFirst().op('uuid_ops')),
+    index('courier_messages_nid_status_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.status.asc().nullsLast().op('timestamp_ops'), table.created_at.desc().nullsFirst().op('uuid_ops')),
     index('courier_messages_status_idx').using('btree', table.status.asc().nullsLast().op('int4_ops')),
     foreignKey({
         columns: [table.nid],
@@ -238,14 +238,14 @@ export const courierMessages = pgTable('courier_messages', {
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const selfserviceErrors = pgTable('selfservice_errors', {
+export const selfservice_errors = pgTable('selfservice_errors', {
     id: uuid().primaryKey().notNull(),
     errors: jsonb().notNull(),
-    seenAt: timestamp('seen_at', { mode: 'string' }),
-    wasSeen: boolean('was_seen').notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-    csrfToken: varchar('csrf_token', { length: 255 }).default('').notNull(),
+    seen_at: timestamp('seen_at', { mode: 'string' }),
+    was_seen: boolean('was_seen').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    csrf_token: varchar('csrf_token', { length: 255 }).default('').notNull(),
     nid: uuid(),
 }, (table) => [
     index('selfservice_errors_errors_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
@@ -256,24 +256,24 @@ export const selfserviceErrors = pgTable('selfservice_errors', {
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const selfserviceVerificationFlows = pgTable('selfservice_verification_flows', {
+export const selfservice_verification_flows = pgTable('selfservice_verification_flows', {
     id: uuid().primaryKey().notNull(),
-    requestUrl: text('request_url').notNull(),
-    issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-    csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    request_url: text('request_url').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    csrf_token: varchar('csrf_token', { length: 255 }).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     type: varchar({ length: 16 }).default('browser').notNull(),
     state: varchar({ length: 255 }).default('show_form').notNull(),
-    activeMethod: varchar('active_method', { length: 32 }),
+    active_method: varchar('active_method', { length: 32 }),
     ui: jsonb(),
     nid: uuid(),
-    submitCount: integer('submit_count').default(0).notNull(),
-    oauth2LoginChallenge: text('oauth2_login_challenge'),
-    sessionId: uuid('session_id'),
-    identityId: uuid('identity_id'),
-    authenticationMethods: json('authentication_methods'),
+    submit_count: integer('submit_count').default(0).notNull(),
+    oauth2login_challenge: text('oauth2_login_challenge'),
+    session_id: uuid('session_id'),
+    identity_id: uuid('identity_id'),
+    authentication_methods: json('authentication_methods'),
 }, (table) => [
     index('selfservice_verification_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     index('selfservice_verification_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
@@ -284,26 +284,26 @@ export const selfserviceVerificationFlows = pgTable('selfservice_verification_fl
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const selfserviceSettingsFlows = pgTable('selfservice_settings_flows', {
+export const selfservice_settings_flows = pgTable('selfservice_settings_flows', {
     id: uuid().primaryKey().notNull(),
-    requestUrl: text('request_url').notNull(),
-    issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-    identityId: uuid('identity_id').notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-    activeMethod: varchar('active_method', { length: 32 }),
+    request_url: text('request_url').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    identity_id: uuid('identity_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    active_method: varchar('active_method', { length: 32 }),
     state: varchar({ length: 255 }).default('show_form').notNull(),
     type: varchar({ length: 16 }).default('browser').notNull(),
     ui: jsonb(),
     nid: uuid(),
-    internalContext: jsonb('internal_context').notNull(),
+    internal_context: jsonb('internal_context').notNull(),
 }, (table) => [
     index('selfservice_settings_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    index('selfservice_settings_flows_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_settings_flows_identity_id_nid_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     index('selfservice_settings_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.identityId],
+        columns: [table.identity_id],
         foreignColumns: [identities.id],
         name: 'selfservice_profile_management_requests_identity_id_fkey',
     }).onDelete('cascade'),
@@ -314,21 +314,21 @@ export const selfserviceSettingsFlows = pgTable('selfservice_settings_flows', {
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const continuityContainers = pgTable('continuity_containers', {
+export const continuity_containers = pgTable('continuity_containers', {
     id: uuid().primaryKey().notNull(),
-    identityId: uuid('identity_id'),
+    identity_id: uuid('identity_id'),
     name: varchar({ length: 255 }).notNull(),
     payload: jsonb(),
-    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     nid: uuid(),
 }, (table) => [
     index('continuity_containers_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    index('continuity_containers_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('continuity_containers_identity_id_nid_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     index('continuity_containers_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.identityId],
+        columns: [table.identity_id],
         foreignColumns: [identities.id],
         name: 'continuity_containers_identity_id_fkey',
     }).onDelete('cascade'),
@@ -341,28 +341,28 @@ export const continuityContainers = pgTable('continuity_containers', {
 
 export const sessions = pgTable('sessions', {
     id: uuid().primaryKey().notNull(),
-    issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-    authenticatedAt: timestamp('authenticated_at', { mode: 'string' }).notNull(),
-    identityId: uuid('identity_id').notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    authenticated_at: timestamp('authenticated_at', { mode: 'string' }).notNull(),
+    identity_id: uuid('identity_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     token: varchar({ length: 39 }),
     active: boolean().default(false),
     nid: uuid(),
-    logoutToken: varchar('logout_token', { length: 39 }),
+    logout_token: varchar('logout_token', { length: 39 }),
     aal: varchar({ length: 4 }).default('aal1').notNull(),
-    authenticationMethods: jsonb('authentication_methods').notNull(),
+    authentication_methods: jsonb('authentication_methods').notNull(),
 }, (table) => [
     index('sessions_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    index('sessions_identity_id_nid_sorted_idx').using('btree', table.identityId.asc().nullsLast().op('timestamp_ops'), table.nid.asc().nullsLast().op('timestamp_ops'), table.authenticatedAt.desc().nullsFirst().op('uuid_ops')),
-    uniqueIndex('sessions_logout_token_uq_idx').using('btree', table.logoutToken.asc().nullsLast().op('text_ops')),
-    index('sessions_nid_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.createdAt.desc().nullsFirst().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-    index('sessions_nid_id_identity_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.identityId.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('sessions_identity_id_nid_sorted_idx').using('btree', table.identity_id.asc().nullsLast().op('timestamp_ops'), table.nid.asc().nullsLast().op('timestamp_ops'), table.authenticated_at.desc().nullsFirst().op('uuid_ops')),
+    uniqueIndex('sessions_logout_token_uq_idx').using('btree', table.logout_token.asc().nullsLast().op('text_ops')),
+    index('sessions_nid_created_at_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.created_at.desc().nullsFirst().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
+    index('sessions_nid_id_identity_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.identity_id.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
     index('sessions_token_nid_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.token.asc().nullsLast().op('text_ops')),
     uniqueIndex('sessions_token_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
     foreignKey({
-        columns: [table.identityId],
+        columns: [table.identity_id],
         foreignColumns: [identities.id],
         name: 'sessions_identity_id_fkey',
     }).onDelete('cascade'),
@@ -373,22 +373,22 @@ export const sessions = pgTable('sessions', {
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityRecoveryAddresses = pgTable('identity_recovery_addresses', {
+export const identity_recovery_addresses = pgTable('identity_recovery_addresses', {
     id: uuid().primaryKey().notNull(),
     via: varchar({ length: 16 }).notNull(),
     value: varchar({ length: 400 }).notNull(),
-    identityId: uuid('identity_id').notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    identity_id: uuid('identity_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     nid: uuid(),
 }, (table) => [
     index('identity_recovery_addresses_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     index('identity_recovery_addresses_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-    index('identity_recovery_addresses_nid_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_addresses_nid_identity_id_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     index('identity_recovery_addresses_status_via_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('text_ops')),
     uniqueIndex('identity_recovery_addresses_status_via_uq_idx').using('btree', table.nid.asc().nullsLast().op('text_ops'), table.via.asc().nullsLast().op('text_ops'), table.value.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.identityId],
+        columns: [table.identity_id],
         foreignColumns: [identities.id],
         name: 'identity_recovery_addresses_identity_id_fkey',
     }).onDelete('cascade'),
@@ -399,33 +399,33 @@ export const identityRecoveryAddresses = pgTable('identity_recovery_addresses',
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityVerificationTokens = pgTable('identity_verification_tokens', {
+export const identity_verification_tokens = pgTable('identity_verification_tokens', {
     id: uuid().primaryKey().notNull(),
     token: varchar({ length: 64 }).notNull(),
     used: boolean().default(false).notNull(),
-    usedAt: timestamp('used_at', { mode: 'string' }),
-    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-    issuedAt: timestamp('issued_at', { mode: 'string' }).notNull(),
-    identityVerifiableAddressId: uuid('identity_verifiable_address_id').notNull(),
-    selfserviceVerificationFlowId: uuid('selfservice_verification_flow_id').notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    used_at: timestamp('used_at', { mode: 'string' }),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).notNull(),
+    identity_verifiable_address_id: uuid('identity_verifiable_address_id').notNull(),
+    selfservice_verification_flow_id: uuid('selfservice_verification_flow_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     nid: uuid(),
 }, (table) => [
     index('identity_verification_tokens_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     index('identity_verification_tokens_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-    index('identity_verification_tokens_token_nid_used_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.token.asc().nullsLast().op('bool_ops'), table.used.asc().nullsLast().op('text_ops'), table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_tokens_token_nid_used_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.token.asc().nullsLast().op('bool_ops'), table.used.asc().nullsLast().op('text_ops'), table.selfservice_verification_flow_id.asc().nullsLast().op('uuid_ops')),
     uniqueIndex('identity_verification_tokens_token_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
-    index('identity_verification_tokens_verifiable_address_id_idx').using('btree', table.identityVerifiableAddressId.asc().nullsLast().op('uuid_ops')),
-    index('identity_verification_tokens_verification_flow_id_idx').using('btree', table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_tokens_verifiable_address_id_idx').using('btree', table.identity_verifiable_address_id.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_tokens_verification_flow_id_idx').using('btree', table.selfservice_verification_flow_id.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.identityVerifiableAddressId],
-        foreignColumns: [identityVerifiableAddresses.id],
+        columns: [table.identity_verifiable_address_id],
+        foreignColumns: [identity_verifiable_addresses.id],
         name: 'identity_verification_tokens_identity_verifiable_address_i_fkey',
     }).onDelete('cascade'),
     foreignKey({
-        columns: [table.selfserviceVerificationFlowId],
-        foreignColumns: [selfserviceVerificationFlows.id],
+        columns: [table.selfservice_verification_flow_id],
+        foreignColumns: [selfservice_verification_flows.id],
         name: 'identity_verification_tokens_selfservice_verification_flow_fkey',
     }).onDelete('cascade'),
     foreignKey({
@@ -435,28 +435,28 @@ export const identityVerificationTokens = pgTable('identity_verification_tokens'
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const selfserviceRecoveryFlows = pgTable('selfservice_recovery_flows', {
+export const selfservice_recovery_flows = pgTable('selfservice_recovery_flows', {
     id: uuid().primaryKey().notNull(),
-    requestUrl: text('request_url').notNull(),
-    issuedAt: timestamp('issued_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-    expiresAt: timestamp('expires_at', { mode: 'string' }).notNull(),
-    activeMethod: varchar('active_method', { length: 32 }),
-    csrfToken: varchar('csrf_token', { length: 255 }).notNull(),
+    request_url: text('request_url').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).notNull(),
+    active_method: varchar('active_method', { length: 32 }),
+    csrf_token: varchar('csrf_token', { length: 255 }).notNull(),
     state: varchar({ length: 32 }).notNull(),
-    recoveredIdentityId: uuid('recovered_identity_id'),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    recovered_identity_id: uuid('recovered_identity_id'),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     type: varchar({ length: 16 }).default('browser').notNull(),
     ui: jsonb(),
     nid: uuid(),
-    submitCount: integer('submit_count').default(0).notNull(),
-    skipCsrfCheck: boolean('skip_csrf_check').default(false).notNull(),
+    submit_count: integer('submit_count').default(0).notNull(),
+    skip_csrf_check: boolean('skip_csrf_check').default(false).notNull(),
 }, (table) => [
     index('selfservice_recovery_flows_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     index('selfservice_recovery_flows_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-    index('selfservice_recovery_flows_recovered_identity_id_nid_idx').using('btree', table.recoveredIdentityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('selfservice_recovery_flows_recovered_identity_id_nid_idx').using('btree', table.recovered_identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.recoveredIdentityId],
+        columns: [table.recovered_identity_id],
         foreignColumns: [identities.id],
         name: 'selfservice_recovery_requests_recovered_identity_id_fkey',
     }).onDelete('cascade'),
@@ -467,31 +467,31 @@ export const selfserviceRecoveryFlows = pgTable('selfservice_recovery_flows', {
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityRecoveryTokens = pgTable('identity_recovery_tokens', {
+export const identity_recovery_tokens = pgTable('identity_recovery_tokens', {
     id: uuid().primaryKey().notNull(),
     token: varchar({ length: 64 }).notNull(),
     used: boolean().default(false).notNull(),
-    usedAt: timestamp('used_at', { mode: 'string' }),
-    identityRecoveryAddressId: uuid('identity_recovery_address_id'),
-    selfserviceRecoveryFlowId: uuid('selfservice_recovery_flow_id'),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
-    expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-    issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    used_at: timestamp('used_at', { mode: 'string' }),
+    identity_recovery_address_id: uuid('identity_recovery_address_id'),
+    selfservice_recovery_flow_id: uuid('selfservice_recovery_flow_id'),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
     nid: uuid(),
-    identityId: uuid('identity_id').notNull(),
-    tokenType: integer('token_type').default(0).notNull(),
+    identity_id: uuid('identity_id').notNull(),
+    token_type: integer('token_type').default(0).notNull(),
 }, (table) => [
     uniqueIndex('identity_recovery_addresses_code_uq_idx').using('btree', table.token.asc().nullsLast().op('text_ops')),
     index('identity_recovery_tokens_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    index('identity_recovery_tokens_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    index('identity_recovery_tokens_identity_recovery_address_id_idx').using('btree', table.identityRecoveryAddressId.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_tokens_identity_id_nid_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_tokens_identity_recovery_address_id_idx').using('btree', table.identity_recovery_address_id.asc().nullsLast().op('uuid_ops')),
     index('identity_recovery_tokens_nid_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.id.asc().nullsLast().op('uuid_ops')),
-    index('identity_recovery_tokens_selfservice_recovery_flow_id_idx').using('btree', table.selfserviceRecoveryFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_tokens_selfservice_recovery_flow_id_idx').using('btree', table.selfservice_recovery_flow_id.asc().nullsLast().op('uuid_ops')),
     index('identity_recovery_tokens_token_nid_used_idx').using('btree', table.nid.asc().nullsLast().op('bool_ops'), table.token.asc().nullsLast().op('text_ops'), table.used.asc().nullsLast().op('bool_ops')),
     foreignKey({
-        columns: [table.selfserviceRecoveryFlowId],
-        foreignColumns: [selfserviceRecoveryFlows.id],
+        columns: [table.selfservice_recovery_flow_id],
+        foreignColumns: [selfservice_recovery_flows.id],
         name: 'identity_recovery_tokens_selfservice_recovery_request_id_fkey',
     }).onDelete('cascade'),
     foreignKey({
@@ -500,50 +500,51 @@ export const identityRecoveryTokens = pgTable('identity_recovery_tokens', {
         name: 'identity_recovery_tokens_nid_fk_idx',
     }).onUpdate('restrict').onDelete('cascade'),
     foreignKey({
-        columns: [table.identityRecoveryAddressId],
-        foreignColumns: [identityRecoveryAddresses.id],
+        columns: [table.identity_recovery_address_id],
+        foreignColumns: [identity_recovery_addresses.id],
         name: 'identity_recovery_tokens_identity_recovery_address_id_fkey',
     }).onDelete('cascade'),
     foreignKey({
-        columns: [table.identityId],
+        columns: [table.identity_id],
         foreignColumns: [identities.id],
         name: 'identity_recovery_tokens_identity_id_fk_idx',
     }).onUpdate('restrict').onDelete('cascade'),
     check('identity_recovery_tokens_token_type_ck', sql`(token_type = 1)
-                                                        OR (token_type = 2)`),
+                                                        or
+        (token_type = 2)`),
 ]);
 
-export const identityRecoveryCodes = pgTable('identity_recovery_codes', {
+export const identity_recovery_codes = pgTable('identity_recovery_codes', {
     id: uuid().primaryKey().notNull(),
     code: varchar({ length: 64 }).notNull(),
-    usedAt: timestamp('used_at', { mode: 'string' }),
-    identityRecoveryAddressId: uuid('identity_recovery_address_id'),
-    codeType: integer('code_type').notNull(),
-    expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-    issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-    selfserviceRecoveryFlowId: uuid('selfservice_recovery_flow_id').notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    used_at: timestamp('used_at', { mode: 'string' }),
+    identity_recovery_address_id: uuid('identity_recovery_address_id'),
+    code_type: integer('code_type').notNull(),
+    expires_at: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    selfservice_recovery_flow_id: uuid('selfservice_recovery_flow_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     nid: uuid().notNull(),
-    identityId: uuid('identity_id').notNull(),
+    identity_id: uuid('identity_id').notNull(),
 }, (table) => [
-    index('identity_recovery_codes_flow_id_idx').using('btree', table.selfserviceRecoveryFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_codes_flow_id_idx').using('btree', table.selfservice_recovery_flow_id.asc().nullsLast().op('uuid_ops')),
     index('identity_recovery_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    index('identity_recovery_codes_identity_id_nid_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    index('identity_recovery_codes_identity_recovery_address_id_nid_idx').using('btree', table.identityRecoveryAddressId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    index('identity_recovery_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceRecoveryFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_codes_identity_id_nid_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_codes_identity_recovery_address_id_nid_idx').using('btree', table.identity_recovery_address_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_recovery_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfservice_recovery_flow_id.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.identityRecoveryAddressId],
-        foreignColumns: [identityRecoveryAddresses.id],
+        columns: [table.identity_recovery_address_id],
+        foreignColumns: [identity_recovery_addresses.id],
         name: 'identity_recovery_codes_identity_recovery_addresses_id_fk',
     }).onDelete('cascade'),
     foreignKey({
-        columns: [table.selfserviceRecoveryFlowId],
-        foreignColumns: [selfserviceRecoveryFlows.id],
+        columns: [table.selfservice_recovery_flow_id],
+        foreignColumns: [selfservice_recovery_flows.id],
         name: 'identity_recovery_codes_selfservice_recovery_flows_id_fk',
     }).onDelete('cascade'),
     foreignKey({
-        columns: [table.identityId],
+        columns: [table.identity_id],
         foreignColumns: [identities.id],
         name: 'identity_recovery_codes_identity_id_fk',
     }).onUpdate('restrict').onDelete('cascade'),
@@ -554,20 +555,20 @@ export const identityRecoveryCodes = pgTable('identity_recovery_codes', {
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const sessionDevices = pgTable('session_devices', {
+export const session_devices = pgTable('session_devices', {
     id: uuid().primaryKey().notNull(),
-    ipAddress: varchar('ip_address', { length: 50 }).default(''),
-    userAgent: varchar('user_agent', { length: 512 }).default(''),
+    ip_address: varchar('ip_address', { length: 50 }).default(''),
+    user_agent: varchar('user_agent', { length: 512 }).default(''),
     location: varchar({ length: 512 }).default(''),
     nid: uuid().notNull(),
-    sessionId: uuid('session_id').notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    session_id: uuid('session_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
 }, (table) => [
     index('session_devices_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    index('session_devices_session_id_nid_idx').using('btree', table.sessionId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('session_devices_session_id_nid_idx').using('btree', table.session_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.sessionId],
+        columns: [table.session_id],
         foreignColumns: [sessions.id],
         name: 'session_metadata_sessions_id_fk',
     }).onDelete('cascade'),
@@ -576,33 +577,33 @@ export const sessionDevices = pgTable('session_devices', {
         foreignColumns: [networks.id],
         name: 'session_metadata_nid_fk',
     }).onDelete('cascade'),
-    unique('unique_session_device').on(table.ipAddress, table.userAgent, table.nid, table.sessionId),
+    unique('unique_session_device').on(table.ip_address, table.user_agent, table.nid, table.session_id),
 ]);
 
-export const identityVerificationCodes = pgTable('identity_verification_codes', {
+export const identity_verification_codes = pgTable('identity_verification_codes', {
     id: uuid().primaryKey().notNull(),
-    codeHmac: varchar('code_hmac', { length: 64 }).notNull(),
-    usedAt: timestamp('used_at', { mode: 'string' }),
-    identityVerifiableAddressId: uuid('identity_verifiable_address_id'),
-    expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-    issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-    selfserviceVerificationFlowId: uuid('selfservice_verification_flow_id').notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    code_hmac: varchar('code_hmac', { length: 64 }).notNull(),
+    used_at: timestamp('used_at', { mode: 'string' }),
+    identity_verifiable_address_id: uuid('identity_verifiable_address_id'),
+    expires_at: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    selfservice_verification_flow_id: uuid('selfservice_verification_flow_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
     nid: uuid().notNull(),
 }, (table) => [
-    index('identity_verification_codes_flow_id_idx').using('btree', table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_codes_flow_id_idx').using('btree', table.selfservice_verification_flow_id.asc().nullsLast().op('uuid_ops')),
     index('identity_verification_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    index('identity_verification_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceVerificationFlowId.asc().nullsLast().op('uuid_ops')),
-    index('identity_verification_codes_verifiable_address_nid_idx').using('btree', table.identityVerifiableAddressId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfservice_verification_flow_id.asc().nullsLast().op('uuid_ops')),
+    index('identity_verification_codes_verifiable_address_nid_idx').using('btree', table.identity_verifiable_address_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.identityVerifiableAddressId],
-        foreignColumns: [identityVerifiableAddresses.id],
+        columns: [table.identity_verifiable_address_id],
+        foreignColumns: [identity_verifiable_addresses.id],
         name: 'identity_verification_codes_identity_verifiable_addresses_id_fk',
     }).onDelete('cascade'),
     foreignKey({
-        columns: [table.selfserviceVerificationFlowId],
-        foreignColumns: [selfserviceVerificationFlows.id],
+        columns: [table.selfservice_verification_flow_id],
+        foreignColumns: [selfservice_verification_flows.id],
         name: 'identity_verification_codes_selfservice_verification_flows_id_f',
     }).onDelete('cascade'),
     foreignKey({
@@ -612,20 +613,20 @@ export const identityVerificationCodes = pgTable('identity_verification_codes',
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const courierMessageDispatches = pgTable('courier_message_dispatches', {
+export const courier_message_dispatches = pgTable('courier_message_dispatches', {
     id: uuid().primaryKey().notNull(),
-    messageId: uuid('message_id').notNull(),
+    message_id: uuid('message_id').notNull(),
     status: varchar({ length: 7 }).notNull(),
     error: json(),
     nid: uuid().notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
 }, (table) => [
-    index('courier_message_dispatches_message_id_idx').using('btree', table.messageId.asc().nullsLast().op('timestamp_ops'), table.createdAt.desc().nullsFirst().op('timestamp_ops')),
+    index('courier_message_dispatches_message_id_idx').using('btree', table.message_id.asc().nullsLast().op('timestamp_ops'), table.created_at.desc().nullsFirst().op('timestamp_ops')),
     index('courier_message_dispatches_nid_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.messageId],
-        foreignColumns: [courierMessages.id],
+        columns: [table.message_id],
+        foreignColumns: [courier_messages.id],
         name: 'courier_message_dispatches_message_id_fk',
     }).onDelete('cascade'),
     foreignKey({
@@ -635,41 +636,41 @@ export const courierMessageDispatches = pgTable('courier_message_dispatches', {
     }).onDelete('cascade'),
 ]);
 
-export const sessionTokenExchanges = pgTable('session_token_exchanges', {
+export const session_token_exchanges = pgTable('session_token_exchanges', {
     id: uuid().primaryKey().notNull(),
     nid: uuid().notNull(),
-    flowId: uuid('flow_id').notNull(),
-    sessionId: uuid('session_id'),
-    initCode: varchar('init_code', { length: 64 }).notNull(),
-    returnToCode: varchar('return_to_code', { length: 64 }).notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).notNull(),
+    flow_id: uuid('flow_id').notNull(),
+    session_id: uuid('session_id'),
+    init_code: varchar('init_code', { length: 64 }).notNull(),
+    return_to_code: varchar('return_to_code', { length: 64 }).notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).notNull(),
 }, (table) => [
-    index('session_token_exchanges_nid_code_idx').using('btree', table.initCode.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('text_ops')),
-    index('session_token_exchanges_nid_flow_id_idx').using('btree', table.flowId.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
+    index('session_token_exchanges_nid_code_idx').using('btree', table.init_code.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('text_ops')),
+    index('session_token_exchanges_nid_flow_id_idx').using('btree', table.flow_id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
 ]);
 
-export const identityLoginCodes = pgTable('identity_login_codes', {
+export const identity_login_codes = pgTable('identity_login_codes', {
     id: uuid().primaryKey().notNull(),
     code: varchar({ length: 64 }).notNull(),
     address: varchar({ length: 255 }).notNull(),
-    addressType: char('address_type', { length: 36 }).notNull(),
-    usedAt: timestamp('used_at', { mode: 'string' }),
-    expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-    issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-    selfserviceLoginFlowId: uuid('selfservice_login_flow_id').notNull(),
-    identityId: uuid('identity_id').notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    address_type: char('address_type', { length: 36 }).notNull(),
+    used_at: timestamp('used_at', { mode: 'string' }),
+    expires_at: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    selfservice_login_flow_id: uuid('selfservice_login_flow_id').notNull(),
+    identity_id: uuid('identity_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
     nid: uuid().notNull(),
 }, (table) => [
-    index('identity_login_codes_flow_id_idx').using('btree', table.selfserviceLoginFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_login_codes_flow_id_idx').using('btree', table.selfservice_login_flow_id.asc().nullsLast().op('uuid_ops')),
     index('identity_login_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    index('identity_login_codes_identity_id_idx').using('btree', table.identityId.asc().nullsLast().op('uuid_ops')),
-    index('identity_login_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceLoginFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_login_codes_identity_id_idx').using('btree', table.identity_id.asc().nullsLast().op('uuid_ops')),
+    index('identity_login_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfservice_login_flow_id.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.selfserviceLoginFlowId],
-        foreignColumns: [selfserviceLoginFlows.id],
+        columns: [table.selfservice_login_flow_id],
+        foreignColumns: [selfservice_login_flows.id],
         name: 'identity_login_codes_selfservice_login_flows_id_fk',
     }).onDelete('cascade'),
     foreignKey({
@@ -678,31 +679,31 @@ export const identityLoginCodes = pgTable('identity_login_codes', {
         name: 'identity_login_codes_networks_id_fk',
     }).onUpdate('restrict').onDelete('cascade'),
     foreignKey({
-        columns: [table.identityId],
+        columns: [table.identity_id],
         foreignColumns: [identities.id],
         name: 'identity_login_codes_identity_id_fk',
     }).onUpdate('restrict').onDelete('cascade'),
 ]);
 
-export const identityRegistrationCodes = pgTable('identity_registration_codes', {
+export const identity_registration_codes = pgTable('identity_registration_codes', {
     id: uuid().primaryKey().notNull(),
     code: varchar({ length: 64 }).notNull(),
     address: varchar({ length: 255 }).notNull(),
-    addressType: char('address_type', { length: 36 }).notNull(),
-    usedAt: timestamp('used_at', { mode: 'string' }),
-    expiresAt: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-    issuedAt: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
-    selfserviceRegistrationFlowId: uuid('selfservice_registration_flow_id').notNull(),
-    createdAt: timestamp('created_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
-    updatedAt: timestamp('updated_at', { mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+    address_type: char('address_type', { length: 36 }).notNull(),
+    used_at: timestamp('used_at', { mode: 'string' }),
+    expires_at: timestamp('expires_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    issued_at: timestamp('issued_at', { mode: 'string' }).default('2000-01-01 00:00:00').notNull(),
+    selfservice_registration_flow_id: uuid('selfservice_registration_flow_id').notNull(),
+    created_at: timestamp('created_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
+    updated_at: timestamp('updated_at', { mode: 'string' }).default(sql`current_timestamp`).notNull(),
     nid: uuid().notNull(),
 }, (table) => [
-    index('identity_registration_codes_flow_id_idx').using('btree', table.selfserviceRegistrationFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_registration_codes_flow_id_idx').using('btree', table.selfservice_registration_flow_id.asc().nullsLast().op('uuid_ops')),
     index('identity_registration_codes_id_nid_idx').using('btree', table.id.asc().nullsLast().op('uuid_ops'), table.nid.asc().nullsLast().op('uuid_ops')),
-    index('identity_registration_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfserviceRegistrationFlowId.asc().nullsLast().op('uuid_ops')),
+    index('identity_registration_codes_nid_flow_id_idx').using('btree', table.nid.asc().nullsLast().op('uuid_ops'), table.selfservice_registration_flow_id.asc().nullsLast().op('uuid_ops')),
     foreignKey({
-        columns: [table.selfserviceRegistrationFlowId],
-        foreignColumns: [selfserviceRegistrationFlows.id],
+        columns: [table.selfservice_registration_flow_id],
+        foreignColumns: [selfservice_registration_flows.id],
         name: 'identity_registration_codes_selfservice_registration_flows_id_f',
     }).onDelete('cascade'),
     foreignKey({
diff --git a/dashboard/src/lib/action/identity.ts b/dashboard/src/lib/action/identity.ts
index f4ab65d..4ffed77 100644
--- a/dashboard/src/lib/action/identity.ts
+++ b/dashboard/src/lib/action/identity.ts
@@ -10,7 +10,7 @@ import {
     VerifiableIdentityAddress,
 } from '@ory/client';
 import { getDB } from '@/db';
-import { identities, identityRecoveryAddresses, identityVerifiableAddresses } from '@/db/schema';
+import { identities, identity_recovery_addresses, identity_verifiable_addresses } from '@/db/schema';
 import { eq, ilike, or, sql } from 'drizzle-orm';
 
 interface QueryIdentitiesProps {
@@ -31,14 +31,14 @@ export async function queryIdentities({ page, pageSize, query }: QueryIdentities
     const db = await getDB();
     const result = await db.select()
         .from(identities)
-        .leftJoin(identityVerifiableAddresses, eq(identities.id, identityVerifiableAddresses.identityId))
-        .leftJoin(identityRecoveryAddresses, eq(identities.id, identityRecoveryAddresses.identityId))
+        .leftJoin(identity_verifiable_addresses, eq(identities.id, identity_verifiable_addresses.identity_id))
+        .leftJoin(identity_recovery_addresses, eq(identities.id, identity_recovery_addresses.identity_id))
         .where(or(
             sql`${identities.id}::text ILIKE
             ${`%${query}%`}`,
             sql`${identities.traits}::text ILIKE
             ${`%${query}%`}`,
-            ilike(identityVerifiableAddresses.value, `%${query}%`),
+            ilike(identity_verifiable_addresses.value, `%${query}%`),
         ))
         .orderBy(identities.id)
         .limit(pageSize)
@@ -47,14 +47,14 @@ export async function queryIdentities({ page, pageSize, query }: QueryIdentities
     const resultCount = await db.$count(
         db.select()
             .from(identities)
-            .leftJoin(identityVerifiableAddresses, eq(identities.id, identityVerifiableAddresses.identityId))
-            .leftJoin(identityRecoveryAddresses, eq(identities.id, identityRecoveryAddresses.identityId))
+            .leftJoin(identity_verifiable_addresses, eq(identities.id, identity_verifiable_addresses.identity_id))
+            .leftJoin(identity_recovery_addresses, eq(identities.id, identity_recovery_addresses.identity_id))
             .where(or(
                 sql`${identities.id}::text ILIKE
                 ${`%${query}%`}`,
                 sql`${identities.traits}::text ILIKE
                 ${`%${query}%`}`,
-                ilike(identityVerifiableAddresses.value, `%${query}%`),
+                ilike(identity_verifiable_addresses.value, `%${query}%`),
             ))
             .as('subquery'),
     );
-- 
2.45.3


From c9ebf95dd510206b4e2041e530bd935f87df289f Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 27 Dec 2024 13:53:13 +0100
Subject: [PATCH 58/66] NORY-34: rework app sidebar to support multiple groups

---
 dashboard/src/components/app-sidebar.tsx | 135 ++++++++++++++++++-----
 1 file changed, 105 insertions(+), 30 deletions(-)

diff --git a/dashboard/src/components/app-sidebar.tsx b/dashboard/src/components/app-sidebar.tsx
index 7039c7f..ff21f4d 100644
--- a/dashboard/src/components/app-sidebar.tsx
+++ b/dashboard/src/components/app-sidebar.tsx
@@ -5,14 +5,13 @@ import {
     SidebarContent,
     SidebarFooter,
     SidebarGroup,
-    SidebarGroupContent,
     SidebarGroupLabel,
     SidebarMenu,
     SidebarMenuButton,
     SidebarMenuItem,
+    useSidebar,
 } from '@/components/ui/sidebar';
-import { AppWindow, Home, LogOut, Moon, Sun, Users } from 'lucide-react';
-import React from 'react';
+import { AppWindow, ChartLine, FileLock2, Home, LogOut, LucideIcon, Moon, Sun, Users } from 'lucide-react';
 import {
     DropdownMenu,
     DropdownMenuContent,
@@ -21,50 +20,126 @@ import {
 } from '@/components/ui/dropdown-menu';
 import { useTheme } from 'next-themes';
 import { LogoutLink } from '@/ory';
+import React from 'react';
 import Link from 'next/link';
+import { Tooltip, TooltipContent, TooltipTrigger } from '@/components/ui/tooltip';
+
+interface SidebarGroup {
+    type: 'group';
+    label: string;
+    items: SidebarItem[];
+}
+
+interface SidebarItem {
+    type: 'item';
+    label: string;
+    path: string;
+    icon: LucideIcon;
+}
+
+type SidebarContent = SidebarItem | SidebarGroup
+
+function renderSidebarMenuItem(item: SidebarItem, key: number, collapsed: boolean) {
+    return (
+        <Tooltip key={key} delayDuration={500}>
+            <TooltipTrigger asChild>
+                <SidebarMenuItem>
+                    <SidebarMenuButton asChild>
+                        <Link href={item.path}>
+                            <item.icon/>
+                            <span>{item.label}</span>
+                        </Link>
+                    </SidebarMenuButton>
+                </SidebarMenuItem>
+            </TooltipTrigger>
+            <TooltipContent side="right" className={collapsed ? '' : 'hidden'}>
+                {item.label}
+            </TooltipContent>
+        </Tooltip>
+    );
+}
 
 export function AppSidebar({ ...props }: React.ComponentProps<typeof Sidebar>) {
 
     const { setTheme } = useTheme();
 
-    const items = [
+    const { state } = useSidebar();
+
+    const items: SidebarContent[] = [
         {
-            title: 'Home',
-            url: '/',
-            icon: Home,
+            label: 'Application',
+            type: 'group',
+            items: [
+                {
+                    type: 'item',
+                    label: 'Home',
+                    path: '/',
+                    icon: Home,
+                },
+                {
+                    type: 'item',
+                    label: 'Analytics',
+                    path: '/analytics',
+                    icon: ChartLine,
+                },
+            ],
         },
         {
-            title: 'Users',
-            url: '/user',
-            icon: Users,
+            label: 'Ory Kratos',
+            type: 'group',
+            items: [
+                {
+                    type: 'item',
+                    label: 'Users',
+                    path: '/user',
+                    icon: Users,
+                },
+            ],
         },
         {
-            title: 'Applications',
-            url: '/application',
-            icon: AppWindow,
+            label: 'Ory Hydra',
+            type: 'group',
+            items: [
+                {
+                    type: 'item',
+                    label: 'Clients',
+                    path: '/client',
+                    icon: AppWindow,
+                },
+            ],
+        },
+        {
+            label: 'Ory Keto',
+            type: 'group',
+            items: [
+                {
+                    type: 'item',
+                    label: 'Relations',
+                    path: '/relation',
+                    icon: FileLock2,
+                },
+            ],
         },
     ];
 
     return (
         <Sidebar variant="inset" collapsible="icon" {...props}>
             <SidebarContent>
-                <SidebarGroup>
-                    <SidebarGroupLabel>Application</SidebarGroupLabel>
-                    <SidebarGroupContent>
-                        <SidebarMenu>
-                            {items.map((item) => (
-                                <SidebarMenuItem key={item.title}>
-                                    <SidebarMenuButton asChild>
-                                        <Link href={item.url}>
-                                            <item.icon/>
-                                            <span>{item.title}</span>
-                                        </Link>
-                                    </SidebarMenuButton>
-                                </SidebarMenuItem>
-                            ))}
-                        </SidebarMenu>
-                    </SidebarGroupContent>
-                </SidebarGroup>
+                <SidebarMenu>
+                    {items.map((item, index) => {
+                        switch (item.type) {
+                            case 'item':
+                                return renderSidebarMenuItem(item, index, state === 'collapsed');
+                            case 'group':
+                                return (
+                                    <SidebarGroup key={index}>
+                                        <SidebarGroupLabel>{item.label}</SidebarGroupLabel>
+                                        {item.items.map((subItem, subIndex) => renderSidebarMenuItem(subItem, subIndex, state === 'collapsed'))}
+                                    </SidebarGroup>
+                                );
+                        }
+                    })}
+                </SidebarMenu>
             </SidebarContent>
             <SidebarFooter>
                 <SidebarMenu>
-- 
2.45.3


From 502098d8ef8e270fa1a3c35fb58cf3eb9a487103 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 27 Dec 2024 17:10:38 +0100
Subject: [PATCH 59/66] NORY-34: add missing placeholder pages

---
 dashboard/src/app/(inside)/analytics/page.tsx   | 12 ++++++++++++
 dashboard/src/app/(inside)/application/page.tsx |  3 ---
 dashboard/src/app/(inside)/client/page.tsx      | 12 ++++++++++++
 dashboard/src/app/(inside)/relation/page.tsx    | 12 ++++++++++++
 4 files changed, 36 insertions(+), 3 deletions(-)
 create mode 100644 dashboard/src/app/(inside)/analytics/page.tsx
 delete mode 100644 dashboard/src/app/(inside)/application/page.tsx
 create mode 100644 dashboard/src/app/(inside)/client/page.tsx
 create mode 100644 dashboard/src/app/(inside)/relation/page.tsx

diff --git a/dashboard/src/app/(inside)/analytics/page.tsx b/dashboard/src/app/(inside)/analytics/page.tsx
new file mode 100644
index 0000000..e416cc9
--- /dev/null
+++ b/dashboard/src/app/(inside)/analytics/page.tsx
@@ -0,0 +1,12 @@
+export default async function AnalyticsPage() {
+    return (
+        <div className="space-y-4">
+            <div>
+                <p className="text-3xl font-bold leading-tight tracking-tight">Analytics</p>
+                <p className="text-lg font-light">
+                    Part of milestone v0.3.0
+                </p>
+            </div>
+        </div>
+    );
+}
diff --git a/dashboard/src/app/(inside)/application/page.tsx b/dashboard/src/app/(inside)/application/page.tsx
deleted file mode 100644
index eda2025..0000000
--- a/dashboard/src/app/(inside)/application/page.tsx
+++ /dev/null
@@ -1,3 +0,0 @@
-export default async function ApplicationPage() {
-    return <></>;
-}
diff --git a/dashboard/src/app/(inside)/client/page.tsx b/dashboard/src/app/(inside)/client/page.tsx
new file mode 100644
index 0000000..db0117a
--- /dev/null
+++ b/dashboard/src/app/(inside)/client/page.tsx
@@ -0,0 +1,12 @@
+export default async function ListClientPage() {
+    return (
+        <div className="space-y-4">
+            <div>
+                <p className="text-3xl font-bold leading-tight tracking-tight">OAuth2 Clients</p>
+                <p className="text-lg font-light">
+                    Part of milestone v0.2.0
+                </p>
+            </div>
+        </div>
+    );
+}
diff --git a/dashboard/src/app/(inside)/relation/page.tsx b/dashboard/src/app/(inside)/relation/page.tsx
new file mode 100644
index 0000000..3ad6bef
--- /dev/null
+++ b/dashboard/src/app/(inside)/relation/page.tsx
@@ -0,0 +1,12 @@
+export default async function ListRelationPage() {
+    return (
+        <div className="space-y-4">
+            <div>
+                <p className="text-3xl font-bold leading-tight tracking-tight">Relations</p>
+                <p className="text-lg font-light">
+                    Part of milestone v0.2.0
+                </p>
+            </div>
+        </div>
+    );
+}
-- 
2.45.3


From 6335036a0421f44ebef42391a6af47273d00996f Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 27 Dec 2024 17:17:46 +0100
Subject: [PATCH 60/66] NORY-34: show oauth2 clients in a data table

---
 .../src/app/(inside)/client/data-table.tsx    | 105 ++++++++++++++++++
 dashboard/src/app/(inside)/client/page.tsx    |  37 +++++-
 2 files changed, 141 insertions(+), 1 deletion(-)
 create mode 100644 dashboard/src/app/(inside)/client/data-table.tsx

diff --git a/dashboard/src/app/(inside)/client/data-table.tsx b/dashboard/src/app/(inside)/client/data-table.tsx
new file mode 100644
index 0000000..2e347db
--- /dev/null
+++ b/dashboard/src/app/(inside)/client/data-table.tsx
@@ -0,0 +1,105 @@
+'use client';
+
+import { ColumnDef } from '@tanstack/react-table';
+import { OAuth2Client } from '@ory/client';
+import { DataTable } from '@/components/ui/data-table';
+import { useEffect, useRef, useState } from 'react';
+import { Spinner } from '@/components/ui/spinner';
+import { FetchClientPageProps } from '@/app/(inside)/client/page';
+
+interface ClientDataTableProps {
+    data: OAuth2Client[];
+    pageSize: number;
+    pageToken: string | undefined;
+    fetchClientPage: (props: FetchClientPageProps) => Promise<{
+        data: OAuth2Client[],
+        tokens: Map<string, string>
+    }>;
+}
+
+export function ClientDataTable(
+    {
+        data,
+        pageSize,
+        pageToken,
+        fetchClientPage,
+    }: ClientDataTableProps,
+) {
+
+    console.log('OAuth2 client', data);
+
+    const columns: ColumnDef<OAuth2Client>[] = [
+        {
+            id: 'client_id',
+            accessorKey: 'client_id',
+            header: 'Client ID',
+        },
+        {
+            id: 'client_name',
+            accessorKey: 'client_name',
+            header: 'Client Name',
+        },
+        {
+            id: 'owner',
+            accessorKey: 'owner',
+            header: 'Owner',
+        },
+    ];
+
+    const [items, setItems] = useState<OAuth2Client[]>(data);
+    const [nextToken, setNextToken] = useState<string | undefined>(pageToken);
+
+    // react on changes from ssr (query params)
+    useEffect(() => {
+        setItems(data);
+        setNextToken(pageToken);
+    }, [data, pageSize, pageToken]);
+
+    // infinite scroll handling
+    const infiniteScrollSensor = useRef(null);
+    useEffect(() => {
+        const observer = new IntersectionObserver(
+            (entries) => {
+                if (entries[0].isIntersecting) {
+                    fetchMore();
+                }
+            },
+            { threshold: 0.5 }, // Adjust threshold as needed
+        );
+
+        if (infiniteScrollSensor.current) {
+            observer.observe(infiniteScrollSensor.current);
+        }
+
+        return () => {
+            if (infiniteScrollSensor.current) {
+                observer.unobserve(infiniteScrollSensor.current);
+            }
+        };
+    }, [items]);
+
+    const fetchMore = async () => {
+        if (!nextToken) return;
+
+        const response = await fetchClientPage({
+            pageSize: pageSize,
+            pageToken: nextToken,
+        });
+
+        setItems([...items, ...response.data]);
+        setNextToken(response.tokens.get('next') ?? undefined);
+    };
+
+    return (
+        <>
+            <DataTable columns={columns} data={items}/>
+            {
+                nextToken && (
+                    <div className="flex w-full justify-center">
+                        <Spinner ref={infiniteScrollSensor} className="h-10"/>
+                    </div>
+                )
+            }
+        </>
+    );
+}
diff --git a/dashboard/src/app/(inside)/client/page.tsx b/dashboard/src/app/(inside)/client/page.tsx
index db0117a..439fd3e 100644
--- a/dashboard/src/app/(inside)/client/page.tsx
+++ b/dashboard/src/app/(inside)/client/page.tsx
@@ -1,12 +1,47 @@
+import { getOAuth2Api } from '@/ory/sdk/server';
+import { parseTokens } from '@/app/(inside)/user/page';
+import { ClientDataTable } from '@/app/(inside)/client/data-table';
+
+export interface FetchClientPageProps {
+    pageSize: number;
+    pageToken: string;
+}
+
+async function fetchClientPage({ pageSize, pageToken }: FetchClientPageProps) {
+    'use server';
+
+    const oAuth2Api = await getOAuth2Api();
+    const response = await oAuth2Api.listOAuth2Clients({
+        pageSize: pageSize,
+        pageToken: pageToken,
+    });
+
+    return {
+        data: response.data,
+        tokens: parseTokens(response.headers.link),
+    };
+}
+
 export default async function ListClientPage() {
+
+    let pageSize = 100;
+    let pageToken: string = '00000000-0000-0000-0000-000000000000';
+
+    const initialFetch = await fetchClientPage({ pageSize, pageToken });
+
     return (
         <div className="space-y-4">
             <div>
                 <p className="text-3xl font-bold leading-tight tracking-tight">OAuth2 Clients</p>
                 <p className="text-lg font-light">
-                    Part of milestone v0.2.0
+                    See and manage all OAuth2 clients registered with your Ory Hydra instance
                 </p>
             </div>
+            <ClientDataTable
+                data={initialFetch.data}
+                pageSize={pageSize}
+                pageToken={initialFetch.tokens.get('next')}
+                fetchClientPage={fetchClientPage}/>
         </div>
     );
 }
-- 
2.45.3


From a24b05c01e40937241c51916a8b6200b8b8624b7 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 27 Dec 2024 17:18:26 +0100
Subject: [PATCH 61/66] NORY-34: update script for creating oauth client

---
 docker/ory-dev/hydra-create-client.sh | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/docker/ory-dev/hydra-create-client.sh b/docker/ory-dev/hydra-create-client.sh
index 8b6b038..181920e 100644
--- a/docker/ory-dev/hydra-create-client.sh
+++ b/docker/ory-dev/hydra-create-client.sh
@@ -2,15 +2,21 @@
 # Ory Hydra CLI and writes the client id and
 # client secret to the command line.
 
-read -r -p "Did you modify the script according to your needs? (y/N)? " answer
-if [ answer != "y" && anser != "Y" ]; then
-    exit 0
+# Check if the number of arguments is correct
+if [ $# -ne 2 ]; then
+  echo "Usage: $0 <name> <owner>"
+  exit 1
 fi
 
+name=$1
+owner=$2
+
 # it is likely you will have to set different redirect-uris
 # depending on the application you are trying to connect.
 code_client=$(docker compose exec ory-hydra \
     hydra create client \
+    --name "$name" \
+    --owner "$owner" \
     --endpoint http://localhost:4445 \
     --grant-type authorization_code,refresh_token \
     --response-type code,id_token \
-- 
2.45.3


From 3d6928a8399898dc31336ba9703258bbedb0db29 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Fri, 27 Dec 2024 19:02:20 +0100
Subject: [PATCH 62/66] NORY-34: fix layout not cutting off input ring

---
 dashboard/src/app/(inside)/layout.tsx | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dashboard/src/app/(inside)/layout.tsx b/dashboard/src/app/(inside)/layout.tsx
index 5c8f890..d7f42e7 100644
--- a/dashboard/src/app/(inside)/layout.tsx
+++ b/dashboard/src/app/(inside)/layout.tsx
@@ -10,8 +10,8 @@ export default function InsideLayout({ children }: Readonly<{ children: React.Re
     return (
         <SidebarProvider className="max-h-screen min-h-screen">
             <AppSidebar className="mx-1"/>
-            <SidebarInset className="overflow-hidden p-6 space-y-6">
-                <header className="flex h-4 items-center gap-2">
+            <SidebarInset className="overflow-hidden space-y-6">
+                <header className="flex items-center px-6 pt-6 gap-2">
                     <SidebarTrigger className="-ml-1 p-1"/>
                     <Separator orientation="vertical" className="mr-2 h-4"/>
                     {
@@ -27,7 +27,7 @@ export default function InsideLayout({ children }: Readonly<{ children: React.Re
                         </BreadcrumbList>
                     </Breadcrumb>
                 </header>
-                <div className="flex-1 overflow-scroll">
+                <div className="flex-1 px-6 pb-6 overflow-scroll">
                     {children}
                 </div>
             </SidebarInset>
-- 
2.45.3


From 4ebd10d699ba2e281a1f1c1257fe376e8fe8eb4e Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Mon, 6 Jan 2025 19:27:37 +0100
Subject: [PATCH 63/66] NORY-34: add parseTokens() function after rebase

---
 dashboard/src/app/(inside)/client/page.tsx | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/dashboard/src/app/(inside)/client/page.tsx b/dashboard/src/app/(inside)/client/page.tsx
index 439fd3e..0d3f5a3 100644
--- a/dashboard/src/app/(inside)/client/page.tsx
+++ b/dashboard/src/app/(inside)/client/page.tsx
@@ -1,5 +1,4 @@
 import { getOAuth2Api } from '@/ory/sdk/server';
-import { parseTokens } from '@/app/(inside)/user/page';
 import { ClientDataTable } from '@/app/(inside)/client/data-table';
 
 export interface FetchClientPageProps {
@@ -7,6 +6,26 @@ export interface FetchClientPageProps {
     pageToken: string;
 }
 
+function parseTokens(link: string) {
+
+    const parsed = link.split(',').map((it) => {
+        const startRel = it.lastIndexOf('rel="');
+        const endRel = it.lastIndexOf('"');
+        const rel = it.slice(startRel, endRel);
+
+        const startToken = it.lastIndexOf('page_token=');
+        const endToken = it.lastIndexOf('&');
+        const token = it.slice(startToken, endToken);
+
+        return [rel, token];
+    });
+
+    return new Map(parsed.map(obj => [
+        obj[0].replace('rel="', ''),
+        obj[1].replace('page_token=', ''),
+    ]));
+}
+
 async function fetchClientPage({ pageSize, pageToken }: FetchClientPageProps) {
     'use server';
 
-- 
2.45.3


From 5fb9170c81a99fed7ec1c8b6a80775841ea502fa Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Mon, 6 Jan 2025 19:29:39 +0100
Subject: [PATCH 64/66] NORY-34: fix milestone references on placeholder pages

---
 dashboard/src/app/(inside)/analytics/page.tsx | 2 +-
 dashboard/src/app/(inside)/relation/page.tsx  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dashboard/src/app/(inside)/analytics/page.tsx b/dashboard/src/app/(inside)/analytics/page.tsx
index e416cc9..998087c 100644
--- a/dashboard/src/app/(inside)/analytics/page.tsx
+++ b/dashboard/src/app/(inside)/analytics/page.tsx
@@ -4,7 +4,7 @@ export default async function AnalyticsPage() {
             <div>
                 <p className="text-3xl font-bold leading-tight tracking-tight">Analytics</p>
                 <p className="text-lg font-light">
-                    Part of milestone v0.3.0
+                    Part of milestone v0.5.0
                 </p>
             </div>
         </div>
diff --git a/dashboard/src/app/(inside)/relation/page.tsx b/dashboard/src/app/(inside)/relation/page.tsx
index 3ad6bef..e6754a9 100644
--- a/dashboard/src/app/(inside)/relation/page.tsx
+++ b/dashboard/src/app/(inside)/relation/page.tsx
@@ -4,7 +4,7 @@ export default async function ListRelationPage() {
             <div>
                 <p className="text-3xl font-bold leading-tight tracking-tight">Relations</p>
                 <p className="text-lg font-light">
-                    Part of milestone v0.2.0
+                    Part of milestone v0.4.0
                 </p>
             </div>
         </div>
-- 
2.45.3


From ea13802183f4cbea563508ebefc67a552f11c9d7 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Tue, 7 Jan 2025 19:13:53 +0100
Subject: [PATCH 65/66] NORY-34: fix serwist configuration

---
 authentication/src/app/service-worker.ts | 24 +++++++++++++++---------
 dashboard/src/app/service-worker.ts      | 24 +++++++++++++++---------
 2 files changed, 30 insertions(+), 18 deletions(-)

diff --git a/authentication/src/app/service-worker.ts b/authentication/src/app/service-worker.ts
index 0538ba3..b9741f4 100644
--- a/authentication/src/app/service-worker.ts
+++ b/authentication/src/app/service-worker.ts
@@ -1,18 +1,24 @@
-import type { PrecacheEntry } from '@serwist/precaching';
-import { installSerwist } from '@serwist/sw';
 import { defaultCache } from '@serwist/next/worker';
+import type { PrecacheEntry, SerwistGlobalConfig } from 'serwist';
+import { Serwist } from 'serwist';
 
-declare const self: ServiceWorkerGlobalScope & {
-    // Change this attribute's name to your `injectionPoint`.
-    // `injectionPoint` is an InjectManifest option.
-    // See https://serwist.pages.dev/docs/build/inject-manifest/configuring
-    __SW_MANIFEST: (PrecacheEntry | string)[] | undefined;
-};
+declare const self: ServiceWorkerGlobalScope;
 
-installSerwist({
+declare global {
+    interface WorkerGlobalScope extends SerwistGlobalConfig {
+        // Change this attribute's name to your `injectionPoint`.
+        // `injectionPoint` is an InjectManifest option.
+        // See https://serwist.pages.dev/docs/build/configuring
+        __SW_MANIFEST: (PrecacheEntry | string)[] | undefined;
+    }
+}
+
+const serwist = new Serwist({
     precacheEntries: self.__SW_MANIFEST,
     skipWaiting: true,
     clientsClaim: true,
     navigationPreload: true,
     runtimeCaching: defaultCache,
 });
+
+serwist.addEventListeners();
diff --git a/dashboard/src/app/service-worker.ts b/dashboard/src/app/service-worker.ts
index 0538ba3..b9741f4 100644
--- a/dashboard/src/app/service-worker.ts
+++ b/dashboard/src/app/service-worker.ts
@@ -1,18 +1,24 @@
-import type { PrecacheEntry } from '@serwist/precaching';
-import { installSerwist } from '@serwist/sw';
 import { defaultCache } from '@serwist/next/worker';
+import type { PrecacheEntry, SerwistGlobalConfig } from 'serwist';
+import { Serwist } from 'serwist';
 
-declare const self: ServiceWorkerGlobalScope & {
-    // Change this attribute's name to your `injectionPoint`.
-    // `injectionPoint` is an InjectManifest option.
-    // See https://serwist.pages.dev/docs/build/inject-manifest/configuring
-    __SW_MANIFEST: (PrecacheEntry | string)[] | undefined;
-};
+declare const self: ServiceWorkerGlobalScope;
 
-installSerwist({
+declare global {
+    interface WorkerGlobalScope extends SerwistGlobalConfig {
+        // Change this attribute's name to your `injectionPoint`.
+        // `injectionPoint` is an InjectManifest option.
+        // See https://serwist.pages.dev/docs/build/configuring
+        __SW_MANIFEST: (PrecacheEntry | string)[] | undefined;
+    }
+}
+
+const serwist = new Serwist({
     precacheEntries: self.__SW_MANIFEST,
     skipWaiting: true,
     clientsClaim: true,
     navigationPreload: true,
     runtimeCaching: defaultCache,
 });
+
+serwist.addEventListeners();
-- 
2.45.3


From fc4c8909596489ebbba9bc277dee3a470f5bb591 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Mon, 27 Jan 2025 22:37:26 +0100
Subject: [PATCH 66/66] NORY-56: fix default Keto configuration

---
 dashboard/.env.example                | 2 ++
 dashboard/src/ory/sdk/server/index.ts | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/dashboard/.env.example b/dashboard/.env.example
index fbb1831..07958f8 100644
--- a/dashboard/.env.example
+++ b/dashboard/.env.example
@@ -3,8 +3,10 @@ DATABASE_URL=postgresql://postgres:postgres@localhost:5432/kratos
 
 ORY_KRATOS_ADMIN_URL=http://localhost:4434
 ORY_HYDRA_ADMIN_URL=http://localhost:4445
+ORY_KETO_ADMIN_URL=http://localhost:4467
 
 NEXT_PUBLIC_ORY_KRATOS_URL=http://localhost:4433
+NEXT_PUBLIC_ORY_KETO_URL=http://localhost:4466
 
 NEXT_PUBLIC_AUTHENTICATION_NODE_URL=http://localhost:3000
 NEXT_PUBLIC_DASHBOARD_NODE_URL=http://localhost:4000
diff --git a/dashboard/src/ory/sdk/server/index.ts b/dashboard/src/ory/sdk/server/index.ts
index 7649433..013631d 100644
--- a/dashboard/src/ory/sdk/server/index.ts
+++ b/dashboard/src/ory/sdk/server/index.ts
@@ -126,7 +126,7 @@ export async function getRelationshipApi() {
 
 const permissionApi = new PermissionApi(new Configuration(
     {
-        basePath: process.env.ORY_KETO_ADMIN_URL,
+        basePath: process.env.NEXT_PUBLIC_ORY_KETO_URL,
         baseOptions: {
             withCredentials: true,
         },
@@ -144,7 +144,7 @@ export async function getPermissionApi() {
 
 const ketoMetadataApi = new MetadataApi(new Configuration(
     {
-        basePath: process.env.ORY_KETO_ADMIN_URL,
+        basePath: process.env.NEXT_PUBLIC_ORY_KETO_URL,
         baseOptions: {
             withCredentials: true,
         },
-- 
2.45.3