@famgia/omnify-react-sso 2.2.3 → 2.2.4

package/dist/core/index.cjs

@@ -0,0 +1,2432 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/core/index.ts
+var core_exports = {};
+__export(core_exports, {
+  BRANCH_HEADERS: () => BRANCH_HEADERS,
+  BranchContext: () => BranchContext,
+  BranchProvider: () => BranchProvider,
+  I18nProvider: () => I18nProvider,
+  SsoContext: () => SsoContext,
+  SsoProvider: () => SsoProvider,
+  changeLanguage: () => changeLanguage,
+  createAuthService: () => createAuthService,
+  createBranchHeaderSetter: () => createBranchHeaderSetter,
+  createBranchService: () => createBranchService,
+  createPermissionService: () => createPermissionService,
+  createRoleService: () => createRoleService,
+  createSsoService: () => createSsoService,
+  createTeamService: () => createTeamService,
+  createTokenService: () => createTokenService,
+  createUserRoleService: () => createUserRoleService,
+  createUserService: () => createUserService,
+  defaultLocale: () => defaultLocale,
+  defaultTranslations: () => defaultTranslations,
+  fallbackLocale: () => fallbackLocale,
+  getCurrentLocale: () => getCurrentLocale,
+  getEffectivePermissions: () => getEffectivePermissions,
+  getMessage: () => getMessage,
+  getMessages: () => getMessages,
+  getScopeLabel: () => getScopeLabel,
+  localeNames: () => localeNames,
+  locales: () => locales,
+  schemas: () => schemas_exports,
+  setBranchHeaders: () => setBranchHeaders,
+  ssoNamespace: () => ssoNamespace,
+  ssoQueryKeys: () => ssoQueryKeys,
+  supportedLocales: () => supportedLocales,
+  useAuth: () => useAuth,
+  useBranch: () => useBranch,
+  useBranchContext: () => useBranchContext,
+  useLocale: () => useLocale,
+  useOrganization: () => useOrganization,
+  useSso: () => useSso,
+  useSsoContext: () => useSsoContext,
+  useSsoTranslation: () => useSsoTranslation,
+  useTranslations: () => useTranslations,
+  validationMessages: () => validationMessages
+});
+module.exports = __toCommonJS(core_exports);
+
+// src/core/context/SsoContext.tsx
+var import_react = require("react");
+var SsoContext = (0, import_react.createContext)(null);
+function useSsoContext() {
+  const context = (0, import_react.useContext)(SsoContext);
+  if (!context) {
+    throw new Error("useSsoContext must be used within a SsoProvider");
+  }
+  return context;
+}
+
+// src/core/context/SsoProvider.tsx
+var import_react2 = require("react");
+var import_jsx_runtime = require("react/jsx-runtime");
+function transformUser(data) {
+  return {
+    id: data.id,
+    consoleUserId: data.console_user_id,
+    email: data.email,
+    name: data.name
+  };
+}
+function transformOrganizations(data) {
+  return data.map((org) => ({
+    id: org.organization_id,
+    slug: org.organization_slug,
+    name: org.organization_name,
+    orgRole: org.org_role,
+    serviceRole: org.service_role
+  }));
+}
+function getStorage(type) {
+  if (typeof window === "undefined") return null;
+  return type === "localStorage" ? window.localStorage : window.sessionStorage;
+}
+function getXsrfToken() {
+  if (typeof document === "undefined") return void 0;
+  return document.cookie.split("; ").find((row) => row.startsWith("XSRF-TOKEN="))?.split("=")[1];
+}
+function SsoProvider({ children, config, onAuthChange }) {
+  const [user, setUser] = (0, import_react2.useState)(null);
+  const [organizations, setOrganizations] = (0, import_react2.useState)([]);
+  const [currentOrg, setCurrentOrg] = (0, import_react2.useState)(null);
+  const [isLoading, setIsLoading] = (0, import_react2.useState)(true);
+  const storageKey = config.storageKey ?? "sso_selected_org";
+  const storage = getStorage(config.storage ?? "localStorage");
+  const loadSelectedOrg = (0, import_react2.useCallback)(
+    (orgs) => {
+      if (!storage || orgs.length === 0) return null;
+      const savedSlug = storage.getItem(storageKey);
+      if (savedSlug) {
+        const found = orgs.find((o) => o.slug === savedSlug);
+        if (found) return found;
+      }
+      return orgs[0];
+    },
+    [storage, storageKey]
+  );
+  const saveSelectedOrg = (0, import_react2.useCallback)(
+    (org) => {
+      if (!storage) return;
+      if (org) {
+        storage.setItem(storageKey, org.slug);
+      } else {
+        storage.removeItem(storageKey);
+      }
+    },
+    [storage, storageKey]
+  );
+  const fetchUser = (0, import_react2.useCallback)(async () => {
+    try {
+      const xsrfToken = getXsrfToken();
+      const headers = {
+        "Accept": "application/json"
+      };
+      if (xsrfToken) {
+        headers["X-XSRF-TOKEN"] = decodeURIComponent(xsrfToken);
+      }
+      const response = await fetch(`${config.apiUrl}/api/sso/user`, {
+        headers,
+        credentials: "include"
+      });
+      if (!response.ok) {
+        return null;
+      }
+      const data = await response.json();
+      const transformedUser = transformUser(data.user);
+      const transformedOrgs = transformOrganizations(data.organizations);
+      return { user: transformedUser, organizations: transformedOrgs };
+    } catch {
+      return null;
+    }
+  }, [config.apiUrl]);
+  (0, import_react2.useEffect)(() => {
+    let mounted = true;
+    const init = async () => {
+      setIsLoading(true);
+      const result = await fetchUser();
+      if (!mounted) return;
+      if (result) {
+        setUser(result.user);
+        setOrganizations(result.organizations);
+        const selectedOrg = loadSelectedOrg(result.organizations);
+        setCurrentOrg(selectedOrg);
+        onAuthChange?.(true, result.user);
+      } else {
+        setUser(null);
+        setOrganizations([]);
+        setCurrentOrg(null);
+        onAuthChange?.(false, null);
+      }
+      setIsLoading(false);
+    };
+    init();
+    return () => {
+      mounted = false;
+    };
+  }, [fetchUser, loadSelectedOrg, onAuthChange]);
+  const login = (0, import_react2.useCallback)(
+    (redirectTo) => {
+      const callbackUrl = new URL("/sso/callback", window.location.origin);
+      if (redirectTo) {
+        callbackUrl.searchParams.set("redirect", redirectTo);
+      }
+      const loginUrl = new URL("/sso/authorize", config.consoleUrl);
+      loginUrl.searchParams.set("service", config.serviceSlug);
+      loginUrl.searchParams.set("redirect_uri", callbackUrl.toString());
+      window.location.href = loginUrl.toString();
+    },
+    [config.consoleUrl, config.serviceSlug]
+  );
+  const logout = (0, import_react2.useCallback)(async () => {
+    try {
+      const xsrfToken = getXsrfToken();
+      const headers = {};
+      if (xsrfToken) {
+        headers["X-XSRF-TOKEN"] = decodeURIComponent(xsrfToken);
+      }
+      await fetch(`${config.apiUrl}/api/sso/logout`, {
+        method: "POST",
+        headers,
+        credentials: "include"
+      });
+    } catch {
+    }
+    setUser(null);
+    setOrganizations([]);
+    setCurrentOrg(null);
+    saveSelectedOrg(null);
+    onAuthChange?.(false, null);
+  }, [config.apiUrl, saveSelectedOrg, onAuthChange]);
+  const globalLogout = (0, import_react2.useCallback)(
+    async (redirectTo) => {
+      await logout();
+      const redirectUri = redirectTo ? new URL(redirectTo, window.location.origin).toString() : window.location.origin;
+      const logoutUrl = new URL("/sso/logout", config.consoleUrl);
+      logoutUrl.searchParams.set("redirect_uri", redirectUri);
+      window.location.href = logoutUrl.toString();
+    },
+    [logout, config.consoleUrl]
+  );
+  const switchOrg = (0, import_react2.useCallback)(
+    (orgId) => {
+      const org = organizations.find((o) => o.slug === orgId);
+      if (org) {
+        setCurrentOrg(org);
+        saveSelectedOrg(org);
+      }
+    },
+    [organizations, saveSelectedOrg]
+  );
+  const refreshUser = (0, import_react2.useCallback)(async () => {
+    const result = await fetchUser();
+    if (result) {
+      setUser(result.user);
+      setOrganizations(result.organizations);
+      if (currentOrg) {
+        const stillValid = result.organizations.find((o) => o.slug === currentOrg.slug);
+        if (!stillValid) {
+          const newOrg = loadSelectedOrg(result.organizations);
+          setCurrentOrg(newOrg);
+        }
+      }
+    }
+  }, [fetchUser, currentOrg, loadSelectedOrg]);
+  const getHeaders = (0, import_react2.useCallback)(() => {
+    const headers = {};
+    if (currentOrg) {
+      headers["X-Organization-Id"] = currentOrg.slug;
+    }
+    return headers;
+  }, [currentOrg]);
+  const value = (0, import_react2.useMemo)(
+    () => ({
+      user,
+      organizations,
+      currentOrg,
+      isLoading,
+      isAuthenticated: !!user,
+      config,
+      login,
+      logout,
+      globalLogout,
+      switchOrg,
+      refreshUser,
+      getHeaders
+    }),
+    [
+      user,
+      organizations,
+      currentOrg,
+      isLoading,
+      config,
+      login,
+      logout,
+      globalLogout,
+      switchOrg,
+      refreshUser,
+      getHeaders
+    ]
+  );
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(SsoContext.Provider, { value, children });
+}
+
+// src/core/context/BranchContext.tsx
+var import_react3 = require("react");
+var BranchContext = (0, import_react3.createContext)(null);
+function useBranchContext() {
+  const context = (0, import_react3.useContext)(BranchContext);
+  if (!context) {
+    throw new Error("useBranchContext must be used within a BranchProvider");
+  }
+  return context;
+}
+
+// src/core/context/BranchProvider.tsx
+var import_react4 = require("react");
+var import_react_query = require("@tanstack/react-query");
+
+// src/core/services/utils.ts
+function getXsrfToken2() {
+  if (typeof document === "undefined") return void 0;
+  return document.cookie.split("; ").find((row) => row.startsWith("XSRF-TOKEN="))?.split("=")[1];
+}
+function buildHeaders(orgId) {
+  const headers = {
+    "Content-Type": "application/json",
+    Accept: "application/json"
+  };
+  const xsrfToken = getXsrfToken2();
+  if (xsrfToken) {
+    headers["X-XSRF-TOKEN"] = decodeURIComponent(xsrfToken);
+  }
+  if (orgId) {
+    headers["X-Organization-Id"] = orgId;
+  }
+  return headers;
+}
+async function csrf(apiUrl) {
+  await fetch(`${apiUrl}/sanctum/csrf-cookie`, {
+    credentials: "include"
+  });
+}
+async function request(apiUrl, path, options = {}) {
+  const response = await fetch(`${apiUrl}${path}`, {
+    ...options,
+    credentials: "include"
+  });
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({}));
+    throw new Error(error.message || `HTTP ${response.status}`);
+  }
+  if (response.status === 204) {
+    return void 0;
+  }
+  return response.json();
+}
+
+// src/core/services/branchService.ts
+function createBranchService(config) {
+  const { apiUrl } = config;
+  return {
+    /**
+     * Get branches for current user in organization
+     * GET /api/sso/branches
+     * @param orgId - Organization ID or slug (sent via X-Organization-Id header)
+     */
+    list: async (orgId) => {
+      return request(apiUrl, `/api/sso/branches`, {
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * Get a specific branch by ID
+     * GET /api/sso/branches/{id}
+     */
+    get: async (branchId) => {
+      const response = await request(
+        apiUrl,
+        `/api/sso/branches/${branchId}`,
+        { headers: buildHeaders() }
+      );
+      return "data" in response ? response.data : response;
+    },
+    /**
+     * Get headquarters branch for organization
+     * @param orgId - Organization ID or slug (sent via X-Organization-Id header)
+     */
+    getHeadquarters: async (orgId) => {
+      try {
+        const data = await request(
+          apiUrl,
+          `/api/sso/branches`,
+          { headers: buildHeaders(orgId) }
+        );
+        return data.branches.find((b) => b.is_headquarters) ?? null;
+      } catch {
+        return null;
+      }
+    },
+    /**
+     * Get primary branch for current user
+     * @param orgId - Organization ID or slug (sent via X-Organization-Id header)
+     */
+    getPrimary: async (orgId) => {
+      try {
+        const data = await request(
+          apiUrl,
+          `/api/sso/branches`,
+          { headers: buildHeaders(orgId) }
+        );
+        if (data.primary_branch_id) {
+          return data.branches.find((b) => b.id === data.primary_branch_id) ?? null;
+        }
+        return null;
+      } catch {
+        return null;
+      }
+    }
+  };
+}
+
+// src/core/queryKeys.ts
+var ssoQueryKeys = {
+  all: ["sso"],
+  // =========================================================================
+  // Auth (authService)
+  // =========================================================================
+  auth: {
+    all: () => [...ssoQueryKeys.all, "auth"],
+    user: () => [...ssoQueryKeys.auth.all(), "user"],
+    globalLogoutUrl: (redirectUri) => [...ssoQueryKeys.auth.all(), "global-logout-url", redirectUri]
+  },
+  // =========================================================================
+  // Tokens (tokenService)
+  // =========================================================================
+  tokens: {
+    all: () => [...ssoQueryKeys.all, "tokens"],
+    list: () => [...ssoQueryKeys.tokens.all(), "list"]
+  },
+  // =========================================================================
+  // Roles (roleService)
+  // =========================================================================
+  roles: {
+    all: () => [...ssoQueryKeys.all, "roles"],
+    list: () => [...ssoQueryKeys.roles.all(), "list"],
+    detail: (id) => [...ssoQueryKeys.roles.all(), "detail", id],
+    permissions: (id) => [...ssoQueryKeys.roles.all(), id, "permissions"]
+  },
+  // =========================================================================
+  // Permissions (permissionService)
+  // =========================================================================
+  permissions: {
+    all: () => [...ssoQueryKeys.all, "permissions"],
+    list: (params) => [...ssoQueryKeys.permissions.all(), "list", params],
+    detail: (id) => [...ssoQueryKeys.permissions.all(), "detail", id],
+    matrix: () => [...ssoQueryKeys.permissions.all(), "matrix"]
+  },
+  // =========================================================================
+  // Teams (teamService)
+  // =========================================================================
+  teams: {
+    all: () => [...ssoQueryKeys.all, "teams"],
+    list: () => [...ssoQueryKeys.teams.all(), "list"],
+    permissions: (teamId) => [...ssoQueryKeys.teams.all(), teamId, "permissions"],
+    orphaned: () => [...ssoQueryKeys.teams.all(), "orphaned"]
+  },
+  // =========================================================================
+  // User Roles (userRoleService) - Scoped Role Assignments
+  // =========================================================================
+  userRoles: {
+    all: () => [...ssoQueryKeys.all, "user-roles"],
+    list: (userId) => [...ssoQueryKeys.userRoles.all(), userId],
+    byBranch: (userId, orgId, branchId) => [...ssoQueryKeys.userRoles.all(), userId, orgId, branchId]
+  },
+  // =========================================================================
+  // Branches (branchService)
+  // =========================================================================
+  branches: {
+    all: () => [...ssoQueryKeys.all, "branches"],
+    list: (orgId) => [...ssoQueryKeys.branches.all(), "list", orgId],
+    detail: (branchId) => [...ssoQueryKeys.branches.all(), "detail", branchId],
+    headquarters: (orgId) => [...ssoQueryKeys.branches.all(), "headquarters", orgId],
+    primary: (orgId) => [...ssoQueryKeys.branches.all(), "primary", orgId]
+  },
+  // =========================================================================
+  // Admin variants (with org context)
+  // =========================================================================
+  admin: {
+    roles: {
+      all: (orgId) => [...ssoQueryKeys.all, "admin", orgId, "roles"],
+      list: (orgId) => [...ssoQueryKeys.admin.roles.all(orgId), "list"],
+      detail: (orgId, id) => [...ssoQueryKeys.admin.roles.all(orgId), "detail", id],
+      permissions: (orgId, id) => [...ssoQueryKeys.admin.roles.all(orgId), id, "permissions"]
+    },
+    permissions: {
+      all: (orgId) => [...ssoQueryKeys.all, "admin", orgId, "permissions"],
+      list: (orgId, params) => [...ssoQueryKeys.admin.permissions.all(orgId), "list", params],
+      detail: (orgId, id) => [...ssoQueryKeys.admin.permissions.all(orgId), "detail", id],
+      matrix: (orgId) => [...ssoQueryKeys.admin.permissions.all(orgId), "matrix"]
+    },
+    teams: {
+      all: (orgId) => [...ssoQueryKeys.all, "admin", orgId, "teams"],
+      list: (orgId) => [...ssoQueryKeys.admin.teams.all(orgId), "list"],
+      permissions: (orgId, teamId) => [...ssoQueryKeys.admin.teams.all(orgId), teamId, "permissions"],
+      orphaned: (orgId) => [...ssoQueryKeys.admin.teams.all(orgId), "orphaned"]
+    },
+    userRoles: {
+      all: (orgId) => [...ssoQueryKeys.all, "admin", orgId, "user-roles"],
+      list: (orgId, userId) => [...ssoQueryKeys.admin.userRoles.all(orgId), userId],
+      byBranch: (orgId, userId, consoleOrgId, branchId) => [...ssoQueryKeys.admin.userRoles.all(orgId), userId, consoleOrgId, branchId]
+    },
+    users: {
+      all: (orgId) => [...ssoQueryKeys.all, "admin", orgId, "users"],
+      list: (orgId, params) => [...ssoQueryKeys.admin.users.all(orgId), "list", params],
+      detail: (orgId, id) => [...ssoQueryKeys.admin.users.all(orgId), "detail", id],
+      permissions: (orgId, userId, consoleOrgId, branchId) => [...ssoQueryKeys.admin.users.all(orgId), userId, "permissions", consoleOrgId, branchId]
+    }
+  }
+};
+
+// src/core/context/BranchProvider.tsx
+var import_jsx_runtime2 = require("react/jsx-runtime");
+var DEFAULT_STORAGE_KEY = "omnify_selected_branch";
+function BranchProvider({
+  children,
+  storage = "localStorage",
+  storageKey = DEFAULT_STORAGE_KEY,
+  onBranchChange
+}) {
+  const { config, currentOrg, isAuthenticated } = useSsoContext();
+  const queryClient = (0, import_react_query.useQueryClient)();
+  const branchService = (0, import_react4.useMemo)(
+    () => createBranchService({ apiUrl: config.apiUrl }),
+    [config.apiUrl]
+  );
+  const getSavedBranchId = (0, import_react4.useCallback)(() => {
+    if (typeof window === "undefined") return null;
+    const storageObj = storage === "localStorage" ? localStorage : sessionStorage;
+    const saved = storageObj.getItem(`${storageKey}_${currentOrg?.slug}`);
+    return saved ? parseInt(saved, 10) : null;
+  }, [storage, storageKey, currentOrg?.slug]);
+  const saveBranchId = (0, import_react4.useCallback)((branchId) => {
+    if (typeof window === "undefined" || !currentOrg?.slug) return;
+    const storageObj = storage === "localStorage" ? localStorage : sessionStorage;
+    if (branchId) {
+      storageObj.setItem(`${storageKey}_${currentOrg.slug}`, String(branchId));
+    } else {
+      storageObj.removeItem(`${storageKey}_${currentOrg.slug}`);
+    }
+  }, [storage, storageKey, currentOrg?.slug]);
+  const [selectedBranchId, setSelectedBranchId] = (0, import_react4.useState)(() => getSavedBranchId());
+  const {
+    data: branchesData,
+    isLoading,
+    error,
+    refetch
+  } = (0, import_react_query.useQuery)({
+    queryKey: ssoQueryKeys.branches.list(currentOrg?.slug),
+    queryFn: () => branchService.list(currentOrg?.slug),
+    enabled: isAuthenticated && !!currentOrg,
+    staleTime: 5 * 60 * 1e3
+    // 5 minutes
+  });
+  const branches = branchesData?.branches ?? [];
+  const allBranchesAccess = branchesData?.all_branches_access ?? false;
+  const primaryBranchId = branchesData?.primary_branch_id ?? null;
+  const hasMultipleBranches = branches.length > 1;
+  const currentBranch = (0, import_react4.useMemo)(() => {
+    if (!branches.length) return null;
+    if (branches.length === 1) {
+      return branches[0];
+    }
+    if (selectedBranchId) {
+      const found = branches.find((b) => b.id === selectedBranchId);
+      if (found) return found;
+    }
+    if (primaryBranchId) {
+      const primary = branches.find((b) => b.id === primaryBranchId);
+      if (primary) return primary;
+    }
+    const hq = branches.find((b) => b.is_headquarters);
+    if (hq) return hq;
+    return branches[0];
+  }, [branches, selectedBranchId, primaryBranchId]);
+  (0, import_react4.useEffect)(() => {
+    if (currentBranch && currentBranch.id !== selectedBranchId) {
+      setSelectedBranchId(currentBranch.id);
+      saveBranchId(currentBranch.id);
+      onBranchChange?.(currentBranch);
+    }
+  }, [currentBranch, selectedBranchId, saveBranchId, onBranchChange]);
+  (0, import_react4.useEffect)(() => {
+    const savedId = getSavedBranchId();
+    setSelectedBranchId(savedId);
+  }, [currentOrg?.slug, getSavedBranchId]);
+  const switchBranch = (0, import_react4.useCallback)((branchId) => {
+    const branch = branches.find((b) => b.id === branchId);
+    if (branch) {
+      setSelectedBranchId(branchId);
+      saveBranchId(branchId);
+      onBranchChange?.(branch);
+    }
+  }, [branches, saveBranchId, onBranchChange]);
+  const refreshBranches = (0, import_react4.useCallback)(async () => {
+    await queryClient.invalidateQueries({
+      queryKey: ssoQueryKeys.branches.list(currentOrg?.slug)
+    });
+    await refetch();
+  }, [queryClient, currentOrg?.slug, refetch]);
+  const contextValue = (0, import_react4.useMemo)(
+    () => ({
+      branches,
+      currentBranch,
+      allBranchesAccess,
+      primaryBranchId,
+      isLoading,
+      error,
+      hasMultipleBranches,
+      switchBranch,
+      refreshBranches
+    }),
+    [
+      branches,
+      currentBranch,
+      allBranchesAccess,
+      primaryBranchId,
+      isLoading,
+      error,
+      hasMultipleBranches,
+      switchBranch,
+      refreshBranches
+    ]
+  );
+  return /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(BranchContext.Provider, { value: contextValue, children });
+}
+
+// src/core/hooks/useAuth.ts
+var import_react5 = require("react");
+function useAuth() {
+  const { user, isLoading, isAuthenticated, login, logout, globalLogout, refreshUser } = useSsoContext();
+  const handleLogin = (0, import_react5.useCallback)(
+    (redirectTo) => {
+      login(redirectTo);
+    },
+    [login]
+  );
+  const handleLogout = (0, import_react5.useCallback)(async () => {
+    await logout();
+  }, [logout]);
+  const handleGlobalLogout = (0, import_react5.useCallback)(
+    (redirectTo) => {
+      globalLogout(redirectTo);
+    },
+    [globalLogout]
+  );
+  return {
+    user,
+    isLoading,
+    isAuthenticated,
+    login: handleLogin,
+    logout: handleLogout,
+    globalLogout: handleGlobalLogout,
+    refreshUser
+  };
+}
+
+// src/core/hooks/useOrganization.ts
+var import_react6 = require("react");
+var ROLE_LEVELS = {
+  admin: 100,
+  manager: 50,
+  member: 10
+};
+function useOrganization() {
+  const { organizations, currentOrg, switchOrg } = useSsoContext();
+  const hasMultipleOrgs = organizations.length > 1;
+  const currentRole = currentOrg?.serviceRole ?? null;
+  const hasRole = (0, import_react6.useCallback)(
+    (role) => {
+      if (!currentRole) return false;
+      const requiredLevel = ROLE_LEVELS[role] ?? 0;
+      const userLevel = ROLE_LEVELS[currentRole] ?? 0;
+      return userLevel >= requiredLevel;
+    },
+    [currentRole]
+  );
+  const handleSwitchOrg = (0, import_react6.useCallback)(
+    (orgId) => {
+      switchOrg(orgId);
+    },
+    [switchOrg]
+  );
+  return (0, import_react6.useMemo)(
+    () => ({
+      organizations,
+      currentOrg,
+      hasMultipleOrgs,
+      switchOrg: handleSwitchOrg,
+      currentRole,
+      hasRole
+    }),
+    [organizations, currentOrg, hasMultipleOrgs, handleSwitchOrg, currentRole, hasRole]
+  );
+}
+
+// src/core/hooks/useSso.ts
+var import_react7 = require("react");
+function useSso() {
+  const context = useSsoContext();
+  return (0, import_react7.useMemo)(
+    () => ({
+      // Auth
+      user: context.user,
+      isLoading: context.isLoading,
+      isAuthenticated: context.isAuthenticated,
+      login: context.login,
+      logout: context.logout,
+      globalLogout: context.globalLogout,
+      refreshUser: context.refreshUser,
+      // Organization
+      organizations: context.organizations,
+      currentOrg: context.currentOrg,
+      hasMultipleOrgs: context.organizations.length > 1,
+      switchOrg: context.switchOrg,
+      // Utilities
+      getHeaders: context.getHeaders,
+      config: context.config
+    }),
+    [context]
+  );
+}
+
+// src/core/hooks/useBranch.ts
+function useBranch() {
+  return useBranchContext();
+}
+
+// src/core/services/authService.ts
+function createAuthService(config) {
+  const { apiUrl } = config;
+  return {
+    /**
+     * Exchange SSO authorization code for tokens
+     * POST /api/sso/callback
+     */
+    callback: async (input) => {
+      await csrf(apiUrl);
+      return request(apiUrl, "/api/sso/callback", {
+        method: "POST",
+        headers: buildHeaders(),
+        body: JSON.stringify(input)
+      });
+    },
+    /**
+     * Logout current user and revoke tokens
+     * POST /api/sso/logout
+     */
+    logout: async () => {
+      return request(apiUrl, "/api/sso/logout", {
+        method: "POST",
+        headers: buildHeaders()
+      });
+    },
+    /**
+     * Get current authenticated user with organizations
+     * GET /api/sso/user
+     */
+    getUser: async () => {
+      return request(apiUrl, "/api/sso/user", {
+        headers: buildHeaders()
+      });
+    },
+    /**
+     * Get Console SSO global logout URL
+     * GET /api/sso/global-logout-url
+     */
+    getGlobalLogoutUrl: async (redirectUri) => {
+      const params = redirectUri ? `?redirect_uri=${encodeURIComponent(redirectUri)}` : "";
+      return request(apiUrl, `/api/sso/global-logout-url${params}`, {
+        headers: buildHeaders()
+      });
+    }
+  };
+}
+
+// src/core/services/tokenService.ts
+function createTokenService(config) {
+  const { apiUrl } = config;
+  return {
+    /**
+     * List all API tokens for current user
+     * GET /api/sso/tokens
+     */
+    list: async () => {
+      return request(apiUrl, "/api/sso/tokens", {
+        headers: buildHeaders()
+      });
+    },
+    /**
+     * Revoke a specific token
+     * DELETE /api/sso/tokens/{tokenId}
+     */
+    revoke: async (tokenId) => {
+      return request(apiUrl, `/api/sso/tokens/${tokenId}`, {
+        method: "DELETE",
+        headers: buildHeaders()
+      });
+    },
+    /**
+     * Revoke all tokens except current
+     * POST /api/sso/tokens/revoke-others
+     */
+    revokeOthers: async () => {
+      return request(apiUrl, "/api/sso/tokens/revoke-others", {
+        method: "POST",
+        headers: buildHeaders()
+      });
+    }
+  };
+}
+
+// src/core/services/roleService.ts
+function createRoleService(config) {
+  const { apiUrl } = config;
+  return {
+    // =========================================================================
+    // Read-only endpoints (authenticated users)
+    // =========================================================================
+    /**
+     * Get all roles
+     * GET /api/sso/roles
+     */
+    list: async () => {
+      return request(apiUrl, "/api/sso/roles", {
+        headers: buildHeaders()
+      });
+    },
+    /**
+     * Get single role with permissions
+     * GET /api/sso/roles/{id}
+     */
+    get: async (id) => {
+      return request(apiUrl, `/api/sso/roles/${id}`, {
+        headers: buildHeaders()
+      });
+    },
+    // =========================================================================
+    // Admin endpoints (requires admin role + org context)
+    // =========================================================================
+    /**
+     * List all roles (admin)
+     * GET /api/admin/sso/roles
+     */
+    adminList: async (orgId, params) => {
+      const queryParams = new URLSearchParams();
+      if (params) {
+        Object.entries(params).forEach(([key, value]) => {
+          if (value !== void 0 && value !== null) {
+            queryParams.append(key, String(value));
+          }
+        });
+      }
+      const query = queryParams.toString();
+      const url = `/api/admin/sso/roles${query ? `?${query}` : ""}`;
+      return request(apiUrl, url, {
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * Get single role (admin)
+     * GET /api/admin/sso/roles/{id}
+     */
+    adminGet: async (id, orgId) => {
+      return request(apiUrl, `/api/admin/sso/roles/${id}`, {
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * Create role (admin only)
+     * POST /api/admin/sso/roles
+     */
+    create: async (input, orgId) => {
+      return request(apiUrl, "/api/admin/sso/roles", {
+        method: "POST",
+        headers: buildHeaders(orgId),
+        body: JSON.stringify(input)
+      });
+    },
+    /**
+     * Update role (admin only)
+     * PUT /api/admin/sso/roles/{id}
+     */
+    update: async (id, input, orgId) => {
+      return request(apiUrl, `/api/admin/sso/roles/${id}`, {
+        method: "PUT",
+        headers: buildHeaders(orgId),
+        body: JSON.stringify(input)
+      });
+    },
+    /**
+     * Delete role (admin only)
+     * DELETE /api/admin/sso/roles/{id}
+     */
+    delete: async (id, orgId) => {
+      return request(apiUrl, `/api/admin/sso/roles/${id}`, {
+        method: "DELETE",
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * Get role's permissions (admin)
+     * GET /api/admin/sso/roles/{id}/permissions
+     */
+    getPermissions: async (id, orgId) => {
+      return request(apiUrl, `/api/admin/sso/roles/${id}/permissions`, {
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * Sync role's permissions (admin)
+     * PUT /api/admin/sso/roles/{id}/permissions
+     */
+    syncPermissions: async (id, input, orgId) => {
+      return request(apiUrl, `/api/admin/sso/roles/${id}/permissions`, {
+        method: "PUT",
+        headers: buildHeaders(orgId),
+        body: JSON.stringify(input)
+      });
+    }
+  };
+}
+
+// src/core/services/permissionService.ts
+function createPermissionService(config) {
+  const { apiUrl } = config;
+  return {
+    // =========================================================================
+    // Read-only endpoints (authenticated users)
+    // =========================================================================
+    /**
+     * Get all permissions
+     * GET /api/sso/permissions
+     */
+    list: async (params) => {
+      const queryString = params ? `?${new URLSearchParams(
+        Object.entries(params).filter(([, v]) => v !== void 0).map(([k, v]) => [k, String(v)])
+      )}` : "";
+      return request(apiUrl, `/api/sso/permissions${queryString}`, {
+        headers: buildHeaders()
+      });
+    },
+    /**
+     * Get permission matrix (roles x permissions)
+     * GET /api/sso/permission-matrix
+     */
+    getMatrix: async () => {
+      return request(apiUrl, "/api/sso/permission-matrix", {
+        headers: buildHeaders()
+      });
+    },
+    // =========================================================================
+    // Admin endpoints (requires admin role + org context)
+    // =========================================================================
+    /**
+     * List all permissions (admin)
+     * GET /api/admin/sso/permissions
+     */
+    adminList: async (orgId, params) => {
+      const queryString = params ? `?${new URLSearchParams(
+        Object.entries(params).filter(([, v]) => v !== void 0).map(([k, v]) => [k, String(v)])
+      )}` : "";
+      return request(apiUrl, `/api/admin/sso/permissions${queryString}`, {
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * Get single permission (admin)
+     * GET /api/admin/sso/permissions/{id}
+     */
+    adminGet: async (id, orgId) => {
+      return request(apiUrl, `/api/admin/sso/permissions/${id}`, {
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * Create permission (admin only)
+     * POST /api/admin/sso/permissions
+     */
+    create: async (input, orgId) => {
+      return request(apiUrl, "/api/admin/sso/permissions", {
+        method: "POST",
+        headers: buildHeaders(orgId),
+        body: JSON.stringify(input)
+      });
+    },
+    /**
+     * Update permission (admin only)
+     * PUT /api/admin/sso/permissions/{id}
+     */
+    update: async (id, input, orgId) => {
+      return request(apiUrl, `/api/admin/sso/permissions/${id}`, {
+        method: "PUT",
+        headers: buildHeaders(orgId),
+        body: JSON.stringify(input)
+      });
+    },
+    /**
+     * Delete permission (admin only)
+     * DELETE /api/admin/sso/permissions/{id}
+     */
+    delete: async (id, orgId) => {
+      return request(apiUrl, `/api/admin/sso/permissions/${id}`, {
+        method: "DELETE",
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * Get permission matrix (admin)
+     * GET /api/admin/sso/permission-matrix
+     */
+    adminGetMatrix: async (orgId) => {
+      return request(apiUrl, "/api/admin/sso/permission-matrix", {
+        headers: buildHeaders(orgId)
+      });
+    }
+  };
+}
+
+// src/core/services/teamService.ts
+function createTeamService(config) {
+  const { apiUrl } = config;
+  return {
+    /**
+     * Get all teams with their permissions (admin only)
+     * GET /api/admin/sso/teams/permissions
+     */
+    list: async (orgId) => {
+      return request(apiUrl, "/api/admin/sso/teams/permissions", {
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * Get specific team permissions (admin only)
+     * GET /api/admin/sso/teams/{teamId}/permissions
+     */
+    getPermissions: async (teamId, orgId) => {
+      return request(apiUrl, `/api/admin/sso/teams/${teamId}/permissions`, {
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * Sync team permissions (admin only)
+     * PUT /api/admin/sso/teams/{teamId}/permissions
+     */
+    syncPermissions: async (teamId, input, orgId) => {
+      return request(apiUrl, `/api/admin/sso/teams/${teamId}/permissions`, {
+        method: "PUT",
+        headers: buildHeaders(orgId),
+        body: JSON.stringify(input)
+      });
+    },
+    /**
+     * Remove all permissions for a team (admin only)
+     * DELETE /api/admin/sso/teams/{teamId}/permissions
+     */
+    removePermissions: async (teamId, orgId) => {
+      return request(apiUrl, `/api/admin/sso/teams/${teamId}/permissions`, {
+        method: "DELETE",
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * List orphaned team permissions (admin only)
+     * GET /api/admin/sso/teams/orphaned
+     */
+    listOrphaned: async (orgId) => {
+      return request(apiUrl, "/api/admin/sso/teams/orphaned", {
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * Restore orphaned team permissions (admin only)
+     * POST /api/admin/sso/teams/orphaned/{teamId}/restore
+     */
+    restoreOrphaned: async (teamId, orgId) => {
+      return request(apiUrl, `/api/admin/sso/teams/orphaned/${teamId}/restore`, {
+        method: "POST",
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * Cleanup orphaned team permissions (admin only)
+     * DELETE /api/admin/sso/teams/orphaned
+     */
+    cleanupOrphaned: async (orgId, input) => {
+      return request(apiUrl, "/api/admin/sso/teams/orphaned", {
+        method: "DELETE",
+        headers: buildHeaders(orgId),
+        body: input ? JSON.stringify(input) : void 0
+      });
+    }
+  };
+}
+
+// src/core/services/userRoleService.ts
+function createUserRoleService(config) {
+  const { apiUrl } = config;
+  return {
+    /**
+     * List user's role assignments with scope information
+     * GET /api/admin/sso/users/{userId}/roles
+     */
+    list: async (userId, orgId) => {
+      const response = await request(
+        apiUrl,
+        `/api/admin/sso/users/${userId}/roles`,
+        { headers: buildHeaders(orgId) }
+      );
+      return response.data;
+    },
+    /**
+     * List user's role assignments filtered by branch context
+     * Returns roles applicable to the given org/branch
+     */
+    listByBranch: async (userId, consoleOrgId, branchId, orgId) => {
+      const all = await request(
+        apiUrl,
+        `/api/admin/sso/users/${userId}/roles`,
+        { headers: buildHeaders(orgId) }
+      );
+      return all.data.filter((a) => {
+        if (a.console_org_id === null) return true;
+        if (a.console_org_id !== consoleOrgId) return false;
+        if (a.console_branch_id === null) return true;
+        return a.console_branch_id === branchId;
+      });
+    },
+    /**
+     * Assign a role to user with scope
+     * POST /api/admin/sso/users/{userId}/roles
+     */
+    assign: async (userId, input, orgId) => {
+      return request(
+        apiUrl,
+        `/api/admin/sso/users/${userId}/roles`,
+        {
+          method: "POST",
+          headers: buildHeaders(orgId),
+          body: JSON.stringify(input)
+        }
+      );
+    },
+    /**
+     * Remove a role assignment from user
+     * DELETE /api/admin/sso/users/{userId}/roles/{roleId}
+     */
+    remove: async (userId, roleId, consoleOrgId, branchId, orgId) => {
+      return request(
+        apiUrl,
+        `/api/admin/sso/users/${userId}/roles/${roleId}`,
+        {
+          method: "DELETE",
+          headers: buildHeaders(orgId),
+          body: JSON.stringify({
+            console_org_id: consoleOrgId ?? null,
+            console_branch_id: branchId ?? null
+          })
+        }
+      );
+    },
+    /**
+     * Sync roles for user in a specific scope
+     * PUT /api/admin/sso/users/{userId}/roles/sync
+     */
+    sync: async (userId, input, orgId) => {
+      return request(
+        apiUrl,
+        `/api/admin/sso/users/${userId}/roles/sync`,
+        {
+          method: "PUT",
+          headers: buildHeaders(orgId),
+          body: JSON.stringify(input)
+        }
+      );
+    }
+  };
+}
+var getScopeLabel = (scope, locale = "en") => {
+  const labels = {
+    global: { en: "Global", ja: "\u30B0\u30ED\u30FC\u30D0\u30EB", vi: "To\xE0n h\u1EC7 th\u1ED1ng" },
+    "org-wide": { en: "Organization", ja: "\u7D44\u7E54\u5168\u4F53", vi: "To\xE0n t\u1ED5 ch\u1EE9c" },
+    branch: { en: "Branch", ja: "\u652F\u5E97\u9650\u5B9A", vi: "Chi nh\xE1nh" }
+  };
+  return labels[scope][locale] || labels[scope]["en"];
+};
+var getEffectivePermissions = (roleAssignments, allRoles, orgId, branchId) => {
+  const permissions = /* @__PURE__ */ new Set();
+  const applicableAssignments = roleAssignments.filter((a) => {
+    if (a.console_org_id === null) return true;
+    if (a.console_org_id !== orgId) return false;
+    if (a.console_branch_id === null) return true;
+    return a.console_branch_id === branchId;
+  });
+  for (const assignment of applicableAssignments) {
+    const role = allRoles.find((r) => r.id === assignment.role.id);
+    if (role?.permissions) {
+      for (const perm of role.permissions) {
+        if (typeof perm === "string") {
+          permissions.add(perm);
+        } else if (perm.slug) {
+          permissions.add(perm.slug);
+        }
+      }
+    }
+  }
+  return Array.from(permissions);
+};
+
+// src/core/services/userService.ts
+function createUserService(config) {
+  const { apiUrl } = config;
+  return {
+    /**
+     * List users with optional filters
+     * GET /api/admin/sso/users
+     */
+    list: async (params, orgId) => {
+      const queryParams = new URLSearchParams();
+      if (params) {
+        Object.entries(params).forEach(([key, value]) => {
+          if (value !== void 0 && value !== null) {
+            queryParams.append(key, String(value));
+          }
+        });
+      }
+      const query = queryParams.toString();
+      const url = `/api/admin/sso/users${query ? `?${query}` : ""}`;
+      return request(apiUrl, url, {
+        headers: buildHeaders(orgId)
+      });
+    },
+    /**
+     * Get single user by ID
+     * GET /api/admin/sso/users/{userId}
+     */
+    get: async (userId, orgId) => {
+      const response = await request(
+        apiUrl,
+        `/api/admin/sso/users/${userId}`,
+        { headers: buildHeaders(orgId) }
+      );
+      return response.data;
+    },
+    /**
+     * Get user permissions breakdown for specific org/branch context
+     * GET /api/admin/sso/users/{userId}/permissions
+     */
+    getPermissions: async (userId, consoleOrgId, branchId, orgId) => {
+      const queryParams = new URLSearchParams();
+      if (consoleOrgId) queryParams.append("org_id", consoleOrgId);
+      if (branchId) queryParams.append("branch_id", branchId);
+      const query = queryParams.toString();
+      const url = `/api/admin/sso/users/${userId}/permissions${query ? `?${query}` : ""}`;
+      return request(apiUrl, url, {
+        headers: buildHeaders(orgId)
+      });
+    }
+  };
+}
+
+// src/core/services/ssoService.ts
+function getXsrfToken3() {
+  if (typeof document === "undefined") return void 0;
+  return document.cookie.split("; ").find((row) => row.startsWith("XSRF-TOKEN="))?.split("=")[1];
+}
+function buildHeaders2(orgId) {
+  const headers = {
+    "Content-Type": "application/json",
+    Accept: "application/json"
+  };
+  const xsrfToken = getXsrfToken3();
+  if (xsrfToken) {
+    headers["X-XSRF-TOKEN"] = decodeURIComponent(xsrfToken);
+  }
+  if (orgId) {
+    headers["X-Organization-Id"] = orgId;
+  }
+  return headers;
+}
+async function csrf2(apiUrl) {
+  await fetch(`${apiUrl}/sanctum/csrf-cookie`, {
+    credentials: "include"
+  });
+}
+async function request2(apiUrl, path, options = {}) {
+  const response = await fetch(`${apiUrl}${path}`, {
+    ...options,
+    credentials: "include"
+  });
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({}));
+    throw new Error(error.message || `HTTP ${response.status}`);
+  }
+  if (response.status === 204) {
+    return void 0;
+  }
+  return response.json();
+}
+function createSsoService(config) {
+  const { apiUrl } = config;
+  return {
+    // =========================================================================
+    // SSO Auth
+    // =========================================================================
+    /**
+     * Exchange SSO authorization code for tokens
+     * POST /api/sso/callback
+     */
+    callback: async (input) => {
+      await csrf2(apiUrl);
+      return request2(apiUrl, "/api/sso/callback", {
+        method: "POST",
+        headers: buildHeaders2(),
+        body: JSON.stringify(input)
+      });
+    },
+    /**
+     * Logout current user and revoke tokens
+     * POST /api/sso/logout
+     */
+    logout: async () => {
+      return request2(apiUrl, "/api/sso/logout", {
+        method: "POST",
+        headers: buildHeaders2()
+      });
+    },
+    /**
+     * Get current authenticated user with organizations
+     * GET /api/sso/user
+     */
+    getUser: async () => {
+      return request2(apiUrl, "/api/sso/user", {
+        headers: buildHeaders2()
+      });
+    },
+    /**
+     * Get Console SSO global logout URL
+     * GET /api/sso/global-logout-url
+     */
+    getGlobalLogoutUrl: async (redirectUri) => {
+      const params = redirectUri ? `?redirect_uri=${encodeURIComponent(redirectUri)}` : "";
+      return request2(apiUrl, `/api/sso/global-logout-url${params}`, {
+        headers: buildHeaders2()
+      });
+    },
+    // =========================================================================
+    // SSO Tokens (for mobile apps)
+    // =========================================================================
+    /**
+     * List all API tokens for current user
+     * GET /api/sso/tokens
+     */
+    getTokens: async () => {
+      return request2(apiUrl, "/api/sso/tokens", {
+        headers: buildHeaders2()
+      });
+    },
+    /**
+     * Revoke a specific token
+     * DELETE /api/sso/tokens/{tokenId}
+     */
+    revokeToken: async (tokenId) => {
+      return request2(apiUrl, `/api/sso/tokens/${tokenId}`, {
+        method: "DELETE",
+        headers: buildHeaders2()
+      });
+    },
+    /**
+     * Revoke all tokens except current
+     * POST /api/sso/tokens/revoke-others
+     */
+    revokeOtherTokens: async () => {
+      return request2(apiUrl, "/api/sso/tokens/revoke-others", {
+        method: "POST",
+        headers: buildHeaders2()
+      });
+    },
+    // =========================================================================
+    // Roles (Read-only for authenticated users)
+    // =========================================================================
+    /**
+     * Get all roles
+     * GET /api/sso/roles
+     */
+    getRoles: async () => {
+      return request2(apiUrl, "/api/sso/roles", {
+        headers: buildHeaders2()
+      });
+    },
+    /**
+     * Get single role with permissions
+     * GET /api/sso/roles/{id}
+     */
+    getRole: async (id) => {
+      return request2(apiUrl, `/api/sso/roles/${id}`, {
+        headers: buildHeaders2()
+      });
+    },
+    // =========================================================================
+    // Permissions (Read-only for authenticated users)
+    // =========================================================================
+    /**
+     * Get all permissions
+     * GET /api/sso/permissions
+     */
+    getPermissions: async (params) => {
+      const queryString = params ? `?${new URLSearchParams(
+        Object.entries(params).filter(([, v]) => v !== void 0).map(([k, v]) => [k, String(v)])
+      )}` : "";
+      return request2(apiUrl, `/api/sso/permissions${queryString}`, {
+        headers: buildHeaders2()
+      });
+    },
+    /**
+     * Get permission matrix (roles x permissions)
+     * GET /api/sso/permission-matrix
+     */
+    getPermissionMatrix: async () => {
+      return request2(apiUrl, "/api/sso/permission-matrix", {
+        headers: buildHeaders2()
+      });
+    },
+    // =========================================================================
+    // Admin - Roles (requires admin role + org context)
+    // =========================================================================
+    /**
+     * List all roles (admin)
+     * GET /api/admin/sso/roles
+     */
+    adminGetRoles: async (orgId) => {
+      return request2(apiUrl, "/api/admin/sso/roles", {
+        headers: buildHeaders2(orgId)
+      });
+    },
+    /**
+     * Get single role (admin)
+     * GET /api/admin/sso/roles/{id}
+     */
+    adminGetRole: async (id, orgId) => {
+      return request2(apiUrl, `/api/admin/sso/roles/${id}`, {
+        headers: buildHeaders2(orgId)
+      });
+    },
+    /**
+     * Create role (admin only)
+     * POST /api/admin/sso/roles
+     */
+    createRole: async (input, orgId) => {
+      return request2(apiUrl, "/api/admin/sso/roles", {
+        method: "POST",
+        headers: buildHeaders2(orgId),
+        body: JSON.stringify(input)
+      });
+    },
+    /**
+     * Update role (admin only)
+     * PUT /api/admin/sso/roles/{id}
+     */
+    updateRole: async (id, input, orgId) => {
+      return request2(apiUrl, `/api/admin/sso/roles/${id}`, {
+        method: "PUT",
+        headers: buildHeaders2(orgId),
+        body: JSON.stringify(input)
+      });
+    },
+    /**
+     * Delete role (admin only)
+     * DELETE /api/admin/sso/roles/{id}
+     */
+    deleteRole: async (id, orgId) => {
+      return request2(apiUrl, `/api/admin/sso/roles/${id}`, {
+        method: "DELETE",
+        headers: buildHeaders2(orgId)
+      });
+    },
+    /**
+     * Get role's permissions (admin)
+     * GET /api/admin/sso/roles/{id}/permissions
+     */
+    getRolePermissions: async (id, orgId) => {
+      return request2(apiUrl, `/api/admin/sso/roles/${id}/permissions`, {
+        headers: buildHeaders2(orgId)
+      });
+    },
+    /**
+     * Sync role's permissions (admin)
+     * PUT /api/admin/sso/roles/{id}/permissions
+     */
+    syncRolePermissions: async (id, input, orgId) => {
+      return request2(apiUrl, `/api/admin/sso/roles/${id}/permissions`, {
+        method: "PUT",
+        headers: buildHeaders2(orgId),
+        body: JSON.stringify(input)
+      });
+    },
+    // =========================================================================
+    // Admin - Permissions (requires admin role + org context)
+    // =========================================================================
+    /**
+     * List all permissions (admin)
+     * GET /api/admin/sso/permissions
+     */
+    adminGetPermissions: async (orgId, params) => {
+      const queryString = params ? `?${new URLSearchParams(
+        Object.entries(params).filter(([, v]) => v !== void 0).map(([k, v]) => [k, String(v)])
+      )}` : "";
+      return request2(apiUrl, `/api/admin/sso/permissions${queryString}`, {
+        headers: buildHeaders2(orgId)
+      });
+    },
+    /**
+     * Get single permission (admin)
+     * GET /api/admin/sso/permissions/{id}
+     */
+    adminGetPermission: async (id, orgId) => {
+      return request2(apiUrl, `/api/admin/sso/permissions/${id}`, {
+        headers: buildHeaders2(orgId)
+      });
+    },
+    /**
+     * Create permission (admin only)
+     * POST /api/admin/sso/permissions
+     */
+    createPermission: async (input, orgId) => {
+      return request2(apiUrl, "/api/admin/sso/permissions", {
+        method: "POST",
+        headers: buildHeaders2(orgId),
+        body: JSON.stringify(input)
+      });
+    },
+    /**
+     * Update permission (admin only)
+     * PUT /api/admin/sso/permissions/{id}
+     */
+    updatePermission: async (id, input, orgId) => {
+      return request2(apiUrl, `/api/admin/sso/permissions/${id}`, {
+        method: "PUT",
+        headers: buildHeaders2(orgId),
+        body: JSON.stringify(input)
+      });
+    },
+    /**
+     * Delete permission (admin only)
+     * DELETE /api/admin/sso/permissions/{id}
+     */
+    deletePermission: async (id, orgId) => {
+      return request2(apiUrl, `/api/admin/sso/permissions/${id}`, {
+        method: "DELETE",
+        headers: buildHeaders2(orgId)
+      });
+    },
+    /**
+     * Get permission matrix (admin)
+     * GET /api/admin/sso/permission-matrix
+     */
+    adminGetPermissionMatrix: async (orgId) => {
+      return request2(apiUrl, "/api/admin/sso/permission-matrix", {
+        headers: buildHeaders2(orgId)
+      });
+    },
+    // =========================================================================
+    // Admin - Team Permissions (requires admin role + org context)
+    // =========================================================================
+    /**
+     * Get all teams with their permissions (admin only)
+     * GET /api/admin/sso/teams/permissions
+     */
+    getTeamPermissions: async (orgId) => {
+      return request2(apiUrl, "/api/admin/sso/teams/permissions", {
+        headers: buildHeaders2(orgId)
+      });
+    },
+    /**
+     * Get specific team permissions (admin only)
+     * GET /api/admin/sso/teams/{teamId}/permissions
+     */
+    getTeamPermission: async (teamId, orgId) => {
+      return request2(apiUrl, `/api/admin/sso/teams/${teamId}/permissions`, {
+        headers: buildHeaders2(orgId)
+      });
+    },
+    /**
+     * Sync team permissions (admin only)
+     * PUT /api/admin/sso/teams/{teamId}/permissions
+     */
+    syncTeamPermissions: async (teamId, input, orgId) => {
+      return request2(apiUrl, `/api/admin/sso/teams/${teamId}/permissions`, {
+        method: "PUT",
+        headers: buildHeaders2(orgId),
+        body: JSON.stringify(input)
+      });
+    },
+    /**
+     * Remove all permissions for a team (admin only)
+     * DELETE /api/admin/sso/teams/{teamId}/permissions
+     */
+    removeTeamPermissions: async (teamId, orgId) => {
+      return request2(apiUrl, `/api/admin/sso/teams/${teamId}/permissions`, {
+        method: "DELETE",
+        headers: buildHeaders2(orgId)
+      });
+    },
+    // =========================================================================
+    // Admin - Orphaned Team Permissions (requires admin role + org context)
+    // =========================================================================
+    /**
+     * List orphaned team permissions (admin only)
+     * GET /api/admin/sso/teams/orphaned
+     */
+    getOrphanedTeamPermissions: async (orgId) => {
+      return request2(apiUrl, "/api/admin/sso/teams/orphaned", {
+        headers: buildHeaders2(orgId)
+      });
+    },
+    /**
+     * Restore orphaned team permissions (admin only)
+     * POST /api/admin/sso/teams/orphaned/{teamId}/restore
+     */
+    restoreOrphanedTeamPermissions: async (teamId, orgId) => {
+      return request2(apiUrl, `/api/admin/sso/teams/orphaned/${teamId}/restore`, {
+        method: "POST",
+        headers: buildHeaders2(orgId)
+      });
+    },
+    /**
+     * Cleanup orphaned team permissions (admin only)
+     * DELETE /api/admin/sso/teams/orphaned
+     */
+    cleanupOrphanedTeamPermissions: async (orgId, input) => {
+      return request2(apiUrl, "/api/admin/sso/teams/orphaned", {
+        method: "DELETE",
+        headers: buildHeaders2(orgId),
+        body: input ? JSON.stringify(input) : void 0
+      });
+    }
+  };
+}
+
+// src/core/utils/branchHeaders.ts
+var BRANCH_HEADERS = {
+  BRANCH_ID: "X-Branch-Id",
+  ORG_ID: "X-Organization-Id"
+};
+function createBranchHeaderSetter(axiosInstance) {
+  return (selection) => {
+    if (selection) {
+      axiosInstance.defaults.headers.common[BRANCH_HEADERS.BRANCH_ID] = selection.branchId;
+      axiosInstance.defaults.headers.common[BRANCH_HEADERS.ORG_ID] = selection.orgId;
+    } else {
+      delete axiosInstance.defaults.headers.common[BRANCH_HEADERS.BRANCH_ID];
+      delete axiosInstance.defaults.headers.common[BRANCH_HEADERS.ORG_ID];
+    }
+  };
+}
+function setBranchHeaders(axiosInstance, selection) {
+  createBranchHeaderSetter(axiosInstance)(selection);
+}
+
+// src/core/i18n/index.tsx
+var import_react8 = require("react");
+var import_react_i18next = require("react-i18next");
+var import_i18next = __toESM(require("i18next"), 1);
+var import_jsx_runtime3 = require("react/jsx-runtime");
+var locales = ["ja", "en", "vi"];
+var localeNames = {
+  ja: "\u65E5\u672C\u8A9E",
+  en: "English",
+  vi: "Ti\u1EBFng Vi\u1EC7t"
+};
+var defaultLocale = "ja";
+var I18nContext = (0, import_react8.createContext)(null);
+var i18nInitialized = false;
+function initializeI18n(initialLocale, fallbackLocale2, translations) {
+  if (i18nInitialized) {
+    return import_i18next.default;
+  }
+  const resources = {};
+  for (const locale of locales) {
+    resources[locale] = {
+      translation: {
+        ...defaultTranslations[locale],
+        ...translations?.[locale] || {}
+      }
+    };
+  }
+  import_i18next.default.use(import_react_i18next.initReactI18next).init({
+    resources,
+    lng: initialLocale,
+    fallbackLng: fallbackLocale2,
+    interpolation: {
+      escapeValue: false
+    },
+    react: {
+      useSuspense: false
+    }
+  });
+  i18nInitialized = true;
+  return import_i18next.default;
+}
+function I18nProvider({
+  children,
+  defaultLocale: initialLocale = "ja",
+  fallbackLocale: fallbackLocale2 = "ja",
+  translations
+}) {
+  const i18nInstance = (0, import_react8.useMemo)(
+    () => initializeI18n(initialLocale, fallbackLocale2, translations),
+    [initialLocale, fallbackLocale2, translations]
+  );
+  return /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_react_i18next.I18nextProvider, { i18n: i18nInstance, children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(I18nProviderInner, { initialLocale, children }) });
+}
+function I18nProviderInner({
+  children,
+  initialLocale
+}) {
+  const [locale, setLocaleState] = (0, import_react8.useState)(initialLocale);
+  const { t: translate, i18n: i18nInstance } = (0, import_react_i18next.useTranslation)();
+  const setLocale = (0, import_react8.useCallback)((newLocale) => {
+    setLocaleState(newLocale);
+    i18nInstance?.changeLanguage(newLocale);
+    if (typeof document !== "undefined") {
+      document.cookie = `locale=${newLocale};path=/;max-age=31536000`;
+    }
+  }, [i18nInstance]);
+  const t = (0, import_react8.useCallback)((key, options) => {
+    return String(translate(key, options));
+  }, [translate]);
+  (0, import_react8.useEffect)(() => {
+    if (typeof document !== "undefined") {
+      const cookieLocale = document.cookie.split("; ").find((row) => row.startsWith("locale="))?.split("=")[1];
+      if (cookieLocale && locales.includes(cookieLocale)) {
+        setLocale(cookieLocale);
+      }
+    }
+  }, [setLocale]);
+  return /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(I18nContext.Provider, { value: { locale, setLocale, t }, children });
+}
+function useLocale() {
+  const context = (0, import_react8.useContext)(I18nContext);
+  const { i18n: i18nInstance } = (0, import_react_i18next.useTranslation)();
+  if (context) {
+    return context.locale;
+  }
+  return i18nInstance?.language || defaultLocale;
+}
+function useTranslations() {
+  const { t } = (0, import_react_i18next.useTranslation)();
+  return t;
+}
+function useSsoTranslation() {
+  return (0, import_react_i18next.useTranslation)("sso");
+}
+function getCurrentLocale() {
+  if (typeof document !== "undefined") {
+    const cookieLocale = document.cookie.split("; ").find((row) => row.startsWith("locale="))?.split("=")[1];
+    if (cookieLocale && locales.includes(cookieLocale)) {
+      return cookieLocale;
+    }
+  }
+  return defaultLocale;
+}
+function changeLanguage(locale) {
+  import_i18next.default.changeLanguage(locale);
+  if (typeof document !== "undefined") {
+    document.cookie = `locale=${locale};path=/;max-age=31536000`;
+  }
+}
+var ssoNamespace = "sso";
+var defaultTranslations = {
+  ja: {
+    login: "\u30ED\u30B0\u30A4\u30F3",
+    logout: "\u30ED\u30B0\u30A2\u30A6\u30C8",
+    loading: "\u8AAD\u307F\u8FBC\u307F\u4E2D...",
+    error: "\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F",
+    retry: "\u518D\u8A66\u884C",
+    cancel: "\u30AD\u30E3\u30F3\u30BB\u30EB",
+    save: "\u4FDD\u5B58",
+    delete: "\u524A\u9664",
+    edit: "\u7DE8\u96C6",
+    create: "\u65B0\u898F\u4F5C\u6210",
+    search: "\u691C\u7D22",
+    reset: "\u30EA\u30BB\u30C3\u30C8",
+    noData: "\u30C7\u30FC\u30BF\u304C\u3042\u308A\u307E\u305B\u3093",
+    confirmDelete: "\u524A\u9664\u3057\u3066\u3082\u3088\u308D\u3057\u3044\u3067\u3059\u304B\uFF1F"
+  },
+  en: {
+    login: "Login",
+    logout: "Logout",
+    loading: "Loading...",
+    error: "An error occurred",
+    retry: "Retry",
+    cancel: "Cancel",
+    save: "Save",
+    delete: "Delete",
+    edit: "Edit",
+    create: "Create",
+    search: "Search",
+    reset: "Reset",
+    noData: "No data",
+    confirmDelete: "Are you sure you want to delete?"
+  },
+  vi: {
+    login: "\u0110\u0103ng nh\u1EADp",
+    logout: "\u0110\u0103ng xu\u1EA5t",
+    loading: "\u0110ang t\u1EA3i...",
+    error: "\u0110\xE3 x\u1EA3y ra l\u1ED7i",
+    retry: "Th\u1EED l\u1EA1i",
+    cancel: "H\u1EE7y",
+    save: "L\u01B0u",
+    delete: "X\xF3a",
+    edit: "S\u1EEDa",
+    create: "T\u1EA1o m\u1EDBi",
+    search: "T\xECm ki\u1EBFm",
+    reset: "\u0110\u1EB7t l\u1EA1i",
+    noData: "Kh\xF4ng c\xF3 d\u1EEF li\u1EC7u",
+    confirmDelete: "B\u1EA1n c\xF3 ch\u1EAFc ch\u1EAFn mu\u1ED1n x\xF3a?"
+  }
+};
+
+// src/core/schemas/index.ts
+var schemas_exports = {};
+__export(schemas_exports, {
+  branchCacheCreateSchema: () => branchCacheCreateSchema,
+  branchCacheI18n: () => branchCacheI18n,
+  branchCacheSchemas: () => branchCacheSchemas,
+  branchCacheUpdateSchema: () => branchCacheUpdateSchema,
+  defaultLocale: () => defaultLocale2,
+  fallbackLocale: () => fallbackLocale,
+  getBranchCacheFieldLabel: () => getBranchCacheFieldLabel,
+  getBranchCacheFieldPlaceholder: () => getBranchCacheFieldPlaceholder,
+  getBranchCacheLabel: () => getBranchCacheLabel,
+  getMessage: () => getMessage,
+  getMessages: () => getMessages,
+  getOrganizationCacheFieldLabel: () => getOrganizationCacheFieldLabel,
+  getOrganizationCacheFieldPlaceholder: () => getOrganizationCacheFieldPlaceholder,
+  getOrganizationCacheLabel: () => getOrganizationCacheLabel,
+  getPermissionFieldLabel: () => getPermissionFieldLabel,
+  getPermissionFieldPlaceholder: () => getPermissionFieldPlaceholder,
+  getPermissionLabel: () => getPermissionLabel,
+  getRoleFieldLabel: () => getRoleFieldLabel,
+  getRoleFieldPlaceholder: () => getRoleFieldPlaceholder,
+  getRoleLabel: () => getRoleLabel,
+  getRolePermissionFieldLabel: () => getRolePermissionFieldLabel,
+  getRolePermissionFieldPlaceholder: () => getRolePermissionFieldPlaceholder,
+  getRolePermissionLabel: () => getRolePermissionLabel,
+  getTeamCacheFieldLabel: () => getTeamCacheFieldLabel,
+  getTeamCacheFieldPlaceholder: () => getTeamCacheFieldPlaceholder,
+  getTeamCacheLabel: () => getTeamCacheLabel,
+  getTeamPermissionFieldLabel: () => getTeamPermissionFieldLabel,
+  getTeamPermissionFieldPlaceholder: () => getTeamPermissionFieldPlaceholder,
+  getTeamPermissionLabel: () => getTeamPermissionLabel,
+  getUserCacheFieldLabel: () => getUserCacheFieldLabel,
+  getUserCacheFieldPlaceholder: () => getUserCacheFieldPlaceholder,
+  getUserCacheLabel: () => getUserCacheLabel,
+  organizationCacheCreateSchema: () => organizationCacheCreateSchema,
+  organizationCacheI18n: () => organizationCacheI18n,
+  organizationCacheSchemas: () => organizationCacheSchemas,
+  organizationCacheUpdateSchema: () => organizationCacheUpdateSchema,
+  permissionCreateSchema: () => permissionCreateSchema,
+  permissionI18n: () => permissionI18n,
+  permissionSchemas: () => permissionSchemas,
+  permissionUpdateSchema: () => permissionUpdateSchema,
+  roleCreateSchema: () => roleCreateSchema,
+  roleI18n: () => roleI18n,
+  rolePermissionCreateSchema: () => rolePermissionCreateSchema,
+  rolePermissionI18n: () => rolePermissionI18n,
+  rolePermissionSchemas: () => rolePermissionSchemas,
+  rolePermissionUpdateSchema: () => rolePermissionUpdateSchema,
+  roleSchemas: () => roleSchemas,
+  roleUpdateSchema: () => roleUpdateSchema,
+  supportedLocales: () => supportedLocales,
+  teamCacheCreateSchema: () => teamCacheCreateSchema,
+  teamCacheI18n: () => teamCacheI18n,
+  teamCacheSchemas: () => teamCacheSchemas,
+  teamCacheUpdateSchema: () => teamCacheUpdateSchema,
+  teamPermissionCreateSchema: () => teamPermissionCreateSchema,
+  teamPermissionI18n: () => teamPermissionI18n,
+  teamPermissionSchemas: () => teamPermissionSchemas,
+  teamPermissionUpdateSchema: () => teamPermissionUpdateSchema,
+  userCacheCreateSchema: () => userCacheCreateSchema,
+  userCacheI18n: () => userCacheI18n,
+  userCacheSchemas: () => userCacheSchemas,
+  userCacheUpdateSchema: () => userCacheUpdateSchema,
+  validationMessages: () => validationMessages
+});
+
+// src/core/schemas/base/i18n.ts
+var defaultLocale2 = "ja";
+var fallbackLocale = "en";
+var supportedLocales = ["ja", "en"];
+var validationMessages = {
+  "required": {
+    "ja": "${displayName}\u306F\u5FC5\u9808\u3067\u3059",
+    "en": "${displayName} is required"
+  },
+  "minLength": {
+    "ja": "${displayName}\u306F${min}\u6587\u5B57\u4EE5\u4E0A\u3067\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044",
+    "en": "${displayName} must be at least ${min} characters"
+  },
+  "maxLength": {
+    "ja": "${displayName}\u306F${max}\u6587\u5B57\u4EE5\u5185\u3067\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044",
+    "en": "${displayName} must be at most ${max} characters"
+  },
+  "min": {
+    "ja": "${displayName}\u306F${min}\u4EE5\u4E0A\u3067\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044",
+    "en": "${displayName} must be at least ${min}"
+  },
+  "max": {
+    "ja": "${displayName}\u306F${max}\u4EE5\u4E0B\u3067\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044",
+    "en": "${displayName} must be at most ${max}"
+  },
+  "email": {
+    "ja": "\u6709\u52B9\u306A\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044",
+    "en": "Please enter a valid email address"
+  },
+  "url": {
+    "ja": "\u6709\u52B9\u306AURL\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044",
+    "en": "Please enter a valid URL"
+  },
+  "pattern": {
+    "ja": "${displayName}\u306E\u5F62\u5F0F\u304C\u6B63\u3057\u304F\u3042\u308A\u307E\u305B\u3093",
+    "en": "${displayName} format is invalid"
+  }
+};
+function getMessage(key, locale, params = {}) {
+  const messages = validationMessages[key];
+  if (!messages) return key;
+  let message = messages[locale] ?? messages[fallbackLocale] ?? messages[defaultLocale2] ?? key;
+  for (const [param, value] of Object.entries(params)) {
+    message = message.replace(new RegExp(`\\\${${param}}`, "g"), String(value));
+  }
+  return message;
+}
+function getMessages(locale) {
+  const result = {};
+  for (const [key, messages] of Object.entries(validationMessages)) {
+    result[key] = messages[locale] ?? messages[fallbackLocale] ?? messages[defaultLocale2] ?? key;
+  }
+  return result;
+}
+
+// src/core/schemas/base/BranchCache.ts
+var import_zod = require("zod");
+var branchCacheI18n = {
+  /** Model display name */
+  label: { "ja": "\u652F\u5E97\u30AD\u30E3\u30C3\u30B7\u30E5", "en": "Branch Cache" },
+  /** Field labels and placeholders */
+  fields: {
+    console_branch_id: {
+      label: { "ja": "Console Branch ID", "en": "Console Branch ID" }
+    },
+    console_org_id: {
+      label: { "ja": "Console Organization ID", "en": "Console Organization ID" }
+    },
+    code: {
+      label: { "ja": "\u652F\u5E97\u30B3\u30FC\u30C9", "en": "Branch Code" }
+    },
+    name: {
+      label: { "ja": "\u652F\u5E97\u540D", "en": "Branch Name" }
+    },
+    is_headquarters: {
+      label: { "ja": "\u672C\u793E", "en": "Is Headquarters" }
+    },
+    is_active: {
+      label: { "ja": "\u6709\u52B9", "en": "Active" }
+    }
+  }
+};
+var baseBranchCacheSchemas = {
+  console_branch_id: import_zod.z.string(),
+  console_org_id: import_zod.z.string(),
+  code: import_zod.z.string().min(1).max(20),
+  name: import_zod.z.string().min(1).max(100),
+  is_headquarters: import_zod.z.boolean(),
+  is_active: import_zod.z.boolean()
+};
+var baseBranchCacheCreateSchema = import_zod.z.object({
+  console_branch_id: baseBranchCacheSchemas.console_branch_id,
+  console_org_id: baseBranchCacheSchemas.console_org_id,
+  code: baseBranchCacheSchemas.code,
+  name: baseBranchCacheSchemas.name,
+  is_headquarters: baseBranchCacheSchemas.is_headquarters,
+  is_active: baseBranchCacheSchemas.is_active
+});
+var baseBranchCacheUpdateSchema = baseBranchCacheCreateSchema.partial();
+function getBranchCacheLabel(locale) {
+  return branchCacheI18n.label[locale] ?? branchCacheI18n.label["en"] ?? "BranchCache";
+}
+function getBranchCacheFieldLabel(field, locale) {
+  const fieldI18n = branchCacheI18n.fields[field];
+  if (!fieldI18n) return field;
+  return fieldI18n.label[locale] ?? fieldI18n.label["en"] ?? field;
+}
+function getBranchCacheFieldPlaceholder(field, locale) {
+  const fieldI18n = branchCacheI18n.fields[field];
+  if (!fieldI18n || !("placeholder" in fieldI18n)) return "";
+  const placeholder = fieldI18n.placeholder;
+  return placeholder[locale] ?? placeholder["en"] ?? "";
+}
+
+// src/core/schemas/BranchCache.ts
+var branchCacheSchemas = { ...baseBranchCacheSchemas };
+var branchCacheCreateSchema = baseBranchCacheCreateSchema;
+var branchCacheUpdateSchema = baseBranchCacheUpdateSchema;
+
+// src/core/schemas/base/OrganizationCache.ts
+var import_zod2 = require("zod");
+var organizationCacheI18n = {
+  /** Model display name */
+  label: { "ja": "\u7D44\u7E54\u30AD\u30E3\u30C3\u30B7\u30E5", "en": "Organization Cache" },
+  /** Field labels and placeholders */
+  fields: {
+    console_org_id: {
+      label: { "ja": "Console Organization ID", "en": "Console Organization ID" }
+    },
+    name: {
+      label: { "ja": "\u7D44\u7E54\u540D", "en": "Organization Name" }
+    },
+    code: {
+      label: { "ja": "\u7D44\u7E54\u30B3\u30FC\u30C9", "en": "Organization Code" }
+    },
+    is_active: {
+      label: { "ja": "\u6709\u52B9", "en": "Active" }
+    }
+  }
+};
+var baseOrganizationCacheSchemas = {
+  console_org_id: import_zod2.z.string(),
+  name: import_zod2.z.string().min(1).max(100),
+  code: import_zod2.z.string().min(1).max(20),
+  is_active: import_zod2.z.boolean()
+};
+var baseOrganizationCacheCreateSchema = import_zod2.z.object({
+  console_org_id: baseOrganizationCacheSchemas.console_org_id,
+  name: baseOrganizationCacheSchemas.name,
+  code: baseOrganizationCacheSchemas.code,
+  is_active: baseOrganizationCacheSchemas.is_active
+});
+var baseOrganizationCacheUpdateSchema = baseOrganizationCacheCreateSchema.partial();
+function getOrganizationCacheLabel(locale) {
+  return organizationCacheI18n.label[locale] ?? organizationCacheI18n.label["en"] ?? "OrganizationCache";
+}
+function getOrganizationCacheFieldLabel(field, locale) {
+  const fieldI18n = organizationCacheI18n.fields[field];
+  if (!fieldI18n) return field;
+  return fieldI18n.label[locale] ?? fieldI18n.label["en"] ?? field;
+}
+function getOrganizationCacheFieldPlaceholder(field, locale) {
+  const fieldI18n = organizationCacheI18n.fields[field];
+  if (!fieldI18n || !("placeholder" in fieldI18n)) return "";
+  const placeholder = fieldI18n.placeholder;
+  return placeholder[locale] ?? placeholder["en"] ?? "";
+}
+
+// src/core/schemas/OrganizationCache.ts
+var organizationCacheSchemas = { ...baseOrganizationCacheSchemas };
+var organizationCacheCreateSchema = baseOrganizationCacheCreateSchema;
+var organizationCacheUpdateSchema = baseOrganizationCacheUpdateSchema;
+
+// src/core/schemas/base/Permission.ts
+var import_zod3 = require("zod");
+var permissionI18n = {
+  /** Model display name */
+  label: { "ja": "\u6A29\u9650", "en": "Permission" },
+  /** Field labels and placeholders */
+  fields: {
+    name: {
+      label: { "ja": "\u6A29\u9650\u540D", "en": "Permission Name" }
+    },
+    slug: {
+      label: { "ja": "\u30B9\u30E9\u30C3\u30B0", "en": "Slug" }
+    },
+    group: {
+      label: { "ja": "\u30B0\u30EB\u30FC\u30D7", "en": "Group" }
+    },
+    roles: {
+      label: { "ja": "\u30ED\u30FC\u30EB", "en": "Roles" }
+    }
+  }
+};
+var basePermissionSchemas = {
+  name: import_zod3.z.string().min(1).max(100),
+  slug: import_zod3.z.string().min(1).max(100),
+  group: import_zod3.z.string().max(50).optional().nullable()
+};
+var basePermissionCreateSchema = import_zod3.z.object({
+  name: basePermissionSchemas.name,
+  slug: basePermissionSchemas.slug,
+  group: basePermissionSchemas.group
+});
+var basePermissionUpdateSchema = basePermissionCreateSchema.partial();
+function getPermissionLabel(locale) {
+  return permissionI18n.label[locale] ?? permissionI18n.label["en"] ?? "Permission";
+}
+function getPermissionFieldLabel(field, locale) {
+  const fieldI18n = permissionI18n.fields[field];
+  if (!fieldI18n) return field;
+  return fieldI18n.label[locale] ?? fieldI18n.label["en"] ?? field;
+}
+function getPermissionFieldPlaceholder(field, locale) {
+  const fieldI18n = permissionI18n.fields[field];
+  if (!fieldI18n || !("placeholder" in fieldI18n)) return "";
+  const placeholder = fieldI18n.placeholder;
+  return placeholder[locale] ?? placeholder["en"] ?? "";
+}
+
+// src/core/schemas/Permission.ts
+var permissionSchemas = { ...basePermissionSchemas };
+var permissionCreateSchema = basePermissionCreateSchema;
+var permissionUpdateSchema = basePermissionUpdateSchema;
+
+// src/core/schemas/base/Role.ts
+var import_zod4 = require("zod");
+var roleI18n = {
+  /** Model display name */
+  label: { "ja": "\u30ED\u30FC\u30EB", "en": "Role" },
+  /** Field labels and placeholders */
+  fields: {
+    console_org_id: {
+      label: { "ja": "\u7D44\u7E54ID", "en": "Organization ID" }
+    },
+    name: {
+      label: { "ja": "\u30ED\u30FC\u30EB\u540D", "en": "Role Name" }
+    },
+    slug: {
+      label: { "ja": "\u30B9\u30E9\u30C3\u30B0", "en": "Slug" }
+    },
+    description: {
+      label: { "ja": "\u8AAC\u660E", "en": "Description" }
+    },
+    level: {
+      label: { "ja": "\u30EC\u30D9\u30EB", "en": "Level" }
+    },
+    permissions: {
+      label: { "ja": "\u6A29\u9650", "en": "Permissions" }
+    }
+  }
+};
+var baseRoleSchemas = {
+  console_org_id: import_zod4.z.string().max(36).optional().nullable(),
+  name: import_zod4.z.string().min(1).max(100),
+  slug: import_zod4.z.string().min(1).max(100),
+  description: import_zod4.z.string().optional().nullable(),
+  level: import_zod4.z.number().int()
+};
+var baseRoleCreateSchema = import_zod4.z.object({
+  console_org_id: baseRoleSchemas.console_org_id,
+  name: baseRoleSchemas.name,
+  slug: baseRoleSchemas.slug,
+  description: baseRoleSchemas.description,
+  level: baseRoleSchemas.level
+});
+var baseRoleUpdateSchema = baseRoleCreateSchema.partial();
+function getRoleLabel(locale) {
+  return roleI18n.label[locale] ?? roleI18n.label["en"] ?? "Role";
+}
+function getRoleFieldLabel(field, locale) {
+  const fieldI18n = roleI18n.fields[field];
+  if (!fieldI18n) return field;
+  return fieldI18n.label[locale] ?? fieldI18n.label["en"] ?? field;
+}
+function getRoleFieldPlaceholder(field, locale) {
+  const fieldI18n = roleI18n.fields[field];
+  if (!fieldI18n || !("placeholder" in fieldI18n)) return "";
+  const placeholder = fieldI18n.placeholder;
+  return placeholder[locale] ?? placeholder["en"] ?? "";
+}
+
+// src/core/schemas/Role.ts
+var roleSchemas = { ...baseRoleSchemas };
+var roleCreateSchema = baseRoleCreateSchema;
+var roleUpdateSchema = baseRoleUpdateSchema;
+
+// src/core/schemas/base/RolePermission.ts
+var import_zod5 = require("zod");
+var rolePermissionI18n = {
+  /** Model display name */
+  label: { "ja": "\u30ED\u30FC\u30EB\u6A29\u9650", "en": "Role Permission" },
+  /** Field labels and placeholders */
+  fields: {
+    role: {
+      label: { "ja": "\u30ED\u30FC\u30EB", "en": "Role" }
+    },
+    permission: {
+      label: { "ja": "\u6A29\u9650", "en": "Permission" }
+    }
+  }
+};
+var baseRolePermissionSchemas = {};
+var baseRolePermissionCreateSchema = import_zod5.z.object({});
+var baseRolePermissionUpdateSchema = baseRolePermissionCreateSchema.partial();
+function getRolePermissionLabel(locale) {
+  return rolePermissionI18n.label[locale] ?? rolePermissionI18n.label["en"] ?? "RolePermission";
+}
+function getRolePermissionFieldLabel(field, locale) {
+  const fieldI18n = rolePermissionI18n.fields[field];
+  if (!fieldI18n) return field;
+  return fieldI18n.label[locale] ?? fieldI18n.label["en"] ?? field;
+}
+function getRolePermissionFieldPlaceholder(field, locale) {
+  const fieldI18n = rolePermissionI18n.fields[field];
+  if (!fieldI18n || !("placeholder" in fieldI18n)) return "";
+  const placeholder = fieldI18n.placeholder;
+  return placeholder[locale] ?? placeholder["en"] ?? "";
+}
+
+// src/core/schemas/RolePermission.ts
+var rolePermissionSchemas = { ...baseRolePermissionSchemas };
+var rolePermissionCreateSchema = baseRolePermissionCreateSchema;
+var rolePermissionUpdateSchema = baseRolePermissionUpdateSchema;
+
+// src/core/schemas/base/TeamCache.ts
+var import_zod6 = require("zod");
+var teamCacheI18n = {
+  /** Model display name */
+  label: { "ja": "\u30C1\u30FC\u30E0\u30AD\u30E3\u30C3\u30B7\u30E5", "en": "Team Cache" },
+  /** Field labels and placeholders */
+  fields: {
+    console_team_id: {
+      label: { "ja": "Console Team ID", "en": "Console Team ID" }
+    },
+    console_org_id: {
+      label: { "ja": "Console Organization ID", "en": "Console Organization ID" }
+    },
+    name: {
+      label: { "ja": "\u30C1\u30FC\u30E0\u540D", "en": "Team Name" }
+    }
+  }
+};
+var baseTeamCacheSchemas = {
+  console_team_id: import_zod6.z.string(),
+  console_org_id: import_zod6.z.string(),
+  name: import_zod6.z.string().min(1).max(100)
+};
+var baseTeamCacheCreateSchema = import_zod6.z.object({
+  console_team_id: baseTeamCacheSchemas.console_team_id,
+  console_org_id: baseTeamCacheSchemas.console_org_id,
+  name: baseTeamCacheSchemas.name
+});
+var baseTeamCacheUpdateSchema = baseTeamCacheCreateSchema.partial();
+function getTeamCacheLabel(locale) {
+  return teamCacheI18n.label[locale] ?? teamCacheI18n.label["en"] ?? "TeamCache";
+}
+function getTeamCacheFieldLabel(field, locale) {
+  const fieldI18n = teamCacheI18n.fields[field];
+  if (!fieldI18n) return field;
+  return fieldI18n.label[locale] ?? fieldI18n.label["en"] ?? field;
+}
+function getTeamCacheFieldPlaceholder(field, locale) {
+  const fieldI18n = teamCacheI18n.fields[field];
+  if (!fieldI18n || !("placeholder" in fieldI18n)) return "";
+  const placeholder = fieldI18n.placeholder;
+  return placeholder[locale] ?? placeholder["en"] ?? "";
+}
+
+// src/core/schemas/TeamCache.ts
+var teamCacheSchemas = { ...baseTeamCacheSchemas };
+var teamCacheCreateSchema = baseTeamCacheCreateSchema;
+var teamCacheUpdateSchema = baseTeamCacheUpdateSchema;
+
+// src/core/schemas/base/TeamPermission.ts
+var import_zod7 = require("zod");
+var teamPermissionI18n = {
+  /** Model display name */
+  label: { "ja": "\u30C1\u30FC\u30E0\u6A29\u9650", "en": "Team Permission" },
+  /** Field labels and placeholders */
+  fields: {
+    console_org_id: {
+      label: { "ja": "Console Organization ID", "en": "Console Organization ID" }
+    },
+    console_team_id: {
+      label: { "ja": "Console Team ID", "en": "Console Team ID" }
+    },
+    permission: {
+      label: { "ja": "\u6A29\u9650", "en": "Permission" }
+    }
+  }
+};
+var baseTeamPermissionSchemas = {
+  console_org_id: import_zod7.z.string(),
+  console_team_id: import_zod7.z.string()
+};
+var baseTeamPermissionCreateSchema = import_zod7.z.object({
+  console_org_id: baseTeamPermissionSchemas.console_org_id,
+  console_team_id: baseTeamPermissionSchemas.console_team_id
+});
+var baseTeamPermissionUpdateSchema = baseTeamPermissionCreateSchema.partial();
+function getTeamPermissionLabel(locale) {
+  return teamPermissionI18n.label[locale] ?? teamPermissionI18n.label["en"] ?? "TeamPermission";
+}
+function getTeamPermissionFieldLabel(field, locale) {
+  const fieldI18n = teamPermissionI18n.fields[field];
+  if (!fieldI18n) return field;
+  return fieldI18n.label[locale] ?? fieldI18n.label["en"] ?? field;
+}
+function getTeamPermissionFieldPlaceholder(field, locale) {
+  const fieldI18n = teamPermissionI18n.fields[field];
+  if (!fieldI18n || !("placeholder" in fieldI18n)) return "";
+  const placeholder = fieldI18n.placeholder;
+  return placeholder[locale] ?? placeholder["en"] ?? "";
+}
+
+// src/core/schemas/TeamPermission.ts
+var teamPermissionSchemas = { ...baseTeamPermissionSchemas };
+var teamPermissionCreateSchema = baseTeamPermissionCreateSchema;
+var teamPermissionUpdateSchema = baseTeamPermissionUpdateSchema;
+
+// src/core/schemas/base/UserCache.ts
+var import_zod8 = require("zod");
+var userCacheI18n = {
+  /** Model display name */
+  label: { "ja": "\u30E6\u30FC\u30B6\u30FC\u30AD\u30E3\u30C3\u30B7\u30E5", "en": "User Cache" },
+  /** Field labels and placeholders */
+  fields: {
+    name: {
+      label: { "ja": "\u540D\u524D", "en": "Name" }
+    },
+    email: {
+      label: { "ja": "\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9", "en": "Email" }
+    },
+    console_user_id: {
+      label: { "ja": "Console User ID", "en": "Console User ID" }
+    },
+    console_org_id: {
+      label: { "ja": "\u6240\u5C5E\u7D44\u7E54ID", "en": "Organization ID" }
+    },
+    console_access_token: {
+      label: { "ja": "Console Access Token", "en": "Console Access Token" }
+    },
+    console_refresh_token: {
+      label: { "ja": "Console Refresh Token", "en": "Console Refresh Token" }
+    },
+    console_token_expires_at: {
+      label: { "ja": "Console Token\u6709\u52B9\u671F\u9650", "en": "Console Token Expiry" }
+    },
+    roles: {
+      label: { "ja": "\u30ED\u30FC\u30EB", "en": "Roles" }
+    }
+  }
+};
+var baseUserCacheSchemas = {
+  name: import_zod8.z.string().min(1),
+  email: import_zod8.z.string().min(1),
+  console_user_id: import_zod8.z.string().optional().nullable(),
+  console_org_id: import_zod8.z.string().optional().nullable(),
+  console_access_token: import_zod8.z.string().optional().nullable(),
+  console_refresh_token: import_zod8.z.string().optional().nullable(),
+  console_token_expires_at: import_zod8.z.string().datetime({ offset: true }).optional().nullable()
+};
+var baseUserCacheCreateSchema = import_zod8.z.object({
+  name: baseUserCacheSchemas.name,
+  email: baseUserCacheSchemas.email,
+  console_user_id: baseUserCacheSchemas.console_user_id,
+  console_org_id: baseUserCacheSchemas.console_org_id,
+  console_access_token: baseUserCacheSchemas.console_access_token,
+  console_refresh_token: baseUserCacheSchemas.console_refresh_token,
+  console_token_expires_at: baseUserCacheSchemas.console_token_expires_at
+});
+var baseUserCacheUpdateSchema = baseUserCacheCreateSchema.partial();
+function getUserCacheLabel(locale) {
+  return userCacheI18n.label[locale] ?? userCacheI18n.label["en"] ?? "UserCache";
+}
+function getUserCacheFieldLabel(field, locale) {
+  const fieldI18n = userCacheI18n.fields[field];
+  if (!fieldI18n) return field;
+  return fieldI18n.label[locale] ?? fieldI18n.label["en"] ?? field;
+}
+function getUserCacheFieldPlaceholder(field, locale) {
+  const fieldI18n = userCacheI18n.fields[field];
+  if (!fieldI18n || !("placeholder" in fieldI18n)) return "";
+  const placeholder = fieldI18n.placeholder;
+  return placeholder[locale] ?? placeholder["en"] ?? "";
+}
+
+// src/core/schemas/UserCache.ts
+var userCacheSchemas = { ...baseUserCacheSchemas };
+var userCacheCreateSchema = baseUserCacheCreateSchema;
+var userCacheUpdateSchema = baseUserCacheUpdateSchema;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BRANCH_HEADERS,
+  BranchContext,
+  BranchProvider,
+  I18nProvider,
+  SsoContext,
+  SsoProvider,
+  changeLanguage,
+  createAuthService,
+  createBranchHeaderSetter,
+  createBranchService,
+  createPermissionService,
+  createRoleService,
+  createSsoService,
+  createTeamService,
+  createTokenService,
+  createUserRoleService,
+  createUserService,
+  defaultLocale,
+  defaultTranslations,
+  fallbackLocale,
+  getCurrentLocale,
+  getEffectivePermissions,
+  getMessage,
+  getMessages,
+  getScopeLabel,
+  localeNames,
+  locales,
+  schemas,
+  setBranchHeaders,
+  ssoNamespace,
+  ssoQueryKeys,
+  supportedLocales,
+  useAuth,
+  useBranch,
+  useBranchContext,
+  useLocale,
+  useOrganization,
+  useSso,
+  useSsoContext,
+  useSsoTranslation,
+  useTranslations,
+  validationMessages
+});
+//# sourceMappingURL=index.cjs.map