@flusys/ng-auth 0.1.0-alpha.1

package/types/flusys-ng-auth.d.ts

@@ -0,0 +1,1594 @@
+import { IMessageResponse, ApiResourceService, ISingleResponse, IUserProvider, IListResponse, IUserBasicInfo, ICompanyApiProvider, ICompanyBasicInfo, IUserPermissionProvider } from '@flusys/ng-shared';
+import * as rxjs from 'rxjs';
+import { Observable } from 'rxjs';
+import * as _angular_core from '@angular/core';
+import { Signal, Provider, OnInit } from '@angular/core';
+import { HttpClient, HttpRequest, HttpHandlerFn, HttpEvent } from '@angular/common/http';
+import { CanActivateFn, Routes } from '@angular/router';
+import { ILayoutAuthState, ICompanyInfo as ICompanyInfo$1, IBranchInfo as IBranchInfo$1, IUserInfo as IUserInfo$1, ILayoutAuthApi } from '@flusys/ng-layout';
+import * as _angular_forms_signals from '@angular/forms/signals';
+import * as _flusys_ng_auth from '@flusys/ng-auth';
+
+/**
+ * Login Request Interface
+ */
+interface ILoginRequest {
+    email: string;
+    password: string;
+}
+/**
+ * Registration Request Interface
+ * Supports both simple registration and company-based registration
+ */
+interface IRegistrationRequest {
+    name: string;
+    email: string;
+    password: string;
+    phone?: string;
+    companySlug?: string;
+    branchSlug?: string;
+    newCompanyName?: string;
+    newCompanyPhone?: string;
+    newCompanyAddress?: string;
+}
+/**
+ * Select Company & Branch Request Interface
+ * Used after login when user needs to select company and branch
+ */
+interface ISelectRequest {
+    sessionId: string;
+    companyId: string;
+    branchId: string;
+}
+/**
+ * Switch Company Request Interface
+ * Used to switch company/branch after login
+ */
+interface ISwitchCompanyRequest {
+    companyId: string;
+    branchId: string;
+}
+/**
+ * Change Password Request Interface
+ */
+interface IChangePasswordRequest {
+    currentPassword: string;
+    newPassword: string;
+}
+/**
+ * User Info Interface (used in responses)
+ */
+interface IUserInfo {
+    id: string;
+    email: string;
+    name?: string;
+    profilePictureId?: string | null;
+    companyId?: string;
+    branchId?: string;
+    companyLogoId?: string;
+    branchLogoId?: string;
+}
+/**
+ * Company Info Interface (used in responses)
+ */
+interface ICompanyInfo {
+    id: string;
+    name: string;
+    slug?: string;
+    logoId?: string | null;
+}
+/**
+ * Branch Info Interface (used in responses)
+ */
+interface IBranchInfo {
+    id: string;
+    name: string;
+    slug?: string;
+    logoId?: string | null;
+}
+/**
+ * Branch Selection Info Interface (with additional fields)
+ */
+interface IBranchSelectionInfo {
+    id: string;
+    name: string;
+    slug: string;
+    isActive: boolean;
+    logoId?: string | null;
+}
+/**
+ * Company with Branches Interface (for selection response)
+ */
+interface ICompanyWithBranches {
+    id: string;
+    name: string;
+    slug: string;
+    isActive: boolean;
+    logoId?: string | null;
+    branches: IBranchSelectionInfo[];
+}
+/**
+ * Login Response Interface
+ * Returned on successful login with tokens
+ */
+interface ILoginResponse {
+    accessToken: string;
+    refreshToken: string;
+    user: IUserInfo;
+    company?: ICompanyInfo;
+    branch?: IBranchInfo;
+    companyFeatureEnabled?: boolean;
+}
+/**
+ * Me Response Interface
+ * Returned by GET /auth/me endpoint
+ * Contains only user data, no tokens
+ */
+interface IMeResponse {
+    user: IUserInfo;
+    company?: ICompanyInfo;
+    branch?: IBranchInfo;
+}
+/**
+ * Registration Response Interface
+ * Returned on successful registration
+ */
+interface IRegistrationResponse {
+    accessToken: string;
+    refreshToken: string;
+    user: IUserInfo;
+    company?: ICompanyInfo;
+    branch?: IBranchInfo;
+    companyFeatureEnabled?: boolean;
+}
+/**
+ * Company Selection Response Interface
+ * Returned when user has multiple companies/branches to choose from
+ */
+interface ICompanySelectionResponse {
+    requiresSelection: true;
+    sessionId: string;
+    expiresAt: Date | string;
+    user: IUserInfo;
+    companies: ICompanyWithBranches[];
+}
+/**
+ * Refresh Token Response Interface
+ */
+interface IRefreshTokenResponse {
+    accessToken: string;
+    refreshToken?: string;
+}
+/**
+ * Auth Response Type - Can be login success or company selection required
+ */
+type AuthResponse = ILoginResponse | ICompanySelectionResponse;
+/**
+ * Type guard to check if response requires company selection
+ */
+declare function isCompanySelectionResponse(response: AuthResponse): response is ICompanySelectionResponse;
+/**
+ * Type guard to check if response is a successful login
+ */
+declare function isLoginResponse(response: AuthResponse): response is ILoginResponse;
+
+/**
+ * Create Company Branch Request Interface
+ */
+interface ICreateBranchRequest {
+    name: string;
+    slug: string;
+    companyId: string;
+    parentId?: string;
+    logoId?: string;
+    address?: string;
+    phone?: string;
+    email?: string;
+    serial?: number;
+    isActive?: boolean;
+    additionalFields?: Record<string, unknown>;
+}
+/**
+ * Update Company Branch Request Interface
+ */
+interface IUpdateBranchRequest extends Partial<Omit<ICreateBranchRequest, 'companyId'>> {
+    id: string;
+}
+/**
+ * Company Branch Response Interface
+ */
+interface IBranch {
+    id: string;
+    name: string;
+    slug: string;
+    companyId: string;
+    parentId?: string | null;
+    logoId?: string | null;
+    address?: string | null;
+    phone?: string | null;
+    email?: string | null;
+    serial?: number;
+    isActive: boolean;
+    readOnly: boolean;
+    additionalFields?: Record<string, unknown> | null;
+    createdAt: Date | string;
+    updatedAt: Date | string;
+}
+
+/**
+ * Create Company Request Interface
+ */
+interface ICreateCompanyRequest {
+    name: string;
+    slug: string;
+    logoId?: string;
+    address?: string;
+    phone?: string;
+    email?: string;
+    website?: string;
+    serial?: number;
+    isActive?: boolean;
+    settings?: Record<string, unknown>;
+    additionalFields?: Record<string, unknown>;
+}
+/**
+ * Update Company Request Interface
+ */
+interface IUpdateCompanyRequest extends Partial<ICreateCompanyRequest> {
+    id: string;
+}
+/**
+ * Company Response Interface
+ */
+interface ICompany {
+    id: string;
+    name: string;
+    slug: string;
+    logoId?: string | null;
+    address?: string | null;
+    phone?: string | null;
+    email?: string | null;
+    website?: string | null;
+    serial?: number;
+    isActive: boolean;
+    readOnly: boolean;
+    settings?: Record<string, unknown> | null;
+    additionalFields?: Record<string, unknown> | null;
+    createdAt: Date | string;
+    updatedAt: Date | string;
+}
+
+/**
+ * Permission item for batch assignment/revocation
+ */
+interface IPermissionItem {
+    /** Target ID (Company ID or Branch ID) */
+    targetId: string;
+    /** Action: true to add permission, false to remove permission */
+    isAdd: boolean;
+}
+/**
+ * Batch assign/revoke user-company permissions request
+ */
+interface IAssignUserCompanyRequest {
+    /** User ID to assign/revoke permissions for */
+    userId: string;
+    /** List of company permissions to add or remove */
+    items: IPermissionItem[];
+}
+/**
+ * Batch assign/revoke user-branch permissions request
+ */
+interface IAssignUserBranchRequest {
+    /** User ID to assign/revoke permissions for */
+    userId: string;
+    /** List of branch permissions to add or remove */
+    items: IPermissionItem[];
+}
+/**
+ * User company permission with populated company details
+ */
+interface IUserCompanyPermission {
+    /** Permission ID */
+    id: string;
+    /** User ID */
+    userId: string;
+    /** Company ID */
+    companyId: string;
+    /** Company name */
+    companyName: string;
+    /** Company slug */
+    companySlug: string;
+}
+/**
+ * User branch permission with populated branch details
+ */
+interface IUserBranchPermission {
+    /** Permission ID */
+    id: string;
+    /** User ID */
+    userId: string;
+    /** Branch ID */
+    branchId: string;
+    /** Branch name */
+    branchName: string;
+    /** Branch slug */
+    branchSlug: string;
+    /** Company ID this branch belongs to */
+    companyId: string;
+}
+/**
+ * Response for user companies
+ */
+interface IUserCompaniesResponse {
+    data: IUserCompanyPermission[];
+}
+/**
+ * Response for user branches
+ */
+interface IUserBranchesResponse {
+    data: IUserBranchPermission[];
+}
+/**
+ * Batch operation result response
+ */
+interface IBatchOperationResponse {
+    success: boolean;
+    message: string;
+}
+
+/**
+ * Create User Request Interface
+ */
+interface ICreateUserRequest {
+    name: string;
+    email: string;
+    password: string;
+    phone?: string;
+    profilePictureId?: string;
+    isActive?: boolean;
+    emailVerified?: boolean;
+    phoneVerified?: boolean;
+    additionalFields?: Record<string, unknown>;
+}
+/**
+ * Update User Request Interface
+ */
+interface IUpdateUserRequest {
+    id: string;
+    name?: string;
+    email?: string;
+    password?: string;
+    phone?: string;
+    profilePictureId?: string;
+    isActive?: boolean;
+    emailVerified?: boolean;
+    phoneVerified?: boolean;
+    additionalFields?: Record<string, unknown>;
+}
+/**
+ * User Response Interface
+ */
+interface IUser {
+    id: string;
+    name: string;
+    email: string;
+    phone?: string | null;
+    profilePictureId?: string | null;
+    isActive: boolean;
+    emailVerified: boolean;
+    phoneVerified: boolean;
+    lastLoginAt?: Date | string | null;
+    additionalFields?: Record<string, unknown> | null;
+    createdAt: Date | string;
+    updatedAt: Date | string;
+    deletedAt?: Date | string | null;
+}
+
+/**
+ * Auth API Service
+ * Handles all authentication-related API calls matching NestJS auth endpoints
+ */
+declare class AuthApiService {
+    private readonly appConfig;
+    private readonly http;
+    private readonly baseUrl;
+    constructor();
+    /**
+     * Login with email and password
+     * Returns either:
+     * - ILoginResponse (direct login success)
+     * - ICompanySelectionResponse (requires company/branch selection)
+     */
+    login(data: ILoginRequest): Observable<AuthResponse>;
+    /**
+     * Register new user
+     * Supports simple registration and company-based registration
+     * Returns RegistrationResponse directly (not wrapped in SingleResponse)
+     */
+    register(data: IRegistrationRequest): Observable<IRegistrationResponse>;
+    /**
+     * Select company and branch after login
+     * Used when login returns requiresSelection: true
+     * Returns LoginResponse directly (not wrapped)
+     */
+    select(data: ISelectRequest): Observable<ILoginResponse>;
+    /**
+     * Switch company/branch for logged-in user
+     * Returns LoginResponse directly (not wrapped)
+     */
+    switchCompany(data: ISwitchCompanyRequest): Observable<ILoginResponse>;
+    /**
+     * Refresh access token
+     * Refresh token is sent via HTTP-only cookie
+     * Returns RefreshTokenResponse directly (not wrapped)
+     */
+    refresh(): Observable<IRefreshTokenResponse>;
+    /**
+     * Get current user info
+     * Returns only user data (no tokens) - IMeResponse
+     */
+    me(): Observable<IMeResponse>;
+    /**
+     * Logout current user
+     */
+    logout(): Observable<IMessageResponse>;
+    /**
+     * Change password for logged-in user
+     */
+    changePassword(data: IChangePasswordRequest): Observable<IMessageResponse>;
+    /**
+     * Send forgot password email
+     */
+    forgotPassword(email: string): Observable<IMessageResponse>;
+    /**
+     * Reset password with token
+     */
+    resetPassword(token: string, newPassword: string): Observable<IMessageResponse>;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<AuthApiService, never>;
+    static ɵprov: _angular_core.ɵɵInjectableDeclaration<AuthApiService>;
+}
+
+/**
+ * Auth Initialization Service
+ * Handles app startup authentication flow:
+ * 1. Check if user has valid session (via refresh token cookie)
+ * 2. Restore user state from /auth/me
+ * 3. Handle company selection if needed
+ *
+ * IMPORTANT: Skips initialization during SSR to avoid cookie/localStorage issues
+ */
+declare class AuthInitService {
+    private readonly authState;
+    private readonly authApi;
+    private readonly router;
+    private readonly appConfig;
+    /** Whether initial auth check has completed */
+    readonly initialized: _angular_core.WritableSignal<boolean>;
+    /** Whether auth check is in progress */
+    readonly loading: _angular_core.WritableSignal<boolean>;
+    /** Error from auth check */
+    readonly error: _angular_core.WritableSignal<string | null>;
+    /** Cached initialization observable to prevent duplicate calls */
+    private initializationCache$;
+    /**
+     * Initialize authentication state on app startup.
+     *
+     * Flow:
+     * 1. If already authenticated with user data -> done
+     * 2. Try refresh token (via cookie) -> get new access token
+     * 3. Call /auth/me to get user info
+     * 4. Update state accordingly
+     *
+     * Uses shareReplay to prevent duplicate initialization calls.
+     */
+    initialize(): Observable<boolean>;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<AuthInitService, never>;
+    static ɵprov: _angular_core.ɵɵInjectableDeclaration<AuthInitService>;
+}
+
+/**
+ * Auth State Service
+ * Minimal signal-based state management for authentication
+ */
+declare class AuthStateService {
+    private readonly appConfig;
+    private readonly router;
+    readonly user: _angular_core.WritableSignal<IUserInfo | null>;
+    readonly accessToken: _angular_core.WritableSignal<string>;
+    readonly company: _angular_core.WritableSignal<ICompanyInfo | null>;
+    readonly branch: _angular_core.WritableSignal<IBranchInfo | null>;
+    readonly selectionSessionId: _angular_core.WritableSignal<string | null>;
+    readonly availableCompanies: _angular_core.WritableSignal<ICompanyWithBranches[]>;
+    readonly selectionExpiresAt: _angular_core.WritableSignal<Date | null>;
+    readonly isAuthenticated: _angular_core.Signal<boolean>;
+    readonly requiresCompanySelection: _angular_core.Signal<boolean>;
+    readonly userName: _angular_core.Signal<string>;
+    readonly companyName: _angular_core.Signal<string>;
+    readonly branchName: _angular_core.Signal<string>;
+    readonly tenantId: _angular_core.Signal<string | null>;
+    constructor();
+    setLoginState(response: ILoginResponse): void;
+    setSelectionState(response: ICompanySelectionResponse): void;
+    clearSelectionState(): void;
+    resetState(): void;
+    navigateToLogin(returnUrl?: string): void;
+    navigateAfterLogin(returnUrl?: string): void;
+    getStoredCompanyId(): string | null;
+    getStoredBranchId(): string | null;
+    private loadFromStorage;
+    private store;
+    private get;
+    private remove;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<AuthStateService, never>;
+    static ɵprov: _angular_core.ɵɵInjectableDeclaration<AuthStateService>;
+}
+
+/**
+ * Branch API Service
+ * Signal-based service for branch CRUD operations
+ * Branches default to current company context
+ *
+ * @example
+ * ```typescript
+ * branchService = inject(BranchApiService);
+ *
+ * // Set current company context
+ * branchService.setCurrentCompanyId('company-uuid');
+ *
+ * // Access data via signals
+ * branches = this.branchService.data;
+ * isLoading = this.branchService.isLoading;
+ *
+ * // Fetch branches (will filter by current company)
+ * this.branchService.fetchList('search');
+ *
+ * // Create branch (companyId will be auto-set if not provided)
+ * await this.branchService.insertBranch({ name: 'New Branch', slug: 'new-branch' });
+ * ```
+ */
+declare class BranchApiService extends ApiResourceService<ICreateBranchRequest | IUpdateBranchRequest, IBranch> {
+    /** Current company context for branch operations */
+    readonly currentCompanyId: _angular_core.WritableSignal<string | null>;
+    /** Branches filtered by current company */
+    readonly companyBranches: _angular_core.Signal<IBranch[]>;
+    constructor(http: HttpClient);
+    /**
+     * Set the current company context for branch operations
+     */
+    setCurrentCompanyId(companyId: string | null): void;
+    /**
+     * Insert a new branch, auto-setting companyId if not provided
+     */
+    insertBranch(data: Omit<ICreateBranchRequest, 'companyId'> & {
+        companyId?: string;
+    }): Promise<ReturnType<typeof this.insertAsync>>;
+    /**
+     * Fetch branches for a specific company
+     */
+    fetchByCompany(companyId: string, search?: string): void;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<BranchApiService, never>;
+    static ɵprov: _angular_core.ɵɵInjectableDeclaration<BranchApiService>;
+}
+
+/**
+ * Company API Service
+ * Signal-based service for company CRUD operations
+ *
+ * @example
+ * ```typescript
+ * companyService = inject(CompanyApiService);
+ *
+ * // Access data via signals
+ * companies = this.companyService.data;
+ * isLoading = this.companyService.isLoading;
+ *
+ * // Fetch companies
+ * this.companyService.fetchList('search', { pagination: { currentPage: 0, pageSize: 10 } });
+ *
+ * // Create company
+ * await this.companyService.insertAsync({ name: 'New Company', slug: 'new-company' });
+ * ```
+ */
+declare class CompanyApiService extends ApiResourceService<ICreateCompanyRequest | IUpdateCompanyRequest, ICompany> {
+    constructor(http: HttpClient);
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<CompanyApiService, never>;
+    static ɵprov: _angular_core.ɵɵInjectableDeclaration<CompanyApiService>;
+}
+
+/**
+ * Token Refresh State Service
+ *
+ * Manages token refresh state in a request-safe manner for SSR environments.
+ * Replaces module-level state that would be shared across requests in SSR.
+ *
+ * @example
+ * ```typescript
+ * const refreshState = inject(TokenRefreshStateService);
+ *
+ * if (refreshState.isRefreshing()) {
+ *   // Queue request
+ * } else {
+ *   refreshState.startRefresh();
+ *   // Perform refresh
+ * }
+ * ```
+ */
+declare class TokenRefreshStateService {
+    /** Flag to track if token refresh is in progress */
+    private readonly _isRefreshing;
+    readonly isRefreshing: _angular_core.Signal<boolean>;
+    /** Subject to queue requests while refreshing */
+    private readonly _refreshTokenSubject;
+    readonly refreshTokenSubject$: rxjs.Observable<string | null>;
+    /**
+     * Mark refresh as started
+     */
+    startRefresh(): void;
+    /**
+     * Mark refresh as completed and broadcast new token
+     */
+    completeRefresh(newToken: string): void;
+    /**
+     * Mark refresh as failed
+     */
+    failRefresh(): void;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<TokenRefreshStateService, never>;
+    static ɵprov: _angular_core.ɵɵInjectableDeclaration<TokenRefreshStateService>;
+}
+
+/**
+ * User API Service
+ * Signal-based service for user CRUD operations
+ *
+ * @example
+ * ```typescript
+ * userService = inject(UserApiService);
+ *
+ * // Access data via signals
+ * users = this.userService.data;
+ * isLoading = this.userService.isLoading;
+ *
+ * // Fetch users
+ * this.userService.fetchList('search', { pagination: { currentPage: 0, pageSize: 10 } });
+ *
+ * // Create user
+ * await this.userService.insertAsync({
+ *   name: 'John Doe',
+ *   email: 'john@example.com',
+ *   password: 'password123'
+ * });
+ * ```
+ */
+declare class UserApiService extends ApiResourceService<ICreateUserRequest | IUpdateUserRequest, IUser> {
+    constructor(http: HttpClient);
+    /**
+     * Verify user's email
+     */
+    verifyEmail(userId: string): Observable<IMessageResponse>;
+    /**
+     * Verify user's phone
+     */
+    verifyPhone(userId: string): Observable<IMessageResponse>;
+    /**
+     * Update user status (active/inactive)
+     */
+    updateStatus(userId: string, isActive: boolean): Observable<IMessageResponse>;
+    /**
+     * Update current user's profile
+     */
+    updateProfile(data: IUpdateUserRequest): Observable<ISingleResponse<IUser>>;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<UserApiService, never>;
+    static ɵprov: _angular_core.ɵɵInjectableDeclaration<UserApiService>;
+}
+
+/**
+ * User Permission API Service
+ *
+ * Handles user-company and user-branch permission assignments.
+ * Uses batch operations for efficient permission management.
+ *
+ * Backend Endpoints:
+ * - POST /administration/permissions/user-company/assign - Batch assign/revoke company permissions
+ * - GET /administration/permissions/user-company?userId=xxx - Get user's companies
+ * - POST /administration/permissions/user-branch/assign - Batch assign/revoke branch permissions
+ * - GET /administration/permissions/user-branch?userId=xxx - Get user's branches
+ */
+declare class UserPermissionApiService {
+    private readonly appConfig;
+    private readonly http;
+    private readonly baseUrl;
+    constructor();
+    /**
+     * Batch assign/revoke user-company permissions
+     *
+     * @example
+     * // Add company permissions
+     * service.assignUserCompanies({
+     *   userId: 'user-id',
+     *   items: [
+     *     { targetId: 'company-1', isAdd: true },
+     *     { targetId: 'company-2', isAdd: true }
+     *   ]
+     * });
+     *
+     * @example
+     * // Remove company permissions
+     * service.assignUserCompanies({
+     *   userId: 'user-id',
+     *   items: [
+     *     { targetId: 'company-1', isAdd: false }
+     *   ]
+     * });
+     */
+    assignUserCompanies(data: IAssignUserCompanyRequest): Observable<IBatchOperationResponse>;
+    /**
+     * Assign single company to user (convenience method)
+     */
+    assignUserToCompany(userId: string, companyId: string): Observable<IBatchOperationResponse>;
+    /**
+     * Revoke single company from user (convenience method)
+     */
+    revokeUserFromCompany(userId: string, companyId: string): Observable<IBatchOperationResponse>;
+    /**
+     * Get user's company permissions
+     *
+     * @param userId - User ID to get companies for
+     * @returns Observable with user's company permissions
+     */
+    getUserCompanies(userId: string): Observable<IUserCompaniesResponse>;
+    /**
+     * Batch assign/revoke user-branch permissions
+     *
+     * @example
+     * // Add branch permissions
+     * service.assignUserBranches({
+     *   userId: 'user-id',
+     *   items: [
+     *     { targetId: 'branch-1', isAdd: true },
+     *     { targetId: 'branch-2', isAdd: true }
+     *   ]
+     * });
+     *
+     * @example
+     * // Remove branch permissions
+     * service.assignUserBranches({
+     *   userId: 'user-id',
+     *   items: [
+     *     { targetId: 'branch-1', isAdd: false }
+     *   ]
+     * });
+     */
+    assignUserBranches(data: IAssignUserBranchRequest): Observable<IBatchOperationResponse>;
+    /**
+     * Assign single branch to user (convenience method)
+     */
+    assignUserToBranch(userId: string, branchId: string): Observable<IBatchOperationResponse>;
+    /**
+     * Revoke single branch from user (convenience method)
+     */
+    revokeUserFromBranch(userId: string, branchId: string): Observable<IBatchOperationResponse>;
+    /**
+     * Get user's branch permissions
+     *
+     * @param userId - User ID to get branches for
+     * @returns Observable with user's branch permissions
+     */
+    getUserBranches(userId: string): Observable<IUserBranchesResponse>;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<UserPermissionApiService, never>;
+    static ɵprov: _angular_core.ɵɵInjectableDeclaration<UserPermissionApiService>;
+}
+
+/**
+ * Auth Guard
+ * Protects routes that require authentication.
+ *
+ * Session restoration is handled by guestGuard. This guard assumes
+ * the session has already been restored if user accessed login page first.
+ *
+ * Handles company feature:
+ * - If company feature enabled and no company selected, redirects to login
+ *   (login page handles company selection as step 2)
+ * - If not authenticated, redirects to login
+ *
+ * @example
+ * ```typescript
+ * // In routes configuration
+ * {
+ *   path: 'dashboard',
+ *   loadComponent: () => import('./dashboard.component'),
+ *   canActivate: [authGuard]
+ * }
+ * ```
+ */
+declare const authGuard: CanActivateFn;
+/**
+ * Guest Guard
+ * Protects auth routes (login, register) from authenticated users.
+ * Redirects authenticated users to home page.
+ *
+ * CRITICAL: Unlike old implementation, this guard RESTORES the session first
+ * before checking authentication. This handles the case when users directly
+ * navigate to /auth/login via browser URL while having valid refresh token.
+ *
+ * Flow:
+ * 1. Restore session (if needed) via AuthInitService.initialize()
+ * 2. Check if user is authenticated
+ * 3. If authenticated -> redirect to dashboard
+ * 4. If not authenticated -> allow access to login page
+ *
+ * @example
+ * ```typescript
+ * // In routes configuration
+ * {
+ *   path: 'auth/login',
+ *   loadComponent: () => import('./login.component'),
+ *   canActivate: [guestGuard]
+ * }
+ * ```
+ */
+declare const guestGuard: CanActivateFn;
+/**
+ * Company Feature Guard
+ * Protects routes that require company feature to be enabled.
+ * Redirects to home if company feature is disabled.
+ *
+ * Use this guard on company/branch management routes.
+ *
+ * @example
+ * ```typescript
+ * // In routes configuration
+ * {
+ *   path: 'administration/company',
+ *   loadComponent: () => import('./company-list.component'),
+ *   canActivate: [authGuard, companyFeatureGuard]
+ * }
+ * ```
+ */
+declare const companyFeatureGuard: CanActivateFn;
+
+/**
+ * Auth Interceptor
+ * Adds Authorization header and tenant header to HTTP requests.
+ *
+ * - Adds Bearer token for authenticated requests (including /auth/me)
+ * - Adds tenant header for multi-tenant mode
+ * - Adds withCredentials for auth endpoints (cookies)
+ *
+ * @example
+ * ```typescript
+ * // In app.config.ts
+ * provideHttpClient(
+ *   withFetch(),
+ *   withInterceptors([authInterceptor, tokenRefreshInterceptor])
+ * )
+ * ```
+ */
+declare function authInterceptor(req: HttpRequest<unknown>, next: HttpHandlerFn): Observable<HttpEvent<unknown>>;
+
+/**
+ * Token Refresh Interceptor
+ * Handles 401 errors by refreshing the access token.
+ *
+ * - Intercepts 401 Unauthorized responses
+ * - Calls refresh token endpoint
+ * - Retries failed request with new token
+ * - Queues concurrent requests during refresh
+ * - Redirects to login on refresh failure
+ * - SSR-safe: Uses injectable service instead of module-level state
+ *
+ * @example
+ * ```typescript
+ * // In app.config.ts
+ * provideHttpClient(
+ *   withFetch(),
+ *   withInterceptors([authInterceptor, tokenRefreshInterceptor])
+ * )
+ * ```
+ */
+declare function tokenRefreshInterceptor(req: HttpRequest<unknown>, next: HttpHandlerFn): Observable<HttpEvent<unknown>>;
+
+/**
+ * Auth Routes Configuration
+ * Public routes for authentication (login, register, etc.)
+ *
+ * Note: Company selection is now handled within the login page as a multi-step flow.
+ */
+declare const AUTH_ROUTES: Routes;
+/**
+ * Administration Routes Configuration
+ * Protected routes for company, branch, user management and permissions
+ * Uses tabbed interface - all under /administration with child routes
+ */
+declare const ADMINISTRATION_ROUTES: Routes;
+
+/**
+ * Auth Layout State Adapter
+ * Bridges AuthStateService signals to ILayoutAuthState interface.
+ * Provides ready-to-use integration between ng-auth, ng-layout, and ng-shared provider tokens.
+ */
+declare class AuthLayoutStateAdapter implements ILayoutAuthState {
+    private readonly authState;
+    /**
+     * Maps company info to company info for layout.
+     * Falls back to app name from config when no company is selected.
+     */
+    readonly currentCompanyInfo: Signal<ICompanyInfo$1 | null>;
+    /**
+     * Maps branch info to branch info for layout.
+     * Returns null when no branch is selected.
+     */
+    readonly currentBranchInfo: Signal<IBranchInfo$1 | null>;
+    /**
+     * Maps user info from auth state to layout user info.
+     * Profile picture URL is managed separately by AuthLayoutSyncService via FileUrlService.
+     */
+    readonly loginUserData: Signal<IUserInfo$1 | null>;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<AuthLayoutStateAdapter, never>;
+    static ɵprov: _angular_core.ɵɵInjectableDeclaration<AuthLayoutStateAdapter>;
+}
+/**
+ * Auth Layout API Adapter
+ * Bridges AuthApiService to ILayoutAuthApi interface.
+ * Handles logout and navigation for layout components.
+ */
+declare class AuthLayoutApiAdapter implements ILayoutAuthApi {
+    private readonly authApi;
+    private readonly authState;
+    private readonly permissionApi;
+    private readonly router;
+    /**
+     * Logout the current user.
+     * Calls backend logout endpoint and resets local auth state.
+     * Auth state reset handles clearing all localStorage including company/branch.
+     */
+    logOut(): Observable<any>;
+    /**
+     * Navigate to login page.
+     * Optionally preserves current URL as return URL.
+     */
+    navigateLogin(withUrl?: boolean): void;
+    /**
+     * Switch to a different company and branch.
+     * Calls backend switch endpoint, then triggers full page reload to
+     * refresh permissions, reset component state, and re-filter all data.
+     */
+    switchCompany(companyId: string, branchId: string): Observable<any>;
+    /**
+     * Get list of companies the logged-in user has permissions for.
+     * Uses permission API to filter by user's actual company-level permissions.
+     */
+    getUserCompanies(): Observable<ICompanyInfo$1[]>;
+    /**
+     * Get branches for a specific company that the logged-in user has access to.
+     * Fetches all user branches and filters by companyId.
+     */
+    getCompanyBranches(companyId: string): Observable<IBranchInfo$1[]>;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<AuthLayoutApiAdapter, never>;
+    static ɵprov: _angular_core.ɵɵInjectableDeclaration<AuthLayoutApiAdapter>;
+}
+
+/**
+ * Auth User Provider Adapter
+ *
+ * Implements IUserProvider interface from ng-shared using UserApiService from ng-auth.
+ * This allows IAM and other packages to access user data without depending on ng-auth directly.
+ *
+ * @example
+ * // In app.config.ts
+ * providers: [
+ *   { provide: USER_PROVIDER, useClass: AuthUserProviderAdapter }
+ * ]
+ *
+ * // In IAM component
+ * private readonly userProvider = inject(USER_PROVIDER);
+ * this.userProvider.getUsers({ page: 0, pageSize: 50 }).subscribe(...);
+ */
+declare class AuthUserProviderAdapter implements IUserProvider {
+    private readonly userApi;
+    getUsers(filter?: {
+        page?: number;
+        pageSize?: number;
+        search?: string;
+        companyId?: string;
+        branchId?: string;
+        [key: string]: any;
+    }): Observable<IListResponse<IUserBasicInfo>>;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<AuthUserProviderAdapter, never>;
+    static ɵprov: _angular_core.ɵɵInjectableDeclaration<AuthUserProviderAdapter>;
+}
+
+/**
+ * Auth Company API Provider Adapter
+ *
+ * Implements ICompanyApiProvider interface from ng-shared using CompanyApiService.
+ * Allows IAM package to access company data without depending on ng-auth directly.
+ *
+ * @example
+ * // In app.config.ts
+ * providers: [
+ *   { provide: COMPANY_API_PROVIDER, useClass: AuthCompanyApiProviderAdapter }
+ * ]
+ */
+declare class AuthCompanyApiProviderAdapter implements ICompanyApiProvider {
+    private readonly companyApi;
+    getCompanies(filter?: {
+        page?: number;
+        pageSize?: number;
+        search?: string;
+    }): Observable<IListResponse<ICompanyBasicInfo>>;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<AuthCompanyApiProviderAdapter, never>;
+    static ɵprov: _angular_core.ɵɵInjectableDeclaration<AuthCompanyApiProviderAdapter>;
+}
+
+/**
+ * Auth User Permission Provider Adapter
+ *
+ * Implements IUserPermissionProvider interface from ng-shared using UserPermissionApiService.
+ * Allows IAM package to query user permissions without depending on ng-auth directly.
+ *
+ * @example
+ * // In app.config.ts
+ * providers: [
+ *   { provide: USER_PERMISSION_PROVIDER, useClass: AuthUserPermissionProviderAdapter }
+ * ]
+ */
+declare class AuthUserPermissionProviderAdapter implements IUserPermissionProvider {
+    private readonly userPermissionApi;
+    getUserBranchPermissions(userId: string): Observable<ISingleResponse<any>>;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<AuthUserPermissionProviderAdapter, never>;
+    static ɵprov: _angular_core.ɵɵInjectableDeclaration<AuthUserPermissionProviderAdapter>;
+}
+
+/**
+ * Provides auth layout integration for ng-layout.
+ * Call this in your app.config.ts to integrate ng-auth with ng-layout.
+ *
+ * Also registers LAYOUT_AUTH_STATE since AuthLayoutStateAdapter
+ * implements both ILayoutAuthState and ICompanyContextProvider.
+ *
+ * @example
+ * ```typescript
+ * // In app.config.ts
+ * export const appConfig: ApplicationConfig = {
+ *   providers: [
+ *     ...provideAuthLayoutIntegration(),
+ *   ],
+ * };
+ * ```
+ */
+declare function provideAuthLayoutIntegration(): Provider[];
+
+/**
+ * Provide Auth Provider Adapters
+ *
+ * Registers auth implementations for provider interfaces from ng-shared.
+ * This allows IAM and Storage packages to use auth services without direct dependencies.
+ *
+ * @example
+ * // In app.config.ts
+ * import { provideAuthProviders } from '@flusys/ng-auth';
+ *
+ * export const appConfig: ApplicationConfig = {
+ *   providers: [
+ *     provideAuthProviders(),
+ *     // ... other providers
+ *   ]
+ * };
+ *
+ * @returns Array of Angular providers
+ */
+declare function provideAuthProviders(): Provider[];
+
+/**
+ * Authentication API Endpoints
+ *
+ * Centralized endpoint definitions to prevent inconsistencies across interceptors
+ * and services. All auth-related endpoints should be referenced from here.
+ *
+ * @example
+ * ```typescript
+ * if (isAuthEndpoint(req.url)) {
+ *   // Skip interceptor logic
+ * }
+ * ```
+ */
+declare const AUTH_ENDPOINTS: {
+    readonly LOGIN: "/auth/login";
+    readonly LOGOUT: "/auth/logout";
+    readonly REFRESH: "/auth/refresh";
+    readonly REGISTER: "/auth/register";
+    readonly SELECT: "/auth/select";
+    readonly SWITCH_COMPANY: "/auth/switch-company";
+};
+/**
+ * Check if a URL is an auth-related endpoint
+ */
+declare function isAuthEndpoint(url: string): boolean;
+/**
+ * Check if a URL is a specific auth endpoint
+ */
+declare function isEndpoint(url: string, endpoint: string): boolean;
+
+interface ITab {
+    id: string;
+    label: string;
+    icon: string;
+    route: string;
+    requiresCompanyFeature?: boolean;
+}
+/**
+ * Administration Page Component
+ * Unified administration page with tabs for:
+ * - Users (always visible) - includes permission management via dialogs
+ * - Companies (only if company feature enabled)
+ * - Branches (only if company feature enabled)
+ */
+declare class AdministrationPageComponent {
+    private readonly appConfig;
+    /** All available tabs */
+    private readonly allTabs;
+    /** Visible tabs based on config */
+    readonly visibleTabs: _angular_core.Signal<ITab[]>;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<AdministrationPageComponent, never>;
+    static ɵcmp: _angular_core.ɵɵComponentDeclaration<AdministrationPageComponent, "lib-administration-page", never, {}, {}, never, never, true, never>;
+}
+
+/** Branch form model interface */
+interface IBranchFormModel {
+    companyId: string;
+    name: string;
+    slug: string;
+    email: string;
+    phone: string;
+    address: string;
+    isActive: boolean;
+}
+/**
+ * Branch Form Component
+ * Handles creating and editing branches.
+ * Defaults to current company context.
+ */
+declare class BranchFormComponent implements OnInit {
+    private readonly router;
+    private readonly route;
+    private readonly messageService;
+    private readonly branchService;
+    private readonly companyService;
+    private readonly authState;
+    /** Loading state */
+    readonly isLoading: _angular_core.WritableSignal<boolean>;
+    /** Existing branch data when editing */
+    readonly existingBranch: _angular_core.WritableSignal<IBranch | null>;
+    /** Whether in edit mode */
+    readonly isEditMode: _angular_core.Signal<boolean>;
+    /** Companies list for dropdown */
+    readonly companies: _angular_core.Signal<_flusys_ng_auth.ICompany[]>;
+    /** Form model */
+    readonly formModel: _angular_core.WritableSignal<IBranchFormModel>;
+    /** Form with validation schema */
+    readonly branchForm: _angular_forms_signals.FieldTree<IBranchFormModel, string | number>;
+    /** Check if form is valid */
+    readonly isFormValid: _angular_core.Signal<boolean>;
+    ngOnInit(): void;
+    loadBranch(id: string): Promise<void>;
+    generateSlug(): void;
+    onSubmit(): Promise<void>;
+    onCancel(): void;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<BranchFormComponent, never>;
+    static ɵcmp: _angular_core.ɵɵComponentDeclaration<BranchFormComponent, "lib-branch-form", never, {}, {}, never, never, true, never>;
+}
+
+/**
+ * Branch List Component
+ * Displays a list of branches for a company with CRUD operations.
+ * Defaults to current company context.
+ */
+declare class BranchListComponent implements OnInit {
+    private readonly router;
+    private readonly route;
+    private readonly messageService;
+    private readonly confirmationService;
+    private readonly branchService;
+    private readonly companyService;
+    private readonly authState;
+    /** Selected company ID */
+    selectedCompanyId: string | null;
+    /** Companies list for dropdown */
+    readonly companies: _angular_core.Signal<_flusys_ng_auth.ICompany[]>;
+    /** Branches from service */
+    readonly branches: _angular_core.Signal<IBranch[]>;
+    /** Loading state from service */
+    readonly isLoading: _angular_core.Signal<boolean>;
+    /** Total count from service */
+    readonly total: _angular_core.Signal<number>;
+    ngOnInit(): void;
+    loadBranches(): void;
+    onCompanyChange(): void;
+    onLazyLoad(event: {
+        first?: number | null;
+        rows?: number | null;
+    }): void;
+    onCreate(): void;
+    onEdit(branch: IBranch): void;
+    onDelete(branch: IBranch): void;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<BranchListComponent, never>;
+    static ɵcmp: _angular_core.ɵɵComponentDeclaration<BranchListComponent, "lib-branch-list", never, {}, {}, never, never, true, never>;
+}
+
+/** Company form model interface */
+interface ICompanyFormModel$1 {
+    name: string;
+    slug: string;
+    email: string;
+    phone: string;
+    website: string;
+    address: string;
+    isActive: boolean;
+}
+/**
+ * Company Form Component
+ * Handles creating and editing companies.
+ */
+declare class CompanyFormComponent implements OnInit {
+    private readonly router;
+    private readonly route;
+    private readonly messageService;
+    private readonly companyService;
+    /** Loading state */
+    readonly isLoading: _angular_core.WritableSignal<boolean>;
+    /** Existing company data when editing */
+    readonly existingCompany: _angular_core.WritableSignal<ICompany | null>;
+    /** Whether in edit mode */
+    readonly isEditMode: _angular_core.Signal<boolean>;
+    /** Form model */
+    readonly formModel: _angular_core.WritableSignal<ICompanyFormModel$1>;
+    /** Form with validation schema */
+    readonly companyForm: _angular_forms_signals.FieldTree<ICompanyFormModel$1, string | number>;
+    /** Check if form is valid */
+    readonly isFormValid: _angular_core.Signal<boolean>;
+    ngOnInit(): void;
+    loadCompany(id: string): Promise<void>;
+    generateSlug(): void;
+    onSubmit(): Promise<void>;
+    onCancel(): void;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<CompanyFormComponent, never>;
+    static ɵcmp: _angular_core.ɵɵComponentDeclaration<CompanyFormComponent, "lib-company-form", never, {}, {}, never, never, true, never>;
+}
+
+/**
+ * Company List Component
+ * Displays a list of companies with CRUD operations.
+ * Only visible when company feature is enabled.
+ */
+declare class CompanyListComponent implements OnInit {
+    private readonly router;
+    private readonly messageService;
+    private readonly confirmationService;
+    private readonly companyService;
+    /** Companies from service */
+    readonly companies: _angular_core.Signal<ICompany[]>;
+    /** Loading state from service */
+    readonly isLoading: _angular_core.Signal<boolean>;
+    /** Total count from service */
+    readonly total: _angular_core.Signal<number>;
+    ngOnInit(): void;
+    loadCompanies(): void;
+    onLazyLoad(event: {
+        first?: number | null;
+        rows?: number | null;
+    }): void;
+    onCreate(): void;
+    onEdit(company: ICompany): void;
+    onViewBranches(company: ICompany): void;
+    onDelete(company: ICompany): void;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<CompanyListComponent, never>;
+    static ɵcmp: _angular_core.ɵɵComponentDeclaration<CompanyListComponent, "lib-company-list", never, {}, {}, never, never, true, never>;
+}
+
+/** Login form model interface */
+interface ILoginFormModel {
+    email: string;
+    password: string;
+    rememberMe: boolean;
+}
+/** Company selection form model interface */
+interface ISelectionFormModel {
+    companyId: string;
+    branchId: string;
+    rememberSelection: boolean;
+}
+type LoginStep = 'credentials' | 'company-selection';
+/**
+ * Login Page Component
+ * Multi-step authentication flow:
+ * - Step 1: Email/Password credentials
+ * - Step 2: Company/Branch selection (when company feature enabled and user has multiple)
+ */
+declare class LoginPageComponent implements OnInit {
+    private readonly destroyRef;
+    private readonly appConfig;
+    private readonly messageService;
+    private readonly authApi;
+    private readonly authState;
+    /** Return URL after successful login */
+    readonly returnUrl: _angular_core.InputSignal<string>;
+    /** Current step in login flow */
+    readonly currentStep: _angular_core.WritableSignal<LoginStep>;
+    /** Loading state */
+    readonly isLoading: _angular_core.WritableSignal<boolean>;
+    /** Login form model */
+    readonly loginFormModel: _angular_core.WritableSignal<ILoginFormModel>;
+    /** Login form with validation schema */
+    readonly loginForm: _angular_forms_signals.FieldTree<ILoginFormModel, string | number>;
+    /** Check if login form is valid */
+    readonly isLoginFormValid: _angular_core.Signal<boolean>;
+    /** Selection form model */
+    readonly selectionFormModel: _angular_core.WritableSignal<ISelectionFormModel>;
+    /** Selection form with validation schema */
+    readonly selectionForm: _angular_forms_signals.FieldTree<ISelectionFormModel, string | number>;
+    /** Check if selection form is valid */
+    readonly isSelectionFormValid: _angular_core.Signal<boolean>;
+    /** Whether company feature is enabled */
+    readonly companyFeatureEnabled: _angular_core.Signal<boolean>;
+    /** Session ID for company selection */
+    private sessionId;
+    /** Available companies */
+    readonly companies: _angular_core.WritableSignal<ICompanyWithBranches[]>;
+    /** User's name */
+    readonly userName: _angular_core.WritableSignal<string>;
+    /** Branches for selected company */
+    readonly branches: _angular_core.Signal<IBranchSelectionInfo[]>;
+    ngOnInit(): void;
+    onSubmit(): void;
+    /** Handle company selection change */
+    onCompanyChange(): void;
+    onSelectCompany(): void;
+    goBackToCredentials(): void;
+    private autoSelectIfSingle;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<LoginPageComponent, never>;
+    static ɵcmp: _angular_core.ɵɵComponentDeclaration<LoginPageComponent, "lib-login-page", never, { "returnUrl": { "alias": "returnUrl"; "required": false; "isSignal": true; }; }, {}, never, never, true, never>;
+}
+
+/** User registration form model */
+interface IUserFormModel$1 {
+    name: string;
+    email: string;
+    password: string;
+    confirmPassword: string;
+    phone: string;
+}
+/** Company form model */
+interface ICompanyFormModel {
+    createNewCompany: boolean;
+    companySlug: string;
+    branchSlug: string;
+    newCompanyName: string;
+    newCompanyPhone: string;
+    newCompanyAddress: string;
+}
+/**
+ * Registration Page Component
+ * Handles user registration with optional company creation
+ * Adapts UI based on company feature configuration
+ */
+declare class RegisterPageComponent implements OnInit {
+    private readonly destroyRef;
+    private readonly appConfig;
+    private readonly messageService;
+    private readonly authApi;
+    private readonly authState;
+    private readonly route;
+    /** Return URL after successful registration */
+    readonly returnUrl: _angular_core.InputSignal<string>;
+    /** Loading state */
+    readonly isLoading: _angular_core.WritableSignal<boolean>;
+    /** Whether company feature is enabled */
+    readonly companyFeatureEnabled: _angular_core.Signal<boolean>;
+    /** User form model */
+    readonly userFormModel: _angular_core.WritableSignal<IUserFormModel$1>;
+    /** User form with validation schema */
+    readonly userForm: _angular_forms_signals.FieldTree<IUserFormModel$1, string | number>;
+    /** Company form model */
+    readonly companyFormModel: _angular_core.WritableSignal<ICompanyFormModel>;
+    /** Company form with conditional validation schema */
+    readonly companyForm: _angular_forms_signals.FieldTree<ICompanyFormModel, string | number>;
+    ngOnInit(): void;
+    /** Check if passwords match */
+    readonly passwordsMatch: _angular_core.Signal<boolean>;
+    /** Check if form is valid */
+    readonly isFormValid: _angular_core.Signal<boolean>;
+    onCreateCompanyToggle(): void;
+    onSubmit(): void;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<RegisterPageComponent, never>;
+    static ɵcmp: _angular_core.ɵɵComponentDeclaration<RegisterPageComponent, "lib-register-page", never, { "returnUrl": { "alias": "returnUrl"; "required": false; "isSignal": true; }; }, {}, never, never, true, never>;
+}
+
+/** User form model interface */
+interface IUserFormModel {
+    name: string;
+    email: string;
+    password: string;
+    phone: string;
+    isActive: boolean;
+    emailVerified: boolean;
+}
+/**
+ * User Form Component
+ * Handles creating and editing users.
+ * When company feature is enabled, automatically assigns new users to current company/branch.
+ */
+declare class UserFormComponent implements OnInit {
+    private readonly destroyRef;
+    private readonly router;
+    private readonly route;
+    private readonly appConfig;
+    private readonly messageService;
+    private readonly userService;
+    private readonly permissionService;
+    private readonly authState;
+    /** Loading state */
+    readonly isLoading: _angular_core.WritableSignal<boolean>;
+    /** Existing user data when editing */
+    readonly existingUser: _angular_core.WritableSignal<IUser | null>;
+    /** Whether in edit mode */
+    readonly isEditMode: _angular_core.Signal<boolean>;
+    /** Whether company feature is enabled */
+    readonly companyFeatureEnabled: _angular_core.Signal<boolean>;
+    /** Current company name */
+    readonly currentCompanyName: _angular_core.Signal<string>;
+    /** Current branch name */
+    readonly currentBranchName: _angular_core.Signal<string>;
+    /** Form model */
+    readonly formModel: _angular_core.WritableSignal<IUserFormModel>;
+    /** Form with validation schema */
+    readonly formTree: _angular_forms_signals.FieldTree<IUserFormModel, string | number>;
+    /** Check if form is valid */
+    readonly isFormValid: _angular_core.Signal<boolean>;
+    ngOnInit(): void;
+    loadUser(id: string): void;
+    onSubmit(): void;
+    /**
+     * Assign user to current company and branch
+     */
+    private assignUserToCompanyAndBranch;
+    onCancel(): void;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<UserFormComponent, never>;
+    static ɵcmp: _angular_core.ɵɵComponentDeclaration<UserFormComponent, "lib-user-form", never, {}, {}, never, never, true, never>;
+}
+
+/**
+ * User List Component
+ * Displays a list of users with CRUD operations.
+ */
+declare class UserListComponent implements OnInit {
+    private readonly router;
+    private readonly appConfig;
+    private readonly messageService;
+    private readonly confirmationService;
+    private readonly userService;
+    /** Users from service */
+    readonly users: _angular_core.Signal<IUser[]>;
+    /** Loading state from service */
+    readonly isLoading: _angular_core.Signal<boolean>;
+    /** Total count from service */
+    readonly total: _angular_core.Signal<number>;
+    /** Whether company feature is enabled */
+    readonly companyFeatureEnabled: _angular_core.Signal<boolean>;
+    /** Dialog visibility */
+    readonly showCompanyDialog: _angular_core.WritableSignal<boolean>;
+    readonly showBranchDialog: _angular_core.WritableSignal<boolean>;
+    /** Selected user for permission management */
+    readonly selectedUser: _angular_core.WritableSignal<IUser | null>;
+    ngOnInit(): void;
+    loadUsers(): void;
+    onLazyLoad(event: {
+        first?: number | null;
+        rows?: number | null;
+    }): void;
+    onCreate(): void;
+    onEdit(user: IUser): void;
+    onManageCompanyPermissions(user: IUser): void;
+    onManageBranchPermissions(user: IUser): void;
+    onDelete(user: IUser): void;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<UserListComponent, never>;
+    static ɵcmp: _angular_core.ɵɵComponentDeclaration<UserListComponent, "lib-user-list", never, {}, {}, never, never, true, never>;
+}
+
+/**
+ * User Branch Permission Dialog
+ *
+ * Workflow:
+ * 1. Dialog opens → Shows company dropdown with user's permitted companies
+ * 2. User selects a company → Branches load for that company
+ * 3. Branches show with checkboxes (checked = already assigned)
+ * 4. Check to assign, uncheck to revoke
+ *
+ * Company dropdown only shows companies the user has company-level permissions for.
+ * Branch permissions can only be assigned within user's permitted companies.
+ */
+declare class UserBranchPermissionDialogComponent {
+    private readonly branchApi;
+    private readonly permissionApi;
+    private readonly authState;
+    private readonly messageService;
+    /** Dialog visibility */
+    readonly visible: _angular_core.InputSignal<boolean>;
+    /** User to manage permissions for */
+    readonly user: _angular_core.InputSignal<IUser | null>;
+    /** Close event */
+    readonly closed: _angular_core.OutputEmitterRef<void>;
+    /** Refresh event after changes */
+    readonly permissionsChanged: _angular_core.OutputEmitterRef<void>;
+    /** Loading state */
+    readonly isLoading: _angular_core.WritableSignal<boolean>;
+    /** Saving state */
+    readonly isSaving: _angular_core.WritableSignal<boolean>;
+    /** Branches with assignment status */
+    readonly branches: _angular_core.WritableSignal<BranchWithAssignment[]>;
+    /** Available companies (filtered by user's company permissions) */
+    readonly companies: _angular_core.WritableSignal<{
+        id: string;
+        name: string;
+    }[]>;
+    /** Selected company ID */
+    selectedCompanyId: string | null;
+    /** Current company from auth state */
+    readonly currentCompany: _angular_core.Signal<_flusys_ng_auth.ICompanyInfo | null>;
+    /** Currently assigned branch IDs */
+    private assignedBranchIds;
+    constructor();
+    /**
+     * Load user's assigned companies (does not auto-select or load branches)
+     */
+    private loadUserCompaniesAndData;
+    private loadData;
+    onCompanyChange(): void;
+    onBranchToggle(branch: BranchWithAssignment): Promise<void>;
+    onClose(): void;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<UserBranchPermissionDialogComponent, never>;
+    static ɵcmp: _angular_core.ɵɵComponentDeclaration<UserBranchPermissionDialogComponent, "lib-user-branch-permission-dialog", never, { "visible": { "alias": "visible"; "required": true; "isSignal": true; }; "user": { "alias": "user"; "required": true; "isSignal": true; }; }, { "closed": "closed"; "permissionsChanged": "permissionsChanged"; }, never, never, true, never>;
+}
+interface BranchWithAssignment extends IBranch {
+    isAssigned: boolean;
+}
+
+/**
+ * User Company Permission Dialog
+ * Shows all companies with checkboxes
+ * Initially assigned companies are checked
+ * Check to assign, uncheck to revoke
+ */
+declare class UserCompanyPermissionDialogComponent {
+    private readonly companyApi;
+    private readonly permissionApi;
+    private readonly messageService;
+    /** Dialog visibility */
+    readonly visible: _angular_core.InputSignal<boolean>;
+    /** User to manage permissions for */
+    readonly user: _angular_core.InputSignal<IUser | null>;
+    /** Close event */
+    readonly closed: _angular_core.OutputEmitterRef<void>;
+    /** Refresh event after changes */
+    readonly permissionsChanged: _angular_core.OutputEmitterRef<void>;
+    /** Loading state */
+    readonly isLoading: _angular_core.WritableSignal<boolean>;
+    /** Saving state */
+    readonly isSaving: _angular_core.WritableSignal<boolean>;
+    /** Companies with assignment status */
+    readonly companies: _angular_core.WritableSignal<CompanyWithAssignment[]>;
+    /** Currently assigned company IDs */
+    private assignedCompanyIds;
+    constructor();
+    private loadData;
+    onCompanyToggle(company: CompanyWithAssignment): Promise<void>;
+    onClose(): void;
+    static ɵfac: _angular_core.ɵɵFactoryDeclaration<UserCompanyPermissionDialogComponent, never>;
+    static ɵcmp: _angular_core.ɵɵComponentDeclaration<UserCompanyPermissionDialogComponent, "lib-user-company-permission-dialog", never, { "visible": { "alias": "visible"; "required": true; "isSignal": true; }; "user": { "alias": "user"; "required": true; "isSignal": true; }; }, { "closed": "closed"; "permissionsChanged": "permissionsChanged"; }, never, never, true, never>;
+}
+interface CompanyWithAssignment extends ICompany {
+    isAssigned: boolean;
+}
+
+export { ADMINISTRATION_ROUTES, AUTH_ENDPOINTS, AUTH_ROUTES, AdministrationPageComponent, AuthApiService, AuthCompanyApiProviderAdapter, AuthInitService, AuthLayoutApiAdapter, AuthLayoutStateAdapter, AuthStateService, AuthUserPermissionProviderAdapter, AuthUserProviderAdapter, BranchApiService, BranchFormComponent, BranchListComponent, CompanyApiService, CompanyFormComponent, CompanyListComponent, LoginPageComponent, RegisterPageComponent, TokenRefreshStateService, UserApiService, UserBranchPermissionDialogComponent, UserCompanyPermissionDialogComponent, UserFormComponent, UserListComponent, UserPermissionApiService, authGuard, authInterceptor, companyFeatureGuard, guestGuard, isAuthEndpoint, isCompanySelectionResponse, isEndpoint, isLoginResponse, provideAuthLayoutIntegration, provideAuthProviders, tokenRefreshInterceptor };
+export type { AuthResponse, IAssignUserBranchRequest, IAssignUserCompanyRequest, IBatchOperationResponse, IBranch, IBranchInfo, IBranchSelectionInfo, IChangePasswordRequest, ICompany, ICompanyInfo, ICompanySelectionResponse, ICompanyWithBranches, ICreateBranchRequest, ICreateCompanyRequest, ICreateUserRequest, ILoginRequest, ILoginResponse, IMeResponse, IPermissionItem, IRefreshTokenResponse, IRegistrationRequest, IRegistrationResponse, ISelectRequest, ISwitchCompanyRequest, IUpdateBranchRequest, IUpdateCompanyRequest, IUpdateUserRequest, IUser, IUserBranchPermission, IUserBranchesResponse, IUserCompaniesResponse, IUserCompanyPermission, IUserInfo };