[CLAUDE] Phase1: foundation - BE Clean Arch + Identity + JWT + 2 FE React + login E2E

Backend (.NET 10):
- Domain: BaseEntity/AuditableEntity, ContractType/Phase/ApprovalDecision enums, User/Role (Identity<Guid>), AppRoles (12 const)
- Application: IApplicationDbContext/ICurrentUser/IDateTime/IJwtTokenService, custom exceptions, ValidationBehavior (MediatR pipeline), Auth CQRS (Login/Refresh/Me), DependencyInjection
- Infrastructure: ApplicationDbContext (IdentityDbContext), AuditingInterceptor (auto audit + soft delete), DbInitializer (seed 12 role + admin), DesignTimeDbContextFactory, JwtTokenService, DateTimeService, DI
- Api: CurrentUserService, GlobalExceptionMiddleware (ProblemDetails), AuthController, Program.cs rewrite (Serilog + JWT + CORS + Swagger), appsettings + launchSettings (port 5443)
- Migration Init applied to SolutionErp_Dev LocalDB

Frontend (React 19 + Vite 8 + Tailwind 4):
- fe-admin (:8082 blue) + fe-user (:8080 emerald) - shared structure, khac menu + brand color
- Tailwind 4 via @tailwindcss/vite plugin, theme brand colors
- AuthContext (localStorage token), ProtectedRoute, Layout (sidebar + header)
- UI kit: Button/Input/Label (CVA + Tailwind)
- LoginPage voi toast error, DashboardPage/InboxPage placeholder
- Axios interceptor: auto Bearer + 401 redirect
- TanStack Query client, React Router 7, Sonner toast

Package downgrades (do .NET 10 / TS 6 compat):
- MediatR 14 -> 12.4.1 (v14 breaking changes)
- Swashbuckle 10 -> 6.9.0 (v10 khong tuong thich OpenApi 2)
- Removed Microsoft.AspNetCore.OpenApi (conflict voi Swashbuckle)

E2E verified: POST /api/auth/login qua Vite proxy ca 2 FE -> JWT + user info

Credentials seed: admin@solutionerp.local / Admin@123456

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/Backend/SolutionErp.Domain/Identity/AppRoles.cs

@@ -0,0 +1,23 @@
+namespace SolutionErp.Domain.Identity;
+
+public static class AppRoles
+{
+    public const string Admin = "Admin";
+    public const string Drafter = "Drafter";
+    public const string DeptManager = "DeptManager";
+    public const string ProjectManager = "ProjectManager";
+    public const string Procurement = "Procurement";
+    public const string CostControl = "CostControl";
+    public const string Finance = "Finance";
+    public const string Accounting = "Accounting";
+    public const string Equipment = "Equipment";
+    public const string Director = "Director";
+    public const string AuthorizedSigner = "AuthorizedSigner";
+    public const string HrAdmin = "HrAdmin";
+
+    public static readonly string[] All = [
+        Admin, Drafter, DeptManager, ProjectManager,
+        Procurement, CostControl, Finance, Accounting, Equipment,
+        Director, AuthorizedSigner, HrAdmin,
+    ];
+}

src/Backend/SolutionErp.Domain/Identity/Role.cs

@@ -0,0 +1,9 @@
+using Microsoft.AspNetCore.Identity;
+
+namespace SolutionErp.Domain.Identity;
+
+public class Role : IdentityRole<Guid>
+{
+    public string? Description { get; set; }
+    public DateTime CreatedAt { get; set; }
+}

src/Backend/SolutionErp.Domain/Identity/User.cs

@@ -0,0 +1,13 @@
+using Microsoft.AspNetCore.Identity;
+
+namespace SolutionErp.Domain.Identity;
+
+public class User : IdentityUser<Guid>
+{
+    public string FullName { get; set; } = string.Empty;
+    public string? RefreshToken { get; set; }
+    public DateTime? RefreshTokenExpiresAt { get; set; }
+    public bool IsActive { get; set; } = true;
+    public DateTime CreatedAt { get; set; }
+    public DateTime? UpdatedAt { get; set; }
+}