feat(web): I1 shell and I2 customer/project UI

Vue 3 + Element Plus layout with JWT login, RBAC routes, axios 401
handling with token restore, and Customers/Projects views wired to
platform APIs.

Made-with: Cursor

web/delivery-platform-ui/src/router/index.js

@@ -0,0 +1,57 @@
+import { createRouter, createWebHistory } from "vue-router";
+import { useAuthStore } from "../stores/auth";
+
+const routes = [
+  { path: "/login", name: "login", component: () => import("../views/LoginView.vue") },
+  {
+    path: "/",
+    component: () => import("../layout/MainLayout.vue"),
+    meta: { requiresAuth: true },
+    children: [
+      {
+        path: "",
+        name: "home",
+        component: () => import("../views/HomeView.vue"),
+        meta: { roles: ["SYS_ADMIN", "DEVELOPER"] },
+      },
+      {
+        path: "customers",
+        name: "customers",
+        component: () => import("../views/CustomersView.vue"),
+        meta: { roles: ["SYS_ADMIN", "DEVELOPER"] },
+      },
+      {
+        path: "projects",
+        name: "projects",
+        component: () => import("../views/ProjectsView.vue"),
+        meta: { roles: ["SYS_ADMIN", "DEVELOPER"] },
+      },
+    ],
+  },
+  { path: "/403", name: "forbidden", component: () => import("../views/ForbiddenView.vue") },
+  { path: "/:pathMatch(.*)*", name: "notfound", component: () => import("../views/NotFoundView.vue") },
+];
+
+const router = createRouter({
+  history: createWebHistory(),
+  routes,
+});
+
+function hasRoleAccess(metaRoles, userRoles) {
+  if (!metaRoles || metaRoles.length === 0) return true;
+  const set = new Set(userRoles || []);
+  return metaRoles.some((r) => set.has(r));
+}
+
+router.beforeEach((to) => {
+  const auth = useAuthStore();
+  if (to.meta.requiresAuth && !auth.token) {
+    return { name: "login", query: { redirect: to.fullPath } };
+  }
+  if (to.meta.requiresAuth && to.meta.roles && !hasRoleAccess(to.meta.roles, auth.roles)) {
+    return { name: "forbidden" };
+  }
+  return true;
+});
+
+export default router;