feat(MP-29): navigation core module, auth guards & shell wiring\n\n- Establish :frontend:core:navigation module with DeepLinkHandler\n- Introduce NavigationPort & CurrentUserProvider (DI)\n- Harden admin routes against AppRoles.ADMIN\n- Wire Koin in JS/JVM/Wasm shells (navigationModule)\n- Remove legacy DeepLinkHandler from shared\n- Add unit tests for guard logic\n\nRef: MP-29 (#24)

frontend/shells/meldestelle-portal/src/commonMain/kotlin/navigation/ShellNavigationModule.kt

@@ -0,0 +1,39 @@
+package navigation
+
+import at.mocode.clients.authfeature.AuthTokenManager
+import at.mocode.frontend.core.domain.models.User
+import at.mocode.frontend.core.navigation.CurrentUserProvider
+import at.mocode.frontend.core.navigation.DeepLinkHandler
+import at.mocode.frontend.core.navigation.NavigationPort
+import org.koin.dsl.module
+
+class ShellCurrentUserProvider(
+  private val authTokenManager: AuthTokenManager,
+) : CurrentUserProvider {
+  override fun getCurrentUser(): User? {
+    val state = authTokenManager.authState.value
+    if (!state.isAuthenticated) return null
+    // Roles are not yet modeled in AuthState; provide empty list for now
+    return User(
+      id = state.userId ?: state.username ?: "unknown",
+      username = state.username ?: state.userId ?: "unknown",
+      displayName = null,
+      roles = emptyList(),
+    )
+  }
+}
+
+class NoopNavigationPort : NavigationPort {
+  var lastRoute: String? = null
+  override fun navigateTo(route: String) {
+    lastRoute = route
+    // Simple logging; actual routing is handled elsewhere in the shell
+    println("[NavigationPort] navigateTo $route")
+  }
+}
+
+val navigationModule = module {
+  single<CurrentUserProvider> { ShellCurrentUserProvider(get()) }
+  single<NavigationPort> { NoopNavigationPort() }
+  single { DeepLinkHandler(get(), get()) }
+}