# Application Flow Summary - Phase 1

1. User opens `/login` and authenticates via session.
2. On login, system records `activity_logs` entry.
3. Route middleware verifies `auth`, then `role` permissions.
4. User is redirected to admin or employee dashboard.
5. Admin manages employees through service-repository layer:
   - Controller validates request.
   - Service runs transactional business logic.
   - Repository handles retrieval logic.
6. Create/update/delete operations create activity log entries.
7. Header notification dropdown pulls latest user notifications.
8. Settings page updates global settings table.

This architecture is API-ready because business logic is separated from controllers and reusable for API controllers in future phases.