@cedros/login-react 0.0.12 → 0.0.13

package/dist/useOrgs-Be3KH4ib.js

@@ -0,0 +1,215 @@
+import { useState as f, useMemo as G, useRef as C, useEffect as S, useCallback as u } from "react";
+import { A as K, h as g, u as x } from "./apiClient-B2JxVPlH.js";
+class M {
+  client;
+  constructor(e, t, h, l) {
+    this.client = new K({ baseUrl: e, timeoutMs: t, retryAttempts: h, getAccessToken: l });
+  }
+  /**
+   * List all organizations the current user belongs to
+   */
+  async listOrgs() {
+    try {
+      return (await this.client.get("/orgs")).orgs.map((t) => ({
+        ...t,
+        membership: {
+          orgId: t.id,
+          role: t.role
+        }
+      }));
+    } catch (e) {
+      throw g(e, "Failed to list organizations");
+    }
+  }
+  /**
+   * Get a single organization by ID
+   */
+  async getOrg(e) {
+    try {
+      return await this.client.get(`/orgs/${e}`);
+    } catch (t) {
+      throw g(t, "Failed to get organization");
+    }
+  }
+  /**
+   * Create a new organization
+   */
+  async createOrg(e) {
+    try {
+      return await this.client.post("/orgs", e);
+    } catch (t) {
+      throw g(t, "Failed to create organization");
+    }
+  }
+  /**
+   * Update an organization
+   */
+  async updateOrg(e, t) {
+    try {
+      return await this.client.patch(`/orgs/${e}`, t);
+    } catch (h) {
+      throw g(h, "Failed to update organization");
+    }
+  }
+  /**
+   * Delete an organization
+   */
+  async deleteOrg(e) {
+    try {
+      await this.client.delete(`/orgs/${e}`);
+    } catch (t) {
+      throw g(t, "Failed to delete organization");
+    }
+  }
+  /**
+   * Check authorization for an action
+   */
+  async authorize(e) {
+    try {
+      return await this.client.post("/authorize", e);
+    } catch (t) {
+      throw g(t, "Failed to check authorization");
+    }
+  }
+  /**
+   * Get current user's permissions in an organization
+   */
+  async getPermissions(e) {
+    try {
+      return await this.client.post("/permissions", { orgId: e });
+    } catch (t) {
+      throw g(t, "Failed to get permissions");
+    }
+  }
+}
+const v = "cedros_active_org";
+function V(a) {
+  try {
+    return localStorage.getItem(a);
+  } catch {
+    return null;
+  }
+}
+function P(a, e) {
+  try {
+    localStorage.setItem(a, e);
+  } catch {
+  }
+}
+function j() {
+  const { config: a, user: e, authState: t, _internal: h } = x(), l = typeof window < "u" && !!window.localStorage, [m, E] = f([]), [_, w] = f(null), [A, y] = f([]), [T, O] = f(null), [k, c] = f(t === "authenticated"), [L, i] = f(null), z = G(
+    () => new M(
+      a.serverUrl,
+      a.requestTimeout,
+      a.retryAttempts,
+      h?.getAccessToken
+    ),
+    [a.serverUrl, a.requestTimeout, a.retryAttempts, h]
+  ), d = C(z);
+  S(() => {
+    d.current = z;
+  }, [z]);
+  const p = u(async (r) => {
+    try {
+      const s = await d.current.getPermissions(r);
+      y(s.permissions), O(s.role);
+    } catch {
+      y([]), O(null);
+    }
+  }, []), I = C(async () => {
+  }), o = u(async () => {
+    if (t !== "authenticated" || !e) {
+      E([]), w(null), y([]), O(null);
+      return;
+    }
+    c(!0), i(null);
+    try {
+      const r = await d.current.listOrgs();
+      E(r);
+      const s = l ? V(v) : null;
+      let n = r.find((R) => R.id === s);
+      !n && r.length > 0 && (n = r.find((R) => R.isPersonal) || r[0]), n ? (w(n), l && P(v, n.id), await p(n.id)) : (w(null), y([]), O(null));
+    } catch (r) {
+      i(r);
+    } finally {
+      c(!1);
+    }
+  }, [t, e, p, l]);
+  S(() => {
+    I.current = o;
+  }, [o]);
+  const F = C(!1);
+  S(() => {
+    t === "authenticated" && !F.current ? (F.current = !0, I.current()) : t !== "authenticated" && (F.current = !1);
+  }, [t]);
+  const N = u(
+    async (r) => {
+      const s = m.find((n) => n.id === r);
+      if (!s) {
+        i({ code: "UNKNOWN_ERROR", message: "Organization not found" });
+        return;
+      }
+      w(s), l && P(v, r), await p(r);
+    },
+    [m, p, l]
+  ), U = u(
+    async (r) => {
+      c(!0), i(null);
+      try {
+        const s = await d.current.createOrg(r);
+        return await o(), s;
+      } catch (s) {
+        throw i(s), s;
+      } finally {
+        c(!1);
+      }
+    },
+    [o]
+  ), $ = u(
+    async (r, s) => {
+      c(!0), i(null);
+      try {
+        const n = await d.current.updateOrg(r, s);
+        return await o(), n;
+      } catch (n) {
+        throw i(n), n;
+      } finally {
+        c(!1);
+      }
+    },
+    [o]
+  ), b = u(
+    async (r) => {
+      c(!0), i(null);
+      try {
+        await d.current.deleteOrg(r), await o();
+      } catch (s) {
+        throw i(s), s;
+      } finally {
+        c(!1);
+      }
+    },
+    [o]
+  ), q = u(
+    (r) => A.includes(r),
+    [A]
+  );
+  return {
+    orgs: m,
+    activeOrg: _,
+    permissions: A,
+    role: T,
+    isLoading: k,
+    error: L,
+    fetchOrgs: o,
+    switchOrg: N,
+    createOrg: U,
+    updateOrg: $,
+    deleteOrg: b,
+    hasPermission: q
+  };
+}
+export {
+  M as O,
+  j as u
+};

package/dist/useOrgs-Be3KH4ib.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useOrgs-Be3KH4ib.js","sources":["../src/utils/orgApi.ts","../src/hooks/useOrgs.ts"],"sourcesContent":["import type {\n  Organization,\n  OrgWithMembership,\n  CreateOrgRequest,\n  UpdateOrgRequest,\n  ListOrgsResponse,\n  AuthorizeRequest,\n  AuthorizeResponse,\n  PermissionsResponse,\n} from '../types';\nimport { ApiClient, handleApiError } from './apiClient';\n\n/**\n * API client for organization operations\n */\nexport class OrgApiClient {\n  private client: ApiClient;\n\n  constructor(\n    baseUrl: string,\n    timeoutMs?: number,\n    retryAttempts?: number,\n    getAccessToken?: () => string | null\n  ) {\n    this.client = new ApiClient({ baseUrl, timeoutMs, retryAttempts, getAccessToken });\n  }\n\n  /**\n   * List all organizations the current user belongs to\n   */\n  async listOrgs(): Promise<OrgWithMembership[]> {\n    try {\n      const response = await this.client.get<ListOrgsResponse>('/orgs');\n      return response.orgs.map((org) => ({\n        ...org,\n        membership: {\n          orgId: org.id,\n          role: org.role,\n        },\n      }));\n    } catch (error) {\n      throw handleApiError(error, 'Failed to list organizations');\n    }\n  }\n\n  /**\n   * Get a single organization by ID\n   */\n  async getOrg(orgId: string): Promise<Organization> {\n    try {\n      return await this.client.get<Organization>(`/orgs/${orgId}`);\n    } catch (error) {\n      throw handleApiError(error, 'Failed to get organization');\n    }\n  }\n\n  /**\n   * Create a new organization\n   */\n  async createOrg(data: CreateOrgRequest): Promise<Organization> {\n    try {\n      return await this.client.post<Organization>('/orgs', data);\n    } catch (error) {\n      throw handleApiError(error, 'Failed to create organization');\n    }\n  }\n\n  /**\n   * Update an organization\n   */\n  async updateOrg(orgId: string, data: UpdateOrgRequest): Promise<Organization> {\n    try {\n      return await this.client.patch<Organization>(`/orgs/${orgId}`, data);\n    } catch (error) {\n      throw handleApiError(error, 'Failed to update organization');\n    }\n  }\n\n  /**\n   * Delete an organization\n   */\n  async deleteOrg(orgId: string): Promise<void> {\n    try {\n      await this.client.delete<void>(`/orgs/${orgId}`);\n    } catch (error) {\n      throw handleApiError(error, 'Failed to delete organization');\n    }\n  }\n\n  /**\n   * Check authorization for an action\n   */\n  async authorize(data: AuthorizeRequest): Promise<AuthorizeResponse> {\n    try {\n      return await this.client.post<AuthorizeResponse>('/authorize', data);\n    } catch (error) {\n      throw handleApiError(error, 'Failed to check authorization');\n    }\n  }\n\n  /**\n   * Get current user's permissions in an organization\n   */\n  async getPermissions(orgId: string): Promise<PermissionsResponse> {\n    try {\n      return await this.client.post<PermissionsResponse>('/permissions', { orgId });\n    } catch (error) {\n      throw handleApiError(error, 'Failed to get permissions');\n    }\n  }\n}\n","import { useState, useCallback, useMemo, useRef, useEffect } from 'react';\nimport type {\n  OrgWithMembership,\n  Organization,\n  CreateOrgRequest,\n  UpdateOrgRequest,\n  Permission,\n  OrgRole,\n  AuthError,\n} from '../types';\nimport { useCedrosLogin } from '../context/useCedrosLogin';\nimport { OrgApiClient } from '../utils/orgApi';\n\nexport interface UseOrgsReturn {\n  /** All organizations the user belongs to */\n  orgs: OrgWithMembership[];\n  /** Currently active organization */\n  activeOrg: OrgWithMembership | null;\n  /** User's permissions in the active org */\n  permissions: Permission[];\n  /** User's role in the active org */\n  role: OrgRole | null;\n  /** Loading state */\n  isLoading: boolean;\n  /** Error state */\n  error: AuthError | null;\n  /** Fetch/refresh organizations list */\n  fetchOrgs: () => Promise<void>;\n  /** Switch to a different organization */\n  switchOrg: (orgId: string) => Promise<void>;\n  /** Create a new organization */\n  createOrg: (data: CreateOrgRequest) => Promise<Organization>;\n  /** Update an organization */\n  updateOrg: (orgId: string, data: UpdateOrgRequest) => Promise<Organization>;\n  /** Delete an organization */\n  deleteOrg: (orgId: string) => Promise<void>;\n  /** Check if user has a specific permission */\n  hasPermission: (permission: Permission) => boolean;\n}\n\nconst ACTIVE_ORG_KEY = 'cedros_active_org';\n\n// P-06: Safe localStorage helpers to handle private browsing and quota errors\nfunction safeGetItem(key: string): string | null {\n  try {\n    return localStorage.getItem(key);\n  } catch {\n    return null;\n  }\n}\n\nfunction safeSetItem(key: string, value: string): void {\n  try {\n    localStorage.setItem(key, value);\n  } catch {\n    // Ignore - private browsing or quota exceeded\n  }\n}\n\n/**\n * Hook for managing organizations, memberships, and permissions.\n *\n * @example\n * ```tsx\n * function OrgSelector() {\n *   const { orgs, activeOrg, switchOrg, hasPermission } = useOrgs();\n *\n *   return (\n *     <select\n *       value={activeOrg?.id}\n *       onChange={(e) => switchOrg(e.target.value)}\n *     >\n *       {orgs.map(org => (\n *         <option key={org.id} value={org.id}>{org.name}</option>\n *       ))}\n *     </select>\n *   );\n * }\n * ```\n */\nexport function useOrgs(): UseOrgsReturn {\n  const { config, user, authState, _internal } = useCedrosLogin();\n  const hasStorage = typeof window !== 'undefined' && !!window.localStorage;\n\n  const [orgs, setOrgs] = useState<OrgWithMembership[]>([]);\n  const [activeOrg, setActiveOrg] = useState<OrgWithMembership | null>(null);\n  const [permissions, setPermissions] = useState<Permission[]>([]);\n  const [role, setRole] = useState<OrgRole | null>(null);\n  const [isLoading, setIsLoading] = useState(authState === 'authenticated');\n  const [error, setError] = useState<AuthError | null>(null);\n\n  // M-03: Memoize API client and use ref to prevent callback dependency cascades\n  const apiClient = useMemo(\n    () =>\n      new OrgApiClient(\n        config.serverUrl,\n        config.requestTimeout,\n        config.retryAttempts,\n        _internal?.getAccessToken\n      ),\n    [config.serverUrl, config.requestTimeout, config.retryAttempts, _internal]\n  );\n\n  // M-03: Store apiClient in ref to stabilize callback dependencies\n  const apiClientRef = useRef(apiClient);\n  useEffect(() => {\n    apiClientRef.current = apiClient;\n  }, [apiClient]);\n\n  // M-03: Use ref in callback to break dependency chain\n  const loadPermissions = useCallback(async (orgId: string) => {\n    try {\n      const response = await apiClientRef.current.getPermissions(orgId);\n      setPermissions(response.permissions);\n      setRole(response.role);\n    } catch {\n      // Permissions loading failure is non-fatal, just clear them\n      setPermissions([]);\n      setRole(null);\n    }\n  }, []);\n\n  // Ref to latest fetchOrgs for stable auto-fetch effect\n  const fetchOrgsRef = useRef<() => Promise<void>>(async () => {});\n\n  // M-03: Use ref to break apiClient dependency chain\n  const fetchOrgs = useCallback(async () => {\n    if (authState !== 'authenticated' || !user) {\n      setOrgs([]);\n      setActiveOrg(null);\n      setPermissions([]);\n      setRole(null);\n      return;\n    }\n\n    setIsLoading(true);\n    setError(null);\n\n    try {\n      const fetchedOrgs = await apiClientRef.current.listOrgs();\n      setOrgs(fetchedOrgs);\n\n      // P-06: Restore active org from localStorage with safe access\n      const savedOrgId = hasStorage ? safeGetItem(ACTIVE_ORG_KEY) : null;\n      let selectedOrg = fetchedOrgs.find((org) => org.id === savedOrgId);\n\n      if (!selectedOrg && fetchedOrgs.length > 0) {\n        // Default to personal org or first org\n        selectedOrg = fetchedOrgs.find((org) => org.isPersonal) || fetchedOrgs[0];\n      }\n\n      if (selectedOrg) {\n        setActiveOrg(selectedOrg);\n        if (hasStorage) {\n          safeSetItem(ACTIVE_ORG_KEY, selectedOrg.id);\n        }\n        await loadPermissions(selectedOrg.id);\n      } else {\n        setActiveOrg(null);\n        setPermissions([]);\n        setRole(null);\n      }\n    } catch (err) {\n      setError(err as AuthError);\n    } finally {\n      setIsLoading(false);\n    }\n  }, [authState, user, loadPermissions, hasStorage]);\n\n  // Keep fetchOrgsRef current so auto-fetch always calls the latest version\n  useEffect(() => {\n    fetchOrgsRef.current = fetchOrgs;\n  }, [fetchOrgs]);\n\n  // Auto-fetch orgs when auth becomes ready.\n  // Uses only `authState` (a string) as dep — immune to object-identity churn\n  // from the AdminShell bridge recreating `user` objects.\n  const hasAutoFetched = useRef(false);\n  useEffect(() => {\n    if (authState === 'authenticated' && !hasAutoFetched.current) {\n      hasAutoFetched.current = true;\n      fetchOrgsRef.current();\n    } else if (authState !== 'authenticated') {\n      hasAutoFetched.current = false;\n    }\n  }, [authState]);\n\n  const switchOrg = useCallback(\n    async (orgId: string) => {\n      const org = orgs.find((o) => o.id === orgId);\n      if (!org) {\n        setError({ code: 'UNKNOWN_ERROR', message: 'Organization not found' });\n        return;\n      }\n\n      setActiveOrg(org);\n      if (hasStorage) {\n        safeSetItem(ACTIVE_ORG_KEY, orgId);\n      }\n      await loadPermissions(orgId);\n    },\n    [orgs, loadPermissions, hasStorage]\n  );\n\n  // M-03: Use ref to break apiClient dependency chain\n  const createOrg = useCallback(\n    async (data: CreateOrgRequest): Promise<Organization> => {\n      setIsLoading(true);\n      setError(null);\n\n      try {\n        const newOrg = await apiClientRef.current.createOrg(data);\n        // Refresh orgs list to include the new org with membership\n        await fetchOrgs();\n        return newOrg;\n      } catch (err) {\n        setError(err as AuthError);\n        throw err;\n      } finally {\n        setIsLoading(false);\n      }\n    },\n    [fetchOrgs]\n  );\n\n  const updateOrg = useCallback(\n    async (orgId: string, data: UpdateOrgRequest): Promise<Organization> => {\n      setIsLoading(true);\n      setError(null);\n\n      try {\n        const updatedOrg = await apiClientRef.current.updateOrg(orgId, data);\n        // Refresh orgs list to reflect changes\n        await fetchOrgs();\n        return updatedOrg;\n      } catch (err) {\n        setError(err as AuthError);\n        throw err;\n      } finally {\n        setIsLoading(false);\n      }\n    },\n    [fetchOrgs]\n  );\n\n  const deleteOrg = useCallback(\n    async (orgId: string): Promise<void> => {\n      setIsLoading(true);\n      setError(null);\n\n      try {\n        await apiClientRef.current.deleteOrg(orgId);\n        // Refresh orgs list\n        await fetchOrgs();\n      } catch (err) {\n        setError(err as AuthError);\n        throw err;\n      } finally {\n        setIsLoading(false);\n      }\n    },\n    [fetchOrgs]\n  );\n\n  const hasPermission = useCallback(\n    (permission: Permission): boolean => {\n      return permissions.includes(permission);\n    },\n    [permissions]\n  );\n\n  return {\n    orgs,\n    activeOrg,\n    permissions,\n    role,\n    isLoading,\n    error,\n    fetchOrgs,\n    switchOrg,\n    createOrg,\n    updateOrg,\n    deleteOrg,\n    hasPermission,\n  };\n}\n"],"names":["OrgApiClient","baseUrl","timeoutMs","retryAttempts","getAccessToken","ApiClient","org","error","handleApiError","orgId","data","ACTIVE_ORG_KEY","safeGetItem","key","safeSetItem","value","useOrgs","config","user","authState","_internal","useCedrosLogin","hasStorage","orgs","setOrgs","useState","activeOrg","setActiveOrg","permissions","setPermissions","role","setRole","isLoading","setIsLoading","setError","apiClient","useMemo","apiClientRef","useRef","useEffect","loadPermissions","useCallback","response","fetchOrgsRef","fetchOrgs","fetchedOrgs","savedOrgId","selectedOrg","err","hasAutoFetched","switchOrg","o","createOrg","newOrg","updateOrg","updatedOrg","deleteOrg","hasPermission","permission"],"mappings":";;AAeO,MAAMA,EAAa;AAAA,EAChB;AAAA,EAER,YACEC,GACAC,GACAC,GACAC,GACA;AACA,SAAK,SAAS,IAAIC,EAAU,EAAE,SAAAJ,GAAS,WAAAC,GAAW,eAAAC,GAAe,gBAAAC,GAAgB;AAAA,EACnF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAyC;AAC7C,QAAI;AAEF,cADiB,MAAM,KAAK,OAAO,IAAsB,OAAO,GAChD,KAAK,IAAI,CAACE,OAAS;AAAA,QACjC,GAAGA;AAAA,QACH,YAAY;AAAA,UACV,OAAOA,EAAI;AAAA,UACX,MAAMA,EAAI;AAAA,QAAA;AAAA,MACZ,EACA;AAAA,IACJ,SAASC,GAAO;AACd,YAAMC,EAAeD,GAAO,8BAA8B;AAAA,IAC5D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAOE,GAAsC;AACjD,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,IAAkB,SAASA,CAAK,EAAE;AAAA,IAC7D,SAASF,GAAO;AACd,YAAMC,EAAeD,GAAO,4BAA4B;AAAA,IAC1D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAUG,GAA+C;AAC7D,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,KAAmB,SAASA,CAAI;AAAA,IAC3D,SAASH,GAAO;AACd,YAAMC,EAAeD,GAAO,+BAA+B;AAAA,IAC7D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAUE,GAAeC,GAA+C;AAC5E,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,MAAoB,SAASD,CAAK,IAAIC,CAAI;AAAA,IACrE,SAASH,GAAO;AACd,YAAMC,EAAeD,GAAO,+BAA+B;AAAA,IAC7D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAUE,GAA8B;AAC5C,QAAI;AACF,YAAM,KAAK,OAAO,OAAa,SAASA,CAAK,EAAE;AAAA,IACjD,SAASF,GAAO;AACd,YAAMC,EAAeD,GAAO,+BAA+B;AAAA,IAC7D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAUG,GAAoD;AAClE,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,KAAwB,cAAcA,CAAI;AAAA,IACrE,SAASH,GAAO;AACd,YAAMC,EAAeD,GAAO,+BAA+B;AAAA,IAC7D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAeE,GAA6C;AAChE,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,KAA0B,gBAAgB,EAAE,OAAAA,GAAO;AAAA,IAC9E,SAASF,GAAO;AACd,YAAMC,EAAeD,GAAO,2BAA2B;AAAA,IACzD;AAAA,EACF;AACF;ACtEA,MAAMI,IAAiB;AAGvB,SAASC,EAAYC,GAA4B;AAC/C,MAAI;AACF,WAAO,aAAa,QAAQA,CAAG;AAAA,EACjC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAASC,EAAYD,GAAaE,GAAqB;AACrD,MAAI;AACF,iBAAa,QAAQF,GAAKE,CAAK;AAAA,EACjC,QAAQ;AAAA,EAER;AACF;AAuBO,SAASC,IAAyB;AACvC,QAAM,EAAE,QAAAC,GAAQ,MAAAC,GAAM,WAAAC,GAAW,WAAAC,EAAA,IAAcC,EAAA,GACzCC,IAAa,OAAO,SAAW,OAAe,CAAC,CAAC,OAAO,cAEvD,CAACC,GAAMC,CAAO,IAAIC,EAA8B,CAAA,CAAE,GAClD,CAACC,GAAWC,CAAY,IAAIF,EAAmC,IAAI,GACnE,CAACG,GAAaC,CAAc,IAAIJ,EAAuB,CAAA,CAAE,GACzD,CAACK,GAAMC,CAAO,IAAIN,EAAyB,IAAI,GAC/C,CAACO,GAAWC,CAAY,IAAIR,EAASN,MAAc,eAAe,GAClE,CAACZ,GAAO2B,CAAQ,IAAIT,EAA2B,IAAI,GAGnDU,IAAYC;AAAA,IAChB,MACE,IAAIpC;AAAA,MACFiB,EAAO;AAAA,MACPA,EAAO;AAAA,MACPA,EAAO;AAAA,MACPG,GAAW;AAAA,IAAA;AAAA,IAEf,CAACH,EAAO,WAAWA,EAAO,gBAAgBA,EAAO,eAAeG,CAAS;AAAA,EAAA,GAIrEiB,IAAeC,EAAOH,CAAS;AACrC,EAAAI,EAAU,MAAM;AACd,IAAAF,EAAa,UAAUF;AAAA,EACzB,GAAG,CAACA,CAAS,CAAC;AAGd,QAAMK,IAAkBC,EAAY,OAAOhC,MAAkB;AAC3D,QAAI;AACF,YAAMiC,IAAW,MAAML,EAAa,QAAQ,eAAe5B,CAAK;AAChE,MAAAoB,EAAea,EAAS,WAAW,GACnCX,EAAQW,EAAS,IAAI;AAAA,IACvB,QAAQ;AAEN,MAAAb,EAAe,CAAA,CAAE,GACjBE,EAAQ,IAAI;AAAA,IACd;AAAA,EACF,GAAG,CAAA,CAAE,GAGCY,IAAeL,EAA4B,YAAY;AAAA,EAAC,CAAC,GAGzDM,IAAYH,EAAY,YAAY;AACxC,QAAItB,MAAc,mBAAmB,CAACD,GAAM;AAC1C,MAAAM,EAAQ,CAAA,CAAE,GACVG,EAAa,IAAI,GACjBE,EAAe,CAAA,CAAE,GACjBE,EAAQ,IAAI;AACZ;AAAA,IACF;AAEA,IAAAE,EAAa,EAAI,GACjBC,EAAS,IAAI;AAEb,QAAI;AACF,YAAMW,IAAc,MAAMR,EAAa,QAAQ,SAAA;AAC/C,MAAAb,EAAQqB,CAAW;AAGnB,YAAMC,IAAaxB,IAAaV,EAAYD,CAAc,IAAI;AAC9D,UAAIoC,IAAcF,EAAY,KAAK,CAACvC,MAAQA,EAAI,OAAOwC,CAAU;AAEjE,MAAI,CAACC,KAAeF,EAAY,SAAS,MAEvCE,IAAcF,EAAY,KAAK,CAACvC,MAAQA,EAAI,UAAU,KAAKuC,EAAY,CAAC,IAGtEE,KACFpB,EAAaoB,CAAW,GACpBzB,KACFR,EAAYH,GAAgBoC,EAAY,EAAE,GAE5C,MAAMP,EAAgBO,EAAY,EAAE,MAEpCpB,EAAa,IAAI,GACjBE,EAAe,CAAA,CAAE,GACjBE,EAAQ,IAAI;AAAA,IAEhB,SAASiB,GAAK;AACZ,MAAAd,EAASc,CAAgB;AAAA,IAC3B,UAAA;AACE,MAAAf,EAAa,EAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAACd,GAAWD,GAAMsB,GAAiBlB,CAAU,CAAC;AAGjD,EAAAiB,EAAU,MAAM;AACd,IAAAI,EAAa,UAAUC;AAAA,EACzB,GAAG,CAACA,CAAS,CAAC;AAKd,QAAMK,IAAiBX,EAAO,EAAK;AACnC,EAAAC,EAAU,MAAM;AACd,IAAIpB,MAAc,mBAAmB,CAAC8B,EAAe,WACnDA,EAAe,UAAU,IACzBN,EAAa,QAAA,KACJxB,MAAc,oBACvB8B,EAAe,UAAU;AAAA,EAE7B,GAAG,CAAC9B,CAAS,CAAC;AAEd,QAAM+B,IAAYT;AAAA,IAChB,OAAOhC,MAAkB;AACvB,YAAMH,IAAMiB,EAAK,KAAK,CAAC4B,MAAMA,EAAE,OAAO1C,CAAK;AAC3C,UAAI,CAACH,GAAK;AACR,QAAA4B,EAAS,EAAE,MAAM,iBAAiB,SAAS,0BAA0B;AACrE;AAAA,MACF;AAEA,MAAAP,EAAarB,CAAG,GACZgB,KACFR,EAAYH,GAAgBF,CAAK,GAEnC,MAAM+B,EAAgB/B,CAAK;AAAA,IAC7B;AAAA,IACA,CAACc,GAAMiB,GAAiBlB,CAAU;AAAA,EAAA,GAI9B8B,IAAYX;AAAA,IAChB,OAAO/B,MAAkD;AACvD,MAAAuB,EAAa,EAAI,GACjBC,EAAS,IAAI;AAEb,UAAI;AACF,cAAMmB,IAAS,MAAMhB,EAAa,QAAQ,UAAU3B,CAAI;AAExD,qBAAMkC,EAAA,GACCS;AAAA,MACT,SAASL,GAAK;AACZ,cAAAd,EAASc,CAAgB,GACnBA;AAAA,MACR,UAAA;AACE,QAAAf,EAAa,EAAK;AAAA,MACpB;AAAA,IACF;AAAA,IACA,CAACW,CAAS;AAAA,EAAA,GAGNU,IAAYb;AAAA,IAChB,OAAOhC,GAAeC,MAAkD;AACtE,MAAAuB,EAAa,EAAI,GACjBC,EAAS,IAAI;AAEb,UAAI;AACF,cAAMqB,IAAa,MAAMlB,EAAa,QAAQ,UAAU5B,GAAOC,CAAI;AAEnE,qBAAMkC,EAAA,GACCW;AAAA,MACT,SAASP,GAAK;AACZ,cAAAd,EAASc,CAAgB,GACnBA;AAAA,MACR,UAAA;AACE,QAAAf,EAAa,EAAK;AAAA,MACpB;AAAA,IACF;AAAA,IACA,CAACW,CAAS;AAAA,EAAA,GAGNY,IAAYf;AAAA,IAChB,OAAOhC,MAAiC;AACtC,MAAAwB,EAAa,EAAI,GACjBC,EAAS,IAAI;AAEb,UAAI;AACF,cAAMG,EAAa,QAAQ,UAAU5B,CAAK,GAE1C,MAAMmC,EAAA;AAAA,MACR,SAASI,GAAK;AACZ,cAAAd,EAASc,CAAgB,GACnBA;AAAA,MACR,UAAA;AACE,QAAAf,EAAa,EAAK;AAAA,MACpB;AAAA,IACF;AAAA,IACA,CAACW,CAAS;AAAA,EAAA,GAGNa,IAAgBhB;AAAA,IACpB,CAACiB,MACQ9B,EAAY,SAAS8B,CAAU;AAAA,IAExC,CAAC9B,CAAW;AAAA,EAAA;AAGd,SAAO;AAAA,IACL,MAAAL;AAAA,IACA,WAAAG;AAAA,IACA,aAAAE;AAAA,IACA,MAAAE;AAAA,IACA,WAAAE;AAAA,IACA,OAAAzB;AAAA,IACA,WAAAqC;AAAA,IACA,WAAAM;AAAA,IACA,WAAAE;AAAA,IACA,WAAAE;AAAA,IACA,WAAAE;AAAA,IACA,eAAAC;AAAA,EAAA;AAEJ;"}

package/dist/useOrgs-CVbacmaQ.cjs

@@ -0,0 +1 @@
+"use strict";const s=require("react"),l=require("./apiClient-CTTKhsYb.cjs");class b{client;constructor(e,t,g,h){this.client=new l.ApiClient({baseUrl:e,timeoutMs:t,retryAttempts:g,getAccessToken:h})}async listOrgs(){try{return(await this.client.get("/orgs")).orgs.map(t=>({...t,membership:{orgId:t.id,role:t.role}}))}catch(e){throw l.handleApiError(e,"Failed to list organizations")}}async getOrg(e){try{return await this.client.get(`/orgs/${e}`)}catch(t){throw l.handleApiError(t,"Failed to get organization")}}async createOrg(e){try{return await this.client.post("/orgs",e)}catch(t){throw l.handleApiError(t,"Failed to create organization")}}async updateOrg(e,t){try{return await this.client.patch(`/orgs/${e}`,t)}catch(g){throw l.handleApiError(g,"Failed to update organization")}}async deleteOrg(e){try{await this.client.delete(`/orgs/${e}`)}catch(t){throw l.handleApiError(t,"Failed to delete organization")}}async authorize(e){try{return await this.client.post("/authorize",e)}catch(t){throw l.handleApiError(t,"Failed to check authorization")}}async getPermissions(e){try{return await this.client.post("/permissions",{orgId:e})}catch(t){throw l.handleApiError(t,"Failed to get permissions")}}}const S="cedros_active_org";function N(i){try{return localStorage.getItem(i)}catch{return null}}function z(i,e){try{localStorage.setItem(i,e)}catch{}}function U(){const{config:i,user:e,authState:t,_internal:g}=l.useCedrosLogin(),h=typeof window<"u"&&!!window.localStorage,[O,R]=s.useState([]),[F,f]=s.useState(null),[m,w]=s.useState([]),[v,y]=s.useState(null),[I,u]=s.useState(t==="authenticated"),[P,c]=s.useState(null),A=s.useMemo(()=>new b(i.serverUrl,i.requestTimeout,i.retryAttempts,g?.getAccessToken),[i.serverUrl,i.requestTimeout,i.retryAttempts,g]),d=s.useRef(A);s.useEffect(()=>{d.current=A},[A]);const p=s.useCallback(async r=>{try{const a=await d.current.getPermissions(r);w(a.permissions),y(a.role)}catch{w([]),y(null)}},[]),k=s.useRef(async()=>{}),o=s.useCallback(async()=>{if(t!=="authenticated"||!e){R([]),f(null),w([]),y(null);return}u(!0),c(null);try{const r=await d.current.listOrgs();R(r);const a=h?N(S):null;let n=r.find(E=>E.id===a);!n&&r.length>0&&(n=r.find(E=>E.isPersonal)||r[0]),n?(f(n),h&&z(S,n.id),await p(n.id)):(f(null),w([]),y(null))}catch(r){c(r)}finally{u(!1)}},[t,e,p,h]);s.useEffect(()=>{k.current=o},[o]);const C=s.useRef(!1);s.useEffect(()=>{t==="authenticated"&&!C.current?(C.current=!0,k.current()):t!=="authenticated"&&(C.current=!1)},[t]);const _=s.useCallback(async r=>{const a=O.find(n=>n.id===r);if(!a){c({code:"UNKNOWN_ERROR",message:"Organization not found"});return}f(a),h&&z(S,r),await p(r)},[O,p,h]),q=s.useCallback(async r=>{u(!0),c(null);try{const a=await d.current.createOrg(r);return await o(),a}catch(a){throw c(a),a}finally{u(!1)}},[o]),T=s.useCallback(async(r,a)=>{u(!0),c(null);try{const n=await d.current.updateOrg(r,a);return await o(),n}catch(n){throw c(n),n}finally{u(!1)}},[o]),$=s.useCallback(async r=>{u(!0),c(null);try{await d.current.deleteOrg(r),await o()}catch(a){throw c(a),a}finally{u(!1)}},[o]),L=s.useCallback(r=>m.includes(r),[m]);return{orgs:O,activeOrg:F,permissions:m,role:v,isLoading:I,error:P,fetchOrgs:o,switchOrg:_,createOrg:q,updateOrg:T,deleteOrg:$,hasPermission:L}}exports.OrgApiClient=b;exports.useOrgs=U;

package/dist/useOrgs-CVbacmaQ.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"useOrgs-CVbacmaQ.cjs","sources":["../src/utils/orgApi.ts","../src/hooks/useOrgs.ts"],"sourcesContent":["import type {\n  Organization,\n  OrgWithMembership,\n  CreateOrgRequest,\n  UpdateOrgRequest,\n  ListOrgsResponse,\n  AuthorizeRequest,\n  AuthorizeResponse,\n  PermissionsResponse,\n} from '../types';\nimport { ApiClient, handleApiError } from './apiClient';\n\n/**\n * API client for organization operations\n */\nexport class OrgApiClient {\n  private client: ApiClient;\n\n  constructor(\n    baseUrl: string,\n    timeoutMs?: number,\n    retryAttempts?: number,\n    getAccessToken?: () => string | null\n  ) {\n    this.client = new ApiClient({ baseUrl, timeoutMs, retryAttempts, getAccessToken });\n  }\n\n  /**\n   * List all organizations the current user belongs to\n   */\n  async listOrgs(): Promise<OrgWithMembership[]> {\n    try {\n      const response = await this.client.get<ListOrgsResponse>('/orgs');\n      return response.orgs.map((org) => ({\n        ...org,\n        membership: {\n          orgId: org.id,\n          role: org.role,\n        },\n      }));\n    } catch (error) {\n      throw handleApiError(error, 'Failed to list organizations');\n    }\n  }\n\n  /**\n   * Get a single organization by ID\n   */\n  async getOrg(orgId: string): Promise<Organization> {\n    try {\n      return await this.client.get<Organization>(`/orgs/${orgId}`);\n    } catch (error) {\n      throw handleApiError(error, 'Failed to get organization');\n    }\n  }\n\n  /**\n   * Create a new organization\n   */\n  async createOrg(data: CreateOrgRequest): Promise<Organization> {\n    try {\n      return await this.client.post<Organization>('/orgs', data);\n    } catch (error) {\n      throw handleApiError(error, 'Failed to create organization');\n    }\n  }\n\n  /**\n   * Update an organization\n   */\n  async updateOrg(orgId: string, data: UpdateOrgRequest): Promise<Organization> {\n    try {\n      return await this.client.patch<Organization>(`/orgs/${orgId}`, data);\n    } catch (error) {\n      throw handleApiError(error, 'Failed to update organization');\n    }\n  }\n\n  /**\n   * Delete an organization\n   */\n  async deleteOrg(orgId: string): Promise<void> {\n    try {\n      await this.client.delete<void>(`/orgs/${orgId}`);\n    } catch (error) {\n      throw handleApiError(error, 'Failed to delete organization');\n    }\n  }\n\n  /**\n   * Check authorization for an action\n   */\n  async authorize(data: AuthorizeRequest): Promise<AuthorizeResponse> {\n    try {\n      return await this.client.post<AuthorizeResponse>('/authorize', data);\n    } catch (error) {\n      throw handleApiError(error, 'Failed to check authorization');\n    }\n  }\n\n  /**\n   * Get current user's permissions in an organization\n   */\n  async getPermissions(orgId: string): Promise<PermissionsResponse> {\n    try {\n      return await this.client.post<PermissionsResponse>('/permissions', { orgId });\n    } catch (error) {\n      throw handleApiError(error, 'Failed to get permissions');\n    }\n  }\n}\n","import { useState, useCallback, useMemo, useRef, useEffect } from 'react';\nimport type {\n  OrgWithMembership,\n  Organization,\n  CreateOrgRequest,\n  UpdateOrgRequest,\n  Permission,\n  OrgRole,\n  AuthError,\n} from '../types';\nimport { useCedrosLogin } from '../context/useCedrosLogin';\nimport { OrgApiClient } from '../utils/orgApi';\n\nexport interface UseOrgsReturn {\n  /** All organizations the user belongs to */\n  orgs: OrgWithMembership[];\n  /** Currently active organization */\n  activeOrg: OrgWithMembership | null;\n  /** User's permissions in the active org */\n  permissions: Permission[];\n  /** User's role in the active org */\n  role: OrgRole | null;\n  /** Loading state */\n  isLoading: boolean;\n  /** Error state */\n  error: AuthError | null;\n  /** Fetch/refresh organizations list */\n  fetchOrgs: () => Promise<void>;\n  /** Switch to a different organization */\n  switchOrg: (orgId: string) => Promise<void>;\n  /** Create a new organization */\n  createOrg: (data: CreateOrgRequest) => Promise<Organization>;\n  /** Update an organization */\n  updateOrg: (orgId: string, data: UpdateOrgRequest) => Promise<Organization>;\n  /** Delete an organization */\n  deleteOrg: (orgId: string) => Promise<void>;\n  /** Check if user has a specific permission */\n  hasPermission: (permission: Permission) => boolean;\n}\n\nconst ACTIVE_ORG_KEY = 'cedros_active_org';\n\n// P-06: Safe localStorage helpers to handle private browsing and quota errors\nfunction safeGetItem(key: string): string | null {\n  try {\n    return localStorage.getItem(key);\n  } catch {\n    return null;\n  }\n}\n\nfunction safeSetItem(key: string, value: string): void {\n  try {\n    localStorage.setItem(key, value);\n  } catch {\n    // Ignore - private browsing or quota exceeded\n  }\n}\n\n/**\n * Hook for managing organizations, memberships, and permissions.\n *\n * @example\n * ```tsx\n * function OrgSelector() {\n *   const { orgs, activeOrg, switchOrg, hasPermission } = useOrgs();\n *\n *   return (\n *     <select\n *       value={activeOrg?.id}\n *       onChange={(e) => switchOrg(e.target.value)}\n *     >\n *       {orgs.map(org => (\n *         <option key={org.id} value={org.id}>{org.name}</option>\n *       ))}\n *     </select>\n *   );\n * }\n * ```\n */\nexport function useOrgs(): UseOrgsReturn {\n  const { config, user, authState, _internal } = useCedrosLogin();\n  const hasStorage = typeof window !== 'undefined' && !!window.localStorage;\n\n  const [orgs, setOrgs] = useState<OrgWithMembership[]>([]);\n  const [activeOrg, setActiveOrg] = useState<OrgWithMembership | null>(null);\n  const [permissions, setPermissions] = useState<Permission[]>([]);\n  const [role, setRole] = useState<OrgRole | null>(null);\n  const [isLoading, setIsLoading] = useState(authState === 'authenticated');\n  const [error, setError] = useState<AuthError | null>(null);\n\n  // M-03: Memoize API client and use ref to prevent callback dependency cascades\n  const apiClient = useMemo(\n    () =>\n      new OrgApiClient(\n        config.serverUrl,\n        config.requestTimeout,\n        config.retryAttempts,\n        _internal?.getAccessToken\n      ),\n    [config.serverUrl, config.requestTimeout, config.retryAttempts, _internal]\n  );\n\n  // M-03: Store apiClient in ref to stabilize callback dependencies\n  const apiClientRef = useRef(apiClient);\n  useEffect(() => {\n    apiClientRef.current = apiClient;\n  }, [apiClient]);\n\n  // M-03: Use ref in callback to break dependency chain\n  const loadPermissions = useCallback(async (orgId: string) => {\n    try {\n      const response = await apiClientRef.current.getPermissions(orgId);\n      setPermissions(response.permissions);\n      setRole(response.role);\n    } catch {\n      // Permissions loading failure is non-fatal, just clear them\n      setPermissions([]);\n      setRole(null);\n    }\n  }, []);\n\n  // Ref to latest fetchOrgs for stable auto-fetch effect\n  const fetchOrgsRef = useRef<() => Promise<void>>(async () => {});\n\n  // M-03: Use ref to break apiClient dependency chain\n  const fetchOrgs = useCallback(async () => {\n    if (authState !== 'authenticated' || !user) {\n      setOrgs([]);\n      setActiveOrg(null);\n      setPermissions([]);\n      setRole(null);\n      return;\n    }\n\n    setIsLoading(true);\n    setError(null);\n\n    try {\n      const fetchedOrgs = await apiClientRef.current.listOrgs();\n      setOrgs(fetchedOrgs);\n\n      // P-06: Restore active org from localStorage with safe access\n      const savedOrgId = hasStorage ? safeGetItem(ACTIVE_ORG_KEY) : null;\n      let selectedOrg = fetchedOrgs.find((org) => org.id === savedOrgId);\n\n      if (!selectedOrg && fetchedOrgs.length > 0) {\n        // Default to personal org or first org\n        selectedOrg = fetchedOrgs.find((org) => org.isPersonal) || fetchedOrgs[0];\n      }\n\n      if (selectedOrg) {\n        setActiveOrg(selectedOrg);\n        if (hasStorage) {\n          safeSetItem(ACTIVE_ORG_KEY, selectedOrg.id);\n        }\n        await loadPermissions(selectedOrg.id);\n      } else {\n        setActiveOrg(null);\n        setPermissions([]);\n        setRole(null);\n      }\n    } catch (err) {\n      setError(err as AuthError);\n    } finally {\n      setIsLoading(false);\n    }\n  }, [authState, user, loadPermissions, hasStorage]);\n\n  // Keep fetchOrgsRef current so auto-fetch always calls the latest version\n  useEffect(() => {\n    fetchOrgsRef.current = fetchOrgs;\n  }, [fetchOrgs]);\n\n  // Auto-fetch orgs when auth becomes ready.\n  // Uses only `authState` (a string) as dep — immune to object-identity churn\n  // from the AdminShell bridge recreating `user` objects.\n  const hasAutoFetched = useRef(false);\n  useEffect(() => {\n    if (authState === 'authenticated' && !hasAutoFetched.current) {\n      hasAutoFetched.current = true;\n      fetchOrgsRef.current();\n    } else if (authState !== 'authenticated') {\n      hasAutoFetched.current = false;\n    }\n  }, [authState]);\n\n  const switchOrg = useCallback(\n    async (orgId: string) => {\n      const org = orgs.find((o) => o.id === orgId);\n      if (!org) {\n        setError({ code: 'UNKNOWN_ERROR', message: 'Organization not found' });\n        return;\n      }\n\n      setActiveOrg(org);\n      if (hasStorage) {\n        safeSetItem(ACTIVE_ORG_KEY, orgId);\n      }\n      await loadPermissions(orgId);\n    },\n    [orgs, loadPermissions, hasStorage]\n  );\n\n  // M-03: Use ref to break apiClient dependency chain\n  const createOrg = useCallback(\n    async (data: CreateOrgRequest): Promise<Organization> => {\n      setIsLoading(true);\n      setError(null);\n\n      try {\n        const newOrg = await apiClientRef.current.createOrg(data);\n        // Refresh orgs list to include the new org with membership\n        await fetchOrgs();\n        return newOrg;\n      } catch (err) {\n        setError(err as AuthError);\n        throw err;\n      } finally {\n        setIsLoading(false);\n      }\n    },\n    [fetchOrgs]\n  );\n\n  const updateOrg = useCallback(\n    async (orgId: string, data: UpdateOrgRequest): Promise<Organization> => {\n      setIsLoading(true);\n      setError(null);\n\n      try {\n        const updatedOrg = await apiClientRef.current.updateOrg(orgId, data);\n        // Refresh orgs list to reflect changes\n        await fetchOrgs();\n        return updatedOrg;\n      } catch (err) {\n        setError(err as AuthError);\n        throw err;\n      } finally {\n        setIsLoading(false);\n      }\n    },\n    [fetchOrgs]\n  );\n\n  const deleteOrg = useCallback(\n    async (orgId: string): Promise<void> => {\n      setIsLoading(true);\n      setError(null);\n\n      try {\n        await apiClientRef.current.deleteOrg(orgId);\n        // Refresh orgs list\n        await fetchOrgs();\n      } catch (err) {\n        setError(err as AuthError);\n        throw err;\n      } finally {\n        setIsLoading(false);\n      }\n    },\n    [fetchOrgs]\n  );\n\n  const hasPermission = useCallback(\n    (permission: Permission): boolean => {\n      return permissions.includes(permission);\n    },\n    [permissions]\n  );\n\n  return {\n    orgs,\n    activeOrg,\n    permissions,\n    role,\n    isLoading,\n    error,\n    fetchOrgs,\n    switchOrg,\n    createOrg,\n    updateOrg,\n    deleteOrg,\n    hasPermission,\n  };\n}\n"],"names":["OrgApiClient","baseUrl","timeoutMs","retryAttempts","getAccessToken","ApiClient","org","error","handleApiError","orgId","data","ACTIVE_ORG_KEY","safeGetItem","key","safeSetItem","value","useOrgs","config","user","authState","_internal","useCedrosLogin","hasStorage","orgs","setOrgs","useState","activeOrg","setActiveOrg","permissions","setPermissions","role","setRole","isLoading","setIsLoading","setError","apiClient","useMemo","apiClientRef","useRef","useEffect","loadPermissions","useCallback","response","fetchOrgsRef","fetchOrgs","fetchedOrgs","savedOrgId","selectedOrg","err","hasAutoFetched","switchOrg","o","createOrg","newOrg","updateOrg","updatedOrg","deleteOrg","hasPermission","permission"],"mappings":"4EAeO,MAAMA,CAAa,CAChB,OAER,YACEC,EACAC,EACAC,EACAC,EACA,CACA,KAAK,OAAS,IAAIC,YAAU,CAAE,QAAAJ,EAAS,UAAAC,EAAW,cAAAC,EAAe,eAAAC,EAAgB,CACnF,CAKA,MAAM,UAAyC,CAC7C,GAAI,CAEF,OADiB,MAAM,KAAK,OAAO,IAAsB,OAAO,GAChD,KAAK,IAAKE,IAAS,CACjC,GAAGA,EACH,WAAY,CACV,MAAOA,EAAI,GACX,KAAMA,EAAI,IAAA,CACZ,EACA,CACJ,OAASC,EAAO,CACd,MAAMC,EAAAA,eAAeD,EAAO,8BAA8B,CAC5D,CACF,CAKA,MAAM,OAAOE,EAAsC,CACjD,GAAI,CACF,OAAO,MAAM,KAAK,OAAO,IAAkB,SAASA,CAAK,EAAE,CAC7D,OAASF,EAAO,CACd,MAAMC,EAAAA,eAAeD,EAAO,4BAA4B,CAC1D,CACF,CAKA,MAAM,UAAUG,EAA+C,CAC7D,GAAI,CACF,OAAO,MAAM,KAAK,OAAO,KAAmB,QAASA,CAAI,CAC3D,OAASH,EAAO,CACd,MAAMC,EAAAA,eAAeD,EAAO,+BAA+B,CAC7D,CACF,CAKA,MAAM,UAAUE,EAAeC,EAA+C,CAC5E,GAAI,CACF,OAAO,MAAM,KAAK,OAAO,MAAoB,SAASD,CAAK,GAAIC,CAAI,CACrE,OAASH,EAAO,CACd,MAAMC,EAAAA,eAAeD,EAAO,+BAA+B,CAC7D,CACF,CAKA,MAAM,UAAUE,EAA8B,CAC5C,GAAI,CACF,MAAM,KAAK,OAAO,OAAa,SAASA,CAAK,EAAE,CACjD,OAASF,EAAO,CACd,MAAMC,EAAAA,eAAeD,EAAO,+BAA+B,CAC7D,CACF,CAKA,MAAM,UAAUG,EAAoD,CAClE,GAAI,CACF,OAAO,MAAM,KAAK,OAAO,KAAwB,aAAcA,CAAI,CACrE,OAASH,EAAO,CACd,MAAMC,EAAAA,eAAeD,EAAO,+BAA+B,CAC7D,CACF,CAKA,MAAM,eAAeE,EAA6C,CAChE,GAAI,CACF,OAAO,MAAM,KAAK,OAAO,KAA0B,eAAgB,CAAE,MAAAA,EAAO,CAC9E,OAASF,EAAO,CACd,MAAMC,EAAAA,eAAeD,EAAO,2BAA2B,CACzD,CACF,CACF,CCtEA,MAAMI,EAAiB,oBAGvB,SAASC,EAAYC,EAA4B,CAC/C,GAAI,CACF,OAAO,aAAa,QAAQA,CAAG,CACjC,MAAQ,CACN,OAAO,IACT,CACF,CAEA,SAASC,EAAYD,EAAaE,EAAqB,CACrD,GAAI,CACF,aAAa,QAAQF,EAAKE,CAAK,CACjC,MAAQ,CAER,CACF,CAuBO,SAASC,GAAyB,CACvC,KAAM,CAAE,OAAAC,EAAQ,KAAAC,EAAM,UAAAC,EAAW,UAAAC,CAAA,EAAcC,EAAAA,eAAA,EACzCC,EAAa,OAAO,OAAW,KAAe,CAAC,CAAC,OAAO,aAEvD,CAACC,EAAMC,CAAO,EAAIC,EAAAA,SAA8B,CAAA,CAAE,EAClD,CAACC,EAAWC,CAAY,EAAIF,EAAAA,SAAmC,IAAI,EACnE,CAACG,EAAaC,CAAc,EAAIJ,EAAAA,SAAuB,CAAA,CAAE,EACzD,CAACK,EAAMC,CAAO,EAAIN,EAAAA,SAAyB,IAAI,EAC/C,CAACO,EAAWC,CAAY,EAAIR,EAAAA,SAASN,IAAc,eAAe,EAClE,CAACZ,EAAO2B,CAAQ,EAAIT,EAAAA,SAA2B,IAAI,EAGnDU,EAAYC,EAAAA,QAChB,IACE,IAAIpC,EACFiB,EAAO,UACPA,EAAO,eACPA,EAAO,cACPG,GAAW,cAAA,EAEf,CAACH,EAAO,UAAWA,EAAO,eAAgBA,EAAO,cAAeG,CAAS,CAAA,EAIrEiB,EAAeC,EAAAA,OAAOH,CAAS,EACrCI,EAAAA,UAAU,IAAM,CACdF,EAAa,QAAUF,CACzB,EAAG,CAACA,CAAS,CAAC,EAGd,MAAMK,EAAkBC,cAAY,MAAOhC,GAAkB,CAC3D,GAAI,CACF,MAAMiC,EAAW,MAAML,EAAa,QAAQ,eAAe5B,CAAK,EAChEoB,EAAea,EAAS,WAAW,EACnCX,EAAQW,EAAS,IAAI,CACvB,MAAQ,CAENb,EAAe,CAAA,CAAE,EACjBE,EAAQ,IAAI,CACd,CACF,EAAG,CAAA,CAAE,EAGCY,EAAeL,EAAAA,OAA4B,SAAY,CAAC,CAAC,EAGzDM,EAAYH,EAAAA,YAAY,SAAY,CACxC,GAAItB,IAAc,iBAAmB,CAACD,EAAM,CAC1CM,EAAQ,CAAA,CAAE,EACVG,EAAa,IAAI,EACjBE,EAAe,CAAA,CAAE,EACjBE,EAAQ,IAAI,EACZ,MACF,CAEAE,EAAa,EAAI,EACjBC,EAAS,IAAI,EAEb,GAAI,CACF,MAAMW,EAAc,MAAMR,EAAa,QAAQ,SAAA,EAC/Cb,EAAQqB,CAAW,EAGnB,MAAMC,EAAaxB,EAAaV,EAAYD,CAAc,EAAI,KAC9D,IAAIoC,EAAcF,EAAY,KAAMvC,GAAQA,EAAI,KAAOwC,CAAU,EAE7D,CAACC,GAAeF,EAAY,OAAS,IAEvCE,EAAcF,EAAY,KAAMvC,GAAQA,EAAI,UAAU,GAAKuC,EAAY,CAAC,GAGtEE,GACFpB,EAAaoB,CAAW,EACpBzB,GACFR,EAAYH,EAAgBoC,EAAY,EAAE,EAE5C,MAAMP,EAAgBO,EAAY,EAAE,IAEpCpB,EAAa,IAAI,EACjBE,EAAe,CAAA,CAAE,EACjBE,EAAQ,IAAI,EAEhB,OAASiB,EAAK,CACZd,EAASc,CAAgB,CAC3B,QAAA,CACEf,EAAa,EAAK,CACpB,CACF,EAAG,CAACd,EAAWD,EAAMsB,EAAiBlB,CAAU,CAAC,EAGjDiB,EAAAA,UAAU,IAAM,CACdI,EAAa,QAAUC,CACzB,EAAG,CAACA,CAAS,CAAC,EAKd,MAAMK,EAAiBX,EAAAA,OAAO,EAAK,EACnCC,EAAAA,UAAU,IAAM,CACVpB,IAAc,iBAAmB,CAAC8B,EAAe,SACnDA,EAAe,QAAU,GACzBN,EAAa,QAAA,GACJxB,IAAc,kBACvB8B,EAAe,QAAU,GAE7B,EAAG,CAAC9B,CAAS,CAAC,EAEd,MAAM+B,EAAYT,EAAAA,YAChB,MAAOhC,GAAkB,CACvB,MAAMH,EAAMiB,EAAK,KAAM4B,GAAMA,EAAE,KAAO1C,CAAK,EAC3C,GAAI,CAACH,EAAK,CACR4B,EAAS,CAAE,KAAM,gBAAiB,QAAS,yBAA0B,EACrE,MACF,CAEAP,EAAarB,CAAG,EACZgB,GACFR,EAAYH,EAAgBF,CAAK,EAEnC,MAAM+B,EAAgB/B,CAAK,CAC7B,EACA,CAACc,EAAMiB,EAAiBlB,CAAU,CAAA,EAI9B8B,EAAYX,EAAAA,YAChB,MAAO/B,GAAkD,CACvDuB,EAAa,EAAI,EACjBC,EAAS,IAAI,EAEb,GAAI,CACF,MAAMmB,EAAS,MAAMhB,EAAa,QAAQ,UAAU3B,CAAI,EAExD,aAAMkC,EAAA,EACCS,CACT,OAASL,EAAK,CACZ,MAAAd,EAASc,CAAgB,EACnBA,CACR,QAAA,CACEf,EAAa,EAAK,CACpB,CACF,EACA,CAACW,CAAS,CAAA,EAGNU,EAAYb,EAAAA,YAChB,MAAOhC,EAAeC,IAAkD,CACtEuB,EAAa,EAAI,EACjBC,EAAS,IAAI,EAEb,GAAI,CACF,MAAMqB,EAAa,MAAMlB,EAAa,QAAQ,UAAU5B,EAAOC,CAAI,EAEnE,aAAMkC,EAAA,EACCW,CACT,OAASP,EAAK,CACZ,MAAAd,EAASc,CAAgB,EACnBA,CACR,QAAA,CACEf,EAAa,EAAK,CACpB,CACF,EACA,CAACW,CAAS,CAAA,EAGNY,EAAYf,EAAAA,YAChB,MAAOhC,GAAiC,CACtCwB,EAAa,EAAI,EACjBC,EAAS,IAAI,EAEb,GAAI,CACF,MAAMG,EAAa,QAAQ,UAAU5B,CAAK,EAE1C,MAAMmC,EAAA,CACR,OAASI,EAAK,CACZ,MAAAd,EAASc,CAAgB,EACnBA,CACR,QAAA,CACEf,EAAa,EAAK,CACpB,CACF,EACA,CAACW,CAAS,CAAA,EAGNa,EAAgBhB,EAAAA,YACnBiB,GACQ9B,EAAY,SAAS8B,CAAU,EAExC,CAAC9B,CAAW,CAAA,EAGd,MAAO,CACL,KAAAL,EACA,UAAAG,EACA,YAAAE,EACA,KAAAE,EACA,UAAAE,EACA,MAAAzB,EACA,UAAAqC,EACA,UAAAM,EACA,UAAAE,EACA,UAAAE,EACA,UAAAE,EACA,cAAAC,CAAA,CAEJ"}

package/dist/useSystemSettings-D9Cr7ZTl.cjs

@@ -0,0 +1 @@
+"use strict";const e=require("react"),g=require("./apiClient-CTTKhsYb.cjs");class q{client;constructor(t,i,a,o){this.client=new g.ApiClient({baseUrl:t,timeoutMs:i,retryAttempts:a,getAccessToken:o})}async getSettings(){try{return await this.client.get("/admin/settings")}catch(t){throw g.handleApiError(t,"Failed to fetch system settings")}}async updateSettings(t){try{return await this.client.patch("/admin/settings",{settings:t})}catch(i){throw g.handleApiError(i,"Failed to update system settings")}}}function k(){const{config:s,authState:t,_internal:i}=g.useCedrosLogin(),[a,o]=e.useState({}),[p,h]=e.useState(!1),[w,y]=e.useState(!1),[m,u]=e.useState(null),l=e.useRef(0),S=e.useMemo(()=>new q(s.serverUrl,s.requestTimeout,s.retryAttempts,i?.getAccessToken),[s.serverUrl,s.requestTimeout,s.retryAttempts,i]),f=e.useRef(S);f.current=S;const d=e.useCallback(async()=>{if(t!=="authenticated"){o({});return}h(!0),u(null);const n=++l.current;try{const r=await f.current.getSettings();if(n!==l.current)return;o(r.settings)}catch(r){if(n!==l.current)return;u(r instanceof Error?r:new Error("Failed to fetch settings"))}finally{n===l.current&&h(!1)}},[t]),C=e.useCallback(async n=>{if(t!=="authenticated")throw new Error("Not authenticated");y(!0),u(null);try{await f.current.updateSettings(n),await d()}catch(r){const c=r instanceof Error?r:new Error("Failed to update settings");throw u(c),c}finally{y(!1)}},[t,d]),E=e.useCallback(n=>{for(const r of Object.values(a)){const c=r.find(A=>A.key===n);if(c)return c.value}},[a]);return{settings:a,isLoading:p,isUpdating:w,error:m,fetchSettings:d,updateSettings:C,getValue:E}}exports.useSystemSettings=k;

package/dist/useSystemSettings-D9Cr7ZTl.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"useSystemSettings-D9Cr7ZTl.cjs","sources":["../src/utils/systemSettingsApi.ts","../src/hooks/useSystemSettings.ts"],"sourcesContent":["import type {\n  ListSystemSettingsResponse,\n  UpdateSettingRequest,\n  UpdateSystemSettingsResponse,\n} from '../types';\nimport { ApiClient, handleApiError } from './apiClient';\n\n/**\n * API client for system settings operations (admin only)\n */\nexport class SystemSettingsApiClient {\n  private client: ApiClient;\n\n  constructor(\n    baseUrl: string,\n    timeoutMs?: number,\n    retryAttempts?: number,\n    getAccessToken?: () => string | null\n  ) {\n    this.client = new ApiClient({ baseUrl, timeoutMs, retryAttempts, getAccessToken });\n  }\n\n  /**\n   * Get all system settings grouped by category\n   * Requires system admin privileges\n   */\n  async getSettings(): Promise<ListSystemSettingsResponse> {\n    try {\n      return await this.client.get<ListSystemSettingsResponse>('/admin/settings');\n    } catch (error) {\n      throw handleApiError(error, 'Failed to fetch system settings');\n    }\n  }\n\n  /**\n   * Update one or more system settings\n   * Requires system admin privileges\n   */\n  async updateSettings(settings: UpdateSettingRequest[]): Promise<UpdateSystemSettingsResponse> {\n    try {\n      return await this.client.patch<UpdateSystemSettingsResponse>('/admin/settings', {\n        settings,\n      });\n    } catch (error) {\n      throw handleApiError(error, 'Failed to update system settings');\n    }\n  }\n}\n","import { useState, useCallback, useMemo, useRef } from 'react';\nimport type { SystemSetting, UpdateSettingRequest, UseSystemSettingsReturn } from '../types';\nimport { useCedrosLogin } from '../context/useCedrosLogin';\nimport { SystemSettingsApiClient } from '../utils/systemSettingsApi';\n\n/**\n * Hook for managing system settings (admin only).\n *\n * Provides CRUD operations for system-wide configuration settings\n * stored in the database. Only accessible to system administrators.\n *\n * @example\n * ```tsx\n * function SystemSettingsPanel() {\n *   const {\n *     settings,\n *     isLoading,\n *     error,\n *     fetchSettings,\n *     updateSettings,\n *     getValue,\n *   } = useSystemSettings();\n *\n *   useEffect(() => {\n *     fetchSettings();\n *   }, [fetchSettings]);\n *\n *   const handleSave = async () => {\n *     await updateSettings([\n *       { key: 'privacy_period_secs', value: '1209600' },\n *     ]);\n *   };\n *\n *   return (\n *     <div>\n *       {Object.entries(settings).map(([category, items]) => (\n *         <section key={category}>\n *           <h3>{category}</h3>\n *           {items.map(item => (\n *             <div key={item.key}>\n *               {item.key}: {item.value}\n *             </div>\n *           ))}\n *         </section>\n *       ))}\n *     </div>\n *   );\n * }\n * ```\n */\nexport function useSystemSettings(): UseSystemSettingsReturn {\n  const { config, authState, _internal } = useCedrosLogin();\n\n  const [settings, setSettings] = useState<Record<string, SystemSetting[]>>({});\n  const [isLoading, setIsLoading] = useState(false);\n  const [isUpdating, setIsUpdating] = useState(false);\n  const [error, setError] = useState<Error | null>(null);\n  const requestIdRef = useRef(0);\n\n  const apiClient = useMemo(\n    () =>\n      new SystemSettingsApiClient(\n        config.serverUrl,\n        config.requestTimeout,\n        config.retryAttempts,\n        _internal?.getAccessToken\n      ),\n    [config.serverUrl, config.requestTimeout, config.retryAttempts, _internal]\n  );\n\n  // Use ref to avoid apiClient in callback dependencies\n  const apiClientRef = useRef(apiClient);\n  apiClientRef.current = apiClient;\n\n  const fetchSettings = useCallback(async () => {\n    if (authState !== 'authenticated') {\n      setSettings({});\n      return;\n    }\n\n    setIsLoading(true);\n    setError(null);\n    const requestId = ++requestIdRef.current;\n\n    try {\n      const response = await apiClientRef.current.getSettings();\n      if (requestId !== requestIdRef.current) return;\n      setSettings(response.settings);\n    } catch (err) {\n      if (requestId !== requestIdRef.current) return;\n      setError(err instanceof Error ? err : new Error('Failed to fetch settings'));\n    } finally {\n      if (requestId === requestIdRef.current) {\n        setIsLoading(false);\n      }\n    }\n  }, [authState]);\n\n  const updateSettings = useCallback(\n    async (updates: UpdateSettingRequest[]): Promise<void> => {\n      if (authState !== 'authenticated') {\n        throw new Error('Not authenticated');\n      }\n\n      setIsUpdating(true);\n      setError(null);\n\n      try {\n        await apiClientRef.current.updateSettings(updates);\n        // Refresh settings after update\n        await fetchSettings();\n      } catch (err) {\n        const error = err instanceof Error ? err : new Error('Failed to update settings');\n        setError(error);\n        throw error;\n      } finally {\n        setIsUpdating(false);\n      }\n    },\n    [authState, fetchSettings]\n  );\n\n  const getValue = useCallback(\n    (key: string): string | undefined => {\n      for (const categorySettings of Object.values(settings)) {\n        const found = categorySettings.find((s) => s.key === key);\n        if (found) return found.value;\n      }\n      return undefined;\n    },\n    [settings]\n  );\n\n  return {\n    settings,\n    isLoading,\n    isUpdating,\n    error,\n    fetchSettings,\n    updateSettings,\n    getValue,\n  };\n}\n"],"names":["SystemSettingsApiClient","baseUrl","timeoutMs","retryAttempts","getAccessToken","ApiClient","error","handleApiError","settings","useSystemSettings","config","authState","_internal","useCedrosLogin","setSettings","useState","isLoading","setIsLoading","isUpdating","setIsUpdating","setError","requestIdRef","useRef","apiClient","useMemo","apiClientRef","fetchSettings","useCallback","requestId","response","err","updateSettings","updates","getValue","key","categorySettings","found","s"],"mappings":"4EAUO,MAAMA,CAAwB,CAC3B,OAER,YACEC,EACAC,EACAC,EACAC,EACA,CACA,KAAK,OAAS,IAAIC,YAAU,CAAE,QAAAJ,EAAS,UAAAC,EAAW,cAAAC,EAAe,eAAAC,EAAgB,CACnF,CAMA,MAAM,aAAmD,CACvD,GAAI,CACF,OAAO,MAAM,KAAK,OAAO,IAAgC,iBAAiB,CAC5E,OAASE,EAAO,CACd,MAAMC,EAAAA,eAAeD,EAAO,iCAAiC,CAC/D,CACF,CAMA,MAAM,eAAeE,EAAyE,CAC5F,GAAI,CACF,OAAO,MAAM,KAAK,OAAO,MAAoC,kBAAmB,CAC9E,SAAAA,CAAA,CACD,CACH,OAASF,EAAO,CACd,MAAMC,EAAAA,eAAeD,EAAO,kCAAkC,CAChE,CACF,CACF,CCGO,SAASG,GAA6C,CAC3D,KAAM,CAAE,OAAAC,EAAQ,UAAAC,EAAW,UAAAC,CAAA,EAAcC,EAAAA,eAAA,EAEnC,CAACL,EAAUM,CAAW,EAAIC,EAAAA,SAA0C,CAAA,CAAE,EACtE,CAACC,EAAWC,CAAY,EAAIF,EAAAA,SAAS,EAAK,EAC1C,CAACG,EAAYC,CAAa,EAAIJ,EAAAA,SAAS,EAAK,EAC5C,CAACT,EAAOc,CAAQ,EAAIL,EAAAA,SAAuB,IAAI,EAC/CM,EAAeC,EAAAA,OAAO,CAAC,EAEvBC,EAAYC,EAAAA,QAChB,IACE,IAAIxB,EACFU,EAAO,UACPA,EAAO,eACPA,EAAO,cACPE,GAAW,cAAA,EAEf,CAACF,EAAO,UAAWA,EAAO,eAAgBA,EAAO,cAAeE,CAAS,CAAA,EAIrEa,EAAeH,EAAAA,OAAOC,CAAS,EACrCE,EAAa,QAAUF,EAEvB,MAAMG,EAAgBC,EAAAA,YAAY,SAAY,CAC5C,GAAIhB,IAAc,gBAAiB,CACjCG,EAAY,CAAA,CAAE,EACd,MACF,CAEAG,EAAa,EAAI,EACjBG,EAAS,IAAI,EACb,MAAMQ,EAAY,EAAEP,EAAa,QAEjC,GAAI,CACF,MAAMQ,EAAW,MAAMJ,EAAa,QAAQ,YAAA,EAC5C,GAAIG,IAAcP,EAAa,QAAS,OACxCP,EAAYe,EAAS,QAAQ,CAC/B,OAASC,EAAK,CACZ,GAAIF,IAAcP,EAAa,QAAS,OACxCD,EAASU,aAAe,MAAQA,EAAM,IAAI,MAAM,0BAA0B,CAAC,CAC7E,QAAA,CACMF,IAAcP,EAAa,SAC7BJ,EAAa,EAAK,CAEtB,CACF,EAAG,CAACN,CAAS,CAAC,EAERoB,EAAiBJ,EAAAA,YACrB,MAAOK,GAAmD,CACxD,GAAIrB,IAAc,gBAChB,MAAM,IAAI,MAAM,mBAAmB,EAGrCQ,EAAc,EAAI,EAClBC,EAAS,IAAI,EAEb,GAAI,CACF,MAAMK,EAAa,QAAQ,eAAeO,CAAO,EAEjD,MAAMN,EAAA,CACR,OAASI,EAAK,CACZ,MAAMxB,EAAQwB,aAAe,MAAQA,EAAM,IAAI,MAAM,2BAA2B,EAChF,MAAAV,EAASd,CAAK,EACRA,CACR,QAAA,CACEa,EAAc,EAAK,CACrB,CACF,EACA,CAACR,EAAWe,CAAa,CAAA,EAGrBO,EAAWN,EAAAA,YACdO,GAAoC,CACnC,UAAWC,KAAoB,OAAO,OAAO3B,CAAQ,EAAG,CACtD,MAAM4B,EAAQD,EAAiB,KAAME,GAAMA,EAAE,MAAQH,CAAG,EACxD,GAAIE,SAAcA,EAAM,KAC1B,CAEF,EACA,CAAC5B,CAAQ,CAAA,EAGX,MAAO,CACL,SAAAA,EACA,UAAAQ,EACA,WAAAE,EACA,MAAAZ,EACA,cAAAoB,EACA,eAAAK,EACA,SAAAE,CAAA,CAEJ"}

package/dist/useSystemSettings-DN5YqfNq.js

@@ -0,0 +1,97 @@
+import { useState as l, useRef as m, useMemo as F, useCallback as d } from "react";
+import { A as I, h as w, u as U } from "./apiClient-B2JxVPlH.js";
+class k {
+  client;
+  constructor(t, s, i, o) {
+    this.client = new I({ baseUrl: t, timeoutMs: s, retryAttempts: i, getAccessToken: o });
+  }
+  /**
+   * Get all system settings grouped by category
+   * Requires system admin privileges
+   */
+  async getSettings() {
+    try {
+      return await this.client.get("/admin/settings");
+    } catch (t) {
+      throw w(t, "Failed to fetch system settings");
+    }
+  }
+  /**
+   * Update one or more system settings
+   * Requires system admin privileges
+   */
+  async updateSettings(t) {
+    try {
+      return await this.client.patch("/admin/settings", {
+        settings: t
+      });
+    } catch (s) {
+      throw w(s, "Failed to update system settings");
+    }
+  }
+}
+function T() {
+  const { config: r, authState: t, _internal: s } = U(), [i, o] = l({}), [S, h] = l(!1), [A, p] = l(!1), [E, c] = l(null), u = m(0), y = F(
+    () => new k(
+      r.serverUrl,
+      r.requestTimeout,
+      r.retryAttempts,
+      s?.getAccessToken
+    ),
+    [r.serverUrl, r.requestTimeout, r.retryAttempts, s]
+  ), g = m(y);
+  g.current = y;
+  const f = d(async () => {
+    if (t !== "authenticated") {
+      o({});
+      return;
+    }
+    h(!0), c(null);
+    const n = ++u.current;
+    try {
+      const e = await g.current.getSettings();
+      if (n !== u.current) return;
+      o(e.settings);
+    } catch (e) {
+      if (n !== u.current) return;
+      c(e instanceof Error ? e : new Error("Failed to fetch settings"));
+    } finally {
+      n === u.current && h(!1);
+    }
+  }, [t]), C = d(
+    async (n) => {
+      if (t !== "authenticated")
+        throw new Error("Not authenticated");
+      p(!0), c(null);
+      try {
+        await g.current.updateSettings(n), await f();
+      } catch (e) {
+        const a = e instanceof Error ? e : new Error("Failed to update settings");
+        throw c(a), a;
+      } finally {
+        p(!1);
+      }
+    },
+    [t, f]
+  ), v = d(
+    (n) => {
+      for (const e of Object.values(i)) {
+        const a = e.find((q) => q.key === n);
+        if (a) return a.value;
+      }
+    },
+    [i]
+  );
+  return {
+    settings: i,
+    isLoading: S,
+    isUpdating: A,
+    error: E,
+    fetchSettings: f,
+    updateSettings: C,
+    getValue: v
+  };
+}
+export {
+  T as u
+};

package/dist/useSystemSettings-DN5YqfNq.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useSystemSettings-DN5YqfNq.js","sources":["../src/utils/systemSettingsApi.ts","../src/hooks/useSystemSettings.ts"],"sourcesContent":["import type {\n  ListSystemSettingsResponse,\n  UpdateSettingRequest,\n  UpdateSystemSettingsResponse,\n} from '../types';\nimport { ApiClient, handleApiError } from './apiClient';\n\n/**\n * API client for system settings operations (admin only)\n */\nexport class SystemSettingsApiClient {\n  private client: ApiClient;\n\n  constructor(\n    baseUrl: string,\n    timeoutMs?: number,\n    retryAttempts?: number,\n    getAccessToken?: () => string | null\n  ) {\n    this.client = new ApiClient({ baseUrl, timeoutMs, retryAttempts, getAccessToken });\n  }\n\n  /**\n   * Get all system settings grouped by category\n   * Requires system admin privileges\n   */\n  async getSettings(): Promise<ListSystemSettingsResponse> {\n    try {\n      return await this.client.get<ListSystemSettingsResponse>('/admin/settings');\n    } catch (error) {\n      throw handleApiError(error, 'Failed to fetch system settings');\n    }\n  }\n\n  /**\n   * Update one or more system settings\n   * Requires system admin privileges\n   */\n  async updateSettings(settings: UpdateSettingRequest[]): Promise<UpdateSystemSettingsResponse> {\n    try {\n      return await this.client.patch<UpdateSystemSettingsResponse>('/admin/settings', {\n        settings,\n      });\n    } catch (error) {\n      throw handleApiError(error, 'Failed to update system settings');\n    }\n  }\n}\n","import { useState, useCallback, useMemo, useRef } from 'react';\nimport type { SystemSetting, UpdateSettingRequest, UseSystemSettingsReturn } from '../types';\nimport { useCedrosLogin } from '../context/useCedrosLogin';\nimport { SystemSettingsApiClient } from '../utils/systemSettingsApi';\n\n/**\n * Hook for managing system settings (admin only).\n *\n * Provides CRUD operations for system-wide configuration settings\n * stored in the database. Only accessible to system administrators.\n *\n * @example\n * ```tsx\n * function SystemSettingsPanel() {\n *   const {\n *     settings,\n *     isLoading,\n *     error,\n *     fetchSettings,\n *     updateSettings,\n *     getValue,\n *   } = useSystemSettings();\n *\n *   useEffect(() => {\n *     fetchSettings();\n *   }, [fetchSettings]);\n *\n *   const handleSave = async () => {\n *     await updateSettings([\n *       { key: 'privacy_period_secs', value: '1209600' },\n *     ]);\n *   };\n *\n *   return (\n *     <div>\n *       {Object.entries(settings).map(([category, items]) => (\n *         <section key={category}>\n *           <h3>{category}</h3>\n *           {items.map(item => (\n *             <div key={item.key}>\n *               {item.key}: {item.value}\n *             </div>\n *           ))}\n *         </section>\n *       ))}\n *     </div>\n *   );\n * }\n * ```\n */\nexport function useSystemSettings(): UseSystemSettingsReturn {\n  const { config, authState, _internal } = useCedrosLogin();\n\n  const [settings, setSettings] = useState<Record<string, SystemSetting[]>>({});\n  const [isLoading, setIsLoading] = useState(false);\n  const [isUpdating, setIsUpdating] = useState(false);\n  const [error, setError] = useState<Error | null>(null);\n  const requestIdRef = useRef(0);\n\n  const apiClient = useMemo(\n    () =>\n      new SystemSettingsApiClient(\n        config.serverUrl,\n        config.requestTimeout,\n        config.retryAttempts,\n        _internal?.getAccessToken\n      ),\n    [config.serverUrl, config.requestTimeout, config.retryAttempts, _internal]\n  );\n\n  // Use ref to avoid apiClient in callback dependencies\n  const apiClientRef = useRef(apiClient);\n  apiClientRef.current = apiClient;\n\n  const fetchSettings = useCallback(async () => {\n    if (authState !== 'authenticated') {\n      setSettings({});\n      return;\n    }\n\n    setIsLoading(true);\n    setError(null);\n    const requestId = ++requestIdRef.current;\n\n    try {\n      const response = await apiClientRef.current.getSettings();\n      if (requestId !== requestIdRef.current) return;\n      setSettings(response.settings);\n    } catch (err) {\n      if (requestId !== requestIdRef.current) return;\n      setError(err instanceof Error ? err : new Error('Failed to fetch settings'));\n    } finally {\n      if (requestId === requestIdRef.current) {\n        setIsLoading(false);\n      }\n    }\n  }, [authState]);\n\n  const updateSettings = useCallback(\n    async (updates: UpdateSettingRequest[]): Promise<void> => {\n      if (authState !== 'authenticated') {\n        throw new Error('Not authenticated');\n      }\n\n      setIsUpdating(true);\n      setError(null);\n\n      try {\n        await apiClientRef.current.updateSettings(updates);\n        // Refresh settings after update\n        await fetchSettings();\n      } catch (err) {\n        const error = err instanceof Error ? err : new Error('Failed to update settings');\n        setError(error);\n        throw error;\n      } finally {\n        setIsUpdating(false);\n      }\n    },\n    [authState, fetchSettings]\n  );\n\n  const getValue = useCallback(\n    (key: string): string | undefined => {\n      for (const categorySettings of Object.values(settings)) {\n        const found = categorySettings.find((s) => s.key === key);\n        if (found) return found.value;\n      }\n      return undefined;\n    },\n    [settings]\n  );\n\n  return {\n    settings,\n    isLoading,\n    isUpdating,\n    error,\n    fetchSettings,\n    updateSettings,\n    getValue,\n  };\n}\n"],"names":["SystemSettingsApiClient","baseUrl","timeoutMs","retryAttempts","getAccessToken","ApiClient","error","handleApiError","settings","useSystemSettings","config","authState","_internal","useCedrosLogin","setSettings","useState","isLoading","setIsLoading","isUpdating","setIsUpdating","setError","requestIdRef","useRef","apiClient","useMemo","apiClientRef","fetchSettings","useCallback","requestId","response","err","updateSettings","updates","getValue","key","categorySettings","found","s"],"mappings":";;AAUO,MAAMA,EAAwB;AAAA,EAC3B;AAAA,EAER,YACEC,GACAC,GACAC,GACAC,GACA;AACA,SAAK,SAAS,IAAIC,EAAU,EAAE,SAAAJ,GAAS,WAAAC,GAAW,eAAAC,GAAe,gBAAAC,GAAgB;AAAA,EACnF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,cAAmD;AACvD,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,IAAgC,iBAAiB;AAAA,IAC5E,SAASE,GAAO;AACd,YAAMC,EAAeD,GAAO,iCAAiC;AAAA,IAC/D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAAeE,GAAyE;AAC5F,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,MAAoC,mBAAmB;AAAA,QAC9E,UAAAA;AAAA,MAAA,CACD;AAAA,IACH,SAASF,GAAO;AACd,YAAMC,EAAeD,GAAO,kCAAkC;AAAA,IAChE;AAAA,EACF;AACF;ACGO,SAASG,IAA6C;AAC3D,QAAM,EAAE,QAAAC,GAAQ,WAAAC,GAAW,WAAAC,EAAA,IAAcC,EAAA,GAEnC,CAACL,GAAUM,CAAW,IAAIC,EAA0C,CAAA,CAAE,GACtE,CAACC,GAAWC,CAAY,IAAIF,EAAS,EAAK,GAC1C,CAACG,GAAYC,CAAa,IAAIJ,EAAS,EAAK,GAC5C,CAACT,GAAOc,CAAQ,IAAIL,EAAuB,IAAI,GAC/CM,IAAeC,EAAO,CAAC,GAEvBC,IAAYC;AAAA,IAChB,MACE,IAAIxB;AAAA,MACFU,EAAO;AAAA,MACPA,EAAO;AAAA,MACPA,EAAO;AAAA,MACPE,GAAW;AAAA,IAAA;AAAA,IAEf,CAACF,EAAO,WAAWA,EAAO,gBAAgBA,EAAO,eAAeE,CAAS;AAAA,EAAA,GAIrEa,IAAeH,EAAOC,CAAS;AACrC,EAAAE,EAAa,UAAUF;AAEvB,QAAMG,IAAgBC,EAAY,YAAY;AAC5C,QAAIhB,MAAc,iBAAiB;AACjC,MAAAG,EAAY,CAAA,CAAE;AACd;AAAA,IACF;AAEA,IAAAG,EAAa,EAAI,GACjBG,EAAS,IAAI;AACb,UAAMQ,IAAY,EAAEP,EAAa;AAEjC,QAAI;AACF,YAAMQ,IAAW,MAAMJ,EAAa,QAAQ,YAAA;AAC5C,UAAIG,MAAcP,EAAa,QAAS;AACxC,MAAAP,EAAYe,EAAS,QAAQ;AAAA,IAC/B,SAASC,GAAK;AACZ,UAAIF,MAAcP,EAAa,QAAS;AACxC,MAAAD,EAASU,aAAe,QAAQA,IAAM,IAAI,MAAM,0BAA0B,CAAC;AAAA,IAC7E,UAAA;AACE,MAAIF,MAAcP,EAAa,WAC7BJ,EAAa,EAAK;AAAA,IAEtB;AAAA,EACF,GAAG,CAACN,CAAS,CAAC,GAERoB,IAAiBJ;AAAA,IACrB,OAAOK,MAAmD;AACxD,UAAIrB,MAAc;AAChB,cAAM,IAAI,MAAM,mBAAmB;AAGrC,MAAAQ,EAAc,EAAI,GAClBC,EAAS,IAAI;AAEb,UAAI;AACF,cAAMK,EAAa,QAAQ,eAAeO,CAAO,GAEjD,MAAMN,EAAA;AAAA,MACR,SAASI,GAAK;AACZ,cAAMxB,IAAQwB,aAAe,QAAQA,IAAM,IAAI,MAAM,2BAA2B;AAChF,cAAAV,EAASd,CAAK,GACRA;AAAAA,MACR,UAAA;AACE,QAAAa,EAAc,EAAK;AAAA,MACrB;AAAA,IACF;AAAA,IACA,CAACR,GAAWe,CAAa;AAAA,EAAA,GAGrBO,IAAWN;AAAA,IACf,CAACO,MAAoC;AACnC,iBAAWC,KAAoB,OAAO,OAAO3B,CAAQ,GAAG;AACtD,cAAM4B,IAAQD,EAAiB,KAAK,CAACE,MAAMA,EAAE,QAAQH,CAAG;AACxD,YAAIE,UAAcA,EAAM;AAAA,MAC1B;AAAA,IAEF;AAAA,IACA,CAAC5B,CAAQ;AAAA,EAAA;AAGX,SAAO;AAAA,IACL,UAAAA;AAAA,IACA,WAAAQ;AAAA,IACA,YAAAE;AAAA,IACA,OAAAZ;AAAA,IACA,eAAAoB;AAAA,IACA,gBAAAK;AAAA,IACA,UAAAE;AAAA,EAAA;AAEJ;"}

package/dist/{validation-BebL7hMF.js → validation-B8kMV3BL.js}

@@ -43,7 +43,7 @@ function g(e) {
     if (i.startsWith("-") || i.endsWith("-"))
       return !1;
   const a = t.split(".").pop();
-  return !(!a || a.length < 2 || !/^[a-zA-Z]+$/.test(a) || o.has(a.toLowerCase()) || !/^[a-zA-Z0-9.-]+$/.test(t) || !/^[a-zA-Z0-9._\-+!]+$/.test(n));
+  return !(!a || a.length < 2 || !/^[a-zA-Z]+$/.test(a) || o.has(a.toLowerCase()) || !/^[a-zA-Z0-9.-]+$/.test(t) || /[\x00-\x1f\x7f"(),;:<>[\]\\]/.test(n));
 }
 const u = /^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/;
 function A(e) {

package/dist/{validation-BebL7hMF.js.map → validation-B8kMV3BL.js.map}

@@ -1 +1 @@
-{"version":3,"file":"validation-BebL7hMF.js","sources":["../src/utils/validation.ts"],"sourcesContent":["import type { PasswordValidation } from '../types';\n\n/**\n * Allowed special characters for password validation (F-07)\n *\n * This explicit list prevents spaces, tabs, and non-printable characters\n * from counting as \"special\" (H-06 fix). Characters included:\n * - Punctuation: ! @ # $ % ^ & * ( ) _ + - = [ ] { } | ; ' : \" , . / < > ? ` ~\n * - Escape character: backslash\n */\nconst SPECIAL_CHARS_PATTERN = /[!@#$%^&*()_+\\-=[\\]{}|;':\",./<>?`~\\\\]/;\n\n/**\n * Password validation rules:\n * - Minimum 10 characters\n * - At least 1 uppercase letter (A-Z)\n * - At least 1 lowercase letter (a-z)\n * - At least 1 number (0-9)\n * - At least 1 special character (@$!%*?&#^())\n *\n * Note: All checks are performed regardless of early failures to prevent\n * timing attacks that could reveal which requirements are met.\n */\nexport function validatePassword(password: string): PasswordValidation {\n  const errors: PasswordValidation['errors'] = {};\n\n  // Perform ALL checks first (constant-time approach to prevent timing attacks)\n  const hasLength = password.length >= 10;\n  const hasUppercase = /[A-Z]/.test(password);\n  const hasLowercase = /[a-z]/.test(password);\n  const hasNumber = /\\d/.test(password);\n  // H-06: Use explicit special character list (see SPECIAL_CHARS_PATTERN)\n  const hasSpecial = SPECIAL_CHARS_PATTERN.test(password);\n\n  // Count criteria met\n  let criteriaMetCount = 0;\n\n  // Then assign errors based on results\n  if (hasLength) {\n    criteriaMetCount++;\n  } else {\n    errors.length = 'At least 10 characters';\n  }\n\n  if (hasUppercase) {\n    criteriaMetCount++;\n  } else {\n    errors.uppercase = 'At least 1 uppercase letter';\n  }\n\n  if (hasLowercase) {\n    criteriaMetCount++;\n  } else {\n    errors.lowercase = 'At least 1 lowercase letter';\n  }\n\n  if (hasNumber) {\n    criteriaMetCount++;\n  } else {\n    errors.number = 'At least 1 number';\n  }\n\n  if (hasSpecial) {\n    criteriaMetCount++;\n  } else {\n    errors.special = 'At least 1 special character (@$!%*?&#^())';\n  }\n\n  // Calculate strength\n  let strength: PasswordValidation['strength'];\n  if (criteriaMetCount <= 2) {\n    strength = 'weak';\n  } else if (criteriaMetCount === 3) {\n    strength = 'fair';\n  } else if (criteriaMetCount === 4) {\n    strength = 'good';\n  } else {\n    strength = 'strong';\n  }\n\n  return {\n    isValid: Object.keys(errors).length === 0,\n    errors,\n    strength,\n  };\n}\n\nconst TYPO_TLDS = new Set([\n  'con',\n  'cmo',\n  'ocm',\n  'cm',\n  'vom',\n  'xom',\n  'cpm',\n  'clm',\n  'ney',\n  'met',\n  'bet',\n  'nrt',\n  'ogr',\n  'rog',\n  'prg',\n  'irg',\n  'edi',\n  'rdu',\n]);\n\n/**\n * Validate email format with robust validation.\n *\n * Validates:\n * - Proper format with @ symbol\n * - Valid characters in local and domain parts\n * - Domain must have at least one dot (TLD required)\n * - Maximum length per RFC 5321\n *\n * UI-13: Note on case normalization - This function validates format only,\n * it does NOT normalize case. Per RFC 5321, local-part is technically\n * case-sensitive (though most providers ignore case). Callers should\n * normalize emails (e.g., toLowerCase) before API calls and storage.\n *\n * @param email - The email address to validate\n * @returns true if the email format is valid\n */\nexport function validateEmail(email: string): boolean {\n  // Check basic constraints\n  if (!email || typeof email !== 'string') {\n    return false;\n  }\n\n  if (email.length > 254) {\n    return false;\n  }\n\n  if (email.includes(' ')) {\n    return false;\n  }\n\n  const parts = email.split('@');\n  if (parts.length !== 2) {\n    return false;\n  }\n\n  const [local, domain] = parts;\n  if (!local || local.length > 64) {\n    return false;\n  }\n\n  if (local.startsWith('.') || local.endsWith('.')) {\n    return false;\n  }\n\n  if (!domain || domain.length > 253) {\n    return false;\n  }\n\n  if (!domain.includes('.')) {\n    return false;\n  }\n\n  if (\n    domain.startsWith('.') ||\n    domain.endsWith('.') ||\n    domain.startsWith('-') ||\n    domain.endsWith('-')\n  ) {\n    return false;\n  }\n\n  for (const label of domain.split('.')) {\n    if (label.startsWith('-') || label.endsWith('-')) {\n      return false;\n    }\n  }\n\n  const tld = domain.split('.').pop();\n  if (!tld || tld.length < 2) {\n    return false;\n  }\n\n  if (!/^[a-zA-Z]+$/.test(tld)) {\n    return false;\n  }\n\n  if (TYPO_TLDS.has(tld.toLowerCase())) {\n    return false;\n  }\n\n  if (!/^[a-zA-Z0-9.-]+$/.test(domain)) {\n    return false;\n  }\n\n  if (!/^[a-zA-Z0-9._\\-+!]+$/.test(local)) {\n    return false;\n  }\n\n  return true;\n}\n\n/**\n * Valid Base58 characters (excludes 0, O, I, l to avoid ambiguity)\n */\nconst BASE58_ALPHABET = /^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/;\n\n/**\n * Validate Solana public key format.\n *\n * A valid Solana public key:\n * - Is 43-44 characters long (base58 encoding of 32 bytes)\n * - Contains only valid base58 characters\n *\n * @param publicKey - The public key string to validate\n * @returns true if the public key format is valid\n *\n * @example\n * ```ts\n * validateSolanaPublicKey('DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263') // true\n * validateSolanaPublicKey('invalid') // false\n * ```\n */\nexport function validateSolanaPublicKey(publicKey: string): boolean {\n  // Check length (base58 encoding of 32 bytes is 43-44 chars)\n  if (publicKey.length < 43 || publicKey.length > 44) {\n    return false;\n  }\n\n  // Check for valid base58 characters only\n  return BASE58_ALPHABET.test(publicKey);\n}\n"],"names":["SPECIAL_CHARS_PATTERN","validatePassword","password","errors","hasLength","hasUppercase","hasLowercase","hasNumber","hasSpecial","criteriaMetCount","strength","TYPO_TLDS","validateEmail","email","parts","local","domain","label","tld","BASE58_ALPHABET","validateSolanaPublicKey","publicKey"],"mappings":"AAUA,MAAMA,IAAwB;AAavB,SAASC,EAAiBC,GAAsC;AACrE,QAAMC,IAAuC,CAAA,GAGvCC,IAAYF,EAAS,UAAU,IAC/BG,IAAe,QAAQ,KAAKH,CAAQ,GACpCI,IAAe,QAAQ,KAAKJ,CAAQ,GACpCK,IAAY,KAAK,KAAKL,CAAQ,GAE9BM,IAAaR,EAAsB,KAAKE,CAAQ;AAGtD,MAAIO,IAAmB;AAGvB,EAAIL,IACFK,MAEAN,EAAO,SAAS,0BAGdE,IACFI,MAEAN,EAAO,YAAY,+BAGjBG,IACFG,MAEAN,EAAO,YAAY,+BAGjBI,IACFE,MAEAN,EAAO,SAAS,qBAGdK,IACFC,MAEAN,EAAO,UAAU;AAInB,MAAIO;AACJ,SAAID,KAAoB,IACtBC,IAAW,SACFD,MAAqB,IAC9BC,IAAW,SACFD,MAAqB,IAC9BC,IAAW,SAEXA,IAAW,UAGN;AAAA,IACL,SAAS,OAAO,KAAKP,CAAM,EAAE,WAAW;AAAA,IACxC,QAAAA;AAAA,IACA,UAAAO;AAAA,EAAA;AAEJ;AAEA,MAAMC,wBAAgB,IAAI;AAAA,EACxB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAmBM,SAASC,EAAcC,GAAwB;AAUpD,MARI,CAACA,KAAS,OAAOA,KAAU,YAI3BA,EAAM,SAAS,OAIfA,EAAM,SAAS,GAAG;AACpB,WAAO;AAGT,QAAMC,IAAQD,EAAM,MAAM,GAAG;AAC7B,MAAIC,EAAM,WAAW;AACnB,WAAO;AAGT,QAAM,CAACC,GAAOC,CAAM,IAAIF;AAiBxB,MAhBI,CAACC,KAASA,EAAM,SAAS,MAIzBA,EAAM,WAAW,GAAG,KAAKA,EAAM,SAAS,GAAG,KAI3C,CAACC,KAAUA,EAAO,SAAS,OAI3B,CAACA,EAAO,SAAS,GAAG,KAKtBA,EAAO,WAAW,GAAG,KACrBA,EAAO,SAAS,GAAG,KACnBA,EAAO,WAAW,GAAG,KACrBA,EAAO,SAAS,GAAG;AAEnB,WAAO;AAGT,aAAWC,KAASD,EAAO,MAAM,GAAG;AAClC,QAAIC,EAAM,WAAW,GAAG,KAAKA,EAAM,SAAS,GAAG;AAC7C,aAAO;AAIX,QAAMC,IAAMF,EAAO,MAAM,GAAG,EAAE,IAAA;AAiB9B,SAhBI,GAACE,KAAOA,EAAI,SAAS,KAIrB,CAAC,cAAc,KAAKA,CAAG,KAIvBP,EAAU,IAAIO,EAAI,YAAA,CAAa,KAI/B,CAAC,mBAAmB,KAAKF,CAAM,KAI/B,CAAC,uBAAuB,KAAKD,CAAK;AAKxC;AAKA,MAAMI,IAAkB;AAkBjB,SAASC,EAAwBC,GAA4B;AAElE,SAAIA,EAAU,SAAS,MAAMA,EAAU,SAAS,KACvC,KAIFF,EAAgB,KAAKE,CAAS;AACvC;"}
+{"version":3,"file":"validation-B8kMV3BL.js","sources":["../src/utils/validation.ts"],"sourcesContent":["import type { PasswordValidation } from '../types';\n\n/**\n * Allowed special characters for password validation (F-07)\n *\n * This explicit list prevents spaces, tabs, and non-printable characters\n * from counting as \"special\" (H-06 fix). Characters included:\n * - Punctuation: ! @ # $ % ^ & * ( ) _ + - = [ ] { } | ; ' : \" , . / < > ? ` ~\n * - Escape character: backslash\n */\nconst SPECIAL_CHARS_PATTERN = /[!@#$%^&*()_+\\-=[\\]{}|;':\",./<>?`~\\\\]/;\n\n/**\n * Password validation rules:\n * - Minimum 10 characters\n * - At least 1 uppercase letter (A-Z)\n * - At least 1 lowercase letter (a-z)\n * - At least 1 number (0-9)\n * - At least 1 special character (@$!%*?&#^())\n *\n * Note: All checks are performed regardless of early failures to prevent\n * timing attacks that could reveal which requirements are met.\n */\nexport function validatePassword(password: string): PasswordValidation {\n  const errors: PasswordValidation['errors'] = {};\n\n  // Perform ALL checks first (constant-time approach to prevent timing attacks)\n  const hasLength = password.length >= 10;\n  const hasUppercase = /[A-Z]/.test(password);\n  const hasLowercase = /[a-z]/.test(password);\n  const hasNumber = /\\d/.test(password);\n  // H-06: Use explicit special character list (see SPECIAL_CHARS_PATTERN)\n  const hasSpecial = SPECIAL_CHARS_PATTERN.test(password);\n\n  // Count criteria met\n  let criteriaMetCount = 0;\n\n  // Then assign errors based on results\n  if (hasLength) {\n    criteriaMetCount++;\n  } else {\n    errors.length = 'At least 10 characters';\n  }\n\n  if (hasUppercase) {\n    criteriaMetCount++;\n  } else {\n    errors.uppercase = 'At least 1 uppercase letter';\n  }\n\n  if (hasLowercase) {\n    criteriaMetCount++;\n  } else {\n    errors.lowercase = 'At least 1 lowercase letter';\n  }\n\n  if (hasNumber) {\n    criteriaMetCount++;\n  } else {\n    errors.number = 'At least 1 number';\n  }\n\n  if (hasSpecial) {\n    criteriaMetCount++;\n  } else {\n    errors.special = 'At least 1 special character (@$!%*?&#^())';\n  }\n\n  // Calculate strength\n  let strength: PasswordValidation['strength'];\n  if (criteriaMetCount <= 2) {\n    strength = 'weak';\n  } else if (criteriaMetCount === 3) {\n    strength = 'fair';\n  } else if (criteriaMetCount === 4) {\n    strength = 'good';\n  } else {\n    strength = 'strong';\n  }\n\n  return {\n    isValid: Object.keys(errors).length === 0,\n    errors,\n    strength,\n  };\n}\n\nconst TYPO_TLDS = new Set([\n  'con',\n  'cmo',\n  'ocm',\n  'cm',\n  'vom',\n  'xom',\n  'cpm',\n  'clm',\n  'ney',\n  'met',\n  'bet',\n  'nrt',\n  'ogr',\n  'rog',\n  'prg',\n  'irg',\n  'edi',\n  'rdu',\n]);\n\n/**\n * Validate email format with robust validation.\n *\n * Validates:\n * - Proper format with @ symbol\n * - Valid characters in local and domain parts\n * - Domain must have at least one dot (TLD required)\n * - Maximum length per RFC 5321\n *\n * UI-13: Note on case normalization - This function validates format only,\n * it does NOT normalize case. Per RFC 5321, local-part is technically\n * case-sensitive (though most providers ignore case). Callers should\n * normalize emails (e.g., toLowerCase) before API calls and storage.\n *\n * @param email - The email address to validate\n * @returns true if the email format is valid\n */\nexport function validateEmail(email: string): boolean {\n  // Check basic constraints\n  if (!email || typeof email !== 'string') {\n    return false;\n  }\n\n  if (email.length > 254) {\n    return false;\n  }\n\n  if (email.includes(' ')) {\n    return false;\n  }\n\n  const parts = email.split('@');\n  if (parts.length !== 2) {\n    return false;\n  }\n\n  const [local, domain] = parts;\n  if (!local || local.length > 64) {\n    return false;\n  }\n\n  if (local.startsWith('.') || local.endsWith('.')) {\n    return false;\n  }\n\n  if (!domain || domain.length > 253) {\n    return false;\n  }\n\n  if (!domain.includes('.')) {\n    return false;\n  }\n\n  if (\n    domain.startsWith('.') ||\n    domain.endsWith('.') ||\n    domain.startsWith('-') ||\n    domain.endsWith('-')\n  ) {\n    return false;\n  }\n\n  for (const label of domain.split('.')) {\n    if (label.startsWith('-') || label.endsWith('-')) {\n      return false;\n    }\n  }\n\n  const tld = domain.split('.').pop();\n  if (!tld || tld.length < 2) {\n    return false;\n  }\n\n  if (!/^[a-zA-Z]+$/.test(tld)) {\n    return false;\n  }\n\n  if (TYPO_TLDS.has(tld.toLowerCase())) {\n    return false;\n  }\n\n  if (!/^[a-zA-Z0-9.-]+$/.test(domain)) {\n    return false;\n  }\n\n  // UI-12: Allow Unicode (non-ASCII) characters in local-part for internationalized emails.\n  // Reject structural delimiters and DEL character that are invalid in unquoted local-parts.\n  // eslint-disable-next-line no-control-regex\n  if (/[\\x00-\\x1f\\x7f\"(),;:<>[\\]\\\\]/.test(local)) {\n    return false;\n  }\n\n  return true;\n}\n\n/**\n * Valid Base58 characters (excludes 0, O, I, l to avoid ambiguity)\n */\nconst BASE58_ALPHABET = /^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/;\n\n/**\n * Validate Solana public key format.\n *\n * A valid Solana public key:\n * - Is 43-44 characters long (base58 encoding of 32 bytes)\n * - Contains only valid base58 characters\n *\n * @param publicKey - The public key string to validate\n * @returns true if the public key format is valid\n *\n * @example\n * ```ts\n * validateSolanaPublicKey('DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263') // true\n * validateSolanaPublicKey('invalid') // false\n * ```\n */\nexport function validateSolanaPublicKey(publicKey: string): boolean {\n  // Check length (base58 encoding of 32 bytes is 43-44 chars)\n  if (publicKey.length < 43 || publicKey.length > 44) {\n    return false;\n  }\n\n  // Check for valid base58 characters only\n  return BASE58_ALPHABET.test(publicKey);\n}\n"],"names":["SPECIAL_CHARS_PATTERN","validatePassword","password","errors","hasLength","hasUppercase","hasLowercase","hasNumber","hasSpecial","criteriaMetCount","strength","TYPO_TLDS","validateEmail","email","parts","local","domain","label","tld","BASE58_ALPHABET","validateSolanaPublicKey","publicKey"],"mappings":"AAUA,MAAMA,IAAwB;AAavB,SAASC,EAAiBC,GAAsC;AACrE,QAAMC,IAAuC,CAAA,GAGvCC,IAAYF,EAAS,UAAU,IAC/BG,IAAe,QAAQ,KAAKH,CAAQ,GACpCI,IAAe,QAAQ,KAAKJ,CAAQ,GACpCK,IAAY,KAAK,KAAKL,CAAQ,GAE9BM,IAAaR,EAAsB,KAAKE,CAAQ;AAGtD,MAAIO,IAAmB;AAGvB,EAAIL,IACFK,MAEAN,EAAO,SAAS,0BAGdE,IACFI,MAEAN,EAAO,YAAY,+BAGjBG,IACFG,MAEAN,EAAO,YAAY,+BAGjBI,IACFE,MAEAN,EAAO,SAAS,qBAGdK,IACFC,MAEAN,EAAO,UAAU;AAInB,MAAIO;AACJ,SAAID,KAAoB,IACtBC,IAAW,SACFD,MAAqB,IAC9BC,IAAW,SACFD,MAAqB,IAC9BC,IAAW,SAEXA,IAAW,UAGN;AAAA,IACL,SAAS,OAAO,KAAKP,CAAM,EAAE,WAAW;AAAA,IACxC,QAAAA;AAAA,IACA,UAAAO;AAAA,EAAA;AAEJ;AAEA,MAAMC,wBAAgB,IAAI;AAAA,EACxB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAmBM,SAASC,EAAcC,GAAwB;AAUpD,MARI,CAACA,KAAS,OAAOA,KAAU,YAI3BA,EAAM,SAAS,OAIfA,EAAM,SAAS,GAAG;AACpB,WAAO;AAGT,QAAMC,IAAQD,EAAM,MAAM,GAAG;AAC7B,MAAIC,EAAM,WAAW;AACnB,WAAO;AAGT,QAAM,CAACC,GAAOC,CAAM,IAAIF;AAiBxB,MAhBI,CAACC,KAASA,EAAM,SAAS,MAIzBA,EAAM,WAAW,GAAG,KAAKA,EAAM,SAAS,GAAG,KAI3C,CAACC,KAAUA,EAAO,SAAS,OAI3B,CAACA,EAAO,SAAS,GAAG,KAKtBA,EAAO,WAAW,GAAG,KACrBA,EAAO,SAAS,GAAG,KACnBA,EAAO,WAAW,GAAG,KACrBA,EAAO,SAAS,GAAG;AAEnB,WAAO;AAGT,aAAWC,KAASD,EAAO,MAAM,GAAG;AAClC,QAAIC,EAAM,WAAW,GAAG,KAAKA,EAAM,SAAS,GAAG;AAC7C,aAAO;AAIX,QAAMC,IAAMF,EAAO,MAAM,GAAG,EAAE,IAAA;AAoB9B,SAnBI,GAACE,KAAOA,EAAI,SAAS,KAIrB,CAAC,cAAc,KAAKA,CAAG,KAIvBP,EAAU,IAAIO,EAAI,YAAA,CAAa,KAI/B,CAAC,mBAAmB,KAAKF,CAAM,KAO/B,+BAA+B,KAAKD,CAAK;AAK/C;AAKA,MAAMI,IAAkB;AAkBjB,SAASC,EAAwBC,GAA4B;AAElE,SAAIA,EAAU,SAAS,MAAMA,EAAU,SAAS,KACvC,KAIFF,EAAgB,KAAKE,CAAS;AACvC;"}

package/dist/{validation-BeXIfuHB.cjs → validation-BuGQrA-K.cjs}

@@ -1 +1 @@
-"use strict";const c=/[!@#$%^&*()_+\-=[\]{}|;':",./<>?`~\\]/;function o(e){const s={},a=e.length>=10,t=/[A-Z]/.test(e),n=/[a-z]/.test(e),i=/\d/.test(e),f=c.test(e);let r=0;a?r++:s.length="At least 10 characters",t?r++:s.uppercase="At least 1 uppercase letter",n?r++:s.lowercase="At least 1 lowercase letter",i?r++:s.number="At least 1 number",f?r++:s.special="At least 1 special character (@$!%*?&#^())";let l;return r<=2?l="weak":r===3?l="fair":r===4?l="good":l="strong",{isValid:Object.keys(s).length===0,errors:s,strength:l}}const u=new Set(["con","cmo","ocm","cm","vom","xom","cpm","clm","ney","met","bet","nrt","ogr","rog","prg","irg","edi","rdu"]);function h(e){if(!e||typeof e!="string"||e.length>254||e.includes(" "))return!1;const s=e.split("@");if(s.length!==2)return!1;const[a,t]=s;if(!a||a.length>64||a.startsWith(".")||a.endsWith(".")||!t||t.length>253||!t.includes(".")||t.startsWith(".")||t.endsWith(".")||t.startsWith("-")||t.endsWith("-"))return!1;for(const i of t.split("."))if(i.startsWith("-")||i.endsWith("-"))return!1;const n=t.split(".").pop();return!(!n||n.length<2||!/^[a-zA-Z]+$/.test(n)||u.has(n.toLowerCase())||!/^[a-zA-Z0-9.-]+$/.test(t)||!/^[a-zA-Z0-9._\-+!]+$/.test(a))}const g=/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/;function d(e){return e.length<43||e.length>44?!1:g.test(e)}exports.validateEmail=h;exports.validatePassword=o;exports.validateSolanaPublicKey=d;
+"use strict";const c=/[!@#$%^&*()_+\-=[\]{}|;':",./<>?`~\\]/;function o(e){const s={},a=e.length>=10,t=/[A-Z]/.test(e),n=/[a-z]/.test(e),i=/\d/.test(e),f=c.test(e);let r=0;a?r++:s.length="At least 10 characters",t?r++:s.uppercase="At least 1 uppercase letter",n?r++:s.lowercase="At least 1 lowercase letter",i?r++:s.number="At least 1 number",f?r++:s.special="At least 1 special character (@$!%*?&#^())";let l;return r<=2?l="weak":r===3?l="fair":r===4?l="good":l="strong",{isValid:Object.keys(s).length===0,errors:s,strength:l}}const u=new Set(["con","cmo","ocm","cm","vom","xom","cpm","clm","ney","met","bet","nrt","ogr","rog","prg","irg","edi","rdu"]);function h(e){if(!e||typeof e!="string"||e.length>254||e.includes(" "))return!1;const s=e.split("@");if(s.length!==2)return!1;const[a,t]=s;if(!a||a.length>64||a.startsWith(".")||a.endsWith(".")||!t||t.length>253||!t.includes(".")||t.startsWith(".")||t.endsWith(".")||t.startsWith("-")||t.endsWith("-"))return!1;for(const i of t.split("."))if(i.startsWith("-")||i.endsWith("-"))return!1;const n=t.split(".").pop();return!(!n||n.length<2||!/^[a-zA-Z]+$/.test(n)||u.has(n.toLowerCase())||!/^[a-zA-Z0-9.-]+$/.test(t)||/[\x00-\x1f\x7f"(),;:<>[\]\\]/.test(a))}const g=/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/;function d(e){return e.length<43||e.length>44?!1:g.test(e)}exports.validateEmail=h;exports.validatePassword=o;exports.validateSolanaPublicKey=d;

package/dist/{validation-BeXIfuHB.cjs.map → validation-BuGQrA-K.cjs.map}

@@ -1 +1 @@
-{"version":3,"file":"validation-BeXIfuHB.cjs","sources":["../src/utils/validation.ts"],"sourcesContent":["import type { PasswordValidation } from '../types';\n\n/**\n * Allowed special characters for password validation (F-07)\n *\n * This explicit list prevents spaces, tabs, and non-printable characters\n * from counting as \"special\" (H-06 fix). Characters included:\n * - Punctuation: ! @ # $ % ^ & * ( ) _ + - = [ ] { } | ; ' : \" , . / < > ? ` ~\n * - Escape character: backslash\n */\nconst SPECIAL_CHARS_PATTERN = /[!@#$%^&*()_+\\-=[\\]{}|;':\",./<>?`~\\\\]/;\n\n/**\n * Password validation rules:\n * - Minimum 10 characters\n * - At least 1 uppercase letter (A-Z)\n * - At least 1 lowercase letter (a-z)\n * - At least 1 number (0-9)\n * - At least 1 special character (@$!%*?&#^())\n *\n * Note: All checks are performed regardless of early failures to prevent\n * timing attacks that could reveal which requirements are met.\n */\nexport function validatePassword(password: string): PasswordValidation {\n  const errors: PasswordValidation['errors'] = {};\n\n  // Perform ALL checks first (constant-time approach to prevent timing attacks)\n  const hasLength = password.length >= 10;\n  const hasUppercase = /[A-Z]/.test(password);\n  const hasLowercase = /[a-z]/.test(password);\n  const hasNumber = /\\d/.test(password);\n  // H-06: Use explicit special character list (see SPECIAL_CHARS_PATTERN)\n  const hasSpecial = SPECIAL_CHARS_PATTERN.test(password);\n\n  // Count criteria met\n  let criteriaMetCount = 0;\n\n  // Then assign errors based on results\n  if (hasLength) {\n    criteriaMetCount++;\n  } else {\n    errors.length = 'At least 10 characters';\n  }\n\n  if (hasUppercase) {\n    criteriaMetCount++;\n  } else {\n    errors.uppercase = 'At least 1 uppercase letter';\n  }\n\n  if (hasLowercase) {\n    criteriaMetCount++;\n  } else {\n    errors.lowercase = 'At least 1 lowercase letter';\n  }\n\n  if (hasNumber) {\n    criteriaMetCount++;\n  } else {\n    errors.number = 'At least 1 number';\n  }\n\n  if (hasSpecial) {\n    criteriaMetCount++;\n  } else {\n    errors.special = 'At least 1 special character (@$!%*?&#^())';\n  }\n\n  // Calculate strength\n  let strength: PasswordValidation['strength'];\n  if (criteriaMetCount <= 2) {\n    strength = 'weak';\n  } else if (criteriaMetCount === 3) {\n    strength = 'fair';\n  } else if (criteriaMetCount === 4) {\n    strength = 'good';\n  } else {\n    strength = 'strong';\n  }\n\n  return {\n    isValid: Object.keys(errors).length === 0,\n    errors,\n    strength,\n  };\n}\n\nconst TYPO_TLDS = new Set([\n  'con',\n  'cmo',\n  'ocm',\n  'cm',\n  'vom',\n  'xom',\n  'cpm',\n  'clm',\n  'ney',\n  'met',\n  'bet',\n  'nrt',\n  'ogr',\n  'rog',\n  'prg',\n  'irg',\n  'edi',\n  'rdu',\n]);\n\n/**\n * Validate email format with robust validation.\n *\n * Validates:\n * - Proper format with @ symbol\n * - Valid characters in local and domain parts\n * - Domain must have at least one dot (TLD required)\n * - Maximum length per RFC 5321\n *\n * UI-13: Note on case normalization - This function validates format only,\n * it does NOT normalize case. Per RFC 5321, local-part is technically\n * case-sensitive (though most providers ignore case). Callers should\n * normalize emails (e.g., toLowerCase) before API calls and storage.\n *\n * @param email - The email address to validate\n * @returns true if the email format is valid\n */\nexport function validateEmail(email: string): boolean {\n  // Check basic constraints\n  if (!email || typeof email !== 'string') {\n    return false;\n  }\n\n  if (email.length > 254) {\n    return false;\n  }\n\n  if (email.includes(' ')) {\n    return false;\n  }\n\n  const parts = email.split('@');\n  if (parts.length !== 2) {\n    return false;\n  }\n\n  const [local, domain] = parts;\n  if (!local || local.length > 64) {\n    return false;\n  }\n\n  if (local.startsWith('.') || local.endsWith('.')) {\n    return false;\n  }\n\n  if (!domain || domain.length > 253) {\n    return false;\n  }\n\n  if (!domain.includes('.')) {\n    return false;\n  }\n\n  if (\n    domain.startsWith('.') ||\n    domain.endsWith('.') ||\n    domain.startsWith('-') ||\n    domain.endsWith('-')\n  ) {\n    return false;\n  }\n\n  for (const label of domain.split('.')) {\n    if (label.startsWith('-') || label.endsWith('-')) {\n      return false;\n    }\n  }\n\n  const tld = domain.split('.').pop();\n  if (!tld || tld.length < 2) {\n    return false;\n  }\n\n  if (!/^[a-zA-Z]+$/.test(tld)) {\n    return false;\n  }\n\n  if (TYPO_TLDS.has(tld.toLowerCase())) {\n    return false;\n  }\n\n  if (!/^[a-zA-Z0-9.-]+$/.test(domain)) {\n    return false;\n  }\n\n  if (!/^[a-zA-Z0-9._\\-+!]+$/.test(local)) {\n    return false;\n  }\n\n  return true;\n}\n\n/**\n * Valid Base58 characters (excludes 0, O, I, l to avoid ambiguity)\n */\nconst BASE58_ALPHABET = /^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/;\n\n/**\n * Validate Solana public key format.\n *\n * A valid Solana public key:\n * - Is 43-44 characters long (base58 encoding of 32 bytes)\n * - Contains only valid base58 characters\n *\n * @param publicKey - The public key string to validate\n * @returns true if the public key format is valid\n *\n * @example\n * ```ts\n * validateSolanaPublicKey('DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263') // true\n * validateSolanaPublicKey('invalid') // false\n * ```\n */\nexport function validateSolanaPublicKey(publicKey: string): boolean {\n  // Check length (base58 encoding of 32 bytes is 43-44 chars)\n  if (publicKey.length < 43 || publicKey.length > 44) {\n    return false;\n  }\n\n  // Check for valid base58 characters only\n  return BASE58_ALPHABET.test(publicKey);\n}\n"],"names":["SPECIAL_CHARS_PATTERN","validatePassword","password","errors","hasLength","hasUppercase","hasLowercase","hasNumber","hasSpecial","criteriaMetCount","strength","TYPO_TLDS","validateEmail","email","parts","local","domain","label","tld","BASE58_ALPHABET","validateSolanaPublicKey","publicKey"],"mappings":"aAUA,MAAMA,EAAwB,wCAavB,SAASC,EAAiBC,EAAsC,CACrE,MAAMC,EAAuC,CAAA,EAGvCC,EAAYF,EAAS,QAAU,GAC/BG,EAAe,QAAQ,KAAKH,CAAQ,EACpCI,EAAe,QAAQ,KAAKJ,CAAQ,EACpCK,EAAY,KAAK,KAAKL,CAAQ,EAE9BM,EAAaR,EAAsB,KAAKE,CAAQ,EAGtD,IAAIO,EAAmB,EAGnBL,EACFK,IAEAN,EAAO,OAAS,yBAGdE,EACFI,IAEAN,EAAO,UAAY,8BAGjBG,EACFG,IAEAN,EAAO,UAAY,8BAGjBI,EACFE,IAEAN,EAAO,OAAS,oBAGdK,EACFC,IAEAN,EAAO,QAAU,6CAInB,IAAIO,EACJ,OAAID,GAAoB,EACtBC,EAAW,OACFD,IAAqB,EAC9BC,EAAW,OACFD,IAAqB,EAC9BC,EAAW,OAEXA,EAAW,SAGN,CACL,QAAS,OAAO,KAAKP,CAAM,EAAE,SAAW,EACxC,OAAAA,EACA,SAAAO,CAAA,CAEJ,CAEA,MAAMC,MAAgB,IAAI,CACxB,MACA,MACA,MACA,KACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,KACF,CAAC,EAmBM,SAASC,EAAcC,EAAwB,CAUpD,GARI,CAACA,GAAS,OAAOA,GAAU,UAI3BA,EAAM,OAAS,KAIfA,EAAM,SAAS,GAAG,EACpB,MAAO,GAGT,MAAMC,EAAQD,EAAM,MAAM,GAAG,EAC7B,GAAIC,EAAM,SAAW,EACnB,MAAO,GAGT,KAAM,CAACC,EAAOC,CAAM,EAAIF,EAiBxB,GAhBI,CAACC,GAASA,EAAM,OAAS,IAIzBA,EAAM,WAAW,GAAG,GAAKA,EAAM,SAAS,GAAG,GAI3C,CAACC,GAAUA,EAAO,OAAS,KAI3B,CAACA,EAAO,SAAS,GAAG,GAKtBA,EAAO,WAAW,GAAG,GACrBA,EAAO,SAAS,GAAG,GACnBA,EAAO,WAAW,GAAG,GACrBA,EAAO,SAAS,GAAG,EAEnB,MAAO,GAGT,UAAWC,KAASD,EAAO,MAAM,GAAG,EAClC,GAAIC,EAAM,WAAW,GAAG,GAAKA,EAAM,SAAS,GAAG,EAC7C,MAAO,GAIX,MAAMC,EAAMF,EAAO,MAAM,GAAG,EAAE,IAAA,EAiB9B,MAhBI,GAACE,GAAOA,EAAI,OAAS,GAIrB,CAAC,cAAc,KAAKA,CAAG,GAIvBP,EAAU,IAAIO,EAAI,YAAA,CAAa,GAI/B,CAAC,mBAAmB,KAAKF,CAAM,GAI/B,CAAC,uBAAuB,KAAKD,CAAK,EAKxC,CAKA,MAAMI,EAAkB,kEAkBjB,SAASC,EAAwBC,EAA4B,CAElE,OAAIA,EAAU,OAAS,IAAMA,EAAU,OAAS,GACvC,GAIFF,EAAgB,KAAKE,CAAS,CACvC"}
+{"version":3,"file":"validation-BuGQrA-K.cjs","sources":["../src/utils/validation.ts"],"sourcesContent":["import type { PasswordValidation } from '../types';\n\n/**\n * Allowed special characters for password validation (F-07)\n *\n * This explicit list prevents spaces, tabs, and non-printable characters\n * from counting as \"special\" (H-06 fix). Characters included:\n * - Punctuation: ! @ # $ % ^ & * ( ) _ + - = [ ] { } | ; ' : \" , . / < > ? ` ~\n * - Escape character: backslash\n */\nconst SPECIAL_CHARS_PATTERN = /[!@#$%^&*()_+\\-=[\\]{}|;':\",./<>?`~\\\\]/;\n\n/**\n * Password validation rules:\n * - Minimum 10 characters\n * - At least 1 uppercase letter (A-Z)\n * - At least 1 lowercase letter (a-z)\n * - At least 1 number (0-9)\n * - At least 1 special character (@$!%*?&#^())\n *\n * Note: All checks are performed regardless of early failures to prevent\n * timing attacks that could reveal which requirements are met.\n */\nexport function validatePassword(password: string): PasswordValidation {\n  const errors: PasswordValidation['errors'] = {};\n\n  // Perform ALL checks first (constant-time approach to prevent timing attacks)\n  const hasLength = password.length >= 10;\n  const hasUppercase = /[A-Z]/.test(password);\n  const hasLowercase = /[a-z]/.test(password);\n  const hasNumber = /\\d/.test(password);\n  // H-06: Use explicit special character list (see SPECIAL_CHARS_PATTERN)\n  const hasSpecial = SPECIAL_CHARS_PATTERN.test(password);\n\n  // Count criteria met\n  let criteriaMetCount = 0;\n\n  // Then assign errors based on results\n  if (hasLength) {\n    criteriaMetCount++;\n  } else {\n    errors.length = 'At least 10 characters';\n  }\n\n  if (hasUppercase) {\n    criteriaMetCount++;\n  } else {\n    errors.uppercase = 'At least 1 uppercase letter';\n  }\n\n  if (hasLowercase) {\n    criteriaMetCount++;\n  } else {\n    errors.lowercase = 'At least 1 lowercase letter';\n  }\n\n  if (hasNumber) {\n    criteriaMetCount++;\n  } else {\n    errors.number = 'At least 1 number';\n  }\n\n  if (hasSpecial) {\n    criteriaMetCount++;\n  } else {\n    errors.special = 'At least 1 special character (@$!%*?&#^())';\n  }\n\n  // Calculate strength\n  let strength: PasswordValidation['strength'];\n  if (criteriaMetCount <= 2) {\n    strength = 'weak';\n  } else if (criteriaMetCount === 3) {\n    strength = 'fair';\n  } else if (criteriaMetCount === 4) {\n    strength = 'good';\n  } else {\n    strength = 'strong';\n  }\n\n  return {\n    isValid: Object.keys(errors).length === 0,\n    errors,\n    strength,\n  };\n}\n\nconst TYPO_TLDS = new Set([\n  'con',\n  'cmo',\n  'ocm',\n  'cm',\n  'vom',\n  'xom',\n  'cpm',\n  'clm',\n  'ney',\n  'met',\n  'bet',\n  'nrt',\n  'ogr',\n  'rog',\n  'prg',\n  'irg',\n  'edi',\n  'rdu',\n]);\n\n/**\n * Validate email format with robust validation.\n *\n * Validates:\n * - Proper format with @ symbol\n * - Valid characters in local and domain parts\n * - Domain must have at least one dot (TLD required)\n * - Maximum length per RFC 5321\n *\n * UI-13: Note on case normalization - This function validates format only,\n * it does NOT normalize case. Per RFC 5321, local-part is technically\n * case-sensitive (though most providers ignore case). Callers should\n * normalize emails (e.g., toLowerCase) before API calls and storage.\n *\n * @param email - The email address to validate\n * @returns true if the email format is valid\n */\nexport function validateEmail(email: string): boolean {\n  // Check basic constraints\n  if (!email || typeof email !== 'string') {\n    return false;\n  }\n\n  if (email.length > 254) {\n    return false;\n  }\n\n  if (email.includes(' ')) {\n    return false;\n  }\n\n  const parts = email.split('@');\n  if (parts.length !== 2) {\n    return false;\n  }\n\n  const [local, domain] = parts;\n  if (!local || local.length > 64) {\n    return false;\n  }\n\n  if (local.startsWith('.') || local.endsWith('.')) {\n    return false;\n  }\n\n  if (!domain || domain.length > 253) {\n    return false;\n  }\n\n  if (!domain.includes('.')) {\n    return false;\n  }\n\n  if (\n    domain.startsWith('.') ||\n    domain.endsWith('.') ||\n    domain.startsWith('-') ||\n    domain.endsWith('-')\n  ) {\n    return false;\n  }\n\n  for (const label of domain.split('.')) {\n    if (label.startsWith('-') || label.endsWith('-')) {\n      return false;\n    }\n  }\n\n  const tld = domain.split('.').pop();\n  if (!tld || tld.length < 2) {\n    return false;\n  }\n\n  if (!/^[a-zA-Z]+$/.test(tld)) {\n    return false;\n  }\n\n  if (TYPO_TLDS.has(tld.toLowerCase())) {\n    return false;\n  }\n\n  if (!/^[a-zA-Z0-9.-]+$/.test(domain)) {\n    return false;\n  }\n\n  // UI-12: Allow Unicode (non-ASCII) characters in local-part for internationalized emails.\n  // Reject structural delimiters and DEL character that are invalid in unquoted local-parts.\n  // eslint-disable-next-line no-control-regex\n  if (/[\\x00-\\x1f\\x7f\"(),;:<>[\\]\\\\]/.test(local)) {\n    return false;\n  }\n\n  return true;\n}\n\n/**\n * Valid Base58 characters (excludes 0, O, I, l to avoid ambiguity)\n */\nconst BASE58_ALPHABET = /^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/;\n\n/**\n * Validate Solana public key format.\n *\n * A valid Solana public key:\n * - Is 43-44 characters long (base58 encoding of 32 bytes)\n * - Contains only valid base58 characters\n *\n * @param publicKey - The public key string to validate\n * @returns true if the public key format is valid\n *\n * @example\n * ```ts\n * validateSolanaPublicKey('DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263') // true\n * validateSolanaPublicKey('invalid') // false\n * ```\n */\nexport function validateSolanaPublicKey(publicKey: string): boolean {\n  // Check length (base58 encoding of 32 bytes is 43-44 chars)\n  if (publicKey.length < 43 || publicKey.length > 44) {\n    return false;\n  }\n\n  // Check for valid base58 characters only\n  return BASE58_ALPHABET.test(publicKey);\n}\n"],"names":["SPECIAL_CHARS_PATTERN","validatePassword","password","errors","hasLength","hasUppercase","hasLowercase","hasNumber","hasSpecial","criteriaMetCount","strength","TYPO_TLDS","validateEmail","email","parts","local","domain","label","tld","BASE58_ALPHABET","validateSolanaPublicKey","publicKey"],"mappings":"aAUA,MAAMA,EAAwB,wCAavB,SAASC,EAAiBC,EAAsC,CACrE,MAAMC,EAAuC,CAAA,EAGvCC,EAAYF,EAAS,QAAU,GAC/BG,EAAe,QAAQ,KAAKH,CAAQ,EACpCI,EAAe,QAAQ,KAAKJ,CAAQ,EACpCK,EAAY,KAAK,KAAKL,CAAQ,EAE9BM,EAAaR,EAAsB,KAAKE,CAAQ,EAGtD,IAAIO,EAAmB,EAGnBL,EACFK,IAEAN,EAAO,OAAS,yBAGdE,EACFI,IAEAN,EAAO,UAAY,8BAGjBG,EACFG,IAEAN,EAAO,UAAY,8BAGjBI,EACFE,IAEAN,EAAO,OAAS,oBAGdK,EACFC,IAEAN,EAAO,QAAU,6CAInB,IAAIO,EACJ,OAAID,GAAoB,EACtBC,EAAW,OACFD,IAAqB,EAC9BC,EAAW,OACFD,IAAqB,EAC9BC,EAAW,OAEXA,EAAW,SAGN,CACL,QAAS,OAAO,KAAKP,CAAM,EAAE,SAAW,EACxC,OAAAA,EACA,SAAAO,CAAA,CAEJ,CAEA,MAAMC,MAAgB,IAAI,CACxB,MACA,MACA,MACA,KACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,MACA,KACF,CAAC,EAmBM,SAASC,EAAcC,EAAwB,CAUpD,GARI,CAACA,GAAS,OAAOA,GAAU,UAI3BA,EAAM,OAAS,KAIfA,EAAM,SAAS,GAAG,EACpB,MAAO,GAGT,MAAMC,EAAQD,EAAM,MAAM,GAAG,EAC7B,GAAIC,EAAM,SAAW,EACnB,MAAO,GAGT,KAAM,CAACC,EAAOC,CAAM,EAAIF,EAiBxB,GAhBI,CAACC,GAASA,EAAM,OAAS,IAIzBA,EAAM,WAAW,GAAG,GAAKA,EAAM,SAAS,GAAG,GAI3C,CAACC,GAAUA,EAAO,OAAS,KAI3B,CAACA,EAAO,SAAS,GAAG,GAKtBA,EAAO,WAAW,GAAG,GACrBA,EAAO,SAAS,GAAG,GACnBA,EAAO,WAAW,GAAG,GACrBA,EAAO,SAAS,GAAG,EAEnB,MAAO,GAGT,UAAWC,KAASD,EAAO,MAAM,GAAG,EAClC,GAAIC,EAAM,WAAW,GAAG,GAAKA,EAAM,SAAS,GAAG,EAC7C,MAAO,GAIX,MAAMC,EAAMF,EAAO,MAAM,GAAG,EAAE,IAAA,EAoB9B,MAnBI,GAACE,GAAOA,EAAI,OAAS,GAIrB,CAAC,cAAc,KAAKA,CAAG,GAIvBP,EAAU,IAAIO,EAAI,YAAA,CAAa,GAI/B,CAAC,mBAAmB,KAAKF,CAAM,GAO/B,+BAA+B,KAAKD,CAAK,EAK/C,CAKA,MAAMI,EAAkB,kEAkBjB,SAASC,EAAwBC,EAA4B,CAElE,OAAIA,EAAU,OAAS,IAAMA,EAAU,OAAS,GACvC,GAIFF,EAAgB,KAAKE,CAAS,CACvC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cedros/login-react",
-  "version": "0.0.12",
+  "version": "0.0.13",
   "description": "React component library for authentication with email/password, Google OAuth, and Solana wallet sign-in",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -17,6 +17,16 @@
         "default": "./dist/index.cjs"
       }
     },
+    "./admin-only": {
+      "import": {
+        "types": "./dist/admin-only.d.ts",
+        "default": "./dist/admin-only.js"
+      },
+      "require": {
+        "types": "./dist/admin-only.d.ts",
+        "default": "./dist/admin-only.cjs"
+      }
+    },
     "./email-only": {
       "import": {
         "types": "./dist/email-only.d.ts",

package/dist/AuthenticationSettings-BSoIQ58T.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"AuthenticationSettings-BSoIQ58T.js","sources":["../src/admin/sections/AuthenticationSettings.tsx"],"sourcesContent":["/**\n * Authentication Settings Section - Plugin wrapper\n */\n\nimport React from 'react';\nimport type { AdminSectionProps } from '../types';\nimport { AuthenticationSettings as Settings } from '../../components/admin/settings';\n\nexport default function AuthenticationSettings(\n  // eslint-disable-next-line @typescript-eslint/no-unused-vars\n  _props: AdminSectionProps\n): React.JSX.Element {\n  return (\n    <div className=\"cedros-dashboard__section\">\n      <Settings />\n    </div>\n  );\n}\n"],"names":["AuthenticationSettings","_props","jsx","Settings"],"mappings":";;;AAQA,SAAwBA,EAEtBC,GACmB;AACnB,2BACG,OAAA,EAAI,WAAU,6BACb,UAAA,gBAAAC,EAACC,KAAS,GACZ;AAEJ;"}

package/dist/AuthenticationSettings-CNmWEPFV.cjs

@@ -1 +0,0 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const e=require("react/jsx-runtime");require("react");const t=require("./index-ZS9AwAal.cjs");function i(n){return e.jsx("div",{className:"cedros-dashboard__section",children:e.jsx(t.AuthenticationSettings,{})})}exports.default=i;

package/dist/AuthenticationSettings-CNmWEPFV.cjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"AuthenticationSettings-CNmWEPFV.cjs","sources":["../src/admin/sections/AuthenticationSettings.tsx"],"sourcesContent":["/**\n * Authentication Settings Section - Plugin wrapper\n */\n\nimport React from 'react';\nimport type { AdminSectionProps } from '../types';\nimport { AuthenticationSettings as Settings } from '../../components/admin/settings';\n\nexport default function AuthenticationSettings(\n  // eslint-disable-next-line @typescript-eslint/no-unused-vars\n  _props: AdminSectionProps\n): React.JSX.Element {\n  return (\n    <div className=\"cedros-dashboard__section\">\n      <Settings />\n    </div>\n  );\n}\n"],"names":["AuthenticationSettings","_props","jsx","Settings"],"mappings":"8KAQA,SAAwBA,EAEtBC,EACmB,CACnB,aACG,MAAA,CAAI,UAAU,4BACb,SAAAC,MAACC,EAAAA,yBAAS,EACZ,CAEJ"}

package/dist/CreditSystemSettings-BYxoFwaP.js

@@ -1,9 +0,0 @@
-import { jsx as t } from "react/jsx-runtime";
-import "react";
-import { C as r } from "./index-dgg5tlO7.js";
-function d(e) {
-  return /* @__PURE__ */ t("div", { className: "cedros-dashboard__section", children: /* @__PURE__ */ t(r, {}) });
-}
-export {
-  d as default
-};

package/dist/CreditSystemSettings-BYxoFwaP.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"CreditSystemSettings-BYxoFwaP.js","sources":["../src/admin/sections/CreditSystemSettings.tsx"],"sourcesContent":["/**\n * Credit System Settings Section - Plugin wrapper\n */\n\nimport React from 'react';\nimport type { AdminSectionProps } from '../types';\nimport { CreditSystemSettings as Settings } from '../../components/admin/settings';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nexport default function CreditSystemSettings(_props: AdminSectionProps): React.JSX.Element {\n  return (\n    <div className=\"cedros-dashboard__section\">\n      <Settings />\n    </div>\n  );\n}\n"],"names":["CreditSystemSettings","_props","jsx","Settings"],"mappings":";;;AASA,SAAwBA,EAAqBC,GAA8C;AACzF,2BACG,OAAA,EAAI,WAAU,6BACb,UAAA,gBAAAC,EAACC,KAAS,GACZ;AAEJ;"}

package/dist/CreditSystemSettings-D2fLorNx.cjs

@@ -1 +0,0 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const e=require("react/jsx-runtime");require("react");const t=require("./index-ZS9AwAal.cjs");function r(s){return e.jsx("div",{className:"cedros-dashboard__section",children:e.jsx(t.CreditSystemSettings,{})})}exports.default=r;

package/dist/CreditSystemSettings-D2fLorNx.cjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"CreditSystemSettings-D2fLorNx.cjs","sources":["../src/admin/sections/CreditSystemSettings.tsx"],"sourcesContent":["/**\n * Credit System Settings Section - Plugin wrapper\n */\n\nimport React from 'react';\nimport type { AdminSectionProps } from '../types';\nimport { CreditSystemSettings as Settings } from '../../components/admin/settings';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nexport default function CreditSystemSettings(_props: AdminSectionProps): React.JSX.Element {\n  return (\n    <div className=\"cedros-dashboard__section\">\n      <Settings />\n    </div>\n  );\n}\n"],"names":["CreditSystemSettings","_props","jsx","Settings"],"mappings":"8KASA,SAAwBA,EAAqBC,EAA8C,CACzF,aACG,MAAA,CAAI,UAAU,4BACb,SAAAC,MAACC,EAAAA,uBAAS,EACZ,CAEJ"}