@iqworksai/common-components 0.1.26 → 0.1.27

package/dist/auth/components/UserProfile.d.ts

@@ -0,0 +1,19 @@
+import { ReactNode } from 'react';
+
+export interface UserProfileProps {
+    className?: string;
+    /** Class name for the avatar image */
+    avatarClassName?: string;
+    /** Class name for the user info container */
+    infoClassName?: string;
+    /** Class name for the user name */
+    nameClassName?: string;
+    /** Class name for the user email */
+    emailClassName?: string;
+    /** Show loading state */
+    showLoading?: boolean;
+    /** Custom loading component */
+    loadingComponent?: ReactNode;
+}
+export declare function UserProfile({ className, avatarClassName, infoClassName, nameClassName, emailClassName, showLoading, loadingComponent, }: UserProfileProps): import("react/jsx-runtime").JSX.Element | null;
+//# sourceMappingURL=UserProfile.d.ts.map

package/dist/auth/components/UserProfile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"UserProfile.d.ts","sourceRoot":"","sources":["../../../src/auth/components/UserProfile.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAGvC,MAAM,WAAW,gBAAgB;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sCAAsC;IACtC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,6CAA6C;IAC7C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mCAAmC;IACnC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oCAAoC;IACpC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,yBAAyB;IACzB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,+BAA+B;IAC/B,gBAAgB,CAAC,EAAE,SAAS,CAAC;CAC9B;AAED,wBAAgB,WAAW,CAAC,EAC1B,SAAS,EACT,eAAwC,EACxC,aAAa,EACb,aAAqC,EACrC,cAAwC,EACxC,WAAkB,EAClB,gBAAgB,GACjB,EAAE,gBAAgB,kDA0BlB"}

package/dist/auth/components/UserProfile.mjs

@@ -0,0 +1,30 @@
+import { jsx as r, Fragment as f, jsxs as i } from "react/jsx-runtime";
+import { useAuth0 as h } from "@auth0/auth0-react";
+function p({
+  className: s,
+  avatarClassName: t = "w-8 h-8 rounded-full",
+  infoClassName: n,
+  nameClassName: l = "text-sm font-medium",
+  emailClassName: m = "text-xs text-gray-500",
+  showLoading: c = !0,
+  loadingComponent: a
+}) {
+  const { user: e, isAuthenticated: u, isLoading: d } = h();
+  return d && c ? a ? /* @__PURE__ */ r(f, { children: a }) : /* @__PURE__ */ r("div", { children: "Loading..." }) : !u || !e ? null : /* @__PURE__ */ i("div", { className: s || "flex items-center gap-2", children: [
+    e.picture && /* @__PURE__ */ r(
+      "img",
+      {
+        src: e.picture,
+        alt: e.name || e.email || "User avatar",
+        className: t
+      }
+    ),
+    /* @__PURE__ */ i("div", { className: n, children: [
+      e.name && /* @__PURE__ */ r("span", { className: l, children: e.name }),
+      e.email && /* @__PURE__ */ r("span", { className: m, children: e.email })
+    ] })
+  ] });
+}
+export {
+  p as UserProfile
+};

package/dist/auth/components/index.d.ts

@@ -0,0 +1,8 @@
+export { Auth0Provider, type Auth0ProviderProps, type Auth0ProviderConfig } from './Auth0Provider';
+export { LoginButton, type LoginButtonProps } from './LoginButton';
+export { LogoutButton, type LogoutButtonProps } from './LogoutButton';
+export { UserProfile, type UserProfileProps } from './UserProfile';
+export { AuthStatus, type AuthStatusProps } from './AuthStatus';
+export { ProtectedRoute, type ProtectedRouteProps } from './ProtectedRoute';
+export { RoleBasedRoute, type RoleBasedRouteProps } from './RoleBasedRoute';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/components/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/components/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,KAAK,kBAAkB,EAAE,KAAK,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACnG,OAAO,EAAE,WAAW,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,KAAK,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACtE,OAAO,EAAE,WAAW,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,cAAc,EAAE,KAAK,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,KAAK,mBAAmB,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/auth/constants/claims.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Auth0 JWT claim namespace utilities
+ * Apps can override the namespace via environment variable or direct parameter
+ */
+export declare const DEFAULT_CLAIM_NAMESPACE = "https://iqworks.ai";
+/**
+ * Get the claim namespace, with optional override
+ * Priority: parameter > env var > default
+ */
+export declare function getClaimNamespace(customNamespace?: string): string;
+/**
+ * Get the full claim key for user roles
+ */
+export declare function getRolesClaimKey(namespace?: string): string;
+/**
+ * Get the full claim key for internal app user ID
+ */
+export declare function getAppUserIdClaimKey(namespace?: string): string;
+/**
+ * Get the full claim key for internal app organization ID
+ */
+export declare function getAppOrgIdClaimKey(namespace?: string): string;
+export declare const ROLES_CLAIM_NAMESPACE = "https://iqworks.ai/roles";
+export declare const APP_USER_ID_CLAIM = "https://iqworks.ai/app_user_id";
+export declare const APP_ORG_ID_CLAIM = "https://iqworks.ai/app_org_id";
+//# sourceMappingURL=claims.d.ts.map

package/dist/auth/constants/claims.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"claims.d.ts","sourceRoot":"","sources":["../../../src/auth/constants/claims.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,uBAAuB,uBAAuB,CAAC;AAE5D;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,CAMlE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAE3D;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAE/D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAE9D;AAID,eAAO,MAAM,qBAAqB,6BAAqC,CAAC;AACxE,eAAO,MAAM,iBAAiB,mCAA2C,CAAC;AAC1E,eAAO,MAAM,gBAAgB,kCAA0C,CAAC"}

package/dist/auth/constants/claims.mjs

@@ -0,0 +1,25 @@
+const r = "https://iqworks.ai";
+function _(e) {
+  var n;
+  return e || (typeof process < "u" && ((n = process.env) != null && n.NEXT_PUBLIC_CLAIM_NAMESPACE) ? process.env.NEXT_PUBLIC_CLAIM_NAMESPACE : r);
+}
+function t(e) {
+  return `${_(e)}/roles`;
+}
+function A(e) {
+  return `${_(e)}/app_user_id`;
+}
+function o(e) {
+  return `${_(e)}/app_org_id`;
+}
+const p = `${r}/roles`, i = `${r}/app_user_id`, s = `${r}/app_org_id`;
+export {
+  s as APP_ORG_ID_CLAIM,
+  i as APP_USER_ID_CLAIM,
+  r as DEFAULT_CLAIM_NAMESPACE,
+  p as ROLES_CLAIM_NAMESPACE,
+  o as getAppOrgIdClaimKey,
+  A as getAppUserIdClaimKey,
+  _ as getClaimNamespace,
+  t as getRolesClaimKey
+};

package/dist/auth/constants/index.d.ts

@@ -0,0 +1,2 @@
+export { DEFAULT_CLAIM_NAMESPACE, getClaimNamespace, getRolesClaimKey, getAppUserIdClaimKey, getAppOrgIdClaimKey, ROLES_CLAIM_NAMESPACE, APP_USER_ID_CLAIM, APP_ORG_ID_CLAIM, } from './claims';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/constants/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/constants/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,uBAAuB,EACvB,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACpB,mBAAmB,EAEnB,qBAAqB,EACrB,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,UAAU,CAAC"}

package/dist/auth/hooks/index.d.ts

@@ -0,0 +1,4 @@
+export { useAccessToken, type UseAccessTokenOptions } from './useAccessToken';
+export { useRoles, type UseRolesOptions, type UseRolesResult } from './useRoles';
+export { useSupabase, type UseSupabaseOptions } from './useSupabase';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/hooks/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAC9E,OAAO,EAAE,QAAQ,EAAE,KAAK,eAAe,EAAE,KAAK,cAAc,EAAE,MAAM,YAAY,CAAC;AACjF,OAAO,EAAE,WAAW,EAAE,KAAK,kBAAkB,EAAE,MAAM,eAAe,CAAC"}

package/dist/auth/hooks/useAccessToken.d.ts

@@ -0,0 +1,28 @@
+export interface UseAccessTokenOptions {
+    /** Auth0 audience (defaults to NEXT_PUBLIC_AUTH0_AUDIENCE env var) */
+    audience?: string;
+    /** Validate that token org matches user's current org (default: true) */
+    validateOrg?: boolean;
+    /** Callback for error handling (e.g., wire to Sentry's captureError) */
+    onError?: (error: unknown, context: Record<string, unknown>) => void;
+}
+/**
+ * Hook to get access token with the correct audience and organization configured.
+ * Handles token refresh, org validation, and error recovery.
+ *
+ * @example
+ * ```tsx
+ * import { captureError } from '@/lib/sentry';
+ *
+ * function MyComponent() {
+ *   const getAccessToken = useAccessToken({ onError: captureError });
+ *
+ *   const fetchData = async () => {
+ *     const token = await getAccessToken();
+ *     // Use token for API calls
+ *   };
+ * }
+ * ```
+ */
+export declare function useAccessToken(options?: UseAccessTokenOptions): () => Promise<string>;
+//# sourceMappingURL=useAccessToken.d.ts.map

package/dist/auth/hooks/useAccessToken.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useAccessToken.d.ts","sourceRoot":"","sources":["../../../src/auth/hooks/useAccessToken.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,qBAAqB;IACpC,sEAAsE;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yEAAyE;IACzE,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,wEAAwE;IACxE,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;CACtE;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,cAAc,CAAC,OAAO,GAAE,qBAA0B,yBAiHjE"}

package/dist/auth/hooks/useAccessToken.mjs

@@ -0,0 +1,74 @@
+import { useAuth0 as h } from "@auth0/auth0-react";
+import { useCallback as u } from "react";
+import { getOrgIdFromToken as m } from "../utils/jwt-utils.mjs";
+function v(i = {}) {
+  const { getAccessTokenSilently: s, loginWithRedirect: c, logout: l, user: r } = h(), g = i.audience || process.env.NEXT_PUBLIC_AUTH0_AUDIENCE, d = i.validateOrg ?? !0;
+  return u(async () => {
+    var f;
+    try {
+      const e = await s({
+        authorizationParams: {
+          audience: g,
+          organization: r == null ? void 0 : r.org_id
+        }
+      });
+      if (d && (r != null && r.org_id)) {
+        const o = m(e);
+        if (!o || o !== r.org_id)
+          throw console.warn("Token org mismatch/missing. Token org:", o, "User org:", r.org_id), await l({
+            logoutParams: {
+              returnTo: `${window.location.origin}/login?organization=${r.org_id}`
+            }
+          }), new Error("Org mismatch - logging out");
+      }
+      return e;
+    } catch (e) {
+      const o = e;
+      if (i.onError && o.error !== "login_required" && o.error !== "consent_required" && i.onError(e, {
+        message: "Failed to get access token",
+        errorType: o.error,
+        userOrgId: r == null ? void 0 : r.org_id
+      }), console.error("Failed to get access token:", e), o.error === "invalid_grant" || typeof o.error_description == "string" && o.error_description.toLowerCase().includes("invalid refresh token") || typeof o.message == "string" && o.message.toLowerCase().includes("invalid refresh token")) {
+        i.onError && i.onError(e, {
+          message: "Invalid or unknown refresh token - forcing logout and re-authentication",
+          userOrgId: r == null ? void 0 : r.org_id
+        });
+        try {
+          if (typeof window < "u" && window.localStorage) {
+            const n = process.env.NEXT_PUBLIC_AUTH0_CLIENT_ID || "", t = Object.keys(localStorage).filter(
+              (a) => a.includes("auth0") || n && a.includes(n)
+            );
+            t.forEach((a) => localStorage.removeItem(a)), console.warn("Cleared localStorage Auth0 keys due to invalid refresh token:", t);
+          }
+        } catch (n) {
+          console.warn("Failed clearing localStorage keys after invalid refresh token:", n);
+        }
+        try {
+          await l({
+            logoutParams: { returnTo: window.location.origin }
+          });
+        } catch (n) {
+          console.error("Logout failed after invalid refresh token; falling back to loginWithRedirect", n);
+          try {
+            await c({
+              authorizationParams: { organization: r == null ? void 0 : r.org_id },
+              appState: { returnTo: window.location.pathname }
+            });
+          } catch (t) {
+            console.error("Fallback loginWithRedirect also failed after invalid refresh token:", t);
+          }
+        }
+        throw e;
+      }
+      throw (o.error === "login_required" || o.error === "consent_required" || (f = o.message) != null && f.includes("Missing Refresh Token")) && await c({
+        authorizationParams: {
+          organization: r == null ? void 0 : r.org_id
+        },
+        appState: { returnTo: window.location.pathname }
+      }), e;
+    }
+  }, [s, c, l, r == null ? void 0 : r.org_id, g, d, i]);
+}
+export {
+  v as useAccessToken
+};

package/dist/auth/hooks/useRoles.d.ts

@@ -0,0 +1,44 @@
+export interface UseRolesOptions {
+    /** Custom claim namespace (defaults to env or https://iqworks.ai) */
+    claimNamespace?: string;
+}
+export interface UseRolesResult {
+    /** Array of user's roles */
+    roles: string[];
+    /** Whether auth is still loading */
+    isLoading: boolean;
+    /** Check if user has a specific role */
+    hasRole: (role: string) => boolean;
+    /** Check if user has any of the specified roles */
+    hasAnyRole: (roles: string[]) => boolean;
+    /** Check if user has all of the specified roles */
+    hasAllRoles: (roles: string[]) => boolean;
+    /** Convenience: true if user has 'Super Admin' role */
+    isSuperAdmin: boolean;
+    /** Convenience: true if user has 'Admin' role */
+    isAdmin: boolean;
+    /** Convenience: true if user has 'Admin' but NOT 'Super Admin' role */
+    isOrgAdmin: boolean;
+}
+/**
+ * Hook to access user roles from Auth0 JWT claims
+ *
+ * @example
+ * ```tsx
+ * function MyComponent() {
+ *   const { roles, hasRole, isSuperAdmin } = useRoles();
+ *
+ *   if (isSuperAdmin) {
+ *     return <AdminDashboard />;
+ *   }
+ *
+ *   if (hasRole('Editor')) {
+ *     return <EditorView />;
+ *   }
+ *
+ *   return <UserView />;
+ * }
+ * ```
+ */
+export declare function useRoles(options?: UseRolesOptions): UseRolesResult;
+//# sourceMappingURL=useRoles.d.ts.map

package/dist/auth/hooks/useRoles.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useRoles.d.ts","sourceRoot":"","sources":["../../../src/auth/hooks/useRoles.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,eAAe;IAC9B,qEAAqE;IACrE,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,cAAc;IAC7B,4BAA4B;IAC5B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,oCAAoC;IACpC,SAAS,EAAE,OAAO,CAAC;IACnB,wCAAwC;IACxC,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;IACnC,mDAAmD;IACnD,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC;IACzC,mDAAmD;IACnD,WAAW,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC;IAC1C,uDAAuD;IACvD,YAAY,EAAE,OAAO,CAAC;IACtB,iDAAiD;IACjD,OAAO,EAAE,OAAO,CAAC;IACjB,uEAAuE;IACvE,UAAU,EAAE,OAAO,CAAC;CACrB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,QAAQ,CAAC,OAAO,GAAE,eAAoB,GAAG,cAAc,CAmCtE"}

package/dist/auth/hooks/useRoles.mjs

@@ -0,0 +1,25 @@
+import { useAuth0 as f } from "@auth0/auth0-react";
+import { useMemo as n, useCallback as r } from "react";
+import { getRolesClaimKey as R } from "../constants/claims.mjs";
+function C(u = {}) {
+  const { user: i, isLoading: o } = f(), c = R(u.claimNamespace), e = n(() => o || !i ? [] : i[c] || [], [i, o, c]), m = r((s) => e.includes(s), [e]), t = r(
+    (s) => s.some((l) => e.includes(l)),
+    [e]
+  ), d = r(
+    (s) => s.every((l) => e.includes(l)),
+    [e]
+  ), a = n(() => e.includes("Super Admin"), [e]), A = n(() => e.includes("Admin"), [e]), p = n(() => e.includes("Admin") && !e.includes("Super Admin"), [e]);
+  return {
+    roles: e,
+    isLoading: o,
+    hasRole: m,
+    hasAnyRole: t,
+    hasAllRoles: d,
+    isSuperAdmin: a,
+    isAdmin: A,
+    isOrgAdmin: p
+  };
+}
+export {
+  C as useRoles
+};

package/dist/auth/hooks/useSupabase.d.ts

@@ -0,0 +1,29 @@
+import { SupabaseClient } from '@supabase/supabase-js';
+import { UseAccessTokenOptions } from './useAccessToken';
+
+export interface UseSupabaseOptions extends UseAccessTokenOptions {
+    /** Supabase URL (defaults to NEXT_PUBLIC_SUPABASE_URL env var) */
+    supabaseUrl?: string;
+    /** Supabase anon key (defaults to NEXT_PUBLIC_SUPABASE_ANON_KEY env var) */
+    supabaseAnonKey?: string;
+}
+/**
+ * Hook to create a Supabase client with JWT authentication.
+ * The client automatically includes the access token in all requests,
+ * enabling RLS policies to work correctly.
+ *
+ * @example
+ * ```tsx
+ * import { captureError } from '@/lib/sentry';
+ *
+ * function MyComponent() {
+ *   const supabase = useSupabase({ onError: captureError });
+ *
+ *   const fetchData = async () => {
+ *     const { data, error } = await supabase.from('my_table').select('*');
+ *   };
+ * }
+ * ```
+ */
+export declare function useSupabase(options?: UseSupabaseOptions): SupabaseClient;
+//# sourceMappingURL=useSupabase.d.ts.map

package/dist/auth/hooks/useSupabase.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useSupabase.d.ts","sourceRoot":"","sources":["../../../src/auth/hooks/useSupabase.ts"],"names":[],"mappings":"AAEA,OAAO,EAAgB,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAErE,OAAO,EAAkB,KAAK,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAE9E,MAAM,WAAW,kBAAmB,SAAQ,qBAAqB;IAC/D,kEAAkE;IAClE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,4EAA4E;IAC5E,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,WAAW,CAAC,OAAO,GAAE,kBAAuB,GAAG,cAAc,CAwB5E"}

package/dist/auth/hooks/useSupabase.mjs

@@ -0,0 +1,22 @@
+import { createClient as u } from "@supabase/supabase-js";
+import { useMemo as A } from "react";
+import { useAccessToken as _ } from "./useAccessToken.mjs";
+function B(r = {}) {
+  const s = _(r), a = r.supabaseUrl || process.env.NEXT_PUBLIC_SUPABASE_URL, n = r.supabaseAnonKey || process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY;
+  return A(() => u(a, n, {
+    global: {
+      // Get the token for every request
+      fetch: async (o, e = {}) => {
+        try {
+          const c = await s(), t = new Headers(e == null ? void 0 : e.headers);
+          return t.set("Authorization", `Bearer ${c}`), fetch(o, { ...e, headers: t });
+        } catch {
+          return fetch(o, e);
+        }
+      }
+    }
+  }), [s, a, n]);
+}
+export {
+  B as useSupabase
+};

package/dist/auth/index.cjs

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const e=require("react/jsx-runtime"),f=require("@auth0/auth0-react"),h=require("react"),U=require("@supabase/supabase-js"),R=()=>e.jsx("div",{style:{display:"flex",flexDirection:"column",alignItems:"center",justifyContent:"center",minHeight:"100vh",padding:"2rem",backgroundColor:"#1a1e27",color:"#e2e8f0"},children:e.jsxs("div",{style:{backgroundColor:"#c53030",color:"#fff",padding:"2rem",borderRadius:"15px",maxWidth:"600px",textAlign:"center"},children:[e.jsx("h1",{style:{fontSize:"2rem",marginBottom:"1rem"},children:"Auth0 Configuration Missing"}),e.jsxs("p",{style:{marginBottom:"1rem"},children:["Please update your ",e.jsx("code",{children:".env.local"})," file with Auth0 credentials."]}),e.jsxs("div",{style:{textAlign:"left",backgroundColor:"rgba(0,0,0,0.2)",padding:"1rem",borderRadius:"8px"},children:[e.jsx("p",{children:e.jsx("strong",{children:"Required variables:"})}),e.jsxs("ul",{style:{marginLeft:"1rem",marginTop:"0.5rem"},children:[e.jsx("li",{children:"NEXT_PUBLIC_AUTH0_DOMAIN"}),e.jsx("li",{children:"NEXT_PUBLIC_AUTH0_CLIENT_ID"}),e.jsx("li",{children:"NEXT_PUBLIC_AUTH0_AUDIENCE"})]})]}),e.jsxs("p",{style:{marginTop:"1rem",fontSize:"0.9rem"},children:["Get these from: ",e.jsx("a",{href:"https://manage.auth0.com/dashboard/",style:{color:"#63b3ed"},children:"Auth0 Dashboard"})]})]})});function P({children:s,config:n={},errorComponent:t}){const o=n.domain||process.env.NEXT_PUBLIC_AUTH0_DOMAIN,r=n.clientId||process.env.NEXT_PUBLIC_AUTH0_CLIENT_ID,c=n.audience||process.env.NEXT_PUBLIC_AUTH0_AUDIENCE,u=n.redirectUri||(typeof window<"u"?`${window.location.origin}/dashboard`:void 0),i=n.defaultReturnTo||"/dashboard",a=n.scope||"openid profile email offline_access",d=n.useRefreshTokens??!0,g=n.cacheLocation||"localstorage";if(!o||!r||!c)return console.error("Auth0 configuration missing. Please check your .env.local file."),console.error("Required environment variables:"),console.error("- NEXT_PUBLIC_AUTH0_DOMAIN"),console.error("- NEXT_PUBLIC_AUTH0_CLIENT_ID"),console.error("- NEXT_PUBLIC_AUTH0_AUDIENCE"),e.jsx(e.Fragment,{children:t||e.jsx(R,{})});!o.includes(".auth0.com")&&!o.includes(".us.auth0.com")&&!o.includes(".eu.auth0.com")&&!o.includes(".au.auth0.com")&&console.warn("Auth0 domain format might be incorrect. Expected format: your-domain.auth0.com");const m=l=>{window.location.href=(l==null?void 0:l.returnTo)||i};return e.jsx(f.Auth0Provider,{domain:o,clientId:r,authorizationParams:{redirect_uri:u,audience:c,scope:a},useRefreshTokens:d,cacheLocation:g,onRedirectCallback:m,children:s})}function I({className:s,children:n="Log In",organization:t,returnTo:o}){const{loginWithRedirect:r}=f.useAuth0(),c=()=>{r({authorizationParams:{organization:t},appState:{returnTo:o||(typeof window<"u"?window.location.pathname:void 0)}})};return e.jsx("button",{onClick:c,className:s,children:n})}function T({className:s,children:n="Log Out",returnTo:t}){const{logout:o}=f.useAuth0(),r=()=>{o({logoutParams:{returnTo:t||(typeof window<"u"?window.location.origin:void 0)}})};return e.jsx("button",{onClick:r,className:s,children:n})}function S({className:s,avatarClassName:n="w-8 h-8 rounded-full",infoClassName:t,nameClassName:o="text-sm font-medium",emailClassName:r="text-xs text-gray-500",showLoading:c=!0,loadingComponent:u}){const{user:i,isAuthenticated:a,isLoading:d}=f.useAuth0();return d&&c?u?e.jsx(e.Fragment,{children:u}):e.jsx("div",{children:"Loading..."}):!a||!i?null:e.jsxs("div",{className:s||"flex items-center gap-2",children:[i.picture&&e.jsx("img",{src:i.picture,alt:i.name||i.email||"User avatar",className:n}),e.jsxs("div",{className:t,children:[i.name&&e.jsx("span",{className:o,children:i.name}),i.email&&e.jsx("span",{className:r,children:i.email})]})]})}function M({className:s,authenticatedClassName:n="flex items-center gap-4",userInfoClassName:t="flex items-center gap-3",avatarClassName:o="w-8 h-8 rounded-full",userDetailsClassName:r="hidden md:block",nameClassName:c="text-sm font-medium",emailClassName:u="text-xs text-gray-400",loadingComponent:i,loginButtonProps:a,logoutButtonProps:d,loginButtonContent:g,logoutButtonContent:m}){const{user:l,isAuthenticated:x,isLoading:p}=f.useAuth0();return p?i?e.jsx(e.Fragment,{children:i}):e.jsxs("div",{className:s||"flex items-center gap-2",children:[e.jsx("div",{className:"w-8 h-8 border-2 border-gray-400 border-t-transparent rounded-full animate-spin"}),e.jsx("span",{className:"text-sm text-gray-400",children:"Loading..."})]}):x&&l?e.jsxs("div",{className:n,children:[e.jsxs("div",{className:t,children:[l.picture&&e.jsx("img",{src:l.picture,alt:l.name||l.email||"User avatar",className:o}),e.jsxs("div",{className:r,children:[l.name&&e.jsx("div",{className:c,children:l.name}),l.email&&e.jsx("div",{className:u,children:l.email})]})]}),e.jsx(T,{...d,children:m||"Log Out"})]}):e.jsx(I,{...a,children:g||"Log In"})}function B({children:s,loadingComponent:n,errorComponent:t,onNotAuthenticated:o,onError:r}){const{isAuthenticated:c,isLoading:u,loginWithRedirect:i,error:a}=f.useAuth0();return h.useEffect(()=>{u||a||c||(o?o():i())},[u,c,i,a,o]),h.useEffect(()=>{a&&r&&r(a)},[a,r]),u?n?e.jsx(e.Fragment,{children:n}):e.jsx("div",{className:"min-h-screen flex items-center justify-center bg-background",children:e.jsxs("div",{className:"bg-card rounded-lg shadow-lg border p-12 text-center",children:[e.jsx("div",{className:"w-16 h-16 border-4 border-primary border-t-transparent rounded-full animate-spin mx-auto mb-4"}),e.jsx("div",{className:"text-xl font-medium text-muted-foreground",children:"Authenticating..."})]})}):a?t?e.jsx(e.Fragment,{children:t}):e.jsx("div",{className:"min-h-screen flex items-center justify-center bg-background",children:e.jsxs("div",{className:"bg-card rounded-lg shadow-lg border p-12 text-center max-w-md",children:[e.jsx("div",{className:"text-red-500 text-4xl mb-4",children:"⚠️"}),e.jsx("h2",{className:"text-xl font-bold mb-2",children:"Authentication Error"}),e.jsx("p",{className:"text-muted-foreground mb-4",children:a.message}),e.jsx("button",{onClick:()=>i(),className:"bg-primary text-primary-foreground hover:bg-primary/90 h-10 px-4 py-2 rounded-md",children:"Try Again"})]})}):c?e.jsx(e.Fragment,{children:s}):null}const _="https://iqworks.ai";function j(s){var n;return s||(typeof process<"u"&&((n=process.env)!=null&&n.NEXT_PUBLIC_CLAIM_NAMESPACE)?process.env.NEXT_PUBLIC_CLAIM_NAMESPACE:_)}function y(s){return`${j(s)}/roles`}function C(s){return`${j(s)}/app_user_id`}function E(s){return`${j(s)}/app_org_id`}const F=`${_}/roles`,O=`${_}/app_user_id`,D=`${_}/app_org_id`;function z({children:s,allowedRoles:n,deniedRoles:t=[],claimNamespace:o,loadingComponent:r,notAuthenticatedComponent:c,accessDeniedComponent:u,onNotAuthenticated:i,onAccessDenied:a,showDebugInfo:d=!1}){const{user:g,isAuthenticated:m,isLoading:l,loginWithRedirect:x}=f.useAuth0(),p=y(o),{isAuthorized:N,userRoles:w}=h.useMemo(()=>{if(l||!g)return{isAuthorized:!1,userRoles:[]};const b=g[p]||[];return t.some(v=>b.includes(v))?{isAuthorized:!1,userRoles:b}:{isAuthorized:n.some(v=>b.includes(v)),userRoles:b}},[l,g,p,n,t]);return h.useEffect(()=>{l||(!m&&i?i():m&&!N&&a&&a())},[l,m,N,i,a]),l?r?e.jsx(e.Fragment,{children:r}):e.jsx("div",{className:"min-h-screen flex items-center justify-center bg-background",children:e.jsx("div",{className:"animate-spin rounded-full h-8 w-8 border-b-2 border-primary"})}):m?N?e.jsx(e.Fragment,{children:s}):a&&!u?null:u?e.jsx(e.Fragment,{children:u}):e.jsxs("div",{className:"min-h-screen flex flex-col items-center justify-center bg-background p-4",children:[e.jsx("h1",{className:"text-2xl font-bold text-red-600 mb-4",children:"Access Denied"}),e.jsx("p",{className:"mb-4",children:"You do not have the required permissions to access this page."}),e.jsxs("p",{className:"text-sm text-gray-500 mb-4",children:["Required role(s): ",n.join(", ")]}),d&&e.jsxs("div",{className:"bg-gray-100 dark:bg-gray-800 p-4 rounded-lg text-left text-sm font-mono max-w-lg mb-4",children:[e.jsxs("div",{className:"mb-2",children:[e.jsx("strong",{children:"User:"})," ",g==null?void 0:g.email]}),e.jsxs("div",{className:"mb-2",children:[e.jsx("strong",{children:"Required Roles:"})," ",JSON.stringify(n)]}),t.length>0&&e.jsxs("div",{className:"mb-2",children:[e.jsx("strong",{children:"Denied Roles:"})," ",JSON.stringify(t)]}),e.jsxs("div",{className:"mb-2",children:[e.jsx("strong",{children:"Your Roles:"})," ",JSON.stringify(w)]}),e.jsxs("div",{className:"mb-2",children:[e.jsx("strong",{children:"Claim Key:"})," ",p]})]})]}):i?null:c?e.jsx(e.Fragment,{children:c}):e.jsxs("div",{className:"min-h-screen flex flex-col items-center justify-center bg-background p-4",children:[e.jsx("h1",{className:"text-2xl font-bold mb-4",children:"Authentication Required"}),e.jsx("p",{className:"mb-4",children:"Please log in to access this page."}),e.jsx("button",{onClick:()=>x(),className:"mt-6 px-6 py-3 bg-primary text-primary-foreground rounded-md hover:bg-primary/90",children:"Log In"})]})}function A(s){try{const n=s.split(".")[1];if(!n)return null;const t=typeof window<"u"?atob(n):Buffer.from(n,"base64").toString("utf-8");return JSON.parse(t)}catch{return null}}function k(s){const n=A(s);return(n==null?void 0:n.org_id)||null}function q(s,n){const t=A(s);return t&&t[E(n)]||null}function X(s,n){const t=A(s);return t&&t[C(n)]||null}function H(s,n){const t=A(s);if(!t)return[];const o=t[y(n)];return Array.isArray(o)?o:[]}function K(s){const n=A(s);return(n==null?void 0:n.sub)||null}function L(s={}){const{getAccessTokenSilently:n,loginWithRedirect:t,logout:o,user:r}=f.useAuth0(),c=s.audience||process.env.NEXT_PUBLIC_AUTH0_AUDIENCE,u=s.validateOrg??!0;return h.useCallback(async()=>{var i;try{const a=await n({authorizationParams:{audience:c,organization:r==null?void 0:r.org_id}});if(u&&(r!=null&&r.org_id)){const d=k(a);if(!d||d!==r.org_id)throw console.warn("Token org mismatch/missing. Token org:",d,"User org:",r.org_id),await o({logoutParams:{returnTo:`${window.location.origin}/login?organization=${r.org_id}`}}),new Error("Org mismatch - logging out")}return a}catch(a){const d=a;if(s.onError&&d.error!=="login_required"&&d.error!=="consent_required"&&s.onError(a,{message:"Failed to get access token",errorType:d.error,userOrgId:r==null?void 0:r.org_id}),console.error("Failed to get access token:",a),d.error==="invalid_grant"||typeof d.error_description=="string"&&d.error_description.toLowerCase().includes("invalid refresh token")||typeof d.message=="string"&&d.message.toLowerCase().includes("invalid refresh token")){s.onError&&s.onError(a,{message:"Invalid or unknown refresh token - forcing logout and re-authentication",userOrgId:r==null?void 0:r.org_id});try{if(typeof window<"u"&&window.localStorage){const m=process.env.NEXT_PUBLIC_AUTH0_CLIENT_ID||"",l=Object.keys(localStorage).filter(x=>x.includes("auth0")||m&&x.includes(m));l.forEach(x=>localStorage.removeItem(x)),console.warn("Cleared localStorage Auth0 keys due to invalid refresh token:",l)}}catch(m){console.warn("Failed clearing localStorage keys after invalid refresh token:",m)}try{await o({logoutParams:{returnTo:window.location.origin}})}catch(m){console.error("Logout failed after invalid refresh token; falling back to loginWithRedirect",m);try{await t({authorizationParams:{organization:r==null?void 0:r.org_id},appState:{returnTo:window.location.pathname}})}catch(l){console.error("Fallback loginWithRedirect also failed after invalid refresh token:",l)}}throw a}throw(d.error==="login_required"||d.error==="consent_required"||(i=d.message)!=null&&i.includes("Missing Refresh Token"))&&await t({authorizationParams:{organization:r==null?void 0:r.org_id},appState:{returnTo:window.location.pathname}}),a}},[n,t,o,r==null?void 0:r.org_id,c,u,s])}function $(s={}){const{user:n,isLoading:t}=f.useAuth0(),o=y(s.claimNamespace),r=h.useMemo(()=>t||!n?[]:n[o]||[],[n,t,o]),c=h.useCallback(m=>r.includes(m),[r]),u=h.useCallback(m=>m.some(l=>r.includes(l)),[r]),i=h.useCallback(m=>m.every(l=>r.includes(l)),[r]),a=h.useMemo(()=>r.includes("Super Admin"),[r]),d=h.useMemo(()=>r.includes("Admin"),[r]),g=h.useMemo(()=>r.includes("Admin")&&!r.includes("Super Admin"),[r]);return{roles:r,isLoading:t,hasRole:c,hasAnyRole:u,hasAllRoles:i,isSuperAdmin:a,isAdmin:d,isOrgAdmin:g}}function W(s={}){const n=L(s),t=s.supabaseUrl||process.env.NEXT_PUBLIC_SUPABASE_URL,o=s.supabaseAnonKey||process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY;return h.useMemo(()=>U.createClient(t,o,{global:{fetch:async(r,c={})=>{try{const u=await n(),i=new Headers(c==null?void 0:c.headers);return i.set("Authorization",`Bearer ${u}`),fetch(r,{...c,headers:i})}catch{return fetch(r,c)}}}}),[n,t,o])}exports.APP_ORG_ID_CLAIM=D;exports.APP_USER_ID_CLAIM=O;exports.Auth0Provider=P;exports.AuthStatus=M;exports.DEFAULT_CLAIM_NAMESPACE=_;exports.LoginButton=I;exports.LogoutButton=T;exports.ProtectedRoute=B;exports.ROLES_CLAIM_NAMESPACE=F;exports.RoleBasedRoute=z;exports.UserProfile=S;exports.decodeJWT=A;exports.getAppOrgIdClaimKey=E;exports.getAppOrgIdFromToken=q;exports.getAppUserIdClaimKey=C;exports.getAppUserIdFromToken=X;exports.getAuth0UserIdFromToken=K;exports.getClaimNamespace=j;exports.getOrgIdFromToken=k;exports.getRolesClaimKey=y;exports.getUserRolesFromToken=H;exports.useAccessToken=L;exports.useRoles=$;exports.useSupabase=W;

package/dist/auth/index.d.ts

@@ -0,0 +1,13 @@
+export { Auth0Provider, type Auth0ProviderProps, type Auth0ProviderConfig, } from './components/Auth0Provider';
+export { LoginButton, type LoginButtonProps } from './components/LoginButton';
+export { LogoutButton, type LogoutButtonProps } from './components/LogoutButton';
+export { UserProfile, type UserProfileProps } from './components/UserProfile';
+export { AuthStatus, type AuthStatusProps } from './components/AuthStatus';
+export { ProtectedRoute, type ProtectedRouteProps } from './components/ProtectedRoute';
+export { RoleBasedRoute, type RoleBasedRouteProps } from './components/RoleBasedRoute';
+export { useAccessToken, type UseAccessTokenOptions } from './hooks/useAccessToken';
+export { useRoles, type UseRolesOptions, type UseRolesResult } from './hooks/useRoles';
+export { useSupabase, type UseSupabaseOptions } from './hooks/useSupabase';
+export { decodeJWT, getOrgIdFromToken, getAppOrgIdFromToken, getAppUserIdFromToken, getUserRolesFromToken, getAuth0UserIdFromToken, type JWTPayload, } from './utils/jwt-utils';
+export { DEFAULT_CLAIM_NAMESPACE, getClaimNamespace, getRolesClaimKey, getAppUserIdClaimKey, getAppOrgIdClaimKey, ROLES_CLAIM_NAMESPACE, APP_USER_ID_CLAIM, APP_ORG_ID_CLAIM, } from './constants/claims';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,aAAa,EACb,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,GACzB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,KAAK,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC9E,OAAO,EAAE,YAAY,EAAE,KAAK,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACjF,OAAO,EAAE,WAAW,EAAE,KAAK,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC9E,OAAO,EAAE,UAAU,EAAE,KAAK,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,KAAK,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AACvF,OAAO,EAAE,cAAc,EAAE,KAAK,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAGvF,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AACpF,OAAO,EAAE,QAAQ,EAAE,KAAK,eAAe,EAAE,KAAK,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACvF,OAAO,EAAE,WAAW,EAAE,KAAK,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAG3E,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,oBAAoB,EACpB,qBAAqB,EACrB,qBAAqB,EACrB,uBAAuB,EACvB,KAAK,UAAU,GAChB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,uBAAuB,EACvB,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACpB,mBAAmB,EAEnB,qBAAqB,EACrB,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC"}

package/dist/auth/index.mjs

@@ -0,0 +1,38 @@
+import { Auth0Provider as r } from "./components/Auth0Provider.mjs";
+import { LoginButton as m } from "./components/LoginButton.mjs";
+import { LogoutButton as A } from "./components/LogoutButton.mjs";
+import { UserProfile as g } from "./components/UserProfile.mjs";
+import { AuthStatus as u } from "./components/AuthStatus.mjs";
+import { ProtectedRoute as I } from "./components/ProtectedRoute.mjs";
+import { RoleBasedRoute as a } from "./components/RoleBasedRoute.mjs";
+import { useAccessToken as _ } from "./hooks/useAccessToken.mjs";
+import { useRoles as n } from "./hooks/useRoles.mjs";
+import { useSupabase as R } from "./hooks/useSupabase.mjs";
+import { decodeJWT as T, getAppOrgIdFromToken as i, getAppUserIdFromToken as E, getAuth0UserIdFromToken as U, getOrgIdFromToken as k, getUserRolesFromToken as F } from "./utils/jwt-utils.mjs";
+import { APP_ORG_ID_CLAIM as S, APP_USER_ID_CLAIM as c, DEFAULT_CLAIM_NAMESPACE as O, ROLES_CLAIM_NAMESPACE as h, getAppOrgIdClaimKey as y, getAppUserIdClaimKey as B, getClaimNamespace as D, getRolesClaimKey as K } from "./constants/claims.mjs";
+export {
+  S as APP_ORG_ID_CLAIM,
+  c as APP_USER_ID_CLAIM,
+  r as Auth0Provider,
+  u as AuthStatus,
+  O as DEFAULT_CLAIM_NAMESPACE,
+  m as LoginButton,
+  A as LogoutButton,
+  I as ProtectedRoute,
+  h as ROLES_CLAIM_NAMESPACE,
+  a as RoleBasedRoute,
+  g as UserProfile,
+  T as decodeJWT,
+  y as getAppOrgIdClaimKey,
+  i as getAppOrgIdFromToken,
+  B as getAppUserIdClaimKey,
+  E as getAppUserIdFromToken,
+  U as getAuth0UserIdFromToken,
+  D as getClaimNamespace,
+  k as getOrgIdFromToken,
+  K as getRolesClaimKey,
+  F as getUserRolesFromToken,
+  _ as useAccessToken,
+  n as useRoles,
+  R as useSupabase
+};

package/dist/auth/utils/index.d.ts

@@ -0,0 +1,2 @@
+export { decodeJWT, getOrgIdFromToken, getAppOrgIdFromToken, getAppUserIdFromToken, getUserRolesFromToken, getAuth0UserIdFromToken, type JWTPayload, } from './jwt-utils';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/utils/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/utils/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,oBAAoB,EACpB,qBAAqB,EACrB,qBAAqB,EACrB,uBAAuB,EACvB,KAAK,UAAU,GAChB,MAAM,aAAa,CAAC"}

package/dist/auth/utils/jwt-utils.d.ts

@@ -0,0 +1,35 @@
+/**
+ * JWT utility functions for Auth0 token handling
+ */
+export interface JWTPayload {
+    sub?: string;
+    org_id?: string;
+    [key: string]: unknown;
+}
+/**
+ * Decode a JWT token and return the payload
+ * Works in both browser and Node.js environments
+ */
+export declare function decodeJWT(token: string): JWTPayload | null;
+/**
+ * Extract org_id (Auth0 organization ID) from a JWT token
+ */
+export declare function getOrgIdFromToken(token: string): string | null;
+/**
+ * Extract app_org_id (internal organization UUID) from a JWT token
+ * Use this for filtering queries by organization
+ */
+export declare function getAppOrgIdFromToken(token: string, namespace?: string): string | null;
+/**
+ * Extract app_user_id (internal user UUID) from a JWT token
+ */
+export declare function getAppUserIdFromToken(token: string, namespace?: string): string | null;
+/**
+ * Extract user roles from a JWT token
+ */
+export declare function getUserRolesFromToken(token: string, namespace?: string): string[];
+/**
+ * Extract Auth0 user ID (sub claim) from a JWT token
+ */
+export declare function getAuth0UserIdFromToken(token: string): string | null;
+//# sourceMappingURL=jwt-utils.d.ts.map

package/dist/auth/utils/jwt-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-utils.d.ts","sourceRoot":"","sources":["../../../src/auth/utils/jwt-utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,UAAU;IACzB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;GAGG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,CAc1D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAG9D;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAIrF;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAItF;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAKjF;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAGpE"}

package/dist/auth/utils/jwt-utils.mjs

@@ -0,0 +1,41 @@
+import { getAppOrgIdClaimKey as u, getAppUserIdClaimKey as l, getRolesClaimKey as s } from "../constants/claims.mjs";
+function t(r) {
+  try {
+    const n = r.split(".")[1];
+    if (!n) return null;
+    const e = typeof window < "u" ? atob(n) : Buffer.from(n, "base64").toString("utf-8");
+    return JSON.parse(e);
+  } catch {
+    return null;
+  }
+}
+function c(r) {
+  const n = t(r);
+  return (n == null ? void 0 : n.org_id) || null;
+}
+function d(r, n) {
+  const e = t(r);
+  return e && e[u(n)] || null;
+}
+function f(r, n) {
+  const e = t(r);
+  return e && e[l(n)] || null;
+}
+function a(r, n) {
+  const e = t(r);
+  if (!e) return [];
+  const o = e[s(n)];
+  return Array.isArray(o) ? o : [];
+}
+function p(r) {
+  const n = t(r);
+  return (n == null ? void 0 : n.sub) || null;
+}
+export {
+  t as decodeJWT,
+  d as getAppOrgIdFromToken,
+  f as getAppUserIdFromToken,
+  p as getAuth0UserIdFromToken,
+  c as getOrgIdFromToken,
+  a as getUserRolesFromToken
+};

package/dist/components/FileBrowser/index.mjs

@@ -31,7 +31,7 @@ const Re = "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMjQiIGhlaWdodD0iMjQiIHZpZX
     if (typeof window > "u") return;
     (async () => {
       try {
-        const o = await import("../../_virtual/jquery.mjs").then((u) => u.j);
+        const o = await import("../../node_modules/jquery/dist/jquery.mjs").then((u) => u.j);
         U.current = o.default, je(!0), await import("../../node_modules/jstree/dist/jstree.mjs").then((u) => u.j), Ie(!0);
       } catch (o) {
         console.error("Failed to load jQuery or jstree:", o);

package/dist/{index-B6pnxgoH.cjs → index-BrWJ8ZdQ.cjs}

@@ -1,4 +1,4 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const f=require("react"),gt=require("./index-C3yesVHM.cjs"),Xo=require("react-dom");function ze(e,t){return e=+e,t=+t,function(n){return e*(1-n)+t*n}}var yn=/[-+]?(?:\d+\.?\d*|\.?\d+)(?:[eE][-+]?\d+)?/g,on=new RegExp(yn.source,"g");function Gi(e){return function(){return e}}function Zi(e){return function(t){return e(t)+""}}function qi(e,t){var n=yn.lastIndex=on.lastIndex=0,o,r,s,i=-1,c=[],a=[];for(e=e+"",t=t+"";(o=yn.exec(e))&&(r=on.exec(t));)(s=r.index)>n&&(s=t.slice(n,s),c[i]?c[i]+=s:c[++i]=s),(o=o[0])===(r=r[0])?c[i]?c[i]+=r:c[++i]=r:(c[++i]=null,a.push({i,x:ze(o,r)})),n=on.lastIndex;return n<t.length&&(s=t.slice(n),c[i]?c[i]+=s:c[++i]=s),c.length<2?a[0]?Zi(a[0].x):Gi(t):(t=a.length,function(u){for(var l=0,d;l<t;++l)c[(d=a[l]).i]=d.x(u);return c.join("")})}var ro=180/Math.PI,wn={translateX:0,translateY:0,rotate:0,skewX:0,scaleX:1,scaleY:1};function Yo(e,t,n,o,r,s){var i,c,a;return(i=Math.sqrt(e*e+t*t))&&(e/=i,t/=i),(a=e*n+t*o)&&(n-=e*a,o-=t*a),(c=Math.sqrt(n*n+o*o))&&(n/=c,o/=c,a/=c),e*o<t*n&&(e=-e,t=-t,a=-a,i=-i),{translateX:r,translateY:s,rotate:Math.atan2(t,e)*ro,skewX:Math.atan(a)*ro,scaleX:i,scaleY:c}}var xt;function Qi(e){const t=new(typeof DOMMatrix=="function"?DOMMatrix:WebKitCSSMatrix)(e+"");return t.isIdentity?wn:Yo(t.a,t.b,t.c,t.d,t.e,t.f)}function Ji(e){return e==null||(xt||(xt=document.createElementNS("http://www.w3.org/2000/svg","g")),xt.setAttribute("transform",e),!(e=xt.transform.baseVal.consolidate()))?wn:(e=e.matrix,Yo(e.a,e.b,e.c,e.d,e.e,e.f))}function Uo(e,t,n,o){function r(u){return u.length?u.pop()+" ":""}function s(u,l,d,g,h,w){if(u!==d||l!==g){var m=h.push("translate(",null,t,null,n);w.push({i:m-4,x:ze(u,d)},{i:m-2,x:ze(l,g)})}else(d||g)&&h.push("translate("+d+t+g+n)}function i(u,l,d,g){u!==l?(u-l>180?l+=360:l-u>180&&(u+=360),g.push({i:d.push(r(d)+"rotate(",null,o)-2,x:ze(u,l)})):l&&d.push(r(d)+"rotate("+l+o)}function c(u,l,d,g){u!==l?g.push({i:d.push(r(d)+"skewX(",null,o)-2,x:ze(u,l)}):l&&d.push(r(d)+"skewX("+l+o)}function a(u,l,d,g,h,w){if(u!==d||l!==g){var m=h.push(r(h)+"scale(",null,",",null,")");w.push({i:m-4,x:ze(u,d)},{i:m-2,x:ze(l,g)})}else(d!==1||g!==1)&&h.push(r(h)+"scale("+d+","+g+")")}return function(u,l){var d=[],g=[];return u=e(u),l=e(l),s(u.translateX,u.translateY,l.translateX,l.translateY,d,g),i(u.rotate,l.rotate,d,g),c(u.skewX,l.skewX,d,g),a(u.scaleX,u.scaleY,l.scaleX,l.scaleY,d,g),u=l=null,function(h){for(var w=-1,m=g.length,_;++w<m;)d[(_=g[w]).i]=_.x(h);return d.join("")}}}var ji=Uo(Qi,"px, ","px)","deg)"),es=Uo(Ji,", ",")",")"),ts=1e-12;function io(e){return((e=Math.exp(e))+1/e)/2}function ns(e){return((e=Math.exp(e))-1/e)/2}function os(e){return((e=Math.exp(2*e))-1)/(e+1)}const rs=function e(t,n,o){function r(s,i){var c=s[0],a=s[1],u=s[2],l=i[0],d=i[1],g=i[2],h=l-c,w=d-a,m=h*h+w*w,_,y;if(m<ts)y=Math.log(g/u)/t,_=function(P){return[c+P*h,a+P*w,u*Math.exp(t*P*y)]};else{var x=Math.sqrt(m),N=(g*g-u*u+o*m)/(2*u*n*x),S=(g*g-u*u-o*m)/(2*g*n*x),C=Math.log(Math.sqrt(N*N+1)-N),M=Math.log(Math.sqrt(S*S+1)-S);y=(M-C)/t,_=function(P){var D=P*y,k=io(C),B=u/(n*x)*(k*os(t*D+C)-ns(C));return[c+B*h,a+B*w,u*k/io(t*D+C)]}}return _.duration=y*1e3*t/Math.SQRT2,_}return r.rho=function(s){var i=Math.max(.001,+s),c=i*i,a=c*c;return e(i,c,a)},r}(Math.SQRT2,2,4);function se(e){if(typeof e=="string"||typeof e=="number")return""+e;let t="";if(Array.isArray(e))for(let n=0,o;n<e.length;n++)(o=se(e[n]))!==""&&(t+=(t&&" ")+o);else for(let n in e)e[n]&&(t+=(t&&" ")+n);return t}var _n={exports:{}},rn={},bt={exports:{}},sn={};/**
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const f=require("react"),gt=require("./index-C42HIfH5.cjs"),Xo=require("react-dom");function ze(e,t){return e=+e,t=+t,function(n){return e*(1-n)+t*n}}var yn=/[-+]?(?:\d+\.?\d*|\.?\d+)(?:[eE][-+]?\d+)?/g,on=new RegExp(yn.source,"g");function Gi(e){return function(){return e}}function Zi(e){return function(t){return e(t)+""}}function qi(e,t){var n=yn.lastIndex=on.lastIndex=0,o,r,s,i=-1,c=[],a=[];for(e=e+"",t=t+"";(o=yn.exec(e))&&(r=on.exec(t));)(s=r.index)>n&&(s=t.slice(n,s),c[i]?c[i]+=s:c[++i]=s),(o=o[0])===(r=r[0])?c[i]?c[i]+=r:c[++i]=r:(c[++i]=null,a.push({i,x:ze(o,r)})),n=on.lastIndex;return n<t.length&&(s=t.slice(n),c[i]?c[i]+=s:c[++i]=s),c.length<2?a[0]?Zi(a[0].x):Gi(t):(t=a.length,function(u){for(var l=0,d;l<t;++l)c[(d=a[l]).i]=d.x(u);return c.join("")})}var ro=180/Math.PI,wn={translateX:0,translateY:0,rotate:0,skewX:0,scaleX:1,scaleY:1};function Yo(e,t,n,o,r,s){var i,c,a;return(i=Math.sqrt(e*e+t*t))&&(e/=i,t/=i),(a=e*n+t*o)&&(n-=e*a,o-=t*a),(c=Math.sqrt(n*n+o*o))&&(n/=c,o/=c,a/=c),e*o<t*n&&(e=-e,t=-t,a=-a,i=-i),{translateX:r,translateY:s,rotate:Math.atan2(t,e)*ro,skewX:Math.atan(a)*ro,scaleX:i,scaleY:c}}var xt;function Qi(e){const t=new(typeof DOMMatrix=="function"?DOMMatrix:WebKitCSSMatrix)(e+"");return t.isIdentity?wn:Yo(t.a,t.b,t.c,t.d,t.e,t.f)}function Ji(e){return e==null||(xt||(xt=document.createElementNS("http://www.w3.org/2000/svg","g")),xt.setAttribute("transform",e),!(e=xt.transform.baseVal.consolidate()))?wn:(e=e.matrix,Yo(e.a,e.b,e.c,e.d,e.e,e.f))}function Uo(e,t,n,o){function r(u){return u.length?u.pop()+" ":""}function s(u,l,d,g,h,w){if(u!==d||l!==g){var m=h.push("translate(",null,t,null,n);w.push({i:m-4,x:ze(u,d)},{i:m-2,x:ze(l,g)})}else(d||g)&&h.push("translate("+d+t+g+n)}function i(u,l,d,g){u!==l?(u-l>180?l+=360:l-u>180&&(u+=360),g.push({i:d.push(r(d)+"rotate(",null,o)-2,x:ze(u,l)})):l&&d.push(r(d)+"rotate("+l+o)}function c(u,l,d,g){u!==l?g.push({i:d.push(r(d)+"skewX(",null,o)-2,x:ze(u,l)}):l&&d.push(r(d)+"skewX("+l+o)}function a(u,l,d,g,h,w){if(u!==d||l!==g){var m=h.push(r(h)+"scale(",null,",",null,")");w.push({i:m-4,x:ze(u,d)},{i:m-2,x:ze(l,g)})}else(d!==1||g!==1)&&h.push(r(h)+"scale("+d+","+g+")")}return function(u,l){var d=[],g=[];return u=e(u),l=e(l),s(u.translateX,u.translateY,l.translateX,l.translateY,d,g),i(u.rotate,l.rotate,d,g),c(u.skewX,l.skewX,d,g),a(u.scaleX,u.scaleY,l.scaleX,l.scaleY,d,g),u=l=null,function(h){for(var w=-1,m=g.length,_;++w<m;)d[(_=g[w]).i]=_.x(h);return d.join("")}}}var ji=Uo(Qi,"px, ","px)","deg)"),es=Uo(Ji,", ",")",")"),ts=1e-12;function io(e){return((e=Math.exp(e))+1/e)/2}function ns(e){return((e=Math.exp(e))-1/e)/2}function os(e){return((e=Math.exp(2*e))-1)/(e+1)}const rs=function e(t,n,o){function r(s,i){var c=s[0],a=s[1],u=s[2],l=i[0],d=i[1],g=i[2],h=l-c,w=d-a,m=h*h+w*w,_,y;if(m<ts)y=Math.log(g/u)/t,_=function(P){return[c+P*h,a+P*w,u*Math.exp(t*P*y)]};else{var x=Math.sqrt(m),N=(g*g-u*u+o*m)/(2*u*n*x),S=(g*g-u*u-o*m)/(2*g*n*x),C=Math.log(Math.sqrt(N*N+1)-N),M=Math.log(Math.sqrt(S*S+1)-S);y=(M-C)/t,_=function(P){var D=P*y,k=io(C),B=u/(n*x)*(k*os(t*D+C)-ns(C));return[c+B*h,a+B*w,u*k/io(t*D+C)]}}return _.duration=y*1e3*t/Math.SQRT2,_}return r.rho=function(s){var i=Math.max(.001,+s),c=i*i,a=c*c;return e(i,c,a)},r}(Math.SQRT2,2,4);function se(e){if(typeof e=="string"||typeof e=="number")return""+e;let t="";if(Array.isArray(e))for(let n=0,o;n<e.length;n++)(o=se(e[n]))!==""&&(t+=(t&&" ")+o);else for(let n in e)e[n]&&(t+=(t&&" ")+n);return t}var _n={exports:{}},rn={},bt={exports:{}},sn={};/**
  * @license React
  * use-sync-external-store-shim.production.js
  *