@jmruthers/pace-core 0.2.4

package/dist/chunk-DY5E3AT7.js

@@ -0,0 +1,1734 @@
+import {
+  Button,
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogHeader,
+  DialogTitle,
+  init_Button,
+  init_Dialog
+} from "./chunk-ETEJVKYK.js";
+import {
+  AccessLevel,
+  init_unified
+} from "./chunk-YDJW5XTN.js";
+import {
+  DebugLogger,
+  init_debugLogger,
+  init_organisationContext,
+  setOrganisationContext
+} from "./chunk-2V3Y6YBC.js";
+import {
+  __esm,
+  __export
+} from "./chunk-PLDDJCW6.js";
+
+// src/providers/AuthProvider.tsx
+import { createContext, useContext, useState, useEffect, useCallback, useMemo } from "react";
+import { AuthError } from "@supabase/supabase-js";
+import { jsx } from "react/jsx-runtime";
+function AuthProvider({ children, supabaseClient }) {
+  const [user, setUser] = useState(null);
+  const [session, setSession] = useState(null);
+  const [authLoading, setAuthLoading] = useState(true);
+  const [authError, setAuthError] = useState(null);
+  useEffect(() => {
+    const handleError = (event) => {
+      if (event.error?.message?.includes("AuthSessionMissingError") || event.error?.message?.includes("Auth session missing")) {
+        console.warn("[AuthProvider] Suppressing AuthSessionMissingError during logout");
+        event.preventDefault();
+        return false;
+      }
+    };
+    const handleUnhandledRejection = (event) => {
+      if (event.reason?.message?.includes("AuthSessionMissingError") || event.reason?.message?.includes("Auth session missing")) {
+        console.warn("[AuthProvider] Suppressing unhandled AuthSessionMissingError");
+        event.preventDefault();
+        return false;
+      }
+    };
+    window.addEventListener("error", handleError);
+    window.addEventListener("unhandledrejection", handleUnhandledRejection);
+    return () => {
+      window.removeEventListener("error", handleError);
+      window.removeEventListener("unhandledrejection", handleUnhandledRejection);
+    };
+  }, []);
+  useEffect(() => {
+    if (!supabaseClient) return;
+    const loadInitialUser = async () => {
+      try {
+        const response = await supabaseClient.auth.getUser();
+        const { data: { user: initialUser }, error } = response || { data: { user: null }, error: null };
+        if (error) {
+          console.warn("Failed to get initial user:", error);
+          setAuthLoading(false);
+          return;
+        }
+        if (initialUser) {
+          setUser(initialUser);
+        }
+        setAuthLoading(false);
+      } catch (error) {
+        console.error("Error loading initial user:", error);
+        setAuthLoading(false);
+      }
+    };
+    const timeoutId = setTimeout(() => {
+      if (authLoading && !user && !session) {
+        loadInitialUser();
+      }
+    }, 100);
+    return () => clearTimeout(timeoutId);
+  }, [supabaseClient, authLoading, user, session]);
+  useEffect(() => {
+    if (!supabaseClient) {
+      setAuthLoading(false);
+      return;
+    }
+    const timeoutId = setTimeout(() => {
+      if (authLoading) {
+        console.warn("AuthProvider: Auth loading timeout reached");
+        setAuthLoading(false);
+      }
+    }, 2e3);
+    try {
+      DebugLogger.log("AuthProvider", "Setting up auth state change listener...");
+      const authStateChange = supabaseClient.auth.onAuthStateChange(
+        (event, session2) => {
+          try {
+            DebugLogger.log("AuthProvider", "Auth state changed:", event, session2?.user?.email);
+            clearTimeout(timeoutId);
+            if (event === "SIGNED_OUT") {
+              DebugLogger.log("AuthProvider", "User signed out, clearing all state");
+              setSession(null);
+              setUser(null);
+              setAuthLoading(false);
+              setAuthError(null);
+            } else {
+              setSession(session2);
+              setUser(session2?.user ?? null);
+              setAuthLoading(false);
+              if (session2) {
+                setAuthError(null);
+              }
+            }
+          } catch (error) {
+            console.warn("[AuthProvider] Error in auth state change handler:", error);
+            setAuthLoading(false);
+          }
+        }
+      );
+      const subscription = authStateChange?.data?.subscription || authStateChange;
+      return () => {
+        clearTimeout(timeoutId);
+        if (subscription && typeof subscription.unsubscribe === "function") {
+          DebugLogger.log("AuthProvider", "Cleaning up auth state listener");
+          subscription.unsubscribe();
+        }
+      };
+    } catch (error) {
+      console.error("AuthProvider: Error setting up auth state change listener:", error);
+      if (error instanceof Error && !error.message.includes("No API key found") && !error.message.includes("AuthSessionMissingError") && !error.message.includes("Auth session missing")) {
+        setAuthError(error);
+      }
+      setAuthLoading(false);
+      clearTimeout(timeoutId);
+      return () => {
+      };
+    }
+  }, [supabaseClient]);
+  const signIn = useCallback(async (email, password) => {
+    if (!supabaseClient) {
+      const error = new Error("No Supabase client provided");
+      setAuthError(error);
+      return { error };
+    }
+    setAuthLoading(true);
+    setAuthError(null);
+    try {
+      const { error } = await supabaseClient.auth.signInWithPassword({ email, password: password || "" });
+      if (error) {
+        setAuthError(error);
+      }
+      return { error };
+    } catch (err) {
+      const authError2 = err;
+      setAuthError(authError2);
+      return { error: authError2 };
+    } finally {
+      setAuthLoading(false);
+    }
+  }, [supabaseClient]);
+  const signUp = useCallback(async (email, password) => {
+    if (!supabaseClient) {
+      const error = new Error("No Supabase client provided");
+      setAuthError(error);
+      return { error };
+    }
+    setAuthError(null);
+    try {
+      const { error } = await supabaseClient.auth.signUp({ email, password });
+      if (error) {
+        setAuthError(error);
+      }
+      return { error };
+    } catch (err) {
+      const authError2 = err;
+      setAuthError(authError2);
+      return { error: authError2 };
+    }
+  }, [supabaseClient]);
+  const signOut = useCallback(async () => {
+    DebugLogger.log("AuthProvider", "signOut called");
+    setAuthLoading(false);
+    if (!supabaseClient) {
+      DebugLogger.log("AuthProvider", "No supabase client, clearing state manually");
+      setUser(null);
+      setSession(null);
+      setAuthError(null);
+      return { error: null };
+    }
+    DebugLogger.log("AuthProvider", "Pre-clearing state before signOut call");
+    setUser(null);
+    setSession(null);
+    setAuthError(null);
+    try {
+      DebugLogger.log("AuthProvider", "Calling supabase signOut");
+      const signOutPromise = supabaseClient.auth.signOut();
+      const timeoutPromise = new Promise(
+        (_, reject) => setTimeout(() => reject(new Error("SignOut timeout")), 3e3)
+      );
+      const { error } = await Promise.race([signOutPromise, timeoutPromise]);
+      if (error && !error.message?.includes("SignOut timeout")) {
+        console.error("[AuthProvider] signOut error:", error);
+      }
+      DebugLogger.log("AuthProvider", "signOut process completed");
+      return { error: null };
+    } catch (err) {
+      console.warn("[AuthProvider] signOut exception (ignored):", err);
+      return { error: null };
+    }
+  }, [supabaseClient]);
+  const resetPassword = useCallback(async (email) => {
+    if (!supabaseClient) {
+      const error = new Error("No Supabase client provided");
+      setAuthError(error);
+      return { error };
+    }
+    setAuthError(null);
+    try {
+      const { error } = await supabaseClient.auth.resetPasswordForEmail(email);
+      if (error) {
+        setAuthError(error);
+      }
+      return { error };
+    } catch (err) {
+      const authError2 = err;
+      setAuthError(authError2);
+      return { error: authError2 };
+    }
+  }, [supabaseClient]);
+  const updatePassword = useCallback(async (password) => {
+    if (!supabaseClient) return { error: new AuthError("Supabase client not available.", 500) };
+    const { error } = await supabaseClient.auth.updateUser({ password });
+    if (error) {
+      setAuthError(error);
+    }
+    return { error };
+  }, [supabaseClient]);
+  const refreshSession = useCallback(async () => {
+    if (!supabaseClient) {
+      const error = new Error("No Supabase client provided");
+      setAuthError(error);
+      return { error };
+    }
+    setAuthError(null);
+    try {
+      const { error } = await supabaseClient.auth.refreshSession();
+      if (error) {
+        setAuthError(error);
+      }
+      return { error };
+    } catch (err) {
+      const authError2 = err;
+      setAuthError(authError2);
+      return { error: authError2 };
+    }
+  }, [supabaseClient]);
+  const isAuthenticated = !!user;
+  const contextValue = useMemo(() => ({
+    user,
+    session,
+    isAuthenticated,
+    authLoading,
+    authError,
+    error: authError,
+    // Alias for backward compatibility
+    supabase: supabaseClient || null,
+    signIn,
+    signUp,
+    signOut,
+    resetPassword,
+    updatePassword,
+    refreshSession
+  }), [
+    user,
+    session,
+    isAuthenticated,
+    authLoading,
+    authError,
+    supabaseClient,
+    signIn,
+    signUp,
+    signOut,
+    resetPassword,
+    updatePassword,
+    refreshSession
+  ]);
+  return /* @__PURE__ */ jsx(AuthContext.Provider, { value: contextValue, children });
+}
+var AuthContext, useAuth;
+var init_AuthProvider = __esm({
+  "src/providers/AuthProvider.tsx"() {
+    "use strict";
+    init_debugLogger();
+    AuthContext = createContext(void 0);
+    useAuth = () => {
+      const context = useContext(AuthContext);
+      if (!context) {
+        throw new Error("useAuth must be used within an AuthProvider");
+      }
+      return context;
+    };
+  }
+});
+
+// src/providers/RBACProvider.tsx
+import { createContext as createContext2, useContext as useContext2, useState as useState2, useEffect as useEffect2, useCallback as useCallback2, useMemo as useMemo2 } from "react";
+import { jsx as jsx2 } from "react/jsx-runtime";
+function RBACProvider({
+  children,
+  supabaseClient,
+  user,
+  session,
+  appName,
+  enableRBAC = false,
+  persistState = true,
+  enablePersistence,
+  requireOrganisationContext: _requireOrganisationContext = true
+}) {
+  const shouldPersist = enablePersistence !== void 0 ? enablePersistence : persistState;
+  const [permissions, setPermissions] = useState2({});
+  const [roles, setRoles] = useState2([]);
+  const [accessLevel, setAccessLevel] = useState2("viewer" /* VIEWER */);
+  const [rbacLoading, setRbacLoading] = useState2(false);
+  const [rbacError, setRbacError] = useState2(null);
+  const [selectedEventId, setSelectedEventId] = useState2(null);
+  const [appConfig, setAppConfig] = useState2(null);
+  const [userEventAccess, setUserEventAccess] = useState2([]);
+  const [eventAccessLoading, setEventAccessLoading] = useState2(false);
+  const [selectedOrganisationId, _setSelectedOrganisationId] = useState2(null);
+  useEffect2(() => {
+    if (!supabaseClient) return;
+    const loadAppConfig = async () => {
+      try {
+        const { getCurrentAppName } = await import("./appNameResolver-7GHF5ED2.js");
+        const resolvedAppName = getCurrentAppName() || appName;
+        const { data: appData, error: appError } = await supabaseClient.from("rbac_apps").select("id").eq("name", resolvedAppName).eq("is_active", true).single();
+        if (appError || !appData) {
+          console.warn("App not found or inactive:", resolvedAppName);
+          setAppConfig({
+            supports_direct_access: false,
+            requires_event: true
+          });
+          return;
+        }
+        const response = await supabaseClient.rpc("get_app_config", {
+          p_app_id: appData.id
+        });
+        const { data } = response || {};
+        if (data && data.length > 0) {
+          setAppConfig({
+            supports_direct_access: data[0].supports_direct_access,
+            requires_event: data[0].requires_event
+          });
+        } else {
+          setAppConfig({
+            supports_direct_access: false,
+            requires_event: true
+          });
+        }
+      } catch (error) {
+        console.warn("Clearing corrupted localStorage data");
+        if (typeof localStorage !== "undefined") {
+          localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);
+        }
+        console.warn("Failed to load app configuration:", error);
+        setAppConfig({
+          supports_direct_access: false,
+          requires_event: true
+        });
+      }
+    };
+    loadAppConfig();
+  }, [supabaseClient, appName]);
+  useEffect2(() => {
+    const isSuperAdmin = user?.user_metadata?.globalRole === "super_admin";
+    if (isSuperAdmin) {
+      setRoles(["super_admin"]);
+    } else {
+      setRoles([]);
+    }
+  }, [user]);
+  useEffect2(() => {
+    if (!shouldPersist) return;
+    try {
+      const persistedEvent = localStorage.getItem(STORAGE_KEYS.SELECTED_EVENT);
+      if (persistedEvent) {
+        setSelectedEventId(JSON.parse(persistedEvent));
+      }
+    } catch (error) {
+      console.warn("Clearing corrupted localStorage data");
+      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);
+    }
+  }, [shouldPersist]);
+  useEffect2(() => {
+    if (!shouldPersist) return;
+    try {
+      if (selectedEventId) {
+        localStorage.setItem(
+          STORAGE_KEYS.SELECTED_EVENT,
+          JSON.stringify(selectedEventId)
+        );
+      } else {
+        localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);
+      }
+    } catch (error) {
+      console.warn("Clearing corrupted localStorage data");
+      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);
+      console.warn("Failed to persist auth state:", error);
+    }
+  }, [selectedEventId, shouldPersist]);
+  const refreshPermissions = useCallback2(async (eventId) => {
+    if (!supabaseClient || !user || !appConfig || !session) {
+      DebugLogger.log("RBACProvider", "refreshPermissions: Missing required dependencies, clearing permissions");
+      setPermissions({});
+      setRoles([]);
+      setAccessLevel("viewer" /* VIEWER */);
+      return;
+    }
+    const isSuperAdmin = user?.user_metadata?.globalRole === "super_admin";
+    if (isSuperAdmin) {
+      setPermissions({
+        "admin:create": true,
+        "admin:read": true,
+        "admin:update": true,
+        "admin:delete": true,
+        "users:create": true,
+        "users:read": true,
+        "users:update": true,
+        "users:delete": true,
+        "events:create": true,
+        "events:read": true,
+        "events:update": true,
+        "events:delete": true
+      });
+      setRoles(["super_admin"]);
+      setAccessLevel("admin" /* ADMIN */);
+      return;
+    }
+    const shouldLoadDirectPermissions = !eventId && !appConfig.requires_event;
+    const shouldLoadEventPermissions = eventId;
+    const shouldClearPermissions = !eventId && appConfig.requires_event;
+    if (shouldClearPermissions) {
+      setPermissions({});
+      setRoles([]);
+      setAccessLevel("viewer" /* VIEWER */);
+      return;
+    }
+    if (!shouldLoadDirectPermissions && !shouldLoadEventPermissions) {
+      return;
+    }
+    setRbacLoading(true);
+    setRbacError(null);
+    try {
+      const { getCurrentAppName } = await import("./appNameResolver-7GHF5ED2.js");
+      const resolvedAppName = getCurrentAppName() || appName;
+      const { data: appData, error: appError } = await supabaseClient.from("rbac_apps").select("id").eq("name", resolvedAppName).eq("is_active", true).single();
+      if (appError || !appData) {
+        console.warn("App not found or inactive:", resolvedAppName);
+        setRbacLoading(false);
+        return;
+      }
+      const { data, error } = await supabaseClient.rpc("get_rbac_permissions", {
+        p_user_id: user.id,
+        p_app_id: appData.id,
+        p_event_id: eventId || null,
+        p_organisation_id: selectedOrganisationId || null
+      });
+      if (error) {
+        throw error;
+      }
+      const { permissions: permissions2, roles: roles2, access_level } = transformRBACPermissions(data, appName);
+      setPermissions(permissions2);
+      setRoles(roles2);
+      setAccessLevel(access_level);
+    } catch (err) {
+      setRbacError(err);
+    } finally {
+      setRbacLoading(false);
+    }
+  }, [supabaseClient, user, session, appName, appConfig, selectedOrganisationId]);
+  const loadUserEventAccess = useCallback2(async () => {
+    if (!supabaseClient || !user || !session) {
+      DebugLogger.log("RBACProvider", "loadUserEventAccess: Missing required dependencies, clearing event access");
+      setUserEventAccess([]);
+      return;
+    }
+    setEventAccessLoading(true);
+    try {
+      const { getCurrentAppName } = await import("./appNameResolver-7GHF5ED2.js");
+      const resolvedAppName = getCurrentAppName() || appName;
+      const { data: appData, error: appError } = await supabaseClient.from("rbac_apps").select("id").eq("name", resolvedAppName).eq("is_active", true).single();
+      if (appError || !appData) {
+        console.warn("App not found or inactive:", resolvedAppName);
+        setEventAccessLoading(false);
+        return;
+      }
+      const { data, error } = await supabaseClient.from("rbac_event_app_roles").select(`
+          event_id,
+          role,
+          granted_at
+        `).eq("user_id", user.id).eq("app_id", appData.id);
+      if (error) {
+        console.error("Failed to load user event access:", error);
+        setUserEventAccess([]);
+        return;
+      }
+      const eventAccess = data?.map((item) => ({
+        event_id: item.event_id,
+        event_name: "Unknown Event",
+        // Event details not available in this query
+        event_description: null,
+        // Not available in this schema
+        start_date: "",
+        // Event date not available in this query
+        end_date: "",
+        // Event date not available in this query
+        event_status: "unknown",
+        // Not available in this schema
+        app_id: appData.id,
+        access_level: item.role,
+        // Map role to access_level
+        granted_at: item.granted_at,
+        organisation_id: ""
+        // Will be populated from event's organisation_id if needed
+      })) || [];
+      setUserEventAccess(eventAccess);
+    } catch (error) {
+      console.warn("Clearing corrupted localStorage data");
+      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);
+      console.error("Error loading user event access:", error);
+      setUserEventAccess([]);
+    } finally {
+      setEventAccessLoading(false);
+    }
+  }, [supabaseClient, user, session, appName]);
+  const getUserEventAccess = useCallback2((eventId) => {
+    return userEventAccess.find((access) => access.event_id === eventId);
+  }, [userEventAccess]);
+  useEffect2(() => {
+    if (!user || !appConfig || !session) {
+      DebugLogger.log("RBACProvider", "Skipping permission refresh - no user, session, or app config");
+      return;
+    }
+    const isSuperAdmin = user?.user_metadata?.globalRole === "super_admin";
+    if (isSuperAdmin) {
+      setPermissions({
+        "admin:create": true,
+        "admin:read": true,
+        "admin:update": true,
+        "admin:delete": true,
+        "users:create": true,
+        "users:read": true,
+        "users:update": true,
+        "users:delete": true,
+        "events:create": true,
+        "events:read": true,
+        "events:update": true,
+        "events:delete": true
+      });
+      setRoles(["super_admin"]);
+      setAccessLevel("admin" /* ADMIN */);
+      return;
+    }
+    if (selectedEventId) {
+      refreshPermissions(selectedEventId);
+    } else if (!appConfig.requires_event) {
+      refreshPermissions();
+    } else {
+      setPermissions({});
+      setRoles([]);
+      setAccessLevel("viewer" /* VIEWER */);
+    }
+  }, [selectedEventId, user, session, appConfig, refreshPermissions]);
+  useEffect2(() => {
+    if (user && session) {
+      DebugLogger.log("RBACProvider", "Loading user event access for authenticated user");
+      loadUserEventAccess();
+    } else {
+      DebugLogger.log("RBACProvider", "Clearing user event access - no user or session");
+      setUserEventAccess([]);
+    }
+  }, [user, session, loadUserEventAccess]);
+  const hasPermission = useCallback2((permission) => {
+    const hasPerm = !!permissions[permission];
+    return hasPerm;
+  }, [permissions]);
+  const hasAnyPermission = useCallback2((perms) => perms.some((p) => !!permissions[p]), [permissions]);
+  const hasAllPermissions = useCallback2((perms) => perms.every((p) => !!permissions[p]), [permissions]);
+  const hasRole = useCallback2((role) => {
+    const isSuperAdmin = user?.user_metadata?.globalRole === "super_admin";
+    if (role.toLowerCase() === "super_admin") {
+      return isSuperAdmin;
+    }
+    return roles.includes(role);
+  }, [roles, user]);
+  const hasAccessLevel = useCallback2((level) => {
+    const levels = Object.values(AccessLevel);
+    return levels.indexOf(accessLevel) >= levels.indexOf(level);
+  }, [accessLevel]);
+  const canAccess = useCallback2((resource, action) => {
+    const permission = `${resource}:${action}`;
+    const hasAccess = hasPermission(permission);
+    return hasAccess;
+  }, [hasPermission]);
+  const validatePermission = useCallback2(async (permission) => hasPermission(permission), [hasPermission]);
+  const validateAccess = useCallback2(async (resource, action) => {
+    return Promise.resolve(canAccess(resource, action));
+  }, [canAccess]);
+  const contextValue = useMemo2(() => ({
+    permissions,
+    roles,
+    accessLevel,
+    rbacLoading,
+    rbacError,
+    selectedEventId,
+    appConfig,
+    userEventAccess,
+    eventAccessLoading,
+    // Organisation context
+    selectedOrganisationId,
+    requireOrganisationContext: () => {
+      if (!selectedOrganisationId) {
+        throw new Error("Organisation context is required but not available");
+      }
+      return selectedOrganisationId;
+    },
+    hasPermission,
+    hasAnyPermission,
+    hasAllPermissions,
+    hasRole,
+    hasAccessLevel,
+    canAccess,
+    validatePermission,
+    validateAccess,
+    refreshPermissions,
+    setSelectedEventId,
+    // New RBAC system support
+    rbacEnabled: enableRBAC,
+    rbacContext: void 0,
+    // Will be populated by useRBAC hook when enabled
+    loadUserEventAccess,
+    getUserEventAccess
+  }), [
+    permissions,
+    roles,
+    accessLevel,
+    rbacLoading,
+    rbacError,
+    selectedEventId,
+    appConfig,
+    userEventAccess,
+    eventAccessLoading,
+    selectedOrganisationId,
+    hasPermission,
+    hasAnyPermission,
+    hasAllPermissions,
+    hasRole,
+    hasAccessLevel,
+    canAccess,
+    validatePermission,
+    validateAccess,
+    refreshPermissions,
+    setSelectedEventId,
+    enableRBAC,
+    loadUserEventAccess,
+    getUserEventAccess
+  ]);
+  return /* @__PURE__ */ jsx2(RBACContext.Provider, { value: contextValue, children });
+}
+var RBACContext, useRBAC, STORAGE_KEYS, transformRBACPermissions;
+var init_RBACProvider = __esm({
+  "src/providers/RBACProvider.tsx"() {
+    "use strict";
+    init_unified();
+    init_debugLogger();
+    RBACContext = createContext2(void 0);
+    useRBAC = () => {
+      const context = useContext2(RBACContext);
+      if (!context) {
+        throw new Error("useRBAC must be used within an RBACProvider");
+      }
+      return context;
+    };
+    STORAGE_KEYS = {
+      SELECTED_EVENT: "pace-core-selected-event"
+    };
+    transformRBACPermissions = (rbacData, _appName) => {
+      const permissions = {};
+      let roles = [];
+      let access_level = "viewer" /* VIEWER */;
+      if (!rbacData || !Array.isArray(rbacData)) {
+        return { permissions: {}, roles: ["viewer"], access_level: "viewer" /* VIEWER */ };
+      }
+      const superAdminPerm = rbacData.find((p) => p.permission_type === "all_permissions");
+      if (superAdminPerm) {
+        return {
+          permissions: { "all:all": true },
+          roles: ["super"],
+          access_level: "super" /* SUPER */
+        };
+      }
+      const eventAppPerms = rbacData.filter((p) => p.permission_type === "event_app_access");
+      if (eventAppPerms.length > 0) {
+        const role = eventAppPerms[0].role_name;
+        switch (role) {
+          case "event_admin":
+            access_level = "admin" /* ADMIN */;
+            roles = ["admin"];
+            break;
+          case "planner":
+            access_level = "planner" /* PLANNER */;
+            roles = ["planner"];
+            break;
+          case "participant":
+            access_level = "participant" /* PARTICIPANT */;
+            roles = ["participant"];
+            break;
+          case "editor":
+            access_level = "editor" /* EDITOR */;
+            roles = ["editor"];
+            break;
+          case "viewer":
+          default:
+            access_level = "viewer" /* VIEWER */;
+            roles = ["viewer"];
+            break;
+        }
+        const basePermissions = ["read"];
+        if (["event_admin", "planner"].includes(role)) {
+          basePermissions.push("create", "update");
+        }
+        if (role === "event_admin") {
+          basePermissions.push("delete");
+        }
+        basePermissions.forEach((operation) => {
+          permissions[`default:${operation}`] = true;
+        });
+      }
+      const orgPerms = rbacData.filter((p) => p.permission_type === "organisation_access");
+      if (orgPerms.length > 0) {
+        const role = orgPerms[0].role_name;
+        if (role === "org_admin") {
+          access_level = "admin" /* ADMIN */;
+          roles = ["admin"];
+          ["create", "read", "update", "delete"].forEach((operation) => {
+            permissions[`default:${operation}`] = true;
+          });
+        }
+      }
+      return { permissions, roles, access_level };
+    };
+  }
+});
+
+// src/hooks/useInactivityTracker.ts
+import { useState as useState3, useEffect as useEffect3, useCallback as useCallback3, useRef } from "react";
+function throttle(func, limit) {
+  let inThrottle;
+  return function(...args) {
+    if (!inThrottle) {
+      func.apply(this, args);
+      inThrottle = true;
+      setTimeout(() => inThrottle = false, limit);
+    }
+  };
+}
+function useInactivityTracker({
+  idleTimeoutMs = 30 * 60 * 1e3,
+  // 30 minutes
+  warnBeforeMs = 60 * 1e3,
+  // 1 minute
+  onIdle,
+  onWarning,
+  onActivity,
+  enabled = true,
+  storageKey = "pace-core-inactivity",
+  channelName = "pace-core-inactivity"
+} = {}) {
+  const [isIdle, setIsIdle] = useState3(false);
+  const [timeRemaining, setTimeRemaining] = useState3(idleTimeoutMs);
+  const [showWarning, setShowWarning] = useState3(false);
+  const [isTracking, setIsTracking] = useState3(false);
+  useEffect3(() => {
+    if (!enabled) {
+      setIsTracking(false);
+      setIsIdle(false);
+      setShowWarning(false);
+      setTimeRemaining(idleTimeoutMs);
+    }
+  }, [enabled, idleTimeoutMs]);
+  const timeoutRef = useRef(null);
+  const warningTimeoutRef = useRef(null);
+  const countdownIntervalRef = useRef(null);
+  const lastActivityRef = useRef(Date.now());
+  const channelRef = useRef(null);
+  const clearTimers = useCallback3(() => {
+    if (timeoutRef.current) {
+      clearTimeout(timeoutRef.current);
+      timeoutRef.current = null;
+    }
+    if (warningTimeoutRef.current) {
+      clearTimeout(warningTimeoutRef.current);
+      warningTimeoutRef.current = null;
+    }
+    if (countdownIntervalRef.current) {
+      clearInterval(countdownIntervalRef.current);
+      countdownIntervalRef.current = null;
+    }
+  }, []);
+  const resetActivity = useCallback3((skipActivityCallback = false) => {
+    if (!enabled) return;
+    const now = Date.now();
+    lastActivityRef.current = now;
+    clearTimers();
+    setIsIdle(false);
+    setShowWarning(false);
+    setTimeRemaining(idleTimeoutMs);
+    if (!skipActivityCallback) {
+      onActivity?.();
+    }
+    const warningTime = idleTimeoutMs - warnBeforeMs;
+    if (warningTime > 0) {
+      warningTimeoutRef.current = setTimeout(() => {
+        setShowWarning(true);
+        onWarning?.();
+      }, warningTime);
+    }
+    timeoutRef.current = setTimeout(() => {
+      setIsIdle(true);
+      onIdle?.();
+    }, idleTimeoutMs);
+    countdownIntervalRef.current = setInterval(() => {
+      const elapsed = Date.now() - lastActivityRef.current;
+      const remaining = Math.max(0, idleTimeoutMs - elapsed);
+      setTimeRemaining(remaining);
+      if (remaining === 0) {
+        clearTimers();
+      }
+    }, 1e3);
+    try {
+      localStorage.setItem(storageKey, now.toString());
+    } catch (error) {
+      console.warn("[useInactivityTracker] Failed to persist activity time:", error);
+    }
+    try {
+      if (channelRef.current) {
+        channelRef.current.postMessage({ type: "activity", timestamp: now });
+      }
+    } catch (error) {
+      console.warn("[useInactivityTracker] Failed to broadcast activity:", error);
+    }
+  }, [enabled, idleTimeoutMs, warnBeforeMs, onIdle, onWarning, onActivity, storageKey, clearTimers]);
+  const startTracking = useCallback3(() => {
+    if (!enabled) return;
+    setIsTracking(false);
+    setIsIdle(false);
+    setShowWarning(false);
+    setTimeRemaining(idleTimeoutMs);
+    clearTimers();
+    setIsTracking(true);
+    try {
+      if (typeof BroadcastChannel !== "undefined") {
+        channelRef.current = new BroadcastChannel(channelName);
+        channelRef.current.onmessage = (event) => {
+          if (event.data.type === "activity") {
+            lastActivityRef.current = event.data.timestamp;
+            resetActivity();
+          }
+        };
+      }
+    } catch (error) {
+      console.warn("[useInactivityTracker] Failed to set up cross-tab communication:", error);
+    }
+    try {
+      const persistedTime = localStorage.getItem(storageKey);
+      if (persistedTime) {
+        const persistedTimestamp = parseInt(persistedTime, 10);
+        const elapsed = Date.now() - persistedTimestamp;
+        if (elapsed < idleTimeoutMs) {
+          lastActivityRef.current = persistedTimestamp;
+          const remaining = idleTimeoutMs - elapsed;
+          setTimeRemaining(remaining);
+          if (remaining <= warnBeforeMs) {
+            setShowWarning(true);
+            onWarning?.();
+          }
+          if (remaining <= 0) {
+            setIsIdle(true);
+            onIdle?.();
+            return;
+          }
+        }
+      }
+    } catch (error) {
+      console.warn("[useInactivityTracker] Failed to check persisted activity time:", error);
+    }
+    const throttledResetActivity = throttle((event) => {
+      resetActivity();
+    }, 100);
+    const addEventListeners = () => {
+      ACTIVITY_EVENTS.forEach((event) => {
+        document.addEventListener(event, throttledResetActivity, { passive: true });
+      });
+    };
+    const removeEventListeners = () => {
+      ACTIVITY_EVENTS.forEach((event) => {
+        document.removeEventListener(event, throttledResetActivity);
+      });
+    };
+    addEventListeners();
+    resetActivity(true);
+    return () => {
+      removeEventListeners();
+      clearTimers();
+      if (channelRef.current) {
+        channelRef.current.close();
+        channelRef.current = null;
+      }
+    };
+  }, [enabled, isTracking, channelName, storageKey, idleTimeoutMs, warnBeforeMs, onIdle, onWarning]);
+  const stopTracking = useCallback3(() => {
+    setIsTracking(false);
+    clearTimers();
+    if (channelRef.current) {
+      channelRef.current.close();
+      channelRef.current = null;
+    }
+  }, [clearTimers]);
+  useEffect3(() => {
+    if (enabled) {
+      const cleanup = startTracking();
+      return cleanup;
+    } else {
+      stopTracking();
+    }
+  }, [enabled, idleTimeoutMs, warnBeforeMs]);
+  useEffect3(() => {
+    return () => {
+      clearTimers();
+      if (channelRef.current) {
+        channelRef.current.close();
+      }
+    };
+  }, [clearTimers]);
+  return {
+    isIdle,
+    timeRemaining,
+    showWarning,
+    resetActivity,
+    startTracking,
+    stopTracking,
+    isTracking
+  };
+}
+var ACTIVITY_EVENTS;
+var init_useInactivityTracker = __esm({
+  "src/hooks/useInactivityTracker.ts"() {
+    "use strict";
+    ACTIVITY_EVENTS = [
+      "mousedown",
+      "mousemove",
+      "mouseup",
+      "click",
+      "scroll",
+      "wheel",
+      "touchstart",
+      "touchmove",
+      "touchend",
+      "keydown",
+      "keyup",
+      "keypress",
+      "focus",
+      "blur",
+      "visibilitychange"
+    ];
+  }
+});
+
+// src/components/InactivityWarningModal/InactivityWarningModal.tsx
+import { useEffect as useEffect4, useState as useState4, useCallback as useCallback4 } from "react";
+import { Clock, AlertTriangle } from "lucide-react";
+import { jsx as jsx3, jsxs } from "react/jsx-runtime";
+function InactivityWarningModal({
+  isOpen,
+  timeRemaining,
+  onStaySignedIn,
+  onSignOutNow,
+  title = "Session Timeout Warning",
+  description = "You've been inactive for a while. Your session will expire soon for security reasons.",
+  className
+}) {
+  const [displayTime, setDisplayTime] = useState4(timeRemaining);
+  useEffect4(() => {
+    setDisplayTime(timeRemaining);
+  }, [timeRemaining]);
+  const formatTime = useCallback4((seconds) => {
+    const mins = Math.floor(seconds / 60);
+    const secs = seconds % 60;
+    return `${mins.toString().padStart(2, "0")}:${secs.toString().padStart(2, "0")}`;
+  }, []);
+  return /* @__PURE__ */ jsx3(Dialog, { open: isOpen, onOpenChange: (open) => !open && onStaySignedIn(), children: /* @__PURE__ */ jsxs(
+    DialogContent,
+    {
+      className: `sm:max-w-md ${className || ""}`,
+      preventCloseOnEscape: false,
+      preventCloseOnOutsideClick: true,
+      "data-testid": "inactivity-warning-modal",
+      children: [
+        /* @__PURE__ */ jsxs(DialogHeader, { children: [
+          /* @__PURE__ */ jsxs("div", { className: "flex items-center gap-3", children: [
+            /* @__PURE__ */ jsx3("div", { className: "flex-shrink-0", children: /* @__PURE__ */ jsx3(AlertTriangle, { className: "h-6 w-6 text-acc-600" }) }),
+            /* @__PURE__ */ jsx3("div", { children: /* @__PURE__ */ jsx3(DialogTitle, { className: "text-lg font-semibold text-main-900", children: title }) })
+          ] }),
+          /* @__PURE__ */ jsx3(DialogDescription, { className: "text-main-700 mt-2", children: description })
+        ] }),
+        /* @__PURE__ */ jsxs("div", { className: "space-y-6", children: [
+          /* @__PURE__ */ jsxs("div", { className: "text-center", children: [
+            /* @__PURE__ */ jsxs("div", { className: "inline-flex items-center gap-2 px-4 py-3 bg-acc-50 border border-acc-200 rounded-lg", children: [
+              /* @__PURE__ */ jsx3(Clock, { className: "h-5 w-5 text-acc-600" }),
+              /* @__PURE__ */ jsx3("span", { className: "text-2xl font-mono font-bold text-acc-700", children: formatTime(displayTime) })
+            ] }),
+            /* @__PURE__ */ jsx3("p", { className: "text-sm text-main-600 mt-2", children: "Time remaining before automatic logout" })
+          ] }),
+          /* @__PURE__ */ jsxs("div", { className: "flex flex-col sm:flex-row gap-3", children: [
+            /* @__PURE__ */ jsx3(
+              Button,
+              {
+                onClick: onStaySignedIn,
+                className: "flex-1 bg-main-600 hover:bg-main-700 text-main-50",
+                size: "lg",
+                children: "Stay Signed In"
+              }
+            ),
+            /* @__PURE__ */ jsx3(
+              Button,
+              {
+                onClick: onSignOutNow,
+                variant: "outline",
+                className: "flex-1 border-acc-300 text-acc-700 hover:bg-acc-50",
+                size: "lg",
+                children: "Sign Out Now"
+              }
+            )
+          ] }),
+          /* @__PURE__ */ jsx3("div", { className: "text-xs text-main-500 text-center", children: /* @__PURE__ */ jsx3("p", { children: "For security reasons, you'll be automatically signed out after 30 minutes of inactivity." }) })
+        ] })
+      ]
+    }
+  ) });
+}
+var init_InactivityWarningModal = __esm({
+  "src/components/InactivityWarningModal/InactivityWarningModal.tsx"() {
+    "use strict";
+    init_Dialog();
+    init_Button();
+  }
+});
+
+// src/providers/InactivityProvider.tsx
+import { createContext as createContext3, useContext as useContext3, useState as useState5, useEffect as useEffect5, useCallback as useCallback5, useMemo as useMemo3 } from "react";
+import { jsx as jsx4, jsxs as jsxs2 } from "react/jsx-runtime";
+function InactivityProvider({
+  children,
+  user,
+  session,
+  supabaseClient,
+  idleTimeoutMs = 30 * 60 * 1e3,
+  // 30 minutes
+  warnBeforeMs = 60 * 1e3,
+  // 60 seconds
+  onIdleLogout,
+  renderInactivityWarning,
+  dangerouslyDisableInactivity = false
+}) {
+  const [showInactivityWarning, setShowInactivityWarning] = useState5(false);
+  const [inactivityTimeRemaining, setInactivityTimeRemaining] = useState5(0);
+  useEffect5(() => {
+    if (typeof window !== "undefined") {
+      const isProduction = true;
+      if (isProduction && dangerouslyDisableInactivity) {
+        console.error("[InactivityProvider] CRITICAL: dangerouslyDisableInactivity is not allowed in production! Auto-enabling inactivity feature.");
+      }
+      if (!isProduction && dangerouslyDisableInactivity) {
+        console.warn("[InactivityProvider] Inactivity feature disabled for development. This will NOT work in production.");
+      }
+    }
+  }, [dangerouslyDisableInactivity]);
+  const isInactivityEnabled = typeof window !== "undefined" && (false ? !dangerouslyDisableInactivity : true);
+  const {
+    isIdle,
+    timeRemaining,
+    showWarning,
+    resetActivity,
+    startTracking,
+    stopTracking,
+    isTracking
+  } = useInactivityTracker({
+    idleTimeoutMs,
+    warnBeforeMs,
+    enabled: isInactivityEnabled && !!user && !!session,
+    onIdle: useCallback5(() => {
+      setShowInactivityWarning(false);
+      setInactivityTimeRemaining(0);
+      if (supabaseClient) {
+        supabaseClient.auth.signOut().catch((error) => {
+          console.error("[InactivityProvider] Error during idle logout:", error);
+        });
+      }
+      onIdleLogout?.("inactivity");
+    }, [supabaseClient, onIdleLogout]),
+    onWarning: useCallback5(() => {
+      setShowInactivityWarning(true);
+      setInactivityTimeRemaining(warnBeforeMs);
+    }, [warnBeforeMs]),
+    onActivity: useCallback5(() => {
+      setShowInactivityWarning(false);
+      setInactivityTimeRemaining(0);
+    }, [])
+  });
+  const handleIdleLogout = useCallback5(async () => {
+    setShowInactivityWarning(false);
+    setInactivityTimeRemaining(0);
+    stopTracking();
+    try {
+      if (supabaseClient) {
+        await supabaseClient.auth.signOut();
+      }
+    } catch (error) {
+      console.error("[InactivityProvider] Error during idle logout:", error);
+    }
+    onIdleLogout?.("inactivity");
+  }, [supabaseClient, onIdleLogout, stopTracking]);
+  const handleStaySignedIn = useCallback5(() => {
+    setShowInactivityWarning(false);
+    setInactivityTimeRemaining(0);
+    resetActivity();
+  }, [resetActivity]);
+  const handleSignOutNow = useCallback5(async () => {
+    setShowInactivityWarning(false);
+    setInactivityTimeRemaining(0);
+    stopTracking();
+    try {
+      if (supabaseClient) {
+        await supabaseClient.auth.signOut();
+      }
+    } catch (error) {
+      console.error("[InactivityProvider] Error during manual sign out:", error);
+    }
+    onIdleLogout?.("inactivity");
+  }, [supabaseClient, onIdleLogout, stopTracking]);
+  useEffect5(() => {
+    if (showWarning && timeRemaining > 0) {
+      setInactivityTimeRemaining(Math.ceil(timeRemaining / 1e3));
+    }
+  }, [showWarning, timeRemaining]);
+  const contextValue = useMemo3(() => ({
+    showInactivityWarning,
+    inactivityTimeRemaining,
+    isIdle,
+    timeRemaining,
+    showWarning,
+    isTracking,
+    resetActivity,
+    startTracking,
+    stopTracking,
+    handleIdleLogout,
+    handleStaySignedIn,
+    handleSignOutNow
+  }), [
+    showInactivityWarning,
+    inactivityTimeRemaining,
+    isIdle,
+    timeRemaining,
+    showWarning,
+    isTracking,
+    resetActivity,
+    startTracking,
+    stopTracking,
+    handleIdleLogout,
+    handleStaySignedIn,
+    handleSignOutNow
+  ]);
+  return /* @__PURE__ */ jsxs2(InactivityContext.Provider, { value: contextValue, children: [
+    children,
+    showInactivityWarning && (renderInactivityWarning ? renderInactivityWarning({
+      timeRemaining: inactivityTimeRemaining,
+      onStaySignedIn: handleStaySignedIn,
+      onSignOutNow: handleSignOutNow
+    }) : /* @__PURE__ */ jsx4(
+      InactivityWarningModal,
+      {
+        isOpen: showInactivityWarning,
+        timeRemaining: inactivityTimeRemaining,
+        onStaySignedIn: handleStaySignedIn,
+        onSignOutNow: handleSignOutNow
+      }
+    ))
+  ] });
+}
+var InactivityContext, useInactivity;
+var init_InactivityProvider = __esm({
+  "src/providers/InactivityProvider.tsx"() {
+    "use strict";
+    init_useInactivityTracker();
+    init_InactivityWarningModal();
+    InactivityContext = createContext3(void 0);
+    useInactivity = () => {
+      const context = useContext3(InactivityContext);
+      if (!context) {
+        throw new Error("useInactivity must be used within an InactivityProvider");
+      }
+      return context;
+    };
+  }
+});
+
+// src/providers/UnifiedAuthProvider.tsx
+var UnifiedAuthProvider_exports = {};
+__export(UnifiedAuthProvider_exports, {
+  UnifiedAuthProvider: () => UnifiedAuthProvider,
+  useUnifiedAuth: () => useUnifiedAuth
+});
+import { createContext as createContext4, useContext as useContext4, useMemo as useMemo4 } from "react";
+import { jsx as jsx5 } from "react/jsx-runtime";
+function UnifiedAuthContextProvider({
+  children,
+  appName,
+  ...props
+}) {
+  const auth = useAuth();
+  const rbac = useRBAC();
+  const inactivity = useInactivity();
+  const contextValue = useMemo4(() => ({
+    ...auth,
+    ...rbac,
+    ...inactivity,
+    appName,
+    isLoading: auth.authLoading || rbac.rbacLoading,
+    hasErrors: !!auth.authError || !!rbac.rbacError
+  }), [auth, rbac, inactivity, appName]);
+  return /* @__PURE__ */ jsx5(UnifiedAuthContext.Provider, { value: contextValue, children });
+}
+function AuthAwareProviders({
+  children,
+  supabaseClient,
+  appName,
+  persistState,
+  enablePersistence,
+  requireOrganisationContext,
+  enableRBAC,
+  idleTimeoutMs,
+  warnBeforeMs,
+  onIdleLogout,
+  renderInactivityWarning,
+  dangerouslyDisableInactivity
+}) {
+  const auth = useAuth();
+  return /* @__PURE__ */ jsx5(
+    RBACProvider,
+    {
+      supabaseClient,
+      user: auth.user,
+      session: auth.session,
+      appName,
+      enableRBAC,
+      persistState,
+      enablePersistence,
+      requireOrganisationContext,
+      children: /* @__PURE__ */ jsx5(
+        InactivityProvider,
+        {
+          user: auth.user,
+          session: auth.session,
+          supabaseClient,
+          idleTimeoutMs,
+          warnBeforeMs,
+          onIdleLogout,
+          renderInactivityWarning,
+          dangerouslyDisableInactivity,
+          children: /* @__PURE__ */ jsx5(
+            UnifiedAuthContextProvider,
+            {
+              appName,
+              supabaseClient,
+              persistState,
+              enablePersistence,
+              requireOrganisationContext,
+              enableRBAC,
+              idleTimeoutMs,
+              warnBeforeMs,
+              onIdleLogout,
+              renderInactivityWarning,
+              dangerouslyDisableInactivity,
+              children
+            }
+          )
+        }
+      )
+    }
+  );
+}
+function UnifiedAuthProvider({
+  children,
+  supabaseClient,
+  appName,
+  persistState = true,
+  enablePersistence,
+  requireOrganisationContext = true,
+  enableRBAC = false,
+  idleTimeoutMs = 30 * 60 * 1e3,
+  // 30 minutes
+  warnBeforeMs = 60 * 1e3,
+  // 60 seconds
+  onIdleLogout,
+  renderInactivityWarning,
+  dangerouslyDisableInactivity = false
+}) {
+  return /* @__PURE__ */ jsx5(AuthProvider, { supabaseClient, children: /* @__PURE__ */ jsx5(
+    AuthAwareProviders,
+    {
+      supabaseClient,
+      appName,
+      persistState,
+      enablePersistence,
+      requireOrganisationContext,
+      enableRBAC,
+      idleTimeoutMs,
+      warnBeforeMs,
+      onIdleLogout,
+      renderInactivityWarning,
+      dangerouslyDisableInactivity,
+      children
+    }
+  ) });
+}
+var UnifiedAuthContext, useUnifiedAuth;
+var init_UnifiedAuthProvider = __esm({
+  "src/providers/UnifiedAuthProvider.tsx"() {
+    "use strict";
+    init_AuthProvider();
+    init_RBACProvider();
+    init_InactivityProvider();
+    UnifiedAuthContext = createContext4(void 0);
+    useUnifiedAuth = () => {
+      const context = useContext4(UnifiedAuthContext);
+      if (!context) {
+        throw new Error("useUnifiedAuth must be used within a UnifiedAuthProvider");
+      }
+      return context;
+    };
+  }
+});
+
+// src/providers/OrganisationProvider.tsx
+var OrganisationProvider_exports = {};
+__export(OrganisationProvider_exports, {
+  OrganisationProvider: () => OrganisationProvider,
+  useOrganisations: () => useOrganisations
+});
+import { createContext as createContext5, useContext as useContext5, useState as useState6, useEffect as useEffect6, useCallback as useCallback6, useMemo as useMemo5 } from "react";
+import { useNavigate } from "react-router-dom";
+import { jsx as jsx6, jsxs as jsxs3 } from "react/jsx-runtime";
+function OrganisationProvider({ children }) {
+  const [selectedOrganisation, setSelectedOrganisation] = useState6(null);
+  const [organisations, setOrganisations] = useState6([]);
+  const [userMemberships, setUserMemberships] = useState6([]);
+  const [roleMapState, setRoleMapState] = useState6(/* @__PURE__ */ new Map());
+  const [isLoading, setIsLoading] = useState6(true);
+  const [error, setError] = useState6(null);
+  const [isContextReady, setIsContextReady] = useState6(false);
+  const { user, session, supabase, signOut } = useUnifiedAuth();
+  let navigate = null;
+  try {
+    navigate = useNavigate();
+  } catch (error2) {
+    navigate = null;
+  }
+  const setDatabaseOrganisationContext = useCallback6(async (organisation) => {
+    if (!supabase || !session) {
+      console.warn("[OrganisationProvider] No Supabase client or session available for setting organisation context");
+      setIsContextReady(false);
+      return;
+    }
+    try {
+      await setOrganisationContext(supabase, organisation.id);
+      DebugLogger.log("OrganisationProvider", "Database organisation context set to:", organisation.display_name);
+      setIsContextReady(true);
+    } catch (error2) {
+      console.error("[OrganisationProvider] Failed to set database organisation context:", error2);
+      setIsContextReady(false);
+    }
+  }, [supabase, session]);
+  useEffect6(() => {
+    if (selectedOrganisation && supabase && session) {
+      setIsContextReady(false);
+      (async () => {
+        await setDatabaseOrganisationContext(selectedOrganisation);
+      })();
+    } else {
+      setIsContextReady(false);
+    }
+  }, [selectedOrganisation, setDatabaseOrganisationContext, supabase, session]);
+  const loadUserOrganisations = useCallback6(async () => {
+    if (!user || !session || !supabase) {
+      DebugLogger.log("OrganisationProvider", "Clearing organisation state - no user, session, or supabase client");
+      setSelectedOrganisation(null);
+      setOrganisations([]);
+      setUserMemberships([]);
+      setIsLoading(false);
+      setError(null);
+      return;
+    }
+    setIsLoading(true);
+    setError(null);
+    try {
+      DebugLogger.log("OrganisationProvider", "Loading organisations for user:", user.id);
+      let memberships, membershipError;
+      try {
+        const result = await supabase.from("rbac_organisation_roles").select(`
+              id,
+              user_id,
+              organisation_id,
+              role,
+              status,
+              granted_at,
+              granted_by,
+              revoked_at,
+              revoked_by,
+              notes,
+              created_at,
+              updated_at
+            `).eq("user_id", user.id).eq("status", "active").is("revoked_at", null).in("role", ["org_admin", "leader", "member"]);
+        memberships = result.data;
+        membershipError = result.error;
+      } catch (queryError) {
+        membershipError = queryError;
+      }
+      if (membershipError) {
+        console.error("[OrganisationProvider] Error loading memberships:", membershipError);
+        throw membershipError;
+      }
+      DebugLogger.log("OrganisationProvider", "Raw memberships data:", memberships);
+      if (!memberships || memberships.length === 0) {
+        throw new Error("User has no active organisation memberships");
+      }
+      const organisationIds = memberships.map((m) => m.organisation_id);
+      const { data: organisations2, error: orgError } = await supabase.from("organisations").select("id, name, display_name, subscription_tier, settings, is_active, parent_id, created_at, updated_at").in("id", organisationIds);
+      if (orgError) {
+        console.error("[OrganisationProvider] Error loading organisations:", orgError);
+        throw orgError;
+      }
+      const roleMap = /* @__PURE__ */ new Map();
+      memberships?.forEach((membership) => {
+        roleMap.set(membership.organisation_id, membership.role);
+      });
+      const orgs = organisations2;
+      const activeOrgs = orgs.filter((org) => org.is_active);
+      if (activeOrgs.length === 0) {
+        throw new Error("User has no access to active organisations");
+      }
+      DebugLogger.log("OrganisationProvider", "Active organisations:", activeOrgs);
+      setOrganisations(activeOrgs);
+      setUserMemberships(memberships);
+      setRoleMapState(roleMap);
+      let initialOrg = null;
+      try {
+        const persistedOrgString = localStorage.getItem(STORAGE_KEYS2.SELECTED_ORGANISATION);
+        if (persistedOrgString) {
+          const persistedOrg = JSON.parse(persistedOrgString);
+          const validPersistedOrg = activeOrgs.find((org) => org.id === persistedOrg.id);
+          if (validPersistedOrg) {
+            initialOrg = validPersistedOrg;
+            DebugLogger.log("OrganisationProvider", "Restored persisted organisation:", initialOrg.display_name);
+          }
+        }
+      } catch (storageError) {
+        console.warn("[OrganisationProvider] Failed to restore persisted organisation:", storageError);
+      }
+      if (!initialOrg) {
+        const adminMembership = memberships.find((m) => m.role === "org_admin");
+        if (adminMembership) {
+          const foundOrg = organisations2.find((org) => org.id === adminMembership.organisation_id);
+          if (foundOrg) {
+            initialOrg = foundOrg;
+            DebugLogger.log("OrganisationProvider", "Selected org_admin organisation:", initialOrg.display_name);
+          }
+        }
+      }
+      if (!initialOrg) {
+        initialOrg = activeOrgs[0];
+        DebugLogger.log("OrganisationProvider", "Selected first organisation:", initialOrg.display_name);
+      }
+      if (!initialOrg) {
+        throw new Error("No valid organisation found for user");
+      }
+      setSelectedOrganisation(initialOrg);
+      localStorage.setItem(STORAGE_KEYS2.SELECTED_ORGANISATION, JSON.stringify(initialOrg));
+      DebugLogger.log("OrganisationProvider", "Organisation context established:", {
+        selectedOrganisation: initialOrg.display_name,
+        totalOrganisations: activeOrgs.length,
+        userRole: roleMap.get(initialOrg.id)
+      });
+    } catch (err) {
+      console.error("[OrganisationProvider] Failed to load organisations:", err);
+      setError(err);
+      setSelectedOrganisation(null);
+      setOrganisations([]);
+      setUserMemberships([]);
+      localStorage.removeItem(STORAGE_KEYS2.SELECTED_ORGANISATION);
+    } finally {
+      setIsLoading(false);
+    }
+  }, [user, session, supabase]);
+  useEffect6(() => {
+    loadUserOrganisations();
+  }, [loadUserOrganisations]);
+  const handleLogoutAndRedirect = useCallback6(async () => {
+    try {
+      await signOut();
+      if (navigate) {
+        navigate("/login", { replace: true });
+      } else {
+        window.location.href = "/login";
+      }
+    } catch (error2) {
+      console.error("[OrganisationProvider] Error during logout:", error2);
+      if (navigate) {
+        navigate("/login", { replace: true });
+      } else {
+        window.location.href = "/login";
+      }
+    }
+  }, [signOut, navigate]);
+  const ensureOrganisationContext = useCallback6(() => {
+    if (!selectedOrganisation) {
+      throw new Error("Organisation context is required but not available");
+    }
+    return selectedOrganisation;
+  }, [selectedOrganisation]);
+  const getUserRole = useCallback6((orgId) => {
+    const targetOrgId = orgId || selectedOrganisation?.id;
+    if (!targetOrgId) return "no_access";
+    return roleMapState.get(targetOrgId) || "no_access";
+  }, [roleMapState, selectedOrganisation]);
+  const validateOrganisationAccess = useCallback6((orgId) => {
+    return userMemberships.some(
+      (m) => m.organisation_id === orgId && m.status === "active" && m.revoked_at === null
+    );
+  }, [userMemberships]);
+  const switchOrganisation = useCallback6(async (orgId) => {
+    DebugLogger.log("OrganisationProvider", "Switching to organisation:", orgId);
+    if (!validateOrganisationAccess(orgId)) {
+      throw new Error(`User does not have access to organisation ${orgId}`);
+    }
+    const targetOrg = organisations.find((org) => org.id === orgId);
+    if (!targetOrg) {
+      throw new Error(`Organisation ${orgId} not found in user's organisations`);
+    }
+    setSelectedOrganisation(targetOrg);
+    localStorage.setItem(STORAGE_KEYS2.SELECTED_ORGANISATION, JSON.stringify(targetOrg));
+    await setDatabaseOrganisationContext(targetOrg);
+    DebugLogger.log("OrganisationProvider", "Switched to organisation:", targetOrg.display_name);
+  }, [organisations, validateOrganisationAccess, setDatabaseOrganisationContext]);
+  const refreshOrganisations = useCallback6(async () => {
+    if (!user || !session || !supabase) return;
+    setIsLoading(true);
+  }, [user, session, supabase]);
+  const getPrimaryOrganisation = useCallback6(() => {
+    const rolePriority = ["org_admin", "leader", "member"];
+    for (const role of rolePriority) {
+      const membership = userMemberships.find((m) => m.role === role);
+      if (membership) {
+        return organisations.find((org) => org.id === membership.organisation_id) || null;
+      }
+    }
+    return null;
+  }, [userMemberships, organisations]);
+  const isOrganisationSecure = useCallback6(() => {
+    return !!(selectedOrganisation && user);
+  }, [selectedOrganisation, user]);
+  const buildOrganisationHierarchy = useCallback6((orgs) => {
+    const orgMap = /* @__PURE__ */ new Map();
+    orgs.forEach((org) => orgMap.set(org.id, org));
+    const roots = [];
+    orgs.forEach((org) => {
+      if (!org.parent_id) {
+        roots.push({
+          organisation: org,
+          children: [],
+          depth: 0
+        });
+      }
+    });
+    return roots;
+  }, []);
+  const hasValidOrganisationContext = useMemo5(() => {
+    return !!(selectedOrganisation && !isLoading && !error && isContextReady);
+  }, [selectedOrganisation, isLoading, error, isContextReady]);
+  const contextValue = useMemo5(() => {
+    if (!selectedOrganisation) {
+      const placeholderOrg = {
+        id: "",
+        name: "",
+        display_name: "",
+        subscription_tier: "standard",
+        settings: {},
+        is_active: false,
+        created_at: "",
+        updated_at: ""
+      };
+      return {
+        selectedOrganisation: placeholderOrg,
+        organisations: [],
+        userMemberships: [],
+        isLoading,
+        error,
+        hasValidOrganisationContext: false,
+        setSelectedOrganisation: () => {
+        },
+        switchOrganisation: async () => {
+        },
+        getUserRole: () => "no_access",
+        validateOrganisationAccess: () => false,
+        refreshOrganisations: async () => {
+        },
+        ensureOrganisationContext: () => {
+          throw new Error("No organisation context");
+        },
+        isOrganisationSecure: () => false,
+        getPrimaryOrganisation: () => null
+      };
+    }
+    return {
+      selectedOrganisation,
+      organisations,
+      userMemberships,
+      isLoading,
+      error,
+      hasValidOrganisationContext,
+      setSelectedOrganisation,
+      switchOrganisation,
+      getUserRole,
+      validateOrganisationAccess,
+      refreshOrganisations,
+      ensureOrganisationContext,
+      isOrganisationSecure,
+      getPrimaryOrganisation
+    };
+  }, [
+    selectedOrganisation,
+    organisations,
+    userMemberships,
+    isLoading,
+    error,
+    hasValidOrganisationContext,
+    switchOrganisation,
+    getUserRole,
+    validateOrganisationAccess,
+    refreshOrganisations,
+    ensureOrganisationContext,
+    isOrganisationSecure,
+    getPrimaryOrganisation
+  ]);
+  if (isLoading || selectedOrganisation && !isContextReady) {
+    return /* @__PURE__ */ jsx6("div", { className: "organisation-loading", role: "status", "aria-label": "Loading organisation context", children: /* @__PURE__ */ jsx6("div", { className: "flex items-center justify-center min-h-screen", children: /* @__PURE__ */ jsxs3("div", { className: "text-center", children: [
+      /* @__PURE__ */ jsx6("div", { className: "animate-spin rounded-full h-8 w-8 border-b-2 border-primary mx-auto mb-4" }),
+      /* @__PURE__ */ jsx6("p", { className: "text-muted-foreground", children: isLoading ? "Loading organisation context..." : "Setting up organisation context..." })
+    ] }) }) });
+  }
+  if (error || user && !selectedOrganisation) {
+    return /* @__PURE__ */ jsx6("div", { className: "organisation-error", role: "alert", children: /* @__PURE__ */ jsx6("div", { className: "flex items-center justify-center min-h-screen", children: /* @__PURE__ */ jsxs3("div", { className: "text-center max-w-md mx-auto p-6", children: [
+      /* @__PURE__ */ jsx6("div", { className: "text-destructive mb-4", children: /* @__PURE__ */ jsx6("svg", { className: "h-12 w-12 mx-auto", fill: "none", viewBox: "0 0 24 24", stroke: "currentColor", children: /* @__PURE__ */ jsx6("path", { strokeLinecap: "round", strokeLinejoin: "round", strokeWidth: 2, d: "M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-2.5L13.732 4c-.77-.833-1.732-.833-2.464 0L4.35 16.5c-.77.833.192 2.5 1.732 2.5z" }) }) }),
+      /* @__PURE__ */ jsx6("h2", { className: "text-xl font-semibold text-foreground mb-2", children: "Organisation Access Required" }),
+      /* @__PURE__ */ jsx6("p", { className: "text-muted-foreground mb-4", children: error?.message || "No valid organisation context available. Please contact your administrator to be added to an organisation." }),
+      /* @__PURE__ */ jsx6(
+        "button",
+        {
+          onClick: handleLogoutAndRedirect,
+          className: "px-4 py-2 bg-primary text-primary-foreground rounded-md hover:bg-primary/90",
+          children: "Sign Out"
+        }
+      )
+    ] }) }) });
+  }
+  return /* @__PURE__ */ jsx6(OrganisationContext.Provider, { value: contextValue, children });
+}
+var OrganisationContext, STORAGE_KEYS2, useOrganisations;
+var init_OrganisationProvider = __esm({
+  "src/providers/OrganisationProvider.tsx"() {
+    "use strict";
+    init_UnifiedAuthProvider();
+    init_organisationContext();
+    init_debugLogger();
+    OrganisationContext = createContext5(void 0);
+    STORAGE_KEYS2 = {
+      SELECTED_ORGANISATION: "pace-core-selected-organisation",
+      ORGANISATION_CONTEXT: "pace-core-organisation-context"
+    };
+    useOrganisations = () => {
+      const context = useContext5(OrganisationContext);
+      if (!context) {
+        throw new Error("useOrganisations must be used within an OrganisationProvider");
+      }
+      return context;
+    };
+  }
+});
+
+export {
+  useAuth,
+  AuthProvider,
+  init_AuthProvider,
+  useRBAC,
+  RBACProvider,
+  init_RBACProvider,
+  useInactivityTracker,
+  init_useInactivityTracker,
+  InactivityWarningModal,
+  init_InactivityWarningModal,
+  useInactivity,
+  InactivityProvider,
+  init_InactivityProvider,
+  useUnifiedAuth,
+  UnifiedAuthProvider,
+  UnifiedAuthProvider_exports,
+  init_UnifiedAuthProvider,
+  OrganisationProvider,
+  useOrganisations,
+  OrganisationProvider_exports,
+  init_OrganisationProvider
+};
+//# sourceMappingURL=chunk-DY5E3AT7.js.map