@jmruthers/pace-core 0.2.7 → 0.4.1

package/dist/chunk-BEZRLNK3.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/providers/AuthProvider.tsx","../src/providers/RBACProvider.tsx","../src/hooks/useInactivityTracker.ts","../src/components/InactivityWarningModal/InactivityWarningModal.tsx","../src/providers/InactivityProvider.tsx","../src/providers/UnifiedAuthProvider.tsx","../src/providers/OrganisationProvider.tsx"],"sourcesContent":["/**\n * @file Authentication Provider\n * @package @jmruthers/pace-core\n * @module Providers/Auth\n * @since 0.1.0\n *\n * Handles user authentication, session management, and auth-related operations.\n * Separated from UnifiedAuthProvider for better maintainability.\n */\n\nimport React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';\nimport { type SupabaseClient, type User, type Session, AuthError } from '@supabase/supabase-js';\nimport { DebugLogger } from '../utils/debugLogger';\n\n// Auth context type\nexport interface AuthContextType {\n  // Auth state\n  user: User | null;\n  session: Session | null;\n  isAuthenticated: boolean;\n  authLoading: boolean;\n  authError: AuthError | null;\n  error: AuthError | null; // Alias for authError for backward compatibility\n  supabase: SupabaseClient | null;\n  \n  // Auth methods\n  signIn: (email: string, password?: string) => Promise<{ error: AuthError | null }>;\n  signUp: (email: string, password: string) => Promise<{ error: AuthError | null }>;\n  signOut: () => Promise<{ error: AuthError | null }>;\n  resetPassword: (email: string) => Promise<{ error: AuthError | null }>;\n  updatePassword: (password: string) => Promise<{ error: AuthError | null }>;\n  refreshSession: () => Promise<{ error: AuthError | null }>;\n}\n\nconst AuthContext = createContext<AuthContextType | undefined>(undefined);\n\nexport const useAuth = () => {\n  const context = useContext(AuthContext);\n  if (!context) {\n    throw new Error('useAuth must be used within an AuthProvider');\n  }\n  return context;\n};\n\nexport interface AuthProviderProps {\n  children: React.ReactNode;\n  supabaseClient?: SupabaseClient;\n}\n\nexport function AuthProvider({ children, supabaseClient }: AuthProviderProps) {\n  // Auth state\n  const [user, setUser] = useState<User | null>(null);\n  const [session, setSession] = useState<Session | null>(null);\n  const [authLoading, setAuthLoading] = useState(true);\n  const [authError, setAuthError] = useState<AuthError | null>(null);\n\n  // Global error handler to suppress AuthSessionMissingError during logout\n  useEffect(() => {\n    const handleError = (event: ErrorEvent) => {\n      if (event.error?.message?.includes('AuthSessionMissingError') || \n          event.error?.message?.includes('Auth session missing')) {\n        console.warn('[AuthProvider] Suppressing AuthSessionMissingError during logout');\n        event.preventDefault();\n        return false;\n      }\n    };\n\n    const handleUnhandledRejection = (event: PromiseRejectionEvent) => {\n      if (event.reason?.message?.includes('AuthSessionMissingError') ||\n          event.reason?.message?.includes('Auth session missing')) {\n        console.warn('[AuthProvider] Suppressing unhandled AuthSessionMissingError');\n        event.preventDefault();\n        return false;\n      }\n    };\n\n    window.addEventListener('error', handleError);\n    window.addEventListener('unhandledrejection', handleUnhandledRejection);\n\n    return () => {\n      window.removeEventListener('error', handleError);\n      window.removeEventListener('unhandledrejection', handleUnhandledRejection);\n    };\n  }, []);\n\n  // Load initial user if no session but supabase client exists\n  useEffect(() => {\n    if (!supabaseClient) return;\n\n    const loadInitialUser = async () => {\n      try {\n        const response = await supabaseClient.auth.getUser();\n        const { data: { user: initialUser }, error } = response || { data: { user: null }, error: null };\n        if (error) {\n          console.warn('Failed to get initial user:', error);\n          setAuthLoading(false);\n          return;\n        }\n        \n        if (initialUser) {\n          setUser(initialUser);\n        }\n        setAuthLoading(false);\n      } catch (error) {\n        console.error('Error loading initial user:', error);\n        setAuthLoading(false);\n      }\n    };\n\n    // Only load initial user if we haven't set up the auth state change listener yet\n    // This prevents race conditions between loadInitialUser and auth state change\n    const timeoutId = setTimeout(() => {\n      if (authLoading && !user && !session) {\n        loadInitialUser();\n      }\n    }, 100);\n\n    return () => clearTimeout(timeoutId);\n  }, [supabaseClient, authLoading, user, session]);\n\n  // Auth state change listener\n  useEffect(() => {\n    if (!supabaseClient) {\n      setAuthLoading(false);\n      return;\n    }\n\n    // Shorter timeout to prevent hanging\n    const timeoutId = setTimeout(() => {\n      if (authLoading) {\n        console.warn('AuthProvider: Auth loading timeout reached');\n        setAuthLoading(false);\n      }\n    }, 2000); // Reduced from 5000 to 2000\n\n    try {\n      DebugLogger.log('AuthProvider', 'Setting up auth state change listener...');\n      const authStateChange = supabaseClient.auth.onAuthStateChange(\n        (event, session) => {\n          try {\n            DebugLogger.log('AuthProvider', 'Auth state changed:', event, session?.user?.email);\n            \n            // Clear timeout immediately when we get an auth state change\n            clearTimeout(timeoutId);\n            \n            // Handle different auth events\n            if (event === 'SIGNED_OUT') {\n              DebugLogger.log('AuthProvider', 'User signed out, clearing all state');\n              // Clear all state immediately and aggressively\n              setSession(null);\n              setUser(null);\n              setAuthLoading(false);\n              setAuthError(null);\n            } else {\n              setSession(session);\n              setUser(session?.user ?? null);\n              setAuthLoading(false);\n              \n              // Only clear auth error if we have a valid session\n              if (session) {\n                setAuthError(null);\n              }\n            }\n          } catch (error) {\n            console.warn('[AuthProvider] Error in auth state change handler:', error);\n            // Ensure loading is always set to false\n            setAuthLoading(false);\n          }\n        }\n      );\n\n      const subscription = authStateChange?.data?.subscription || authStateChange;\n      \n      return () => {\n        clearTimeout(timeoutId);\n        if (subscription && typeof subscription.unsubscribe === 'function') {\n          DebugLogger.log('AuthProvider', 'Cleaning up auth state listener');\n          subscription.unsubscribe();\n        }\n      };\n    } catch (error) {\n      console.error('AuthProvider: Error setting up auth state change listener:', error);\n      \n      // Don't set authError for connection issues or auth session missing errors\n      if (error instanceof Error && \n          !error.message.includes('No API key found') && \n          !error.message.includes('AuthSessionMissingError') &&\n          !error.message.includes('Auth session missing')) {\n        setAuthError(error as AuthError);\n      }\n      setAuthLoading(false);\n      clearTimeout(timeoutId);\n      return () => {};\n    }\n  }, [supabaseClient]);\n\n  // Auth methods\n  const signIn = useCallback(async (email: string, password?: string) => {\n    if (!supabaseClient) {\n      const error = new Error('No Supabase client provided') as AuthError;\n      setAuthError(error);\n      return { error };\n    }\n\n    setAuthLoading(true);\n    setAuthError(null);\n    \n    try {\n      const { error } = await supabaseClient.auth.signInWithPassword({ email, password: password || '' });\n      if (error) {\n        setAuthError(error);\n      }\n      return { error };\n    } catch (err: any) {\n      const authError = err as AuthError;\n      setAuthError(authError);\n      return { error: authError };\n    } finally {\n      setAuthLoading(false);\n    }\n  }, [supabaseClient]);\n\n  const signUp = useCallback(async (email: string, password: string) => {\n    if (!supabaseClient) {\n      const error = new Error('No Supabase client provided') as AuthError;\n      setAuthError(error);\n      return { error };\n    }\n\n    setAuthError(null);\n    try {\n      const { error } = await supabaseClient.auth.signUp({ email, password });\n      if (error) {\n        setAuthError(error);\n      }\n      return { error };\n    } catch (err: any) {\n      const authError = err as AuthError;\n      setAuthError(authError);\n      return { error: authError };\n    }\n  }, [supabaseClient]);\n\n  const signOut = useCallback(async () => {\n    DebugLogger.log('AuthProvider', 'signOut called');\n    \n    // Immediately set loading to false to prevent timeout warnings\n    setAuthLoading(false);\n    \n    if (!supabaseClient) {\n      DebugLogger.log('AuthProvider', 'No supabase client, clearing state manually');\n      setUser(null);\n      setSession(null);\n      setAuthError(null);\n      return { error: null };\n    }\n    \n    // Clear state immediately before calling Supabase signOut\n    DebugLogger.log('AuthProvider', 'Pre-clearing state before signOut call');\n    setUser(null);\n    setSession(null);\n    setAuthError(null);\n    \n    try {\n      DebugLogger.log('AuthProvider', 'Calling supabase signOut');\n      \n      // Add a timeout to prevent hanging\n      const signOutPromise = supabaseClient.auth.signOut();\n      const timeoutPromise = new Promise((_, reject) => \n        setTimeout(() => reject(new Error('SignOut timeout')), 3000)\n      );\n      \n      const { error } = await Promise.race([signOutPromise, timeoutPromise]) as any;\n      \n      if (error && !error.message?.includes('SignOut timeout')) {\n        console.error('[AuthProvider] signOut error:', error);\n        // Don't set auth error for logout - we've already cleared state\n      }\n      \n      DebugLogger.log('AuthProvider', 'signOut process completed');\n      return { error: null }; // Always return success for logout\n    } catch (err) {\n      console.warn('[AuthProvider] signOut exception (ignored):', err);\n      // Ignore errors during logout - state is already cleared\n      return { error: null };\n    }\n  }, [supabaseClient]);\n\n  const resetPassword = useCallback(async (email: string) => {\n    if (!supabaseClient) {\n      const error = new Error('No Supabase client provided') as AuthError;\n      setAuthError(error);\n      return { error };\n    }\n\n    setAuthError(null);\n    try {\n      const { error } = await supabaseClient.auth.resetPasswordForEmail(email);\n      if (error) {\n        setAuthError(error);\n      }\n      return { error };\n    } catch (err: any) {\n      const authError = err as AuthError;\n      setAuthError(authError);\n      return { error: authError };\n    }\n  }, [supabaseClient]);\n\n  const updatePassword = useCallback(async (password: string) => {\n    if (!supabaseClient) return { error: new AuthError('Supabase client not available.', 500) };\n    const { error } = await supabaseClient.auth.updateUser({ password });\n    if (error) {\n      setAuthError(error);\n    }\n    return { error };\n  }, [supabaseClient]);\n\n  const refreshSession = useCallback(async () => {\n    if (!supabaseClient) {\n      const error = new Error('No Supabase client provided') as AuthError;\n      setAuthError(error);\n      return { error };\n    }\n\n    setAuthError(null);\n    try {\n      const { error } = await supabaseClient.auth.refreshSession();\n      if (error) {\n        setAuthError(error);\n      }\n      return { error };\n    } catch (err: any) {\n      const authError = err as AuthError;\n      setAuthError(authError);\n      return { error: authError };\n    }\n  }, [supabaseClient]);\n\n  // Memoized derived values\n  const isAuthenticated = !!user;\n\n  // Memoized context value\n  const contextValue = useMemo<AuthContextType>(() => ({\n    user,\n    session,\n    isAuthenticated,\n    authLoading,\n    authError,\n    error: authError, // Alias for backward compatibility\n    supabase: supabaseClient || null,\n\n    signIn,\n    signUp,\n    signOut,\n    resetPassword,\n    updatePassword,\n    refreshSession,\n  }), [\n    user, session, isAuthenticated, authLoading, authError, supabaseClient,\n    signIn, signUp, signOut, resetPassword, updatePassword, refreshSession,\n  ]);\n\n  return (\n    <AuthContext.Provider value={contextValue}>\n      {children}\n    </AuthContext.Provider>\n  );\n}\n","/**\n * @file RBAC Provider\n * @package @jmruthers/pace-core\n * @module Providers/RBAC\n * @since 0.1.0\n *\n * Handles role-based access control, permissions, and event access management.\n * Separated from UnifiedAuthProvider for better maintainability.\n */\n\nimport React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';\nimport { type SupabaseClient, type User, type Session } from '@supabase/supabase-js';\nimport { AccessLevel } from '../types/unified';\nimport { DebugLogger } from '../utils/debugLogger';\n\n// App configuration type\ninterface AppConfig {\n  supports_direct_access: boolean;\n  requires_event: boolean;\n}\n\n// User event access type - now includes organisation context for security\nexport interface UserEventAccess {\n  event_id: string;\n  event_name: string;\n  event_description?: string | null;\n  start_date: string;\n  end_date: string;\n  event_status: string;\n  app_id: string;\n  access_level: string;\n  granted_at: string;\n  organisation_id: string; // MANDATORY for security\n}\n\n// RBAC context type\nexport interface RBACContextType {\n  // RBAC state\n  permissions: Record<string, boolean>;\n  roles: string[];\n  accessLevel: AccessLevel;\n  rbacLoading: boolean;\n  rbacError: Error | null;\n  selectedEventId: string | null;\n  appConfig: AppConfig | null;\n  userEventAccess: UserEventAccess[];\n  eventAccessLoading: boolean;\n  \n  // Organisation context integration\n  selectedOrganisationId: string | null;\n  requireOrganisationContext: () => string; // Throws if no organisation context\n  \n  // RBAC methods\n  hasPermission: (permission: string, orgId?: string) => boolean;\n  hasAnyPermission: (permissions: string[], orgId?: string) => boolean;\n  hasAllPermissions: (permissions: string[], orgId?: string) => boolean;\n  hasRole: (role: string) => boolean;\n  hasAccessLevel: (level: AccessLevel) => boolean;\n  canAccess: (resource: string, action: string, orgId?: string) => boolean;\n  validatePermission: (permission: string, orgId?: string) => Promise<boolean>;\n  validateAccess: (resource: string, action: string, orgId?: string) => Promise<boolean>;\n  refreshPermissions: (eventId?: string, orgId?: string) => Promise<void>;\n  setSelectedEventId: (eventId: string | null) => void;\n  loadUserEventAccess: (orgId?: string) => Promise<void>;\n  getUserEventAccess: (eventId: string) => UserEventAccess | undefined;\n  \n  // New RBAC system support\n  rbacEnabled: boolean;\n  rbacContext?: any; // Will be populated by useRBAC hook when enabled\n}\n\nconst RBACContext = createContext<RBACContextType | undefined>(undefined);\n\nexport const useRBAC = () => {\n  const context = useContext(RBACContext);\n  if (!context) {\n    throw new Error('useRBAC must be used within an RBACProvider');\n  }\n  return context;\n};\n\nexport interface RBACProviderProps {\n  children: React.ReactNode;\n  supabaseClient?: SupabaseClient;\n  user: User | null;\n  session: Session | null;\n  appName: string;\n  enableRBAC?: boolean;\n  persistState?: boolean;\n  enablePersistence?: boolean;\n  requireOrganisationContext?: boolean;\n}\n\n// Storage keys for persistence\nconst STORAGE_KEYS = {\n  SELECTED_EVENT: 'pace-core-selected-event',\n} as const;\n\n// Helper function to transform RBAC permissions to the format expected by UnifiedAuthProvider\nconst transformRBACPermissions = (rbacData: any[], _appName: string) => {\n  const permissions: Record<string, boolean> = {};\n  let roles: string[] = [];\n  let access_level: AccessLevel = AccessLevel.VIEWER;\n\n  if (!rbacData || !Array.isArray(rbacData)) {\n    return { permissions: {}, roles: ['viewer'], access_level: AccessLevel.VIEWER };\n  }\n\n  // Check for super admin first\n  const superAdminPerm = rbacData.find((p: any) => p.permission_type === 'all_permissions');\n  if (superAdminPerm) {\n    return { \n      permissions: { 'all:all': true } as Record<string, boolean>, \n      roles: ['super'], \n      access_level: AccessLevel.SUPER \n    };\n  }\n\n  // Process event-app permissions\n  const eventAppPerms = rbacData.filter((p: any) => p.permission_type === 'event_app_access');\n  if (eventAppPerms.length > 0) {\n    const role = eventAppPerms[0].role_name;\n    \n    // Map RBAC roles to AccessLevel\n    switch (role) {\n      case 'event_admin':\n        access_level = AccessLevel.ADMIN;\n        roles = ['admin'];\n        break;\n      case 'planner':\n        access_level = AccessLevel.PLANNER;\n        roles = ['planner'];\n        break;\n      case 'participant':\n        access_level = AccessLevel.PARTICIPANT;\n        roles = ['participant'];\n        break;\n      case 'editor':\n        access_level = AccessLevel.EDITOR;\n        roles = ['editor'];\n        break;\n      case 'viewer':\n      default:\n        access_level = AccessLevel.VIEWER;\n        roles = ['viewer'];\n        break;\n    }\n\n    // For now, we'll set basic permissions based on role\n    // In a full implementation, you'd want to fetch page-specific permissions\n    const basePermissions = ['read'];\n    if (['event_admin', 'planner'].includes(role)) {\n      basePermissions.push('create', 'update');\n    }\n    if (role === 'event_admin') {\n      basePermissions.push('delete');\n    }\n\n    // Set permissions for all pages (simplified approach)\n    // In a real implementation, you'd want to get actual page permissions\n    basePermissions.forEach(operation => {\n      permissions[`default:${operation}`] = true;\n    });\n  }\n\n  // Process organisation permissions\n  const orgPerms = rbacData.filter((p: any) => p.permission_type === 'organisation_access');\n  if (orgPerms.length > 0) {\n    const role = orgPerms[0].role_name;\n    if (role === 'org_admin') {\n      access_level = AccessLevel.ADMIN;\n      roles = ['admin'];\n      // Org admins get all permissions\n      ['create', 'read', 'update', 'delete'].forEach(operation => {\n        permissions[`default:${operation}`] = true;\n      });\n    }\n  }\n\n  return { permissions, roles, access_level };\n};\n\nexport function RBACProvider({\n  children,\n  supabaseClient,\n  user,\n  session,\n  appName,\n  enableRBAC = false,\n  persistState = true,\n  enablePersistence,\n  requireOrganisationContext: _requireOrganisationContext = true,\n}: RBACProviderProps) {\n  // Use enablePersistence if provided, otherwise use persistState\n  const shouldPersist = enablePersistence !== undefined ? enablePersistence : persistState;\n\n  // RBAC state\n  const [permissions, setPermissions] = useState<Record<string, boolean>>({});\n  const [roles, setRoles] = useState<string[]>([]);\n  const [accessLevel, setAccessLevel] = useState<AccessLevel>(AccessLevel.VIEWER);\n  const [rbacLoading, setRbacLoading] = useState(false);\n  const [rbacError, setRbacError] = useState<Error | null>(null);\n  const [selectedEventId, setSelectedEventId] = useState<string | null>(null);\n  const [appConfig, setAppConfig] = useState<AppConfig | null>(null);\n  const [userEventAccess, setUserEventAccess] = useState<UserEventAccess[]>([]);\n  const [eventAccessLoading, setEventAccessLoading] = useState(false);\n  \n  // Organisation context state\n  const [selectedOrganisationId, _setSelectedOrganisationId] = useState<string | null>(null);\n\n  // Load app configuration on mount and when appName changes\n  useEffect(() => {\n    if (!supabaseClient) return;\n\n    const loadAppConfig = async () => {\n      try {\n        // Use the same app name resolution as PagePermissionGuard\n        const { getCurrentAppName } = await import('../utils/appNameResolver');\n        const resolvedAppName = getCurrentAppName() || appName;\n        \n        // First resolve app name to app_id\n        const { data: appData, error: appError } = await supabaseClient\n          .from('rbac_apps')\n          .select('id')\n          .eq('name', resolvedAppName)\n          .eq('is_active', true)\n          .single();\n\n        if (appError || !appData) {\n          console.warn('App not found or inactive:', resolvedAppName);\n          setAppConfig({\n            supports_direct_access: false,\n            requires_event: true\n          });\n          return;\n        }\n\n        const response = await supabaseClient.rpc('get_app_config', {\n          p_app_id: appData.id\n        });\n        \n        const { data } = response || {};\n\n        if (data && data.length > 0) {\n          setAppConfig({\n            supports_direct_access: data[0].supports_direct_access,\n            requires_event: data[0].requires_event\n          });\n        } else {\n          // Default configuration if app not found\n          setAppConfig({\n            supports_direct_access: false,\n            requires_event: true\n          });\n        }\n      } catch (error) {\n        console.warn(\"Clearing corrupted localStorage data\");\n        if (typeof localStorage !== 'undefined') {\n          localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n        }\n        console.warn('Failed to load app configuration:', error);\n        // Default configuration on error\n        setAppConfig({\n          supports_direct_access: false,\n          requires_event: true\n        });\n      }\n    };\n\n    loadAppConfig();\n  }, [supabaseClient, appName]);\n\n  // Set super admin roles based on user metadata\n  useEffect(() => {\n    // Check if user has super admin role in metadata\n    const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n    if (isSuperAdmin) {\n      setRoles(['super_admin']);\n    } else {\n      setRoles([]);\n    }\n  }, [user]);\n\n  // Load persisted auth state on mount\n  useEffect(() => {\n    if (!shouldPersist) return;\n\n    try {\n      const persistedEvent = localStorage.getItem(STORAGE_KEYS.SELECTED_EVENT);\n      if (persistedEvent) {\n        setSelectedEventId(JSON.parse(persistedEvent));\n      }\n    } catch (error) {\n      console.warn(\"Clearing corrupted localStorage data\");\n      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n    }\n  }, [shouldPersist]);\n\n  // Persist auth state changes\n  useEffect(() => {\n    if (!shouldPersist) return;\n\n    try {\n      if (selectedEventId) {\n        localStorage.setItem(\n          STORAGE_KEYS.SELECTED_EVENT,\n          JSON.stringify(selectedEventId),\n        );\n      } else {\n        localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n      }\n    } catch (error) {\n      console.warn(\"Clearing corrupted localStorage data\");\n      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n      console.warn('Failed to persist auth state:', error);\n    }\n  }, [selectedEventId, shouldPersist]);\n\n  // Load RBAC data when user is authenticated\n  const refreshPermissions = useCallback(async (eventId?: string) => {\n    if (!supabaseClient || !user || !appConfig || !session) {\n      DebugLogger.log('RBACProvider', 'refreshPermissions: Missing required dependencies, clearing permissions');\n      setPermissions({});\n      setRoles([]);\n      setAccessLevel(AccessLevel.VIEWER);\n      return;\n    }\n\n    // Check for super admin first - admin override should happen regardless of app configuration\n    const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n    if (isSuperAdmin) {\n      setPermissions({\n        'admin:create': true,\n        'admin:read': true,\n        'admin:update': true,\n        'admin:delete': true,\n        'users:create': true,\n        'users:read': true,\n        'users:update': true,\n        'users:delete': true,\n        'events:create': true,\n        'events:read': true,\n        'events:update': true,\n        'events:delete': true\n      });\n      setRoles(['super_admin']);\n      setAccessLevel(AccessLevel.ADMIN);\n      return;\n    }\n\n    // Determine if we should load permissions without an event\n    const shouldLoadDirectPermissions = !eventId && !appConfig.requires_event;\n    const shouldLoadEventPermissions = eventId;\n    const shouldClearPermissions = !eventId && appConfig.requires_event;\n\n    // If no eventId and app requires events, clear permissions\n    if (shouldClearPermissions) {\n      setPermissions({});\n      setRoles([]);\n      setAccessLevel(AccessLevel.VIEWER);\n      return;\n    }\n\n    // Only proceed if we should load permissions\n    if (!shouldLoadDirectPermissions && !shouldLoadEventPermissions) {\n      return;\n    }\n\n    setRbacLoading(true);\n    setRbacError(null);\n\n    try {\n      // Use the same app name resolution as PagePermissionGuard\n      const { getCurrentAppName } = await import('../utils/appNameResolver');\n      const resolvedAppName = getCurrentAppName() || appName;\n      \n      // First resolve app name to app_id\n      const { data: appData, error: appError } = await supabaseClient\n        .from('rbac_apps')\n        .select('id')\n        .eq('name', resolvedAppName)\n        .eq('is_active', true)\n        .single();\n\n      if (appError || !appData) {\n        console.warn('App not found or inactive:', resolvedAppName);\n        setRbacLoading(false);\n        return;\n      }\n\n      const { data, error } = await supabaseClient.rpc('get_rbac_permissions', {\n        p_user_id: user.id,\n        p_app_id: appData.id,\n        p_event_id: eventId || null,\n        p_organisation_id: selectedOrganisationId || null\n      });\n\n      if (error) {\n        throw error;\n      }\n\n      const { permissions, roles, access_level } = transformRBACPermissions(data, appName);\n\n      setPermissions(permissions);\n      setRoles(roles);\n      setAccessLevel(access_level);\n    } catch (err: any) {\n      setRbacError(err);\n    } finally {\n      setRbacLoading(false);\n    }\n  }, [supabaseClient, user, session, appName, appConfig, selectedOrganisationId]);\n\n  // Load user event access data\n  const loadUserEventAccess = useCallback(async () => {\n    if (!supabaseClient || !user || !session) {\n      DebugLogger.log('RBACProvider', 'loadUserEventAccess: Missing required dependencies, clearing event access');\n      setUserEventAccess([]);\n      return;\n    }\n\n    setEventAccessLoading(true);\n    try {\n      // Use the same app name resolution as PagePermissionGuard\n      const { getCurrentAppName } = await import('../utils/appNameResolver');\n      const resolvedAppName = getCurrentAppName() || appName;\n      \n      // First resolve app name to app_id\n      const { data: appData, error: appError } = await supabaseClient\n        .from('rbac_apps')\n        .select('id')\n        .eq('name', resolvedAppName)\n        .eq('is_active', true)\n        .single();\n\n      if (appError || !appData) {\n        console.warn('App not found or inactive:', resolvedAppName);\n        setEventAccessLoading(false);\n        return;\n      }\n\n      const { data, error } = await supabaseClient\n        .from('rbac_event_app_roles')\n        .select(`\n          event_id,\n          role,\n          granted_at\n        `)\n        .eq('user_id', user.id)\n        .eq('app_id', appData.id);\n\n      if (error) {\n        console.error('Failed to load user event access:', error);\n        setUserEventAccess([]);\n        return;\n      }\n\n      const eventAccess = data?.map(item => ({\n        event_id: item.event_id,\n        event_name: 'Unknown Event', // Event details not available in this query\n        event_description: null, // Not available in this schema\n        start_date: '', // Event date not available in this query\n        end_date: '', // Event date not available in this query\n        event_status: 'unknown', // Not available in this schema\n        app_id: appData.id,\n        access_level: item.role, // Map role to access_level\n        granted_at: item.granted_at,\n        organisation_id: '' // Will be populated from event's organisation_id if needed\n      })) || [];\n\n      setUserEventAccess(eventAccess);\n    } catch (error) {\n      console.warn(\"Clearing corrupted localStorage data\");\n      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n      console.error('Error loading user event access:', error);\n      setUserEventAccess([]);\n    } finally {\n      setEventAccessLoading(false);\n    }\n  }, [supabaseClient, user, session, appName]);\n\n  // Helper function to get access for a specific event\n  const getUserEventAccess = useCallback((eventId: string) => {\n    return userEventAccess.find(access => access.event_id === eventId);\n  }, [userEventAccess]);\n\n  // When the selected event ID changes, user logs in, or app config loads, refresh permissions\n  useEffect(() => {\n    // Don't run if user is null (signed out) or no app config\n    if (!user || !appConfig || !session) {\n      DebugLogger.log('RBACProvider', 'Skipping permission refresh - no user, session, or app config');\n      return;\n    }\n\n    // Check for super admin first - admin override should happen regardless of app configuration\n    const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n    if (isSuperAdmin) {\n      setPermissions({\n        'admin:create': true,\n        'admin:read': true,\n        'admin:update': true,\n        'admin:delete': true,\n        'users:create': true,\n        'users:read': true,\n        'users:update': true,\n        'users:delete': true,\n        'events:create': true,\n        'events:read': true,\n        'events:update': true,\n        'events:delete': true\n      });\n      setRoles(['super_admin']);\n      setAccessLevel(AccessLevel.ADMIN);\n      return;\n    }\n\n    if (selectedEventId) {\n      // Event-based permissions\n      refreshPermissions(selectedEventId);\n    } else if (!appConfig.requires_event) {\n      // Direct app permissions (no event needed)\n      refreshPermissions();\n    } else {\n      // No event and app requires events - clear permissions\n      setPermissions({});\n      setRoles([]);\n      setAccessLevel(AccessLevel.VIEWER);\n    }\n  }, [selectedEventId, user, session, appConfig, refreshPermissions]);\n\n  // Load user event access when user changes\n  useEffect(() => {\n    let isMounted = true;\n\n    if (user && session) {\n      DebugLogger.log('RBACProvider', 'Loading user event access for authenticated user');\n      loadUserEventAccess().catch(error => {\n        if (isMounted) {\n          console.error('Error loading user event access:', error);\n        }\n      });\n    } else {\n      DebugLogger.log('RBACProvider', 'Clearing user event access - no user or session');\n      if (isMounted) {\n        setUserEventAccess([]);\n      }\n    }\n\n    return () => {\n      isMounted = false;\n    };\n  }, [user, session, loadUserEventAccess]);\n\n  // Permission methods\n  const hasPermission = useCallback((permission: string) => {\n    const hasPerm = !!permissions[permission];\n    return hasPerm;\n  }, [permissions]);\n  const hasAnyPermission = useCallback((perms: string[]) => perms.some(p => !!permissions[p]), [permissions]);\n  const hasAllPermissions = useCallback((perms: string[]) => perms.every(p => !!permissions[p]), [permissions]);\n  const hasRole = useCallback((role: string) => {\n    const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n    if (role.toLowerCase() === 'super_admin') {\n      return isSuperAdmin;\n    }\n    return roles.includes(role);\n  }, [roles, user]);\n  const hasAccessLevel = useCallback((level: AccessLevel) => {\n    const levels = Object.values(AccessLevel);\n    return levels.indexOf(accessLevel) >= levels.indexOf(level);\n  }, [accessLevel]);\n  const canAccess = useCallback((resource: string, action: string) => {\n    const permission = `${resource}:${action}`;\n    const hasAccess = hasPermission(permission);\n    return hasAccess;\n  }, [hasPermission]);\n  const validatePermission = useCallback(async (permission: string) => hasPermission(permission), [hasPermission]);\n  const validateAccess = useCallback(async (resource: string, action: string) => {\n    // Placeholder for more complex logic, e.g., re-validating with backend\n    return Promise.resolve(canAccess(resource, action));\n  }, [canAccess]);\n\n  // Memoized context value\n  const contextValue = useMemo<RBACContextType>(() => ({\n    permissions,\n    roles,\n    accessLevel,\n    rbacLoading,\n    rbacError,\n    selectedEventId,\n    appConfig,\n    userEventAccess,\n    eventAccessLoading,\n\n    // Organisation context\n    selectedOrganisationId,\n    requireOrganisationContext: () => {\n      if (!selectedOrganisationId) {\n        throw new Error('Organisation context is required but not available');\n      }\n      return selectedOrganisationId;\n    },\n\n    hasPermission,\n    hasAnyPermission,\n    hasAllPermissions,\n    hasRole,\n    hasAccessLevel,\n    canAccess,\n    validatePermission,\n    validateAccess,\n    refreshPermissions,\n    setSelectedEventId,\n    \n    // New RBAC system support\n    rbacEnabled: enableRBAC,\n    rbacContext: undefined, // Will be populated by useRBAC hook when enabled\n    \n    loadUserEventAccess,\n    getUserEventAccess\n  }), [\n    permissions, roles, accessLevel, rbacLoading, rbacError, selectedEventId, appConfig,\n    userEventAccess, eventAccessLoading, selectedOrganisationId,\n    hasPermission, hasAnyPermission, hasAllPermissions, hasRole, hasAccessLevel, canAccess,\n    validatePermission, validateAccess, refreshPermissions, setSelectedEventId,\n    enableRBAC, loadUserEventAccess, getUserEventAccess\n  ]);\n\n  return (\n    <RBACContext.Provider value={contextValue}>\n      {children}\n    </RBACContext.Provider>\n  );\n}\n","/**\n * @file Inactivity Tracker Hook\n * @package @jmruthers/pace-core\n * @module Hooks/useInactivityTracker\n * @since 0.1.0\n *\n * A custom hook that tracks user inactivity and provides cross-tab synchronization.\n * Monitors various user interactions and manages inactivity timers with persistence.\n *\n * Features:\n * - Cross-tab synchronization using BroadcastChannel and localStorage\n * - Monitors keyboard, mouse, touch, scroll, and focus events\n * - Throttled event handling for performance\n * - Persistence of last activity time across page reloads\n * - SSR-safe implementation with proper cleanup\n * - Configurable timeout and warning thresholds\n * - Production-safe with dev-only escape hatches\n *\n * @example\n * ```tsx\n * const {\n *   isIdle,\n *   timeRemaining,\n *   showWarning,\n *   resetActivity,\n *   startTracking,\n *   stopTracking\n * } = useInactivityTracker({\n *   idleTimeoutMs: 30 * 60 * 1000, // 30 minutes\n *   warnBeforeMs: 60 * 1000, // 1 minute\n *   onIdle: () => console.log('User is idle'),\n *   onWarning: () => console.log('Warning should show'),\n *   onActivity: () => console.log('User is active')\n * });\n * ```\n *\n * @accessibility\n * - No direct accessibility concerns (utility hook)\n * - Enables accessible inactivity warnings\n * - Supports screen reader friendly countdowns\n * - Maintains focus management during warnings\n *\n * @performance\n * - Throttled event handling (100ms intervals)\n * - Efficient timer management with cleanup\n * - Minimal re-renders with stable references\n * - Memory leak prevention\n * - Cross-tab optimization\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - Browser APIs - BroadcastChannel, localStorage, timers\n */\n\nimport { useState, useEffect, useCallback, useRef } from 'react';\n\nexport interface UseInactivityTrackerOptions {\n  /** Timeout in milliseconds before user is considered idle (default: 30 minutes) */\n  idleTimeoutMs?: number;\n  /** Time in milliseconds before idle timeout to show warning (default: 60 seconds) */\n  warnBeforeMs?: number;\n  /** Callback when user becomes idle */\n  onIdle?: () => void;\n  /** Callback when warning should be shown */\n  onWarning?: () => void;\n  /** Callback when user becomes active again */\n  onActivity?: () => void;\n  /** Whether tracking is enabled (default: true) */\n  enabled?: boolean;\n  /** Storage key for persistence (default: 'pace-core-inactivity') */\n  storageKey?: string;\n  /** Broadcast channel name for cross-tab sync (default: 'pace-core-inactivity') */\n  channelName?: string;\n}\n\nexport interface UseInactivityTrackerReturn {\n  /** Whether the user is currently idle */\n  isIdle: boolean;\n  /** Time remaining in milliseconds before idle timeout */\n  timeRemaining: number;\n  /** Whether warning should be shown */\n  showWarning: boolean;\n  /** Reset the activity timer */\n  resetActivity: () => void;\n  /** Start tracking inactivity */\n  startTracking: () => void;\n  /** Stop tracking inactivity */\n  stopTracking: () => void;\n  /** Whether tracking is currently active */\n  isTracking: boolean;\n}\n\n// Events that indicate user activity\nconst ACTIVITY_EVENTS = [\n  'mousedown',\n  'mousemove',\n  'mouseup',\n  'click',\n  'scroll',\n  'wheel',\n  'touchstart',\n  'touchmove',\n  'touchend',\n  'keydown',\n  'keyup',\n  'keypress',\n  'focus',\n  'blur',\n  'visibilitychange'\n] as const;\n\n// Throttle function to limit event handler frequency\nfunction throttle<T extends (...args: any[]) => void>(\n  func: T,\n  limit: number\n): (...args: Parameters<T>) => void {\n  let inThrottle: boolean;\n  return function (this: any, ...args: Parameters<T>) {\n    if (!inThrottle) {\n      func.apply(this, args);\n      inThrottle = true;\n      setTimeout(() => (inThrottle = false), limit);\n    }\n  };\n}\n\nexport function useInactivityTracker({\n  idleTimeoutMs = 30 * 60 * 1000, // 30 minutes\n  warnBeforeMs = 60 * 1000, // 1 minute\n  onIdle,\n  onWarning,\n  onActivity,\n  enabled = true,\n  storageKey = 'pace-core-inactivity',\n  channelName = 'pace-core-inactivity'\n}: UseInactivityTrackerOptions = {}): UseInactivityTrackerReturn {\n  const [isIdle, setIsIdle] = useState(false);\n  const [timeRemaining, setTimeRemaining] = useState(idleTimeoutMs);\n  const [showWarning, setShowWarning] = useState(false);\n  const [isTracking, setIsTracking] = useState(false);\n\n  // Reset tracking state when enabled changes\n  useEffect(() => {\n    if (!enabled) {\n      setIsTracking(false);\n      setIsIdle(false);\n      setShowWarning(false);\n      setTimeRemaining(idleTimeoutMs);\n    }\n  }, [enabled, idleTimeoutMs]);\n\n  const timeoutRef = useRef<NodeJS.Timeout | null>(null);\n  const warningTimeoutRef = useRef<NodeJS.Timeout | null>(null);\n  const countdownIntervalRef = useRef<NodeJS.Timeout | null>(null);\n  const lastActivityRef = useRef<number>(Date.now());\n  const channelRef = useRef<BroadcastChannel | null>(null);\n\n  // Clear all timers\n  const clearTimers = useCallback(() => {\n    if (timeoutRef.current) {\n      clearTimeout(timeoutRef.current);\n      timeoutRef.current = null;\n    }\n    if (warningTimeoutRef.current) {\n      clearTimeout(warningTimeoutRef.current);\n      warningTimeoutRef.current = null;\n    }\n    if (countdownIntervalRef.current) {\n      clearInterval(countdownIntervalRef.current);\n      countdownIntervalRef.current = null;\n    }\n  }, []);\n\n  // Reset activity and restart timers\n  const resetActivity = useCallback((skipActivityCallback = false) => {\n    if (!enabled) return;\n\n    const now = Date.now();\n    lastActivityRef.current = now;\n\n    // Clear existing timers\n    clearTimers();\n\n    // Reset state\n    setIsIdle(false);\n    setShowWarning(false);\n    setTimeRemaining(idleTimeoutMs);\n\n    // Notify activity callback (unless skipped for initial setup)\n    if (!skipActivityCallback) {\n      onActivity?.();\n    }\n\n    // Set up warning timer\n    const warningTime = idleTimeoutMs - warnBeforeMs;\n    if (warningTime > 0) {\n      warningTimeoutRef.current = setTimeout(() => {\n        setShowWarning(true);\n        onWarning?.();\n      }, warningTime);\n    }\n\n    // Set up idle timeout\n    timeoutRef.current = setTimeout(() => {\n      setIsIdle(true);\n      onIdle?.();\n    }, idleTimeoutMs);\n\n    // Start countdown interval for time remaining\n    countdownIntervalRef.current = setInterval(() => {\n      const elapsed = Date.now() - lastActivityRef.current;\n      const remaining = Math.max(0, idleTimeoutMs - elapsed);\n      setTimeRemaining(remaining);\n\n      if (remaining === 0) {\n        clearTimers();\n      }\n    }, 1000);\n\n    // Persist activity time\n    try {\n      localStorage.setItem(storageKey, now.toString());\n    } catch (error) {\n      console.warn('[useInactivityTracker] Failed to persist activity time:', error);\n    }\n\n    // Broadcast activity to other tabs\n    try {\n      if (channelRef.current) {\n        channelRef.current.postMessage({ type: 'activity', timestamp: now });\n      }\n    } catch (error) {\n      console.warn('[useInactivityTracker] Failed to broadcast activity:', error);\n    }\n  }, [enabled, idleTimeoutMs, warnBeforeMs, onIdle, onWarning, onActivity, storageKey, clearTimers]);\n\n  // Start tracking\n  const startTracking = useCallback(() => {\n    if (!enabled) return;\n\n    // Always reset state and start fresh\n    setIsTracking(false);\n    setIsIdle(false);\n    setShowWarning(false);\n    setTimeRemaining(idleTimeoutMs);\n    \n    // Clear any existing timers\n    clearTimers();\n    \n    setIsTracking(true);\n\n    // Set up cross-tab communication\n    try {\n      if (typeof BroadcastChannel !== 'undefined') {\n        channelRef.current = new BroadcastChannel(channelName);\n        channelRef.current.onmessage = (event) => {\n          if (event.data.type === 'activity') {\n            lastActivityRef.current = event.data.timestamp;\n            resetActivity();\n          }\n        };\n      }\n    } catch (error) {\n      console.warn('[useInactivityTracker] Failed to set up cross-tab communication:', error);\n    }\n\n    // Check for persisted activity time\n    try {\n      const persistedTime = localStorage.getItem(storageKey);\n      if (persistedTime) {\n        const persistedTimestamp = parseInt(persistedTime, 10);\n        const elapsed = Date.now() - persistedTimestamp;\n        \n        if (elapsed < idleTimeoutMs) {\n          // User was active recently, continue from where we left off\n          lastActivityRef.current = persistedTimestamp;\n          const remaining = idleTimeoutMs - elapsed;\n          setTimeRemaining(remaining);\n          \n          if (remaining <= warnBeforeMs) {\n            setShowWarning(true);\n            onWarning?.();\n          }\n          \n          if (remaining <= 0) {\n            setIsIdle(true);\n            onIdle?.();\n            return;\n          }\n        }\n      }\n    } catch (error) {\n      console.warn('[useInactivityTracker] Failed to check persisted activity time:', error);\n    }\n\n    // Set up throttled activity handler\n    const throttledResetActivity = throttle((event) => {\n      resetActivity();\n    }, 100);\n\n    // Add event listeners\n    const addEventListeners = () => {\n      ACTIVITY_EVENTS.forEach(event => {\n        document.addEventListener(event, throttledResetActivity, { passive: true });\n      });\n    };\n\n    // Remove event listeners\n    const removeEventListeners = () => {\n      ACTIVITY_EVENTS.forEach(event => {\n        document.removeEventListener(event, throttledResetActivity);\n      });\n    };\n\n    // Add listeners\n    addEventListeners();\n\n    // Start the timer (skip activity callback for initial setup)\n    resetActivity(true);\n\n    // Cleanup function\n    return () => {\n      removeEventListeners();\n      clearTimers();\n      if (channelRef.current) {\n        channelRef.current.close();\n        channelRef.current = null;\n      }\n    };\n  }, [enabled, isTracking, channelName, storageKey, idleTimeoutMs, warnBeforeMs, onIdle, onWarning]);\n\n  // Stop tracking\n  const stopTracking = useCallback(() => {\n    setIsTracking(false);\n    clearTimers();\n    \n    if (channelRef.current) {\n      channelRef.current.close();\n      channelRef.current = null;\n    }\n  }, [clearTimers]);\n\n  // Effect to start/stop tracking based on enabled state\n  useEffect(() => {\n    if (enabled) {\n      const cleanup = startTracking();\n      return cleanup;\n    } else {\n      stopTracking();\n    }\n  }, [enabled, idleTimeoutMs, warnBeforeMs]);\n\n  // Cleanup on unmount\n  useEffect(() => {\n    return () => {\n      clearTimers();\n      if (channelRef.current) {\n        channelRef.current.close();\n      }\n    };\n  }, [clearTimers]);\n\n  return {\n    isIdle,\n    timeRemaining,\n    showWarning,\n    resetActivity,\n    startTracking,\n    stopTracking,\n    isTracking\n  };\n}\n","/**\n * @file Inactivity Warning Modal\n * @package @jmruthers/pace-core\n * @module Components/InactivityWarningModal\n * @since 0.1.0\n *\n * A modal dialog that warns users about impending auto-logout due to inactivity.\n * Provides a countdown timer and action buttons to either stay signed in or sign out immediately.\n *\n * Features:\n * - Accessible modal dialog with focus management\n * - Live countdown timer with 1-second updates\n * - Clear action buttons (Stay Signed In / Sign Out Now)\n * - Keyboard navigation support (Escape to stay signed in)\n * - Cross-tab awareness and synchronization\n * - Tailwind v4 styling with pace-core theme tokens\n * - Production-safe with no arbitrary bracket classes\n *\n * @example\n * ```tsx\n * <InactivityWarningModal\n *   isOpen={showWarning}\n *   timeRemaining={45}\n *   onStaySignedIn={() => setShowWarning(false)}\n *   onSignOutNow={() => signOut()}\n * />\n * ```\n *\n * @accessibility\n * - WCAG 2.1 AA compliant\n * - Focus trap within modal content\n * - Screen reader announcements for countdown changes\n * - Keyboard navigation support\n * - Clear visual hierarchy and contrast\n * - Escape key to stay signed in (safe default)\n *\n * @performance\n * - Efficient countdown updates (1-second intervals)\n * - Minimal re-renders with stable references\n * - Memory leak prevention with cleanup\n * - Optimized timer management\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - Dialog components - Modal functionality\n * - Tailwind CSS v4 - Styling\n */\n\nimport React, { useEffect, useState, useCallback } from 'react';\nimport { Dialog, DialogContent, DialogHeader, DialogTitle, DialogDescription } from '../Dialog/Dialog';\nimport { Button } from '../Button/Button';\nimport { Clock, AlertTriangle } from 'lucide-react';\n\nexport interface InactivityWarningModalProps {\n  /** Whether the modal is open */\n  isOpen: boolean;\n  /** Time remaining in seconds before auto-logout */\n  timeRemaining: number;\n  /** Callback when user chooses to stay signed in */\n  onStaySignedIn: () => void;\n  /** Callback when user chooses to sign out immediately */\n  onSignOutNow: () => void;\n  /** Optional custom title */\n  title?: string;\n  /** Optional custom description */\n  description?: string;\n  /** Optional custom className */\n  className?: string;\n}\n\nexport function InactivityWarningModal({\n  isOpen,\n  timeRemaining,\n  onStaySignedIn,\n  onSignOutNow,\n  title = \"Session Timeout Warning\",\n  description = \"You've been inactive for a while. Your session will expire soon for security reasons.\",\n  className\n}: InactivityWarningModalProps) {\n  const [displayTime, setDisplayTime] = useState(timeRemaining);\n\n  // Update display time when timeRemaining prop changes\n  useEffect(() => {\n    setDisplayTime(timeRemaining);\n  }, [timeRemaining]);\n\n  // Format time for display (MM:SS)\n  const formatTime = useCallback((seconds: number) => {\n    const mins = Math.floor(seconds / 60);\n    const secs = seconds % 60;\n    return `${mins.toString().padStart(2, '0')}:${secs.toString().padStart(2, '0')}`;\n  }, []);\n\n\n\n\n  return (\n    <Dialog open={isOpen} onOpenChange={(open) => !open && onStaySignedIn()}>\n      <DialogContent \n        className={`sm:max-w-md ${className || ''}`}\n        preventCloseOnEscape={false}\n        preventCloseOnOutsideClick={true}\n        data-testid=\"inactivity-warning-modal\"\n      >\n        <DialogHeader>\n          <div className=\"flex items-center gap-3\">\n            <div className=\"flex-shrink-0\">\n              <AlertTriangle className=\"h-6 w-6 text-acc-600\" />\n            </div>\n            <div>\n              <DialogTitle className=\"text-lg font-semibold text-main-900\">\n                {title}\n              </DialogTitle>\n            </div>\n          </div>\n          <DialogDescription className=\"text-main-700 mt-2\">\n            {description}\n          </DialogDescription>\n        </DialogHeader>\n\n        <div className=\"space-y-6\">\n          {/* Countdown Timer */}\n          <div className=\"text-center\">\n            <div className=\"inline-flex items-center gap-2 px-4 py-3 bg-acc-50 border border-acc-200 rounded-lg\">\n              <Clock className=\"h-5 w-5 text-acc-600\" />\n              <span className=\"text-2xl font-mono font-bold text-acc-700\">\n                {formatTime(displayTime)}\n              </span>\n            </div>\n            <p className=\"text-sm text-main-600 mt-2\">\n              Time remaining before automatic logout\n            </p>\n          </div>\n\n          {/* Action Buttons */}\n          <div className=\"flex flex-col sm:flex-row gap-3\">\n            <Button\n              onClick={onStaySignedIn}\n              className=\"flex-1 bg-main-600 hover:bg-main-700 text-main-50\"\n              size=\"lg\"\n            >\n              Stay Signed In\n            </Button>\n            <Button\n              onClick={onSignOutNow}\n              variant=\"outline\"\n              className=\"flex-1 border-acc-300 text-acc-700 hover:bg-acc-50\"\n              size=\"lg\"\n            >\n              Sign Out Now\n            </Button>\n          </div>\n\n          {/* Additional Info */}\n          <div className=\"text-xs text-main-500 text-center\">\n            <p>\n              For security reasons, you'll be automatically signed out after 30 minutes of inactivity.\n            </p>\n          </div>\n        </div>\n      </DialogContent>\n    </Dialog>\n  );\n}\n","/**\n * @file Inactivity Provider\n * @package @jmruthers/pace-core\n * @module Providers/Inactivity\n * @since 0.1.0\n *\n * Handles inactivity tracking, auto-logout, and warning modals.\n * Separated from UnifiedAuthProvider for better maintainability.\n */\n\nimport React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';\nimport { useInactivityTracker } from '../hooks/useInactivityTracker';\nimport { InactivityWarningModal } from '../components/InactivityWarningModal/InactivityWarningModal';\n\n// Inactivity context type\nexport interface InactivityContextType {\n  // Inactivity state\n  showInactivityWarning: boolean;\n  inactivityTimeRemaining: number;\n  isIdle: boolean;\n  timeRemaining: number;\n  showWarning: boolean;\n  isTracking: boolean;\n  \n  // Inactivity methods\n  resetActivity: () => void;\n  startTracking: () => void;\n  stopTracking: () => void;\n  handleIdleLogout: () => Promise<void>;\n  handleStaySignedIn: () => void;\n  handleSignOutNow: () => Promise<void>;\n}\n\nconst InactivityContext = createContext<InactivityContextType | undefined>(undefined);\n\nexport const useInactivity = () => {\n  const context = useContext(InactivityContext);\n  if (!context) {\n    throw new Error('useInactivity must be used within an InactivityProvider');\n  }\n  return context;\n};\n\nexport interface InactivityProviderProps {\n  children: React.ReactNode;\n  user: any; // User from auth context\n  session: any; // Session from auth context\n  supabaseClient: any; // Supabase client\n  idleTimeoutMs?: number; // Default: 30 minutes\n  warnBeforeMs?: number; // Default: 60 seconds\n  onIdleLogout?: (reason: 'inactivity') => void; // App handles redirect/navigation\n  renderInactivityWarning?: (args: {\n    timeRemaining: number;\n    onStaySignedIn: () => void;\n    onSignOutNow: () => void;\n  }) => React.ReactNode; // Optional custom warning UI\n  dangerouslyDisableInactivity?: boolean; // Dev-only; must not disable in production\n}\n\nexport function InactivityProvider({\n  children,\n  user,\n  session,\n  supabaseClient,\n  idleTimeoutMs = 30 * 60 * 1000, // 30 minutes\n  warnBeforeMs = 60 * 1000, // 60 seconds\n  onIdleLogout,\n  renderInactivityWarning,\n  dangerouslyDisableInactivity = false\n}: InactivityProviderProps) {\n  // Inactivity state\n  const [showInactivityWarning, setShowInactivityWarning] = useState(false);\n  const [inactivityTimeRemaining, setInactivityTimeRemaining] = useState(0);\n\n  // Production safety check for inactivity feature\n  useEffect(() => {\n    if (typeof window !== 'undefined') {\n      const isProduction = process.env.NODE_ENV === 'production';\n      \n      if (isProduction && dangerouslyDisableInactivity) {\n        console.error('[InactivityProvider] CRITICAL: dangerouslyDisableInactivity is not allowed in production! Auto-enabling inactivity feature.');\n      }\n      \n      if (!isProduction && dangerouslyDisableInactivity) {\n        console.warn('[InactivityProvider] Inactivity feature disabled for development. This will NOT work in production.');\n      }\n    }\n  }, [dangerouslyDisableInactivity]);\n\n  // Inactivity tracking\n  const isInactivityEnabled = typeof window !== 'undefined' && \n    (process.env.NODE_ENV !== 'production' ? !dangerouslyDisableInactivity : true);\n\n  const {\n    isIdle,\n    timeRemaining,\n    showWarning,\n    resetActivity,\n    startTracking,\n    stopTracking,\n    isTracking\n  } = useInactivityTracker({\n    idleTimeoutMs,\n    warnBeforeMs,\n    enabled: isInactivityEnabled && !!user && !!session,\n    onIdle: useCallback(() => {\n      // Handle idle logout inline to avoid circular dependency\n      setShowInactivityWarning(false);\n      setInactivityTimeRemaining(0);\n      \n      // Sign out via Supabase\n      if (supabaseClient) {\n        supabaseClient.auth.signOut().catch((error: any) => {\n          console.error('[InactivityProvider] Error during idle logout:', error);\n        });\n      }\n      \n      // Call app callback for navigation/redirect\n      onIdleLogout?.('inactivity');\n    }, [supabaseClient, onIdleLogout]),\n    onWarning: useCallback(() => {\n      setShowInactivityWarning(true);\n      setInactivityTimeRemaining(warnBeforeMs);\n    }, [warnBeforeMs]),\n    onActivity: useCallback(() => {\n      setShowInactivityWarning(false);\n      setInactivityTimeRemaining(0);\n    }, [])\n  });\n\n  // Handle idle logout (for manual calls)\n  const handleIdleLogout = useCallback(async () => {\n    // Hide warning\n    setShowInactivityWarning(false);\n    setInactivityTimeRemaining(0);\n    \n    // Stop tracking\n    stopTracking();\n    \n    // Sign out via Supabase\n    try {\n      if (supabaseClient) {\n        await supabaseClient.auth.signOut();\n      }\n    } catch (error: any) {\n      console.error('[InactivityProvider] Error during idle logout:', error);\n    }\n    \n    // Call app callback for navigation/redirect\n    onIdleLogout?.('inactivity');\n  }, [supabaseClient, onIdleLogout, stopTracking]);\n\n  // Handle stay signed in\n  const handleStaySignedIn = useCallback(() => {\n    setShowInactivityWarning(false);\n    setInactivityTimeRemaining(0);\n    resetActivity();\n  }, [resetActivity]);\n\n  // Handle sign out now\n  const handleSignOutNow = useCallback(async () => {\n    setShowInactivityWarning(false);\n    setInactivityTimeRemaining(0);\n    stopTracking();\n    \n    // Sign out via Supabase\n    try {\n      if (supabaseClient) {\n        await supabaseClient.auth.signOut();\n      }\n    } catch (error: any) {\n      console.error('[InactivityProvider] Error during manual sign out:', error);\n    }\n    \n    // Call app callback for navigation/redirect\n    onIdleLogout?.('inactivity');\n  }, [supabaseClient, onIdleLogout, stopTracking]);\n\n  // Update inactivity time remaining\n  useEffect(() => {\n    if (showWarning && timeRemaining > 0) {\n      setInactivityTimeRemaining(Math.ceil(timeRemaining / 1000)); // Convert to seconds\n    }\n  }, [showWarning, timeRemaining]);\n\n  // Memoized context value\n  const contextValue = useMemo<InactivityContextType>(() => ({\n    showInactivityWarning,\n    inactivityTimeRemaining,\n    isIdle,\n    timeRemaining,\n    showWarning,\n    isTracking,\n    resetActivity,\n    startTracking,\n    stopTracking,\n    handleIdleLogout,\n    handleStaySignedIn,\n    handleSignOutNow,\n  }), [\n    showInactivityWarning,\n    inactivityTimeRemaining,\n    isIdle,\n    timeRemaining,\n    showWarning,\n    isTracking,\n    resetActivity,\n    startTracking,\n    stopTracking,\n    handleIdleLogout,\n    handleStaySignedIn,\n    handleSignOutNow,\n  ]);\n\n  return (\n    <InactivityContext.Provider value={contextValue}>\n      {children}\n      \n      {/* Inactivity Warning Modal */}\n      {showInactivityWarning && (\n        renderInactivityWarning ? (\n          renderInactivityWarning({\n            timeRemaining: inactivityTimeRemaining,\n            onStaySignedIn: handleStaySignedIn,\n            onSignOutNow: handleSignOutNow\n          })\n        ) : (\n          <InactivityWarningModal\n            isOpen={showInactivityWarning}\n            timeRemaining={inactivityTimeRemaining}\n            onStaySignedIn={handleStaySignedIn}\n            onSignOutNow={handleSignOutNow}\n          />\n        )\n      )}\n    </InactivityContext.Provider>\n  );\n}\n","/**\n * @file Unified Authentication Provider\n * @package @jmruthers/pace-core\n * @module Providers/UnifiedAuth\n * @since 0.1.0\n *\n * A comprehensive authentication and RBAC provider that combines user authentication,\n * role-based access control, and permission management in a single unified context.\n * \n * This provider now uses composition of smaller, focused providers for better maintainability:\n * - AuthProvider: Handles authentication and session management\n * - RBACProvider: Handles role-based access control and permissions\n * - InactivityProvider: Handles inactivity tracking and auto-logout\n *\n * Features:\n * - Supabase authentication integration\n * - Role-based access control (RBAC)\n * - Permission management with database integration\n * - Access level hierarchy (VIEWER, PARTICIPANT, EDITOR, PLANNER, ADMIN, SUPER)\n * - Event-specific permissions\n * - Cross-device state persistence\n * - Loading state management\n * - Error handling and recovery\n * - Session management\n * - Admin role detection via user metadata\n * - Permission validation and caching\n * - Event selection and context switching\n * - Inactivity tracking and auto-logout\n *\n * @example\n * ```tsx\n * // Basic setup with Supabase\n * import { createClient } from '@supabase/supabase-js';\n * import { UnifiedAuthProvider } from '@jmruthers/pace-core';\n * \n * const supabase = createClient(url, key);\n * \n * function App() {\n *   return (\n *     <UnifiedAuthProvider supabaseClient={supabase} appName=\"My App\">\n *       <Router>\n *         <Routes>\n *           <Route path=\"/login\" element={<LoginPage />} />\n *           <Route path=\"/\" element={<Dashboard />} />\n *         </Routes>\n *       </Router>\n *     </UnifiedAuthProvider>\n *   );\n * }\n * \n * // Using authentication in components\n * function Dashboard() {\n *   const { user, isAuthenticated, signOut } = useUnifiedAuth();\n *   \n *   if (!isAuthenticated) {\n *     return <Navigate to=\"/login\" />;\n *   }\n *   \n *   return (\n *     <div>\n *       <h1>Welcome, {user?.email}</h1>\n *       <button onClick={signOut}>Sign Out</button>\n *     </div>\n *   );\n * }\n * \n * // Using RBAC permissions\n * function EventManager() {\n *   const { \n *     hasPermission, \n *     hasRole, \n *     hasAccessLevel, \n *     setSelectedEventId \n *   } = useUnifiedAuth();\n *   \n *   // Set event context for permissions\n *   useEffect(() => {\n *     setSelectedEventId('event-123');\n *   }, []);\n *   \n *   return (\n *     <div>\n *       {hasPermission('events:read') && (\n *         <EventList />\n *       )}\n *       {hasPermission('events:write') && (\n *         <CreateEventButton />\n *       )}\n *       {hasRole('admin') && (\n *         <AdminPanel />\n *       )}\n *       {hasAccessLevel(AccessLevel.PLANNER) && (\n *         <EventPlanningTools />\n *       )}\n *     </div>\n *   );\n * }\n * \n * // Advanced permission validation\n * function SecureComponent() {\n *   const { validatePermission, canAccess } = useUnifiedAuth();\n *   \n *   const handleSensitiveAction = async () => {\n *     const canPerform = await validatePermission('admin:system');\n *     if (canPerform) {\n *       // Perform action\n *     }\n *   };\n *   \n *   const canEditUsers = canAccess('users', 'write');\n *   \n *   return (\n *     <div>\n *       {canEditUsers && <UserEditor />}\n *       <button onClick={handleSensitiveAction}>\n *         Sensitive Action\n *       </button>\n *     </div>\n *   );\n * }\n * ```\n *\n * @accessibility\n * - No direct accessibility concerns (context provider)\n * - Enables accessible permission-based UI rendering\n * - Supports screen reader friendly conditional content\n * - Maintains focus management during auth state changes\n *\n * @security\n * - Secure authentication via Supabase\n * - Permission-based access control\n * - Event-specific permission isolation\n * - Admin role validation via user metadata\n * - Session management and validation\n * - Error handling without exposure of sensitive data\n * - Database-backed permission validation\n *\n * @performance\n * - Optimized with useMemo and useCallback\n * - Permission caching and batching\n * - Minimal re-renders with stable references\n * - Lazy loading of permissions\n * - Event-based permission updates\n * - Composed providers for better code splitting\n *\n * @dependencies\n * - React 18+ - Context, hooks, and effects\n * - @supabase/supabase-js - Authentication backend\n * - AccessLevel enum - Permission levels\n * - Event types - Event context\n * - Local storage - State persistence\n * - AuthProvider - Authentication logic\n * - RBACProvider - RBAC logic\n * - InactivityProvider - Inactivity tracking\n */\n\nimport React, { createContext, useContext, useMemo } from 'react';\nimport { type SupabaseClient, type User, type Session, AuthError } from '@supabase/supabase-js';\nimport { AccessLevel } from '../types/unified';\nimport { AuthProvider, useAuth, type AuthContextType } from './AuthProvider';\nimport { RBACProvider, useRBAC, type RBACContextType, type UserEventAccess } from './RBACProvider';\nimport { InactivityProvider, useInactivity, type InactivityContextType } from './InactivityProvider';\n\n\n// Combined context type - now organisation-aware and secure\nexport interface UnifiedAuthContextType extends AuthContextType, RBACContextType, InactivityContextType {\n  // Additional unified properties\n  appName: string;\n  \n  // Combined states\n  isLoading: boolean;\n  hasErrors: boolean;\n}\n\nconst UnifiedAuthContext = createContext<UnifiedAuthContextType | undefined>(undefined);\n\nexport const useUnifiedAuth = () => {\n  const context = useContext(UnifiedAuthContext);\n  if (!context) {\n    throw new Error('useUnifiedAuth must be used within a UnifiedAuthProvider');\n  }\n  return context;\n};\n\nexport interface UnifiedAuthProviderProps {\n  children: React.ReactNode;\n  supabaseClient?: SupabaseClient;\n  appName: string;\n  persistState?: boolean;\n  enablePersistence?: boolean;\n  requireOrganisationContext?: boolean; // Default: true for security\n  enableRBAC?: boolean; // New prop for RBAC support\n  \n  // Inactivity auto-logout configuration\n  idleTimeoutMs?: number; // Default: 30 minutes\n  warnBeforeMs?: number; // Default: 60 seconds\n  onIdleLogout?: (reason: 'inactivity') => void; // App handles redirect/navigation\n  renderInactivityWarning?: (args: {\n    timeRemaining: number;\n    onStaySignedIn: () => void;\n    onSignOutNow: () => void;\n  }) => React.ReactNode; // Optional custom warning UI\n  dangerouslyDisableInactivity?: boolean; // Dev-only; must not disable in production\n}\n\n// Re-export types for backward compatibility\nexport type { UserEventAccess } from './RBACProvider';\n\n// Internal component that combines all contexts\nfunction UnifiedAuthContextProvider({ \n  children, \n  appName,\n  ...props \n}: UnifiedAuthProviderProps) {\n  const auth = useAuth();\n  const rbac = useRBAC();\n  const inactivity = useInactivity();\n\n  // Memoized combined context value\n  const contextValue = useMemo<UnifiedAuthContextType>(() => ({\n    ...auth,\n    ...rbac,\n    ...inactivity,\n    appName,\n    isLoading: auth.authLoading || rbac.rbacLoading,\n    hasErrors: !!auth.authError || !!rbac.rbacError,\n  }), [auth, rbac, inactivity, appName]);\n\n  return (\n    <UnifiedAuthContext.Provider value={contextValue}>\n      {children}\n    </UnifiedAuthContext.Provider>\n  );\n}\n\n// Internal component that provides user/session to child providers\nfunction AuthAwareProviders({ \n  children, \n  supabaseClient,\n  appName,\n  persistState,\n  enablePersistence,\n  requireOrganisationContext,\n  enableRBAC,\n  idleTimeoutMs,\n  warnBeforeMs,\n  onIdleLogout,\n  renderInactivityWarning,\n  dangerouslyDisableInactivity\n}: UnifiedAuthProviderProps) {\n  const auth = useAuth();\n\n  return (\n    <RBACProvider\n      supabaseClient={supabaseClient}\n      user={auth.user}\n      session={auth.session}\n      appName={appName}\n      enableRBAC={enableRBAC}\n      persistState={persistState}\n      enablePersistence={enablePersistence}\n      requireOrganisationContext={requireOrganisationContext}\n    >\n      <InactivityProvider\n        user={auth.user}\n        session={auth.session}\n        supabaseClient={supabaseClient}\n        idleTimeoutMs={idleTimeoutMs}\n        warnBeforeMs={warnBeforeMs}\n        onIdleLogout={onIdleLogout}\n        renderInactivityWarning={renderInactivityWarning}\n        dangerouslyDisableInactivity={dangerouslyDisableInactivity}\n      >\n        <UnifiedAuthContextProvider\n          appName={appName}\n          supabaseClient={supabaseClient}\n          persistState={persistState}\n          enablePersistence={enablePersistence}\n          requireOrganisationContext={requireOrganisationContext}\n          enableRBAC={enableRBAC}\n          idleTimeoutMs={idleTimeoutMs}\n          warnBeforeMs={warnBeforeMs}\n          onIdleLogout={onIdleLogout}\n          renderInactivityWarning={renderInactivityWarning}\n          dangerouslyDisableInactivity={dangerouslyDisableInactivity}\n        >\n          {children}\n        </UnifiedAuthContextProvider>\n      </InactivityProvider>\n    </RBACProvider>\n  );\n}\n\nexport function UnifiedAuthProvider({\n  children,\n  supabaseClient,\n  appName,\n  persistState = true,\n  enablePersistence,\n  requireOrganisationContext = true,\n  enableRBAC = false,\n  idleTimeoutMs = 30 * 60 * 1000, // 30 minutes\n  warnBeforeMs = 60 * 1000, // 60 seconds\n  onIdleLogout,\n  renderInactivityWarning,\n  dangerouslyDisableInactivity = false\n}: UnifiedAuthProviderProps) {\n  return (\n    <AuthProvider supabaseClient={supabaseClient}>\n      <AuthAwareProviders\n        supabaseClient={supabaseClient}\n        appName={appName}\n        persistState={persistState}\n        enablePersistence={enablePersistence}\n        requireOrganisationContext={requireOrganisationContext}\n        enableRBAC={enableRBAC}\n        idleTimeoutMs={idleTimeoutMs}\n        warnBeforeMs={warnBeforeMs}\n        onIdleLogout={onIdleLogout}\n        renderInactivityWarning={renderInactivityWarning}\n        dangerouslyDisableInactivity={dangerouslyDisableInactivity}\n      >\n        {children}\n      </AuthAwareProviders>\n    </AuthProvider>\n  );\n} ","/**\n * @file Organisation Provider\n * @package @jmruthers/pace-core\n * @module Providers/Organisation\n * @since 0.4.0\n *\n * Security-first organisation provider that enforces mandatory organisation context.\n * No data operations can proceed without valid organisation context.\n * \n * Features:\n * - Mandatory organisation selection for all operations\n * - User organisation membership validation\n * - Role-based access within organisations\n * - Secure organisation switching\n * - Hierarchy support for parent/child organisations\n * - Error handling for security violations\n * - Persistent organisation selection\n *\n * @example\n * ```tsx\n * // Basic setup - organisation context is mandatory\n * import { UnifiedAuthProvider, OrganisationProvider } from '@jmruthers/pace-core';\n * \n * function App() {\n *   return (\n *     <UnifiedAuthProvider supabaseClient={supabase} appName=\"MY_APP\">\n *       <OrganisationProvider>\n *         <YourAppContent />\n *       </OrganisationProvider>\n *     </UnifiedAuthProvider>\n *   );\n * }\n * \n * // Using in components\n * function MyComponent() {\n *   const { \n *     selectedOrganisation, \n *     getUserRole, \n *     switchOrganisation \n *   } = useOrganisations();\n *   \n *   // selectedOrganisation is guaranteed to be non-null when this renders\n *   return (\n *     <div>\n *       <h1>{selectedOrganisation.display_name}</h1>\n *       <p>Your role: {getUserRole()}</p>\n *     </div>\n *   );\n * }\n * ```\n *\n * @security\n * - All data access requires valid organisation context\n * - User membership validation on organisation load\n * - Role-based access control within organisations\n * - Secure organisation switching with validation\n * - Error states for security violations\n * - No fallback to default organisation - explicit selection required\n *\n * @dependencies\n * - React 18+ - Context, hooks, and effects\n * - UnifiedAuthProvider - Authentication context\n * - Supabase - Database operations\n * - Organisation types - Type definitions\n */\n\nimport React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';\nimport { useNavigate } from 'react-router-dom';\nimport { useUnifiedAuth } from './UnifiedAuthProvider';\nimport { setOrganisationContext } from '../utils/organisationContext';\nimport { DebugLogger } from '../utils/debugLogger';\nimport type {\n  Organisation,\n  OrganisationMembership,\n  OrganisationContextType,\n  OrganisationProviderProps,\n  OrganisationSecurityError,\n  OrganisationHierarchy\n} from '../types/organisation';\n\n// Create the context\nconst OrganisationContext = createContext<OrganisationContextType | undefined>(undefined);\n\n// Storage keys for persistence\nconst STORAGE_KEYS = {\n  SELECTED_ORGANISATION: 'pace-core-selected-organisation',\n  ORGANISATION_CONTEXT: 'pace-core-organisation-context',\n} as const;\n\n/**\n * Organisation Provider component that enforces mandatory organisation context\n * \n * This provider:\n * - Loads user's organisation memberships on authentication\n * - Validates user has at least one active organisation\n * - Auto-selects primary organisation or first available\n * - Provides security helpers for organisation validation\n * - Handles organisation switching with validation\n * - Persists organisation selection across sessions\n * \n * SECURITY: No children are rendered without valid organisation context\n */\nexport function OrganisationProvider({ children }: OrganisationProviderProps) {\n  const [selectedOrganisation, setSelectedOrganisation] = useState<Organisation | null>(null);\n  const [organisations, setOrganisations] = useState<Organisation[]>([]);\n  const [userMemberships, setUserMemberships] = useState<OrganisationMembership[]>([]);\n  const [roleMapState, setRoleMapState] = useState<Map<string, string>>(new Map());\n  const [isLoading, setIsLoading] = useState(true);\n  const [error, setError] = useState<Error | null>(null);\n  const [isContextReady, setIsContextReady] = useState(false);\n  \n  const { user, session, supabase, signOut } = useUnifiedAuth();\n  \n  // Use navigate hook conditionally to avoid test failures\n  let navigate: any = null;\n  try {\n    navigate = useNavigate();\n  } catch (error) {\n    // In test environment or when no router context, navigate will be null\n    navigate = null;\n  }\n\n  // Set organisation context in database session\n  const setDatabaseOrganisationContext = useCallback(async (organisation: Organisation): Promise<void> => {\n    if (!supabase || !session) {\n      console.warn('[OrganisationProvider] No Supabase client or session available for setting organisation context');\n      setIsContextReady(false);\n      return;\n    }\n\n    try {\n      await setOrganisationContext(supabase, organisation.id);\n      DebugLogger.log('OrganisationProvider', 'Database organisation context set to:', organisation.display_name);\n      setIsContextReady(true);\n    } catch (error) {\n      console.error('[OrganisationProvider] Failed to set database organisation context:', error);\n      setIsContextReady(false);\n      // Don't throw - this is a non-critical operation\n    }\n  }, [supabase, session]);\n\n  // CRITICAL: Set database organisation context when organisation changes\n  useEffect(() => {\n    if (selectedOrganisation && supabase && session) {\n      // Reset context ready state when organisation changes\n      setIsContextReady(false);\n      \n      // Use an async IIFE to properly handle the async operation\n      (async () => {\n        await setDatabaseOrganisationContext(selectedOrganisation);\n      })();\n    } else {\n      setIsContextReady(false);\n    }\n  }, [selectedOrganisation, setDatabaseOrganisationContext, supabase, session]);\n\n  // CRITICAL: Load user organisations and validate access\n  const loadUserOrganisations = useCallback(async () => {\n    if (!user || !session || !supabase) {\n      // Clear state when no user, session, or supabase client\n      DebugLogger.log('OrganisationProvider', 'Clearing organisation state - no user, session, or supabase client');\n      setSelectedOrganisation(null);\n      setOrganisations([]);\n      setUserMemberships([]);\n      setIsLoading(false);\n      setError(null);\n      return;\n    }\n      setIsLoading(true);\n      setError(null);\n      \n      try {\n        DebugLogger.log(\"OrganisationProvider\", \"Loading organisations for user:\", user.id);\n        \n        // Get user's organisation memberships from consolidated rbac_organisation_roles table\n        // Only get actual members (org_admin, leader, member) - exclude supporters\n        let memberships, membershipError;\n        try {\n          const result = await supabase\n            .from('rbac_organisation_roles')\n            .select(`\n              id,\n              user_id,\n              organisation_id,\n              role,\n              status,\n              granted_at,\n              granted_by,\n              revoked_at,\n              revoked_by,\n              notes,\n              created_at,\n              updated_at\n            `)\n            .eq('user_id', user.id)\n            .eq('status', 'active')\n            .is('revoked_at', null)\n            .in('role', ['org_admin', 'leader', 'member']); // Only actual members, not supporters\n          \n          memberships = result.data;\n          membershipError = result.error;\n        } catch (queryError: any) {\n          membershipError = queryError;\n        }\n\n        if (membershipError) {\n          console.error(\"[OrganisationProvider] Error loading memberships:\", membershipError);\n          throw membershipError;\n        }\n        \n        DebugLogger.log(\"OrganisationProvider\", \"Raw memberships data:\", memberships);\n        \n        if (!memberships || memberships.length === 0) {\n          throw new Error('User has no active organisation memberships') as OrganisationSecurityError;\n        }\n\n        // Get organisation details for the memberships\n        const organisationIds = memberships.map((m: any) => m.organisation_id);\n        const { data: organisations, error: orgError } = await supabase\n          .from('organisations')\n          .select('id, name, display_name, subscription_tier, settings, is_active, parent_id, created_at, updated_at')\n          .in('id', organisationIds);\n\n        if (orgError) {\n          console.error(\"[OrganisationProvider] Error loading organisations:\", orgError);\n          throw orgError;\n        }\n\n        // Create a map of organisation_id to role from the memberships data\n        // Since we're now getting roles directly from the consolidated table\n        const roleMap = new Map<string, string>();\n        memberships?.forEach((membership: any) => {\n          roleMap.set(membership.organisation_id, membership.role);\n        });\n\n        // Extract organisations and memberships\n        const orgs = organisations as Organisation[];\n        const activeOrgs = orgs.filter(org => org.is_active);\n        \n        if (activeOrgs.length === 0) {\n          throw new Error('User has no access to active organisations') as OrganisationSecurityError;\n        }\n\n        DebugLogger.log(\"OrganisationProvider\", \"Active organisations:\", activeOrgs);\n        \n        setOrganisations(activeOrgs);\n        setUserMemberships(memberships as OrganisationMembership[]);\n        \n        // Store role map in component state for later use\n        setRoleMapState(roleMap);\n        \n        // Auto-select organisation: try persisted, then primary, then first\n        let initialOrg: Organisation | null = null;\n        \n        // 1. Try to restore from localStorage\n        try {\n          const persistedOrgString = localStorage.getItem(STORAGE_KEYS.SELECTED_ORGANISATION);\n          if (persistedOrgString) {\n            const persistedOrg = JSON.parse(persistedOrgString) as Organisation;\n            const validPersistedOrg = activeOrgs.find(org => org.id === persistedOrg.id);\n            if (validPersistedOrg) {\n              initialOrg = validPersistedOrg;\n              DebugLogger.log(\"OrganisationProvider\", \"Restored persisted organisation:\", initialOrg.display_name);\n            }\n          }\n        } catch (storageError) {\n          console.warn(\"[OrganisationProvider] Failed to restore persisted organisation:\", storageError);\n        }\n        \n        // 2. Fall back to org_admin role organisation (highest privilege)\n        if (!initialOrg) {\n          const adminMembership = memberships.find((m: any) => m.role === 'org_admin');\n          if (adminMembership) {\n            const foundOrg = organisations.find((org: any) => org.id === adminMembership.organisation_id);\n            if (foundOrg) {\n              initialOrg = foundOrg;\n              DebugLogger.log(\"OrganisationProvider\", \"Selected org_admin organisation:\", initialOrg.display_name);\n            }\n          }\n        }\n        \n        // 3. Fall back to first organisation\n        if (!initialOrg) {\n          initialOrg = activeOrgs[0];\n          DebugLogger.log(\"OrganisationProvider\", \"Selected first organisation:\", initialOrg.display_name);\n        }\n        \n        if (!initialOrg) {\n          throw new Error('No valid organisation found for user') as OrganisationSecurityError;\n        }\n\n        setSelectedOrganisation(initialOrg);\n        \n        // Persist selection\n        localStorage.setItem(STORAGE_KEYS.SELECTED_ORGANISATION, JSON.stringify(initialOrg));\n        \n        DebugLogger.log(\"OrganisationProvider\", \"Organisation context established:\", {\n          selectedOrganisation: initialOrg.display_name,\n          totalOrganisations: activeOrgs.length,\n          userRole: roleMap.get(initialOrg.id)\n        });\n        \n      } catch (err) {\n        console.error(\"[OrganisationProvider] Failed to load organisations:\", err);\n        setError(err as Error);\n        // SECURITY: Clear all state on error\n        setSelectedOrganisation(null);\n        setOrganisations([]);\n        setUserMemberships([]);\n        localStorage.removeItem(STORAGE_KEYS.SELECTED_ORGANISATION);\n      } finally {\n        setIsLoading(false);\n      }\n  }, [user, session, supabase]);\n\n  // Load organisations when dependencies change\n  useEffect(() => {\n    loadUserOrganisations();\n  }, [loadUserOrganisations]);\n\n  // Handle logout and redirect to login\n  const handleLogoutAndRedirect = useCallback(async () => {\n    try {\n      await signOut();\n      if (navigate) {\n        navigate('/login', { replace: true });\n      } else {\n        // Fallback to window.location if navigate is not available\n        window.location.href = '/login';\n      }\n    } catch (error) {\n      console.error('[OrganisationProvider] Error during logout:', error);\n      // Even if logout fails, redirect to login\n      if (navigate) {\n        navigate('/login', { replace: true });\n      } else {\n        // Fallback to window.location if navigate is not available\n        window.location.href = '/login';\n      }\n    }\n  }, [signOut, navigate]);\n\n  // Security validation helper\n  const ensureOrganisationContext = useCallback((): Organisation => {\n    if (!selectedOrganisation) {\n      throw new Error('Organisation context is required but not available') as OrganisationSecurityError;\n    }\n    return selectedOrganisation;\n  }, [selectedOrganisation]);\n\n  // Get user's role in specified organisation (defaults to current)\n  const getUserRole = useCallback((orgId?: string): string => {\n    const targetOrgId = orgId || selectedOrganisation?.id;\n    if (!targetOrgId) return 'no_access';\n    \n    // Use roleMapState to get the role for this organisation\n    return roleMapState.get(targetOrgId) || 'no_access';\n  }, [roleMapState, selectedOrganisation]);\n\n  // Validate user has access to organisation\n  const validateOrganisationAccess = useCallback((orgId: string): boolean => {\n    return userMemberships.some((m: any) => \n      m.organisation_id === orgId && \n      m.status === 'active' &&\n      m.revoked_at === null\n    );\n  }, [userMemberships]);\n\n  // Secure organisation switching\n  const switchOrganisation = useCallback(async (orgId: string): Promise<void> => {\n    DebugLogger.log(\"OrganisationProvider\", \"Switching to organisation:\", orgId);\n    \n    // Validate access\n    if (!validateOrganisationAccess(orgId)) {\n      throw new Error(`User does not have access to organisation ${orgId}`) as OrganisationSecurityError;\n    }\n    \n    const targetOrg = organisations.find(org => org.id === orgId);\n    if (!targetOrg) {\n      throw new Error(`Organisation ${orgId} not found in user's organisations`) as OrganisationSecurityError;\n    }\n    \n    setSelectedOrganisation(targetOrg);\n    \n    // Persist selection\n    localStorage.setItem(STORAGE_KEYS.SELECTED_ORGANISATION, JSON.stringify(targetOrg));\n    \n    // Set database organisation context\n    await setDatabaseOrganisationContext(targetOrg);\n    \n    DebugLogger.log(\"OrganisationProvider\", \"Switched to organisation:\", targetOrg.display_name);\n  }, [organisations, validateOrganisationAccess, setDatabaseOrganisationContext]);\n\n  // Refresh organisations data\n  const refreshOrganisations = useCallback(async (): Promise<void> => {\n    if (!user || !session || !supabase) return;\n    \n    // Force reload by triggering the effect\n    setIsLoading(true);\n    // The useEffect will handle the actual reload\n  }, [user, session, supabase]);\n\n  // Get primary organisation (highest privilege role)\n  const getPrimaryOrganisation = useCallback((): Organisation | null => {\n    // Look for org_admin role first, then leader, then member\n    const rolePriority = ['org_admin', 'leader', 'member'];\n    \n    for (const role of rolePriority) {\n      const membership = userMemberships.find((m: any) => m.role === role);\n      if (membership) {\n        return organisations.find((org: any) => org.id === membership.organisation_id) || null;\n      }\n    }\n    \n    return null;\n  }, [userMemberships, organisations]);\n\n  // Security status\n  const isOrganisationSecure = useCallback((): boolean => {\n    return !!(selectedOrganisation && user);\n  }, [selectedOrganisation, user]);\n\n  // Build organisation hierarchy (for future use)\n  const buildOrganisationHierarchy = useCallback((orgs: Organisation[]): OrganisationHierarchy[] => {\n    const orgMap = new Map<string, Organisation>();\n    orgs.forEach(org => orgMap.set(org.id, org));\n    \n    const roots: OrganisationHierarchy[] = [];\n    \n    orgs.forEach(org => {\n      if (!org.parent_id) {\n        // Root organisation\n        roots.push({\n          organisation: org,\n          children: [],\n          depth: 0\n        });\n      }\n    });\n    \n    // For now, return flat structure - hierarchy building can be added later\n    return roots;\n  }, []);\n\n  // Computed values\n  const hasValidOrganisationContext = useMemo(() => {\n    return !!(selectedOrganisation && !isLoading && !error && isContextReady);\n  }, [selectedOrganisation, isLoading, error, isContextReady]);\n\n  // Memoized context value\n  const contextValue = useMemo<OrganisationContextType>(() => {\n    // SECURITY: Only provide full context if we have valid organisation\n    if (!selectedOrganisation) {\n      // This will never be accessed due to the render guards above,\n      // but TypeScript requires the interface to be satisfied\n      const placeholderOrg: Organisation = {\n        id: '',\n        name: '',\n        display_name: '',\n        subscription_tier: 'standard',\n        settings: {},\n        is_active: false,\n        created_at: '',\n        updated_at: ''\n      };\n      \n      return {\n        selectedOrganisation: placeholderOrg,\n        organisations: [],\n        userMemberships: [],\n        isLoading,\n        error,\n        hasValidOrganisationContext: false,\n        setSelectedOrganisation: () => {},\n        switchOrganisation: async () => {},\n        getUserRole: () => 'no_access',\n        validateOrganisationAccess: () => false,\n        refreshOrganisations: async () => {},\n        ensureOrganisationContext: () => { throw new Error('No organisation context') as OrganisationSecurityError; },\n        isOrganisationSecure: () => false,\n        getPrimaryOrganisation: () => null\n      };\n    }\n\n    return {\n      selectedOrganisation,\n      organisations,\n      userMemberships,\n      isLoading,\n      error,\n      hasValidOrganisationContext,\n      setSelectedOrganisation,\n      switchOrganisation,\n      getUserRole,\n      validateOrganisationAccess,\n      refreshOrganisations,\n      ensureOrganisationContext,\n      isOrganisationSecure,\n      getPrimaryOrganisation\n    };\n  }, [\n    selectedOrganisation,\n    organisations,\n    userMemberships,\n    isLoading,\n    error,\n    hasValidOrganisationContext,\n    switchOrganisation,\n    getUserRole,\n    validateOrganisationAccess,\n    refreshOrganisations,\n    ensureOrganisationContext,\n    isOrganisationSecure,\n    getPrimaryOrganisation\n  ]);\n\n  // SECURITY: Only render children when we have valid organisation context\n  if (isLoading || (selectedOrganisation && !isContextReady)) {\n    return (\n      <div className=\"organisation-loading\" role=\"status\" aria-label=\"Loading organisation context\">\n        <div className=\"flex items-center justify-center min-h-screen\">\n          <div className=\"text-center\">\n            <div className=\"animate-spin rounded-full h-8 w-8 border-b-2 border-primary mx-auto mb-4\"></div>\n            <p className=\"text-muted-foreground\">\n              {isLoading ? 'Loading organisation context...' : 'Setting up organisation context...'}\n            </p>\n          </div>\n        </div>\n      </div>\n    );\n  }\n\n  if (error || (user && !selectedOrganisation)) {\n    return (\n      <div className=\"organisation-error\" role=\"alert\">\n        <div className=\"flex items-center justify-center min-h-screen\">\n          <div className=\"text-center max-w-md mx-auto p-6\">\n            <div className=\"text-destructive mb-4\">\n              <svg className=\"h-12 w-12 mx-auto\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\">\n                <path strokeLinecap=\"round\" strokeLinejoin=\"round\" strokeWidth={2} d=\"M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-2.5L13.732 4c-.77-.833-1.732-.833-2.464 0L4.35 16.5c-.77.833.192 2.5 1.732 2.5z\" />\n              </svg>\n            </div>\n            <h2 className=\"text-xl font-semibold text-foreground mb-2\">\n              Organisation Access Required\n            </h2>\n            <p className=\"text-muted-foreground mb-4\">\n              {error?.message || 'No valid organisation context available. Please contact your administrator to be added to an organisation.'}\n            </p>\n            <button \n              onClick={handleLogoutAndRedirect}\n              className=\"px-4 py-2 bg-primary text-primary-foreground rounded-md hover:bg-primary/90\"\n            >\n              Sign Out\n            </button>\n          </div>\n        </div>\n      </div>\n    );\n  }\n\n  return (\n    <OrganisationContext.Provider value={contextValue}>\n      {children}\n    </OrganisationContext.Provider>\n  );\n}\n\n/**\n * Hook to access organisation context\n * \n * @returns Organisation context with guaranteed non-null selectedOrganisation\n * @throws {Error} If used outside OrganisationProvider\n */\nexport const useOrganisations = (): OrganisationContextType => {\n  const context = useContext(OrganisationContext);\n  if (!context) {\n    throw new Error('useOrganisations must be used within an OrganisationProvider');\n  }\n  return context;\n};\n\n// Re-export types for convenience\nexport type { \n  Organisation, \n  OrganisationMembership, \n  OrganisationContextType,\n  OrganisationSecurityError\n}; "],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAUA,SAAgB,eAAe,YAAY,UAAU,WAAW,aAAa,eAAe;AAC5F,SAAuD,iBAAiB;AAiWpE;AA3TG,SAAS,aAAa,EAAE,UAAU,eAAe,GAAsB;AAE5E,QAAM,CAAC,MAAM,OAAO,IAAI,SAAsB,IAAI;AAClD,QAAM,CAAC,SAAS,UAAU,IAAI,SAAyB,IAAI;AAC3D,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,IAAI;AACnD,QAAM,CAAC,WAAW,YAAY,IAAI,SAA2B,IAAI;AAGjE,YAAU,MAAM;AACd,UAAM,cAAc,CAAC,UAAsB;AACzC,UAAI,MAAM,OAAO,SAAS,SAAS,yBAAyB,KACxD,MAAM,OAAO,SAAS,SAAS,sBAAsB,GAAG;AAC1D,gBAAQ,KAAK,kEAAkE;AAC/E,cAAM,eAAe;AACrB,eAAO;AAAA,MACT;AAAA,IACF;AAEA,UAAM,2BAA2B,CAAC,UAAiC;AACjE,UAAI,MAAM,QAAQ,SAAS,SAAS,yBAAyB,KACzD,MAAM,QAAQ,SAAS,SAAS,sBAAsB,GAAG;AAC3D,gBAAQ,KAAK,8DAA8D;AAC3E,cAAM,eAAe;AACrB,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO,iBAAiB,SAAS,WAAW;AAC5C,WAAO,iBAAiB,sBAAsB,wBAAwB;AAEtE,WAAO,MAAM;AACX,aAAO,oBAAoB,SAAS,WAAW;AAC/C,aAAO,oBAAoB,sBAAsB,wBAAwB;AAAA,IAC3E;AAAA,EACF,GAAG,CAAC,CAAC;AAGL,YAAU,MAAM;AACd,QAAI,CAAC,eAAgB;AAErB,UAAM,kBAAkB,YAAY;AAClC,UAAI;AACF,cAAM,WAAW,MAAM,eAAe,KAAK,QAAQ;AACnD,cAAM,EAAE,MAAM,EAAE,MAAM,YAAY,GAAG,MAAM,IAAI,YAAY,EAAE,MAAM,EAAE,MAAM,KAAK,GAAG,OAAO,KAAK;AAC/F,YAAI,OAAO;AACT,kBAAQ,KAAK,+BAA+B,KAAK;AACjD,yBAAe,KAAK;AACpB;AAAA,QACF;AAEA,YAAI,aAAa;AACf,kBAAQ,WAAW;AAAA,QACrB;AACA,uBAAe,KAAK;AAAA,MACtB,SAAS,OAAO;AACd,gBAAQ,MAAM,+BAA+B,KAAK;AAClD,uBAAe,KAAK;AAAA,MACtB;AAAA,IACF;AAIA,UAAM,YAAY,WAAW,MAAM;AACjC,UAAI,eAAe,CAAC,QAAQ,CAAC,SAAS;AACpC,wBAAgB;AAAA,MAClB;AAAA,IACF,GAAG,GAAG;AAEN,WAAO,MAAM,aAAa,SAAS;AAAA,EACrC,GAAG,CAAC,gBAAgB,aAAa,MAAM,OAAO,CAAC;AAG/C,YAAU,MAAM;AACd,QAAI,CAAC,gBAAgB;AACnB,qBAAe,KAAK;AACpB;AAAA,IACF;AAGA,UAAM,YAAY,WAAW,MAAM;AACjC,UAAI,aAAa;AACf,gBAAQ,KAAK,4CAA4C;AACzD,uBAAe,KAAK;AAAA,MACtB;AAAA,IACF,GAAG,GAAI;AAEP,QAAI;AACF,kBAAY,IAAI,gBAAgB,0CAA0C;AAC1E,YAAM,kBAAkB,eAAe,KAAK;AAAA,QAC1C,CAAC,OAAOA,aAAY;AAClB,cAAI;AACF,wBAAY,IAAI,gBAAgB,uBAAuB,OAAOA,UAAS,MAAM,KAAK;AAGlF,yBAAa,SAAS;AAGtB,gBAAI,UAAU,cAAc;AAC1B,0BAAY,IAAI,gBAAgB,qCAAqC;AAErE,yBAAW,IAAI;AACf,sBAAQ,IAAI;AACZ,6BAAe,KAAK;AACpB,2BAAa,IAAI;AAAA,YACnB,OAAO;AACL,yBAAWA,QAAO;AAClB,sBAAQA,UAAS,QAAQ,IAAI;AAC7B,6BAAe,KAAK;AAGpB,kBAAIA,UAAS;AACX,6BAAa,IAAI;AAAA,cACnB;AAAA,YACF;AAAA,UACF,SAAS,OAAO;AACd,oBAAQ,KAAK,sDAAsD,KAAK;AAExE,2BAAe,KAAK;AAAA,UACtB;AAAA,QACF;AAAA,MACF;AAEA,YAAM,eAAe,iBAAiB,MAAM,gBAAgB;AAE5D,aAAO,MAAM;AACX,qBAAa,SAAS;AACtB,YAAI,gBAAgB,OAAO,aAAa,gBAAgB,YAAY;AAClE,sBAAY,IAAI,gBAAgB,iCAAiC;AACjE,uBAAa,YAAY;AAAA,QAC3B;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,8DAA8D,KAAK;AAGjF,UAAI,iBAAiB,SACjB,CAAC,MAAM,QAAQ,SAAS,kBAAkB,KAC1C,CAAC,MAAM,QAAQ,SAAS,yBAAyB,KACjD,CAAC,MAAM,QAAQ,SAAS,sBAAsB,GAAG;AACnD,qBAAa,KAAkB;AAAA,MACjC;AACA,qBAAe,KAAK;AACpB,mBAAa,SAAS;AACtB,aAAO,MAAM;AAAA,MAAC;AAAA,IAChB;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAGnB,QAAM,SAAS,YAAY,OAAO,OAAe,aAAsB;AACrE,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,mBAAe,IAAI;AACnB,iBAAa,IAAI;AAEjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,mBAAmB,EAAE,OAAO,UAAU,YAAY,GAAG,CAAC;AAClG,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMC,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B,UAAE;AACA,qBAAe,KAAK;AAAA,IACtB;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,SAAS,YAAY,OAAO,OAAe,aAAqB;AACpE,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,iBAAa,IAAI;AACjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,OAAO,EAAE,OAAO,SAAS,CAAC;AACtE,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMA,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,UAAU,YAAY,YAAY;AACtC,gBAAY,IAAI,gBAAgB,gBAAgB;AAGhD,mBAAe,KAAK;AAEpB,QAAI,CAAC,gBAAgB;AACnB,kBAAY,IAAI,gBAAgB,6CAA6C;AAC7E,cAAQ,IAAI;AACZ,iBAAW,IAAI;AACf,mBAAa,IAAI;AACjB,aAAO,EAAE,OAAO,KAAK;AAAA,IACvB;AAGA,gBAAY,IAAI,gBAAgB,wCAAwC;AACxE,YAAQ,IAAI;AACZ,eAAW,IAAI;AACf,iBAAa,IAAI;AAEjB,QAAI;AACF,kBAAY,IAAI,gBAAgB,0BAA0B;AAG1D,YAAM,iBAAiB,eAAe,KAAK,QAAQ;AACnD,YAAM,iBAAiB,IAAI;AAAA,QAAQ,CAAC,GAAG,WACrC,WAAW,MAAM,OAAO,IAAI,MAAM,iBAAiB,CAAC,GAAG,GAAI;AAAA,MAC7D;AAEA,YAAM,EAAE,MAAM,IAAI,MAAM,QAAQ,KAAK,CAAC,gBAAgB,cAAc,CAAC;AAErE,UAAI,SAAS,CAAC,MAAM,SAAS,SAAS,iBAAiB,GAAG;AACxD,gBAAQ,MAAM,iCAAiC,KAAK;AAAA,MAEtD;AAEA,kBAAY,IAAI,gBAAgB,2BAA2B;AAC3D,aAAO,EAAE,OAAO,KAAK;AAAA,IACvB,SAAS,KAAK;AACZ,cAAQ,KAAK,+CAA+C,GAAG;AAE/D,aAAO,EAAE,OAAO,KAAK;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,gBAAgB,YAAY,OAAO,UAAkB;AACzD,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,iBAAa,IAAI;AACjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,sBAAsB,KAAK;AACvE,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMA,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,iBAAiB,YAAY,OAAO,aAAqB;AAC7D,QAAI,CAAC,eAAgB,QAAO,EAAE,OAAO,IAAI,UAAU,kCAAkC,GAAG,EAAE;AAC1F,UAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,WAAW,EAAE,SAAS,CAAC;AACnE,QAAI,OAAO;AACT,mBAAa,KAAK;AAAA,IACpB;AACA,WAAO,EAAE,MAAM;AAAA,EACjB,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,iBAAiB,YAAY,YAAY;AAC7C,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,iBAAa,IAAI;AACjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,eAAe;AAC3D,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMA,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAGnB,QAAM,kBAAkB,CAAC,CAAC;AAG1B,QAAM,eAAe,QAAyB,OAAO;AAAA,IACnD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA;AAAA,IACP,UAAU,kBAAkB;AAAA,IAE5B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAAA,IACF;AAAA,IAAM;AAAA,IAAS;AAAA,IAAiB;AAAA,IAAa;AAAA,IAAW;AAAA,IACxD;AAAA,IAAQ;AAAA,IAAQ;AAAA,IAAS;AAAA,IAAe;AAAA,IAAgB;AAAA,EAC1D,CAAC;AAED,SACE,oBAAC,YAAY,UAAZ,EAAqB,OAAO,cAC1B,UACH;AAEJ;AAhXA,IAkCM,aAEO;AApCb;AAAA;AAAA;AAYA;AAsBA,IAAM,cAAc,cAA2C,MAAS;AAEjE,IAAM,UAAU,MAAM;AAC3B,YAAM,UAAU,WAAW,WAAW;AACtC,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,6CAA6C;AAAA,MAC/D;AACA,aAAO;AAAA,IACT;AAAA;AAAA;;;AChCA,SAAgB,iBAAAC,gBAAe,cAAAC,aAAY,YAAAC,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,gBAAe;AA2mBxF,gBAAAC,YAAA;AA/bG,SAAS,aAAa;AAAA,EAC3B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,aAAa;AAAA,EACb,eAAe;AAAA,EACf;AAAA,EACA,4BAA4B,8BAA8B;AAC5D,GAAsB;AAEpB,QAAM,gBAAgB,sBAAsB,SAAY,oBAAoB;AAG5E,QAAM,CAAC,aAAa,cAAc,IAAIJ,UAAkC,CAAC,CAAC;AAC1E,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAmB,CAAC,CAAC;AAC/C,QAAM,CAAC,aAAa,cAAc,IAAIA,+BAAwC;AAC9E,QAAM,CAAC,aAAa,cAAc,IAAIA,UAAS,KAAK;AACpD,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAuB,IAAI;AAC7D,QAAM,CAAC,iBAAiB,kBAAkB,IAAIA,UAAwB,IAAI;AAC1E,QAAM,CAAC,WAAW,YAAY,IAAIA,UAA2B,IAAI;AACjE,QAAM,CAAC,iBAAiB,kBAAkB,IAAIA,UAA4B,CAAC,CAAC;AAC5E,QAAM,CAAC,oBAAoB,qBAAqB,IAAIA,UAAS,KAAK;AAGlE,QAAM,CAAC,wBAAwB,0BAA0B,IAAIA,UAAwB,IAAI;AAGzF,EAAAC,WAAU,MAAM;AACd,QAAI,CAAC,eAAgB;AAErB,UAAM,gBAAgB,YAAY;AAChC,UAAI;AAEF,cAAM,EAAE,kBAAkB,IAAI,MAAM,OAAO,+BAA0B;AACrE,cAAM,kBAAkB,kBAAkB,KAAK;AAG/C,cAAM,EAAE,MAAM,SAAS,OAAO,SAAS,IAAI,MAAM,eAC9C,KAAK,WAAW,EAChB,OAAO,IAAI,EACX,GAAG,QAAQ,eAAe,EAC1B,GAAG,aAAa,IAAI,EACpB,OAAO;AAEV,YAAI,YAAY,CAAC,SAAS;AACxB,kBAAQ,KAAK,8BAA8B,eAAe;AAC1D,uBAAa;AAAA,YACX,wBAAwB;AAAA,YACxB,gBAAgB;AAAA,UAClB,CAAC;AACD;AAAA,QACF;AAEA,cAAM,WAAW,MAAM,eAAe,IAAI,kBAAkB;AAAA,UAC1D,UAAU,QAAQ;AAAA,QACpB,CAAC;AAED,cAAM,EAAE,KAAK,IAAI,YAAY,CAAC;AAE9B,YAAI,QAAQ,KAAK,SAAS,GAAG;AAC3B,uBAAa;AAAA,YACX,wBAAwB,KAAK,CAAC,EAAE;AAAA,YAChC,gBAAgB,KAAK,CAAC,EAAE;AAAA,UAC1B,CAAC;AAAA,QACH,OAAO;AAEL,uBAAa;AAAA,YACX,wBAAwB;AAAA,YACxB,gBAAgB;AAAA,UAClB,CAAC;AAAA,QACH;AAAA,MACF,SAAS,OAAO;AACd,gBAAQ,KAAK,sCAAsC;AACnD,YAAI,OAAO,iBAAiB,aAAa;AACvC,uBAAa,WAAW,aAAa,cAAc;AAAA,QACrD;AACA,gBAAQ,KAAK,qCAAqC,KAAK;AAEvD,qBAAa;AAAA,UACX,wBAAwB;AAAA,UACxB,gBAAgB;AAAA,QAClB,CAAC;AAAA,MACH;AAAA,IACF;AAEA,kBAAc;AAAA,EAChB,GAAG,CAAC,gBAAgB,OAAO,CAAC;AAG5B,EAAAA,WAAU,MAAM;AAEd,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,cAAc;AAChB,eAAS,CAAC,aAAa,CAAC;AAAA,IAC1B,OAAO;AACL,eAAS,CAAC,CAAC;AAAA,IACb;AAAA,EACF,GAAG,CAAC,IAAI,CAAC;AAGT,EAAAA,WAAU,MAAM;AACd,QAAI,CAAC,cAAe;AAEpB,QAAI;AACF,YAAM,iBAAiB,aAAa,QAAQ,aAAa,cAAc;AACvE,UAAI,gBAAgB;AAClB,2BAAmB,KAAK,MAAM,cAAc,CAAC;AAAA,MAC/C;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,sCAAsC;AACnD,mBAAa,WAAW,aAAa,cAAc;AAAA,IACrD;AAAA,EACF,GAAG,CAAC,aAAa,CAAC;AAGlB,EAAAA,WAAU,MAAM;AACd,QAAI,CAAC,cAAe;AAEpB,QAAI;AACF,UAAI,iBAAiB;AACnB,qBAAa;AAAA,UACX,aAAa;AAAA,UACb,KAAK,UAAU,eAAe;AAAA,QAChC;AAAA,MACF,OAAO;AACL,qBAAa,WAAW,aAAa,cAAc;AAAA,MACrD;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,sCAAsC;AACnD,mBAAa,WAAW,aAAa,cAAc;AACnD,cAAQ,KAAK,iCAAiC,KAAK;AAAA,IACrD;AAAA,EACF,GAAG,CAAC,iBAAiB,aAAa,CAAC;AAGnC,QAAM,qBAAqBC,aAAY,OAAO,YAAqB;AACjE,QAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,aAAa,CAAC,SAAS;AACtD,kBAAY,IAAI,gBAAgB,yEAAyE;AACzG,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AACjC;AAAA,IACF;AAGA,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,cAAc;AAChB,qBAAe;AAAA,QACb,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,QACjB,eAAe;AAAA,QACf,iBAAiB;AAAA,QACjB,iBAAiB;AAAA,MACnB,CAAC;AACD,eAAS,CAAC,aAAa,CAAC;AACxB,wCAAgC;AAChC;AAAA,IACF;AAGA,UAAM,8BAA8B,CAAC,WAAW,CAAC,UAAU;AAC3D,UAAM,6BAA6B;AACnC,UAAM,yBAAyB,CAAC,WAAW,UAAU;AAGrD,QAAI,wBAAwB;AAC1B,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AACjC;AAAA,IACF;AAGA,QAAI,CAAC,+BAA+B,CAAC,4BAA4B;AAC/D;AAAA,IACF;AAEA,mBAAe,IAAI;AACnB,iBAAa,IAAI;AAEjB,QAAI;AAEF,YAAM,EAAE,kBAAkB,IAAI,MAAM,OAAO,+BAA0B;AACrE,YAAM,kBAAkB,kBAAkB,KAAK;AAG/C,YAAM,EAAE,MAAM,SAAS,OAAO,SAAS,IAAI,MAAM,eAC9C,KAAK,WAAW,EAChB,OAAO,IAAI,EACX,GAAG,QAAQ,eAAe,EAC1B,GAAG,aAAa,IAAI,EACpB,OAAO;AAEV,UAAI,YAAY,CAAC,SAAS;AACxB,gBAAQ,KAAK,8BAA8B,eAAe;AAC1D,uBAAe,KAAK;AACpB;AAAA,MACF;AAEA,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,eAAe,IAAI,wBAAwB;AAAA,QACvE,WAAW,KAAK;AAAA,QAChB,UAAU,QAAQ;AAAA,QAClB,YAAY,WAAW;AAAA,QACvB,mBAAmB,0BAA0B;AAAA,MAC/C,CAAC;AAED,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,YAAM,EAAE,aAAAG,cAAa,OAAAC,QAAO,aAAa,IAAI,yBAAyB,MAAM,OAAO;AAEnF,qBAAeD,YAAW;AAC1B,eAASC,MAAK;AACd,qBAAe,YAAY;AAAA,IAC7B,SAAS,KAAU;AACjB,mBAAa,GAAG;AAAA,IAClB,UAAE;AACA,qBAAe,KAAK;AAAA,IACtB;AAAA,EACF,GAAG,CAAC,gBAAgB,MAAM,SAAS,SAAS,WAAW,sBAAsB,CAAC;AAG9E,QAAM,sBAAsBJ,aAAY,YAAY;AAClD,QAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,SAAS;AACxC,kBAAY,IAAI,gBAAgB,2EAA2E;AAC3G,yBAAmB,CAAC,CAAC;AACrB;AAAA,IACF;AAEA,0BAAsB,IAAI;AAC1B,QAAI;AAEF,YAAM,EAAE,kBAAkB,IAAI,MAAM,OAAO,+BAA0B;AACrE,YAAM,kBAAkB,kBAAkB,KAAK;AAG/C,YAAM,EAAE,MAAM,SAAS,OAAO,SAAS,IAAI,MAAM,eAC9C,KAAK,WAAW,EAChB,OAAO,IAAI,EACX,GAAG,QAAQ,eAAe,EAC1B,GAAG,aAAa,IAAI,EACpB,OAAO;AAEV,UAAI,YAAY,CAAC,SAAS;AACxB,gBAAQ,KAAK,8BAA8B,eAAe;AAC1D,8BAAsB,KAAK;AAC3B;AAAA,MACF;AAEA,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,eAC3B,KAAK,sBAAsB,EAC3B,OAAO;AAAA;AAAA;AAAA;AAAA,SAIP,EACA,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,UAAU,QAAQ,EAAE;AAE1B,UAAI,OAAO;AACT,gBAAQ,MAAM,qCAAqC,KAAK;AACxD,2BAAmB,CAAC,CAAC;AACrB;AAAA,MACF;AAEA,YAAM,cAAc,MAAM,IAAI,WAAS;AAAA,QACrC,UAAU,KAAK;AAAA,QACf,YAAY;AAAA;AAAA,QACZ,mBAAmB;AAAA;AAAA,QACnB,YAAY;AAAA;AAAA,QACZ,UAAU;AAAA;AAAA,QACV,cAAc;AAAA;AAAA,QACd,QAAQ,QAAQ;AAAA,QAChB,cAAc,KAAK;AAAA;AAAA,QACnB,YAAY,KAAK;AAAA,QACjB,iBAAiB;AAAA;AAAA,MACnB,EAAE,KAAK,CAAC;AAER,yBAAmB,WAAW;AAAA,IAChC,SAAS,OAAO;AACd,cAAQ,KAAK,sCAAsC;AACnD,mBAAa,WAAW,aAAa,cAAc;AACnD,cAAQ,MAAM,oCAAoC,KAAK;AACvD,yBAAmB,CAAC,CAAC;AAAA,IACvB,UAAE;AACA,4BAAsB,KAAK;AAAA,IAC7B;AAAA,EACF,GAAG,CAAC,gBAAgB,MAAM,SAAS,OAAO,CAAC;AAG3C,QAAM,qBAAqBA,aAAY,CAAC,YAAoB;AAC1D,WAAO,gBAAgB,KAAK,YAAU,OAAO,aAAa,OAAO;AAAA,EACnE,GAAG,CAAC,eAAe,CAAC;AAGpB,EAAAD,WAAU,MAAM;AAEd,QAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,SAAS;AACnC,kBAAY,IAAI,gBAAgB,+DAA+D;AAC/F;AAAA,IACF;AAGA,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,cAAc;AAChB,qBAAe;AAAA,QACb,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,QACjB,eAAe;AAAA,QACf,iBAAiB;AAAA,QACjB,iBAAiB;AAAA,MACnB,CAAC;AACD,eAAS,CAAC,aAAa,CAAC;AACxB,wCAAgC;AAChC;AAAA,IACF;AAEA,QAAI,iBAAiB;AAEnB,yBAAmB,eAAe;AAAA,IACpC,WAAW,CAAC,UAAU,gBAAgB;AAEpC,yBAAmB;AAAA,IACrB,OAAO;AAEL,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AAAA,IACnC;AAAA,EACF,GAAG,CAAC,iBAAiB,MAAM,SAAS,WAAW,kBAAkB,CAAC;AAGlE,EAAAA,WAAU,MAAM;AACd,QAAI,YAAY;AAEhB,QAAI,QAAQ,SAAS;AACnB,kBAAY,IAAI,gBAAgB,kDAAkD;AAClF,0BAAoB,EAAE,MAAM,WAAS;AACnC,YAAI,WAAW;AACb,kBAAQ,MAAM,oCAAoC,KAAK;AAAA,QACzD;AAAA,MACF,CAAC;AAAA,IACH,OAAO;AACL,kBAAY,IAAI,gBAAgB,iDAAiD;AACjF,UAAI,WAAW;AACb,2BAAmB,CAAC,CAAC;AAAA,MACvB;AAAA,IACF;AAEA,WAAO,MAAM;AACX,kBAAY;AAAA,IACd;AAAA,EACF,GAAG,CAAC,MAAM,SAAS,mBAAmB,CAAC;AAGvC,QAAM,gBAAgBC,aAAY,CAAC,eAAuB;AACxD,UAAM,UAAU,CAAC,CAAC,YAAY,UAAU;AACxC,WAAO;AAAA,EACT,GAAG,CAAC,WAAW,CAAC;AAChB,QAAM,mBAAmBA,aAAY,CAAC,UAAoB,MAAM,KAAK,OAAK,CAAC,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC;AAC1G,QAAM,oBAAoBA,aAAY,CAAC,UAAoB,MAAM,MAAM,OAAK,CAAC,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC;AAC5G,QAAM,UAAUA,aAAY,CAAC,SAAiB;AAC5C,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,KAAK,YAAY,MAAM,eAAe;AACxC,aAAO;AAAA,IACT;AACA,WAAO,MAAM,SAAS,IAAI;AAAA,EAC5B,GAAG,CAAC,OAAO,IAAI,CAAC;AAChB,QAAM,iBAAiBA,aAAY,CAAC,UAAuB;AACzD,UAAM,SAAS,OAAO,OAAO,WAAW;AACxC,WAAO,OAAO,QAAQ,WAAW,KAAK,OAAO,QAAQ,KAAK;AAAA,EAC5D,GAAG,CAAC,WAAW,CAAC;AAChB,QAAM,YAAYA,aAAY,CAAC,UAAkB,WAAmB;AAClE,UAAM,aAAa,GAAG,QAAQ,IAAI,MAAM;AACxC,UAAM,YAAY,cAAc,UAAU;AAC1C,WAAO;AAAA,EACT,GAAG,CAAC,aAAa,CAAC;AAClB,QAAM,qBAAqBA,aAAY,OAAO,eAAuB,cAAc,UAAU,GAAG,CAAC,aAAa,CAAC;AAC/G,QAAM,iBAAiBA,aAAY,OAAO,UAAkB,WAAmB;AAE7E,WAAO,QAAQ,QAAQ,UAAU,UAAU,MAAM,CAAC;AAAA,EACpD,GAAG,CAAC,SAAS,CAAC;AAGd,QAAM,eAAeC,SAAyB,OAAO;AAAA,IACnD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAGA;AAAA,IACA,4BAA4B,MAAM;AAChC,UAAI,CAAC,wBAAwB;AAC3B,cAAM,IAAI,MAAM,oDAAoD;AAAA,MACtE;AACA,aAAO;AAAA,IACT;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAGA,aAAa;AAAA,IACb,aAAa;AAAA;AAAA,IAEb;AAAA,IACA;AAAA,EACF,IAAI;AAAA,IACF;AAAA,IAAa;AAAA,IAAO;AAAA,IAAa;AAAA,IAAa;AAAA,IAAW;AAAA,IAAiB;AAAA,IAC1E;AAAA,IAAiB;AAAA,IAAoB;AAAA,IACrC;AAAA,IAAe;AAAA,IAAkB;AAAA,IAAmB;AAAA,IAAS;AAAA,IAAgB;AAAA,IAC7E;AAAA,IAAoB;AAAA,IAAgB;AAAA,IAAoB;AAAA,IACxD;AAAA,IAAY;AAAA,IAAqB;AAAA,EACnC,CAAC;AAED,SACE,gBAAAC,KAAC,YAAY,UAAZ,EAAqB,OAAO,cAC1B,UACH;AAEJ;AAznBA,IAuEM,aAEO,SAqBP,cAKA;AAnGN;AAAA;AAAA;AAYA;AACA;AA0DA,IAAM,cAAcN,eAA2C,MAAS;AAEjE,IAAM,UAAU,MAAM;AAC3B,YAAM,UAAUC,YAAW,WAAW;AACtC,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,6CAA6C;AAAA,MAC/D;AACA,aAAO;AAAA,IACT;AAeA,IAAM,eAAe;AAAA,MACnB,gBAAgB;AAAA,IAClB;AAGA,IAAM,2BAA2B,CAAC,UAAiB,aAAqB;AACtE,YAAM,cAAuC,CAAC;AAC9C,UAAI,QAAkB,CAAC;AACvB,UAAI;AAEJ,UAAI,CAAC,YAAY,CAAC,MAAM,QAAQ,QAAQ,GAAG;AACzC,eAAO,EAAE,aAAa,CAAC,GAAG,OAAO,CAAC,QAAQ,GAAG,oCAAiC;AAAA,MAChF;AAGA,YAAM,iBAAiB,SAAS,KAAK,CAAC,MAAW,EAAE,oBAAoB,iBAAiB;AACxF,UAAI,gBAAgB;AAClB,eAAO;AAAA,UACL,aAAa,EAAE,WAAW,KAAK;AAAA,UAC/B,OAAO,CAAC,OAAO;AAAA,UACf;AAAA,QACF;AAAA,MACF;AAGA,YAAM,gBAAgB,SAAS,OAAO,CAAC,MAAW,EAAE,oBAAoB,kBAAkB;AAC1F,UAAI,cAAc,SAAS,GAAG;AAC5B,cAAM,OAAO,cAAc,CAAC,EAAE;AAG9B,gBAAQ,MAAM;AAAA,UACZ,KAAK;AACH;AACA,oBAAQ,CAAC,OAAO;AAChB;AAAA,UACF,KAAK;AACH;AACA,oBAAQ,CAAC,SAAS;AAClB;AAAA,UACF,KAAK;AACH;AACA,oBAAQ,CAAC,aAAa;AACtB;AAAA,UACF,KAAK;AACH;AACA,oBAAQ,CAAC,QAAQ;AACjB;AAAA,UACF,KAAK;AAAA,UACL;AACE;AACA,oBAAQ,CAAC,QAAQ;AACjB;AAAA,QACJ;AAIA,cAAM,kBAAkB,CAAC,MAAM;AAC/B,YAAI,CAAC,eAAe,SAAS,EAAE,SAAS,IAAI,GAAG;AAC7C,0BAAgB,KAAK,UAAU,QAAQ;AAAA,QACzC;AACA,YAAI,SAAS,eAAe;AAC1B,0BAAgB,KAAK,QAAQ;AAAA,QAC/B;AAIA,wBAAgB,QAAQ,eAAa;AACnC,sBAAY,WAAW,SAAS,EAAE,IAAI;AAAA,QACxC,CAAC;AAAA,MACH;AAGA,YAAM,WAAW,SAAS,OAAO,CAAC,MAAW,EAAE,oBAAoB,qBAAqB;AACxF,UAAI,SAAS,SAAS,GAAG;AACvB,cAAM,OAAO,SAAS,CAAC,EAAE;AACzB,YAAI,SAAS,aAAa;AACxB;AACA,kBAAQ,CAAC,OAAO;AAEhB,WAAC,UAAU,QAAQ,UAAU,QAAQ,EAAE,QAAQ,eAAa;AAC1D,wBAAY,WAAW,SAAS,EAAE,IAAI;AAAA,UACxC,CAAC;AAAA,QACH;AAAA,MACF;AAEA,aAAO,EAAE,aAAa,OAAO,aAAa;AAAA,IAC5C;AAAA;AAAA;;;AC9HA,SAAS,YAAAQ,WAAU,aAAAC,YAAW,eAAAC,cAAa,cAAc;AA0DzD,SAAS,SACP,MACA,OACkC;AAClC,MAAI;AACJ,SAAO,YAAwB,MAAqB;AAClD,QAAI,CAAC,YAAY;AACf,WAAK,MAAM,MAAM,IAAI;AACrB,mBAAa;AACb,iBAAW,MAAO,aAAa,OAAQ,KAAK;AAAA,IAC9C;AAAA,EACF;AACF;AAEO,SAAS,qBAAqB;AAAA,EACnC,gBAAgB,KAAK,KAAK;AAAA;AAAA,EAC1B,eAAe,KAAK;AAAA;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAAU;AAAA,EACV,aAAa;AAAA,EACb,cAAc;AAChB,IAAiC,CAAC,GAA+B;AAC/D,QAAM,CAAC,QAAQ,SAAS,IAAIF,UAAS,KAAK;AAC1C,QAAM,CAAC,eAAe,gBAAgB,IAAIA,UAAS,aAAa;AAChE,QAAM,CAAC,aAAa,cAAc,IAAIA,UAAS,KAAK;AACpD,QAAM,CAAC,YAAY,aAAa,IAAIA,UAAS,KAAK;AAGlD,EAAAC,WAAU,MAAM;AACd,QAAI,CAAC,SAAS;AACZ,oBAAc,KAAK;AACnB,gBAAU,KAAK;AACf,qBAAe,KAAK;AACpB,uBAAiB,aAAa;AAAA,IAChC;AAAA,EACF,GAAG,CAAC,SAAS,aAAa,CAAC;AAE3B,QAAM,aAAa,OAA8B,IAAI;AACrD,QAAM,oBAAoB,OAA8B,IAAI;AAC5D,QAAM,uBAAuB,OAA8B,IAAI;AAC/D,QAAM,kBAAkB,OAAe,KAAK,IAAI,CAAC;AACjD,QAAM,aAAa,OAAgC,IAAI;AAGvD,QAAM,cAAcC,aAAY,MAAM;AACpC,QAAI,WAAW,SAAS;AACtB,mBAAa,WAAW,OAAO;AAC/B,iBAAW,UAAU;AAAA,IACvB;AACA,QAAI,kBAAkB,SAAS;AAC7B,mBAAa,kBAAkB,OAAO;AACtC,wBAAkB,UAAU;AAAA,IAC9B;AACA,QAAI,qBAAqB,SAAS;AAChC,oBAAc,qBAAqB,OAAO;AAC1C,2BAAqB,UAAU;AAAA,IACjC;AAAA,EACF,GAAG,CAAC,CAAC;AAGL,QAAM,gBAAgBA,aAAY,CAAC,uBAAuB,UAAU;AAClE,QAAI,CAAC,QAAS;AAEd,UAAM,MAAM,KAAK,IAAI;AACrB,oBAAgB,UAAU;AAG1B,gBAAY;AAGZ,cAAU,KAAK;AACf,mBAAe,KAAK;AACpB,qBAAiB,aAAa;AAG9B,QAAI,CAAC,sBAAsB;AACzB,mBAAa;AAAA,IACf;AAGA,UAAM,cAAc,gBAAgB;AACpC,QAAI,cAAc,GAAG;AACnB,wBAAkB,UAAU,WAAW,MAAM;AAC3C,uBAAe,IAAI;AACnB,oBAAY;AAAA,MACd,GAAG,WAAW;AAAA,IAChB;AAGA,eAAW,UAAU,WAAW,MAAM;AACpC,gBAAU,IAAI;AACd,eAAS;AAAA,IACX,GAAG,aAAa;AAGhB,yBAAqB,UAAU,YAAY,MAAM;AAC/C,YAAM,UAAU,KAAK,IAAI,IAAI,gBAAgB;AAC7C,YAAM,YAAY,KAAK,IAAI,GAAG,gBAAgB,OAAO;AACrD,uBAAiB,SAAS;AAE1B,UAAI,cAAc,GAAG;AACnB,oBAAY;AAAA,MACd;AAAA,IACF,GAAG,GAAI;AAGP,QAAI;AACF,mBAAa,QAAQ,YAAY,IAAI,SAAS,CAAC;AAAA,IACjD,SAAS,OAAO;AACd,cAAQ,KAAK,2DAA2D,KAAK;AAAA,IAC/E;AAGA,QAAI;AACF,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,YAAY,EAAE,MAAM,YAAY,WAAW,IAAI,CAAC;AAAA,MACrE;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,wDAAwD,KAAK;AAAA,IAC5E;AAAA,EACF,GAAG,CAAC,SAAS,eAAe,cAAc,QAAQ,WAAW,YAAY,YAAY,WAAW,CAAC;AAGjG,QAAM,gBAAgBA,aAAY,MAAM;AACtC,QAAI,CAAC,QAAS;AAGd,kBAAc,KAAK;AACnB,cAAU,KAAK;AACf,mBAAe,KAAK;AACpB,qBAAiB,aAAa;AAG9B,gBAAY;AAEZ,kBAAc,IAAI;AAGlB,QAAI;AACF,UAAI,OAAO,qBAAqB,aAAa;AAC3C,mBAAW,UAAU,IAAI,iBAAiB,WAAW;AACrD,mBAAW,QAAQ,YAAY,CAAC,UAAU;AACxC,cAAI,MAAM,KAAK,SAAS,YAAY;AAClC,4BAAgB,UAAU,MAAM,KAAK;AACrC,0BAAc;AAAA,UAChB;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,oEAAoE,KAAK;AAAA,IACxF;AAGA,QAAI;AACF,YAAM,gBAAgB,aAAa,QAAQ,UAAU;AACrD,UAAI,eAAe;AACjB,cAAM,qBAAqB,SAAS,eAAe,EAAE;AACrD,cAAM,UAAU,KAAK,IAAI,IAAI;AAE7B,YAAI,UAAU,eAAe;AAE3B,0BAAgB,UAAU;AAC1B,gBAAM,YAAY,gBAAgB;AAClC,2BAAiB,SAAS;AAE1B,cAAI,aAAa,cAAc;AAC7B,2BAAe,IAAI;AACnB,wBAAY;AAAA,UACd;AAEA,cAAI,aAAa,GAAG;AAClB,sBAAU,IAAI;AACd,qBAAS;AACT;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,mEAAmE,KAAK;AAAA,IACvF;AAGA,UAAM,yBAAyB,SAAS,CAAC,UAAU;AACjD,oBAAc;AAAA,IAChB,GAAG,GAAG;AAGN,UAAM,oBAAoB,MAAM;AAC9B,sBAAgB,QAAQ,WAAS;AAC/B,iBAAS,iBAAiB,OAAO,wBAAwB,EAAE,SAAS,KAAK,CAAC;AAAA,MAC5E,CAAC;AAAA,IACH;AAGA,UAAM,uBAAuB,MAAM;AACjC,sBAAgB,QAAQ,WAAS;AAC/B,iBAAS,oBAAoB,OAAO,sBAAsB;AAAA,MAC5D,CAAC;AAAA,IACH;AAGA,sBAAkB;AAGlB,kBAAc,IAAI;AAGlB,WAAO,MAAM;AACX,2BAAqB;AACrB,kBAAY;AACZ,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,MAAM;AACzB,mBAAW,UAAU;AAAA,MACvB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,SAAS,YAAY,aAAa,YAAY,eAAe,cAAc,QAAQ,SAAS,CAAC;AAGjG,QAAM,eAAeA,aAAY,MAAM;AACrC,kBAAc,KAAK;AACnB,gBAAY;AAEZ,QAAI,WAAW,SAAS;AACtB,iBAAW,QAAQ,MAAM;AACzB,iBAAW,UAAU;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,WAAW,CAAC;AAGhB,EAAAD,WAAU,MAAM;AACd,QAAI,SAAS;AACX,YAAM,UAAU,cAAc;AAC9B,aAAO;AAAA,IACT,OAAO;AACL,mBAAa;AAAA,IACf;AAAA,EACF,GAAG,CAAC,SAAS,eAAe,YAAY,CAAC;AAGzC,EAAAA,WAAU,MAAM;AACd,WAAO,MAAM;AACX,kBAAY;AACZ,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,MAAM;AAAA,MAC3B;AAAA,IACF;AAAA,EACF,GAAG,CAAC,WAAW,CAAC;AAEhB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAnXA,IA6FM;AA7FN;AAAA;AAAA;AA6FA,IAAM,kBAAkB;AAAA,MACtB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA;AAAA;;;AC7DA,SAAgB,aAAAE,YAAW,YAAAC,WAAU,eAAAC,oBAAmB;AAGxD,SAAS,OAAO,qBAAqB;AAsD3B,SAEI,OAAAC,MAFJ;AAnCH,SAAS,uBAAuB;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,QAAQ;AAAA,EACR,cAAc;AAAA,EACd;AACF,GAAgC;AAC9B,QAAM,CAAC,aAAa,cAAc,IAAIF,UAAS,aAAa;AAG5D,EAAAD,WAAU,MAAM;AACd,mBAAe,aAAa;AAAA,EAC9B,GAAG,CAAC,aAAa,CAAC;AAGlB,QAAM,aAAaE,aAAY,CAAC,YAAoB;AAClD,UAAM,OAAO,KAAK,MAAM,UAAU,EAAE;AACpC,UAAM,OAAO,UAAU;AACvB,WAAO,GAAG,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,EAChF,GAAG,CAAC,CAAC;AAKL,SACE,gBAAAC,KAAC,UAAO,MAAM,QAAQ,cAAc,CAAC,SAAS,CAAC,QAAQ,eAAe,GACpE;AAAA,IAAC;AAAA;AAAA,MACC,WAAW,eAAe,aAAa,EAAE;AAAA,MACzC,sBAAsB;AAAA,MACtB,4BAA4B;AAAA,MAC5B,eAAY;AAAA,MAEZ;AAAA,6BAAC,gBACC;AAAA,+BAAC,SAAI,WAAU,2BACb;AAAA,4BAAAA,KAAC,SAAI,WAAU,iBACb,0BAAAA,KAAC,iBAAc,WAAU,wBAAuB,GAClD;AAAA,YACA,gBAAAA,KAAC,SACC,0BAAAA,KAAC,eAAY,WAAU,uCACpB,iBACH,GACF;AAAA,aACF;AAAA,UACA,gBAAAA,KAAC,qBAAkB,WAAU,sBAC1B,uBACH;AAAA,WACF;AAAA,QAEA,qBAAC,SAAI,WAAU,aAEb;AAAA,+BAAC,SAAI,WAAU,eACb;AAAA,iCAAC,SAAI,WAAU,uFACb;AAAA,8BAAAA,KAAC,SAAM,WAAU,wBAAuB;AAAA,cACxC,gBAAAA,KAAC,UAAK,WAAU,6CACb,qBAAW,WAAW,GACzB;AAAA,eACF;AAAA,YACA,gBAAAA,KAAC,OAAE,WAAU,8BAA6B,oDAE1C;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,mCACb;AAAA,4BAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,YACA,gBAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,SAAQ;AAAA,gBACR,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,aACF;AAAA,UAGA,gBAAAA,KAAC,SAAI,WAAU,qCACb,0BAAAA,KAAC,OAAE,sGAEH,GACF;AAAA,WACF;AAAA;AAAA;AAAA,EACF,GACF;AAEJ;AAnKA;AAAA;AAAA;AAiDA;AACA;AAAA;AAAA;;;ACxCA,SAAgB,iBAAAC,gBAAe,cAAAC,aAAY,YAAAC,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,gBAAe;AA6MxF,SAYM,OAAAC,MAZN,QAAAC,aAAA;AA5JG,SAAS,mBAAmB;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,gBAAgB,KAAK,KAAK;AAAA;AAAA,EAC1B,eAAe,KAAK;AAAA;AAAA,EACpB;AAAA,EACA;AAAA,EACA,+BAA+B;AACjC,GAA4B;AAE1B,QAAM,CAAC,uBAAuB,wBAAwB,IAAIL,UAAS,KAAK;AACxE,QAAM,CAAC,yBAAyB,0BAA0B,IAAIA,UAAS,CAAC;AAGxE,EAAAC,WAAU,MAAM;AACd,QAAI,OAAO,WAAW,aAAa;AACjC,YAAM,eAAe;AAErB,UAAI,gBAAgB,8BAA8B;AAChD,gBAAQ,MAAM,6HAA6H;AAAA,MAC7I;AAEA,UAAI,CAAC,gBAAgB,8BAA8B;AACjD,gBAAQ,KAAK,qGAAqG;AAAA,MACpH;AAAA,IACF;AAAA,EACF,GAAG,CAAC,4BAA4B,CAAC;AAGjC,QAAM,sBAAsB,OAAO,WAAW,gBAC3C,QAAwC,CAAC,+BAA+B;AAE3E,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,qBAAqB;AAAA,IACvB;AAAA,IACA;AAAA,IACA,SAAS,uBAAuB,CAAC,CAAC,QAAQ,CAAC,CAAC;AAAA,IAC5C,QAAQC,aAAY,MAAM;AAExB,+BAAyB,KAAK;AAC9B,iCAA2B,CAAC;AAG5B,UAAI,gBAAgB;AAClB,uBAAe,KAAK,QAAQ,EAAE,MAAM,CAAC,UAAe;AAClD,kBAAQ,MAAM,kDAAkD,KAAK;AAAA,QACvE,CAAC;AAAA,MACH;AAGA,qBAAe,YAAY;AAAA,IAC7B,GAAG,CAAC,gBAAgB,YAAY,CAAC;AAAA,IACjC,WAAWA,aAAY,MAAM;AAC3B,+BAAyB,IAAI;AAC7B,iCAA2B,YAAY;AAAA,IACzC,GAAG,CAAC,YAAY,CAAC;AAAA,IACjB,YAAYA,aAAY,MAAM;AAC5B,+BAAyB,KAAK;AAC9B,iCAA2B,CAAC;AAAA,IAC9B,GAAG,CAAC,CAAC;AAAA,EACP,CAAC;AAGD,QAAM,mBAAmBA,aAAY,YAAY;AAE/C,6BAAyB,KAAK;AAC9B,+BAA2B,CAAC;AAG5B,iBAAa;AAGb,QAAI;AACF,UAAI,gBAAgB;AAClB,cAAM,eAAe,KAAK,QAAQ;AAAA,MACpC;AAAA,IACF,SAAS,OAAY;AACnB,cAAQ,MAAM,kDAAkD,KAAK;AAAA,IACvE;AAGA,mBAAe,YAAY;AAAA,EAC7B,GAAG,CAAC,gBAAgB,cAAc,YAAY,CAAC;AAG/C,QAAM,qBAAqBA,aAAY,MAAM;AAC3C,6BAAyB,KAAK;AAC9B,+BAA2B,CAAC;AAC5B,kBAAc;AAAA,EAChB,GAAG,CAAC,aAAa,CAAC;AAGlB,QAAM,mBAAmBA,aAAY,YAAY;AAC/C,6BAAyB,KAAK;AAC9B,+BAA2B,CAAC;AAC5B,iBAAa;AAGb,QAAI;AACF,UAAI,gBAAgB;AAClB,cAAM,eAAe,KAAK,QAAQ;AAAA,MACpC;AAAA,IACF,SAAS,OAAY;AACnB,cAAQ,MAAM,sDAAsD,KAAK;AAAA,IAC3E;AAGA,mBAAe,YAAY;AAAA,EAC7B,GAAG,CAAC,gBAAgB,cAAc,YAAY,CAAC;AAG/C,EAAAD,WAAU,MAAM;AACd,QAAI,eAAe,gBAAgB,GAAG;AACpC,iCAA2B,KAAK,KAAK,gBAAgB,GAAI,CAAC;AAAA,IAC5D;AAAA,EACF,GAAG,CAAC,aAAa,aAAa,CAAC;AAG/B,QAAM,eAAeE,SAA+B,OAAO;AAAA,IACzD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,SACE,gBAAAE,MAAC,kBAAkB,UAAlB,EAA2B,OAAO,cAChC;AAAA;AAAA,IAGA,0BACC,0BACE,wBAAwB;AAAA,MACtB,eAAe;AAAA,MACf,gBAAgB;AAAA,MAChB,cAAc;AAAA,IAChB,CAAC,IAED,gBAAAD;AAAA,MAAC;AAAA;AAAA,QACC,QAAQ;AAAA,QACR,eAAe;AAAA,QACf,gBAAgB;AAAA,QAChB,cAAc;AAAA;AAAA,IAChB;AAAA,KAGN;AAEJ;AA7OA,IAiCM,mBAEO;AAnCb;AAAA;AAAA;AAWA;AACA;AAqBA,IAAM,oBAAoBN,eAAiD,MAAS;AAE7E,IAAM,gBAAgB,MAAM;AACjC,YAAM,UAAUC,YAAW,iBAAiB;AAC5C,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,yDAAyD;AAAA,MAC3E;AACA,aAAO;AAAA,IACT;AAAA;AAAA;;;ACzCA;AAAA;AAAA;AAAA;AAAA;AA4JA,SAAgB,iBAAAO,gBAAe,cAAAC,aAAY,WAAAC,gBAAe;AAyEtD,gBAAAC,YAAA;AApBJ,SAAS,2BAA2B;AAAA,EAClC;AAAA,EACA;AAAA,EACA,GAAG;AACL,GAA6B;AAC3B,QAAM,OAAO,QAAQ;AACrB,QAAM,OAAO,QAAQ;AACrB,QAAM,aAAa,cAAc;AAGjC,QAAM,eAAeD,SAAgC,OAAO;AAAA,IAC1D,GAAG;AAAA,IACH,GAAG;AAAA,IACH,GAAG;AAAA,IACH;AAAA,IACA,WAAW,KAAK,eAAe,KAAK;AAAA,IACpC,WAAW,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,KAAK;AAAA,EACxC,IAAI,CAAC,MAAM,MAAM,YAAY,OAAO,CAAC;AAErC,SACE,gBAAAC,KAAC,mBAAmB,UAAnB,EAA4B,OAAO,cACjC,UACH;AAEJ;AAGA,SAAS,mBAAmB;AAAA,EAC1B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAA6B;AAC3B,QAAM,OAAO,QAAQ;AAErB,SACE,gBAAAA;AAAA,IAAC;AAAA;AAAA,MACC;AAAA,MACA,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,MACd;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MAEA,0BAAAA;AAAA,QAAC;AAAA;AAAA,UACC,MAAM,KAAK;AAAA,UACX,SAAS,KAAK;AAAA,UACd;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UAEA,0BAAAA;AAAA,YAAC;AAAA;AAAA,cACC;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cAEC;AAAA;AAAA,UACH;AAAA;AAAA,MACF;AAAA;AAAA,EACF;AAEJ;AAEO,SAAS,oBAAoB;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA,EACA,eAAe;AAAA,EACf;AAAA,EACA,6BAA6B;AAAA,EAC7B,aAAa;AAAA,EACb,gBAAgB,KAAK,KAAK;AAAA;AAAA,EAC1B,eAAe,KAAK;AAAA;AAAA,EACpB;AAAA,EACA;AAAA,EACA,+BAA+B;AACjC,GAA6B;AAC3B,SACE,gBAAAA,KAAC,gBAAa,gBACZ,0BAAAA;AAAA,IAAC;AAAA;AAAA,MACC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MAEC;AAAA;AAAA,EACH,GACF;AAEJ;AAtUA,IA8KM,oBAEO;AAhLb;AAAA;AAAA;AA+JA;AACA;AACA;AAaA,IAAM,qBAAqBH,eAAkD,MAAS;AAE/E,IAAM,iBAAiB,MAAM;AAClC,YAAM,UAAUC,YAAW,kBAAkB;AAC7C,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,0DAA0D;AAAA,MAC5E;AACA,aAAO;AAAA,IACT;AAAA;AAAA;;;ACtLA;AAAA;AAAA;AAAA;AAAA;AAkEA,SAAgB,iBAAAG,gBAAe,cAAAC,aAAY,YAAAC,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,gBAAe;AAC5F,SAAS,mBAAmB;AAsclB,SACE,OAAAC,MADF,QAAAC,aAAA;AAnaH,SAAS,qBAAqB,EAAE,SAAS,GAA8B;AAC5E,QAAM,CAAC,sBAAsB,uBAAuB,IAAIL,UAA8B,IAAI;AAC1F,QAAM,CAAC,eAAe,gBAAgB,IAAIA,UAAyB,CAAC,CAAC;AACrE,QAAM,CAAC,iBAAiB,kBAAkB,IAAIA,UAAmC,CAAC,CAAC;AACnF,QAAM,CAAC,cAAc,eAAe,IAAIA,UAA8B,oBAAI,IAAI,CAAC;AAC/E,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AACrD,QAAM,CAAC,gBAAgB,iBAAiB,IAAIA,UAAS,KAAK;AAE1D,QAAM,EAAE,MAAM,SAAS,UAAU,QAAQ,IAAI,eAAe;AAG5D,MAAI,WAAgB;AACpB,MAAI;AACF,eAAW,YAAY;AAAA,EACzB,SAASM,QAAO;AAEd,eAAW;AAAA,EACb;AAGA,QAAM,iCAAiCJ,aAAY,OAAO,iBAA8C;AACtG,QAAI,CAAC,YAAY,CAAC,SAAS;AACzB,cAAQ,KAAK,iGAAiG;AAC9G,wBAAkB,KAAK;AACvB;AAAA,IACF;AAEA,QAAI;AACF,YAAM,uBAAuB,UAAU,aAAa,EAAE;AACtD,kBAAY,IAAI,wBAAwB,yCAAyC,aAAa,YAAY;AAC1G,wBAAkB,IAAI;AAAA,IACxB,SAASI,QAAO;AACd,cAAQ,MAAM,uEAAuEA,MAAK;AAC1F,wBAAkB,KAAK;AAAA,IAEzB;AAAA,EACF,GAAG,CAAC,UAAU,OAAO,CAAC;AAGtB,EAAAL,WAAU,MAAM;AACd,QAAI,wBAAwB,YAAY,SAAS;AAE/C,wBAAkB,KAAK;AAGvB,OAAC,YAAY;AACX,cAAM,+BAA+B,oBAAoB;AAAA,MAC3D,GAAG;AAAA,IACL,OAAO;AACL,wBAAkB,KAAK;AAAA,IACzB;AAAA,EACF,GAAG,CAAC,sBAAsB,gCAAgC,UAAU,OAAO,CAAC;AAG5E,QAAM,wBAAwBC,aAAY,YAAY;AACpD,QAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU;AAElC,kBAAY,IAAI,wBAAwB,oEAAoE;AAC5G,8BAAwB,IAAI;AAC5B,uBAAiB,CAAC,CAAC;AACnB,yBAAmB,CAAC,CAAC;AACrB,mBAAa,KAAK;AAClB,eAAS,IAAI;AACb;AAAA,IACF;AACE,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AACF,kBAAY,IAAI,wBAAwB,mCAAmC,KAAK,EAAE;AAIlF,UAAI,aAAa;AACjB,UAAI;AACF,cAAM,SAAS,MAAM,SAClB,KAAK,yBAAyB,EAC9B,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,aAaP,EACA,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,UAAU,QAAQ,EACrB,GAAG,cAAc,IAAI,EACrB,GAAG,QAAQ,CAAC,aAAa,UAAU,QAAQ,CAAC;AAE/C,sBAAc,OAAO;AACrB,0BAAkB,OAAO;AAAA,MAC3B,SAAS,YAAiB;AACxB,0BAAkB;AAAA,MACpB;AAEA,UAAI,iBAAiB;AACnB,gBAAQ,MAAM,qDAAqD,eAAe;AAClF,cAAM;AAAA,MACR;AAEA,kBAAY,IAAI,wBAAwB,yBAAyB,WAAW;AAE5E,UAAI,CAAC,eAAe,YAAY,WAAW,GAAG;AAC5C,cAAM,IAAI,MAAM,6CAA6C;AAAA,MAC/D;AAGA,YAAM,kBAAkB,YAAY,IAAI,CAAC,MAAW,EAAE,eAAe;AACrE,YAAM,EAAE,MAAMK,gBAAe,OAAO,SAAS,IAAI,MAAM,SACpD,KAAK,eAAe,EACpB,OAAO,mGAAmG,EAC1G,GAAG,MAAM,eAAe;AAE3B,UAAI,UAAU;AACZ,gBAAQ,MAAM,uDAAuD,QAAQ;AAC7E,cAAM;AAAA,MACR;AAIA,YAAM,UAAU,oBAAI,IAAoB;AACxC,mBAAa,QAAQ,CAAC,eAAoB;AACxC,gBAAQ,IAAI,WAAW,iBAAiB,WAAW,IAAI;AAAA,MACzD,CAAC;AAGD,YAAM,OAAOA;AACb,YAAM,aAAa,KAAK,OAAO,SAAO,IAAI,SAAS;AAEnD,UAAI,WAAW,WAAW,GAAG;AAC3B,cAAM,IAAI,MAAM,4CAA4C;AAAA,MAC9D;AAEA,kBAAY,IAAI,wBAAwB,yBAAyB,UAAU;AAE3E,uBAAiB,UAAU;AAC3B,yBAAmB,WAAuC;AAG1D,sBAAgB,OAAO;AAGvB,UAAI,aAAkC;AAGtC,UAAI;AACF,cAAM,qBAAqB,aAAa,QAAQC,cAAa,qBAAqB;AAClF,YAAI,oBAAoB;AACtB,gBAAM,eAAe,KAAK,MAAM,kBAAkB;AAClD,gBAAM,oBAAoB,WAAW,KAAK,SAAO,IAAI,OAAO,aAAa,EAAE;AAC3E,cAAI,mBAAmB;AACrB,yBAAa;AACb,wBAAY,IAAI,wBAAwB,oCAAoC,WAAW,YAAY;AAAA,UACrG;AAAA,QACF;AAAA,MACF,SAAS,cAAc;AACrB,gBAAQ,KAAK,oEAAoE,YAAY;AAAA,MAC/F;AAGA,UAAI,CAAC,YAAY;AACf,cAAM,kBAAkB,YAAY,KAAK,CAAC,MAAW,EAAE,SAAS,WAAW;AAC3E,YAAI,iBAAiB;AACnB,gBAAM,WAAWD,eAAc,KAAK,CAAC,QAAa,IAAI,OAAO,gBAAgB,eAAe;AAC5F,cAAI,UAAU;AACZ,yBAAa;AACb,wBAAY,IAAI,wBAAwB,oCAAoC,WAAW,YAAY;AAAA,UACrG;AAAA,QACF;AAAA,MACF;AAGA,UAAI,CAAC,YAAY;AACf,qBAAa,WAAW,CAAC;AACzB,oBAAY,IAAI,wBAAwB,gCAAgC,WAAW,YAAY;AAAA,MACjG;AAEA,UAAI,CAAC,YAAY;AACf,cAAM,IAAI,MAAM,sCAAsC;AAAA,MACxD;AAEA,8BAAwB,UAAU;AAGlC,mBAAa,QAAQC,cAAa,uBAAuB,KAAK,UAAU,UAAU,CAAC;AAEnF,kBAAY,IAAI,wBAAwB,qCAAqC;AAAA,QAC3E,sBAAsB,WAAW;AAAA,QACjC,oBAAoB,WAAW;AAAA,QAC/B,UAAU,QAAQ,IAAI,WAAW,EAAE;AAAA,MACrC,CAAC;AAAA,IAEH,SAAS,KAAK;AACZ,cAAQ,MAAM,wDAAwD,GAAG;AACzE,eAAS,GAAY;AAErB,8BAAwB,IAAI;AAC5B,uBAAiB,CAAC,CAAC;AACnB,yBAAmB,CAAC,CAAC;AACrB,mBAAa,WAAWA,cAAa,qBAAqB;AAAA,IAC5D,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACJ,GAAG,CAAC,MAAM,SAAS,QAAQ,CAAC;AAG5B,EAAAP,WAAU,MAAM;AACd,0BAAsB;AAAA,EACxB,GAAG,CAAC,qBAAqB,CAAC;AAG1B,QAAM,0BAA0BC,aAAY,YAAY;AACtD,QAAI;AACF,YAAM,QAAQ;AACd,UAAI,UAAU;AACZ,iBAAS,UAAU,EAAE,SAAS,KAAK,CAAC;AAAA,MACtC,OAAO;AAEL,eAAO,SAAS,OAAO;AAAA,MACzB;AAAA,IACF,SAASI,QAAO;AACd,cAAQ,MAAM,+CAA+CA,MAAK;AAElE,UAAI,UAAU;AACZ,iBAAS,UAAU,EAAE,SAAS,KAAK,CAAC;AAAA,MACtC,OAAO;AAEL,eAAO,SAAS,OAAO;AAAA,MACzB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,SAAS,QAAQ,CAAC;AAGtB,QAAM,4BAA4BJ,aAAY,MAAoB;AAChE,QAAI,CAAC,sBAAsB;AACzB,YAAM,IAAI,MAAM,oDAAoD;AAAA,IACtE;AACA,WAAO;AAAA,EACT,GAAG,CAAC,oBAAoB,CAAC;AAGzB,QAAM,cAAcA,aAAY,CAAC,UAA2B;AAC1D,UAAM,cAAc,SAAS,sBAAsB;AACnD,QAAI,CAAC,YAAa,QAAO;AAGzB,WAAO,aAAa,IAAI,WAAW,KAAK;AAAA,EAC1C,GAAG,CAAC,cAAc,oBAAoB,CAAC;AAGvC,QAAM,6BAA6BA,aAAY,CAAC,UAA2B;AACzE,WAAO,gBAAgB;AAAA,MAAK,CAAC,MAC3B,EAAE,oBAAoB,SACtB,EAAE,WAAW,YACb,EAAE,eAAe;AAAA,IACnB;AAAA,EACF,GAAG,CAAC,eAAe,CAAC;AAGpB,QAAM,qBAAqBA,aAAY,OAAO,UAAiC;AAC7E,gBAAY,IAAI,wBAAwB,8BAA8B,KAAK;AAG3E,QAAI,CAAC,2BAA2B,KAAK,GAAG;AACtC,YAAM,IAAI,MAAM,6CAA6C,KAAK,EAAE;AAAA,IACtE;AAEA,UAAM,YAAY,cAAc,KAAK,SAAO,IAAI,OAAO,KAAK;AAC5D,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,gBAAgB,KAAK,oCAAoC;AAAA,IAC3E;AAEA,4BAAwB,SAAS;AAGjC,iBAAa,QAAQM,cAAa,uBAAuB,KAAK,UAAU,SAAS,CAAC;AAGlF,UAAM,+BAA+B,SAAS;AAE9C,gBAAY,IAAI,wBAAwB,6BAA6B,UAAU,YAAY;AAAA,EAC7F,GAAG,CAAC,eAAe,4BAA4B,8BAA8B,CAAC;AAG9E,QAAM,uBAAuBN,aAAY,YAA2B;AAClE,QAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,SAAU;AAGpC,iBAAa,IAAI;AAAA,EAEnB,GAAG,CAAC,MAAM,SAAS,QAAQ,CAAC;AAG5B,QAAM,yBAAyBA,aAAY,MAA2B;AAEpE,UAAM,eAAe,CAAC,aAAa,UAAU,QAAQ;AAErD,eAAW,QAAQ,cAAc;AAC/B,YAAM,aAAa,gBAAgB,KAAK,CAAC,MAAW,EAAE,SAAS,IAAI;AACnE,UAAI,YAAY;AACd,eAAO,cAAc,KAAK,CAAC,QAAa,IAAI,OAAO,WAAW,eAAe,KAAK;AAAA,MACpF;AAAA,IACF;AAEA,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,aAAa,CAAC;AAGnC,QAAM,uBAAuBA,aAAY,MAAe;AACtD,WAAO,CAAC,EAAE,wBAAwB;AAAA,EACpC,GAAG,CAAC,sBAAsB,IAAI,CAAC;AAG/B,QAAM,6BAA6BA,aAAY,CAAC,SAAkD;AAChG,UAAM,SAAS,oBAAI,IAA0B;AAC7C,SAAK,QAAQ,SAAO,OAAO,IAAI,IAAI,IAAI,GAAG,CAAC;AAE3C,UAAM,QAAiC,CAAC;AAExC,SAAK,QAAQ,SAAO;AAClB,UAAI,CAAC,IAAI,WAAW;AAElB,cAAM,KAAK;AAAA,UACT,cAAc;AAAA,UACd,UAAU,CAAC;AAAA,UACX,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAGD,WAAO;AAAA,EACT,GAAG,CAAC,CAAC;AAGL,QAAM,8BAA8BC,SAAQ,MAAM;AAChD,WAAO,CAAC,EAAE,wBAAwB,CAAC,aAAa,CAAC,SAAS;AAAA,EAC5D,GAAG,CAAC,sBAAsB,WAAW,OAAO,cAAc,CAAC;AAG3D,QAAM,eAAeA,SAAiC,MAAM;AAE1D,QAAI,CAAC,sBAAsB;AAGzB,YAAM,iBAA+B;AAAA,QACnC,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,cAAc;AAAA,QACd,mBAAmB;AAAA,QACnB,UAAU,CAAC;AAAA,QACX,WAAW;AAAA,QACX,YAAY;AAAA,QACZ,YAAY;AAAA,MACd;AAEA,aAAO;AAAA,QACL,sBAAsB;AAAA,QACtB,eAAe,CAAC;AAAA,QAChB,iBAAiB,CAAC;AAAA,QAClB;AAAA,QACA;AAAA,QACA,6BAA6B;AAAA,QAC7B,yBAAyB,MAAM;AAAA,QAAC;AAAA,QAChC,oBAAoB,YAAY;AAAA,QAAC;AAAA,QACjC,aAAa,MAAM;AAAA,QACnB,4BAA4B,MAAM;AAAA,QAClC,sBAAsB,YAAY;AAAA,QAAC;AAAA,QACnC,2BAA2B,MAAM;AAAE,gBAAM,IAAI,MAAM,yBAAyB;AAAA,QAAgC;AAAA,QAC5G,sBAAsB,MAAM;AAAA,QAC5B,wBAAwB,MAAM;AAAA,MAChC;AAAA,IACF;AAEA,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF,GAAG;AAAA,IACD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAGD,MAAI,aAAc,wBAAwB,CAAC,gBAAiB;AAC1D,WACE,gBAAAC,KAAC,SAAI,WAAU,wBAAuB,MAAK,UAAS,cAAW,gCAC7D,0BAAAA,KAAC,SAAI,WAAU,iDACb,0BAAAC,MAAC,SAAI,WAAU,eACb;AAAA,sBAAAD,KAAC,SAAI,WAAU,4EAA2E;AAAA,MAC1F,gBAAAA,KAAC,OAAE,WAAU,yBACV,sBAAY,oCAAoC,sCACnD;AAAA,OACF,GACF,GACF;AAAA,EAEJ;AAEA,MAAI,SAAU,QAAQ,CAAC,sBAAuB;AAC5C,WACE,gBAAAA,KAAC,SAAI,WAAU,sBAAqB,MAAK,SACvC,0BAAAA,KAAC,SAAI,WAAU,iDACb,0BAAAC,MAAC,SAAI,WAAU,oCACb;AAAA,sBAAAD,KAAC,SAAI,WAAU,yBACb,0BAAAA,KAAC,SAAI,WAAU,qBAAoB,MAAK,QAAO,SAAQ,aAAY,QAAO,gBACxE,0BAAAA,KAAC,UAAK,eAAc,SAAQ,gBAAe,SAAQ,aAAa,GAAG,GAAE,4IAA2I,GAClN,GACF;AAAA,MACA,gBAAAA,KAAC,QAAG,WAAU,8CAA6C,0CAE3D;AAAA,MACA,gBAAAA,KAAC,OAAE,WAAU,8BACV,iBAAO,WAAW,8GACrB;AAAA,MACA,gBAAAA;AAAA,QAAC;AAAA;AAAA,UACC,SAAS;AAAA,UACT,WAAU;AAAA,UACX;AAAA;AAAA,MAED;AAAA,OACF,GACF,GACF;AAAA,EAEJ;AAEA,SACE,gBAAAA,KAAC,oBAAoB,UAApB,EAA6B,OAAO,cAClC,UACH;AAEJ;AArjBA,IAiFM,qBAGAI,eAyeO;AA7jBb;AAAA;AAAA;AAoEA;AACA;AACA;AAWA,IAAM,sBAAsBV,eAAmD,MAAS;AAGxF,IAAMU,gBAAe;AAAA,MACnB,uBAAuB;AAAA,MACvB,sBAAsB;AAAA,IACxB;AAseO,IAAM,mBAAmB,MAA+B;AAC7D,YAAM,UAAUT,YAAW,mBAAmB;AAC9C,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,8DAA8D;AAAA,MAChF;AACA,aAAO;AAAA,IACT;AAAA;AAAA;","names":["session","authError","createContext","useContext","useState","useEffect","useCallback","useMemo","jsx","permissions","roles","useState","useEffect","useCallback","useEffect","useState","useCallback","jsx","createContext","useContext","useState","useEffect","useCallback","useMemo","jsx","jsxs","createContext","useContext","useMemo","jsx","createContext","useContext","useState","useEffect","useCallback","useMemo","jsx","jsxs","error","organisations","STORAGE_KEYS"]}