npm - @jmruthers/pace-core - Versions diffs - 0.2.7 → 0.5.1 - Mend

@jmruthers/pace-core 0.2.7 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (541) hide show

package/dist/chunk-BEZRLNK3.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/providers/AuthProvider.tsx","../src/providers/RBACProvider.tsx","../src/hooks/useInactivityTracker.ts","../src/components/InactivityWarningModal/InactivityWarningModal.tsx","../src/providers/InactivityProvider.tsx","../src/providers/UnifiedAuthProvider.tsx","../src/providers/OrganisationProvider.tsx"],"sourcesContent":["/**\n * @file Authentication Provider\n * @package @jmruthers/pace-core\n * @module Providers/Auth\n * @since 0.1.0\n *\n * Handles user authentication, session management, and auth-related operations.\n * Separated from UnifiedAuthProvider for better maintainability.\n */\n\nimport React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';\nimport { type SupabaseClient, type User, type Session, AuthError } from '@supabase/supabase-js';\nimport { DebugLogger } from '../utils/debugLogger';\n\n// Auth context type\nexport interface AuthContextType {\n // Auth state\n user: User | null;\n session: Session | null;\n isAuthenticated: boolean;\n authLoading: boolean;\n authError: AuthError | null;\n error: AuthError | null; // Alias for authError for backward compatibility\n supabase: SupabaseClient | null;\n \n // Auth methods\n signIn: (email: string, password?: string) => Promise<{ error: AuthError | null }>;\n signUp: (email: string, password: string) => Promise<{ error: AuthError | null }>;\n signOut: () => Promise<{ error: AuthError | null }>;\n resetPassword: (email: string) => Promise<{ error: AuthError | null }>;\n updatePassword: (password: string) => Promise<{ error: AuthError | null }>;\n refreshSession: () => Promise<{ error: AuthError | null }>;\n}\n\nconst AuthContext = createContext<AuthContextType | undefined>(undefined);\n\nexport const useAuth = () => {\n const context = useContext(AuthContext);\n if (!context) {\n throw new Error('useAuth must be used within an AuthProvider');\n }\n return context;\n};\n\nexport interface AuthProviderProps {\n children: React.ReactNode;\n supabaseClient?: SupabaseClient;\n}\n\nexport function AuthProvider({ children, supabaseClient }: AuthProviderProps) {\n // Auth state\n const [user, setUser] = useState<User | null>(null);\n const [session, setSession] = useState<Session | null>(null);\n const [authLoading, setAuthLoading] = useState(true);\n const [authError, setAuthError] = useState<AuthError | null>(null);\n\n // Global error handler to suppress AuthSessionMissingError during logout\n useEffect(() => {\n const handleError = (event: ErrorEvent) => {\n if (event.error?.message?.includes('AuthSessionMissingError') || \n event.error?.message?.includes('Auth session missing')) {\n console.warn('[AuthProvider] Suppressing AuthSessionMissingError during logout');\n event.preventDefault();\n return false;\n }\n };\n\n const handleUnhandledRejection = (event: PromiseRejectionEvent) => {\n if (event.reason?.message?.includes('AuthSessionMissingError') ||\n event.reason?.message?.includes('Auth session missing')) {\n console.warn('[AuthProvider] Suppressing unhandled AuthSessionMissingError');\n event.preventDefault();\n return false;\n }\n };\n\n window.addEventListener('error', handleError);\n window.addEventListener('unhandledrejection', handleUnhandledRejection);\n\n return () => {\n window.removeEventListener('error', handleError);\n window.removeEventListener('unhandledrejection', handleUnhandledRejection);\n };\n }, []);\n\n // Load initial user if no session but supabase client exists\n useEffect(() => {\n if (!supabaseClient) return;\n\n const loadInitialUser = async () => {\n try {\n const response = await supabaseClient.auth.getUser();\n const { data: { user: initialUser }, error } = response || { data: { user: null }, error: null };\n if (error) {\n console.warn('Failed to get initial user:', error);\n setAuthLoading(false);\n return;\n }\n \n if (initialUser) {\n setUser(initialUser);\n }\n setAuthLoading(false);\n } catch (error) {\n console.error('Error loading initial user:', error);\n setAuthLoading(false);\n }\n };\n\n // Only load initial user if we haven't set up the auth state change listener yet\n // This prevents race conditions between loadInitialUser and auth state change\n const timeoutId = setTimeout(() => {\n if (authLoading && !user && !session) {\n loadInitialUser();\n }\n }, 100);\n\n return () => clearTimeout(timeoutId);\n }, [supabaseClient, authLoading, user, session]);\n\n // Auth state change listener\n useEffect(() => {\n if (!supabaseClient) {\n setAuthLoading(false);\n return;\n }\n\n // Shorter timeout to prevent hanging\n const timeoutId = setTimeout(() => {\n if (authLoading) {\n console.warn('AuthProvider: Auth loading timeout reached');\n setAuthLoading(false);\n }\n }, 2000); // Reduced from 5000 to 2000\n\n try {\n DebugLogger.log('AuthProvider', 'Setting up auth state change listener...');\n const authStateChange = supabaseClient.auth.onAuthStateChange(\n (event, session) => {\n try {\n DebugLogger.log('AuthProvider', 'Auth state changed:', event, session?.user?.email);\n \n // Clear timeout immediately when we get an auth state change\n clearTimeout(timeoutId);\n \n // Handle different auth events\n if (event === 'SIGNED_OUT') {\n DebugLogger.log('AuthProvider', 'User signed out, clearing all state');\n // Clear all state immediately and aggressively\n setSession(null);\n setUser(null);\n setAuthLoading(false);\n setAuthError(null);\n } else {\n setSession(session);\n setUser(session?.user ?? null);\n setAuthLoading(false);\n \n // Only clear auth error if we have a valid session\n if (session) {\n setAuthError(null);\n }\n }\n } catch (error) {\n console.warn('[AuthProvider] Error in auth state change handler:', error);\n // Ensure loading is always set to false\n setAuthLoading(false);\n }\n }\n );\n\n const subscription = authStateChange?.data?.subscription || authStateChange;\n \n return () => {\n clearTimeout(timeoutId);\n if (subscription && typeof subscription.unsubscribe === 'function') {\n DebugLogger.log('AuthProvider', 'Cleaning up auth state listener');\n subscription.unsubscribe();\n }\n };\n } catch (error) {\n console.error('AuthProvider: Error setting up auth state change listener:', error);\n \n // Don't set authError for connection issues or auth session missing errors\n if (error instanceof Error && \n !error.message.includes('No API key found') && \n !error.message.includes('AuthSessionMissingError') &&\n !error.message.includes('Auth session missing')) {\n setAuthError(error as AuthError);\n }\n setAuthLoading(false);\n clearTimeout(timeoutId);\n return () => {};\n }\n }, [supabaseClient]);\n\n // Auth methods\n const signIn = useCallback(async (email: string, password?: string) => {\n if (!supabaseClient) {\n const error = new Error('No Supabase client provided') as AuthError;\n setAuthError(error);\n return { error };\n }\n\n setAuthLoading(true);\n setAuthError(null);\n \n try {\n const { error } = await supabaseClient.auth.signInWithPassword({ email, password: password || '' });\n if (error) {\n setAuthError(error);\n }\n return { error };\n } catch (err: any) {\n const authError = err as AuthError;\n setAuthError(authError);\n return { error: authError };\n } finally {\n setAuthLoading(false);\n }\n }, [supabaseClient]);\n\n const signUp = useCallback(async (email: string, password: string) => {\n if (!supabaseClient) {\n const error = new Error('No Supabase client provided') as AuthError;\n setAuthError(error);\n return { error };\n }\n\n setAuthError(null);\n try {\n const { error } = await supabaseClient.auth.signUp({ email, password });\n if (error) {\n setAuthError(error);\n }\n return { error };\n } catch (err: any) {\n const authError = err as AuthError;\n setAuthError(authError);\n return { error: authError };\n }\n }, [supabaseClient]);\n\n const signOut = useCallback(async () => {\n DebugLogger.log('AuthProvider', 'signOut called');\n \n // Immediately set loading to false to prevent timeout warnings\n setAuthLoading(false);\n \n if (!supabaseClient) {\n DebugLogger.log('AuthProvider', 'No supabase client, clearing state manually');\n setUser(null);\n setSession(null);\n setAuthError(null);\n return { error: null };\n }\n \n // Clear state immediately before calling Supabase signOut\n DebugLogger.log('AuthProvider', 'Pre-clearing state before signOut call');\n setUser(null);\n setSession(null);\n setAuthError(null);\n \n try {\n DebugLogger.log('AuthProvider', 'Calling supabase signOut');\n \n // Add a timeout to prevent hanging\n const signOutPromise = supabaseClient.auth.signOut();\n const timeoutPromise = new Promise((_, reject) => \n setTimeout(() => reject(new Error('SignOut timeout')), 3000)\n );\n \n const { error } = await Promise.race([signOutPromise, timeoutPromise]) as any;\n \n if (error && !error.message?.includes('SignOut timeout')) {\n console.error('[AuthProvider] signOut error:', error);\n // Don't set auth error for logout - we've already cleared state\n }\n \n DebugLogger.log('AuthProvider', 'signOut process completed');\n return { error: null }; // Always return success for logout\n } catch (err) {\n console.warn('[AuthProvider] signOut exception (ignored):', err);\n // Ignore errors during logout - state is already cleared\n return { error: null };\n }\n }, [supabaseClient]);\n\n const resetPassword = useCallback(async (email: string) => {\n if (!supabaseClient) {\n const error = new Error('No Supabase client provided') as AuthError;\n setAuthError(error);\n return { error };\n }\n\n setAuthError(null);\n try {\n const { error } = await supabaseClient.auth.resetPasswordForEmail(email);\n if (error) {\n setAuthError(error);\n }\n return { error };\n } catch (err: any) {\n const authError = err as AuthError;\n setAuthError(authError);\n return { error: authError };\n }\n }, [supabaseClient]);\n\n const updatePassword = useCallback(async (password: string) => {\n if (!supabaseClient) return { error: new AuthError('Supabase client not available.', 500) };\n const { error } = await supabaseClient.auth.updateUser({ password });\n if (error) {\n setAuthError(error);\n }\n return { error };\n }, [supabaseClient]);\n\n const refreshSession = useCallback(async () => {\n if (!supabaseClient) {\n const error = new Error('No Supabase client provided') as AuthError;\n setAuthError(error);\n return { error };\n }\n\n setAuthError(null);\n try {\n const { error } = await supabaseClient.auth.refreshSession();\n if (error) {\n setAuthError(error);\n }\n return { error };\n } catch (err: any) {\n const authError = err as AuthError;\n setAuthError(authError);\n return { error: authError };\n }\n }, [supabaseClient]);\n\n // Memoized derived values\n const isAuthenticated = !!user;\n\n // Memoized context value\n const contextValue = useMemo<AuthContextType>(() => ({\n user,\n session,\n isAuthenticated,\n authLoading,\n authError,\n error: authError, // Alias for backward compatibility\n supabase: supabaseClient || null,\n\n signIn,\n signUp,\n signOut,\n resetPassword,\n updatePassword,\n refreshSession,\n }), [\n user, session, isAuthenticated, authLoading, authError, supabaseClient,\n signIn, signUp, signOut, resetPassword, updatePassword, refreshSession,\n ]);\n\n return (\n <AuthContext.Provider value={contextValue}>\n {children}\n </AuthContext.Provider>\n );\n}\n","/**\n * @file RBAC Provider\n * @package @jmruthers/pace-core\n * @module Providers/RBAC\n * @since 0.1.0\n *\n * Handles role-based access control, permissions, and event access management.\n * Separated from UnifiedAuthProvider for better maintainability.\n */\n\nimport React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';\nimport { type SupabaseClient, type User, type Session } from '@supabase/supabase-js';\nimport { AccessLevel } from '../types/unified';\nimport { DebugLogger } from '../utils/debugLogger';\n\n// App configuration type\ninterface AppConfig {\n supports_direct_access: boolean;\n requires_event: boolean;\n}\n\n// User event access type - now includes organisation context for security\nexport interface UserEventAccess {\n event_id: string;\n event_name: string;\n event_description?: string | null;\n start_date: string;\n end_date: string;\n event_status: string;\n app_id: string;\n access_level: string;\n granted_at: string;\n organisation_id: string; // MANDATORY for security\n}\n\n// RBAC context type\nexport interface RBACContextType {\n // RBAC state\n permissions: Record<string, boolean>;\n roles: string[];\n accessLevel: AccessLevel;\n rbacLoading: boolean;\n rbacError: Error | null;\n selectedEventId: string | null;\n appConfig: AppConfig | null;\n userEventAccess: UserEventAccess[];\n eventAccessLoading: boolean;\n \n // Organisation context integration\n selectedOrganisationId: string | null;\n requireOrganisationContext: () => string; // Throws if no organisation context\n \n // RBAC methods\n hasPermission: (permission: string, orgId?: string) => boolean;\n hasAnyPermission: (permissions: string[], orgId?: string) => boolean;\n hasAllPermissions: (permissions: string[], orgId?: string) => boolean;\n hasRole: (role: string) => boolean;\n hasAccessLevel: (level: AccessLevel) => boolean;\n canAccess: (resource: string, action: string, orgId?: string) => boolean;\n validatePermission: (permission: string, orgId?: string) => Promise<boolean>;\n validateAccess: (resource: string, action: string, orgId?: string) => Promise<boolean>;\n refreshPermissions: (eventId?: string, orgId?: string) => Promise<void>;\n setSelectedEventId: (eventId: string | null) => void;\n loadUserEventAccess: (orgId?: string) => Promise<void>;\n getUserEventAccess: (eventId: string) => UserEventAccess | undefined;\n \n // New RBAC system support\n rbacEnabled: boolean;\n rbacContext?: any; // Will be populated by useRBAC hook when enabled\n}\n\nconst RBACContext = createContext<RBACContextType | undefined>(undefined);\n\nexport const useRBAC = () => {\n const context = useContext(RBACContext);\n if (!context) {\n throw new Error('useRBAC must be used within an RBACProvider');\n }\n return context;\n};\n\nexport interface RBACProviderProps {\n children: React.ReactNode;\n supabaseClient?: SupabaseClient;\n user: User | null;\n session: Session | null;\n appName: string;\n enableRBAC?: boolean;\n persistState?: boolean;\n enablePersistence?: boolean;\n requireOrganisationContext?: boolean;\n}\n\n// Storage keys for persistence\nconst STORAGE_KEYS = {\n SELECTED_EVENT: 'pace-core-selected-event',\n} as const;\n\n// Helper function to transform RBAC permissions to the format expected by UnifiedAuthProvider\nconst transformRBACPermissions = (rbacData: any[], _appName: string) => {\n const permissions: Record<string, boolean> = {};\n let roles: string[] = [];\n let access_level: AccessLevel = AccessLevel.VIEWER;\n\n if (!rbacData || !Array.isArray(rbacData)) {\n return { permissions: {}, roles: ['viewer'], access_level: AccessLevel.VIEWER };\n }\n\n // Check for super admin first\n const superAdminPerm = rbacData.find((p: any) => p.permission_type === 'all_permissions');\n if (superAdminPerm) {\n return { \n permissions: { 'all:all': true } as Record<string, boolean>, \n roles: ['super'], \n access_level: AccessLevel.SUPER \n };\n }\n\n // Process event-app permissions\n const eventAppPerms = rbacData.filter((p: any) => p.permission_type === 'event_app_access');\n if (eventAppPerms.length > 0) {\n const role = eventAppPerms[0].role_name;\n \n // Map RBAC roles to AccessLevel\n switch (role) {\n case 'event_admin':\n access_level = AccessLevel.ADMIN;\n roles = ['admin'];\n break;\n case 'planner':\n access_level = AccessLevel.PLANNER;\n roles = ['planner'];\n break;\n case 'participant':\n access_level = AccessLevel.PARTICIPANT;\n roles = ['participant'];\n break;\n case 'editor':\n access_level = AccessLevel.EDITOR;\n roles = ['editor'];\n break;\n case 'viewer':\n default:\n access_level = AccessLevel.VIEWER;\n roles = ['viewer'];\n break;\n }\n\n // For now, we'll set basic permissions based on role\n // In a full implementation, you'd want to fetch page-specific permissions\n const basePermissions = ['read'];\n if (['event_admin', 'planner'].includes(role)) {\n basePermissions.push('create', 'update');\n }\n if (role === 'event_admin') {\n basePermissions.push('delete');\n }\n\n // Set permissions for all pages (simplified approach)\n // In a real implementation, you'd want to get actual page permissions\n basePermissions.forEach(operation => {\n permissions[`default:${operation}`] = true;\n });\n }\n\n // Process organisation permissions\n const orgPerms = rbacData.filter((p: any) => p.permission_type === 'organisation_access');\n if (orgPerms.length > 0) {\n const role = orgPerms[0].role_name;\n if (role === 'org_admin') {\n access_level = AccessLevel.ADMIN;\n roles = ['admin'];\n // Org admins get all permissions\n ['create', 'read', 'update', 'delete'].forEach(operation => {\n permissions[`default:${operation}`] = true;\n });\n }\n }\n\n return { permissions, roles, access_level };\n};\n\nexport function RBACProvider({\n children,\n supabaseClient,\n user,\n session,\n appName,\n enableRBAC = false,\n persistState = true,\n enablePersistence,\n requireOrganisationContext: _requireOrganisationContext = true,\n}: RBACProviderProps) {\n // Use enablePersistence if provided, otherwise use persistState\n const shouldPersist = enablePersistence !== undefined ? enablePersistence : persistState;\n\n // RBAC state\n const [permissions, setPermissions] = useState<Record<string, boolean>>({});\n const [roles, setRoles] = useState<string[]>([]);\n const [accessLevel, setAccessLevel] = useState<AccessLevel>(AccessLevel.VIEWER);\n const [rbacLoading, setRbacLoading] = useState(false);\n const [rbacError, setRbacError] = useState<Error | null>(null);\n const [selectedEventId, setSelectedEventId] = useState<string | null>(null);\n const [appConfig, setAppConfig] = useState<AppConfig | null>(null);\n const [userEventAccess, setUserEventAccess] = useState<UserEventAccess[]>([]);\n const [eventAccessLoading, setEventAccessLoading] = useState(false);\n \n // Organisation context state\n const [selectedOrganisationId, _setSelectedOrganisationId] = useState<string | null>(null);\n\n // Load app configuration on mount and when appName changes\n useEffect(() => {\n if (!supabaseClient) return;\n\n const loadAppConfig = async () => {\n try {\n // Use the same app name resolution as PagePermissionGuard\n const { getCurrentAppName } = await import('../utils/appNameResolver');\n const resolvedAppName = getCurrentAppName() || appName;\n \n // First resolve app name to app_id\n const { data: appData, error: appError } = await supabaseClient\n .from('rbac_apps')\n .select('id')\n .eq('name', resolvedAppName)\n .eq('is_active', true)\n .single();\n\n if (appError || !appData) {\n console.warn('App not found or inactive:', resolvedAppName);\n setAppConfig({\n supports_direct_access: false,\n requires_event: true\n });\n return;\n }\n\n const response = await supabaseClient.rpc('get_app_config', {\n p_app_id: appData.id\n });\n \n const { data } = response || {};\n\n if (data && data.length > 0) {\n setAppConfig({\n supports_direct_access: data[0].supports_direct_access,\n requires_event: data[0].requires_event\n });\n } else {\n // Default configuration if app not found\n setAppConfig({\n supports_direct_access: false,\n requires_event: true\n });\n }\n } catch (error) {\n console.warn(\"Clearing corrupted localStorage data\");\n if (typeof localStorage !== 'undefined') {\n localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n }\n console.warn('Failed to load app configuration:', error);\n // Default configuration on error\n setAppConfig({\n supports_direct_access: false,\n requires_event: true\n });\n }\n };\n\n loadAppConfig();\n }, [supabaseClient, appName]);\n\n // Set super admin roles based on user metadata\n useEffect(() => {\n // Check if user has super admin role in metadata\n const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n if (isSuperAdmin) {\n setRoles(['super_admin']);\n } else {\n setRoles([]);\n }\n }, [user]);\n\n // Load persisted auth state on mount\n useEffect(() => {\n if (!shouldPersist) return;\n\n try {\n const persistedEvent = localStorage.getItem(STORAGE_KEYS.SELECTED_EVENT);\n if (persistedEvent) {\n setSelectedEventId(JSON.parse(persistedEvent));\n }\n } catch (error) {\n console.warn(\"Clearing corrupted localStorage data\");\n localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n }\n }, [shouldPersist]);\n\n // Persist auth state changes\n useEffect(() => {\n if (!shouldPersist) return;\n\n try {\n if (selectedEventId) {\n localStorage.setItem(\n STORAGE_KEYS.SELECTED_EVENT,\n JSON.stringify(selectedEventId),\n );\n } else {\n localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n }\n } catch (error) {\n console.warn(\"Clearing corrupted localStorage data\");\n localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n console.warn('Failed to persist auth state:', error);\n }\n }, [selectedEventId, shouldPersist]);\n\n // Load RBAC data when user is authenticated\n const refreshPermissions = useCallback(async (eventId?: string) => {\n if (!supabaseClient || !user || !appConfig || !session) {\n DebugLogger.log('RBACProvider', 'refreshPermissions: Missing required dependencies, clearing permissions');\n setPermissions({});\n setRoles([]);\n setAccessLevel(AccessLevel.VIEWER);\n return;\n }\n\n // Check for super admin first - admin override should happen regardless of app configuration\n const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n if (isSuperAdmin) {\n setPermissions({\n 'admin:create': true,\n 'admin:read': true,\n 'admin:update': true,\n 'admin:delete': true,\n 'users:create': true,\n 'users:read': true,\n 'users:update': true,\n 'users:delete': true,\n 'events:create': true,\n 'events:read': true,\n 'events:update': true,\n 'events:delete': true\n });\n setRoles(['super_admin']);\n setAccessLevel(AccessLevel.ADMIN);\n return;\n }\n\n // Determine if we should load permissions without an event\n const shouldLoadDirectPermissions = !eventId && !appConfig.requires_event;\n const shouldLoadEventPermissions = eventId;\n const shouldClearPermissions = !eventId && appConfig.requires_event;\n\n // If no eventId and app requires events, clear permissions\n if (shouldClearPermissions) {\n setPermissions({});\n setRoles([]);\n setAccessLevel(AccessLevel.VIEWER);\n return;\n }\n\n // Only proceed if we should load permissions\n if (!shouldLoadDirectPermissions && !shouldLoadEventPermissions) {\n return;\n }\n\n setRbacLoading(true);\n setRbacError(null);\n\n try {\n // Use the same app name resolution as PagePermissionGuard\n const { getCurrentAppName } = await import('../utils/appNameResolver');\n const resolvedAppName = getCurrentAppName() || appName;\n \n // First resolve app name to app_id\n const { data: appData, error: appError } = await supabaseClient\n .from('rbac_apps')\n .select('id')\n .eq('name', resolvedAppName)\n .eq('is_active', true)\n .single();\n\n if (appError || !appData) {\n console.warn('App not found or inactive:', resolvedAppName);\n setRbacLoading(false);\n return;\n }\n\n const { data, error } = await supabaseClient.rpc('get_rbac_permissions', {\n p_user_id: user.id,\n p_app_id: appData.id,\n p_event_id: eventId || null,\n p_organisation_id: selectedOrganisationId || null\n });\n\n if (error) {\n throw error;\n }\n\n const { permissions, roles, access_level } = transformRBACPermissions(data, appName);\n\n setPermissions(permissions);\n setRoles(roles);\n setAccessLevel(access_level);\n } catch (err: any) {\n setRbacError(err);\n } finally {\n setRbacLoading(false);\n }\n }, [supabaseClient, user, session, appName, appConfig, selectedOrganisationId]);\n\n // Load user event access data\n const loadUserEventAccess = useCallback(async () => {\n if (!supabaseClient || !user || !session) {\n DebugLogger.log('RBACProvider', 'loadUserEventAccess: Missing required dependencies, clearing event access');\n setUserEventAccess([]);\n return;\n }\n\n setEventAccessLoading(true);\n try {\n // Use the same app name resolution as PagePermissionGuard\n const { getCurrentAppName } = await import('../utils/appNameResolver');\n const resolvedAppName = getCurrentAppName() || appName;\n \n // First resolve app name to app_id\n const { data: appData, error: appError } = await supabaseClient\n .from('rbac_apps')\n .select('id')\n .eq('name', resolvedAppName)\n .eq('is_active', true)\n .single();\n\n if (appError || !appData) {\n console.warn('App not found or inactive:', resolvedAppName);\n setEventAccessLoading(false);\n return;\n }\n\n const { data, error } = await supabaseClient\n .from('rbac_event_app_roles')\n .select(`\n event_id,\n role,\n granted_at\n `)\n .eq('user_id', user.id)\n .eq('app_id', appData.id);\n\n if (error) {\n console.error('Failed to load user event access:', error);\n setUserEventAccess([]);\n return;\n }\n\n const eventAccess = data?.map(item => ({\n event_id: item.event_id,\n event_name: 'Unknown Event', // Event details not available in this query\n event_description: null, // Not available in this schema\n start_date: '', // Event date not available in this query\n end_date: '', // Event date not available in this query\n event_status: 'unknown', // Not available in this schema\n app_id: appData.id,\n access_level: item.role, // Map role to access_level\n granted_at: item.granted_at,\n organisation_id: '' // Will be populated from event's organisation_id if needed\n })) || [];\n\n setUserEventAccess(eventAccess);\n } catch (error) {\n console.warn(\"Clearing corrupted localStorage data\");\n localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n console.error('Error loading user event access:', error);\n setUserEventAccess([]);\n } finally {\n setEventAccessLoading(false);\n }\n }, [supabaseClient, user, session, appName]);\n\n // Helper function to get access for a specific event\n const getUserEventAccess = useCallback((eventId: string) => {\n return userEventAccess.find(access => access.event_id === eventId);\n }, [userEventAccess]);\n\n // When the selected event ID changes, user logs in, or app config loads, refresh permissions\n useEffect(() => {\n // Don't run if user is null (signed out) or no app config\n if (!user || !appConfig || !session) {\n DebugLogger.log('RBACProvider', 'Skipping permission refresh - no user, session, or app config');\n return;\n }\n\n // Check for super admin first - admin override should happen regardless of app configuration\n const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n if (isSuperAdmin) {\n setPermissions({\n 'admin:create': true,\n 'admin:read': true,\n 'admin:update': true,\n 'admin:delete': true,\n 'users:create': true,\n 'users:read': true,\n 'users:update': true,\n 'users:delete': true,\n 'events:create': true,\n 'events:read': true,\n 'events:update': true,\n 'events:delete': true\n });\n setRoles(['super_admin']);\n setAccessLevel(AccessLevel.ADMIN);\n return;\n }\n\n if (selectedEventId) {\n // Event-based permissions\n refreshPermissions(selectedEventId);\n } else if (!appConfig.requires_event) {\n // Direct app permissions (no event needed)\n refreshPermissions();\n } else {\n // No event and app requires events - clear permissions\n setPermissions({});\n setRoles([]);\n setAccessLevel(AccessLevel.VIEWER);\n }\n }, [selectedEventId, user, session, appConfig, refreshPermissions]);\n\n // Load user event access when user changes\n useEffect(() => {\n let isMounted = true;\n\n if (user && session) {\n DebugLogger.log('RBACProvider', 'Loading user event access for authenticated user');\n loadUserEventAccess().catch(error => {\n if (isMounted) {\n console.error('Error loading user event access:', error);\n }\n });\n } else {\n DebugLogger.log('RBACProvider', 'Clearing user event access - no user or session');\n if (isMounted) {\n setUserEventAccess([]);\n }\n }\n\n return () => {\n isMounted = false;\n };\n }, [user, session, loadUserEventAccess]);\n\n // Permission methods\n const hasPermission = useCallback((permission: string) => {\n const hasPerm = !!permissions[permission];\n return hasPerm;\n }, [permissions]);\n const hasAnyPermission = useCallback((perms: string[]) => perms.some(p => !!permissions[p]), [permissions]);\n const hasAllPermissions = useCallback((perms: string[]) => perms.every(p => !!permissions[p]), [permissions]);\n const hasRole = useCallback((role: string) => {\n const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n if (role.toLowerCase() === 'super_admin') {\n return isSuperAdmin;\n }\n return roles.includes(role);\n }, [roles, user]);\n const hasAccessLevel = useCallback((level: AccessLevel) => {\n const levels = Object.values(AccessLevel);\n return levels.indexOf(accessLevel) >= levels.indexOf(level);\n }, [accessLevel]);\n const canAccess = useCallback((resource: string, action: string) => {\n const permission = `${resource}:${action}`;\n const hasAccess = hasPermission(permission);\n return hasAccess;\n }, [hasPermission]);\n const validatePermission = useCallback(async (permission: string) => hasPermission(permission), [hasPermission]);\n const validateAccess = useCallback(async (resource: string, action: string) => {\n // Placeholder for more complex logic, e.g., re-validating with backend\n return Promise.resolve(canAccess(resource, action));\n }, [canAccess]);\n\n // Memoized context value\n const contextValue = useMemo<RBACContextType>(() => ({\n permissions,\n roles,\n accessLevel,\n rbacLoading,\n rbacError,\n selectedEventId,\n appConfig,\n userEventAccess,\n eventAccessLoading,\n\n // Organisation context\n selectedOrganisationId,\n requireOrganisationContext: () => {\n if (!selectedOrganisationId) {\n throw new Error('Organisation context is required but not available');\n }\n return selectedOrganisationId;\n },\n\n hasPermission,\n hasAnyPermission,\n hasAllPermissions,\n hasRole,\n hasAccessLevel,\n canAccess,\n validatePermission,\n validateAccess,\n refreshPermissions,\n setSelectedEventId,\n \n // New RBAC system support\n rbacEnabled: enableRBAC,\n rbacContext: undefined, // Will be populated by useRBAC hook when enabled\n \n loadUserEventAccess,\n getUserEventAccess\n }), [\n permissions, roles, accessLevel, rbacLoading, rbacError, selectedEventId, appConfig,\n userEventAccess, eventAccessLoading, selectedOrganisationId,\n hasPermission, hasAnyPermission, hasAllPermissions, hasRole, hasAccessLevel, canAccess,\n validatePermission, validateAccess, refreshPermissions, setSelectedEventId,\n enableRBAC, loadUserEventAccess, getUserEventAccess\n ]);\n\n return (\n <RBACContext.Provider value={contextValue}>\n {children}\n </RBACContext.Provider>\n );\n}\n","/**\n * @file Inactivity Tracker Hook\n * @package @jmruthers/pace-core\n * @module Hooks/useInactivityTracker\n * @since 0.1.0\n *\n * A custom hook that tracks user inactivity and provides cross-tab synchronization.\n * Monitors various user interactions and manages inactivity timers with persistence.\n *\n * Features:\n * - Cross-tab synchronization using BroadcastChannel and localStorage\n * - Monitors keyboard, mouse, touch, scroll, and focus events\n * - Throttled event handling for performance\n * - Persistence of last activity time across page reloads\n * - SSR-safe implementation with proper cleanup\n * - Configurable timeout and warning thresholds\n * - Production-safe with dev-only escape hatches\n *\n * @example\n * ```tsx\n * const {\n * isIdle,\n * timeRemaining,\n * showWarning,\n * resetActivity,\n * startTracking,\n * stopTracking\n * } = useInactivityTracker({\n * idleTimeoutMs: 30 * 60 * 1000, // 30 minutes\n * warnBeforeMs: 60 * 1000, // 1 minute\n * onIdle: () => console.log('User is idle'),\n * onWarning: () => console.log('Warning should show'),\n * onActivity: () => console.log('User is active')\n * });\n * ```\n *\n * @accessibility\n * - No direct accessibility concerns (utility hook)\n * - Enables accessible inactivity warnings\n * - Supports screen reader friendly countdowns\n * - Maintains focus management during warnings\n *\n * @performance\n * - Throttled event handling (100ms intervals)\n * - Efficient timer management with cleanup\n * - Minimal re-renders with stable references\n * - Memory leak prevention\n * - Cross-tab optimization\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - Browser APIs - BroadcastChannel, localStorage, timers\n */\n\nimport { useState, useEffect, useCallback, useRef } from 'react';\n\nexport interface UseInactivityTrackerOptions {\n /** Timeout in milliseconds before user is considered idle (default: 30 minutes) */\n idleTimeoutMs?: number;\n /** Time in milliseconds before idle timeout to show warning (default: 60 seconds) */\n warnBeforeMs?: number;\n /** Callback when user becomes idle */\n onIdle?: () => void;\n /** Callback when warning should be shown */\n onWarning?: () => void;\n /** Callback when user becomes active again */\n onActivity?: () => void;\n /** Whether tracking is enabled (default: true) */\n enabled?: boolean;\n /** Storage key for persistence (default: 'pace-core-inactivity') */\n storageKey?: string;\n /** Broadcast channel name for cross-tab sync (default: 'pace-core-inactivity') */\n channelName?: string;\n}\n\nexport interface UseInactivityTrackerReturn {\n /** Whether the user is currently idle */\n isIdle: boolean;\n /** Time remaining in milliseconds before idle timeout */\n timeRemaining: number;\n /** Whether warning should be shown */\n showWarning: boolean;\n /** Reset the activity timer */\n resetActivity: () => void;\n /** Start tracking inactivity */\n startTracking: () => void;\n /** Stop tracking inactivity */\n stopTracking: () => void;\n /** Whether tracking is currently active */\n isTracking: boolean;\n}\n\n// Events that indicate user activity\nconst ACTIVITY_EVENTS = [\n 'mousedown',\n 'mousemove',\n 'mouseup',\n 'click',\n 'scroll',\n 'wheel',\n 'touchstart',\n 'touchmove',\n 'touchend',\n 'keydown',\n 'keyup',\n 'keypress',\n 'focus',\n 'blur',\n 'visibilitychange'\n] as const;\n\n// Throttle function to limit event handler frequency\nfunction throttle<T extends (...args: any[]) => void>(\n func: T,\n limit: number\n): (...args: Parameters<T>) => void {\n let inThrottle: boolean;\n return function (this: any, ...args: Parameters<T>) {\n if (!inThrottle) {\n func.apply(this, args);\n inThrottle = true;\n setTimeout(() => (inThrottle = false), limit);\n }\n };\n}\n\nexport function useInactivityTracker({\n idleTimeoutMs = 30 * 60 * 1000, // 30 minutes\n warnBeforeMs = 60 * 1000, // 1 minute\n onIdle,\n onWarning,\n onActivity,\n enabled = true,\n storageKey = 'pace-core-inactivity',\n channelName = 'pace-core-inactivity'\n}: UseInactivityTrackerOptions = {}): UseInactivityTrackerReturn {\n const [isIdle, setIsIdle] = useState(false);\n const [timeRemaining, setTimeRemaining] = useState(idleTimeoutMs);\n const [showWarning, setShowWarning] = useState(false);\n const [isTracking, setIsTracking] = useState(false);\n\n // Reset tracking state when enabled changes\n useEffect(() => {\n if (!enabled) {\n setIsTracking(false);\n setIsIdle(false);\n setShowWarning(false);\n setTimeRemaining(idleTimeoutMs);\n }\n }, [enabled, idleTimeoutMs]);\n\n const timeoutRef = useRef<NodeJS.Timeout | null>(null);\n const warningTimeoutRef = useRef<NodeJS.Timeout | null>(null);\n const countdownIntervalRef = useRef<NodeJS.Timeout | null>(null);\n const lastActivityRef = useRef<number>(Date.now());\n const channelRef = useRef<BroadcastChannel | null>(null);\n\n // Clear all timers\n const clearTimers = useCallback(() => {\n if (timeoutRef.current) {\n clearTimeout(timeoutRef.current);\n timeoutRef.current = null;\n }\n if (warningTimeoutRef.current) {\n clearTimeout(warningTimeoutRef.current);\n warningTimeoutRef.current = null;\n }\n if (countdownIntervalRef.current) {\n clearInterval(countdownIntervalRef.current);\n countdownIntervalRef.current = null;\n }\n }, []);\n\n // Reset activity and restart timers\n const resetActivity = useCallback((skipActivityCallback = false) => {\n if (!enabled) return;\n\n const now = Date.now();\n lastActivityRef.current = now;\n\n // Clear existing timers\n clearTimers();\n\n // Reset state\n setIsIdle(false);\n setShowWarning(false);\n setTimeRemaining(idleTimeoutMs);\n\n // Notify activity callback (unless skipped for initial setup)\n if (!skipActivityCallback) {\n onActivity?.();\n }\n\n // Set up warning timer\n const warningTime = idleTimeoutMs - warnBeforeMs;\n if (warningTime > 0) {\n warningTimeoutRef.current = setTimeout(() => {\n setShowWarning(true);\n onWarning?.();\n }, warningTime);\n }\n\n // Set up idle timeout\n timeoutRef.current = setTimeout(() => {\n setIsIdle(true);\n onIdle?.();\n }, idleTimeoutMs);\n\n // Start countdown interval for time remaining\n countdownIntervalRef.current = setInterval(() => {\n const elapsed = Date.now() - lastActivityRef.current;\n const remaining = Math.max(0, idleTimeoutMs - elapsed);\n setTimeRemaining(remaining);\n\n if (remaining === 0) {\n clearTimers();\n }\n }, 1000);\n\n // Persist activity time\n try {\n localStorage.setItem(storageKey, now.toString());\n } catch (error) {\n console.warn('[useInactivityTracker] Failed to persist activity time:', error);\n }\n\n // Broadcast activity to other tabs\n try {\n if (channelRef.current) {\n channelRef.current.postMessage({ type: 'activity', timestamp: now });\n }\n } catch (error) {\n console.warn('[useInactivityTracker] Failed to broadcast activity:', error);\n }\n }, [enabled, idleTimeoutMs, warnBeforeMs, onIdle, onWarning, onActivity, storageKey, clearTimers]);\n\n // Start tracking\n const startTracking = useCallback(() => {\n if (!enabled) return;\n\n // Always reset state and start fresh\n setIsTracking(false);\n setIsIdle(false);\n setShowWarning(false);\n setTimeRemaining(idleTimeoutMs);\n \n // Clear any existing timers\n clearTimers();\n \n setIsTracking(true);\n\n // Set up cross-tab communication\n try {\n if (typeof BroadcastChannel !== 'undefined') {\n channelRef.current = new BroadcastChannel(channelName);\n channelRef.current.onmessage = (event) => {\n if (event.data.type === 'activity') {\n lastActivityRef.current = event.data.timestamp;\n resetActivity();\n }\n };\n }\n } catch (error) {\n console.warn('[useInactivityTracker] Failed to set up cross-tab communication:', error);\n }\n\n // Check for persisted activity time\n try {\n const persistedTime = localStorage.getItem(storageKey);\n if (persistedTime) {\n const persistedTimestamp = parseInt(persistedTime, 10);\n const elapsed = Date.now() - persistedTimestamp;\n \n if (elapsed < idleTimeoutMs) {\n // User was active recently, continue from where we left off\n lastActivityRef.current = persistedTimestamp;\n const remaining = idleTimeoutMs - elapsed;\n setTimeRemaining(remaining);\n \n if (remaining <= warnBeforeMs) {\n setShowWarning(true);\n onWarning?.();\n }\n \n if (remaining <= 0) {\n setIsIdle(true);\n onIdle?.();\n return;\n }\n }\n }\n } catch (error) {\n console.warn('[useInactivityTracker] Failed to check persisted activity time:', error);\n }\n\n // Set up throttled activity handler\n const throttledResetActivity = throttle((event) => {\n resetActivity();\n }, 100);\n\n // Add event listeners\n const addEventListeners = () => {\n ACTIVITY_EVENTS.forEach(event => {\n document.addEventListener(event, throttledResetActivity, { passive: true });\n });\n };\n\n // Remove event listeners\n const removeEventListeners = () => {\n ACTIVITY_EVENTS.forEach(event => {\n document.removeEventListener(event, throttledResetActivity);\n });\n };\n\n // Add listeners\n addEventListeners();\n\n // Start the timer (skip activity callback for initial setup)\n resetActivity(true);\n\n // Cleanup function\n return () => {\n removeEventListeners();\n clearTimers();\n if (channelRef.current) {\n channelRef.current.close();\n channelRef.current = null;\n }\n };\n }, [enabled, isTracking, channelName, storageKey, idleTimeoutMs, warnBeforeMs, onIdle, onWarning]);\n\n // Stop tracking\n const stopTracking = useCallback(() => {\n setIsTracking(false);\n clearTimers();\n \n if (channelRef.current) {\n channelRef.current.close();\n channelRef.current = null;\n }\n }, [clearTimers]);\n\n // Effect to start/stop tracking based on enabled state\n useEffect(() => {\n if (enabled) {\n const cleanup = startTracking();\n return cleanup;\n } else {\n stopTracking();\n }\n }, [enabled, idleTimeoutMs, warnBeforeMs]);\n\n // Cleanup on unmount\n useEffect(() => {\n return () => {\n clearTimers();\n if (channelRef.current) {\n channelRef.current.close();\n }\n };\n }, [clearTimers]);\n\n return {\n isIdle,\n timeRemaining,\n showWarning,\n resetActivity,\n startTracking,\n stopTracking,\n isTracking\n };\n}\n","/**\n * @file Inactivity Warning Modal\n * @package @jmruthers/pace-core\n * @module Components/InactivityWarningModal\n * @since 0.1.0\n *\n * A modal dialog that warns users about impending auto-logout due to inactivity.\n * Provides a countdown timer and action buttons to either stay signed in or sign out immediately.\n *\n * Features:\n * - Accessible modal dialog with focus management\n * - Live countdown timer with 1-second updates\n * - Clear action buttons (Stay Signed In / Sign Out Now)\n * - Keyboard navigation support (Escape to stay signed in)\n * - Cross-tab awareness and synchronization\n * - Tailwind v4 styling with pace-core theme tokens\n * - Production-safe with no arbitrary bracket classes\n *\n * @example\n * ```tsx\n * <InactivityWarningModal\n * isOpen={showWarning}\n * timeRemaining={45}\n * onStaySignedIn={() => setShowWarning(false)}\n * onSignOutNow={() => signOut()}\n * />\n * ```\n *\n * @accessibility\n * - WCAG 2.1 AA compliant\n * - Focus trap within modal content\n * - Screen reader announcements for countdown changes\n * - Keyboard navigation support\n * - Clear visual hierarchy and contrast\n * - Escape key to stay signed in (safe default)\n *\n * @performance\n * - Efficient countdown updates (1-second intervals)\n * - Minimal re-renders with stable references\n * - Memory leak prevention with cleanup\n * - Optimized timer management\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - Dialog components - Modal functionality\n * - Tailwind CSS v4 - Styling\n */\n\nimport React, { useEffect, useState, useCallback } from 'react';\nimport { Dialog, DialogContent, DialogHeader, DialogTitle, DialogDescription } from '../Dialog/Dialog';\nimport { Button } from '../Button/Button';\nimport { Clock, AlertTriangle } from 'lucide-react';\n\nexport interface InactivityWarningModalProps {\n /** Whether the modal is open */\n isOpen: boolean;\n /** Time remaining in seconds before auto-logout */\n timeRemaining: number;\n /** Callback when user chooses to stay signed in */\n onStaySignedIn: () => void;\n /** Callback when user chooses to sign out immediately */\n onSignOutNow: () => void;\n /** Optional custom title */\n title?: string;\n /** Optional custom description */\n description?: string;\n /** Optional custom className */\n className?: string;\n}\n\nexport function InactivityWarningModal({\n isOpen,\n timeRemaining,\n onStaySignedIn,\n onSignOutNow,\n title = \"Session Timeout Warning\",\n description = \"You've been inactive for a while. Your session will expire soon for security reasons.\",\n className\n}: InactivityWarningModalProps) {\n const [displayTime, setDisplayTime] = useState(timeRemaining);\n\n // Update display time when timeRemaining prop changes\n useEffect(() => {\n setDisplayTime(timeRemaining);\n }, [timeRemaining]);\n\n // Format time for display (MM:SS)\n const formatTime = useCallback((seconds: number) => {\n const mins = Math.floor(seconds / 60);\n const secs = seconds % 60;\n return `${mins.toString().padStart(2, '0')}:${secs.toString().padStart(2, '0')}`;\n }, []);\n\n\n\n\n return (\n <Dialog open={isOpen} onOpenChange={(open) => !open && onStaySignedIn()}>\n <DialogContent \n className={`sm:max-w-md ${className || ''}`}\n preventCloseOnEscape={false}\n preventCloseOnOutsideClick={true}\n data-testid=\"inactivity-warning-modal\"\n >\n <DialogHeader>\n <div className=\"flex items-center gap-3\">\n <div className=\"flex-shrink-0\">\n <AlertTriangle className=\"h-6 w-6 text-acc-600\" />\n </div>\n <div>\n <DialogTitle className=\"text-lg font-semibold text-main-900\">\n {title}\n </DialogTitle>\n </div>\n </div>\n <DialogDescription className=\"text-main-700 mt-2\">\n {description}\n </DialogDescription>\n </DialogHeader>\n\n <div className=\"space-y-6\">\n {/* Countdown Timer */}\n <div className=\"text-center\">\n <div className=\"inline-flex items-center gap-2 px-4 py-3 bg-acc-50 border border-acc-200 rounded-lg\">\n <Clock className=\"h-5 w-5 text-acc-600\" />\n <span className=\"text-2xl font-mono font-bold text-acc-700\">\n {formatTime(displayTime)}\n </span>\n </div>\n <p className=\"text-sm text-main-600 mt-2\">\n Time remaining before automatic logout\n </p>\n </div>\n\n {/* Action Buttons */}\n <div className=\"flex flex-col sm:flex-row gap-3\">\n <Button\n onClick={onStaySignedIn}\n className=\"flex-1 bg-main-600 hover:bg-main-700 text-main-50\"\n size=\"lg\"\n >\n Stay Signed In\n </Button>\n <Button\n onClick={onSignOutNow}\n variant=\"outline\"\n className=\"flex-1 border-acc-300 text-acc-700 hover:bg-acc-50\"\n size=\"lg\"\n >\n Sign Out Now\n </Button>\n </div>\n\n {/* Additional Info */}\n <div className=\"text-xs text-main-500 text-center\">\n <p>\n For security reasons, you'll be automatically signed out after 30 minutes of inactivity.\n </p>\n </div>\n </div>\n </DialogContent>\n </Dialog>\n );\n}\n","/**\n * @file Inactivity Provider\n * @package @jmruthers/pace-core\n * @module Providers/Inactivity\n * @since 0.1.0\n *\n * Handles inactivity tracking, auto-logout, and warning modals.\n * Separated from UnifiedAuthProvider for better maintainability.\n */\n\nimport React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';\nimport { useInactivityTracker } from '../hooks/useInactivityTracker';\nimport { InactivityWarningModal } from '../components/InactivityWarningModal/InactivityWarningModal';\n\n// Inactivity context type\nexport interface InactivityContextType {\n // Inactivity state\n showInactivityWarning: boolean;\n inactivityTimeRemaining: number;\n isIdle: boolean;\n timeRemaining: number;\n showWarning: boolean;\n isTracking: boolean;\n \n // Inactivity methods\n resetActivity: () => void;\n startTracking: () => void;\n stopTracking: () => void;\n handleIdleLogout: () => Promise<void>;\n handleStaySignedIn: () => void;\n handleSignOutNow: () => Promise<void>;\n}\n\nconst InactivityContext = createContext<InactivityContextType | undefined>(undefined);\n\nexport const useInactivity = () => {\n const context = useContext(InactivityContext);\n if (!context) {\n throw new Error('useInactivity must be used within an InactivityProvider');\n }\n return context;\n};\n\nexport interface InactivityProviderProps {\n children: React.ReactNode;\n user: any; // User from auth context\n session: any; // Session from auth context\n supabaseClient: any; // Supabase client\n idleTimeoutMs?: number; // Default: 30 minutes\n warnBeforeMs?: number; // Default: 60 seconds\n onIdleLogout?: (reason: 'inactivity') => void; // App handles redirect/navigation\n renderInactivityWarning?: (args: {\n timeRemaining: number;\n onStaySignedIn: () => void;\n onSignOutNow: () => void;\n }) => React.ReactNode; // Optional custom warning UI\n dangerouslyDisableInactivity?: boolean; // Dev-only; must not disable in production\n}\n\nexport function InactivityProvider({\n children,\n user,\n session,\n supabaseClient,\n idleTimeoutMs = 30 * 60 * 1000, // 30 minutes\n warnBeforeMs = 60 * 1000, // 60 seconds\n onIdleLogout,\n renderInactivityWarning,\n dangerouslyDisableInactivity = false\n}: InactivityProviderProps) {\n // Inactivity state\n const [showInactivityWarning, setShowInactivityWarning] = useState(false);\n const [inactivityTimeRemaining, setInactivityTimeRemaining] = useState(0);\n\n // Production safety check for inactivity feature\n useEffect(() => {\n if (typeof window !== 'undefined') {\n const isProduction = process.env.NODE_ENV === 'production';\n \n if (isProduction && dangerouslyDisableInactivity) {\n console.error('[InactivityProvider] CRITICAL: dangerouslyDisableInactivity is not allowed in production! Auto-enabling inactivity feature.');\n }\n \n if (!isProduction && dangerouslyDisableInactivity) {\n console.warn('[InactivityProvider] Inactivity feature disabled for development. This will NOT work in production.');\n }\n }\n }, [dangerouslyDisableInactivity]);\n\n // Inactivity tracking\n const isInactivityEnabled = typeof window !== 'undefined' && \n (process.env.NODE_ENV !== 'production' ? !dangerouslyDisableInactivity : true);\n\n const {\n isIdle,\n timeRemaining,\n showWarning,\n resetActivity,\n startTracking,\n stopTracking,\n isTracking\n } = useInactivityTracker({\n idleTimeoutMs,\n warnBeforeMs,\n enabled: isInactivityEnabled && !!user && !!session,\n onIdle: useCallback(() => {\n // Handle idle logout inline to avoid circular dependency\n setShowInactivityWarning(false);\n setInactivityTimeRemaining(0);\n \n // Sign out via Supabase\n if (supabaseClient) {\n supabaseClient.auth.signOut().catch((error: any) => {\n console.error('[InactivityProvider] Error during idle logout:', error);\n });\n }\n \n // Call app callback for navigation/redirect\n onIdleLogout?.('inactivity');\n }, [supabaseClient, onIdleLogout]),\n onWarning: useCallback(() => {\n setShowInactivityWarning(true);\n setInactivityTimeRemaining(warnBeforeMs);\n }, [warnBeforeMs]),\n onActivity: useCallback(() => {\n setShowInactivityWarning(false);\n setInactivityTimeRemaining(0);\n }, [])\n });\n\n // Handle idle logout (for manual calls)\n const handleIdleLogout = useCallback(async () => {\n // Hide warning\n setShowInactivityWarning(false);\n setInactivityTimeRemaining(0);\n \n // Stop tracking\n stopTracking();\n \n // Sign out via Supabase\n try {\n if (supabaseClient) {\n await supabaseClient.auth.signOut();\n }\n } catch (error: any) {\n console.error('[InactivityProvider] Error during idle logout:', error);\n }\n \n // Call app callback for navigation/redirect\n onIdleLogout?.('inactivity');\n }, [supabaseClient, onIdleLogout, stopTracking]);\n\n // Handle stay signed in\n const handleStaySignedIn = useCallback(() => {\n setShowInactivityWarning(false);\n setInactivityTimeRemaining(0);\n resetActivity();\n }, [resetActivity]);\n\n // Handle sign out now\n const handleSignOutNow = useCallback(async () => {\n setShowInactivityWarning(false);\n setInactivityTimeRemaining(0);\n stopTracking();\n \n // Sign out via Supabase\n try {\n if (supabaseClient) {\n await supabaseClient.auth.signOut();\n }\n } catch (error: any) {\n console.error('[InactivityProvider] Error during manual sign out:', error);\n }\n \n // Call app callback for navigation/redirect\n onIdleLogout?.('inactivity');\n }, [supabaseClient, onIdleLogout, stopTracking]);\n\n // Update inactivity time remaining\n useEffect(() => {\n if (showWarning && timeRemaining > 0) {\n setInactivityTimeRemaining(Math.ceil(timeRemaining / 1000)); // Convert to seconds\n }\n }, [showWarning, timeRemaining]);\n\n // Memoized context value\n const contextValue = useMemo<InactivityContextType>(() => ({\n showInactivityWarning,\n inactivityTimeRemaining,\n isIdle,\n timeRemaining,\n showWarning,\n isTracking,\n resetActivity,\n startTracking,\n stopTracking,\n handleIdleLogout,\n handleStaySignedIn,\n handleSignOutNow,\n }), [\n showInactivityWarning,\n inactivityTimeRemaining,\n isIdle,\n timeRemaining,\n showWarning,\n isTracking,\n resetActivity,\n startTracking,\n stopTracking,\n handleIdleLogout,\n handleStaySignedIn,\n handleSignOutNow,\n ]);\n\n return (\n <InactivityContext.Provider value={contextValue}>\n {children}\n \n {/* Inactivity Warning Modal */}\n {showInactivityWarning && (\n renderInactivityWarning ? (\n renderInactivityWarning({\n timeRemaining: inactivityTimeRemaining,\n onStaySignedIn: handleStaySignedIn,\n onSignOutNow: handleSignOutNow\n })\n ) : (\n <InactivityWarningModal\n isOpen={showInactivityWarning}\n timeRemaining={inactivityTimeRemaining}\n onStaySignedIn={handleStaySignedIn}\n onSignOutNow={handleSignOutNow}\n />\n )\n )}\n </InactivityContext.Provider>\n );\n}\n","/**\n * @file Unified Authentication Provider\n * @package @jmruthers/pace-core\n * @module Providers/UnifiedAuth\n * @since 0.1.0\n *\n * A comprehensive authentication and RBAC provider that combines user authentication,\n * role-based access control, and permission management in a single unified context.\n * \n * This provider now uses composition of smaller, focused providers for better maintainability:\n * - AuthProvider: Handles authentication and session management\n * - RBACProvider: Handles role-based access control and permissions\n * - InactivityProvider: Handles inactivity tracking and auto-logout\n *\n * Features:\n * - Supabase authentication integration\n * - Role-based access control (RBAC)\n * - Permission management with database integration\n * - Access level hierarchy (VIEWER, PARTICIPANT, EDITOR, PLANNER, ADMIN, SUPER)\n * - Event-specific permissions\n * - Cross-device state persistence\n * - Loading state management\n * - Error handling and recovery\n * - Session management\n * - Admin role detection via user metadata\n * - Permission validation and caching\n * - Event selection and context switching\n * - Inactivity tracking and auto-logout\n *\n * @example\n * ```tsx\n * // Basic setup with Supabase\n * import { createClient } from '@supabase/supabase-js';\n * import { UnifiedAuthProvider } from '@jmruthers/pace-core';\n * \n * const supabase = createClient(url, key);\n * \n * function App() {\n * return (\n * <UnifiedAuthProvider supabaseClient={supabase} appName=\"My App\">\n * <Router>\n * <Routes>\n * <Route path=\"/login\" element={<LoginPage />} />\n * <Route path=\"/\" element={<Dashboard />} />\n * </Routes>\n * </Router>\n * </UnifiedAuthProvider>\n * );\n * }\n * \n * // Using authentication in components\n * function Dashboard() {\n * const { user, isAuthenticated, signOut } = useUnifiedAuth();\n * \n * if (!isAuthenticated) {\n * return <Navigate to=\"/login\" />;\n * }\n * \n * return (\n * <div>\n * <h1>Welcome, {user?.email}</h1>\n * <button onClick={signOut}>Sign Out</button>\n * </div>\n * );\n * }\n * \n * // Using RBAC permissions\n * function EventManager() {\n * const { \n * hasPermission, \n * hasRole, \n * hasAccessLevel, \n * setSelectedEventId \n * } = useUnifiedAuth();\n * \n * // Set event context for permissions\n * useEffect(() => {\n * setSelectedEventId('event-123');\n * }, []);\n * \n * return (\n * <div>\n * {hasPermission('events:read') && (\n * <EventList />\n * )}\n * {hasPermission('events:write') && (\n * <CreateEventButton />\n * )}\n * {hasRole('admin') && (\n * <AdminPanel />\n * )}\n * {hasAccessLevel(AccessLevel.PLANNER) && (\n * <EventPlanningTools />\n * )}\n * </div>\n * );\n * }\n * \n * // Advanced permission validation\n * function SecureComponent() {\n * const { validatePermission, canAccess } = useUnifiedAuth();\n * \n * const handleSensitiveAction = async () => {\n * const canPerform = await validatePermission('admin:system');\n * if (canPerform) {\n * // Perform action\n * }\n * };\n * \n * const canEditUsers = canAccess('users', 'write');\n * \n * return (\n * <div>\n * {canEditUsers && <UserEditor />}\n * <button onClick={handleSensitiveAction}>\n * Sensitive Action\n * </button>\n * </div>\n * );\n * }\n * ```\n *\n * @accessibility\n * - No direct accessibility concerns (context provider)\n * - Enables accessible permission-based UI rendering\n * - Supports screen reader friendly conditional content\n * - Maintains focus management during auth state changes\n *\n * @security\n * - Secure authentication via Supabase\n * - Permission-based access control\n * - Event-specific permission isolation\n * - Admin role validation via user metadata\n * - Session management and validation\n * - Error handling without exposure of sensitive data\n * - Database-backed permission validation\n *\n * @performance\n * - Optimized with useMemo and useCallback\n * - Permission caching and batching\n * - Minimal re-renders with stable references\n * - Lazy loading of permissions\n * - Event-based permission updates\n * - Composed providers for better code splitting\n *\n * @dependencies\n * - React 18+ - Context, hooks, and effects\n * - @supabase/supabase-js - Authentication backend\n * - AccessLevel enum - Permission levels\n * - Event types - Event context\n * - Local storage - State persistence\n * - AuthProvider - Authentication logic\n * - RBACProvider - RBAC logic\n * - InactivityProvider - Inactivity tracking\n */\n\nimport React, { createContext, useContext, useMemo } from 'react';\nimport { type SupabaseClient, type User, type Session, AuthError } from '@supabase/supabase-js';\nimport { AccessLevel } from '../types/unified';\nimport { AuthProvider, useAuth, type AuthContextType } from './AuthProvider';\nimport { RBACProvider, useRBAC, type RBACContextType, type UserEventAccess } from './RBACProvider';\nimport { InactivityProvider, useInactivity, type InactivityContextType } from './InactivityProvider';\n\n\n// Combined context type - now organisation-aware and secure\nexport interface UnifiedAuthContextType extends AuthContextType, RBACContextType, InactivityContextType {\n // Additional unified properties\n appName: string;\n \n // Combined states\n isLoading: boolean;\n hasErrors: boolean;\n}\n\nconst UnifiedAuthContext = createContext<UnifiedAuthContextType | undefined>(undefined);\n\nexport const useUnifiedAuth = () => {\n const context = useContext(UnifiedAuthContext);\n if (!context) {\n throw new Error('useUnifiedAuth must be used within a UnifiedAuthProvider');\n }\n return context;\n};\n\nexport interface UnifiedAuthProviderProps {\n children: React.ReactNode;\n supabaseClient?: SupabaseClient;\n appName: string;\n persistState?: boolean;\n enablePersistence?: boolean;\n requireOrganisationContext?: boolean; // Default: true for security\n enableRBAC?: boolean; // New prop for RBAC support\n \n // Inactivity auto-logout configuration\n idleTimeoutMs?: number; // Default: 30 minutes\n warnBeforeMs?: number; // Default: 60 seconds\n onIdleLogout?: (reason: 'inactivity') => void; // App handles redirect/navigation\n renderInactivityWarning?: (args: {\n timeRemaining: number;\n onStaySignedIn: () => void;\n onSignOutNow: () => void;\n }) => React.ReactNode; // Optional custom warning UI\n dangerouslyDisableInactivity?: boolean; // Dev-only; must not disable in production\n}\n\n// Re-export types for backward compatibility\nexport type { UserEventAccess } from './RBACProvider';\n\n// Internal component that combines all contexts\nfunction UnifiedAuthContextProvider({ \n children, \n appName,\n ...props \n}: UnifiedAuthProviderProps) {\n const auth = useAuth();\n const rbac = useRBAC();\n const inactivity = useInactivity();\n\n // Memoized combined context value\n const contextValue = useMemo<UnifiedAuthContextType>(() => ({\n ...auth,\n ...rbac,\n ...inactivity,\n appName,\n isLoading: auth.authLoading || rbac.rbacLoading,\n hasErrors: !!auth.authError || !!rbac.rbacError,\n }), [auth, rbac, inactivity, appName]);\n\n return (\n <UnifiedAuthContext.Provider value={contextValue}>\n {children}\n </UnifiedAuthContext.Provider>\n );\n}\n\n// Internal component that provides user/session to child providers\nfunction AuthAwareProviders({ \n children, \n supabaseClient,\n appName,\n persistState,\n enablePersistence,\n requireOrganisationContext,\n enableRBAC,\n idleTimeoutMs,\n warnBeforeMs,\n onIdleLogout,\n renderInactivityWarning,\n dangerouslyDisableInactivity\n}: UnifiedAuthProviderProps) {\n const auth = useAuth();\n\n return (\n <RBACProvider\n supabaseClient={supabaseClient}\n user={auth.user}\n session={auth.session}\n appName={appName}\n enableRBAC={enableRBAC}\n persistState={persistState}\n enablePersistence={enablePersistence}\n requireOrganisationContext={requireOrganisationContext}\n >\n <InactivityProvider\n user={auth.user}\n session={auth.session}\n supabaseClient={supabaseClient}\n idleTimeoutMs={idleTimeoutMs}\n warnBeforeMs={warnBeforeMs}\n onIdleLogout={onIdleLogout}\n renderInactivityWarning={renderInactivityWarning}\n dangerouslyDisableInactivity={dangerouslyDisableInactivity}\n >\n <UnifiedAuthContextProvider\n appName={appName}\n supabaseClient={supabaseClient}\n persistState={persistState}\n enablePersistence={enablePersistence}\n requireOrganisationContext={requireOrganisationContext}\n enableRBAC={enableRBAC}\n idleTimeoutMs={idleTimeoutMs}\n warnBeforeMs={warnBeforeMs}\n onIdleLogout={onIdleLogout}\n renderInactivityWarning={renderInactivityWarning}\n dangerouslyDisableInactivity={dangerouslyDisableInactivity}\n >\n {children}\n </UnifiedAuthContextProvider>\n </InactivityProvider>\n </RBACProvider>\n );\n}\n\nexport function UnifiedAuthProvider({\n children,\n supabaseClient,\n appName,\n persistState = true,\n enablePersistence,\n requireOrganisationContext = true,\n enableRBAC = false,\n idleTimeoutMs = 30 * 60 * 1000, // 30 minutes\n warnBeforeMs = 60 * 1000, // 60 seconds\n onIdleLogout,\n renderInactivityWarning,\n dangerouslyDisableInactivity = false\n}: UnifiedAuthProviderProps) {\n return (\n <AuthProvider supabaseClient={supabaseClient}>\n <AuthAwareProviders\n supabaseClient={supabaseClient}\n appName={appName}\n persistState={persistState}\n enablePersistence={enablePersistence}\n requireOrganisationContext={requireOrganisationContext}\n enableRBAC={enableRBAC}\n idleTimeoutMs={idleTimeoutMs}\n warnBeforeMs={warnBeforeMs}\n onIdleLogout={onIdleLogout}\n renderInactivityWarning={renderInactivityWarning}\n dangerouslyDisableInactivity={dangerouslyDisableInactivity}\n >\n {children}\n </AuthAwareProviders>\n </AuthProvider>\n );\n} ","/**\n * @file Organisation Provider\n * @package @jmruthers/pace-core\n * @module Providers/Organisation\n * @since 0.4.0\n *\n * Security-first organisation provider that enforces mandatory organisation context.\n * No data operations can proceed without valid organisation context.\n * \n * Features:\n * - Mandatory organisation selection for all operations\n * - User organisation membership validation\n * - Role-based access within organisations\n * - Secure organisation switching\n * - Hierarchy support for parent/child organisations\n * - Error handling for security violations\n * - Persistent organisation selection\n *\n * @example\n * ```tsx\n * // Basic setup - organisation context is mandatory\n * import { UnifiedAuthProvider, OrganisationProvider } from '@jmruthers/pace-core';\n * \n * function App() {\n * return (\n * <UnifiedAuthProvider supabaseClient={supabase} appName=\"MY_APP\">\n * <OrganisationProvider>\n * <YourAppContent />\n * </OrganisationProvider>\n * </UnifiedAuthProvider>\n * );\n * }\n * \n * // Using in components\n * function MyComponent() {\n * const { \n * selectedOrganisation, \n * getUserRole, \n * switchOrganisation \n * } = useOrganisations();\n * \n * // selectedOrganisation is guaranteed to be non-null when this renders\n * return (\n * <div>\n * <h1>{selectedOrganisation.display_name}</h1>\n * <p>Your role: {getUserRole()}</p>\n * </div>\n * );\n * }\n * ```\n *\n * @security\n * - All data access requires valid organisation context\n * - User membership validation on organisation load\n * - Role-based access control within organisations\n * - Secure organisation switching with validation\n * - Error states for security violations\n * - No fallback to default organisation - explicit selection required\n *\n * @dependencies\n * - React 18+ - Context, hooks, and effects\n * - UnifiedAuthProvider - Authentication context\n * - Supabase - Database operations\n * - Organisation types - Type definitions\n */\n\nimport React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';\nimport { useNavigate } from 'react-router-dom';\nimport { useUnifiedAuth } from './UnifiedAuthProvider';\nimport { setOrganisationContext } from '../utils/organisationContext';\nimport { DebugLogger } from '../utils/debugLogger';\nimport type {\n Organisation,\n OrganisationMembership,\n OrganisationContextType,\n OrganisationProviderProps,\n OrganisationSecurityError,\n OrganisationHierarchy\n} from '../types/organisation';\n\n// Create the context\nconst OrganisationContext = createContext<OrganisationContextType | undefined>(undefined);\n\n// Storage keys for persistence\nconst STORAGE_KEYS = {\n SELECTED_ORGANISATION: 'pace-core-selected-organisation',\n ORGANISATION_CONTEXT: 'pace-core-organisation-context',\n} as const;\n\n/**\n * Organisation Provider component that enforces mandatory organisation context\n * \n * This provider:\n * - Loads user's organisation memberships on authentication\n * - Validates user has at least one active organisation\n * - Auto-selects primary organisation or first available\n * - Provides security helpers for organisation validation\n * - Handles organisation switching with validation\n * - Persists organisation selection across sessions\n * \n * SECURITY: No children are rendered without valid organisation context\n */\nexport function OrganisationProvider({ children }: OrganisationProviderProps) {\n const [selectedOrganisation, setSelectedOrganisation] = useState<Organisation | null>(null);\n const [organisations, setOrganisations] = useState<Organisation[]>([]);\n const [userMemberships, setUserMemberships] = useState<OrganisationMembership[]>([]);\n const [roleMapState, setRoleMapState] = useState<Map<string, string>>(new Map());\n const [isLoading, setIsLoading] = useState(true);\n const [error, setError] = useState<Error | null>(null);\n const [isContextReady, setIsContextReady] = useState(false);\n \n const { user, session, supabase, signOut } = useUnifiedAuth();\n \n // Use navigate hook conditionally to avoid test failures\n let navigate: any = null;\n try {\n navigate = useNavigate();\n } catch (error) {\n // In test environment or when no router context, navigate will be null\n navigate = null;\n }\n\n // Set organisation context in database session\n const setDatabaseOrganisationContext = useCallback(async (organisation: Organisation): Promise<void> => {\n if (!supabase || !session) {\n console.warn('[OrganisationProvider] No Supabase client or session available for setting organisation context');\n setIsContextReady(false);\n return;\n }\n\n try {\n await setOrganisationContext(supabase, organisation.id);\n DebugLogger.log('OrganisationProvider', 'Database organisation context set to:', organisation.display_name);\n setIsContextReady(true);\n } catch (error) {\n console.error('[OrganisationProvider] Failed to set database organisation context:', error);\n setIsContextReady(false);\n // Don't throw - this is a non-critical operation\n }\n }, [supabase, session]);\n\n // CRITICAL: Set database organisation context when organisation changes\n useEffect(() => {\n if (selectedOrganisation && supabase && session) {\n // Reset context ready state when organisation changes\n setIsContextReady(false);\n \n // Use an async IIFE to properly handle the async operation\n (async () => {\n await setDatabaseOrganisationContext(selectedOrganisation);\n })();\n } else {\n setIsContextReady(false);\n }\n }, [selectedOrganisation, setDatabaseOrganisationContext, supabase, session]);\n\n // CRITICAL: Load user organisations and validate access\n const loadUserOrganisations = useCallback(async () => {\n if (!user || !session || !supabase) {\n // Clear state when no user, session, or supabase client\n DebugLogger.log('OrganisationProvider', 'Clearing organisation state - no user, session, or supabase client');\n setSelectedOrganisation(null);\n setOrganisations([]);\n setUserMemberships([]);\n setIsLoading(false);\n setError(null);\n return;\n }\n setIsLoading(true);\n setError(null);\n \n try {\n DebugLogger.log(\"OrganisationProvider\", \"Loading organisations for user:\", user.id);\n \n // Get user's organisation memberships from consolidated rbac_organisation_roles table\n // Only get actual members (org_admin, leader, member) - exclude supporters\n let memberships, membershipError;\n try {\n const result = await supabase\n .from('rbac_organisation_roles')\n .select(`\n id,\n user_id,\n organisation_id,\n role,\n status,\n granted_at,\n granted_by,\n revoked_at,\n revoked_by,\n notes,\n created_at,\n updated_at\n `)\n .eq('user_id', user.id)\n .eq('status', 'active')\n .is('revoked_at', null)\n .in('role', ['org_admin', 'leader', 'member']); // Only actual members, not supporters\n \n memberships = result.data;\n membershipError = result.error;\n } catch (queryError: any) {\n membershipError = queryError;\n }\n\n if (membershipError) {\n console.error(\"[OrganisationProvider] Error loading memberships:\", membershipError);\n throw membershipError;\n }\n \n DebugLogger.log(\"OrganisationProvider\", \"Raw memberships data:\", memberships);\n \n if (!memberships || memberships.length === 0) {\n throw new Error('User has no active organisation memberships') as OrganisationSecurityError;\n }\n\n // Get organisation details for the memberships\n const organisationIds = memberships.map((m: any) => m.organisation_id);\n const { data: organisations, error: orgError } = await supabase\n .from('organisations')\n .select('id, name, display_name, subscription_tier, settings, is_active, parent_id, created_at, updated_at')\n .in('id', organisationIds);\n\n if (orgError) {\n console.error(\"[OrganisationProvider] Error loading organisations:\", orgError);\n throw orgError;\n }\n\n // Create a map of organisation_id to role from the memberships data\n // Since we're now getting roles directly from the consolidated table\n const roleMap = new Map<string, string>();\n memberships?.forEach((membership: any) => {\n roleMap.set(membership.organisation_id, membership.role);\n });\n\n // Extract organisations and memberships\n const orgs = organisations as Organisation[];\n const activeOrgs = orgs.filter(org => org.is_active);\n \n if (activeOrgs.length === 0) {\n throw new Error('User has no access to active organisations') as OrganisationSecurityError;\n }\n\n DebugLogger.log(\"OrganisationProvider\", \"Active organisations:\", activeOrgs);\n \n setOrganisations(activeOrgs);\n setUserMemberships(memberships as OrganisationMembership[]);\n \n // Store role map in component state for later use\n setRoleMapState(roleMap);\n \n // Auto-select organisation: try persisted, then primary, then first\n let initialOrg: Organisation | null = null;\n \n // 1. Try to restore from localStorage\n try {\n const persistedOrgString = localStorage.getItem(STORAGE_KEYS.SELECTED_ORGANISATION);\n if (persistedOrgString) {\n const persistedOrg = JSON.parse(persistedOrgString) as Organisation;\n const validPersistedOrg = activeOrgs.find(org => org.id === persistedOrg.id);\n if (validPersistedOrg) {\n initialOrg = validPersistedOrg;\n DebugLogger.log(\"OrganisationProvider\", \"Restored persisted organisation:\", initialOrg.display_name);\n }\n }\n } catch (storageError) {\n console.warn(\"[OrganisationProvider] Failed to restore persisted organisation:\", storageError);\n }\n \n // 2. Fall back to org_admin role organisation (highest privilege)\n if (!initialOrg) {\n const adminMembership = memberships.find((m: any) => m.role === 'org_admin');\n if (adminMembership) {\n const foundOrg = organisations.find((org: any) => org.id === adminMembership.organisation_id);\n if (foundOrg) {\n initialOrg = foundOrg;\n DebugLogger.log(\"OrganisationProvider\", \"Selected org_admin organisation:\", initialOrg.display_name);\n }\n }\n }\n \n // 3. Fall back to first organisation\n if (!initialOrg) {\n initialOrg = activeOrgs[0];\n DebugLogger.log(\"OrganisationProvider\", \"Selected first organisation:\", initialOrg.display_name);\n }\n \n if (!initialOrg) {\n throw new Error('No valid organisation found for user') as OrganisationSecurityError;\n }\n\n setSelectedOrganisation(initialOrg);\n \n // Persist selection\n localStorage.setItem(STORAGE_KEYS.SELECTED_ORGANISATION, JSON.stringify(initialOrg));\n \n DebugLogger.log(\"OrganisationProvider\", \"Organisation context established:\", {\n selectedOrganisation: initialOrg.display_name,\n totalOrganisations: activeOrgs.length,\n userRole: roleMap.get(initialOrg.id)\n });\n \n } catch (err) {\n console.error(\"[OrganisationProvider] Failed to load organisations:\", err);\n setError(err as Error);\n // SECURITY: Clear all state on error\n setSelectedOrganisation(null);\n setOrganisations([]);\n setUserMemberships([]);\n localStorage.removeItem(STORAGE_KEYS.SELECTED_ORGANISATION);\n } finally {\n setIsLoading(false);\n }\n }, [user, session, supabase]);\n\n // Load organisations when dependencies change\n useEffect(() => {\n loadUserOrganisations();\n }, [loadUserOrganisations]);\n\n // Handle logout and redirect to login\n const handleLogoutAndRedirect = useCallback(async () => {\n try {\n await signOut();\n if (navigate) {\n navigate('/login', { replace: true });\n } else {\n // Fallback to window.location if navigate is not available\n window.location.href = '/login';\n }\n } catch (error) {\n console.error('[OrganisationProvider] Error during logout:', error);\n // Even if logout fails, redirect to login\n if (navigate) {\n navigate('/login', { replace: true });\n } else {\n // Fallback to window.location if navigate is not available\n window.location.href = '/login';\n }\n }\n }, [signOut, navigate]);\n\n // Security validation helper\n const ensureOrganisationContext = useCallback((): Organisation => {\n if (!selectedOrganisation) {\n throw new Error('Organisation context is required but not available') as OrganisationSecurityError;\n }\n return selectedOrganisation;\n }, [selectedOrganisation]);\n\n // Get user's role in specified organisation (defaults to current)\n const getUserRole = useCallback((orgId?: string): string => {\n const targetOrgId = orgId || selectedOrganisation?.id;\n if (!targetOrgId) return 'no_access';\n \n // Use roleMapState to get the role for this organisation\n return roleMapState.get(targetOrgId) || 'no_access';\n }, [roleMapState, selectedOrganisation]);\n\n // Validate user has access to organisation\n const validateOrganisationAccess = useCallback((orgId: string): boolean => {\n return userMemberships.some((m: any) => \n m.organisation_id === orgId && \n m.status === 'active' &&\n m.revoked_at === null\n );\n }, [userMemberships]);\n\n // Secure organisation switching\n const switchOrganisation = useCallback(async (orgId: string): Promise<void> => {\n DebugLogger.log(\"OrganisationProvider\", \"Switching to organisation:\", orgId);\n \n // Validate access\n if (!validateOrganisationAccess(orgId)) {\n throw new Error(`User does not have access to organisation ${orgId}`) as OrganisationSecurityError;\n }\n \n const targetOrg = organisations.find(org => org.id === orgId);\n if (!targetOrg) {\n throw new Error(`Organisation ${orgId} not found in user's organisations`) as OrganisationSecurityError;\n }\n \n setSelectedOrganisation(targetOrg);\n \n // Persist selection\n localStorage.setItem(STORAGE_KEYS.SELECTED_ORGANISATION, JSON.stringify(targetOrg));\n \n // Set database organisation context\n await setDatabaseOrganisationContext(targetOrg);\n \n DebugLogger.log(\"OrganisationProvider\", \"Switched to organisation:\", targetOrg.display_name);\n }, [organisations, validateOrganisationAccess, setDatabaseOrganisationContext]);\n\n // Refresh organisations data\n const refreshOrganisations = useCallback(async (): Promise<void> => {\n if (!user || !session || !supabase) return;\n \n // Force reload by triggering the effect\n setIsLoading(true);\n // The useEffect will handle the actual reload\n }, [user, session, supabase]);\n\n // Get primary organisation (highest privilege role)\n const getPrimaryOrganisation = useCallback((): Organisation | null => {\n // Look for org_admin role first, then leader, then member\n const rolePriority = ['org_admin', 'leader', 'member'];\n \n for (const role of rolePriority) {\n const membership = userMemberships.find((m: any) => m.role === role);\n if (membership) {\n return organisations.find((org: any) => org.id === membership.organisation_id) || null;\n }\n }\n \n return null;\n }, [userMemberships, organisations]);\n\n // Security status\n const isOrganisationSecure = useCallback((): boolean => {\n return !!(selectedOrganisation && user);\n }, [selectedOrganisation, user]);\n\n // Build organisation hierarchy (for future use)\n const buildOrganisationHierarchy = useCallback((orgs: Organisation[]): OrganisationHierarchy[] => {\n const orgMap = new Map<string, Organisation>();\n orgs.forEach(org => orgMap.set(org.id, org));\n \n const roots: OrganisationHierarchy[] = [];\n \n orgs.forEach(org => {\n if (!org.parent_id) {\n // Root organisation\n roots.push({\n organisation: org,\n children: [],\n depth: 0\n });\n }\n });\n \n // For now, return flat structure - hierarchy building can be added later\n return roots;\n }, []);\n\n // Computed values\n const hasValidOrganisationContext = useMemo(() => {\n return !!(selectedOrganisation && !isLoading && !error && isContextReady);\n }, [selectedOrganisation, isLoading, error, isContextReady]);\n\n // Memoized context value\n const contextValue = useMemo<OrganisationContextType>(() => {\n // SECURITY: Only provide full context if we have valid organisation\n if (!selectedOrganisation) {\n // This will never be accessed due to the render guards above,\n // but TypeScript requires the interface to be satisfied\n const placeholderOrg: Organisation = {\n id: '',\n name: '',\n display_name: '',\n subscription_tier: 'standard',\n settings: {},\n is_active: false,\n created_at: '',\n updated_at: ''\n };\n \n return {\n selectedOrganisation: placeholderOrg,\n organisations: [],\n userMemberships: [],\n isLoading,\n error,\n hasValidOrganisationContext: false,\n setSelectedOrganisation: () => {},\n switchOrganisation: async () => {},\n getUserRole: () => 'no_access',\n validateOrganisationAccess: () => false,\n refreshOrganisations: async () => {},\n ensureOrganisationContext: () => { throw new Error('No organisation context') as OrganisationSecurityError; },\n isOrganisationSecure: () => false,\n getPrimaryOrganisation: () => null\n };\n }\n\n return {\n selectedOrganisation,\n organisations,\n userMemberships,\n isLoading,\n error,\n hasValidOrganisationContext,\n setSelectedOrganisation,\n switchOrganisation,\n getUserRole,\n validateOrganisationAccess,\n refreshOrganisations,\n ensureOrganisationContext,\n isOrganisationSecure,\n getPrimaryOrganisation\n };\n }, [\n selectedOrganisation,\n organisations,\n userMemberships,\n isLoading,\n error,\n hasValidOrganisationContext,\n switchOrganisation,\n getUserRole,\n validateOrganisationAccess,\n refreshOrganisations,\n ensureOrganisationContext,\n isOrganisationSecure,\n getPrimaryOrganisation\n ]);\n\n // SECURITY: Only render children when we have valid organisation context\n if (isLoading || (selectedOrganisation && !isContextReady)) {\n return (\n <div className=\"organisation-loading\" role=\"status\" aria-label=\"Loading organisation context\">\n <div className=\"flex items-center justify-center min-h-screen\">\n <div className=\"text-center\">\n <div className=\"animate-spin rounded-full h-8 w-8 border-b-2 border-primary mx-auto mb-4\"></div>\n <p className=\"text-muted-foreground\">\n {isLoading ? 'Loading organisation context...' : 'Setting up organisation context...'}\n </p>\n </div>\n </div>\n </div>\n );\n }\n\n if (error || (user && !selectedOrganisation)) {\n return (\n <div className=\"organisation-error\" role=\"alert\">\n <div className=\"flex items-center justify-center min-h-screen\">\n <div className=\"text-center max-w-md mx-auto p-6\">\n <div className=\"text-destructive mb-4\">\n <svg className=\"h-12 w-12 mx-auto\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\">\n <path strokeLinecap=\"round\" strokeLinejoin=\"round\" strokeWidth={2} d=\"M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-2.5L13.732 4c-.77-.833-1.732-.833-2.464 0L4.35 16.5c-.77.833.192 2.5 1.732 2.5z\" />\n </svg>\n </div>\n <h2 className=\"text-xl font-semibold text-foreground mb-2\">\n Organisation Access Required\n </h2>\n <p className=\"text-muted-foreground mb-4\">\n {error?.message || 'No valid organisation context available. Please contact your administrator to be added to an organisation.'}\n </p>\n <button \n onClick={handleLogoutAndRedirect}\n className=\"px-4 py-2 bg-primary text-primary-foreground rounded-md hover:bg-primary/90\"\n >\n Sign Out\n </button>\n </div>\n </div>\n </div>\n );\n }\n\n return (\n <OrganisationContext.Provider value={contextValue}>\n {children}\n </OrganisationContext.Provider>\n );\n}\n\n/**\n * Hook to access organisation context\n * \n * @returns Organisation context with guaranteed non-null selectedOrganisation\n * @throws {Error} If used outside OrganisationProvider\n */\nexport const useOrganisations = (): OrganisationContextType => {\n const context = useContext(OrganisationContext);\n if (!context) {\n throw new Error('useOrganisations must be used within an OrganisationProvider');\n }\n return context;\n};\n\n// Re-export types for convenience\nexport type { \n Organisation, \n OrganisationMembership, \n OrganisationContextType,\n OrganisationSecurityError\n}; "],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAUA,SAAgB,eAAe,YAAY,UAAU,WAAW,aAAa,eAAe;AAC5F,SAAuD,iBAAiB;AAiWpE;AA3TG,SAAS,aAAa,EAAE,UAAU,eAAe,GAAsB;AAE5E,QAAM,CAAC,MAAM,OAAO,IAAI,SAAsB,IAAI;AAClD,QAAM,CAAC,SAAS,UAAU,IAAI,SAAyB,IAAI;AAC3D,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,IAAI;AACnD,QAAM,CAAC,WAAW,YAAY,IAAI,SAA2B,IAAI;AAGjE,YAAU,MAAM;AACd,UAAM,cAAc,CAAC,UAAsB;AACzC,UAAI,MAAM,OAAO,SAAS,SAAS,yBAAyB,KACxD,MAAM,OAAO,SAAS,SAAS,sBAAsB,GAAG;AAC1D,gBAAQ,KAAK,kEAAkE;AAC/E,cAAM,eAAe;AACrB,eAAO;AAAA,MACT;AAAA,IACF;AAEA,UAAM,2BAA2B,CAAC,UAAiC;AACjE,UAAI,MAAM,QAAQ,SAAS,SAAS,yBAAyB,KACzD,MAAM,QAAQ,SAAS,SAAS,sBAAsB,GAAG;AAC3D,gBAAQ,KAAK,8DAA8D;AAC3E,cAAM,eAAe;AACrB,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO,iBAAiB,SAAS,WAAW;AAC5C,WAAO,iBAAiB,sBAAsB,wBAAwB;AAEtE,WAAO,MAAM;AACX,aAAO,oBAAoB,SAAS,WAAW;AAC/C,aAAO,oBAAoB,sBAAsB,wBAAwB;AAAA,IAC3E;AAAA,EACF,GAAG,CAAC,CAAC;AAGL,YAAU,MAAM;AACd,QAAI,CAAC,eAAgB;AAErB,UAAM,kBAAkB,YAAY;AAClC,UAAI;AACF,cAAM,WAAW,MAAM,eAAe,KAAK,QAAQ;AACnD,cAAM,EAAE,MAAM,EAAE,MAAM,YAAY,GAAG,MAAM,IAAI,YAAY,EAAE,MAAM,EAAE,MAAM,KAAK,GAAG,OAAO,KAAK;AAC/F,YAAI,OAAO;AACT,kBAAQ,KAAK,+BAA+B,KAAK;AACjD,yBAAe,KAAK;AACpB;AAAA,QACF;AAEA,YAAI,aAAa;AACf,kBAAQ,WAAW;AAAA,QACrB;AACA,uBAAe,KAAK;AAAA,MACtB,SAAS,OAAO;AACd,gBAAQ,MAAM,+BAA+B,KAAK;AAClD,uBAAe,KAAK;AAAA,MACtB;AAAA,IACF;AAIA,UAAM,YAAY,WAAW,MAAM;AACjC,UAAI,eAAe,CAAC,QAAQ,CAAC,SAAS;AACpC,wBAAgB;AAAA,MAClB;AAAA,IACF,GAAG,GAAG;AAEN,WAAO,MAAM,aAAa,SAAS;AAAA,EACrC,GAAG,CAAC,gBAAgB,aAAa,MAAM,OAAO,CAAC;AAG/C,YAAU,MAAM;AACd,QAAI,CAAC,gBAAgB;AACnB,qBAAe,KAAK;AACpB;AAAA,IACF;AAGA,UAAM,YAAY,WAAW,MAAM;AACjC,UAAI,aAAa;AACf,gBAAQ,KAAK,4CAA4C;AACzD,uBAAe,KAAK;AAAA,MACtB;AAAA,IACF,GAAG,GAAI;AAEP,QAAI;AACF,kBAAY,IAAI,gBAAgB,0CAA0C;AAC1E,YAAM,kBAAkB,eAAe,KAAK;AAAA,QAC1C,CAAC,OAAOA,aAAY;AAClB,cAAI;AACF,wBAAY,IAAI,gBAAgB,uBAAuB,OAAOA,UAAS,MAAM,KAAK;AAGlF,yBAAa,SAAS;AAGtB,gBAAI,UAAU,cAAc;AAC1B,0BAAY,IAAI,gBAAgB,qCAAqC;AAErE,yBAAW,IAAI;AACf,sBAAQ,IAAI;AACZ,6BAAe,KAAK;AACpB,2BAAa,IAAI;AAAA,YACnB,OAAO;AACL,yBAAWA,QAAO;AAClB,sBAAQA,UAAS,QAAQ,IAAI;AAC7B,6BAAe,KAAK;AAGpB,kBAAIA,UAAS;AACX,6BAAa,IAAI;AAAA,cACnB;AAAA,YACF;AAAA,UACF,SAAS,OAAO;AACd,oBAAQ,KAAK,sDAAsD,KAAK;AAExE,2BAAe,KAAK;AAAA,UACtB;AAAA,QACF;AAAA,MACF;AAEA,YAAM,eAAe,iBAAiB,MAAM,gBAAgB;AAE5D,aAAO,MAAM;AACX,qBAAa,SAAS;AACtB,YAAI,gBAAgB,OAAO,aAAa,gBAAgB,YAAY;AAClE,sBAAY,IAAI,gBAAgB,iCAAiC;AACjE,uBAAa,YAAY;AAAA,QAC3B;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,8DAA8D,KAAK;AAGjF,UAAI,iBAAiB,SACjB,CAAC,MAAM,QAAQ,SAAS,kBAAkB,KAC1C,CAAC,MAAM,QAAQ,SAAS,yBAAyB,KACjD,CAAC,MAAM,QAAQ,SAAS,sBAAsB,GAAG;AACnD,qBAAa,KAAkB;AAAA,MACjC;AACA,qBAAe,KAAK;AACpB,mBAAa,SAAS;AACtB,aAAO,MAAM;AAAA,MAAC;AAAA,IAChB;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAGnB,QAAM,SAAS,YAAY,OAAO,OAAe,aAAsB;AACrE,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,mBAAe,IAAI;AACnB,iBAAa,IAAI;AAEjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,mBAAmB,EAAE,OAAO,UAAU,YAAY,GAAG,CAAC;AAClG,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMC,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B,UAAE;AACA,qBAAe,KAAK;AAAA,IACtB;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,SAAS,YAAY,OAAO,OAAe,aAAqB;AACpE,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,iBAAa,IAAI;AACjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,OAAO,EAAE,OAAO,SAAS,CAAC;AACtE,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMA,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,UAAU,YAAY,YAAY;AACtC,gBAAY,IAAI,gBAAgB,gBAAgB;AAGhD,mBAAe,KAAK;AAEpB,QAAI,CAAC,gBAAgB;AACnB,kBAAY,IAAI,gBAAgB,6CAA6C;AAC7E,cAAQ,IAAI;AACZ,iBAAW,IAAI;AACf,mBAAa,IAAI;AACjB,aAAO,EAAE,OAAO,KAAK;AAAA,IACvB;AAGA,gBAAY,IAAI,gBAAgB,wCAAwC;AACxE,YAAQ,IAAI;AACZ,eAAW,IAAI;AACf,iBAAa,IAAI;AAEjB,QAAI;AACF,kBAAY,IAAI,gBAAgB,0BAA0B;AAG1D,YAAM,iBAAiB,eAAe,KAAK,QAAQ;AACnD,YAAM,iBAAiB,IAAI;AAAA,QAAQ,CAAC,GAAG,WACrC,WAAW,MAAM,OAAO,IAAI,MAAM,iBAAiB,CAAC,GAAG,GAAI;AAAA,MAC7D;AAEA,YAAM,EAAE,MAAM,IAAI,MAAM,QAAQ,KAAK,CAAC,gBAAgB,cAAc,CAAC;AAErE,UAAI,SAAS,CAAC,MAAM,SAAS,SAAS,iBAAiB,GAAG;AACxD,gBAAQ,MAAM,iCAAiC,KAAK;AAAA,MAEtD;AAEA,kBAAY,IAAI,gBAAgB,2BAA2B;AAC3D,aAAO,EAAE,OAAO,KAAK;AAAA,IACvB,SAAS,KAAK;AACZ,cAAQ,KAAK,+CAA+C,GAAG;AAE/D,aAAO,EAAE,OAAO,KAAK;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,gBAAgB,YAAY,OAAO,UAAkB;AACzD,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,iBAAa,IAAI;AACjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,sBAAsB,KAAK;AACvE,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMA,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,iBAAiB,YAAY,OAAO,aAAqB;AAC7D,QAAI,CAAC,eAAgB,QAAO,EAAE,OAAO,IAAI,UAAU,kCAAkC,GAAG,EAAE;AAC1F,UAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,WAAW,EAAE,SAAS,CAAC;AACnE,QAAI,OAAO;AACT,mBAAa,KAAK;AAAA,IACpB;AACA,WAAO,EAAE,MAAM;AAAA,EACjB,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,iBAAiB,YAAY,YAAY;AAC7C,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,iBAAa,IAAI;AACjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,eAAe;AAC3D,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMA,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAGnB,QAAM,kBAAkB,CAAC,CAAC;AAG1B,QAAM,eAAe,QAAyB,OAAO;AAAA,IACnD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA;AAAA,IACP,UAAU,kBAAkB;AAAA,IAE5B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAAA,IACF;AAAA,IAAM;AAAA,IAAS;AAAA,IAAiB;AAAA,IAAa;AAAA,IAAW;AAAA,IACxD;AAAA,IAAQ;AAAA,IAAQ;AAAA,IAAS;AAAA,IAAe;AAAA,IAAgB;AAAA,EAC1D,CAAC;AAED,SACE,oBAAC,YAAY,UAAZ,EAAqB,OAAO,cAC1B,UACH;AAEJ;AAhXA,IAkCM,aAEO;AApCb;AAAA;AAAA;AAYA;AAsBA,IAAM,cAAc,cAA2C,MAAS;AAEjE,IAAM,UAAU,MAAM;AAC3B,YAAM,UAAU,WAAW,WAAW;AACtC,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,6CAA6C;AAAA,MAC/D;AACA,aAAO;AAAA,IACT;AAAA;AAAA;;;AChCA,SAAgB,iBAAAC,gBAAe,cAAAC,aAAY,YAAAC,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,gBAAe;AA2mBxF,gBAAAC,YAAA;AA/bG,SAAS,aAAa;AAAA,EAC3B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,aAAa;AAAA,EACb,eAAe;AAAA,EACf;AAAA,EACA,4BAA4B,8BAA8B;AAC5D,GAAsB;AAEpB,QAAM,gBAAgB,sBAAsB,SAAY,oBAAoB;AAG5E,QAAM,CAAC,aAAa,cAAc,IAAIJ,UAAkC,CAAC,CAAC;AAC1E,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAmB,CAAC,CAAC;AAC/C,QAAM,CAAC,aAAa,cAAc,IAAIA,+BAAwC;AAC9E,QAAM,CAAC,aAAa,cAAc,IAAIA,UAAS,KAAK;AACpD,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAuB,IAAI;AAC7D,QAAM,CAAC,iBAAiB,kBAAkB,IAAIA,UAAwB,IAAI;AAC1E,QAAM,CAAC,WAAW,YAAY,IAAIA,UAA2B,IAAI;AACjE,QAAM,CAAC,iBAAiB,kBAAkB,IAAIA,UAA4B,CAAC,CAAC;AAC5E,QAAM,CAAC,oBAAoB,qBAAqB,IAAIA,UAAS,KAAK;AAGlE,QAAM,CAAC,wBAAwB,0BAA0B,IAAIA,UAAwB,IAAI;AAGzF,EAAAC,WAAU,MAAM;AACd,QAAI,CAAC,eAAgB;AAErB,UAAM,gBAAgB,YAAY;AAChC,UAAI;AAEF,cAAM,EAAE,kBAAkB,IAAI,MAAM,OAAO,+BAA0B;AACrE,cAAM,kBAAkB,kBAAkB,KAAK;AAG/C,cAAM,EAAE,MAAM,SAAS,OAAO,SAAS,IAAI,MAAM,eAC9C,KAAK,WAAW,EAChB,OAAO,IAAI,EACX,GAAG,QAAQ,eAAe,EAC1B,GAAG,aAAa,IAAI,EACpB,OAAO;AAEV,YAAI,YAAY,CAAC,SAAS;AACxB,kBAAQ,KAAK,8BAA8B,eAAe;AAC1D,uBAAa;AAAA,YACX,wBAAwB;AAAA,YACxB,gBAAgB;AAAA,UAClB,CAAC;AACD;AAAA,QACF;AAEA,cAAM,WAAW,MAAM,eAAe,IAAI,kBAAkB;AAAA,UAC1D,UAAU,QAAQ;AAAA,QACpB,CAAC;AAED,cAAM,EAAE,KAAK,IAAI,YAAY,CAAC;AAE9B,YAAI,QAAQ,KAAK,SAAS,GAAG;AAC3B,uBAAa;AAAA,YACX,wBAAwB,KAAK,CAAC,EAAE;AAAA,YAChC,gBAAgB,KAAK,CAAC,EAAE;AAAA,UAC1B,CAAC;AAAA,QACH,OAAO;AAEL,uBAAa;AAAA,YACX,wBAAwB;AAAA,YACxB,gBAAgB;AAAA,UAClB,CAAC;AAAA,QACH;AAAA,MACF,SAAS,OAAO;AACd,gBAAQ,KAAK,sCAAsC;AACnD,YAAI,OAAO,iBAAiB,aAAa;AACvC,uBAAa,WAAW,aAAa,cAAc;AAAA,QACrD;AACA,gBAAQ,KAAK,qCAAqC,KAAK;AAEvD,qBAAa;AAAA,UACX,wBAAwB;AAAA,UACxB,gBAAgB;AAAA,QAClB,CAAC;AAAA,MACH;AAAA,IACF;AAEA,kBAAc;AAAA,EAChB,GAAG,CAAC,gBAAgB,OAAO,CAAC;AAG5B,EAAAA,WAAU,MAAM;AAEd,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,cAAc;AAChB,eAAS,CAAC,aAAa,CAAC;AAAA,IAC1B,OAAO;AACL,eAAS,CAAC,CAAC;AAAA,IACb;AAAA,EACF,GAAG,CAAC,IAAI,CAAC;AAGT,EAAAA,WAAU,MAAM;AACd,QAAI,CAAC,cAAe;AAEpB,QAAI;AACF,YAAM,iBAAiB,aAAa,QAAQ,aAAa,cAAc;AACvE,UAAI,gBAAgB;AAClB,2BAAmB,KAAK,MAAM,cAAc,CAAC;AAAA,MAC/C;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,sCAAsC;AACnD,mBAAa,WAAW,aAAa,cAAc;AAAA,IACrD;AAAA,EACF,GAAG,CAAC,aAAa,CAAC;AAGlB,EAAAA,WAAU,MAAM;AACd,QAAI,CAAC,cAAe;AAEpB,QAAI;AACF,UAAI,iBAAiB;AACnB,qBAAa;AAAA,UACX,aAAa;AAAA,UACb,KAAK,UAAU,eAAe;AAAA,QAChC;AAAA,MACF,OAAO;AACL,qBAAa,WAAW,aAAa,cAAc;AAAA,MACrD;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,sCAAsC;AACnD,mBAAa,WAAW,aAAa,cAAc;AACnD,cAAQ,KAAK,iCAAiC,KAAK;AAAA,IACrD;AAAA,EACF,GAAG,CAAC,iBAAiB,aAAa,CAAC;AAGnC,QAAM,qBAAqBC,aAAY,OAAO,YAAqB;AACjE,QAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,aAAa,CAAC,SAAS;AACtD,kBAAY,IAAI,gBAAgB,yEAAyE;AACzG,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AACjC;AAAA,IACF;AAGA,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,cAAc;AAChB,qBAAe;AAAA,QACb,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,QACjB,eAAe;AAAA,QACf,iBAAiB;AAAA,QACjB,iBAAiB;AAAA,MACnB,CAAC;AACD,eAAS,CAAC,aAAa,CAAC;AACxB,wCAAgC;AAChC;AAAA,IACF;AAGA,UAAM,8BAA8B,CAAC,WAAW,CAAC,UAAU;AAC3D,UAAM,6BAA6B;AACnC,UAAM,yBAAyB,CAAC,WAAW,UAAU;AAGrD,QAAI,wBAAwB;AAC1B,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AACjC;AAAA,IACF;AAGA,QAAI,CAAC,+BAA+B,CAAC,4BAA4B;AAC/D;AAAA,IACF;AAEA,mBAAe,IAAI;AACnB,iBAAa,IAAI;AAEjB,QAAI;AAEF,YAAM,EAAE,kBAAkB,IAAI,MAAM,OAAO,+BAA0B;AACrE,YAAM,kBAAkB,kBAAkB,KAAK;AAG/C,YAAM,EAAE,MAAM,SAAS,OAAO,SAAS,IAAI,MAAM,eAC9C,KAAK,WAAW,EAChB,OAAO,IAAI,EACX,GAAG,QAAQ,eAAe,EAC1B,GAAG,aAAa,IAAI,EACpB,OAAO;AAEV,UAAI,YAAY,CAAC,SAAS;AACxB,gBAAQ,KAAK,8BAA8B,eAAe;AAC1D,uBAAe,KAAK;AACpB;AAAA,MACF;AAEA,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,eAAe,IAAI,wBAAwB;AAAA,QACvE,WAAW,KAAK;AAAA,QAChB,UAAU,QAAQ;AAAA,QAClB,YAAY,WAAW;AAAA,QACvB,mBAAmB,0BAA0B;AAAA,MAC/C,CAAC;AAED,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,YAAM,EAAE,aAAAG,cAAa,OAAAC,QAAO,aAAa,IAAI,yBAAyB,MAAM,OAAO;AAEnF,qBAAeD,YAAW;AAC1B,eAASC,MAAK;AACd,qBAAe,YAAY;AAAA,IAC7B,SAAS,KAAU;AACjB,mBAAa,GAAG;AAAA,IAClB,UAAE;AACA,qBAAe,KAAK;AAAA,IACtB;AAAA,EACF,GAAG,CAAC,gBAAgB,MAAM,SAAS,SAAS,WAAW,sBAAsB,CAAC;AAG9E,QAAM,sBAAsBJ,aAAY,YAAY;AAClD,QAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,SAAS;AACxC,kBAAY,IAAI,gBAAgB,2EAA2E;AAC3G,yBAAmB,CAAC,CAAC;AACrB;AAAA,IACF;AAEA,0BAAsB,IAAI;AAC1B,QAAI;AAEF,YAAM,EAAE,kBAAkB,IAAI,MAAM,OAAO,+BAA0B;AACrE,YAAM,kBAAkB,kBAAkB,KAAK;AAG/C,YAAM,EAAE,MAAM,SAAS,OAAO,SAAS,IAAI,MAAM,eAC9C,KAAK,WAAW,EAChB,OAAO,IAAI,EACX,GAAG,QAAQ,eAAe,EAC1B,GAAG,aAAa,IAAI,EACpB,OAAO;AAEV,UAAI,YAAY,CAAC,SAAS;AACxB,gBAAQ,KAAK,8BAA8B,eAAe;AAC1D,8BAAsB,KAAK;AAC3B;AAAA,MACF;AAEA,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,eAC3B,KAAK,sBAAsB,EAC3B,OAAO;AAAA;AAAA;AAAA;AAAA,SAIP,EACA,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,UAAU,QAAQ,EAAE;AAE1B,UAAI,OAAO;AACT,gBAAQ,MAAM,qCAAqC,KAAK;AACxD,2BAAmB,CAAC,CAAC;AACrB;AAAA,MACF;AAEA,YAAM,cAAc,MAAM,IAAI,WAAS;AAAA,QACrC,UAAU,KAAK;AAAA,QACf,YAAY;AAAA;AAAA,QACZ,mBAAmB;AAAA;AAAA,QACnB,YAAY;AAAA;AAAA,QACZ,UAAU;AAAA;AAAA,QACV,cAAc;AAAA;AAAA,QACd,QAAQ,QAAQ;AAAA,QAChB,cAAc,KAAK;AAAA;AAAA,QACnB,YAAY,KAAK;AAAA,QACjB,iBAAiB;AAAA;AAAA,MACnB,EAAE,KAAK,CAAC;AAER,yBAAmB,WAAW;AAAA,IAChC,SAAS,OAAO;AACd,cAAQ,KAAK,sCAAsC;AACnD,mBAAa,WAAW,aAAa,cAAc;AACnD,cAAQ,MAAM,oCAAoC,KAAK;AACvD,yBAAmB,CAAC,CAAC;AAAA,IACvB,UAAE;AACA,4BAAsB,KAAK;AAAA,IAC7B;AAAA,EACF,GAAG,CAAC,gBAAgB,MAAM,SAAS,OAAO,CAAC;AAG3C,QAAM,qBAAqBA,aAAY,CAAC,YAAoB;AAC1D,WAAO,gBAAgB,KAAK,YAAU,OAAO,aAAa,OAAO;AAAA,EACnE,GAAG,CAAC,eAAe,CAAC;AAGpB,EAAAD,WAAU,MAAM;AAEd,QAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,SAAS;AACnC,kBAAY,IAAI,gBAAgB,+DAA+D;AAC/F;AAAA,IACF;AAGA,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,cAAc;AAChB,qBAAe;AAAA,QACb,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,QACjB,eAAe;AAAA,QACf,iBAAiB;AAAA,QACjB,iBAAiB;AAAA,MACnB,CAAC;AACD,eAAS,CAAC,aAAa,CAAC;AACxB,wCAAgC;AAChC;AAAA,IACF;AAEA,QAAI,iBAAiB;AAEnB,yBAAmB,eAAe;AAAA,IACpC,WAAW,CAAC,UAAU,gBAAgB;AAEpC,yBAAmB;AAAA,IACrB,OAAO;AAEL,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AAAA,IACnC;AAAA,EACF,GAAG,CAAC,iBAAiB,MAAM,SAAS,WAAW,kBAAkB,CAAC;AAGlE,EAAAA,WAAU,MAAM;AACd,QAAI,YAAY;AAEhB,QAAI,QAAQ,SAAS;AACnB,kBAAY,IAAI,gBAAgB,kDAAkD;AAClF,0BAAoB,EAAE,MAAM,WAAS;AACnC,YAAI,WAAW;AACb,kBAAQ,MAAM,oCAAoC,KAAK;AAAA,QACzD;AAAA,MACF,CAAC;AAAA,IACH,OAAO;AACL,kBAAY,IAAI,gBAAgB,iDAAiD;AACjF,UAAI,WAAW;AACb,2BAAmB,CAAC,CAAC;AAAA,MACvB;AAAA,IACF;AAEA,WAAO,MAAM;AACX,kBAAY;AAAA,IACd;AAAA,EACF,GAAG,CAAC,MAAM,SAAS,mBAAmB,CAAC;AAGvC,QAAM,gBAAgBC,aAAY,CAAC,eAAuB;AACxD,UAAM,UAAU,CAAC,CAAC,YAAY,UAAU;AACxC,WAAO;AAAA,EACT,GAAG,CAAC,WAAW,CAAC;AAChB,QAAM,mBAAmBA,aAAY,CAAC,UAAoB,MAAM,KAAK,OAAK,CAAC,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC;AAC1G,QAAM,oBAAoBA,aAAY,CAAC,UAAoB,MAAM,MAAM,OAAK,CAAC,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC;AAC5G,QAAM,UAAUA,aAAY,CAAC,SAAiB;AAC5C,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,KAAK,YAAY,MAAM,eAAe;AACxC,aAAO;AAAA,IACT;AACA,WAAO,MAAM,SAAS,IAAI;AAAA,EAC5B,GAAG,CAAC,OAAO,IAAI,CAAC;AAChB,QAAM,iBAAiBA,aAAY,CAAC,UAAuB;AACzD,UAAM,SAAS,OAAO,OAAO,WAAW;AACxC,WAAO,OAAO,QAAQ,WAAW,KAAK,OAAO,QAAQ,KAAK;AAAA,EAC5D,GAAG,CAAC,WAAW,CAAC;AAChB,QAAM,YAAYA,aAAY,CAAC,UAAkB,WAAmB;AAClE,UAAM,aAAa,GAAG,QAAQ,IAAI,MAAM;AACxC,UAAM,YAAY,cAAc,UAAU;AAC1C,WAAO;AAAA,EACT,GAAG,CAAC,aAAa,CAAC;AAClB,QAAM,qBAAqBA,aAAY,OAAO,eAAuB,cAAc,UAAU,GAAG,CAAC,aAAa,CAAC;AAC/G,QAAM,iBAAiBA,aAAY,OAAO,UAAkB,WAAmB;AAE7E,WAAO,QAAQ,QAAQ,UAAU,UAAU,MAAM,CAAC;AAAA,EACpD,GAAG,CAAC,SAAS,CAAC;AAGd,QAAM,eAAeC,SAAyB,OAAO;AAAA,IACnD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAGA;AAAA,IACA,4BAA4B,MAAM;AAChC,UAAI,CAAC,wBAAwB;AAC3B,cAAM,IAAI,MAAM,oDAAoD;AAAA,MACtE;AACA,aAAO;AAAA,IACT;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAGA,aAAa;AAAA,IACb,aAAa;AAAA;AAAA,IAEb;AAAA,IACA;AAAA,EACF,IAAI;AAAA,IACF;AAAA,IAAa;AAAA,IAAO;AAAA,IAAa;AAAA,IAAa;AAAA,IAAW;AAAA,IAAiB;AAAA,IAC1E;AAAA,IAAiB;AAAA,IAAoB;AAAA,IACrC;AAAA,IAAe;AAAA,IAAkB;AAAA,IAAmB;AAAA,IAAS;AAAA,IAAgB;AAAA,IAC7E;AAAA,IAAoB;AAAA,IAAgB;AAAA,IAAoB;AAAA,IACxD;AAAA,IAAY;AAAA,IAAqB;AAAA,EACnC,CAAC;AAED,SACE,gBAAAC,KAAC,YAAY,UAAZ,EAAqB,OAAO,cAC1B,UACH;AAEJ;AAznBA,IAuEM,aAEO,SAqBP,cAKA;AAnGN;AAAA;AAAA;AAYA;AACA;AA0DA,IAAM,cAAcN,eAA2C,MAAS;AAEjE,IAAM,UAAU,MAAM;AAC3B,YAAM,UAAUC,YAAW,WAAW;AACtC,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,6CAA6C;AAAA,MAC/D;AACA,aAAO;AAAA,IACT;AAeA,IAAM,eAAe;AAAA,MACnB,gBAAgB;AAAA,IAClB;AAGA,IAAM,2BAA2B,CAAC,UAAiB,aAAqB;AACtE,YAAM,cAAuC,CAAC;AAC9C,UAAI,QAAkB,CAAC;AACvB,UAAI;AAEJ,UAAI,CAAC,YAAY,CAAC,MAAM,QAAQ,QAAQ,GAAG;AACzC,eAAO,EAAE,aAAa,CAAC,GAAG,OAAO,CAAC,QAAQ,GAAG,oCAAiC;AAAA,MAChF;AAGA,YAAM,iBAAiB,SAAS,KAAK,CAAC,MAAW,EAAE,oBAAoB,iBAAiB;AACxF,UAAI,gBAAgB;AAClB,eAAO;AAAA,UACL,aAAa,EAAE,WAAW,KAAK;AAAA,UAC/B,OAAO,CAAC,OAAO;AAAA,UACf;AAAA,QACF;AAAA,MACF;AAGA,YAAM,gBAAgB,SAAS,OAAO,CAAC,MAAW,EAAE,oBAAoB,kBAAkB;AAC1F,UAAI,cAAc,SAAS,GAAG;AAC5B,cAAM,OAAO,cAAc,CAAC,EAAE;AAG9B,gBAAQ,MAAM;AAAA,UACZ,KAAK;AACH;AACA,oBAAQ,CAAC,OAAO;AAChB;AAAA,UACF,KAAK;AACH;AACA,oBAAQ,CAAC,SAAS;AAClB;AAAA,UACF,KAAK;AACH;AACA,oBAAQ,CAAC,aAAa;AACtB;AAAA,UACF,KAAK;AACH;AACA,oBAAQ,CAAC,QAAQ;AACjB;AAAA,UACF,KAAK;AAAA,UACL;AACE;AACA,oBAAQ,CAAC,QAAQ;AACjB;AAAA,QACJ;AAIA,cAAM,kBAAkB,CAAC,MAAM;AAC/B,YAAI,CAAC,eAAe,SAAS,EAAE,SAAS,IAAI,GAAG;AAC7C,0BAAgB,KAAK,UAAU,QAAQ;AAAA,QACzC;AACA,YAAI,SAAS,eAAe;AAC1B,0BAAgB,KAAK,QAAQ;AAAA,QAC/B;AAIA,wBAAgB,QAAQ,eAAa;AACnC,sBAAY,WAAW,SAAS,EAAE,IAAI;AAAA,QACxC,CAAC;AAAA,MACH;AAGA,YAAM,WAAW,SAAS,OAAO,CAAC,MAAW,EAAE,oBAAoB,qBAAqB;AACxF,UAAI,SAAS,SAAS,GAAG;AACvB,cAAM,OAAO,SAAS,CAAC,EAAE;AACzB,YAAI,SAAS,aAAa;AACxB;AACA,kBAAQ,CAAC,OAAO;AAEhB,WAAC,UAAU,QAAQ,UAAU,QAAQ,EAAE,QAAQ,eAAa;AAC1D,wBAAY,WAAW,SAAS,EAAE,IAAI;AAAA,UACxC,CAAC;AAAA,QACH;AAAA,MACF;AAEA,aAAO,EAAE,aAAa,OAAO,aAAa;AAAA,IAC5C;AAAA;AAAA;;;AC9HA,SAAS,YAAAQ,WAAU,aAAAC,YAAW,eAAAC,cAAa,cAAc;AA0DzD,SAAS,SACP,MACA,OACkC;AAClC,MAAI;AACJ,SAAO,YAAwB,MAAqB;AAClD,QAAI,CAAC,YAAY;AACf,WAAK,MAAM,MAAM,IAAI;AACrB,mBAAa;AACb,iBAAW,MAAO,aAAa,OAAQ,KAAK;AAAA,IAC9C;AAAA,EACF;AACF;AAEO,SAAS,qBAAqB;AAAA,EACnC,gBAAgB,KAAK,KAAK;AAAA;AAAA,EAC1B,eAAe,KAAK;AAAA;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAAU;AAAA,EACV,aAAa;AAAA,EACb,cAAc;AAChB,IAAiC,CAAC,GAA+B;AAC/D,QAAM,CAAC,QAAQ,SAAS,IAAIF,UAAS,KAAK;AAC1C,QAAM,CAAC,eAAe,gBAAgB,IAAIA,UAAS,aAAa;AAChE,QAAM,CAAC,aAAa,cAAc,IAAIA,UAAS,KAAK;AACpD,QAAM,CAAC,YAAY,aAAa,IAAIA,UAAS,KAAK;AAGlD,EAAAC,WAAU,MAAM;AACd,QAAI,CAAC,SAAS;AACZ,oBAAc,KAAK;AACnB,gBAAU,KAAK;AACf,qBAAe,KAAK;AACpB,uBAAiB,aAAa;AAAA,IAChC;AAAA,EACF,GAAG,CAAC,SAAS,aAAa,CAAC;AAE3B,QAAM,aAAa,OAA8B,IAAI;AACrD,QAAM,oBAAoB,OAA8B,IAAI;AAC5D,QAAM,uBAAuB,OAA8B,IAAI;AAC/D,QAAM,kBAAkB,OAAe,KAAK,IAAI,CAAC;AACjD,QAAM,aAAa,OAAgC,IAAI;AAGvD,QAAM,cAAcC,aAAY,MAAM;AACpC,QAAI,WAAW,SAAS;AACtB,mBAAa,WAAW,OAAO;AAC/B,iBAAW,UAAU;AAAA,IACvB;AACA,QAAI,kBAAkB,SAAS;AAC7B,mBAAa,kBAAkB,OAAO;AACtC,wBAAkB,UAAU;AAAA,IAC9B;AACA,QAAI,qBAAqB,SAAS;AAChC,oBAAc,qBAAqB,OAAO;AAC1C,2BAAqB,UAAU;AAAA,IACjC;AAAA,EACF,GAAG,CAAC,CAAC;AAGL,QAAM,gBAAgBA,aAAY,CAAC,uBAAuB,UAAU;AAClE,QAAI,CAAC,QAAS;AAEd,UAAM,MAAM,KAAK,IAAI;AACrB,oBAAgB,UAAU;AAG1B,gBAAY;AAGZ,cAAU,KAAK;AACf,mBAAe,KAAK;AACpB,qBAAiB,aAAa;AAG9B,QAAI,CAAC,sBAAsB;AACzB,mBAAa;AAAA,IACf;AAGA,UAAM,cAAc,gBAAgB;AACpC,QAAI,cAAc,GAAG;AACnB,wBAAkB,UAAU,WAAW,MAAM;AAC3C,uBAAe,IAAI;AACnB,oBAAY;AAAA,MACd,GAAG,WAAW;AAAA,IAChB;AAGA,eAAW,UAAU,WAAW,MAAM;AACpC,gBAAU,IAAI;AACd,eAAS;AAAA,IACX,GAAG,aAAa;AAGhB,yBAAqB,UAAU,YAAY,MAAM;AAC/C,YAAM,UAAU,KAAK,IAAI,IAAI,gBAAgB;AAC7C,YAAM,YAAY,KAAK,IAAI,GAAG,gBAAgB,OAAO;AACrD,uBAAiB,SAAS;AAE1B,UAAI,cAAc,GAAG;AACnB,oBAAY;AAAA,MACd;AAAA,IACF,GAAG,GAAI;AAGP,QAAI;AACF,mBAAa,QAAQ,YAAY,IAAI,SAAS,CAAC;AAAA,IACjD,SAAS,OAAO;AACd,cAAQ,KAAK,2DAA2D,KAAK;AAAA,IAC/E;AAGA,QAAI;AACF,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,YAAY,EAAE,MAAM,YAAY,WAAW,IAAI,CAAC;AAAA,MACrE;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,wDAAwD,KAAK;AAAA,IAC5E;AAAA,EACF,GAAG,CAAC,SAAS,eAAe,cAAc,QAAQ,WAAW,YAAY,YAAY,WAAW,CAAC;AAGjG,QAAM,gBAAgBA,aAAY,MAAM;AACtC,QAAI,CAAC,QAAS;AAGd,kBAAc,KAAK;AACnB,cAAU,KAAK;AACf,mBAAe,KAAK;AACpB,qBAAiB,aAAa;AAG9B,gBAAY;AAEZ,kBAAc,IAAI;AAGlB,QAAI;AACF,UAAI,OAAO,qBAAqB,aAAa;AAC3C,mBAAW,UAAU,IAAI,iBAAiB,WAAW;AACrD,mBAAW,QAAQ,YAAY,CAAC,UAAU;AACxC,cAAI,MAAM,KAAK,SAAS,YAAY;AAClC,4BAAgB,UAAU,MAAM,KAAK;AACrC,0BAAc;AAAA,UAChB;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,oEAAoE,KAAK;AAAA,IACxF;AAGA,QAAI;AACF,YAAM,gBAAgB,aAAa,QAAQ,UAAU;AACrD,UAAI,eAAe;AACjB,cAAM,qBAAqB,SAAS,eAAe,EAAE;AACrD,cAAM,UAAU,KAAK,IAAI,IAAI;AAE7B,YAAI,UAAU,eAAe;AAE3B,0BAAgB,UAAU;AAC1B,gBAAM,YAAY,gBAAgB;AAClC,2BAAiB,SAAS;AAE1B,cAAI,aAAa,cAAc;AAC7B,2BAAe,IAAI;AACnB,wBAAY;AAAA,UACd;AAEA,cAAI,aAAa,GAAG;AAClB,sBAAU,IAAI;AACd,qBAAS;AACT;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,mEAAmE,KAAK;AAAA,IACvF;AAGA,UAAM,yBAAyB,SAAS,CAAC,UAAU;AACjD,oBAAc;AAAA,IAChB,GAAG,GAAG;AAGN,UAAM,oBAAoB,MAAM;AAC9B,sBAAgB,QAAQ,WAAS;AAC/B,iBAAS,iBAAiB,OAAO,wBAAwB,EAAE,SAAS,KAAK,CAAC;AAAA,MAC5E,CAAC;AAAA,IACH;AAGA,UAAM,uBAAuB,MAAM;AACjC,sBAAgB,QAAQ,WAAS;AAC/B,iBAAS,oBAAoB,OAAO,sBAAsB;AAAA,MAC5D,CAAC;AAAA,IACH;AAGA,sBAAkB;AAGlB,kBAAc,IAAI;AAGlB,WAAO,MAAM;AACX,2BAAqB;AACrB,kBAAY;AACZ,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,MAAM;AACzB,mBAAW,UAAU;AAAA,MACvB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,SAAS,YAAY,aAAa,YAAY,eAAe,cAAc,QAAQ,SAAS,CAAC;AAGjG,QAAM,eAAeA,aAAY,MAAM;AACrC,kBAAc,KAAK;AACnB,gBAAY;AAEZ,QAAI,WAAW,SAAS;AACtB,iBAAW,QAAQ,MAAM;AACzB,iBAAW,UAAU;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,WAAW,CAAC;AAGhB,EAAAD,WAAU,MAAM;AACd,QAAI,SAAS;AACX,YAAM,UAAU,cAAc;AAC9B,aAAO;AAAA,IACT,OAAO;AACL,mBAAa;AAAA,IACf;AAAA,EACF,GAAG,CAAC,SAAS,eAAe,YAAY,CAAC;AAGzC,EAAAA,WAAU,MAAM;AACd,WAAO,MAAM;AACX,kBAAY;AACZ,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,MAAM;AAAA,MAC3B;AAAA,IACF;AAAA,EACF,GAAG,CAAC,WAAW,CAAC;AAEhB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAnXA,IA6FM;AA7FN;AAAA;AAAA;AA6FA,IAAM,kBAAkB;AAAA,MACtB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA;AAAA;;;AC7DA,SAAgB,aAAAE,YAAW,YAAAC,WAAU,eAAAC,oBAAmB;AAGxD,SAAS,OAAO,qBAAqB;AAsD3B,SAEI,OAAAC,MAFJ;AAnCH,SAAS,uBAAuB;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,QAAQ;AAAA,EACR,cAAc;AAAA,EACd;AACF,GAAgC;AAC9B,QAAM,CAAC,aAAa,cAAc,IAAIF,UAAS,aAAa;AAG5D,EAAAD,WAAU,MAAM;AACd,mBAAe,aAAa;AAAA,EAC9B,GAAG,CAAC,aAAa,CAAC;AAGlB,QAAM,aAAaE,aAAY,CAAC,YAAoB;AAClD,UAAM,OAAO,KAAK,MAAM,UAAU,EAAE;AACpC,UAAM,OAAO,UAAU;AACvB,WAAO,GAAG,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,EAChF,GAAG,CAAC,CAAC;AAKL,SACE,gBAAAC,KAAC,UAAO,MAAM,QAAQ,cAAc,CAAC,SAAS,CAAC,QAAQ,eAAe,GACpE;AAAA,IAAC;AAAA;AAAA,MACC,WAAW,eAAe,aAAa,EAAE;AAAA,MACzC,sBAAsB;AAAA,MACtB,4BAA4B;AAAA,MAC5B,eAAY;AAAA,MAEZ;AAAA,6BAAC,gBACC;AAAA,+BAAC,SAAI,WAAU,2BACb;AAAA,4BAAAA,KAAC,SAAI,WAAU,iBACb,0BAAAA,KAAC,iBAAc,WAAU,wBAAuB,GAClD;AAAA,YACA,gBAAAA,KAAC,SACC,0BAAAA,KAAC,eAAY,WAAU,uCACpB,iBACH,GACF;AAAA,aACF;AAAA,UACA,gBAAAA,KAAC,qBAAkB,WAAU,sBAC1B,uBACH;AAAA,WACF;AAAA,QAEA,qBAAC,SAAI,WAAU,aAEb;AAAA,+BAAC,SAAI,WAAU,eACb;AAAA,iCAAC,SAAI,WAAU,uFACb;AAAA,8BAAAA,KAAC,SAAM,WAAU,wBAAuB;AAAA,cACxC,gBAAAA,KAAC,UAAK,WAAU,6CACb,qBAAW,WAAW,GACzB;AAAA,eACF;AAAA,YACA,gBAAAA,KAAC,OAAE,WAAU,8BAA6B,oDAE1C;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,mCACb;AAAA,4BAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,YACA,gBAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,SAAQ;AAAA,gBACR,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,aACF;AAAA,UAGA,gBAAAA,KAAC,SAAI,WAAU,qCACb,0BAAAA,KAAC,OAAE,sGAEH,GACF;AAAA,WACF;AAAA;AAAA;AAAA,EACF,GACF;AAEJ;AAnKA;AAAA;AAAA;AAiDA;AACA;AAAA;AAAA;;;ACxCA,SAAgB,iBAAAC,gBAAe,cAAAC,aAAY,YAAAC,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,gBAAe;AA6MxF,SAYM,OAAAC,MAZN,QAAAC,aAAA;AA5JG,SAAS,mBAAmB;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,gBAAgB,KAAK,KAAK;AAAA;AAAA,EAC1B,eAAe,KAAK;AAAA;AAAA,EACpB;AAAA,EACA;AAAA,EACA,+BAA+B;AACjC,GAA4B;AAE1B,QAAM,CAAC,uBAAuB,wBAAwB,IAAIL,UAAS,KAAK;AACxE,QAAM,CAAC,yBAAyB,0BAA0B,IAAIA,UAAS,CAAC;AAGxE,EAAAC,WAAU,MAAM;AACd,QAAI,OAAO,WAAW,aAAa;AACjC,YAAM,eAAe;AAErB,UAAI,gBAAgB,8BAA8B;AAChD,gBAAQ,MAAM,6HAA6H;AAAA,MAC7I;AAEA,UAAI,CAAC,gBAAgB,8BAA8B;AACjD,gBAAQ,KAAK,qGAAqG;AAAA,MACpH;AAAA,IACF;AAAA,EACF,GAAG,CAAC,4BAA4B,CAAC;AAGjC,QAAM,sBAAsB,OAAO,WAAW,gBAC3C,QAAwC,CAAC,+BAA+B;AAE3E,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,qBAAqB;AAAA,IACvB;AAAA,IACA;AAAA,IACA,SAAS,uBAAuB,CAAC,CAAC,QAAQ,CAAC,CAAC;AAAA,IAC5C,QAAQC,aAAY,MAAM;AAExB,+BAAyB,KAAK;AAC9B,iCAA2B,CAAC;AAG5B,UAAI,gBAAgB;AAClB,uBAAe,KAAK,QAAQ,EAAE,MAAM,CAAC,UAAe;AAClD,kBAAQ,MAAM,kDAAkD,KAAK;AAAA,QACvE,CAAC;AAAA,MACH;AAGA,qBAAe,YAAY;AAAA,IAC7B,GAAG,CAAC,gBAAgB,YAAY,CAAC;AAAA,IACjC,WAAWA,aAAY,MAAM;AAC3B,+BAAyB,IAAI;AAC7B,iCAA2B,YAAY;AAAA,IACzC,GAAG,CAAC,YAAY,CAAC;AAAA,IACjB,YAAYA,aAAY,MAAM;AAC5B,+BAAyB,KAAK;AAC9B,iCAA2B,CAAC;AAAA,IAC9B,GAAG,CAAC,CAAC;AAAA,EACP,CAAC;AAGD,QAAM,mBAAmBA,aAAY,YAAY;AAE/C,6BAAyB,KAAK;AAC9B,+BAA2B,CAAC;AAG5B,iBAAa;AAGb,QAAI;AACF,UAAI,gBAAgB;AAClB,cAAM,eAAe,KAAK,QAAQ;AAAA,MACpC;AAAA,IACF,SAAS,OAAY;AACnB,cAAQ,MAAM,kDAAkD,KAAK;AAAA,IACvE;AAGA,mBAAe,YAAY;AAAA,EAC7B,GAAG,CAAC,gBAAgB,cAAc,YAAY,CAAC;AAG/C,QAAM,qBAAqBA,aAAY,MAAM;AAC3C,6BAAyB,KAAK;AAC9B,+BAA2B,CAAC;AAC5B,kBAAc;AAAA,EAChB,GAAG,CAAC,aAAa,CAAC;AAGlB,QAAM,mBAAmBA,aAAY,YAAY;AAC/C,6BAAyB,KAAK;AAC9B,+BAA2B,CAAC;AAC5B,iBAAa;AAGb,QAAI;AACF,UAAI,gBAAgB;AAClB,cAAM,eAAe,KAAK,QAAQ;AAAA,MACpC;AAAA,IACF,SAAS,OAAY;AACnB,cAAQ,MAAM,sDAAsD,KAAK;AAAA,IAC3E;AAGA,mBAAe,YAAY;AAAA,EAC7B,GAAG,CAAC,gBAAgB,cAAc,YAAY,CAAC;AAG/C,EAAAD,WAAU,MAAM;AACd,QAAI,eAAe,gBAAgB,GAAG;AACpC,iCAA2B,KAAK,KAAK,gBAAgB,GAAI,CAAC;AAAA,IAC5D;AAAA,EACF,GAAG,CAAC,aAAa,aAAa,CAAC;AAG/B,QAAM,eAAeE,SAA+B,OAAO;AAAA,IACzD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,SACE,gBAAAE,MAAC,kBAAkB,UAAlB,EAA2B,OAAO,cAChC;AAAA;AAAA,IAGA,0BACC,0BACE,wBAAwB;AAAA,MACtB,eAAe;AAAA,MACf,gBAAgB;AAAA,MAChB,cAAc;AAAA,IAChB,CAAC,IAED,gBAAAD;AAAA,MAAC;AAAA;AAAA,QACC,QAAQ;AAAA,QACR,eAAe;AAAA,QACf,gBAAgB;AAAA,QAChB,cAAc;AAAA;AAAA,IAChB;AAAA,KAGN;AAEJ;AA7OA,IAiCM,mBAEO;AAnCb;AAAA;AAAA;AAWA;AACA;AAqBA,IAAM,oBAAoBN,eAAiD,MAAS;AAE7E,IAAM,gBAAgB,MAAM;AACjC,YAAM,UAAUC,YAAW,iBAAiB;AAC5C,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,yDAAyD;AAAA,MAC3E;AACA,aAAO;AAAA,IACT;AAAA;AAAA;;;ACzCA;AAAA;AAAA;AAAA;AAAA;AA4JA,SAAgB,iBAAAO,gBAAe,cAAAC,aAAY,WAAAC,gBAAe;AAyEtD,gBAAAC,YAAA;AApBJ,SAAS,2BAA2B;AAAA,EAClC;AAAA,EACA;AAAA,EACA,GAAG;AACL,GAA6B;AAC3B,QAAM,OAAO,QAAQ;AACrB,QAAM,OAAO,QAAQ;AACrB,QAAM,aAAa,cAAc;AAGjC,QAAM,eAAeD,SAAgC,OAAO;AAAA,IAC1D,GAAG;AAAA,IACH,GAAG;AAAA,IACH,GAAG;AAAA,IACH;AAAA,IACA,WAAW,KAAK,eAAe,KAAK;AAAA,IACpC,WAAW,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,KAAK;AAAA,EACxC,IAAI,CAAC,MAAM,MAAM,YAAY,OAAO,CAAC;AAErC,SACE,gBAAAC,KAAC,mBAAmB,UAAnB,EAA4B,OAAO,cACjC,UACH;AAEJ;AAGA,SAAS,mBAAmB;AAAA,EAC1B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAA6B;AAC3B,QAAM,OAAO,QAAQ;AAErB,SACE,gBAAAA;AAAA,IAAC;AAAA;AAAA,MACC;AAAA,MACA,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,MACd;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MAEA,0BAAAA;AAAA,QAAC;AAAA;AAAA,UACC,MAAM,KAAK;AAAA,UACX,SAAS,KAAK;AAAA,UACd;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UAEA,0BAAAA;AAAA,YAAC;AAAA;AAAA,cACC;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cAEC;AAAA;AAAA,UACH;AAAA;AAAA,MACF;AAAA;AAAA,EACF;AAEJ;AAEO,SAAS,oBAAoB;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA,EACA,eAAe;AAAA,EACf;AAAA,EACA,6BAA6B;AAAA,EAC7B,aAAa;AAAA,EACb,gBAAgB,KAAK,KAAK;AAAA;AAAA,EAC1B,eAAe,KAAK;AAAA;AAAA,EACpB;AAAA,EACA;AAAA,EACA,+BAA+B;AACjC,GAA6B;AAC3B,SACE,gBAAAA,KAAC,gBAAa,gBACZ,0BAAAA;AAAA,IAAC;AAAA;AAAA,MACC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MAEC;AAAA;AAAA,EACH,GACF;AAEJ;AAtUA,IA8KM,oBAEO;AAhLb;AAAA;AAAA;AA+JA;AACA;AACA;AAaA,IAAM,qBAAqBH,eAAkD,MAAS;AAE/E,IAAM,iBAAiB,MAAM;AAClC,YAAM,UAAUC,YAAW,kBAAkB;AAC7C,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,0DAA0D;AAAA,MAC5E;AACA,aAAO;AAAA,IACT;AAAA;AAAA;;;ACtLA;AAAA;AAAA;AAAA;AAAA;AAkEA,SAAgB,iBAAAG,gBAAe,cAAAC,aAAY,YAAAC,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,gBAAe;AAC5F,SAAS,mBAAmB;AAsclB,SACE,OAAAC,MADF,QAAAC,aAAA;AAnaH,SAAS,qBAAqB,EAAE,SAAS,GAA8B;AAC5E,QAAM,CAAC,sBAAsB,uBAAuB,IAAIL,UAA8B,IAAI;AAC1F,QAAM,CAAC,eAAe,gBAAgB,IAAIA,UAAyB,CAAC,CAAC;AACrE,QAAM,CAAC,iBAAiB,kBAAkB,IAAIA,UAAmC,CAAC,CAAC;AACnF,QAAM,CAAC,cAAc,eAAe,IAAIA,UAA8B,oBAAI,IAAI,CAAC;AAC/E,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AACrD,QAAM,CAAC,gBAAgB,iBAAiB,IAAIA,UAAS,KAAK;AAE1D,QAAM,EAAE,MAAM,SAAS,UAAU,QAAQ,IAAI,eAAe;AAG5D,MAAI,WAAgB;AACpB,MAAI;AACF,eAAW,YAAY;AAAA,EACzB,SAASM,QAAO;AAEd,eAAW;AAAA,EACb;AAGA,QAAM,iCAAiCJ,aAAY,OAAO,iBAA8C;AACtG,QAAI,CAAC,YAAY,CAAC,SAAS;AACzB,cAAQ,KAAK,iGAAiG;AAC9G,wBAAkB,KAAK;AACvB;AAAA,IACF;AAEA,QAAI;AACF,YAAM,uBAAuB,UAAU,aAAa,EAAE;AACtD,kBAAY,IAAI,wBAAwB,yCAAyC,aAAa,YAAY;AAC1G,wBAAkB,IAAI;AAAA,IACxB,SAASI,QAAO;AACd,cAAQ,MAAM,uEAAuEA,MAAK;AAC1F,wBAAkB,KAAK;AAAA,IAEzB;AAAA,EACF,GAAG,CAAC,UAAU,OAAO,CAAC;AAGtB,EAAAL,WAAU,MAAM;AACd,QAAI,wBAAwB,YAAY,SAAS;AAE/C,wBAAkB,KAAK;AAGvB,OAAC,YAAY;AACX,cAAM,+BAA+B,oBAAoB;AAAA,MAC3D,GAAG;AAAA,IACL,OAAO;AACL,wBAAkB,KAAK;AAAA,IACzB;AAAA,EACF,GAAG,CAAC,sBAAsB,gCAAgC,UAAU,OAAO,CAAC;AAG5E,QAAM,wBAAwBC,aAAY,YAAY;AACpD,QAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU;AAElC,kBAAY,IAAI,wBAAwB,oEAAoE;AAC5G,8BAAwB,IAAI;AAC5B,uBAAiB,CAAC,CAAC;AACnB,yBAAmB,CAAC,CAAC;AACrB,mBAAa,KAAK;AAClB,eAAS,IAAI;AACb;AAAA,IACF;AACE,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AACF,kBAAY,IAAI,wBAAwB,mCAAmC,KAAK,EAAE;AAIlF,UAAI,aAAa;AACjB,UAAI;AACF,cAAM,SAAS,MAAM,SAClB,KAAK,yBAAyB,EAC9B,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,aAaP,EACA,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,UAAU,QAAQ,EACrB,GAAG,cAAc,IAAI,EACrB,GAAG,QAAQ,CAAC,aAAa,UAAU,QAAQ,CAAC;AAE/C,sBAAc,OAAO;AACrB,0BAAkB,OAAO;AAAA,MAC3B,SAAS,YAAiB;AACxB,0BAAkB;AAAA,MACpB;AAEA,UAAI,iBAAiB;AACnB,gBAAQ,MAAM,qDAAqD,eAAe;AAClF,cAAM;AAAA,MACR;AAEA,kBAAY,IAAI,wBAAwB,yBAAyB,WAAW;AAE5E,UAAI,CAAC,eAAe,YAAY,WAAW,GAAG;AAC5C,cAAM,IAAI,MAAM,6CAA6C;AAAA,MAC/D;AAGA,YAAM,kBAAkB,YAAY,IAAI,CAAC,MAAW,EAAE,eAAe;AACrE,YAAM,EAAE,MAAMK,gBAAe,OAAO,SAAS,IAAI,MAAM,SACpD,KAAK,eAAe,EACpB,OAAO,mGAAmG,EAC1G,GAAG,MAAM,eAAe;AAE3B,UAAI,UAAU;AACZ,gBAAQ,MAAM,uDAAuD,QAAQ;AAC7E,cAAM;AAAA,MACR;AAIA,YAAM,UAAU,oBAAI,IAAoB;AACxC,mBAAa,QAAQ,CAAC,eAAoB;AACxC,gBAAQ,IAAI,WAAW,iBAAiB,WAAW,IAAI;AAAA,MACzD,CAAC;AAGD,YAAM,OAAOA;AACb,YAAM,aAAa,KAAK,OAAO,SAAO,IAAI,SAAS;AAEnD,UAAI,WAAW,WAAW,GAAG;AAC3B,cAAM,IAAI,MAAM,4CAA4C;AAAA,MAC9D;AAEA,kBAAY,IAAI,wBAAwB,yBAAyB,UAAU;AAE3E,uBAAiB,UAAU;AAC3B,yBAAmB,WAAuC;AAG1D,sBAAgB,OAAO;AAGvB,UAAI,aAAkC;AAGtC,UAAI;AACF,cAAM,qBAAqB,aAAa,QAAQC,cAAa,qBAAqB;AAClF,YAAI,oBAAoB;AACtB,gBAAM,eAAe,KAAK,MAAM,kBAAkB;AAClD,gBAAM,oBAAoB,WAAW,KAAK,SAAO,IAAI,OAAO,aAAa,EAAE;AAC3E,cAAI,mBAAmB;AACrB,yBAAa;AACb,wBAAY,IAAI,wBAAwB,oCAAoC,WAAW,YAAY;AAAA,UACrG;AAAA,QACF;AAAA,MACF,SAAS,cAAc;AACrB,gBAAQ,KAAK,oEAAoE,YAAY;AAAA,MAC/F;AAGA,UAAI,CAAC,YAAY;AACf,cAAM,kBAAkB,YAAY,KAAK,CAAC,MAAW,EAAE,SAAS,WAAW;AAC3E,YAAI,iBAAiB;AACnB,gBAAM,WAAWD,eAAc,KAAK,CAAC,QAAa,IAAI,OAAO,gBAAgB,eAAe;AAC5F,cAAI,UAAU;AACZ,yBAAa;AACb,wBAAY,IAAI,wBAAwB,oCAAoC,WAAW,YAAY;AAAA,UACrG;AAAA,QACF;AAAA,MACF;AAGA,UAAI,CAAC,YAAY;AACf,qBAAa,WAAW,CAAC;AACzB,oBAAY,IAAI,wBAAwB,gCAAgC,WAAW,YAAY;AAAA,MACjG;AAEA,UAAI,CAAC,YAAY;AACf,cAAM,IAAI,MAAM,sCAAsC;AAAA,MACxD;AAEA,8BAAwB,UAAU;AAGlC,mBAAa,QAAQC,cAAa,uBAAuB,KAAK,UAAU,UAAU,CAAC;AAEnF,kBAAY,IAAI,wBAAwB,qCAAqC;AAAA,QAC3E,sBAAsB,WAAW;AAAA,QACjC,oBAAoB,WAAW;AAAA,QAC/B,UAAU,QAAQ,IAAI,WAAW,EAAE;AAAA,MACrC,CAAC;AAAA,IAEH,SAAS,KAAK;AACZ,cAAQ,MAAM,wDAAwD,GAAG;AACzE,eAAS,GAAY;AAErB,8BAAwB,IAAI;AAC5B,uBAAiB,CAAC,CAAC;AACnB,yBAAmB,CAAC,CAAC;AACrB,mBAAa,WAAWA,cAAa,qBAAqB;AAAA,IAC5D,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACJ,GAAG,CAAC,MAAM,SAAS,QAAQ,CAAC;AAG5B,EAAAP,WAAU,MAAM;AACd,0BAAsB;AAAA,EACxB,GAAG,CAAC,qBAAqB,CAAC;AAG1B,QAAM,0BAA0BC,aAAY,YAAY;AACtD,QAAI;AACF,YAAM,QAAQ;AACd,UAAI,UAAU;AACZ,iBAAS,UAAU,EAAE,SAAS,KAAK,CAAC;AAAA,MACtC,OAAO;AAEL,eAAO,SAAS,OAAO;AAAA,MACzB;AAAA,IACF,SAASI,QAAO;AACd,cAAQ,MAAM,+CAA+CA,MAAK;AAElE,UAAI,UAAU;AACZ,iBAAS,UAAU,EAAE,SAAS,KAAK,CAAC;AAAA,MACtC,OAAO;AAEL,eAAO,SAAS,OAAO;AAAA,MACzB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,SAAS,QAAQ,CAAC;AAGtB,QAAM,4BAA4BJ,aAAY,MAAoB;AAChE,QAAI,CAAC,sBAAsB;AACzB,YAAM,IAAI,MAAM,oDAAoD;AAAA,IACtE;AACA,WAAO;AAAA,EACT,GAAG,CAAC,oBAAoB,CAAC;AAGzB,QAAM,cAAcA,aAAY,CAAC,UAA2B;AAC1D,UAAM,cAAc,SAAS,sBAAsB;AACnD,QAAI,CAAC,YAAa,QAAO;AAGzB,WAAO,aAAa,IAAI,WAAW,KAAK;AAAA,EAC1C,GAAG,CAAC,cAAc,oBAAoB,CAAC;AAGvC,QAAM,6BAA6BA,aAAY,CAAC,UAA2B;AACzE,WAAO,gBAAgB;AAAA,MAAK,CAAC,MAC3B,EAAE,oBAAoB,SACtB,EAAE,WAAW,YACb,EAAE,eAAe;AAAA,IACnB;AAAA,EACF,GAAG,CAAC,eAAe,CAAC;AAGpB,QAAM,qBAAqBA,aAAY,OAAO,UAAiC;AAC7E,gBAAY,IAAI,wBAAwB,8BAA8B,KAAK;AAG3E,QAAI,CAAC,2BAA2B,KAAK,GAAG;AACtC,YAAM,IAAI,MAAM,6CAA6C,KAAK,EAAE;AAAA,IACtE;AAEA,UAAM,YAAY,cAAc,KAAK,SAAO,IAAI,OAAO,KAAK;AAC5D,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,gBAAgB,KAAK,oCAAoC;AAAA,IAC3E;AAEA,4BAAwB,SAAS;AAGjC,iBAAa,QAAQM,cAAa,uBAAuB,KAAK,UAAU,SAAS,CAAC;AAGlF,UAAM,+BAA+B,SAAS;AAE9C,gBAAY,IAAI,wBAAwB,6BAA6B,UAAU,YAAY;AAAA,EAC7F,GAAG,CAAC,eAAe,4BAA4B,8BAA8B,CAAC;AAG9E,QAAM,uBAAuBN,aAAY,YAA2B;AAClE,QAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,SAAU;AAGpC,iBAAa,IAAI;AAAA,EAEnB,GAAG,CAAC,MAAM,SAAS,QAAQ,CAAC;AAG5B,QAAM,yBAAyBA,aAAY,MAA2B;AAEpE,UAAM,eAAe,CAAC,aAAa,UAAU,QAAQ;AAErD,eAAW,QAAQ,cAAc;AAC/B,YAAM,aAAa,gBAAgB,KAAK,CAAC,MAAW,EAAE,SAAS,IAAI;AACnE,UAAI,YAAY;AACd,eAAO,cAAc,KAAK,CAAC,QAAa,IAAI,OAAO,WAAW,eAAe,KAAK;AAAA,MACpF;AAAA,IACF;AAEA,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,aAAa,CAAC;AAGnC,QAAM,uBAAuBA,aAAY,MAAe;AACtD,WAAO,CAAC,EAAE,wBAAwB;AAAA,EACpC,GAAG,CAAC,sBAAsB,IAAI,CAAC;AAG/B,QAAM,6BAA6BA,aAAY,CAAC,SAAkD;AAChG,UAAM,SAAS,oBAAI,IAA0B;AAC7C,SAAK,QAAQ,SAAO,OAAO,IAAI,IAAI,IAAI,GAAG,CAAC;AAE3C,UAAM,QAAiC,CAAC;AAExC,SAAK,QAAQ,SAAO;AAClB,UAAI,CAAC,IAAI,WAAW;AAElB,cAAM,KAAK;AAAA,UACT,cAAc;AAAA,UACd,UAAU,CAAC;AAAA,UACX,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAGD,WAAO;AAAA,EACT,GAAG,CAAC,CAAC;AAGL,QAAM,8BAA8BC,SAAQ,MAAM;AAChD,WAAO,CAAC,EAAE,wBAAwB,CAAC,aAAa,CAAC,SAAS;AAAA,EAC5D,GAAG,CAAC,sBAAsB,WAAW,OAAO,cAAc,CAAC;AAG3D,QAAM,eAAeA,SAAiC,MAAM;AAE1D,QAAI,CAAC,sBAAsB;AAGzB,YAAM,iBAA+B;AAAA,QACnC,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,cAAc;AAAA,QACd,mBAAmB;AAAA,QACnB,UAAU,CAAC;AAAA,QACX,WAAW;AAAA,QACX,YAAY;AAAA,QACZ,YAAY;AAAA,MACd;AAEA,aAAO;AAAA,QACL,sBAAsB;AAAA,QACtB,eAAe,CAAC;AAAA,QAChB,iBAAiB,CAAC;AAAA,QAClB;AAAA,QACA;AAAA,QACA,6BAA6B;AAAA,QAC7B,yBAAyB,MAAM;AAAA,QAAC;AAAA,QAChC,oBAAoB,YAAY;AAAA,QAAC;AAAA,QACjC,aAAa,MAAM;AAAA,QACnB,4BAA4B,MAAM;AAAA,QAClC,sBAAsB,YAAY;AAAA,QAAC;AAAA,QACnC,2BAA2B,MAAM;AAAE,gBAAM,IAAI,MAAM,yBAAyB;AAAA,QAAgC;AAAA,QAC5G,sBAAsB,MAAM;AAAA,QAC5B,wBAAwB,MAAM;AAAA,MAChC;AAAA,IACF;AAEA,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF,GAAG;AAAA,IACD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAGD,MAAI,aAAc,wBAAwB,CAAC,gBAAiB;AAC1D,WACE,gBAAAC,KAAC,SAAI,WAAU,wBAAuB,MAAK,UAAS,cAAW,gCAC7D,0BAAAA,KAAC,SAAI,WAAU,iDACb,0BAAAC,MAAC,SAAI,WAAU,eACb;AAAA,sBAAAD,KAAC,SAAI,WAAU,4EAA2E;AAAA,MAC1F,gBAAAA,KAAC,OAAE,WAAU,yBACV,sBAAY,oCAAoC,sCACnD;AAAA,OACF,GACF,GACF;AAAA,EAEJ;AAEA,MAAI,SAAU,QAAQ,CAAC,sBAAuB;AAC5C,WACE,gBAAAA,KAAC,SAAI,WAAU,sBAAqB,MAAK,SACvC,0BAAAA,KAAC,SAAI,WAAU,iDACb,0BAAAC,MAAC,SAAI,WAAU,oCACb;AAAA,sBAAAD,KAAC,SAAI,WAAU,yBACb,0BAAAA,KAAC,SAAI,WAAU,qBAAoB,MAAK,QAAO,SAAQ,aAAY,QAAO,gBACxE,0BAAAA,KAAC,UAAK,eAAc,SAAQ,gBAAe,SAAQ,aAAa,GAAG,GAAE,4IAA2I,GAClN,GACF;AAAA,MACA,gBAAAA,KAAC,QAAG,WAAU,8CAA6C,0CAE3D;AAAA,MACA,gBAAAA,KAAC,OAAE,WAAU,8BACV,iBAAO,WAAW,8GACrB;AAAA,MACA,gBAAAA;AAAA,QAAC;AAAA;AAAA,UACC,SAAS;AAAA,UACT,WAAU;AAAA,UACX;AAAA;AAAA,MAED;AAAA,OACF,GACF,GACF;AAAA,EAEJ;AAEA,SACE,gBAAAA,KAAC,oBAAoB,UAApB,EAA6B,OAAO,cAClC,UACH;AAEJ;AArjBA,IAiFM,qBAGAI,eAyeO;AA7jBb;AAAA;AAAA;AAoEA;AACA;AACA;AAWA,IAAM,sBAAsBV,eAAmD,MAAS;AAGxF,IAAMU,gBAAe;AAAA,MACnB,uBAAuB;AAAA,MACvB,sBAAsB;AAAA,IACxB;AAseO,IAAM,mBAAmB,MAA+B;AAC7D,YAAM,UAAUT,YAAW,mBAAmB;AAC9C,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,8DAA8D;AAAA,MAChF;AACA,aAAO;AAAA,IACT;AAAA;AAAA;","names":["session","authError","createContext","useContext","useState","useEffect","useCallback","useMemo","jsx","permissions","roles","useState","useEffect","useCallback","useEffect","useState","useCallback","jsx","createContext","useContext","useState","useEffect","useCallback","useMemo","jsx","jsxs","createContext","useContext","useMemo","jsx","createContext","useContext","useState","useEffect","useCallback","useMemo","jsx","jsxs","error","organisations","STORAGE_KEYS"]}