@jmruthers/pace-core 0.4.1 → 0.5.3

package/dist/rbac/index.d.ts

@@ -1,7 +1,9 @@
 import { SupabaseClient } from '@supabase/supabase-js';
-import { D as Database } from '../database-CAMsquLm.js';
-import React__default, { ReactNode } from 'react';
+import { D as Database } from '../database-C3Szpi5J.js';
 import * as react_jsx_runtime from 'react/jsx-runtime';
+import React__default, { ReactNode } from 'react';
+export { R as RBACContextType, a as RBACProvider, b as RBACProviderProps, U as UserEventAccess, u as useRBACProvider } from '../RBACProvider-BO4ilsQB.js';
+import '../unified-CMPjE_fv.js';
 
 /**
  * RBAC (Role-Based Access Control) Types - Build Contract Compliant
@@ -26,13 +28,13 @@ type PermissionCheck = {
     userId: UUID;
     scope: Scope;
     permission: Permission;
-    pageId?: UUID;
+    pageId?: UUID | string;
 };
 type PermissionMap = Record<string, Operation[]>;
 type GlobalRole = 'super_admin';
 type OrganisationRole = 'supporter' | 'member' | 'leader' | 'org_admin';
 type EventAppRole = 'viewer' | 'participant' | 'planner' | 'event_admin';
-type AuditEventType = 'permission_check' | 'permission_denied' | 'role_granted' | 'role_revoked' | 'rls_denied';
+type AuditEventType = 'permission_check' | 'permission_denied' | 'role_granted' | 'role_denied' | 'rls_denied';
 type AuditEventSource = 'api' | 'ui' | 'middleware' | 'rls';
 interface RBACAuditEvent {
     id: UUID;
@@ -55,18 +57,23 @@ interface PermissionCacheKey {
     organisationId?: UUID;
     eventId?: string;
     appId?: UUID;
+    permission?: Permission;
+    pageId?: UUID | string;
 }
-interface UsePermissionsReturn {
-    permissions: PermissionMap;
-    isLoading: boolean;
-    error: Error | null;
-    refetch: () => Promise<void>;
-}
-interface UseCanReturn {
-    can: boolean;
+interface UserRBACContext {
+    user: any;
+    globalRole: GlobalRole | null;
+    organisationRole: OrganisationRole | null;
+    eventAppRole: EventAppRole | null;
+    hasPermission: (operation: Operation, targetPageId?: string) => Promise<boolean>;
+    hasGlobalPermission: (permission: Permission) => boolean;
+    isSuperAdmin: boolean;
+    isOrgAdmin: boolean;
+    isEventAdmin: boolean;
+    canManageOrganisation: boolean;
+    canManageEvent: boolean;
     isLoading: boolean;
     error: Error | null;
-    check: () => Promise<void>;
 }
 declare class RBACError extends Error {
     code: string;
@@ -391,7 +398,7 @@ interface RoleGrantedAuditEvent {
  * Audit event payload for role revoked
  */
 interface RoleRevokedAuditEvent {
-    type: 'role_revoked';
+    type: 'role_denied';
     userId: UUID;
     organisationId: UUID;
     eventId?: string;
@@ -516,6 +523,26 @@ declare function getGlobalAuditManager(): RBACAuditManager | null;
  */
 declare function emitAuditEvent(event: AuditEventPayload): Promise<void>;
 
+/**
+ * RBAC Security Enhancements
+ * @package @jmruthers/pace-core
+ * @module RBAC/Security
+ * @since 1.0.0
+ *
+ * Additional security measures for the RBAC system
+ */
+
+/**
+ * Security context for RBAC operations
+ */
+interface SecurityContext {
+    userId: UUID;
+    organisationId: UUID;
+    ipAddress?: string;
+    userAgent?: string;
+    timestamp: Date;
+}
+
 /**
  * RBAC Core Engine
  * @package @jmruthers/pace-core
@@ -532,14 +559,16 @@ declare function emitAuditEvent(event: AuditEventPayload): Promise<void>;
  */
 declare class RBACEngine {
     private supabase;
+    private securityMiddleware;
     constructor(supabase: SupabaseClient<Database>);
     /**
      * Check if a user has a specific permission
      *
      * @param input - Permission check input
+     * @param securityContext - Optional security context for enhanced validation
      * @returns Promise resolving to permission result
      */
-    isPermitted(input: PermissionCheck): Promise<boolean>;
+    isPermitted(input: PermissionCheck, securityContext?: SecurityContext): Promise<boolean>;
     /**
      * Get user's access level in a scope
      *
@@ -567,6 +596,30 @@ declare class RBACEngine {
      * @returns Promise resolving to super admin status
      */
     private checkSuperAdmin;
+    /**
+     * Get app configuration including requires_event setting
+     *
+     * @param appId - App ID
+     * @returns Promise resolving to app configuration
+     */
+    getAppConfig(appId: UUID): Promise<{
+        requires_event: boolean;
+    } | null>;
+    /**
+     * Resolve organisation ID from event ID
+     *
+     * @param eventId - Event ID
+     * @returns Promise resolving to organisation ID
+     */
+    private resolveOrganisationFromEvent;
+    /**
+     * Validate context requirements based on app configuration
+     *
+     * @param scope - Permission scope
+     * @param appId - Optional app ID
+     * @returns Promise resolving to validated scope with resolved organisation ID
+     */
+    private validateContextRequirements;
     /**
      * Collect active grants for a user in a scope
      *
@@ -627,6 +680,14 @@ declare class RBACEngine {
      * @returns True if permissions match
      */
     private permissionMatches;
+    /**
+     * Resolve a page ID to UUID if it's a page name
+     *
+     * @param pageId - Page ID (UUID) or page name (string)
+     * @param appId - App ID to look up the page
+     * @returns Resolved page ID (UUID) or original pageId if it's already a UUID or can't be resolved
+     */
+    private resolvePageId;
 }
 /**
  * Create an RBAC engine instance
@@ -636,950 +697,1014 @@ declare class RBACEngine {
  */
 declare function createRBACEngine(supabase: SupabaseClient<Database>): RBACEngine;
 
+interface PagePermissionContextType {
+    /** Check if user has permission for a page */
+    hasPagePermission: (pageName: string, operation: string, pageId?: string, scope?: Scope) => boolean;
+    /** Get all page permissions for current user */
+    getPagePermissions: () => Record<string, string[]>;
+    /** Check if page permission checking is enabled */
+    isEnabled: boolean;
+    /** Check if strict mode is enabled */
+    isStrictMode: boolean;
+    /** Check if audit logging is enabled */
+    isAuditLogEnabled: boolean;
+    /** Get page access history */
+    getPageAccessHistory: () => PageAccessRecord[];
+    /** Clear page access history */
+    clearPageAccessHistory: () => void;
+}
+interface PageAccessRecord {
+    pageName: string;
+    operation: string;
+    userId: UUID;
+    scope: Scope;
+    allowed: boolean;
+    timestamp: string;
+    pageId?: string;
+}
+interface PagePermissionProviderProps {
+    /** Child components */
+    children: React__default.ReactNode;
+    /** Enable strict mode to prevent bypassing (default: true) */
+    strictMode?: boolean;
+    /** Enable audit logging (default: true) */
+    auditLog?: boolean;
+    /** Callback when page access is attempted */
+    onPageAccess?: (pageName: string, operation: string, allowed: boolean, record: PageAccessRecord) => void;
+    /** Callback when strict mode violation occurs */
+    onStrictModeViolation?: (pageName: string, operation: string, record: PageAccessRecord) => void;
+    /** Maximum number of access records to keep in history */
+    maxHistorySize?: number;
+}
 /**
- * RBAC React Hooks
- * @package @jmruthers/pace-core
- * @module RBAC/Hooks
- * @since 1.0.0
- *
- * This module provides React hooks for RBAC functionality.
- */
-
-/**
- * Hook to get user's permissions in a scope
- *
- * @param userId - User ID
- * @param scope - Permission scope
- * @returns Permission data and loading state
- *
- * @example
- * ```tsx
- * function MyComponent() {
- *   const { permissions, isLoading, error } = usePermissions(
- *     'user-123',
- *     { organisationId: 'org-456' }
- *   );
+ * PagePermissionProvider - Manages page-level permissions across the app
  *
- *   if (isLoading) return <div>Loading...</div>;
- *   if (error) return <div>Error: {error.message}</div>;
+ * This provider ensures that all pages are properly protected and provides
+ * centralized page permission management with strict enforcement.
  *
- *   return (
- *     <div>
- *       {permissions['page-1']?.includes('read') && <ReadButton />}
- *       {permissions['page-1']?.includes('manage') && <ManageButton />}
- *     </div>
- *   );
- * }
- * ```
+ * @param props - Provider props
+ * @returns React element with page permission context
  */
-declare function usePermissions(userId: UUID, scope: Scope): UsePermissionsReturn;
+declare function PagePermissionProvider({ children, strictMode, auditLog, onPageAccess, onStrictModeViolation, maxHistorySize }: PagePermissionProviderProps): react_jsx_runtime.JSX.Element;
 /**
- * Hook to check if user has a specific permission
- *
- * @param userId - User ID
- * @param scope - Permission scope
- * @param permission - Permission to check
- * @param pageId - Optional page ID
- * @param useCache - Whether to use cached results (default: true)
- * @returns Permission check result and loading state
- *
- * @example
- * ```tsx
- * function MyComponent() {
- *   const { can, isLoading } = useCan(
- *     'user-123',
- *     { organisationId: 'org-456' },
- *     'manage:events',
- *     'page-789'
- *   );
- *
- *   if (isLoading) return <div>Checking permission...</div>;
+ * Hook to use page permission context
  *
- *   return (
- *     <div>
- *       {can ? <AdminPanel /> : <AccessDenied />}
- *     </div>
- *   );
- * }
- * ```
+ * @returns Page permission context
+ * @throws Error if used outside of PagePermissionProvider
  */
-declare function useCan(userId: UUID, scope: Scope, permission: Permission, pageId?: UUID, useCache?: boolean): UseCanReturn;
+declare function usePagePermissions(): PagePermissionContextType;
+
+interface PagePermissionGuardProps {
+    /** Name of the page being protected */
+    pageName: string;
+    /** Operation being performed on the page */
+    operation: 'read' | 'create' | 'update' | 'delete';
+    /** Content to render when user has permission */
+    children: React__default.ReactNode;
+    /** Content to render when user lacks permission */
+    fallback?: React__default.ReactNode;
+    /** Enable strict mode to prevent bypassing (default: true) */
+    strictMode?: boolean;
+    /** Force audit logging for this page access (default: true) */
+    auditLog?: boolean;
+    /** Custom page ID for permission checking */
+    pageId?: string;
+    /** Custom scope for permission checking */
+    scope?: Scope;
+    /** Callback when access is denied */
+    onDenied?: (pageName: string, operation: string) => void;
+    /** Loading state content */
+    loading?: React__default.ReactNode;
+}
 /**
- * Hook to get user's access level in a scope
- *
- * @param userId - User ID
- * @param scope - Permission scope
- * @returns Access level and loading state
- *
- * @example
- * ```tsx
- * function MyComponent() {
- *   const { accessLevel, isLoading } = useAccessLevel(
- *     'user-123',
- *     { organisationId: 'org-456' }
- *   );
+ * PagePermissionGuard - Enforces page-level permissions
  *
- *   if (isLoading) return <div>Loading...</div>;
+ * This component ensures that users can only access pages they have permission for.
+ * It integrates with the existing RBAC system and provides strict enforcement to
+ * prevent apps from bypassing permission checks.
  *
- *   return (
- *     <div>
- *       {accessLevel === 'super' && <SuperAdminPanel />}
- *       {accessLevel === 'admin' && <AdminPanel />}
- *       {accessLevel === 'planner' && <PlannerPanel />}
- *     </div>
- *   );
- * }
- * ```
+ * @param props - Component props
+ * @returns React element with permission enforcement
  */
-declare function useAccessLevel(userId: UUID, scope: Scope): {
-    accessLevel: AccessLevel | null;
-    isLoading: boolean;
-    error: Error | null;
-    refetch: () => Promise<void>;
-};
+declare function PagePermissionGuard({ pageName, operation, children, fallback, strictMode, auditLog, pageId, scope, onDenied, loading }: PagePermissionGuardProps): react_jsx_runtime.JSX.Element;
+
+interface DataAccessRecord {
+    table: string;
+    operation: string;
+    userId: UUID;
+    scope: Scope;
+    allowed: boolean;
+    timestamp: string;
+    query?: string;
+    filters?: Record<string, any>;
+}
+interface SecureDataContextType {
+    /** Check if data access is allowed for a table and operation */
+    isDataAccessAllowed: (table: string, operation: string, scope?: Scope) => boolean;
+    /** Get all data access permissions for current user */
+    getDataAccessPermissions: () => Record<string, string[]>;
+    /** Check if secure data access is enabled */
+    isEnabled: boolean;
+    /** Check if strict mode is enabled */
+    isStrictMode: boolean;
+    /** Check if audit logging is enabled */
+    isAuditLogEnabled: boolean;
+    /** Get data access history */
+    getDataAccessHistory: () => DataAccessRecord[];
+    /** Clear data access history */
+    clearDataAccessHistory: () => void;
+    /** Validate data access attempt */
+    validateDataAccess: (table: string, operation: string, scope?: Scope) => boolean;
+}
+interface SecureDataProviderProps {
+    /** Child components */
+    children: React__default.ReactNode;
+    /** Enable strict mode to prevent bypassing (default: true) */
+    strictMode?: boolean;
+    /** Enable audit logging (default: true) */
+    auditLog?: boolean;
+    /** Callback when data access is attempted */
+    onDataAccess?: (table: string, operation: string, allowed: boolean, record: DataAccessRecord) => void;
+    /** Callback when strict mode violation occurs */
+    onStrictModeViolation?: (table: string, operation: string, record: DataAccessRecord) => void;
+    /** Maximum number of access records to keep in history */
+    maxHistorySize?: number;
+    /** Enable RLS enforcement (default: true) */
+    enforceRLS?: boolean;
+}
 /**
- * Hook to check multiple permissions at once
- *
- * @param userId - User ID
- * @param scope - Permission scope
- * @param permissions - Array of permissions to check
- * @param pageId - Optional page ID
- * @param useCache - Whether to use cached results (default: true)
- * @returns Object with permission results and loading state
+ * SecureDataProvider - Prevents direct Supabase access and enforces secure data patterns
  *
- * @example
- * ```tsx
- * function MyComponent() {
- *   const { permissions, isLoading } = useMultiplePermissions(
- *     'user-123',
- *     { organisationId: 'org-456' },
- *     ['read:events', 'manage:events', 'delete:events']
- *   );
+ * This provider ensures that all data access goes through the secure RBAC system
+ * and prevents apps from bypassing data access controls.
  *
- *   return (
- *     <div>
- *       {permissions['read:events'] && <ReadButton />}
- *       {permissions['manage:events'] && <ManageButton />}
- *       {permissions['delete:events'] && <DeleteButton />}
- *     </div>
- *   );
- * }
- * ```
+ * @param props - Provider props
+ * @returns React element with secure data context
  */
-declare function useMultiplePermissions(userId: UUID, scope: Scope, permissions: Permission[], pageId?: UUID, useCache?: boolean): {
-    permissions: Record<Permission, boolean>;
-    isLoading: boolean;
-    error: Error | null;
-    refetch: () => Promise<void>;
-};
+declare function SecureDataProvider({ children, strictMode, auditLog, onDataAccess, onStrictModeViolation, maxHistorySize, enforceRLS }: SecureDataProviderProps): react_jsx_runtime.JSX.Element;
 /**
- * Hook to check if user has any of the specified permissions
+ * Hook to use secure data context
  *
- * @param userId - User ID
- * @param scope - Permission scope
- * @param permissions - Array of permissions to check
- * @param pageId - Optional page ID
- * @returns True if user has any permission and loading state
- *
- * @example
- * ```tsx
- * function MyComponent() {
- *   const { hasAny, isLoading } = useHasAnyPermission(
- *     'user-123',
- *     { organisationId: 'org-456' },
- *     ['read:events', 'manage:events']
- *   );
- *
- *   return (
- *     <div>
- *       {hasAny ? <EventContent /> : <AccessDenied />}
- *     </div>
- *   );
- * }
- * ```
+ * @returns Secure data context
+ * @throws Error if used outside of SecureDataProvider
  */
-declare function useHasAnyPermission(userId: UUID, scope: Scope, permissions: Permission[], pageId?: UUID): {
-    hasAny: boolean;
-    isLoading: boolean;
-    error: Error | null;
-    refetch: () => Promise<void>;
-};
+declare function useSecureData(): SecureDataContextType;
+
+interface PermissionEnforcerProps {
+    /** Permissions required for access */
+    permissions: Permission[];
+    /** Operation being performed */
+    operation: string;
+    /** Content to render when user has permission */
+    children: React__default.ReactNode;
+    /** Content to render when user lacks permission */
+    fallback?: React__default.ReactNode;
+    /** Enable strict mode to prevent bypassing (default: true) */
+    strictMode?: boolean;
+    /** Force audit logging for this operation (default: true) */
+    auditLog?: boolean;
+    /** Custom scope for permission checking */
+    scope?: Scope;
+    /** Callback when access is denied */
+    onDenied?: (permissions: Permission[], operation: string) => void;
+    /** Loading state content */
+    loading?: React__default.ReactNode;
+    /** Require all permissions (AND) or any permission (OR) */
+    requireAll?: boolean;
+}
 /**
- * Hook to check if user has all of the specified permissions
- *
- * @param userId - User ID
- * @param scope - Permission scope
- * @param permissions - Array of permissions to check
- * @param pageId - Optional page ID
- * @returns True if user has all permissions and loading state
+ * PermissionEnforcer - Enforces permissions for operations
  *
- * @example
- * ```tsx
- * function MyComponent() {
- *   const { hasAll, isLoading } = useHasAllPermissions(
- *     'user-123',
- *     { organisationId: 'org-456' },
- *     ['read:events', 'manage:events']
- *   );
+ * This component ensures that users can only perform operations they have permission for.
+ * It integrates with the existing RBAC system and provides strict enforcement to
+ * prevent apps from bypassing permission checks.
  *
- *   return (
- *     <div>
- *       {hasAll ? <FullAccessPanel /> : <LimitedAccessPanel />}
- *     </div>
- *   );
- * }
- * ```
+ * @param props - Component props
+ * @returns React element with permission enforcement
  */
-declare function useHasAllPermissions(userId: UUID, scope: Scope, permissions: Permission[], pageId?: UUID): {
-    hasAll: boolean;
-    isLoading: boolean;
-    error: Error | null;
-    refetch: () => Promise<void>;
-};
+declare function PermissionEnforcer({ permissions, operation, children, fallback, strictMode, auditLog, scope, onDenied, loading, requireAll }: PermissionEnforcerProps): react_jsx_runtime.JSX.Element;
+
+interface RouteConfig {
+    /** Route path */
+    path: string;
+    /** React component to render */
+    component: React__default.ComponentType;
+    /** Permissions required for this route */
+    permissions: Permission[];
+    /** Roles that can access this route */
+    roles?: string[];
+    /** Minimum access level required */
+    accessLevel?: AccessLevel;
+    /** Page ID for permission checking */
+    pageId?: string;
+    /** Enable strict mode for this route */
+    strictMode?: boolean;
+    /** Route metadata */
+    meta?: {
+        title?: string;
+        description?: string;
+        requiresAuth?: boolean;
+        hidden?: boolean;
+    };
+}
+interface RouteAccessRecord {
+    route: string;
+    permissions: Permission[];
+    userId: UUID;
+    scope: Scope;
+    allowed: boolean;
+    timestamp: string;
+    pageId?: string;
+    roles?: string[];
+    accessLevel?: AccessLevel;
+}
+interface RoleBasedRouterContextType {
+    /** Get all accessible routes for current user */
+    getAccessibleRoutes: () => RouteConfig[];
+    /** Check if user can access a specific route */
+    canAccessRoute: (path: string) => boolean;
+    /** Get route configuration for a path */
+    getRouteConfig: (path: string) => RouteConfig | null;
+    /** Get route access history */
+    getRouteAccessHistory: () => RouteAccessRecord[];
+    /** Clear route access history */
+    clearRouteAccessHistory: () => void;
+    /** Check if strict mode is enabled */
+    isStrictMode: boolean;
+    /** Check if audit logging is enabled */
+    isAuditLogEnabled: boolean;
+}
+interface RoleBasedRouterProps {
+    /** Route configuration */
+    routes: RouteConfig[];
+    /** Fallback route for unauthorized access */
+    fallbackRoute?: string;
+    /** Child components */
+    children: React__default.ReactNode;
+    /** Enable strict mode to prevent bypassing (default: true) */
+    strictMode?: boolean;
+    /** Enable audit logging (default: true) */
+    auditLog?: boolean;
+    /** Callback when route access is attempted */
+    onRouteAccess?: (route: string, allowed: boolean, record: RouteAccessRecord) => void;
+    /** Callback when strict mode violation occurs */
+    onStrictModeViolation?: (route: string, record: RouteAccessRecord) => void;
+    /** Maximum number of access records to keep in history */
+    maxHistorySize?: number;
+    /** Custom unauthorized component */
+    unauthorizedComponent?: React__default.ComponentType<{
+        route: string;
+        reason: string;
+    }>;
+}
 /**
- * Hook to read cached permissions (contract requirement)
- *
- * This hook only reads from the core cache and does not perform
- * any bespoke caching as per the contract requirements.
- *
- * @param userId - User ID
- * @param scope - Permission scope
- * @returns Cached permission data and loading state
- *
- * @example
- * ```tsx
- * function MyComponent() {
- *   const { permissions, isLoading, error } = useCachedPermissions(
- *     'user-123',
- *     { organisationId: 'org-456' }
- *   );
+ * RoleBasedRouter - Centralized routing control with role-based protection
  *
- *   if (isLoading) return <div>Loading cached permissions...</div>;
- *   if (error) return <div>Error: {error.message}</div>;
+ * This component ensures that all routes are properly protected and provides
+ * centralized routing control to prevent apps from bypassing route protection.
  *
- *   return (
- *     <div>
- *       {permissions['page-1']?.includes('read') && <ReadButton />}
- *       {permissions['page-1']?.includes('manage') && <ManageButton />}
- *     </div>
- *   );
- * }
- * ```
+ * @param props - Router props
+ * @returns React element with role-based routing
  */
-declare function useCachedPermissions(userId: UUID, scope: Scope): {
-    permissions: PermissionMap;
-    isLoading: boolean;
-    error: Error | null;
-    refetch: () => Promise<void>;
-};
-
+declare function RoleBasedRouter({ routes, fallbackRoute, children, strictMode, auditLog, onRouteAccess, onStrictModeViolation, maxHistorySize, unauthorizedComponent: UnauthorizedComponent }: RoleBasedRouterProps): react_jsx_runtime.JSX.Element;
 /**
- * RBAC Adapters
- * @package @jmruthers/pace-core
- * @module RBAC/Adapters
- * @since 1.0.0
+ * Hook to use role-based router context
  *
- * This module provides adapters for different frameworks and server runtimes.
+ * @returns Role-based router context
+ * @throws Error if used outside of RoleBasedRouter
  */
+declare function useRoleBasedRouter(): RoleBasedRouterContextType;
 
+interface NavigationItem {
+    /** Unique identifier for the navigation item */
+    id: string;
+    /** Display label for the navigation item */
+    label: string;
+    /** Navigation path/URL */
+    path: string;
+    /** Permissions required for this navigation item */
+    permissions: Permission[];
+    /** Roles that can access this navigation item */
+    roles?: string[];
+    /** Minimum access level required */
+    accessLevel?: 'viewer' | 'participant' | 'planner' | 'admin' | 'super';
+    /** Page ID for permission checking */
+    pageId?: string;
+    /** Enable strict mode for this navigation item */
+    strictMode?: boolean;
+    /** Navigation item metadata */
+    meta?: {
+        icon?: string;
+        description?: string;
+        hidden?: boolean;
+        order?: number;
+    };
+}
+interface NavigationAccessRecord {
+    navigationItem: string;
+    permissions: Permission[];
+    userId: UUID;
+    scope: Scope;
+    allowed: boolean;
+    timestamp: string;
+    pageId?: string;
+    roles?: string[];
+    accessLevel?: string;
+}
+interface NavigationContextType {
+    /** Check if user has permission for a navigation item */
+    hasNavigationPermission: (item: NavigationItem) => boolean;
+    /** Get all navigation permissions for current user */
+    getNavigationPermissions: () => Record<string, string[]>;
+    /** Get filtered navigation items based on permissions */
+    getFilteredNavigationItems: (items: NavigationItem[]) => NavigationItem[];
+    /** Check if navigation permission checking is enabled */
+    isEnabled: boolean;
+    /** Check if strict mode is enabled */
+    isStrictMode: boolean;
+    /** Check if audit logging is enabled */
+    isAuditLogEnabled: boolean;
+    /** Get navigation access history */
+    getNavigationAccessHistory: () => NavigationAccessRecord[];
+    /** Clear navigation access history */
+    clearNavigationAccessHistory: () => void;
+}
+interface NavigationProviderProps {
+    /** Child components */
+    children: React__default.ReactNode;
+    /** Enable strict mode to prevent bypassing (default: true) */
+    strictMode?: boolean;
+    /** Enable audit logging (default: true) */
+    auditLog?: boolean;
+    /** Callback when navigation access is attempted */
+    onNavigationAccess?: (item: NavigationItem, allowed: boolean, record: NavigationAccessRecord) => void;
+    /** Callback when strict mode violation occurs */
+    onStrictModeViolation?: (item: NavigationItem, record: NavigationAccessRecord) => void;
+    /** Maximum number of access records to keep in history */
+    maxHistorySize?: number;
+}
 /**
- * Permission Guard Component
+ * NavigationProvider - Manages navigation-level permissions across the app
  *
- * A React component that conditionally renders children based on permissions.
- * Can auto-infer userId from context if not provided.
+ * This provider ensures that all navigation items are properly protected and provides
+ * centralized navigation permission management with strict enforcement.
  *
- * @example
- * ```tsx
- * // With explicit userId and scope
- * <PermissionGuard
- *   userId="user-123"
- *   scope={{ organisationId: 'org-456' }}
- *   permission="manage:events"
- *   pageId="page-789"
- *   fallback={<AccessDenied />}
- * >
- *   <AdminPanel />
- * </PermissionGuard>
+ * @param props - Provider props
+ * @returns React element with navigation permission context
+ */
+declare function NavigationProvider({ children, strictMode, auditLog, onNavigationAccess, onStrictModeViolation, maxHistorySize }: NavigationProviderProps): react_jsx_runtime.JSX.Element;
+/**
+ * Hook to use navigation permission context
  *
- * // With context inference (requires auth context)
- * <PermissionGuard
- *   permission="manage:events"
- *   scope={{ organisationId: 'org-456' }}
- *   fallback={<AccessDenied />}
- * >
- *   <AdminPanel />
- * </PermissionGuard>
- * ```
+ * @returns Navigation permission context
+ * @throws Error if used outside of NavigationProvider
  */
-declare function PermissionGuard({ userId, scope, permission, pageId, children, fallback, onDenied, loading, strictMode, auditLog, enforceAudit, }: {
-    userId?: UUID;
-    scope: {
-        organisationId: UUID;
-        eventId?: string;
-        appId?: UUID;
-    };
-    permission: Permission;
-    pageId?: UUID;
-    children: ReactNode;
-    fallback?: ReactNode;
-    onDenied?: () => void;
-    loading?: ReactNode;
+declare function useNavigationPermissions(): NavigationContextType;
+
+interface NavigationGuardProps {
+    /** Navigation item being protected */
+    navigationItem: NavigationItem;
+    /** Content to render when user has permission */
+    children: React__default.ReactNode;
+    /** Content to render when user lacks permission */
+    fallback?: React__default.ReactNode;
+    /** Enable strict mode to prevent bypassing (default: true) */
     strictMode?: boolean;
+    /** Force audit logging for this navigation access (default: true) */
     auditLog?: boolean;
-    enforceAudit?: boolean;
-}): React__default.ReactNode;
+    /** Custom scope for permission checking */
+    scope?: Scope;
+    /** Callback when access is denied */
+    onDenied?: (item: NavigationItem) => void;
+    /** Loading state content */
+    loading?: React__default.ReactNode;
+    /** Require all permissions (AND) or any permission (OR) */
+    requireAll?: boolean;
+}
 /**
- * Access Level Guard Component
- *
- * A React component that conditionally renders children based on access level.
- * Can auto-infer userId from context if not provided.
+ * NavigationGuard - Enforces navigation-level permissions
  *
- * @example
- * ```tsx
- * // With explicit userId and scope
- * <AccessLevelGuard
- *   userId="user-123"
- *   scope={{ organisationId: 'org-456' }}
- *   minLevel="admin"
- *   fallback={<AccessDenied />}
- * >
- *   <AdminPanel />
- * </AccessLevelGuard>
+ * This component ensures that users can only access navigation items they have permission for.
+ * It integrates with the existing RBAC system and provides strict enforcement to
+ * prevent apps from bypassing navigation permission checks.
  *
- * // With context inference (requires auth context)
- * <AccessLevelGuard
- *   minLevel="admin"
- *   scope={{ organisationId: 'org-456' }}
- *   fallback={<AccessDenied />}
- * >
- *   <AdminPanel />
- * </AccessLevelGuard>
- * ```
+ * @param props - Component props
+ * @returns React element with navigation permission enforcement
  */
-declare function AccessLevelGuard({ userId, scope, minLevel, children, fallback, loading, }: {
-    userId?: UUID;
-    scope: {
-        organisationId: UUID;
-        eventId?: string;
-        appId?: UUID;
-    };
-    minLevel: 'viewer' | 'participant' | 'planner' | 'admin' | 'super';
-    children: ReactNode;
-    fallback?: ReactNode;
-    loading?: ReactNode;
-}): React__default.ReactNode;
+declare function NavigationGuard({ navigationItem, children, fallback, strictMode, auditLog, scope, onDenied, loading, requireAll }: NavigationGuardProps): react_jsx_runtime.JSX.Element;
+
+interface EnhancedNavigationMenuProps {
+    /** Navigation items to display */
+    items: NavigationItem[];
+    /** Enable strict mode to prevent bypassing (default: true) */
+    strictMode?: boolean;
+    /** Enable audit logging (default: true) */
+    auditLog?: boolean;
+    /** Callback when navigation access is attempted */
+    onNavigationAccess?: (item: NavigationItem, allowed: boolean) => void;
+    /** Callback when strict mode violation occurs */
+    onStrictModeViolation?: (item: NavigationItem) => void;
+    /** Custom className for the navigation menu */
+    className?: string;
+    /** Custom className for navigation items */
+    itemClassName?: string;
+    /** Custom className for active navigation items */
+    activeItemClassName?: string;
+    /** Custom className for disabled navigation items */
+    disabledItemClassName?: string;
+    /** Show/hide navigation items that user doesn't have permission for */
+    hideUnauthorizedItems?: boolean;
+    /** Custom render function for navigation items */
+    renderItem?: (item: NavigationItem, isAuthorized: boolean) => React__default.ReactNode;
+    /** Current active path for highlighting */
+    activePath?: string;
+    /** Navigation item click handler */
+    onItemClick?: (item: NavigationItem) => void;
+}
 /**
- * Permission Guard for Server Handlers
- *
- * Wraps a server handler with permission checking.
+ * EnhancedNavigationMenu - Secure navigation menu with RBAC integration
  *
- * @param config - Permission guard configuration
- * @param handler - Handler function to wrap
- * @returns Wrapped handler function
+ * This component provides a navigation menu that automatically filters items based on
+ * user permissions and enforces strict security controls.
  *
- * @example
- * ```typescript
- * const protectedHandler = withPermissionGuard(
- *   { permission: 'manage:events', pageId: 'page-789' },
- *   async (req, res) => {
- *     // Handler logic here
- *     res.json({ success: true });
- *   }
- * );
- * ```
+ * @param props - Component props
+ * @returns React element with enhanced navigation menu
  */
-declare function withPermissionGuard<T extends any[]>(config: {
-    permission: Permission;
-    pageId?: UUID;
-}, handler: (...args: T) => Promise<any>): (...args: T) => Promise<any>;
+declare function EnhancedNavigationMenu({ items, strictMode, auditLog, onNavigationAccess, onStrictModeViolation, className, itemClassName, activeItemClassName, disabledItemClassName, hideUnauthorizedItems, renderItem, activePath, onItemClick }: EnhancedNavigationMenuProps): react_jsx_runtime.JSX.Element;
+
 /**
- * Access Level Guard for Server Handlers
+ * @file RBAC Hook
+ * @package @jmruthers/pace-core
+ * @module RBAC/Hooks
+ * @since 0.3.0
  *
- * Wraps a server handler with access level checking.
+ * A React hook that provides access to the new RBAC (Role-Based Access Control) system.
+ * This hook integrates with the database to provide real-time role and permission information.
  *
- * @param minLevel - Minimum access level required
- * @param handler - Handler function to wrap
- * @returns Wrapped handler function
+ * Features:
+ * - Real-time role detection (global, organisation, event-app)
+ * - Permission checking with database validation
+ * - Hierarchical permission resolution
+ * - Loading states and error handling
+ * - Type-safe permission operations
+ * - Automatic context detection
  *
  * @example
- * ```typescript
- * const adminHandler = withAccessLevelGuard(
- *   'admin',
- *   async (req, res) => {
- *     // Admin-only logic here
- *     res.json({ success: true });
- *   }
- * );
+ * ```tsx
+ * import { useRBAC } from '@jmruthers/pace-core/rbac';
+ *
+ * function MyComponent() {
+ *   const {
+ *     globalRole,
+ *     organisationRole,
+ *     eventAppRole,
+ *     hasPermission,
+ *     isSuperAdmin,
+ *     isLoading,
+ *     error
+ *   } = useRBAC();
+ *
+ *   if (isLoading) return <div>Loading permissions...</div>;
+ *   if (error) return <div>Error: {error.message}</div>;
+ *
+ *   return (
+ *     <div>
+ *       {isSuperAdmin && <AdminPanel />}
+ *       {hasPermission('read', 'dashboard') && <Dashboard />}
+ *       {hasPermission('create', 'events') && <CreateEventButton />}
+ *     </div>
+ *   );
+ * }
  * ```
- */
-declare function withAccessLevelGuard<T extends any[]>(minLevel: 'viewer' | 'participant' | 'planner' | 'admin' | 'super', handler: (...args: T) => Promise<any>): (...args: T) => Promise<any>;
-/**
- * Role Guard for Server Handlers
  *
- * Wraps a server handler with role-based access control.
- * This is the primary middleware for routing protection as specified in the contract.
+ * @accessibility
+ * - No direct accessibility concerns (hook)
+ * - Enables accessible permission-based UI rendering
+ * - Supports screen reader friendly conditional content
  *
- * @param config - Role guard configuration
- * @param handler - Handler function to wrap
- * @returns Wrapped handler function
+ * @security
+ * - Database-backed permission validation
+ * - Hierarchical permission resolution
+ * - Organisation context enforcement
+ * - Real-time permission updates
  *
- * @example
- * ```typescript
- * const adminHandler = withRoleGuard(
- *   {
- *     globalRoles: ['super_admin'],
- *     organisationRoles: ['org_admin', 'leader'],
- *     eventAppRoles: ['event_admin', 'planner']
- *   },
- *   async (req, res) => {
- *     // Admin-only logic here
- *     res.json({ success: true });
- *   }
- * );
- * ```
+ * @performance
+ * - Optimized with useMemo and useCallback
+ * - Permission caching
+ * - Minimal re-renders
+ * - Lazy loading of permissions
+ *
+ * @dependencies
+ * - React 18+ - Hooks and effects
+ * - @supabase/supabase-js - Database integration
+ * - RBAC types - Type definitions
  */
-declare function withRoleGuard<T extends any[]>(config: {
-    globalRoles?: string[];
-    organisationRoles?: string[];
-    eventAppRoles?: string[];
-    requireAll?: boolean;
-}, handler: (...args: T) => Promise<any>): (...args: T) => Promise<any>;
+
+declare function useRBAC(pageId?: string): UserRBACContext;
+
 /**
- * Next.js Middleware for RBAC
+ * @file RBAC Permission Hooks
+ * @package @jmruthers/pace-core
+ * @module RBAC/Hooks
+ * @since 1.0.0
  *
- * Middleware that checks permissions before allowing access to pages.
+ * This module provides React hooks for RBAC functionality.
+ */
+
+/**
+ * Hook to get user's permissions in a scope
  *
- * @param config - Middleware configuration
- * @returns Next.js middleware function
+ * @param userId - User ID
+ * @param scope - Scope for permission checking
+ * @returns Permission state and methods
  *
  * @example
- * ```typescript
- * // middleware.ts
- * import { createRBACMiddleware } from '@jmruthers/pace-core/rbac';
+ * ```tsx
+ * function MyComponent() {
+ *   const { permissions, isLoading, error } = usePermissions(userId, scope);
  *
- * export default createRBACMiddleware({
- *   protectedRoutes: [
- *     { path: '/admin', permission: 'manage:admin' },
- *     { path: '/events', permission: 'read:events' },
- *   ],
- *   fallbackUrl: '/access-denied',
- * });
+ *   if (isLoading) return <div>Loading...</div>;
+ *   if (error) return <div>Error: {error.message}</div>;
+ *
+ *   return (
+ *     <div>
+ *       {permissions['read:users'] && <UserList />}
+ *       {permissions['create:users'] && <CreateUserButton />}
+ *     </div>
+ *   );
+ * }
  * ```
  */
-declare function createRBACMiddleware(config: {
-    protectedRoutes: Array<{
-        path: string;
-        permission: Permission;
-        pageId?: UUID;
-    }>;
-    fallbackUrl?: string;
-}): (req: {
-    nextUrl: {
-        pathname: string;
-    };
-    user?: {
-        id: string;
-    };
-    organisationId?: string;
-}, res: {
-    redirect: (url: string) => void;
-}, next: () => void) => Promise<void>;
+declare function usePermissions(userId: UUID, scope: Scope): {
+    permissions: PermissionMap;
+    isLoading: boolean;
+    error: Error | null;
+    hasPermission: (permission: Permission) => boolean;
+    hasAnyPermission: (permissionList: Permission[]) => boolean;
+    hasAllPermissions: (permissionList: Permission[]) => boolean;
+    refetch: () => Promise<void>;
+};
 /**
- * Express Middleware for RBAC
- *
- * Middleware that checks permissions for Express routes.
+ * Hook to check if user can perform an action
  *
- * @param config - Middleware configuration
- * @returns Express middleware function
+ * @param userId - User ID
+ * @param scope - Scope for permission checking
+ * @param permission - Permission to check
+ * @param pageId - Optional page ID
+ * @param useCache - Whether to use cached results
+ * @returns Permission check state and methods
  *
  * @example
- * ```typescript
- * import { createRBACExpressMiddleware } from '@jmruthers/pace-core/rbac';
+ * ```tsx
+ * function MyComponent() {
+ *   const { can, isLoading, error } = useCan(userId, scope, 'read:users');
  *
- * app.use(createRBACExpressMiddleware({
- *   permission: 'read:api',
- *   pageId: 'api-page-123',
- * }));
+ *   if (isLoading) return <div>Checking permission...</div>;
+ *   if (error) return <div>Error: {error.message}</div>;
+ *
+ *   return can ? <UserList /> : <div>Access denied</div>;
+ * }
  * ```
  */
-declare function createRBACExpressMiddleware(config: {
-    permission: Permission;
-    pageId?: UUID;
-}): (req: {
-    user?: {
-        id: string;
-    };
-    organisationId?: string;
-    eventId?: string;
-    appId?: string;
-}, res: {
-    status: (code: number) => {
-        json: (data: object) => void;
-    };
-}, next: () => void) => Promise<void>;
+declare function useCan(userId: UUID, scope: Scope, permission: Permission, pageId?: UUID, useCache?: boolean): {
+    can: boolean;
+    isLoading: boolean;
+    error: Error | null;
+    refetch: () => Promise<void>;
+};
 /**
- * Check if a user has a permission (synchronous cache check only)
+ * Hook to get user's access level in a scope
  *
  * @param userId - User ID
- * @param scope - Permission scope
- * @param permission - Permission to check
- * @param pageId - Optional page ID
- * @returns True if permission is cached and granted
+ * @param scope - Scope for access level checking
+ * @returns Access level state and methods
+ *
+ * @example
+ * ```tsx
+ * function MyComponent() {
+ *   const { accessLevel, isLoading, error } = useAccessLevel(userId, scope);
+ *
+ *   if (isLoading) return <div>Loading access level...</div>;
+ *   if (error) return <div>Error: {error.message}</div>;
+ *
+ *   return (
+ *     <div>
+ *       Access Level: {accessLevel}
+ *       {accessLevel >= AccessLevel.ADMIN && <AdminPanel />}
+ *     </div>
+ *   );
+ * }
+ * ```
  */
-declare function hasPermissionCached(userId: UUID, scope: {
-    organisationId: UUID;
-    eventId?: string;
-    appId?: UUID;
-}, _permission: Permission, _pageId?: UUID): boolean;
+declare function useAccessLevel(userId: UUID, scope: Scope): {
+    accessLevel: AccessLevel;
+    isLoading: boolean;
+    error: Error | null;
+    refetch: () => Promise<void>;
+};
 /**
- * Check if a user has any of the specified permissions (synchronous cache check only)
+ * Hook to check multiple permissions at once
  *
  * @param userId - User ID
- * @param scope - Permission scope
+ * @param scope - Scope for permission checking
  * @param permissions - Array of permissions to check
- * @param pageId - Optional page ID
- * @returns True if any permission is cached and granted
+ * @param useCache - Whether to use cached results
+ * @returns Multiple permission check results
+ *
+ * @example
+ * ```tsx
+ * function MyComponent() {
+ *   const { results, isLoading, error } = useMultiplePermissions(
+ *     userId,
+ *     scope,
+ *     ['read:users', 'create:users', 'update:users']
+ *   );
+ *
+ *   if (isLoading) return <div>Checking permissions...</div>;
+ *   if (error) return <div>Error: {error.message}</div>;
+ *
+ *   return (
+ *     <div>
+ *       {results['read:users'] && <UserList />}
+ *       {results['create:users'] && <CreateUserButton />}
+ *       {results['update:users'] && <EditUserButton />}
+ *     </div>
+ *   );
+ * }
+ * ```
  */
-declare function hasAnyPermissionCached(userId: UUID, scope: {
-    organisationId: UUID;
-    eventId?: string;
-    appId?: UUID;
-}, permissions: Permission[], pageId?: UUID): boolean;
-
-interface PagePermissionContextType {
-    /** Check if user has permission for a page */
-    hasPagePermission: (pageName: string, operation: string, pageId?: string, scope?: Scope) => boolean;
-    /** Get all page permissions for current user */
-    getPagePermissions: () => Record<string, string[]>;
-    /** Check if page permission checking is enabled */
-    isEnabled: boolean;
-    /** Check if strict mode is enabled */
-    isStrictMode: boolean;
-    /** Check if audit logging is enabled */
-    isAuditLogEnabled: boolean;
-    /** Get page access history */
-    getPageAccessHistory: () => PageAccessRecord[];
-    /** Clear page access history */
-    clearPageAccessHistory: () => void;
-}
-interface PageAccessRecord {
-    pageName: string;
-    operation: string;
-    userId: UUID;
-    scope: Scope;
-    allowed: boolean;
-    timestamp: string;
-    pageId?: string;
-}
-interface PagePermissionProviderProps {
-    /** Child components */
-    children: React__default.ReactNode;
-    /** Enable strict mode to prevent bypassing (default: true) */
-    strictMode?: boolean;
-    /** Enable audit logging (default: true) */
-    auditLog?: boolean;
-    /** Callback when page access is attempted */
-    onPageAccess?: (pageName: string, operation: string, allowed: boolean, record: PageAccessRecord) => void;
-    /** Callback when strict mode violation occurs */
-    onStrictModeViolation?: (pageName: string, operation: string, record: PageAccessRecord) => void;
-    /** Maximum number of access records to keep in history */
-    maxHistorySize?: number;
-}
+declare function useMultiplePermissions(userId: UUID, scope: Scope, permissions: Permission[], useCache?: boolean): {
+    results: Record<Permission, boolean>;
+    isLoading: boolean;
+    error: Error | null;
+    refetch: () => Promise<void>;
+};
 /**
- * PagePermissionProvider - Manages page-level permissions across the app
+ * Hook to check if user has any of the specified permissions
  *
- * This provider ensures that all pages are properly protected and provides
- * centralized page permission management with strict enforcement.
+ * @param userId - User ID
+ * @param scope - Scope for permission checking
+ * @param permissions - Array of permissions to check
+ * @param useCache - Whether to use cached results
+ * @returns Whether user has any of the permissions
  *
- * @param props - Provider props
- * @returns React element with page permission context
+ * @example
+ * ```tsx
+ * function MyComponent() {
+ *   const { hasAny, isLoading, error } = useHasAnyPermission(
+ *     userId,
+ *     scope,
+ *     ['read:users', 'create:users']
+ *   );
+ *
+ *   if (isLoading) return <div>Checking permissions...</div>;
+ *   if (error) return <div>Error: {error.message}</div>;
+ *
+ *   return hasAny ? <UserManagementPanel /> : <div>No user permissions</div>;
+ * }
+ * ```
  */
-declare function PagePermissionProvider({ children, strictMode, auditLog, onPageAccess, onStrictModeViolation, maxHistorySize }: PagePermissionProviderProps): react_jsx_runtime.JSX.Element;
+declare function useHasAnyPermission(userId: UUID, scope: Scope, permissions: Permission[], useCache?: boolean): {
+    hasAny: boolean;
+    isLoading: boolean;
+    error: Error | null;
+    refetch: () => Promise<void>;
+};
 /**
- * Hook to use page permission context
+ * Hook to check if user has all of the specified permissions
  *
- * @returns Page permission context
- * @throws Error if used outside of PagePermissionProvider
+ * @param userId - User ID
+ * @param scope - Scope for permission checking
+ * @param permissions - Array of permissions to check
+ * @param useCache - Whether to use cached results
+ * @returns Whether user has all of the permissions
+ *
+ * @example
+ * ```tsx
+ * function MyComponent() {
+ *   const { hasAll, isLoading, error } = useHasAllPermissions(
+ *     userId,
+ *     scope,
+ *     ['read:users', 'create:users', 'update:users']
+ *   );
+ *
+ *   if (isLoading) return <div>Checking permissions...</div>;
+ *   if (error) return <div>Error: {error.message}</div>;
+ *
+ *   return hasAll ? <FullUserManagementPanel /> : <div>Insufficient permissions</div>;
+ * }
+ * ```
  */
-declare function usePagePermissions(): PagePermissionContextType;
-
-interface PagePermissionGuardProps {
-    /** Name of the page being protected */
-    pageName: string;
-    /** Operation being performed on the page */
-    operation: 'read' | 'create' | 'update' | 'delete';
-    /** Content to render when user has permission */
-    children: React__default.ReactNode;
-    /** Content to render when user lacks permission */
-    fallback?: React__default.ReactNode;
-    /** Enable strict mode to prevent bypassing (default: true) */
-    strictMode?: boolean;
-    /** Force audit logging for this page access (default: true) */
-    auditLog?: boolean;
-    /** Custom page ID for permission checking */
-    pageId?: string;
-    /** Custom scope for permission checking */
-    scope?: Scope;
-    /** Callback when access is denied */
-    onDenied?: (pageName: string, operation: string) => void;
-    /** Loading state content */
-    loading?: React__default.ReactNode;
-}
+declare function useHasAllPermissions(userId: UUID, scope: Scope, permissions: Permission[], useCache?: boolean): {
+    hasAll: boolean;
+    isLoading: boolean;
+    error: Error | null;
+    refetch: () => Promise<void>;
+};
 /**
- * PagePermissionGuard - Enforces page-level permissions
+ * Hook to get cached permissions with TTL management
  *
- * This component ensures that users can only access pages they have permission for.
- * It integrates with the existing RBAC system and provides strict enforcement to
- * prevent apps from bypassing permission checks.
+ * @param userId - User ID
+ * @param scope - Scope for permission checking
+ * @returns Cached permission state and methods
  *
- * @param props - Component props
- * @returns React element with permission enforcement
+ * @example
+ * ```tsx
+ * function MyComponent() {
+ *   const { permissions, isLoading, error, invalidateCache } = useCachedPermissions(userId, scope);
+ *
+ *   if (isLoading) return <div>Loading cached permissions...</div>;
+ *   if (error) return <div>Error: {error.message}</div>;
+ *
+ *   return (
+ *     <div>
+ *       {permissions['read:users'] && <UserList />}
+ *       <button onClick={invalidateCache}>Refresh Permissions</button>
+ *     </div>
+ *   );
+ * }
+ * ```
  */
-declare function PagePermissionGuard({ pageName, operation, children, fallback, strictMode, auditLog, pageId, scope, onDenied, loading }: PagePermissionGuardProps): react_jsx_runtime.JSX.Element;
+declare function useCachedPermissions(userId: UUID, scope: Scope): {
+    permissions: PermissionMap;
+    isLoading: boolean;
+    error: Error | null;
+    invalidateCache: () => void;
+    refetch: () => Promise<void>;
+};
 
-interface DataAccessRecord {
-    table: string;
-    operation: string;
-    userId: UUID;
-    scope: Scope;
-    allowed: boolean;
-    timestamp: string;
-    query?: string;
-    filters?: Record<string, any>;
-}
-interface SecureDataContextType {
-    /** Check if data access is allowed for a table and operation */
-    isDataAccessAllowed: (table: string, operation: string, scope?: Scope) => boolean;
-    /** Get all data access permissions for current user */
-    getDataAccessPermissions: () => Record<string, string[]>;
-    /** Check if secure data access is enabled */
-    isEnabled: boolean;
-    /** Check if strict mode is enabled */
-    isStrictMode: boolean;
-    /** Check if audit logging is enabled */
-    isAuditLogEnabled: boolean;
-    /** Get data access history */
-    getDataAccessHistory: () => DataAccessRecord[];
-    /** Clear data access history */
-    clearDataAccessHistory: () => void;
-    /** Validate data access attempt */
-    validateDataAccess: (table: string, operation: string, scope?: Scope) => boolean;
-}
-interface SecureDataProviderProps {
-    /** Child components */
-    children: React__default.ReactNode;
-    /** Enable strict mode to prevent bypassing (default: true) */
-    strictMode?: boolean;
-    /** Enable audit logging (default: true) */
-    auditLog?: boolean;
-    /** Callback when data access is attempted */
-    onDataAccess?: (table: string, operation: string, allowed: boolean, record: DataAccessRecord) => void;
-    /** Callback when strict mode violation occurs */
-    onStrictModeViolation?: (table: string, operation: string, record: DataAccessRecord) => void;
-    /** Maximum number of access records to keep in history */
-    maxHistorySize?: number;
-    /** Enable RLS enforcement (default: true) */
-    enforceRLS?: boolean;
-}
 /**
- * SecureDataProvider - Prevents direct Supabase access and enforces secure data patterns
- *
- * This provider ensures that all data access goes through the secure RBAC system
- * and prevents apps from bypassing data access controls.
+ * RBAC Adapters
+ * @package @jmruthers/pace-core
+ * @module RBAC/Adapters
+ * @since 1.0.0
  *
- * @param props - Provider props
- * @returns React element with secure data context
+ * This module provides adapters for different frameworks and server runtimes.
  */
-declare function SecureDataProvider({ children, strictMode, auditLog, onDataAccess, onStrictModeViolation, maxHistorySize, enforceRLS }: SecureDataProviderProps): react_jsx_runtime.JSX.Element;
+
 /**
- * Hook to use secure data context
+ * Permission Guard Component
  *
- * @returns Secure data context
- * @throws Error if used outside of SecureDataProvider
+ * A React component that conditionally renders children based on permissions.
+ * Can auto-infer userId from context if not provided.
+ *
+ * @example
+ * ```tsx
+ * // With explicit userId and scope
+ * <PermissionGuard
+ *   userId="user-123"
+ *   scope={{ organisationId: 'org-456' }}
+ *   permission="manage:events"
+ *   pageId="page-789"
+ *   fallback={<AccessDenied />}
+ * >
+ *   <AdminPanel />
+ * </PermissionGuard>
+ *
+ * // With context inference (requires auth context)
+ * <PermissionGuard
+ *   permission="manage:events"
+ *   scope={{ organisationId: 'org-456' }}
+ *   fallback={<AccessDenied />}
+ * >
+ *   <AdminPanel />
+ * </PermissionGuard>
+ * ```
  */
-declare function useSecureData(): SecureDataContextType;
-
-interface PermissionEnforcerProps {
-    /** Permissions required for access */
-    permissions: Permission[];
-    /** Operation being performed */
-    operation: string;
-    /** Content to render when user has permission */
-    children: React__default.ReactNode;
-    /** Content to render when user lacks permission */
-    fallback?: React__default.ReactNode;
-    /** Enable strict mode to prevent bypassing (default: true) */
+declare function PermissionGuard({ userId, scope, permission, pageId, children, fallback, onDenied, loading, strictMode, auditLog, enforceAudit, }: {
+    userId?: UUID;
+    scope: {
+        organisationId: UUID;
+        eventId?: string;
+        appId?: UUID;
+    };
+    permission: Permission;
+    pageId?: UUID;
+    children: ReactNode;
+    fallback?: ReactNode;
+    onDenied?: () => void;
+    loading?: ReactNode;
     strictMode?: boolean;
-    /** Force audit logging for this operation (default: true) */
     auditLog?: boolean;
-    /** Custom scope for permission checking */
-    scope?: Scope;
-    /** Callback when access is denied */
-    onDenied?: (permissions: Permission[], operation: string) => void;
-    /** Loading state content */
-    loading?: React__default.ReactNode;
-    /** Require all permissions (AND) or any permission (OR) */
-    requireAll?: boolean;
-}
+    enforceAudit?: boolean;
+}): React__default.ReactNode;
 /**
- * PermissionEnforcer - Enforces permissions for operations
+ * Access Level Guard Component
  *
- * This component ensures that users can only perform operations they have permission for.
- * It integrates with the existing RBAC system and provides strict enforcement to
- * prevent apps from bypassing permission checks.
+ * A React component that conditionally renders children based on access level.
+ * Can auto-infer userId from context if not provided.
  *
- * @param props - Component props
- * @returns React element with permission enforcement
+ * @example
+ * ```tsx
+ * // With explicit userId and scope
+ * <AccessLevelGuard
+ *   userId="user-123"
+ *   scope={{ organisationId: 'org-456' }}
+ *   minLevel="admin"
+ *   fallback={<AccessDenied />}
+ * >
+ *   <AdminPanel />
+ * </AccessLevelGuard>
+ *
+ * // With context inference (requires auth context)
+ * <AccessLevelGuard
+ *   minLevel="admin"
+ *   scope={{ organisationId: 'org-456' }}
+ *   fallback={<AccessDenied />}
+ * >
+ *   <AdminPanel />
+ * </AccessLevelGuard>
+ * ```
  */
-declare function PermissionEnforcer({ permissions, operation, children, fallback, strictMode, auditLog, scope, onDenied, loading, requireAll }: PermissionEnforcerProps): react_jsx_runtime.JSX.Element;
-
-interface RouteConfig {
-    /** Route path */
-    path: string;
-    /** React component to render */
-    component: React__default.ComponentType;
-    /** Permissions required for this route */
-    permissions: Permission[];
-    /** Roles that can access this route */
-    roles?: string[];
-    /** Minimum access level required */
-    accessLevel?: AccessLevel;
-    /** Page ID for permission checking */
-    pageId?: string;
-    /** Enable strict mode for this route */
-    strictMode?: boolean;
-    /** Route metadata */
-    meta?: {
-        title?: string;
-        description?: string;
-        requiresAuth?: boolean;
-        hidden?: boolean;
+declare function AccessLevelGuard({ userId, scope, minLevel, children, fallback, loading, }: {
+    userId?: UUID;
+    scope: {
+        organisationId: UUID;
+        eventId?: string;
+        appId?: UUID;
     };
-}
-interface RouteAccessRecord {
-    route: string;
-    permissions: Permission[];
-    userId: UUID;
-    scope: Scope;
-    allowed: boolean;
-    timestamp: string;
-    pageId?: string;
-    roles?: string[];
-    accessLevel?: AccessLevel;
-}
-interface RoleBasedRouterContextType {
-    /** Get all accessible routes for current user */
-    getAccessibleRoutes: () => RouteConfig[];
-    /** Check if user can access a specific route */
-    canAccessRoute: (path: string) => boolean;
-    /** Get route configuration for a path */
-    getRouteConfig: (path: string) => RouteConfig | null;
-    /** Get route access history */
-    getRouteAccessHistory: () => RouteAccessRecord[];
-    /** Clear route access history */
-    clearRouteAccessHistory: () => void;
-    /** Check if strict mode is enabled */
-    isStrictMode: boolean;
-    /** Check if audit logging is enabled */
-    isAuditLogEnabled: boolean;
-}
-interface RoleBasedRouterProps {
-    /** Route configuration */
-    routes: RouteConfig[];
-    /** Fallback route for unauthorized access */
-    fallbackRoute?: string;
-    /** Child components */
-    children: React__default.ReactNode;
-    /** Enable strict mode to prevent bypassing (default: true) */
-    strictMode?: boolean;
-    /** Enable audit logging (default: true) */
-    auditLog?: boolean;
-    /** Callback when route access is attempted */
-    onRouteAccess?: (route: string, allowed: boolean, record: RouteAccessRecord) => void;
-    /** Callback when strict mode violation occurs */
-    onStrictModeViolation?: (route: string, record: RouteAccessRecord) => void;
-    /** Maximum number of access records to keep in history */
-    maxHistorySize?: number;
-    /** Custom unauthorized component */
-    unauthorizedComponent?: React__default.ComponentType<{
-        route: string;
-        reason: string;
-    }>;
-}
+    minLevel: 'viewer' | 'participant' | 'planner' | 'admin' | 'super';
+    children: ReactNode;
+    fallback?: ReactNode;
+    loading?: ReactNode;
+}): React__default.ReactNode;
+/**
+ * Permission Guard for Server Handlers
+ *
+ * Wraps a server handler with permission checking.
+ *
+ * @param config - Permission guard configuration
+ * @param handler - Handler function to wrap
+ * @returns Wrapped handler function
+ *
+ * @example
+ * ```typescript
+ * const protectedHandler = withPermissionGuard(
+ *   { permission: 'manage:events', pageId: 'page-789' },
+ *   async (req, res) => {
+ *     // Handler logic here
+ *     res.json({ success: true });
+ *   }
+ * );
+ * ```
+ */
+declare function withPermissionGuard<T extends any[]>(config: {
+    permission: Permission;
+    pageId?: UUID;
+}, handler: (...args: T) => Promise<any>): (...args: T) => Promise<any>;
+/**
+ * Access Level Guard for Server Handlers
+ *
+ * Wraps a server handler with access level checking.
+ *
+ * @param minLevel - Minimum access level required
+ * @param handler - Handler function to wrap
+ * @returns Wrapped handler function
+ *
+ * @example
+ * ```typescript
+ * const adminHandler = withAccessLevelGuard(
+ *   'admin',
+ *   async (req, res) => {
+ *     // Admin-only logic here
+ *     res.json({ success: true });
+ *   }
+ * );
+ * ```
+ */
+declare function withAccessLevelGuard<T extends any[]>(minLevel: 'viewer' | 'participant' | 'planner' | 'admin' | 'super', handler: (...args: T) => Promise<any>): (...args: T) => Promise<any>;
+/**
+ * Role Guard for Server Handlers
+ *
+ * Wraps a server handler with role-based access control.
+ * This is the primary middleware for routing protection as specified in the contract.
+ *
+ * @param config - Role guard configuration
+ * @param handler - Handler function to wrap
+ * @returns Wrapped handler function
+ *
+ * @example
+ * ```typescript
+ * const adminHandler = withRoleGuard(
+ *   {
+ *     globalRoles: ['super_admin'],
+ *     organisationRoles: ['org_admin', 'leader'],
+ *     eventAppRoles: ['event_admin', 'planner']
+ *   },
+ *   async (req, res) => {
+ *     // Admin-only logic here
+ *     res.json({ success: true });
+ *   }
+ * );
+ * ```
+ */
+declare function withRoleGuard<T extends any[]>(config: {
+    globalRoles?: string[];
+    organisationRoles?: string[];
+    eventAppRoles?: string[];
+    requireAll?: boolean;
+}, handler: (...args: T) => Promise<any>): (...args: T) => Promise<any>;
 /**
- * RoleBasedRouter - Centralized routing control with role-based protection
+ * Next.js Middleware for RBAC
  *
- * This component ensures that all routes are properly protected and provides
- * centralized routing control to prevent apps from bypassing route protection.
+ * Middleware that checks permissions before allowing access to pages.
  *
- * @param props - Router props
- * @returns React element with role-based routing
- */
-declare function RoleBasedRouter({ routes, fallbackRoute, children, strictMode, auditLog, onRouteAccess, onStrictModeViolation, maxHistorySize, unauthorizedComponent: UnauthorizedComponent }: RoleBasedRouterProps): react_jsx_runtime.JSX.Element;
-/**
- * Hook to use role-based router context
+ * @param config - Middleware configuration
+ * @returns Next.js middleware function
  *
- * @returns Role-based router context
- * @throws Error if used outside of RoleBasedRouter
+ * @example
+ * ```typescript
+ * // middleware.ts
+ * import { createRBACMiddleware } from '@jmruthers/pace-core/rbac';
+ *
+ * export default createRBACMiddleware({
+ *   protectedRoutes: [
+ *     { path: '/admin', permission: 'manage:admin' },
+ *     { path: '/events', permission: 'read:events' },
+ *   ],
+ *   fallbackUrl: '/access-denied',
+ * });
+ * ```
  */
-declare function useRoleBasedRouter(): RoleBasedRouterContextType;
-
-interface NavigationItem {
-    /** Unique identifier for the navigation item */
-    id: string;
-    /** Display label for the navigation item */
-    label: string;
-    /** Navigation path/URL */
-    path: string;
-    /** Permissions required for this navigation item */
-    permissions: Permission[];
-    /** Roles that can access this navigation item */
-    roles?: string[];
-    /** Minimum access level required */
-    accessLevel?: 'viewer' | 'participant' | 'planner' | 'admin' | 'super';
-    /** Page ID for permission checking */
-    pageId?: string;
-    /** Enable strict mode for this navigation item */
-    strictMode?: boolean;
-    /** Navigation item metadata */
-    meta?: {
-        icon?: string;
-        description?: string;
-        hidden?: boolean;
-        order?: number;
+declare function createRBACMiddleware(config: {
+    protectedRoutes: Array<{
+        path: string;
+        permission: Permission;
+        pageId?: UUID;
+    }>;
+    fallbackUrl?: string;
+}): (req: {
+    nextUrl: {
+        pathname: string;
     };
-}
-interface NavigationAccessRecord {
-    navigationItem: string;
-    permissions: Permission[];
-    userId: UUID;
-    scope: Scope;
-    allowed: boolean;
-    timestamp: string;
-    pageId?: string;
-    roles?: string[];
-    accessLevel?: string;
-}
-interface NavigationContextType {
-    /** Check if user has permission for a navigation item */
-    hasNavigationPermission: (item: NavigationItem) => boolean;
-    /** Get all navigation permissions for current user */
-    getNavigationPermissions: () => Record<string, string[]>;
-    /** Get filtered navigation items based on permissions */
-    getFilteredNavigationItems: (items: NavigationItem[]) => NavigationItem[];
-    /** Check if navigation permission checking is enabled */
-    isEnabled: boolean;
-    /** Check if strict mode is enabled */
-    isStrictMode: boolean;
-    /** Check if audit logging is enabled */
-    isAuditLogEnabled: boolean;
-    /** Get navigation access history */
-    getNavigationAccessHistory: () => NavigationAccessRecord[];
-    /** Clear navigation access history */
-    clearNavigationAccessHistory: () => void;
-}
-interface NavigationProviderProps {
-    /** Child components */
-    children: React__default.ReactNode;
-    /** Enable strict mode to prevent bypassing (default: true) */
-    strictMode?: boolean;
-    /** Enable audit logging (default: true) */
-    auditLog?: boolean;
-    /** Callback when navigation access is attempted */
-    onNavigationAccess?: (item: NavigationItem, allowed: boolean, record: NavigationAccessRecord) => void;
-    /** Callback when strict mode violation occurs */
-    onStrictModeViolation?: (item: NavigationItem, record: NavigationAccessRecord) => void;
-    /** Maximum number of access records to keep in history */
-    maxHistorySize?: number;
-}
+    user?: {
+        id: string;
+    };
+    organisationId?: string;
+}, res: {
+    redirect: (url: string) => void;
+}, next: () => void) => Promise<void>;
 /**
- * NavigationProvider - Manages navigation-level permissions across the app
+ * Express Middleware for RBAC
  *
- * This provider ensures that all navigation items are properly protected and provides
- * centralized navigation permission management with strict enforcement.
+ * Middleware that checks permissions for Express routes.
  *
- * @param props - Provider props
- * @returns React element with navigation permission context
- */
-declare function NavigationProvider({ children, strictMode, auditLog, onNavigationAccess, onStrictModeViolation, maxHistorySize }: NavigationProviderProps): react_jsx_runtime.JSX.Element;
-/**
- * Hook to use navigation permission context
+ * @param config - Middleware configuration
+ * @returns Express middleware function
  *
- * @returns Navigation permission context
- * @throws Error if used outside of NavigationProvider
+ * @example
+ * ```typescript
+ * import { createRBACExpressMiddleware } from '@jmruthers/pace-core/rbac';
+ *
+ * app.use(createRBACExpressMiddleware({
+ *   permission: 'read:api',
+ *   pageId: 'api-page-123',
+ * }));
+ * ```
  */
-declare function useNavigationPermissions(): NavigationContextType;
-
-interface NavigationGuardProps {
-    /** Navigation item being protected */
-    navigationItem: NavigationItem;
-    /** Content to render when user has permission */
-    children: React__default.ReactNode;
-    /** Content to render when user lacks permission */
-    fallback?: React__default.ReactNode;
-    /** Enable strict mode to prevent bypassing (default: true) */
-    strictMode?: boolean;
-    /** Force audit logging for this navigation access (default: true) */
-    auditLog?: boolean;
-    /** Custom scope for permission checking */
-    scope?: Scope;
-    /** Callback when access is denied */
-    onDenied?: (item: NavigationItem) => void;
-    /** Loading state content */
-    loading?: React__default.ReactNode;
-    /** Require all permissions (AND) or any permission (OR) */
-    requireAll?: boolean;
-}
+declare function createRBACExpressMiddleware(config: {
+    permission: Permission;
+    pageId?: UUID;
+}): (req: {
+    user?: {
+        id: string;
+    };
+    organisationId?: string;
+    eventId?: string;
+    appId?: string;
+}, res: {
+    status: (code: number) => {
+        json: (data: object) => void;
+    };
+}, next: () => void) => Promise<void>;
 /**
- * NavigationGuard - Enforces navigation-level permissions
- *
- * This component ensures that users can only access navigation items they have permission for.
- * It integrates with the existing RBAC system and provides strict enforcement to
- * prevent apps from bypassing navigation permission checks.
+ * Check if a user has a permission (synchronous cache check only)
  *
- * @param props - Component props
- * @returns React element with navigation permission enforcement
+ * @param userId - User ID
+ * @param scope - Permission scope
+ * @param permission - Permission to check
+ * @param pageId - Optional page ID
+ * @returns True if permission is cached and granted
  */
-declare function NavigationGuard({ navigationItem, children, fallback, strictMode, auditLog, scope, onDenied, loading, requireAll }: NavigationGuardProps): react_jsx_runtime.JSX.Element;
-
-interface EnhancedNavigationMenuProps {
-    /** Navigation items to display */
-    items: NavigationItem[];
-    /** Enable strict mode to prevent bypassing (default: true) */
-    strictMode?: boolean;
-    /** Enable audit logging (default: true) */
-    auditLog?: boolean;
-    /** Callback when navigation access is attempted */
-    onNavigationAccess?: (item: NavigationItem, allowed: boolean) => void;
-    /** Callback when strict mode violation occurs */
-    onStrictModeViolation?: (item: NavigationItem) => void;
-    /** Custom className for the navigation menu */
-    className?: string;
-    /** Custom className for navigation items */
-    itemClassName?: string;
-    /** Custom className for active navigation items */
-    activeItemClassName?: string;
-    /** Custom className for disabled navigation items */
-    disabledItemClassName?: string;
-    /** Show/hide navigation items that user doesn't have permission for */
-    hideUnauthorizedItems?: boolean;
-    /** Custom render function for navigation items */
-    renderItem?: (item: NavigationItem, isAuthorized: boolean) => React__default.ReactNode;
-    /** Current active path for highlighting */
-    activePath?: string;
-    /** Navigation item click handler */
-    onItemClick?: (item: NavigationItem) => void;
-}
+declare function hasPermissionCached(userId: UUID, scope: {
+    organisationId: UUID;
+    eventId?: string;
+    appId?: UUID;
+}, _permission: Permission, _pageId?: UUID): boolean;
 /**
- * EnhancedNavigationMenu - Secure navigation menu with RBAC integration
- *
- * This component provides a navigation menu that automatically filters items based on
- * user permissions and enforces strict security controls.
+ * Check if a user has any of the specified permissions (synchronous cache check only)
  *
- * @param props - Component props
- * @returns React element with enhanced navigation menu
+ * @param userId - User ID
+ * @param scope - Permission scope
+ * @param permissions - Array of permissions to check
+ * @param pageId - Optional page ID
+ * @returns True if any permission is cached and granted
  */
-declare function EnhancedNavigationMenu({ items, strictMode, auditLog, onNavigationAccess, onStrictModeViolation, className, itemClassName, activeItemClassName, disabledItemClassName, hideUnauthorizedItems, renderItem, activePath, onItemClick }: EnhancedNavigationMenuProps): react_jsx_runtime.JSX.Element;
+declare function hasAnyPermissionCached(userId: UUID, scope: {
+    organisationId: UUID;
+    eventId?: string;
+    appId?: UUID;
+}, permissions: Permission[], pageId?: UUID): boolean;
 
 /**
  * RBAC Main API Functions
@@ -1861,4 +1986,4 @@ declare const ALL_PERMISSIONS: {
 };
 type AllPermissions = typeof ALL_PERMISSIONS;
 
-export { ALL_PERMISSIONS, type AccessLevel, AccessLevelGuard, type AllPermissions, CACHE_PATTERNS, type DataAccessRecord, EVENT_APP_PERMISSIONS, EnhancedNavigationMenu, type EnhancedNavigationMenuProps, type EventAppRole, GLOBAL_PERMISSIONS, type GlobalRole, InvalidScopeError, type LogLevel, MissingUserContextError, type NavigationAccessRecord, type NavigationContextType, NavigationGuard, type NavigationGuardProps, type NavigationItem, NavigationProvider, type NavigationProviderProps, ORGANISATION_PERMISSIONS, type Operation, OrganisationContextRequiredError, type OrganisationRole, PAGE_PERMISSIONS, PERMISSION_GROUPS, type PageAccessRecord, type PagePermissionContextType, PagePermissionGuard, type PagePermissionGuardProps, PagePermissionProvider, type PagePermissionProviderProps, type Permission, type PermissionCheck, PermissionDeniedError, PermissionEnforcer, type PermissionEnforcerProps, PermissionGuard, type PermissionMap, RBACAuditManager, RBACCache, type RBACConfig, RBACEngine, RBACError, type RBACLogger, RBACNotInitializedError, RoleBasedRouter, type RoleBasedRouterContextType, type RoleBasedRouterProps, type RouteAccessRecord, type RouteConfig, type Scope, type SecureDataContextType, SecureDataProvider, type SecureDataProviderProps, SecureSupabaseClient, type UUID, createAuditManager, createRBACConfig, createRBACEngine, createRBACExpressMiddleware, createRBACMiddleware, createSecureClient, emitAuditEvent, fromSupabaseClient, getAccessLevel, getGlobalAuditManager, getPermissionMap, getPermissionsForRole, getRBACConfig, getRBACLogger, hasAllPermissions, hasAnyPermission, hasAnyPermissionCached, hasPermission, hasPermissionCached, isDebugMode, isDevelopmentMode, isPermitted, isPermittedCached, isValidPermission, rbacCache, setGlobalAuditManager, setupRBAC, useAccessLevel, useCachedPermissions, useCan, useHasAllPermissions, useHasAnyPermission, useMultiplePermissions, useNavigationPermissions, usePagePermissions, usePermissions, useRoleBasedRouter, useSecureData, withAccessLevelGuard, withPermissionGuard, withRoleGuard };
+export { ALL_PERMISSIONS, type AccessLevel, AccessLevelGuard, type AllPermissions, CACHE_PATTERNS, type DataAccessRecord, EVENT_APP_PERMISSIONS, EnhancedNavigationMenu, type EnhancedNavigationMenuProps, type EventAppRole, GLOBAL_PERMISSIONS, type GlobalRole, InvalidScopeError, type LogLevel, MissingUserContextError, type NavigationAccessRecord, type NavigationContextType, NavigationGuard, type NavigationGuardProps, type NavigationItem, NavigationProvider, type NavigationProviderProps, ORGANISATION_PERMISSIONS, type Operation, OrganisationContextRequiredError, type OrganisationRole, PAGE_PERMISSIONS, PERMISSION_GROUPS, type PageAccessRecord, type PagePermissionContextType, PagePermissionGuard, type PagePermissionGuardProps, PagePermissionProvider, type PagePermissionProviderProps, type Permission, type PermissionCheck, PermissionDeniedError, PermissionEnforcer, type PermissionEnforcerProps, PermissionGuard, type PermissionMap, RBACAuditManager, RBACCache, type RBACConfig, RBACEngine, RBACError, type RBACLogger, RBACNotInitializedError, RoleBasedRouter, type RoleBasedRouterContextType, type RoleBasedRouterProps, type RouteAccessRecord, type RouteConfig, type Scope, type SecureDataContextType, SecureDataProvider, type SecureDataProviderProps, SecureSupabaseClient, type UUID, createAuditManager, createRBACConfig, createRBACEngine, createRBACExpressMiddleware, createRBACMiddleware, createSecureClient, emitAuditEvent, fromSupabaseClient, getAccessLevel, getGlobalAuditManager, getPermissionMap, getPermissionsForRole, getRBACConfig, getRBACLogger, hasAllPermissions, hasAnyPermission, hasAnyPermissionCached, hasPermission, hasPermissionCached, isDebugMode, isDevelopmentMode, isPermitted, isPermittedCached, isValidPermission, rbacCache, setGlobalAuditManager, setupRBAC, useAccessLevel, useCachedPermissions, useCan, useHasAllPermissions, useHasAnyPermission, useMultiplePermissions, useNavigationPermissions, usePagePermissions, usePermissions, useRBAC, useRoleBasedRouter, useSecureData, withAccessLevelGuard, withPermissionGuard, withRoleGuard };