npm - @jmruthers/pace-core - Versions diffs - 0.5.1 → 0.5.3 - Mend

@jmruthers/pace-core 0.5.1 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (206) hide show

package/dist/{DataTable-GX3XERFJ.js → DataTable-ZQDRE46Q.js} +7 -6
package/dist/{PublicLoadingSpinner-DztrzuJr.d.ts → PublicLoadingSpinner-Bq_-BeK-.d.ts} +1 -1
package/dist/RBACProvider-BO4ilsQB.d.ts +63 -0
package/dist/{UnifiedAuthProvider-w66zSCUf.d.ts → UnifiedAuthProvider-DGQsy-vY.d.ts} +2 -59
package/dist/{api-ETQ6YJ3C.js → api-H5A3H4IR.js} +2 -2
package/dist/{chunk-T3XIA4AJ.js → chunk-5H3C2SWM.js} +14 -16
package/dist/chunk-5H3C2SWM.js.map +1 -0
package/dist/chunk-5SIXIV7R.js +1925 -0
package/dist/chunk-5SIXIV7R.js.map +1 -0
package/dist/chunk-GNTALZV3.js +17 -0
package/dist/chunk-GNTALZV3.js.map +1 -0
package/dist/{chunk-C5G2A4PO.js → chunk-GWSBHC4J.js} +6 -6
package/dist/{chunk-XJK2J4N6.js → chunk-HD7PYDUV.js} +4 -6
package/dist/{chunk-XJK2J4N6.js.map → chunk-HD7PYDUV.js.map} +1 -1
package/dist/{chunk-TGDCLPP2.js → chunk-HXX35Q2M.js} +6 -21
package/dist/chunk-HXX35Q2M.js.map +1 -0
package/dist/{chunk-5EL3KHOQ.js → chunk-K6B7BLSE.js} +2 -2
package/dist/{chunk-GSNM5D6H.js → chunk-M4RW7PIP.js} +4 -4
package/dist/{chunk-U6JDHVC2.js → chunk-PVMYVQSM.js} +6 -8
package/dist/{chunk-U6JDHVC2.js.map → chunk-PVMYVQSM.js.map} +1 -1
package/dist/{chunk-6CR3MRZN.js → chunk-QKHFMQ5R.js} +372 -11
package/dist/{chunk-6CR3MRZN.js.map → chunk-QKHFMQ5R.js.map} +1 -1
package/dist/chunk-QVYBYGT2.js +428 -0
package/dist/chunk-QVYBYGT2.js.map +1 -0
package/dist/{chunk-OEGRKULD.js → chunk-WJARTBCT.js} +56 -1
package/dist/chunk-WJARTBCT.js.map +1 -0
package/dist/components.d.ts +4 -3
package/dist/components.js +16 -162
package/dist/components.js.map +1 -1
package/dist/hooks.d.ts +2 -2
package/dist/hooks.js +7 -9
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +8 -6
package/dist/index.js +152 -17
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +3 -2
package/dist/providers.js +6 -12
package/dist/rbac/index.d.ts +167 -98
package/dist/rbac/index.js +48 -1881
package/dist/rbac/index.js.map +1 -1
package/dist/styles/core.css +0 -58
package/dist/types.d.ts +2 -2
package/dist/{unified-CM7T0aTK.d.ts → unified-CMPjE_fv.d.ts} +1 -1
package/dist/{usePublicRouteParams-B6i0KtXW.d.ts → usePublicRouteParams-B2OcAsur.d.ts} +1 -1
package/dist/utils.js +12 -14
package/dist/utils.js.map +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +73 -0
package/docs/api/classes/MissingUserContextError.md +66 -0
package/docs/api/classes/OrganisationContextRequiredError.md +66 -0
package/docs/api/classes/PermissionDeniedError.md +73 -0
package/docs/api/classes/PublicErrorBoundary.md +1 -1
package/docs/api/classes/RBACAuditManager.md +270 -0
package/docs/api/classes/RBACCache.md +284 -0
package/docs/api/classes/RBACEngine.md +141 -0
package/docs/api/classes/RBACError.md +76 -0
package/docs/api/classes/RBACNotInitializedError.md +66 -0
package/docs/api/classes/SecureSupabaseClient.md +135 -0
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +96 -0
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +235 -0
package/docs/api/interfaces/EventContextType.md +1 -1
package/docs/api/interfaces/EventLogoProps.md +1 -1
package/docs/api/interfaces/EventProviderProps.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadProps.md +1 -1
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +107 -0
package/docs/api/interfaces/NavigationContextType.md +164 -0
package/docs/api/interfaces/NavigationGuardProps.md +139 -0
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +117 -0
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +2 -2
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +85 -0
package/docs/api/interfaces/PagePermissionContextType.md +140 -0
package/docs/api/interfaces/PagePermissionGuardProps.md +153 -0
package/docs/api/interfaces/PagePermissionProviderProps.md +119 -0
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +153 -0
package/docs/api/interfaces/PublicErrorBoundaryProps.md +1 -1
package/docs/api/interfaces/PublicErrorBoundaryState.md +1 -1
package/docs/api/interfaces/PublicLoadingSpinnerProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/RBACConfig.md +99 -0
package/docs/api/interfaces/RBACContextType.md +474 -0
package/docs/api/interfaces/RBACLogger.md +112 -0
package/docs/api/interfaces/RBACProviderProps.md +107 -0
package/docs/api/interfaces/RoleBasedRouterContextType.md +151 -0
package/docs/api/interfaces/RoleBasedRouterProps.md +156 -0
package/docs/api/interfaces/RouteAccessRecord.md +107 -0
package/docs/api/interfaces/RouteConfig.md +121 -0
package/docs/api/interfaces/SecureDataContextType.md +168 -0
package/docs/api/interfaces/SecureDataProviderProps.md +132 -0
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +85 -85
package/docs/api/interfaces/UnifiedAuthProviderProps.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +11 -11
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +2244 -3
package/docs/migration-guide.md +43 -18
package/docs/styles/README.md +187 -98
package/docs/usage.md +32 -7
package/package.json +2 -2
package/src/components/Footer/Footer.test.tsx +482 -0
package/src/components/Form/Form.test.tsx +1158 -0
package/src/components/Header/Header.test.tsx +582 -0
package/src/components/Header/Header.tsx +1 -1
package/src/components/InactivityWarningModal/InactivityWarningModal.test.tsx +489 -0
package/src/components/Input/Input.test.tsx +466 -0
package/src/components/LoadingSpinner/LoadingSpinner.test.tsx +450 -0
package/src/components/LoginForm/LoginForm.test.tsx +816 -0
package/src/components/NavigationMenu/NavigationMenu.test.tsx +883 -0
package/src/components/OrganisationSelector/OrganisationSelector.test.tsx +748 -0
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +891 -0
package/src/components/PaceLoginPage/PaceLoginPage.test.tsx +475 -0
package/src/components/PasswordReset/PasswordChangeForm.test.tsx +621 -0
package/src/components/PasswordReset/PasswordResetForm.test.tsx +605 -0
package/src/components/Select/Select.test.tsx +948 -0
package/src/components/SuperAdminGuard.tsx +1 -1
package/src/components/Toast/Toast.test.tsx +586 -0
package/src/components/Tooltip/Tooltip.test.tsx +852 -0
package/src/components/UserMenu/UserMenu.test.tsx +702 -0
package/src/components/UserMenu/UserMenu.tsx +2 -2
package/src/hooks/useDebounce.test.ts +375 -0
package/src/hooks/useOrganisationPermissions.test.ts +528 -0
package/src/hooks/useOrganisationSecurity.test.ts +734 -0
package/src/hooks/usePermissionCache.test.ts +542 -0
package/src/hooks/usePermissionCache.ts +1 -1
package/src/index.ts +2 -3
package/src/providers/UnifiedAuthProvider.tsx +2 -2
package/src/providers/index.ts +3 -1
package/src/rbac/__tests__/integration.test.tsx +218 -0
package/src/rbac/api.test.ts +441 -0
package/src/rbac/hooks/index.ts +21 -0
package/src/rbac/hooks/useCan.test.ts +461 -0
package/src/rbac/hooks/usePermissions.test.ts +359 -0
package/src/rbac/hooks/usePermissions.ts +567 -0
package/src/rbac/hooks/useRBAC.simple.test.ts +90 -0
package/src/rbac/hooks/useRBAC.test.ts +503 -0
package/src/{hooks → rbac/hooks}/useRBAC.ts +7 -7
package/src/rbac/index.ts +5 -10
package/src/{providers → rbac/providers}/RBACProvider.tsx +6 -6
package/src/rbac/providers/__tests__/RBACProvider.test.tsx +687 -0
package/src/rbac/providers/index.ts +11 -0
package/src/styles/core.css +0 -58
package/src/utils/formatDate.test.ts +241 -0
package/dist/chunk-AUE24LVR.js +0 -268
package/dist/chunk-AUE24LVR.js.map +0 -1
package/dist/chunk-COBPIXXQ.js +0 -379
package/dist/chunk-COBPIXXQ.js.map +0 -1
package/dist/chunk-OEGRKULD.js.map +0 -1
package/dist/chunk-OYRY44Q2.js +0 -62
package/dist/chunk-OYRY44Q2.js.map +0 -1
package/dist/chunk-T3XIA4AJ.js.map +0 -1
package/dist/chunk-TGDCLPP2.js.map +0 -1
package/src/components/RBAC/PagePermissionGuard.tsx +0 -287
package/src/components/RBAC/RBACGuard.tsx +0 -143
package/src/components/RBAC/RBACProvider.tsx +0 -186
package/src/components/RBAC/RoleBasedContent.tsx +0 -129
package/src/components/RBAC/index.ts +0 -23
package/src/rbac/hooks.ts +0 -570
/package/dist/{DataTable-GX3XERFJ.js.map → DataTable-ZQDRE46Q.js.map} +0 -0
/package/dist/{api-ETQ6YJ3C.js.map → api-H5A3H4IR.js.map} +0 -0
/package/dist/{chunk-C5G2A4PO.js.map → chunk-GWSBHC4J.js.map} +0 -0
/package/dist/{chunk-5EL3KHOQ.js.map → chunk-K6B7BLSE.js.map} +0 -0
/package/dist/{chunk-GSNM5D6H.js.map → chunk-M4RW7PIP.js.map} +0 -0

package/docs/api/modules.md CHANGED Viewed

@@ -1,6 +1,6 @@
-[@jmruthers/pace-core - v0.5.1](README.md) / Exports
+[@jmruthers/pace-core - v0.5.3](README.md) / Exports
-# @jmruthers/pace-core - v0.5.1
+# @jmruthers/pace-core - v0.5.3
 **`File`**
@@ -33,6 +33,16 @@ import { Dialog, NavigationMenu } from '@jmruthers/pace-core/components';
 - [ErrorBoundary](classes/ErrorBoundary.md)
 - [PublicErrorBoundary](classes/PublicErrorBoundary.md)
+- [RBACAuditManager](classes/RBACAuditManager.md)
+- [RBACCache](classes/RBACCache.md)
+- [RBACEngine](classes/RBACEngine.md)
+- [SecureSupabaseClient](classes/SecureSupabaseClient.md)
+- [RBACError](classes/RBACError.md)
+- [PermissionDeniedError](classes/PermissionDeniedError.md)
+- [OrganisationContextRequiredError](classes/OrganisationContextRequiredError.md)
+- [RBACNotInitializedError](classes/RBACNotInitializedError.md)
+- [InvalidScopeError](classes/InvalidScopeError.md)
+- [MissingUserContextError](classes/MissingUserContextError.md)
 ### Interfaces
@@ -73,9 +83,30 @@ import { Dialog, NavigationMenu } from '@jmruthers/pace-core/components';
 - [UseInactivityTrackerReturn](interfaces/UseInactivityTrackerReturn.md)
 - [EventContextType](interfaces/EventContextType.md)
 - [EventProviderProps](interfaces/EventProviderProps.md)
-- [UserEventAccess](interfaces/UserEventAccess.md)
 - [UnifiedAuthContextType](interfaces/UnifiedAuthContextType.md)
 - [UnifiedAuthProviderProps](interfaces/UnifiedAuthProviderProps.md)
+- [EnhancedNavigationMenuProps](interfaces/EnhancedNavigationMenuProps.md)
+- [NavigationGuardProps](interfaces/NavigationGuardProps.md)
+- [NavigationAccessRecord](interfaces/NavigationAccessRecord.md)
+- [NavigationContextType](interfaces/NavigationContextType.md)
+- [NavigationProviderProps](interfaces/NavigationProviderProps.md)
+- [PagePermissionGuardProps](interfaces/PagePermissionGuardProps.md)
+- [PagePermissionContextType](interfaces/PagePermissionContextType.md)
+- [PageAccessRecord](interfaces/PageAccessRecord.md)
+- [PagePermissionProviderProps](interfaces/PagePermissionProviderProps.md)
+- [PermissionEnforcerProps](interfaces/PermissionEnforcerProps.md)
+- [RouteConfig](interfaces/RouteConfig.md)
+- [RouteAccessRecord](interfaces/RouteAccessRecord.md)
+- [RoleBasedRouterContextType](interfaces/RoleBasedRouterContextType.md)
+- [RoleBasedRouterProps](interfaces/RoleBasedRouterProps.md)
+- [DataAccessRecord](interfaces/DataAccessRecord.md)
+- [SecureDataContextType](interfaces/SecureDataContextType.md)
+- [SecureDataProviderProps](interfaces/SecureDataProviderProps.md)
+- [RBACConfig](interfaces/RBACConfig.md)
+- [RBACLogger](interfaces/RBACLogger.md)
+- [UserEventAccess](interfaces/UserEventAccess.md)
+- [RBACContextType](interfaces/RBACContextType.md)
+- [RBACProviderProps](interfaces/RBACProviderProps.md)
 - [StyleImport](interfaces/StyleImport.md)
 - [ColorShade](interfaces/ColorShade.md)
 - [ColorPalette](interfaces/ColorPalette.md)
@@ -100,9 +131,29 @@ import { Dialog, NavigationMenu } from '@jmruthers/pace-core/components';
 - [DataRecord](modules.md#datarecord)
 - [GetRowId](modules.md#getrowid)
+- [LogLevel](modules.md#loglevel)
+- [AllPermissions](modules.md#allpermissions)
+- [UUID](modules.md#uuid)
+- [Operation](modules.md#operation)
+- [Permission](modules.md#permission)
+- [AccessLevel](modules.md#accesslevel)
+- [Scope](modules.md#scope)
+- [PermissionCheck](modules.md#permissioncheck)
+- [PermissionMap](modules.md#permissionmap)
+- [GlobalRole](modules.md#globalrole)
+- [OrganisationRole](modules.md#organisationrole)
+- [EventAppRole](modules.md#eventapprole)
 ### Variables
+- [rbacCache](modules.md#rbaccache)
+- [CACHE\_PATTERNS](modules.md#cache_patterns)
+- [GLOBAL\_PERMISSIONS](modules.md#global_permissions)
+- [ORGANISATION\_PERMISSIONS](modules.md#organisation_permissions)
+- [EVENT\_APP\_PERMISSIONS](modules.md#event_app_permissions)
+- [PAGE\_PERMISSIONS](modules.md#page_permissions)
+- [PERMISSION\_GROUPS](modules.md#permission_groups)
+- [ALL\_PERMISSIONS](modules.md#all_permissions)
 - [styleConfig](modules.md#styleconfig)
 - [FILE\_SIZE\_LIMITS](modules.md#file_size_limits)
 - [DEFAULT\_FILE\_SIZE\_LIMIT](modules.md#default_file_size_limit)
@@ -226,6 +277,59 @@ import { Dialog, NavigationMenu } from '@jmruthers/pace-core/components';
 - [useOrganisations](modules.md#useorganisations)
 - [useUnifiedAuth](modules.md#useunifiedauth)
 - [UnifiedAuthProvider](modules.md#unifiedauthprovider)
+- [PermissionGuard](modules.md#permissionguard)
+- [AccessLevelGuard](modules.md#accesslevelguard)
+- [withPermissionGuard](modules.md#withpermissionguard)
+- [withAccessLevelGuard](modules.md#withaccesslevelguard)
+- [withRoleGuard](modules.md#withroleguard)
+- [createRBACMiddleware](modules.md#createrbacmiddleware)
+- [createRBACExpressMiddleware](modules.md#createrbacexpressmiddleware)
+- [hasPermissionCached](modules.md#haspermissioncached)
+- [hasAnyPermissionCached](modules.md#hasanypermissioncached)
+- [setupRBAC](modules.md#setuprbac)
+- [getAccessLevel](modules.md#getaccesslevel)
+- [getPermissionMap](modules.md#getpermissionmap)
+- [isPermitted](modules.md#ispermitted)
+- [isPermittedCached](modules.md#ispermittedcached)
+- [hasPermission](modules.md#haspermission)
+- [hasAnyPermission](modules.md#hasanypermission)
+- [hasAllPermissions](modules.md#hasallpermissions)
+- [createAuditManager](modules.md#createauditmanager)
+- [setGlobalAuditManager](modules.md#setglobalauditmanager)
+- [getGlobalAuditManager](modules.md#getglobalauditmanager)
+- [emitAuditEvent](modules.md#emitauditevent)
+- [EnhancedNavigationMenu](modules.md#enhancednavigationmenu)
+- [NavigationGuard](modules.md#navigationguard)
+- [NavigationProvider](modules.md#navigationprovider)
+- [useNavigationPermissions](modules.md#usenavigationpermissions)
+- [PagePermissionGuard](modules.md#pagepermissionguard)
+- [PagePermissionProvider](modules.md#pagepermissionprovider)
+- [usePagePermissions](modules.md#usepagepermissions)
+- [PermissionEnforcer](modules.md#permissionenforcer)
+- [RoleBasedRouter](modules.md#rolebasedrouter)
+- [useRoleBasedRouter](modules.md#userolebasedrouter)
+- [SecureDataProvider](modules.md#securedataprovider)
+- [useSecureData](modules.md#usesecuredata)
+- [createRBACConfig](modules.md#createrbacconfig)
+- [getRBACConfig](modules.md#getrbacconfig)
+- [getRBACLogger](modules.md#getrbaclogger)
+- [isDebugMode](modules.md#isdebugmode)
+- [isDevelopmentMode](modules.md#isdevelopmentmode)
+- [createRBACEngine](modules.md#createrbacengine)
+- [usePermissions](modules.md#usepermissions)
+- [useCan](modules.md#usecan)
+- [useAccessLevel](modules.md#useaccesslevel)
+- [useMultiplePermissions](modules.md#usemultiplepermissions)
+- [useHasAnyPermission](modules.md#usehasanypermission)
+- [useHasAllPermissions](modules.md#usehasallpermissions)
+- [useCachedPermissions](modules.md#usecachedpermissions)
+- [useRBAC](modules.md#userbac)
+- [isValidPermission](modules.md#isvalidpermission)
+- [getPermissionsForRole](modules.md#getpermissionsforrole)
+- [useRBACProvider](modules.md#userbacprovider)
+- [RBACProvider](modules.md#rbacprovider)
+- [createSecureClient](modules.md#createsecureclient)
+- [fromSupabaseClient](modules.md#fromsupabaseclient)
 - [getStylePath](modules.md#getstylepath)
 - [getAllStylePaths](modules.md#getallstylepaths)
 - [applyPalette](modules.md#applypalette)
@@ -297,8 +401,402 @@ Row identifier function type
 [packages/core/src/components/DataTable/types.ts:32](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/components/DataTable/types.ts#L32)
+___
+### LogLevel
+Ƭ **LogLevel**: ``"error"`` \| ``"warn"`` \| ``"info"`` \| ``"debug"``
+#### Defined in
+[packages/core/src/rbac/config.ts:13](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/config.ts#L13)
+___
+### AllPermissions
+Ƭ **AllPermissions**: typeof [`ALL_PERMISSIONS`](modules.md#all_permissions)
+#### Defined in
+[packages/core/src/rbac/permissions.ts:293](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/permissions.ts#L293)
+___
+### UUID
+Ƭ **UUID**: `string`
+#### Defined in
+[packages/core/src/rbac/types.ts:17](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L17)
+___
+### Operation
+Ƭ **Operation**: ``"read"`` \| ``"create"`` \| ``"update"`` \| ``"delete"`` \| ``"manage"``
+#### Defined in
+[packages/core/src/rbac/types.ts:19](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L19)
+___
+### Permission
+Ƭ **Permission**: \`$\{Operation}:$\{string}\`
+#### Defined in
+[packages/core/src/rbac/types.ts:21](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L21)
+___
+### AccessLevel
+Ƭ **AccessLevel**: ``"viewer"`` \| ``"participant"`` \| ``"planner"`` \| ``"admin"`` \| ``"super"``
+#### Defined in
+[packages/core/src/rbac/types.ts:23](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L23)
+___
+### Scope
+Ƭ **Scope**: `Object`
+#### Type declaration
+| Name | Type |
+| :------ | :------ |
+| `organisationId?` | [`UUID`](modules.md#uuid) |
+| `eventId?` | `string` |
+| `appId?` | [`UUID`](modules.md#uuid) |
+#### Defined in
+[packages/core/src/rbac/types.ts:30](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L30)
+___
+### PermissionCheck
+Ƭ **PermissionCheck**: `Object`
+#### Type declaration
+| Name | Type |
+| :------ | :------ |
+| `userId` | [`UUID`](modules.md#uuid) |
+| `scope` | [`Scope`](modules.md#scope) |
+| `permission` | [`Permission`](modules.md#permission) |
+| `pageId?` | [`UUID`](modules.md#uuid) \| `string` |
+#### Defined in
+[packages/core/src/rbac/types.ts:36](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L36)
+___
+### PermissionMap
+Ƭ **PermissionMap**: `Record`\<`string`, [`Operation`](modules.md#operation)[]\>
+#### Defined in
+[packages/core/src/rbac/types.ts:43](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L43)
+___
+### GlobalRole
+Ƭ **GlobalRole**: ``"super_admin"``
+#### Defined in
+[packages/core/src/rbac/types.ts:49](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L49)
+___
+### OrganisationRole
+Ƭ **OrganisationRole**: ``"supporter"`` \| ``"member"`` \| ``"leader"`` \| ``"org_admin"``
+#### Defined in
+[packages/core/src/rbac/types.ts:51](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L51)
+___
+### EventAppRole
+Ƭ **EventAppRole**: ``"viewer"`` \| ``"participant"`` \| ``"planner"`` \| ``"event_admin"``
+#### Defined in
+[packages/core/src/rbac/types.ts:53](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L53)
 ## Variables
+### rbacCache
+• `Const` **rbacCache**: [`RBACCache`](classes/RBACCache.md)
+Global cache instance
+This is the default cache instance used by the RBAC system.
+You can create additional instances if needed for different contexts.
+#### Defined in
+[packages/core/src/rbac/cache.ts:204](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/cache.ts#L204)
+___
+### CACHE\_PATTERNS
+• `Const` **CACHE\_PATTERNS**: `Object`
+Cache key patterns for invalidation
+#### Type declaration
+| Name | Type |
+| :------ | :------ |
+| `USER` | (`userId`: `string`) => `string` |
+| `ORGANISATION` | (`organisationId`: `string`) => `string` |
+| `EVENT` | (`eventId`: `string`) => `string` |
+| `APP` | (`appId`: `string`) => `string` |
+| `PERMISSION` | (`userId`: `string`, `organisationId`: `string`) => `string` |
+#### Defined in
+[packages/core/src/rbac/cache.ts:209](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/cache.ts#L209)
+___
+### GLOBAL\_PERMISSIONS
+• `Const` **GLOBAL\_PERMISSIONS**: `Object`
+#### Type declaration
+| Name | Type |
+| :------ | :------ |
+| `MANAGE_ALL` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_ALL` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_ALL` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_ALL` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_ALL` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+#### Defined in
+[packages/core/src/rbac/permissions.ts:17](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/permissions.ts#L17)
+___
+### ORGANISATION\_PERMISSIONS
+• `Const` **ORGANISATION\_PERMISSIONS**: `Object`
+#### Type declaration
+| Name | Type |
+| :------ | :------ |
+| `MANAGE_ORGANISATION` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_ORGANISATION` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_ORGANISATION` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_USERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_USERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_USERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_USERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_USERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_ROLES` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_ROLES` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_ROLES` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_ROLES` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_ROLES` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_EVENTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_EVENTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_EVENTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_EVENTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_EVENTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_APPS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_APPS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_APPS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_APPS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_APPS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+#### Defined in
+[packages/core/src/rbac/permissions.ts:29](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/permissions.ts#L29)
+___
+### EVENT\_APP\_PERMISSIONS
+• `Const` **EVENT\_APP\_PERMISSIONS**: `Object`
+#### Type declaration
+| Name | Type |
+| :------ | :------ |
+| `MANAGE_EVENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_EVENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_EVENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_APP` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_APP` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_APP` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_TEAM` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_TEAM` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_TEAM` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_TEAM` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_TEAM` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_TEAM_MEMBERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_TEAM_MEMBERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_TEAM_MEMBERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_TEAM_MEMBERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_TEAM_MEMBERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_EVENT_CONTENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_EVENT_CONTENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_EVENT_CONTENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_EVENT_CONTENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_EVENT_CONTENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_EVENT_SETTINGS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_EVENT_SETTINGS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_EVENT_SETTINGS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+#### Defined in
+[packages/core/src/rbac/permissions.ts:68](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/permissions.ts#L68)
+___
+### PAGE\_PERMISSIONS
+• `Const` **PAGE\_PERMISSIONS**: `Object`
+#### Type declaration
+| Name | Type |
+| :------ | :------ |
+| `READ_PAGE` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_PAGE` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_ADMIN` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_ADMIN` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_DASHBOARD` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_DASHBOARD` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_SETTINGS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_SETTINGS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_REPORTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_REPORTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+#### Defined in
+[packages/core/src/rbac/permissions.ts:110](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/permissions.ts#L110)
+___
+### PERMISSION\_GROUPS
+• `Const` **PERMISSION\_GROUPS**: `Object`
+#### Type declaration
+| Name | Type |
+| :------ | :------ |
+| `GLOBAL_ADMIN` | readonly [\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`] |
+| `ORG_ADMIN` | readonly [\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`] |
+| `EVENT_ADMIN` | readonly [\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`] |
+| `PLANNER` | readonly [\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`] |
+| `PARTICIPANT` | readonly [\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`] |
+| `VIEWER` | readonly [\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`, \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`] |
+#### Defined in
+[packages/core/src/rbac/permissions.ts:136](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/permissions.ts#L136)
+___
+### ALL\_PERMISSIONS
+• `Const` **ALL\_PERMISSIONS**: `Object`
+#### Type declaration
+| Name | Type |
+| :------ | :------ |
+| `MANAGE_ALL` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_ALL` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_ALL` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_ALL` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_ALL` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_ORGANISATION` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_ORGANISATION` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_ORGANISATION` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_USERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_USERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_USERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_USERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_USERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_ROLES` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_ROLES` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_ROLES` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_ROLES` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_ROLES` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_EVENTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_EVENTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_EVENTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_EVENTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_EVENTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_APPS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_APPS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_APPS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_APPS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_APPS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_EVENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_EVENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_EVENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_APP` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_APP` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_APP` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_TEAM` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_TEAM` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_TEAM` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_TEAM` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_TEAM` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_TEAM_MEMBERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_TEAM_MEMBERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_TEAM_MEMBERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_TEAM_MEMBERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_TEAM_MEMBERS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_EVENT_CONTENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_EVENT_CONTENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `CREATE_EVENT_CONTENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_EVENT_CONTENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `DELETE_EVENT_CONTENT` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_EVENT_SETTINGS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_EVENT_SETTINGS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `UPDATE_EVENT_SETTINGS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_PAGE` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_PAGE` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_ADMIN` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_ADMIN` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_DASHBOARD` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_DASHBOARD` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_SETTINGS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_SETTINGS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `READ_REPORTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+| `MANAGE_REPORTS` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` |
+#### Defined in
+[packages/core/src/rbac/permissions.ts:286](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/permissions.ts#L286)
+___
 ### styleConfig
 • `Const` **styleConfig**: `Object`
@@ -3626,6 +4124,1749 @@ ___
 ___
+### PermissionGuard
+▸ **PermissionGuard**(`«destructured»`): `React.ReactNode`
+Permission Guard Component
+A React component that conditionally renders children based on permissions.
+Can auto-infer userId from context if not provided.
+#### Parameters
+| Name | Type | Default value |
+| :------ | :------ | :------ |
+| `«destructured»` | `Object` | `undefined` |
+| › `userId?` | `string` | `undefined` |
+| › `scope` | `Object` | `undefined` |
+| › `scope.organisationId` | `string` | `undefined` |
+| › `scope.eventId?` | `string` | `undefined` |
+| › `scope.appId?` | `string` | `undefined` |
+| › `permission` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` | `undefined` |
+| › `pageId?` | `string` | `undefined` |
+| › `children` | `ReactNode` | `undefined` |
+| › `fallback?` | `ReactNode` | `null` |
+| › `onDenied?` | () => `void` | `undefined` |
+| › `loading?` | `ReactNode` | `null` |
+| › `strictMode?` | `boolean` | `true` |
+| › `auditLog?` | `boolean` | `true` |
+| › `enforceAudit?` | `boolean` | `true` |
+#### Returns
+`React.ReactNode`
+**`Example`**
+```tsx
+// With explicit userId and scope
+<PermissionGuard
+  userId="user-123"
+  scope={{ organisationId: 'org-456' }}
+  permission="manage:events"
+  pageId="page-789"
+  fallback={<AccessDenied />}
+>
+  <AdminPanel />
+</PermissionGuard>
+// With context inference (requires auth context)
+<PermissionGuard
+  permission="manage:events"
+  scope={{ organisationId: 'org-456' }}
+  fallback={<AccessDenied />}
+>
+  <AdminPanel />
+</PermissionGuard>
+```
+#### Defined in
+[packages/core/src/rbac/adapters.tsx:49](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/adapters.tsx#L49)
+___
+### AccessLevelGuard
+▸ **AccessLevelGuard**(`«destructured»`): `React.ReactNode`
+Access Level Guard Component
+A React component that conditionally renders children based on access level.
+Can auto-infer userId from context if not provided.
+#### Parameters
+| Name | Type | Default value |
+| :------ | :------ | :------ |
+| `«destructured»` | `Object` | `undefined` |
+| › `userId?` | `string` | `undefined` |
+| › `scope` | `Object` | `undefined` |
+| › `scope.organisationId` | `string` | `undefined` |
+| › `scope.eventId?` | `string` | `undefined` |
+| › `scope.appId?` | `string` | `undefined` |
+| › `minLevel` | ``"viewer"`` \| ``"participant"`` \| ``"planner"`` \| ``"admin"`` \| ``"super"`` | `undefined` |
+| › `children` | `ReactNode` | `undefined` |
+| › `fallback?` | `ReactNode` | `null` |
+| › `loading?` | `ReactNode` | `null` |
+#### Returns
+`React.ReactNode`
+**`Example`**
+```tsx
+// With explicit userId and scope
+<AccessLevelGuard
+  userId="user-123"
+  scope={{ organisationId: 'org-456' }}
+  minLevel="admin"
+  fallback={<AccessDenied />}
+>
+  <AdminPanel />
+</AccessLevelGuard>
+// With context inference (requires auth context)
+<AccessLevelGuard
+  minLevel="admin"
+  scope={{ organisationId: 'org-456' }}
+  fallback={<AccessDenied />}
+>
+  <AdminPanel />
+</AccessLevelGuard>
+```
+#### Defined in
+[packages/core/src/rbac/adapters.tsx:221](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/adapters.tsx#L221)
+___
+### withPermissionGuard
+▸ **withPermissionGuard**\<`T`\>(`config`, `handler`): (...`args`: `T`) => `Promise`\<`any`\>
+Permission Guard for Server Handlers
+Wraps a server handler with permission checking.
+#### Type parameters
+| Name | Type |
+| :------ | :------ |
+| `T` | extends `any`[] |
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `config` | `Object` | Permission guard configuration |
+| `config.permission` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` | - |
+| `config.pageId?` | `string` | - |
+| `handler` | (...`args`: `T`) => `Promise`\<`any`\> | Handler function to wrap |
+#### Returns
+`fn`
+Wrapped handler function
+▸ (`...args`): `Promise`\<`any`\>
+##### Parameters
+| Name | Type |
+| :------ | :------ |
+| `...args` | `T` |
+##### Returns
+`Promise`\<`any`\>
+**`Example`**
+```typescript
+const protectedHandler = withPermissionGuard(
+  { permission: 'manage:events', pageId: 'page-789' },
+  async (req, res) => {
+    // Handler logic here
+    res.json({ success: true });
+  }
+);
+```
+#### Defined in
+[packages/core/src/rbac/adapters.tsx:333](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/adapters.tsx#L333)
+___
+### withAccessLevelGuard
+▸ **withAccessLevelGuard**\<`T`\>(`minLevel`, `handler`): (...`args`: `T`) => `Promise`\<`any`\>
+Access Level Guard for Server Handlers
+Wraps a server handler with access level checking.
+#### Type parameters
+| Name | Type |
+| :------ | :------ |
+| `T` | extends `any`[] |
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `minLevel` | ``"viewer"`` \| ``"participant"`` \| ``"planner"`` \| ``"admin"`` \| ``"super"`` | Minimum access level required |
+| `handler` | (...`args`: `T`) => `Promise`\<`any`\> | Handler function to wrap |
+#### Returns
+`fn`
+Wrapped handler function
+▸ (`...args`): `Promise`\<`any`\>
+##### Parameters
+| Name | Type |
+| :------ | :------ |
+| `...args` | `T` |
+##### Returns
+`Promise`\<`any`\>
+**`Example`**
+```typescript
+const adminHandler = withAccessLevelGuard(
+  'admin',
+  async (req, res) => {
+    // Admin-only logic here
+    res.json({ success: true });
+  }
+);
+```
+#### Defined in
+[packages/core/src/rbac/adapters.tsx:390](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/adapters.tsx#L390)
+___
+### withRoleGuard
+▸ **withRoleGuard**\<`T`\>(`config`, `handler`): (...`args`: `T`) => `Promise`\<`any`\>
+Role Guard for Server Handlers
+Wraps a server handler with role-based access control.
+This is the primary middleware for routing protection as specified in the contract.
+#### Type parameters
+| Name | Type |
+| :------ | :------ |
+| `T` | extends `any`[] |
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `config` | `Object` | Role guard configuration |
+| `config.globalRoles?` | `string`[] | - |
+| `config.organisationRoles?` | `string`[] | - |
+| `config.eventAppRoles?` | `string`[] | - |
+| `config.requireAll?` | `boolean` | - |
+| `handler` | (...`args`: `T`) => `Promise`\<`any`\> | Handler function to wrap |
+#### Returns
+`fn`
+Wrapped handler function
+▸ (`...args`): `Promise`\<`any`\>
+##### Parameters
+| Name | Type |
+| :------ | :------ |
+| `...args` | `T` |
+##### Returns
+`Promise`\<`any`\>
+**`Example`**
+```typescript
+const adminHandler = withRoleGuard(
+  {
+    globalRoles: ['super_admin'],
+    organisationRoles: ['org_admin', 'leader'],
+    eventAppRoles: ['event_admin', 'planner']
+  },
+  async (req, res) => {
+    // Admin-only logic here
+    res.json({ success: true });
+  }
+);
+```
+#### Defined in
+[packages/core/src/rbac/adapters.tsx:451](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/adapters.tsx#L451)
+___
+### createRBACMiddleware
+▸ **createRBACMiddleware**(`config`): (`req`: \{ `nextUrl`: \{ `pathname`: `string`  } ; `user?`: \{ `id`: `string`  } ; `organisationId?`: `string`  }, `res`: \{ `redirect`: (`url`: `string`) => `void`  }, `next`: () => `void`) => `Promise`\<`void`\>
+Next.js Middleware for RBAC
+Middleware that checks permissions before allowing access to pages.
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `config` | `Object` | Middleware configuration |
+| `config.protectedRoutes` | \{ `path`: `string` ; `permission`: \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` ; `pageId?`: `string`  }[] | - |
+| `config.fallbackUrl?` | `string` | - |
+#### Returns
+`fn`
+Next.js middleware function
+▸ (`req`, `res`, `next`): `Promise`\<`void`\>
+##### Parameters
+| Name | Type |
+| :------ | :------ |
+| `req` | `Object` |
+| `req.nextUrl` | `Object` |
+| `req.nextUrl.pathname` | `string` |
+| `req.user?` | `Object` |
+| `req.user.id` | `string` |
+| `req.organisationId?` | `string` |
+| `res` | `Object` |
+| `res.redirect` | (`url`: `string`) => `void` |
+| `next` | () => `void` |
+##### Returns
+`Promise`\<`void`\>
+**`Example`**
+```typescript
+// middleware.ts
+import { createRBACMiddleware } from '@jmruthers/pace-core/rbac';
+export default createRBACMiddleware({
+  protectedRoutes: [
+    { path: '/admin', permission: 'manage:admin' },
+    { path: '/events', permission: 'read:events' },
+  ],
+  fallbackUrl: '/access-denied',
+});
+```
+#### Defined in
+[packages/core/src/rbac/adapters.tsx:574](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/adapters.tsx#L574)
+___
+### createRBACExpressMiddleware
+▸ **createRBACExpressMiddleware**(`config`): (`req`: \{ `user?`: \{ `id`: `string`  } ; `organisationId?`: `string` ; `eventId?`: `string` ; `appId?`: `string`  }, `res`: \{ `status`: (`code`: `number`) => \{ `json`: (`data`: `object`) => `void`  }  }, `next`: () => `void`) => `Promise`\<`void`\>
+Express Middleware for RBAC
+Middleware that checks permissions for Express routes.
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `config` | `Object` | Middleware configuration |
+| `config.permission` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` | - |
+| `config.pageId?` | `string` | - |
+#### Returns
+`fn`
+Express middleware function
+▸ (`req`, `res`, `next`): `Promise`\<`void`\>
+##### Parameters
+| Name | Type |
+| :------ | :------ |
+| `req` | `Object` |
+| `req.user?` | `Object` |
+| `req.user.id` | `string` |
+| `req.organisationId?` | `string` |
+| `req.eventId?` | `string` |
+| `req.appId?` | `string` |
+| `res` | `Object` |
+| `res.status` | (`code`: `number`) => \{ `json`: (`data`: `object`) => `void`  } |
+| `next` | () => `void` |
+##### Returns
+`Promise`\<`void`\>
+**`Example`**
+```typescript
+import { createRBACExpressMiddleware } from '@jmruthers/pace-core/rbac';
+app.use(createRBACExpressMiddleware({
+  permission: 'read:api',
+  pageId: 'api-page-123',
+}));
+```
+#### Defined in
+[packages/core/src/rbac/adapters.tsx:641](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/adapters.tsx#L641)
+___
+### hasPermissionCached
+▸ **hasPermissionCached**(`userId`, `scope`, `_permission`, `_pageId?`): `boolean`
+Check if a user has a permission (synchronous cache check only)
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `userId` | `string` | User ID |
+| `scope` | `Object` | Permission scope |
+| `scope.organisationId` | `string` | - |
+| `scope.eventId?` | `string` | - |
+| `scope.appId?` | `string` | - |
+| `_permission` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` | - |
+| `_pageId?` | `string` | - |
+#### Returns
+`boolean`
+True if permission is cached and granted
+#### Defined in
+[packages/core/src/rbac/adapters.tsx:689](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/adapters.tsx#L689)
+___
+### hasAnyPermissionCached
+▸ **hasAnyPermissionCached**(`userId`, `scope`, `permissions`, `pageId?`): `boolean`
+Check if a user has any of the specified permissions (synchronous cache check only)
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `userId` | `string` | User ID |
+| `scope` | `Object` | Permission scope |
+| `scope.organisationId` | `string` | - |
+| `scope.eventId?` | `string` | - |
+| `scope.appId?` | `string` | - |
+| `permissions` | (\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`)[] | Array of permissions to check |
+| `pageId?` | `string` | Optional page ID |
+#### Returns
+`boolean`
+True if any permission is cached and granted
+#### Defined in
+[packages/core/src/rbac/adapters.tsx:714](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/adapters.tsx#L714)
+___
+### setupRBAC
+▸ **setupRBAC**(`supabase`, `config?`): `void`
+Setup RBAC system
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `supabase` | `default`\<`Database`, ``"public"``, ``"public"``, `never`, {}\> | Supabase client |
+| `config?` | `Partial`\<[`RBACConfig`](interfaces/RBACConfig.md)\> | Optional configuration |
+#### Returns
+`void`
+#### Defined in
+[packages/core/src/rbac/api.ts:35](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/api.ts#L35)
+___
+### getAccessLevel
+▸ **getAccessLevel**(`input`): `Promise`\<[`AccessLevel`](modules.md#accesslevel)\>
+Get user's access level in a scope
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `input` | `Object` | Access level input |
+| `input.userId` | `string` | - |
+| `input.scope` | [`Scope`](modules.md#scope) | - |
+#### Returns
+`Promise`\<[`AccessLevel`](modules.md#accesslevel)\>
+Promise resolving to access level
+**`Example`**
+```typescript
+const accessLevel = await getAccessLevel({
+  userId: 'user-123',
+  scope: { organisationId: 'org-456' }
+});
+```
+#### Defined in
+[packages/core/src/rbac/api.ts:85](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/api.ts#L85)
+___
+### getPermissionMap
+▸ **getPermissionMap**(`input`): `Promise`\<[`PermissionMap`](modules.md#permissionmap)\>
+Get user's permission map for a scope
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `input` | `Object` | Permission map input |
+| `input.userId` | `string` | - |
+| `input.scope` | [`Scope`](modules.md#scope) | - |
+#### Returns
+`Promise`\<[`PermissionMap`](modules.md#permissionmap)\>
+Promise resolving to permission map
+**`Example`**
+```typescript
+const permissions = await getPermissionMap({
+  userId: 'user-123',
+  scope: {
+    organisationId: 'org-456',
+    eventId: 'event-789',
+    appId: 'app-101'
+  }
+});
+```
+#### Defined in
+[packages/core/src/rbac/api.ts:111](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/api.ts#L111)
+___
+### isPermitted
+▸ **isPermitted**(`input`): `Promise`\<`boolean`\>
+Check if user has a specific permission
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `input` | [`PermissionCheck`](modules.md#permissioncheck) | Permission check input |
+#### Returns
+`Promise`\<`boolean`\>
+Promise resolving to permission result
+**`Example`**
+```typescript
+const canManage = await isPermitted({
+  userId: 'user-123',
+  scope: { organisationId: 'org-456' },
+  permission: 'manage:events',
+  pageId: 'page-789'
+});
+```
+#### Defined in
+[packages/core/src/rbac/api.ts:135](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/api.ts#L135)
+___
+### isPermittedCached
+▸ **isPermittedCached**(`input`): `Promise`\<`boolean`\>
+Check if user has a specific permission (cached version)
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `input` | [`PermissionCheck`](modules.md#permissioncheck) | Permission check input |
+#### Returns
+`Promise`\<`boolean`\>
+Promise resolving to permission result
+#### Defined in
+[packages/core/src/rbac/api.ts:146](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/api.ts#L146)
+___
+### hasPermission
+▸ **hasPermission**(`input`): `Promise`\<`boolean`\>
+Check if a user has a specific permission (alias for isPermitted)
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `input` | [`PermissionCheck`](modules.md#permissioncheck) | Permission check parameters |
+#### Returns
+`Promise`\<`boolean`\>
+Promise<boolean> - True if user has permission
+#### Defined in
+[packages/core/src/rbac/api.ts:179](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/api.ts#L179)
+___
+### hasAnyPermission
+▸ **hasAnyPermission**(`input`): `Promise`\<`boolean`\>
+Check if user has any of the specified permissions
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `input` | `Object` | Permission check input with array of permissions |
+| `input.userId` | `string` | - |
+| `input.scope` | [`Scope`](modules.md#scope) | - |
+| `input.permissions` | (\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`)[] | - |
+| `input.pageId?` | `string` | - |
+#### Returns
+`Promise`\<`boolean`\>
+Promise resolving to true if user has any permission
+#### Defined in
+[packages/core/src/rbac/api.ts:189](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/api.ts#L189)
+___
+### hasAllPermissions
+▸ **hasAllPermissions**(`input`): `Promise`\<`boolean`\>
+Check if user has all of the specified permissions
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `input` | `Object` | Permission check input with array of permissions |
+| `input.userId` | `string` | - |
+| `input.scope` | [`Scope`](modules.md#scope) | - |
+| `input.permissions` | (\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`)[] | - |
+| `input.pageId?` | `string` | - |
+#### Returns
+`Promise`\<`boolean`\>
+Promise resolving to true if user has all permissions
+#### Defined in
+[packages/core/src/rbac/api.ts:217](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/api.ts#L217)
+___
+### createAuditManager
+▸ **createAuditManager**(`supabase`): [`RBACAuditManager`](classes/RBACAuditManager.md)
+Create an audit manager instance
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `supabase` | `default`\<`Database`, ``"public"``, ``"public"``, `never`, {}\> | Supabase client |
+#### Returns
+[`RBACAuditManager`](classes/RBACAuditManager.md)
+RBACAuditManager instance
+#### Defined in
+[packages/core/src/rbac/audit.ts:300](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/audit.ts#L300)
+___
+### setGlobalAuditManager
+▸ **setGlobalAuditManager**(`manager`): `void`
+Set the global audit manager
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `manager` | [`RBACAuditManager`](classes/RBACAuditManager.md) | Audit manager instance |
+#### Returns
+`void`
+#### Defined in
+[packages/core/src/rbac/audit.ts:316](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/audit.ts#L316)
+___
+### getGlobalAuditManager
+▸ **getGlobalAuditManager**(): [`RBACAuditManager`](classes/RBACAuditManager.md) \| ``null``
+Get the global audit manager
+#### Returns
+[`RBACAuditManager`](classes/RBACAuditManager.md) \| ``null``
+Global audit manager or null if not set
+#### Defined in
+[packages/core/src/rbac/audit.ts:325](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/audit.ts#L325)
+___
+### emitAuditEvent
+▸ **emitAuditEvent**(`event`): `Promise`\<`void`\>
+Emit an audit event using the global audit manager
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `event` | `AuditEventPayload` | Audit event payload |
+#### Returns
+`Promise`\<`void`\>
+#### Defined in
+[packages/core/src/rbac/audit.ts:334](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/audit.ts#L334)
+___
+### EnhancedNavigationMenu
+▸ **EnhancedNavigationMenu**(`props`): `Element`
+EnhancedNavigationMenu - Secure navigation menu with RBAC integration
+This component provides a navigation menu that automatically filters items based on
+user permissions and enforces strict security controls.
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `props` | [`EnhancedNavigationMenuProps`](interfaces/EnhancedNavigationMenuProps.md) | Component props |
+#### Returns
+`Element`
+React element with enhanced navigation menu
+#### Defined in
+[packages/core/src/rbac/components/EnhancedNavigationMenu.tsx:112](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/components/EnhancedNavigationMenu.tsx#L112)
+___
+### NavigationGuard
+▸ **NavigationGuard**(`props`): `Element`
+NavigationGuard - Enforces navigation-level permissions
+This component ensures that users can only access navigation items they have permission for.
+It integrates with the existing RBAC system and provides strict enforcement to
+prevent apps from bypassing navigation permission checks.
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `props` | [`NavigationGuardProps`](interfaces/NavigationGuardProps.md) | Component props |
+#### Returns
+`Element`
+React element with navigation permission enforcement
+#### Defined in
+[packages/core/src/rbac/components/NavigationGuard.tsx:113](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/components/NavigationGuard.tsx#L113)
+___
+### NavigationProvider
+▸ **NavigationProvider**(`props`): `Element`
+NavigationProvider - Manages navigation-level permissions across the app
+This provider ensures that all navigation items are properly protected and provides
+centralized navigation permission management with strict enforcement.
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `props` | [`NavigationProviderProps`](interfaces/NavigationProviderProps.md) | Provider props |
+#### Returns
+`Element`
+React element with navigation permission context
+#### Defined in
+[packages/core/src/rbac/components/NavigationProvider.tsx:164](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/components/NavigationProvider.tsx#L164)
+___
+### useNavigationPermissions
+▸ **useNavigationPermissions**(): [`NavigationContextType`](interfaces/NavigationContextType.md)
+Hook to use navigation permission context
+#### Returns
+[`NavigationContextType`](interfaces/NavigationContextType.md)
+Navigation permission context
+**`Throws`**
+Error if used outside of NavigationProvider
+#### Defined in
+[packages/core/src/rbac/components/NavigationProvider.tsx:304](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/components/NavigationProvider.tsx#L304)
+___
+### PagePermissionGuard
+▸ **PagePermissionGuard**(`props`): `Element`
+PagePermissionGuard - Enforces page-level permissions
+This component ensures that users can only access pages they have permission for.
+It integrates with the existing RBAC system and provides strict enforcement to
+prevent apps from bypassing permission checks.
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `props` | [`PagePermissionGuardProps`](interfaces/PagePermissionGuardProps.md) | Component props |
+#### Returns
+`Element`
+React element with permission enforcement
+#### Defined in
+[packages/core/src/rbac/components/PagePermissionGuard.tsx:119](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/components/PagePermissionGuard.tsx#L119)
+___
+### PagePermissionProvider
+▸ **PagePermissionProvider**(`props`): `Element`
+PagePermissionProvider - Manages page-level permissions across the app
+This provider ensures that all pages are properly protected and provides
+centralized page permission management with strict enforcement.
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `props` | [`PagePermissionProviderProps`](interfaces/PagePermissionProviderProps.md) | Provider props |
+#### Returns
+`Element`
+React element with page permission context
+#### Defined in
+[packages/core/src/rbac/components/PagePermissionProvider.tsx:125](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/components/PagePermissionProvider.tsx#L125)
+___
+### usePagePermissions
+▸ **usePagePermissions**(): [`PagePermissionContextType`](interfaces/PagePermissionContextType.md)
+Hook to use page permission context
+#### Returns
+[`PagePermissionContextType`](interfaces/PagePermissionContextType.md)
+Page permission context
+**`Throws`**
+Error if used outside of PagePermissionProvider
+#### Defined in
+[packages/core/src/rbac/components/PagePermissionProvider.tsx:264](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/components/PagePermissionProvider.tsx#L264)
+___
+### PermissionEnforcer
+▸ **PermissionEnforcer**(`props`): `Element`
+PermissionEnforcer - Enforces permissions for operations
+This component ensures that users can only perform operations they have permission for.
+It integrates with the existing RBAC system and provides strict enforcement to
+prevent apps from bypassing permission checks.
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `props` | [`PermissionEnforcerProps`](interfaces/PermissionEnforcerProps.md) | Component props |
+#### Returns
+`Element`
+React element with permission enforcement
+#### Defined in
+[packages/core/src/rbac/components/PermissionEnforcer.tsx:117](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/components/PermissionEnforcer.tsx#L117)
+___
+### RoleBasedRouter
+▸ **RoleBasedRouter**(`props`): `Element`
+RoleBasedRouter - Centralized routing control with role-based protection
+This component ensures that all routes are properly protected and provides
+centralized routing control to prevent apps from bypassing route protection.
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `props` | [`RoleBasedRouterProps`](interfaces/RoleBasedRouterProps.md) | Router props |
+#### Returns
+`Element`
+React element with role-based routing
+#### Defined in
+[packages/core/src/rbac/components/RoleBasedRouter.tsx:178](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/components/RoleBasedRouter.tsx#L178)
+___
+### useRoleBasedRouter
+▸ **useRoleBasedRouter**(): [`RoleBasedRouterContextType`](interfaces/RoleBasedRouterContextType.md)
+Hook to use role-based router context
+#### Returns
+[`RoleBasedRouterContextType`](interfaces/RoleBasedRouterContextType.md)
+Role-based router context
+**`Throws`**
+Error if used outside of RoleBasedRouter
+#### Defined in
+[packages/core/src/rbac/components/RoleBasedRouter.tsx:388](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/components/RoleBasedRouter.tsx#L388)
+___
+### SecureDataProvider
+▸ **SecureDataProvider**(`props`): `Element`
+SecureDataProvider - Prevents direct Supabase access and enforces secure data patterns
+This provider ensures that all data access goes through the secure RBAC system
+and prevents apps from bypassing data access controls.
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `props` | [`SecureDataProviderProps`](interfaces/SecureDataProviderProps.md) | Provider props |
+#### Returns
+`Element`
+React element with secure data context
+#### Defined in
+[packages/core/src/rbac/components/SecureDataProvider.tsx:135](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/components/SecureDataProvider.tsx#L135)
+___
+### useSecureData
+▸ **useSecureData**(): [`SecureDataContextType`](interfaces/SecureDataContextType.md)
+Hook to use secure data context
+#### Returns
+[`SecureDataContextType`](interfaces/SecureDataContextType.md)
+Secure data context
+**`Throws`**
+Error if used outside of SecureDataProvider
+#### Defined in
+[packages/core/src/rbac/components/SecureDataProvider.tsx:309](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/components/SecureDataProvider.tsx#L309)
+___
+### createRBACConfig
+▸ **createRBACConfig**(`config`): [`RBACConfig`](interfaces/RBACConfig.md)
+#### Parameters
+| Name | Type |
+| :------ | :------ |
+| `config` | [`RBACConfig`](interfaces/RBACConfig.md) |
+#### Returns
+[`RBACConfig`](interfaces/RBACConfig.md)
+#### Defined in
+[packages/core/src/rbac/config.ts:110](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/config.ts#L110)
+___
+### getRBACConfig
+▸ **getRBACConfig**(): [`RBACConfig`](interfaces/RBACConfig.md) \| ``null``
+#### Returns
+[`RBACConfig`](interfaces/RBACConfig.md) \| ``null``
+#### Defined in
+[packages/core/src/rbac/config.ts:115](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/config.ts#L115)
+___
+### getRBACLogger
+▸ **getRBACLogger**(): [`RBACLogger`](interfaces/RBACLogger.md)
+#### Returns
+[`RBACLogger`](interfaces/RBACLogger.md)
+#### Defined in
+[packages/core/src/rbac/config.ts:119](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/config.ts#L119)
+___
+### isDebugMode
+▸ **isDebugMode**(): `boolean`
+#### Returns
+`boolean`
+#### Defined in
+[packages/core/src/rbac/config.ts:123](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/config.ts#L123)
+___
+### isDevelopmentMode
+▸ **isDevelopmentMode**(): `boolean`
+#### Returns
+`boolean`
+#### Defined in
+[packages/core/src/rbac/config.ts:127](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/config.ts#L127)
+___
+### createRBACEngine
+▸ **createRBACEngine**(`supabase`): [`RBACEngine`](classes/RBACEngine.md)
+Create an RBAC engine instance
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `supabase` | `default`\<`Database`, ``"public"``, ``"public"``, `never`, {}\> | Supabase client |
+#### Returns
+[`RBACEngine`](classes/RBACEngine.md)
+RBACEngine instance
+#### Defined in
+[packages/core/src/rbac/engine.ts:1024](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/engine.ts#L1024)
+___
+### usePermissions
+▸ **usePermissions**(`userId`, `scope`): `Object`
+Hook to get user's permissions in a scope
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `userId` | `string` | User ID |
+| `scope` | [`Scope`](modules.md#scope) | Scope for permission checking |
+#### Returns
+`Object`
+Permission state and methods
+| Name | Type |
+| :------ | :------ |
+| `permissions` | [`PermissionMap`](modules.md#permissionmap) |
+| `isLoading` | `boolean` |
+| `error` | ``null`` \| `Error` |
+| `hasPermission` | (`permission`: \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`) => `boolean` |
+| `hasAnyPermission` | (`permissionList`: (\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`)[]) => `boolean` |
+| `hasAllPermissions` | (`permissionList`: (\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`)[]) => `boolean` |
+| `refetch` | () => `Promise`\<`void`\> |
+**`Example`**
+```tsx
+function MyComponent() {
+  const { permissions, isLoading, error } = usePermissions(userId, scope);
+  if (isLoading) return <div>Loading...</div>;
+  if (error) return <div>Error: {error.message}</div>;
+  return (
+    <div>
+      {permissions['read:users'] && <UserList />}
+      {permissions['create:users'] && <CreateUserButton />}
+    </div>
+  );
+}
+```
+#### Defined in
+[packages/core/src/rbac/hooks/usePermissions.ts:49](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/hooks/usePermissions.ts#L49)
+___
+### useCan
+▸ **useCan**(`userId`, `scope`, `permission`, `pageId?`, `useCache?`): `Object`
+Hook to check if user can perform an action
+#### Parameters
+| Name | Type | Default value | Description |
+| :------ | :------ | :------ | :------ |
+| `userId` | `string` | `undefined` | User ID |
+| `scope` | [`Scope`](modules.md#scope) | `undefined` | Scope for permission checking |
+| `permission` | \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\` | `undefined` | Permission to check |
+| `pageId?` | `string` | `undefined` | Optional page ID |
+| `useCache` | `boolean` | `true` | Whether to use cached results |
+#### Returns
+`Object`
+Permission check state and methods
+| Name | Type |
+| :------ | :------ |
+| `can` | `boolean` |
+| `isLoading` | `boolean` |
+| `error` | ``null`` \| `Error` |
+| `refetch` | () => `Promise`\<`void`\> |
+**`Example`**
+```tsx
+function MyComponent() {
+  const { can, isLoading, error } = useCan(userId, scope, 'read:users');
+  if (isLoading) return <div>Checking permission...</div>;
+  if (error) return <div>Error: {error.message}</div>;
+  return can ? <UserList /> : <div>Access denied</div>;
+}
+```
+#### Defined in
+[packages/core/src/rbac/hooks/usePermissions.ts:123](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/hooks/usePermissions.ts#L123)
+___
+### useAccessLevel
+▸ **useAccessLevel**(`userId`, `scope`): `Object`
+Hook to get user's access level in a scope
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `userId` | `string` | User ID |
+| `scope` | [`Scope`](modules.md#scope) | Scope for access level checking |
+#### Returns
+`Object`
+Access level state and methods
+| Name | Type |
+| :------ | :------ |
+| `accessLevel` | [`AccessLevel`](modules.md#accesslevel) |
+| `isLoading` | `boolean` |
+| `error` | `Error` \| ``null`` |
+| `refetch` | () => `Promise`\<`void`\> |
+**`Example`**
+```tsx
+function MyComponent() {
+  const { accessLevel, isLoading, error } = useAccessLevel(userId, scope);
+  if (isLoading) return <div>Loading access level...</div>;
+  if (error) return <div>Error: {error.message}</div>;
+  return (
+    <div>
+      Access Level: {accessLevel}
+      {accessLevel >= AccessLevel.ADMIN && <AdminPanel />}
+    </div>
+  );
+}
+```
+#### Defined in
+[packages/core/src/rbac/hooks/usePermissions.ts:194](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/hooks/usePermissions.ts#L194)
+___
+### useMultiplePermissions
+▸ **useMultiplePermissions**(`userId`, `scope`, `permissions`, `useCache?`): `Object`
+Hook to check multiple permissions at once
+#### Parameters
+| Name | Type | Default value | Description |
+| :------ | :------ | :------ | :------ |
+| `userId` | `string` | `undefined` | User ID |
+| `scope` | [`Scope`](modules.md#scope) | `undefined` | Scope for permission checking |
+| `permissions` | (\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`)[] | `undefined` | Array of permissions to check |
+| `useCache` | `boolean` | `true` | Whether to use cached results |
+#### Returns
+`Object`
+Multiple permission check results
+| Name | Type |
+| :------ | :------ |
+| `results` | `Record`\<[`Permission`](modules.md#permission), `boolean`\> |
+| `isLoading` | `boolean` |
+| `error` | `Error` \| ``null`` |
+| `refetch` | () => `Promise`\<`void`\> |
+**`Example`**
+```tsx
+function MyComponent() {
+  const { results, isLoading, error } = useMultiplePermissions(
+    userId,
+    scope,
+    ['read:users', 'create:users', 'update:users']
+  );
+  if (isLoading) return <div>Checking permissions...</div>;
+  if (error) return <div>Error: {error.message}</div>;
+  return (
+    <div>
+      {results['read:users'] && <UserList />}
+      {results['create:users'] && <CreateUserButton />}
+      {results['update:users'] && <EditUserButton />}
+    </div>
+  );
+}
+```
+#### Defined in
+[packages/core/src/rbac/hooks/usePermissions.ts:268](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/hooks/usePermissions.ts#L268)
+___
+### useHasAnyPermission
+▸ **useHasAnyPermission**(`userId`, `scope`, `permissions`, `useCache?`): `Object`
+Hook to check if user has any of the specified permissions
+#### Parameters
+| Name | Type | Default value | Description |
+| :------ | :------ | :------ | :------ |
+| `userId` | `string` | `undefined` | User ID |
+| `scope` | [`Scope`](modules.md#scope) | `undefined` | Scope for permission checking |
+| `permissions` | (\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`)[] | `undefined` | Array of permissions to check |
+| `useCache` | `boolean` | `true` | Whether to use cached results |
+#### Returns
+`Object`
+Whether user has any of the permissions
+| Name | Type |
+| :------ | :------ |
+| `hasAny` | `boolean` |
+| `isLoading` | `boolean` |
+| `error` | `Error` \| ``null`` |
+| `refetch` | () => `Promise`\<`void`\> |
+**`Example`**
+```tsx
+function MyComponent() {
+  const { hasAny, isLoading, error } = useHasAnyPermission(
+    userId,
+    scope,
+    ['read:users', 'create:users']
+  );
+  if (isLoading) return <div>Checking permissions...</div>;
+  if (error) return <div>Error: {error.message}</div>;
+  return hasAny ? <UserManagementPanel /> : <div>No user permissions</div>;
+}
+```
+#### Defined in
+[packages/core/src/rbac/hooks/usePermissions.ts:350](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/hooks/usePermissions.ts#L350)
+___
+### useHasAllPermissions
+▸ **useHasAllPermissions**(`userId`, `scope`, `permissions`, `useCache?`): `Object`
+Hook to check if user has all of the specified permissions
+#### Parameters
+| Name | Type | Default value | Description |
+| :------ | :------ | :------ | :------ |
+| `userId` | `string` | `undefined` | User ID |
+| `scope` | [`Scope`](modules.md#scope) | `undefined` | Scope for permission checking |
+| `permissions` | (\`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`)[] | `undefined` | Array of permissions to check |
+| `useCache` | `boolean` | `true` | Whether to use cached results |
+#### Returns
+`Object`
+Whether user has all of the permissions
+| Name | Type |
+| :------ | :------ |
+| `hasAll` | `boolean` |
+| `isLoading` | `boolean` |
+| `error` | `Error` \| ``null`` |
+| `refetch` | () => `Promise`\<`void`\> |
+**`Example`**
+```tsx
+function MyComponent() {
+  const { hasAll, isLoading, error } = useHasAllPermissions(
+    userId,
+    scope,
+    ['read:users', 'create:users', 'update:users']
+  );
+  if (isLoading) return <div>Checking permissions...</div>;
+  if (error) return <div>Error: {error.message}</div>;
+  return hasAll ? <FullUserManagementPanel /> : <div>Insufficient permissions</div>;
+}
+```
+#### Defined in
+[packages/core/src/rbac/hooks/usePermissions.ts:435](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/hooks/usePermissions.ts#L435)
+___
+### useCachedPermissions
+▸ **useCachedPermissions**(`userId`, `scope`): `Object`
+Hook to get cached permissions with TTL management
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `userId` | `string` | User ID |
+| `scope` | [`Scope`](modules.md#scope) | Scope for permission checking |
+#### Returns
+`Object`
+Cached permission state and methods
+| Name | Type |
+| :------ | :------ |
+| `permissions` | [`PermissionMap`](modules.md#permissionmap) |
+| `isLoading` | `boolean` |
+| `error` | `Error` \| ``null`` |
+| `invalidateCache` | () => `void` |
+| `refetch` | () => `Promise`\<`void`\> |
+**`Example`**
+```tsx
+function MyComponent() {
+  const { permissions, isLoading, error, invalidateCache } = useCachedPermissions(userId, scope);
+  if (isLoading) return <div>Loading cached permissions...</div>;
+  if (error) return <div>Error: {error.message}</div>;
+  return (
+    <div>
+      {permissions['read:users'] && <UserList />}
+      <button onClick={invalidateCache}>Refresh Permissions</button>
+    </div>
+  );
+}
+```
+#### Defined in
+[packages/core/src/rbac/hooks/usePermissions.ts:519](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/hooks/usePermissions.ts#L519)
+___
+### useRBAC
+▸ **useRBAC**(`pageId?`): `UserRBACContext`
+#### Parameters
+| Name | Type |
+| :------ | :------ |
+| `pageId?` | `string` |
+#### Returns
+`UserRBACContext`
+#### Defined in
+[packages/core/src/rbac/hooks/useRBAC.ts:82](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/hooks/useRBAC.ts#L82)
+___
+### isValidPermission
+▸ **isValidPermission**(`permission`): permission is \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`
+Validate that a permission string is properly formatted
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `permission` | `string` | Permission string to validate |
+#### Returns
+permission is \`read:$\{string}\` \| \`create:$\{string}\` \| \`update:$\{string}\` \| \`delete:$\{string}\` \| \`manage:$\{string}\`
+True if valid, false otherwise
+#### Defined in
+[packages/core/src/rbac/permissions.ts:249](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/permissions.ts#L249)
+___
+### getPermissionsForRole
+▸ **getPermissionsForRole**(`role`): [`Permission`](modules.md#permission)[]
+Get all permissions for a role
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `role` | `string` | Role name |
+#### Returns
+[`Permission`](modules.md#permission)[]
+Array of permissions for the role
+#### Defined in
+[packages/core/src/rbac/permissions.ts:263](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/permissions.ts#L263)
+___
+### useRBACProvider
+▸ **useRBACProvider**(): [`RBACContextType`](interfaces/RBACContextType.md)
+#### Returns
+[`RBACContextType`](interfaces/RBACContextType.md)
+#### Defined in
+[packages/core/src/rbac/providers/RBACProvider.tsx:74](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/providers/RBACProvider.tsx#L74)
+___
+### RBACProvider
+▸ **RBACProvider**(`«destructured»`): `Element`
+#### Parameters
+| Name | Type |
+| :------ | :------ |
+| `«destructured»` | [`RBACProviderProps`](interfaces/RBACProviderProps.md) |
+#### Returns
+`Element`
+#### Defined in
+[packages/core/src/rbac/providers/RBACProvider.tsx:183](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/providers/RBACProvider.tsx#L183)
+___
+### createSecureClient
+▸ **createSecureClient**(`supabaseUrl`, `supabaseKey`, `organisationId`, `eventId?`, `appId?`): [`SecureSupabaseClient`](classes/SecureSupabaseClient.md)
+Create a secure Supabase client with organisation context
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `supabaseUrl` | `string` | Supabase project URL |
+| `supabaseKey` | `string` | Supabase anon key |
+| `organisationId` | `string` | Required organisation ID |
+| `eventId?` | `string` | Optional event ID |
+| `appId?` | `string` | Optional app ID |
+#### Returns
+[`SecureSupabaseClient`](classes/SecureSupabaseClient.md)
+SecureSupabaseClient instance
+**`Example`**
+```typescript
+const client = createSecureClient(
+  'https://your-project.supabase.co',
+  'your-anon-key',
+  'org-123',
+  'event-456',
+  'app-789'
+);
+```
+#### Defined in
+[packages/core/src/rbac/secureClient.ts:216](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/secureClient.ts#L216)
+___
+### fromSupabaseClient
+▸ **fromSupabaseClient**(`client`, `organisationId`, `eventId?`, `appId?`): [`SecureSupabaseClient`](classes/SecureSupabaseClient.md)
+Create a secure client from an existing Supabase client
+#### Parameters
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `client` | `default`\<`Database`, ``"public"``, ``"public"``, `never`, {}\> | Existing Supabase client |
+| `organisationId` | `string` | Required organisation ID |
+| `eventId?` | `string` | Optional event ID |
+| `appId?` | `string` | Optional app ID |
+#### Returns
+[`SecureSupabaseClient`](classes/SecureSupabaseClient.md)
+SecureSupabaseClient instance
+#### Defined in
+[packages/core/src/rbac/secureClient.ts:235](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/secureClient.ts#L235)
+___
 ### getStylePath
 ▸ **getStylePath**(`style`): `string`