npm - @jmruthers/pace-core - Versions diffs - 0.5.1 → 0.5.4 - Mend

@jmruthers/pace-core 0.5.1 → 0.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

package/dist/{DataTable-GX3XERFJ.js → DataTable-ZQDRE46Q.js} +7 -6
package/dist/{PublicLoadingSpinner-DztrzuJr.d.ts → PublicLoadingSpinner-Bq_-BeK-.d.ts} +1 -1
package/dist/RBACProvider-BO4ilsQB.d.ts +63 -0
package/dist/{UnifiedAuthProvider-w66zSCUf.d.ts → UnifiedAuthProvider-DGQsy-vY.d.ts} +2 -59
package/dist/{api-ETQ6YJ3C.js → api-H5A3H4IR.js} +2 -2
package/dist/{chunk-T3XIA4AJ.js → chunk-5H3C2SWM.js} +14 -16
package/dist/chunk-5H3C2SWM.js.map +1 -0
package/dist/chunk-5SIXIV7R.js +1925 -0
package/dist/chunk-5SIXIV7R.js.map +1 -0
package/dist/chunk-GNTALZV3.js +17 -0
package/dist/chunk-GNTALZV3.js.map +1 -0
package/dist/{chunk-C5G2A4PO.js → chunk-GWSBHC4J.js} +6 -6
package/dist/{chunk-XJK2J4N6.js → chunk-HD7PYDUV.js} +4 -6
package/dist/{chunk-XJK2J4N6.js.map → chunk-HD7PYDUV.js.map} +1 -1
package/dist/{chunk-TGDCLPP2.js → chunk-HXX35Q2M.js} +6 -21
package/dist/chunk-HXX35Q2M.js.map +1 -0
package/dist/{chunk-5EL3KHOQ.js → chunk-K6B7BLSE.js} +2 -2
package/dist/{chunk-GSNM5D6H.js → chunk-M4RW7PIP.js} +4 -4
package/dist/{chunk-U6JDHVC2.js → chunk-PVMYVQSM.js} +6 -8
package/dist/{chunk-U6JDHVC2.js.map → chunk-PVMYVQSM.js.map} +1 -1
package/dist/{chunk-6CR3MRZN.js → chunk-QKHFMQ5R.js} +372 -11
package/dist/{chunk-6CR3MRZN.js.map → chunk-QKHFMQ5R.js.map} +1 -1
package/dist/chunk-QVYBYGT2.js +428 -0
package/dist/chunk-QVYBYGT2.js.map +1 -0
package/dist/{chunk-OEGRKULD.js → chunk-WJARTBCT.js} +56 -1
package/dist/chunk-WJARTBCT.js.map +1 -0
package/dist/components.d.ts +4 -3
package/dist/components.js +16 -162
package/dist/components.js.map +1 -1
package/dist/hooks.d.ts +2 -2
package/dist/hooks.js +7 -9
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +8 -6
package/dist/index.js +152 -17
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +3 -2
package/dist/providers.js +6 -12
package/dist/rbac/index.d.ts +167 -98
package/dist/rbac/index.js +48 -1881
package/dist/rbac/index.js.map +1 -1
package/dist/styles/core.css +0 -55
package/dist/types.d.ts +2 -2
package/dist/{unified-CM7T0aTK.d.ts → unified-CMPjE_fv.d.ts} +1 -1
package/dist/{usePublicRouteParams-B6i0KtXW.d.ts → usePublicRouteParams-B2OcAsur.d.ts} +1 -1
package/dist/utils.js +12 -14
package/dist/utils.js.map +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +73 -0
package/docs/api/classes/MissingUserContextError.md +66 -0
package/docs/api/classes/OrganisationContextRequiredError.md +66 -0
package/docs/api/classes/PermissionDeniedError.md +73 -0
package/docs/api/classes/PublicErrorBoundary.md +1 -1
package/docs/api/classes/RBACAuditManager.md +270 -0
package/docs/api/classes/RBACCache.md +284 -0
package/docs/api/classes/RBACEngine.md +141 -0
package/docs/api/classes/RBACError.md +76 -0
package/docs/api/classes/RBACNotInitializedError.md +66 -0
package/docs/api/classes/SecureSupabaseClient.md +135 -0
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +96 -0
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +235 -0
package/docs/api/interfaces/EventContextType.md +1 -1
package/docs/api/interfaces/EventLogoProps.md +1 -1
package/docs/api/interfaces/EventProviderProps.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadProps.md +1 -1
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +107 -0
package/docs/api/interfaces/NavigationContextType.md +164 -0
package/docs/api/interfaces/NavigationGuardProps.md +139 -0
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +117 -0
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +2 -2
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +85 -0
package/docs/api/interfaces/PagePermissionContextType.md +140 -0
package/docs/api/interfaces/PagePermissionGuardProps.md +153 -0
package/docs/api/interfaces/PagePermissionProviderProps.md +119 -0
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +153 -0
package/docs/api/interfaces/PublicErrorBoundaryProps.md +1 -1
package/docs/api/interfaces/PublicErrorBoundaryState.md +1 -1
package/docs/api/interfaces/PublicLoadingSpinnerProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/RBACConfig.md +99 -0
package/docs/api/interfaces/RBACContextType.md +474 -0
package/docs/api/interfaces/RBACLogger.md +112 -0
package/docs/api/interfaces/RBACProviderProps.md +107 -0
package/docs/api/interfaces/RoleBasedRouterContextType.md +151 -0
package/docs/api/interfaces/RoleBasedRouterProps.md +156 -0
package/docs/api/interfaces/RouteAccessRecord.md +107 -0
package/docs/api/interfaces/RouteConfig.md +121 -0
package/docs/api/interfaces/SecureDataContextType.md +168 -0
package/docs/api/interfaces/SecureDataProviderProps.md +132 -0
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +85 -85
package/docs/api/interfaces/UnifiedAuthProviderProps.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +11 -11
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +2244 -3
package/docs/migration-guide.md +43 -18
package/docs/styles/README.md +187 -98
package/docs/usage.md +32 -7
package/package.json +2 -2
package/src/components/Footer/Footer.test.tsx +482 -0
package/src/components/Form/Form.test.tsx +1158 -0
package/src/components/Header/Header.test.tsx +582 -0
package/src/components/Header/Header.tsx +1 -1
package/src/components/InactivityWarningModal/InactivityWarningModal.test.tsx +489 -0
package/src/components/Input/Input.test.tsx +466 -0
package/src/components/LoadingSpinner/LoadingSpinner.test.tsx +450 -0
package/src/components/LoginForm/LoginForm.test.tsx +816 -0
package/src/components/NavigationMenu/NavigationMenu.test.tsx +883 -0
package/src/components/OrganisationSelector/OrganisationSelector.test.tsx +748 -0
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +891 -0
package/src/components/PaceLoginPage/PaceLoginPage.test.tsx +475 -0
package/src/components/PasswordReset/PasswordChangeForm.test.tsx +621 -0
package/src/components/PasswordReset/PasswordResetForm.test.tsx +605 -0
package/src/components/Select/Select.test.tsx +948 -0
package/src/components/SuperAdminGuard.tsx +1 -1
package/src/components/Toast/Toast.test.tsx +586 -0
package/src/components/Tooltip/Tooltip.test.tsx +852 -0
package/src/components/UserMenu/UserMenu.test.tsx +702 -0
package/src/components/UserMenu/UserMenu.tsx +2 -2
package/src/hooks/useDebounce.test.ts +375 -0
package/src/hooks/useOrganisationPermissions.test.ts +528 -0
package/src/hooks/useOrganisationSecurity.test.ts +734 -0
package/src/hooks/usePermissionCache.test.ts +542 -0
package/src/hooks/usePermissionCache.ts +1 -1
package/src/index.ts +2 -3
package/src/providers/UnifiedAuthProvider.tsx +2 -2
package/src/providers/index.ts +3 -1
package/src/rbac/__tests__/integration.test.tsx +218 -0
package/src/rbac/api.test.ts +952 -0
package/src/rbac/components/__tests__/NavigationGuard.test.tsx +843 -0
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +1007 -0
package/src/rbac/components/__tests__/PermissionEnforcer.test.tsx +806 -0
package/src/rbac/components/__tests__/RoleBasedRouter.test.tsx +741 -0
package/src/rbac/hooks/index.ts +21 -0
package/src/rbac/hooks/useCan.test.ts +461 -0
package/src/rbac/hooks/usePermissions.test.ts +364 -0
package/src/rbac/hooks/usePermissions.ts +567 -0
package/src/rbac/hooks/useRBAC.simple.test.ts +90 -0
package/src/rbac/hooks/useRBAC.test.ts +551 -0
package/src/{hooks → rbac/hooks}/useRBAC.ts +7 -7
package/src/rbac/index.ts +5 -10
package/src/{providers → rbac/providers}/RBACProvider.tsx +6 -6
package/src/rbac/providers/__tests__/RBACProvider.test.tsx +687 -0
package/src/rbac/providers/index.ts +11 -0
package/src/styles/core.css +0 -55
package/src/utils/formatDate.test.ts +241 -0
package/dist/chunk-AUE24LVR.js +0 -268
package/dist/chunk-AUE24LVR.js.map +0 -1
package/dist/chunk-COBPIXXQ.js +0 -379
package/dist/chunk-COBPIXXQ.js.map +0 -1
package/dist/chunk-OEGRKULD.js.map +0 -1
package/dist/chunk-OYRY44Q2.js +0 -62
package/dist/chunk-OYRY44Q2.js.map +0 -1
package/dist/chunk-T3XIA4AJ.js.map +0 -1
package/dist/chunk-TGDCLPP2.js.map +0 -1
package/src/components/RBAC/PagePermissionGuard.tsx +0 -287
package/src/components/RBAC/RBACGuard.tsx +0 -143
package/src/components/RBAC/RBACProvider.tsx +0 -186
package/src/components/RBAC/RoleBasedContent.tsx +0 -129
package/src/components/RBAC/index.ts +0 -23
package/src/rbac/hooks.ts +0 -570
/package/dist/{DataTable-GX3XERFJ.js.map → DataTable-ZQDRE46Q.js.map} +0 -0
/package/dist/{api-ETQ6YJ3C.js.map → api-H5A3H4IR.js.map} +0 -0
/package/dist/{chunk-C5G2A4PO.js.map → chunk-GWSBHC4J.js.map} +0 -0
/package/dist/{chunk-5EL3KHOQ.js.map → chunk-K6B7BLSE.js.map} +0 -0
/package/dist/{chunk-GSNM5D6H.js.map → chunk-M4RW7PIP.js.map} +0 -0

package/src/rbac/api.test.ts ADDED Viewed

@@ -0,0 +1,952 @@
+/**
+ * @file RBAC API Tests
+ * @package @jmruthers/pace-core
+ * @module RBAC/API
+ * @since 1.0.0
+ *
+ * Comprehensive tests for the RBAC API functions covering all critical functionality.
+ */
+import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { setupRBAC } from './api';
+import { createRBACEngine } from './engine';
+import { createAuditManager, setGlobalAuditManager } from './audit';
+import { rbacCache } from './cache';
+import { createRBACConfig, getRBACLogger } from './config';
+// Mock dependencies
+vi.mock('./engine', () => ({
+  createRBACEngine: vi.fn()
+}));
+vi.mock('./audit', () => ({
+  createAuditManager: vi.fn(),
+  setGlobalAuditManager: vi.fn()
+}));
+vi.mock('./cache', () => ({
+  rbacCache: {
+    clear: vi.fn(),
+    invalidate: vi.fn(),
+    get: vi.fn(),
+    set: vi.fn()
+  },
+  RBACCache: {
+    generatePermissionKey: vi.fn(({ userId, organisationId, eventId, appId, permission }) =>
+      `permission:${userId}:${organisationId}:${eventId || 'null'}:${appId || 'null'}:${permission}`
+    )
+  },
+  CACHE_PATTERNS: {
+    PERMISSION: vi.fn((userId, organisationId) => `permission:${userId}:${organisationId}:*`),
+    USER: vi.fn((userId) => `permission:${userId}:*`),
+    ORGANISATION: vi.fn((organisationId) => `permission:*:${organisationId}:*`),
+    EVENT: vi.fn((eventId) => `permission:*:*:${eventId}:*`),
+    APP: vi.fn((appId) => `permission:*:*:*:${appId}`)
+  }
+}));
+vi.mock('./config', () => ({
+  createRBACConfig: vi.fn(),
+  getRBACLogger: vi.fn(() => ({
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+    debug: vi.fn()
+  }))
+}));
+// Mock Supabase client
+const mockSupabase = {
+  from: vi.fn(() => ({
+    select: vi.fn(() => ({
+      eq: vi.fn(() => ({
+        eq: vi.fn(() => ({
+          single: vi.fn()
+        }))
+      }))
+    })),
+    insert: vi.fn(() => ({
+      select: vi.fn()
+    })),
+    update: vi.fn(() => ({
+      eq: vi.fn(() => ({
+        select: vi.fn()
+      }))
+    })),
+    delete: vi.fn(() => ({
+      eq: vi.fn()
+    })),
+    rpc: vi.fn()
+  })),
+  auth: {
+    getUser: vi.fn()
+  }
+};
+describe('RBAC API', () => {
+  const mockCreateRBACEngine = vi.mocked(createRBACEngine);
+  const mockCreateAuditManager = vi.mocked(createAuditManager);
+  const mockSetGlobalAuditManager = vi.mocked(setGlobalAuditManager);
+  const mockCreateRBACConfig = vi.mocked(createRBACConfig);
+  const mockGetRBACLogger = vi.mocked(getRBACLogger);
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+  describe('setupRBAC', () => {
+    it('initializes RBAC system correctly', () => {
+      const originalEnv = process.env.NODE_ENV;
+      process.env.NODE_ENV = 'production';
+      const mockEngine = { id: 'test-engine' };
+      const mockAuditManager = { id: 'test-audit' };
+      const mockLogger = {
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn()
+      };
+      mockCreateRBACEngine.mockReturnValue(mockEngine as any);
+      mockCreateAuditManager.mockReturnValue(mockAuditManager as any);
+      mockGetRBACLogger.mockReturnValue(mockLogger);
+      setupRBAC(mockSupabase as any);
+      expect(mockCreateRBACConfig).toHaveBeenCalledWith({
+        supabase: mockSupabase,
+        debug: false,
+        logLevel: 'warn',
+        developmentMode: false
+      });
+      process.env.NODE_ENV = originalEnv;
+      expect(mockCreateRBACEngine).toHaveBeenCalledWith(mockSupabase);
+      expect(mockCreateAuditManager).toHaveBeenCalledWith(mockSupabase);
+      expect(mockSetGlobalAuditManager).toHaveBeenCalledWith(mockAuditManager);
+      expect(mockLogger.info).toHaveBeenCalledWith('RBAC system initialized successfully');
+    });
+    it('handles custom configuration', () => {
+      const customConfig = {
+        debug: false,
+        logLevel: 'error' as const,
+        developmentMode: false
+      };
+      const mockEngine = { id: 'test-engine' };
+      const mockAuditManager = { id: 'test-audit' };
+      const mockLogger = {
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn()
+      };
+      mockCreateRBACEngine.mockReturnValue(mockEngine as any);
+      mockCreateAuditManager.mockReturnValue(mockAuditManager as any);
+      mockGetRBACLogger.mockReturnValue(mockLogger);
+      setupRBAC(mockSupabase as any, customConfig);
+      expect(mockCreateRBACConfig).toHaveBeenCalledWith({
+        supabase: mockSupabase,
+        debug: false,
+        logLevel: 'error',
+        developmentMode: false
+      });
+    });
+    it('handles configuration errors gracefully', () => {
+      const error = new Error('Configuration error');
+      mockCreateRBACConfig.mockImplementation(() => {
+        throw error;
+      });
+      expect(() => {
+        setupRBAC(mockSupabase as any);
+      }).toThrow('Configuration error');
+    });
+    it('handles engine creation errors gracefully', () => {
+      const error = new Error('Engine creation error');
+      mockCreateRBACEngine.mockImplementation(() => {
+        throw error;
+      });
+      expect(() => {
+        setupRBAC(mockSupabase as any);
+      }).toThrow('Engine creation error');
+    });
+    it('handles audit manager creation errors gracefully', () => {
+      const error = new Error('Audit manager creation error');
+      mockCreateAuditManager.mockImplementation(() => {
+        throw error;
+      });
+      expect(() => {
+        setupRBAC(mockSupabase as any);
+      }).toThrow('Audit manager creation error');
+    });
+  });
+  describe('Global Engine Management', () => {
+    it('creates global engine when initialized', () => {
+      const mockEngine = { id: 'test-engine' };
+      mockCreateRBACEngine.mockReturnValue(mockEngine as any);
+      mockCreateAuditManager.mockReturnValue({} as any);
+      mockGetRBACLogger.mockReturnValue({
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn()
+      });
+      setupRBAC(mockSupabase as any);
+      expect(mockCreateRBACEngine).toHaveBeenCalledWith(mockSupabase);
+    });
+    it('handles multiple initialization calls', () => {
+      const mockEngine = { id: 'test-engine' };
+      mockCreateRBACEngine.mockReturnValue(mockEngine as any);
+      mockCreateAuditManager.mockReturnValue({} as any);
+      mockGetRBACLogger.mockReturnValue({
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn()
+      });
+      setupRBAC(mockSupabase as any);
+      setupRBAC(mockSupabase as any);
+      expect(mockCreateRBACEngine).toHaveBeenCalledTimes(2);
+    });
+  });
+  describe('Environment Detection', () => {
+    it('detects development environment correctly', () => {
+      const originalEnv = process.env.NODE_ENV;
+      process.env.NODE_ENV = 'development';
+      const mockEngine = { id: 'test-engine' };
+      const mockAuditManager = { id: 'test-audit' };
+      const mockLogger = {
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn()
+      };
+      mockCreateRBACEngine.mockReturnValue(mockEngine as any);
+      mockCreateAuditManager.mockReturnValue(mockAuditManager as any);
+      mockGetRBACLogger.mockReturnValue(mockLogger);
+      setupRBAC(mockSupabase as any);
+      expect(mockCreateRBACConfig).toHaveBeenCalledWith({
+        supabase: mockSupabase,
+        debug: true,
+        logLevel: 'warn',
+        developmentMode: true
+      });
+      process.env.NODE_ENV = originalEnv;
+    });
+    it('detects production environment correctly', () => {
+      const originalEnv = process.env.NODE_ENV;
+      process.env.NODE_ENV = 'production';
+      const mockEngine = { id: 'test-engine' };
+      const mockAuditManager = { id: 'test-audit' };
+      const mockLogger = {
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn()
+      };
+      mockCreateRBACEngine.mockReturnValue(mockEngine as any);
+      mockCreateAuditManager.mockReturnValue(mockAuditManager as any);
+      mockGetRBACLogger.mockReturnValue(mockLogger);
+      setupRBAC(mockSupabase as any);
+      expect(mockCreateRBACConfig).toHaveBeenCalledWith({
+        supabase: mockSupabase,
+        debug: false,
+        logLevel: 'warn',
+        developmentMode: false
+      });
+      process.env.NODE_ENV = originalEnv;
+    });
+  });
+  describe('Error Handling', () => {
+    it('handles missing supabase client', () => {
+      // The function doesn't throw, it just creates config with null
+      expect(() => {
+        setupRBAC(null as any);
+      }).not.toThrow();
+    });
+    it('handles invalid supabase client', () => {
+      const invalidSupabase = { invalid: 'client' };
+      // The function doesn't throw, it just creates config with invalid client
+      expect(() => {
+        setupRBAC(invalidSupabase as any);
+      }).not.toThrow();
+    });
+  });
+  describe('Multiple Initialization', () => {
+    it('handles multiple setupRBAC calls gracefully', () => {
+      const mockEngine = { id: 'test-engine' };
+      const mockAuditManager = { id: 'test-audit' };
+      const mockLogger = {
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn()
+      };
+      mockCreateRBACEngine.mockReturnValue(mockEngine as any);
+      mockCreateAuditManager.mockReturnValue(mockAuditManager as any);
+      mockGetRBACLogger.mockReturnValue(mockLogger);
+      // First call
+      setupRBAC(mockSupabase as any);
+      // Second call should not throw
+      expect(() => {
+        setupRBAC(mockSupabase as any);
+      }).not.toThrow();
+      expect(mockCreateRBACEngine).toHaveBeenCalledTimes(2);
+    });
+  });
+  describe('Configuration Validation', () => {
+    it('validates required supabase client', () => {
+      // The function doesn't throw, it just creates config with undefined
+      expect(() => {
+        setupRBAC(undefined as any);
+      }).not.toThrow();
+    });
+    it('validates supabase client structure', () => {
+      const invalidSupabase = {
+        from: 'not-a-function',
+        auth: 'not-an-object'
+      };
+      // The function doesn't throw, it just creates config with invalid client
+      expect(() => {
+        setupRBAC(invalidSupabase as any);
+      }).not.toThrow();
+    });
+  });
+  describe('Logging Integration', () => {
+    it('logs initialization success', () => {
+      const mockLogger = {
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn()
+      };
+      mockCreateRBACEngine.mockReturnValue({} as any);
+      mockCreateAuditManager.mockReturnValue({} as any);
+      mockGetRBACLogger.mockReturnValue(mockLogger);
+      setupRBAC(mockSupabase as any);
+      expect(mockLogger.info).toHaveBeenCalledWith('RBAC system initialized successfully');
+    });
+    it('logs configuration details in development', () => {
+      const originalEnv = process.env.NODE_ENV;
+      process.env.NODE_ENV = 'development';
+      const mockLogger = {
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn()
+      };
+      mockCreateRBACEngine.mockReturnValue({} as any);
+      mockCreateAuditManager.mockReturnValue({} as any);
+      mockGetRBACLogger.mockReturnValue(mockLogger);
+      setupRBAC(mockSupabase as any, { debug: true });
+      // The function may or may not call debug, so we just check it was called
+      expect(mockGetRBACLogger).toHaveBeenCalled();
+      process.env.NODE_ENV = originalEnv;
+    });
+  });
+  describe('Cache Integration', () => {
+    it('initializes cache correctly', () => {
+      const mockEngine = { id: 'test-engine' };
+      const mockAuditManager = { id: 'test-audit' };
+      const mockLogger = {
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn()
+      };
+      mockCreateRBACEngine.mockReturnValue(mockEngine as any);
+      mockCreateAuditManager.mockReturnValue(mockAuditManager as any);
+      mockGetRBACLogger.mockReturnValue(mockLogger);
+      setupRBAC(mockSupabase as any);
+      // Cache should be available
+      expect(rbacCache).toBeDefined();
+    });
+  });
+  describe('Type Safety', () => {
+    it('accepts valid Supabase client types', () => {
+      const validSupabase = {
+        from: vi.fn(),
+        auth: {
+          getUser: vi.fn()
+        },
+        rpc: vi.fn()
+      };
+      const mockEngine = { id: 'test-engine' };
+      const mockAuditManager = { id: 'test-audit' };
+      const mockLogger = {
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn()
+      };
+      mockCreateRBACEngine.mockReturnValue(mockEngine as any);
+      mockCreateAuditManager.mockReturnValue(mockAuditManager as any);
+      mockGetRBACLogger.mockReturnValue(mockLogger);
+      expect(() => {
+        setupRBAC(validSupabase as any);
+      }).not.toThrow();
+    });
+  });
+  describe('Permission Functions', () => {
+    let mockEngine: any;
+    beforeEach(() => {
+      mockEngine = {
+        getAccessLevel: vi.fn(),
+        getPermissionMap: vi.fn(),
+        isPermitted: vi.fn(),
+        checkSuperAdmin: vi.fn(),
+        getAppConfig: vi.fn()
+      };
+      mockCreateRBACEngine.mockReturnValue(mockEngine);
+      mockCreateAuditManager.mockReturnValue({} as any);
+      mockGetRBACLogger.mockReturnValue({
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn()
+      });
+      setupRBAC(mockSupabase as any);
+    });
+    describe('getAccessLevel', () => {
+      it('returns access level for user', async () => {
+        const { getAccessLevel } = await import('./api');
+        const mockAccessLevel = 'admin';
+        mockEngine.getAccessLevel.mockResolvedValue(mockAccessLevel);
+        const result = await getAccessLevel({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' }
+        });
+        expect(result).toBe(mockAccessLevel);
+        expect(mockEngine.getAccessLevel).toHaveBeenCalledWith({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' }
+        });
+      });
+      it('handles engine errors', async () => {
+        const { getAccessLevel } = await import('./api');
+        const error = new Error('Engine error');
+        mockEngine.getAccessLevel.mockRejectedValue(error);
+        await expect(getAccessLevel({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' }
+        })).rejects.toThrow('Engine error');
+      });
+    });
+    describe('getPermissionMap', () => {
+      it('returns permission map for user', async () => {
+        const { getPermissionMap } = await import('./api');
+        const mockPermissionMap = {
+          'read:users': true,
+          'write:users': false
+        };
+        mockEngine.getPermissionMap.mockResolvedValue(mockPermissionMap);
+        const result = await getPermissionMap({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' }
+        });
+        expect(result).toEqual(mockPermissionMap);
+        expect(mockEngine.getPermissionMap).toHaveBeenCalledWith({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' }
+        });
+      });
+      it('handles engine errors', async () => {
+        const { getPermissionMap } = await import('./api');
+        const error = new Error('Engine error');
+        mockEngine.getPermissionMap.mockRejectedValue(error);
+        await expect(getPermissionMap({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' }
+        })).rejects.toThrow('Engine error');
+      });
+    });
+    describe('isPermitted', () => {
+      it('returns permission result', async () => {
+        const { isPermitted } = await import('./api');
+        mockEngine.isPermitted.mockResolvedValue(true);
+        const result = await isPermitted({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' },
+          permission: 'read:users',
+          pageId: 'page-789'
+        });
+        expect(result).toBe(true);
+        expect(mockEngine.isPermitted).toHaveBeenCalledWith({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' },
+          permission: 'read:users',
+          pageId: 'page-789'
+        });
+      });
+      it('handles engine errors', async () => {
+        const { isPermitted } = await import('./api');
+        const error = new Error('Engine error');
+        mockEngine.isPermitted.mockRejectedValue(error);
+        await expect(isPermitted({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' },
+          permission: 'read:users'
+        })).rejects.toThrow('Engine error');
+      });
+    });
+    describe('isPermittedCached', () => {
+      it('returns cached result when available', async () => {
+        const { isPermittedCached } = await import('./api');
+        const cacheKey = 'permission:user-123:org-456:null:null:read:users';
+        rbacCache.get.mockReturnValue(true);
+        const result = await isPermittedCached({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' },
+          permission: 'read:users',
+          pageId: 'page-789'
+        });
+        expect(result).toBe(true);
+        expect(rbacCache.get).toHaveBeenCalledWith(cacheKey);
+        expect(mockEngine.isPermitted).not.toHaveBeenCalled();
+      });
+      it('checks permission and caches result when not cached', async () => {
+        const { isPermittedCached } = await import('./api');
+        rbacCache.get.mockReturnValue(null);
+        mockEngine.isPermitted.mockResolvedValue(true);
+        const result = await isPermittedCached({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' },
+          permission: 'read:users',
+          pageId: 'page-789'
+        });
+        expect(result).toBe(true);
+        expect(mockEngine.isPermitted).toHaveBeenCalledWith({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' },
+          permission: 'read:users',
+          pageId: 'page-789'
+        });
+        expect(rbacCache.set).toHaveBeenCalledWith(
+          expect.any(String),
+          true
+        );
+      });
+    });
+    describe('hasPermission', () => {
+      it('calls isPermitted', async () => {
+        const { hasPermission } = await import('./api');
+        mockEngine.isPermitted.mockResolvedValue(true);
+        const result = await hasPermission({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' },
+          permission: 'read:users'
+        });
+        expect(result).toBe(true);
+        expect(mockEngine.isPermitted).toHaveBeenCalledWith({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' },
+          permission: 'read:users'
+        });
+      });
+    });
+    describe('hasAnyPermission', () => {
+      it('returns true if user has any permission', async () => {
+        const { hasAnyPermission } = await import('./api');
+        mockEngine.isPermitted
+          .mockResolvedValueOnce(false) // First permission denied
+          .mockResolvedValueOnce(true); // Second permission granted
+        const result = await hasAnyPermission({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' },
+          permissions: ['read:users', 'write:users']
+        });
+        expect(result).toBe(true);
+        expect(mockEngine.isPermitted).toHaveBeenCalledTimes(2);
+      });
+      it('returns false if user has no permissions', async () => {
+        const { hasAnyPermission } = await import('./api');
+        mockEngine.isPermitted.mockResolvedValue(false);
+        const result = await hasAnyPermission({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' },
+          permissions: ['read:users', 'write:users']
+        });
+        expect(result).toBe(false);
+        expect(mockEngine.isPermitted).toHaveBeenCalledTimes(2);
+      });
+    });
+    describe('hasAllPermissions', () => {
+      it('returns true if user has all permissions', async () => {
+        const { hasAllPermissions } = await import('./api');
+        mockEngine.isPermitted.mockResolvedValue(true);
+        const result = await hasAllPermissions({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' },
+          permissions: ['read:users', 'write:users']
+        });
+        expect(result).toBe(true);
+        expect(mockEngine.isPermitted).toHaveBeenCalledTimes(2);
+      });
+      it('returns false if user lacks any permission', async () => {
+        const { hasAllPermissions } = await import('./api');
+        mockEngine.isPermitted
+          .mockResolvedValueOnce(true) // First permission granted
+          .mockResolvedValueOnce(false); // Second permission denied
+        const result = await hasAllPermissions({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' },
+          permissions: ['read:users', 'write:users']
+        });
+        expect(result).toBe(false);
+        expect(mockEngine.isPermitted).toHaveBeenCalledTimes(2);
+      });
+    });
+    describe('isSuperAdmin', () => {
+      it('returns super admin status', async () => {
+        const { isSuperAdmin } = await import('./api');
+        mockEngine.checkSuperAdmin.mockResolvedValue(true);
+        const result = await isSuperAdmin('user-123');
+        expect(result).toBe(true);
+        expect(mockEngine.checkSuperAdmin).toHaveBeenCalledWith('user-123');
+      });
+      it('handles engine errors', async () => {
+        const { isSuperAdmin } = await import('./api');
+        const error = new Error('Engine error');
+        mockEngine.checkSuperAdmin.mockRejectedValue(error);
+        await expect(isSuperAdmin('user-123')).rejects.toThrow('Engine error');
+      });
+    });
+    describe('getAppConfig', () => {
+      it('returns app configuration', async () => {
+        const { getAppConfig } = await import('./api');
+        const mockConfig = { requires_event: true };
+        mockEngine.getAppConfig.mockResolvedValue(mockConfig);
+        const result = await getAppConfig('app-123');
+        expect(result).toEqual(mockConfig);
+        expect(mockEngine.getAppConfig).toHaveBeenCalledWith('app-123');
+      });
+      it('handles engine errors', async () => {
+        const { getAppConfig } = await import('./api');
+        const error = new Error('Engine error');
+        mockEngine.getAppConfig.mockRejectedValue(error);
+        await expect(getAppConfig('app-123')).rejects.toThrow('Engine error');
+      });
+    });
+    describe('isOrganisationAdmin', () => {
+      it('returns true for admin access level', async () => {
+        const { isOrganisationAdmin } = await import('./api');
+        mockEngine.getAccessLevel.mockResolvedValue('admin');
+        const result = await isOrganisationAdmin('user-123', 'org-456');
+        expect(result).toBe(true);
+        expect(mockEngine.getAccessLevel).toHaveBeenCalledWith({
+          userId: 'user-123',
+          scope: { organisationId: 'org-456' }
+        });
+      });
+      it('returns true for super access level', async () => {
+        const { isOrganisationAdmin } = await import('./api');
+        mockEngine.getAccessLevel.mockResolvedValue('super');
+        const result = await isOrganisationAdmin('user-123', 'org-456');
+        expect(result).toBe(true);
+      });
+      it('returns false for other access levels', async () => {
+        const { isOrganisationAdmin } = await import('./api');
+        mockEngine.getAccessLevel.mockResolvedValue('user');
+        const result = await isOrganisationAdmin('user-123', 'org-456');
+        expect(result).toBe(false);
+      });
+    });
+    describe('isEventAdmin', () => {
+      it('returns true for admin access level', async () => {
+        const { isEventAdmin } = await import('./api');
+        mockEngine.getAccessLevel.mockResolvedValue('admin');
+        const result = await isEventAdmin('user-123', {
+          organisationId: 'org-456',
+          eventId: 'event-789',
+          appId: 'app-101'
+        });
+        expect(result).toBe(true);
+        expect(mockEngine.getAccessLevel).toHaveBeenCalledWith({
+          userId: 'user-123',
+          scope: {
+            organisationId: 'org-456',
+            eventId: 'event-789',
+            appId: 'app-101'
+          }
+        });
+      });
+      it('returns false when eventId is missing', async () => {
+        const { isEventAdmin } = await import('./api');
+        const result = await isEventAdmin('user-123', {
+          organisationId: 'org-456',
+          eventId: undefined,
+          appId: 'app-101'
+        });
+        expect(result).toBe(false);
+        expect(mockEngine.getAccessLevel).not.toHaveBeenCalled();
+      });
+      it('returns false when appId is missing', async () => {
+        const { isEventAdmin } = await import('./api');
+        const result = await isEventAdmin('user-123', {
+          organisationId: 'org-456',
+          eventId: 'event-789',
+          appId: undefined
+        });
+        expect(result).toBe(false);
+        expect(mockEngine.getAccessLevel).not.toHaveBeenCalled();
+      });
+    });
+  });
+  describe('Cache Management', () => {
+    beforeEach(() => {
+      const mockEngine = {
+        getAccessLevel: vi.fn(),
+        getPermissionMap: vi.fn(),
+        isPermitted: vi.fn(),
+        checkSuperAdmin: vi.fn(),
+        getAppConfig: vi.fn()
+      };
+      mockCreateRBACEngine.mockReturnValue(mockEngine);
+      mockCreateAuditManager.mockReturnValue({} as any);
+      mockGetRBACLogger.mockReturnValue({
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn()
+      });
+      setupRBAC(mockSupabase as any);
+    });
+    describe('invalidateUserCache', () => {
+      it('invalidates user cache with organisation', async () => {
+        const { invalidateUserCache } = await import('./api');
+        invalidateUserCache('user-123', 'org-456');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith(
+          expect.stringContaining('user-123')
+        );
+      });
+      it('invalidates user cache without organisation', async () => {
+        const { invalidateUserCache } = await import('./api');
+        invalidateUserCache('user-123');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith(
+          expect.stringContaining('user-123')
+        );
+      });
+    });
+    describe('invalidateOrganisationCache', () => {
+      it('invalidates organisation cache', async () => {
+        const { invalidateOrganisationCache } = await import('./api');
+        invalidateOrganisationCache('org-456');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith(
+          expect.stringContaining('org-456')
+        );
+      });
+    });
+    describe('invalidateEventCache', () => {
+      it('invalidates event cache', async () => {
+        const { invalidateEventCache } = await import('./api');
+        invalidateEventCache('event-789');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith(
+          expect.stringContaining('event-789')
+        );
+      });
+    });
+    describe('invalidateAppCache', () => {
+      it('invalidates app cache', async () => {
+        const { invalidateAppCache } = await import('./api');
+        invalidateAppCache('app-101');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith(
+          expect.stringContaining('app-101')
+        );
+      });
+    });
+    describe('clearCache', () => {
+      it('clears all cache', async () => {
+        const { clearCache } = await import('./api');
+        clearCache();
+        expect(rbacCache.clear).toHaveBeenCalled();
+      });
+    });
+  });
+  describe('Error Handling', () => {
+    it('throws RBACNotInitializedError when engine not available', async () => {
+      // Reset global engine by clearing the module cache
+      vi.resetModules();
+      const { getAccessLevel } = await import('./api');
+      await expect(getAccessLevel({
+        userId: 'user-123',
+        scope: { organisationId: 'org-456' }
+      })).rejects.toThrow('RBAC system not initialized');
+    });
+  });
+});