@jmruthers/pace-core 0.5.108 → 0.5.109

package/CHANGELOG.md

@@ -7,206 +7,104 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-### Changed - RBAC Refactoring
-- **Breaking**: Renamed provider hook `useRBAC()` to `useRBACContext()` to avoid naming collision
-- **Removed**: Non-functional `usePermissionCheck` hook  
-- **Deprecated**: `RBACService`, `useRBACService` - use new RBAC system instead
-- Consolidated permission checking logic into single source of truth
-- Established consistent fail-secure error handling across RBAC components
-- Removed 100+ lines of duplicate code
+## [0.5.109] - 2025-11-03
 
 ### Added
-- **DataTable Initial Page Size**: Added `initialPageSize` prop to DataTable component for customizing the initial page size
-- **Page Size Validation**: Automatic validation of initial page size against available options with fallback to closest valid option
-- **Console Warnings**: Helpful warnings when invalid page sizes are provided
-- **DataTable Expand/Collapse All**: Added expand/collapse all button in hierarchical DataTable headers for quick parent row management
-- **Smart State Detection**: Button automatically updates icon (▶️/🔽) based on current expansion state
-- **Accessibility Support**: Full ARIA labels and keyboard navigation for expand/collapse all functionality
-- **DataTable Column Ordering**: Added `columnOrder` prop to DataTable component for custom column positioning
-- **Selection Column Positioning**: Selection column can now be positioned anywhere in the column order
-- **Actions Column Positioning**: Actions column can now be positioned anywhere in the column order
-- **Default Behavior**: When `columnOrder` doesn't include 'select', selection column defaults to first position
-
-### Fixed
-- **DataTable Infinite Loop Prevention**: Fixed infinite re-rendering loops when using complex data processing with `useMemo` hooks
-- **Data Reference Stability**: Improved data reference stability to prevent unnecessary re-renders
-- **Memory Optimization**: Added safeguards against infinite loops with render counting and data comparison
-- **Performance**: Optimized table configuration memoization to prevent unnecessary re-creation
-- **RBAC Race Condition**: Fixed "Access Denied" errors for users with valid permissions caused by race condition in permission checking
-- **Permission Loading State**: Improved loading state handling during scope resolution to prevent premature access denied errors
-
-### Improved
-- **Data Processing Documentation**: Added comprehensive best practices for data processing with DataTable
-- **Error Handling**: Added infinite loop detection and prevention mechanisms
-- **Type Safety**: Improved TypeScript type handling for complex data scenarios
-
-## [0.3.52] - 2024-12-19
+- **Automatic Login History Tracking**: Login and logout events are now automatically tracked when using `UnifiedAuthProvider`. No manual intervention required - tracking happens automatically on `SIGNED_IN` and `SIGNED_OUT` events.
+- **Login History Database Schema**: Added `app_id` column to `rbac_user_login_history` table for application-specific tracking
+- **Performance Indexes**: Added indexes on `login_timestamp` and `(user_id, login_timestamp)` for efficient login history queries
+- **Session Tracking Integration**: `AuthService` now automatically calls `rbac_session_track` on login/logout events, which records both session data and login history
+- **Comprehensive Session Tracking Tests**: Added unit tests for automatic session tracking functionality
 
 ### Changed
-- **Row Actions Simplification**: Removed incomplete `features.rowActions` implementation and kept robust `actions` prop as the single method for custom row actions
-- **Documentation Update**: Updated all documentation to reflect single row actions approach using `actions` prop
+- **Session Tracking Hook API**: Removed `trackLogin()` and `trackLogout()` methods from `useSessionTracking` hook. These are now automatically handled by `UnifiedAuthProvider`. The hook now only provides `trackEventSwitch()` and `trackSessionExpired()` for manual tracking scenarios.
+- **Database Function Enhancement**: Modified `rbac_session_track` RPC function to automatically insert into `rbac_user_login_history` table when `session_type = 'login'`
+- **RBAC Permission String Format**: Updated permission string format to `"operation:page.pageId"` (e.g., `"read:page.suppliers"`) for consistent permission checking
+- **Navigation Filtering Optimization**: Optimized `PaceAppLayout` navigation filtering to use `getPermissionMap` for batch permission fetching, preventing rate limit exceeded errors
 
-### Fixed
-- **Actions Prop Implementation**: Verified and confirmed that the `actions` prop is fully implemented and working correctly in DataTable component
+### Removed
+- **AuthProvider.simplified.tsx**: Removed unused experimental auth provider file (tech debt cleanup)
+- **useSessionTracking Methods**: Removed `trackLogin()` and `trackLogout()` methods - these are now automatically handled
 
 ### Fixed
-- **CRITICAL**: Fixed timing issue in OrganisationProvider where database organisation context was not set before other components tried to use it
-- **CRITICAL**: Fixed race condition that caused RLS policies to fail on first load
-- **CRITICAL**: Fixed super admin permissions returning false for all operations due to missing organisation context
-- **CRITICAL**: Fixed Tailwind v4 theme file with missing semantic colors and circular @apply references
-- **CRITICAL**: Fixed component classes (.pace-button, .pace-input, .pace-card) to be self-contained
-- **CRITICAL**: Fixed missing basic colors (white, black, transparent, current) in Tailwind v4 theme file
-- **CRITICAL**: Fixed semantic color mappings to match demo app appearance (blue-tinted theme instead of neutral gray)
-- **CRITICAL**: Fixed header layout by adding missing CSS variables (--app-width, --color-main-*, --color-sec-*, --color-acc-*)
-- **CRITICAL**: Added comprehensive CSS variable coverage for all components (fonts, design tokens, event colors, Radix UI variables)
-- **CRITICAL**: Added comprehensive troubleshooting guide for "unrecognized configuration parameter" database errors
-
-### Added
-- Comprehensive JSDoc documentation for all public components
-- Enhanced API documentation with examples and TypeScript types
-- Complete testing guide with utilities and patterns
-- Quick start examples and troubleshooting guides
-- Performance optimization recommendations
-- Migration guides from Auth0 and Firebase
-- Interactive CodeSandbox and StackBlitz examples
-- Context readiness state to ensure database context is set before rendering children
-
-### Enhanced
-- Button component with full JSDoc documentation and examples
-- README with 3-minute quick start guide
-- Error handling documentation with common solutions
-- Component documentation with accessibility guidelines
-- OrganisationProvider with proper async context setting and loading states
-
-### Improved
-- Developer experience with better onboarding materials
-- Documentation structure for easier navigation
-- Code examples with TypeScript types and best practices
-- Organisation context reliability and timing
-
-## [0.1.102] - 2025-05-26
-
-### Added
-- Enhanced package structure for better modularity
-- Granular exports in package.json for better tree-shaking
-- Improved boundary validation scripts
-- CHANGELOG.md for tracking package versions
+- **SQL Ambiguity in util_app_resolve**: Fixed ambiguous column reference `"is_active"` by using explicit table aliases
+- **Case Sensitivity in App Resolution**: Fixed `util_app_resolve` to use case-insensitive app name matching
+- **Function Return Type Mismatch**: Fixed `util_app_resolve` return type mismatch between function signature and `RETURN QUERY` statement
+- **rbac_permissions_get Function Overloading**: Consolidated two overloaded versions of `rbac_permissions_get` into a single unified function, resolving PostgREST ambiguity issues
+- **Navigation Filtering Permission Format**: Fixed incorrect permission string construction in `PaceAppLayout` navigation filtering (now correctly formats as `"operation:page.pageId"`)
+- **Rate Limit Exceeded Errors**: Fixed navigation filtering causing excessive API calls by implementing batch permission fetching
+- **RLS Policy Permissiveness**: Removed overly permissive RLS policy on `rbac_user_login_history` that allowed system-level inserts without proper context
 
-### Fixed
-- Resolved duplicate exports of EventSelectorProps
-- Clean separation between test utilities and production code
-- Enhanced demo discoverability with improved index page
+---
 
-### Changed
-- Optimized main index.ts exports to avoid conflicts
-- Strengthened validation scripts with circular dependency checks
-- Improved package.json exports for better modularity
+## Migration Guide
 
-## [0.1.101] - Previous Release
+### Upgrading from 0.5.108 to 0.5.109
 
-### Added
-- Core component library with Button, Card, Input, DataTable
-- Authentication module with Supabase integration
-- RBAC system with permission guards and hooks
-- Event management with dynamic theming
-- Form validation with Zod schemas
-- Comprehensive test utilities and mock providers
-
-### Features
-- TypeScript support with strict typing
-- Tree-shakeable exports
-- Tailwind CSS styling
-- shadcn/ui component integration
-- Accessibility support
-- Comprehensive documentation
-
-### Components
-- **UI Components**: Button, Card, Input, Alert, Avatar, Progress
-- **Form Components**: Form, FormField, Input validation
-- **Layout Components**: Header, Footer, NavigationMenu
-- **Data Components**: DataTable with sorting, filtering, pagination
-- **Authentication**: LoginForm, UserMenu, AuthProvider
-- **RBAC**: PermissionGuard, RBACProvider
-
-### Hooks
-- **Authentication**: useAuth, useAutoLogout, useSecureAuth
-- **Permissions**: useHasPermission, usePermissionCheck, usePermissions
-- **UI**: useToast, useIsMobile, useFocusManagement
-- **Forms**: useZodForm, form validation hooks
-
-### Utilities
-- **Validation**: Email, password, form schemas
-- **Security**: Encryption, rate limiting, audit logging
-- **Formatting**: Date, currency, percentage formatters
-- **Performance**: Debouncing, throttling, memoization
-
-### Types
-- **Core Types**: User, Session, AuthError, PermissionString
-- **Component Types**: ButtonProps, FormProps, DataTableProps
-- **Utility Types**: AccessLevel, ValidationError, SecurityLevel
-
-## [0.1.0] - Initial Release
+This guide covers upgrading from version **0.5.108** to **0.5.109**.
 
-### Added
-- Initial package structure
-- Basic component library foundation
-- Authentication provider setup
-- RBAC permission system
-- Form validation utilities
-- TypeScript configuration
-- Build and test infrastructure
-
-### Infrastructure
-- Vite build system
-- Vitest testing framework
-- ESLint and Prettier configuration
-- GitHub Actions CI/CD
-- NPM publishing workflow
+#### Automatic Login History Tracking
 
----
+**No code changes required!** Login history tracking is now fully automatic when using `UnifiedAuthProvider`.
 
-## Migration Guide
+**In 0.5.108:**
+```tsx
+// Manual tracking was required
+import { useSessionTracking } from '@jmruthers/pace-core';
 
-### Upgrading from 0.1.101 to 0.1.102
+function MyComponent() {
+  const { trackLogin, trackLogout } = useSessionTracking(supabase, 'MY_APP');
+  
+  useEffect(() => {
+    // Manual tracking calls
+    trackLogin();
+  }, []);
+}
+```
 
-No breaking changes. This release focuses on improved documentation and developer experience.
+**In 0.5.109:**
+```tsx
+// Automatic tracking - no code changes needed!
+<UnifiedAuthProvider
+  supabaseClient={supabase}
+  appName="MY_APP"  // This enables automatic tracking
+>
+  <App />
+</UnifiedAuthProvider>
+```
 
-### Upgrading to Future Versions
+**Migration Steps:**
+1. ✅ **Remove manual tracking calls** - If you are using `useSessionTracking.trackLogin()` or `trackLogout()`, remove those calls (they're now automatic)
+2. ✅ **Keep event switch tracking** - If you use `trackEventSwitch()` or `trackSessionExpired()`, those methods are still available
+3. ✅ **Apply database migrations** - Run the following migrations on your Supabase database:
+   - `20251103151742_add_app_id_to_login_history.sql`
+   - `20251103151802_modify_session_track_for_login_history.sql`
 
-Check this changelog for breaking changes and migration instructions for each version.
+#### useSessionTracking Hook Changes
 
-## Security Updates
+**Breaking Change**: The `useSessionTracking` hook no longer provides `trackLogin()` and `trackLogout()` methods in version 0.5.109.
 
-Security fixes will be documented here with details about:
-- CVE numbers (if applicable)
-- Affected versions
-- Recommended upgrade paths
-- Workarounds for immediate fixes
+**In 0.5.108:**
+```tsx
+const { trackLogin, trackLogout, trackEventSwitch } = useSessionTracking(supabase, 'MY_APP');
+```
 
-## Deprecation Notices
+**In 0.5.109:**
+```tsx
+// Only event switch and session expiration are available
+const { trackEventSwitch, trackSessionExpired } = useSessionTracking(supabase, 'MY_APP');
+```
 
-Features planned for deprecation will be announced here with:
-- Deprecation version
-- Removal timeline
-- Migration instructions
-- Alternative solutions
+**If you are using `trackLogin()` or `trackLogout()`:**
+- ✅ Remove those calls - they're now automatic
+- ✅ No replacement needed - `UnifiedAuthProvider` handles it automatically
 
-## Roadmap
+#### Navigation Permission String Format
 
-### v0.2.0 (Planned)
-- Enhanced DataTable with virtual scrolling
-- Advanced form components (date pickers, file uploads)
-- Improved accessibility features
-- Performance optimizations
+**Internal Change**: Permission strings in navigation filtering now use the format `"operation:page.pageId"` instead of separate operation and pageId parameters. This fix affects `PaceAppLayout` navigation filtering internally.
 
-### v0.3.0 (Planned)
-- React Server Components support
-- Advanced RBAC features
-- Internationalization support
-- Theme customization system
+**Migration Steps:**
+1. ✅ **No consumer code changes needed** - This is completely internal to `PaceAppLayout`
+2. ✅ **Navigation filtering now works correctly** - If you're using `filterNavigationByPermissions`, it will now properly hide unauthorized pages
+3. ✅ **No action required** - `PaceAppLayout` handles all permission checking for navigation automatically
 
-### v1.0.0 (Planned)
-- Stable API with semantic versioning guarantees
-- Complete documentation coverage
-- Comprehensive test suite
-- Production-ready performance optimizations

package/dist/{AuthService-1D2ifNfa.d.ts → AuthService-DrHrvXNZ.d.ts}

@@ -408,7 +408,8 @@ declare class AuthService extends BaseService implements IAuthService {
     private restorationTimeoutId;
     private readonly restorationTimeoutMs;
     private restorationStartTime;
-    constructor(supabaseClient: SupabaseClient);
+    private appName;
+    constructor(supabaseClient: SupabaseClient, appName?: string);
     getUser(): User | null;
     getSession(): Session | null;
     isAuthenticated(): boolean;
@@ -431,6 +432,12 @@ declare class AuthService extends BaseService implements IAuthService {
     private clearRestorationTimeout;
     private setupAuthStateListener;
     private restoreSession;
+    /**
+     * Automatically track user session using rbac_session_track
+     * This method is called automatically on SIGNED_IN and SIGNED_OUT events.
+     * It's non-blocking and failures are logged as warnings.
+     */
+    private trackSession;
     private setupErrorHandlers;
     private removeErrorHandlers;
 }

package/dist/{DataTable-WFCHVWTY.js → DataTable-5HITILXS.js}

@@ -54,9 +54,9 @@ import {
   sortHierarchicalDataWithSorting,
   validateHierarchicalData,
   validatePaginationConfig
-} from "./chunk-IMZGJ2X7.js";
-import "./chunk-QDDUU625.js";
-import "./chunk-S63MFSY6.js";
+} from "./chunk-UW2DE6JX.js";
+import "./chunk-WWNOVFDC.js";
+import "./chunk-F6TSYCKP.js";
 import "./chunk-Q7APDV6H.js";
 import {
   CircuitBreaker,
@@ -76,9 +76,9 @@ import {
   throttle,
   useDataTablePerformance
 } from "./chunk-4OX5PXHX.js";
-import "./chunk-ZXY5NTJB.js";
-import "./chunk-KBG34SVL.js";
-import "./chunk-X4FRXJV6.js";
+import "./chunk-EZ64QG2I.js";
+import "./chunk-EYSXQ756.js";
+import "./chunk-AUXS7XSO.js";
 import "./chunk-PYUXFQJ3.js";
 import "./chunk-JCQZ6LA7.js";
 import "./chunk-BDZUMRBD.js";
@@ -157,4 +157,4 @@ export {
   validateHierarchicalData,
   validatePaginationConfig
 };
-//# sourceMappingURL=DataTable-WFCHVWTY.js.map
+//# sourceMappingURL=DataTable-5HITILXS.js.map

package/dist/{UnifiedAuthProvider-XU4BHFXZ.js → UnifiedAuthProvider-A7I23UCN.js}

@@ -1,10 +1,10 @@
 import {
   init_UnifiedAuthProvider
-} from "./chunk-KBG34SVL.js";
+} from "./chunk-EYSXQ756.js";
 import {
   UnifiedAuthProvider,
   useUnifiedAuth
-} from "./chunk-X4FRXJV6.js";
+} from "./chunk-AUXS7XSO.js";
 import "./chunk-BDZUMRBD.js";
 import "./chunk-SMJZMKYN.js";
 import "./chunk-PLDDJCW6.js";
@@ -13,4 +13,4 @@ export {
   UnifiedAuthProvider,
   useUnifiedAuth
 };
-//# sourceMappingURL=UnifiedAuthProvider-XU4BHFXZ.js.map
+//# sourceMappingURL=UnifiedAuthProvider-A7I23UCN.js.map

package/dist/{api-KG4A2X7P.js → api-5I3E47G2.js}

@@ -19,7 +19,7 @@ import {
   isSuperAdmin,
   resolveAppContext,
   setupRBAC
-} from "./chunk-S63MFSY6.js";
+} from "./chunk-F6TSYCKP.js";
 import "./chunk-Q7APDV6H.js";
 import "./chunk-PLDDJCW6.js";
 export {
@@ -44,4 +44,4 @@ export {
   resolveAppContext,
   setupRBAC
 };
-//# sourceMappingURL=api-KG4A2X7P.js.map
+//# sourceMappingURL=api-5I3E47G2.js.map

package/dist/{chunk-DMNMZKWS.js → chunk-2W4WKJVF.js}

@@ -1,17 +1,17 @@
 import {
   init_useOrganisations,
   useOrganisations
-} from "./chunk-ZXY5NTJB.js";
+} from "./chunk-EZ64QG2I.js";
 import {
   init_UnifiedAuthProvider
-} from "./chunk-KBG34SVL.js";
+} from "./chunk-EYSXQ756.js";
 import {
   OrganisationServiceContext,
   OrganisationServiceProvider,
   init_OrganisationServiceProvider,
   useOrganisationService,
   useUnifiedAuth
-} from "./chunk-X4FRXJV6.js";
+} from "./chunk-AUXS7XSO.js";
 import {
   init_organisationContext,
   setOrganisationContext
@@ -1537,4 +1537,4 @@ export {
   clearFileDisplayCache,
   getFileDisplayCacheStats
 };
-//# sourceMappingURL=chunk-DMNMZKWS.js.map
+//# sourceMappingURL=chunk-2W4WKJVF.js.map

package/dist/{chunk-MOMYOQMC.js → chunk-3TKTL5AZ.js}

@@ -2,22 +2,22 @@ import {
   createScopeFromEvent,
   useAccessLevel,
   useCan
-} from "./chunk-QDDUU625.js";
+} from "./chunk-WWNOVFDC.js";
 import {
   OrganisationContextRequiredError,
   RBACCache,
   getRBACLogger,
   rbacCache
-} from "./chunk-S63MFSY6.js";
+} from "./chunk-F6TSYCKP.js";
 import {
   useSecureDataAccess
-} from "./chunk-GVRSXXAA.js";
+} from "./chunk-YFMENCR4.js";
 import {
   init_UnifiedAuthProvider
-} from "./chunk-KBG34SVL.js";
+} from "./chunk-EYSXQ756.js";
 import {
   useUnifiedAuth
-} from "./chunk-X4FRXJV6.js";
+} from "./chunk-AUXS7XSO.js";
 import {
   getCurrentAppName
 } from "./chunk-JCQZ6LA7.js";
@@ -1539,7 +1539,7 @@ function withPermissionGuard(config, handler) {
     if (!userId || !organisationId) {
       throw new Error("User context required for permission check");
     }
-    const { isPermitted: isPermitted2 } = await import("./api-KG4A2X7P.js");
+    const { isPermitted: isPermitted2 } = await import("./api-5I3E47G2.js");
     const hasPermission2 = await isPermitted2({
       userId,
       scope: { organisationId, eventId, appId },
@@ -1562,7 +1562,7 @@ function withAccessLevelGuard(minLevel, handler) {
     if (!userId || !organisationId) {
       throw new Error("User context required for access level check");
     }
-    const { getAccessLevel: getAccessLevel2 } = await import("./api-KG4A2X7P.js");
+    const { getAccessLevel: getAccessLevel2 } = await import("./api-5I3E47G2.js");
     const accessLevel = await getAccessLevel2({
       userId,
       scope: { organisationId, eventId, appId }
@@ -1587,7 +1587,7 @@ function withRoleGuard(config, handler) {
       throw new Error("User context required for role check");
     }
     if (config.globalRoles && config.globalRoles.length > 0) {
-      const { isSuperAdmin } = await import("./api-KG4A2X7P.js");
+      const { isSuperAdmin } = await import("./api-5I3E47G2.js");
       const isSuper = await isSuperAdmin(userId);
       if (isSuper) {
         if (organisationId) {
@@ -1613,14 +1613,14 @@ function withRoleGuard(config, handler) {
       }
     }
     if (config.organisationRoles && config.organisationRoles.length > 0) {
-      const { isOrganisationAdmin } = await import("./api-KG4A2X7P.js");
+      const { isOrganisationAdmin } = await import("./api-5I3E47G2.js");
       const isOrgAdmin = await isOrganisationAdmin(userId, organisationId);
       if (!isOrgAdmin && config.requireAll !== false) {
         throw new Error(`Organisation admin role required`);
       }
     }
     if (config.eventAppRoles && config.eventAppRoles.length > 0 && eventId && appId) {
-      const { isEventAdmin } = await import("./api-KG4A2X7P.js");
+      const { isEventAdmin } = await import("./api-5I3E47G2.js");
       const isEventAdminUser = await isEventAdmin(userId, { organisationId, eventId, appId });
       if (!isEventAdminUser && config.requireAll !== false) {
         throw new Error(`Event admin role required`);
@@ -1660,7 +1660,7 @@ function createRBACMiddleware(config) {
     );
     if (protectedRoute) {
       try {
-        const { isPermitted: isPermitted2 } = await import("./api-KG4A2X7P.js");
+        const { isPermitted: isPermitted2 } = await import("./api-5I3E47G2.js");
         const hasPermission2 = await isPermitted2({
           userId,
           scope: { organisationId },
@@ -1687,7 +1687,7 @@ function createRBACExpressMiddleware(config) {
       return res.status(401).json({ error: "User context required" });
     }
     try {
-      const { isPermitted: isPermitted2 } = await import("./api-KG4A2X7P.js");
+      const { isPermitted: isPermitted2 } = await import("./api-5I3E47G2.js");
       const hasPermission2 = await isPermitted2({
         userId,
         scope: { organisationId, eventId, appId },
@@ -1860,4 +1860,4 @@ export {
   getPermissionsForRole,
   ALL_PERMISSIONS
 };
-//# sourceMappingURL=chunk-MOMYOQMC.js.map
+//# sourceMappingURL=chunk-3TKTL5AZ.js.map

package/dist/{chunk-X4FRXJV6.js → chunk-AUXS7XSO.js}

@@ -93,7 +93,7 @@ var init_AuthService = __esm({
     "use strict";
     init_BaseService();
     AuthService = class extends BaseService {
-      constructor(supabaseClient) {
+      constructor(supabaseClient, appName) {
         super();
         this.user = null;
         this.session = null;
@@ -109,7 +109,9 @@ var init_AuthService = __esm({
         this.restorationTimeoutId = null;
         this.restorationTimeoutMs = 5e3;
         this.restorationStartTime = null;
+        this.appName = void 0;
         this.supabaseClient = supabaseClient;
+        this.appName = appName;
       }
       // Auth state getters
       getUser() {
@@ -399,12 +401,22 @@ var init_AuthService = __esm({
                   this.session = null;
                   this.user = null;
                   this.authError = null;
+                  if (session?.user) {
+                    this.trackSession("logout", session).catch((err) => {
+                      console.warn("[AuthService] Failed to track logout session:", err);
+                    });
+                  }
                 } else if (event === "SIGNED_IN" || event === "TOKEN_REFRESHED") {
                   this.session = session;
                   this.user = session?.user ?? null;
                   if (session) {
                     this.authError = null;
                   }
+                  if (event === "SIGNED_IN" && session?.user) {
+                    this.trackSession("login", session).catch((err) => {
+                      console.warn("[AuthService] Failed to track login session:", err);
+                    });
+                  }
                 } else if (event === "INITIAL_SESSION") {
                   if (session) {
                     this.session = session;
@@ -489,6 +501,45 @@ var init_AuthService = __esm({
           this.finishSessionRestoration(restorationError);
         }
       }
+      /**
+       * Automatically track user session using rbac_session_track
+       * This method is called automatically on SIGNED_IN and SIGNED_OUT events.
+       * It's non-blocking and failures are logged as warnings.
+       */
+      async trackSession(sessionType, session) {
+        if (!this.supabaseClient || !session?.user) {
+          return;
+        }
+        try {
+          let appId = void 0;
+          if (this.appName) {
+            const { data, error: error2 } = await this.supabaseClient.from("rbac_apps").select("id").eq("name", this.appName).eq("is_active", true).single();
+            if (!error2 && data) {
+              appId = data.id;
+            }
+          }
+          const ipAddress = void 0;
+          const userAgent = typeof navigator !== "undefined" ? navigator.userAgent : void 0;
+          const deviceFingerprint = void 0;
+          const { error } = await this.supabaseClient.rpc("rbac_session_track", {
+            p_user_id: session.user.id,
+            p_session_type: sessionType,
+            p_event_id: null,
+            // Event ID should come from context, not auth service
+            p_app_id: appId,
+            p_ip_address: ipAddress,
+            p_user_agent: userAgent,
+            p_device_fingerprint: deviceFingerprint
+          });
+          if (error) {
+            console.warn(`[AuthService] Failed to track ${sessionType} session:`, error);
+          } else {
+            console.debug(`[AuthService] Successfully tracked ${sessionType} session`);
+          }
+        } catch (error) {
+          console.warn(`[AuthService] Error tracking ${sessionType} session:`, error);
+        }
+      }
       setupErrorHandlers() {
         if (typeof window === "undefined") return;
         const handleError = (event) => {
@@ -518,10 +569,10 @@ var init_AuthService = __esm({
 // src/providers/services/AuthServiceProvider.tsx
 import { createContext, useContext, useMemo, useEffect, useState } from "react";
 import { jsx } from "react/jsx-runtime";
-function AuthServiceProvider({ children, supabaseClient }) {
+function AuthServiceProvider({ children, supabaseClient, appName }) {
   const authService = useMemo(
-    () => new AuthService(supabaseClient),
-    [supabaseClient]
+    () => new AuthService(supabaseClient, appName),
+    [supabaseClient, appName]
   );
   const [sessionRestoration, setSessionRestoration] = useState(
     () => authService.getSessionRestorationState()
@@ -2281,7 +2332,7 @@ function UnifiedAuthProvider({
   renderInactivityWarning,
   dangerouslyDisableInactivity = false
 }) {
-  return /* @__PURE__ */ jsx5(AuthServiceProvider, { supabaseClient, children: /* @__PURE__ */ jsx5(
+  return /* @__PURE__ */ jsx5(AuthServiceProvider, { supabaseClient, appName, children: /* @__PURE__ */ jsx5(
     ServiceAwareProviders,
     {
       supabaseClient,
@@ -2355,4 +2406,4 @@ export {
   UnifiedAuthProvider,
   init_UnifiedAuthProvider
 };
-//# sourceMappingURL=chunk-X4FRXJV6.js.map
+//# sourceMappingURL=chunk-AUXS7XSO.js.map