@jmruthers/pace-core 0.5.108 → 0.5.109

package/src/providers/AuthProvider.simplified.tsx

@@ -1,974 +0,0 @@
-/**
- * @file Simplified Auth Provider
- * @package @jmruthers/pace-core
- * @module Providers
- * @since 2.0.0
- *
- * BREAKING CHANGES FROM v1:
- * - Single provider instead of nested contexts
- * - No service classes (direct React state)
- * - No observer pattern (React's built-in re-rendering)
- * - No UnifiedAuthProvider nesting
- *
- * This provides:
- * - Authentication (user, session)
- * - Organisation management
- * - Event management
- * - Inactivity tracking
- *
- * All in one provider with React state management.
- */
-
-import React, { 
-  createContext, 
-  useContext, 
-  useState, 
-  useEffect, 
-  useCallback, 
-  useMemo,
-  useRef 
-} from 'react';
-import { 
-  type SupabaseClient, 
-  type User, 
-  type Session, 
-  type AuthError 
-} from '@supabase/supabase-js';
-import type { UUID } from '../rbac/types';
-
-// ============================================================================
-// TYPES
-// ============================================================================
-
-export interface Organisation {
-  id: UUID;
-  name: string;
-  display_name?: string;
-  subscription_tier?: string;
-  settings?: Record<string, any>;
-  is_active: boolean;
-  created_at: string;
-  updated_at?: string;
-}
-
-export interface Event {
-  id: string;
-  event_id: string;
-  name: string;
-  event_name?: string;
-  organisation_id: UUID;
-  event_date?: string; // Date from database for sorting
-  start_date?: string; // Alias for event_date
-  end_date?: string;
-  status?: string;
-  settings?: Record<string, any>;
-}
-
-export interface AuthContextType {
-  // ========== Auth State ==========
-  user: User | null;
-  session: Session | null;
-  isAuthenticated: boolean;
-  authLoading: boolean;
-  authError: AuthError | null;
-  supabase: SupabaseClient;
-
-  // ========== Auth Methods ==========
-  signIn: (email: string, password?: string) => Promise<{ error: AuthError | null }>;
-  signUp: (email: string, password: string) => Promise<{ error: AuthError | null }>;
-  signOut: () => Promise<{ error: AuthError | null }>;
-  resetPassword: (email: string) => Promise<{ error: AuthError | null }>;
-  updatePassword: (password: string) => Promise<{ error: AuthError | null }>;
-  refreshSession: () => Promise<{ error: AuthError | null }>;
-
-  // ========== Organisation State ==========
-  selectedOrganisation: Organisation | null;
-  organisations: Organisation[];
-  organisationLoading: boolean;
-  organisationError: Error | null;
-  hasValidOrganisationContext: boolean;
-  isContextReady: boolean;
-
-  // ========== Organisation Methods ==========
-  switchOrganisation: (orgId: UUID) => Promise<void>;
-  refreshOrganisations: () => Promise<void>;
-  getUserRole: (orgId?: UUID) => string | null;
-  getPrimaryOrganisation: () => Organisation | null;
-
-  // ========== Event State ==========
-  events: Event[];
-  selectedEvent: Event | null;
-  eventLoading: boolean;
-  eventError: Error | null;
-
-  // ========== Event Methods ==========
-  setSelectedEvent: (event: Event | null) => void;
-  refreshEvents: () => Promise<void>;
-
-  // ========== Inactivity State ==========
-  showInactivityWarning: boolean;
-  inactivityTimeRemaining: number;
-  isIdle: boolean;
-  isTracking: boolean;
-
-  // ========== Inactivity Methods ==========
-  resetActivity: () => void;
-  startTracking: () => void;
-  stopTracking: () => void;
-
-  // ========== Session Management ==========
-  sessionId: string | null;
-  deviceFingerprint: string | null;
-  hasConcurrentSessions: boolean;
-}
-
-export interface AuthProviderProps {
-  children: React.ReactNode;
-  supabaseClient: SupabaseClient;
-  appName: string;
-  persistState?: boolean;
-  requireOrganisationContext?: boolean;
-  
-  // Inactivity configuration (MANDATORY for security)
-  idleTimeoutMs: number;
-  warnBeforeMs: number;
-  onIdleLogout: (reason: 'inactivity') => void;
-  renderInactivityWarning?: (args: {
-    timeRemaining: number;
-    onStaySignedIn: () => void;
-    onSignOutNow: () => void;
-  }) => React.ReactNode;
-}
-
-// ============================================================================
-// CONTEXT
-// ============================================================================
-
-const AuthContext = createContext<AuthContextType | null>(null);
-
-// ============================================================================
-// PROVIDER
-// ============================================================================
-
-export function AuthProvider({
-  children,
-  supabaseClient,
-  appName,
-  persistState = true,
-  requireOrganisationContext = true,
-  idleTimeoutMs = 30 * 60 * 1000, // 30 minutes - MANDATORY for security
-  warnBeforeMs = 60 * 1000, // 1 minute
-  onIdleLogout, // MANDATORY - must be provided
-  renderInactivityWarning,
-}: AuthProviderProps) {
-  // MANDATORY: Inactivity timeout cannot be disabled
-  if (!idleTimeoutMs || idleTimeoutMs < 60000) {
-    throw new Error(
-      'AuthProvider: idleTimeoutMs is MANDATORY and must be at least 60 seconds (60000ms) for security. ' +
-      'The dangerouslyDisableInactivity flag has been removed.'
-    );
-  }
-
-  if (!onIdleLogout) {
-    throw new Error(
-      'AuthProvider: onIdleLogout callback is MANDATORY and must be provided for security.'
-    );
-  }
-  
-  // ==========================================================================
-  // AUTH STATE (replaces AuthService)
-  // ==========================================================================
-  
-  const [user, setUser] = useState<User | null>(null);
-  const [session, setSession] = useState<Session | null>(null);
-  const [authLoading, setAuthLoading] = useState(true);
-  const [authError, setAuthError] = useState<AuthError | null>(null);
-
-  // ==========================================================================
-  // ORGANISATION STATE (replaces OrganisationService)
-  // ==========================================================================
-  
-  const [selectedOrganisation, setSelectedOrganisation] = useState<Organisation | null>(null);
-  const [organisations, setOrganisations] = useState<Organisation[]>([]);
-  const [organisationLoading, setOrganisationLoading] = useState(false);
-  const [organisationError, setOrganisationError] = useState<Error | null>(null);
-
-  // ==========================================================================
-  // EVENT STATE (replaces EventService)
-  // ==========================================================================
-  
-  const [events, setEvents] = useState<Event[]>([]);
-  const [selectedEvent, setSelectedEvent] = useState<Event | null>(null);
-  const [eventLoading, setEventLoading] = useState(false);
-  const [eventError, setEventError] = useState<Error | null>(null);
-
-  // ==========================================================================
-  // INACTIVITY STATE (replaces InactivityService)
-  // ==========================================================================
-  
-  const [showInactivityWarning, setShowInactivityWarning] = useState(false);
-  const [inactivityTimeRemaining, setInactivityTimeRemaining] = useState(idleTimeoutMs);
-  const [isIdle, setIsIdle] = useState(false);
-  const [isTracking, setIsTracking] = useState(false);
-  
-  const lastActivityRef = useRef<number>(Date.now());
-  const idleTimerRef = useRef<NodeJS.Timeout | null>(null);
-  const warningTimerRef = useRef<NodeJS.Timeout | null>(null);
-  const deviceFingerprintRef = useRef<string | null>(null);
-  const sessionIdRef = useRef<string | null>(null);
-
-  // ==========================================================================
-  // AUTH EFFECTS (replaces AuthService initialization)
-  // ==========================================================================
-  
-  useEffect(() => {
-    // Setup auth state listener
-    const { data: { subscription } } = supabaseClient.auth.onAuthStateChange(
-      (event, newSession) => {
-        console.log('[AuthProvider] Auth state change:', event);
-        
-        if (event === 'SIGNED_OUT') {
-          setSession(null);
-          setUser(null);
-          setAuthError(null);
-        } else if (event === 'SIGNED_IN' || event === 'TOKEN_REFRESHED') {
-          setSession(newSession);
-          setUser(newSession?.user ?? null);
-          if (newSession) {
-            setAuthError(null);
-          }
-        } else if (event === 'INITIAL_SESSION') {
-          if (newSession) {
-            setSession(newSession);
-            setUser(newSession.user ?? null);
-            setAuthError(null);
-          }
-        }
-        
-        setAuthLoading(false);
-      }
-    );
-
-    // Initial session check
-    supabaseClient.auth.getSession().then(({ data: { session: initialSession } }) => {
-      setSession(initialSession);
-      setUser(initialSession?.user ?? null);
-      setAuthLoading(false);
-    });
-
-    return () => {
-      subscription.unsubscribe();
-    };
-  }, [supabaseClient]);
-
-  // ==========================================================================
-  // ORGANISATION EFFECTS (replaces OrganisationService initialization)
-  // ==========================================================================
-  
-  useEffect(() => {
-    if (!user) {
-      setOrganisations([]);
-      setSelectedOrganisation(null);
-      return;
-    }
-
-    // Load user's organisations
-    const loadOrganisations = async () => {
-      setOrganisationLoading(true);
-      setOrganisationError(null);
-
-      try {
-        // Use RPC to get organisations with roles
-        const { data, error } = await supabaseClient
-          .rpc('rbac_user_organisation_roles_get', {
-            p_user_id: user.id
-          }) as { data: Array<{ organisation_id: UUID }> | null; error: any };
-
-        if (error) throw error;
-
-        if (data && data.length > 0) {
-          // Fetch full organisation details
-          const orgIds = data.map(r => r.organisation_id);
-          const { data: orgs, error: orgsError } = await supabaseClient
-            .from('organisations')
-            .select('*')
-            .in('id', orgIds)
-            .eq('is_active', true) as { data: Organisation[] | null; error: any };
-
-          if (orgsError) throw orgsError;
-
-          setOrganisations(orgs || []);
-
-          // Auto-select first organisation if none selected
-          if (!selectedOrganisation && orgs && orgs.length > 0) {
-            const savedOrgId = persistState ? localStorage.getItem(`pace_${appName}_org`) : null;
-            const orgToSelect = savedOrgId 
-              ? orgs.find(o => o.id === savedOrgId) || orgs[0]
-              : orgs[0];
-            setSelectedOrganisation(orgToSelect);
-          }
-        }
-      } catch (error) {
-        console.error('[AuthProvider] Failed to load organisations:', error);
-        setOrganisationError(error as Error);
-      } finally {
-        setOrganisationLoading(false);
-      }
-    };
-
-    loadOrganisations();
-  }, [user, supabaseClient, appName, persistState, selectedOrganisation]);
-
-  // ==========================================================================
-  // EVENT EFFECTS (replaces EventService initialization)
-  // ==========================================================================
-  
-  useEffect(() => {
-    if (!user || !selectedOrganisation) {
-      setEvents([]);
-      setSelectedEvent(null);
-      return;
-    }
-
-    // Load user's events for the selected organisation
-    const loadEvents = async () => {
-      setEventLoading(true);
-      setEventError(null);
-
-      try {
-        // Use RPC to get user's events
-        const { data, error } = await supabaseClient
-          .rpc('data_user_events_get', {
-            p_user_id: user.id,
-            p_app_name: appName
-          }) as { data: Event[] | null; error: any };
-
-        if (error) throw error;
-
-        // Filter events for current organisation
-        const orgEvents = (data || []).filter(e => e.organisation_id === selectedOrganisation.id);
-        setEvents(orgEvents);
-
-        // Auto-select next event in the future by date if none selected
-        if (!selectedEvent && orgEvents.length > 0) {
-          const savedEventId = persistState ? localStorage.getItem(`pace_${appName}_event`) : null;
-          let eventToSelect: Event | null = null;
-          
-          if (savedEventId) {
-            // Try to restore persisted event
-            eventToSelect = orgEvents.find(e => e.event_id === savedEventId) || null;
-          }
-          
-          // If no persisted event, select the next event in the future by date
-          if (!eventToSelect) {
-            const now = new Date();
-            const startOfToday = new Date(now.getFullYear(), now.getMonth(), now.getDate()).getTime();
-            const futureEvents = orgEvents
-              .filter((e): e is Event & { event_date: string } => {
-                if (!e.event_date) return false;
-                const eventDate = new Date(e.event_date);
-                const startOfEventDate = new Date(eventDate.getFullYear(), eventDate.getMonth(), eventDate.getDate()).getTime();
-                return startOfEventDate >= startOfToday;
-              })
-              .sort((a, b) => {
-                const dateA = new Date(a.event_date);
-                const dateB = new Date(b.event_date);
-                return dateA.getTime() - dateB.getTime();
-              });
-            
-            eventToSelect = futureEvents.length > 0 ? futureEvents[0] : null;
-          }
-          
-          // Fallback to most recent past event if no future events found
-          if (!eventToSelect && orgEvents.length > 0) {
-            const now = new Date();
-            const startOfToday = new Date(now.getFullYear(), now.getMonth(), now.getDate()).getTime();
-            const pastEvents = orgEvents
-              .filter((e): e is Event & { event_date: string } => {
-                if (!e.event_date) return false;
-                const eventDate = new Date(e.event_date);
-                const startOfEventDate = new Date(eventDate.getFullYear(), eventDate.getMonth(), eventDate.getDate()).getTime();
-                return startOfEventDate < startOfToday;
-              })
-              .sort((a, b) => {
-                const dateA = new Date(a.event_date);
-                const dateB = new Date(b.event_date);
-                return dateB.getTime() - dateA.getTime(); // Descending order (most recent first)
-              });
-            
-            eventToSelect = pastEvents.length > 0 ? pastEvents[0] : orgEvents[0];
-          }
-          
-          if (eventToSelect) {
-            setSelectedEvent(eventToSelect);
-          }
-        }
-      } catch (error) {
-        console.error('[AuthProvider] Failed to load events:', error);
-        setEventError(error as Error);
-      } finally {
-        setEventLoading(false);
-      }
-    };
-
-    loadEvents();
-  }, [user, selectedOrganisation, supabaseClient, appName, persistState, selectedEvent]);
-
-  // ==========================================================================
-  // INACTIVITY EFFECTS (replaces InactivityService)
-  // ==========================================================================
-  
-  const resetActivity = useCallback(() => {
-    lastActivityRef.current = Date.now();
-    setInactivityTimeRemaining(idleTimeoutMs);
-    setShowInactivityWarning(false);
-    setIsIdle(false);
-  }, [idleTimeoutMs]);
-
-  const startTracking = useCallback(() => {
-    if (isTracking) return;
-    
-    setIsTracking(true);
-    resetActivity();
-
-    // Activity event listeners
-    const activityEvents = ['mousedown', 'keydown', 'scroll', 'touchstart'];
-    const handleActivity = () => resetActivity();
-    
-    activityEvents.forEach(event => {
-      window.addEventListener(event, handleActivity, { passive: true });
-    });
-
-    // Idle check interval
-    idleTimerRef.current = setInterval(() => {
-      const timeSinceActivity = Date.now() - lastActivityRef.current;
-      const remaining = idleTimeoutMs - timeSinceActivity;
-      
-      setInactivityTimeRemaining(Math.max(0, remaining));
-
-      // Show warning
-      if (remaining <= warnBeforeMs && remaining > 0 && !showInactivityWarning) {
-        setShowInactivityWarning(true);
-      }
-
-      // Auto logout
-      if (remaining <= 0) {
-        setIsIdle(true);
-        onIdleLogout('inactivity');
-      }
-    }, 1000);
-
-    // Cleanup
-    return () => {
-      activityEvents.forEach(event => {
-        window.removeEventListener(event, handleActivity);
-      });
-      if (idleTimerRef.current) {
-        clearInterval(idleTimerRef.current);
-      }
-      if (warningTimerRef.current) {
-        clearTimeout(warningTimerRef.current);
-      }
-    };
-  }, [isTracking, idleTimeoutMs, warnBeforeMs, showInactivityWarning, onIdleLogout, resetActivity]);
-
-  const stopTracking = useCallback(() => {
-    setIsTracking(false);
-    if (idleTimerRef.current) {
-      clearInterval(idleTimerRef.current);
-      idleTimerRef.current = null;
-    }
-    if (warningTimerRef.current) {
-      clearTimeout(warningTimerRef.current);
-      warningTimerRef.current = null;
-    }
-  }, []);
-
-  // Generate and track device fingerprint
-  useEffect(() => {
-    if (user) {
-      // Generate device fingerprint (simple version - in production, use more sophisticated approach)
-      if (!deviceFingerprintRef.current) {
-        const fingerprint = btoa(JSON.stringify({
-          userAgent: navigator.userAgent,
-          language: navigator.language,
-          timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
-          screen: `${window.screen.width}x${window.screen.height}`,
-          timestamp: Date.now()
-        })).substring(0, 64);
-        deviceFingerprintRef.current = fingerprint;
-      }
-
-      // Track session with device fingerprint
-      const trackSession = async () => {
-        if (!deviceFingerprintRef.current || !user) return;
-        
-        try {
-          const { data, error } = await supabaseClient.rpc('rbac_session_track', {
-            p_user_id: user.id,
-            p_session_type: 'login',
-            p_app_id: null, // Will be resolved by the RPC function
-            p_ip_address: null, // Will be handled by backend
-            p_user_agent: navigator.userAgent,
-            p_device_fingerprint: deviceFingerprintRef.current
-          });
-          
-          if (!error && data) {
-            sessionIdRef.current = data;
-            
-            // Check for concurrent sessions
-            const { data: concurrentData } = await supabaseClient.rpc('rbac_detect_concurrent_sessions', {
-              p_user_id: user.id,
-              p_device_fingerprint: deviceFingerprintRef.current,
-              p_timeout_seconds: 300
-            });
-            
-            if (concurrentData && concurrentData.has_concurrent) {
-              console.warn(
-                '[AuthProvider] Concurrent session detected:',
-                concurrentData.concurrent_sessions_count,
-                'other session(s) active'
-              );
-            }
-          }
-        } catch (err) {
-          console.error('[AuthProvider] Session tracking failed:', err);
-        }
-      };
-      
-      trackSession();
-    }
-  }, [user, supabaseClient]);
-
-  // Auto-start tracking when user is authenticated
-  useEffect(() => {
-    if (user && !authLoading) {
-      startTracking();
-    } else {
-      stopTracking();
-    }
-
-    return () => {
-      stopTracking();
-    };
-  }, [user, authLoading, startTracking, stopTracking]);
-
-  // ==========================================================================
-  // AUTH METHODS
-  // ==========================================================================
-  
-  const signIn = useCallback(async (email: string, password?: string) => {
-    setAuthLoading(true);
-    setAuthError(null);
-
-    try {
-      let result;
-      if (password) {
-        // Email + password sign in
-        result = await supabaseClient.auth.signInWithPassword({ email, password });
-      } else {
-        // Magic link sign in
-        result = await supabaseClient.auth.signInWithOtp({ email });
-      }
-
-      if (result.error) {
-        setAuthError(result.error);
-        return { error: result.error };
-      }
-
-      return { error: null };
-    } catch (error) {
-      const authError = error as AuthError;
-      setAuthError(authError);
-      return { error: authError };
-    } finally {
-      setAuthLoading(false);
-    }
-  }, [supabaseClient]);
-
-  const signUp = useCallback(async (email: string, password: string) => {
-    setAuthLoading(true);
-    setAuthError(null);
-
-    try {
-      const { error } = await supabaseClient.auth.signUp({ email, password });
-      
-      if (error) {
-        setAuthError(error);
-        return { error };
-      }
-
-      return { error: null };
-    } catch (error) {
-      const authError = error as AuthError;
-      setAuthError(authError);
-      return { error: authError };
-    } finally {
-      setAuthLoading(false);
-    }
-  }, [supabaseClient]);
-
-  const signOut = useCallback(async () => {
-    setAuthLoading(true);
-    setAuthError(null);
-
-    try {
-      const { error } = await supabaseClient.auth.signOut();
-      
-      if (error) {
-        setAuthError(error);
-        return { error };
-      }
-
-      // Clear local state
-      setUser(null);
-      setSession(null);
-      setSelectedOrganisation(null);
-      setOrganisations([]);
-      setSelectedEvent(null);
-      setEvents([]);
-
-      // Clear persisted state
-      if (persistState) {
-        localStorage.removeItem(`pace_${appName}_org`);
-        localStorage.removeItem(`pace_${appName}_event`);
-      }
-
-      return { error: null };
-    } catch (error) {
-      const authError = error as AuthError;
-      setAuthError(authError);
-      return { error: authError };
-    } finally {
-      setAuthLoading(false);
-    }
-  }, [supabaseClient, appName, persistState]);
-
-  const resetPassword = useCallback(async (email: string) => {
-    setAuthError(null);
-
-    try {
-      const { error } = await supabaseClient.auth.resetPasswordForEmail(email);
-      
-      if (error) {
-        setAuthError(error);
-        return { error };
-      }
-
-      return { error: null };
-    } catch (error) {
-      const authError = error as AuthError;
-      setAuthError(authError);
-      return { error: authError };
-    }
-  }, [supabaseClient]);
-
-  const updatePassword = useCallback(async (password: string) => {
-    setAuthError(null);
-
-    try {
-      const { error } = await supabaseClient.auth.updateUser({ password });
-      
-      if (error) {
-        setAuthError(error);
-        return { error };
-      }
-
-      return { error: null };
-    } catch (error) {
-      const authError = error as AuthError;
-      setAuthError(authError);
-      return { error: authError };
-    }
-  }, [supabaseClient]);
-
-  const refreshSession = useCallback(async () => {
-    setAuthError(null);
-
-    try {
-      const { data, error } = await supabaseClient.auth.refreshSession();
-      
-      if (error) {
-        setAuthError(error);
-        return { error };
-      }
-
-      if (data.session) {
-        setSession(data.session);
-        setUser(data.session.user);
-      }
-
-      return { error: null };
-    } catch (error) {
-      const authError = error as AuthError;
-      setAuthError(authError);
-      return { error: authError };
-    }
-  }, [supabaseClient]);
-
-  // ==========================================================================
-  // ORGANISATION METHODS
-  // ==========================================================================
-  
-  const switchOrganisation = useCallback(async (orgId: UUID) => {
-    const org = organisations.find(o => o.id === orgId);
-    if (!org) {
-      throw new Error(`Organisation ${orgId} not found`);
-    }
-
-    setSelectedOrganisation(org);
-
-    if (persistState) {
-      localStorage.setItem(`pace_${appName}_org`, orgId);
-    }
-
-    // Clear event selection when switching orgs
-    setSelectedEvent(null);
-    if (persistState) {
-      localStorage.removeItem(`pace_${appName}_event`);
-    }
-  }, [organisations, appName, persistState]);
-
-  const refreshOrganisations = useCallback(async () => {
-    if (!user) return;
-
-    setOrganisationLoading(true);
-    setOrganisationError(null);
-
-    try {
-      const { data, error } = await supabaseClient
-        .rpc('rbac_user_organisation_roles_get', {
-          p_user_id: user.id
-        }) as { data: Array<{ organisation_id: UUID }> | null; error: any };
-
-      if (error) throw error;
-
-      if (data && data.length > 0) {
-        const orgIds = data.map(r => r.organisation_id);
-        const { data: orgs, error: orgsError } = await supabaseClient
-          .from('organisations')
-          .select('*')
-          .in('id', orgIds)
-          .eq('is_active', true) as { data: Organisation[] | null; error: any };
-
-        if (orgsError) throw orgsError;
-
-        setOrganisations(orgs || []);
-      }
-    } catch (error) {
-      console.error('[AuthProvider] Failed to refresh organisations:', error);
-      setOrganisationError(error as Error);
-    } finally {
-      setOrganisationLoading(false);
-    }
-  }, [user, supabaseClient]);
-
-  const getUserRole = useCallback((orgId?: UUID): string | null => {
-    // This would require fetching role data - placeholder for now
-    // In real implementation, we'd cache role data when loading organisations
-    return 'member';
-  }, []);
-
-  const getPrimaryOrganisation = useCallback((): Organisation | null => {
-    return organisations[0] || null;
-  }, [organisations]);
-
-  // ==========================================================================
-  // EVENT METHODS
-  // ==========================================================================
-  
-  const handleSetSelectedEvent = useCallback((event: Event | null) => {
-    setSelectedEvent(event);
-    
-    if (persistState) {
-      if (event) {
-        localStorage.setItem(`pace_${appName}_event`, event.event_id);
-      } else {
-        localStorage.removeItem(`pace_${appName}_event`);
-      }
-    }
-  }, [appName, persistState]);
-  
-  const refreshEvents = useCallback(async () => {
-    if (!user || !selectedOrganisation) return;
-
-    setEventLoading(true);
-    setEventError(null);
-
-    try {
-      const { data, error } = await supabaseClient
-        .rpc('data_user_events_get', {
-          p_user_id: user.id,
-          p_app_name: appName
-        }) as { data: Event[] | null; error: any };
-
-      if (error) throw error;
-
-      const orgEvents = (data || []).filter(e => e.organisation_id === selectedOrganisation.id);
-      setEvents(orgEvents);
-      
-        // Auto-select next event in the future by date if none selected
-        if (!selectedEvent && orgEvents.length > 0) {
-          const savedEventId = persistState ? localStorage.getItem(`pace_${appName}_event`) : null;
-          let eventToSelect: Event | null = null;
-          
-          if (savedEventId) {
-            // Try to restore persisted event
-            eventToSelect = orgEvents.find(e => e.event_id === savedEventId) || null;
-          }
-          
-          // If no persisted event, select the next event in the future by date
-          if (!eventToSelect) {
-            const now = new Date();
-            const startOfToday = new Date(now.getFullYear(), now.getMonth(), now.getDate()).getTime();
-            const futureEvents = orgEvents
-              .filter((e): e is Event & { event_date: string } => {
-                if (!e.event_date) return false;
-                const eventDate = new Date(e.event_date);
-                const startOfEventDate = new Date(eventDate.getFullYear(), eventDate.getMonth(), eventDate.getDate()).getTime();
-                return startOfEventDate >= startOfToday;
-              })
-              .sort((a, b) => {
-                const dateA = new Date(a.event_date);
-                const dateB = new Date(b.event_date);
-                return dateA.getTime() - dateB.getTime();
-              });
-            
-            eventToSelect = futureEvents.length > 0 ? futureEvents[0] : null;
-          }
-          
-          // Fallback to most recent past event if no future events found
-          if (!eventToSelect && orgEvents.length > 0) {
-            const now = new Date();
-            const startOfToday = new Date(now.getFullYear(), now.getMonth(), now.getDate()).getTime();
-            const pastEvents = orgEvents
-              .filter((e): e is Event & { event_date: string } => {
-                if (!e.event_date) return false;
-                const eventDate = new Date(e.event_date);
-                const startOfEventDate = new Date(eventDate.getFullYear(), eventDate.getMonth(), eventDate.getDate()).getTime();
-                return startOfEventDate < startOfToday;
-              })
-              .sort((a, b) => {
-                const dateA = new Date(a.event_date);
-                const dateB = new Date(b.event_date);
-                return dateB.getTime() - dateA.getTime(); // Descending order (most recent first)
-              });
-            
-            eventToSelect = pastEvents.length > 0 ? pastEvents[0] : orgEvents[0];
-          }
-          
-          if (eventToSelect) {
-            setSelectedEvent(eventToSelect);
-          }
-        }
-    } catch (error) {
-      console.error('[AuthProvider] Failed to refresh events:', error);
-      setEventError(error as Error);
-    } finally {
-      setEventLoading(false);
-    }
-  }, [user, selectedOrganisation, supabaseClient, appName, selectedEvent, persistState]);
-
-  // ==========================================================================
-  // COMPUTED VALUES
-  // ==========================================================================
-  
-  const isAuthenticated = !!(user && session);
-  const hasValidOrganisationContext = !!(selectedOrganisation && !organisationLoading);
-  const isContextReady = isAuthenticated && (!requireOrganisationContext || hasValidOrganisationContext);
-
-  // ==========================================================================
-  // CONTEXT VALUE
-  // ==========================================================================
-  
-  const contextValue = useMemo<AuthContextType>(() => ({
-    // Auth
-    user,
-    session,
-    isAuthenticated,
-    authLoading,
-    authError,
-    supabase: supabaseClient,
-    signIn,
-    signUp,
-    signOut,
-    resetPassword,
-    updatePassword,
-    refreshSession,
-
-    // Organisation
-    selectedOrganisation,
-    organisations,
-    organisationLoading,
-    organisationError,
-    hasValidOrganisationContext,
-    isContextReady: hasValidOrganisationContext,
-    switchOrganisation,
-    refreshOrganisations,
-    getUserRole,
-    getPrimaryOrganisation,
-
-    // Event
-    events,
-    selectedEvent,
-    eventLoading,
-    eventError,
-    setSelectedEvent: handleSetSelectedEvent,
-    refreshEvents,
-
-    // Inactivity
-    showInactivityWarning,
-    inactivityTimeRemaining,
-    isIdle,
-    isTracking,
-    resetActivity,
-    startTracking,
-    stopTracking,
-
-    // Session Management
-    sessionId: sessionIdRef.current,
-    deviceFingerprint: deviceFingerprintRef.current,
-    hasConcurrentSessions: false, // TODO: implement state tracking
-  }), [
-    user, session, isAuthenticated, authLoading, authError,
-    selectedOrganisation, organisations, organisationLoading, organisationError,
-    hasValidOrganisationContext, isContextReady,
-    events, selectedEvent, eventLoading, eventError,
-    showInactivityWarning, inactivityTimeRemaining, isIdle, isTracking,
-    signIn, signUp, signOut, resetPassword, updatePassword, refreshSession,
-    switchOrganisation, refreshOrganisations, getUserRole, getPrimaryOrganisation,
-    handleSetSelectedEvent, refreshEvents,
-    resetActivity, startTracking, stopTracking,
-    supabaseClient
-  ]);
-
-  // ==========================================================================
-  // RENDER
-  // ==========================================================================
-  
-  return (
-    <AuthContext.Provider value={contextValue}>
-      {children}
-      {showInactivityWarning && renderInactivityWarning && renderInactivityWarning({
-        timeRemaining: inactivityTimeRemaining,
-        onStaySignedIn: resetActivity,
-        onSignOutNow: signOut,
-      })}
-    </AuthContext.Provider>
-  );
-}
-
-// ============================================================================
-// HOOK
-// ============================================================================
-
-export function useAuth(): AuthContextType {
-  const context = useContext(AuthContext);
-  
-  if (!context) {
-    throw new Error('useAuth must be used within AuthProvider');
-  }
-  
-  return context;
-}
-