npm - @jmruthers/pace-core - Versions diffs - 0.5.108 → 0.5.110 - Mend

@jmruthers/pace-core 0.5.108 → 0.5.110

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (195) hide show

package/CHANGELOG.md +93 -173
package/dist/{AuthService-1D2ifNfa.d.ts → AuthService-DrHrvXNZ.d.ts} +8 -1
package/dist/{DataTable-WFCHVWTY.js → DataTable-D3BK2FCN.js} +7 -7
package/dist/{UnifiedAuthProvider-XU4BHFXZ.js → UnifiedAuthProvider-A7I23UCN.js} +3 -3
package/dist/{api-KG4A2X7P.js → api-PIE4JRFS.js} +2 -2
package/dist/{chunk-DMNMZKWS.js → chunk-2W4WKJVF.js} +4 -4
package/dist/{chunk-B3QX32P5.js → chunk-3J5N2T2N.js} +85 -28
package/dist/chunk-3J5N2T2N.js.map +1 -0
package/dist/{chunk-MOMYOQMC.js → chunk-7GBEBJLR.js} +29 -37
package/dist/chunk-7GBEBJLR.js.map +1 -0
package/dist/{chunk-X4FRXJV6.js → chunk-AUXS7XSO.js} +57 -6
package/dist/{chunk-X4FRXJV6.js.map → chunk-AUXS7XSO.js.map} +1 -1
package/dist/{chunk-VJ7MPS2K.js → chunk-AWK2FAUN.js} +6 -6
package/dist/{chunk-LT6RKRA7.js → chunk-D6MEKC27.js} +2 -2
package/dist/{chunk-KBG34SVL.js → chunk-EYSXQ756.js} +2 -2
package/dist/{chunk-ZXY5NTJB.js → chunk-EZ64QG2I.js} +2 -2
package/dist/chunk-GZRXOUBE.js +176 -0
package/dist/chunk-GZRXOUBE.js.map +1 -0
package/dist/{chunk-QDDUU625.js → chunk-HADXAZT3.js} +4 -4
package/dist/{chunk-IMZGJ2X7.js → chunk-HGZSO43Y.js} +4 -4
package/dist/{chunk-S63MFSY6.js → chunk-XRSP3H52.js} +15 -8
package/dist/chunk-XRSP3H52.js.map +1 -0
package/dist/{chunk-GVRSXXAA.js → chunk-YFMENCR4.js} +3 -3
package/dist/components.js +9 -9
package/dist/{database-BXAfr2Y_.d.ts → database-C6jy7EOu.d.ts} +21 -9
package/dist/{formatting-BiEv5oEk.d.ts → formatting-B1jSqgl-.d.ts} +16 -1
package/dist/hooks.d.ts +2 -2
package/dist/hooks.js +7 -7
package/dist/index.d.ts +6 -6
package/dist/index.js +16 -14
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +4 -3
package/dist/providers.js +2 -2
package/dist/rbac/index.d.ts +35 -23
package/dist/rbac/index.js +8 -8
package/dist/types.d.ts +2 -2
package/dist/{usePublicRouteParams-CnM-IK2I.d.ts → usePublicRouteParams-BdF8bZgs.d.ts} +1 -1
package/dist/utils.d.ts +2 -15
package/dist/utils.js +4 -145
package/dist/utils.js.map +1 -1
package/dist/validation.d.ts +1 -1
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +1 -1
package/docs/api/classes/MissingUserContextError.md +1 -1
package/docs/api/classes/OrganisationContextRequiredError.md +1 -1
package/docs/api/classes/PermissionDeniedError.md +1 -1
package/docs/api/classes/PublicErrorBoundary.md +1 -1
package/docs/api/classes/RBACAuditManager.md +1 -1
package/docs/api/classes/RBACCache.md +1 -1
package/docs/api/classes/RBACEngine.md +9 -8
package/docs/api/classes/RBACError.md +1 -1
package/docs/api/classes/RBACNotInitializedError.md +1 -1
package/docs/api/classes/SecureSupabaseClient.md +1 -1
package/docs/api/classes/StorageUtils.md +1 -1
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +1 -1
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +3 -3
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +1 -1
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +1 -1
package/docs/api/interfaces/FileUploadProps.md +1 -1
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +1 -1
package/docs/api/interfaces/NavigationContextType.md +1 -1
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +1 -1
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +1 -1
package/docs/api/interfaces/PagePermissionContextType.md +1 -1
package/docs/api/interfaces/PagePermissionGuardProps.md +1 -1
package/docs/api/interfaces/PagePermissionProviderProps.md +1 -1
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +1 -1
package/docs/api/interfaces/ProtectedRouteProps.md +1 -1
package/docs/api/interfaces/PublicErrorBoundaryProps.md +1 -1
package/docs/api/interfaces/PublicErrorBoundaryState.md +1 -1
package/docs/api/interfaces/PublicLoadingSpinnerProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/RBACConfig.md +19 -8
package/docs/api/interfaces/RBACLogger.md +5 -5
package/docs/api/interfaces/RoleBasedRouterContextType.md +1 -1
package/docs/api/interfaces/RoleBasedRouterProps.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +1 -1
package/docs/api/interfaces/RouteConfig.md +1 -1
package/docs/api/interfaces/SecureDataContextType.md +1 -1
package/docs/api/interfaces/SecureDataProviderProps.md +1 -1
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +1 -1
package/docs/api/interfaces/UnifiedAuthProviderProps.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +1 -1
package/docs/api/interfaces/UseResolvedScopeReturn.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +1 -1
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +55 -20
package/docs/api-reference/hooks.md +53 -0
package/docs/api-reference/providers.md +60 -0
package/docs/core-concepts/authentication.md +2 -0
package/docs/documentation-index.md +0 -2
package/docs/implementation-guides/authentication.md +1 -0
package/docs/rbac/README.md +114 -38
package/docs/rbac/api-reference.md +63 -16
package/docs/rbac/getting-started.md +16 -16
package/docs/rbac/quick-start.md +110 -35
package/docs/rbac/troubleshooting.md +125 -2
package/docs/security/README.md +59 -0
package/package.json +1 -1
package/src/components/NavigationMenu/NavigationMenu.test.tsx +38 -4
package/src/components/NavigationMenu/NavigationMenu.tsx +71 -6
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +2 -2
package/src/components/PaceAppLayout/PaceAppLayout.tsx +48 -16
package/src/components/PaceAppLayout/__tests__/PaceAppLayout.security.test.tsx +2 -1
package/src/components/PaceAppLayout/__tests__/PaceAppLayout.unit.test.tsx +9 -9
package/src/index.ts +3 -0
package/src/providers/services/AuthServiceProvider.tsx +4 -3
package/src/providers/services/UnifiedAuthProvider.tsx +1 -1
package/src/rbac/api.test.ts +2 -2
package/src/rbac/api.ts +2 -1
package/src/rbac/components/PagePermissionGuard.tsx +21 -38
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +1 -1
package/src/rbac/config.ts +2 -0
package/src/rbac/engine.ts +17 -5
package/src/rbac/security.ts +1 -1
package/src/services/AuthService.ts +79 -1
package/src/services/__tests__/AuthService.test.ts +184 -0
package/src/types/database.ts +21 -9
package/src/types/rbac-functions.ts +2 -1
package/src/utils/__tests__/sessionTracking.unit.test.ts +6 -171
package/src/utils/sessionTracking.ts +7 -81
package/dist/chunk-B3QX32P5.js.map +0 -1
package/dist/chunk-MOMYOQMC.js.map +0 -1
package/dist/chunk-NFPV7MRN.js +0 -94
package/dist/chunk-NFPV7MRN.js.map +0 -1
package/dist/chunk-S63MFSY6.js.map +0 -1
package/docs/rbac/breaking-changes-v3.md +0 -222
package/docs/rbac/migration-guide.md +0 -260
package/src/providers/AuthProvider.simplified.tsx +0 -974
package/dist/{DataTable-WFCHVWTY.js.map → DataTable-D3BK2FCN.js.map} +0 -0
package/dist/{UnifiedAuthProvider-XU4BHFXZ.js.map → UnifiedAuthProvider-A7I23UCN.js.map} +0 -0
package/dist/{api-KG4A2X7P.js.map → api-PIE4JRFS.js.map} +0 -0
package/dist/{chunk-DMNMZKWS.js.map → chunk-2W4WKJVF.js.map} +0 -0
package/dist/{chunk-VJ7MPS2K.js.map → chunk-AWK2FAUN.js.map} +0 -0
package/dist/{chunk-LT6RKRA7.js.map → chunk-D6MEKC27.js.map} +0 -0
package/dist/{chunk-KBG34SVL.js.map → chunk-EYSXQ756.js.map} +0 -0
package/dist/{chunk-ZXY5NTJB.js.map → chunk-EZ64QG2I.js.map} +0 -0
package/dist/{chunk-QDDUU625.js.map → chunk-HADXAZT3.js.map} +0 -0
package/dist/{chunk-IMZGJ2X7.js.map → chunk-HGZSO43Y.js.map} +0 -0
package/dist/{chunk-GVRSXXAA.js.map → chunk-YFMENCR4.js.map} +0 -0
package/dist/{validation-D8VcbTzC.d.ts → validation-DnhrNMju.d.ts} +2 -2

package/CHANGELOG.md CHANGED Viewed

@@ -7,206 +7,126 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
-### Changed - RBAC Refactoring
-- **Breaking**: Renamed provider hook `useRBAC()` to `useRBACContext()` to avoid naming collision
-- **Removed**: Non-functional `usePermissionCheck` hook
-- **Deprecated**: `RBACService`, `useRBACService` - use new RBAC system instead
-- Consolidated permission checking logic into single source of truth
-- Established consistent fail-secure error handling across RBAC components
-- Removed 100+ lines of duplicate code
+## [0.5.110] - 2025-01-27
 ### Added
-- **DataTable Initial Page Size**: Added `initialPageSize` prop to DataTable component for customizing the initial page size
-- **Page Size Validation**: Automatic validation of initial page size against available options with fallback to closest valid option
-- **Console Warnings**: Helpful warnings when invalid page sizes are provided
-- **DataTable Expand/Collapse All**: Added expand/collapse all button in hierarchical DataTable headers for quick parent row management
-- **Smart State Detection**: Button automatically updates icon (▶️/🔽) based on current expansion state
-- **Accessibility Support**: Full ARIA labels and keyboard navigation for expand/collapse all functionality
-- **DataTable Column Ordering**: Added `columnOrder` prop to DataTable component for custom column positioning
-- **Selection Column Positioning**: Selection column can now be positioned anywhere in the column order
-- **Actions Column Positioning**: Actions column can now be positioned anywhere in the column order
-- **Default Behavior**: When `columnOrder` doesn't include 'select', selection column defaults to first position
-### Fixed
-- **DataTable Infinite Loop Prevention**: Fixed infinite re-rendering loops when using complex data processing with `useMemo` hooks
-- **Data Reference Stability**: Improved data reference stability to prevent unnecessary re-renders
-- **Memory Optimization**: Added safeguards against infinite loops with render counting and data comparison
-- **Performance**: Optimized table configuration memoization to prevent unnecessary re-creation
-- **RBAC Race Condition**: Fixed "Access Denied" errors for users with valid permissions caused by race condition in permission checking
-- **Permission Loading State**: Improved loading state handling during scope resolution to prevent premature access denied errors
-### Improved
-- **Data Processing Documentation**: Added comprehensive best practices for data processing with DataTable
-- **Error Handling**: Added infinite loop detection and prevention mechanisms
-- **Type Safety**: Improved TypeScript type handling for complex data scenarios
-## [0.3.52] - 2024-12-19
+- **Automatic Page Permission Checking in NavigationMenu**: Navigation items with `href` but no explicit permissions/roles/accessLevel now automatically check for `read:page.{pageId}` permission, making navigation filtering more intuitive
+- **RBAC Security Configuration Support**: `RBACEngine` and `createRBACEngine` now accept an optional `securityConfig` parameter, allowing customization of rate limits and security settings per instance
 ### Changed
-- **Row Actions Simplification**: Removed incomplete `features.rowActions` implementation and kept robust `actions` prop as the single method for custom row actions
-- **Documentation Update**: Updated all documentation to reflect single row actions approach using `actions` prop
+- **RBAC Rate Limit Increase**: Increased default `maxPermissionChecksPerMinute` from 100 to 1000 to accommodate normal application usage patterns
+- **NavigationMenu Filtering Improvements**: Enhanced recursive filtering of navigation items with proper parent/child handling - parents without accessible children are now properly hidden
+- **RBAC Documentation Updates**: Improved RBAC documentation with better examples, troubleshooting guides, and API references
+- **PagePermissionGuard Scope Handling**: Replaced ref-based scope tracking with `useMemo` for better React compatibility and performance, with improved handling of undefined `appId` values
 ### Fixed
-- **Actions Prop Implementation**: Verified and confirmed that the `actions` prop is fully implemented and working correctly in DataTable component
+- **PagePermissionGuard Infinite Loop Prevention**: Fixed potential infinite loops by improving scope stability and ensuring `useCan` only runs with valid scopes
+- **PagePermissionGuard Error Logging**: Enhanced error logging with more context (permission strings, page IDs, scope validation status)
+- **NavigationMenu Test Mocks**: Updated test mocks to default to permissive permissions (super admin access) for better test isolation and clearer test intent
+- **RBAC API Test Assertions**: Fixed test assertions to correctly match `createRBACEngine` function signature with optional parameters
-### Fixed
-- **CRITICAL**: Fixed timing issue in OrganisationProvider where database organisation context was not set before other components tried to use it
-- **CRITICAL**: Fixed race condition that caused RLS policies to fail on first load
-- **CRITICAL**: Fixed super admin permissions returning false for all operations due to missing organisation context
-- **CRITICAL**: Fixed Tailwind v4 theme file with missing semantic colors and circular @apply references
-- **CRITICAL**: Fixed component classes (.pace-button, .pace-input, .pace-card) to be self-contained
-- **CRITICAL**: Fixed missing basic colors (white, black, transparent, current) in Tailwind v4 theme file
-- **CRITICAL**: Fixed semantic color mappings to match demo app appearance (blue-tinted theme instead of neutral gray)
-- **CRITICAL**: Fixed header layout by adding missing CSS variables (--app-width, --color-main-*, --color-sec-*, --color-acc-*)
-- **CRITICAL**: Added comprehensive CSS variable coverage for all components (fonts, design tokens, event colors, Radix UI variables)
-- **CRITICAL**: Added comprehensive troubleshooting guide for "unrecognized configuration parameter" database errors
+### Removed
+- **pace-core-devtools Package**: Removed the entire `pace-core-devtools` package and all related devtools functionality (AuditInspector, PerformanceMonitor, PermissionDebugger, RoleSimulator, etc.)
+- **Outdated RBAC Documentation**: Removed deprecated `breaking-changes-v3.md` and `migration-guide.md` files that are no longer relevant
-### Added
-- Comprehensive JSDoc documentation for all public components
-- Enhanced API documentation with examples and TypeScript types
-- Complete testing guide with utilities and patterns
-- Quick start examples and troubleshooting guides
-- Performance optimization recommendations
-- Migration guides from Auth0 and Firebase
-- Interactive CodeSandbox and StackBlitz examples
-- Context readiness state to ensure database context is set before rendering children
-### Enhanced
-- Button component with full JSDoc documentation and examples
-- README with 3-minute quick start guide
-- Error handling documentation with common solutions
-- Component documentation with accessibility guidelines
-- OrganisationProvider with proper async context setting and loading states
-### Improved
-- Developer experience with better onboarding materials
-- Documentation structure for easier navigation
-- Code examples with TypeScript types and best practices
-- Organisation context reliability and timing
-## [0.1.102] - 2025-05-26
+## [0.5.109] - 2025-11-03
 ### Added
-- Enhanced package structure for better modularity
-- Granular exports in package.json for better tree-shaking
-- Improved boundary validation scripts
-- CHANGELOG.md for tracking package versions
-### Fixed
-- Resolved duplicate exports of EventSelectorProps
-- Clean separation between test utilities and production code
-- Enhanced demo discoverability with improved index page
+- **Automatic Login History Tracking**: Login and logout events are now automatically tracked when using `UnifiedAuthProvider`. No manual intervention required - tracking happens automatically on `SIGNED_IN` and `SIGNED_OUT` events.
+- **Login History Database Schema**: Added `app_id` column to `rbac_user_login_history` table for application-specific tracking
+- **Performance Indexes**: Added indexes on `login_timestamp` and `(user_id, login_timestamp)` for efficient login history queries
+- **Session Tracking Integration**: `AuthService` now automatically calls `rbac_session_track` on login/logout events, which records both session data and login history
+- **Comprehensive Session Tracking Tests**: Added unit tests for automatic session tracking functionality
 ### Changed
-- Optimized main index.ts exports to avoid conflicts
-- Strengthened validation scripts with circular dependency checks
-- Improved package.json exports for better modularity
+- **Session Tracking Hook API**: Removed `trackLogin()` and `trackLogout()` methods from `useSessionTracking` hook. These are now automatically handled by `UnifiedAuthProvider`. The hook now only provides `trackEventSwitch()` and `trackSessionExpired()` for manual tracking scenarios.
+- **Database Function Enhancement**: Modified `rbac_session_track` RPC function to automatically insert into `rbac_user_login_history` table when `session_type = 'login'`
+- **RBAC Permission String Format**: Updated permission string format to `"operation:page.pageId"` (e.g., `"read:page.suppliers"`) for consistent permission checking
+- **Navigation Filtering Optimization**: Optimized `PaceAppLayout` navigation filtering to use `getPermissionMap` for batch permission fetching, preventing rate limit exceeded errors
-## [0.1.101] - Previous Release
+### Removed
+- **AuthProvider.simplified.tsx**: Removed unused experimental auth provider file (tech debt cleanup)
+- **useSessionTracking Methods**: Removed `trackLogin()` and `trackLogout()` methods - these are now automatically handled
-### Added
-- Core component library with Button, Card, Input, DataTable
-- Authentication module with Supabase integration
-- RBAC system with permission guards and hooks
-- Event management with dynamic theming
-- Form validation with Zod schemas
-- Comprehensive test utilities and mock providers
-### Features
-- TypeScript support with strict typing
-- Tree-shakeable exports
-- Tailwind CSS styling
-- shadcn/ui component integration
-- Accessibility support
-- Comprehensive documentation
-### Components
-- **UI Components**: Button, Card, Input, Alert, Avatar, Progress
-- **Form Components**: Form, FormField, Input validation
-- **Layout Components**: Header, Footer, NavigationMenu
-- **Data Components**: DataTable with sorting, filtering, pagination
-- **Authentication**: LoginForm, UserMenu, AuthProvider
-- **RBAC**: PermissionGuard, RBACProvider
-### Hooks
-- **Authentication**: useAuth, useAutoLogout, useSecureAuth
-- **Permissions**: useHasPermission, usePermissionCheck, usePermissions
-- **UI**: useToast, useIsMobile, useFocusManagement
-- **Forms**: useZodForm, form validation hooks
-### Utilities
-- **Validation**: Email, password, form schemas
-- **Security**: Encryption, rate limiting, audit logging
-- **Formatting**: Date, currency, percentage formatters
-- **Performance**: Debouncing, throttling, memoization
-### Types
-- **Core Types**: User, Session, AuthError, PermissionString
-- **Component Types**: ButtonProps, FormProps, DataTableProps
-- **Utility Types**: AccessLevel, ValidationError, SecurityLevel
-## [0.1.0] - Initial Release
-### Added
-- Initial package structure
-- Basic component library foundation
-- Authentication provider setup
-- RBAC permission system
-- Form validation utilities
-- TypeScript configuration
-- Build and test infrastructure
-### Infrastructure
-- Vite build system
-- Vitest testing framework
-- ESLint and Prettier configuration
-- GitHub Actions CI/CD
-- NPM publishing workflow
+### Fixed
+- **SQL Ambiguity in util_app_resolve**: Fixed ambiguous column reference `"is_active"` by using explicit table aliases
+- **Case Sensitivity in App Resolution**: Fixed `util_app_resolve` to use case-insensitive app name matching
+- **Function Return Type Mismatch**: Fixed `util_app_resolve` return type mismatch between function signature and `RETURN QUERY` statement
+- **rbac_permissions_get Function Overloading**: Consolidated two overloaded versions of `rbac_permissions_get` into a single unified function, resolving PostgREST ambiguity issues
+- **Navigation Filtering Permission Format**: Fixed incorrect permission string construction in `PaceAppLayout` navigation filtering (now correctly formats as `"operation:page.pageId"`)
+- **Rate Limit Exceeded Errors**: Fixed navigation filtering causing excessive API calls by implementing batch permission fetching
+- **RLS Policy Permissiveness**: Removed overly permissive RLS policy on `rbac_user_login_history` that allowed system-level inserts without proper context
 ---
 ## Migration Guide
-### Upgrading from 0.1.101 to 0.1.102
+### Upgrading from 0.5.108 to 0.5.109
+This guide covers upgrading from version **0.5.108** to **0.5.109**.
+#### Automatic Login History Tracking
+**No code changes required!** Login history tracking is now fully automatic when using `UnifiedAuthProvider`.
+**In 0.5.108:**
+```tsx
+// Manual tracking was required
+import { useSessionTracking } from '@jmruthers/pace-core';
+function MyComponent() {
+  const { trackLogin, trackLogout } = useSessionTracking(supabase, 'MY_APP');
+  useEffect(() => {
+    // Manual tracking calls
+    trackLogin();
+  }, []);
+}
+```
-No breaking changes. This release focuses on improved documentation and developer experience.
+**In 0.5.109:**
+```tsx
+// Automatic tracking - no code changes needed!
+<UnifiedAuthProvider
+  supabaseClient={supabase}
+  appName="MY_APP"  // This enables automatic tracking
+>
+  <App />
+</UnifiedAuthProvider>
+```
-### Upgrading to Future Versions
+**Migration Steps:**
+1. ✅ **Remove manual tracking calls** - If you are using `useSessionTracking.trackLogin()` or `trackLogout()`, remove those calls (they're now automatic)
+2. ✅ **Keep event switch tracking** - If you use `trackEventSwitch()` or `trackSessionExpired()`, those methods are still available
+3. ✅ **Apply database migrations** - Run the following migrations on your Supabase database:
+   - `20251103151742_add_app_id_to_login_history.sql`
+   - `20251103151802_modify_session_track_for_login_history.sql`
-Check this changelog for breaking changes and migration instructions for each version.
+#### useSessionTracking Hook Changes
-## Security Updates
+**Breaking Change**: The `useSessionTracking` hook no longer provides `trackLogin()` and `trackLogout()` methods in version 0.5.109.
-Security fixes will be documented here with details about:
-- CVE numbers (if applicable)
-- Affected versions
-- Recommended upgrade paths
-- Workarounds for immediate fixes
+**In 0.5.108:**
+```tsx
+const { trackLogin, trackLogout, trackEventSwitch } = useSessionTracking(supabase, 'MY_APP');
+```
-## Deprecation Notices
+**In 0.5.109:**
+```tsx
+// Only event switch and session expiration are available
+const { trackEventSwitch, trackSessionExpired } = useSessionTracking(supabase, 'MY_APP');
+```
-Features planned for deprecation will be announced here with:
-- Deprecation version
-- Removal timeline
-- Migration instructions
-- Alternative solutions
+**If you are using `trackLogin()` or `trackLogout()`:**
+- ✅ Remove those calls - they're now automatic
+- ✅ No replacement needed - `UnifiedAuthProvider` handles it automatically
-## Roadmap
+#### Navigation Permission String Format
-### v0.2.0 (Planned)
-- Enhanced DataTable with virtual scrolling
-- Advanced form components (date pickers, file uploads)
-- Improved accessibility features
-- Performance optimizations
+**Internal Change**: Permission strings in navigation filtering now use the format `"operation:page.pageId"` instead of separate operation and pageId parameters. This fix affects `PaceAppLayout` navigation filtering internally.
-### v0.3.0 (Planned)
-- React Server Components support
-- Advanced RBAC features
-- Internationalization support
-- Theme customization system
+**Migration Steps:**
+1. ✅ **No consumer code changes needed** - This is completely internal to `PaceAppLayout`
+2. ✅ **Navigation filtering now works correctly** - If you're using `filterNavigationByPermissions`, it will now properly hide unauthorized pages
+3. ✅ **No action required** - `PaceAppLayout` handles all permission checking for navigation automatically
-### v1.0.0 (Planned)
-- Stable API with semantic versioning guarantees
-- Complete documentation coverage
-- Comprehensive test suite
-- Production-ready performance optimizations

package/dist/{AuthService-1D2ifNfa.d.ts → AuthService-DrHrvXNZ.d.ts} RENAMED Viewed

@@ -408,7 +408,8 @@ declare class AuthService extends BaseService implements IAuthService {
     private restorationTimeoutId;
     private readonly restorationTimeoutMs;
     private restorationStartTime;
-    constructor(supabaseClient: SupabaseClient);
+    private appName;
+    constructor(supabaseClient: SupabaseClient, appName?: string);
     getUser(): User | null;
     getSession(): Session | null;
     isAuthenticated(): boolean;
@@ -431,6 +432,12 @@ declare class AuthService extends BaseService implements IAuthService {
     private clearRestorationTimeout;
     private setupAuthStateListener;
     private restoreSession;
+    /**
+     * Automatically track user session using rbac_session_track
+     * This method is called automatically on SIGNED_IN and SIGNED_OUT events.
+     * It's non-blocking and failures are logged as warnings.
+     */
+    private trackSession;
     private setupErrorHandlers;
     private removeErrorHandlers;
 }

package/dist/{DataTable-WFCHVWTY.js → DataTable-D3BK2FCN.js} RENAMED Viewed

@@ -54,9 +54,9 @@ import {
   sortHierarchicalDataWithSorting,
   validateHierarchicalData,
   validatePaginationConfig
-} from "./chunk-IMZGJ2X7.js";
-import "./chunk-QDDUU625.js";
-import "./chunk-S63MFSY6.js";
+} from "./chunk-HGZSO43Y.js";
+import "./chunk-HADXAZT3.js";
+import "./chunk-XRSP3H52.js";
 import "./chunk-Q7APDV6H.js";
 import {
   CircuitBreaker,
@@ -76,9 +76,9 @@ import {
   throttle,
   useDataTablePerformance
 } from "./chunk-4OX5PXHX.js";
-import "./chunk-ZXY5NTJB.js";
-import "./chunk-KBG34SVL.js";
-import "./chunk-X4FRXJV6.js";
+import "./chunk-EZ64QG2I.js";
+import "./chunk-EYSXQ756.js";
+import "./chunk-AUXS7XSO.js";
 import "./chunk-PYUXFQJ3.js";
 import "./chunk-JCQZ6LA7.js";
 import "./chunk-BDZUMRBD.js";
@@ -157,4 +157,4 @@ export {
   validateHierarchicalData,
   validatePaginationConfig
 };
-//# sourceMappingURL=DataTable-WFCHVWTY.js.map
+//# sourceMappingURL=DataTable-D3BK2FCN.js.map

package/dist/{UnifiedAuthProvider-XU4BHFXZ.js → UnifiedAuthProvider-A7I23UCN.js} RENAMED Viewed

@@ -1,10 +1,10 @@
 import {
   init_UnifiedAuthProvider
-} from "./chunk-KBG34SVL.js";
+} from "./chunk-EYSXQ756.js";
 import {
   UnifiedAuthProvider,
   useUnifiedAuth
-} from "./chunk-X4FRXJV6.js";
+} from "./chunk-AUXS7XSO.js";
 import "./chunk-BDZUMRBD.js";
 import "./chunk-SMJZMKYN.js";
 import "./chunk-PLDDJCW6.js";
@@ -13,4 +13,4 @@ export {
   UnifiedAuthProvider,
   useUnifiedAuth
 };
-//# sourceMappingURL=UnifiedAuthProvider-XU4BHFXZ.js.map
+//# sourceMappingURL=UnifiedAuthProvider-A7I23UCN.js.map

package/dist/{api-KG4A2X7P.js → api-PIE4JRFS.js} RENAMED Viewed

@@ -19,7 +19,7 @@ import {
   isSuperAdmin,
   resolveAppContext,
   setupRBAC
-} from "./chunk-S63MFSY6.js";
+} from "./chunk-XRSP3H52.js";
 import "./chunk-Q7APDV6H.js";
 import "./chunk-PLDDJCW6.js";
 export {
@@ -44,4 +44,4 @@ export {
   resolveAppContext,
   setupRBAC
 };
-//# sourceMappingURL=api-KG4A2X7P.js.map
+//# sourceMappingURL=api-PIE4JRFS.js.map

package/dist/{chunk-DMNMZKWS.js → chunk-2W4WKJVF.js} RENAMED Viewed

@@ -1,17 +1,17 @@
 import {
   init_useOrganisations,
   useOrganisations
-} from "./chunk-ZXY5NTJB.js";
+} from "./chunk-EZ64QG2I.js";
 import {
   init_UnifiedAuthProvider
-} from "./chunk-KBG34SVL.js";
+} from "./chunk-EYSXQ756.js";
 import {
   OrganisationServiceContext,
   OrganisationServiceProvider,
   init_OrganisationServiceProvider,
   useOrganisationService,
   useUnifiedAuth
-} from "./chunk-X4FRXJV6.js";
+} from "./chunk-AUXS7XSO.js";
 import {
   init_organisationContext,
   setOrganisationContext
@@ -1537,4 +1537,4 @@ export {
   clearFileDisplayCache,
   getFileDisplayCacheStats
 };
-//# sourceMappingURL=chunk-DMNMZKWS.js.map
+//# sourceMappingURL=chunk-2W4WKJVF.js.map

package/dist/{chunk-B3QX32P5.js → chunk-3J5N2T2N.js} RENAMED Viewed

@@ -25,16 +25,16 @@ import {
   SelectSeparator,
   SelectTrigger,
   SelectValue
-} from "./chunk-IMZGJ2X7.js";
+} from "./chunk-HGZSO43Y.js";
 import {
   usePermissions,
   useRBAC,
   useResolvedScope
-} from "./chunk-QDDUU625.js";
+} from "./chunk-HADXAZT3.js";
 import {
   isPermitted,
   isSuperAdmin
-} from "./chunk-S63MFSY6.js";
+} from "./chunk-XRSP3H52.js";
 import {
   OrganisationProvider_exports,
   PublicErrorBoundary,
@@ -49,18 +49,18 @@ import {
   useIsPublicPage,
   usePublicFileDisplay,
   usePublicPageContext
-} from "./chunk-DMNMZKWS.js";
+} from "./chunk-2W4WKJVF.js";
 import {
   useToast
 } from "./chunk-4OX5PXHX.js";
 import {
   useEvents,
   useOrganisations
-} from "./chunk-ZXY5NTJB.js";
+} from "./chunk-EZ64QG2I.js";
 import {
   UnifiedAuthProvider_exports,
   init_UnifiedAuthProvider as init_UnifiedAuthProvider2
-} from "./chunk-KBG34SVL.js";
+} from "./chunk-EYSXQ756.js";
 import {
   EventServiceContext,
   EventServiceProvider,
@@ -70,7 +70,7 @@ import {
   useEventService,
   useSessionRestoration,
   useUnifiedAuth
-} from "./chunk-X4FRXJV6.js";
+} from "./chunk-AUXS7XSO.js";
 import {
   LoadingSpinner
 } from "./chunk-CDQ3PX7L.js";
@@ -929,8 +929,12 @@ var NavigationMenu = React9.forwardRef(({
     if (!filterByPermissions || !authContext || !rbacContext || scopeLoading || permissionsLoading || !resolvedScope?.organisationId) {
       return (items || []).filter((item) => !item.meta?.hidden);
     }
-    return (items || []).filter((item) => {
-      if (item.meta?.hidden) return false;
+    const getPageIdFromHref = (href) => {
+      if (!href) return null;
+      const path = href.split("?")[0].split("#")[0].replace(/^\//, "");
+      return path || "home";
+    };
+    const hasItemPermission = (item) => {
       if (item.permissions && item.permissions.length > 0) {
         const permissions = item.permissions.filter((p) => typeof p === "string").map((p) => p);
         if (permissions.length > 0) {
@@ -986,8 +990,43 @@ var NavigationMenu = React9.forwardRef(({
           }
         }
       }
+      if (item.href && !item.permissions && !item.roles && !item.accessLevel) {
+        const pageId = item.pageId || getPageIdFromHref(item.href);
+        if (pageId) {
+          const pagePermission = `read:page.${pageId}`;
+          const hasPagePermission = permissionMap["*"] === true || permissionMap[pagePermission] === true;
+          if (!hasPagePermission) {
+            if (auditLog) {
+              console.log(`[NavigationMenu] Filtering out navigation item "${item.label}" - no page permission:`, {
+                itemId: item.id,
+                href: item.href,
+                pageId,
+                permission: pagePermission,
+                hasPermission: hasPagePermission
+              });
+            }
+            return false;
+          }
+        }
+      }
       return true;
-    });
+    };
+    const filterItem = (item) => {
+      if (item.meta?.hidden) return null;
+      if (!hasItemPermission(item)) return null;
+      let filteredChildren;
+      if (item.children && item.children.length > 0) {
+        filteredChildren = item.children.map((child) => filterItem(child)).filter((child) => child !== null);
+        if (filteredChildren.length === 0 && !item.href) {
+          return null;
+        }
+      }
+      return {
+        ...item,
+        children: filteredChildren
+      };
+    };
+    return (items || []).map((item) => filterItem(item)).filter((item) => item !== null);
   }, [
     items,
     filterByPermissions,
@@ -997,7 +1036,8 @@ var NavigationMenu = React9.forwardRef(({
     hasAnyPermission,
     scopeLoading,
     permissionsLoading,
-    resolvedScope
+    resolvedScope,
+    auditLog
   ]);
   React9.useEffect(() => {
     if (auditLog && authContext) {
@@ -1379,7 +1419,7 @@ function PaceAppLayout({
         appId: user.user_metadata?.appId || user.app_metadata?.appId
       };
       try {
-        const { isSuperAdmin: isSuperAdmin2 } = await import("./api-KG4A2X7P.js");
+        const { isSuperAdmin: isSuperAdmin2 } = await import("./api-PIE4JRFS.js");
         const isSuper = await isSuperAdmin2(user.id);
         if (isSuper) {
           return true;
@@ -1394,10 +1434,11 @@ function PaceAppLayout({
         console.warn("No organisation context available for permission check, denying access");
         return false;
       }
+      const fullPermission = permission.includes(":") ? permission : pageId ? `${permission}:page.${pageId}` : permission;
       return await isPermitted({
         userId: user.id,
         scope,
-        permission,
+        permission: fullPermission,
         pageId
       });
     } catch (error) {
@@ -1498,7 +1539,7 @@ function PaceAppLayout({
         appId: user.user_metadata?.appId || user.app_metadata?.appId
       };
       try {
-        const { isSuperAdmin: isSuperAdmin2 } = await import("./api-KG4A2X7P.js");
+        const { isSuperAdmin: isSuperAdmin2 } = await import("./api-PIE4JRFS.js");
         const isSuper = await isSuperAdmin2(user.id);
         if (isSuper) {
           if (isMounted) {
@@ -1518,22 +1559,38 @@ function PaceAppLayout({
         }
         return;
       }
-      const filtered = await Promise.all(
-        baseMenuItems.map(async (item) => {
+      try {
+        const { getPermissionMap } = await import("./api-PIE4JRFS.js");
+        const permissionMap = await getPermissionMap({
+          userId: user.id,
+          scope
+        });
+        const filtered = baseMenuItems.map((item) => {
           if (!item.href) return { item, hasAccess: true };
           const pageId = pageIdMapping[item.href] || item.href.slice(1) || "home";
           const permission = routePermissions[item.href] || defaultPermission;
-          try {
-            const hasAccess = await checkPermission(permission, pageId);
-            return { item, hasAccess };
-          } catch {
-            return { item, hasAccess: false };
+          const fullPermission = permission.includes(":") ? permission : pageId ? `${permission}:page.${pageId}` : permission;
+          const hasAccess = permissionMap["*"] === true || permissionMap[fullPermission] === true;
+          if (auditLog) {
+            console.log(`[PaceAppLayout] Navigation filtering:`, {
+              item: item.label,
+              href: item.href,
+              pageId,
+              permission: fullPermission,
+              hasAccess
+            });
           }
-        })
-      );
-      if (!isMounted) return;
-      const accessibleItems = filtered.filter(({ hasAccess }) => hasAccess).map(({ item }) => item);
-      setFilteredMenuItems(accessibleItems);
+          return { item, hasAccess };
+        });
+        if (!isMounted) return;
+        const accessibleItems = filtered.filter(({ hasAccess }) => hasAccess).map(({ item }) => item);
+        setFilteredMenuItems(accessibleItems);
+      } catch (error) {
+        console.error("[PaceAppLayout] Failed to load permission map for navigation filtering:", error);
+        if (isMounted) {
+          setFilteredMenuItems(baseMenuItems);
+        }
+      }
     };
     filterItems();
     return () => {
@@ -1572,7 +1629,7 @@ function PaceAppLayout({
         }
       }
       if (hasAccess && currentRoute.roles && currentRoute.roles.length > 0 && user?.id) {
-        const { useUnifiedAuth: useUnifiedAuth2 } = await import("./UnifiedAuthProvider-XU4BHFXZ.js");
+        const { useUnifiedAuth: useUnifiedAuth2 } = await import("./UnifiedAuthProvider-A7I23UCN.js");
         hasAccess = true;
       }
       if (!isMounted) return;
@@ -4396,4 +4453,4 @@ export {
   PublicPageDiagnostic,
   PublicPageContextChecker
 };
-//# sourceMappingURL=chunk-B3QX32P5.js.map
+//# sourceMappingURL=chunk-3J5N2T2N.js.map