@jmruthers/pace-core 0.5.108 → 0.5.110

package/dist/{chunk-VJ7MPS2K.js → chunk-AWK2FAUN.js}

@@ -1,15 +1,15 @@
 import {
   init_OrganisationProvider,
   usePublicPageContext
-} from "./chunk-DMNMZKWS.js";
+} from "./chunk-2W4WKJVF.js";
 import {
   init_useOrganisations,
   useEvents,
   useOrganisations
-} from "./chunk-ZXY5NTJB.js";
+} from "./chunk-EZ64QG2I.js";
 import {
   useUnifiedAuth
-} from "./chunk-X4FRXJV6.js";
+} from "./chunk-AUXS7XSO.js";
 import {
   applyPalette,
   clearPalette,
@@ -96,7 +96,7 @@ var useOrganisationSecurity = () => {
     const targetOrgId = orgId || selectedOrganisation?.id;
     if (!targetOrgId || !user) return false;
     try {
-      const { isPermitted } = await import("./api-KG4A2X7P.js");
+      const { isPermitted } = await import("./api-PIE4JRFS.js");
       const scope = {
         organisationId: targetOrgId,
         eventId: user.user_metadata?.eventId || user.app_metadata?.eventId,
@@ -119,7 +119,7 @@ var useOrganisationSecurity = () => {
     const targetOrgId = orgId || selectedOrganisation?.id;
     if (!targetOrgId || !user) return [];
     try {
-      const { getPermissionMap } = await import("./api-KG4A2X7P.js");
+      const { getPermissionMap } = await import("./api-PIE4JRFS.js");
       const scope = {
         organisationId: targetOrgId,
         eventId: user.user_metadata?.eventId || user.app_metadata?.eventId,
@@ -706,4 +706,4 @@ export {
   generatePublicRoutePath,
   extractEventCodeFromPath
 };
-//# sourceMappingURL=chunk-VJ7MPS2K.js.map
+//# sourceMappingURL=chunk-AWK2FAUN.js.map

package/dist/{chunk-LT6RKRA7.js → chunk-D6MEKC27.js}

@@ -4,7 +4,7 @@ import {
   init_InactivityServiceProvider,
   init_OrganisationServiceProvider,
   init_UnifiedAuthProvider
-} from "./chunk-X4FRXJV6.js";
+} from "./chunk-AUXS7XSO.js";
 
 // src/providers/index.ts
 init_UnifiedAuthProvider();
@@ -12,4 +12,4 @@ init_EventServiceProvider();
 init_OrganisationServiceProvider();
 init_InactivityServiceProvider();
 init_AuthServiceProvider();
-//# sourceMappingURL=chunk-LT6RKRA7.js.map
+//# sourceMappingURL=chunk-D6MEKC27.js.map

package/dist/{chunk-KBG34SVL.js → chunk-EYSXQ756.js}

@@ -2,7 +2,7 @@ import {
   UnifiedAuthProvider,
   init_UnifiedAuthProvider,
   useUnifiedAuth
-} from "./chunk-X4FRXJV6.js";
+} from "./chunk-AUXS7XSO.js";
 import {
   __esm,
   __export
@@ -24,4 +24,4 @@ export {
   UnifiedAuthProvider_exports,
   init_UnifiedAuthProvider2 as init_UnifiedAuthProvider
 };
-//# sourceMappingURL=chunk-KBG34SVL.js.map
+//# sourceMappingURL=chunk-EYSXQ756.js.map

package/dist/{chunk-ZXY5NTJB.js → chunk-EZ64QG2I.js}

@@ -3,7 +3,7 @@ import {
   init_useOrganisationService,
   useEventService2 as useEventService,
   useOrganisationService2 as useOrganisationService
-} from "./chunk-X4FRXJV6.js";
+} from "./chunk-AUXS7XSO.js";
 import {
   __esm
 } from "./chunk-PLDDJCW6.js";
@@ -57,4 +57,4 @@ export {
   init_useOrganisations,
   useEvents
 };
-//# sourceMappingURL=chunk-ZXY5NTJB.js.map
+//# sourceMappingURL=chunk-EZ64QG2I.js.map

package/dist/chunk-GZRXOUBE.js

@@ -0,0 +1,176 @@
+// src/utils/sessionTracking.ts
+function useSessionTracking(supabaseClient, appName) {
+  const resolveAppId = async () => {
+    if (!appName) return void 0;
+    try {
+      const { data, error } = await supabaseClient.from("rbac_apps").select("id").eq("name", appName).eq("is_active", true).single();
+      if (error || !data) {
+        console.warn("App not found or inactive:", appName);
+        return void 0;
+      }
+      return data.id;
+    } catch (error) {
+      console.error("Failed to resolve app ID:", error);
+      return void 0;
+    }
+  };
+  const trackEventSwitch = async (eventId) => {
+    try {
+      const { data: { user } } = await supabaseClient.auth.getUser();
+      if (!user) {
+        console.warn("No authenticated user found for session tracking");
+        return;
+      }
+      const appId = await resolveAppId();
+      const params = {
+        p_session_type: "event_switch",
+        p_event_id: eventId,
+        p_app_id: appId
+      };
+      const { error } = await supabaseClient.rpc("rbac_session_track", {
+        p_user_id: user?.id,
+        p_session_type: params.p_session_type,
+        p_event_id: params.p_event_id,
+        p_app_id: params.p_app_id,
+        p_ip_address: params.ip_address,
+        p_user_agent: params.user_agent
+      });
+      if (error) {
+        console.error("Failed to track event switch session:", error);
+      } else {
+        console.log("Event switch session tracked successfully");
+      }
+    } catch (error) {
+      console.error("Failed to track event switch:", error);
+    }
+  };
+  const trackSessionExpired = async () => {
+    try {
+      const { data: { user } } = await supabaseClient.auth.getUser();
+      if (!user) {
+        console.warn("No authenticated user found for session tracking");
+        return;
+      }
+      const appId = await resolveAppId();
+      const params = {
+        p_session_type: "session_expired",
+        p_app_id: appId
+      };
+      const { error } = await supabaseClient.rpc("rbac_session_track", {
+        p_user_id: user?.id,
+        p_session_type: params.p_session_type,
+        p_event_id: params.p_event_id,
+        p_app_id: params.p_app_id,
+        p_ip_address: params.ip_address,
+        p_user_agent: params.user_agent
+      });
+      if (error) {
+        console.error("Failed to track session expiration:", error);
+      } else {
+        console.log("Session expiration tracked successfully");
+      }
+    } catch (error) {
+      console.error("Failed to track session expiration:", error);
+    }
+  };
+  return {
+    trackEventSwitch,
+    trackSessionExpired
+  };
+}
+
+// src/utils/appConfig.ts
+var currentAppConfig = null;
+function setAppConfig(config) {
+  currentAppConfig = config;
+}
+function getAppConfig() {
+  if (!currentAppConfig) {
+    const appName = import.meta.env.REACT_APP_NAME || "PACE";
+    return {
+      appName,
+      appId: appName
+    };
+  }
+  return currentAppConfig;
+}
+function getCurrentAppName() {
+  return getAppConfig().appName;
+}
+function getCurrentAppId() {
+  return getAppConfig().appId;
+}
+
+// src/utils/formatting.ts
+function formatDate(date) {
+  const dateObj = typeof date === "string" || typeof date === "number" ? new Date(date) : date;
+  return dateObj.toLocaleDateString(void 0, {
+    year: "numeric",
+    month: "short",
+    day: "numeric"
+  });
+}
+function formatCurrency(value, currencyCode = "USD", locale = "en-US") {
+  return new Intl.NumberFormat(locale, {
+    style: "currency",
+    currency: currencyCode
+  }).format(value);
+}
+function formatNumber(value, options = {}, locale = "en-US") {
+  return new Intl.NumberFormat(locale, options).format(value);
+}
+function formatPercent(value, locale = "en-US", decimalsOrOptions) {
+  let decimals;
+  if (typeof decimalsOrOptions === "number") {
+    decimals = decimalsOrOptions;
+  } else if (decimalsOrOptions && typeof decimalsOrOptions === "object") {
+    if (decimalsOrOptions.preserveDecimals) {
+      const valueStr = value.toString();
+      const decimalIndex = valueStr.indexOf(".");
+      if (decimalIndex !== -1) {
+        const detectedDecimals = valueStr.length - decimalIndex - 1;
+        const maxDecimals = decimalsOrOptions.maxDecimals ?? 10;
+        decimals = Math.min(detectedDecimals, maxDecimals);
+      } else {
+        decimals = 0;
+      }
+    } else {
+      decimals = decimalsOrOptions.decimals ?? 1;
+    }
+  } else {
+    decimals = 1;
+  }
+  return new Intl.NumberFormat(locale, {
+    style: "percent",
+    minimumFractionDigits: decimals,
+    maximumFractionDigits: decimals
+  }).format(value / 100);
+}
+function formatCompactNumber(value, locale = "en-US") {
+  return new Intl.NumberFormat(locale, {
+    notation: "compact",
+    compactDisplay: "short"
+  }).format(value);
+}
+function formatFileSize(bytes) {
+  if (bytes === 0) return "0 Bytes";
+  const k = 1024;
+  const sizes = ["Bytes", "KB", "MB", "GB", "TB", "PB"];
+  const i = Math.floor(Math.log(bytes) / Math.log(k));
+  return parseFloat((bytes / Math.pow(k, i)).toFixed(2)) + " " + sizes[i];
+}
+
+export {
+  useSessionTracking,
+  setAppConfig,
+  getAppConfig,
+  getCurrentAppName,
+  getCurrentAppId,
+  formatDate,
+  formatCurrency,
+  formatNumber,
+  formatPercent,
+  formatCompactNumber,
+  formatFileSize
+};
+//# sourceMappingURL=chunk-GZRXOUBE.js.map

package/dist/chunk-GZRXOUBE.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/utils/sessionTracking.ts","../src/utils/appConfig.ts","../src/utils/formatting.ts"],"sourcesContent":["import type { SupabaseClient } from '@supabase/supabase-js';\n\n// Define the tracking parameters locally since old RBAC types are removed\ninterface TrackUserSessionParams {\n  p_session_type: 'event_switch' | 'session_expired';\n  p_event_id?: string;\n  p_app_id?: string;\n  ip_address?: string;\n  user_agent?: string;\n}\n\n/**\n * Hook for manual session tracking (event switches and session expiration).\n * \n * Note: Login and logout tracking is automatically handled by UnifiedAuthProvider.\n * You should only use this hook for tracking event switches or session expirations.\n * \n * @param supabaseClient - Supabase client instance\n * @param appName - Optional application name for tracking\n * @returns Object containing tracking functions for event switches and session expiration\n */\nexport function useSessionTracking(supabaseClient: SupabaseClient, appName?: string) {\n  // Resolve app name to app_id\n  const resolveAppId = async (): Promise<string | undefined> => {\n    if (!appName) return undefined;\n    \n    try {\n      const { data, error } = await supabaseClient\n        .from('rbac_apps')\n        .select('id')\n        .eq('name', appName)\n        .eq('is_active', true)\n        .single();\n      \n      if (error || !data) {\n        console.warn('App not found or inactive:', appName);\n        return undefined;\n      }\n      \n      return data.id;\n    } catch (error) {\n      console.error('Failed to resolve app ID:', error);\n      return undefined;\n    }\n  };\n  /**\n   * Track an event switch\n   * @param eventId - ID of the event being switched to\n   */\n  const trackEventSwitch = async (eventId: string) => {\n    try {\n      const { data: { user } } = await supabaseClient.auth.getUser();\n      if (!user) {\n        console.warn('No authenticated user found for session tracking');\n        return;\n      }\n\n      const appId = await resolveAppId();\n\n      const params: TrackUserSessionParams = {\n        p_session_type: 'event_switch',\n        p_event_id: eventId,\n        p_app_id: appId\n      };\n\n      const { error } = await supabaseClient.rpc('rbac_session_track', {\n        p_user_id: user?.id,\n        p_session_type: params.p_session_type,\n        p_event_id: params.p_event_id,\n        p_app_id: params.p_app_id,\n        p_ip_address: params.ip_address,\n        p_user_agent: params.user_agent\n      });\n      \n      if (error) {\n        console.error('Failed to track event switch session:', error);\n      } else {\n        console.log('Event switch session tracked successfully');\n      }\n    } catch (error) {\n      console.error('Failed to track event switch:', error);\n    }\n  };\n\n  /**\n   * Track a session expiration\n   */\n  const trackSessionExpired = async () => {\n    try {\n      const { data: { user } } = await supabaseClient.auth.getUser();\n      if (!user) {\n        console.warn('No authenticated user found for session tracking');\n        return;\n      }\n\n      const appId = await resolveAppId();\n\n      const params: TrackUserSessionParams = {\n        p_session_type: 'session_expired',\n        p_app_id: appId\n      };\n\n      const { error } = await supabaseClient.rpc('rbac_session_track', {\n        p_user_id: user?.id,\n        p_session_type: params.p_session_type,\n        p_event_id: params.p_event_id,\n        p_app_id: params.p_app_id,\n        p_ip_address: params.ip_address,\n        p_user_agent: params.user_agent\n      });\n      \n      if (error) {\n        console.error('Failed to track session expiration:', error);\n      } else {\n        console.log('Session expiration tracked successfully');\n      }\n    } catch (error) {\n      console.error('Failed to track session expiration:', error);\n    }\n  };\n\n  return {\n    trackEventSwitch,\n    trackSessionExpired\n  };\n} ","\n/**\n * Application configuration utilities\n */\n\nexport interface AppConfig {\n  appName: string;\n  appId: string;\n}\n\nlet currentAppConfig: AppConfig | null = null;\n\n/**\n * Set the current application configuration\n */\nexport function setAppConfig(config: AppConfig) {\n  currentAppConfig = config;\n}\n\n/**\n * Get the current application configuration\n */\nexport function getAppConfig(): AppConfig {\n  if (!currentAppConfig) {\n    // Fallback to environment or default\n    const appName = import.meta.env.REACT_APP_NAME || 'PACE';\n    return {\n      appName,\n      appId: appName\n    };\n  }\n  return currentAppConfig;\n}\n\n/**\n * Get the current app name\n */\nexport function getCurrentAppName(): string {\n  return getAppConfig().appName;\n}\n\n/**\n * Get the current app ID\n */\nexport function getCurrentAppId(): string {\n  return getAppConfig().appId;\n}\n","/**\n * Utility functions for formatting data in the application\n */\n\n/**\n * Format a date as a readable string\n */\nexport function formatDate(date: Date | string | number): string {\n  const dateObj = typeof date === 'string' || typeof date === 'number' \n    ? new Date(date) \n    : date;\n  \n  return dateObj.toLocaleDateString(undefined, {\n    year: 'numeric',\n    month: 'short',\n    day: 'numeric'\n  });\n}\n\n/**\n * Format a number as a currency\n */\nexport function formatCurrency(value: number, currencyCode = 'USD', locale = 'en-US'): string {\n  return new Intl.NumberFormat(locale, {\n    style: 'currency',\n    currency: currencyCode,\n  }).format(value);\n}\n\n/**\n * Format a number with custom options\n */\nexport function formatNumber(\n  value: number,\n  options: Intl.NumberFormatOptions = {},\n  locale = 'en-US'\n): string {\n  return new Intl.NumberFormat(locale, options).format(value);\n}\n\n/**\n * Format a number as a percentage.\n * \n * The third parameter can be either:\n * - A number for fixed decimal places (backward compatible): `formatPercent(0.81, 'en-US', 2)`\n * - An options object with:\n *   - `decimals`: Fixed number of decimal places (default: 1)\n *   - `preserveDecimals`: Auto-detect and preserve decimal places from the input value\n *   - `maxDecimals`: Maximum decimal places when preserving (default: 10)\n * \n * @param value - The percentage value as a decimal (e.g., 0.81 for 0.81%)\n * @param locale - The locale string (default: 'en-US')\n * @param decimalsOrOptions - Either a number for fixed decimals, or an options object with:\n *   - `decimals` - Fixed number of decimal places (default: 1)\n *   - `preserveDecimals` - Auto-detect and preserve decimal places from the input value\n *   - `maxDecimals` - Maximum decimal places when preserving (default: 10)\n * @returns Formatted percentage string (e.g., \"0.81%\", \"81%\")\n * \n * @example\n * ```ts\n * // Fixed decimals (default behavior)\n * formatPercent(0.5) // '0.5%'\n * formatPercent(0.81, 'en-US', 1) // '0.8%' (loses precision)\n * \n * // Preserve decimal places dynamically\n * formatPercent(0.81, 'en-US', { preserveDecimals: true }) // '0.81%'\n * formatPercent(0.8123, 'en-US', { preserveDecimals: true, maxDecimals: 2 }) // '0.81%'\n * ```\n */\nexport function formatPercent(\n  value: number,\n  locale: string = 'en-US',\n  decimalsOrOptions?: number | {\n    decimals?: number;\n    preserveDecimals?: boolean;\n    maxDecimals?: number;\n  }\n): string {\n  let decimals: number;\n\n  // Backward compatibility: if decimalsOrOptions is a number, use it directly\n  if (typeof decimalsOrOptions === 'number') {\n    decimals = decimalsOrOptions;\n  } else if (decimalsOrOptions && typeof decimalsOrOptions === 'object') {\n    // New options object: check if we should preserve decimals\n    if (decimalsOrOptions.preserveDecimals) {\n      const valueStr = value.toString();\n      const decimalIndex = valueStr.indexOf('.');\n      \n      if (decimalIndex !== -1) {\n        const detectedDecimals = valueStr.length - decimalIndex - 1;\n        const maxDecimals = decimalsOrOptions.maxDecimals ?? 10;\n        decimals = Math.min(detectedDecimals, maxDecimals);\n      } else {\n        decimals = 0;\n      }\n    } else {\n      decimals = decimalsOrOptions.decimals ?? 1;\n    }\n  } else {\n    decimals = 1;\n  }\n\n  return new Intl.NumberFormat(locale, {\n    style: 'percent',\n    minimumFractionDigits: decimals,\n    maximumFractionDigits: decimals,\n  }).format(value / 100);\n}\n\n/**\n * Format a large number with abbreviations (K, M, B)\n */\nexport function formatCompactNumber(value: number, locale = 'en-US'): string {\n  return new Intl.NumberFormat(locale, {\n    notation: 'compact',\n    compactDisplay: 'short'\n  }).format(value);\n}\n\n/**\n * Format a file size in bytes to a human-readable string\n */\nexport function formatFileSize(bytes: number): string {\n  if (bytes === 0) return '0 Bytes';\n  \n  const k = 1024;\n  const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB', 'PB'];\n  const i = Math.floor(Math.log(bytes) / Math.log(k));\n  \n  return parseFloat((bytes / Math.pow(k, i)).toFixed(2)) + ' ' + sizes[i];\n}\n"],"mappings":";AAqBO,SAAS,mBAAmB,gBAAgC,SAAkB;AAEnF,QAAM,eAAe,YAAyC;AAC5D,QAAI,CAAC,QAAS,QAAO;AAErB,QAAI;AACF,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,eAC3B,KAAK,WAAW,EAChB,OAAO,IAAI,EACX,GAAG,QAAQ,OAAO,EAClB,GAAG,aAAa,IAAI,EACpB,OAAO;AAEV,UAAI,SAAS,CAAC,MAAM;AAClB,gBAAQ,KAAK,8BAA8B,OAAO;AAClD,eAAO;AAAA,MACT;AAEA,aAAO,KAAK;AAAA,IACd,SAAS,OAAO;AACd,cAAQ,MAAM,6BAA6B,KAAK;AAChD,aAAO;AAAA,IACT;AAAA,EACF;AAKA,QAAM,mBAAmB,OAAO,YAAoB;AAClD,QAAI;AACF,YAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,MAAM,eAAe,KAAK,QAAQ;AAC7D,UAAI,CAAC,MAAM;AACT,gBAAQ,KAAK,kDAAkD;AAC/D;AAAA,MACF;AAEA,YAAM,QAAQ,MAAM,aAAa;AAEjC,YAAM,SAAiC;AAAA,QACrC,gBAAgB;AAAA,QAChB,YAAY;AAAA,QACZ,UAAU;AAAA,MACZ;AAEA,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,IAAI,sBAAsB;AAAA,QAC/D,WAAW,MAAM;AAAA,QACjB,gBAAgB,OAAO;AAAA,QACvB,YAAY,OAAO;AAAA,QACnB,UAAU,OAAO;AAAA,QACjB,cAAc,OAAO;AAAA,QACrB,cAAc,OAAO;AAAA,MACvB,CAAC;AAED,UAAI,OAAO;AACT,gBAAQ,MAAM,yCAAyC,KAAK;AAAA,MAC9D,OAAO;AACL,gBAAQ,IAAI,2CAA2C;AAAA,MACzD;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,iCAAiC,KAAK;AAAA,IACtD;AAAA,EACF;AAKA,QAAM,sBAAsB,YAAY;AACtC,QAAI;AACF,YAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,MAAM,eAAe,KAAK,QAAQ;AAC7D,UAAI,CAAC,MAAM;AACT,gBAAQ,KAAK,kDAAkD;AAC/D;AAAA,MACF;AAEA,YAAM,QAAQ,MAAM,aAAa;AAEjC,YAAM,SAAiC;AAAA,QACrC,gBAAgB;AAAA,QAChB,UAAU;AAAA,MACZ;AAEA,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,IAAI,sBAAsB;AAAA,QAC/D,WAAW,MAAM;AAAA,QACjB,gBAAgB,OAAO;AAAA,QACvB,YAAY,OAAO;AAAA,QACnB,UAAU,OAAO;AAAA,QACjB,cAAc,OAAO;AAAA,QACrB,cAAc,OAAO;AAAA,MACvB,CAAC;AAED,UAAI,OAAO;AACT,gBAAQ,MAAM,uCAAuC,KAAK;AAAA,MAC5D,OAAO;AACL,gBAAQ,IAAI,yCAAyC;AAAA,MACvD;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,uCAAuC,KAAK;AAAA,IAC5D;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;;;ACnHA,IAAI,mBAAqC;AAKlC,SAAS,aAAa,QAAmB;AAC9C,qBAAmB;AACrB;AAKO,SAAS,eAA0B;AACxC,MAAI,CAAC,kBAAkB;AAErB,UAAM,UAAU,YAAY,IAAI,kBAAkB;AAClD,WAAO;AAAA,MACL;AAAA,MACA,OAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAKO,SAAS,oBAA4B;AAC1C,SAAO,aAAa,EAAE;AACxB;AAKO,SAAS,kBAA0B;AACxC,SAAO,aAAa,EAAE;AACxB;;;ACvCO,SAAS,WAAW,MAAsC;AAC/D,QAAM,UAAU,OAAO,SAAS,YAAY,OAAO,SAAS,WACxD,IAAI,KAAK,IAAI,IACb;AAEJ,SAAO,QAAQ,mBAAmB,QAAW;AAAA,IAC3C,MAAM;AAAA,IACN,OAAO;AAAA,IACP,KAAK;AAAA,EACP,CAAC;AACH;AAKO,SAAS,eAAe,OAAe,eAAe,OAAO,SAAS,SAAiB;AAC5F,SAAO,IAAI,KAAK,aAAa,QAAQ;AAAA,IACnC,OAAO;AAAA,IACP,UAAU;AAAA,EACZ,CAAC,EAAE,OAAO,KAAK;AACjB;AAKO,SAAS,aACd,OACA,UAAoC,CAAC,GACrC,SAAS,SACD;AACR,SAAO,IAAI,KAAK,aAAa,QAAQ,OAAO,EAAE,OAAO,KAAK;AAC5D;AA+BO,SAAS,cACd,OACA,SAAiB,SACjB,mBAKQ;AACR,MAAI;AAGJ,MAAI,OAAO,sBAAsB,UAAU;AACzC,eAAW;AAAA,EACb,WAAW,qBAAqB,OAAO,sBAAsB,UAAU;AAErE,QAAI,kBAAkB,kBAAkB;AACtC,YAAM,WAAW,MAAM,SAAS;AAChC,YAAM,eAAe,SAAS,QAAQ,GAAG;AAEzC,UAAI,iBAAiB,IAAI;AACvB,cAAM,mBAAmB,SAAS,SAAS,eAAe;AAC1D,cAAM,cAAc,kBAAkB,eAAe;AACrD,mBAAW,KAAK,IAAI,kBAAkB,WAAW;AAAA,MACnD,OAAO;AACL,mBAAW;AAAA,MACb;AAAA,IACF,OAAO;AACL,iBAAW,kBAAkB,YAAY;AAAA,IAC3C;AAAA,EACF,OAAO;AACL,eAAW;AAAA,EACb;AAEA,SAAO,IAAI,KAAK,aAAa,QAAQ;AAAA,IACnC,OAAO;AAAA,IACP,uBAAuB;AAAA,IACvB,uBAAuB;AAAA,EACzB,CAAC,EAAE,OAAO,QAAQ,GAAG;AACvB;AAKO,SAAS,oBAAoB,OAAe,SAAS,SAAiB;AAC3E,SAAO,IAAI,KAAK,aAAa,QAAQ;AAAA,IACnC,UAAU;AAAA,IACV,gBAAgB;AAAA,EAClB,CAAC,EAAE,OAAO,KAAK;AACjB;AAKO,SAAS,eAAe,OAAuB;AACpD,MAAI,UAAU,EAAG,QAAO;AAExB,QAAM,IAAI;AACV,QAAM,QAAQ,CAAC,SAAS,MAAM,MAAM,MAAM,MAAM,IAAI;AACpD,QAAM,IAAI,KAAK,MAAM,KAAK,IAAI,KAAK,IAAI,KAAK,IAAI,CAAC,CAAC;AAElD,SAAO,YAAY,QAAQ,KAAK,IAAI,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,MAAM,MAAM,CAAC;AACxE;","names":[]}

package/dist/{chunk-QDDUU625.js → chunk-HADXAZT3.js}

@@ -6,16 +6,16 @@ import {
   isPermitted,
   isPermittedCached,
   resolveAppContext
-} from "./chunk-S63MFSY6.js";
+} from "./chunk-XRSP3H52.js";
 import {
   init_useOrganisations,
   useEvents,
   useOrganisations
-} from "./chunk-ZXY5NTJB.js";
+} from "./chunk-EZ64QG2I.js";
 import {
   init_UnifiedAuthProvider,
   useUnifiedAuth
-} from "./chunk-X4FRXJV6.js";
+} from "./chunk-AUXS7XSO.js";
 import {
   getCurrentAppName
 } from "./chunk-JCQZ6LA7.js";
@@ -729,4 +729,4 @@ export {
   useHasAllPermissions,
   useCachedPermissions
 };
-//# sourceMappingURL=chunk-QDDUU625.js.map
+//# sourceMappingURL=chunk-HADXAZT3.js.map

package/dist/{chunk-IMZGJ2X7.js → chunk-HGZSO43Y.js}

@@ -1,17 +1,17 @@
 import {
   useCan,
   useResolvedScope
-} from "./chunk-QDDUU625.js";
+} from "./chunk-HADXAZT3.js";
 import {
   toast,
   useDataTablePerformance
 } from "./chunk-4OX5PXHX.js";
 import {
   init_UnifiedAuthProvider
-} from "./chunk-KBG34SVL.js";
+} from "./chunk-EYSXQ756.js";
 import {
   useUnifiedAuth
-} from "./chunk-X4FRXJV6.js";
+} from "./chunk-AUXS7XSO.js";
 import {
   cn
 } from "./chunk-PYUXFQJ3.js";
@@ -12703,4 +12703,4 @@ lodash/lodash.js:
    * Copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
    *)
 */
-//# sourceMappingURL=chunk-IMZGJ2X7.js.map
+//# sourceMappingURL=chunk-HGZSO43Y.js.map

package/dist/{chunk-S63MFSY6.js → chunk-XRSP3H52.js}

@@ -746,7 +746,8 @@ var DEFAULT_SECURITY_CONFIG = {
   enableInputValidation: true,
   enableRateLimiting: true,
   enableAuditLogging: true,
-  maxPermissionChecksPerMinute: 100,
+  maxPermissionChecksPerMinute: 1e3,
+  // Increased from 100 to 1000 for normal app usage
   suspiciousActivityThreshold: 10
 };
 var RBACSecurityMiddleware = class {
@@ -871,9 +872,13 @@ var RBACSecurityMiddleware = class {
 
 // src/rbac/engine.ts
 var RBACEngine = class {
-  constructor(supabase) {
+  constructor(supabase, securityConfig) {
     this.supabase = supabase;
-    this.securityMiddleware = new RBACSecurityMiddleware(DEFAULT_SECURITY_CONFIG);
+    const mergedSecurityConfig = {
+      ...DEFAULT_SECURITY_CONFIG,
+      ...securityConfig
+    };
+    this.securityMiddleware = new RBACSecurityMiddleware(mergedSecurityConfig);
     initializeCacheInvalidation(supabase);
   }
   /**
@@ -1181,7 +1186,9 @@ var RBACEngine = class {
         p_user_id: userId,
         p_organisation_id: scope.organisationId || null,
         p_event_id: scope.eventId || null,
-        p_app_id: scope.appId || null
+        p_app_id: scope.appId || null,
+        p_page_id: null
+        // Optional: can filter to specific page if needed
       });
       if (error) {
         console.error("[RBACEngine] Failed to load role context:", error);
@@ -1252,8 +1259,8 @@ var RBACEngine = class {
     }
   }
 };
-function createRBACEngine(supabase) {
-  return new RBACEngine(supabase);
+function createRBACEngine(supabase, securityConfig) {
+  return new RBACEngine(supabase, securityConfig);
 }
 
 // src/rbac/config.ts
@@ -1347,7 +1354,7 @@ function setupRBAC(supabase, config) {
     ...config
   };
   createRBACConfig(fullConfig);
-  globalEngine = createRBACEngine(supabase);
+  globalEngine = createRBACEngine(supabase, config?.security);
   const auditManager = createAuditManager(supabase);
   setGlobalAuditManager(auditManager);
   logger.info("RBAC system initialized successfully");
@@ -1519,4 +1526,4 @@ export {
   invalidateAppCache,
   clearCache
 };
-//# sourceMappingURL=chunk-S63MFSY6.js.map
+//# sourceMappingURL=chunk-XRSP3H52.js.map