@jmruthers/pace-core 0.5.110 → 0.5.112

package/dist/{AuthService-DrHrvXNZ.d.ts → AuthService-CVgsgtaZ.d.ts}

@@ -76,6 +76,7 @@ interface IEventService {
     setSelectedEvent(event: Event | null): void;
     refreshEvents(): Promise<void>;
     loadPersistedEvent(events: Event[]): Promise<boolean>;
+    restorePersistedEvent(): Promise<boolean>;
     persistEventSelection(eventId: string): void;
     autoSelectNextEvent(events: Event[]): void;
     initialize(): Promise<void>;
@@ -116,6 +117,13 @@ declare class EventService extends BaseService implements IEventService {
     setSelectedEvent(event: Event | null): void;
     refreshEvents(): Promise<void>;
     loadPersistedEvent(events: Event[]): Promise<boolean>;
+    /**
+     * Restore persisted event after login screen has rendered
+     * This should be called explicitly from login page component
+     *
+     * @returns Promise<boolean> - true if event was successfully restored, false otherwise
+     */
+    restorePersistedEvent(): Promise<boolean>;
     persistEventSelection(eventId: string): void;
     clearEventSelection(): void;
     autoSelectNextEvent(events: Event[]): void;

package/dist/{DataTable-D3BK2FCN.js → DataTable-3D3BUZDV.js}

@@ -54,10 +54,10 @@ import {
   sortHierarchicalDataWithSorting,
   validateHierarchicalData,
   validatePaginationConfig
-} from "./chunk-HGZSO43Y.js";
-import "./chunk-HADXAZT3.js";
-import "./chunk-XRSP3H52.js";
-import "./chunk-Q7APDV6H.js";
+} from "./chunk-WMPZY26G.js";
+import "./chunk-I7JC7PTJ.js";
+import "./chunk-TAJRS6YB.js";
+import "./chunk-3OGQLOJM.js";
 import {
   CircuitBreaker,
   DEFAULT_FALLBACK_CONFIG,
@@ -76,9 +76,9 @@ import {
   throttle,
   useDataTablePerformance
 } from "./chunk-4OX5PXHX.js";
-import "./chunk-EZ64QG2I.js";
-import "./chunk-EYSXQ756.js";
-import "./chunk-AUXS7XSO.js";
+import "./chunk-L36JW4KV.js";
+import "./chunk-7H75SHXZ.js";
+import "./chunk-OO3V7W4H.js";
 import "./chunk-PYUXFQJ3.js";
 import "./chunk-JCQZ6LA7.js";
 import "./chunk-BDZUMRBD.js";
@@ -157,4 +157,4 @@ export {
   validateHierarchicalData,
   validatePaginationConfig
 };
-//# sourceMappingURL=DataTable-D3BK2FCN.js.map
+//# sourceMappingURL=DataTable-3D3BUZDV.js.map

package/dist/{UnifiedAuthProvider-A7I23UCN.js → UnifiedAuthProvider-KZZUO27W.js}

@@ -1,10 +1,10 @@
 import {
   init_UnifiedAuthProvider
-} from "./chunk-EYSXQ756.js";
+} from "./chunk-7H75SHXZ.js";
 import {
   UnifiedAuthProvider,
   useUnifiedAuth
-} from "./chunk-AUXS7XSO.js";
+} from "./chunk-OO3V7W4H.js";
 import "./chunk-BDZUMRBD.js";
 import "./chunk-SMJZMKYN.js";
 import "./chunk-PLDDJCW6.js";
@@ -13,4 +13,4 @@ export {
   UnifiedAuthProvider,
   useUnifiedAuth
 };
-//# sourceMappingURL=UnifiedAuthProvider-A7I23UCN.js.map
+//# sourceMappingURL=UnifiedAuthProvider-KZZUO27W.js.map

package/dist/{api-PIE4JRFS.js → api-QPMBZZUZ.js}

@@ -1,4 +1,5 @@
 import {
+  OrganisationContextRequiredError,
   clearCache,
   getAccessLevel,
   getAppConfig,
@@ -19,10 +20,11 @@ import {
   isSuperAdmin,
   resolveAppContext,
   setupRBAC
-} from "./chunk-XRSP3H52.js";
-import "./chunk-Q7APDV6H.js";
+} from "./chunk-TAJRS6YB.js";
+import "./chunk-3OGQLOJM.js";
 import "./chunk-PLDDJCW6.js";
 export {
+  OrganisationContextRequiredError,
   clearCache,
   getAccessLevel,
   getAppConfig,
@@ -44,4 +46,4 @@ export {
   resolveAppContext,
   setupRBAC
 };
-//# sourceMappingURL=api-PIE4JRFS.js.map
+//# sourceMappingURL=api-QPMBZZUZ.js.map

package/dist/{audit-65VNHEV2.js → audit-H4YJJF7R.js}

@@ -4,7 +4,7 @@ import {
   emitAuditEvent,
   getGlobalAuditManager,
   setGlobalAuditManager
-} from "./chunk-Q7APDV6H.js";
+} from "./chunk-3OGQLOJM.js";
 import "./chunk-PLDDJCW6.js";
 export {
   RBACAuditManager,
@@ -13,4 +13,4 @@ export {
   getGlobalAuditManager,
   setGlobalAuditManager
 };
-//# sourceMappingURL=audit-65VNHEV2.js.map
+//# sourceMappingURL=audit-H4YJJF7R.js.map

package/dist/{chunk-Q7APDV6H.js → chunk-3OGQLOJM.js}

@@ -45,15 +45,29 @@ var RBACAuditManager = class {
       });
     }
     try {
+      if (!event.organisationId) {
+        console.warn("[RBAC Audit] Audit event without organisation context - this should be investigated:", {
+          userId: event.userId,
+          eventType: event.type,
+          note: "Organisation context is required for RBAC operations. This may indicate a security issue or missing context derivation."
+        });
+      }
+      const rawPageId = "pageId" in event ? event.pageId : void 0;
+      const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+      const isValidPageIdUuid = rawPageId && uuidRegex.test(rawPageId);
+      const pageIdUuid = isValidPageIdUuid ? rawPageId : void 0;
+      const pageIdName = rawPageId && !isValidPageIdUuid ? rawPageId : void 0;
       const auditEvent = {
         event_type: event.type,
         user_id: event.userId,
-        // CRITICAL: Store organisationId even if null for auditing
-        // Use a fallback UUID if organisation context is missing (for database constraint)
-        organisation_id: event.organisationId || "00000000-0000-0000-0000-000000000000",
+        // Store organisationId - nullable to properly track missing context cases
+        // Do NOT use fallback UUID as it masks security issues
+        organisation_id: event.organisationId || null,
+        // Explicitly null if missing
         event_id: "eventId" in event ? event.eventId : void 0,
         app_id: "appId" in event ? event.appId : void 0,
-        page_id: "pageId" in event ? event.pageId : void 0,
+        page_id: pageIdUuid,
+        // Only set if it's a valid UUID
         permission: "permission" in event ? event.permission : void 0,
         decision: "decision" in event ? event.decision : void 0,
         source: "source" in event ? event.source : "api",
@@ -64,8 +78,10 @@ var RBACAuditManager = class {
           ...event.metadata,
           cache_hit: "cache_hit" in event ? event.cache_hit : void 0,
           cache_source: "cache_source" in event ? event.cache_source : void 0,
-          // Store a flag indicating this event had no organisation context
-          no_organisation_context: !event.organisationId
+          // Explicit flag indicating this event had no organisation context
+          no_organisation_context: !event.organisationId,
+          // Store page name/identifier in metadata if it's not a UUID
+          page_name: pageIdName
         }
       };
       const { error } = await this.supabase.from("rbac_audit_events").insert([auditEvent]);
@@ -189,4 +205,4 @@ export {
   getGlobalAuditManager,
   emitAuditEvent
 };
-//# sourceMappingURL=chunk-Q7APDV6H.js.map
+//# sourceMappingURL=chunk-3OGQLOJM.js.map

package/dist/chunk-3OGQLOJM.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/rbac/audit.ts"],"sourcesContent":["/**\n * RBAC Audit Events System\n * @package @jmruthers/pace-core\n * @module RBAC/Audit\n * @since 1.0.0\n * \n * This module provides structured audit event emission for all RBAC operations.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../types/database';\nimport { \n  UUID, \n  AuditEventSource, \n  RBACAuditEvent \n} from './types';\n\n/**\n * Audit event payload for permission checks\n */\nexport interface PermissionCheckAuditEvent {\n  type: 'permission_check';\n  userId: UUID;\n  organisationId: UUID;\n  eventId?: string;\n  appId?: UUID;\n  pageId?: UUID;\n  permission: string;\n  decision: boolean;\n  source: AuditEventSource;\n  bypass?: boolean;\n  duration_ms: number;\n  cache_hit?: boolean;\n  cache_source?: 'memory' | 'database' | 'rpc';\n  metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for permission denied\n */\nexport interface PermissionDeniedAuditEvent {\n  type: 'permission_denied';\n  userId: UUID;\n  organisationId: UUID;\n  eventId?: string;\n  appId?: UUID;\n  pageId?: UUID;\n  permission: string;\n  source: AuditEventSource;\n  metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for role granted\n */\nexport interface RoleGrantedAuditEvent {\n  type: 'role_granted';\n  userId: UUID;\n  organisationId: UUID;\n  eventId?: string;\n  appId?: UUID;\n  role: string;\n  grantedBy: UUID;\n  metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for role revoked\n */\nexport interface RoleRevokedAuditEvent {\n  type: 'role_denied';\n  userId: UUID;\n  organisationId: UUID;\n  eventId?: string;\n  appId?: UUID;\n  role: string;\n  revokedBy: UUID;\n  metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for RLS denied\n */\nexport interface RLSDeniedAuditEvent {\n  type: 'rls_denied';\n  userId: UUID;\n  organisationId: UUID;\n  table: string;\n  operation: string;\n  metadata?: Record<string, any>;\n}\n\n/**\n * Union type for all audit events\n */\nexport type AuditEventPayload = \n  | PermissionCheckAuditEvent\n  | PermissionDeniedAuditEvent\n  | RoleGrantedAuditEvent\n  | RoleRevokedAuditEvent\n  | RLSDeniedAuditEvent;\n\n/**\n * RBAC Audit Manager\n * \n * Handles emission of structured audit events for all RBAC operations.\n */\nexport class RBACAuditManager {\n  private supabase: SupabaseClient<Database>;\n  private enabled: boolean = true;\n\n  constructor(supabase: SupabaseClient<Database>) {\n    this.supabase = supabase;\n  }\n\n  /**\n   * Enable or disable audit logging\n   * \n   * @param enabled - Whether to enable audit logging\n   */\n  setEnabled(enabled: boolean): void {\n    this.enabled = enabled;\n  }\n\n  /**\n   * Check if audit logging is enabled\n   * \n   * @returns True if audit logging is enabled\n   */\n  isEnabled(): boolean {\n    return this.enabled;\n  }\n\n  /**\n   * Emit an audit event\n   * \n   * @param event - Audit event payload\n   * @returns Promise that resolves when event is logged\n   */\n  async emitEvent(event: AuditEventPayload): Promise<void> {\n    if (!this.enabled) {\n      return;\n    }\n\n    // Validate required fields before attempting to insert\n    // MANDATORY: All audit events must have userId\n    if (!event.userId) {\n      console.error('[RBAC Audit] CRITICAL: Cannot log audit event without userId:', {\n        eventType: event.type,\n        organisationId: event.organisationId\n      });\n      return;\n    }\n\n    // WARNING: Some audit events may not have organisationId (e.g., global admin operations)\n    // Log these for security monitoring even if organisationId is missing\n    if (!event.organisationId) {\n      console.warn('[RBAC Audit] Audit event without organisation context:', {\n        userId: event.userId,\n        eventType: event.type,\n        note: 'This should be investigated for security compliance'\n      });\n    }\n\n    try {\n      // Since organisationId is now required in SecurityContext, this should rarely happen\n      // But we still handle the edge case properly without masking it\n      if (!event.organisationId) {\n        console.warn('[RBAC Audit] Audit event without organisation context - this should be investigated:', {\n          userId: event.userId,\n          eventType: event.type,\n          note: 'Organisation context is required for RBAC operations. This may indicate a security issue or missing context derivation.'\n        });\n      }\n\n      // Validate pageId: only include in page_id column if it's a valid UUID\n      // Otherwise, store it in metadata to avoid database errors\n      const rawPageId = 'pageId' in event ? event.pageId : undefined;\n      const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;\n      const isValidPageIdUuid = rawPageId && uuidRegex.test(rawPageId);\n      const pageIdUuid: UUID | undefined = isValidPageIdUuid ? (rawPageId as UUID) : undefined;\n      const pageIdName: string | undefined = rawPageId && !isValidPageIdUuid ? rawPageId : undefined;\n\n      const auditEvent: Omit<RBACAuditEvent, 'id' | 'created_at'> = {\n        event_type: event.type,\n        user_id: event.userId,\n        // Store organisationId - nullable to properly track missing context cases\n        // Do NOT use fallback UUID as it masks security issues\n        organisation_id: event.organisationId || null, // Explicitly null if missing\n        event_id: 'eventId' in event ? event.eventId : undefined,\n        app_id: 'appId' in event ? event.appId : undefined,\n        page_id: pageIdUuid, // Only set if it's a valid UUID\n        permission: 'permission' in event ? event.permission : undefined,\n        decision: 'decision' in event ? event.decision : undefined,\n        source: 'source' in event ? event.source : 'api', // Default to 'api' if not provided\n        bypass: 'bypass' in event ? event.bypass : undefined,\n        duration_ms: 'duration_ms' in event ? event.duration_ms : undefined,\n        metadata: {\n          ...event.metadata,\n          cache_hit: 'cache_hit' in event ? event.cache_hit : undefined,\n          cache_source: 'cache_source' in event ? event.cache_source : undefined,\n          // Explicit flag indicating this event had no organisation context\n          no_organisation_context: !event.organisationId,\n          // Store page name/identifier in metadata if it's not a UUID\n          page_name: pageIdName,\n        },\n      };\n\n      const { error } = await (this.supabase as any)\n        .from('rbac_audit_events')\n        .insert([auditEvent]);\n\n      if (error) {\n        // Log the error for debugging but don't throw\n        console.warn('[RBAC Audit] Failed to insert audit event:', {\n          error: error.message,\n          code: error.code,\n          details: error.details,\n          hint: error.hint,\n          event: auditEvent\n        });\n      }\n    } catch (error) {\n      // Log unexpected errors but don't throw\n      console.error('[RBAC Audit] Unexpected error during audit logging:', error);\n    }\n  }\n\n  /**\n   * Emit a permission check audit event\n   * \n   * @param event - Permission check event data\n   */\n  async emitPermissionCheck(event: Omit<PermissionCheckAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'permission_check',\n      ...event,\n    });\n  }\n\n  /**\n   * Emit a permission denied audit event\n   * \n   * @param event - Permission denied event data\n   */\n  async emitPermissionDenied(event: Omit<PermissionDeniedAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'permission_denied',\n      ...event,\n    });\n  }\n\n  /**\n   * Emit a role granted audit event\n   * \n   * @param event - Role granted event data\n   */\n  async emitRoleGranted(event: Omit<RoleGrantedAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'role_granted',\n      ...event,\n    });\n  }\n\n  /**\n   * Emit a role revoked audit event\n   * \n   * @param event - Role revoked event data\n   */\n  async emitRoleRevoked(event: Omit<RoleRevokedAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'role_denied',\n      ...event,\n    });\n  }\n\n  /**\n   * Emit an RLS denied audit event\n   * \n   * @param event - RLS denied event data\n   */\n  async emitRLSDenied(event: Omit<RLSDeniedAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'rls_denied',\n      ...event,\n    });\n  }\n\n  /**\n   * Get audit events for a user\n   * \n   * @param userId - User ID\n   * @param limit - Maximum number of events to return\n   * @returns Promise resolving to audit events\n   */\n  async getUserAuditEvents(userId: UUID, limit: number = 100): Promise<RBACAuditEvent[]> {\n    const { data, error } = await this.supabase\n      .from('rbac_audit_events')\n      .select('*')\n      .eq('user_id', userId)\n      .order('created_at', { ascending: false })\n      .limit(limit);\n\n    if (error) {\n      throw new Error(`Failed to get audit events: ${error.message}`);\n    }\n\n    return data || [];\n  }\n\n  /**\n   * Get audit events for an organisation\n   * \n   * @param organisationId - Organisation ID\n   * @param limit - Maximum number of events to return\n   * @returns Promise resolving to audit events\n   */\n  async getOrganisationAuditEvents(organisationId: UUID, limit: number = 100): Promise<RBACAuditEvent[]> {\n    const { data, error } = await this.supabase\n      .from('rbac_audit_events')\n      .select('*')\n      .eq('organisation_id', organisationId)\n      .order('created_at', { ascending: false })\n      .limit(limit);\n\n    if (error) {\n      throw new Error(`Failed to get audit events: ${error.message}`);\n    }\n\n    return data || [];\n  }\n}\n\n/**\n * Create an audit manager instance\n * \n * @param supabase - Supabase client\n * @returns RBACAuditManager instance\n */\nexport function createAuditManager(supabase: SupabaseClient<Database>): RBACAuditManager {\n  return new RBACAuditManager(supabase);\n}\n\n/**\n * Global audit manager instance\n * \n * This is set by the RBAC engine when it initializes.\n */\nlet globalAuditManager: RBACAuditManager | null = null;\n\n/**\n * Set the global audit manager\n * \n * @param manager - Audit manager instance\n */\nexport function setGlobalAuditManager(manager: RBACAuditManager): void {\n  globalAuditManager = manager;\n}\n\n/**\n * Get the global audit manager\n * \n * @returns Global audit manager or null if not set\n */\nexport function getGlobalAuditManager(): RBACAuditManager | null {\n  return globalAuditManager;\n}\n\n/**\n * Emit an audit event using the global audit manager\n * \n * @param event - Audit event payload\n */\nexport async function emitAuditEvent(event: AuditEventPayload): Promise<void> {\n  if (globalAuditManager) {\n    await globalAuditManager.emitEvent(event);\n  }\n}\n"],"mappings":";AA2GO,IAAM,mBAAN,MAAuB;AAAA,EAI5B,YAAY,UAAoC;AAFhD,SAAQ,UAAmB;AAGzB,SAAK,WAAW;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAW,SAAwB;AACjC,SAAK,UAAU;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,YAAqB;AACnB,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,UAAU,OAAyC;AACvD,QAAI,CAAC,KAAK,SAAS;AACjB;AAAA,IACF;AAIA,QAAI,CAAC,MAAM,QAAQ;AACjB,cAAQ,MAAM,iEAAiE;AAAA,QAC7E,WAAW,MAAM;AAAA,QACjB,gBAAgB,MAAM;AAAA,MACxB,CAAC;AACD;AAAA,IACF;AAIA,QAAI,CAAC,MAAM,gBAAgB;AACzB,cAAQ,KAAK,0DAA0D;AAAA,QACrE,QAAQ,MAAM;AAAA,QACd,WAAW,MAAM;AAAA,QACjB,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,QAAI;AAGF,UAAI,CAAC,MAAM,gBAAgB;AACzB,gBAAQ,KAAK,wFAAwF;AAAA,UACnG,QAAQ,MAAM;AAAA,UACd,WAAW,MAAM;AAAA,UACjB,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAIA,YAAM,YAAY,YAAY,QAAQ,MAAM,SAAS;AACrD,YAAM,YAAY;AAClB,YAAM,oBAAoB,aAAa,UAAU,KAAK,SAAS;AAC/D,YAAM,aAA+B,oBAAqB,YAAqB;AAC/E,YAAM,aAAiC,aAAa,CAAC,oBAAoB,YAAY;AAErF,YAAM,aAAwD;AAAA,QAC5D,YAAY,MAAM;AAAA,QAClB,SAAS,MAAM;AAAA;AAAA;AAAA,QAGf,iBAAiB,MAAM,kBAAkB;AAAA;AAAA,QACzC,UAAU,aAAa,QAAQ,MAAM,UAAU;AAAA,QAC/C,QAAQ,WAAW,QAAQ,MAAM,QAAQ;AAAA,QACzC,SAAS;AAAA;AAAA,QACT,YAAY,gBAAgB,QAAQ,MAAM,aAAa;AAAA,QACvD,UAAU,cAAc,QAAQ,MAAM,WAAW;AAAA,QACjD,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA;AAAA,QAC3C,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA,QAC3C,aAAa,iBAAiB,QAAQ,MAAM,cAAc;AAAA,QAC1D,UAAU;AAAA,UACR,GAAG,MAAM;AAAA,UACT,WAAW,eAAe,QAAQ,MAAM,YAAY;AAAA,UACpD,cAAc,kBAAkB,QAAQ,MAAM,eAAe;AAAA;AAAA,UAE7D,yBAAyB,CAAC,MAAM;AAAA;AAAA,UAEhC,WAAW;AAAA,QACb;AAAA,MACF;AAEA,YAAM,EAAE,MAAM,IAAI,MAAO,KAAK,SAC3B,KAAK,mBAAmB,EACxB,OAAO,CAAC,UAAU,CAAC;AAEtB,UAAI,OAAO;AAET,gBAAQ,KAAK,8CAA8C;AAAA,UACzD,OAAO,MAAM;AAAA,UACb,MAAM,MAAM;AAAA,UACZ,SAAS,MAAM;AAAA,UACf,MAAM,MAAM;AAAA,UACZ,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF,SAAS,OAAO;AAEd,cAAQ,MAAM,uDAAuD,KAAK;AAAA,IAC5E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,oBAAoB,OAA+D;AACvF,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,qBAAqB,OAAgE;AACzF,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,gBAAgB,OAA2D;AAC/E,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,gBAAgB,OAA2D;AAC/E,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,cAAc,OAAyD;AAC3E,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,mBAAmB,QAAc,QAAgB,KAAgC;AACrF,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,mBAAmB,EACxB,OAAO,GAAG,EACV,GAAG,WAAW,MAAM,EACpB,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,KAAK;AAEd,QAAI,OAAO;AACT,YAAM,IAAI,MAAM,+BAA+B,MAAM,OAAO,EAAE;AAAA,IAChE;AAEA,WAAO,QAAQ,CAAC;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,2BAA2B,gBAAsB,QAAgB,KAAgC;AACrG,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,mBAAmB,EACxB,OAAO,GAAG,EACV,GAAG,mBAAmB,cAAc,EACpC,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,KAAK;AAEd,QAAI,OAAO;AACT,YAAM,IAAI,MAAM,+BAA+B,MAAM,OAAO,EAAE;AAAA,IAChE;AAEA,WAAO,QAAQ,CAAC;AAAA,EAClB;AACF;AAQO,SAAS,mBAAmB,UAAsD;AACvF,SAAO,IAAI,iBAAiB,QAAQ;AACtC;AAOA,IAAI,qBAA8C;AAO3C,SAAS,sBAAsB,SAAiC;AACrE,uBAAqB;AACvB;AAOO,SAAS,wBAAiD;AAC/D,SAAO;AACT;AAOA,eAAsB,eAAe,OAAyC;AAC5E,MAAI,oBAAoB;AACtB,UAAM,mBAAmB,UAAU,KAAK;AAAA,EAC1C;AACF;","names":[]}

package/dist/{chunk-EYSXQ756.js → chunk-7H75SHXZ.js}

@@ -2,7 +2,7 @@ import {
   UnifiedAuthProvider,
   init_UnifiedAuthProvider,
   useUnifiedAuth
-} from "./chunk-AUXS7XSO.js";
+} from "./chunk-OO3V7W4H.js";
 import {
   __esm,
   __export
@@ -24,4 +24,4 @@ export {
   UnifiedAuthProvider_exports,
   init_UnifiedAuthProvider2 as init_UnifiedAuthProvider
 };
-//# sourceMappingURL=chunk-EYSXQ756.js.map
+//# sourceMappingURL=chunk-7H75SHXZ.js.map

package/dist/{chunk-D6MEKC27.js → chunk-BUN7NMV7.js}

@@ -4,7 +4,7 @@ import {
   init_InactivityServiceProvider,
   init_OrganisationServiceProvider,
   init_UnifiedAuthProvider
-} from "./chunk-AUXS7XSO.js";
+} from "./chunk-OO3V7W4H.js";
 
 // src/providers/index.ts
 init_UnifiedAuthProvider();
@@ -12,4 +12,4 @@ init_EventServiceProvider();
 init_OrganisationServiceProvider();
 init_InactivityServiceProvider();
 init_AuthServiceProvider();
-//# sourceMappingURL=chunk-D6MEKC27.js.map
+//# sourceMappingURL=chunk-BUN7NMV7.js.map

package/dist/{chunk-AWK2FAUN.js → chunk-C5RN4TE5.js}

@@ -1,15 +1,15 @@
 import {
   init_OrganisationProvider,
   usePublicPageContext
-} from "./chunk-2W4WKJVF.js";
+} from "./chunk-F6QB26OS.js";
 import {
   init_useOrganisations,
   useEvents,
   useOrganisations
-} from "./chunk-EZ64QG2I.js";
+} from "./chunk-L36JW4KV.js";
 import {
   useUnifiedAuth
-} from "./chunk-AUXS7XSO.js";
+} from "./chunk-OO3V7W4H.js";
 import {
   applyPalette,
   clearPalette,
@@ -96,7 +96,7 @@ var useOrganisationSecurity = () => {
     const targetOrgId = orgId || selectedOrganisation?.id;
     if (!targetOrgId || !user) return false;
     try {
-      const { isPermitted } = await import("./api-PIE4JRFS.js");
+      const { isPermitted } = await import("./api-QPMBZZUZ.js");
       const scope = {
         organisationId: targetOrgId,
         eventId: user.user_metadata?.eventId || user.app_metadata?.eventId,
@@ -119,7 +119,7 @@ var useOrganisationSecurity = () => {
     const targetOrgId = orgId || selectedOrganisation?.id;
     if (!targetOrgId || !user) return [];
     try {
-      const { getPermissionMap } = await import("./api-PIE4JRFS.js");
+      const { getPermissionMap } = await import("./api-QPMBZZUZ.js");
       const scope = {
         organisationId: targetOrgId,
         eventId: user.user_metadata?.eventId || user.app_metadata?.eventId,
@@ -140,7 +140,7 @@ var useOrganisationSecurity = () => {
     if (!user || !selectedOrganisation) return;
     try {
       if (selectedOrganisation.id) {
-        const { emitAuditEvent } = await import("./audit-65VNHEV2.js");
+        const { emitAuditEvent } = await import("./audit-H4YJJF7R.js");
         await emitAuditEvent({
           type: "permission_check",
           userId: user.id,
@@ -706,4 +706,4 @@ export {
   generatePublicRoutePath,
   extractEventCodeFromPath
 };
-//# sourceMappingURL=chunk-AWK2FAUN.js.map
+//# sourceMappingURL=chunk-C5RN4TE5.js.map