@jmruthers/pace-core 0.5.126 → 0.5.128

package/src/hooks/usePermissionCache.ts

@@ -168,11 +168,7 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
         cleaned++;
       }
     }
-    
-    if (cleaned > 0 && mergedConfig.enableLogging) {
-      console.log(`[PermissionCache] Cleaned up ${cleaned} expired cache entries`);
-    }
-  }, [isCacheValid, mergedConfig.enableLogging]);
+  }, [isCacheValid]);
 
   // Log permission check
   const logPermissionCheck = useCallback((
@@ -182,10 +178,6 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
     cached: boolean,
     responseTime: number
   ) => {
-    if (mergedConfig.enableLogging) {
-      console.log(`[PermissionCache] ${operation}:${pageId} = ${result} (${cached ? 'cached' : 'fresh'}) - ${responseTime}ms`);
-    }
-
     if (mergedConfig.enableAuditTrail) {
       auditTrail.current.push({
         timestamp: Date.now(),
@@ -211,7 +203,7 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
     } else {
       stats.current.cacheMisses++;
     }
-  }, [mergedConfig.enableLogging, mergedConfig.enableAuditTrail, user?.id]);
+  }, [mergedConfig.enableAuditTrail, user?.id]);
 
   // Check single permission
   const checkPermission = useCallback(async (
@@ -460,11 +452,7 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
     }
     
     stats.current.lastInvalidation = Date.now();
-    
-    if (mergedConfig.enableLogging) {
-      console.log(`[PermissionCache] Cache invalidated${pattern ? ` for pattern: ${pattern}` : ''}`);
-    }
-  }, [mergedConfig.enableLogging]);
+  }, []);
 
   // Get debug information
   const getDebugInfo = useCallback((): DebugInfo => {
@@ -498,10 +486,6 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
           cleaned++;
         }
       }
-      
-      if (cleaned > 0 && mergedConfig.enableLogging) {
-        console.log(`[PermissionCache] Cleaned up ${cleaned} expired cache entries`);
-      }
     };
     
     // Only set up interval in non-test environments to prevent memory leaks during testing

package/src/hooks/useSecureDataAccess.ts

@@ -199,12 +199,6 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
   ): Promise<T[]> => {
     validateContext();
     const organisationId = getCurrentOrganisationId();
-    
-    console.log('[useSecureDataAccess] Executing secure query:', {
-      table,
-      organisationId,
-      filters
-    });
 
     // Set organisation context in database session
     await setOrganisationContextInSession(organisationId);
@@ -273,11 +267,6 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
       throw error;
     }
 
-    console.log('[useSecureDataAccess] Query successful:', {
-      table,
-      resultCount: data?.length || 0
-    });
-
     // NEW: Phase 1 - Record successful data access attempt
     recordDataAccess(table, 'read', true, `SELECT ${columns} FROM ${table}`, filters);
 
@@ -290,11 +279,6 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
   ): Promise<T> => {
     validateContext();
     const organisationId = getCurrentOrganisationId();
-    
-    console.log('[useSecureDataAccess] Executing secure insert:', {
-      table,
-      organisationId
-    });
 
     // Set organisation context in database session
     await setOrganisationContextInSession(organisationId);
@@ -316,11 +300,6 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
       throw error;
     }
 
-    console.log('[useSecureDataAccess] Insert successful:', {
-      table,
-      id: insertData?.id
-    });
-
     return insertData as T;
   }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
 
@@ -331,12 +310,6 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
   ): Promise<T[]> => {
     validateContext();
     const organisationId = getCurrentOrganisationId();
-    
-    console.log('[useSecureDataAccess] Executing secure update:', {
-      table,
-      organisationId,
-      filters
-    });
 
     // Set organisation context in database session
     await setOrganisationContextInSession(organisationId);
@@ -377,11 +350,6 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
       throw error;
     }
 
-    console.log('[useSecureDataAccess] Update successful:', {
-      table,
-      updatedCount: updateData?.length || 0
-    });
-
     return (updateData as T[]) || [];
   }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
 
@@ -391,12 +359,6 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
   ): Promise<void> => {
     validateContext();
     const organisationId = getCurrentOrganisationId();
-    
-    console.log('[useSecureDataAccess] Executing secure delete:', {
-      table,
-      organisationId,
-      filters
-    });
 
     // Set organisation context in database session
     await setOrganisationContextInSession(organisationId);
@@ -443,10 +405,6 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
       console.error('[useSecureDataAccess] Delete failed:', error);
       throw error;
     }
-
-    console.log('[useSecureDataAccess] Delete successful:', {
-      table
-    });
   }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
 
   const secureRpc = useCallback(async <T = any>(
@@ -455,11 +413,6 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
   ): Promise<T> => {
     validateContext();
     const organisationId = getCurrentOrganisationId();
-    
-    console.log('[useSecureDataAccess] Executing secure RPC:', {
-      functionName,
-      organisationId
-    });
 
     // Set organisation context in database session
     await setOrganisationContextInSession(organisationId);
@@ -543,18 +496,6 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
       secureParams.p_event_id = selectedEvent.event_id;
     }
 
-    // Debug logging for items list to help diagnose issues
-    if (functionName === 'data_cake_items_list') {
-      console.log('[useSecureDataAccess] Calling data_cake_items_list with params:', {
-        p_user_id: secureParams.p_user_id,
-        p_organisation_id: secureParams.organisation_id || secureParams.p_organisation_id,
-        p_event_id: secureParams.p_event_id,
-        hasEvent: !!selectedEvent?.event_id,
-        eventId: selectedEvent?.event_id,
-        allParams: secureParams
-      });
-    }
-
     const { data, error } = await supabase!.rpc(functionName, secureParams);
 
     if (error) {
@@ -562,10 +503,6 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
       throw error;
     }
 
-    console.log('[useSecureDataAccess] RPC successful:', {
-      functionName
-    });
-
     return data as T;
   }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, selectedEvent?.event_id, user?.id]);
 

package/src/services/EventService.ts

@@ -133,15 +133,6 @@ export class EventService extends BaseService implements IEventService {
     if (event) {
       // SECURITY: Validate event belongs to current organisation
       try {
-        console.log('[EventService] Event selection validation:', {
-          eventId: event.event_id,
-          eventName: event.event_name,
-          eventOrganisationId: event.organisation_id,
-          selectedOrganisationId: this.selectedOrganisation?.id,
-          selectedOrganisationName: this.selectedOrganisation?.display_name,
-          match: event.organisation_id === this.selectedOrganisation?.id
-        });
-        
         if (this.selectedOrganisation && event.organisation_id !== this.selectedOrganisation.id) {
           console.error('[EventService] Event organisation_id does not match selected organisation', {
             eventOrganisationId: event.organisation_id,
@@ -355,12 +346,6 @@ export class EventService extends BaseService implements IEventService {
 
       if (isMounted) {
         const eventsData = data || [];
-        console.log('[EventService] Loaded events:', eventsData.map((event: any) => ({
-          eventId: event.event_id,
-          eventName: event.event_name,
-          organisationId: event.organisation_id,
-          selectedOrganisationId: this.selectedOrganisation?.id
-        })));
 
         // Transform the data to match our Event interface
         const transformedEvents: Event[] = eventsData.map((event: any) => ({
@@ -381,10 +366,6 @@ export class EventService extends BaseService implements IEventService {
         }));
 
         this.events = transformedEvents;
-        console.log('[EventService] Set events in service:', {
-          count: transformedEvents.length,
-          events: transformedEvents.map(e => ({ id: e.event_id, name: e.event_name }))
-        });
         this.error = null;
 
         // Reset auto-selection ref for new events

package/dist/chunk-NZGLXZGP.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/hooks/useSecureDataAccess.ts"],"sourcesContent":["/**\n * @file useSecureDataAccess Hook\n * @package @jmruthers/pace-core\n * @module Hooks/useSecureDataAccess\n * @since 0.4.0\n *\n * Hook for secure database operations with mandatory organisation context.\n * Ensures all data access is properly scoped to the user's current organisation.\n *\n * @example\n * ```tsx\n * function DataComponent() {\n *   const { secureQuery, secureInsert, secureUpdate, secureDelete } = useSecureDataAccess();\n *   \n *   const loadData = async () => {\n *     try {\n *       // Automatically includes organisation_id filter\n *       const events = await secureQuery('event', '*', { is_visible: true });\n *       console.log('Organisation events:', events);\n *     } catch (error) {\n *       console.error('Failed to load data:', error);\n *     }\n *   };\n *   \n *   const createEvent = async (eventData) => {\n *     try {\n *       // Automatically sets organisation_id\n *       const newEvent = await secureInsert('event', eventData);\n *       console.log('Created event:', newEvent);\n *     } catch (error) {\n *       console.error('Failed to create event:', error);\n *     }\n *   };\n *   \n *   return (\n *     <div>\n *       <button onClick={loadData}>Load Data</button>\n *       <button onClick={() => createEvent({ event_name: 'New Event' })}>\n *         Create Event\n *       </button>\n *     </div>\n *   );\n * }\n * ```\n *\n * @security\n * - All queries automatically include organisation_id filter\n * - Validates organisation context before any operation\n * - Prevents data leaks between organisations\n * - Error handling for security violations\n * - Type-safe database operations\n */\n\nimport { useCallback, useState, useContext } from 'react';\nimport { useUnifiedAuth } from '../providers';\nimport { useOrganisations } from './useOrganisations';\nimport { EventServiceContext } from '../providers/services/EventServiceProvider';\nimport { setOrganisationContext } from '../utils/organisationContext';\nimport type { Permission } from '../rbac/types';\nimport type { OrganisationSecurityError } from '../types/organisation';\n\nexport interface SecureDataAccessReturn {\n  /** Execute a secure query with organisation filtering */\n  secureQuery: <T = any>(\n    table: string,\n    columns: string,\n    filters?: Record<string, any>,\n    options?: {\n      orderBy?: string;\n      ascending?: boolean;\n      limit?: number;\n      offset?: number;\n    }\n  ) => Promise<T[]>;\n  \n  /** Execute a secure insert with organisation context */\n  secureInsert: <T = any>(\n    table: string,\n    data: Record<string, any>\n  ) => Promise<T>;\n  \n  /** Execute a secure update with organisation filtering */\n  secureUpdate: <T = any>(\n    table: string,\n    data: Record<string, any>,\n    filters: Record<string, any>\n  ) => Promise<T[]>;\n  \n  /** Execute a secure delete with organisation filtering */\n  secureDelete: (\n    table: string,\n    filters: Record<string, any>\n  ) => Promise<void>;\n  \n  /** Execute a secure RPC call with organisation context */\n  secureRpc: <T = any>(\n    functionName: string,\n    params?: Record<string, any>\n  ) => Promise<T>;\n  \n  /** Get current organisation ID */\n  getCurrentOrganisationId: () => string;\n  \n  /** Validate organisation context */\n  validateContext: () => void;\n  \n  // NEW: Phase 1 - Enhanced Security Features\n  /** Check if data access is allowed for a table and operation */\n  isDataAccessAllowed: (table: string, operation: string) => boolean;\n  \n  /** Get all data access permissions for current user */\n  getDataAccessPermissions: () => Record<string, string[]>;\n  \n  /** Check if strict mode is enabled */\n  isStrictMode: boolean;\n  \n  /** Check if audit logging is enabled */\n  isAuditLogEnabled: boolean;\n  \n  /** Get data access history */\n  getDataAccessHistory: () => DataAccessRecord[];\n  \n  /** Clear data access history */\n  clearDataAccessHistory: () => void;\n  \n  /** Validate data access attempt */\n  validateDataAccess: (table: string, operation: string) => boolean;\n}\n\nexport interface DataAccessRecord {\n  table: string;\n  operation: string;\n  userId: string;\n  organisationId: string;\n  allowed: boolean;\n  timestamp: string;\n  query?: string;\n  filters?: Record<string, any>;\n}\n\n/**\n * Hook for secure data access with automatic organisation filtering\n * \n * All database operations automatically include organisation context:\n * - Queries filter by organisation_id\n * - Inserts include organisation_id\n * - Updates/deletes are scoped to organisation\n * - RPC calls include organisation_id parameter\n */\nexport function useSecureDataAccess(): SecureDataAccessReturn {\n  const { supabase, user, session } = useUnifiedAuth();\n  const { ensureOrganisationContext } = useOrganisations();\n  \n  // Get selected event for event-scoped RPC calls\n  // Use useContext directly to safely check if EventServiceProvider is available\n  const eventServiceContext = useContext(EventServiceContext);\n  const selectedEvent = eventServiceContext?.eventService?.getSelectedEvent() || null;\n\n  const validateContext = useCallback((): void => {\n    if (!supabase) {\n      throw new Error('No Supabase client available') as OrganisationSecurityError;\n    }\n    if (!user || !session) {\n      throw new Error('User must be authenticated with valid session') as OrganisationSecurityError;\n    }\n    \n    try {\n      ensureOrganisationContext();\n    } catch (error) {\n      throw new Error('Organisation context is required for data access') as OrganisationSecurityError;\n    }\n  }, [supabase, user, session, ensureOrganisationContext]);\n\n  const getCurrentOrganisationId = useCallback((): string => {\n    validateContext();\n    const currentOrg = ensureOrganisationContext();\n    return currentOrg.id;\n  }, [validateContext, ensureOrganisationContext]);\n\n  // Set organisation context in database session\n  const setOrganisationContextInSession = useCallback(async (organisationId: string): Promise<void> => {\n    if (!supabase) {\n      throw new Error('No Supabase client available') as OrganisationSecurityError;\n    }\n\n    await setOrganisationContext(supabase, organisationId);\n  }, [supabase]);\n\n  const secureQuery = useCallback(async <T = any>(\n    table: string,\n    columns: string,\n    filters: Record<string, any> = {},\n    options: {\n      orderBy?: string;\n      ascending?: boolean;\n      limit?: number;\n      offset?: number;\n    } = {}\n  ): Promise<T[]> => {\n    validateContext();\n    const organisationId = getCurrentOrganisationId();\n    \n    console.log('[useSecureDataAccess] Executing secure query:', {\n      table,\n      organisationId,\n      filters\n    });\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Build query with organisation filter\n    let query = supabase!\n      .from(table)\n      .select(columns);\n\n    // Add organisation filter only if table has organisation_id column\n    const tablesWithOrganisation = [\n      'event',  'organisation_settings',\n      'rbac_event_app_roles', 'rbac_organisation_roles',\n      // SECURITY: Phase 2 additions - complete organisation table mapping\n      'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n      // SECURITY: Emergency additions for Phase 1 fixes\n      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',\n      // SECURITY: Phase 3A additions - medical and personal data\n      'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',\n      'pace_consent', 'pace_contact', 'pace_id_documents', 'pace_qualifications',\n      'form_responses', 'form_response_values', 'forms',\n      // SECURITY: Phase 3B additions - remaining critical tables\n      'invoice', 'line_item', 'credit_balance', 'payment_method',\n      'form_contexts', 'form_field_config', 'form_fields',\n      'cake_delivery', 'cake_diettype', 'cake_diner', 'cake_dish', 'cake_item', \n      'cake_logistics', 'cake_mealplan', 'cake_package', 'cake_recipe', 'cake_supplier', \n      'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions'\n    ];\n    \n    if (tablesWithOrganisation.includes(table)) {\n      query = query.eq('organisation_id', organisationId);\n    }\n\n    // Apply additional filters\n    Object.entries(filters).forEach(([key, value]) => {\n      if (value !== undefined && value !== null) {\n        // Handle qualified column names (e.g., 'users.role')\n        const columnName = key.includes('.') ? key.split('.').pop()! : key;\n        query = query.eq(columnName, value);\n      }\n    });\n\n    // Apply options\n    if (options.orderBy) {\n      // Only use the column name, not a qualified name\n      const orderByColumn = options.orderBy.split('.').pop();\n      if (orderByColumn) {\n        query = query.order(orderByColumn, { ascending: options.ascending ?? true });\n      }\n    }\n    \n    if (options.limit) {\n      query = query.limit(options.limit);\n    }\n    \n    if (options.offset) {\n      query = query.range(options.offset, options.offset + (options.limit || 100) - 1);\n    }\n\n    const { data, error } = await query;\n    \n    if (error) {\n      console.error('[useSecureDataAccess] Query failed:', error);\n      // NEW: Phase 1 - Record failed data access attempt\n      recordDataAccess(table, 'read', false, `SELECT ${columns} FROM ${table}`, filters);\n      throw error;\n    }\n\n    console.log('[useSecureDataAccess] Query successful:', {\n      table,\n      resultCount: data?.length || 0\n    });\n\n    // NEW: Phase 1 - Record successful data access attempt\n    recordDataAccess(table, 'read', true, `SELECT ${columns} FROM ${table}`, filters);\n\n    return (data as T[]) || [];\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);\n\n  const secureInsert = useCallback(async <T = any>(\n    table: string,\n    data: Record<string, any>\n  ): Promise<T> => {\n    validateContext();\n    const organisationId = getCurrentOrganisationId();\n    \n    console.log('[useSecureDataAccess] Executing secure insert:', {\n      table,\n      organisationId\n    });\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Ensure organisation_id is set\n    const secureData = {\n      ...data,\n      organisation_id: organisationId\n    };\n\n    const { data: insertData, error } = await supabase!\n      .from(table)\n      .insert(secureData)\n      .select()\n      .single();\n\n    if (error) {\n      console.error('[useSecureDataAccess] Insert failed:', error);\n      throw error;\n    }\n\n    console.log('[useSecureDataAccess] Insert successful:', {\n      table,\n      id: insertData?.id\n    });\n\n    return insertData as T;\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);\n\n  const secureUpdate = useCallback(async <T = any>(\n    table: string,\n    data: Record<string, any>,\n    filters: Record<string, any>\n  ): Promise<T[]> => {\n    validateContext();\n    const organisationId = getCurrentOrganisationId();\n    \n    console.log('[useSecureDataAccess] Executing secure update:', {\n      table,\n      organisationId,\n      filters\n    });\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Filter out organisation_id from data to prevent manipulation\n    const { organisation_id, ...secureData } = data;\n    \n    // Build update query with organisation filter\n    let query = supabase!\n      .from(table)\n      .update(secureData);\n\n    // Add organisation filter only if table has organisation_id column\n    const tablesWithOrganisation = [\n      'event',  'organisation_settings',\n      'rbac_event_app_roles', 'rbac_organisation_roles',\n      // SECURITY: Phase 2 additions - complete organisation table mapping\n      'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n      // SECURITY: Emergency additions for Phase 1 fixes\n      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member'\n    ];\n    \n    if (tablesWithOrganisation.includes(table)) {\n      query = query.eq('organisation_id', organisationId);\n    }\n\n    // Apply filters\n    Object.entries(filters).forEach(([key, value]) => {\n      if (value !== undefined && value !== null) {\n        query = query.eq(key, value);\n      }\n    });\n\n    const { data: updateData, error } = await query.select();\n\n    if (error) {\n      console.error('[useSecureDataAccess] Update failed:', error);\n      throw error;\n    }\n\n    console.log('[useSecureDataAccess] Update successful:', {\n      table,\n      updatedCount: updateData?.length || 0\n    });\n\n    return (updateData as T[]) || [];\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);\n\n  const secureDelete = useCallback(async (\n    table: string,\n    filters: Record<string, any>\n  ): Promise<void> => {\n    validateContext();\n    const organisationId = getCurrentOrganisationId();\n    \n    console.log('[useSecureDataAccess] Executing secure delete:', {\n      table,\n      organisationId,\n      filters\n    });\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Build delete query with organisation filter\n    let query = supabase!\n      .from(table)\n      .delete();\n\n    // Add organisation filter only if table has organisation_id column\n    const tablesWithOrganisation = [\n      'event',  'organisation_settings',\n      'rbac_event_app_roles', 'rbac_organisation_roles',\n      // SECURITY: Phase 2 additions - complete organisation table mapping\n      'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n      // SECURITY: Emergency additions for Phase 1 fixes\n      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',\n      // SECURITY: Phase 3A additions - medical and personal data\n      'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',\n      'pace_consent', 'pace_contact', 'pace_id_documents', 'pace_qualifications',\n      'form_responses', 'form_response_values', 'forms',\n      // SECURITY: Phase 3B additions - remaining critical tables\n      'invoice', 'line_item', 'credit_balance', 'payment_method',\n      'form_contexts', 'form_field_config', 'form_fields',\n      'cake_delivery', 'cake_diettype', 'cake_diner', 'cake_dish', 'cake_item', \n      'cake_logistics', 'cake_mealplan', 'cake_package', 'cake_recipe', 'cake_supplier', \n      'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions'\n    ];\n    \n    if (tablesWithOrganisation.includes(table)) {\n      query = query.eq('organisation_id', organisationId);\n    }\n\n    // Apply filters\n    Object.entries(filters).forEach(([key, value]) => {\n      if (value !== undefined && value !== null) {\n        query = query.eq(key, value);\n      }\n    });\n\n    const { error } = await query;\n\n    if (error) {\n      console.error('[useSecureDataAccess] Delete failed:', error);\n      throw error;\n    }\n\n    console.log('[useSecureDataAccess] Delete successful:', {\n      table\n    });\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);\n\n  const secureRpc = useCallback(async <T = any>(\n    functionName: string,\n    params: Record<string, any> = {}\n  ): Promise<T> => {\n    validateContext();\n    const organisationId = getCurrentOrganisationId();\n    \n    console.log('[useSecureDataAccess] Executing secure RPC:', {\n      functionName,\n      organisationId\n    });\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Include organisation_id in RPC parameters\n    // Some functions use p_organisation_id instead of organisation_id (to avoid conflicts with RETURNS TABLE columns)\n    const functionsWithPOrganisationId = [\n      'data_cake_diners_list',\n      'data_cake_mealplans_list'\n    ];\n    \n    const paramName = functionsWithPOrganisationId.includes(functionName) \n      ? 'p_organisation_id' \n      : 'organisation_id';\n    \n    // Functions that need p_event_id for event-app role permission checks\n    // Note: Even org-scoped functions (like items, packages, suppliers) need event_id\n    //       for permission checks when users have event-app roles\n    const functionsNeedingEventId = [\n      'data_cake_items_list',\n      'data_cake_packages_list',\n      'data_cake_suppliers_list',\n      'data_cake_diettypes_list',\n      'data_cake_mealtypes_list',\n      'data_cake_diners_list',\n      'data_cake_mealplans_list',\n      'data_cake_dishes_list',\n      'data_cake_recipes_list',\n      'data_cake_meals_list',\n      'data_cake_units_list',\n      'data_cake_orders_list',\n      'app_cake_item_create',\n      'app_cake_item_update',\n      'app_cake_package_create',\n      'app_cake_package_update',\n      'app_cake_supplier_create',\n      'app_cake_supplier_update',\n      'app_cake_supplier_delete',\n      'app_cake_meal_create',\n      'app_cake_meal_update',\n      'app_cake_meal_delete',\n      'app_cake_unit_create',\n      'app_cake_unit_update',\n      'app_cake_unit_delete',\n      'app_cake_delivery_upsert'\n    ];\n    \n    // Build secureParams with correct parameter order\n    // For functions that require p_event_id as first parameter, ensure it's first\n    const secureParams: Record<string, any> = {};\n    \n    // Functions where p_event_id is the FIRST required parameter (no default)\n    const functionsWithEventIdFirst = [\n      'data_cake_meals_list',\n      'data_cake_units_list'\n    ];\n    \n    // Add p_user_id explicitly for functions that need it (even though it has a default)\n    // This ensures parameter matching works correctly\n    if (user?.id) {\n      secureParams.p_user_id = user.id;\n    }\n    \n    // Add organisation_id parameter\n    secureParams[paramName] = organisationId;\n    \n    // Add p_event_id if function needs it and event is selected\n    // CRITICAL: This must be added AFTER organisation_id but BEFORE caller params\n    // to ensure it's not overwritten. For data_cake_items_list, p_event_id is the 3rd param.\n    if (functionsNeedingEventId.includes(functionName) && selectedEvent?.event_id) {\n      secureParams.p_event_id = selectedEvent.event_id;\n    }\n    \n    // Add any other params passed by caller (limit, offset, etc.)\n    // NOTE: This will NOT overwrite p_event_id if caller passes it, but we want to ensure\n    // our value takes precedence if event is selected\n    Object.assign(secureParams, params);\n    \n    // Ensure p_event_id is set if needed (after Object.assign, so it overrides caller params)\n    if (functionsNeedingEventId.includes(functionName) && selectedEvent?.event_id) {\n      secureParams.p_event_id = selectedEvent.event_id;\n    }\n\n    // Debug logging for items list to help diagnose issues\n    if (functionName === 'data_cake_items_list') {\n      console.log('[useSecureDataAccess] Calling data_cake_items_list with params:', {\n        p_user_id: secureParams.p_user_id,\n        p_organisation_id: secureParams.organisation_id || secureParams.p_organisation_id,\n        p_event_id: secureParams.p_event_id,\n        hasEvent: !!selectedEvent?.event_id,\n        eventId: selectedEvent?.event_id,\n        allParams: secureParams\n      });\n    }\n\n    const { data, error } = await supabase!.rpc(functionName, secureParams);\n\n    if (error) {\n      console.error('[useSecureDataAccess] RPC failed:', error);\n      throw error;\n    }\n\n    console.log('[useSecureDataAccess] RPC successful:', {\n      functionName\n    });\n\n    return data as T;\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, selectedEvent?.event_id, user?.id]);\n\n  // NEW: Phase 1 - Enhanced Security Features\n  const [dataAccessHistory, setDataAccessHistory] = useState<DataAccessRecord[]>([]);\n  const [isStrictMode] = useState(true); // Always enabled in Phase 1\n  const [isAuditLogEnabled] = useState(true); // Always enabled in Phase 1\n\n  // Check if data access is allowed for a table and operation\n  const isDataAccessAllowed = useCallback((table: string, operation: string): boolean => {\n    if (!user?.id) return false;\n    \n    // Use the existing RBAC system to check data access permissions\n    // This is a synchronous check for the context - actual permission checking\n    // happens in the secure data operations using the RBAC engine\n    const permission = `${operation}:data.${table}` as Permission;\n    \n    // For now, we'll return true and let the secure data operations\n    // handle the actual permission checking asynchronously\n    // This context is mainly for tracking and audit purposes\n    return true;\n  }, [user?.id]);\n\n  // Get all data access permissions for current user\n  const getDataAccessPermissions = useCallback((): Record<string, string[]> => {\n    if (!user?.id) return {};\n    \n    // For now, return empty object - this will be enhanced with actual permission checking\n    // when we integrate with the existing RBAC system\n    return {};\n  }, [user?.id]);\n\n  // Get data access history\n  const getDataAccessHistory = useCallback((): DataAccessRecord[] => {\n    return [...dataAccessHistory];\n  }, [dataAccessHistory]);\n\n  // Clear data access history\n  const clearDataAccessHistory = useCallback(() => {\n    setDataAccessHistory([]);\n  }, []);\n\n  // Validate data access attempt\n  const validateDataAccess = useCallback((table: string, operation: string): boolean => {\n    if (!user?.id) return false;\n    \n    // Validate organisation context\n    try {\n      validateContext();\n    } catch (error) {\n      console.error(`[useSecureDataAccess] Organisation context validation failed:`, error);\n      return false;\n    }\n    \n    return isDataAccessAllowed(table, operation);\n  }, [user?.id, validateContext, isDataAccessAllowed]);\n\n  // Record data access attempt\n  const recordDataAccess = useCallback((\n    table: string,\n    operation: string,\n    allowed: boolean,\n    query?: string,\n    filters?: Record<string, any>\n  ) => {\n    if (!isAuditLogEnabled || !user?.id) return;\n    \n    const record: DataAccessRecord = {\n      table,\n      operation,\n      userId: user.id,\n      organisationId: getCurrentOrganisationId(),\n      allowed,\n      timestamp: new Date().toISOString(),\n      query,\n      filters\n    };\n    \n    setDataAccessHistory(prev => {\n      const newHistory = [record, ...prev];\n      return newHistory.slice(0, 1000); // Keep last 1000 records\n    });\n    \n    if (isStrictMode && !allowed) {\n      console.error(`[useSecureDataAccess] STRICT MODE VIOLATION: User attempted data access without permission`, {\n        table,\n        operation,\n        userId: user.id,\n        organisationId: getCurrentOrganisationId(),\n        timestamp: new Date().toISOString()\n      });\n    }\n  }, [isAuditLogEnabled, isStrictMode, user?.id, getCurrentOrganisationId]);\n\n  return {\n    secureQuery,\n    secureInsert,\n    secureUpdate,\n    secureDelete,\n    secureRpc,\n    getCurrentOrganisationId,\n    validateContext,\n    // NEW: Phase 1 - Enhanced Security Features\n    isDataAccessAllowed,\n    getDataAccessPermissions,\n    isStrictMode,\n    isAuditLogEnabled,\n    getDataAccessHistory,\n    clearDataAccessHistory,\n    validateDataAccess\n  };\n} "],"mappings":";;;;;;;;;;;;;;;AAqDA,SAAS,aAAa,UAAU,kBAAkB;AAElD;AACA;AACA;AA4FO,SAAS,sBAA8C;AAC5D,QAAM,EAAE,UAAU,MAAM,QAAQ,IAAI,eAAe;AACnD,QAAM,EAAE,0BAA0B,IAAI,iBAAiB;AAIvD,QAAM,sBAAsB,WAAW,mBAAmB;AAC1D,QAAM,gBAAgB,qBAAqB,cAAc,iBAAiB,KAAK;AAE/E,QAAM,kBAAkB,YAAY,MAAY;AAC9C,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AACA,QAAI,CAAC,QAAQ,CAAC,SAAS;AACrB,YAAM,IAAI,MAAM,+CAA+C;AAAA,IACjE;AAEA,QAAI;AACF,gCAA0B;AAAA,IAC5B,SAAS,OAAO;AACd,YAAM,IAAI,MAAM,kDAAkD;AAAA,IACpE;AAAA,EACF,GAAG,CAAC,UAAU,MAAM,SAAS,yBAAyB,CAAC;AAEvD,QAAM,2BAA2B,YAAY,MAAc;AACzD,oBAAgB;AAChB,UAAM,aAAa,0BAA0B;AAC7C,WAAO,WAAW;AAAA,EACpB,GAAG,CAAC,iBAAiB,yBAAyB,CAAC;AAG/C,QAAM,kCAAkC,YAAY,OAAO,mBAA0C;AACnG,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AAEA,UAAM,uBAAuB,UAAU,cAAc;AAAA,EACvD,GAAG,CAAC,QAAQ,CAAC;AAEb,QAAM,cAAc,YAAY,OAC9B,OACA,SACA,UAA+B,CAAC,GAChC,UAKI,CAAC,MACY;AACjB,oBAAgB;AAChB,UAAM,iBAAiB,yBAAyB;AAEhD,YAAQ,IAAI,iDAAiD;AAAA,MAC3D;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAGD,UAAM,gCAAgC,cAAc;AAGpD,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,OAAO;AAGjB,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAU;AAAA,MACV;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA;AAAA,MAE7C;AAAA,MAAgB;AAAA,MAAkB;AAAA,MAAa;AAAA,MAAoB;AAAA,MACnE;AAAA,MAAgB;AAAA,MAAgB;AAAA,MAAqB;AAAA,MACrD;AAAA,MAAkB;AAAA,MAAwB;AAAA;AAAA,MAE1C;AAAA,MAAW;AAAA,MAAa;AAAA,MAAkB;AAAA,MAC1C;AAAA,MAAiB;AAAA,MAAqB;AAAA,MACtC;AAAA,MAAiB;AAAA,MAAiB;AAAA,MAAc;AAAA,MAAa;AAAA,MAC7D;AAAA,MAAkB;AAAA,MAAiB;AAAA,MAAgB;AAAA,MAAe;AAAA,MAClE;AAAA,MAAe;AAAA,MAAa;AAAA,MAAoB;AAAA,MAAoB;AAAA,IACtE;AAEA,QAAI,uBAAuB,SAAS,KAAK,GAAG;AAC1C,cAAQ,MAAM,GAAG,mBAAmB,cAAc;AAAA,IACpD;AAGA,WAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,UAAI,UAAU,UAAa,UAAU,MAAM;AAEzC,cAAM,aAAa,IAAI,SAAS,GAAG,IAAI,IAAI,MAAM,GAAG,EAAE,IAAI,IAAK;AAC/D,gBAAQ,MAAM,GAAG,YAAY,KAAK;AAAA,MACpC;AAAA,IACF,CAAC;AAGD,QAAI,QAAQ,SAAS;AAEnB,YAAM,gBAAgB,QAAQ,QAAQ,MAAM,GAAG,EAAE,IAAI;AACrD,UAAI,eAAe;AACjB,gBAAQ,MAAM,MAAM,eAAe,EAAE,WAAW,QAAQ,aAAa,KAAK,CAAC;AAAA,MAC7E;AAAA,IACF;AAEA,QAAI,QAAQ,OAAO;AACjB,cAAQ,MAAM,MAAM,QAAQ,KAAK;AAAA,IACnC;AAEA,QAAI,QAAQ,QAAQ;AAClB,cAAQ,MAAM,MAAM,QAAQ,QAAQ,QAAQ,UAAU,QAAQ,SAAS,OAAO,CAAC;AAAA,IACjF;AAEA,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,QAAI,OAAO;AACT,cAAQ,MAAM,uCAAuC,KAAK;AAE1D,uBAAiB,OAAO,QAAQ,OAAO,UAAU,OAAO,SAAS,KAAK,IAAI,OAAO;AACjF,YAAM;AAAA,IACR;AAEA,YAAQ,IAAI,2CAA2C;AAAA,MACrD;AAAA,MACA,aAAa,MAAM,UAAU;AAAA,IAC/B,CAAC;AAGD,qBAAiB,OAAO,QAAQ,MAAM,UAAU,OAAO,SAAS,KAAK,IAAI,OAAO;AAEhF,WAAQ,QAAgB,CAAC;AAAA,EAC3B,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,QAAQ,CAAC;AAEzF,QAAM,eAAe,YAAY,OAC/B,OACA,SACe;AACf,oBAAgB;AAChB,UAAM,iBAAiB,yBAAyB;AAEhD,YAAQ,IAAI,kDAAkD;AAAA,MAC5D;AAAA,MACA;AAAA,IACF,CAAC;AAGD,UAAM,gCAAgC,cAAc;AAGpD,UAAM,aAAa;AAAA,MACjB,GAAG;AAAA,MACH,iBAAiB;AAAA,IACnB;AAEA,UAAM,EAAE,MAAM,YAAY,MAAM,IAAI,MAAM,SACvC,KAAK,KAAK,EACV,OAAO,UAAU,EACjB,OAAO,EACP,OAAO;AAEV,QAAI,OAAO;AACT,cAAQ,MAAM,wCAAwC,KAAK;AAC3D,YAAM;AAAA,IACR;AAEA,YAAQ,IAAI,4CAA4C;AAAA,MACtD;AAAA,MACA,IAAI,YAAY;AAAA,IAClB,CAAC;AAED,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,QAAQ,CAAC;AAEzF,QAAM,eAAe,YAAY,OAC/B,OACA,MACA,YACiB;AACjB,oBAAgB;AAChB,UAAM,iBAAiB,yBAAyB;AAEhD,YAAQ,IAAI,kDAAkD;AAAA,MAC5D;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAGD,UAAM,gCAAgC,cAAc;AAGpD,UAAM,EAAE,iBAAiB,GAAG,WAAW,IAAI;AAG3C,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,UAAU;AAGpB,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAU;AAAA,MACV;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA,IAC/C;AAEA,QAAI,uBAAuB,SAAS,KAAK,GAAG;AAC1C,cAAQ,MAAM,GAAG,mBAAmB,cAAc;AAAA,IACpD;AAGA,WAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,UAAI,UAAU,UAAa,UAAU,MAAM;AACzC,gBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,MAC7B;AAAA,IACF,CAAC;AAED,UAAM,EAAE,MAAM,YAAY,MAAM,IAAI,MAAM,MAAM,OAAO;AAEvD,QAAI,OAAO;AACT,cAAQ,MAAM,wCAAwC,KAAK;AAC3D,YAAM;AAAA,IACR;AAEA,YAAQ,IAAI,4CAA4C;AAAA,MACtD;AAAA,MACA,cAAc,YAAY,UAAU;AAAA,IACtC,CAAC;AAED,WAAQ,cAAsB,CAAC;AAAA,EACjC,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,QAAQ,CAAC;AAEzF,QAAM,eAAe,YAAY,OAC/B,OACA,YACkB;AAClB,oBAAgB;AAChB,UAAM,iBAAiB,yBAAyB;AAEhD,YAAQ,IAAI,kDAAkD;AAAA,MAC5D;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAGD,UAAM,gCAAgC,cAAc;AAGpD,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO;AAGV,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAU;AAAA,MACV;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA;AAAA,MAE7C;AAAA,MAAgB;AAAA,MAAkB;AAAA,MAAa;AAAA,MAAoB;AAAA,MACnE;AAAA,MAAgB;AAAA,MAAgB;AAAA,MAAqB;AAAA,MACrD;AAAA,MAAkB;AAAA,MAAwB;AAAA;AAAA,MAE1C;AAAA,MAAW;AAAA,MAAa;AAAA,MAAkB;AAAA,MAC1C;AAAA,MAAiB;AAAA,MAAqB;AAAA,MACtC;AAAA,MAAiB;AAAA,MAAiB;AAAA,MAAc;AAAA,MAAa;AAAA,MAC7D;AAAA,MAAkB;AAAA,MAAiB;AAAA,MAAgB;AAAA,MAAe;AAAA,MAClE;AAAA,MAAe;AAAA,MAAa;AAAA,MAAoB;AAAA,MAAoB;AAAA,IACtE;AAEA,QAAI,uBAAuB,SAAS,KAAK,GAAG;AAC1C,cAAQ,MAAM,GAAG,mBAAmB,cAAc;AAAA,IACpD;AAGA,WAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,UAAI,UAAU,UAAa,UAAU,MAAM;AACzC,gBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,MAC7B;AAAA,IACF,CAAC;AAED,UAAM,EAAE,MAAM,IAAI,MAAM;AAExB,QAAI,OAAO;AACT,cAAQ,MAAM,wCAAwC,KAAK;AAC3D,YAAM;AAAA,IACR;AAEA,YAAQ,IAAI,4CAA4C;AAAA,MACtD;AAAA,IACF,CAAC;AAAA,EACH,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,QAAQ,CAAC;AAEzF,QAAM,YAAY,YAAY,OAC5B,cACA,SAA8B,CAAC,MAChB;AACf,oBAAgB;AAChB,UAAM,iBAAiB,yBAAyB;AAEhD,YAAQ,IAAI,+CAA+C;AAAA,MACzD;AAAA,MACA;AAAA,IACF,CAAC;AAGD,UAAM,gCAAgC,cAAc;AAIpD,UAAM,+BAA+B;AAAA,MACnC;AAAA,MACA;AAAA,IACF;AAEA,UAAM,YAAY,6BAA6B,SAAS,YAAY,IAChE,sBACA;AAKJ,UAAM,0BAA0B;AAAA,MAC9B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAIA,UAAM,eAAoC,CAAC;AAG3C,UAAM,4BAA4B;AAAA,MAChC;AAAA,MACA;AAAA,IACF;AAIA,QAAI,MAAM,IAAI;AACZ,mBAAa,YAAY,KAAK;AAAA,IAChC;AAGA,iBAAa,SAAS,IAAI;AAK1B,QAAI,wBAAwB,SAAS,YAAY,KAAK,eAAe,UAAU;AAC7E,mBAAa,aAAa,cAAc;AAAA,IAC1C;AAKA,WAAO,OAAO,cAAc,MAAM;AAGlC,QAAI,wBAAwB,SAAS,YAAY,KAAK,eAAe,UAAU;AAC7E,mBAAa,aAAa,cAAc;AAAA,IAC1C;AAGA,QAAI,iBAAiB,wBAAwB;AAC3C,cAAQ,IAAI,mEAAmE;AAAA,QAC7E,WAAW,aAAa;AAAA,QACxB,mBAAmB,aAAa,mBAAmB,aAAa;AAAA,QAChE,YAAY,aAAa;AAAA,QACzB,UAAU,CAAC,CAAC,eAAe;AAAA,QAC3B,SAAS,eAAe;AAAA,QACxB,WAAW;AAAA,MACb,CAAC;AAAA,IACH;AAEA,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,SAAU,IAAI,cAAc,YAAY;AAEtE,QAAI,OAAO;AACT,cAAQ,MAAM,qCAAqC,KAAK;AACxD,YAAM;AAAA,IACR;AAEA,YAAQ,IAAI,yCAAyC;AAAA,MACnD;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,UAAU,eAAe,UAAU,MAAM,EAAE,CAAC;AAG5H,QAAM,CAAC,mBAAmB,oBAAoB,IAAI,SAA6B,CAAC,CAAC;AACjF,QAAM,CAAC,YAAY,IAAI,SAAS,IAAI;AACpC,QAAM,CAAC,iBAAiB,IAAI,SAAS,IAAI;AAGzC,QAAM,sBAAsB,YAAY,CAAC,OAAe,cAA+B;AACrF,QAAI,CAAC,MAAM,GAAI,QAAO;AAKtB,UAAM,aAAa,GAAG,SAAS,SAAS,KAAK;AAK7C,WAAO;AAAA,EACT,GAAG,CAAC,MAAM,EAAE,CAAC;AAGb,QAAM,2BAA2B,YAAY,MAAgC;AAC3E,QAAI,CAAC,MAAM,GAAI,QAAO,CAAC;AAIvB,WAAO,CAAC;AAAA,EACV,GAAG,CAAC,MAAM,EAAE,CAAC;AAGb,QAAM,uBAAuB,YAAY,MAA0B;AACjE,WAAO,CAAC,GAAG,iBAAiB;AAAA,EAC9B,GAAG,CAAC,iBAAiB,CAAC;AAGtB,QAAM,yBAAyB,YAAY,MAAM;AAC/C,yBAAqB,CAAC,CAAC;AAAA,EACzB,GAAG,CAAC,CAAC;AAGL,QAAM,qBAAqB,YAAY,CAAC,OAAe,cAA+B;AACpF,QAAI,CAAC,MAAM,GAAI,QAAO;AAGtB,QAAI;AACF,sBAAgB;AAAA,IAClB,SAAS,OAAO;AACd,cAAQ,MAAM,iEAAiE,KAAK;AACpF,aAAO;AAAA,IACT;AAEA,WAAO,oBAAoB,OAAO,SAAS;AAAA,EAC7C,GAAG,CAAC,MAAM,IAAI,iBAAiB,mBAAmB,CAAC;AAGnD,QAAM,mBAAmB,YAAY,CACnC,OACA,WACA,SACA,OACA,YACG;AACH,QAAI,CAAC,qBAAqB,CAAC,MAAM,GAAI;AAErC,UAAM,SAA2B;AAAA,MAC/B;AAAA,MACA;AAAA,MACA,QAAQ,KAAK;AAAA,MACb,gBAAgB,yBAAyB;AAAA,MACzC;AAAA,MACA,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC;AAAA,MACA;AAAA,IACF;AAEA,yBAAqB,UAAQ;AAC3B,YAAM,aAAa,CAAC,QAAQ,GAAG,IAAI;AACnC,aAAO,WAAW,MAAM,GAAG,GAAI;AAAA,IACjC,CAAC;AAED,QAAI,gBAAgB,CAAC,SAAS;AAC5B,cAAQ,MAAM,8FAA8F;AAAA,QAC1G;AAAA,QACA;AAAA,QACA,QAAQ,KAAK;AAAA,QACb,gBAAgB,yBAAyB;AAAA,QACzC,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MACpC,CAAC;AAAA,IACH;AAAA,EACF,GAAG,CAAC,mBAAmB,cAAc,MAAM,IAAI,wBAAwB,CAAC;AAExE,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":[]}