@jmruthers/pace-core 0.5.135 → 0.5.136

package/src/rbac/audit-enhanced.ts

@@ -15,6 +15,7 @@ import {
   AuditEventSource, 
   RBACAuditEvent 
 } from './types';
+import { logger } from '../utils/core/logger';
 
 /**
  * Enhanced audit event payload for permission checks
@@ -154,7 +155,7 @@ export class EnhancedRBACAuditManager {
 
     // Validate required fields before attempting to insert
     if (!event.userId || !event.organisationId) {
-      console.warn('[RBAC Audit] Skipping audit event - missing required fields:', {
+      logger.warn('RBAC Audit', 'Skipping audit event - missing required fields:', {
         userId: event.userId,
         organisationId: event.organisationId,
         eventType: event.type
@@ -184,7 +185,7 @@ export class EnhancedRBACAuditManager {
 
       if (error) {
         // Log the error for debugging
-        console.warn('[RBAC Audit] Failed to insert audit event:', {
+        logger.warn('RBAC Audit', 'Failed to insert audit event:', {
           error: error.message,
           code: error.code,
           details: error.details,
@@ -199,7 +200,7 @@ export class EnhancedRBACAuditManager {
       }
     } catch (error) {
       // Log unexpected errors
-      console.error('[RBAC Audit] Unexpected error during audit logging:', error);
+      logger.error('RBAC Audit', 'Unexpected error during audit logging:', error);
       
       // Use fallback logging if enabled
       if (this.fallbackEnabled) {
@@ -215,11 +216,10 @@ export class EnhancedRBACAuditManager {
    * @param error - The error that occurred
    */
   private logFallbackEvent(event: EnhancedAuditEventPayload, error: any): void {
-    console.log('[RBAC Audit Fallback]', {
+    logger.debug('RBAC Audit Fallback', 'Database audit logging failed, using console fallback', {
       timestamp: new Date().toISOString(),
       event,
-      error: error?.message || error,
-      note: 'Database audit logging failed, using console fallback'
+      error: error?.message || error
     });
   }
 

package/src/rbac/audit.test.ts

@@ -24,6 +24,7 @@ import {
 } from './audit';
 import { UUID, AuditEventSource } from './types';
 import { Database } from '../types/database';
+import { Logger, LogLevel } from '../utils/core/logger';
 
 // Mock Supabase client
 const createMockSupabaseClient = () => {
@@ -350,17 +351,38 @@ describe('RBACAuditManager', () => {
   });
 
   describe('Fallback Logging', () => {
-    let consoleLogSpy: any;
+    let consoleDebugSpy: any;
     let consoleWarnSpy: any;
+    let consoleErrorSpy: any;
+    let originalMode: string | undefined;
 
     beforeEach(() => {
-      consoleLogSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+      // Ensure logger is enabled by setting MODE to development
+      originalMode = import.meta.env.MODE;
+      (import.meta.env as any).MODE = 'development';
+      
+      // Configure logger to ensure it logs in test environment
+      Logger.configure({
+        level: LogLevel.DEBUG,
+        includeTimestamp: false,
+        includeComponent: true,
+      });
+      
+      // Logger uses console.debug for debug logs, console.warn for warnings, console.error for errors
+      consoleDebugSpy = vi.spyOn(console, 'debug').mockImplementation(() => {});
       consoleWarnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});
+      consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
     });
 
     afterEach(() => {
-      consoleLogSpy.mockRestore();
+      consoleDebugSpy.mockRestore();
       consoleWarnSpy.mockRestore();
+      consoleErrorSpy.mockRestore();
+      
+      // Restore original mode
+      if (originalMode !== undefined) {
+        (import.meta.env as any).MODE = originalMode;
+      }
     });
 
     it('uses fallback logging when database insert fails', async () => {
@@ -388,9 +410,9 @@ describe('RBACAuditManager', () => {
 
       await auditManager.emitPermissionCheck(event);
 
-      // Verify fallback logging was called
-      expect(consoleLogSpy).toHaveBeenCalledWith(
-        '[RBAC Audit Fallback]',
+      // Verify fallback logging was called (logger.debug calls console.debug)
+      expect(consoleDebugSpy).toHaveBeenCalledWith(
+        expect.stringContaining('[RBAC Audit Fallback]'),
         expect.objectContaining({
           timestamp: expect.any(String),
           event: expect.objectContaining({
@@ -399,8 +421,7 @@ describe('RBACAuditManager', () => {
             organisationId: 'org-456',
             permission: 'read:users'
           }),
-          error: 'Database connection failed',
-          note: 'Database audit logging failed, using console fallback'
+          error: 'Database connection failed'
         })
       );
     });
@@ -421,9 +442,9 @@ describe('RBACAuditManager', () => {
 
       await auditManager.emitPermissionCheck(event);
 
-      // Verify fallback logging was called
-      expect(consoleLogSpy).toHaveBeenCalledWith(
-        '[RBAC Audit Fallback]',
+      // Verify fallback logging was called (logger.debug calls console.debug)
+      expect(consoleDebugSpy).toHaveBeenCalledWith(
+        expect.stringContaining('[RBAC Audit Fallback]'),
         expect.objectContaining({
           timestamp: expect.any(String),
           event: expect.objectContaining({
@@ -435,8 +456,7 @@ describe('RBACAuditManager', () => {
             source: 'api',
             duration_ms: 100
           }),
-          error: 'Network error', // Error is converted to string message
-          note: 'Database audit logging failed, using console fallback'
+          error: 'Network error' // Error is converted to string message
         })
       );
     });
@@ -467,9 +487,9 @@ describe('RBACAuditManager', () => {
       await auditManager.emitPermissionCheck(event);
 
       // Verify fallback logging was NOT called
-      expect(consoleLogSpy).not.toHaveBeenCalled();
+      expect(consoleDebugSpy).not.toHaveBeenCalled();
       
-      // But warning should still be logged
+      // But warning should still be logged (logger.warn calls console.warn)
       expect(consoleWarnSpy).toHaveBeenCalled();
     });
 
@@ -499,8 +519,8 @@ describe('RBACAuditManager', () => {
 
       await auditManager.emitPermissionCheck(event);
 
-      // Verify fallback logging was called after re-enabling
-      expect(consoleLogSpy).toHaveBeenCalled();
+      // Verify fallback logging was called after re-enabling (logger.debug calls console.debug)
+      expect(consoleDebugSpy).toHaveBeenCalled();
     });
 
     it('fallback logging includes correct event data', async () => {
@@ -531,27 +551,29 @@ describe('RBACAuditManager', () => {
 
       await auditManager.emitPermissionCheck(event);
 
-      const fallbackCall = consoleLogSpy.mock.calls[0];
-      expect(fallbackCall[0]).toBe('[RBAC Audit Fallback]');
-      expect(fallbackCall[1]).toMatchObject({
-        event: {
-          type: 'permission_check',
-          userId: 'user-123',
-          organisationId: 'org-456',
-          eventId: 'event-789',
-          appId: 'app-101',
-          permission: 'read:users',
-          decision: false,
-          source: 'ui',
-          bypass: true,
-          duration_ms: 250,
-          cache_hit: true,
-          cache_source: 'memory',
-          metadata: { test: 'data' }
-        },
-        error: 'Database error',
-        note: 'Database audit logging failed, using console fallback'
-      });
+      // Logger.debug formats the message, so we check the formatted string and the data object
+      expect(consoleDebugSpy).toHaveBeenCalledWith(
+        expect.stringContaining('[RBAC Audit Fallback]'),
+        expect.objectContaining({
+          timestamp: expect.any(String),
+          event: expect.objectContaining({
+            type: 'permission_check',
+            userId: 'user-123',
+            organisationId: 'org-456',
+            eventId: 'event-789',
+            appId: 'app-101',
+            permission: 'read:users',
+            decision: false,
+            source: 'ui',
+            bypass: true,
+            duration_ms: 250,
+            cache_hit: true,
+            cache_source: 'memory',
+            metadata: { test: 'data' }
+          }),
+          error: 'Database error'
+        })
+      );
     });
   });
 

package/src/rbac/audit.ts

@@ -14,6 +14,7 @@ import {
   AuditEventSource, 
   RBACAuditEvent 
 } from './types';
+import { logger } from '../utils/core/logger';
 
 /**
  * Audit event payload for permission checks
@@ -155,7 +156,7 @@ export class RBACAuditManager {
     // Validate required fields before attempting to insert
     // MANDATORY: All audit events must have userId
     if (!event.userId) {
-      console.error('[RBAC Audit] CRITICAL: Cannot log audit event without userId:', {
+      logger.error('RBAC Audit', 'CRITICAL: Cannot log audit event without userId:', {
         eventType: event.type,
         organisationId: event.organisationId
       });
@@ -165,7 +166,7 @@ export class RBACAuditManager {
     // WARNING: Some audit events may not have organisationId (e.g., global admin operations)
     // Log these for security monitoring even if organisationId is missing
     if (!event.organisationId) {
-      console.warn('[RBAC Audit] Audit event without organisation context:', {
+      logger.warn('RBAC Audit', 'Audit event without organisation context:', {
         userId: event.userId,
         eventType: event.type,
         note: 'This should be investigated for security compliance'
@@ -176,7 +177,7 @@ export class RBACAuditManager {
       // Since organisationId is now required in SecurityContext, this should rarely happen
       // But we still handle the edge case properly without masking it
       if (!event.organisationId) {
-        console.warn('[RBAC Audit] Audit event without organisation context - this should be investigated:', {
+        logger.warn('RBAC Audit', 'Audit event without organisation context - this should be investigated:', {
           userId: event.userId,
           eventType: event.type,
           note: 'Organisation context is required for RBAC operations. This may indicate a security issue or missing context derivation.'
@@ -222,7 +223,7 @@ export class RBACAuditManager {
 
       if (error) {
         // Log the error for debugging
-        console.warn('[RBAC Audit] Failed to insert audit event:', {
+        logger.warn('RBAC Audit', 'Failed to insert audit event:', {
           error: error.message,
           code: error.code,
           details: error.details,
@@ -237,7 +238,7 @@ export class RBACAuditManager {
       }
     } catch (error) {
       // Log unexpected errors
-      console.error('[RBAC Audit] Unexpected error during audit logging:', error);
+      logger.error('RBAC Audit', 'Unexpected error during audit logging:', error);
       
       // Use fallback logging if enabled
       if (this.fallbackEnabled) {
@@ -253,11 +254,10 @@ export class RBACAuditManager {
    * @param error - The error that occurred
    */
   private logFallbackEvent(event: AuditEventPayload, error: any): void {
-    console.log('[RBAC Audit Fallback]', {
+    logger.debug('RBAC Audit Fallback', 'Database audit logging failed, using console fallback', {
       timestamp: new Date().toISOString(),
       event,
-      error: error?.message || error,
-      note: 'Database audit logging failed, using console fallback'
+      error: error?.message || error
     });
   }
 

package/src/rbac/cache-invalidation.ts

@@ -12,6 +12,9 @@ import { Database } from '../types/database';
 import { rbacCache, CACHE_PATTERNS } from './cache';
 import { emitAuditEvent } from './audit';
 import { UUID } from './types';
+import { createLogger } from '../utils/core/logger';
+
+const log = createLogger('RBACCache');
 
 /**
  * Cache invalidation patterns for different RBAC changes
@@ -143,7 +146,7 @@ export class RBACCacheInvalidationManager {
    * @param reason - Reason for invalidation
    */
   private invalidatePatterns(patterns: string[], reason: string): void {
-    console.log(`[RBAC Cache] Invalidating patterns: ${patterns.join(', ')} (${reason})`);
+    log.debug(`Invalidating patterns: ${patterns.join(', ')} (${reason})`);
     
     patterns.forEach(pattern => {
       rbacCache.invalidate(pattern);
@@ -170,7 +173,7 @@ export class RBACCacheInvalidationManager {
         cache_invalidation: true
       }
     }).catch(error => {
-      console.warn('[RBAC Cache] Failed to log cache invalidation audit event:', error);
+      log.warn('Failed to log cache invalidation audit event:', error);
     });
   }
 
@@ -180,7 +183,7 @@ export class RBACCacheInvalidationManager {
   private setupRealtimeSubscriptions(): void {
     // Check if realtime is available (skip in test environments)
     if (!this.supabase.channel || typeof this.supabase.channel !== 'function') {
-      console.log('[RBAC Cache] Realtime not available, skipping subscriptions');
+      log.debug('Realtime not available, skipping subscriptions');
       return;
     }
 
@@ -287,7 +290,7 @@ export class RBACCacheInvalidationManager {
    * Clear all cache entries
    */
   clearAllCache(): void {
-    console.log('[RBAC Cache] Clearing all cache entries');
+    log.debug('Clearing all cache entries');
     rbacCache.clear();
   }
 }

package/src/rbac/components/EnhancedNavigationMenu.tsx

@@ -58,6 +58,7 @@
 import React, { useMemo, useCallback, useEffect, useState } from 'react';
 import { useNavigationPermissions, NavigationItem } from './NavigationProvider';
 import NavigationGuard from './NavigationGuard';
+import { getRBACLogger } from '../config';
 
 export interface EnhancedNavigationMenuProps {
   /** Navigation items to display */
@@ -148,7 +149,8 @@ export function EnhancedNavigationMenu({
     }
     
     if (auditLog) {
-      console.log(`[EnhancedNavigationMenu] Navigation access attempt:`, {
+      const logger = getRBACLogger();
+      logger.debug('Navigation access attempt:', {
         item: item.id,
         allowed,
         strictMode,
@@ -164,7 +166,8 @@ export function EnhancedNavigationMenu({
     }
     
     if (strictMode) {
-      console.error(`[EnhancedNavigationMenu] STRICT MODE VIOLATION: User attempted to access protected navigation item without permission`, {
+      const logger = getRBACLogger();
+      logger.error(`STRICT MODE VIOLATION: User attempted to access protected navigation item without permission`, {
         item: item.id,
         path: item.path,
         permissions: item.permissions,
@@ -187,7 +190,8 @@ export function EnhancedNavigationMenu({
     
     // Record navigation attempt
     if (auditLog) {
-      console.log(`[EnhancedNavigationMenu] Navigation item clicked:`, {
+      const logger = getRBACLogger();
+      logger.debug('Navigation item clicked:', {
         item: item.id,
         path: item.path,
         permissions: item.permissions,
@@ -266,14 +270,16 @@ export function EnhancedNavigationMenu({
   // Log strict mode violations
   useEffect(() => {
     if (strictMode && auditLog) {
-      console.log(`[EnhancedNavigationMenu] Strict mode enabled - all navigation access attempts will be logged and enforced`);
+      const logger = getRBACLogger();
+      logger.debug('Strict mode enabled - all navigation access attempts will be logged and enforced');
     }
   }, [strictMode, auditLog]);
 
   // Log navigation menu initialization
   useEffect(() => {
     if (auditLog) {
-      console.log(`[EnhancedNavigationMenu] Navigation menu initialized:`, {
+      const logger = getRBACLogger();
+      logger.debug('Navigation menu initialized:', {
         totalItems: items.length,
         filteredItems: filteredItems.length,
         strictMode,

package/src/rbac/components/NavigationGuard.tsx

@@ -70,6 +70,7 @@ import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
 import { UUID, Permission, Scope } from '../types';
 import { createScopeFromEvent } from '../utils/eventContext';
 import { NavigationItem } from './NavigationProvider';
+import { getRBACLogger } from '../config';
 
 export interface NavigationGuardProps {
   /** Navigation item being protected */
@@ -215,7 +216,8 @@ export function NavigationGuard({
   // Log navigation access attempt for audit
   useEffect(() => {
     if (auditLog && hasChecked && !isLoading) {
-      console.log(`[NavigationGuard] Navigation access attempt:`, {
+      const logger = getRBACLogger();
+      logger.debug('Navigation access attempt:', {
         navigationItem: navigationItem.id,
         permissions: navigationItem.permissions,
         userId: user?.id,
@@ -230,7 +232,8 @@ export function NavigationGuard({
   // Handle strict mode violations
   useEffect(() => {
     if (strictMode && hasChecked && !isLoading && !hasRequiredPermissions) {
-      console.error(`[NavigationGuard] STRICT MODE VIOLATION: User attempted to access protected navigation item without permission`, {
+      const logger = getRBACLogger();
+      logger.error(`STRICT MODE VIOLATION: User attempted to access protected navigation item without permission`, {
         navigationItem: navigationItem.id,
         permissions: navigationItem.permissions,
         userId: user?.id,
@@ -248,7 +251,8 @@ export function NavigationGuard({
 
   // Show error state
   if (checkError) {
-    console.error(`[NavigationGuard] Permission check failed for navigation item ${navigationItem.id}:`, checkError);
+    const logger = getRBACLogger();
+    logger.error(`Permission check failed for navigation item ${navigationItem.id}:`, checkError);
     return <>{fallback}</>;
   }
 

package/src/rbac/components/NavigationProvider.tsx

@@ -58,6 +58,8 @@ import React, { createContext, useContext, useState, useCallback, useMemo, useEf
 import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
 import { useCan } from '../hooks';
 import { UUID, Scope, Permission } from '../types';
+import { getRBACLogger } from '../config';
+import { logger } from '../../utils/core/logger';
 
 export interface NavigationItem {
   /** Unique identifier for the navigation item */
@@ -199,7 +201,7 @@ export function NavigationProvider({
     
     // If no permissions are defined for the navigation item, deny access by default
     if (!item.permissions || item.permissions.length === 0) {
-      console.warn(`[NavigationProvider] Navigation item "${item.id}" has no permissions defined - denying access`);
+      logger.warn('NavigationProvider', `Navigation item "${item.id}" has no permissions defined - denying access`);
       return false;
     }
     
@@ -218,7 +220,7 @@ export function NavigationProvider({
     // Handle errors gracefully - allow access when there are permission check errors (graceful degradation)
     // This ensures navigation doesn't break when the permission service has issues
     if (error) {
-      console.warn(`[NavigationProvider] Permission check error for "${item.id}": ${error.message} - allowing access for graceful degradation`);
+      logger.warn('NavigationProvider', `Permission check error for "${item.id}": ${error.message} - allowing access for graceful degradation`);
       return true;
     }
     
@@ -308,7 +310,8 @@ export function NavigationProvider({
   // Log strict mode violations
   useEffect(() => {
     if (strictMode && auditLog) {
-      console.log(`[NavigationProvider] Strict mode enabled - all navigation access attempts will be logged and enforced`);
+      const logger = getRBACLogger();
+      logger.debug('Strict mode enabled - all navigation access attempts will be logged and enforced');
     }
   }, [strictMode, auditLog]);
 

package/src/rbac/components/PagePermissionGuard.tsx

@@ -72,7 +72,8 @@ import { useCan } from '../hooks';
 import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
 import { UUID, Permission, Scope } from '../types';
 import { createScopeFromEvent } from '../utils/eventContext';
-import { getCurrentAppName } from '../../utils/appNameResolver';
+import { getCurrentAppName } from '../../utils/app/appNameResolver';
+import { getRBACLogger } from '../config';
 
 export interface PagePermissionGuardProps {
   /** Name of the page being protected */
@@ -198,7 +199,8 @@ const PagePermissionGuardComponent = ({
             }
 
             if (error) {
-              console.error('[PagePermissionGuard] Database error resolving app ID:', error);
+              const logger = getRBACLogger();
+              logger.error('Database error resolving app ID:', error);
               if (signal.aborted) {
                 return;
               }
@@ -213,23 +215,26 @@ const PagePermissionGuardComponent = ({
               }
 
               if (inactiveApp) {
-                console.error(`[PagePermissionGuard] App "${appName}" exists but is inactive (is_active: ${inactiveApp.is_active})`);
+                logger.error(`App "${appName}" exists but is inactive (is_active: ${inactiveApp.is_active})`);
               } else {
-                console.error(`[PagePermissionGuard] App "${appName}" not found in rbac_apps table`);
+                logger.error(`App "${appName}" not found in rbac_apps table`);
               }
             } else if (app) {
               appId = app.id;
             } else {
-              console.error('[PagePermissionGuard] No app data returned for:', appName);
+              const logger = getRBACLogger();
+              logger.error('No app data returned for:', appName);
             }
           } catch (error) {
             if (signal.aborted) {
               return;
             }
-            console.error('[PagePermissionGuard] Unexpected error resolving app ID:', error);
+            const logger = getRBACLogger();
+            logger.error('Unexpected error resolving app ID:', error);
           }
         } else {
-          console.error('[PagePermissionGuard] No app name found. Make sure to call setRBACAppName() in your app setup.');
+          const logger = getRBACLogger();
+          logger.error('No app name found. Make sure to call setRBACAppName() in your app setup.');
         }
       }
 
@@ -240,10 +245,11 @@ const PagePermissionGuardComponent = ({
       // If we have both organisation and event, use them directly
       if (selectedOrganisation && selectedEvent) {
         if (!appId) {
+          const logger = getRBACLogger();
           if (import.meta.env.MODE === 'test') {
-            console.warn('[PagePermissionGuard] App ID not resolved in test environment, proceeding without it');
+            logger.warn('App ID not resolved in test environment, proceeding without it');
           } else {
-            console.error('[PagePermissionGuard] CRITICAL: App ID not resolved. Check console for details.');
+            logger.error('CRITICAL: App ID not resolved. Check console for details.');
             safeSetCheckError(new Error('App ID not resolved. Check console for database errors.'));
             safeSetResolvedScope(null);
             return;
@@ -253,7 +259,8 @@ const PagePermissionGuardComponent = ({
         if (import.meta.env.MODE === 'production' && appId) {
           const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
           if (!uuidRegex.test(appId)) {
-            console.error('[PagePermissionGuard] CRITICAL: App ID is not a valid UUID:', appId);
+            const logger = getRBACLogger();
+            logger.error('CRITICAL: App ID is not a valid UUID:', appId);
             safeSetCheckError(new Error(`Invalid app ID format: ${appId}. Expected UUID.`));
             safeSetResolvedScope(null);
             return;
@@ -276,10 +283,11 @@ const PagePermissionGuardComponent = ({
       // If we only have organisation, use it
       if (selectedOrganisation) {
         if (!appId) {
+          const logger = getRBACLogger();
           if (import.meta.env.MODE === 'test') {
-            console.warn('[PagePermissionGuard] App ID not resolved in test environment, proceeding without it');
+            logger.warn('App ID not resolved in test environment, proceeding without it');
           } else {
-            console.error('[PagePermissionGuard] CRITICAL: App ID not resolved. Check console for details.');
+            logger.error('CRITICAL: App ID not resolved. Check console for details.');
             safeSetCheckError(new Error('App ID not resolved. Check console for database errors.'));
             safeSetResolvedScope(null);
             return;
@@ -289,7 +297,8 @@ const PagePermissionGuardComponent = ({
         if (import.meta.env.MODE === 'production' && appId) {
           const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
           if (!uuidRegex.test(appId)) {
-            console.error('[PagePermissionGuard] CRITICAL: App ID is not a valid UUID:', appId);
+            const logger = getRBACLogger();
+            logger.error('CRITICAL: App ID is not a valid UUID:', appId);
             safeSetCheckError(new Error(`Invalid app ID format: ${appId}. Expected UUID.`));
             safeSetResolvedScope(null);
             return;
@@ -346,7 +355,8 @@ const PagePermissionGuardComponent = ({
         ? 'Either organisation context or event context is required for page permission checking'
         : 'Insufficient context for permission checking. Please ensure you are properly authenticated and have selected an organisation or event.';
 
-      console.error('[PagePermissionGuard] Context resolution failed:', {
+      const logger = getRBACLogger();
+      logger.error('Context resolution failed:', {
         selectedOrganisation: selectedOrganisation ? (selectedOrganisation as any).id : null,
         selectedEvent: selectedEvent ? (selectedEvent as any).event_id : null,
         appId,
@@ -425,7 +435,8 @@ const PagePermissionGuardComponent = ({
   // Log page access attempt for audit
   useEffect(() => {
     if (auditLog && hasChecked && !isLoading) {
-      console.log(`[PagePermissionGuard] Page access attempt:`, {
+      const rbacLogger = getRBACLogger();
+      rbacLogger.debug('Page access attempt:', {
         pageName,
         operation,
         userId: user?.id,
@@ -440,7 +451,8 @@ const PagePermissionGuardComponent = ({
   // Handle strict mode violations
   useEffect(() => {
     if (strictMode && hasChecked && !isLoading && !can) {
-      console.error(`[PagePermissionGuard] STRICT MODE VIOLATION: User attempted to access protected page without permission`, {
+      const logger = getRBACLogger();
+      logger.error(`STRICT MODE VIOLATION: User attempted to access protected page without permission`, {
         pageName,
         operation,
         permission: `${operation}:page.${pageName}`,

package/src/rbac/components/PagePermissionProvider.tsx

@@ -57,6 +57,9 @@
 import React, { createContext, useContext, useState, useCallback, useMemo, useEffect } from 'react';
 import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
 import { UUID, Scope, Permission } from '../types';
+import { createLogger } from '../../utils/core/logger';
+
+const log = createLogger('PagePermissionProvider');
 
 export interface PagePermissionContextType {
   /** Check if user has permission for a page */
@@ -244,7 +247,7 @@ export function PagePermissionProvider({
   // Log strict mode violations
   useEffect(() => {
     if (strictMode && auditLog) {
-      console.log(`[PagePermissionProvider] Strict mode enabled - all page access attempts will be logged and enforced`);
+      log.debug('Strict mode enabled - all page access attempts will be logged and enforced');
     }
   }, [strictMode, auditLog]);
 

package/src/rbac/components/PermissionEnforcer.tsx

@@ -71,6 +71,10 @@ import { useMultiplePermissions } from '../hooks/usePermissions';
 import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
 import { UUID, Permission, Scope } from '../types';
 import { createScopeFromEvent } from '../utils/eventContext';
+import { getRBACLogger } from '../config';
+import { createLogger } from '../../utils/core/logger';
+
+const log = createLogger('PermissionEnforcer');
 
 export interface PermissionEnforcerProps {
   /** Permissions required for access */
@@ -225,7 +229,7 @@ export function PermissionEnforcer({
   // Log permission check attempt for audit
   useEffect(() => {
     if (auditLog && hasChecked && !isLoading) {
-      console.log(`[PermissionEnforcer] Permission check attempt:`, {
+      log.debug('Permission check attempt:', {
         permissions,
         operation,
         userId: user?.id,
@@ -240,7 +244,8 @@ export function PermissionEnforcer({
   // Handle strict mode violations
   useEffect(() => {
     if (strictMode && hasChecked && !isLoading && !hasRequiredPermissions) {
-      console.error(`[PermissionEnforcer] STRICT MODE VIOLATION: User attempted to perform operation without permission`, {
+      const logger = getRBACLogger();
+      logger.error(`STRICT MODE VIOLATION: User attempted to perform operation without permission`, {
         permissions,
         operation,
         userId: user?.id,
@@ -258,7 +263,8 @@ export function PermissionEnforcer({
 
   // Show error state
   if (checkError) {
-    console.error(`[PermissionEnforcer] Permission check failed for operation ${operation}:`, checkError);
+    const logger = getRBACLogger();
+    logger.error(`Permission check failed for operation ${operation}:`, checkError);
     return <>{fallback}</>;
   }