@jmruthers/pace-core 0.5.135 → 0.5.137

package/src/rbac/audit.ts

@@ -14,6 +14,7 @@ import {
   AuditEventSource, 
   RBACAuditEvent 
 } from './types';
+import { logger } from '../utils/core/logger';
 
 /**
  * Audit event payload for permission checks
@@ -155,7 +156,7 @@ export class RBACAuditManager {
     // Validate required fields before attempting to insert
     // MANDATORY: All audit events must have userId
     if (!event.userId) {
-      console.error('[RBAC Audit] CRITICAL: Cannot log audit event without userId:', {
+      logger.error('RBAC Audit', 'CRITICAL: Cannot log audit event without userId:', {
         eventType: event.type,
         organisationId: event.organisationId
       });
@@ -165,7 +166,7 @@ export class RBACAuditManager {
     // WARNING: Some audit events may not have organisationId (e.g., global admin operations)
     // Log these for security monitoring even if organisationId is missing
     if (!event.organisationId) {
-      console.warn('[RBAC Audit] Audit event without organisation context:', {
+      logger.warn('RBAC Audit', 'Audit event without organisation context:', {
         userId: event.userId,
         eventType: event.type,
         note: 'This should be investigated for security compliance'
@@ -176,7 +177,7 @@ export class RBACAuditManager {
       // Since organisationId is now required in SecurityContext, this should rarely happen
       // But we still handle the edge case properly without masking it
       if (!event.organisationId) {
-        console.warn('[RBAC Audit] Audit event without organisation context - this should be investigated:', {
+        logger.warn('RBAC Audit', 'Audit event without organisation context - this should be investigated:', {
           userId: event.userId,
           eventType: event.type,
           note: 'Organisation context is required for RBAC operations. This may indicate a security issue or missing context derivation.'
@@ -222,7 +223,7 @@ export class RBACAuditManager {
 
       if (error) {
         // Log the error for debugging
-        console.warn('[RBAC Audit] Failed to insert audit event:', {
+        logger.warn('RBAC Audit', 'Failed to insert audit event:', {
           error: error.message,
           code: error.code,
           details: error.details,
@@ -237,7 +238,7 @@ export class RBACAuditManager {
       }
     } catch (error) {
       // Log unexpected errors
-      console.error('[RBAC Audit] Unexpected error during audit logging:', error);
+      logger.error('RBAC Audit', 'Unexpected error during audit logging:', error);
       
       // Use fallback logging if enabled
       if (this.fallbackEnabled) {
@@ -253,11 +254,10 @@ export class RBACAuditManager {
    * @param error - The error that occurred
    */
   private logFallbackEvent(event: AuditEventPayload, error: any): void {
-    console.log('[RBAC Audit Fallback]', {
+    logger.debug('RBAC Audit Fallback', 'Database audit logging failed, using console fallback', {
       timestamp: new Date().toISOString(),
       event,
-      error: error?.message || error,
-      note: 'Database audit logging failed, using console fallback'
+      error: error?.message || error
     });
   }
 

package/src/rbac/cache-invalidation.ts

@@ -12,6 +12,9 @@ import { Database } from '../types/database';
 import { rbacCache, CACHE_PATTERNS } from './cache';
 import { emitAuditEvent } from './audit';
 import { UUID } from './types';
+import { createLogger } from '../utils/core/logger';
+
+const log = createLogger('RBACCache');
 
 /**
  * Cache invalidation patterns for different RBAC changes
@@ -143,7 +146,7 @@ export class RBACCacheInvalidationManager {
    * @param reason - Reason for invalidation
    */
   private invalidatePatterns(patterns: string[], reason: string): void {
-    console.log(`[RBAC Cache] Invalidating patterns: ${patterns.join(', ')} (${reason})`);
+    log.debug(`Invalidating patterns: ${patterns.join(', ')} (${reason})`);
     
     patterns.forEach(pattern => {
       rbacCache.invalidate(pattern);
@@ -170,7 +173,7 @@ export class RBACCacheInvalidationManager {
         cache_invalidation: true
       }
     }).catch(error => {
-      console.warn('[RBAC Cache] Failed to log cache invalidation audit event:', error);
+      log.warn('Failed to log cache invalidation audit event:', error);
     });
   }
 
@@ -180,7 +183,7 @@ export class RBACCacheInvalidationManager {
   private setupRealtimeSubscriptions(): void {
     // Check if realtime is available (skip in test environments)
     if (!this.supabase.channel || typeof this.supabase.channel !== 'function') {
-      console.log('[RBAC Cache] Realtime not available, skipping subscriptions');
+      log.debug('Realtime not available, skipping subscriptions');
       return;
     }
 
@@ -287,7 +290,7 @@ export class RBACCacheInvalidationManager {
    * Clear all cache entries
    */
   clearAllCache(): void {
-    console.log('[RBAC Cache] Clearing all cache entries');
+    log.debug('Clearing all cache entries');
     rbacCache.clear();
   }
 }

package/src/rbac/components/EnhancedNavigationMenu.tsx

@@ -58,6 +58,7 @@
 import React, { useMemo, useCallback, useEffect, useState } from 'react';
 import { useNavigationPermissions, NavigationItem } from './NavigationProvider';
 import NavigationGuard from './NavigationGuard';
+import { getRBACLogger } from '../config';
 
 export interface EnhancedNavigationMenuProps {
   /** Navigation items to display */
@@ -148,7 +149,8 @@ export function EnhancedNavigationMenu({
     }
     
     if (auditLog) {
-      console.log(`[EnhancedNavigationMenu] Navigation access attempt:`, {
+      const logger = getRBACLogger();
+      logger.debug('Navigation access attempt:', {
         item: item.id,
         allowed,
         strictMode,
@@ -164,7 +166,8 @@ export function EnhancedNavigationMenu({
     }
     
     if (strictMode) {
-      console.error(`[EnhancedNavigationMenu] STRICT MODE VIOLATION: User attempted to access protected navigation item without permission`, {
+      const logger = getRBACLogger();
+      logger.error(`STRICT MODE VIOLATION: User attempted to access protected navigation item without permission`, {
         item: item.id,
         path: item.path,
         permissions: item.permissions,
@@ -187,7 +190,8 @@ export function EnhancedNavigationMenu({
     
     // Record navigation attempt
     if (auditLog) {
-      console.log(`[EnhancedNavigationMenu] Navigation item clicked:`, {
+      const logger = getRBACLogger();
+      logger.debug('Navigation item clicked:', {
         item: item.id,
         path: item.path,
         permissions: item.permissions,
@@ -266,14 +270,16 @@ export function EnhancedNavigationMenu({
   // Log strict mode violations
   useEffect(() => {
     if (strictMode && auditLog) {
-      console.log(`[EnhancedNavigationMenu] Strict mode enabled - all navigation access attempts will be logged and enforced`);
+      const logger = getRBACLogger();
+      logger.debug('Strict mode enabled - all navigation access attempts will be logged and enforced');
     }
   }, [strictMode, auditLog]);
 
   // Log navigation menu initialization
   useEffect(() => {
     if (auditLog) {
-      console.log(`[EnhancedNavigationMenu] Navigation menu initialized:`, {
+      const logger = getRBACLogger();
+      logger.debug('Navigation menu initialized:', {
         totalItems: items.length,
         filteredItems: filteredItems.length,
         strictMode,

package/src/rbac/components/NavigationGuard.tsx

@@ -70,6 +70,7 @@ import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
 import { UUID, Permission, Scope } from '../types';
 import { createScopeFromEvent } from '../utils/eventContext';
 import { NavigationItem } from './NavigationProvider';
+import { getRBACLogger } from '../config';
 
 export interface NavigationGuardProps {
   /** Navigation item being protected */
@@ -215,7 +216,8 @@ export function NavigationGuard({
   // Log navigation access attempt for audit
   useEffect(() => {
     if (auditLog && hasChecked && !isLoading) {
-      console.log(`[NavigationGuard] Navigation access attempt:`, {
+      const logger = getRBACLogger();
+      logger.debug('Navigation access attempt:', {
         navigationItem: navigationItem.id,
         permissions: navigationItem.permissions,
         userId: user?.id,
@@ -230,7 +232,8 @@ export function NavigationGuard({
   // Handle strict mode violations
   useEffect(() => {
     if (strictMode && hasChecked && !isLoading && !hasRequiredPermissions) {
-      console.error(`[NavigationGuard] STRICT MODE VIOLATION: User attempted to access protected navigation item without permission`, {
+      const logger = getRBACLogger();
+      logger.error(`STRICT MODE VIOLATION: User attempted to access protected navigation item without permission`, {
         navigationItem: navigationItem.id,
         permissions: navigationItem.permissions,
         userId: user?.id,
@@ -248,7 +251,8 @@ export function NavigationGuard({
 
   // Show error state
   if (checkError) {
-    console.error(`[NavigationGuard] Permission check failed for navigation item ${navigationItem.id}:`, checkError);
+    const logger = getRBACLogger();
+    logger.error(`Permission check failed for navigation item ${navigationItem.id}:`, checkError);
     return <>{fallback}</>;
   }
 

package/src/rbac/components/NavigationProvider.tsx

@@ -58,6 +58,8 @@ import React, { createContext, useContext, useState, useCallback, useMemo, useEf
 import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
 import { useCan } from '../hooks';
 import { UUID, Scope, Permission } from '../types';
+import { getRBACLogger } from '../config';
+import { logger } from '../../utils/core/logger';
 
 export interface NavigationItem {
   /** Unique identifier for the navigation item */
@@ -199,7 +201,7 @@ export function NavigationProvider({
     
     // If no permissions are defined for the navigation item, deny access by default
     if (!item.permissions || item.permissions.length === 0) {
-      console.warn(`[NavigationProvider] Navigation item "${item.id}" has no permissions defined - denying access`);
+      logger.warn('NavigationProvider', `Navigation item "${item.id}" has no permissions defined - denying access`);
       return false;
     }
     
@@ -218,7 +220,7 @@ export function NavigationProvider({
     // Handle errors gracefully - allow access when there are permission check errors (graceful degradation)
     // This ensures navigation doesn't break when the permission service has issues
     if (error) {
-      console.warn(`[NavigationProvider] Permission check error for "${item.id}": ${error.message} - allowing access for graceful degradation`);
+      logger.warn('NavigationProvider', `Permission check error for "${item.id}": ${error.message} - allowing access for graceful degradation`);
       return true;
     }
     
@@ -308,7 +310,8 @@ export function NavigationProvider({
   // Log strict mode violations
   useEffect(() => {
     if (strictMode && auditLog) {
-      console.log(`[NavigationProvider] Strict mode enabled - all navigation access attempts will be logged and enforced`);
+      const logger = getRBACLogger();
+      logger.debug('Strict mode enabled - all navigation access attempts will be logged and enforced');
     }
   }, [strictMode, auditLog]);
 

package/src/rbac/components/PagePermissionGuard.tsx

@@ -72,7 +72,8 @@ import { useCan } from '../hooks';
 import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
 import { UUID, Permission, Scope } from '../types';
 import { createScopeFromEvent } from '../utils/eventContext';
-import { getCurrentAppName } from '../../utils/appNameResolver';
+import { getCurrentAppName } from '../../utils/app/appNameResolver';
+import { getRBACLogger } from '../config';
 
 export interface PagePermissionGuardProps {
   /** Name of the page being protected */
@@ -198,7 +199,8 @@ const PagePermissionGuardComponent = ({
             }
 
             if (error) {
-              console.error('[PagePermissionGuard] Database error resolving app ID:', error);
+              const logger = getRBACLogger();
+              logger.error('Database error resolving app ID:', error);
               if (signal.aborted) {
                 return;
               }
@@ -213,23 +215,26 @@ const PagePermissionGuardComponent = ({
               }
 
               if (inactiveApp) {
-                console.error(`[PagePermissionGuard] App "${appName}" exists but is inactive (is_active: ${inactiveApp.is_active})`);
+                logger.error(`App "${appName}" exists but is inactive (is_active: ${inactiveApp.is_active})`);
               } else {
-                console.error(`[PagePermissionGuard] App "${appName}" not found in rbac_apps table`);
+                logger.error(`App "${appName}" not found in rbac_apps table`);
               }
             } else if (app) {
               appId = app.id;
             } else {
-              console.error('[PagePermissionGuard] No app data returned for:', appName);
+              const logger = getRBACLogger();
+              logger.error('No app data returned for:', appName);
             }
           } catch (error) {
             if (signal.aborted) {
               return;
             }
-            console.error('[PagePermissionGuard] Unexpected error resolving app ID:', error);
+            const logger = getRBACLogger();
+            logger.error('Unexpected error resolving app ID:', error);
           }
         } else {
-          console.error('[PagePermissionGuard] No app name found. Make sure to call setRBACAppName() in your app setup.');
+          const logger = getRBACLogger();
+          logger.error('No app name found. Make sure to call setRBACAppName() in your app setup.');
         }
       }
 
@@ -240,10 +245,11 @@ const PagePermissionGuardComponent = ({
       // If we have both organisation and event, use them directly
       if (selectedOrganisation && selectedEvent) {
         if (!appId) {
+          const logger = getRBACLogger();
           if (import.meta.env.MODE === 'test') {
-            console.warn('[PagePermissionGuard] App ID not resolved in test environment, proceeding without it');
+            logger.warn('App ID not resolved in test environment, proceeding without it');
           } else {
-            console.error('[PagePermissionGuard] CRITICAL: App ID not resolved. Check console for details.');
+            logger.error('CRITICAL: App ID not resolved. Check console for details.');
             safeSetCheckError(new Error('App ID not resolved. Check console for database errors.'));
             safeSetResolvedScope(null);
             return;
@@ -253,7 +259,8 @@ const PagePermissionGuardComponent = ({
         if (import.meta.env.MODE === 'production' && appId) {
           const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
           if (!uuidRegex.test(appId)) {
-            console.error('[PagePermissionGuard] CRITICAL: App ID is not a valid UUID:', appId);
+            const logger = getRBACLogger();
+            logger.error('CRITICAL: App ID is not a valid UUID:', appId);
             safeSetCheckError(new Error(`Invalid app ID format: ${appId}. Expected UUID.`));
             safeSetResolvedScope(null);
             return;
@@ -276,10 +283,11 @@ const PagePermissionGuardComponent = ({
       // If we only have organisation, use it
       if (selectedOrganisation) {
         if (!appId) {
+          const logger = getRBACLogger();
           if (import.meta.env.MODE === 'test') {
-            console.warn('[PagePermissionGuard] App ID not resolved in test environment, proceeding without it');
+            logger.warn('App ID not resolved in test environment, proceeding without it');
           } else {
-            console.error('[PagePermissionGuard] CRITICAL: App ID not resolved. Check console for details.');
+            logger.error('CRITICAL: App ID not resolved. Check console for details.');
             safeSetCheckError(new Error('App ID not resolved. Check console for database errors.'));
             safeSetResolvedScope(null);
             return;
@@ -289,7 +297,8 @@ const PagePermissionGuardComponent = ({
         if (import.meta.env.MODE === 'production' && appId) {
           const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
           if (!uuidRegex.test(appId)) {
-            console.error('[PagePermissionGuard] CRITICAL: App ID is not a valid UUID:', appId);
+            const logger = getRBACLogger();
+            logger.error('CRITICAL: App ID is not a valid UUID:', appId);
             safeSetCheckError(new Error(`Invalid app ID format: ${appId}. Expected UUID.`));
             safeSetResolvedScope(null);
             return;
@@ -346,7 +355,8 @@ const PagePermissionGuardComponent = ({
         ? 'Either organisation context or event context is required for page permission checking'
         : 'Insufficient context for permission checking. Please ensure you are properly authenticated and have selected an organisation or event.';
 
-      console.error('[PagePermissionGuard] Context resolution failed:', {
+      const logger = getRBACLogger();
+      logger.error('Context resolution failed:', {
         selectedOrganisation: selectedOrganisation ? (selectedOrganisation as any).id : null,
         selectedEvent: selectedEvent ? (selectedEvent as any).event_id : null,
         appId,
@@ -425,7 +435,8 @@ const PagePermissionGuardComponent = ({
   // Log page access attempt for audit
   useEffect(() => {
     if (auditLog && hasChecked && !isLoading) {
-      console.log(`[PagePermissionGuard] Page access attempt:`, {
+      const rbacLogger = getRBACLogger();
+      rbacLogger.debug('Page access attempt:', {
         pageName,
         operation,
         userId: user?.id,
@@ -440,7 +451,8 @@ const PagePermissionGuardComponent = ({
   // Handle strict mode violations
   useEffect(() => {
     if (strictMode && hasChecked && !isLoading && !can) {
-      console.error(`[PagePermissionGuard] STRICT MODE VIOLATION: User attempted to access protected page without permission`, {
+      const logger = getRBACLogger();
+      logger.error(`STRICT MODE VIOLATION: User attempted to access protected page without permission`, {
         pageName,
         operation,
         permission: `${operation}:page.${pageName}`,

package/src/rbac/components/PagePermissionProvider.tsx

@@ -57,6 +57,9 @@
 import React, { createContext, useContext, useState, useCallback, useMemo, useEffect } from 'react';
 import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
 import { UUID, Scope, Permission } from '../types';
+import { createLogger } from '../../utils/core/logger';
+
+const log = createLogger('PagePermissionProvider');
 
 export interface PagePermissionContextType {
   /** Check if user has permission for a page */
@@ -244,7 +247,7 @@ export function PagePermissionProvider({
   // Log strict mode violations
   useEffect(() => {
     if (strictMode && auditLog) {
-      console.log(`[PagePermissionProvider] Strict mode enabled - all page access attempts will be logged and enforced`);
+      log.debug('Strict mode enabled - all page access attempts will be logged and enforced');
     }
   }, [strictMode, auditLog]);
 

package/src/rbac/components/PermissionEnforcer.tsx

@@ -71,6 +71,10 @@ import { useMultiplePermissions } from '../hooks/usePermissions';
 import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
 import { UUID, Permission, Scope } from '../types';
 import { createScopeFromEvent } from '../utils/eventContext';
+import { getRBACLogger } from '../config';
+import { createLogger } from '../../utils/core/logger';
+
+const log = createLogger('PermissionEnforcer');
 
 export interface PermissionEnforcerProps {
   /** Permissions required for access */
@@ -225,7 +229,7 @@ export function PermissionEnforcer({
   // Log permission check attempt for audit
   useEffect(() => {
     if (auditLog && hasChecked && !isLoading) {
-      console.log(`[PermissionEnforcer] Permission check attempt:`, {
+      log.debug('Permission check attempt:', {
         permissions,
         operation,
         userId: user?.id,
@@ -240,7 +244,8 @@ export function PermissionEnforcer({
   // Handle strict mode violations
   useEffect(() => {
     if (strictMode && hasChecked && !isLoading && !hasRequiredPermissions) {
-      console.error(`[PermissionEnforcer] STRICT MODE VIOLATION: User attempted to perform operation without permission`, {
+      const logger = getRBACLogger();
+      logger.error(`STRICT MODE VIOLATION: User attempted to perform operation without permission`, {
         permissions,
         operation,
         userId: user?.id,
@@ -258,7 +263,8 @@ export function PermissionEnforcer({
 
   // Show error state
   if (checkError) {
-    console.error(`[PermissionEnforcer] Permission check failed for operation ${operation}:`, checkError);
+    const logger = getRBACLogger();
+    logger.error(`Permission check failed for operation ${operation}:`, checkError);
     return <>{fallback}</>;
   }
 

package/src/rbac/components/RoleBasedRouter.tsx

@@ -68,6 +68,7 @@ import { useLocation, useNavigate, Outlet } from 'react-router-dom';
 import { useCan } from '../hooks';
 import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
 import { UUID, Permission, Scope, AccessLevel } from '../types';
+import { getRBACLogger } from '../config';
 
 export interface RouteConfig {
   /** Route path */
@@ -307,7 +308,8 @@ export function RoleBasedRouter({
     if (!currentRouteConfig) {
       // Route not found in configuration
       if (strictMode) {
-        console.error(`[RoleBasedRouter] STRICT MODE VIOLATION: Route not found in configuration`, {
+        const logger = getRBACLogger();
+        logger.error(`STRICT MODE VIOLATION: Route not found in configuration`, {
           route: currentPath,
           userId: user?.id,
           timestamp: new Date().toISOString()

package/src/rbac/components/SecureDataProvider.tsx

@@ -60,6 +60,7 @@ import React, { createContext, useContext, useState, useCallback, useMemo, useEf
 import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
 import { useSecureDataAccess } from '../../hooks/useSecureDataAccess';
 import { UUID, Scope, Permission } from '../types';
+import { getRBACLogger } from '../config';
 
 export interface DataAccessRecord {
   table: string;
@@ -215,7 +216,8 @@ export function SecureDataProvider({
     try {
       validateContext();
     } catch (error) {
-      console.error(`[SecureDataProvider] Organisation context validation failed:`, error);
+      const logger = getRBACLogger();
+      logger.error('Organisation context validation failed:', error);
       return false;
     }
     
@@ -282,14 +284,16 @@ export function SecureDataProvider({
   // Log strict mode violations
   useEffect(() => {
     if (strictMode && auditLog) {
-      console.log(`[SecureDataProvider] Strict mode enabled - all data access attempts will be logged and enforced`);
+      const logger = getRBACLogger();
+      logger.debug('Strict mode enabled - all data access attempts will be logged and enforced');
     }
   }, [strictMode, auditLog]);
 
   // Log RLS enforcement
   useEffect(() => {
     if (enforceRLS && auditLog) {
-      console.log(`[SecureDataProvider] RLS enforcement enabled - all queries will include organisation context`);
+      const logger = getRBACLogger();
+      logger.debug('RLS enforcement enabled - all queries will include organisation context');
     }
   }, [enforceRLS, auditLog]);