@jmruthers/pace-core 0.5.136 → 0.5.139

package/dist/{chunk-FHWWBIHA.js → chunk-6DXZ6V5Q.js}

@@ -3,7 +3,7 @@ import {
   useAccessLevel,
   useCan,
   useMultiplePermissions
-} from "./chunk-L6PGMCMD.js";
+} from "./chunk-BOOI7GK2.js";
 import {
   OrganisationContextRequiredError,
   RBACCache,
@@ -12,13 +12,13 @@ import {
 } from "./chunk-BVYWGZVV.js";
 import {
   useSecureDataAccess
-} from "./chunk-LTV3XIJJ.js";
+} from "./chunk-T6JN6LH6.js";
 import {
   init_UnifiedAuthProvider
-} from "./chunk-2TWNJ46Y.js";
+} from "./chunk-6LAAY47Q.js";
 import {
   useUnifiedAuth
-} from "./chunk-4MT5BGGL.js";
+} from "./chunk-YCWDTTUK.js";
 import {
   getCurrentAppName
 } from "./chunk-Q5QRDWKI.js";
@@ -1898,4 +1898,4 @@ export {
   getPermissionsForRole,
   ALL_PERMISSIONS
 };
-//# sourceMappingURL=chunk-FHWWBIHA.js.map
+//# sourceMappingURL=chunk-6DXZ6V5Q.js.map

package/dist/{chunk-2TWNJ46Y.js → chunk-6LAAY47Q.js}

@@ -2,7 +2,7 @@ import {
   UnifiedAuthProvider,
   init_UnifiedAuthProvider,
   useUnifiedAuth
-} from "./chunk-4MT5BGGL.js";
+} from "./chunk-YCWDTTUK.js";
 import {
   __esm,
   __export
@@ -24,4 +24,4 @@ export {
   UnifiedAuthProvider_exports,
   init_UnifiedAuthProvider2 as init_UnifiedAuthProvider
 };
-//# sourceMappingURL=chunk-2TWNJ46Y.js.map
+//# sourceMappingURL=chunk-6LAAY47Q.js.map

package/dist/{chunk-444EZN6N.js → chunk-7QCC6MCP.js}

@@ -1,7 +1,89 @@
+import {
+  createLogger,
+  init_logger
+} from "./chunk-XDNLUEXI.js";
 import {
   __esm
 } from "./chunk-PLDDJCW6.js";
 
+// src/utils/context/organisationContext.ts
+async function setOrganisationContext(supabase, organisationId) {
+  if (!supabase || !organisationId) {
+    return;
+  }
+  try {
+    const timeoutPromise = new Promise((_, reject) => {
+      setTimeout(() => reject(new Error("RPC timeout after 3 seconds")), 3e3);
+    });
+    const rpcPromise = supabase.rpc("set_organisation_context", {
+      org_id: organisationId
+    });
+    const { error } = await Promise.race([rpcPromise, timeoutPromise]);
+    if (error) {
+      log.debug("RPC function not available or failed, continuing without database context");
+    } else {
+      log.debug("Organisation context set in database successfully");
+    }
+  } catch (error) {
+    log.debug("Failed to set database context, continuing without it:", error);
+  }
+}
+async function clearOrganisationContext(supabase) {
+  if (!supabase) {
+    return;
+  }
+  try {
+    const { error } = await supabase.rpc("rbac_audit_log", {
+      p_event_type: "organisation_switched",
+      p_metadata: { action: "clear_context" }
+    });
+    if (error) {
+    } else {
+    }
+  } catch (error) {
+  }
+}
+async function getOrganisationContext(supabase) {
+  if (!supabase) {
+    return null;
+  }
+  try {
+    const data = null;
+    const error = null;
+    if (error) {
+      return null;
+    }
+    if (typeof data === "string") {
+      return data;
+    }
+    return null;
+  } catch (error) {
+    return null;
+  }
+}
+async function isOrganisationContextAvailable(supabase) {
+  if (!supabase) {
+    return false;
+  }
+  try {
+    const { error } = await supabase.rpc("get_organisation_context");
+    if (error) {
+      return false;
+    }
+    return true;
+  } catch (error) {
+    return false;
+  }
+}
+var log;
+var init_organisationContext = __esm({
+  "src/utils/context/organisationContext.ts"() {
+    "use strict";
+    init_logger();
+    log = createLogger("organisationContext");
+  }
+});
+
 // src/utils/security/secureStorage.ts
 var SecureStorageImpl, secureStorage;
 var init_secureStorage = __esm({
@@ -195,7 +277,12 @@ var init_secureStorage = __esm({
 });
 
 export {
+  setOrganisationContext,
+  clearOrganisationContext,
+  getOrganisationContext,
+  isOrganisationContextAvailable,
+  init_organisationContext,
   secureStorage,
   init_secureStorage
 };
-//# sourceMappingURL=chunk-444EZN6N.js.map
+//# sourceMappingURL=chunk-7QCC6MCP.js.map

package/dist/chunk-7QCC6MCP.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/utils/context/organisationContext.ts","../src/utils/security/secureStorage.ts"],"sourcesContent":["/**\n * @file Organisation Context Utility\n * @package @jmruthers/pace-core\n * @module Utils/OrganisationContext\n * @since 0.4.0\n *\n * Utility functions for managing organisation context in database sessions.\n * Provides fallback mechanisms for when database functions are not available.\n */\n\nimport type { SupabaseClient } from '@supabase/supabase-js';\nimport { createLogger } from '../core/logger';\n\nconst log = createLogger('organisationContext');\n\n/**\n * Set organisation context in the database session\n * \n * This function attempts to set the organisation context using a database function.\n * If the function is not available, it falls back gracefully without throwing errors.\n * \n * @param supabase - Supabase client instance\n * @param organisationId - The organisation ID to set as context\n * @returns Promise that resolves when context is set (or falls back gracefully)\n */\nexport async function setOrganisationContext(\n  supabase: SupabaseClient,\n  organisationId: string\n): Promise<void> {\n  if (!supabase || !organisationId) {\n    // TODO: Replace with proper logging service integration\n    return;\n  }\n\n  try {\n    // Add timeout to prevent hanging RPC calls\n    const timeoutPromise = new Promise((_, reject) => {\n      setTimeout(() => reject(new Error('RPC timeout after 3 seconds')), 3000);\n    });\n    \n    // Call the database function to set organisation context\n    const rpcPromise = supabase.rpc('set_organisation_context', {\n      org_id: organisationId\n    });\n\n    const { error } = await Promise.race([rpcPromise, timeoutPromise]) as any;\n\n    if (error) {\n      // Function might not exist yet - this is expected during migration\n      // Silent fail - will fall back to client-side filtering\n      log.debug('RPC function not available or failed, continuing without database context');\n    } else {\n      log.debug('Organisation context set in database successfully');\n    }\n  } catch (error) {\n    // Handle any other errors gracefully\n    // Silent fail - will fall back to client-side filtering\n    log.debug('Failed to set database context, continuing without it:', error);\n  }\n}\n\n/**\n * Clear organisation context from the database session\n * \n * @param supabase - Supabase client instance\n * @returns Promise that resolves when context is cleared\n */\nexport async function clearOrganisationContext(\n  supabase: SupabaseClient\n): Promise<void> {\n  if (!supabase) {\n    // TODO: Replace with proper logging service integration\n    return;\n  }\n\n  try {\n    const { error } = await supabase.rpc('rbac_audit_log', {\n      p_event_type: 'organisation_switched',\n      p_metadata: { action: 'clear_context' }\n    });\n    \n    if (error) {\n      // Silent fail - function not available\n      // TODO: Replace with proper logging service integration\n    } else {\n      // TODO: Replace with proper logging service integration\n    }\n  } catch (error) {\n    // Silent fail - error occurred\n    // TODO: Replace with proper logging service integration\n  }\n}\n\n/**\n * Get current organisation context from the database session\n * \n * @param supabase - Supabase client instance\n * @returns Promise that resolves to the current organisation ID or null\n */\nexport async function getOrganisationContext(\n  supabase: SupabaseClient\n): Promise<string | null> {\n  if (!supabase) {\n    // TODO: Replace with proper logging service integration\n    return null;\n  }\n\n  try {\n    // For now, return null since we're not using database context\n    // This will be replaced with proper context management\n    const data = null;\n    const error = null;\n    \n    if (error) {\n      // TODO: Replace with proper logging service integration\n      return null;\n    }\n    \n    // Validate that data is a string (allow empty strings)\n    if (typeof data === 'string') {\n      return data;\n    }\n    \n    // Return null for invalid data formats\n    return null;\n  } catch (error) {\n    // TODO: Replace with proper logging service integration\n    return null;\n  }\n}\n\n/**\n * Check if organisation context functions are available in the database\n * \n * @param supabase - Supabase client instance\n * @returns Promise that resolves to true if functions are available\n */\nexport async function isOrganisationContextAvailable(\n  supabase: SupabaseClient\n): Promise<boolean> {\n  if (!supabase) {\n    return false;\n  }\n\n  try {\n    const { error } = await supabase.rpc('get_organisation_context');\n    \n    if (error) {\n      return false;\n    }\n    \n    return true;\n  } catch (error) {\n    return false;\n  }\n} ","\n/**\n * @file Secure Storage Utilities\n * @description Encrypted storage wrapper for sensitive data\n */\n\nexport interface SecureStorageOptions {\n  encrypt?: boolean;\n  expiry?: number; // TTL in milliseconds\n}\n\n/**\n * Secure storage implementation with encryption support\n */\nclass SecureStorageImpl {\n  private encryptionKey: CryptoKey | null = null;\n  private initialized = false;\n\n  /**\n   * Initialize secure storage with encryption\n   */\n  async init(): Promise<void> {\n    if (this.initialized) return;\n\n    try {\n      // Check if Web Crypto API is available\n      if (window.crypto && window.crypto.subtle) {\n        // Generate or retrieve encryption key\n        const keyData = localStorage.getItem('_sec_key');\n        if (keyData) {\n          try {\n            const keyBuffer = this.base64ToArrayBuffer(keyData);\n            this.encryptionKey = await window.crypto.subtle.importKey(\n              'raw',\n              keyBuffer,\n              { name: 'AES-GCM' },\n              false,\n              ['encrypt', 'decrypt']\n            );\n          } catch (error) {\n            await this.generateNewKey();\n          }\n        } else {\n          await this.generateNewKey();\n        }\n      }\n      this.initialized = true;\n    } catch (error) {\n      this.initialized = true;\n    }\n  }\n\n  /**\n   * Store item securely\n   */\n  async setItem(\n    key: string,\n    value: string,\n    options: SecureStorageOptions = {}\n  ): Promise<void> {\n    await this.init();\n\n    const data = {\n      value,\n      timestamp: Date.now(),\n      expiry: options.expiry ? Date.now() + options.expiry : undefined,\n    };\n\n    const serialized = JSON.stringify(data);\n    \n    if (options.encrypt && this.encryptionKey) {\n      try {\n        const encrypted = await this.encrypt(serialized);\n        localStorage.setItem(`_sec_${key}`, encrypted);\n        return;\n      } catch (error) {\n        // Silent fail - store as plain text\n      }\n    }\n\n    localStorage.setItem(key, serialized);\n  }\n\n  /**\n   * Retrieve item securely\n   */\n  async getItem(key: string): Promise<string | null> {\n    await this.init();\n\n    // Try encrypted storage first\n    const encryptedData = localStorage.getItem(`_sec_${key}`);\n    if (encryptedData && this.encryptionKey) {\n      try {\n        const decrypted = await this.decrypt(encryptedData);\n        const parsed = JSON.parse(decrypted);\n        \n        // Check expiry\n        if (parsed.expiry && Date.now() > parsed.expiry) {\n          await this.removeItem(key);\n          return null;\n        }\n        \n        return parsed.value;\n      } catch (error) {\n        // Silent fail - try plain storage\n      }\n    }\n\n    // Fallback to plain storage\n    const plainData = localStorage.getItem(key);\n    if (!plainData) return null;\n\n    try {\n      const parsed = JSON.parse(plainData);\n      \n      // Check expiry\n      if (parsed.expiry && Date.now() > parsed.expiry) {\n        await this.removeItem(key);\n        return null;\n      }\n      \n      return parsed.value || plainData;\n    } catch (error) {\n      // If parsing fails, return as-is (backward compatibility)\n      return plainData;\n    }\n  }\n\n  /**\n   * Remove item\n   */\n  async removeItem(key: string): Promise<void> {\n    localStorage.removeItem(key);\n    localStorage.removeItem(`_sec_${key}`);\n  }\n\n  /**\n   * Clear all secure storage\n   */\n  async clear(): Promise<void> {\n    const keys = Object.keys(localStorage);\n    for (const key of keys) {\n      if (key.startsWith('_sec_')) {\n        localStorage.removeItem(key);\n      }\n    }\n  }\n\n  /**\n   * Generate new encryption key\n   */\n  private async generateNewKey(): Promise<void> {\n    if (!window.crypto?.subtle) return;\n\n    try {\n      this.encryptionKey = await window.crypto.subtle.generateKey(\n        { name: 'AES-GCM', length: 256 },\n        true,\n        ['encrypt', 'decrypt']\n      );\n\n      // Export and store key\n      const exportedKey = await window.crypto.subtle.exportKey('raw', this.encryptionKey);\n      const keyData = this.arrayBufferToBase64(exportedKey);\n      localStorage.setItem('_sec_key', keyData);\n    } catch (error) {\n      // Silent fail - encryption not available\n    }\n  }\n\n  /**\n   * Encrypt data\n   */\n  private async encrypt(data: string): Promise<string> {\n    if (!this.encryptionKey || !window.crypto?.subtle) {\n      throw new Error('Encryption not available');\n    }\n\n    const encoder = new TextEncoder();\n    const dataBuffer = encoder.encode(data);\n    const iv = window.crypto.getRandomValues(new Uint8Array(12));\n\n    const encrypted = await window.crypto.subtle.encrypt(\n      { name: 'AES-GCM', iv },\n      this.encryptionKey,\n      dataBuffer\n    );\n\n    // Combine IV and encrypted data\n    const combined = new Uint8Array(iv.length + encrypted.byteLength);\n    combined.set(iv);\n    combined.set(new Uint8Array(encrypted), iv.length);\n\n    return this.arrayBufferToBase64(combined.buffer);\n  }\n\n  /**\n   * Decrypt data\n   */\n  private async decrypt(encryptedData: string): Promise<string> {\n    if (!this.encryptionKey || !window.crypto?.subtle) {\n      throw new Error('Decryption not available');\n    }\n\n    const combined = this.base64ToArrayBuffer(encryptedData);\n    const iv = combined.slice(0, 12);\n    const encrypted = combined.slice(12);\n\n    const decrypted = await window.crypto.subtle.decrypt(\n      { name: 'AES-GCM', iv },\n      this.encryptionKey,\n      encrypted\n    );\n\n    const decoder = new TextDecoder();\n    return decoder.decode(decrypted);\n  }\n\n  /**\n   * Convert ArrayBuffer to base64\n   */\n  private arrayBufferToBase64(buffer: ArrayBuffer): string {\n    const bytes = new Uint8Array(buffer);\n    let binary = '';\n    for (let i = 0; i < bytes.byteLength; i++) {\n      binary += String.fromCharCode(bytes[i]);\n    }\n    return btoa(binary);\n  }\n\n  /**\n   * Convert base64 to ArrayBuffer\n   */\n  private base64ToArrayBuffer(base64: string): ArrayBuffer {\n    const binary = atob(base64);\n    const bytes = new Uint8Array(binary.length);\n    for (let i = 0; i < binary.length; i++) {\n      bytes[i] = binary.charCodeAt(i);\n    }\n    return bytes.buffer;\n  }\n}\n\nexport const secureStorage = new SecureStorageImpl();\n"],"mappings":";;;;;;;;;AAyBA,eAAsB,uBACpB,UACA,gBACe;AACf,MAAI,CAAC,YAAY,CAAC,gBAAgB;AAEhC;AAAA,EACF;AAEA,MAAI;AAEF,UAAM,iBAAiB,IAAI,QAAQ,CAAC,GAAG,WAAW;AAChD,iBAAW,MAAM,OAAO,IAAI,MAAM,6BAA6B,CAAC,GAAG,GAAI;AAAA,IACzE,CAAC;AAGD,UAAM,aAAa,SAAS,IAAI,4BAA4B;AAAA,MAC1D,QAAQ;AAAA,IACV,CAAC;AAED,UAAM,EAAE,MAAM,IAAI,MAAM,QAAQ,KAAK,CAAC,YAAY,cAAc,CAAC;AAEjE,QAAI,OAAO;AAGT,UAAI,MAAM,2EAA2E;AAAA,IACvF,OAAO;AACL,UAAI,MAAM,mDAAmD;AAAA,IAC/D;AAAA,EACF,SAAS,OAAO;AAGd,QAAI,MAAM,0DAA0D,KAAK;AAAA,EAC3E;AACF;AAQA,eAAsB,yBACpB,UACe;AACf,MAAI,CAAC,UAAU;AAEb;AAAA,EACF;AAEA,MAAI;AACF,UAAM,EAAE,MAAM,IAAI,MAAM,SAAS,IAAI,kBAAkB;AAAA,MACrD,cAAc;AAAA,MACd,YAAY,EAAE,QAAQ,gBAAgB;AAAA,IACxC,CAAC;AAED,QAAI,OAAO;AAAA,IAGX,OAAO;AAAA,IAEP;AAAA,EACF,SAAS,OAAO;AAAA,EAGhB;AACF;AAQA,eAAsB,uBACpB,UACwB;AACxB,MAAI,CAAC,UAAU;AAEb,WAAO;AAAA,EACT;AAEA,MAAI;AAGF,UAAM,OAAO;AACb,UAAM,QAAQ;AAEd,QAAI,OAAO;AAET,aAAO;AAAA,IACT;AAGA,QAAI,OAAO,SAAS,UAAU;AAC5B,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,EACT,SAAS,OAAO;AAEd,WAAO;AAAA,EACT;AACF;AAQA,eAAsB,+BACpB,UACkB;AAClB,MAAI,CAAC,UAAU;AACb,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,EAAE,MAAM,IAAI,MAAM,SAAS,IAAI,0BAA0B;AAE/D,QAAI,OAAO;AACT,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF;AA3JA,IAaM;AAbN;AAAA;AAAA;AAWA;AAEA,IAAM,MAAM,aAAa,qBAAqB;AAAA;AAAA;;;ACb9C,IAcM,mBAqOO;AAnPb;AAAA;AAAA;AAcA,IAAM,oBAAN,MAAwB;AAAA,MAAxB;AACE,aAAQ,gBAAkC;AAC1C,aAAQ,cAAc;AAAA;AAAA;AAAA;AAAA;AAAA,MAKtB,MAAM,OAAsB;AAC1B,YAAI,KAAK,YAAa;AAEtB,YAAI;AAEF,cAAI,OAAO,UAAU,OAAO,OAAO,QAAQ;AAEzC,kBAAM,UAAU,aAAa,QAAQ,UAAU;AAC/C,gBAAI,SAAS;AACX,kBAAI;AACF,sBAAM,YAAY,KAAK,oBAAoB,OAAO;AAClD,qBAAK,gBAAgB,MAAM,OAAO,OAAO,OAAO;AAAA,kBAC9C;AAAA,kBACA;AAAA,kBACA,EAAE,MAAM,UAAU;AAAA,kBAClB;AAAA,kBACA,CAAC,WAAW,SAAS;AAAA,gBACvB;AAAA,cACF,SAAS,OAAO;AACd,sBAAM,KAAK,eAAe;AAAA,cAC5B;AAAA,YACF,OAAO;AACL,oBAAM,KAAK,eAAe;AAAA,YAC5B;AAAA,UACF;AACA,eAAK,cAAc;AAAA,QACrB,SAAS,OAAO;AACd,eAAK,cAAc;AAAA,QACrB;AAAA,MACF;AAAA;AAAA;AAAA;AAAA,MAKA,MAAM,QACJ,KACA,OACA,UAAgC,CAAC,GAClB;AACf,cAAM,KAAK,KAAK;AAEhB,cAAM,OAAO;AAAA,UACX;AAAA,UACA,WAAW,KAAK,IAAI;AAAA,UACpB,QAAQ,QAAQ,SAAS,KAAK,IAAI,IAAI,QAAQ,SAAS;AAAA,QACzD;AAEA,cAAM,aAAa,KAAK,UAAU,IAAI;AAEtC,YAAI,QAAQ,WAAW,KAAK,eAAe;AACzC,cAAI;AACF,kBAAM,YAAY,MAAM,KAAK,QAAQ,UAAU;AAC/C,yBAAa,QAAQ,QAAQ,GAAG,IAAI,SAAS;AAC7C;AAAA,UACF,SAAS,OAAO;AAAA,UAEhB;AAAA,QACF;AAEA,qBAAa,QAAQ,KAAK,UAAU;AAAA,MACtC;AAAA;AAAA;AAAA;AAAA,MAKA,MAAM,QAAQ,KAAqC;AACjD,cAAM,KAAK,KAAK;AAGhB,cAAM,gBAAgB,aAAa,QAAQ,QAAQ,GAAG,EAAE;AACxD,YAAI,iBAAiB,KAAK,eAAe;AACvC,cAAI;AACF,kBAAM,YAAY,MAAM,KAAK,QAAQ,aAAa;AAClD,kBAAM,SAAS,KAAK,MAAM,SAAS;AAGnC,gBAAI,OAAO,UAAU,KAAK,IAAI,IAAI,OAAO,QAAQ;AAC/C,oBAAM,KAAK,WAAW,GAAG;AACzB,qBAAO;AAAA,YACT;AAEA,mBAAO,OAAO;AAAA,UAChB,SAAS,OAAO;AAAA,UAEhB;AAAA,QACF;AAGA,cAAM,YAAY,aAAa,QAAQ,GAAG;AAC1C,YAAI,CAAC,UAAW,QAAO;AAEvB,YAAI;AACF,gBAAM,SAAS,KAAK,MAAM,SAAS;AAGnC,cAAI,OAAO,UAAU,KAAK,IAAI,IAAI,OAAO,QAAQ;AAC/C,kBAAM,KAAK,WAAW,GAAG;AACzB,mBAAO;AAAA,UACT;AAEA,iBAAO,OAAO,SAAS;AAAA,QACzB,SAAS,OAAO;AAEd,iBAAO;AAAA,QACT;AAAA,MACF;AAAA;AAAA;AAAA;AAAA,MAKA,MAAM,WAAW,KAA4B;AAC3C,qBAAa,WAAW,GAAG;AAC3B,qBAAa,WAAW,QAAQ,GAAG,EAAE;AAAA,MACvC;AAAA;AAAA;AAAA;AAAA,MAKA,MAAM,QAAuB;AAC3B,cAAM,OAAO,OAAO,KAAK,YAAY;AACrC,mBAAW,OAAO,MAAM;AACtB,cAAI,IAAI,WAAW,OAAO,GAAG;AAC3B,yBAAa,WAAW,GAAG;AAAA,UAC7B;AAAA,QACF;AAAA,MACF;AAAA;AAAA;AAAA;AAAA,MAKA,MAAc,iBAAgC;AAC5C,YAAI,CAAC,OAAO,QAAQ,OAAQ;AAE5B,YAAI;AACF,eAAK,gBAAgB,MAAM,OAAO,OAAO,OAAO;AAAA,YAC9C,EAAE,MAAM,WAAW,QAAQ,IAAI;AAAA,YAC/B;AAAA,YACA,CAAC,WAAW,SAAS;AAAA,UACvB;AAGA,gBAAM,cAAc,MAAM,OAAO,OAAO,OAAO,UAAU,OAAO,KAAK,aAAa;AAClF,gBAAM,UAAU,KAAK,oBAAoB,WAAW;AACpD,uBAAa,QAAQ,YAAY,OAAO;AAAA,QAC1C,SAAS,OAAO;AAAA,QAEhB;AAAA,MACF;AAAA;AAAA;AAAA;AAAA,MAKA,MAAc,QAAQ,MAA+B;AACnD,YAAI,CAAC,KAAK,iBAAiB,CAAC,OAAO,QAAQ,QAAQ;AACjD,gBAAM,IAAI,MAAM,0BAA0B;AAAA,QAC5C;AAEA,cAAM,UAAU,IAAI,YAAY;AAChC,cAAM,aAAa,QAAQ,OAAO,IAAI;AACtC,cAAM,KAAK,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC;AAE3D,cAAM,YAAY,MAAM,OAAO,OAAO,OAAO;AAAA,UAC3C,EAAE,MAAM,WAAW,GAAG;AAAA,UACtB,KAAK;AAAA,UACL;AAAA,QACF;AAGA,cAAM,WAAW,IAAI,WAAW,GAAG,SAAS,UAAU,UAAU;AAChE,iBAAS,IAAI,EAAE;AACf,iBAAS,IAAI,IAAI,WAAW,SAAS,GAAG,GAAG,MAAM;AAEjD,eAAO,KAAK,oBAAoB,SAAS,MAAM;AAAA,MACjD;AAAA;AAAA;AAAA;AAAA,MAKA,MAAc,QAAQ,eAAwC;AAC5D,YAAI,CAAC,KAAK,iBAAiB,CAAC,OAAO,QAAQ,QAAQ;AACjD,gBAAM,IAAI,MAAM,0BAA0B;AAAA,QAC5C;AAEA,cAAM,WAAW,KAAK,oBAAoB,aAAa;AACvD,cAAM,KAAK,SAAS,MAAM,GAAG,EAAE;AAC/B,cAAM,YAAY,SAAS,MAAM,EAAE;AAEnC,cAAM,YAAY,MAAM,OAAO,OAAO,OAAO;AAAA,UAC3C,EAAE,MAAM,WAAW,GAAG;AAAA,UACtB,KAAK;AAAA,UACL;AAAA,QACF;AAEA,cAAM,UAAU,IAAI,YAAY;AAChC,eAAO,QAAQ,OAAO,SAAS;AAAA,MACjC;AAAA;AAAA;AAAA;AAAA,MAKQ,oBAAoB,QAA6B;AACvD,cAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,YAAI,SAAS;AACb,iBAAS,IAAI,GAAG,IAAI,MAAM,YAAY,KAAK;AACzC,oBAAU,OAAO,aAAa,MAAM,CAAC,CAAC;AAAA,QACxC;AACA,eAAO,KAAK,MAAM;AAAA,MACpB;AAAA;AAAA;AAAA;AAAA,MAKQ,oBAAoB,QAA6B;AACvD,cAAM,SAAS,KAAK,MAAM;AAC1B,cAAM,QAAQ,IAAI,WAAW,OAAO,MAAM;AAC1C,iBAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,gBAAM,CAAC,IAAI,OAAO,WAAW,CAAC;AAAA,QAChC;AACA,eAAO,MAAM;AAAA,MACf;AAAA,IACF;AAEO,IAAM,gBAAgB,IAAI,kBAAkB;AAAA;AAAA;","names":[]}

package/dist/chunk-BJPBT3CU.js

@@ -0,0 +1,21 @@
+// src/utils/validation/schema.ts
+import { z } from "zod";
+function pickSchema(schema, keys) {
+  const shape = Object.entries(schema.shape).filter(([key]) => keys.includes(key)).reduce((acc, [key, value]) => {
+    acc[key] = value;
+    return acc;
+  }, {});
+  return z.object(shape);
+}
+function combineSchemas(schemas) {
+  return schemas.reduce(
+    (merged, schema) => merged.merge(schema),
+    z.object({})
+  );
+}
+
+export {
+  pickSchema,
+  combineSchemas
+};
+//# sourceMappingURL=chunk-BJPBT3CU.js.map

package/dist/chunk-BJPBT3CU.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/utils/validation/schema.ts"],"sourcesContent":["/**\n * @file Schema utility functions\n * @package @jmruthers/pace-core\n * @module Utils/Validation/Schema\n * @since 0.1.0\n * \n * Utility functions for working with Zod schemas.\n */\n\nimport { z } from 'zod';\n\n/**\n * Creates a subset schema from a larger schema\n * \n * @param schema - Original Zod schema\n * @param keys - Array of keys to pick from the schema\n * @returns New schema with only the selected fields\n */\nexport function pickSchema<T extends z.ZodObject<any, any, any>, K extends keyof z.infer<T>>(\n  schema: T,\n  keys: K[]\n): z.ZodObject<Pick<z.infer<T>, K>> {\n  const shape = Object.entries(schema.shape)\n    .filter(([key]) => keys.includes(key as K))\n    .reduce((acc, [key, value]) => {\n      (acc as Record<string, unknown>)[key] = value as unknown;\n      return acc;\n    }, {} as Record<string, unknown>);\n\n  return z.object(shape as Record<string, z.ZodTypeAny>) as z.ZodObject<Pick<z.infer<T>, K>>;\n}\n\n/**\n * Combines multiple Zod schemas into one\n * \n * @param schemas - Array of Zod schemas to combine\n * @returns Combined schema\n */\nexport function combineSchemas<T extends z.ZodObject<any, any, any>[]>(\n  schemas: T\n): z.ZodObject<any, any, any> {\n  return schemas.reduce(\n    (merged, schema) => merged.merge(schema),\n    z.object({})\n  );\n}\n\n"],"mappings":";AASA,SAAS,SAAS;AASX,SAAS,WACd,QACA,MACkC;AAClC,QAAM,QAAQ,OAAO,QAAQ,OAAO,KAAK,EACtC,OAAO,CAAC,CAAC,GAAG,MAAM,KAAK,SAAS,GAAQ,CAAC,EACzC,OAAO,CAAC,KAAK,CAAC,KAAK,KAAK,MAAM;AAC7B,IAAC,IAAgC,GAAG,IAAI;AACxC,WAAO;AAAA,EACT,GAAG,CAAC,CAA4B;AAElC,SAAO,EAAE,OAAO,KAAqC;AACvD;AAQO,SAAS,eACd,SAC4B;AAC5B,SAAO,QAAQ;AAAA,IACb,CAAC,QAAQ,WAAW,OAAO,MAAM,MAAM;AAAA,IACvC,EAAE,OAAO,CAAC,CAAC;AAAA,EACb;AACF;","names":[]}

package/dist/{chunk-L6PGMCMD.js → chunk-BOOI7GK2.js}

@@ -11,11 +11,11 @@ import {
   init_useOrganisations,
   useEvents,
   useOrganisations
-} from "./chunk-SL2YQDR6.js";
+} from "./chunk-MA6EPSGZ.js";
 import {
   init_UnifiedAuthProvider,
   useUnifiedAuth
-} from "./chunk-4MT5BGGL.js";
+} from "./chunk-YCWDTTUK.js";
 import {
   getCurrentAppName
 } from "./chunk-Q5QRDWKI.js";
@@ -420,8 +420,12 @@ function useCan(userId, scope, permission, pageId, useCache = true) {
   const [can, setCan] = useState3(false);
   const [isLoading, setIsLoading] = useState3(true);
   const [error, setError] = useState3(null);
+  const isValidScope = scope && typeof scope === "object";
+  const organisationId = isValidScope ? scope.organisationId : void 0;
+  const eventId = isValidScope ? scope.eventId : void 0;
+  const appId = isValidScope ? scope.appId : void 0;
   useEffect3(() => {
-    if (!scope.organisationId || scope.organisationId === null || typeof scope.organisationId === "string" && scope.organisationId.trim() === "") {
+    if (!isValidScope || !organisationId || organisationId === null || typeof organisationId === "string" && organisationId.trim() === "") {
       const timeoutId = setTimeout(() => {
         setError(new Error("Organisation context is required for permission checks"));
         setIsLoading(false);
@@ -432,14 +436,14 @@ function useCan(userId, scope, permission, pageId, useCache = true) {
     if (error?.message === "Organisation context is required for permission checks") {
       setError(null);
     }
-  }, [scope.organisationId, error]);
+  }, [isValidScope, organisationId, error]);
   const lastUserIdRef = useRef2(null);
   const lastScopeRef = useRef2(null);
   const lastPermissionRef = useRef2(null);
   const lastPageIdRef = useRef2(null);
   const lastUseCacheRef = useRef2(null);
   useEffect3(() => {
-    const scopeKey = `${scope.organisationId}-${scope.eventId}-${scope.appId}`;
+    const scopeKey = isValidScope ? `${organisationId}-${eventId}-${appId}` : "invalid-scope";
     if (lastUserIdRef.current !== userId || lastScopeRef.current !== scopeKey || lastPermissionRef.current !== permission || lastPageIdRef.current !== pageId || lastUseCacheRef.current !== useCache) {
       lastUserIdRef.current = userId;
       lastScopeRef.current = scopeKey;
@@ -452,7 +456,13 @@ function useCan(userId, scope, permission, pageId, useCache = true) {
           setIsLoading(false);
           return;
         }
-        if (!scope.organisationId || scope.organisationId === null || typeof scope.organisationId === "string" && scope.organisationId.trim() === "") {
+        if (!isValidScope) {
+          setIsLoading(true);
+          setCan(false);
+          setError(null);
+          return;
+        }
+        if (!organisationId || organisationId === null || typeof organisationId === "string" && organisationId.trim() === "") {
           setIsLoading(true);
           setCan(false);
           setError(null);
@@ -461,7 +471,12 @@ function useCan(userId, scope, permission, pageId, useCache = true) {
         try {
           setIsLoading(true);
           setError(null);
-          const result = useCache ? await isPermittedCached({ userId, scope, permission, pageId }) : await isPermitted({ userId, scope, permission, pageId });
+          const validScope = {
+            organisationId,
+            ...eventId ? { eventId } : {},
+            ...appId ? { appId } : {}
+          };
+          const result = useCache ? await isPermittedCached({ userId, scope: validScope, permission, pageId }) : await isPermitted({ userId, scope: validScope, permission, pageId });
           setCan(result);
         } catch (err) {
           const logger = getRBACLogger();
@@ -474,14 +489,20 @@ function useCan(userId, scope, permission, pageId, useCache = true) {
       };
       checkPermission();
     }
-  }, [userId, scope.organisationId, scope.eventId, scope.appId, permission, pageId, useCache]);
+  }, [userId, isValidScope, organisationId, eventId, appId, permission, pageId, useCache]);
   const refetch = useCallback2(async () => {
     if (!userId) {
       setCan(false);
       setIsLoading(false);
       return;
     }
-    if (!scope.organisationId || scope.organisationId === null || typeof scope.organisationId === "string" && scope.organisationId.trim() === "") {
+    if (!isValidScope) {
+      setCan(false);
+      setIsLoading(true);
+      setError(null);
+      return;
+    }
+    if (!organisationId || organisationId === null || typeof organisationId === "string" && organisationId.trim() === "") {
       setCan(false);
       setIsLoading(true);
       setError(null);
@@ -490,7 +511,12 @@ function useCan(userId, scope, permission, pageId, useCache = true) {
     try {
       setIsLoading(true);
       setError(null);
-      const result = useCache ? await isPermittedCached({ userId, scope, permission, pageId }) : await isPermitted({ userId, scope, permission, pageId });
+      const validScope = {
+        organisationId,
+        ...eventId ? { eventId } : {},
+        ...appId ? { appId } : {}
+      };
+      const result = useCache ? await isPermittedCached({ userId, scope: validScope, permission, pageId }) : await isPermitted({ userId, scope: validScope, permission, pageId });
       setCan(result);
     } catch (err) {
       setError(err instanceof Error ? err : new Error("Failed to check permission"));
@@ -498,7 +524,7 @@ function useCan(userId, scope, permission, pageId, useCache = true) {
     } finally {
       setIsLoading(false);
     }
-  }, [userId, scope.organisationId, scope.eventId, scope.appId, permission, pageId, useCache]);
+  }, [userId, isValidScope, organisationId, eventId, appId, permission, pageId, useCache]);
   return useMemo2(() => ({
     can,
     isLoading,
@@ -826,4 +852,4 @@ export {
   useCachedPermissions,
   useRoleManagement
 };
-//# sourceMappingURL=chunk-L6PGMCMD.js.map
+//# sourceMappingURL=chunk-BOOI7GK2.js.map

package/dist/chunk-BOOI7GK2.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/rbac/hooks/useRBAC.ts","../src/rbac/hooks/useResolvedScope.ts","../src/rbac/utils/eventContext.ts","../src/rbac/hooks/usePermissions.ts","../src/rbac/hooks/useRoleManagement.ts"],"sourcesContent":["/**\n * @file RBAC Hook\n * @package @jmruthers/pace-core\n * @module RBAC/Hooks\n * @since 0.3.0\n *\n * A React hook that provides access to the RBAC (Role-Based Access Control) system\n * through the hardened RBAC engine API. The hook defers all permission and role\n * resolution to the shared engine to ensure consistent security behaviour across\n * applications.\n */\n\nimport { useState, useEffect, useCallback, useMemo } from 'react';\nimport { useUnifiedAuth } from '../../providers/services/UnifiedAuthProvider';\nimport { useOrganisations } from '../../hooks/useOrganisations';\nimport { useEvents } from '../../hooks/useEvents';\nimport {\n  getPermissionMap,\n  getAccessLevel,\n  resolveAppContext,\n  getRoleContext,\n} from '../api';\nimport { getRBACLogger } from '../config';\nimport type {\n  UserRBACContext,\n  GlobalRole,\n  OrganisationRole,\n  EventAppRole,\n  Permission,\n  Scope,\n  PermissionMap,\n  UUID,\n} from '../types';\n\nfunction mapAccessLevelToEventRole(level: string | null): EventAppRole | null {\n  switch (level) {\n    case 'viewer':\n      return 'viewer';\n    case 'participant':\n      return 'participant';\n    case 'planner':\n      return 'planner';\n    case 'admin':\n    case 'super':\n      return 'event_admin';\n    default:\n      return null;\n  }\n}\n\nexport function useRBAC(pageId?: string): UserRBACContext {\n  const logger = getRBACLogger();\n  const { user, session, appName } = useUnifiedAuth();\n  const { selectedOrganisation } = useOrganisations();\n\n  let selectedEvent: { event_id: string } | null = null;\n  try {\n    const eventsContext = useEvents();\n    selectedEvent = eventsContext.selectedEvent;\n  } catch (error) {\n    logger.debug('[useRBAC] Event provider not available, continuing without event context', error);\n  }\n\n  const [globalRole, setGlobalRole] = useState<GlobalRole | null>(null);\n  const [organisationRole, setOrganisationRole] = useState<OrganisationRole | null>(null);\n  const [eventAppRole, setEventAppRole] = useState<EventAppRole | null>(null);\n  const [permissionMap, setPermissionMap] = useState<PermissionMap>({} as PermissionMap);\n  const [currentScope, setCurrentScope] = useState<Scope | null>(null);\n  const [isLoading, setIsLoading] = useState(false);\n  const [error, setError] = useState<Error | null>(null);\n\n  const resetState = useCallback(() => {\n    setGlobalRole(null);\n    setOrganisationRole(null);\n    setEventAppRole(null);\n    setPermissionMap({} as PermissionMap);\n    setCurrentScope(null);\n  }, []);\n\n  const loadRBACContext = useCallback(async () => {\n    if (!user || !session) {\n      resetState();\n      return;\n    }\n\n    setIsLoading(true);\n    setError(null);\n\n    try {\n      let appId: UUID | undefined;\n      if (appName) {\n        const resolved = await resolveAppContext({ userId: user.id as UUID, appName });\n        if (!resolved || !resolved.hasAccess) {\n          throw new Error(`User does not have access to app \"${appName}\"`);\n        }\n        appId = resolved.appId;\n      }\n\n      const scope: Scope = {\n        organisationId: selectedOrganisation?.id,\n        eventId: selectedEvent?.event_id || undefined,\n        appId,\n      };\n      setCurrentScope(scope);\n\n      const [map, roleContext, accessLevel] = await Promise.all([\n        getPermissionMap({ userId: user.id as UUID, scope }),\n        getRoleContext({ userId: user.id as UUID, scope }),\n        getAccessLevel({ userId: user.id as UUID, scope }),\n      ]);\n\n      setPermissionMap(map);\n      setGlobalRole(roleContext.globalRole);\n      setOrganisationRole(roleContext.organisationRole);\n      setEventAppRole(roleContext.eventAppRole || mapAccessLevelToEventRole(accessLevel));\n    } catch (err) {\n      const handledError = err instanceof Error ? err : new Error('Failed to load RBAC context');\n      logger.error('[useRBAC] Error loading RBAC context:', handledError);\n      setError(handledError);\n      resetState();\n    } finally {\n      setIsLoading(false);\n    }\n  }, [appName, logger, resetState, selectedEvent?.event_id, selectedOrganisation?.id, session, user]);\n\n  const hasGlobalPermission = useCallback(\n    (permission: string): boolean => {\n      if (globalRole === 'super_admin' || permissionMap['*']) {\n        return true;\n      }\n\n      if (permission === 'super_admin') {\n        return globalRole === 'super_admin';\n      }\n\n      if (permission === 'org_admin') {\n        return organisationRole === 'org_admin';\n      }\n\n      return permissionMap[permission as Permission] === true;\n    },\n    [globalRole, organisationRole, permissionMap],\n  );\n\n  const isSuperAdmin = useMemo(() => globalRole === 'super_admin' || permissionMap['*'] === true, [globalRole, permissionMap]);\n  const isOrgAdmin = useMemo(() => organisationRole === 'org_admin' || isSuperAdmin, [organisationRole, isSuperAdmin]);\n  const isEventAdmin = useMemo(() => eventAppRole === 'event_admin' || isSuperAdmin, [eventAppRole, isSuperAdmin]);\n  const canManageOrganisation = useMemo(() => isSuperAdmin || organisationRole === 'org_admin', [isSuperAdmin, organisationRole]);\n  const canManageEvent = useMemo(() => isSuperAdmin || eventAppRole === 'event_admin', [isSuperAdmin, eventAppRole]);\n\n  useEffect(() => {\n    loadRBACContext();\n  }, [loadRBACContext]);\n\n  return {\n    user,\n    globalRole,\n    organisationRole,\n    eventAppRole,\n    hasGlobalPermission,\n    isSuperAdmin,\n    isOrgAdmin,\n    isEventAdmin,\n    canManageOrganisation,\n    canManageEvent,\n    isLoading,\n    error,\n  };\n}\n","/**\n * @file useResolvedScope Hook\n * @package @jmruthers/pace-core\n * @module RBAC/Hooks\n * @since 1.0.0\n * \n * Shared hook for resolving RBAC scope from various contexts.\n * This hook is used by both DataTable and PagePermissionGuard to ensure\n * consistent scope resolution logic.\n */\n\nimport { useEffect, useState, useRef } from 'react';\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport type { Database } from '../../types/database';\nimport type { Scope } from '../types';\nimport { createScopeFromEvent } from '../utils/eventContext';\nimport { getCurrentAppName } from '../../utils/app/appNameResolver';\nimport { createLogger } from '../../utils/core/logger';\n\nconst log = createLogger('useResolvedScope');\n\nexport interface UseResolvedScopeOptions {\n  /** Supabase client instance */\n  supabase: SupabaseClient<Database> | null;\n  /** Selected organisation ID */\n  selectedOrganisationId: string | null;\n  /** Selected event ID */\n  selectedEventId: string | null;\n}\n\nexport interface UseResolvedScopeReturn {\n  /** Resolved scope, or null if not yet resolved */\n  resolvedScope: Scope | null;\n  /** Whether the scope resolution is in progress */\n  isLoading: boolean;\n  /** Error if scope resolution failed */\n  error: Error | null;\n}\n\n/**\n * Resolves RBAC scope from organisation and event context\n * \n * This hook handles the complex logic of determining the correct RBAC scope\n * based on available context (organisation, event, app). It ensures consistent\n * scope resolution across the application.\n * \n * @param options - Hook options\n * @returns Resolved scope and loading state\n * \n * @example\n * ```tsx\n * const { resolvedScope, isLoading } = useResolvedScope({\n *   supabase,\n *   selectedOrganisationId,\n *   selectedEventId\n * });\n * \n * if (isLoading) return <Loading />;\n * if (!resolvedScope) return <Error />;\n * \n * const permission = useCan(userId, resolvedScope, permission);\n * ```\n */\nexport function useResolvedScope({\n  supabase,\n  selectedOrganisationId,\n  selectedEventId\n}: UseResolvedScopeOptions): UseResolvedScopeReturn {\n  const [resolvedScope, setResolvedScope] = useState<Scope | null>(null);\n  const [isLoading, setIsLoading] = useState(true);\n  const [error, setError] = useState<Error | null>(null);\n  \n  // Use a ref to track the stable scope and only update it when it actually changes\n  const stableScopeRef = useRef<{ organisationId: string; appId: string; eventId: string | undefined }>({ \n    organisationId: '', \n    appId: '', \n    eventId: undefined \n  });\n  \n  // Update stable scope ref in useEffect to avoid updates during render\n  useEffect(() => {\n    if (resolvedScope && resolvedScope.organisationId) {\n      const newScope = {\n        organisationId: resolvedScope.organisationId,\n        appId: resolvedScope.appId,\n        eventId: resolvedScope.eventId\n      };\n      \n      // Only update if the scope has actually changed\n      if (stableScopeRef.current.organisationId !== newScope.organisationId ||\n          stableScopeRef.current.eventId !== newScope.eventId ||\n          stableScopeRef.current.appId !== newScope.appId) {\n        stableScopeRef.current = {\n          organisationId: newScope.organisationId,\n          appId: newScope.appId || '',\n          eventId: newScope.eventId\n        };\n      }\n    } else if (!resolvedScope) {\n      // Reset to empty scope when no resolved scope\n      stableScopeRef.current = { organisationId: '', appId: '', eventId: undefined };\n    }\n  }, [resolvedScope]);\n  \n  const stableScope = stableScopeRef.current;\n  \n  useEffect(() => {\n    let cancelled = false;\n    \n    const resolveScope = async () => {\n      setIsLoading(true);\n      setError(null);\n      \n      try {\n        // Get app ID from package.json or environment\n        let appId: string | undefined = undefined;\n        \n        // Try to resolve from database\n        if (supabase) {\n          const appName = getCurrentAppName();\n          if (appName) {\n            try {\n              const { data: app, error } = await supabase\n                .from('rbac_apps')\n                .select('id, name, is_active')\n                .eq('name', appName)\n                .eq('is_active', true)\n                .single() as { data: { id: string; name: string; is_active: boolean } | null; error: any };\n              \n              if (error) {\n                // Check if app exists but is inactive\n                const { data: inactiveApp } = await supabase\n                  .from('rbac_apps')\n                  .select('id, name, is_active')\n                  .eq('name', appName)\n                  .single() as { data: { id: string; name: string; is_active: boolean } | null };\n                \n                if (inactiveApp) {\n                  log.error(`App \"${appName}\" exists but is inactive (is_active: ${inactiveApp.is_active})`);\n                } else {\n                  log.error(`App \"${appName}\" not found in rbac_apps table`);\n                }\n              } else if (app) {\n                appId = app.id;\n              }\n            } catch (error) {\n              log.error('Unexpected error resolving app ID:', error);\n            }\n          }\n        }\n\n        // Resolve scope based on available context\n\n        // If we have both organisation and event, use them directly\n        if (selectedOrganisationId && selectedEventId) {\n          if (!cancelled) {\n            setResolvedScope({\n              organisationId: selectedOrganisationId,\n              eventId: selectedEventId,\n              appId: appId\n            });\n            setIsLoading(false);\n          }\n          return;\n        }\n\n        // If we only have organisation, use it\n        if (selectedOrganisationId) {\n          if (!cancelled) {\n            setResolvedScope({\n              organisationId: selectedOrganisationId,\n              eventId: selectedEventId || undefined,\n              appId: appId\n            });\n            setIsLoading(false);\n          }\n          return;\n        }\n\n        // If we only have event, resolve organisation from event\n        if (selectedEventId && supabase) {\n          try {\n            const eventScope = await createScopeFromEvent(supabase, selectedEventId, appId);\n            if (!eventScope) {\n              log.error('Could not resolve organization from event context');\n              if (!cancelled) {\n                setResolvedScope(null);\n                setError(new Error('Could not resolve organisation from event context'));\n                setIsLoading(false);\n              }\n              return;\n            }\n            // Preserve the resolved app ID\n            if (!cancelled) {\n              setResolvedScope({\n                ...eventScope,\n                appId: appId || eventScope.appId\n              });\n              setIsLoading(false);\n            }\n          } catch (err) {\n            log.error('Error resolving scope from event:', err);\n            if (!cancelled) {\n              setResolvedScope(null);\n              setError(err as Error);\n              setIsLoading(false);\n            }\n          }\n          return;\n        }\n\n        // No context available\n        log.error('No organisation or event context available');\n        if (!cancelled) {\n          setResolvedScope(null);\n          setError(new Error('No organisation or event context available'));\n          setIsLoading(false);\n        }\n      } catch (err) {\n        if (!cancelled) {\n          setError(err as Error);\n          setIsLoading(false);\n        }\n      }\n    };\n\n    resolveScope();\n    \n    return () => {\n      cancelled = true;\n    };\n  }, [selectedOrganisationId, selectedEventId, supabase]);\n  \n  return {\n    resolvedScope: stableScope.organisationId ? stableScope as Scope : null,\n    isLoading,\n    error\n  };\n}\n","/**\n * Event Context Utilities for RBAC\n * @package @jmruthers/pace-core\n * @module RBAC/EventContext\n * @since 1.0.0\n * \n * This module provides utilities for event-based RBAC operations where\n * the organization context is derived from the event context.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../../types/database';\nimport { UUID, Scope } from '../types';\n\n/**\n * Get organization ID from event ID\n * \n * @param supabase - Supabase client\n * @param eventId - Event ID\n * @returns Promise resolving to organization ID or null\n */\nexport async function getOrganisationFromEvent(\n  supabase: SupabaseClient<Database>,\n  eventId: string\n): Promise<UUID | null> {\n  const { data, error } = await supabase\n    .from('event')\n    .select('organisation_id')\n    .eq('event_id', eventId)\n    .single() as { data: { organisation_id: string } | null; error: any };\n\n  if (error || !data) {\n    return null;\n  }\n\n  return data.organisation_id;\n}\n\n/**\n * Create a complete scope from event context\n * \n * @param supabase - Supabase client\n * @param eventId - Event ID\n * @param appId - Optional app ID\n * @returns Promise resolving to complete scope\n */\nexport async function createScopeFromEvent(\n  supabase: SupabaseClient<Database>,\n  eventId: string,\n  appId?: UUID\n): Promise<Scope | null> {\n  const organisationId = await getOrganisationFromEvent(supabase, eventId);\n  \n  if (!organisationId) {\n    return null;\n  }\n\n  return {\n    organisationId,\n    eventId,\n    appId\n  };\n}\n\n/**\n * Check if a scope is event-based (has eventId but no explicit organisationId)\n * \n * @param scope - Permission scope\n * @returns True if scope is event-based\n */\nexport function isEventBasedScope(scope: Scope): boolean {\n  return !scope.organisationId && !!scope.eventId;\n}\n\n/**\n * Validate that an event-based scope has the required context\n * \n * @param scope - Permission scope\n * @returns True if scope is valid for event-based operations\n */\nexport function isValidEventBasedScope(scope: Scope): boolean {\n  return isEventBasedScope(scope) && !!scope.eventId;\n}\n","/**\n * @file RBAC Permission Hooks\n * @package @jmruthers/pace-core\n * @module RBAC/Hooks\n * @since 1.0.0\n * \n * This module provides React hooks for RBAC functionality.\n */\n\nimport { useState, useEffect, useCallback, useMemo, useRef } from 'react';\nimport { \n  UUID, \n  Scope, \n  Permission, \n  PermissionMap\n} from '../types';\nimport { AccessLevel as AccessLevelType } from '../types';\nimport { \n  getAccessLevel, \n  getPermissionMap, \n  isPermitted,\n  isPermittedCached \n} from '../api';\nimport { getRBACLogger } from '../config';\n\n/**\n * Hook to get user's permissions in a scope\n * \n * @param userId - User ID\n * @param scope - Scope for permission checking\n * @returns Permission state and methods\n * \n * @example\n * ```tsx\n * function MyComponent() {\n *   const { permissions, isLoading, error } = usePermissions(userId, scope);\n *   \n *   if (isLoading) return <div>Loading...</div>;\n *   if (error) return <div>Error: {error.message}</div>;\n *   \n *   return (\n *     <div>\n *       {permissions['read:users'] && <UserList />}\n *       {permissions['create:users'] && <CreateUserButton />}\n *     </div>\n *   );\n * }\n * ```\n */\nexport function usePermissions(userId: UUID, scope: Scope) {\n  const [permissions, setPermissions] = useState<PermissionMap>({} as PermissionMap);\n  const [isLoading, setIsLoading] = useState(true);\n  const [error, setError] = useState<Error | null>(null);\n  const isFetchingRef = useRef(false);\n\n  // Add timeout for missing organisation context (3 seconds)\n  useEffect(() => {\n    if (!scope.organisationId || scope.organisationId === null || (typeof scope.organisationId === 'string' && scope.organisationId.trim() === '')) {\n      const timeoutId = setTimeout(() => {\n        setError(new Error('Organisation context is required for permission checks'));\n        setIsLoading(false);\n      }, 3000); // 3 seconds - typical permission check is < 1 second\n      \n      return () => clearTimeout(timeoutId);\n    }\n    // Clear error if organisation context becomes available\n    if (error?.message === 'Organisation context is required for permission checks') {\n      setError(null);\n    }\n  }, [scope.organisationId, error]);\n\n  useEffect(() => {\n    const fetchPermissions = async () => {\n      // Prevent multiple simultaneous fetches\n      if (isFetchingRef.current) {\n        return;\n      }\n\n      if (!userId) {\n        setPermissions({} as PermissionMap);\n        setIsLoading(false);\n        return;\n      }\n\n      // Don't fetch permissions if scope is invalid (e.g., organisationId is null/empty)\n      // Wait for organisation context to resolve\n      // IMPORTANT: Don't clear existing permissions here - keep them until we have new ones\n      if (!scope.organisationId || scope.organisationId === null || (typeof scope.organisationId === 'string' && scope.organisationId.trim() === '')) {\n        // Keep existing permissions, just mark as loading\n        setIsLoading(true);\n        setError(null);\n        return;\n      }\n\n      try {\n        isFetchingRef.current = true;\n        setIsLoading(true);\n        setError(null);\n        \n        // Fetch new permissions - don't clear old ones until we have new ones\n        const permissionMap = await getPermissionMap({ userId, scope });\n        \n        // Only update permissions if fetch was successful\n        setPermissions(permissionMap);\n      } catch (err) {\n        // On error, keep existing permissions but set error state\n        // This prevents the UI from losing all items when there's a transient error\n        const logger = getRBACLogger();\n        logger.error('Failed to fetch permissions:', err);\n        setError(err instanceof Error ? err : new Error('Failed to fetch permissions'));\n        // Don't clear permissions on error - keep what we had\n      } finally {\n        setIsLoading(false);\n        isFetchingRef.current = false;\n      }\n    };\n\n    fetchPermissions();\n  }, [userId, scope.organisationId, scope.eventId, scope.appId]);\n\n  const hasPermission = useCallback((permission: Permission): boolean => {\n    if (permissions['*']) {\n      return true;\n    }\n    return permissions[permission] === true;\n  }, [permissions]);\n\n  const hasAnyPermission = useCallback((permissionList: Permission[]): boolean => {\n    if (permissions['*']) {\n      return true;\n    }\n    return permissionList.some(p => permissions[p] === true);\n  }, [permissions]);\n\n  const hasAllPermissions = useCallback((permissionList: Permission[]): boolean => {\n    if (permissions['*']) {\n      return true;\n    }\n    return permissionList.every(p => permissions[p] === true);\n  }, [permissions]);\n\n  const refetch = useCallback(async () => {\n    // Prevent multiple simultaneous fetches\n    if (isFetchingRef.current) {\n      return;\n    }\n\n    if (!userId) {\n      setPermissions({} as PermissionMap);\n      setIsLoading(false);\n      return;\n    }\n\n    // Don't fetch permissions if scope is invalid (e.g., organisationId is null/empty)\n    // IMPORTANT: Don't clear existing permissions - keep them until we have new ones\n    if (!scope.organisationId || scope.organisationId === null || (typeof scope.organisationId === 'string' && scope.organisationId.trim() === '')) {\n      // Keep existing permissions, just mark as loading\n      setIsLoading(true);\n      setError(null);\n      return;\n    }\n\n    try {\n      isFetchingRef.current = true;\n      setIsLoading(true);\n      setError(null);\n      \n      // Fetch new permissions - don't clear old ones until we have new ones\n      const permissionMap = await getPermissionMap({ userId, scope });\n      \n      // Only update permissions if fetch was successful\n      setPermissions(permissionMap);\n    } catch (err) {\n      // On error, keep existing permissions but set error state\n      // This prevents the UI from losing all items when there's a transient error\n      const logger = getRBACLogger();\n      logger.error('Failed to refetch permissions:', err);\n      setError(err instanceof Error ? err : new Error('Failed to fetch permissions'));\n      // Don't clear permissions on error - keep what we had\n    } finally {\n      setIsLoading(false);\n      isFetchingRef.current = false;\n    }\n  }, [userId, scope.organisationId, scope.eventId, scope.appId]);\n\n  // Memoize the return object to prevent unnecessary re-renders\n  return useMemo(() => ({\n    permissions,\n    isLoading,\n    error,\n    hasPermission,\n    hasAnyPermission,\n    hasAllPermissions,\n    refetch\n  }), [permissions, isLoading, error, hasPermission, hasAnyPermission, hasAllPermissions, refetch]);\n}\n\n/**\n * Hook to check if user can perform an action\n * \n * @param userId - User ID\n * @param scope - Scope for permission checking\n * @param permission - Permission to check\n * @param pageId - Optional page ID\n * @param useCache - Whether to use cached results\n * @returns Permission check state and methods\n * \n * @example\n * ```tsx\n * function MyComponent() {\n *   const { can, isLoading, error } = useCan(userId, scope, 'read:users');\n *   \n *   if (isLoading) return <div>Checking permission...</div>;\n *   if (error) return <div>Error: {error.message}</div>;\n *   \n *   return can ? <UserList /> : <div>Access denied</div>;\n * }\n * ```\n */\nexport function useCan(\n  userId: UUID, \n  scope: Scope, \n  permission: Permission, \n  pageId?: UUID,\n  useCache: boolean = true\n) {\n  const [can, setCan] = useState<boolean>(false);\n  const [isLoading, setIsLoading] = useState(true);\n  const [error, setError] = useState<Error | null>(null);\n\n  // Validate scope parameter - handle undefined/null scope gracefully\n  const isValidScope = scope && typeof scope === 'object';\n  const organisationId = isValidScope ? scope.organisationId : undefined;\n  const eventId = isValidScope ? scope.eventId : undefined;\n  const appId = isValidScope ? scope.appId : undefined;\n\n  // Add timeout for missing organisation context (3 seconds)\n  useEffect(() => {\n    if (!isValidScope || !organisationId || organisationId === null || (typeof organisationId === 'string' && organisationId.trim() === '')) {\n      const timeoutId = setTimeout(() => {\n        setError(new Error('Organisation context is required for permission checks'));\n        setIsLoading(false);\n        setCan(false);\n      }, 3000); // 3 seconds - typical permission check is < 1 second\n      \n      return () => clearTimeout(timeoutId);\n    }\n    // Clear error if organisation context becomes available\n    if (error?.message === 'Organisation context is required for permission checks') {\n      setError(null);\n    }\n  }, [isValidScope, organisationId, error]);\n\n  // Use refs to track the last values to prevent unnecessary re-runs\n  const lastUserIdRef = useRef<UUID | null>(null);\n  const lastScopeRef = useRef<string | null>(null);\n  const lastPermissionRef = useRef<Permission | null>(null);\n  const lastPageIdRef = useRef<UUID | undefined | null>(null);\n  const lastUseCacheRef = useRef<boolean | null>(null);\n\n  useEffect(() => {\n    // Create a scope key to track changes - use safe property access\n    const scopeKey = isValidScope ? `${organisationId}-${eventId}-${appId}` : 'invalid-scope';\n    \n    // Only run if something has actually changed\n    if (\n      lastUserIdRef.current !== userId ||\n      lastScopeRef.current !== scopeKey ||\n      lastPermissionRef.current !== permission ||\n      lastPageIdRef.current !== pageId ||\n      lastUseCacheRef.current !== useCache\n    ) {\n      lastUserIdRef.current = userId;\n      lastScopeRef.current = scopeKey;\n      lastPermissionRef.current = permission;\n      lastPageIdRef.current = pageId;\n      lastUseCacheRef.current = useCache;\n      \n      // Inline the permission check logic to avoid useCallback dependency issues\n      const checkPermission = async () => {\n        if (!userId) {\n          setCan(false);\n          setIsLoading(false);\n          return;\n        }\n\n        // Validate scope before accessing properties\n        if (!isValidScope) {\n          setIsLoading(true);\n          setCan(false);\n          setError(null);\n          // Timeout is handled in separate useEffect\n          return;\n        }\n\n        // Don't check permissions if scope is invalid (e.g., organisationId is null/empty)\n        // Wait for organisation context to resolve\n        if (!organisationId || organisationId === null || (typeof organisationId === 'string' && organisationId.trim() === '')) {\n          setIsLoading(true);\n          setCan(false);\n          setError(null);\n          // Timeout is handled in separate useEffect (Phase 1.4)\n          return;\n        }\n\n        try {\n          setIsLoading(true);\n          setError(null);\n          \n          // Create a valid scope object for the API call\n          const validScope: Scope = {\n            organisationId,\n            ...(eventId ? { eventId } : {}),\n            ...(appId ? { appId } : {})\n          };\n          \n          const result = useCache \n            ? await isPermittedCached({ userId, scope: validScope, permission, pageId })\n            : await isPermitted({ userId, scope: validScope, permission, pageId });\n          \n          setCan(result);\n        } catch (err) {\n          const logger = getRBACLogger();\n          logger.error('Permission check error:', { permission, error: err });\n          setError(err instanceof Error ? err : new Error('Failed to check permission'));\n          setCan(false);\n        } finally {\n          setIsLoading(false);\n        }\n      };\n      \n      checkPermission();\n    }\n  }, [userId, isValidScope, organisationId, eventId, appId, permission, pageId, useCache]);\n\n  const refetch = useCallback(async () => {\n    if (!userId) {\n      setCan(false);\n      setIsLoading(false);\n      return;\n    }\n\n    // Validate scope before accessing properties\n    if (!isValidScope) {\n      setCan(false);\n      setIsLoading(true);\n      setError(null);\n      return;\n    }\n\n    // Don't check permissions if scope is invalid (e.g., organisationId is null/empty)\n    if (!organisationId || organisationId === null || (typeof organisationId === 'string' && organisationId.trim() === '')) {\n      setCan(false);\n      setIsLoading(true);\n      setError(null);\n      return;\n    }\n\n    try {\n      setIsLoading(true);\n      setError(null);\n      \n      // Create a valid scope object for the API call\n      const validScope: Scope = {\n        organisationId,\n        ...(eventId ? { eventId } : {}),\n        ...(appId ? { appId } : {})\n      };\n      \n      const result = useCache \n        ? await isPermittedCached({ userId, scope: validScope, permission, pageId })\n        : await isPermitted({ userId, scope: validScope, permission, pageId });\n      \n      setCan(result);\n    } catch (err) {\n      setError(err instanceof Error ? err : new Error('Failed to check permission'));\n      setCan(false);\n    } finally {\n      setIsLoading(false);\n    }\n  }, [userId, isValidScope, organisationId, eventId, appId, permission, pageId, useCache]);\n\n  // Memoize the return object to prevent unnecessary re-renders\n  return useMemo(() => ({\n    can,\n    isLoading,\n    error,\n    refetch\n  }), [can, isLoading, error, refetch]);\n}\n\n/**\n * Hook to get user's access level in a scope\n * \n * @param userId - User ID\n * @param scope - Scope for access level checking\n * @returns Access level state and methods\n * \n * @example\n * ```tsx\n * function MyComponent() {\n *   const { accessLevel, isLoading, error } = useAccessLevel(userId, scope);\n *   \n *   if (isLoading) return <div>Loading access level...</div>;\n *   if (error) return <div>Error: {error.message}</div>;\n *   \n *   return (\n *     <div>\n *       Access Level: {accessLevel}\n *       {accessLevel >= AccessLevel.ADMIN && <AdminPanel />}\n *     </div>\n *   );\n * }\n * ```\n */\nexport function useAccessLevel(userId: UUID, scope: Scope): {\n  accessLevel: AccessLevelType;\n  isLoading: boolean;\n  error: Error | null;\n  refetch: () => Promise<void>;\n} {\n  const [accessLevel, setAccessLevel] = useState<AccessLevelType>('viewer');\n  const [isLoading, setIsLoading] = useState(true);\n  const [error, setError] = useState<Error | null>(null);\n\n  const fetchAccessLevel = useCallback(async () => {\n    if (!userId) {\n      setAccessLevel('viewer');\n      setIsLoading(false);\n      return;\n    }\n\n    try {\n      setIsLoading(true);\n      setError(null);\n      \n      const level = await getAccessLevel({ userId, scope });\n      setAccessLevel(level);\n    } catch (err) {\n      setError(err instanceof Error ? err : new Error('Failed to fetch access level'));\n      setAccessLevel('viewer');\n    } finally {\n      setIsLoading(false);\n    }\n  }, [userId, scope.organisationId, scope.eventId, scope.appId]);\n\n  useEffect(() => {\n    fetchAccessLevel();\n  }, [fetchAccessLevel]);\n\n  // Memoize the return object to prevent unnecessary re-renders\n  return useMemo(() => ({\n    accessLevel,\n    isLoading,\n    error,\n    refetch: fetchAccessLevel\n  }), [accessLevel, isLoading, error, fetchAccessLevel]);\n}\n\n/**\n * Hook to check multiple permissions at once\n * \n * @param userId - User ID\n * @param scope - Scope for permission checking\n * @param permissions - Array of permissions to check\n * @param useCache - Whether to use cached results\n * @returns Multiple permission check results\n * \n * @example\n * ```tsx\n * function MyComponent() {\n *   const { results, isLoading, error } = useMultiplePermissions(\n *     userId, \n *     scope, \n *     ['read:users', 'create:users', 'update:users']\n *   );\n *   \n *   if (isLoading) return <div>Checking permissions...</div>;\n *   if (error) return <div>Error: {error.message}</div>;\n *   \n *   return (\n *     <div>\n *       {results['read:users'] && <UserList />}\n *       {results['create:users'] && <CreateUserButton />}\n *       {results['update:users'] && <EditUserButton />}\n *     </div>\n *   );\n * }\n * ```\n */\nexport function useMultiplePermissions(\n  userId: UUID, \n  scope: Scope, \n  permissions: Permission[],\n  useCache: boolean = true\n): {\n  results: Record<Permission, boolean>;\n  isLoading: boolean;\n  error: Error | null;\n  refetch: () => Promise<void>;\n} {\n  const [results, setResults] = useState<Record<Permission, boolean>>({} as Record<Permission, boolean>);\n  const [isLoading, setIsLoading] = useState(true);\n  const [error, setError] = useState<Error | null>(null);\n\n  const checkPermissions = useCallback(async () => {\n    if (!userId || permissions.length === 0) {\n      setResults({} as Record<Permission, boolean>);\n      setIsLoading(false);\n      return;\n    }\n\n    try {\n      setIsLoading(true);\n      setError(null);\n      \n      const permissionResults: Record<Permission, boolean> = {} as Record<Permission, boolean>;\n      \n      // Check each permission\n      for (const permission of permissions) {\n        const result = useCache \n          ? await isPermittedCached({ userId, scope, permission })\n          : await isPermitted({ userId, scope, permission });\n        permissionResults[permission] = result;\n      }\n      \n      setResults(permissionResults);\n    } catch (err) {\n      setError(err instanceof Error ? err : new Error('Failed to check permissions'));\n      setResults({} as Record<Permission, boolean>);\n    } finally {\n      setIsLoading(false);\n    }\n  }, [userId, scope.organisationId, scope.eventId, scope.appId, permissions, useCache]);\n\n  useEffect(() => {\n    checkPermissions();\n  }, [checkPermissions]);\n\n  // Memoize the return object to prevent unnecessary re-renders\n  return useMemo(() => ({\n    results,\n    isLoading,\n    error,\n    refetch: checkPermissions\n  }), [results, isLoading, error, checkPermissions]);\n}\n\n/**\n * Hook to check if user has any of the specified permissions\n * \n * @param userId - User ID\n * @param scope - Scope for permission checking\n * @param permissions - Array of permissions to check\n * @param useCache - Whether to use cached results\n * @returns Whether user has any of the permissions\n * \n * @example\n * ```tsx\n * function MyComponent() {\n *   const { hasAny, isLoading, error } = useHasAnyPermission(\n *     userId, \n *     scope, \n *     ['read:users', 'create:users']\n *   );\n *   \n *   if (isLoading) return <div>Checking permissions...</div>;\n *   if (error) return <div>Error: {error.message}</div>;\n *   \n *   return hasAny ? <UserManagementPanel /> : <div>No user permissions</div>;\n * }\n * ```\n */\nexport function useHasAnyPermission(\n  userId: UUID, \n  scope: Scope, \n  permissions: Permission[],\n  useCache: boolean = true\n): {\n  hasAny: boolean;\n  isLoading: boolean;\n  error: Error | null;\n  refetch: () => Promise<void>;\n} {\n  const [hasAny, setHasAny] = useState<boolean>(false);\n  const [isLoading, setIsLoading] = useState(true);\n  const [error, setError] = useState<Error | null>(null);\n\n  const checkAnyPermission = useCallback(async () => {\n    if (!userId || permissions.length === 0) {\n      setHasAny(false);\n      setIsLoading(false);\n      return;\n    }\n\n    try {\n      setIsLoading(true);\n      setError(null);\n      \n      let hasAnyPermission = false;\n      \n      for (const permission of permissions) {\n        const result = useCache \n          ? await isPermittedCached({ userId, scope, permission })\n          : await isPermitted({ userId, scope, permission });\n        \n        if (result) {\n          hasAnyPermission = true;\n          break;\n        }\n      }\n      \n      setHasAny(hasAnyPermission);\n    } catch (err) {\n      setError(err instanceof Error ? err : new Error('Failed to check permissions'));\n      setHasAny(false);\n    } finally {\n      setIsLoading(false);\n    }\n  }, [userId, scope.organisationId, scope.eventId, scope.appId, permissions, useCache]);\n\n  useEffect(() => {\n    checkAnyPermission();\n  }, [checkAnyPermission]);\n\n  // Memoize the return object to prevent unnecessary re-renders\n  return useMemo(() => ({\n    hasAny,\n    isLoading,\n    error,\n    refetch: checkAnyPermission\n  }), [hasAny, isLoading, error, checkAnyPermission]);\n}\n\n/**\n * Hook to check if user has all of the specified permissions\n * \n * @param userId - User ID\n * @param scope - Scope for permission checking\n * @param permissions - Array of permissions to check\n * @param useCache - Whether to use cached results\n * @returns Whether user has all of the permissions\n * \n * @example\n * ```tsx\n * function MyComponent() {\n *   const { hasAll, isLoading, error } = useHasAllPermissions(\n *     userId, \n *     scope, \n *     ['read:users', 'create:users', 'update:users']\n *   );\n *   \n *   if (isLoading) return <div>Checking permissions...</div>;\n *   if (error) return <div>Error: {error.message}</div>;\n *   \n *   return hasAll ? <FullUserManagementPanel /> : <div>Insufficient permissions</div>;\n * }\n * ```\n */\nexport function useHasAllPermissions(\n  userId: UUID, \n  scope: Scope, \n  permissions: Permission[],\n  useCache: boolean = true\n): {\n  hasAll: boolean;\n  isLoading: boolean;\n  error: Error | null;\n  refetch: () => Promise<void>;\n} {\n  const [hasAll, setHasAll] = useState<boolean>(false);\n  const [isLoading, setIsLoading] = useState(true);\n  const [error, setError] = useState<Error | null>(null);\n\n  const checkAllPermissions = useCallback(async () => {\n    if (!userId || permissions.length === 0) {\n      setHasAll(false);\n      setIsLoading(false);\n      return;\n    }\n\n    try {\n      setIsLoading(true);\n      setError(null);\n      \n      let hasAllPermissions = true;\n      \n      for (const permission of permissions) {\n        const result = useCache \n          ? await isPermittedCached({ userId, scope, permission })\n          : await isPermitted({ userId, scope, permission });\n        \n        if (!result) {\n          hasAllPermissions = false;\n          break;\n        }\n      }\n      \n      setHasAll(hasAllPermissions);\n    } catch (err) {\n      setError(err instanceof Error ? err : new Error('Failed to check permissions'));\n      setHasAll(false);\n    } finally {\n      setIsLoading(false);\n    }\n  }, [userId, scope.organisationId, scope.eventId, scope.appId, permissions, useCache]);\n\n  useEffect(() => {\n    checkAllPermissions();\n  }, [checkAllPermissions]);\n\n  // Memoize the return object to prevent unnecessary re-renders\n  return useMemo(() => ({\n    hasAll,\n    isLoading,\n    error,\n    refetch: checkAllPermissions\n  }), [hasAll, isLoading, error, checkAllPermissions]);\n}\n\n/**\n * Hook to get cached permissions with TTL management\n * \n * @param userId - User ID\n * @param scope - Scope for permission checking\n * @returns Cached permission state and methods\n * \n * @example\n * ```tsx\n * function MyComponent() {\n *   const { permissions, isLoading, error, invalidateCache } = useCachedPermissions(userId, scope);\n *   \n *   if (isLoading) return <div>Loading cached permissions...</div>;\n *   if (error) return <div>Error: {error.message}</div>;\n *   \n *   return (\n *     <div>\n *       {permissions['read:users'] && <UserList />}\n *       <button onClick={invalidateCache}>Refresh Permissions</button>\n *     </div>\n *   );\n * }\n * ```\n */\nexport function useCachedPermissions(userId: UUID, scope: Scope): {\n  permissions: PermissionMap;\n  isLoading: boolean;\n  error: Error | null;\n  invalidateCache: () => void;\n  refetch: () => Promise<void>;\n} {\n  const [permissions, setPermissions] = useState<PermissionMap>({} as PermissionMap);\n  const [isLoading, setIsLoading] = useState(true);\n  const [error, setError] = useState<Error | null>(null);\n\n  const fetchCachedPermissions = useCallback(async () => {\n    if (!userId) {\n      setPermissions({} as PermissionMap);\n      setIsLoading(false);\n      return;\n    }\n\n    try {\n      setIsLoading(true);\n      setError(null);\n      \n      const permissionMap = await getPermissionMap({ userId, scope });\n      setPermissions(permissionMap);\n    } catch (err) {\n      setError(err instanceof Error ? err : new Error('Failed to fetch cached permissions'));\n    } finally {\n      setIsLoading(false);\n    }\n  }, [userId, scope.organisationId, scope.eventId, scope.appId]);\n\n  const invalidateCache = useCallback(() => {\n    // This would typically invalidate the cache in the actual implementation\n    // For now, we'll just refetch\n    fetchCachedPermissions();\n  }, [fetchCachedPermissions]);\n\n  useEffect(() => {\n    fetchCachedPermissions();\n  }, [fetchCachedPermissions]);\n\n  // Memoize the return object to prevent unnecessary re-renders\n  return useMemo(() => ({\n    permissions,\n    isLoading,\n    error,\n    invalidateCache,\n    refetch: fetchCachedPermissions\n  }), [permissions, isLoading, error, invalidateCache, fetchCachedPermissions]);\n}\n","/**\n * @file RBAC Role Management Hook\n * @package @jmruthers/pace-core\n * @module RBAC/Hooks\n * @since 2.1.0\n *\n * React hook for managing RBAC roles safely using RPC functions.\n * This hook provides a secure, type-safe interface for granting and revoking roles\n * that ensures proper audit trails and security checks.\n *\n * @example\n * ```tsx\n * import { useRoleManagement } from '@jmruthers/pace-core/rbac';\n *\n * function UserRolesComponent() {\n *   const { revokeEventAppRole, grantEventAppRole, isLoading, error } = useRoleManagement();\n *\n *   const handleRevokeRole = async (roleId: string, roleData: EventAppRoleData) => {\n *     const result = await revokeEventAppRole({\n *       userId: roleData.user_id,\n *       organisationId: roleData.organisation_id,\n *       eventId: roleData.event_id,\n *       appId: roleData.app_id,\n *       role: roleData.role\n *     });\n *\n *     if (result.success) {\n *       toast({ title: 'Role revoked successfully' });\n *     } else {\n *       toast({ title: 'Failed to revoke role', variant: 'destructive' });\n *     }\n *   };\n *\n *   return <button onClick={() => handleRevokeRole(roleId, roleData)}>Revoke Role</button>;\n * }\n * ```\n */\n\nimport { useState, useCallback } from 'react';\nimport { useUnifiedAuth } from '../../providers/services/UnifiedAuthProvider';\nimport type { UUID } from '../types';\n\nexport interface EventAppRoleData {\n  user_id: UUID;\n  organisation_id: UUID;\n  event_id: string;\n  app_id: UUID;\n  role: 'viewer' | 'participant' | 'planner' | 'event_admin';\n}\n\nexport interface RevokeEventAppRoleParams extends EventAppRoleData {\n  revoked_by?: UUID;\n}\n\nexport interface GrantEventAppRoleParams extends EventAppRoleData {\n  granted_by?: UUID;\n  valid_from?: string;\n  valid_to?: string | null;\n}\n\nexport interface RoleManagementResult {\n  success: boolean;\n  message?: string;\n  error?: string;\n  roleId?: UUID;\n}\n\nexport function useRoleManagement() {\n  const { user, supabase } = useUnifiedAuth();\n  const [isLoading, setIsLoading] = useState(false);\n  const [error, setError] = useState<Error | null>(null);\n\n  if (!supabase) {\n    throw new Error('useRoleManagement requires a Supabase client. Ensure UnifiedAuthProvider is configured.');\n  }\n\n  /**\n   * Revoke an event app role using the secure RPC function\n   * \n   * This function uses the `revoke_event_app_role` RPC which:\n   * - Runs with SECURITY DEFINER privileges\n   * - Includes proper permission checks\n   * - Automatically populates audit fields (revoked_by, timestamps)\n   * - Complies with Row-Level Security policies\n   * \n   * @param params - Role revocation parameters\n   * @returns Promise resolving to operation result\n   */\n  const revokeEventAppRole = useCallback(async (\n    params: RevokeEventAppRoleParams\n  ): Promise<RoleManagementResult> => {\n    setIsLoading(true);\n    setError(null);\n\n    try {\n      const { data, error: rpcError } = await supabase.rpc('revoke_event_app_role', {\n        p_user_id: params.user_id,\n        p_organisation_id: params.organisation_id,\n        p_event_id: params.event_id,\n        p_app_id: params.app_id,\n        p_role: params.role,\n        p_revoked_by: params.revoked_by || user?.id || undefined\n      });\n\n      if (rpcError) {\n        throw new Error(rpcError.message || 'Failed to revoke role');\n      }\n\n      return {\n        success: data === true,\n        message: data === true ? 'Role revoked successfully' : 'No role found to revoke',\n        error: data === false ? 'No matching role found' : undefined\n      };\n    } catch (err) {\n      const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';\n      setError(err instanceof Error ? err : new Error(errorMessage));\n      return {\n        success: false,\n        error: errorMessage\n      };\n    } finally {\n      setIsLoading(false);\n    }\n  }, [user?.id]);\n\n  /**\n   * Grant an event app role using the secure RPC function\n   * \n   * This function uses the `grant_event_app_role` RPC which:\n   * - Runs with SECURITY DEFINER privileges\n   * - Includes proper permission checks\n   * - Automatically populates audit fields (granted_by, timestamps)\n   * - Complies with Row-Level Security policies\n   * \n   * @param params - Role grant parameters\n   * @returns Promise resolving to operation result with role ID\n   */\n  const grantEventAppRole = useCallback(async (\n    params: GrantEventAppRoleParams\n  ): Promise<RoleManagementResult> => {\n    setIsLoading(true);\n    setError(null);\n\n    try {\n      const { data, error: rpcError } = await supabase.rpc('grant_event_app_role', {\n        p_user_id: params.user_id,\n        p_organisation_id: params.organisation_id,\n        p_event_id: params.event_id,\n        p_app_id: params.app_id,\n        p_role: params.role,\n        p_granted_by: params.granted_by || user?.id || undefined,\n        p_valid_from: params.valid_from,\n        p_valid_to: params.valid_to\n      });\n\n      if (rpcError) {\n        throw new Error(rpcError.message || 'Failed to grant role');\n      }\n\n      if (!data) {\n        return {\n          success: false,\n          error: 'Failed to grant role - no role ID returned'\n        };\n      }\n\n      return {\n        success: true,\n        message: 'Role granted successfully',\n        roleId: data as UUID\n      };\n    } catch (err) {\n      const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';\n      setError(err instanceof Error ? err : new Error(errorMessage));\n      return {\n        success: false,\n        error: errorMessage\n      };\n    } finally {\n      setIsLoading(false);\n    }\n  }, [user?.id]);\n\n  /**\n   * Revoke an event app role by role ID (alternative method)\n   * \n   * This fetches the role by ID first to get the required context (role name, event_id, app_id),\n   * then uses the unified `rbac_role_revoke` function to revoke it.\n   * \n   * @param roleId - The role ID to revoke\n   * @returns Promise resolving to operation result\n   */\n  const revokeRoleById = useCallback(async (\n    roleId: UUID\n  ): Promise<RoleManagementResult> => {\n    setIsLoading(true);\n    setError(null);\n\n    try {\n      // First, fetch the role by ID to get the required context\n      const { data: roleData, error: fetchError } = await supabase\n        .from('rbac_event_app_roles')\n        .select('user_id, role, event_id, app_id')\n        .eq('id', roleId)\n        .single();\n\n      if (fetchError || !roleData) {\n        throw new Error(fetchError?.message || 'Role not found');\n      }\n\n      // Construct context_id in the format required by rbac_role_revoke: \"event_id:app_id\"\n      const contextId = `${roleData.event_id}:${roleData.app_id}`;\n\n      // Now call rbac_role_revoke with the required parameters\n      const { data, error: rpcError } = await supabase.rpc('rbac_role_revoke', {\n        p_user_id: roleData.user_id,\n        p_role_type: 'event_app',\n        p_role_name: roleData.role,\n        p_context_id: contextId,\n        p_revoked_by: user?.id || undefined\n      });\n\n      if (rpcError) {\n        throw new Error(rpcError.message || 'Failed to revoke role');\n      }\n\n      // rbac_role_revoke returns a table with success, message, revoked_count, error_code\n      const result = Array.isArray(data) && data.length > 0 ? data[0] : null;\n\n      return {\n        success: result?.success === true,\n        message: result?.message || undefined,\n        error: result?.success === false ? (result?.message || result?.error_code || 'Unknown error') : undefined\n      };\n    } catch (err) {\n      const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';\n      setError(err instanceof Error ? err : new Error(errorMessage));\n      return {\n        success: false,\n        error: errorMessage\n      };\n    } finally {\n      setIsLoading(false);\n    }\n  }, [user?.id, supabase]);\n\n  return {\n    revokeEventAppRole,\n    grantEventAppRole,\n    revokeRoleById,\n    isLoading,\n    error\n  };\n}\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAaA;AACA;AAFA,SAAS,UAAU,WAAW,aAAa,eAAe;AAsB1D,SAAS,0BAA0B,OAA2C;AAC5E,UAAQ,OAAO;AAAA,IACb,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,IACT;AACE,aAAO;AAAA,EACX;AACF;AAEO,SAAS,QAAQ,QAAkC;AACxD,QAAM,SAAS,cAAc;AAC7B,QAAM,EAAE,MAAM,SAAS,QAAQ,IAAI,eAAe;AAClD,QAAM,EAAE,qBAAqB,IAAI,iBAAiB;AAElD,MAAI,gBAA6C;AACjD,MAAI;AACF,UAAM,gBAAgB,UAAU;AAChC,oBAAgB,cAAc;AAAA,EAChC,SAASA,QAAO;AACd,WAAO,MAAM,4EAA4EA,MAAK;AAAA,EAChG;AAEA,QAAM,CAAC,YAAY,aAAa,IAAI,SAA4B,IAAI;AACpE,QAAM,CAAC,kBAAkB,mBAAmB,IAAI,SAAkC,IAAI;AACtF,QAAM,CAAC,cAAc,eAAe,IAAI,SAA8B,IAAI;AAC1E,QAAM,CAAC,eAAe,gBAAgB,IAAI,SAAwB,CAAC,CAAkB;AACrF,QAAM,CAAC,cAAc,eAAe,IAAI,SAAuB,IAAI;AACnE,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,KAAK;AAChD,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAuB,IAAI;AAErD,QAAM,aAAa,YAAY,MAAM;AACnC,kBAAc,IAAI;AAClB,wBAAoB,IAAI;AACxB,oBAAgB,IAAI;AACpB,qBAAiB,CAAC,CAAkB;AACpC,oBAAgB,IAAI;AAAA,EACtB,GAAG,CAAC,CAAC;AAEL,QAAM,kBAAkB,YAAY,YAAY;AAC9C,QAAI,CAAC,QAAQ,CAAC,SAAS;AACrB,iBAAW;AACX;AAAA,IACF;AAEA,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AACF,UAAI;AACJ,UAAI,SAAS;AACX,cAAM,WAAW,MAAM,kBAAkB,EAAE,QAAQ,KAAK,IAAY,QAAQ,CAAC;AAC7E,YAAI,CAAC,YAAY,CAAC,SAAS,WAAW;AACpC,gBAAM,IAAI,MAAM,qCAAqC,OAAO,GAAG;AAAA,QACjE;AACA,gBAAQ,SAAS;AAAA,MACnB;AAEA,YAAM,QAAe;AAAA,QACnB,gBAAgB,sBAAsB;AAAA,QACtC,SAAS,eAAe,YAAY;AAAA,QACpC;AAAA,MACF;AACA,sBAAgB,KAAK;AAErB,YAAM,CAAC,KAAK,aAAa,WAAW,IAAI,MAAM,QAAQ,IAAI;AAAA,QACxD,iBAAiB,EAAE,QAAQ,KAAK,IAAY,MAAM,CAAC;AAAA,QACnD,eAAe,EAAE,QAAQ,KAAK,IAAY,MAAM,CAAC;AAAA,QACjD,eAAe,EAAE,QAAQ,KAAK,IAAY,MAAM,CAAC;AAAA,MACnD,CAAC;AAED,uBAAiB,GAAG;AACpB,oBAAc,YAAY,UAAU;AACpC,0BAAoB,YAAY,gBAAgB;AAChD,sBAAgB,YAAY,gBAAgB,0BAA0B,WAAW,CAAC;AAAA,IACpF,SAAS,KAAK;AACZ,YAAM,eAAe,eAAe,QAAQ,MAAM,IAAI,MAAM,6BAA6B;AACzF,aAAO,MAAM,yCAAyC,YAAY;AAClE,eAAS,YAAY;AACrB,iBAAW;AAAA,IACb,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,SAAS,QAAQ,YAAY,eAAe,UAAU,sBAAsB,IAAI,SAAS,IAAI,CAAC;AAElG,QAAM,sBAAsB;AAAA,IAC1B,CAAC,eAAgC;AAC/B,UAAI,eAAe,iBAAiB,cAAc,GAAG,GAAG;AACtD,eAAO;AAAA,MACT;AAEA,UAAI,eAAe,eAAe;AAChC,eAAO,eAAe;AAAA,MACxB;AAEA,UAAI,eAAe,aAAa;AAC9B,eAAO,qBAAqB;AAAA,MAC9B;AAEA,aAAO,cAAc,UAAwB,MAAM;AAAA,IACrD;AAAA,IACA,CAAC,YAAY,kBAAkB,aAAa;AAAA,EAC9C;AAEA,QAAM,eAAe,QAAQ,MAAM,eAAe,iBAAiB,cAAc,GAAG,MAAM,MAAM,CAAC,YAAY,aAAa,CAAC;AAC3H,QAAM,aAAa,QAAQ,MAAM,qBAAqB,eAAe,cAAc,CAAC,kBAAkB,YAAY,CAAC;AACnH,QAAM,eAAe,QAAQ,MAAM,iBAAiB,iBAAiB,cAAc,CAAC,cAAc,YAAY,CAAC;AAC/G,QAAM,wBAAwB,QAAQ,MAAM,gBAAgB,qBAAqB,aAAa,CAAC,cAAc,gBAAgB,CAAC;AAC9H,QAAM,iBAAiB,QAAQ,MAAM,gBAAgB,iBAAiB,eAAe,CAAC,cAAc,YAAY,CAAC;AAEjH,YAAU,MAAM;AACd,oBAAgB;AAAA,EAClB,GAAG,CAAC,eAAe,CAAC;AAEpB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AC7JA,SAAS,aAAAC,YAAW,YAAAC,WAAU,cAAc;;;ACU5C,eAAsB,yBACpB,UACA,SACsB;AACtB,QAAM,EAAE,MAAM,MAAM,IAAI,MAAM,SAC3B,KAAK,OAAO,EACZ,OAAO,iBAAiB,EACxB,GAAG,YAAY,OAAO,EACtB,OAAO;AAEV,MAAI,SAAS,CAAC,MAAM;AAClB,WAAO;AAAA,EACT;AAEA,SAAO,KAAK;AACd;AAUA,eAAsB,qBACpB,UACA,SACA,OACuB;AACvB,QAAM,iBAAiB,MAAM,yBAAyB,UAAU,OAAO;AAEvE,MAAI,CAAC,gBAAgB;AACnB,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AD7CA;AAEA,IAAM,MAAM,aAAa,kBAAkB;AA4CpC,SAAS,iBAAiB;AAAA,EAC/B;AAAA,EACA;AAAA,EACA;AACF,GAAoD;AAClD,QAAM,CAAC,eAAe,gBAAgB,IAAIC,UAAuB,IAAI;AACrE,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAGrD,QAAM,iBAAiB,OAA+E;AAAA,IACpG,gBAAgB;AAAA,IAChB,OAAO;AAAA,IACP,SAAS;AAAA,EACX,CAAC;AAGD,EAAAC,WAAU,MAAM;AACd,QAAI,iBAAiB,cAAc,gBAAgB;AACjD,YAAM,WAAW;AAAA,QACf,gBAAgB,cAAc;AAAA,QAC9B,OAAO,cAAc;AAAA,QACrB,SAAS,cAAc;AAAA,MACzB;AAGA,UAAI,eAAe,QAAQ,mBAAmB,SAAS,kBACnD,eAAe,QAAQ,YAAY,SAAS,WAC5C,eAAe,QAAQ,UAAU,SAAS,OAAO;AACnD,uBAAe,UAAU;AAAA,UACvB,gBAAgB,SAAS;AAAA,UACzB,OAAO,SAAS,SAAS;AAAA,UACzB,SAAS,SAAS;AAAA,QACpB;AAAA,MACF;AAAA,IACF,WAAW,CAAC,eAAe;AAEzB,qBAAe,UAAU,EAAE,gBAAgB,IAAI,OAAO,IAAI,SAAS,OAAU;AAAA,IAC/E;AAAA,EACF,GAAG,CAAC,aAAa,CAAC;AAElB,QAAM,cAAc,eAAe;AAEnC,EAAAA,WAAU,MAAM;AACd,QAAI,YAAY;AAEhB,UAAM,eAAe,YAAY;AAC/B,mBAAa,IAAI;AACjB,eAAS,IAAI;AAEb,UAAI;AAEF,YAAI,QAA4B;AAGhC,YAAI,UAAU;AACZ,gBAAM,UAAU,kBAAkB;AAClC,cAAI,SAAS;AACX,gBAAI;AACF,oBAAM,EAAE,MAAM,KAAK,OAAAC,OAAM,IAAI,MAAM,SAChC,KAAK,WAAW,EAChB,OAAO,qBAAqB,EAC5B,GAAG,QAAQ,OAAO,EAClB,GAAG,aAAa,IAAI,EACpB,OAAO;AAEV,kBAAIA,QAAO;AAET,sBAAM,EAAE,MAAM,YAAY,IAAI,MAAM,SACjC,KAAK,WAAW,EAChB,OAAO,qBAAqB,EAC5B,GAAG,QAAQ,OAAO,EAClB,OAAO;AAEV,oBAAI,aAAa;AACf,sBAAI,MAAM,QAAQ,OAAO,wCAAwC,YAAY,SAAS,GAAG;AAAA,gBAC3F,OAAO;AACL,sBAAI,MAAM,QAAQ,OAAO,gCAAgC;AAAA,gBAC3D;AAAA,cACF,WAAW,KAAK;AACd,wBAAQ,IAAI;AAAA,cACd;AAAA,YACF,SAASA,QAAO;AACd,kBAAI,MAAM,sCAAsCA,MAAK;AAAA,YACvD;AAAA,UACF;AAAA,QACF;AAKA,YAAI,0BAA0B,iBAAiB;AAC7C,cAAI,CAAC,WAAW;AACd,6BAAiB;AAAA,cACf,gBAAgB;AAAA,cAChB,SAAS;AAAA,cACT;AAAA,YACF,CAAC;AACD,yBAAa,KAAK;AAAA,UACpB;AACA;AAAA,QACF;AAGA,YAAI,wBAAwB;AAC1B,cAAI,CAAC,WAAW;AACd,6BAAiB;AAAA,cACf,gBAAgB;AAAA,cAChB,SAAS,mBAAmB;AAAA,cAC5B;AAAA,YACF,CAAC;AACD,yBAAa,KAAK;AAAA,UACpB;AACA;AAAA,QACF;AAGA,YAAI,mBAAmB,UAAU;AAC/B,cAAI;AACF,kBAAM,aAAa,MAAM,qBAAqB,UAAU,iBAAiB,KAAK;AAC9E,gBAAI,CAAC,YAAY;AACf,kBAAI,MAAM,mDAAmD;AAC7D,kBAAI,CAAC,WAAW;AACd,iCAAiB,IAAI;AACrB,yBAAS,IAAI,MAAM,mDAAmD,CAAC;AACvE,6BAAa,KAAK;AAAA,cACpB;AACA;AAAA,YACF;AAEA,gBAAI,CAAC,WAAW;AACd,+BAAiB;AAAA,gBACf,GAAG;AAAA,gBACH,OAAO,SAAS,WAAW;AAAA,cAC7B,CAAC;AACD,2BAAa,KAAK;AAAA,YACpB;AAAA,UACF,SAAS,KAAK;AACZ,gBAAI,MAAM,qCAAqC,GAAG;AAClD,gBAAI,CAAC,WAAW;AACd,+BAAiB,IAAI;AACrB,uBAAS,GAAY;AACrB,2BAAa,KAAK;AAAA,YACpB;AAAA,UACF;AACA;AAAA,QACF;AAGA,YAAI,MAAM,4CAA4C;AACtD,YAAI,CAAC,WAAW;AACd,2BAAiB,IAAI;AACrB,mBAAS,IAAI,MAAM,4CAA4C,CAAC;AAChE,uBAAa,KAAK;AAAA,QACpB;AAAA,MACF,SAAS,KAAK;AACZ,YAAI,CAAC,WAAW;AACd,mBAAS,GAAY;AACrB,uBAAa,KAAK;AAAA,QACpB;AAAA,MACF;AAAA,IACF;AAEA,iBAAa;AAEb,WAAO,MAAM;AACX,kBAAY;AAAA,IACd;AAAA,EACF,GAAG,CAAC,wBAAwB,iBAAiB,QAAQ,CAAC;AAEtD,SAAO;AAAA,IACL,eAAe,YAAY,iBAAiB,cAAuB;AAAA,IACnE;AAAA,IACA;AAAA,EACF;AACF;;;AErOA,SAAS,YAAAC,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,UAAS,UAAAC,eAAc;AAwC3D,SAAS,eAAe,QAAc,OAAc;AACzD,QAAM,CAAC,aAAa,cAAc,IAAIC,UAAwB,CAAC,CAAkB;AACjF,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AACrD,QAAM,gBAAgBC,QAAO,KAAK;AAGlC,EAAAC,WAAU,MAAM;AACd,QAAI,CAAC,MAAM,kBAAkB,MAAM,mBAAmB,QAAS,OAAO,MAAM,mBAAmB,YAAY,MAAM,eAAe,KAAK,MAAM,IAAK;AAC9I,YAAM,YAAY,WAAW,MAAM;AACjC,iBAAS,IAAI,MAAM,wDAAwD,CAAC;AAC5E,qBAAa,KAAK;AAAA,MACpB,GAAG,GAAI;AAEP,aAAO,MAAM,aAAa,SAAS;AAAA,IACrC;AAEA,QAAI,OAAO,YAAY,0DAA0D;AAC/E,eAAS,IAAI;AAAA,IACf;AAAA,EACF,GAAG,CAAC,MAAM,gBAAgB,KAAK,CAAC;AAEhC,EAAAA,WAAU,MAAM;AACd,UAAM,mBAAmB,YAAY;AAEnC,UAAI,cAAc,SAAS;AACzB;AAAA,MACF;AAEA,UAAI,CAAC,QAAQ;AACX,uBAAe,CAAC,CAAkB;AAClC,qBAAa,KAAK;AAClB;AAAA,MACF;AAKA,UAAI,CAAC,MAAM,kBAAkB,MAAM,mBAAmB,QAAS,OAAO,MAAM,mBAAmB,YAAY,MAAM,eAAe,KAAK,MAAM,IAAK;AAE9I,qBAAa,IAAI;AACjB,iBAAS,IAAI;AACb;AAAA,MACF;AAEA,UAAI;AACF,sBAAc,UAAU;AACxB,qBAAa,IAAI;AACjB,iBAAS,IAAI;AAGb,cAAM,gBAAgB,MAAM,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAG9D,uBAAe,aAAa;AAAA,MAC9B,SAAS,KAAK;AAGZ,cAAM,SAAS,cAAc;AAC7B,eAAO,MAAM,gCAAgC,GAAG;AAChD,iBAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAAA,MAEhF,UAAE;AACA,qBAAa,KAAK;AAClB,sBAAc,UAAU;AAAA,MAC1B;AAAA,IACF;AAEA,qBAAiB;AAAA,EACnB,GAAG,CAAC,QAAQ,MAAM,gBAAgB,MAAM,SAAS,MAAM,KAAK,CAAC;AAE7D,QAAM,gBAAgBC,aAAY,CAAC,eAAoC;AACrE,QAAI,YAAY,GAAG,GAAG;AACpB,aAAO;AAAA,IACT;AACA,WAAO,YAAY,UAAU,MAAM;AAAA,EACrC,GAAG,CAAC,WAAW,CAAC;AAEhB,QAAM,mBAAmBA,aAAY,CAAC,mBAA0C;AAC9E,QAAI,YAAY,GAAG,GAAG;AACpB,aAAO;AAAA,IACT;AACA,WAAO,eAAe,KAAK,OAAK,YAAY,CAAC,MAAM,IAAI;AAAA,EACzD,GAAG,CAAC,WAAW,CAAC;AAEhB,QAAM,oBAAoBA,aAAY,CAAC,mBAA0C;AAC/E,QAAI,YAAY,GAAG,GAAG;AACpB,aAAO;AAAA,IACT;AACA,WAAO,eAAe,MAAM,OAAK,YAAY,CAAC,MAAM,IAAI;AAAA,EAC1D,GAAG,CAAC,WAAW,CAAC;AAEhB,QAAM,UAAUA,aAAY,YAAY;AAEtC,QAAI,cAAc,SAAS;AACzB;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ;AACX,qBAAe,CAAC,CAAkB;AAClC,mBAAa,KAAK;AAClB;AAAA,IACF;AAIA,QAAI,CAAC,MAAM,kBAAkB,MAAM,mBAAmB,QAAS,OAAO,MAAM,mBAAmB,YAAY,MAAM,eAAe,KAAK,MAAM,IAAK;AAE9I,mBAAa,IAAI;AACjB,eAAS,IAAI;AACb;AAAA,IACF;AAEA,QAAI;AACF,oBAAc,UAAU;AACxB,mBAAa,IAAI;AACjB,eAAS,IAAI;AAGb,YAAM,gBAAgB,MAAM,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAG9D,qBAAe,aAAa;AAAA,IAC9B,SAAS,KAAK;AAGZ,YAAM,SAAS,cAAc;AAC7B,aAAO,MAAM,kCAAkC,GAAG;AAClD,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAAA,IAEhF,UAAE;AACA,mBAAa,KAAK;AAClB,oBAAc,UAAU;AAAA,IAC1B;AAAA,EACF,GAAG,CAAC,QAAQ,MAAM,gBAAgB,MAAM,SAAS,MAAM,KAAK,CAAC;AAG7D,SAAOC,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,CAAC,aAAa,WAAW,OAAO,eAAe,kBAAkB,mBAAmB,OAAO,CAAC;AAClG;AAwBO,SAAS,OACd,QACA,OACA,YACA,QACA,WAAoB,MACpB;AACA,QAAM,CAAC,KAAK,MAAM,IAAIJ,UAAkB,KAAK;AAC7C,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAGrD,QAAM,eAAe,SAAS,OAAO,UAAU;AAC/C,QAAM,iBAAiB,eAAe,MAAM,iBAAiB;AAC7D,QAAM,UAAU,eAAe,MAAM,UAAU;AAC/C,QAAM,QAAQ,eAAe,MAAM,QAAQ;AAG3C,EAAAE,WAAU,MAAM;AACd,QAAI,CAAC,gBAAgB,CAAC,kBAAkB,mBAAmB,QAAS,OAAO,mBAAmB,YAAY,eAAe,KAAK,MAAM,IAAK;AACvI,YAAM,YAAY,WAAW,MAAM;AACjC,iBAAS,IAAI,MAAM,wDAAwD,CAAC;AAC5E,qBAAa,KAAK;AAClB,eAAO,KAAK;AAAA,MACd,GAAG,GAAI;AAEP,aAAO,MAAM,aAAa,SAAS;AAAA,IACrC;AAEA,QAAI,OAAO,YAAY,0DAA0D;AAC/E,eAAS,IAAI;AAAA,IACf;AAAA,EACF,GAAG,CAAC,cAAc,gBAAgB,KAAK,CAAC;AAGxC,QAAM,gBAAgBD,QAAoB,IAAI;AAC9C,QAAM,eAAeA,QAAsB,IAAI;AAC/C,QAAM,oBAAoBA,QAA0B,IAAI;AACxD,QAAM,gBAAgBA,QAAgC,IAAI;AAC1D,QAAM,kBAAkBA,QAAuB,IAAI;AAEnD,EAAAC,WAAU,MAAM;AAEd,UAAM,WAAW,eAAe,GAAG,cAAc,IAAI,OAAO,IAAI,KAAK,KAAK;AAG1E,QACE,cAAc,YAAY,UAC1B,aAAa,YAAY,YACzB,kBAAkB,YAAY,cAC9B,cAAc,YAAY,UAC1B,gBAAgB,YAAY,UAC5B;AACA,oBAAc,UAAU;AACxB,mBAAa,UAAU;AACvB,wBAAkB,UAAU;AAC5B,oBAAc,UAAU;AACxB,sBAAgB,UAAU;AAG1B,YAAM,kBAAkB,YAAY;AAClC,YAAI,CAAC,QAAQ;AACX,iBAAO,KAAK;AACZ,uBAAa,KAAK;AAClB;AAAA,QACF;AAGA,YAAI,CAAC,cAAc;AACjB,uBAAa,IAAI;AACjB,iBAAO,KAAK;AACZ,mBAAS,IAAI;AAEb;AAAA,QACF;AAIA,YAAI,CAAC,kBAAkB,mBAAmB,QAAS,OAAO,mBAAmB,YAAY,eAAe,KAAK,MAAM,IAAK;AACtH,uBAAa,IAAI;AACjB,iBAAO,KAAK;AACZ,mBAAS,IAAI;AAEb;AAAA,QACF;AAEA,YAAI;AACF,uBAAa,IAAI;AACjB,mBAAS,IAAI;AAGb,gBAAM,aAAoB;AAAA,YACxB;AAAA,YACA,GAAI,UAAU,EAAE,QAAQ,IAAI,CAAC;AAAA,YAC7B,GAAI,QAAQ,EAAE,MAAM,IAAI,CAAC;AAAA,UAC3B;AAEA,gBAAM,SAAS,WACX,MAAM,kBAAkB,EAAE,QAAQ,OAAO,YAAY,YAAY,OAAO,CAAC,IACzE,MAAM,YAAY,EAAE,QAAQ,OAAO,YAAY,YAAY,OAAO,CAAC;AAEvE,iBAAO,MAAM;AAAA,QACf,SAAS,KAAK;AACZ,gBAAM,SAAS,cAAc;AAC7B,iBAAO,MAAM,2BAA2B,EAAE,YAAY,OAAO,IAAI,CAAC;AAClE,mBAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,4BAA4B,CAAC;AAC7E,iBAAO,KAAK;AAAA,QACd,UAAE;AACA,uBAAa,KAAK;AAAA,QACpB;AAAA,MACF;AAEA,sBAAgB;AAAA,IAClB;AAAA,EACF,GAAG,CAAC,QAAQ,cAAc,gBAAgB,SAAS,OAAO,YAAY,QAAQ,QAAQ,CAAC;AAEvF,QAAM,UAAUC,aAAY,YAAY;AACtC,QAAI,CAAC,QAAQ;AACX,aAAO,KAAK;AACZ,mBAAa,KAAK;AAClB;AAAA,IACF;AAGA,QAAI,CAAC,cAAc;AACjB,aAAO,KAAK;AACZ,mBAAa,IAAI;AACjB,eAAS,IAAI;AACb;AAAA,IACF;AAGA,QAAI,CAAC,kBAAkB,mBAAmB,QAAS,OAAO,mBAAmB,YAAY,eAAe,KAAK,MAAM,IAAK;AACtH,aAAO,KAAK;AACZ,mBAAa,IAAI;AACjB,eAAS,IAAI;AACb;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAGb,YAAM,aAAoB;AAAA,QACxB;AAAA,QACA,GAAI,UAAU,EAAE,QAAQ,IAAI,CAAC;AAAA,QAC7B,GAAI,QAAQ,EAAE,MAAM,IAAI,CAAC;AAAA,MAC3B;AAEA,YAAM,SAAS,WACX,MAAM,kBAAkB,EAAE,QAAQ,OAAO,YAAY,YAAY,OAAO,CAAC,IACzE,MAAM,YAAY,EAAE,QAAQ,OAAO,YAAY,YAAY,OAAO,CAAC;AAEvE,aAAO,MAAM;AAAA,IACf,SAAS,KAAK;AACZ,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,4BAA4B,CAAC;AAC7E,aAAO,KAAK;AAAA,IACd,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,QAAQ,cAAc,gBAAgB,SAAS,OAAO,YAAY,QAAQ,QAAQ,CAAC;AAGvF,SAAOC,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,CAAC,KAAK,WAAW,OAAO,OAAO,CAAC;AACtC;AA0BO,SAAS,eAAe,QAAc,OAK3C;AACA,QAAM,CAAC,aAAa,cAAc,IAAIJ,UAA0B,QAAQ;AACxE,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAErD,QAAM,mBAAmBG,aAAY,YAAY;AAC/C,QAAI,CAAC,QAAQ;AACX,qBAAe,QAAQ;AACvB,mBAAa,KAAK;AAClB;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAEb,YAAM,QAAQ,MAAM,eAAe,EAAE,QAAQ,MAAM,CAAC;AACpD,qBAAe,KAAK;AAAA,IACtB,SAAS,KAAK;AACZ,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,8BAA8B,CAAC;AAC/E,qBAAe,QAAQ;AAAA,IACzB,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,QAAQ,MAAM,gBAAgB,MAAM,SAAS,MAAM,KAAK,CAAC;AAE7D,EAAAD,WAAU,MAAM;AACd,qBAAiB;AAAA,EACnB,GAAG,CAAC,gBAAgB,CAAC;AAGrB,SAAOE,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX,IAAI,CAAC,aAAa,WAAW,OAAO,gBAAgB,CAAC;AACvD;AAiCO,SAAS,uBACd,QACA,OACA,aACA,WAAoB,MAMpB;AACA,QAAM,CAAC,SAAS,UAAU,IAAIJ,UAAsC,CAAC,CAAgC;AACrG,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAErD,QAAM,mBAAmBG,aAAY,YAAY;AAC/C,QAAI,CAAC,UAAU,YAAY,WAAW,GAAG;AACvC,iBAAW,CAAC,CAAgC;AAC5C,mBAAa,KAAK;AAClB;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAEb,YAAM,oBAAiD,CAAC;AAGxD,iBAAW,cAAc,aAAa;AACpC,cAAM,SAAS,WACX,MAAM,kBAAkB,EAAE,QAAQ,OAAO,WAAW,CAAC,IACrD,MAAM,YAAY,EAAE,QAAQ,OAAO,WAAW,CAAC;AACnD,0BAAkB,UAAU,IAAI;AAAA,MAClC;AAEA,iBAAW,iBAAiB;AAAA,IAC9B,SAAS,KAAK;AACZ,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAC9E,iBAAW,CAAC,CAAgC;AAAA,IAC9C,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,QAAQ,MAAM,gBAAgB,MAAM,SAAS,MAAM,OAAO,aAAa,QAAQ,CAAC;AAEpF,EAAAD,WAAU,MAAM;AACd,qBAAiB;AAAA,EACnB,GAAG,CAAC,gBAAgB,CAAC;AAGrB,SAAOE,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX,IAAI,CAAC,SAAS,WAAW,OAAO,gBAAgB,CAAC;AACnD;AA2BO,SAAS,oBACd,QACA,OACA,aACA,WAAoB,MAMpB;AACA,QAAM,CAAC,QAAQ,SAAS,IAAIJ,UAAkB,KAAK;AACnD,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAErD,QAAM,qBAAqBG,aAAY,YAAY;AACjD,QAAI,CAAC,UAAU,YAAY,WAAW,GAAG;AACvC,gBAAU,KAAK;AACf,mBAAa,KAAK;AAClB;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAEb,UAAI,mBAAmB;AAEvB,iBAAW,cAAc,aAAa;AACpC,cAAM,SAAS,WACX,MAAM,kBAAkB,EAAE,QAAQ,OAAO,WAAW,CAAC,IACrD,MAAM,YAAY,EAAE,QAAQ,OAAO,WAAW,CAAC;AAEnD,YAAI,QAAQ;AACV,6BAAmB;AACnB;AAAA,QACF;AAAA,MACF;AAEA,gBAAU,gBAAgB;AAAA,IAC5B,SAAS,KAAK;AACZ,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAC9E,gBAAU,KAAK;AAAA,IACjB,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,QAAQ,MAAM,gBAAgB,MAAM,SAAS,MAAM,OAAO,aAAa,QAAQ,CAAC;AAEpF,EAAAD,WAAU,MAAM;AACd,uBAAmB;AAAA,EACrB,GAAG,CAAC,kBAAkB,CAAC;AAGvB,SAAOE,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX,IAAI,CAAC,QAAQ,WAAW,OAAO,kBAAkB,CAAC;AACpD;AA2BO,SAAS,qBACd,QACA,OACA,aACA,WAAoB,MAMpB;AACA,QAAM,CAAC,QAAQ,SAAS,IAAIJ,UAAkB,KAAK;AACnD,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAErD,QAAM,sBAAsBG,aAAY,YAAY;AAClD,QAAI,CAAC,UAAU,YAAY,WAAW,GAAG;AACvC,gBAAU,KAAK;AACf,mBAAa,KAAK;AAClB;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAEb,UAAI,oBAAoB;AAExB,iBAAW,cAAc,aAAa;AACpC,cAAM,SAAS,WACX,MAAM,kBAAkB,EAAE,QAAQ,OAAO,WAAW,CAAC,IACrD,MAAM,YAAY,EAAE,QAAQ,OAAO,WAAW,CAAC;AAEnD,YAAI,CAAC,QAAQ;AACX,8BAAoB;AACpB;AAAA,QACF;AAAA,MACF;AAEA,gBAAU,iBAAiB;AAAA,IAC7B,SAAS,KAAK;AACZ,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAC9E,gBAAU,KAAK;AAAA,IACjB,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,QAAQ,MAAM,gBAAgB,MAAM,SAAS,MAAM,OAAO,aAAa,QAAQ,CAAC;AAEpF,EAAAD,WAAU,MAAM;AACd,wBAAoB;AAAA,EACtB,GAAG,CAAC,mBAAmB,CAAC;AAGxB,SAAOE,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX,IAAI,CAAC,QAAQ,WAAW,OAAO,mBAAmB,CAAC;AACrD;AA0BO,SAAS,qBAAqB,QAAc,OAMjD;AACA,QAAM,CAAC,aAAa,cAAc,IAAIJ,UAAwB,CAAC,CAAkB;AACjF,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAErD,QAAM,yBAAyBG,aAAY,YAAY;AACrD,QAAI,CAAC,QAAQ;AACX,qBAAe,CAAC,CAAkB;AAClC,mBAAa,KAAK;AAClB;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAEb,YAAM,gBAAgB,MAAM,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAC9D,qBAAe,aAAa;AAAA,IAC9B,SAAS,KAAK;AACZ,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,oCAAoC,CAAC;AAAA,IACvF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,QAAQ,MAAM,gBAAgB,MAAM,SAAS,MAAM,KAAK,CAAC;AAE7D,QAAM,kBAAkBA,aAAY,MAAM;AAGxC,2BAAuB;AAAA,EACzB,GAAG,CAAC,sBAAsB,CAAC;AAE3B,EAAAD,WAAU,MAAM;AACd,2BAAuB;AAAA,EACzB,GAAG,CAAC,sBAAsB,CAAC;AAG3B,SAAOE,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX,IAAI,CAAC,aAAa,WAAW,OAAO,iBAAiB,sBAAsB,CAAC;AAC9E;;;AClvBA;AADA,SAAS,YAAAC,WAAU,eAAAC,oBAAmB;AA6B/B,SAAS,oBAAoB;AAClC,QAAM,EAAE,MAAM,SAAS,IAAI,eAAe;AAC1C,QAAM,CAAC,WAAW,YAAY,IAAID,UAAS,KAAK;AAChD,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAErD,MAAI,CAAC,UAAU;AACb,UAAM,IAAI,MAAM,yFAAyF;AAAA,EAC3G;AAcA,QAAM,qBAAqBC,aAAY,OACrC,WACkC;AAClC,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AACF,YAAM,EAAE,MAAM,OAAO,SAAS,IAAI,MAAM,SAAS,IAAI,yBAAyB;AAAA,QAC5E,WAAW,OAAO;AAAA,QAClB,mBAAmB,OAAO;AAAA,QAC1B,YAAY,OAAO;AAAA,QACnB,UAAU,OAAO;AAAA,QACjB,QAAQ,OAAO;AAAA,QACf,cAAc,OAAO,cAAc,MAAM,MAAM;AAAA,MACjD,CAAC;AAED,UAAI,UAAU;AACZ,cAAM,IAAI,MAAM,SAAS,WAAW,uBAAuB;AAAA,MAC7D;AAEA,aAAO;AAAA,QACL,SAAS,SAAS;AAAA,QAClB,SAAS,SAAS,OAAO,8BAA8B;AAAA,QACvD,OAAO,SAAS,QAAQ,2BAA2B;AAAA,MACrD;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,eAAe,eAAe,QAAQ,IAAI,UAAU;AAC1D,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,YAAY,CAAC;AAC7D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,MACT;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,MAAM,EAAE,CAAC;AAcb,QAAM,oBAAoBA,aAAY,OACpC,WACkC;AAClC,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AACF,YAAM,EAAE,MAAM,OAAO,SAAS,IAAI,MAAM,SAAS,IAAI,wBAAwB;AAAA,QAC3E,WAAW,OAAO;AAAA,QAClB,mBAAmB,OAAO;AAAA,QAC1B,YAAY,OAAO;AAAA,QACnB,UAAU,OAAO;AAAA,QACjB,QAAQ,OAAO;AAAA,QACf,cAAc,OAAO,cAAc,MAAM,MAAM;AAAA,QAC/C,cAAc,OAAO;AAAA,QACrB,YAAY,OAAO;AAAA,MACrB,CAAC;AAED,UAAI,UAAU;AACZ,cAAM,IAAI,MAAM,SAAS,WAAW,sBAAsB;AAAA,MAC5D;AAEA,UAAI,CAAC,MAAM;AACT,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO;AAAA,QACT;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,QAAQ;AAAA,MACV;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,eAAe,eAAe,QAAQ,IAAI,UAAU;AAC1D,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,YAAY,CAAC;AAC7D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,MACT;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,MAAM,EAAE,CAAC;AAWb,QAAM,iBAAiBA,aAAY,OACjC,WACkC;AAClC,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AAEF,YAAM,EAAE,MAAM,UAAU,OAAO,WAAW,IAAI,MAAM,SACjD,KAAK,sBAAsB,EAC3B,OAAO,iCAAiC,EACxC,GAAG,MAAM,MAAM,EACf,OAAO;AAEV,UAAI,cAAc,CAAC,UAAU;AAC3B,cAAM,IAAI,MAAM,YAAY,WAAW,gBAAgB;AAAA,MACzD;AAGA,YAAM,YAAY,GAAG,SAAS,QAAQ,IAAI,SAAS,MAAM;AAGzD,YAAM,EAAE,MAAM,OAAO,SAAS,IAAI,MAAM,SAAS,IAAI,oBAAoB;AAAA,QACvE,WAAW,SAAS;AAAA,QACpB,aAAa;AAAA,QACb,aAAa,SAAS;AAAA,QACtB,cAAc;AAAA,QACd,cAAc,MAAM,MAAM;AAAA,MAC5B,CAAC;AAED,UAAI,UAAU;AACZ,cAAM,IAAI,MAAM,SAAS,WAAW,uBAAuB;AAAA,MAC7D;AAGA,YAAM,SAAS,MAAM,QAAQ,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI;AAElE,aAAO;AAAA,QACL,SAAS,QAAQ,YAAY;AAAA,QAC7B,SAAS,QAAQ,WAAW;AAAA,QAC5B,OAAO,QAAQ,YAAY,QAAS,QAAQ,WAAW,QAAQ,cAAc,kBAAmB;AAAA,MAClG;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,eAAe,eAAe,QAAQ,IAAI,UAAU;AAC1D,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,YAAY,CAAC;AAC7D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,MACT;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,MAAM,IAAI,QAAQ,CAAC;AAEvB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":["error","useEffect","useState","useState","useEffect","error","useState","useEffect","useCallback","useMemo","useRef","useState","useRef","useEffect","useCallback","useMemo","useState","useCallback"]}

package/dist/{chunk-XARJS7CD.js → chunk-INQLMHPF.js}

@@ -4,7 +4,7 @@ import {
   init_InactivityServiceProvider,
   init_OrganisationServiceProvider,
   init_UnifiedAuthProvider
-} from "./chunk-4MT5BGGL.js";
+} from "./chunk-YCWDTTUK.js";
 
 // src/providers/index.ts
 init_UnifiedAuthProvider();
@@ -12,4 +12,4 @@ init_EventServiceProvider();
 init_OrganisationServiceProvider();
 init_InactivityServiceProvider();
 init_AuthServiceProvider();
-//# sourceMappingURL=chunk-XARJS7CD.js.map
+//# sourceMappingURL=chunk-INQLMHPF.js.map

package/dist/chunk-JISYG63F.js

@@ -0,0 +1,70 @@
+// src/utils/validation.ts
+function isValidEmail(email) {
+  const emailPattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+  return emailPattern.test(email);
+}
+function isEmpty(value) {
+  return value === null || value === void 0 || value.trim() === "";
+}
+function isStrongPassword(password) {
+  const passwordPattern = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,}$/;
+  return passwordPattern.test(password);
+}
+function isValidUrl(url) {
+  try {
+    new URL(url);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function isValidDate(dateStr) {
+  const date = new Date(dateStr);
+  return !isNaN(date.getTime());
+}
+function isWithinRange(value, min, max) {
+  return value >= min && value <= max;
+}
+function matchesPattern(value, pattern) {
+  return pattern.test(value);
+}
+function deepMerge(target, source) {
+  const output = { ...target };
+  if (isObject(target) && isObject(source)) {
+    Object.keys(source).forEach((key) => {
+      if (isObject(source[key])) {
+        if (!(key in target)) {
+          Object.assign(output, { [key]: source[key] });
+        } else {
+          const targetKey = key;
+          const targetValue = target[targetKey];
+          if (isObject(targetValue)) {
+            output[targetKey] = deepMerge(
+              targetValue,
+              source[key]
+            );
+          }
+        }
+      } else {
+        Object.assign(output, { [key]: source[key] });
+      }
+    });
+  }
+  return output;
+}
+function isObject(item) {
+  return item !== null && typeof item === "object" && !Array.isArray(item);
+}
+
+export {
+  isValidEmail,
+  isEmpty,
+  isStrongPassword,
+  isValidUrl,
+  isValidDate,
+  isWithinRange,
+  matchesPattern,
+  deepMerge,
+  isObject
+};
+//# sourceMappingURL=chunk-JISYG63F.js.map

package/dist/chunk-JISYG63F.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/utils/validation.ts"],"sourcesContent":["/**\n * @file Internal utilities for validation module\n * @internal This file contains implementation details that should not be used directly\n */\n\n/**\n * Utility functions for validating data in the application\n */\n\n/**\n * Check if a string is a valid email\n */\nexport function isValidEmail(email: string): boolean {\n  const emailPattern = /^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/;\n  return emailPattern.test(email);\n}\n\n/**\n * Check if a string is empty (either null, undefined, or just whitespace)\n */\nexport function isEmpty(value: string | null | undefined): boolean {\n  return value === null || value === undefined || value.trim() === '';\n}\n\n/**\n * Check if a password meets minimum requirements\n */\nexport function isStrongPassword(password: string): boolean {\n  // Minimum 8 characters, at least one uppercase, one lowercase, one number\n  const passwordPattern = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d).{8,}$/;\n  return passwordPattern.test(password);\n}\n\n/**\n * Check if a URL is valid\n */\nexport function isValidUrl(url: string): boolean {\n  try {\n    new URL(url);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * Check if a date string is valid\n */\nexport function isValidDate(dateStr: string): boolean {\n  const date = new Date(dateStr);\n  return !isNaN(date.getTime());\n}\n\n/**\n * Check if a value is within a range\n */\nexport function isWithinRange(value: number, min: number, max: number): boolean {\n  return value >= min && value <= max;\n}\n\n/**\n * Check if a value matches a specific pattern\n */\nexport function matchesPattern(value: string, pattern: RegExp): boolean {\n  return pattern.test(value);\n}\n\n/**\n * Utility function to deep merge objects for schema combination\n * @internal\n */\nexport function deepMerge<T extends Record<string, unknown>>(\n  target: T, \n  source: Record<string, unknown>\n): T {\n  const output = { ...target };\n  \n  if (isObject(target) && isObject(source)) {\n    Object.keys(source).forEach(key => {\n      if (isObject(source[key])) {\n        if (!(key in target)) {\n          Object.assign(output, { [key]: source[key] });\n        } else {\n          // Use a type assertion to safely handle the indexing\n          const targetKey = key as keyof typeof target;\n          const targetValue = target[targetKey];\n          \n          if (isObject(targetValue)) {\n            // Safe cast using type assertion\n            output[targetKey] = deepMerge(\n              targetValue as Record<string, unknown>,\n              source[key] as Record<string, unknown>\n            ) as unknown as T[keyof T];\n          }\n        }\n      } else {\n        Object.assign(output, { [key]: source[key] });\n      }\n    });\n  }\n  \n  return output as T;\n}\n\n/**\n * Type guard to check if a value is a plain object\n * @internal\n */\nexport function isObject(item: unknown): item is Record<string, unknown> {\n  return item !== null && typeof item === 'object' && !Array.isArray(item);\n}\n"],"mappings":";AAYO,SAAS,aAAa,OAAwB;AACnD,QAAM,eAAe;AACrB,SAAO,aAAa,KAAK,KAAK;AAChC;AAKO,SAAS,QAAQ,OAA2C;AACjE,SAAO,UAAU,QAAQ,UAAU,UAAa,MAAM,KAAK,MAAM;AACnE;AAKO,SAAS,iBAAiB,UAA2B;AAE1D,QAAM,kBAAkB;AACxB,SAAO,gBAAgB,KAAK,QAAQ;AACtC;AAKO,SAAS,WAAW,KAAsB;AAC/C,MAAI;AACF,QAAI,IAAI,GAAG;AACX,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAKO,SAAS,YAAY,SAA0B;AACpD,QAAM,OAAO,IAAI,KAAK,OAAO;AAC7B,SAAO,CAAC,MAAM,KAAK,QAAQ,CAAC;AAC9B;AAKO,SAAS,cAAc,OAAe,KAAa,KAAsB;AAC9E,SAAO,SAAS,OAAO,SAAS;AAClC;AAKO,SAAS,eAAe,OAAe,SAA0B;AACtE,SAAO,QAAQ,KAAK,KAAK;AAC3B;AAMO,SAAS,UACd,QACA,QACG;AACH,QAAM,SAAS,EAAE,GAAG,OAAO;AAE3B,MAAI,SAAS,MAAM,KAAK,SAAS,MAAM,GAAG;AACxC,WAAO,KAAK,MAAM,EAAE,QAAQ,SAAO;AACjC,UAAI,SAAS,OAAO,GAAG,CAAC,GAAG;AACzB,YAAI,EAAE,OAAO,SAAS;AACpB,iBAAO,OAAO,QAAQ,EAAE,CAAC,GAAG,GAAG,OAAO,GAAG,EAAE,CAAC;AAAA,QAC9C,OAAO;AAEL,gBAAM,YAAY;AAClB,gBAAM,cAAc,OAAO,SAAS;AAEpC,cAAI,SAAS,WAAW,GAAG;AAEzB,mBAAO,SAAS,IAAI;AAAA,cAClB;AAAA,cACA,OAAO,GAAG;AAAA,YACZ;AAAA,UACF;AAAA,QACF;AAAA,MACF,OAAO;AACL,eAAO,OAAO,QAAQ,EAAE,CAAC,GAAG,GAAG,OAAO,GAAG,EAAE,CAAC;AAAA,MAC9C;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAMO,SAAS,SAAS,MAAgD;AACvE,SAAO,SAAS,QAAQ,OAAO,SAAS,YAAY,CAAC,MAAM,QAAQ,IAAI;AACzE;","names":[]}

package/dist/{chunk-SL2YQDR6.js → chunk-MA6EPSGZ.js}

@@ -3,7 +3,7 @@ import {
   init_useOrganisationService,
   useEventService2 as useEventService,
   useOrganisationService2 as useOrganisationService
-} from "./chunk-4MT5BGGL.js";
+} from "./chunk-YCWDTTUK.js";
 import {
   __esm
 } from "./chunk-PLDDJCW6.js";
@@ -58,4 +58,4 @@ export {
   init_useOrganisations,
   useEvents
 };
-//# sourceMappingURL=chunk-SL2YQDR6.js.map
+//# sourceMappingURL=chunk-MA6EPSGZ.js.map

package/dist/{chunk-5DPZ5EAT.js → chunk-OWAG3GSU.js}

@@ -53,8 +53,6 @@ function renderSafeHtml(html, options = {}) {
 }
 
 export {
-  sanitizeHtml,
-  validateHtml,
   renderSafeHtml
 };
-//# sourceMappingURL=chunk-5DPZ5EAT.js.map
+//# sourceMappingURL=chunk-OWAG3GSU.js.map