@jmruthers/pace-core 0.5.147 → 0.5.149

package/docs/api/interfaces/ToastActionElement.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / ToastActionElement
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / ToastActionElement
 
 # Interface: ToastActionElement
 

package/docs/api/interfaces/ToastProps.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / ToastProps
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / ToastProps
 
 # Interface: ToastProps
 

package/docs/api/interfaces/UnifiedAuthContextType.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UnifiedAuthContextType
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UnifiedAuthContextType
 
 # Interface: UnifiedAuthContextType
 

package/docs/api/interfaces/UnifiedAuthProviderProps.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UnifiedAuthProviderProps
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UnifiedAuthProviderProps
 
 # Interface: UnifiedAuthProviderProps
 

package/docs/api/interfaces/UseInactivityTrackerOptions.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UseInactivityTrackerOptions
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UseInactivityTrackerOptions
 
 # Interface: UseInactivityTrackerOptions
 

package/docs/api/interfaces/UseInactivityTrackerReturn.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UseInactivityTrackerReturn
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UseInactivityTrackerReturn
 
 # Interface: UseInactivityTrackerReturn
 

package/docs/api/interfaces/UsePublicEventOptions.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UsePublicEventOptions
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UsePublicEventOptions
 
 # Interface: UsePublicEventOptions
 

package/docs/api/interfaces/UsePublicEventReturn.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UsePublicEventReturn
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UsePublicEventReturn
 
 # Interface: UsePublicEventReturn
 

package/docs/api/interfaces/UsePublicFileDisplayOptions.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UsePublicFileDisplayOptions
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UsePublicFileDisplayOptions
 
 # Interface: UsePublicFileDisplayOptions
 

package/docs/api/interfaces/UsePublicFileDisplayReturn.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UsePublicFileDisplayReturn
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UsePublicFileDisplayReturn
 
 # Interface: UsePublicFileDisplayReturn
 

package/docs/api/interfaces/UsePublicRouteParamsReturn.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UsePublicRouteParamsReturn
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UsePublicRouteParamsReturn
 
 # Interface: UsePublicRouteParamsReturn
 

package/docs/api/interfaces/UseResolvedScopeOptions.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UseResolvedScopeOptions
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UseResolvedScopeOptions
 
 # Interface: UseResolvedScopeOptions
 

package/docs/api/interfaces/UseResolvedScopeReturn.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UseResolvedScopeReturn
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UseResolvedScopeReturn
 
 # Interface: UseResolvedScopeReturn
 

package/docs/api/interfaces/UseResourcePermissionsOptions.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UseResourcePermissionsOptions
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UseResourcePermissionsOptions
 
 # Interface: UseResourcePermissionsOptions
 

package/docs/api/interfaces/UserEventAccess.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UserEventAccess
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UserEventAccess
 
 # Interface: UserEventAccess
 

package/docs/api/interfaces/UserMenuProps.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UserMenuProps
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UserMenuProps
 
 # Interface: UserMenuProps
 

package/docs/api/interfaces/UserProfile.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.147](../README.md) / [Exports](../modules.md) / UserProfile
+[@jmruthers/pace-core - v0.5.149](../README.md) / [Exports](../modules.md) / UserProfile
 
 # Interface: UserProfile
 

package/docs/api/modules.md

@@ -1,6 +1,6 @@
-[@jmruthers/pace-core - v0.5.147](README.md) / Exports
+[@jmruthers/pace-core - v0.5.149](README.md) / Exports
 
-# @jmruthers/pace-core - v0.5.147
+# @jmruthers/pace-core - v0.5.149
 
 **`File`**
 

package/docs/rbac/RBAC_LOGIN_SAFETY_FIX.md

@@ -0,0 +1,95 @@
+# RBAC Login Safety Fix - v0.5.148
+
+## Problem
+
+After RBAC changes, users reported login failures. Investigation revealed:
+1. **CORS error** - Network/infrastructure issue (separate from RBAC)
+2. **Potential hook errors** - `useOrganisations()` might throw when called before authentication
+
+## Root Cause
+
+`useRBAC` hook calls `useOrganisations()` unconditionally (required by React hooks rules). If `useOrganisations()` throws an error when there's no authenticated user, it could break the login flow.
+
+## Fix Applied
+
+Wrapped `useOrganisations()` call in try-catch, similar to how `useEvents()` is handled:
+
+```typescript
+// Safely get organisation context - may not be available during login
+let selectedOrganisation: { id: string } | null = null;
+let orgContextReady = false;
+let orgLoading = false;
+try {
+  const orgContext = useOrganisations();
+  selectedOrganisation = orgContext.selectedOrganisation;
+  orgContextReady = orgContext.isContextReady;
+  orgLoading = orgContext.isLoading;
+} catch (error) {
+  // Organisation provider not available or user not authenticated - this is OK
+  logger.debug('[useRBAC] Organisation provider not available, continuing without organisation context', error);
+}
+```
+
+## Safety Guarantees
+
+1. ✅ **`useRBAC` never throws** - All hook calls are wrapped in try-catch
+2. ✅ **Safe during login** - Returns empty state when unauthenticated
+3. ✅ **Early returns** - Exits immediately if no user/session
+4. ✅ **No logging noise** - Only logs when authenticated
+5. ✅ **No network calls** - Doesn't make RPC calls when unauthenticated
+
+## Verification
+
+### When Unauthenticated:
+- `useRBAC` returns safely with empty state
+- No errors thrown
+- No network calls made
+- Login flow proceeds normally
+
+### When Authenticated:
+- `useRBAC` loads organisation context
+- Waits for organisation context before loading RBAC
+- Loads permissions correctly
+
+## CORS Error (Separate Issue)
+
+The CORS error is **NOT caused by RBAC**. It's a network/infrastructure issue:
+
+```
+Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource 
+at https://srqhjwivpohjcjqikjry.supabase.co/auth/v1/token?grant_type=password
+```
+
+### To Fix CORS:
+1. Check Supabase Dashboard → Settings → API → CORS
+2. Add `localhost:8087` to allowed origins
+3. Or use wildcard `*` for development
+4. Check network/proxy settings
+5. Verify browser isn't blocking requests
+
+## Testing
+
+1. **Before login**:
+   - Open browser console
+   - Navigate to login page
+   - Verify no RBAC errors
+   - Verify login form displays
+
+2. **During login**:
+   - Enter credentials
+   - Click login
+   - Verify no RBAC errors in console
+   - If CORS error appears, it's a Supabase config issue (not RBAC)
+
+3. **After login**:
+   - Verify RBAC loads correctly
+   - Check console for RBAC loading logs
+   - Verify permissions load
+
+## Summary
+
+- ✅ **RBAC is now safe** - Wrapped in try-catch, won't break login
+- ✅ **No interference** - Early returns prevent any action when unauthenticated
+- ⚠️ **CORS is separate** - Infrastructure issue, needs Supabase config fix
+- ✅ **Ready for testing** - Should work correctly now
+

package/docs/troubleshooting/DEBUG_NETWORK_ERROR.md

@@ -0,0 +1,152 @@
+# Debugging NetworkError / CORS Error
+
+## The Real Issue
+
+If pace-cake works fine with the same Supabase instance, then **CORS is already configured correctly**. The "CORS request did not succeed" error message is often misleading - it usually means the request failed for another reason, not necessarily CORS policy.
+
+## How to Debug
+
+### Step 1: Check Network Tab in Browser DevTools
+
+1. Open browser DevTools (F12 or Cmd+Option+I)
+2. Go to **Network** tab
+3. Clear the network log
+4. Try to log in
+5. Look for the failed request to `/auth/v1/token`
+
+**What to check:**
+- **Status code**: What HTTP status code is returned? (200, 401, 500, etc.)
+- **Request headers**: Are the headers correct?
+- **Response**: What does the response say?
+- **Timing**: Does the request timeout or fail immediately?
+
+### Step 2: Check Console for Real Error
+
+The browser console might show the actual error. Look for:
+- Network timeout
+- Connection refused
+- SSL/TLS errors
+- Proxy errors
+- Request cancelled
+
+### Step 3: Compare with pace-cake
+
+Since pace-cake works:
+1. **Check pace-cake's network tab** - What does a successful login request look like?
+2. **Compare request headers** - Are they the same?
+3. **Compare Supabase client setup** - Is it identical?
+
+### Step 4: Check for Differences
+
+**Compare pace-trac vs pace-cake:**
+
+1. **Supabase client creation**:
+   ```typescript
+   // pace-trac - check this matches pace-cake
+   const supabase = createClient(url, key, {
+     auth: {
+       autoRefreshToken: true,
+       persistSession: true,
+       detectSessionInUrl: true
+     }
+   });
+   ```
+
+2. **setupRBAC call**:
+   ```typescript
+   // Should be identical
+   setupRBAC(supabase);
+   ```
+
+3. **Provider setup**:
+   ```typescript
+   // Should match pace-cake exactly
+   <UnifiedAuthProvider supabaseClient={supabase} appName={APP_NAME}>
+     <OrganisationProvider>
+       <App />
+     </OrganisationProvider>
+   </UnifiedAuthProvider>
+   ```
+
+### Step 5: Check Browser/Network Issues
+
+**Common causes of "CORS request did not succeed":**
+
+1. **Browser extension blocking requests**
+   - Try incognito/private mode
+   - Disable extensions one by one
+
+2. **Network/proxy issues**
+   - Check if corporate proxy is blocking
+   - Try different network (mobile hotspot)
+   - Check firewall settings
+
+3. **DNS issues**
+   - Can you reach `srqhjwivpohjcjqikjry.supabase.co`?
+   - Try pinging the domain
+
+4. **SSL/TLS issues**
+   - Check browser console for SSL errors
+   - Verify certificate is valid
+
+### Step 6: Check pace-trac Specific Issues
+
+**Things that might be different in pace-trac:**
+
+1. **Port number**: Are you using a different port than pace-cake?
+   - pace-cake might use `localhost:3000`
+   - pace-trac uses `localhost:8087`
+   - But if CORS is configured with wildcard, this shouldn't matter
+
+2. **Environment variables**: Are they correct?
+   ```bash
+   # Check these match pace-cake
+   VITE_SUPABASE_URL=...
+   VITE_SUPABASE_ANON_KEY=...
+   ```
+
+3. **Vite configuration**: Any proxy or network settings?
+   ```typescript
+   // vite.config.ts - check for any proxy settings
+   ```
+
+## Most Likely Causes
+
+Based on "pace-cake works but pace-trac doesn't":
+
+1. **Different port** - But CORS should allow both if configured correctly
+2. **Browser session issue** - Try clearing cache/cookies
+3. **Network timing** - Something interfering with the request
+4. **Code difference** - Something in pace-trac setup is different
+
+## Quick Fixes to Try
+
+1. **Clear browser cache and cookies**
+2. **Try incognito/private mode**
+3. **Try different browser**
+4. **Restart dev server**
+5. **Check if pace-cake still works** (verify Supabase is up)
+
+## If Still Failing
+
+**Check the actual network request details:**
+- Right-click the failed request in Network tab
+- Select "Copy" → "Copy as cURL"
+- Compare with pace-cake's successful request
+- Look for differences in headers, URL, or body
+
+**Check console for actual error:**
+- The "CORS request did not succeed" might be masking the real error
+- Look for other error messages before/after
+- Check if there are multiple failed requests
+
+## Summary
+
+Since pace-cake works, this is likely:
+- ✅ **NOT a CORS configuration issue** (already configured)
+- ✅ **NOT an RBAC issue** (RBAC doesn't interfere with auth)
+- ⚠️ **Likely a network/browser issue** specific to pace-trac
+- ⚠️ **Or a code difference** between pace-trac and pace-cake
+
+**Next step**: Check Network tab in DevTools to see the actual error, not just the CORS message.
+

package/docs/troubleshooting/FIX_SUPABASE_CORS.md

@@ -0,0 +1,184 @@
+# How to Fix CORS Error in Supabase
+
+## Problem
+
+You're seeing this error when trying to log in:
+```
+Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource 
+at https://srqhjwivpohjcjqikjry.supabase.co/auth/v1/token?grant_type=password
+(Reason: CORS request did not succeed)
+```
+
+This happens because Supabase is blocking requests from `localhost:8087` due to CORS (Cross-Origin Resource Sharing) policy.
+
+## Solution: Add Your Origin to Supabase CORS Settings
+
+### Step 1: Log into Supabase Dashboard
+
+1. Go to [https://app.supabase.com](https://app.supabase.com)
+2. Log in with your Supabase account
+3. Select your project (the one with URL `srqhjwivpohjcjqikjry.supabase.co`)
+
+### Step 2: Navigate to API Settings
+
+1. In the left sidebar, click on **"Settings"** (gear icon)
+2. Click on **"API"** in the settings menu
+
+### Step 3: Find CORS Settings
+
+Look for one of these sections (Supabase UI may vary):
+
+**Option A: "CORS" Section**
+- Scroll down to find **"CORS"** or **"Allowed Origins"** section
+- You'll see a text area or input field for allowed origins
+
+**Option B: "Additional Configuration"**
+- Look for **"Additional Configuration"** or **"Advanced Settings"**
+- Find **"CORS Origins"** or **"Allowed Origins"**
+
+**Option C: "Auth" Settings**
+- Sometimes CORS is under **"Auth"** → **"URL Configuration"**
+- Look for **"Site URL"** or **"Redirect URLs"** sections
+- CORS might be listed as **"Additional Redirect URLs"** or **"Allowed Origins"**
+
+### Step 4: Add Your Development Origin
+
+In the CORS/Allowed Origins field, add:
+
+```
+http://localhost:8087
+```
+
+**If there are already origins listed**, add yours on a new line or separated by commas:
+
+```
+http://localhost:3000
+http://localhost:8087
+http://localhost:5173
+```
+
+**For development, you can also use a wildcard** (less secure, but convenient):
+```
+*
+```
+
+⚠️ **Note**: Wildcard (`*`) allows ALL origins. Only use this for development, never in production!
+
+### Step 5: Save Changes
+
+1. Click **"Save"** or **"Update"** button
+2. Wait for confirmation that settings were saved
+3. Changes may take a few seconds to propagate
+
+### Step 6: Test Login
+
+1. Go back to your app (`http://localhost:8087`)
+2. Try logging in again
+3. Check browser console - CORS error should be gone
+
+## Alternative: Check Project Settings
+
+If you can't find CORS settings in API settings:
+
+### Method 1: Project Settings → API
+1. Go to **"Project Settings"** (top right, gear icon)
+2. Click **"API"**
+3. Look for **"CORS"** or **"Allowed Origins"**
+
+### Method 2: Auth Settings
+1. Go to **"Authentication"** in left sidebar
+2. Click **"URL Configuration"**
+3. Check **"Site URL"** and **"Redirect URLs"**
+4. Add `http://localhost:8087` to redirect URLs if needed
+
+### Method 3: Database Settings
+1. Go to **"Settings"** → **"Database"**
+2. Look for **"Connection Pooling"** or **"API"** settings
+3. CORS might be listed there
+
+## If CORS Settings Don't Exist
+
+Some Supabase projects might not have explicit CORS settings. In that case:
+
+### Option 1: Check Site URL
+1. Go to **"Authentication"** → **"URL Configuration"**
+2. Set **"Site URL"** to `http://localhost:8087`
+3. Add `http://localhost:8087` to **"Redirect URLs"**
+
+### Option 2: Use Supabase CLI
+If you have Supabase CLI installed:
+
+```bash
+# Update CORS settings via CLI
+supabase projects update <project-id> --cors-origins "http://localhost:8087"
+```
+
+### Option 3: Contact Supabase Support
+If you can't find CORS settings anywhere:
+1. Check Supabase documentation for your project version
+2. Contact Supabase support
+3. They can help configure CORS for your project
+
+## Production Setup
+
+For production, you'll need to:
+
+1. **Add your production domain**:
+   ```
+   https://yourdomain.com
+   https://www.yourdomain.com
+   ```
+
+2. **Remove wildcard** (`*`) if you used it for development
+
+3. **Set Site URL** in Auth settings to your production URL
+
+## Verification
+
+After making changes:
+
+1. **Clear browser cache** (important!)
+2. **Hard refresh** the page (Ctrl+Shift+R or Cmd+Shift+R)
+3. **Try login again**
+4. **Check browser console** - should see no CORS errors
+
+## Common Issues
+
+### "Settings saved but still getting CORS error"
+- Wait 30-60 seconds for changes to propagate
+- Clear browser cache
+- Try incognito/private browsing mode
+- Check if you're using the correct origin (http vs https, port number)
+
+### "Can't find CORS settings"
+- Supabase UI changes frequently
+- Try searching for "CORS", "origins", or "allowed"
+- Check Supabase documentation for your project version
+- Contact Supabase support
+
+### "Works in one browser but not another"
+- Clear cache in both browsers
+- Check browser security settings
+- Try disabling browser extensions
+- Check if one browser has stricter CORS policies
+
+## Still Having Issues?
+
+If CORS error persists after following these steps:
+
+1. **Double-check the origin**: Make sure `http://localhost:8087` matches exactly (including `http://` not `https://`)
+2. **Check network tab**: Open browser DevTools → Network tab, look for the failed request, check request headers
+3. **Verify Supabase project**: Make sure you're editing the correct project (check the URL in error message)
+4. **Check for typos**: Ensure no extra spaces or characters in CORS settings
+5. **Try different port**: If using a different port, add that too: `http://localhost:5173`, `http://localhost:3000`, etc.
+
+## Summary
+
+1. ✅ Go to Supabase Dashboard → Settings → API
+2. ✅ Find "CORS" or "Allowed Origins" section
+3. ✅ Add `http://localhost:8087`
+4. ✅ Save changes
+5. ✅ Clear browser cache and test
+
+The CORS error should be resolved after these steps!
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jmruthers/pace-core",
-  "version": "0.5.147",
+  "version": "0.5.149",
   "description": "Clean, modern React component library with Tailwind v4 styling and native utilities",
   "private": false,
   "publishConfig": {