@jmruthers/pace-core 0.5.180 → 0.5.182

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.ts","../src/providers/InactivityProvider.tsx","../src/components/InactivityWarningModal/InactivityWarningModal.tsx","../src/utils/security/secureDataAccess.ts","../src/utils/storage/index.ts"],"sourcesContent":["/**\n * @file Complete Component Library Export\n * @package @jmruthers/pace-core\n * @module Core\n * @since 0.1.0\n * \n * This file exports the primary components, hooks, and utilities from the PACE Core library.\n * It is the main entry point for developers using the library.\n * \n * @example\n * // Import common components\n * import { Button, Card, useUnifiedAuth } from '@jmruthers/pace-core';\n * \n * // For specialized components, use the complete library import:\n * import { Dialog, NavigationMenu } from '@jmruthers/pace-core/components';\n */\n\n// AUTHENTICATION & AUTHORIZATION\n// Note: Providers are now service-based architecture for better testability and maintainability\nexport { UnifiedAuthProvider, useUnifiedAuth } from './providers/UnifiedAuthProvider';\nexport type { UnifiedAuthProviderProps, UnifiedAuthContextType, UserEventAccess } from './providers/UnifiedAuthProvider';\n\n// Session tracking utility (for manual use if needed)\nexport { useSessionTracking } from './utils/context/sessionTracking';\n\n// Provider components (using service architecture)\nexport { EventProvider } from './providers/EventProvider';\nexport { OrganisationProvider } from './providers/OrganisationProvider';\nexport { InactivityProvider } from './providers/InactivityProvider';\n\n// Convenience hooks for backward compatibility\nexport { useEvents } from './hooks/useEvents';\nexport { useOrganisations } from './hooks/useOrganisations';\n\n// Service hooks for advanced usage (better performance)\nexport { useEventService } from './hooks/services/useEventService';\nexport { useOrganisationService } from './hooks/services/useOrganisationService';\nexport { useAuthService } from './hooks/services/useAuthService';\nexport { useInactivityService } from './hooks/services/useInactivityService';\nexport { useSessionRestoration } from './hooks/useSessionRestoration';\n\nexport type { \n  Organisation, \n  OrganisationMembership, \n  OrganisationContextType, \n  OrganisationProviderProps,\n  OrganisationSecurityError \n} from './types/organisation';\n\n// INACTIVITY TRACKING\nexport { InactivityWarningModal } from './components/InactivityWarningModal/InactivityWarningModal';\nexport type { InactivityWarningModalProps } from './components/InactivityWarningModal/InactivityWarningModal';\nexport { useInactivityTracker } from './hooks/useInactivityTracker';\nexport type { UseInactivityTrackerOptions, UseInactivityTrackerReturn } from './hooks/useInactivityTracker';\n\n// RBAC SYSTEM - Consolidated RBAC module\nexport * from './rbac';\n\n// BASIC UI COMPONENTS\nexport { Button } from './components/Button/Button';\nexport type { ButtonProps } from './components/Button/Button';\n\nexport { \n  Card, \n  CardHeader, \n  CardFooter, \n  CardTitle, \n  CardDescription, \n  CardContent,\n  CardActions\n} from './components/Card/Card';\nexport type { CardProps } from './components/Card/Card';\n\nexport { Input } from './components/Input/Input';\nexport type { InputProps } from './components/Input/Input';\nexport { Label } from './components/Label/Label';\nexport type { LabelProps } from './components/Label/Label';\n\nexport { Textarea } from './components/Textarea/Textarea';\nexport type { TextareaProps } from './components/Textarea/Textarea';\n\nexport { Alert, AlertTitle, AlertDescription } from './components/Alert/Alert';\nexport { Avatar, AvatarImage, AvatarFallback } from './components/Avatar/Avatar';\n\nexport { Badge } from './components/Badge/Badge';\nexport type { BadgeProps, BadgeVariant } from './components/Badge/Badge';\n\nexport { Checkbox } from './components/Checkbox/Checkbox';\nexport { Switch } from './components/Switch/Switch';\nexport type { SwitchProps } from './components/Switch/Switch';\nexport { Progress } from './components/Progress/Progress';\n\n// ADVANCED UI COMPONENTS\nexport {\n  Dialog,\n  DialogPortal,\n  DialogOverlay,\n  DialogTrigger,\n  DialogClose,\n  DialogContent,\n  DialogHeader,\n  DialogBody,\n  DialogFooter,\n  DialogTitle,\n  DialogDescription,\n} from './components/Dialog/Dialog';\n\n// Dropdown Menu exports\n// DropdownMenu components have been merged into Select components\n\n// Select exports\nexport {\n  Select,\n  SelectGroup,\n  SelectValue,\n  SelectTrigger,\n  SelectContent,\n  SelectLabel,\n  SelectItem,\n  SelectSeparator,\n} from './components/Select';\n\n// Tabs exports\nexport { Tabs, TabsList, TabsTrigger, TabsContent } from './components/Tabs/Tabs';\nexport type { TabsProps, TabsListProps, TabsTriggerProps, TabsContentProps } from './components/Tabs/Tabs';\n\n// Calendar exports\nexport { Calendar } from './components/Calendar/Calendar';\nexport type { CalendarProps } from './components/Calendar/Calendar';\n\n// Modal functionality is provided by Dialog components\n\nexport {\n  Toast,\n  Toaster,\n  ToastAction,\n  ToastProvider,\n  ToastViewport,\n  ToastTitle,\n  ToastDescription,\n  ToastClose,\n} from './components/Toast/Toast';\nexport { useToast } from './hooks/useToast';\nexport type { ToastActionElement, ToastProps } from './components/Toast/Toast';\n\nexport { Tooltip, TooltipTrigger, TooltipContent, TooltipProvider, TooltipRoot } from './components/Tooltip/Tooltip';\n\n// DATA DISPLAY COMPONENTS\nexport {\n  DataTable,\n  type DataTableProps,\n  type DataTableColumn,\n  type DataTableAction,\n  type DataTableToolbarButton,\n  type AggregateConfig,\n  type EmptyStateConfig,\n  type GetRowId,\n  type DataTableFeatureConfig,\n  ColumnFactory\n} from './components/DataTable';\n\n// Re-export types from DataTable types\nexport type { DataRecord, ExportOptions } from './components/DataTable/types';\n\n// Export DataTable utility functions\nexport {\n  exportToCSV,\n  exportToCSVWithTableRows,\n  generateCSVContent,\n  type ExportColumn\n} from './components/DataTable/utils/exportUtils';\n\n// Export DataTable aggregation utilities\nexport {\n  sum,\n  average,\n  count,\n  min,\n  max\n} from './components/DataTable/utils/aggregationUtils';\n\n// FORM COMPONENTS\nexport { Form } from './components/Form/Form';\nexport { LoginForm } from './components/LoginForm/LoginForm';\nexport type { LoginFormProps } from './components/LoginForm/LoginForm';\n\n// LAYOUT COMPONENTS\nexport { Header } from './components/Header/Header';\nexport { Footer } from './components/Footer/Footer';\nexport type { FooterProps } from './components/Footer/Footer';\n\n// NAVIGATION COMPONENTS\nexport { NavigationMenu } from './components/NavigationMenu/NavigationMenu';\nexport type { NavigationMenuProps, NavigationItem } from './components/NavigationMenu/types';\nexport { UserMenu } from './components/UserMenu/UserMenu';\nexport type { UserMenuProps } from './components/UserMenu/UserMenu';\n\n// Reusable Page/Layout Components\nexport { PaceAppLayout } from './components/PaceAppLayout/PaceAppLayout';\nexport type { PaceAppLayoutProps } from './components/PaceAppLayout/PaceAppLayout';\nexport { PaceLoginPage } from './components/PaceLoginPage/PaceLoginPage';\nexport type { PaceLoginPageProps } from './components/PaceLoginPage/PaceLoginPage';\n\nexport { ProtectedRoute } from './components/ProtectedRoute/ProtectedRoute';\nexport type { ProtectedRouteProps } from './components/ProtectedRoute/ProtectedRoute';\n\n// UTILITY COMPONENTS\nexport { ErrorBoundary } from './components/ErrorBoundary/ErrorBoundary';\nexport { LoadingSpinner } from './components/LoadingSpinner/LoadingSpinner';\nexport { SessionRestorationLoader } from './components/SessionRestorationLoader/SessionRestorationLoader';\nexport type { SessionRestorationLoaderProps } from './components/SessionRestorationLoader/SessionRestorationLoader';\n\n// EVENT MANAGEMENT\nexport { EventSelector } from './components/EventSelector/EventSelector';\n\n// ORGANISATION MANAGEMENT\nexport { OrganisationSelector } from './components/OrganisationSelector/OrganisationSelector';\nexport { useOrganisationPermissions } from './hooks/useOrganisationPermissions';\nexport { useOrganisationSecurity } from './hooks/useOrganisationSecurity';\nexport { createSecureDataAccess } from './utils/security/secureDataAccess';\n\n// TYPES\nexport type { UserProfile } from './types/organisation';\n\n// AUTHENTICATION FORMS\nexport { PasswordChangeForm } from './components/PasswordReset/PasswordChangeForm';\n\n// UTILS & HOOKS\nexport { useAppConfig } from './hooks/useAppConfig';\nexport { useEventTheme } from './hooks/useEventTheme';\nexport { cn } from './utils/core/cn';\nexport { setAppConfig, getAppConfig, getCurrentAppName, getCurrentAppId } from './utils/app/appConfig';\n\n// FORMATTING UTILITIES\nexport { \n  formatDate,\n  formatTime,\n  formatDateTime,\n  formatCurrency, \n  formatNumber,\n  formatPercent,\n  formatCompactNumber,\n  formatFileSize\n} from './utils/formatting/formatting';\n\n// STORAGE UTILITIES\nexport { FileUpload } from './components/FileUpload';\nexport type { FileUploadProps } from './components/FileUpload';\nexport { FileDisplay } from './components/FileDisplay';\nexport type { FileDisplayProps } from './components/FileDisplay';\nexport { FileCategory } from './types/file-reference';\nexport type { FileReference, FileMetadata, FileUploadOptions } from './types/file-reference';\nexport { \n  useFileReference, \n  useFileReferenceForRecord,\n  useFileReferenceById,\n  useFilesByCategory\n} from './hooks/useFileReference';\nexport type { \n  UseFileReferenceOptions, \n  UseFileReferenceReturn, \n  UseFileReferenceForRecordReturn \n} from './hooks/useFileReference';\nexport * from './utils/storage';\n\n// Table components\nexport {\n  Table,\n  TableHeader,\n  TableBody,\n  TableCaption,\n  TableCell,\n  TableFooter,\n  TableHead,\n  TableRow,\n} from './components/Table/Table';\n\n// STYLES & THEMING\nexport * from './styles';\n// Direct export of theming utilities for convenience\nexport { parseAndNormalizeEventColours } from './theming/parseEventColours';\n\n// PUBLIC PAGES\nexport * from './hooks/public';\nexport * from './components/PublicLayout';\n","/**\n * @file Re-export for InactivityProvider\n * @package @jmruthers/pace-core\n * @module Providers\n * @since 0.1.0\n * \n * Re-exports the service-based InactivityProvider for backward compatibility.\n */\n\nexport { InactivityServiceProvider as InactivityProvider } from './services/InactivityServiceProvider';\nexport type { InactivityServiceProviderProps as InactivityProviderProps, InactivityServiceContextType as InactivityContextType } from './services/InactivityServiceProvider';\n\n// Re-export hook\nexport { useInactivityService as useInactivity } from '../hooks/services/useInactivityService';\n\n","/**\n * @file Inactivity Warning Modal\n * @package @jmruthers/pace-core\n * @module Components/InactivityWarningModal\n * @since 0.1.0\n *\n * A modal dialog that warns users about impending auto-logout due to inactivity.\n * Provides a countdown timer and action buttons to either stay signed in or sign out immediately.\n *\n * Features:\n * - Accessible modal dialog with focus management\n * - Live countdown timer with 1-second updates\n * - Clear action buttons (Stay Signed In / Sign Out Now)\n * - Keyboard navigation support (Escape to stay signed in)\n * - Cross-tab awareness and synchronization\n * - Tailwind v4 styling with pace-core theme tokens\n * - Production-safe with no arbitrary bracket classes\n *\n * @example\n * ```tsx\n * <InactivityWarningModal\n *   isOpen={showWarning}\n *   timeRemaining={45}\n *   onStaySignedIn={() => setShowWarning(false)}\n *   onSignOutNow={() => signOut()}\n * />\n * ```\n *\n * @accessibility\n * - WCAG 2.1 AA compliant\n * - Focus trap within modal content\n * - Screen reader announcements for countdown changes\n * - Keyboard navigation support\n * - Clear visual hierarchy and contrast\n * - Escape key to stay signed in (safe default)\n *\n * @performance\n * - Efficient countdown updates (1-second intervals)\n * - Minimal re-renders with stable references\n * - Memory leak prevention with cleanup\n * - Optimized timer management\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - Dialog components - Modal functionality\n * - Tailwind CSS v4 - Styling\n */\n\nimport React, { useEffect, useState, useCallback } from 'react';\nimport { Dialog, DialogContent, DialogHeader, DialogTitle, DialogDescription } from '../Dialog/Dialog';\nimport { Button } from '../Button/Button';\nimport { Clock, AlertTriangle } from 'lucide-react';\n\nexport interface InactivityWarningModalProps {\n  /** Whether the modal is open */\n  isOpen: boolean;\n  /** Time remaining in seconds before auto-logout */\n  timeRemaining: number;\n  /** Callback when user chooses to stay signed in */\n  onStaySignedIn: () => void;\n  /** Callback when user chooses to sign out immediately */\n  onSignOutNow: () => void;\n  /** Optional custom title */\n  title?: string;\n  /** Optional custom description */\n  description?: string;\n  /** Optional custom className */\n  className?: string;\n}\n\nexport function InactivityWarningModal({\n  isOpen,\n  timeRemaining,\n  onStaySignedIn,\n  onSignOutNow,\n  title = \"Session Timeout Warning\",\n  description = \"You've been inactive for a while. Your session will expire soon for security reasons.\",\n  className\n}: InactivityWarningModalProps) {\n  const [displayTime, setDisplayTime] = useState(timeRemaining);\n\n  // Update display time when timeRemaining prop changes\n  useEffect(() => {\n    setDisplayTime(timeRemaining);\n  }, [timeRemaining]);\n\n  // Format time for display (MM:SS)\n  const formatTime = useCallback((seconds: number) => {\n    const mins = Math.floor(seconds / 60);\n    const secs = seconds % 60;\n    return `${mins.toString().padStart(2, '0')}:${secs.toString().padStart(2, '0')}`;\n  }, []);\n\n\n\n\n  return (\n    <Dialog open={isOpen} onOpenChange={(open) => !open && onStaySignedIn()}>\n      <DialogContent \n        className={`sm:max-w-md ${className || ''}`}\n        preventCloseOnEscape={false}\n        preventCloseOnOutsideClick={true}\n        data-testid=\"inactivity-warning-modal\"\n      >\n        <DialogHeader>\n          <div className=\"flex items-center gap-3\">\n            <div className=\"flex-shrink-0\">\n              <AlertTriangle className=\"h-6 w-6 text-acc-600\" />\n            </div>\n            <div>\n              <DialogTitle className=\"text-lg font-semibold text-main-900\">\n                {title}\n              </DialogTitle>\n            </div>\n          </div>\n          <DialogDescription className=\"text-main-700 mt-2\">\n            {description}\n          </DialogDescription>\n        </DialogHeader>\n\n        <div className=\"space-y-6\">\n          {/* Countdown Timer */}\n          <div className=\"text-center\">\n            <div className=\"inline-flex items-center gap-2 px-4 py-3 bg-acc-50 border border-acc-200 rounded-lg\">\n              <Clock className=\"h-5 w-5 text-acc-600\" />\n              <span className=\"text-2xl font-mono font-bold text-acc-700\">\n                {formatTime(displayTime)}\n              </span>\n            </div>\n            <p className=\"text-sm text-main-600 mt-2\">\n              Time remaining before automatic logout\n            </p>\n          </div>\n\n          {/* Action Buttons */}\n          <div className=\"flex flex-col sm:flex-row gap-3\">\n            <Button\n              onClick={onStaySignedIn}\n              className=\"flex-1 bg-main-600 hover:bg-main-700 text-main-50\"\n              size=\"lg\"\n            >\n              Stay Signed In\n            </Button>\n            <Button\n              onClick={onSignOutNow}\n              variant=\"outline\"\n              className=\"flex-1 border-acc-300 text-acc-700 hover:bg-acc-50\"\n              size=\"lg\"\n            >\n              Sign Out Now\n            </Button>\n          </div>\n\n          {/* Additional Info */}\n          <div className=\"text-xs text-main-500 text-center\">\n            <p>\n              For security reasons, you'll be automatically signed out after 30 minutes of inactivity.\n            </p>\n          </div>\n        </div>\n      </DialogContent>\n    </Dialog>\n  );\n}\n","/**\n * @file Secure Data Access Utility\n * @package @jmruthers/pace-core\n * @module Utils/SecureDataAccess\n * @since 0.4.0\n *\n * Secure data access utilities that enforce organisation context for all database operations.\n * Prevents data leakage between organisations and ensures proper access validation.\n */\n\nimport type { SupabaseClient } from '@supabase/supabase-js';\n\n// Generic database record type\nexport interface DatabaseRecord {\n  id: string;\n  organisation_id: string;\n  [key: string]: unknown;\n}\n\n// Generic data for insert/update operations\nexport interface DatabaseData {\n  [key: string]: unknown;\n}\n\n// Generic filters for queries\nexport interface DatabaseFilters {\n  [key: string]: unknown;\n}\n\n// Secure query options\nexport interface SecureQueryOptions {\n  table: string;\n  select: string;\n  organisationId: string;\n  filters?: DatabaseFilters;\n  orderBy?: string;\n  limit?: number;\n  offset?: number;\n}\n\nexport interface SecureDataAccess {\n  // Secure query methods\n  secureQuery: <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions) => Promise<T[]>;\n  secureSingleQuery: <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions) => Promise<T | null>;\n  \n  // Secure mutation methods\n  secureInsert: <T extends DatabaseRecord = DatabaseRecord>(table: string, data: DatabaseData, organisationId: string) => Promise<T | null>;\n  secureUpdate: <T extends DatabaseRecord = DatabaseRecord>(table: string, data: DatabaseData, filters: DatabaseFilters, organisationId: string) => Promise<T | null>;\n  secureDelete: (table: string, filters: DatabaseFilters, organisationId: string) => Promise<boolean>;\n  \n  // Organisation-scoped queries\n  queryByOrganisation: <T extends DatabaseRecord = DatabaseRecord>(table: string, select: string, organisationId: string, filters?: DatabaseFilters) => Promise<T[]>;\n  \n  // Validation helpers\n  validateOrganisationContext: (organisationId: string) => void;\n  ensureOrganisationColumn: (table: string) => boolean;\n}\n\nexport interface SecureQueryBuilder {\n  table: string;\n  select: string;\n  organisationId: string;\n  filters?: DatabaseFilters;\n  orderBy?: string;\n  limit?: number;\n  offset?: number;\n}\n\n/**\n * Create a secure data access instance\n * @param supabase - Supabase client instance\n * @param organisationId - Current organisation context\n * @param isSuperAdmin - Whether user has super admin privileges\n * @returns Secure data access utilities\n */\nexport const createSecureDataAccess = (\n  supabase: SupabaseClient,\n  organisationId: string,\n  isSuperAdmin: boolean = false\n): SecureDataAccess => {\n  \n  // Validate organisation context\n  const validateOrganisationContext = (orgId: string): void => {\n    if (!orgId) {\n      throw new Error('Organisation context is required for secure data access');\n    }\n    \n    if (!isSuperAdmin && !orgId) {\n      throw new Error('Organisation context is mandatory for non-super admin users');\n    }\n  };\n\n  // Check if table has organisation_id column\n  const ensureOrganisationColumn = (table: string): boolean => {\n    // This is a simplified check - in production you might want to cache this\n    const tablesWithOrganisation = [\n      'event',  'organisation_settings',\n      'rbac_event_app_roles', 'rbac_organisation_roles',\n      // SECURITY: Phase 2 additions - complete organisation table mapping\n      'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n      // SECURITY: Emergency additions for Phase 1 fixes\n      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',\n      // SECURITY: Phase 3A additions - medical and personal data\n      'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',\n      'pace_consent', 'pace_contact', 'pace_id_documents', 'pace_qualifications',\n      'form_responses', 'form_response_values', 'forms',\n      // SECURITY: Phase 3B additions - remaining critical tables\n      'invoice', 'line_item', 'credit_balance', 'payment_method',\n      'form_contexts', 'form_field_config', 'form_fields',\n      'cake_delivery', 'cake_diettype', 'cake_diner', 'cake_dish', 'cake_item', \n      'cake_logistics', 'cake_mealplan', 'cake_package', 'cake_recipe', 'cake_supplier', \n      'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions'\n    ];\n    \n    return tablesWithOrganisation.includes(table);\n  };\n\n  // Build secure query with organisation context\n  const buildSecureQuery = (options: SecureQueryBuilder) => {\n    const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n    \n    validateOrganisationContext(orgId);\n    \n    let query = supabase\n      .from(table)\n      .select(select);\n    \n    // Add organisation filter (unless super admin)\n    if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n      query = query.eq('organisation_id', orgId);\n    }\n    \n    // Add additional filters\n    if (filters) {\n      Object.entries(filters).forEach(([key, value]) => {\n        if (value !== undefined && value !== null) {\n          // Handle qualified column names (e.g., 'users.role')\n          const columnName = key.includes('.') ? key.split('.').pop()! : key;\n          query = query.eq(columnName, value);\n        }\n      });\n    }\n    \n    // Add ordering\n    if (orderBy) {\n      // Only use the column name, not a qualified name\n      const orderByColumn = orderBy.split('.').pop();\n      if (orderByColumn) {\n        query = query.order(orderByColumn);\n      }\n    }\n    \n    // Add pagination\n    if (limit) {\n      query = query.limit(limit);\n    }\n    \n    if (offset) {\n      query = query.range(offset, offset + (limit || 10) - 1);\n    }\n    \n    return query;\n  };\n\n  // Secure query for multiple results\n  const secureQuery = async <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions): Promise<T[]> => {\n    const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n    \n    try {\n      const query = buildSecureQuery({\n        table,\n        select,\n        organisationId: orgId,\n        filters,\n        orderBy,\n        limit,\n        offset\n      });\n      \n      const { data, error } = await query;\n      \n      if (error) {\n        throw error;\n      }\n      \n      // Ensure data is an array and not an error type\n      if (Array.isArray(data)) {\n        return data as unknown as T[];\n      }\n      \n      return [];\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure query for single result\n  const secureSingleQuery = async <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions): Promise<T | null> => {\n    const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n    \n    try {\n      const query = buildSecureQuery({\n        table,\n        select,\n        organisationId: orgId,\n        filters,\n        orderBy,\n        limit,\n        offset\n      });\n      \n      const { data, error } = await query.single();\n      \n      if (error) {\n        if (error.code === 'PGRST116') {\n          // No rows returned\n          return null;\n        }\n        throw error;\n      }\n      \n      // Ensure data is not an error type\n      if (data && typeof data === 'object' && !('code' in data)) {\n        return data as unknown as T;\n      }\n      \n      return null;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure insert with organisation context\n  const secureInsert = async <T extends DatabaseRecord = DatabaseRecord>(\n    table: string, \n    data: DatabaseData, \n    organisationId: string\n  ): Promise<T | null> => {\n    validateOrganisationContext(organisationId);\n    \n    try {\n      const insertData = {\n        ...data,\n        organisation_id: organisationId\n      };\n      \n      const { data: result, error } = await supabase\n        .from(table)\n        .insert(insertData)\n        .select()\n        .single();\n      \n      if (error) {\n        throw error;\n      }\n      \n      return result;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure update with organisation context\n  const secureUpdate = async <T extends DatabaseRecord = DatabaseRecord>(\n    table: string, \n    data: DatabaseData, \n    filters: DatabaseFilters, \n    organisationId: string\n  ): Promise<T | null> => {\n    validateOrganisationContext(organisationId);\n    \n    try {\n      let query = supabase\n        .from(table)\n        .update(data);\n      \n      // Add organisation filter (unless super admin)\n      if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n        query = query.eq('organisation_id', organisationId);\n      }\n      \n      // Add additional filters\n      if (filters) {\n        Object.entries(filters).forEach(([key, value]) => {\n          if (value !== undefined && value !== null) {\n            query = query.eq(key, value);\n          }\n        });\n      }\n      \n      const { data: result, error } = await query.select().single();\n      \n      if (error) {\n        throw error;\n      }\n      \n      return result;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure delete with organisation context\n  const secureDelete = async (\n    table: string, \n    filters: DatabaseFilters, \n    organisationId: string\n  ): Promise<boolean> => {\n    validateOrganisationContext(organisationId);\n    \n    try {\n      let query = supabase\n        .from(table)\n        .delete();\n      \n      // Add organisation filter (unless super admin)\n      if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n        query = query.eq('organisation_id', organisationId);\n      }\n      \n      // Add additional filters\n      if (filters) {\n        Object.entries(filters).forEach(([key, value]) => {\n          if (value !== undefined && value !== null) {\n            query = query.eq(key, value);\n          }\n        });\n      }\n      \n      const { error } = await query;\n      \n      if (error) {\n        throw error;\n      }\n      \n      return true;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Organisation-scoped query helper\n  const queryByOrganisation = async <T extends DatabaseRecord = DatabaseRecord>(\n    table: string, \n    select: string, \n    organisationId: string, \n    filters?: DatabaseFilters\n  ): Promise<T[]> => {\n    return secureQuery<T>({\n      table,\n      select,\n      organisationId,\n      filters\n    });\n  };\n\n  return {\n    secureQuery,\n    secureSingleQuery,\n    secureInsert,\n    secureUpdate,\n    secureDelete,\n    queryByOrganisation,\n    validateOrganisationContext,\n    ensureOrganisationColumn\n  };\n};\n\n/**\n * Hook for secure data access\n * @returns Secure data access utilities\n */\nexport const useSecureDataAccess = (): SecureDataAccess => {\n  // This would typically get the context from providers\n  // For now, we'll create a placeholder that can be used with explicit parameters\n  throw new Error('useSecureDataAccess must be used with explicit parameters. Use createSecureDataAccess instead.');\n}; ","/**\n * Storage utilities for pace-core\n * \n * Provides app-segregated file storage with organisation-scoped access\n */\n\nexport * from './types';\nexport * from './config';\nexport * from './helpers';\n\n// Import functions for StorageUtils class\nimport {\n  uploadFile,\n  getPublicUrl,\n  getSignedUrl,\n  deleteFile,\n  downloadFile,\n  listFiles,\n  archiveFile,\n  generateFilePath,\n  generateUniqueFileName,\n  extractFileMetadata\n} from './helpers';\n\n// Re-export commonly used functions for convenience\nexport {\n  uploadFile,\n  getPublicUrl,\n  getSignedUrl,\n  deleteFile,\n  downloadFile,\n  listFiles,\n  archiveFile,\n  generateFilePath,\n  generateUniqueFileName,\n  extractFileMetadata\n};\n\nexport {\n  validateFileSize,\n  getFileSizeLimit,\n  formatFileSize\n} from './config';\n\n\nexport {\n  FILE_SIZE_LIMITS,\n  DEFAULT_FILE_SIZE_LIMIT,\n  STORAGE_CONFIG,\n  APP_PATH_MAPPING\n} from './config';\n\n/**\n * StorageUtils class for convenient access to storage functions\n */\nexport class StorageUtils {\n  static generateFilePath = generateFilePath;\n  static generateUniqueFileName = generateUniqueFileName;\n  static extractFileMetadata = extractFileMetadata;\n  static uploadFile = uploadFile;\n  static getPublicUrl = getPublicUrl;\n  static getSignedUrl = getSignedUrl;\n  static deleteFile = deleteFile;\n  static downloadFile = downloadFile;\n  static listFiles = listFiles;\n  static archiveFile = archiveFile;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmBA;AAOA;AACA;;;AClBA;;;ADuBA;AAGA;AACA;AACA;AACA;AACA;;;AESA,SAAgB,WAAW,UAAU,mBAAmB;AAGxD,SAAS,OAAO,qBAAqB;AAsD3B,SAEI,KAFJ;AAnCH,SAAS,uBAAuB;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,QAAQ;AAAA,EACR,cAAc;AAAA,EACd;AACF,GAAgC;AAC9B,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,aAAa;AAG5D,YAAU,MAAM;AACd,mBAAe,aAAa;AAAA,EAC9B,GAAG,CAAC,aAAa,CAAC;AAGlB,QAAMA,cAAa,YAAY,CAAC,YAAoB;AAClD,UAAM,OAAO,KAAK,MAAM,UAAU,EAAE;AACpC,UAAM,OAAO,UAAU;AACvB,WAAO,GAAG,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,EAChF,GAAG,CAAC,CAAC;AAKL,SACE,oBAAC,UAAO,MAAM,QAAQ,cAAc,CAAC,SAAS,CAAC,QAAQ,eAAe,GACpE;AAAA,IAAC;AAAA;AAAA,MACC,WAAW,eAAe,aAAa,EAAE;AAAA,MACzC,sBAAsB;AAAA,MACtB,4BAA4B;AAAA,MAC5B,eAAY;AAAA,MAEZ;AAAA,6BAAC,gBACC;AAAA,+BAAC,SAAI,WAAU,2BACb;AAAA,gCAAC,SAAI,WAAU,iBACb,8BAAC,iBAAc,WAAU,wBAAuB,GAClD;AAAA,YACA,oBAAC,SACC,8BAAC,eAAY,WAAU,uCACpB,iBACH,GACF;AAAA,aACF;AAAA,UACA,oBAAC,qBAAkB,WAAU,sBAC1B,uBACH;AAAA,WACF;AAAA,QAEA,qBAAC,SAAI,WAAU,aAEb;AAAA,+BAAC,SAAI,WAAU,eACb;AAAA,iCAAC,SAAI,WAAU,uFACb;AAAA,kCAAC,SAAM,WAAU,wBAAuB;AAAA,cACxC,oBAAC,UAAK,WAAU,6CACb,UAAAA,YAAW,WAAW,GACzB;AAAA,eACF;AAAA,YACA,oBAAC,OAAE,WAAU,8BAA6B,oDAE1C;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,mCACb;AAAA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,SAAQ;AAAA,gBACR,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,aACF;AAAA,UAGA,oBAAC,SAAI,WAAU,qCACb,8BAAC,OAAE,sGAEH,GACF;AAAA,WACF;AAAA;AAAA;AAAA,EACF,GACF;AAEJ;;;AF/GA;;;AGuBO,IAAM,yBAAyB,CACpC,UACA,gBACA,eAAwB,UACH;AAGrB,QAAM,8BAA8B,CAAC,UAAwB;AAC3D,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,MAAM,yDAAyD;AAAA,IAC3E;AAEA,QAAI,CAAC,gBAAgB,CAAC,OAAO;AAC3B,YAAM,IAAI,MAAM,6DAA6D;AAAA,IAC/E;AAAA,EACF;AAGA,QAAM,2BAA2B,CAAC,UAA2B;AAE3D,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAU;AAAA,MACV;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA;AAAA,MAE7C;AAAA,MAAgB;AAAA,MAAkB;AAAA,MAAa;AAAA,MAAoB;AAAA,MACnE;AAAA,MAAgB;AAAA,MAAgB;AAAA,MAAqB;AAAA,MACrD;AAAA,MAAkB;AAAA,MAAwB;AAAA;AAAA,MAE1C;AAAA,MAAW;AAAA,MAAa;AAAA,MAAkB;AAAA,MAC1C;AAAA,MAAiB;AAAA,MAAqB;AAAA,MACtC;AAAA,MAAiB;AAAA,MAAiB;AAAA,MAAc;AAAA,MAAa;AAAA,MAC7D;AAAA,MAAkB;AAAA,MAAiB;AAAA,MAAgB;AAAA,MAAe;AAAA,MAClE;AAAA,MAAe;AAAA,MAAa;AAAA,MAAoB;AAAA,MAAoB;AAAA,IACtE;AAEA,WAAO,uBAAuB,SAAS,KAAK;AAAA,EAC9C;AAGA,QAAM,mBAAmB,CAAC,YAAgC;AACxD,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,gCAA4B,KAAK;AAEjC,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,MAAM;AAGhB,QAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,cAAQ,MAAM,GAAG,mBAAmB,KAAK;AAAA,IAC3C;AAGA,QAAI,SAAS;AACX,aAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,YAAI,UAAU,UAAa,UAAU,MAAM;AAEzC,gBAAM,aAAa,IAAI,SAAS,GAAG,IAAI,IAAI,MAAM,GAAG,EAAE,IAAI,IAAK;AAC/D,kBAAQ,MAAM,GAAG,YAAY,KAAK;AAAA,QACpC;AAAA,MACF,CAAC;AAAA,IACH;AAGA,QAAI,SAAS;AAEX,YAAM,gBAAgB,QAAQ,MAAM,GAAG,EAAE,IAAI;AAC7C,UAAI,eAAe;AACjB,gBAAQ,MAAM,MAAM,aAAa;AAAA,MACnC;AAAA,IACF;AAGA,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM,KAAK;AAAA,IAC3B;AAEA,QAAI,QAAQ;AACV,cAAQ,MAAM,MAAM,QAAQ,UAAU,SAAS,MAAM,CAAC;AAAA,IACxD;AAEA,WAAO;AAAA,EACT;AAGA,QAAM,cAAc,OAAkD,YAA8C;AAClH,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,QAAI;AACF,YAAM,QAAQ,iBAAiB;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAGA,UAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,eAAO;AAAA,MACT;AAEA,aAAO,CAAC;AAAA,IACV,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,oBAAoB,OAAkD,YAAmD;AAC7H,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,QAAI;AACF,YAAM,QAAQ,iBAAiB;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,MAAM,OAAO;AAE3C,UAAI,OAAO;AACT,YAAI,MAAM,SAAS,YAAY;AAE7B,iBAAO;AAAA,QACT;AACA,cAAM;AAAA,MACR;AAGA,UAAI,QAAQ,OAAO,SAAS,YAAY,EAAE,UAAU,OAAO;AACzD,eAAO;AAAA,MACT;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,MACAC,oBACsB;AACtB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,YAAM,aAAa;AAAA,QACjB,GAAG;AAAA,QACH,iBAAiBA;AAAA,MACnB;AAEA,YAAM,EAAE,MAAM,QAAQ,MAAM,IAAI,MAAM,SACnC,KAAK,KAAK,EACV,OAAO,UAAU,EACjB,OAAO,EACP,OAAO;AAEV,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,MACA,SACAA,oBACsB;AACtB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,UAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,IAAI;AAGd,UAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,gBAAQ,MAAM,GAAG,mBAAmBA,eAAc;AAAA,MACpD;AAGA,UAAI,SAAS;AACX,eAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,cAAI,UAAU,UAAa,UAAU,MAAM;AACzC,oBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,UAC7B;AAAA,QACF,CAAC;AAAA,MACH;AAEA,YAAM,EAAE,MAAM,QAAQ,MAAM,IAAI,MAAM,MAAM,OAAO,EAAE,OAAO;AAE5D,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,SACAA,oBACqB;AACrB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,UAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO;AAGV,UAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,gBAAQ,MAAM,GAAG,mBAAmBA,eAAc;AAAA,MACpD;AAGA,UAAI,SAAS;AACX,eAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,cAAI,UAAU,UAAa,UAAU,MAAM;AACzC,oBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,UAC7B;AAAA,QACF,CAAC;AAAA,MACH;AAEA,YAAM,EAAE,MAAM,IAAI,MAAM;AAExB,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,sBAAsB,OAC1B,OACA,QACAA,iBACA,YACiB;AACjB,WAAO,YAAe;AAAA,MACpB;AAAA,MACA;AAAA,MACA,gBAAAA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ACvTO,IAAM,eAAN,MAAmB;AAW1B;AAXa,aACJ,mBAAmB;AADf,aAEJ,yBAAyB;AAFrB,aAGJ,sBAAsB;AAHlB,aAIJ,aAAa;AAJT,aAKJ,eAAe;AALX,aAMJ,eAAe;AANX,aAOJ,aAAa;AAPT,aAQJ,eAAe;AARX,aASJ,YAAY;AATR,aAUJ,cAAc;","names":["formatTime","organisationId"]}
+{"version":3,"sources":["../src/providers/OrganisationProvider.tsx","../src/components/InactivityWarningModal/InactivityWarningModal.tsx","../src/hooks/useInactivityTracker.ts","../src/utils/security/secureDataAccess.ts"],"sourcesContent":["/**\n * @file Organisation Provider\n * @package @jmruthers/pace-core\n * @module Providers\n * @since 0.1.0\n *\n * React provider for organisation context.\n * This is a convenience wrapper around OrganisationServiceProvider that\n * automatically gets auth context from UnifiedAuthProvider.\n * \n * Note: If you're using UnifiedAuthProvider, it already includes\n * OrganisationServiceProvider internally, so this component is mainly\n * for backward compatibility or standalone usage.\n */\n\nimport React from 'react';\nimport { useUnifiedAuth } from '../providers/services/UnifiedAuthProvider';\nimport { OrganisationServiceProvider } from './services/OrganisationServiceProvider';\nimport type { OrganisationProviderProps as BaseOrganisationProviderProps } from '../types/organisation';\n\nexport interface OrganisationProviderProps extends BaseOrganisationProviderProps {\n  children: React.ReactNode;\n  requireOrganisationContext?: boolean;\n  autoSelectPrimaryOrganisation?: boolean;\n  onOrganisationChange?: (organisation: any) => void;\n}\n\n/**\n * OrganisationProvider component\n * \n * Wraps OrganisationServiceProvider and automatically gets auth context.\n * \n * @example\n * ```tsx\n * <UnifiedAuthProvider supabaseClient={supabase} appName=\"my-app\">\n *   <OrganisationProvider>\n *     <App />\n *   </OrganisationProvider>\n * </UnifiedAuthProvider>\n * ```\n */\nexport function OrganisationProvider({ \n  children,\n  requireOrganisationContext,\n  autoSelectPrimaryOrganisation,\n  onOrganisationChange\n}: OrganisationProviderProps) {\n  // Get auth context from UnifiedAuthProvider\n  const authContext = useUnifiedAuth();\n  \n  // If we're inside UnifiedAuthProvider, it already includes OrganisationServiceProvider\n  // So we can just pass through the children\n  // However, if the auth context is not available, we need to handle that\n  if (!authContext) {\n    // If no auth context, we can't provide organisation service\n    // This might happen if used outside UnifiedAuthProvider\n    // In that case, we should probably throw an error or show a message\n    console.warn('OrganisationProvider: No auth context available. Make sure OrganisationProvider is used inside UnifiedAuthProvider.');\n    return <>{children}</>;\n  }\n\n  const { supabase, user, session } = authContext;\n\n  // Wrap with OrganisationServiceProvider\n  // Note: The props like requireOrganisationContext, autoSelectPrimaryOrganisation\n  // are handled by the OrganisationService internally, not by the provider\n  // Note: supabase is mapped to supabaseClient for OrganisationServiceProvider\n  if (!supabase) {\n    console.warn('OrganisationProvider: No supabase client available.');\n    return <>{children}</>;\n  }\n\n  return (\n    <OrganisationServiceProvider\n      supabaseClient={supabase}\n      user={user}\n      session={session}\n    >\n      {children}\n    </OrganisationServiceProvider>\n  );\n}\n\n","/**\n * @file Inactivity Warning Modal\n * @package @jmruthers/pace-core\n * @module Components/InactivityWarningModal\n * @since 0.1.0\n *\n * A modal dialog that warns users about impending auto-logout due to inactivity.\n * Provides a countdown timer and action buttons to either stay signed in or sign out immediately.\n *\n * Features:\n * - Accessible modal dialog with focus management\n * - Live countdown timer with 1-second updates\n * - Clear action buttons (Stay Signed In / Sign Out Now)\n * - Keyboard navigation support (Escape to stay signed in)\n * - Cross-tab awareness and synchronization\n * - Tailwind v4 styling with pace-core theme tokens\n * - Production-safe with no arbitrary bracket classes\n *\n * @example\n * ```tsx\n * <InactivityWarningModal\n *   isOpen={showWarning}\n *   timeRemaining={45}\n *   onStaySignedIn={() => setShowWarning(false)}\n *   onSignOutNow={() => signOut()}\n * />\n * ```\n *\n * @accessibility\n * - WCAG 2.1 AA compliant\n * - Focus trap within modal content\n * - Screen reader announcements for countdown changes\n * - Keyboard navigation support\n * - Clear visual hierarchy and contrast\n * - Escape key to stay signed in (safe default)\n *\n * @performance\n * - Efficient countdown updates (1-second intervals)\n * - Minimal re-renders with stable references\n * - Memory leak prevention with cleanup\n * - Optimized timer management\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - Dialog components - Modal functionality\n * - Tailwind CSS v4 - Styling\n */\n\nimport React, { useEffect, useState, useCallback } from 'react';\nimport { Dialog, DialogContent, DialogHeader, DialogTitle, DialogDescription } from '../Dialog/Dialog';\nimport { Button } from '../Button/Button';\nimport { Clock, AlertTriangle } from 'lucide-react';\nimport { cn } from '../../utils/core/cn';\n\nexport interface InactivityWarningModalProps {\n  /** Whether the modal is open */\n  isOpen: boolean;\n  /** Time remaining in seconds before auto-logout */\n  timeRemaining: number;\n  /** Callback when user chooses to stay signed in */\n  onStaySignedIn: () => void;\n  /** Callback when user chooses to sign out immediately */\n  onSignOutNow: () => void;\n  /** Optional custom title */\n  title?: string;\n  /** Optional custom description */\n  description?: string;\n  /** Optional custom className */\n  className?: string;\n}\n\nexport function InactivityWarningModal({\n  isOpen,\n  timeRemaining,\n  onStaySignedIn,\n  onSignOutNow,\n  title = \"Session Timeout Warning\",\n  description = \"You've been inactive for a while. Your session will expire soon for security reasons.\",\n  className\n}: InactivityWarningModalProps) {\n  const [displayTime, setDisplayTime] = useState(timeRemaining);\n\n  // Update display time when timeRemaining prop changes\n  useEffect(() => {\n    setDisplayTime(timeRemaining);\n  }, [timeRemaining]);\n\n  // Format time for display (MM:SS)\n  const formatTime = useCallback((seconds: number) => {\n    const mins = Math.floor(seconds / 60);\n    const secs = seconds % 60;\n    return `${mins.toString().padStart(2, '0')}:${secs.toString().padStart(2, '0')}`;\n  }, []);\n\n  return (\n    <Dialog open={isOpen} onOpenChange={(open) => !open && onStaySignedIn()}>\n      <DialogContent \n        className={cn(\"sm:max-w-md\", className)}\n        preventCloseOnEscape={false}\n        preventCloseOnOutsideClick={true}\n        data-testid=\"inactivity-warning-modal\"\n      >\n        <DialogHeader>\n          <div className=\"flex items-center gap-3\">\n            <div className=\"flex-shrink-0\">\n              <AlertTriangle className=\"h-6 w-6 text-acc-600\" />\n            </div>\n            <div>\n              <DialogTitle className=\"text-lg font-semibold text-main-900\">\n                {title}\n              </DialogTitle>\n            </div>\n          </div>\n          <DialogDescription className=\"text-main-700 mt-2\">\n            {description}\n          </DialogDescription>\n        </DialogHeader>\n\n        <div className=\"space-y-6\">\n          {/* Countdown Timer */}\n          <div className=\"text-center\">\n            <div className=\"inline-flex items-center gap-2 px-4 py-3 bg-acc-50 border border-acc-200 rounded-lg\">\n              <Clock className=\"h-5 w-5 text-acc-600\" />\n              <span className=\"text-2xl font-mono font-bold text-acc-700\">\n                {formatTime(displayTime)}\n              </span>\n            </div>\n            <p className=\"text-sm text-main-600 mt-2\">\n              Time remaining before automatic logout\n            </p>\n          </div>\n\n          {/* Action Buttons */}\n          <div className=\"flex flex-col sm:flex-row gap-3\">\n            <Button\n              onClick={onStaySignedIn}\n              className=\"flex-1 bg-main-600 hover:bg-main-700 text-main-50\"\n              size=\"lg\"\n            >\n              Stay Signed In\n            </Button>\n            <Button\n              onClick={onSignOutNow}\n              variant=\"outline\"\n              className=\"flex-1 border-acc-300 text-acc-700 hover:bg-acc-50\"\n              size=\"lg\"\n            >\n              Sign Out Now\n            </Button>\n          </div>\n\n          {/* Additional Info */}\n          <div className=\"text-xs text-main-500 text-center\">\n            <p>\n              For security reasons, you'll be automatically signed out after 30 minutes of inactivity.\n            </p>\n          </div>\n        </div>\n      </DialogContent>\n    </Dialog>\n  );\n}\n","/**\n * @file Inactivity Tracker Hook\n * @package @jmruthers/pace-core\n * @module Hooks/useInactivityTracker\n * @since 0.1.0\n *\n * A custom hook that tracks user inactivity and provides cross-tab synchronization.\n * Monitors various user interactions and manages inactivity timers with persistence.\n *\n * Features:\n * - Cross-tab synchronization using BroadcastChannel and localStorage\n * - Monitors keyboard, mouse, touch, scroll, and focus events\n * - Throttled event handling for performance\n * - Persistence of last activity time across page reloads\n * - SSR-safe implementation with proper cleanup\n * - Configurable timeout and warning thresholds\n * - Production-safe with dev-only escape hatches\n *\n * @example\n * ```tsx\n * const {\n *   isIdle,\n *   timeRemaining,\n *   showWarning,\n *   resetActivity,\n *   startTracking,\n *   stopTracking\n * } = useInactivityTracker({\n *   idleTimeoutMs: 30 * 60 * 1000, // 30 minutes\n *   warnBeforeMs: 60 * 1000, // 1 minute\n *   onIdle: () => console.log('User is idle'),\n *   onWarning: () => console.log('Warning should show'),\n *   onActivity: () => console.log('User is active')\n * });\n * ```\n *\n * @accessibility\n * - No direct accessibility concerns (utility hook)\n * - Enables accessible inactivity warnings\n * - Supports screen reader friendly countdowns\n * - Maintains focus management during warnings\n *\n * @performance\n * - Throttled event handling (100ms intervals)\n * - Efficient timer management with cleanup\n * - Minimal re-renders with stable references\n * - Memory leak prevention\n * - Cross-tab optimization\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - Browser APIs - BroadcastChannel, localStorage, timers\n */\n\nimport { useState, useEffect, useCallback, useRef } from 'react';\nimport { logger } from '../utils/core/logger';\n\nexport interface UseInactivityTrackerOptions {\n  /** Timeout in milliseconds before user is considered idle (default: 30 minutes) */\n  idleTimeoutMs?: number;\n  /** Time in milliseconds before idle timeout to show warning (default: 60 seconds) */\n  warnBeforeMs?: number;\n  /** Callback when user becomes idle */\n  onIdle?: () => void;\n  /** Callback when warning should be shown */\n  onWarning?: () => void;\n  /** Callback when user becomes active again */\n  onActivity?: () => void;\n  /** Whether tracking is enabled (default: true) */\n  enabled?: boolean;\n  /** Storage key for persistence (default: 'pace-core-inactivity') */\n  storageKey?: string;\n  /** Broadcast channel name for cross-tab sync (default: 'pace-core-inactivity') */\n  channelName?: string;\n}\n\nexport interface UseInactivityTrackerReturn {\n  /** Whether the user is currently idle */\n  isIdle: boolean;\n  /** Time remaining in milliseconds before idle timeout */\n  timeRemaining: number;\n  /** Whether warning should be shown */\n  showWarning: boolean;\n  /** Reset the activity timer */\n  resetActivity: () => void;\n  /** Start tracking inactivity */\n  startTracking: () => void;\n  /** Stop tracking inactivity */\n  stopTracking: () => void;\n  /** Whether tracking is currently active */\n  isTracking: boolean;\n}\n\n// Events that indicate user activity\nconst ACTIVITY_EVENTS = [\n  'mousedown',\n  'mousemove',\n  'mouseup',\n  'click',\n  'scroll',\n  'wheel',\n  'touchstart',\n  'touchmove',\n  'touchend',\n  'keydown',\n  'keyup',\n  'keypress',\n  'focus',\n  'blur',\n  'visibilitychange'\n] as const;\n\n// Throttle function to limit event handler frequency\nfunction throttle<T extends (...args: any[]) => void>(\n  func: T,\n  limit: number\n): (...args: Parameters<T>) => void {\n  let inThrottle: boolean;\n  return function (this: any, ...args: Parameters<T>) {\n    if (!inThrottle) {\n      func.apply(this, args);\n      inThrottle = true;\n      setTimeout(() => (inThrottle = false), limit);\n    }\n  };\n}\n\nexport function useInactivityTracker({\n  idleTimeoutMs = 30 * 60 * 1000, // 30 minutes\n  warnBeforeMs = 60 * 1000, // 1 minute\n  onIdle,\n  onWarning,\n  onActivity,\n  enabled = true,\n  storageKey = 'pace-core-inactivity',\n  channelName = 'pace-core-inactivity'\n}: UseInactivityTrackerOptions = {}): UseInactivityTrackerReturn {\n  const [isIdle, setIsIdle] = useState(false);\n  const [timeRemaining, setTimeRemaining] = useState(idleTimeoutMs);\n  const [showWarning, setShowWarning] = useState(false);\n  const [isTracking, setIsTracking] = useState(false);\n\n  // Reset tracking state when enabled changes\n  useEffect(() => {\n    if (!enabled) {\n      setIsTracking(false);\n      setIsIdle(false);\n      setShowWarning(false);\n      setTimeRemaining(idleTimeoutMs);\n    }\n  }, [enabled, idleTimeoutMs]);\n\n  const timeoutRef = useRef<NodeJS.Timeout | null>(null);\n  const warningTimeoutRef = useRef<NodeJS.Timeout | null>(null);\n  const countdownIntervalRef = useRef<NodeJS.Timeout | null>(null);\n  const lastActivityRef = useRef<number>(Date.now());\n  const channelRef = useRef<BroadcastChannel | null>(null);\n\n  // Clear all timers\n  const clearTimers = useCallback(() => {\n    if (timeoutRef.current) {\n      clearTimeout(timeoutRef.current);\n      timeoutRef.current = null;\n    }\n    if (warningTimeoutRef.current) {\n      clearTimeout(warningTimeoutRef.current);\n      warningTimeoutRef.current = null;\n    }\n    if (countdownIntervalRef.current) {\n      clearInterval(countdownIntervalRef.current);\n      countdownIntervalRef.current = null;\n    }\n  }, []);\n\n  // Reset activity and restart timers\n  const resetActivity = useCallback((skipActivityCallback = false) => {\n    if (!enabled) return;\n\n    const now = Date.now();\n    lastActivityRef.current = now;\n\n    // Clear existing timers\n    clearTimers();\n\n    // Reset state\n    setIsIdle(false);\n    setShowWarning(false);\n    setTimeRemaining(idleTimeoutMs);\n\n    // Notify activity callback (unless skipped for initial setup)\n    if (!skipActivityCallback) {\n      onActivity?.();\n    }\n\n    // Set up warning timer\n    const warningTime = idleTimeoutMs - warnBeforeMs;\n    if (warningTime > 0) {\n      warningTimeoutRef.current = setTimeout(() => {\n        setShowWarning(true);\n        onWarning?.();\n      }, warningTime);\n    }\n\n    // Set up idle timeout\n    timeoutRef.current = setTimeout(() => {\n      setIsIdle(true);\n      onIdle?.();\n    }, idleTimeoutMs);\n\n    // Start countdown interval for time remaining\n    countdownIntervalRef.current = setInterval(() => {\n      const elapsed = Date.now() - lastActivityRef.current;\n      const remaining = Math.max(0, idleTimeoutMs - elapsed);\n      setTimeRemaining(remaining);\n\n      if (remaining === 0) {\n        clearTimers();\n      }\n    }, 1000);\n\n    // Persist activity time\n    try {\n      localStorage.setItem(storageKey, now.toString());\n    } catch (error) {\n      logger.warn('useInactivityTracker', 'Failed to persist activity time:', error);\n    }\n\n    // Broadcast activity to other tabs\n    try {\n      if (channelRef.current) {\n        channelRef.current.postMessage({ type: 'activity', timestamp: now });\n      }\n    } catch (error) {\n      logger.warn('useInactivityTracker', 'Failed to broadcast activity:', error);\n    }\n  }, [enabled, idleTimeoutMs, warnBeforeMs, onIdle, onWarning, onActivity, storageKey, clearTimers]);\n\n  // Start tracking\n  const startTracking = useCallback(() => {\n    if (!enabled) return;\n\n    // Always reset state and start fresh\n    setIsTracking(false);\n    setIsIdle(false);\n    setShowWarning(false);\n    setTimeRemaining(idleTimeoutMs);\n    \n    // Clear any existing timers\n    clearTimers();\n    \n    setIsTracking(true);\n\n    // Set up cross-tab communication\n    try {\n      if (typeof BroadcastChannel !== 'undefined') {\n        channelRef.current = new BroadcastChannel(channelName);\n        channelRef.current.onmessage = (event) => {\n          if (event.data.type === 'activity') {\n            lastActivityRef.current = event.data.timestamp;\n            resetActivity();\n          }\n        };\n      }\n    } catch (error) {\n      logger.warn('useInactivityTracker', 'Failed to set up cross-tab communication:', error);\n    }\n\n    // Check for persisted activity time\n    try {\n      const persistedTime = localStorage.getItem(storageKey);\n      if (persistedTime) {\n        const persistedTimestamp = parseInt(persistedTime, 10);\n        const elapsed = Date.now() - persistedTimestamp;\n        \n        if (elapsed < idleTimeoutMs) {\n          // User was active recently, continue from where we left off\n          lastActivityRef.current = persistedTimestamp;\n          const remaining = idleTimeoutMs - elapsed;\n          setTimeRemaining(remaining);\n          \n          if (remaining <= warnBeforeMs) {\n            setShowWarning(true);\n            onWarning?.();\n          }\n          \n          if (remaining <= 0) {\n            setIsIdle(true);\n            onIdle?.();\n            return;\n          }\n        }\n      }\n    } catch (error) {\n      logger.warn('useInactivityTracker', 'Failed to check persisted activity time:', error);\n    }\n\n    // Set up throttled activity handler\n    const throttledResetActivity = throttle((event) => {\n      resetActivity();\n    }, 100);\n\n    // Add event listeners\n    const addEventListeners = () => {\n      ACTIVITY_EVENTS.forEach(event => {\n        document.addEventListener(event, throttledResetActivity, { passive: true });\n      });\n    };\n\n    // Remove event listeners\n    const removeEventListeners = () => {\n      ACTIVITY_EVENTS.forEach(event => {\n        document.removeEventListener(event, throttledResetActivity);\n      });\n    };\n\n    // Add listeners\n    addEventListeners();\n\n    // Start the timer (skip activity callback for initial setup)\n    resetActivity(true);\n\n    // Cleanup function\n    return () => {\n      removeEventListeners();\n      clearTimers();\n      if (channelRef.current) {\n        channelRef.current.close();\n        channelRef.current = null;\n      }\n    };\n  }, [enabled, isTracking, channelName, storageKey, idleTimeoutMs, warnBeforeMs, onIdle, onWarning]);\n\n  // Stop tracking\n  const stopTracking = useCallback(() => {\n    setIsTracking(false);\n    clearTimers();\n    \n    if (channelRef.current) {\n      channelRef.current.close();\n      channelRef.current = null;\n    }\n  }, [clearTimers]);\n\n  // Effect to start/stop tracking based on enabled state\n  useEffect(() => {\n    if (enabled) {\n      const cleanup = startTracking();\n      return cleanup;\n    } else {\n      stopTracking();\n    }\n  }, [enabled, idleTimeoutMs, warnBeforeMs]);\n\n  // Cleanup on unmount\n  useEffect(() => {\n    return () => {\n      clearTimers();\n      if (channelRef.current) {\n        channelRef.current.close();\n      }\n    };\n  }, [clearTimers]);\n\n  return {\n    isIdle,\n    timeRemaining,\n    showWarning,\n    resetActivity,\n    startTracking,\n    stopTracking,\n    isTracking\n  };\n}\n","/**\n * @file Secure Data Access Utility\n * @package @jmruthers/pace-core\n * @module Utils/SecureDataAccess\n * @since 0.4.0\n *\n * Secure data access utilities that enforce organisation context for all database operations.\n * Prevents data leakage between organisations and ensures proper access validation.\n */\n\nimport type { SupabaseClient } from '@supabase/supabase-js';\n\n// Generic database record type\nexport interface DatabaseRecord {\n  id: string;\n  organisation_id: string;\n  [key: string]: unknown;\n}\n\n// Generic data for insert/update operations\nexport interface DatabaseData {\n  [key: string]: unknown;\n}\n\n// Generic filters for queries\nexport interface DatabaseFilters {\n  [key: string]: unknown;\n}\n\n// Secure query options\nexport interface SecureQueryOptions {\n  table: string;\n  select: string;\n  organisationId: string;\n  filters?: DatabaseFilters;\n  orderBy?: string;\n  limit?: number;\n  offset?: number;\n}\n\nexport interface SecureDataAccess {\n  // Secure query methods\n  secureQuery: <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions) => Promise<T[]>;\n  secureSingleQuery: <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions) => Promise<T | null>;\n  \n  // Secure mutation methods\n  secureInsert: <T extends DatabaseRecord = DatabaseRecord>(table: string, data: DatabaseData, organisationId: string) => Promise<T | null>;\n  secureUpdate: <T extends DatabaseRecord = DatabaseRecord>(table: string, data: DatabaseData, filters: DatabaseFilters, organisationId: string) => Promise<T | null>;\n  secureDelete: (table: string, filters: DatabaseFilters, organisationId: string) => Promise<boolean>;\n  \n  // Organisation-scoped queries\n  queryByOrganisation: <T extends DatabaseRecord = DatabaseRecord>(table: string, select: string, organisationId: string, filters?: DatabaseFilters) => Promise<T[]>;\n  \n  // Validation helpers\n  validateOrganisationContext: (organisationId: string) => void;\n  ensureOrganisationColumn: (table: string) => boolean;\n}\n\nexport interface SecureQueryBuilder {\n  table: string;\n  select: string;\n  organisationId: string;\n  filters?: DatabaseFilters;\n  orderBy?: string;\n  limit?: number;\n  offset?: number;\n}\n\n/**\n * Create a secure data access instance\n * @param supabase - Supabase client instance\n * @param organisationId - Current organisation context\n * @param isSuperAdmin - Whether user has super admin privileges\n * @returns Secure data access utilities\n */\nexport const createSecureDataAccess = (\n  supabase: SupabaseClient,\n  organisationId: string,\n  isSuperAdmin: boolean = false\n): SecureDataAccess => {\n  \n  // Validate organisation context\n  const validateOrganisationContext = (orgId: string): void => {\n    if (!orgId) {\n      throw new Error('Organisation context is required for secure data access');\n    }\n    \n    if (!isSuperAdmin && !orgId) {\n      throw new Error('Organisation context is mandatory for non-super admin users');\n    }\n  };\n\n  // Check if table has organisation_id column\n  const ensureOrganisationColumn = (table: string): boolean => {\n    // This is a simplified check - in production you might want to cache this\n    const tablesWithOrganisation = [\n      'event',  'organisation_settings',\n      'rbac_event_app_roles', 'rbac_organisation_roles',\n      // SECURITY: Phase 2 additions - complete organisation table mapping\n      'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n      // SECURITY: Emergency additions for Phase 1 fixes\n      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',\n      // SECURITY: Phase 3A additions - medical and personal data\n      'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',\n      'pace_consent', 'pace_contact', 'pace_id_documents', 'pace_qualifications',\n      'form_responses', 'form_response_values', 'forms',\n      // SECURITY: Phase 3B additions - remaining critical tables\n      'invoice', 'line_item', 'credit_balance', 'payment_method',\n      'form_contexts', 'form_field_config', 'form_fields',\n      'cake_delivery', 'cake_diettype', 'cake_diner', 'cake_dish', 'cake_item', \n      'cake_logistics', 'cake_mealplan', 'cake_package', 'cake_recipe', 'cake_supplier', \n      'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions'\n    ];\n    \n    return tablesWithOrganisation.includes(table);\n  };\n\n  // Build secure query with organisation context\n  const buildSecureQuery = (options: SecureQueryBuilder) => {\n    const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n    \n    validateOrganisationContext(orgId);\n    \n    let query = supabase\n      .from(table)\n      .select(select);\n    \n    // Add organisation filter (unless super admin)\n    if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n      query = query.eq('organisation_id', orgId);\n    }\n    \n    // Add additional filters\n    if (filters) {\n      Object.entries(filters).forEach(([key, value]) => {\n        if (value !== undefined && value !== null) {\n          // Handle qualified column names (e.g., 'users.role')\n          const columnName = key.includes('.') ? key.split('.').pop()! : key;\n          query = query.eq(columnName, value);\n        }\n      });\n    }\n    \n    // Add ordering\n    if (orderBy) {\n      // Only use the column name, not a qualified name\n      const orderByColumn = orderBy.split('.').pop();\n      if (orderByColumn) {\n        query = query.order(orderByColumn);\n      }\n    }\n    \n    // Add pagination\n    if (limit) {\n      query = query.limit(limit);\n    }\n    \n    if (offset) {\n      query = query.range(offset, offset + (limit || 10) - 1);\n    }\n    \n    return query;\n  };\n\n  // Secure query for multiple results\n  const secureQuery = async <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions): Promise<T[]> => {\n    const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n    \n    try {\n      const query = buildSecureQuery({\n        table,\n        select,\n        organisationId: orgId,\n        filters,\n        orderBy,\n        limit,\n        offset\n      });\n      \n      const { data, error } = await query;\n      \n      if (error) {\n        throw error;\n      }\n      \n      // Ensure data is an array and not an error type\n      if (Array.isArray(data)) {\n        return data as unknown as T[];\n      }\n      \n      return [];\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure query for single result\n  const secureSingleQuery = async <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions): Promise<T | null> => {\n    const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n    \n    try {\n      const query = buildSecureQuery({\n        table,\n        select,\n        organisationId: orgId,\n        filters,\n        orderBy,\n        limit,\n        offset\n      });\n      \n      const { data, error } = await query.single();\n      \n      if (error) {\n        if (error.code === 'PGRST116') {\n          // No rows returned\n          return null;\n        }\n        throw error;\n      }\n      \n      // Ensure data is not an error type\n      if (data && typeof data === 'object' && !('code' in data)) {\n        return data as unknown as T;\n      }\n      \n      return null;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure insert with organisation context\n  const secureInsert = async <T extends DatabaseRecord = DatabaseRecord>(\n    table: string, \n    data: DatabaseData, \n    organisationId: string\n  ): Promise<T | null> => {\n    validateOrganisationContext(organisationId);\n    \n    try {\n      const insertData = {\n        ...data,\n        organisation_id: organisationId\n      };\n      \n      const { data: result, error } = await supabase\n        .from(table)\n        .insert(insertData)\n        .select()\n        .single();\n      \n      if (error) {\n        throw error;\n      }\n      \n      return result;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure update with organisation context\n  const secureUpdate = async <T extends DatabaseRecord = DatabaseRecord>(\n    table: string, \n    data: DatabaseData, \n    filters: DatabaseFilters, \n    organisationId: string\n  ): Promise<T | null> => {\n    validateOrganisationContext(organisationId);\n    \n    try {\n      let query = supabase\n        .from(table)\n        .update(data);\n      \n      // Add organisation filter (unless super admin)\n      if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n        query = query.eq('organisation_id', organisationId);\n      }\n      \n      // Add additional filters\n      if (filters) {\n        Object.entries(filters).forEach(([key, value]) => {\n          if (value !== undefined && value !== null) {\n            query = query.eq(key, value);\n          }\n        });\n      }\n      \n      const { data: result, error } = await query.select().single();\n      \n      if (error) {\n        throw error;\n      }\n      \n      return result;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure delete with organisation context\n  const secureDelete = async (\n    table: string, \n    filters: DatabaseFilters, \n    organisationId: string\n  ): Promise<boolean> => {\n    validateOrganisationContext(organisationId);\n    \n    try {\n      let query = supabase\n        .from(table)\n        .delete();\n      \n      // Add organisation filter (unless super admin)\n      if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n        query = query.eq('organisation_id', organisationId);\n      }\n      \n      // Add additional filters\n      if (filters) {\n        Object.entries(filters).forEach(([key, value]) => {\n          if (value !== undefined && value !== null) {\n            query = query.eq(key, value);\n          }\n        });\n      }\n      \n      const { error } = await query;\n      \n      if (error) {\n        throw error;\n      }\n      \n      return true;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Organisation-scoped query helper\n  const queryByOrganisation = async <T extends DatabaseRecord = DatabaseRecord>(\n    table: string, \n    select: string, \n    organisationId: string, \n    filters?: DatabaseFilters\n  ): Promise<T[]> => {\n    return secureQuery<T>({\n      table,\n      select,\n      organisationId,\n      filters\n    });\n  };\n\n  return {\n    secureQuery,\n    secureSingleQuery,\n    secureInsert,\n    secureUpdate,\n    secureDelete,\n    queryByOrganisation,\n    validateOrganisationContext,\n    ensureOrganisationColumn\n  };\n};\n\n/**\n * Hook for secure data access\n * @returns Secure data access utilities\n */\nexport const useSecureDataAccess = (): SecureDataAccess => {\n  // This would typically get the context from providers\n  // For now, we'll create a placeholder that can be used with explicit parameters\n  throw new Error('useSecureDataAccess must be used with explicit parameters. Use createSecureDataAccess instead.');\n}; "],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0DW;AAjBJ,SAAS,qBAAqB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAA8B;AAE5B,QAAM,cAAc,eAAe;AAKnC,MAAI,CAAC,aAAa;AAIhB,YAAQ,KAAK,qHAAqH;AAClI,WAAO,gCAAG,UAAS;AAAA,EACrB;AAEA,QAAM,EAAE,UAAU,MAAM,QAAQ,IAAI;AAMpC,MAAI,CAAC,UAAU;AACb,YAAQ,KAAK,qDAAqD;AAClE,WAAO,gCAAG,UAAS;AAAA,EACrB;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,gBAAgB;AAAA,MAChB;AAAA,MACA;AAAA,MAEC;AAAA;AAAA,EACH;AAEJ;;;ACjCA,SAAgB,WAAW,UAAU,mBAAmB;AAGxD,SAAS,OAAO,qBAAqB;AAoD3B,SAEI,OAAAA,MAFJ;AAhCH,SAAS,uBAAuB;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,QAAQ;AAAA,EACR,cAAc;AAAA,EACd;AACF,GAAgC;AAC9B,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,aAAa;AAG5D,YAAU,MAAM;AACd,mBAAe,aAAa;AAAA,EAC9B,GAAG,CAAC,aAAa,CAAC;AAGlB,QAAMC,cAAa,YAAY,CAAC,YAAoB;AAClD,UAAM,OAAO,KAAK,MAAM,UAAU,EAAE;AACpC,UAAM,OAAO,UAAU;AACvB,WAAO,GAAG,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,EAChF,GAAG,CAAC,CAAC;AAEL,SACE,gBAAAD,KAAC,UAAO,MAAM,QAAQ,cAAc,CAAC,SAAS,CAAC,QAAQ,eAAe,GACpE;AAAA,IAAC;AAAA;AAAA,MACC,WAAW,GAAG,eAAe,SAAS;AAAA,MACtC,sBAAsB;AAAA,MACtB,4BAA4B;AAAA,MAC5B,eAAY;AAAA,MAEZ;AAAA,6BAAC,gBACC;AAAA,+BAAC,SAAI,WAAU,2BACb;AAAA,4BAAAA,KAAC,SAAI,WAAU,iBACb,0BAAAA,KAAC,iBAAc,WAAU,wBAAuB,GAClD;AAAA,YACA,gBAAAA,KAAC,SACC,0BAAAA,KAAC,eAAY,WAAU,uCACpB,iBACH,GACF;AAAA,aACF;AAAA,UACA,gBAAAA,KAAC,qBAAkB,WAAU,sBAC1B,uBACH;AAAA,WACF;AAAA,QAEA,qBAAC,SAAI,WAAU,aAEb;AAAA,+BAAC,SAAI,WAAU,eACb;AAAA,iCAAC,SAAI,WAAU,uFACb;AAAA,8BAAAA,KAAC,SAAM,WAAU,wBAAuB;AAAA,cACxC,gBAAAA,KAAC,UAAK,WAAU,6CACb,UAAAC,YAAW,WAAW,GACzB;AAAA,eACF;AAAA,YACA,gBAAAD,KAAC,OAAE,WAAU,8BAA6B,oDAE1C;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,mCACb;AAAA,4BAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,YACA,gBAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,SAAQ;AAAA,gBACR,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,aACF;AAAA,UAGA,gBAAAA,KAAC,SAAI,WAAU,qCACb,0BAAAA,KAAC,OAAE,sGAEH,GACF;AAAA,WACF;AAAA;AAAA;AAAA,EACF,GACF;AAEJ;;;AC3GA,SAAS,YAAAE,WAAU,aAAAC,YAAW,eAAAC,cAAa,cAAc;AAwCzD,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGA,SAAS,SACP,MACA,OACkC;AAClC,MAAI;AACJ,SAAO,YAAwB,MAAqB;AAClD,QAAI,CAAC,YAAY;AACf,WAAK,MAAM,MAAM,IAAI;AACrB,mBAAa;AACb,iBAAW,MAAO,aAAa,OAAQ,KAAK;AAAA,IAC9C;AAAA,EACF;AACF;AAEO,SAAS,qBAAqB;AAAA,EACnC,gBAAgB,KAAK,KAAK;AAAA;AAAA,EAC1B,eAAe,KAAK;AAAA;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAAU;AAAA,EACV,aAAa;AAAA,EACb,cAAc;AAChB,IAAiC,CAAC,GAA+B;AAC/D,QAAM,CAAC,QAAQ,SAAS,IAAIC,UAAS,KAAK;AAC1C,QAAM,CAAC,eAAe,gBAAgB,IAAIA,UAAS,aAAa;AAChE,QAAM,CAAC,aAAa,cAAc,IAAIA,UAAS,KAAK;AACpD,QAAM,CAAC,YAAY,aAAa,IAAIA,UAAS,KAAK;AAGlD,EAAAC,WAAU,MAAM;AACd,QAAI,CAAC,SAAS;AACZ,oBAAc,KAAK;AACnB,gBAAU,KAAK;AACf,qBAAe,KAAK;AACpB,uBAAiB,aAAa;AAAA,IAChC;AAAA,EACF,GAAG,CAAC,SAAS,aAAa,CAAC;AAE3B,QAAM,aAAa,OAA8B,IAAI;AACrD,QAAM,oBAAoB,OAA8B,IAAI;AAC5D,QAAM,uBAAuB,OAA8B,IAAI;AAC/D,QAAM,kBAAkB,OAAe,KAAK,IAAI,CAAC;AACjD,QAAM,aAAa,OAAgC,IAAI;AAGvD,QAAM,cAAcC,aAAY,MAAM;AACpC,QAAI,WAAW,SAAS;AACtB,mBAAa,WAAW,OAAO;AAC/B,iBAAW,UAAU;AAAA,IACvB;AACA,QAAI,kBAAkB,SAAS;AAC7B,mBAAa,kBAAkB,OAAO;AACtC,wBAAkB,UAAU;AAAA,IAC9B;AACA,QAAI,qBAAqB,SAAS;AAChC,oBAAc,qBAAqB,OAAO;AAC1C,2BAAqB,UAAU;AAAA,IACjC;AAAA,EACF,GAAG,CAAC,CAAC;AAGL,QAAM,gBAAgBA,aAAY,CAAC,uBAAuB,UAAU;AAClE,QAAI,CAAC,QAAS;AAEd,UAAM,MAAM,KAAK,IAAI;AACrB,oBAAgB,UAAU;AAG1B,gBAAY;AAGZ,cAAU,KAAK;AACf,mBAAe,KAAK;AACpB,qBAAiB,aAAa;AAG9B,QAAI,CAAC,sBAAsB;AACzB,mBAAa;AAAA,IACf;AAGA,UAAM,cAAc,gBAAgB;AACpC,QAAI,cAAc,GAAG;AACnB,wBAAkB,UAAU,WAAW,MAAM;AAC3C,uBAAe,IAAI;AACnB,oBAAY;AAAA,MACd,GAAG,WAAW;AAAA,IAChB;AAGA,eAAW,UAAU,WAAW,MAAM;AACpC,gBAAU,IAAI;AACd,eAAS;AAAA,IACX,GAAG,aAAa;AAGhB,yBAAqB,UAAU,YAAY,MAAM;AAC/C,YAAM,UAAU,KAAK,IAAI,IAAI,gBAAgB;AAC7C,YAAM,YAAY,KAAK,IAAI,GAAG,gBAAgB,OAAO;AACrD,uBAAiB,SAAS;AAE1B,UAAI,cAAc,GAAG;AACnB,oBAAY;AAAA,MACd;AAAA,IACF,GAAG,GAAI;AAGP,QAAI;AACF,mBAAa,QAAQ,YAAY,IAAI,SAAS,CAAC;AAAA,IACjD,SAAS,OAAO;AACd,aAAO,KAAK,wBAAwB,oCAAoC,KAAK;AAAA,IAC/E;AAGA,QAAI;AACF,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,YAAY,EAAE,MAAM,YAAY,WAAW,IAAI,CAAC;AAAA,MACrE;AAAA,IACF,SAAS,OAAO;AACd,aAAO,KAAK,wBAAwB,iCAAiC,KAAK;AAAA,IAC5E;AAAA,EACF,GAAG,CAAC,SAAS,eAAe,cAAc,QAAQ,WAAW,YAAY,YAAY,WAAW,CAAC;AAGjG,QAAM,gBAAgBA,aAAY,MAAM;AACtC,QAAI,CAAC,QAAS;AAGd,kBAAc,KAAK;AACnB,cAAU,KAAK;AACf,mBAAe,KAAK;AACpB,qBAAiB,aAAa;AAG9B,gBAAY;AAEZ,kBAAc,IAAI;AAGlB,QAAI;AACF,UAAI,OAAO,qBAAqB,aAAa;AAC3C,mBAAW,UAAU,IAAI,iBAAiB,WAAW;AACrD,mBAAW,QAAQ,YAAY,CAAC,UAAU;AACxC,cAAI,MAAM,KAAK,SAAS,YAAY;AAClC,4BAAgB,UAAU,MAAM,KAAK;AACrC,0BAAc;AAAA,UAChB;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,aAAO,KAAK,wBAAwB,6CAA6C,KAAK;AAAA,IACxF;AAGA,QAAI;AACF,YAAM,gBAAgB,aAAa,QAAQ,UAAU;AACrD,UAAI,eAAe;AACjB,cAAM,qBAAqB,SAAS,eAAe,EAAE;AACrD,cAAM,UAAU,KAAK,IAAI,IAAI;AAE7B,YAAI,UAAU,eAAe;AAE3B,0BAAgB,UAAU;AAC1B,gBAAM,YAAY,gBAAgB;AAClC,2BAAiB,SAAS;AAE1B,cAAI,aAAa,cAAc;AAC7B,2BAAe,IAAI;AACnB,wBAAY;AAAA,UACd;AAEA,cAAI,aAAa,GAAG;AAClB,sBAAU,IAAI;AACd,qBAAS;AACT;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,aAAO,KAAK,wBAAwB,4CAA4C,KAAK;AAAA,IACvF;AAGA,UAAM,yBAAyB,SAAS,CAAC,UAAU;AACjD,oBAAc;AAAA,IAChB,GAAG,GAAG;AAGN,UAAM,oBAAoB,MAAM;AAC9B,sBAAgB,QAAQ,WAAS;AAC/B,iBAAS,iBAAiB,OAAO,wBAAwB,EAAE,SAAS,KAAK,CAAC;AAAA,MAC5E,CAAC;AAAA,IACH;AAGA,UAAM,uBAAuB,MAAM;AACjC,sBAAgB,QAAQ,WAAS;AAC/B,iBAAS,oBAAoB,OAAO,sBAAsB;AAAA,MAC5D,CAAC;AAAA,IACH;AAGA,sBAAkB;AAGlB,kBAAc,IAAI;AAGlB,WAAO,MAAM;AACX,2BAAqB;AACrB,kBAAY;AACZ,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,MAAM;AACzB,mBAAW,UAAU;AAAA,MACvB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,SAAS,YAAY,aAAa,YAAY,eAAe,cAAc,QAAQ,SAAS,CAAC;AAGjG,QAAM,eAAeA,aAAY,MAAM;AACrC,kBAAc,KAAK;AACnB,gBAAY;AAEZ,QAAI,WAAW,SAAS;AACtB,iBAAW,QAAQ,MAAM;AACzB,iBAAW,UAAU;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,WAAW,CAAC;AAGhB,EAAAD,WAAU,MAAM;AACd,QAAI,SAAS;AACX,YAAM,UAAU,cAAc;AAC9B,aAAO;AAAA,IACT,OAAO;AACL,mBAAa;AAAA,IACf;AAAA,EACF,GAAG,CAAC,SAAS,eAAe,YAAY,CAAC;AAGzC,EAAAA,WAAU,MAAM;AACd,WAAO,MAAM;AACX,kBAAY;AACZ,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,MAAM;AAAA,MAC3B;AAAA,IACF;AAAA,EACF,GAAG,CAAC,WAAW,CAAC;AAEhB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ACzSO,IAAM,yBAAyB,CACpC,UACA,gBACA,eAAwB,UACH;AAGrB,QAAM,8BAA8B,CAAC,UAAwB;AAC3D,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,MAAM,yDAAyD;AAAA,IAC3E;AAEA,QAAI,CAAC,gBAAgB,CAAC,OAAO;AAC3B,YAAM,IAAI,MAAM,6DAA6D;AAAA,IAC/E;AAAA,EACF;AAGA,QAAM,2BAA2B,CAAC,UAA2B;AAE3D,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAU;AAAA,MACV;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA;AAAA,MAE7C;AAAA,MAAgB;AAAA,MAAkB;AAAA,MAAa;AAAA,MAAoB;AAAA,MACnE;AAAA,MAAgB;AAAA,MAAgB;AAAA,MAAqB;AAAA,MACrD;AAAA,MAAkB;AAAA,MAAwB;AAAA;AAAA,MAE1C;AAAA,MAAW;AAAA,MAAa;AAAA,MAAkB;AAAA,MAC1C;AAAA,MAAiB;AAAA,MAAqB;AAAA,MACtC;AAAA,MAAiB;AAAA,MAAiB;AAAA,MAAc;AAAA,MAAa;AAAA,MAC7D;AAAA,MAAkB;AAAA,MAAiB;AAAA,MAAgB;AAAA,MAAe;AAAA,MAClE;AAAA,MAAe;AAAA,MAAa;AAAA,MAAoB;AAAA,MAAoB;AAAA,IACtE;AAEA,WAAO,uBAAuB,SAAS,KAAK;AAAA,EAC9C;AAGA,QAAM,mBAAmB,CAAC,YAAgC;AACxD,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,gCAA4B,KAAK;AAEjC,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,MAAM;AAGhB,QAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,cAAQ,MAAM,GAAG,mBAAmB,KAAK;AAAA,IAC3C;AAGA,QAAI,SAAS;AACX,aAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,YAAI,UAAU,UAAa,UAAU,MAAM;AAEzC,gBAAM,aAAa,IAAI,SAAS,GAAG,IAAI,IAAI,MAAM,GAAG,EAAE,IAAI,IAAK;AAC/D,kBAAQ,MAAM,GAAG,YAAY,KAAK;AAAA,QACpC;AAAA,MACF,CAAC;AAAA,IACH;AAGA,QAAI,SAAS;AAEX,YAAM,gBAAgB,QAAQ,MAAM,GAAG,EAAE,IAAI;AAC7C,UAAI,eAAe;AACjB,gBAAQ,MAAM,MAAM,aAAa;AAAA,MACnC;AAAA,IACF;AAGA,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM,KAAK;AAAA,IAC3B;AAEA,QAAI,QAAQ;AACV,cAAQ,MAAM,MAAM,QAAQ,UAAU,SAAS,MAAM,CAAC;AAAA,IACxD;AAEA,WAAO;AAAA,EACT;AAGA,QAAM,cAAc,OAAkD,YAA8C;AAClH,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,QAAI;AACF,YAAM,QAAQ,iBAAiB;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAGA,UAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,eAAO;AAAA,MACT;AAEA,aAAO,CAAC;AAAA,IACV,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,oBAAoB,OAAkD,YAAmD;AAC7H,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,QAAI;AACF,YAAM,QAAQ,iBAAiB;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,MAAM,OAAO;AAE3C,UAAI,OAAO;AACT,YAAI,MAAM,SAAS,YAAY;AAE7B,iBAAO;AAAA,QACT;AACA,cAAM;AAAA,MACR;AAGA,UAAI,QAAQ,OAAO,SAAS,YAAY,EAAE,UAAU,OAAO;AACzD,eAAO;AAAA,MACT;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,MACAE,oBACsB;AACtB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,YAAM,aAAa;AAAA,QACjB,GAAG;AAAA,QACH,iBAAiBA;AAAA,MACnB;AAEA,YAAM,EAAE,MAAM,QAAQ,MAAM,IAAI,MAAM,SACnC,KAAK,KAAK,EACV,OAAO,UAAU,EACjB,OAAO,EACP,OAAO;AAEV,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,MACA,SACAA,oBACsB;AACtB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,UAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,IAAI;AAGd,UAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,gBAAQ,MAAM,GAAG,mBAAmBA,eAAc;AAAA,MACpD;AAGA,UAAI,SAAS;AACX,eAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,cAAI,UAAU,UAAa,UAAU,MAAM;AACzC,oBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,UAC7B;AAAA,QACF,CAAC;AAAA,MACH;AAEA,YAAM,EAAE,MAAM,QAAQ,MAAM,IAAI,MAAM,MAAM,OAAO,EAAE,OAAO;AAE5D,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,SACAA,oBACqB;AACrB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,UAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO;AAGV,UAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,gBAAQ,MAAM,GAAG,mBAAmBA,eAAc;AAAA,MACpD;AAGA,UAAI,SAAS;AACX,eAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,cAAI,UAAU,UAAa,UAAU,MAAM;AACzC,oBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,UAC7B;AAAA,QACF,CAAC;AAAA,MACH;AAEA,YAAM,EAAE,MAAM,IAAI,MAAM;AAExB,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,sBAAsB,OAC1B,OACA,QACAA,iBACA,YACiB;AACjB,WAAO,YAAe;AAAA,MACpB;AAAA,MACA;AAAA,MACA,gBAAAA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":["jsx","formatTime","useState","useEffect","useCallback","useState","useEffect","useCallback","organisationId"]}

package/dist/providers.d.ts

@@ -1,12 +1,12 @@
-export { b as UnifiedAuthContextType, U as UnifiedAuthProvider, a as UnifiedAuthProviderProps, c as UserEventAccess, u as useUnifiedAuth } from './UnifiedAuthProvider-DJxGTftH.js';
-import { A as AuthService } from './AuthService-DYuQPJj6.js';
-export { a as EventContextType, b as EventServiceContext, E as EventServiceContextType, d as EventServiceProvider, c as EventServiceProviderProps, i as InactivityServiceContext, I as InactivityServiceContextType, k as InactivityServiceProvider, j as InactivityServiceProviderProps, e as OrganisationServiceContext, O as OrganisationServiceContextType, g as OrganisationServiceProvider, f as OrganisationServiceProviderProps, u as useEventService, l as useInactivityService, h as useOrganisationService } from './AuthService-DYuQPJj6.js';
+export { a as UnifiedAuthContextType, c as UnifiedAuthProvider, b as UnifiedAuthProviderProps, U as UserEventAccess, u as useUnifiedAuth } from './UnifiedAuthProvider-F86d7dSi.js';
+import { A as AuthService } from './AuthService-B-cd2MA4.js';
+export { a as EventServiceContext, E as EventServiceContextType, c as EventServiceProvider, b as EventServiceProviderProps, g as InactivityServiceContext, I as InactivityServiceContextType, i as InactivityServiceProvider, h as InactivityServiceProviderProps, d as OrganisationServiceContext, O as OrganisationServiceContextType, f as OrganisationServiceProvider, e as OrganisationServiceProviderProps } from './AuthService-B-cd2MA4.js';
 import * as react_jsx_runtime from 'react/jsx-runtime';
 import React__default from 'react';
 import { SupabaseClient } from '@supabase/supabase-js';
-import { S as SessionRestorationState } from './auth-DReDSLq9.js';
-import './organisation-D6qRDtbF.js';
-import './unified-DQ4VcT7H.js';
+import { S as SessionRestorationState } from './auth-BZOJqrdd.js';
+import './event-CW5YB_2p.js';
+import './core-CUElvH_C.js';
 
 interface AuthServiceContextType {
     authService: AuthService;
@@ -19,6 +19,5 @@ interface AuthServiceProviderProps {
     appName?: string;
 }
 declare function AuthServiceProvider({ children, supabaseClient, appName }: AuthServiceProviderProps): react_jsx_runtime.JSX.Element;
-declare const useAuthService: () => AuthService;
 
-export { AuthServiceContext, type AuthServiceContextType, AuthServiceProvider, type AuthServiceProviderProps, useAuthService };
+export { AuthServiceContext, type AuthServiceContextType, AuthServiceProvider, type AuthServiceProviderProps };

package/dist/providers.js

@@ -1,4 +1,4 @@
-import "./chunk-ERGKJX4D.js";
+import "./chunk-KQCRWDSA.js";
 import {
   AuthServiceContext,
   AuthServiceProvider,
@@ -9,15 +9,12 @@ import {
   OrganisationServiceContext,
   OrganisationServiceProvider,
   UnifiedAuthProvider,
-  useAuthService,
-  useEventService,
-  useInactivityService,
-  useOrganisationService,
   useUnifiedAuth
-} from "./chunk-WM26XK7I.js";
-import "./chunk-7QCC6MCP.js";
-import "./chunk-XDNLUEXI.js";
-import "./chunk-PLDDJCW6.js";
+} from "./chunk-FUEYYMX5.js";
+import "./chunk-QXHPKYJV.js";
+import "./chunk-VBXEHIUJ.js";
+import "./chunk-PWLANIRT.js";
+import "./chunk-7D4SUZUM.js";
 export {
   AuthServiceContext,
   AuthServiceProvider,
@@ -28,10 +25,6 @@ export {
   OrganisationServiceContext,
   OrganisationServiceProvider,
   UnifiedAuthProvider,
-  useAuthService,
-  useEventService,
-  useInactivityService,
-  useOrganisationService,
   useUnifiedAuth
 };
 //# sourceMappingURL=providers.js.map

package/dist/rbac/index.d.ts

@@ -1,106 +1,11 @@
+import { U as UUID, g as PermissionCacheKey, h as AuditEventSource, i as RBACAuditEvent, a as PermissionCheck, S as Scope, A as AccessLevel, b as PermissionMap, j as RBACAppContext, k as RBACRoleContext, P as Permission, l as UserRBACContext } from '../types-UU913iLA.js';
+export { E as EventAppRole, G as GlobalRole, I as InvalidScopeError, M as MissingUserContextError, O as Operation, e as OrganisationContextRequiredError, c as OrganisationRole, d as PermissionDeniedError, R as RBACError, f as RBACNotInitializedError } from '../types-UU913iLA.js';
+export { A as AccessLevelContext, s as AuditEventType, P as PermissionSource, d as RBACAccessValidateParams, e as RBACAccessValidateResult, q as RBACAuditLogParams, r as RBACAuditLogResult, t as RBACContext, w as RBACErrorCode, v as RBACFunctionResponse, f as RBACPageAccessCheckParams, R as RBACPermissionCheckParams, a as RBACPermissionCheckResult, b as RBACPermissionsGetParams, c as RBACPermissionsGetResult, u as RBACResult, g as RBACRoleGrantParams, h as RBACRoleGrantResult, i as RBACRoleRevokeParams, j as RBACRoleRevokeResult, m as RBACRoleValidateParams, n as RBACRoleValidateResult, k as RBACRolesListParams, l as RBACRolesListResult, o as RBACSessionTrackParams, p as RBACSessionTrackResult, x as RPCFunction, S as SessionType } from '../functions-D_kgHktt.js';
 import { SupabaseClient } from '@supabase/supabase-js';
-import { D as Database } from '../database-C6jy7EOu.js';
+import { D as Database } from '../database.generated-CBmg2950.js';
 import * as react_jsx_runtime from 'react/jsx-runtime';
 import React__default, { ReactNode } from 'react';
-
-/**
- * RBAC (Role-Based Access Control) Types - Build Contract Compliant
- * @package @jmruthers/pace-core
- * @module RBAC/Types
- * @since 1.0.0
- *
- * This module defines the core types for the RBAC system that match the build contract exactly.
- * All types are designed to be framework-agnostic and provide strong typing for permission operations.
- */
-
-type UUID = string;
-type Operation = 'read' | 'create' | 'update' | 'delete';
-type Permission = `${Operation}:${string}`;
-type AccessLevel = 'viewer' | 'participant' | 'planner' | 'admin' | 'super';
-type Scope = {
-    organisationId?: UUID;
-    eventId?: string;
-    appId?: UUID;
-};
-type PermissionCheck = {
-    userId: UUID;
-    scope: Scope;
-    permission: Permission;
-    pageId?: UUID | string;
-};
-type PermissionMap = Record<Permission, boolean> & Partial<Record<'*', boolean>>;
-type GlobalRole = 'super_admin';
-type OrganisationRole = 'supporter' | 'member' | 'leader' | 'org_admin';
-type EventAppRole = 'viewer' | 'participant' | 'planner' | 'event_admin';
-type AuditEventType = 'permission_check' | 'permission_denied' | 'role_granted' | 'role_denied' | 'rls_denied';
-type AuditEventSource = 'api' | 'ui' | 'middleware' | 'rls';
-interface RBACAuditEvent {
-    id: UUID;
-    event_type: AuditEventType;
-    user_id: UUID;
-    organisation_id: UUID | null;
-    event_id?: string;
-    app_id?: UUID;
-    page_id?: UUID;
-    permission?: string;
-    decision?: boolean;
-    source?: AuditEventSource;
-    bypass?: boolean;
-    duration_ms?: number;
-    metadata: Record<string, any>;
-    created_at: string;
-}
-interface RBACAppContext {
-    appId: UUID;
-    hasAccess: boolean;
-}
-interface RBACRoleContext {
-    globalRole: GlobalRole | null;
-    organisationRole: OrganisationRole | null;
-    eventAppRole: EventAppRole | null;
-}
-interface PermissionCacheKey {
-    userId: UUID;
-    organisationId?: UUID;
-    eventId?: string;
-    appId?: UUID;
-    permission?: Permission;
-    pageId?: UUID | string;
-}
-interface UserRBACContext {
-    user: any;
-    globalRole: GlobalRole | null;
-    organisationRole: OrganisationRole | null;
-    eventAppRole: EventAppRole | null;
-    hasGlobalPermission: (permission: Permission) => boolean;
-    isSuperAdmin: boolean;
-    isOrgAdmin: boolean;
-    isEventAdmin: boolean;
-    canManageOrganisation: boolean;
-    canManageEvent: boolean;
-    isLoading: boolean;
-    error: Error | null;
-}
-declare class RBACError extends Error {
-    code: string;
-    context?: Record<string, any> | undefined;
-    constructor(message: string, code: string, context?: Record<string, any> | undefined);
-}
-declare class PermissionDeniedError extends RBACError {
-    constructor(permission: Permission, context?: Record<string, any>);
-}
-declare class OrganisationContextRequiredError extends RBACError {
-    constructor();
-}
-declare class RBACNotInitializedError extends RBACError {
-    constructor();
-}
-declare class InvalidScopeError extends RBACError {
-    constructor(scope: Scope, reason: string);
-}
-declare class MissingUserContextError extends RBACError {
-    constructor();
-}
+import '../core-CUElvH_C.js';
 
 /**
  * RBAC Security Enhancements
@@ -191,6 +96,7 @@ declare function isDevelopmentMode(): boolean;
  */
 declare class SecureSupabaseClient {
     private supabase;
+    private edgeFunctionClient;
     private supabaseUrl;
     private supabaseKey;
     private organisationId;
@@ -201,6 +107,22 @@ declare class SecureSupabaseClient {
      * Setup context injection for all database operations
      */
     private setupContextInjection;
+    /**
+     * Setup Edge Function handling to bypass custom headers
+     * Edge Functions may not have CORS configured to accept custom headers,
+     * so we create a separate client without custom headers for Edge Function calls
+     *
+     * NOTE: We store the edge function client but don't override functions here.
+     * Instead, we provide a method to get the edge function client for direct use.
+     * This avoids interfering with the main client's operations.
+     */
+    private setupEdgeFunctionHandling;
+    /**
+     * Get a client for Edge Function calls without custom headers
+     * Edge Functions may not have CORS configured to accept custom headers
+     * @returns Supabase client without custom headers for Edge Function calls
+     */
+    getEdgeFunctionClient(): SupabaseClient<Database>;
     /**
      * Inject organisation context into a query
      */
@@ -1607,6 +1529,154 @@ declare function useRoleManagement(): {
     error: Error | null;
 };
 
+/**
+ * @file Secure Supabase Client Hook
+ * @package @jmruthers/pace-core
+ * @module RBAC/Hooks
+ * @since 1.0.0
+ *
+ * React hook for getting a secure Supabase client with automatic context injection
+ * and caching to prevent multiple client instances.
+ *
+ * ## Overview
+ *
+ * This hook provides a secure Supabase client that automatically injects
+ * organisation and event context for all database operations, while preventing
+ * the creation of multiple Supabase client instances (which causes the
+ * "Multiple GoTrueClient instances" warning).
+ *
+ * ## Features
+ *
+ * - **Automatic Context Injection**: Organisation, event, and app context are
+ *   automatically injected into all database queries
+ * - **Client Instance Caching**: Prevents creating duplicate Supabase clients
+ *   for the same context, eliminating the "Multiple GoTrueClient instances" warning
+ * - **Automatic Fallback**: Falls back to base client when context is unavailable
+ * - **Type-Safe**: Full TypeScript support with proper type inference
+ *
+ * ## Usage
+ *
+ * ### Basic Usage
+ *
+ * ```tsx
+ * import { useSecureSupabase } from '@jmruthers/pace-core/rbac';
+ *
+ * function MyComponent() {
+ *   const supabase = useSecureSupabase();
+ *
+ *   if (!supabase) {
+ *     return <div>Loading context...</div>;
+ *   }
+ *
+ *   const fetchData = async () => {
+ *     const { data, error } = await supabase
+ *       .from('users')
+ *       .select('*');
+ *     // Organisation context is automatically injected
+ *   };
+ *
+ *   return <div>...</div>;
+ * }
+ * ```
+ *
+ * ### With Base Client Fallback
+ *
+ * ```tsx
+ * import { useSecureSupabase } from '@jmruthers/pace-core/rbac';
+ * import { supabase } from './lib/supabase';
+ *
+ * function MyComponent() {
+ *   // Provide base client as fallback
+ *   const secureSupabase = useSecureSupabase(supabase);
+ *
+ *   // secureSupabase will be the secure client when context is available,
+ *   // or the base client when context is unavailable
+ * }
+ * ```
+ *
+ * ## How It Works
+ *
+ * 1. **Context Resolution**: The hook uses `useResolvedScope` to get the current
+ *    organisation, event, and app context
+ * 2. **Client Caching**: Clients are cached by context key (organisationId-eventId-appId)
+ *    to prevent duplicate instances
+ * 3. **Automatic Injection**: The secure client automatically injects context headers
+ *    into all database operations
+ * 4. **Fallback Behavior**: When context is unavailable or event is loading, the hook
+ *    returns the base client (or null if no base client provided)
+ *
+ * ## Security
+ *
+ * - **Organisation Context Enforcement**: All queries automatically include organisation
+ *   context, preventing cross-organisation data access
+ * - **Event Context Injection**: Event context is automatically included when available
+ * - **App Context Support**: App context is included when resolved from scope
+ *
+ * ## Performance
+ *
+ * - **Client Instance Caching**: Prevents creating multiple Supabase clients for the
+ *   same context, reducing memory usage and eliminating the "Multiple GoTrueClient
+ *   instances" warning
+ * - **Cache Management**: Automatically cleans up old cache entries (keeps last 5)
+ *   to prevent memory leaks
+ * - **Stable References**: Returns stable client references to prevent unnecessary
+ *   re-renders in consuming components
+ *
+ * ## Requirements
+ *
+ * - Must be used within `UnifiedAuthProvider` context
+ * - Requires `useOrganisations` and `useEvents` hooks to be available
+ * - Environment variables `VITE_SUPABASE_URL` and `VITE_SUPABASE_ANON_KEY` must be set
+ *   (or `NEXT_PUBLIC_SUPABASE_URL` and `NEXT_PUBLIC_SUPABASE_ANON_KEY` for Next.js)
+ *
+ * ## See Also
+ *
+ * - {@link SecureSupabaseClient} - The underlying secure client class
+ * - {@link createSecureClient} - Function to create secure clients manually
+ * - {@link useResolvedScope} - Hook for resolving RBAC scope
+ *
+ * @security
+ * - Enforces organisation context on all queries
+ * - Prevents cross-organisation data access
+ * - Automatic context injection
+ *
+ * @performance
+ * - Client instance caching prevents duplicate creation
+ * - Reuses cached clients for same context
+ * - Automatic cache cleanup
+ */
+
+/**
+ * Hook to get a secure Supabase client with automatic context injection
+ *
+ * Returns a secure client when organisation context is available,
+ * otherwise returns null. The client automatically injects organisation
+ * and event context into all database operations.
+ *
+ * Uses caching to prevent creating multiple Supabase client instances,
+ * which causes the "Multiple GoTrueClient instances" warning.
+ *
+ * @param baseClient - Optional base Supabase client to use as fallback
+ * @returns Secure Supabase client or null if context is not available
+ *
+ * @example
+ * ```tsx
+ * import { useSecureSupabase } from '@jmruthers/pace-core/rbac';
+ *
+ * function MyComponent() {
+ *   const supabase = useSecureSupabase();
+ *
+ *   if (!supabase) {
+ *     return <div>Loading context...</div>;
+ *   }
+ *
+ *   // Use supabase client - organisation context is automatically injected
+ *   const { data } = await supabase.from('users').select('*');
+ * }
+ * ```
+ */
+declare function useSecureSupabase(baseClient?: SupabaseClient<Database> | null): SupabaseClient<Database> | null;
+
 /**
  * RBAC Adapters
  * @package @jmruthers/pace-core
@@ -2185,4 +2255,4 @@ declare const ALL_PERMISSIONS: {
 };
 type AllPermissions = typeof ALL_PERMISSIONS;
 
-export { ALL_PERMISSIONS, type AccessLevel, AccessLevelGuard, type AllPermissions, CACHE_PATTERNS, type DataAccessRecord, EVENT_APP_PERMISSIONS, EnhancedNavigationMenu, type EnhancedNavigationMenuProps, type EventAppRole, type EventAppRoleData, GLOBAL_PERMISSIONS, type GlobalRole, type GrantEventAppRoleParams, InvalidScopeError, type LogLevel, MissingUserContextError, type NavigationAccessRecord, type NavigationContextType, NavigationGuard, type NavigationGuardProps, type NavigationItem, NavigationProvider, type NavigationProviderProps, ORGANISATION_PERMISSIONS, type Operation, OrganisationContextRequiredError, type OrganisationRole, PAGE_PERMISSIONS, type PageAccessRecord, type PagePermissionContextType, PagePermissionGuard, type PagePermissionGuardProps, PagePermissionProvider, type PagePermissionProviderProps, type Permission, type PermissionCheck, PermissionDeniedError, PermissionEnforcer, type PermissionEnforcerProps, PermissionGuard, type PermissionMap, RBACAuditManager, RBACCache, type RBACConfig, RBACEngine, RBACError, type RBACLogger, RBACNotInitializedError, type ResourcePermissions, type RevokeEventAppRoleParams, RoleBasedRouter, type RoleBasedRouterContextType, type RoleBasedRouterProps, type RoleManagementResult, type RouteAccessRecord, type RouteConfig, type Scope, type SecureDataContextType, SecureDataProvider, type SecureDataProviderProps, SecureSupabaseClient, type UUID, type UseResolvedScopeOptions, type UseResolvedScopeReturn, type UseResourcePermissionsOptions, createAuditManager, createRBACConfig, createRBACEngine, createRBACExpressMiddleware, createRBACMiddleware, createSecureClient, emitAuditEvent, fromSupabaseClient, getAccessLevel, getGlobalAuditManager, getPermissionMap, getPermissionsForRole, getRBACConfig, getRBACLogger, getRoleContext, hasAllPermissions, hasAnyPermission, hasAnyPermissionCached, hasPermission, hasPermissionCached, isDebugMode, isDevelopmentMode, isPermitted, isPermittedCached, isValidPermission, rbacCache, resolveAppContext, setGlobalAuditManager, setupRBAC, useAccessLevel, useCachedPermissions, useCan, useHasAllPermissions, useHasAnyPermission, useMultiplePermissions, useNavigationPermissions, usePagePermissions, usePermissions, useRBAC, useResolvedScope, useResourcePermissions, useRoleBasedRouter, useRoleManagement, useSecureData, withAccessLevelGuard, withPermissionGuard, withRoleGuard };
+export { ALL_PERMISSIONS, AccessLevel, AccessLevelGuard, type AllPermissions, CACHE_PATTERNS, type DataAccessRecord, EVENT_APP_PERMISSIONS, EnhancedNavigationMenu, type EnhancedNavigationMenuProps, type EventAppRoleData, GLOBAL_PERMISSIONS, type GrantEventAppRoleParams, type LogLevel, type NavigationAccessRecord, type NavigationContextType, NavigationGuard, type NavigationGuardProps, type NavigationItem, NavigationProvider, type NavigationProviderProps, ORGANISATION_PERMISSIONS, PAGE_PERMISSIONS, type PageAccessRecord, type PagePermissionContextType, PagePermissionGuard, type PagePermissionGuardProps, PagePermissionProvider, type PagePermissionProviderProps, Permission, PermissionCheck, PermissionEnforcer, type PermissionEnforcerProps, PermissionGuard, PermissionMap, RBACAuditManager, RBACCache, type RBACConfig, RBACEngine, type RBACLogger, type ResourcePermissions, type RevokeEventAppRoleParams, RoleBasedRouter, type RoleBasedRouterContextType, type RoleBasedRouterProps, type RoleManagementResult, type RouteAccessRecord, type RouteConfig, Scope, type SecureDataContextType, SecureDataProvider, type SecureDataProviderProps, SecureSupabaseClient, UUID, type UseResolvedScopeOptions, type UseResolvedScopeReturn, type UseResourcePermissionsOptions, createAuditManager, createRBACConfig, createRBACEngine, createRBACExpressMiddleware, createRBACMiddleware, createSecureClient, emitAuditEvent, fromSupabaseClient, getAccessLevel, getGlobalAuditManager, getPermissionMap, getPermissionsForRole, getRBACConfig, getRBACLogger, getRoleContext, hasAllPermissions, hasAnyPermission, hasAnyPermissionCached, hasPermission, hasPermissionCached, isDebugMode, isDevelopmentMode, isPermitted, isPermittedCached, isValidPermission, rbacCache, resolveAppContext, setGlobalAuditManager, setupRBAC, useAccessLevel, useCachedPermissions, useCan, useHasAllPermissions, useHasAnyPermission, useMultiplePermissions, useNavigationPermissions, usePagePermissions, usePermissions, useRBAC, useResolvedScope, useResourcePermissions, useRoleBasedRouter, useRoleManagement, useSecureData, useSecureSupabase, withAccessLevelGuard, withPermissionGuard, withRoleGuard };