@jmruthers/pace-core 0.5.181 → 0.5.182

package/dist/utils.js

@@ -11,15 +11,20 @@ import {
   getCurrentAppId,
   setAppConfig,
   useSessionTracking
-} from "./chunk-FFKNH6U5.js";
+} from "./chunk-HKIT6O7W.js";
 import {
   CachedAppIdResolver,
   LoadingSpinner,
   cachedAppIdResolver,
   getAppId,
   getAppIds
-} from "./chunk-S5OFRT4M.js";
-import "./chunk-OWAG3GSU.js";
+} from "./chunk-KUEN3HFB.js";
+import {
+  cn,
+  renderSafeHtml,
+  sanitizeHtml,
+  validateHtml
+} from "./chunk-R77UEZ4E.js";
 import {
   getAppNameFromBuildTime,
   getAppNameFromEnvironment,
@@ -28,49 +33,40 @@ import {
   getCurrentAppName,
   getCurrentAppNameWithFallback,
   setRBACAppName
-} from "./chunk-Q5QRDWKI.js";
-import {
-  deepMerge,
-  isEmpty,
-  isObject,
-  isStrongPassword,
-  isValidDate,
-  isValidEmail,
-  isValidUrl,
-  isWithinRange,
-  matchesPattern
-} from "./chunk-JISYG63F.js";
+} from "./chunk-F2IMUDXZ.js";
 import {
   useComponentPerformance
-} from "./chunk-ANBQRTPX.js";
+} from "./chunk-E66EQZE6.js";
 import {
   PERFORMANCE_BUDGETS,
   performanceBudgetMonitor
 } from "./chunk-FMUCXFII.js";
-import {
-  cn
-} from "./chunk-56XJ3TU6.js";
 import {
   clearOrganisationContext,
   getOrganisationContext,
-  init_organisationContext,
-  init_secureStorage,
   isOrganisationContextAvailable,
   secureStorage,
   setOrganisationContext
-} from "./chunk-7QCC6MCP.js";
+} from "./chunk-VBXEHIUJ.js";
 import {
+  changePasswordSchema,
   combineSchemas,
-  pickSchema
-} from "./chunk-BJPBT3CU.js";
+  contactFormSchema,
+  loginSchema,
+  passwordResetSchema,
+  pickSchema,
+  registrationSchema,
+  secureLoginSchema,
+  securePasswordSchema,
+  userProfileSchema
+} from "./chunk-LMC26NLJ.js";
 import {
   LogLevel,
   Logger,
   createLogger,
-  init_logger,
   logger
-} from "./chunk-XDNLUEXI.js";
-import "./chunk-PLDDJCW6.js";
+} from "./chunk-PWLANIRT.js";
+import "./chunk-7D4SUZUM.js";
 
 // src/utils/core/debugLogger.ts
 var DebugLogger = class {
@@ -122,8 +118,63 @@ var DebugLogger = class {
   }
 };
 
-// src/utils/index.ts
-init_logger();
+// src/utils/validation/validation.ts
+function isValidEmail(email) {
+  const emailPattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+  return emailPattern.test(email);
+}
+function isEmpty(value) {
+  return value === null || value === void 0 || value.trim() === "";
+}
+function isStrongPassword(password) {
+  const passwordPattern = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,}$/;
+  return passwordPattern.test(password);
+}
+function isValidUrl(url) {
+  try {
+    new URL(url);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function isValidDate(dateStr) {
+  const date = new Date(dateStr);
+  return !isNaN(date.getTime());
+}
+function isWithinRange(value, min, max) {
+  return value >= min && value <= max;
+}
+function matchesPattern(value, pattern) {
+  return pattern.test(value);
+}
+function deepMerge(target, source) {
+  const output = { ...target };
+  if (isObject(target) && isObject(source)) {
+    Object.keys(source).forEach((key) => {
+      if (isObject(source[key])) {
+        if (!(key in target)) {
+          Object.assign(output, { [key]: source[key] });
+        } else {
+          const targetKey = key;
+          const targetValue = target[targetKey];
+          if (isObject(targetValue)) {
+            output[targetKey] = deepMerge(
+              targetValue,
+              source[key]
+            );
+          }
+        }
+      } else {
+        Object.assign(output, { [key]: source[key] });
+      }
+    });
+  }
+  return output;
+}
+function isObject(item) {
+  return item !== null && typeof item === "object" && !Array.isArray(item);
+}
 
 // src/utils/validation/validationUtils.ts
 import { z as z2 } from "zod";
@@ -209,14 +260,12 @@ var nameSchema = z.string().min(1, "Name is required").max(100, "Name too long")
 var phoneSchema = z.string().regex(/^[\+]?[1-9][\d]{0,15}$/, "Invalid phone number format");
 var urlSchema = z.string().url("Invalid URL format");
 var dateSchema = z.string().regex(/^\d{4}-\d{2}-\d{2}$/, "Invalid date format (YYYY-MM-DD)");
-var secureLoginSchema = z.object({
+var secureLoginSchema2 = z.object({
   email: secureEmailSchema,
   password: z.string().min(1, "Password is required")
 });
 
 // src/utils/validation/validationUtils.ts
-init_logger();
-var log = createLogger("ValidationUtils");
 function validateUserInput(schema, data, sanitizationRules) {
   return sanitizeFormData(data, schema, sanitizationRules);
 }
@@ -271,8 +320,310 @@ var dateSchema2 = z3.string().regex(/^\d{4}-\d{2}-\d{2}$/, "Date must be in YYYY
   return !isNaN(parsed.getTime());
 }, "Invalid date");
 
-// src/utils/validation/passwordSchema.ts
+// src/utils/validation/csrf.ts
+var CSRFManager = class {
+  constructor() {
+    this.tokenCache = /* @__PURE__ */ new Map();
+    this.TOKEN_EXPIRY = 30 * 60 * 1e3;
+    // 30 minutes
+    this.MAX_TOKENS_PER_SESSION = 10;
+  }
+  /**
+   * Generate a new CSRF token for the current session
+   */
+  async generateToken(sessionId) {
+    try {
+      await this.cleanupExpiredTokens();
+      const sessionTokens = Array.from(this.tokenCache.values()).filter((data) => data.sessionId === sessionId && !data.used);
+      if (sessionTokens.length >= this.MAX_TOKENS_PER_SESSION) {
+        const oldest = sessionTokens.sort((a, b) => a.timestamp - b.timestamp)[0];
+        this.tokenCache.delete(oldest.token);
+      }
+      const tokenBytes = new Uint8Array(32);
+      crypto.getRandomValues(tokenBytes);
+      const token = Array.from(
+        tokenBytes,
+        (byte) => byte.toString(16).padStart(2, "0")
+      ).join("");
+      const tokenData = {
+        token,
+        sessionId,
+        timestamp: Date.now(),
+        used: false
+      };
+      this.tokenCache.set(token, tokenData);
+      await this.persistTokens();
+      return token;
+    } catch (error) {
+      throw new Error("CSRF token generation failed");
+    }
+  }
+  /**
+   * Validate and consume a CSRF token
+   */
+  async validateToken(token, sessionId) {
+    try {
+      if (this.tokenCache.size === 0) {
+        await this.loadTokens();
+      }
+      const tokenData = this.tokenCache.get(token);
+      if (!tokenData) {
+        return false;
+      }
+      if (tokenData.sessionId !== sessionId) {
+        return false;
+      }
+      if (tokenData.used) {
+        return false;
+      }
+      if (Date.now() - tokenData.timestamp > this.TOKEN_EXPIRY) {
+        this.tokenCache.delete(token);
+        await this.persistTokens();
+        return false;
+      }
+      tokenData.used = true;
+      this.tokenCache.set(token, tokenData);
+      await this.persistTokens();
+      return true;
+    } catch (error) {
+      return false;
+    }
+  }
+  /**
+   * Get current valid token for session
+   */
+  async getCurrentToken(sessionId) {
+    if (this.tokenCache.size === 0) {
+      await this.loadTokens();
+    }
+    for (const [token, data] of this.tokenCache.entries()) {
+      if (data.sessionId === sessionId && !data.used && Date.now() - data.timestamp < this.TOKEN_EXPIRY) {
+        return token;
+      }
+    }
+    return await this.generateToken(sessionId);
+  }
+  /**
+   * Clean up expired and used tokens
+   */
+  async cleanupExpiredTokens() {
+    const now = Date.now();
+    const expiredTokens = [];
+    for (const [token, data] of this.tokenCache.entries()) {
+      if (data.used || now - data.timestamp > this.TOKEN_EXPIRY) {
+        expiredTokens.push(token);
+      }
+    }
+    expiredTokens.forEach((token) => this.tokenCache.delete(token));
+    if (expiredTokens.length > 0) {
+      await this.persistTokens();
+    }
+  }
+  /**
+   * Persist tokens to secure storage
+   */
+  async persistTokens() {
+    try {
+      const tokensArray = Array.from(this.tokenCache.entries());
+      await secureStorage.setItem(
+        "csrf_tokens",
+        JSON.stringify(tokensArray),
+        { encrypt: true, expiry: this.TOKEN_EXPIRY }
+      );
+    } catch (error) {
+    }
+  }
+  /**
+   * Load tokens from secure storage
+   */
+  async loadTokens() {
+    try {
+      const tokensData = await secureStorage.getItem("csrf_tokens");
+      if (tokensData) {
+        const tokensArray = JSON.parse(tokensData);
+        this.tokenCache = new Map(tokensArray);
+        await this.cleanupExpiredTokens();
+      }
+    } catch (error) {
+      this.tokenCache.clear();
+    }
+  }
+  /**
+   * Clear all tokens for session
+   */
+  async clearSession(sessionId) {
+    const tokensToRemove = [];
+    for (const [token, data] of this.tokenCache.entries()) {
+      if (data.sessionId === sessionId) {
+        tokensToRemove.push(token);
+      }
+    }
+    tokensToRemove.forEach((token) => this.tokenCache.delete(token));
+    await this.persistTokens();
+  }
+};
+var csrfManager = new CSRFManager();
+async function generateCSRFToken(sessionId) {
+  return csrfManager.generateToken(sessionId);
+}
+async function validateCSRFToken(token, sessionId) {
+  return csrfManager.validateToken(token, sessionId);
+}
+async function getCSRFToken(sessionId) {
+  return csrfManager.getCurrentToken(sessionId);
+}
+
+// src/utils/validation/sqlInjectionProtection.ts
 import { z as z4 } from "zod";
+var SQL_INJECTION_PATTERNS = [
+  /(\b(SELECT|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER|EXEC|EXECUTE|UNION|SCRIPT|JAVASCRIPT)\b)/i,
+  /(\'|(\\\')|(\'\')|(\"|(\\\")|(\\")))|(\\x)|(\\u)/i,
+  /((%27)|(')|(%6F)|o|(%4F)|(%72)|r|(%52))/i,
+  // '|%27|' OR
+  /((%27)|(')|(%55)|u|(%55)|(%4E)|n|(%4E)|(%49)|i|(%49)|(%4F)|o|(%4F)|(%4E)|n|(%4E))/i,
+  // '|%27|' UNION
+  /((%3D)|(=))[^\n]*((%27)|(')|((\\x27))|((\\x2D))|((\\x23)))/i,
+  /(w*((%27)|(')|(%6F)|o|(%4F)|(%72)|r|(%52)))/i,
+  /((%27)|(')|(''))+union/i,
+  /exec(\+|\s)+(s|x)p\w+/i,
+  /\b(and|or)\b.+?(=|<|>|\bin\b|\blike\b)/i,
+  /\bunion\b.+?\bselect\b/i,
+  /\bdrop\b.+?\btable\b/i,
+  /\binsert\b.+?\binto\b/i,
+  /\bdelete\b.+?\bfrom\b/i,
+  /\bupdate\b.+?\bset\b/i,
+  /(;|(\\x3B)).+?(drop|create|alter|exec|execute|insert|update|delete)/i,
+  /(%3B|;).+?(%44|%64|d)(%52|%72|r)(%4F|%6F|o)(%50|%70|p)/i
+];
+var DANGEROUS_CHARS = /[';\"\\%]/g;
+var searchQuerySchema = z4.string().max(500, "Search query too long").refine(
+  (query) => {
+    return !SQL_INJECTION_PATTERNS.some((pattern) => pattern.test(query));
+  },
+  "Invalid characters detected in search query"
+).transform((query) => sanitizeSearchQuery(query));
+var sqlIdentifierSchema = z4.string().min(1, "Identifier cannot be empty").max(63, "Identifier too long").regex(/^[a-zA-Z_][a-zA-Z0-9_]*$/, "Invalid identifier format").refine(
+  (identifier) => {
+    const reservedWords = [
+      "SELECT",
+      "INSERT",
+      "UPDATE",
+      "DELETE",
+      "DROP",
+      "CREATE",
+      "ALTER",
+      "FROM",
+      "WHERE",
+      "JOIN",
+      "UNION",
+      "ORDER",
+      "GROUP",
+      "HAVING"
+    ];
+    return !reservedWords.includes(identifier.toUpperCase());
+  },
+  "Identifier cannot be a reserved SQL keyword"
+);
+var orderBySchema = z4.string().regex(/^[a-zA-Z_][a-zA-Z0-9_]*(\s+(ASC|DESC|asc|desc))?$/, "Invalid order by format");
+var limitOffsetSchema = z4.number().int("Must be an integer").min(0, "Must be non-negative").max(1e3, "Limit too large");
+function sanitizeSearchQuery(query) {
+  return query.replace(DANGEROUS_CHARS, "").replace(/\s+/g, " ").trim().slice(0, 500);
+}
+function escapeLikeQuery(query) {
+  return query.replace(/\\/g, "\\\\").replace(/%/g, "\\%").replace(/_/g, "\\_");
+}
+function sanitizeFilters(filters) {
+  const sanitized = {};
+  for (const [key, value] of Object.entries(filters)) {
+    const keyValidation = sqlIdentifierSchema.safeParse(key);
+    if (!keyValidation.success) {
+      console.warn(`[SECURITY] Invalid filter key detected and removed: ${key}`);
+      continue;
+    }
+    if (typeof value === "string") {
+      const valueValidation = searchQuerySchema.safeParse(value);
+      if (valueValidation.success) {
+        sanitized[key] = valueValidation.data;
+      }
+    } else if (typeof value === "number") {
+      if (Number.isFinite(value)) {
+        sanitized[key] = value;
+      }
+    } else if (typeof value === "boolean") {
+      sanitized[key] = value;
+    } else if (Array.isArray(value)) {
+      const sanitizedArray = value.filter((item) => typeof item === "string" || typeof item === "number").map((item) => typeof item === "string" ? sanitizeSearchQuery(item) : item).slice(0, 100);
+      if (sanitizedArray.length > 0) {
+        sanitized[key] = sanitizedArray;
+      }
+    }
+  }
+  return sanitized;
+}
+function buildSafeQueryParams(params) {
+  const safe = {};
+  if (params.select) {
+    const selectFields = params.select.split(",").map((field) => field.trim());
+    const validFields = selectFields.filter((field) => {
+      return sqlIdentifierSchema.safeParse(field).success;
+    });
+    if (validFields.length > 0) {
+      safe.select = validFields.join(", ");
+    }
+  }
+  if (params.filters) {
+    safe.filters = sanitizeFilters(params.filters);
+  }
+  if (params.orderBy) {
+    const orderByValidation = orderBySchema.safeParse(params.orderBy);
+    if (orderByValidation.success) {
+      safe.orderBy = orderByValidation.data;
+    }
+  }
+  if (params.limit !== void 0) {
+    const limitValidation = limitOffsetSchema.safeParse(params.limit);
+    if (limitValidation.success) {
+      safe.limit = limitValidation.data;
+    }
+  }
+  if (params.offset !== void 0) {
+    const offsetValidation = limitOffsetSchema.safeParse(params.offset);
+    if (offsetValidation.success) {
+      safe.offset = offsetValidation.data;
+    }
+  }
+  if (params.search) {
+    const searchValidation = searchQuerySchema.safeParse(params.search);
+    if (searchValidation.success) {
+      safe.search = searchValidation.data;
+    }
+  }
+  return safe;
+}
+function detectSQLInjection(input) {
+  const detectedPatterns = [];
+  let maxRisk = "low";
+  SQL_INJECTION_PATTERNS.forEach((pattern, index) => {
+    if (pattern.test(input)) {
+      detectedPatterns.push(`Pattern ${index + 1}`);
+      if (index < 3) {
+        maxRisk = "critical";
+      } else if (index < 7 && maxRisk !== "critical") {
+        maxRisk = "high";
+      } else if (index < 12 && !["critical", "high"].includes(maxRisk)) {
+        maxRisk = "medium";
+      }
+    }
+  });
+  return {
+    isSuspicious: detectedPatterns.length > 0,
+    patterns: detectedPatterns,
+    riskLevel: maxRisk
+  };
+}
+
+// src/utils/validation/passwordSchema.ts
+import { z as z5 } from "zod";
 var COMMON_PASSWORDS = /* @__PURE__ */ new Set([
   "password",
   "123456",
@@ -295,7 +646,7 @@ var WEAK_PATTERNS = [
   /^(abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|klm|lmn|mno|nop|opq|pqr|qrs|rst|stu|tuv|uvw|vwx|wxy|xyz)+/i
   // Sequential letters
 ];
-var securePasswordSchema = z4.string().min(8, "Password must be at least 8 characters long").max(128, "Password must not exceed 128 characters").refine(
+var securePasswordSchema2 = z5.string().min(8, "Password must be at least 8 characters long").max(128, "Password must not exceed 128 characters").refine(
   (password) => /[a-z]/.test(password),
   "Password must contain at least one lowercase letter"
 ).refine(
@@ -322,13 +673,67 @@ var securePasswordSchema = z4.string().min(8, "Password must be at least 8 chara
   },
   "Password contains keyboard patterns. Please choose a more secure password"
 );
-var passwordSchema2 = z4.string().min(6, "Password must be at least 6 characters long").max(128, "Password must not exceed 128 characters");
+var passwordSchema2 = z5.string().min(6, "Password must be at least 6 characters long").max(128, "Password must not exceed 128 characters");
+function calculatePasswordStrength(password) {
+  let score = 0;
+  const feedback = [];
+  if (password.length >= 8) score += 20;
+  else if (password.length >= 6) score += 10;
+  else feedback.push("Use at least 8 characters");
+  if (/[a-z]/.test(password)) score += 15;
+  else feedback.push("Add lowercase letters");
+  if (/[A-Z]/.test(password)) score += 15;
+  else feedback.push("Add uppercase letters");
+  if (/\d/.test(password)) score += 15;
+  else feedback.push("Add numbers");
+  if (/[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(password)) score += 15;
+  else feedback.push("Add special characters");
+  if (password.length >= 12) score += 10;
+  if (/[^a-zA-Z0-9]/.test(password)) score += 10;
+  if (COMMON_PASSWORDS.has(password.toLowerCase())) {
+    score -= 30;
+    feedback.push("Avoid common passwords");
+  }
+  if (WEAK_PATTERNS.some((pattern) => pattern.test(password))) {
+    score -= 20;
+    feedback.push("Avoid predictable patterns");
+  }
+  let level;
+  if (score < 30) level = "very-weak";
+  else if (score < 50) level = "weak";
+  else if (score < 70) level = "fair";
+  else if (score < 90) level = "good";
+  else level = "strong";
+  return { score: Math.max(0, Math.min(100, score)), feedback, level };
+}
+
+// src/utils/validation/user.ts
+import { z as z6 } from "zod";
+var userProfileSchema2 = z6.object({
+  name: nameSchema3,
+  email: emailSchema3,
+  phone: z6.string().optional(),
+  website: z6.string().url().optional(),
+  bio: z6.string().max(500).optional()
+});
+var userSettingsSchema = z6.object({
+  notifications: z6.object({
+    email: z6.boolean(),
+    push: z6.boolean()
+  }),
+  language: z6.string()
+});
+var userPreferencesSchema = z6.object({
+  displayName: nameSchema3,
+  timezone: z6.string(),
+  dateFormat: z6.string(),
+  currency: z6.string()
+});
 
 // src/utils/security/security.ts
-init_logger();
-var log2 = createLogger("Security");
+var log = createLogger("Security");
 function logSecurityEvent(event) {
-  log2.warn("Security event:", {
+  log.warn("Security event:", {
     ...event,
     timestamp: event.timestamp.toISOString()
   });
@@ -387,18 +792,15 @@ var securityMonitor = new SecurityMonitor();
 
 // src/constants/performance.ts
 var PERFORMANCE_THRESHOLDS = {
-  RENDER_TIME: 16,
-  // 60fps target
-  INTERACTION_TIME: 100,
-  // 100ms for interactions
-  ANIMATION_TIME: 300,
-  // 300ms for animations
-  LOAD_TIME: 1e3,
-  // 1 second for initial load
-  MEMORY_USAGE: 50 * 1024 * 1024,
-  // 50MB memory limit
-  BUNDLE_SIZE: 250 * 1024
-  // 250KB bundle size limit
+  /** Render time threshold in milliseconds */
+  RENDER_TIME: 200,
+  /** Permission check time threshold in milliseconds */
+  PERMISSION_CHECK_TIME: 110,
+  /** Memory usage increase threshold in bytes */
+  MEMORY_USAGE_INCREASE: 1024 * 1024,
+  // 1MB
+  /** Maximum acceptable re-render count */
+  RE_RENDER_COUNT: 3
 };
 
 // src/utils/performance/performanceBenchmark.ts
@@ -616,7 +1018,7 @@ function createLazyComponent(importFn, componentName, options = {}) {
   return WrappedComponent;
 }
 var LazyDataTable = createLazyComponent(
-  () => import("./DataTable-UA6CL4JI.js").then((module) => ({ default: module.DataTable })),
+  () => import("./DataTable-QAB34V6K.js").then((module) => ({ default: module.DataTable })),
   "DataTable"
 );
 
@@ -753,7 +1155,6 @@ function logAuditEvent(action, user, details) {
 }
 
 // src/utils/device/deviceFingerprint.ts
-init_secureStorage();
 function generateDeviceFingerprint() {
   try {
     const components = {
@@ -879,9 +1280,6 @@ function generateFallbackFingerprint() {
     // Low entropy for fallback
   };
 }
-
-// src/utils/index.ts
-init_organisationContext();
 export {
   CachedAppIdResolver,
   DebugLogger,
@@ -893,17 +1291,25 @@ export {
   PermissionType,
   auditLog,
   auditLogger,
+  buildSafeQueryParams,
   bundleAnalyzer,
   cachedAppIdResolver,
+  calculatePasswordStrength,
+  changePasswordSchema,
   clearOrganisationContext,
   cn,
   combineSchemas,
+  contactFormSchema,
   createLazyComponent,
   createLazyUtility,
   createLogger,
   createPerformanceBenchmark,
+  csrfManager,
+  dateSchema2 as dateSchema,
   deepMerge,
+  detectSQLInjection,
   emailSchema3 as emailSchema,
+  escapeLikeQuery,
   formatCompactNumber,
   formatCurrency,
   formatDate,
@@ -912,6 +1318,7 @@ export {
   formatNumber,
   formatPercent,
   formatTime,
+  generateCSRFToken,
   generateDeviceFingerprint,
   getAppConfig,
   getAppId,
@@ -920,6 +1327,7 @@ export {
   getAppNameFromEnvironment,
   getAppNameFromGlobal,
   getAppNameFromPackageJson,
+  getCSRFToken,
   getCurrentAppId,
   getCurrentAppName,
   getCurrentAppNameWithFallback,
@@ -941,6 +1349,7 @@ export {
   lazyDateUtils,
   lazyFormUtils,
   lazyLodash,
+  limitOffsetSchema,
   loadCSVUtils,
   loadChartUtils,
   loadDateUtils,
@@ -951,27 +1360,44 @@ export {
   logPermissionEvent,
   logSecurityEvent2 as logSecurityEvent,
   logger,
+  loginSchema,
   matchesPattern,
   measureRenderPerformance,
   nameSchema3 as nameSchema,
+  orderBySchema,
   parsePermission,
+  passwordResetSchema,
   passwordSchema2 as passwordSchema,
   performanceBudgetMonitor,
   phoneSchema3 as phoneSchema,
   pickSchema,
+  registrationSchema,
+  renderSafeHtml,
+  sanitizeFilters,
   sanitizeFormData,
+  sanitizeHtml,
+  sanitizeSearchQuery,
   sanitizeUserInput,
+  searchQuerySchema,
+  secureLoginSchema,
+  securePasswordSchema,
   securityMonitor,
   setAppConfig,
   setOrganisationContext,
   setRBACAppName,
+  sqlIdentifierSchema,
   trackDynamicImport,
   transformPermissionMapToBoolean,
   urlSchema3 as urlSchema,
   useComponentPerformance,
   useSessionTracking,
+  userPreferencesSchema,
+  userProfileSchema,
+  userSettingsSchema,
   usernameSchema,
+  validateCSRFToken,
   validateDeviceFingerprint,
+  validateHtml,
   validateImportPattern,
   validateSecurityHeaders,
   validateUserInput