@jmruthers/pace-core 0.5.183 → 0.5.185

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/providers/OrganisationProvider.tsx","../src/components/InactivityWarningModal/InactivityWarningModal.tsx","../src/hooks/useInactivityTracker.ts","../src/utils/security/secureDataAccess.ts"],"sourcesContent":["/**\n * @file Organisation Provider\n * @package @jmruthers/pace-core\n * @module Providers\n * @since 0.1.0\n *\n * React provider for organisation context.\n * This is a convenience wrapper around OrganisationServiceProvider that\n * automatically gets auth context from UnifiedAuthProvider.\n * \n * Note: If you're using UnifiedAuthProvider, it already includes\n * OrganisationServiceProvider internally, so this component is mainly\n * for backward compatibility or standalone usage.\n */\n\nimport React from 'react';\nimport { useUnifiedAuth } from '../providers/services/UnifiedAuthProvider';\nimport { OrganisationServiceProvider } from './services/OrganisationServiceProvider';\nimport type { OrganisationProviderProps as BaseOrganisationProviderProps } from '../types/organisation';\n\nexport interface OrganisationProviderProps extends BaseOrganisationProviderProps {\n  children: React.ReactNode;\n  requireOrganisationContext?: boolean;\n  autoSelectPrimaryOrganisation?: boolean;\n  onOrganisationChange?: (organisation: any) => void;\n}\n\n/**\n * OrganisationProvider component\n * \n * Wraps OrganisationServiceProvider and automatically gets auth context.\n * \n * @example\n * ```tsx\n * <UnifiedAuthProvider supabaseClient={supabase} appName=\"my-app\">\n *   <OrganisationProvider>\n *     <App />\n *   </OrganisationProvider>\n * </UnifiedAuthProvider>\n * ```\n */\nexport function OrganisationProvider({ \n  children,\n  requireOrganisationContext,\n  autoSelectPrimaryOrganisation,\n  onOrganisationChange\n}: OrganisationProviderProps) {\n  // Get auth context from UnifiedAuthProvider\n  const authContext = useUnifiedAuth();\n  \n  // If we're inside UnifiedAuthProvider, it already includes OrganisationServiceProvider\n  // So we can just pass through the children\n  // However, if the auth context is not available, we need to handle that\n  if (!authContext) {\n    // If no auth context, we can't provide organisation service\n    // This might happen if used outside UnifiedAuthProvider\n    // In that case, we should probably throw an error or show a message\n    console.warn('OrganisationProvider: No auth context available. Make sure OrganisationProvider is used inside UnifiedAuthProvider.');\n    return <>{children}</>;\n  }\n\n  const { supabase, user, session } = authContext;\n\n  // Wrap with OrganisationServiceProvider\n  // Note: The props like requireOrganisationContext, autoSelectPrimaryOrganisation\n  // are handled by the OrganisationService internally, not by the provider\n  // Note: supabase is mapped to supabaseClient for OrganisationServiceProvider\n  if (!supabase) {\n    console.warn('OrganisationProvider: No supabase client available.');\n    return <>{children}</>;\n  }\n\n  return (\n    <OrganisationServiceProvider\n      supabaseClient={supabase}\n      user={user}\n      session={session}\n    >\n      {children}\n    </OrganisationServiceProvider>\n  );\n}\n\n","/**\n * @file Inactivity Warning Modal\n * @package @jmruthers/pace-core\n * @module Components/InactivityWarningModal\n * @since 0.1.0\n *\n * A modal dialog that warns users about impending auto-logout due to inactivity.\n * Provides a countdown timer and action buttons to either stay signed in or sign out immediately.\n *\n * Features:\n * - Accessible modal dialog with focus management\n * - Live countdown timer with 1-second updates\n * - Clear action buttons (Stay Signed In / Sign Out Now)\n * - Keyboard navigation support (Escape to stay signed in)\n * - Cross-tab awareness and synchronization\n * - Tailwind v4 styling with pace-core theme tokens\n * - Production-safe with no arbitrary bracket classes\n *\n * @example\n * ```tsx\n * <InactivityWarningModal\n *   isOpen={showWarning}\n *   timeRemaining={45}\n *   onStaySignedIn={() => setShowWarning(false)}\n *   onSignOutNow={() => signOut()}\n * />\n * ```\n *\n * @accessibility\n * - WCAG 2.1 AA compliant\n * - Focus trap within modal content\n * - Screen reader announcements for countdown changes\n * - Keyboard navigation support\n * - Clear visual hierarchy and contrast\n * - Escape key to stay signed in (safe default)\n *\n * @performance\n * - Efficient countdown updates (1-second intervals)\n * - Minimal re-renders with stable references\n * - Memory leak prevention with cleanup\n * - Optimized timer management\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - Dialog components - Modal functionality\n * - Tailwind CSS v4 - Styling\n */\n\nimport React, { useEffect, useState, useCallback } from 'react';\nimport { Dialog, DialogContent, DialogHeader, DialogTitle, DialogDescription } from '../Dialog/Dialog';\nimport { Button } from '../Button/Button';\nimport { Clock, AlertTriangle } from 'lucide-react';\nimport { cn } from '../../utils/core/cn';\n\nexport interface InactivityWarningModalProps {\n  /** Whether the modal is open */\n  isOpen: boolean;\n  /** Time remaining in seconds before auto-logout */\n  timeRemaining: number;\n  /** Callback when user chooses to stay signed in */\n  onStaySignedIn: () => void;\n  /** Callback when user chooses to sign out immediately */\n  onSignOutNow: () => void;\n  /** Optional custom title */\n  title?: string;\n  /** Optional custom description */\n  description?: string;\n  /** Optional custom className */\n  className?: string;\n}\n\nexport function InactivityWarningModal({\n  isOpen,\n  timeRemaining,\n  onStaySignedIn,\n  onSignOutNow,\n  title = \"Session Timeout Warning\",\n  description = \"You've been inactive for a while. Your session will expire soon for security reasons.\",\n  className\n}: InactivityWarningModalProps) {\n  const [displayTime, setDisplayTime] = useState(timeRemaining);\n\n  // Update display time when timeRemaining prop changes\n  useEffect(() => {\n    setDisplayTime(timeRemaining);\n  }, [timeRemaining]);\n\n  // Format time for display (MM:SS)\n  const formatTime = useCallback((seconds: number) => {\n    const mins = Math.floor(seconds / 60);\n    const secs = seconds % 60;\n    return `${mins.toString().padStart(2, '0')}:${secs.toString().padStart(2, '0')}`;\n  }, []);\n\n  return (\n    <Dialog open={isOpen} onOpenChange={(open) => !open && onStaySignedIn()}>\n      <DialogContent \n        className={cn(\"sm:max-w-md\", className)}\n        preventCloseOnEscape={false}\n        preventCloseOnOutsideClick={true}\n        data-testid=\"inactivity-warning-modal\"\n      >\n        <DialogHeader>\n          <div className=\"flex items-center gap-3\">\n            <div className=\"flex-shrink-0\">\n              <AlertTriangle className=\"h-6 w-6 text-acc-600\" />\n            </div>\n            <div>\n              <DialogTitle className=\"text-lg font-semibold text-main-900\">\n                {title}\n              </DialogTitle>\n            </div>\n          </div>\n          <DialogDescription className=\"text-main-700 mt-2\">\n            {description}\n          </DialogDescription>\n        </DialogHeader>\n\n        <div className=\"space-y-6\">\n          {/* Countdown Timer */}\n          <div className=\"text-center\">\n            <div className=\"inline-flex items-center gap-2 px-4 py-3 bg-acc-50 border border-acc-200 rounded-lg\">\n              <Clock className=\"h-5 w-5 text-acc-600\" />\n              <span className=\"text-2xl font-mono font-bold text-acc-700\">\n                {formatTime(displayTime)}\n              </span>\n            </div>\n            <p className=\"text-sm text-main-600 mt-2\">\n              Time remaining before automatic logout\n            </p>\n          </div>\n\n          {/* Action Buttons */}\n          <div className=\"flex flex-col sm:flex-row gap-3\">\n            <Button\n              onClick={onStaySignedIn}\n              className=\"flex-1 bg-main-600 hover:bg-main-700 text-main-50\"\n              size=\"lg\"\n            >\n              Stay Signed In\n            </Button>\n            <Button\n              onClick={onSignOutNow}\n              variant=\"outline\"\n              className=\"flex-1 border-acc-300 text-acc-700 hover:bg-acc-50\"\n              size=\"lg\"\n            >\n              Sign Out Now\n            </Button>\n          </div>\n\n          {/* Additional Info */}\n          <div className=\"text-xs text-main-500 text-center\">\n            <p>\n              For security reasons, you'll be automatically signed out after 30 minutes of inactivity.\n            </p>\n          </div>\n        </div>\n      </DialogContent>\n    </Dialog>\n  );\n}\n","/**\n * @file Inactivity Tracker Hook\n * @package @jmruthers/pace-core\n * @module Hooks/useInactivityTracker\n * @since 0.1.0\n *\n * A custom hook that tracks user inactivity and provides cross-tab synchronization.\n * Monitors various user interactions and manages inactivity timers with persistence.\n *\n * Features:\n * - Cross-tab synchronization using BroadcastChannel and localStorage\n * - Monitors keyboard, mouse, touch, scroll, and focus events\n * - Throttled event handling for performance\n * - Persistence of last activity time across page reloads\n * - SSR-safe implementation with proper cleanup\n * - Configurable timeout and warning thresholds\n * - Production-safe with dev-only escape hatches\n *\n * @example\n * ```tsx\n * const {\n *   isIdle,\n *   timeRemaining,\n *   showWarning,\n *   resetActivity,\n *   startTracking,\n *   stopTracking\n * } = useInactivityTracker({\n *   idleTimeoutMs: 30 * 60 * 1000, // 30 minutes\n *   warnBeforeMs: 60 * 1000, // 1 minute\n *   onIdle: () => console.log('User is idle'),\n *   onWarning: () => console.log('Warning should show'),\n *   onActivity: () => console.log('User is active')\n * });\n * ```\n *\n * @accessibility\n * - No direct accessibility concerns (utility hook)\n * - Enables accessible inactivity warnings\n * - Supports screen reader friendly countdowns\n * - Maintains focus management during warnings\n *\n * @performance\n * - Throttled event handling (100ms intervals)\n * - Efficient timer management with cleanup\n * - Minimal re-renders with stable references\n * - Memory leak prevention\n * - Cross-tab optimization\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - Browser APIs - BroadcastChannel, localStorage, timers\n */\n\nimport { useState, useEffect, useCallback, useRef } from 'react';\nimport { logger } from '../utils/core/logger';\n\nexport interface UseInactivityTrackerOptions {\n  /** Timeout in milliseconds before user is considered idle (default: 30 minutes) */\n  idleTimeoutMs?: number;\n  /** Time in milliseconds before idle timeout to show warning (default: 60 seconds) */\n  warnBeforeMs?: number;\n  /** Callback when user becomes idle */\n  onIdle?: () => void;\n  /** Callback when warning should be shown */\n  onWarning?: () => void;\n  /** Callback when user becomes active again */\n  onActivity?: () => void;\n  /** Whether tracking is enabled (default: true) */\n  enabled?: boolean;\n  /** Storage key for persistence (default: 'pace-core-inactivity') */\n  storageKey?: string;\n  /** Broadcast channel name for cross-tab sync (default: 'pace-core-inactivity') */\n  channelName?: string;\n}\n\nexport interface UseInactivityTrackerReturn {\n  /** Whether the user is currently idle */\n  isIdle: boolean;\n  /** Time remaining in milliseconds before idle timeout */\n  timeRemaining: number;\n  /** Whether warning should be shown */\n  showWarning: boolean;\n  /** Reset the activity timer */\n  resetActivity: () => void;\n  /** Start tracking inactivity */\n  startTracking: () => void;\n  /** Stop tracking inactivity */\n  stopTracking: () => void;\n  /** Whether tracking is currently active */\n  isTracking: boolean;\n}\n\n// Events that indicate user activity\nconst ACTIVITY_EVENTS = [\n  'mousedown',\n  'mousemove',\n  'mouseup',\n  'click',\n  'scroll',\n  'wheel',\n  'touchstart',\n  'touchmove',\n  'touchend',\n  'keydown',\n  'keyup',\n  'keypress',\n  'focus',\n  'blur',\n  'visibilitychange'\n] as const;\n\n// Throttle function to limit event handler frequency\nfunction throttle<T extends (...args: any[]) => void>(\n  func: T,\n  limit: number\n): (...args: Parameters<T>) => void {\n  let inThrottle: boolean;\n  return function (this: any, ...args: Parameters<T>) {\n    if (!inThrottle) {\n      func.apply(this, args);\n      inThrottle = true;\n      setTimeout(() => (inThrottle = false), limit);\n    }\n  };\n}\n\nexport function useInactivityTracker({\n  idleTimeoutMs = 30 * 60 * 1000, // 30 minutes\n  warnBeforeMs = 60 * 1000, // 1 minute\n  onIdle,\n  onWarning,\n  onActivity,\n  enabled = true,\n  storageKey = 'pace-core-inactivity',\n  channelName = 'pace-core-inactivity'\n}: UseInactivityTrackerOptions = {}): UseInactivityTrackerReturn {\n  const [isIdle, setIsIdle] = useState(false);\n  const [timeRemaining, setTimeRemaining] = useState(idleTimeoutMs);\n  const [showWarning, setShowWarning] = useState(false);\n  const [isTracking, setIsTracking] = useState(false);\n\n  // Reset tracking state when enabled changes\n  useEffect(() => {\n    if (!enabled) {\n      setIsTracking(false);\n      setIsIdle(false);\n      setShowWarning(false);\n      setTimeRemaining(idleTimeoutMs);\n    }\n  }, [enabled, idleTimeoutMs]);\n\n  const timeoutRef = useRef<NodeJS.Timeout | null>(null);\n  const warningTimeoutRef = useRef<NodeJS.Timeout | null>(null);\n  const countdownIntervalRef = useRef<NodeJS.Timeout | null>(null);\n  const lastActivityRef = useRef<number>(Date.now());\n  const channelRef = useRef<BroadcastChannel | null>(null);\n\n  // Clear all timers\n  const clearTimers = useCallback(() => {\n    if (timeoutRef.current) {\n      clearTimeout(timeoutRef.current);\n      timeoutRef.current = null;\n    }\n    if (warningTimeoutRef.current) {\n      clearTimeout(warningTimeoutRef.current);\n      warningTimeoutRef.current = null;\n    }\n    if (countdownIntervalRef.current) {\n      clearInterval(countdownIntervalRef.current);\n      countdownIntervalRef.current = null;\n    }\n  }, []);\n\n  // Reset activity and restart timers\n  const resetActivity = useCallback((skipActivityCallback = false) => {\n    if (!enabled) return;\n\n    const now = Date.now();\n    lastActivityRef.current = now;\n\n    // Clear existing timers\n    clearTimers();\n\n    // Reset state\n    setIsIdle(false);\n    setShowWarning(false);\n    setTimeRemaining(idleTimeoutMs);\n\n    // Notify activity callback (unless skipped for initial setup)\n    if (!skipActivityCallback) {\n      onActivity?.();\n    }\n\n    // Set up warning timer\n    const warningTime = idleTimeoutMs - warnBeforeMs;\n    if (warningTime > 0) {\n      warningTimeoutRef.current = setTimeout(() => {\n        setShowWarning(true);\n        onWarning?.();\n      }, warningTime);\n    }\n\n    // Set up idle timeout\n    timeoutRef.current = setTimeout(() => {\n      setIsIdle(true);\n      onIdle?.();\n    }, idleTimeoutMs);\n\n    // Start countdown interval for time remaining\n    countdownIntervalRef.current = setInterval(() => {\n      const elapsed = Date.now() - lastActivityRef.current;\n      const remaining = Math.max(0, idleTimeoutMs - elapsed);\n      setTimeRemaining(remaining);\n\n      if (remaining === 0) {\n        clearTimers();\n      }\n    }, 1000);\n\n    // Persist activity time\n    try {\n      localStorage.setItem(storageKey, now.toString());\n    } catch (error) {\n      logger.warn('useInactivityTracker', 'Failed to persist activity time:', error);\n    }\n\n    // Broadcast activity to other tabs\n    try {\n      if (channelRef.current) {\n        channelRef.current.postMessage({ type: 'activity', timestamp: now });\n      }\n    } catch (error) {\n      logger.warn('useInactivityTracker', 'Failed to broadcast activity:', error);\n    }\n  }, [enabled, idleTimeoutMs, warnBeforeMs, onIdle, onWarning, onActivity, storageKey, clearTimers]);\n\n  // Start tracking\n  const startTracking = useCallback(() => {\n    if (!enabled) return;\n\n    // Always reset state and start fresh\n    setIsTracking(false);\n    setIsIdle(false);\n    setShowWarning(false);\n    setTimeRemaining(idleTimeoutMs);\n    \n    // Clear any existing timers\n    clearTimers();\n    \n    setIsTracking(true);\n\n    // Set up cross-tab communication\n    try {\n      if (typeof BroadcastChannel !== 'undefined') {\n        channelRef.current = new BroadcastChannel(channelName);\n        channelRef.current.onmessage = (event) => {\n          if (event.data.type === 'activity') {\n            lastActivityRef.current = event.data.timestamp;\n            resetActivity();\n          }\n        };\n      }\n    } catch (error) {\n      logger.warn('useInactivityTracker', 'Failed to set up cross-tab communication:', error);\n    }\n\n    // Check for persisted activity time\n    try {\n      const persistedTime = localStorage.getItem(storageKey);\n      if (persistedTime) {\n        const persistedTimestamp = parseInt(persistedTime, 10);\n        const elapsed = Date.now() - persistedTimestamp;\n        \n        if (elapsed < idleTimeoutMs) {\n          // User was active recently, continue from where we left off\n          lastActivityRef.current = persistedTimestamp;\n          const remaining = idleTimeoutMs - elapsed;\n          setTimeRemaining(remaining);\n          \n          if (remaining <= warnBeforeMs) {\n            setShowWarning(true);\n            onWarning?.();\n          }\n          \n          if (remaining <= 0) {\n            setIsIdle(true);\n            onIdle?.();\n            return;\n          }\n        }\n      }\n    } catch (error) {\n      logger.warn('useInactivityTracker', 'Failed to check persisted activity time:', error);\n    }\n\n    // Set up throttled activity handler\n    const throttledResetActivity = throttle((event) => {\n      resetActivity();\n    }, 100);\n\n    // Add event listeners\n    const addEventListeners = () => {\n      ACTIVITY_EVENTS.forEach(event => {\n        document.addEventListener(event, throttledResetActivity, { passive: true });\n      });\n    };\n\n    // Remove event listeners\n    const removeEventListeners = () => {\n      ACTIVITY_EVENTS.forEach(event => {\n        document.removeEventListener(event, throttledResetActivity);\n      });\n    };\n\n    // Add listeners\n    addEventListeners();\n\n    // Start the timer (skip activity callback for initial setup)\n    resetActivity(true);\n\n    // Cleanup function\n    return () => {\n      removeEventListeners();\n      clearTimers();\n      if (channelRef.current) {\n        channelRef.current.close();\n        channelRef.current = null;\n      }\n    };\n  }, [enabled, isTracking, channelName, storageKey, idleTimeoutMs, warnBeforeMs, onIdle, onWarning]);\n\n  // Stop tracking\n  const stopTracking = useCallback(() => {\n    setIsTracking(false);\n    clearTimers();\n    \n    if (channelRef.current) {\n      channelRef.current.close();\n      channelRef.current = null;\n    }\n  }, [clearTimers]);\n\n  // Effect to start/stop tracking based on enabled state\n  useEffect(() => {\n    if (enabled) {\n      const cleanup = startTracking();\n      return cleanup;\n    } else {\n      stopTracking();\n    }\n  }, [enabled, idleTimeoutMs, warnBeforeMs]);\n\n  // Cleanup on unmount\n  useEffect(() => {\n    return () => {\n      clearTimers();\n      if (channelRef.current) {\n        channelRef.current.close();\n      }\n    };\n  }, [clearTimers]);\n\n  return {\n    isIdle,\n    timeRemaining,\n    showWarning,\n    resetActivity,\n    startTracking,\n    stopTracking,\n    isTracking\n  };\n}\n","/**\n * @file Secure Data Access Utility\n * @package @jmruthers/pace-core\n * @module Utils/SecureDataAccess\n * @since 0.4.0\n *\n * Secure data access utilities that enforce organisation context for all database operations.\n * Prevents data leakage between organisations and ensures proper access validation.\n */\n\nimport type { SupabaseClient } from '@supabase/supabase-js';\n\n// Generic database record type\nexport interface DatabaseRecord {\n  id: string;\n  organisation_id: string;\n  [key: string]: unknown;\n}\n\n// Generic data for insert/update operations\nexport interface DatabaseData {\n  [key: string]: unknown;\n}\n\n// Generic filters for queries\nexport interface DatabaseFilters {\n  [key: string]: unknown;\n}\n\n// Secure query options\nexport interface SecureQueryOptions {\n  table: string;\n  select: string;\n  organisationId: string;\n  filters?: DatabaseFilters;\n  orderBy?: string;\n  limit?: number;\n  offset?: number;\n}\n\nexport interface SecureDataAccess {\n  // Secure query methods\n  secureQuery: <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions) => Promise<T[]>;\n  secureSingleQuery: <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions) => Promise<T | null>;\n  \n  // Secure mutation methods\n  secureInsert: <T extends DatabaseRecord = DatabaseRecord>(table: string, data: DatabaseData, organisationId: string) => Promise<T | null>;\n  secureUpdate: <T extends DatabaseRecord = DatabaseRecord>(table: string, data: DatabaseData, filters: DatabaseFilters, organisationId: string) => Promise<T | null>;\n  secureDelete: (table: string, filters: DatabaseFilters, organisationId: string) => Promise<boolean>;\n  \n  // Organisation-scoped queries\n  queryByOrganisation: <T extends DatabaseRecord = DatabaseRecord>(table: string, select: string, organisationId: string, filters?: DatabaseFilters) => Promise<T[]>;\n  \n  // Validation helpers\n  validateOrganisationContext: (organisationId: string) => void;\n  ensureOrganisationColumn: (table: string) => boolean;\n}\n\nexport interface SecureQueryBuilder {\n  table: string;\n  select: string;\n  organisationId: string;\n  filters?: DatabaseFilters;\n  orderBy?: string;\n  limit?: number;\n  offset?: number;\n}\n\n/**\n * Create a secure data access instance\n * @param supabase - Supabase client instance\n * @param organisationId - Current organisation context\n * @param isSuperAdmin - Whether user has super admin privileges\n * @returns Secure data access utilities\n */\nexport const createSecureDataAccess = (\n  supabase: SupabaseClient,\n  organisationId: string,\n  isSuperAdmin: boolean = false\n): SecureDataAccess => {\n  \n  // Validate organisation context\n  const validateOrganisationContext = (orgId: string): void => {\n    if (!orgId) {\n      throw new Error('Organisation context is required for secure data access');\n    }\n    \n    if (!isSuperAdmin && !orgId) {\n      throw new Error('Organisation context is mandatory for non-super admin users');\n    }\n  };\n\n  // Check if table has organisation_id column\n  const ensureOrganisationColumn = (table: string): boolean => {\n    // This is a simplified check - in production you might want to cache this\n    const tablesWithOrganisation = [\n      'event',  'organisation_settings',\n      'rbac_event_app_roles', 'rbac_organisation_roles',\n      // SECURITY: Phase 2 additions - complete organisation table mapping\n      'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n      // SECURITY: Emergency additions for Phase 1 fixes\n      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',\n      // SECURITY: Phase 3A additions - medical and personal data\n      'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',\n      'pace_consent', 'pace_contact', 'pace_id_documents', 'pace_qualifications',\n      'form_responses', 'form_response_values', 'forms',\n      // SECURITY: Phase 3B additions - remaining critical tables\n      'invoice', 'line_item', 'credit_balance', 'payment_method',\n      'form_contexts', 'form_field_config', 'form_fields',\n      'cake_delivery', 'cake_diettype', 'cake_diner', 'cake_dish', 'cake_item', \n      'cake_logistics', 'cake_mealplan', 'cake_package', 'cake_recipe', 'cake_supplier', \n      'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions'\n    ];\n    \n    return tablesWithOrganisation.includes(table);\n  };\n\n  // Build secure query with organisation context\n  const buildSecureQuery = (options: SecureQueryBuilder) => {\n    const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n    \n    validateOrganisationContext(orgId);\n    \n    let query = supabase\n      .from(table)\n      .select(select);\n    \n    // Add organisation filter (unless super admin)\n    if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n      query = query.eq('organisation_id', orgId);\n    }\n    \n    // Add additional filters\n    if (filters) {\n      Object.entries(filters).forEach(([key, value]) => {\n        if (value !== undefined && value !== null) {\n          // Handle qualified column names (e.g., 'users.role')\n          const columnName = key.includes('.') ? key.split('.').pop()! : key;\n          query = query.eq(columnName, value);\n        }\n      });\n    }\n    \n    // Add ordering\n    if (orderBy) {\n      // Only use the column name, not a qualified name\n      const orderByColumn = orderBy.split('.').pop();\n      if (orderByColumn) {\n        query = query.order(orderByColumn);\n      }\n    }\n    \n    // Add pagination\n    if (limit) {\n      query = query.limit(limit);\n    }\n    \n    if (offset) {\n      query = query.range(offset, offset + (limit || 10) - 1);\n    }\n    \n    return query;\n  };\n\n  // Secure query for multiple results\n  const secureQuery = async <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions): Promise<T[]> => {\n    const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n    \n    try {\n      const query = buildSecureQuery({\n        table,\n        select,\n        organisationId: orgId,\n        filters,\n        orderBy,\n        limit,\n        offset\n      });\n      \n      const { data, error } = await query;\n      \n      if (error) {\n        throw error;\n      }\n      \n      // Ensure data is an array and not an error type\n      if (Array.isArray(data)) {\n        return data as unknown as T[];\n      }\n      \n      return [];\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure query for single result\n  const secureSingleQuery = async <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions): Promise<T | null> => {\n    const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n    \n    try {\n      const query = buildSecureQuery({\n        table,\n        select,\n        organisationId: orgId,\n        filters,\n        orderBy,\n        limit,\n        offset\n      });\n      \n      const { data, error } = await query.single();\n      \n      if (error) {\n        if (error.code === 'PGRST116') {\n          // No rows returned\n          return null;\n        }\n        throw error;\n      }\n      \n      // Ensure data is not an error type\n      if (data && typeof data === 'object' && !('code' in data)) {\n        return data as unknown as T;\n      }\n      \n      return null;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure insert with organisation context\n  const secureInsert = async <T extends DatabaseRecord = DatabaseRecord>(\n    table: string, \n    data: DatabaseData, \n    organisationId: string\n  ): Promise<T | null> => {\n    validateOrganisationContext(organisationId);\n    \n    try {\n      const insertData = {\n        ...data,\n        organisation_id: organisationId\n      };\n      \n      const { data: result, error } = await supabase\n        .from(table)\n        .insert(insertData)\n        .select()\n        .single();\n      \n      if (error) {\n        throw error;\n      }\n      \n      return result;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure update with organisation context\n  const secureUpdate = async <T extends DatabaseRecord = DatabaseRecord>(\n    table: string, \n    data: DatabaseData, \n    filters: DatabaseFilters, \n    organisationId: string\n  ): Promise<T | null> => {\n    validateOrganisationContext(organisationId);\n    \n    try {\n      let query = supabase\n        .from(table)\n        .update(data);\n      \n      // Add organisation filter (unless super admin)\n      if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n        query = query.eq('organisation_id', organisationId);\n      }\n      \n      // Add additional filters\n      if (filters) {\n        Object.entries(filters).forEach(([key, value]) => {\n          if (value !== undefined && value !== null) {\n            query = query.eq(key, value);\n          }\n        });\n      }\n      \n      const { data: result, error } = await query.select().single();\n      \n      if (error) {\n        throw error;\n      }\n      \n      return result;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure delete with organisation context\n  const secureDelete = async (\n    table: string, \n    filters: DatabaseFilters, \n    organisationId: string\n  ): Promise<boolean> => {\n    validateOrganisationContext(organisationId);\n    \n    try {\n      let query = supabase\n        .from(table)\n        .delete();\n      \n      // Add organisation filter (unless super admin)\n      if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n        query = query.eq('organisation_id', organisationId);\n      }\n      \n      // Add additional filters\n      if (filters) {\n        Object.entries(filters).forEach(([key, value]) => {\n          if (value !== undefined && value !== null) {\n            query = query.eq(key, value);\n          }\n        });\n      }\n      \n      const { error } = await query;\n      \n      if (error) {\n        throw error;\n      }\n      \n      return true;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Organisation-scoped query helper\n  const queryByOrganisation = async <T extends DatabaseRecord = DatabaseRecord>(\n    table: string, \n    select: string, \n    organisationId: string, \n    filters?: DatabaseFilters\n  ): Promise<T[]> => {\n    return secureQuery<T>({\n      table,\n      select,\n      organisationId,\n      filters\n    });\n  };\n\n  return {\n    secureQuery,\n    secureSingleQuery,\n    secureInsert,\n    secureUpdate,\n    secureDelete,\n    queryByOrganisation,\n    validateOrganisationContext,\n    ensureOrganisationColumn\n  };\n};\n\n/**\n * Hook for secure data access\n * @returns Secure data access utilities\n */\nexport const useSecureDataAccess = (): SecureDataAccess => {\n  // This would typically get the context from providers\n  // For now, we'll create a placeholder that can be used with explicit parameters\n  throw new Error('useSecureDataAccess must be used with explicit parameters. Use createSecureDataAccess instead.');\n}; "],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0DW;AAjBJ,SAAS,qBAAqB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAA8B;AAE5B,QAAM,cAAc,eAAe;AAKnC,MAAI,CAAC,aAAa;AAIhB,YAAQ,KAAK,qHAAqH;AAClI,WAAO,gCAAG,UAAS;AAAA,EACrB;AAEA,QAAM,EAAE,UAAU,MAAM,QAAQ,IAAI;AAMpC,MAAI,CAAC,UAAU;AACb,YAAQ,KAAK,qDAAqD;AAClE,WAAO,gCAAG,UAAS;AAAA,EACrB;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,gBAAgB;AAAA,MAChB;AAAA,MACA;AAAA,MAEC;AAAA;AAAA,EACH;AAEJ;;;ACjCA,SAAgB,WAAW,UAAU,mBAAmB;AAGxD,SAAS,OAAO,qBAAqB;AAoD3B,SAEI,OAAAA,MAFJ;AAhCH,SAAS,uBAAuB;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,QAAQ;AAAA,EACR,cAAc;AAAA,EACd;AACF,GAAgC;AAC9B,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,aAAa;AAG5D,YAAU,MAAM;AACd,mBAAe,aAAa;AAAA,EAC9B,GAAG,CAAC,aAAa,CAAC;AAGlB,QAAMC,cAAa,YAAY,CAAC,YAAoB;AAClD,UAAM,OAAO,KAAK,MAAM,UAAU,EAAE;AACpC,UAAM,OAAO,UAAU;AACvB,WAAO,GAAG,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,EAChF,GAAG,CAAC,CAAC;AAEL,SACE,gBAAAD,KAAC,UAAO,MAAM,QAAQ,cAAc,CAAC,SAAS,CAAC,QAAQ,eAAe,GACpE;AAAA,IAAC;AAAA;AAAA,MACC,WAAW,GAAG,eAAe,SAAS;AAAA,MACtC,sBAAsB;AAAA,MACtB,4BAA4B;AAAA,MAC5B,eAAY;AAAA,MAEZ;AAAA,6BAAC,gBACC;AAAA,+BAAC,SAAI,WAAU,2BACb;AAAA,4BAAAA,KAAC,SAAI,WAAU,iBACb,0BAAAA,KAAC,iBAAc,WAAU,wBAAuB,GAClD;AAAA,YACA,gBAAAA,KAAC,SACC,0BAAAA,KAAC,eAAY,WAAU,uCACpB,iBACH,GACF;AAAA,aACF;AAAA,UACA,gBAAAA,KAAC,qBAAkB,WAAU,sBAC1B,uBACH;AAAA,WACF;AAAA,QAEA,qBAAC,SAAI,WAAU,aAEb;AAAA,+BAAC,SAAI,WAAU,eACb;AAAA,iCAAC,SAAI,WAAU,uFACb;AAAA,8BAAAA,KAAC,SAAM,WAAU,wBAAuB;AAAA,cACxC,gBAAAA,KAAC,UAAK,WAAU,6CACb,UAAAC,YAAW,WAAW,GACzB;AAAA,eACF;AAAA,YACA,gBAAAD,KAAC,OAAE,WAAU,8BAA6B,oDAE1C;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,mCACb;AAAA,4BAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,YACA,gBAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,SAAQ;AAAA,gBACR,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,aACF;AAAA,UAGA,gBAAAA,KAAC,SAAI,WAAU,qCACb,0BAAAA,KAAC,OAAE,sGAEH,GACF;AAAA,WACF;AAAA;AAAA;AAAA,EACF,GACF;AAEJ;;;AC3GA,SAAS,YAAAE,WAAU,aAAAC,YAAW,eAAAC,cAAa,cAAc;AAwCzD,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGA,SAAS,SACP,MACA,OACkC;AAClC,MAAI;AACJ,SAAO,YAAwB,MAAqB;AAClD,QAAI,CAAC,YAAY;AACf,WAAK,MAAM,MAAM,IAAI;AACrB,mBAAa;AACb,iBAAW,MAAO,aAAa,OAAQ,KAAK;AAAA,IAC9C;AAAA,EACF;AACF;AAEO,SAAS,qBAAqB;AAAA,EACnC,gBAAgB,KAAK,KAAK;AAAA;AAAA,EAC1B,eAAe,KAAK;AAAA;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAAU;AAAA,EACV,aAAa;AAAA,EACb,cAAc;AAChB,IAAiC,CAAC,GAA+B;AAC/D,QAAM,CAAC,QAAQ,SAAS,IAAIC,UAAS,KAAK;AAC1C,QAAM,CAAC,eAAe,gBAAgB,IAAIA,UAAS,aAAa;AAChE,QAAM,CAAC,aAAa,cAAc,IAAIA,UAAS,KAAK;AACpD,QAAM,CAAC,YAAY,aAAa,IAAIA,UAAS,KAAK;AAGlD,EAAAC,WAAU,MAAM;AACd,QAAI,CAAC,SAAS;AACZ,oBAAc,KAAK;AACnB,gBAAU,KAAK;AACf,qBAAe,KAAK;AACpB,uBAAiB,aAAa;AAAA,IAChC;AAAA,EACF,GAAG,CAAC,SAAS,aAAa,CAAC;AAE3B,QAAM,aAAa,OAA8B,IAAI;AACrD,QAAM,oBAAoB,OAA8B,IAAI;AAC5D,QAAM,uBAAuB,OAA8B,IAAI;AAC/D,QAAM,kBAAkB,OAAe,KAAK,IAAI,CAAC;AACjD,QAAM,aAAa,OAAgC,IAAI;AAGvD,QAAM,cAAcC,aAAY,MAAM;AACpC,QAAI,WAAW,SAAS;AACtB,mBAAa,WAAW,OAAO;AAC/B,iBAAW,UAAU;AAAA,IACvB;AACA,QAAI,kBAAkB,SAAS;AAC7B,mBAAa,kBAAkB,OAAO;AACtC,wBAAkB,UAAU;AAAA,IAC9B;AACA,QAAI,qBAAqB,SAAS;AAChC,oBAAc,qBAAqB,OAAO;AAC1C,2BAAqB,UAAU;AAAA,IACjC;AAAA,EACF,GAAG,CAAC,CAAC;AAGL,QAAM,gBAAgBA,aAAY,CAAC,uBAAuB,UAAU;AAClE,QAAI,CAAC,QAAS;AAEd,UAAM,MAAM,KAAK,IAAI;AACrB,oBAAgB,UAAU;AAG1B,gBAAY;AAGZ,cAAU,KAAK;AACf,mBAAe,KAAK;AACpB,qBAAiB,aAAa;AAG9B,QAAI,CAAC,sBAAsB;AACzB,mBAAa;AAAA,IACf;AAGA,UAAM,cAAc,gBAAgB;AACpC,QAAI,cAAc,GAAG;AACnB,wBAAkB,UAAU,WAAW,MAAM;AAC3C,uBAAe,IAAI;AACnB,oBAAY;AAAA,MACd,GAAG,WAAW;AAAA,IAChB;AAGA,eAAW,UAAU,WAAW,MAAM;AACpC,gBAAU,IAAI;AACd,eAAS;AAAA,IACX,GAAG,aAAa;AAGhB,yBAAqB,UAAU,YAAY,MAAM;AAC/C,YAAM,UAAU,KAAK,IAAI,IAAI,gBAAgB;AAC7C,YAAM,YAAY,KAAK,IAAI,GAAG,gBAAgB,OAAO;AACrD,uBAAiB,SAAS;AAE1B,UAAI,cAAc,GAAG;AACnB,oBAAY;AAAA,MACd;AAAA,IACF,GAAG,GAAI;AAGP,QAAI;AACF,mBAAa,QAAQ,YAAY,IAAI,SAAS,CAAC;AAAA,IACjD,SAAS,OAAO;AACd,aAAO,KAAK,wBAAwB,oCAAoC,KAAK;AAAA,IAC/E;AAGA,QAAI;AACF,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,YAAY,EAAE,MAAM,YAAY,WAAW,IAAI,CAAC;AAAA,MACrE;AAAA,IACF,SAAS,OAAO;AACd,aAAO,KAAK,wBAAwB,iCAAiC,KAAK;AAAA,IAC5E;AAAA,EACF,GAAG,CAAC,SAAS,eAAe,cAAc,QAAQ,WAAW,YAAY,YAAY,WAAW,CAAC;AAGjG,QAAM,gBAAgBA,aAAY,MAAM;AACtC,QAAI,CAAC,QAAS;AAGd,kBAAc,KAAK;AACnB,cAAU,KAAK;AACf,mBAAe,KAAK;AACpB,qBAAiB,aAAa;AAG9B,gBAAY;AAEZ,kBAAc,IAAI;AAGlB,QAAI;AACF,UAAI,OAAO,qBAAqB,aAAa;AAC3C,mBAAW,UAAU,IAAI,iBAAiB,WAAW;AACrD,mBAAW,QAAQ,YAAY,CAAC,UAAU;AACxC,cAAI,MAAM,KAAK,SAAS,YAAY;AAClC,4BAAgB,UAAU,MAAM,KAAK;AACrC,0BAAc;AAAA,UAChB;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,aAAO,KAAK,wBAAwB,6CAA6C,KAAK;AAAA,IACxF;AAGA,QAAI;AACF,YAAM,gBAAgB,aAAa,QAAQ,UAAU;AACrD,UAAI,eAAe;AACjB,cAAM,qBAAqB,SAAS,eAAe,EAAE;AACrD,cAAM,UAAU,KAAK,IAAI,IAAI;AAE7B,YAAI,UAAU,eAAe;AAE3B,0BAAgB,UAAU;AAC1B,gBAAM,YAAY,gBAAgB;AAClC,2BAAiB,SAAS;AAE1B,cAAI,aAAa,cAAc;AAC7B,2BAAe,IAAI;AACnB,wBAAY;AAAA,UACd;AAEA,cAAI,aAAa,GAAG;AAClB,sBAAU,IAAI;AACd,qBAAS;AACT;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,aAAO,KAAK,wBAAwB,4CAA4C,KAAK;AAAA,IACvF;AAGA,UAAM,yBAAyB,SAAS,CAAC,UAAU;AACjD,oBAAc;AAAA,IAChB,GAAG,GAAG;AAGN,UAAM,oBAAoB,MAAM;AAC9B,sBAAgB,QAAQ,WAAS;AAC/B,iBAAS,iBAAiB,OAAO,wBAAwB,EAAE,SAAS,KAAK,CAAC;AAAA,MAC5E,CAAC;AAAA,IACH;AAGA,UAAM,uBAAuB,MAAM;AACjC,sBAAgB,QAAQ,WAAS;AAC/B,iBAAS,oBAAoB,OAAO,sBAAsB;AAAA,MAC5D,CAAC;AAAA,IACH;AAGA,sBAAkB;AAGlB,kBAAc,IAAI;AAGlB,WAAO,MAAM;AACX,2BAAqB;AACrB,kBAAY;AACZ,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,MAAM;AACzB,mBAAW,UAAU;AAAA,MACvB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,SAAS,YAAY,aAAa,YAAY,eAAe,cAAc,QAAQ,SAAS,CAAC;AAGjG,QAAM,eAAeA,aAAY,MAAM;AACrC,kBAAc,KAAK;AACnB,gBAAY;AAEZ,QAAI,WAAW,SAAS;AACtB,iBAAW,QAAQ,MAAM;AACzB,iBAAW,UAAU;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,WAAW,CAAC;AAGhB,EAAAD,WAAU,MAAM;AACd,QAAI,SAAS;AACX,YAAM,UAAU,cAAc;AAC9B,aAAO;AAAA,IACT,OAAO;AACL,mBAAa;AAAA,IACf;AAAA,EACF,GAAG,CAAC,SAAS,eAAe,YAAY,CAAC;AAGzC,EAAAA,WAAU,MAAM;AACd,WAAO,MAAM;AACX,kBAAY;AACZ,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,MAAM;AAAA,MAC3B;AAAA,IACF;AAAA,EACF,GAAG,CAAC,WAAW,CAAC;AAEhB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ACzSO,IAAM,yBAAyB,CACpC,UACA,gBACA,eAAwB,UACH;AAGrB,QAAM,8BAA8B,CAAC,UAAwB;AAC3D,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,MAAM,yDAAyD;AAAA,IAC3E;AAEA,QAAI,CAAC,gBAAgB,CAAC,OAAO;AAC3B,YAAM,IAAI,MAAM,6DAA6D;AAAA,IAC/E;AAAA,EACF;AAGA,QAAM,2BAA2B,CAAC,UAA2B;AAE3D,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAU;AAAA,MACV;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA;AAAA,MAE7C;AAAA,MAAgB;AAAA,MAAkB;AAAA,MAAa;AAAA,MAAoB;AAAA,MACnE;AAAA,MAAgB;AAAA,MAAgB;AAAA,MAAqB;AAAA,MACrD;AAAA,MAAkB;AAAA,MAAwB;AAAA;AAAA,MAE1C;AAAA,MAAW;AAAA,MAAa;AAAA,MAAkB;AAAA,MAC1C;AAAA,MAAiB;AAAA,MAAqB;AAAA,MACtC;AAAA,MAAiB;AAAA,MAAiB;AAAA,MAAc;AAAA,MAAa;AAAA,MAC7D;AAAA,MAAkB;AAAA,MAAiB;AAAA,MAAgB;AAAA,MAAe;AAAA,MAClE;AAAA,MAAe;AAAA,MAAa;AAAA,MAAoB;AAAA,MAAoB;AAAA,IACtE;AAEA,WAAO,uBAAuB,SAAS,KAAK;AAAA,EAC9C;AAGA,QAAM,mBAAmB,CAAC,YAAgC;AACxD,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,gCAA4B,KAAK;AAEjC,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,MAAM;AAGhB,QAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,cAAQ,MAAM,GAAG,mBAAmB,KAAK;AAAA,IAC3C;AAGA,QAAI,SAAS;AACX,aAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,YAAI,UAAU,UAAa,UAAU,MAAM;AAEzC,gBAAM,aAAa,IAAI,SAAS,GAAG,IAAI,IAAI,MAAM,GAAG,EAAE,IAAI,IAAK;AAC/D,kBAAQ,MAAM,GAAG,YAAY,KAAK;AAAA,QACpC;AAAA,MACF,CAAC;AAAA,IACH;AAGA,QAAI,SAAS;AAEX,YAAM,gBAAgB,QAAQ,MAAM,GAAG,EAAE,IAAI;AAC7C,UAAI,eAAe;AACjB,gBAAQ,MAAM,MAAM,aAAa;AAAA,MACnC;AAAA,IACF;AAGA,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM,KAAK;AAAA,IAC3B;AAEA,QAAI,QAAQ;AACV,cAAQ,MAAM,MAAM,QAAQ,UAAU,SAAS,MAAM,CAAC;AAAA,IACxD;AAEA,WAAO;AAAA,EACT;AAGA,QAAM,cAAc,OAAkD,YAA8C;AAClH,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,QAAI;AACF,YAAM,QAAQ,iBAAiB;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAGA,UAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,eAAO;AAAA,MACT;AAEA,aAAO,CAAC;AAAA,IACV,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,oBAAoB,OAAkD,YAAmD;AAC7H,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,QAAI;AACF,YAAM,QAAQ,iBAAiB;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,MAAM,OAAO;AAE3C,UAAI,OAAO;AACT,YAAI,MAAM,SAAS,YAAY;AAE7B,iBAAO;AAAA,QACT;AACA,cAAM;AAAA,MACR;AAGA,UAAI,QAAQ,OAAO,SAAS,YAAY,EAAE,UAAU,OAAO;AACzD,eAAO;AAAA,MACT;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,MACAE,oBACsB;AACtB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,YAAM,aAAa;AAAA,QACjB,GAAG;AAAA,QACH,iBAAiBA;AAAA,MACnB;AAEA,YAAM,EAAE,MAAM,QAAQ,MAAM,IAAI,MAAM,SACnC,KAAK,KAAK,EACV,OAAO,UAAU,EACjB,OAAO,EACP,OAAO;AAEV,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,MACA,SACAA,oBACsB;AACtB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,UAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,IAAI;AAGd,UAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,gBAAQ,MAAM,GAAG,mBAAmBA,eAAc;AAAA,MACpD;AAGA,UAAI,SAAS;AACX,eAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,cAAI,UAAU,UAAa,UAAU,MAAM;AACzC,oBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,UAC7B;AAAA,QACF,CAAC;AAAA,MACH;AAEA,YAAM,EAAE,MAAM,QAAQ,MAAM,IAAI,MAAM,MAAM,OAAO,EAAE,OAAO;AAE5D,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,SACAA,oBACqB;AACrB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,UAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO;AAGV,UAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,gBAAQ,MAAM,GAAG,mBAAmBA,eAAc;AAAA,MACpD;AAGA,UAAI,SAAS;AACX,eAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,cAAI,UAAU,UAAa,UAAU,MAAM;AACzC,oBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,UAC7B;AAAA,QACF,CAAC;AAAA,MACH;AAEA,YAAM,EAAE,MAAM,IAAI,MAAM;AAExB,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,sBAAsB,OAC1B,OACA,QACAA,iBACA,YACiB;AACjB,WAAO,YAAe;AAAA,MACpB;AAAA,MACA;AAAA,MACA,gBAAAA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":["jsx","formatTime","useState","useEffect","useCallback","useState","useEffect","useCallback","organisationId"]}
+{"version":3,"sources":["../src/providers/OrganisationProvider.tsx","../src/components/InactivityWarningModal/InactivityWarningModal.tsx","../src/hooks/useInactivityTracker.ts","../src/index.ts","../src/utils/security/secureDataAccess.ts"],"sourcesContent":["/**\n * @file Organisation Provider\n * @package @jmruthers/pace-core\n * @module Providers\n * @since 0.1.0\n *\n * React provider for organisation context.\n * This is a convenience wrapper around OrganisationServiceProvider that\n * automatically gets auth context from UnifiedAuthProvider.\n * \n * Note: If you're using UnifiedAuthProvider, it already includes\n * OrganisationServiceProvider internally, so this component is mainly\n * for backward compatibility or standalone usage.\n */\n\nimport React from 'react';\nimport { useUnifiedAuth } from '../providers/services/UnifiedAuthProvider';\nimport { OrganisationServiceProvider } from './services/OrganisationServiceProvider';\nimport type { OrganisationProviderProps as BaseOrganisationProviderProps } from '../types/organisation';\n\nexport interface OrganisationProviderProps extends BaseOrganisationProviderProps {\n  children: React.ReactNode;\n  requireOrganisationContext?: boolean;\n  autoSelectPrimaryOrganisation?: boolean;\n  onOrganisationChange?: (organisation: any) => void;\n}\n\n/**\n * OrganisationProvider component\n * \n * Wraps OrganisationServiceProvider and automatically gets auth context.\n * \n * @example\n * ```tsx\n * <UnifiedAuthProvider supabaseClient={supabase} appName=\"my-app\">\n *   <OrganisationProvider>\n *     <App />\n *   </OrganisationProvider>\n * </UnifiedAuthProvider>\n * ```\n */\nexport function OrganisationProvider({ \n  children,\n  requireOrganisationContext,\n  autoSelectPrimaryOrganisation,\n  onOrganisationChange\n}: OrganisationProviderProps) {\n  // Get auth context from UnifiedAuthProvider\n  const authContext = useUnifiedAuth();\n  \n  // If we're inside UnifiedAuthProvider, it already includes OrganisationServiceProvider\n  // So we can just pass through the children\n  // However, if the auth context is not available, we need to handle that\n  if (!authContext) {\n    // If no auth context, we can't provide organisation service\n    // This might happen if used outside UnifiedAuthProvider\n    // In that case, we should probably throw an error or show a message\n    console.warn('OrganisationProvider: No auth context available. Make sure OrganisationProvider is used inside UnifiedAuthProvider.');\n    return <>{children}</>;\n  }\n\n  const { supabase, user, session } = authContext;\n\n  // Wrap with OrganisationServiceProvider\n  // Note: The props like requireOrganisationContext, autoSelectPrimaryOrganisation\n  // are handled by the OrganisationService internally, not by the provider\n  // Note: supabase is mapped to supabaseClient for OrganisationServiceProvider\n  if (!supabase) {\n    console.warn('OrganisationProvider: No supabase client available.');\n    return <>{children}</>;\n  }\n\n  return (\n    <OrganisationServiceProvider\n      supabaseClient={supabase}\n      user={user}\n      session={session}\n    >\n      {children}\n    </OrganisationServiceProvider>\n  );\n}\n\n","/**\n * @file Inactivity Warning Modal\n * @package @jmruthers/pace-core\n * @module Components/InactivityWarningModal\n * @since 0.1.0\n *\n * A modal dialog that warns users about impending auto-logout due to inactivity.\n * Provides a countdown timer and action buttons to either stay signed in or sign out immediately.\n *\n * Features:\n * - Accessible modal dialog with focus management\n * - Live countdown timer with 1-second updates\n * - Clear action buttons (Stay Signed In / Sign Out Now)\n * - Keyboard navigation support (Escape to stay signed in)\n * - Cross-tab awareness and synchronization\n * - Tailwind v4 styling with pace-core theme tokens\n * - Production-safe with no arbitrary bracket classes\n *\n * @example\n * ```tsx\n * <InactivityWarningModal\n *   isOpen={showWarning}\n *   timeRemaining={45}\n *   onStaySignedIn={() => setShowWarning(false)}\n *   onSignOutNow={() => signOut()}\n * />\n * ```\n *\n * @accessibility\n * - WCAG 2.1 AA compliant\n * - Focus trap within modal content\n * - Screen reader announcements for countdown changes\n * - Keyboard navigation support\n * - Clear visual hierarchy and contrast\n * - Escape key to stay signed in (safe default)\n *\n * @performance\n * - Efficient countdown updates (1-second intervals)\n * - Minimal re-renders with stable references\n * - Memory leak prevention with cleanup\n * - Optimized timer management\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - Dialog components - Modal functionality\n * - Tailwind CSS v4 - Styling\n */\n\nimport React, { useEffect, useState, useCallback } from 'react';\nimport { Dialog, DialogContent, DialogHeader, DialogTitle, DialogDescription } from '../Dialog/Dialog';\nimport { Button } from '../Button/Button';\nimport { Clock, AlertTriangle } from 'lucide-react';\nimport { cn } from '../../utils/core/cn';\n\nexport interface InactivityWarningModalProps {\n  /** Whether the modal is open */\n  isOpen: boolean;\n  /** Time remaining in seconds before auto-logout */\n  timeRemaining: number;\n  /** Callback when user chooses to stay signed in */\n  onStaySignedIn: () => void;\n  /** Callback when user chooses to sign out immediately */\n  onSignOutNow: () => void;\n  /** Optional custom title */\n  title?: string;\n  /** Optional custom description */\n  description?: string;\n  /** Optional custom className */\n  className?: string;\n}\n\nexport function InactivityWarningModal({\n  isOpen,\n  timeRemaining,\n  onStaySignedIn,\n  onSignOutNow,\n  title = \"Session Timeout Warning\",\n  description = \"You've been inactive for a while. Your session will expire soon for security reasons.\",\n  className\n}: InactivityWarningModalProps) {\n  const [displayTime, setDisplayTime] = useState(timeRemaining);\n\n  // Update display time when timeRemaining prop changes\n  useEffect(() => {\n    setDisplayTime(timeRemaining);\n  }, [timeRemaining]);\n\n  // Format time for display (MM:SS)\n  const formatTime = useCallback((seconds: number) => {\n    const mins = Math.floor(seconds / 60);\n    const secs = seconds % 60;\n    return `${mins.toString().padStart(2, '0')}:${secs.toString().padStart(2, '0')}`;\n  }, []);\n\n  return (\n    <Dialog open={isOpen} onOpenChange={(open) => !open && onStaySignedIn()}>\n      <DialogContent \n        className={cn(\"sm:max-w-md\", className)}\n        preventCloseOnEscape={false}\n        preventCloseOnOutsideClick={true}\n        data-testid=\"inactivity-warning-modal\"\n      >\n        <DialogHeader>\n          <div className=\"flex items-center gap-3\">\n            <div className=\"flex-shrink-0\">\n              <AlertTriangle className=\"h-6 w-6 text-acc-600\" />\n            </div>\n            <div>\n              <DialogTitle className=\"text-lg font-semibold text-main-900\">\n                {title}\n              </DialogTitle>\n            </div>\n          </div>\n          <DialogDescription className=\"text-main-700 mt-2\">\n            {description}\n          </DialogDescription>\n        </DialogHeader>\n\n        <div className=\"space-y-6\">\n          {/* Countdown Timer */}\n          <div className=\"text-center\">\n            <div className=\"inline-flex items-center gap-2 px-4 py-3 bg-acc-50 border border-acc-200 rounded-lg\">\n              <Clock className=\"h-5 w-5 text-acc-600\" />\n              <span className=\"text-2xl font-mono font-bold text-acc-700\">\n                {formatTime(displayTime)}\n              </span>\n            </div>\n            <p className=\"text-sm text-main-600 mt-2\">\n              Time remaining before automatic logout\n            </p>\n          </div>\n\n          {/* Action Buttons */}\n          <div className=\"flex flex-col sm:flex-row gap-3\">\n            <Button\n              onClick={onStaySignedIn}\n              className=\"flex-1 bg-main-600 hover:bg-main-700 text-main-50\"\n              size=\"lg\"\n            >\n              Stay Signed In\n            </Button>\n            <Button\n              onClick={onSignOutNow}\n              variant=\"outline\"\n              className=\"flex-1 border-acc-300 text-acc-700 hover:bg-acc-50\"\n              size=\"lg\"\n            >\n              Sign Out Now\n            </Button>\n          </div>\n\n          {/* Additional Info */}\n          <div className=\"text-xs text-main-500 text-center\">\n            <p>\n              For security reasons, you'll be automatically signed out after 30 minutes of inactivity.\n            </p>\n          </div>\n        </div>\n      </DialogContent>\n    </Dialog>\n  );\n}\n","/**\n * @file Inactivity Tracker Hook\n * @package @jmruthers/pace-core\n * @module Hooks/useInactivityTracker\n * @since 0.1.0\n *\n * A custom hook that tracks user inactivity and provides cross-tab synchronization.\n * Monitors various user interactions and manages inactivity timers with persistence.\n *\n * Features:\n * - Cross-tab synchronization using BroadcastChannel and localStorage\n * - Monitors keyboard, mouse, touch, scroll, and focus events\n * - Throttled event handling for performance\n * - Persistence of last activity time across page reloads\n * - SSR-safe implementation with proper cleanup\n * - Configurable timeout and warning thresholds\n * - Production-safe with dev-only escape hatches\n *\n * @example\n * ```tsx\n * const {\n *   isIdle,\n *   timeRemaining,\n *   showWarning,\n *   resetActivity,\n *   startTracking,\n *   stopTracking\n * } = useInactivityTracker({\n *   idleTimeoutMs: 30 * 60 * 1000, // 30 minutes\n *   warnBeforeMs: 60 * 1000, // 1 minute\n *   onIdle: () => console.log('User is idle'),\n *   onWarning: () => console.log('Warning should show'),\n *   onActivity: () => console.log('User is active')\n * });\n * ```\n *\n * @accessibility\n * - No direct accessibility concerns (utility hook)\n * - Enables accessible inactivity warnings\n * - Supports screen reader friendly countdowns\n * - Maintains focus management during warnings\n *\n * @performance\n * - Throttled event handling (100ms intervals)\n * - Efficient timer management with cleanup\n * - Minimal re-renders with stable references\n * - Memory leak prevention\n * - Cross-tab optimization\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - Browser APIs - BroadcastChannel, localStorage, timers\n */\n\nimport { useState, useEffect, useCallback, useRef } from 'react';\nimport { logger } from '../utils/core/logger';\n\nexport interface UseInactivityTrackerOptions {\n  /** Timeout in milliseconds before user is considered idle (default: 30 minutes) */\n  idleTimeoutMs?: number;\n  /** Time in milliseconds before idle timeout to show warning (default: 60 seconds) */\n  warnBeforeMs?: number;\n  /** Callback when user becomes idle */\n  onIdle?: () => void;\n  /** Callback when warning should be shown */\n  onWarning?: () => void;\n  /** Callback when user becomes active again */\n  onActivity?: () => void;\n  /** Whether tracking is enabled (default: true) */\n  enabled?: boolean;\n  /** Storage key for persistence (default: 'pace-core-inactivity') */\n  storageKey?: string;\n  /** Broadcast channel name for cross-tab sync (default: 'pace-core-inactivity') */\n  channelName?: string;\n}\n\nexport interface UseInactivityTrackerReturn {\n  /** Whether the user is currently idle */\n  isIdle: boolean;\n  /** Time remaining in milliseconds before idle timeout */\n  timeRemaining: number;\n  /** Whether warning should be shown */\n  showWarning: boolean;\n  /** Reset the activity timer */\n  resetActivity: () => void;\n  /** Start tracking inactivity */\n  startTracking: () => void;\n  /** Stop tracking inactivity */\n  stopTracking: () => void;\n  /** Whether tracking is currently active */\n  isTracking: boolean;\n}\n\n// Events that indicate user activity\nconst ACTIVITY_EVENTS = [\n  'mousedown',\n  'mousemove',\n  'mouseup',\n  'click',\n  'scroll',\n  'wheel',\n  'touchstart',\n  'touchmove',\n  'touchend',\n  'keydown',\n  'keyup',\n  'keypress',\n  'focus',\n  'blur',\n  'visibilitychange'\n] as const;\n\n// Throttle function to limit event handler frequency\nfunction throttle<T extends (...args: any[]) => void>(\n  func: T,\n  limit: number\n): (...args: Parameters<T>) => void {\n  let inThrottle: boolean;\n  return function (this: any, ...args: Parameters<T>) {\n    if (!inThrottle) {\n      func.apply(this, args);\n      inThrottle = true;\n      setTimeout(() => (inThrottle = false), limit);\n    }\n  };\n}\n\nexport function useInactivityTracker({\n  idleTimeoutMs = 30 * 60 * 1000, // 30 minutes\n  warnBeforeMs = 60 * 1000, // 1 minute\n  onIdle,\n  onWarning,\n  onActivity,\n  enabled = true,\n  storageKey = 'pace-core-inactivity',\n  channelName = 'pace-core-inactivity'\n}: UseInactivityTrackerOptions = {}): UseInactivityTrackerReturn {\n  const [isIdle, setIsIdle] = useState(false);\n  const [timeRemaining, setTimeRemaining] = useState(idleTimeoutMs);\n  const [showWarning, setShowWarning] = useState(false);\n  const [isTracking, setIsTracking] = useState(false);\n\n  // Reset tracking state when enabled changes\n  useEffect(() => {\n    if (!enabled) {\n      setIsTracking(false);\n      setIsIdle(false);\n      setShowWarning(false);\n      setTimeRemaining(idleTimeoutMs);\n    }\n  }, [enabled, idleTimeoutMs]);\n\n  const timeoutRef = useRef<NodeJS.Timeout | null>(null);\n  const warningTimeoutRef = useRef<NodeJS.Timeout | null>(null);\n  const countdownIntervalRef = useRef<NodeJS.Timeout | null>(null);\n  const lastActivityRef = useRef<number>(Date.now());\n  const channelRef = useRef<BroadcastChannel | null>(null);\n\n  // Clear all timers\n  const clearTimers = useCallback(() => {\n    if (timeoutRef.current) {\n      clearTimeout(timeoutRef.current);\n      timeoutRef.current = null;\n    }\n    if (warningTimeoutRef.current) {\n      clearTimeout(warningTimeoutRef.current);\n      warningTimeoutRef.current = null;\n    }\n    if (countdownIntervalRef.current) {\n      clearInterval(countdownIntervalRef.current);\n      countdownIntervalRef.current = null;\n    }\n  }, []);\n\n  // Reset activity and restart timers\n  const resetActivity = useCallback((skipActivityCallback = false) => {\n    if (!enabled) return;\n\n    const now = Date.now();\n    lastActivityRef.current = now;\n\n    // Clear existing timers\n    clearTimers();\n\n    // Reset state\n    setIsIdle(false);\n    setShowWarning(false);\n    setTimeRemaining(idleTimeoutMs);\n\n    // Notify activity callback (unless skipped for initial setup)\n    if (!skipActivityCallback) {\n      onActivity?.();\n    }\n\n    // Set up warning timer\n    const warningTime = idleTimeoutMs - warnBeforeMs;\n    if (warningTime > 0) {\n      warningTimeoutRef.current = setTimeout(() => {\n        setShowWarning(true);\n        onWarning?.();\n      }, warningTime);\n    }\n\n    // Set up idle timeout\n    timeoutRef.current = setTimeout(() => {\n      setIsIdle(true);\n      onIdle?.();\n    }, idleTimeoutMs);\n\n    // Start countdown interval for time remaining\n    countdownIntervalRef.current = setInterval(() => {\n      const elapsed = Date.now() - lastActivityRef.current;\n      const remaining = Math.max(0, idleTimeoutMs - elapsed);\n      setTimeRemaining(remaining);\n\n      if (remaining === 0) {\n        clearTimers();\n      }\n    }, 1000);\n\n    // Persist activity time\n    try {\n      localStorage.setItem(storageKey, now.toString());\n    } catch (error) {\n      logger.warn('useInactivityTracker', 'Failed to persist activity time:', error);\n    }\n\n    // Broadcast activity to other tabs\n    try {\n      if (channelRef.current) {\n        channelRef.current.postMessage({ type: 'activity', timestamp: now });\n      }\n    } catch (error) {\n      logger.warn('useInactivityTracker', 'Failed to broadcast activity:', error);\n    }\n  }, [enabled, idleTimeoutMs, warnBeforeMs, onIdle, onWarning, onActivity, storageKey, clearTimers]);\n\n  // Start tracking\n  const startTracking = useCallback(() => {\n    if (!enabled) return;\n\n    // Always reset state and start fresh\n    setIsTracking(false);\n    setIsIdle(false);\n    setShowWarning(false);\n    setTimeRemaining(idleTimeoutMs);\n    \n    // Clear any existing timers\n    clearTimers();\n    \n    setIsTracking(true);\n\n    // Set up cross-tab communication\n    try {\n      if (typeof BroadcastChannel !== 'undefined') {\n        channelRef.current = new BroadcastChannel(channelName);\n        channelRef.current.onmessage = (event) => {\n          if (event.data.type === 'activity') {\n            lastActivityRef.current = event.data.timestamp;\n            resetActivity();\n          }\n        };\n      }\n    } catch (error) {\n      logger.warn('useInactivityTracker', 'Failed to set up cross-tab communication:', error);\n    }\n\n    // Check for persisted activity time\n    try {\n      const persistedTime = localStorage.getItem(storageKey);\n      if (persistedTime) {\n        const persistedTimestamp = parseInt(persistedTime, 10);\n        const elapsed = Date.now() - persistedTimestamp;\n        \n        if (elapsed < idleTimeoutMs) {\n          // User was active recently, continue from where we left off\n          lastActivityRef.current = persistedTimestamp;\n          const remaining = idleTimeoutMs - elapsed;\n          setTimeRemaining(remaining);\n          \n          if (remaining <= warnBeforeMs) {\n            setShowWarning(true);\n            onWarning?.();\n          }\n          \n          if (remaining <= 0) {\n            setIsIdle(true);\n            onIdle?.();\n            return;\n          }\n        }\n      }\n    } catch (error) {\n      logger.warn('useInactivityTracker', 'Failed to check persisted activity time:', error);\n    }\n\n    // Set up throttled activity handler\n    const throttledResetActivity = throttle((event) => {\n      resetActivity();\n    }, 100);\n\n    // Add event listeners\n    const addEventListeners = () => {\n      ACTIVITY_EVENTS.forEach(event => {\n        document.addEventListener(event, throttledResetActivity, { passive: true });\n      });\n    };\n\n    // Remove event listeners\n    const removeEventListeners = () => {\n      ACTIVITY_EVENTS.forEach(event => {\n        document.removeEventListener(event, throttledResetActivity);\n      });\n    };\n\n    // Add listeners\n    addEventListeners();\n\n    // Start the timer (skip activity callback for initial setup)\n    resetActivity(true);\n\n    // Cleanup function\n    return () => {\n      removeEventListeners();\n      clearTimers();\n      if (channelRef.current) {\n        channelRef.current.close();\n        channelRef.current = null;\n      }\n    };\n  }, [enabled, isTracking, channelName, storageKey, idleTimeoutMs, warnBeforeMs, onIdle, onWarning]);\n\n  // Stop tracking\n  const stopTracking = useCallback(() => {\n    setIsTracking(false);\n    clearTimers();\n    \n    if (channelRef.current) {\n      channelRef.current.close();\n      channelRef.current = null;\n    }\n  }, [clearTimers]);\n\n  // Effect to start/stop tracking based on enabled state\n  useEffect(() => {\n    if (enabled) {\n      const cleanup = startTracking();\n      return cleanup;\n    } else {\n      stopTracking();\n    }\n  }, [enabled, idleTimeoutMs, warnBeforeMs]);\n\n  // Cleanup on unmount\n  useEffect(() => {\n    return () => {\n      clearTimers();\n      if (channelRef.current) {\n        channelRef.current.close();\n      }\n    };\n  }, [clearTimers]);\n\n  return {\n    isIdle,\n    timeRemaining,\n    showWarning,\n    resetActivity,\n    startTracking,\n    stopTracking,\n    isTracking\n  };\n}\n","/**\n * @file Complete Component Library Export\n * @package @jmruthers/pace-core\n * @module Core\n * @since 0.1.0\n * \n * This file exports the primary components, hooks, and utilities from the PACE Core library.\n * It is the main entry point for developers using the library.\n * \n * @example\n * // Import common components\n * import { Button, Card, useUnifiedAuth } from '@jmruthers/pace-core';\n * \n * // For specialized components, use the complete library import:\n * import { Dialog, NavigationMenu } from '@jmruthers/pace-core/components';\n */\n\n// AUTHENTICATION & AUTHORIZATION\n// Note: Providers are now service-based architecture for better testability and maintainability\nexport { UnifiedAuthProvider, useUnifiedAuth } from './providers/services/UnifiedAuthProvider';\nexport type { UnifiedAuthProviderProps, UnifiedAuthContextType, UserEventAccess } from './providers/services/UnifiedAuthProvider';\n\n// Session tracking utility (for manual use if needed)\nexport { useSessionTracking } from './utils/context/sessionTracking';\n\n// Provider components (using service architecture)\nexport { EventServiceProvider } from './providers/services/EventServiceProvider';\nexport { OrganisationServiceProvider } from './providers/services/OrganisationServiceProvider';\nexport { InactivityServiceProvider } from './providers/services/InactivityServiceProvider';\n\n// Convenience provider wrapper (backward compatibility)\nexport { OrganisationProvider } from './providers/OrganisationProvider';\nexport type { OrganisationProviderProps } from './providers/OrganisationProvider';\n\n// Convenience hooks\nexport { useEvents } from './hooks/useEvents';\nexport { useOrganisations } from './hooks/useOrganisations';\n\n// Service hooks for advanced usage (better performance)\nexport { useEventService } from './hooks/services/useEventService';\nexport { useOrganisationService } from './hooks/services/useOrganisationService';\nexport { useAuthService } from './hooks/services/useAuthService';\nexport { useInactivityService } from './hooks/services/useInactivityService';\nexport { useSessionRestoration } from './hooks/useSessionRestoration';\n\nexport type { \n  Organisation, \n  OrganisationMembership, \n  OrganisationContextType, \n  OrganisationSecurityError \n} from './types/organisation';\n\n// INACTIVITY TRACKING\nexport { InactivityWarningModal } from './components/InactivityWarningModal/InactivityWarningModal';\nexport type { InactivityWarningModalProps } from './components/InactivityWarningModal/InactivityWarningModal';\nexport { useInactivityTracker } from './hooks/useInactivityTracker';\nexport type { UseInactivityTrackerOptions, UseInactivityTrackerReturn } from './hooks/useInactivityTracker';\n\n// RBAC SYSTEM - Consolidated RBAC module\nexport * from './rbac';\n\n// BASIC UI COMPONENTS\nexport { Button } from './components/Button/Button';\nexport type { ButtonProps } from './components/Button/Button';\n\nexport { \n  Card, \n  CardHeader, \n  CardFooter, \n  CardTitle, \n  CardDescription, \n  CardContent,\n  CardActions\n} from './components/Card/Card';\nexport type { CardProps } from './components/Card/Card';\n\nexport { Input } from './components/Input/Input';\nexport type { InputProps } from './components/Input/Input';\nexport { Label } from './components/Label/Label';\nexport type { LabelProps } from './components/Label/Label';\n\nexport { Textarea } from './components/Textarea/Textarea';\nexport type { TextareaProps } from './components/Textarea/Textarea';\n\nexport { Alert, AlertTitle, AlertDescription } from './components/Alert/Alert';\nexport { Avatar, AvatarImage, AvatarFallback } from './components/Avatar/Avatar';\n\nexport { Badge } from './components/Badge/Badge';\nexport type { BadgeProps, BadgeVariant } from './components/Badge/Badge';\n\nexport { Checkbox } from './components/Checkbox/Checkbox';\nexport { Switch } from './components/Switch/Switch';\nexport type { SwitchProps } from './components/Switch/Switch';\nexport { Progress } from './components/Progress';\nexport type { ProgressProps } from './components/Progress';\n\n// ADVANCED UI COMPONENTS\nexport {\n  Dialog,\n  DialogPortal,\n  DialogOverlay,\n  DialogTrigger,\n  DialogClose,\n  DialogContent,\n  DialogHeader,\n  DialogBody,\n  DialogFooter,\n  DialogTitle,\n  DialogDescription,\n} from './components/Dialog/Dialog';\n\n// Dropdown Menu exports\n// DropdownMenu components have been merged into Select components\n\n// Select exports\nexport {\n  Select,\n  SelectGroup,\n  SelectValue,\n  SelectTrigger,\n  SelectContent,\n  SelectLabel,\n  SelectItem,\n  SelectSeparator,\n} from './components/Select';\n\n// Tabs exports\nexport { Tabs, TabsList, TabsTrigger, TabsContent } from './components/Tabs/Tabs';\nexport type { TabsProps, TabsListProps, TabsTriggerProps, TabsContentProps } from './components/Tabs/Tabs';\n\n// Calendar exports\nexport { Calendar } from './components/Calendar/Calendar';\nexport type { CalendarProps } from './components/Calendar/Calendar';\n\n// Modal functionality is provided by Dialog components\n\nexport {\n  Toast,\n  Toaster,\n  ToastAction,\n  ToastProvider,\n  ToastViewport,\n  ToastTitle,\n  ToastDescription,\n  ToastClose,\n} from './components/Toast/Toast';\nexport { useToast } from './hooks/useToast';\nexport type { ToastActionElement, ToastProps } from './components/Toast/Toast';\n\nexport { Tooltip, TooltipTrigger, TooltipContent, TooltipProvider, TooltipRoot } from './components/Tooltip/Tooltip';\n\n// DATA DISPLAY COMPONENTS\nexport {\n  DataTable,\n  type DataTableProps,\n  type DataTableColumn,\n  type DataTableAction,\n  type DataTableToolbarButton,\n  type AggregateConfig,\n  type EmptyStateConfig,\n  type GetRowId,\n  type DataTableFeatureConfig,\n  ColumnFactory\n} from './components/DataTable';\n\n// Re-export types from DataTable types\nexport type { DataRecord, ExportOptions } from './components/DataTable/types';\n\n// Export DataTable utility functions\nexport {\n  exportToCSV,\n  exportToCSVWithTableRows,\n  generateCSVContent,\n  type ExportColumn\n} from './components/DataTable/utils/exportUtils';\n\n// Export DataTable aggregation utilities\nexport {\n  sum,\n  average,\n  count,\n  min,\n  max\n} from './components/DataTable/utils/aggregationUtils';\n\n// FORM COMPONENTS\nexport { Form, FormField } from './components/Form/Form';\nexport type { FormProps, FormFieldProps } from './components/Form/Form';\nexport { LoginForm } from './components/LoginForm';\nexport type { LoginFormProps } from './components/LoginForm';\n\n// FORM HOOKS\nexport { useZodForm } from './hooks/useZodForm';\nexport { useFormDialog } from './hooks/useFormDialog';\nexport type { UseFormDialogOptions, UseFormDialogReturn } from './hooks/useFormDialog';\n\n// VALIDATION - Re-export zod for schema creation\nexport { z } from 'zod';\n// Common validation schemas\nexport { emailSchema, nameSchema, phoneSchema, urlSchema } from './utils/validation/common';\nexport { passwordSchema } from './utils/validation/passwordSchema';\n\n// LAYOUT COMPONENTS\nexport { Header } from './components/Header/Header';\nexport { Footer } from './components/Footer/Footer';\nexport type { FooterProps } from './components/Footer/Footer';\n\n// NAVIGATION COMPONENTS\nexport { NavigationMenu } from './components/NavigationMenu/NavigationMenu';\nexport type { NavigationMenuProps, NavigationItem, NavigationMode } from './components/NavigationMenu/NavigationMenu';\nexport { UserMenu } from './components/UserMenu/UserMenu';\nexport type { UserMenuProps } from './components/UserMenu/UserMenu';\n\n// Reusable Page/Layout Components\nexport { PaceAppLayout } from './components/PaceAppLayout/PaceAppLayout';\nexport type { PaceAppLayoutProps } from './components/PaceAppLayout/PaceAppLayout';\nexport { PaceLoginPage } from './components/PaceLoginPage/PaceLoginPage';\nexport type { PaceLoginPageProps } from './components/PaceLoginPage/PaceLoginPage';\n\nexport { ProtectedRoute } from './components/ProtectedRoute/ProtectedRoute';\nexport type { ProtectedRouteProps } from './components/ProtectedRoute/ProtectedRoute';\n\n// UTILITY COMPONENTS\nexport { ErrorBoundary } from './components/ErrorBoundary/ErrorBoundary';\nexport { LoadingSpinner } from './components/LoadingSpinner/LoadingSpinner';\nexport { SessionRestorationLoader } from './components/SessionRestorationLoader/SessionRestorationLoader';\nexport type { SessionRestorationLoaderProps } from './components/SessionRestorationLoader/SessionRestorationLoader';\n\n// EVENT MANAGEMENT\nexport { EventSelector } from './components/EventSelector/EventSelector';\n\n// ORGANISATION MANAGEMENT\nexport { OrganisationSelector } from './components/OrganisationSelector/OrganisationSelector';\nexport { useOrganisationPermissions } from './hooks/useOrganisationPermissions';\nexport { useOrganisationSecurity } from './hooks/useOrganisationSecurity';\nexport { createSecureDataAccess } from './utils/security/secureDataAccess';\n\n// TYPES\nexport type { UserProfile } from './types/organisation';\n\n// AUTHENTICATION FORMS\nexport { PasswordChangeForm } from './components/PasswordChange/PasswordChangeForm';\n\n// UTILS & HOOKS\nexport { useAppConfig } from './hooks/useAppConfig';\nexport { useEventTheme } from './hooks/useEventTheme';\nexport { cn } from './utils/core/cn';\nexport { setAppConfig, getAppConfig, getCurrentAppName, getCurrentAppId } from './utils/app/appConfig';\n\n// LOGGING UTILITIES\nexport { Logger, logger, createLogger, LogLevel } from './utils/core/logger';\nexport type { LoggerConfig } from './utils/core/logger';\n\n// FORMATTING UTILITIES\nexport { \n  formatDate,\n  formatTime,\n  formatDateTime,\n  formatCurrency, \n  formatNumber,\n  formatPercent,\n  formatCompactNumber,\n  formatFileSize\n} from './utils/formatting/formatting';\n\n// TIMEZONE UTILITIES\nexport {\n  formatInTimeZone,\n  getTimezoneAbbreviation,\n  formatTimeInTimeZone,\n  getUserTimeZone,\n  toZonedTime,\n  fromZonedTime,\n  roundToNearestMinutes,\n  getTimeZoneDifference\n} from './utils/timezone';\n\n// STORAGE UTILITIES\nexport { FileUpload } from './components/FileUpload';\nexport type { FileUploadProps } from './components/FileUpload';\nexport { FileDisplay } from './components/FileDisplay';\nexport type { FileDisplayProps } from './components/FileDisplay';\nexport { FileCategory } from './types/file-reference';\nexport type { FileReference, FileMetadata, FileUploadOptions } from './types/file-reference';\nexport { \n  useFileReference, \n  useFileReferenceForRecord,\n  useFileReferenceById,\n  useFilesByCategory\n} from './hooks/useFileReference';\nexport type { \n  UseFileReferenceOptions, \n  UseFileReferenceReturn, \n  UseFileReferenceForRecordReturn \n} from './hooks/useFileReference';\nexport * from './utils/storage';\n\n// Table components\nexport {\n  Table,\n  TableHeader,\n  TableBody,\n  TableCaption,\n  TableCell,\n  TableFooter,\n  TableHead,\n  TableRow,\n} from './components/Table/Table';\n\n// STYLES & THEMING\nexport * from './styles';\n// Direct export of theming utilities for convenience\nexport { parseAndNormalizeEventColours } from './theming/parseEventColours';\nexport { applyPalette, clearPalette } from './theming/runtime';\nexport type { PaletteData, ColorPalette, ColorShade } from './theming/runtime';\n\n// PUBLIC PAGES\nexport * from './hooks/public';\nexport * from './components/PublicLayout';\n","/**\n * @file Secure Data Access Utility\n * @package @jmruthers/pace-core\n * @module Utils/SecureDataAccess\n * @since 0.4.0\n *\n * Secure data access utilities that enforce organisation context for all database operations.\n * Prevents data leakage between organisations and ensures proper access validation.\n */\n\nimport type { SupabaseClient } from '@supabase/supabase-js';\n\n// Generic database record type\nexport interface DatabaseRecord {\n  id: string;\n  organisation_id: string;\n  [key: string]: unknown;\n}\n\n// Generic data for insert/update operations\nexport interface DatabaseData {\n  [key: string]: unknown;\n}\n\n// Generic filters for queries\nexport interface DatabaseFilters {\n  [key: string]: unknown;\n}\n\n// Secure query options\nexport interface SecureQueryOptions {\n  table: string;\n  select: string;\n  organisationId: string;\n  filters?: DatabaseFilters;\n  orderBy?: string;\n  limit?: number;\n  offset?: number;\n}\n\nexport interface SecureDataAccess {\n  // Secure query methods\n  secureQuery: <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions) => Promise<T[]>;\n  secureSingleQuery: <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions) => Promise<T | null>;\n  \n  // Secure mutation methods\n  secureInsert: <T extends DatabaseRecord = DatabaseRecord>(table: string, data: DatabaseData, organisationId: string) => Promise<T | null>;\n  secureUpdate: <T extends DatabaseRecord = DatabaseRecord>(table: string, data: DatabaseData, filters: DatabaseFilters, organisationId: string) => Promise<T | null>;\n  secureDelete: (table: string, filters: DatabaseFilters, organisationId: string) => Promise<boolean>;\n  \n  // Organisation-scoped queries\n  queryByOrganisation: <T extends DatabaseRecord = DatabaseRecord>(table: string, select: string, organisationId: string, filters?: DatabaseFilters) => Promise<T[]>;\n  \n  // Validation helpers\n  validateOrganisationContext: (organisationId: string) => void;\n  ensureOrganisationColumn: (table: string) => boolean;\n}\n\nexport interface SecureQueryBuilder {\n  table: string;\n  select: string;\n  organisationId: string;\n  filters?: DatabaseFilters;\n  orderBy?: string;\n  limit?: number;\n  offset?: number;\n}\n\n/**\n * Create a secure data access instance\n * @param supabase - Supabase client instance\n * @param organisationId - Current organisation context\n * @param isSuperAdmin - Whether user has super admin privileges\n * @returns Secure data access utilities\n */\nexport const createSecureDataAccess = (\n  supabase: SupabaseClient,\n  organisationId: string,\n  isSuperAdmin: boolean = false\n): SecureDataAccess => {\n  \n  // Validate organisation context\n  const validateOrganisationContext = (orgId: string): void => {\n    if (!orgId) {\n      throw new Error('Organisation context is required for secure data access');\n    }\n    \n    if (!isSuperAdmin && !orgId) {\n      throw new Error('Organisation context is mandatory for non-super admin users');\n    }\n  };\n\n  // Check if table has organisation_id column\n  const ensureOrganisationColumn = (table: string): boolean => {\n    // This is a simplified check - in production you might want to cache this\n    const tablesWithOrganisation = [\n      'event',  'organisation_settings',\n      'rbac_event_app_roles', 'rbac_organisation_roles',\n      // SECURITY: Phase 2 additions - complete organisation table mapping\n      'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n      // SECURITY: Emergency additions for Phase 1 fixes\n      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',\n      // SECURITY: Phase 3A additions - medical and personal data\n      'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',\n      'pace_consent', 'pace_contact', 'pace_id_documents', 'pace_qualifications',\n      'form_responses', 'form_response_values', 'forms',\n      // SECURITY: Phase 3B additions - remaining critical tables\n      'invoice', 'line_item', 'credit_balance', 'payment_method',\n      'form_contexts', 'form_field_config', 'form_fields',\n      'cake_delivery', 'cake_diettype', 'cake_diner', 'cake_dish', 'cake_item', \n      'cake_logistics', 'cake_mealplan', 'cake_package', 'cake_recipe', 'cake_supplier', \n      'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions'\n    ];\n    \n    return tablesWithOrganisation.includes(table);\n  };\n\n  // Build secure query with organisation context\n  const buildSecureQuery = (options: SecureQueryBuilder) => {\n    const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n    \n    validateOrganisationContext(orgId);\n    \n    let query = supabase\n      .from(table)\n      .select(select);\n    \n    // Add organisation filter (unless super admin)\n    if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n      query = query.eq('organisation_id', orgId);\n    }\n    \n    // Add additional filters\n    if (filters) {\n      Object.entries(filters).forEach(([key, value]) => {\n        if (value !== undefined && value !== null) {\n          // Handle qualified column names (e.g., 'users.role')\n          const columnName = key.includes('.') ? key.split('.').pop()! : key;\n          query = query.eq(columnName, value);\n        }\n      });\n    }\n    \n    // Add ordering\n    if (orderBy) {\n      // Only use the column name, not a qualified name\n      const orderByColumn = orderBy.split('.').pop();\n      if (orderByColumn) {\n        query = query.order(orderByColumn);\n      }\n    }\n    \n    // Add pagination\n    if (limit) {\n      query = query.limit(limit);\n    }\n    \n    if (offset) {\n      query = query.range(offset, offset + (limit || 10) - 1);\n    }\n    \n    return query;\n  };\n\n  // Secure query for multiple results\n  const secureQuery = async <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions): Promise<T[]> => {\n    const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n    \n    try {\n      const query = buildSecureQuery({\n        table,\n        select,\n        organisationId: orgId,\n        filters,\n        orderBy,\n        limit,\n        offset\n      });\n      \n      const { data, error } = await query;\n      \n      if (error) {\n        throw error;\n      }\n      \n      // Ensure data is an array and not an error type\n      if (Array.isArray(data)) {\n        return data as unknown as T[];\n      }\n      \n      return [];\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure query for single result\n  const secureSingleQuery = async <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions): Promise<T | null> => {\n    const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n    \n    try {\n      const query = buildSecureQuery({\n        table,\n        select,\n        organisationId: orgId,\n        filters,\n        orderBy,\n        limit,\n        offset\n      });\n      \n      const { data, error } = await query.single();\n      \n      if (error) {\n        if (error.code === 'PGRST116') {\n          // No rows returned\n          return null;\n        }\n        throw error;\n      }\n      \n      // Ensure data is not an error type\n      if (data && typeof data === 'object' && !('code' in data)) {\n        return data as unknown as T;\n      }\n      \n      return null;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure insert with organisation context\n  const secureInsert = async <T extends DatabaseRecord = DatabaseRecord>(\n    table: string, \n    data: DatabaseData, \n    organisationId: string\n  ): Promise<T | null> => {\n    validateOrganisationContext(organisationId);\n    \n    try {\n      const insertData = {\n        ...data,\n        organisation_id: organisationId\n      };\n      \n      const { data: result, error } = await supabase\n        .from(table)\n        .insert(insertData)\n        .select()\n        .single();\n      \n      if (error) {\n        throw error;\n      }\n      \n      return result;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure update with organisation context\n  const secureUpdate = async <T extends DatabaseRecord = DatabaseRecord>(\n    table: string, \n    data: DatabaseData, \n    filters: DatabaseFilters, \n    organisationId: string\n  ): Promise<T | null> => {\n    validateOrganisationContext(organisationId);\n    \n    try {\n      let query = supabase\n        .from(table)\n        .update(data);\n      \n      // Add organisation filter (unless super admin)\n      if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n        query = query.eq('organisation_id', organisationId);\n      }\n      \n      // Add additional filters\n      if (filters) {\n        Object.entries(filters).forEach(([key, value]) => {\n          if (value !== undefined && value !== null) {\n            query = query.eq(key, value);\n          }\n        });\n      }\n      \n      const { data: result, error } = await query.select().single();\n      \n      if (error) {\n        throw error;\n      }\n      \n      return result;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Secure delete with organisation context\n  const secureDelete = async (\n    table: string, \n    filters: DatabaseFilters, \n    organisationId: string\n  ): Promise<boolean> => {\n    validateOrganisationContext(organisationId);\n    \n    try {\n      let query = supabase\n        .from(table)\n        .delete();\n      \n      // Add organisation filter (unless super admin)\n      if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n        query = query.eq('organisation_id', organisationId);\n      }\n      \n      // Add additional filters\n      if (filters) {\n        Object.entries(filters).forEach(([key, value]) => {\n          if (value !== undefined && value !== null) {\n            query = query.eq(key, value);\n          }\n        });\n      }\n      \n      const { error } = await query;\n      \n      if (error) {\n        throw error;\n      }\n      \n      return true;\n    } catch (error) {\n      throw error;\n    }\n  };\n\n  // Organisation-scoped query helper\n  const queryByOrganisation = async <T extends DatabaseRecord = DatabaseRecord>(\n    table: string, \n    select: string, \n    organisationId: string, \n    filters?: DatabaseFilters\n  ): Promise<T[]> => {\n    return secureQuery<T>({\n      table,\n      select,\n      organisationId,\n      filters\n    });\n  };\n\n  return {\n    secureQuery,\n    secureSingleQuery,\n    secureInsert,\n    secureUpdate,\n    secureDelete,\n    queryByOrganisation,\n    validateOrganisationContext,\n    ensureOrganisationColumn\n  };\n};\n\n/**\n * Hook for secure data access\n * @returns Secure data access utilities\n */\nexport const useSecureDataAccess = (): SecureDataAccess => {\n  // This would typically get the context from providers\n  // For now, we'll create a placeholder that can be used with explicit parameters\n  throw new Error('useSecureDataAccess must be used with explicit parameters. Use createSecureDataAccess instead.');\n}; "],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0DW;AAjBJ,SAAS,qBAAqB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAA8B;AAE5B,QAAM,cAAc,eAAe;AAKnC,MAAI,CAAC,aAAa;AAIhB,YAAQ,KAAK,qHAAqH;AAClI,WAAO,gCAAG,UAAS;AAAA,EACrB;AAEA,QAAM,EAAE,UAAU,MAAM,QAAQ,IAAI;AAMpC,MAAI,CAAC,UAAU;AACb,YAAQ,KAAK,qDAAqD;AAClE,WAAO,gCAAG,UAAS;AAAA,EACrB;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,gBAAgB;AAAA,MAChB;AAAA,MACA;AAAA,MAEC;AAAA;AAAA,EACH;AAEJ;;;ACjCA,SAAgB,WAAW,UAAU,mBAAmB;AAGxD,SAAS,OAAO,qBAAqB;AAoD3B,SAEI,OAAAA,MAFJ;AAhCH,SAAS,uBAAuB;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,QAAQ;AAAA,EACR,cAAc;AAAA,EACd;AACF,GAAgC;AAC9B,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,aAAa;AAG5D,YAAU,MAAM;AACd,mBAAe,aAAa;AAAA,EAC9B,GAAG,CAAC,aAAa,CAAC;AAGlB,QAAMC,cAAa,YAAY,CAAC,YAAoB;AAClD,UAAM,OAAO,KAAK,MAAM,UAAU,EAAE;AACpC,UAAM,OAAO,UAAU;AACvB,WAAO,GAAG,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,EAChF,GAAG,CAAC,CAAC;AAEL,SACE,gBAAAD,KAAC,UAAO,MAAM,QAAQ,cAAc,CAAC,SAAS,CAAC,QAAQ,eAAe,GACpE;AAAA,IAAC;AAAA;AAAA,MACC,WAAW,GAAG,eAAe,SAAS;AAAA,MACtC,sBAAsB;AAAA,MACtB,4BAA4B;AAAA,MAC5B,eAAY;AAAA,MAEZ;AAAA,6BAAC,gBACC;AAAA,+BAAC,SAAI,WAAU,2BACb;AAAA,4BAAAA,KAAC,SAAI,WAAU,iBACb,0BAAAA,KAAC,iBAAc,WAAU,wBAAuB,GAClD;AAAA,YACA,gBAAAA,KAAC,SACC,0BAAAA,KAAC,eAAY,WAAU,uCACpB,iBACH,GACF;AAAA,aACF;AAAA,UACA,gBAAAA,KAAC,qBAAkB,WAAU,sBAC1B,uBACH;AAAA,WACF;AAAA,QAEA,qBAAC,SAAI,WAAU,aAEb;AAAA,+BAAC,SAAI,WAAU,eACb;AAAA,iCAAC,SAAI,WAAU,uFACb;AAAA,8BAAAA,KAAC,SAAM,WAAU,wBAAuB;AAAA,cACxC,gBAAAA,KAAC,UAAK,WAAU,6CACb,UAAAC,YAAW,WAAW,GACzB;AAAA,eACF;AAAA,YACA,gBAAAD,KAAC,OAAE,WAAU,8BAA6B,oDAE1C;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,mCACb;AAAA,4BAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,YACA,gBAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,SAAQ;AAAA,gBACR,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,aACF;AAAA,UAGA,gBAAAA,KAAC,SAAI,WAAU,qCACb,0BAAAA,KAAC,OAAE,sGAEH,GACF;AAAA,WACF;AAAA;AAAA;AAAA,EACF,GACF;AAEJ;;;AC3GA,SAAS,YAAAE,WAAU,aAAAC,YAAW,eAAAC,cAAa,cAAc;AAwCzD,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGA,SAAS,SACP,MACA,OACkC;AAClC,MAAI;AACJ,SAAO,YAAwB,MAAqB;AAClD,QAAI,CAAC,YAAY;AACf,WAAK,MAAM,MAAM,IAAI;AACrB,mBAAa;AACb,iBAAW,MAAO,aAAa,OAAQ,KAAK;AAAA,IAC9C;AAAA,EACF;AACF;AAEO,SAAS,qBAAqB;AAAA,EACnC,gBAAgB,KAAK,KAAK;AAAA;AAAA,EAC1B,eAAe,KAAK;AAAA;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAAU;AAAA,EACV,aAAa;AAAA,EACb,cAAc;AAChB,IAAiC,CAAC,GAA+B;AAC/D,QAAM,CAAC,QAAQ,SAAS,IAAIC,UAAS,KAAK;AAC1C,QAAM,CAAC,eAAe,gBAAgB,IAAIA,UAAS,aAAa;AAChE,QAAM,CAAC,aAAa,cAAc,IAAIA,UAAS,KAAK;AACpD,QAAM,CAAC,YAAY,aAAa,IAAIA,UAAS,KAAK;AAGlD,EAAAC,WAAU,MAAM;AACd,QAAI,CAAC,SAAS;AACZ,oBAAc,KAAK;AACnB,gBAAU,KAAK;AACf,qBAAe,KAAK;AACpB,uBAAiB,aAAa;AAAA,IAChC;AAAA,EACF,GAAG,CAAC,SAAS,aAAa,CAAC;AAE3B,QAAM,aAAa,OAA8B,IAAI;AACrD,QAAM,oBAAoB,OAA8B,IAAI;AAC5D,QAAM,uBAAuB,OAA8B,IAAI;AAC/D,QAAM,kBAAkB,OAAe,KAAK,IAAI,CAAC;AACjD,QAAM,aAAa,OAAgC,IAAI;AAGvD,QAAM,cAAcC,aAAY,MAAM;AACpC,QAAI,WAAW,SAAS;AACtB,mBAAa,WAAW,OAAO;AAC/B,iBAAW,UAAU;AAAA,IACvB;AACA,QAAI,kBAAkB,SAAS;AAC7B,mBAAa,kBAAkB,OAAO;AACtC,wBAAkB,UAAU;AAAA,IAC9B;AACA,QAAI,qBAAqB,SAAS;AAChC,oBAAc,qBAAqB,OAAO;AAC1C,2BAAqB,UAAU;AAAA,IACjC;AAAA,EACF,GAAG,CAAC,CAAC;AAGL,QAAM,gBAAgBA,aAAY,CAAC,uBAAuB,UAAU;AAClE,QAAI,CAAC,QAAS;AAEd,UAAM,MAAM,KAAK,IAAI;AACrB,oBAAgB,UAAU;AAG1B,gBAAY;AAGZ,cAAU,KAAK;AACf,mBAAe,KAAK;AACpB,qBAAiB,aAAa;AAG9B,QAAI,CAAC,sBAAsB;AACzB,mBAAa;AAAA,IACf;AAGA,UAAM,cAAc,gBAAgB;AACpC,QAAI,cAAc,GAAG;AACnB,wBAAkB,UAAU,WAAW,MAAM;AAC3C,uBAAe,IAAI;AACnB,oBAAY;AAAA,MACd,GAAG,WAAW;AAAA,IAChB;AAGA,eAAW,UAAU,WAAW,MAAM;AACpC,gBAAU,IAAI;AACd,eAAS;AAAA,IACX,GAAG,aAAa;AAGhB,yBAAqB,UAAU,YAAY,MAAM;AAC/C,YAAM,UAAU,KAAK,IAAI,IAAI,gBAAgB;AAC7C,YAAM,YAAY,KAAK,IAAI,GAAG,gBAAgB,OAAO;AACrD,uBAAiB,SAAS;AAE1B,UAAI,cAAc,GAAG;AACnB,oBAAY;AAAA,MACd;AAAA,IACF,GAAG,GAAI;AAGP,QAAI;AACF,mBAAa,QAAQ,YAAY,IAAI,SAAS,CAAC;AAAA,IACjD,SAAS,OAAO;AACd,aAAO,KAAK,wBAAwB,oCAAoC,KAAK;AAAA,IAC/E;AAGA,QAAI;AACF,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,YAAY,EAAE,MAAM,YAAY,WAAW,IAAI,CAAC;AAAA,MACrE;AAAA,IACF,SAAS,OAAO;AACd,aAAO,KAAK,wBAAwB,iCAAiC,KAAK;AAAA,IAC5E;AAAA,EACF,GAAG,CAAC,SAAS,eAAe,cAAc,QAAQ,WAAW,YAAY,YAAY,WAAW,CAAC;AAGjG,QAAM,gBAAgBA,aAAY,MAAM;AACtC,QAAI,CAAC,QAAS;AAGd,kBAAc,KAAK;AACnB,cAAU,KAAK;AACf,mBAAe,KAAK;AACpB,qBAAiB,aAAa;AAG9B,gBAAY;AAEZ,kBAAc,IAAI;AAGlB,QAAI;AACF,UAAI,OAAO,qBAAqB,aAAa;AAC3C,mBAAW,UAAU,IAAI,iBAAiB,WAAW;AACrD,mBAAW,QAAQ,YAAY,CAAC,UAAU;AACxC,cAAI,MAAM,KAAK,SAAS,YAAY;AAClC,4BAAgB,UAAU,MAAM,KAAK;AACrC,0BAAc;AAAA,UAChB;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,aAAO,KAAK,wBAAwB,6CAA6C,KAAK;AAAA,IACxF;AAGA,QAAI;AACF,YAAM,gBAAgB,aAAa,QAAQ,UAAU;AACrD,UAAI,eAAe;AACjB,cAAM,qBAAqB,SAAS,eAAe,EAAE;AACrD,cAAM,UAAU,KAAK,IAAI,IAAI;AAE7B,YAAI,UAAU,eAAe;AAE3B,0BAAgB,UAAU;AAC1B,gBAAM,YAAY,gBAAgB;AAClC,2BAAiB,SAAS;AAE1B,cAAI,aAAa,cAAc;AAC7B,2BAAe,IAAI;AACnB,wBAAY;AAAA,UACd;AAEA,cAAI,aAAa,GAAG;AAClB,sBAAU,IAAI;AACd,qBAAS;AACT;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,aAAO,KAAK,wBAAwB,4CAA4C,KAAK;AAAA,IACvF;AAGA,UAAM,yBAAyB,SAAS,CAAC,UAAU;AACjD,oBAAc;AAAA,IAChB,GAAG,GAAG;AAGN,UAAM,oBAAoB,MAAM;AAC9B,sBAAgB,QAAQ,WAAS;AAC/B,iBAAS,iBAAiB,OAAO,wBAAwB,EAAE,SAAS,KAAK,CAAC;AAAA,MAC5E,CAAC;AAAA,IACH;AAGA,UAAM,uBAAuB,MAAM;AACjC,sBAAgB,QAAQ,WAAS;AAC/B,iBAAS,oBAAoB,OAAO,sBAAsB;AAAA,MAC5D,CAAC;AAAA,IACH;AAGA,sBAAkB;AAGlB,kBAAc,IAAI;AAGlB,WAAO,MAAM;AACX,2BAAqB;AACrB,kBAAY;AACZ,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,MAAM;AACzB,mBAAW,UAAU;AAAA,MACvB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,SAAS,YAAY,aAAa,YAAY,eAAe,cAAc,QAAQ,SAAS,CAAC;AAGjG,QAAM,eAAeA,aAAY,MAAM;AACrC,kBAAc,KAAK;AACnB,gBAAY;AAEZ,QAAI,WAAW,SAAS;AACtB,iBAAW,QAAQ,MAAM;AACzB,iBAAW,UAAU;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,WAAW,CAAC;AAGhB,EAAAD,WAAU,MAAM;AACd,QAAI,SAAS;AACX,YAAM,UAAU,cAAc;AAC9B,aAAO;AAAA,IACT,OAAO;AACL,mBAAa;AAAA,IACf;AAAA,EACF,GAAG,CAAC,SAAS,eAAe,YAAY,CAAC;AAGzC,EAAAA,WAAU,MAAM;AACd,WAAO,MAAM;AACX,kBAAY;AACZ,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,MAAM;AAAA,MAC3B;AAAA,IACF;AAAA,EACF,GAAG,CAAC,WAAW,CAAC;AAEhB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AC/KA,SAAS,SAAS;;;AC1HX,IAAM,yBAAyB,CACpC,UACA,gBACA,eAAwB,UACH;AAGrB,QAAM,8BAA8B,CAAC,UAAwB;AAC3D,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,MAAM,yDAAyD;AAAA,IAC3E;AAEA,QAAI,CAAC,gBAAgB,CAAC,OAAO;AAC3B,YAAM,IAAI,MAAM,6DAA6D;AAAA,IAC/E;AAAA,EACF;AAGA,QAAM,2BAA2B,CAAC,UAA2B;AAE3D,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAU;AAAA,MACV;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA;AAAA,MAE7C;AAAA,MAAgB;AAAA,MAAkB;AAAA,MAAa;AAAA,MAAoB;AAAA,MACnE;AAAA,MAAgB;AAAA,MAAgB;AAAA,MAAqB;AAAA,MACrD;AAAA,MAAkB;AAAA,MAAwB;AAAA;AAAA,MAE1C;AAAA,MAAW;AAAA,MAAa;AAAA,MAAkB;AAAA,MAC1C;AAAA,MAAiB;AAAA,MAAqB;AAAA,MACtC;AAAA,MAAiB;AAAA,MAAiB;AAAA,MAAc;AAAA,MAAa;AAAA,MAC7D;AAAA,MAAkB;AAAA,MAAiB;AAAA,MAAgB;AAAA,MAAe;AAAA,MAClE;AAAA,MAAe;AAAA,MAAa;AAAA,MAAoB;AAAA,MAAoB;AAAA,IACtE;AAEA,WAAO,uBAAuB,SAAS,KAAK;AAAA,EAC9C;AAGA,QAAM,mBAAmB,CAAC,YAAgC;AACxD,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,gCAA4B,KAAK;AAEjC,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,MAAM;AAGhB,QAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,cAAQ,MAAM,GAAG,mBAAmB,KAAK;AAAA,IAC3C;AAGA,QAAI,SAAS;AACX,aAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,YAAI,UAAU,UAAa,UAAU,MAAM;AAEzC,gBAAM,aAAa,IAAI,SAAS,GAAG,IAAI,IAAI,MAAM,GAAG,EAAE,IAAI,IAAK;AAC/D,kBAAQ,MAAM,GAAG,YAAY,KAAK;AAAA,QACpC;AAAA,MACF,CAAC;AAAA,IACH;AAGA,QAAI,SAAS;AAEX,YAAM,gBAAgB,QAAQ,MAAM,GAAG,EAAE,IAAI;AAC7C,UAAI,eAAe;AACjB,gBAAQ,MAAM,MAAM,aAAa;AAAA,MACnC;AAAA,IACF;AAGA,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM,KAAK;AAAA,IAC3B;AAEA,QAAI,QAAQ;AACV,cAAQ,MAAM,MAAM,QAAQ,UAAU,SAAS,MAAM,CAAC;AAAA,IACxD;AAEA,WAAO;AAAA,EACT;AAGA,QAAM,cAAc,OAAkD,YAA8C;AAClH,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,QAAI;AACF,YAAM,QAAQ,iBAAiB;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAGA,UAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,eAAO;AAAA,MACT;AAEA,aAAO,CAAC;AAAA,IACV,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,oBAAoB,OAAkD,YAAmD;AAC7H,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,QAAI;AACF,YAAM,QAAQ,iBAAiB;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,MAAM,OAAO;AAE3C,UAAI,OAAO;AACT,YAAI,MAAM,SAAS,YAAY;AAE7B,iBAAO;AAAA,QACT;AACA,cAAM;AAAA,MACR;AAGA,UAAI,QAAQ,OAAO,SAAS,YAAY,EAAE,UAAU,OAAO;AACzD,eAAO;AAAA,MACT;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,MACAE,oBACsB;AACtB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,YAAM,aAAa;AAAA,QACjB,GAAG;AAAA,QACH,iBAAiBA;AAAA,MACnB;AAEA,YAAM,EAAE,MAAM,QAAQ,MAAM,IAAI,MAAM,SACnC,KAAK,KAAK,EACV,OAAO,UAAU,EACjB,OAAO,EACP,OAAO;AAEV,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,MACA,SACAA,oBACsB;AACtB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,UAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,IAAI;AAGd,UAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,gBAAQ,MAAM,GAAG,mBAAmBA,eAAc;AAAA,MACpD;AAGA,UAAI,SAAS;AACX,eAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,cAAI,UAAU,UAAa,UAAU,MAAM;AACzC,oBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,UAC7B;AAAA,QACF,CAAC;AAAA,MACH;AAEA,YAAM,EAAE,MAAM,QAAQ,MAAM,IAAI,MAAM,MAAM,OAAO,EAAE,OAAO;AAE5D,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,SACAA,oBACqB;AACrB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,UAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO;AAGV,UAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,gBAAQ,MAAM,GAAG,mBAAmBA,eAAc;AAAA,MACpD;AAGA,UAAI,SAAS;AACX,eAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,cAAI,UAAU,UAAa,UAAU,MAAM;AACzC,oBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,UAC7B;AAAA,QACF,CAAC;AAAA,MACH;AAEA,YAAM,EAAE,MAAM,IAAI,MAAM;AAExB,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,sBAAsB,OAC1B,OACA,QACAA,iBACA,YACiB;AACjB,WAAO,YAAe;AAAA,MACpB;AAAA,MACA;AAAA,MACA,gBAAAA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":["jsx","formatTime","useState","useEffect","useCallback","useState","useEffect","useCallback","organisationId"]}

package/dist/providers.d.ts

@@ -1,4 +1,4 @@
-export { a as UnifiedAuthContextType, c as UnifiedAuthProvider, b as UnifiedAuthProviderProps, U as UserEventAccess, u as useUnifiedAuth } from './UnifiedAuthProvider-F86d7dSi.js';
+export { b as UnifiedAuthContext, a as UnifiedAuthContextType, d as UnifiedAuthProvider, c as UnifiedAuthProviderProps, U as UserEventAccess, u as useUnifiedAuth } from './UnifiedAuthProvider-BG0AL5eE.js';
 import { A as AuthService } from './AuthService-B-cd2MA4.js';
 export { a as EventServiceContext, E as EventServiceContextType, c as EventServiceProvider, b as EventServiceProviderProps, g as InactivityServiceContext, I as InactivityServiceContextType, i as InactivityServiceProvider, h as InactivityServiceProviderProps, d as OrganisationServiceContext, O as OrganisationServiceContextType, f as OrganisationServiceProvider, e as OrganisationServiceProviderProps } from './AuthService-B-cd2MA4.js';
 import * as react_jsx_runtime from 'react/jsx-runtime';

package/dist/providers.js

@@ -8,9 +8,10 @@ import {
   InactivityServiceProvider,
   OrganisationServiceContext,
   OrganisationServiceProvider,
+  UnifiedAuthContext,
   UnifiedAuthProvider,
   useUnifiedAuth
-} from "./chunk-FUEYYMX5.js";
+} from "./chunk-FXFJRTKI.js";
 import "./chunk-QXHPKYJV.js";
 import "./chunk-VBXEHIUJ.js";
 import "./chunk-PWLANIRT.js";
@@ -24,6 +25,7 @@ export {
   InactivityServiceProvider,
   OrganisationServiceContext,
   OrganisationServiceProvider,
+  UnifiedAuthContext,
   UnifiedAuthProvider,
   useUnifiedAuth
 };

package/dist/rbac/index.d.ts

@@ -1477,25 +1477,46 @@ declare function useCachedPermissions(userId: UUID, scope: Scope): {
  * import { useRoleManagement } from '@jmruthers/pace-core/rbac';
  *
  * function UserRolesComponent() {
- *   const { revokeEventAppRole, grantEventAppRole, isLoading, error } = useRoleManagement();
- *
- *   const handleRevokeRole = async (roleId: string, roleData: EventAppRoleData) => {
- *     const result = await revokeEventAppRole({
- *       userId: roleData.user_id,
- *       organisationId: roleData.organisation_id,
- *       eventId: roleData.event_id,
- *       appId: roleData.app_id,
- *       role: roleData.role
+ *   const {
+ *     revokeEventAppRole,
+ *     grantEventAppRole,
+ *     grantGlobalRole,
+ *     revokeGlobalRole,
+ *     grantOrganisationRole,
+ *     revokeOrganisationRole,
+ *     isLoading,
+ *     error
+ *   } = useRoleManagement();
+ *
+ *   // Grant a global role
+ *   const handleGrantGlobalRole = async () => {
+ *     const result = await grantGlobalRole({
+ *       user_id: userId,
+ *       role: 'super_admin'
  *     });
+ *     if (result.success) {
+ *       toast({ title: 'Role granted successfully' });
+ *     }
+ *   };
  *
+ *   // Grant an organisation role
+ *   const handleGrantOrgRole = async () => {
+ *     const result = await grantOrganisationRole({
+ *       user_id: userId,
+ *       organisation_id: orgId,
+ *       role: 'org_admin'
+ *     });
  *     if (result.success) {
- *       toast({ title: 'Role revoked successfully' });
- *     } else {
- *       toast({ title: 'Failed to revoke role', variant: 'destructive' });
+ *       toast({ title: 'Role granted successfully' });
  *     }
  *   };
  *
- *   return <button onClick={() => handleRevokeRole(roleId, roleData)}>Revoke Role</button>;
+ *   return (
+ *     <div>
+ *       <button onClick={handleGrantGlobalRole}>Grant Super Admin</button>
+ *       <button onClick={handleGrantOrgRole}>Grant Org Admin</button>
+ *     </div>
+ *   );
  * }
  * ```
  */
@@ -1507,6 +1528,15 @@ interface EventAppRoleData {
     app_id: UUID;
     role: 'viewer' | 'participant' | 'planner' | 'event_admin';
 }
+interface OrganisationRoleData {
+    user_id: UUID;
+    organisation_id: UUID;
+    role: 'supporter' | 'member' | 'leader' | 'org_admin';
+}
+interface GlobalRoleData {
+    user_id: UUID;
+    role: 'super_admin';
+}
 interface RevokeEventAppRoleParams extends EventAppRoleData {
     revoked_by?: UUID;
 }
@@ -1515,6 +1545,22 @@ interface GrantEventAppRoleParams extends EventAppRoleData {
     valid_from?: string;
     valid_to?: string | null;
 }
+interface RevokeOrganisationRoleParams extends OrganisationRoleData {
+    revoked_by?: UUID;
+}
+interface GrantOrganisationRoleParams extends OrganisationRoleData {
+    granted_by?: UUID;
+    valid_from?: string;
+    valid_to?: string | null;
+}
+interface RevokeGlobalRoleParams extends GlobalRoleData {
+    revoked_by?: UUID;
+}
+interface GrantGlobalRoleParams extends GlobalRoleData {
+    granted_by?: UUID;
+    valid_from?: string;
+    valid_to?: string | null;
+}
 interface RoleManagementResult {
     success: boolean;
     message?: string;
@@ -1525,6 +1571,10 @@ declare function useRoleManagement(): {
     revokeEventAppRole: (params: RevokeEventAppRoleParams) => Promise<RoleManagementResult>;
     grantEventAppRole: (params: GrantEventAppRoleParams) => Promise<RoleManagementResult>;
     revokeRoleById: (roleId: UUID) => Promise<RoleManagementResult>;
+    grantGlobalRole: (params: GrantGlobalRoleParams) => Promise<RoleManagementResult>;
+    revokeGlobalRole: (params: RevokeGlobalRoleParams) => Promise<RoleManagementResult>;
+    grantOrganisationRole: (params: GrantOrganisationRoleParams) => Promise<RoleManagementResult>;
+    revokeOrganisationRole: (params: RevokeOrganisationRoleParams) => Promise<RoleManagementResult>;
     isLoading: boolean;
     error: Error | null;
 };
@@ -2255,4 +2305,145 @@ declare const ALL_PERMISSIONS: {
 };
 type AllPermissions = typeof ALL_PERMISSIONS;
 
-export { ALL_PERMISSIONS, AccessLevel, AccessLevelGuard, type AllPermissions, CACHE_PATTERNS, type DataAccessRecord, EVENT_APP_PERMISSIONS, EnhancedNavigationMenu, type EnhancedNavigationMenuProps, type EventAppRoleData, GLOBAL_PERMISSIONS, type GrantEventAppRoleParams, type LogLevel, type NavigationAccessRecord, type NavigationContextType, NavigationGuard, type NavigationGuardProps, type NavigationItem, NavigationProvider, type NavigationProviderProps, ORGANISATION_PERMISSIONS, PAGE_PERMISSIONS, type PageAccessRecord, type PagePermissionContextType, PagePermissionGuard, type PagePermissionGuardProps, PagePermissionProvider, type PagePermissionProviderProps, Permission, PermissionCheck, PermissionEnforcer, type PermissionEnforcerProps, PermissionGuard, PermissionMap, RBACAuditManager, RBACCache, type RBACConfig, RBACEngine, type RBACLogger, type ResourcePermissions, type RevokeEventAppRoleParams, RoleBasedRouter, type RoleBasedRouterContextType, type RoleBasedRouterProps, type RoleManagementResult, type RouteAccessRecord, type RouteConfig, Scope, type SecureDataContextType, SecureDataProvider, type SecureDataProviderProps, SecureSupabaseClient, UUID, type UseResolvedScopeOptions, type UseResolvedScopeReturn, type UseResourcePermissionsOptions, createAuditManager, createRBACConfig, createRBACEngine, createRBACExpressMiddleware, createRBACMiddleware, createSecureClient, emitAuditEvent, fromSupabaseClient, getAccessLevel, getGlobalAuditManager, getPermissionMap, getPermissionsForRole, getRBACConfig, getRBACLogger, getRoleContext, hasAllPermissions, hasAnyPermission, hasAnyPermissionCached, hasPermission, hasPermissionCached, isDebugMode, isDevelopmentMode, isPermitted, isPermittedCached, isValidPermission, rbacCache, resolveAppContext, setGlobalAuditManager, setupRBAC, useAccessLevel, useCachedPermissions, useCan, useHasAllPermissions, useHasAnyPermission, useMultiplePermissions, useNavigationPermissions, usePagePermissions, usePermissions, useRBAC, useResolvedScope, useResourcePermissions, useRoleBasedRouter, useRoleManagement, useSecureData, useSecureSupabase, withAccessLevelGuard, withPermissionGuard, withRoleGuard };
+/**
+ * RBAC Setup Validator
+ * @package @jmruthers/pace-core
+ * @module RBAC/Compliance/SetupValidator
+ * @since 1.0.0
+ *
+ * This module provides utilities to validate RBAC setup state.
+ */
+interface SetupIssue {
+    type: 'not-initialized' | 'missing-config' | 'invalid-config' | 'missing-provider-context';
+    message: string;
+    recommendation: string;
+}
+interface ComplianceResult {
+    isCompliant: boolean;
+    issues: SetupIssue[];
+}
+/**
+ * Check if RBAC system is initialized
+ *
+ * @returns true if RBAC is initialized, false otherwise
+ */
+declare function isRBACInitialized(): boolean;
+/**
+ * Get setup issues
+ *
+ * @returns Array of setup issues
+ */
+declare function getSetupIssues(): SetupIssue[];
+/**
+ * Validate RBAC setup
+ *
+ * @returns Compliance result with issues and recommendations
+ */
+declare function validateRBACSetup(): ComplianceResult;
+
+/**
+ * Runtime Compliance Checking
+ * @package @jmruthers/pace-core
+ * @module RBAC/Compliance/RuntimeCompliance
+ * @since 1.0.0
+ *
+ * This module provides runtime compliance checking utilities.
+ */
+
+interface RuntimeComplianceResult {
+    setup: {
+        isCompliant: boolean;
+        issues: SetupIssue[];
+    };
+    warnings: string[];
+    providerContext?: {
+        available: boolean;
+        message?: string;
+    };
+}
+/**
+ * Check runtime compliance
+ *
+ * This function checks if the RBAC system is properly set up and logs warnings
+ * to the console if issues are found. This is intended for development-time
+ * validation only.
+ *
+ * @returns Runtime compliance result
+ */
+declare function checkRuntimeCompliance(): RuntimeComplianceResult;
+/**
+ * Validate and warn about RBAC setup issues
+ *
+ * This is a convenience function that checks compliance and logs warnings.
+ * Call this in development mode to get early warnings about setup issues.
+ */
+declare function validateAndWarn(): void;
+
+/**
+ * Database Configuration Validator
+ * @package @jmruthers/pace-core
+ * @module RBAC/Compliance/DatabaseValidator
+ * @since 1.0.0
+ *
+ * This module provides utilities to validate database configuration for RBAC.
+ */
+
+interface DatabaseIssue {
+    type: 'app-not-configured' | 'app-name-mismatch' | 'pages-not-configured' | 'permissions-not-configured' | 'rls-not-active' | 'roles-not-configured';
+    message: string;
+    recommendation: string;
+}
+interface DatabaseComplianceResult {
+    appConfigured: boolean;
+    pagesConfigured: boolean;
+    permissionsConfigured: boolean;
+    rlsPoliciesActive: boolean;
+    rolesConfigured: boolean;
+    issues: DatabaseIssue[];
+    recommendations: string[];
+}
+/**
+ * Validate database configuration
+ *
+ * @param supabase - Supabase client
+ * @param appName - Application name to validate
+ * @returns Database compliance result
+ */
+declare function validateDatabaseConfiguration(supabase: SupabaseClient<Database>, appName: string): Promise<DatabaseComplianceResult>;
+
+/**
+ * Quick Fix Suggestions for RBAC/Auth Compliance
+ * @package @jmruthers/pace-core
+ * @module RBAC/Compliance/QuickFixSuggestions
+ * @since 1.0.0
+ *
+ * This module provides auto-suggest fixes for common RBAC/auth compliance issues.
+ */
+interface QuickFix {
+    issue: string;
+    suggestion: string;
+    codeExample?: string;
+    migrationSteps?: string[];
+}
+/**
+ * Get quick fix suggestions for custom auth code
+ */
+declare function getCustomAuthCodeFixes(customCodeName: string, type: 'hook' | 'component' | 'util'): QuickFix;
+/**
+ * Get quick fix suggestions for duplicate Supabase config
+ */
+declare function getDuplicateConfigFixes(): QuickFix;
+/**
+ * Get quick fix suggestions for unprotected pages
+ */
+declare function getUnprotectedPageFixes(): QuickFix;
+/**
+ * Get quick fix suggestions for direct Supabase auth usage
+ */
+declare function getDirectSupabaseAuthFixes(): QuickFix;
+/**
+ * Get all quick fix suggestions for a compliance issue
+ */
+declare function getQuickFixes(issueType: string, details?: Record<string, any>): QuickFix[];
+
+export { ALL_PERMISSIONS, AccessLevel, AccessLevelGuard, type AllPermissions, CACHE_PATTERNS, type ComplianceResult, type DataAccessRecord, type DatabaseComplianceResult, type DatabaseIssue, EVENT_APP_PERMISSIONS, EnhancedNavigationMenu, type EnhancedNavigationMenuProps, type EventAppRoleData, GLOBAL_PERMISSIONS, type GrantEventAppRoleParams, type LogLevel, type NavigationAccessRecord, type NavigationContextType, NavigationGuard, type NavigationGuardProps, type NavigationItem, NavigationProvider, type NavigationProviderProps, ORGANISATION_PERMISSIONS, PAGE_PERMISSIONS, type PageAccessRecord, type PagePermissionContextType, PagePermissionGuard, type PagePermissionGuardProps, PagePermissionProvider, type PagePermissionProviderProps, Permission, PermissionCheck, PermissionEnforcer, type PermissionEnforcerProps, PermissionGuard, PermissionMap, type QuickFix, RBACAuditManager, RBACCache, type RBACConfig, RBACEngine, type RBACLogger, type ResourcePermissions, type RevokeEventAppRoleParams, RoleBasedRouter, type RoleBasedRouterContextType, type RoleBasedRouterProps, type RoleManagementResult, type RouteAccessRecord, type RouteConfig, type RuntimeComplianceResult, Scope, type SecureDataContextType, SecureDataProvider, type SecureDataProviderProps, SecureSupabaseClient, type SetupIssue, UUID, type UseResolvedScopeOptions, type UseResolvedScopeReturn, type UseResourcePermissionsOptions, checkRuntimeCompliance, createAuditManager, createRBACConfig, createRBACEngine, createRBACExpressMiddleware, createRBACMiddleware, createSecureClient, emitAuditEvent, fromSupabaseClient, getAccessLevel, getCustomAuthCodeFixes, getDirectSupabaseAuthFixes, getDuplicateConfigFixes, getGlobalAuditManager, getPermissionMap, getPermissionsForRole, getQuickFixes, getRBACConfig, getRBACLogger, getRoleContext, getSetupIssues, getUnprotectedPageFixes, hasAllPermissions, hasAnyPermission, hasAnyPermissionCached, hasPermission, hasPermissionCached, isDebugMode, isDevelopmentMode, isPermitted, isPermittedCached, isRBACInitialized, isValidPermission, rbacCache, resolveAppContext, setGlobalAuditManager, setupRBAC, useAccessLevel, useCachedPermissions, useCan, useHasAllPermissions, useHasAnyPermission, useMultiplePermissions, useNavigationPermissions, usePagePermissions, usePermissions, useRBAC, useResolvedScope, useResourcePermissions, useRoleBasedRouter, useRoleManagement, useSecureData, useSecureSupabase, validateAndWarn, validateDatabaseConfiguration, validateRBACSetup, withAccessLevelGuard, withPermissionGuard, withRoleGuard };

package/dist/rbac/index.js

@@ -16,20 +16,31 @@ import {
   RPCFunction,
   RoleBasedRouter,
   SecureDataProvider,
+  checkRuntimeCompliance,
   createRBACExpressMiddleware,
   createRBACMiddleware,
+  getCustomAuthCodeFixes,
+  getDirectSupabaseAuthFixes,
+  getDuplicateConfigFixes,
   getPermissionsForRole,
+  getQuickFixes,
+  getSetupIssues,
+  getUnprotectedPageFixes,
   hasAnyPermissionCached,
   hasPermissionCached,
+  isRBACInitialized,
   isValidPermission,
   useNavigationPermissions,
   usePagePermissions,
   useRoleBasedRouter,
   useSecureData,
+  validateAndWarn,
+  validateDatabaseConfiguration,
+  validateRBACSetup,
   withAccessLevelGuard,
   withPermissionGuard,
   withRoleGuard
-} from "../chunk-CSOFYHAG.js";
+} from "../chunk-AISXLWGZ.js";
 import {
   SecureSupabaseClient,
   createSecureClient,
@@ -46,7 +57,7 @@ import {
   useResourcePermissions,
   useRoleManagement,
   useSecureSupabase
-} from "../chunk-RA3JUFMW.js";
+} from "../chunk-445GEP27.js";
 import {
   CACHE_PATTERNS,
   RBACCache,
@@ -68,7 +79,7 @@ import {
   rbacCache,
   resolveAppContext,
   setupRBAC
-} from "../chunk-M7W4CP3M.js";
+} from "../chunk-U6WNSFX5.js";
 import {
   RBACAuditManager,
   createAuditManager,
@@ -76,10 +87,10 @@ import {
   getGlobalAuditManager,
   setGlobalAuditManager
 } from "../chunk-FSFQFJCU.js";
-import "../chunk-W22JP75J.js";
-import "../chunk-QCDXODCA.js";
+import "../chunk-STTZQK2I.js";
+import "../chunk-XAUHJD3L.js";
 import "../chunk-KQCRWDSA.js";
-import "../chunk-FUEYYMX5.js";
+import "../chunk-FXFJRTKI.js";
 import "../chunk-QXHPKYJV.js";
 import "../chunk-F2IMUDXZ.js";
 import "../chunk-VBXEHIUJ.js";
@@ -108,6 +119,7 @@ export {
   RoleBasedRouter,
   SecureDataProvider,
   SecureSupabaseClient,
+  checkRuntimeCompliance,
   createAuditManager,
   createRBACConfig,
   createRBACEngine,
@@ -117,12 +129,18 @@ export {
   emitAuditEvent,
   fromSupabaseClient,
   getAccessLevel,
+  getCustomAuthCodeFixes,
+  getDirectSupabaseAuthFixes,
+  getDuplicateConfigFixes,
   getGlobalAuditManager,
   getPermissionMap,
   getPermissionsForRole,
+  getQuickFixes,
   getRBACConfig,
   getRBACLogger,
   getRoleContext,
+  getSetupIssues,
+  getUnprotectedPageFixes,
   hasAllPermissions,
   hasAnyPermission,
   hasAnyPermissionCached,
@@ -132,6 +150,7 @@ export {
   isDevelopmentMode,
   isPermitted,
   isPermittedCached,
+  isRBACInitialized,
   isValidPermission,
   rbacCache,
   resolveAppContext,
@@ -153,6 +172,9 @@ export {
   useRoleManagement,
   useSecureData,
   useSecureSupabase,
+  validateAndWarn,
+  validateDatabaseConfiguration,
+  validateRBACSetup,
   withAccessLevelGuard,
   withPermissionGuard,
   withRoleGuard