@jmruthers/pace-core 0.5.185 → 0.5.187

package/dist/chunk-3NFNJOO7.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/hooks/useZodForm.ts","../src/hooks/useFormDialog.ts","../src/hooks/useOrganisationSecurity.ts","../src/hooks/useOrganisationPermissions.ts","../src/utils/storage/index.ts","../src/hooks/public/usePublicEvent.ts","../src/hooks/public/usePublicEventLogo.ts","../src/hooks/public/usePublicRouteParams.ts"],"sourcesContent":["\n/**\n * Zod Form Hook\n * \n * Enhanced form hook with Zod validation\n */\n\nimport { useForm } from 'react-hook-form';\nimport { zodResolver } from '@hookform/resolvers/zod';\nimport { z } from 'zod';\n\ninterface UseZodFormProps<T extends z.ZodTypeAny> {\n  schema: T;\n  defaultValues?: Partial<z.infer<T>>;\n  mode?: 'onSubmit' | 'onBlur' | 'onChange' | 'onTouched' | 'all';\n}\n\nexport function useZodForm<T extends z.ZodTypeAny>({\n  schema,\n  defaultValues,\n  mode = 'onSubmit'\n}: UseZodFormProps<T>) {\n  return useForm<z.infer<T>>({\n    resolver: zodResolver(schema),\n    defaultValues: defaultValues as any,\n    mode\n  });\n}\n","/**\n * @file useFormDialog Hook\n * @package @jmruthers/pace-core\n * @module Hooks\n * @since 0.1.0\n * \n * Generic React hook for managing form dialog state (open/close, form data, reset behavior).\n * \n * @example\n * ```ts\n * interface ContactFormData {\n *   name: string;\n *   email: string;\n * }\n * \n * function ContactDialog() {\n *   const { isOpen, formData, openDialog, closeDialog, handleOpenChange } = \n *     useFormDialog<ContactFormData>();\n * \n *   // Use in Dialog component\n *   // <Dialog open={isOpen} onOpenChange={handleOpenChange}>...</Dialog>\n * }\n * ```\n */\n\nimport { useState, useCallback } from 'react';\n\n/**\n * Options for configuring the useFormDialog hook behavior\n */\nexport interface UseFormDialogOptions<T = unknown> {\n  /**\n   * Callback invoked when the dialog open state changes\n   * @param open - The new open state\n   */\n  onOpenChange?: (open: boolean) => void;\n  \n  /**\n   * Whether to reset form data when the dialog closes\n   * @default true\n   */\n  resetOnClose?: boolean;\n}\n\n/**\n * Return type for the useFormDialog hook\n */\nexport interface UseFormDialogReturn<T = unknown> {\n  /**\n   * Current open state of the dialog\n   */\n  isOpen: boolean;\n  \n  /**\n   * Current form data (null when dialog is closed or no data provided)\n   */\n  formData: T | null;\n  \n  /**\n   * Open the dialog with optional form data\n   * @param data - Optional form data to populate the dialog\n   */\n  openDialog: (data?: T | null) => void;\n  \n  /**\n   * Close the dialog\n   */\n  closeDialog: () => void;\n  \n  /**\n   * Handler for controlled dialog components (e.g., Radix UI Dialog)\n   * @param open - The new open state\n   */\n  handleOpenChange: (open: boolean) => void;\n}\n\n/**\n * Generic React hook for managing form dialog state.\n * \n * Provides state management for form dialogs including:\n * - Open/close state\n * - Form data management\n * - Automatic reset on close (configurable)\n * - Controlled and uncontrolled usage patterns\n * \n * @param options - Configuration options for the hook\n * @returns Object containing dialog state and control functions\n * \n * @example\n * ```ts\n * // Basic usage\n * const { isOpen, openDialog, closeDialog } = useFormDialog();\n * \n * // With form data\n * interface UserData {\n *   id: string;\n *   name: string;\n * }\n * const { isOpen, formData, openDialog } = useFormDialog<UserData>();\n * \n * // Open with data\n * openDialog({ id: '1', name: 'John' });\n * \n * // Controlled usage with callback\n * const { handleOpenChange, isOpen } = useFormDialog({\n *   onOpenChange: (open) => console.log('Dialog state:', open),\n *   resetOnClose: false\n * });\n * ```\n */\nexport function useFormDialog<T = unknown>({\n  onOpenChange,\n  resetOnClose = true,\n}: UseFormDialogOptions<T> = {}): UseFormDialogReturn<T> {\n  const [isOpen, setIsOpen] = useState(false);\n  const [formData, setFormData] = useState<T | null>(null);\n\n  const openDialog = useCallback((data: T | null = null) => {\n    setFormData(data);\n    setIsOpen(true);\n    onOpenChange?.(true);\n  }, [onOpenChange]);\n\n  const closeDialog = useCallback(() => {\n    setIsOpen(false);\n    if (resetOnClose) {\n      setFormData(null);\n    }\n    onOpenChange?.(false);\n  }, [resetOnClose, onOpenChange]);\n\n  const handleOpenChange = useCallback((open: boolean) => {\n    setIsOpen(open);\n    if (!open && resetOnClose) {\n      setFormData(null);\n    }\n    onOpenChange?.(open);\n  }, [resetOnClose, onOpenChange]);\n\n  return {\n    isOpen,\n    formData,\n    openDialog,\n    closeDialog,\n    handleOpenChange,\n  };\n}\n","/**\n * @file Organisation Security Hook\n * @package @jmruthers/pace-core\n * @module Hooks/OrganisationSecurity\n * @since 0.4.0\n *\n * Security-focused hook for organisation access validation and super admin functionality.\n * Provides utilities for validating user access to organisations and checking permissions.\n */\n\nimport { useCallback, useMemo, useEffect, useState } from 'react';\nimport { useUnifiedAuth } from '../providers';\nimport { useOrganisations } from './useOrganisations';\n// Legacy useRBAC hook removed - use new RBAC system instead\nimport type { OrganisationSecurityError, SuperAdminContext } from '../types/organisation';\nimport type { Permission } from '../rbac/types';\nimport { logger } from '../utils/core/logger';\n\nexport interface OrganisationSecurityHook {\n  // Super admin context\n  superAdminContext: SuperAdminContext;\n  \n  // Access validation\n  validateOrganisationAccess: (orgId: string) => Promise<boolean>;\n  hasMinimumRole: (minRole: string, orgId?: string) => boolean;\n  canAccessChildOrganisations: (orgId?: string) => boolean;\n  \n  // Permission checks\n  hasPermission: (permission: string, orgId?: string) => Promise<boolean>;\n  getUserPermissions: (orgId?: string) => Promise<string[]>;\n  \n  // Audit logging\n  logOrganisationAccess: (action: string, details?: Record<string, unknown>) => Promise<void>;\n  \n  // Security utilities\n  ensureOrganisationAccess: (orgId: string) => Promise<void>;\n  validateUserAccess: (userId: string, orgId: string) => Promise<boolean>;\n}\n\nexport const useOrganisationSecurity = (): OrganisationSecurityHook => {\n  const { user, session, supabase } = useUnifiedAuth();\n  const { selectedOrganisation, getUserRole, validateOrganisationAccess: validateAccess } = useOrganisations();\n  \n  // Super admin status - query database for security (user_metadata can be spoofed)\n  const [isSuperAdmin, setIsSuperAdmin] = useState<boolean>(false);\n  const [isCheckingSuperAdmin, setIsCheckingSuperAdmin] = useState(false);\n\n  // Check super admin status from database\n  useEffect(() => {\n    if (!user || !session || !supabase) {\n      setIsSuperAdmin(false);\n      return;\n    }\n\n    const checkSuperAdmin = async () => {\n      setIsCheckingSuperAdmin(true);\n      try {\n        const now = new Date().toISOString();\n        const { data, error } = await supabase\n          .from('rbac_global_roles')\n          .select('role')\n          .eq('user_id', user.id)\n          .eq('role', 'super_admin')\n          .lte('valid_from', now)\n          .or(`valid_to.is.null,valid_to.gte.${now}`)\n          .limit(1);\n\n        setIsSuperAdmin(!error && data && data.length > 0);\n      } catch (error) {\n        logger.error('useOrganisationSecurity', 'Error checking super admin status:', error);\n        setIsSuperAdmin(false);\n      } finally {\n        setIsCheckingSuperAdmin(false);\n      }\n    };\n\n    checkSuperAdmin();\n  }, [user, session, supabase]);\n\n  // Super admin context\n  const superAdminContext = useMemo((): SuperAdminContext => {\n    return {\n      isSuperAdmin,\n      hasGlobalAccess: isSuperAdmin,\n      canManageAllOrganisations: isSuperAdmin\n    };\n  }, [isSuperAdmin]);\n\n  // Validate organisation access with database check\n  const validateOrganisationAccess = useCallback(async (orgId: string): Promise<boolean> => {\n    if (!user || !session || !supabase) return false;\n    \n    try {\n      // Super admin has access to all organisations\n      if (superAdminContext.isSuperAdmin) {\n        return true;\n      }\n\n      // Check organisation membership using consolidated rbac_organisation_roles table\n      const { data, error } = await supabase\n        .from('rbac_organisation_roles')\n        .select('id')\n        .eq('user_id', user.id)\n        .eq('organisation_id', orgId)\n        .eq('status', 'active')\n        .is('revoked_at', null)\n        .in('role', ['org_admin', 'leader', 'member']) // Only actual members, not supporters\n        .single();\n\n      if (error) {\n        logger.error('useOrganisationSecurity', 'Error validating organisation access:', error);\n        return false;\n      }\n\n      return !!data;\n    } catch (error) {\n      logger.error('useOrganisationSecurity', 'Exception validating organisation access:', error);\n      return false;\n    }\n  }, [user, session, supabase, superAdminContext.isSuperAdmin]);\n\n  // Check if user has minimum role\n  const hasMinimumRole = useCallback((minRole: string, orgId?: string): boolean => {\n    // Super admin has all roles\n    if (superAdminContext.isSuperAdmin) {\n      return true;\n    }\n\n    const targetOrgId = orgId || selectedOrganisation?.id;\n    if (!targetOrgId) return false;\n\n    const userRole = getUserRole(targetOrgId);\n    const roleHierarchy = ['supporter', 'member', 'leader', 'org_admin'];\n    \n    const userRoleIndex = roleHierarchy.indexOf(userRole);\n    const minRoleIndex = roleHierarchy.indexOf(minRole);\n    \n    return userRoleIndex >= minRoleIndex;\n  }, [selectedOrganisation, getUserRole, superAdminContext.isSuperAdmin]);\n\n  // Check if user can access child organisations\n  const canAccessChildOrganisations = useCallback((orgId?: string): boolean => {\n    // Super admin can access all organisations\n    if (superAdminContext.isSuperAdmin) {\n      return true;\n    }\n\n    const targetOrgId = orgId || selectedOrganisation?.id;\n    if (!targetOrgId) return false;\n\n    const userRole = getUserRole(targetOrgId);\n    return userRole === 'org_admin';\n  }, [selectedOrganisation, getUserRole, superAdminContext.isSuperAdmin]);\n\n  // Check specific permission using the new RBAC system\n  const hasPermission = useCallback(async (permission: string, orgId?: string): Promise<boolean> => {\n    // Super admin has all permissions\n    if (superAdminContext.isSuperAdmin) {\n      return true;\n    }\n\n    const targetOrgId = orgId || selectedOrganisation?.id;\n    if (!targetOrgId || !user) return false;\n\n    try {\n      // Use the new RBAC system with caching\n      const { isPermittedCached } = await import('../rbac/api');\n      \n      const scope = {\n        organisationId: targetOrgId,\n        eventId: user.user_metadata?.eventId || user.app_metadata?.eventId,\n        appId: user.user_metadata?.appId || user.app_metadata?.appId,\n      };\n\n      return await isPermittedCached({\n        userId: user.id,\n        scope,\n        permission: permission as Permission\n      });\n    } catch (error) {\n      logger.error('useOrganisationSecurity', 'Exception checking permission:', error);\n      return false;\n    }\n  }, [selectedOrganisation, user, superAdminContext.isSuperAdmin]);\n\n  // Get user's permissions for organisation using the new RBAC system\n  const getUserPermissions = useCallback(async (orgId?: string): Promise<string[]> => {\n    // Super admin has all permissions\n    if (superAdminContext.isSuperAdmin) {\n      return ['*']; // All permissions\n    }\n\n    const targetOrgId = orgId || selectedOrganisation?.id;\n    if (!targetOrgId || !user) return [];\n\n    try {\n      // Use the new RBAC system\n      const { getPermissionMap } = await import('../rbac/api');\n      \n      const scope = {\n        organisationId: targetOrgId,\n        eventId: user.user_metadata?.eventId || user.app_metadata?.eventId,\n        appId: user.user_metadata?.appId || user.app_metadata?.appId,\n      };\n\n      const permissionMap = await getPermissionMap({\n        userId: user.id,\n        scope\n      });\n      \n      // Flatten all permissions from all pages\n      const allPermissions = Object.entries(permissionMap)\n        .filter(([, allowed]) => allowed)\n        .map(([permission]) => permission);\n      return [...new Set(allPermissions)]; // Remove duplicates\n    } catch (error) {\n      logger.error('useOrganisationSecurity', 'Exception getting user permissions:', error);\n      return [];\n    }\n  }, [selectedOrganisation, user, getUserRole, superAdminContext.isSuperAdmin]);\n\n  // Log organisation access for audit using the new RBAC audit system\n  const logOrganisationAccess = useCallback(async (action: string, details?: Record<string, unknown>): Promise<void> => {\n    if (!user || !selectedOrganisation) return;\n\n    try {\n      // Use the new RBAC audit system - only if we have a valid organisation ID\n      if (selectedOrganisation.id) {\n        const { emitAuditEvent } = await import('../rbac/audit');\n        \n        await emitAuditEvent({\n          type: 'permission_check',\n          userId: user.id,\n          organisationId: selectedOrganisation.id,\n          permission: action,\n          decision: true, // Assume access was granted if we're logging it\n          source: 'api',\n          duration_ms: 0, // No actual permission check performed here\n          metadata: details || {}\n        });\n      }\n    } catch (error) {\n      logger.error('useOrganisationSecurity', 'Error logging organisation access:', error);\n    }\n  }, [user, selectedOrganisation]);\n\n  // Ensure organisation access (throws if no access)\n  const ensureOrganisationAccess = useCallback(async (orgId: string): Promise<void> => {\n    const hasAccess = await validateOrganisationAccess(orgId);\n    \n    if (!hasAccess) {\n      const error = new Error(`User does not have access to organisation ${orgId}`) as OrganisationSecurityError;\n      error.name = 'OrganisationSecurityError';\n      error.code = 'ACCESS_DENIED';\n      error.organisationId = orgId;\n      error.userId = user?.id;\n      throw error;\n    }\n  }, [validateOrganisationAccess, user]);\n\n  // Validate user access (for admin functions)\n  const validateUserAccess = useCallback(async (userId: string, orgId: string): Promise<boolean> => {\n    if (!supabase) return false;\n\n    try {\n      // Super admin can validate any user\n      if (superAdminContext.isSuperAdmin) {\n        return true;\n      }\n\n      // Regular users can only validate their own access\n      if (userId !== user?.id) {\n        return false;\n      }\n\n      return await validateOrganisationAccess(orgId);\n    } catch (error) {\n      logger.error('useOrganisationSecurity', 'Exception validating user access:', error);\n      return false;\n    }\n  }, [supabase, superAdminContext.isSuperAdmin, user, validateOrganisationAccess]);\n\n  return {\n    superAdminContext,\n    validateOrganisationAccess,\n    hasMinimumRole,\n    canAccessChildOrganisations,\n    hasPermission,\n    getUserPermissions,\n    logOrganisationAccess,\n    ensureOrganisationAccess,\n    validateUserAccess\n  };\n}; ","/**\n * @file useOrganisationPermissions Hook\n * @package @jmruthers/pace-core\n * @module Hooks/useOrganisationPermissions\n * @since 0.4.0\n *\n * Hook for managing organisation-specific permissions and role validation.\n * Provides secure access to user's role and permissions within organisations.\n *\n * @example\n * ```tsx\n * function OrganisationComponent() {\n *   const { \n *     isOrgAdmin, \n *     canManageMembers,\n *     userRole,\n *     hasOrganisationAccess\n *   } = useOrganisationPermissions();\n *   \n *   return (\n *     <div>\n *       {isOrgAdmin && <AdminPanel />}\n *       {canManageMembers && <MemberManagement />}\n *       <p>Your role: {userRole}</p>\n *     </div>\n *   );\n * }\n * \n * // For specific organisation\n * function MultiOrgComponent() {\n *   const permissions = useOrganisationPermissions('org-123');\n *   \n *   if (!permissions.hasOrganisationAccess) {\n *     return <div>No access to this organisation</div>;\n *   }\n *   \n *   return <div>Role in org-123: {permissions.userRole}</div>;\n * }\n * ```\n *\n * @security\n * - Validates user membership in organisation\n * - Provides role-based permission checks\n * - Ensures secure access to organisation data\n * - Real-time permission validation\n */\n\nimport { useMemo } from 'react';\nimport { useOrganisations } from './useOrganisations';\nimport { useOrganisationSecurity } from './useOrganisationSecurity';\nimport type { OrganisationRole, OrganisationPermission } from '../types/organisation';\n\nexport interface UseOrganisationPermissionsReturn {\n  /** User's role in the organisation */\n  userRole: OrganisationRole | 'no_access';\n  \n  /** Whether user has organisation admin role */\n  isOrgAdmin: boolean;\n  \n  /** Whether user is a super admin */\n  isSuperAdmin: boolean;\n  \n  /** Whether user can moderate content */\n  canModerate: boolean;\n  \n  /** Whether user can manage members */\n  canManageMembers: boolean;\n  \n  /** Whether user can manage organisation settings */\n  canManageSettings: boolean;\n  \n  /** Whether user can manage events */\n  canManageEvents: boolean;\n  \n  /** Whether user has any admin privileges */\n  hasAdminPrivileges: boolean;\n  \n  /** Whether user has access to the organisation */\n  hasOrganisationAccess: boolean;\n  \n  /** Check if user has specific permission */\n  hasPermission: (permission: OrganisationPermission) => boolean;\n  \n  /** Get all permissions for the user */\n  getAllPermissions: () => OrganisationPermission[];\n  \n  /** Organisation ID being checked */\n  organisationId: string;\n}\n\n/**\n * Hook to access organisation-specific permissions and roles\n * \n * @param orgId - Optional organisation ID. Defaults to currently selected organisation\n * @returns Organisation permissions and role information\n */\nexport function useOrganisationPermissions(orgId?: string): UseOrganisationPermissionsReturn {\n  const { \n    selectedOrganisation, \n    getUserRole, \n    validateOrganisationAccess,\n    ensureOrganisationContext\n  } = useOrganisations();\n  \n  // Get super admin context if available (may not be available in all contexts)\n  let superAdminContext: { isSuperAdmin: boolean } = { isSuperAdmin: false };\n  try {\n    superAdminContext = useOrganisationSecurity().superAdminContext;\n  } catch {\n    // Not available in this context, default to false\n  }\n\n  const organisationId = useMemo(() => {\n    if (orgId) {\n      return orgId;\n    }\n    try {\n      const currentOrg = ensureOrganisationContext();\n      return currentOrg.id;\n    } catch {\n      return '';\n    }\n  }, [orgId, ensureOrganisationContext]);\n\n  const userRole = useMemo(() => {\n    if (!organisationId) return 'no_access';\n    const role = getUserRole(organisationId);\n    // Map to valid OrganisationRole or 'no_access'\n    if (role === 'org_admin' || role === 'leader' || role === 'member' || role === 'supporter') {\n      return role as OrganisationRole;\n    }\n    return 'no_access';\n  }, [organisationId, getUserRole]);\n\n  const hasOrganisationAccess = useMemo(() => {\n    if (!organisationId) return false;\n    return validateOrganisationAccess(organisationId);\n  }, [organisationId, validateOrganisationAccess]);\n\n  const permissions = useMemo(() => {\n    if (!hasOrganisationAccess || userRole === 'no_access') {\n      return {\n        isOrgAdmin: false,\n        isSuperAdmin: false,\n        canModerate: false,\n        canManageMembers: false,\n        canManageSettings: false,\n        canManageEvents: false,\n        hasAdminPrivileges: false\n      };\n    }\n\n    const isOrgAdmin = userRole === 'org_admin';\n    const isLeader = userRole === 'leader';\n    const isMember = userRole === 'member';\n    const isSupporter = userRole === 'supporter';\n\n    // Super admin status - database backed (user_metadata can be spoofed)\n    // Get super admin status from the security hook\n    const isSuperAdmin = superAdminContext.isSuperAdmin;\n\n    return {\n      isOrgAdmin,\n      isSuperAdmin,\n      canModerate: isSuperAdmin || isOrgAdmin || isLeader,\n      canManageMembers: isSuperAdmin || isOrgAdmin || isLeader, // Leaders can manage members\n      canManageSettings: isSuperAdmin || isOrgAdmin,\n      canManageEvents: isSuperAdmin || isOrgAdmin || isLeader,\n      hasAdminPrivileges: isSuperAdmin || isOrgAdmin || isLeader // Leaders have admin privileges\n    };\n  }, [hasOrganisationAccess, userRole]);\n\n  const hasPermission = useMemo(() => {\n    return (permission: OrganisationPermission): boolean => {\n      if (!hasOrganisationAccess || userRole === 'no_access') {\n        return false;\n      }\n\n      // Super admin has all permissions (org_admin acts as super admin within org)\n      if (userRole === 'org_admin' || permission === '*') {\n        return true;\n      }\n\n      // Map permissions to roles using the defined permissions from organisation types\n      const rolePermissions: Record<OrganisationRole, OrganisationPermission[]> = {\n        supporter: ['view_basic'],\n        member: ['view_basic', 'view_details'],\n        leader: ['view_basic', 'view_details', 'moderate_content', 'manage_events'],\n        org_admin: ['view_basic', 'view_details', 'moderate_content', 'manage_events', 'manage_members', 'manage_settings']\n      };\n\n      const userPermissions = rolePermissions[userRole as OrganisationRole] || [];\n      return userPermissions.includes(permission) || userPermissions.includes('*');\n    };\n  }, [hasOrganisationAccess, userRole]);\n\n  const getAllPermissions = useMemo(() => {\n    return (): OrganisationPermission[] => {\n      if (!hasOrganisationAccess || userRole === 'no_access') {\n        return [];\n      }\n\n      const rolePermissions: Record<OrganisationRole, OrganisationPermission[]> = {\n        supporter: ['view_basic'],\n        member: ['view_basic', 'view_details'],\n        leader: ['view_basic', 'view_details', 'moderate_content', 'manage_events'],\n        org_admin: ['view_basic', 'view_details', 'moderate_content', 'manage_events', 'manage_members', 'manage_settings']\n      };\n\n      return rolePermissions[userRole as OrganisationRole] || [];\n    };\n  }, [hasOrganisationAccess, userRole]);\n\n  return useMemo(() => ({\n    userRole,\n    organisationId,\n    hasOrganisationAccess,\n    hasPermission,\n    getAllPermissions,\n    ...permissions\n  }), [userRole, organisationId, hasOrganisationAccess, hasPermission, getAllPermissions, permissions]);\n} ","/**\n * Storage utilities for pace-core\n * \n * Provides app-segregated file storage with organisation-scoped access\n */\n\nexport * from './types';\nexport * from './config';\nexport * from './helpers';\n\n// Import functions for StorageUtils class\nimport {\n  uploadFile,\n  getPublicUrl,\n  getSignedUrl,\n  deleteFile,\n  downloadFile,\n  listFiles,\n  archiveFile,\n  generateFilePath,\n  generateUniqueFileName,\n  extractFileMetadata\n} from './helpers';\n\n// Re-export commonly used functions for convenience\nexport {\n  uploadFile,\n  getPublicUrl,\n  getSignedUrl,\n  deleteFile,\n  downloadFile,\n  listFiles,\n  archiveFile,\n  generateFilePath,\n  generateUniqueFileName,\n  extractFileMetadata\n};\n\nexport {\n  validateFileSize,\n  getFileSizeLimit,\n  formatFileSize\n} from './config';\n\n\nexport {\n  FILE_SIZE_LIMITS,\n  DEFAULT_FILE_SIZE_LIMIT,\n  STORAGE_CONFIG,\n  APP_PATH_MAPPING\n} from './config';\n\n/**\n * StorageUtils class for convenient access to storage functions\n */\nexport class StorageUtils {\n  static generateFilePath = generateFilePath;\n  static generateUniqueFileName = generateUniqueFileName;\n  static extractFileMetadata = extractFileMetadata;\n  static uploadFile = uploadFile;\n  static getPublicUrl = getPublicUrl;\n  static getSignedUrl = getSignedUrl;\n  static deleteFile = deleteFile;\n  static downloadFile = downloadFile;\n  static listFiles = listFiles;\n  static archiveFile = archiveFile;\n}\n","/**\n * @file Public Event Hook\n * @package @jmruthers/pace-core\n * @module Hooks/Public\n * @since 1.0.0\n *\n * A React hook for accessing public event data without authentication.\n * Provides event information by event_code for public pages.\n *\n * Features:\n * - No authentication required\n * - Caching for performance\n * - Error handling and loading states\n * - TypeScript support\n * - Automatic refetch capabilities\n *\n * @example\n * ```tsx\n * import { usePublicEvent } from '@jmruthers/pace-core';\n *\n * function PublicEventPage() {\n *   const { eventCode } = usePublicRouteParams();\n *   const { event, isLoading, error, refetch } = usePublicEvent(eventCode);\n *\n *   if (isLoading) return <div>Loading event...</div>;\n *   if (error) return <div>Error: {error.message}</div>;\n *   if (!event) return <div>Event not found</div>;\n *\n *   return (\n *     <div>\n *       <h1>{event.event_name}</h1>\n *       <p>Date: {event.event_date}</p>\n *       <p>Venue: {event.event_venue}</p>\n *     </div>\n *   );\n * }\n * ```\n *\n * @accessibility\n * - No direct accessibility concerns (hook)\n * - Enables accessible public event display\n * - Supports screen reader friendly loading states\n *\n * @security\n * - Only returns public-safe event data\n * - Validates event_code before querying\n * - No sensitive information exposed\n * - Rate limiting applied at database level\n *\n * @performance\n * - Built-in caching with TTL\n * - Minimal re-renders with stable references\n * - Lazy loading support\n * - Error boundary integration\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - @supabase/supabase-js - Database integration\n * - Event types - Type definitions\n */\n\nimport { useState, useEffect, useCallback, useMemo } from 'react';\nimport { createClient } from '@supabase/supabase-js';\nimport type { Event } from '../../types/event';\nimport type { Database } from '../../types/database';\nimport { assertOrganisationId } from '../../types/core';\nimport { usePublicPageContext } from '../../components/PublicLayout/PublicPageProvider';\nimport { logger } from '../../utils/core/logger';\n\n// Simple in-memory cache for public data\nconst publicDataCache = new Map<string, { data: any; timestamp: number; ttl: number }>();\n\nexport interface UsePublicEventReturn {\n  /** The event data, null if not loaded or not found */\n  event: Event | null;\n  /** Whether the data is currently loading */\n  isLoading: boolean;\n  /** Any error that occurred during loading */\n  error: Error | null;\n  /** Function to manually refetch the data */\n  refetch: () => Promise<void>;\n}\n\nexport interface UsePublicEventOptions {\n  /** Cache TTL in milliseconds (default: 5 minutes) */\n  cacheTtl?: number;\n  /** Whether to enable caching (default: true) */\n  enableCache?: boolean;\n}\n\n/**\n * Hook for accessing public event data by event_code\n * \n * This hook provides access to public event information without requiring\n * authentication. It includes caching, error handling, and loading states.\n * \n * @param eventCode - The event code to look up\n * @param options - Configuration options for caching and behavior\n * @returns Object containing event data, loading state, error, and refetch function\n */\nexport function usePublicEvent(\n  eventCode: string,\n  options: UsePublicEventOptions = {}\n): UsePublicEventReturn {\n  const {\n    cacheTtl = 5 * 60 * 1000, // 5 minutes\n    enableCache = true\n  } = options;\n\n  const [event, setEvent] = useState<Event | null>(null);\n  const [isLoading, setIsLoading] = useState<boolean>(true);\n  const [error, setError] = useState<Error | null>(null);\n\n  // Get environment variables from public page context or fallback to direct access\n  let environment: { supabaseUrl: string | null; supabaseKey: string | null };\n  \n  try {\n    environment = usePublicPageContext().environment;\n  } catch {\n    // Fallback to direct environment variable access if not in PublicPageProvider\n    environment = {\n      supabaseUrl: (import.meta as any).env?.VITE_SUPABASE_URL || (import.meta as any).env?.NEXT_PUBLIC_SUPABASE_URL || null,\n      supabaseKey: (import.meta as any).env?.VITE_SUPABASE_ANON_KEY || (import.meta as any).env?.NEXT_PUBLIC_SUPABASE_ANON_KEY || null\n    };\n  }\n  \n  // Create a simple Supabase client for public access\n  const supabase = useMemo(() => {\n    if (typeof window === 'undefined') return null;\n    \n    if (!environment.supabaseUrl || !environment.supabaseKey) {\n      logger.warn('usePublicEvent', 'Missing Supabase environment variables. Please ensure VITE_SUPABASE_URL and VITE_SUPABASE_ANON_KEY are set in your environment. Use publishable key if anon key is disabled.');\n      return null;\n    }\n\n    return createClient<Database>(environment.supabaseUrl, environment.supabaseKey);\n  }, [environment.supabaseUrl, environment.supabaseKey]);\n\n  // Helper function to try refreshing schema cache\n  const refreshSchemaCache = useCallback(async () => {\n    try {\n      // Try to trigger a schema refresh by querying a system table\n      await (supabase as any).from('information_schema.routines').select('routine_name').limit(1);\n    } catch (error) {\n      // Ignore errors, this is just an attempt to refresh cache\n      logger.debug('usePublicEvent', 'Schema cache refresh attempt failed:', error);\n    }\n  }, [supabase]);\n\n  const fetchEvent = useCallback(async (): Promise<void> => {\n    if (!eventCode || !supabase) {\n      setError(new Error('Invalid event code or Supabase client not available'));\n      setIsLoading(false);\n      return;\n    }\n\n    // Check cache first\n    const cacheKey = `public_event_${eventCode}`;\n    if (enableCache) {\n      const cached = publicDataCache.get(cacheKey);\n      if (cached && Date.now() - cached.timestamp < cached.ttl) {\n        setEvent(cached.data);\n        setIsLoading(false);\n        setError(null);\n        return;\n      }\n    }\n\n    try {\n      setIsLoading(true);\n      setError(null);\n\n      let eventData: any = null;\n\n      try {\n        // Try to call the public event RPC function first\n        const response = await (supabase as any).rpc('get_public_event_by_code', {\n          event_code_param: eventCode\n        });\n        \n        const data = response?.data;\n        const rpcError = response?.error;\n\n        if (rpcError) {\n          // If RPC function doesn't exist or schema cache issue, try refresh first, then fallback\n          if (rpcError.message?.includes('Could not find the function') || \n              rpcError.message?.includes('does not exist') ||\n              rpcError.message?.includes('schema cache')) {\n            logger.warn('usePublicEvent', 'RPC function not found or schema cache issue, attempting refresh:', rpcError.message);\n            \n            // Try to refresh schema cache first\n            await refreshSchemaCache();\n            \n            // Try RPC call one more time after refresh\n            try {\n              const retryResponse = await (supabase as any).rpc('get_public_event_by_code', {\n                event_code_param: eventCode\n              });\n              \n              const retryData = retryResponse?.data;\n              const retryError = retryResponse?.error;\n              \n              if (!retryError && retryData && retryData.length > 0) {\n                eventData = retryData[0];\n              } else {\n                throw new Error('RPC still failing after cache refresh');\n              }\n            } catch (retryError) {\n              logger.warn('usePublicEvent', 'RPC still failing after cache refresh, falling back to direct table access');\n              \n              // Fallback: Direct table access with public RLS policy\n            const tableResponse2 = await (supabase as any)\n              .from('event')\n              .select(`\n                event_id,\n                event_name,\n                event_date,\n                event_venue,\n                event_participants,\n                event_colours,\n                organisation_id,\n                event_days,\n                event_typicalunit,\n                event_rounddown,\n                event_youthmultiplier,\n                event_catering_email,\n                event_news,\n                event_billing,\n                event_email\n              `)\n              .eq('event_code', eventCode)\n              .eq('is_visible', true)\n              .not('organisation_id', 'is', null)\n              .limit(1)\n              .single();\n\n            const tableData = tableResponse2?.data;\n            const tableError = tableResponse2?.error;\n\n            if (tableError) {\n              throw new Error(tableError?.message || 'Failed to fetch event from table');\n            }\n\n            if (!tableData) {\n              setEvent(null);\n              setError(new Error('Event not found'));\n              return;\n            }\n\n            // Get event logo from file_references\n            const logoResponse = await (supabase as any)\n              .from('file_references')\n              .select('file_path')\n              .eq('table_name', 'event')\n              .eq('record_id', tableData.event_id)\n              .eq('is_public', true)\n              .eq('file_metadata->>category', 'event_logos')\n              .limit(1)\n              .single();\n              \n            const logoData = logoResponse?.data;\n\n            eventData = {\n              ...tableData,\n              event_logo: logoData?.file_path || null\n            };\n            }\n          } else {\n            // For RPC errors that aren't schema cache issues, throw immediately without fallback\n            const errorMessage = rpcError?.message || rpcError?.toString() || 'Failed to fetch event';\n            setEvent(null);\n            setError(new Error(errorMessage));\n            setIsLoading(false);\n            return;\n          }\n        } else {\n          if (!data || data.length === 0 || !data[0]) {\n            setEvent(null);\n            setError(new Error('Event not found'));\n            return;\n          }\n          eventData = data[0];\n        }\n      } catch (rpcError) {\n        // If RPC call fails for any reason (including schema cache issues), try direct table access\n        logger.warn('usePublicEvent', 'RPC call failed, falling back to direct table access:', rpcError);\n        \n        const tableResponse = await (supabase as any)\n          .from('event')\n          .select(`\n            event_id,\n            event_name,\n            event_date,\n            event_venue,\n            event_participants,\n            event_colours,\n            organisation_id,\n            event_days,\n            event_typicalunit,\n            event_rounddown,\n            event_youthmultiplier,\n            event_catering_email,\n            event_news,\n            event_billing,\n            event_email\n          `)\n          .eq('event_code', eventCode)\n          .eq('is_visible', true)\n          .not('organisation_id', 'is', null)\n          .limit(1)\n          .single();\n\n        const tableData = tableResponse?.data;\n        const tableError = tableResponse?.error;\n\n        if (tableError) {\n          throw new Error(tableError?.message || 'Failed to fetch event from table');\n        }\n\n        if (!tableData) {\n          setEvent(null);\n          setError(new Error('Event not found'));\n          return;\n        }\n\n        // Get event logo from file_references\n        const logoResponse = await (supabase as any)\n          .from('file_references')\n          .select('file_path')\n          .eq('table_name', 'event')\n          .eq('record_id', tableData.event_id)\n          .eq('is_public', true)\n          .eq('file_metadata->>category', 'event_logos')\n          .limit(1)\n          .single();\n          \n        const logoData = logoResponse?.data;\n\n        eventData = {\n          ...tableData,\n          event_logo: logoData?.file_path || null\n        };\n      }\n      \n      // Transform to Event type\n      const transformedEvent: Event = {\n        id: eventData.event_id,\n        event_id: eventData.event_id,\n        event_name: eventData.event_name,\n        event_code: eventCode,\n        event_date: eventData.event_date,\n        event_venue: eventData.event_venue,\n        event_participants: eventData.event_participants,\n        event_logo: eventData.event_logo,\n        event_colours: eventData.event_colours,\n        organisation_id: assertOrganisationId(eventData.organisation_id),\n        is_visible: true,\n        created_at: new Date().toISOString(),\n        updated_at: new Date().toISOString()\n      };\n\n      setEvent(transformedEvent);\n\n      // Cache the result\n      if (enableCache) {\n        publicDataCache.set(cacheKey, {\n          data: transformedEvent,\n          timestamp: Date.now(),\n          ttl: cacheTtl\n        });\n      }\n\n    } catch (err) {\n      logger.error('usePublicEvent', 'Error fetching event:', err);\n      const error = err instanceof Error ? err : new Error('Unknown error occurred');\n      setError(error);\n      setEvent(null);\n    } finally {\n      setIsLoading(false);\n    }\n  }, [eventCode, supabase, cacheTtl, enableCache]);\n\n  // Fetch event when eventCode changes\n  useEffect(() => {\n    fetchEvent();\n  }, [fetchEvent]);\n\n  const refetch = useCallback(async (): Promise<void> => {\n    // Clear cache for this event\n    if (enableCache) {\n      const cacheKey = `public_event_${eventCode}`;\n      publicDataCache.delete(cacheKey);\n    }\n    await fetchEvent();\n  }, [fetchEvent, eventCode, enableCache]);\n\n  return {\n    event,\n    isLoading,\n    error,\n    refetch\n  };\n}\n\n/**\n * Clear all cached public event data\n * Useful for testing or when you need to force refresh all data\n */\nexport function clearPublicEventCache(): void {\n  for (const [key] of publicDataCache) {\n    if (key.startsWith('public_event_')) {\n      publicDataCache.delete(key);\n    }\n  }\n}\n\n/**\n * Get cache statistics for debugging\n */\nexport function getPublicEventCacheStats(): { size: number; keys: string[] } {\n  const keys = Array.from(publicDataCache.keys()).filter(key => key.startsWith('public_event_'));\n  return {\n    size: keys.length,\n    keys\n  };\n}\n","/**\n * @file Public Event Logo Hook\n * @package @jmruthers/pace-core\n * @module Hooks/Public\n * @since 1.0.0\n *\n * A React hook for accessing public event logo URLs without authentication.\n * Provides logo URLs with fallback handling for public pages.\n *\n * Features:\n * - No authentication required\n * - Automatic fallback to event initials\n * - Caching for performance\n * - Error handling and loading states\n * - TypeScript support\n * - Image validation\n *\n * @example\n * ```tsx\n * import { usePublicEventLogo } from '@jmruthers/pace-core';\n *\n * function EventHeader() {\n *   const { logoUrl, fallbackText, isLoading, error } = usePublicEventLogo(\n *     eventId, \n *     eventName, \n *     organisationId\n *   );\n *\n *   if (isLoading) return <div>Loading logo...</div>;\n *   if (error) return <div>Error: {error.message}</div>;\n *\n *   return (\n *     <div>\n *       {logoUrl ? (\n *         <img src={logoUrl} alt={`${eventName} logo`} />\n *       ) : (\n *         <div className=\"logo-fallback\">{fallbackText}</div>\n *       )}\n *     </div>\n *   );\n * }\n * ```\n *\n * @accessibility\n * - No direct accessibility concerns (hook)\n * - Enables accessible logo display with proper alt text\n * - Supports screen reader friendly fallbacks\n *\n * @security\n * - Only returns public-safe logo URLs\n * - Validates image existence before returning URL\n * - No sensitive information exposed\n * - Rate limiting applied at storage level\n *\n * @performance\n * - Built-in caching with TTL\n * - Image validation and optimization\n * - Minimal re-renders with stable references\n * - Lazy loading support\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - @supabase/supabase-js - Storage integration\n * - Event types - Type definitions\n */\n\nimport { useState, useEffect, useCallback, useMemo } from 'react';\nimport type { SupabaseClient } from '@supabase/supabase-js';\nimport type { Database } from '../../types/database';\nimport { createLogger } from '../../utils/core/logger';\n\nconst log = createLogger('usePublicEventLogo');\n\n// Simple in-memory cache for public data\nconst publicDataCache = new Map<string, { data: any; timestamp: number; ttl: number }>();\n\nexport interface UsePublicEventLogoReturn {\n  /** The logo URL if available, null if not found or error */\n  logoUrl: string | null;\n  /** Fallback text (event initials) if no logo is available */\n  fallbackText: string;\n  /** Whether the logo is currently loading */\n  isLoading: boolean;\n  /** Any error that occurred during loading */\n  error: Error | null;\n  /** Function to manually refetch the logo */\n  refetch: () => Promise<void>;\n}\n\nexport interface UsePublicEventLogoOptions {\n  /** Cache TTL in milliseconds (default: 30 minutes) */\n  cacheTtl?: number;\n  /** Whether to enable caching (default: true) */\n  enableCache?: boolean;\n  /** Whether to validate image existence (default: true) */\n  validateImage?: boolean;\n  /** Custom fallback text generator */\n  generateFallbackText?: (eventName: string) => string;\n  /** Supabase client instance (required) */\n  supabase: SupabaseClient<Database>;\n}\n\n/**\n * Generate fallback text from event name (first letter of each word)\n */\nfunction defaultGenerateFallbackText(eventName: string): string {\n  if (!eventName) return 'EV';\n  \n  return eventName\n    .split(' ')\n    .map(word => word.charAt(0).toUpperCase())\n    .join('')\n    .substring(0, 3); // Max 3 characters\n}\n\n/**\n * Hook for accessing public event logo URLs\n * \n * This hook provides access to event logo URLs without requiring\n * authentication. It includes fallback handling and image validation.\n * \n * @param eventId - The event ID to fetch logo for\n * @param eventName - The event name for fallback text generation\n * @param organisationId - The organisation ID for storage path\n * @param options - Configuration options for caching and behavior\n * @returns Object containing logo URL, fallback text, loading state, error, and refetch function\n */\nexport function usePublicEventLogo(\n  eventId: string | undefined,\n  eventName: string | undefined,\n  organisationId: string | undefined,\n  options: UsePublicEventLogoOptions\n): UsePublicEventLogoReturn {\n  const {\n    cacheTtl = 30 * 60 * 1000, // 30 minutes\n    enableCache = true,\n    validateImage = true,\n    generateFallbackText = defaultGenerateFallbackText,\n    supabase\n  } = options;\n\n  const [logoUrl, setLogoUrl] = useState<string | null>(null);\n  const [isLoading, setIsLoading] = useState<boolean>(false);\n  const [error, setError] = useState<Error | null>(null);\n\n  // Generate fallback text\n  const fallbackText = useMemo(() => {\n    return eventName ? generateFallbackText(eventName) : 'EV';\n  }, [eventName, generateFallbackText]);\n\n  const fetchLogo = useCallback(async (): Promise<void> => {\n    if (!eventId || !organisationId || !supabase) {\n      setLogoUrl(null);\n      setIsLoading(false);\n      return;\n    }\n\n    // Validate UUID format for organisationId to prevent database errors\n    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;\n    if (!uuidRegex.test(organisationId)) {\n      log.warn('Invalid organisationId format (not a valid UUID):', organisationId);\n      // Don't return early - let the database handle the validation\n      // This allows for more graceful error handling\n    }\n\n    // Check cache first\n    const cacheKey = `public_logo_${eventId}_${organisationId}`;\n    if (enableCache) {\n      const cached = publicDataCache.get(cacheKey);\n      if (cached && Date.now() - cached.timestamp < cached.ttl) {\n        setLogoUrl(cached.data);\n        setIsLoading(false);\n        setError(null);\n        return;\n      }\n    }\n\n    try {\n      setIsLoading(true);\n      setError(null);\n\n      // Call the public logo RPC function\n      const { data, error: rpcError } = await (supabase as any).rpc('get_public_event_logo', {\n        event_id_param: eventId,\n        organisation_id_param: organisationId\n      });\n\n      if (rpcError) {\n        throw new Error(rpcError.message || 'Failed to fetch logo');\n      }\n\n      if (!data || data.length === 0 || !data[0] || !data[0].logo_url) {\n        setLogoUrl(null);\n        return;\n      }\n\n      const logoUrl = data[0].logo_url;\n\n      // Validate image existence if requested\n      if (validateImage) {\n        try {\n          const response = await fetch(logoUrl, { method: 'HEAD' });\n          if (!response.ok) {\n            log.warn('Logo URL not accessible:', logoUrl);\n            setLogoUrl(null);\n            return;\n          }\n        } catch (fetchError) {\n          log.warn('Error validating logo URL:', fetchError);\n          setLogoUrl(null);\n          return;\n        }\n      }\n\n      setLogoUrl(logoUrl);\n\n      // Cache the result\n      if (enableCache) {\n        publicDataCache.set(cacheKey, {\n          data: logoUrl,\n          timestamp: Date.now(),\n          ttl: cacheTtl\n        });\n      }\n\n    } catch (err) {\n      log.error('Error fetching logo:', err);\n      const error = err instanceof Error ? err : new Error('Unknown error occurred');\n      setError(error);\n      setLogoUrl(null);\n    } finally {\n      setIsLoading(false);\n    }\n  }, [eventId, organisationId, supabase, cacheTtl, enableCache, validateImage]);\n\n  // Fetch logo when parameters change\n  useEffect(() => {\n    if (eventId && organisationId) {\n      fetchLogo();\n    } else {\n      setLogoUrl(null);\n      setIsLoading(false);\n      setError(null);\n    }\n  }, [fetchLogo, eventId, organisationId]);\n\n  const refetch = useCallback(async (): Promise<void> => {\n    if (!eventId || !organisationId) return;\n    \n    // Clear cache for this logo\n    if (enableCache) {\n      const cacheKey = `public_logo_${eventId}_${organisationId}`;\n      publicDataCache.delete(cacheKey);\n    }\n    await fetchLogo();\n  }, [fetchLogo, eventId, organisationId, enableCache]);\n\n  return {\n    logoUrl,\n    fallbackText,\n    isLoading,\n    error,\n    refetch\n  };\n}\n\n/**\n * Clear all cached public logo data\n * Useful for testing or when you need to force refresh all data\n */\nexport function clearPublicLogoCache(): void {\n  for (const [key] of publicDataCache) {\n    if (key.startsWith('public_logo_')) {\n      publicDataCache.delete(key);\n    }\n  }\n}\n\n/**\n * Get cache statistics for debugging\n */\nexport function getPublicLogoCacheStats(): { size: number; keys: string[] } {\n  const keys = Array.from(publicDataCache.keys()).filter(key => key.startsWith('public_logo_'));\n  return {\n    size: keys.length,\n    keys\n  };\n}\n","/**\n * @file Public Route Params Hook\n * @package @jmruthers/pace-core\n * @module Hooks/Public\n * @since 1.0.0\n *\n * A React hook for extracting and validating public route parameters.\n * Provides event code extraction and validation for public pages.\n *\n * Features:\n * - URL parameter extraction\n * - Event code validation\n * - TypeScript support\n * - Error handling\n * - Route pattern support\n *\n * @example\n * ```tsx\n * import { usePublicRouteParams } from '@jmruthers/pace-core';\n *\n * function PublicEventPage() {\n *   const { eventCode, eventId, event, error, isLoading } = usePublicRouteParams();\n *\n *   if (isLoading) return <div>Loading...</div>;\n *   if (error) return <div>Error: {error.message}</div>;\n *   if (!event) return <div>Event not found</div>;\n *\n *   return (\n *     <div>\n *       <h1>{event.event_name}</h1>\n *       <p>Event Code: {eventCode}</p>\n *     </div>\n *   );\n * }\n * ```\n *\n * @accessibility\n * - No direct accessibility concerns (hook)\n * - Enables accessible route parameter handling\n * - Supports screen reader friendly error states\n *\n * @security\n * - Validates event codes before processing\n * - Sanitizes URL parameters\n * - No sensitive information exposed\n * - Rate limiting applied at route level\n *\n * @performance\n * - Minimal re-renders with stable references\n * - Efficient parameter extraction\n * - Caching integration\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - React Router - URL parameter extraction\n * - Event types - Type definitions\n */\n\nimport { useState, useEffect, useCallback, useMemo } from 'react';\nimport { useParams, useLocation } from 'react-router-dom';\nimport type { Event } from '../../types/event';\nimport { usePublicEvent } from './usePublicEvent';\n\nexport interface UsePublicRouteParamsReturn {\n  /** The event code from the URL */\n  eventCode: string | null;\n  /** The event ID (resolved from event code) */\n  eventId: string | null;\n  /** The full event object */\n  event: Event | null;\n  /** Whether the route parameters are being processed */\n  isLoading: boolean;\n  /** Any error that occurred during processing */\n  error: Error | null;\n  /** Function to manually refetch the event data */\n  refetch: () => Promise<void>;\n}\n\ninterface UsePublicRouteParamsOptions {\n  /** Whether to automatically fetch event data (default: true) */\n  fetchEventData?: boolean;\n  /** Custom event code parameter name (default: 'eventCode') */\n  eventCodeParam?: string;\n  /** Whether to validate event code format (default: true) */\n  validateEventCode?: boolean;\n}\n\n/**\n * Validate event code format\n * Event codes should be alphanumeric with optional hyphens/underscores in the middle\n * Supports 2-50 characters\n */\nfunction validateEventCodeFormat(eventCode: string): boolean {\n  if (!eventCode || typeof eventCode !== 'string') return false;\n  \n  // Length check: 2-50 characters\n  if (eventCode.length < 2 || eventCode.length > 50) return false;\n  \n  // For 2-character codes: both must be alphanumeric\n  if (eventCode.length === 2) {\n    return /^[a-zA-Z0-9]{2}$/.test(eventCode);\n  }\n  \n  // For 3+ character codes: alphanumeric at start and end, hyphens/underscores allowed in middle\n  // Must not start or end with hyphen/underscore\n  const eventCodeRegex = /^[a-zA-Z0-9][a-zA-Z0-9_-]{1,48}[a-zA-Z0-9]$/;\n  const matchesFormat = eventCodeRegex.test(eventCode);\n  \n  if (!matchesFormat) return false;\n  \n  // Additional check: no consecutive hyphens or underscores\n  if (eventCode.includes('--') || eventCode.includes('__') || eventCode.includes('-_') || eventCode.includes('_-')) {\n    return false;\n  }\n  \n  return true;\n}\n\n/**\n * Hook for extracting and validating public route parameters\n * \n * This hook extracts event codes from URL parameters and optionally\n * fetches the corresponding event data. It provides validation and\n * error handling for public routes.\n * \n * @param options - Configuration options for behavior\n * @returns Object containing route parameters, event data, loading state, error, and refetch function\n */\nexport function usePublicRouteParams(\n  options: UsePublicRouteParamsOptions = {}\n): UsePublicRouteParamsReturn {\n  const {\n    fetchEventData = true,\n    eventCodeParam = 'eventCode',\n    validateEventCode = true\n  } = options;\n\n  const params = useParams();\n  const location = useLocation();\n  \n  const [error, setError] = useState<Error | null>(null);\n\n  // Extract event code from URL parameters\n  const eventCode = useMemo(() => {\n    const code = params[eventCodeParam] as string;\n    \n    if (!code) {\n      // Don't set error immediately - let the component handle missing eventCode gracefully\n      return null;\n    }\n\n    // Validate event code format if requested\n    if (validateEventCode && !validateEventCodeFormat(code)) {\n      setError(new Error(`Invalid event code format: ${code}`));\n      return null;\n    }\n\n    setError(null);\n    return code;\n  }, [params, eventCodeParam, validateEventCode]);\n\n  // Use the public event hook to fetch event data\n  const {\n    event,\n    isLoading: eventLoading,\n    error: eventError,\n    refetch: refetchEvent\n  } = usePublicEvent(eventCode || '', {\n    enableCache: true,\n    cacheTtl: 5 * 60 * 1000 // 5 minutes\n  });\n\n  // Determine if we should show loading state\n  const isLoading = useMemo(() => {\n    if (!fetchEventData) return false;\n    return eventLoading;\n  }, [fetchEventData, eventLoading]);\n\n  // Determine the final error state\n  const finalError = useMemo(() => {\n    if (error) return error;\n    if (eventError) return eventError;\n    return null;\n  }, [error, eventError]);\n\n  // Extract event ID from event data\n  const eventId = useMemo(() => {\n    if (!event) return null;\n    return event.event_id || event.id;\n  }, [event]);\n\n  // Refetch function\n  const refetch = useCallback(async (): Promise<void> => {\n    if (!fetchEventData) return;\n    await refetchEvent();\n  }, [fetchEventData, refetchEvent]);\n\n  return {\n    eventCode,\n    eventId,\n    event: fetchEventData ? event : null,\n    isLoading,\n    error: finalError,\n    refetch\n  };\n}\n\n/**\n * Hook for extracting just the event code without fetching event data\n * Useful when you only need the event code and will fetch data separately\n */\nexport function usePublicEventCode(\n  eventCodeParam: string = 'eventCode'\n): { eventCode: string | null; error: Error | null } {\n  const params = useParams();\n  \n  const eventCode = useMemo(() => {\n    const code = params[eventCodeParam] as string;\n    \n    if (!code) {\n      return null;\n    }\n\n    // Validate event code format\n    if (!validateEventCodeFormat(code)) {\n      return null;\n    }\n\n    return code;\n  }, [params, eventCodeParam]);\n\n  const error = useMemo(() => {\n    if (!eventCode) {\n      return new Error(`Event code parameter '${eventCodeParam}' not found or invalid`);\n    }\n    return null;\n  }, [eventCode, eventCodeParam]);\n\n  return {\n    eventCode,\n    error\n  };\n}\n\n/**\n * Utility function to generate public route paths\n */\nexport function generatePublicRoutePath(\n  eventCode: string,\n  pageName: string = 'index'\n): string {\n  if (!eventCode || !validateEventCodeFormat(eventCode)) {\n    throw new Error('Invalid event code for route generation');\n  }\n  \n  return `/public/event/${eventCode}/${pageName}`;\n}\n\n/**\n * Utility function to extract event code from a public route path\n * Supports 2-50 character event codes\n */\nexport function extractEventCodeFromPath(path: string): string | null {\n  const match = path.match(/^\\/public\\/event\\/([a-zA-Z0-9_-]{2,50})(?:\\/.*)?$/);\n  if (!match) return null;\n  \n  const eventCode = match[1];\n  // Validate the extracted code using the same validation function\n  if (!validateEventCodeFormat(eventCode)) {\n    return null;\n  }\n  \n  return eventCode;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOA,SAAS,eAAe;AACxB,SAAS,mBAAmB;AASrB,SAAS,WAAmC;AAAA,EACjD;AAAA,EACA;AAAA,EACA,OAAO;AACT,GAAuB;AACrB,SAAO,QAAoB;AAAA,IACzB,UAAU,YAAY,MAAM;AAAA,IAC5B;AAAA,IACA;AAAA,EACF,CAAC;AACH;;;ACFA,SAAS,UAAU,mBAAmB;AAqF/B,SAAS,cAA2B;AAAA,EACzC;AAAA,EACA,eAAe;AACjB,IAA6B,CAAC,GAA2B;AACvD,QAAM,CAAC,QAAQ,SAAS,IAAI,SAAS,KAAK;AAC1C,QAAM,CAAC,UAAU,WAAW,IAAI,SAAmB,IAAI;AAEvD,QAAM,aAAa,YAAY,CAAC,OAAiB,SAAS;AACxD,gBAAY,IAAI;AAChB,cAAU,IAAI;AACd,mBAAe,IAAI;AAAA,EACrB,GAAG,CAAC,YAAY,CAAC;AAEjB,QAAM,cAAc,YAAY,MAAM;AACpC,cAAU,KAAK;AACf,QAAI,cAAc;AAChB,kBAAY,IAAI;AAAA,IAClB;AACA,mBAAe,KAAK;AAAA,EACtB,GAAG,CAAC,cAAc,YAAY,CAAC;AAE/B,QAAM,mBAAmB,YAAY,CAAC,SAAkB;AACtD,cAAU,IAAI;AACd,QAAI,CAAC,QAAQ,cAAc;AACzB,kBAAY,IAAI;AAAA,IAClB;AACA,mBAAe,IAAI;AAAA,EACrB,GAAG,CAAC,cAAc,YAAY,CAAC;AAE/B,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ACxIA,SAAS,eAAAA,cAAa,SAAS,WAAW,YAAAC,iBAAgB;AA6BnD,IAAM,0BAA0B,MAAgC;AACrE,QAAM,EAAE,MAAM,SAAS,SAAS,IAAI,eAAe;AACnD,QAAM,EAAE,sBAAsB,aAAa,4BAA4B,eAAe,IAAI,iBAAiB;AAG3G,QAAM,CAAC,cAAc,eAAe,IAAIC,UAAkB,KAAK;AAC/D,QAAM,CAAC,sBAAsB,uBAAuB,IAAIA,UAAS,KAAK;AAGtE,YAAU,MAAM;AACd,QAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU;AAClC,sBAAgB,KAAK;AACrB;AAAA,IACF;AAEA,UAAM,kBAAkB,YAAY;AAClC,8BAAwB,IAAI;AAC5B,UAAI;AACF,cAAM,OAAM,oBAAI,KAAK,GAAE,YAAY;AACnC,cAAM,EAAE,MAAM,MAAM,IAAI,MAAM,SAC3B,KAAK,mBAAmB,EACxB,OAAO,MAAM,EACb,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,QAAQ,aAAa,EACxB,IAAI,cAAc,GAAG,EACrB,GAAG,iCAAiC,GAAG,EAAE,EACzC,MAAM,CAAC;AAEV,wBAAgB,CAAC,SAAS,QAAQ,KAAK,SAAS,CAAC;AAAA,MACnD,SAAS,OAAO;AACd,eAAO,MAAM,2BAA2B,sCAAsC,KAAK;AACnF,wBAAgB,KAAK;AAAA,MACvB,UAAE;AACA,gCAAwB,KAAK;AAAA,MAC/B;AAAA,IACF;AAEA,oBAAgB;AAAA,EAClB,GAAG,CAAC,MAAM,SAAS,QAAQ,CAAC;AAG5B,QAAM,oBAAoB,QAAQ,MAAyB;AACzD,WAAO;AAAA,MACL;AAAA,MACA,iBAAiB;AAAA,MACjB,2BAA2B;AAAA,IAC7B;AAAA,EACF,GAAG,CAAC,YAAY,CAAC;AAGjB,QAAM,6BAA6BC,aAAY,OAAO,UAAoC;AACxF,QAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,SAAU,QAAO;AAE3C,QAAI;AAEF,UAAI,kBAAkB,cAAc;AAClC,eAAO;AAAA,MACT;AAGA,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,SAC3B,KAAK,yBAAyB,EAC9B,OAAO,IAAI,EACX,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,mBAAmB,KAAK,EAC3B,GAAG,UAAU,QAAQ,EACrB,GAAG,cAAc,IAAI,EACrB,GAAG,QAAQ,CAAC,aAAa,UAAU,QAAQ,CAAC,EAC5C,OAAO;AAEV,UAAI,OAAO;AACT,eAAO,MAAM,2BAA2B,yCAAyC,KAAK;AACtF,eAAO;AAAA,MACT;AAEA,aAAO,CAAC,CAAC;AAAA,IACX,SAAS,OAAO;AACd,aAAO,MAAM,2BAA2B,6CAA6C,KAAK;AAC1F,aAAO;AAAA,IACT;AAAA,EACF,GAAG,CAAC,MAAM,SAAS,UAAU,kBAAkB,YAAY,CAAC;AAG5D,QAAM,iBAAiBA,aAAY,CAAC,SAAiB,UAA4B;AAE/E,QAAI,kBAAkB,cAAc;AAClC,aAAO;AAAA,IACT;AAEA,UAAM,cAAc,SAAS,sBAAsB;AACnD,QAAI,CAAC,YAAa,QAAO;AAEzB,UAAM,WAAW,YAAY,WAAW;AACxC,UAAM,gBAAgB,CAAC,aAAa,UAAU,UAAU,WAAW;AAEnE,UAAM,gBAAgB,cAAc,QAAQ,QAAQ;AACpD,UAAM,eAAe,cAAc,QAAQ,OAAO;AAElD,WAAO,iBAAiB;AAAA,EAC1B,GAAG,CAAC,sBAAsB,aAAa,kBAAkB,YAAY,CAAC;AAGtE,QAAM,8BAA8BA,aAAY,CAAC,UAA4B;AAE3E,QAAI,kBAAkB,cAAc;AAClC,aAAO;AAAA,IACT;AAEA,UAAM,cAAc,SAAS,sBAAsB;AACnD,QAAI,CAAC,YAAa,QAAO;AAEzB,UAAM,WAAW,YAAY,WAAW;AACxC,WAAO,aAAa;AAAA,EACtB,GAAG,CAAC,sBAAsB,aAAa,kBAAkB,YAAY,CAAC;AAGtE,QAAM,gBAAgBA,aAAY,OAAO,YAAoB,UAAqC;AAEhG,QAAI,kBAAkB,cAAc;AAClC,aAAO;AAAA,IACT;AAEA,UAAM,cAAc,SAAS,sBAAsB;AACnD,QAAI,CAAC,eAAe,CAAC,KAAM,QAAO;AAElC,QAAI;AAEF,YAAM,EAAE,kBAAkB,IAAI,MAAM,OAAO,mBAAa;AAExD,YAAM,QAAQ;AAAA,QACZ,gBAAgB;AAAA,QAChB,SAAS,KAAK,eAAe,WAAW,KAAK,cAAc;AAAA,QAC3D,OAAO,KAAK,eAAe,SAAS,KAAK,cAAc;AAAA,MACzD;AAEA,aAAO,MAAM,kBAAkB;AAAA,QAC7B,QAAQ,KAAK;AAAA,QACb;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,SAAS,OAAO;AACd,aAAO,MAAM,2BAA2B,kCAAkC,KAAK;AAC/E,aAAO;AAAA,IACT;AAAA,EACF,GAAG,CAAC,sBAAsB,MAAM,kBAAkB,YAAY,CAAC;AAG/D,QAAM,qBAAqBA,aAAY,OAAO,UAAsC;AAElF,QAAI,kBAAkB,cAAc;AAClC,aAAO,CAAC,GAAG;AAAA,IACb;AAEA,UAAM,cAAc,SAAS,sBAAsB;AACnD,QAAI,CAAC,eAAe,CAAC,KAAM,QAAO,CAAC;AAEnC,QAAI;AAEF,YAAM,EAAE,iBAAiB,IAAI,MAAM,OAAO,mBAAa;AAEvD,YAAM,QAAQ;AAAA,QACZ,gBAAgB;AAAA,QAChB,SAAS,KAAK,eAAe,WAAW,KAAK,cAAc;AAAA,QAC3D,OAAO,KAAK,eAAe,SAAS,KAAK,cAAc;AAAA,MACzD;AAEA,YAAM,gBAAgB,MAAM,iBAAiB;AAAA,QAC3C,QAAQ,KAAK;AAAA,QACb;AAAA,MACF,CAAC;AAGD,YAAM,iBAAiB,OAAO,QAAQ,aAAa,EAChD,OAAO,CAAC,CAAC,EAAE,OAAO,MAAM,OAAO,EAC/B,IAAI,CAAC,CAAC,UAAU,MAAM,UAAU;AACnC,aAAO,CAAC,GAAG,IAAI,IAAI,cAAc,CAAC;AAAA,IACpC,SAAS,OAAO;AACd,aAAO,MAAM,2BAA2B,uCAAuC,KAAK;AACpF,aAAO,CAAC;AAAA,IACV;AAAA,EACF,GAAG,CAAC,sBAAsB,MAAM,aAAa,kBAAkB,YAAY,CAAC;AAG5E,QAAM,wBAAwBA,aAAY,OAAO,QAAgB,YAAqD;AACpH,QAAI,CAAC,QAAQ,CAAC,qBAAsB;AAEpC,QAAI;AAEF,UAAI,qBAAqB,IAAI;AAC3B,cAAM,EAAE,eAAe,IAAI,MAAM,OAAO,qBAAe;AAEvD,cAAM,eAAe;AAAA,UACnB,MAAM;AAAA,UACN,QAAQ,KAAK;AAAA,UACb,gBAAgB,qBAAqB;AAAA,UACrC,YAAY;AAAA,UACZ,UAAU;AAAA;AAAA,UACV,QAAQ;AAAA,UACR,aAAa;AAAA;AAAA,UACb,UAAU,WAAW,CAAC;AAAA,QACxB,CAAC;AAAA,MACH;AAAA,IACF,SAAS,OAAO;AACd,aAAO,MAAM,2BAA2B,sCAAsC,KAAK;AAAA,IACrF;AAAA,EACF,GAAG,CAAC,MAAM,oBAAoB,CAAC;AAG/B,QAAM,2BAA2BA,aAAY,OAAO,UAAiC;AACnF,UAAM,YAAY,MAAM,2BAA2B,KAAK;AAExD,QAAI,CAAC,WAAW;AACd,YAAM,QAAQ,IAAI,MAAM,6CAA6C,KAAK,EAAE;AAC5E,YAAM,OAAO;AACb,YAAM,OAAO;AACb,YAAM,iBAAiB;AACvB,YAAM,SAAS,MAAM;AACrB,YAAM;AAAA,IACR;AAAA,EACF,GAAG,CAAC,4BAA4B,IAAI,CAAC;AAGrC,QAAM,qBAAqBA,aAAY,OAAO,QAAgB,UAAoC;AAChG,QAAI,CAAC,SAAU,QAAO;AAEtB,QAAI;AAEF,UAAI,kBAAkB,cAAc;AAClC,eAAO;AAAA,MACT;AAGA,UAAI,WAAW,MAAM,IAAI;AACvB,eAAO;AAAA,MACT;AAEA,aAAO,MAAM,2BAA2B,KAAK;AAAA,IAC/C,SAAS,OAAO;AACd,aAAO,MAAM,2BAA2B,qCAAqC,KAAK;AAClF,aAAO;AAAA,IACT;AAAA,EACF,GAAG,CAAC,UAAU,kBAAkB,cAAc,MAAM,0BAA0B,CAAC;AAE/E,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ACtPA,SAAS,WAAAC,gBAAe;AAiDjB,SAAS,2BAA2B,OAAkD;AAC3F,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,iBAAiB;AAGrB,MAAI,oBAA+C,EAAE,cAAc,MAAM;AACzE,MAAI;AACF,wBAAoB,wBAAwB,EAAE;AAAA,EAChD,QAAQ;AAAA,EAER;AAEA,QAAM,iBAAiBC,SAAQ,MAAM;AACnC,QAAI,OAAO;AACT,aAAO;AAAA,IACT;AACA,QAAI;AACF,YAAM,aAAa,0BAA0B;AAC7C,aAAO,WAAW;AAAA,IACpB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF,GAAG,CAAC,OAAO,yBAAyB,CAAC;AAErC,QAAM,WAAWA,SAAQ,MAAM;AAC7B,QAAI,CAAC,eAAgB,QAAO;AAC5B,UAAM,OAAO,YAAY,cAAc;AAEvC,QAAI,SAAS,eAAe,SAAS,YAAY,SAAS,YAAY,SAAS,aAAa;AAC1F,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT,GAAG,CAAC,gBAAgB,WAAW,CAAC;AAEhC,QAAM,wBAAwBA,SAAQ,MAAM;AAC1C,QAAI,CAAC,eAAgB,QAAO;AAC5B,WAAO,2BAA2B,cAAc;AAAA,EAClD,GAAG,CAAC,gBAAgB,0BAA0B,CAAC;AAE/C,QAAM,cAAcA,SAAQ,MAAM;AAChC,QAAI,CAAC,yBAAyB,aAAa,aAAa;AACtD,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,cAAc;AAAA,QACd,aAAa;AAAA,QACb,kBAAkB;AAAA,QAClB,mBAAmB;AAAA,QACnB,iBAAiB;AAAA,QACjB,oBAAoB;AAAA,MACtB;AAAA,IACF;AAEA,UAAM,aAAa,aAAa;AAChC,UAAM,WAAW,aAAa;AAC9B,UAAM,WAAW,aAAa;AAC9B,UAAM,cAAc,aAAa;AAIjC,UAAM,eAAe,kBAAkB;AAEvC,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,aAAa,gBAAgB,cAAc;AAAA,MAC3C,kBAAkB,gBAAgB,cAAc;AAAA;AAAA,MAChD,mBAAmB,gBAAgB;AAAA,MACnC,iBAAiB,gBAAgB,cAAc;AAAA,MAC/C,oBAAoB,gBAAgB,cAAc;AAAA;AAAA,IACpD;AAAA,EACF,GAAG,CAAC,uBAAuB,QAAQ,CAAC;AAEpC,QAAM,gBAAgBA,SAAQ,MAAM;AAClC,WAAO,CAAC,eAAgD;AACtD,UAAI,CAAC,yBAAyB,aAAa,aAAa;AACtD,eAAO;AAAA,MACT;AAGA,UAAI,aAAa,eAAe,eAAe,KAAK;AAClD,eAAO;AAAA,MACT;AAGA,YAAM,kBAAsE;AAAA,QAC1E,WAAW,CAAC,YAAY;AAAA,QACxB,QAAQ,CAAC,cAAc,cAAc;AAAA,QACrC,QAAQ,CAAC,cAAc,gBAAgB,oBAAoB,eAAe;AAAA,QAC1E,WAAW,CAAC,cAAc,gBAAgB,oBAAoB,iBAAiB,kBAAkB,iBAAiB;AAAA,MACpH;AAEA,YAAM,kBAAkB,gBAAgB,QAA4B,KAAK,CAAC;AAC1E,aAAO,gBAAgB,SAAS,UAAU,KAAK,gBAAgB,SAAS,GAAG;AAAA,IAC7E;AAAA,EACF,GAAG,CAAC,uBAAuB,QAAQ,CAAC;AAEpC,QAAM,oBAAoBA,SAAQ,MAAM;AACtC,WAAO,MAAgC;AACrC,UAAI,CAAC,yBAAyB,aAAa,aAAa;AACtD,eAAO,CAAC;AAAA,MACV;AAEA,YAAM,kBAAsE;AAAA,QAC1E,WAAW,CAAC,YAAY;AAAA,QACxB,QAAQ,CAAC,cAAc,cAAc;AAAA,QACrC,QAAQ,CAAC,cAAc,gBAAgB,oBAAoB,eAAe;AAAA,QAC1E,WAAW,CAAC,cAAc,gBAAgB,oBAAoB,iBAAiB,kBAAkB,iBAAiB;AAAA,MACpH;AAEA,aAAO,gBAAgB,QAA4B,KAAK,CAAC;AAAA,IAC3D;AAAA,EACF,GAAG,CAAC,uBAAuB,QAAQ,CAAC;AAEpC,SAAOA,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,GAAG;AAAA,EACL,IAAI,CAAC,UAAU,gBAAgB,uBAAuB,eAAe,mBAAmB,WAAW,CAAC;AACtG;;;ACtKO,IAAM,eAAN,MAAmB;AAW1B;AAXa,aACJ,mBAAmB;AADf,aAEJ,yBAAyB;AAFrB,aAGJ,sBAAsB;AAHlB,aAIJ,aAAa;AAJT,aAKJ,eAAe;AALX,aAMJ,eAAe;AANX,aAOJ,aAAa;AAPT,aAQJ,eAAe;AARX,aASJ,YAAY;AATR,aAUJ,cAAc;;;ACJvB,SAAS,YAAAC,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,gBAAe;AAC1D,SAAS,oBAAoB;AAQ7B,IAAM,kBAAkB,oBAAI,IAA2D;AA8BhF,SAAS,eACd,WACA,UAAiC,CAAC,GACZ;AACtB,QAAM;AAAA,IACJ,WAAW,IAAI,KAAK;AAAA;AAAA,IACpB,cAAc;AAAA,EAChB,IAAI;AAEJ,QAAM,CAAC,OAAO,QAAQ,IAAIC,UAAuB,IAAI;AACrD,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAkB,IAAI;AACxD,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAGrD,MAAI;AAEJ,MAAI;AACF,kBAAc,qBAAqB,EAAE;AAAA,EACvC,QAAQ;AAEN,kBAAc;AAAA,MACZ,aAAc,YAAoB,KAAK,qBAAsB,YAAoB,KAAK,4BAA4B;AAAA,MAClH,aAAc,YAAoB,KAAK,0BAA2B,YAAoB,KAAK,iCAAiC;AAAA,IAC9H;AAAA,EACF;AAGA,QAAM,WAAWC,SAAQ,MAAM;AAC7B,QAAI,OAAO,WAAW,YAAa,QAAO;AAE1C,QAAI,CAAC,YAAY,eAAe,CAAC,YAAY,aAAa;AACxD,aAAO,KAAK,kBAAkB,8KAA8K;AAC5M,aAAO;AAAA,IACT;AAEA,WAAO,aAAuB,YAAY,aAAa,YAAY,WAAW;AAAA,EAChF,GAAG,CAAC,YAAY,aAAa,YAAY,WAAW,CAAC;AAGrD,QAAM,qBAAqBC,aAAY,YAAY;AACjD,QAAI;AAEF,YAAO,SAAiB,KAAK,6BAA6B,EAAE,OAAO,cAAc,EAAE,MAAM,CAAC;AAAA,IAC5F,SAASC,QAAO;AAEd,aAAO,MAAM,kBAAkB,wCAAwCA,MAAK;AAAA,IAC9E;AAAA,EACF,GAAG,CAAC,QAAQ,CAAC;AAEb,QAAM,aAAaD,aAAY,YAA2B;AACxD,QAAI,CAAC,aAAa,CAAC,UAAU;AAC3B,eAAS,IAAI,MAAM,qDAAqD,CAAC;AACzE,mBAAa,KAAK;AAClB;AAAA,IACF;AAGA,UAAM,WAAW,gBAAgB,SAAS;AAC1C,QAAI,aAAa;AACf,YAAM,SAAS,gBAAgB,IAAI,QAAQ;AAC3C,UAAI,UAAU,KAAK,IAAI,IAAI,OAAO,YAAY,OAAO,KAAK;AACxD,iBAAS,OAAO,IAAI;AACpB,qBAAa,KAAK;AAClB,iBAAS,IAAI;AACb;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAEb,UAAI,YAAiB;AAErB,UAAI;AAEF,cAAM,WAAW,MAAO,SAAiB,IAAI,4BAA4B;AAAA,UACvE,kBAAkB;AAAA,QACpB,CAAC;AAED,cAAM,OAAO,UAAU;AACvB,cAAM,WAAW,UAAU;AAE3B,YAAI,UAAU;AAEZ,cAAI,SAAS,SAAS,SAAS,6BAA6B,KACxD,SAAS,SAAS,SAAS,gBAAgB,KAC3C,SAAS,SAAS,SAAS,cAAc,GAAG;AAC9C,mBAAO,KAAK,kBAAkB,qEAAqE,SAAS,OAAO;AAGnH,kBAAM,mBAAmB;AAGzB,gBAAI;AACF,oBAAM,gBAAgB,MAAO,SAAiB,IAAI,4BAA4B;AAAA,gBAC5E,kBAAkB;AAAA,cACpB,CAAC;AAED,oBAAM,YAAY,eAAe;AACjC,oBAAM,aAAa,eAAe;AAElC,kBAAI,CAAC,cAAc,aAAa,UAAU,SAAS,GAAG;AACpD,4BAAY,UAAU,CAAC;AAAA,cACzB,OAAO;AACL,sBAAM,IAAI,MAAM,uCAAuC;AAAA,cACzD;AAAA,YACF,SAAS,YAAY;AACnB,qBAAO,KAAK,kBAAkB,4EAA4E;AAG5G,oBAAM,iBAAiB,MAAO,SAC3B,KAAK,OAAO,EACZ,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,eAgBP,EACA,GAAG,cAAc,SAAS,EAC1B,GAAG,cAAc,IAAI,EACrB,IAAI,mBAAmB,MAAM,IAAI,EACjC,MAAM,CAAC,EACP,OAAO;AAEV,oBAAM,YAAY,gBAAgB;AAClC,oBAAM,aAAa,gBAAgB;AAEnC,kBAAI,YAAY;AACd,sBAAM,IAAI,MAAM,YAAY,WAAW,kCAAkC;AAAA,cAC3E;AAEA,kBAAI,CAAC,WAAW;AACd,yBAAS,IAAI;AACb,yBAAS,IAAI,MAAM,iBAAiB,CAAC;AACrC;AAAA,cACF;AAGA,oBAAM,eAAe,MAAO,SACzB,KAAK,iBAAiB,EACtB,OAAO,WAAW,EAClB,GAAG,cAAc,OAAO,EACxB,GAAG,aAAa,UAAU,QAAQ,EAClC,GAAG,aAAa,IAAI,EACpB,GAAG,4BAA4B,aAAa,EAC5C,MAAM,CAAC,EACP,OAAO;AAEV,oBAAM,WAAW,cAAc;AAE/B,0BAAY;AAAA,gBACV,GAAG;AAAA,gBACH,YAAY,UAAU,aAAa;AAAA,cACrC;AAAA,YACA;AAAA,UACF,OAAO;AAEL,kBAAM,eAAe,UAAU,WAAW,UAAU,SAAS,KAAK;AAClE,qBAAS,IAAI;AACb,qBAAS,IAAI,MAAM,YAAY,CAAC;AAChC,yBAAa,KAAK;AAClB;AAAA,UACF;AAAA,QACF,OAAO;AACL,cAAI,CAAC,QAAQ,KAAK,WAAW,KAAK,CAAC,KAAK,CAAC,GAAG;AAC1C,qBAAS,IAAI;AACb,qBAAS,IAAI,MAAM,iBAAiB,CAAC;AACrC;AAAA,UACF;AACA,sBAAY,KAAK,CAAC;AAAA,QACpB;AAAA,MACF,SAAS,UAAU;AAEjB,eAAO,KAAK,kBAAkB,yDAAyD,QAAQ;AAE/F,cAAM,gBAAgB,MAAO,SAC1B,KAAK,OAAO,EACZ,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,WAgBP,EACA,GAAG,cAAc,SAAS,EAC1B,GAAG,cAAc,IAAI,EACrB,IAAI,mBAAmB,MAAM,IAAI,EACjC,MAAM,CAAC,EACP,OAAO;AAEV,cAAM,YAAY,eAAe;AACjC,cAAM,aAAa,eAAe;AAElC,YAAI,YAAY;AACd,gBAAM,IAAI,MAAM,YAAY,WAAW,kCAAkC;AAAA,QAC3E;AAEA,YAAI,CAAC,WAAW;AACd,mBAAS,IAAI;AACb,mBAAS,IAAI,MAAM,iBAAiB,CAAC;AACrC;AAAA,QACF;AAGA,cAAM,eAAe,MAAO,SACzB,KAAK,iBAAiB,EACtB,OAAO,WAAW,EAClB,GAAG,cAAc,OAAO,EACxB,GAAG,aAAa,UAAU,QAAQ,EAClC,GAAG,aAAa,IAAI,EACpB,GAAG,4BAA4B,aAAa,EAC5C,MAAM,CAAC,EACP,OAAO;AAEV,cAAM,WAAW,cAAc;AAE/B,oBAAY;AAAA,UACV,GAAG;AAAA,UACH,YAAY,UAAU,aAAa;AAAA,QACrC;AAAA,MACF;AAGA,YAAM,mBAA0B;AAAA,QAC9B,IAAI,UAAU;AAAA,QACd,UAAU,UAAU;AAAA,QACpB,YAAY,UAAU;AAAA,QACtB,YAAY;AAAA,QACZ,YAAY,UAAU;AAAA,QACtB,aAAa,UAAU;AAAA,QACvB,oBAAoB,UAAU;AAAA,QAC9B,YAAY,UAAU;AAAA,QACtB,eAAe,UAAU;AAAA,QACzB,iBAAiB,qBAAqB,UAAU,eAAe;AAAA,QAC/D,YAAY;AAAA,QACZ,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,QACnC,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,MACrC;AAEA,eAAS,gBAAgB;AAGzB,UAAI,aAAa;AACf,wBAAgB,IAAI,UAAU;AAAA,UAC5B,MAAM;AAAA,UACN,WAAW,KAAK,IAAI;AAAA,UACpB,KAAK;AAAA,QACP,CAAC;AAAA,MACH;AAAA,IAEF,SAAS,KAAK;AACZ,aAAO,MAAM,kBAAkB,yBAAyB,GAAG;AAC3D,YAAMC,SAAQ,eAAe,QAAQ,MAAM,IAAI,MAAM,wBAAwB;AAC7E,eAASA,MAAK;AACd,eAAS,IAAI;AAAA,IACf,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,WAAW,UAAU,UAAU,WAAW,CAAC;AAG/C,EAAAC,WAAU,MAAM;AACd,eAAW;AAAA,EACb,GAAG,CAAC,UAAU,CAAC;AAEf,QAAM,UAAUF,aAAY,YAA2B;AAErD,QAAI,aAAa;AACf,YAAM,WAAW,gBAAgB,SAAS;AAC1C,sBAAgB,OAAO,QAAQ;AAAA,IACjC;AACA,UAAM,WAAW;AAAA,EACnB,GAAG,CAAC,YAAY,WAAW,WAAW,CAAC;AAEvC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAMO,SAAS,wBAA8B;AAC5C,aAAW,CAAC,GAAG,KAAK,iBAAiB;AACnC,QAAI,IAAI,WAAW,eAAe,GAAG;AACnC,sBAAgB,OAAO,GAAG;AAAA,IAC5B;AAAA,EACF;AACF;AAKO,SAAS,2BAA6D;AAC3E,QAAM,OAAO,MAAM,KAAK,gBAAgB,KAAK,CAAC,EAAE,OAAO,SAAO,IAAI,WAAW,eAAe,CAAC;AAC7F,SAAO;AAAA,IACL,MAAM,KAAK;AAAA,IACX;AAAA,EACF;AACF;;;ACvWA,SAAS,YAAAG,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,gBAAe;AAK1D,IAAM,MAAM,aAAa,oBAAoB;AAG7C,IAAMC,mBAAkB,oBAAI,IAA2D;AA+BvF,SAAS,4BAA4B,WAA2B;AAC9D,MAAI,CAAC,UAAW,QAAO;AAEvB,SAAO,UACJ,MAAM,GAAG,EACT,IAAI,UAAQ,KAAK,OAAO,CAAC,EAAE,YAAY,CAAC,EACxC,KAAK,EAAE,EACP,UAAU,GAAG,CAAC;AACnB;AAcO,SAAS,mBACd,SACA,WACA,gBACA,SAC0B;AAC1B,QAAM;AAAA,IACJ,WAAW,KAAK,KAAK;AAAA;AAAA,IACrB,cAAc;AAAA,IACd,gBAAgB;AAAA,IAChB,uBAAuB;AAAA,IACvB;AAAA,EACF,IAAI;AAEJ,QAAM,CAAC,SAAS,UAAU,IAAIC,UAAwB,IAAI;AAC1D,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAkB,KAAK;AACzD,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAGrD,QAAM,eAAeC,SAAQ,MAAM;AACjC,WAAO,YAAY,qBAAqB,SAAS,IAAI;AAAA,EACvD,GAAG,CAAC,WAAW,oBAAoB,CAAC;AAEpC,QAAM,YAAYC,aAAY,YAA2B;AACvD,QAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,UAAU;AAC5C,iBAAW,IAAI;AACf,mBAAa,KAAK;AAClB;AAAA,IACF;AAGA,UAAM,YAAY;AAClB,QAAI,CAAC,UAAU,KAAK,cAAc,GAAG;AACnC,UAAI,KAAK,qDAAqD,cAAc;AAAA,IAG9E;AAGA,UAAM,WAAW,eAAe,OAAO,IAAI,cAAc;AACzD,QAAI,aAAa;AACf,YAAM,SAASH,iBAAgB,IAAI,QAAQ;AAC3C,UAAI,UAAU,KAAK,IAAI,IAAI,OAAO,YAAY,OAAO,KAAK;AACxD,mBAAW,OAAO,IAAI;AACtB,qBAAa,KAAK;AAClB,iBAAS,IAAI;AACb;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAGb,YAAM,EAAE,MAAM,OAAO,SAAS,IAAI,MAAO,SAAiB,IAAI,yBAAyB;AAAA,QACrF,gBAAgB;AAAA,QAChB,uBAAuB;AAAA,MACzB,CAAC;AAED,UAAI,UAAU;AACZ,cAAM,IAAI,MAAM,SAAS,WAAW,sBAAsB;AAAA,MAC5D;AAEA,UAAI,CAAC,QAAQ,KAAK,WAAW,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,UAAU;AAC/D,mBAAW,IAAI;AACf;AAAA,MACF;AAEA,YAAMI,WAAU,KAAK,CAAC,EAAE;AAGxB,UAAI,eAAe;AACjB,YAAI;AACF,gBAAM,WAAW,MAAM,MAAMA,UAAS,EAAE,QAAQ,OAAO,CAAC;AACxD,cAAI,CAAC,SAAS,IAAI;AAChB,gBAAI,KAAK,4BAA4BA,QAAO;AAC5C,uBAAW,IAAI;AACf;AAAA,UACF;AAAA,QACF,SAAS,YAAY;AACnB,cAAI,KAAK,8BAA8B,UAAU;AACjD,qBAAW,IAAI;AACf;AAAA,QACF;AAAA,MACF;AAEA,iBAAWA,QAAO;AAGlB,UAAI,aAAa;AACf,QAAAJ,iBAAgB,IAAI,UAAU;AAAA,UAC5B,MAAMI;AAAA,UACN,WAAW,KAAK,IAAI;AAAA,UACpB,KAAK;AAAA,QACP,CAAC;AAAA,MACH;AAAA,IAEF,SAAS,KAAK;AACZ,UAAI,MAAM,wBAAwB,GAAG;AACrC,YAAMC,SAAQ,eAAe,QAAQ,MAAM,IAAI,MAAM,wBAAwB;AAC7E,eAASA,MAAK;AACd,iBAAW,IAAI;AAAA,IACjB,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,SAAS,gBAAgB,UAAU,UAAU,aAAa,aAAa,CAAC;AAG5E,EAAAC,WAAU,MAAM;AACd,QAAI,WAAW,gBAAgB;AAC7B,gBAAU;AAAA,IACZ,OAAO;AACL,iBAAW,IAAI;AACf,mBAAa,KAAK;AAClB,eAAS,IAAI;AAAA,IACf;AAAA,EACF,GAAG,CAAC,WAAW,SAAS,cAAc,CAAC;AAEvC,QAAM,UAAUH,aAAY,YAA2B;AACrD,QAAI,CAAC,WAAW,CAAC,eAAgB;AAGjC,QAAI,aAAa;AACf,YAAM,WAAW,eAAe,OAAO,IAAI,cAAc;AACzD,MAAAH,iBAAgB,OAAO,QAAQ;AAAA,IACjC;AACA,UAAM,UAAU;AAAA,EAClB,GAAG,CAAC,WAAW,SAAS,gBAAgB,WAAW,CAAC;AAEpD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAMO,SAAS,uBAA6B;AAC3C,aAAW,CAAC,GAAG,KAAKA,kBAAiB;AACnC,QAAI,IAAI,WAAW,cAAc,GAAG;AAClC,MAAAA,iBAAgB,OAAO,GAAG;AAAA,IAC5B;AAAA,EACF;AACF;AAKO,SAAS,0BAA4D;AAC1E,QAAM,OAAO,MAAM,KAAKA,iBAAgB,KAAK,CAAC,EAAE,OAAO,SAAO,IAAI,WAAW,cAAc,CAAC;AAC5F,SAAO;AAAA,IACL,MAAM,KAAK;AAAA,IACX;AAAA,EACF;AACF;;;ACrOA,SAAS,YAAAO,WAAqB,eAAAC,cAAa,WAAAC,gBAAe;AAC1D,SAAS,WAAW,mBAAmB;AAiCvC,SAAS,wBAAwB,WAA4B;AAC3D,MAAI,CAAC,aAAa,OAAO,cAAc,SAAU,QAAO;AAGxD,MAAI,UAAU,SAAS,KAAK,UAAU,SAAS,GAAI,QAAO;AAG1D,MAAI,UAAU,WAAW,GAAG;AAC1B,WAAO,mBAAmB,KAAK,SAAS;AAAA,EAC1C;AAIA,QAAM,iBAAiB;AACvB,QAAM,gBAAgB,eAAe,KAAK,SAAS;AAEnD,MAAI,CAAC,cAAe,QAAO;AAG3B,MAAI,UAAU,SAAS,IAAI,KAAK,UAAU,SAAS,IAAI,KAAK,UAAU,SAAS,IAAI,KAAK,UAAU,SAAS,IAAI,GAAG;AAChH,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAYO,SAAS,qBACd,UAAuC,CAAC,GACZ;AAC5B,QAAM;AAAA,IACJ,iBAAiB;AAAA,IACjB,iBAAiB;AAAA,IACjB,oBAAoB;AAAA,EACtB,IAAI;AAEJ,QAAM,SAAS,UAAU;AACzB,QAAM,WAAW,YAAY;AAE7B,QAAM,CAAC,OAAO,QAAQ,IAAIC,UAAuB,IAAI;AAGrD,QAAM,YAAYC,SAAQ,MAAM;AAC9B,UAAM,OAAO,OAAO,cAAc;AAElC,QAAI,CAAC,MAAM;AAET,aAAO;AAAA,IACT;AAGA,QAAI,qBAAqB,CAAC,wBAAwB,IAAI,GAAG;AACvD,eAAS,IAAI,MAAM,8BAA8B,IAAI,EAAE,CAAC;AACxD,aAAO;AAAA,IACT;AAEA,aAAS,IAAI;AACb,WAAO;AAAA,EACT,GAAG,CAAC,QAAQ,gBAAgB,iBAAiB,CAAC;AAG9C,QAAM;AAAA,IACJ;AAAA,IACA,WAAW;AAAA,IACX,OAAO;AAAA,IACP,SAAS;AAAA,EACX,IAAI,eAAe,aAAa,IAAI;AAAA,IAClC,aAAa;AAAA,IACb,UAAU,IAAI,KAAK;AAAA;AAAA,EACrB,CAAC;AAGD,QAAM,YAAYA,SAAQ,MAAM;AAC9B,QAAI,CAAC,eAAgB,QAAO;AAC5B,WAAO;AAAA,EACT,GAAG,CAAC,gBAAgB,YAAY,CAAC;AAGjC,QAAM,aAAaA,SAAQ,MAAM;AAC/B,QAAI,MAAO,QAAO;AAClB,QAAI,WAAY,QAAO;AACvB,WAAO;AAAA,EACT,GAAG,CAAC,OAAO,UAAU,CAAC;AAGtB,QAAM,UAAUA,SAAQ,MAAM;AAC5B,QAAI,CAAC,MAAO,QAAO;AACnB,WAAO,MAAM,YAAY,MAAM;AAAA,EACjC,GAAG,CAAC,KAAK,CAAC;AAGV,QAAM,UAAUC,aAAY,YAA2B;AACrD,QAAI,CAAC,eAAgB;AACrB,UAAM,aAAa;AAAA,EACrB,GAAG,CAAC,gBAAgB,YAAY,CAAC;AAEjC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,OAAO,iBAAiB,QAAQ;AAAA,IAChC;AAAA,IACA,OAAO;AAAA,IACP;AAAA,EACF;AACF;AAMO,SAAS,mBACd,iBAAyB,aAC0B;AACnD,QAAM,SAAS,UAAU;AAEzB,QAAM,YAAYD,SAAQ,MAAM;AAC9B,UAAM,OAAO,OAAO,cAAc;AAElC,QAAI,CAAC,MAAM;AACT,aAAO;AAAA,IACT;AAGA,QAAI,CAAC,wBAAwB,IAAI,GAAG;AAClC,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT,GAAG,CAAC,QAAQ,cAAc,CAAC;AAE3B,QAAM,QAAQA,SAAQ,MAAM;AAC1B,QAAI,CAAC,WAAW;AACd,aAAO,IAAI,MAAM,yBAAyB,cAAc,wBAAwB;AAAA,IAClF;AACA,WAAO;AAAA,EACT,GAAG,CAAC,WAAW,cAAc,CAAC;AAE9B,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;AAKO,SAAS,wBACd,WACA,WAAmB,SACX;AACR,MAAI,CAAC,aAAa,CAAC,wBAAwB,SAAS,GAAG;AACrD,UAAM,IAAI,MAAM,yCAAyC;AAAA,EAC3D;AAEA,SAAO,iBAAiB,SAAS,IAAI,QAAQ;AAC/C;AAMO,SAAS,yBAAyB,MAA6B;AACpE,QAAM,QAAQ,KAAK,MAAM,mDAAmD;AAC5E,MAAI,CAAC,MAAO,QAAO;AAEnB,QAAM,YAAY,MAAM,CAAC;AAEzB,MAAI,CAAC,wBAAwB,SAAS,GAAG;AACvC,WAAO;AAAA,EACT;AAEA,SAAO;AACT;","names":["useCallback","useState","useState","useCallback","useMemo","useMemo","useState","useEffect","useCallback","useMemo","useState","useMemo","useCallback","error","useEffect","useState","useEffect","useCallback","useMemo","publicDataCache","useState","useMemo","useCallback","logoUrl","error","useEffect","useState","useCallback","useMemo","useState","useMemo","useCallback"]}

package/dist/{chunk-FSFQFJCU.js → chunk-63FOKYGO.js}

@@ -2,12 +2,173 @@ import {
   logger
 } from "./chunk-PWLANIRT.js";
 
+// src/rbac/audit-batched.ts
+var DEFAULT_CONFIG = {
+  enabled: true,
+  batchWindow: 500,
+  // 500ms - increased for better batching
+  batchSize: 20
+  // Increased from 10 to 20 for better efficiency
+};
+var BatchedAuditManager = class {
+  constructor(supabase, config = {}) {
+    this.eventQueue = [];
+    this.flushTimer = null;
+    this.isFlushing = false;
+    this.supabase = supabase;
+    this.config = { ...DEFAULT_CONFIG, ...config };
+  }
+  /**
+   * Update configuration
+   */
+  updateConfig(config) {
+    this.config = { ...this.config, ...config };
+  }
+  /**
+   * Queue an audit event for batching
+   * 
+   * @param event - Audit event payload
+   */
+  async queueEvent(event) {
+    if (!this.config.enabled) {
+      await this.sendEventImmediately(event);
+      return;
+    }
+    if ("cache_hit" in event && event.cache_hit === true) {
+      return;
+    }
+    const auditEvent = this.convertToAuditEvent(event);
+    if (!auditEvent) {
+      return;
+    }
+    this.eventQueue.push(auditEvent);
+    if (this.eventQueue.length >= this.config.batchSize) {
+      await this.flush();
+    } else {
+      this.scheduleFlush();
+    }
+  }
+  /**
+   * Convert audit event payload to database format
+   */
+  convertToAuditEvent(event) {
+    if (!event.userId) {
+      logger.error("RBAC Audit", "Cannot queue audit event without userId:", {
+        eventType: event.type,
+        organisationId: event.organisationId
+      });
+      return null;
+    }
+    const rawPageId = "pageId" in event ? event.pageId : void 0;
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+    const isValidPageIdUuid = rawPageId && uuidRegex.test(rawPageId);
+    const pageIdUuid = isValidPageIdUuid ? rawPageId : void 0;
+    const pageIdName = rawPageId && !isValidPageIdUuid ? rawPageId : void 0;
+    return {
+      event_type: event.type,
+      user_id: event.userId,
+      organisation_id: event.organisationId || null,
+      event_id: "eventId" in event ? event.eventId : void 0,
+      app_id: "appId" in event ? event.appId : void 0,
+      page_id: pageIdUuid,
+      permission: "permission" in event ? event.permission : void 0,
+      decision: "decision" in event ? event.decision : void 0,
+      source: "source" in event ? event.source : "api",
+      bypass: "bypass" in event ? event.bypass : void 0,
+      duration_ms: "duration_ms" in event ? event.duration_ms : void 0,
+      metadata: {
+        ...event.metadata,
+        cache_hit: "cache_hit" in event ? event.cache_hit : void 0,
+        cache_source: "cache_source" in event ? event.cache_source : void 0,
+        no_organisation_context: !event.organisationId,
+        page_name: pageIdName
+      }
+    };
+  }
+  /**
+   * Schedule a flush after the batch window
+   */
+  scheduleFlush() {
+    if (this.flushTimer) {
+      return;
+    }
+    this.flushTimer = setTimeout(() => {
+      this.flushTimer = null;
+      this.flush();
+    }, this.config.batchWindow);
+  }
+  /**
+   * Flush all queued events
+   */
+  async flush() {
+    if (this.isFlushing || this.eventQueue.length === 0) {
+      return;
+    }
+    if (this.flushTimer) {
+      clearTimeout(this.flushTimer);
+      this.flushTimer = null;
+    }
+    this.isFlushing = true;
+    try {
+      const eventsToSend = [...this.eventQueue];
+      this.eventQueue = [];
+      if (eventsToSend.length === 0) {
+        return;
+      }
+      const { error } = await this.supabase.from("rbac_audit_events").insert(eventsToSend);
+      if (error) {
+        logger.warn("RBAC Audit", "Failed to insert batched audit events:", {
+          error: error.message,
+          code: error.code,
+          batchSize: eventsToSend.length
+        });
+      }
+    } catch (error) {
+      logger.error("RBAC Audit", "Unexpected error during batched audit logging:", error);
+    } finally {
+      this.isFlushing = false;
+    }
+  }
+  /**
+   * Send event immediately (bypass batching)
+   */
+  async sendEventImmediately(event) {
+    const auditEvent = this.convertToAuditEvent(event);
+    if (!auditEvent) {
+      return;
+    }
+    try {
+      const { error } = await this.supabase.from("rbac_audit_events").insert([auditEvent]);
+      if (error) {
+        logger.warn("RBAC Audit", "Failed to insert audit event:", {
+          error: error.message,
+          code: error.code
+        });
+      }
+    } catch (error) {
+      logger.error("RBAC Audit", "Unexpected error during audit logging:", error);
+    }
+  }
+  /**
+   * Force flush and wait for completion
+   */
+  async forceFlush() {
+    await this.flush();
+  }
+};
+
 // src/rbac/audit.ts
 var RBACAuditManager = class {
-  constructor(supabase) {
+  constructor(supabase, useBatching = true, batchConfig) {
     this.enabled = true;
     this.fallbackEnabled = true;
+    this.batchedManager = null;
+    this.useBatching = true;
     this.supabase = supabase;
+    this.useBatching = useBatching;
+    if (useBatching) {
+      this.batchedManager = new BatchedAuditManager(supabase, batchConfig);
+    }
   }
   /**
    * Enable or disable audit logging
@@ -43,6 +204,13 @@ var RBACAuditManager = class {
     if (!this.enabled) {
       return;
     }
+    if ("cache_hit" in event && event.cache_hit === true) {
+      return;
+    }
+    if (this.useBatching && this.batchedManager) {
+      await this.batchedManager.queueEvent(event);
+      return;
+    }
     if (!event.userId) {
       logger.error("RBAC Audit", "CRITICAL: Cannot log audit event without userId:", {
         eventType: event.type,
@@ -193,7 +361,7 @@ var RBACAuditManager = class {
    * @returns Promise resolving to audit events
    */
   async getUserAuditEvents(userId, limit = 100) {
-    const { data, error } = await this.supabase.from("rbac_audit_events").select("*").eq("user_id", userId).order("created_at", { ascending: false }).limit(limit);
+    const { data, error } = await this.supabase.from("rbac_audit_events").select("id, event_type, user_id, organisation_id, event_id, app_id, page_id, permission, decision, source, bypass, duration_ms, metadata, created_at").eq("user_id", userId).order("created_at", { ascending: false }).limit(limit);
     if (error) {
       const isCorsError = error.message?.toLowerCase().includes("cors") || error.message?.toLowerCase().includes("cross-origin") || error.code === null || error.status === null;
       if (isCorsError) {
@@ -219,7 +387,7 @@ var RBACAuditManager = class {
    * @returns Promise resolving to audit events
    */
   async getOrganisationAuditEvents(organisationId, limit = 100) {
-    const { data, error } = await this.supabase.from("rbac_audit_events").select("*").eq("organisation_id", organisationId).order("created_at", { ascending: false }).limit(limit);
+    const { data, error } = await this.supabase.from("rbac_audit_events").select("id, event_type, user_id, organisation_id, event_id, app_id, page_id, permission, decision, source, bypass, duration_ms, metadata, created_at").eq("organisation_id", organisationId).order("created_at", { ascending: false }).limit(limit);
     if (error) {
       const isCorsError = error.message?.toLowerCase().includes("cors") || error.message?.toLowerCase().includes("cross-origin") || error.code === null || error.status === null;
       if (isCorsError) {
@@ -238,8 +406,8 @@ var RBACAuditManager = class {
     }));
   }
 };
-function createAuditManager(supabase) {
-  return new RBACAuditManager(supabase);
+function createAuditManager(supabase, useBatching = true, batchConfig) {
+  return new RBACAuditManager(supabase, useBatching, batchConfig);
 }
 var globalAuditManager = null;
 function setGlobalAuditManager(manager) {
@@ -261,4 +429,4 @@ export {
   getGlobalAuditManager,
   emitAuditEvent
 };
-//# sourceMappingURL=chunk-FSFQFJCU.js.map
+//# sourceMappingURL=chunk-63FOKYGO.js.map

package/dist/chunk-63FOKYGO.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/rbac/audit-batched.ts","../src/rbac/audit.ts"],"sourcesContent":["/**\n * Batched Audit Manager for RBAC\n * @package @jmruthers/pace-core\n * @module RBAC/AuditBatched\n * @since 2.0.0\n * \n * This module provides batched audit logging to reduce network requests\n * by queuing events and sending them in batches.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../types/database';\nimport { RBACAuditEvent, UUID } from './types';\nimport { AuditEventPayload } from './audit';\nimport { logger } from '../utils/core/logger';\n\nexport interface BatchedAuditConfig {\n  /** Enable batched audit logging (default: true) */\n  enabled: boolean;\n  /** Time window in milliseconds to wait before sending batch (default: 100ms) */\n  batchWindow: number;\n  /** Maximum batch size before forcing send (default: 10) */\n  batchSize: number;\n}\n\nconst DEFAULT_CONFIG: BatchedAuditConfig = {\n  enabled: true,\n  batchWindow: 500, // 500ms - increased for better batching\n  batchSize: 20, // Increased from 10 to 20 for better efficiency\n};\n\n/**\n * Batched Audit Manager\n * \n * Queues audit events and sends them in batches to reduce network requests.\n */\nexport class BatchedAuditManager {\n  private supabase: SupabaseClient<Database>;\n  private config: BatchedAuditConfig;\n  private eventQueue: Array<Omit<RBACAuditEvent, 'id' | 'created_at'>> = [];\n  private flushTimer: ReturnType<typeof setTimeout> | null = null;\n  private isFlushing: boolean = false;\n\n  constructor(supabase: SupabaseClient<Database>, config: Partial<BatchedAuditConfig> = {}) {\n    this.supabase = supabase;\n    this.config = { ...DEFAULT_CONFIG, ...config };\n  }\n\n  /**\n   * Update configuration\n   */\n  updateConfig(config: Partial<BatchedAuditConfig>): void {\n    this.config = { ...this.config, ...config };\n  }\n\n  /**\n   * Queue an audit event for batching\n   * \n   * @param event - Audit event payload\n   */\n  async queueEvent(event: AuditEventPayload): Promise<void> {\n    if (!this.config.enabled) {\n      // If batching is disabled, send immediately\n      await this.sendEventImmediately(event);\n      return;\n    }\n\n    // Skip audit logging for cached checks (only log on cache miss)\n    if ('cache_hit' in event && event.cache_hit === true) {\n      return;\n    }\n\n    // Convert event payload to database format\n    const auditEvent = this.convertToAuditEvent(event);\n    if (!auditEvent) {\n      return;\n    }\n\n    // Add to queue\n    this.eventQueue.push(auditEvent);\n\n    // Check if we should flush immediately\n    if (this.eventQueue.length >= this.config.batchSize) {\n      await this.flush();\n    } else {\n      // Schedule flush after batch window\n      this.scheduleFlush();\n    }\n  }\n\n  /**\n   * Convert audit event payload to database format\n   */\n  private convertToAuditEvent(event: AuditEventPayload): Omit<RBACAuditEvent, 'id' | 'created_at'> | null {\n    // Validate required fields\n    if (!event.userId) {\n      logger.error('RBAC Audit', 'Cannot queue audit event without userId:', {\n        eventType: event.type,\n        organisationId: event.organisationId\n      });\n      return null;\n    }\n\n    // Validate pageId: only include in page_id column if it's a valid UUID\n    const rawPageId = 'pageId' in event ? event.pageId : undefined;\n    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;\n    const isValidPageIdUuid = rawPageId && uuidRegex.test(rawPageId);\n    const pageIdUuid: UUID | undefined = isValidPageIdUuid ? (rawPageId as UUID) : undefined;\n    const pageIdName: string | undefined = rawPageId && !isValidPageIdUuid ? rawPageId : undefined;\n\n    return {\n      event_type: event.type,\n      user_id: event.userId,\n      organisation_id: event.organisationId || null,\n      event_id: 'eventId' in event ? event.eventId : undefined,\n      app_id: 'appId' in event ? event.appId : undefined,\n      page_id: pageIdUuid,\n      permission: 'permission' in event ? event.permission : undefined,\n      decision: 'decision' in event ? event.decision : undefined,\n      source: 'source' in event ? event.source : 'api',\n      bypass: 'bypass' in event ? event.bypass : undefined,\n      duration_ms: 'duration_ms' in event ? event.duration_ms : undefined,\n      metadata: {\n        ...event.metadata,\n        cache_hit: 'cache_hit' in event ? event.cache_hit : undefined,\n        cache_source: 'cache_source' in event ? event.cache_source : undefined,\n        no_organisation_context: !event.organisationId,\n        page_name: pageIdName,\n      },\n    };\n  }\n\n  /**\n   * Schedule a flush after the batch window\n   */\n  private scheduleFlush(): void {\n    if (this.flushTimer) {\n      return; // Already scheduled\n    }\n\n    this.flushTimer = setTimeout(() => {\n      this.flushTimer = null;\n      this.flush();\n    }, this.config.batchWindow);\n  }\n\n  /**\n   * Flush all queued events\n   */\n  async flush(): Promise<void> {\n    if (this.isFlushing || this.eventQueue.length === 0) {\n      return;\n    }\n\n    // Clear any pending timer\n    if (this.flushTimer) {\n      clearTimeout(this.flushTimer);\n      this.flushTimer = null;\n    }\n\n    this.isFlushing = true;\n\n    try {\n      // Get all events from queue\n      const eventsToSend = [...this.eventQueue];\n      this.eventQueue = [];\n\n      if (eventsToSend.length === 0) {\n        return;\n      }\n\n      // Send batch to database\n      const { error } = await (this.supabase as any)\n        .from('rbac_audit_events')\n        .insert(eventsToSend);\n\n      if (error) {\n        logger.warn('RBAC Audit', 'Failed to insert batched audit events:', {\n          error: error.message,\n          code: error.code,\n          batchSize: eventsToSend.length,\n        });\n      }\n    } catch (error) {\n      logger.error('RBAC Audit', 'Unexpected error during batched audit logging:', error);\n    } finally {\n      this.isFlushing = false;\n    }\n  }\n\n  /**\n   * Send event immediately (bypass batching)\n   */\n  private async sendEventImmediately(event: AuditEventPayload): Promise<void> {\n    const auditEvent = this.convertToAuditEvent(event);\n    if (!auditEvent) {\n      return;\n    }\n\n    try {\n      const { error } = await (this.supabase as any)\n        .from('rbac_audit_events')\n        .insert([auditEvent]);\n\n      if (error) {\n        logger.warn('RBAC Audit', 'Failed to insert audit event:', {\n          error: error.message,\n          code: error.code,\n        });\n      }\n    } catch (error) {\n      logger.error('RBAC Audit', 'Unexpected error during audit logging:', error);\n    }\n  }\n\n  /**\n   * Force flush and wait for completion\n   */\n  async forceFlush(): Promise<void> {\n    await this.flush();\n  }\n}\n\n","/**\n * RBAC Audit Events System\n * @package @jmruthers/pace-core\n * @module RBAC/Audit\n * @since 1.0.0\n * \n * This module provides structured audit event emission for all RBAC operations.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../types/database';\nimport { \n  UUID, \n  AuditEventSource, \n  RBACAuditEvent \n} from './types';\nimport type { AuditEventType } from './types/functions';\nimport { logger } from '../utils/core/logger';\nimport { BatchedAuditManager } from './audit-batched';\n\n/**\n * Audit event payload for permission checks\n */\nexport interface PermissionCheckAuditEvent {\n  type: 'permission_check';\n  userId: UUID;\n  organisationId: UUID;\n  eventId?: string;\n  appId?: UUID;\n  pageId?: UUID;\n  permission: string;\n  decision: boolean;\n  source: AuditEventSource;\n  bypass?: boolean;\n  duration_ms: number;\n  cache_hit?: boolean;\n  cache_source?: 'memory' | 'database' | 'rpc';\n  metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for permission denied\n */\nexport interface PermissionDeniedAuditEvent {\n  type: 'permission_denied';\n  userId: UUID;\n  organisationId: UUID;\n  eventId?: string;\n  appId?: UUID;\n  pageId?: UUID;\n  permission: string;\n  source: AuditEventSource;\n  metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for role granted\n */\nexport interface RoleGrantedAuditEvent {\n  type: 'role_granted';\n  userId: UUID;\n  organisationId: UUID;\n  eventId?: string;\n  appId?: UUID;\n  role: string;\n  grantedBy: UUID;\n  metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for role revoked\n */\nexport interface RoleRevokedAuditEvent {\n  type: 'role_denied';\n  userId: UUID;\n  organisationId: UUID;\n  eventId?: string;\n  appId?: UUID;\n  role: string;\n  revokedBy: UUID;\n  metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for RLS denied\n */\nexport interface RLSDeniedAuditEvent {\n  type: 'rls_denied';\n  userId: UUID;\n  organisationId: UUID;\n  table: string;\n  operation: string;\n  metadata?: Record<string, any>;\n}\n\n/**\n * Union type for all audit events\n */\nexport type AuditEventPayload = \n  | PermissionCheckAuditEvent\n  | PermissionDeniedAuditEvent\n  | RoleGrantedAuditEvent\n  | RoleRevokedAuditEvent\n  | RLSDeniedAuditEvent;\n\n/**\n * RBAC Audit Manager\n * \n * Handles emission of structured audit events for all RBAC operations.\n */\nexport class RBACAuditManager {\n  private supabase: SupabaseClient<Database>;\n  private enabled: boolean = true;\n  private fallbackEnabled: boolean = true;\n  private batchedManager: BatchedAuditManager | null = null;\n  private useBatching: boolean = true;\n\n  constructor(\n    supabase: SupabaseClient<Database>, \n    useBatching: boolean = true,\n    batchConfig?: { batchWindow?: number; batchSize?: number }\n  ) {\n    this.supabase = supabase;\n    this.useBatching = useBatching;\n    if (useBatching) {\n      this.batchedManager = new BatchedAuditManager(supabase, batchConfig);\n    }\n  }\n\n  /**\n   * Enable or disable audit logging\n   * \n   * @param enabled - Whether to enable audit logging\n   */\n  setEnabled(enabled: boolean): void {\n    this.enabled = enabled;\n  }\n\n  /**\n   * Check if audit logging is enabled\n   * \n   * @returns True if audit logging is enabled\n   */\n  isEnabled(): boolean {\n    return this.enabled;\n  }\n\n  /**\n   * Enable or disable fallback logging (console logging when database fails)\n   * \n   * @param enabled - Whether to enable fallback logging\n   */\n  setFallbackEnabled(enabled: boolean): void {\n    this.fallbackEnabled = enabled;\n  }\n\n  /**\n   * Emit an audit event\n   * \n   * @param event - Audit event payload\n   * @returns Promise that resolves when event is logged\n   */\n  async emitEvent(event: AuditEventPayload): Promise<void> {\n    if (!this.enabled) {\n      return;\n    }\n\n    // Skip audit logging for cached checks (only log on cache miss)\n    if ('cache_hit' in event && event.cache_hit === true) {\n      return;\n    }\n\n    // Use batched manager if enabled\n    if (this.useBatching && this.batchedManager) {\n      await this.batchedManager.queueEvent(event);\n      return;\n    }\n\n    // Validate required fields before attempting to insert\n    // MANDATORY: All audit events must have userId\n    if (!event.userId) {\n      logger.error('RBAC Audit', 'CRITICAL: Cannot log audit event without userId:', {\n        eventType: event.type,\n        organisationId: event.organisationId\n      });\n      return;\n    }\n\n    // WARNING: Some audit events may not have organisationId (e.g., global admin operations)\n    // Log these for security monitoring even if organisationId is missing\n    if (!event.organisationId) {\n      logger.warn('RBAC Audit', 'Audit event without organisation context:', {\n        userId: event.userId,\n        eventType: event.type,\n        note: 'This should be investigated for security compliance'\n      });\n    }\n\n    try {\n      // Since organisationId is now required in SecurityContext, this should rarely happen\n      // But we still handle the edge case properly without masking it\n      if (!event.organisationId) {\n        logger.warn('RBAC Audit', 'Audit event without organisation context - this should be investigated:', {\n          userId: event.userId,\n          eventType: event.type,\n          note: 'Organisation context is required for RBAC operations. This may indicate a security issue or missing context derivation.'\n        });\n      }\n\n      // Validate pageId: only include in page_id column if it's a valid UUID\n      // Otherwise, store it in metadata to avoid database errors\n      const rawPageId = 'pageId' in event ? event.pageId : undefined;\n      const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;\n      const isValidPageIdUuid = rawPageId && uuidRegex.test(rawPageId);\n      const pageIdUuid: UUID | undefined = isValidPageIdUuid ? (rawPageId as UUID) : undefined;\n      const pageIdName: string | undefined = rawPageId && !isValidPageIdUuid ? rawPageId : undefined;\n\n      const auditEvent: Omit<RBACAuditEvent, 'id' | 'created_at'> = {\n        event_type: event.type,\n        user_id: event.userId,\n        // Store organisationId - nullable to properly track missing context cases\n        // Do NOT use fallback UUID as it masks security issues\n        organisation_id: event.organisationId || null, // Explicitly null if missing\n        event_id: 'eventId' in event ? event.eventId : undefined,\n        app_id: 'appId' in event ? event.appId : undefined,\n        page_id: pageIdUuid, // Only set if it's a valid UUID\n        permission: 'permission' in event ? event.permission : undefined,\n        decision: 'decision' in event ? event.decision : undefined,\n        source: 'source' in event ? event.source : 'api', // Default to 'api' if not provided\n        bypass: 'bypass' in event ? event.bypass : undefined,\n        duration_ms: 'duration_ms' in event ? event.duration_ms : undefined,\n        metadata: {\n          ...event.metadata,\n          cache_hit: 'cache_hit' in event ? event.cache_hit : undefined,\n          cache_source: 'cache_source' in event ? event.cache_source : undefined,\n          // Explicit flag indicating this event had no organisation context\n          no_organisation_context: !event.organisationId,\n          // Store page name/identifier in metadata if it's not a UUID\n          page_name: pageIdName,\n        },\n      };\n\n      const { error } = await (this.supabase as any)\n        .from('rbac_audit_events')\n        .insert([auditEvent]);\n\n      if (error) {\n        // Log the error for debugging\n        logger.warn('RBAC Audit', 'Failed to insert audit event:', {\n          error: error.message,\n          code: error.code,\n          details: error.details,\n          hint: error.hint,\n          event: auditEvent\n        });\n\n        // Use fallback logging if enabled\n        if (this.fallbackEnabled) {\n          this.logFallbackEvent(event, error);\n        }\n      }\n    } catch (error) {\n      // Log unexpected errors\n      logger.error('RBAC Audit', 'Unexpected error during audit logging:', error);\n      \n      // Use fallback logging if enabled\n      if (this.fallbackEnabled) {\n        this.logFallbackEvent(event, error);\n      }\n    }\n  }\n\n  /**\n   * Log event to console as fallback when database logging fails\n   * \n   * @param event - Audit event payload\n   * @param error - The error that occurred\n   */\n  private logFallbackEvent(event: AuditEventPayload, error: any): void {\n    logger.debug('RBAC Audit Fallback', 'Database audit logging failed, using console fallback', {\n      timestamp: new Date().toISOString(),\n      event,\n      error: error?.message || error\n    });\n  }\n\n  /**\n   * Emit a permission check audit event\n   * \n   * @param event - Permission check event data\n   */\n  async emitPermissionCheck(event: Omit<PermissionCheckAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'permission_check',\n      ...event,\n    });\n  }\n\n  /**\n   * Emit a permission denied audit event\n   * \n   * @param event - Permission denied event data\n   */\n  async emitPermissionDenied(event: Omit<PermissionDeniedAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'permission_denied',\n      ...event,\n    });\n  }\n\n  /**\n   * Emit a role granted audit event\n   * \n   * @param event - Role granted event data\n   */\n  async emitRoleGranted(event: Omit<RoleGrantedAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'role_granted',\n      ...event,\n    });\n  }\n\n  /**\n   * Emit a role revoked audit event\n   * \n   * @param event - Role revoked event data\n   */\n  async emitRoleRevoked(event: Omit<RoleRevokedAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'role_denied',\n      ...event,\n    });\n  }\n\n  /**\n   * Emit an RLS denied audit event\n   * \n   * @param event - RLS denied event data\n   */\n  async emitRLSDenied(event: Omit<RLSDeniedAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'rls_denied',\n      ...event,\n    });\n  }\n\n  /**\n   * Get audit events for a user\n   * \n   * @param userId - User ID\n   * @param limit - Maximum number of events to return\n   * @returns Promise resolving to audit events\n   */\n  async getUserAuditEvents(userId: UUID, limit: number = 100): Promise<RBACAuditEvent[]> {\n    const { data, error } = await this.supabase\n      .from('rbac_audit_events')\n      .select('id, event_type, user_id, organisation_id, event_id, app_id, page_id, permission, decision, source, bypass, duration_ms, metadata, created_at')\n      .eq('user_id', userId)\n      .order('created_at', { ascending: false })\n      .limit(limit);\n\n    if (error) {\n      // Detect CORS errors (they typically have null status or specific error codes)\n      const isCorsError = \n        error.message?.toLowerCase().includes('cors') ||\n        error.message?.toLowerCase().includes('cross-origin') ||\n        error.code === null ||\n        (error as any).status === null;\n      \n      if (isCorsError) {\n        const corsError = new Error(\n          `CORS error when querying audit events. This is a Supabase configuration issue. ` +\n          `Please configure CORS in your Supabase Dashboard: Settings → API → CORS. ` +\n          `Add your app's origin (e.g., http://localhost:8087) to the allowed origins list. ` +\n          `Original error: ${error.message || 'CORS request did not succeed'}`\n        );\n        (corsError as any).isCorsError = true;\n        (corsError as any).originalError = error;\n        throw corsError;\n      }\n      \n      throw new Error(`Failed to get audit events: ${error.message}`);\n    }\n\n    return (data || []).map(event => ({\n      ...event,\n      event_type: event.event_type as AuditEventType\n    })) as RBACAuditEvent[];\n  }\n\n  /**\n   * Get audit events for an organisation\n   * \n   * @param organisationId - Organisation ID\n   * @param limit - Maximum number of events to return\n   * @returns Promise resolving to audit events\n   */\n  async getOrganisationAuditEvents(organisationId: UUID, limit: number = 100): Promise<RBACAuditEvent[]> {\n    const { data, error } = await this.supabase\n      .from('rbac_audit_events')\n      .select('id, event_type, user_id, organisation_id, event_id, app_id, page_id, permission, decision, source, bypass, duration_ms, metadata, created_at')\n      .eq('organisation_id', organisationId)\n      .order('created_at', { ascending: false })\n      .limit(limit);\n\n    if (error) {\n      // Detect CORS errors (they typically have null status or specific error codes)\n      const isCorsError = \n        error.message?.toLowerCase().includes('cors') ||\n        error.message?.toLowerCase().includes('cross-origin') ||\n        error.code === null ||\n        (error as any).status === null;\n      \n      if (isCorsError) {\n        const corsError = new Error(\n          `CORS error when querying audit events. This is a Supabase configuration issue. ` +\n          `Please configure CORS in your Supabase Dashboard: Settings → API → CORS. ` +\n          `Add your app's origin (e.g., http://localhost:8087) to the allowed origins list. ` +\n          `Original error: ${error.message || 'CORS request did not succeed'}`\n        );\n        (corsError as any).isCorsError = true;\n        (corsError as any).originalError = error;\n        throw corsError;\n      }\n      \n      throw new Error(`Failed to get audit events: ${error.message}`);\n    }\n\n    return (data || []).map(event => ({\n      ...event,\n      event_type: event.event_type as AuditEventType\n    })) as RBACAuditEvent[];\n  }\n}\n\n/**\n * Create an audit manager instance\n * \n * @param supabase - Supabase client\n * @param useBatching - Whether to use batched audit logging (default: true)\n * @param batchConfig - Optional batch configuration\n * @returns RBACAuditManager instance\n */\nexport function createAuditManager(\n  supabase: SupabaseClient<Database>, \n  useBatching: boolean = true,\n  batchConfig?: { batchWindow?: number; batchSize?: number }\n): RBACAuditManager {\n  return new RBACAuditManager(supabase, useBatching, batchConfig);\n}\n\n/**\n * Global audit manager instance\n * \n * This is set by the RBAC engine when it initializes.\n */\nlet globalAuditManager: RBACAuditManager | null = null;\n\n/**\n * Set the global audit manager\n * \n * @param manager - Audit manager instance\n */\nexport function setGlobalAuditManager(manager: RBACAuditManager): void {\n  globalAuditManager = manager;\n}\n\n/**\n * Get the global audit manager\n * \n * @returns Global audit manager or null if not set\n */\nexport function getGlobalAuditManager(): RBACAuditManager | null {\n  return globalAuditManager;\n}\n\n/**\n * Emit an audit event using the global audit manager\n * \n * @param event - Audit event payload\n */\nexport async function emitAuditEvent(event: AuditEventPayload): Promise<void> {\n  if (globalAuditManager) {\n    await globalAuditManager.emitEvent(event);\n  }\n}\n"],"mappings":";;;;;AAyBA,IAAM,iBAAqC;AAAA,EACzC,SAAS;AAAA,EACT,aAAa;AAAA;AAAA,EACb,WAAW;AAAA;AACb;AAOO,IAAM,sBAAN,MAA0B;AAAA,EAO/B,YAAY,UAAoC,SAAsC,CAAC,GAAG;AAJ1F,SAAQ,aAA+D,CAAC;AACxE,SAAQ,aAAmD;AAC3D,SAAQ,aAAsB;AAG5B,SAAK,WAAW;AAChB,SAAK,SAAS,EAAE,GAAG,gBAAgB,GAAG,OAAO;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAA2C;AACtD,SAAK,SAAS,EAAE,GAAG,KAAK,QAAQ,GAAG,OAAO;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,WAAW,OAAyC;AACxD,QAAI,CAAC,KAAK,OAAO,SAAS;AAExB,YAAM,KAAK,qBAAqB,KAAK;AACrC;AAAA,IACF;AAGA,QAAI,eAAe,SAAS,MAAM,cAAc,MAAM;AACpD;AAAA,IACF;AAGA,UAAM,aAAa,KAAK,oBAAoB,KAAK;AACjD,QAAI,CAAC,YAAY;AACf;AAAA,IACF;AAGA,SAAK,WAAW,KAAK,UAAU;AAG/B,QAAI,KAAK,WAAW,UAAU,KAAK,OAAO,WAAW;AACnD,YAAM,KAAK,MAAM;AAAA,IACnB,OAAO;AAEL,WAAK,cAAc;AAAA,IACrB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,oBAAoB,OAA4E;AAEtG,QAAI,CAAC,MAAM,QAAQ;AACjB,aAAO,MAAM,cAAc,4CAA4C;AAAA,QACrE,WAAW,MAAM;AAAA,QACjB,gBAAgB,MAAM;AAAA,MACxB,CAAC;AACD,aAAO;AAAA,IACT;AAGA,UAAM,YAAY,YAAY,QAAQ,MAAM,SAAS;AACrD,UAAM,YAAY;AAClB,UAAM,oBAAoB,aAAa,UAAU,KAAK,SAAS;AAC/D,UAAM,aAA+B,oBAAqB,YAAqB;AAC/E,UAAM,aAAiC,aAAa,CAAC,oBAAoB,YAAY;AAErF,WAAO;AAAA,MACL,YAAY,MAAM;AAAA,MAClB,SAAS,MAAM;AAAA,MACf,iBAAiB,MAAM,kBAAkB;AAAA,MACzC,UAAU,aAAa,QAAQ,MAAM,UAAU;AAAA,MAC/C,QAAQ,WAAW,QAAQ,MAAM,QAAQ;AAAA,MACzC,SAAS;AAAA,MACT,YAAY,gBAAgB,QAAQ,MAAM,aAAa;AAAA,MACvD,UAAU,cAAc,QAAQ,MAAM,WAAW;AAAA,MACjD,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA,MAC3C,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA,MAC3C,aAAa,iBAAiB,QAAQ,MAAM,cAAc;AAAA,MAC1D,UAAU;AAAA,QACR,GAAG,MAAM;AAAA,QACT,WAAW,eAAe,QAAQ,MAAM,YAAY;AAAA,QACpD,cAAc,kBAAkB,QAAQ,MAAM,eAAe;AAAA,QAC7D,yBAAyB,CAAC,MAAM;AAAA,QAChC,WAAW;AAAA,MACb;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,gBAAsB;AAC5B,QAAI,KAAK,YAAY;AACnB;AAAA,IACF;AAEA,SAAK,aAAa,WAAW,MAAM;AACjC,WAAK,aAAa;AAClB,WAAK,MAAM;AAAA,IACb,GAAG,KAAK,OAAO,WAAW;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAuB;AAC3B,QAAI,KAAK,cAAc,KAAK,WAAW,WAAW,GAAG;AACnD;AAAA,IACF;AAGA,QAAI,KAAK,YAAY;AACnB,mBAAa,KAAK,UAAU;AAC5B,WAAK,aAAa;AAAA,IACpB;AAEA,SAAK,aAAa;AAElB,QAAI;AAEF,YAAM,eAAe,CAAC,GAAG,KAAK,UAAU;AACxC,WAAK,aAAa,CAAC;AAEnB,UAAI,aAAa,WAAW,GAAG;AAC7B;AAAA,MACF;AAGA,YAAM,EAAE,MAAM,IAAI,MAAO,KAAK,SAC3B,KAAK,mBAAmB,EACxB,OAAO,YAAY;AAEtB,UAAI,OAAO;AACT,eAAO,KAAK,cAAc,0CAA0C;AAAA,UAClE,OAAO,MAAM;AAAA,UACb,MAAM,MAAM;AAAA,UACZ,WAAW,aAAa;AAAA,QAC1B,CAAC;AAAA,MACH;AAAA,IACF,SAAS,OAAO;AACd,aAAO,MAAM,cAAc,kDAAkD,KAAK;AAAA,IACpF,UAAE;AACA,WAAK,aAAa;AAAA,IACpB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,qBAAqB,OAAyC;AAC1E,UAAM,aAAa,KAAK,oBAAoB,KAAK;AACjD,QAAI,CAAC,YAAY;AACf;AAAA,IACF;AAEA,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAO,KAAK,SAC3B,KAAK,mBAAmB,EACxB,OAAO,CAAC,UAAU,CAAC;AAEtB,UAAI,OAAO;AACT,eAAO,KAAK,cAAc,iCAAiC;AAAA,UACzD,OAAO,MAAM;AAAA,UACb,MAAM,MAAM;AAAA,QACd,CAAC;AAAA,MACH;AAAA,IACF,SAAS,OAAO;AACd,aAAO,MAAM,cAAc,0CAA0C,KAAK;AAAA,IAC5E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAA4B;AAChC,UAAM,KAAK,MAAM;AAAA,EACnB;AACF;;;AC/GO,IAAM,mBAAN,MAAuB;AAAA,EAO5B,YACE,UACA,cAAuB,MACvB,aACA;AATF,SAAQ,UAAmB;AAC3B,SAAQ,kBAA2B;AACnC,SAAQ,iBAA6C;AACrD,SAAQ,cAAuB;AAO7B,SAAK,WAAW;AAChB,SAAK,cAAc;AACnB,QAAI,aAAa;AACf,WAAK,iBAAiB,IAAI,oBAAoB,UAAU,WAAW;AAAA,IACrE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAW,SAAwB;AACjC,SAAK,UAAU;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,YAAqB;AACnB,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,mBAAmB,SAAwB;AACzC,SAAK,kBAAkB;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,UAAU,OAAyC;AACvD,QAAI,CAAC,KAAK,SAAS;AACjB;AAAA,IACF;AAGA,QAAI,eAAe,SAAS,MAAM,cAAc,MAAM;AACpD;AAAA,IACF;AAGA,QAAI,KAAK,eAAe,KAAK,gBAAgB;AAC3C,YAAM,KAAK,eAAe,WAAW,KAAK;AAC1C;AAAA,IACF;AAIA,QAAI,CAAC,MAAM,QAAQ;AACjB,aAAO,MAAM,cAAc,oDAAoD;AAAA,QAC7E,WAAW,MAAM;AAAA,QACjB,gBAAgB,MAAM;AAAA,MACxB,CAAC;AACD;AAAA,IACF;AAIA,QAAI,CAAC,MAAM,gBAAgB;AACzB,aAAO,KAAK,cAAc,6CAA6C;AAAA,QACrE,QAAQ,MAAM;AAAA,QACd,WAAW,MAAM;AAAA,QACjB,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,QAAI;AAGF,UAAI,CAAC,MAAM,gBAAgB;AACzB,eAAO,KAAK,cAAc,2EAA2E;AAAA,UACnG,QAAQ,MAAM;AAAA,UACd,WAAW,MAAM;AAAA,UACjB,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAIA,YAAM,YAAY,YAAY,QAAQ,MAAM,SAAS;AACrD,YAAM,YAAY;AAClB,YAAM,oBAAoB,aAAa,UAAU,KAAK,SAAS;AAC/D,YAAM,aAA+B,oBAAqB,YAAqB;AAC/E,YAAM,aAAiC,aAAa,CAAC,oBAAoB,YAAY;AAErF,YAAM,aAAwD;AAAA,QAC5D,YAAY,MAAM;AAAA,QAClB,SAAS,MAAM;AAAA;AAAA;AAAA,QAGf,iBAAiB,MAAM,kBAAkB;AAAA;AAAA,QACzC,UAAU,aAAa,QAAQ,MAAM,UAAU;AAAA,QAC/C,QAAQ,WAAW,QAAQ,MAAM,QAAQ;AAAA,QACzC,SAAS;AAAA;AAAA,QACT,YAAY,gBAAgB,QAAQ,MAAM,aAAa;AAAA,QACvD,UAAU,cAAc,QAAQ,MAAM,WAAW;AAAA,QACjD,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA;AAAA,QAC3C,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA,QAC3C,aAAa,iBAAiB,QAAQ,MAAM,cAAc;AAAA,QAC1D,UAAU;AAAA,UACR,GAAG,MAAM;AAAA,UACT,WAAW,eAAe,QAAQ,MAAM,YAAY;AAAA,UACpD,cAAc,kBAAkB,QAAQ,MAAM,eAAe;AAAA;AAAA,UAE7D,yBAAyB,CAAC,MAAM;AAAA;AAAA,UAEhC,WAAW;AAAA,QACb;AAAA,MACF;AAEA,YAAM,EAAE,MAAM,IAAI,MAAO,KAAK,SAC3B,KAAK,mBAAmB,EACxB,OAAO,CAAC,UAAU,CAAC;AAEtB,UAAI,OAAO;AAET,eAAO,KAAK,cAAc,iCAAiC;AAAA,UACzD,OAAO,MAAM;AAAA,UACb,MAAM,MAAM;AAAA,UACZ,SAAS,MAAM;AAAA,UACf,MAAM,MAAM;AAAA,UACZ,OAAO;AAAA,QACT,CAAC;AAGD,YAAI,KAAK,iBAAiB;AACxB,eAAK,iBAAiB,OAAO,KAAK;AAAA,QACpC;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AAEd,aAAO,MAAM,cAAc,0CAA0C,KAAK;AAG1E,UAAI,KAAK,iBAAiB;AACxB,aAAK,iBAAiB,OAAO,KAAK;AAAA,MACpC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,iBAAiB,OAA0B,OAAkB;AACnE,WAAO,MAAM,uBAAuB,yDAAyD;AAAA,MAC3F,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC;AAAA,MACA,OAAO,OAAO,WAAW;AAAA,IAC3B,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,oBAAoB,OAA+D;AACvF,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,qBAAqB,OAAgE;AACzF,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,gBAAgB,OAA2D;AAC/E,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,gBAAgB,OAA2D;AAC/E,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,cAAc,OAAyD;AAC3E,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,mBAAmB,QAAc,QAAgB,KAAgC;AACrF,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,mBAAmB,EACxB,OAAO,8IAA8I,EACrJ,GAAG,WAAW,MAAM,EACpB,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,KAAK;AAEd,QAAI,OAAO;AAET,YAAM,cACJ,MAAM,SAAS,YAAY,EAAE,SAAS,MAAM,KAC5C,MAAM,SAAS,YAAY,EAAE,SAAS,cAAc,KACpD,MAAM,SAAS,QACd,MAAc,WAAW;AAE5B,UAAI,aAAa;AACf,cAAM,YAAY,IAAI;AAAA,UACpB,sQAGmB,MAAM,WAAW,8BAA8B;AAAA,QACpE;AACA,QAAC,UAAkB,cAAc;AACjC,QAAC,UAAkB,gBAAgB;AACnC,cAAM;AAAA,MACR;AAEA,YAAM,IAAI,MAAM,+BAA+B,MAAM,OAAO,EAAE;AAAA,IAChE;AAEA,YAAQ,QAAQ,CAAC,GAAG,IAAI,YAAU;AAAA,MAChC,GAAG;AAAA,MACH,YAAY,MAAM;AAAA,IACpB,EAAE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,2BAA2B,gBAAsB,QAAgB,KAAgC;AACrG,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,mBAAmB,EACxB,OAAO,8IAA8I,EACrJ,GAAG,mBAAmB,cAAc,EACpC,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,KAAK;AAEd,QAAI,OAAO;AAET,YAAM,cACJ,MAAM,SAAS,YAAY,EAAE,SAAS,MAAM,KAC5C,MAAM,SAAS,YAAY,EAAE,SAAS,cAAc,KACpD,MAAM,SAAS,QACd,MAAc,WAAW;AAE5B,UAAI,aAAa;AACf,cAAM,YAAY,IAAI;AAAA,UACpB,sQAGmB,MAAM,WAAW,8BAA8B;AAAA,QACpE;AACA,QAAC,UAAkB,cAAc;AACjC,QAAC,UAAkB,gBAAgB;AACnC,cAAM;AAAA,MACR;AAEA,YAAM,IAAI,MAAM,+BAA+B,MAAM,OAAO,EAAE;AAAA,IAChE;AAEA,YAAQ,QAAQ,CAAC,GAAG,IAAI,YAAU;AAAA,MAChC,GAAG;AAAA,MACH,YAAY,MAAM;AAAA,IACpB,EAAE;AAAA,EACJ;AACF;AAUO,SAAS,mBACd,UACA,cAAuB,MACvB,aACkB;AAClB,SAAO,IAAI,iBAAiB,UAAU,aAAa,WAAW;AAChE;AAOA,IAAI,qBAA8C;AAO3C,SAAS,sBAAsB,SAAiC;AACrE,uBAAqB;AACvB;AAOO,SAAS,wBAAiD;AAC/D,SAAO;AACT;AAOA,eAAsB,eAAe,OAAyC;AAC5E,MAAI,oBAAoB;AACtB,UAAM,mBAAmB,UAAU,KAAK;AAAA,EAC1C;AACF;","names":[]}