npm - @jmruthers/pace-core - Versions diffs - 0.5.185 → 0.5.187 - Mend

@jmruthers/pace-core 0.5.185 → 0.5.187

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (300) hide show

package/dist/{DataTable-Z9NLVJh0.d.ts → DataTable-IVYljGJ6.d.ts} +1 -1
package/dist/{DataTable-IX2NBUTP.js → DataTable-K3RJRSOX.js} +7 -7
package/dist/{PublicPageProvider-BABf6JCh.d.ts → PublicPageProvider-DrLDztHt.d.ts} +214 -107
package/dist/{UnifiedAuthProvider-A4BCQRJY.js → UnifiedAuthProvider-B76OWOAT.js} +2 -2
package/dist/{api-BMFCXVQX.js → api-YP7XD5L6.js} +3 -3
package/dist/{audit-WRS3KJKI.js → audit-B5P6FFIR.js} +2 -2
package/dist/{chunk-445GEP27.js → chunk-3IC5WCMO.js} +33 -8
package/dist/chunk-3IC5WCMO.js.map +1 -0
package/dist/{chunk-OKI34GZD.js → chunk-3NFNJOO7.js} +8 -8
package/dist/chunk-3NFNJOO7.js.map +1 -0
package/dist/{chunk-FSFQFJCU.js → chunk-63FOKYGO.js} +174 -6
package/dist/chunk-63FOKYGO.js.map +1 -0
package/dist/{chunk-MX3EIJGQ.js → chunk-C4OYJOV4.js} +631 -97
package/dist/chunk-C4OYJOV4.js.map +1 -0
package/dist/{chunk-HGPQUCBC.js → chunk-FMTK4XNN.js} +3 -3
package/dist/{chunk-U6WNSFX5.js → chunk-HEHYGYOX.js} +279 -44
package/dist/chunk-HEHYGYOX.js.map +1 -0
package/dist/{chunk-XAUHJD3L.js → chunk-K2JGDXGU.js} +2 -2
package/dist/{chunk-HC67NW5K.js → chunk-LBBUPSSC.js} +863 -552
package/dist/chunk-LBBUPSSC.js.map +1 -0
package/dist/{chunk-IXSNYUCT.js → chunk-SAUPYVLF.js} +1 -1
package/dist/chunk-SAUPYVLF.js.map +1 -0
package/dist/{chunk-AISXLWGZ.js → chunk-T6ZJVI3A.js} +27 -23
package/dist/chunk-T6ZJVI3A.js.map +1 -0
package/dist/{chunk-STTZQK2I.js → chunk-ULX5FYEM.js} +9 -7
package/dist/chunk-ULX5FYEM.js.map +1 -0
package/dist/{chunk-FXFJRTKI.js → chunk-WK2Y6TGA.js} +3 -3
package/dist/chunk-WK2Y6TGA.js.map +1 -0
package/dist/chunk-YHCN776L.js +447 -0
package/dist/chunk-YHCN776L.js.map +1 -0
package/dist/components.d.ts +4 -4
package/dist/components.js +12 -10
package/dist/components.js.map +1 -1
package/dist/{database.generated-CBmg2950.d.ts → database.generated-DI89OQeI.d.ts} +63 -9
package/dist/{file-reference-BjR39ktt.d.ts → file-reference-D037xOFK.d.ts} +3 -1
package/dist/hooks.d.ts +265 -6
package/dist/hooks.js +148 -49
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +25 -10
package/dist/index.js +65 -30
package/dist/index.js.map +1 -1
package/dist/providers.js +1 -1
package/dist/rbac/index.d.ts +125 -8
package/dist/rbac/index.js +27 -7
package/dist/{types-DUyCRSTj.d.ts → types-Bwgl--Xo.d.ts} +162 -1
package/dist/types.d.ts +2 -2
package/dist/types.js +1 -1
package/dist/{usePublicRouteParams-CvnC3d-e.d.ts → usePublicRouteParams-CTDELQ7H.d.ts} +3 -3
package/dist/utils.d.ts +214 -4
package/dist/utils.js +22 -2
package/dist/utils.js.map +1 -1
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +1 -1
package/docs/api/classes/Logger.md +1 -1
package/docs/api/classes/MissingUserContextError.md +1 -1
package/docs/api/classes/OrganisationContextRequiredError.md +1 -1
package/docs/api/classes/PermissionDeniedError.md +1 -1
package/docs/api/classes/RBACAuditManager.md +21 -17
package/docs/api/classes/RBACCache.md +31 -23
package/docs/api/classes/RBACEngine.md +6 -6
package/docs/api/classes/RBACError.md +1 -1
package/docs/api/classes/RBACNotInitializedError.md +1 -1
package/docs/api/classes/SecureSupabaseClient.md +5 -5
package/docs/api/classes/StorageUtils.md +1 -1
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/enums/LogLevel.md +1 -1
package/docs/api/enums/RBACErrorCode.md +1 -1
package/docs/api/enums/RPCFunction.md +1 -1
package/docs/api/interfaces/AddressFieldProps.md +241 -0
package/docs/api/interfaces/AddressFieldRef.md +94 -0
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/AutocompleteOptions.md +75 -0
package/docs/api/interfaces/BadgeProps.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CalendarProps.md +1 -1
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/ComplianceResult.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +1 -1
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/DatabaseComplianceResult.md +1 -1
package/docs/api/interfaces/DatabaseIssue.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventAppRoleData.md +1 -1
package/docs/api/interfaces/ExportColumn.md +1 -1
package/docs/api/interfaces/ExportOptions.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +15 -15
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +33 -9
package/docs/api/interfaces/FileUploadProps.md +36 -14
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/FormFieldProps.md +1 -1
package/docs/api/interfaces/FormProps.md +1 -1
package/docs/api/interfaces/GrantEventAppRoleParams.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoggerConfig.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +1 -1
package/docs/api/interfaces/NavigationContextType.md +1 -1
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +1 -1
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +1 -1
package/docs/api/interfaces/PagePermissionContextType.md +1 -1
package/docs/api/interfaces/PagePermissionGuardProps.md +11 -11
package/docs/api/interfaces/PagePermissionProviderProps.md +1 -1
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/ParsedAddress.md +120 -0
package/docs/api/interfaces/PermissionEnforcerProps.md +1 -1
package/docs/api/interfaces/ProgressProps.md +1 -1
package/docs/api/interfaces/ProtectedRouteProps.md +6 -6
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/QuickFix.md +1 -1
package/docs/api/interfaces/RBACAccessValidateParams.md +1 -1
package/docs/api/interfaces/RBACAccessValidateResult.md +1 -1
package/docs/api/interfaces/RBACAuditLogParams.md +1 -1
package/docs/api/interfaces/RBACAuditLogResult.md +1 -1
package/docs/api/interfaces/RBACConfig.md +27 -4
package/docs/api/interfaces/RBACContext.md +1 -1
package/docs/api/interfaces/RBACLogger.md +5 -5
package/docs/api/interfaces/RBACPageAccessCheckParams.md +1 -1
package/docs/api/interfaces/RBACPerformanceMetrics.md +138 -0
package/docs/api/interfaces/RBACPermissionCheckParams.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckResult.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetParams.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetResult.md +1 -1
package/docs/api/interfaces/RBACResult.md +1 -1
package/docs/api/interfaces/RBACRoleGrantParams.md +1 -1
package/docs/api/interfaces/RBACRoleGrantResult.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeParams.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeResult.md +1 -1
package/docs/api/interfaces/RBACRoleValidateParams.md +1 -1
package/docs/api/interfaces/RBACRoleValidateResult.md +1 -1
package/docs/api/interfaces/RBACRolesListParams.md +1 -1
package/docs/api/interfaces/RBACRolesListResult.md +1 -1
package/docs/api/interfaces/RBACSessionTrackParams.md +1 -1
package/docs/api/interfaces/RBACSessionTrackResult.md +1 -1
package/docs/api/interfaces/ResourcePermissions.md +1 -1
package/docs/api/interfaces/RevokeEventAppRoleParams.md +1 -1
package/docs/api/interfaces/RoleBasedRouterContextType.md +1 -1
package/docs/api/interfaces/RoleBasedRouterProps.md +1 -1
package/docs/api/interfaces/RoleManagementResult.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +1 -1
package/docs/api/interfaces/RouteConfig.md +1 -1
package/docs/api/interfaces/RuntimeComplianceResult.md +1 -1
package/docs/api/interfaces/SecureDataContextType.md +1 -1
package/docs/api/interfaces/SecureDataProviderProps.md +1 -1
package/docs/api/interfaces/SessionRestorationLoaderProps.md +1 -1
package/docs/api/interfaces/SetupIssue.md +1 -1
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/TabsContentProps.md +1 -1
package/docs/api/interfaces/TabsListProps.md +1 -1
package/docs/api/interfaces/TabsProps.md +1 -1
package/docs/api/interfaces/TabsTriggerProps.md +1 -1
package/docs/api/interfaces/TextareaProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +1 -1
package/docs/api/interfaces/UnifiedAuthProviderProps.md +1 -1
package/docs/api/interfaces/UseFormDialogOptions.md +1 -1
package/docs/api/interfaces/UseFormDialogReturn.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +2 -2
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +2 -2
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +2 -2
package/docs/api/interfaces/UseResolvedScopeReturn.md +1 -1
package/docs/api/interfaces/UseResourcePermissionsOptions.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +1 -1
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +328 -69
package/docs/api-reference/components.md +26 -12
package/docs/best-practices/performance.md +11 -0
package/docs/implementation-guides/file-reference-system.md +24 -2
package/docs/implementation-guides/file-upload-storage.md +38 -1
package/docs/rbac/README.md +2 -1
package/docs/rbac/api-reference.md +11 -0
package/docs/rbac/performance.md +320 -0
package/docs/standards/01-architecture-standard.md +5 -0
package/docs/standards/05-security-standard.md +12 -0
package/package.json +1 -1
package/scripts/check-pace-core-compliance.js +512 -0
package/src/components/AddressField/AddressField.test.tsx +411 -0
package/src/components/AddressField/AddressField.tsx +323 -0
package/src/components/AddressField/README.md +336 -0
package/src/components/AddressField/index.ts +10 -0
package/src/components/AddressField/types.ts +65 -0
package/src/components/FileDisplay/FileDisplay.test.tsx +454 -0
package/src/components/FileDisplay/FileDisplay.tsx +28 -1
package/src/components/FileUpload/FileUpload.test.tsx +2 -0
package/src/components/FileUpload/FileUpload.tsx +7 -1
package/src/components/Header/Header.tsx +2 -5
package/src/components/ProtectedRoute/ProtectedRoute.tsx +134 -1
package/src/components/index.ts +2 -0
package/src/hooks/__tests__/useFileDisplay.unit.test.ts +30 -5
package/src/hooks/__tests__/useOrganisationSecurity.unit.test.tsx +11 -10
package/src/hooks/__tests__/usePublicFileDisplay.test.ts +31 -6
package/src/hooks/index.ts +9 -0
package/src/hooks/public/usePublicFileDisplay.ts +8 -10
package/src/hooks/useAddressAutocomplete.test.ts +318 -0
package/src/hooks/useAddressAutocomplete.ts +268 -0
package/src/hooks/useFileDisplay.ts +3 -15
package/src/hooks/useFileReference.test.ts +21 -3
package/src/hooks/useFileReference.ts +3 -24
package/src/hooks/useFileUrlCache.ts +246 -0
package/src/hooks/useInactivityTracker.ts +31 -20
package/src/hooks/useOrganisationSecurity.test.ts +10 -7
package/src/hooks/useOrganisationSecurity.ts +3 -3
package/src/hooks/usePreventTabReload.ts +106 -0
package/src/hooks/useQueryCache.ts +315 -0
package/src/hooks/useSecureDataAccess.ts +2 -2
package/src/index.ts +2 -0
package/src/providers/services/EventServiceProvider.tsx +4 -1
package/src/rbac/__tests__/rbac-role-isolation.test.ts +456 -0
package/src/rbac/api.test.ts +21 -6
package/src/rbac/api.ts +32 -11
package/src/rbac/audit-batched.ts +223 -0
package/src/rbac/audit-enhanced.ts +2 -2
package/src/rbac/audit.test.ts +6 -5
package/src/rbac/audit.ts +34 -6
package/src/rbac/cache-invalidation.ts +63 -12
package/src/rbac/cache.test.ts +2 -2
package/src/rbac/cache.ts +61 -14
package/src/rbac/components/PagePermissionGuard.tsx +19 -10
package/src/rbac/components/__tests__/PagePermissionGuard.performance.test.tsx +248 -0
package/src/rbac/config.ts +9 -0
package/src/rbac/engine.ts +2 -21
package/src/rbac/hooks/usePermissions.ts +21 -5
package/src/rbac/index.ts +19 -0
package/src/rbac/performance.ts +210 -0
package/src/rbac/request-deduplication.ts +87 -0
package/src/rbac/utils/deep-equal.ts +93 -0
package/src/styles/core.css +5 -5
package/src/types/database.generated.ts +63 -9
package/src/types/file-reference.ts +3 -1
package/src/utils/file-reference/__tests__/file-reference.test.ts +89 -8
package/src/utils/file-reference/index.ts +56 -17
package/src/utils/google-places/googlePlacesUtils.test.ts +403 -0
package/src/utils/google-places/googlePlacesUtils.ts +475 -0
package/src/utils/google-places/index.ts +26 -0
package/src/utils/google-places/loadGoogleMapsScript.ts +207 -0
package/src/utils/google-places/types.ts +94 -0
package/src/utils/index.ts +23 -0
package/src/utils/request-deduplication.ts +165 -0
package/src/utils/security/secureDataAccess.ts +1 -1
package/src/utils/storage/helpers.ts +211 -4
package/dist/chunk-445GEP27.js.map +0 -1
package/dist/chunk-AISXLWGZ.js.map +0 -1
package/dist/chunk-FMUCXFII.js +0 -76
package/dist/chunk-FMUCXFII.js.map +0 -1
package/dist/chunk-FSFQFJCU.js.map +0 -1
package/dist/chunk-FXFJRTKI.js.map +0 -1
package/dist/chunk-HC67NW5K.js.map +0 -1
package/dist/chunk-IXSNYUCT.js.map +0 -1
package/dist/chunk-MX3EIJGQ.js.map +0 -1
package/dist/chunk-OKI34GZD.js.map +0 -1
package/dist/chunk-STTZQK2I.js.map +0 -1
package/dist/chunk-U6WNSFX5.js.map +0 -1
/package/dist/{DataTable-IX2NBUTP.js.map → DataTable-K3RJRSOX.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-A4BCQRJY.js.map → UnifiedAuthProvider-B76OWOAT.js.map} +0 -0
/package/dist/{api-BMFCXVQX.js.map → api-YP7XD5L6.js.map} +0 -0
/package/dist/{audit-WRS3KJKI.js.map → audit-B5P6FFIR.js.map} +0 -0
/package/dist/{chunk-HGPQUCBC.js.map → chunk-FMTK4XNN.js.map} +0 -0
/package/dist/{chunk-XAUHJD3L.js.map → chunk-K2JGDXGU.js.map} +0 -0

package/src/hooks/useFileReference.ts CHANGED Viewed

@@ -11,7 +11,7 @@ import {
   FileCategory
 } from '../types/file-reference';
 import { createFileReferenceService, uploadFileWithReference } from '../utils/file-reference';
-import { getPublicUrl, getSignedUrl } from '../utils/storage/helpers';
+import { getPublicUrl, getSignedUrl, generateFileUrlsBatch } from '../utils/storage/helpers';
 import { createLogger } from '../utils/core/logger';
 const log = createLogger('useFileReference');
@@ -401,33 +401,12 @@ export function useFilesByCategory(
     const files = await getFilesByCategory(table_name, record_id, category, organisation_id);
     setFileReferences(files);
-    // Load URLs for all files
-    const urlMap = new Map<string, string>();
-    for (const fileRef of files) {
-      try {
-        let url: string | null = null;
-        if (fileRef.is_public) {
-          // Public files: generate public URL
-          url = getPublicUrl(supabase, fileRef.file_path, true);
-        } else {
-          // Private files: generate signed URL
-          const signedUrlResult = await getSignedUrl(supabase, fileRef.file_path, {
+    // Load URLs for all files in batch
+    const urlMap = await generateFileUrlsBatch(supabase, files, {
             appName: 'file-reference',
             orgId: organisation_id,
             expiresIn: 3600
           });
-          url = signedUrlResult?.url || null;
-        }
-        if (url) {
-          urlMap.set(fileRef.id, url);
-        }
-      } catch (err) {
-        log.error(`Failed to load URL for file ${fileRef.id}:`, err);
-      }
-    }
     setFileUrls(urlMap);
     return files;

package/src/hooks/useFileUrlCache.ts ADDED Viewed

@@ -0,0 +1,246 @@
+/**
+ * @file File URL Cache Hook
+ * @package @jmruthers/pace-core
+ * @module Hooks
+ *
+ * Centralized caching hook for file URLs to prevent duplicate requests
+ * and improve performance across components.
+ *
+ * Features:
+ * - TTL-based caching matching signed URL expiration (3600s)
+ * - Automatic cache cleanup
+ * - Supports both public and signed URLs
+ * - Thread-safe cache operations
+ *
+ * @example
+ * ```tsx
+ * import { useFileUrlCache } from '@jmruthers/pace-core';
+ *
+ * function MyComponent() {
+ *   const { getUrl, setUrl, clearCache } = useFileUrlCache();
+ *
+ *   const url = await getUrl(fileReference, supabase, organisationId);
+ *   return <img src={url} alt="File" />;
+ * }
+ * ```
+ */
+import { useRef, useCallback } from 'react';
+import type { SupabaseClient } from '@supabase/supabase-js';
+import { FileReference } from '../types/file-reference';
+import { getPublicUrl, getSignedUrl } from '../utils/storage/helpers';
+interface CachedUrl {
+  url: string;
+  expiresAt: number; // Timestamp in milliseconds
+}
+// Global cache shared across all hook instances
+const globalUrlCache = new Map<string, CachedUrl>();
+// Cache size limit to prevent memory leaks
+const MAX_CACHE_SIZE = 500;
+// Default TTL matches signed URL expiration (3600 seconds = 1 hour)
+const DEFAULT_TTL_MS = 3600 * 1000;
+/**
+ * Generate cache key from file reference
+ */
+function getCacheKey(fileReference: FileReference): string {
+  return `file-url:${fileReference.id}:${fileReference.is_public ? 'public' : 'private'}`;
+}
+/**
+ * Clean up expired entries and enforce size limit
+ */
+function cleanupCache(): void {
+  const now = Date.now();
+  // Remove expired entries
+  for (const [key, value] of globalUrlCache.entries()) {
+    if (value.expiresAt < now) {
+      globalUrlCache.delete(key);
+    }
+  }
+  // Enforce size limit by removing oldest entries
+  if (globalUrlCache.size > MAX_CACHE_SIZE) {
+    const entries = Array.from(globalUrlCache.entries());
+    // Sort by expiration time (oldest first)
+    entries.sort((a, b) => a[1].expiresAt - b[1].expiresAt);
+    // Remove oldest 20% of entries
+    const toRemove = Math.floor(MAX_CACHE_SIZE * 0.2);
+    for (let i = 0; i < toRemove && i < entries.length; i++) {
+      globalUrlCache.delete(entries[i][0]);
+    }
+  }
+}
+export interface UseFileUrlCacheReturn {
+  /**
+   * Get URL for a file reference, using cache if available
+   * @param fileReference - File reference to get URL for
+   * @param supabase - Supabase client instance
+   * @param organisationId - Organisation ID for signed URLs
+   * @param ttl - Time to live in milliseconds (default: 3600000 = 1 hour)
+   * @returns Promise resolving to URL string or null
+   */
+  getUrl: (
+    fileReference: FileReference,
+    supabase: SupabaseClient,
+    organisationId: string,
+    ttl?: number
+  ) => Promise<string | null>;
+  /**
+   * Set URL in cache
+   * @param fileReference - File reference
+   * @param url - URL to cache
+   * @param ttl - Time to live in milliseconds (default: 3600000 = 1 hour)
+   */
+  setUrl: (fileReference: FileReference, url: string, ttl?: number) => void;
+  /**
+   * Get URL from cache without generating if missing
+   * @param fileReference - File reference
+   * @returns Cached URL or null if not in cache or expired
+   */
+  getCachedUrl: (fileReference: FileReference) => string | null;
+  /**
+   * Clear cache for a specific file reference
+   * @param fileReference - File reference to clear
+   */
+  clearFile: (fileReference: FileReference) => void;
+  /**
+   * Clear all cached URLs
+   */
+  clearCache: () => void;
+  /**
+   * Get cache statistics
+   */
+  getCacheStats: () => { size: number; maxSize: number };
+}
+/**
+ * Hook for centralized file URL caching
+ *
+ * This hook provides a shared cache for file URLs across all components,
+ * preventing duplicate requests for the same file.
+ *
+ * @returns Cache operations and utilities
+ */
+export function useFileUrlCache(): UseFileUrlCacheReturn {
+  // Use ref to ensure stable reference across renders
+  const cleanupIntervalRef = useRef<number | null>(null);
+  // Set up periodic cleanup (every 5 minutes)
+  if (cleanupIntervalRef.current === null && typeof window !== 'undefined') {
+    cleanupIntervalRef.current = window.setInterval(() => {
+      cleanupCache();
+    }, 5 * 60 * 1000); // 5 minutes
+  }
+  const getUrl = useCallback(async (
+    fileReference: FileReference,
+    supabase: SupabaseClient,
+    organisationId: string,
+    ttl: number = DEFAULT_TTL_MS
+  ): Promise<string | null> => {
+    const cacheKey = getCacheKey(fileReference);
+    const cached = globalUrlCache.get(cacheKey);
+    const now = Date.now();
+    // Return cached URL if still valid
+    if (cached && cached.expiresAt > now) {
+      return cached.url;
+    }
+    // Generate new URL
+    let url: string | null = null;
+    try {
+      if (fileReference.is_public) {
+        // Public files: generate public URL (synchronous)
+        url = getPublicUrl(supabase, fileReference.file_path, true);
+      } else {
+        // Private files: generate signed URL (async)
+        const signedUrlResult = await getSignedUrl(supabase, fileReference.file_path, {
+          appName: 'pace-core',
+          orgId: organisationId,
+          expiresIn: Math.floor(ttl / 1000) // Convert ms to seconds
+        });
+        url = signedUrlResult?.url || null;
+      }
+      // Cache the URL if generated successfully
+      if (url) {
+        globalUrlCache.set(cacheKey, {
+          url,
+          expiresAt: now + ttl
+        });
+        cleanupCache(); // Clean up after adding
+      }
+      return url;
+    } catch (error) {
+      console.error('Failed to generate file URL:', error);
+      return null;
+    }
+  }, []);
+  const setUrl = useCallback((
+    fileReference: FileReference,
+    url: string,
+    ttl: number = DEFAULT_TTL_MS
+  ): void => {
+    const cacheKey = getCacheKey(fileReference);
+    globalUrlCache.set(cacheKey, {
+      url,
+      expiresAt: Date.now() + ttl
+    });
+    cleanupCache();
+  }, []);
+  const getCachedUrl = useCallback((fileReference: FileReference): string | null => {
+    const cacheKey = getCacheKey(fileReference);
+    const cached = globalUrlCache.get(cacheKey);
+    const now = Date.now();
+    if (cached && cached.expiresAt > now) {
+      return cached.url;
+    }
+    return null;
+  }, []);
+  const clearFile = useCallback((fileReference: FileReference): void => {
+    const cacheKey = getCacheKey(fileReference);
+    globalUrlCache.delete(cacheKey);
+  }, []);
+  const clearCache = useCallback((): void => {
+    globalUrlCache.clear();
+  }, []);
+  const getCacheStats = useCallback(() => {
+    return {
+      size: globalUrlCache.size,
+      maxSize: MAX_CACHE_SIZE
+    };
+  }, []);
+  return {
+    getUrl,
+    setUrl,
+    getCachedUrl,
+    clearFile,
+    clearCache,
+    getCacheStats
+  };
+}

package/src/hooks/useInactivityTracker.ts CHANGED Viewed

@@ -155,6 +155,7 @@ export function useInactivityTracker({
   const countdownIntervalRef = useRef<NodeJS.Timeout | null>(null);
   const lastActivityRef = useRef<number>(Date.now());
   const channelRef = useRef<BroadcastChannel | null>(null);
+  const throttledResetActivityRef = useRef<((event: Event) => void) | null>(null);
   // Clear all timers
   const clearTimers = useCallback(() => {
@@ -294,47 +295,56 @@ export function useInactivityTracker({
       logger.warn('useInactivityTracker', 'Failed to check persisted activity time:', error);
     }
-    // Set up throttled activity handler
-    const throttledResetActivity = throttle((event) => {
-      resetActivity();
-    }, 100);
-    // Add event listeners
-    const addEventListeners = () => {
+    // Clean up any existing throttled handler and event listeners first
+    if (throttledResetActivityRef.current) {
       ACTIVITY_EVENTS.forEach(event => {
-        document.addEventListener(event, throttledResetActivity, { passive: true });
+        document.removeEventListener(event, throttledResetActivityRef.current!);
       });
-    };
+    }
-    // Remove event listeners
-    const removeEventListeners = () => {
-      ACTIVITY_EVENTS.forEach(event => {
-        document.removeEventListener(event, throttledResetActivity);
-      });
-    };
+    // Set up throttled activity handler - store in ref for proper cleanup
+    throttledResetActivityRef.current = throttle((event) => {
+      resetActivity();
+    }, 100);
-    // Add listeners
-    addEventListeners();
+    // Add event listeners
+    ACTIVITY_EVENTS.forEach(event => {
+      document.addEventListener(event, throttledResetActivityRef.current!, { passive: true });
+    });
     // Start the timer (skip activity callback for initial setup)
     resetActivity(true);
     // Cleanup function
     return () => {
-      removeEventListeners();
+      // Remove event listeners using the stored ref
+      if (throttledResetActivityRef.current) {
+        ACTIVITY_EVENTS.forEach(event => {
+          document.removeEventListener(event, throttledResetActivityRef.current!);
+        });
+        throttledResetActivityRef.current = null;
+      }
       clearTimers();
       if (channelRef.current) {
         channelRef.current.close();
         channelRef.current = null;
       }
     };
-  }, [enabled, isTracking, channelName, storageKey, idleTimeoutMs, warnBeforeMs, onIdle, onWarning]);
+  }, [enabled, isTracking, channelName, storageKey, idleTimeoutMs, warnBeforeMs, onIdle, onWarning, onActivity, resetActivity]);
   // Stop tracking
   const stopTracking = useCallback(() => {
     setIsTracking(false);
     clearTimers();
+    // Remove event listeners
+    if (throttledResetActivityRef.current) {
+      ACTIVITY_EVENTS.forEach(event => {
+        document.removeEventListener(event, throttledResetActivityRef.current!);
+      });
+      throttledResetActivityRef.current = null;
+    }
     if (channelRef.current) {
       channelRef.current.close();
       channelRef.current = null;
@@ -348,8 +358,9 @@ export function useInactivityTracker({
       return cleanup;
     } else {
       stopTracking();
+      return undefined;
     }
-  }, [enabled, idleTimeoutMs, warnBeforeMs]);
+  }, [enabled, idleTimeoutMs, warnBeforeMs, startTracking, stopTracking]);
   // Cleanup on unmount
   useEffect(() => {

package/src/hooks/useOrganisationSecurity.test.ts CHANGED Viewed

@@ -26,6 +26,7 @@ vi.mock('./useOrganisations', () => ({
 // Mock the RBAC API
 vi.mock('../rbac/api', () => ({
   isPermitted: vi.fn(),
+  isPermittedCached: vi.fn(),
   isSuperAdmin: vi.fn(),
   getPermissionMap: vi.fn()
 }));
@@ -35,13 +36,14 @@ vi.mock('../rbac/audit', () => ({
   emitAuditEvent: vi.fn()
 }));
-import { isPermitted, isSuperAdmin, getPermissionMap } from '../rbac/api';
+import { isPermitted, isPermittedCached, isSuperAdmin, getPermissionMap } from '../rbac/api';
 import { emitAuditEvent } from '../rbac/audit';
 describe('useOrganisationSecurity', () => {
   const mockUseUnifiedAuth = vi.mocked(useUnifiedAuth);
   const mockUseOrganisations = vi.mocked(useOrganisations);
   const mockIsPermitted = vi.mocked(isPermitted);
+  const mockIsPermittedCached = vi.mocked(isPermittedCached);
   const mockIsSuperAdmin = vi.mocked(isSuperAdmin);
   const mockGetPermissionMap = vi.mocked(getPermissionMap);
   const mockEmitAuditEvent = vi.mocked(emitAuditEvent);
@@ -99,6 +101,7 @@ describe('useOrganisationSecurity', () => {
     mockUseUnifiedAuth.mockClear();
     mockUseOrganisations.mockClear();
     mockIsPermitted.mockClear();
+    mockIsPermittedCached.mockClear();
     mockIsSuperAdmin.mockClear();
     mockGetPermissionMap.mockClear();
     mockEmitAuditEvent.mockClear();
@@ -508,13 +511,13 @@ describe('useOrganisationSecurity', () => {
         signOut: vi.fn(),
       } as any);
-      mockIsPermitted.mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       const { result } = renderHook(() => useOrganisationSecurity());
       const hasPermission = await result.current.hasPermission('read:users');
       expect(hasPermission).toBe(true);
-      expect(mockIsPermitted).toHaveBeenCalledWith({
+      expect(mockIsPermittedCached).toHaveBeenCalledWith({
         userId: 'user-123',
         scope: {
           organisationId: 'org-123',
@@ -527,13 +530,13 @@ describe('useOrganisationSecurity', () => {
     it('checks permissions for specific organisation', async () => {
       mockIsSuperAdmin.mockResolvedValue(false);
-      mockIsPermitted.mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       const { result } = renderHook(() => useOrganisationSecurity());
       const hasPermission = await result.current.hasPermission('read:users', 'org-456');
       expect(hasPermission).toBe(true);
-      expect(mockIsPermitted).toHaveBeenCalledWith({
+      expect(mockIsPermittedCached).toHaveBeenCalledWith({
         userId: 'user-123',
         scope: {
           organisationId: 'org-456',
@@ -546,7 +549,7 @@ describe('useOrganisationSecurity', () => {
     it('handles permission check errors gracefully', async () => {
       mockIsSuperAdmin.mockResolvedValue(false);
-      mockIsPermitted.mockRejectedValue(new Error('Permission check failed'));
+      mockIsPermittedCached.mockRejectedValue(new Error('Permission check failed'));
       const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
@@ -622,7 +625,7 @@ describe('useOrganisationSecurity', () => {
     it('handles permission retrieval errors gracefully', async () => {
       mockIsSuperAdmin.mockResolvedValue(false);
-      mockIsPermitted.mockRejectedValue(new Error('Permission retrieval failed'));
+      mockIsPermittedCached.mockRejectedValue(new Error('Permission retrieval failed'));
       const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});

package/src/hooks/useOrganisationSecurity.ts CHANGED Viewed

@@ -163,8 +163,8 @@ export const useOrganisationSecurity = (): OrganisationSecurityHook => {
     if (!targetOrgId || !user) return false;
     try {
-      // Use the new RBAC system
-      const { isPermitted } = await import('../rbac/api');
+      // Use the new RBAC system with caching
+      const { isPermittedCached } = await import('../rbac/api');
       const scope = {
         organisationId: targetOrgId,
@@ -172,7 +172,7 @@ export const useOrganisationSecurity = (): OrganisationSecurityHook => {
         appId: user.user_metadata?.appId || user.app_metadata?.appId,
       };
-      return await isPermitted({
+      return await isPermittedCached({
         userId: user.id,
         scope,
         permission: permission as Permission

package/src/hooks/usePreventTabReload.ts ADDED Viewed

@@ -0,0 +1,106 @@
+/**
+ * @file usePreventTabReload Hook
+ * @package @jmruthers/pace-core
+ * @module Hooks
+ * @since 0.6.0
+ *
+ * Prevents full page reloads when switching browser tabs.
+ * Handles browser back-forward cache (bfcache) restoration and tab visibility changes.
+ */
+import { useEffect, useRef } from 'react';
+export interface UsePreventTabReloadOptions {
+  /**
+   * Whether to enable the prevention logic
+   * @default true
+   */
+  enabled?: boolean;
+  /**
+   * Grace period in milliseconds to wait after tab becomes visible
+   * before allowing any potential reloads
+   * @default 2000
+   */
+  gracePeriodMs?: number;
+}
+/**
+ * Hook to prevent full page reloads when switching browser tabs.
+ *
+ * This hook handles:
+ * - Browser back-forward cache (bfcache) restoration
+ * - Tab visibility changes
+ * - Prevents unwanted page reloads when returning to a tab
+ *
+ * @param options - Configuration options
+ *
+ * @example
+ * ```tsx
+ * import { usePreventTabReload } from '@jmruthers/pace-core';
+ *
+ * function MyComponent() {
+ *   usePreventTabReload();
+ *   // Component code...
+ * }
+ * ```
+ */
+export function usePreventTabReload(options: UsePreventTabReloadOptions = {}): void {
+  const { enabled = true, gracePeriodMs = 2000 } = options;
+  const isRestoringFromCacheRef = useRef(false);
+  const gracePeriodTimeoutRef = useRef<ReturnType<typeof setTimeout> | null>(null);
+  useEffect(() => {
+    if (!enabled || typeof window === 'undefined') return;
+    // Handle pageshow event - detects when page is restored from bfcache
+    const handlePageShow = (event: PageTransitionEvent) => {
+      // If page was restored from bfcache, prevent any reload behavior
+      if (event.persisted) {
+        isRestoringFromCacheRef.current = true;
+        // Clear any existing timeout
+        if (gracePeriodTimeoutRef.current) {
+          clearTimeout(gracePeriodTimeoutRef.current);
+        }
+        // Set grace period to prevent reloads
+        gracePeriodTimeoutRef.current = setTimeout(() => {
+          isRestoringFromCacheRef.current = false;
+        }, gracePeriodMs);
+      }
+    };
+    // Handle visibility changes - when tab becomes visible
+    const handleVisibilityChange = () => {
+      if (!document.hidden) {
+        // Tab just became visible - set flag to prevent reloads
+        isRestoringFromCacheRef.current = true;
+        // Clear any existing timeout
+        if (gracePeriodTimeoutRef.current) {
+          clearTimeout(gracePeriodTimeoutRef.current);
+        }
+        // Set grace period
+        gracePeriodTimeoutRef.current = setTimeout(() => {
+          isRestoringFromCacheRef.current = false;
+        }, gracePeriodMs);
+      }
+    };
+    // Add event listeners
+    window.addEventListener('pageshow', handlePageShow);
+    document.addEventListener('visibilitychange', handleVisibilityChange);
+    return () => {
+      window.removeEventListener('pageshow', handlePageShow);
+      document.removeEventListener('visibilitychange', handleVisibilityChange);
+      if (gracePeriodTimeoutRef.current) {
+        clearTimeout(gracePeriodTimeoutRef.current);
+      }
+    };
+  }, [enabled, gracePeriodMs]);
+}