npm - @jmruthers/pace-core - Versions diffs - 0.5.186 → 0.5.188 - Mend

@jmruthers/pace-core 0.5.186 → 0.5.188

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (290) hide show

package/dist/{DataTable-IX2NBUTP.js → DataTable-GUFUNZ3N.js} +7 -7
package/dist/{DataTable-Z9NLVJh0.d.ts → DataTable-IVYljGJ6.d.ts} +1 -1
package/dist/{PublicPageProvider-DIzEzwKl.d.ts → PublicPageProvider-DrLDztHt.d.ts} +211 -106
package/dist/{UnifiedAuthProvider-A4BCQRJY.js → UnifiedAuthProvider-643PUAIM.js} +2 -2
package/dist/{api-BMFCXVQX.js → api-YP7XD5L6.js} +3 -3
package/dist/{audit-WRS3KJKI.js → audit-B5P6FFIR.js} +2 -2
package/dist/{chunk-HGPQUCBC.js → chunk-2UUZZJFT.js} +3 -3
package/dist/{chunk-445GEP27.js → chunk-3GOZZZYH.js} +33 -8
package/dist/chunk-3GOZZZYH.js.map +1 -0
package/dist/{chunk-FSFQFJCU.js → chunk-63FOKYGO.js} +174 -6
package/dist/chunk-63FOKYGO.js.map +1 -0
package/dist/{chunk-DAGICKHT.js → chunk-DDM4CCYT.js} +3 -3
package/dist/{chunk-XAUHJD3L.js → chunk-E7UAOUMY.js} +2 -2
package/dist/{chunk-HDCUMOOI.js → chunk-EFCLXK7F.js} +792 -559
package/dist/chunk-EFCLXK7F.js.map +1 -0
package/dist/{chunk-U6WNSFX5.js → chunk-HEHYGYOX.js} +279 -44
package/dist/chunk-HEHYGYOX.js.map +1 -0
package/dist/{chunk-GRIQLQ52.js → chunk-IM4QE42D.js} +27 -23
package/dist/chunk-IM4QE42D.js.map +1 -0
package/dist/{chunk-OALXJH4Y.js → chunk-IPCH26AG.js} +8 -8
package/dist/chunk-IPCH26AG.js.map +1 -0
package/dist/{chunk-UQWSHFVX.js → chunk-SAUPYVLF.js} +1 -1
package/dist/{chunk-UQWSHFVX.js.map → chunk-SAUPYVLF.js.map} +1 -1
package/dist/{chunk-TC7D3CR3.js → chunk-UNOTYLQF.js} +556 -101
package/dist/chunk-UNOTYLQF.js.map +1 -0
package/dist/{chunk-FXFJRTKI.js → chunk-VGZZXKBR.js} +5 -5
package/dist/chunk-VGZZXKBR.js.map +1 -0
package/dist/chunk-YHCN776L.js +447 -0
package/dist/chunk-YHCN776L.js.map +1 -0
package/dist/components.d.ts +4 -4
package/dist/components.js +12 -10
package/dist/components.js.map +1 -1
package/dist/{file-reference-PRTSLxKx.d.ts → file-reference-D037xOFK.d.ts} +0 -1
package/dist/hooks.d.ts +221 -6
package/dist/hooks.js +146 -49
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +24 -9
package/dist/index.js +62 -28
package/dist/index.js.map +1 -1
package/dist/providers.js +1 -1
package/dist/rbac/index.d.ts +124 -7
package/dist/rbac/index.js +27 -7
package/dist/{types-DUyCRSTj.d.ts → types-Bwgl--Xo.d.ts} +162 -1
package/dist/types.d.ts +1 -1
package/dist/types.js +1 -1
package/dist/{usePublicRouteParams-D71QLlg4.d.ts → usePublicRouteParams-CTDELQ7H.d.ts} +2 -2
package/dist/utils.d.ts +213 -3
package/dist/utils.js +22 -2
package/dist/utils.js.map +1 -1
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +1 -1
package/docs/api/classes/Logger.md +1 -1
package/docs/api/classes/MissingUserContextError.md +1 -1
package/docs/api/classes/OrganisationContextRequiredError.md +1 -1
package/docs/api/classes/PermissionDeniedError.md +1 -1
package/docs/api/classes/RBACAuditManager.md +21 -17
package/docs/api/classes/RBACCache.md +31 -23
package/docs/api/classes/RBACEngine.md +5 -5
package/docs/api/classes/RBACError.md +1 -1
package/docs/api/classes/RBACNotInitializedError.md +1 -1
package/docs/api/classes/SecureSupabaseClient.md +1 -1
package/docs/api/classes/StorageUtils.md +1 -1
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/enums/LogLevel.md +1 -1
package/docs/api/enums/RBACErrorCode.md +1 -1
package/docs/api/enums/RPCFunction.md +1 -1
package/docs/api/interfaces/AddressFieldProps.md +241 -0
package/docs/api/interfaces/AddressFieldRef.md +94 -0
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/AutocompleteOptions.md +75 -0
package/docs/api/interfaces/BadgeProps.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CalendarProps.md +1 -1
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/ComplianceResult.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +1 -1
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/DatabaseComplianceResult.md +1 -1
package/docs/api/interfaces/DatabaseIssue.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventAppRoleData.md +1 -1
package/docs/api/interfaces/ExportColumn.md +1 -1
package/docs/api/interfaces/ExportOptions.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +15 -15
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +1 -1
package/docs/api/interfaces/FileUploadProps.md +1 -1
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/FormFieldProps.md +1 -1
package/docs/api/interfaces/FormProps.md +1 -1
package/docs/api/interfaces/GrantEventAppRoleParams.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoggerConfig.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +1 -1
package/docs/api/interfaces/NavigationContextType.md +1 -1
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +1 -1
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +1 -1
package/docs/api/interfaces/PagePermissionContextType.md +1 -1
package/docs/api/interfaces/PagePermissionGuardProps.md +11 -11
package/docs/api/interfaces/PagePermissionProviderProps.md +1 -1
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/ParsedAddress.md +120 -0
package/docs/api/interfaces/PermissionEnforcerProps.md +1 -1
package/docs/api/interfaces/ProgressProps.md +1 -1
package/docs/api/interfaces/ProtectedRouteProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/QuickFix.md +1 -1
package/docs/api/interfaces/RBACAccessValidateParams.md +1 -1
package/docs/api/interfaces/RBACAccessValidateResult.md +1 -1
package/docs/api/interfaces/RBACAuditLogParams.md +1 -1
package/docs/api/interfaces/RBACAuditLogResult.md +1 -1
package/docs/api/interfaces/RBACConfig.md +26 -3
package/docs/api/interfaces/RBACContext.md +1 -1
package/docs/api/interfaces/RBACLogger.md +5 -5
package/docs/api/interfaces/RBACPageAccessCheckParams.md +1 -1
package/docs/api/interfaces/RBACPerformanceMetrics.md +138 -0
package/docs/api/interfaces/RBACPermissionCheckParams.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckResult.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetParams.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetResult.md +1 -1
package/docs/api/interfaces/RBACResult.md +1 -1
package/docs/api/interfaces/RBACRoleGrantParams.md +1 -1
package/docs/api/interfaces/RBACRoleGrantResult.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeParams.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeResult.md +1 -1
package/docs/api/interfaces/RBACRoleValidateParams.md +1 -1
package/docs/api/interfaces/RBACRoleValidateResult.md +1 -1
package/docs/api/interfaces/RBACRolesListParams.md +1 -1
package/docs/api/interfaces/RBACRolesListResult.md +1 -1
package/docs/api/interfaces/RBACSessionTrackParams.md +1 -1
package/docs/api/interfaces/RBACSessionTrackResult.md +1 -1
package/docs/api/interfaces/ResourcePermissions.md +1 -1
package/docs/api/interfaces/RevokeEventAppRoleParams.md +1 -1
package/docs/api/interfaces/RoleBasedRouterContextType.md +1 -1
package/docs/api/interfaces/RoleBasedRouterProps.md +1 -1
package/docs/api/interfaces/RoleManagementResult.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +1 -1
package/docs/api/interfaces/RouteConfig.md +1 -1
package/docs/api/interfaces/RuntimeComplianceResult.md +1 -1
package/docs/api/interfaces/SecureDataContextType.md +1 -1
package/docs/api/interfaces/SecureDataProviderProps.md +1 -1
package/docs/api/interfaces/SessionRestorationLoaderProps.md +1 -1
package/docs/api/interfaces/SetupIssue.md +1 -1
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/TabsContentProps.md +1 -1
package/docs/api/interfaces/TabsListProps.md +1 -1
package/docs/api/interfaces/TabsProps.md +1 -1
package/docs/api/interfaces/TabsTriggerProps.md +1 -1
package/docs/api/interfaces/TextareaProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +1 -1
package/docs/api/interfaces/UnifiedAuthProviderProps.md +1 -1
package/docs/api/interfaces/UseFormDialogOptions.md +1 -1
package/docs/api/interfaces/UseFormDialogReturn.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +1 -1
package/docs/api/interfaces/UseResolvedScopeReturn.md +1 -1
package/docs/api/interfaces/UseResourcePermissionsOptions.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +1 -1
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +318 -59
package/docs/best-practices/performance.md +11 -0
package/docs/getting-started/examples/README.md +2 -2
package/docs/implementation-guides/file-upload-storage.md +29 -0
package/docs/implementation-guides/public-pages.md +140 -1230
package/docs/rbac/README.md +2 -1
package/docs/rbac/api-reference.md +11 -0
package/docs/rbac/performance.md +320 -0
package/docs/standards/01-architecture-standard.md +5 -0
package/docs/standards/05-security-standard.md +14 -0
package/docs/standards/07-rbac-and-rls-standard.md +356 -0
package/package.json +1 -1
package/src/__tests__/public-recipe-view.test.ts +199 -0
package/src/__tests__/rls-policies.test.ts +333 -0
package/src/components/AddressField/AddressField.test.tsx +411 -0
package/src/components/AddressField/AddressField.tsx +323 -0
package/src/components/AddressField/README.md +336 -0
package/src/components/AddressField/index.ts +10 -0
package/src/components/AddressField/types.ts +65 -0
package/src/components/FileDisplay/FileDisplay.test.tsx +454 -0
package/src/components/FileDisplay/FileDisplay.tsx +28 -1
package/src/components/index.ts +2 -0
package/src/hooks/__tests__/useFileDisplay.unit.test.ts +30 -5
package/src/hooks/__tests__/useOrganisationSecurity.unit.test.tsx +11 -10
package/src/hooks/__tests__/usePublicFileDisplay.test.ts +31 -6
package/src/hooks/index.ts +6 -0
package/src/hooks/public/usePublicFileDisplay.ts +8 -10
package/src/hooks/useAddressAutocomplete.test.ts +318 -0
package/src/hooks/useAddressAutocomplete.ts +268 -0
package/src/hooks/useFileDisplay.ts +3 -15
package/src/hooks/useFileReference.test.ts +20 -3
package/src/hooks/useFileReference.ts +3 -24
package/src/hooks/useFileUrlCache.ts +246 -0
package/src/hooks/useInactivityTracker.ts +31 -20
package/src/hooks/useOrganisationSecurity.test.ts +10 -7
package/src/hooks/useOrganisationSecurity.ts +3 -3
package/src/hooks/useQueryCache.ts +315 -0
package/src/index.ts +2 -0
package/src/providers/services/EventServiceProvider.tsx +4 -1
package/src/rbac/api.test.ts +21 -6
package/src/rbac/api.ts +32 -11
package/src/rbac/audit-batched.ts +223 -0
package/src/rbac/audit-enhanced.ts +2 -2
package/src/rbac/audit.test.ts +6 -5
package/src/rbac/audit.ts +34 -6
package/src/rbac/cache-invalidation.ts +63 -12
package/src/rbac/cache.test.ts +2 -2
package/src/rbac/cache.ts +61 -14
package/src/rbac/components/PagePermissionGuard.tsx +19 -10
package/src/rbac/components/__tests__/PagePermissionGuard.performance.test.tsx +248 -0
package/src/rbac/config.ts +9 -0
package/src/rbac/engine.ts +2 -21
package/src/rbac/hooks/usePermissions.ts +21 -5
package/src/rbac/index.ts +19 -0
package/src/rbac/performance.ts +210 -0
package/src/rbac/request-deduplication.ts +87 -0
package/src/rbac/utils/deep-equal.ts +93 -0
package/src/services/OrganisationService.ts +5 -4
package/src/types/file-reference.ts +0 -1
package/src/utils/file-reference/__tests__/file-reference.test.ts +31 -4
package/src/utils/file-reference/index.ts +44 -15
package/src/utils/google-places/googlePlacesUtils.test.ts +403 -0
package/src/utils/google-places/googlePlacesUtils.ts +475 -0
package/src/utils/google-places/index.ts +26 -0
package/src/utils/google-places/loadGoogleMapsScript.ts +207 -0
package/src/utils/google-places/types.ts +94 -0
package/src/utils/index.ts +23 -0
package/src/utils/request-deduplication.ts +165 -0
package/src/utils/storage/helpers.ts +143 -4
package/dist/chunk-445GEP27.js.map +0 -1
package/dist/chunk-FMUCXFII.js +0 -76
package/dist/chunk-FMUCXFII.js.map +0 -1
package/dist/chunk-FSFQFJCU.js.map +0 -1
package/dist/chunk-FXFJRTKI.js.map +0 -1
package/dist/chunk-GRIQLQ52.js.map +0 -1
package/dist/chunk-HDCUMOOI.js.map +0 -1
package/dist/chunk-OALXJH4Y.js.map +0 -1
package/dist/chunk-TC7D3CR3.js.map +0 -1
package/dist/chunk-U6WNSFX5.js.map +0 -1
/package/dist/{DataTable-IX2NBUTP.js.map → DataTable-GUFUNZ3N.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-A4BCQRJY.js.map → UnifiedAuthProvider-643PUAIM.js.map} +0 -0
/package/dist/{api-BMFCXVQX.js.map → api-YP7XD5L6.js.map} +0 -0
/package/dist/{audit-WRS3KJKI.js.map → audit-B5P6FFIR.js.map} +0 -0
/package/dist/{chunk-HGPQUCBC.js.map → chunk-2UUZZJFT.js.map} +0 -0
/package/dist/{chunk-DAGICKHT.js.map → chunk-DDM4CCYT.js.map} +0 -0
/package/dist/{chunk-XAUHJD3L.js.map → chunk-E7UAOUMY.js.map} +0 -0

package/src/hooks/useInactivityTracker.ts CHANGED Viewed

@@ -155,6 +155,7 @@ export function useInactivityTracker({
   const countdownIntervalRef = useRef<NodeJS.Timeout | null>(null);
   const lastActivityRef = useRef<number>(Date.now());
   const channelRef = useRef<BroadcastChannel | null>(null);
+  const throttledResetActivityRef = useRef<((event: Event) => void) | null>(null);
   // Clear all timers
   const clearTimers = useCallback(() => {
@@ -294,47 +295,56 @@ export function useInactivityTracker({
       logger.warn('useInactivityTracker', 'Failed to check persisted activity time:', error);
     }
-    // Set up throttled activity handler
-    const throttledResetActivity = throttle((event) => {
-      resetActivity();
-    }, 100);
-    // Add event listeners
-    const addEventListeners = () => {
+    // Clean up any existing throttled handler and event listeners first
+    if (throttledResetActivityRef.current) {
       ACTIVITY_EVENTS.forEach(event => {
-        document.addEventListener(event, throttledResetActivity, { passive: true });
+        document.removeEventListener(event, throttledResetActivityRef.current!);
       });
-    };
+    }
-    // Remove event listeners
-    const removeEventListeners = () => {
-      ACTIVITY_EVENTS.forEach(event => {
-        document.removeEventListener(event, throttledResetActivity);
-      });
-    };
+    // Set up throttled activity handler - store in ref for proper cleanup
+    throttledResetActivityRef.current = throttle((event) => {
+      resetActivity();
+    }, 100);
-    // Add listeners
-    addEventListeners();
+    // Add event listeners
+    ACTIVITY_EVENTS.forEach(event => {
+      document.addEventListener(event, throttledResetActivityRef.current!, { passive: true });
+    });
     // Start the timer (skip activity callback for initial setup)
     resetActivity(true);
     // Cleanup function
     return () => {
-      removeEventListeners();
+      // Remove event listeners using the stored ref
+      if (throttledResetActivityRef.current) {
+        ACTIVITY_EVENTS.forEach(event => {
+          document.removeEventListener(event, throttledResetActivityRef.current!);
+        });
+        throttledResetActivityRef.current = null;
+      }
       clearTimers();
       if (channelRef.current) {
         channelRef.current.close();
         channelRef.current = null;
       }
     };
-  }, [enabled, isTracking, channelName, storageKey, idleTimeoutMs, warnBeforeMs, onIdle, onWarning]);
+  }, [enabled, isTracking, channelName, storageKey, idleTimeoutMs, warnBeforeMs, onIdle, onWarning, onActivity, resetActivity]);
   // Stop tracking
   const stopTracking = useCallback(() => {
     setIsTracking(false);
     clearTimers();
+    // Remove event listeners
+    if (throttledResetActivityRef.current) {
+      ACTIVITY_EVENTS.forEach(event => {
+        document.removeEventListener(event, throttledResetActivityRef.current!);
+      });
+      throttledResetActivityRef.current = null;
+    }
     if (channelRef.current) {
       channelRef.current.close();
       channelRef.current = null;
@@ -348,8 +358,9 @@ export function useInactivityTracker({
       return cleanup;
     } else {
       stopTracking();
+      return undefined;
     }
-  }, [enabled, idleTimeoutMs, warnBeforeMs]);
+  }, [enabled, idleTimeoutMs, warnBeforeMs, startTracking, stopTracking]);
   // Cleanup on unmount
   useEffect(() => {

package/src/hooks/useOrganisationSecurity.test.ts CHANGED Viewed

@@ -26,6 +26,7 @@ vi.mock('./useOrganisations', () => ({
 // Mock the RBAC API
 vi.mock('../rbac/api', () => ({
   isPermitted: vi.fn(),
+  isPermittedCached: vi.fn(),
   isSuperAdmin: vi.fn(),
   getPermissionMap: vi.fn()
 }));
@@ -35,13 +36,14 @@ vi.mock('../rbac/audit', () => ({
   emitAuditEvent: vi.fn()
 }));
-import { isPermitted, isSuperAdmin, getPermissionMap } from '../rbac/api';
+import { isPermitted, isPermittedCached, isSuperAdmin, getPermissionMap } from '../rbac/api';
 import { emitAuditEvent } from '../rbac/audit';
 describe('useOrganisationSecurity', () => {
   const mockUseUnifiedAuth = vi.mocked(useUnifiedAuth);
   const mockUseOrganisations = vi.mocked(useOrganisations);
   const mockIsPermitted = vi.mocked(isPermitted);
+  const mockIsPermittedCached = vi.mocked(isPermittedCached);
   const mockIsSuperAdmin = vi.mocked(isSuperAdmin);
   const mockGetPermissionMap = vi.mocked(getPermissionMap);
   const mockEmitAuditEvent = vi.mocked(emitAuditEvent);
@@ -99,6 +101,7 @@ describe('useOrganisationSecurity', () => {
     mockUseUnifiedAuth.mockClear();
     mockUseOrganisations.mockClear();
     mockIsPermitted.mockClear();
+    mockIsPermittedCached.mockClear();
     mockIsSuperAdmin.mockClear();
     mockGetPermissionMap.mockClear();
     mockEmitAuditEvent.mockClear();
@@ -508,13 +511,13 @@ describe('useOrganisationSecurity', () => {
         signOut: vi.fn(),
       } as any);
-      mockIsPermitted.mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       const { result } = renderHook(() => useOrganisationSecurity());
       const hasPermission = await result.current.hasPermission('read:users');
       expect(hasPermission).toBe(true);
-      expect(mockIsPermitted).toHaveBeenCalledWith({
+      expect(mockIsPermittedCached).toHaveBeenCalledWith({
         userId: 'user-123',
         scope: {
           organisationId: 'org-123',
@@ -527,13 +530,13 @@ describe('useOrganisationSecurity', () => {
     it('checks permissions for specific organisation', async () => {
       mockIsSuperAdmin.mockResolvedValue(false);
-      mockIsPermitted.mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       const { result } = renderHook(() => useOrganisationSecurity());
       const hasPermission = await result.current.hasPermission('read:users', 'org-456');
       expect(hasPermission).toBe(true);
-      expect(mockIsPermitted).toHaveBeenCalledWith({
+      expect(mockIsPermittedCached).toHaveBeenCalledWith({
         userId: 'user-123',
         scope: {
           organisationId: 'org-456',
@@ -546,7 +549,7 @@ describe('useOrganisationSecurity', () => {
     it('handles permission check errors gracefully', async () => {
       mockIsSuperAdmin.mockResolvedValue(false);
-      mockIsPermitted.mockRejectedValue(new Error('Permission check failed'));
+      mockIsPermittedCached.mockRejectedValue(new Error('Permission check failed'));
       const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
@@ -622,7 +625,7 @@ describe('useOrganisationSecurity', () => {
     it('handles permission retrieval errors gracefully', async () => {
       mockIsSuperAdmin.mockResolvedValue(false);
-      mockIsPermitted.mockRejectedValue(new Error('Permission retrieval failed'));
+      mockIsPermittedCached.mockRejectedValue(new Error('Permission retrieval failed'));
       const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});

package/src/hooks/useOrganisationSecurity.ts CHANGED Viewed

@@ -163,8 +163,8 @@ export const useOrganisationSecurity = (): OrganisationSecurityHook => {
     if (!targetOrgId || !user) return false;
     try {
-      // Use the new RBAC system
-      const { isPermitted } = await import('../rbac/api');
+      // Use the new RBAC system with caching
+      const { isPermittedCached } = await import('../rbac/api');
       const scope = {
         organisationId: targetOrgId,
@@ -172,7 +172,7 @@ export const useOrganisationSecurity = (): OrganisationSecurityHook => {
         appId: user.user_metadata?.appId || user.app_metadata?.appId,
       };
-      return await isPermitted({
+      return await isPermittedCached({
         userId: user.id,
         scope,
         permission: permission as Permission

package/src/hooks/useQueryCache.ts ADDED Viewed

@@ -0,0 +1,315 @@
+/**
+ * Query Result Caching Hook
+ * @package @jmruthers/pace-core
+ * @module Hooks/QueryCache
+ * @since 2.0.0
+ *
+ * Provides in-memory caching for frequently accessed data to eliminate duplicate queries.
+ * Useful for caching user profiles, app pages, and other relatively static data.
+ */
+import { useCallback, useRef, useEffect } from 'react';
+import { SupabaseClient } from '@supabase/supabase-js';
+import { Database } from '../types/database';
+import { createLogger } from '../utils/core/logger';
+const log = createLogger('useQueryCache');
+interface CachedQueryEntry<T> {
+  data: T;
+  expiresAt: number; // Unix timestamp
+  promise?: Promise<T>; // For in-flight requests
+}
+/**
+ * In-memory cache for query results
+ * Key format: `table:filterKey:filterValue`
+ */
+const queryCache = new Map<string, CachedQueryEntry<any>>();
+// Cleanup interval (every 5 minutes)
+const CLEANUP_INTERVAL_MS = 5 * 60 * 1000;
+let cleanupTimer: ReturnType<typeof setInterval> | null = null;
+function runCacheCleanup() {
+  const now = Date.now();
+  const expiredKeys: string[] = [];
+  queryCache.forEach((entry, key) => {
+    if (entry.expiresAt <= now) {
+      expiredKeys.push(key);
+    }
+  });
+  expiredKeys.forEach(key => {
+    queryCache.delete(key);
+    log.debug(`Removed expired query from cache: ${key}`);
+  });
+}
+// Initialize cleanup timer once
+if (typeof window !== 'undefined' && !cleanupTimer) {
+  cleanupTimer = setInterval(runCacheCleanup, CLEANUP_INTERVAL_MS);
+  log.debug('Query cache cleanup initialized.');
+}
+export interface UseQueryCacheOptions {
+  /** Time to live in seconds (default: 300 = 5 minutes) */
+  ttl?: number;
+  /** Whether to enable caching (default: true) */
+  enabled?: boolean;
+}
+export interface UseQueryCacheReturn {
+  /** Get cached query result or fetch if not cached */
+  getCachedQuery: <T>(
+    table: string,
+    filterKey: string,
+    filterValue: string,
+    fetchFn: () => Promise<T>,
+    options?: UseQueryCacheOptions
+  ) => Promise<T>;
+  /** Invalidate a specific cached query */
+  invalidateQuery: (table: string, filterKey: string, filterValue: string) => void;
+  /** Clear all cached queries */
+  clearCache: () => void;
+  /** Get cache statistics */
+  getCacheStats: () => { size: number; keys: string[] };
+}
+/**
+ * Hook for query result caching
+ *
+ * Provides caching for frequently accessed data to eliminate duplicate queries.
+ * Automatically handles cache expiration and cleanup.
+ *
+ * @param supabase - Supabase client (optional, can be passed in fetchFn)
+ * @returns Query cache utilities
+ *
+ * @example
+ * ```tsx
+ * const { getCachedQuery } = useQueryCache(supabase);
+ *
+ * const person = await getCachedQuery(
+ *   'pace_person',
+ *   'user_id',
+ *   userId,
+ *   async () => {
+ *     const { data } = await supabase
+ *       .from('pace_person')
+ *       .select('id, first_name, last_name, email')
+ *       .eq('user_id', userId)
+ *       .single();
+ *     return data;
+ *   },
+ *   { ttl: 300 } // 5 minutes
+ * );
+ * ```
+ */
+export function useQueryCache(supabase?: SupabaseClient<Database>): UseQueryCacheReturn {
+  const getCachedQuery = useCallback(async <T,>(
+    table: string,
+    filterKey: string,
+    filterValue: string,
+    fetchFn: () => Promise<T>,
+    options: UseQueryCacheOptions = {}
+  ): Promise<T> => {
+    const { ttl = 300, enabled = true } = options; // Default 5 minutes
+    const cacheKey = `${table}:${filterKey}:${filterValue}`;
+    const now = Date.now();
+    if (!enabled) {
+      return fetchFn();
+    }
+    // Check cache
+    const cached = queryCache.get(cacheKey);
+    if (cached) {
+      // If data is still valid, return it
+      if (cached.expiresAt > now && cached.data !== undefined) {
+        log.debug(`Cache hit for query: ${cacheKey}`);
+        return cached.data as T;
+      }
+      // If there's an in-flight request, wait for it
+      if (cached.promise) {
+        log.debug(`Waiting for in-flight request: ${cacheKey}`);
+        return cached.promise as Promise<T>;
+      }
+    }
+    // Fetch data
+    log.debug(`Cache miss for query: ${cacheKey}, fetching...`);
+    const fetchPromise = fetchFn();
+    // Store promise for in-flight request deduplication
+    queryCache.set(cacheKey, {
+      data: undefined as any,
+      expiresAt: now + (ttl * 1000),
+      promise: fetchPromise,
+    });
+    try {
+      const data = await fetchPromise;
+      // Update cache with actual data
+      queryCache.set(cacheKey, {
+        data,
+        expiresAt: now + (ttl * 1000),
+      });
+      log.debug(`Cached query result: ${cacheKey}, expires in ${ttl}s`);
+      return data;
+    } catch (error) {
+      // Remove failed request from cache
+      queryCache.delete(cacheKey);
+      log.error(`Query failed for ${cacheKey}:`, error);
+      throw error;
+    }
+  }, []);
+  const invalidateQuery = useCallback((table: string, filterKey: string, filterValue: string) => {
+    const cacheKey = `${table}:${filterKey}:${filterValue}`;
+    queryCache.delete(cacheKey);
+    log.debug(`Invalidated query cache: ${cacheKey}`);
+  }, []);
+  const clearCache = useCallback(() => {
+    queryCache.clear();
+    log.debug('Cleared all query cache entries.');
+  }, []);
+  const getCacheStats = useCallback(() => {
+    return {
+      size: queryCache.size,
+      keys: Array.from(queryCache.keys()),
+    };
+  }, []);
+  return {
+    getCachedQuery,
+    invalidateQuery,
+    clearCache,
+    getCacheStats,
+  };
+}
+/**
+ * Pre-configured cache helpers for common queries
+ */
+export const queryCacheHelpers = {
+  /**
+   * Cache pace_person queries by user_id
+   * TTL: 5 minutes
+   */
+  pacePersonByUserId: <T>(
+    supabase: SupabaseClient<Database>,
+    userId: string,
+    fetchFn: () => Promise<T>
+  ): Promise<T> => {
+    const cacheKey = `pace_person:user_id:${userId}`;
+    const now = Date.now();
+    const ttl = 300 * 1000; // 5 minutes
+    const cached = queryCache.get(cacheKey);
+    if (cached && cached.expiresAt > now && cached.data !== undefined) {
+      return Promise.resolve(cached.data as T);
+    }
+    if (cached?.promise) {
+      return cached.promise as Promise<T>;
+    }
+    const promise = fetchFn();
+    queryCache.set(cacheKey, {
+      data: undefined as any,
+      expiresAt: now + ttl,
+      promise,
+    });
+    promise.then(data => {
+      queryCache.set(cacheKey, { data, expiresAt: now + ttl });
+    }).catch(() => {
+      queryCache.delete(cacheKey);
+    });
+    return promise;
+  },
+  /**
+   * Cache pace_member queries by person_id
+   * TTL: 5 minutes
+   */
+  paceMemberByPersonId: <T>(
+    supabase: SupabaseClient<Database>,
+    personId: string,
+    fetchFn: () => Promise<T>
+  ): Promise<T> => {
+    const cacheKey = `pace_member:person_id:${personId}`;
+    const now = Date.now();
+    const ttl = 300 * 1000; // 5 minutes
+    const cached = queryCache.get(cacheKey);
+    if (cached && cached.expiresAt > now && cached.data !== undefined) {
+      return Promise.resolve(cached.data as T);
+    }
+    if (cached?.promise) {
+      return cached.promise as Promise<T>;
+    }
+    const promise = fetchFn();
+    queryCache.set(cacheKey, {
+      data: undefined as any,
+      expiresAt: now + ttl,
+      promise,
+    });
+    promise.then(data => {
+      queryCache.set(cacheKey, { data, expiresAt: now + ttl });
+    }).catch(() => {
+      queryCache.delete(cacheKey);
+    });
+    return promise;
+  },
+  /**
+   * Cache rbac_app_pages queries by app_id
+   * TTL: 15 minutes (app pages are relatively static)
+   */
+  rbacAppPagesByAppId: <T>(
+    supabase: SupabaseClient<Database>,
+    appId: string,
+    fetchFn: () => Promise<T>
+  ): Promise<T> => {
+    const cacheKey = `rbac_app_pages:app_id:${appId}`;
+    const now = Date.now();
+    const ttl = 15 * 60 * 1000; // 15 minutes
+    const cached = queryCache.get(cacheKey);
+    if (cached && cached.expiresAt > now && cached.data !== undefined) {
+      return Promise.resolve(cached.data as T);
+    }
+    if (cached?.promise) {
+      return cached.promise as Promise<T>;
+    }
+    const promise = fetchFn();
+    queryCache.set(cacheKey, {
+      data: undefined as any,
+      expiresAt: now + ttl,
+      promise,
+    });
+    promise.then(data => {
+      queryCache.set(cacheKey, { data, expiresAt: now + ttl });
+    }).catch(() => {
+      queryCache.delete(cacheKey);
+    });
+    return promise;
+  },
+};

package/src/index.ts CHANGED Viewed

@@ -76,6 +76,8 @@ export type { CardProps } from './components/Card/Card';
 export { Input } from './components/Input/Input';
 export type { InputProps } from './components/Input/Input';
+export { AddressField } from './components/AddressField';
+export type { AddressFieldProps, AddressFieldRef, ParsedAddress, AutocompleteOptions } from './components/AddressField';
 export { Label } from './components/Label/Label';
 export type { LabelProps } from './components/Label/Label';

package/src/providers/services/EventServiceProvider.tsx CHANGED Viewed

@@ -50,6 +50,7 @@ export function EventServiceProvider({
   const eventService = eventServiceRef.current;
   // Update service dependencies and initialize when dependencies change
+  // Note: eventService is a ref and never changes, so we don't include it in dependencies
   useEffect(() => {
     let isMounted = true;
@@ -72,7 +73,9 @@ export function EventServiceProvider({
     return () => {
       isMounted = false;
     };
-  }, [eventService, supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId]);
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    // eventService is a ref and never changes, so we exclude it from dependencies
+  }, [supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId]);
   // Cleanup service on unmount only
   useEffect(() => {

package/src/rbac/api.test.ts CHANGED Viewed

@@ -45,6 +45,12 @@ vi.mock('./cache', () => ({
   }
 }));
+vi.mock('./request-deduplication', () => ({
+  getOrCreateRequest: vi.fn((input, checkFn) => checkFn(input)),
+  clearInFlightRequests: vi.fn(),
+  getInFlightRequestCount: vi.fn(() => 0),
+}));
 vi.mock('./config', () => ({
   createRBACConfig: vi.fn(),
   getRBACLogger: vi.fn(() => ({
@@ -120,7 +126,14 @@ describe('RBAC API', () => {
       process.env.NODE_ENV = originalEnv;
       expect(mockCreateRBACEngine).toHaveBeenCalledWith(mockSupabase, undefined);
-      expect(mockCreateAuditManager).toHaveBeenCalledWith(mockSupabase);
+      expect(mockCreateAuditManager).toHaveBeenCalledWith(
+        mockSupabase,
+        true,
+        expect.objectContaining({
+          batchSize: undefined,
+          batchWindow: undefined,
+        })
+      );
       expect(mockSetGlobalAuditManager).toHaveBeenCalledWith(mockAuditManager);
       expect(mockLogger.info).toHaveBeenCalledWith('RBAC system initialized successfully');
     });
@@ -659,7 +672,7 @@ describe('RBAC API', () => {
         });
         expect(result).toBe(true);
-        expect(rbacCache.get).toHaveBeenCalledWith(cacheKey);
+        expect(rbacCache.get).toHaveBeenCalledWith(cacheKey, true);
         expect(mockEngine.isPermitted).not.toHaveBeenCalled();
       });
@@ -689,10 +702,12 @@ describe('RBAC API', () => {
             organisationId: 'org-456'
           })
         );
-        expect(rbacCache.set).toHaveBeenCalledWith(
-          expect.any(String),
-          true
-        );
+        // Check that cache.set was called - pageId presence makes it a page-level check
+        expect(rbacCache.set).toHaveBeenCalled();
+        const setCall = rbacCache.set.mock.calls[0];
+        expect(setCall[0]).toBeTruthy(); // cache key
+        expect(setCall[1]).toBe(true); // result
+        // setCall[2] is TTL (optional), setCall[3] is useSessionCache (true for page-level)
       });
     });

package/src/rbac/api.ts CHANGED Viewed

@@ -27,6 +27,8 @@ import { rbacCache, RBACCache, CACHE_PATTERNS } from './cache';
 import { createRBACConfig, RBACConfig, getRBACLogger } from './config';
 import { SecurityContext } from './security';
 import { createLogger } from '../utils/core/logger';
+import { enablePerformanceMonitoring } from './performance';
+import { getOrCreateRequest } from './request-deduplication';
 const log = createLogger('RBACAPI');
@@ -72,10 +74,20 @@ export function setupRBAC(supabase: SupabaseClient<Database>, config?: Partial<R
   // Pass security config to engine
   globalEngine = createRBACEngine(supabase, securityConfig);
-  // Setup audit manager
-  const auditManager = createAuditManager(supabase);
+  // Setup audit manager with batching configuration
+  const useBatchedAudit = config?.audit?.batched !== false && (config?.performance?.enableBatchedAuditLogging !== false);
+  const batchConfig = useBatchedAudit ? {
+    batchWindow: config?.audit?.batchWindow,
+    batchSize: config?.audit?.batchSize,
+  } : undefined;
+  const auditManager = createAuditManager(supabase, useBatchedAudit, batchConfig);
   setGlobalAuditManager(auditManager);
+  // Setup performance monitoring if enabled
+  if (config?.performance?.enablePerformanceTracking) {
+    enablePerformanceMonitoring();
+  }
   logger.info('RBAC system initialized successfully');
 }
@@ -195,13 +207,16 @@ export async function isPermitted(input: PermissionCheck): Promise<boolean> {
 /**
  * Check if user has a specific permission (cached version)
  *
+ * Uses request deduplication to share in-flight requests across components
+ * and checks cache before making new requests. Uses session cache for page-level checks.
+ *
  * @param input - Permission check input
  * @returns Promise resolving to permission result
  */
 export async function isPermittedCached(input: PermissionCheck): Promise<boolean> {
   const { userId, scope, permission, pageId } = input;
-  // Check cache first
+  // Check cache first (checks both short-term and session cache)
   const cacheKey = RBACCache.generatePermissionKey({
     userId,
     organisationId: scope.organisationId!,
@@ -211,18 +226,24 @@ export async function isPermittedCached(input: PermissionCheck): Promise<boolean
     pageId,
   });
-  const cached = rbacCache.get<boolean>(cacheKey);
+  const cached = rbacCache.get<boolean>(cacheKey, true);
   if (cached !== null) {
     return cached;
   }
-  // Check permission
-  const result = await isPermitted(input);
-  // Cache result
-  rbacCache.set(cacheKey, result);
-  return result;
+  // Use request deduplication - if same request is in-flight, share the promise
+  return getOrCreateRequest(input, async (checkInput) => {
+    // Check permission
+    const result = await isPermitted(checkInput);
+    // Determine if this is a page-level check (has pageId or permission contains 'page.')
+    const isPageLevelCheck = !!pageId || permission.includes('page.');
+    // Cache result - use session cache for page-level checks
+    rbacCache.set(cacheKey, result, undefined, isPageLevelCheck);
+    return result;
+  });
 }
 /**