npm - @jmruthers/pace-core - Versions diffs - 0.5.186 → 0.5.188 - Mend

@jmruthers/pace-core 0.5.186 → 0.5.188

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (290) hide show

package/dist/{DataTable-IX2NBUTP.js → DataTable-GUFUNZ3N.js} +7 -7
package/dist/{DataTable-Z9NLVJh0.d.ts → DataTable-IVYljGJ6.d.ts} +1 -1
package/dist/{PublicPageProvider-DIzEzwKl.d.ts → PublicPageProvider-DrLDztHt.d.ts} +211 -106
package/dist/{UnifiedAuthProvider-A4BCQRJY.js → UnifiedAuthProvider-643PUAIM.js} +2 -2
package/dist/{api-BMFCXVQX.js → api-YP7XD5L6.js} +3 -3
package/dist/{audit-WRS3KJKI.js → audit-B5P6FFIR.js} +2 -2
package/dist/{chunk-HGPQUCBC.js → chunk-2UUZZJFT.js} +3 -3
package/dist/{chunk-445GEP27.js → chunk-3GOZZZYH.js} +33 -8
package/dist/chunk-3GOZZZYH.js.map +1 -0
package/dist/{chunk-FSFQFJCU.js → chunk-63FOKYGO.js} +174 -6
package/dist/chunk-63FOKYGO.js.map +1 -0
package/dist/{chunk-DAGICKHT.js → chunk-DDM4CCYT.js} +3 -3
package/dist/{chunk-XAUHJD3L.js → chunk-E7UAOUMY.js} +2 -2
package/dist/{chunk-HDCUMOOI.js → chunk-EFCLXK7F.js} +792 -559
package/dist/chunk-EFCLXK7F.js.map +1 -0
package/dist/{chunk-U6WNSFX5.js → chunk-HEHYGYOX.js} +279 -44
package/dist/chunk-HEHYGYOX.js.map +1 -0
package/dist/{chunk-GRIQLQ52.js → chunk-IM4QE42D.js} +27 -23
package/dist/chunk-IM4QE42D.js.map +1 -0
package/dist/{chunk-OALXJH4Y.js → chunk-IPCH26AG.js} +8 -8
package/dist/chunk-IPCH26AG.js.map +1 -0
package/dist/{chunk-UQWSHFVX.js → chunk-SAUPYVLF.js} +1 -1
package/dist/{chunk-UQWSHFVX.js.map → chunk-SAUPYVLF.js.map} +1 -1
package/dist/{chunk-TC7D3CR3.js → chunk-UNOTYLQF.js} +556 -101
package/dist/chunk-UNOTYLQF.js.map +1 -0
package/dist/{chunk-FXFJRTKI.js → chunk-VGZZXKBR.js} +5 -5
package/dist/chunk-VGZZXKBR.js.map +1 -0
package/dist/chunk-YHCN776L.js +447 -0
package/dist/chunk-YHCN776L.js.map +1 -0
package/dist/components.d.ts +4 -4
package/dist/components.js +12 -10
package/dist/components.js.map +1 -1
package/dist/{file-reference-PRTSLxKx.d.ts → file-reference-D037xOFK.d.ts} +0 -1
package/dist/hooks.d.ts +221 -6
package/dist/hooks.js +146 -49
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +24 -9
package/dist/index.js +62 -28
package/dist/index.js.map +1 -1
package/dist/providers.js +1 -1
package/dist/rbac/index.d.ts +124 -7
package/dist/rbac/index.js +27 -7
package/dist/{types-DUyCRSTj.d.ts → types-Bwgl--Xo.d.ts} +162 -1
package/dist/types.d.ts +1 -1
package/dist/types.js +1 -1
package/dist/{usePublicRouteParams-D71QLlg4.d.ts → usePublicRouteParams-CTDELQ7H.d.ts} +2 -2
package/dist/utils.d.ts +213 -3
package/dist/utils.js +22 -2
package/dist/utils.js.map +1 -1
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +1 -1
package/docs/api/classes/Logger.md +1 -1
package/docs/api/classes/MissingUserContextError.md +1 -1
package/docs/api/classes/OrganisationContextRequiredError.md +1 -1
package/docs/api/classes/PermissionDeniedError.md +1 -1
package/docs/api/classes/RBACAuditManager.md +21 -17
package/docs/api/classes/RBACCache.md +31 -23
package/docs/api/classes/RBACEngine.md +5 -5
package/docs/api/classes/RBACError.md +1 -1
package/docs/api/classes/RBACNotInitializedError.md +1 -1
package/docs/api/classes/SecureSupabaseClient.md +1 -1
package/docs/api/classes/StorageUtils.md +1 -1
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/enums/LogLevel.md +1 -1
package/docs/api/enums/RBACErrorCode.md +1 -1
package/docs/api/enums/RPCFunction.md +1 -1
package/docs/api/interfaces/AddressFieldProps.md +241 -0
package/docs/api/interfaces/AddressFieldRef.md +94 -0
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/AutocompleteOptions.md +75 -0
package/docs/api/interfaces/BadgeProps.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CalendarProps.md +1 -1
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/ComplianceResult.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +1 -1
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/DatabaseComplianceResult.md +1 -1
package/docs/api/interfaces/DatabaseIssue.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventAppRoleData.md +1 -1
package/docs/api/interfaces/ExportColumn.md +1 -1
package/docs/api/interfaces/ExportOptions.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +15 -15
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +1 -1
package/docs/api/interfaces/FileUploadProps.md +1 -1
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/FormFieldProps.md +1 -1
package/docs/api/interfaces/FormProps.md +1 -1
package/docs/api/interfaces/GrantEventAppRoleParams.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoggerConfig.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +1 -1
package/docs/api/interfaces/NavigationContextType.md +1 -1
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +1 -1
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +1 -1
package/docs/api/interfaces/PagePermissionContextType.md +1 -1
package/docs/api/interfaces/PagePermissionGuardProps.md +11 -11
package/docs/api/interfaces/PagePermissionProviderProps.md +1 -1
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/ParsedAddress.md +120 -0
package/docs/api/interfaces/PermissionEnforcerProps.md +1 -1
package/docs/api/interfaces/ProgressProps.md +1 -1
package/docs/api/interfaces/ProtectedRouteProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/QuickFix.md +1 -1
package/docs/api/interfaces/RBACAccessValidateParams.md +1 -1
package/docs/api/interfaces/RBACAccessValidateResult.md +1 -1
package/docs/api/interfaces/RBACAuditLogParams.md +1 -1
package/docs/api/interfaces/RBACAuditLogResult.md +1 -1
package/docs/api/interfaces/RBACConfig.md +26 -3
package/docs/api/interfaces/RBACContext.md +1 -1
package/docs/api/interfaces/RBACLogger.md +5 -5
package/docs/api/interfaces/RBACPageAccessCheckParams.md +1 -1
package/docs/api/interfaces/RBACPerformanceMetrics.md +138 -0
package/docs/api/interfaces/RBACPermissionCheckParams.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckResult.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetParams.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetResult.md +1 -1
package/docs/api/interfaces/RBACResult.md +1 -1
package/docs/api/interfaces/RBACRoleGrantParams.md +1 -1
package/docs/api/interfaces/RBACRoleGrantResult.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeParams.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeResult.md +1 -1
package/docs/api/interfaces/RBACRoleValidateParams.md +1 -1
package/docs/api/interfaces/RBACRoleValidateResult.md +1 -1
package/docs/api/interfaces/RBACRolesListParams.md +1 -1
package/docs/api/interfaces/RBACRolesListResult.md +1 -1
package/docs/api/interfaces/RBACSessionTrackParams.md +1 -1
package/docs/api/interfaces/RBACSessionTrackResult.md +1 -1
package/docs/api/interfaces/ResourcePermissions.md +1 -1
package/docs/api/interfaces/RevokeEventAppRoleParams.md +1 -1
package/docs/api/interfaces/RoleBasedRouterContextType.md +1 -1
package/docs/api/interfaces/RoleBasedRouterProps.md +1 -1
package/docs/api/interfaces/RoleManagementResult.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +1 -1
package/docs/api/interfaces/RouteConfig.md +1 -1
package/docs/api/interfaces/RuntimeComplianceResult.md +1 -1
package/docs/api/interfaces/SecureDataContextType.md +1 -1
package/docs/api/interfaces/SecureDataProviderProps.md +1 -1
package/docs/api/interfaces/SessionRestorationLoaderProps.md +1 -1
package/docs/api/interfaces/SetupIssue.md +1 -1
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/TabsContentProps.md +1 -1
package/docs/api/interfaces/TabsListProps.md +1 -1
package/docs/api/interfaces/TabsProps.md +1 -1
package/docs/api/interfaces/TabsTriggerProps.md +1 -1
package/docs/api/interfaces/TextareaProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +1 -1
package/docs/api/interfaces/UnifiedAuthProviderProps.md +1 -1
package/docs/api/interfaces/UseFormDialogOptions.md +1 -1
package/docs/api/interfaces/UseFormDialogReturn.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +1 -1
package/docs/api/interfaces/UseResolvedScopeReturn.md +1 -1
package/docs/api/interfaces/UseResourcePermissionsOptions.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +1 -1
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +318 -59
package/docs/best-practices/performance.md +11 -0
package/docs/getting-started/examples/README.md +2 -2
package/docs/implementation-guides/file-upload-storage.md +29 -0
package/docs/implementation-guides/public-pages.md +140 -1230
package/docs/rbac/README.md +2 -1
package/docs/rbac/api-reference.md +11 -0
package/docs/rbac/performance.md +320 -0
package/docs/standards/01-architecture-standard.md +5 -0
package/docs/standards/05-security-standard.md +14 -0
package/docs/standards/07-rbac-and-rls-standard.md +356 -0
package/package.json +1 -1
package/src/__tests__/public-recipe-view.test.ts +199 -0
package/src/__tests__/rls-policies.test.ts +333 -0
package/src/components/AddressField/AddressField.test.tsx +411 -0
package/src/components/AddressField/AddressField.tsx +323 -0
package/src/components/AddressField/README.md +336 -0
package/src/components/AddressField/index.ts +10 -0
package/src/components/AddressField/types.ts +65 -0
package/src/components/FileDisplay/FileDisplay.test.tsx +454 -0
package/src/components/FileDisplay/FileDisplay.tsx +28 -1
package/src/components/index.ts +2 -0
package/src/hooks/__tests__/useFileDisplay.unit.test.ts +30 -5
package/src/hooks/__tests__/useOrganisationSecurity.unit.test.tsx +11 -10
package/src/hooks/__tests__/usePublicFileDisplay.test.ts +31 -6
package/src/hooks/index.ts +6 -0
package/src/hooks/public/usePublicFileDisplay.ts +8 -10
package/src/hooks/useAddressAutocomplete.test.ts +318 -0
package/src/hooks/useAddressAutocomplete.ts +268 -0
package/src/hooks/useFileDisplay.ts +3 -15
package/src/hooks/useFileReference.test.ts +20 -3
package/src/hooks/useFileReference.ts +3 -24
package/src/hooks/useFileUrlCache.ts +246 -0
package/src/hooks/useInactivityTracker.ts +31 -20
package/src/hooks/useOrganisationSecurity.test.ts +10 -7
package/src/hooks/useOrganisationSecurity.ts +3 -3
package/src/hooks/useQueryCache.ts +315 -0
package/src/index.ts +2 -0
package/src/providers/services/EventServiceProvider.tsx +4 -1
package/src/rbac/api.test.ts +21 -6
package/src/rbac/api.ts +32 -11
package/src/rbac/audit-batched.ts +223 -0
package/src/rbac/audit-enhanced.ts +2 -2
package/src/rbac/audit.test.ts +6 -5
package/src/rbac/audit.ts +34 -6
package/src/rbac/cache-invalidation.ts +63 -12
package/src/rbac/cache.test.ts +2 -2
package/src/rbac/cache.ts +61 -14
package/src/rbac/components/PagePermissionGuard.tsx +19 -10
package/src/rbac/components/__tests__/PagePermissionGuard.performance.test.tsx +248 -0
package/src/rbac/config.ts +9 -0
package/src/rbac/engine.ts +2 -21
package/src/rbac/hooks/usePermissions.ts +21 -5
package/src/rbac/index.ts +19 -0
package/src/rbac/performance.ts +210 -0
package/src/rbac/request-deduplication.ts +87 -0
package/src/rbac/utils/deep-equal.ts +93 -0
package/src/services/OrganisationService.ts +5 -4
package/src/types/file-reference.ts +0 -1
package/src/utils/file-reference/__tests__/file-reference.test.ts +31 -4
package/src/utils/file-reference/index.ts +44 -15
package/src/utils/google-places/googlePlacesUtils.test.ts +403 -0
package/src/utils/google-places/googlePlacesUtils.ts +475 -0
package/src/utils/google-places/index.ts +26 -0
package/src/utils/google-places/loadGoogleMapsScript.ts +207 -0
package/src/utils/google-places/types.ts +94 -0
package/src/utils/index.ts +23 -0
package/src/utils/request-deduplication.ts +165 -0
package/src/utils/storage/helpers.ts +143 -4
package/dist/chunk-445GEP27.js.map +0 -1
package/dist/chunk-FMUCXFII.js +0 -76
package/dist/chunk-FMUCXFII.js.map +0 -1
package/dist/chunk-FSFQFJCU.js.map +0 -1
package/dist/chunk-FXFJRTKI.js.map +0 -1
package/dist/chunk-GRIQLQ52.js.map +0 -1
package/dist/chunk-HDCUMOOI.js.map +0 -1
package/dist/chunk-OALXJH4Y.js.map +0 -1
package/dist/chunk-TC7D3CR3.js.map +0 -1
package/dist/chunk-U6WNSFX5.js.map +0 -1
/package/dist/{DataTable-IX2NBUTP.js.map → DataTable-GUFUNZ3N.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-A4BCQRJY.js.map → UnifiedAuthProvider-643PUAIM.js.map} +0 -0
/package/dist/{api-BMFCXVQX.js.map → api-YP7XD5L6.js.map} +0 -0
/package/dist/{audit-WRS3KJKI.js.map → audit-B5P6FFIR.js.map} +0 -0
/package/dist/{chunk-HGPQUCBC.js.map → chunk-2UUZZJFT.js.map} +0 -0
/package/dist/{chunk-DAGICKHT.js.map → chunk-DDM4CCYT.js.map} +0 -0
/package/dist/{chunk-XAUHJD3L.js.map → chunk-E7UAOUMY.js.map} +0 -0

package/src/rbac/components/PagePermissionGuard.tsx CHANGED Viewed

@@ -73,6 +73,7 @@ import { useUnifiedAuth } from '../../providers/services/UnifiedAuthProvider';
 import { UUID, Permission, Scope } from '../types';
 import { createScopeFromEvent } from '../utils/eventContext';
 import { getRBACLogger } from '../config';
+import { scopeEqual } from '../utils/deep-equal';
 export interface PagePermissionGuardProps {
   /** Name of the page being protected */
@@ -333,17 +334,24 @@ const PagePermissionGuardComponent = ({
   // Create a stable scope that only includes valid values
   // OrganisationId is required - use undefined if not available, useCan will handle loading state
+  // Use ref to track previous scope for deep equality comparison
+  const prevScopeRef = useRef<Scope | null>(null);
   const stableScope = useMemo(() => {
-    if (resolvedScope && resolvedScope.organisationId) {
-      return {
-        organisationId: resolvedScope.organisationId,
-        appId: resolvedScope.appId || undefined,
-        eventId: resolvedScope.eventId || undefined
-      };
+    const newScope: Scope = resolvedScope && resolvedScope.organisationId
+      ? {
+          organisationId: resolvedScope.organisationId,
+          appId: resolvedScope.appId || undefined,
+          eventId: resolvedScope.eventId || undefined
+        }
+      : { organisationId: undefined, appId: undefined, eventId: undefined };
+    // Only return new object if scope actually changed (deep equality check)
+    if (scopeEqual(prevScopeRef.current, newScope)) {
+      return prevScopeRef.current!;
     }
-    // Return scope without organisationId - useCan will keep loading state until resolved
-    // Scope.organisationId is optional, so undefined is valid
-    return { organisationId: undefined, appId: undefined, eventId: undefined };
+    prevScopeRef.current = newScope;
+    return newScope;
   }, [resolvedScope]);
   // Check if user has permission - only call useCan when we have a resolved scope with valid organisationId
@@ -487,5 +495,6 @@ function DefaultLoading() {
   );
 };
-export const PagePermissionGuard = PagePermissionGuardComponent;
+// Memoize component to prevent unnecessary re-renders when props haven't changed
+export const PagePermissionGuard = React.memo(PagePermissionGuardComponent);
 export default PagePermissionGuard;

package/src/rbac/components/__tests__/PagePermissionGuard.performance.test.tsx ADDED Viewed

@@ -0,0 +1,248 @@
+/**
+ * Performance tests for PagePermissionGuard
+ * @package @jmruthers/pace-core
+ * @module RBAC/Components/PagePermissionGuard/Performance
+ * @since 2.0.0
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { render, screen, waitFor } from '@testing-library/react';
+import React from 'react';
+import { PagePermissionGuard } from '../PagePermissionGuard';
+import { useCan } from '../../hooks';
+import { useUnifiedAuth } from '../../../providers/services/UnifiedAuthProvider';
+import { clearInFlightRequests, getInFlightRequestCount } from '../../request-deduplication';
+import { rbacCache } from '../../cache';
+// Mock dependencies - use same path as component
+vi.mock('../../hooks', () => ({
+  useCan: vi.fn()
+}));
+// Mock the auth provider
+const mockUseUnifiedAuthFn = vi.fn();
+vi.mock('../../../providers/services/UnifiedAuthProvider', () => ({
+  useUnifiedAuth: () => mockUseUnifiedAuthFn(),
+  UnifiedAuthProvider: ({ children }: { children: React.ReactNode }) => <>{children}</>,
+}));
+// Mock the event context utility
+vi.mock('../../utils/eventContext', () => ({
+  createScopeFromEvent: vi.fn()
+}));
+// Mock the app name resolver
+vi.mock('../../../utils/app/appNameResolver', () => ({
+  getCurrentAppName: vi.fn(() => 'test-app')
+}));
+import { createScopeFromEvent } from '../../utils/eventContext';
+import { getCurrentAppName } from '../../../utils/app/appNameResolver';
+const mockUseCan = vi.mocked(useCan);
+const mockCreateScopeFromEvent = vi.mocked(createScopeFromEvent);
+const mockGetCurrentAppName = vi.mocked(getCurrentAppName);
+describe('PagePermissionGuard Performance', () => {
+  const mockUser = {
+    id: 'user-123',
+    email: 'test@example.com',
+  };
+  const mockOrganisation = {
+    id: 'org-123',
+    name: 'Test Org',
+  };
+  const mockEvent = {
+    event_id: 'event-123',
+    name: 'Test Event',
+  };
+  const mockScope = {
+    organisationId: 'org-123',
+    eventId: 'event-123',
+    appId: 'app-123',
+  };
+  beforeEach(() => {
+    vi.clearAllMocks();
+    clearInFlightRequests();
+    rbacCache.clear();
+    // Set up mocks to match working test exactly
+    mockUseUnifiedAuthFn.mockReturnValue({
+      user: mockUser,
+      selectedOrganisation: { id: 'org-123' },
+      selectedEvent: { event_id: 'event-123' },
+      appId: 'app-123', // Required for scope resolution
+      supabase: {
+        from: vi.fn().mockReturnValue({
+          select: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockReturnValue({
+                single: vi.fn().mockResolvedValue({
+                  data: { id: 'app-123', name: 'test-app', is_active: true },
+                  error: null
+                })
+              })
+            })
+          })
+        })
+      } as any
+    });
+    mockGetCurrentAppName.mockReturnValue('test-app');
+    // Mock useCan to return permission granted
+    // Use mockImplementation to handle all calls, including initial calls with undefined scope
+    mockUseCan.mockImplementation(() => ({
+      can: true,
+      isLoading: false,
+      error: null,
+      refetch: vi.fn(),
+    }));
+  });
+  describe('Request Deduplication', () => {
+    it('should deduplicate requests when multiple instances check the same permission', async () => {
+      // Ensure useCan returns permission granted
+      mockUseCan.mockImplementation(() => ({
+        can: true,
+        isLoading: false,
+        error: null,
+        refetch: vi.fn(),
+      }));
+      render(
+        <>
+          <PagePermissionGuard pageName="dashboard" operation="read">
+            <div data-testid="content-1">Content 1</div>
+          </PagePermissionGuard>
+          <PagePermissionGuard pageName="dashboard" operation="read">
+            <div data-testid="content-2">Content 2</div>
+          </PagePermissionGuard>
+          <PagePermissionGuard pageName="dashboard" operation="read">
+            <div data-testid="content-3">Content 3</div>
+          </PagePermissionGuard>
+        </>
+      );
+      // Wait for scope resolution and permission check to complete
+      // The component resolves scope asynchronously, so we need to wait
+      await waitFor(() => {
+        expect(screen.getByTestId('content-1')).toBeInTheDocument();
+        expect(screen.getByTestId('content-2')).toBeInTheDocument();
+        expect(screen.getByTestId('content-3')).toBeInTheDocument();
+      }, { interval: 10 });
+      // Verify useCan was called (deduplication happens at API level, not hook level)
+      expect(mockUseCan).toHaveBeenCalled();
+    });
+    it('should track in-flight requests correctly', () => {
+      expect(getInFlightRequestCount()).toBe(0);
+    });
+  });
+  describe('Cache Performance', () => {
+    it('should use cached results on subsequent renders', async () => {
+      let checkCount = 0;
+      mockUseCan.mockImplementation(() => {
+        checkCount++;
+        return {
+          can: true,
+          isLoading: false,
+          error: null,
+          refetch: vi.fn(),
+        };
+      });
+      const { rerender } = render(
+        <PagePermissionGuard pageName="dashboard" operation="read">
+          <div data-testid="content">Content</div>
+        </PagePermissionGuard>
+      );
+      await waitFor(() => {
+        expect(screen.getByTestId('content')).toBeInTheDocument();
+      }, { interval: 10 });
+      const initialCheckCount = checkCount;
+      // Rerender with same props
+      rerender(
+        <PagePermissionGuard pageName="dashboard" operation="read">
+          <div data-testid="content">Content</div>
+        </PagePermissionGuard>
+      );
+      await waitFor(() => {
+        expect(screen.getByTestId('content')).toBeInTheDocument();
+      }, { interval: 10 });
+      // Should not increase check count significantly due to memoization
+      // Allow some margin for React's rendering behavior
+      expect(checkCount).toBeLessThanOrEqual(initialCheckCount + 2);
+    });
+  });
+  describe('Render Performance', () => {
+    it('should not cause excessive re-renders', () => {
+      let renderCount = 0;
+      const TestComponent = () => {
+        renderCount++;
+        return (
+          <PagePermissionGuard pageName="dashboard" operation="read">
+            <div data-testid="content">Content</div>
+          </PagePermissionGuard>
+        );
+      };
+      render(<TestComponent />);
+      // Should not have excessive re-renders
+      expect(renderCount).toBeLessThan(10);
+    });
+    it('should memoize scope objects to prevent unnecessary re-renders', async () => {
+      // Ensure useCan returns permission granted
+      mockUseCan.mockImplementation(() => ({
+        can: true,
+        isLoading: false,
+        error: null,
+        refetch: vi.fn(),
+      }));
+      const { rerender } = render(
+        <PagePermissionGuard pageName="dashboard" operation="read">
+          <div data-testid="content">Content</div>
+        </PagePermissionGuard>
+      );
+      await waitFor(() => {
+        expect(screen.getByTestId('content')).toBeInTheDocument();
+      }, { interval: 10 });
+      const initialCallCount = mockUseCan.mock.calls.length;
+      // Rerender with same props
+      rerender(
+        <PagePermissionGuard pageName="dashboard" operation="read">
+          <div data-testid="content">Content</div>
+        </PagePermissionGuard>
+      );
+      await waitFor(() => {
+        expect(screen.getByTestId('content')).toBeInTheDocument();
+      }, { interval: 10 });
+      // useCan should be called, but scope memoization prevents excessive calls
+      // Allow some margin for React's rendering behavior
+      expect(mockUseCan.mock.calls.length).toBeLessThanOrEqual(initialCallCount + 2);
+    });
+  });
+});

package/src/rbac/config.ts CHANGED Viewed

@@ -22,12 +22,21 @@ export interface RBACConfig {
   cache?: {
     ttl?: number;
     enabled?: boolean;
+    sessionTtl?: number; // Session cache TTL in milliseconds (default: 5 minutes)
   };
   audit?: {
     enabled?: boolean;
     logLevel?: LogLevel;
+    batched?: boolean; // Enable batched audit logging (default: true)
+    batchWindow?: number; // Time window in milliseconds (default: 100ms)
+    batchSize?: number; // Maximum batch size (default: 10)
   };
   security?: Partial<RBACSecurityConfig>;
+  performance?: {
+    enableRequestDeduplication?: boolean; // Enable request deduplication (default: true)
+    enableBatchedAuditLogging?: boolean; // Enable batched audit logging (default: true)
+    enablePerformanceTracking?: boolean; // Enable performance tracking (default: false in production)
+  };
 }
 export interface RBACLogger {

package/src/rbac/engine.ts CHANGED Viewed

@@ -156,27 +156,8 @@ export class RBACEngine {
         cacheHit = true;
         cacheSource = 'memory';
-        const duration = Date.now() - startTime;
-        // Audit cache hit (if organisation context exists)
-        if (scope.organisationId) {
-          const resolvedPageId = await this.resolvePageId(pageId, scope.appId);
-          await emitAuditEvent({
-            type: 'permission_check',
-            userId,
-            organisationId: scope.organisationId,
-            eventId: scope.eventId,
-            appId: scope.appId,
-            pageId: resolvedPageId,
-            permission,
-            decision: cached,
-            source: 'api',
-            duration_ms: duration,
-            cache_hit: true,
-            cache_source: 'memory',
-          });
-        }
+        // Skip audit logging for cached checks (only log on cache miss)
+        // This significantly reduces network requests
         return cached;
       }

package/src/rbac/hooks/usePermissions.ts CHANGED Viewed

@@ -22,6 +22,7 @@ import {
   isPermittedCached
 } from '../api';
 import { getRBACLogger } from '../config';
+import { scopeEqual } from '../utils/deep-equal';
 /**
  * Hook to get user's permissions in a scope
@@ -337,20 +338,35 @@ export function useCan(
   const lastPageIdRef = useRef<UUID | undefined | null>(null);
   const lastUseCacheRef = useRef<boolean | null>(null);
+  // Create a stable scope object for comparison
+  const stableScope = useMemo(() => {
+    if (!isValidScope) {
+      return null;
+    }
+    return {
+      organisationId,
+      eventId,
+      appId,
+    };
+  }, [isValidScope, organisationId, eventId, appId]);
+  // Track previous scope for deep equality comparison
+  const prevScopeRef = useRef<Scope | null>(null);
   useEffect(() => {
-    // Create a scope key to track changes - use safe property access
-    const scopeKey = isValidScope ? `${organisationId}-${eventId}-${appId}` : 'invalid-scope';
+    // Use deep equality check for scope to prevent unnecessary re-runs
+    const scopeChanged = !scopeEqual(prevScopeRef.current, stableScope);
     // Only run if something has actually changed
     if (
       lastUserIdRef.current !== userId ||
-      lastScopeRef.current !== scopeKey ||
+      scopeChanged ||
       lastPermissionRef.current !== permission ||
       lastPageIdRef.current !== pageId ||
       lastUseCacheRef.current !== useCache
     ) {
       lastUserIdRef.current = userId;
-      lastScopeRef.current = scopeKey;
+      prevScopeRef.current = stableScope;
       lastPermissionRef.current = permission;
       lastPageIdRef.current = pageId;
       lastUseCacheRef.current = useCache;
@@ -410,7 +426,7 @@ export function useCan(
       checkPermission();
     }
-  }, [userId, isValidScope, organisationId, eventId, appId, permission, pageId, useCache]);
+  }, [userId, stableScope, permission, pageId, useCache]);
   const refetch = useCallback(async () => {
     if (!userId) {

package/src/rbac/index.ts CHANGED Viewed

@@ -59,6 +59,25 @@ export {
   CACHE_PATTERNS,
 } from './cache';
+// Performance monitoring
+export {
+  enablePerformanceMonitoring,
+  disablePerformanceMonitoring,
+  isPerformanceMonitoringEnabled,
+  recordPermissionCheck,
+  recordAuditEvent,
+  getPerformanceMetrics,
+  resetPerformanceMetrics,
+  getPerformanceSummary,
+  type RBACPerformanceMetrics,
+} from './performance';
+// Request deduplication
+export {
+  clearInFlightRequests,
+  getInFlightRequestCount,
+} from './request-deduplication';
 // Audit
 export {
   RBACAuditManager,

package/src/rbac/performance.ts ADDED Viewed

@@ -0,0 +1,210 @@
+/**
+ * Performance Monitoring for RBAC
+ * @package @jmruthers/pace-core
+ * @module RBAC/Performance
+ * @since 2.0.0
+ *
+ * This module provides performance monitoring and metrics tracking for RBAC operations.
+ */
+export interface RBACPerformanceMetrics {
+  /** Total number of permission checks */
+  totalChecks: number;
+  /** Number of cache hits */
+  cacheHits: number;
+  /** Number of cache misses */
+  cacheMisses: number;
+  /** Cache hit rate (0-1) */
+  cacheHitRate: number;
+  /** Number of deduplicated requests */
+  deduplicatedRequests: number;
+  /** Total number of network requests made */
+  networkRequests: number;
+  /** Average response time in milliseconds */
+  averageResponseTime: number;
+  /** Total response time in milliseconds */
+  totalResponseTime: number;
+  /** Number of batched audit events */
+  batchedAuditEvents: number;
+  /** Number of individual audit events */
+  individualAuditEvents: number;
+}
+class RBACPerformanceMonitor {
+  private metrics: RBACPerformanceMetrics = {
+    totalChecks: 0,
+    cacheHits: 0,
+    cacheMisses: 0,
+    cacheHitRate: 0,
+    deduplicatedRequests: 0,
+    networkRequests: 0,
+    averageResponseTime: 0,
+    totalResponseTime: 0,
+    batchedAuditEvents: 0,
+    individualAuditEvents: 0,
+  };
+  private enabled: boolean = false;
+  /**
+   * Enable or disable performance monitoring
+   */
+  setEnabled(enabled: boolean): void {
+    this.enabled = enabled;
+  }
+  /**
+   * Check if performance monitoring is enabled
+   */
+  isEnabled(): boolean {
+    return this.enabled;
+  }
+  /**
+   * Record a permission check
+   */
+  recordCheck(cacheHit: boolean, responseTime: number, wasDeduplicated: boolean = false): void {
+    if (!this.enabled) {
+      return;
+    }
+    this.metrics.totalChecks++;
+    if (cacheHit) {
+      this.metrics.cacheHits++;
+    } else {
+      this.metrics.cacheMisses++;
+      this.metrics.networkRequests++;
+    }
+    if (wasDeduplicated) {
+      this.metrics.deduplicatedRequests++;
+    }
+    this.metrics.totalResponseTime += responseTime;
+    this.metrics.averageResponseTime = this.metrics.totalResponseTime / this.metrics.totalChecks;
+    this.metrics.cacheHitRate = this.metrics.cacheHits / this.metrics.totalChecks;
+  }
+  /**
+   * Record an audit event
+   */
+  recordAuditEvent(batched: boolean): void {
+    if (!this.enabled) {
+      return;
+    }
+    if (batched) {
+      this.metrics.batchedAuditEvents++;
+    } else {
+      this.metrics.individualAuditEvents++;
+    }
+  }
+  /**
+   * Get current metrics
+   */
+  getMetrics(): RBACPerformanceMetrics {
+    return { ...this.metrics };
+  }
+  /**
+   * Reset all metrics
+   */
+  reset(): void {
+    this.metrics = {
+      totalChecks: 0,
+      cacheHits: 0,
+      cacheMisses: 0,
+      cacheHitRate: 0,
+      deduplicatedRequests: 0,
+      networkRequests: 0,
+      averageResponseTime: 0,
+      totalResponseTime: 0,
+      batchedAuditEvents: 0,
+      individualAuditEvents: 0,
+    };
+  }
+  /**
+   * Get metrics summary as a formatted string
+   */
+  getSummary(): string {
+    const m = this.metrics;
+    return `
+RBAC Performance Metrics:
+  Total Checks: ${m.totalChecks}
+  Cache Hits: ${m.cacheHits} (${(m.cacheHitRate * 100).toFixed(1)}%)
+  Cache Misses: ${m.cacheMisses}
+  Deduplicated Requests: ${m.deduplicatedRequests}
+  Network Requests: ${m.networkRequests}
+  Average Response Time: ${m.averageResponseTime.toFixed(2)}ms
+  Batched Audit Events: ${m.batchedAuditEvents}
+  Individual Audit Events: ${m.individualAuditEvents}
+`;
+  }
+}
+// Global performance monitor instance
+const performanceMonitor = new RBACPerformanceMonitor();
+/**
+ * Enable performance monitoring
+ */
+export function enablePerformanceMonitoring(): void {
+  performanceMonitor.setEnabled(true);
+}
+/**
+ * Disable performance monitoring
+ */
+export function disablePerformanceMonitoring(): void {
+  performanceMonitor.setEnabled(false);
+}
+/**
+ * Check if performance monitoring is enabled
+ */
+export function isPerformanceMonitoringEnabled(): boolean {
+  return performanceMonitor.isEnabled();
+}
+/**
+ * Record a permission check
+ */
+export function recordPermissionCheck(
+  cacheHit: boolean,
+  responseTime: number,
+  wasDeduplicated: boolean = false
+): void {
+  performanceMonitor.recordCheck(cacheHit, responseTime, wasDeduplicated);
+}
+/**
+ * Record an audit event
+ */
+export function recordAuditEvent(batched: boolean): void {
+  performanceMonitor.recordAuditEvent(batched);
+}
+/**
+ * Get current performance metrics
+ */
+export function getPerformanceMetrics(): RBACPerformanceMetrics {
+  return performanceMonitor.getMetrics();
+}
+/**
+ * Reset performance metrics
+ */
+export function resetPerformanceMetrics(): void {
+  performanceMonitor.reset();
+}
+/**
+ * Get performance metrics summary
+ */
+export function getPerformanceSummary(): string {
+  return performanceMonitor.getSummary();
+}