@jmruthers/pace-core 0.5.189 → 0.5.190

package/dist/rbac/index.d.ts

@@ -7,6 +7,25 @@ import * as react_jsx_runtime from 'react/jsx-runtime';
 import React__default, { ReactNode } from 'react';
 import '../core-CUElvH_C.js';
 
+/**
+ * Context Validator for RBAC
+ * @package @jmruthers/pace-core
+ * @module RBAC/ContextValidator
+ * @since 1.0.0
+ *
+ * Centralized validation for RBAC context requirements based on app configuration.
+ * Enforces app-specific context rules with single primary context:
+ * - requires_event = TRUE: Event is PRIMARY context, org derived from event (org not required in input)
+ * - requires_event = FALSE: Organisation is PRIMARY context, event optional
+ * - PORTAL/ADMIN apps: Both contexts optional (allows users to view/edit own profiles, super admin access)
+ *
+ * Key principle: Only one primary context is required based on app config. The other is derived or optional.
+ */
+
+interface AppConfig {
+    requires_event: boolean;
+}
+
 /**
  * RBAC Security Enhancements
  * @package @jmruthers/pace-core
@@ -34,7 +53,7 @@ interface RBACSecurityConfig {
  */
 interface SecurityContext {
     userId: UUID;
-    organisationId: UUID;
+    organisationId: UUID | null;
     ipAddress?: string;
     userAgent?: string;
     timestamp: Date;
@@ -102,6 +121,9 @@ declare function isDevelopmentMode(): boolean;
  *
  * This client automatically injects organisation context into all requests
  * and prevents queries that don't have the required context.
+ *
+ * Note: Callers should derive organisationId from eventId before creating this client
+ * if working with event-required apps. The client requires organisationId.
  */
 declare class SecureSupabaseClient {
     private supabase;
@@ -111,7 +133,8 @@ declare class SecureSupabaseClient {
     private organisationId;
     private eventId?;
     private appId?;
-    constructor(supabaseUrl: string, supabaseKey: string, organisationId: UUID, eventId?: string, appId?: UUID);
+    private isSuperAdmin;
+    constructor(supabaseUrl: string, supabaseKey: string, organisationId: UUID, eventId?: string, appId?: UUID, isSuperAdmin?: boolean);
     /**
      * Setup context injection for all database operations
      */
@@ -138,6 +161,17 @@ declare class SecureSupabaseClient {
     private injectContext;
     /**
      * Add organisation filter to a query
+     *
+     * Defense in depth strategy:
+     * - RLS policies are the primary security layer (cannot be bypassed)
+     * - Application-level filtering adds an additional layer of protection
+     *
+     * For rbac_user_profiles:
+     * - Super admins: No org filter (see all users) - RLS will allow access
+     * - Non-super-admins: Apply org filter as defense in depth - RLS will also filter
+     *
+     * For other tables:
+     * - Always apply org filter unless super admin bypasses it
      */
     private addOrganisationFilter;
     /**
@@ -163,6 +197,7 @@ declare class SecureSupabaseClient {
         organisationId?: UUID;
         eventId?: string;
         appId?: UUID;
+        isSuperAdmin?: boolean;
     }): SecureSupabaseClient;
     /**
      * Get the underlying Supabase client (for internal use only)
@@ -178,6 +213,7 @@ declare class SecureSupabaseClient {
  * @param organisationId - Required organisation ID
  * @param eventId - Optional event ID
  * @param appId - Optional app ID
+ * @param isSuperAdmin - Optional super admin flag (defaults to false)
  * @returns SecureSupabaseClient instance
  *
  * @example
@@ -187,11 +223,12 @@ declare class SecureSupabaseClient {
  *   'your-publishable-key-or-anon-key',
  *   'org-123',
  *   'event-456',
- *   'app-789'
+ *   'app-789',
+ *   false // isSuperAdmin
  * );
  * ```
  */
-declare function createSecureClient(supabaseUrl: string, supabaseKey: string, organisationId: UUID, eventId?: string, appId?: UUID): SecureSupabaseClient;
+declare function createSecureClient(supabaseUrl: string, supabaseKey: string, organisationId: UUID, eventId?: string, appId?: UUID, isSuperAdmin?: boolean): SecureSupabaseClient;
 /**
  * Create a secure client from an existing Supabase client
  *
@@ -1395,6 +1432,7 @@ declare function usePermissions(userId: UUID, organisationId: string | undefined
  * @param permission - Permission to check
  * @param pageId - Optional page ID
  * @param useCache - Whether to use cached results
+ * @param appName - Optional app name (for PORTAL/ADMIN special case)
  * @returns Permission check state and methods
  *
  * @example
@@ -1409,7 +1447,7 @@ declare function usePermissions(userId: UUID, organisationId: string | undefined
  * }
  * ```
  */
-declare function useCan(userId: UUID, scope: Scope, permission: Permission, pageId?: UUID, useCache?: boolean): {
+declare function useCan(userId: UUID, scope: Scope, permission: Permission, pageId?: UUID, useCache?: boolean, appName?: string): {
     can: boolean;
     isLoading: boolean;
     error: Error | null;
@@ -1790,7 +1828,7 @@ declare function useRoleManagement(): {
  *
  * - Must be used within `UnifiedAuthProvider` context
  * - Requires `useOrganisations` and `useEvents` hooks to be available
- * - Environment variables `VITE_SUPABASE_URL` and `VITE_SUPABASE_ANON_KEY` must be set
+ * - Environment variables `VITE_SUPABASE_URL` and `VITE_SUPABASE_PUBLISHABLE_KEY` must be set
  *   (or `NEXT_PUBLIC_SUPABASE_URL` and `NEXT_PUBLIC_SUPABASE_ANON_KEY` for Next.js)
  *
  * ## See Also
@@ -1841,6 +1879,24 @@ declare function useRoleManagement(): {
  */
 declare function useSecureSupabase(baseClient?: SupabaseClient<Database> | null): SupabaseClient<Database> | null;
 
+/**
+ * @file useSuperAdminBypass
+ * @package @jmruthers/pace-core
+ *
+ * Detects whether the current user is a super admin, keeps the
+ * server session override flag in sync, and exposes a boolean
+ * that downstream hooks can use to bypass organisation scoping.
+ */
+interface SuperAdminBypassState {
+    /** True when the user has been verified as a super admin */
+    isSuperAdmin: boolean;
+    /** True while the hook is checking the server */
+    isLoading: boolean;
+    /** Error returned by the verification request, if any */
+    error: Error | null;
+}
+declare function useSuperAdminBypass(): SuperAdminBypassState;
+
 /**
  * RBAC Adapters
  * @package @jmruthers/pace-core
@@ -2134,6 +2190,8 @@ declare function setupRBAC(supabase: SupabaseClient<Database>, config?: Partial<
  * Get user's access level in a scope
  *
  * @param input - Access level input
+ * @param appConfig - Optional app configuration
+ * @param appName - Optional app name
  * @returns Promise resolving to access level
  *
  * @example
@@ -2147,11 +2205,13 @@ declare function setupRBAC(supabase: SupabaseClient<Database>, config?: Partial<
 declare function getAccessLevel(input: {
     userId: UUID;
     scope: Scope;
-}): Promise<AccessLevel>;
+}, appConfig?: AppConfig | null, appName?: string): Promise<AccessLevel>;
 /**
  * Get user's permission map for a scope
  *
  * @param input - Permission map input
+ * @param appConfig - Optional app configuration
+ * @param appName - Optional app name
  * @returns Promise resolving to permission map
  *
  * @example
@@ -2169,7 +2229,7 @@ declare function getAccessLevel(input: {
 declare function getPermissionMap(input: {
     userId: UUID;
     scope: Scope;
-}): Promise<PermissionMap>;
+}, appConfig?: AppConfig | null, appName?: string): Promise<PermissionMap>;
 declare function resolveAppContext(input: {
     userId: UUID;
     appName: string;
@@ -2177,11 +2237,13 @@ declare function resolveAppContext(input: {
 declare function getRoleContext(input: {
     userId: UUID;
     scope: Scope;
-}): Promise<RBACRoleContext>;
+}, appConfig?: AppConfig | null, appName?: string): Promise<RBACRoleContext>;
 /**
  * Check if user has a specific permission
  *
  * @param input - Permission check input
+ * @param appConfig - Optional app configuration (if not provided, will be fetched)
+ * @param appName - Optional app name (for PORTAL/ADMIN special case and config lookup)
  * @returns Promise resolving to permission result
  *
  * @example
@@ -2194,7 +2256,7 @@ declare function getRoleContext(input: {
  * });
  * ```
  */
-declare function isPermitted(input: PermissionCheck): Promise<boolean>;
+declare function isPermitted(input: PermissionCheck, appConfig?: AppConfig | null, appName?: string): Promise<boolean>;
 /**
  * Check if user has a specific permission (cached version)
  *
@@ -2202,9 +2264,11 @@ declare function isPermitted(input: PermissionCheck): Promise<boolean>;
  * and checks cache before making new requests. Uses session cache for page-level checks.
  *
  * @param input - Permission check input
+ * @param appConfig - Optional app configuration
+ * @param appName - Optional app name
  * @returns Promise resolving to permission result
  */
-declare function isPermittedCached(input: PermissionCheck): Promise<boolean>;
+declare function isPermittedCached(input: PermissionCheck, appConfig?: AppConfig | null, appName?: string): Promise<boolean>;
 /**
  * Check if a user has a specific permission (alias for isPermitted)
  *
@@ -2563,4 +2627,4 @@ declare function getDirectSupabaseAuthFixes(): QuickFix;
  */
 declare function getQuickFixes(issueType: string, details?: Record<string, any>): QuickFix[];
 
-export { ALL_PERMISSIONS, AccessLevel, AccessLevelGuard, type AllPermissions, CACHE_PATTERNS, type ComplianceResult, type DataAccessRecord, type DatabaseComplianceResult, type DatabaseIssue, EVENT_APP_PERMISSIONS, EnhancedNavigationMenu, type EnhancedNavigationMenuProps, type EventAppRoleData, GLOBAL_PERMISSIONS, type GrantEventAppRoleParams, type LogLevel, type NavigationAccessRecord, type NavigationContextType, NavigationGuard, type NavigationGuardProps, type NavigationItem, NavigationProvider, type NavigationProviderProps, ORGANISATION_PERMISSIONS, PAGE_PERMISSIONS, type PageAccessRecord, type PagePermissionContextType, PagePermissionGuard, type PagePermissionGuardProps, PagePermissionProvider, type PagePermissionProviderProps, Permission, PermissionCheck, PermissionEnforcer, type PermissionEnforcerProps, PermissionGuard, PermissionMap, type QuickFix, RBACAuditManager, RBACCache, type RBACConfig, RBACEngine, type RBACLogger, type RBACPerformanceMetrics, type ResourcePermissions, type RevokeEventAppRoleParams, RoleBasedRouter, type RoleBasedRouterContextType, type RoleBasedRouterProps, type RoleManagementResult, type RouteAccessRecord, type RouteConfig, type RuntimeComplianceResult, Scope, type SecureDataContextType, SecureDataProvider, type SecureDataProviderProps, SecureSupabaseClient, type SetupIssue, UUID, type UseResolvedScopeOptions, type UseResolvedScopeReturn, type UseResourcePermissionsOptions, checkRuntimeCompliance, clearInFlightRequests, createAuditManager, createRBACConfig, createRBACEngine, createRBACExpressMiddleware, createRBACMiddleware, createSecureClient, disablePerformanceMonitoring, emitAuditEvent, enablePerformanceMonitoring, fromSupabaseClient, getAccessLevel, getCustomAuthCodeFixes, getDirectSupabaseAuthFixes, getDuplicateConfigFixes, getGlobalAuditManager, getInFlightRequestCount, getPerformanceMetrics, getPerformanceSummary, getPermissionMap, getPermissionsForRole, getQuickFixes, getRBACConfig, getRBACLogger, getRoleContext, getSetupIssues, getUnprotectedPageFixes, hasAllPermissions, hasAnyPermission, hasAnyPermissionCached, hasPermission, hasPermissionCached, isDebugMode, isDevelopmentMode, isPerformanceMonitoringEnabled, isPermitted, isPermittedCached, isRBACInitialized, isValidPermission, rbacCache, recordAuditEvent, recordPermissionCheck, resetPerformanceMetrics, resolveAppContext, setGlobalAuditManager, setupRBAC, useAccessLevel, useCachedPermissions, useCan, useHasAllPermissions, useHasAnyPermission, useMultiplePermissions, useNavigationPermissions, usePagePermissions, usePermissions, useRBAC, useResolvedScope, useResourcePermissions, useRoleBasedRouter, useRoleManagement, useSecureData, useSecureSupabase, validateAndWarn, validateDatabaseConfiguration, validateRBACSetup, withAccessLevelGuard, withPermissionGuard, withRoleGuard };
+export { ALL_PERMISSIONS, AccessLevel, AccessLevelGuard, type AllPermissions, CACHE_PATTERNS, type ComplianceResult, type DataAccessRecord, type DatabaseComplianceResult, type DatabaseIssue, EVENT_APP_PERMISSIONS, EnhancedNavigationMenu, type EnhancedNavigationMenuProps, type EventAppRoleData, GLOBAL_PERMISSIONS, type GrantEventAppRoleParams, type LogLevel, type NavigationAccessRecord, type NavigationContextType, NavigationGuard, type NavigationGuardProps, type NavigationItem, NavigationProvider, type NavigationProviderProps, ORGANISATION_PERMISSIONS, PAGE_PERMISSIONS, type PageAccessRecord, type PagePermissionContextType, PagePermissionGuard, type PagePermissionGuardProps, PagePermissionProvider, type PagePermissionProviderProps, Permission, PermissionCheck, PermissionEnforcer, type PermissionEnforcerProps, PermissionGuard, PermissionMap, type QuickFix, RBACAuditManager, RBACCache, type RBACConfig, RBACEngine, type RBACLogger, type RBACPerformanceMetrics, type ResourcePermissions, type RevokeEventAppRoleParams, RoleBasedRouter, type RoleBasedRouterContextType, type RoleBasedRouterProps, type RoleManagementResult, type RouteAccessRecord, type RouteConfig, type RuntimeComplianceResult, Scope, type SecureDataContextType, SecureDataProvider, type SecureDataProviderProps, SecureSupabaseClient, type SetupIssue, UUID, type UseResolvedScopeOptions, type UseResolvedScopeReturn, type UseResourcePermissionsOptions, checkRuntimeCompliance, clearInFlightRequests, createAuditManager, createRBACConfig, createRBACEngine, createRBACExpressMiddleware, createRBACMiddleware, createSecureClient, disablePerformanceMonitoring, emitAuditEvent, enablePerformanceMonitoring, fromSupabaseClient, getAccessLevel, getCustomAuthCodeFixes, getDirectSupabaseAuthFixes, getDuplicateConfigFixes, getGlobalAuditManager, getInFlightRequestCount, getPerformanceMetrics, getPerformanceSummary, getPermissionMap, getPermissionsForRole, getQuickFixes, getRBACConfig, getRBACLogger, getRoleContext, getSetupIssues, getUnprotectedPageFixes, hasAllPermissions, hasAnyPermission, hasAnyPermissionCached, hasPermission, hasPermissionCached, isDebugMode, isDevelopmentMode, isPerformanceMonitoringEnabled, isPermitted, isPermittedCached, isRBACInitialized, isValidPermission, rbacCache, recordAuditEvent, recordPermissionCheck, resetPerformanceMetrics, resolveAppContext, setGlobalAuditManager, setupRBAC, useAccessLevel, useCachedPermissions, useCan, useHasAllPermissions, useHasAnyPermission, useMultiplePermissions, useNavigationPermissions, usePagePermissions, usePermissions, useRBAC, useResolvedScope, useResourcePermissions, useRoleBasedRouter, useRoleManagement, useSecureData, useSecureSupabase, useSuperAdminBypass, validateAndWarn, validateDatabaseConfiguration, validateRBACSetup, withAccessLevelGuard, withPermissionGuard, withRoleGuard };

package/dist/rbac/index.js

@@ -40,7 +40,7 @@ import {
   withAccessLevelGuard,
   withPermissionGuard,
   withRoleGuard
-} from "../chunk-IM4QE42D.js";
+} from "../chunk-73HSNNOQ.js";
 import {
   SecureSupabaseClient,
   createSecureClient,
@@ -53,11 +53,17 @@ import {
   useMultiplePermissions,
   usePermissions,
   useRBAC,
-  useResolvedScope,
   useResourcePermissions,
   useRoleManagement,
   useSecureSupabase
-} from "../chunk-3GOZZZYH.js";
+} from "../chunk-HQVPB5MZ.js";
+import "../chunk-4QYC5L4K.js";
+import {
+  useResolvedScope,
+  useSuperAdminBypass
+} from "../chunk-Y4BUBBHD.js";
+import "../chunk-KQCRWDSA.js";
+import "../chunk-J2XXC7R5.js";
 import {
   CACHE_PATTERNS,
   RBACCache,
@@ -89,7 +95,7 @@ import {
   resetPerformanceMetrics,
   resolveAppContext,
   setupRBAC
-} from "../chunk-HEHYGYOX.js";
+} from "../chunk-RUYZKXOD.js";
 import {
   RBACAuditManager,
   createAuditManager,
@@ -97,12 +103,8 @@ import {
   getGlobalAuditManager,
   setGlobalAuditManager
 } from "../chunk-63FOKYGO.js";
-import "../chunk-DDM4CCYT.js";
-import "../chunk-E7UAOUMY.js";
-import "../chunk-KQCRWDSA.js";
-import "../chunk-VGZZXKBR.js";
 import "../chunk-QXHPKYJV.js";
-import "../chunk-F2IMUDXZ.js";
+import "../chunk-I7PSE6JW.js";
 import "../chunk-VBXEHIUJ.js";
 import "../chunk-PWLANIRT.js";
 import "../chunk-7D4SUZUM.js";
@@ -192,6 +194,7 @@ export {
   useRoleManagement,
   useSecureData,
   useSecureSupabase,
+  useSuperAdminBypass,
   validateAndWarn,
   validateDatabaseConfiguration,
   validateRBACSetup,

package/dist/types.d.ts

@@ -3,7 +3,7 @@ export { A as AppId, D as DataRecord, E as EventId, O as OrganisationId, P as Pa
 import { U as User, a as Session } from './auth-BZOJqrdd.js';
 export { S as SessionRestorationState } from './auth-BZOJqrdd.js';
 export { E as Event, c as EventContextType, b as EventTheme, k as ORGANISATION_ROLE_PERMISSIONS, O as Organisation, n as OrganisationAccessLog, h as OrganisationContextType, j as OrganisationHierarchy, e as OrganisationInvitation, a as OrganisationMembership, m as OrganisationPermission, i as OrganisationProviderProps, l as OrganisationRole, f as OrganisationRoleDefinition, g as OrganisationSecurityError, d as OrganisationSettings, o as SecureQueryOptions, S as SuperAdminContext, T as ThemeColors, U as UserProfile } from './event-CW5YB_2p.js';
-export { g as BucketInfo, B as BulkUploadResult, F as FileCategory, b as FileMetadata, a as FileReference, d as FileReferenceService, f as FileReferenceWithUrl, c as FileUploadOptions, e as FileUploadResult, h as FileUrlInfo, S as StorageUploadOptions, U as UploadProgress } from './file-reference-D037xOFK.js';
+export { g as BucketInfo, B as BulkUploadResult, F as FileCategory, b as FileMetadata, a as FileReference, d as FileReferenceService, f as FileReferenceWithUrl, c as FileUploadOptions, e as FileUploadResult, h as FileUrlInfo, S as StorageUploadOptions, U as UploadProgress } from './file-reference-BavO2eQj.js';
 export { C as ChangePasswordFormValues, o as ContactFormData, F as FormData, k as LoginFormData, L as LoginFormValues, P as ProfileFormData, m as RegistrationFormData, R as RegistrationFormValues, S as SecureLoginFormValues, j as SecureRegistrationFormValues, U as UserProfileFormValues, V as ValidationError, a as ValidationResult, g as changePasswordSchema, t as combineSchemas, i as contactFormSchema, d as dateSchema, e as emailSchema, l as loginSchema, n as nameSchema, f as passwordResetSchema, b as passwordSchema, p as phoneSchema, q as pickSchema, r as registrationSchema, c as secureLoginSchema, s as securePasswordSchema, u as urlSchema, h as userProfileSchema } from './validation-643vUDZW.js';
 import { SupabaseClient } from '@supabase/supabase-js';
 export { D as Database, J as Json } from './database.generated-DI89OQeI.js';

package/dist/types.js

@@ -1,6 +1,6 @@
 import {
   FileCategory
-} from "./chunk-SAUPYVLF.js";
+} from "./chunk-ZSAAAMVR.js";
 import {
   AuthErrorCode,
   PermissionErrorCode,

package/dist/{usePublicRouteParams-CTDELQ7H.d.ts → usePublicRouteParams-DxIDS4bC.d.ts}

@@ -3,7 +3,7 @@ import { z } from 'zod';
 import { l as OrganisationRole, m as OrganisationPermission, S as SuperAdminContext, E as Event } from './event-CW5YB_2p.js';
 import { SupabaseClient } from '@supabase/supabase-js';
 import { D as Database } from './database.generated-DI89OQeI.js';
-import { F as FileCategory, a as FileReference } from './file-reference-D037xOFK.js';
+import { F as FileCategory, a as FileReference } from './file-reference-BavO2eQj.js';
 
 interface UseZodFormProps<T extends z.ZodTypeAny> {
     schema: T;
@@ -352,13 +352,15 @@ declare function useEventTheme(event?: Event | null): void;
 interface StorageUploadOptions {
     /** The app name from rbac_apps */
     appName: string;
-    /** Organisation ID for scoping */
-    orgId: string;
+    /** Organisation ID for scoping (required if userId not provided) */
+    orgId?: string;
+    /** User ID for user-scoped files (required if orgId not provided) */
+    userId?: string;
     /** Whether the file should be publicly accessible */
     isPublic?: boolean;
     /** Optional tags for categorisation */
     tags?: string[];
-    /** Optional custom path within the app/org structure */
+    /** Optional custom path within the app/org/user structure */
     customPath?: string;
     /** Optional metadata to store with the file */
     metadata?: Record<string, any>;
@@ -369,7 +371,8 @@ interface StorageFileMetadata {
     width?: number;
     height?: number;
     hash?: string;
-    orgId: string;
+    orgId?: string;
+    userId?: string;
     appName: string;
     uploadedBy: string;
     uploadedAt: string;
@@ -387,16 +390,20 @@ interface StorageUploadResult {
 interface StorageUrlOptions {
     /** The app name from rbac_apps */
     appName: string;
-    /** Organisation ID for scoping */
-    orgId: string;
+    /** Organisation ID for scoping (required if userId not provided) */
+    orgId?: string;
+    /** User ID for user-scoped files (required if orgId not provided) */
+    userId?: string;
     /** Expiry time in seconds for signed URLs (default: 3600) */
     expiresIn?: number;
 }
 interface StorageListOptions {
     /** The app name from rbac_apps */
     appName: string;
-    /** Organisation ID for scoping */
-    orgId: string;
+    /** Organisation ID for scoping (required if userId not provided) */
+    orgId?: string;
+    /** User ID for user-scoped files (required if orgId not provided) */
+    userId?: string;
     /** Optional path prefix to filter by */
     pathPrefix?: string;
     /** Optional tags to filter by */

package/dist/utils.js

@@ -22,7 +22,7 @@ import {
   setAppConfig,
   urlSchema,
   useSessionTracking
-} from "./chunk-HESYZWZW.js";
+} from "./chunk-QWWZ5CAQ.js";
 import {
   CachedAppIdResolver,
   LoadingSpinner,
@@ -37,27 +37,17 @@ import {
   getUserTimeZone,
   roundToNearestMinutes,
   toZonedTime
-} from "./chunk-THRPYOFK.js";
+} from "./chunk-HW3OVDUF.js";
 import {
   cn,
   renderSafeHtml,
   sanitizeHtml,
   validateHtml
 } from "./chunk-R77UEZ4E.js";
-import {
-  getAppNameFromBuildTime,
-  getAppNameFromEnvironment,
-  getAppNameFromGlobal,
-  getAppNameFromPackageJson,
-  getCurrentAppName,
-  getCurrentAppNameWithFallback,
-  setRBACAppName
-} from "./chunk-F2IMUDXZ.js";
 import {
   useComponentPerformance
 } from "./chunk-E66EQZE6.js";
 import {
-  PERFORMANCE_BUDGETS,
   clearInFlightRequests,
   createAddressFromPlaceResult,
   deduplicatedQuery,
@@ -67,9 +57,19 @@ import {
   getAddressByPlaceId,
   getInFlightRequestStats,
   getOrCreateRequest,
-  parseAddressComponents,
-  performanceBudgetMonitor
-} from "./chunk-YHCN776L.js";
+  parseAddressComponents
+} from "./chunk-DZWK57KZ.js";
+import {
+  PERFORMANCE_BUDGETS,
+  getAppNameFromBuildTime,
+  getAppNameFromEnvironment,
+  getAppNameFromGlobal,
+  getAppNameFromPackageJson,
+  getCurrentAppName,
+  getCurrentAppNameWithFallback,
+  performanceBudgetMonitor,
+  setRBACAppName
+} from "./chunk-I7PSE6JW.js";
 import {
   clearOrganisationContext,
   getOrganisationContext,
@@ -951,7 +951,7 @@ function createLazyComponent(importFn, componentName, options = {}) {
   return WrappedComponent;
 }
 var LazyDataTable = createLazyComponent(
-  () => import("./DataTable-GUFUNZ3N.js").then((module) => ({ default: module.DataTable })),
+  () => import("./DataTable-ON3IXISJ.js").then((module) => ({ default: module.DataTable })),
   "DataTable"
 );
 

package/docs/README.md

@@ -19,7 +19,7 @@ npm install @jmruthers/pace-core \
   react react-dom \
   @tanstack/react-table \
   @radix-ui/react-avatar @radix-ui/react-checkbox @radix-ui/react-dialog \
-  @radix-ui/react-label @radix-ui/react-progress @radix-ui/react-slot \
+  @radix-ui/react-label @radix-ui/react-slot \
   @radix-ui/react-switch @radix-ui/react-tabs @radix-ui/react-toast @radix-ui/react-tooltip \
   clsx lucide-react react-day-picker react-hook-form react-router-dom tailwind-merge zod
 
@@ -67,7 +67,7 @@ import '@jmruthers/pace-core/styles/core.css';
 
 const supabase = createClient(
   import.meta.env.VITE_SUPABASE_URL!,
-  import.meta.env.VITE_SUPABASE_ANON_KEY!
+  import.meta.env.VITE_SUPABASE_PUBLISHABLE_KEY!
 );
 
 function AppShell() {

package/docs/api/classes/ColumnFactory.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.189](../README.md) / [Exports](../modules.md) / ColumnFactory
+[@jmruthers/pace-core - v0.5.190](../README.md) / [Exports](../modules.md) / ColumnFactory
 
 # Class: ColumnFactory\<TData\>
 

package/docs/api/classes/ErrorBoundary.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.189](../README.md) / [Exports](../modules.md) / ErrorBoundary
+[@jmruthers/pace-core - v0.5.190](../README.md) / [Exports](../modules.md) / ErrorBoundary
 
 # Class: ErrorBoundary
 

package/docs/api/classes/InvalidScopeError.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.189](../README.md) / [Exports](../modules.md) / InvalidScopeError
+[@jmruthers/pace-core - v0.5.190](../README.md) / [Exports](../modules.md) / InvalidScopeError
 
 # Class: InvalidScopeError
 
@@ -42,7 +42,7 @@
 
 #### Defined in
 
-[packages/core/src/rbac/types.ts:336](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L336)
+[packages/core/src/rbac/types.ts:346](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L346)
 
 ## Properties
 

package/docs/api/classes/Logger.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.189](../README.md) / [Exports](../modules.md) / Logger
+[@jmruthers/pace-core - v0.5.190](../README.md) / [Exports](../modules.md) / Logger
 
 # Class: Logger
 

package/docs/api/classes/MissingUserContextError.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.189](../README.md) / [Exports](../modules.md) / MissingUserContextError
+[@jmruthers/pace-core - v0.5.190](../README.md) / [Exports](../modules.md) / MissingUserContextError
 
 # Class: MissingUserContextError
 
@@ -35,7 +35,7 @@
 
 #### Defined in
 
-[packages/core/src/rbac/types.ts:347](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L347)
+[packages/core/src/rbac/types.ts:357](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L357)
 
 ## Properties
 

package/docs/api/classes/OrganisationContextRequiredError.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.189](../README.md) / [Exports](../modules.md) / OrganisationContextRequiredError
+[@jmruthers/pace-core - v0.5.190](../README.md) / [Exports](../modules.md) / OrganisationContextRequiredError
 
 # Class: OrganisationContextRequiredError
 

package/docs/api/classes/PermissionDeniedError.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.189](../README.md) / [Exports](../modules.md) / PermissionDeniedError
+[@jmruthers/pace-core - v0.5.190](../README.md) / [Exports](../modules.md) / PermissionDeniedError
 
 # Class: PermissionDeniedError
 

package/docs/api/classes/RBACAuditManager.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.189](../README.md) / [Exports](../modules.md) / RBACAuditManager
+[@jmruthers/pace-core - v0.5.190](../README.md) / [Exports](../modules.md) / RBACAuditManager
 
 # Class: RBACAuditManager
 

package/docs/api/classes/RBACCache.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.189](../README.md) / [Exports](../modules.md) / RBACCache
+[@jmruthers/pace-core - v0.5.190](../README.md) / [Exports](../modules.md) / RBACCache
 
 # Class: RBACCache
 

package/docs/api/classes/RBACEngine.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.189](../README.md) / [Exports](../modules.md) / RBACEngine
+[@jmruthers/pace-core - v0.5.190](../README.md) / [Exports](../modules.md) / RBACEngine
 
 # Class: RBACEngine
 
@@ -124,7 +124,7 @@ Promise resolving to permission map
 
 #### Defined in
 
-[packages/core/src/rbac/engine.ts:357](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/engine.ts#L357)
+[packages/core/src/rbac/engine.ts:359](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/engine.ts#L359)
 
 ___
 
@@ -146,7 +146,7 @@ ___
 
 #### Defined in
 
-[packages/core/src/rbac/engine.ts:438](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/engine.ts#L438)
+[packages/core/src/rbac/engine.ts:440](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/engine.ts#L440)
 
 ___
 
@@ -168,4 +168,4 @@ ___
 
 #### Defined in
 
-[packages/core/src/rbac/engine.ts:472](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/engine.ts#L472)
+[packages/core/src/rbac/engine.ts:474](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/engine.ts#L474)

package/docs/api/classes/RBACError.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.189](../README.md) / [Exports](../modules.md) / RBACError
+[@jmruthers/pace-core - v0.5.190](../README.md) / [Exports](../modules.md) / RBACError
 
 # Class: RBACError
 

package/docs/api/classes/RBACNotInitializedError.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.189](../README.md) / [Exports](../modules.md) / RBACNotInitializedError
+[@jmruthers/pace-core - v0.5.190](../README.md) / [Exports](../modules.md) / RBACNotInitializedError
 
 # Class: RBACNotInitializedError
 
@@ -35,7 +35,7 @@
 
 #### Defined in
 
-[packages/core/src/rbac/types.ts:326](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L326)
+[packages/core/src/rbac/types.ts:336](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/types.ts#L336)
 
 ## Properties