npm - @jmruthers/pace-core - Versions diffs - 0.5.189 → 0.5.190 - Mend

@jmruthers/pace-core 0.5.189 → 0.5.190

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (420) hide show

package/core-usage-manifest.json +0 -4
package/dist/{AuthService-B-cd2MA4.d.ts → AuthService-CbP_utw2.d.ts} +7 -3
package/dist/{DataTable-GUFUNZ3N.js → DataTable-ON3IXISJ.js} +8 -8
package/dist/{PublicPageProvider-B8HaLe69.d.ts → PublicPageProvider-C4uxosp6.d.ts} +83 -24
package/dist/{UnifiedAuthProvider-BG0AL5eE.d.ts → UnifiedAuthProvider-BYA9qB-o.d.ts} +4 -3
package/dist/{UnifiedAuthProvider-643PUAIM.js → UnifiedAuthProvider-X5NXANVI.js} +4 -2
package/dist/{api-YP7XD5L6.js → api-I6UCQ5S6.js} +4 -2
package/dist/{chunk-DDM4CCYT.js → chunk-4QYC5L4K.js} +60 -35
package/dist/chunk-4QYC5L4K.js.map +1 -0
package/dist/{chunk-IM4QE42D.js → chunk-73HSNNOQ.js} +141 -326
package/dist/chunk-73HSNNOQ.js.map +1 -0
package/dist/{chunk-YHCN776L.js → chunk-DZWK57KZ.js} +2 -75
package/dist/chunk-DZWK57KZ.js.map +1 -0
package/dist/{chunk-3GOZZZYH.js → chunk-HQVPB5MZ.js} +238 -301
package/dist/chunk-HQVPB5MZ.js.map +1 -0
package/dist/{chunk-THRPYOFK.js → chunk-HW3OVDUF.js} +5 -5
package/dist/chunk-HW3OVDUF.js.map +1 -0
package/dist/{chunk-F2IMUDXZ.js → chunk-I7PSE6JW.js} +75 -2
package/dist/chunk-I7PSE6JW.js.map +1 -0
package/dist/{chunk-VGZZXKBR.js → chunk-J2XXC7R5.js} +280 -52
package/dist/chunk-J2XXC7R5.js.map +1 -0
package/dist/{chunk-UCQSRW7Z.js → chunk-NIU6J6OX.js} +425 -378
package/dist/chunk-NIU6J6OX.js.map +1 -0
package/dist/{chunk-HESYZWZW.js → chunk-QWWZ5CAQ.js} +2 -2
package/dist/{chunk-HEHYGYOX.js → chunk-RUYZKXOD.js} +401 -46
package/dist/chunk-RUYZKXOD.js.map +1 -0
package/dist/{chunk-2UUZZJFT.js → chunk-SDMHPX3X.js} +176 -160
package/dist/{chunk-2UUZZJFT.js.map → chunk-SDMHPX3X.js.map} +1 -1
package/dist/{chunk-MX64ZF6I.js → chunk-STYK4OH2.js} +11 -11
package/dist/chunk-STYK4OH2.js.map +1 -0
package/dist/{chunk-YGPFYGA6.js → chunk-VVBAW5A5.js} +822 -498
package/dist/chunk-VVBAW5A5.js.map +1 -0
package/dist/chunk-Y4BUBBHD.js +614 -0
package/dist/chunk-Y4BUBBHD.js.map +1 -0
package/dist/{chunk-SAUPYVLF.js → chunk-ZSAAAMVR.js} +1 -1
package/dist/chunk-ZSAAAMVR.js.map +1 -0
package/dist/components.d.ts +3 -4
package/dist/components.js +19 -19
package/dist/components.js.map +1 -1
package/dist/eslint-rules/pace-core-compliance.cjs +0 -2
package/dist/{file-reference-D037xOFK.d.ts → file-reference-BavO2eQj.d.ts} +13 -10
package/dist/hooks.d.ts +10 -5
package/dist/hooks.js +14 -8
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +13 -11
package/dist/index.js +79 -69
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +3 -3
package/dist/providers.js +3 -1
package/dist/rbac/index.d.ts +76 -12
package/dist/rbac/index.js +12 -9
package/dist/types.d.ts +1 -1
package/dist/types.js +1 -1
package/dist/{usePublicRouteParams-CTDELQ7H.d.ts → usePublicRouteParams-DxIDS4bC.d.ts} +16 -9
package/dist/utils.js +16 -16
package/docs/README.md +2 -2
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +2 -2
package/docs/api/classes/Logger.md +1 -1
package/docs/api/classes/MissingUserContextError.md +2 -2
package/docs/api/classes/OrganisationContextRequiredError.md +1 -1
package/docs/api/classes/PermissionDeniedError.md +1 -1
package/docs/api/classes/RBACAuditManager.md +1 -1
package/docs/api/classes/RBACCache.md +1 -1
package/docs/api/classes/RBACEngine.md +4 -4
package/docs/api/classes/RBACError.md +1 -1
package/docs/api/classes/RBACNotInitializedError.md +2 -2
package/docs/api/classes/SecureSupabaseClient.md +21 -16
package/docs/api/classes/StorageUtils.md +7 -4
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/enums/LogLevel.md +1 -1
package/docs/api/enums/RBACErrorCode.md +1 -1
package/docs/api/enums/RPCFunction.md +1 -1
package/docs/api/interfaces/AddressFieldProps.md +1 -1
package/docs/api/interfaces/AddressFieldRef.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/AutocompleteOptions.md +1 -1
package/docs/api/interfaces/AvatarProps.md +1 -1
package/docs/api/interfaces/BadgeProps.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CalendarProps.md +20 -6
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/ComplianceResult.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +9 -9
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/DatabaseComplianceResult.md +1 -1
package/docs/api/interfaces/DatabaseIssue.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventAppRoleData.md +1 -1
package/docs/api/interfaces/ExportColumn.md +1 -1
package/docs/api/interfaces/ExportOptions.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +62 -16
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +2 -2
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +26 -12
package/docs/api/interfaces/FileUploadProps.md +30 -19
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/FormFieldProps.md +1 -1
package/docs/api/interfaces/FormProps.md +1 -1
package/docs/api/interfaces/GrantEventAppRoleParams.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoggerConfig.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +10 -10
package/docs/api/interfaces/NavigationContextType.md +9 -9
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +7 -7
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +8 -8
package/docs/api/interfaces/PagePermissionContextType.md +8 -8
package/docs/api/interfaces/PagePermissionGuardProps.md +1 -1
package/docs/api/interfaces/PagePermissionProviderProps.md +7 -7
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/ParsedAddress.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +1 -1
package/docs/api/interfaces/ProgressProps.md +3 -11
package/docs/api/interfaces/ProtectedRouteProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/QuickFix.md +1 -1
package/docs/api/interfaces/RBACAccessValidateParams.md +1 -1
package/docs/api/interfaces/RBACAccessValidateResult.md +1 -1
package/docs/api/interfaces/RBACAuditLogParams.md +1 -1
package/docs/api/interfaces/RBACAuditLogResult.md +1 -1
package/docs/api/interfaces/RBACConfig.md +1 -1
package/docs/api/interfaces/RBACContext.md +1 -1
package/docs/api/interfaces/RBACLogger.md +1 -1
package/docs/api/interfaces/RBACPageAccessCheckParams.md +1 -1
package/docs/api/interfaces/RBACPerformanceMetrics.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckParams.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckResult.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetParams.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetResult.md +1 -1
package/docs/api/interfaces/RBACResult.md +1 -1
package/docs/api/interfaces/RBACRoleGrantParams.md +1 -1
package/docs/api/interfaces/RBACRoleGrantResult.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeParams.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeResult.md +1 -1
package/docs/api/interfaces/RBACRoleValidateParams.md +1 -1
package/docs/api/interfaces/RBACRoleValidateResult.md +1 -1
package/docs/api/interfaces/RBACRolesListParams.md +1 -1
package/docs/api/interfaces/RBACRolesListResult.md +1 -1
package/docs/api/interfaces/RBACSessionTrackParams.md +1 -1
package/docs/api/interfaces/RBACSessionTrackResult.md +1 -1
package/docs/api/interfaces/ResourcePermissions.md +1 -1
package/docs/api/interfaces/RevokeEventAppRoleParams.md +1 -1
package/docs/api/interfaces/RoleBasedRouterContextType.md +8 -8
package/docs/api/interfaces/RoleBasedRouterProps.md +10 -10
package/docs/api/interfaces/RoleManagementResult.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +10 -10
package/docs/api/interfaces/RouteConfig.md +10 -10
package/docs/api/interfaces/RuntimeComplianceResult.md +1 -1
package/docs/api/interfaces/SecureDataContextType.md +9 -9
package/docs/api/interfaces/SecureDataProviderProps.md +8 -8
package/docs/api/interfaces/SessionRestorationLoaderProps.md +1 -1
package/docs/api/interfaces/SetupIssue.md +1 -1
package/docs/api/interfaces/StorageConfig.md +4 -4
package/docs/api/interfaces/StorageFileInfo.md +7 -7
package/docs/api/interfaces/StorageFileMetadata.md +25 -14
package/docs/api/interfaces/StorageListOptions.md +22 -9
package/docs/api/interfaces/StorageListResult.md +4 -4
package/docs/api/interfaces/StorageUploadOptions.md +21 -8
package/docs/api/interfaces/StorageUploadResult.md +6 -6
package/docs/api/interfaces/StorageUrlOptions.md +19 -6
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/TabsContentProps.md +1 -1
package/docs/api/interfaces/TabsListProps.md +1 -1
package/docs/api/interfaces/TabsProps.md +1 -1
package/docs/api/interfaces/TabsTriggerProps.md +1 -1
package/docs/api/interfaces/TextareaProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +53 -53
package/docs/api/interfaces/UnifiedAuthProviderProps.md +13 -13
package/docs/api/interfaces/UseFormDialogOptions.md +1 -1
package/docs/api/interfaces/UseFormDialogReturn.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +4 -4
package/docs/api/interfaces/UseResolvedScopeReturn.md +4 -4
package/docs/api/interfaces/UseResourcePermissionsOptions.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +11 -11
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +151 -92
package/docs/api-reference/components.md +15 -7
package/docs/api-reference/providers.md +2 -2
package/docs/api-reference/rpc-functions.md +1 -0
package/docs/best-practices/README.md +1 -1
package/docs/best-practices/deployment.md +8 -8
package/docs/getting-started/examples/README.md +2 -2
package/docs/getting-started/installation-guide.md +4 -4
package/docs/getting-started/quick-start.md +3 -3
package/docs/migration/MIGRATION_GUIDE.md +3 -3
package/docs/rbac/compliance/compliance-guide.md +2 -2
package/docs/rbac/event-based-apps.md +2 -2
package/docs/rbac/getting-started.md +2 -2
package/docs/rbac/quick-start.md +2 -2
package/docs/security/README.md +4 -4
package/docs/standards/07-rbac-and-rls-standard.md +430 -7
package/docs/troubleshooting/README.md +2 -2
package/docs/troubleshooting/migration.md +3 -3
package/package.json +1 -3
package/scripts/check-pace-core-compliance.cjs +1 -1
package/scripts/check-pace-core-compliance.js +1 -1
package/src/__tests__/fixtures/supabase.ts +301 -0
package/src/__tests__/public-recipe-view.test.ts +9 -9
package/src/__tests__/rls-policies.test.ts +197 -61
package/src/components/AddressField/AddressField.test.tsx +42 -0
package/src/components/AddressField/AddressField.tsx +71 -60
package/src/components/AddressField/README.md +1 -0
package/src/components/Alert/Alert.test.tsx +50 -10
package/src/components/Alert/Alert.tsx +5 -3
package/src/components/Avatar/Avatar.test.tsx +95 -43
package/src/components/Avatar/Avatar.tsx +16 -16
package/src/components/Button/Button.test.tsx +2 -1
package/src/components/Button/Button.tsx +3 -3
package/src/components/Calendar/Calendar.test.tsx +53 -37
package/src/components/Calendar/Calendar.tsx +409 -82
package/src/components/Card/Card.test.tsx +7 -4
package/src/components/Card/Card.tsx +3 -6
package/src/components/Checkbox/Checkbox.tsx +2 -2
package/src/components/DataTable/components/ActionButtons.tsx +5 -5
package/src/components/DataTable/components/BulkOperationsDropdown.tsx +2 -2
package/src/components/DataTable/components/ColumnFilter.tsx +1 -1
package/src/components/DataTable/components/ColumnVisibilityDropdown.tsx +3 -3
package/src/components/DataTable/components/DataTableBody.tsx +12 -12
package/src/components/DataTable/components/DataTableCore.tsx +3 -3
package/src/components/DataTable/components/DataTableToolbar.tsx +5 -5
package/src/components/DataTable/components/DraggableColumnHeader.tsx +3 -3
package/src/components/DataTable/components/EditableRow.tsx +2 -2
package/src/components/DataTable/components/EmptyState.tsx +3 -3
package/src/components/DataTable/components/GroupHeader.tsx +2 -2
package/src/components/DataTable/components/GroupingDropdown.tsx +1 -1
package/src/components/DataTable/components/ImportModal.tsx +4 -4
package/src/components/DataTable/components/LoadingState.tsx +1 -1
package/src/components/DataTable/components/PaginationControls.tsx +11 -11
package/src/components/DataTable/components/UnifiedTableBody.tsx +9 -9
package/src/components/DataTable/components/ViewRowModal.tsx +2 -2
package/src/components/DataTable/components/__tests__/AccessDeniedPage.test.tsx +11 -37
package/src/components/DataTable/components/__tests__/DataTableToolbar.test.tsx +157 -0
package/src/components/DataTable/components/__tests__/LoadingState.test.tsx +2 -1
package/src/components/DataTable/components/__tests__/VirtualizedDataTable.test.tsx +128 -0
package/src/components/DataTable/core/__tests__/ActionManager.test.ts +19 -0
package/src/components/DataTable/core/__tests__/ColumnFactory.test.ts +51 -0
package/src/components/DataTable/core/__tests__/ColumnManager.test.ts +84 -0
package/src/components/DataTable/core/__tests__/DataManager.test.ts +14 -0
package/src/components/DataTable/core/__tests__/DataTableContext.test.tsx +136 -0
package/src/components/DataTable/core/__tests__/LocalDataAdapter.test.ts +16 -0
package/src/components/DataTable/core/__tests__/PluginRegistry.test.ts +18 -0
package/src/components/DataTable/hooks/useDataTablePermissions.ts +28 -7
package/src/components/DataTable/utils/__tests__/hierarchicalUtils.test.ts +30 -1
package/src/components/DataTable/utils/hierarchicalUtils.ts +38 -10
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.test.tsx +8 -3
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.tsx +4 -4
package/src/components/Dialog/Dialog.tsx +2 -2
package/src/components/EventSelector/EventSelector.tsx +7 -7
package/src/components/FileDisplay/FileDisplay.tsx +291 -179
package/src/components/FileUpload/FileUpload.tsx +7 -4
package/src/components/Header/Header.test.tsx +28 -0
package/src/components/Header/Header.tsx +22 -9
package/src/components/InactivityWarningModal/InactivityWarningModal.tsx +2 -2
package/src/components/LoadingSpinner/LoadingSpinner.test.tsx +19 -14
package/src/components/LoadingSpinner/LoadingSpinner.tsx +5 -5
package/src/components/NavigationMenu/NavigationMenu.test.tsx +127 -1
package/src/components/OrganisationSelector/OrganisationSelector.tsx +8 -8
package/src/components/PaceAppLayout/PaceAppLayout.integration.test.tsx +4 -0
package/src/components/PaceAppLayout/PaceAppLayout.performance.test.tsx +3 -0
package/src/components/PaceAppLayout/PaceAppLayout.security.test.tsx +3 -0
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +16 -6
package/src/components/PaceAppLayout/PaceAppLayout.tsx +37 -3
package/src/components/PaceAppLayout/test-setup.tsx +1 -0
package/src/components/PaceLoginPage/PaceLoginPage.test.tsx +66 -45
package/src/components/PaceLoginPage/PaceLoginPage.tsx +6 -4
package/src/components/Progress/Progress.test.tsx +18 -19
package/src/components/Progress/Progress.tsx +31 -32
package/src/components/PublicLayout/PublicLayout.test.tsx +6 -6
package/src/components/PublicLayout/PublicPageProvider.tsx +5 -3
package/src/components/Select/Select.tsx +5 -5
package/src/components/Switch/Switch.test.tsx +2 -1
package/src/components/Switch/Switch.tsx +1 -1
package/src/components/Toast/Toast.tsx +1 -1
package/src/components/Tooltip/Tooltip.test.tsx +8 -2
package/src/components/UserMenu/UserMenu.tsx +3 -3
package/src/eslint-rules/pace-core-compliance.cjs +0 -2
package/src/eslint-rules/pace-core-compliance.js +0 -2
package/src/hooks/__tests__/hooks.integration.test.tsx +4 -1
package/src/hooks/__tests__/useAppConfig.unit.test.ts +76 -5
package/src/hooks/__tests__/useDataTableState.test.ts +76 -0
package/src/hooks/__tests__/useFileUrl.unit.test.ts +25 -69
package/src/hooks/__tests__/useFileUrlCache.test.ts +129 -0
package/src/hooks/__tests__/usePreventTabReload.test.ts +88 -0
package/src/hooks/__tests__/{usePublicEvent.unit.test.ts → usePublicEvent.test.ts} +28 -1
package/src/hooks/__tests__/useQueryCache.test.ts +144 -0
package/src/hooks/__tests__/useSecureDataAccess.unit.test.tsx +58 -16
package/src/hooks/index.ts +1 -1
package/src/hooks/public/usePublicEvent.ts +2 -2
package/src/hooks/public/usePublicFileDisplay.ts +173 -87
package/src/hooks/useAppConfig.ts +24 -5
package/src/hooks/useFileDisplay.ts +297 -34
package/src/hooks/useFileReference.ts +56 -11
package/src/hooks/useFileUrl.ts +1 -1
package/src/hooks/useInactivityTracker.ts +16 -7
package/src/hooks/usePermissionCache.test.ts +85 -8
package/src/hooks/useQueryCache.ts +21 -0
package/src/hooks/useSecureDataAccess.test.ts +80 -35
package/src/hooks/useSecureDataAccess.ts +80 -37
package/src/providers/services/EventServiceProvider.tsx +37 -17
package/src/providers/services/InactivityServiceProvider.tsx +4 -4
package/src/providers/services/OrganisationServiceProvider.tsx +8 -1
package/src/providers/services/UnifiedAuthProvider.tsx +115 -29
package/src/rbac/__tests__/auth-rbac.e2e.test.tsx +451 -0
package/src/rbac/__tests__/engine.comprehensive.test.ts +12 -0
package/src/rbac/__tests__/rbac-engine-core-logic.test.ts +8 -0
package/src/rbac/__tests__/rbac-engine-simplified.test.ts +4 -0
package/src/rbac/api.ts +240 -36
package/src/rbac/cache-invalidation.ts +21 -7
package/src/rbac/compliance/quick-fix-suggestions.ts +1 -1
package/src/rbac/components/NavigationGuard.tsx +23 -63
package/src/rbac/components/NavigationProvider.test.tsx +52 -23
package/src/rbac/components/NavigationProvider.tsx +13 -11
package/src/rbac/components/PagePermissionGuard.tsx +77 -203
package/src/rbac/components/PagePermissionProvider.tsx +13 -11
package/src/rbac/components/PermissionEnforcer.tsx +24 -62
package/src/rbac/components/RoleBasedRouter.tsx +14 -12
package/src/rbac/components/SecureDataProvider.tsx +13 -11
package/src/rbac/components/__tests__/NavigationGuard.test.tsx +104 -41
package/src/rbac/components/__tests__/NavigationProvider.test.tsx +49 -12
package/src/rbac/components/__tests__/PagePermissionGuard.race-condition.test.tsx +22 -1
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +161 -82
package/src/rbac/components/__tests__/PagePermissionGuard.verification.test.tsx +22 -1
package/src/rbac/components/__tests__/PermissionEnforcer.test.tsx +77 -30
package/src/rbac/components/__tests__/RoleBasedRouter.test.tsx +39 -5
package/src/rbac/components/__tests__/SecureDataProvider.test.tsx +47 -4
package/src/rbac/engine.ts +4 -2
package/src/rbac/hooks/__tests__/useSecureSupabase.test.ts +144 -52
package/src/rbac/hooks/index.ts +3 -0
package/src/rbac/hooks/useCan.test.ts +101 -53
package/src/rbac/hooks/usePermissions.ts +108 -41
package/src/rbac/hooks/useRBAC.test.ts +11 -3
package/src/rbac/hooks/useRBAC.ts +83 -40
package/src/rbac/hooks/useResolvedScope.test.ts +189 -63
package/src/rbac/hooks/useResolvedScope.ts +128 -70
package/src/rbac/hooks/useSecureSupabase.ts +36 -19
package/src/rbac/hooks/useSuperAdminBypass.ts +126 -0
package/src/rbac/request-deduplication.ts +1 -1
package/src/rbac/secureClient.ts +72 -12
package/src/rbac/security.ts +29 -23
package/src/rbac/types.ts +10 -0
package/src/rbac/utils/__tests__/contextValidator.test.ts +150 -0
package/src/rbac/utils/__tests__/deep-equal.test.ts +53 -0
package/src/rbac/utils/__tests__/eventContext.test.ts +6 -1
package/src/rbac/utils/contextValidator.ts +288 -0
package/src/rbac/utils/eventContext.ts +48 -2
package/src/services/EventService.ts +165 -21
package/src/services/OrganisationService.ts +37 -2
package/src/services/__tests__/EventService.test.ts +26 -21
package/src/types/file-reference.ts +13 -10
package/src/utils/app/appNameResolver.test.ts +346 -73
package/src/utils/context/superAdminOverride.ts +58 -0
package/src/utils/file-reference/index.ts +61 -33
package/src/utils/google-places/googlePlacesUtils.test.ts +98 -0
package/src/utils/google-places/loadGoogleMapsScript.test.ts +83 -0
package/src/utils/storage/helpers.test.ts +1 -1
package/src/utils/storage/helpers.ts +38 -19
package/src/utils/storage/types.ts +15 -8
package/src/utils/validation/__tests__/csrf.test.ts +105 -0
package/src/utils/validation/__tests__/sqlInjectionProtection.test.ts +92 -0
package/src/vite-env.d.ts +2 -2
package/dist/chunk-3GOZZZYH.js.map +0 -1
package/dist/chunk-DDM4CCYT.js.map +0 -1
package/dist/chunk-E7UAOUMY.js +0 -75
package/dist/chunk-E7UAOUMY.js.map +0 -1
package/dist/chunk-F2IMUDXZ.js.map +0 -1
package/dist/chunk-HEHYGYOX.js.map +0 -1
package/dist/chunk-IM4QE42D.js.map +0 -1
package/dist/chunk-MX64ZF6I.js.map +0 -1
package/dist/chunk-SAUPYVLF.js.map +0 -1
package/dist/chunk-THRPYOFK.js.map +0 -1
package/dist/chunk-UCQSRW7Z.js.map +0 -1
package/dist/chunk-VGZZXKBR.js.map +0 -1
package/dist/chunk-YGPFYGA6.js.map +0 -1
package/dist/chunk-YHCN776L.js.map +0 -1
package/src/hooks/__tests__/usePermissionCache.simple.test.ts +0 -192
package/src/hooks/__tests__/usePermissionCache.unit.test.ts +0 -741
package/src/hooks/__tests__/usePublicEvent.simple.test.ts +0 -703
package/src/rbac/hooks/useRBAC.simple.test.ts +0 -95
package/src/rbac/utils/__tests__/eventContext.unit.test.ts +0 -428
/package/dist/{DataTable-GUFUNZ3N.js.map → DataTable-ON3IXISJ.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-643PUAIM.js.map → UnifiedAuthProvider-X5NXANVI.js.map} +0 -0
/package/dist/{api-YP7XD5L6.js.map → api-I6UCQ5S6.js.map} +0 -0
/package/dist/{chunk-HESYZWZW.js.map → chunk-QWWZ5CAQ.js.map} +0 -0

package/docs/standards/07-rbac-and-rls-standard.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-lastUpdated: 2025-01-28T00:00:00+11:00
-version: 0.5.181
-reviewedBy: database-performance-audit
+lastUpdated: 2025-01-02T00:00:00+11:00
+version: 0.5.182
+reviewedBy: rls-audit-and-fixes
 ---
 # RBAC and RLS Standard
@@ -138,6 +138,24 @@ These functions are available for use in RLS policies:
 - **Purpose**: Returns the current organisation context from the session
 - **Usage**: `get_organisation_context()`
+#### `is_authenticated_user()`
+- **Returns**: `boolean`
+- **Purpose**: Checks if the current user is authenticated (not anonymous)
+- **Usage**: `is_authenticated_user()`
+- **Note**: Use this instead of `(SELECT auth.role()) = 'authenticated'` in policies
+#### `is_service_role()`
+- **Returns**: `boolean`
+- **Purpose**: Checks if the current user has service_role
+- **Usage**: `is_service_role()`
+- **Note**: Use this instead of `(SELECT auth.role()) = 'service_role'` in policies
+#### `get_effective_user_id()`
+- **Returns**: `UUID`
+- **Purpose**: Returns the current user ID (auth.uid()) in a STABLE function
+- **Usage**: `get_effective_user_id()`
+- **Note**: Use this instead of `(SELECT auth.uid())` or inline `auth.uid()` in policies
 ### Event Helper Functions
 #### `get_unit_event_id(p_unit_id TEXT)`
@@ -170,8 +188,24 @@ These functions are available for use in RLS policies:
 ## RLS Policy Patterns
+This section documents the standard RLS policy patterns used throughout the codebase. All patterns follow the principles of using helper functions, enforcing security by default, and maintaining consistent structure.
+### Policy Naming Convention
+Policies follow this naming pattern:
+- `rbac_{operation}_{table_name}_{scope}` for authenticated policies
+- `{operation}_{table_name}_{scope}` for public/anonymous policies
+Examples:
+- `rbac_select_cake_dish_authenticated` - Authenticated SELECT policy
+- `event_public_select` - Public SELECT policy for events
+- `rbac_insert_file_references` - INSERT policy (no scope suffix if only one)
 ### Standard Organisation-Scoped Policy
+**Use Case:** Tables where rows belong to an organisation and access is controlled by organisation membership.
+**Pattern:**
 ```sql
 CREATE POLICY "rbac_select_table_name" ON table_name
 FOR SELECT TO authenticated
@@ -184,8 +218,18 @@ USING (
 );
 ```
-### Standard Event-Scoped Policy
+**Example:** `organisations`, `organisation_app_access`
+**Notes:**
+- Always check `organisation_id IS NOT NULL` first
+- Super admin check comes before organisation access check
+- Use `check_user_organisation_access()` for basic membership checks
+### RBAC Permission-Based Policy
+**Use Case:** Tables that require specific page-level permissions (most common pattern for app tables).
+**Pattern:**
 ```sql
 CREATE POLICY "rbac_select_table_name" ON table_name
 FOR SELECT TO authenticated
@@ -193,14 +237,22 @@ USING (
   organisation_id IS NOT NULL
   AND (
     is_super_admin()
-    OR check_user_event_access(event_id)
+    OR check_rbac_permission_with_context(
+      'read:page.table_name',
+      'table_name',
+      organisation_id,
+      event_id,  -- NULL if not event-scoped
+      get_app_id('APP_NAME')
+    )
   )
 );
 ```
-### RBAC Permission-Based Policy
+**Example:** `cake_dish`, `cake_item`, `base_application`
+**Full CRUD Example:**
 ```sql
+-- SELECT
 CREATE POLICY "rbac_select_table_name" ON table_name
 FOR SELECT TO authenticated
 USING (
@@ -216,12 +268,171 @@ USING (
     )
   )
 );
+-- INSERT
+CREATE POLICY "rbac_insert_table_name" ON table_name
+FOR INSERT TO authenticated
+WITH CHECK (
+  organisation_id IS NOT NULL
+  AND (
+    is_super_admin()
+    OR check_rbac_permission_with_context(
+      'create:page.table_name',
+      'table_name',
+      organisation_id,
+      event_id,
+      get_app_id('APP_NAME')
+    )
+  )
+);
+-- UPDATE
+CREATE POLICY "rbac_update_table_name" ON table_name
+FOR UPDATE TO authenticated
+USING (
+  organisation_id IS NOT NULL
+  AND (
+    is_super_admin()
+    OR check_rbac_permission_with_context(
+      'update:page.table_name',
+      'table_name',
+      organisation_id,
+      event_id,
+      get_app_id('APP_NAME')
+    )
+  )
+)
+WITH CHECK (
+  organisation_id IS NOT NULL
+  AND (
+    is_super_admin()
+    OR check_rbac_permission_with_context(
+      'update:page.table_name',
+      'table_name',
+      organisation_id,
+      event_id,
+      get_app_id('APP_NAME')
+    )
+  )
+);
+-- DELETE
+CREATE POLICY "rbac_delete_table_name" ON table_name
+FOR DELETE TO authenticated
+USING (
+  organisation_id IS NOT NULL
+  AND (
+    is_super_admin()
+    OR check_rbac_permission_with_context(
+      'delete:page.table_name',
+      'table_name',
+      organisation_id,
+      event_id,
+      get_app_id('APP_NAME')
+    )
+  )
+);
+```
+**Notes:**
+- Always use `check_rbac_permission_with_context()` instead of calling `rbac_check_permission_simplified()` with `auth.uid()` directly
+- The wrapper function is STABLE SECURITY DEFINER and ensures optimal performance
+- Permission format: `{operation}:page.{page_name}` (e.g., `'read:page.dishes'`, `'create:page.items'`)
+- Use `get_app_id('APP_NAME')` to get the app UUID (never hardcode)
+### Standard Event-Scoped Policy
+**Use Case:** Tables where rows belong to an event and access is controlled by event membership.
+**Pattern:**
+```sql
+CREATE POLICY "rbac_select_table_name" ON table_name
+FOR SELECT TO authenticated
+USING (
+  organisation_id IS NOT NULL
+  AND (
+    is_super_admin()
+    OR check_user_event_access(event_id)
+  )
+);
+```
+**Example:** Event-specific data that doesn't require page-level permissions
+**Note:** For event-scoped data that also requires page permissions, combine with RBAC permission pattern.
+### User-Scoped Data Policy
+**Use Case:** Tables where rows belong to individual users (organisation_id IS NULL) and users can only access their own data.
+**Pattern:**
+```sql
+CREATE POLICY "rbac_select_table_name" ON table_name
+FOR SELECT TO authenticated
+USING (
+  organisation_id IS NULL
+  AND get_effective_user_id() = user_id
+);
+```
+**Example:** User profile data, user-scoped file references
+**Multi-Condition Pattern (Organisation OR User-Scoped):**
+```sql
+CREATE POLICY "rbac_select_table_name" ON table_name
+FOR SELECT
+USING (
+  -- Organisation-scoped access
+  (
+    organisation_id IS NOT NULL
+    AND is_authenticated_user()
+    AND (
+      is_super_admin()
+      OR check_user_organisation_access(organisation_id)
+    )
+  )
+  OR
+  -- User-scoped access
+  (
+    organisation_id IS NULL
+    AND is_authenticated_user()
+    AND get_effective_user_id() = user_id
+  )
+);
+```
+**Example:** `file_references`, `pace_address` (can be either organisation or user-scoped)
+### Service Role Policy
+**Use Case:** Allow service_role to bypass RLS for system operations.
+**Pattern:**
+```sql
+CREATE POLICY "rbac_select_table_name" ON table_name
+FOR SELECT
+USING (
+  is_service_role()
+  OR (
+    -- Other conditions for authenticated users
+    is_authenticated_user()
+    AND ...
+  )
+);
 ```
-**Note**: Always use `check_rbac_permission_with_context()` instead of calling `rbac_check_permission_simplified()` with `auth.uid()` directly. The wrapper function is STABLE SECURITY DEFINER and ensures optimal performance.
+**Example:** `file_references` (service_role can access all files for system operations)
+**Notes:**
+- Service role check should be first in OR conditions
+- Service role bypasses all other security checks
+- Use sparingly - only for tables that need system-level access
 ### Public Access Policy
+**Use Case:** Tables where some data should be publicly accessible (anonymous users).
+**Pattern:**
 ```sql
 CREATE POLICY "public_select_table_name" ON table_name
 FOR SELECT TO anon
@@ -230,6 +441,195 @@ USING (
 );
 ```
+**Alternative Pattern (Simple Public Flag):**
+```sql
+CREATE POLICY "public_select_table_name" ON table_name
+FOR SELECT TO anon
+USING (
+  is_public = true
+  AND organisation_id IS NOT NULL
+);
+```
+**Example:** `event` (public events), `forms` (published forms)
+**Combined Public + Authenticated Pattern:**
+```sql
+-- Public access
+CREATE POLICY "public_select_table_name" ON table_name
+FOR SELECT TO anon
+USING (
+  is_public = true
+  AND organisation_id IS NOT NULL
+);
+-- Authenticated access (with additional permissions)
+CREATE POLICY "rbac_select_table_name" ON table_name
+FOR SELECT TO authenticated
+USING (
+  (is_public = true AND organisation_id IS NOT NULL)
+  OR (
+    organisation_id IS NOT NULL
+    AND (
+      is_super_admin()
+      OR check_user_organisation_access(organisation_id)
+    )
+  )
+);
+```
+### Complex Multi-Condition Policy
+**Use Case:** Tables that need multiple access patterns (service role, public, organisation-scoped, user-scoped).
+**Pattern:**
+```sql
+CREATE POLICY "rbac_select_table_name" ON table_name
+FOR SELECT
+USING (
+  -- Service role can access all
+  is_service_role()
+  -- Public access
+  OR (is_public = true)
+  -- Organisation-scoped authenticated access
+  OR (
+    is_authenticated_user()
+    AND organisation_id IS NOT NULL
+    AND (
+      is_super_admin()
+      OR check_user_organisation_access(organisation_id)
+    )
+  )
+  -- User-scoped authenticated access
+  OR (
+    is_authenticated_user()
+    AND organisation_id IS NULL
+    AND get_effective_user_id() = user_id
+  )
+);
+```
+**Example:** `file_references` (supports all access patterns)
+**Notes:**
+- Order matters: most permissive first (service_role), then public, then authenticated
+- Each condition should be mutually exclusive where possible
+- Use helper functions for all checks (never inline auth calls)
+### Read-Only Type Table Policy
+**Use Case:** Reference/lookup tables that authenticated users should be able to read but not modify.
+**Pattern:**
+```sql
+CREATE POLICY "read_table_name" ON table_name
+FOR SELECT
+USING (is_authenticated_user());
+```
+**Example:** `pace_gender_type`, `pace_phone_type`, `medi_condition_type`
+**Notes:**
+- No INSERT/UPDATE/DELETE policies needed
+- Super simple - just check if user is authenticated
+- These tables typically don't have organisation_id
+### Super Admin Only Policy
+**Use Case:** Tables that only super admins should access.
+**Pattern:**
+```sql
+CREATE POLICY "rbac_select_table_name" ON table_name
+FOR SELECT TO authenticated
+USING (is_super_admin());
+```
+**Example:** `rbac_global_roles`, `rbac_policy_configs`
+**Full CRUD Example:**
+```sql
+-- All operations restricted to super admin
+CREATE POLICY "rbac_select_table_name" ON table_name
+FOR SELECT TO authenticated
+USING (is_super_admin());
+CREATE POLICY "rbac_insert_table_name" ON table_name
+FOR INSERT TO authenticated
+WITH CHECK (is_super_admin());
+CREATE POLICY "rbac_update_table_name" ON table_name
+FOR UPDATE TO authenticated
+USING (is_super_admin())
+WITH CHECK (is_super_admin());
+CREATE POLICY "rbac_delete_table_name" ON table_name
+FOR DELETE TO authenticated
+USING (is_super_admin());
+```
+### Common Patterns Summary
+| Pattern | Use Case | Key Helper Functions |
+|---------|----------|---------------------|
+| Organisation-Scoped | Basic org membership | `check_user_organisation_access()` |
+| RBAC Permission-Based | Page-level permissions | `check_rbac_permission_with_context()`, `get_app_id()` |
+| Event-Scoped | Event membership | `check_user_event_access()` |
+| User-Scoped | Personal data | `get_effective_user_id()` |
+| Service Role | System operations | `is_service_role()` |
+| Public Access | Anonymous users | `check_public_event_access()` or `is_public` flag |
+| Read-Only Types | Reference tables | `is_authenticated_user()` |
+| Super Admin Only | Admin-only tables | `is_super_admin()` |
+### Policy Best Practices
+1. **Always use helper functions** - Never inline `auth.uid()`, `auth.role()`, or `current_setting()`
+2. **Check NULL first** - Always check `organisation_id IS NOT NULL` before using it
+3. **Super admin first** - Super admin checks should come before other checks in OR conditions
+4. **Service role first** - Service role checks should be the first condition in multi-condition policies
+5. **Consistent naming** - Follow the naming convention: `rbac_{operation}_{table}_{scope}`
+6. **Document exceptions** - If a policy deviates from standard patterns, add a comment explaining why
+7. **Test thoroughly** - Test with different user roles (super_admin, org_admin, member, anon)
+8. **Avoid `true OR ...`** - Never use `true OR ...` conditions as they bypass all security checks
+### Common Pitfalls to Avoid
+**❌ DON'T:**
+```sql
+-- Inline auth calls
+USING (user_id = auth.uid())
+-- Security bypass
+USING (true OR check_user_organisation_access(organisation_id))
+-- Missing NULL check
+USING (check_user_organisation_access(organisation_id))
+-- Direct current_setting
+USING (organisation_id = current_setting('app.organisation_id')::UUID)
+-- Public policy without proper checks
+USING (true)  -- Allows anyone!
+```
+**✅ DO:**
+```sql
+-- Use helper functions
+USING (get_effective_user_id() = user_id)
+-- Proper security checks
+USING (check_user_organisation_access(organisation_id))
+-- NULL check first
+USING (organisation_id IS NOT NULL AND check_user_organisation_access(organisation_id))
+-- Use helper function
+USING (organisation_id = get_organisation_context())
+-- Proper public policy
+USING (is_public = true AND organisation_id IS NOT NULL)
+```
 ## App Ownership
 Tables are assigned to specific apps for RBAC permission checking:
@@ -333,6 +733,29 @@ Monitor:
 ## Migration Guidelines
+### Migration Filename Requirements
+**CRITICAL**: Migration filenames **MUST** use real timestamps, not guessed or placeholder dates.
+1. **Always use the current timestamp** when creating migration files
+2. **Format**: `YYYYMMDDHHMMSS_descriptive_name.sql`
+3. **How to get the timestamp**:
+   ```bash
+   date +"%Y%m%d%H%M%S"
+   ```
+4. **Never guess or use placeholder dates** - This causes migration ordering issues and conflicts
+5. **Verify the timestamp is after the latest migration** in `supabase/migrations/`
+**Example**:
+```bash
+# Get current timestamp
+date +"%Y%m%d%H%M%S"
+# Output: 20251201124800
+# Use it in filename
+20251201124800_allow_medi_action_plan_null_condition_id.sql
+```
 ### Creating New RLS Policies
 1. **Use helper functions** - Never inline `auth.uid()` or `current_setting()`

package/docs/troubleshooting/README.md CHANGED Viewed

@@ -413,7 +413,7 @@ npm run build -- --debug
 // Verify environment variables
 console.log('Environment:', {
   supabaseUrl: import.meta.env.VITE_SUPABASE_URL,
-  supabaseKey: import.meta.env.VITE_SUPABASE_ANON_KEY,
+  supabaseKey: import.meta.env.VITE_SUPABASE_PUBLISHABLE_KEY,
   appName: import.meta.env.VITE_APP_NAME,
 });
 ```
@@ -431,7 +431,7 @@ console.log('Environment:', {
 # Example deployment config
 env:
   VITE_SUPABASE_URL: ${{ secrets.SUPABASE_URL }}
-  VITE_SUPABASE_ANON_KEY: ${{ secrets.SUPABASE_ANON_KEY }}
+  VITE_SUPABASE_PUBLISHABLE_KEY: ${{ secrets.SUPABASE_PUBLISHABLE_KEY }}
   VITE_APP_NAME: "My App"
 ```

package/docs/troubleshooting/migration.md CHANGED Viewed

@@ -403,7 +403,7 @@ VITE_DEBUG_MODE=true
 # New environment variables
 VITE_SUPABASE_URL=https://your-project.supabase.co
-VITE_SUPABASE_ANON_KEY=your-anon-key
+VITE_SUPABASE_PUBLISHABLE_KEY=your-publishable-key
 VITE_APP_ENV=development
 VITE_DEBUG=false
@@ -420,7 +420,7 @@ cp .env .env.backup
 cat > .env << EOF
 # Supabase Configuration
 VITE_SUPABASE_URL=${VITE_SUPABASE_URL:-https://your-project.supabase.co}
-VITE_SUPABASE_ANON_KEY=${VITE_SUPABASE_ANON_KEY:-your-anon-key}
+VITE_SUPABASE_PUBLISHABLE_KEY=${VITE_SUPABASE_PUBLISHABLE_KEY:-your-publishable-key}
 # Application Configuration
 VITE_APP_ENV=${VITE_APP_ENV:-development}
@@ -706,7 +706,7 @@ export class MigrationValidation {
   static validateConfiguration(config: any) {
     const required = [
       'VITE_SUPABASE_URL',
-      'VITE_SUPABASE_ANON_KEY',
+      'VITE_SUPABASE_PUBLISHABLE_KEY',
     ];
     const warnings = [];

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@jmruthers/pace-core",
-  "version": "0.5.189",
+  "version": "0.5.190",
   "description": "Clean, modern React component library with Tailwind v4 styling and native utilities",
   "private": false,
   "publishConfig": {
@@ -155,7 +155,6 @@
     "clean": "rimraf dist",
     "_comment_test": "Test suite with various configurations",
     "test": "cross-env NODE_OPTIONS=\"--max-old-space-size=8192 --max-semi-space-size=128\" vitest run --config ../../vitest.config.ts",
-    "test:memory-optimized": "node ../../scripts/run-tests-memory-optimized.js",
     "test:watch": "vitest --watch --config ../../vitest.config.ts",
     "test:coverage": "cross-env NODE_OPTIONS=\"--max-old-space-size=8192 --max-semi-space-size=128\" vitest run --coverage --config ../../vitest.config.ts --reporter=dot",
     "test:ui": "vitest --ui --config ../../vitest.config.ts",
@@ -200,7 +199,6 @@
     "@radix-ui/react-checkbox": "^1.0.0",
     "@radix-ui/react-dialog": "^1.0.0",
     "@radix-ui/react-label": "^2.0.0",
-    "@radix-ui/react-progress": "^1.0.0",
     "@radix-ui/react-slot": "^1.0.0",
     "@radix-ui/react-switch": "^1.1.0",
     "@radix-ui/react-tabs": "^1.0.0",

package/scripts/check-pace-core-compliance.cjs CHANGED Viewed

@@ -567,7 +567,7 @@ function scanFile(filePath, manifest) {
   // - Using in createClient
   // - Comments/documentation
   const supabaseUrlPattern = /(SUPABASE_URL|VITE_SUPABASE_URL|NEXT_PUBLIC_SUPABASE_URL|REACT_APP_SUPABASE_URL)/g;
-  const supabaseKeyPattern = /(SUPABASE_ANON_KEY|VITE_SUPABASE_ANON_KEY|NEXT_PUBLIC_SUPABASE_ANON_KEY|REACT_APP_SUPABASE_ANON_KEY)/g;
+  const supabaseKeyPattern = /(SUPABASE_ANON_KEY|VITE_SUPABASE_PUBLISHABLE_KEY|NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY|REACT_APP_SUPABASE_PUBLISHABLE_KEY)/g;
   const urlMatches = content.match(supabaseUrlPattern);
   const keyMatches = content.match(supabaseKeyPattern);

package/scripts/check-pace-core-compliance.js CHANGED Viewed

@@ -213,7 +213,7 @@ function scanFile(filePath, manifest) {
   // Check for Supabase URL/key configuration in multiple places
   const supabaseUrlPattern = /(SUPABASE_URL|VITE_SUPABASE_URL|NEXT_PUBLIC_SUPABASE_URL|REACT_APP_SUPABASE_URL)/g;
-  const supabaseKeyPattern = /(SUPABASE_ANON_KEY|VITE_SUPABASE_ANON_KEY|NEXT_PUBLIC_SUPABASE_ANON_KEY|REACT_APP_SUPABASE_ANON_KEY)/g;
+  const supabaseKeyPattern = /(SUPABASE_ANON_KEY|VITE_SUPABASE_PUBLISHABLE_KEY|NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY|REACT_APP_SUPABASE_PUBLISHABLE_KEY)/g;
   const urlMatches = content.match(supabaseUrlPattern);
   const keyMatches = content.match(supabaseKeyPattern);