@jmruthers/pace-core 0.5.189 → 0.5.191

package/dist/{chunk-DDM4CCYT.js → chunk-XYXSXPUK.js}

@@ -1,10 +1,11 @@
 import {
-  useOrganisations
-} from "./chunk-E7UAOUMY.js";
+  useResolvedScope,
+  useSuperAdminBypass
+} from "./chunk-OETXORNB.js";
 import {
   EventServiceContext,
   useUnifiedAuth
-} from "./chunk-VGZZXKBR.js";
+} from "./chunk-6LTQQAT6.js";
 import {
   setOrganisationContext
 } from "./chunk-VBXEHIUJ.js";
@@ -15,10 +16,16 @@ import {
 // src/hooks/useSecureDataAccess.ts
 import { useCallback, useState, useContext } from "react";
 function useSecureDataAccess() {
-  const { supabase, user, session } = useUnifiedAuth();
-  const { ensureOrganisationContext } = useOrganisations();
+  const { supabase, user, session, selectedOrganisation, selectedEvent } = useUnifiedAuth();
   const eventServiceContext = useContext(EventServiceContext);
-  const selectedEvent = eventServiceContext?.eventService?.getSelectedEvent() || null;
+  const eventFromContext = eventServiceContext?.eventService?.getSelectedEvent() || null;
+  const effectiveSelectedEvent = selectedEvent || eventFromContext;
+  const { isSuperAdmin } = useSuperAdminBypass();
+  const { resolvedScope } = useResolvedScope({
+    supabase,
+    selectedOrganisationId: selectedOrganisation?.id || null,
+    selectedEventId: effectiveSelectedEvent?.event_id || null
+  });
   const validateContext = useCallback(() => {
     if (!supabase) {
       throw new Error("No Supabase client available");
@@ -26,30 +33,34 @@ function useSecureDataAccess() {
     if (!user || !session) {
       throw new Error("User must be authenticated with valid session");
     }
-    try {
-      ensureOrganisationContext();
-    } catch (error) {
+    if (isSuperAdmin) {
+      return;
+    }
+    if (!resolvedScope?.organisationId) {
       throw new Error("Organisation context is required for data access");
     }
-  }, [supabase, user, session, ensureOrganisationContext]);
+  }, [supabase, user, session, resolvedScope, isSuperAdmin]);
   const getCurrentOrganisationId = useCallback(() => {
+    if (isSuperAdmin) {
+      return resolvedScope?.organisationId || selectedOrganisation?.id || "";
+    }
     validateContext();
-    const currentOrg = ensureOrganisationContext();
-    return currentOrg.id;
-  }, [validateContext, ensureOrganisationContext]);
+    return resolvedScope?.organisationId || "";
+  }, [validateContext, resolvedScope, selectedOrganisation, isSuperAdmin]);
   const setOrganisationContextInSession = useCallback(async (organisationId) => {
-    if (!supabase) {
-      throw new Error("No Supabase client available");
+    if (!supabase || !organisationId) {
+      return;
     }
     await setOrganisationContext(supabase, organisationId);
   }, [supabase]);
   const secureQuery = useCallback(async (table, columns, filters = {}, options = {}) => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? void 0 : getCurrentOrganisationId();
     await setOrganisationContextInSession(organisationId);
     let query = supabase.from(table).select(columns);
     const tablesWithOrganisation = [
-      "event",
+      "core_events",
       "organisation_settings",
       "rbac_event_app_roles",
       "rbac_organisation_roles",
@@ -60,19 +71,14 @@ function useSecureDataAccess() {
       // SECURITY: Emergency additions for Phase 1 fixes
       "cake_meal",
       "cake_mealtype",
-      "pace_person",
-      "pace_member",
+      "core_person",
+      // NOTE: core_member, medi_profile, core_contact, core_consent, core_identification, core_qualification
+      // are now person-scoped (not organisation-scoped) - removed from this list
       // SECURITY: Phase 3A additions - medical and personal data
-      "medi_profile",
-      "medi_condition",
-      "medi_diet",
-      "medi_action_plan",
-      "medi_profile_versions",
-      "pace_consent",
-      "pace_contact",
-      "pace_identification",
-      "pace_identification_type",
-      "pace_qualification",
+      // NOTE: medi_condition, medi_diet, medi_action_plan, medi_profile_versions are now person-scoped
+      // (via medi_profile) - removed from this list
+      // core_identification_type remains organisation-scoped (lookup table)
+      "core_identification_type",
       "form_responses",
       "form_response_values",
       "forms",
@@ -98,10 +104,15 @@ function useSecureDataAccess() {
       "cake_unit",
       "event_app_access",
       "base_application",
-      "base_questions"
+      "base_questions",
+      // rbac_user_profiles has organisation_id but uses conditional filtering
+      "rbac_user_profiles"
     ];
-    if (tablesWithOrganisation.includes(table)) {
-      query = query.eq("organisation_id", organisationId);
+    if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {
+      if (table === "rbac_user_profiles" && isSuperAdmin) {
+      } else {
+        query = query.eq("organisation_id", organisationId);
+      }
     }
     Object.entries(filters).forEach(([key, value]) => {
       if (value !== void 0 && value !== null) {
@@ -129,12 +140,13 @@ function useSecureDataAccess() {
     }
     recordDataAccess(table, "read", true, `SELECT ${columns} FROM ${table}`, filters);
     return data || [];
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);
   const secureInsert = useCallback(async (table, data) => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? void 0 : getCurrentOrganisationId();
     await setOrganisationContextInSession(organisationId);
-    const secureData = {
+    const secureData = bypassOrganisationFilter ? { ...data } : {
       ...data,
       organisation_id: organisationId
     };
@@ -144,15 +156,16 @@ function useSecureDataAccess() {
       throw error;
     }
     return insertData;
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);
   const secureUpdate = useCallback(async (table, data, filters) => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? void 0 : getCurrentOrganisationId();
     await setOrganisationContextInSession(organisationId);
     const { organisation_id, ...secureData } = data;
     let query = supabase.from(table).update(secureData);
     const tablesWithOrganisation = [
-      "event",
+      "core_events",
       "organisation_settings",
       "rbac_event_app_roles",
       "rbac_organisation_roles",
@@ -163,10 +176,10 @@ function useSecureDataAccess() {
       // SECURITY: Emergency additions for Phase 1 fixes
       "cake_meal",
       "cake_mealtype",
-      "pace_person",
-      "pace_member"
+      "core_person",
+      "core_member"
     ];
-    if (tablesWithOrganisation.includes(table)) {
+    if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {
       query = query.eq("organisation_id", organisationId);
     }
     Object.entries(filters).forEach(([key, value]) => {
@@ -180,14 +193,15 @@ function useSecureDataAccess() {
       throw error;
     }
     return updateData || [];
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);
   const secureDelete = useCallback(async (table, filters) => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? void 0 : getCurrentOrganisationId();
     await setOrganisationContextInSession(organisationId);
     let query = supabase.from(table).delete();
     const tablesWithOrganisation = [
-      "event",
+      "core_events",
       "organisation_settings",
       "rbac_event_app_roles",
       "rbac_organisation_roles",
@@ -198,19 +212,19 @@ function useSecureDataAccess() {
       // SECURITY: Emergency additions for Phase 1 fixes
       "cake_meal",
       "cake_mealtype",
-      "pace_person",
-      "pace_member",
+      "core_person",
+      "core_member",
       // SECURITY: Phase 3A additions - medical and personal data
       "medi_profile",
       "medi_condition",
       "medi_diet",
       "medi_action_plan",
       "medi_profile_versions",
-      "pace_consent",
-      "pace_contact",
-      "pace_identification",
-      "pace_identification_type",
-      "pace_qualification",
+      "core_consent",
+      "core_contact",
+      "core_identification",
+      "core_identification_type",
+      "core_qualification",
       "form_responses",
       "form_response_values",
       "forms",
@@ -238,7 +252,7 @@ function useSecureDataAccess() {
       "base_application",
       "base_questions"
     ];
-    if (tablesWithOrganisation.includes(table)) {
+    if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {
       query = query.eq("organisation_id", organisationId);
     }
     Object.entries(filters).forEach(([key, value]) => {
@@ -251,10 +265,11 @@ function useSecureDataAccess() {
       logger.error("useSecureDataAccess", "Delete failed", { table, filters, error });
       throw error;
     }
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);
   const secureRpc = useCallback(async (functionName, params = {}) => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? void 0 : getCurrentOrganisationId();
     await setOrganisationContextInSession(organisationId);
     const functionsWithPOrganisationId = [
       "data_cake_diners_list",
@@ -297,7 +312,11 @@ function useSecureDataAccess() {
     if (user?.id) {
       secureParams.p_user_id = user.id;
     }
-    secureParams[paramName] = organisationId;
+    if (!bypassOrganisationFilter && organisationId) {
+      secureParams[paramName] = organisationId;
+    } else if (organisationId && !(paramName in params)) {
+      secureParams[paramName] = organisationId;
+    }
     if (functionsNeedingEventId.includes(functionName) && selectedEvent?.event_id) {
       secureParams.p_event_id = selectedEvent.event_id;
     }
@@ -311,7 +330,7 @@ function useSecureDataAccess() {
       throw error;
     }
     return data;
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, selectedEvent?.event_id, user?.id]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, selectedEvent?.event_id, user?.id, isSuperAdmin]);
   const [dataAccessHistory, setDataAccessHistory] = useState([]);
   const [isStrictMode] = useState(true);
   const [isAuditLogEnabled] = useState(true);
@@ -342,11 +361,12 @@ function useSecureDataAccess() {
   }, [user?.id, validateContext, isDataAccessAllowed]);
   const recordDataAccess = useCallback((table, operation, allowed, query, filters) => {
     if (!isAuditLogEnabled || !user?.id) return;
+    const auditOrganisationId = getCurrentOrganisationId() || "super-admin-bypass";
     const record = {
       table,
       operation,
       userId: user.id,
-      organisationId: getCurrentOrganisationId(),
+      organisationId: auditOrganisationId,
       allowed,
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       query,
@@ -361,7 +381,7 @@ function useSecureDataAccess() {
         table,
         operation,
         userId: user.id,
-        organisationId: getCurrentOrganisationId(),
+        organisationId: auditOrganisationId,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
     }
@@ -388,4 +408,4 @@ function useSecureDataAccess() {
 export {
   useSecureDataAccess
 };
-//# sourceMappingURL=chunk-DDM4CCYT.js.map
+//# sourceMappingURL=chunk-XYXSXPUK.js.map

package/dist/chunk-XYXSXPUK.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/hooks/useSecureDataAccess.ts"],"sourcesContent":["/**\n * @file useSecureDataAccess Hook\n * @package @jmruthers/pace-core\n * @module Hooks/useSecureDataAccess\n * @since 0.4.0\n *\n * Hook for secure database operations with mandatory organisation context.\n * Ensures all data access is properly scoped to the user's current organisation.\n *\n * @example\n * ```tsx\n * function DataComponent() {\n *   const { secureQuery, secureInsert, secureUpdate, secureDelete } = useSecureDataAccess();\n *   \n *   const loadData = async () => {\n *     try {\n *       // Automatically includes organisation_id filter\n *       const events = await secureQuery('core_events', '*', { is_visible: true });\n *       console.log('Organisation events:', events);\n *     } catch (error) {\n *       console.error('Failed to load data:', error);\n *     }\n *   };\n *   \n *   const createEvent = async (eventData) => {\n *     try {\n *       // Automatically sets organisation_id\n *       const newEvent = await secureInsert('core_events', eventData);\n *       console.log('Created event:', newEvent);\n *     } catch (error) {\n *       console.error('Failed to create event:', error);\n *     }\n *   };\n *   \n *   return (\n *     <div>\n *       <button onClick={loadData}>Load Data</button>\n *       <button onClick={() => createEvent({ event_name: 'New Event' })}>\n *         Create Event\n *       </button>\n *     </div>\n *   );\n * }\n * ```\n *\n * @security\n * - All queries automatically include organisation_id filter\n * - Validates organisation context before any operation\n * - Prevents data leaks between organisations\n * - Error handling for security violations\n * - Type-safe database operations\n */\n\nimport { useCallback, useState, useContext } from 'react';\nimport { useUnifiedAuth } from '../providers';\nimport { useOrganisations } from './useOrganisations';\nimport { EventServiceContext } from '../providers/services/EventServiceProvider';\nimport { setOrganisationContext } from '../utils/context/organisationContext';\nimport { logger } from '../utils/core/logger';\nimport type { Permission } from '../rbac/types';\nimport type { OrganisationSecurityError } from '../types/organisation';\nimport { useSuperAdminBypass } from '../rbac/hooks/useSuperAdminBypass';\nimport { useResolvedScope } from '../rbac/hooks/useResolvedScope';\n\nexport interface SecureDataAccessReturn {\n  /** Execute a secure query with organisation filtering */\n  secureQuery: <T = any>(\n    table: string,\n    columns: string,\n    filters?: Record<string, any>,\n    options?: {\n      orderBy?: string;\n      ascending?: boolean;\n      limit?: number;\n      offset?: number;\n    }\n  ) => Promise<T[]>;\n  \n  /** Execute a secure insert with organisation context */\n  secureInsert: <T = any>(\n    table: string,\n    data: Record<string, any>\n  ) => Promise<T>;\n  \n  /** Execute a secure update with organisation filtering */\n  secureUpdate: <T = any>(\n    table: string,\n    data: Record<string, any>,\n    filters: Record<string, any>\n  ) => Promise<T[]>;\n  \n  /** Execute a secure delete with organisation filtering */\n  secureDelete: (\n    table: string,\n    filters: Record<string, any>\n  ) => Promise<void>;\n  \n  /** Execute a secure RPC call with organisation context */\n  secureRpc: <T = any>(\n    functionName: string,\n    params?: Record<string, any>\n  ) => Promise<T>;\n  \n  /** Get current organisation ID */\n  getCurrentOrganisationId: () => string;\n  \n  /** Validate organisation context */\n  validateContext: () => void;\n  \n  // NEW: Phase 1 - Enhanced Security Features\n  /** Check if data access is allowed for a table and operation */\n  isDataAccessAllowed: (table: string, operation: string) => boolean;\n  \n  /** Get all data access permissions for current user */\n  getDataAccessPermissions: () => Record<string, string[]>;\n  \n  /** Check if strict mode is enabled */\n  isStrictMode: boolean;\n  \n  /** Check if audit logging is enabled */\n  isAuditLogEnabled: boolean;\n  \n  /** Get data access history */\n  getDataAccessHistory: () => DataAccessRecord[];\n  \n  /** Clear data access history */\n  clearDataAccessHistory: () => void;\n  \n  /** Validate data access attempt */\n  validateDataAccess: (table: string, operation: string) => boolean;\n}\n\nexport interface DataAccessRecord {\n  table: string;\n  operation: string;\n  userId: string;\n  organisationId: string;\n  allowed: boolean;\n  timestamp: string;\n  query?: string;\n  filters?: Record<string, any>;\n}\n\n/**\n * Hook for secure data access with automatic organisation filtering\n * \n * All database operations automatically include organisation context:\n * - Queries filter by organisation_id\n * - Inserts include organisation_id\n * - Updates/deletes are scoped to organisation\n * - RPC calls include organisation_id parameter\n */\nexport function useSecureDataAccess(): SecureDataAccessReturn {\n  const { supabase, user, session, selectedOrganisation, selectedEvent } = useUnifiedAuth();\n  \n  // Get selected event for event-scoped RPC calls\n  // Use useContext directly to safely check if EventServiceProvider is available\n  const eventServiceContext = useContext(EventServiceContext);\n  const eventFromContext = eventServiceContext?.eventService?.getSelectedEvent() || null;\n  const effectiveSelectedEvent = selectedEvent || eventFromContext;\n  const { isSuperAdmin } = useSuperAdminBypass();\n\n  // Use resolved scope to get organisationId (derived from event if needed)\n  const { resolvedScope } = useResolvedScope({\n    supabase,\n    selectedOrganisationId: selectedOrganisation?.id || null,\n    selectedEventId: effectiveSelectedEvent?.event_id || null\n  });\n\n  const validateContext = useCallback((): void => {\n    if (!supabase) {\n      throw new Error('No Supabase client available') as OrganisationSecurityError;\n    }\n    if (!user || !session) {\n      throw new Error('User must be authenticated with valid session') as OrganisationSecurityError;\n    }\n    \n    if (isSuperAdmin) {\n      return;\n    }\n    \n    if (!resolvedScope?.organisationId) {\n      throw new Error('Organisation context is required for data access') as OrganisationSecurityError;\n    }\n  }, [supabase, user, session, resolvedScope, isSuperAdmin]);\n\n  const getCurrentOrganisationId = useCallback((): string => {\n    if (isSuperAdmin) {\n      // For super admins, try to get org from resolved scope or selectedOrganisation\n      return resolvedScope?.organisationId || selectedOrganisation?.id || '';\n    }\n\n    validateContext();\n    return resolvedScope?.organisationId || '';\n  }, [validateContext, resolvedScope, selectedOrganisation, isSuperAdmin]);\n\n  // Set organisation context in database session\n  const setOrganisationContextInSession = useCallback(async (organisationId?: string): Promise<void> => {\n    if (!supabase || !organisationId) {\n      return;\n    }\n\n    await setOrganisationContext(supabase, organisationId);\n  }, [supabase]);\n\n  const secureQuery = useCallback(async <T = any>(\n    table: string,\n    columns: string,\n    filters: Record<string, any> = {},\n    options: {\n      orderBy?: string;\n      ascending?: boolean;\n      limit?: number;\n      offset?: number;\n    } = {}\n  ): Promise<T[]> => {\n    validateContext();\n    const bypassOrganisationFilter = isSuperAdmin;\n    const organisationId = bypassOrganisationFilter ? undefined : getCurrentOrganisationId();\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Build query with organisation filter\n    let query = supabase!\n      .from(table)\n      .select(columns);\n\n    // Add organisation filter only if table has organisation_id column\n    // Defense in depth strategy:\n    // - RLS policies are the primary security layer (cannot be bypassed)\n    // - Application-level filtering adds an additional layer of protection\n    const tablesWithOrganisation = [\n      'core_events',  'organisation_settings',\n      'rbac_event_app_roles', 'rbac_organisation_roles',\n      // SECURITY: Phase 2 additions - complete organisation table mapping\n      'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n      // SECURITY: Emergency additions for Phase 1 fixes\n      'cake_meal', 'cake_mealtype', 'core_person',\n      // NOTE: core_member, medi_profile, core_contact, core_consent, core_identification, core_qualification\n      // are now person-scoped (not organisation-scoped) - removed from this list\n      // SECURITY: Phase 3A additions - medical and personal data\n      // NOTE: medi_condition, medi_diet, medi_action_plan, medi_profile_versions are now person-scoped\n      // (via medi_profile) - removed from this list\n      // core_identification_type remains organisation-scoped (lookup table)\n      'core_identification_type',\n      'form_responses', 'form_response_values', 'forms',\n      // SECURITY: Phase 3B additions - remaining critical tables\n      'invoice', 'line_item', 'credit_balance', 'payment_method',\n      'form_contexts', 'form_field_config', 'form_fields',\n      'cake_delivery', 'cake_diettype', 'cake_diner', 'cake_dish', 'cake_item', \n      'cake_logistics', 'cake_mealplan', 'cake_package', 'cake_recipe', 'cake_supplier', \n      'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions',\n      // rbac_user_profiles has organisation_id but uses conditional filtering\n      'rbac_user_profiles'\n    ];\n    \n    // Apply organisation filtering based on table and super admin status\n    if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {\n      // For rbac_user_profiles: Super admins see all (no filter), non-super-admins get filtered (defense in depth)\n      // For other tables: Always apply filter\n      if (table === 'rbac_user_profiles' && isSuperAdmin) {\n        // Super admin: No org filter - RLS handles access control\n        // This allows super admins to see all users across all organisations\n      } else {\n        // Non-super-admin OR other tables: Apply org filter as defense in depth\n        query = query.eq('organisation_id', organisationId);\n      }\n    }\n\n    // Apply additional filters\n    Object.entries(filters).forEach(([key, value]) => {\n      if (value !== undefined && value !== null) {\n        // Handle qualified column names (e.g., 'users.role')\n        const columnName = key.includes('.') ? key.split('.').pop()! : key;\n        query = query.eq(columnName, value);\n      }\n    });\n\n    // Apply options\n    if (options.orderBy) {\n      // Only use the column name, not a qualified name\n      const orderByColumn = options.orderBy.split('.').pop();\n      if (orderByColumn) {\n        query = query.order(orderByColumn, { ascending: options.ascending ?? true });\n      }\n    }\n    \n    if (options.limit) {\n      query = query.limit(options.limit);\n    }\n    \n    if (options.offset) {\n      query = query.range(options.offset, options.offset + (options.limit || 100) - 1);\n    }\n\n    const { data, error } = await query;\n    \n    if (error) {\n      logger.error('useSecureDataAccess', 'Query failed', { table, columns, filters, error });\n      // NEW: Phase 1 - Record failed data access attempt\n      recordDataAccess(table, 'read', false, `SELECT ${columns} FROM ${table}`, filters);\n      throw error;\n    }\n\n    // NEW: Phase 1 - Record successful data access attempt\n    recordDataAccess(table, 'read', true, `SELECT ${columns} FROM ${table}`, filters);\n\n    return (data as T[]) || [];\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);\n\n  const secureInsert = useCallback(async <T = any>(\n    table: string,\n    data: Record<string, any>\n  ): Promise<T> => {\n    validateContext();\n    const bypassOrganisationFilter = isSuperAdmin;\n    const organisationId = bypassOrganisationFilter ? undefined : getCurrentOrganisationId();\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Ensure organisation_id is set\n    const secureData = bypassOrganisationFilter\n      ? { ...data }\n      : {\n          ...data,\n          organisation_id: organisationId\n        };\n\n    const { data: insertData, error } = await supabase!\n      .from(table)\n      .insert(secureData)\n      .select()\n      .single();\n\n    if (error) {\n      logger.error('useSecureDataAccess', 'Insert failed', { table, data: secureData, error });\n      throw error;\n    }\n\n    return insertData as T;\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);\n\n  const secureUpdate = useCallback(async <T = any>(\n    table: string,\n    data: Record<string, any>,\n    filters: Record<string, any>\n  ): Promise<T[]> => {\n    validateContext();\n    const bypassOrganisationFilter = isSuperAdmin;\n    const organisationId = bypassOrganisationFilter ? undefined : getCurrentOrganisationId();\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Filter out organisation_id from data to prevent manipulation\n    const { organisation_id, ...secureData } = data;\n    \n    // Build update query with organisation filter\n    let query = supabase!\n      .from(table)\n      .update(secureData);\n\n    // Add organisation filter only if table has organisation_id column\n    const tablesWithOrganisation = [\n      'core_events',  'organisation_settings',\n      'rbac_event_app_roles', 'rbac_organisation_roles',\n      // SECURITY: Phase 2 additions - complete organisation table mapping\n      'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n      // SECURITY: Emergency additions for Phase 1 fixes\n      'cake_meal', 'cake_mealtype', 'core_person', 'core_member'\n    ];\n    \n    if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {\n      query = query.eq('organisation_id', organisationId);\n    }\n\n    // Apply filters\n    Object.entries(filters).forEach(([key, value]) => {\n      if (value !== undefined && value !== null) {\n        query = query.eq(key, value);\n      }\n    });\n\n    const { data: updateData, error } = await query.select();\n\n    if (error) {\n      logger.error('useSecureDataAccess', 'Update failed', { table, data: secureData, filters, error });\n      throw error;\n    }\n\n    return (updateData as T[]) || [];\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);\n\n  const secureDelete = useCallback(async (\n    table: string,\n    filters: Record<string, any>\n  ): Promise<void> => {\n    validateContext();\n    const bypassOrganisationFilter = isSuperAdmin;\n    const organisationId = bypassOrganisationFilter ? undefined : getCurrentOrganisationId();\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Build delete query with organisation filter\n    let query = supabase!\n      .from(table)\n      .delete();\n\n    // Add organisation filter only if table has organisation_id column\n    const tablesWithOrganisation = [\n      'core_events',  'organisation_settings',\n      'rbac_event_app_roles', 'rbac_organisation_roles',\n      // SECURITY: Phase 2 additions - complete organisation table mapping\n      'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n      // SECURITY: Emergency additions for Phase 1 fixes\n      'cake_meal', 'cake_mealtype', 'core_person', 'core_member',\n      // SECURITY: Phase 3A additions - medical and personal data\n      'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',\n      'core_consent', 'core_contact', 'core_identification', 'core_identification_type', 'core_qualification',\n      'form_responses', 'form_response_values', 'forms',\n      // SECURITY: Phase 3B additions - remaining critical tables\n      'invoice', 'line_item', 'credit_balance', 'payment_method',\n      'form_contexts', 'form_field_config', 'form_fields',\n      'cake_delivery', 'cake_diettype', 'cake_diner', 'cake_dish', 'cake_item', \n      'cake_logistics', 'cake_mealplan', 'cake_package', 'cake_recipe', 'cake_supplier', \n      'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions'\n    ];\n    \n    if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {\n      query = query.eq('organisation_id', organisationId);\n    }\n\n    // Apply filters\n    Object.entries(filters).forEach(([key, value]) => {\n      if (value !== undefined && value !== null) {\n        query = query.eq(key, value);\n      }\n    });\n\n    const { error } = await query;\n\n    if (error) {\n      logger.error('useSecureDataAccess', 'Delete failed', { table, filters, error });\n      throw error;\n    }\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);\n\n  const secureRpc = useCallback(async <T = any>(\n    functionName: string,\n    params: Record<string, any> = {}\n  ): Promise<T> => {\n    validateContext();\n    const bypassOrganisationFilter = isSuperAdmin;\n    const organisationId = bypassOrganisationFilter ? undefined : getCurrentOrganisationId();\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Include organisation_id in RPC parameters\n    // Some functions use p_organisation_id instead of organisation_id (to avoid conflicts with RETURNS TABLE columns)\n    const functionsWithPOrganisationId = [\n      'data_cake_diners_list',\n      'data_cake_mealplans_list'\n    ];\n    \n    const paramName = functionsWithPOrganisationId.includes(functionName) \n      ? 'p_organisation_id' \n      : 'organisation_id';\n    \n    // Functions that need p_event_id for event-app role permission checks\n    // Note: Even org-scoped functions (like items, packages, suppliers) need event_id\n    //       for permission checks when users have event-app roles\n    const functionsNeedingEventId = [\n      'data_cake_items_list',\n      'data_cake_packages_list',\n      'data_cake_suppliers_list',\n      'data_cake_diettypes_list',\n      'data_cake_mealtypes_list',\n      'data_cake_diners_list',\n      'data_cake_mealplans_list',\n      'data_cake_dishes_list',\n      'data_cake_recipes_list',\n      'data_cake_meals_list',\n      'data_cake_units_list',\n      'data_cake_orders_list',\n      'app_cake_item_create',\n      'app_cake_item_update',\n      'app_cake_package_create',\n      'app_cake_package_update',\n      'app_cake_supplier_create',\n      'app_cake_supplier_update',\n      'app_cake_supplier_delete',\n      'app_cake_meal_create',\n      'app_cake_meal_update',\n      'app_cake_meal_delete',\n      'app_cake_unit_create',\n      'app_cake_unit_update',\n      'app_cake_unit_delete',\n      'app_cake_delivery_upsert'\n    ];\n    \n    // Build secureParams with correct parameter order\n    // For functions that require p_event_id as first parameter, ensure it's first\n    const secureParams: Record<string, any> = {};\n    \n    // Functions where p_event_id is the FIRST required parameter (no default)\n    const functionsWithEventIdFirst = [\n      'data_cake_meals_list',\n      'data_cake_units_list'\n    ];\n    \n    // Add p_user_id explicitly for functions that need it (even though it has a default)\n    // This ensures parameter matching works correctly\n    if (user?.id) {\n      secureParams.p_user_id = user.id;\n    }\n    \n    // Add organisation_id parameter when needed\n    if (!bypassOrganisationFilter && organisationId) {\n      secureParams[paramName] = organisationId;\n    } else if (organisationId && !(paramName in params)) {\n      // Default to the current organisation if caller didn't specify one\n      secureParams[paramName] = organisationId;\n    }\n    \n    // Add p_event_id if function needs it and event is selected\n    // CRITICAL: This must be added AFTER organisation_id but BEFORE caller params\n    // to ensure it's not overwritten. For data_cake_items_list, p_event_id is the 3rd param.\n    if (functionsNeedingEventId.includes(functionName) && selectedEvent?.event_id) {\n      secureParams.p_event_id = selectedEvent.event_id;\n    }\n    \n    // Add any other params passed by caller (limit, offset, etc.)\n    // NOTE: This will NOT overwrite p_event_id if caller passes it, but we want to ensure\n    // our value takes precedence if event is selected\n    Object.assign(secureParams, params);\n    \n    // Ensure p_event_id is set if needed (after Object.assign, so it overrides caller params)\n    if (functionsNeedingEventId.includes(functionName) && selectedEvent?.event_id) {\n      secureParams.p_event_id = selectedEvent.event_id;\n    }\n\n    const { data, error } = await supabase!.rpc(functionName, secureParams);\n\n    if (error) {\n      logger.error('useSecureDataAccess', 'RPC failed', { functionName, params: secureParams, error });\n      throw error;\n    }\n\n    return data as T;\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, selectedEvent?.event_id, user?.id, isSuperAdmin]);\n\n  // NEW: Phase 1 - Enhanced Security Features\n  const [dataAccessHistory, setDataAccessHistory] = useState<DataAccessRecord[]>([]);\n  const [isStrictMode] = useState(true); // Always enabled in Phase 1\n  const [isAuditLogEnabled] = useState(true); // Always enabled in Phase 1\n\n  // Check if data access is allowed for a table and operation\n  const isDataAccessAllowed = useCallback((table: string, operation: string): boolean => {\n    if (!user?.id) return false;\n    \n    // Use the existing RBAC system to check data access permissions\n    // This is a synchronous check for the context - actual permission checking\n    // happens in the secure data operations using the RBAC engine\n    const permission = `${operation}:data.${table}` as Permission;\n    \n    // For now, we'll return true and let the secure data operations\n    // handle the actual permission checking asynchronously\n    // This context is mainly for tracking and audit purposes\n    return true;\n  }, [user?.id]);\n\n  // Get all data access permissions for current user\n  const getDataAccessPermissions = useCallback((): Record<string, string[]> => {\n    if (!user?.id) return {};\n    \n    // For now, return empty object - this will be enhanced with actual permission checking\n    // when we integrate with the existing RBAC system\n    return {};\n  }, [user?.id]);\n\n  // Get data access history\n  const getDataAccessHistory = useCallback((): DataAccessRecord[] => {\n    return [...dataAccessHistory];\n  }, [dataAccessHistory]);\n\n  // Clear data access history\n  const clearDataAccessHistory = useCallback(() => {\n    setDataAccessHistory([]);\n  }, []);\n\n  // Validate data access attempt\n  const validateDataAccess = useCallback((table: string, operation: string): boolean => {\n    if (!user?.id) return false;\n    \n    // Validate organisation context\n    try {\n      validateContext();\n    } catch (error) {\n      logger.error('useSecureDataAccess', 'Organisation context validation failed', { table, operation, error });\n      return false;\n    }\n    \n    return isDataAccessAllowed(table, operation);\n  }, [user?.id, validateContext, isDataAccessAllowed]);\n\n  // Record data access attempt\n  const recordDataAccess = useCallback((\n    table: string,\n    operation: string,\n    allowed: boolean,\n    query?: string,\n    filters?: Record<string, any>\n  ) => {\n    if (!isAuditLogEnabled || !user?.id) return;\n    const auditOrganisationId = getCurrentOrganisationId() || 'super-admin-bypass';\n\n    const record: DataAccessRecord = {\n      table,\n      operation,\n      userId: user.id,\n      organisationId: auditOrganisationId,\n      allowed,\n      timestamp: new Date().toISOString(),\n      query,\n      filters\n    };\n    \n    setDataAccessHistory(prev => {\n      const newHistory = [record, ...prev];\n      return newHistory.slice(0, 1000); // Keep last 1000 records\n    });\n    \n    if (isStrictMode && !allowed) {\n      logger.error('useSecureDataAccess', 'STRICT MODE VIOLATION: User attempted data access without permission', {\n        table,\n        operation,\n        userId: user.id,\n        organisationId: auditOrganisationId,\n        timestamp: new Date().toISOString()\n      });\n    }\n  }, [isAuditLogEnabled, isStrictMode, user?.id, getCurrentOrganisationId]);\n\n  return {\n    secureQuery,\n    secureInsert,\n    secureUpdate,\n    secureDelete,\n    secureRpc,\n    getCurrentOrganisationId,\n    validateContext,\n    // NEW: Phase 1 - Enhanced Security Features\n    isDataAccessAllowed,\n    getDataAccessPermissions,\n    isStrictMode,\n    isAuditLogEnabled,\n    getDataAccessHistory,\n    clearDataAccessHistory,\n    validateDataAccess\n  };\n} "],"mappings":";;;;;;;;;;;;;;;;AAqDA,SAAS,aAAa,UAAU,kBAAkB;AAmG3C,SAAS,sBAA8C;AAC5D,QAAM,EAAE,UAAU,MAAM,SAAS,sBAAsB,cAAc,IAAI,eAAe;AAIxF,QAAM,sBAAsB,WAAW,mBAAmB;AAC1D,QAAM,mBAAmB,qBAAqB,cAAc,iBAAiB,KAAK;AAClF,QAAM,yBAAyB,iBAAiB;AAChD,QAAM,EAAE,aAAa,IAAI,oBAAoB;AAG7C,QAAM,EAAE,cAAc,IAAI,iBAAiB;AAAA,IACzC;AAAA,IACA,wBAAwB,sBAAsB,MAAM;AAAA,IACpD,iBAAiB,wBAAwB,YAAY;AAAA,EACvD,CAAC;AAED,QAAM,kBAAkB,YAAY,MAAY;AAC9C,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AACA,QAAI,CAAC,QAAQ,CAAC,SAAS;AACrB,YAAM,IAAI,MAAM,+CAA+C;AAAA,IACjE;AAEA,QAAI,cAAc;AAChB;AAAA,IACF;AAEA,QAAI,CAAC,eAAe,gBAAgB;AAClC,YAAM,IAAI,MAAM,kDAAkD;AAAA,IACpE;AAAA,EACF,GAAG,CAAC,UAAU,MAAM,SAAS,eAAe,YAAY,CAAC;AAEzD,QAAM,2BAA2B,YAAY,MAAc;AACzD,QAAI,cAAc;AAEhB,aAAO,eAAe,kBAAkB,sBAAsB,MAAM;AAAA,IACtE;AAEA,oBAAgB;AAChB,WAAO,eAAe,kBAAkB;AAAA,EAC1C,GAAG,CAAC,iBAAiB,eAAe,sBAAsB,YAAY,CAAC;AAGvE,QAAM,kCAAkC,YAAY,OAAO,mBAA2C;AACpG,QAAI,CAAC,YAAY,CAAC,gBAAgB;AAChC;AAAA,IACF;AAEA,UAAM,uBAAuB,UAAU,cAAc;AAAA,EACvD,GAAG,CAAC,QAAQ,CAAC;AAEb,QAAM,cAAc,YAAY,OAC9B,OACA,SACA,UAA+B,CAAC,GAChC,UAKI,CAAC,MACY;AACjB,oBAAgB;AAChB,UAAM,2BAA2B;AACjC,UAAM,iBAAiB,2BAA2B,SAAY,yBAAyB;AAGvF,UAAM,gCAAgC,cAAc;AAGpD,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,OAAO;AAMjB,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAgB;AAAA,MAChB;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAO9B;AAAA,MACA;AAAA,MAAkB;AAAA,MAAwB;AAAA;AAAA,MAE1C;AAAA,MAAW;AAAA,MAAa;AAAA,MAAkB;AAAA,MAC1C;AAAA,MAAiB;AAAA,MAAqB;AAAA,MACtC;AAAA,MAAiB;AAAA,MAAiB;AAAA,MAAc;AAAA,MAAa;AAAA,MAC7D;AAAA,MAAkB;AAAA,MAAiB;AAAA,MAAgB;AAAA,MAAe;AAAA,MAClE;AAAA,MAAe;AAAA,MAAa;AAAA,MAAoB;AAAA,MAAoB;AAAA;AAAA,MAEpE;AAAA,IACF;AAGA,QAAI,CAAC,4BAA4B,kBAAkB,uBAAuB,SAAS,KAAK,GAAG;AAGzF,UAAI,UAAU,wBAAwB,cAAc;AAAA,MAGpD,OAAO;AAEL,gBAAQ,MAAM,GAAG,mBAAmB,cAAc;AAAA,MACpD;AAAA,IACF;AAGA,WAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,UAAI,UAAU,UAAa,UAAU,MAAM;AAEzC,cAAM,aAAa,IAAI,SAAS,GAAG,IAAI,IAAI,MAAM,GAAG,EAAE,IAAI,IAAK;AAC/D,gBAAQ,MAAM,GAAG,YAAY,KAAK;AAAA,MACpC;AAAA,IACF,CAAC;AAGD,QAAI,QAAQ,SAAS;AAEnB,YAAM,gBAAgB,QAAQ,QAAQ,MAAM,GAAG,EAAE,IAAI;AACrD,UAAI,eAAe;AACjB,gBAAQ,MAAM,MAAM,eAAe,EAAE,WAAW,QAAQ,aAAa,KAAK,CAAC;AAAA,MAC7E;AAAA,IACF;AAEA,QAAI,QAAQ,OAAO;AACjB,cAAQ,MAAM,MAAM,QAAQ,KAAK;AAAA,IACnC;AAEA,QAAI,QAAQ,QAAQ;AAClB,cAAQ,MAAM,MAAM,QAAQ,QAAQ,QAAQ,UAAU,QAAQ,SAAS,OAAO,CAAC;AAAA,IACjF;AAEA,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,QAAI,OAAO;AACT,aAAO,MAAM,uBAAuB,gBAAgB,EAAE,OAAO,SAAS,SAAS,MAAM,CAAC;AAEtF,uBAAiB,OAAO,QAAQ,OAAO,UAAU,OAAO,SAAS,KAAK,IAAI,OAAO;AACjF,YAAM;AAAA,IACR;AAGA,qBAAiB,OAAO,QAAQ,MAAM,UAAU,OAAO,SAAS,KAAK,IAAI,OAAO;AAEhF,WAAQ,QAAgB,CAAC;AAAA,EAC3B,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,UAAU,YAAY,CAAC;AAEvG,QAAM,eAAe,YAAY,OAC/B,OACA,SACe;AACf,oBAAgB;AAChB,UAAM,2BAA2B;AACjC,UAAM,iBAAiB,2BAA2B,SAAY,yBAAyB;AAGvF,UAAM,gCAAgC,cAAc;AAGpD,UAAM,aAAa,2BACf,EAAE,GAAG,KAAK,IACV;AAAA,MACE,GAAG;AAAA,MACH,iBAAiB;AAAA,IACnB;AAEJ,UAAM,EAAE,MAAM,YAAY,MAAM,IAAI,MAAM,SACvC,KAAK,KAAK,EACV,OAAO,UAAU,EACjB,OAAO,EACP,OAAO;AAEV,QAAI,OAAO;AACT,aAAO,MAAM,uBAAuB,iBAAiB,EAAE,OAAO,MAAM,YAAY,MAAM,CAAC;AACvF,YAAM;AAAA,IACR;AAEA,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,UAAU,YAAY,CAAC;AAEvG,QAAM,eAAe,YAAY,OAC/B,OACA,MACA,YACiB;AACjB,oBAAgB;AAChB,UAAM,2BAA2B;AACjC,UAAM,iBAAiB,2BAA2B,SAAY,yBAAyB;AAGvF,UAAM,gCAAgC,cAAc;AAGpD,UAAM,EAAE,iBAAiB,GAAG,WAAW,IAAI;AAG3C,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,UAAU;AAGpB,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAgB;AAAA,MAChB;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA,IAC/C;AAEA,QAAI,CAAC,4BAA4B,kBAAkB,uBAAuB,SAAS,KAAK,GAAG;AACzF,cAAQ,MAAM,GAAG,mBAAmB,cAAc;AAAA,IACpD;AAGA,WAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,UAAI,UAAU,UAAa,UAAU,MAAM;AACzC,gBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,MAC7B;AAAA,IACF,CAAC;AAED,UAAM,EAAE,MAAM,YAAY,MAAM,IAAI,MAAM,MAAM,OAAO;AAEvD,QAAI,OAAO;AACT,aAAO,MAAM,uBAAuB,iBAAiB,EAAE,OAAO,MAAM,YAAY,SAAS,MAAM,CAAC;AAChG,YAAM;AAAA,IACR;AAEA,WAAQ,cAAsB,CAAC;AAAA,EACjC,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,UAAU,YAAY,CAAC;AAEvG,QAAM,eAAe,YAAY,OAC/B,OACA,YACkB;AAClB,oBAAgB;AAChB,UAAM,2BAA2B;AACjC,UAAM,iBAAiB,2BAA2B,SAAY,yBAAyB;AAGvF,UAAM,gCAAgC,cAAc;AAGpD,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO;AAGV,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAgB;AAAA,MAChB;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA;AAAA,MAE7C;AAAA,MAAgB;AAAA,MAAkB;AAAA,MAAa;AAAA,MAAoB;AAAA,MACnE;AAAA,MAAgB;AAAA,MAAgB;AAAA,MAAuB;AAAA,MAA4B;AAAA,MACnF;AAAA,MAAkB;AAAA,MAAwB;AAAA;AAAA,MAE1C;AAAA,MAAW;AAAA,MAAa;AAAA,MAAkB;AAAA,MAC1C;AAAA,MAAiB;AAAA,MAAqB;AAAA,MACtC;AAAA,MAAiB;AAAA,MAAiB;AAAA,MAAc;AAAA,MAAa;AAAA,MAC7D;AAAA,MAAkB;AAAA,MAAiB;AAAA,MAAgB;AAAA,MAAe;AAAA,MAClE;AAAA,MAAe;AAAA,MAAa;AAAA,MAAoB;AAAA,MAAoB;AAAA,IACtE;AAEA,QAAI,CAAC,4BAA4B,kBAAkB,uBAAuB,SAAS,KAAK,GAAG;AACzF,cAAQ,MAAM,GAAG,mBAAmB,cAAc;AAAA,IACpD;AAGA,WAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,UAAI,UAAU,UAAa,UAAU,MAAM;AACzC,gBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,MAC7B;AAAA,IACF,CAAC;AAED,UAAM,EAAE,MAAM,IAAI,MAAM;AAExB,QAAI,OAAO;AACT,aAAO,MAAM,uBAAuB,iBAAiB,EAAE,OAAO,SAAS,MAAM,CAAC;AAC9E,YAAM;AAAA,IACR;AAAA,EACF,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,UAAU,YAAY,CAAC;AAEvG,QAAM,YAAY,YAAY,OAC5B,cACA,SAA8B,CAAC,MAChB;AACf,oBAAgB;AAChB,UAAM,2BAA2B;AACjC,UAAM,iBAAiB,2BAA2B,SAAY,yBAAyB;AAGvF,UAAM,gCAAgC,cAAc;AAIpD,UAAM,+BAA+B;AAAA,MACnC;AAAA,MACA;AAAA,IACF;AAEA,UAAM,YAAY,6BAA6B,SAAS,YAAY,IAChE,sBACA;AAKJ,UAAM,0BAA0B;AAAA,MAC9B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAIA,UAAM,eAAoC,CAAC;AAG3C,UAAM,4BAA4B;AAAA,MAChC;AAAA,MACA;AAAA,IACF;AAIA,QAAI,MAAM,IAAI;AACZ,mBAAa,YAAY,KAAK;AAAA,IAChC;AAGA,QAAI,CAAC,4BAA4B,gBAAgB;AAC/C,mBAAa,SAAS,IAAI;AAAA,IAC5B,WAAW,kBAAkB,EAAE,aAAa,SAAS;AAEnD,mBAAa,SAAS,IAAI;AAAA,IAC5B;AAKA,QAAI,wBAAwB,SAAS,YAAY,KAAK,eAAe,UAAU;AAC7E,mBAAa,aAAa,cAAc;AAAA,IAC1C;AAKA,WAAO,OAAO,cAAc,MAAM;AAGlC,QAAI,wBAAwB,SAAS,YAAY,KAAK,eAAe,UAAU;AAC7E,mBAAa,aAAa,cAAc;AAAA,IAC1C;AAEA,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,SAAU,IAAI,cAAc,YAAY;AAEtE,QAAI,OAAO;AACT,aAAO,MAAM,uBAAuB,cAAc,EAAE,cAAc,QAAQ,cAAc,MAAM,CAAC;AAC/F,YAAM;AAAA,IACR;AAEA,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,UAAU,eAAe,UAAU,MAAM,IAAI,YAAY,CAAC;AAG1I,QAAM,CAAC,mBAAmB,oBAAoB,IAAI,SAA6B,CAAC,CAAC;AACjF,QAAM,CAAC,YAAY,IAAI,SAAS,IAAI;AACpC,QAAM,CAAC,iBAAiB,IAAI,SAAS,IAAI;AAGzC,QAAM,sBAAsB,YAAY,CAAC,OAAe,cAA+B;AACrF,QAAI,CAAC,MAAM,GAAI,QAAO;AAKtB,UAAM,aAAa,GAAG,SAAS,SAAS,KAAK;AAK7C,WAAO;AAAA,EACT,GAAG,CAAC,MAAM,EAAE,CAAC;AAGb,QAAM,2BAA2B,YAAY,MAAgC;AAC3E,QAAI,CAAC,MAAM,GAAI,QAAO,CAAC;AAIvB,WAAO,CAAC;AAAA,EACV,GAAG,CAAC,MAAM,EAAE,CAAC;AAGb,QAAM,uBAAuB,YAAY,MAA0B;AACjE,WAAO,CAAC,GAAG,iBAAiB;AAAA,EAC9B,GAAG,CAAC,iBAAiB,CAAC;AAGtB,QAAM,yBAAyB,YAAY,MAAM;AAC/C,yBAAqB,CAAC,CAAC;AAAA,EACzB,GAAG,CAAC,CAAC;AAGL,QAAM,qBAAqB,YAAY,CAAC,OAAe,cAA+B;AACpF,QAAI,CAAC,MAAM,GAAI,QAAO;AAGtB,QAAI;AACF,sBAAgB;AAAA,IAClB,SAAS,OAAO;AACd,aAAO,MAAM,uBAAuB,0CAA0C,EAAE,OAAO,WAAW,MAAM,CAAC;AACzG,aAAO;AAAA,IACT;AAEA,WAAO,oBAAoB,OAAO,SAAS;AAAA,EAC7C,GAAG,CAAC,MAAM,IAAI,iBAAiB,mBAAmB,CAAC;AAGnD,QAAM,mBAAmB,YAAY,CACnC,OACA,WACA,SACA,OACA,YACG;AACH,QAAI,CAAC,qBAAqB,CAAC,MAAM,GAAI;AACrC,UAAM,sBAAsB,yBAAyB,KAAK;AAE1D,UAAM,SAA2B;AAAA,MAC/B;AAAA,MACA;AAAA,MACA,QAAQ,KAAK;AAAA,MACb,gBAAgB;AAAA,MAChB;AAAA,MACA,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC;AAAA,MACA;AAAA,IACF;AAEA,yBAAqB,UAAQ;AAC3B,YAAM,aAAa,CAAC,QAAQ,GAAG,IAAI;AACnC,aAAO,WAAW,MAAM,GAAG,GAAI;AAAA,IACjC,CAAC;AAED,QAAI,gBAAgB,CAAC,SAAS;AAC5B,aAAO,MAAM,uBAAuB,wEAAwE;AAAA,QAC1G;AAAA,QACA;AAAA,QACA,QAAQ,KAAK;AAAA,QACb,gBAAgB;AAAA,QAChB,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MACpC,CAAC;AAAA,IACH;AAAA,EACF,GAAG,CAAC,mBAAmB,cAAc,MAAM,IAAI,wBAAwB,CAAC;AAExE,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":[]}

package/dist/{chunk-SAUPYVLF.js → chunk-ZSAAAMVR.js}

@@ -22,4 +22,4 @@ var FileCategory = /* @__PURE__ */ ((FileCategory2) => {
 export {
   FileCategory
 };
-//# sourceMappingURL=chunk-SAUPYVLF.js.map
+//# sourceMappingURL=chunk-ZSAAAMVR.js.map

package/dist/chunk-ZSAAAMVR.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/types/file-reference.ts"],"sourcesContent":["// File Reference System Types\n// These types define the structure for the centralized file reference system\n\nimport type { AppId } from './core';\n\nexport interface FileReference {\n  id: string;\n  table_name: string;\n  record_id: string;\n  file_path: string;\n  file_metadata: FileMetadata;\n  organisation_id: string | null; // Nullable for user-scoped files (e.g., profile photos)\n  app_id: AppId;\n  is_public: boolean;\n  created_at: string;\n  updated_at: string;\n}\n\nexport interface FileMetadata {\n  fileName: string;\n  fileType: string;\n  fileSize?: number;\n  width?: number;\n  height?: number;\n  category: FileCategory;\n  hash?: string;\n  uploadedBy?: string;\n  uploadedAt?: string;\n  tags?: string[];\n  customMetadata?: Record<string, unknown>;\n}\n\nexport enum FileCategory {\n  PROFILE_PHOTOS = 'profile_photos',\n  ID_DOCUMENTS = 'id_documents',\n  QUALIFICATIONS = 'qualifications',\n  MEDICAL_DOCUMENTS = 'medical_documents',\n  DISH_IMAGES = 'dish_images',\n  EVENT_LOGOS = 'event_logos',\n  GENERAL_DOCUMENTS = 'general_documents',\n  IMAGES = 'images',\n  AUDIO = 'audio',\n  VIDEO = 'video',\n  ARCHIVES = 'archives',\n  // CAKE-specific categories\n  CAKE_DISH = 'cake_dish',\n  // TRAC-specific categories\n  TRAC_ACCOMMODATION = 'trac_accommodation',\n  TRAC_ACTIVITY = 'trac_activity',\n  TRAC_JOURNAL = 'trac_journal',\n  TRAC_TRANSPORT = 'trac_transport'\n}\n\n/**\n * Options for uploading a file with a file reference\n * @property pageContext - The page context where the file upload occurs (e.g., 'configuration', 'forms', 'applications')\n *                          Used for context-aware permission checks. Required to check appropriate page-level permissions.\n * @property event_id - Optional event ID for event-scoped permission checks. Required for event-based apps.\n * @property organisation_id - Optional organisation ID. If not provided, the file is user-owned (record_id must match user_id).\n *                              For user-owned files, users can only access their own files.\n */\nexport interface FileUploadOptions {\n  table_name: string;\n  record_id: string;\n  organisation_id: string | null; // Nullable for user-scoped files (e.g., profile photos)\n  app_id: AppId;\n  category: FileCategory;\n  folder: string; // Folder name in storage bucket (e.g., 'profile_photos', 'documents')\n  pageContext: string;\n  event_id?: string;\n  is_public?: boolean;\n  custom_metadata?: Record<string, unknown>;\n  userId?: string; // Optional userId for user-scoped files\n}\n\n\nexport interface FileReferenceService {\n  createFileReference(options: FileUploadOptions, file: File): Promise<FileReference>;\n  getFileReference(table_name: string, record_id: string, organisation_id?: string): Promise<FileReference | null>;\n  getFileReferenceById(id: string, organisation_id?: string): Promise<FileReference | null>;\n  getFileUrl(table_name: string, record_id: string, organisation_id?: string): Promise<string | null>;\n  getSignedUrl(table_name: string, record_id: string, organisation_id?: string, expires_in?: number): Promise<string | null>;\n  updateFileReference(id: string, updates: Partial<FileReference>): Promise<FileReference>;\n  deleteFileReference(table_name: string, record_id: string, organisation_id?: string, delete_file?: boolean): Promise<boolean>;\n  listFileReferences(table_name: string, record_id: string, organisation_id?: string): Promise<FileReference[]>;\n  getFilesByCategory(table_name: string, record_id: string, category: FileCategory, organisation_id?: string): Promise<FileReference[]>;\n  getFileCount(table_name: string, record_id: string, organisation_id?: string): Promise<number>;\n  uploadMultipleFiles(options: FileUploadOptions, files: File[]): Promise<BulkUploadResult>;\n}\n\nexport interface StorageUploadOptions {\n  orgId: string;\n  isPublic?: boolean;\n  customPath?: string;\n}\n\nexport interface FileUploadResult {\n  file_reference: FileReference;\n  file_url: string;\n  signed_url?: string;\n}\n\n/**\n * File reference with pre-fetched URL\n * Useful for display components that need both metadata and URL\n */\nexport interface FileReferenceWithUrl extends FileReference {\n  url: string;\n  isSignedUrl: boolean;\n  expiresAt?: Date;\n}\n\n/**\n * Upload progress information\n */\nexport interface UploadProgress {\n  loaded: number;\n  total: number;\n  percentage: number;\n  fileName: string;\n  status: 'idle' | 'uploading' | 'processing' | 'completed' | 'error';\n  error?: string;\n}\n\n/**\n * Bulk upload result\n */\nexport interface BulkUploadResult {\n  /** Successfully created file references */\n  success: FileReference[];\n  /** Per-file failures with associated errors */\n  failed: { file: File; error: string }[];\n\n  // Optional aggregate fields for consumers that need totals\n  total?: number;\n  successful?: number;\n  results?: Array<{\n    file: File;\n    result: FileUploadResult | null;\n    error?: string;\n  }>;\n}\n\n/**\n * Bucket information for file storage\n */\nexport interface BucketInfo {\n  name: 'files' | 'public-files';\n  isPublic: boolean;\n  description: string;\n}\n\n/**\n * File URL information (public or signed)\n */\nexport interface FileUrlInfo {\n  url: string;\n  isPublic: boolean;\n  isSignedUrl: boolean;\n  expiresAt?: Date;\n  bucket: BucketInfo;\n}\n"],"mappings":";AAgCO,IAAK,eAAL,kBAAKA,kBAAL;AACL,EAAAA,cAAA,oBAAiB;AACjB,EAAAA,cAAA,kBAAe;AACf,EAAAA,cAAA,oBAAiB;AACjB,EAAAA,cAAA,uBAAoB;AACpB,EAAAA,cAAA,iBAAc;AACd,EAAAA,cAAA,iBAAc;AACd,EAAAA,cAAA,uBAAoB;AACpB,EAAAA,cAAA,YAAS;AACT,EAAAA,cAAA,WAAQ;AACR,EAAAA,cAAA,WAAQ;AACR,EAAAA,cAAA,cAAW;AAEX,EAAAA,cAAA,eAAY;AAEZ,EAAAA,cAAA,wBAAqB;AACrB,EAAAA,cAAA,mBAAgB;AAChB,EAAAA,cAAA,kBAAe;AACf,EAAAA,cAAA,oBAAiB;AAlBP,SAAAA;AAAA,GAAA;","names":["FileCategory"]}

package/dist/components.d.ts

@@ -1,10 +1,10 @@
-export { a as UnifiedAuthContextType, d as UnifiedAuthProvider, c as UnifiedAuthProviderProps, u as useUnifiedAuth } from './UnifiedAuthProvider-BG0AL5eE.js';
-export { A as AddressField, k as AddressFieldProps, l as AddressFieldRef, o as Alert, q as AlertDescription, p as AlertTitle, r as Avatar, s as AvatarProps, t as Badge, u as BadgeProps, v as BadgeVariant, B as Button, a as ButtonProps, an as Calendar, ao as CalendarProps, C as Card, g as CardActions, i as CardActionsProps, f as CardContent, e as CardDescription, c as CardFooter, b as CardHeader, h as CardProps, d as CardTitle, w as Checkbox, M as Dialog, W as DialogBody, R as DialogClose, U as DialogContent, a0 as DialogContentProps, Z as DialogDescription, a5 as DialogDescriptionProps, X as DialogFooter, a3 as DialogFooterProps, V as DialogHeader, a2 as DialogHeaderProps, O as DialogOverlay, a1 as DialogOverlayProps, N as DialogPortal, _ as DialogProps, a6 as DialogSize, Y as DialogTitle, a4 as DialogTitleProps, Q as DialogTrigger, $ as DialogTriggerProps, aV as ErrorBoundary, aW as ErrorBoundaryProps, aX as ErrorBoundaryState, a$ as EventSelector, b2 as FileDisplay, b3 as FileDisplayProps, b0 as FileUpload, b1 as FileUploadProps, aL as Footer, aM as FooterProps, aE as Form, aF as FormField, aH as FormFieldProps, aG as FormProps, aK as Header, I as Input, j as InputProps, L as Label, m as LabelProps, aY as LoadingSpinner, aI as LoginForm, aJ as LoginFormProps, aR as NavigationItem, aP as NavigationMenu, aQ as NavigationMenuProps, aS as OrganisationSelector, aT as OrganisationSelectorProps, bl as PaceAppLayout, bk as PaceAppLayoutProps, bn as PaceLoginPage, bm as PaceLoginPageProps, P as Progress, y as ProgressProps, aN as ProtectedRoute, aO as ProtectedRouteProps, bd as PublicPageFooter, bj as PublicPageFooterProps, bc as PublicPageHeader, bi as PublicPageHeaderProps, bb as PublicPageLayout, bh as PublicPageLayoutProps, be as PublicPageProvider, a7 as Select, ab as SelectContent, a8 as SelectGroup, ad as SelectItem, ac as SelectLabel, ae as SelectSeparator, aa as SelectTrigger, a9 as SelectValue, aZ as SessionRestorationLoader, a_ as SessionRestorationLoaderProps, S as Switch, x as SwitchProps, z as Table, E as TableBody, F as TableCaption, G as TableCell, H as TableFooter, J as TableHead, D as TableHeader, K as TableRow, af as Tabs, ai as TabsContent, am as TabsContentProps, ag as TabsList, ak as TabsListProps, aj as TabsProps, ah as TabsTrigger, al as TabsTriggerProps, T as Textarea, n as TextareaProps, ap as Toast, ar as ToastAction, ax as ToastActionElement, aw as ToastClose, av as ToastDescription, ay as ToastProps, as as ToastProvider, au as ToastTitle, at as ToastViewport, aq as Toaster, az as Tooltip, aB as TooltipContent, aC as TooltipProvider, aD as TooltipRoot, aA as TooltipTrigger, ba as UseFileReferenceForRecordReturn, b8 as UseFileReferenceOptions, b9 as UseFileReferenceReturn, aU as UserMenu, b4 as useFileReference, b6 as useFileReferenceById, b5 as useFileReferenceForRecord, b7 as useFilesByCategory, bg as useIsPublicPage, bf as usePublicPageContext } from './PublicPageProvider-B8HaLe69.js';
+export { a as UnifiedAuthContextType, d as UnifiedAuthProvider, c as UnifiedAuthProviderProps, u as useUnifiedAuth } from './UnifiedAuthProvider-BYA9qB-o.js';
+export { A as AddressField, k as AddressFieldProps, l as AddressFieldRef, o as Alert, q as AlertDescription, p as AlertTitle, r as Avatar, s as AvatarProps, t as Badge, u as BadgeProps, v as BadgeVariant, B as Button, a as ButtonProps, an as Calendar, ao as CalendarProps, C as Card, g as CardActions, i as CardActionsProps, f as CardContent, e as CardDescription, c as CardFooter, b as CardHeader, h as CardProps, d as CardTitle, w as Checkbox, M as Dialog, W as DialogBody, R as DialogClose, U as DialogContent, a0 as DialogContentProps, Z as DialogDescription, a5 as DialogDescriptionProps, X as DialogFooter, a3 as DialogFooterProps, V as DialogHeader, a2 as DialogHeaderProps, O as DialogOverlay, a1 as DialogOverlayProps, N as DialogPortal, _ as DialogProps, a6 as DialogSize, Y as DialogTitle, a4 as DialogTitleProps, Q as DialogTrigger, $ as DialogTriggerProps, aV as ErrorBoundary, aW as ErrorBoundaryProps, aX as ErrorBoundaryState, a$ as EventSelector, b2 as FileDisplay, b3 as FileDisplayProps, b0 as FileUpload, b1 as FileUploadProps, aL as Footer, aM as FooterProps, aE as Form, aF as FormField, aH as FormFieldProps, aG as FormProps, aK as Header, I as Input, j as InputProps, L as Label, m as LabelProps, aY as LoadingSpinner, aI as LoginForm, aJ as LoginFormProps, aR as NavigationItem, aP as NavigationMenu, aQ as NavigationMenuProps, aS as OrganisationSelector, aT as OrganisationSelectorProps, bl as PaceAppLayout, bk as PaceAppLayoutProps, bn as PaceLoginPage, bm as PaceLoginPageProps, P as Progress, y as ProgressProps, aN as ProtectedRoute, aO as ProtectedRouteProps, bd as PublicPageFooter, bj as PublicPageFooterProps, bc as PublicPageHeader, bi as PublicPageHeaderProps, bb as PublicPageLayout, bh as PublicPageLayoutProps, be as PublicPageProvider, a7 as Select, ab as SelectContent, a8 as SelectGroup, ad as SelectItem, ac as SelectLabel, ae as SelectSeparator, aa as SelectTrigger, a9 as SelectValue, aZ as SessionRestorationLoader, a_ as SessionRestorationLoaderProps, S as Switch, x as SwitchProps, z as Table, E as TableBody, F as TableCaption, G as TableCell, H as TableFooter, J as TableHead, D as TableHeader, K as TableRow, af as Tabs, ai as TabsContent, am as TabsContentProps, ag as TabsList, ak as TabsListProps, aj as TabsProps, ah as TabsTrigger, al as TabsTriggerProps, T as Textarea, n as TextareaProps, ap as Toast, ar as ToastAction, ax as ToastActionElement, aw as ToastClose, av as ToastDescription, ay as ToastProps, as as ToastProvider, au as ToastTitle, at as ToastViewport, aq as Toaster, az as Tooltip, aB as TooltipContent, aC as TooltipProvider, aD as TooltipRoot, aA as TooltipTrigger, ba as UseFileReferenceForRecordReturn, b8 as UseFileReferenceOptions, b9 as UseFileReferenceReturn, aU as UserMenu, b4 as useFileReference, b6 as useFileReferenceById, b5 as useFileReferenceForRecord, b7 as useFilesByCategory, bg as useIsPublicPage, bf as usePublicPageContext } from './PublicPageProvider-ULXC_u6U.js';
 import * as react_jsx_runtime from 'react/jsx-runtime';
 export { u as useToast } from './useToast-C8gR5ir4.js';
-export { D as DataTable, a as DataTableProps } from './DataTable-IVYljGJ6.js';
-export { c as AggregateConfig, A as AutocompleteOptions, d as DataRecord, a as DataTableAction, D as DataTableColumn, b as DataTableToolbarButton, E as EmptyStateConfig, G as GetRowId, P as ParsedAddress } from './types-Bwgl--Xo.js';
-export { F as FileCategory, b as FileMetadata, a as FileReference, c as FileUploadOptions } from './file-reference-D037xOFK.js';
+export { D as DataTable, a as DataTableProps } from './DataTable-Be6dH_dR.js';
+export { c as AggregateConfig, A as AutocompleteOptions, d as DataRecord, a as DataTableAction, D as DataTableColumn, b as DataTableToolbarButton, E as EmptyStateConfig, G as GetRowId, P as ParsedAddress } from './types-CEpcvwwF.js';
+export { F as FileCategory, b as FileMetadata, a as FileReference, c as FileUploadOptions } from './file-reference-BavO2eQj.js';
 import 'react';
 import '@supabase/supabase-js';
 import './event-CW5YB_2p.js';
@@ -13,7 +13,6 @@ import './auth-BZOJqrdd.js';
 import '@radix-ui/react-label';
 import '@radix-ui/react-checkbox';
 import '@radix-ui/react-switch';
-import '@radix-ui/react-progress';
 import '@radix-ui/react-dialog';
 import '@radix-ui/react-tabs';
 import 'react-day-picker';

package/dist/components.js

@@ -48,7 +48,7 @@ import {
   useFileReferenceById,
   useFileReferenceForRecord,
   useFilesByCategory
-} from "./chunk-YGPFYGA6.js";
+} from "./chunk-VKB2CO4Z.js";
 import {
   Alert,
   AlertDescription,
@@ -89,40 +89,40 @@ import {
   TooltipProvider,
   TooltipRoot,
   TooltipTrigger
-} from "./chunk-2UUZZJFT.js";
-import "./chunk-3GOZZZYH.js";
-import "./chunk-HEHYGYOX.js";
-import "./chunk-63FOKYGO.js";
+} from "./chunk-ULHIJK66.js";
+import "./chunk-VRGWKHDB.js";
+import "./chunk-XNYQOL3Z.js";
+import {
+  useToast
+} from "./chunk-6C4YBBJM.js";
 import {
   ErrorBoundary,
   PublicPageProvider,
   useIsPublicPage,
   usePublicPageContext
-} from "./chunk-UCQSRW7Z.js";
-import {
-  useToast
-} from "./chunk-6C4YBBJM.js";
-import "./chunk-E7UAOUMY.js";
+} from "./chunk-OETXORNB.js";
 import "./chunk-KQCRWDSA.js";
 import {
   UnifiedAuthProvider,
   useUnifiedAuth
-} from "./chunk-VGZZXKBR.js";
+} from "./chunk-6LTQQAT6.js";
+import "./chunk-ROXMHMY2.js";
+import "./chunk-63FOKYGO.js";
 import {
   FileCategory
-} from "./chunk-SAUPYVLF.js";
+} from "./chunk-ZSAAAMVR.js";
 import "./chunk-QXHPKYJV.js";
 import {
   LoadingSpinner,
   fromZonedTime,
   getUserTimeZone,
   toZonedTime
-} from "./chunk-THRPYOFK.js";
+} from "./chunk-HW3OVDUF.js";
 import {
   cn
 } from "./chunk-R77UEZ4E.js";
-import "./chunk-F2IMUDXZ.js";
-import "./chunk-YHCN776L.js";
+import "./chunk-G37KK66H.js";
+import "./chunk-I7PSE6JW.js";
 import "./chunk-VBXEHIUJ.js";
 import "./chunk-SQGMNID3.js";
 import "./chunk-PWLANIRT.js";
@@ -248,15 +248,15 @@ function DatePickerWithTimezone({
         selected,
         onSelect,
         initialFocus: true,
-        captionLayout: "dropdown-buttons",
-        fromYear: 1900,
-        toYear: 2100,
+        captionLayout: "dropdown",
+        startMonth: new Date(1900, 0),
+        endMonth: new Date(2100, 11),
         className: "p-0"
       }
     ) }),
     /* @__PURE__ */ jsxs2("div", { className: "flex items-center justify-between border-t border-border px-3 py-2", children: [
       /* @__PURE__ */ jsxs2("div", { className: "flex items-center gap-2 text-sm text-muted-foreground", children: [
-        /* @__PURE__ */ jsx2(Clock, { className: "h-4 w-4", "aria-hidden": "true" }),
+        /* @__PURE__ */ jsx2(Clock, { className: "size-4", "aria-hidden": "true" }),
         /* @__PURE__ */ jsxs2("span", { children: [
           "Timezone: ",
           /* @__PURE__ */ jsx2("span", { "aria-label": `Timezone ${timezoneDisplay}`, children: timezoneDisplay })

package/dist/components.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/components/DateTimeField/DateTimeField.tsx","../src/components/DatePickerWithTimezone/DatePickerWithTimezone.tsx"],"sourcesContent":["/**\n * @file DateTimeField Component\n * @package @jmruthers/pace-core\n * @module Components/DateTimeField\n * @since 0.1.0\n *\n * Form input component for datetime values with timezone support.\n * Handles UTC ↔ timezone conversion automatically.\n *\n * Features:\n * - Automatic UTC ↔ timezone conversion\n * - Prevents unwanted conversions during user editing\n * - Shows timezone information when not UTC\n * - Supports both ISO string and Date object values\n * - Uses native datetime-local input type\n * - Accessible form field with proper labels\n *\n * @example\n * ```tsx\n * import { DateTimeField } from '@jmruthers/pace-core/components';\n * import { useState } from 'react';\n *\n * function EventForm() {\n *   const [startTime, setStartTime] = useState<string>();\n *\n *   return (\n *     <DateTimeField\n *       label=\"Start Time\"\n *       value={startTime}\n *       onChange={setStartTime}\n *       timezone=\"America/New_York\"\n *       required\n *     />\n *   );\n * }\n * ```\n *\n * @accessibility\n * - Proper label association with htmlFor\n * - Required field indicators\n * - Screen reader friendly\n * - Keyboard navigation support\n * - Focus management\n */\n\nimport * as React from 'react';\nimport { format, parse } from 'date-fns';\nimport { Label } from '../Label';\nimport { Input } from '../Input';\nimport { cn } from '../../utils/core/cn';\nimport { toZonedTime, fromZonedTime, getUserTimeZone } from '../../utils/timezone';\n\n/**\n * Props for the DateTimeField component\n */\nexport interface DateTimeFieldProps {\n  /**\n   * Field label\n   */\n  label: string;\n  /**\n   * UTC date value (ISO string, Date object, or undefined)\n   */\n  value: string | Date | undefined;\n  /**\n   * Change handler that receives UTC value (ISO string or Date object)\n   */\n  onChange: (value: string | Date | undefined) => void;\n  /**\n   * Target timezone for display (default: 'UTC')\n   */\n  timezone?: string;\n  /**\n   * Whether the field is required\n   */\n  required?: boolean;\n  /**\n   * Additional CSS classes\n   */\n  className?: string;\n  /**\n   * If true, onChange returns Date object instead of ISO string\n   */\n  returnAsDate?: boolean;\n  /**\n   * Input id (auto-generated if not provided)\n   */\n  id?: string;\n  /**\n   * Helper text to display below the label\n   */\n  helperText?: string;\n  /**\n   * Error message to display\n   */\n  error?: string;\n}\n\n/**\n * DateTimeField component\n * Form input for datetime values with automatic timezone conversion\n *\n * @param props - DateTimeField configuration\n * @returns JSX.Element - The rendered datetime field\n */\nexport function DateTimeField({\n  label,\n  value,\n  onChange,\n  timezone = 'UTC',\n  required = false,\n  className,\n  returnAsDate = false,\n  id,\n  helperText,\n  error\n}: DateTimeFieldProps) {\n  const [isEditing, setIsEditing] = React.useState(false);\n  const inputRef = React.useRef<HTMLInputElement>(null);\n  const fieldId = id || `datetime-field-${React.useId()}`;\n\n  // Convert UTC value to timezone for display\n  const getDisplayValue = React.useCallback((): string => {\n    if (!value) {\n      return '';\n    }\n\n    try {\n      let dateObj: Date;\n      if (typeof value === 'string') {\n        dateObj = new Date(value);\n      } else {\n        dateObj = value;\n      }\n\n      if (!dateObj || isNaN(dateObj.getTime())) {\n        return '';\n      }\n\n      // Convert UTC to timezone\n      const zonedDate = toZonedTime(dateObj, timezone);\n\n      // Format for datetime-local input (YYYY-MM-DDTHH:mm)\n      return format(zonedDate, \"yyyy-MM-dd'T'HH:mm\");\n    } catch {\n      return '';\n    }\n  }, [value, timezone]);\n\n  const displayValue = isEditing ? undefined : getDisplayValue();\n\n  // Handle input change\n  const handleChange = React.useCallback((e: React.ChangeEvent<HTMLInputElement>) => {\n    setIsEditing(true);\n    const inputValue = e.target.value;\n\n    if (!inputValue) {\n      onChange(undefined);\n      return;\n    }\n\n    try {\n      // Parse the datetime-local value (in timezone)\n      const localDate = parse(inputValue, \"yyyy-MM-dd'T'HH:mm\", new Date());\n\n      if (isNaN(localDate.getTime())) {\n        onChange(undefined);\n        return;\n      }\n\n      // Convert from timezone to UTC\n      const utcDate = fromZonedTime(localDate, timezone);\n\n      // Return as ISO string or Date object\n      if (returnAsDate) {\n        onChange(utcDate);\n      } else {\n        onChange(utcDate.toISOString());\n      }\n    } catch {\n      onChange(undefined);\n    }\n  }, [timezone, returnAsDate, onChange]);\n\n  // Handle blur to stop editing mode\n  const handleBlur = React.useCallback(() => {\n    setIsEditing(false);\n  }, []);\n\n  // Get timezone display text\n  const getTimezoneDisplay = React.useCallback((): string => {\n    if (timezone === 'UTC') {\n      return '';\n    }\n\n    const userTz = getUserTimeZone();\n    if (timezone === userTz) {\n      return 'Local';\n    }\n\n    return timezone;\n  }, [timezone]);\n\n  const timezoneDisplay = getTimezoneDisplay();\n\n  return (\n    <div className={cn('space-y-2', className)}>\n      <Label htmlFor={fieldId} required={required} helperText={helperText} error={error}>\n        {label}\n      </Label>\n      <div className=\"relative\">\n        <Input\n          ref={inputRef}\n          id={fieldId}\n          type=\"datetime-local\"\n          value={displayValue}\n          onChange={handleChange}\n          onBlur={handleBlur}\n          required={required}\n          error={!!error}\n          className=\"w-full\"\n        />\n        {timezoneDisplay && (\n          <span className=\"absolute right-3 top-1/2 -translate-y-1/2 text-sm text-muted-foreground pointer-events-none\">\n            {timezoneDisplay}\n          </span>\n        )}\n      </div>\n    </div>\n  );\n}\n\n","/**\n * @file DatePickerWithTimezone Component\n * @package @jmruthers/pace-core\n * @module Components/DatePickerWithTimezone\n * @since 0.1.0\n *\n * Date picker component that displays timezone information alongside the calendar.\n * Provides a calendar interface with timezone context for date selection.\n *\n * Features:\n * - Calendar date selection\n * - Timezone display (shows \"Local\" when matches user timezone)\n * - Optional \"Done\" button\n * - Accessible date selection\n * - Keyboard navigation support\n *\n * @example\n * ```tsx\n * import { DatePickerWithTimezone } from '@jmruthers/pace-core/components';\n * import { useState } from 'react';\n *\n * function DateSelector() {\n *   const [date, setDate] = useState<Date>();\n *\n *   return (\n *     <DatePickerWithTimezone\n *       selected={date}\n *       onSelect={setDate}\n *       timezone=\"America/New_York\"\n *       onDone={() => console.log('Date selected')}\n *     />\n *   );\n * }\n * ```\n *\n * @accessibility\n * - WCAG 2.1 AA compliant\n * - Keyboard navigation support\n * - Screen reader friendly\n * - Focus management\n * - Proper ARIA attributes\n */\n\nimport * as React from 'react';\nimport { Calendar } from '../Calendar';\nimport { Button } from '../Button';\nimport { Clock } from 'lucide-react';\nimport { getUserTimeZone } from '../../utils/timezone';\nimport { cn } from '../../utils/core/cn';\n\n/**\n * Props for the DatePickerWithTimezone component\n */\nexport interface DatePickerWithTimezoneProps {\n  /**\n   * Currently selected date\n   */\n  selected?: Date;\n  /**\n   * Date selection handler\n   */\n  onSelect: (date: Date | undefined) => void;\n  /**\n   * Optional callback when \"Done\" button is clicked\n   */\n  onDone?: () => void;\n  /**\n   * Timezone to display (defaults to user's timezone)\n   */\n  timezone?: string;\n  /**\n   * Additional CSS classes\n   */\n  className?: string;\n}\n\n/**\n * DatePickerWithTimezone component\n * Date picker with timezone information display\n *\n * @param props - DatePickerWithTimezone configuration\n * @returns JSX.Element - The rendered date picker with timezone\n */\nexport function DatePickerWithTimezone({\n  selected,\n  onSelect,\n  onDone,\n  timezone,\n  className\n}: DatePickerWithTimezoneProps) {\n  const userTimezone = getUserTimeZone();\n  const displayTimezone = timezone || userTimezone;\n  const timezoneDisplay = displayTimezone === userTimezone ? 'Local' : displayTimezone;\n\n  return (\n    <div className={cn('flex flex-col', className)}>\n      <div className=\"p-3\">\n        <Calendar\n          mode=\"single\"\n          selected={selected}\n          onSelect={onSelect}\n          initialFocus\n          captionLayout=\"dropdown-buttons\"\n          fromYear={1900}\n          toYear={2100}\n          className=\"p-0\"\n        />\n      </div>\n\n      <div className=\"flex items-center justify-between border-t border-border px-3 py-2\">\n        <div className=\"flex items-center gap-2 text-sm text-muted-foreground\">\n          <Clock className=\"h-4 w-4\" aria-hidden=\"true\" />\n          <span>\n            Timezone: <span aria-label={`Timezone ${timezoneDisplay}`}>{timezoneDisplay}</span>\n          </span>\n        </div>\n        {onDone && (\n          <Button onClick={onDone} size=\"sm\" className=\"h-8\">\n            Done\n          </Button>\n        )}\n      </div>\n    </div>\n  );\n}\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,YAAY,WAAW;AACvB,SAAS,QAAQ,aAAa;AAiKxB,cAGA,YAHA;AAtGC,SAAS,cAAc;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AAAA,EACA,WAAW;AAAA,EACX,WAAW;AAAA,EACX;AAAA,EACA,eAAe;AAAA,EACf;AAAA,EACA;AAAA,EACA;AACF,GAAuB;AACrB,QAAM,CAAC,WAAW,YAAY,IAAU,eAAS,KAAK;AACtD,QAAM,WAAiB,aAAyB,IAAI;AACpD,QAAM,UAAU,MAAM,kBAAwB,YAAM,CAAC;AAGrD,QAAM,kBAAwB,kBAAY,MAAc;AACtD,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAEA,QAAI;AACF,UAAI;AACJ,UAAI,OAAO,UAAU,UAAU;AAC7B,kBAAU,IAAI,KAAK,KAAK;AAAA,MAC1B,OAAO;AACL,kBAAU;AAAA,MACZ;AAEA,UAAI,CAAC,WAAW,MAAM,QAAQ,QAAQ,CAAC,GAAG;AACxC,eAAO;AAAA,MACT;AAGA,YAAM,YAAY,YAAY,SAAS,QAAQ;AAG/C,aAAO,OAAO,WAAW,oBAAoB;AAAA,IAC/C,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF,GAAG,CAAC,OAAO,QAAQ,CAAC;AAEpB,QAAM,eAAe,YAAY,SAAY,gBAAgB;AAG7D,QAAM,eAAqB,kBAAY,CAAC,MAA2C;AACjF,iBAAa,IAAI;AACjB,UAAM,aAAa,EAAE,OAAO;AAE5B,QAAI,CAAC,YAAY;AACf,eAAS,MAAS;AAClB;AAAA,IACF;AAEA,QAAI;AAEF,YAAM,YAAY,MAAM,YAAY,sBAAsB,oBAAI,KAAK,CAAC;AAEpE,UAAI,MAAM,UAAU,QAAQ,CAAC,GAAG;AAC9B,iBAAS,MAAS;AAClB;AAAA,MACF;AAGA,YAAM,UAAU,cAAc,WAAW,QAAQ;AAGjD,UAAI,cAAc;AAChB,iBAAS,OAAO;AAAA,MAClB,OAAO;AACL,iBAAS,QAAQ,YAAY,CAAC;AAAA,MAChC;AAAA,IACF,QAAQ;AACN,eAAS,MAAS;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,UAAU,cAAc,QAAQ,CAAC;AAGrC,QAAM,aAAmB,kBAAY,MAAM;AACzC,iBAAa,KAAK;AAAA,EACpB,GAAG,CAAC,CAAC;AAGL,QAAM,qBAA2B,kBAAY,MAAc;AACzD,QAAI,aAAa,OAAO;AACtB,aAAO;AAAA,IACT;AAEA,UAAM,SAAS,gBAAgB;AAC/B,QAAI,aAAa,QAAQ;AACvB,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT,GAAG,CAAC,QAAQ,CAAC;AAEb,QAAM,kBAAkB,mBAAmB;AAE3C,SACE,qBAAC,SAAI,WAAW,GAAG,aAAa,SAAS,GACvC;AAAA,wBAAC,SAAM,SAAS,SAAS,UAAoB,YAAwB,OAClE,iBACH;AAAA,IACA,qBAAC,SAAI,WAAU,YACb;AAAA;AAAA,QAAC;AAAA;AAAA,UACC,KAAK;AAAA,UACL,IAAI;AAAA,UACJ,MAAK;AAAA,UACL,OAAO;AAAA,UACP,UAAU;AAAA,UACV,QAAQ;AAAA,UACR;AAAA,UACA,OAAO,CAAC,CAAC;AAAA,UACT,WAAU;AAAA;AAAA,MACZ;AAAA,MACC,mBACC,oBAAC,UAAK,WAAU,+FACb,2BACH;AAAA,OAEJ;AAAA,KACF;AAEJ;;;ACxLA,SAAS,aAAa;AAmDd,gBAAAA,MAeE,QAAAC,aAfF;AAdD,SAAS,uBAAuB;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAAgC;AAC9B,QAAM,eAAe,gBAAgB;AACrC,QAAM,kBAAkB,YAAY;AACpC,QAAM,kBAAkB,oBAAoB,eAAe,UAAU;AAErE,SACE,gBAAAA,MAAC,SAAI,WAAW,GAAG,iBAAiB,SAAS,GAC3C;AAAA,oBAAAD,KAAC,SAAI,WAAU,OACb,0BAAAA;AAAA,MAAC;AAAA;AAAA,QACC,MAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,cAAY;AAAA,QACZ,eAAc;AAAA,QACd,UAAU;AAAA,QACV,QAAQ;AAAA,QACR,WAAU;AAAA;AAAA,IACZ,GACF;AAAA,IAEA,gBAAAC,MAAC,SAAI,WAAU,sEACb;AAAA,sBAAAA,MAAC,SAAI,WAAU,yDACb;AAAA,wBAAAD,KAAC,SAAM,WAAU,WAAU,eAAY,QAAO;AAAA,QAC9C,gBAAAC,MAAC,UAAK;AAAA;AAAA,UACM,gBAAAD,KAAC,UAAK,cAAY,YAAY,eAAe,IAAK,2BAAgB;AAAA,WAC9E;AAAA,SACF;AAAA,MACC,UACC,gBAAAA,KAAC,UAAO,SAAS,QAAQ,MAAK,MAAK,WAAU,OAAM,kBAEnD;AAAA,OAEJ;AAAA,KACF;AAEJ;","names":["jsx","jsxs"]}
+{"version":3,"sources":["../src/components/DateTimeField/DateTimeField.tsx","../src/components/DatePickerWithTimezone/DatePickerWithTimezone.tsx"],"sourcesContent":["/**\n * @file DateTimeField Component\n * @package @jmruthers/pace-core\n * @module Components/DateTimeField\n * @since 0.1.0\n *\n * Form input component for datetime values with timezone support.\n * Handles UTC ↔ timezone conversion automatically.\n *\n * Features:\n * - Automatic UTC ↔ timezone conversion\n * - Prevents unwanted conversions during user editing\n * - Shows timezone information when not UTC\n * - Supports both ISO string and Date object values\n * - Uses native datetime-local input type\n * - Accessible form field with proper labels\n *\n * @example\n * ```tsx\n * import { DateTimeField } from '@jmruthers/pace-core/components';\n * import { useState } from 'react';\n *\n * function EventForm() {\n *   const [startTime, setStartTime] = useState<string>();\n *\n *   return (\n *     <DateTimeField\n *       label=\"Start Time\"\n *       value={startTime}\n *       onChange={setStartTime}\n *       timezone=\"America/New_York\"\n *       required\n *     />\n *   );\n * }\n * ```\n *\n * @accessibility\n * - Proper label association with htmlFor\n * - Required field indicators\n * - Screen reader friendly\n * - Keyboard navigation support\n * - Focus management\n */\n\nimport * as React from 'react';\nimport { format, parse } from 'date-fns';\nimport { Label } from '../Label';\nimport { Input } from '../Input';\nimport { cn } from '../../utils/core/cn';\nimport { toZonedTime, fromZonedTime, getUserTimeZone } from '../../utils/timezone';\n\n/**\n * Props for the DateTimeField component\n */\nexport interface DateTimeFieldProps {\n  /**\n   * Field label\n   */\n  label: string;\n  /**\n   * UTC date value (ISO string, Date object, or undefined)\n   */\n  value: string | Date | undefined;\n  /**\n   * Change handler that receives UTC value (ISO string or Date object)\n   */\n  onChange: (value: string | Date | undefined) => void;\n  /**\n   * Target timezone for display (default: 'UTC')\n   */\n  timezone?: string;\n  /**\n   * Whether the field is required\n   */\n  required?: boolean;\n  /**\n   * Additional CSS classes\n   */\n  className?: string;\n  /**\n   * If true, onChange returns Date object instead of ISO string\n   */\n  returnAsDate?: boolean;\n  /**\n   * Input id (auto-generated if not provided)\n   */\n  id?: string;\n  /**\n   * Helper text to display below the label\n   */\n  helperText?: string;\n  /**\n   * Error message to display\n   */\n  error?: string;\n}\n\n/**\n * DateTimeField component\n * Form input for datetime values with automatic timezone conversion\n *\n * @param props - DateTimeField configuration\n * @returns JSX.Element - The rendered datetime field\n */\nexport function DateTimeField({\n  label,\n  value,\n  onChange,\n  timezone = 'UTC',\n  required = false,\n  className,\n  returnAsDate = false,\n  id,\n  helperText,\n  error\n}: DateTimeFieldProps) {\n  const [isEditing, setIsEditing] = React.useState(false);\n  const inputRef = React.useRef<HTMLInputElement>(null);\n  const fieldId = id || `datetime-field-${React.useId()}`;\n\n  // Convert UTC value to timezone for display\n  const getDisplayValue = React.useCallback((): string => {\n    if (!value) {\n      return '';\n    }\n\n    try {\n      let dateObj: Date;\n      if (typeof value === 'string') {\n        dateObj = new Date(value);\n      } else {\n        dateObj = value;\n      }\n\n      if (!dateObj || isNaN(dateObj.getTime())) {\n        return '';\n      }\n\n      // Convert UTC to timezone\n      const zonedDate = toZonedTime(dateObj, timezone);\n\n      // Format for datetime-local input (YYYY-MM-DDTHH:mm)\n      return format(zonedDate, \"yyyy-MM-dd'T'HH:mm\");\n    } catch {\n      return '';\n    }\n  }, [value, timezone]);\n\n  const displayValue = isEditing ? undefined : getDisplayValue();\n\n  // Handle input change\n  const handleChange = React.useCallback((e: React.ChangeEvent<HTMLInputElement>) => {\n    setIsEditing(true);\n    const inputValue = e.target.value;\n\n    if (!inputValue) {\n      onChange(undefined);\n      return;\n    }\n\n    try {\n      // Parse the datetime-local value (in timezone)\n      const localDate = parse(inputValue, \"yyyy-MM-dd'T'HH:mm\", new Date());\n\n      if (isNaN(localDate.getTime())) {\n        onChange(undefined);\n        return;\n      }\n\n      // Convert from timezone to UTC\n      const utcDate = fromZonedTime(localDate, timezone);\n\n      // Return as ISO string or Date object\n      if (returnAsDate) {\n        onChange(utcDate);\n      } else {\n        onChange(utcDate.toISOString());\n      }\n    } catch {\n      onChange(undefined);\n    }\n  }, [timezone, returnAsDate, onChange]);\n\n  // Handle blur to stop editing mode\n  const handleBlur = React.useCallback(() => {\n    setIsEditing(false);\n  }, []);\n\n  // Get timezone display text\n  const getTimezoneDisplay = React.useCallback((): string => {\n    if (timezone === 'UTC') {\n      return '';\n    }\n\n    const userTz = getUserTimeZone();\n    if (timezone === userTz) {\n      return 'Local';\n    }\n\n    return timezone;\n  }, [timezone]);\n\n  const timezoneDisplay = getTimezoneDisplay();\n\n  return (\n    <div className={cn('space-y-2', className)}>\n      <Label htmlFor={fieldId} required={required} helperText={helperText} error={error}>\n        {label}\n      </Label>\n      <div className=\"relative\">\n        <Input\n          ref={inputRef}\n          id={fieldId}\n          type=\"datetime-local\"\n          value={displayValue}\n          onChange={handleChange}\n          onBlur={handleBlur}\n          required={required}\n          error={!!error}\n          className=\"w-full\"\n        />\n        {timezoneDisplay && (\n          <span className=\"absolute right-3 top-1/2 -translate-y-1/2 text-sm text-muted-foreground pointer-events-none\">\n            {timezoneDisplay}\n          </span>\n        )}\n      </div>\n    </div>\n  );\n}\n\n","/**\n * @file DatePickerWithTimezone Component\n * @package @jmruthers/pace-core\n * @module Components/DatePickerWithTimezone\n * @since 0.1.0\n *\n * Date picker component that displays timezone information alongside the calendar.\n * Provides a calendar interface with timezone context for date selection.\n *\n * Features:\n * - Calendar date selection\n * - Timezone display (shows \"Local\" when matches user timezone)\n * - Optional \"Done\" button\n * - Accessible date selection\n * - Keyboard navigation support\n *\n * @example\n * ```tsx\n * import { DatePickerWithTimezone } from '@jmruthers/pace-core/components';\n * import { useState } from 'react';\n *\n * function DateSelector() {\n *   const [date, setDate] = useState<Date>();\n *\n *   return (\n *     <DatePickerWithTimezone\n *       selected={date}\n *       onSelect={setDate}\n *       timezone=\"America/New_York\"\n *       onDone={() => console.log('Date selected')}\n *     />\n *   );\n * }\n * ```\n *\n * @accessibility\n * - WCAG 2.1 AA compliant\n * - Keyboard navigation support\n * - Screen reader friendly\n * - Focus management\n * - Proper ARIA attributes\n */\n\nimport * as React from 'react';\nimport { Calendar } from '../Calendar';\nimport { Button } from '../Button';\nimport { Clock } from 'lucide-react';\nimport { getUserTimeZone } from '../../utils/timezone';\nimport { cn } from '../../utils/core/cn';\n\n/**\n * Props for the DatePickerWithTimezone component\n */\nexport interface DatePickerWithTimezoneProps {\n  /**\n   * Currently selected date\n   */\n  selected?: Date;\n  /**\n   * Date selection handler\n   */\n  onSelect: (date: Date | undefined) => void;\n  /**\n   * Optional callback when \"Done\" button is clicked\n   */\n  onDone?: () => void;\n  /**\n   * Timezone to display (defaults to user's timezone)\n   */\n  timezone?: string;\n  /**\n   * Additional CSS classes\n   */\n  className?: string;\n}\n\n/**\n * DatePickerWithTimezone component\n * Date picker with timezone information display\n *\n * @param props - DatePickerWithTimezone configuration\n * @returns JSX.Element - The rendered date picker with timezone\n */\nexport function DatePickerWithTimezone({\n  selected,\n  onSelect,\n  onDone,\n  timezone,\n  className\n}: DatePickerWithTimezoneProps) {\n  const userTimezone = getUserTimeZone();\n  const displayTimezone = timezone || userTimezone;\n  const timezoneDisplay = displayTimezone === userTimezone ? 'Local' : displayTimezone;\n\n  return (\n    <div className={cn('flex flex-col', className)}>\n      <div className=\"p-3\">\n        <Calendar\n          mode=\"single\"\n          selected={selected}\n          onSelect={onSelect}\n          initialFocus\n          captionLayout=\"dropdown\"\n          startMonth={new Date(1900, 0)}\n          endMonth={new Date(2100, 11)}\n          className=\"p-0\"\n        />\n      </div>\n\n      <div className=\"flex items-center justify-between border-t border-border px-3 py-2\">\n        <div className=\"flex items-center gap-2 text-sm text-muted-foreground\">\n          <Clock className=\"size-4\" aria-hidden=\"true\" />\n          <span>\n            Timezone: <span aria-label={`Timezone ${timezoneDisplay}`}>{timezoneDisplay}</span>\n          </span>\n        </div>\n        {onDone && (\n          <Button onClick={onDone} size=\"sm\" className=\"h-8\">\n            Done\n          </Button>\n        )}\n      </div>\n    </div>\n  );\n}\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,YAAY,WAAW;AACvB,SAAS,QAAQ,aAAa;AAiKxB,cAGA,YAHA;AAtGC,SAAS,cAAc;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AAAA,EACA,WAAW;AAAA,EACX,WAAW;AAAA,EACX;AAAA,EACA,eAAe;AAAA,EACf;AAAA,EACA;AAAA,EACA;AACF,GAAuB;AACrB,QAAM,CAAC,WAAW,YAAY,IAAU,eAAS,KAAK;AACtD,QAAM,WAAiB,aAAyB,IAAI;AACpD,QAAM,UAAU,MAAM,kBAAwB,YAAM,CAAC;AAGrD,QAAM,kBAAwB,kBAAY,MAAc;AACtD,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAEA,QAAI;AACF,UAAI;AACJ,UAAI,OAAO,UAAU,UAAU;AAC7B,kBAAU,IAAI,KAAK,KAAK;AAAA,MAC1B,OAAO;AACL,kBAAU;AAAA,MACZ;AAEA,UAAI,CAAC,WAAW,MAAM,QAAQ,QAAQ,CAAC,GAAG;AACxC,eAAO;AAAA,MACT;AAGA,YAAM,YAAY,YAAY,SAAS,QAAQ;AAG/C,aAAO,OAAO,WAAW,oBAAoB;AAAA,IAC/C,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF,GAAG,CAAC,OAAO,QAAQ,CAAC;AAEpB,QAAM,eAAe,YAAY,SAAY,gBAAgB;AAG7D,QAAM,eAAqB,kBAAY,CAAC,MAA2C;AACjF,iBAAa,IAAI;AACjB,UAAM,aAAa,EAAE,OAAO;AAE5B,QAAI,CAAC,YAAY;AACf,eAAS,MAAS;AAClB;AAAA,IACF;AAEA,QAAI;AAEF,YAAM,YAAY,MAAM,YAAY,sBAAsB,oBAAI,KAAK,CAAC;AAEpE,UAAI,MAAM,UAAU,QAAQ,CAAC,GAAG;AAC9B,iBAAS,MAAS;AAClB;AAAA,MACF;AAGA,YAAM,UAAU,cAAc,WAAW,QAAQ;AAGjD,UAAI,cAAc;AAChB,iBAAS,OAAO;AAAA,MAClB,OAAO;AACL,iBAAS,QAAQ,YAAY,CAAC;AAAA,MAChC;AAAA,IACF,QAAQ;AACN,eAAS,MAAS;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,UAAU,cAAc,QAAQ,CAAC;AAGrC,QAAM,aAAmB,kBAAY,MAAM;AACzC,iBAAa,KAAK;AAAA,EACpB,GAAG,CAAC,CAAC;AAGL,QAAM,qBAA2B,kBAAY,MAAc;AACzD,QAAI,aAAa,OAAO;AACtB,aAAO;AAAA,IACT;AAEA,UAAM,SAAS,gBAAgB;AAC/B,QAAI,aAAa,QAAQ;AACvB,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT,GAAG,CAAC,QAAQ,CAAC;AAEb,QAAM,kBAAkB,mBAAmB;AAE3C,SACE,qBAAC,SAAI,WAAW,GAAG,aAAa,SAAS,GACvC;AAAA,wBAAC,SAAM,SAAS,SAAS,UAAoB,YAAwB,OAClE,iBACH;AAAA,IACA,qBAAC,SAAI,WAAU,YACb;AAAA;AAAA,QAAC;AAAA;AAAA,UACC,KAAK;AAAA,UACL,IAAI;AAAA,UACJ,MAAK;AAAA,UACL,OAAO;AAAA,UACP,UAAU;AAAA,UACV,QAAQ;AAAA,UACR;AAAA,UACA,OAAO,CAAC,CAAC;AAAA,UACT,WAAU;AAAA;AAAA,MACZ;AAAA,MACC,mBACC,oBAAC,UAAK,WAAU,+FACb,2BACH;AAAA,OAEJ;AAAA,KACF;AAEJ;;;ACxLA,SAAS,aAAa;AAmDd,gBAAAA,MAeE,QAAAC,aAfF;AAdD,SAAS,uBAAuB;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAAgC;AAC9B,QAAM,eAAe,gBAAgB;AACrC,QAAM,kBAAkB,YAAY;AACpC,QAAM,kBAAkB,oBAAoB,eAAe,UAAU;AAErE,SACE,gBAAAA,MAAC,SAAI,WAAW,GAAG,iBAAiB,SAAS,GAC3C;AAAA,oBAAAD,KAAC,SAAI,WAAU,OACb,0BAAAA;AAAA,MAAC;AAAA;AAAA,QACC,MAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,cAAY;AAAA,QACZ,eAAc;AAAA,QACd,YAAY,IAAI,KAAK,MAAM,CAAC;AAAA,QAC5B,UAAU,IAAI,KAAK,MAAM,EAAE;AAAA,QAC3B,WAAU;AAAA;AAAA,IACZ,GACF;AAAA,IAEA,gBAAAC,MAAC,SAAI,WAAU,sEACb;AAAA,sBAAAA,MAAC,SAAI,WAAU,yDACb;AAAA,wBAAAD,KAAC,SAAM,WAAU,UAAS,eAAY,QAAO;AAAA,QAC7C,gBAAAC,MAAC,UAAK;AAAA;AAAA,UACM,gBAAAD,KAAC,UAAK,cAAY,YAAY,eAAe,IAAK,2BAAgB;AAAA,WAC9E;AAAA,SACF;AAAA,MACC,UACC,gBAAAA,KAAC,UAAO,SAAS,QAAQ,MAAK,MAAK,WAAU,OAAM,kBAEnD;AAAA,OAEJ;AAAA,KACF;AAEJ;","names":["jsx","jsxs"]}