npm - @jmruthers/pace-core - Versions diffs - 0.5.189 → 0.5.191 - Mend

@jmruthers/pace-core 0.5.189 → 0.5.191

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (438) hide show

package/core-usage-manifest.json +0 -4
package/dist/{AuthService-B-cd2MA4.d.ts → AuthService-CbP_utw2.d.ts} +7 -3
package/dist/{DataTable-IVYljGJ6.d.ts → DataTable-Be6dH_dR.d.ts} +1 -1
package/dist/{DataTable-GUFUNZ3N.js → DataTable-WKRZD47S.js} +8 -8
package/dist/{PublicPageProvider-B8HaLe69.d.ts → PublicPageProvider-ULXC_u6U.d.ts} +84 -25
package/dist/{UnifiedAuthProvider-BG0AL5eE.d.ts → UnifiedAuthProvider-BYA9qB-o.d.ts} +4 -3
package/dist/{UnifiedAuthProvider-643PUAIM.js → UnifiedAuthProvider-FTSG5XH7.js} +4 -2
package/dist/{api-YP7XD5L6.js → api-IHKALJZD.js} +4 -2
package/dist/{chunk-VGZZXKBR.js → chunk-6LTQQAT6.js} +351 -157
package/dist/chunk-6LTQQAT6.js.map +1 -0
package/dist/{chunk-MX64ZF6I.js → chunk-6TQDD426.js} +15 -15
package/dist/chunk-6TQDD426.js.map +1 -0
package/dist/{chunk-YHCN776L.js → chunk-G37KK66H.js} +2 -75
package/dist/chunk-G37KK66H.js.map +1 -0
package/dist/{chunk-THRPYOFK.js → chunk-HW3OVDUF.js} +5 -5
package/dist/chunk-HW3OVDUF.js.map +1 -0
package/dist/{chunk-F2IMUDXZ.js → chunk-I7PSE6JW.js} +75 -2
package/dist/chunk-I7PSE6JW.js.map +1 -0
package/dist/{chunk-IM4QE42D.js → chunk-LOMZXPSN.js} +141 -326
package/dist/chunk-LOMZXPSN.js.map +1 -0
package/dist/chunk-OETXORNB.js +614 -0
package/dist/chunk-OETXORNB.js.map +1 -0
package/dist/{chunk-HESYZWZW.js → chunk-QWWZ5CAQ.js} +2 -2
package/dist/{chunk-HEHYGYOX.js → chunk-ROXMHMY2.js} +403 -46
package/dist/chunk-ROXMHMY2.js.map +1 -0
package/dist/{chunk-2UUZZJFT.js → chunk-ULHIJK66.js} +228 -177
package/dist/{chunk-2UUZZJFT.js.map → chunk-ULHIJK66.js.map} +1 -1
package/dist/{chunk-YGPFYGA6.js → chunk-VKB2CO4Z.js} +838 -503
package/dist/chunk-VKB2CO4Z.js.map +1 -0
package/dist/{chunk-3GOZZZYH.js → chunk-VRGWKHDB.js} +238 -301
package/dist/chunk-VRGWKHDB.js.map +1 -0
package/dist/{chunk-UCQSRW7Z.js → chunk-XNYQOL3Z.js} +431 -384
package/dist/chunk-XNYQOL3Z.js.map +1 -0
package/dist/{chunk-DDM4CCYT.js → chunk-XYXSXPUK.js} +79 -59
package/dist/chunk-XYXSXPUK.js.map +1 -0
package/dist/{chunk-SAUPYVLF.js → chunk-ZSAAAMVR.js} +1 -1
package/dist/chunk-ZSAAAMVR.js.map +1 -0
package/dist/components.d.ts +5 -6
package/dist/components.js +19 -19
package/dist/components.js.map +1 -1
package/dist/{database.generated-DI89OQeI.d.ts → database.generated-CzIvgcPu.d.ts} +165 -201
package/dist/eslint-rules/pace-core-compliance.cjs +0 -2
package/dist/{file-reference-D037xOFK.d.ts → file-reference-BavO2eQj.d.ts} +13 -10
package/dist/hooks.d.ts +20 -15
package/dist/hooks.js +14 -8
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +17 -15
package/dist/index.js +86 -81
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +3 -3
package/dist/providers.js +3 -1
package/dist/rbac/index.d.ts +77 -13
package/dist/rbac/index.js +12 -9
package/dist/{types-Bwgl--Xo.d.ts → types-CEpcvwwF.d.ts} +1 -1
package/dist/types.d.ts +3 -3
package/dist/types.js +1 -1
package/dist/{usePublicRouteParams-CTDELQ7H.d.ts → usePublicRouteParams-TZe0gy-4.d.ts} +17 -10
package/dist/utils.d.ts +8 -8
package/dist/utils.js +16 -16
package/docs/README.md +2 -2
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +2 -2
package/docs/api/classes/Logger.md +1 -1
package/docs/api/classes/MissingUserContextError.md +2 -2
package/docs/api/classes/OrganisationContextRequiredError.md +1 -1
package/docs/api/classes/PermissionDeniedError.md +1 -1
package/docs/api/classes/RBACAuditManager.md +2 -2
package/docs/api/classes/RBACCache.md +1 -1
package/docs/api/classes/RBACEngine.md +5 -5
package/docs/api/classes/RBACError.md +1 -1
package/docs/api/classes/RBACNotInitializedError.md +2 -2
package/docs/api/classes/SecureSupabaseClient.md +25 -20
package/docs/api/classes/StorageUtils.md +7 -4
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/enums/LogLevel.md +1 -1
package/docs/api/enums/RBACErrorCode.md +1 -1
package/docs/api/enums/RPCFunction.md +1 -1
package/docs/api/interfaces/AddressFieldProps.md +1 -1
package/docs/api/interfaces/AddressFieldRef.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/AutocompleteOptions.md +1 -1
package/docs/api/interfaces/AvatarProps.md +1 -1
package/docs/api/interfaces/BadgeProps.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CalendarProps.md +20 -6
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/ComplianceResult.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +9 -9
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/DatabaseComplianceResult.md +1 -1
package/docs/api/interfaces/DatabaseIssue.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventAppRoleData.md +1 -1
package/docs/api/interfaces/ExportColumn.md +1 -1
package/docs/api/interfaces/ExportOptions.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +62 -16
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +2 -2
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +26 -12
package/docs/api/interfaces/FileUploadProps.md +30 -19
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/FormFieldProps.md +1 -1
package/docs/api/interfaces/FormProps.md +1 -1
package/docs/api/interfaces/GrantEventAppRoleParams.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoggerConfig.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +10 -10
package/docs/api/interfaces/NavigationContextType.md +9 -9
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +7 -7
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +8 -8
package/docs/api/interfaces/PagePermissionContextType.md +8 -8
package/docs/api/interfaces/PagePermissionGuardProps.md +1 -1
package/docs/api/interfaces/PagePermissionProviderProps.md +7 -7
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/ParsedAddress.md +2 -2
package/docs/api/interfaces/PermissionEnforcerProps.md +1 -1
package/docs/api/interfaces/ProgressProps.md +3 -11
package/docs/api/interfaces/ProtectedRouteProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/QuickFix.md +1 -1
package/docs/api/interfaces/RBACAccessValidateParams.md +1 -1
package/docs/api/interfaces/RBACAccessValidateResult.md +1 -1
package/docs/api/interfaces/RBACAuditLogParams.md +1 -1
package/docs/api/interfaces/RBACAuditLogResult.md +1 -1
package/docs/api/interfaces/RBACConfig.md +2 -2
package/docs/api/interfaces/RBACContext.md +1 -1
package/docs/api/interfaces/RBACLogger.md +1 -1
package/docs/api/interfaces/RBACPageAccessCheckParams.md +1 -1
package/docs/api/interfaces/RBACPerformanceMetrics.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckParams.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckResult.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetParams.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetResult.md +1 -1
package/docs/api/interfaces/RBACResult.md +1 -1
package/docs/api/interfaces/RBACRoleGrantParams.md +1 -1
package/docs/api/interfaces/RBACRoleGrantResult.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeParams.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeResult.md +1 -1
package/docs/api/interfaces/RBACRoleValidateParams.md +1 -1
package/docs/api/interfaces/RBACRoleValidateResult.md +1 -1
package/docs/api/interfaces/RBACRolesListParams.md +1 -1
package/docs/api/interfaces/RBACRolesListResult.md +1 -1
package/docs/api/interfaces/RBACSessionTrackParams.md +1 -1
package/docs/api/interfaces/RBACSessionTrackResult.md +1 -1
package/docs/api/interfaces/ResourcePermissions.md +1 -1
package/docs/api/interfaces/RevokeEventAppRoleParams.md +1 -1
package/docs/api/interfaces/RoleBasedRouterContextType.md +8 -8
package/docs/api/interfaces/RoleBasedRouterProps.md +10 -10
package/docs/api/interfaces/RoleManagementResult.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +10 -10
package/docs/api/interfaces/RouteConfig.md +10 -10
package/docs/api/interfaces/RuntimeComplianceResult.md +1 -1
package/docs/api/interfaces/SecureDataContextType.md +9 -9
package/docs/api/interfaces/SecureDataProviderProps.md +8 -8
package/docs/api/interfaces/SessionRestorationLoaderProps.md +1 -1
package/docs/api/interfaces/SetupIssue.md +1 -1
package/docs/api/interfaces/StorageConfig.md +4 -4
package/docs/api/interfaces/StorageFileInfo.md +7 -7
package/docs/api/interfaces/StorageFileMetadata.md +25 -14
package/docs/api/interfaces/StorageListOptions.md +22 -9
package/docs/api/interfaces/StorageListResult.md +4 -4
package/docs/api/interfaces/StorageUploadOptions.md +21 -8
package/docs/api/interfaces/StorageUploadResult.md +6 -6
package/docs/api/interfaces/StorageUrlOptions.md +19 -6
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/TabsContentProps.md +1 -1
package/docs/api/interfaces/TabsListProps.md +1 -1
package/docs/api/interfaces/TabsProps.md +1 -1
package/docs/api/interfaces/TabsTriggerProps.md +1 -1
package/docs/api/interfaces/TextareaProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +53 -53
package/docs/api/interfaces/UnifiedAuthProviderProps.md +13 -13
package/docs/api/interfaces/UseFormDialogOptions.md +1 -1
package/docs/api/interfaces/UseFormDialogReturn.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +2 -2
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +2 -2
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +5 -5
package/docs/api/interfaces/UseResolvedScopeReturn.md +4 -4
package/docs/api/interfaces/UseResourcePermissionsOptions.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +11 -11
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +165 -106
package/docs/api-reference/components.md +15 -7
package/docs/api-reference/providers.md +2 -2
package/docs/api-reference/rpc-functions.md +1 -0
package/docs/best-practices/README.md +1 -1
package/docs/best-practices/deployment.md +8 -8
package/docs/getting-started/examples/README.md +2 -2
package/docs/getting-started/installation-guide.md +4 -4
package/docs/getting-started/quick-start.md +3 -3
package/docs/migration/MIGRATION_GUIDE.md +3 -3
package/docs/migration/README.md +18 -0
package/docs/migration/database-changes-december-2025.md +767 -0
package/docs/migration/person-scoped-profiles-migration-guide.md +472 -0
package/docs/rbac/compliance/compliance-guide.md +2 -2
package/docs/rbac/event-based-apps.md +2 -2
package/docs/rbac/getting-started.md +2 -2
package/docs/rbac/quick-start.md +2 -2
package/docs/security/README.md +4 -4
package/docs/standards/07-rbac-and-rls-standard.md +430 -7
package/docs/troubleshooting/README.md +2 -2
package/docs/troubleshooting/migration.md +3 -3
package/package.json +1 -3
package/scripts/check-pace-core-compliance.cjs +1 -1
package/scripts/check-pace-core-compliance.js +1 -1
package/src/__tests__/fixtures/supabase.ts +301 -0
package/src/__tests__/public-recipe-view.test.ts +19 -19
package/src/__tests__/rls-policies.test.ts +210 -74
package/src/components/AddressField/AddressField.test.tsx +42 -0
package/src/components/AddressField/AddressField.tsx +71 -60
package/src/components/AddressField/README.md +7 -6
package/src/components/Alert/Alert.test.tsx +50 -10
package/src/components/Alert/Alert.tsx +5 -3
package/src/components/Avatar/Avatar.test.tsx +95 -43
package/src/components/Avatar/Avatar.tsx +16 -16
package/src/components/Button/Button.test.tsx +2 -1
package/src/components/Button/Button.tsx +3 -3
package/src/components/Calendar/Calendar.test.tsx +53 -37
package/src/components/Calendar/Calendar.tsx +409 -82
package/src/components/Card/Card.test.tsx +7 -4
package/src/components/Card/Card.tsx +3 -6
package/src/components/Checkbox/Checkbox.tsx +2 -2
package/src/components/DataTable/components/ActionButtons.tsx +5 -5
package/src/components/DataTable/components/BulkOperationsDropdown.tsx +2 -2
package/src/components/DataTable/components/ColumnFilter.tsx +1 -1
package/src/components/DataTable/components/ColumnVisibilityDropdown.tsx +3 -3
package/src/components/DataTable/components/DataTableBody.tsx +12 -12
package/src/components/DataTable/components/DataTableCore.tsx +3 -3
package/src/components/DataTable/components/DataTableToolbar.tsx +5 -5
package/src/components/DataTable/components/DraggableColumnHeader.tsx +3 -3
package/src/components/DataTable/components/EditableRow.tsx +2 -2
package/src/components/DataTable/components/EmptyState.tsx +3 -3
package/src/components/DataTable/components/GroupHeader.tsx +2 -2
package/src/components/DataTable/components/GroupingDropdown.tsx +1 -1
package/src/components/DataTable/components/ImportModal.tsx +4 -4
package/src/components/DataTable/components/LoadingState.tsx +1 -1
package/src/components/DataTable/components/PaginationControls.tsx +11 -11
package/src/components/DataTable/components/UnifiedTableBody.tsx +9 -9
package/src/components/DataTable/components/ViewRowModal.tsx +2 -2
package/src/components/DataTable/components/__tests__/AccessDeniedPage.test.tsx +11 -37
package/src/components/DataTable/components/__tests__/DataTableToolbar.test.tsx +157 -0
package/src/components/DataTable/components/__tests__/LoadingState.test.tsx +2 -1
package/src/components/DataTable/components/__tests__/VirtualizedDataTable.test.tsx +128 -0
package/src/components/DataTable/core/__tests__/ActionManager.test.ts +19 -0
package/src/components/DataTable/core/__tests__/ColumnFactory.test.ts +51 -0
package/src/components/DataTable/core/__tests__/ColumnManager.test.ts +84 -0
package/src/components/DataTable/core/__tests__/DataManager.test.ts +14 -0
package/src/components/DataTable/core/__tests__/DataTableContext.test.tsx +136 -0
package/src/components/DataTable/core/__tests__/LocalDataAdapter.test.ts +16 -0
package/src/components/DataTable/core/__tests__/PluginRegistry.test.ts +18 -0
package/src/components/DataTable/hooks/useDataTablePermissions.ts +28 -7
package/src/components/DataTable/utils/__tests__/hierarchicalUtils.test.ts +30 -1
package/src/components/DataTable/utils/hierarchicalUtils.ts +38 -10
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.test.tsx +8 -3
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.tsx +4 -4
package/src/components/Dialog/Dialog.tsx +2 -2
package/src/components/EventSelector/EventSelector.tsx +7 -7
package/src/components/FileDisplay/FileDisplay.tsx +291 -179
package/src/components/FileUpload/FileUpload.tsx +7 -4
package/src/components/Header/Header.test.tsx +28 -0
package/src/components/Header/Header.tsx +22 -9
package/src/components/InactivityWarningModal/InactivityWarningModal.tsx +2 -2
package/src/components/LoadingSpinner/LoadingSpinner.test.tsx +19 -14
package/src/components/LoadingSpinner/LoadingSpinner.tsx +5 -5
package/src/components/NavigationMenu/NavigationMenu.test.tsx +127 -1
package/src/components/OrganisationSelector/OrganisationSelector.tsx +42 -22
package/src/components/PaceAppLayout/PaceAppLayout.integration.test.tsx +4 -0
package/src/components/PaceAppLayout/PaceAppLayout.performance.test.tsx +3 -0
package/src/components/PaceAppLayout/PaceAppLayout.security.test.tsx +3 -0
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +16 -6
package/src/components/PaceAppLayout/PaceAppLayout.tsx +37 -3
package/src/components/PaceAppLayout/test-setup.tsx +1 -0
package/src/components/PaceLoginPage/PaceLoginPage.test.tsx +66 -45
package/src/components/PaceLoginPage/PaceLoginPage.tsx +6 -4
package/src/components/Progress/Progress.test.tsx +18 -19
package/src/components/Progress/Progress.tsx +31 -32
package/src/components/PublicLayout/PublicLayout.test.tsx +6 -6
package/src/components/PublicLayout/PublicPageProvider.tsx +5 -3
package/src/components/Select/Select.test.tsx +4 -1
package/src/components/Select/Select.tsx +65 -20
package/src/components/Switch/Switch.test.tsx +2 -1
package/src/components/Switch/Switch.tsx +1 -1
package/src/components/Toast/Toast.tsx +1 -1
package/src/components/Tooltip/Tooltip.test.tsx +8 -2
package/src/components/UserMenu/UserMenu.tsx +3 -3
package/src/eslint-rules/pace-core-compliance.cjs +0 -2
package/src/eslint-rules/pace-core-compliance.js +0 -2
package/src/hooks/__tests__/hooks.integration.test.tsx +4 -1
package/src/hooks/__tests__/useAppConfig.unit.test.ts +76 -5
package/src/hooks/__tests__/useDataTableState.test.ts +76 -0
package/src/hooks/__tests__/useFileUrl.unit.test.ts +25 -69
package/src/hooks/__tests__/useFileUrlCache.test.ts +129 -0
package/src/hooks/__tests__/usePreventTabReload.test.ts +88 -0
package/src/hooks/__tests__/usePublicEvent.simple.test.ts +1 -1
package/src/hooks/__tests__/usePublicEvent.test.ts +608 -0
package/src/hooks/__tests__/useQueryCache.test.ts +144 -0
package/src/hooks/__tests__/useSecureDataAccess.unit.test.tsx +67 -24
package/src/hooks/index.ts +1 -1
package/src/hooks/public/usePublicEvent.ts +10 -10
package/src/hooks/public/usePublicFileDisplay.ts +173 -87
package/src/hooks/useAppConfig.ts +24 -5
package/src/hooks/useFileDisplay.ts +298 -36
package/src/hooks/useFileReference.ts +56 -11
package/src/hooks/useFileUrl.ts +1 -1
package/src/hooks/useInactivityTracker.ts +16 -7
package/src/hooks/usePermissionCache.test.ts +85 -8
package/src/hooks/useQueryCache.ts +27 -6
package/src/hooks/useSecureDataAccess.test.ts +87 -42
package/src/hooks/useSecureDataAccess.ts +95 -48
package/src/providers/__tests__/OrganisationProvider.test.tsx +27 -21
package/src/providers/services/EventServiceProvider.tsx +37 -17
package/src/providers/services/InactivityServiceProvider.tsx +4 -4
package/src/providers/services/OrganisationServiceProvider.tsx +8 -1
package/src/providers/services/UnifiedAuthProvider.tsx +115 -29
package/src/rbac/__tests__/auth-rbac.e2e.test.tsx +451 -0
package/src/rbac/__tests__/engine.comprehensive.test.ts +12 -0
package/src/rbac/__tests__/rbac-engine-core-logic.test.ts +8 -0
package/src/rbac/__tests__/rbac-engine-simplified.test.ts +4 -0
package/src/rbac/api.ts +240 -36
package/src/rbac/cache-invalidation.ts +21 -7
package/src/rbac/compliance/quick-fix-suggestions.ts +1 -1
package/src/rbac/components/NavigationGuard.tsx +23 -63
package/src/rbac/components/NavigationProvider.test.tsx +52 -23
package/src/rbac/components/NavigationProvider.tsx +13 -11
package/src/rbac/components/PagePermissionGuard.tsx +77 -203
package/src/rbac/components/PagePermissionProvider.tsx +13 -11
package/src/rbac/components/PermissionEnforcer.tsx +24 -62
package/src/rbac/components/RoleBasedRouter.tsx +14 -12
package/src/rbac/components/SecureDataProvider.tsx +13 -11
package/src/rbac/components/__tests__/NavigationGuard.test.tsx +104 -41
package/src/rbac/components/__tests__/NavigationProvider.test.tsx +49 -12
package/src/rbac/components/__tests__/PagePermissionGuard.race-condition.test.tsx +22 -1
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +161 -82
package/src/rbac/components/__tests__/PagePermissionGuard.verification.test.tsx +22 -1
package/src/rbac/components/__tests__/PermissionEnforcer.test.tsx +77 -30
package/src/rbac/components/__tests__/RoleBasedRouter.test.tsx +39 -5
package/src/rbac/components/__tests__/SecureDataProvider.test.tsx +47 -4
package/src/rbac/engine.ts +4 -2
package/src/rbac/hooks/__tests__/useSecureSupabase.test.ts +144 -52
package/src/rbac/hooks/index.ts +3 -0
package/src/rbac/hooks/useCan.test.ts +101 -53
package/src/rbac/hooks/usePermissions.ts +108 -41
package/src/rbac/hooks/useRBAC.test.ts +11 -3
package/src/rbac/hooks/useRBAC.ts +83 -40
package/src/rbac/hooks/useResolvedScope.test.ts +189 -63
package/src/rbac/hooks/useResolvedScope.ts +128 -70
package/src/rbac/hooks/useSecureSupabase.ts +36 -19
package/src/rbac/hooks/useSuperAdminBypass.ts +126 -0
package/src/rbac/request-deduplication.ts +1 -1
package/src/rbac/secureClient.ts +72 -12
package/src/rbac/security.ts +29 -23
package/src/rbac/types.ts +10 -0
package/src/rbac/utils/__tests__/contextValidator.test.ts +150 -0
package/src/rbac/utils/__tests__/deep-equal.test.ts +53 -0
package/src/rbac/utils/__tests__/eventContext.test.ts +8 -3
package/src/rbac/utils/__tests__/eventContext.unit.test.ts +74 -12
package/src/rbac/utils/contextValidator.ts +288 -0
package/src/rbac/utils/eventContext.ts +52 -3
package/src/services/AuthService.ts +37 -8
package/src/services/EventService.ts +165 -21
package/src/services/OrganisationService.ts +125 -137
package/src/services/__tests__/EventService.test.ts +26 -21
package/src/services/__tests__/OrganisationService.pagination.test.ts +34 -8
package/src/services/__tests__/OrganisationService.test.ts +218 -86
package/src/types/database.generated.ts +166 -201
package/src/types/file-reference.ts +13 -10
package/src/types/supabase.ts +2 -2
package/src/utils/__tests__/secureDataAccess.unit.test.ts +3 -2
package/src/utils/app/appNameResolver.test.ts +346 -73
package/src/utils/context/superAdminOverride.ts +58 -0
package/src/utils/file-reference/index.ts +65 -37
package/src/utils/google-places/googlePlacesUtils.test.ts +98 -0
package/src/utils/google-places/googlePlacesUtils.ts +1 -1
package/src/utils/google-places/loadGoogleMapsScript.test.ts +83 -0
package/src/utils/google-places/types.ts +1 -1
package/src/utils/request-deduplication.ts +4 -4
package/src/utils/security/secureDataAccess.test.ts +1 -1
package/src/utils/security/secureDataAccess.ts +7 -4
package/src/utils/storage/README.md +1 -1
package/src/utils/storage/helpers.test.ts +1 -1
package/src/utils/storage/helpers.ts +38 -19
package/src/utils/storage/types.ts +15 -8
package/src/utils/validation/__tests__/csrf.test.ts +105 -0
package/src/utils/validation/__tests__/sqlInjectionProtection.test.ts +92 -0
package/src/vite-env.d.ts +2 -2
package/dist/chunk-3GOZZZYH.js.map +0 -1
package/dist/chunk-DDM4CCYT.js.map +0 -1
package/dist/chunk-E7UAOUMY.js +0 -75
package/dist/chunk-E7UAOUMY.js.map +0 -1
package/dist/chunk-F2IMUDXZ.js.map +0 -1
package/dist/chunk-HEHYGYOX.js.map +0 -1
package/dist/chunk-IM4QE42D.js.map +0 -1
package/dist/chunk-MX64ZF6I.js.map +0 -1
package/dist/chunk-SAUPYVLF.js.map +0 -1
package/dist/chunk-THRPYOFK.js.map +0 -1
package/dist/chunk-UCQSRW7Z.js.map +0 -1
package/dist/chunk-VGZZXKBR.js.map +0 -1
package/dist/chunk-YGPFYGA6.js.map +0 -1
package/dist/chunk-YHCN776L.js.map +0 -1
/package/dist/{DataTable-GUFUNZ3N.js.map → DataTable-WKRZD47S.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-643PUAIM.js.map → UnifiedAuthProvider-FTSG5XH7.js.map} +0 -0
/package/dist/{api-YP7XD5L6.js.map → api-IHKALJZD.js.map} +0 -0
/package/dist/{chunk-HESYZWZW.js.map → chunk-QWWZ5CAQ.js.map} +0 -0

package/src/hooks/useSecureDataAccess.ts CHANGED Viewed

@@ -15,7 +15,7 @@
  *   const loadData = async () => {
  *     try {
  *       // Automatically includes organisation_id filter
- *       const events = await secureQuery('event', '*', { is_visible: true });
+ *       const events = await secureQuery('core_events', '*', { is_visible: true });
  *       console.log('Organisation events:', events);
  *     } catch (error) {
  *       console.error('Failed to load data:', error);
@@ -25,7 +25,7 @@
  *   const createEvent = async (eventData) => {
  *     try {
  *       // Automatically sets organisation_id
- *       const newEvent = await secureInsert('event', eventData);
+ *       const newEvent = await secureInsert('core_events', eventData);
  *       console.log('Created event:', newEvent);
  *     } catch (error) {
  *       console.error('Failed to create event:', error);
@@ -59,6 +59,8 @@ import { setOrganisationContext } from '../utils/context/organisationContext';
 import { logger } from '../utils/core/logger';
 import type { Permission } from '../rbac/types';
 import type { OrganisationSecurityError } from '../types/organisation';
+import { useSuperAdminBypass } from '../rbac/hooks/useSuperAdminBypass';
+import { useResolvedScope } from '../rbac/hooks/useResolvedScope';
 export interface SecureDataAccessReturn {
   /** Execute a secure query with organisation filtering */
@@ -149,13 +151,21 @@ export interface DataAccessRecord {
  * - RPC calls include organisation_id parameter
  */
 export function useSecureDataAccess(): SecureDataAccessReturn {
-  const { supabase, user, session } = useUnifiedAuth();
-  const { ensureOrganisationContext } = useOrganisations();
+  const { supabase, user, session, selectedOrganisation, selectedEvent } = useUnifiedAuth();
   // Get selected event for event-scoped RPC calls
   // Use useContext directly to safely check if EventServiceProvider is available
   const eventServiceContext = useContext(EventServiceContext);
-  const selectedEvent = eventServiceContext?.eventService?.getSelectedEvent() || null;
+  const eventFromContext = eventServiceContext?.eventService?.getSelectedEvent() || null;
+  const effectiveSelectedEvent = selectedEvent || eventFromContext;
+  const { isSuperAdmin } = useSuperAdminBypass();
+  // Use resolved scope to get organisationId (derived from event if needed)
+  const { resolvedScope } = useResolvedScope({
+    supabase,
+    selectedOrganisationId: selectedOrganisation?.id || null,
+    selectedEventId: effectiveSelectedEvent?.event_id || null
+  });
   const validateContext = useCallback((): void => {
     if (!supabase) {
@@ -165,23 +175,29 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
       throw new Error('User must be authenticated with valid session') as OrganisationSecurityError;
     }
-    try {
-      ensureOrganisationContext();
-    } catch (error) {
+    if (isSuperAdmin) {
+      return;
+    }
+    if (!resolvedScope?.organisationId) {
       throw new Error('Organisation context is required for data access') as OrganisationSecurityError;
     }
-  }, [supabase, user, session, ensureOrganisationContext]);
+  }, [supabase, user, session, resolvedScope, isSuperAdmin]);
   const getCurrentOrganisationId = useCallback((): string => {
+    if (isSuperAdmin) {
+      // For super admins, try to get org from resolved scope or selectedOrganisation
+      return resolvedScope?.organisationId || selectedOrganisation?.id || '';
+    }
     validateContext();
-    const currentOrg = ensureOrganisationContext();
-    return currentOrg.id;
-  }, [validateContext, ensureOrganisationContext]);
+    return resolvedScope?.organisationId || '';
+  }, [validateContext, resolvedScope, selectedOrganisation, isSuperAdmin]);
   // Set organisation context in database session
-  const setOrganisationContextInSession = useCallback(async (organisationId: string): Promise<void> => {
-    if (!supabase) {
-      throw new Error('No Supabase client available') as OrganisationSecurityError;
+  const setOrganisationContextInSession = useCallback(async (organisationId?: string): Promise<void> => {
+    if (!supabase || !organisationId) {
+      return;
     }
     await setOrganisationContext(supabase, organisationId);
@@ -199,7 +215,8 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     } = {}
   ): Promise<T[]> => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? undefined : getCurrentOrganisationId();
     // Set organisation context in database session
     await setOrganisationContextInSession(organisationId);
@@ -210,27 +227,45 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
       .select(columns);
     // Add organisation filter only if table has organisation_id column
+    // Defense in depth strategy:
+    // - RLS policies are the primary security layer (cannot be bypassed)
+    // - Application-level filtering adds an additional layer of protection
     const tablesWithOrganisation = [
-      'event',  'organisation_settings',
+      'core_events',  'organisation_settings',
       'rbac_event_app_roles', 'rbac_organisation_roles',
       // SECURITY: Phase 2 additions - complete organisation table mapping
       'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',
       // SECURITY: Emergency additions for Phase 1 fixes
-      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',
+      'cake_meal', 'cake_mealtype', 'core_person',
+      // NOTE: core_member, medi_profile, core_contact, core_consent, core_identification, core_qualification
+      // are now person-scoped (not organisation-scoped) - removed from this list
       // SECURITY: Phase 3A additions - medical and personal data
-      'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',
-      'pace_consent', 'pace_contact', 'pace_identification', 'pace_identification_type', 'pace_qualification',
+      // NOTE: medi_condition, medi_diet, medi_action_plan, medi_profile_versions are now person-scoped
+      // (via medi_profile) - removed from this list
+      // core_identification_type remains organisation-scoped (lookup table)
+      'core_identification_type',
       'form_responses', 'form_response_values', 'forms',
       // SECURITY: Phase 3B additions - remaining critical tables
       'invoice', 'line_item', 'credit_balance', 'payment_method',
       'form_contexts', 'form_field_config', 'form_fields',
       'cake_delivery', 'cake_diettype', 'cake_diner', 'cake_dish', 'cake_item',
       'cake_logistics', 'cake_mealplan', 'cake_package', 'cake_recipe', 'cake_supplier',
-      'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions'
+      'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions',
+      // rbac_user_profiles has organisation_id but uses conditional filtering
+      'rbac_user_profiles'
     ];
-    if (tablesWithOrganisation.includes(table)) {
-      query = query.eq('organisation_id', organisationId);
+    // Apply organisation filtering based on table and super admin status
+    if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {
+      // For rbac_user_profiles: Super admins see all (no filter), non-super-admins get filtered (defense in depth)
+      // For other tables: Always apply filter
+      if (table === 'rbac_user_profiles' && isSuperAdmin) {
+        // Super admin: No org filter - RLS handles access control
+        // This allows super admins to see all users across all organisations
+      } else {
+        // Non-super-admin OR other tables: Apply org filter as defense in depth
+        query = query.eq('organisation_id', organisationId);
+      }
     }
     // Apply additional filters
@@ -272,23 +307,26 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     recordDataAccess(table, 'read', true, `SELECT ${columns} FROM ${table}`, filters);
     return (data as T[]) || [];
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);
   const secureInsert = useCallback(async <T = any>(
     table: string,
     data: Record<string, any>
   ): Promise<T> => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? undefined : getCurrentOrganisationId();
     // Set organisation context in database session
     await setOrganisationContextInSession(organisationId);
     // Ensure organisation_id is set
-    const secureData = {
-      ...data,
-      organisation_id: organisationId
-    };
+    const secureData = bypassOrganisationFilter
+      ? { ...data }
+      : {
+          ...data,
+          organisation_id: organisationId
+        };
     const { data: insertData, error } = await supabase!
       .from(table)
@@ -302,7 +340,7 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     }
     return insertData as T;
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);
   const secureUpdate = useCallback(async <T = any>(
     table: string,
@@ -310,7 +348,8 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     filters: Record<string, any>
   ): Promise<T[]> => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? undefined : getCurrentOrganisationId();
     // Set organisation context in database session
     await setOrganisationContextInSession(organisationId);
@@ -325,15 +364,15 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     // Add organisation filter only if table has organisation_id column
     const tablesWithOrganisation = [
-      'event',  'organisation_settings',
+      'core_events',  'organisation_settings',
       'rbac_event_app_roles', 'rbac_organisation_roles',
       // SECURITY: Phase 2 additions - complete organisation table mapping
       'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',
       // SECURITY: Emergency additions for Phase 1 fixes
-      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member'
+      'cake_meal', 'cake_mealtype', 'core_person', 'core_member'
     ];
-    if (tablesWithOrganisation.includes(table)) {
+    if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {
       query = query.eq('organisation_id', organisationId);
     }
@@ -352,14 +391,15 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     }
     return (updateData as T[]) || [];
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);
   const secureDelete = useCallback(async (
     table: string,
     filters: Record<string, any>
   ): Promise<void> => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? undefined : getCurrentOrganisationId();
     // Set organisation context in database session
     await setOrganisationContextInSession(organisationId);
@@ -371,15 +411,15 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     // Add organisation filter only if table has organisation_id column
     const tablesWithOrganisation = [
-      'event',  'organisation_settings',
+      'core_events',  'organisation_settings',
       'rbac_event_app_roles', 'rbac_organisation_roles',
       // SECURITY: Phase 2 additions - complete organisation table mapping
       'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',
       // SECURITY: Emergency additions for Phase 1 fixes
-      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',
+      'cake_meal', 'cake_mealtype', 'core_person', 'core_member',
       // SECURITY: Phase 3A additions - medical and personal data
       'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',
-      'pace_consent', 'pace_contact', 'pace_identification', 'pace_identification_type', 'pace_qualification',
+      'core_consent', 'core_contact', 'core_identification', 'core_identification_type', 'core_qualification',
       'form_responses', 'form_response_values', 'forms',
       // SECURITY: Phase 3B additions - remaining critical tables
       'invoice', 'line_item', 'credit_balance', 'payment_method',
@@ -389,7 +429,7 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
       'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions'
     ];
-    if (tablesWithOrganisation.includes(table)) {
+    if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {
       query = query.eq('organisation_id', organisationId);
     }
@@ -406,14 +446,15 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
       logger.error('useSecureDataAccess', 'Delete failed', { table, filters, error });
       throw error;
     }
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);
   const secureRpc = useCallback(async <T = any>(
     functionName: string,
     params: Record<string, any> = {}
   ): Promise<T> => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? undefined : getCurrentOrganisationId();
     // Set organisation context in database session
     await setOrganisationContextInSession(organisationId);
@@ -477,8 +518,13 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
       secureParams.p_user_id = user.id;
     }
-    // Add organisation_id parameter
-    secureParams[paramName] = organisationId;
+    // Add organisation_id parameter when needed
+    if (!bypassOrganisationFilter && organisationId) {
+      secureParams[paramName] = organisationId;
+    } else if (organisationId && !(paramName in params)) {
+      // Default to the current organisation if caller didn't specify one
+      secureParams[paramName] = organisationId;
+    }
     // Add p_event_id if function needs it and event is selected
     // CRITICAL: This must be added AFTER organisation_id but BEFORE caller params
@@ -505,7 +551,7 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     }
     return data as T;
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, selectedEvent?.event_id, user?.id]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, selectedEvent?.event_id, user?.id, isSuperAdmin]);
   // NEW: Phase 1 - Enhanced Security Features
   const [dataAccessHistory, setDataAccessHistory] = useState<DataAccessRecord[]>([]);
@@ -570,12 +616,13 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     filters?: Record<string, any>
   ) => {
     if (!isAuditLogEnabled || !user?.id) return;
+    const auditOrganisationId = getCurrentOrganisationId() || 'super-admin-bypass';
     const record: DataAccessRecord = {
       table,
       operation,
       userId: user.id,
-      organisationId: getCurrentOrganisationId(),
+      organisationId: auditOrganisationId,
       allowed,
       timestamp: new Date().toISOString(),
       query,
@@ -592,7 +639,7 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
         table,
         operation,
         userId: user.id,
-        organisationId: getCurrentOrganisationId(),
+        organisationId: auditOrganisationId,
         timestamp: new Date().toISOString()
       });
     }

package/src/providers/__tests__/OrganisationProvider.test.tsx CHANGED Viewed

@@ -40,24 +40,7 @@ const createMockSupabaseClient = () => {
   const orgId = '123e4567-e89b-12d3-a456-426614174000'; // Valid UUID format
   const userId = '123e4567-e89b-12d3-a456-426614174001'; // Valid UUID format
-  return {
-    rpc: vi.fn().mockResolvedValue({
-      data: [
-        {
-          user_id: userId,
-          organisation_id: orgId,
-          role: 'org_admin',
-          status: 'active',
-        },
-      ],
-      error: null,
-    }),
-    from: vi.fn((table: string) => {
-      if (table === 'organisations') {
-        return {
-          select: vi.fn().mockResolvedValue({
-            data: [
-              {
+  const mockOrganisation = {
                 id: orgId,
                 name: 'Test Organisation 1',
                 display_name: 'Test Organisation 1',
@@ -67,11 +50,34 @@ const createMockSupabaseClient = () => {
                 parent_id: null,
                 created_at: '2023-01-01T00:00:00Z',
                 updated_at: '2023-01-01T00:00:00Z',
-              },
-            ],
+  };
+  const mockQueryBuilder = {
+    select: vi.fn().mockReturnThis(),
+    eq: vi.fn().mockReturnThis(),
+    is: vi.fn().mockResolvedValue({
+      data: [{
+        id: 'membership-1',
+        user_id: userId,
+        organisation_id: orgId,
+        role: 'org_admin',
+        status: 'active',
+        granted_at: '2023-01-01T00:00:00Z',
+        revoked_at: null,
+        core_organisations: mockOrganisation
+      }],
+      error: null
+    })
+  };
+  return {
+    rpc: vi.fn().mockResolvedValue({
+      data: [],
             error: null,
           }),
-        };
+    from: vi.fn((table: string) => {
+      if (table === 'rbac_organisation_roles') {
+        return mockQueryBuilder;
       }
       return {
         select: vi.fn().mockResolvedValue({ data: [], error: null }),

package/src/providers/services/EventServiceProvider.tsx CHANGED Viewed

@@ -31,17 +31,18 @@ export interface EventServiceProviderProps {
   setSelectedEventId: (eventId: string | null) => void;
 }
-export function EventServiceProvider({
-  children,
-  supabaseClient,
-  user,
-  session,
+export function EventServiceProvider({
+  children,
+  supabaseClient,
+  user,
+  session,
   appName,
   selectedOrganisation,
   setSelectedEventId
 }: EventServiceProviderProps) {
   // Create service instance once with useRef to avoid recreation on dependency changes
   const eventServiceRef = useRef<EventService | null>(null);
+  const initializingRef = useRef(false);
   if (!eventServiceRef.current) {
     eventServiceRef.current = new EventService(supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId);
@@ -53,25 +54,44 @@ export function EventServiceProvider({
   // Note: eventService is a ref and never changes, so we don't include it in dependencies
   useEffect(() => {
     let isMounted = true;
+    if (initializingRef.current) {
+      return;
+    }
     const updateAndInitialize = async () => {
-      // Update dependencies (now async to handle user change cleanup)
-      await eventService.updateDependencies(supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId);
-      if (!isMounted) return;
-      // Re-initialize service when dependencies change
-      await eventService.initialize().catch(error => {
-        if (isMounted) {
-          logger.error('EventServiceProvider', 'Failed to initialize event service:', error);
-        }
-      });
+      initializingRef.current = true;
+      try {
+        logger.debug('EventServiceProvider', 'Updating dependencies and initializing', {
+          hasUser: !!user,
+          hasSession: !!session,
+          appName,
+          hasSelectedOrganisation: !!selectedOrganisation,
+          organisationId: selectedOrganisation?.id
+        });
+        // Update dependencies (now async to handle user change cleanup)
+        await eventService.updateDependencies(supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId);
+        if (!isMounted) return;
+        // Re-initialize service when dependencies change
+        await eventService.initialize().catch(error => {
+          if (isMounted) {
+            logger.error('EventServiceProvider', 'Failed to initialize event service:', error);
+          }
+        });
+      } finally {
+        initializingRef.current = false;
+      }
     };
     updateAndInitialize();
     return () => {
       isMounted = false;
+      initializingRef.current = false;
     };
     // eslint-disable-next-line react-hooks/exhaustive-deps
     // eventService is a ref and never changes, so we exclude it from dependencies

package/src/providers/services/InactivityServiceProvider.tsx CHANGED Viewed

@@ -25,8 +25,8 @@ export interface InactivityServiceProviderProps {
   supabaseClient: SupabaseClient;
   user: User | null;
   session: Session | null;
-  idleTimeoutMs?: number;
-  warnBeforeMs?: number;
+  idleTimeoutMs: number; // REQUIRED: No default - must be explicitly provided
+  warnBeforeMs: number; // REQUIRED: No default - must be explicitly provided
   onIdleLogout: (reason: 'inactivity') => void;
 }
@@ -35,8 +35,8 @@ export function InactivityServiceProvider({
   supabaseClient,
   user,
   session,
-  idleTimeoutMs = 30 * 60 * 1000,
-  warnBeforeMs = 60 * 1000,
+  idleTimeoutMs, // REQUIRED: No default - must be explicitly provided
+  warnBeforeMs, // REQUIRED: No default - must be explicitly provided
   onIdleLogout
 }: InactivityServiceProviderProps) {
   // Create service instance once with useRef to avoid recreation on dependency changes

package/src/providers/services/OrganisationServiceProvider.tsx CHANGED Viewed

@@ -52,7 +52,14 @@ export function OrganisationServiceProvider({
     organisationService.initialize()
       .catch(error => {
         if (isMounted) {
-          logger.error('OrganisationServiceProvider', 'Failed to initialize organisation service:', error);
+          // "User has no access to active organisations" is a valid state for users without orgs (e.g., profile pages)
+          // Log it as a warning instead of an error to reduce noise
+          const errorMessage = error instanceof Error ? error.message : String(error);
+          if (errorMessage === 'User has no access to active organisations') {
+            logger.warn('OrganisationServiceProvider', 'User has no active organisations (this is expected for users without organisation access):', error);
+          } else {
+            logger.error('OrganisationServiceProvider', 'Failed to initialize organisation service:', error);
+          }
         }
       });