@jmruthers/pace-core 0.5.189 → 0.5.191

package/src/utils/file-reference/index.ts

@@ -38,9 +38,10 @@ export class FileReferenceServiceImpl implements FileReferenceService {
   async createFileReference(options: FileUploadOptions, file: File): Promise<FileReference> {
     try {
 
-      // Validate required options
-      if (!options.organisation_id) {
-        throw new Error('organisation_id is required for file upload');
+      // organisation_id is optional for user-scoped files (e.g., profile photos)
+      const isUserScoped = !options.organisation_id && options.userId;
+      if (!isUserScoped && !options.organisation_id) {
+        throw new Error('organisation_id is required for file upload, or userId must be provided for user-scoped files');
       }
       if (!options.table_name) {
         throw new Error('table_name is required for file upload');
@@ -52,12 +53,25 @@ export class FileReferenceServiceImpl implements FileReferenceService {
         throw new Error('folder is required for file upload. The folder prop determines the storage path.');
       }
 
+      // For user-scoped files, we MUST use auth.uid() for the path to match RLS policies
+      // Get the authenticated user ID from the Supabase session
+      let authenticatedUserId: string | undefined = undefined;
+      if (isUserScoped) {
+        const { data: { user: authUser }, error: authError } = await this.supabase.auth.getUser();
+        if (authError || !authUser) {
+          throw new Error('User must be authenticated to upload user-scoped files');
+        }
+        authenticatedUserId = authUser.id;
+        log.debug('Using authenticated user ID for user-scoped file upload', { userId: authenticatedUserId });
+      }
+
       // Step 1: Upload file to storage bucket first
-      // This generates a unique path: {orgId}/{folder}/{timestamp-uuid-filename}
+      // This generates a unique path: {orgId}/{folder}/{timestamp-uuid-filename} or users/{auth.uid()}/{folder}/{timestamp-uuid-filename}
       // Bucket is automatically selected based on is_public flag
       const uploadResult = await uploadFile(this.supabase, file, {
         appName: 'file-reference',
-        orgId: options.organisation_id,
+        orgId: options.organisation_id || undefined,
+        userId: authenticatedUserId || (isUserScoped ? undefined : options.userId), // Use auth.uid() for user-scoped files
         isPublic: options.is_public || false,
         customPath: options.folder // Use folder prop as the custom path segment
       });
@@ -74,22 +88,25 @@ export class FileReferenceServiceImpl implements FileReferenceService {
       // Step 2: Extract file metadata (dimensions, hash, etc.)
       const metadata = await extractFileMetadata(file, {
         appName: 'file-reference',
-        orgId: options.organisation_id,
+        orgId: options.organisation_id || undefined,
+        userId: authenticatedUserId || (isUserScoped ? undefined : options.userId), // Use auth.uid() for user-scoped files
         isPublic: options.is_public || false
       }, 'system');
 
       // Step 3: Set organisation context in database session before creating file reference
-      // This ensures RLS policies can check the organisation context
-      await setOrganisationContext(this.supabase, options.organisation_id);
+      // Skip for user-scoped files (no org context needed)
+      if (!isUserScoped && options.organisation_id) {
+        await setOrganisationContext(this.supabase, options.organisation_id);
+      }
 
       // Step 4: Create file reference in database using RPC function
-      // This links the storage path to the record in file_references table
+      // This links the storage path to the record in core_file_references table
       const { data, error } = await this.supabase
         .rpc('data_file_reference_create', {
           p_table_name: options.table_name,
           p_record_id: options.record_id,
           p_file_path: filePath, // Storage path from step 1
-          p_organisation_id: options.organisation_id,
+          p_organisation_id: options.organisation_id ?? null,
           p_app_id: options.app_id,
           p_page_context: options.pageContext,
           p_event_id: options.event_id || null, // Pass event_id for event-based apps
@@ -101,7 +118,8 @@ export class FileReferenceServiceImpl implements FileReferenceService {
             ...metadata,
             ...options.custom_metadata
           },
-          p_is_public: options.is_public || false
+          p_is_public: options.is_public || false,
+          p_user_id: authenticatedUserId || options.userId || null // Pass authenticated user ID for user-scoped files
         });
 
       // Step 5: Rollback - if database insert fails, clean up uploaded file
@@ -119,7 +137,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
 
       // Get the created file reference
       const { data: fileRef, error: fetchError } = await this.supabase
-        .from('file_references')
+        .from('core_file_references')
         .select('id, table_name, record_id, file_path, file_metadata, organisation_id, app_id, is_public, created_at, updated_at')
         .eq('id', data)
         .single();
@@ -131,10 +149,11 @@ export class FileReferenceServiceImpl implements FileReferenceService {
       }
 
       // Invalidate cache for this file display entry so newly uploaded files appear immediately
+      // For user-scoped files, pass null for organisation_id
       invalidateFileDisplayCache(
         options.table_name,
         options.record_id,
-        options.organisation_id,
+        options.organisation_id || null,
         options.category
       );
 
@@ -145,15 +164,22 @@ export class FileReferenceServiceImpl implements FileReferenceService {
     }
   }
 
-  async getFileReference(table_name: string, record_id: string, organisation_id: string): Promise<FileReference | null> {
+  async getFileReference(table_name: string, record_id: string, organisation_id?: string): Promise<FileReference | null> {
     try {
-      const { data, error } = await this.supabase
-        .from('file_references')
+      let query = this.supabase
+        .from('core_file_references')
         .select('id, table_name, record_id, file_path, file_metadata, organisation_id, app_id, is_public, created_at, updated_at')
         .eq('table_name', table_name)
-        .eq('record_id', record_id)
-        .eq('organisation_id', organisation_id)
-        .single();
+        .eq('record_id', record_id);
+      
+      // Handle NULL organisation_id for user-owned files
+      if (organisation_id === null || organisation_id === undefined) {
+        query = query.is('organisation_id', null);
+      } else {
+        query = query.eq('organisation_id', organisation_id);
+      }
+      
+      const { data, error } = await query.single();
 
       if (error) {
         if (error.code === 'PGRST116') {
@@ -169,7 +195,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
     }
   }
 
-  async getFileUrl(table_name: string, record_id: string, organisation_id: string): Promise<string | null> {
+  async getFileUrl(table_name: string, record_id: string, organisation_id?: string): Promise<string | null> {
     try {
       // Get file reference to check if it's public
       const fileRef = await this.getFileReference(table_name, record_id, organisation_id);
@@ -202,14 +228,14 @@ export class FileReferenceServiceImpl implements FileReferenceService {
     }
   }
 
-  async getSignedUrl(table_name: string, record_id: string, organisation_id: string, expires_in: number = 3600): Promise<string | null> {
+  async getSignedUrl(table_name: string, record_id: string, organisation_id?: string, expires_in: number = 3600): Promise<string | null> {
     try {
       // Get file path from RPC function
       const { data: filePath, error } = await this.supabase
         .rpc('data_file_reference_signed_url_get', {
           p_table_name: table_name,
           p_record_id: record_id,
-          p_organisation_id: organisation_id,
+          p_organisation_id: organisation_id ?? null,
           p_expires_in: expires_in
         });
 
@@ -225,6 +251,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
       const signedUrlResult = await getSignedUrl(this.supabase, filePath, {
         appName: 'file-reference',
         orgId: organisation_id,
+        userId: organisation_id ? undefined : record_id,
         expiresIn: expires_in
       });
 
@@ -238,7 +265,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
   async updateFileReference(id: string, updates: Partial<FileReference>): Promise<FileReference> {
     try {
       const { data, error } = await this.supabase
-        .from('file_references')
+        .from('core_file_references')
         .update(updates)
         .eq('id', id)
         .select()
@@ -255,7 +282,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
     }
   }
 
-  async deleteFileReference(table_name: string, record_id: string, organisation_id: string, delete_file: boolean = false): Promise<boolean> {
+  async deleteFileReference(table_name: string, record_id: string, organisation_id?: string, delete_file: boolean = false): Promise<boolean> {
     try {
       // Get file reference first to determine bucket
       const fileRef = await this.getFileReference(table_name, record_id, organisation_id);
@@ -264,7 +291,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
         .rpc('data_file_reference_delete', {
           p_table_name: table_name,
           p_record_id: record_id,
-          p_organisation_id: organisation_id,
+          p_organisation_id: organisation_id ?? null,
           p_delete_file: delete_file
         });
 
@@ -284,13 +311,13 @@ export class FileReferenceServiceImpl implements FileReferenceService {
     }
   }
 
-  async listFileReferences(table_name: string, record_id: string, organisation_id: string): Promise<FileReference[]> {
+  async listFileReferences(table_name: string, record_id: string, organisation_id?: string): Promise<FileReference[]> {
     try {
       const { data, error } = await this.supabase
         .rpc('data_file_reference_list', {
           p_table_name: table_name,
           p_record_id: record_id,
-          p_organisation_id: organisation_id
+          p_organisation_id: organisation_id ?? null
         });
 
       if (error) {
@@ -331,7 +358,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
               fileType,
               ...(item.file_metadata || {}),
             } as FileMetadata,
-            organisation_id: organisation_id,
+            organisation_id: organisation_id ?? null,
             app_id: item.file_metadata?.app_id ? assertAppId(item.file_metadata.app_id) : assertAppId(''), // May not be in metadata, use empty string
             is_public: item.is_public ?? false,
             created_at: item.created_at || new Date().toISOString(),
@@ -347,13 +374,13 @@ export class FileReferenceServiceImpl implements FileReferenceService {
     }
   }
 
-  async getFileCount(table_name: string, record_id: string, organisation_id: string): Promise<number> {
+  async getFileCount(table_name: string, record_id: string, organisation_id?: string): Promise<number> {
     try {
       const { data, error } = await this.supabase
         .rpc('data_file_reference_count_get', {
           p_table_name: table_name,
           p_record_id: record_id,
-          p_organisation_id: organisation_id
+          p_organisation_id: organisation_id ?? null
         });
 
       if (error) {
@@ -367,12 +394,12 @@ export class FileReferenceServiceImpl implements FileReferenceService {
     }
   }
 
-  async getFileReferenceById(id: string, organisation_id: string): Promise<FileReference | null> {
+  async getFileReferenceById(id: string, organisation_id?: string): Promise<FileReference | null> {
     try {
       const { data, error } = await this.supabase
         .rpc('data_file_reference_get', {
           p_file_reference_id: id,
-          p_organisation_id: organisation_id
+          p_organisation_id: organisation_id ?? null
         });
 
       if (error) {
@@ -394,7 +421,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
     table_name: string, 
     record_id: string, 
     category: FileCategory, 
-    organisation_id: string
+    organisation_id?: string
   ): Promise<FileReference[]> {
     try {
       // CRITICAL: Use RPC function to get files by category - this correctly filters on file_metadata->>'category'
@@ -405,7 +432,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
           p_table_name: table_name,
           p_record_id: record_id,
           p_category: category,
-          p_organisation_id: organisation_id
+          p_organisation_id: organisation_id ?? null
         });
 
       if (error) {
@@ -471,7 +498,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
               category: (item.file_metadata?.category as FileCategory) || FileCategory.GENERAL_DOCUMENTS,
               ...(item.file_metadata || {}),
             } as FileMetadata,
-            organisation_id: organisation_id,
+            organisation_id: organisation_id ?? null,
             app_id: item.file_metadata?.app_id ? assertAppId(item.file_metadata.app_id) : assertAppId(''), // May not be in metadata, use empty string
             is_public: item.is_public ?? false,
             created_at: item.created_at || new Date().toISOString(),
@@ -542,11 +569,12 @@ export async function uploadFileWithReference(
   const service = createFileReferenceService(supabase);
   const fileReference = await service.createFileReference(options, file);
   
-  const fileUrl = options.is_public 
+    const fileUrl = options.is_public 
     ? getPublicUrl(supabase, fileReference.file_path, true)
     : await getSignedUrl(supabase, fileReference.file_path, { 
         appName: 'file-reference',
-        orgId: options.organisation_id,
+        orgId: options.organisation_id || undefined,
+        userId: options.userId || undefined,
         expiresIn: 3600 
       });
 

package/src/utils/google-places/googlePlacesUtils.test.ts

@@ -14,6 +14,7 @@ import {
   getAddressByPlaceId,
 } from './googlePlacesUtils';
 import { clearInFlightRequests } from '../request-deduplication';
+import { loadGoogleMapsScript, isGoogleMapsLoaded } from './loadGoogleMapsScript';
 import type { GoogleAddressComponent } from './types';
 
 // Mock loadGoogleMapsScript
@@ -62,6 +63,10 @@ const mockPlacesService = {
   getDetails: vi.fn(),
 };
 
+const mockAutocompleteSuggestion = {
+  fetchAutocompleteSuggestions: vi.fn(),
+};
+
 // Setup global window.google mock before any tests
 const setupGoogleMapsMock = () => {
   const googleMapsMock = {
@@ -69,6 +74,7 @@ const setupGoogleMapsMock = () => {
       places: {
         AutocompleteService: vi.fn(() => mockAutocompleteService),
         PlacesService: vi.fn(() => mockPlacesService),
+        AutocompleteSuggestion: undefined as any,
         PlacesServiceStatus: {
           OK: 'OK',
           ZERO_RESULTS: 'ZERO_RESULTS',
@@ -105,9 +111,11 @@ describe('Google Places API Utilities', () => {
   beforeEach(() => {
     vi.clearAllMocks();
     clearInFlightRequests();
+    setupGoogleMapsMock();
     // Reset mocks
     mockAutocompleteService.getPlacePredictions.mockClear();
     mockPlacesService.getDetails.mockClear();
+    mockAutocompleteSuggestion.fetchAutocompleteSuggestions.mockReset();
   });
 
   afterEach(() => {
@@ -200,6 +208,96 @@ describe('Google Places API Utilities', () => {
       expect(callArgs.types).toEqual(['address']);
       expect(callArgs.language).toBe('en');
     }, { timeout: 5000 });
+
+    it('uses the new AutocompleteSuggestion API when available', async () => {
+      const fetchMock = mockAutocompleteSuggestion.fetchAutocompleteSuggestions;
+      (window as any).google.maps.places.AutocompleteSuggestion = mockAutocompleteSuggestion as any;
+
+      fetchMock.mockResolvedValue({
+        suggestions: [
+          {
+            placePrediction: {
+              placeId: 'place-new',
+              text: { text: 'Main St', matches: [] },
+              structuredFormat: {
+                mainText: { text: 'Main St' },
+                secondaryText: { text: 'Melbourne' },
+              },
+            },
+          },
+        ],
+      });
+
+      const result = await fetchPlaceAutocomplete('Main', mockApiKey);
+
+      expect(fetchMock).toHaveBeenCalledWith({ input: 'Main' });
+      expect(result).toEqual([
+        {
+          description: 'Main St',
+          place_id: 'place-new',
+          structured_formatting: {
+            main_text: 'Main St',
+            secondary_text: 'Melbourne',
+          },
+        },
+      ]);
+      expect(mockAutocompleteService.getPlacePredictions).not.toHaveBeenCalled();
+    });
+
+    it('surface errors from the new AutocompleteSuggestion API', async () => {
+      (window as any).google.maps.places.AutocompleteSuggestion = mockAutocompleteSuggestion as any;
+      mockAutocompleteSuggestion.fetchAutocompleteSuggestions.mockRejectedValue(new Error('network down'));
+
+      await expect(fetchPlaceAutocomplete('Main', mockApiKey)).rejects.toThrow(
+        'Failed to fetch autocomplete predictions: network down'
+      );
+    });
+
+    it('loads Google Maps script when not already available', async () => {
+      const mockedLoadScript = vi.mocked(loadGoogleMapsScript);
+      const mockedIsLoaded = vi.mocked(isGoogleMapsLoaded);
+
+      mockedIsLoaded.mockReturnValueOnce(false);
+      mockedLoadScript.mockResolvedValueOnce();
+
+      (window as any).google.maps.places.AutocompleteSuggestion = mockAutocompleteSuggestion as any;
+      mockAutocompleteSuggestion.fetchAutocompleteSuggestions.mockResolvedValue({ suggestions: [] });
+
+      await fetchPlaceAutocomplete('123 Main', mockApiKey);
+
+      expect(mockedLoadScript).toHaveBeenCalledWith(mockApiKey, 'places');
+    });
+
+    it('deduplicates simultaneous autocomplete requests', async () => {
+      vi.useFakeTimers();
+
+      mockAutocompleteService.getPlacePredictions.mockImplementation((request, callback) => {
+        setTimeout(() => {
+          callback(
+            [
+              {
+                description: 'First',
+                place_id: 'place-1',
+                structured_formatting: { main_text: 'First', secondary_text: '' },
+              },
+            ],
+            'OK'
+          );
+        }, 10);
+      });
+
+      const promise1 = fetchPlaceAutocomplete('duplicate', mockApiKey);
+      const promise2 = fetchPlaceAutocomplete('duplicate', mockApiKey);
+
+      vi.runAllTimers();
+
+      const [result1, result2] = await Promise.all([promise1, promise2]);
+
+      expect(mockAutocompleteService.getPlacePredictions).toHaveBeenCalledTimes(1);
+      expect(result1).toEqual(result2);
+
+      vi.useRealTimers();
+    });
   });
 
   describe('fetchPlaceDetails', () => {

package/src/utils/google-places/googlePlacesUtils.ts

@@ -411,7 +411,7 @@ export function parseAddressComponents(
  * Create parsed address from Google Places API place result
  *
  * @param place - Place result from Google Places Details API
- * @returns Parsed address matching pace_address table structure
+ * @returns Parsed address matching core_address table structure
  */
 export function createAddressFromPlaceResult(
   place: {

package/src/utils/google-places/loadGoogleMapsScript.test.ts

@@ -0,0 +1,83 @@
+/**
+ * @file Google Maps Script Loader Tests
+ * @package @jmruthers/pace-core
+ * @module Utils/GooglePlaces/__tests__
+ * @since 0.1.0
+ */
+
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
+import { isGoogleMapsLoaded, loadGoogleMapsScript } from './loadGoogleMapsScript';
+
+describe('loadGoogleMapsScript', () => {
+  const originalGoogle = (window as any).google;
+
+  beforeEach(() => {
+    (window as any).google = undefined;
+    document.head.innerHTML = '';
+  });
+
+  afterEach(() => {
+    (window as any).google = originalGoogle;
+    document.head.innerHTML = '';
+  });
+
+  it('detects when Google Maps is loaded', () => {
+    expect(isGoogleMapsLoaded()).toBe(false);
+
+    (window as any).google = { maps: { places: {} } };
+
+    expect(isGoogleMapsLoaded()).toBe(true);
+  });
+
+  it('resolves immediately when Maps is already available', async () => {
+    (window as any).google = { maps: { places: {} } };
+    const appendSpy = vi.spyOn(document.head, 'appendChild');
+
+    await expect(loadGoogleMapsScript('ready-key')).resolves.toBeUndefined();
+
+    expect(appendSpy).not.toHaveBeenCalled();
+  });
+
+  it('loads the script and resolves after the library initializes', async () => {
+    const appendSpy = vi.spyOn(document.head, 'appendChild');
+
+    const loadPromise = loadGoogleMapsScript('api-key');
+
+    expect(appendSpy).toHaveBeenCalledTimes(1);
+    const scriptEl = appendSpy.mock.calls[0][0] as HTMLScriptElement;
+    expect(scriptEl.src).toContain('key=api-key');
+
+    (window as any).google = { maps: { places: {} } };
+    scriptEl.onload?.(new Event('load'));
+
+    await expect(loadPromise).resolves.toBeUndefined();
+  });
+
+  it('reuses an existing script element', async () => {
+    const existingScript = document.createElement('script');
+    existingScript.src = 'https://maps.googleapis.com/maps/api/js?key=existing&libraries=places&loading=async';
+    document.head.appendChild(existingScript);
+
+    const appendSpy = vi.spyOn(document.head, 'appendChild');
+
+    const loadPromise = loadGoogleMapsScript('new-key');
+
+    (window as any).google = { maps: { places: {} } };
+    existingScript.dispatchEvent(new Event('load'));
+
+    await expect(loadPromise).resolves.toBeUndefined();
+    expect(appendSpy).not.toHaveBeenCalled();
+  });
+
+  it('rejects when the script fails to load', async () => {
+    const appendSpy = vi.spyOn(document.head, 'appendChild');
+
+    const loadPromise = loadGoogleMapsScript('bad-key');
+    const scriptEl = appendSpy.mock.calls[0][0] as HTMLScriptElement;
+
+    scriptEl.onerror?.(new Event('error'));
+
+    await expect(loadPromise).rejects.toThrow('Failed to load Google Maps script');
+  });
+});
+

package/src/utils/google-places/types.ts

@@ -61,7 +61,7 @@ export interface GooglePlaceDetailsResponse {
 }
 
 /**
- * Parsed address matching pace_address table structure
+ * Parsed address matching core_address table structure
  */
 export interface ParsedAddress {
   place_id: string;

package/src/utils/request-deduplication.ts

@@ -53,10 +53,10 @@ export function generateRequestKey(
  * @example
  * ```ts
  * const data = await getOrCreateRequest(
- *   'GET:pace_person:{"user_id":"123"}',
+ *   'GET:core_person:{"user_id":"123"}',
  *   async () => {
  *     const { data } = await supabase
- *       .from('pace_person')
+ *       .from('core_person')
  *       .select('id, first_name')
  *       .eq('user_id', '123')
  *       .single();
@@ -138,12 +138,12 @@ export function getInFlightRequestStats(): {
  * ```ts
  * const person = await deduplicatedQuery(
  *   supabase,
- *   'pace_person',
+ *   'core_person',
  *   { user_id: userId },
  *   'id, first_name, last_name',
  *   async () => {
  *     const { data } = await supabase
- *       .from('pace_person')
+ *       .from('core_person')
  *       .select('id, first_name, last_name')
  *       .eq('user_id', userId)
  *       .single();

package/src/utils/security/secureDataAccess.test.ts

@@ -100,7 +100,7 @@ describe('secureDataAccess', () => {
 
       describe('ensureOrganisationColumn', () => {
         it('should return true for tables with organisation_id column', () => {
-          expect(secureDataAccess.ensureOrganisationColumn('event')).toBe(true);
+          expect(secureDataAccess.ensureOrganisationColumn('core_events')).toBe(true);
           expect(secureDataAccess.ensureOrganisationColumn('organisation_settings')).toBe(true);
           expect(secureDataAccess.ensureOrganisationColumn('rbac_event_app_roles')).toBe(true);
         });

package/src/utils/security/secureDataAccess.ts

@@ -94,15 +94,18 @@ export const createSecureDataAccess = (
   const ensureOrganisationColumn = (table: string): boolean => {
     // This is a simplified check - in production you might want to cache this
     const tablesWithOrganisation = [
-      'event',  'organisation_settings',
+      'core_events',  'organisation_settings',
       'rbac_event_app_roles', 'rbac_organisation_roles',
       // SECURITY: Phase 2 additions - complete organisation table mapping
       'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',
       // SECURITY: Emergency additions for Phase 1 fixes
-      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',
+      'cake_meal', 'cake_mealtype', 'core_person', 'pace_person',
+      // NOTE: core_member, medi_profile, core_contact, core_consent, core_identification, core_qualification
+      // are now person-scoped (not organisation-scoped) - removed from this list
       // SECURITY: Phase 3A additions - medical and personal data
-      'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',
-      'pace_consent', 'pace_contact', 'pace_identification', 'pace_identification_type', 'pace_qualification',
+      // NOTE: medi_condition, medi_diet, medi_action_plan, medi_profile_versions are now person-scoped
+      // (via medi_profile) - removed from this list
+      // core_identification_type remains organisation-scoped (lookup table)
       'form_responses', 'form_response_values', 'forms',
       // SECURITY: Phase 3B additions - remaining critical tables
       'invoice', 'line_item', 'credit_balance', 'payment_method',

package/src/utils/storage/README.md

@@ -342,7 +342,7 @@ Enable debug logging by checking the browser console for detailed information ab
 ```typescript
 // Check file reference status
 const { data } = await supabase
-  .from('file_references')
+  .from('core_file_references')
   .select('*')
   .eq('table_name', 'person')
   .eq('record_id', recordId)

package/src/utils/storage/helpers.test.ts

@@ -60,7 +60,7 @@ describe('[utility] Storage Helpers', () => {
 
     it('validates required orgId', () => {
       expect(() => generateFilePath({ orgId: '' } as any, 'test.jpg'))
-        .toThrow('orgId is required for file path generation');
+        .toThrow('Either orgId or userId is required for file path generation');
     });
 
     it('handles special characters in file names', () => {