npm - @jmruthers/pace-core - Versions diffs - 0.5.190 → 0.5.193 - Mend

@jmruthers/pace-core 0.5.190 → 0.5.193

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (334) hide show

package/dist/{AuthService-CbP_utw2.d.ts → AuthService-DjnJHDtC.d.ts} +1 -0
package/dist/{DataTable-ON3IXISJ.js → DataTable-5FU7IESH.js} +7 -6
package/dist/{DataTable-IVYljGJ6.d.ts → DataTable-Be6dH_dR.d.ts} +1 -1
package/dist/{PublicPageProvider-C4uxosp6.d.ts → PublicPageProvider-C0Sm_e5k.d.ts} +4 -2
package/dist/{UnifiedAuthProvider-BYA9qB-o.d.ts → UnifiedAuthProvider-185Ih4dj.d.ts} +2 -0
package/dist/{UnifiedAuthProvider-X5NXANVI.js → UnifiedAuthProvider-RGJTDE2C.js} +3 -3
package/dist/{api-I6UCQ5S6.js → api-N774RPUA.js} +2 -2
package/dist/chunk-6C4YBBJM 5.js +628 -0
package/dist/chunk-7D4SUZUM.js 2.map +1 -0
package/dist/{chunk-73HSNNOQ.js → chunk-7EQTDTTJ.js} +47 -74
package/dist/chunk-7EQTDTTJ.js 2.map +1 -0
package/dist/chunk-7EQTDTTJ.js.map +1 -0
package/dist/{chunk-J2XXC7R5.js → chunk-7FLMSG37.js} +409 -244
package/dist/chunk-7FLMSG37.js 2.map +1 -0
package/dist/chunk-7FLMSG37.js.map +1 -0
package/dist/{chunk-NIU6J6OX.js → chunk-BC4IJKSL.js} +23 -32
package/dist/chunk-BC4IJKSL.js.map +1 -0
package/dist/{chunk-SDMHPX3X.js → chunk-E3SPN4VZ 5.js } +198 -53
package/dist/chunk-E3SPN4VZ.js +12917 -0
package/dist/{chunk-SDMHPX3X.js.map → chunk-E3SPN4VZ.js.map} +1 -1
package/dist/chunk-E66EQZE6 5.js +37 -0
package/dist/chunk-E66EQZE6.js 2.map +1 -0
package/dist/{chunk-DZWK57KZ.js → chunk-G37KK66H.js} +1 -1
package/dist/{chunk-DZWK57KZ.js.map → chunk-G37KK66H.js.map} +1 -1
package/dist/{chunk-STYK4OH2.js → chunk-HWIIPPNI.js} +44 -225
package/dist/chunk-HWIIPPNI.js.map +1 -0
package/dist/chunk-I7PSE6JW 5.js +191 -0
package/dist/chunk-I7PSE6JW.js 2.map +1 -0
package/dist/{chunk-Y4BUBBHD.js → chunk-IIELH4DL.js} +211 -136
package/dist/chunk-IIELH4DL.js.map +1 -0
package/dist/{chunk-RUYZKXOD.js → chunk-KNC55RTG.js} +17 -5
package/dist/chunk-KNC55RTG.js 5.map +1 -0
package/dist/chunk-KNC55RTG.js.map +1 -0
package/dist/chunk-KQCRWDSA.js 5.map +1 -0
package/dist/{chunk-4QYC5L4K.js → chunk-LFNCN2SP.js} +26 -30
package/dist/chunk-LFNCN2SP.js 2.map +1 -0
package/dist/chunk-LFNCN2SP.js.map +1 -0
package/dist/chunk-LMC26NLJ 2.js +84 -0
package/dist/{chunk-VVBAW5A5.js → chunk-NOAYCWCX 5.js } +118 -110
package/dist/chunk-NOAYCWCX.js +4993 -0
package/dist/chunk-NOAYCWCX.js.map +1 -0
package/dist/chunk-QWWZ5CAQ.js 3.map +1 -0
package/dist/chunk-QXHPKYJV 3.js +113 -0
package/dist/chunk-R77UEZ4E 3.js +68 -0
package/dist/chunk-VBXEHIUJ.js 6.map +1 -0
package/dist/{chunk-HQVPB5MZ.js → chunk-XNXXZ43G.js} +77 -33
package/dist/chunk-XNXXZ43G.js.map +1 -0
package/dist/chunk-ZSAAAMVR 6.js +25 -0
package/dist/components.d.ts +4 -4
package/dist/components.js +8 -8
package/dist/components.js 5.map +1 -0
package/dist/{database.generated-DI89OQeI.d.ts → database.generated-CzIvgcPu.d.ts} +165 -201
package/dist/hooks.d.ts +12 -12
package/dist/hooks.js +9 -9
package/dist/index.d.ts +11 -11
package/dist/index.js +20 -27
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +3 -3
package/dist/providers.js +2 -2
package/dist/rbac/index.d.ts +2 -20
package/dist/rbac/index.js +7 -9
package/dist/styles/index 2.js +12 -0
package/dist/styles/index.js 5.map +1 -0
package/dist/theming/runtime 5.js +19 -0
package/dist/theming/runtime.js 5.map +1 -0
package/dist/{types-Bwgl--Xo.d.ts → types-CEpcvwwF.d.ts} +1 -1
package/dist/types.d.ts +2 -2
package/dist/{usePublicRouteParams-DxIDS4bC.d.ts → usePublicRouteParams-TZe0gy-4.d.ts} +1 -1
package/dist/utils.d.ts +8 -8
package/dist/utils.js +2 -2
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +1 -1
package/docs/api/classes/Logger.md +1 -1
package/docs/api/classes/MissingUserContextError.md +1 -1
package/docs/api/classes/OrganisationContextRequiredError.md +1 -1
package/docs/api/classes/PermissionDeniedError.md +2 -2
package/docs/api/classes/RBACAuditManager.md +2 -2
package/docs/api/classes/RBACCache.md +1 -1
package/docs/api/classes/RBACEngine.md +2 -2
package/docs/api/classes/RBACError.md +1 -1
package/docs/api/classes/RBACNotInitializedError.md +1 -1
package/docs/api/classes/SecureSupabaseClient.md +10 -10
package/docs/api/classes/StorageUtils.md +1 -1
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/enums/LogLevel.md +1 -1
package/docs/api/enums/RBACErrorCode.md +1 -1
package/docs/api/enums/RPCFunction.md +1 -1
package/docs/api/interfaces/AddressFieldProps.md +1 -1
package/docs/api/interfaces/AddressFieldRef.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/AutocompleteOptions.md +1 -1
package/docs/api/interfaces/AvatarProps.md +1 -1
package/docs/api/interfaces/BadgeProps.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CalendarProps.md +1 -1
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/ComplianceResult.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +1 -1
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/DatabaseComplianceResult.md +1 -1
package/docs/api/interfaces/DatabaseIssue.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventAppRoleData.md +1 -1
package/docs/api/interfaces/ExportColumn.md +1 -1
package/docs/api/interfaces/ExportOptions.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +24 -11
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +1 -1
package/docs/api/interfaces/FileUploadProps.md +1 -1
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/FormFieldProps.md +1 -1
package/docs/api/interfaces/FormProps.md +1 -1
package/docs/api/interfaces/GrantEventAppRoleParams.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoggerConfig.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +2 -2
package/docs/api/interfaces/NavigationContextType.md +1 -1
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +1 -1
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +1 -1
package/docs/api/interfaces/PagePermissionContextType.md +1 -1
package/docs/api/interfaces/PagePermissionGuardProps.md +2 -2
package/docs/api/interfaces/PagePermissionProviderProps.md +1 -1
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/ParsedAddress.md +2 -2
package/docs/api/interfaces/PermissionEnforcerProps.md +4 -4
package/docs/api/interfaces/ProgressProps.md +1 -1
package/docs/api/interfaces/ProtectedRouteProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/QuickFix.md +1 -1
package/docs/api/interfaces/RBACAccessValidateParams.md +1 -1
package/docs/api/interfaces/RBACAccessValidateResult.md +1 -1
package/docs/api/interfaces/RBACAuditLogParams.md +1 -1
package/docs/api/interfaces/RBACAuditLogResult.md +1 -1
package/docs/api/interfaces/RBACConfig.md +2 -2
package/docs/api/interfaces/RBACContext.md +1 -1
package/docs/api/interfaces/RBACLogger.md +1 -1
package/docs/api/interfaces/RBACPageAccessCheckParams.md +1 -1
package/docs/api/interfaces/RBACPerformanceMetrics.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckParams.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckResult.md +2 -2
package/docs/api/interfaces/RBACPermissionsGetParams.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetResult.md +1 -1
package/docs/api/interfaces/RBACResult.md +1 -1
package/docs/api/interfaces/RBACRoleGrantParams.md +2 -2
package/docs/api/interfaces/RBACRoleGrantResult.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeParams.md +2 -2
package/docs/api/interfaces/RBACRoleRevokeResult.md +1 -1
package/docs/api/interfaces/RBACRoleValidateParams.md +2 -2
package/docs/api/interfaces/RBACRoleValidateResult.md +1 -1
package/docs/api/interfaces/RBACRolesListParams.md +1 -1
package/docs/api/interfaces/RBACRolesListResult.md +2 -2
package/docs/api/interfaces/RBACSessionTrackParams.md +1 -1
package/docs/api/interfaces/RBACSessionTrackResult.md +1 -1
package/docs/api/interfaces/ResourcePermissions.md +1 -1
package/docs/api/interfaces/RevokeEventAppRoleParams.md +1 -1
package/docs/api/interfaces/RoleBasedRouterContextType.md +1 -1
package/docs/api/interfaces/RoleBasedRouterProps.md +1 -1
package/docs/api/interfaces/RoleManagementResult.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +2 -2
package/docs/api/interfaces/RouteConfig.md +2 -2
package/docs/api/interfaces/RuntimeComplianceResult.md +1 -1
package/docs/api/interfaces/SecureDataContextType.md +1 -1
package/docs/api/interfaces/SecureDataProviderProps.md +1 -1
package/docs/api/interfaces/SessionRestorationLoaderProps.md +1 -1
package/docs/api/interfaces/SetupIssue.md +1 -1
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/TabsContentProps.md +1 -1
package/docs/api/interfaces/TabsListProps.md +1 -1
package/docs/api/interfaces/TabsProps.md +1 -1
package/docs/api/interfaces/TabsTriggerProps.md +1 -1
package/docs/api/interfaces/TextareaProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +60 -38
package/docs/api/interfaces/UnifiedAuthProviderProps.md +13 -13
package/docs/api/interfaces/UseFormDialogOptions.md +1 -1
package/docs/api/interfaces/UseFormDialogReturn.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +2 -2
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +2 -2
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +2 -2
package/docs/api/interfaces/UseResolvedScopeReturn.md +1 -1
package/docs/api/interfaces/UseResourcePermissionsOptions.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +1 -1
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +202 -217
package/docs/migration/README.md +18 -0
package/docs/migration/database-changes-december-2025.md +768 -0
package/docs/migration/person-scoped-profiles-migration-guide.md +472 -0
package/docs/rbac/event-based-apps.md +124 -6
package/package.json +1 -1
package/scripts/check-pace-core-compliance.cjs +292 -57
package/src/__tests__/public-recipe-view.test.ts +10 -10
package/src/__tests__/rls-policies.test.ts +16 -14
package/src/components/AddressField/README.md +6 -6
package/src/components/DataTable/__tests__/DataTable.default-state.test.tsx +172 -45
package/src/components/DataTable/__tests__/DataTable.grouping-aggregation.test.tsx +121 -28
package/src/components/DataTable/__tests__/DataTableCore.test-setup.ts +9 -8
package/src/components/DataTable/__tests__/DataTableCore.test.tsx +20 -52
package/src/components/DataTable/__tests__/a11y.basic.test.tsx +170 -34
package/src/components/DataTable/__tests__/keyboard.test.tsx +75 -12
package/src/components/DataTable/__tests__/pagination.modes.test.tsx +75 -11
package/src/components/DataTable/components/UnifiedTableBody.tsx +85 -14
package/src/components/DataTable/hooks/useDataTablePermissions.ts +75 -10
package/src/components/FileDisplay/FileDisplay.test.tsx +2 -1
package/src/components/FileDisplay/FileDisplay.tsx +16 -4
package/src/components/NavigationMenu/NavigationMenu.test.tsx +6 -4
package/src/components/NavigationMenu/NavigationMenu.tsx +1 -10
package/src/components/OrganisationSelector/OrganisationSelector.tsx +35 -16
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +25 -2
package/src/components/PaceAppLayout/PaceAppLayout.tsx +97 -68
package/src/components/PaceLoginPage/PaceLoginPage.tsx +0 -7
package/src/components/ProtectedRoute/ProtectedRoute.test.tsx +5 -9
package/src/components/ProtectedRoute/ProtectedRoute.tsx +0 -1
package/src/components/PublicLayout/PublicPageProvider.tsx +0 -1
package/src/components/Select/Select.test.tsx +4 -1
package/src/components/Select/Select.tsx +60 -15
package/src/hooks/__tests__/usePermissionCache.simple.test.ts +192 -0
package/src/hooks/__tests__/usePermissionCache.unit.test.ts +741 -0
package/src/hooks/__tests__/usePublicEvent.simple.test.ts +703 -0
package/src/hooks/__tests__/usePublicEvent.unit.test.ts +581 -0
package/src/hooks/__tests__/useSecureDataAccess.unit.test.tsx +23 -15
package/src/hooks/public/usePublicEvent.ts +8 -8
package/src/hooks/public/usePublicFileDisplay.ts +2 -2
package/src/hooks/services/useAuthService.ts +21 -3
package/src/hooks/services/useEventService.ts +21 -3
package/src/hooks/services/useInactivityService.ts +21 -3
package/src/hooks/services/useOrganisationService.ts +21 -3
package/src/hooks/useFileDisplay.ts +18 -26
package/src/hooks/useQueryCache.ts +6 -6
package/src/hooks/useSecureDataAccess.test.ts +24 -17
package/src/hooks/useSecureDataAccess.ts +18 -13
package/src/providers/__tests__/OrganisationProvider.test.tsx +27 -21
package/src/providers/services/EventServiceProvider.tsx +0 -8
package/src/providers/services/UnifiedAuthProvider.tsx +174 -24
package/src/rbac/__tests__/adapters.comprehensive.test.tsx +10 -16
package/src/rbac/__tests__/isSuperAdmin.real.test.ts +82 -0
package/src/rbac/adapters.tsx +3 -22
package/src/rbac/api.test.ts +2 -2
package/src/rbac/api.ts +7 -1
package/src/rbac/components/EnhancedNavigationMenu.tsx +2 -15
package/src/rbac/components/NavigationGuard.tsx +1 -10
package/src/rbac/components/NavigationProvider.tsx +0 -1
package/src/rbac/components/PermissionEnforcer.tsx +45 -12
package/src/rbac/components/SecureDataProvider.tsx +0 -1
package/src/rbac/components/__tests__/EnhancedNavigationMenu.test.tsx +7 -43
package/src/rbac/components/__tests__/NavigationGuard.test.tsx +4 -11
package/src/rbac/components/__tests__/NavigationProvider.test.tsx +3 -3
package/src/rbac/components/__tests__/SecureDataProvider.fixed.test.tsx +1 -1
package/src/rbac/components/__tests__/SecureDataProvider.test.tsx +1 -1
package/src/rbac/engine.ts +14 -2
package/src/rbac/hooks/index.ts +0 -3
package/src/rbac/hooks/usePermissions.ts +51 -11
package/src/rbac/hooks/useRBAC.simple.test.ts +95 -0
package/src/rbac/hooks/useRBAC.ts +3 -13
package/src/rbac/hooks/useResolvedScope.test.ts +75 -54
package/src/rbac/hooks/useResolvedScope.ts +58 -33
package/src/rbac/hooks/useSecureSupabase.ts +4 -9
package/src/rbac/secureClient.ts +31 -0
package/src/rbac/utils/__tests__/eventContext.test.ts +2 -2
package/src/rbac/utils/__tests__/eventContext.unit.test.ts +490 -0
package/src/rbac/utils/eventContext.ts +5 -2
package/src/services/AuthService.ts +37 -8
package/src/services/EventService.ts +4 -57
package/src/services/InactivityService.ts +127 -34
package/src/services/OrganisationService.ts +160 -149
package/src/services/__tests__/OrganisationService.pagination.test.ts +34 -8
package/src/services/__tests__/OrganisationService.test.ts +218 -86
package/src/types/database.generated.ts +166 -201
package/src/types/supabase.ts +2 -2
package/src/utils/__tests__/secureDataAccess.unit.test.ts +3 -2
package/src/utils/file-reference/index.ts +4 -4
package/src/utils/google-places/googlePlacesUtils.ts +1 -1
package/src/utils/google-places/types.ts +1 -1
package/src/utils/request-deduplication.ts +4 -4
package/src/utils/security/secureDataAccess.test.ts +1 -1
package/src/utils/security/secureDataAccess.ts +7 -4
package/src/utils/storage/README.md +1 -1
package/dist/chunk-4QYC5L4K.js.map +0 -1
package/dist/chunk-73HSNNOQ.js.map +0 -1
package/dist/chunk-HQVPB5MZ.js.map +0 -1
package/dist/chunk-J2XXC7R5.js.map +0 -1
package/dist/chunk-NIU6J6OX.js.map +0 -1
package/dist/chunk-RUYZKXOD.js.map +0 -1
package/dist/chunk-STYK4OH2.js.map +0 -1
package/dist/chunk-VVBAW5A5.js.map +0 -1
package/dist/chunk-Y4BUBBHD.js.map +0 -1
package/scripts/check-pace-core-compliance.js +0 -512
package/src/rbac/hooks/useSuperAdminBypass.ts +0 -126
package/src/utils/context/superAdminOverride.ts +0 -58
/package/dist/{DataTable-ON3IXISJ.js.map → DataTable-5FU7IESH.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-X5NXANVI.js.map → UnifiedAuthProvider-RGJTDE2C.js.map} +0 -0
/package/dist/{api-I6UCQ5S6.js.map → api-N774RPUA.js.map} +0 -0

package/src/components/PaceAppLayout/PaceAppLayout.tsx CHANGED Viewed

@@ -103,10 +103,10 @@ import { useUnifiedAuth } from '../../providers/services/UnifiedAuthProvider';
 import { useOrganisations } from '../../hooks/useOrganisations';
 import { useEvents } from '../../hooks/useEvents';
 import { useEventTheme } from '../../hooks/useEventTheme';
-import { useCan, useResolvedScope } from '../../rbac/hooks';
+import { useCan, useResolvedScope, useRBAC } from '../../rbac/hooks';
 import { createScopeFromEvent } from '../../rbac/utils/eventContext';
 import { getCurrentAppName } from '../../utils/app/appNameResolver';
-import { isSuperAdmin } from '../../rbac/api';
+import { isSuperAdmin as checkSuperAdminApi } from '../../rbac/api';
 import { logger } from '../../utils/core/logger';
 import type { Permission, Scope } from '../../rbac/types';
@@ -372,7 +372,7 @@ export function PaceAppLayout({
   onRouteAccessDenied,
   onRouteStrictModeViolation
 }: PaceAppLayoutProps) {
-  const { user, signOut, updatePassword, supabase, appId: contextAppId } = useUnifiedAuth(); // Get appId from context (resolved on login)
+  const { user, signOut, updatePassword, supabase, appId: contextAppId, selectedOrganisationId } = useUnifiedAuth(); // Get appId from context (resolved on login)
   const {
     selectedOrganisation,
     isContextReady,
@@ -380,6 +380,47 @@ export function PaceAppLayout({
     ensureOrganisationContext,
     isLoading: organisationLoading
   } = useOrganisations();
+  // Use useRBAC to get super admin status - it's more reliable than async check
+  // Note: isSuperAdmin might be false initially while loading, but that's OK - we'll allow rendering
+  // if organisation loading completes or if we're a super admin
+  const { isSuperAdmin: isSuperAdminFromRBAC, isLoading: rbacLoading } = useRBAC();
+  // Also check super admin status directly as a fallback (for ADMIN/PORTAL apps)
+  // This allows super admins to proceed even if RBAC hasn't loaded yet
+  const [isSuperAdminDirect, setIsSuperAdminDirect] = useState<boolean>(false);
+  const [isCheckingSuperAdminDirect, setIsCheckingSuperAdminDirect] = useState<boolean>(false);
+  useEffect(() => {
+    const checkSuperAdminDirect = async () => {
+      if (!user?.id) {
+        setIsSuperAdminDirect(false);
+        setIsCheckingSuperAdminDirect(false);
+        return;
+      }
+      // Only skip if RBAC already confirmed super admin
+      if (isSuperAdminFromRBAC) {
+        setIsCheckingSuperAdminDirect(false);
+        return;
+      }
+      setIsCheckingSuperAdminDirect(true);
+      try {
+        const superAdminStatus = await checkSuperAdminApi(user.id);
+        setIsSuperAdminDirect(superAdminStatus);
+      } catch (error) {
+        logger.error('PaceAppLayout', 'Error checking super admin status directly', { userId: user?.id, error });
+        setIsSuperAdminDirect(false);
+      } finally {
+        setIsCheckingSuperAdminDirect(false);
+      }
+    };
+    checkSuperAdminDirect();
+  }, [user?.id, isSuperAdminFromRBAC]);
+  // Use direct check if RBAC hasn't loaded yet, otherwise use RBAC result
+  const isSuperAdmin = isSuperAdminFromRBAC || isSuperAdminDirect;
   const navigate = useNavigate();
   const location = useLocation();
@@ -408,28 +449,25 @@ export function PaceAppLayout({
   // Build scope from resolved values
   // Preserve appId from resolvedScope or fallback to resolvedAppId
+  // CRITICAL: Always create a new scope object from primitive values to ensure stable reference
+  // This prevents useCan from re-checking permissions when resolvedScope changes reference but values are the same
+  const scopeOrgId = resolvedScope?.organisationId || selectedOrganisation?.id || '';
+  const scopeEventId = resolvedScope?.eventId || selectedEvent?.event_id || undefined;
+  const scopeAppId = resolvedScope?.appId || resolvedAppId || undefined;
   const scope = useMemo<Scope>(() => {
-    // Prefer resolvedScope if available (includes appId)
-    if (resolvedScope?.organisationId) {
-      return resolvedScope;
+    const newScope: Scope = {};
+    if (scopeOrgId) {
+      newScope.organisationId = scopeOrgId;
     }
-    // Fallback: build scope from context values with resolvedAppId
-    if (selectedOrganisation?.id) {
-      return {
-        organisationId: selectedOrganisation.id,
-        eventId: selectedEvent?.event_id || undefined,
-        appId: resolvedAppId || resolvedScope?.appId || undefined
-      };
+    if (scopeEventId) {
+      newScope.eventId = scopeEventId;
     }
-    // Last resort: return minimal scope
-    return {
-      organisationId: selectedOrganisation?.id || '',
-      eventId: selectedEvent?.event_id || undefined,
-      appId: resolvedAppId || resolvedScope?.appId || undefined
-    };
-  }, [resolvedScope, selectedOrganisation?.id, selectedEvent?.event_id, resolvedAppId]);
+    if (scopeAppId) {
+      newScope.appId = scopeAppId;
+    }
+    return newScope;
+  }, [scopeOrgId, scopeEventId, scopeAppId]);
   // Default navigation items if none provided
   const defaultNavItems: NavigationItem[] = useMemo(() => [
@@ -460,61 +498,45 @@ export function PaceAppLayout({
     }
     // Extract first path segment (base page name)
     const pathSegments = currentPath.slice(1).split('/').filter(Boolean);
-    return pathSegments[0] || 'home';
+    // Only return 'home' if there's actually a path segment, otherwise return empty string
+    // This prevents checking permissions for a non-existent "home" page when the index route is used
+    return pathSegments[0] || '';
   }, [location.pathname, pageIdMapping]);
   // Build permission string in format: operation:page.pageId
   const currentPermission = useMemo<Permission>(() => {
-    if (!enforcePermissions) {
-      return 'read:page.home' as Permission;
+    // If enforcePermissions is false, don't check any permission (return empty string)
+    // If currentPageId is empty (index route with no path segments), don't check permissions
+    if (!enforcePermissions || !currentPageId) {
+      return '' as Permission;
     }
     const permissionString = `${currentRoutePermission}:page.${currentPageId}`;
     return permissionString as Permission;
   }, [enforcePermissions, currentRoutePermission, currentPageId]);
   // Check super admin status before permission enforcement
-  const [isSuperAdminUser, setIsSuperAdminUser] = useState<boolean>(false);
-  const [isCheckingSuperAdmin, setIsCheckingSuperAdmin] = useState<boolean>(false);
-  useEffect(() => {
-    const checkSuperAdminStatus = async () => {
-      if (!user?.id) {
-        setIsSuperAdminUser(false);
-        setIsCheckingSuperAdmin(false);
-        return;
-      }
-      setIsCheckingSuperAdmin(true);
-      try {
-        const superAdminStatus = await isSuperAdmin(user.id);
-        setIsSuperAdminUser(superAdminStatus);
-      } catch (error) {
-        logger.error('PaceAppLayout', 'Error checking super admin status', { userId: user?.id, error });
-        setIsSuperAdminUser(false);
-      } finally {
-        setIsCheckingSuperAdmin(false);
-      }
-    };
-    checkSuperAdminStatus();
-  }, [user?.id]);
+  // Removed duplicate super admin check - using useRBAC hook instead
+  // The useRBAC hook provides isSuperAdmin which is more reliable
   // Use useCan hook for permission checking (standardized approach)
   // Note: The database function already handles super admin bypass, but we check here
   // as an additional safety layer to prevent unnecessary permission checks
   // Pass appName to useCan so it can be passed to isPermitted for PORTAL/ADMIN special case
+  // Only check permissions if enforcePermissions is true and we have a valid permission string
+  const shouldCheckPermission = enforcePermissions && !!currentPermission && !!currentPageId;
   const { can: canFromHook, isLoading: isCheckingPermission, error: permissionError } = useCan(
     user?.id || '',
     scope,
-    currentPermission,
-    currentPageId,
+    shouldCheckPermission ? currentPermission : ('' as Permission),
+    shouldCheckPermission ? currentPageId : '',
     true, // useCache
     appName // Pass appName for PORTAL/ADMIN special case
   );
   // Permission enforcement state - super admin bypasses all checks
   // This ensures super admins never see permission errors even if useCan hasn't completed
-  const can = isSuperAdminUser ? true : canFromHook;
+  // Use combined super admin check (RBAC + direct check)
+  const can = isSuperAdmin ? true : canFromHook;
   const hasPermission = enforcePermissions ? can : true;
   // Handle permission check results with audit logging and callbacks
@@ -524,19 +546,20 @@ export function PaceAppLayout({
     }
     // Only proceed when permission check is complete (not loading)
-    // Wait for both super admin check and permission check to complete
-    if (isCheckingSuperAdmin || isCheckingPermission) {
+    // Super admin status is checked via useRBAC hook (isSuperAdminFromRBAC)
+    // If RBAC is still loading, allow rendering to proceed (optimistic for super admins)
+    if (isCheckingPermission) {
       return;
     }
     // NEW: Phase 1 - Enhanced Security Features
     // Handle strict mode violations - skip for super admins
-    if (strictMode && !isSuperAdminUser && !can) {
+    if (strictMode && !isSuperAdmin && !can) {
       logger.error('PaceAppLayout', 'STRICT MODE VIOLATION: User attempted to access protected page without permission', {
         pageName: currentPageId,
         operation: currentRoutePermission,
         userId: user?.id,
-        isSuperAdmin: isSuperAdminUser,
+        isSuperAdmin: isSuperAdmin,
         timestamp: new Date().toISOString()
       });
@@ -546,10 +569,10 @@ export function PaceAppLayout({
     }
     // Handle page access denied callback - skip for super admins
-    if (!isSuperAdminUser && !can && onPageAccessDenied) {
+    if (!isSuperAdmin && !can && onPageAccessDenied) {
       onPageAccessDenied(currentPageId, currentRoutePermission);
     }
-  }, [enforcePermissions, can, isCheckingPermission, isCheckingSuperAdmin, isSuperAdminUser, currentPageId, currentRoutePermission, user?.id, strictMode, auditLog, onPageAccessDenied, onStrictModeViolation]);
+  }, [enforcePermissions, can, isCheckingPermission, isSuperAdmin, currentPageId, currentRoutePermission, user?.id, strictMode, auditLog, onPageAccessDenied, onStrictModeViolation]);
   // Filter navigation items based on permissions
   // Permission filtering is always enabled - users only see navigation items they have permission to access
@@ -610,8 +633,8 @@ export function PaceAppLayout({
       // For super admins, show all items (they bypass permission checks)
       // Gracefully handle RBAC not being initialized (e.g., in tests)
       try {
-        const { isSuperAdmin } = await import('../../rbac/api');
-        const isSuper = await isSuperAdmin(user.id);
+        const { isSuperAdmin: checkSuperAdminDynamic } = await import('../../rbac/api');
+        const isSuper = await checkSuperAdminDynamic(user.id);
         if (isSuper) {
           // Super admins see all navigation items
@@ -825,7 +848,13 @@ export function PaceAppLayout({
   // This is critical - we must wait for organisation context before allowing any data access
   // BUT: Allow rendering to proceed if loading is complete, even if user has no organisations (valid state for profile pages)
   // Only block if we're actively loading - once loading completes (success or error), allow rendering
-  if (user?.id && organisationLoading) {
+  // EXCEPTION: Super admins can proceed even during organisation loading (they can access all orgs)
+  // Use combined super admin check (RBAC + direct check) to allow super admins to proceed immediately
+  // IMPORTANT: If we're still checking super admin status, allow rendering to proceed (optimistic approach)
+  // This prevents blocking super admins while their status is being determined
+  // Also allow rendering if we already have a selectedOrganisationId (even if organisationLoading is still true)
+  // This prevents blank pages when organisation context is available but loading state hasn't cleared yet
+  if (user?.id && organisationLoading && !isSuperAdmin && !isCheckingSuperAdminDirect && !rbacLoading && !selectedOrganisationId) {
     return (
       <div className="flex items-center justify-center min-h-screen">
         <div className="text-center">
@@ -841,10 +870,10 @@ export function PaceAppLayout({
   // These pages work with user context only and don't require organisation context
   // The app can check hasValidOrganisationContext() to determine if org context is available for org-specific features
-  // Show loading state while checking permissions or super admin status
-  // Keep loading active until BOTH checks complete to prevent exposing protected content
-  // This ensures we don't render the main layout when permission check failed but super admin check is pending
-  if (enforcePermissions && (isCheckingSuperAdmin || isCheckingPermission)) {
+  // Show loading state while checking permissions
+  // Keep loading active until permission check completes to prevent exposing protected content
+  // Super admin status is checked via useRBAC hook (isSuperAdminFromRBAC)
+  if (enforcePermissions && isCheckingPermission) {
     return (
       <div className="flex items-center justify-center min-h-screen">
         <div className="text-center">
@@ -857,7 +886,7 @@ export function PaceAppLayout({
   // Show permission error (only after BOTH checks are complete)
   // Super admins bypass all permission checks, so don't show errors for them
-  if (enforcePermissions && permissionError && !isSuperAdminUser) {
+  if (enforcePermissions && permissionError && !isSuperAdmin) {
     return (
       <div className="flex items-center justify-center min-h-screen">
         <div className="text-center">
@@ -871,7 +900,7 @@ export function PaceAppLayout({
   // Show permission fallback if user lacks permission
   // Only show this if super admin check is complete and user is not a super admin
-  if (enforcePermissions && hasPermission === false && !isCheckingSuperAdmin && !isSuperAdminUser) {
+  if (enforcePermissions && hasPermission === false && !isCheckingSuperAdminDirect && !isSuperAdmin) {
     // NEW: Phase 1 - Use page permission fallback if available
     if (enforcePagePermissions && pagePermissionFallback) {
       return <>{pagePermissionFallback}</>;

package/src/components/PaceLoginPage/PaceLoginPage.tsx CHANGED Viewed

@@ -208,7 +208,6 @@ export const PaceLoginPage: React.FC<PaceLoginPageProps> = ({
         }
       } catch (error) {
         // Service may not be available yet or events not loaded - that's okay
-        logger.debug('PaceLoginPage', 'Could not restore persisted event (service may not be ready):', error);
       }
     };
@@ -266,7 +265,6 @@ export const PaceLoginPage: React.FC<PaceLoginPageProps> = ({
           .eq('app_id', appData.id);
         if (pagesError || !pagesData || pagesData.length === 0) {
-          logger.debug('PaceLoginPage', 'No pages configured for app:', appName);
           setAccessError(`You do not have permission to access ${appName}. This application is currently unavailable. Please contact your administrator if you believe you should have access.`);
           setIsCheckingAccess(false);
           return;
@@ -285,7 +283,6 @@ export const PaceLoginPage: React.FC<PaceLoginPageProps> = ({
         const organisationId = orgRow?.organisation_id;
         if (!organisationId) {
-          logger.debug('PaceLoginPage', 'User has no organisation access');
           setAccessError(`You do not have permission to access ${appName}. You are not assigned to any organisation. Please contact your administrator.`);
           setIsCheckingAccess(false);
           return;
@@ -305,8 +302,6 @@ export const PaceLoginPage: React.FC<PaceLoginPageProps> = ({
               p_page_id: page.page_name // Page name to resolve to UUID
             });
-          logger.debug('PaceLoginPage', 'Permission check for page:', { pageName: page.page_name, hasPermission, error: permError });
           if (!permError && hasPermission === true) {
             hasAnyAccess = true;
             break;
@@ -314,14 +309,12 @@ export const PaceLoginPage: React.FC<PaceLoginPageProps> = ({
         }
         if (hasAnyAccess) {
-          logger.debug('PaceLoginPage', 'User has access to app');
           setIsCheckingAccess(false);
           navigate(onSuccessRedirectPath, { replace: true });
           return;
         }
         // No access - deny
-        logger.debug('PaceLoginPage', 'Access denied - no permissions');
         setAccessError(`You do not have permission to access ${appName}. This application is restricted to authorized users only. Please contact your administrator if you believe you should have access.`);
         setIsCheckingAccess(false);
       } catch (error) {

package/src/components/ProtectedRoute/ProtectedRoute.test.tsx CHANGED Viewed

@@ -165,12 +165,8 @@ describe('ProtectedRoute Component', () => {
       expect(screen.getByTestId('outlet')).toBeInTheDocument();
-      // Wait a bit for the logger to be called (it's called during render)
-      await waitFor(() => {
-        expect(consoleDebugSpy).toHaveBeenCalledWith(
-          expect.stringContaining('[DEBUG] [ProtectedRoute] Events available but none selected - allowing render so selector is visible')
-        );
-      }, { timeout: 1000 });
+      // Note: ProtectedRoute no longer logs this debug message - it just allows rendering
+      // The component allows rendering when events exist but none selected to make the selector visible
     });
     it('renders session restoration loader when session is restoring', () => {
@@ -461,9 +457,9 @@ describe('ProtectedRoute Component', () => {
       renderWithProviders(<ProtectedRoute requireEvent={true} />);
       expect(screen.getByTestId('outlet')).toBeInTheDocument();
-      expect(consoleDebugSpy).toHaveBeenCalledWith(
-        expect.stringContaining('[DEBUG] [ProtectedRoute] Events available but none selected - allowing render so selector is visible')
-      );
+      // Note: ProtectedRoute no longer logs this debug message - it just allows rendering
+      // The component allows rendering when events exist but none selected to make the selector visible
     });
     it('renders outlet when event is selected', () => {

package/src/components/ProtectedRoute/ProtectedRoute.tsx CHANGED Viewed

@@ -359,7 +359,6 @@ export function ProtectedRoute({
   // The event selector will be visible and user can select, or auto-selection will kick in
   if (!selectedEvent) {
     // Log for debugging - this is expected behavior, not an error
-    logger.debug('ProtectedRoute', 'Events available but none selected - allowing render so selector is visible');
     return <Outlet />;
   }

package/src/components/PublicLayout/PublicPageProvider.tsx CHANGED Viewed

@@ -102,7 +102,6 @@ export function PublicPageProvider({ children, appName }: PublicPageProviderProp
       return null;
     }
     const client = createClient<Database>(supabaseUrl, supabaseKey);
-    logger.info('PublicPageProvider', 'Supabase client created successfully for public pages');
     return client;
   }, [supabaseUrl, supabaseKey]);

package/src/components/Select/Select.test.tsx CHANGED Viewed

@@ -465,11 +465,14 @@ describe('Select Component', () => {
       await user.click(screen.getByRole('combobox'));
       expect(screen.getByRole('listbox')).toBeInTheDocument();
+      // Wait for the event listener to be added (100ms delay in implementation)
+      await new Promise(resolve => setTimeout(resolve, 150));
       await user.click(document.body);
       await waitFor(() => {
         expect(screen.queryByRole('listbox')).not.toBeInTheDocument();
-      });
+      }, { timeout: 2000 });
     });
     it('prevents opening when trigger is disabled', async () => {

package/src/components/Select/Select.tsx CHANGED Viewed

@@ -145,7 +145,9 @@ export const useSelectState = ({
   }, [controlledValue, onValueChange, controlledOpen, onOpenChange]);
   const setOpen = React.useCallback((newOpen: boolean) => {
-    if (disabled) return;
+    if (disabled) {
+      return;
+    }
     // Close all other select dropdowns when opening this one
     if (newOpen) {
@@ -210,24 +212,30 @@ export const useSelectEvents = ({ state, actions, selectRef }: UseSelectEventsPr
   // Handle click outside to close dropdown
   React.useEffect(() => {
+    if (!state.open) return;
     const handleClickOutside = (event: MouseEvent) => {
       const selectElement = selectRef.current;
-      const clickedElement = event.target as Element;
-      const isSelectItem = clickedElement?.closest('[data-testid="select-item"]');
-      const isSearchInput = clickedElement?.closest('[data-testid="select-search-input"]');
-      const isSelectContent = clickedElement?.closest('[data-testid="select-content"]');
+      if (!selectElement) return;
-      if (state.open && selectElement && !selectElement.contains(event.target as Node) && !isSelectItem && !isSearchInput && !isSelectContent && !isSelecting) {
+      const target = event.target as Node;
+      // Close if clicking outside the select element
+      if (!selectElement.contains(target) && !isSelecting) {
         actions.setOpen(false);
       }
     };
-    if (state.open) {
-      document.addEventListener('mousedown', handleClickOutside);
+    // Add a small delay to avoid closing immediately when opening
+      // The delay ensures the click event that opened the dropdown has fully processed
+      const timeoutId = setTimeout(() => {
+        document.addEventListener('click', handleClickOutside, true); // Use capture phase
+      }, 100); // Small delay to let the opening click complete
       return () => {
-        document.removeEventListener('mousedown', handleClickOutside);
+        clearTimeout(timeoutId);
+        document.removeEventListener('click', handleClickOutside, true);
       };
-    }
   }, [state.open, actions, selectRef, isSelecting]);
   // Handle SelectItem mousedown events
@@ -588,6 +596,10 @@ export const Select = React.forwardRef<HTMLFormElement, SelectProps & UseSelectS
         className={cn("relative", className)}
         data-value={state.value}
         data-testid="select-root"
+        onSubmit={(e) => {
+          e.preventDefault();
+          e.stopPropagation();
+        }}
       >
         <SelectContext.Provider value={contextValue}>
           {children}
@@ -607,9 +619,25 @@ export const SelectTrigger = React.forwardRef<HTMLButtonElement, SelectTriggerPr
     const { open, disabled, value, actions, direction = 'down' } = useSelectContext();
     const opensUpward = direction === 'up';
-    const handleClick = () => {
+    // Use ref to store the latest handleClick to avoid re-creating the effect
+    const handleClickRef = React.useRef<(e: React.MouseEvent) => void>();
+    const handleClick = React.useCallback((e: React.MouseEvent) => {
+      if (disabled) {
+        e.preventDefault();
+        e.stopPropagation();
+        return;
+      }
+      e.preventDefault();
+      e.stopPropagation();
       actions.setOpen(!open);
-    };
+    }, [disabled, open, actions]);
+    // Update ref whenever handleClick changes
+    React.useEffect(() => {
+      handleClickRef.current = handleClick;
+    }, [handleClick]);
     const handleKeyDown = (e: React.KeyboardEvent) => {
       if (disabled) return;
@@ -690,9 +718,19 @@ export const SelectTrigger = React.forwardRef<HTMLButtonElement, SelectTriggerPr
       });
     }
+    // Simple ref forwarding
+    const handleRef = React.useCallback((node: HTMLButtonElement | null) => {
+      if (typeof ref === 'function') {
+        ref(node);
+      } else if (ref) {
+        (ref as React.MutableRefObject<HTMLButtonElement | null>).current = node;
+      }
+    }, [ref]);
     return (
       <Button
-        ref={ref}
+        ref={handleRef}
         type="button"
         role="combobox"
         aria-expanded={open}
@@ -713,7 +751,9 @@ export const SelectTrigger = React.forwardRef<HTMLButtonElement, SelectTriggerPr
           textOverflow: 'ellipsis',
           whiteSpace: 'nowrap'
         }}
-        onClick={handleClick}
+        onClick={(e) => {
+          handleClick(e);
+        }}
         onKeyDown={handleKeyDown}
         data-testid="select-trigger"
         data-value={value}
@@ -741,7 +781,12 @@ export const SelectValue = React.forwardRef<HTMLSpanElement, SelectValueProps>(
     const { selectedText } = useSelectContext();
     return (
-      <span ref={ref} data-testid="select-value">
+      <span
+        ref={ref}
+        data-testid="select-value"
+        style={{ pointerEvents: 'none' }}
+        className="pointer-events-none"
+      >
         {children || (selectedText ? selectedText : placeholder)}
       </span>
     );