@jmruthers/pace-core 0.5.190 → 0.5.193

package/src/hooks/public/usePublicEvent.ts

@@ -210,7 +210,7 @@ export function usePublicEvent(
               
               // Fallback: Direct table access with public RLS policy
             const tableResponse2 = await (supabase as any)
-              .from('event')
+              .from('core_events')
               .select(`
                 event_id,
                 event_name,
@@ -247,11 +247,11 @@ export function usePublicEvent(
               return;
             }
 
-            // Get event logo from file_references
+            // Get event logo from core_file_references
             const logoResponse = await (supabase as any)
-              .from('file_references')
+              .from('core_file_references')
               .select('file_path')
-              .eq('table_name', 'event')
+              .eq('table_name', 'core_events')
               .eq('record_id', tableData.event_id)
               .eq('is_public', true)
               .eq('file_metadata->>category', 'event_logos')
@@ -286,7 +286,7 @@ export function usePublicEvent(
         logger.warn('usePublicEvent', 'RPC call failed, falling back to direct table access:', rpcError);
         
         const tableResponse = await (supabase as any)
-          .from('event')
+          .from('core_events')
           .select(`
             event_id,
             event_name,
@@ -323,11 +323,11 @@ export function usePublicEvent(
           return;
         }
 
-        // Get event logo from file_references
+        // Get event logo from core_file_references
         const logoResponse = await (supabase as any)
-          .from('file_references')
+          .from('core_file_references')
           .select('file_path')
-          .eq('table_name', 'event')
+          .eq('table_name', 'core_events')
           .eq('record_id', tableData.event_id)
           .eq('is_public', true)
           .eq('file_metadata->>category', 'event_logos')

package/src/hooks/public/usePublicFileDisplay.ts

@@ -202,7 +202,7 @@ export function usePublicFileDisplay(
             const ids = userData.map((item: any) => item.id);
             if (ids.length > 0) {
               const { data: fullData } = await supabase
-                .from('file_references')
+                .from('core_file_references')
                 .select('id, table_name, record_id, file_path, file_metadata, organisation_id, app_id, is_public, created_at, updated_at')
                 .in('id', ids)
                 .eq('is_public', true);
@@ -320,7 +320,7 @@ export function usePublicFileDisplay(
             // Fetch full file reference data for each ID, but only public files
             const ids = fileIds.map((item: any) => item.id);
             const { data: fullData, error: fetchError } = await supabase
-              .from('file_references')
+              .from('core_file_references')
               .select('id, table_name, record_id, file_path, file_metadata, organisation_id, app_id, is_public, created_at, updated_at')
               .in('id', ids)
               .eq('is_public', true); // Only public files in public context

package/src/hooks/services/useAuthService.ts

@@ -8,7 +8,7 @@
  * Provides authentication service with reactive state updates.
  */
 
-import { useContext, useReducer, useEffect } from 'react';
+import { useContext, useReducer, useEffect, useRef } from 'react';
 import { AuthServiceContext } from '../../providers/services/AuthServiceProvider';
 import { AuthService } from '../../services/AuthService';
 
@@ -19,11 +19,29 @@ export function useAuthService(): AuthService {
     throw new Error('useAuthService must be used within AuthServiceProvider');
   }
   
-  // Subscribe to service state changes
+  // Subscribe to service state changes with debouncing to prevent excessive re-renders
   const [, forceUpdate] = useReducer(x => x + 1, 0);
+  const timeoutRef = useRef<ReturnType<typeof setTimeout> | null>(null);
   
   useEffect(() => {
-    return context.authService.subscribe(() => forceUpdate());
+    const debouncedUpdate = () => {
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+      timeoutRef.current = setTimeout(() => {
+        forceUpdate();
+        timeoutRef.current = null;
+      }, 50); // 50ms debounce to batch rapid updates
+    };
+    
+    const unsubscribe = context.authService.subscribe(debouncedUpdate);
+    
+    return () => {
+      unsubscribe();
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+    };
   }, [context.authService]);
   
   return context.authService;

package/src/hooks/services/useEventService.ts

@@ -8,7 +8,7 @@
  * Provides event service with reactive state updates.
  */
 
-import { useContext, useReducer, useEffect } from 'react';
+import { useContext, useReducer, useEffect, useRef } from 'react';
 import { EventServiceContext } from '../../providers/services/EventServiceProvider';
 import { EventService } from '../../services/EventService';
 
@@ -19,11 +19,29 @@ export function useEventService(): EventService {
     throw new Error('useEventService must be used within EventServiceProvider');
   }
   
-  // Subscribe to service state changes
+  // Subscribe to service state changes with debouncing to prevent excessive re-renders
   const [, forceUpdate] = useReducer(x => x + 1, 0);
+  const timeoutRef = useRef<ReturnType<typeof setTimeout> | null>(null);
   
   useEffect(() => {
-    return context.eventService.subscribe(() => forceUpdate());
+    const debouncedUpdate = () => {
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+      timeoutRef.current = setTimeout(() => {
+        forceUpdate();
+        timeoutRef.current = null;
+      }, 50); // 50ms debounce to batch rapid updates
+    };
+    
+    const unsubscribe = context.eventService.subscribe(debouncedUpdate);
+    
+    return () => {
+      unsubscribe();
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+    };
   }, [context.eventService]);
   
   return context.eventService;

package/src/hooks/services/useInactivityService.ts

@@ -8,7 +8,7 @@
  * Provides inactivity service with reactive state updates.
  */
 
-import { useContext, useReducer, useEffect } from 'react';
+import { useContext, useReducer, useEffect, useRef } from 'react';
 import { InactivityServiceContext } from '../../providers/services/InactivityServiceProvider';
 import { InactivityService } from '../../services/InactivityService';
 
@@ -19,11 +19,29 @@ export function useInactivityService(): InactivityService {
     throw new Error('useInactivityService must be used within InactivityServiceProvider');
   }
   
-  // Subscribe to service state changes
+  // Subscribe to service state changes with debouncing to prevent excessive re-renders
   const [, forceUpdate] = useReducer(x => x + 1, 0);
+  const timeoutRef = useRef<ReturnType<typeof setTimeout> | null>(null);
   
   useEffect(() => {
-    return context.inactivityService.subscribe(() => forceUpdate());
+    const debouncedUpdate = () => {
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+      timeoutRef.current = setTimeout(() => {
+        forceUpdate();
+        timeoutRef.current = null;
+      }, 50); // 50ms debounce to batch rapid updates
+    };
+    
+    const unsubscribe = context.inactivityService.subscribe(debouncedUpdate);
+    
+    return () => {
+      unsubscribe();
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+    };
   }, [context.inactivityService]);
   
   return context.inactivityService;

package/src/hooks/services/useOrganisationService.ts

@@ -8,7 +8,7 @@
  * Provides organisation service with reactive state updates.
  */
 
-import { useContext, useReducer, useEffect } from 'react';
+import { useContext, useReducer, useEffect, useRef } from 'react';
 import { OrganisationServiceContext } from '../../providers/services/OrganisationServiceProvider';
 import { OrganisationService } from '../../services/OrganisationService';
 
@@ -19,11 +19,29 @@ export function useOrganisationService(): OrganisationService {
     throw new Error('useOrganisationService must be used within OrganisationServiceProvider');
   }
   
-  // Subscribe to service state changes
+  // Subscribe to service state changes with debouncing to prevent excessive re-renders
   const [, forceUpdate] = useReducer(x => x + 1, 0);
+  const timeoutRef = useRef<ReturnType<typeof setTimeout> | null>(null);
   
   useEffect(() => {
-    return context.organisationService.subscribe(() => forceUpdate());
+    const debouncedUpdate = () => {
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+      timeoutRef.current = setTimeout(() => {
+        forceUpdate();
+        timeoutRef.current = null;
+      }, 50); // 50ms debounce to batch rapid updates
+    };
+    
+    const unsubscribe = context.organisationService.subscribe(debouncedUpdate);
+    
+    return () => {
+      unsubscribe();
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+    };
   }, [context.organisationService]);
   
   return context.organisationService;

package/src/hooks/useFileDisplay.ts

@@ -4,7 +4,7 @@
  * @module Hooks
  *
  * A React hook for accessing file references in authenticated contexts.
- * Can handle both public and private files using the file_references system.
+ * Can handle both public and private files using the core_file_references system.
  *
  * Features:
  * - Works in authenticated contexts
@@ -20,7 +20,7 @@
  *
  * function FileView() {
  *   const { fileUrl, fileReference, isLoading, error } = useFileDisplay(
- *     'event',
+ *     'core_events',
  *     eventId,
  *     organisationId,
  *     FileCategory.EVENT_LOGOS
@@ -247,10 +247,9 @@ export function useFileDisplay(
           if (user) {
             // Query user's active organisation memberships
             const { data: memberships, error: membershipError } = await supabase
-              .from('organisation_memberships')
+              .from('core_organisation_memberships')
               .select('organisation_id')
-              .eq('user_id', user.id)
-              .or('status.is.null,status.eq.active');
+              .eq('user_id', user.id);
 
             if (membershipError) {
               logger.warn('useFileDisplay', 'Error querying organisation memberships:', membershipError);
@@ -292,7 +291,7 @@ export function useFileDisplay(
               try {
                 // Try querying without organisation_id filter - let RLS handle security
                 let fallbackQuery = supabase
-                  .from('file_references')
+                  .from('core_file_references')
                   .select('id, table_name, record_id, file_path, file_metadata, organisation_id, app_id, is_public, created_at, updated_at')
                   .eq('table_name', table_name)
                   .eq('record_id', record_id)
@@ -350,11 +349,11 @@ export function useFileDisplay(
 
         // If no files found through RPC, try a direct query as fallback
         // This handles cases where RLS policy allows access but RPC security check is too strict
-        // (e.g., pace_person files where user owns the person record but record_id != user_id)
+        // (e.g., core_person files where user owns the person record but record_id != user_id)
         if (files.length === 0) {
           try {
             let directQuery = supabase
-              .from('file_references')
+              .from('core_file_references')
               .select('id, table_name, record_id, file_path, file_metadata, organisation_id, app_id, is_public, created_at, updated_at')
               .eq('table_name', table_name)
               .eq('record_id', record_id)
@@ -392,12 +391,7 @@ export function useFileDisplay(
         // Category is stored in file_metadata JSONB field, not a direct column
         if (category) {
           // Single file mode - get files by category using RPC
-          logger.debug('useFileDisplay', 'Using RPC function for category filtering:', {
-            table_name,
-            record_id,
-            category,
-            organisation_id
-          });
+          // Removed verbose debug log - only log on errors
           files = await service.getFilesByCategory(
             table_name,
             record_id,
@@ -444,7 +438,7 @@ export function useFileDisplay(
             const { data: { user } } = await supabase.auth.getUser();
             if (user) {
               const { data: memberships } = await supabase
-                .from('organisation_memberships')
+                .from('core_organisation_memberships')
                 .select('organisation_id')
                 .eq('user_id', user.id)
                 .or('status.is.null,status.eq.active');
@@ -511,21 +505,13 @@ export function useFileDisplay(
       if (category && files.length > 0) {
         // Single file mode - get first file
         const firstFile = files[0];
-        logger.debug('useFileDisplay', 'Processing category files, first file:', {
-          id: firstFile.id,
-          file_path: firstFile.file_path,
-          is_public: firstFile.is_public,
-          has_file_metadata: !!firstFile.file_metadata,
-          category_in_metadata: firstFile.file_metadata?.category
-        });
-        
+        // Removed verbose debug logs - only log on errors
         setFileReference(firstFile);
         
         // Generate URL based on file visibility
         let url: string | null = null;
         if (firstFile.is_public) {
           url = getPublicUrl(supabase, firstFile.file_path, true);
-          logger.debug('useFileDisplay', 'Generated public URL:', url);
         } else {
           const signedUrlResult = await getSignedUrl(supabase, firstFile.file_path, {
             appName: 'pace-core',
@@ -534,9 +520,15 @@ export function useFileDisplay(
             expiresIn: 3600
           });
           url = signedUrlResult?.url || null;
-          logger.debug('useFileDisplay', 'Generated signed URL:', url ? 'URL generated' : 'URL generation failed');
+          // Only log if URL generation fails
+          if (!url) {
+            logger.warn('useFileDisplay', 'Failed to generate signed URL for file:', {
+              file_path: firstFile.file_path,
+              record_id,
+              table_name
+            });
+          }
         }
-        logger.debug('useFileDisplay', 'Setting file URL:', url ? 'URL set' : 'URL is null');
         setFileUrl(url);
       } else {
         // Multiple files mode - generate URLs for all files in batch

package/src/hooks/useQueryCache.ts

@@ -112,12 +112,12 @@ export interface UseQueryCacheReturn {
  * const { getCachedQuery } = useQueryCache(supabase);
  * 
  * const person = await getCachedQuery(
- *   'pace_person',
+ *   'core_person',
  *   'user_id',
  *   userId,
  *   async () => {
  *     const { data } = await supabase
- *       .from('pace_person')
+ *       .from('core_person')
  *       .select('id, first_name, last_name, email')
  *       .eq('user_id', userId)
  *       .single();
@@ -220,7 +220,7 @@ export function useQueryCache(supabase?: SupabaseClient<Database>): UseQueryCach
  */
 export const queryCacheHelpers = {
   /**
-   * Cache pace_person queries by user_id
+   * Cache core_person queries by user_id
    * TTL: 5 minutes
    */
   pacePersonByUserId: <T>(
@@ -228,7 +228,7 @@ export const queryCacheHelpers = {
     userId: string,
     fetchFn: () => Promise<T>
   ): Promise<T> => {
-    const cacheKey = `pace_person:user_id:${userId}`;
+    const cacheKey = `core_person:user_id:${userId}`;
     const now = Date.now();
     const ttl = 300 * 1000; // 5 minutes
     
@@ -258,7 +258,7 @@ export const queryCacheHelpers = {
   },
   
   /**
-   * Cache pace_member queries by person_id
+   * Cache core_member queries by person_id
    * TTL: 5 minutes
    */
   paceMemberByPersonId: <T>(
@@ -266,7 +266,7 @@ export const queryCacheHelpers = {
     personId: string,
     fetchFn: () => Promise<T>
   ): Promise<T> => {
-    const cacheKey = `pace_member:person_id:${personId}`;
+    const cacheKey = `core_member:person_id:${personId}`;
     const now = Date.now();
     const ttl = 300 * 1000; // 5 minutes
     

package/src/hooks/useSecureDataAccess.test.ts

@@ -15,7 +15,7 @@ import { useOrganisations } from './useOrganisations';
 import { setOrganisationContext } from '../utils/context/organisationContext';
 import { createMockSupabaseClient, createMockQueryBuilderWithData } from '../__tests__/helpers/supabaseMock';
 import { useResolvedScope } from '../rbac/hooks/useResolvedScope';
-import { useSuperAdminBypass } from '../rbac/hooks/useSuperAdminBypass';
+import { useOrganisationSecurity } from './useOrganisationSecurity';
 
 // Mock the providers
 vi.mock('../providers', () => ({
@@ -36,9 +36,9 @@ vi.mock('../rbac/hooks/useResolvedScope', () => ({
   useResolvedScope: vi.fn()
 }));
 
-// Mock useSuperAdminBypass
-vi.mock('../rbac/hooks/useSuperAdminBypass', () => ({
-  useSuperAdminBypass: vi.fn()
+// Mock useOrganisationSecurity
+vi.mock('./useOrganisationSecurity', () => ({
+  useOrganisationSecurity: vi.fn()
 }));
 
 
@@ -47,7 +47,7 @@ describe('useSecureDataAccess', () => {
   const mockUseOrganisations = vi.mocked(useOrganisations);
   const mockSetOrganisationContext = vi.mocked(setOrganisationContext);
   const mockUseResolvedScope = vi.mocked(useResolvedScope);
-  const mockUseSuperAdminBypass = vi.mocked(useSuperAdminBypass);
+  const mockUseOrganisationSecurity = vi.mocked(useOrganisationSecurity);
 
   const mockUser = {
     id: 'user-123',
@@ -119,10 +119,17 @@ describe('useSecureDataAccess', () => {
       error: null,
     });
     
-    // Mock useSuperAdminBypass to return not super admin
-    mockUseSuperAdminBypass.mockReturnValue({
-      isSuperAdmin: false,
-    });
+    // Mock useOrganisationSecurity to return not super admin
+    mockUseOrganisationSecurity.mockReturnValue({
+      superAdminContext: { isSuperAdmin: false, hasGlobalAccess: false, canManageAllOrganisations: false },
+      validateOrganisationAccess: vi.fn(),
+      hasMinimumRole: vi.fn(),
+      canAccessChildOrganisations: vi.fn(),
+      checkPermission: vi.fn(),
+      getPermissions: vi.fn(),
+      logOrganisationAccess: vi.fn(),
+      canManageOrganisation: vi.fn(),
+    } as any);
   });
 
     describe('Hook Initialization', () => {
@@ -154,9 +161,9 @@ describe('useSecureDataAccess', () => {
     it('executes secure query with organisation filtering', async () => {
       const { result } = renderHook(() => useSecureDataAccess());
 
-      const data = await result.current.secureQuery('event', '*', { active: true });
+      const data = await result.current.secureQuery('core_events', '*', { active: true });
       
-      expect(freshMockSupabase.from).toHaveBeenCalledWith('event');
+      expect(freshMockSupabase.from).toHaveBeenCalledWith('core_events');
       expect(freshMockQueryBuilder.select).toHaveBeenCalledWith('*');
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('organisation_id', 'org-123');
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('active', true);
@@ -270,9 +277,9 @@ describe('useSecureDataAccess', () => {
     it('executes secure update with organisation filtering', async () => {
       const { result } = renderHook(() => useSecureDataAccess());
 
-      const data = await result.current.secureUpdate('event', { event_name: 'Updated Event' }, { id: 'event-123' });
+      const data = await result.current.secureUpdate('core_events', { event_name: 'Updated Event' }, { id: 'event-123' });
       
-      expect(freshMockSupabase.from).toHaveBeenCalledWith('event');
+      expect(freshMockSupabase.from).toHaveBeenCalledWith('core_events');
       expect(freshMockQueryBuilder.update).toHaveBeenCalledWith({ event_name: 'Updated Event' });
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('id', 'event-123');
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('organisation_id', 'org-123');
@@ -307,9 +314,9 @@ describe('useSecureDataAccess', () => {
     it('executes secure delete with organisation filtering', async () => {
       const { result } = renderHook(() => useSecureDataAccess());
 
-      await result.current.secureDelete('event', { id: 'event-123' });
+      await result.current.secureDelete('core_events', { id: 'event-123' });
       
-      expect(freshMockSupabase.from).toHaveBeenCalledWith('event');
+      expect(freshMockSupabase.from).toHaveBeenCalledWith('core_events');
       expect(freshMockQueryBuilder.delete).toHaveBeenCalled();
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('id', 'event-123');
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('organisation_id', 'org-123');
@@ -387,7 +394,7 @@ describe('useSecureDataAccess', () => {
       const { result } = renderHook(() => useSecureDataAccess());
 
       // Use 'event' table which is in the tablesWithOrganisation list
-      await result.current.secureQuery('event', '*');
+      await result.current.secureQuery('core_events', '*');
       
       // Verify that the query was executed with organisation filter
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('organisation_id', 'org-123');
@@ -443,7 +450,7 @@ describe('useSecureDataAccess', () => {
     it('prevents data leaks between organisations', async () => {
       const { result } = renderHook(() => useSecureDataAccess());
 
-      await result.current.secureQuery('event', '*');
+      await result.current.secureQuery('core_events', '*');
       
       // Verify organisation_id filter is always applied
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('organisation_id', 'org-123');

package/src/hooks/useSecureDataAccess.ts

@@ -15,7 +15,7 @@
  *   const loadData = async () => {
  *     try {
  *       // Automatically includes organisation_id filter
- *       const events = await secureQuery('event', '*', { is_visible: true });
+ *       const events = await secureQuery('core_events', '*', { is_visible: true });
  *       console.log('Organisation events:', events);
  *     } catch (error) {
  *       console.error('Failed to load data:', error);
@@ -25,7 +25,7 @@
  *   const createEvent = async (eventData) => {
  *     try {
  *       // Automatically sets organisation_id
- *       const newEvent = await secureInsert('event', eventData);
+ *       const newEvent = await secureInsert('core_events', eventData);
  *       console.log('Created event:', newEvent);
  *     } catch (error) {
  *       console.error('Failed to create event:', error);
@@ -59,7 +59,7 @@ import { setOrganisationContext } from '../utils/context/organisationContext';
 import { logger } from '../utils/core/logger';
 import type { Permission } from '../rbac/types';
 import type { OrganisationSecurityError } from '../types/organisation';
-import { useSuperAdminBypass } from '../rbac/hooks/useSuperAdminBypass';
+import { useOrganisationSecurity } from './useOrganisationSecurity';
 import { useResolvedScope } from '../rbac/hooks/useResolvedScope';
 
 export interface SecureDataAccessReturn {
@@ -158,7 +158,8 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
   const eventServiceContext = useContext(EventServiceContext);
   const eventFromContext = eventServiceContext?.eventService?.getSelectedEvent() || null;
   const effectiveSelectedEvent = selectedEvent || eventFromContext;
-  const { isSuperAdmin } = useSuperAdminBypass();
+  const { superAdminContext } = useOrganisationSecurity();
+  const isSuperAdmin = superAdminContext.isSuperAdmin;
 
   // Use resolved scope to get organisationId (derived from event if needed)
   const { resolvedScope } = useResolvedScope({
@@ -231,15 +232,19 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     // - RLS policies are the primary security layer (cannot be bypassed)
     // - Application-level filtering adds an additional layer of protection
     const tablesWithOrganisation = [
-      'event',  'organisation_settings',
+      'core_events',  'organisation_settings',
       'rbac_event_app_roles', 'rbac_organisation_roles',
       // SECURITY: Phase 2 additions - complete organisation table mapping
       'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',
       // SECURITY: Emergency additions for Phase 1 fixes
-      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',
+      'cake_meal', 'cake_mealtype', 'core_person',
+      // NOTE: core_member, medi_profile, core_contact, core_consent, core_identification, core_qualification
+      // are now person-scoped (not organisation-scoped) - removed from this list
       // SECURITY: Phase 3A additions - medical and personal data
-      'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',
-      'pace_consent', 'pace_contact', 'pace_identification', 'pace_identification_type', 'pace_qualification',
+      // NOTE: medi_condition, medi_diet, medi_action_plan, medi_profile_versions are now person-scoped
+      // (via medi_profile) - removed from this list
+      // core_identification_type remains organisation-scoped (lookup table)
+      'core_identification_type',
       'form_responses', 'form_response_values', 'forms',
       // SECURITY: Phase 3B additions - remaining critical tables
       'invoice', 'line_item', 'credit_balance', 'payment_method',
@@ -360,12 +365,12 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
 
     // Add organisation filter only if table has organisation_id column
     const tablesWithOrganisation = [
-      'event',  'organisation_settings',
+      'core_events',  'organisation_settings',
       'rbac_event_app_roles', 'rbac_organisation_roles',
       // SECURITY: Phase 2 additions - complete organisation table mapping
       'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',
       // SECURITY: Emergency additions for Phase 1 fixes
-      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member'
+      'cake_meal', 'cake_mealtype', 'core_person', 'core_member'
     ];
     
     if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {
@@ -407,15 +412,15 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
 
     // Add organisation filter only if table has organisation_id column
     const tablesWithOrganisation = [
-      'event',  'organisation_settings',
+      'core_events',  'organisation_settings',
       'rbac_event_app_roles', 'rbac_organisation_roles',
       // SECURITY: Phase 2 additions - complete organisation table mapping
       'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',
       // SECURITY: Emergency additions for Phase 1 fixes
-      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',
+      'cake_meal', 'cake_mealtype', 'core_person', 'core_member',
       // SECURITY: Phase 3A additions - medical and personal data
       'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',
-      'pace_consent', 'pace_contact', 'pace_identification', 'pace_identification_type', 'pace_qualification',
+      'core_consent', 'core_contact', 'core_identification', 'core_identification_type', 'core_qualification',
       'form_responses', 'form_response_values', 'forms',
       // SECURITY: Phase 3B additions - remaining critical tables
       'invoice', 'line_item', 'credit_balance', 'payment_method',

package/src/providers/__tests__/OrganisationProvider.test.tsx

@@ -40,24 +40,7 @@ const createMockSupabaseClient = () => {
   const orgId = '123e4567-e89b-12d3-a456-426614174000'; // Valid UUID format
   const userId = '123e4567-e89b-12d3-a456-426614174001'; // Valid UUID format
   
-  return {
-    rpc: vi.fn().mockResolvedValue({
-      data: [
-        {
-          user_id: userId,
-          organisation_id: orgId,
-          role: 'org_admin',
-          status: 'active',
-        },
-      ],
-      error: null,
-    }),
-    from: vi.fn((table: string) => {
-      if (table === 'organisations') {
-        return {
-          select: vi.fn().mockResolvedValue({
-            data: [
-              {
+  const mockOrganisation = {
                 id: orgId,
                 name: 'Test Organisation 1',
                 display_name: 'Test Organisation 1',
@@ -67,11 +50,34 @@ const createMockSupabaseClient = () => {
                 parent_id: null,
                 created_at: '2023-01-01T00:00:00Z',
                 updated_at: '2023-01-01T00:00:00Z',
-              },
-            ],
+  };
+  
+  const mockQueryBuilder = {
+    select: vi.fn().mockReturnThis(),
+    eq: vi.fn().mockReturnThis(),
+    is: vi.fn().mockResolvedValue({
+      data: [{
+        id: 'membership-1',
+        user_id: userId,
+        organisation_id: orgId,
+        role: 'org_admin',
+        status: 'active',
+        granted_at: '2023-01-01T00:00:00Z',
+        revoked_at: null,
+        core_organisations: mockOrganisation
+      }],
+      error: null
+    })
+  };
+  
+  return {
+    rpc: vi.fn().mockResolvedValue({
+      data: [],
             error: null,
           }),
-        };
+    from: vi.fn((table: string) => {
+      if (table === 'rbac_organisation_roles') {
+        return mockQueryBuilder;
       }
       return {
         select: vi.fn().mockResolvedValue({ data: [], error: null }),