@jmruthers/pace-core 0.5.191 → 0.5.193

package/scripts/check-pace-core-compliance.js

@@ -1,512 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * Static Analysis Script for pace-core Compliance
- * @package @jmruthers/pace-core
- * @module Scripts/check-pace-core-compliance
- * 
- * Scans a consuming app's codebase to check compliance with pace-core usage.
- * Generates a report of violations and suggestions.
- */
-
-const fs = require('fs');
-const path = require('path');
-
-// ANSI color codes for terminal output
-const colors = {
-  reset: '\x1b[0m',
-  red: '\x1b[31m',
-  green: '\x1b[32m',
-  yellow: '\x1b[33m',
-  blue: '\x1b[34m',
-  cyan: '\x1b[36m',
-  bold: '\x1b[1m'
-};
-
-// Load manifest
-function loadManifest() {
-  const manifestPath = path.join(__dirname, '../core-usage-manifest.json');
-  if (!fs.existsSync(manifestPath)) {
-    console.error(`${colors.red}Error: core-usage-manifest.json not found at ${manifestPath}${colors.reset}`);
-    process.exit(1);
-  }
-  return JSON.parse(fs.readFileSync(manifestPath, 'utf8'));
-}
-
-// Find project root (look for package.json, going up from current dir or script location)
-function findProjectRoot(startDir = process.cwd()) {
-  let current = path.resolve(startDir);
-  while (current !== path.dirname(current)) {
-    if (fs.existsSync(path.join(current, 'package.json'))) {
-      return current;
-    }
-    current = path.dirname(current);
-  }
-  return startDir;
-}
-
-// Scan file for violations
-function scanFile(filePath, manifest) {
-  const violations = {
-    restrictedImports: [],
-    duplicateComponents: [],
-    duplicateHooks: [],
-    duplicateUtils: [],
-    suggestions: [],
-    customAuthCode: [],
-    duplicateConfig: [],
-    unprotectedPages: [],
-    directSupabaseAuth: []
-  };
-  
-  const content = fs.readFileSync(filePath, 'utf8');
-  const relativePath = path.relative(process.cwd(), filePath);
-  
-  // Check for restricted imports
-  manifest.restrictedImports.forEach(({ module, reason }) => {
-    const importPattern = new RegExp(`from\\s+['"]${module.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}['"]`, 'g');
-    if (importPattern.test(content)) {
-      violations.restrictedImports.push({
-        module,
-        reason,
-        file: relativePath,
-        line: getLineNumber(content, content.match(importPattern)[0])
-      });
-    }
-    
-    // Also check for @radix-ui/* pattern
-    if (module.startsWith('@radix-ui/')) {
-      const radixPattern = /from\s+['"]@radix-ui\/[^'"]+['"]/g;
-      const matches = content.match(radixPattern);
-      if (matches) {
-        matches.forEach(match => {
-          const matchedModule = match.match(/['"]([^'"]+)['"]/)[1];
-          if (!manifest.restrictedImports.find(ri => ri.module === matchedModule)) {
-            violations.restrictedImports.push({
-              module: matchedModule,
-              reason: 'Use pace-core component instead of direct Radix UI import',
-              file: relativePath,
-              line: getLineNumber(content, match)
-            });
-          }
-        });
-      }
-    }
-  });
-  
-  // Check for duplicate component names
-  const filename = path.basename(filePath);
-  const componentName = filename.replace(/\.(tsx?|jsx?)$/, '').replace(/\.(test|spec)$/, '');
-  
-  if (manifest.components.includes(componentName)) {
-    // Check if this file exports a component
-    if (content.match(/export\s+(default\s+)?(function|const|class)\s+(\w+)?/)) {
-      violations.duplicateComponents.push({
-        component: componentName,
-        file: relativePath
-      });
-    }
-  }
-  
-  // Check for duplicate hook names
-  if (filename.startsWith('use') && filename.endsWith('.ts') || filename.endsWith('.tsx')) {
-    const hookName = filename.replace(/\.(tsx?|jsx?)$/, '').replace(/\.(test|spec)$/, '');
-    if (manifest.hooks.includes(hookName)) {
-      if (content.match(/export\s+(default\s+)?(function|const)\s+(\w+)?/)) {
-        violations.duplicateHooks.push({
-          hook: hookName,
-          file: relativePath
-        });
-      }
-    }
-  }
-  
-  // Check for duplicate util names
-  const utilName = filename.replace(/\.(ts|js)$/, '').replace(/\.(test|spec)$/, '');
-  if (manifest.utils.includes(utilName)) {
-    if (content.match(/export\s+(default\s+)?(function|const)\s+(\w+)?/)) {
-      violations.duplicateUtils.push({
-        util: utilName,
-        file: relativePath
-      });
-    }
-  }
-  
-  // Check for native HTML elements that should use pace-core components
-  const nativeElementPatterns = {
-    '<button': { suggestion: 'Use Button from @jmruthers/pace-core' },
-    '<input': { suggestion: 'Use Input from @jmruthers/pace-core' },
-    '<textarea': { suggestion: 'Use Textarea from @jmruthers/pace-core' },
-    '<label': { suggestion: 'Use Label from @jmruthers/pace-core' }
-  };
-  
-  Object.entries(nativeElementPatterns).forEach(([pattern, { suggestion }]) => {
-    if (content.includes(pattern) && !content.includes('from \'@jmruthers/pace-core\'')) {
-      violations.suggestions.push({
-        type: 'native-element',
-        suggestion,
-        file: relativePath,
-        pattern
-      });
-    }
-  });
-  
-  // ============================================
-  // RBAC/Auth Compliance Checks
-  // ============================================
-  
-  // Check for custom auth/rbac/permission code that doesn't import from pace-core
-  const authRbacPatterns = [
-    // Custom auth hooks
-    { pattern: /export\s+(default\s+)?(function|const)\s+useAuth\s*[=\(]/g, name: 'useAuth', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useLogin\s*[=\(]/g, name: 'useLogin', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useLogout\s*[=\(]/g, name: 'useLogout', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useSession\s*[=\(]/g, name: 'useSession', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useUser\s*[=\(]/g, name: 'useUser', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useAuthentication\s*[=\(]/g, name: 'useAuthentication', type: 'hook' },
-    // Custom RBAC hooks
-    { pattern: /export\s+(default\s+)?(function|const)\s+usePermissions\s*[=\(]/g, name: 'usePermissions', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useCan\s*[=\(]/g, name: 'useCan', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useAccessLevel\s*[=\(]/g, name: 'useAccessLevel', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useRole\s*[=\(]/g, name: 'useRole', type: 'hook' },
-    // Custom RBAC components
-    { pattern: /export\s+(default\s+)?(function|const)\s+PermissionGuard\s*[=\(]/g, name: 'PermissionGuard', type: 'component' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+AuthGuard\s*[=\(]/g, name: 'AuthGuard', type: 'component' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+RoleGuard\s*[=\(]/g, name: 'RoleGuard', type: 'component' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+AccessGuard\s*[=\(]/g, name: 'AccessGuard', type: 'component' },
-    // Custom permission utilities
-    { pattern: /export\s+(default\s+)?(function|const)\s+checkPermission\s*[=\(]/g, name: 'checkPermission', type: 'util' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+hasPermission\s*[=\(]/g, name: 'hasPermission', type: 'util' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+hasAccess\s*[=\(]/g, name: 'hasAccess', type: 'util' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+canAccess\s*[=\(]/g, name: 'canAccess', type: 'util' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+isPermitted\s*[=\(]/g, name: 'isPermitted', type: 'util' }
-  ];
-  
-  // Check if file imports from pace-core for auth/rbac
-  const hasPaceCoreImport = /from\s+['"]@jmruthers\/pace-core/.test(content) || 
-                            /from\s+['"]@jmruthers\/pace-core\/rbac/.test(content) ||
-                            /from\s+['"]@jmruthers\/pace-core\/providers/.test(content);
-  
-  authRbacPatterns.forEach(({ pattern, name, type }) => {
-    if (pattern.test(content) && !hasPaceCoreImport) {
-      violations.customAuthCode.push({
-        name,
-        type,
-        file: relativePath,
-        line: getLineNumber(content, content.match(pattern)[0]),
-        reason: `Custom ${type} '${name}' detected. Use pace-core's ${name} instead.`
-      });
-    }
-  });
-  
-  // Check for duplicate Supabase client configurations
-  const supabaseCreateClientPattern = /createClient\s*\(/g;
-  const supabaseCreateClientMatches = content.match(supabaseCreateClientPattern);
-  if (supabaseCreateClientMatches && supabaseCreateClientMatches.length > 1) {
-    violations.duplicateConfig.push({
-      type: 'supabase-client',
-      file: relativePath,
-      count: supabaseCreateClientMatches.length,
-      reason: `Multiple Supabase client instantiations found (${supabaseCreateClientMatches.length}). Consolidate to a single client configuration.`
-    });
-  }
-  
-  // Check for Supabase URL/key configuration in multiple places
-  const supabaseUrlPattern = /(SUPABASE_URL|VITE_SUPABASE_URL|NEXT_PUBLIC_SUPABASE_URL|REACT_APP_SUPABASE_URL)/g;
-  const supabaseKeyPattern = /(SUPABASE_ANON_KEY|VITE_SUPABASE_PUBLISHABLE_KEY|NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY|REACT_APP_SUPABASE_PUBLISHABLE_KEY)/g;
-  const urlMatches = content.match(supabaseUrlPattern);
-  const keyMatches = content.match(supabaseKeyPattern);
-  
-  if ((urlMatches && urlMatches.length > 2) || (keyMatches && keyMatches.length > 2)) {
-    violations.duplicateConfig.push({
-      type: 'supabase-env',
-      file: relativePath,
-      reason: 'Supabase environment variables referenced multiple times. Consider centralizing configuration.'
-    });
-  }
-  
-  // Check for unprotected pages/routes
-  // Look for route definitions without PagePermissionGuard
-  const routePatterns = [
-    /<Route\s+path=["'][^"']+["']/g,
-    /<Route\s+element\s*=/g,
-    /createBrowserRouter\s*\(/g,
-    /createRoutesFromElements/g
-  ];
-  
-  const isRouteFile = routePatterns.some(pattern => pattern.test(content));
-  const hasPagePermissionGuard = /PagePermissionGuard/.test(content) || 
-                                  /from\s+['"]@jmruthers\/pace-core\/rbac['"]/.test(content);
-  
-  if (isRouteFile && !hasPagePermissionGuard && !relativePath.includes('test') && !relativePath.includes('spec')) {
-    violations.unprotectedPages.push({
-      file: relativePath,
-      reason: 'Route file found without PagePermissionGuard. All routes should be protected with PagePermissionGuard from pace-core.'
-    });
-  }
-  
-  // Check for direct Supabase auth usage (should use UnifiedAuthProvider)
-  const directSupabaseAuthPatterns = [
-    /\.auth\.signIn/g,
-    /\.auth\.signUp/g,
-    /\.auth\.signOut/g,
-    /\.auth\.getSession/g,
-    /\.auth\.getUser/g,
-    /supabase\.auth\./g
-  ];
-  
-  const hasUnifiedAuthImport = /UnifiedAuthProvider/.test(content) || 
-                               /useUnifiedAuth/.test(content) ||
-                               /from\s+['"]@jmruthers\/pace-core\/providers/.test(content);
-  
-  directSupabaseAuthPatterns.forEach(pattern => {
-    if (pattern.test(content) && !hasUnifiedAuthImport && !hasPaceCoreImport) {
-      violations.directSupabaseAuth.push({
-        file: relativePath,
-        line: getLineNumber(content, content.match(pattern)[0]),
-        reason: 'Direct Supabase auth usage detected. Use UnifiedAuthProvider and useUnifiedAuth from pace-core instead.'
-      });
-    }
-  });
-  
-  return violations;
-}
-
-// Get line number for a match
-function getLineNumber(content, match) {
-  const lines = content.substring(0, content.indexOf(match)).split('\n');
-  return lines.length;
-}
-
-// Generate report
-function generateReport(allViolations, manifest) {
-  const totalRestricted = allViolations.restrictedImports.length;
-  const totalDuplicates = 
-    allViolations.duplicateComponents.length +
-    allViolations.duplicateHooks.length +
-    allViolations.duplicateUtils.length;
-  const totalSuggestions = allViolations.suggestions.length;
-  const totalRbacAuth = 
-    allViolations.customAuthCode.length +
-    allViolations.duplicateConfig.length +
-    allViolations.unprotectedPages.length +
-    allViolations.directSupabaseAuth.length;
-  const totalIssues = totalRestricted + totalDuplicates + totalSuggestions + totalRbacAuth;
-  
-  console.log(`\n${colors.bold}${colors.cyan}═══════════════════════════════════════════════════════════${colors.reset}`);
-  console.log(`${colors.bold}${colors.cyan}  pace-core Compliance Report${colors.reset}`);
-  console.log(`${colors.bold}${colors.cyan}═══════════════════════════════════════════════════════════${colors.reset}\n`);
-  
-  // Restricted Imports
-  if (totalRestricted > 0) {
-    console.log(`${colors.red}${colors.bold}❌ Restricted Imports Found: ${totalRestricted}${colors.reset}\n`);
-    allViolations.restrictedImports.forEach(({ module, reason, file, line }) => {
-      console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}:${line}${colors.reset}`);
-      console.log(`    Import: ${colors.cyan}${module}${colors.reset}`);
-      console.log(`    ${colors.yellow}Reason:${colors.reset} ${reason}\n`);
-    });
-  } else {
-    console.log(`${colors.green}✅ No restricted imports found${colors.reset}\n`);
-  }
-  
-  // Duplicate Components
-  if (allViolations.duplicateComponents.length > 0) {
-    console.log(`${colors.red}${colors.bold}❌ Duplicate Components Found: ${allViolations.duplicateComponents.length}${colors.reset}\n`);
-    allViolations.duplicateComponents.forEach(({ component, file }) => {
-      console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}${colors.reset}`);
-      console.log(`    Component '${colors.cyan}${component}${colors.reset}' conflicts with pace-core component`);
-      console.log(`    ${colors.yellow}Suggestion:${colors.reset} Use '${component}' from '@jmruthers/pace-core' instead\n`);
-    });
-  }
-  
-  // Duplicate Hooks
-  if (allViolations.duplicateHooks.length > 0) {
-    console.log(`${colors.red}${colors.bold}❌ Duplicate Hooks Found: ${allViolations.duplicateHooks.length}${colors.reset}\n`);
-    allViolations.duplicateHooks.forEach(({ hook, file }) => {
-      console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}${colors.reset}`);
-      console.log(`    Hook '${colors.cyan}${hook}${colors.reset}' conflicts with pace-core hook`);
-      console.log(`    ${colors.yellow}Suggestion:${colors.reset} Use '${hook}' from '@jmruthers/pace-core' instead\n`);
-    });
-  }
-  
-  // Duplicate Utils
-  if (allViolations.duplicateUtils.length > 0) {
-    console.log(`${colors.red}${colors.bold}❌ Duplicate Utils Found: ${allViolations.duplicateUtils.length}${colors.reset}\n`);
-    allViolations.duplicateUtils.forEach(({ util, file }) => {
-      console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}${colors.reset}`);
-      console.log(`    Util '${colors.cyan}${util}${colors.reset}' conflicts with pace-core util`);
-      console.log(`    ${colors.yellow}Suggestion:${colors.reset} Use '${util}' from '@jmruthers/pace-core' instead\n`);
-    });
-  }
-  
-  // Suggestions
-  if (totalSuggestions > 0) {
-    console.log(`${colors.yellow}${colors.bold}💡 Suggestions: ${totalSuggestions}${colors.reset}\n`);
-    const grouped = {};
-    allViolations.suggestions.forEach(s => {
-      if (!grouped[s.file]) grouped[s.file] = [];
-      grouped[s.file].push(s);
-    });
-    Object.entries(grouped).forEach(([file, suggestions]) => {
-      console.log(`  ${colors.yellow}•${colors.reset} ${colors.yellow}${file}${colors.reset}`);
-      suggestions.forEach(s => {
-        console.log(`    ${s.suggestion}\n`);
-      });
-    });
-  }
-  
-  // RBAC/Auth Compliance Section
-  if (totalRbacAuth > 0) {
-    console.log(`\n${colors.bold}${colors.cyan}═══════════════════════════════════════════════════════════${colors.reset}`);
-    console.log(`${colors.bold}${colors.cyan}  RBAC/Auth Compliance${colors.reset}`);
-    console.log(`${colors.bold}${colors.cyan}═══════════════════════════════════════════════════════════${colors.reset}\n`);
-    
-    // Custom Auth/RBAC Code
-    if (allViolations.customAuthCode.length > 0) {
-      console.log(`${colors.red}${colors.bold}❌ Custom Auth/RBAC Code Found: ${allViolations.customAuthCode.length}${colors.reset}\n`);
-      allViolations.customAuthCode.forEach(({ name, type, file, line, reason }) => {
-        console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}:${line}${colors.reset}`);
-        console.log(`    ${type}: ${colors.cyan}${name}${colors.reset}`);
-        console.log(`    ${colors.yellow}Reason:${colors.reset} ${reason}\n`);
-      });
-    }
-    
-    // Duplicate Configurations
-    if (allViolations.duplicateConfig.length > 0) {
-      console.log(`${colors.red}${colors.bold}❌ Duplicate Configurations Found: ${allViolations.duplicateConfig.length}${colors.reset}\n`);
-      allViolations.duplicateConfig.forEach(({ type, file, count, reason }) => {
-        console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}${colors.reset}`);
-        console.log(`    Type: ${colors.cyan}${type}${colors.reset}${count ? ` (${count} instances)` : ''}`);
-        console.log(`    ${colors.yellow}Reason:${colors.reset} ${reason}\n`);
-      });
-    }
-    
-    // Unprotected Pages
-    if (allViolations.unprotectedPages.length > 0) {
-      console.log(`${colors.red}${colors.bold}❌ Unprotected Pages Found: ${allViolations.unprotectedPages.length}${colors.reset}\n`);
-      allViolations.unprotectedPages.forEach(({ file, reason }) => {
-        console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}${colors.reset}`);
-        console.log(`    ${colors.yellow}Reason:${colors.reset} ${reason}\n`);
-      });
-    }
-    
-    // Direct Supabase Auth Usage
-    if (allViolations.directSupabaseAuth.length > 0) {
-      console.log(`${colors.red}${colors.bold}❌ Direct Supabase Auth Usage Found: ${allViolations.directSupabaseAuth.length}${colors.reset}\n`);
-      allViolations.directSupabaseAuth.forEach(({ file, line, reason }) => {
-        console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}:${line}${colors.reset}`);
-        console.log(`    ${colors.yellow}Reason:${colors.reset} ${reason}\n`);
-      });
-    }
-  } else {
-    console.log(`\n${colors.green}✅ RBAC/Auth compliance: All checks passed${colors.reset}\n`);
-  }
-  
-  // Summary
-  console.log(`${colors.bold}${colors.cyan}═══════════════════════════════════════════════════════════${colors.reset}`);
-  console.log(`${colors.bold}Summary:${colors.reset}`);
-  console.log(`  Total Issues: ${totalIssues > 0 ? colors.red : colors.green}${totalIssues}${colors.reset}`);
-  console.log(`  - Restricted Imports: ${totalRestricted > 0 ? colors.red : colors.green}${totalRestricted}${colors.reset}`);
-  console.log(`  - Duplicate Components/Hooks/Utils: ${totalDuplicates > 0 ? colors.red : colors.green}${totalDuplicates}${colors.reset}`);
-  console.log(`  - Suggestions: ${colors.yellow}${totalSuggestions}${colors.reset}`);
-  console.log(`  - RBAC/Auth Issues: ${totalRbacAuth > 0 ? colors.red : colors.green}${totalRbacAuth}${colors.reset}`);
-  
-  if (totalIssues === 0) {
-    console.log(`\n${colors.green}${colors.bold}✅ Excellent! Your codebase is fully compliant with pace-core standards.${colors.reset}\n`);
-    return 0;
-  } else {
-    console.log(`\n${colors.yellow}${colors.bold}⚠️  Please review the issues above and migrate to pace-core components/hooks/utils.${colors.reset}\n`);
-    return 1;
-  }
-}
-
-// Recursively find source files
-function findSourceFiles(dir, fileList = []) {
-  const ignoreDirs = ['node_modules', 'dist', 'build', '.next', 'coverage', '__tests__', '__mocks__'];
-  const ignoreFiles = /\.(test|spec)\.(ts|tsx|js|jsx)$/;
-  const sourceExtensions = /\.(ts|tsx|js|jsx)$/;
-  
-  try {
-    const items = fs.readdirSync(dir);
-    
-    items.forEach(item => {
-      const fullPath = path.join(dir, item);
-      const stat = fs.statSync(fullPath);
-      
-      if (stat.isDirectory()) {
-        if (!ignoreDirs.includes(item) && !item.startsWith('.')) {
-          findSourceFiles(fullPath, fileList);
-        }
-      } else if (stat.isFile()) {
-        if (sourceExtensions.test(item) && !ignoreFiles.test(item)) {
-          fileList.push(fullPath);
-        }
-      }
-    });
-  } catch (error) {
-    // Skip directories we can't read
-  }
-  
-  return fileList;
-}
-
-// Main function
-function main() {
-  const manifest = loadManifest();
-  const projectRoot = findProjectRoot();
-  
-  console.log(`${colors.cyan}Scanning project at: ${projectRoot}${colors.reset}`);
-  
-  // Find all TypeScript/JavaScript files (excluding node_modules, dist, etc.)
-  const files = findSourceFiles(projectRoot);
-  
-  console.log(`Found ${files.length} files to scan...\n`);
-  
-  // Scan all files
-  const allViolations = {
-    restrictedImports: [],
-    duplicateComponents: [],
-    duplicateHooks: [],
-    duplicateUtils: [],
-    suggestions: [],
-    customAuthCode: [],
-    duplicateConfig: [],
-    unprotectedPages: [],
-    directSupabaseAuth: []
-  };
-  
-  files.forEach(file => {
-    try {
-      const violations = scanFile(file, manifest);
-      allViolations.restrictedImports.push(...violations.restrictedImports);
-      allViolations.duplicateComponents.push(...violations.duplicateComponents);
-      allViolations.duplicateHooks.push(...violations.duplicateHooks);
-      allViolations.duplicateUtils.push(...violations.duplicateUtils);
-      allViolations.suggestions.push(...violations.suggestions);
-      allViolations.customAuthCode.push(...violations.customAuthCode);
-      allViolations.duplicateConfig.push(...violations.duplicateConfig);
-      allViolations.unprotectedPages.push(...violations.unprotectedPages);
-      allViolations.directSupabaseAuth.push(...violations.directSupabaseAuth);
-    } catch (error) {
-      console.error(`${colors.red}Error scanning ${file}: ${error.message}${colors.reset}`);
-    }
-  });
-  
-  // Generate and display report
-  const exitCode = generateReport(allViolations, manifest);
-  process.exit(exitCode);
-}
-
-// Run if called directly
-if (require.main === module) {
-  try {
-    main();
-  } catch (error) {
-    console.error(`${colors.red}Error: ${error.message}${colors.reset}`);
-    console.error(error.stack);
-    process.exit(1);
-  }
-}
-
-module.exports = { main, scanFile, generateReport };
-

package/src/rbac/hooks/useSuperAdminBypass.ts

@@ -1,126 +0,0 @@
-/**
- * @file useSuperAdminBypass
- * @package @jmruthers/pace-core
- *
- * Detects whether the current user is a super admin, keeps the
- * server session override flag in sync, and exposes a boolean
- * that downstream hooks can use to bypass organisation scoping.
- */
-
-import { useEffect, useMemo, useRef, useState } from 'react';
-import { useUnifiedAuth, type UnifiedAuthContextType } from '../../providers/services/UnifiedAuthProvider';
-import { isSuperAdmin as fetchIsSuperAdmin } from '../api';
-import { setSuperAdminOverrideFlag } from '../../utils/context/superAdminOverride';
-import { createLogger } from '../../utils/core/logger';
-
-const log = createLogger('useSuperAdminBypass');
-
-export interface SuperAdminBypassState {
-  /** True when the user has been verified as a super admin */
-  isSuperAdmin: boolean;
-  /** True while the hook is checking the server */
-  isLoading: boolean;
-  /** Error returned by the verification request, if any */
-  error: Error | null;
-}
-
-function useSafeUnifiedAuth(): UnifiedAuthContextType | null {
-  try {
-    return useUnifiedAuth();
-  } catch (error) {
-    log.debug('useSuperAdminBypass', 'UnifiedAuthProvider not available, falling back to defaults', {
-      error: error instanceof Error ? error.message : error
-    });
-    return null;
-  }
-}
-
-export function useSuperAdminBypass(): SuperAdminBypassState {
-  const authContext = useSafeUnifiedAuth();
-  const user = authContext?.user ?? null;
-  const supabase = authContext?.supabase ?? null;
-  const metadataHint =
-    Boolean(user?.app_metadata?.is_super_admin) ||
-    Boolean(user?.user_metadata?.is_super_admin);
-
-  const [isSuperAdminState, setIsSuperAdminState] = useState<boolean>(metadataHint);
-  const [hasVerified, setHasVerified] = useState<boolean>(!user?.id);
-  const [isLoading, setIsLoading] = useState<boolean>(!!user?.id);
-  const [error, setError] = useState<Error | null>(null);
-  const lastOverrideValueRef = useRef<boolean | null>(null);
-
-  // Verify against the RBAC engine whenever the user changes
-  useEffect(() => {
-    if (!user?.id) {
-      setIsSuperAdminState(false);
-      setHasVerified(true);
-      setIsLoading(false);
-      setError(null);
-      return;
-    }
-
-    let cancelled = false;
-    setIsLoading(true);
-    setError(null);
-
-    fetchIsSuperAdmin(user.id)
-      .then((result) => {
-        if (cancelled) {
-          return;
-        }
-        setIsSuperAdminState(result);
-        setHasVerified(true);
-      })
-      .catch((err) => {
-        if (cancelled) {
-          return;
-        }
-        const normalisedError =
-          err instanceof Error ? err : new Error('Failed to resolve super admin status');
-        setError(normalisedError);
-        setIsSuperAdminState(false);
-        setHasVerified(false);
-        log.error('Unable to verify super admin status', normalisedError);
-      })
-      .finally(() => {
-        if (!cancelled) {
-          setIsLoading(false);
-        }
-      });
-
-    return () => {
-      cancelled = true;
-    };
-  }, [user?.id]);
-
-  const shouldBypass = hasVerified && isSuperAdminState;
-
-  // Keep the database session flag in sync for auditing/RLS helpers
-  useEffect(() => {
-    if (!supabase) {
-      return;
-    }
-    if (lastOverrideValueRef.current === shouldBypass) {
-      return;
-    }
-    lastOverrideValueRef.current = shouldBypass;
-
-    setSuperAdminOverrideFlag({
-      supabase,
-      enabled: shouldBypass,
-      reason: 'pace-core-super-admin-bypass'
-    }).catch(() => {
-      // Errors are logged inside the helper
-    });
-  }, [supabase, shouldBypass]);
-
-  return useMemo(
-    () => ({
-      isSuperAdmin: shouldBypass,
-      isLoading,
-      error
-    }),
-    [shouldBypass, isLoading, error]
-  );
-}
-

package/src/utils/context/superAdminOverride.ts

@@ -1,58 +0,0 @@
-/**
- * @file Super Admin Override Utility
- * @package @jmruthers/pace-core
- * @module Utils/SuperAdminOverride
- *
- * Provides helpers for toggling the database session flag that
- * signals a super admin override. This ensures SECURITY DEFINER
- * functions and RLS policies can audit elevated operations.
- */
-
-import type { SupabaseClient } from '@supabase/supabase-js';
-import { createLogger } from '../core/logger';
-
-const log = createLogger('superAdminOverride');
-
-interface SuperAdminOverrideParams {
-  supabase: SupabaseClient | null | undefined;
-  enabled: boolean;
-  reason?: string;
-}
-
-/**
- * Toggle the super admin override flag in the current Supabase session.
- * Also records the action server-side for audit purposes.
- */
-export async function setSuperAdminOverrideFlag({
-  supabase,
-  enabled,
-  reason = 'client_request'
-}: SuperAdminOverrideParams): Promise<void> {
-  if (!supabase) {
-    return;
-  }
-
-  try {
-    const { error } = await supabase.rpc('set_super_admin_override', {
-      p_enabled: enabled,
-      p_reason: reason
-    });
-
-    if (error) {
-      log.error('Failed to toggle super admin override', {
-        enabled,
-        reason,
-        error: error.message
-      });
-    } else {
-      log.debug('Super admin override flag updated', { enabled, reason });
-    }
-  } catch (rpcError) {
-    log.error('Unexpected error toggling super admin override', {
-      enabled,
-      reason,
-      error: rpcError instanceof Error ? rpcError.message : rpcError
-    });
-  }
-}
-