npm - @jmruthers/pace-core - Versions diffs - 0.5.191 → 0.6.1 - Mend

@jmruthers/pace-core 0.5.191 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (380) hide show

package/scripts/check-pace-core-compliance.js DELETED Viewed

@@ -1,512 +0,0 @@
-#!/usr/bin/env node
-/**
- * Static Analysis Script for pace-core Compliance
- * @package @jmruthers/pace-core
- * @module Scripts/check-pace-core-compliance
- *
- * Scans a consuming app's codebase to check compliance with pace-core usage.
- * Generates a report of violations and suggestions.
- */
-const fs = require('fs');
-const path = require('path');
-// ANSI color codes for terminal output
-const colors = {
-  reset: '\x1b[0m',
-  red: '\x1b[31m',
-  green: '\x1b[32m',
-  yellow: '\x1b[33m',
-  blue: '\x1b[34m',
-  cyan: '\x1b[36m',
-  bold: '\x1b[1m'
-};
-// Load manifest
-function loadManifest() {
-  const manifestPath = path.join(__dirname, '../core-usage-manifest.json');
-  if (!fs.existsSync(manifestPath)) {
-    console.error(`${colors.red}Error: core-usage-manifest.json not found at ${manifestPath}${colors.reset}`);
-    process.exit(1);
-  }
-  return JSON.parse(fs.readFileSync(manifestPath, 'utf8'));
-}
-// Find project root (look for package.json, going up from current dir or script location)
-function findProjectRoot(startDir = process.cwd()) {
-  let current = path.resolve(startDir);
-  while (current !== path.dirname(current)) {
-    if (fs.existsSync(path.join(current, 'package.json'))) {
-      return current;
-    }
-    current = path.dirname(current);
-  }
-  return startDir;
-}
-// Scan file for violations
-function scanFile(filePath, manifest) {
-  const violations = {
-    restrictedImports: [],
-    duplicateComponents: [],
-    duplicateHooks: [],
-    duplicateUtils: [],
-    suggestions: [],
-    customAuthCode: [],
-    duplicateConfig: [],
-    unprotectedPages: [],
-    directSupabaseAuth: []
-  };
-  const content = fs.readFileSync(filePath, 'utf8');
-  const relativePath = path.relative(process.cwd(), filePath);
-  // Check for restricted imports
-  manifest.restrictedImports.forEach(({ module, reason }) => {
-    const importPattern = new RegExp(`from\\s+['"]${module.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}['"]`, 'g');
-    if (importPattern.test(content)) {
-      violations.restrictedImports.push({
-        module,
-        reason,
-        file: relativePath,
-        line: getLineNumber(content, content.match(importPattern)[0])
-      });
-    }
-    // Also check for @radix-ui/* pattern
-    if (module.startsWith('@radix-ui/')) {
-      const radixPattern = /from\s+['"]@radix-ui\/[^'"]+['"]/g;
-      const matches = content.match(radixPattern);
-      if (matches) {
-        matches.forEach(match => {
-          const matchedModule = match.match(/['"]([^'"]+)['"]/)[1];
-          if (!manifest.restrictedImports.find(ri => ri.module === matchedModule)) {
-            violations.restrictedImports.push({
-              module: matchedModule,
-              reason: 'Use pace-core component instead of direct Radix UI import',
-              file: relativePath,
-              line: getLineNumber(content, match)
-            });
-          }
-        });
-      }
-    }
-  });
-  // Check for duplicate component names
-  const filename = path.basename(filePath);
-  const componentName = filename.replace(/\.(tsx?|jsx?)$/, '').replace(/\.(test|spec)$/, '');
-  if (manifest.components.includes(componentName)) {
-    // Check if this file exports a component
-    if (content.match(/export\s+(default\s+)?(function|const|class)\s+(\w+)?/)) {
-      violations.duplicateComponents.push({
-        component: componentName,
-        file: relativePath
-      });
-    }
-  }
-  // Check for duplicate hook names
-  if (filename.startsWith('use') && filename.endsWith('.ts') || filename.endsWith('.tsx')) {
-    const hookName = filename.replace(/\.(tsx?|jsx?)$/, '').replace(/\.(test|spec)$/, '');
-    if (manifest.hooks.includes(hookName)) {
-      if (content.match(/export\s+(default\s+)?(function|const)\s+(\w+)?/)) {
-        violations.duplicateHooks.push({
-          hook: hookName,
-          file: relativePath
-        });
-      }
-    }
-  }
-  // Check for duplicate util names
-  const utilName = filename.replace(/\.(ts|js)$/, '').replace(/\.(test|spec)$/, '');
-  if (manifest.utils.includes(utilName)) {
-    if (content.match(/export\s+(default\s+)?(function|const)\s+(\w+)?/)) {
-      violations.duplicateUtils.push({
-        util: utilName,
-        file: relativePath
-      });
-    }
-  }
-  // Check for native HTML elements that should use pace-core components
-  const nativeElementPatterns = {
-    '<button': { suggestion: 'Use Button from @jmruthers/pace-core' },
-    '<input': { suggestion: 'Use Input from @jmruthers/pace-core' },
-    '<textarea': { suggestion: 'Use Textarea from @jmruthers/pace-core' },
-    '<label': { suggestion: 'Use Label from @jmruthers/pace-core' }
-  };
-  Object.entries(nativeElementPatterns).forEach(([pattern, { suggestion }]) => {
-    if (content.includes(pattern) && !content.includes('from \'@jmruthers/pace-core\'')) {
-      violations.suggestions.push({
-        type: 'native-element',
-        suggestion,
-        file: relativePath,
-        pattern
-      });
-    }
-  });
-  // ============================================
-  // RBAC/Auth Compliance Checks
-  // ============================================
-  // Check for custom auth/rbac/permission code that doesn't import from pace-core
-  const authRbacPatterns = [
-    // Custom auth hooks
-    { pattern: /export\s+(default\s+)?(function|const)\s+useAuth\s*[=\(]/g, name: 'useAuth', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useLogin\s*[=\(]/g, name: 'useLogin', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useLogout\s*[=\(]/g, name: 'useLogout', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useSession\s*[=\(]/g, name: 'useSession', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useUser\s*[=\(]/g, name: 'useUser', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useAuthentication\s*[=\(]/g, name: 'useAuthentication', type: 'hook' },
-    // Custom RBAC hooks
-    { pattern: /export\s+(default\s+)?(function|const)\s+usePermissions\s*[=\(]/g, name: 'usePermissions', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useCan\s*[=\(]/g, name: 'useCan', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useAccessLevel\s*[=\(]/g, name: 'useAccessLevel', type: 'hook' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+useRole\s*[=\(]/g, name: 'useRole', type: 'hook' },
-    // Custom RBAC components
-    { pattern: /export\s+(default\s+)?(function|const)\s+PermissionGuard\s*[=\(]/g, name: 'PermissionGuard', type: 'component' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+AuthGuard\s*[=\(]/g, name: 'AuthGuard', type: 'component' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+RoleGuard\s*[=\(]/g, name: 'RoleGuard', type: 'component' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+AccessGuard\s*[=\(]/g, name: 'AccessGuard', type: 'component' },
-    // Custom permission utilities
-    { pattern: /export\s+(default\s+)?(function|const)\s+checkPermission\s*[=\(]/g, name: 'checkPermission', type: 'util' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+hasPermission\s*[=\(]/g, name: 'hasPermission', type: 'util' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+hasAccess\s*[=\(]/g, name: 'hasAccess', type: 'util' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+canAccess\s*[=\(]/g, name: 'canAccess', type: 'util' },
-    { pattern: /export\s+(default\s+)?(function|const)\s+isPermitted\s*[=\(]/g, name: 'isPermitted', type: 'util' }
-  ];
-  // Check if file imports from pace-core for auth/rbac
-  const hasPaceCoreImport = /from\s+['"]@jmruthers\/pace-core/.test(content) ||
-                            /from\s+['"]@jmruthers\/pace-core\/rbac/.test(content) ||
-                            /from\s+['"]@jmruthers\/pace-core\/providers/.test(content);
-  authRbacPatterns.forEach(({ pattern, name, type }) => {
-    if (pattern.test(content) && !hasPaceCoreImport) {
-      violations.customAuthCode.push({
-        name,
-        type,
-        file: relativePath,
-        line: getLineNumber(content, content.match(pattern)[0]),
-        reason: `Custom ${type} '${name}' detected. Use pace-core's ${name} instead.`
-      });
-    }
-  });
-  // Check for duplicate Supabase client configurations
-  const supabaseCreateClientPattern = /createClient\s*\(/g;
-  const supabaseCreateClientMatches = content.match(supabaseCreateClientPattern);
-  if (supabaseCreateClientMatches && supabaseCreateClientMatches.length > 1) {
-    violations.duplicateConfig.push({
-      type: 'supabase-client',
-      file: relativePath,
-      count: supabaseCreateClientMatches.length,
-      reason: `Multiple Supabase client instantiations found (${supabaseCreateClientMatches.length}). Consolidate to a single client configuration.`
-    });
-  }
-  // Check for Supabase URL/key configuration in multiple places
-  const supabaseUrlPattern = /(SUPABASE_URL|VITE_SUPABASE_URL|NEXT_PUBLIC_SUPABASE_URL|REACT_APP_SUPABASE_URL)/g;
-  const supabaseKeyPattern = /(SUPABASE_ANON_KEY|VITE_SUPABASE_PUBLISHABLE_KEY|NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY|REACT_APP_SUPABASE_PUBLISHABLE_KEY)/g;
-  const urlMatches = content.match(supabaseUrlPattern);
-  const keyMatches = content.match(supabaseKeyPattern);
-  if ((urlMatches && urlMatches.length > 2) || (keyMatches && keyMatches.length > 2)) {
-    violations.duplicateConfig.push({
-      type: 'supabase-env',
-      file: relativePath,
-      reason: 'Supabase environment variables referenced multiple times. Consider centralizing configuration.'
-    });
-  }
-  // Check for unprotected pages/routes
-  // Look for route definitions without PagePermissionGuard
-  const routePatterns = [
-    /<Route\s+path=["'][^"']+["']/g,
-    /<Route\s+element\s*=/g,
-    /createBrowserRouter\s*\(/g,
-    /createRoutesFromElements/g
-  ];
-  const isRouteFile = routePatterns.some(pattern => pattern.test(content));
-  const hasPagePermissionGuard = /PagePermissionGuard/.test(content) ||
-                                  /from\s+['"]@jmruthers\/pace-core\/rbac['"]/.test(content);
-  if (isRouteFile && !hasPagePermissionGuard && !relativePath.includes('test') && !relativePath.includes('spec')) {
-    violations.unprotectedPages.push({
-      file: relativePath,
-      reason: 'Route file found without PagePermissionGuard. All routes should be protected with PagePermissionGuard from pace-core.'
-    });
-  }
-  // Check for direct Supabase auth usage (should use UnifiedAuthProvider)
-  const directSupabaseAuthPatterns = [
-    /\.auth\.signIn/g,
-    /\.auth\.signUp/g,
-    /\.auth\.signOut/g,
-    /\.auth\.getSession/g,
-    /\.auth\.getUser/g,
-    /supabase\.auth\./g
-  ];
-  const hasUnifiedAuthImport = /UnifiedAuthProvider/.test(content) ||
-                               /useUnifiedAuth/.test(content) ||
-                               /from\s+['"]@jmruthers\/pace-core\/providers/.test(content);
-  directSupabaseAuthPatterns.forEach(pattern => {
-    if (pattern.test(content) && !hasUnifiedAuthImport && !hasPaceCoreImport) {
-      violations.directSupabaseAuth.push({
-        file: relativePath,
-        line: getLineNumber(content, content.match(pattern)[0]),
-        reason: 'Direct Supabase auth usage detected. Use UnifiedAuthProvider and useUnifiedAuth from pace-core instead.'
-      });
-    }
-  });
-  return violations;
-}
-// Get line number for a match
-function getLineNumber(content, match) {
-  const lines = content.substring(0, content.indexOf(match)).split('\n');
-  return lines.length;
-}
-// Generate report
-function generateReport(allViolations, manifest) {
-  const totalRestricted = allViolations.restrictedImports.length;
-  const totalDuplicates =
-    allViolations.duplicateComponents.length +
-    allViolations.duplicateHooks.length +
-    allViolations.duplicateUtils.length;
-  const totalSuggestions = allViolations.suggestions.length;
-  const totalRbacAuth =
-    allViolations.customAuthCode.length +
-    allViolations.duplicateConfig.length +
-    allViolations.unprotectedPages.length +
-    allViolations.directSupabaseAuth.length;
-  const totalIssues = totalRestricted + totalDuplicates + totalSuggestions + totalRbacAuth;
-  console.log(`\n${colors.bold}${colors.cyan}═══════════════════════════════════════════════════════════${colors.reset}`);
-  console.log(`${colors.bold}${colors.cyan}  pace-core Compliance Report${colors.reset}`);
-  console.log(`${colors.bold}${colors.cyan}═══════════════════════════════════════════════════════════${colors.reset}\n`);
-  // Restricted Imports
-  if (totalRestricted > 0) {
-    console.log(`${colors.red}${colors.bold}❌ Restricted Imports Found: ${totalRestricted}${colors.reset}\n`);
-    allViolations.restrictedImports.forEach(({ module, reason, file, line }) => {
-      console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}:${line}${colors.reset}`);
-      console.log(`    Import: ${colors.cyan}${module}${colors.reset}`);
-      console.log(`    ${colors.yellow}Reason:${colors.reset} ${reason}\n`);
-    });
-  } else {
-    console.log(`${colors.green}✅ No restricted imports found${colors.reset}\n`);
-  }
-  // Duplicate Components
-  if (allViolations.duplicateComponents.length > 0) {
-    console.log(`${colors.red}${colors.bold}❌ Duplicate Components Found: ${allViolations.duplicateComponents.length}${colors.reset}\n`);
-    allViolations.duplicateComponents.forEach(({ component, file }) => {
-      console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}${colors.reset}`);
-      console.log(`    Component '${colors.cyan}${component}${colors.reset}' conflicts with pace-core component`);
-      console.log(`    ${colors.yellow}Suggestion:${colors.reset} Use '${component}' from '@jmruthers/pace-core' instead\n`);
-    });
-  }
-  // Duplicate Hooks
-  if (allViolations.duplicateHooks.length > 0) {
-    console.log(`${colors.red}${colors.bold}❌ Duplicate Hooks Found: ${allViolations.duplicateHooks.length}${colors.reset}\n`);
-    allViolations.duplicateHooks.forEach(({ hook, file }) => {
-      console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}${colors.reset}`);
-      console.log(`    Hook '${colors.cyan}${hook}${colors.reset}' conflicts with pace-core hook`);
-      console.log(`    ${colors.yellow}Suggestion:${colors.reset} Use '${hook}' from '@jmruthers/pace-core' instead\n`);
-    });
-  }
-  // Duplicate Utils
-  if (allViolations.duplicateUtils.length > 0) {
-    console.log(`${colors.red}${colors.bold}❌ Duplicate Utils Found: ${allViolations.duplicateUtils.length}${colors.reset}\n`);
-    allViolations.duplicateUtils.forEach(({ util, file }) => {
-      console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}${colors.reset}`);
-      console.log(`    Util '${colors.cyan}${util}${colors.reset}' conflicts with pace-core util`);
-      console.log(`    ${colors.yellow}Suggestion:${colors.reset} Use '${util}' from '@jmruthers/pace-core' instead\n`);
-    });
-  }
-  // Suggestions
-  if (totalSuggestions > 0) {
-    console.log(`${colors.yellow}${colors.bold}💡 Suggestions: ${totalSuggestions}${colors.reset}\n`);
-    const grouped = {};
-    allViolations.suggestions.forEach(s => {
-      if (!grouped[s.file]) grouped[s.file] = [];
-      grouped[s.file].push(s);
-    });
-    Object.entries(grouped).forEach(([file, suggestions]) => {
-      console.log(`  ${colors.yellow}•${colors.reset} ${colors.yellow}${file}${colors.reset}`);
-      suggestions.forEach(s => {
-        console.log(`    ${s.suggestion}\n`);
-      });
-    });
-  }
-  // RBAC/Auth Compliance Section
-  if (totalRbacAuth > 0) {
-    console.log(`\n${colors.bold}${colors.cyan}═══════════════════════════════════════════════════════════${colors.reset}`);
-    console.log(`${colors.bold}${colors.cyan}  RBAC/Auth Compliance${colors.reset}`);
-    console.log(`${colors.bold}${colors.cyan}═══════════════════════════════════════════════════════════${colors.reset}\n`);
-    // Custom Auth/RBAC Code
-    if (allViolations.customAuthCode.length > 0) {
-      console.log(`${colors.red}${colors.bold}❌ Custom Auth/RBAC Code Found: ${allViolations.customAuthCode.length}${colors.reset}\n`);
-      allViolations.customAuthCode.forEach(({ name, type, file, line, reason }) => {
-        console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}:${line}${colors.reset}`);
-        console.log(`    ${type}: ${colors.cyan}${name}${colors.reset}`);
-        console.log(`    ${colors.yellow}Reason:${colors.reset} ${reason}\n`);
-      });
-    }
-    // Duplicate Configurations
-    if (allViolations.duplicateConfig.length > 0) {
-      console.log(`${colors.red}${colors.bold}❌ Duplicate Configurations Found: ${allViolations.duplicateConfig.length}${colors.reset}\n`);
-      allViolations.duplicateConfig.forEach(({ type, file, count, reason }) => {
-        console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}${colors.reset}`);
-        console.log(`    Type: ${colors.cyan}${type}${colors.reset}${count ? ` (${count} instances)` : ''}`);
-        console.log(`    ${colors.yellow}Reason:${colors.reset} ${reason}\n`);
-      });
-    }
-    // Unprotected Pages
-    if (allViolations.unprotectedPages.length > 0) {
-      console.log(`${colors.red}${colors.bold}❌ Unprotected Pages Found: ${allViolations.unprotectedPages.length}${colors.reset}\n`);
-      allViolations.unprotectedPages.forEach(({ file, reason }) => {
-        console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}${colors.reset}`);
-        console.log(`    ${colors.yellow}Reason:${colors.reset} ${reason}\n`);
-      });
-    }
-    // Direct Supabase Auth Usage
-    if (allViolations.directSupabaseAuth.length > 0) {
-      console.log(`${colors.red}${colors.bold}❌ Direct Supabase Auth Usage Found: ${allViolations.directSupabaseAuth.length}${colors.reset}\n`);
-      allViolations.directSupabaseAuth.forEach(({ file, line, reason }) => {
-        console.log(`  ${colors.red}•${colors.reset} ${colors.yellow}${file}:${line}${colors.reset}`);
-        console.log(`    ${colors.yellow}Reason:${colors.reset} ${reason}\n`);
-      });
-    }
-  } else {
-    console.log(`\n${colors.green}✅ RBAC/Auth compliance: All checks passed${colors.reset}\n`);
-  }
-  // Summary
-  console.log(`${colors.bold}${colors.cyan}═══════════════════════════════════════════════════════════${colors.reset}`);
-  console.log(`${colors.bold}Summary:${colors.reset}`);
-  console.log(`  Total Issues: ${totalIssues > 0 ? colors.red : colors.green}${totalIssues}${colors.reset}`);
-  console.log(`  - Restricted Imports: ${totalRestricted > 0 ? colors.red : colors.green}${totalRestricted}${colors.reset}`);
-  console.log(`  - Duplicate Components/Hooks/Utils: ${totalDuplicates > 0 ? colors.red : colors.green}${totalDuplicates}${colors.reset}`);
-  console.log(`  - Suggestions: ${colors.yellow}${totalSuggestions}${colors.reset}`);
-  console.log(`  - RBAC/Auth Issues: ${totalRbacAuth > 0 ? colors.red : colors.green}${totalRbacAuth}${colors.reset}`);
-  if (totalIssues === 0) {
-    console.log(`\n${colors.green}${colors.bold}✅ Excellent! Your codebase is fully compliant with pace-core standards.${colors.reset}\n`);
-    return 0;
-  } else {
-    console.log(`\n${colors.yellow}${colors.bold}⚠️  Please review the issues above and migrate to pace-core components/hooks/utils.${colors.reset}\n`);
-    return 1;
-  }
-}
-// Recursively find source files
-function findSourceFiles(dir, fileList = []) {
-  const ignoreDirs = ['node_modules', 'dist', 'build', '.next', 'coverage', '__tests__', '__mocks__'];
-  const ignoreFiles = /\.(test|spec)\.(ts|tsx|js|jsx)$/;
-  const sourceExtensions = /\.(ts|tsx|js|jsx)$/;
-  try {
-    const items = fs.readdirSync(dir);
-    items.forEach(item => {
-      const fullPath = path.join(dir, item);
-      const stat = fs.statSync(fullPath);
-      if (stat.isDirectory()) {
-        if (!ignoreDirs.includes(item) && !item.startsWith('.')) {
-          findSourceFiles(fullPath, fileList);
-        }
-      } else if (stat.isFile()) {
-        if (sourceExtensions.test(item) && !ignoreFiles.test(item)) {
-          fileList.push(fullPath);
-        }
-      }
-    });
-  } catch (error) {
-    // Skip directories we can't read
-  }
-  return fileList;
-}
-// Main function
-function main() {
-  const manifest = loadManifest();
-  const projectRoot = findProjectRoot();
-  console.log(`${colors.cyan}Scanning project at: ${projectRoot}${colors.reset}`);
-  // Find all TypeScript/JavaScript files (excluding node_modules, dist, etc.)
-  const files = findSourceFiles(projectRoot);
-  console.log(`Found ${files.length} files to scan...\n`);
-  // Scan all files
-  const allViolations = {
-    restrictedImports: [],
-    duplicateComponents: [],
-    duplicateHooks: [],
-    duplicateUtils: [],
-    suggestions: [],
-    customAuthCode: [],
-    duplicateConfig: [],
-    unprotectedPages: [],
-    directSupabaseAuth: []
-  };
-  files.forEach(file => {
-    try {
-      const violations = scanFile(file, manifest);
-      allViolations.restrictedImports.push(...violations.restrictedImports);
-      allViolations.duplicateComponents.push(...violations.duplicateComponents);
-      allViolations.duplicateHooks.push(...violations.duplicateHooks);
-      allViolations.duplicateUtils.push(...violations.duplicateUtils);
-      allViolations.suggestions.push(...violations.suggestions);
-      allViolations.customAuthCode.push(...violations.customAuthCode);
-      allViolations.duplicateConfig.push(...violations.duplicateConfig);
-      allViolations.unprotectedPages.push(...violations.unprotectedPages);
-      allViolations.directSupabaseAuth.push(...violations.directSupabaseAuth);
-    } catch (error) {
-      console.error(`${colors.red}Error scanning ${file}: ${error.message}${colors.reset}`);
-    }
-  });
-  // Generate and display report
-  const exitCode = generateReport(allViolations, manifest);
-  process.exit(exitCode);
-}
-// Run if called directly
-if (require.main === module) {
-  try {
-    main();
-  } catch (error) {
-    console.error(`${colors.red}Error: ${error.message}${colors.reset}`);
-    console.error(error.stack);
-    process.exit(1);
-  }
-}
-module.exports = { main, scanFile, generateReport };

package/src/rbac/hooks/useSuperAdminBypass.ts DELETED Viewed

@@ -1,126 +0,0 @@
-/**
- * @file useSuperAdminBypass
- * @package @jmruthers/pace-core
- *
- * Detects whether the current user is a super admin, keeps the
- * server session override flag in sync, and exposes a boolean
- * that downstream hooks can use to bypass organisation scoping.
- */
-import { useEffect, useMemo, useRef, useState } from 'react';
-import { useUnifiedAuth, type UnifiedAuthContextType } from '../../providers/services/UnifiedAuthProvider';
-import { isSuperAdmin as fetchIsSuperAdmin } from '../api';
-import { setSuperAdminOverrideFlag } from '../../utils/context/superAdminOverride';
-import { createLogger } from '../../utils/core/logger';
-const log = createLogger('useSuperAdminBypass');
-export interface SuperAdminBypassState {
-  /** True when the user has been verified as a super admin */
-  isSuperAdmin: boolean;
-  /** True while the hook is checking the server */
-  isLoading: boolean;
-  /** Error returned by the verification request, if any */
-  error: Error | null;
-}
-function useSafeUnifiedAuth(): UnifiedAuthContextType | null {
-  try {
-    return useUnifiedAuth();
-  } catch (error) {
-    log.debug('useSuperAdminBypass', 'UnifiedAuthProvider not available, falling back to defaults', {
-      error: error instanceof Error ? error.message : error
-    });
-    return null;
-  }
-}
-export function useSuperAdminBypass(): SuperAdminBypassState {
-  const authContext = useSafeUnifiedAuth();
-  const user = authContext?.user ?? null;
-  const supabase = authContext?.supabase ?? null;
-  const metadataHint =
-    Boolean(user?.app_metadata?.is_super_admin) ||
-    Boolean(user?.user_metadata?.is_super_admin);
-  const [isSuperAdminState, setIsSuperAdminState] = useState<boolean>(metadataHint);
-  const [hasVerified, setHasVerified] = useState<boolean>(!user?.id);
-  const [isLoading, setIsLoading] = useState<boolean>(!!user?.id);
-  const [error, setError] = useState<Error | null>(null);
-  const lastOverrideValueRef = useRef<boolean | null>(null);
-  // Verify against the RBAC engine whenever the user changes
-  useEffect(() => {
-    if (!user?.id) {
-      setIsSuperAdminState(false);
-      setHasVerified(true);
-      setIsLoading(false);
-      setError(null);
-      return;
-    }
-    let cancelled = false;
-    setIsLoading(true);
-    setError(null);
-    fetchIsSuperAdmin(user.id)
-      .then((result) => {
-        if (cancelled) {
-          return;
-        }
-        setIsSuperAdminState(result);
-        setHasVerified(true);
-      })
-      .catch((err) => {
-        if (cancelled) {
-          return;
-        }
-        const normalisedError =
-          err instanceof Error ? err : new Error('Failed to resolve super admin status');
-        setError(normalisedError);
-        setIsSuperAdminState(false);
-        setHasVerified(false);
-        log.error('Unable to verify super admin status', normalisedError);
-      })
-      .finally(() => {
-        if (!cancelled) {
-          setIsLoading(false);
-        }
-      });
-    return () => {
-      cancelled = true;
-    };
-  }, [user?.id]);
-  const shouldBypass = hasVerified && isSuperAdminState;
-  // Keep the database session flag in sync for auditing/RLS helpers
-  useEffect(() => {
-    if (!supabase) {
-      return;
-    }
-    if (lastOverrideValueRef.current === shouldBypass) {
-      return;
-    }
-    lastOverrideValueRef.current = shouldBypass;
-    setSuperAdminOverrideFlag({
-      supabase,
-      enabled: shouldBypass,
-      reason: 'pace-core-super-admin-bypass'
-    }).catch(() => {
-      // Errors are logged inside the helper
-    });
-  }, [supabase, shouldBypass]);
-  return useMemo(
-    () => ({
-      isSuperAdmin: shouldBypass,
-      isLoading,
-      error
-    }),
-    [shouldBypass, isLoading, error]
-  );
-}

package/src/utils/context/superAdminOverride.ts DELETED Viewed

@@ -1,58 +0,0 @@
-/**
- * @file Super Admin Override Utility
- * @package @jmruthers/pace-core
- * @module Utils/SuperAdminOverride
- *
- * Provides helpers for toggling the database session flag that
- * signals a super admin override. This ensures SECURITY DEFINER
- * functions and RLS policies can audit elevated operations.
- */
-import type { SupabaseClient } from '@supabase/supabase-js';
-import { createLogger } from '../core/logger';
-const log = createLogger('superAdminOverride');
-interface SuperAdminOverrideParams {
-  supabase: SupabaseClient | null | undefined;
-  enabled: boolean;
-  reason?: string;
-}
-/**
- * Toggle the super admin override flag in the current Supabase session.
- * Also records the action server-side for audit purposes.
- */
-export async function setSuperAdminOverrideFlag({
-  supabase,
-  enabled,
-  reason = 'client_request'
-}: SuperAdminOverrideParams): Promise<void> {
-  if (!supabase) {
-    return;
-  }
-  try {
-    const { error } = await supabase.rpc('set_super_admin_override', {
-      p_enabled: enabled,
-      p_reason: reason
-    });
-    if (error) {
-      log.error('Failed to toggle super admin override', {
-        enabled,
-        reason,
-        error: error.message
-      });
-    } else {
-      log.debug('Super admin override flag updated', { enabled, reason });
-    }
-  } catch (rpcError) {
-    log.error('Unexpected error toggling super admin override', {
-      enabled,
-      reason,
-      error: rpcError instanceof Error ? rpcError.message : rpcError
-    });
-  }
-}