@jmruthers/pace-core 0.5.193 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (191) hide show
  1. package/CHANGELOG.md +29 -0
  2. package/README.md +7 -1
  3. package/cursor-rules/00-pace-core-compliance.mdc +372 -0
  4. package/cursor-rules/01-standards-compliance.mdc +275 -0
  5. package/cursor-rules/02-project-structure.mdc +200 -0
  6. package/cursor-rules/03-solid-principles.mdc +341 -0
  7. package/cursor-rules/04-testing-standards.mdc +315 -0
  8. package/cursor-rules/05-bug-reports-and-features.mdc +246 -0
  9. package/cursor-rules/06-code-quality.mdc +392 -0
  10. package/cursor-rules/07-tech-stack-compliance.mdc +309 -0
  11. package/cursor-rules/CHANGELOG.md +101 -0
  12. package/cursor-rules/README.md +191 -0
  13. package/dist/{DataTable-Be6dH_dR.d.ts → DataTable-CH1U5Tpy.d.ts} +1 -1
  14. package/dist/{DataTable-5FU7IESH.js → DataTable-DQ7RSOHE.js} +6 -6
  15. package/dist/{PublicPageProvider-C0Sm_e5k.d.ts → PublicPageProvider-ce4xlHYA.d.ts} +34 -155
  16. package/dist/{UnifiedAuthProvider-RGJTDE2C.js → UnifiedAuthProvider-ATAP5UTR.js} +2 -2
  17. package/dist/{chunk-6C4YBBJM 5.js → chunk-3QRJFVBR.js} +1 -1
  18. package/dist/chunk-3QRJFVBR.js.map +1 -0
  19. package/dist/{chunk-IIELH4DL.js → chunk-3XTALGJF.js} +2 -2
  20. package/dist/{chunk-IIELH4DL.js.map → chunk-3XTALGJF.js.map} +1 -1
  21. package/dist/{chunk-HWIIPPNI.js → chunk-4N5C5XZU.js} +20 -20
  22. package/dist/chunk-4N5C5XZU.js.map +1 -0
  23. package/dist/{chunk-7EQTDTTJ.js → chunk-4ZC4GX36.js} +5 -5
  24. package/dist/{chunk-7EQTDTTJ.js 2.map → chunk-4ZC4GX36.js.map} +1 -1
  25. package/dist/{chunk-7FLMSG37.js → chunk-BYFSK72L.js} +22 -22
  26. package/dist/chunk-BYFSK72L.js.map +1 -0
  27. package/dist/{chunk-LFNCN2SP.js → chunk-EXUD6RNJ.js} +46 -7
  28. package/dist/chunk-EXUD6RNJ.js.map +1 -0
  29. package/dist/{chunk-NOAYCWCX 5.js → chunk-GLK6VM3F.js} +167 -169
  30. package/dist/chunk-GLK6VM3F.js.map +1 -0
  31. package/dist/{chunk-HW3OVDUF.js → chunk-J36DSWQK.js} +1 -1
  32. package/dist/{chunk-HW3OVDUF.js.map → chunk-J36DSWQK.js.map} +1 -1
  33. package/dist/{chunk-BC4IJKSL.js → chunk-JBKQ3SAO.js} +2 -2
  34. package/dist/{chunk-QWWZ5CAQ.js → chunk-LXQLPRQ2.js} +2 -2
  35. package/dist/{chunk-E3SPN4VZ 5.js → chunk-T33XF5ZC.js} +119 -114
  36. package/dist/chunk-T33XF5ZC.js.map +1 -0
  37. package/dist/{chunk-XNXXZ43G.js → chunk-XM25TVIE.js} +27 -4
  38. package/dist/chunk-XM25TVIE.js.map +1 -0
  39. package/dist/components.d.ts +3 -3
  40. package/dist/components.js +8 -8
  41. package/dist/hooks.d.ts +6 -6
  42. package/dist/hooks.js +17 -22
  43. package/dist/hooks.js.map +1 -1
  44. package/dist/index.d.ts +7 -7
  45. package/dist/index.js +15 -16
  46. package/dist/index.js.map +1 -1
  47. package/dist/providers.js +1 -1
  48. package/dist/rbac/index.d.ts +1 -1
  49. package/dist/rbac/index.js +5 -5
  50. package/dist/{usePublicRouteParams-TZe0gy-4.d.ts → usePublicRouteParams-BJAlWfuJ.d.ts} +3 -3
  51. package/dist/{useToast-C8gR5ir4.d.ts → useToast-AyaT-x7p.d.ts} +2 -2
  52. package/dist/utils.d.ts +1 -1
  53. package/dist/utils.js +3 -3
  54. package/docs/getting-started/cursor-rules.md +262 -0
  55. package/docs/getting-started/installation-guide.md +6 -1
  56. package/docs/getting-started/quick-start.md +6 -1
  57. package/docs/migration/MIGRATION_GUIDE.md +4 -4
  58. package/docs/migration/REACT_19_MIGRATION.md +227 -0
  59. package/docs/standards/README.md +39 -0
  60. package/docs/troubleshooting/migration.md +4 -4
  61. package/examples/PublicPages/PublicEventPage.tsx +1 -1
  62. package/package.json +11 -6
  63. package/scripts/audit-consuming-app.cjs +961 -0
  64. package/scripts/check-pace-core-compliance.cjs +34 -15
  65. package/scripts/install-cursor-rules.cjs +236 -0
  66. package/src/__tests__/helpers/test-providers.tsx +1 -1
  67. package/src/__tests__/helpers/test-utils.tsx +1 -1
  68. package/src/components/Badge/Badge.tsx +2 -4
  69. package/src/components/Button/Button.tsx +5 -4
  70. package/src/components/Calendar/Calendar.tsx +1 -1
  71. package/src/components/DataTable/DataTable.test.tsx +57 -93
  72. package/src/components/DataTable/DataTable.tsx +2 -2
  73. package/src/components/DataTable/__tests__/pagination.modes.test.tsx +13 -5
  74. package/src/components/DataTable/__tests__/ssr.strict-mode.test.tsx +12 -12
  75. package/src/components/DataTable/components/AccessDeniedPage.tsx +1 -1
  76. package/src/components/DataTable/components/BulkOperationsDropdown.tsx +1 -1
  77. package/src/components/DataTable/components/DataTableCore.tsx +4 -7
  78. package/src/components/DataTable/components/DataTableModals.tsx +1 -1
  79. package/src/components/DataTable/components/EditableRow.tsx +1 -1
  80. package/src/components/DataTable/components/UnifiedTableBody.tsx +6 -8
  81. package/src/components/DataTable/components/__tests__/DataTableModals.test.tsx +23 -23
  82. package/src/components/DataTable/components/__tests__/EditableRow.test.tsx +11 -11
  83. package/src/components/DataTable/components/__tests__/ExpandButton.test.tsx +36 -36
  84. package/src/components/DataTable/components/__tests__/GroupHeader.test.tsx +27 -27
  85. package/src/components/DataTable/components/__tests__/ImportModal.test.tsx +39 -39
  86. package/src/components/DataTable/components/__tests__/UnifiedTableBody.test.tsx +33 -33
  87. package/src/components/DataTable/components/__tests__/ViewRowModal.test.tsx +29 -29
  88. package/src/components/DataTable/hooks/useColumnReordering.ts +2 -2
  89. package/src/components/DataTable/hooks/useKeyboardNavigation.ts +2 -2
  90. package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.test.tsx +8 -14
  91. package/src/components/Dialog/Dialog.tsx +6 -5
  92. package/src/components/ErrorBoundary/ErrorBoundary.tsx +1 -1
  93. package/src/components/EventSelector/EventSelector.tsx +1 -1
  94. package/src/components/FileDisplay/FileDisplay.test.tsx +2 -2
  95. package/src/components/Footer/Footer.tsx +1 -1
  96. package/src/components/Form/Form.test.tsx +36 -15
  97. package/src/components/Form/Form.tsx +30 -26
  98. package/src/components/Header/Header.tsx +1 -1
  99. package/src/components/InactivityWarningModal/InactivityWarningModal.test.tsx +40 -40
  100. package/src/components/InactivityWarningModal/InactivityWarningModal.tsx +1 -1
  101. package/src/components/Input/Input.tsx +28 -30
  102. package/src/components/Label/Label.tsx +1 -1
  103. package/src/components/LoadingSpinner/LoadingSpinner.tsx +1 -1
  104. package/src/components/LoginForm/LoginForm.test.tsx +42 -42
  105. package/src/components/LoginForm/LoginForm.tsx +8 -8
  106. package/src/components/NavigationMenu/NavigationMenu.tsx +1 -1
  107. package/src/components/PaceAppLayout/PaceAppLayout.performance.test.tsx +1 -1
  108. package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +50 -50
  109. package/src/components/PaceAppLayout/PaceAppLayout.tsx +1 -1
  110. package/src/components/PaceAppLayout/README.md +1 -1
  111. package/src/components/PaceLoginPage/PaceLoginPage.tsx +1 -1
  112. package/src/components/PasswordChange/PasswordChangeForm.test.tsx +33 -33
  113. package/src/components/PasswordChange/PasswordChangeForm.tsx +1 -1
  114. package/src/components/Progress/Progress.tsx +1 -1
  115. package/src/components/PublicLayout/PublicPageLayout.tsx +1 -1
  116. package/src/components/Select/Select.tsx +33 -22
  117. package/src/components/SessionRestorationLoader/SessionRestorationLoader.tsx +1 -1
  118. package/src/components/Table/Table.tsx +1 -1
  119. package/src/components/Textarea/Textarea.tsx +27 -29
  120. package/src/components/Toast/Toast.tsx +1 -1
  121. package/src/components/Tooltip/Tooltip.tsx +1 -1
  122. package/src/components/UserMenu/UserMenu.tsx +1 -1
  123. package/src/hooks/__tests__/hooks.integration.test.tsx +80 -55
  124. package/src/hooks/__tests__/useStorage.unit.test.ts +36 -36
  125. package/src/hooks/public/usePublicEvent.ts +1 -1
  126. package/src/hooks/public/usePublicEventLogo.ts +1 -1
  127. package/src/hooks/public/usePublicRouteParams.ts +1 -1
  128. package/src/hooks/useDataTableState.ts +8 -18
  129. package/src/hooks/useFocusManagement.ts +2 -2
  130. package/src/hooks/useFocusTrap.ts +4 -4
  131. package/src/hooks/useFormDialog.ts +8 -7
  132. package/src/hooks/useInactivityTracker.ts +1 -1
  133. package/src/hooks/usePermissionCache.ts +1 -1
  134. package/src/hooks/useSecureDataAccess.ts +19 -4
  135. package/src/hooks/useToast.ts +2 -2
  136. package/src/providers/__tests__/OrganisationProvider.test.tsx +57 -13
  137. package/src/providers/__tests__/ProviderLifecycle.test.tsx +21 -6
  138. package/src/providers/__tests__/UnifiedAuthProvider.test.tsx +10 -10
  139. package/src/providers/services/UnifiedAuthProvider.tsx +22 -22
  140. package/src/providers/services/__tests__/AuthServiceProvider.integration.test.tsx +13 -3
  141. package/src/rbac/__tests__/adapters.comprehensive.test.tsx +24 -24
  142. package/src/rbac/components/EnhancedNavigationMenu.tsx +1 -1
  143. package/src/rbac/components/NavigationGuard.tsx +1 -1
  144. package/src/rbac/components/NavigationProvider.tsx +1 -1
  145. package/src/rbac/components/PagePermissionGuard.tsx +1 -1
  146. package/src/rbac/components/PagePermissionProvider.tsx +1 -1
  147. package/src/rbac/components/PermissionEnforcer.tsx +1 -1
  148. package/src/rbac/components/RoleBasedRouter.tsx +1 -1
  149. package/src/rbac/components/SecureDataProvider.tsx +1 -1
  150. package/src/rbac/secureClient.ts +12 -0
  151. package/src/utils/security/secureDataAccess.test.ts +31 -20
  152. package/src/utils/security/secureDataAccess.ts +4 -3
  153. package/dist/chunk-6C4YBBJM.js +0 -628
  154. package/dist/chunk-6C4YBBJM.js.map +0 -1
  155. package/dist/chunk-7D4SUZUM.js 2.map +0 -1
  156. package/dist/chunk-7EQTDTTJ.js.map +0 -1
  157. package/dist/chunk-7FLMSG37.js 2.map +0 -1
  158. package/dist/chunk-7FLMSG37.js.map +0 -1
  159. package/dist/chunk-E3SPN4VZ.js +0 -12917
  160. package/dist/chunk-E3SPN4VZ.js.map +0 -1
  161. package/dist/chunk-E66EQZE6 5.js +0 -37
  162. package/dist/chunk-E66EQZE6.js 2.map +0 -1
  163. package/dist/chunk-HWIIPPNI.js.map +0 -1
  164. package/dist/chunk-I7PSE6JW 5.js +0 -191
  165. package/dist/chunk-I7PSE6JW.js 2.map +0 -1
  166. package/dist/chunk-KNC55RTG.js 5.map +0 -1
  167. package/dist/chunk-KQCRWDSA.js 5.map +0 -1
  168. package/dist/chunk-LFNCN2SP.js 2.map +0 -1
  169. package/dist/chunk-LFNCN2SP.js.map +0 -1
  170. package/dist/chunk-LMC26NLJ 2.js +0 -84
  171. package/dist/chunk-NOAYCWCX.js +0 -4993
  172. package/dist/chunk-NOAYCWCX.js.map +0 -1
  173. package/dist/chunk-QWWZ5CAQ.js.map +0 -1
  174. package/dist/chunk-QXHPKYJV 3.js +0 -113
  175. package/dist/chunk-R77UEZ4E 3.js +0 -68
  176. package/dist/chunk-VBXEHIUJ.js 6.map +0 -1
  177. package/dist/chunk-XNXXZ43G.js.map +0 -1
  178. package/dist/chunk-ZSAAAMVR 6.js +0 -25
  179. package/dist/components.js 5.map +0 -1
  180. package/dist/styles/index 2.js +0 -12
  181. package/dist/styles/index.js 5.map +0 -1
  182. package/dist/theming/runtime 5.js +0 -19
  183. package/dist/theming/runtime.js 5.map +0 -1
  184. /package/dist/{DataTable-5FU7IESH.js.map → DataTable-DQ7RSOHE.js.map} +0 -0
  185. /package/dist/{UnifiedAuthProvider-RGJTDE2C.js.map → UnifiedAuthProvider-ATAP5UTR.js.map} +0 -0
  186. /package/dist/{chunk-BC4IJKSL.js.map → chunk-JBKQ3SAO.js.map} +0 -0
  187. /package/dist/{chunk-QWWZ5CAQ.js 3.map → chunk-LXQLPRQ2.js.map} +0 -0
  188. /package/examples/{rbac → RBAC}/CompleteRBACExample.tsx +0 -0
  189. /package/examples/{rbac → RBAC}/EventBasedApp.tsx +0 -0
  190. /package/examples/{rbac → RBAC}/PermissionExample.tsx +0 -0
  191. /package/examples/{rbac → RBAC}/index.ts +0 -0
package/dist/chunk-QWWZ5CAQ.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/utils/context/sessionTracking.ts","../src/utils/validation/common.ts","../src/utils/validation/passwordSchema.ts","../src/utils/app/appConfig.ts","../src/utils/formatting/formatting.ts"],"sourcesContent":["import type { SupabaseClient } from '@supabase/supabase-js';\nimport { createLogger } from '../core/logger';\n\nconst log = createLogger('SessionTracking');\n\n// Define the tracking parameters locally since old RBAC types are removed\ninterface TrackUserSessionParams {\n p_session_type: 'event_switch' | 'session_expired';\n p_event_id?: string;\n p_app_id?: string;\n ip_address?: string;\n user_agent?: string;\n}\n\n/**\n * Hook for manual session tracking (event switches and session expiration).\n * \n * Note: Login and logout tracking is automatically handled by UnifiedAuthProvider.\n * You should only use this hook for tracking event switches or session expirations.\n * \n * @param supabaseClient - Supabase client instance\n * @param appName - Optional application name for tracking\n * @returns Object containing tracking functions for event switches and session expiration\n */\nexport function useSessionTracking(supabaseClient: SupabaseClient, appName?: string) {\n // Resolve app name to app_id\n const resolveAppId = async (): Promise<string | undefined> => {\n if (!appName) return undefined;\n \n try {\n const { data, error } = await supabaseClient\n .from('rbac_apps')\n .select('id')\n .eq('name', appName)\n .eq('is_active', true)\n .single();\n \n if (error || !data) {\n log.warn('App not found or inactive:', appName);\n return undefined;\n }\n \n return data.id;\n } catch (error) {\n log.error('Failed to resolve app ID:', error);\n return undefined;\n }\n };\n /**\n * Track an event switch\n * @param eventId - ID of the event being switched to\n */\n const trackEventSwitch = async (eventId: string) => {\n try {\n const { data: { user } } = await supabaseClient.auth.getUser();\n if (!user) {\n log.warn('No authenticated user found for session tracking');\n return;\n }\n\n const appId = await resolveAppId();\n\n const params: TrackUserSessionParams = {\n p_session_type: 'event_switch',\n p_event_id: eventId,\n p_app_id: appId\n };\n\n const { error } = await supabaseClient.rpc('rbac_session_track', {\n p_user_id: user?.id,\n p_session_type: params.p_session_type,\n p_event_id: params.p_event_id,\n p_app_id: params.p_app_id,\n p_ip_address: params.ip_address,\n p_user_agent: params.user_agent\n });\n \n if (error) {\n log.error('Failed to track event switch session:', error);\n }\n } catch (error) {\n log.error('Failed to track event switch:', error);\n }\n };\n\n /**\n * Track a session expiration\n */\n const trackSessionExpired = async () => {\n try {\n const { data: { user } } = await supabaseClient.auth.getUser();\n if (!user) {\n log.warn('No authenticated user found for session tracking');\n return;\n }\n\n const appId = await resolveAppId();\n\n const params: TrackUserSessionParams = {\n p_session_type: 'session_expired',\n p_app_id: appId\n };\n\n const { error } = await supabaseClient.rpc('rbac_session_track', {\n p_user_id: user?.id,\n p_session_type: params.p_session_type,\n p_event_id: params.p_event_id,\n p_app_id: params.p_app_id,\n p_ip_address: params.ip_address,\n p_user_agent: params.user_agent\n });\n \n if (error) {\n log.error('Failed to track session expiration:', error);\n }\n } catch (error) {\n log.error('Failed to track session expiration:', error);\n }\n };\n\n return {\n trackEventSwitch,\n trackSessionExpired\n };\n} ","\n/**\n * @file Common validation schemas\n * @description Reusable validation schemas for common data types\n */\n\nimport { z } from 'zod';\n\n/**\n * Email validation schema\n */\nexport const emailSchema = z\n .string()\n .min(1, 'Email is required')\n .email('Invalid email format')\n .max(254, 'Email too long');\n\n/**\n * Name validation schema\n */\nexport const nameSchema = z\n .string()\n .min(1, 'Name is required')\n .max(100, 'Name too long')\n .regex(/^[a-zA-Z\\s'-]+$/, 'Name contains invalid characters');\n\n/**\n * Phone number validation schema\n */\nexport const phoneSchema = z\n .string()\n .regex(/^\\+?[\\d\\s\\-\\(\\)]+$/, 'Invalid phone number format')\n .min(10, 'Phone number too short')\n .max(20, 'Phone number too long');\n\n/**\n * URL validation schema\n */\nexport const urlSchema = z\n .string()\n .url('Invalid URL format')\n .max(2048, 'URL too long');\n\n/**\n * Date validation schema\n */\nexport const dateSchema = z\n .string()\n .regex(/^\\d{4}-\\d{2}-\\d{2}$/, 'Date must be in YYYY-MM-DD format')\n .refine((date) => {\n const parsed = new Date(date);\n return !isNaN(parsed.getTime());\n }, 'Invalid date');\n","\n/**\n * @file Enhanced Password Schema with Security Validations\n * @description Comprehensive password validation with security checks\n */\n\nimport { z } from 'zod';\n\n// Common weak passwords to check against\nconst COMMON_PASSWORDS = new Set([\n 'password', '123456', '123456789', 'qwerty', 'abc123', 'password123',\n 'admin', 'letmein', 'welcome', 'monkey', '1234567890', 'password1'\n]);\n\n// Common password patterns to avoid\nconst WEAK_PATTERNS = [\n /^(.)\\1+$/, // All same character\n /^(012|123|234|345|456|567|678|789|890|987|876|765|654|543|432|321|210)+/, // Sequential numbers\n /^(abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|klm|lmn|mno|nop|opq|pqr|qrs|rst|stu|tuv|uvw|vwx|wxy|xyz)+/i, // Sequential letters\n];\n\n/**\n * Enhanced password validation schema with security checks\n */\nexport const securePasswordSchema = z\n .string()\n .min(8, 'Password must be at least 8 characters long')\n .max(128, 'Password must not exceed 128 characters')\n .refine(\n (password) => /[a-z]/.test(password),\n 'Password must contain at least one lowercase letter'\n )\n .refine(\n (password) => /[A-Z]/.test(password),\n 'Password must contain at least one uppercase letter'\n )\n .refine(\n (password) => /\\d/.test(password),\n 'Password must contain at least one number'\n )\n .refine(\n (password) => /[!@#$%^&*()_+\\-=\\[\\]{};':\"\\\\|,.<>\\/?]/.test(password),\n 'Password must contain at least one special character'\n )\n .refine(\n (password) => !COMMON_PASSWORDS.has(password.toLowerCase()),\n 'Password is too common. Please choose a stronger password'\n )\n .refine(\n (password) => !WEAK_PATTERNS.some(pattern => pattern.test(password)),\n 'Password contains weak patterns. Please choose a more complex password'\n )\n .refine(\n (password) => {\n // Check for keyboard patterns (qwerty, asdf, etc.)\n const keyboardPatterns = ['qwerty', 'asdfgh', 'zxcvbn', '1234567890'];\n return !keyboardPatterns.some(pattern => \n password.toLowerCase().includes(pattern)\n );\n },\n 'Password contains keyboard patterns. Please choose a more secure password'\n );\n\n/**\n * Basic password schema for less strict requirements\n */\nexport const passwordSchema = z\n .string()\n .min(6, 'Password must be at least 6 characters long')\n .max(128, 'Password must not exceed 128 characters');\n\n/**\n * Password strength calculator\n */\nexport function calculatePasswordStrength(password: string): {\n score: number;\n feedback: string[];\n level: 'very-weak' | 'weak' | 'fair' | 'good' | 'strong';\n} {\n let score = 0;\n const feedback: string[] = [];\n\n // Length check\n if (password.length >= 8) score += 20;\n else if (password.length >= 6) score += 10;\n else feedback.push('Use at least 8 characters');\n\n // Character variety\n if (/[a-z]/.test(password)) score += 15;\n else feedback.push('Add lowercase letters');\n\n if (/[A-Z]/.test(password)) score += 15;\n else feedback.push('Add uppercase letters');\n\n if (/\\d/.test(password)) score += 15;\n else feedback.push('Add numbers');\n\n if (/[!@#$%^&*()_+\\-=\\[\\]{};':\"\\\\|,.<>\\/?]/.test(password)) score += 15;\n else feedback.push('Add special characters');\n\n // Additional complexity\n if (password.length >= 12) score += 10;\n if (/[^a-zA-Z0-9]/.test(password)) score += 10;\n\n // Penalties\n if (COMMON_PASSWORDS.has(password.toLowerCase())) {\n score -= 30;\n feedback.push('Avoid common passwords');\n }\n\n if (WEAK_PATTERNS.some(pattern => pattern.test(password))) {\n score -= 20;\n feedback.push('Avoid predictable patterns');\n }\n\n // Determine level\n let level: 'very-weak' | 'weak' | 'fair' | 'good' | 'strong';\n if (score < 30) level = 'very-weak';\n else if (score < 50) level = 'weak';\n else if (score < 70) level = 'fair';\n else if (score < 90) level = 'good';\n else level = 'strong';\n\n return { score: Math.max(0, Math.min(100, score)), feedback, level };\n}\n","\n/**\n * Application configuration utilities\n */\n\nexport interface AppConfig {\n appName: string;\n appId: string;\n}\n\nlet currentAppConfig: AppConfig | null = null;\n\n/**\n * Set the current application configuration\n */\nexport function setAppConfig(config: AppConfig) {\n currentAppConfig = config;\n}\n\n/**\n * Get the current application configuration\n */\nexport function getAppConfig(): AppConfig {\n if (!currentAppConfig) {\n // Fallback to environment or default\n const appName = import.meta.env.REACT_APP_NAME || 'PACE';\n return {\n appName,\n appId: appName\n };\n }\n return currentAppConfig;\n}\n\n/**\n * Get the current app name\n */\nexport function getCurrentAppName(): string {\n return getAppConfig().appName;\n}\n\n/**\n * Get the current app ID\n */\nexport function getCurrentAppId(): string {\n return getAppConfig().appId;\n}\n","/**\n * Utility functions for formatting data in the application\n */\n\nimport { parseISO, isValid } from 'date-fns';\nimport { formatInTimeZone, getTimezoneAbbreviation } from '../timezone';\n\n/**\n * Format a date as a readable string in \"dd mmm yyyy\" format (e.g., \"15 Jun 2024\")\n */\nexport function formatDate(date: Date | string | number): string {\n const dateObj = typeof date === 'string' || typeof date === 'number' \n ? new Date(date) \n : date;\n \n // Use 'en-GB' locale to ensure \"dd mmm yyyy\" format (e.g., \"15 Jun 2024\")\n return dateObj.toLocaleDateString('en-GB', {\n year: 'numeric',\n month: 'short',\n day: 'numeric'\n });\n}\n\n/**\n * Format a time as a readable string in \"HH:mm\" format (e.g., \"14:30\")\n * Uses 24-hour format for consistency across pace apps\n */\nexport function formatTime(date: Date | string | number): string {\n const dateObj = typeof date === 'string' || typeof date === 'number' \n ? new Date(date) \n : date;\n \n // Use 'en-GB' locale to ensure \"HH:mm\" format (24-hour format)\n return dateObj.toLocaleTimeString('en-GB', {\n hour: '2-digit',\n minute: '2-digit',\n hour12: false\n });\n}\n\n/**\n * Format a date and time as a readable string in \"dd mmm yyyy, HH:mm\" format (e.g., \"15 Jun 2024, 14:30\")\n * Uses 24-hour format for consistency across pace apps\n */\nexport function formatDateTime(date: Date | string | number): string {\n const dateObj = typeof date === 'string' || typeof date === 'number' \n ? new Date(date) \n : date;\n \n // Use 'en-GB' locale to ensure consistent format (e.g., \"15 Jun 2024, 14:30\")\n return dateObj.toLocaleString('en-GB', {\n year: 'numeric',\n month: 'short',\n day: 'numeric',\n hour: '2-digit',\n minute: '2-digit',\n hour12: false\n });\n}\n\n/**\n * Format a number as a currency\n */\nexport function formatCurrency(value: number, currencyCode = 'USD', locale = 'en-US'): string {\n return new Intl.NumberFormat(locale, {\n style: 'currency',\n currency: currencyCode,\n }).format(value);\n}\n\n/**\n * Format a number with custom options\n */\nexport function formatNumber(\n value: number,\n options: Intl.NumberFormatOptions = {},\n locale = 'en-US'\n): string {\n return new Intl.NumberFormat(locale, options).format(value);\n}\n\n/**\n * Format a number as a percentage.\n * \n * The third parameter can be either:\n * - A number for fixed decimal places (backward compatible): `formatPercent(0.81, 'en-US', 2)`\n * - An options object with:\n * - `decimals`: Fixed number of decimal places (default: 1)\n * - `preserveDecimals`: Auto-detect and preserve decimal places from the input value\n * - `maxDecimals`: Maximum decimal places when preserving (default: 10)\n * \n * @param value - The percentage value as a decimal (e.g., 0.81 for 0.81%)\n * @param locale - The locale string (default: 'en-US')\n * @param decimalsOrOptions - Either a number for fixed decimals, or an options object with:\n * - `decimals` - Fixed number of decimal places (default: 1)\n * - `preserveDecimals` - Auto-detect and preserve decimal places from the input value\n * - `maxDecimals` - Maximum decimal places when preserving (default: 10)\n * @returns Formatted percentage string (e.g., \"0.81%\", \"81%\")\n * \n * @example\n * ```ts\n * // Fixed decimals (default behavior)\n * formatPercent(0.5) // '0.5%'\n * formatPercent(0.81, 'en-US', 1) // '0.8%' (loses precision)\n * \n * // Preserve decimal places dynamically\n * formatPercent(0.81, 'en-US', { preserveDecimals: true }) // '0.81%'\n * formatPercent(0.8123, 'en-US', { preserveDecimals: true, maxDecimals: 2 }) // '0.81%'\n * ```\n */\nexport function formatPercent(\n value: number,\n locale: string = 'en-US',\n decimalsOrOptions?: number | {\n decimals?: number;\n preserveDecimals?: boolean;\n maxDecimals?: number;\n }\n): string {\n let decimals: number;\n\n // Backward compatibility: if decimalsOrOptions is a number, use it directly\n if (typeof decimalsOrOptions === 'number') {\n decimals = decimalsOrOptions;\n } else if (decimalsOrOptions && typeof decimalsOrOptions === 'object') {\n // New options object: check if we should preserve decimals\n if (decimalsOrOptions.preserveDecimals) {\n const valueStr = value.toString();\n const decimalIndex = valueStr.indexOf('.');\n \n if (decimalIndex !== -1) {\n const detectedDecimals = valueStr.length - decimalIndex - 1;\n const maxDecimals = decimalsOrOptions.maxDecimals ?? 10;\n decimals = Math.min(detectedDecimals, maxDecimals);\n } else {\n decimals = 0;\n }\n } else {\n decimals = decimalsOrOptions.decimals ?? 1;\n }\n } else {\n decimals = 1;\n }\n\n return new Intl.NumberFormat(locale, {\n style: 'percent',\n minimumFractionDigits: decimals,\n maximumFractionDigits: decimals,\n }).format(value / 100);\n}\n\n/**\n * Format a large number with abbreviations (K, M, B)\n */\nexport function formatCompactNumber(value: number, locale = 'en-US'): string {\n return new Intl.NumberFormat(locale, {\n notation: 'compact',\n compactDisplay: 'short'\n }).format(value);\n}\n\n/**\n * Format a file size in bytes to a human-readable string\n */\nexport function formatFileSize(bytes: number): string {\n if (bytes === 0) return '0 Bytes';\n \n const k = 1024;\n const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB', 'PB'];\n const i = Math.floor(Math.log(bytes) / Math.log(k));\n \n return parseFloat((bytes / Math.pow(k, i)).toFixed(2)) + ' ' + sizes[i];\n}\n\n/**\n * Options for formatting date/time with timezone\n */\nexport interface DateTimeFormatOptions {\n /**\n * Include timezone abbreviation (default: true)\n */\n includeTimezone?: boolean;\n /**\n * Custom format string (default: 'MMM dd, yyyy HH:mm')\n */\n format?: string;\n}\n\n/**\n * Format a UTC date for display in a specific timezone\n *\n * @param utcDate - UTC date (ISO string, Date object, or undefined)\n * @param timezone - IANA timezone string (e.g., 'America/New_York')\n * @param options - Formatting options\n * @returns Formatted date string or empty string if invalid\n *\n * @example\n * ```ts\n * formatDateTimeForDisplay('2024-01-15T10:00:00Z', 'America/New_York');\n * // \"Jan 15, 2024 05:00 (EST)\"\n *\n * formatDateTimeForDisplay('2024-01-15T10:00:00Z', 'America/New_York', { includeTimezone: false });\n * // \"Jan 15, 2024 05:00\"\n * ```\n */\nexport function formatDateTimeForDisplay(\n utcDate: string | Date | undefined,\n timezone: string | undefined,\n options: DateTimeFormatOptions = {}\n): string {\n if (!utcDate) {\n return '';\n }\n\n if (!timezone) {\n return '';\n }\n\n try {\n const { includeTimezone = true, format: formatStr = 'MMM dd, yyyy HH:mm' } = options;\n\n let dateObj: Date;\n if (typeof utcDate === 'string') {\n dateObj = parseISO(utcDate);\n } else {\n dateObj = utcDate;\n }\n\n if (!isValid(dateObj)) {\n return '';\n }\n\n const formatted = formatInTimeZone(dateObj, timezone, formatStr);\n\n if (includeTimezone) {\n const tzAbbr = getTimezoneAbbreviation(dateObj, timezone);\n return `${formatted} (${tzAbbr})`;\n }\n\n return formatted;\n } catch {\n return '';\n }\n}\n\n/**\n * Format a UTC date for display (date only, no time)\n *\n * @param utcDate - UTC date (ISO string, Date object, or undefined)\n * @returns Formatted date string or empty string if invalid\n *\n * @example\n * ```ts\n * formatDateOnlyForDisplay('2024-01-15T10:00:00Z');\n * // \"15 January 2024\"\n * ```\n */\nexport function formatDateOnlyForDisplay(utcDate: string | Date | undefined): string {\n if (!utcDate) {\n return '';\n }\n\n try {\n let dateObj: Date;\n if (typeof utcDate === 'string') {\n dateObj = parseISO(utcDate);\n } else {\n dateObj = utcDate;\n }\n\n if (!isValid(dateObj)) {\n return '';\n }\n\n // Use 'en-GB' locale for \"dd mmm yyyy\" format\n return dateObj.toLocaleDateString('en-GB', {\n year: 'numeric',\n month: 'long',\n day: 'numeric'\n });\n } catch {\n return '';\n }\n}\n\n/**\n * Format a UTC date for table display (compact format with timezone)\n *\n * @param utcDate - UTC date (ISO string, Date object, or undefined)\n * @param timezone - IANA timezone string\n * @returns Formatted date string or empty string if invalid\n *\n * @example\n * ```ts\n * formatDateTimeForTable('2024-01-15T10:00:00Z', 'America/New_York');\n * // \"Jan 15, 2024 05:00 (EST)\"\n * ```\n */\nexport function formatDateTimeForTable(\n utcDate: string | Date | undefined,\n timezone: string | undefined\n): string {\n return formatDateTimeForDisplay(utcDate, timezone, {\n includeTimezone: true,\n format: 'MMM dd, yyyy HH:mm'\n });\n}\n\n/**\n * Format a UTC date for map display (compact format)\n *\n * @param utcDate - UTC date (ISO string, Date object, or undefined)\n * @param timezone - IANA timezone string\n * @returns Formatted date string or empty string if invalid\n *\n * @example\n * ```ts\n * formatDateTimeForMap('2024-01-15T10:00:00Z', 'America/New_York');\n * // \"Jan 15, 05:00 EST\"\n * ```\n */\nexport function formatDateTimeForMap(\n utcDate: string | Date | undefined,\n timezone: string | undefined\n): string {\n if (!utcDate || !timezone) {\n return '';\n }\n\n try {\n let dateObj: Date;\n if (typeof utcDate === 'string') {\n dateObj = parseISO(utcDate);\n } else {\n dateObj = utcDate;\n }\n\n if (!isValid(dateObj)) {\n return '';\n }\n\n const formatted = formatInTimeZone(dateObj, timezone, 'MMM dd, HH:mm');\n const tzAbbr = getTimezoneAbbreviation(dateObj, timezone);\n\n return `${formatted} ${tzAbbr}`;\n } catch {\n return '';\n }\n}\n"],"mappings":";;;;;;;;;AAGA,IAAM,MAAM,aAAa,iBAAiB;AAqBnC,SAAS,mBAAmB,gBAAgC,SAAkB;AAEnF,QAAM,eAAe,YAAyC;AAC5D,QAAI,CAAC,QAAS,QAAO;AAErB,QAAI;AACF,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,eAC3B,KAAK,WAAW,EAChB,OAAO,IAAI,EACX,GAAG,QAAQ,OAAO,EAClB,GAAG,aAAa,IAAI,EACpB,OAAO;AAEV,UAAI,SAAS,CAAC,MAAM;AAClB,YAAI,KAAK,8BAA8B,OAAO;AAC9C,eAAO;AAAA,MACT;AAEA,aAAO,KAAK;AAAA,IACd,SAAS,OAAO;AACd,UAAI,MAAM,6BAA6B,KAAK;AAC5C,aAAO;AAAA,IACT;AAAA,EACF;AAKA,QAAM,mBAAmB,OAAO,YAAoB;AAClD,QAAI;AACF,YAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,MAAM,eAAe,KAAK,QAAQ;AAC7D,UAAI,CAAC,MAAM;AACT,YAAI,KAAK,kDAAkD;AAC3D;AAAA,MACF;AAEA,YAAM,QAAQ,MAAM,aAAa;AAEjC,YAAM,SAAiC;AAAA,QACrC,gBAAgB;AAAA,QAChB,YAAY;AAAA,QACZ,UAAU;AAAA,MACZ;AAEA,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,IAAI,sBAAsB;AAAA,QAC/D,WAAW,MAAM;AAAA,QACjB,gBAAgB,OAAO;AAAA,QACvB,YAAY,OAAO;AAAA,QACnB,UAAU,OAAO;AAAA,QACjB,cAAc,OAAO;AAAA,QACrB,cAAc,OAAO;AAAA,MACvB,CAAC;AAED,UAAI,OAAO;AACT,YAAI,MAAM,yCAAyC,KAAK;AAAA,MAC1D;AAAA,IACF,SAAS,OAAO;AACd,UAAI,MAAM,iCAAiC,KAAK;AAAA,IAClD;AAAA,EACF;AAKA,QAAM,sBAAsB,YAAY;AACtC,QAAI;AACF,YAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,MAAM,eAAe,KAAK,QAAQ;AAC7D,UAAI,CAAC,MAAM;AACT,YAAI,KAAK,kDAAkD;AAC3D;AAAA,MACF;AAEA,YAAM,QAAQ,MAAM,aAAa;AAEjC,YAAM,SAAiC;AAAA,QACrC,gBAAgB;AAAA,QAChB,UAAU;AAAA,MACZ;AAEA,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,IAAI,sBAAsB;AAAA,QAC/D,WAAW,MAAM;AAAA,QACjB,gBAAgB,OAAO;AAAA,QACvB,YAAY,OAAO;AAAA,QACnB,UAAU,OAAO;AAAA,QACjB,cAAc,OAAO;AAAA,QACrB,cAAc,OAAO;AAAA,MACvB,CAAC;AAED,UAAI,OAAO;AACT,YAAI,MAAM,uCAAuC,KAAK;AAAA,MACxD;AAAA,IACF,SAAS,OAAO;AACd,UAAI,MAAM,uCAAuC,KAAK;AAAA,IACxD;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;;;ACtHA,SAAS,SAAS;AAKX,IAAM,cAAc,EACxB,OAAO,EACP,IAAI,GAAG,mBAAmB,EAC1B,MAAM,sBAAsB,EAC5B,IAAI,KAAK,gBAAgB;AAKrB,IAAM,aAAa,EACvB,OAAO,EACP,IAAI,GAAG,kBAAkB,EACzB,IAAI,KAAK,eAAe,EACxB,MAAM,mBAAmB,kCAAkC;AAKvD,IAAM,cAAc,EACxB,OAAO,EACP,MAAM,sBAAsB,6BAA6B,EACzD,IAAI,IAAI,wBAAwB,EAChC,IAAI,IAAI,uBAAuB;AAK3B,IAAM,YAAY,EACtB,OAAO,EACP,IAAI,oBAAoB,EACxB,IAAI,MAAM,cAAc;AAKpB,IAAM,aAAa,EACvB,OAAO,EACP,MAAM,uBAAuB,mCAAmC,EAChE,OAAO,CAAC,SAAS;AAChB,QAAM,SAAS,IAAI,KAAK,IAAI;AAC5B,SAAO,CAAC,MAAM,OAAO,QAAQ,CAAC;AAChC,GAAG,cAAc;;;AC9CnB,SAAS,KAAAA,UAAS;AAGlB,IAAM,mBAAmB,oBAAI,IAAI;AAAA,EAC/B;AAAA,EAAY;AAAA,EAAU;AAAA,EAAa;AAAA,EAAU;AAAA,EAAU;AAAA,EACvD;AAAA,EAAS;AAAA,EAAW;AAAA,EAAW;AAAA,EAAU;AAAA,EAAc;AACzD,CAAC;AAGD,IAAM,gBAAgB;AAAA,EACpB;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAKO,IAAM,uBAAuBA,GACjC,OAAO,EACP,IAAI,GAAG,6CAA6C,EACpD,IAAI,KAAK,yCAAyC,EAClD;AAAA,EACC,CAAC,aAAa,QAAQ,KAAK,QAAQ;AAAA,EACnC;AACF,EACC;AAAA,EACC,CAAC,aAAa,QAAQ,KAAK,QAAQ;AAAA,EACnC;AACF,EACC;AAAA,EACC,CAAC,aAAa,KAAK,KAAK,QAAQ;AAAA,EAChC;AACF,EACC;AAAA,EACC,CAAC,aAAa,wCAAwC,KAAK,QAAQ;AAAA,EACnE;AACF,EACC;AAAA,EACC,CAAC,aAAa,CAAC,iBAAiB,IAAI,SAAS,YAAY,CAAC;AAAA,EAC1D;AACF,EACC;AAAA,EACC,CAAC,aAAa,CAAC,cAAc,KAAK,aAAW,QAAQ,KAAK,QAAQ,CAAC;AAAA,EACnE;AACF,EACC;AAAA,EACC,CAAC,aAAa;AAEZ,UAAM,mBAAmB,CAAC,UAAU,UAAU,UAAU,YAAY;AACpE,WAAO,CAAC,iBAAiB;AAAA,MAAK,aAC5B,SAAS,YAAY,EAAE,SAAS,OAAO;AAAA,IACzC;AAAA,EACF;AAAA,EACA;AACF;AAKK,IAAM,iBAAiBA,GAC3B,OAAO,EACP,IAAI,GAAG,6CAA6C,EACpD,IAAI,KAAK,yCAAyC;AAK9C,SAAS,0BAA0B,UAIxC;AACA,MAAI,QAAQ;AACZ,QAAM,WAAqB,CAAC;AAG5B,MAAI,SAAS,UAAU,EAAG,UAAS;AAAA,WAC1B,SAAS,UAAU,EAAG,UAAS;AAAA,MACnC,UAAS,KAAK,2BAA2B;AAG9C,MAAI,QAAQ,KAAK,QAAQ,EAAG,UAAS;AAAA,MAChC,UAAS,KAAK,uBAAuB;AAE1C,MAAI,QAAQ,KAAK,QAAQ,EAAG,UAAS;AAAA,MAChC,UAAS,KAAK,uBAAuB;AAE1C,MAAI,KAAK,KAAK,QAAQ,EAAG,UAAS;AAAA,MAC7B,UAAS,KAAK,aAAa;AAEhC,MAAI,wCAAwC,KAAK,QAAQ,EAAG,UAAS;AAAA,MAChE,UAAS,KAAK,wBAAwB;AAG3C,MAAI,SAAS,UAAU,GAAI,UAAS;AACpC,MAAI,eAAe,KAAK,QAAQ,EAAG,UAAS;AAG5C,MAAI,iBAAiB,IAAI,SAAS,YAAY,CAAC,GAAG;AAChD,aAAS;AACT,aAAS,KAAK,wBAAwB;AAAA,EACxC;AAEA,MAAI,cAAc,KAAK,aAAW,QAAQ,KAAK,QAAQ,CAAC,GAAG;AACzD,aAAS;AACT,aAAS,KAAK,4BAA4B;AAAA,EAC5C;AAGA,MAAI;AACJ,MAAI,QAAQ,GAAI,SAAQ;AAAA,WACf,QAAQ,GAAI,SAAQ;AAAA,WACpB,QAAQ,GAAI,SAAQ;AAAA,WACpB,QAAQ,GAAI,SAAQ;AAAA,MACxB,SAAQ;AAEb,SAAO,EAAE,OAAO,KAAK,IAAI,GAAG,KAAK,IAAI,KAAK,KAAK,CAAC,GAAG,UAAU,MAAM;AACrE;;;AClHA,IAAI,mBAAqC;AAKlC,SAAS,aAAa,QAAmB;AAC9C,qBAAmB;AACrB;AAKO,SAAS,eAA0B;AACxC,MAAI,CAAC,kBAAkB;AAErB,UAAM,UAAU,YAAY,IAAI,kBAAkB;AAClD,WAAO;AAAA,MACL;AAAA,MACA,OAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAKO,SAAS,oBAA4B;AAC1C,SAAO,aAAa,EAAE;AACxB;AAKO,SAAS,kBAA0B;AACxC,SAAO,aAAa,EAAE;AACxB;;;AC1CA,SAAS,UAAU,eAAe;AAM3B,SAAS,WAAW,MAAsC;AAC/D,QAAM,UAAU,OAAO,SAAS,YAAY,OAAO,SAAS,WACxD,IAAI,KAAK,IAAI,IACb;AAGJ,SAAO,QAAQ,mBAAmB,SAAS;AAAA,IACzC,MAAM;AAAA,IACN,OAAO;AAAA,IACP,KAAK;AAAA,EACP,CAAC;AACH;AAMO,SAAS,WAAW,MAAsC;AAC/D,QAAM,UAAU,OAAO,SAAS,YAAY,OAAO,SAAS,WACxD,IAAI,KAAK,IAAI,IACb;AAGJ,SAAO,QAAQ,mBAAmB,SAAS;AAAA,IACzC,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV,CAAC;AACH;AAMO,SAAS,eAAe,MAAsC;AACnE,QAAM,UAAU,OAAO,SAAS,YAAY,OAAO,SAAS,WACxD,IAAI,KAAK,IAAI,IACb;AAGJ,SAAO,QAAQ,eAAe,SAAS;AAAA,IACrC,MAAM;AAAA,IACN,OAAO;AAAA,IACP,KAAK;AAAA,IACL,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV,CAAC;AACH;AAKO,SAAS,eAAe,OAAe,eAAe,OAAO,SAAS,SAAiB;AAC5F,SAAO,IAAI,KAAK,aAAa,QAAQ;AAAA,IACnC,OAAO;AAAA,IACP,UAAU;AAAA,EACZ,CAAC,EAAE,OAAO,KAAK;AACjB;AAKO,SAAS,aACd,OACA,UAAoC,CAAC,GACrC,SAAS,SACD;AACR,SAAO,IAAI,KAAK,aAAa,QAAQ,OAAO,EAAE,OAAO,KAAK;AAC5D;AA+BO,SAAS,cACd,OACA,SAAiB,SACjB,mBAKQ;AACR,MAAI;AAGJ,MAAI,OAAO,sBAAsB,UAAU;AACzC,eAAW;AAAA,EACb,WAAW,qBAAqB,OAAO,sBAAsB,UAAU;AAErE,QAAI,kBAAkB,kBAAkB;AACtC,YAAM,WAAW,MAAM,SAAS;AAChC,YAAM,eAAe,SAAS,QAAQ,GAAG;AAEzC,UAAI,iBAAiB,IAAI;AACvB,cAAM,mBAAmB,SAAS,SAAS,eAAe;AAC1D,cAAM,cAAc,kBAAkB,eAAe;AACrD,mBAAW,KAAK,IAAI,kBAAkB,WAAW;AAAA,MACnD,OAAO;AACL,mBAAW;AAAA,MACb;AAAA,IACF,OAAO;AACL,iBAAW,kBAAkB,YAAY;AAAA,IAC3C;AAAA,EACF,OAAO;AACL,eAAW;AAAA,EACb;AAEA,SAAO,IAAI,KAAK,aAAa,QAAQ;AAAA,IACnC,OAAO;AAAA,IACP,uBAAuB;AAAA,IACvB,uBAAuB;AAAA,EACzB,CAAC,EAAE,OAAO,QAAQ,GAAG;AACvB;AAKO,SAAS,oBAAoB,OAAe,SAAS,SAAiB;AAC3E,SAAO,IAAI,KAAK,aAAa,QAAQ;AAAA,IACnC,UAAU;AAAA,IACV,gBAAgB;AAAA,EAClB,CAAC,EAAE,OAAO,KAAK;AACjB;AAKO,SAAS,eAAe,OAAuB;AACpD,MAAI,UAAU,EAAG,QAAO;AAExB,QAAM,IAAI;AACV,QAAM,QAAQ,CAAC,SAAS,MAAM,MAAM,MAAM,MAAM,IAAI;AACpD,QAAM,IAAI,KAAK,MAAM,KAAK,IAAI,KAAK,IAAI,KAAK,IAAI,CAAC,CAAC;AAElD,SAAO,YAAY,QAAQ,KAAK,IAAI,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,MAAM,MAAM,CAAC;AACxE;AAiCO,SAAS,yBACd,SACA,UACA,UAAiC,CAAC,GAC1B;AACR,MAAI,CAAC,SAAS;AACZ,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,UAAU;AACb,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,EAAE,kBAAkB,MAAM,QAAQ,YAAY,qBAAqB,IAAI;AAE7E,QAAI;AACJ,QAAI,OAAO,YAAY,UAAU;AAC/B,gBAAU,SAAS,OAAO;AAAA,IAC5B,OAAO;AACL,gBAAU;AAAA,IACZ;AAEA,QAAI,CAAC,QAAQ,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AAEA,UAAM,YAAY,iBAAiB,SAAS,UAAU,SAAS;AAE/D,QAAI,iBAAiB;AACnB,YAAM,SAAS,wBAAwB,SAAS,QAAQ;AACxD,aAAO,GAAG,SAAS,KAAK,MAAM;AAAA,IAChC;AAEA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAcO,SAAS,yBAAyB,SAA4C;AACnF,MAAI,CAAC,SAAS;AACZ,WAAO;AAAA,EACT;AAEA,MAAI;AACF,QAAI;AACJ,QAAI,OAAO,YAAY,UAAU;AAC/B,gBAAU,SAAS,OAAO;AAAA,IAC5B,OAAO;AACL,gBAAU;AAAA,IACZ;AAEA,QAAI,CAAC,QAAQ,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AAGA,WAAO,QAAQ,mBAAmB,SAAS;AAAA,MACzC,MAAM;AAAA,MACN,OAAO;AAAA,MACP,KAAK;AAAA,IACP,CAAC;AAAA,EACH,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAeO,SAAS,uBACd,SACA,UACQ;AACR,SAAO,yBAAyB,SAAS,UAAU;AAAA,IACjD,iBAAiB;AAAA,IACjB,QAAQ;AAAA,EACV,CAAC;AACH;AAeO,SAAS,qBACd,SACA,UACQ;AACR,MAAI,CAAC,WAAW,CAAC,UAAU;AACzB,WAAO;AAAA,EACT;AAEA,MAAI;AACF,QAAI;AACJ,QAAI,OAAO,YAAY,UAAU;AAC/B,gBAAU,SAAS,OAAO;AAAA,IAC5B,OAAO;AACL,gBAAU;AAAA,IACZ;AAEA,QAAI,CAAC,QAAQ,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AAEA,UAAM,YAAY,iBAAiB,SAAS,UAAU,eAAe;AACrE,UAAM,SAAS,wBAAwB,SAAS,QAAQ;AAExD,WAAO,GAAG,SAAS,IAAI,MAAM;AAAA,EAC/B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;","names":["z"]}
package/dist/chunk-QXHPKYJV 3.js DELETED
@@ -1,113 +0,0 @@
1
- // src/types/core.ts
2
- function createUserId(id) {
3
- return id;
4
- }
5
- function createSessionToken(token) {
6
- return token;
7
- }
8
- function createPermissionString(permission) {
9
- return permission;
10
- }
11
- function createRequestId(id) {
12
- return id;
13
- }
14
- function createOrganisationId(id) {
15
- return id;
16
- }
17
- function createEventId(id) {
18
- return id;
19
- }
20
- function createAppId(id) {
21
- return id;
22
- }
23
- function createPageId(id) {
24
- return id;
25
- }
26
- function isUserId(value) {
27
- return typeof value === "string" && value.length > 0;
28
- }
29
- function isSessionToken(value) {
30
- return typeof value === "string" && value.length > 0;
31
- }
32
- function isPermissionString(value) {
33
- if (typeof value !== "string" || value.length === 0) return false;
34
- return value.includes(":") && value.split(":").length === 2;
35
- }
36
- function isRequestId(value) {
37
- return typeof value === "string" && value.length > 0;
38
- }
39
- function isOrganisationId(value) {
40
- return typeof value === "string" && value.length > 0;
41
- }
42
- function isEventId(value) {
43
- return typeof value === "string" && value.length > 0;
44
- }
45
- function isAppId(value) {
46
- return typeof value === "string" && value.length > 0;
47
- }
48
- function isPageId(value) {
49
- return typeof value === "string" && value.length > 0;
50
- }
51
- function assertUserId(id) {
52
- return id;
53
- }
54
- function assertOrganisationId(id) {
55
- return id;
56
- }
57
- function assertEventId(id) {
58
- return id;
59
- }
60
- function assertAppId(id) {
61
- return id;
62
- }
63
- function assertPageId(id) {
64
- return id;
65
- }
66
- var AuthErrorCode = /* @__PURE__ */ ((AuthErrorCode2) => {
67
- AuthErrorCode2["UNKNOWN_ERROR"] = "UNKNOWN_ERROR";
68
- AuthErrorCode2["INVALID_CREDENTIALS"] = "INVALID_CREDENTIALS";
69
- AuthErrorCode2["USER_NOT_FOUND"] = "USER_NOT_FOUND";
70
- AuthErrorCode2["EMAIL_NOT_CONFIRMED"] = "EMAIL_NOT_CONFIRMED";
71
- AuthErrorCode2["PASSWORD_TOO_WEAK"] = "PASSWORD_TOO_WEAK";
72
- AuthErrorCode2["WEAK_PASSWORD"] = "WEAK_PASSWORD";
73
- AuthErrorCode2["RATE_LIMITED"] = "RATE_LIMITED";
74
- AuthErrorCode2["RATE_LIMIT_EXCEEDED"] = "RATE_LIMIT_EXCEEDED";
75
- AuthErrorCode2["SESSION_EXPIRED"] = "SESSION_EXPIRED";
76
- AuthErrorCode2["PERMISSION_DENIED"] = "PERMISSION_DENIED";
77
- AuthErrorCode2["NETWORK_ERROR"] = "NETWORK_ERROR";
78
- return AuthErrorCode2;
79
- })(AuthErrorCode || {});
80
- var PermissionErrorCode = /* @__PURE__ */ ((PermissionErrorCode2) => {
81
- PermissionErrorCode2["INSUFFICIENT_PERMISSIONS"] = "INSUFFICIENT_PERMISSIONS";
82
- PermissionErrorCode2["INVALID_PERMISSION"] = "INVALID_PERMISSION";
83
- PermissionErrorCode2["PERMISSION_CHECK_FAILED"] = "PERMISSION_CHECK_FAILED";
84
- PermissionErrorCode2["ACCESS_DENIED"] = "ACCESS_DENIED";
85
- return PermissionErrorCode2;
86
- })(PermissionErrorCode || {});
87
-
88
- export {
89
- createUserId,
90
- createSessionToken,
91
- createPermissionString,
92
- createRequestId,
93
- createOrganisationId,
94
- createEventId,
95
- createAppId,
96
- createPageId,
97
- isUserId,
98
- isSessionToken,
99
- isPermissionString,
100
- isRequestId,
101
- isOrganisationId,
102
- isEventId,
103
- isAppId,
104
- isPageId,
105
- assertUserId,
106
- assertOrganisationId,
107
- assertEventId,
108
- assertAppId,
109
- assertPageId,
110
- AuthErrorCode,
111
- PermissionErrorCode
112
- };
113
- //# sourceMappingURL=chunk-QXHPKYJV.js.map
package/dist/chunk-R77UEZ4E 3.js DELETED
@@ -1,68 +0,0 @@
1
- // src/utils/core/cn.ts
2
- import { clsx } from "clsx";
3
- import { twMerge } from "tailwind-merge";
4
- function cn(...inputs) {
5
- return twMerge(clsx(inputs));
6
- }
7
-
8
- // src/utils/validation/htmlSanitization.ts
9
- function sanitizeHtml(html) {
10
- if (!html || typeof html !== "string") {
11
- return "";
12
- }
13
- let sanitized = html.replace(/<script\b[^>]*>.*?<\/script>/gi, "").replace(/<script\b[^>]*\/>/gi, "").replace(/<iframe\b[^>]*>.*?<\/iframe>/gi, "").replace(/<iframe\b[^>]*\/>/gi, "").replace(/<object\b[^>]*>.*?<\/object>/gi, "").replace(/<object\b[^>]*\/>/gi, "").replace(/<embed\b[^>]*\/?>/gi, "").replace(/<form\b[^>]*>.*?<\/form>/gi, "").replace(/<form\b[^>]*\/>/gi, "").replace(/<input\b[^>]*\/?>/gi, "").replace(/<button\b[^>]*>.*?<\/button>/gi, "").replace(/<button\b[^>]*\/>/gi, "").replace(/\s*on\w+\s*=\s*["'][^"']*["']/gi, "").replace(/javascript:[^"'\s>]*/gi, "").replace(/data:[^"'\s>]*/gi, "");
14
- return sanitized;
15
- }
16
- function validateHtml(html) {
17
- const warnings = [];
18
- if (!html || typeof html !== "string") {
19
- return { isValid: false, warnings: ["HTML content must be a non-empty string"] };
20
- }
21
- const dangerousPatterns = [
22
- { pattern: /<script\b[^>]*>.*?<\/script>/gi, message: "Script tags are not allowed" },
23
- { pattern: /<script\b[^>]*\/>/gi, message: "Script tags are not allowed" },
24
- { pattern: /<iframe\b[^>]*>.*?<\/iframe>/gi, message: "Iframe tags are not allowed" },
25
- { pattern: /<iframe\b[^>]*\/>/gi, message: "Iframe tags are not allowed" },
26
- { pattern: /<object\b[^>]*>.*?<\/object>/gi, message: "Object tags are not allowed" },
27
- { pattern: /<object\b[^>]*\/>/gi, message: "Object tags are not allowed" },
28
- { pattern: /<embed\b[^>]*\/?>/gi, message: "Embed tags are not allowed" },
29
- { pattern: /<form\b[^>]*>.*?<\/form>/gi, message: "Form tags are not allowed" },
30
- { pattern: /<form\b[^>]*\/>/gi, message: "Form tags are not allowed" },
31
- { pattern: /<input\b[^>]*\/?>/gi, message: "Input tags are not allowed" },
32
- { pattern: /<button\b[^>]*>.*?<\/button>/gi, message: "Button tags are not allowed" },
33
- { pattern: /<button\b[^>]*\/>/gi, message: "Button tags are not allowed" },
34
- { pattern: /on\w+\s*=/gi, message: "Event handlers are not allowed" },
35
- { pattern: /javascript:/gi, message: "JavaScript protocols are not allowed" },
36
- { pattern: /data:/gi, message: "Data protocols are not allowed" }
37
- ];
38
- dangerousPatterns.forEach(({ pattern, message }) => {
39
- if (pattern.test(html)) {
40
- warnings.push(message);
41
- }
42
- });
43
- return {
44
- isValid: warnings.length === 0,
45
- warnings
46
- };
47
- }
48
- function renderSafeHtml(html, options = {}) {
49
- const { strict = true, logWarnings = false } = options;
50
- const validation = validateHtml(html);
51
- const sanitizedHtml = sanitizeHtml(html);
52
- if (logWarnings && validation.warnings.length > 0) {
53
- console.warn("HTML content warnings:", validation.warnings);
54
- }
55
- return {
56
- html: sanitizedHtml,
57
- isValid: validation.isValid,
58
- warnings: validation.warnings
59
- };
60
- }
61
-
62
- export {
63
- cn,
64
- sanitizeHtml,
65
- validateHtml,
66
- renderSafeHtml
67
- };
68
- //# sourceMappingURL=chunk-R77UEZ4E.js.map
package/dist/chunk-VBXEHIUJ.js 6.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/utils/context/organisationContext.ts","../src/utils/security/secureStorage.ts"],"sourcesContent":["/**\n * @file Organisation Context Utility\n * @package @jmruthers/pace-core\n * @module Utils/OrganisationContext\n * @since 0.4.0\n *\n * Utility functions for managing organisation context in database sessions.\n * Provides fallback mechanisms for when database functions are not available.\n */\n\nimport type { SupabaseClient } from '@supabase/supabase-js';\nimport { createLogger } from '../core/logger';\n\nconst log = createLogger('organisationContext');\n\n/**\n * Set organisation context in the database session\n * \n * This function attempts to set the organisation context using a database function.\n * If the function is not available, it falls back gracefully without throwing errors.\n * \n * @param supabase - Supabase client instance\n * @param organisationId - The organisation ID to set as context\n * @returns Promise that resolves when context is set (or falls back gracefully)\n */\nexport async function setOrganisationContext(\n supabase: SupabaseClient,\n organisationId: string\n): Promise<void> {\n if (!supabase || !organisationId) {\n // TODO: Replace with proper logging service integration\n return;\n }\n\n try {\n // Add timeout to prevent hanging RPC calls\n const timeoutPromise = new Promise((_, reject) => {\n setTimeout(() => reject(new Error('RPC timeout after 3 seconds')), 3000);\n });\n \n // Call the database function to set organisation context\n const rpcPromise = supabase.rpc('set_organisation_context', {\n org_id: organisationId\n });\n\n const { error } = await Promise.race([rpcPromise, timeoutPromise]) as any;\n\n if (error) {\n // Function might not exist yet - this is expected during migration\n // Silent fail - will fall back to client-side filtering\n log.debug('RPC function not available or failed, continuing without database context');\n } else {\n log.debug('Organisation context set in database successfully');\n }\n } catch (error) {\n // Handle any other errors gracefully\n // Silent fail - will fall back to client-side filtering\n log.debug('Failed to set database context, continuing without it:', error);\n }\n}\n\n/**\n * Clear organisation context from the database session\n * \n * @param supabase - Supabase client instance\n * @returns Promise that resolves when context is cleared\n */\nexport async function clearOrganisationContext(\n supabase: SupabaseClient\n): Promise<void> {\n if (!supabase) {\n // TODO: Replace with proper logging service integration\n return;\n }\n\n try {\n const { error } = await supabase.rpc('rbac_audit_log', {\n p_event_type: 'organisation_switched',\n p_metadata: { action: 'clear_context' }\n });\n \n if (error) {\n // Silent fail - function not available\n // TODO: Replace with proper logging service integration\n } else {\n // TODO: Replace with proper logging service integration\n }\n } catch (error) {\n // Silent fail - error occurred\n // TODO: Replace with proper logging service integration\n }\n}\n\n/**\n * Get current organisation context from the database session\n * \n * @param supabase - Supabase client instance\n * @returns Promise that resolves to the current organisation ID or null\n */\nexport async function getOrganisationContext(\n supabase: SupabaseClient\n): Promise<string | null> {\n if (!supabase) {\n // TODO: Replace with proper logging service integration\n return null;\n }\n\n try {\n // For now, return null since we're not using database context\n // This will be replaced with proper context management\n const data = null;\n const error = null;\n \n if (error) {\n // TODO: Replace with proper logging service integration\n return null;\n }\n \n // Validate that data is a string (allow empty strings)\n if (typeof data === 'string') {\n return data;\n }\n \n // Return null for invalid data formats\n return null;\n } catch (error) {\n // TODO: Replace with proper logging service integration\n return null;\n }\n}\n\n/**\n * Check if organisation context functions are available in the database\n * \n * @param supabase - Supabase client instance\n * @returns Promise that resolves to true if functions are available\n */\nexport async function isOrganisationContextAvailable(\n supabase: SupabaseClient\n): Promise<boolean> {\n if (!supabase) {\n return false;\n }\n\n try {\n const { error } = await supabase.rpc('get_organisation_context');\n \n if (error) {\n return false;\n }\n \n return true;\n } catch (error) {\n return false;\n }\n} ","\n/**\n * @file Secure Storage Utilities\n * @description Encrypted storage wrapper for sensitive data\n */\n\nexport interface SecureStorageOptions {\n encrypt?: boolean;\n expiry?: number; // TTL in milliseconds\n}\n\n/**\n * Secure storage implementation with encryption support\n */\nclass SecureStorageImpl {\n private encryptionKey: CryptoKey | null = null;\n private initialized = false;\n\n /**\n * Initialize secure storage with encryption\n */\n async init(): Promise<void> {\n if (this.initialized) return;\n\n try {\n // Check if Web Crypto API is available\n if (window.crypto && window.crypto.subtle) {\n // Generate or retrieve encryption key\n const keyData = localStorage.getItem('_sec_key');\n if (keyData) {\n try {\n const keyBuffer = this.base64ToArrayBuffer(keyData);\n this.encryptionKey = await window.crypto.subtle.importKey(\n 'raw',\n keyBuffer,\n { name: 'AES-GCM' },\n false,\n ['encrypt', 'decrypt']\n );\n } catch (error) {\n await this.generateNewKey();\n }\n } else {\n await this.generateNewKey();\n }\n }\n this.initialized = true;\n } catch (error) {\n this.initialized = true;\n }\n }\n\n /**\n * Store item securely\n */\n async setItem(\n key: string,\n value: string,\n options: SecureStorageOptions = {}\n ): Promise<void> {\n await this.init();\n\n const data = {\n value,\n timestamp: Date.now(),\n expiry: options.expiry ? Date.now() + options.expiry : undefined,\n };\n\n const serialized = JSON.stringify(data);\n \n if (options.encrypt && this.encryptionKey) {\n try {\n const encrypted = await this.encrypt(serialized);\n localStorage.setItem(`_sec_${key}`, encrypted);\n return;\n } catch (error) {\n // Silent fail - store as plain text\n }\n }\n\n localStorage.setItem(key, serialized);\n }\n\n /**\n * Retrieve item securely\n */\n async getItem(key: string): Promise<string | null> {\n await this.init();\n\n // Try encrypted storage first\n const encryptedData = localStorage.getItem(`_sec_${key}`);\n if (encryptedData && this.encryptionKey) {\n try {\n const decrypted = await this.decrypt(encryptedData);\n const parsed = JSON.parse(decrypted);\n \n // Check expiry\n if (parsed.expiry && Date.now() > parsed.expiry) {\n await this.removeItem(key);\n return null;\n }\n \n return parsed.value;\n } catch (error) {\n // Silent fail - try plain storage\n }\n }\n\n // Fallback to plain storage\n const plainData = localStorage.getItem(key);\n if (!plainData) return null;\n\n try {\n const parsed = JSON.parse(plainData);\n \n // Check expiry\n if (parsed.expiry && Date.now() > parsed.expiry) {\n await this.removeItem(key);\n return null;\n }\n \n return parsed.value || plainData;\n } catch (error) {\n // If parsing fails, return as-is (backward compatibility)\n return plainData;\n }\n }\n\n /**\n * Remove item\n */\n async removeItem(key: string): Promise<void> {\n localStorage.removeItem(key);\n localStorage.removeItem(`_sec_${key}`);\n }\n\n /**\n * Clear all secure storage\n */\n async clear(): Promise<void> {\n const keys = Object.keys(localStorage);\n for (const key of keys) {\n if (key.startsWith('_sec_')) {\n localStorage.removeItem(key);\n }\n }\n }\n\n /**\n * Generate new encryption key\n */\n private async generateNewKey(): Promise<void> {\n if (!window.crypto?.subtle) return;\n\n try {\n this.encryptionKey = await window.crypto.subtle.generateKey(\n { name: 'AES-GCM', length: 256 },\n true,\n ['encrypt', 'decrypt']\n );\n\n // Export and store key\n const exportedKey = await window.crypto.subtle.exportKey('raw', this.encryptionKey);\n const keyData = this.arrayBufferToBase64(exportedKey);\n localStorage.setItem('_sec_key', keyData);\n } catch (error) {\n // Silent fail - encryption not available\n }\n }\n\n /**\n * Encrypt data\n */\n private async encrypt(data: string): Promise<string> {\n if (!this.encryptionKey || !window.crypto?.subtle) {\n throw new Error('Encryption not available');\n }\n\n const encoder = new TextEncoder();\n const dataBuffer = encoder.encode(data);\n const iv = window.crypto.getRandomValues(new Uint8Array(12));\n\n const encrypted = await window.crypto.subtle.encrypt(\n { name: 'AES-GCM', iv },\n this.encryptionKey,\n dataBuffer\n );\n\n // Combine IV and encrypted data\n const combined = new Uint8Array(iv.length + encrypted.byteLength);\n combined.set(iv);\n combined.set(new Uint8Array(encrypted), iv.length);\n\n return this.arrayBufferToBase64(combined.buffer);\n }\n\n /**\n * Decrypt data\n */\n private async decrypt(encryptedData: string): Promise<string> {\n if (!this.encryptionKey || !window.crypto?.subtle) {\n throw new Error('Decryption not available');\n }\n\n const combined = this.base64ToArrayBuffer(encryptedData);\n const iv = combined.slice(0, 12);\n const encrypted = combined.slice(12);\n\n const decrypted = await window.crypto.subtle.decrypt(\n { name: 'AES-GCM', iv },\n this.encryptionKey,\n encrypted\n );\n\n const decoder = new TextDecoder();\n return decoder.decode(decrypted);\n }\n\n /**\n * Convert ArrayBuffer to base64\n */\n private arrayBufferToBase64(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary);\n }\n\n /**\n * Convert base64 to ArrayBuffer\n */\n private base64ToArrayBuffer(base64: string): ArrayBuffer {\n const binary = atob(base64);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes.buffer;\n }\n}\n\nexport const secureStorage = new SecureStorageImpl();\n"],"mappings":";;;;;AAaA,IAAM,MAAM,aAAa,qBAAqB;AAY9C,eAAsB,uBACpB,UACA,gBACe;AACf,MAAI,CAAC,YAAY,CAAC,gBAAgB;AAEhC;AAAA,EACF;AAEA,MAAI;AAEF,UAAM,iBAAiB,IAAI,QAAQ,CAAC,GAAG,WAAW;AAChD,iBAAW,MAAM,OAAO,IAAI,MAAM,6BAA6B,CAAC,GAAG,GAAI;AAAA,IACzE,CAAC;AAGD,UAAM,aAAa,SAAS,IAAI,4BAA4B;AAAA,MAC1D,QAAQ;AAAA,IACV,CAAC;AAED,UAAM,EAAE,MAAM,IAAI,MAAM,QAAQ,KAAK,CAAC,YAAY,cAAc,CAAC;AAEjE,QAAI,OAAO;AAGT,UAAI,MAAM,2EAA2E;AAAA,IACvF,OAAO;AACL,UAAI,MAAM,mDAAmD;AAAA,IAC/D;AAAA,EACF,SAAS,OAAO;AAGd,QAAI,MAAM,0DAA0D,KAAK;AAAA,EAC3E;AACF;AAQA,eAAsB,yBACpB,UACe;AACf,MAAI,CAAC,UAAU;AAEb;AAAA,EACF;AAEA,MAAI;AACF,UAAM,EAAE,MAAM,IAAI,MAAM,SAAS,IAAI,kBAAkB;AAAA,MACrD,cAAc;AAAA,MACd,YAAY,EAAE,QAAQ,gBAAgB;AAAA,IACxC,CAAC;AAED,QAAI,OAAO;AAAA,IAGX,OAAO;AAAA,IAEP;AAAA,EACF,SAAS,OAAO;AAAA,EAGhB;AACF;AAQA,eAAsB,uBACpB,UACwB;AACxB,MAAI,CAAC,UAAU;AAEb,WAAO;AAAA,EACT;AAEA,MAAI;AAGF,UAAM,OAAO;AACb,UAAM,QAAQ;AAEd,QAAI,OAAO;AAET,aAAO;AAAA,IACT;AAGA,QAAI,OAAO,SAAS,UAAU;AAC5B,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,EACT,SAAS,OAAO;AAEd,WAAO;AAAA,EACT;AACF;AAQA,eAAsB,+BACpB,UACkB;AAClB,MAAI,CAAC,UAAU;AACb,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,EAAE,MAAM,IAAI,MAAM,SAAS,IAAI,0BAA0B;AAE/D,QAAI,OAAO;AACT,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF;;;AC7IA,IAAM,oBAAN,MAAwB;AAAA,EAAxB;AACE,SAAQ,gBAAkC;AAC1C,SAAQ,cAAc;AAAA;AAAA;AAAA;AAAA;AAAA,EAKtB,MAAM,OAAsB;AAC1B,QAAI,KAAK,YAAa;AAEtB,QAAI;AAEF,UAAI,OAAO,UAAU,OAAO,OAAO,QAAQ;AAEzC,cAAM,UAAU,aAAa,QAAQ,UAAU;AAC/C,YAAI,SAAS;AACX,cAAI;AACF,kBAAM,YAAY,KAAK,oBAAoB,OAAO;AAClD,iBAAK,gBAAgB,MAAM,OAAO,OAAO,OAAO;AAAA,cAC9C;AAAA,cACA;AAAA,cACA,EAAE,MAAM,UAAU;AAAA,cAClB;AAAA,cACA,CAAC,WAAW,SAAS;AAAA,YACvB;AAAA,UACF,SAAS,OAAO;AACd,kBAAM,KAAK,eAAe;AAAA,UAC5B;AAAA,QACF,OAAO;AACL,gBAAM,KAAK,eAAe;AAAA,QAC5B;AAAA,MACF;AACA,WAAK,cAAc;AAAA,IACrB,SAAS,OAAO;AACd,WAAK,cAAc;AAAA,IACrB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QACJ,KACA,OACA,UAAgC,CAAC,GAClB;AACf,UAAM,KAAK,KAAK;AAEhB,UAAM,OAAO;AAAA,MACX;AAAA,MACA,WAAW,KAAK,IAAI;AAAA,MACpB,QAAQ,QAAQ,SAAS,KAAK,IAAI,IAAI,QAAQ,SAAS;AAAA,IACzD;AAEA,UAAM,aAAa,KAAK,UAAU,IAAI;AAEtC,QAAI,QAAQ,WAAW,KAAK,eAAe;AACzC,UAAI;AACF,cAAM,YAAY,MAAM,KAAK,QAAQ,UAAU;AAC/C,qBAAa,QAAQ,QAAQ,GAAG,IAAI,SAAS;AAC7C;AAAA,MACF,SAAS,OAAO;AAAA,MAEhB;AAAA,IACF;AAEA,iBAAa,QAAQ,KAAK,UAAU;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAQ,KAAqC;AACjD,UAAM,KAAK,KAAK;AAGhB,UAAM,gBAAgB,aAAa,QAAQ,QAAQ,GAAG,EAAE;AACxD,QAAI,iBAAiB,KAAK,eAAe;AACvC,UAAI;AACF,cAAM,YAAY,MAAM,KAAK,QAAQ,aAAa;AAClD,cAAM,SAAS,KAAK,MAAM,SAAS;AAGnC,YAAI,OAAO,UAAU,KAAK,IAAI,IAAI,OAAO,QAAQ;AAC/C,gBAAM,KAAK,WAAW,GAAG;AACzB,iBAAO;AAAA,QACT;AAEA,eAAO,OAAO;AAAA,MAChB,SAAS,OAAO;AAAA,MAEhB;AAAA,IACF;AAGA,UAAM,YAAY,aAAa,QAAQ,GAAG;AAC1C,QAAI,CAAC,UAAW,QAAO;AAEvB,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,SAAS;AAGnC,UAAI,OAAO,UAAU,KAAK,IAAI,IAAI,OAAO,QAAQ;AAC/C,cAAM,KAAK,WAAW,GAAG;AACzB,eAAO;AAAA,MACT;AAEA,aAAO,OAAO,SAAS;AAAA,IACzB,SAAS,OAAO;AAEd,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAW,KAA4B;AAC3C,iBAAa,WAAW,GAAG;AAC3B,iBAAa,WAAW,QAAQ,GAAG,EAAE;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAuB;AAC3B,UAAM,OAAO,OAAO,KAAK,YAAY;AACrC,eAAW,OAAO,MAAM;AACtB,UAAI,IAAI,WAAW,OAAO,GAAG;AAC3B,qBAAa,WAAW,GAAG;AAAA,MAC7B;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,iBAAgC;AAC5C,QAAI,CAAC,OAAO,QAAQ,OAAQ;AAE5B,QAAI;AACF,WAAK,gBAAgB,MAAM,OAAO,OAAO,OAAO;AAAA,QAC9C,EAAE,MAAM,WAAW,QAAQ,IAAI;AAAA,QAC/B;AAAA,QACA,CAAC,WAAW,SAAS;AAAA,MACvB;AAGA,YAAM,cAAc,MAAM,OAAO,OAAO,OAAO,UAAU,OAAO,KAAK,aAAa;AAClF,YAAM,UAAU,KAAK,oBAAoB,WAAW;AACpD,mBAAa,QAAQ,YAAY,OAAO;AAAA,IAC1C,SAAS,OAAO;AAAA,IAEhB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,QAAQ,MAA+B;AACnD,QAAI,CAAC,KAAK,iBAAiB,CAAC,OAAO,QAAQ,QAAQ;AACjD,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC5C;AAEA,UAAM,UAAU,IAAI,YAAY;AAChC,UAAM,aAAa,QAAQ,OAAO,IAAI;AACtC,UAAM,KAAK,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC;AAE3D,UAAM,YAAY,MAAM,OAAO,OAAO,OAAO;AAAA,MAC3C,EAAE,MAAM,WAAW,GAAG;AAAA,MACtB,KAAK;AAAA,MACL;AAAA,IACF;AAGA,UAAM,WAAW,IAAI,WAAW,GAAG,SAAS,UAAU,UAAU;AAChE,aAAS,IAAI,EAAE;AACf,aAAS,IAAI,IAAI,WAAW,SAAS,GAAG,GAAG,MAAM;AAEjD,WAAO,KAAK,oBAAoB,SAAS,MAAM;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,QAAQ,eAAwC;AAC5D,QAAI,CAAC,KAAK,iBAAiB,CAAC,OAAO,QAAQ,QAAQ;AACjD,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC5C;AAEA,UAAM,WAAW,KAAK,oBAAoB,aAAa;AACvD,UAAM,KAAK,SAAS,MAAM,GAAG,EAAE;AAC/B,UAAM,YAAY,SAAS,MAAM,EAAE;AAEnC,UAAM,YAAY,MAAM,OAAO,OAAO,OAAO;AAAA,MAC3C,EAAE,MAAM,WAAW,GAAG;AAAA,MACtB,KAAK;AAAA,MACL;AAAA,IACF;AAEA,UAAM,UAAU,IAAI,YAAY;AAChC,WAAO,QAAQ,OAAO,SAAS;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKQ,oBAAoB,QAA6B;AACvD,UAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,QAAI,SAAS;AACb,aAAS,IAAI,GAAG,IAAI,MAAM,YAAY,KAAK;AACzC,gBAAU,OAAO,aAAa,MAAM,CAAC,CAAC;AAAA,IACxC;AACA,WAAO,KAAK,MAAM;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA,EAKQ,oBAAoB,QAA6B;AACvD,UAAM,SAAS,KAAK,MAAM;AAC1B,UAAM,QAAQ,IAAI,WAAW,OAAO,MAAM;AAC1C,aAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,YAAM,CAAC,IAAI,OAAO,WAAW,CAAC;AAAA,IAChC;AACA,WAAO,MAAM;AAAA,EACf;AACF;AAEO,IAAM,gBAAgB,IAAI,kBAAkB;","names":[]}
package/dist/chunk-XNXXZ43G.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/rbac/secureClient.ts","../src/rbac/hooks/useRBAC.ts","../src/rbac/hooks/usePermissions.ts","../src/rbac/utils/deep-equal.ts","../src/rbac/hooks/useResourcePermissions.ts","../src/rbac/hooks/useRoleManagement.ts","../src/rbac/hooks/useSecureSupabase.ts"],"sourcesContent":["/**\n * Secure Supabase Client for RBAC\n * @package @jmruthers/pace-core\n * @module RBAC/SecureClient\n * @since 1.0.0\n * \n * This module provides a secure Supabase client that enforces organisation context\n * and prevents direct database access outside of the RBAC system.\n */\n\nimport { createClient, SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../types/database';\nimport { UUID } from './types';\nimport { OrganisationContextRequiredError } from './types';\n\n/**\n * Secure Supabase Client that enforces organisation context\n * \n * This client automatically injects organisation context into all requests\n * and prevents queries that don't have the required context.\n * \n * Note: Callers should derive organisationId from eventId before creating this client\n * if working with event-required apps. The client requires organisationId.\n */\nexport class SecureSupabaseClient {\n private supabase: SupabaseClient<Database>;\n private edgeFunctionClient: SupabaseClient<Database> | null = null;\n private supabaseUrl: string;\n private supabaseKey: string;\n private organisationId: UUID;\n private eventId?: string;\n private appId?: UUID;\n private isSuperAdmin: boolean;\n\n constructor(\n supabaseUrl: string,\n supabaseKey: string,\n organisationId: UUID,\n eventId?: string,\n appId?: UUID,\n isSuperAdmin: boolean = false\n ) {\n this.supabaseUrl = supabaseUrl;\n this.supabaseKey = supabaseKey;\n this.organisationId = organisationId;\n this.eventId = eventId;\n this.appId = appId;\n this.isSuperAdmin = isSuperAdmin;\n\n // Create the base Supabase client with context headers\n // Note: We'll override functions.invoke to exclude headers for Edge Functions\n // as they may not have CORS configured to accept custom headers\n this.supabase = createClient<Database>(supabaseUrl, supabaseKey, {\n global: {\n headers: {\n 'x-organisation-id': organisationId,\n 'x-event-id': eventId || '',\n 'x-app-id': appId || '',\n },\n },\n });\n\n // Override the auth methods to inject context\n this.setupContextInjection();\n \n // Override functions.invoke to exclude custom headers for Edge Functions\n // Edge Functions may not have CORS configured to accept custom headers\n this.setupEdgeFunctionHandling();\n }\n\n /**\n * Setup context injection for all database operations\n */\n private setupContextInjection() {\n const originalFrom = this.supabase.from.bind(this.supabase);\n \n (this.supabase as any).from = (table: string): any => {\n // Validate context before allowing any database operations\n this.validateContext();\n \n // Type assertion needed because table is a string but Supabase expects specific table names\n const query = originalFrom(table as any);\n \n // Store table name on query object so we can access it in filter methods\n (query as any)._tableName = table;\n \n // Inject organisation context into all queries\n return this.injectContext(query, table);\n };\n\n const originalRpc = this.supabase.rpc.bind(this.supabase);\n \n // Override rpc method to inject context\n // Type assertion needed because we're wrapping the generic rpc method\n // The fn parameter is typed as string to match Supabase's rpc signature\n (this.supabase as any).rpc = (fn: string, args?: any, options?: any): any => {\n // Validate context before allowing any RPC calls\n this.validateContext();\n \n // Inject context into RPC calls\n const contextArgs = {\n ...args,\n p_organisation_id: this.organisationId,\n p_event_id: this.eventId,\n p_app_id: this.appId,\n };\n \n return originalRpc(fn as any, contextArgs, options);\n };\n }\n\n /**\n * Setup Edge Function handling to bypass custom headers\n * Edge Functions may not have CORS configured to accept custom headers,\n * so we create a separate client without custom headers for Edge Function calls\n * \n * NOTE: We store the edge function client but don't override functions here.\n * Instead, we provide a method to get the edge function client for direct use.\n * This avoids interfering with the main client's operations.\n */\n private setupEdgeFunctionHandling() {\n // Create a separate client without custom headers for Edge Functions\n // This prevents CORS errors when Edge Functions don't accept custom headers\n // Store it as an instance variable to avoid creating multiple clients\n // We'll use this client directly for Edge Function calls instead of overriding\n this.edgeFunctionClient = createClient<Database>(this.supabaseUrl, this.supabaseKey);\n }\n\n /**\n * Get a client for Edge Function calls without custom headers\n * Edge Functions may not have CORS configured to accept custom headers\n * @returns Supabase client without custom headers for Edge Function calls\n */\n getEdgeFunctionClient(): SupabaseClient<Database> {\n return this.edgeFunctionClient || this.supabase;\n }\n\n /**\n * Inject organisation context into a query\n */\n private injectContext(query: any, tableName: string) {\n const originalSelect = query.select.bind(query);\n const originalInsert = query.insert.bind(query);\n const originalUpdate = query.update.bind(query);\n const originalDelete = query.delete.bind(query);\n\n // Override select to add organisation filter\n query.select = (columns?: string) => {\n const result = originalSelect(columns);\n return this.addOrganisationFilter(result, tableName);\n };\n\n // Override insert to add organisation context\n query.insert = (values: any) => {\n // Tables that don't have organisation_id column\n const tablesWithoutOrganisationId = [\n 'core_organisations', // Organisation table itself - uses 'id' as primary key\n 'rbac_apps', // App configuration table - no organisation scope\n 'rbac_app_pages', // Page configuration table - scoped by app_id, not organisation_id\n 'rbac_global_roles', // Global roles - no organisation scope\n ];\n \n // Skip adding organisation_id for tables that don't have it\n if (tablesWithoutOrganisationId.includes(tableName)) {\n return originalInsert(values);\n }\n \n // For rbac_user_profiles, only add organisation_id if not super admin\n // Super admins can create users in any org, non-super-admins are restricted\n if (tableName === 'rbac_user_profiles') {\n if (this.isSuperAdmin) {\n // Super admin: Don't force organisation_id (can be set explicitly if needed)\n return originalInsert(values);\n }\n // Non-super-admin: Add organisation_id as defense in depth\n const contextValues = Array.isArray(values) \n ? values.map(v => ({ ...v, organisation_id: this.organisationId }))\n : { ...values, organisation_id: this.organisationId };\n return originalInsert(contextValues);\n }\n \n // For other tables, always add organisation_id\n const contextValues = Array.isArray(values) \n ? values.map(v => ({ ...v, organisation_id: this.organisationId }))\n : { ...values, organisation_id: this.organisationId };\n \n return originalInsert(contextValues);\n };\n\n // Override update to add organisation filter\n query.update = (values: any) => {\n const result = originalUpdate(values);\n return this.addOrganisationFilter(result, tableName);\n };\n\n // Override delete to add organisation filter\n query.delete = () => {\n const result = originalDelete();\n return this.addOrganisationFilter(result, tableName);\n };\n\n return query;\n }\n\n /**\n * Add organisation filter to a query\n * \n * Defense in depth strategy:\n * - RLS policies are the primary security layer (cannot be bypassed)\n * - Application-level filtering adds an additional layer of protection\n * \n * For rbac_user_profiles:\n * - Super admins: No org filter (see all users) - RLS will allow access\n * - Non-super-admins: Apply org filter as defense in depth - RLS will also filter\n * \n * For other tables:\n * - Always apply org filter unless super admin bypasses it\n */\n private addOrganisationFilter(query: any, tableName: string) {\n // Tables that don't have organisation_id column - RLS policies handle access control\n const tablesWithoutOrganisationId = [\n 'core_organisations', // Organisation table itself - uses 'id' as primary key\n 'rbac_apps', // App configuration table - no organisation scope\n 'rbac_app_pages', // Page configuration table - scoped by app_id, not organisation_id\n 'rbac_global_roles', // Global roles - no organisation scope\n ];\n \n // Skip organisation filter for tables that don't have organisation_id column\n if (tablesWithoutOrganisationId.includes(tableName)) {\n return query; // RLS policies handle access control for these tables\n }\n\n // If organisation context is not set, don't add a filter (e.g., super admin without selected org)\n if (!this.organisationId) {\n return query;\n }\n \n // For rbac_user_profiles, use conditional filtering based on super admin status\n if (tableName === 'rbac_user_profiles') {\n // Super admins: No org filter (see all users via RLS)\n // Non-super-admins: Apply org filter as defense in depth (RLS also filters)\n if (this.isSuperAdmin) {\n return query; // No filter - RLS handles access control\n }\n // Apply org filter for non-super-admins as additional security layer\n return query.eq('organisation_id', this.organisationId);\n }\n \n // For all other tables, apply organisation filter\n // Super admins can still bypass via RLS if needed, but we filter at app level too\n if (this.isSuperAdmin) {\n // Super admins might want to see cross-org data, but for most tables\n // we still apply the filter as a safety measure (they can override if needed)\n // For now, we'll apply it - super admins can use direct queries if they need cross-org access\n return query.eq('organisation_id', this.organisationId);\n }\n \n // Non-super-admins: Always apply org filter\n return query.eq('organisation_id', this.organisationId);\n }\n\n /**\n * Validate that required context is present\n */\n private validateContext() {\n if (!this.organisationId) {\n throw new OrganisationContextRequiredError();\n }\n }\n\n /**\n * Get the current organisation ID\n */\n getOrganisationId(): UUID {\n return this.organisationId;\n }\n\n /**\n * Get the current event ID\n */\n getEventId(): string | undefined {\n return this.eventId;\n }\n\n /**\n * Get the current app ID\n */\n getAppId(): UUID | undefined {\n return this.appId;\n }\n\n /**\n * Create a new client with updated context\n */\n withContext(updates: {\n organisationId?: UUID;\n eventId?: string;\n appId?: UUID;\n isSuperAdmin?: boolean;\n }): SecureSupabaseClient {\n return new SecureSupabaseClient(\n this.supabaseUrl,\n this.supabaseKey,\n updates.organisationId || this.organisationId,\n updates.eventId !== undefined ? updates.eventId : this.eventId,\n updates.appId !== undefined ? updates.appId : this.appId,\n updates.isSuperAdmin !== undefined ? updates.isSuperAdmin : this.isSuperAdmin\n );\n }\n\n /**\n * Get the underlying Supabase client (for internal use only)\n * @internal\n */\n getClient(): SupabaseClient<Database> {\n // Return a proxy that intercepts functions.invoke calls to use edge function client\n // This avoids CORS issues with Edge Functions while keeping the main client intact\n return new Proxy(this.supabase, {\n get: (target, prop) => {\n if (prop === 'functions' && this.edgeFunctionClient) {\n // Return the edge function client's functions for invoke calls\n // This bypasses custom headers that cause CORS errors\n return this.edgeFunctionClient.functions;\n }\n // For all other properties, return the original\n return (target as any)[prop];\n }\n }) as SupabaseClient<Database>;\n }\n}\n\n/**\n * Create a secure Supabase client with organisation context\n * \n * @param supabaseUrl - Supabase project URL\n * @param supabaseKey - Supabase publishable key or anon key (accepts both legacy anon keys and modern publishable keys)\n * @param organisationId - Required organisation ID\n * @param eventId - Optional event ID\n * @param appId - Optional app ID\n * @param isSuperAdmin - Optional super admin flag (defaults to false)\n * @returns SecureSupabaseClient instance\n * \n * @example\n * ```typescript\n * const client = createSecureClient(\n * 'https://your-project.supabase.co',\n * 'your-publishable-key-or-anon-key',\n * 'org-123',\n * 'event-456',\n * 'app-789',\n * false // isSuperAdmin\n * );\n * ```\n */\nexport function createSecureClient(\n supabaseUrl: string,\n supabaseKey: string,\n organisationId: UUID,\n eventId?: string,\n appId?: UUID,\n isSuperAdmin: boolean = false\n): SecureSupabaseClient {\n return new SecureSupabaseClient(supabaseUrl, supabaseKey, organisationId, eventId, appId, isSuperAdmin);\n}\n\n/**\n * Create a secure client from an existing Supabase client\n * \n * @param client - Existing Supabase client\n * @param organisationId - Required organisation ID\n * @param eventId - Optional event ID\n * @param appId - Optional app ID\n * @returns SecureSupabaseClient instance\n */\nexport function fromSupabaseClient(\n client: SupabaseClient<Database>,\n organisationId: UUID,\n eventId?: string,\n appId?: UUID\n): SecureSupabaseClient {\n // We need the URL and key to create a new client, but they're not accessible\n // This function should be used with createSecureClient instead\n throw new Error('fromSupabaseClient is not supported. Use createSecureClient instead.');\n}\n","/**\n * @file RBAC Hook\n * @package @jmruthers/pace-core\n * @module RBAC/Hooks\n * @since 0.3.0\n *\n * A React hook that provides access to the RBAC (Role-Based Access Control) system\n * through the hardened RBAC engine API. The hook defers all permission and role\n * resolution to the shared engine to ensure consistent security behaviour across\n * applications.\n */\n\nimport { useState, useEffect, useCallback, useMemo } from 'react';\nimport { useUnifiedAuth } from '../../providers/services/UnifiedAuthProvider';\nimport { useOrganisations } from '../../hooks/useOrganisations';\nimport { useEvents } from '../../hooks/useEvents';\nimport {\n getPermissionMap,\n getAccessLevel,\n resolveAppContext,\n getRoleContext,\n} from '../api';\nimport { getRBACLogger } from '../config';\nimport { ContextValidator } from '../utils/contextValidator';\nimport type {\n UserRBACContext,\n GlobalRole,\n OrganisationRole,\n EventAppRole,\n Permission,\n Scope,\n PermissionMap,\n UUID,\n} from '../types';\n\nfunction mapAccessLevelToEventRole(level: string | null): EventAppRole | null {\n switch (level) {\n case 'viewer':\n return 'viewer';\n case 'participant':\n return 'participant';\n case 'planner':\n return 'planner';\n case 'admin':\n case 'super':\n return 'event_admin';\n default:\n return null;\n }\n}\n\nexport function useRBAC(pageId?: string): UserRBACContext {\n const logger = getRBACLogger();\n // Get all context from UnifiedAuth - it already provides selectedOrganisation, isContextReady, selectedEvent, and eventLoading\n // This is more reliable than calling useOrganisations()/useEvents() separately which might throw or return stale values\n const { \n user, \n session, \n supabase,\n appName, \n appConfig,\n appId: contextAppId,\n selectedOrganisation,\n isContextReady: orgContextReady,\n organisationLoading: orgLoading,\n selectedEvent,\n eventLoading\n } = useUnifiedAuth();\n \n // Removed excessive logging - hook initialization logged only on first mount or significant changes\n\n const [globalRole, setGlobalRole] = useState<GlobalRole | null>(null);\n const [organisationRole, setOrganisationRole] = useState<OrganisationRole | null>(null);\n const [eventAppRole, setEventAppRole] = useState<EventAppRole | null>(null);\n const [permissionMap, setPermissionMap] = useState<PermissionMap>({} as PermissionMap);\n const [currentScope, setCurrentScope] = useState<Scope | null>(null);\n const [isLoading, setIsLoading] = useState(false);\n const [error, setError] = useState<Error | null>(null);\n\n const resetState = useCallback(() => {\n setGlobalRole(null);\n setOrganisationRole(null);\n setEventAppRole(null);\n setPermissionMap({} as PermissionMap);\n setCurrentScope(null);\n }, []);\n\n const loadRBACContext = useCallback(async () => {\n // Early return if user is not authenticated - don't do anything\n if (!user || !session) {\n resetState();\n setIsLoading(false);\n return;\n }\n\n // Build initial scope from available context\n // For event-required apps: use organisation_id from selectedEvent if available (faster than deriving)\n // For org-required apps: use selectedOrganisation.id\n const initialScope: Scope = {\n organisationId: appConfig?.requires_event \n ? (selectedEvent?.organisation_id || selectedOrganisation?.id) \n : selectedOrganisation?.id,\n eventId: selectedEvent?.event_id || undefined,\n appId: undefined\n };\n\n // Check if context is ready using ContextValidator\n const contextReady = ContextValidator.isContextReady(\n initialScope,\n appConfig,\n appName,\n !!selectedEvent,\n !!selectedOrganisation\n );\n\n // PORTAL/ADMIN special case: context is always ready\n if (appName !== 'PORTAL' && appName !== 'ADMIN' && !contextReady) {\n // Wait for appropriate context based on app config\n setIsLoading(true);\n return;\n }\n\n setIsLoading(true);\n setError(null);\n\n // Loading RBAC context\n\n try {\n let appId: UUID | undefined = contextAppId; // Use contextAppId as default (already resolved in UnifiedAuthProvider)\n \n if (appName && !appId) {\n // Wrap RPC call in try-catch to handle NetworkError gracefully\n try {\n const resolved = await resolveAppContext({ userId: user.id as UUID, appName });\n // For PORTAL/ADMIN apps, allow access even if hasAccess is false (users can view their own profile, super admins have global access)\n if (!resolved) {\n if (appName === 'PORTAL' || appName === 'ADMIN') {\n // For PORTAL/ADMIN, try to get appId directly from database\n try {\n const { getAppConfigByName } = await import('../api');\n await getAppConfigByName(appName);\n // We can't get appId from config, but that's OK - use contextAppId or proceed without\n } catch (err) {\n // Proceed without appId for page-level permissions\n }\n } else {\n throw new Error(`User does not have access to app \"${appName}\"`);\n }\n } else if (!resolved.hasAccess && appName !== 'PORTAL' && appName !== 'ADMIN') {\n throw new Error(`User does not have access to app \"${appName}\"`);\n } else {\n appId = resolved.appId;\n }\n } catch (rpcError: any) {\n // Handle NetworkError - might be due to timing issue\n if (rpcError?.message?.includes('NetworkError') || rpcError?.message?.includes('fetch')) {\n logger.warn('[useRBAC] NetworkError resolving app context - may be timing issue, will retry when context is ready', {\n appName,\n error: rpcError.message,\n eventLoading,\n hasSelectedEvent: !!selectedEvent\n });\n // Don't throw - let it retry when dependencies change\n setIsLoading(false);\n return;\n }\n // For PORTAL/ADMIN, allow proceeding without app access check (for profile pages, super admin access)\n if (appName === 'PORTAL' || appName === 'ADMIN') {\n // appId will use contextAppId or be undefined, which is OK for PORTAL/ADMIN page-level permissions\n } else {\n // Re-throw other errors for non-PORTAL apps\n throw rpcError;\n }\n }\n }\n\n // Update scope with appId (use contextAppId as fallback for PORTAL)\n const scope: Scope = {\n ...initialScope,\n appId: appId || contextAppId,\n };\n \n // Resolve required context using ContextValidator\n // Pass supabase client to allow deriving organisation from event for event-required apps\n const validation = await ContextValidator.resolveRequiredContext(\n scope,\n appConfig,\n appName,\n supabase || null\n );\n\n if (!validation.isValid || !validation.resolvedScope) {\n throw validation.error || new Error('Context validation failed');\n }\n\n const resolvedScope = validation.resolvedScope;\n setCurrentScope(resolvedScope);\n\n // Pass appConfig and appName to API calls for context validation\n const [map, roleContext, accessLevel] = await Promise.all([\n getPermissionMap({ userId: user.id as UUID, scope: resolvedScope }, appConfig, appName),\n getRoleContext({ userId: user.id as UUID, scope: resolvedScope }, appConfig, appName),\n getAccessLevel({ userId: user.id as UUID, scope: resolvedScope }, appConfig, appName),\n ]);\n\n setPermissionMap(map);\n setGlobalRole(roleContext.globalRole);\n setOrganisationRole(roleContext.organisationRole);\n setEventAppRole(roleContext.eventAppRole || mapAccessLevelToEventRole(accessLevel));\n \n // Only log on first successful load or if there's an issue\n const permissionCount = Object.keys(map).length;\n if (permissionCount === 0) {\n logger.warn('[useRBAC] RBAC context loaded but returned 0 permissions', {\n appName,\n organisationId: resolvedScope.organisationId,\n eventId: resolvedScope.eventId\n });\n }\n } catch (err) {\n const handledError = err instanceof Error ? err : new Error('Failed to load RBAC context');\n logger.error('[useRBAC] Error loading RBAC context:', handledError);\n setError(handledError);\n resetState();\n } finally {\n setIsLoading(false);\n }\n }, [appName, logger, resetState, selectedEvent?.event_id, selectedOrganisation?.id, session, user, eventLoading, appConfig, orgContextReady, orgLoading]);\n\n const hasGlobalPermission = useCallback(\n (permission: string): boolean => {\n if (globalRole === 'super_admin' || permissionMap['*']) {\n return true;\n }\n\n if (permission === 'super_admin') {\n return globalRole === 'super_admin';\n }\n\n if (permission === 'org_admin') {\n return organisationRole === 'org_admin';\n }\n\n return permissionMap[permission as Permission] === true;\n },\n [globalRole, organisationRole, permissionMap],\n );\n\n const isSuperAdmin = useMemo(() => globalRole === 'super_admin' || permissionMap['*'] === true, [globalRole, permissionMap]);\n const isOrgAdmin = useMemo(() => organisationRole === 'org_admin' || isSuperAdmin, [organisationRole, isSuperAdmin]);\n const isEventAdmin = useMemo(() => eventAppRole === 'event_admin' || isSuperAdmin, [eventAppRole, isSuperAdmin]);\n const canManageOrganisation = useMemo(() => isSuperAdmin || organisationRole === 'org_admin', [isSuperAdmin, organisationRole]);\n const canManageEvent = useMemo(() => isSuperAdmin || eventAppRole === 'event_admin', [isSuperAdmin, eventAppRole]);\n\n useEffect(() => {\n loadRBACContext();\n }, [loadRBACContext, appName, appConfig, eventLoading, selectedEvent?.event_id, user, session, selectedOrganisation?.id, orgContextReady, orgLoading]);\n\n return {\n user,\n globalRole,\n organisationRole,\n eventAppRole,\n hasGlobalPermission,\n isSuperAdmin,\n isOrgAdmin,\n isEventAdmin,\n canManageOrganisation,\n canManageEvent,\n isLoading,\n error,\n };\n}\n","/**\n * @file RBAC Permission Hooks\n * @package @jmruthers/pace-core\n * @module RBAC/Hooks\n * @since 1.0.0\n * \n * This module provides React hooks for RBAC functionality.\n */\n\nimport React, { useState, useEffect, useCallback, useMemo, useRef } from 'react';\nimport { \n UUID, \n Scope, \n Permission, \n PermissionMap,\n OrganisationContextRequiredError\n} from '../types';\nimport { AccessLevel as AccessLevelType } from '../types';\nimport { \n getAccessLevel, \n getPermissionMap, \n isPermitted,\n isPermittedCached \n} from '../api';\nimport { getRBACLogger } from '../config';\nimport { scopeEqual } from '../utils/deep-equal';\nimport { useAppConfig } from '../../hooks/useAppConfig';\n\n/**\n * Hook to get user's permissions in a scope\n * \n * @param userId - User ID\n * @param organisationId - Organisation ID\n * @param eventId - Event ID (optional)\n * @param appId - Application ID (optional)\n * @returns Permission state and methods\n * \n * @example\n * ```tsx\n * function MyComponent() {\n * const { permissions, isLoading, error } = usePermissions(\n * userId, \n * organisationId, \n * eventId, \n * appId\n * );\n * \n * if (isLoading) return <div>Loading...</div>;\n * if (error) return <div>Error: {error.message}</div>;\n * \n * return (\n * <div>\n * {permissions['read:users'] && <UserList />}\n * {permissions['create:users'] && <CreateUserButton />}\n * </div>\n * );\n * }\n * ```\n */\nexport function usePermissions(\n userId: UUID, \n organisationId: string | undefined, \n eventId: string | undefined, \n appId: string | undefined\n) {\n const [permissions, setPermissions] = useState<PermissionMap>({} as PermissionMap);\n const [isLoading, setIsLoading] = useState(true);\n const [error, setError] = useState<Error | null>(null);\n const [fetchTrigger, setFetchTrigger] = useState(0);\n const isFetchingRef = useRef(false);\n const logger = getRBACLogger();\n \n // Track previous values to detect changes imperatively\n const prevValuesRef = useRef({ userId, organisationId, eventId, appId });\n \n // Normalize organisationId to empty string if undefined\n const orgId = organisationId || '';\n \n // Removed excessive logging - only log when scope actually changes (not on every render)\n\n // Add timeout for missing organisation context (3 seconds)\n // OPTIMIZATION: Skip timeout if userId is null/undefined (indicates pre-filtered mode)\n useEffect(() => {\n // If userId is null/undefined, skip the timeout - this indicates items are pre-filtered\n // and we don't need to wait for organisation context\n if (!userId) {\n return; // Skip timeout when userId is null (pre-filtered mode)\n }\n \n if (!orgId || orgId === null || (typeof orgId === 'string' && orgId.trim() === '')) {\n const timeoutId = setTimeout(() => {\n setError(new Error('Organisation context is required for permission checks'));\n setIsLoading(false);\n }, 3000); // 3 seconds - typical permission check is < 1 second\n \n return () => clearTimeout(timeoutId);\n }\n // Clear error if organisation context becomes available\n if (error?.message === 'Organisation context is required for permission checks') {\n setError(null);\n }\n }, [userId, organisationId, error, orgId]);\n\n // CRITICAL: Detect parameter changes and trigger fetch\n // Moved to useEffect to prevent render-time state updates that could cause render loops\n useEffect(() => {\n const paramsChanged = \n prevValuesRef.current.userId !== userId ||\n prevValuesRef.current.organisationId !== organisationId ||\n prevValuesRef.current.eventId !== eventId ||\n prevValuesRef.current.appId !== appId;\n \n if (paramsChanged) {\n // Only log significant changes (appId changes are most important)\n if (prevValuesRef.current.appId !== appId) {\n // AppId changed - triggering fetch\n }\n prevValuesRef.current = { userId, organisationId, eventId, appId };\n // Increment counter to force fetch useEffect to run\n setFetchTrigger(prev => prev + 1);\n }\n }, [userId, organisationId, eventId, appId, logger]);\n\n useEffect(() => {\n const fetchPermissions = async () => {\n // Prevent multiple simultaneous fetches\n if (isFetchingRef.current) {\n return;\n }\n\n if (!userId) {\n setPermissions({} as PermissionMap);\n setIsLoading(false);\n return;\n }\n\n // Don't fetch permissions if scope is invalid (e.g., organisationId is null/empty)\n // Wait for organisation context to resolve\n // IMPORTANT: Don't clear existing permissions here - keep them until we have new ones\n // OPTIMIZATION: If userId is null/undefined, immediately set loading to false\n // This indicates pre-filtered mode where we don't need to wait for organisation context\n if (!userId) {\n setPermissions({} as PermissionMap);\n setIsLoading(false);\n return;\n }\n \n if (!orgId || orgId === null || (typeof orgId === 'string' && orgId.trim() === '')) {\n // Keep existing permissions, just mark as loading\n setIsLoading(true);\n setError(null);\n return;\n }\n\n try {\n isFetchingRef.current = true;\n setIsLoading(true);\n setError(null);\n \n // Build scope object for API call\n const scope: Scope = {\n organisationId: orgId,\n eventId: eventId,\n appId: appId\n };\n \n // Fetch new permissions - don't clear old ones until we have new ones\n const permissionMap = await getPermissionMap({ userId, scope });\n \n // Only log if there's a significant change or error\n const permissionCount = Object.keys(permissionMap).length;\n if (permissionCount === 0 && Object.keys(permissions).length > 0) {\n logger.warn('[usePermissions] Permissions fetched but returned empty map', {\n scope: { organisationId: orgId, eventId, appId }\n });\n }\n \n // Only update permissions if fetch was successful\n setPermissions(permissionMap);\n } catch (err) {\n // On error, keep existing permissions but set error state\n // This prevents the UI from losing all items when there's a transient error\n logger.error('[usePermissions] Failed to fetch permissions:', err);\n setError(err instanceof Error ? err : new Error('Failed to fetch permissions'));\n // Don't clear permissions on error - keep what we had\n } finally {\n setIsLoading(false);\n isFetchingRef.current = false;\n }\n };\n\n fetchPermissions();\n }, [fetchTrigger, userId, organisationId, eventId, appId]);\n\n const hasPermission = useCallback((permission: Permission): boolean => {\n if (permissions['*']) {\n return true;\n }\n return permissions[permission] === true;\n }, [permissions]);\n\n const hasAnyPermission = useCallback((permissionList: Permission[]): boolean => {\n if (permissions['*']) {\n return true;\n }\n return permissionList.some(p => permissions[p] === true);\n }, [permissions]);\n\n const hasAllPermissions = useCallback((permissionList: Permission[]): boolean => {\n if (permissions['*']) {\n return true;\n }\n return permissionList.every(p => permissions[p] === true);\n }, [permissions]);\n\n const refetch = useCallback(async () => {\n // Prevent multiple simultaneous fetches\n if (isFetchingRef.current) {\n return;\n }\n\n if (!userId) {\n setPermissions({} as PermissionMap);\n setIsLoading(false);\n return;\n }\n\n // Don't fetch permissions if scope is invalid (e.g., organisationId is null/empty)\n // IMPORTANT: Don't clear existing permissions - keep them until we have new ones\n if (!orgId || orgId === null || (typeof orgId === 'string' && orgId.trim() === '')) {\n // Keep existing permissions, just mark as loading\n setIsLoading(true);\n setError(null);\n return;\n }\n\n try {\n isFetchingRef.current = true;\n setIsLoading(true);\n setError(null);\n \n // Build scope object for API call\n const scope: Scope = {\n organisationId: orgId,\n eventId: eventId,\n appId: appId\n };\n \n // Fetch new permissions - don't clear old ones until we have new ones\n const permissionMap = await getPermissionMap({ userId, scope });\n \n // Only update permissions if fetch was successful\n setPermissions(permissionMap);\n } catch (err) {\n // On error, keep existing permissions but set error state\n // This prevents the UI from losing all items when there's a transient error\n const logger = getRBACLogger();\n logger.error('Failed to refetch permissions:', err);\n setError(err instanceof Error ? err : new Error('Failed to fetch permissions'));\n // Don't clear permissions on error - keep what we had\n } finally {\n setIsLoading(false);\n isFetchingRef.current = false;\n }\n }, [userId, organisationId, eventId, appId]);\n\n // Memoize the return object to prevent unnecessary re-renders\n return useMemo(() => ({\n permissions,\n isLoading,\n error,\n hasPermission,\n hasAnyPermission,\n hasAllPermissions,\n refetch\n }), [permissions, isLoading, error, hasPermission, hasAnyPermission, hasAllPermissions, refetch]);\n}\n\n/**\n * Hook to check if user can perform an action\n * \n * @param userId - User ID\n * @param scope - Scope for permission checking\n * @param permission - Permission to check\n * @param pageId - Optional page ID\n * @param useCache - Whether to use cached results\n * @param appName - Optional app name (for PORTAL/ADMIN special case)\n * @returns Permission check state and methods\n * \n * @example\n * ```tsx\n * function MyComponent() {\n * const { can, isLoading, error } = useCan(userId, scope, 'read:users');\n * \n * if (isLoading) return <div>Checking permission...</div>;\n * if (error) return <div>Error: {error.message}</div>;\n * \n * return can ? <UserList /> : <div>Access denied</div>;\n * }\n * ```\n */\nexport function useCan(\n userId: UUID, \n scope: Scope, \n permission: Permission, \n pageId?: UUID,\n useCache: boolean = true,\n appName?: string\n) {\n const [can, setCan] = useState<boolean>(false);\n const [isLoading, setIsLoading] = useState(true);\n const [error, setError] = useState<Error | null>(null);\n const [isSuperAdmin, setIsSuperAdmin] = useState<boolean | null>(null);\n\n // Validate scope parameter - handle undefined/null scope gracefully\n const isValidScope = scope && typeof scope === 'object';\n const organisationId = isValidScope ? scope.organisationId : undefined;\n const eventId = isValidScope ? scope.eventId : undefined;\n const appId = isValidScope ? scope.appId : undefined;\n\n // Check super-admin status - super admins bypass organisation context requirements\n useEffect(() => {\n if (!userId) {\n setIsSuperAdmin(false);\n return;\n }\n\n let cancelled = false;\n const checkSuperAdmin = async () => {\n try {\n const { isSuperAdmin: checkSuperAdmin } = await import('../api');\n const isSuper = await checkSuperAdmin(userId);\n if (!cancelled) {\n setIsSuperAdmin(isSuper);\n }\n } catch (err) {\n if (!cancelled) {\n setIsSuperAdmin(false);\n }\n }\n };\n\n checkSuperAdmin();\n return () => {\n cancelled = true;\n };\n }, [userId]);\n\n // Add timeout for missing organisation context (3 seconds)\n // Only apply timeout for resource-level permissions, not page-level (which can handle null orgs)\n // Super admins bypass this check\n useEffect(() => {\n const isPagePermission = permission.includes(':page.') || !!pageId;\n const requiresOrgId = !isPagePermission;\n \n // Don't block if user is super-admin (they bypass context requirements)\n if (isSuperAdmin === true) {\n return;\n }\n \n if (requiresOrgId && (!isValidScope || !organisationId || organisationId === null || (typeof organisationId === 'string' && organisationId.trim() === ''))) {\n const timeoutId = setTimeout(() => {\n setError(new Error('Organisation context is required for permission checks'));\n setIsLoading(false);\n setCan(false);\n }, 3000); // 3 seconds - typical permission check is < 1 second\n \n return () => clearTimeout(timeoutId);\n }\n // Clear error if organisation context becomes available\n if (error?.message === 'Organisation context is required for permission checks') {\n setError(null);\n }\n }, [isValidScope, organisationId, error, permission, pageId, isSuperAdmin]);\n\n // Use refs to track the last values to prevent unnecessary re-runs\n const lastUserIdRef = useRef<UUID | null>(null);\n const lastScopeRef = useRef<string | null>(null);\n const lastPermissionRef = useRef<Permission | null>(null);\n const lastPageIdRef = useRef<UUID | undefined | null>(null);\n const lastUseCacheRef = useRef<boolean | null>(null);\n\n // Create a stable scope object for comparison\n const stableScope = useMemo(() => {\n if (!isValidScope) {\n return null;\n }\n return {\n organisationId,\n eventId,\n appId,\n };\n }, [isValidScope, organisationId, eventId, appId]);\n\n // Track previous scope for deep equality comparison\n const prevScopeRef = useRef<Scope | null>(null);\n\n useEffect(() => {\n // Use deep equality check for scope to prevent unnecessary re-runs\n const scopeChanged = !scopeEqual(prevScopeRef.current, stableScope);\n \n // Only run if something has actually changed\n if (\n lastUserIdRef.current !== userId ||\n scopeChanged ||\n lastPermissionRef.current !== permission ||\n lastPageIdRef.current !== pageId ||\n lastUseCacheRef.current !== useCache\n ) {\n lastUserIdRef.current = userId;\n prevScopeRef.current = stableScope;\n lastPermissionRef.current = permission;\n lastPageIdRef.current = pageId;\n lastUseCacheRef.current = useCache;\n \n // Inline the permission check logic to avoid useCallback dependency issues\n const checkPermission = async () => {\n if (!userId) {\n setCan(false);\n setIsLoading(false);\n return;\n }\n\n // Validate scope before accessing properties\n if (!isValidScope) {\n setIsLoading(true);\n setCan(false);\n setError(null);\n // Timeout is handled in separate useEffect\n return;\n }\n\n // For page-level permissions, allow undefined/null organisationId (database function handles it)\n // For resource-level permissions, organisationId is required\n const isPagePermission = permission.includes(':page.') || !!pageId;\n const requiresOrgId = !isPagePermission;\n \n // Check if pageId is a pageName (not a UUID) - if so, we need appId to resolve it\n const isPageName = pageId && typeof pageId === 'string' && !/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(pageId);\n const needsAppIdForPageName = isPagePermission && isPageName;\n \n // Don't check permissions if scope is invalid and orgId is required\n // Wait for organisation context to resolve (unless it's a page permission that can handle null orgs)\n // Super admins bypass this check - only proceed if super-admin status is confirmed to be true\n // If super-admin status is still being checked (null), wait for it to complete\n if (requiresOrgId && (!organisationId || organisationId === null || (typeof organisationId === 'string' && organisationId.trim() === ''))) {\n // Only proceed if user is confirmed to be super-admin\n if (isSuperAdmin === true) {\n // Super-admin bypass - allow check to proceed (isPermitted will handle super-admin bypass)\n } else {\n // Not super-admin or still checking - wait for org context or super-admin check to complete\n setIsLoading(true);\n setCan(false);\n setError(null);\n // Timeout is handled in separate useEffect (Phase 1.4)\n return;\n }\n }\n \n // For page-level permissions with pageName (not UUID), we need appId to resolve the pageName to pageId\n // Wait for appId to be available before checking permissions\n if (needsAppIdForPageName && (!appId || appId === null || (typeof appId === 'string' && appId.trim() === ''))) {\n setIsLoading(true);\n setCan(false);\n setError(null);\n // Will re-run when appId becomes available (via scope change detection)\n return;\n }\n\n try {\n setIsLoading(true);\n setError(null);\n \n // Create a valid scope object for the API call\n // For page-level permissions, organisationId can be undefined (database handles it)\n const validScope: Scope = {\n ...(organisationId ? { organisationId } : {}),\n ...(eventId ? { eventId } : {}),\n ...(appId ? { appId } : {})\n };\n \n const result = useCache \n ? await isPermittedCached({ userId, scope: validScope, permission, pageId }, undefined, appName)\n : await isPermitted({ userId, scope: validScope, permission, pageId }, undefined, appName);\n \n setCan(result);\n } catch (err) {\n const logger = getRBACLogger();\n logger.error('Permission check error:', { permission, error: err });\n setError(err instanceof Error ? err : new Error('Failed to check permission'));\n setCan(false);\n } finally {\n setIsLoading(false);\n }\n };\n \n checkPermission();\n }\n }, [userId, stableScope, permission, pageId, useCache, appName, isSuperAdmin]);\n\n const refetch = useCallback(async () => {\n if (!userId) {\n setCan(false);\n setIsLoading(false);\n return;\n }\n\n // Validate scope before accessing properties\n if (!isValidScope) {\n setCan(false);\n setIsLoading(true);\n setError(null);\n return;\n }\n\n // For page-level permissions, allow undefined/null organisationId (database function handles it)\n // For resource-level permissions, organisationId is required\n const isPagePermission = permission.includes(':page.') || !!pageId;\n const requiresOrgId = !isPagePermission;\n \n // Don't check permissions if scope is invalid and orgId is required\n if (requiresOrgId && (!organisationId || organisationId === null || (typeof organisationId === 'string' && organisationId.trim() === ''))) {\n setCan(false);\n setIsLoading(true);\n setError(null);\n return;\n }\n\n try {\n setIsLoading(true);\n setError(null);\n \n // Create a valid scope object for the API call\n // For page-level permissions, organisationId can be undefined (database handles it)\n const validScope: Scope = {\n ...(organisationId ? { organisationId } : {}),\n ...(eventId ? { eventId } : {}),\n ...(appId ? { appId } : {})\n };\n \n const result = useCache \n ? await isPermittedCached({ userId, scope: validScope, permission, pageId }, undefined, appName)\n : await isPermitted({ userId, scope: validScope, permission, pageId }, undefined, appName);\n \n setCan(result);\n } catch (err) {\n setError(err instanceof Error ? err : new Error('Failed to check permission'));\n setCan(false);\n } finally {\n setIsLoading(false);\n }\n }, [userId, isValidScope, organisationId, eventId, appId, permission, pageId, useCache, appName]);\n\n // Memoize the return object to prevent unnecessary re-renders\n return useMemo(() => ({\n can,\n isLoading,\n error,\n refetch\n }), [can, isLoading, error, refetch]);\n}\n\n/**\n * Hook to get user's access level in a scope\n * \n * @param userId - User ID\n * @param scope - Scope for access level checking\n * @returns Access level state and methods\n * \n * @example\n * ```tsx\n * function MyComponent() {\n * const { accessLevel, isLoading, error } = useAccessLevel(userId, scope);\n * \n * if (isLoading) return <div>Loading access level...</div>;\n * if (error) return <div>Error: {error.message}</div>;\n * \n * return (\n * <div>\n * Access Level: {accessLevel}\n * {accessLevel >= AccessLevel.ADMIN && <AdminPanel />}\n * </div>\n * );\n * }\n * ```\n */\nexport function useAccessLevel(userId: UUID, scope: Scope): {\n accessLevel: AccessLevelType;\n isLoading: boolean;\n error: Error | null;\n refetch: () => Promise<void>;\n} {\n const [accessLevel, setAccessLevel] = useState<AccessLevelType>('viewer');\n const [isLoading, setIsLoading] = useState(true);\n const [error, setError] = useState<Error | null>(null);\n\n // Get appName from context if available (safely handles missing context)\n let appName: string | undefined;\n try {\n const { appName: contextAppName } = useAppConfig();\n appName = contextAppName;\n } catch {\n // Not available, will use undefined\n }\n\n const fetchAccessLevel = useCallback(async () => {\n if (!userId) {\n setAccessLevel('viewer');\n setIsLoading(false);\n return;\n }\n\n try {\n setIsLoading(true);\n setError(null);\n \n // Check super admin status first - super admins bypass context requirements\n // This allows super admins to check their access level without organisation context\n const { isSuperAdmin: checkSuperAdmin } = await import('../api');\n const isSuperAdminUser = await checkSuperAdmin(userId);\n \n if (isSuperAdminUser) {\n setAccessLevel('super');\n setIsLoading(false);\n return;\n }\n\n // Early validation: check if scope has required context\n // PORTAL/ADMIN apps allow both contexts to be optional\n if (appName !== 'PORTAL' && appName !== 'ADMIN' && !scope.organisationId && !scope.eventId) {\n const orgError = new OrganisationContextRequiredError();\n setError(orgError);\n setAccessLevel('viewer');\n setIsLoading(false);\n return;\n }\n \n const level = await getAccessLevel({ userId, scope }, null, appName);\n setAccessLevel(level);\n } catch (err) {\n const error = err instanceof Error ? err : new Error('Failed to fetch access level');\n setError(error);\n setAccessLevel('viewer');\n } finally {\n setIsLoading(false);\n }\n }, [userId, scope.organisationId, scope.eventId, scope.appId, appName]);\n\n useEffect(() => {\n fetchAccessLevel();\n }, [fetchAccessLevel]);\n\n // Memoize the return object to prevent unnecessary re-renders\n return useMemo(() => ({\n accessLevel,\n isLoading,\n error,\n refetch: fetchAccessLevel\n }), [accessLevel, isLoading, error, fetchAccessLevel]);\n}\n\n/**\n * Hook to check multiple permissions at once\n * \n * @param userId - User ID\n * @param scope - Scope for permission checking\n * @param permissions - Array of permissions to check\n * @param useCache - Whether to use cached results\n * @returns Multiple permission check results\n * \n * @example\n * ```tsx\n * function MyComponent() {\n * const { results, isLoading, error } = useMultiplePermissions(\n * userId, \n * scope, \n * ['read:users', 'create:users', 'update:users']\n * );\n * \n * if (isLoading) return <div>Checking permissions...</div>;\n * if (error) return <div>Error: {error.message}</div>;\n * \n * return (\n * <div>\n * {results['read:users'] && <UserList />}\n * {results['create:users'] && <CreateUserButton />}\n * {results['update:users'] && <EditUserButton />}\n * </div>\n * );\n * }\n * ```\n */\nexport function useMultiplePermissions(\n userId: UUID, \n scope: Scope, \n permissions: Permission[],\n useCache: boolean = true\n): {\n results: Record<Permission, boolean>;\n isLoading: boolean;\n error: Error | null;\n refetch: () => Promise<void>;\n} {\n const [results, setResults] = useState<Record<Permission, boolean>>({} as Record<Permission, boolean>);\n const [isLoading, setIsLoading] = useState(true);\n const [error, setError] = useState<Error | null>(null);\n\n const checkPermissions = useCallback(async () => {\n if (!userId || permissions.length === 0) {\n setResults({} as Record<Permission, boolean>);\n setIsLoading(false);\n return;\n }\n\n try {\n setIsLoading(true);\n setError(null);\n \n const permissionResults: Record<Permission, boolean> = {} as Record<Permission, boolean>;\n \n // Check each permission\n for (const permission of permissions) {\n const result = useCache \n ? await isPermittedCached({ userId, scope, permission })\n : await isPermitted({ userId, scope, permission });\n permissionResults[permission] = result;\n }\n \n setResults(permissionResults);\n } catch (err) {\n setError(err instanceof Error ? err : new Error('Failed to check permissions'));\n setResults({} as Record<Permission, boolean>);\n } finally {\n setIsLoading(false);\n }\n }, [userId, scope.organisationId, scope.eventId, scope.appId, permissions, useCache]);\n\n useEffect(() => {\n checkPermissions();\n }, [checkPermissions]);\n\n // Memoize the return object to prevent unnecessary re-renders\n return useMemo(() => ({\n results,\n isLoading,\n error,\n refetch: checkPermissions\n }), [results, isLoading, error, checkPermissions]);\n}\n\n/**\n * Hook to check if user has any of the specified permissions\n * \n * @param userId - User ID\n * @param scope - Scope for permission checking\n * @param permissions - Array of permissions to check\n * @param useCache - Whether to use cached results\n * @returns Whether user has any of the permissions\n * \n * @example\n * ```tsx\n * function MyComponent() {\n * const { hasAny, isLoading, error } = useHasAnyPermission(\n * userId, \n * scope, \n * ['read:users', 'create:users']\n * );\n * \n * if (isLoading) return <div>Checking permissions...</div>;\n * if (error) return <div>Error: {error.message}</div>;\n * \n * return hasAny ? <UserManagementPanel /> : <div>No user permissions</div>;\n * }\n * ```\n */\nexport function useHasAnyPermission(\n userId: UUID, \n scope: Scope, \n permissions: Permission[],\n useCache: boolean = true\n): {\n hasAny: boolean;\n isLoading: boolean;\n error: Error | null;\n refetch: () => Promise<void>;\n} {\n const [hasAny, setHasAny] = useState<boolean>(false);\n const [isLoading, setIsLoading] = useState(true);\n const [error, setError] = useState<Error | null>(null);\n\n const checkAnyPermission = useCallback(async () => {\n if (!userId || permissions.length === 0) {\n setHasAny(false);\n setIsLoading(false);\n return;\n }\n\n try {\n setIsLoading(true);\n setError(null);\n \n let hasAnyPermission = false;\n \n for (const permission of permissions) {\n const result = useCache \n ? await isPermittedCached({ userId, scope, permission })\n : await isPermitted({ userId, scope, permission });\n \n if (result) {\n hasAnyPermission = true;\n break;\n }\n }\n \n setHasAny(hasAnyPermission);\n } catch (err) {\n setError(err instanceof Error ? err : new Error('Failed to check permissions'));\n setHasAny(false);\n } finally {\n setIsLoading(false);\n }\n }, [userId, scope.organisationId, scope.eventId, scope.appId, permissions, useCache]);\n\n useEffect(() => {\n checkAnyPermission();\n }, [checkAnyPermission]);\n\n // Memoize the return object to prevent unnecessary re-renders\n return useMemo(() => ({\n hasAny,\n isLoading,\n error,\n refetch: checkAnyPermission\n }), [hasAny, isLoading, error, checkAnyPermission]);\n}\n\n/**\n * Hook to check if user has all of the specified permissions\n * \n * @param userId - User ID\n * @param scope - Scope for permission checking\n * @param permissions - Array of permissions to check\n * @param useCache - Whether to use cached results\n * @returns Whether user has all of the permissions\n * \n * @example\n * ```tsx\n * function MyComponent() {\n * const { hasAll, isLoading, error } = useHasAllPermissions(\n * userId, \n * scope, \n * ['read:users', 'create:users', 'update:users']\n * );\n * \n * if (isLoading) return <div>Checking permissions...</div>;\n * if (error) return <div>Error: {error.message}</div>;\n * \n * return hasAll ? <FullUserManagementPanel /> : <div>Insufficient permissions</div>;\n * }\n * ```\n */\nexport function useHasAllPermissions(\n userId: UUID, \n scope: Scope, \n permissions: Permission[],\n useCache: boolean = true\n): {\n hasAll: boolean;\n isLoading: boolean;\n error: Error | null;\n refetch: () => Promise<void>;\n} {\n const [hasAll, setHasAll] = useState<boolean>(false);\n const [isLoading, setIsLoading] = useState(true);\n const [error, setError] = useState<Error | null>(null);\n\n const checkAllPermissions = useCallback(async () => {\n if (!userId || permissions.length === 0) {\n setHasAll(false);\n setIsLoading(false);\n return;\n }\n\n try {\n setIsLoading(true);\n setError(null);\n \n let hasAllPermissions = true;\n \n for (const permission of permissions) {\n const result = useCache \n ? await isPermittedCached({ userId, scope, permission })\n : await isPermitted({ userId, scope, permission });\n \n if (!result) {\n hasAllPermissions = false;\n break;\n }\n }\n \n setHasAll(hasAllPermissions);\n } catch (err) {\n setError(err instanceof Error ? err : new Error('Failed to check permissions'));\n setHasAll(false);\n } finally {\n setIsLoading(false);\n }\n }, [userId, scope.organisationId, scope.eventId, scope.appId, permissions, useCache]);\n\n useEffect(() => {\n checkAllPermissions();\n }, [checkAllPermissions]);\n\n // Memoize the return object to prevent unnecessary re-renders\n return useMemo(() => ({\n hasAll,\n isLoading,\n error,\n refetch: checkAllPermissions\n }), [hasAll, isLoading, error, checkAllPermissions]);\n}\n\n/**\n * Hook to get cached permissions with TTL management\n * \n * @param userId - User ID\n * @param scope - Scope for permission checking\n * @returns Cached permission state and methods\n * \n * @example\n * ```tsx\n * function MyComponent() {\n * const { permissions, isLoading, error, invalidateCache } = useCachedPermissions(userId, scope);\n * \n * if (isLoading) return <div>Loading cached permissions...</div>;\n * if (error) return <div>Error: {error.message}</div>;\n * \n * return (\n * <div>\n * {permissions['read:users'] && <UserList />}\n * <button onClick={invalidateCache}>Refresh Permissions</button>\n * </div>\n * );\n * }\n * ```\n */\nexport function useCachedPermissions(userId: UUID, scope: Scope): {\n permissions: PermissionMap;\n isLoading: boolean;\n error: Error | null;\n invalidateCache: () => void;\n refetch: () => Promise<void>;\n} {\n const [permissions, setPermissions] = useState<PermissionMap>({} as PermissionMap);\n const [isLoading, setIsLoading] = useState(true);\n const [error, setError] = useState<Error | null>(null);\n\n const fetchCachedPermissions = useCallback(async () => {\n if (!userId) {\n setPermissions({} as PermissionMap);\n setIsLoading(false);\n return;\n }\n\n try {\n setIsLoading(true);\n setError(null);\n \n const permissionMap = await getPermissionMap({ userId, scope });\n setPermissions(permissionMap);\n } catch (err) {\n setError(err instanceof Error ? err : new Error('Failed to fetch cached permissions'));\n } finally {\n setIsLoading(false);\n }\n }, [userId, scope.organisationId, scope.eventId, scope.appId]);\n\n const invalidateCache = useCallback(() => {\n // This would typically invalidate the cache in the actual implementation\n // For now, we'll just refetch\n fetchCachedPermissions();\n }, [fetchCachedPermissions]);\n\n useEffect(() => {\n fetchCachedPermissions();\n }, [fetchCachedPermissions]);\n\n // Memoize the return object to prevent unnecessary re-renders\n return useMemo(() => ({\n permissions,\n isLoading,\n error,\n invalidateCache,\n refetch: fetchCachedPermissions\n }), [permissions, isLoading, error, invalidateCache, fetchCachedPermissions]);\n}\n","/**\n * Deep equality check utility for RBAC\n * @package @jmruthers/pace-core\n * @module RBAC/Utils/DeepEqual\n * @since 2.0.0\n * \n * Provides deep equality checking for scope objects and other RBAC data structures.\n */\n\nimport { Scope } from '../types';\n\n/**\n * Deep equality check for two values\n * \n * @param a - First value\n * @param b - Second value\n * @returns True if values are deeply equal\n */\nexport function deepEqual(a: unknown, b: unknown): boolean {\n if (a === b) {\n return true;\n }\n\n if (a == null || b == null) {\n return a === b;\n }\n\n if (typeof a !== typeof b) {\n return false;\n }\n\n if (typeof a !== 'object') {\n return false;\n }\n\n if (Array.isArray(a) !== Array.isArray(b)) {\n return false;\n }\n\n if (Array.isArray(a) && Array.isArray(b)) {\n if (a.length !== b.length) {\n return false;\n }\n for (let i = 0; i < a.length; i++) {\n if (!deepEqual(a[i], b[i])) {\n return false;\n }\n }\n return true;\n }\n\n const keysA = Object.keys(a as Record<string, unknown>);\n const keysB = Object.keys(b as Record<string, unknown>);\n\n if (keysA.length !== keysB.length) {\n return false;\n }\n\n for (const key of keysA) {\n if (!keysB.includes(key)) {\n return false;\n }\n if (!deepEqual((a as Record<string, unknown>)[key], (b as Record<string, unknown>)[key])) {\n return false;\n }\n }\n\n return true;\n}\n\n/**\n * Deep equality check for Scope objects\n * \n * @param a - First scope\n * @param b - Second scope\n * @returns True if scopes are deeply equal\n */\nexport function scopeEqual(a: Scope | null | undefined, b: Scope | null | undefined): boolean {\n if (a === b) {\n return true;\n }\n\n if (a == null || b == null) {\n return a === b;\n }\n\n return (\n a.organisationId === b.organisationId &&\n a.eventId === b.eventId &&\n a.appId === b.appId\n );\n}\n\n","/**\n * @file useResourcePermissions Hook\n * @package @jmruthers/pace-core\n * @module RBAC/Hooks\n * @since 1.0.0\n * \n * Hook to check permissions for a specific resource type.\n * This hook centralizes the common pattern of checking create/update/delete/read\n * permissions, eliminating ~30 lines of boilerplate code per hook usage.\n * \n * @example\n * ```tsx\n * import { useResourcePermissions } from '@jmruthers/pace-core/rbac';\n * \n * function ContactsHook() {\n * const { canCreate, canUpdate, canDelete } = useResourcePermissions('contacts');\n * \n * const addContact = async (data: ContactData) => {\n * if (!canCreate('contacts')) {\n * throw new Error(\"Permission denied: You do not have permission to create contacts.\");\n * }\n * // ... perform mutation\n * };\n * }\n * ```\n * \n * @example\n * ```tsx\n * // With read permissions enabled\n * const { canRead } = useResourcePermissions('contacts', { enableRead: true });\n * \n * if (!canRead('contacts')) {\n * return <PermissionDenied />;\n * }\n * ```\n * \n * @security\n * - Requires organisation context (handled by useResolvedScope)\n * - All permission checks are scoped to the current organisation/event/app context\n * - Missing user context results in all permissions being denied\n */\n\nimport { useMemo } from 'react';\nimport { useUnifiedAuth } from '../../providers/services/UnifiedAuthProvider';\nimport { useOrganisations } from '../../hooks/useOrganisations';\nimport { useEvents } from '../../hooks/useEvents';\nimport { useResolvedScope } from './useResolvedScope';\nimport { useCan } from './usePermissions';\nimport type { Scope } from '../types';\n\nexport interface UseResourcePermissionsOptions {\n /** Whether to check read permissions (default: false) */\n enableRead?: boolean;\n /** Whether scope resolution is required (default: true) */\n requireScope?: boolean;\n}\n\nexport interface ResourcePermissions {\n /** Check if user can create resources of this type */\n canCreate: (resource: string) => boolean;\n /** Check if user can update resources of this type */\n canUpdate: (resource: string) => boolean;\n /** Check if user can delete resources of this type */\n canDelete: (resource: string) => boolean;\n /** Check if user can read resources of this type */\n canRead: (resource: string) => boolean;\n /** The resolved scope object (for advanced use cases) */\n scope: Scope;\n /** Whether any permission check is currently loading */\n isLoading: boolean;\n /** Error from any permission check or scope resolution */\n error: Error | null;\n}\n\n/**\n * Hook to check permissions for a specific resource\n * \n * This hook encapsulates the common pattern of checking create/update/delete/read\n * permissions for a resource type. It handles scope resolution, user context,\n * and provides a simple API for permission checking.\n * \n * **Page Permission Support:**\n * When an `appId` is available in the resolved scope, the resource name is passed\n * as `pageId` to enable page-based permission checks. This allows the hook to work\n * with both resource-based permissions (when appId is not available) and page-based\n * permissions (when appId is available and the resource is a registered page).\n * \n * The RPC function `rbac_check_permission_simplified` will automatically resolve\n * the page name to a page ID and check page permissions if the resource matches\n * a registered page in `rbac_app_pages`. If the resource is not a registered page,\n * it will fall back to resource-based permission checking.\n * \n * @param resource - The resource name (e.g., 'contacts', 'risks', 'planning')\n * Can be a resource name or a page name registered in rbac_app_pages\n * @param options - Optional configuration\n * @param options.enableRead - Whether to check read permissions (default: false)\n * @param options.requireScope - Whether scope resolution is required (default: true)\n * @returns Object with permission check functions and scope\n * \n * @example\n * ```tsx\n * function useContacts() {\n * const { canCreate, canUpdate, canDelete } = useResourcePermissions('contacts');\n * \n * const addContact = async (data: ContactData) => {\n * if (!canCreate('contacts')) {\n * throw new Error(\"Permission denied\");\n * }\n * // ... perform mutation\n * };\n * }\n * ```\n * \n * @example\n * ```tsx\n * // Works with page names when appId is available in scope\n * function usePlanning() {\n * const { canCreate, canUpdate, canDelete } = useResourcePermissions('planning');\n * \n * // Will check page permissions if 'planning' is registered in rbac_app_pages\n * // Falls back to resource permissions if not a registered page\n * const deleteItem = async (id: string) => {\n * if (!canDelete('planning')) {\n * throw new Error(\"Permission denied\");\n * }\n * // ... perform deletion\n * };\n * }\n * ```\n */\nexport function useResourcePermissions(\n resource: string,\n options: UseResourcePermissionsOptions = {}\n): ResourcePermissions {\n const { enableRead = false, requireScope = true } = options;\n\n // Get user and supabase client from UnifiedAuth\n const { user, supabase } = useUnifiedAuth();\n \n // Get selected organisation\n const { selectedOrganisation } = useOrganisations();\n \n // Get selected event (optional - wrap in try/catch)\n let selectedEvent: { event_id: string } | null = null;\n try {\n const eventsContext = useEvents();\n selectedEvent = eventsContext.selectedEvent;\n } catch (error) {\n // Event provider not available - continue without event context\n // This is expected in some apps that don't use events\n }\n\n // Resolve scope for permission checks\n const { resolvedScope, isLoading: scopeLoading, error: scopeError } = useResolvedScope({\n supabase,\n selectedOrganisationId: selectedOrganisation?.id || null,\n selectedEventId: selectedEvent?.event_id || null\n });\n\n // Create fallback scope if resolvedScope is not available\n const scope: Scope = resolvedScope || {\n organisationId: selectedOrganisation?.id || '',\n eventId: selectedEvent?.event_id || undefined,\n appId: undefined\n };\n\n // If we have an appId in scope, pass the resource name as pageId to enable page permission checks\n // The RPC function rbac_check_permission_simplified will resolve the page name to a page ID\n // and check page permissions if the resource is a registered page\n // This allows useResourcePermissions to work with both resource-based and page-based permissions\n const pageId = scope.appId ? resource : undefined;\n\n // Permission checks for create, update, delete\n const { can: canCreateResult, isLoading: createLoading, error: createError } = useCan(\n user?.id || '',\n scope,\n `create:${resource}` as const,\n pageId, // Pass resource name as pageId when appId is available to enable page permission checks\n true // useCache\n );\n\n const { can: canUpdateResult, isLoading: updateLoading, error: updateError } = useCan(\n user?.id || '',\n scope,\n `update:${resource}` as const,\n pageId, // Pass resource name as pageId when appId is available to enable page permission checks\n true // useCache\n );\n\n const { can: canDeleteResult, isLoading: deleteLoading, error: deleteError } = useCan(\n user?.id || '',\n scope,\n `delete:${resource}` as const,\n pageId, // Pass resource name as pageId when appId is available to enable page permission checks\n true // useCache\n );\n\n // Optional read permission check\n const { can: canReadResult, isLoading: readLoading, error: readError } = useCan(\n user?.id || '',\n scope,\n `read:${resource}` as const,\n pageId, // Pass resource name as pageId when appId is available to enable page permission checks\n true // useCache\n );\n\n // Aggregate loading states - any permission check or scope resolution loading\n const isLoading = useMemo(() => {\n return scopeLoading || createLoading || updateLoading || deleteLoading || (enableRead && readLoading);\n }, [scopeLoading, createLoading, updateLoading, deleteLoading, readLoading, enableRead]);\n\n // Aggregate errors - prefer scope error, then any permission error\n const error = useMemo(() => {\n if (scopeError) return scopeError;\n if (createError) return createError;\n if (updateError) return updateError;\n if (deleteError) return deleteError;\n if (enableRead && readError) return readError;\n return null;\n }, [scopeError, createError, updateError, deleteError, readError, enableRead]);\n\n // Return wrapper functions that take resource name and return permission result\n // Note: The resource parameter in the function is for consistency with the API,\n // but we're checking permissions for the resource passed to the hook\n return useMemo(() => ({\n canCreate: (res: string) => {\n // For now, we only check the resource passed to the hook\n // Future enhancement could support checking different resources\n if (res !== resource) {\n return false;\n }\n return canCreateResult;\n },\n canUpdate: (res: string) => {\n if (res !== resource) {\n return false;\n }\n return canUpdateResult;\n },\n canDelete: (res: string) => {\n if (res !== resource) {\n return false;\n }\n return canDeleteResult;\n },\n canRead: (res: string) => {\n if (!enableRead) {\n return true; // If read checking is disabled, allow read\n }\n if (res !== resource) {\n return false;\n }\n return canReadResult;\n },\n scope,\n isLoading,\n error\n }), [\n resource,\n canCreateResult,\n canUpdateResult,\n canDeleteResult,\n canReadResult,\n enableRead,\n scope,\n isLoading,\n error\n ]);\n}\n\n","/**\n * @file RBAC Role Management Hook\n * @package @jmruthers/pace-core\n * @module RBAC/Hooks\n * @since 2.1.0\n *\n * React hook for managing RBAC roles safely using RPC functions.\n * This hook provides a secure, type-safe interface for granting and revoking roles\n * that ensures proper audit trails and security checks.\n *\n * @example\n * ```tsx\n * import { useRoleManagement } from '@jmruthers/pace-core/rbac';\n *\n * function UserRolesComponent() {\n * const { \n * revokeEventAppRole, \n * grantEventAppRole,\n * grantGlobalRole,\n * revokeGlobalRole,\n * grantOrganisationRole,\n * revokeOrganisationRole,\n * isLoading, \n * error \n * } = useRoleManagement();\n *\n * // Grant a global role\n * const handleGrantGlobalRole = async () => {\n * const result = await grantGlobalRole({\n * user_id: userId,\n * role: 'super_admin'\n * });\n * if (result.success) {\n * toast({ title: 'Role granted successfully' });\n * }\n * };\n *\n * // Grant an organisation role\n * const handleGrantOrgRole = async () => {\n * const result = await grantOrganisationRole({\n * user_id: userId,\n * organisation_id: orgId,\n * role: 'org_admin'\n * });\n * if (result.success) {\n * toast({ title: 'Role granted successfully' });\n * }\n * };\n *\n * return (\n * <div>\n * <button onClick={handleGrantGlobalRole}>Grant Super Admin</button>\n * <button onClick={handleGrantOrgRole}>Grant Org Admin</button>\n * </div>\n * );\n * }\n * ```\n */\n\nimport { useState, useCallback } from 'react';\nimport { useUnifiedAuth } from '../../providers/services/UnifiedAuthProvider';\nimport type { UUID } from '../types';\n\nexport interface EventAppRoleData {\n user_id: UUID;\n organisation_id: UUID;\n event_id: string;\n app_id: UUID;\n role: 'viewer' | 'participant' | 'planner' | 'event_admin';\n}\n\nexport interface OrganisationRoleData {\n user_id: UUID;\n organisation_id: UUID;\n role: 'supporter' | 'member' | 'leader' | 'org_admin';\n}\n\nexport interface GlobalRoleData {\n user_id: UUID;\n role: 'super_admin';\n}\n\nexport interface RevokeEventAppRoleParams extends EventAppRoleData {\n revoked_by?: UUID;\n}\n\nexport interface GrantEventAppRoleParams extends EventAppRoleData {\n granted_by?: UUID;\n valid_from?: string;\n valid_to?: string | null;\n}\n\nexport interface RevokeOrganisationRoleParams extends OrganisationRoleData {\n revoked_by?: UUID;\n}\n\nexport interface GrantOrganisationRoleParams extends OrganisationRoleData {\n granted_by?: UUID;\n valid_from?: string;\n valid_to?: string | null;\n}\n\nexport interface RevokeGlobalRoleParams extends GlobalRoleData {\n revoked_by?: UUID;\n}\n\nexport interface GrantGlobalRoleParams extends GlobalRoleData {\n granted_by?: UUID;\n valid_from?: string;\n valid_to?: string | null;\n}\n\nexport interface RoleManagementResult {\n success: boolean;\n message?: string;\n error?: string;\n roleId?: UUID;\n}\n\nexport function useRoleManagement() {\n const { user, supabase } = useUnifiedAuth();\n const [isLoading, setIsLoading] = useState(false);\n const [error, setError] = useState<Error | null>(null);\n\n if (!supabase) {\n throw new Error('useRoleManagement requires a Supabase client. Ensure UnifiedAuthProvider is configured.');\n }\n\n /**\n * Revoke an event app role using the secure RPC function\n * \n * This function uses the `revoke_event_app_role` RPC which:\n * - Runs with SECURITY DEFINER privileges\n * - Includes proper permission checks\n * - Automatically populates audit fields (revoked_by, timestamps)\n * - Complies with Row-Level Security policies\n * \n * @param params - Role revocation parameters\n * @returns Promise resolving to operation result\n */\n const revokeEventAppRole = useCallback(async (\n params: RevokeEventAppRoleParams\n ): Promise<RoleManagementResult> => {\n setIsLoading(true);\n setError(null);\n\n try {\n const { data, error: rpcError } = await supabase.rpc('revoke_event_app_role', {\n p_user_id: params.user_id,\n p_organisation_id: params.organisation_id,\n p_event_id: params.event_id,\n p_app_id: params.app_id,\n p_role: params.role,\n p_revoked_by: params.revoked_by || user?.id || undefined\n });\n\n if (rpcError) {\n throw new Error(rpcError.message || 'Failed to revoke role');\n }\n\n return {\n success: data === true,\n message: data === true ? 'Role revoked successfully' : 'No role found to revoke',\n error: data === false ? 'No matching role found' : undefined\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';\n setError(err instanceof Error ? err : new Error(errorMessage));\n return {\n success: false,\n error: errorMessage\n };\n } finally {\n setIsLoading(false);\n }\n }, [user?.id]);\n\n /**\n * Grant an event app role using the secure RPC function\n * \n * This function uses the `grant_event_app_role` RPC which:\n * - Runs with SECURITY DEFINER privileges\n * - Includes proper permission checks\n * - Automatically populates audit fields (granted_by, timestamps)\n * - Complies with Row-Level Security policies\n * \n * @param params - Role grant parameters\n * @returns Promise resolving to operation result with role ID\n */\n const grantEventAppRole = useCallback(async (\n params: GrantEventAppRoleParams\n ): Promise<RoleManagementResult> => {\n setIsLoading(true);\n setError(null);\n\n try {\n const { data, error: rpcError } = await supabase.rpc('grant_event_app_role', {\n p_user_id: params.user_id,\n p_organisation_id: params.organisation_id,\n p_event_id: params.event_id,\n p_app_id: params.app_id,\n p_role: params.role,\n p_granted_by: params.granted_by || user?.id || undefined,\n p_valid_from: params.valid_from,\n p_valid_to: params.valid_to\n });\n\n if (rpcError) {\n throw new Error(rpcError.message || 'Failed to grant role');\n }\n\n if (!data) {\n return {\n success: false,\n error: 'Failed to grant role - no role ID returned'\n };\n }\n\n return {\n success: true,\n message: 'Role granted successfully',\n roleId: data as UUID\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';\n setError(err instanceof Error ? err : new Error(errorMessage));\n return {\n success: false,\n error: errorMessage\n };\n } finally {\n setIsLoading(false);\n }\n }, [user?.id]);\n\n /**\n * Revoke an event app role by role ID (alternative method)\n * \n * This fetches the role by ID first to get the required context (role name, event_id, app_id),\n * then uses the unified `rbac_role_revoke` function to revoke it.\n * \n * @param roleId - The role ID to revoke\n * @returns Promise resolving to operation result\n */\n const revokeRoleById = useCallback(async (\n roleId: UUID\n ): Promise<RoleManagementResult> => {\n setIsLoading(true);\n setError(null);\n\n try {\n // First, fetch the role by ID to get the required context\n const { data: roleData, error: fetchError } = await supabase\n .from('rbac_event_app_roles')\n .select('user_id, role, event_id, app_id')\n .eq('id', roleId)\n .single();\n\n if (fetchError || !roleData) {\n throw new Error(fetchError?.message || 'Role not found');\n }\n\n // Construct context_id in the format required by rbac_role_revoke: \"event_id:app_id\"\n const contextId = `${roleData.event_id}:${roleData.app_id}`;\n\n // Now call rbac_role_revoke with the required parameters\n const { data, error: rpcError } = await supabase.rpc('rbac_role_revoke', {\n p_user_id: roleData.user_id,\n p_role_type: 'event_app',\n p_role_name: roleData.role,\n p_context_id: contextId,\n p_revoked_by: user?.id || undefined\n });\n\n if (rpcError) {\n throw new Error(rpcError.message || 'Failed to revoke role');\n }\n\n // rbac_role_revoke returns a table with success, message, revoked_count, error_code\n const result = Array.isArray(data) && data.length > 0 ? data[0] : null;\n\n return {\n success: result?.success === true,\n message: result?.message || undefined,\n error: result?.success === false ? (result?.message || result?.error_code || 'Unknown error') : undefined\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';\n setError(err instanceof Error ? err : new Error(errorMessage));\n return {\n success: false,\n error: errorMessage\n };\n } finally {\n setIsLoading(false);\n }\n }, [user?.id, supabase]);\n\n /**\n * Grant a global role using the unified RPC function\n * \n * This function uses the `rbac_role_grant` RPC which:\n * - Runs with SECURITY DEFINER privileges\n * - Includes proper permission checks\n * - Automatically populates audit fields (granted_by, timestamps)\n * - Complies with Row-Level Security policies\n * \n * @param params - Role grant parameters\n * @returns Promise resolving to operation result with role ID\n */\n const grantGlobalRole = useCallback(async (\n params: GrantGlobalRoleParams\n ): Promise<RoleManagementResult> => {\n setIsLoading(true);\n setError(null);\n\n try {\n const { data, error: rpcError } = await supabase.rpc('rbac_role_grant', {\n p_user_id: params.user_id,\n p_role_type: 'global',\n p_role_name: params.role,\n p_context_id: null, // Global roles don't need context\n p_granted_by: params.granted_by || user?.id || undefined\n });\n\n if (rpcError) {\n throw new Error(rpcError.message || 'Failed to grant role');\n }\n\n // rbac_role_grant returns a table with success, message, role_id, error_code\n const result = Array.isArray(data) && data.length > 0 ? data[0] : null;\n\n if (!result || !result.success) {\n return {\n success: false,\n error: result?.message || result?.error_code || 'Failed to grant role',\n message: result?.message\n };\n }\n\n return {\n success: true,\n message: result.message || 'Role granted successfully',\n roleId: result.role_id\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';\n setError(err instanceof Error ? err : new Error(errorMessage));\n return {\n success: false,\n error: errorMessage\n };\n } finally {\n setIsLoading(false);\n }\n }, [user?.id, supabase]);\n\n /**\n * Revoke a global role using the unified RPC function\n * \n * This function uses the `rbac_role_revoke` RPC which:\n * - Runs with SECURITY DEFINER privileges\n * - Includes proper permission checks\n * - Automatically populates audit fields (revoked_by, timestamps)\n * - Complies with Row-Level Security policies\n * \n * @param params - Role revocation parameters\n * @returns Promise resolving to operation result\n */\n const revokeGlobalRole = useCallback(async (\n params: RevokeGlobalRoleParams\n ): Promise<RoleManagementResult> => {\n setIsLoading(true);\n setError(null);\n\n try {\n const { data, error: rpcError } = await supabase.rpc('rbac_role_revoke', {\n p_user_id: params.user_id,\n p_role_type: 'global',\n p_role_name: params.role,\n p_context_id: null, // Global roles don't need context\n p_revoked_by: params.revoked_by || user?.id || undefined\n });\n\n if (rpcError) {\n throw new Error(rpcError.message || 'Failed to revoke role');\n }\n\n // rbac_role_revoke returns a table with success, message, revoked_count, error_code\n const result = Array.isArray(data) && data.length > 0 ? data[0] : null;\n\n return {\n success: result?.success === true,\n message: result?.message || undefined,\n error: result?.success === false ? (result?.message || result?.error_code || 'Unknown error') : undefined\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';\n setError(err instanceof Error ? err : new Error(errorMessage));\n return {\n success: false,\n error: errorMessage\n };\n } finally {\n setIsLoading(false);\n }\n }, [user?.id, supabase]);\n\n /**\n * Grant an organisation role using the unified RPC function\n * \n * This function uses the `rbac_role_grant` RPC which:\n * - Runs with SECURITY DEFINER privileges\n * - Includes proper permission checks\n * - Automatically populates audit fields (granted_by, timestamps)\n * - Complies with Row-Level Security policies\n * \n * @param params - Role grant parameters\n * @returns Promise resolving to operation result with role ID\n */\n const grantOrganisationRole = useCallback(async (\n params: GrantOrganisationRoleParams\n ): Promise<RoleManagementResult> => {\n setIsLoading(true);\n setError(null);\n\n try {\n const { data, error: rpcError } = await supabase.rpc('rbac_role_grant', {\n p_user_id: params.user_id,\n p_role_type: 'organisation',\n p_role_name: params.role,\n p_context_id: params.organisation_id, // Organisation ID as context\n p_granted_by: params.granted_by || user?.id || undefined\n });\n\n if (rpcError) {\n throw new Error(rpcError.message || 'Failed to grant role');\n }\n\n // rbac_role_grant returns a table with success, message, role_id, error_code\n const result = Array.isArray(data) && data.length > 0 ? data[0] : null;\n\n if (!result || !result.success) {\n return {\n success: false,\n error: result?.message || result?.error_code || 'Failed to grant role',\n message: result?.message\n };\n }\n\n return {\n success: true,\n message: result.message || 'Role granted successfully',\n roleId: result.role_id\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';\n setError(err instanceof Error ? err : new Error(errorMessage));\n return {\n success: false,\n error: errorMessage\n };\n } finally {\n setIsLoading(false);\n }\n }, [user?.id, supabase]);\n\n /**\n * Revoke an organisation role using the unified RPC function\n * \n * This function uses the `rbac_role_revoke` RPC which:\n * - Runs with SECURITY DEFINER privileges\n * - Includes proper permission checks\n * - Automatically populates audit fields (revoked_by, timestamps)\n * - Complies with Row-Level Security policies\n * \n * @param params - Role revocation parameters\n * @returns Promise resolving to operation result\n */\n const revokeOrganisationRole = useCallback(async (\n params: RevokeOrganisationRoleParams\n ): Promise<RoleManagementResult> => {\n setIsLoading(true);\n setError(null);\n\n try {\n const { data, error: rpcError } = await supabase.rpc('rbac_role_revoke', {\n p_user_id: params.user_id,\n p_role_type: 'organisation',\n p_role_name: params.role,\n p_context_id: params.organisation_id, // Organisation ID as context\n p_revoked_by: params.revoked_by || user?.id || undefined\n });\n\n if (rpcError) {\n throw new Error(rpcError.message || 'Failed to revoke role');\n }\n\n // rbac_role_revoke returns a table with success, message, revoked_count, error_code\n const result = Array.isArray(data) && data.length > 0 ? data[0] : null;\n\n return {\n success: result?.success === true,\n message: result?.message || undefined,\n error: result?.success === false ? (result?.message || result?.error_code || 'Unknown error') : undefined\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';\n setError(err instanceof Error ? err : new Error(errorMessage));\n return {\n success: false,\n error: errorMessage\n };\n } finally {\n setIsLoading(false);\n }\n }, [user?.id, supabase]);\n\n return {\n // Event app roles (existing)\n revokeEventAppRole,\n grantEventAppRole,\n revokeRoleById,\n // Global roles (new)\n grantGlobalRole,\n revokeGlobalRole,\n // Organisation roles (new)\n grantOrganisationRole,\n revokeOrganisationRole,\n // Shared state\n isLoading,\n error\n };\n}\n\n","/**\n * @file Secure Supabase Client Hook\n * @package @jmruthers/pace-core\n * @module RBAC/Hooks\n * @since 1.0.0\n *\n * React hook for getting a secure Supabase client with automatic context injection\n * and caching to prevent multiple client instances.\n *\n * ## Overview\n *\n * This hook provides a secure Supabase client that automatically injects\n * organisation and event context for all database operations, while preventing\n * the creation of multiple Supabase client instances (which causes the\n * \"Multiple GoTrueClient instances\" warning).\n *\n * ## Features\n *\n * - **Automatic Context Injection**: Organisation, event, and app context are\n * automatically injected into all database queries\n * - **Client Instance Caching**: Prevents creating duplicate Supabase clients\n * for the same context, eliminating the \"Multiple GoTrueClient instances\" warning\n * - **Automatic Fallback**: Falls back to base client when context is unavailable\n * - **Type-Safe**: Full TypeScript support with proper type inference\n *\n * ## Usage\n *\n * ### Basic Usage\n *\n * ```tsx\n * import { useSecureSupabase } from '@jmruthers/pace-core/rbac';\n *\n * function MyComponent() {\n * const supabase = useSecureSupabase();\n *\n * if (!supabase) {\n * return <div>Loading context...</div>;\n * }\n *\n * const fetchData = async () => {\n * const { data, error } = await supabase\n * .from('users')\n * .select('*');\n * // Organisation context is automatically injected\n * };\n *\n * return <div>...</div>;\n * }\n * ```\n *\n * ### With Base Client Fallback\n *\n * ```tsx\n * import { useSecureSupabase } from '@jmruthers/pace-core/rbac';\n * import { supabase } from './lib/supabase';\n *\n * function MyComponent() {\n * // Provide base client as fallback\n * const secureSupabase = useSecureSupabase(supabase);\n *\n * // secureSupabase will be the secure client when context is available,\n * // or the base client when context is unavailable\n * }\n * ```\n *\n * ## How It Works\n *\n * 1. **Context Resolution**: The hook uses `useResolvedScope` to get the current\n * organisation, event, and app context\n * 2. **Client Caching**: Clients are cached by context key (organisationId-eventId-appId)\n * to prevent duplicate instances\n * 3. **Automatic Injection**: The secure client automatically injects context headers\n * into all database operations\n * 4. **Fallback Behavior**: When context is unavailable or event is loading, the hook\n * returns the base client (or null if no base client provided)\n *\n * ## Security\n *\n * - **Organisation Context Enforcement**: All queries automatically include organisation\n * context, preventing cross-organisation data access\n * - **Event Context Injection**: Event context is automatically included when available\n * - **App Context Support**: App context is included when resolved from scope\n *\n * ## Performance\n *\n * - **Client Instance Caching**: Prevents creating multiple Supabase clients for the\n * same context, reducing memory usage and eliminating the \"Multiple GoTrueClient\n * instances\" warning\n * - **Cache Management**: Automatically cleans up old cache entries (keeps last 5)\n * to prevent memory leaks\n * - **Stable References**: Returns stable client references to prevent unnecessary\n * re-renders in consuming components\n *\n * ## Requirements\n *\n * - Must be used within `UnifiedAuthProvider` context\n * - Requires `useOrganisations` and `useEvents` hooks to be available\n * - Environment variables `VITE_SUPABASE_URL` and `VITE_SUPABASE_PUBLISHABLE_KEY` must be set\n * (or `NEXT_PUBLIC_SUPABASE_URL` and `NEXT_PUBLIC_SUPABASE_ANON_KEY` for Next.js)\n *\n * ## See Also\n *\n * - {@link SecureSupabaseClient} - The underlying secure client class\n * - {@link createSecureClient} - Function to create secure clients manually\n * - {@link useResolvedScope} - Hook for resolving RBAC scope\n *\n * @security\n * - Enforces organisation context on all queries\n * - Prevents cross-organisation data access\n * - Automatic context injection\n *\n * @performance\n * - Client instance caching prevents duplicate creation\n * - Reuses cached clients for same context\n * - Automatic cache cleanup\n */\n\nimport { useMemo, useRef } from 'react';\nimport { useUnifiedAuth } from '../../providers/services/UnifiedAuthProvider';\nimport { useOrganisations } from '../../hooks/useOrganisations';\nimport { useEvents } from '../../hooks/useEvents';\nimport { useResolvedScope } from './useResolvedScope';\nimport { useOrganisationSecurity } from '../../hooks/useOrganisationSecurity';\nimport { createSecureClient, SecureSupabaseClient } from '../secureClient';\nimport type { Database } from '../../types/database';\nimport type { SupabaseClient } from '@supabase/supabase-js';\nimport { logger } from '../../utils/core/logger';\n\n// Cache secure clients by context to prevent creating multiple instances\n// This prevents the \"Multiple GoTrueClient instances\" warning\nconst secureClientCache = new Map<string, SecureSupabaseClient>();\n\n// Maximum cache size to prevent memory leaks\nconst MAX_CACHE_SIZE = 5;\n\n/**\n * Get cache key for secure client based on context\n * CRITICAL: Must include isSuperAdmin in cache key to ensure correct filtering behavior\n */\nfunction getCacheKey(\n organisationId: string,\n eventId: string | undefined,\n appId: string | undefined,\n isSuperAdmin: boolean\n): string {\n return `${organisationId}-${eventId || 'no-event'}-${appId || 'no-app'}-${isSuperAdmin ? 'super' : 'regular'}`;\n}\n\n/**\n * Get Supabase URL and key from environment\n */\nfunction getSupabaseConfig(): { url: string; key: string } | null {\n // Try to get from environment variables\n const getEnvVar = (key: string): string | undefined => {\n if (typeof import.meta !== 'undefined' && (import.meta as any).env) {\n return (import.meta as any).env[key];\n }\n if (typeof process !== 'undefined' && process.env) {\n return process.env[key];\n }\n return undefined;\n };\n\n const supabaseUrl = getEnvVar('VITE_SUPABASE_URL') || \n getEnvVar('NEXT_PUBLIC_SUPABASE_URL') || \n null;\n \n const supabaseKey = getEnvVar('VITE_SUPABASE_PUBLISHABLE_KEY') || \n getEnvVar('NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY') || \n null;\n\n if (!supabaseUrl || !supabaseKey) {\n return null;\n }\n\n return { url: supabaseUrl, key: supabaseKey };\n}\n\n/**\n * Hook to get a secure Supabase client with automatic context injection\n * \n * Returns a secure client when organisation context is available,\n * otherwise returns null. The client automatically injects organisation\n * and event context into all database operations.\n * \n * Uses caching to prevent creating multiple Supabase client instances,\n * which causes the \"Multiple GoTrueClient instances\" warning.\n * \n * @param baseClient - Optional base Supabase client to use as fallback\n * @returns Secure Supabase client or null if context is not available\n * \n * @example\n * ```tsx\n * import { useSecureSupabase } from '@jmruthers/pace-core/rbac';\n * \n * function MyComponent() {\n * const supabase = useSecureSupabase();\n * \n * if (!supabase) {\n * return <div>Loading context...</div>;\n * }\n * \n * // Use supabase client - organisation context is automatically injected\n * const { data } = await supabase.from('users').select('*');\n * }\n * ```\n */\nexport function useSecureSupabase(\n baseClient?: SupabaseClient<Database> | null\n): SupabaseClient<Database> | null {\n const { user, supabase: authSupabase } = useUnifiedAuth();\n const { selectedOrganisation } = useOrganisations();\n const eventsContext = useEvents();\n const { selectedEvent } = eventsContext;\n const eventLoading = 'eventLoading' in eventsContext ? eventsContext.eventLoading : false;\n \n // Check super admin status for conditional filtering\n // Use verified status from useOrganisationSecurity which checks the database\n const { superAdminContext } = useOrganisationSecurity();\n const isSuperAdmin = superAdminContext.isSuperAdmin;\n\n // Resolve scope to get appId\n const { resolvedScope } = useResolvedScope({\n supabase: authSupabase || null,\n selectedOrganisationId: selectedOrganisation?.id || null,\n selectedEventId: selectedEvent?.event_id || null\n });\n\n // Track previous context to detect changes\n const prevContextRef = useRef<{\n organisationId: string | undefined;\n eventId: string | undefined;\n appId: string | undefined;\n }>({\n organisationId: undefined,\n eventId: undefined,\n appId: undefined\n });\n\n return useMemo(() => {\n // If event is loading, return base client or null to avoid recreating client unnecessarily\n if (eventLoading) {\n return baseClient || authSupabase || null;\n }\n \n // Use resolved scope to get organisationId (derived from event if needed)\n // For event-required apps, resolvedScope.organisationId is derived from event\n // For org-required apps, resolvedScope.organisationId comes from selectedOrganisation\n const organisationId = resolvedScope?.organisationId;\n const eventId = resolvedScope?.eventId || selectedEvent?.event_id;\n const appId = resolvedScope?.appId;\n \n // If we have organisation context (from resolved scope), create or reuse a secure client\n if (organisationId && user?.id) {\n // Update previous context\n prevContextRef.current = { organisationId, eventId, appId };\n\n // Check cache first (must include isSuperAdmin in key for correct filtering)\n const cacheKey = getCacheKey(organisationId, eventId, appId, isSuperAdmin);\n const cachedClient = secureClientCache.get(cacheKey);\n\n if (cachedClient) {\n // Reuse cached client - prevents creating multiple instances\n return cachedClient.getClient();\n }\n\n // Get Supabase configuration\n const config = getSupabaseConfig();\n if (!config || !config.url || !config.key) {\n logger.warn('useSecureSupabase', 'Missing Supabase environment variables. Falling back to base client.', {\n note: 'Ensure VITE_SUPABASE_URL and VITE_SUPABASE_PUBLISHABLE_KEY are set in your environment.'\n });\n return baseClient || authSupabase || null;\n }\n\n try {\n const secureClient = createSecureClient(\n config.url,\n config.key,\n organisationId as any, // organisationId is string, UUID is string alias\n eventId,\n appId as any, // appId is string | undefined, UUID is string alias\n isSuperAdmin // Pass super admin status for conditional filtering\n );\n\n // Cache the client for reuse\n secureClientCache.set(cacheKey, secureClient);\n\n // Clean up old cache entries to prevent memory leaks\n if (secureClientCache.size > MAX_CACHE_SIZE) {\n const firstKey = secureClientCache.keys().next().value;\n if (firstKey) {\n secureClientCache.delete(firstKey);\n }\n }\n\n // Return the underlying client for compatibility\n return secureClient.getClient();\n } catch (error) {\n logger.error('useSecureSupabase', 'Failed to create secure client', error);\n // Fallback to base client\n return baseClient || authSupabase || null;\n }\n }\n\n // Fallback to base client when context is not available\n return baseClient || authSupabase || null;\n }, [\n resolvedScope?.organisationId,\n resolvedScope?.eventId,\n resolvedScope?.appId,\n selectedEvent?.event_id,\n user?.id,\n eventLoading,\n isSuperAdmin,\n baseClient,\n authSupabase\n ]);\n}\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAUA,SAAS,oBAAoC;AActC,IAAM,uBAAN,MAAM,sBAAqB;AAAA,EAUhC,YACE,aACA,aACA,gBACA,SACA,OACA,eAAwB,OACxB;AAfF,SAAQ,qBAAsD;AAgB5D,SAAK,cAAc;AACnB,SAAK,cAAc;AACnB,SAAK,iBAAiB;AACtB,SAAK,UAAU;AACf,SAAK,QAAQ;AACb,SAAK,eAAe;AAKpB,SAAK,WAAW,aAAuB,aAAa,aAAa;AAAA,MAC/D,QAAQ;AAAA,QACN,SAAS;AAAA,UACP,qBAAqB;AAAA,UACrB,cAAc,WAAW;AAAA,UACzB,YAAY,SAAS;AAAA,QACvB;AAAA,MACF;AAAA,IACF,CAAC;AAGD,SAAK,sBAAsB;AAI3B,SAAK,0BAA0B;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKQ,wBAAwB;AAC9B,UAAM,eAAe,KAAK,SAAS,KAAK,KAAK,KAAK,QAAQ;AAE1D,IAAC,KAAK,SAAiB,OAAO,CAAC,UAAuB;AAEpD,WAAK,gBAAgB;AAGrB,YAAM,QAAQ,aAAa,KAAY;AAGvC,MAAC,MAAc,aAAa;AAG5B,aAAO,KAAK,cAAc,OAAO,KAAK;AAAA,IACxC;AAEA,UAAM,cAAc,KAAK,SAAS,IAAI,KAAK,KAAK,QAAQ;AAKxD,IAAC,KAAK,SAAiB,MAAM,CAAC,IAAY,MAAY,YAAuB;AAE3E,WAAK,gBAAgB;AAGrB,YAAM,cAAc;AAAA,QAClB,GAAG;AAAA,QACH,mBAAmB,KAAK;AAAA,QACxB,YAAY,KAAK;AAAA,QACjB,UAAU,KAAK;AAAA,MACjB;AAEA,aAAO,YAAY,IAAW,aAAa,OAAO;AAAA,IACpD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWQ,4BAA4B;AAKlC,SAAK,qBAAqB,aAAuB,KAAK,aAAa,KAAK,WAAW;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,wBAAkD;AAChD,WAAO,KAAK,sBAAsB,KAAK;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKQ,cAAc,OAAY,WAAmB;AACnD,UAAM,iBAAiB,MAAM,OAAO,KAAK,KAAK;AAC9C,UAAM,iBAAiB,MAAM,OAAO,KAAK,KAAK;AAC9C,UAAM,iBAAiB,MAAM,OAAO,KAAK,KAAK;AAC9C,UAAM,iBAAiB,MAAM,OAAO,KAAK,KAAK;AAG9C,UAAM,SAAS,CAAC,YAAqB;AACnC,YAAM,SAAS,eAAe,OAAO;AACrC,aAAO,KAAK,sBAAsB,QAAQ,SAAS;AAAA,IACrD;AAGA,UAAM,SAAS,CAAC,WAAgB;AAE9B,YAAM,8BAA8B;AAAA,QAClC;AAAA;AAAA,QACA;AAAA;AAAA,QACA;AAAA;AAAA,QACA;AAAA;AAAA,MACF;AAGA,UAAI,4BAA4B,SAAS,SAAS,GAAG;AACnD,eAAO,eAAe,MAAM;AAAA,MAC9B;AAIA,UAAI,cAAc,sBAAsB;AACtC,YAAI,KAAK,cAAc;AAErB,iBAAO,eAAe,MAAM;AAAA,QAC9B;AAEA,cAAMA,iBAAgB,MAAM,QAAQ,MAAM,IACtC,OAAO,IAAI,QAAM,EAAE,GAAG,GAAG,iBAAiB,KAAK,eAAe,EAAE,IAChE,EAAE,GAAG,QAAQ,iBAAiB,KAAK,eAAe;AACtD,eAAO,eAAeA,cAAa;AAAA,MACrC;AAGA,YAAM,gBAAgB,MAAM,QAAQ,MAAM,IACtC,OAAO,IAAI,QAAM,EAAE,GAAG,GAAG,iBAAiB,KAAK,eAAe,EAAE,IAChE,EAAE,GAAG,QAAQ,iBAAiB,KAAK,eAAe;AAEtD,aAAO,eAAe,aAAa;AAAA,IACrC;AAGA,UAAM,SAAS,CAAC,WAAgB;AAC9B,YAAM,SAAS,eAAe,MAAM;AACpC,aAAO,KAAK,sBAAsB,QAAQ,SAAS;AAAA,IACrD;AAGA,UAAM,SAAS,MAAM;AACnB,YAAM,SAAS,eAAe;AAC9B,aAAO,KAAK,sBAAsB,QAAQ,SAAS;AAAA,IACrD;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBQ,sBAAsB,OAAY,WAAmB;AAE3D,UAAM,8BAA8B;AAAA,MAClC;AAAA;AAAA,MACA;AAAA;AAAA,MACA;AAAA;AAAA,MACA;AAAA;AAAA,IACF;AAGA,QAAI,4BAA4B,SAAS,SAAS,GAAG;AACnD,aAAO;AAAA,IACT;AAGA,QAAI,CAAC,KAAK,gBAAgB;AACxB,aAAO;AAAA,IACT;AAGA,QAAI,cAAc,sBAAsB;AAGtC,UAAI,KAAK,cAAc;AACrB,eAAO;AAAA,MACT;AAEA,aAAO,MAAM,GAAG,mBAAmB,KAAK,cAAc;AAAA,IACxD;AAIA,QAAI,KAAK,cAAc;AAIrB,aAAO,MAAM,GAAG,mBAAmB,KAAK,cAAc;AAAA,IACxD;AAGA,WAAO,MAAM,GAAG,mBAAmB,KAAK,cAAc;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB;AACxB,QAAI,CAAC,KAAK,gBAAgB;AACxB,YAAM,IAAI,iCAAiC;AAAA,IAC7C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,oBAA0B;AACxB,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,aAAiC;AAC/B,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,WAA6B;AAC3B,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,SAKa;AACvB,WAAO,IAAI;AAAA,MACT,KAAK;AAAA,MACL,KAAK;AAAA,MACL,QAAQ,kBAAkB,KAAK;AAAA,MAC/B,QAAQ,YAAY,SAAY,QAAQ,UAAU,KAAK;AAAA,MACvD,QAAQ,UAAU,SAAY,QAAQ,QAAQ,KAAK;AAAA,MACnD,QAAQ,iBAAiB,SAAY,QAAQ,eAAe,KAAK;AAAA,IACnE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAsC;AAGpC,WAAO,IAAI,MAAM,KAAK,UAAU;AAAA,MAC9B,KAAK,CAAC,QAAQ,SAAS;AACrB,YAAI,SAAS,eAAe,KAAK,oBAAoB;AAGnD,iBAAO,KAAK,mBAAmB;AAAA,QACjC;AAEA,eAAQ,OAAe,IAAI;AAAA,MAC7B;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAyBO,SAAS,mBACd,aACA,aACA,gBACA,SACA,OACA,eAAwB,OACF;AACtB,SAAO,IAAI,qBAAqB,aAAa,aAAa,gBAAgB,SAAS,OAAO,YAAY;AACxG;AAWO,SAAS,mBACd,QACA,gBACA,SACA,OACsB;AAGtB,QAAM,IAAI,MAAM,sEAAsE;AACxF;;;ACnXA,SAAS,UAAU,WAAW,aAAa,eAAe;AAuB1D,SAAS,0BAA0B,OAA2C;AAC5E,UAAQ,OAAO;AAAA,IACb,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,IACT;AACE,aAAO;AAAA,EACX;AACF;AAEO,SAAS,QAAQ,QAAkC;AACxD,QAAMC,UAAS,cAAc;AAG7B,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP;AAAA,IACA,gBAAgB;AAAA,IAChB,qBAAqB;AAAA,IACrB;AAAA,IACA;AAAA,EACF,IAAI,eAAe;AAInB,QAAM,CAAC,YAAY,aAAa,IAAI,SAA4B,IAAI;AACpE,QAAM,CAAC,kBAAkB,mBAAmB,IAAI,SAAkC,IAAI;AACtF,QAAM,CAAC,cAAc,eAAe,IAAI,SAA8B,IAAI;AAC1E,QAAM,CAAC,eAAe,gBAAgB,IAAI,SAAwB,CAAC,CAAkB;AACrF,QAAM,CAAC,cAAc,eAAe,IAAI,SAAuB,IAAI;AACnE,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,KAAK;AAChD,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAuB,IAAI;AAErD,QAAM,aAAa,YAAY,MAAM;AACnC,kBAAc,IAAI;AAClB,wBAAoB,IAAI;AACxB,oBAAgB,IAAI;AACpB,qBAAiB,CAAC,CAAkB;AACpC,oBAAgB,IAAI;AAAA,EACtB,GAAG,CAAC,CAAC;AAEL,QAAM,kBAAkB,YAAY,YAAY;AAE9C,QAAI,CAAC,QAAQ,CAAC,SAAS;AACrB,iBAAW;AACX,mBAAa,KAAK;AAClB;AAAA,IACF;AAKA,UAAM,eAAsB;AAAA,MAC1B,gBAAgB,WAAW,iBACtB,eAAe,mBAAmB,sBAAsB,KACzD,sBAAsB;AAAA,MAC1B,SAAS,eAAe,YAAY;AAAA,MACpC,OAAO;AAAA,IACT;AAGA,UAAM,eAAe,iBAAiB;AAAA,MACpC;AAAA,MACA;AAAA,MACA;AAAA,MACA,CAAC,CAAC;AAAA,MACF,CAAC,CAAC;AAAA,IACJ;AAGA,QAAI,YAAY,YAAY,YAAY,WAAW,CAAC,cAAc;AAEhE,mBAAa,IAAI;AACjB;AAAA,IACF;AAEA,iBAAa,IAAI;AACjB,aAAS,IAAI;AAIb,QAAI;AACF,UAAI,QAA0B;AAE9B,UAAI,WAAW,CAAC,OAAO;AAErB,YAAI;AACF,gBAAM,WAAW,MAAM,kBAAkB,EAAE,QAAQ,KAAK,IAAY,QAAQ,CAAC;AAE7E,cAAI,CAAC,UAAU;AACb,gBAAI,YAAY,YAAY,YAAY,SAAS;AAE/C,kBAAI;AACF,sBAAM,EAAE,mBAAmB,IAAI,MAAM,OAAO,mBAAQ;AACpD,sBAAM,mBAAmB,OAAO;AAAA,cAElC,SAAS,KAAK;AAAA,cAEd;AAAA,YACF,OAAO;AACL,oBAAM,IAAI,MAAM,qCAAqC,OAAO,GAAG;AAAA,YACjE;AAAA,UACF,WAAW,CAAC,SAAS,aAAa,YAAY,YAAY,YAAY,SAAS;AAC7E,kBAAM,IAAI,MAAM,qCAAqC,OAAO,GAAG;AAAA,UACjE,OAAO;AACL,oBAAQ,SAAS;AAAA,UACnB;AAAA,QACF,SAAS,UAAe;AAEtB,cAAI,UAAU,SAAS,SAAS,cAAc,KAAK,UAAU,SAAS,SAAS,OAAO,GAAG;AACvF,YAAAA,QAAO,KAAK,wGAAwG;AAAA,cAClH;AAAA,cACA,OAAO,SAAS;AAAA,cAChB;AAAA,cACA,kBAAkB,CAAC,CAAC;AAAA,YACtB,CAAC;AAED,yBAAa,KAAK;AAClB;AAAA,UACF;AAEA,cAAI,YAAY,YAAY,YAAY,SAAS;AAAA,UAEjD,OAAO;AAEL,kBAAM;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAGA,YAAM,QAAe;AAAA,QACnB,GAAG;AAAA,QACH,OAAO,SAAS;AAAA,MAClB;AAIA,YAAM,aAAa,MAAM,iBAAiB;AAAA,QACxC;AAAA,QACA;AAAA,QACA;AAAA,QACA,YAAY;AAAA,MACd;AAEA,UAAI,CAAC,WAAW,WAAW,CAAC,WAAW,eAAe;AACpD,cAAM,WAAW,SAAS,IAAI,MAAM,2BAA2B;AAAA,MACjE;AAEA,YAAM,gBAAgB,WAAW;AACjC,sBAAgB,aAAa;AAG7B,YAAM,CAAC,KAAK,aAAa,WAAW,IAAI,MAAM,QAAQ,IAAI;AAAA,QACxD,iBAAiB,EAAE,QAAQ,KAAK,IAAY,OAAO,cAAc,GAAG,WAAW,OAAO;AAAA,QACtF,eAAe,EAAE,QAAQ,KAAK,IAAY,OAAO,cAAc,GAAG,WAAW,OAAO;AAAA,QACpF,eAAe,EAAE,QAAQ,KAAK,IAAY,OAAO,cAAc,GAAG,WAAW,OAAO;AAAA,MACtF,CAAC;AAED,uBAAiB,GAAG;AACpB,oBAAc,YAAY,UAAU;AACpC,0BAAoB,YAAY,gBAAgB;AAChD,sBAAgB,YAAY,gBAAgB,0BAA0B,WAAW,CAAC;AAGlF,YAAM,kBAAkB,OAAO,KAAK,GAAG,EAAE;AACzC,UAAI,oBAAoB,GAAG;AACzB,QAAAA,QAAO,KAAK,4DAA4D;AAAA,UACtE;AAAA,UACA,gBAAgB,cAAc;AAAA,UAC9B,SAAS,cAAc;AAAA,QACzB,CAAC;AAAA,MACH;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,eAAe,eAAe,QAAQ,MAAM,IAAI,MAAM,6BAA6B;AACzF,MAAAA,QAAO,MAAM,yCAAyC,YAAY;AAClE,eAAS,YAAY;AACrB,iBAAW;AAAA,IACb,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,SAASA,SAAQ,YAAY,eAAe,UAAU,sBAAsB,IAAI,SAAS,MAAM,cAAc,WAAW,iBAAiB,UAAU,CAAC;AAExJ,QAAM,sBAAsB;AAAA,IAC1B,CAAC,eAAgC;AAC/B,UAAI,eAAe,iBAAiB,cAAc,GAAG,GAAG;AACtD,eAAO;AAAA,MACT;AAEA,UAAI,eAAe,eAAe;AAChC,eAAO,eAAe;AAAA,MACxB;AAEA,UAAI,eAAe,aAAa;AAC9B,eAAO,qBAAqB;AAAA,MAC9B;AAEA,aAAO,cAAc,UAAwB,MAAM;AAAA,IACrD;AAAA,IACA,CAAC,YAAY,kBAAkB,aAAa;AAAA,EAC9C;AAEA,QAAM,eAAe,QAAQ,MAAM,eAAe,iBAAiB,cAAc,GAAG,MAAM,MAAM,CAAC,YAAY,aAAa,CAAC;AAC3H,QAAM,aAAa,QAAQ,MAAM,qBAAqB,eAAe,cAAc,CAAC,kBAAkB,YAAY,CAAC;AACnH,QAAM,eAAe,QAAQ,MAAM,iBAAiB,iBAAiB,cAAc,CAAC,cAAc,YAAY,CAAC;AAC/G,QAAM,wBAAwB,QAAQ,MAAM,gBAAgB,qBAAqB,aAAa,CAAC,cAAc,gBAAgB,CAAC;AAC9H,QAAM,iBAAiB,QAAQ,MAAM,gBAAgB,iBAAiB,eAAe,CAAC,cAAc,YAAY,CAAC;AAEjH,YAAU,MAAM;AACd,oBAAgB;AAAA,EAClB,GAAG,CAAC,iBAAiB,SAAS,WAAW,cAAc,eAAe,UAAU,MAAM,SAAS,sBAAsB,IAAI,iBAAiB,UAAU,CAAC;AAErJ,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ACvQA,SAAgB,YAAAC,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,UAAS,cAAc;;;ACoElE,SAAS,WAAW,GAA6B,GAAsC;AAC5F,MAAI,MAAM,GAAG;AACX,WAAO;AAAA,EACT;AAEA,MAAI,KAAK,QAAQ,KAAK,MAAM;AAC1B,WAAO,MAAM;AAAA,EACf;AAEA,SACE,EAAE,mBAAmB,EAAE,kBACvB,EAAE,YAAY,EAAE,WAChB,EAAE,UAAU,EAAE;AAElB;;;ADhCO,SAAS,eACd,QACA,gBACA,SACA,OACA;AACA,QAAM,CAAC,aAAa,cAAc,IAAIC,UAAwB,CAAC,CAAkB;AACjF,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AACrD,QAAM,CAAC,cAAc,eAAe,IAAIA,UAAS,CAAC;AAClD,QAAM,gBAAgB,OAAO,KAAK;AAClC,QAAMC,UAAS,cAAc;AAG7B,QAAM,gBAAgB,OAAO,EAAE,QAAQ,gBAAgB,SAAS,MAAM,CAAC;AAGvE,QAAM,QAAQ,kBAAkB;AAMhC,EAAAC,WAAU,MAAM;AAGd,QAAI,CAAC,QAAQ;AACX;AAAA,IACF;AAEA,QAAI,CAAC,SAAS,UAAU,QAAS,OAAO,UAAU,YAAY,MAAM,KAAK,MAAM,IAAK;AAClF,YAAM,YAAY,WAAW,MAAM;AACjC,iBAAS,IAAI,MAAM,wDAAwD,CAAC;AAC5E,qBAAa,KAAK;AAAA,MACpB,GAAG,GAAI;AAEP,aAAO,MAAM,aAAa,SAAS;AAAA,IACrC;AAEA,QAAI,OAAO,YAAY,0DAA0D;AAC/E,eAAS,IAAI;AAAA,IACf;AAAA,EACF,GAAG,CAAC,QAAQ,gBAAgB,OAAO,KAAK,CAAC;AAIzC,EAAAA,WAAU,MAAM;AACd,UAAM,gBACJ,cAAc,QAAQ,WAAW,UACjC,cAAc,QAAQ,mBAAmB,kBACzC,cAAc,QAAQ,YAAY,WAClC,cAAc,QAAQ,UAAU;AAElC,QAAI,eAAe;AAEjB,UAAI,cAAc,QAAQ,UAAU,OAAO;AAAA,MAE3C;AACA,oBAAc,UAAU,EAAE,QAAQ,gBAAgB,SAAS,MAAM;AAEjE,sBAAgB,UAAQ,OAAO,CAAC;AAAA,IAClC;AAAA,EACF,GAAG,CAAC,QAAQ,gBAAgB,SAAS,OAAOD,OAAM,CAAC;AAEnD,EAAAC,WAAU,MAAM;AACd,UAAM,mBAAmB,YAAY;AAEnC,UAAI,cAAc,SAAS;AACzB;AAAA,MACF;AAEA,UAAI,CAAC,QAAQ;AACX,uBAAe,CAAC,CAAkB;AAClC,qBAAa,KAAK;AAClB;AAAA,MACF;AAOA,UAAI,CAAC,QAAQ;AACX,uBAAe,CAAC,CAAkB;AAClC,qBAAa,KAAK;AAClB;AAAA,MACF;AAEA,UAAI,CAAC,SAAS,UAAU,QAAS,OAAO,UAAU,YAAY,MAAM,KAAK,MAAM,IAAK;AAElF,qBAAa,IAAI;AACjB,iBAAS,IAAI;AACb;AAAA,MACF;AAEA,UAAI;AACF,sBAAc,UAAU;AACxB,qBAAa,IAAI;AACjB,iBAAS,IAAI;AAGb,cAAM,QAAe;AAAA,UACnB,gBAAgB;AAAA,UAChB;AAAA,UACA;AAAA,QACF;AAGA,cAAM,gBAAgB,MAAM,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAG9D,cAAM,kBAAkB,OAAO,KAAK,aAAa,EAAE;AACnD,YAAI,oBAAoB,KAAK,OAAO,KAAK,WAAW,EAAE,SAAS,GAAG;AAChE,UAAAD,QAAO,KAAK,+DAA+D;AAAA,YACzE,OAAO,EAAE,gBAAgB,OAAO,SAAS,MAAM;AAAA,UACjD,CAAC;AAAA,QACH;AAGA,uBAAe,aAAa;AAAA,MAC9B,SAAS,KAAK;AAGZ,QAAAA,QAAO,MAAM,iDAAiD,GAAG;AACjE,iBAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAAA,MAEhF,UAAE;AACA,qBAAa,KAAK;AAClB,sBAAc,UAAU;AAAA,MAC1B;AAAA,IACF;AAEA,qBAAiB;AAAA,EACnB,GAAG,CAAC,cAAc,QAAQ,gBAAgB,SAAS,KAAK,CAAC;AAEzD,QAAM,gBAAgBE,aAAY,CAAC,eAAoC;AACrE,QAAI,YAAY,GAAG,GAAG;AACpB,aAAO;AAAA,IACT;AACA,WAAO,YAAY,UAAU,MAAM;AAAA,EACrC,GAAG,CAAC,WAAW,CAAC;AAEhB,QAAM,mBAAmBA,aAAY,CAAC,mBAA0C;AAC9E,QAAI,YAAY,GAAG,GAAG;AACpB,aAAO;AAAA,IACT;AACA,WAAO,eAAe,KAAK,OAAK,YAAY,CAAC,MAAM,IAAI;AAAA,EACzD,GAAG,CAAC,WAAW,CAAC;AAEhB,QAAM,oBAAoBA,aAAY,CAAC,mBAA0C;AAC/E,QAAI,YAAY,GAAG,GAAG;AACpB,aAAO;AAAA,IACT;AACA,WAAO,eAAe,MAAM,OAAK,YAAY,CAAC,MAAM,IAAI;AAAA,EAC1D,GAAG,CAAC,WAAW,CAAC;AAEhB,QAAM,UAAUA,aAAY,YAAY;AAEtC,QAAI,cAAc,SAAS;AACzB;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ;AACX,qBAAe,CAAC,CAAkB;AAClC,mBAAa,KAAK;AAClB;AAAA,IACF;AAIA,QAAI,CAAC,SAAS,UAAU,QAAS,OAAO,UAAU,YAAY,MAAM,KAAK,MAAM,IAAK;AAElF,mBAAa,IAAI;AACjB,eAAS,IAAI;AACb;AAAA,IACF;AAEA,QAAI;AACF,oBAAc,UAAU;AACxB,mBAAa,IAAI;AACjB,eAAS,IAAI;AAGb,YAAM,QAAe;AAAA,QACnB,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,MACF;AAGA,YAAM,gBAAgB,MAAM,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAG9D,qBAAe,aAAa;AAAA,IAC9B,SAAS,KAAK;AAGZ,YAAMF,UAAS,cAAc;AAC7B,MAAAA,QAAO,MAAM,kCAAkC,GAAG;AAClD,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAAA,IAEhF,UAAE;AACA,mBAAa,KAAK;AAClB,oBAAc,UAAU;AAAA,IAC1B;AAAA,EACF,GAAG,CAAC,QAAQ,gBAAgB,SAAS,KAAK,CAAC;AAG3C,SAAOG,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,CAAC,aAAa,WAAW,OAAO,eAAe,kBAAkB,mBAAmB,OAAO,CAAC;AAClG;AAyBO,SAAS,OACd,QACA,OACA,YACA,QACA,WAAoB,MACpB,SACA;AACA,QAAM,CAAC,KAAK,MAAM,IAAIJ,UAAkB,KAAK;AAC7C,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AACrD,QAAM,CAAC,cAAc,eAAe,IAAIA,UAAyB,IAAI;AAGrE,QAAM,eAAe,SAAS,OAAO,UAAU;AAC/C,QAAM,iBAAiB,eAAe,MAAM,iBAAiB;AAC7D,QAAM,UAAU,eAAe,MAAM,UAAU;AAC/C,QAAM,QAAQ,eAAe,MAAM,QAAQ;AAG3C,EAAAE,WAAU,MAAM;AACd,QAAI,CAAC,QAAQ;AACX,sBAAgB,KAAK;AACrB;AAAA,IACF;AAEA,QAAI,YAAY;AAChB,UAAM,kBAAkB,YAAY;AAClC,UAAI;AACF,cAAM,EAAE,cAAcG,iBAAgB,IAAI,MAAM,OAAO,mBAAQ;AAC/D,cAAM,UAAU,MAAMA,iBAAgB,MAAM;AAC5C,YAAI,CAAC,WAAW;AACd,0BAAgB,OAAO;AAAA,QACzB;AAAA,MACF,SAAS,KAAK;AACZ,YAAI,CAAC,WAAW;AACd,0BAAgB,KAAK;AAAA,QACvB;AAAA,MACF;AAAA,IACF;AAEA,oBAAgB;AAChB,WAAO,MAAM;AACX,kBAAY;AAAA,IACd;AAAA,EACF,GAAG,CAAC,MAAM,CAAC;AAKX,EAAAH,WAAU,MAAM;AACd,UAAM,mBAAmB,WAAW,SAAS,QAAQ,KAAK,CAAC,CAAC;AAC5D,UAAM,gBAAgB,CAAC;AAGvB,QAAI,iBAAiB,MAAM;AACzB;AAAA,IACF;AAEA,QAAI,kBAAkB,CAAC,gBAAgB,CAAC,kBAAkB,mBAAmB,QAAS,OAAO,mBAAmB,YAAY,eAAe,KAAK,MAAM,KAAM;AAC1J,YAAM,YAAY,WAAW,MAAM;AACjC,iBAAS,IAAI,MAAM,wDAAwD,CAAC;AAC5E,qBAAa,KAAK;AAClB,eAAO,KAAK;AAAA,MACd,GAAG,GAAI;AAEP,aAAO,MAAM,aAAa,SAAS;AAAA,IACrC;AAEA,QAAI,OAAO,YAAY,0DAA0D;AAC/E,eAAS,IAAI;AAAA,IACf;AAAA,EACF,GAAG,CAAC,cAAc,gBAAgB,OAAO,YAAY,QAAQ,YAAY,CAAC;AAG1E,QAAM,gBAAgB,OAAoB,IAAI;AAC9C,QAAM,eAAe,OAAsB,IAAI;AAC/C,QAAM,oBAAoB,OAA0B,IAAI;AACxD,QAAM,gBAAgB,OAAgC,IAAI;AAC1D,QAAM,kBAAkB,OAAuB,IAAI;AAGnD,QAAM,cAAcE,SAAQ,MAAM;AAChC,QAAI,CAAC,cAAc;AACjB,aAAO;AAAA,IACT;AACA,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF,GAAG,CAAC,cAAc,gBAAgB,SAAS,KAAK,CAAC;AAGjD,QAAM,eAAe,OAAqB,IAAI;AAE9C,EAAAF,WAAU,MAAM;AAEd,UAAM,eAAe,CAAC,WAAW,aAAa,SAAS,WAAW;AAGlE,QACE,cAAc,YAAY,UAC1B,gBACA,kBAAkB,YAAY,cAC9B,cAAc,YAAY,UAC1B,gBAAgB,YAAY,UAC5B;AACA,oBAAc,UAAU;AACxB,mBAAa,UAAU;AACvB,wBAAkB,UAAU;AAC5B,oBAAc,UAAU;AACxB,sBAAgB,UAAU;AAG1B,YAAM,kBAAkB,YAAY;AAClC,YAAI,CAAC,QAAQ;AACX,iBAAO,KAAK;AACZ,uBAAa,KAAK;AAClB;AAAA,QACF;AAGA,YAAI,CAAC,cAAc;AACjB,uBAAa,IAAI;AACjB,iBAAO,KAAK;AACZ,mBAAS,IAAI;AAEb;AAAA,QACF;AAIA,cAAM,mBAAmB,WAAW,SAAS,QAAQ,KAAK,CAAC,CAAC;AAC5D,cAAM,gBAAgB,CAAC;AAGvB,cAAM,aAAa,UAAU,OAAO,WAAW,YAAY,CAAC,kEAAkE,KAAK,MAAM;AACzI,cAAM,wBAAwB,oBAAoB;AAMlD,YAAI,kBAAkB,CAAC,kBAAkB,mBAAmB,QAAS,OAAO,mBAAmB,YAAY,eAAe,KAAK,MAAM,KAAM;AAEzI,cAAI,iBAAiB,MAAM;AAAA,UAE3B,OAAO;AAEL,yBAAa,IAAI;AACjB,mBAAO,KAAK;AACZ,qBAAS,IAAI;AAEb;AAAA,UACF;AAAA,QACF;AAIA,YAAI,0BAA0B,CAAC,SAAS,UAAU,QAAS,OAAO,UAAU,YAAY,MAAM,KAAK,MAAM,KAAM;AAC7G,uBAAa,IAAI;AACjB,iBAAO,KAAK;AACZ,mBAAS,IAAI;AAEb;AAAA,QACF;AAEA,YAAI;AACF,uBAAa,IAAI;AACjB,mBAAS,IAAI;AAIb,gBAAM,aAAoB;AAAA,YACxB,GAAI,iBAAiB,EAAE,eAAe,IAAI,CAAC;AAAA,YAC3C,GAAI,UAAU,EAAE,QAAQ,IAAI,CAAC;AAAA,YAC7B,GAAI,QAAQ,EAAE,MAAM,IAAI,CAAC;AAAA,UAC3B;AAEA,gBAAM,SAAS,WACX,MAAM,kBAAkB,EAAE,QAAQ,OAAO,YAAY,YAAY,OAAO,GAAG,QAAW,OAAO,IAC7F,MAAM,YAAY,EAAE,QAAQ,OAAO,YAAY,YAAY,OAAO,GAAG,QAAW,OAAO;AAE3F,iBAAO,MAAM;AAAA,QACf,SAAS,KAAK;AACZ,gBAAMD,UAAS,cAAc;AAC7B,UAAAA,QAAO,MAAM,2BAA2B,EAAE,YAAY,OAAO,IAAI,CAAC;AAClE,mBAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,4BAA4B,CAAC;AAC7E,iBAAO,KAAK;AAAA,QACd,UAAE;AACA,uBAAa,KAAK;AAAA,QACpB;AAAA,MACF;AAEA,sBAAgB;AAAA,IAClB;AAAA,EACF,GAAG,CAAC,QAAQ,aAAa,YAAY,QAAQ,UAAU,SAAS,YAAY,CAAC;AAE7E,QAAM,UAAUE,aAAY,YAAY;AACtC,QAAI,CAAC,QAAQ;AACX,aAAO,KAAK;AACZ,mBAAa,KAAK;AAClB;AAAA,IACF;AAGA,QAAI,CAAC,cAAc;AACjB,aAAO,KAAK;AACZ,mBAAa,IAAI;AACjB,eAAS,IAAI;AACb;AAAA,IACF;AAIA,UAAM,mBAAmB,WAAW,SAAS,QAAQ,KAAK,CAAC,CAAC;AAC5D,UAAM,gBAAgB,CAAC;AAGvB,QAAI,kBAAkB,CAAC,kBAAkB,mBAAmB,QAAS,OAAO,mBAAmB,YAAY,eAAe,KAAK,MAAM,KAAM;AACzI,aAAO,KAAK;AACZ,mBAAa,IAAI;AACjB,eAAS,IAAI;AACb;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAIb,YAAM,aAAoB;AAAA,QACxB,GAAI,iBAAiB,EAAE,eAAe,IAAI,CAAC;AAAA,QAC3C,GAAI,UAAU,EAAE,QAAQ,IAAI,CAAC;AAAA,QAC7B,GAAI,QAAQ,EAAE,MAAM,IAAI,CAAC;AAAA,MAC3B;AAEA,YAAM,SAAS,WACX,MAAM,kBAAkB,EAAE,QAAQ,OAAO,YAAY,YAAY,OAAO,GAAG,QAAW,OAAO,IAC7F,MAAM,YAAY,EAAE,QAAQ,OAAO,YAAY,YAAY,OAAO,GAAG,QAAW,OAAO;AAE3F,aAAO,MAAM;AAAA,IACf,SAAS,KAAK;AACZ,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,4BAA4B,CAAC;AAC7E,aAAO,KAAK;AAAA,IACd,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,QAAQ,cAAc,gBAAgB,SAAS,OAAO,YAAY,QAAQ,UAAU,OAAO,CAAC;AAGhG,SAAOC,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,CAAC,KAAK,WAAW,OAAO,OAAO,CAAC;AACtC;AA0BO,SAAS,eAAe,QAAc,OAK3C;AACA,QAAM,CAAC,aAAa,cAAc,IAAIJ,UAA0B,QAAQ;AACxE,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAGrD,MAAI;AACJ,MAAI;AACF,UAAM,EAAE,SAAS,eAAe,IAAI,aAAa;AACjD,cAAU;AAAA,EACZ,QAAQ;AAAA,EAER;AAEA,QAAM,mBAAmBG,aAAY,YAAY;AAC/C,QAAI,CAAC,QAAQ;AACX,qBAAe,QAAQ;AACvB,mBAAa,KAAK;AAClB;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAIb,YAAM,EAAE,cAAc,gBAAgB,IAAI,MAAM,OAAO,mBAAQ;AAC/D,YAAM,mBAAmB,MAAM,gBAAgB,MAAM;AAErD,UAAI,kBAAkB;AACpB,uBAAe,OAAO;AACtB,qBAAa,KAAK;AAClB;AAAA,MACF;AAIA,UAAI,YAAY,YAAY,YAAY,WAAW,CAAC,MAAM,kBAAkB,CAAC,MAAM,SAAS;AAC1F,cAAM,WAAW,IAAI,iCAAiC;AACtD,iBAAS,QAAQ;AACjB,uBAAe,QAAQ;AACvB,qBAAa,KAAK;AAClB;AAAA,MACF;AAEA,YAAM,QAAQ,MAAM,eAAe,EAAE,QAAQ,MAAM,GAAG,MAAM,OAAO;AACnE,qBAAe,KAAK;AAAA,IACtB,SAAS,KAAK;AACZ,YAAMG,SAAQ,eAAe,QAAQ,MAAM,IAAI,MAAM,8BAA8B;AACnF,eAASA,MAAK;AACd,qBAAe,QAAQ;AAAA,IACzB,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,QAAQ,MAAM,gBAAgB,MAAM,SAAS,MAAM,OAAO,OAAO,CAAC;AAEtE,EAAAJ,WAAU,MAAM;AACd,qBAAiB;AAAA,EACnB,GAAG,CAAC,gBAAgB,CAAC;AAGrB,SAAOE,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX,IAAI,CAAC,aAAa,WAAW,OAAO,gBAAgB,CAAC;AACvD;AAiCO,SAAS,uBACd,QACA,OACA,aACA,WAAoB,MAMpB;AACA,QAAM,CAAC,SAAS,UAAU,IAAIJ,UAAsC,CAAC,CAAgC;AACrG,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAErD,QAAM,mBAAmBG,aAAY,YAAY;AAC/C,QAAI,CAAC,UAAU,YAAY,WAAW,GAAG;AACvC,iBAAW,CAAC,CAAgC;AAC5C,mBAAa,KAAK;AAClB;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAEb,YAAM,oBAAiD,CAAC;AAGxD,iBAAW,cAAc,aAAa;AACpC,cAAM,SAAS,WACX,MAAM,kBAAkB,EAAE,QAAQ,OAAO,WAAW,CAAC,IACrD,MAAM,YAAY,EAAE,QAAQ,OAAO,WAAW,CAAC;AACnD,0BAAkB,UAAU,IAAI;AAAA,MAClC;AAEA,iBAAW,iBAAiB;AAAA,IAC9B,SAAS,KAAK;AACZ,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAC9E,iBAAW,CAAC,CAAgC;AAAA,IAC9C,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,QAAQ,MAAM,gBAAgB,MAAM,SAAS,MAAM,OAAO,aAAa,QAAQ,CAAC;AAEpF,EAAAD,WAAU,MAAM;AACd,qBAAiB;AAAA,EACnB,GAAG,CAAC,gBAAgB,CAAC;AAGrB,SAAOE,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX,IAAI,CAAC,SAAS,WAAW,OAAO,gBAAgB,CAAC;AACnD;AA2BO,SAAS,oBACd,QACA,OACA,aACA,WAAoB,MAMpB;AACA,QAAM,CAAC,QAAQ,SAAS,IAAIJ,UAAkB,KAAK;AACnD,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAErD,QAAM,qBAAqBG,aAAY,YAAY;AACjD,QAAI,CAAC,UAAU,YAAY,WAAW,GAAG;AACvC,gBAAU,KAAK;AACf,mBAAa,KAAK;AAClB;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAEb,UAAI,mBAAmB;AAEvB,iBAAW,cAAc,aAAa;AACpC,cAAM,SAAS,WACX,MAAM,kBAAkB,EAAE,QAAQ,OAAO,WAAW,CAAC,IACrD,MAAM,YAAY,EAAE,QAAQ,OAAO,WAAW,CAAC;AAEnD,YAAI,QAAQ;AACV,6BAAmB;AACnB;AAAA,QACF;AAAA,MACF;AAEA,gBAAU,gBAAgB;AAAA,IAC5B,SAAS,KAAK;AACZ,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAC9E,gBAAU,KAAK;AAAA,IACjB,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,QAAQ,MAAM,gBAAgB,MAAM,SAAS,MAAM,OAAO,aAAa,QAAQ,CAAC;AAEpF,EAAAD,WAAU,MAAM;AACd,uBAAmB;AAAA,EACrB,GAAG,CAAC,kBAAkB,CAAC;AAGvB,SAAOE,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX,IAAI,CAAC,QAAQ,WAAW,OAAO,kBAAkB,CAAC;AACpD;AA2BO,SAAS,qBACd,QACA,OACA,aACA,WAAoB,MAMpB;AACA,QAAM,CAAC,QAAQ,SAAS,IAAIJ,UAAkB,KAAK;AACnD,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAErD,QAAM,sBAAsBG,aAAY,YAAY;AAClD,QAAI,CAAC,UAAU,YAAY,WAAW,GAAG;AACvC,gBAAU,KAAK;AACf,mBAAa,KAAK;AAClB;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAEb,UAAI,oBAAoB;AAExB,iBAAW,cAAc,aAAa;AACpC,cAAM,SAAS,WACX,MAAM,kBAAkB,EAAE,QAAQ,OAAO,WAAW,CAAC,IACrD,MAAM,YAAY,EAAE,QAAQ,OAAO,WAAW,CAAC;AAEnD,YAAI,CAAC,QAAQ;AACX,8BAAoB;AACpB;AAAA,QACF;AAAA,MACF;AAEA,gBAAU,iBAAiB;AAAA,IAC7B,SAAS,KAAK;AACZ,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAC9E,gBAAU,KAAK;AAAA,IACjB,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,QAAQ,MAAM,gBAAgB,MAAM,SAAS,MAAM,OAAO,aAAa,QAAQ,CAAC;AAEpF,EAAAD,WAAU,MAAM;AACd,wBAAoB;AAAA,EACtB,GAAG,CAAC,mBAAmB,CAAC;AAGxB,SAAOE,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX,IAAI,CAAC,QAAQ,WAAW,OAAO,mBAAmB,CAAC;AACrD;AA0BO,SAAS,qBAAqB,QAAc,OAMjD;AACA,QAAM,CAAC,aAAa,cAAc,IAAIJ,UAAwB,CAAC,CAAkB;AACjF,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAErD,QAAM,yBAAyBG,aAAY,YAAY;AACrD,QAAI,CAAC,QAAQ;AACX,qBAAe,CAAC,CAAkB;AAClC,mBAAa,KAAK;AAClB;AAAA,IACF;AAEA,QAAI;AACF,mBAAa,IAAI;AACjB,eAAS,IAAI;AAEb,YAAM,gBAAgB,MAAM,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAC9D,qBAAe,aAAa;AAAA,IAC9B,SAAS,KAAK;AACZ,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,oCAAoC,CAAC;AAAA,IACvF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,QAAQ,MAAM,gBAAgB,MAAM,SAAS,MAAM,KAAK,CAAC;AAE7D,QAAM,kBAAkBA,aAAY,MAAM;AAGxC,2BAAuB;AAAA,EACzB,GAAG,CAAC,sBAAsB,CAAC;AAE3B,EAAAD,WAAU,MAAM;AACd,2BAAuB;AAAA,EACzB,GAAG,CAAC,sBAAsB,CAAC;AAG3B,SAAOE,SAAQ,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX,IAAI,CAAC,aAAa,WAAW,OAAO,iBAAiB,sBAAsB,CAAC;AAC9E;;;AEz7BA,SAAS,WAAAG,gBAAe;AAwFjB,SAAS,uBACd,UACA,UAAyC,CAAC,GACrB;AACrB,QAAM,EAAE,aAAa,OAAO,eAAe,KAAK,IAAI;AAGpD,QAAM,EAAE,MAAM,SAAS,IAAI,eAAe;AAG1C,QAAM,EAAE,qBAAqB,IAAI,iBAAiB;AAGlD,MAAI,gBAA6C;AACjD,MAAI;AACF,UAAM,gBAAgB,UAAU;AAChC,oBAAgB,cAAc;AAAA,EAChC,SAASC,QAAO;AAAA,EAGhB;AAGA,QAAM,EAAE,eAAe,WAAW,cAAc,OAAO,WAAW,IAAI,iBAAiB;AAAA,IACrF;AAAA,IACA,wBAAwB,sBAAsB,MAAM;AAAA,IACpD,iBAAiB,eAAe,YAAY;AAAA,EAC9C,CAAC;AAGD,QAAM,QAAe,iBAAiB;AAAA,IACpC,gBAAgB,sBAAsB,MAAM;AAAA,IAC5C,SAAS,eAAe,YAAY;AAAA,IACpC,OAAO;AAAA,EACT;AAMA,QAAM,SAAS,MAAM,QAAQ,WAAW;AAGxC,QAAM,EAAE,KAAK,iBAAiB,WAAW,eAAe,OAAO,YAAY,IAAI;AAAA,IAC7E,MAAM,MAAM;AAAA,IACZ;AAAA,IACA,UAAU,QAAQ;AAAA,IAClB;AAAA;AAAA,IACA;AAAA;AAAA,EACF;AAEA,QAAM,EAAE,KAAK,iBAAiB,WAAW,eAAe,OAAO,YAAY,IAAI;AAAA,IAC7E,MAAM,MAAM;AAAA,IACZ;AAAA,IACA,UAAU,QAAQ;AAAA,IAClB;AAAA;AAAA,IACA;AAAA;AAAA,EACF;AAEA,QAAM,EAAE,KAAK,iBAAiB,WAAW,eAAe,OAAO,YAAY,IAAI;AAAA,IAC7E,MAAM,MAAM;AAAA,IACZ;AAAA,IACA,UAAU,QAAQ;AAAA,IAClB;AAAA;AAAA,IACA;AAAA;AAAA,EACF;AAGA,QAAM,EAAE,KAAK,eAAe,WAAW,aAAa,OAAO,UAAU,IAAI;AAAA,IACvE,MAAM,MAAM;AAAA,IACZ;AAAA,IACA,QAAQ,QAAQ;AAAA,IAChB;AAAA;AAAA,IACA;AAAA;AAAA,EACF;AAGA,QAAM,YAAYC,SAAQ,MAAM;AAC9B,WAAO,gBAAgB,iBAAiB,iBAAiB,iBAAkB,cAAc;AAAA,EAC3F,GAAG,CAAC,cAAc,eAAe,eAAe,eAAe,aAAa,UAAU,CAAC;AAGvF,QAAM,QAAQA,SAAQ,MAAM;AAC1B,QAAI,WAAY,QAAO;AACvB,QAAI,YAAa,QAAO;AACxB,QAAI,YAAa,QAAO;AACxB,QAAI,YAAa,QAAO;AACxB,QAAI,cAAc,UAAW,QAAO;AACpC,WAAO;AAAA,EACT,GAAG,CAAC,YAAY,aAAa,aAAa,aAAa,WAAW,UAAU,CAAC;AAK7E,SAAOA,SAAQ,OAAO;AAAA,IACpB,WAAW,CAAC,QAAgB;AAG1B,UAAI,QAAQ,UAAU;AACpB,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT;AAAA,IACA,WAAW,CAAC,QAAgB;AAC1B,UAAI,QAAQ,UAAU;AACpB,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT;AAAA,IACA,WAAW,CAAC,QAAgB;AAC1B,UAAI,QAAQ,UAAU;AACpB,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT;AAAA,IACA,SAAS,CAAC,QAAgB;AACxB,UAAI,CAAC,YAAY;AACf,eAAO;AAAA,MACT;AACA,UAAI,QAAQ,UAAU;AACpB,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACH;;;ACjNA,SAAS,YAAAC,WAAU,eAAAC,oBAAmB;AA4D/B,SAAS,oBAAoB;AAClC,QAAM,EAAE,MAAM,SAAS,IAAI,eAAe;AAC1C,QAAM,CAAC,WAAW,YAAY,IAAIC,UAAS,KAAK;AAChD,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AAErD,MAAI,CAAC,UAAU;AACb,UAAM,IAAI,MAAM,yFAAyF;AAAA,EAC3G;AAcA,QAAM,qBAAqBC,aAAY,OACrC,WACkC;AAClC,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AACF,YAAM,EAAE,MAAM,OAAO,SAAS,IAAI,MAAM,SAAS,IAAI,yBAAyB;AAAA,QAC5E,WAAW,OAAO;AAAA,QAClB,mBAAmB,OAAO;AAAA,QAC1B,YAAY,OAAO;AAAA,QACnB,UAAU,OAAO;AAAA,QACjB,QAAQ,OAAO;AAAA,QACf,cAAc,OAAO,cAAc,MAAM,MAAM;AAAA,MACjD,CAAC;AAED,UAAI,UAAU;AACZ,cAAM,IAAI,MAAM,SAAS,WAAW,uBAAuB;AAAA,MAC7D;AAEA,aAAO;AAAA,QACL,SAAS,SAAS;AAAA,QAClB,SAAS,SAAS,OAAO,8BAA8B;AAAA,QACvD,OAAO,SAAS,QAAQ,2BAA2B;AAAA,MACrD;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,eAAe,eAAe,QAAQ,IAAI,UAAU;AAC1D,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,YAAY,CAAC;AAC7D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,MACT;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,MAAM,EAAE,CAAC;AAcb,QAAM,oBAAoBA,aAAY,OACpC,WACkC;AAClC,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AACF,YAAM,EAAE,MAAM,OAAO,SAAS,IAAI,MAAM,SAAS,IAAI,wBAAwB;AAAA,QAC3E,WAAW,OAAO;AAAA,QAClB,mBAAmB,OAAO;AAAA,QAC1B,YAAY,OAAO;AAAA,QACnB,UAAU,OAAO;AAAA,QACjB,QAAQ,OAAO;AAAA,QACf,cAAc,OAAO,cAAc,MAAM,MAAM;AAAA,QAC/C,cAAc,OAAO;AAAA,QACrB,YAAY,OAAO;AAAA,MACrB,CAAC;AAED,UAAI,UAAU;AACZ,cAAM,IAAI,MAAM,SAAS,WAAW,sBAAsB;AAAA,MAC5D;AAEA,UAAI,CAAC,MAAM;AACT,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO;AAAA,QACT;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,QAAQ;AAAA,MACV;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,eAAe,eAAe,QAAQ,IAAI,UAAU;AAC1D,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,YAAY,CAAC;AAC7D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,MACT;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,MAAM,EAAE,CAAC;AAWb,QAAM,iBAAiBA,aAAY,OACjC,WACkC;AAClC,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AAEF,YAAM,EAAE,MAAM,UAAU,OAAO,WAAW,IAAI,MAAM,SACjD,KAAK,sBAAsB,EAC3B,OAAO,iCAAiC,EACxC,GAAG,MAAM,MAAM,EACf,OAAO;AAEV,UAAI,cAAc,CAAC,UAAU;AAC3B,cAAM,IAAI,MAAM,YAAY,WAAW,gBAAgB;AAAA,MACzD;AAGA,YAAM,YAAY,GAAG,SAAS,QAAQ,IAAI,SAAS,MAAM;AAGzD,YAAM,EAAE,MAAM,OAAO,SAAS,IAAI,MAAM,SAAS,IAAI,oBAAoB;AAAA,QACvE,WAAW,SAAS;AAAA,QACpB,aAAa;AAAA,QACb,aAAa,SAAS;AAAA,QACtB,cAAc;AAAA,QACd,cAAc,MAAM,MAAM;AAAA,MAC5B,CAAC;AAED,UAAI,UAAU;AACZ,cAAM,IAAI,MAAM,SAAS,WAAW,uBAAuB;AAAA,MAC7D;AAGA,YAAM,SAAS,MAAM,QAAQ,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI;AAElE,aAAO;AAAA,QACL,SAAS,QAAQ,YAAY;AAAA,QAC7B,SAAS,QAAQ,WAAW;AAAA,QAC5B,OAAO,QAAQ,YAAY,QAAS,QAAQ,WAAW,QAAQ,cAAc,kBAAmB;AAAA,MAClG;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,eAAe,eAAe,QAAQ,IAAI,UAAU;AAC1D,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,YAAY,CAAC;AAC7D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,MACT;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,MAAM,IAAI,QAAQ,CAAC;AAcvB,QAAM,kBAAkBA,aAAY,OAClC,WACkC;AAClC,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AACF,YAAM,EAAE,MAAM,OAAO,SAAS,IAAI,MAAM,SAAS,IAAI,mBAAmB;AAAA,QACtE,WAAW,OAAO;AAAA,QAClB,aAAa;AAAA,QACb,aAAa,OAAO;AAAA,QACpB,cAAc;AAAA;AAAA,QACd,cAAc,OAAO,cAAc,MAAM,MAAM;AAAA,MACjD,CAAC;AAED,UAAI,UAAU;AACZ,cAAM,IAAI,MAAM,SAAS,WAAW,sBAAsB;AAAA,MAC5D;AAGA,YAAM,SAAS,MAAM,QAAQ,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI;AAElE,UAAI,CAAC,UAAU,CAAC,OAAO,SAAS;AAC9B,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,QAAQ,WAAW,QAAQ,cAAc;AAAA,UAChD,SAAS,QAAQ;AAAA,QACnB;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,OAAO,WAAW;AAAA,QAC3B,QAAQ,OAAO;AAAA,MACjB;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,eAAe,eAAe,QAAQ,IAAI,UAAU;AAC1D,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,YAAY,CAAC;AAC7D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,MACT;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,MAAM,IAAI,QAAQ,CAAC;AAcvB,QAAM,mBAAmBA,aAAY,OACnC,WACkC;AAClC,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AACF,YAAM,EAAE,MAAM,OAAO,SAAS,IAAI,MAAM,SAAS,IAAI,oBAAoB;AAAA,QACvE,WAAW,OAAO;AAAA,QAClB,aAAa;AAAA,QACb,aAAa,OAAO;AAAA,QACpB,cAAc;AAAA;AAAA,QACd,cAAc,OAAO,cAAc,MAAM,MAAM;AAAA,MACjD,CAAC;AAED,UAAI,UAAU;AACZ,cAAM,IAAI,MAAM,SAAS,WAAW,uBAAuB;AAAA,MAC7D;AAGA,YAAM,SAAS,MAAM,QAAQ,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI;AAElE,aAAO;AAAA,QACL,SAAS,QAAQ,YAAY;AAAA,QAC7B,SAAS,QAAQ,WAAW;AAAA,QAC5B,OAAO,QAAQ,YAAY,QAAS,QAAQ,WAAW,QAAQ,cAAc,kBAAmB;AAAA,MAClG;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,eAAe,eAAe,QAAQ,IAAI,UAAU;AAC1D,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,YAAY,CAAC;AAC7D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,MACT;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,MAAM,IAAI,QAAQ,CAAC;AAcvB,QAAM,wBAAwBA,aAAY,OACxC,WACkC;AAClC,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AACF,YAAM,EAAE,MAAM,OAAO,SAAS,IAAI,MAAM,SAAS,IAAI,mBAAmB;AAAA,QACtE,WAAW,OAAO;AAAA,QAClB,aAAa;AAAA,QACb,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA;AAAA,QACrB,cAAc,OAAO,cAAc,MAAM,MAAM;AAAA,MACjD,CAAC;AAED,UAAI,UAAU;AACZ,cAAM,IAAI,MAAM,SAAS,WAAW,sBAAsB;AAAA,MAC5D;AAGA,YAAM,SAAS,MAAM,QAAQ,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI;AAElE,UAAI,CAAC,UAAU,CAAC,OAAO,SAAS;AAC9B,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,QAAQ,WAAW,QAAQ,cAAc;AAAA,UAChD,SAAS,QAAQ;AAAA,QACnB;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,OAAO,WAAW;AAAA,QAC3B,QAAQ,OAAO;AAAA,MACjB;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,eAAe,eAAe,QAAQ,IAAI,UAAU;AAC1D,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,YAAY,CAAC;AAC7D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,MACT;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,MAAM,IAAI,QAAQ,CAAC;AAcvB,QAAM,yBAAyBA,aAAY,OACzC,WACkC;AAClC,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AACF,YAAM,EAAE,MAAM,OAAO,SAAS,IAAI,MAAM,SAAS,IAAI,oBAAoB;AAAA,QACvE,WAAW,OAAO;AAAA,QAClB,aAAa;AAAA,QACb,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA;AAAA,QACrB,cAAc,OAAO,cAAc,MAAM,MAAM;AAAA,MACjD,CAAC;AAED,UAAI,UAAU;AACZ,cAAM,IAAI,MAAM,SAAS,WAAW,uBAAuB;AAAA,MAC7D;AAGA,YAAM,SAAS,MAAM,QAAQ,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI;AAElE,aAAO;AAAA,QACL,SAAS,QAAQ,YAAY;AAAA,QAC7B,SAAS,QAAQ,WAAW;AAAA,QAC5B,OAAO,QAAQ,YAAY,QAAS,QAAQ,WAAW,QAAQ,cAAc,kBAAmB;AAAA,MAClG;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,eAAe,eAAe,QAAQ,IAAI,UAAU;AAC1D,eAAS,eAAe,QAAQ,MAAM,IAAI,MAAM,YAAY,CAAC;AAC7D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,MACT;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF,GAAG,CAAC,MAAM,IAAI,QAAQ,CAAC;AAEvB,SAAO;AAAA;AAAA,IAEL;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAEA;AAAA,IACA;AAAA;AAAA,IAEA;AAAA,IACA;AAAA;AAAA,IAEA;AAAA,IACA;AAAA,EACF;AACF;;;AChaA,SAAS,WAAAC,UAAS,UAAAC,eAAc;AAahC,IAAM,oBAAoB,oBAAI,IAAkC;AAGhE,IAAM,iBAAiB;AAMvB,SAAS,YACP,gBACA,SACA,OACA,cACQ;AACR,SAAO,GAAG,cAAc,IAAI,WAAW,UAAU,IAAI,SAAS,QAAQ,IAAI,eAAe,UAAU,SAAS;AAC9G;AAKA,SAAS,oBAAyD;AAEhE,QAAM,YAAY,CAAC,QAAoC;AACrD,QAAI,OAAO,gBAAgB,eAAgB,YAAoB,KAAK;AAClE,aAAQ,YAAoB,IAAI,GAAG;AAAA,IACrC;AACA,QAAI,OAAO,YAAY,eAAe,QAAQ,KAAK;AACjD,aAAO,QAAQ,IAAI,GAAG;AAAA,IACxB;AACA,WAAO;AAAA,EACT;AAEA,QAAM,cAAc,UAAU,mBAAmB,KAC9B,UAAU,0BAA0B,KACpC;AAEnB,QAAM,cAAc,UAAU,+BAA+B,KAC1C,UAAU,sCAAsC,KAChD;AAEnB,MAAI,CAAC,eAAe,CAAC,aAAa;AAChC,WAAO;AAAA,EACT;AAEA,SAAO,EAAE,KAAK,aAAa,KAAK,YAAY;AAC9C;AA+BO,SAAS,kBACd,YACiC;AACjC,QAAM,EAAE,MAAM,UAAU,aAAa,IAAI,eAAe;AACxD,QAAM,EAAE,qBAAqB,IAAI,iBAAiB;AAClD,QAAM,gBAAgB,UAAU;AAChC,QAAM,EAAE,cAAc,IAAI;AAC1B,QAAM,eAAe,kBAAkB,gBAAgB,cAAc,eAAe;AAIpF,QAAM,EAAE,kBAAkB,IAAI,wBAAwB;AACtD,QAAM,eAAe,kBAAkB;AAGvC,QAAM,EAAE,cAAc,IAAI,iBAAiB;AAAA,IACzC,UAAU,gBAAgB;AAAA,IAC1B,wBAAwB,sBAAsB,MAAM;AAAA,IACpD,iBAAiB,eAAe,YAAY;AAAA,EAC9C,CAAC;AAGD,QAAM,iBAAiBC,QAIpB;AAAA,IACD,gBAAgB;AAAA,IAChB,SAAS;AAAA,IACT,OAAO;AAAA,EACT,CAAC;AAED,SAAOC,SAAQ,MAAM;AAEnB,QAAI,cAAc;AAChB,aAAO,cAAc,gBAAgB;AAAA,IACvC;AAKA,UAAM,iBAAiB,eAAe;AACtC,UAAM,UAAU,eAAe,WAAW,eAAe;AACzD,UAAM,QAAQ,eAAe;AAG7B,QAAI,kBAAkB,MAAM,IAAI;AAE9B,qBAAe,UAAU,EAAE,gBAAgB,SAAS,MAAM;AAG1D,YAAM,WAAW,YAAY,gBAAgB,SAAS,OAAO,YAAY;AACzE,YAAM,eAAe,kBAAkB,IAAI,QAAQ;AAEnD,UAAI,cAAc;AAEhB,eAAO,aAAa,UAAU;AAAA,MAChC;AAGA,YAAM,SAAS,kBAAkB;AACjC,UAAI,CAAC,UAAU,CAAC,OAAO,OAAO,CAAC,OAAO,KAAK;AACzC,eAAO,KAAK,qBAAqB,wEAAwE;AAAA,UACvG,MAAM;AAAA,QACR,CAAC;AACD,eAAO,cAAc,gBAAgB;AAAA,MACvC;AAEA,UAAI;AACF,cAAM,eAAe;AAAA,UACnB,OAAO;AAAA,UACP,OAAO;AAAA,UACP;AAAA;AAAA,UACA;AAAA,UACA;AAAA;AAAA,UACA;AAAA;AAAA,QACF;AAGA,0BAAkB,IAAI,UAAU,YAAY;AAG5C,YAAI,kBAAkB,OAAO,gBAAgB;AAC3C,gBAAM,WAAW,kBAAkB,KAAK,EAAE,KAAK,EAAE;AACjD,cAAI,UAAU;AACZ,8BAAkB,OAAO,QAAQ;AAAA,UACnC;AAAA,QACF;AAGA,eAAO,aAAa,UAAU;AAAA,MAChC,SAAS,OAAO;AACd,eAAO,MAAM,qBAAqB,kCAAkC,KAAK;AAEzE,eAAO,cAAc,gBAAgB;AAAA,MACvC;AAAA,IACF;AAGA,WAAO,cAAc,gBAAgB;AAAA,EACvC,GAAG;AAAA,IACD,eAAe;AAAA,IACf,eAAe;AAAA,IACf,eAAe;AAAA,IACf,eAAe;AAAA,IACf,MAAM;AAAA,IACN;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACH;","names":["contextValues","logger","useState","useEffect","useCallback","useMemo","useState","logger","useEffect","useCallback","useMemo","checkSuperAdmin","error","useMemo","error","useMemo","useState","useCallback","useState","useCallback","useMemo","useRef","useRef","useMemo"]}