npm - @jmruthers/pace-core - Versions diffs - 0.5.75 → 0.5.77 - Mend

@jmruthers/pace-core 0.5.75 → 0.5.77

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (507) hide show

package/CHANGELOG.md +8 -0
package/dist/{RBACService-C4udt_Zp.d.ts → AuthService-SBHZQtCH.d.ts} +5 -118
package/dist/{DataTable-ntgmhO2W.d.ts → DataTable-BE0OXZKQ.d.ts} +9 -2
package/dist/DataTable-QCNCV6IK.js +157 -0
package/dist/{PublicLoadingSpinner-BKNBT6b6.d.ts → PublicLoadingSpinner-CnUaz0vG.d.ts} +33 -19
package/dist/{UnifiedAuthProvider-Bj6YCf7c.d.ts → UnifiedAuthProvider-B391Aqum.d.ts} +42 -45
package/dist/{UnifiedAuthProvider-3NKDOSOK.js → UnifiedAuthProvider-Z2FWNW7O.js} +4 -5
package/dist/{api-DDMUKIUD.js → api-KG4A2X7P.js} +9 -3
package/dist/{audit-6TOCAMKO.js → audit-65VNHEV2.js} +2 -2
package/dist/{chunk-2DFZ432F.js → chunk-7PX43UYN.js} +197 -629
package/dist/chunk-7PX43UYN.js.map +1 -0
package/dist/{chunk-DAXLNIDY.js → chunk-C4RQ3GQA.js} +108 -32
package/dist/chunk-C4RQ3GQA.js.map +1 -0
package/dist/{chunk-LW7MMEAQ.js → chunk-CRKP3HXI.js} +2 -2
package/dist/{chunk-XLZ7U46Z.js → chunk-CVMVPYAL.js} +9 -60
package/dist/chunk-CVMVPYAL.js.map +1 -0
package/dist/{chunk-CY3AHGO4.js → chunk-DDPG7FCX.js} +3395 -3254
package/dist/chunk-DDPG7FCX.js.map +1 -0
package/dist/{chunk-URUTVZ7N.js → chunk-DVHZ5L55.js} +2 -2
package/dist/{chunk-5BSLGBYI.js → chunk-JCQZ6LA7.js} +2 -8
package/dist/{chunk-5BSLGBYI.js.map → chunk-JCQZ6LA7.js.map} +1 -1
package/dist/{chunk-WN6XJWOS.js → chunk-JDQ7T3QB.js} +256 -743
package/dist/chunk-JDQ7T3QB.js.map +1 -0
package/dist/{chunk-ZTT2AXMX.js → chunk-LMYTEMUH.js} +153 -132
package/dist/chunk-LMYTEMUH.js.map +1 -0
package/dist/{chunk-33PHABLB.js → chunk-NKT2DLZI.js} +13 -130
package/dist/chunk-NKT2DLZI.js.map +1 -0
package/dist/chunk-PUKTJMRT.js +732 -0
package/dist/chunk-PUKTJMRT.js.map +1 -0
package/dist/{chunk-B2WTCLCV.js → chunk-Q7APDV6H.js} +18 -8
package/dist/chunk-Q7APDV6H.js.map +1 -0
package/dist/{chunk-FGMFQSHX.js → chunk-S63MFSY6.js} +500 -551
package/dist/chunk-S63MFSY6.js.map +1 -0
package/dist/{chunk-NTNILOBC.js → chunk-TLD5BEU6.js} +4 -4
package/dist/chunk-WUXCWRL6.js +20 -0
package/dist/chunk-WUXCWRL6.js.map +1 -0
package/dist/{chunk-YNUBMSMV.js → chunk-YCKPEMJA.js} +186 -263
package/dist/chunk-YCKPEMJA.js.map +1 -0
package/dist/{chunk-A4FUBC7B.js → chunk-Z3T6RK3K.js} +2 -4
package/dist/{chunk-A4FUBC7B.js.map → chunk-Z3T6RK3K.js.map} +1 -1
package/dist/components.d.ts +6 -6
package/dist/components.js +17 -20
package/dist/components.js.map +1 -1
package/dist/{database-C3Szpi5J.d.ts → database-BXAfr2Y_.d.ts} +18 -0
package/dist/hooks.d.ts +21 -44
package/dist/hooks.js +12 -13
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +19 -27
package/dist/index.js +27 -33
package/dist/index.js.map +1 -1
package/dist/{organisation-BtshODVF.d.ts → organisation-D6qRDtbF.d.ts} +1 -1
package/dist/providers.d.ts +7 -21
package/dist/providers.js +3 -10
package/dist/rbac/index.d.ts +118 -215
package/dist/rbac/index.js +18 -18
package/dist/{types-CGX9Vyf5.d.ts → types-BDg1mAGG.d.ts} +36 -6
package/dist/types.d.ts +3 -3
package/dist/types.js +61 -18
package/dist/types.js.map +1 -1
package/dist/{unified-CM7T0aTK.d.ts → unified-DQ4VcT7H.d.ts} +1 -1
package/dist/{usePublicRouteParams-B-CumWRc.d.ts → usePublicRouteParams-BlgwXweB.d.ts} +3 -3
package/dist/utils.d.ts +2 -2
package/dist/utils.js +52 -9
package/dist/utils.js.map +1 -1
package/docs/CONTENT_AUDIT_REPORT.md +253 -0
package/docs/DOCUMENTATION_AUDIT.md +172 -0
package/docs/README.md +142 -147
package/docs/STYLE_GUIDE.md +37 -0
package/docs/api/classes/ColumnFactory.md +17 -17
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +4 -4
package/docs/api/classes/MissingUserContextError.md +4 -4
package/docs/api/classes/OrganisationContextRequiredError.md +4 -4
package/docs/api/classes/PermissionDeniedError.md +5 -5
package/docs/api/classes/PublicErrorBoundary.md +1 -1
package/docs/api/classes/RBACAuditManager.md +8 -8
package/docs/api/classes/RBACCache.md +35 -5
package/docs/api/classes/RBACEngine.md +49 -20
package/docs/api/classes/RBACError.md +4 -4
package/docs/api/classes/RBACNotInitializedError.md +4 -4
package/docs/api/classes/SecureSupabaseClient.md +1 -1
package/docs/api/classes/StorageUtils.md +1 -1
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +4 -4
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +1 -1
package/docs/api/interfaces/DataRecord.md +11 -0
package/docs/api/interfaces/DataTableAction.md +65 -29
package/docs/api/interfaces/DataTableColumn.md +36 -23
package/docs/api/interfaces/DataTableProps.md +80 -38
package/docs/api/interfaces/DataTableToolbarButton.md +7 -7
package/docs/api/interfaces/EmptyStateConfig.md +5 -5
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventLogoProps.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +1 -1
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +1 -1
package/docs/api/interfaces/FileUploadProps.md +1 -1
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +11 -11
package/docs/api/interfaces/NavigationContextType.md +9 -9
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +7 -7
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +16 -3
package/docs/api/interfaces/PageAccessRecord.md +1 -1
package/docs/api/interfaces/PagePermissionContextType.md +1 -1
package/docs/api/interfaces/PagePermissionGuardProps.md +2 -2
package/docs/api/interfaces/PagePermissionProviderProps.md +1 -1
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +4 -4
package/docs/api/interfaces/PublicErrorBoundaryProps.md +1 -1
package/docs/api/interfaces/PublicErrorBoundaryState.md +1 -1
package/docs/api/interfaces/PublicLoadingSpinnerProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/RBACConfig.md +1 -1
package/docs/api/interfaces/RBACLogger.md +1 -1
package/docs/api/interfaces/RoleBasedRouterContextType.md +1 -1
package/docs/api/interfaces/RoleBasedRouterProps.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +2 -2
package/docs/api/interfaces/RouteConfig.md +2 -2
package/docs/api/interfaces/SecureDataContextType.md +1 -1
package/docs/api/interfaces/SecureDataProviderProps.md +1 -1
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +94 -521
package/docs/api/interfaces/UnifiedAuthProviderProps.md +16 -16
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +47 -0
package/docs/api/interfaces/UseResolvedScopeReturn.md +47 -0
package/docs/api/interfaces/UserEventAccess.md +11 -11
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +303 -275
package/docs/api-reference/components.md +193 -0
package/docs/api-reference/hooks.md +265 -0
package/docs/api-reference/providers.md +32 -7
package/docs/api-reference/types.md +6 -0
package/docs/api-reference/utilities.md +207 -0
package/docs/architecture/README.md +6 -0
package/docs/{database-schema-requirements.md → architecture/database-schema-requirements.md} +6 -0
package/docs/architecture/rbac-security-architecture.md +258 -0
package/docs/architecture/services.md +9 -1
package/docs/best-practices/README.md +26 -0
package/docs/best-practices/accessibility.md +572 -0
package/docs/{common-patterns.md → best-practices/common-patterns.md} +6 -0
package/docs/best-practices/deployment.md +6 -0
package/docs/best-practices/performance.md +475 -2
package/docs/best-practices/security.md +6 -0
package/docs/best-practices/testing.md +6 -0
package/docs/core-concepts/authentication.md +21 -7
package/docs/core-concepts/events.md +6 -0
package/docs/core-concepts/organisations.md +6 -0
package/docs/core-concepts/permissions.md +6 -0
package/docs/core-concepts/rbac-system.md +6 -0
package/docs/documentation-index.md +121 -182
package/docs/{consuming-app-vite-config.md → getting-started/consuming-app-vite-config.md} +6 -0
package/docs/getting-started/documentation-index.md +40 -0
package/docs/getting-started/examples/README.md +878 -35
package/docs/{faq.md → getting-started/faq.md} +7 -1
package/docs/getting-started/installation-guide.md +6 -0
package/docs/{quick-reference.md → getting-started/quick-reference.md} +6 -0
package/docs/implementation-guides/app-layout.md +6 -0
package/docs/implementation-guides/authentication.md +1021 -0
package/docs/implementation-guides/component-styling.md +416 -0
package/docs/implementation-guides/data-tables.md +1264 -2076
package/docs/implementation-guides/dynamic-colors.md +6 -0
package/docs/implementation-guides/event-theming-summary.md +6 -0
package/docs/{file-reference-system.md → implementation-guides/file-reference-system.md} +6 -0
package/docs/implementation-guides/file-upload-storage.md +6 -0
package/docs/implementation-guides/forms.md +6 -0
package/docs/implementation-guides/inactivity-tracking.md +6 -0
package/docs/implementation-guides/navigation.md +6 -0
package/docs/implementation-guides/organisation-security.md +6 -0
package/docs/implementation-guides/permission-enforcement.md +6 -0
package/docs/implementation-guides/public-pages-advanced.md +6 -0
package/docs/implementation-guides/public-pages.md +6 -0
package/docs/migration/MIGRATION_GUIDE.md +827 -351
package/docs/migration/README.md +7 -1
package/docs/migration/organisation-context-timing-fix.md +6 -0
package/docs/migration/rbac-migration.md +44 -1
package/docs/migration/service-architecture.md +6 -0
package/docs/migration/v0.4.15-tailwind-scanning.md +6 -0
package/docs/migration/v0.4.16-css-first-approach.md +6 -0
package/docs/migration/v0.4.17-source-path-fix.md +6 -0
package/docs/rbac/README-rbac-rls-integration.md +6 -0
package/docs/rbac/README.md +6 -0
package/docs/rbac/advanced-patterns.md +6 -0
package/docs/rbac/api-reference.md +7 -1
package/docs/rbac/breaking-changes-v3.md +222 -0
package/docs/rbac/examples/rbac-rls-integration-example.md +6 -0
package/docs/rbac/examples.md +6 -0
package/docs/rbac/getting-started.md +6 -0
package/docs/rbac/migration-guide.md +260 -0
package/docs/rbac/quick-start.md +6 -0
package/docs/rbac/rbac-rls-integration.md +6 -0
package/docs/rbac/super-admin-guide.md +6 -0
package/docs/rbac/troubleshooting.md +6 -0
package/docs/security/README.md +6 -0
package/docs/security/checklist.md +6 -0
package/docs/styles/README.md +7 -1
package/docs/{usage.md → styles/usage.md} +6 -0
package/docs/testing/README.md +6 -0
package/docs/{visual-testing.md → testing/visual-testing.md} +6 -0
package/docs/troubleshooting/README.md +387 -5
package/docs/troubleshooting/cake-page-permission-guard-issue-summary.md +6 -0
package/docs/troubleshooting/common-issues.md +6 -0
package/docs/troubleshooting/database-view-compatibility.md +6 -0
package/docs/troubleshooting/organisation-context-setup.md +6 -0
package/docs/troubleshooting/react-hooks-issue-analysis.md +6 -0
package/docs/troubleshooting/styling-issues.md +6 -0
package/docs/troubleshooting/tailwind-content-scanning.md +6 -0
package/package.json +1 -1
package/src/__tests__/TEST_GUIDE_CURSOR.md +290 -0
package/src/__tests__/helpers/__tests__/test-providers.test.tsx +2 -1
package/src/__tests__/helpers/supabaseMock.ts +48 -2
package/src/__tests__/helpers/test-providers.tsx +3 -53
package/src/components/DataTable/DataTable.test.tsx +319 -0
package/src/components/DataTable/DataTable.tsx +32 -11
package/src/components/DataTable/__tests__/{DataTable.comprehensive.test.tsx → DataTable.comprehensive.test.tsx.skip} +6 -4
package/src/components/DataTable/__tests__/DataTable.default-state.test.tsx +17 -6
package/src/components/DataTable/__tests__/{DataTable.test.tsx → DataTable.test.tsx.skip} +6 -4
package/src/components/DataTable/__tests__/DataTableCore.test.tsx +96 -10
package/src/components/DataTable/__tests__/a11y.basic.test.tsx +601 -0
package/src/components/DataTable/__tests__/keyboard.test.tsx +615 -0
package/src/components/DataTable/__tests__/pagination.modes.test.tsx +639 -0
package/src/components/DataTable/__tests__/ssr.strict-mode.test.tsx.skip +330 -0
package/src/components/DataTable/components/AccessDeniedPage.tsx +2 -2
package/src/components/DataTable/components/ActionButtons.tsx +88 -104
package/src/components/DataTable/components/DataTableCore.tsx +442 -665
package/src/components/DataTable/components/DataTableErrorBoundary.tsx +4 -2
package/src/components/DataTable/components/DataTableModals.tsx +22 -1
package/src/components/DataTable/components/EditableRow.tsx +69 -84
package/src/components/DataTable/components/EmptyState.tsx +5 -1
package/src/components/DataTable/components/ImportModal.tsx +65 -36
package/src/components/DataTable/components/PaginationControls.tsx +40 -100
package/src/components/DataTable/components/UnifiedTableBody.tsx +222 -278
package/src/components/DataTable/components/index.ts +1 -2
package/src/components/DataTable/context/DataTableContext.tsx +1 -1
package/src/components/DataTable/context/__tests__/DataTableContext.test.tsx +208 -275
package/src/components/DataTable/core/ColumnFactory.ts +5 -0
package/src/components/DataTable/core/index.ts +1 -8
package/src/components/DataTable/examples/HierarchicalActionsExample.tsx +12 -10
package/src/components/DataTable/examples/HierarchicalExample.tsx +1 -1
package/src/components/DataTable/examples/InitialPageSizeExample.tsx +1 -0
package/src/components/DataTable/examples/PerformanceExample.tsx +1 -0
package/src/components/DataTable/hooks/__tests__/useColumnOrderPersistence.test.ts +521 -0
package/src/components/DataTable/hooks/__tests__/useColumnReordering.test.ts +570 -0
package/src/components/DataTable/hooks/__tests__/useColumnVisibilityPersistence.test.ts +167 -0
package/src/components/DataTable/hooks/__tests__/useHierarchicalState.test.ts +214 -0
package/src/components/DataTable/hooks/__tests__/useTableColumns.test.ts +224 -0
package/src/components/DataTable/hooks/index.ts +13 -0
package/src/components/DataTable/hooks/useColumnOrderPersistence.ts +32 -15
package/src/components/DataTable/hooks/useColumnReordering.ts +1 -0
package/src/components/DataTable/hooks/useColumnVisibilityPersistence.ts +102 -0
package/src/components/DataTable/hooks/useDataTableConfiguration.ts +89 -0
package/src/components/DataTable/hooks/useDataTableDataPipeline.ts +117 -0
package/src/components/DataTable/hooks/useDataTablePermissions.ts +193 -0
package/src/components/DataTable/hooks/useDataTableState.ts +51 -17
package/src/components/DataTable/hooks/useEffectiveColumnOrder.ts +33 -0
package/src/components/DataTable/hooks/useHierarchicalState.ts +41 -9
package/src/components/DataTable/hooks/useKeyboardNavigation.ts +447 -0
package/src/components/DataTable/hooks/useServerSideDataEffect.ts +94 -0
package/src/components/DataTable/hooks/useTableColumns.ts +156 -0
package/src/components/DataTable/hooks/useTableHandlers.ts +174 -0
package/src/components/DataTable/index.ts +13 -12
package/src/components/DataTable/types.ts +129 -9
package/src/components/DataTable/utils/__tests__/COVERAGE_NOTE.md +89 -0
package/src/components/DataTable/utils/__tests__/exportUtils.test.ts +162 -28
package/src/components/DataTable/utils/__tests__/flexibleImport.test.ts +573 -0
package/src/components/DataTable/utils/__tests__/hierarchicalSorting.test.ts +247 -0
package/src/components/DataTable/utils/__tests__/hierarchicalUtils.test.ts +8 -6
package/src/components/DataTable/utils/__tests__/performanceUtils.test.ts +466 -0
package/src/components/DataTable/utils/__tests__/rowUtils.test.ts +251 -0
package/src/components/DataTable/utils/a11yUtils.ts +244 -0
package/src/components/DataTable/utils/debugTools.ts +47 -21
package/src/components/DataTable/utils/errorHandling.ts +52 -460
package/src/components/DataTable/utils/exportUtils.ts +157 -28
package/src/components/DataTable/utils/flexibleImport.ts +202 -32
package/src/components/DataTable/utils/hierarchicalSorting.ts +50 -3
package/src/components/DataTable/utils/hierarchicalUtils.ts +167 -34
package/src/components/DataTable/utils/index.ts +7 -0
package/src/components/DataTable/utils/paginationUtils.ts +350 -0
package/src/components/DataTable/utils/rowUtils.ts +69 -0
package/src/components/EventSelector/EventSelector.test.tsx +672 -0
package/src/components/Label/__tests__/Label.test.tsx +434 -0
package/src/components/NavigationMenu/NavigationMenu.test.tsx +19 -24
package/src/components/NavigationMenu/NavigationMenu.tsx +19 -8
package/src/components/PaceAppLayout/__tests__/PaceAppLayout.security.test.tsx +1 -23
package/src/components/PaceLoginPage/PaceLoginPage.test.tsx +56 -6
package/src/components/PaceLoginPage/PaceLoginPage.tsx +137 -13
package/src/components/PublicLayout/__tests__/PublicPageContextChecker.test.tsx +190 -0
package/src/components/PublicLayout/__tests__/PublicPageDebugger.test.tsx +185 -0
package/src/components/PublicLayout/__tests__/PublicPageHeader.test.tsx +1 -1
package/src/components/PublicLayout/__tests__/PublicPageProvider.test.tsx +313 -0
package/src/components/Select/Select.test.tsx +143 -120
package/src/components/Select/Select.tsx +48 -212
package/src/components/Select/hooks.ts +36 -1
package/src/components/Select/index.ts +2 -1
package/src/components/examples/PermissionExample.tsx +173 -0
package/src/examples/CorrectPublicPageImplementation.tsx +301 -0
package/src/examples/PublicEventPage.tsx +274 -0
package/src/examples/PublicPageApp.tsx +308 -0
package/src/examples/PublicPageUsageExample.tsx +216 -0
package/src/hooks/__tests__/useOrganisationPermissions.unit.test.tsx +12 -1
package/src/hooks/__tests__/useOrganisationSecurity.unit.test.tsx +129 -17
package/src/hooks/__tests__/useRBAC.unit.test.ts +151 -846
package/src/hooks/useOrganisationPermissions.test.ts +42 -18
package/src/hooks/useOrganisationPermissions.ts +12 -6
package/src/hooks/useOrganisationSecurity.test.ts +138 -85
package/src/hooks/useOrganisationSecurity.ts +41 -10
package/src/hooks/useSecureDataAccess.test.ts +32 -29
package/src/index.ts +0 -1
package/src/providers/AuthProvider.simplified.tsx +880 -0
package/src/providers/UnifiedAuthProvider.test.simple.tsx +8 -8
package/src/providers/__tests__/ProviderLifecycle.test.tsx +341 -0
package/src/providers/__tests__/UnifiedAuthProvider.test.tsx +29 -19
package/src/providers/index.ts +0 -1
package/src/providers/services/EventServiceProvider.tsx +19 -15
package/src/providers/services/InactivityServiceProvider.tsx +19 -15
package/src/providers/services/OrganisationServiceProvider.tsx +19 -15
package/src/providers/services/UnifiedAuthProvider.tsx +156 -127
package/src/providers/services/__tests__/AuthServiceProvider.integration.test.tsx +1 -1
package/src/providers/services/__tests__/UnifiedAuthProvider.integration.test.tsx +3 -3
package/src/rbac/README.md +1 -1
package/src/rbac/__tests__/adapters.comprehensive.test.tsx +25 -27
package/src/rbac/__tests__/auth-rbac-security.integration.test.tsx +313 -0
package/src/rbac/__tests__/engine.comprehensive.test.ts +114 -348
package/src/rbac/__tests__/rbac-engine-core-logic.test.ts +28 -110
package/src/rbac/__tests__/rbac-engine-simplified.test.ts +33 -85
package/src/rbac/__tests__/scenarios.user-role.test.tsx +2 -2
package/src/rbac/adapters.tsx +26 -69
package/src/rbac/api.test.ts +90 -27
package/src/rbac/api.ts +61 -10
package/src/rbac/audit.test.ts +33 -38
package/src/rbac/audit.ts +21 -6
package/src/rbac/cache.ts +33 -1
package/src/rbac/components/NavigationGuard.tsx +11 -11
package/src/rbac/components/NavigationProvider.test.tsx +11 -5
package/src/rbac/components/NavigationProvider.tsx +37 -13
package/src/rbac/components/PagePermissionGuard.tsx +111 -50
package/src/rbac/components/PagePermissionProvider.tsx +5 -5
package/src/rbac/components/PermissionEnforcer.tsx +11 -11
package/src/rbac/components/RoleBasedRouter.tsx +5 -5
package/src/rbac/components/SecureDataProvider.tsx +5 -5
package/src/rbac/components/__tests__/NavigationGuard.test.tsx +8 -8
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +14 -14
package/src/rbac/components/__tests__/PermissionEnforcer.test.tsx +12 -12
package/src/rbac/components/__tests__/RoleBasedRouter.test.tsx +6 -6
package/src/rbac/engine.test.simple.ts +19 -13
package/src/rbac/engine.test.ts +1 -0
package/src/rbac/engine.ts +330 -766
package/src/rbac/errors.ts +156 -0
package/src/rbac/hooks/__tests__/usePermissions.integration.test.ts +437 -0
package/src/rbac/hooks/index.ts +2 -0
package/src/rbac/hooks/usePermissions.ts +32 -10
package/src/rbac/hooks/useRBAC.test.ts +126 -512
package/src/rbac/hooks/useRBAC.ts +147 -193
package/src/rbac/hooks/useResolvedScope.ts +244 -0
package/src/rbac/index.ts +7 -4
package/src/rbac/security.ts +109 -18
package/src/rbac/types.ts +12 -1
package/src/services/AuthService.ts +2 -15
package/src/services/EventService.ts +26 -46
package/src/services/OrganisationService.ts +51 -31
package/src/services/__tests__/AuthService.test.ts +1 -1
package/src/services/__tests__/EventService.test.ts +1 -1
package/src/services/__tests__/InactivityService.lifecycle.test.ts +411 -0
package/src/services/__tests__/OrganisationService.pagination.test.ts +375 -0
package/src/services/__tests__/OrganisationService.test.ts +1 -1
package/src/styles/base.css +208 -0
package/src/styles/semantic.css +24 -0
package/src/types/__tests__/README.md +114 -0
package/src/types/__tests__/validation.test.ts +731 -0
package/src/types/database.generated.ts +7347 -0
package/src/types/database.ts +20 -0
package/src/utils/__tests__/file-reference.test.ts +383 -0
package/src/utils/__tests__/performanceBenchmark.test.ts +175 -0
package/src/utils/appNameResolver.test.ts +54 -0
package/src/utils/logger.ts +179 -0
package/src/utils/organisationContext.ts +11 -4
package/src/utils/storage/__tests__/helpers.unit.test.ts +6 -2
package/src/validation/__tests__/csrf.unit.test.ts +63 -0
package/src/validation/__tests__/passwordSchema.unit.test.ts +105 -0
package/dist/DataTable-HWZQGASI.js +0 -102
package/dist/appNameResolver-UURKN7NF.js +0 -22
package/dist/audit-6TOCAMKO.js.map +0 -1
package/dist/chunk-2CHATWBF.js +0 -523
package/dist/chunk-2CHATWBF.js.map +0 -1
package/dist/chunk-2DFZ432F.js.map +0 -1
package/dist/chunk-33PHABLB.js.map +0 -1
package/dist/chunk-B2WTCLCV.js.map +0 -1
package/dist/chunk-CY3AHGO4.js.map +0 -1
package/dist/chunk-DAXLNIDY.js.map +0 -1
package/dist/chunk-FGMFQSHX.js.map +0 -1
package/dist/chunk-TYHR5X4W.js +0 -33
package/dist/chunk-TYHR5X4W.js.map +0 -1
package/dist/chunk-ULBI5JGB.js +0 -109
package/dist/chunk-ULBI5JGB.js.map +0 -1
package/dist/chunk-WN6XJWOS.js.map +0 -1
package/dist/chunk-XLZ7U46Z.js.map +0 -1
package/dist/chunk-YNUBMSMV.js.map +0 -1
package/dist/chunk-ZTT2AXMX.js.map +0 -1
package/dist/eventContext-BBA42P6G.js +0 -14
package/dist/eventContext-BBA42P6G.js.map +0 -1
package/docs/DOCUMENTATION_CHECKLIST.md +0 -281
package/docs/api/interfaces/RBACContextType.md +0 -468
package/docs/api/interfaces/RBACProviderProps.md +0 -107
package/docs/breaking-changes.md +0 -179
package/docs/consuming-app-example.md +0 -290
package/docs/documentation-style-checklist.md +0 -294
package/docs/examples/navigation-menu-auth-fix.md +0 -344
package/docs/getting-started/examples/basic-auth-app.md +0 -520
package/docs/getting-started/examples/full-featured-app.md +0 -616
package/docs/getting-started/quick-start.md +0 -426
package/docs/implementation-guides/datatable-filtering.md +0 -313
package/docs/implementation-guides/datatable-rbac-usage.md +0 -317
package/docs/implementation-guides/hierarchical-datatable.md +0 -850
package/docs/implementation-guides/large-datasets.md +0 -281
package/docs/implementation-guides/performance.md +0 -403
package/docs/migration/quick-migration-guide.md +0 -320
package/docs/migration-guide.md +0 -193
package/docs/migration-guides/unified-auth-provider-mandatory-timeouts.md +0 -226
package/docs/performance/README.md +0 -551
package/docs/style-guide.md +0 -925
package/docs/troubleshooting/authentication-issues.md +0 -334
package/docs/troubleshooting/debugging.md +0 -1117
package/docs/troubleshooting/migration.md +0 -918
package/src/__tests__/hooks/usePermissions.test.ts +0 -261
package/src/components/DataTable/components/DataTableBody.tsx +0 -488
package/src/components/DataTable/components/DraggableColumnHeader.tsx +0 -144
package/src/components/DataTable/components/VirtualizedDataTable.tsx +0 -515
package/src/components/DataTable/core/ActionManager.ts +0 -235
package/src/components/DataTable/core/ColumnManager.ts +0 -215
package/src/components/DataTable/core/DataManager.ts +0 -188
package/src/components/DataTable/core/DataTableContext.tsx +0 -181
package/src/components/DataTable/core/LocalDataAdapter.ts +0 -264
package/src/components/DataTable/core/PluginRegistry.ts +0 -229
package/src/components/DataTable/core/StateManager.ts +0 -311
package/src/components/DataTable/core/__tests__/ActionManager.test.ts +0 -634
package/src/components/DataTable/core/__tests__/ColumnManager.test.ts +0 -193
package/src/components/DataTable/core/__tests__/DataManager.test.ts +0 -519
package/src/components/DataTable/core/__tests__/StateManager.test.ts +0 -714
package/src/components/DataTable/core/interfaces.ts +0 -338
package/src/components/PaceAppLayout/__tests__/PaceAppLayout.rbac.test.tsx +0 -574
package/src/components/Select/Select.bug-test.tsx +0 -69
package/src/components/Select/Select.refactored.tsx +0 -497
package/src/hooks/__tests__/ServiceHooks.test.tsx +0 -613
package/src/hooks/services/usePermissions.ts +0 -70
package/src/hooks/services/useRBACService.ts +0 -30
package/src/hooks/usePermissionCheck.ts +0 -150
package/src/providers/__tests__/ServiceProviders.test.tsx +0 -477
package/src/providers/services/RBACServiceProvider.tsx +0 -79
package/src/rbac/__tests__/integration.authflow.test.tsx +0 -119
package/src/rbac/__tests__/integration.navigation.test.tsx +0 -69
package/src/rbac/__tests__/integration.securedata.test.tsx +0 -92
package/src/rbac/__tests__/integration.smoke.test.tsx +0 -73
package/src/rbac/providers/RBACProvider.tsx +0 -645
package/src/rbac/providers/__tests__/RBACProvider.integration.test.tsx +0 -688
package/src/rbac/providers/__tests__/RBACProvider.test.tsx +0 -1186
package/src/rbac/providers/index.ts +0 -11
package/src/services/RBACService.ts +0 -522
package/src/services/__tests__/RBACService.test.ts +0 -492
package/src/services/interfaces/IRBACService.ts +0 -62
package/src/utils/appNameResolver.test 2.ts +0 -494
/package/dist/{DataTable-HWZQGASI.js.map → DataTable-QCNCV6IK.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-3NKDOSOK.js.map → UnifiedAuthProvider-Z2FWNW7O.js.map} +0 -0
/package/dist/{api-DDMUKIUD.js.map → api-KG4A2X7P.js.map} +0 -0
/package/dist/{appNameResolver-UURKN7NF.js.map → audit-65VNHEV2.js.map} +0 -0
/package/dist/{chunk-LW7MMEAQ.js.map → chunk-CRKP3HXI.js.map} +0 -0
/package/dist/{chunk-URUTVZ7N.js.map → chunk-DVHZ5L55.js.map} +0 -0
/package/dist/{chunk-NTNILOBC.js.map → chunk-TLD5BEU6.js.map} +0 -0
/package/docs/{app.css.example → styles/app.css.example} +0 -0

package/src/providers/AuthProvider.simplified.tsx ADDED Viewed

@@ -0,0 +1,880 @@
+/**
+ * @file Simplified Auth Provider
+ * @package @jmruthers/pace-core
+ * @module Providers
+ * @since 2.0.0
+ *
+ * BREAKING CHANGES FROM v1:
+ * - Single provider instead of nested contexts
+ * - No service classes (direct React state)
+ * - No observer pattern (React's built-in re-rendering)
+ * - No UnifiedAuthProvider nesting
+ *
+ * This provides:
+ * - Authentication (user, session)
+ * - Organisation management
+ * - Event management
+ * - Inactivity tracking
+ *
+ * All in one provider with React state management.
+ */
+import React, {
+  createContext,
+  useContext,
+  useState,
+  useEffect,
+  useCallback,
+  useMemo,
+  useRef
+} from 'react';
+import {
+  type SupabaseClient,
+  type User,
+  type Session,
+  type AuthError
+} from '@supabase/supabase-js';
+import type { UUID } from '../rbac/types';
+// ============================================================================
+// TYPES
+// ============================================================================
+export interface Organisation {
+  id: UUID;
+  name: string;
+  display_name?: string;
+  subscription_tier?: string;
+  settings?: Record<string, any>;
+  is_active: boolean;
+  created_at: string;
+  updated_at?: string;
+}
+export interface Event {
+  id: string;
+  event_id: string;
+  name: string;
+  organisation_id: UUID;
+  start_date?: string;
+  end_date?: string;
+  status?: string;
+  settings?: Record<string, any>;
+}
+export interface AuthContextType {
+  // ========== Auth State ==========
+  user: User | null;
+  session: Session | null;
+  isAuthenticated: boolean;
+  authLoading: boolean;
+  authError: AuthError | null;
+  supabase: SupabaseClient;
+  // ========== Auth Methods ==========
+  signIn: (email: string, password?: string) => Promise<{ error: AuthError | null }>;
+  signUp: (email: string, password: string) => Promise<{ error: AuthError | null }>;
+  signOut: () => Promise<{ error: AuthError | null }>;
+  resetPassword: (email: string) => Promise<{ error: AuthError | null }>;
+  updatePassword: (password: string) => Promise<{ error: AuthError | null }>;
+  refreshSession: () => Promise<{ error: AuthError | null }>;
+  // ========== Organisation State ==========
+  selectedOrganisation: Organisation | null;
+  organisations: Organisation[];
+  organisationLoading: boolean;
+  organisationError: Error | null;
+  hasValidOrganisationContext: boolean;
+  isContextReady: boolean;
+  // ========== Organisation Methods ==========
+  switchOrganisation: (orgId: UUID) => Promise<void>;
+  refreshOrganisations: () => Promise<void>;
+  getUserRole: (orgId?: UUID) => string | null;
+  getPrimaryOrganisation: () => Organisation | null;
+  // ========== Event State ==========
+  events: Event[];
+  selectedEvent: Event | null;
+  eventLoading: boolean;
+  eventError: Error | null;
+  // ========== Event Methods ==========
+  setSelectedEvent: (event: Event | null) => void;
+  refreshEvents: () => Promise<void>;
+  // ========== Inactivity State ==========
+  showInactivityWarning: boolean;
+  inactivityTimeRemaining: number;
+  isIdle: boolean;
+  isTracking: boolean;
+  // ========== Inactivity Methods ==========
+  resetActivity: () => void;
+  startTracking: () => void;
+  stopTracking: () => void;
+  // ========== Session Management ==========
+  sessionId: string | null;
+  deviceFingerprint: string | null;
+  hasConcurrentSessions: boolean;
+}
+export interface AuthProviderProps {
+  children: React.ReactNode;
+  supabaseClient: SupabaseClient;
+  appName: string;
+  persistState?: boolean;
+  requireOrganisationContext?: boolean;
+  // Inactivity configuration (MANDATORY for security)
+  idleTimeoutMs: number;
+  warnBeforeMs: number;
+  onIdleLogout: (reason: 'inactivity') => void;
+  renderInactivityWarning?: (args: {
+    timeRemaining: number;
+    onStaySignedIn: () => void;
+    onSignOutNow: () => void;
+  }) => React.ReactNode;
+}
+// ============================================================================
+// CONTEXT
+// ============================================================================
+const AuthContext = createContext<AuthContextType | null>(null);
+// ============================================================================
+// PROVIDER
+// ============================================================================
+export function AuthProvider({
+  children,
+  supabaseClient,
+  appName,
+  persistState = true,
+  requireOrganisationContext = true,
+  idleTimeoutMs = 30 * 60 * 1000, // 30 minutes - MANDATORY for security
+  warnBeforeMs = 60 * 1000, // 1 minute
+  onIdleLogout, // MANDATORY - must be provided
+  renderInactivityWarning,
+}: AuthProviderProps) {
+  // MANDATORY: Inactivity timeout cannot be disabled
+  if (!idleTimeoutMs || idleTimeoutMs < 60000) {
+    throw new Error(
+      'AuthProvider: idleTimeoutMs is MANDATORY and must be at least 60 seconds (60000ms) for security. ' +
+      'The dangerouslyDisableInactivity flag has been removed.'
+    );
+  }
+  if (!onIdleLogout) {
+    throw new Error(
+      'AuthProvider: onIdleLogout callback is MANDATORY and must be provided for security.'
+    );
+  }
+  // ==========================================================================
+  // AUTH STATE (replaces AuthService)
+  // ==========================================================================
+  const [user, setUser] = useState<User | null>(null);
+  const [session, setSession] = useState<Session | null>(null);
+  const [authLoading, setAuthLoading] = useState(true);
+  const [authError, setAuthError] = useState<AuthError | null>(null);
+  // ==========================================================================
+  // ORGANISATION STATE (replaces OrganisationService)
+  // ==========================================================================
+  const [selectedOrganisation, setSelectedOrganisation] = useState<Organisation | null>(null);
+  const [organisations, setOrganisations] = useState<Organisation[]>([]);
+  const [organisationLoading, setOrganisationLoading] = useState(false);
+  const [organisationError, setOrganisationError] = useState<Error | null>(null);
+  // ==========================================================================
+  // EVENT STATE (replaces EventService)
+  // ==========================================================================
+  const [events, setEvents] = useState<Event[]>([]);
+  const [selectedEvent, setSelectedEvent] = useState<Event | null>(null);
+  const [eventLoading, setEventLoading] = useState(false);
+  const [eventError, setEventError] = useState<Error | null>(null);
+  // ==========================================================================
+  // INACTIVITY STATE (replaces InactivityService)
+  // ==========================================================================
+  const [showInactivityWarning, setShowInactivityWarning] = useState(false);
+  const [inactivityTimeRemaining, setInactivityTimeRemaining] = useState(idleTimeoutMs);
+  const [isIdle, setIsIdle] = useState(false);
+  const [isTracking, setIsTracking] = useState(false);
+  const lastActivityRef = useRef<number>(Date.now());
+  const idleTimerRef = useRef<NodeJS.Timeout | null>(null);
+  const warningTimerRef = useRef<NodeJS.Timeout | null>(null);
+  const deviceFingerprintRef = useRef<string | null>(null);
+  const sessionIdRef = useRef<string | null>(null);
+  // ==========================================================================
+  // AUTH EFFECTS (replaces AuthService initialization)
+  // ==========================================================================
+  useEffect(() => {
+    // Setup auth state listener
+    const { data: { subscription } } = supabaseClient.auth.onAuthStateChange(
+      (event, newSession) => {
+        console.log('[AuthProvider] Auth state change:', event);
+        if (event === 'SIGNED_OUT') {
+          setSession(null);
+          setUser(null);
+          setAuthError(null);
+        } else if (event === 'SIGNED_IN' || event === 'TOKEN_REFRESHED') {
+          setSession(newSession);
+          setUser(newSession?.user ?? null);
+          if (newSession) {
+            setAuthError(null);
+          }
+        } else if (event === 'INITIAL_SESSION') {
+          if (newSession) {
+            setSession(newSession);
+            setUser(newSession.user ?? null);
+            setAuthError(null);
+          }
+        }
+        setAuthLoading(false);
+      }
+    );
+    // Initial session check
+    supabaseClient.auth.getSession().then(({ data: { session: initialSession } }) => {
+      setSession(initialSession);
+      setUser(initialSession?.user ?? null);
+      setAuthLoading(false);
+    });
+    return () => {
+      subscription.unsubscribe();
+    };
+  }, [supabaseClient]);
+  // ==========================================================================
+  // ORGANISATION EFFECTS (replaces OrganisationService initialization)
+  // ==========================================================================
+  useEffect(() => {
+    if (!user) {
+      setOrganisations([]);
+      setSelectedOrganisation(null);
+      return;
+    }
+    // Load user's organisations
+    const loadOrganisations = async () => {
+      setOrganisationLoading(true);
+      setOrganisationError(null);
+      try {
+        // Use RPC to get organisations with roles
+        const { data, error } = await supabaseClient
+          .rpc('rbac_user_organisation_roles_get', {
+            p_user_id: user.id
+          }) as { data: Array<{ organisation_id: UUID }> | null; error: any };
+        if (error) throw error;
+        if (data && data.length > 0) {
+          // Fetch full organisation details
+          const orgIds = data.map(r => r.organisation_id);
+          const { data: orgs, error: orgsError } = await supabaseClient
+            .from('organisations')
+            .select('*')
+            .in('id', orgIds)
+            .eq('is_active', true) as { data: Organisation[] | null; error: any };
+          if (orgsError) throw orgsError;
+          setOrganisations(orgs || []);
+          // Auto-select first organisation if none selected
+          if (!selectedOrganisation && orgs && orgs.length > 0) {
+            const savedOrgId = persistState ? localStorage.getItem(`pace_${appName}_org`) : null;
+            const orgToSelect = savedOrgId
+              ? orgs.find(o => o.id === savedOrgId) || orgs[0]
+              : orgs[0];
+            setSelectedOrganisation(orgToSelect);
+          }
+        }
+      } catch (error) {
+        console.error('[AuthProvider] Failed to load organisations:', error);
+        setOrganisationError(error as Error);
+      } finally {
+        setOrganisationLoading(false);
+      }
+    };
+    loadOrganisations();
+  }, [user, supabaseClient, appName, persistState, selectedOrganisation]);
+  // ==========================================================================
+  // EVENT EFFECTS (replaces EventService initialization)
+  // ==========================================================================
+  useEffect(() => {
+    if (!user || !selectedOrganisation) {
+      setEvents([]);
+      setSelectedEvent(null);
+      return;
+    }
+    // Load user's events for the selected organisation
+    const loadEvents = async () => {
+      setEventLoading(true);
+      setEventError(null);
+      try {
+        // Use RPC to get user's events
+        const { data, error } = await supabaseClient
+          .rpc('data_user_events_get', {
+            p_user_id: user.id,
+            p_app_name: appName
+          }) as { data: Event[] | null; error: any };
+        if (error) throw error;
+        // Filter events for current organisation
+        const orgEvents = (data || []).filter(e => e.organisation_id === selectedOrganisation.id);
+        setEvents(orgEvents);
+        // Auto-select first event if none selected
+        if (!selectedEvent && orgEvents.length > 0) {
+          const savedEventId = persistState ? localStorage.getItem(`pace_${appName}_event`) : null;
+          const eventToSelect = savedEventId
+            ? orgEvents.find(e => e.event_id === savedEventId) || orgEvents[0]
+            : orgEvents[0];
+          setSelectedEvent(eventToSelect);
+        }
+      } catch (error) {
+        console.error('[AuthProvider] Failed to load events:', error);
+        setEventError(error as Error);
+      } finally {
+        setEventLoading(false);
+      }
+    };
+    loadEvents();
+  }, [user, selectedOrganisation, supabaseClient, appName, persistState, selectedEvent]);
+  // ==========================================================================
+  // INACTIVITY EFFECTS (replaces InactivityService)
+  // ==========================================================================
+  const resetActivity = useCallback(() => {
+    lastActivityRef.current = Date.now();
+    setInactivityTimeRemaining(idleTimeoutMs);
+    setShowInactivityWarning(false);
+    setIsIdle(false);
+  }, [idleTimeoutMs]);
+  const startTracking = useCallback(() => {
+    if (isTracking) return;
+    setIsTracking(true);
+    resetActivity();
+    // Activity event listeners
+    const activityEvents = ['mousedown', 'keydown', 'scroll', 'touchstart'];
+    const handleActivity = () => resetActivity();
+    activityEvents.forEach(event => {
+      window.addEventListener(event, handleActivity, { passive: true });
+    });
+    // Idle check interval
+    idleTimerRef.current = setInterval(() => {
+      const timeSinceActivity = Date.now() - lastActivityRef.current;
+      const remaining = idleTimeoutMs - timeSinceActivity;
+      setInactivityTimeRemaining(Math.max(0, remaining));
+      // Show warning
+      if (remaining <= warnBeforeMs && remaining > 0 && !showInactivityWarning) {
+        setShowInactivityWarning(true);
+      }
+      // Auto logout
+      if (remaining <= 0) {
+        setIsIdle(true);
+        onIdleLogout('inactivity');
+      }
+    }, 1000);
+    // Cleanup
+    return () => {
+      activityEvents.forEach(event => {
+        window.removeEventListener(event, handleActivity);
+      });
+      if (idleTimerRef.current) {
+        clearInterval(idleTimerRef.current);
+      }
+      if (warningTimerRef.current) {
+        clearTimeout(warningTimerRef.current);
+      }
+    };
+  }, [isTracking, idleTimeoutMs, warnBeforeMs, showInactivityWarning, onIdleLogout, resetActivity]);
+  const stopTracking = useCallback(() => {
+    setIsTracking(false);
+    if (idleTimerRef.current) {
+      clearInterval(idleTimerRef.current);
+      idleTimerRef.current = null;
+    }
+    if (warningTimerRef.current) {
+      clearTimeout(warningTimerRef.current);
+      warningTimerRef.current = null;
+    }
+  }, []);
+  // Generate and track device fingerprint
+  useEffect(() => {
+    if (user) {
+      // Generate device fingerprint (simple version - in production, use more sophisticated approach)
+      if (!deviceFingerprintRef.current) {
+        const fingerprint = btoa(JSON.stringify({
+          userAgent: navigator.userAgent,
+          language: navigator.language,
+          timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
+          screen: `${window.screen.width}x${window.screen.height}`,
+          timestamp: Date.now()
+        })).substring(0, 64);
+        deviceFingerprintRef.current = fingerprint;
+      }
+      // Track session with device fingerprint
+      const trackSession = async () => {
+        if (!deviceFingerprintRef.current || !user) return;
+        try {
+          const { data, error } = await supabaseClient.rpc('rbac_session_track', {
+            p_user_id: user.id,
+            p_session_type: 'login',
+            p_app_id: null, // Will be resolved by the RPC function
+            p_ip_address: null, // Will be handled by backend
+            p_user_agent: navigator.userAgent,
+            p_device_fingerprint: deviceFingerprintRef.current
+          });
+          if (!error && data) {
+            sessionIdRef.current = data;
+            // Check for concurrent sessions
+            const { data: concurrentData } = await supabaseClient.rpc('rbac_detect_concurrent_sessions', {
+              p_user_id: user.id,
+              p_device_fingerprint: deviceFingerprintRef.current,
+              p_timeout_seconds: 300
+            });
+            if (concurrentData && concurrentData.has_concurrent) {
+              console.warn(
+                '[AuthProvider] Concurrent session detected:',
+                concurrentData.concurrent_sessions_count,
+                'other session(s) active'
+              );
+            }
+          }
+        } catch (err) {
+          console.error('[AuthProvider] Session tracking failed:', err);
+        }
+      };
+      trackSession();
+    }
+  }, [user, supabaseClient]);
+  // Auto-start tracking when user is authenticated
+  useEffect(() => {
+    if (user && !authLoading) {
+      startTracking();
+    } else {
+      stopTracking();
+    }
+    return () => {
+      stopTracking();
+    };
+  }, [user, authLoading, startTracking, stopTracking]);
+  // ==========================================================================
+  // AUTH METHODS
+  // ==========================================================================
+  const signIn = useCallback(async (email: string, password?: string) => {
+    setAuthLoading(true);
+    setAuthError(null);
+    try {
+      let result;
+      if (password) {
+        // Email + password sign in
+        result = await supabaseClient.auth.signInWithPassword({ email, password });
+      } else {
+        // Magic link sign in
+        result = await supabaseClient.auth.signInWithOtp({ email });
+      }
+      if (result.error) {
+        setAuthError(result.error);
+        return { error: result.error };
+      }
+      return { error: null };
+    } catch (error) {
+      const authError = error as AuthError;
+      setAuthError(authError);
+      return { error: authError };
+    } finally {
+      setAuthLoading(false);
+    }
+  }, [supabaseClient]);
+  const signUp = useCallback(async (email: string, password: string) => {
+    setAuthLoading(true);
+    setAuthError(null);
+    try {
+      const { error } = await supabaseClient.auth.signUp({ email, password });
+      if (error) {
+        setAuthError(error);
+        return { error };
+      }
+      return { error: null };
+    } catch (error) {
+      const authError = error as AuthError;
+      setAuthError(authError);
+      return { error: authError };
+    } finally {
+      setAuthLoading(false);
+    }
+  }, [supabaseClient]);
+  const signOut = useCallback(async () => {
+    setAuthLoading(true);
+    setAuthError(null);
+    try {
+      const { error } = await supabaseClient.auth.signOut();
+      if (error) {
+        setAuthError(error);
+        return { error };
+      }
+      // Clear local state
+      setUser(null);
+      setSession(null);
+      setSelectedOrganisation(null);
+      setOrganisations([]);
+      setSelectedEvent(null);
+      setEvents([]);
+      // Clear persisted state
+      if (persistState) {
+        localStorage.removeItem(`pace_${appName}_org`);
+        localStorage.removeItem(`pace_${appName}_event`);
+      }
+      return { error: null };
+    } catch (error) {
+      const authError = error as AuthError;
+      setAuthError(authError);
+      return { error: authError };
+    } finally {
+      setAuthLoading(false);
+    }
+  }, [supabaseClient, appName, persistState]);
+  const resetPassword = useCallback(async (email: string) => {
+    setAuthError(null);
+    try {
+      const { error } = await supabaseClient.auth.resetPasswordForEmail(email);
+      if (error) {
+        setAuthError(error);
+        return { error };
+      }
+      return { error: null };
+    } catch (error) {
+      const authError = error as AuthError;
+      setAuthError(authError);
+      return { error: authError };
+    }
+  }, [supabaseClient]);
+  const updatePassword = useCallback(async (password: string) => {
+    setAuthError(null);
+    try {
+      const { error } = await supabaseClient.auth.updateUser({ password });
+      if (error) {
+        setAuthError(error);
+        return { error };
+      }
+      return { error: null };
+    } catch (error) {
+      const authError = error as AuthError;
+      setAuthError(authError);
+      return { error: authError };
+    }
+  }, [supabaseClient]);
+  const refreshSession = useCallback(async () => {
+    setAuthError(null);
+    try {
+      const { data, error } = await supabaseClient.auth.refreshSession();
+      if (error) {
+        setAuthError(error);
+        return { error };
+      }
+      if (data.session) {
+        setSession(data.session);
+        setUser(data.session.user);
+      }
+      return { error: null };
+    } catch (error) {
+      const authError = error as AuthError;
+      setAuthError(authError);
+      return { error: authError };
+    }
+  }, [supabaseClient]);
+  // ==========================================================================
+  // ORGANISATION METHODS
+  // ==========================================================================
+  const switchOrganisation = useCallback(async (orgId: UUID) => {
+    const org = organisations.find(o => o.id === orgId);
+    if (!org) {
+      throw new Error(`Organisation ${orgId} not found`);
+    }
+    setSelectedOrganisation(org);
+    if (persistState) {
+      localStorage.setItem(`pace_${appName}_org`, orgId);
+    }
+    // Clear event selection when switching orgs
+    setSelectedEvent(null);
+    if (persistState) {
+      localStorage.removeItem(`pace_${appName}_event`);
+    }
+  }, [organisations, appName, persistState]);
+  const refreshOrganisations = useCallback(async () => {
+    if (!user) return;
+    setOrganisationLoading(true);
+    setOrganisationError(null);
+    try {
+      const { data, error } = await supabaseClient
+        .rpc('rbac_user_organisation_roles_get', {
+          p_user_id: user.id
+        }) as { data: Array<{ organisation_id: UUID }> | null; error: any };
+      if (error) throw error;
+      if (data && data.length > 0) {
+        const orgIds = data.map(r => r.organisation_id);
+        const { data: orgs, error: orgsError } = await supabaseClient
+          .from('organisations')
+          .select('*')
+          .in('id', orgIds)
+          .eq('is_active', true) as { data: Organisation[] | null; error: any };
+        if (orgsError) throw orgsError;
+        setOrganisations(orgs || []);
+      }
+    } catch (error) {
+      console.error('[AuthProvider] Failed to refresh organisations:', error);
+      setOrganisationError(error as Error);
+    } finally {
+      setOrganisationLoading(false);
+    }
+  }, [user, supabaseClient]);
+  const getUserRole = useCallback((orgId?: UUID): string | null => {
+    // This would require fetching role data - placeholder for now
+    // In real implementation, we'd cache role data when loading organisations
+    return 'member';
+  }, []);
+  const getPrimaryOrganisation = useCallback((): Organisation | null => {
+    return organisations[0] || null;
+  }, [organisations]);
+  // ==========================================================================
+  // EVENT METHODS
+  // ==========================================================================
+  const handleSetSelectedEvent = useCallback((event: Event | null) => {
+    setSelectedEvent(event);
+    if (persistState) {
+      if (event) {
+        localStorage.setItem(`pace_${appName}_event`, event.event_id);
+      } else {
+        localStorage.removeItem(`pace_${appName}_event`);
+      }
+    }
+  }, [appName, persistState]);
+  const refreshEvents = useCallback(async () => {
+    if (!user || !selectedOrganisation) return;
+    setEventLoading(true);
+    setEventError(null);
+    try {
+      const { data, error } = await supabaseClient
+        .rpc('data_user_events_get', {
+          p_user_id: user.id,
+          p_app_name: appName
+        }) as { data: Event[] | null; error: any };
+      if (error) throw error;
+      const orgEvents = (data || []).filter(e => e.organisation_id === selectedOrganisation.id);
+      setEvents(orgEvents);
+      // Auto-select first event if none selected
+      if (!selectedEvent && orgEvents.length > 0) {
+        const savedEventId = persistState ? localStorage.getItem(`pace_${appName}_event`) : null;
+        const eventToSelect = savedEventId
+          ? orgEvents.find(e => e.event_id === savedEventId) || orgEvents[0]
+          : orgEvents[0];
+        setSelectedEvent(eventToSelect);
+      }
+    } catch (error) {
+      console.error('[AuthProvider] Failed to refresh events:', error);
+      setEventError(error as Error);
+    } finally {
+      setEventLoading(false);
+    }
+  }, [user, selectedOrganisation, supabaseClient, appName, selectedEvent, persistState]);
+  // ==========================================================================
+  // COMPUTED VALUES
+  // ==========================================================================
+  const isAuthenticated = !!(user && session);
+  const hasValidOrganisationContext = !!(selectedOrganisation && !organisationLoading);
+  const isContextReady = isAuthenticated && (!requireOrganisationContext || hasValidOrganisationContext);
+  // ==========================================================================
+  // CONTEXT VALUE
+  // ==========================================================================
+  const contextValue = useMemo<AuthContextType>(() => ({
+    // Auth
+    user,
+    session,
+    isAuthenticated,
+    authLoading,
+    authError,
+    supabase: supabaseClient,
+    signIn,
+    signUp,
+    signOut,
+    resetPassword,
+    updatePassword,
+    refreshSession,
+    // Organisation
+    selectedOrganisation,
+    organisations,
+    organisationLoading,
+    organisationError,
+    hasValidOrganisationContext,
+    isContextReady: hasValidOrganisationContext,
+    switchOrganisation,
+    refreshOrganisations,
+    getUserRole,
+    getPrimaryOrganisation,
+    // Event
+    events,
+    selectedEvent,
+    eventLoading,
+    eventError,
+    setSelectedEvent: handleSetSelectedEvent,
+    refreshEvents,
+    // Inactivity
+    showInactivityWarning,
+    inactivityTimeRemaining,
+    isIdle,
+    isTracking,
+    resetActivity,
+    startTracking,
+    stopTracking,
+    // Session Management
+    sessionId: sessionIdRef.current,
+    deviceFingerprint: deviceFingerprintRef.current,
+    hasConcurrentSessions: false, // TODO: implement state tracking
+  }), [
+    user, session, isAuthenticated, authLoading, authError,
+    selectedOrganisation, organisations, organisationLoading, organisationError,
+    hasValidOrganisationContext, isContextReady,
+    events, selectedEvent, eventLoading, eventError,
+    showInactivityWarning, inactivityTimeRemaining, isIdle, isTracking,
+    signIn, signUp, signOut, resetPassword, updatePassword, refreshSession,
+    switchOrganisation, refreshOrganisations, getUserRole, getPrimaryOrganisation,
+    handleSetSelectedEvent, refreshEvents,
+    resetActivity, startTracking, stopTracking,
+    supabaseClient
+  ]);
+  // ==========================================================================
+  // RENDER
+  // ==========================================================================
+  return (
+    <AuthContext.Provider value={contextValue}>
+      {children}
+      {showInactivityWarning && renderInactivityWarning && renderInactivityWarning({
+        timeRemaining: inactivityTimeRemaining,
+        onStaySignedIn: resetActivity,
+        onSignOutNow: signOut,
+      })}
+    </AuthContext.Provider>
+  );
+}
+// ============================================================================
+// HOOK
+// ============================================================================
+export function useAuth(): AuthContextType {
+  const context = useContext(AuthContext);
+  if (!context) {
+    throw new Error('useAuth must be used within AuthProvider');
+  }
+  return context;
+}