npm - @jmruthers/pace-core - Versions diffs - 0.5.76 → 0.5.78 - Mend

@jmruthers/pace-core 0.5.76 → 0.5.78

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (447) hide show

package/CHANGELOG.md +8 -0
package/dist/{RBACService-C4udt_Zp.d.ts → AuthService-Df3IozMG.d.ts} +10 -118
package/dist/{DataTable-ntgmhO2W.d.ts → DataTable-BE0OXZKQ.d.ts} +9 -2
package/dist/{DataTable-4GAVPIEG.js → DataTable-ETGVF4Y5.js} +50 -13
package/dist/{PublicLoadingSpinner-BiNER8F5.d.ts → PublicLoadingSpinner-CnUaz0vG.d.ts} +5 -2
package/dist/{UnifiedAuthProvider-Bj6YCf7c.d.ts → UnifiedAuthProvider-B391Aqum.d.ts} +42 -45
package/dist/{UnifiedAuthProvider-3NKDOSOK.js → UnifiedAuthProvider-P5SOJAQ6.js} +4 -5
package/dist/{api-DDMUKIUD.js → api-KG4A2X7P.js} +9 -3
package/dist/{audit-6TOCAMKO.js → audit-65VNHEV2.js} +2 -2
package/dist/{chunk-K34IM5CT.js → chunk-2OGV6IRV.js} +196 -626
package/dist/chunk-2OGV6IRV.js.map +1 -0
package/dist/{chunk-NTNILOBC.js → chunk-5BO3MI5Y.js} +4 -4
package/dist/{chunk-XLZ7U46Z.js → chunk-CVMVPYAL.js} +9 -60
package/dist/chunk-CVMVPYAL.js.map +1 -0
package/dist/{chunk-URUTVZ7N.js → chunk-FL4ZCQLD.js} +2 -2
package/dist/{chunk-LW7MMEAQ.js → chunk-FT2M4R4F.js} +2 -2
package/dist/{chunk-5BSLGBYI.js → chunk-JCQZ6LA7.js} +2 -8
package/dist/{chunk-5BSLGBYI.js.map → chunk-JCQZ6LA7.js.map} +1 -1
package/dist/{chunk-KHJS6VIA.js → chunk-LRQ6RBJC.js} +157 -112
package/dist/chunk-LRQ6RBJC.js.map +1 -0
package/dist/{chunk-WN6XJWOS.js → chunk-MNJXXD6C.js} +274 -743
package/dist/chunk-MNJXXD6C.js.map +1 -0
package/dist/{chunk-KK73ZB4E.js → chunk-PTR5PMPE.js} +153 -132
package/dist/chunk-PTR5PMPE.js.map +1 -0
package/dist/{chunk-B2WTCLCV.js → chunk-Q7APDV6H.js} +18 -8
package/dist/chunk-Q7APDV6H.js.map +1 -0
package/dist/{chunk-A4FUBC7B.js → chunk-QGVSOUJ2.js} +2 -4
package/dist/{chunk-A4FUBC7B.js.map → chunk-QGVSOUJ2.js.map} +1 -1
package/dist/{chunk-FGMFQSHX.js → chunk-S63MFSY6.js} +500 -551
package/dist/chunk-S63MFSY6.js.map +1 -0
package/dist/{chunk-AFGTSUAD.js → chunk-VSOKOFRF.js} +4 -4
package/dist/chunk-WUXCWRL6.js +20 -0
package/dist/chunk-WUXCWRL6.js.map +1 -0
package/dist/{chunk-Y6TXWPJO.js → chunk-YVVGHRGI.js} +105 -31
package/dist/chunk-YVVGHRGI.js.map +1 -0
package/dist/{chunk-M5IWZRBT.js → chunk-ZMNXIJP4.js} +2187 -981
package/dist/chunk-ZMNXIJP4.js.map +1 -0
package/dist/components.d.ts +6 -6
package/dist/components.js +14 -18
package/dist/components.js.map +1 -1
package/dist/{database-C3Szpi5J.d.ts → database-BXAfr2Y_.d.ts} +18 -0
package/dist/hooks.d.ts +5 -5
package/dist/hooks.js +8 -9
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +19 -27
package/dist/index.js +21 -29
package/dist/index.js.map +1 -1
package/dist/{organisation-BtshODVF.d.ts → organisation-D6qRDtbF.d.ts} +1 -1
package/dist/providers.d.ts +7 -21
package/dist/providers.js +3 -10
package/dist/rbac/index.d.ts +71 -221
package/dist/rbac/index.js +15 -16
package/dist/{types-CGX9Vyf5.d.ts → types-BDg1mAGG.d.ts} +36 -6
package/dist/types.d.ts +3 -3
package/dist/types.js +61 -18
package/dist/types.js.map +1 -1
package/dist/{unified-CM7T0aTK.d.ts → unified-DQ4VcT7H.d.ts} +1 -1
package/dist/{usePublicRouteParams-B-CumWRc.d.ts → usePublicRouteParams-BlgwXweB.d.ts} +3 -3
package/dist/utils.d.ts +2 -2
package/dist/utils.js +52 -9
package/dist/utils.js.map +1 -1
package/docs/CONTENT_AUDIT_REPORT.md +253 -0
package/docs/DOCUMENTATION_AUDIT.md +172 -0
package/docs/README.md +142 -147
package/docs/STYLE_GUIDE.md +37 -0
package/docs/api/classes/ColumnFactory.md +17 -17
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +4 -4
package/docs/api/classes/MissingUserContextError.md +4 -4
package/docs/api/classes/OrganisationContextRequiredError.md +4 -4
package/docs/api/classes/PermissionDeniedError.md +5 -5
package/docs/api/classes/PublicErrorBoundary.md +1 -1
package/docs/api/classes/RBACAuditManager.md +8 -8
package/docs/api/classes/RBACCache.md +35 -5
package/docs/api/classes/RBACEngine.md +49 -20
package/docs/api/classes/RBACError.md +4 -4
package/docs/api/classes/RBACNotInitializedError.md +4 -4
package/docs/api/classes/SecureSupabaseClient.md +1 -1
package/docs/api/classes/StorageUtils.md +1 -1
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +4 -4
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +1 -1
package/docs/api/interfaces/DataRecord.md +11 -0
package/docs/api/interfaces/DataTableAction.md +65 -29
package/docs/api/interfaces/DataTableColumn.md +36 -23
package/docs/api/interfaces/DataTableProps.md +80 -38
package/docs/api/interfaces/DataTableToolbarButton.md +7 -7
package/docs/api/interfaces/EmptyStateConfig.md +5 -5
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventLogoProps.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +1 -1
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +1 -1
package/docs/api/interfaces/FileUploadProps.md +1 -1
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +11 -11
package/docs/api/interfaces/NavigationContextType.md +9 -9
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +7 -7
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +16 -3
package/docs/api/interfaces/PageAccessRecord.md +1 -1
package/docs/api/interfaces/PagePermissionContextType.md +1 -1
package/docs/api/interfaces/PagePermissionGuardProps.md +2 -2
package/docs/api/interfaces/PagePermissionProviderProps.md +1 -1
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +4 -4
package/docs/api/interfaces/PublicErrorBoundaryProps.md +1 -1
package/docs/api/interfaces/PublicErrorBoundaryState.md +1 -1
package/docs/api/interfaces/PublicLoadingSpinnerProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/RBACConfig.md +1 -1
package/docs/api/interfaces/RBACLogger.md +1 -1
package/docs/api/interfaces/RoleBasedRouterContextType.md +1 -1
package/docs/api/interfaces/RoleBasedRouterProps.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +2 -2
package/docs/api/interfaces/RouteConfig.md +2 -2
package/docs/api/interfaces/SecureDataContextType.md +1 -1
package/docs/api/interfaces/SecureDataProviderProps.md +1 -1
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +94 -521
package/docs/api/interfaces/UnifiedAuthProviderProps.md +16 -16
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +1 -1
package/docs/api/interfaces/UseResolvedScopeReturn.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +11 -11
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +251 -269
package/docs/api-reference/components.md +193 -0
package/docs/api-reference/hooks.md +265 -0
package/docs/api-reference/providers.md +6 -0
package/docs/api-reference/types.md +6 -0
package/docs/api-reference/utilities.md +207 -0
package/docs/architecture/README.md +6 -0
package/docs/{database-schema-requirements.md → architecture/database-schema-requirements.md} +6 -0
package/docs/architecture/rbac-security-architecture.md +258 -0
package/docs/architecture/services.md +9 -1
package/docs/best-practices/README.md +6 -0
package/docs/best-practices/accessibility.md +6 -0
package/docs/{common-patterns.md → best-practices/common-patterns.md} +6 -0
package/docs/best-practices/deployment.md +6 -0
package/docs/best-practices/performance.md +475 -2
package/docs/best-practices/security.md +6 -0
package/docs/best-practices/testing.md +6 -0
package/docs/core-concepts/authentication.md +6 -0
package/docs/core-concepts/events.md +6 -0
package/docs/core-concepts/organisations.md +6 -0
package/docs/core-concepts/permissions.md +6 -0
package/docs/core-concepts/rbac-system.md +8 -0
package/docs/documentation-index.md +121 -182
package/docs/{consuming-app-vite-config.md → getting-started/consuming-app-vite-config.md} +6 -0
package/docs/getting-started/documentation-index.md +40 -0
package/docs/getting-started/examples/README.md +878 -35
package/docs/{faq.md → getting-started/faq.md} +7 -1
package/docs/getting-started/installation-guide.md +6 -0
package/docs/{quick-reference.md → getting-started/quick-reference.md} +6 -0
package/docs/implementation-guides/app-layout.md +6 -0
package/docs/implementation-guides/authentication.md +1021 -0
package/docs/implementation-guides/component-styling.md +6 -0
package/docs/implementation-guides/data-tables.md +1264 -2076
package/docs/implementation-guides/dynamic-colors.md +6 -0
package/docs/implementation-guides/event-theming-summary.md +6 -0
package/docs/{file-reference-system.md → implementation-guides/file-reference-system.md} +6 -0
package/docs/implementation-guides/file-upload-storage.md +6 -0
package/docs/implementation-guides/forms.md +6 -0
package/docs/implementation-guides/inactivity-tracking.md +6 -0
package/docs/implementation-guides/navigation.md +6 -0
package/docs/implementation-guides/organisation-security.md +6 -0
package/docs/implementation-guides/permission-enforcement.md +6 -0
package/docs/implementation-guides/public-pages-advanced.md +6 -0
package/docs/implementation-guides/public-pages.md +6 -0
package/docs/migration/MIGRATION_GUIDE.md +827 -351
package/docs/migration/README.md +7 -1
package/docs/migration/organisation-context-timing-fix.md +6 -0
package/docs/migration/rbac-migration.md +44 -1
package/docs/migration/service-architecture.md +6 -0
package/docs/migration/v0.4.15-tailwind-scanning.md +6 -0
package/docs/migration/v0.4.16-css-first-approach.md +6 -0
package/docs/migration/v0.4.17-source-path-fix.md +6 -0
package/docs/rbac/README-rbac-rls-integration.md +6 -0
package/docs/rbac/README.md +6 -0
package/docs/rbac/advanced-patterns.md +6 -0
package/docs/rbac/api-reference.md +7 -1
package/docs/rbac/breaking-changes-v3.md +222 -0
package/docs/rbac/examples/rbac-rls-integration-example.md +6 -0
package/docs/rbac/examples.md +6 -0
package/docs/rbac/getting-started.md +6 -0
package/docs/rbac/migration-guide.md +260 -0
package/docs/rbac/quick-start.md +70 -13
package/docs/rbac/rbac-rls-integration.md +6 -0
package/docs/rbac/super-admin-guide.md +6 -0
package/docs/rbac/troubleshooting.md +6 -0
package/docs/security/README.md +6 -0
package/docs/security/checklist.md +6 -0
package/docs/styles/README.md +7 -1
package/docs/{usage.md → styles/usage.md} +6 -0
package/docs/testing/README.md +6 -0
package/docs/{visual-testing.md → testing/visual-testing.md} +6 -0
package/docs/troubleshooting/README.md +387 -5
package/docs/troubleshooting/cake-page-permission-guard-issue-summary.md +6 -0
package/docs/troubleshooting/common-issues.md +6 -0
package/docs/troubleshooting/database-view-compatibility.md +6 -0
package/docs/troubleshooting/organisation-context-setup.md +6 -0
package/docs/troubleshooting/react-hooks-issue-analysis.md +6 -0
package/docs/troubleshooting/styling-issues.md +6 -0
package/docs/troubleshooting/tailwind-content-scanning.md +6 -0
package/package.json +1 -1
package/src/__tests__/helpers/__tests__/test-providers.test.tsx +2 -1
package/src/__tests__/helpers/test-providers.tsx +3 -53
package/src/components/DataTable/DataTable.test.tsx +319 -0
package/src/components/DataTable/DataTable.tsx +32 -11
package/src/components/DataTable/__tests__/{DataTable.comprehensive.test.tsx → DataTable.comprehensive.test.tsx.skip} +6 -4
package/src/components/DataTable/__tests__/{DataTable.test.tsx → DataTable.test.tsx.skip} +6 -4
package/src/components/DataTable/__tests__/DataTableCore.test.tsx +31 -9
package/src/components/DataTable/__tests__/a11y.basic.test.tsx +601 -0
package/src/components/DataTable/__tests__/keyboard.test.tsx +615 -0
package/src/components/DataTable/__tests__/pagination.modes.test.tsx +639 -0
package/src/components/DataTable/__tests__/ssr.strict-mode.test.tsx.skip +330 -0
package/src/components/DataTable/components/AccessDeniedPage.tsx +2 -2
package/src/components/DataTable/components/ActionButtons.tsx +88 -104
package/src/components/DataTable/components/DataTableCore.tsx +309 -337
package/src/components/DataTable/components/DataTableErrorBoundary.tsx +4 -2
package/src/components/DataTable/components/DataTableModals.tsx +22 -1
package/src/components/DataTable/components/EditableRow.tsx +69 -84
package/src/components/DataTable/components/EmptyState.tsx +5 -1
package/src/components/DataTable/components/ImportModal.tsx +65 -36
package/src/components/DataTable/components/PaginationControls.tsx +40 -100
package/src/components/DataTable/components/UnifiedTableBody.tsx +125 -148
package/src/components/DataTable/context/DataTableContext.tsx +1 -1
package/src/components/DataTable/core/ColumnFactory.ts +5 -0
package/src/components/DataTable/examples/HierarchicalActionsExample.tsx +12 -10
package/src/components/DataTable/examples/HierarchicalExample.tsx +1 -1
package/src/components/DataTable/examples/InitialPageSizeExample.tsx +1 -0
package/src/components/DataTable/examples/PerformanceExample.tsx +1 -0
package/src/components/DataTable/hooks/__tests__/useColumnOrderPersistence.test.ts +1 -5
package/src/components/DataTable/hooks/__tests__/useColumnVisibilityPersistence.test.ts +167 -0
package/src/components/DataTable/hooks/index.ts +7 -0
package/src/components/DataTable/hooks/useColumnOrderPersistence.ts +32 -15
package/src/components/DataTable/hooks/useColumnVisibilityPersistence.ts +102 -0
package/src/components/DataTable/hooks/useDataTableConfiguration.ts +89 -0
package/src/components/DataTable/hooks/useDataTableDataPipeline.ts +117 -0
package/src/components/DataTable/hooks/useDataTablePermissions.ts +71 -27
package/src/components/DataTable/hooks/useDataTableState.ts +39 -11
package/src/components/DataTable/hooks/useEffectiveColumnOrder.ts +33 -0
package/src/components/DataTable/hooks/useHierarchicalState.ts +15 -1
package/src/components/DataTable/hooks/useKeyboardNavigation.ts +447 -0
package/src/components/DataTable/hooks/useServerSideDataEffect.ts +94 -0
package/src/components/DataTable/hooks/useTableColumns.ts +10 -7
package/src/components/DataTable/hooks/useTableHandlers.ts +174 -0
package/src/components/DataTable/index.ts +12 -3
package/src/components/DataTable/types.ts +129 -9
package/src/components/DataTable/utils/__tests__/exportUtils.test.ts +159 -22
package/src/components/DataTable/utils/__tests__/flexibleImport.test.ts +111 -0
package/src/components/DataTable/utils/__tests__/rowUtils.test.ts +15 -29
package/src/components/DataTable/utils/a11yUtils.ts +244 -0
package/src/components/DataTable/utils/debugTools.ts +609 -0
package/src/components/DataTable/utils/exportUtils.ts +114 -16
package/src/components/DataTable/utils/flexibleImport.ts +202 -32
package/src/components/DataTable/utils/hierarchicalUtils.ts +1 -1
package/src/components/DataTable/utils/index.ts +2 -0
package/src/components/DataTable/utils/paginationUtils.ts +350 -0
package/src/components/DataTable/utils/rowUtils.ts +6 -5
package/src/components/NavigationMenu/NavigationMenu.test.tsx +19 -24
package/src/components/NavigationMenu/NavigationMenu.tsx +19 -8
package/src/components/PaceAppLayout/__tests__/PaceAppLayout.security.test.tsx +1 -23
package/src/components/PaceLoginPage/PaceLoginPage.test.tsx +56 -6
package/src/components/PaceLoginPage/PaceLoginPage.tsx +137 -13
package/src/components/PublicLayout/__tests__/PublicPageHeader.test.tsx +1 -1
package/src/components/Select/Select.tsx +1 -0
package/src/components/examples/PermissionExample.tsx +173 -0
package/src/examples/CorrectPublicPageImplementation.tsx +301 -0
package/src/examples/PublicEventPage.tsx +274 -0
package/src/examples/PublicPageApp.tsx +308 -0
package/src/examples/PublicPageUsageExample.tsx +216 -0
package/src/hooks/__tests__/useOrganisationPermissions.unit.test.tsx +12 -1
package/src/hooks/__tests__/useOrganisationSecurity.unit.test.tsx +129 -17
package/src/hooks/__tests__/useRBAC.unit.test.ts +151 -846
package/src/hooks/useOrganisationPermissions.test.ts +42 -18
package/src/hooks/useOrganisationPermissions.ts +12 -6
package/src/hooks/useOrganisationSecurity.test.ts +138 -85
package/src/hooks/useOrganisationSecurity.ts +41 -10
package/src/index.ts +0 -1
package/src/providers/AuthProvider.simplified.tsx +880 -0
package/src/providers/UnifiedAuthProvider.test.simple.tsx +8 -8
package/src/providers/__tests__/UnifiedAuthProvider.test.tsx +29 -19
package/src/providers/index.ts +0 -1
package/src/providers/services/EventServiceProvider.tsx +19 -15
package/src/providers/services/InactivityServiceProvider.tsx +19 -15
package/src/providers/services/OrganisationServiceProvider.tsx +19 -15
package/src/providers/services/UnifiedAuthProvider.tsx +156 -127
package/src/providers/services/__tests__/AuthServiceProvider.integration.test.tsx +1 -1
package/src/providers/services/__tests__/UnifiedAuthProvider.integration.test.tsx +3 -3
package/src/rbac/README.md +1 -1
package/src/rbac/__tests__/adapters.comprehensive.test.tsx +25 -27
package/src/rbac/__tests__/auth-rbac-security.integration.test.tsx +313 -0
package/src/rbac/__tests__/engine.comprehensive.test.ts +114 -348
package/src/rbac/__tests__/rbac-engine-core-logic.test.ts +28 -110
package/src/rbac/__tests__/rbac-engine-simplified.test.ts +33 -85
package/src/rbac/__tests__/scenarios.user-role.test.tsx +2 -2
package/src/rbac/adapters.tsx +26 -69
package/src/rbac/api.test.ts +90 -27
package/src/rbac/api.ts +61 -10
package/src/rbac/audit.test.ts +33 -38
package/src/rbac/audit.ts +21 -6
package/src/rbac/cache.ts +33 -1
package/src/rbac/components/NavigationGuard.tsx +11 -11
package/src/rbac/components/NavigationProvider.test.tsx +11 -5
package/src/rbac/components/NavigationProvider.tsx +37 -13
package/src/rbac/components/PagePermissionGuard.tsx +111 -50
package/src/rbac/components/PagePermissionProvider.tsx +5 -5
package/src/rbac/components/PermissionEnforcer.tsx +11 -11
package/src/rbac/components/RoleBasedRouter.tsx +5 -5
package/src/rbac/components/SecureDataProvider.tsx +5 -5
package/src/rbac/components/__tests__/NavigationGuard.test.tsx +8 -8
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +14 -14
package/src/rbac/components/__tests__/PermissionEnforcer.test.tsx +12 -12
package/src/rbac/components/__tests__/RoleBasedRouter.test.tsx +6 -6
package/src/rbac/engine.test.simple.ts +19 -13
package/src/rbac/engine.test.ts +1 -0
package/src/rbac/engine.ts +330 -766
package/src/rbac/errors.ts +156 -0
package/src/rbac/hooks/usePermissions.ts +32 -10
package/src/rbac/hooks/useRBAC.test.ts +126 -512
package/src/rbac/hooks/useRBAC.ts +147 -193
package/src/rbac/hooks/useResolvedScope.ts +12 -0
package/src/rbac/index.ts +7 -4
package/src/rbac/security.ts +109 -18
package/src/rbac/types.ts +12 -1
package/src/services/AuthService.ts +2 -15
package/src/services/EventService.ts +43 -46
package/src/services/OrganisationService.ts +51 -31
package/src/services/__tests__/AuthService.test.ts +1 -1
package/src/services/__tests__/EventService.test.ts +1 -1
package/src/services/__tests__/OrganisationService.test.ts +1 -1
package/src/services/base/BaseService.ts +8 -0
package/src/styles/base.css +208 -0
package/src/styles/semantic.css +24 -0
package/src/types/database.generated.ts +7347 -0
package/src/types/database.ts +20 -0
package/src/utils/logger.ts +179 -0
package/src/utils/organisationContext.ts +11 -4
package/src/utils/storage/__tests__/helpers.unit.test.ts +6 -2
package/dist/appNameResolver-UURKN7NF.js +0 -22
package/dist/audit-6TOCAMKO.js.map +0 -1
package/dist/chunk-B2WTCLCV.js.map +0 -1
package/dist/chunk-FGMFQSHX.js.map +0 -1
package/dist/chunk-K34IM5CT.js.map +0 -1
package/dist/chunk-KHJS6VIA.js.map +0 -1
package/dist/chunk-KK73ZB4E.js.map +0 -1
package/dist/chunk-M5IWZRBT.js.map +0 -1
package/dist/chunk-ULBI5JGB.js +0 -109
package/dist/chunk-ULBI5JGB.js.map +0 -1
package/dist/chunk-WN6XJWOS.js.map +0 -1
package/dist/chunk-XLZ7U46Z.js.map +0 -1
package/dist/chunk-Y6TXWPJO.js.map +0 -1
package/docs/DOCUMENTATION_CHECKLIST.md +0 -281
package/docs/TERMINOLOGY.md +0 -231
package/docs/api/interfaces/RBACContextType.md +0 -468
package/docs/api/interfaces/RBACProviderProps.md +0 -107
package/docs/best-practices/performance-expansion.md +0 -473
package/docs/breaking-changes.md +0 -179
package/docs/consuming-app-example.md +0 -290
package/docs/documentation-templates.md +0 -539
package/docs/examples/navigation-menu-auth-fix.md +0 -344
package/docs/getting-started/examples/basic-auth-app.md +0 -520
package/docs/getting-started/examples/full-featured-app.md +0 -616
package/docs/getting-started/quick-start.md +0 -376
package/docs/implementation-guides/datatable-filtering.md +0 -313
package/docs/implementation-guides/datatable-rbac-usage.md +0 -317
package/docs/implementation-guides/hierarchical-datatable.md +0 -850
package/docs/implementation-guides/large-datasets.md +0 -281
package/docs/implementation-guides/performance.md +0 -403
package/docs/migration/quick-migration-guide.md +0 -320
package/docs/migration-guide.md +0 -193
package/docs/migration-guides/unified-auth-provider-mandatory-timeouts.md +0 -226
package/docs/performance/README.md +0 -551
package/docs/style-guide.md +0 -964
package/docs/troubleshooting/authentication-issues.md +0 -334
package/docs/troubleshooting/debugging.md +0 -1117
package/docs/troubleshooting/migration.md +0 -918
package/src/__tests__/hooks/usePermissions.test.ts +0 -261
package/src/components/PaceAppLayout/__tests__/PaceAppLayout.rbac.test.tsx +0 -574
package/src/hooks/__tests__/ServiceHooks.test.tsx +0 -613
package/src/hooks/services/__tests__/useServiceHooks.test.tsx +0 -137
package/src/hooks/services/usePermissions.ts +0 -70
package/src/hooks/services/useRBACService.ts +0 -30
package/src/hooks/usePermissionCheck.ts +0 -150
package/src/providers/__tests__/ServiceProviders.test.tsx +0 -477
package/src/providers/services/RBACServiceProvider.tsx +0 -79
package/src/rbac/__tests__/integration.authflow.test.tsx +0 -119
package/src/rbac/__tests__/integration.navigation.test.tsx +0 -69
package/src/rbac/__tests__/integration.securedata.test.tsx +0 -92
package/src/rbac/__tests__/integration.smoke.test.tsx +0 -73
package/src/rbac/providers/RBACProvider.tsx +0 -645
package/src/rbac/providers/__tests__/RBACProvider.integration.test.tsx +0 -688
package/src/rbac/providers/__tests__/RBACProvider.test.tsx +0 -1186
package/src/rbac/providers/index.ts +0 -11
package/src/services/RBACService.ts +0 -522
package/src/services/__tests__/RBACService.test.ts +0 -492
package/src/services/interfaces/IRBACService.ts +0 -62
package/src/utils/appNameResolver.test 2.ts +0 -494
/package/dist/{DataTable-4GAVPIEG.js.map → DataTable-ETGVF4Y5.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-3NKDOSOK.js.map → UnifiedAuthProvider-P5SOJAQ6.js.map} +0 -0
/package/dist/{api-DDMUKIUD.js.map → api-KG4A2X7P.js.map} +0 -0
/package/dist/{appNameResolver-UURKN7NF.js.map → audit-65VNHEV2.js.map} +0 -0
/package/dist/{chunk-NTNILOBC.js.map → chunk-5BO3MI5Y.js.map} +0 -0
/package/dist/{chunk-URUTVZ7N.js.map → chunk-FL4ZCQLD.js.map} +0 -0
/package/dist/{chunk-LW7MMEAQ.js.map → chunk-FT2M4R4F.js.map} +0 -0
/package/dist/{chunk-AFGTSUAD.js.map → chunk-VSOKOFRF.js.map} +0 -0
/package/docs/{app.css.example → styles/app.css.example} +0 -0

package/docs/{database-schema-requirements.md → architecture/database-schema-requirements.md} RENAMED Viewed

@@ -1,3 +1,9 @@
+---
+lastUpdated: 2025-10-29T22:43:00+11:00
+version: 0.5.76
+reviewedBy: content-audit
+---
 # Database Schema Requirements
 This document outlines the required database tables and schema for the `@jmruthers/pace-core` package to function correctly.

package/docs/architecture/rbac-security-architecture.md ADDED Viewed

@@ -0,0 +1,258 @@
+---
+lastUpdated: 2025-10-29T22:43:00+11:00
+version: 0.5.76
+reviewedBy: content-audit
+---
+# RBAC Security Architecture
+**Last Updated**: 2024
+## Overview
+This document describes the security architecture of the RBAC (Role-Based Access Control) system in `@jmruthers/pace-core`. The system is designed with **defense in depth** and **fail-secure** principles.
+## Architecture Principles
+### 1. Database-First Authority
+**Principle**: The database is the single source of truth for all permission decisions. Client-side metadata is never trusted.
+**Implementation**:
+- All permission checks query the database via secure RPC functions
+- Super admin status is checked via `rbac_global_roles` table, never from `user_metadata`
+- Organisation membership is validated via `rbac_organisation_roles` table
+- Event access is validated via `rbac_event_app_roles` table
+**Security Benefit**: Prevents privilege escalation by spoofing `user_metadata`.
+### 2. Organisation Context Enforcement
+**Principle**: All permission checks require organisation context and are scoped to that context.
+**Implementation**:
+- Every permission check includes `organisationId` as a required parameter
+- Database queries automatically filter by `organisationId` via RLS policies
+- Organisation membership is validated before any permission resolution
+**Security Benefit**: Prevents cross-tenant data leakage.
+### 3. Row-Level Security (RLS)
+**Principle**: Database-level policies enforce data isolation at the lowest level.
+**Implementation**:
+- All RBAC tables have RLS policies that restrict access to the user's organisation
+- Policies use `auth.uid()` for automatic context injection
+- Super admins bypass RLS via `auth.jwt() ->> 'global_role' = 'super_admin'`
+**Security Benefit**: Even if application logic fails, the database prevents unauthorized access.
+### 4. Fail-Secure Design
+**Principle**: On any error, ambiguity, or uncertainty, access is denied.
+**Implementation**:
+- Permission check errors return `false` (denied)
+- Missing organisation context returns `false` (denied)
+- Invalid input returns `false` (denied)
+- Database errors return `false` (denied)
+**Security Benefit**: Minimizes impact of bugs or vulnerabilities.
+### 5. Deny-Override-Allow Precedence
+**Principle**: Denials always override allows. If a user is explicitly denied a permission, no allow can override it.
+**Implementation**:
+```typescript
+// Permission resolution order:
+// 1. Check for explicit deny
+// 2. If no deny, check for allow
+// 3. If neither, deny by default
+```
+**Security Benefit**: Explicit deny is never accidentally overridden by a more permissive role.
+## Security Layers
+### Layer 1: Input Validation
+**Location**: `packages/core/src/rbac/security.ts`
+Validates and sanitizes all inputs before processing:
+- Permission string format: `operation:resource` (e.g., "read:users")
+- UUID format validation for all IDs
+- Organisation ID presence and format
+- Input sanitization to prevent injection attacks
+### Layer 2: Rate Limiting
+**Location**: `packages/core/src/rbac/security.ts`
+Prevents abuse with configurable rate limits:
+- Max requests per minute per user
+- Suspicious activity detection
+- Automatic blocking after threshold
+### Layer 3: Permission Resolution
+**Location**: `packages/core/src/rbac/engine.ts`
+Database-backed permission resolution:
+- Check explicit denies
+- Check explicit allows
+- Check role-based permissions
+- Check organisation membership
+- Check event access (if applicable)
+### Layer 4: Row-Level Security
+**Location**: Supabase database policies
+Database-level enforcement that applies even if application logic is bypassed:
+- Automatic context filtering by `organisationId`
+- User-specific data access via `auth.uid()`
+- Super admin bypass via JWT claims
+### Layer 5: Audit Logging
+**Location**: `packages/core/src/rbac/engine.ts`
+Comprehensive logging for security analysis:
+- All permission checks are logged
+- Denials are logged with full context
+- Rate limit violations are logged
+- Security events are logged with severity levels
+## Security Features
+### Super Admin Checks
+Super admin status is **never** checked from client-provided metadata. It is always queried from the database:
+```typescript
+// ✅ CORRECT: Database query
+const { data } = await supabase
+  .from('rbac_global_roles')
+  .select('role')
+  .eq('user_id', userId)
+  .eq('role', 'super_admin')
+  .limit(1);
+const isSuperAdmin = data && data.length > 0;
+// ❌ WRONG: Client metadata (spoofable)
+const isSuperAdmin = user.user_metadata?.globalRole === 'super_admin';
+```
+### Organisation Context Validation
+Every permission check validates organisation membership:
+```typescript
+// 1. Check organisation membership
+const membership = await supabase
+  .from('rbac_organisation_roles')
+  .select('organisation_id, role, status')
+  .eq('user_id', userId)
+  .eq('organisation_id', organisationId)
+  .eq('status', 'active')
+  .single();
+if (!membership) {
+  return false; // Fail-secure: deny if not a member
+}
+```
+### Permission Cache Security
+Caching improves performance but must be secure:
+- Cache keys include `userId` and `organisationId` to prevent cross-user leaks
+- Cache is invalidated on role changes via Supabase realtime
+- Cache TTL is short (60 seconds) to limit stale data exposure
+## Threat Model
+### Threat 1: Privilege Escalation
+**Attack**: User modifies client-side `user_metadata` to claim super admin role.
+**Mitigation**: Super admin status is always checked via database query, never from metadata.
+**Status**: ✅ Mitigated
+### Threat 2: Cross-Organisation Data Leakage
+**Attack**: User requests data with a different `organisationId` than their membership.
+**Mitigation**: RLS policies and application-level checks ensure users can only access their organisation's data.
+**Status**: ✅ Mitigated
+### Threat 3: Cache-Based Attacks
+**Attack**: Malicious user exploits cache to access another user's permissions.
+**Mitigation**: Cache keys include `userId`, preventing cross-user access. Cache invalidation on changes.
+**Status**: ✅ Mitigated
+### Threat 4: Race Conditions
+**Attack**: Exploiting concurrent permission checks to bypass security.
+**Mitigation**: Rate limiting and atomic database transactions prevent race conditions.
+**Status**: ✅ Mitigated
+### Threat 5: Injection Attacks
+**Attack**: Injecting malicious data into permission checks.
+**Mitigation**: Input validation and sanitization, parameterized queries only.
+**Status**: ✅ Mitigated
+## Security Best Practices
+### For Developers
+1. **Always provide organisation context**: Never call permission checks without `organisationId`
+2. **Use `useRBAC()` hook**: This hook enforces security by default
+3. **Never trust client data**: Always re-validate on the server
+4. **Use `PagePermissionGuard`**: Declarative permission checks reduce bugs
+5. **Log security events**: Use audit logging for suspicious activity
+### For Security Reviewers
+1. **Review RLS policies**: Ensure all tables have proper RLS policies
+2. **Check cache invalidation**: Verify cache clears on all role changes
+3. **Audit super admin checks**: Ensure no code path uses `user_metadata` for super admin
+4. **Test fail-secure behavior**: Verify errors result in denial, not approval
+5. **Review rate limiting**: Ensure limits are appropriate for the application
+## Compliance
+### GDPR
+- ✅ Data access is logged with user context
+- ✅ Organisation data is isolated via RLS
+- ✅ Right to be forgotten is supported via user deletion
+### SOC 2
+- ✅ Access control is enforced at multiple layers
+- ✅ Audit logging is comprehensive
+- ✅ Changes to permissions are tracked
+### ISO 27001
+- ✅ Defense in depth architecture
+- ✅ Fail-secure design
+- ✅ Principle of least privilege
+## References
+- [RBAC Implementation](rbac-implementation.md)
+- [RLS Policies](../migration/rls-policies.md)
+- [Security Testing](../testing/security-testing.md)

package/docs/architecture/services.md CHANGED Viewed

@@ -1,3 +1,9 @@
+---
+lastUpdated: 2025-10-29T22:43:00+11:00
+version: 0.5.76
+reviewedBy: content-audit
+---
 # Service Architecture Documentation
 ## Overview
@@ -11,11 +17,13 @@ The pace-core library now uses a service-based architecture that follows SOLID p
 The service layer contains pure TypeScript classes that handle business logic without any React dependencies:
 - **AuthService**: Authentication operations (sign in, sign out, session management)
-- **RBACService**: Role and permission management
+- **RBACService**: Role and permission management ⚠️ **DEPRECATED** - Use RBAC Engine instead
 - **OrganisationService**: Organisation management and selection
 - **EventService**: Event management and selection
 - **InactivityService**: User inactivity tracking
+> **⚠️ Note**: RBACService is deprecated in favor of the new RBAC system. Use `useRBAC()` from `@jmruthers/pace-core/rbac` instead.
 ### Provider Layer (React Context)
 Each service has its own React provider that:

package/docs/best-practices/README.md CHANGED Viewed

@@ -1,3 +1,9 @@
+---
+lastUpdated: 2025-10-29T22:43:00+11:00
+version: 0.5.76
+reviewedBy: content-audit
+---
 # Best Practices
 > **🎯 Build Better Apps** | [Security](#security) | [Performance](#performance) | [Testing](#testing) | [Deployment](#deployment)

package/docs/best-practices/accessibility.md CHANGED Viewed

@@ -1,3 +1,9 @@
+---
+lastUpdated: 2025-10-29T22:43:00+11:00
+version: 0.5.76
+reviewedBy: content-audit
+---
 # Best Practices: Accessibility
 > **📚 Best Practices**: Accessibility & WCAG Compliance | [← Back](./README.md) | [Implementation Guides](../implementation-guides/README.md)

package/docs/{common-patterns.md → best-practices/common-patterns.md} RENAMED Viewed

@@ -1,3 +1,9 @@
+---
+lastUpdated: 2025-10-29T22:43:00+11:00
+version: 0.5.76
+reviewedBy: content-audit
+---
 # Common Patterns & Best Practices
 > **📚 Common Patterns** | [← Back to Documentation](./README.md) | [Quick Start](./getting-started/quick-start.md) | [API Reference](./api-reference/components.md)

package/docs/best-practices/deployment.md CHANGED Viewed

@@ -1,3 +1,9 @@
+---
+lastUpdated: 2025-10-29T22:43:00+11:00
+version: 0.5.76
+reviewedBy: content-audit
+---
 # Deployment Best Practices
 Proper deployment is crucial for production success. This guide provides comprehensive deployment strategies and best practices for `@jmruthers/pace-core` applications.