npm - @jmruthers/pace-core - Versions diffs - 0.6.1 → 0.6.3 - Mend

@jmruthers/pace-core 0.6.1 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (549) hide show

package/CHANGELOG.md +88 -10
package/cursor-rules/00-pace-core-compliance.mdc +46 -87
package/cursor-rules/01-standards-compliance.mdc +16 -47
package/cursor-rules/02-project-structure.mdc +4 -4
package/cursor-rules/03-solid-principles.mdc +45 -164
package/cursor-rules/04-testing-standards.mdc +22 -69
package/cursor-rules/05-bug-reports-and-features.mdc +2 -2
package/cursor-rules/06-code-quality.mdc +42 -125
package/cursor-rules/07-tech-stack-compliance.mdc +33 -128
package/cursor-rules/08-markup-quality.mdc +452 -0
package/cursor-rules/CHANGELOG.md +18 -0
package/cursor-rules/README.md +2 -1
package/dist/{AuthService-DjnJHDtC.d.ts → AuthService-Cb34EQs3.d.ts} +63 -1
package/dist/{DataTable-CH1U5Tpy.d.ts → DataTable-BMRU8a1j.d.ts} +33 -1
package/dist/{DataTable-DQ7RSOHE.js → DataTable-THFPBKTP.js} +12 -10
package/dist/{PublicPageProvider-ce4xlHYA.d.ts → PublicPageProvider-DEMpysFR.d.ts} +394 -171
package/dist/{UnifiedAuthProvider-185Ih4dj.d.ts → UnifiedAuthProvider-CKvHP1MK.d.ts} +30 -8
package/dist/{UnifiedAuthProvider-ATAP5UTR.js → UnifiedAuthProvider-KAGUYQ4J.js} +5 -4
package/dist/{api-N774RPUA.js → api-IAGWF3ZG.js} +10 -10
package/dist/{audit-B5P6FFIR.js → audit-V53FV5AG.js} +2 -2
package/dist/{chunk-JBKQ3SAO.js → chunk-2T2IG7T7.js} +107 -57
package/dist/chunk-2T2IG7T7.js.map +1 -0
package/dist/{chunk-3QRJFVBR.js → chunk-6SOIHG6Z.js} +1 -1
package/dist/chunk-6SOIHG6Z.js.map +1 -0
package/dist/{chunk-3XTALGJF.js → chunk-6Z7LTB3D.js} +69 -240
package/dist/chunk-6Z7LTB3D.js.map +1 -0
package/dist/{chunk-4ZC4GX36.js → chunk-CNCQDFLN.js} +199 -46
package/dist/chunk-CNCQDFLN.js.map +1 -0
package/dist/chunk-DGUM43GV.js +11 -0
package/dist/{chunk-BYFSK72L.js → chunk-DWUBLJJM.js} +361 -187
package/dist/chunk-DWUBLJJM.js.map +1 -0
package/dist/{chunk-LXQLPRQ2.js → chunk-FFQEQTNW.js} +6 -8
package/dist/chunk-FFQEQTNW.js.map +1 -0
package/dist/chunk-FMUCXFII.js +76 -0
package/dist/chunk-FMUCXFII.js.map +1 -0
package/dist/{chunk-4N5C5XZU.js → chunk-HFZBI76P.js} +4 -4
package/dist/chunk-HFZBI76P.js.map +1 -0
package/dist/{chunk-SQGMNID3.js → chunk-L4OXEN46.js} +4 -5
package/dist/chunk-L4OXEN46.js.map +1 -0
package/dist/{chunk-R77UEZ4E.js → chunk-M43Y4SSO.js} +1 -1
package/dist/chunk-M43Y4SSO.js.map +1 -0
package/dist/{chunk-I7PSE6JW.js → chunk-M7MPQISP.js} +3 -76
package/dist/chunk-M7MPQISP.js.map +1 -0
package/dist/chunk-PQBSKX33.js +7793 -0
package/dist/chunk-PQBSKX33.js.map +1 -0
package/dist/chunk-QRPVRXYT.js +226 -0
package/dist/chunk-QRPVRXYT.js.map +1 -0
package/dist/{chunk-KNC55RTG.js → chunk-RWEBCB47.js} +194 -416
package/dist/chunk-RWEBCB47.js.map +1 -0
package/dist/{chunk-XM25TVIE.js → chunk-YDQHOZNA.js} +843 -388
package/dist/chunk-YDQHOZNA.js.map +1 -0
package/dist/{chunk-GLK6VM3F.js → chunk-ZNIWI3UC.js} +739 -737
package/dist/chunk-ZNIWI3UC.js.map +1 -0
package/dist/components.d.ts +5 -5
package/dist/components.js +18 -16
package/dist/components.js.map +1 -1
package/dist/contextValidator-3JNZKUTX.js +9 -0
package/dist/contextValidator-3JNZKUTX.js.map +1 -0
package/dist/eslint-rules/pace-core-compliance.cjs +106 -0
package/dist/{functions-D_kgHktt.d.ts → functions-DHebl8-F.d.ts} +1 -1
package/dist/hooks.d.ts +55 -122
package/dist/hooks.js +10 -13
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +60 -13
package/dist/index.js +30 -25
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +21 -3
package/dist/providers.js +4 -3
package/dist/rbac/index.d.ts +210 -139
package/dist/rbac/index.js +17 -13
package/dist/styles/index.js +1 -1
package/dist/theming/runtime.d.ts +1 -13
package/dist/theming/runtime.js +2 -2
package/dist/{timezone-_pgH8qrY.d.ts → timezone-CHhWg6b4.d.ts} +3 -10
package/dist/{types-UU913iLA.d.ts → types-BeoeWV5I.d.ts} +8 -0
package/dist/{types-CEpcvwwF.d.ts → types-CkbwOr4Y.d.ts} +6 -0
package/dist/types.d.ts +2 -2
package/dist/types.js +1 -1
package/dist/{usePublicRouteParams-BJAlWfuJ.d.ts → usePublicRouteParams-i3qtoBgg.d.ts} +38 -17
package/dist/utils.d.ts +4 -5
package/dist/utils.js +17 -19
package/dist/utils.js.map +1 -1
package/docs/api/README.md +21 -17
package/docs/api/modules.md +4191 -2967
package/docs/architecture/database-schema-requirements.md +161 -0
package/docs/components/context-selector.md +126 -0
package/docs/core-concepts/rbac-system.md +3 -3
package/docs/documentation-index.md +2 -4
package/docs/getting-started/cursor-rules.md +2 -1
package/docs/migration/DOCUMENTATION_STRUCTURE.md +441 -0
package/docs/migration/MIGRATION_GUIDE.md +2 -24
package/docs/migration/RBAC_SCOPE_MIGRATION.md +385 -0
package/docs/migration/README.md +52 -6
package/docs/migration/V0.5.190_TO_V0.6.1_MIGRATION.md +1153 -0
package/docs/migration/database-changes-december-2025.md +3 -3
package/docs/pace-mint-fix-auto-selection.md +218 -0
package/docs/pace-mint-rbac-setup.md +391 -0
package/docs/rbac/event-based-apps.md +1 -1
package/docs/rbac/getting-started.md +1 -1
package/docs/rbac/quick-start.md +1 -1
package/docs/rbac/secure-client-protection.md +330 -0
package/docs/standards/README.md +1 -0
package/package.json +4 -3
package/scripts/audit/core/checks/accessibility.cjs +197 -0
package/scripts/audit/core/checks/api-usage.cjs +191 -0
package/scripts/audit/core/checks/bundle.cjs +142 -0
package/scripts/{check-pace-core-compliance.cjs → audit/core/checks/compliance.cjs} +784 -685
package/scripts/audit/core/checks/config.cjs +54 -0
package/scripts/audit/core/checks/coverage.cjs +84 -0
package/scripts/audit/core/checks/dependencies.cjs +985 -0
package/scripts/audit/core/checks/documentation.cjs +268 -0
package/scripts/audit/core/checks/environment.cjs +116 -0
package/scripts/audit/core/checks/error-handling.cjs +340 -0
package/scripts/audit/core/checks/forms.cjs +172 -0
package/scripts/audit/core/checks/heuristics.cjs +68 -0
package/scripts/audit/core/checks/hooks.cjs +334 -0
package/scripts/audit/core/checks/imports.cjs +244 -0
package/scripts/audit/core/checks/performance.cjs +325 -0
package/scripts/audit/core/checks/routes.cjs +117 -0
package/scripts/audit/core/checks/state.cjs +130 -0
package/scripts/audit/core/checks/structure.cjs +65 -0
package/scripts/audit/core/checks/style.cjs +584 -0
package/scripts/audit/core/checks/testing.cjs +122 -0
package/scripts/audit/core/checks/typescript.cjs +61 -0
package/scripts/audit/core/scanner.cjs +199 -0
package/scripts/audit/core/utils.cjs +137 -0
package/scripts/audit/index.cjs +223 -0
package/scripts/audit/reporters/console.cjs +151 -0
package/scripts/audit/reporters/json.cjs +54 -0
package/scripts/audit/reporters/markdown.cjs +124 -0
package/scripts/audit-consuming-app.cjs +61 -936
package/scripts/build-docs/build-decision.js +240 -0
package/scripts/build-docs/cache-utils.js +105 -0
package/scripts/build-docs/content-normalization.js +150 -0
package/scripts/build-docs/file-utils.js +105 -0
package/scripts/build-docs/git-utils.js +86 -0
package/scripts/build-docs/hash-utils.js +116 -0
package/scripts/build-docs/typedoc-runner.js +220 -0
package/scripts/build-docs-incremental.js +77 -913
package/scripts/utils/command-runner.js +16 -11
package/scripts/validate-formats.js +61 -56
package/scripts/validate-master.js +74 -69
package/scripts/validate-pre-publish.js +70 -65
package/src/__tests__/hooks/usePermissions.test.ts +2 -2
package/src/components/Alert/Alert.test.tsx +12 -18
package/src/components/Alert/Alert.tsx +5 -7
package/src/components/Avatar/Avatar.test.tsx +4 -4
package/src/components/Badge/Badge.tsx +14 -0
package/src/components/Button/Button.tsx +22 -0
package/src/components/Calendar/Calendar.tsx +8 -2
package/src/components/Card/Card.tsx +4 -0
package/src/components/Checkbox/Checkbox.test.tsx +12 -12
package/src/components/Checkbox/Checkbox.tsx +2 -2
package/src/components/ContextSelector/ContextSelector.tsx +384 -0
package/src/components/ContextSelector/index.ts +3 -0
package/src/components/DataTable/DataTable.tsx +38 -4
package/src/components/DataTable/__tests__/DataTableCore.test-setup.ts +5 -6
package/src/components/DataTable/__tests__/pagination.modes.test.tsx +18 -4
package/src/components/DataTable/__tests__/test-utils/sharedTestUtils.tsx +2 -3
package/src/components/DataTable/components/AccessDeniedPage.tsx +16 -25
package/src/components/DataTable/components/ActionButtons.tsx +10 -7
package/src/components/DataTable/components/BulkOperationsDropdown.tsx +1 -1
package/src/components/DataTable/components/ColumnFilter.tsx +10 -0
package/src/components/DataTable/components/ColumnVisibilityDropdown.tsx +12 -0
package/src/components/DataTable/components/DataTableBody.tsx +8 -0
package/src/components/DataTable/components/DataTableCore.tsx +196 -554
package/src/components/DataTable/components/DataTableErrorBoundary.tsx +11 -0
package/src/components/DataTable/components/DataTableLayout.tsx +559 -0
package/src/components/DataTable/components/DataTableModals.tsx +8 -0
package/src/components/DataTable/components/DataTableToolbar.tsx +8 -0
package/src/components/DataTable/components/DraggableColumnHeader.tsx +12 -0
package/src/components/DataTable/components/EditFields.tsx +307 -0
package/src/components/DataTable/components/EditableRow.tsx +8 -0
package/src/components/DataTable/components/EmptyState.tsx +10 -0
package/src/components/DataTable/components/FilterRow.tsx +12 -0
package/src/components/DataTable/components/GroupHeader.tsx +12 -0
package/src/components/DataTable/components/GroupingDropdown.tsx +12 -0
package/src/components/DataTable/components/ImportModal.tsx +7 -0
package/src/components/DataTable/components/LoadingState.tsx +6 -0
package/src/components/DataTable/components/PaginationControls.tsx +16 -1
package/src/components/DataTable/components/RowComponent.tsx +391 -0
package/src/components/DataTable/components/UnifiedTableBody.tsx +63 -851
package/src/components/DataTable/components/VirtualizedDataTable.tsx +16 -4
package/src/components/DataTable/components/__tests__/AccessDeniedPage.test.tsx +4 -2
package/src/components/DataTable/components/cellValueUtils.ts +40 -0
package/src/components/DataTable/components/hooks/useImportModalFocus.ts +53 -0
package/src/components/DataTable/components/hooks/usePermissionTracking.ts +126 -0
package/src/components/DataTable/context/DataTableContext.tsx +50 -0
package/src/components/DataTable/core/ColumnFactory.ts +31 -0
package/src/components/DataTable/core/DataTableContext.tsx +32 -1
package/src/components/DataTable/hooks/useColumnOrderPersistence.ts +10 -0
package/src/components/DataTable/hooks/useColumnReordering.ts +12 -0
package/src/components/DataTable/hooks/useColumnVisibilityPersistence.ts +10 -0
package/src/components/DataTable/hooks/useDataTableDataPipeline.ts +16 -0
package/src/components/DataTable/hooks/useDataTablePermissions.ts +127 -33
package/src/components/DataTable/hooks/useDataTableState.ts +35 -1
package/src/components/DataTable/hooks/useEffectiveColumnOrder.ts +12 -0
package/src/components/DataTable/hooks/useServerSideDataEffect.ts +11 -0
package/src/components/DataTable/hooks/useTableColumns.ts +8 -0
package/src/components/DataTable/hooks/useTableHandlers.ts +14 -0
package/src/components/DataTable/styles.ts +6 -6
package/src/components/DataTable/types.ts +6 -10
package/src/components/DataTable/utils/a11yUtils.ts +7 -0
package/src/components/DataTable/utils/debugTools.ts +18 -113
package/src/components/DataTable/utils/errorHandling.ts +12 -0
package/src/components/DataTable/utils/exportUtils.ts +9 -0
package/src/components/DataTable/utils/flexibleImport.ts +12 -48
package/src/components/DataTable/utils/paginationUtils.ts +8 -0
package/src/components/DataTable/utils/performanceUtils.ts +5 -1
package/src/components/Dialog/Dialog.tsx +31 -3
package/src/components/ErrorBoundary/ErrorBoundary.test.tsx +180 -1
package/src/components/ErrorBoundary/ErrorBoundary.tsx +45 -5
package/src/components/ErrorBoundary/ErrorBoundaryContext.tsx +129 -0
package/src/components/ErrorBoundary/index.ts +27 -2
package/src/components/FileDisplay/FileDisplay.tsx +74 -28
package/src/components/FileUpload/FileUpload.tsx +22 -2
package/src/components/Footer/Footer.test.tsx +16 -16
package/src/components/Footer/Footer.tsx +14 -11
package/src/components/Form/Form.tsx +1 -0
package/src/components/Header/Header.test.tsx +43 -73
package/src/components/Header/Header.tsx +59 -49
package/src/components/Input/Input.test.tsx +2 -2
package/src/components/Input/Input.tsx +8 -4
package/src/components/LoadingSpinner/LoadingSpinner.test.tsx +4 -4
package/src/components/LoginForm/LoginForm.tsx +4 -0
package/src/components/NavigationMenu/NavigationMenu.tsx +14 -513
package/src/components/NavigationMenu/types.ts +56 -0
package/src/components/NavigationMenu/useNavigationFiltering.ts +390 -0
package/src/components/PaceAppLayout/PaceAppLayout.integration.test.tsx +10 -19
package/src/components/PaceAppLayout/PaceAppLayout.performance.test.tsx +2 -2
package/src/components/PaceAppLayout/PaceAppLayout.security.test.tsx +5 -5
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +13 -11
package/src/components/PaceAppLayout/PaceAppLayout.tsx +167 -44
package/src/components/PaceAppLayout/README.md +14 -17
package/src/components/PaceAppLayout/test-setup.tsx +3 -4
package/src/components/PaceLoginPage/PaceLoginPage.tsx +3 -0
package/src/components/PasswordChange/PasswordChangeForm.tsx +9 -0
package/src/components/ProtectedRoute/ProtectedRoute.tsx +3 -9
package/src/components/PublicLayout/PublicPageLayout.tsx +2 -5
package/src/components/PublicLayout/PublicPageProvider.tsx +4 -0
package/src/components/Select/Select.tsx +80 -434
package/src/components/Select/context.ts +23 -0
package/src/components/Select/hooks/useSelectEvents.ts +87 -0
package/src/components/Select/hooks/useSelectSearch.ts +91 -0
package/src/components/Select/hooks/useSelectState.ts +104 -0
package/src/components/Select/index.ts +9 -1
package/src/components/Select/types.ts +123 -0
package/src/components/Select/utils/text.ts +26 -0
package/src/components/SessionRestorationLoader/SessionRestorationLoader.tsx +4 -5
package/src/components/Switch/Switch.tsx +4 -4
package/src/components/Tabs/Tabs.tsx +1 -1
package/src/components/Toast/Toast.tsx +4 -0
package/src/components/Tooltip/Tooltip.tsx +2 -2
package/src/components/UserMenu/UserMenu.test.tsx +24 -11
package/src/components/UserMenu/UserMenu.tsx +21 -18
package/src/components/index.ts +7 -7
package/src/eslint-rules/pace-core-compliance.cjs +106 -0
package/src/hooks/__tests__/index.unit.test.ts +2 -5
package/src/hooks/__tests__/useAppConfig.unit.test.ts +4 -98
package/src/hooks/index.ts +1 -2
package/src/hooks/public/usePublicEvent.ts +4 -0
package/src/hooks/public/usePublicEventLogo.ts +4 -0
package/src/hooks/public/usePublicFileDisplay.ts +4 -0
package/src/hooks/public/usePublicRouteParams.ts +4 -0
package/src/hooks/services/useAuth.ts +32 -0
package/src/hooks/services/useCurrentEvent.ts +6 -0
package/src/hooks/services/useCurrentOrganisation.ts +6 -0
package/src/hooks/useAppConfig.ts +15 -30
package/src/hooks/useDebounce.ts +9 -0
package/src/hooks/useEventTheme.ts +6 -0
package/src/hooks/useFileDisplay.ts +81 -50
package/src/hooks/useFileReference.ts +25 -7
package/src/hooks/useFileUrl.ts +11 -1
package/src/hooks/useFocusManagement.ts +14 -0
package/src/hooks/useFocusTrap.ts +3 -0
package/src/hooks/useInactivityTracker.ts +3 -0
package/src/hooks/useKeyboardShortcuts.ts +4 -0
package/src/hooks/useOrganisationPermissions.ts +4 -0
package/src/hooks/useOrganisationSecurity.ts +4 -0
package/src/hooks/usePerformanceMonitor.ts +4 -0
package/src/hooks/usePermissionCache.ts +7 -0
package/src/hooks/useQueryCache.ts +12 -1
package/src/hooks/useSessionRestoration.ts +4 -0
package/src/hooks/useStorage.ts +4 -0
package/src/hooks/useToast.ts +1 -1
package/src/index.ts +6 -6
package/src/providers/__tests__/OrganisationProvider.test.tsx +92 -70
package/src/providers/services/AuthServiceProvider.tsx +35 -7
package/src/providers/services/EventServiceProvider.tsx +51 -5
package/src/providers/services/InactivityServiceProvider.tsx +18 -0
package/src/providers/services/OrganisationServiceProvider.tsx +18 -0
package/src/providers/services/UnifiedAuthProvider.tsx +126 -134
package/src/providers/services/__tests__/AuthServiceProvider.integration.test.tsx +29 -13
package/src/rbac/README.md +1 -1
package/src/rbac/__tests__/adapters.comprehensive.test.tsx +1 -1
package/src/rbac/__tests__/scenarios.user-role.test.tsx +4 -5
package/src/rbac/adapters.tsx +12 -3
package/src/rbac/api.test.ts +59 -51
package/src/rbac/api.ts +246 -167
package/src/rbac/components/NavigationProvider.tsx +4 -1
package/src/rbac/components/PagePermissionGuard.tsx +185 -17
package/src/rbac/components/RoleBasedRouter.tsx +5 -1
package/src/rbac/components/SecureDataProvider.test.tsx +84 -49
package/src/rbac/components/SecureDataProvider.tsx +20 -5
package/src/rbac/components/__tests__/PagePermissionGuard.race-condition.test.tsx +24 -14
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +7 -0
package/src/rbac/components/__tests__/PagePermissionGuard.verification.test.tsx +14 -6
package/src/rbac/components/__tests__/RoleBasedRouter.test.tsx +15 -4
package/src/rbac/components/__tests__/SecureDataProvider.fixed.test.tsx +148 -24
package/src/rbac/components/__tests__/SecureDataProvider.test.tsx +81 -15
package/src/rbac/engine.ts +38 -14
package/src/rbac/hooks/__tests__/useSecureSupabase.test.ts +32 -21
package/src/rbac/hooks/permissions/index.ts +7 -0
package/src/rbac/hooks/permissions/useAccessLevel.ts +105 -0
package/src/rbac/hooks/permissions/useCachedPermissions.ts +79 -0
package/src/rbac/hooks/permissions/useCan.ts +377 -0
package/src/rbac/hooks/permissions/useHasAllPermissions.ts +90 -0
package/src/rbac/hooks/permissions/useHasAnyPermission.ts +90 -0
package/src/rbac/hooks/permissions/useMultiplePermissions.ts +93 -0
package/src/rbac/hooks/permissions/usePermissions.ts +253 -0
package/src/rbac/hooks/useCan.test.ts +64 -66
package/src/rbac/hooks/usePermissions.ts +14 -995
package/src/rbac/hooks/useRBAC.test.ts +1 -5
package/src/rbac/hooks/useRBAC.ts +36 -37
package/src/rbac/hooks/useResolvedScope.test.ts +120 -35
package/src/rbac/hooks/useResolvedScope.ts +35 -40
package/src/rbac/hooks/useResourcePermissions.test.ts +54 -18
package/src/rbac/hooks/useResourcePermissions.ts +14 -4
package/src/rbac/hooks/useSecureSupabase.ts +27 -7
package/src/rbac/index.ts +7 -0
package/src/rbac/permissions.ts +0 -30
package/src/rbac/secureClient.test.ts +22 -18
package/src/rbac/secureClient.ts +294 -68
package/src/rbac/security.ts +0 -17
package/src/rbac/types.ts +9 -0
package/src/rbac/utils/__tests__/contextValidator.test.ts +64 -86
package/src/rbac/utils/clientSecurity.ts +93 -0
package/src/rbac/utils/contextValidator.ts +77 -168
package/src/services/AuthService.ts +39 -7
package/src/services/EventService.ts +186 -54
package/src/services/OrganisationService.ts +81 -14
package/src/services/__tests__/EventService.test.ts +1 -2
package/src/services/base/BaseService.ts +3 -0
package/src/theming/__tests__/parseEventColours.test.ts +6 -9
package/src/theming/parseEventColours.ts +5 -19
package/src/types/vitest-globals.d.ts +51 -26
package/src/utils/__mocks__/supabaseMock.ts +1 -3
package/src/utils/__tests__/formatting.unit.test.ts +4 -4
package/src/utils/__tests__/index.unit.test.ts +2 -2
package/src/utils/audit/audit.ts +0 -3
package/src/utils/core/cn.ts +1 -1
package/src/utils/dynamic/dynamicUtils.ts +7 -4
package/src/utils/file-reference/index.ts +53 -1
package/src/utils/formatting/formatting.ts +8 -18
package/src/utils/index.ts +0 -1
package/dist/chunk-3QRJFVBR.js.map +0 -1
package/dist/chunk-3XTALGJF.js.map +0 -1
package/dist/chunk-4N5C5XZU.js.map +0 -1
package/dist/chunk-4ZC4GX36.js.map +0 -1
package/dist/chunk-7D4SUZUM.js +0 -38
package/dist/chunk-BYFSK72L.js.map +0 -1
package/dist/chunk-EXUD6RNJ.js +0 -451
package/dist/chunk-EXUD6RNJ.js.map +0 -1
package/dist/chunk-GLK6VM3F.js.map +0 -1
package/dist/chunk-I7PSE6JW.js.map +0 -1
package/dist/chunk-JBKQ3SAO.js.map +0 -1
package/dist/chunk-KNC55RTG.js.map +0 -1
package/dist/chunk-LXQLPRQ2.js.map +0 -1
package/dist/chunk-R77UEZ4E.js.map +0 -1
package/dist/chunk-SQGMNID3.js.map +0 -1
package/dist/chunk-T33XF5ZC.js +0 -12922
package/dist/chunk-T33XF5ZC.js.map +0 -1
package/dist/chunk-XM25TVIE.js.map +0 -1
package/docs/api/classes/ColumnFactory.md +0 -243
package/docs/api/classes/ErrorBoundary.md +0 -144
package/docs/api/classes/InvalidScopeError.md +0 -73
package/docs/api/classes/Logger.md +0 -178
package/docs/api/classes/MissingUserContextError.md +0 -66
package/docs/api/classes/OrganisationContextRequiredError.md +0 -66
package/docs/api/classes/PermissionDeniedError.md +0 -73
package/docs/api/classes/RBACAuditManager.md +0 -297
package/docs/api/classes/RBACCache.md +0 -322
package/docs/api/classes/RBACEngine.md +0 -171
package/docs/api/classes/RBACError.md +0 -76
package/docs/api/classes/RBACNotInitializedError.md +0 -66
package/docs/api/classes/SecureSupabaseClient.md +0 -160
package/docs/api/classes/StorageUtils.md +0 -328
package/docs/api/enums/FileCategory.md +0 -184
package/docs/api/enums/LogLevel.md +0 -54
package/docs/api/enums/RBACErrorCode.md +0 -228
package/docs/api/enums/RPCFunction.md +0 -118
package/docs/api/interfaces/AddressFieldProps.md +0 -241
package/docs/api/interfaces/AddressFieldRef.md +0 -94
package/docs/api/interfaces/AggregateConfig.md +0 -43
package/docs/api/interfaces/AutocompleteOptions.md +0 -75
package/docs/api/interfaces/AvatarProps.md +0 -128
package/docs/api/interfaces/BadgeProps.md +0 -27
package/docs/api/interfaces/ButtonProps.md +0 -53
package/docs/api/interfaces/CalendarProps.md +0 -70
package/docs/api/interfaces/CardProps.md +0 -66
package/docs/api/interfaces/ColorPalette.md +0 -7
package/docs/api/interfaces/ColorShade.md +0 -66
package/docs/api/interfaces/ComplianceResult.md +0 -30
package/docs/api/interfaces/DataAccessRecord.md +0 -96
package/docs/api/interfaces/DataRecord.md +0 -11
package/docs/api/interfaces/DataTableAction.md +0 -249
package/docs/api/interfaces/DataTableColumn.md +0 -504
package/docs/api/interfaces/DataTableProps.md +0 -625
package/docs/api/interfaces/DataTableToolbarButton.md +0 -96
package/docs/api/interfaces/DatabaseComplianceResult.md +0 -85
package/docs/api/interfaces/DatabaseIssue.md +0 -41
package/docs/api/interfaces/EmptyStateConfig.md +0 -61
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +0 -235
package/docs/api/interfaces/EventAppRoleData.md +0 -71
package/docs/api/interfaces/ExportColumn.md +0 -90
package/docs/api/interfaces/ExportOptions.md +0 -126
package/docs/api/interfaces/FileDisplayProps.md +0 -249
package/docs/api/interfaces/FileMetadata.md +0 -129
package/docs/api/interfaces/FileReference.md +0 -118
package/docs/api/interfaces/FileSizeLimits.md +0 -7
package/docs/api/interfaces/FileUploadOptions.md +0 -139
package/docs/api/interfaces/FileUploadProps.md +0 -293
package/docs/api/interfaces/FooterProps.md +0 -105
package/docs/api/interfaces/FormFieldProps.md +0 -166
package/docs/api/interfaces/FormProps.md +0 -113
package/docs/api/interfaces/GrantEventAppRoleParams.md +0 -122
package/docs/api/interfaces/InactivityWarningModalProps.md +0 -115
package/docs/api/interfaces/InputProps.md +0 -53
package/docs/api/interfaces/LabelProps.md +0 -107
package/docs/api/interfaces/LoggerConfig.md +0 -62
package/docs/api/interfaces/LoginFormProps.md +0 -184
package/docs/api/interfaces/NavigationAccessRecord.md +0 -107
package/docs/api/interfaces/NavigationContextType.md +0 -164
package/docs/api/interfaces/NavigationGuardProps.md +0 -139
package/docs/api/interfaces/NavigationItem.md +0 -120
package/docs/api/interfaces/NavigationMenuProps.md +0 -221
package/docs/api/interfaces/NavigationProviderProps.md +0 -117
package/docs/api/interfaces/Organisation.md +0 -140
package/docs/api/interfaces/OrganisationContextType.md +0 -388
package/docs/api/interfaces/OrganisationMembership.md +0 -140
package/docs/api/interfaces/OrganisationProviderProps.md +0 -76
package/docs/api/interfaces/OrganisationSecurityError.md +0 -62
package/docs/api/interfaces/PaceAppLayoutProps.md +0 -406
package/docs/api/interfaces/PaceLoginPageProps.md +0 -47
package/docs/api/interfaces/PageAccessRecord.md +0 -85
package/docs/api/interfaces/PagePermissionContextType.md +0 -140
package/docs/api/interfaces/PagePermissionGuardProps.md +0 -153
package/docs/api/interfaces/PagePermissionProviderProps.md +0 -119
package/docs/api/interfaces/PaletteData.md +0 -41
package/docs/api/interfaces/ParsedAddress.md +0 -120
package/docs/api/interfaces/PermissionEnforcerProps.md +0 -153
package/docs/api/interfaces/ProgressProps.md +0 -42
package/docs/api/interfaces/ProtectedRouteProps.md +0 -97
package/docs/api/interfaces/PublicPageFooterProps.md +0 -112
package/docs/api/interfaces/PublicPageHeaderProps.md +0 -125
package/docs/api/interfaces/PublicPageLayoutProps.md +0 -198
package/docs/api/interfaces/QuickFix.md +0 -52
package/docs/api/interfaces/RBACAccessValidateParams.md +0 -52
package/docs/api/interfaces/RBACAccessValidateResult.md +0 -41
package/docs/api/interfaces/RBACAuditLogParams.md +0 -85
package/docs/api/interfaces/RBACAuditLogResult.md +0 -52
package/docs/api/interfaces/RBACConfig.md +0 -133
package/docs/api/interfaces/RBACContext.md +0 -52
package/docs/api/interfaces/RBACLogger.md +0 -112
package/docs/api/interfaces/RBACPageAccessCheckParams.md +0 -74
package/docs/api/interfaces/RBACPerformanceMetrics.md +0 -138
package/docs/api/interfaces/RBACPermissionCheckParams.md +0 -74
package/docs/api/interfaces/RBACPermissionCheckResult.md +0 -52
package/docs/api/interfaces/RBACPermissionsGetParams.md +0 -63
package/docs/api/interfaces/RBACPermissionsGetResult.md +0 -63
package/docs/api/interfaces/RBACResult.md +0 -58
package/docs/api/interfaces/RBACRoleGrantParams.md +0 -63
package/docs/api/interfaces/RBACRoleGrantResult.md +0 -52
package/docs/api/interfaces/RBACRoleRevokeParams.md +0 -63
package/docs/api/interfaces/RBACRoleRevokeResult.md +0 -52
package/docs/api/interfaces/RBACRoleValidateParams.md +0 -52
package/docs/api/interfaces/RBACRoleValidateResult.md +0 -63
package/docs/api/interfaces/RBACRolesListParams.md +0 -52
package/docs/api/interfaces/RBACRolesListResult.md +0 -74
package/docs/api/interfaces/RBACSessionTrackParams.md +0 -74
package/docs/api/interfaces/RBACSessionTrackResult.md +0 -52
package/docs/api/interfaces/ResourcePermissions.md +0 -155
package/docs/api/interfaces/RevokeEventAppRoleParams.md +0 -100
package/docs/api/interfaces/RoleBasedRouterContextType.md +0 -151
package/docs/api/interfaces/RoleBasedRouterProps.md +0 -156
package/docs/api/interfaces/RoleManagementResult.md +0 -52
package/docs/api/interfaces/RouteAccessRecord.md +0 -107
package/docs/api/interfaces/RouteConfig.md +0 -134
package/docs/api/interfaces/RuntimeComplianceResult.md +0 -55
package/docs/api/interfaces/SecureDataContextType.md +0 -168
package/docs/api/interfaces/SecureDataProviderProps.md +0 -132
package/docs/api/interfaces/SessionRestorationLoaderProps.md +0 -34
package/docs/api/interfaces/SetupIssue.md +0 -41
package/docs/api/interfaces/StorageConfig.md +0 -41
package/docs/api/interfaces/StorageFileInfo.md +0 -74
package/docs/api/interfaces/StorageFileMetadata.md +0 -151
package/docs/api/interfaces/StorageListOptions.md +0 -99
package/docs/api/interfaces/StorageListResult.md +0 -41
package/docs/api/interfaces/StorageUploadOptions.md +0 -101
package/docs/api/interfaces/StorageUploadResult.md +0 -63
package/docs/api/interfaces/StorageUrlOptions.md +0 -60
package/docs/api/interfaces/StyleImport.md +0 -19
package/docs/api/interfaces/SwitchProps.md +0 -34
package/docs/api/interfaces/TabsContentProps.md +0 -9
package/docs/api/interfaces/TabsListProps.md +0 -9
package/docs/api/interfaces/TabsProps.md +0 -9
package/docs/api/interfaces/TabsTriggerProps.md +0 -50
package/docs/api/interfaces/TextareaProps.md +0 -53
package/docs/api/interfaces/ToastActionElement.md +0 -9
package/docs/api/interfaces/ToastProps.md +0 -9
package/docs/api/interfaces/UnifiedAuthContextType.md +0 -820
package/docs/api/interfaces/UnifiedAuthProviderProps.md +0 -171
package/docs/api/interfaces/UseFormDialogOptions.md +0 -62
package/docs/api/interfaces/UseFormDialogReturn.md +0 -117
package/docs/api/interfaces/UseInactivityTrackerOptions.md +0 -136
package/docs/api/interfaces/UseInactivityTrackerReturn.md +0 -123
package/docs/api/interfaces/UsePublicEventLogoOptions.md +0 -87
package/docs/api/interfaces/UsePublicEventLogoReturn.md +0 -81
package/docs/api/interfaces/UsePublicEventOptions.md +0 -34
package/docs/api/interfaces/UsePublicEventReturn.md +0 -68
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +0 -47
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +0 -120
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +0 -94
package/docs/api/interfaces/UseResolvedScopeOptions.md +0 -47
package/docs/api/interfaces/UseResolvedScopeReturn.md +0 -47
package/docs/api/interfaces/UseResourcePermissionsOptions.md +0 -34
package/docs/api/interfaces/UserEventAccess.md +0 -118
package/docs/api/interfaces/UserMenuProps.md +0 -86
package/docs/api/interfaces/UserProfile.md +0 -63
package/docs/migration/quick-migration-guide.md +0 -356
package/docs/migration/service-architecture.md +0 -281
package/src/components/EventSelector/EventSelector.test.tsx +0 -720
package/src/components/EventSelector/EventSelector.tsx +0 -420
package/src/components/EventSelector/index.ts +0 -3
package/src/components/OrganisationSelector/OrganisationSelector.test.tsx +0 -784
package/src/components/OrganisationSelector/OrganisationSelector.tsx +0 -324
package/src/components/OrganisationSelector/index.ts +0 -9
package/src/hooks/__tests__/useSecureDataAccess.unit.test.tsx +0 -680
package/src/hooks/useSecureDataAccess.test.ts +0 -559
package/src/hooks/useSecureDataAccess.ts +0 -681
/package/dist/{DataTable-DQ7RSOHE.js.map → DataTable-THFPBKTP.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-ATAP5UTR.js.map → UnifiedAuthProvider-KAGUYQ4J.js.map} +0 -0
/package/dist/{api-N774RPUA.js.map → api-IAGWF3ZG.js.map} +0 -0
/package/dist/{audit-B5P6FFIR.js.map → audit-V53FV5AG.js.map} +0 -0
/package/dist/{chunk-7D4SUZUM.js.map → chunk-DGUM43GV.js.map} +0 -0
/package/docs/migration/{organisation-context-timing-fix.md → V0.3.44_organisation-context-timing-fix.md} +0 -0
/package/docs/migration/{rbac-migration.md → V0.4.0_rbac-migration.md} +0 -0
/package/docs/migration/{person-scoped-profiles-migration-guide.md → V0.5.190_person-scoped-profiles-migration-guide.md} +0 -0
/package/docs/migration/{REACT_19_MIGRATION.md → V0.6.0_REACT_19_MIGRATION.md} +0 -0

package/dist/{chunk-KNC55RTG.js → chunk-RWEBCB47.js} RENAMED Viewed

@@ -3,76 +3,19 @@ import {
   emitAuditEvent,
   setGlobalAuditManager
 } from "./chunk-63FOKYGO.js";
+import {
+  ContextValidator,
+  InvalidScopeError,
+  MissingUserContextError,
+  OrganisationContextRequiredError,
+  PermissionDeniedError,
+  RBACError,
+  RBACNotInitializedError
+} from "./chunk-QRPVRXYT.js";
 import {
   createLogger
 } from "./chunk-PWLANIRT.js";
-// src/rbac/types.ts
-var RBACError = class extends Error {
-  constructor(message, code, context) {
-    super(message);
-    this.code = code;
-    this.context = context;
-    this.name = "RBACError";
-  }
-};
-var PermissionDeniedError = class extends RBACError {
-  constructor(permission, context) {
-    super(
-      `Permission denied: ${permission}`,
-      "PERMISSION_DENIED",
-      { permission, ...context }
-    );
-    this.name = "PermissionDeniedError";
-  }
-};
-var OrganisationContextRequiredError = class extends RBACError {
-  constructor() {
-    super(
-      "Organisation context is required for this operation",
-      "ORGANISATION_CONTEXT_REQUIRED"
-    );
-    this.name = "OrganisationContextRequiredError";
-  }
-};
-var EventContextRequiredError = class extends RBACError {
-  constructor() {
-    super(
-      "Event context is required for this operation",
-      "EVENT_CONTEXT_REQUIRED"
-    );
-    this.name = "EventContextRequiredError";
-  }
-};
-var RBACNotInitializedError = class extends RBACError {
-  constructor() {
-    super(
-      "RBAC system not initialized. Please call setupRBAC(supabase) before using any RBAC components or hooks. See: https://docs.pace-core.dev/rbac/setup",
-      "RBAC_NOT_INITIALIZED"
-    );
-    this.name = "RBACNotInitializedError";
-  }
-};
-var InvalidScopeError = class extends RBACError {
-  constructor(scope, reason) {
-    super(
-      `Invalid scope provided: ${JSON.stringify(scope)}. ${reason}`,
-      "INVALID_SCOPE",
-      { scope, reason }
-    );
-    this.name = "InvalidScopeError";
-  }
-};
-var MissingUserContextError = class extends RBACError {
-  constructor() {
-    super(
-      "User context is required but not available. Make sure to wrap your app with an auth provider.",
-      "MISSING_USER_CONTEXT"
-    );
-    this.name = "MissingUserContextError";
-  }
-};
 // src/rbac/cache.ts
 var RBACCache = class {
   constructor() {
@@ -694,228 +637,8 @@ function mapErrorCategoryToSecurityEventType(category) {
   }
 }
-// src/rbac/utils/eventContext.ts
-var orgDerivationCache = /* @__PURE__ */ new Map();
-var MAX_CACHE_SIZE = 100;
-async function getOrganisationFromEvent(supabase, eventId) {
-  if (orgDerivationCache.has(eventId)) {
-    return orgDerivationCache.get(eventId) ?? null;
-  }
-  const { data, error } = await supabase.from("core_events").select("organisation_id").eq("event_id", eventId).single();
-  let organisationId = null;
-  if (error || !data) {
-    organisationId = null;
-  } else if (data.organisation_id) {
-    organisationId = data.organisation_id;
-  } else {
-    organisationId = null;
-  }
-  if (orgDerivationCache.size >= MAX_CACHE_SIZE) {
-    const firstKey = orgDerivationCache.keys().next().value;
-    if (firstKey) {
-      orgDerivationCache.delete(firstKey);
-    }
-  }
-  orgDerivationCache.set(eventId, organisationId);
-  return organisationId;
-}
-// src/rbac/utils/contextValidator.ts
-var log2 = createLogger("ContextValidator");
-function allowsOptionalContexts(appName) {
-  return appName === "PORTAL" || appName === "ADMIN";
-}
-var ContextValidator = class {
-  /**
-   * Validate scope against app requirements
-   *
-   * @param scope - Current scope
-   * @param appConfig - App configuration (requires_event flag)
-   * @param appName - App name (for PORTAL/ADMIN special case)
-   * @returns Validation result with resolved scope
-   */
-  static async validateScope(scope, appConfig, appName) {
-    if (allowsOptionalContexts(appName)) {
-      return {
-        isValid: true,
-        resolvedScope: {
-          organisationId: scope.organisationId,
-          eventId: scope.eventId,
-          appId: scope.appId
-        },
-        error: null
-      };
-    }
-    if (!appConfig) {
-      if (!scope.organisationId) {
-        return {
-          isValid: false,
-          resolvedScope: null,
-          error: new OrganisationContextRequiredError()
-        };
-      }
-      return {
-        isValid: true,
-        resolvedScope: scope,
-        error: null
-      };
-    }
-    if (appConfig.requires_event) {
-      if (!scope.eventId) {
-        return {
-          isValid: false,
-          resolvedScope: null,
-          error: new EventContextRequiredError()
-        };
-      }
-      return {
-        isValid: true,
-        resolvedScope: scope,
-        error: null
-      };
-    }
-    if (!scope.organisationId) {
-      return {
-        isValid: false,
-        resolvedScope: null,
-        error: new OrganisationContextRequiredError()
-      };
-    }
-    return {
-      isValid: true,
-      resolvedScope: scope,
-      error: null
-    };
-  }
-  /**
-   * Resolve required context and derive missing values
-   *
-   * @param scope - Current scope
-   * @param appConfig - App configuration
-   * @param appName - App name (for PORTAL/ADMIN special case)
-   * @param supabase - Supabase client (for deriving org from event)
-   * @returns Resolved scope with all required context
-   */
-  static async resolveRequiredContext(scope, appConfig, appName, supabase) {
-    if (allowsOptionalContexts(appName)) {
-      return {
-        isValid: true,
-        resolvedScope: {
-          organisationId: scope.organisationId,
-          eventId: scope.eventId,
-          appId: scope.appId
-        },
-        error: null
-      };
-    }
-    if (!appConfig) {
-      if (!scope.organisationId) {
-        return {
-          isValid: false,
-          resolvedScope: null,
-          error: new OrganisationContextRequiredError()
-        };
-      }
-      return {
-        isValid: true,
-        resolvedScope: scope,
-        error: null
-      };
-    }
-    if (appConfig.requires_event) {
-      if (!scope.eventId) {
-        return {
-          isValid: false,
-          resolvedScope: null,
-          error: new EventContextRequiredError()
-        };
-      }
-      let organisationId = scope.organisationId;
-      if (!organisationId && supabase && scope.eventId) {
-        try {
-          const derivedOrgId = await this.deriveOrgFromEvent(supabase, scope.eventId);
-          organisationId = derivedOrgId || void 0;
-          if (!organisationId) {
-            return {
-              isValid: false,
-              resolvedScope: null,
-              error: new Error("Could not resolve organisation from event context")
-            };
-          }
-        } catch (error) {
-          log2.error("Failed to derive org from event:", error);
-          return {
-            isValid: false,
-            resolvedScope: null,
-            error: error instanceof Error ? error : new Error("Failed to derive organisation from event")
-          };
-        }
-      } else if (!organisationId) {
-        return {
-          isValid: false,
-          resolvedScope: null,
-          error: new Error("Event context requires organisationId but it could not be derived (supabase client not available)")
-        };
-      }
-      return {
-        isValid: true,
-        resolvedScope: {
-          organisationId,
-          eventId: scope.eventId,
-          appId: scope.appId
-        },
-        error: null
-      };
-    }
-    if (!scope.organisationId) {
-      return {
-        isValid: false,
-        resolvedScope: null,
-        error: new OrganisationContextRequiredError()
-      };
-    }
-    return {
-      isValid: true,
-      resolvedScope: scope,
-      error: null
-    };
-  }
-  /**
-   * Derive organisation ID from event ID
-   *
-   * @param supabase - Supabase client
-   * @param eventId - Event ID
-   * @returns Organisation ID or null
-   */
-  static async deriveOrgFromEvent(supabase, eventId) {
-    return getOrganisationFromEvent(supabase, eventId);
-  }
-  /**
-   * Check if context is ready for permission checks
-   *
-   * @param scope - Current scope
-   * @param appConfig - App configuration
-   * @param appName - App name
-   * @param hasSelectedEvent - Whether event is selected
-   * @param hasSelectedOrganisation - Whether organisation is selected
-   * @returns True if context is ready
-   */
-  static isContextReady(scope, appConfig, appName, hasSelectedEvent, hasSelectedOrganisation) {
-    if (allowsOptionalContexts(appName)) {
-      return true;
-    }
-    if (!appConfig) {
-      return !!hasSelectedOrganisation || !!scope.organisationId;
-    }
-    if (appConfig.requires_event) {
-      return !!hasSelectedEvent || !!scope.eventId;
-    }
-    return !!hasSelectedOrganisation || !!scope.organisationId;
-  }
-};
 // src/rbac/security.ts
-var log3 = createLogger("RBACSecurity");
+var log2 = createLogger("RBACSecurity");
 var RBACSecurityValidator = class {
   /**
    * Validate permission string format
@@ -1021,17 +744,6 @@ var RBACSecurityValidator = class {
   static async checkRateLimit(userId, operation) {
     return true;
   }
-  /**
-   * Validate context requirements for security
-   * @param scope - Scope object
-   * @param appConfig - App configuration
-   * @param appName - App name (for PORTAL special case)
-   * @returns True if context is valid, false otherwise
-   */
-  static async validateContextRequirements(scope, appConfig, appName) {
-    const validation = await ContextValidator.validateScope(scope, appConfig || null, appName);
-    return validation.isValid;
-  }
   // Only warn once per 5 seconds per user
   static logSecurityEvent(event) {
     const securityEvent = {
@@ -1049,7 +761,7 @@ var RBACSecurityValidator = class {
           this.rateLimitWarningCount.set(event.userId, userWarning);
           return;
         } else {
-          log3.warn("Security event (throttled):", {
+          log2.warn("Security event (throttled):", {
             ...securityEvent,
             details: {
               ...securityEvent.details,
@@ -1062,11 +774,11 @@ var RBACSecurityValidator = class {
         }
       } else {
         this.rateLimitWarningCount.set(event.userId, { count: 0, lastWarning: now });
-        log3.warn("Security event:", securityEvent);
+        log2.warn("Security event:", securityEvent);
         return;
       }
     }
-    log3.warn("Security event:", securityEvent);
+    log2.warn("Security event:", securityEvent);
   }
   /**
    * Get severity level for security event
@@ -1669,11 +1381,30 @@ var RBACEngine = class {
     if (cached !== null) {
       return cached;
     }
+    const startTime = Date.now();
     const now = (/* @__PURE__ */ new Date()).toISOString();
-    const { data, error } = await this.supabase.from("rbac_global_roles").select("role").eq("user_id", userId).eq("role", "super_admin").lte("valid_from", now).or(`valid_to.is.null,valid_to.gte.${now}`).limit(1);
-    const isSuperAdmin2 = !error && data && data.length > 0;
-    rbacCache.set(cacheKey, isSuperAdmin2, 6e4);
-    return Boolean(isSuperAdmin2);
+    try {
+      const { data, error } = await this.supabase.from("rbac_global_roles").select("role").eq("user_id", userId).eq("role", "super_admin").lte("valid_from", now).or(`valid_to.is.null,valid_to.gte.${now}`).limit(1);
+      const elapsed = Date.now() - startTime;
+      if (elapsed > 2e3) {
+        console.warn("[RBACEngine] Super admin check took longer than expected", {
+          userId,
+          elapsedMs: elapsed,
+          error: error?.message
+        });
+      }
+      const isSuperAdmin2 = !error && data && data.length > 0;
+      rbacCache.set(cacheKey, isSuperAdmin2, 6e4);
+      return Boolean(isSuperAdmin2);
+    } catch (err) {
+      const elapsed = Date.now() - startTime;
+      console.error("[RBACEngine] Error checking super admin", {
+        userId,
+        error: err,
+        elapsedMs: elapsed
+      });
+      return false;
+    }
   }
   /**
    * Resolve a page ID to UUID if it's a page name
@@ -1877,7 +1608,7 @@ function getInFlightRequestCount() {
 }
 // src/rbac/api.ts
-var log4 = createLogger("RBACAPI");
+var log3 = createLogger("RBACAPI");
 var globalEngine = null;
 function setupRBAC(supabase, config) {
   const logger = getRBACLogger();
@@ -1908,73 +1639,76 @@ function setupRBAC(supabase, config) {
     enablePerformanceMonitoring();
   }
 }
+function isRBACInitialized() {
+  return globalEngine !== null;
+}
 function getEngine() {
   if (!globalEngine) {
     throw new RBACNotInitializedError();
   }
   return globalEngine;
 }
-async function getAccessLevel(input, appConfig, appName) {
-  const engine = getEngine();
-  const isSuperAdminUser = await engine["checkSuperAdmin"](input.userId);
-  if (isSuperAdminUser) {
-    return "super";
-  }
-  let resolvedAppConfig = appConfig ?? null;
-  let resolvedAppName = appName;
-  if (!resolvedAppConfig && input.scope.appId) {
-    resolvedAppConfig = await getAppConfig(input.scope.appId);
-  }
-  const validation = await ContextValidator.resolveRequiredContext(
-    input.scope,
-    resolvedAppConfig,
-    resolvedAppName,
-    engine["supabase"]
-  );
-  if (!validation.isValid || !validation.resolvedScope) {
-    throw validation.error || new OrganisationContextRequiredError();
+async function getAccessLevel(input, appName) {
+  try {
+    const engine = getEngine();
+    const isSuperAdminUser = await engine["checkSuperAdmin"](input.userId);
+    if (isSuperAdminUser) {
+      return "super";
+    }
+    const validation = await ContextValidator.resolveScopeForPage(
+      input.scope,
+      "organisation",
+      // Default to organisation scope when no page context
+      appName,
+      engine["supabase"]
+    );
+    if (!validation.isValid || !validation.resolvedScope) {
+      throw validation.error || new OrganisationContextRequiredError();
+    }
+    return engine.getAccessLevel({
+      ...input,
+      scope: validation.resolvedScope
+    });
+  } catch (error) {
+    throw error;
   }
-  return engine.getAccessLevel({
-    ...input,
-    scope: validation.resolvedScope
-  });
 }
-async function getPermissionMap(input, appConfig, appName) {
-  const engine = getEngine();
-  let resolvedAppConfig = appConfig ?? null;
-  let resolvedAppName = appName;
-  if (!resolvedAppConfig && input.scope.appId) {
-    resolvedAppConfig = await getAppConfig(input.scope.appId);
-  }
-  const validation = await ContextValidator.resolveRequiredContext(
-    input.scope,
-    resolvedAppConfig,
-    resolvedAppName,
-    engine["supabase"]
-  );
-  if (!validation.isValid || !validation.resolvedScope) {
-    throw validation.error || new OrganisationContextRequiredError();
+async function getPermissionMap(input, appName) {
+  try {
+    const engine = getEngine();
+    const validation = await ContextValidator.resolveScopeForPage(
+      input.scope,
+      "organisation",
+      // Default to organisation scope when no page context
+      appName,
+      engine["supabase"]
+    );
+    if (!validation.isValid || !validation.resolvedScope) {
+      throw validation.error || new OrganisationContextRequiredError();
+    }
+    return engine.getPermissionMap({
+      ...input,
+      scope: validation.resolvedScope
+    });
+  } catch (error) {
+    throw error;
   }
-  return engine.getPermissionMap({
-    ...input,
-    scope: validation.resolvedScope
-  });
 }
 async function resolveAppContext(input) {
-  const engine = getEngine();
-  return engine.resolveAppContext(input);
+  try {
+    const engine = getEngine();
+    return await engine.resolveAppContext(input);
+  } catch (error) {
+    throw error;
+  }
 }
-async function getRoleContext(input, appConfig, appName) {
+async function getRoleContext(input, appName) {
   const engine = getEngine();
-  let resolvedAppConfig = appConfig ?? null;
-  let resolvedAppName = appName;
-  if (!resolvedAppConfig && input.scope.appId) {
-    resolvedAppConfig = await getAppConfig(input.scope.appId);
-  }
-  const validation = await ContextValidator.resolveRequiredContext(
+  const validation = await ContextValidator.resolveScopeForPage(
     input.scope,
-    resolvedAppConfig,
-    resolvedAppName,
+    "organisation",
+    // Default to organisation scope when no page context
+    appName,
     engine["supabase"]
   );
   if (!validation.isValid || !validation.resolvedScope) {
@@ -1985,17 +1719,18 @@ async function getRoleContext(input, appConfig, appName) {
     scope: validation.resolvedScope
   });
 }
-async function isPermitted(input, appConfig, appName) {
+async function isPermitted(input, appName, precomputedSuperAdmin = null) {
   const engine = getEngine();
-  const isSuperAdminUser = await engine["checkSuperAdmin"](input.userId);
-  if (isSuperAdminUser) {
+  if (precomputedSuperAdmin === true) {
     return true;
   }
-  let resolvedAppConfig = appConfig ?? null;
-  let resolvedAppName = appName;
-  if (!resolvedAppConfig && input.scope.appId) {
-    resolvedAppConfig = await getAppConfig(input.scope.appId);
+  if (precomputedSuperAdmin === null) {
+    const isSuperAdminUser = await engine["checkSuperAdmin"](input.userId);
+    if (isSuperAdminUser) {
+      return true;
+    }
   }
+  let resolvedAppName = appName;
   if (!resolvedAppName && input.scope.appId) {
     try {
       const { data } = await engine["supabase"].from("rbac_apps").select("name").eq("id", input.scope.appId).eq("is_active", true).single();
@@ -2005,9 +1740,28 @@ async function isPermitted(input, appConfig, appName) {
     } catch (err) {
     }
   }
-  const validation = await ContextValidator.resolveRequiredContext(
+  let pageScopeType;
+  if (input.pageId) {
+    try {
+      const scopeType = await getPageScopeType(
+        input.pageId,
+        input.scope.appId,
+        resolvedAppName
+      );
+      if (!scopeType) {
+        throw new Error(`Page ${input.pageId} does not have scope_type set`);
+      }
+      pageScopeType = scopeType;
+    } catch (err) {
+      log3.error("Failed to get page scope type:", err);
+      throw new Error(`Failed to determine page scope type: ${err instanceof Error ? err.message : String(err)}`);
+    }
+  } else {
+    pageScopeType = "organisation";
+  }
+  const validation = await ContextValidator.resolveScopeForPage(
     input.scope,
-    resolvedAppConfig,
+    pageScopeType,
     resolvedAppName,
     engine["supabase"]
   );
@@ -2015,6 +1769,44 @@ async function isPermitted(input, appConfig, appName) {
     throw validation.error || new OrganisationContextRequiredError();
   }
   const validatedScope = validation.resolvedScope;
+  if (pageScopeType === "both" && input.pageId) {
+    const eventScope = {
+      organisationId: validatedScope.organisationId,
+      // Org derived from event
+      eventId: validatedScope.eventId,
+      appId: validatedScope.appId
+    };
+    const eventSecurityContext = {
+      userId: input.userId,
+      organisationId: eventScope.organisationId || null,
+      timestamp: /* @__PURE__ */ new Date()
+    };
+    const eventInput = {
+      ...input,
+      scope: eventScope
+    };
+    const hasEventPermission = await engine.isPermitted(eventInput, eventSecurityContext);
+    if (validatedScope.organisationId && validatedScope.eventId) {
+      const orgScope = {
+        organisationId: validatedScope.organisationId,
+        eventId: void 0,
+        // Clear event for org-only check
+        appId: validatedScope.appId
+      };
+      const orgSecurityContext = {
+        userId: input.userId,
+        organisationId: orgScope.organisationId || null,
+        timestamp: /* @__PURE__ */ new Date()
+      };
+      const orgInput = {
+        ...input,
+        scope: orgScope
+      };
+      const hasOrgPermission = await engine.isPermitted(orgInput, orgSecurityContext);
+      return hasEventPermission || hasOrgPermission;
+    }
+    return hasEventPermission;
+  }
   const securityContext = {
     userId: input.userId,
     organisationId: validatedScope.organisationId || null,
@@ -2027,7 +1819,7 @@ async function isPermitted(input, appConfig, appName) {
   };
   return engine.isPermitted(validatedInput, securityContext);
 }
-async function isPermittedCached(input, appConfig, appName) {
+async function isPermittedCached(input, appName) {
   const { userId, scope, permission, pageId } = input;
   const cacheKey = RBACCache.generatePermissionKey({
     userId,
@@ -2042,7 +1834,7 @@ async function isPermittedCached(input, appConfig, appName) {
     return cached;
   }
   return getOrCreateRequest(input, async (checkInput) => {
-    const result = await isPermitted(checkInput, appConfig, appName);
+    const result = await isPermitted(checkInput, appName, null);
     const isPageLevelCheck = !!pageId || permission.includes("page.");
     rbacCache.set(cacheKey, result, void 0, isPageLevelCheck);
     return result;
@@ -2081,50 +1873,40 @@ async function isSuperAdmin(userId) {
   const engine = getEngine();
   return engine["checkSuperAdmin"](userId);
 }
-async function getAppConfig(appId) {
+async function getPageScopeType(pageId, appId, appName) {
+  const engine = getEngine();
   try {
-    const engine = getEngine();
-    return getAppConfigWithClient(engine["supabase"], appId);
-  } catch (err) {
-    if (err instanceof RBACNotInitializedError) {
-      return null;
+    let resolvedAppId = appId;
+    if (!resolvedAppId && appName) {
+      const { data: app } = await engine["supabase"].from("rbac_apps").select("id").eq("name", appName).eq("is_active", true).single();
+      resolvedAppId = app?.id;
     }
-    throw err;
-  }
-}
-async function getAppConfigWithClient(client, appId) {
-  if (!client) {
-    return null;
-  }
-  const cacheKey = `app_config:${appId}`;
-  const cached = rbacCache.get(cacheKey, true);
-  if (cached !== null) {
-    return cached;
-  }
-  try {
-    const { data, error } = await client.from("rbac_apps").select("requires_event, name").eq("id", appId).eq("is_active", true).single();
-    if (error || !data) {
-      return null;
+    if (!resolvedAppId) {
+      throw new Error(`Could not resolve appId for page ${pageId}`);
     }
-    const appConfig = { requires_event: data.requires_event ?? false };
-    rbacCache.set(cacheKey, appConfig, 5 * 60 * 1e3, true);
-    return appConfig;
-  } catch (err) {
-    log4.error("Error fetching app config:", err);
-    return null;
-  }
-}
-async function getAppConfigByName(appName) {
-  const engine = getEngine();
-  try {
-    const { data, error } = await engine["supabase"].from("rbac_apps").select("requires_event, name").eq("name", appName).eq("is_active", true).single();
-    if (error || !data) {
-      return null;
+    let resolvedPageId = pageId;
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+    if (!uuidRegex.test(pageId)) {
+      const { data: page } = await engine["supabase"].from("rbac_app_pages").select("id").eq("app_id", resolvedAppId).eq("page_name", pageId).maybeSingle();
+      resolvedPageId = page?.id || pageId;
+    }
+    if (!uuidRegex.test(resolvedPageId)) {
+      throw new Error(`Could not resolve pageId ${pageId} to a valid UUID`);
     }
-    return { requires_event: data.requires_event ?? false };
+    const { data, error } = await engine["supabase"].rpc("get_page_scope_type", {
+      p_page_id: resolvedPageId
+    });
+    if (error) {
+      log3.error("Error fetching page scope type:", { pageId, appId, error });
+      throw new Error(`Failed to get page scope type: ${error.message}`);
+    }
+    if (!data) {
+      throw new Error(`Page ${resolvedPageId} does not have scope_type set`);
+    }
+    return data;
   } catch (err) {
-    log4.error("Error fetching app config by name:", err);
-    return null;
+    log3.error("Error fetching page scope type:", err);
+    throw err instanceof Error ? err : new Error(`Failed to get page scope type: ${String(err)}`);
   }
 }
 async function isOrganisationAdmin(userId, organisationId) {
@@ -2167,12 +1949,9 @@ function clearCache() {
 }
 export {
-  OrganisationContextRequiredError,
-  RBACNotInitializedError,
   RBACCache,
   rbacCache,
   CACHE_PATTERNS,
-  ContextValidator,
   createRBACConfig,
   getRBACConfig,
   getRBACLogger,
@@ -2191,6 +1970,7 @@ export {
   clearInFlightRequests,
   getInFlightRequestCount,
   setupRBAC,
+  isRBACInitialized,
   getAccessLevel,
   getPermissionMap,
   resolveAppContext,
@@ -2201,9 +1981,7 @@ export {
   hasAnyPermission,
   hasAllPermissions,
   isSuperAdmin,
-  getAppConfig,
-  getAppConfigWithClient,
-  getAppConfigByName,
+  getPageScopeType,
   isOrganisationAdmin,
   isEventAdmin,
   invalidateUserCache,
@@ -2212,4 +1990,4 @@ export {
   invalidateAppCache,
   clearCache
 };
-//# sourceMappingURL=chunk-KNC55RTG.js.map
+//# sourceMappingURL=chunk-RWEBCB47.js.map