npm - @jmruthers/pace-core - Versions diffs - 0.6.1 → 0.6.3 - Mend

@jmruthers/pace-core 0.6.1 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (549) hide show

package/CHANGELOG.md +88 -10
package/cursor-rules/00-pace-core-compliance.mdc +46 -87
package/cursor-rules/01-standards-compliance.mdc +16 -47
package/cursor-rules/02-project-structure.mdc +4 -4
package/cursor-rules/03-solid-principles.mdc +45 -164
package/cursor-rules/04-testing-standards.mdc +22 -69
package/cursor-rules/05-bug-reports-and-features.mdc +2 -2
package/cursor-rules/06-code-quality.mdc +42 -125
package/cursor-rules/07-tech-stack-compliance.mdc +33 -128
package/cursor-rules/08-markup-quality.mdc +452 -0
package/cursor-rules/CHANGELOG.md +18 -0
package/cursor-rules/README.md +2 -1
package/dist/{AuthService-DjnJHDtC.d.ts → AuthService-Cb34EQs3.d.ts} +63 -1
package/dist/{DataTable-CH1U5Tpy.d.ts → DataTable-BMRU8a1j.d.ts} +33 -1
package/dist/{DataTable-DQ7RSOHE.js → DataTable-THFPBKTP.js} +12 -10
package/dist/{PublicPageProvider-ce4xlHYA.d.ts → PublicPageProvider-DEMpysFR.d.ts} +394 -171
package/dist/{UnifiedAuthProvider-185Ih4dj.d.ts → UnifiedAuthProvider-CKvHP1MK.d.ts} +30 -8
package/dist/{UnifiedAuthProvider-ATAP5UTR.js → UnifiedAuthProvider-KAGUYQ4J.js} +5 -4
package/dist/{api-N774RPUA.js → api-IAGWF3ZG.js} +10 -10
package/dist/{audit-B5P6FFIR.js → audit-V53FV5AG.js} +2 -2
package/dist/{chunk-JBKQ3SAO.js → chunk-2T2IG7T7.js} +107 -57
package/dist/chunk-2T2IG7T7.js.map +1 -0
package/dist/{chunk-3QRJFVBR.js → chunk-6SOIHG6Z.js} +1 -1
package/dist/chunk-6SOIHG6Z.js.map +1 -0
package/dist/{chunk-3XTALGJF.js → chunk-6Z7LTB3D.js} +69 -240
package/dist/chunk-6Z7LTB3D.js.map +1 -0
package/dist/{chunk-4ZC4GX36.js → chunk-CNCQDFLN.js} +199 -46
package/dist/chunk-CNCQDFLN.js.map +1 -0
package/dist/chunk-DGUM43GV.js +11 -0
package/dist/{chunk-BYFSK72L.js → chunk-DWUBLJJM.js} +361 -187
package/dist/chunk-DWUBLJJM.js.map +1 -0
package/dist/{chunk-LXQLPRQ2.js → chunk-FFQEQTNW.js} +6 -8
package/dist/chunk-FFQEQTNW.js.map +1 -0
package/dist/chunk-FMUCXFII.js +76 -0
package/dist/chunk-FMUCXFII.js.map +1 -0
package/dist/{chunk-4N5C5XZU.js → chunk-HFZBI76P.js} +4 -4
package/dist/chunk-HFZBI76P.js.map +1 -0
package/dist/{chunk-SQGMNID3.js → chunk-L4OXEN46.js} +4 -5
package/dist/chunk-L4OXEN46.js.map +1 -0
package/dist/{chunk-R77UEZ4E.js → chunk-M43Y4SSO.js} +1 -1
package/dist/chunk-M43Y4SSO.js.map +1 -0
package/dist/{chunk-I7PSE6JW.js → chunk-M7MPQISP.js} +3 -76
package/dist/chunk-M7MPQISP.js.map +1 -0
package/dist/chunk-PQBSKX33.js +7793 -0
package/dist/chunk-PQBSKX33.js.map +1 -0
package/dist/chunk-QRPVRXYT.js +226 -0
package/dist/chunk-QRPVRXYT.js.map +1 -0
package/dist/{chunk-KNC55RTG.js → chunk-RWEBCB47.js} +194 -416
package/dist/chunk-RWEBCB47.js.map +1 -0
package/dist/{chunk-XM25TVIE.js → chunk-YDQHOZNA.js} +843 -388
package/dist/chunk-YDQHOZNA.js.map +1 -0
package/dist/{chunk-GLK6VM3F.js → chunk-ZNIWI3UC.js} +739 -737
package/dist/chunk-ZNIWI3UC.js.map +1 -0
package/dist/components.d.ts +5 -5
package/dist/components.js +18 -16
package/dist/components.js.map +1 -1
package/dist/contextValidator-3JNZKUTX.js +9 -0
package/dist/contextValidator-3JNZKUTX.js.map +1 -0
package/dist/eslint-rules/pace-core-compliance.cjs +106 -0
package/dist/{functions-D_kgHktt.d.ts → functions-DHebl8-F.d.ts} +1 -1
package/dist/hooks.d.ts +55 -122
package/dist/hooks.js +10 -13
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +60 -13
package/dist/index.js +30 -25
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +21 -3
package/dist/providers.js +4 -3
package/dist/rbac/index.d.ts +210 -139
package/dist/rbac/index.js +17 -13
package/dist/styles/index.js +1 -1
package/dist/theming/runtime.d.ts +1 -13
package/dist/theming/runtime.js +2 -2
package/dist/{timezone-_pgH8qrY.d.ts → timezone-CHhWg6b4.d.ts} +3 -10
package/dist/{types-UU913iLA.d.ts → types-BeoeWV5I.d.ts} +8 -0
package/dist/{types-CEpcvwwF.d.ts → types-CkbwOr4Y.d.ts} +6 -0
package/dist/types.d.ts +2 -2
package/dist/types.js +1 -1
package/dist/{usePublicRouteParams-BJAlWfuJ.d.ts → usePublicRouteParams-i3qtoBgg.d.ts} +38 -17
package/dist/utils.d.ts +4 -5
package/dist/utils.js +17 -19
package/dist/utils.js.map +1 -1
package/docs/api/README.md +21 -17
package/docs/api/modules.md +4191 -2967
package/docs/architecture/database-schema-requirements.md +161 -0
package/docs/components/context-selector.md +126 -0
package/docs/core-concepts/rbac-system.md +3 -3
package/docs/documentation-index.md +2 -4
package/docs/getting-started/cursor-rules.md +2 -1
package/docs/migration/DOCUMENTATION_STRUCTURE.md +441 -0
package/docs/migration/MIGRATION_GUIDE.md +2 -24
package/docs/migration/RBAC_SCOPE_MIGRATION.md +385 -0
package/docs/migration/README.md +52 -6
package/docs/migration/V0.5.190_TO_V0.6.1_MIGRATION.md +1153 -0
package/docs/migration/database-changes-december-2025.md +3 -3
package/docs/pace-mint-fix-auto-selection.md +218 -0
package/docs/pace-mint-rbac-setup.md +391 -0
package/docs/rbac/event-based-apps.md +1 -1
package/docs/rbac/getting-started.md +1 -1
package/docs/rbac/quick-start.md +1 -1
package/docs/rbac/secure-client-protection.md +330 -0
package/docs/standards/README.md +1 -0
package/package.json +4 -3
package/scripts/audit/core/checks/accessibility.cjs +197 -0
package/scripts/audit/core/checks/api-usage.cjs +191 -0
package/scripts/audit/core/checks/bundle.cjs +142 -0
package/scripts/{check-pace-core-compliance.cjs → audit/core/checks/compliance.cjs} +784 -685
package/scripts/audit/core/checks/config.cjs +54 -0
package/scripts/audit/core/checks/coverage.cjs +84 -0
package/scripts/audit/core/checks/dependencies.cjs +985 -0
package/scripts/audit/core/checks/documentation.cjs +268 -0
package/scripts/audit/core/checks/environment.cjs +116 -0
package/scripts/audit/core/checks/error-handling.cjs +340 -0
package/scripts/audit/core/checks/forms.cjs +172 -0
package/scripts/audit/core/checks/heuristics.cjs +68 -0
package/scripts/audit/core/checks/hooks.cjs +334 -0
package/scripts/audit/core/checks/imports.cjs +244 -0
package/scripts/audit/core/checks/performance.cjs +325 -0
package/scripts/audit/core/checks/routes.cjs +117 -0
package/scripts/audit/core/checks/state.cjs +130 -0
package/scripts/audit/core/checks/structure.cjs +65 -0
package/scripts/audit/core/checks/style.cjs +584 -0
package/scripts/audit/core/checks/testing.cjs +122 -0
package/scripts/audit/core/checks/typescript.cjs +61 -0
package/scripts/audit/core/scanner.cjs +199 -0
package/scripts/audit/core/utils.cjs +137 -0
package/scripts/audit/index.cjs +223 -0
package/scripts/audit/reporters/console.cjs +151 -0
package/scripts/audit/reporters/json.cjs +54 -0
package/scripts/audit/reporters/markdown.cjs +124 -0
package/scripts/audit-consuming-app.cjs +61 -936
package/scripts/build-docs/build-decision.js +240 -0
package/scripts/build-docs/cache-utils.js +105 -0
package/scripts/build-docs/content-normalization.js +150 -0
package/scripts/build-docs/file-utils.js +105 -0
package/scripts/build-docs/git-utils.js +86 -0
package/scripts/build-docs/hash-utils.js +116 -0
package/scripts/build-docs/typedoc-runner.js +220 -0
package/scripts/build-docs-incremental.js +77 -913
package/scripts/utils/command-runner.js +16 -11
package/scripts/validate-formats.js +61 -56
package/scripts/validate-master.js +74 -69
package/scripts/validate-pre-publish.js +70 -65
package/src/__tests__/hooks/usePermissions.test.ts +2 -2
package/src/components/Alert/Alert.test.tsx +12 -18
package/src/components/Alert/Alert.tsx +5 -7
package/src/components/Avatar/Avatar.test.tsx +4 -4
package/src/components/Badge/Badge.tsx +14 -0
package/src/components/Button/Button.tsx +22 -0
package/src/components/Calendar/Calendar.tsx +8 -2
package/src/components/Card/Card.tsx +4 -0
package/src/components/Checkbox/Checkbox.test.tsx +12 -12
package/src/components/Checkbox/Checkbox.tsx +2 -2
package/src/components/ContextSelector/ContextSelector.tsx +384 -0
package/src/components/ContextSelector/index.ts +3 -0
package/src/components/DataTable/DataTable.tsx +38 -4
package/src/components/DataTable/__tests__/DataTableCore.test-setup.ts +5 -6
package/src/components/DataTable/__tests__/pagination.modes.test.tsx +18 -4
package/src/components/DataTable/__tests__/test-utils/sharedTestUtils.tsx +2 -3
package/src/components/DataTable/components/AccessDeniedPage.tsx +16 -25
package/src/components/DataTable/components/ActionButtons.tsx +10 -7
package/src/components/DataTable/components/BulkOperationsDropdown.tsx +1 -1
package/src/components/DataTable/components/ColumnFilter.tsx +10 -0
package/src/components/DataTable/components/ColumnVisibilityDropdown.tsx +12 -0
package/src/components/DataTable/components/DataTableBody.tsx +8 -0
package/src/components/DataTable/components/DataTableCore.tsx +196 -554
package/src/components/DataTable/components/DataTableErrorBoundary.tsx +11 -0
package/src/components/DataTable/components/DataTableLayout.tsx +559 -0
package/src/components/DataTable/components/DataTableModals.tsx +8 -0
package/src/components/DataTable/components/DataTableToolbar.tsx +8 -0
package/src/components/DataTable/components/DraggableColumnHeader.tsx +12 -0
package/src/components/DataTable/components/EditFields.tsx +307 -0
package/src/components/DataTable/components/EditableRow.tsx +8 -0
package/src/components/DataTable/components/EmptyState.tsx +10 -0
package/src/components/DataTable/components/FilterRow.tsx +12 -0
package/src/components/DataTable/components/GroupHeader.tsx +12 -0
package/src/components/DataTable/components/GroupingDropdown.tsx +12 -0
package/src/components/DataTable/components/ImportModal.tsx +7 -0
package/src/components/DataTable/components/LoadingState.tsx +6 -0
package/src/components/DataTable/components/PaginationControls.tsx +16 -1
package/src/components/DataTable/components/RowComponent.tsx +391 -0
package/src/components/DataTable/components/UnifiedTableBody.tsx +63 -851
package/src/components/DataTable/components/VirtualizedDataTable.tsx +16 -4
package/src/components/DataTable/components/__tests__/AccessDeniedPage.test.tsx +4 -2
package/src/components/DataTable/components/cellValueUtils.ts +40 -0
package/src/components/DataTable/components/hooks/useImportModalFocus.ts +53 -0
package/src/components/DataTable/components/hooks/usePermissionTracking.ts +126 -0
package/src/components/DataTable/context/DataTableContext.tsx +50 -0
package/src/components/DataTable/core/ColumnFactory.ts +31 -0
package/src/components/DataTable/core/DataTableContext.tsx +32 -1
package/src/components/DataTable/hooks/useColumnOrderPersistence.ts +10 -0
package/src/components/DataTable/hooks/useColumnReordering.ts +12 -0
package/src/components/DataTable/hooks/useColumnVisibilityPersistence.ts +10 -0
package/src/components/DataTable/hooks/useDataTableDataPipeline.ts +16 -0
package/src/components/DataTable/hooks/useDataTablePermissions.ts +127 -33
package/src/components/DataTable/hooks/useDataTableState.ts +35 -1
package/src/components/DataTable/hooks/useEffectiveColumnOrder.ts +12 -0
package/src/components/DataTable/hooks/useServerSideDataEffect.ts +11 -0
package/src/components/DataTable/hooks/useTableColumns.ts +8 -0
package/src/components/DataTable/hooks/useTableHandlers.ts +14 -0
package/src/components/DataTable/styles.ts +6 -6
package/src/components/DataTable/types.ts +6 -10
package/src/components/DataTable/utils/a11yUtils.ts +7 -0
package/src/components/DataTable/utils/debugTools.ts +18 -113
package/src/components/DataTable/utils/errorHandling.ts +12 -0
package/src/components/DataTable/utils/exportUtils.ts +9 -0
package/src/components/DataTable/utils/flexibleImport.ts +12 -48
package/src/components/DataTable/utils/paginationUtils.ts +8 -0
package/src/components/DataTable/utils/performanceUtils.ts +5 -1
package/src/components/Dialog/Dialog.tsx +31 -3
package/src/components/ErrorBoundary/ErrorBoundary.test.tsx +180 -1
package/src/components/ErrorBoundary/ErrorBoundary.tsx +45 -5
package/src/components/ErrorBoundary/ErrorBoundaryContext.tsx +129 -0
package/src/components/ErrorBoundary/index.ts +27 -2
package/src/components/FileDisplay/FileDisplay.tsx +74 -28
package/src/components/FileUpload/FileUpload.tsx +22 -2
package/src/components/Footer/Footer.test.tsx +16 -16
package/src/components/Footer/Footer.tsx +14 -11
package/src/components/Form/Form.tsx +1 -0
package/src/components/Header/Header.test.tsx +43 -73
package/src/components/Header/Header.tsx +59 -49
package/src/components/Input/Input.test.tsx +2 -2
package/src/components/Input/Input.tsx +8 -4
package/src/components/LoadingSpinner/LoadingSpinner.test.tsx +4 -4
package/src/components/LoginForm/LoginForm.tsx +4 -0
package/src/components/NavigationMenu/NavigationMenu.tsx +14 -513
package/src/components/NavigationMenu/types.ts +56 -0
package/src/components/NavigationMenu/useNavigationFiltering.ts +390 -0
package/src/components/PaceAppLayout/PaceAppLayout.integration.test.tsx +10 -19
package/src/components/PaceAppLayout/PaceAppLayout.performance.test.tsx +2 -2
package/src/components/PaceAppLayout/PaceAppLayout.security.test.tsx +5 -5
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +13 -11
package/src/components/PaceAppLayout/PaceAppLayout.tsx +167 -44
package/src/components/PaceAppLayout/README.md +14 -17
package/src/components/PaceAppLayout/test-setup.tsx +3 -4
package/src/components/PaceLoginPage/PaceLoginPage.tsx +3 -0
package/src/components/PasswordChange/PasswordChangeForm.tsx +9 -0
package/src/components/ProtectedRoute/ProtectedRoute.tsx +3 -9
package/src/components/PublicLayout/PublicPageLayout.tsx +2 -5
package/src/components/PublicLayout/PublicPageProvider.tsx +4 -0
package/src/components/Select/Select.tsx +80 -434
package/src/components/Select/context.ts +23 -0
package/src/components/Select/hooks/useSelectEvents.ts +87 -0
package/src/components/Select/hooks/useSelectSearch.ts +91 -0
package/src/components/Select/hooks/useSelectState.ts +104 -0
package/src/components/Select/index.ts +9 -1
package/src/components/Select/types.ts +123 -0
package/src/components/Select/utils/text.ts +26 -0
package/src/components/SessionRestorationLoader/SessionRestorationLoader.tsx +4 -5
package/src/components/Switch/Switch.tsx +4 -4
package/src/components/Tabs/Tabs.tsx +1 -1
package/src/components/Toast/Toast.tsx +4 -0
package/src/components/Tooltip/Tooltip.tsx +2 -2
package/src/components/UserMenu/UserMenu.test.tsx +24 -11
package/src/components/UserMenu/UserMenu.tsx +21 -18
package/src/components/index.ts +7 -7
package/src/eslint-rules/pace-core-compliance.cjs +106 -0
package/src/hooks/__tests__/index.unit.test.ts +2 -5
package/src/hooks/__tests__/useAppConfig.unit.test.ts +4 -98
package/src/hooks/index.ts +1 -2
package/src/hooks/public/usePublicEvent.ts +4 -0
package/src/hooks/public/usePublicEventLogo.ts +4 -0
package/src/hooks/public/usePublicFileDisplay.ts +4 -0
package/src/hooks/public/usePublicRouteParams.ts +4 -0
package/src/hooks/services/useAuth.ts +32 -0
package/src/hooks/services/useCurrentEvent.ts +6 -0
package/src/hooks/services/useCurrentOrganisation.ts +6 -0
package/src/hooks/useAppConfig.ts +15 -30
package/src/hooks/useDebounce.ts +9 -0
package/src/hooks/useEventTheme.ts +6 -0
package/src/hooks/useFileDisplay.ts +81 -50
package/src/hooks/useFileReference.ts +25 -7
package/src/hooks/useFileUrl.ts +11 -1
package/src/hooks/useFocusManagement.ts +14 -0
package/src/hooks/useFocusTrap.ts +3 -0
package/src/hooks/useInactivityTracker.ts +3 -0
package/src/hooks/useKeyboardShortcuts.ts +4 -0
package/src/hooks/useOrganisationPermissions.ts +4 -0
package/src/hooks/useOrganisationSecurity.ts +4 -0
package/src/hooks/usePerformanceMonitor.ts +4 -0
package/src/hooks/usePermissionCache.ts +7 -0
package/src/hooks/useQueryCache.ts +12 -1
package/src/hooks/useSessionRestoration.ts +4 -0
package/src/hooks/useStorage.ts +4 -0
package/src/hooks/useToast.ts +1 -1
package/src/index.ts +6 -6
package/src/providers/__tests__/OrganisationProvider.test.tsx +92 -70
package/src/providers/services/AuthServiceProvider.tsx +35 -7
package/src/providers/services/EventServiceProvider.tsx +51 -5
package/src/providers/services/InactivityServiceProvider.tsx +18 -0
package/src/providers/services/OrganisationServiceProvider.tsx +18 -0
package/src/providers/services/UnifiedAuthProvider.tsx +126 -134
package/src/providers/services/__tests__/AuthServiceProvider.integration.test.tsx +29 -13
package/src/rbac/README.md +1 -1
package/src/rbac/__tests__/adapters.comprehensive.test.tsx +1 -1
package/src/rbac/__tests__/scenarios.user-role.test.tsx +4 -5
package/src/rbac/adapters.tsx +12 -3
package/src/rbac/api.test.ts +59 -51
package/src/rbac/api.ts +246 -167
package/src/rbac/components/NavigationProvider.tsx +4 -1
package/src/rbac/components/PagePermissionGuard.tsx +185 -17
package/src/rbac/components/RoleBasedRouter.tsx +5 -1
package/src/rbac/components/SecureDataProvider.test.tsx +84 -49
package/src/rbac/components/SecureDataProvider.tsx +20 -5
package/src/rbac/components/__tests__/PagePermissionGuard.race-condition.test.tsx +24 -14
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +7 -0
package/src/rbac/components/__tests__/PagePermissionGuard.verification.test.tsx +14 -6
package/src/rbac/components/__tests__/RoleBasedRouter.test.tsx +15 -4
package/src/rbac/components/__tests__/SecureDataProvider.fixed.test.tsx +148 -24
package/src/rbac/components/__tests__/SecureDataProvider.test.tsx +81 -15
package/src/rbac/engine.ts +38 -14
package/src/rbac/hooks/__tests__/useSecureSupabase.test.ts +32 -21
package/src/rbac/hooks/permissions/index.ts +7 -0
package/src/rbac/hooks/permissions/useAccessLevel.ts +105 -0
package/src/rbac/hooks/permissions/useCachedPermissions.ts +79 -0
package/src/rbac/hooks/permissions/useCan.ts +377 -0
package/src/rbac/hooks/permissions/useHasAllPermissions.ts +90 -0
package/src/rbac/hooks/permissions/useHasAnyPermission.ts +90 -0
package/src/rbac/hooks/permissions/useMultiplePermissions.ts +93 -0
package/src/rbac/hooks/permissions/usePermissions.ts +253 -0
package/src/rbac/hooks/useCan.test.ts +64 -66
package/src/rbac/hooks/usePermissions.ts +14 -995
package/src/rbac/hooks/useRBAC.test.ts +1 -5
package/src/rbac/hooks/useRBAC.ts +36 -37
package/src/rbac/hooks/useResolvedScope.test.ts +120 -35
package/src/rbac/hooks/useResolvedScope.ts +35 -40
package/src/rbac/hooks/useResourcePermissions.test.ts +54 -18
package/src/rbac/hooks/useResourcePermissions.ts +14 -4
package/src/rbac/hooks/useSecureSupabase.ts +27 -7
package/src/rbac/index.ts +7 -0
package/src/rbac/permissions.ts +0 -30
package/src/rbac/secureClient.test.ts +22 -18
package/src/rbac/secureClient.ts +294 -68
package/src/rbac/security.ts +0 -17
package/src/rbac/types.ts +9 -0
package/src/rbac/utils/__tests__/contextValidator.test.ts +64 -86
package/src/rbac/utils/clientSecurity.ts +93 -0
package/src/rbac/utils/contextValidator.ts +77 -168
package/src/services/AuthService.ts +39 -7
package/src/services/EventService.ts +186 -54
package/src/services/OrganisationService.ts +81 -14
package/src/services/__tests__/EventService.test.ts +1 -2
package/src/services/base/BaseService.ts +3 -0
package/src/theming/__tests__/parseEventColours.test.ts +6 -9
package/src/theming/parseEventColours.ts +5 -19
package/src/types/vitest-globals.d.ts +51 -26
package/src/utils/__mocks__/supabaseMock.ts +1 -3
package/src/utils/__tests__/formatting.unit.test.ts +4 -4
package/src/utils/__tests__/index.unit.test.ts +2 -2
package/src/utils/audit/audit.ts +0 -3
package/src/utils/core/cn.ts +1 -1
package/src/utils/dynamic/dynamicUtils.ts +7 -4
package/src/utils/file-reference/index.ts +53 -1
package/src/utils/formatting/formatting.ts +8 -18
package/src/utils/index.ts +0 -1
package/dist/chunk-3QRJFVBR.js.map +0 -1
package/dist/chunk-3XTALGJF.js.map +0 -1
package/dist/chunk-4N5C5XZU.js.map +0 -1
package/dist/chunk-4ZC4GX36.js.map +0 -1
package/dist/chunk-7D4SUZUM.js +0 -38
package/dist/chunk-BYFSK72L.js.map +0 -1
package/dist/chunk-EXUD6RNJ.js +0 -451
package/dist/chunk-EXUD6RNJ.js.map +0 -1
package/dist/chunk-GLK6VM3F.js.map +0 -1
package/dist/chunk-I7PSE6JW.js.map +0 -1
package/dist/chunk-JBKQ3SAO.js.map +0 -1
package/dist/chunk-KNC55RTG.js.map +0 -1
package/dist/chunk-LXQLPRQ2.js.map +0 -1
package/dist/chunk-R77UEZ4E.js.map +0 -1
package/dist/chunk-SQGMNID3.js.map +0 -1
package/dist/chunk-T33XF5ZC.js +0 -12922
package/dist/chunk-T33XF5ZC.js.map +0 -1
package/dist/chunk-XM25TVIE.js.map +0 -1
package/docs/api/classes/ColumnFactory.md +0 -243
package/docs/api/classes/ErrorBoundary.md +0 -144
package/docs/api/classes/InvalidScopeError.md +0 -73
package/docs/api/classes/Logger.md +0 -178
package/docs/api/classes/MissingUserContextError.md +0 -66
package/docs/api/classes/OrganisationContextRequiredError.md +0 -66
package/docs/api/classes/PermissionDeniedError.md +0 -73
package/docs/api/classes/RBACAuditManager.md +0 -297
package/docs/api/classes/RBACCache.md +0 -322
package/docs/api/classes/RBACEngine.md +0 -171
package/docs/api/classes/RBACError.md +0 -76
package/docs/api/classes/RBACNotInitializedError.md +0 -66
package/docs/api/classes/SecureSupabaseClient.md +0 -160
package/docs/api/classes/StorageUtils.md +0 -328
package/docs/api/enums/FileCategory.md +0 -184
package/docs/api/enums/LogLevel.md +0 -54
package/docs/api/enums/RBACErrorCode.md +0 -228
package/docs/api/enums/RPCFunction.md +0 -118
package/docs/api/interfaces/AddressFieldProps.md +0 -241
package/docs/api/interfaces/AddressFieldRef.md +0 -94
package/docs/api/interfaces/AggregateConfig.md +0 -43
package/docs/api/interfaces/AutocompleteOptions.md +0 -75
package/docs/api/interfaces/AvatarProps.md +0 -128
package/docs/api/interfaces/BadgeProps.md +0 -27
package/docs/api/interfaces/ButtonProps.md +0 -53
package/docs/api/interfaces/CalendarProps.md +0 -70
package/docs/api/interfaces/CardProps.md +0 -66
package/docs/api/interfaces/ColorPalette.md +0 -7
package/docs/api/interfaces/ColorShade.md +0 -66
package/docs/api/interfaces/ComplianceResult.md +0 -30
package/docs/api/interfaces/DataAccessRecord.md +0 -96
package/docs/api/interfaces/DataRecord.md +0 -11
package/docs/api/interfaces/DataTableAction.md +0 -249
package/docs/api/interfaces/DataTableColumn.md +0 -504
package/docs/api/interfaces/DataTableProps.md +0 -625
package/docs/api/interfaces/DataTableToolbarButton.md +0 -96
package/docs/api/interfaces/DatabaseComplianceResult.md +0 -85
package/docs/api/interfaces/DatabaseIssue.md +0 -41
package/docs/api/interfaces/EmptyStateConfig.md +0 -61
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +0 -235
package/docs/api/interfaces/EventAppRoleData.md +0 -71
package/docs/api/interfaces/ExportColumn.md +0 -90
package/docs/api/interfaces/ExportOptions.md +0 -126
package/docs/api/interfaces/FileDisplayProps.md +0 -249
package/docs/api/interfaces/FileMetadata.md +0 -129
package/docs/api/interfaces/FileReference.md +0 -118
package/docs/api/interfaces/FileSizeLimits.md +0 -7
package/docs/api/interfaces/FileUploadOptions.md +0 -139
package/docs/api/interfaces/FileUploadProps.md +0 -293
package/docs/api/interfaces/FooterProps.md +0 -105
package/docs/api/interfaces/FormFieldProps.md +0 -166
package/docs/api/interfaces/FormProps.md +0 -113
package/docs/api/interfaces/GrantEventAppRoleParams.md +0 -122
package/docs/api/interfaces/InactivityWarningModalProps.md +0 -115
package/docs/api/interfaces/InputProps.md +0 -53
package/docs/api/interfaces/LabelProps.md +0 -107
package/docs/api/interfaces/LoggerConfig.md +0 -62
package/docs/api/interfaces/LoginFormProps.md +0 -184
package/docs/api/interfaces/NavigationAccessRecord.md +0 -107
package/docs/api/interfaces/NavigationContextType.md +0 -164
package/docs/api/interfaces/NavigationGuardProps.md +0 -139
package/docs/api/interfaces/NavigationItem.md +0 -120
package/docs/api/interfaces/NavigationMenuProps.md +0 -221
package/docs/api/interfaces/NavigationProviderProps.md +0 -117
package/docs/api/interfaces/Organisation.md +0 -140
package/docs/api/interfaces/OrganisationContextType.md +0 -388
package/docs/api/interfaces/OrganisationMembership.md +0 -140
package/docs/api/interfaces/OrganisationProviderProps.md +0 -76
package/docs/api/interfaces/OrganisationSecurityError.md +0 -62
package/docs/api/interfaces/PaceAppLayoutProps.md +0 -406
package/docs/api/interfaces/PaceLoginPageProps.md +0 -47
package/docs/api/interfaces/PageAccessRecord.md +0 -85
package/docs/api/interfaces/PagePermissionContextType.md +0 -140
package/docs/api/interfaces/PagePermissionGuardProps.md +0 -153
package/docs/api/interfaces/PagePermissionProviderProps.md +0 -119
package/docs/api/interfaces/PaletteData.md +0 -41
package/docs/api/interfaces/ParsedAddress.md +0 -120
package/docs/api/interfaces/PermissionEnforcerProps.md +0 -153
package/docs/api/interfaces/ProgressProps.md +0 -42
package/docs/api/interfaces/ProtectedRouteProps.md +0 -97
package/docs/api/interfaces/PublicPageFooterProps.md +0 -112
package/docs/api/interfaces/PublicPageHeaderProps.md +0 -125
package/docs/api/interfaces/PublicPageLayoutProps.md +0 -198
package/docs/api/interfaces/QuickFix.md +0 -52
package/docs/api/interfaces/RBACAccessValidateParams.md +0 -52
package/docs/api/interfaces/RBACAccessValidateResult.md +0 -41
package/docs/api/interfaces/RBACAuditLogParams.md +0 -85
package/docs/api/interfaces/RBACAuditLogResult.md +0 -52
package/docs/api/interfaces/RBACConfig.md +0 -133
package/docs/api/interfaces/RBACContext.md +0 -52
package/docs/api/interfaces/RBACLogger.md +0 -112
package/docs/api/interfaces/RBACPageAccessCheckParams.md +0 -74
package/docs/api/interfaces/RBACPerformanceMetrics.md +0 -138
package/docs/api/interfaces/RBACPermissionCheckParams.md +0 -74
package/docs/api/interfaces/RBACPermissionCheckResult.md +0 -52
package/docs/api/interfaces/RBACPermissionsGetParams.md +0 -63
package/docs/api/interfaces/RBACPermissionsGetResult.md +0 -63
package/docs/api/interfaces/RBACResult.md +0 -58
package/docs/api/interfaces/RBACRoleGrantParams.md +0 -63
package/docs/api/interfaces/RBACRoleGrantResult.md +0 -52
package/docs/api/interfaces/RBACRoleRevokeParams.md +0 -63
package/docs/api/interfaces/RBACRoleRevokeResult.md +0 -52
package/docs/api/interfaces/RBACRoleValidateParams.md +0 -52
package/docs/api/interfaces/RBACRoleValidateResult.md +0 -63
package/docs/api/interfaces/RBACRolesListParams.md +0 -52
package/docs/api/interfaces/RBACRolesListResult.md +0 -74
package/docs/api/interfaces/RBACSessionTrackParams.md +0 -74
package/docs/api/interfaces/RBACSessionTrackResult.md +0 -52
package/docs/api/interfaces/ResourcePermissions.md +0 -155
package/docs/api/interfaces/RevokeEventAppRoleParams.md +0 -100
package/docs/api/interfaces/RoleBasedRouterContextType.md +0 -151
package/docs/api/interfaces/RoleBasedRouterProps.md +0 -156
package/docs/api/interfaces/RoleManagementResult.md +0 -52
package/docs/api/interfaces/RouteAccessRecord.md +0 -107
package/docs/api/interfaces/RouteConfig.md +0 -134
package/docs/api/interfaces/RuntimeComplianceResult.md +0 -55
package/docs/api/interfaces/SecureDataContextType.md +0 -168
package/docs/api/interfaces/SecureDataProviderProps.md +0 -132
package/docs/api/interfaces/SessionRestorationLoaderProps.md +0 -34
package/docs/api/interfaces/SetupIssue.md +0 -41
package/docs/api/interfaces/StorageConfig.md +0 -41
package/docs/api/interfaces/StorageFileInfo.md +0 -74
package/docs/api/interfaces/StorageFileMetadata.md +0 -151
package/docs/api/interfaces/StorageListOptions.md +0 -99
package/docs/api/interfaces/StorageListResult.md +0 -41
package/docs/api/interfaces/StorageUploadOptions.md +0 -101
package/docs/api/interfaces/StorageUploadResult.md +0 -63
package/docs/api/interfaces/StorageUrlOptions.md +0 -60
package/docs/api/interfaces/StyleImport.md +0 -19
package/docs/api/interfaces/SwitchProps.md +0 -34
package/docs/api/interfaces/TabsContentProps.md +0 -9
package/docs/api/interfaces/TabsListProps.md +0 -9
package/docs/api/interfaces/TabsProps.md +0 -9
package/docs/api/interfaces/TabsTriggerProps.md +0 -50
package/docs/api/interfaces/TextareaProps.md +0 -53
package/docs/api/interfaces/ToastActionElement.md +0 -9
package/docs/api/interfaces/ToastProps.md +0 -9
package/docs/api/interfaces/UnifiedAuthContextType.md +0 -820
package/docs/api/interfaces/UnifiedAuthProviderProps.md +0 -171
package/docs/api/interfaces/UseFormDialogOptions.md +0 -62
package/docs/api/interfaces/UseFormDialogReturn.md +0 -117
package/docs/api/interfaces/UseInactivityTrackerOptions.md +0 -136
package/docs/api/interfaces/UseInactivityTrackerReturn.md +0 -123
package/docs/api/interfaces/UsePublicEventLogoOptions.md +0 -87
package/docs/api/interfaces/UsePublicEventLogoReturn.md +0 -81
package/docs/api/interfaces/UsePublicEventOptions.md +0 -34
package/docs/api/interfaces/UsePublicEventReturn.md +0 -68
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +0 -47
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +0 -120
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +0 -94
package/docs/api/interfaces/UseResolvedScopeOptions.md +0 -47
package/docs/api/interfaces/UseResolvedScopeReturn.md +0 -47
package/docs/api/interfaces/UseResourcePermissionsOptions.md +0 -34
package/docs/api/interfaces/UserEventAccess.md +0 -118
package/docs/api/interfaces/UserMenuProps.md +0 -86
package/docs/api/interfaces/UserProfile.md +0 -63
package/docs/migration/quick-migration-guide.md +0 -356
package/docs/migration/service-architecture.md +0 -281
package/src/components/EventSelector/EventSelector.test.tsx +0 -720
package/src/components/EventSelector/EventSelector.tsx +0 -420
package/src/components/EventSelector/index.ts +0 -3
package/src/components/OrganisationSelector/OrganisationSelector.test.tsx +0 -784
package/src/components/OrganisationSelector/OrganisationSelector.tsx +0 -324
package/src/components/OrganisationSelector/index.ts +0 -9
package/src/hooks/__tests__/useSecureDataAccess.unit.test.tsx +0 -680
package/src/hooks/useSecureDataAccess.test.ts +0 -559
package/src/hooks/useSecureDataAccess.ts +0 -681
/package/dist/{DataTable-DQ7RSOHE.js.map → DataTable-THFPBKTP.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-ATAP5UTR.js.map → UnifiedAuthProvider-KAGUYQ4J.js.map} +0 -0
/package/dist/{api-N774RPUA.js.map → api-IAGWF3ZG.js.map} +0 -0
/package/dist/{audit-B5P6FFIR.js.map → audit-V53FV5AG.js.map} +0 -0
/package/dist/{chunk-7D4SUZUM.js.map → chunk-DGUM43GV.js.map} +0 -0
/package/docs/migration/{organisation-context-timing-fix.md → V0.3.44_organisation-context-timing-fix.md} +0 -0
/package/docs/migration/{rbac-migration.md → V0.4.0_rbac-migration.md} +0 -0
/package/docs/migration/{person-scoped-profiles-migration-guide.md → V0.5.190_person-scoped-profiles-migration-guide.md} +0 -0
/package/docs/migration/{REACT_19_MIGRATION.md → V0.6.0_REACT_19_MIGRATION.md} +0 -0

package/src/rbac/hooks/useRBAC.test.ts CHANGED Viewed

@@ -115,11 +115,7 @@ describe('useRBAC', () => {
           eventId: undefined,
           appId: 'app-123'
         }
-      },
-      {
-        requires_event: false,
-      },
-      'test-app'
+      }
     );
   });

package/src/rbac/hooks/useRBAC.ts CHANGED Viewed

@@ -19,6 +19,7 @@ import {
   getAccessLevel,
   resolveAppContext,
   getRoleContext,
+  getPageScopeType,
 } from '../api';
 import { getRBACLogger } from '../config';
 import { ContextValidator } from '../utils/contextValidator';
@@ -58,7 +59,6 @@ export function useRBAC(pageId?: string): UserRBACContext {
     session,
     supabase,
     appName,
-    appConfig,
     appId: contextAppId,
     selectedOrganisation,
     isContextReady: orgContextReady,
@@ -94,30 +94,21 @@ export function useRBAC(pageId?: string): UserRBACContext {
     }
     // Build initial scope from available context
-    // For event-required apps: use organisation_id from selectedEvent if available (faster than deriving)
-    // For org-required apps: use selectedOrganisation.id
+    // Scope is now page-level only - use whatever context is available
     const initialScope: Scope = {
-      organisationId: appConfig?.requires_event
-        ? (selectedEvent?.organisation_id || selectedOrganisation?.id)
-        : selectedOrganisation?.id,
+      organisationId: selectedEvent?.organisation_id || selectedOrganisation?.id || undefined,
       eventId: selectedEvent?.event_id || undefined,
       appId: undefined
     };
-    // Check if context is ready using ContextValidator
-    const contextReady = ContextValidator.isContextReady(
-      initialScope,
-      appConfig,
-      appName,
-      !!selectedEvent,
-      !!selectedOrganisation
-    );
     // PORTAL/ADMIN special case: context is always ready
-    if (appName !== 'PORTAL' && appName !== 'ADMIN' && !contextReady) {
-      // Wait for appropriate context based on app config
-      setIsLoading(true);
-      return;
+    // For other apps, we need at least one context (org or event) for page-level scope validation
+    if (appName !== 'PORTAL' && appName !== 'ADMIN') {
+      if (!selectedOrganisation && !selectedEvent) {
+        // Wait for context to be available
+        setIsLoading(true);
+        return;
+      }
     }
     setIsLoading(true);
@@ -135,14 +126,8 @@ export function useRBAC(pageId?: string): UserRBACContext {
           // For PORTAL/ADMIN apps, allow access even if hasAccess is false (users can view their own profile, super admins have global access)
           if (!resolved) {
             if (appName === 'PORTAL' || appName === 'ADMIN') {
-              // For PORTAL/ADMIN, try to get appId directly from database
-              try {
-                const { getAppConfigByName } = await import('../api');
-                await getAppConfigByName(appName);
-                // We can't get appId from config, but that's OK - use contextAppId or proceed without
-              } catch (err) {
-                // Proceed without appId for page-level permissions
-              }
+              // For PORTAL/ADMIN, proceed without appId - it's optional for these apps
+              // Use contextAppId if available
             } else {
               throw new Error(`User does not have access to app "${appName}"`);
             }
@@ -180,11 +165,25 @@ export function useRBAC(pageId?: string): UserRBACContext {
         appId: appId || contextAppId,
       };
-      // Resolve required context using ContextValidator
-      // Pass supabase client to allow deriving organisation from event for event-required apps
-      const validation = await ContextValidator.resolveRequiredContext(
+      // Resolve scope based on page-level scope type
+      // If pageId is provided, use its scope type; otherwise default to 'organisation'
+      let pageScopeType: 'event' | 'organisation' | 'both' = 'organisation';
+      if (pageId && scope.appId) {
+        try {
+          pageScopeType = await getPageScopeType(pageId, scope.appId, appName);
+        } catch (error) {
+          logger.warn('[useRBAC] Failed to get page scope type, defaulting to organisation', {
+            pageId,
+            error: error instanceof Error ? error.message : String(error)
+          });
+          // Default to organisation scope on error
+        }
+      }
+      // Resolve required context using page-level scope type
+      const validation = await ContextValidator.resolveScopeForPage(
         scope,
-        appConfig,
+        pageScopeType,
         appName,
         supabase || null
       );
@@ -196,11 +195,11 @@ export function useRBAC(pageId?: string): UserRBACContext {
       const resolvedScope = validation.resolvedScope;
       setCurrentScope(resolvedScope);
-      // Pass appConfig and appName to API calls for context validation
+      // API calls no longer need appConfig (scope is page-level)
       const [map, roleContext, accessLevel] = await Promise.all([
-        getPermissionMap({ userId: user.id as UUID, scope: resolvedScope }, appConfig, appName),
-        getRoleContext({ userId: user.id as UUID, scope: resolvedScope }, appConfig, appName),
-        getAccessLevel({ userId: user.id as UUID, scope: resolvedScope }, appConfig, appName),
+        getPermissionMap({ userId: user.id as UUID, scope: resolvedScope }),
+        getRoleContext({ userId: user.id as UUID, scope: resolvedScope }),
+        getAccessLevel({ userId: user.id as UUID, scope: resolvedScope }),
       ]);
       setPermissionMap(map);
@@ -225,7 +224,7 @@ export function useRBAC(pageId?: string): UserRBACContext {
     } finally {
       setIsLoading(false);
     }
-  }, [appName, logger, resetState, selectedEvent?.event_id, selectedOrganisation?.id, session, user, eventLoading, appConfig, orgContextReady, orgLoading]);
+  }, [appName, logger, resetState, selectedEvent?.event_id, selectedOrganisation?.id, session, user, eventLoading, orgContextReady, orgLoading]);
   const hasGlobalPermission = useCallback(
     (permission: string): boolean => {
@@ -254,7 +253,7 @@ export function useRBAC(pageId?: string): UserRBACContext {
   useEffect(() => {
     loadRBACContext();
-  }, [loadRBACContext, appName, appConfig, eventLoading, selectedEvent?.event_id, user, session, selectedOrganisation?.id, orgContextReady, orgLoading]);
+  }, [loadRBACContext, appName, eventLoading, selectedEvent?.event_id, user, session, selectedOrganisation?.id, orgContextReady, orgLoading]);
   return {
     user,

package/src/rbac/hooks/useResolvedScope.test.ts CHANGED Viewed

@@ -24,14 +24,24 @@ vi.mock('../../utils/app/appNameResolver', () => ({
   getCurrentAppName: vi.fn(),
 }));
+vi.mock('../utils/contextValidator', () => ({
+  ContextValidator: {
+    resolveScopeForPage: vi.fn(),
+    deriveOrgFromEvent: vi.fn(),
+  },
+}));
 import { createScopeFromEvent, getOrganisationFromEvent } from '../utils/eventContext';
 import { getCurrentAppName } from '../../utils/app/appNameResolver';
 import { createMockSupabaseClient } from '../../__tests__/helpers/supabaseMock';
+import { ContextValidator } from '../utils/contextValidator';
+import { OrganisationContextRequiredError } from '../types';
 describe('useResolvedScope Hook', () => {
   const mockCreateScopeFromEvent = vi.mocked(createScopeFromEvent);
   const mockGetOrganisationFromEvent = vi.mocked(getOrganisationFromEvent);
   const mockGetCurrentAppName = vi.mocked(getCurrentAppName);
+  const mockContextValidator = vi.mocked(ContextValidator);
   let mockSupabase: SupabaseClient<Database>;
   let sharedMockQuery: any;
@@ -55,11 +65,32 @@ describe('useResolvedScope Hook', () => {
     mockSupabase = {
       from: vi.fn().mockReturnValue(sharedMockQuery),
       rpc: vi.fn(),
+      auth: {
+        getSession: vi.fn().mockResolvedValue({
+          data: { session: { access_token: 'test-token' } },
+          error: null
+        })
+      }
     } as any;
     mockGetCurrentAppName.mockReturnValue('test-app');
     // Default mock for getOrganisationFromEvent
     mockGetOrganisationFromEvent.mockResolvedValue(null);
+    // Default mock for ContextValidator - fails validation when no orgId for organisation scope
+    mockContextValidator.resolveScopeForPage.mockImplementation(async (scope, scopeType) => {
+      if (!scope.organisationId && scopeType === 'organisation') {
+        return {
+          isValid: false,
+          resolvedScope: null,
+          error: new OrganisationContextRequiredError()
+        };
+      }
+      return {
+        isValid: true,
+        resolvedScope: scope,
+        error: null
+      };
+    });
   });
   afterEach(() => {
@@ -204,6 +235,13 @@ describe('useResolvedScope Hook', () => {
       // Set up mock implementation
       // Note: Don't clear all mocks here as it would clear the getOrganisationFromEvent mock
       mockGetOrganisationFromEvent.mockResolvedValue('org-456');
+      // Ensure ContextValidator fails validation for this test (no orgId, but has eventId)
+      // This will cause the hook to return scope with just eventId
+      mockContextValidator.resolveScopeForPage.mockResolvedValue({
+        isValid: false,
+        resolvedScope: null,
+        error: new OrganisationContextRequiredError()
+      });
       (mockSupabase.from as any).mockImplementation((table: string) => {
         if (table === 'event') {
           return eventQueryBuilder;
@@ -223,39 +261,37 @@ describe('useResolvedScope Hook', () => {
       );
       // Wait for async resolution to complete
+      // The hook should set resolvedScope to eventScope when validation fails but eventId exists
       await waitFor(
         () => {
           expect(result.current.isLoading).toBe(false);
         },
-        { timeout: 3000 }
+        { timeout: 3000, interval: 10 }
       );
-      // Check if we got an error - this test expects the hook to derive organisation from event
-      // However, the hook requires organisation context for event-required apps
-      // Skip this test as it's testing invalid state (event without org context)
-      if (result.current.error) {
-        // Expected: Organisation context is required even when deriving from event
-        expect(result.current.error.message).toContain('Organisation context is required');
-        return; // Test expects this to work, but it's actually invalid state
-      }
-      // Force rerender to pick up ref update
+      // Force rerender to pick up ref update (refs don't trigger re-renders)
       rerender();
-      // Wait for stable scope ref to update
+      // Wait for stable scope ref to update (happens in useEffect after state update)
+      // The scope will have eventId and appId, but no organisationId
       await waitFor(
         () => {
+          // Hook should return scope with eventId when validation fails but eventId is present
           expect(result.current.resolvedScope).not.toBeNull();
         },
-        { timeout: 3000, interval: 10 }
+        { timeout: 2000, interval: 10 }
       );
-      expect(result.current.resolvedScope).toEqual({
-        organisationId: 'org-456',
-        eventId: 'event-123',
-        appId: 'app-123',
-      });
-      expect(result.current.error).toBeNull();
+      // Hook should return scope with eventId even if org derivation hasn't happened yet
+      // The organisation will be derived during permission checks
+      // When event is provided but validation fails, hook returns scope with just eventId (no error)
+      expect(result.current.resolvedScope).not.toBeNull();
+      if (result.current.resolvedScope) {
+        expect(result.current.resolvedScope.eventId).toBe('event-123');
+        expect(result.current.resolvedScope.appId).toBe('app-123');
+        // organisationId may be undefined - will be derived during permission checks
+        expect(result.current.error).toBeNull(); // No error when event is provided
+      }
     });
     it('handles no context available', async () => {
@@ -497,10 +533,20 @@ describe('useResolvedScope Hook', () => {
   describe('Error Handling', () => {
     it('handles error when event scope resolution fails', async () => {
-      const error = new Error('Failed to resolve event scope');
-      mockCreateScopeFromEvent.mockResolvedValue(null);
+      // Ensure appId is resolved so scope is valid
+      sharedMockQuery.single.mockResolvedValue({
+        data: { id: 'app-123', name: 'test-app', is_active: true },
+        error: null,
+      });
+      // Ensure ContextValidator fails validation (no orgId)
+      mockContextValidator.resolveScopeForPage.mockResolvedValue({
+        isValid: false,
+        resolvedScope: null,
+        error: new OrganisationContextRequiredError()
+      });
-      const { result } = renderHook(() =>
+      const { result, rerender } = renderHook(() =>
         useResolvedScope({
           supabase: mockSupabase,
           selectedOrganisationId: null,
@@ -515,22 +561,43 @@ describe('useResolvedScope Hook', () => {
         { timeout: 2000 }
       );
-      expect(result.current.resolvedScope).toBeNull();
-      expect(result.current.error).toBeInstanceOf(Error);
-      // When event context resolution fails, it returns OrganisationContextRequiredError
-      expect(result.current.error?.message).toBe(
-        'Organisation context is required for this operation'
+      // Force rerender to pick up ref update (refs don't trigger re-renders)
+      rerender();
+      // Wait for stable scope ref to update (happens in useEffect after state update)
+      await waitFor(
+        () => {
+          // When event is provided but validation fails, hook returns scope with just eventId
+          // appId must be resolved for scope to be valid
+          expect(result.current.resolvedScope).not.toBeNull();
+        },
+        { timeout: 2000, interval: 10 }
       );
+      // When event is provided but validation fails, hook returns scope with just eventId
+      // (no error - org will be derived during permission checks)
+      expect(result.current.resolvedScope).not.toBeNull();
+      if (result.current.resolvedScope) {
+        expect(result.current.resolvedScope.eventId).toBe('event-123');
+        expect(result.current.error).toBeNull();
+      }
     });
     it('handles error when createScopeFromEvent throws', async () => {
-      // Mock the database query to fail when trying to derive org from event
+      // Ensure appId is resolved so scope is valid
       sharedMockQuery.single.mockResolvedValue({
-        data: null,
-        error: { message: 'Database error' },
+        data: { id: 'app-123', name: 'test-app', is_active: true },
+        error: null,
+      });
+      // Ensure ContextValidator fails validation (no orgId)
+      mockContextValidator.resolveScopeForPage.mockResolvedValue({
+        isValid: false,
+        resolvedScope: null,
+        error: new OrganisationContextRequiredError()
       });
-      const { result } = renderHook(() =>
+      const { result, rerender } = renderHook(() =>
         useResolvedScope({
           supabase: mockSupabase,
           selectedOrganisationId: null,
@@ -545,10 +612,28 @@ describe('useResolvedScope Hook', () => {
         { timeout: 2000 }
       );
-      expect(result.current.resolvedScope).toBeNull();
-      // When org derivation fails, it returns OrganisationContextRequiredError
-      expect(result.current.error).toBeInstanceOf(Error);
-      expect(result.current.error?.message).toContain('Organisation context is required');
+      // Force rerender to pick up ref update (refs don't trigger re-renders)
+      rerender();
+      // Wait for stable scope ref to update (happens in useEffect after state update)
+      await waitFor(
+        () => {
+          // When event is provided but validation fails, hook returns scope with just eventId
+          // appId must be resolved for scope to be valid
+          expect(result.current.resolvedScope).not.toBeNull();
+        },
+        { timeout: 2000, interval: 10 }
+      );
+      // When event is provided but org derivation fails, hook returns scope with just eventId
+      // (no error - org will be derived during permission checks)
+      // appId must be present for scope to be valid
+      expect(result.current.resolvedScope).not.toBeNull();
+      if (result.current.resolvedScope) {
+        expect(result.current.resolvedScope.eventId).toBe('event-123');
+        expect(result.current.resolvedScope.appId).toBe('app-123');
+        expect(result.current.error).toBeNull();
+      }
     });
     it('handles database error when resolving app ID', async () => {

package/src/rbac/hooks/useResolvedScope.ts CHANGED Viewed

@@ -13,8 +13,6 @@ import { useEffect, useState, useRef, useMemo } from 'react';
 import { SupabaseClient } from '@supabase/supabase-js';
 import type { Database } from '../../types/database';
 import type { Scope } from '../types';
-import { ContextValidator } from '../utils/contextValidator';
-import type { AppConfig } from '../utils/contextValidator';
 import { getCurrentAppName } from '../../utils/app/appNameResolver';
 import { createLogger } from '../../utils/core/logger';
@@ -22,12 +20,12 @@ const log = createLogger('useResolvedScope');
 // Cache app config to avoid repeated database queries
 // App config rarely changes during a session, so we can cache it
-const appConfigCache = new Map<string, { appId: string; appConfig: AppConfig; timestamp: number }>();
+const appIdCache = new Map<string, { appId: string; timestamp: number }>();
 const CACHE_TTL = 5 * 60 * 1000; // 5 minutes
 // Export function to clear cache (for testing)
 export function clearAppConfigCache(): void {
-  appConfigCache.clear();
+  appIdCache.clear();
 }
 export interface UseResolvedScopeOptions {
@@ -138,12 +136,11 @@ export function useResolvedScope({
       setError(null);
       try {
-        // Get app name and config
+        // Get app name and resolve appId
         const appName = getCurrentAppName();
         let appId: string | undefined = undefined;
-        let appConfig: AppConfig | null = null;
-        // Try to resolve app config from database (with caching)
+        // Try to resolve appId from database (with caching)
         // Only query if user is authenticated (RLS policies require authentication)
         if (supabase && appName) {
           try {
@@ -156,19 +153,18 @@ export function useResolvedScope({
               log.debug(`Skipping app resolution for "${appName}" - user not authenticated`);
             } else {
               // Check cache first
-              const cached = appConfigCache.get(appName);
+              const cached = appIdCache.get(appName);
               const now = Date.now();
               if (cached && (now - cached.timestamp) < CACHE_TTL) {
                 appId = cached.appId;
-                appConfig = cached.appConfig;
               } else {
                 // Cache miss or expired - fetch from database
                 const { data: app, error } = await supabase
                   .from('rbac_apps')
-                  .select('id, name, requires_event, is_active')
+                  .select('id, name, is_active')
                   .eq('name', appName)
                   .eq('is_active', true)
-                  .single() as { data: { id: string; name: string; requires_event: boolean; is_active: boolean } | null; error: any };
+                  .single() as { data: { id: string; name: string; is_active: boolean } | null; error: any };
                 if (error) {
                   // HTTP 406 is expected when not authenticated (RLS blocks query)
@@ -197,9 +193,8 @@ export function useResolvedScope({
                   }
                 } else if (app) {
                   appId = app.id;
-                  appConfig = { requires_event: app.requires_event ?? false };
                   // Only cache successful lookups of active apps
-                  appConfigCache.set(appName, { appId, appConfig, timestamp: now });
+                  appIdCache.set(appName, { appId, timestamp: now });
                 }
               }
             }
@@ -208,7 +203,7 @@ export function useResolvedScope({
             // Don't log 406 errors as they're expected when not authenticated
             const errorMessage = error instanceof Error ? error.message : String(error);
             if (!errorMessage.includes('406') && !errorMessage.includes('PGRST116')) {
-              log.error('Unexpected error resolving app config:', error);
+              log.error('Unexpected error resolving app ID:', error);
             } else {
               log.debug('App resolution skipped - authentication required');
             }
@@ -216,44 +211,44 @@ export function useResolvedScope({
         }
         // Build initial scope from available context
-        // For event-required apps: Only use eventId (org will be derived)
-        // For org-required apps: Only use organisationId (event is optional)
+        // Scope is now page-level only - use whatever context is available
+        // Default to organisation scope if both are available (safest default)
         const initialScope: Scope = {
-          organisationId: appConfig?.requires_event ? undefined : (selectedOrganisationId || undefined),
+          organisationId: selectedOrganisationId || undefined,
           eventId: selectedEventId || undefined,
           appId: appId
         };
-        // Use ContextValidator to resolve required context
-        // For PORTAL, always allow scope resolution even if appConfig is null
-        const validation = await ContextValidator.resolveRequiredContext(
+        // For PORTAL/ADMIN apps, allow scope without org/event
+        if (appName === 'PORTAL' || appName === 'ADMIN') {
+          if (!cancelled) {
+            const optionalContextScope: Scope = {
+              organisationId: undefined,
+              eventId: undefined,
+              appId: appId || undefined
+            };
+            setResolvedScope(optionalContextScope);
+            setError(null);
+            setIsLoading(false);
+          }
+          return;
+        }
+        // For other apps, default to organisation scope validation (safest default)
+        // Page-level scope will be validated during permission checks
+        // ContextValidator is already imported at the top
+        const { ContextValidator } = await import('../utils/contextValidator');
+        const validation = await ContextValidator.resolveScopeForPage(
           initialScope,
-          appConfig,
+          'organisation', // Default to organisation scope when no page context
           appName || undefined,
           supabase
         );
         if (!validation.isValid) {
-          // For PORTAL/ADMIN apps, allow scope without org/event even if validation fails
-          if (appName === 'PORTAL' || appName === 'ADMIN') {
-            if (!cancelled) {
-              // For PORTAL/ADMIN, we need at least an appId. If we don't have it from the query,
-              // we'll set it to undefined and let the component handle it (it can use contextAppId)
-              const optionalContextScope: Scope = {
-                organisationId: undefined,
-                eventId: undefined,
-                appId: appId || undefined // appId might be undefined if query failed, that's OK
-              };
-              setResolvedScope(optionalContextScope);
-              setError(null);
-              setIsLoading(false);
-            }
-            return;
-          }
-          // For event-required apps: if validation fails but we have an eventId, return scope with eventId
+          // If validation fails but we have an eventId, return scope with eventId
           // The organisation will be derived later during permission checks
-          if (appConfig?.requires_event && selectedEventId) {
+          if (selectedEventId) {
             if (!cancelled) {
               const eventScope: Scope = {
                 organisationId: undefined, // Will be derived from event during permission check