@jmruthers/pace-core 0.6.10 → 0.6.12

package/dist/chunk-S57OLCLO.js

@@ -0,0 +1,2946 @@
+import { setPrintAppName } from './chunk-D6BMFMQZ.js';
+import { isRBACInitialized, setupRBAC } from './chunk-YFGNMB67.js';
+import { assertOrganisationId, assertUserId } from './chunk-4SXLQIZO.js';
+import { secureStorage } from './chunk-RMLY6KB5.js';
+import { createLogger, logger } from './chunk-BTHN5MKC.js';
+import { err, ok } from './chunk-44CNXN4P.js';
+import { createContext, useRef, useEffect, useState, useMemo, useContext, useReducer, useCallback } from 'react';
+import { AuthError } from '@supabase/supabase-js';
+import { jsx } from 'react/jsx-runtime';
+import { flushSync } from 'react-dom';
+
+// src/services/base/BaseService.ts
+var BaseService = class {
+  constructor() {
+    this.subscribers = [];
+    this.isInitialized = false;
+  }
+  /**
+   * Subscribe to state changes
+   * @param callback Function to call when state changes
+   * @returns Unsubscribe function
+   */
+  subscribe(callback) {
+    this.subscribers.push(callback);
+    return () => {
+      const index = this.subscribers.indexOf(callback);
+      if (index > -1) {
+        this.subscribers.splice(index, 1);
+      }
+    };
+  }
+  /**
+   * Notify all subscribers of state changes
+   * This triggers React re-renders
+   */
+  notify() {
+    this.subscribers.forEach((callback) => {
+      try {
+        callback();
+      } catch (error) {
+        logger.error("BaseService", "Error in subscriber callback:", error);
+      }
+    });
+  }
+  /**
+   * Initialize the service
+   * Override in subclasses to implement initialization logic
+   */
+  async initialize() {
+    if (this.isInitialized) {
+      return;
+    }
+    await this.doInitialize();
+    this.isInitialized = true;
+  }
+  /**
+   * Cleanup the service
+   * Override in subclasses to implement cleanup logic
+   */
+  cleanup() {
+    this.subscribers = [];
+    this.doCleanup();
+    this.isInitialized = false;
+  }
+  /**
+   * Check if service is initialized
+   */
+  getInitialized() {
+    return this.isInitialized;
+  }
+  /**
+   * Reset initialization state (allows re-initialization)
+   * Use when dependencies change and service needs to re-initialize
+   */
+  resetInitialization() {
+    this.isInitialized = false;
+  }
+};
+
+// src/utils/security/auth-utils.ts
+function toApiError(error) {
+  const message = error.message || "An unexpected error occurred";
+  const code = "status" in error && typeof error.status === "number" ? `AUTH_${error.status}` : error.name || "AUTH_ERROR";
+  return { code, message };
+}
+
+// src/services/AuthService.ts
+var _AuthService = class _AuthService extends BaseService {
+  // Track previous auth state to detect transitions
+  constructor(supabaseClient, appName) {
+    super();
+    this.user = null;
+    this.session = null;
+    this.authLoading = false;
+    this.authError = null;
+    this.supabaseClient = null;
+    this.authStateSubscription = null;
+    this.sessionRestorationState = {
+      isRestoring: false,
+      restorationComplete: false,
+      restorationError: null
+    };
+    this.restorationTimeoutId = null;
+    // Increased timeout to handle hard refresh scenarios where localStorage access
+    // and session restoration may take longer, especially with organisation/event context
+    this.restorationTimeoutMs = 1e4;
+    // 10 seconds (increased from 5)
+    this.restorationStartTime = null;
+    this.appName = void 0;
+    this.errorHandler = null;
+    this.unhandledRejectionHandler = null;
+    this.wasAuthenticatedRef = false;
+    this.instanceId = ++_AuthService.instanceCount;
+    this.supabaseClient = supabaseClient;
+    this.appName = appName;
+  }
+  getInstanceId() {
+    return this.instanceId;
+  }
+  // Auth state getters
+  getUser() {
+    return this.user;
+  }
+  getSession() {
+    return this.session;
+  }
+  isAuthenticated() {
+    return !!(this.user && this.session);
+  }
+  isLoading() {
+    return this.authLoading;
+  }
+  getError() {
+    return this.authError;
+  }
+  getSupabaseClient() {
+    return this.supabaseClient;
+  }
+  getSessionRestorationState() {
+    return { ...this.sessionRestorationState };
+  }
+  // Auth methods
+  async signIn(email, password) {
+    if (!this.supabaseClient) {
+      const error = new AuthError("Supabase client not available");
+      this.authError = error;
+      this.notify();
+      return err(toApiError(error));
+    }
+    try {
+      const { data, error } = await this.supabaseClient.auth.signInWithPassword({
+        email,
+        password: password || ""
+      });
+      if (error) {
+        this.authError = error;
+        this.user = null;
+        this.session = null;
+        this.notify();
+        return err(toApiError(error));
+      }
+      this.authError = null;
+      this.user = data.user;
+      this.session = data.session;
+      if (!this.wasAuthenticatedRef && data.user) {
+        this.clearPersistenceOnLogin(null, true);
+        this.wasAuthenticatedRef = true;
+      }
+      this.notify();
+      return ok({ user: data.user, session: data.session });
+    } catch (error) {
+      const authError = error instanceof AuthError ? error : new AuthError(error instanceof Error ? error.message : "Authentication failed");
+      this.authError = authError;
+      this.user = null;
+      this.session = null;
+      this.notify();
+      return err(toApiError(authError));
+    }
+  }
+  async signUp(email, password) {
+    if (!this.supabaseClient) {
+      const error = new AuthError("Supabase client not available");
+      this.authError = error;
+      this.notify();
+      return err(toApiError(error));
+    }
+    try {
+      const { data, error } = await this.supabaseClient.auth.signUp({
+        email,
+        password
+      });
+      if (error) {
+        this.authError = error;
+        this.user = null;
+        this.session = null;
+        this.notify();
+        return err(toApiError(error));
+      }
+      this.authError = null;
+      this.user = data.user;
+      this.session = data.session;
+      if (!this.wasAuthenticatedRef && data.user) {
+        this.clearPersistenceOnLogin(null, true);
+        this.wasAuthenticatedRef = true;
+      }
+      this.notify();
+      return ok({ user: data.user, session: data.session });
+    } catch (error) {
+      const authError = error instanceof AuthError ? error : new AuthError(error instanceof Error ? error.message : "Authentication failed");
+      this.authError = authError;
+      this.user = null;
+      this.session = null;
+      this.notify();
+      return err(toApiError(authError));
+    }
+  }
+  async signOut() {
+    if (!this.supabaseClient) {
+      const error = new AuthError("Supabase client not available");
+      this.authError = error;
+      this.notify();
+      return err(toApiError(error));
+    }
+    const clearLocalState = () => {
+      this.authError = null;
+      this.user = null;
+      this.session = null;
+      try {
+        sessionStorage.clear();
+      } catch (storageError) {
+        logger.warn("AuthService", "Failed to clear sessionStorage", { error: storageError });
+      }
+      this.notify();
+    };
+    try {
+      const { error } = await this.supabaseClient.auth.signOut();
+      if (error) {
+        logger.warn("AuthService", "signOut (global) failed, clearing local state and trying local scope", {
+          message: error.message,
+          status: error.status
+        });
+        clearLocalState();
+        const { error: localError } = await this.supabaseClient.auth.signOut({ scope: "local" });
+        if (localError) {
+          logger.warn("AuthService", "signOut (local) also failed", { message: localError.message });
+        }
+        return err(toApiError(error));
+      }
+      clearLocalState();
+      return ok({ user: null, session: null });
+    } catch (error) {
+      logger.warn("AuthService", "signOut threw, clearing local state and trying local scope", {
+        message: error instanceof Error ? error.message : String(error)
+      });
+      clearLocalState();
+      try {
+        await this.supabaseClient.auth.signOut({ scope: "local" });
+      } catch (_localError) {
+      }
+      const authError = error instanceof AuthError ? error : new AuthError(error instanceof Error ? error.message : "Authentication failed");
+      this.authError = authError;
+      return err(toApiError(authError));
+    }
+  }
+  async resetPassword(email) {
+    if (!this.supabaseClient) {
+      const error = new AuthError("Supabase client not available");
+      this.authError = error;
+      this.notify();
+      return err(toApiError(error));
+    }
+    try {
+      const { error } = await this.supabaseClient.auth.resetPasswordForEmail(email);
+      if (error) {
+        this.authError = error;
+        this.notify();
+        return err(toApiError(error));
+      }
+      this.authError = null;
+      this.notify();
+      return ok({ user: this.user, session: this.session });
+    } catch (error) {
+      const authError = error instanceof AuthError ? error : new AuthError(error instanceof Error ? error.message : "Authentication failed");
+      this.authError = authError;
+      this.notify();
+      return err(toApiError(authError));
+    }
+  }
+  async updatePassword(password) {
+    if (!this.supabaseClient) {
+      const error = new AuthError("Supabase client not available");
+      this.authError = error;
+      this.notify();
+      return err(toApiError(error));
+    }
+    try {
+      const { error } = await this.supabaseClient.auth.updateUser({
+        password
+      });
+      if (error) {
+        this.authError = error;
+        this.notify();
+        return err(toApiError(error));
+      }
+      this.authError = null;
+      this.notify();
+      return ok({ user: this.user, session: this.session });
+    } catch (error) {
+      const authError = error instanceof AuthError ? error : error;
+      this.authError = authError;
+      this.notify();
+      return err(toApiError(authError));
+    }
+  }
+  async refreshSession() {
+    if (!this.supabaseClient) {
+      const error = new AuthError("Supabase client not available");
+      this.authError = error;
+      this.notify();
+      return err(toApiError(error));
+    }
+    try {
+      const { data, error } = await this.supabaseClient.auth.refreshSession();
+      if (error) {
+        this.authError = error;
+        this.user = null;
+        this.session = null;
+        this.notify();
+        return err(toApiError(error));
+      }
+      this.authError = null;
+      if (data?.user && data?.session) {
+        this.user = data.user;
+        this.session = data.session;
+      } else {
+        this.user = null;
+        this.session = null;
+      }
+      this.notify();
+      return ok({
+        user: data?.user && data?.session ? data.user : null,
+        session: data?.session ?? null
+      });
+    } catch (error) {
+      const authError = error instanceof AuthError ? error : new AuthError(error instanceof Error ? error.message : "Authentication failed");
+      this.authError = authError;
+      this.user = null;
+      this.session = null;
+      this.notify();
+      return err(toApiError(authError));
+    }
+  }
+  // Lifecycle methods
+  async initialize() {
+    await super.initialize();
+    this.authLoading = true;
+    this.notify();
+    await this.setupAuthStateListener();
+    await this.restoreSession();
+  }
+  cleanup() {
+    if (this.authStateSubscription) {
+      this.authStateSubscription.unsubscribe();
+      this.authStateSubscription = null;
+    }
+    this.clearRestorationTimeout();
+    this.restorationStartTime = null;
+    this.sessionRestorationState = {
+      isRestoring: false,
+      restorationComplete: false,
+      restorationError: null
+    };
+    this.authLoading = false;
+    super.cleanup();
+  }
+  async doInitialize() {
+    this.setupErrorHandlers();
+  }
+  doCleanup() {
+    this.removeErrorHandlers();
+  }
+  startSessionRestoration() {
+    this.clearRestorationTimeout();
+    this.sessionRestorationState = {
+      isRestoring: true,
+      restorationComplete: false,
+      restorationError: null
+    };
+    this.authLoading = true;
+    this.restorationStartTime = Date.now();
+    this.notify();
+    this.restorationTimeoutId = setTimeout(() => {
+      logger.warn("AuthService", "Session restoration timed out after", this.restorationTimeoutMs, "ms");
+      const timeoutError = new Error(`Session restoration timed out after ${this.restorationTimeoutMs}ms`);
+      timeoutError.name = "SessionRestorationTimeoutError";
+      this.finishSessionRestoration(timeoutError);
+    }, this.restorationTimeoutMs);
+  }
+  finishSessionRestoration(error) {
+    if (!this.sessionRestorationState.isRestoring && !error) {
+      return;
+    }
+    this.clearRestorationTimeout();
+    this.restorationStartTime = null;
+    const restorationComplete = !error;
+    this.sessionRestorationState = {
+      isRestoring: false,
+      restorationComplete,
+      restorationError: error ?? null
+    };
+    this.authLoading = false;
+    if (error) {
+      logger.warn("AuthService", "Session restoration finished with error:", error);
+    }
+    this.notify();
+  }
+  clearRestorationTimeout() {
+    if (this.restorationTimeoutId) {
+      clearTimeout(this.restorationTimeoutId);
+      this.restorationTimeoutId = null;
+    }
+  }
+  /**
+   * Clear pace-core persistence entries from sessionStorage
+   * This includes dialog, form, and datatable persistence
+   * 
+   * @param userId - Optional user ID to clear only that user's persistence.
+   *                 If not provided, clears all pace-core persistence (for user changes).
+   * @param clearUnscoped - If true, also clears old unscoped keys (without :user: prefix)
+   */
+  clearPersistenceOnLogin(userId, clearUnscoped = true) {
+    if (typeof window === "undefined" || !window.sessionStorage) {
+      return;
+    }
+    try {
+      const keysToRemove = [];
+      for (let i = 0; i < sessionStorage.length; i++) {
+        const key = sessionStorage.key(i);
+        if (key && (key.startsWith("pace-core:draft:") || key.startsWith("pace-core:dialog:"))) {
+          if (userId && !key.includes(`:user:${userId}`)) {
+            if (clearUnscoped && !key.includes(":user:")) {
+              keysToRemove.push(key);
+            }
+            continue;
+          }
+          keysToRemove.push(key);
+        }
+      }
+      keysToRemove.forEach((key) => {
+        try {
+          sessionStorage.removeItem(key);
+        } catch (error) {
+          logger.warn("AuthService", `Failed to remove persistence key: ${key}`, error);
+        }
+      });
+    } catch (error) {
+      logger.warn("AuthService", `Failed to clear persistence [ID:${this.instanceId}]:`, error);
+    }
+  }
+  handleSignedOut(session) {
+    this.session = null;
+    this.user = null;
+    this.authError = null;
+    this.wasAuthenticatedRef = false;
+    if (session?.user) {
+      this.trackSession("logout", session).catch((err2) => {
+        logger.warn("AuthService", `Failed to track logout session [ID:${this.instanceId}]:`, err2);
+      });
+    }
+  }
+  handleSignedInOrTokenRefreshed(event, session, wasAuthenticated, isNowAuthenticated, userChanged, previousUserId) {
+    this.session = session;
+    this.user = session?.user ?? null;
+    if (session?.user) {
+      this.authError = null;
+    }
+    if (!wasAuthenticated && isNowAuthenticated && event === "SIGNED_IN") {
+      this.clearPersistenceOnLogin(null, true);
+    } else if (userChanged && previousUserId) {
+      this.clearPersistenceOnLogin(previousUserId, true);
+    }
+    this.wasAuthenticatedRef = isNowAuthenticated;
+    if (event === "SIGNED_IN" && session?.user) {
+      this.trackSession("login", session).catch((err2) => {
+        logger.warn("AuthService", `Failed to track login session [ID:${this.instanceId}]:`, err2);
+      });
+    }
+  }
+  handleInitialSession(session, wasAuthenticated) {
+    if (session) {
+      const previousUserId = this.user?.id ?? null;
+      const newUserId = session.user?.id ?? null;
+      const userChanged = previousUserId !== null && newUserId !== null && previousUserId !== newUserId;
+      this.session = session;
+      this.user = session.user ?? null;
+      this.authError = null;
+      if (userChanged && previousUserId) {
+        this.clearPersistenceOnLogin(previousUserId, true);
+      } else if (!wasAuthenticated && !!session.user) {
+        this.clearPersistenceOnLogin(null, true);
+      }
+      this.wasAuthenticatedRef = !!session.user;
+      const hasTimeoutError = this.sessionRestorationState.restorationError?.name === "SessionRestorationTimeoutError";
+      if (this.sessionRestorationState.isRestoring || this.sessionRestorationState.restorationError || hasTimeoutError && session) {
+        this.finishSessionRestoration();
+      }
+    } else {
+      this.wasAuthenticatedRef = false;
+      if (this.sessionRestorationState.isRestoring) {
+        this.finishSessionRestoration();
+      }
+    }
+    this.authLoading = false;
+    this.notify();
+  }
+  async setupAuthStateListener() {
+    if (!this.supabaseClient) {
+      this.authLoading = false;
+      this.notify();
+      return;
+    }
+    try {
+      const subscription = this.supabaseClient.auth.onAuthStateChange(
+        (event, session) => {
+          try {
+            const wasAuthenticated = this.wasAuthenticatedRef;
+            const isNowAuthenticated = !!session?.user;
+            const previousUserId = this.user?.id ?? null;
+            const newUserId = session?.user?.id ?? null;
+            const userChanged = previousUserId !== null && newUserId !== null && previousUserId !== newUserId;
+            if (event === "SIGNED_OUT") {
+              this.handleSignedOut(session);
+            } else if (event === "SIGNED_IN" || event === "TOKEN_REFRESHED") {
+              this.handleSignedInOrTokenRefreshed(
+                event,
+                session,
+                wasAuthenticated,
+                isNowAuthenticated,
+                userChanged,
+                previousUserId
+              );
+            } else if (event === "INITIAL_SESSION") {
+              this.handleInitialSession(session, wasAuthenticated);
+              return;
+            }
+            this.authLoading = false;
+            this.notify();
+          } catch (error) {
+            logger.warn("AuthService", `Error in auth state change handler [ID:${this.instanceId}]:`, error);
+            this.authLoading = false;
+            this.notify();
+          }
+        }
+      );
+      this.authStateSubscription = subscription.data.subscription;
+    } catch (error) {
+      logger.error("AuthService", "Failed to setup auth state listener:", error);
+      throw error;
+    }
+  }
+  async restoreSession() {
+    if (!this.supabaseClient) {
+      const error = new Error("Supabase client not available during session restoration");
+      logger.error("AuthService", "Unable to restore session:", error);
+      this.finishSessionRestoration(error);
+      return;
+    }
+    this.startSessionRestoration();
+    try {
+      let currentSession = null;
+      let sessionError = null;
+      try {
+        const { data, error } = await this.supabaseClient.auth.getSession();
+        currentSession = data?.session ?? null;
+        sessionError = error ?? null;
+      } catch (_error) {
+        currentSession = null;
+        sessionError = null;
+      }
+      if (sessionError) {
+        this.authError = sessionError;
+        try {
+          const { data, error } = await this.supabaseClient.auth.getUser();
+          const currentUser = data?.user ?? null;
+          const userError = error ?? null;
+          if (currentUser) {
+            this.user = currentUser;
+            this.session = null;
+          }
+          if (userError && !this.authError) {
+            this.authError = userError;
+          }
+        } catch (_getUserError) {
+        }
+      }
+      if (currentSession) {
+        this.session = currentSession;
+        this.user = currentSession.user;
+        this.authError = null;
+      } else if (!sessionError) {
+        this.session = null;
+        this.user = null;
+        this.authError = null;
+      }
+      setTimeout(() => {
+        if (this.sessionRestorationState.isRestoring && !this.sessionRestorationState.restorationComplete) {
+          logger.debug("AuthService", "INITIAL_SESSION event did not fire, finishing restoration");
+          this.finishSessionRestoration();
+        }
+      }, 100);
+    } catch (error) {
+      const restorationError = error instanceof Error ? error : new Error("Unknown error during auth initialization");
+      logger.error("AuthService", "Error during auth initialization:", restorationError);
+      if (restorationError instanceof AuthError) {
+        this.authError = restorationError;
+      }
+      this.finishSessionRestoration(restorationError);
+    }
+  }
+  /**
+   * Automatically track user session using rbac_session_track
+   * This method is called automatically on SIGNED_IN and SIGNED_OUT events.
+   * It's non-blocking and failures are logged as warnings.
+   */
+  async trackSession(sessionType, session) {
+    if (!this.supabaseClient || !session?.user) {
+      return;
+    }
+    try {
+      let appId = void 0;
+      if (this.appName) {
+        const { data, error: error2 } = await this.supabaseClient.from("rbac_apps").select("id").eq("name", this.appName).eq("is_active", true).single();
+        if (!error2 && data) {
+          appId = data.id;
+        }
+      }
+      const ipAddress = void 0;
+      const userAgent = typeof navigator !== "undefined" ? navigator.userAgent : void 0;
+      const deviceFingerprint = void 0;
+      const { error } = await this.supabaseClient.rpc("rbac_session_track", {
+        p_user_id: session.user.id,
+        p_session_type: sessionType,
+        p_event_id: null,
+        // Event ID should come from context, not auth service
+        p_app_id: appId,
+        p_ip_address: ipAddress,
+        p_user_agent: userAgent,
+        p_device_fingerprint: deviceFingerprint
+      });
+      if (error) {
+        logger.warn("AuthService", `Failed to track ${sessionType} session:`, error);
+      }
+    } catch (error) {
+      logger.warn("AuthService", `Error tracking ${sessionType} session:`, error);
+    }
+  }
+  setupErrorHandlers() {
+    if (typeof window === "undefined") return;
+    this.errorHandler = (event) => {
+      if (event.error?.message?.includes("AuthSessionMissingError") || event.error?.message?.includes("Auth session missing")) {
+        logger.warn("AuthService", "Suppressing AuthSessionMissingError during logout");
+        event.preventDefault();
+        return false;
+      }
+    };
+    this.unhandledRejectionHandler = (event) => {
+      if (event.reason?.message?.includes("AuthSessionMissingError") || event.reason?.message?.includes("Auth session missing")) {
+        logger.warn("AuthService", "Suppressing unhandled AuthSessionMissingError");
+        event.preventDefault();
+        return false;
+      }
+    };
+    window.addEventListener("error", this.errorHandler);
+    window.addEventListener("unhandledrejection", this.unhandledRejectionHandler);
+  }
+  removeErrorHandlers() {
+    if (typeof window === "undefined") return;
+    if (this.errorHandler) {
+      window.removeEventListener("error", this.errorHandler);
+      this.errorHandler = null;
+    }
+    if (this.unhandledRejectionHandler) {
+      window.removeEventListener("unhandledrejection", this.unhandledRejectionHandler);
+      this.unhandledRejectionHandler = null;
+    }
+  }
+};
+_AuthService.instanceCount = 0;
+var AuthService = _AuthService;
+var AuthServiceContext = createContext(null);
+function AuthServiceProvider({ children, supabaseClient, appName }) {
+  const authServiceRef = useRef(null);
+  if (!authServiceRef.current) {
+    authServiceRef.current = new AuthService(supabaseClient, appName);
+  }
+  const authService = authServiceRef.current;
+  useEffect(() => {
+  }, [authService, supabaseClient, appName]);
+  const [sessionRestoration, setSessionRestoration] = useState(
+    () => authService.getSessionRestorationState()
+  );
+  useEffect(() => {
+    const unsubscribe = authService.subscribe(() => {
+      const restorationState = authService.getSessionRestorationState();
+      setSessionRestoration(restorationState);
+    });
+    return () => {
+      unsubscribe();
+    };
+  }, [authService]);
+  useEffect(() => {
+    const urlParams = new URLSearchParams(window.location.search);
+    const sessionParam = urlParams.get("session");
+    const sessionTokenParam = urlParams.get("session_token");
+    if ((sessionParam || sessionTokenParam) && supabaseClient) {
+      const restoreSession = async () => {
+        try {
+          if (sessionParam) {
+            const sessionData = JSON.parse(atob(sessionParam));
+            logger.info("AuthServiceProvider", "Restoring session from URL parameter");
+            const { data, error } = await supabaseClient.auth.setSession({
+              access_token: sessionData.access_token,
+              refresh_token: sessionData.refresh_token
+            });
+            if (error) {
+              logger.error("AuthServiceProvider", "Failed to restore session from URL:", error);
+            } else if (data.session) {
+              logger.info("AuthServiceProvider", "Session successfully restored from URL parameter", {
+                userId: data.session.user.id,
+                expiresAt: data.session.expires_at
+              });
+              const newUrl = new URL(window.location.href);
+              newUrl.searchParams.delete("session");
+              window.history.replaceState({}, "", newUrl.toString());
+            }
+          } else if (sessionTokenParam) {
+            logger.warn("AuthServiceProvider", "Using fallback session_token parameter (less reliable)");
+            const { data: { user }, error } = await supabaseClient.auth.getUser(sessionTokenParam);
+            if (!error && user) {
+              logger.info("AuthServiceProvider", "Session token verified, but full session restoration requires refresh_token");
+            } else {
+              logger.error("AuthServiceProvider", "Failed to verify session token:", error);
+            }
+            const newUrl = new URL(window.location.href);
+            newUrl.searchParams.delete("session_token");
+            window.history.replaceState({}, "", newUrl.toString());
+          }
+        } catch (error) {
+          logger.error("AuthServiceProvider", "Error restoring session from URL:", error);
+          const newUrl = new URL(window.location.href);
+          newUrl.searchParams.delete("session");
+          newUrl.searchParams.delete("session_token");
+          window.history.replaceState({}, "", newUrl.toString());
+        }
+      };
+      void restoreSession();
+    }
+  }, [supabaseClient]);
+  useEffect(() => {
+    const initTimer = setTimeout(() => {
+      authService.initialize().catch((error) => {
+        logger.error("AuthServiceProvider", "Failed to initialize auth service:", error);
+      });
+    }, 200);
+    return () => {
+      clearTimeout(initTimer);
+      authService.cleanup();
+    };
+  }, [authService]);
+  const contextValue = useMemo(() => ({
+    authService,
+    sessionRestoration
+  }), [authService, sessionRestoration]);
+  return /* @__PURE__ */ jsx(AuthServiceContext.Provider, { value: contextValue, children });
+}
+var OrganisationServiceContext = createContext(null);
+
+// src/services/OrganisationService.ts
+var _OrganisationService = class _OrganisationService extends BaseService {
+  constructor(supabaseClient, user, session) {
+    super();
+    this._selectedOrganisation = null;
+    this._organisations = [];
+    this._userMemberships = [];
+    this._roleMapState = /* @__PURE__ */ new Map();
+    this._isLoading = false;
+    this._error = null;
+    this._isSuperAdmin = false;
+    // Cache super admin status
+    this._isContextReady = false;
+    this.retryCount = 0;
+    // Dependencies
+    this.supabaseClient = null;
+    this.user = null;
+    this.session = null;
+    // Internal state management
+    this.isLoadingRef = false;
+    this.lastLoadTimeRef = 0;
+    this.hasFailedRef = false;
+    this.abortControllerRef = null;
+    this.instanceId = ++_OrganisationService.instanceCount;
+    this.supabaseClient = supabaseClient;
+    this.user = user;
+    this.session = session;
+  }
+  getInstanceId() {
+    return this.instanceId;
+  }
+  // Interface implementation
+  getSelectedOrganisation() {
+    return this._selectedOrganisation;
+  }
+  getOrganisations() {
+    return this._organisations;
+  }
+  getUserMemberships() {
+    return this._userMemberships;
+  }
+  isLoading() {
+    return this._isLoading;
+  }
+  getError() {
+    return this._error;
+  }
+  hasValidOrganisationContext() {
+    return !!(this._selectedOrganisation && !this._isLoading && !this._error && this._isContextReady);
+  }
+  isContextReady() {
+    return this._isContextReady;
+  }
+  // Additional methods for testing
+  setSelectedOrganisation(organisation) {
+    if (organisation && this._organisations.length > 0) {
+      if (!this._isSuperAdmin) {
+        const isValidOrg = this._organisations.some((org) => org.id === organisation.id);
+        if (!isValidOrg) {
+          logger.warn("OrganisationService", "Attempted to set invalid organisation - not in user's accessible organisations", {
+            organisationId: organisation.id,
+            organisationName: organisation.name,
+            accessibleOrgIds: this._organisations.map((o) => o.id)
+          });
+          return;
+        }
+      }
+    }
+    this._selectedOrganisation = organisation;
+    if (organisation) {
+      localStorage.setItem("pace-core-selected-organisation", JSON.stringify(organisation));
+      this.setDatabaseOrganisationContext(organisation);
+    } else {
+      localStorage.removeItem("pace-core-selected-organisation");
+      this._isContextReady = false;
+    }
+    this.notify();
+  }
+  // For testing: expose dependencies
+  getDependencies() {
+    return {
+      user: this.user,
+      session: this.session,
+      supabaseClient: this.supabaseClient
+    };
+  }
+  // For testing: manually set state
+  setTestState(organisations, memberships, roleMap, selectedOrg = null) {
+    this._organisations = organisations;
+    this._userMemberships = memberships;
+    this._roleMapState = roleMap;
+    if (selectedOrg) {
+      this._selectedOrganisation = selectedOrg;
+    } else if (organisations.length > 0) {
+      this._selectedOrganisation = organisations[0];
+    }
+    this._isLoading = false;
+    this._error = null;
+    this.notify();
+  }
+  // Update dependencies
+  updateDependencies(user, session) {
+    const previousUserId = this.user?.id || null;
+    const newUserId = user?.id || null;
+    const userChanged = previousUserId !== newUserId;
+    const needsRetry = this._error !== null && !this.isLoadingRef;
+    const isEmpty = newUserId !== null && this._organisations.length === 0 && !this.isLoadingRef;
+    if (userChanged || needsRetry || isEmpty) {
+      if (userChanged) ; else if (needsRetry) {
+        logger.debug("OrganisationService", `Previous error detected [ID:${this.instanceId}], retrying initialization`);
+      } else if (isEmpty) {
+        logger.debug("OrganisationService", `No organisations found [ID:${this.instanceId}], retrying initialization`);
+      }
+      this._isSuperAdmin = false;
+      this.resetInitialization();
+      if (userChanged) {
+        this._organisations = [];
+        this._userMemberships = [];
+        this._roleMapState = /* @__PURE__ */ new Map();
+        this._selectedOrganisation = null;
+        this._isContextReady = false;
+      }
+      this.lastLoadTimeRef = 0;
+    }
+    this.user = user;
+    this.session = session;
+    this.notify();
+  }
+  // Organisation methods
+  async switchOrganisation(orgId) {
+    if (!this.validateOrganisationAccess(orgId)) {
+      throw new Error(`User does not have access to organisation ${orgId}`);
+    }
+    const targetOrg = this._organisations.find((org) => org.id === orgId);
+    if (!targetOrg) {
+      throw new Error(`Organisation ${orgId} not found in user's organisations`);
+    }
+    this._selectedOrganisation = targetOrg;
+    localStorage.setItem("pace-core-selected-organisation", JSON.stringify(targetOrg));
+    await this.setDatabaseOrganisationContext(targetOrg);
+    this.notify();
+  }
+  getUserRole(orgId) {
+    const targetOrgId = orgId || this._selectedOrganisation?.id;
+    if (!targetOrgId) return "no_access";
+    return this._roleMapState.get(targetOrgId) || "no_access";
+  }
+  validateOrganisationAccess(orgId) {
+    return this._userMemberships.some(
+      (m) => m.organisation_id === orgId && m.status === "active" && m.revoked_at === null
+    );
+  }
+  async refreshOrganisations() {
+    if (!this.user || !this.session || !this.supabaseClient) return;
+    this._isLoading = true;
+    this.notify();
+    await this.loadUserOrganisations();
+  }
+  ensureOrganisationContext() {
+    if (!this._selectedOrganisation) {
+      throw new Error("Organisation context is required but not available");
+    }
+    return this._selectedOrganisation;
+  }
+  isOrganisationSecure() {
+    return !!(this._selectedOrganisation && this.user);
+  }
+  getPrimaryOrganisation() {
+    const rolePriority = ["org_admin", "leader", "member"];
+    for (const role of rolePriority) {
+      const membership = this._userMemberships.find((m) => m.role === role);
+      if (membership) {
+        return this._organisations.find((org) => org.id === membership.organisation_id) || null;
+      }
+    }
+    return null;
+  }
+  buildOrganisationHierarchy(orgs) {
+    const orgMap = /* @__PURE__ */ new Map();
+    orgs.forEach((org) => orgMap.set(org.id, org));
+    const roots = [];
+    orgs.forEach((org) => {
+      if (!org.parent_id) {
+        roots.push({
+          organisation: org,
+          children: [],
+          depth: 0
+        });
+      }
+    });
+    return roots;
+  }
+  // Lifecycle methods
+  async initialize() {
+    if (!this.user) {
+      return;
+    }
+    await super.initialize();
+    if (!this.isLoadingRef) {
+      await this.loadUserOrganisations();
+    }
+  }
+  cleanup() {
+    this.isLoadingRef = false;
+    this.hasFailedRef = false;
+    this.lastLoadTimeRef = 0;
+    if (this.abortControllerRef) {
+      this.abortControllerRef = null;
+    }
+    this._selectedOrganisation = null;
+    this._organisations = [];
+    this._userMemberships = [];
+    this._roleMapState = /* @__PURE__ */ new Map();
+    this._isLoading = false;
+    this._error = null;
+    this._isContextReady = false;
+    super.cleanup();
+  }
+  async doInitialize() {
+  }
+  doCleanup() {
+  }
+  async setDatabaseOrganisationContext(_organisation) {
+    this._isContextReady = true;
+    this.notify();
+  }
+  /** Returns false if load should return early; when true, abort controller and loading state are set. */
+  prepareLoad() {
+    if (!this.user || !this.session || !this.supabaseClient) {
+      this._selectedOrganisation = null;
+      this._organisations = [];
+      this._userMemberships = [];
+      this._isLoading = false;
+      this._error = null;
+      this.notify();
+      return false;
+    }
+    if (this.isLoadingRef) {
+      this._isLoading = true;
+      this.notify();
+      return false;
+    }
+    const now = Date.now();
+    if (this._organisations.length > 0 && now - this.lastLoadTimeRef < 2e3) {
+      if (this._organisations.length > 0 || this._selectedOrganisation) {
+        this._isLoading = false;
+      } else {
+        this._isLoading = true;
+      }
+      this.notify();
+      return false;
+    }
+    if (this.abortControllerRef) {
+      this.abortControllerRef.abort();
+    }
+    this.abortControllerRef = new AbortController();
+    this.lastLoadTimeRef = now;
+    this.isLoadingRef = true;
+    this._isLoading = true;
+    this._error = null;
+    this.notify();
+    return true;
+  }
+  async fetchRolesAndOrganisations(signal) {
+    if (signal.aborted) {
+      throw new Error("Request aborted");
+    }
+    if (!this.supabaseClient || !this.user) {
+      throw new Error("Missing supabase client or user");
+    }
+    try {
+      const { data: rolesData, error: rolesError } = await this.supabaseClient.from("rbac_organisation_roles").select(`
+          id,
+          user_id,
+          organisation_id,
+          role,
+          status,
+          granted_at,
+          granted_by,
+          revoked_at,
+          revoked_by,
+          notes,
+          created_at,
+          updated_at,
+          core_organisations!inner(
+            id,
+            name,
+            display_name,
+            subscription_tier,
+            settings,
+            is_active,
+            parent_id,
+            created_at,
+            updated_at
+          )
+        `).eq("user_id", this.user.id).eq("status", "active").is("revoked_at", null);
+      if (rolesError) {
+        logger.error("OrganisationService", "Error loading organisation roles:", rolesError);
+        throw rolesError;
+      }
+      const memberships = rolesData?.map((m) => ({
+        ...m,
+        user_id: assertUserId(m.user_id),
+        organisation_id: assertOrganisationId(m.organisation_id)
+      })) || [];
+      const organisationsMap = /* @__PURE__ */ new Map();
+      rolesData?.forEach((role) => {
+        const roleWithOrg = role;
+        const orgData = roleWithOrg.core_organisations;
+        if (orgData && roleWithOrg.organisation_id && !organisationsMap.has(roleWithOrg.organisation_id)) {
+          organisationsMap.set(roleWithOrg.organisation_id, {
+            id: orgData.id,
+            name: orgData.name,
+            display_name: orgData.display_name,
+            subscription_tier: orgData.subscription_tier,
+            settings: orgData.settings,
+            is_active: orgData.is_active,
+            parent_id: orgData.parent_id,
+            created_at: orgData.created_at,
+            updated_at: orgData.updated_at
+          });
+        }
+      });
+      const organisations = Array.from(organisationsMap.values());
+      return { memberships, organisations };
+    } catch (queryError) {
+      const err2 = queryError instanceof Error ? queryError : queryError && typeof queryError === "object" && "message" in queryError ? new Error(String(queryError.message)) : new Error(String(queryError));
+      logger.error("OrganisationService", "Error loading organisation roles:", err2);
+      throw err2;
+    }
+  }
+  async checkAndCacheSuperAdmin() {
+    if (!this.user?.id) {
+      this._isSuperAdmin = false;
+      return false;
+    }
+    try {
+      const { isSuperAdmin: checkSuperAdmin, isRBACInitialized: isRBACInitialized2, setupRBAC: setupRBAC2 } = await import('./api-6OQXYT67.js');
+      if (!isRBACInitialized2() && this.supabaseClient) {
+        setupRBAC2(this.supabaseClient);
+      }
+      if (isRBACInitialized2()) {
+        const result = await checkSuperAdmin(this.user.id);
+        const isSuper = result.ok && result.data;
+        this._isSuperAdmin = isSuper;
+        return isSuper;
+      }
+      this._isSuperAdmin = false;
+      return false;
+    } catch (error) {
+      logger.warn("OrganisationService", "Failed to check super admin status", { error });
+      this._isSuperAdmin = false;
+      return false;
+    }
+  }
+  applyEmptyStateAndNotify() {
+    this._organisations = [];
+    this._userMemberships = [];
+    this._isLoading = false;
+    this._error = null;
+    this._isContextReady = true;
+    this.notify();
+  }
+  selectInitialOrganisation(activeOrgs, memberships, organisations) {
+    let initialOrg = null;
+    try {
+      const persistedOrgString = localStorage.getItem("pace-core-selected-organisation");
+      if (persistedOrgString) {
+        const persistedOrg = JSON.parse(persistedOrgString);
+        if (persistedOrg.id && typeof persistedOrg.id === "string" && persistedOrg.id.trim() !== "") {
+          const validPersistedOrg = activeOrgs.find((org) => org.id === persistedOrg.id);
+          if (validPersistedOrg) {
+            initialOrg = validPersistedOrg;
+          } else {
+            localStorage.removeItem("pace-core-selected-organisation");
+          }
+        } else {
+          localStorage.removeItem("pace-core-selected-organisation");
+        }
+      }
+    } catch {
+      localStorage.removeItem("pace-core-selected-organisation");
+    }
+    if (!initialOrg) {
+      const adminMembership = memberships.find((m) => m.role === "org_admin");
+      if (adminMembership) {
+        const foundOrg = organisations.find((org) => org.id === adminMembership.organisation_id);
+        if (foundOrg) initialOrg = foundOrg;
+      }
+    }
+    if (!initialOrg) {
+      initialOrg = activeOrgs[0];
+    }
+    if (!initialOrg) {
+      throw new Error("No valid organisation found for user");
+    }
+    localStorage.setItem("pace-core-selected-organisation", JSON.stringify(initialOrg));
+    return initialOrg;
+  }
+  async loadUserOrganisations() {
+    if (!this.prepareLoad()) return;
+    const abortSignal = this.abortControllerRef.signal;
+    try {
+      const { memberships, organisations } = await this.fetchRolesAndOrganisations(abortSignal);
+      const userIsSuperAdmin = await this.checkAndCacheSuperAdmin();
+      if (!memberships || memberships.length === 0) {
+        if (userIsSuperAdmin) {
+          this.applyEmptyStateAndNotify();
+          return;
+        }
+        throw new Error("User has no active organisation memberships");
+      }
+      if (!organisations || organisations.length === 0) {
+        if (userIsSuperAdmin) {
+          this.applyEmptyStateAndNotify();
+          return;
+        }
+        throw new Error("No organisations found in role data");
+      }
+      const roleMap = /* @__PURE__ */ new Map();
+      memberships.forEach((membership) => {
+        roleMap.set(membership.organisation_id, membership.role);
+      });
+      const activeOrgs = organisations.filter((org) => org.is_active);
+      if (activeOrgs.length === 0) {
+        if (userIsSuperAdmin) {
+          this.applyEmptyStateAndNotify();
+          return;
+        }
+        throw new Error("User has no access to active organisations");
+      }
+      const sortedOrgs = [...activeOrgs].sort((a, b) => {
+        const nameA = (a.display_name || a.name || "").toLowerCase();
+        const nameB = (b.display_name || b.name || "").toLowerCase();
+        return nameA.localeCompare(nameB);
+      });
+      this._organisations = sortedOrgs;
+      this._userMemberships = memberships;
+      this._roleMapState = roleMap;
+      const initialOrg = this.selectInitialOrganisation(activeOrgs, memberships, organisations);
+      const currentSelectedOrg = this._selectedOrganisation;
+      if (currentSelectedOrg && !activeOrgs.some((org) => org.id === currentSelectedOrg.id)) {
+        logger.warn("OrganisationService", "Current selected organisation is no longer valid, resetting", {
+          invalidOrgId: currentSelectedOrg.id,
+          validOrgIds: activeOrgs.map((o) => o.id)
+        });
+        this._selectedOrganisation = null;
+      }
+      this._selectedOrganisation = initialOrg;
+      await this.setDatabaseOrganisationContext(initialOrg);
+      this.retryCount = 0;
+      this.hasFailedRef = false;
+    } catch (err2) {
+      const error = err2;
+      if (error.message !== "User has no access to active organisations") {
+        logger.error("OrganisationService", "Failed to load organisations:", err2);
+      }
+      this._error = error;
+      this.retryCount = this.retryCount + 1;
+      this.hasFailedRef = true;
+      this.clearAllCachedData();
+      this._isContextReady = true;
+    } finally {
+      this.isLoadingRef = false;
+      this._isLoading = false;
+      this.abortControllerRef = null;
+      this.notify();
+    }
+  }
+  clearAllCachedData() {
+    localStorage.removeItem("pace-core-selected-organisation");
+    localStorage.removeItem("pace-core-organisation-context");
+    this._selectedOrganisation = null;
+    this._organisations = [];
+    this._userMemberships = [];
+    this._roleMapState = /* @__PURE__ */ new Map();
+    this.retryCount = 0;
+    this._isContextReady = false;
+  }
+};
+_OrganisationService.instanceCount = 0;
+var OrganisationService = _OrganisationService;
+function OrganisationServiceProvider({
+  children,
+  supabaseClient,
+  user,
+  session
+}) {
+  const organisationServiceRef = useRef(null);
+  if (!organisationServiceRef.current) {
+    organisationServiceRef.current = new OrganisationService(supabaseClient, user, session);
+  }
+  const organisationService = organisationServiceRef.current;
+  useEffect(() => {
+    organisationService.updateDependencies(user, session);
+    let isMounted = true;
+    organisationService.initialize().catch((error) => {
+      if (isMounted) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        if (errorMessage === "User has no access to active organisations") {
+          logger.warn("OrganisationServiceProvider", "User has no active organisations (this is expected for users without organisation access):", error);
+        } else {
+          logger.error("OrganisationServiceProvider", "Failed to initialize organisation service:", error);
+        }
+      }
+    });
+    return () => {
+      isMounted = false;
+    };
+  }, [organisationService, user, session]);
+  useEffect(() => {
+    return () => {
+      organisationService.cleanup();
+    };
+  }, [organisationService]);
+  const contextValue = useMemo(() => ({
+    organisationService
+  }), [organisationService]);
+  return /* @__PURE__ */ jsx(OrganisationServiceContext.Provider, { value: contextValue, children });
+}
+
+// src/services/EventService.ts
+var _EventService = class _EventService extends BaseService {
+  constructor(supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId) {
+    super();
+    this.events = [];
+    this.selectedEvent = null;
+    this._isLoading = false;
+    // Start as false to avoid blocking UI
+    this.error = null;
+    // Dependencies
+    this.supabaseClient = null;
+    this.user = null;
+    this.session = null;
+    this.appName = "";
+    this.selectedOrganisation = null;
+    this.setSelectedEventId = null;
+    this.isSuperAdmin = false;
+    // Track super admin status for conditional validation
+    // App config removed - scope is now page-level only (rbac_app_pages.scope_type)
+    // Internal state management
+    this.isInitializedRef = false;
+    this.isFetchingRef = false;
+    this.hasAutoSelectedRef = false;
+    this.userClearedEventRef = false;
+    this.instanceId = ++_EventService.instanceCount;
+    this.supabaseClient = supabaseClient;
+    this.user = user;
+    this.session = session;
+    this.appName = appName;
+    this.selectedOrganisation = selectedOrganisation;
+    this.setSelectedEventId = setSelectedEventId;
+  }
+  getInstanceId() {
+    return this.instanceId;
+  }
+  // Helper method to get user-scoped storage key
+  getStorageKey(userId) {
+    if (!userId) {
+      return "pace-core-selected-event-no-user";
+    }
+    return `pace-core-selected-event-${userId}`;
+  }
+  // Update dependencies
+  async updateDependencies(supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId) {
+    const previousOrgId = this.selectedOrganisation?.id;
+    const newOrgId = selectedOrganisation?.id;
+    const previousUserId = this.user?.id || null;
+    const newUserId = user?.id || null;
+    await this.handleUserChange(previousUserId, newUserId);
+    this.applyNewDependencies(supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId);
+    await this.updateSuperAdminStatus(user);
+    this.handleOrganisationChange(previousOrgId, newOrgId);
+    this.notify();
+  }
+  async handleUserChange(previousUserId, newUserId) {
+    if (previousUserId === newUserId) {
+      return;
+    }
+    if (previousUserId !== null) {
+      await this.clearEventSelectionForUser(previousUserId);
+    }
+    if (newUserId === null) {
+      this.selectedEvent = null;
+      this.setSelectedEventId?.(null);
+    }
+    this.resetInitialization();
+    this.isInitializedRef = false;
+    this.isFetchingRef = false;
+    this.userClearedEventRef = false;
+    this.hasAutoSelectedRef = false;
+  }
+  applyNewDependencies(supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId) {
+    this.supabaseClient = supabaseClient;
+    this.user = user;
+    this.session = session;
+    this.appName = appName;
+    this.selectedOrganisation = selectedOrganisation;
+    this.setSelectedEventId = setSelectedEventId;
+  }
+  async updateSuperAdminStatus(user) {
+    if (!user?.id) {
+      this.isSuperAdmin = false;
+      return;
+    }
+    try {
+      const { isRBACInitialized: isRBACInitialized2, isSuperAdmin: checkSuperAdmin, setupRBAC: setupRBAC2 } = await import('./api-6OQXYT67.js');
+      if (!isRBACInitialized2() && this.supabaseClient) {
+        setupRBAC2(this.supabaseClient);
+      }
+      if (isRBACInitialized2()) {
+        const result = await checkSuperAdmin(user.id);
+        this.isSuperAdmin = result.ok && result.data;
+      } else {
+        logger.warn("EventService", "RBAC not initialized in updateDependencies, keeping existing super admin status", {
+          userId: user.id,
+          existingIsSuperAdmin: this.isSuperAdmin,
+          note: "RBAC should be initialized by UnifiedAuthProvider. This may indicate EventService is being used outside the provider."
+        });
+      }
+    } catch (error) {
+      logger.warn("EventService", "Failed to check super admin status in updateDependencies", {
+        error,
+        userId: user.id,
+        existingIsSuperAdmin: this.isSuperAdmin
+      });
+    }
+  }
+  handleOrganisationChange(previousOrgId, newOrgId) {
+    if (previousOrgId === newOrgId) {
+      return;
+    }
+    this.resetInitialization();
+    this.isInitializedRef = false;
+    this.isFetchingRef = false;
+    const shouldClearEvents = !this.isSuperAdmin;
+    const isFirstOrgSet = (previousOrgId === null || previousOrgId === void 0) && newOrgId !== null && newOrgId !== void 0;
+    if (isFirstOrgSet) {
+      const hadAutoSelectedEvent = this.hasAutoSelectedRef && !!this.selectedEvent;
+      this.userClearedEventRef = false;
+      if (!hadAutoSelectedEvent) {
+        this.hasAutoSelectedRef = false;
+      }
+      logger.debug("EventService", "Organisation first set - preserving event and resetting auto-selection flags", {
+        organisationId: newOrgId,
+        hasSelectedEvent: !!this.selectedEvent,
+        selectedEventId: this.selectedEvent?.event_id,
+        hadAutoSelectedEvent,
+        preservingEvent: hadAutoSelectedEvent,
+        previousOrgId,
+        newOrgId
+      });
+      return;
+    }
+    const switchingOrgs = previousOrgId != null && newOrgId != null && previousOrgId !== newOrgId;
+    const orgRemoved = previousOrgId != null && newOrgId === null;
+    if (switchingOrgs && shouldClearEvents) {
+      this.events = [];
+      this.setSelectedEvent(null);
+    } else if (orgRemoved && shouldClearEvents) {
+      this.events = [];
+      this.setSelectedEvent(null);
+    }
+  }
+  // Event state getters
+  getEvents() {
+    return this.events;
+  }
+  getSelectedEvent() {
+    return this.selectedEvent;
+  }
+  isLoading() {
+    return this._isLoading;
+  }
+  getError() {
+    return this.error;
+  }
+  // Event methods
+  setSelectedEvent(event) {
+    if (event) {
+      const orgId = event.organisation_id;
+      const missingOrg = !orgId || typeof orgId === "string" && orgId.trim() === "";
+      const eventToStore = missingOrg && this.selectedOrganisation?.id ? { ...event, organisation_id: this.selectedOrganisation.id } : event;
+      this.selectedEvent = eventToStore;
+      this.setSelectedEventId?.(event.event_id);
+      this.persistEventSelection(event.event_id).catch((error) => {
+        logger.warn("EventService", "Failed to persist event selection:", error);
+      });
+      this.userClearedEventRef = false;
+    } else {
+      this.selectedEvent?.event_id;
+      this.selectedEvent = null;
+      this.setSelectedEventId?.(null);
+      this.clearEventSelection().catch((error) => {
+        logger.warn("EventService", "Failed to clear event selection:", error);
+      });
+      this.hasAutoSelectedRef = false;
+      this.userClearedEventRef = true;
+    }
+    this.notify();
+  }
+  async refreshEvents() {
+    this.isInitializedRef = false;
+    this.isFetchingRef = false;
+    await this.fetchEvents();
+  }
+  async loadPersistedEvent(events) {
+    try {
+      const userId = this.user?.id || null;
+      if (!userId) {
+        return false;
+      }
+      const storageKey = this.getStorageKey(userId);
+      const persistedEventId = await secureStorage.getItem(storageKey);
+      if (persistedEventId && events.length > 0) {
+        const persistedEvent = events.find((event) => event.event_id === persistedEventId);
+        if (persistedEvent) {
+          this.setSelectedEvent(persistedEvent);
+          return true;
+        } else {
+          await secureStorage.removeItem(storageKey);
+        }
+      }
+    } catch (error) {
+      logger.warn("EventService", "Failed to load persisted event:", error);
+    }
+    return false;
+  }
+  /**
+   * Restore persisted event after login screen has rendered
+   * This should be called explicitly from login page component
+   * 
+   * @returns Promise<boolean> - true if event was successfully restored, false otherwise
+   */
+  async restorePersistedEvent() {
+    if (this.events.length === 0) {
+      return false;
+    }
+    return await this.loadPersistedEvent(this.events);
+  }
+  async persistEventSelection(eventId) {
+    try {
+      const userId = this.user?.id || null;
+      const storageKey = this.getStorageKey(userId);
+      await secureStorage.setItem(storageKey, eventId, { encrypt: true });
+    } catch (error) {
+      logger.warn("EventService", "Failed to persist event selection:", error);
+    }
+  }
+  async clearEventSelection() {
+    try {
+      const userId = this.user?.id || null;
+      const storageKey = this.getStorageKey(userId);
+      await secureStorage.removeItem(storageKey);
+      this.selectedEvent = null;
+      this.setSelectedEventId?.(null);
+    } catch (error) {
+      logger.warn("EventService", "Failed to clear event selection:", error);
+    }
+  }
+  /**
+   * Clear event selection for a specific user (used when user logs out or changes)
+   */
+  async clearEventSelectionForUser(userId) {
+    try {
+      if (!userId) return;
+      const storageKey = this.getStorageKey(userId);
+      await secureStorage.removeItem(storageKey);
+    } catch (error) {
+      logger.warn("EventService", "Failed to clear event selection for user:", error);
+    }
+  }
+  autoSelectNextEvent(events) {
+    const nextEvent = this.getNextEventByDate(events);
+    if (nextEvent) {
+      this.setSelectedEvent(nextEvent);
+    }
+  }
+  // Lifecycle methods
+  async initialize() {
+    await super.initialize();
+  }
+  cleanup() {
+    super.cleanup();
+  }
+  async doInitialize() {
+    if (this.isInitializedRef) {
+      return;
+    }
+    if (this.isFetchingRef) {
+      return;
+    }
+    try {
+      sessionStorage.removeItem("pace-core-selected-event");
+      localStorage.removeItem("pace-core-selected-event");
+      localStorage.removeItem("_sec_pace-core-selected-event");
+    } catch (error) {
+      logger.warn("EventService", "Failed to clean up old storage keys:", error);
+    }
+    if (!this.user) {
+      return;
+    }
+    await this.fetchEvents(false);
+    this.isInitializedRef = true;
+  }
+  doCleanup() {
+  }
+  async resolveOrganisationIdForRpc() {
+    let userIsSuperAdmin = this.isSuperAdmin;
+    try {
+      const { isRBACInitialized: isRBACInitialized2, isSuperAdmin: checkSuperAdmin, setupRBAC: setupRBAC2 } = await import('./api-6OQXYT67.js');
+      if (!isRBACInitialized2() && this.supabaseClient) {
+        setupRBAC2(this.supabaseClient);
+      }
+      if (isRBACInitialized2()) {
+        const result = await checkSuperAdmin(this.user.id);
+        userIsSuperAdmin = result.ok && result.data;
+        this.isSuperAdmin = userIsSuperAdmin;
+      } else {
+        if (this.isSuperAdmin) {
+          userIsSuperAdmin = true;
+          logger.warn("EventService", "RBAC not initialized, using cached super admin status", {
+            userId: this.user.id,
+            cachedIsSuperAdmin: this.isSuperAdmin,
+            note: "RBAC should be initialized by UnifiedAuthProvider. This may indicate EventService is being used outside the provider."
+          });
+        } else {
+          logger.warn("EventService", "RBAC not initialized, using cached non-super-admin status", {
+            userId: this.user.id,
+            cachedIsSuperAdmin: this.isSuperAdmin,
+            note: "RBAC should be initialized by UnifiedAuthProvider. This may indicate EventService is being used outside the provider."
+          });
+        }
+      }
+      if (userIsSuperAdmin) {
+        return null;
+      }
+      if (this.selectedEvent) {
+        return this.selectedEvent.organisation_id;
+      }
+      if (this.selectedOrganisation) {
+        return this.selectedOrganisation.id;
+      }
+      return null;
+    } catch (superAdminCheckError) {
+      if (this.isSuperAdmin) {
+        logger.warn("EventService", "Super admin check failed, using cached super admin status", {
+          error: superAdminCheckError,
+          cachedIsSuperAdmin: this.isSuperAdmin
+        });
+        return null;
+      }
+      logger.warn("EventService", "Failed to check super admin status, using organisation-scoped query", {
+        error: superAdminCheckError,
+        cachedIsSuperAdmin: this.isSuperAdmin
+      });
+      if (this.selectedEvent) {
+        return this.selectedEvent.organisation_id;
+      }
+      if (this.selectedOrganisation) {
+        return this.selectedOrganisation.id;
+      }
+      return null;
+    }
+  }
+  transformRpcDataToEvents(data) {
+    const eventsData = Array.isArray(data) ? data : [];
+    const transformed = eventsData.map((event) => ({
+      id: event.event_id,
+      event_id: event.event_id,
+      event_name: event.event_name,
+      event_code: event.event_code,
+      event_date: event.event_date ?? void 0,
+      event_venue: event.event_venue ?? void 0,
+      event_participants: event.event_participants ?? void 0,
+      event_colours: event.event_colours,
+      event_logo: "",
+      organisation_id: assertOrganisationId(event.organisation_id),
+      is_visible: event.is_visible,
+      created_at: (/* @__PURE__ */ new Date()).toISOString(),
+      updated_at: (/* @__PURE__ */ new Date()).toISOString()
+    }));
+    return [...transformed].sort((a, b) => {
+      if (a.event_date && b.event_date) {
+        return new Date(b.event_date).getTime() - new Date(a.event_date).getTime();
+      }
+      if (a.event_date && !b.event_date) return -1;
+      if (!a.event_date && b.event_date) return 1;
+      return 0;
+    });
+  }
+  validateSelectedEventInList(events) {
+    if (!this.selectedEvent) {
+      return;
+    }
+    const selectedEventId = this.selectedEvent.event_id;
+    const eventStillExists = events.some((e) => e.event_id === selectedEventId);
+    if (!eventStillExists) {
+      const previousUserClearedRef = this.userClearedEventRef;
+      this.selectedEvent = null;
+      this.setSelectedEventId?.(null);
+      this.userClearedEventRef = previousUserClearedRef;
+    }
+  }
+  async runPersistedOrAutoSelection(events, skipLoadPersisted) {
+    this.hasAutoSelectedRef = false;
+    if (!skipLoadPersisted) {
+      const persistedEventLoaded = await this.loadPersistedEvent(events);
+      if (!persistedEventLoaded && !this.userClearedEventRef) {
+        const nextEvent = this.getNextEventByDate(events);
+        if (nextEvent) {
+          this.hasAutoSelectedRef = true;
+          this.setSelectedEvent(nextEvent);
+        }
+      }
+    } else if (!this.userClearedEventRef) {
+      const nextEvent = this.getNextEventByDate(events);
+      if (nextEvent) {
+        this.hasAutoSelectedRef = true;
+        this.setSelectedEvent(nextEvent);
+      }
+    }
+  }
+  async fetchEvents(skipLoadPersisted = false) {
+    if (!this.user || !this.session || !this.supabaseClient || !this.appName) {
+      this.notify();
+      return;
+    }
+    this._isLoading = true;
+    this.notify();
+    if (this.isFetchingRef) {
+      return;
+    }
+    this.isFetchingRef = true;
+    const isMounted = true;
+    try {
+      const organisationIdForRpc = await this.resolveOrganisationIdForRpc();
+      const { data, error: rpcError } = await this.supabaseClient.rpc("data_user_events_get", {
+        p_user_id: this.user.id,
+        p_organisation_id: organisationIdForRpc,
+        p_app_name: this.appName
+      });
+      if (rpcError) {
+        logger.error("EventService", "RPC error fetching events:", rpcError);
+        throw new Error(rpcError.message || "Failed to fetch events");
+      }
+      if (isMounted) {
+        const transformedEvents = this.transformRpcDataToEvents(data ?? []);
+        this.events = transformedEvents;
+        this.error = null;
+        this.validateSelectedEventInList(transformedEvents);
+        await this.runPersistedOrAutoSelection(transformedEvents, skipLoadPersisted);
+      }
+    } catch (err2) {
+      logger.error("EventService", "Error fetching events:", err2);
+      const _error = err2 instanceof Error ? err2 : new Error("Unknown error occurred");
+      {
+        this.error = _error;
+        this.events = [];
+      }
+    } finally {
+      {
+        this._isLoading = false;
+      }
+      this.isFetchingRef = false;
+      this.notify();
+    }
+  }
+  getNextEventByDate(events) {
+    const eventsToUse = events || this.events;
+    if (!eventsToUse || eventsToUse.length === 0) {
+      return null;
+    }
+    const now = /* @__PURE__ */ new Date();
+    const startOfToday = new Date(now.getFullYear(), now.getMonth(), now.getDate()).getTime();
+    const futureEvents = eventsToUse.filter((event) => {
+      if (!event.event_date) return false;
+      const eventDate = new Date(event.event_date);
+      const startOfEventDate = new Date(eventDate.getFullYear(), eventDate.getMonth(), eventDate.getDate()).getTime();
+      return startOfEventDate >= startOfToday;
+    });
+    if (futureEvents.length > 0) {
+      const sortedFutureEvents = futureEvents.sort((a, b) => {
+        const dateA = new Date(a.event_date);
+        const dateB = new Date(b.event_date);
+        return dateA.getTime() - dateB.getTime();
+      });
+      return sortedFutureEvents[0];
+    }
+    const pastEvents = eventsToUse.filter((event) => {
+      if (!event.event_date) return false;
+      const eventDate = new Date(event.event_date);
+      const startOfEventDate = new Date(eventDate.getFullYear(), eventDate.getMonth(), eventDate.getDate()).getTime();
+      return startOfEventDate < startOfToday;
+    });
+    if (pastEvents.length > 0) {
+      const sortedPastEvents = pastEvents.sort((a, b) => {
+        const dateA = new Date(a.event_date);
+        const dateB = new Date(b.event_date);
+        return dateB.getTime() - dateA.getTime();
+      });
+      return sortedPastEvents[0];
+    }
+    return null;
+  }
+};
+_EventService.instanceCount = 0;
+var EventService = _EventService;
+var EventServiceContext = createContext(null);
+function EventServiceProvider({
+  children,
+  supabaseClient,
+  user,
+  session,
+  appName,
+  selectedOrganisation,
+  setSelectedEventId
+}) {
+  const eventServiceRef = useRef(null);
+  const initializingRef = useRef(false);
+  if (!eventServiceRef.current) {
+    eventServiceRef.current = new EventService(supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId);
+  }
+  const eventService = eventServiceRef.current;
+  useEffect(() => {
+    let isMounted = true;
+    if (initializingRef.current) {
+      return;
+    }
+    const updateAndInitialize = async () => {
+      initializingRef.current = true;
+      try {
+        await eventService.updateDependencies(supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId).catch((error) => {
+          if (isMounted) {
+            logger.error("EventServiceProvider", "Failed to update event service dependencies:", error);
+          }
+          return;
+        });
+        if (!isMounted) return;
+        if (user && session && supabaseClient && appName) {
+          await eventService.initialize().catch((error) => {
+            if (isMounted) {
+              logger.error("EventServiceProvider", "Failed to initialize event service:", error);
+            }
+          });
+        } else {
+        }
+      } finally {
+        initializingRef.current = false;
+      }
+    };
+    updateAndInitialize();
+    return () => {
+      isMounted = false;
+      initializingRef.current = false;
+    };
+  }, [supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId, eventService]);
+  useEffect(() => {
+    return () => {
+      eventService.cleanup();
+    };
+  }, [eventService]);
+  const contextValue = useMemo(() => ({
+    eventService
+  }), [eventService]);
+  return /* @__PURE__ */ jsx(EventServiceContext.Provider, { value: contextValue, children });
+}
+var InactivityServiceContext = createContext(null);
+
+// src/services/InactivityService.ts
+var InactivityService = class extends BaseService {
+  constructor(supabaseClient, user, session, idleTimeoutMs = 30 * 60 * 1e3, warnBeforeMs = 60 * 1e3, onIdleLogout) {
+    super();
+    this._showInactivityWarning = false;
+    this._inactivityTimeRemaining = 0;
+    this._isIdle = false;
+    this._timeRemaining = 0;
+    this._showWarning = false;
+    this._isTracking = false;
+    // Dependencies
+    this.supabaseClient = null;
+    this.user = null;
+    this.session = null;
+    this.idleTimeoutMs = 30 * 60 * 1e3;
+    // 30 minutes
+    this.warnBeforeMs = 60 * 1e3;
+    // 60 seconds
+    this.onIdleLogout = null;
+    // Internal state management
+    this.inactivityTracker = null;
+    this.isInactivityEnabled = true;
+    this.cleanupHandlers = null;
+    this.supabaseClient = supabaseClient;
+    this.user = user;
+    this.session = session;
+    this.idleTimeoutMs = idleTimeoutMs;
+    this.warnBeforeMs = warnBeforeMs;
+    this.onIdleLogout = onIdleLogout;
+    this._timeRemaining = idleTimeoutMs;
+  }
+  // Interface implementation
+  isIdle() {
+    return this._isIdle;
+  }
+  getTimeRemaining() {
+    return this._timeRemaining;
+  }
+  isWarningShown() {
+    return this._showWarning;
+  }
+  isTracking() {
+    return this._isTracking;
+  }
+  getShowInactivityWarning() {
+    return this._showInactivityWarning;
+  }
+  getInactivityTimeRemaining() {
+    return this._inactivityTimeRemaining;
+  }
+  // Additional getter methods that tests expect
+  getIsIdle() {
+    return this._isIdle;
+  }
+  getIsTracking() {
+    return this._isTracking;
+  }
+  getShowWarning() {
+    return this._showWarning;
+  }
+  // Additional methods for testing
+  setShowInactivityWarning(value) {
+    this._showInactivityWarning = value;
+    this.notify();
+  }
+  setInactivityTimeRemaining(value) {
+    this._inactivityTimeRemaining = value;
+    this.notify();
+  }
+  setIsIdle(value) {
+    this._isIdle = value;
+    this.notify();
+  }
+  setTimeRemaining(value) {
+    this._timeRemaining = value;
+    this.notify();
+  }
+  setShowWarning(value) {
+    this._showWarning = value;
+    this.notify();
+  }
+  setIsTracking(value) {
+    this._isTracking = value;
+    this.notify();
+  }
+  triggerWarning(timeRemaining) {
+    this._showInactivityWarning = true;
+    this._inactivityTimeRemaining = Math.ceil(timeRemaining / 1e3);
+    this._showWarning = true;
+    this.notify();
+  }
+  triggerIdle() {
+    this._isIdle = true;
+    this.handleIdleLogout();
+    this.notify();
+  }
+  // Update dependencies
+  updateDependencies(supabaseClient, user, session, idleTimeoutMs, warnBeforeMs, onIdleLogout) {
+    this.supabaseClient = supabaseClient;
+    this.user = user;
+    this.session = session;
+    if (idleTimeoutMs !== void 0) this.idleTimeoutMs = idleTimeoutMs;
+    if (warnBeforeMs !== void 0) this.warnBeforeMs = warnBeforeMs;
+    if (onIdleLogout !== void 0) this.onIdleLogout = onIdleLogout;
+    this.notify();
+  }
+  // Inactivity methods
+  resetActivity() {
+    if (this.inactivityTracker) {
+      this.inactivityTracker.resetActivity();
+    }
+    const prevIsIdle = this._isIdle;
+    const prevShowWarning = this._showWarning;
+    const prevShowInactivityWarning = this._showInactivityWarning;
+    const prevInactivityTimeRemaining = this._inactivityTimeRemaining;
+    const prevTimeRemaining = this._timeRemaining;
+    this._isIdle = false;
+    this._showWarning = false;
+    this._showInactivityWarning = false;
+    this._inactivityTimeRemaining = 0;
+    this._timeRemaining = this.idleTimeoutMs;
+    if (prevIsIdle !== this._isIdle || prevShowWarning !== this._showWarning || prevShowInactivityWarning !== this._showInactivityWarning || prevInactivityTimeRemaining !== this._inactivityTimeRemaining || prevTimeRemaining !== this._timeRemaining) {
+      this.notify();
+    }
+  }
+  startTracking() {
+    if (this.inactivityTracker) {
+      this.inactivityTracker.startTracking();
+    }
+    this._isTracking = true;
+    this.notify();
+  }
+  stopTracking() {
+    if (this.inactivityTracker) {
+      this.inactivityTracker.stopTracking();
+    }
+    this._isTracking = false;
+    this.notify();
+  }
+  async handleIdleLogout() {
+    this._showInactivityWarning = false;
+    this._inactivityTimeRemaining = 0;
+    this.stopTracking();
+    try {
+      if (this.supabaseClient) {
+        await this.supabaseClient.auth.signOut();
+      }
+    } catch (error) {
+      logger.error("InactivityService", "Error during idle logout:", error);
+    }
+    try {
+      sessionStorage.clear();
+    } catch (storageError) {
+      logger.warn("InactivityService", "Failed to clear sessionStorage", { error: storageError });
+    }
+    this.onIdleLogout?.("inactivity");
+    this.notify();
+  }
+  handleStaySignedIn() {
+    this._showInactivityWarning = false;
+    this._inactivityTimeRemaining = 0;
+    this.resetActivity();
+    this.notify();
+  }
+  async handleSignOutNow() {
+    this._showInactivityWarning = false;
+    this._inactivityTimeRemaining = 0;
+    this.stopTracking();
+    try {
+      if (this.supabaseClient) {
+        await this.supabaseClient.auth.signOut();
+      }
+    } catch (error) {
+      logger.error("InactivityService", "Error during manual sign out:", error);
+    }
+    try {
+      sessionStorage.clear();
+    } catch (storageError) {
+      logger.warn("InactivityService", "Failed to clear sessionStorage", { error: storageError });
+    }
+    this.onIdleLogout?.("inactivity");
+    this.notify();
+  }
+  // Lifecycle methods
+  async initialize() {
+    await super.initialize();
+    await this.setupInactivityTracker();
+  }
+  cleanup() {
+    if (this.cleanupHandlers) {
+      this.cleanupHandlers();
+      this.cleanupHandlers = null;
+    }
+    if (this.inactivityTracker) {
+      this.inactivityTracker = null;
+    }
+    this._isTracking = false;
+    this._isIdle = false;
+    this._showWarning = false;
+    this._showInactivityWarning = false;
+    this._timeRemaining = 0;
+    this._inactivityTimeRemaining = 0;
+    super.cleanup();
+  }
+  async doInitialize() {
+    if (typeof window !== "undefined") {
+      const isProduction = import.meta.env.MODE === "production";
+      if (isProduction) {
+        logger.warn("InactivityService", "Inactivity feature enabled in production");
+      }
+    }
+  }
+  doCleanup() {
+  }
+  async setupInactivityTracker() {
+    if (typeof window === "undefined") return;
+    this.isInactivityEnabled = !!(this.user && this.session);
+    if (!this.isInactivityEnabled) {
+      return;
+    }
+    this.setupEventHandlers();
+  }
+  runUpdateState(ctx, forceNotify = false) {
+    const now = Date.now();
+    const timeSinceActivity = now - ctx.lastActivity;
+    const timeUntilIdle = this.idleTimeoutMs - timeSinceActivity;
+    const newIsIdle = timeSinceActivity >= this.idleTimeoutMs;
+    const newShowWarning = timeSinceActivity >= this.idleTimeoutMs - this.warnBeforeMs && !newIsIdle;
+    const newShowInactivityWarning = newShowWarning;
+    const newInactivityTimeRemaining = newShowWarning ? Math.ceil(timeUntilIdle / 1e3) : 0;
+    const newTimeRemaining = Math.max(0, timeUntilIdle);
+    const stateChanged = ctx.prevIsIdle !== newIsIdle || ctx.prevShowWarning !== newShowWarning || ctx.prevShowInactivityWarning !== newShowInactivityWarning || newShowWarning && ctx.prevInactivityTimeRemaining !== newInactivityTimeRemaining || ctx.prevTimeRemaining !== newTimeRemaining;
+    if (stateChanged || forceNotify) {
+      this._isIdle = newIsIdle;
+      this._showWarning = newShowWarning;
+      this._showInactivityWarning = newShowInactivityWarning;
+      this._inactivityTimeRemaining = newInactivityTimeRemaining;
+      this._timeRemaining = newTimeRemaining;
+      ctx.prevIsIdle = newIsIdle;
+      ctx.prevShowWarning = newShowWarning;
+      ctx.prevShowInactivityWarning = newShowInactivityWarning;
+      ctx.prevInactivityTimeRemaining = newInactivityTimeRemaining;
+      ctx.prevTimeRemaining = newTimeRemaining;
+      if (stateChanged) {
+        this.notify();
+      }
+      if (newIsIdle) {
+        this.handleIdleLogout();
+      }
+    }
+  }
+  runScheduleNextCheck(ctx) {
+    if (ctx.warningTimer) {
+      clearTimeout(ctx.warningTimer);
+      ctx.warningTimer = null;
+    }
+    if (ctx.logoutTimer) {
+      clearTimeout(ctx.logoutTimer);
+      ctx.logoutTimer = null;
+    }
+    if (ctx.countdownInterval) {
+      clearInterval(ctx.countdownInterval);
+      ctx.countdownInterval = null;
+    }
+    const getTimeUntilWarning = () => Math.max(0, this.idleTimeoutMs - this.warnBeforeMs - (Date.now() - ctx.lastActivity));
+    const getTimeUntilLogout = () => Math.max(0, this.idleTimeoutMs - (Date.now() - ctx.lastActivity));
+    const timeUntilWarning = getTimeUntilWarning();
+    const timeUntilLogout = getTimeUntilLogout();
+    const timeSinceActivity = Date.now() - ctx.lastActivity;
+    if (timeSinceActivity >= this.idleTimeoutMs) {
+      return;
+    }
+    if (timeSinceActivity >= this.idleTimeoutMs - this.warnBeforeMs) {
+      this.runUpdateState(ctx);
+      ctx.countdownInterval = setInterval(() => {
+        this.runUpdateState(ctx);
+        if (Date.now() - ctx.lastActivity >= this.idleTimeoutMs) {
+          if (ctx.countdownInterval) {
+            clearInterval(ctx.countdownInterval);
+            ctx.countdownInterval = null;
+          }
+          this.handleIdleLogout();
+        }
+      }, 1e3);
+      ctx.logoutTimer = setTimeout(() => {
+        if (ctx.countdownInterval) {
+          clearInterval(ctx.countdownInterval);
+          ctx.countdownInterval = null;
+        }
+        this.handleIdleLogout();
+      }, timeUntilLogout);
+    } else {
+      const timeUntilWarningMs = timeUntilWarning;
+      const adaptiveInterval = timeUntilWarningMs > 5 * 60 * 1e3 ? 60 * 1e3 : timeUntilWarningMs > 60 * 1e3 ? 10 * 1e3 : 1e3;
+      ctx.warningTimer = setTimeout(() => {
+        this.runUpdateState(ctx);
+        this.runScheduleNextCheck(ctx);
+      }, Math.min(adaptiveInterval, timeUntilWarningMs));
+    }
+  }
+  runResetTimers(ctx) {
+    ctx.lastActivity = Date.now();
+    if (ctx.warningTimer) {
+      clearTimeout(ctx.warningTimer);
+      ctx.warningTimer = null;
+    }
+    if (ctx.logoutTimer) {
+      clearTimeout(ctx.logoutTimer);
+      ctx.logoutTimer = null;
+    }
+    if (ctx.countdownInterval) {
+      clearInterval(ctx.countdownInterval);
+      ctx.countdownInterval = null;
+    }
+    const hadWarning = this._showWarning || this._showInactivityWarning;
+    this._showInactivityWarning = false;
+    this._inactivityTimeRemaining = 0;
+    this._isIdle = false;
+    this._showWarning = false;
+    this._timeRemaining = this.idleTimeoutMs;
+    ctx.prevIsIdle = false;
+    ctx.prevShowWarning = false;
+    ctx.prevShowInactivityWarning = false;
+    ctx.prevInactivityTimeRemaining = 0;
+    ctx.prevTimeRemaining = this.idleTimeoutMs;
+    if (hadWarning) {
+      this.notify();
+    }
+    this.runScheduleNextCheck(ctx);
+  }
+  setupEventHandlers() {
+    if (typeof window === "undefined") return;
+    const ctx = {
+      warningTimer: null,
+      logoutTimer: null,
+      countdownInterval: null,
+      activityThrottleTimer: null,
+      lastActivity: Date.now(),
+      prevIsIdle: false,
+      prevShowWarning: false,
+      prevShowInactivityWarning: false,
+      prevInactivityTimeRemaining: 0,
+      prevTimeRemaining: this.idleTimeoutMs
+    };
+    const activityEvents = ["mousedown", "mousemove", "keypress", "scroll", "touchstart", "click"];
+    const handleActivity = () => {
+      if (ctx.activityThrottleTimer) return;
+      ctx.activityThrottleTimer = setTimeout(() => {
+        ctx.activityThrottleTimer = null;
+        this.runResetTimers(ctx);
+      }, 1e3);
+    };
+    activityEvents.forEach((event) => {
+      document.addEventListener(event, handleActivity, true);
+    });
+    this.runUpdateState(ctx, true);
+    this.runScheduleNextCheck(ctx);
+    this.cleanupHandlers = () => {
+      if (ctx.warningTimer) {
+        clearTimeout(ctx.warningTimer);
+        ctx.warningTimer = null;
+      }
+      if (ctx.logoutTimer) {
+        clearTimeout(ctx.logoutTimer);
+        ctx.logoutTimer = null;
+      }
+      if (ctx.countdownInterval) {
+        clearInterval(ctx.countdownInterval);
+        ctx.countdownInterval = null;
+      }
+      if (ctx.activityThrottleTimer) {
+        clearTimeout(ctx.activityThrottleTimer);
+        ctx.activityThrottleTimer = null;
+      }
+      activityEvents.forEach((event) => {
+        document.removeEventListener(event, handleActivity, true);
+      });
+      this._isTracking = false;
+      this._isIdle = false;
+      this._showWarning = false;
+      this._timeRemaining = 0;
+      this._showInactivityWarning = false;
+      this._inactivityTimeRemaining = 0;
+    };
+    this._isTracking = true;
+  }
+};
+function InactivityServiceProvider({
+  children,
+  supabaseClient,
+  user,
+  session,
+  idleTimeoutMs,
+  // REQUIRED: No default - must be explicitly provided
+  warnBeforeMs,
+  // REQUIRED: No default - must be explicitly provided
+  onIdleLogout
+}) {
+  const inactivityServiceRef = useRef(null);
+  if (!inactivityServiceRef.current) {
+    inactivityServiceRef.current = new InactivityService(supabaseClient, user, session, idleTimeoutMs, warnBeforeMs, onIdleLogout);
+  }
+  const inactivityService = inactivityServiceRef.current;
+  useEffect(() => {
+    inactivityService.updateDependencies(supabaseClient, user, session, idleTimeoutMs, warnBeforeMs, onIdleLogout);
+    let isMounted = true;
+    inactivityService.initialize().catch((error) => {
+      if (isMounted) {
+        logger.error("InactivityServiceProvider", "Failed to initialize inactivity service:", error);
+      }
+    });
+    return () => {
+      isMounted = false;
+    };
+  }, [inactivityService, supabaseClient, user, session, idleTimeoutMs, warnBeforeMs, onIdleLogout]);
+  useEffect(() => {
+    return () => {
+      inactivityService.cleanup();
+    };
+  }, [inactivityService]);
+  const contextValue = useMemo(() => ({
+    inactivityService
+  }), [inactivityService]);
+  return /* @__PURE__ */ jsx(InactivityServiceContext.Provider, { value: contextValue, children });
+}
+function useAuthService() {
+  const context = useContext(AuthServiceContext);
+  if (!context) {
+    throw new Error("useAuthService must be used within AuthServiceProvider");
+  }
+  const [, forceUpdate] = useReducer((x) => x + 1, 0);
+  const timeoutRef = useRef(null);
+  useEffect(() => {
+    const debouncedUpdate = () => {
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+      timeoutRef.current = setTimeout(() => {
+        forceUpdate();
+        timeoutRef.current = null;
+      }, 50);
+    };
+    const unsubscribe = context.authService.subscribe(debouncedUpdate);
+    return () => {
+      unsubscribe();
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+    };
+  }, [context.authService]);
+  return context.authService;
+}
+function useOrganisationService() {
+  const context = useContext(OrganisationServiceContext);
+  if (!context) {
+    throw new Error("useOrganisationService must be used within OrganisationServiceProvider");
+  }
+  const [, forceUpdate] = useReducer((x) => x + 1, 0);
+  const timeoutRef = useRef(null);
+  useEffect(() => {
+    const debouncedUpdate = () => {
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+      timeoutRef.current = setTimeout(() => {
+        forceUpdate();
+        timeoutRef.current = null;
+      }, 50);
+    };
+    const unsubscribe = context.organisationService.subscribe(debouncedUpdate);
+    return () => {
+      unsubscribe();
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+    };
+  }, [context.organisationService]);
+  return context.organisationService;
+}
+
+// src/hooks/useOrganisations.ts
+function useOrganisations() {
+  const organisationService = useOrganisationService();
+  const selectedOrg = organisationService.getSelectedOrganisation();
+  return {
+    selectedOrganisation: selectedOrg,
+    organisations: organisationService.getOrganisations(),
+    userMemberships: organisationService.getUserMemberships(),
+    isLoading: organisationService.isLoading(),
+    error: organisationService.getError(),
+    hasValidOrganisationContext: organisationService.hasValidOrganisationContext(),
+    isContextReady: organisationService.isContextReady(),
+    setSelectedOrganisation: (org) => organisationService.setSelectedOrganisation(org),
+    switchOrganisation: (orgId) => organisationService.switchOrganisation(orgId),
+    getUserRole: (orgId) => organisationService.getUserRole(orgId),
+    validateOrganisationAccess: (orgId) => organisationService.validateOrganisationAccess(orgId),
+    refreshOrganisations: () => organisationService.refreshOrganisations(),
+    ensureOrganisationContext: () => organisationService.ensureOrganisationContext(),
+    isOrganisationSecure: () => organisationService.isOrganisationSecure(),
+    getPrimaryOrganisation: () => organisationService.getPrimaryOrganisation()
+  };
+}
+function useEventService() {
+  const context = useContext(EventServiceContext);
+  if (!context) {
+    throw new Error("useEventService must be used within EventServiceProvider");
+  }
+  const [, forceUpdate] = useReducer((x) => x + 1, 0);
+  const timeoutRef = useRef(null);
+  useEffect(() => {
+    const debouncedUpdate = () => {
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+      timeoutRef.current = setTimeout(() => {
+        forceUpdate();
+        timeoutRef.current = null;
+      }, 50);
+    };
+    const unsubscribe = context.eventService.subscribe(debouncedUpdate);
+    return () => {
+      unsubscribe();
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+    };
+  }, [context.eventService]);
+  return context.eventService;
+}
+function useInactivityService() {
+  const context = useContext(InactivityServiceContext);
+  if (!context) {
+    throw new Error("useInactivityService must be used within InactivityServiceProvider");
+  }
+  const [, forceUpdate] = useReducer((x) => x + 1, 0);
+  const timeoutRef = useRef(null);
+  useEffect(() => {
+    const debouncedUpdate = () => {
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+      timeoutRef.current = setTimeout(() => {
+        forceUpdate();
+        timeoutRef.current = null;
+      }, 50);
+    };
+    const unsubscribe = context.inactivityService.subscribe(debouncedUpdate);
+    return () => {
+      unsubscribe();
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+    };
+  }, [context.inactivityService]);
+  return context.inactivityService;
+}
+var log = createLogger("useSessionRestoration");
+var SESSION_RESTORATION_TIMEOUT_MS = 1e4;
+function useSessionRestoration() {
+  const context = useContext(AuthServiceContext);
+  if (!context) {
+    throw new Error("useSessionRestoration must be used within AuthServiceProvider");
+  }
+  const { sessionRestoration } = context;
+  const [hasTimedOut, setHasTimedOut] = useState(false);
+  useEffect(() => {
+    let timeoutHandle = null;
+    if (sessionRestoration.isRestoring && !sessionRestoration.restorationComplete && !sessionRestoration.restorationError) {
+      setHasTimedOut(false);
+      timeoutHandle = setTimeout(() => {
+        log.warn("Session restoration timed out");
+        setHasTimedOut(true);
+      }, SESSION_RESTORATION_TIMEOUT_MS);
+    } else {
+      setHasTimedOut(false);
+    }
+    return () => {
+      if (timeoutHandle) {
+        clearTimeout(timeoutHandle);
+      }
+    };
+  }, [
+    sessionRestoration.isRestoring,
+    sessionRestoration.restorationComplete,
+    sessionRestoration.restorationError
+  ]);
+  return useMemo(() => ({
+    ...sessionRestoration,
+    hasTimedOut,
+    timeoutMs: SESSION_RESTORATION_TIMEOUT_MS
+  }), [sessionRestoration, hasTimedOut]);
+}
+var UnifiedAuthContext = createContext(void 0);
+function useUnifiedAuth() {
+  const context = useContext(UnifiedAuthContext);
+  if (!context) {
+    logger.error("useUnifiedAuth", "useUnifiedAuth must be used within a UnifiedAuthProvider");
+    throw new Error("useUnifiedAuth must be used within a UnifiedAuthProvider");
+  }
+  return context;
+}
+function useAppIdResolution(supabase, appName, isAuth, currentUserId) {
+  const [appId, setAppId] = useState(void 0);
+  const isResolvingAppIdRef = useRef(false);
+  const resolvedAppIdRef = useRef(void 0);
+  const resolvedUserIdRef = useRef(void 0);
+  useEffect(() => {
+    if (!isAuth) {
+      resolvedAppIdRef.current = void 0;
+      resolvedUserIdRef.current = void 0;
+      setAppId(void 0);
+      return;
+    }
+    if (currentUserId && resolvedUserIdRef.current && resolvedUserIdRef.current !== currentUserId) {
+      resolvedAppIdRef.current = void 0;
+      resolvedUserIdRef.current = void 0;
+      setAppId(void 0);
+    }
+    const shouldResolve = isAuth && currentUserId && supabase && appName && resolvedUserIdRef.current !== currentUserId && !isResolvingAppIdRef.current;
+    if (!shouldResolve) return;
+    isResolvingAppIdRef.current = true;
+    resolvedUserIdRef.current = currentUserId;
+    const userId = currentUserId;
+    const appNameValue = appName;
+    import('./api-6OQXYT67.js').then(async ({ resolveAppContext, setupRBAC: setupRBAC2 }) => {
+      try {
+        setupRBAC2(supabase);
+        const result = await resolveAppContext({ userId, appName: appNameValue });
+        if (result.ok && result.data?.appId) {
+          const appIdValue = result.data.appId;
+          resolvedAppIdRef.current = appIdValue;
+          setAppId(appIdValue);
+        } else {
+          resolvedUserIdRef.current = void 0;
+        }
+      } catch (error) {
+        logger.error("UnifiedAuthProvider", "Failed to resolve appId on login", {
+          error: error instanceof Error ? error.message : String(error),
+          appName: appNameValue,
+          userId
+        });
+        resolvedUserIdRef.current = void 0;
+      } finally {
+        isResolvingAppIdRef.current = false;
+      }
+    }).catch((importError) => {
+      logger.error("UnifiedAuthProvider", "Failed to import RBAC API", importError);
+      isResolvingAppIdRef.current = false;
+      resolvedUserIdRef.current = void 0;
+    });
+  }, [isAuth, currentUserId, supabase, appName]);
+  return appId;
+}
+function useUnifiedAuthSubscriptions(authService, organisationService, eventService, inactivityService) {
+  const [, forceUpdate] = useReducer((x) => x + 1, 0);
+  const forceUpdateTimeoutRef = useRef(null);
+  const debouncedForceUpdate = useCallback(() => {
+    if (forceUpdateTimeoutRef.current) clearTimeout(forceUpdateTimeoutRef.current);
+    forceUpdateTimeoutRef.current = setTimeout(() => {
+      forceUpdate();
+      forceUpdateTimeoutRef.current = null;
+    }, 100);
+  }, [forceUpdate]);
+  const authServiceRef = useRef(authService);
+  const organisationServiceRef = useRef(organisationService);
+  const eventServiceRef = useRef(eventService);
+  const inactivityServiceRef = useRef(inactivityService);
+  useEffect(() => {
+    authServiceRef.current = authService;
+    organisationServiceRef.current = organisationService;
+    eventServiceRef.current = eventService;
+    inactivityServiceRef.current = inactivityService;
+  }, [authService, organisationService, eventService, inactivityService]);
+  useEffect(() => {
+    const unsubAuth = authServiceRef.current.subscribe(debouncedForceUpdate);
+    const unsubOrg = organisationServiceRef.current.subscribe(debouncedForceUpdate);
+    const unsubEvent = eventServiceRef.current.subscribe(debouncedForceUpdate);
+    const unsubInactivity = inactivityServiceRef.current.subscribe(debouncedForceUpdate);
+    return () => {
+      unsubAuth();
+      unsubOrg();
+      unsubEvent();
+      unsubInactivity();
+      if (forceUpdateTimeoutRef.current) clearTimeout(forceUpdateTimeoutRef.current);
+    };
+  }, [debouncedForceUpdate]);
+}
+function useUnifiedAuthContextValue(state, callbacks, appId, appName, supabase) {
+  return useMemo(
+    () => {
+      const selectedOrganisationId = state.selectedOrganisation?.id ?? state.selectedEvent?.organisation_id ?? null;
+      return {
+        user: state.currentUser,
+        session: state.currentSession,
+        isAuthenticated: state.isAuth,
+        authLoading: state.authLoading,
+        authError: state.authError,
+        supabase,
+        signIn: callbacks.signIn,
+        signUp: callbacks.signUp,
+        signOut: callbacks.signOut,
+        resetPassword: callbacks.resetPassword,
+        updatePassword: callbacks.updatePassword,
+        refreshSession: callbacks.refreshSession,
+        selectedOrganisation: state.selectedOrganisation,
+        selectedOrganisationId,
+        organisations: state.organisations,
+        userMemberships: state.userMemberships,
+        organisationLoading: state.orgLoading,
+        organisationError: state.organisationError,
+        hasValidOrganisationContext: state.hasValidOrganisationContext,
+        isContextReady: state.isContextReady,
+        switchOrganisation: callbacks.switchOrganisation,
+        getUserRole: callbacks.getUserRole,
+        validateOrganisationAccess: callbacks.validateOrganisationAccess,
+        refreshOrganisations: callbacks.refreshOrganisations,
+        ensureOrganisationContext: callbacks.ensureOrganisationContext,
+        isOrganisationSecure: callbacks.isOrganisationSecure,
+        getPrimaryOrganisation: callbacks.getPrimaryOrganisation,
+        events: state.events,
+        selectedEvent: state.selectedEvent,
+        selectedEventId: state.selectedEvent?.event_id ?? null,
+        eventLoading: state.eventLoading,
+        eventError: state.eventError,
+        setSelectedEvent: callbacks.setSelectedEvent,
+        refreshEvents: callbacks.refreshEvents,
+        showInactivityWarning: state.inactivityState.showInactivityWarning,
+        inactivityTimeRemaining: state.inactivityState.inactivityTimeRemaining,
+        isIdle: state.inactivityState.isIdle,
+        timeRemaining: state.inactivityState.timeRemaining,
+        showWarning: state.inactivityState.showWarning,
+        isTracking: state.inactivityState.isTracking,
+        resetActivity: callbacks.resetActivity,
+        startTracking: callbacks.startTracking,
+        stopTracking: callbacks.stopTracking,
+        handleIdleLogout: callbacks.handleIdleLogout,
+        handleStaySignedIn: callbacks.handleStaySignedIn,
+        handleSignOutNow: callbacks.handleSignOutNow,
+        appName,
+        appId,
+        isLoading: state.totalLoading,
+        hasErrors: state.hasErrors,
+        sessionRestoration: state.sessionRestoration,
+        sessionRestorationTimedOut: state.sessionRestorationTimedOut,
+        sessionRestorationTimeoutMs: state.sessionRestorationTimeoutMs
+      };
+    },
+    [state, callbacks, appId, appName, supabase]
+  );
+}
+function useUnifiedAuthStateAndCallbacks(authService, organisationService, eventService, inactivityService, sessionRestoration, sessionRestorationTimedOut, sessionRestorationTimeoutMs, appName, userOverride, sessionOverride) {
+  const currentUser = userOverride !== void 0 ? userOverride : authService.getUser();
+  const currentSession = sessionOverride !== void 0 ? sessionOverride : authService.getSession();
+  const isAuth = !!(currentUser && currentSession);
+  const authLoading = authService.isLoading();
+  const orgLoading = organisationService.isLoading();
+  const eventLoading = eventService.isLoading();
+  const restorationLoading = sessionRestoration.isRestoring && !sessionRestorationTimedOut && !sessionRestoration.restorationError;
+  const shouldIncludeOrgLoading = appName !== "ADMIN" && appName !== "PORTAL";
+  const totalLoading = restorationLoading || authLoading || (shouldIncludeOrgLoading ? orgLoading : false) || eventLoading;
+  const authError = authService.getError();
+  const selectedOrganisation = organisationService.getSelectedOrganisation();
+  const organisationError = organisationService.getError();
+  const hasValidOrganisationContext = organisationService.hasValidOrganisationContext();
+  const isContextReady = organisationService.isContextReady();
+  const rawEvents = eventService.getEvents();
+  const rawOrganisations = organisationService.getOrganisations();
+  const rawUserMemberships = organisationService.getUserMemberships();
+  const events = useMemo(() => rawEvents, [rawEvents]);
+  const organisations = useMemo(() => rawOrganisations, [rawOrganisations]);
+  const userMemberships = useMemo(() => rawUserMemberships, [rawUserMemberships]);
+  const selectedEvent = eventService.getSelectedEvent();
+  const eventError = eventService.getError();
+  const showInactivityWarning = inactivityService.getShowInactivityWarning();
+  const inactivityTimeRemaining = inactivityService.getInactivityTimeRemaining();
+  const isIdle = inactivityService.isIdle();
+  const timeRemaining = inactivityService.getTimeRemaining();
+  const showWarning = inactivityService.isWarningShown();
+  const isTracking = inactivityService.isTracking();
+  const inactivityState = useMemo(() => ({
+    showInactivityWarning,
+    inactivityTimeRemaining,
+    isIdle,
+    timeRemaining,
+    showWarning,
+    isTracking
+  }), [showInactivityWarning, inactivityTimeRemaining, isIdle, timeRemaining, showWarning, isTracking]);
+  const hasErrors = !!(authError || organisationError || eventError || sessionRestoration.restorationError);
+  const signIn = useCallback((email, password) => authService.signIn(email, password), [authService]);
+  const signUp = useCallback((email, password) => authService.signUp(email, password), [authService]);
+  const signOut = useCallback(() => authService.signOut(), [authService]);
+  const resetPassword = useCallback((email) => authService.resetPassword(email), [authService]);
+  const updatePassword = useCallback((password) => authService.updatePassword(password), [authService]);
+  const refreshSession = useCallback(() => authService.refreshSession(), [authService]);
+  const switchOrganisation = useCallback((orgId) => organisationService.switchOrganisation(orgId), [organisationService]);
+  const getUserRole = useCallback((orgId) => organisationService.getUserRole(orgId), [organisationService]);
+  const validateOrganisationAccess = useCallback((orgId) => organisationService.validateOrganisationAccess(orgId), [organisationService]);
+  const refreshOrganisations = useCallback(() => organisationService.refreshOrganisations(), [organisationService]);
+  const ensureOrganisationContext = useCallback(() => organisationService.ensureOrganisationContext(), [organisationService]);
+  const isOrganisationSecure = useCallback(() => organisationService.isOrganisationSecure(), [organisationService]);
+  const getPrimaryOrganisation = useCallback(() => organisationService.getPrimaryOrganisation(), [organisationService]);
+  const setSelectedEvent = useCallback((event) => eventService.setSelectedEvent(event), [eventService]);
+  const refreshEvents = useCallback(() => eventService.refreshEvents(), [eventService]);
+  const resetActivity = useCallback(() => inactivityService.resetActivity(), [inactivityService]);
+  const startTracking = useCallback(() => inactivityService.startTracking(), [inactivityService]);
+  const stopTracking = useCallback(() => inactivityService.stopTracking(), [inactivityService]);
+  const handleIdleLogout = useCallback(() => inactivityService.handleIdleLogout(), [inactivityService]);
+  const handleStaySignedIn = useCallback(() => inactivityService.handleStaySignedIn(), [inactivityService]);
+  const handleSignOutNow = useCallback(() => inactivityService.handleSignOutNow(), [inactivityService]);
+  const state = useMemo(() => ({
+    currentUser,
+    currentSession,
+    isAuth,
+    authLoading,
+    authError,
+    selectedOrganisation,
+    organisations,
+    userMemberships,
+    orgLoading,
+    organisationError,
+    hasValidOrganisationContext,
+    isContextReady,
+    events,
+    selectedEvent,
+    eventLoading,
+    eventError,
+    inactivityState,
+    totalLoading,
+    hasErrors,
+    sessionRestoration,
+    sessionRestorationTimedOut,
+    sessionRestorationTimeoutMs
+  }), [
+    currentUser,
+    currentSession,
+    isAuth,
+    authLoading,
+    authError,
+    selectedOrganisation,
+    organisations,
+    userMemberships,
+    orgLoading,
+    organisationError,
+    hasValidOrganisationContext,
+    isContextReady,
+    events,
+    selectedEvent,
+    eventLoading,
+    eventError,
+    inactivityState,
+    totalLoading,
+    hasErrors,
+    sessionRestoration,
+    sessionRestorationTimedOut,
+    sessionRestorationTimeoutMs
+  ]);
+  const callbacks = useMemo(() => ({
+    signIn,
+    signUp,
+    signOut,
+    resetPassword,
+    updatePassword,
+    refreshSession,
+    switchOrganisation,
+    getUserRole,
+    validateOrganisationAccess,
+    refreshOrganisations,
+    ensureOrganisationContext,
+    isOrganisationSecure,
+    getPrimaryOrganisation,
+    setSelectedEvent,
+    refreshEvents,
+    resetActivity,
+    startTracking,
+    stopTracking,
+    handleIdleLogout,
+    handleStaySignedIn,
+    handleSignOutNow
+  }), [
+    signIn,
+    signUp,
+    signOut,
+    resetPassword,
+    updatePassword,
+    refreshSession,
+    switchOrganisation,
+    getUserRole,
+    validateOrganisationAccess,
+    refreshOrganisations,
+    ensureOrganisationContext,
+    isOrganisationSecure,
+    getPrimaryOrganisation,
+    setSelectedEvent,
+    refreshEvents,
+    resetActivity,
+    startTracking,
+    stopTracking,
+    handleIdleLogout,
+    handleStaySignedIn,
+    handleSignOutNow
+  ]);
+  return { state, callbacks };
+}
+function UnifiedAuthContextProvider({
+  children,
+  appName,
+  supabaseClient: supabaseClientProp,
+  user: userFromParent,
+  session: sessionFromParent
+}) {
+  const authService = useAuthService();
+  const organisationService = useOrganisationService();
+  const inactivityService = useInactivityService();
+  const eventService = useEventService();
+  const sessionRestorationState = useSessionRestoration();
+  const sessionRestoration = useMemo(() => ({
+    isRestoring: sessionRestorationState.isRestoring,
+    restorationComplete: sessionRestorationState.restorationComplete,
+    restorationError: sessionRestorationState.restorationError
+  }), [sessionRestorationState.isRestoring, sessionRestorationState.restorationComplete, sessionRestorationState.restorationError]);
+  const { hasTimedOut: sessionRestorationTimedOut, timeoutMs: sessionRestorationTimeoutMs } = sessionRestorationState;
+  const currentUser = userFromParent !== void 0 ? userFromParent : authService.getUser();
+  const currentSession = sessionFromParent !== void 0 ? sessionFromParent : authService.getSession();
+  const isAuth = !!(currentUser && currentSession);
+  const supabase = useMemo(() => supabaseClientProp, [supabaseClientProp]);
+  const appId = useAppIdResolution(supabase, appName, isAuth, currentUser?.id);
+  useUnifiedAuthSubscriptions(authService, organisationService, eventService, inactivityService);
+  const { state, callbacks } = useUnifiedAuthStateAndCallbacks(
+    authService,
+    organisationService,
+    eventService,
+    inactivityService,
+    sessionRestoration,
+    sessionRestorationTimedOut,
+    sessionRestorationTimeoutMs,
+    appName,
+    currentUser,
+    currentSession
+  );
+  const contextValue = useUnifiedAuthContextValue(state, callbacks, appId, appName, supabase);
+  useEffect(() => {
+    if (appName) setPrintAppName(appName);
+  }, [appName]);
+  return /* @__PURE__ */ jsx(UnifiedAuthContext.Provider, { value: contextValue, children });
+}
+function EventServiceProviderWrapper({
+  children,
+  supabaseClient,
+  user,
+  session,
+  appName
+}) {
+  const { selectedOrganisation } = useOrganisations();
+  const setSelectedEventId = useCallback(() => {
+  }, []);
+  useEffect(() => {
+  }, [user?.id, session?.access_token, selectedOrganisation?.id]);
+  return /* @__PURE__ */ jsx(
+    EventServiceProvider,
+    {
+      supabaseClient,
+      user,
+      session,
+      appName,
+      selectedOrganisation,
+      setSelectedEventId,
+      children
+    }
+  );
+}
+function ServiceAwareProviders({
+  children,
+  supabaseClient,
+  appName,
+  persistState,
+  enablePersistence,
+  requireOrganisationContext,
+  idleTimeoutMs,
+  warnBeforeMs,
+  onIdleLogout,
+  renderInactivityWarning,
+  dangerouslyDisableInactivity
+}) {
+  const authService = useAuthService();
+  const [userState, setUserState] = useState(() => authService.getUser());
+  const [sessionState, setSessionState] = useState(() => authService.getSession());
+  useEffect(() => {
+    const unsubscribe = authService.subscribe(() => {
+      const newUser = authService.getUser();
+      const newSession = authService.getSession();
+      flushSync(() => {
+        setUserState(newUser);
+        setSessionState(newSession);
+      });
+    });
+    return unsubscribe;
+  }, [authService]);
+  const user = userState;
+  const session = sessionState;
+  return /* @__PURE__ */ jsx(
+    OrganisationServiceProvider,
+    {
+      supabaseClient,
+      user,
+      session,
+      children: /* @__PURE__ */ jsx(
+        EventServiceProviderWrapper,
+        {
+          supabaseClient,
+          user,
+          session,
+          appName,
+          children: /* @__PURE__ */ jsx(
+            InactivityServiceProvider,
+            {
+              supabaseClient,
+              user,
+              session,
+              idleTimeoutMs,
+              warnBeforeMs,
+              onIdleLogout,
+              children: /* @__PURE__ */ jsx(
+                UnifiedAuthContextProvider,
+                {
+                  appName,
+                  supabaseClient,
+                  user,
+                  session,
+                  persistState,
+                  enablePersistence,
+                  requireOrganisationContext,
+                  idleTimeoutMs,
+                  warnBeforeMs,
+                  onIdleLogout,
+                  renderInactivityWarning,
+                  dangerouslyDisableInactivity,
+                  children
+                }
+              )
+            }
+          )
+        }
+      )
+    }
+  );
+}
+function UnifiedAuthProvider({
+  children,
+  supabaseClient,
+  appName,
+  persistState = true,
+  enablePersistence,
+  requireOrganisationContext = true,
+  idleTimeoutMs,
+  // REQUIRED: No default - must be explicitly provided
+  warnBeforeMs,
+  // REQUIRED: No default - must be explicitly provided
+  onIdleLogout,
+  // REQUIRED: No default - must be explicitly provided
+  renderInactivityWarning,
+  dangerouslyDisableInactivity = false
+}) {
+  const clientRef = useRef(supabaseClient);
+  useEffect(() => {
+    if (clientRef.current !== supabaseClient) {
+      logger.warn("UnifiedAuthProvider", "Supabase client reference changed - this may indicate multiple client instances are being created", {
+        previousClient: clientRef.current,
+        newClient: supabaseClient,
+        note: 'Ensure you create the Supabase client once and reuse it. Creating multiple clients can cause performance issues and the "Multiple GoTrueClient instances" warning.'
+      });
+      clientRef.current = supabaseClient;
+    }
+  }, [supabaseClient]);
+  if (supabaseClient && !isRBACInitialized()) {
+    try {
+      setupRBAC(supabaseClient);
+      logger.debug("UnifiedAuthProvider", "RBAC initialized synchronously");
+    } catch (err2) {
+      logger.error("UnifiedAuthProvider", "Failed to initialize RBAC", err2);
+    }
+  }
+  return /* @__PURE__ */ jsx(AuthServiceProvider, { supabaseClient, appName, children: /* @__PURE__ */ jsx(
+    ServiceAwareProviders,
+    {
+      supabaseClient,
+      appName,
+      persistState,
+      enablePersistence,
+      requireOrganisationContext,
+      idleTimeoutMs,
+      warnBeforeMs,
+      onIdleLogout,
+      renderInactivityWarning,
+      dangerouslyDisableInactivity,
+      children
+    }
+  ) });
+}
+
+export { AuthServiceProvider, EventServiceContext, EventServiceProvider, InactivityServiceContext, InactivityServiceProvider, OrganisationServiceContext, OrganisationServiceProvider, UnifiedAuthContext, UnifiedAuthProvider, useAuthService, useEventService, useInactivityService, useOrganisationService, useOrganisations, useSessionRestoration, useUnifiedAuth };