npm - @jmruthers/pace-core - Versions diffs - 0.6.2 → 0.6.4 - Mend

@jmruthers/pace-core 0.6.2 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (299) hide show

package/CHANGELOG.md +45 -0
package/cursor-rules/00-pace-core-compliance.mdc +34 -2
package/dist/{AuthService-BPvc3Ka0.d.ts → AuthService-Cb34EQs3.d.ts} +9 -1
package/dist/{DataTable-TPTKCX4D.js → DataTable-E7YQZD7D.js} +9 -8
package/dist/{PublicPageProvider-DC6kCaqf.d.ts → PublicPageProvider-DEMpysFR.d.ts} +45 -67
package/dist/{UnifiedAuthProvider-CVcTjx-d.d.ts → UnifiedAuthProvider-CKvHP1MK.d.ts} +1 -8
package/dist/{UnifiedAuthProvider-CH6Z342H.js → UnifiedAuthProvider-QPXO24B4.js} +5 -4
package/dist/{api-MVVQZLJI.js → api-6LVZTHDS.js} +10 -10
package/dist/{audit-B5P6FFIR.js → audit-V53FV5AG.js} +2 -2
package/dist/chunk-36LVWXB2.js +227 -0
package/dist/chunk-36LVWXB2.js.map +1 -0
package/dist/{chunk-24UVZUZG.js → chunk-3LPHPB62.js} +129 -387
package/dist/chunk-3LPHPB62.js.map +1 -0
package/dist/{chunk-2UOI2FG5.js → chunk-5EC5MEWX.js} +4 -4
package/dist/{chunk-3XC4CPTD.js → chunk-7JPAB3T5.js} +244 -5727
package/dist/chunk-7JPAB3T5.js.map +1 -0
package/dist/{chunk-6J4GEEJR.js → chunk-ATKZM7RX.js} +53 -27
package/dist/chunk-ATKZM7RX.js.map +1 -0
package/dist/{chunk-EHMR7VYL.js → chunk-AVMLPIM7.js} +443 -189
package/dist/chunk-AVMLPIM7.js.map +1 -0
package/dist/chunk-DGUM43GV.js +11 -0
package/dist/{chunk-NECFR5MM.js → chunk-I6DAQMWX.js} +575 -647
package/dist/chunk-I6DAQMWX.js.map +1 -0
package/dist/{chunk-F2IMUDXZ.js → chunk-M7MPQISP.js} +2 -2
package/dist/{chunk-XWQCNGTQ.js → chunk-NN6WWZ5U.js} +173 -79
package/dist/chunk-NN6WWZ5U.js.map +1 -0
package/dist/{chunk-MMZ7JXPU.js → chunk-OEWDTMG7.js} +13 -21
package/dist/{chunk-MMZ7JXPU.js.map → chunk-OEWDTMG7.js.map} +1 -1
package/dist/{chunk-SFZUDBL5.js → chunk-YKRAFF5K.js} +70 -56
package/dist/chunk-YKRAFF5K.js.map +1 -0
package/dist/components.d.ts +2 -2
package/dist/components.js +12 -13
package/dist/contextValidator-OOPCLPZW.js +9 -0
package/dist/contextValidator-OOPCLPZW.js.map +1 -0
package/dist/eslint-rules/pace-core-compliance.cjs +106 -0
package/dist/hooks.d.ts +2 -2
package/dist/hooks.js +7 -6
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +7 -7
package/dist/index.js +21 -16
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +3 -3
package/dist/providers.js +4 -3
package/dist/rbac/index.d.ts +67 -27
package/dist/rbac/index.js +15 -8
package/dist/styles/index.js +1 -1
package/dist/theming/runtime.js +1 -1
package/dist/types.js +1 -1
package/dist/{usePublicRouteParams-1oMokgLF.d.ts → usePublicRouteParams-i3qtoBgg.d.ts} +7 -16
package/dist/utils.js +5 -7
package/dist/utils.js.map +1 -1
package/docs/api/README.md +14 -16
package/docs/api/modules.md +3796 -2513
package/docs/components/context-selector.md +126 -0
package/docs/migration/RBAC_SCOPE_MIGRATION.md +385 -0
package/docs/pace-mint-fix-auto-selection.md +218 -0
package/docs/pace-mint-rbac-setup.md +391 -0
package/docs/rbac/secure-client-protection.md +330 -0
package/package.json +10 -5
package/scripts/audit/core/checks/compliance.cjs +72 -0
package/scripts/audit/core/checks/dependencies.cjs +568 -28
package/scripts/audit/core/checks/documentation.cjs +68 -3
package/scripts/audit/core/checks/environment.cjs +2 -14
package/scripts/audit/core/checks/error-handling.cjs +47 -6
package/src/components/ContextSelector/ContextSelector.tsx +384 -0
package/src/components/ContextSelector/index.ts +3 -0
package/src/components/DataTable/components/RowComponent.tsx +19 -19
package/src/components/DataTable/components/UnifiedTableBody.tsx +2 -2
package/src/components/DataTable/hooks/useDataTablePermissions.ts +8 -6
package/src/components/Dialog/Dialog.tsx +29 -1
package/src/components/FileDisplay/FileDisplay.tsx +42 -10
package/src/components/Header/Header.test.tsx +43 -73
package/src/components/Header/Header.tsx +44 -45
package/src/components/PaceAppLayout/PaceAppLayout.integration.test.tsx +10 -19
package/src/components/PaceAppLayout/PaceAppLayout.performance.test.tsx +2 -2
package/src/components/PaceAppLayout/PaceAppLayout.security.test.tsx +5 -5
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +9 -9
package/src/components/PaceAppLayout/PaceAppLayout.tsx +157 -36
package/src/components/PaceAppLayout/README.md +14 -17
package/src/components/PaceAppLayout/test-setup.tsx +2 -2
package/src/components/index.ts +5 -5
package/src/eslint-rules/pace-core-compliance.cjs +106 -0
package/src/hooks/__tests__/useAppConfig.unit.test.ts +4 -98
package/src/hooks/useAppConfig.ts +15 -30
package/src/hooks/useFileDisplay.ts +77 -50
package/src/index.ts +4 -5
package/src/providers/services/AuthServiceProvider.tsx +17 -7
package/src/providers/services/EventServiceProvider.tsx +33 -5
package/src/providers/services/UnifiedAuthProvider.tsx +90 -134
package/src/rbac/__tests__/adapters.comprehensive.test.tsx +1 -1
package/src/rbac/adapters.tsx +2 -2
package/src/rbac/api.test.ts +59 -51
package/src/rbac/api.ts +178 -132
package/src/rbac/components/PagePermissionGuard.tsx +38 -10
package/src/rbac/hooks/__tests__/useSecureSupabase.test.ts +32 -21
package/src/rbac/hooks/permissions/useAccessLevel.ts +1 -1
package/src/rbac/hooks/permissions/useCan.ts +41 -11
package/src/rbac/hooks/permissions/useHasAllPermissions.ts +1 -1
package/src/rbac/hooks/permissions/useHasAnyPermission.ts +1 -1
package/src/rbac/hooks/permissions/useMultiplePermissions.ts +1 -1
package/src/rbac/hooks/useCan.test.ts +0 -9
package/src/rbac/hooks/useRBAC.test.ts +1 -5
package/src/rbac/hooks/useRBAC.ts +36 -37
package/src/rbac/hooks/useResolvedScope.test.ts +120 -35
package/src/rbac/hooks/useResolvedScope.ts +35 -40
package/src/rbac/hooks/useSecureSupabase.ts +7 -7
package/src/rbac/index.ts +7 -0
package/src/rbac/secureClient.test.ts +22 -18
package/src/rbac/secureClient.ts +103 -16
package/src/rbac/security.ts +0 -17
package/src/rbac/types.ts +1 -0
package/src/rbac/utils/__tests__/contextValidator.test.ts +64 -86
package/src/rbac/utils/clientSecurity.ts +93 -0
package/src/rbac/utils/contextValidator.ts +77 -168
package/src/services/AuthService.ts +39 -7
package/src/services/EventService.ts +285 -56
package/src/services/OrganisationService.ts +81 -14
package/src/services/__tests__/EventService.test.ts +1 -2
package/src/services/base/BaseService.ts +3 -0
package/src/utils/dynamic/dynamicUtils.ts +7 -4
package/dist/chunk-24UVZUZG.js.map +0 -1
package/dist/chunk-3XC4CPTD.js.map +0 -1
package/dist/chunk-6J4GEEJR.js.map +0 -1
package/dist/chunk-7D4SUZUM.js +0 -38
package/dist/chunk-EHMR7VYL.js.map +0 -1
package/dist/chunk-NECFR5MM.js.map +0 -1
package/dist/chunk-SFZUDBL5.js.map +0 -1
package/dist/chunk-XWQCNGTQ.js.map +0 -1
package/docs/api/classes/ColumnFactory.md +0 -243
package/docs/api/classes/InvalidScopeError.md +0 -73
package/docs/api/classes/Logger.md +0 -178
package/docs/api/classes/MissingUserContextError.md +0 -66
package/docs/api/classes/OrganisationContextRequiredError.md +0 -66
package/docs/api/classes/PermissionDeniedError.md +0 -73
package/docs/api/classes/RBACAuditManager.md +0 -297
package/docs/api/classes/RBACCache.md +0 -322
package/docs/api/classes/RBACEngine.md +0 -171
package/docs/api/classes/RBACError.md +0 -76
package/docs/api/classes/RBACNotInitializedError.md +0 -66
package/docs/api/classes/SecureSupabaseClient.md +0 -163
package/docs/api/classes/StorageUtils.md +0 -328
package/docs/api/enums/FileCategory.md +0 -184
package/docs/api/enums/LogLevel.md +0 -54
package/docs/api/enums/RBACErrorCode.md +0 -228
package/docs/api/enums/RPCFunction.md +0 -118
package/docs/api/interfaces/AddressFieldProps.md +0 -241
package/docs/api/interfaces/AddressFieldRef.md +0 -94
package/docs/api/interfaces/AggregateConfig.md +0 -43
package/docs/api/interfaces/AutocompleteOptions.md +0 -75
package/docs/api/interfaces/AvatarProps.md +0 -128
package/docs/api/interfaces/BadgeProps.md +0 -34
package/docs/api/interfaces/ButtonProps.md +0 -56
package/docs/api/interfaces/CalendarProps.md +0 -73
package/docs/api/interfaces/CardProps.md +0 -69
package/docs/api/interfaces/ColorPalette.md +0 -7
package/docs/api/interfaces/ColorShade.md +0 -66
package/docs/api/interfaces/ComplianceResult.md +0 -30
package/docs/api/interfaces/DataAccessRecord.md +0 -96
package/docs/api/interfaces/DataRecord.md +0 -11
package/docs/api/interfaces/DataTableAction.md +0 -252
package/docs/api/interfaces/DataTableColumn.md +0 -504
package/docs/api/interfaces/DataTableProps.md +0 -625
package/docs/api/interfaces/DataTableToolbarButton.md +0 -96
package/docs/api/interfaces/DatabaseComplianceResult.md +0 -85
package/docs/api/interfaces/DatabaseIssue.md +0 -41
package/docs/api/interfaces/EmptyStateConfig.md +0 -61
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +0 -235
package/docs/api/interfaces/ErrorBoundaryProps.md +0 -147
package/docs/api/interfaces/ErrorBoundaryProviderProps.md +0 -36
package/docs/api/interfaces/ErrorBoundaryState.md +0 -75
package/docs/api/interfaces/EventAppRoleData.md +0 -71
package/docs/api/interfaces/ExportColumn.md +0 -90
package/docs/api/interfaces/ExportOptions.md +0 -126
package/docs/api/interfaces/FileDisplayProps.md +0 -249
package/docs/api/interfaces/FileMetadata.md +0 -129
package/docs/api/interfaces/FileReference.md +0 -118
package/docs/api/interfaces/FileSizeLimits.md +0 -7
package/docs/api/interfaces/FileUploadOptions.md +0 -139
package/docs/api/interfaces/FileUploadProps.md +0 -296
package/docs/api/interfaces/FooterProps.md +0 -107
package/docs/api/interfaces/FormFieldProps.md +0 -166
package/docs/api/interfaces/FormProps.md +0 -113
package/docs/api/interfaces/GrantEventAppRoleParams.md +0 -122
package/docs/api/interfaces/InactivityWarningModalProps.md +0 -115
package/docs/api/interfaces/InputProps.md +0 -56
package/docs/api/interfaces/LabelProps.md +0 -107
package/docs/api/interfaces/LoggerConfig.md +0 -62
package/docs/api/interfaces/LoginFormProps.md +0 -187
package/docs/api/interfaces/NavigationAccessRecord.md +0 -107
package/docs/api/interfaces/NavigationContextType.md +0 -164
package/docs/api/interfaces/NavigationGuardProps.md +0 -139
package/docs/api/interfaces/NavigationItem.md +0 -120
package/docs/api/interfaces/NavigationMenuProps.md +0 -221
package/docs/api/interfaces/NavigationProviderProps.md +0 -117
package/docs/api/interfaces/Organisation.md +0 -140
package/docs/api/interfaces/OrganisationContextType.md +0 -388
package/docs/api/interfaces/OrganisationMembership.md +0 -140
package/docs/api/interfaces/OrganisationProviderProps.md +0 -76
package/docs/api/interfaces/OrganisationSecurityError.md +0 -62
package/docs/api/interfaces/PaceAppLayoutProps.md +0 -409
package/docs/api/interfaces/PaceLoginPageProps.md +0 -49
package/docs/api/interfaces/PageAccessRecord.md +0 -85
package/docs/api/interfaces/PagePermissionContextType.md +0 -140
package/docs/api/interfaces/PagePermissionGuardProps.md +0 -153
package/docs/api/interfaces/PagePermissionProviderProps.md +0 -119
package/docs/api/interfaces/PaletteData.md +0 -41
package/docs/api/interfaces/ParsedAddress.md +0 -120
package/docs/api/interfaces/PermissionEnforcerProps.md +0 -153
package/docs/api/interfaces/ProgressProps.md +0 -42
package/docs/api/interfaces/ProtectedRouteProps.md +0 -78
package/docs/api/interfaces/PublicPageFooterProps.md +0 -112
package/docs/api/interfaces/PublicPageHeaderProps.md +0 -125
package/docs/api/interfaces/PublicPageLayoutProps.md +0 -185
package/docs/api/interfaces/QuickFix.md +0 -52
package/docs/api/interfaces/RBACAccessValidateParams.md +0 -52
package/docs/api/interfaces/RBACAccessValidateResult.md +0 -41
package/docs/api/interfaces/RBACAuditLogParams.md +0 -85
package/docs/api/interfaces/RBACAuditLogResult.md +0 -52
package/docs/api/interfaces/RBACConfig.md +0 -133
package/docs/api/interfaces/RBACContext.md +0 -52
package/docs/api/interfaces/RBACLogger.md +0 -112
package/docs/api/interfaces/RBACPageAccessCheckParams.md +0 -74
package/docs/api/interfaces/RBACPerformanceMetrics.md +0 -138
package/docs/api/interfaces/RBACPermissionCheckParams.md +0 -74
package/docs/api/interfaces/RBACPermissionCheckResult.md +0 -52
package/docs/api/interfaces/RBACPermissionsGetParams.md +0 -63
package/docs/api/interfaces/RBACPermissionsGetResult.md +0 -63
package/docs/api/interfaces/RBACResult.md +0 -58
package/docs/api/interfaces/RBACRoleGrantParams.md +0 -63
package/docs/api/interfaces/RBACRoleGrantResult.md +0 -52
package/docs/api/interfaces/RBACRoleRevokeParams.md +0 -63
package/docs/api/interfaces/RBACRoleRevokeResult.md +0 -52
package/docs/api/interfaces/RBACRoleValidateParams.md +0 -52
package/docs/api/interfaces/RBACRoleValidateResult.md +0 -63
package/docs/api/interfaces/RBACRolesListParams.md +0 -52
package/docs/api/interfaces/RBACRolesListResult.md +0 -74
package/docs/api/interfaces/RBACSessionTrackParams.md +0 -74
package/docs/api/interfaces/RBACSessionTrackResult.md +0 -52
package/docs/api/interfaces/ResourcePermissions.md +0 -155
package/docs/api/interfaces/RevokeEventAppRoleParams.md +0 -100
package/docs/api/interfaces/RoleBasedRouterContextType.md +0 -151
package/docs/api/interfaces/RoleBasedRouterProps.md +0 -156
package/docs/api/interfaces/RoleManagementResult.md +0 -52
package/docs/api/interfaces/RouteAccessRecord.md +0 -107
package/docs/api/interfaces/RouteConfig.md +0 -134
package/docs/api/interfaces/RuntimeComplianceResult.md +0 -55
package/docs/api/interfaces/SecureDataContextType.md +0 -168
package/docs/api/interfaces/SecureDataProviderProps.md +0 -132
package/docs/api/interfaces/SessionRestorationLoaderProps.md +0 -34
package/docs/api/interfaces/SetupIssue.md +0 -41
package/docs/api/interfaces/StorageConfig.md +0 -41
package/docs/api/interfaces/StorageFileInfo.md +0 -74
package/docs/api/interfaces/StorageFileMetadata.md +0 -151
package/docs/api/interfaces/StorageListOptions.md +0 -99
package/docs/api/interfaces/StorageListResult.md +0 -41
package/docs/api/interfaces/StorageUploadOptions.md +0 -101
package/docs/api/interfaces/StorageUploadResult.md +0 -63
package/docs/api/interfaces/StorageUrlOptions.md +0 -60
package/docs/api/interfaces/StyleImport.md +0 -19
package/docs/api/interfaces/SwitchProps.md +0 -34
package/docs/api/interfaces/TabsContentProps.md +0 -9
package/docs/api/interfaces/TabsListProps.md +0 -9
package/docs/api/interfaces/TabsProps.md +0 -9
package/docs/api/interfaces/TabsTriggerProps.md +0 -50
package/docs/api/interfaces/TextareaProps.md +0 -53
package/docs/api/interfaces/ToastActionElement.md +0 -12
package/docs/api/interfaces/ToastProps.md +0 -9
package/docs/api/interfaces/UnifiedAuthContextType.md +0 -823
package/docs/api/interfaces/UnifiedAuthProviderProps.md +0 -173
package/docs/api/interfaces/UseFormDialogOptions.md +0 -62
package/docs/api/interfaces/UseFormDialogReturn.md +0 -117
package/docs/api/interfaces/UseInactivityTrackerOptions.md +0 -138
package/docs/api/interfaces/UseInactivityTrackerReturn.md +0 -123
package/docs/api/interfaces/UsePublicEventLogoOptions.md +0 -87
package/docs/api/interfaces/UsePublicEventLogoReturn.md +0 -84
package/docs/api/interfaces/UsePublicEventOptions.md +0 -34
package/docs/api/interfaces/UsePublicEventReturn.md +0 -71
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +0 -47
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +0 -123
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +0 -97
package/docs/api/interfaces/UseResolvedScopeOptions.md +0 -47
package/docs/api/interfaces/UseResolvedScopeReturn.md +0 -47
package/docs/api/interfaces/UseResourcePermissionsOptions.md +0 -34
package/docs/api/interfaces/UserEventAccess.md +0 -121
package/docs/api/interfaces/UserMenuProps.md +0 -88
package/docs/api/interfaces/UserProfile.md +0 -63
package/src/components/EventSelector/EventSelector.test.tsx +0 -720
package/src/components/EventSelector/EventSelector.tsx +0 -423
package/src/components/EventSelector/index.ts +0 -3
package/src/components/OrganisationSelector/OrganisationSelector.test.tsx +0 -784
package/src/components/OrganisationSelector/OrganisationSelector.tsx +0 -327
package/src/components/OrganisationSelector/index.ts +0 -9
/package/dist/{DataTable-TPTKCX4D.js.map → DataTable-E7YQZD7D.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-CH6Z342H.js.map → UnifiedAuthProvider-QPXO24B4.js.map} +0 -0
/package/dist/{api-MVVQZLJI.js.map → api-6LVZTHDS.js.map} +0 -0
/package/dist/{audit-B5P6FFIR.js.map → audit-V53FV5AG.js.map} +0 -0
/package/dist/{chunk-2UOI2FG5.js.map → chunk-5EC5MEWX.js.map} +0 -0
/package/dist/{chunk-7D4SUZUM.js.map → chunk-DGUM43GV.js.map} +0 -0
/package/dist/{chunk-F2IMUDXZ.js.map → chunk-M7MPQISP.js.map} +0 -0

package/docs/pace-mint-fix-auto-selection.md ADDED Viewed

@@ -0,0 +1,218 @@
+# Fix for Auto-Selection Issue in pace-mint AppLayout
+## Problem
+When a user switches from an event to an organisation in the context selector, pace-mint's AppLayout component is auto-selecting the event again, even though the user explicitly cleared it. This causes the selector to show the event instead of the organisation.
+## Root Cause
+pace-mint's AppLayout has its own auto-selection logic that runs whenever:
+- Events are loaded/refreshed
+- `selectedEvent` becomes `null`
+- There's only one event available
+This logic doesn't distinguish between:
+- **Initial load** (should auto-select)
+- **User explicitly cleared event** (should NOT auto-select)
+## Solution
+Update pace-mint's AppLayout component to track when the user explicitly clears the event selection, and skip auto-selection in those cases.
+## Implementation Steps
+### Step 1: Track Previous Event Selection
+Add a ref to track the previous `selectedEvent` value to detect when the user explicitly clears it:
+```tsx
+import { useRef, useEffect } from 'react';
+import { useEvents } from '@jmruthers/pace-core';
+function AppLayout() {
+  const { events, selectedEvent, setSelectedEvent } = useEvents();
+  // Track previous selectedEvent to detect explicit clears
+  const previousSelectedEventRef = useRef<Event | null>(null);
+  const userExplicitlyClearedRef = useRef<boolean>(false);
+  // Detect when user explicitly clears event (was set, now null)
+  useEffect(() => {
+    const wasSet = previousSelectedEventRef.current !== null;
+    const isNowNull = selectedEvent === null;
+    if (wasSet && isNowNull) {
+      // User explicitly cleared the event
+      userExplicitlyClearedRef.current = true;
+    } else if (selectedEvent !== null) {
+      // Event is selected, reset the flag
+      userExplicitlyClearedRef.current = false;
+    }
+    previousSelectedEventRef.current = selectedEvent;
+  }, [selectedEvent]);
+  // ... rest of component
+}
+```
+### Step 2: Update Auto-Selection Logic
+Modify your auto-selection logic to check the flag before auto-selecting:
+```tsx
+// OLD CODE (problematic):
+useEffect(() => {
+  if (!selectedEvent && events.length === 1 && !isLoading) {
+    // Auto-select single event
+    setSelectedEvent(events[0]);
+  }
+}, [selectedEvent, events, isLoading, setSelectedEvent]);
+// NEW CODE (fixed):
+useEffect(() => {
+  // Only auto-select if:
+  // 1. No event is currently selected
+  // 2. There's exactly one event available
+  // 3. Events are not loading
+  // 4. User did NOT explicitly clear the event
+  if (
+    !selectedEvent &&
+    events.length === 1 &&
+    !isLoading &&
+    !userExplicitlyClearedRef.current
+  ) {
+    // Auto-select single event
+    setSelectedEvent(events[0]);
+  }
+}, [selectedEvent, events, isLoading, setSelectedEvent]);
+```
+### Step 3: Reset Flag on Initial Load (Optional)
+If you want to allow auto-selection on initial page load but prevent it after user actions, you can track whether this is the initial load:
+```tsx
+const isInitialLoadRef = useRef<boolean>(true);
+useEffect(() => {
+  // After first render, mark initial load as complete
+  if (isInitialLoadRef.current && events.length > 0) {
+    isInitialLoadRef.current = false;
+  }
+}, [events]);
+// Then in auto-selection logic:
+useEffect(() => {
+  if (
+    !selectedEvent &&
+    events.length === 1 &&
+    !isLoading &&
+    (!userExplicitlyClearedRef.current || isInitialLoadRef.current)
+  ) {
+    setSelectedEvent(events[0]);
+  }
+}, [selectedEvent, events, isLoading, setSelectedEvent]);
+```
+## Complete Example
+Here's a complete example of the fix:
+```tsx
+import { useRef, useEffect } from 'react';
+import { useEvents } from '@jmruthers/pace-core';
+import type { Event } from '@jmruthers/pace-core';
+function AppLayout() {
+  const { events, selectedEvent, setSelectedEvent, isLoading } = useEvents();
+  // Track previous selectedEvent to detect explicit clears
+  const previousSelectedEventRef = useRef<Event | null>(null);
+  const userExplicitlyClearedRef = useRef<boolean>(false);
+  const isInitialLoadRef = useRef<boolean>(true);
+  // Detect when user explicitly clears event
+  useEffect(() => {
+    const wasSet = previousSelectedEventRef.current !== null;
+    const isNowNull = selectedEvent === null;
+    if (wasSet && isNowNull) {
+      // User explicitly cleared the event (e.g., switched to organisation)
+      userExplicitlyClearedRef.current = true;
+      console.log('[AppLayout] User explicitly cleared event - preventing auto-selection');
+    } else if (selectedEvent !== null) {
+      // Event is selected, reset the flag
+      userExplicitlyClearedRef.current = false;
+    }
+    previousSelectedEventRef.current = selectedEvent;
+  }, [selectedEvent]);
+  // Mark initial load as complete after events are loaded
+  useEffect(() => {
+    if (isInitialLoadRef.current && events.length > 0 && !isLoading) {
+      isInitialLoadRef.current = false;
+    }
+  }, [events, isLoading]);
+  // Auto-select single event ONLY if:
+  // - No event is selected
+  // - Exactly one event available
+  // - Not loading
+  // - User didn't explicitly clear it (or it's initial load)
+  useEffect(() => {
+    const shouldAutoSelect =
+      !selectedEvent &&
+      events.length === 1 &&
+      !isLoading &&
+      (!userExplicitlyClearedRef.current || isInitialLoadRef.current);
+    if (shouldAutoSelect) {
+      console.log('[AppLayout] Auto-selecting single available event');
+      setSelectedEvent(events[0]);
+    } else if (!selectedEvent && events.length === 1 && userExplicitlyClearedRef.current) {
+      console.log('[AppLayout] Auto-select skipped - user explicitly cleared event');
+    }
+  }, [selectedEvent, events, isLoading, setSelectedEvent]);
+  // ... rest of your component
+}
+```
+## Testing
+After implementing the fix, test the following scenarios:
+1. **Initial Load**:
+   - ✅ Should auto-select if only one event is available
+2. **Switch Event to Organisation**:
+   - ✅ Should NOT auto-select event after switching to organisation
+   - ✅ Selector should show the organisation, not the event
+3. **Switch Organisation to Event**:
+   - ✅ Should select the event when user explicitly selects it
+   - ✅ Selector should show the event
+4. **Manual Event Selection**:
+   - ✅ Should select the event when user clicks on it
+   - ✅ Should not interfere with manual selections
+## Additional Notes
+- pace-core's EventService already has internal logic to prevent auto-selection when `userClearedEventRef` is set
+- This fix adds an additional layer of protection at the application level
+- The ref-based approach ensures the flag persists across re-renders
+- The initial load flag allows auto-selection on first page load while preventing it after user actions
+## Related pace-core Changes
+The following changes were made in pace-core to support this fix:
+1. **ContextSelector** - Now prioritizes event selection over organisation when both are selected
+2. **Header Component** - Clears event selection when switching to organisation
+3. **EventService** - Preserves `userClearedEventRef` flag when organisation changes
+These changes ensure that pace-core respects user intent, but consuming apps (like pace-mint) should also implement the above fix to prevent their own auto-selection logic from interfering.

package/docs/pace-mint-rbac-setup.md ADDED Viewed

@@ -0,0 +1,391 @@
+---
+lastUpdated: 2025-12-31T00:00:00+11:00
+version: 0.6.4
+reviewedBy: pace-mint-implementation-guide
+---
+# pace-mint RBAC Setup Guide
+This guide explains how to configure pace-mint to support both organisation-based and event-based pages using pace-core's RBAC system.
+## Overview
+pace-mint is a **hybrid app** that supports both:
+- **Organisation-based pages**: Financial management at the organisation level
+- **Event-based pages**: Budget and budget variables for specific events
+Users can have:
+- Organisation roles (org_admin, leader, member, etc.) for organisation-based pages
+- Event-app roles (planner, participant, etc.) for event-based pages
+- Both types of roles simultaneously
+## Architecture
+### Two-Stream Navigation
+pace-mint uses a **two-stream architecture**:
+1. **Landing/Dashboard Page**: User selects their mode
+   - "Organisation Financial Management" → Organisation stream
+   - "Event Financial Management" → Event stream
+2. **Each Stream**: Has its own navigation showing only relevant pages
+   - Organisation stream: Shows only organisation-scoped pages
+   - Event stream: Shows only event-scoped pages
+### Page Scoping
+Each page in pace-mint is marked with a `scope_type`:
+- `'event'`: Page requires event context (e.g., "budget", "budget-variables")
+- `'organisation'`: Page requires organisation context (e.g., "dashboard", "reports")
+- `'both'`: Page can be accessed in either context (rare, but possible)
+**Note**: All pages must have `scope_type` set explicitly. There is no inheritance from app-level configuration.
+## Database Setup
+### 1. Ensure pace-mint App Configuration
+```sql
+-- Verify pace-mint app exists and is configured correctly
+SELECT id, name, display_name, is_active
+FROM rbac_apps
+WHERE name = 'MINT';
+-- Note: App-level scope configuration (requires_event) has been removed.
+-- All scope is now configured at the page level via scope_type.
+```
+### 2. Create/Update Pages with scope_type
+For each page in pace-mint, set the `scope_type`:
+```sql
+-- Example: Budget page is event-based
+UPDATE rbac_app_pages
+SET scope_type = 'event'
+WHERE app_id = (SELECT id FROM rbac_apps WHERE name = 'MINT')
+  AND page_name = 'budget';
+-- Example: Dashboard page is organisation-based (or NULL to inherit)
+UPDATE rbac_app_pages
+SET scope_type = 'organisation'
+WHERE app_id = (SELECT id FROM rbac_apps WHERE name = 'MINT')
+  AND page_name = 'dashboard';
+-- Example: Budget variables page is event-based
+UPDATE rbac_app_pages
+SET scope_type = 'event'
+WHERE app_id = (SELECT id FROM rbac_apps WHERE name = 'MINT')
+  AND page_name = 'budget-variables';
+```
+**Important**:
+- All pages must have `scope_type` set explicitly (no NULL values allowed)
+- Set `scope_type` to match the page's context requirements
+- There is no inheritance - each page declares its own scope
+### 3. Configure Page Permissions
+Set up permissions for each page based on its scope:
+#### Event-Based Pages (e.g., "budget")
+```sql
+-- Get the page ID
+WITH mint_app AS (
+  SELECT id FROM rbac_apps WHERE name = 'MINT'
+),
+budget_page AS (
+  SELECT ap.id as page_id
+  FROM rbac_app_pages ap
+  JOIN mint_app ma ON ap.app_id = ma.id
+  WHERE ap.page_name = 'budget'
+)
+-- Insert permissions for event-based roles
+INSERT INTO rbac_page_permissions (app_page_id, operation, role_name, allowed, organisation_id)
+SELECT
+  bp.page_id,
+  op.operation,
+  role.role_name,
+  CASE
+    WHEN role.role_name = 'planner' THEN true
+    WHEN role.role_name = 'participant' AND op.operation = 'read' THEN true
+    ELSE false
+  END,
+  '00000000-0000-0000-0000-000000000000'::uuid -- ⚠️ REPLACE with actual organisation ID
+FROM budget_page bp
+CROSS JOIN (SELECT unnest(ARRAY['read', 'create', 'update', 'delete']) as operation) op
+CROSS JOIN (SELECT unnest(ARRAY['planner', 'participant', 'viewer']) as role_name) role;
+```
+#### Organisation-Based Pages (e.g., "dashboard")
+```sql
+-- Get the page ID
+WITH mint_app AS (
+  SELECT id FROM rbac_apps WHERE name = 'MINT'
+),
+dashboard_page AS (
+  SELECT ap.id as page_id
+  FROM rbac_app_pages ap
+  JOIN mint_app ma ON ap.app_id = ma.id
+  WHERE ap.page_name = 'dashboard'
+)
+-- Insert permissions for organisation-based roles
+INSERT INTO rbac_page_permissions (app_page_id, operation, role_name, allowed, organisation_id)
+SELECT
+  dp.page_id,
+  op.operation,
+  role.role_name,
+  CASE
+    WHEN role.role_name = 'org_admin' THEN true
+    WHEN role.role_name = 'leader' AND op.operation != 'delete' THEN true
+    WHEN role.role_name = 'member' AND op.operation = 'read' THEN true
+    ELSE false
+  END,
+  '00000000-0000-0000-0000-000000000000'::uuid -- ⚠️ REPLACE with actual organisation ID
+FROM dashboard_page dp
+CROSS JOIN (SELECT unnest(ARRAY['read', 'create', 'update', 'delete']) as operation) op
+CROSS JOIN (SELECT unnest(ARRAY['org_admin', 'leader', 'member', 'supporter']) as role_name) role;
+```
+## pace-core Components
+### 1. Context Selector Component
+pace-core provides a unified `ContextSelector` component that intelligently shows all organisations and events a user can access:
+```tsx
+import { ContextSelector } from '@jmruthers/pace-core';
+<ContextSelector
+  onOrganisationSelect={(org) => {
+    // Switch to organisation stream
+    setSelectedOrganisation(org);
+    setSelectedEvent(null);
+    navigate('/dashboard'); // Navigate to org-based dashboard
+  }}
+  onEventSelect={(event) => {
+    // Switch to event stream
+    setSelectedEvent(event);
+    setSelectedOrganisation(null);
+    navigate('/budget'); // Navigate to event-based budget page
+  }}
+/>
+```
+The `ContextSelector` automatically shows:
+- All organisations the user has access to (via organisation roles)
+- All events the user has access to (via event-app roles or organisation membership)
+- Everything for super admins
+### 2. Navigation Filtering
+pace-core's navigation automatically filters pages based on:
+- Current context (event selected vs organisation selected)
+- Page `scope_type`
+- User's permissions
+You don't need to manually filter - pace-core handles this automatically.
+### 3. Permission Checking
+pace-core automatically handles permission checking based on page scope:
+- **Event-based pages**: Checks event-app roles for the selected event
+- **Organisation-based pages**: Checks organisation roles for the selected organisation
+- **'both' pages**: Checks both scopes and returns the union (higher permissions win)
+## Implementation Steps
+### Step 1: Database Configuration
+1. Run the pace-core migration that adds `scope_type` to `rbac_app_pages`
+2. Update all pace-mint pages with appropriate `scope_type` values
+3. Configure page permissions for each scope type
+### Step 2: Landing Page
+Create a landing page where users choose their mode:
+```tsx
+function MintLandingPage() {
+  const { selectedOrganisation, selectedEvent } = useUnifiedAuth();
+  const navigate = useNavigate();
+  const handleOrgMode = () => {
+    // Ensure organisation is selected
+    if (!selectedOrganisation) {
+      // Show organisation selector
+      return;
+    }
+    navigate('/dashboard');
+  };
+  const handleEventMode = () => {
+    // Ensure event is selected
+    if (!selectedEvent) {
+      // Show event selector
+      return;
+    }
+    navigate('/budget');
+  };
+  return (
+    <main>
+      <section>
+        <h1>pace-mint</h1>
+        <button onClick={handleOrgMode}>
+          Organisation Financial Management
+        </button>
+        <button onClick={handleEventMode}>
+          Event Financial Management
+        </button>
+      </section>
+    </main>
+  );
+}
+```
+### Step 3: Navigation Configuration
+Configure navigation items with proper page names:
+```tsx
+const orgNavItems = [
+  { label: 'Dashboard', pageName: 'dashboard', href: '/dashboard' },
+  { label: 'Reports', pageName: 'reports', href: '/reports' },
+  // ... other org-based pages
+];
+const eventNavItems = [
+  { label: 'Budget', pageName: 'budget', href: '/budget' },
+  { label: 'Budget Variables', pageName: 'budget-variables', href: '/budget-variables' },
+  // ... other event-based pages
+];
+```
+### Step 4: Use Context Selector in Header
+The `PaceAppLayout` component includes the unified `ContextSelector` by default:
+```tsx
+import { PaceAppLayout } from '@jmruthers/pace-core';
+function App() {
+  const { selectedOrganisation, selectedEvent, setSelectedOrganisation, setSelectedEvent } = useUnifiedAuth();
+  const navigate = useNavigate();
+  return (
+    <PaceAppLayout
+      appName="MINT"
+      navItems={/* your nav items */}
+      showContextSelector={true} // Default: shows unified selector
+    />
+  );
+}
+```
+The `ContextSelector` is automatically integrated into the header and handles organisation/event selection. You can also use it directly if you need custom behavior:
+```tsx
+import { ContextSelector } from '@jmruthers/pace-core';
+<ContextSelector
+  onOrganisationSelect={(org) => {
+    setSelectedOrganisation(org);
+    setSelectedEvent(null);
+    navigate('/dashboard');
+  }}
+  onEventSelect={(event) => {
+    setSelectedEvent(event);
+    setSelectedOrganisation(null);
+    navigate('/budget');
+  }}
+/>
+```
+### Step 5: Page Protection
+Use `PagePermissionGuard` for all pages:
+```tsx
+import { PagePermissionGuard } from '@jmruthers/pace-core/rbac';
+function BudgetPage() {
+  return (
+    <PagePermissionGuard pageName="budget" operation="read">
+      {/* Budget page content */}
+    </PagePermissionGuard>
+  );
+}
+```
+## Permission Precedence
+When a user has both organisation and event permissions for a 'both' page:
+1. **Union of permissions**: User gets permissions from both scopes
+2. **Higher order wins**: More permissive permission takes precedence
+   - Access levels: `super` > `admin` > `user` > `none`
+   - Permission values: `true` > `false`
+Example:
+- User has `read:budget` at org level (org_admin)
+- User has `write:budget` at event level (planner)
+- Result: User gets `write:budget` (higher permission wins)
+## Super Admin Behavior
+Super admins:
+- See **all events** in the hybrid selector
+- See **all organisations** in the hybrid selector
+- Can access **all pages** regardless of scope
+- Bypass all permission checks
+## Testing Checklist
+- [ ] All pages have correct `scope_type` set in database
+- [ ] Event-based pages only accessible when event is selected
+- [ ] Organisation-based pages only accessible when organisation is selected
+- [ ] Navigation filters correctly based on current context
+- [ ] Context selector shows all accessible orgs and events
+- [ ] Permission checks work correctly for each scope type
+- [ ] 'both' pages return union of permissions
+- [ ] Super admins can access all pages
+- [ ] Users with both org and event roles see appropriate pages
+## Troubleshooting
+### Pages not showing in navigation
+1. Check page `scope_type` matches current context
+2. Verify user has permissions for the page
+3. Ensure page exists in `rbac_app_pages` table
+4. Check page permissions are configured in `rbac_page_permissions`
+### Permission denied errors
+1. Verify user has the required role for the page
+2. Check page `scope_type` matches selected context
+3. Ensure permissions are configured for the correct organisation/event
+4. Verify user's roles are active (valid_from/valid_to dates)
+### Context selector not showing items
+1. Check user has organisation memberships or event-app roles
+2. Verify organisations/events are active
+3. Check RLS policies allow user to see the items
+4. Ensure super admin status if testing as super admin
+## Related Documentation
+- [RBAC Scope Migration Guide](../migration/RBAC_SCOPE_MIGRATION.md) - Complete migration guide
+- [Context Selector Component](../components/context-selector.md) - Unified selector documentation
+- [RBAC System Overview](../rbac/README.md)
+- [Event-Based Apps](../rbac/event-based-apps.md)
+- [Navigation Filtering](../components/NavigationMenu.md)
+- [Page Permission Guard](../rbac/components/PagePermissionGuard.md)