@jmruthers/pace-core 0.6.4 → 0.6.6

package/src/utils/supabase/createBaseClient.ts

@@ -0,0 +1,147 @@
+/**
+ * @file Base Supabase Client Creation Utility
+ * @package @jmruthers/pace-core
+ * @module Utils/Supabase
+ * @since 0.6.6
+ * 
+ * Restricted wrapper for creating the base Supabase client for UnifiedAuthProvider.
+ * This is the ONLY acceptable way to create a Supabase client in consuming apps.
+ * 
+ * @example
+ * ```tsx
+ * // ✅ CORRECT: In main.tsx, App.tsx, or lib/supabase.ts
+ * import { createBaseClient } from '@jmruthers/pace-core';
+ * 
+ * const supabase = createBaseClient(
+ *   import.meta.env.VITE_SUPABASE_URL,
+ *   import.meta.env.VITE_SUPABASE_PUBLISHABLE_KEY
+ * );
+ * 
+ * // Pass to UnifiedAuthProvider
+ * <UnifiedAuthProvider supabaseClient={supabase} ... />
+ * ```
+ */
+
+import { createClient, SupabaseClient } from '@supabase/supabase-js';
+import { Database } from '../../types/database';
+
+/**
+ * Allowed file patterns for base client creation
+ * 
+ * Note: Patterns allow optional query parameters (e.g., ?t=timestamp) and line numbers
+ * that Vite and other bundlers add in stack traces
+ */
+const ALLOWED_FILE_PATTERNS = [
+  /[\/\\]main\.(tsx?|jsx?)(\?|:|\s|$)/i,
+  /[\/\\]App\.(tsx?|jsx?)(\?|:|\s|$)/i,
+  /[\/\\]lib[\/\\]supabase\.(tsx?|jsx?)(\?|:|\s|$)/i,
+  /[\/\\]src[\/\\]supabase\.(tsx?|jsx?)(\?|:|\s|$)/i,
+];
+
+/**
+ * Check if the current file is in an allowed location for base client creation
+ * 
+ * This uses Error.stack to detect the caller's file path.
+ * Only works in development/build time, not at runtime.
+ */
+function isAllowedContext(): boolean {
+  // In production builds, we can't reliably detect the caller
+  // So we allow it but document the restriction
+  if (typeof process !== 'undefined' && process.env.NODE_ENV === 'production') {
+    return true; // Allow in production (documentation/ESLint enforces)
+  }
+
+  try {
+    const stack = new Error().stack;
+    if (!stack) return false;
+
+    // Check if any stack frame matches allowed patterns
+    const stackLines = stack.split('\n');
+    for (const line of stackLines) {
+      for (const pattern of ALLOWED_FILE_PATTERNS) {
+        if (pattern.test(line)) {
+          return true;
+        }
+      }
+    }
+    return false;
+  } catch {
+    // If we can't check, allow it (documentation/ESLint enforces)
+    return true;
+  }
+}
+
+/**
+ * Create a base Supabase client for UnifiedAuthProvider
+ * 
+ * **CRITICAL**: This function can ONLY be called from:
+ * - `src/main.tsx` (or `main.jsx`)
+ * - `src/App.tsx` (or `App.jsx`)
+ * - `src/lib/supabase.ts` (or `supabase.js`)
+ * - `src/supabase.ts` (or `supabase.js`)
+ * 
+ * **DO NOT** use this client directly for queries. Always use `useSecureSupabase()` hook instead.
+ * 
+ * The client is configured with explicit auth options to ensure consistent session persistence:
+ * - `persistSession: true` - Sessions are saved to localStorage and restored on page load/refresh
+ * - `autoRefreshToken: true` - Tokens are automatically refreshed before expiry
+ * - `detectSessionInUrl: true` - Detects and handles OAuth callback URLs
+ * - `flowType: 'pkce'` - Uses PKCE flow for enhanced security
+ * 
+ * This configuration ensures that users remain logged in after hard refresh (Cmd+Shift+R)
+ * and other browser navigation scenarios across all consuming apps.
+ * 
+ * @param supabaseUrl - Supabase project URL
+ * @param supabaseKey - Supabase publishable key or anon key (accepts both legacy anon keys and modern publishable keys)
+ * @returns Supabase client instance with auth configuration
+ * 
+ * @throws {Error} If called from an unauthorized file location (development only)
+ * 
+ * @example
+ * ```tsx
+ * // main.tsx
+ * import { createBaseClient } from '@jmruthers/pace-core';
+ * import { UnifiedAuthProvider } from '@jmruthers/pace-core';
+ * 
+ * const supabase = createBaseClient(
+ *   import.meta.env.VITE_SUPABASE_URL,
+ *   import.meta.env.VITE_SUPABASE_PUBLISHABLE_KEY
+ * );
+ * 
+ * function App() {
+ *   return (
+ *     <UnifiedAuthProvider supabaseClient={supabase} appName="MyApp">
+ *       <YourApp />
+ *     </UnifiedAuthProvider>
+ *   );
+ * }
+ * ```
+ */
+export function createBaseClient(
+  supabaseUrl: string,
+  supabaseKey: string
+): SupabaseClient<Database> {
+  // Check context in development
+  if (!isAllowedContext()) {
+    const error = new Error(
+      'createBaseClient() can only be called from main.tsx, App.tsx, or lib/supabase.ts.\n' +
+      'This is a security requirement to ensure the base client is only created once and passed to UnifiedAuthProvider.\n' +
+      'See: https://github.com/jmruthers/pace-core/blob/main/packages/core/docs/standards/00-pace-core-compliance.md'
+    );
+    console.error('[pace-core Security Error]', error);
+    throw error;
+  }
+
+  // Create and return the base client with explicit auth configuration
+  // These options ensure consistent session persistence across all consuming apps,
+  // especially important for hard refresh (Cmd+Shift+R) scenarios
+  return createClient<Database>(supabaseUrl, supabaseKey, {
+    auth: {
+      autoRefreshToken: true,
+      persistSession: true,
+      detectSessionInUrl: true,
+      flowType: 'pkce'
+    }
+  });
+}
+

package/src/utils/timezone/timezone.test.ts

@@ -247,7 +247,7 @@ describe('Timezone Utilities', () => {
 
     it('returns original date for invalid minutesStep', () => {
       const date = new Date('2024-01-15T10:23:00Z');
-      const result = roundToNearestMinutes(date, 0);
+      roundToNearestMinutes(date, 0);
       expect(date).toBe(date);
     });
 
@@ -296,7 +296,6 @@ describe('Timezone Utilities', () => {
 
     it('handles DST correctly', () => {
       // Test in summer (EDT vs PDT = 3 hours)
-      const summerDate = new Date('2024-07-15T10:00:00Z');
       const result = getTimeZoneDifference('America/New_York', 'America/Los_Angeles');
       // Should be negative (LA behind NY)
       expect(result).toBeLessThan(0);

package/src/utils/timezone/timezone.ts

@@ -32,7 +32,7 @@
  * ```
  */
 
-import { format, parseISO, addMinutes, differenceInHours, isValid } from 'date-fns';
+import { parseISO, addMinutes, differenceInHours, isValid } from 'date-fns';
 import { formatInTimeZone as fnsFormatInTimeZone, toZonedTime as fnsToZonedTime, fromZonedTime as fnsFromZonedTime } from 'date-fns-tz';
 
 /**

package/src/utils/validation/csrf.ts

@@ -54,7 +54,7 @@ class CSRFManager {
       await this.persistTokens();
 
       return token;
-    } catch (error) {
+    } catch (_error) {
       throw new Error('CSRF token generation failed');
     }
   }
@@ -98,7 +98,7 @@ class CSRFManager {
       await this.persistTokens();
 
       return true;
-    } catch (error) {
+    } catch (_error) {
       return false;
     }
   }
@@ -158,7 +158,7 @@ class CSRFManager {
         JSON.stringify(tokensArray),
         { encrypt: true, expiry: this.TOKEN_EXPIRY }
       );
-    } catch (error) {
+    } catch (_error) {
       // Silent fail - tokens will be regenerated if needed
     }
   }
@@ -175,7 +175,7 @@ class CSRFManager {
         // Clean up on load
         await this.cleanupExpiredTokens();
       }
-    } catch (error) {
+    } catch (_error) {
       this.tokenCache.clear();
     }
   }

package/cursor-rules/CHANGELOG.md

@@ -1,119 +0,0 @@
-# Cursor Rules Changelog
-
-All notable changes to pace-core cursor rules will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [Unreleased]
-
-### Added
-- **08-markup-quality.mdc** - Enforces clean markup standards, semantic HTML usage, and pace-core component patterns
-
-## [1.1.0] - 2025-01-28
-
-### Added
-- **08-markup-quality.mdc** - Comprehensive guide for markup quality, semantic HTML, and pace-core component usage patterns
-  - Enforces pace-core component usage over custom solutions
-  - Prohibits `<div>` elements (except first child of `<body>` in `index.html`)
-  - Requires semantic HTML elements (`<main>`, `<section>`, `<article>`, etc.)
-  - Prohibits typography styling (relies on pace-core core.css)
-  - Requires React Fragments for grouping without semantic meaning
-  - Enforces minimal element nesting and clear semantic purpose
-  - Includes decision tree and comprehensive checklist
-
-## [1.0.0] - 2025-01-15
-
-### Added
-- Initial release of cursor rules system
-- 8 comprehensive rule files covering compliance, standards, structure, SOLID, testing, bug reports, code quality, and tech stack
-- Installation script with safety guards
-- Comprehensive audit tool with Phase 1 (deterministic) and Phase 2 (heuristic) checks
-- Markdown report generation with timestamps
-
-## [1.0.0] - 2025-01-15
-
-### Added
-- **00-pace-core-compliance.mdc** - Enforces pace-core usage patterns
-- **01-standards-compliance.mdc** - Maps to all pace-core standards
-- **02-project-structure.mdc** - Defines standard folder structure
-- **03-solid-principles.mdc** - Enforces SOLID architecture principles
-- **04-testing-standards.mdc** - Enforces testing framework consistency
-- **05-bug-reports-and-features.mdc** - Templates for bug reports and feature requests
-- **06-code-quality.mdc** - Enforces code quality standards
-- **07-tech-stack-compliance.mdc** - Enforces tech stack versions and patterns
-
-### Features
-- Opt-in installation script (not automatic postinstall)
-- Safety guards (environment variable, git check)
-- Version tracking in rule files
-- Rule numbering system (pace-core: 00-09, apps: 50+)
-- Targeted globs for efficient rule application
-- MUST/SHOULD/MAY semantics for clear guidance
-- Comprehensive audit tool with markdown reports
-- Phase-based audit approach (deterministic vs heuristic)
-
-### Documentation
-- README.md with installation and usage guide
-- Getting started guide in docs
-- Updated standards README with cursor rules section
-
-## Migration Guide
-
-### From No Rules to Cursor Rules
-
-1. Install pace-core (if not already installed):
-   ```bash
-   npm install @jmruthers/pace-core
-   ```
-
-2. Install cursor rules:
-   ```bash
-   node node_modules/@jmruthers/pace-core/scripts/install-cursor-rules.cjs
-   ```
-
-3. Restart Cursor to load rules
-
-4. Run audit to check compliance:
-   ```bash
-   node node_modules/@jmruthers/pace-core/scripts/audit-consuming-app.cjs
-   ```
-
-### Updating Rules
-
-When pace-core is updated:
-
-1. Update pace-core:
-   ```bash
-   npm update @jmruthers/pace-core
-   ```
-
-2. Update rules:
-   ```bash
-   npm run setup:cursor-rules
-   ```
-
-3. Review any changes in rule files
-
-### Custom Rules
-
-If you have custom rules, number them starting at 50:
-- `50-my-custom-rule.mdc`
-- `51-another-rule.mdc`
-- etc.
-
-This ensures pace-core rules (00-09) load first.
-
-## Version History
-
-- **1.1.0** (2025-01-28) - Added markup quality rule (08-markup-quality.mdc)
-- **1.0.0** (2025-01-15) - Initial release
-
-## Future Enhancements
-
-Potential future enhancements:
-- CLI for rule validation
-- GitHub Action template for PR audits
-- Rule update notification system
-- Interactive rule configuration
-- Rule effectiveness metrics

package/cursor-rules/README.md

@@ -1,192 +0,0 @@
-# pace-core Cursor Rules
-
-This directory contains Cursor rules that ensure consuming apps maintain quality, consistency, and compliance with pace-core standards.
-
-## What are Cursor Rules?
-
-Cursor rules are `.mdc` (Markdown Cursor) files that guide AI assistants (like Cursor) to follow specific patterns and standards when writing code. These rules are automatically loaded by Cursor when present in `.cursor/rules/` directory.
-
-## Installation
-
-### Automatic Installation (Recommended)
-
-Run the installation script from your consuming app root:
-
-```bash
-node node_modules/@jmruthers/pace-core/scripts/install-cursor-rules.cjs
-```
-
-Or add to your `package.json`:
-
-```json
-{
-  "scripts": {
-    "setup:cursor-rules": "node node_modules/@jmruthers/pace-core/scripts/install-cursor-rules.cjs"
-  }
-}
-```
-
-Then run:
-
-```bash
-npm run setup:cursor-rules
-```
-
-### Manual Installation
-
-Copy all `.mdc` files from `node_modules/@jmruthers/pace-core/cursor-rules/` to your `.cursor/rules/` directory.
-
-## Rule Files
-
-The rules are numbered for ordering (00-08):
-
-- **00-pace-core-compliance.mdc** - Enforce pace-core usage patterns
-- **01-standards-compliance.mdc** - Enforce all pace-core standards
-- **02-project-structure.mdc** - Define standard folder structure
-- **03-solid-principles.mdc** - Enforce SOLID architecture principles
-- **04-testing-standards.mdc** - Enforce testing framework consistency
-- **05-bug-reports-and-features.mdc** - Templates for bug reports and feature requests (guidance-only)
-- **06-code-quality.mdc** - Enforce code quality standards
-- **07-tech-stack-compliance.mdc** - Enforce tech stack versions and patterns
-- **08-markup-quality.mdc** - Enforce clean markup standards, semantic HTML usage, and pace-core component patterns
-
-## Rule Numbering System
-
-- **pace-core rules**: `00-09` (reserved for pace-core)
-- **Your app rules**: `50+` (create your own rules starting at 50)
-
-This ensures pace-core rules load first, and your custom rules load after.
-
-## Customization
-
-### Adding Your Own Rules
-
-Create your own rules in `.cursor/rules/` with numbers starting at `50`:
-
-```
-.cursor/rules/
-├── 00-pace-core-compliance.mdc      # pace-core rule
-├── 01-standards-compliance.mdc     # pace-core rule
-├── ...
-├── 50-my-custom-rule.mdc           # Your custom rule
-└── 51-another-custom-rule.mdc      # Your custom rule
-```
-
-### Updating Rules
-
-When pace-core is updated, run the installation script again. The script will:
-- **Automatically update** pace-core rules (00-09) if they've changed (version or content differs)
-- Preserve your custom rules (50+)
-- Skip files that are already up to date
-
-### Force Update
-
-To force update all rules (even when versions match):
-
-```bash
-node node_modules/@jmruthers/pace-core/scripts/install-cursor-rules.cjs --force
-```
-
-**Note**: Normally, pace-core rules (00-09) are automatically updated when they change. The `--force` flag forces an update even when versions match (useful if content changed but version metadata wasn't updated).
-
-## How Cursor Uses Rules
-
-Cursor automatically loads all `.mdc` files from `.cursor/rules/` when:
-- You open a file that matches the rule's `globs` pattern
-- You ask Cursor to write or modify code
-- Cursor needs context for code generation
-
-Rules with `alwaysApply: true` are always considered, while rules with `alwaysApply: false` are only referenced when relevant.
-
-## Explicitly Referencing Rules
-
-When working with Cursor, you can explicitly reference rules:
-
-> "Use pace-core components and follow rules 00–04."
-
-This helps Cursor focus on specific rule sets.
-
-## Rule Format
-
-Each rule file follows this format:
-
-```markdown
----
-description: Brief description
-globs: ["targeted/path/**/*.{ts,tsx}"]  # Files this rule applies to
-alwaysApply: true  # or false
-paceCoreVersion: "0.5.x"  # pace-core version
-rulesVersion: "2025-01-15"  # Rule update date
----
-
-# Rule Title
-
-Content with examples and guidelines.
-```
-
-## Safety Guards
-
-The installation script includes safety guards:
-
-- **Environment variable**: Set `PACE_CURSOR_RULES_DISABLED=1` to skip installation
-- **Git check**: Skips if no `.git` folder exists (CI/safety)
-- **Auto-update**: Automatically updates pace-core rules (00-09) when they change
-- **Protection**: Never overwrites custom app rules (50+)
-
-## Monorepo Support
-
-For monorepos, run the installation script from each app's root directory. Each app maintains its own `.cursor/rules/` directory.
-
-## Troubleshooting
-
-### Rules Not Loading
-
-1. Verify rules are in `.cursor/rules/` directory
-2. Check file extensions are `.mdc`
-3. Restart Cursor if rules were just installed
-4. Check rule frontmatter is valid YAML
-
-### Rules Conflicting
-
-1. Check rule numbering (pace-core: 00-09, yours: 50+)
-2. Verify `globs` patterns don't overlap unnecessarily
-3. Review rule priorities in frontmatter
-
-### Installation Fails
-
-1. Check you're in the app root directory
-2. Verify `node_modules/@jmruthers/pace-core/` exists
-3. Check file permissions
-4. Try with `--force` flag if needed
-
-## Audit Tool
-
-Run the audit tool to check compliance:
-
-```bash
-node node_modules/@jmruthers/pace-core/scripts/audit-consuming-app.cjs
-```
-
-This generates a timestamped markdown report in `audit/` directory.
-
-## Version Tracking
-
-Each rule file includes version metadata:
-- `paceCoreVersion`: pace-core version these rules target
-- `rulesVersion`: Date when rules were last updated
-
-Check these to see if rules need updating.
-
-## Related Documentation
-
-- [pace-core Standards](../docs/standards/README.md)
-- [Getting Started Guide](../docs/getting-started/cursor-rules.md)
-- [pace-core Exports](../docs/api-reference/README.md)
-
-## Support
-
-For issues with cursor rules:
-1. Check this README
-2. Review rule files for guidance
-3. File an issue in pace-core repository
-4. Check pace-core documentation

package/dist/DataTable-E7YQZD7D.js

@@ -1,175 +0,0 @@
-import {
-  ActionButtons,
-  BulkOperationsDropdown,
-  ColumnFactory,
-  ColumnVisibilityDropdown,
-  DataTable,
-  DataTableCore,
-  DataTableErrorBoundary,
-  DataTableModals,
-  DataTableToolbar,
-  EditableRow,
-  EmptyState,
-  EnhancedPaginationControls,
-  GroupHeader,
-  GroupingDropdown,
-  ImportModal,
-  LoadingState,
-  PaginationControls,
-  UnifiedTableBody,
-  announce,
-  announceBulkOperation,
-  announceFilterChange,
-  announceLoadingState,
-  announcePaginationChange,
-  announceSearchResults,
-  announceSelectionChange,
-  announceSortChange,
-  average,
-  calculateAllDepths,
-  calculateAllIndentation,
-  calculateIndentation,
-  calculateOptimalPageSize,
-  cleanupLiveRegion,
-  count,
-  createHierarchicalStructure,
-  defaultDataTableFeatures,
-  exportToCSV,
-  exportToCSVWithTableRows,
-  generateCSVContent,
-  getAriaSortValue,
-  getCellRenderer,
-  getColumnHeaderText,
-  getHierarchicalSortConfig,
-  getPageSizeOptions,
-  getPaginationBinding,
-  getRowDepth,
-  getRowDescription,
-  getRowIdSafe,
-  getSortButtonLabel,
-  groupHierarchicalData,
-  hasValidRowId,
-  initializeLiveRegion,
-  isHierarchicalSortableColumn,
-  max,
-  min,
-  normalizeDataTableFeatures,
-  shouldShowColumnForRow,
-  sortHierarchicalDataByStructure,
-  sortHierarchicalDataWithSorting,
-  sum,
-  validateHierarchicalData,
-  validatePaginationConfig
-} from "./chunk-7JPAB3T5.js";
-import "./chunk-NN6WWZ5U.js";
-import {
-  CircuitBreaker,
-  DEFAULT_FALLBACK_CONFIG,
-  DataChunkManager,
-  DataTableError,
-  DataTableErrorType,
-  ErrorRecoveryManager,
-  MemoryMonitor,
-  SearchIndex,
-  VisibilityTracker,
-  chunkData,
-  debounce,
-  determinePaginationMode,
-  getOptimalPageSizeOptions,
-  safeExecute,
-  throttle,
-  useDataTablePerformance
-} from "./chunk-6SOIHG6Z.js";
-import "./chunk-OEWDTMG7.js";
-import "./chunk-KQCRWDSA.js";
-import "./chunk-AVMLPIM7.js";
-import "./chunk-3LPHPB62.js";
-import "./chunk-63FOKYGO.js";
-import "./chunk-36LVWXB2.js";
-import "./chunk-QXHPKYJV.js";
-import "./chunk-M43Y4SSO.js";
-import "./chunk-M7MPQISP.js";
-import "./chunk-FMUCXFII.js";
-import "./chunk-VBXEHIUJ.js";
-import "./chunk-PWLANIRT.js";
-import "./chunk-DGUM43GV.js";
-export {
-  ActionButtons,
-  BulkOperationsDropdown,
-  CircuitBreaker,
-  ColumnFactory,
-  ColumnVisibilityDropdown,
-  DEFAULT_FALLBACK_CONFIG,
-  DataChunkManager,
-  DataTable,
-  DataTableCore,
-  DataTableError,
-  DataTableErrorBoundary,
-  DataTableErrorType,
-  DataTableModals,
-  DataTableToolbar,
-  EditableRow,
-  EmptyState,
-  EnhancedPaginationControls,
-  ErrorRecoveryManager,
-  GroupHeader,
-  GroupingDropdown,
-  ImportModal,
-  LoadingState,
-  MemoryMonitor,
-  PaginationControls,
-  SearchIndex,
-  UnifiedTableBody,
-  VisibilityTracker,
-  announce,
-  announceBulkOperation,
-  announceFilterChange,
-  announceLoadingState,
-  announcePaginationChange,
-  announceSearchResults,
-  announceSelectionChange,
-  announceSortChange,
-  average,
-  calculateAllDepths,
-  calculateAllIndentation,
-  calculateIndentation,
-  calculateOptimalPageSize,
-  chunkData,
-  cleanupLiveRegion,
-  count,
-  createHierarchicalStructure,
-  debounce,
-  defaultDataTableFeatures,
-  determinePaginationMode,
-  exportToCSV,
-  exportToCSVWithTableRows,
-  generateCSVContent,
-  getAriaSortValue,
-  getCellRenderer,
-  getColumnHeaderText,
-  getHierarchicalSortConfig,
-  getOptimalPageSizeOptions,
-  getPageSizeOptions,
-  getPaginationBinding,
-  getRowDepth,
-  getRowDescription,
-  getRowIdSafe,
-  getSortButtonLabel,
-  groupHierarchicalData,
-  hasValidRowId,
-  initializeLiveRegion,
-  isHierarchicalSortableColumn,
-  max,
-  min,
-  normalizeDataTableFeatures,
-  safeExecute,
-  shouldShowColumnForRow,
-  sortHierarchicalDataByStructure,
-  sortHierarchicalDataWithSorting,
-  sum,
-  throttle,
-  useDataTablePerformance,
-  validateHierarchicalData,
-  validatePaginationConfig
-};
-//# sourceMappingURL=DataTable-E7YQZD7D.js.map

package/dist/DataTable-E7YQZD7D.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}