@jmruthers/pace-core 0.6.5 → 0.6.7

package/dist/chunk-AFVQODI2.js

@@ -1,263 +0,0 @@
-import {
-  createLogger
-} from "./chunk-PWLANIRT.js";
-
-// src/rbac/types.ts
-var RBACError = class extends Error {
-  constructor(message, code, context) {
-    super(message);
-    this.code = code;
-    this.context = context;
-    this.name = "RBACError";
-  }
-};
-var PermissionDeniedError = class extends RBACError {
-  constructor(permission, context) {
-    super(
-      `Permission denied: ${permission}`,
-      "PERMISSION_DENIED",
-      { permission, ...context }
-    );
-    this.name = "PermissionDeniedError";
-  }
-};
-var OrganisationContextRequiredError = class extends RBACError {
-  constructor() {
-    super(
-      "Organisation context is required for this operation",
-      "ORGANISATION_CONTEXT_REQUIRED"
-    );
-    this.name = "OrganisationContextRequiredError";
-  }
-};
-var EventContextRequiredError = class extends RBACError {
-  constructor() {
-    super(
-      "Event context is required for this operation",
-      "EVENT_CONTEXT_REQUIRED"
-    );
-    this.name = "EventContextRequiredError";
-  }
-};
-var RBACNotInitializedError = class extends RBACError {
-  constructor() {
-    super(
-      "RBAC system not initialized. Please call setupRBAC(supabase) before using any RBAC components or hooks. See: https://docs.pace-core.dev/rbac/setup",
-      "RBAC_NOT_INITIALIZED"
-    );
-    this.name = "RBACNotInitializedError";
-  }
-};
-var InvalidScopeError = class extends RBACError {
-  constructor(scope, reason) {
-    super(
-      `Invalid scope provided: ${JSON.stringify(scope)}. ${reason}`,
-      "INVALID_SCOPE",
-      { scope, reason }
-    );
-    this.name = "InvalidScopeError";
-  }
-};
-var MissingUserContextError = class extends RBACError {
-  constructor() {
-    super(
-      "User context is required but not available. Make sure to wrap your app with an auth provider.",
-      "MISSING_USER_CONTEXT"
-    );
-    this.name = "MissingUserContextError";
-  }
-};
-
-// src/rbac/utils/eventContext.ts
-var orgDerivationCache = /* @__PURE__ */ new Map();
-var MAX_CACHE_SIZE = 100;
-async function getOrganisationFromEvent(supabase, eventId) {
-  if (orgDerivationCache.has(eventId)) {
-    return orgDerivationCache.get(eventId) ?? null;
-  }
-  const { data, error } = await supabase.from("core_events").select("organisation_id").eq("event_id", eventId).single();
-  let organisationId = null;
-  if (error || !data) {
-    organisationId = null;
-  } else if (data.organisation_id) {
-    organisationId = data.organisation_id;
-  } else {
-    organisationId = null;
-  }
-  if (orgDerivationCache.size >= MAX_CACHE_SIZE) {
-    const firstKey = orgDerivationCache.keys().next().value;
-    if (firstKey) {
-      orgDerivationCache.delete(firstKey);
-    }
-  }
-  orgDerivationCache.set(eventId, organisationId);
-  return organisationId;
-}
-
-// src/rbac/utils/contextValidator.ts
-var log = createLogger("ContextValidator");
-function allowsOptionalContexts(appName) {
-  return appName === "PORTAL" || appName === "ADMIN";
-}
-var ContextValidator = class {
-  /**
-   * Derive organisation ID from event ID
-   * 
-   * @param supabase - Supabase client
-   * @param eventId - Event ID
-   * @returns Organisation ID or null
-   */
-  static async deriveOrgFromEvent(supabase, eventId) {
-    return getOrganisationFromEvent(supabase, eventId);
-  }
-  /**
-   * Resolve scope based on page-level scope_type
-   * 
-   * This method handles page-level scoping. All pages have explicit scope_type set.
-   * Used for hybrid apps like pace-mint that have both event and organisation pages.
-   * 
-   * @param scope - Current scope
-   * @param pageScopeType - Page scope type ('event', 'organisation', or 'both')
-   * @param appName - App name (for PORTAL/ADMIN special case)
-   * @param supabase - Supabase client (for deriving org from event)
-   * @returns Resolved scope with all required context
-   */
-  static async resolveScopeForPage(scope, pageScopeType, appName, supabase) {
-    const effectiveScopeType = pageScopeType;
-    if (effectiveScopeType === "both") {
-      if (!scope.organisationId && !scope.eventId) {
-        if (allowsOptionalContexts(appName)) {
-          return {
-            isValid: true,
-            resolvedScope: {
-              organisationId: void 0,
-              eventId: void 0,
-              appId: scope.appId
-            },
-            error: null
-          };
-        }
-        return {
-          isValid: false,
-          resolvedScope: null,
-          error: new Error("Page requires either organisation or event context")
-        };
-      }
-      let organisationId = scope.organisationId;
-      if (!organisationId && scope.eventId && supabase) {
-        try {
-          const derivedOrgId = await this.deriveOrgFromEvent(supabase, scope.eventId);
-          organisationId = derivedOrgId || void 0;
-        } catch (error) {
-          log.warn("Failed to derive org from event for both-scope page:", error);
-        }
-      }
-      return {
-        isValid: true,
-        resolvedScope: {
-          organisationId,
-          eventId: scope.eventId,
-          appId: scope.appId
-        },
-        error: null
-      };
-    }
-    if (effectiveScopeType === "event") {
-      if (!scope.eventId) {
-        if (allowsOptionalContexts(appName)) {
-          return {
-            isValid: true,
-            resolvedScope: {
-              organisationId: scope.organisationId,
-              eventId: void 0,
-              appId: scope.appId
-            },
-            error: null
-          };
-        }
-        return {
-          isValid: false,
-          resolvedScope: null,
-          error: new EventContextRequiredError()
-        };
-      }
-      let organisationId = scope.organisationId;
-      if (!organisationId && supabase && scope.eventId) {
-        try {
-          const derivedOrgId = await this.deriveOrgFromEvent(supabase, scope.eventId);
-          organisationId = derivedOrgId || void 0;
-          if (!organisationId) {
-            return {
-              isValid: false,
-              resolvedScope: null,
-              error: new Error("Could not resolve organisation from event context")
-            };
-          }
-        } catch (error) {
-          log.error("Failed to derive org from event:", error);
-          return {
-            isValid: false,
-            resolvedScope: null,
-            error: error instanceof Error ? error : new Error("Failed to derive organisation from event")
-          };
-        }
-      }
-      return {
-        isValid: true,
-        resolvedScope: {
-          organisationId,
-          eventId: scope.eventId,
-          appId: scope.appId
-        },
-        error: null
-      };
-    }
-    if (effectiveScopeType === "organisation") {
-      if (!scope.organisationId) {
-        if (allowsOptionalContexts(appName)) {
-          return {
-            isValid: true,
-            resolvedScope: {
-              organisationId: void 0,
-              eventId: scope.eventId,
-              appId: scope.appId
-            },
-            error: null
-          };
-        }
-        return {
-          isValid: false,
-          resolvedScope: null,
-          error: new OrganisationContextRequiredError()
-        };
-      }
-      return {
-        isValid: true,
-        resolvedScope: {
-          organisationId: scope.organisationId,
-          eventId: scope.eventId,
-          // Event is optional for org-scoped pages
-          appId: scope.appId
-        },
-        error: null
-      };
-    }
-    return {
-      isValid: false,
-      resolvedScope: null,
-      error: new Error("Invalid scope type")
-    };
-  }
-};
-
-export {
-  RBACError,
-  PermissionDeniedError,
-  OrganisationContextRequiredError,
-  EventContextRequiredError,
-  RBACNotInitializedError,
-  InvalidScopeError,
-  MissingUserContextError,
-  ContextValidator
-};
-//# sourceMappingURL=chunk-AFVQODI2.js.map

package/dist/chunk-AFVQODI2.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/rbac/types.ts","../src/rbac/utils/eventContext.ts","../src/rbac/utils/contextValidator.ts"],"sourcesContent":["/**\n * RBAC (Role-Based Access Control) Types - Build Contract Compliant\n * @package @jmruthers/pace-core\n * @module RBAC/Types\n * @since 1.0.0\n * \n * This module defines the core types for the RBAC system that match the build contract exactly.\n * All types are designed to be framework-agnostic and provide strong typing for permission operations.\n */\n\nimport type React from 'react';\nimport type { AppId, PageId } from '../types/core';\n\n// ============================================================================\n// CORE TYPES\n// ============================================================================\n\nexport type UUID = string;\n\nexport type Operation = 'read' | 'create' | 'update' | 'delete';\n\nexport type Permission = `${Operation}:${string}`; // e.g. \"read:base.events\" or \"create:team.members\"\n\nexport type AccessLevel =\n  | 'viewer'\n  | 'participant'\n  | 'planner'\n  | 'admin'\n  | 'super';\n\n/**\n * Scope defines the context for permission checks.\n * Can include organisation, event, and/or app identifiers.\n */\nexport type Scope = {\n  organisationId?: UUID;\n  eventId?: string; // event_id is text/varchar\n  appId?: AppId | UUID;\n};\n\n/**\n * Permission check request parameters.\n * Defines who (userId) is checking what permission in what context (scope).\n */\nexport type PermissionCheck = {\n  userId: UUID;\n  scope: Scope;\n  permission: Permission;\n  pageId?: PageId | UUID;\n};\n\nexport type PermissionMap = Record<Permission, boolean> & Partial<Record<'*', boolean>>;\n\n// ============================================================================\n// ROLE TYPES\n// ============================================================================\n\nexport type GlobalRole = 'super_admin';\n\nexport type OrganisationRole = 'supporter' | 'member' | 'leader' | 'org_admin';\n\nexport type EventAppRole = 'viewer' | 'participant' | 'planner' | 'event_admin';\n\n// ============================================================================\n// DATABASE TYPES\n// ============================================================================\n\nexport interface RBACGlobalRole {\n  id: UUID;\n  user_id: UUID;\n  role: GlobalRole;\n  granted_at: string;\n  granted_by: UUID | null;\n  valid_from: string;\n  valid_to: string | null;\n}\n\nexport interface RBACOrganisationRole {\n  id: UUID;\n  user_id: UUID;\n  organisation_id: UUID;\n  role: OrganisationRole;\n  status: 'active' | 'inactive' | 'suspended';\n  granted_at: string;\n  granted_by: UUID | null;\n  revoked_at: string | null;\n  revoked_by: UUID | null;\n  notes: string | null;\n  created_at: string;\n  updated_at: string;\n  valid_from: string;\n  valid_to: string | null;\n}\n\nexport interface RBACEventAppRole {\n  id: UUID;\n  user_id: UUID;\n  event_id: string;\n  role: EventAppRole;\n  status: 'active' | 'inactive' | 'suspended';\n  granted_at: string;\n  granted_by: UUID | null;\n  organisation_id: UUID;\n  app_id: UUID;\n  valid_from: string;\n  valid_to: string | null;\n}\n\nexport interface RBACPagePermission {\n  id: UUID;\n  app_page_id: UUID;\n  operation: Operation;\n  role_name: string;\n  allowed: boolean;\n  created_at: string;\n  updated_at: string;\n  organisation_id: UUID;\n}\n\nexport interface RBACAppPage {\n  id: UUID;\n  page_name: string;\n  page_description: string | null;\n  created_at: string;\n  updated_at: string;\n  created_by: UUID | null;\n  updated_by: UUID | null;\n  app_id: UUID;\n  scope_type: 'event' | 'organisation' | 'both'; // Required - single source of truth for page scoping\n}\n\nexport interface RBACApp {\n  id: UUID;\n  name: string;\n  display_name: string;\n  description: string | null;\n  requires_event: boolean;\n  is_active: boolean;\n  created_at: string;\n  updated_at: string;\n  created_by: UUID | null;\n  updated_by: UUID | null;\n}\n\n// ============================================================================\n// AUDIT EVENT TYPES\n// ============================================================================\n\nexport type AuditEventType = \n  | 'permission_check'\n  | 'permission_denied'\n  | 'role_granted'\n  | 'role_denied'\n  | 'rls_denied';\n\nexport type AuditEventSource = 'api' | 'ui' | 'middleware' | 'rls';\n\nexport interface RBACAuditEvent {\n  id: UUID;\n  event_type: AuditEventType;\n  user_id: UUID;\n  organisation_id: UUID | null; // Nullable to properly track missing context cases (should be rare since organisationId is required)\n  event_id?: string;\n  app_id?: UUID;\n  page_id?: UUID;\n  permission?: string;\n  decision?: boolean;\n  source?: AuditEventSource;\n  bypass?: boolean;\n  duration_ms?: number;\n  metadata: Record<string, any>;\n  created_at: string;\n}\n\nexport interface RBACAppContext {\n  appId: UUID;\n  hasAccess: boolean;\n}\n\nexport interface RBACRoleContext {\n  globalRole: GlobalRole | null;\n  organisationRole: OrganisationRole | null;\n  eventAppRole: EventAppRole | null;\n}\n\n// ============================================================================\n// CACHE TYPES\n// ============================================================================\n\nexport interface CacheEntry<T> {\n  data: T;\n  expires: number;\n}\n\nexport interface PermissionCacheKey {\n  userId: UUID;\n  organisationId?: UUID;\n  eventId?: string;\n  appId?: UUID;\n  permission?: Permission;\n  pageId?: UUID | string;\n}\n\n// ============================================================================\n// API TYPES\n// ============================================================================\n\nexport interface GetAccessLevelInput {\n  userId: UUID;\n  scope: Scope;\n}\n\nexport interface GetPermissionMapInput {\n  userId: UUID;\n  scope: Scope;\n}\n\nexport interface IsPermittedInput extends PermissionCheck {}\n\n// ============================================================================\n// HOOK TYPES\n// ============================================================================\n\nexport interface UsePermissionsReturn {\n  permissions: PermissionMap;\n  isLoading: boolean;\n  error: Error | null;\n  refetch: () => Promise<void>;\n}\n\nexport interface UseCanReturn {\n  can: boolean;\n  isLoading: boolean;\n  error: Error | null;\n  check: () => Promise<void>;\n}\n\n// ============================================================================\n// ADAPTER TYPES\n// ============================================================================\n\nexport interface PermissionGuardConfig {\n  permission: Permission;\n  pageId?: UUID;\n}\n\nexport interface WithPermissionGuardOptions {\n  permission: Permission;\n  pageId?: UUID;\n  fallback?: React.ReactNode;\n  onDenied?: () => void;\n}\n\n// ============================================================================\n// HOOK RETURN TYPES\n// ============================================================================\n\nexport interface UserRBACContext {\n  user: any; // User from auth context\n  globalRole: GlobalRole | null;\n  organisationRole: OrganisationRole | null;\n  eventAppRole: EventAppRole | null;\n  hasGlobalPermission: (permission: Permission) => boolean;\n  isSuperAdmin: boolean;\n  isOrgAdmin: boolean;\n  isEventAdmin: boolean;\n  canManageOrganisation: boolean;\n  canManageEvent: boolean;\n  isLoading: boolean;\n  error: Error | null;\n}\n\nexport interface RBACPermission {\n  permission_type: string;\n  role_name: string;\n  [key: string]: any;\n}\n\n// ============================================================================\n// COMPONENT TYPES\n// ============================================================================\n\nexport interface RBACGuardProps {\n  children: React.ReactNode;\n  operation: Operation;\n  pageId?: UUID;\n  fallback?: React.ReactNode;\n}\n\nexport interface RoleBasedContentProps {\n  children: React.ReactNode;\n  globalRoles?: GlobalRole[];\n  organisationRoles?: OrganisationRole[];\n  eventAppRoles?: EventAppRole[];\n  fallback?: React.ReactNode;\n}\n\n// ============================================================================\n// ERROR TYPES\n// ============================================================================\n\nexport class RBACError extends Error {\n  constructor(\n    message: string,\n    public code: string,\n    public context?: Record<string, any>\n  ) {\n    super(message);\n    this.name = 'RBACError';\n  }\n}\n\nexport class PermissionDeniedError extends RBACError {\n  constructor(permission: Permission, context?: Record<string, any>) {\n    super(\n      `Permission denied: ${permission}`,\n      'PERMISSION_DENIED',\n      { permission, ...context }\n    );\n    this.name = 'PermissionDeniedError';\n  }\n}\n\nexport class OrganisationContextRequiredError extends RBACError {\n  constructor() {\n    super(\n      'Organisation context is required for this operation',\n      'ORGANISATION_CONTEXT_REQUIRED'\n    );\n    this.name = 'OrganisationContextRequiredError';\n  }\n}\n\nexport class EventContextRequiredError extends RBACError {\n  constructor() {\n    super(\n      'Event context is required for this operation',\n      'EVENT_CONTEXT_REQUIRED'\n    );\n    this.name = 'EventContextRequiredError';\n  }\n}\n\nexport class RBACNotInitializedError extends RBACError {\n  constructor() {\n    super(\n      'RBAC system not initialized. Please call setupRBAC(supabase) before using any RBAC components or hooks. See: https://docs.pace-core.dev/rbac/setup',\n      'RBAC_NOT_INITIALIZED'\n    );\n    this.name = 'RBACNotInitializedError';\n  }\n}\n\nexport class InvalidScopeError extends RBACError {\n  constructor(scope: Scope, reason: string) {\n    super(\n      `Invalid scope provided: ${JSON.stringify(scope)}. ${reason}`,\n      'INVALID_SCOPE',\n      { scope, reason }\n    );\n    this.name = 'InvalidScopeError';\n  }\n}\n\nexport class MissingUserContextError extends RBACError {\n  constructor() {\n    super(\n      'User context is required but not available. Make sure to wrap your app with an auth provider.',\n      'MISSING_USER_CONTEXT'\n    );\n    this.name = 'MissingUserContextError';\n  }\n}\n","/**\n * Event Context Utilities for RBAC\n * @package @jmruthers/pace-core\n * @module RBAC/EventContext\n * @since 1.0.0\n * \n * This module provides utilities for event-based RBAC operations where\n * the organization context is derived from the event context.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../../types/database';\nimport { UUID, Scope } from '../types';\n\n/**\n * Cache for organisation derivation from event\n * Key: eventId, Value: organisationId | null\n * Maximum cache size to prevent memory leaks\n */\nconst orgDerivationCache = new Map<string, UUID | null>();\nconst MAX_CACHE_SIZE = 100; // Limit cache to 100 entries\n\n/**\n * Clear cache entry for a specific event (useful if event's org changes)\n * @param eventId - Event ID to clear from cache\n */\nexport function clearOrgDerivationCache(eventId: string): void {\n  orgDerivationCache.delete(eventId);\n}\n\n/**\n * Clear all cached organisation derivations\n */\nexport function clearAllOrgDerivationCache(): void {\n  orgDerivationCache.clear();\n}\n\n/**\n * Get organization ID from event ID\n * \n * Uses caching to avoid repeated database queries for the same event.\n * Cache is limited to prevent memory leaks.\n * \n * @param supabase - Supabase client\n * @param eventId - Event ID\n * @returns Promise resolving to organization ID or null\n */\nexport async function getOrganisationFromEvent(\n  supabase: SupabaseClient<Database>,\n  eventId: string\n): Promise<UUID | null> {\n  // Check cache first\n  if (orgDerivationCache.has(eventId)) {\n    return orgDerivationCache.get(eventId) ?? null;\n  }\n\n  // Query database\n  const { data, error } = await supabase\n    .from('core_events')\n    .select('organisation_id')\n    .eq('event_id', eventId)\n    .single() as { data: { organisation_id: string } | null; error: any };\n\n  let organisationId: UUID | null = null;\n\n  if (error || !data) {\n    organisationId = null;\n  } else if (data.organisation_id) {\n    organisationId = data.organisation_id;\n  } else {\n    // organisation_id is null or undefined\n    organisationId = null;\n  }\n\n  // Cache the result (with size limit to prevent memory leaks)\n  if (orgDerivationCache.size >= MAX_CACHE_SIZE) {\n    // Remove oldest entry (first key in Map)\n    const firstKey = orgDerivationCache.keys().next().value;\n    if (firstKey) {\n      orgDerivationCache.delete(firstKey);\n    }\n  }\n  orgDerivationCache.set(eventId, organisationId);\n\n  return organisationId;\n}\n\n/**\n * Create a complete scope from event context\n * \n * @param supabase - Supabase client\n * @param eventId - Event ID\n * @param appId - Optional app ID\n * @returns Promise resolving to complete scope\n */\nexport async function createScopeFromEvent(\n  supabase: SupabaseClient<Database>,\n  eventId: string,\n  appId?: UUID\n): Promise<Scope | null> {\n  const organisationId = await getOrganisationFromEvent(supabase, eventId);\n  \n  if (!organisationId) {\n    return null;\n  }\n\n  return {\n    organisationId,\n    eventId,\n    appId\n  };\n}\n\n/**\n * Check if a scope is event-based (has eventId but no explicit organisationId)\n * \n * @param scope - Permission scope\n * @returns True if scope is event-based\n */\nexport function isEventBasedScope(scope: Scope): boolean {\n  return !scope.organisationId && !!scope.eventId;\n}\n\n/**\n * Validate that an event-based scope has the required context\n * \n * @param scope - Permission scope\n * @returns True if scope is valid for event-based operations\n */\nexport function isValidEventBasedScope(scope: Scope): boolean {\n  return isEventBasedScope(scope) && !!scope.eventId;\n}\n","/**\n * Context Validator for RBAC\n * @package @jmruthers/pace-core\n * @module RBAC/ContextValidator\n * @since 1.0.0\n * \n * Centralized validation for RBAC context requirements based on app configuration.\n * Enforces app-specific context rules with single primary context:\n * - requires_event = TRUE: Event is PRIMARY context, org derived from event (org not required in input)\n * - requires_event = FALSE: Organisation is PRIMARY context, event optional\n * - PORTAL/ADMIN apps: Both contexts optional (allows users to view/edit own profiles, super admin access)\n * \n * Key principle: Only one primary context is required based on app config. The other is derived or optional.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../../types/database';\nimport { UUID, Scope } from '../types';\nimport { EventContextRequiredError, OrganisationContextRequiredError } from '../types';\nimport { getOrganisationFromEvent } from './eventContext';\nimport { createLogger } from '../../utils/core/logger';\n\nconst log = createLogger('ContextValidator');\n\n/**\n * Page scope type - determines what context is required for a page\n * This is the single source of truth for page scoping.\n */\nexport type PageScopeType = 'event' | 'organisation' | 'both';\n\n/**\n * Check if an app allows optional contexts (both organisation and event optional)\n * @param appName - App name to check\n * @returns True if app allows optional contexts\n */\nfunction allowsOptionalContexts(appName?: string): boolean {\n  return appName === 'PORTAL' || appName === 'ADMIN';\n}\n\nexport interface ContextValidationResult {\n  isValid: boolean;\n  resolvedScope: Scope | null;\n  error: Error | null;\n}\n\n/**\n * Context Validator class\n * \n * Validates and resolves RBAC scope based on app configuration requirements.\n */\nexport class ContextValidator {\n\n  /**\n   * Derive organisation ID from event ID\n   * \n   * @param supabase - Supabase client\n   * @param eventId - Event ID\n   * @returns Organisation ID or null\n   */\n  static async deriveOrgFromEvent(\n    supabase: SupabaseClient<Database>,\n    eventId: string\n  ): Promise<UUID | null> {\n    return getOrganisationFromEvent(supabase, eventId);\n  }\n\n  /**\n   * Resolve scope based on page-level scope_type\n   * \n   * This method handles page-level scoping. All pages have explicit scope_type set.\n   * Used for hybrid apps like pace-mint that have both event and organisation pages.\n   * \n   * @param scope - Current scope\n   * @param pageScopeType - Page scope type ('event', 'organisation', or 'both')\n   * @param appName - App name (for PORTAL/ADMIN special case)\n   * @param supabase - Supabase client (for deriving org from event)\n   * @returns Resolved scope with all required context\n   */\n  static async resolveScopeForPage(\n    scope: Scope,\n    pageScopeType: PageScopeType,\n    appName?: string,\n    supabase?: SupabaseClient<Database> | null\n  ): Promise<ContextValidationResult> {\n    // Use page-level scope (single source of truth)\n    const effectiveScopeType = pageScopeType;\n    \n    // Handle 'both' scope - requires both contexts available, but can use either\n    if (effectiveScopeType === 'both') {\n      // For 'both' pages, we need at least one context (org or event)\n      // Both will be checked during permission evaluation\n      // For PORTAL/ADMIN apps, both contexts are optional\n      if (!scope.organisationId && !scope.eventId) {\n        if (allowsOptionalContexts(appName)) {\n          return {\n            isValid: true,\n            resolvedScope: {\n              organisationId: undefined,\n              eventId: undefined,\n              appId: scope.appId\n            },\n            error: null\n          };\n        }\n        return {\n          isValid: false,\n          resolvedScope: null,\n          error: new Error('Page requires either organisation or event context')\n        };\n      }\n      \n      // Derive org from event if event is provided but org is not\n      let organisationId = scope.organisationId;\n      if (!organisationId && scope.eventId && supabase) {\n        try {\n          const derivedOrgId = await this.deriveOrgFromEvent(supabase, scope.eventId);\n          organisationId = derivedOrgId || undefined;\n        } catch (error) {\n          log.warn('Failed to derive org from event for both-scope page:', error);\n          // Continue without org - permission check will handle it\n        }\n      }\n      \n      return {\n        isValid: true,\n        resolvedScope: {\n          organisationId,\n          eventId: scope.eventId,\n          appId: scope.appId\n        },\n        error: null\n      };\n    }\n    \n    // Handle 'event' scope - requires event context\n    if (effectiveScopeType === 'event') {\n      if (!scope.eventId) {\n        // For PORTAL/ADMIN apps, event context is optional\n        if (allowsOptionalContexts(appName)) {\n          return {\n            isValid: true,\n            resolvedScope: {\n              organisationId: scope.organisationId,\n              eventId: undefined,\n              appId: scope.appId\n            },\n            error: null\n          };\n        }\n        return {\n          isValid: false,\n          resolvedScope: null,\n          error: new EventContextRequiredError()\n        };\n      }\n      \n      // Derive organisationId from event if not provided\n      let organisationId: UUID | undefined = scope.organisationId;\n      if (!organisationId && supabase && scope.eventId) {\n        try {\n          const derivedOrgId = await this.deriveOrgFromEvent(supabase, scope.eventId);\n          organisationId = derivedOrgId || undefined;\n          if (!organisationId) {\n            return {\n              isValid: false,\n              resolvedScope: null,\n              error: new Error('Could not resolve organisation from event context')\n            };\n          }\n        } catch (error) {\n          log.error('Failed to derive org from event:', error);\n          return {\n            isValid: false,\n            resolvedScope: null,\n            error: error instanceof Error ? error : new Error('Failed to derive organisation from event')\n          };\n        }\n      }\n      \n      return {\n        isValid: true,\n        resolvedScope: {\n          organisationId,\n          eventId: scope.eventId,\n          appId: scope.appId\n        },\n        error: null\n      };\n    }\n    \n    // Handle 'organisation' scope - requires organisation context\n    if (effectiveScopeType === 'organisation') {\n      if (!scope.organisationId) {\n        // For PORTAL/ADMIN apps, organisation context is optional\n        if (allowsOptionalContexts(appName)) {\n          return {\n            isValid: true,\n            resolvedScope: {\n              organisationId: undefined,\n              eventId: scope.eventId,\n              appId: scope.appId\n            },\n            error: null\n          };\n        }\n        return {\n          isValid: false,\n          resolvedScope: null,\n          error: new OrganisationContextRequiredError()\n        };\n      }\n      \n      return {\n        isValid: true,\n        resolvedScope: {\n          organisationId: scope.organisationId,\n          eventId: scope.eventId, // Event is optional for org-scoped pages\n          appId: scope.appId\n        },\n        error: null\n      };\n    }\n    \n    // Fallback (should not happen)\n    return {\n      isValid: false,\n      resolvedScope: null,\n      error: new Error('Invalid scope type')\n    };\n  }\n\n}\n\n"],"mappings":";;;;;AA6SO,IAAM,YAAN,cAAwB,MAAM;AAAA,EACnC,YACE,SACO,MACA,SACP;AACA,UAAM,OAAO;AAHN;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,wBAAN,cAAoC,UAAU;AAAA,EACnD,YAAY,YAAwB,SAA+B;AACjE;AAAA,MACE,sBAAsB,UAAU;AAAA,MAChC;AAAA,MACA,EAAE,YAAY,GAAG,QAAQ;AAAA,IAC3B;AACA,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,mCAAN,cAA+C,UAAU;AAAA,EAC9D,cAAc;AACZ;AAAA,MACE;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,4BAAN,cAAwC,UAAU;AAAA,EACvD,cAAc;AACZ;AAAA,MACE;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,0BAAN,cAAsC,UAAU;AAAA,EACrD,cAAc;AACZ;AAAA,MACE;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,oBAAN,cAAgC,UAAU;AAAA,EAC/C,YAAY,OAAc,QAAgB;AACxC;AAAA,MACE,2BAA2B,KAAK,UAAU,KAAK,CAAC,KAAK,MAAM;AAAA,MAC3D;AAAA,MACA,EAAE,OAAO,OAAO;AAAA,IAClB;AACA,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,0BAAN,cAAsC,UAAU;AAAA,EACrD,cAAc;AACZ;AAAA,MACE;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AAAA,EACd;AACF;;;ACjWA,IAAM,qBAAqB,oBAAI,IAAyB;AACxD,IAAM,iBAAiB;AA2BvB,eAAsB,yBACpB,UACA,SACsB;AAEtB,MAAI,mBAAmB,IAAI,OAAO,GAAG;AACnC,WAAO,mBAAmB,IAAI,OAAO,KAAK;AAAA,EAC5C;AAGA,QAAM,EAAE,MAAM,MAAM,IAAI,MAAM,SAC3B,KAAK,aAAa,EAClB,OAAO,iBAAiB,EACxB,GAAG,YAAY,OAAO,EACtB,OAAO;AAEV,MAAI,iBAA8B;AAElC,MAAI,SAAS,CAAC,MAAM;AAClB,qBAAiB;AAAA,EACnB,WAAW,KAAK,iBAAiB;AAC/B,qBAAiB,KAAK;AAAA,EACxB,OAAO;AAEL,qBAAiB;AAAA,EACnB;AAGA,MAAI,mBAAmB,QAAQ,gBAAgB;AAE7C,UAAM,WAAW,mBAAmB,KAAK,EAAE,KAAK,EAAE;AAClD,QAAI,UAAU;AACZ,yBAAmB,OAAO,QAAQ;AAAA,IACpC;AAAA,EACF;AACA,qBAAmB,IAAI,SAAS,cAAc;AAE9C,SAAO;AACT;;;AC/DA,IAAM,MAAM,aAAa,kBAAkB;AAa3C,SAAS,uBAAuB,SAA2B;AACzD,SAAO,YAAY,YAAY,YAAY;AAC7C;AAaO,IAAM,mBAAN,MAAuB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAS5B,aAAa,mBACX,UACA,SACsB;AACtB,WAAO,yBAAyB,UAAU,OAAO;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,aAAa,oBACX,OACA,eACA,SACA,UACkC;AAElC,UAAM,qBAAqB;AAG3B,QAAI,uBAAuB,QAAQ;AAIjC,UAAI,CAAC,MAAM,kBAAkB,CAAC,MAAM,SAAS;AAC3C,YAAI,uBAAuB,OAAO,GAAG;AACnC,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,eAAe;AAAA,cACb,gBAAgB;AAAA,cAChB,SAAS;AAAA,cACT,OAAO,MAAM;AAAA,YACf;AAAA,YACA,OAAO;AAAA,UACT;AAAA,QACF;AACA,eAAO;AAAA,UACL,SAAS;AAAA,UACT,eAAe;AAAA,UACf,OAAO,IAAI,MAAM,oDAAoD;AAAA,QACvE;AAAA,MACF;AAGA,UAAI,iBAAiB,MAAM;AAC3B,UAAI,CAAC,kBAAkB,MAAM,WAAW,UAAU;AAChD,YAAI;AACF,gBAAM,eAAe,MAAM,KAAK,mBAAmB,UAAU,MAAM,OAAO;AAC1E,2BAAiB,gBAAgB;AAAA,QACnC,SAAS,OAAO;AACd,cAAI,KAAK,wDAAwD,KAAK;AAAA,QAExE;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,eAAe;AAAA,UACb;AAAA,UACA,SAAS,MAAM;AAAA,UACf,OAAO,MAAM;AAAA,QACf;AAAA,QACA,OAAO;AAAA,MACT;AAAA,IACF;AAGA,QAAI,uBAAuB,SAAS;AAClC,UAAI,CAAC,MAAM,SAAS;AAElB,YAAI,uBAAuB,OAAO,GAAG;AACnC,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,eAAe;AAAA,cACb,gBAAgB,MAAM;AAAA,cACtB,SAAS;AAAA,cACT,OAAO,MAAM;AAAA,YACf;AAAA,YACA,OAAO;AAAA,UACT;AAAA,QACF;AACA,eAAO;AAAA,UACL,SAAS;AAAA,UACT,eAAe;AAAA,UACf,OAAO,IAAI,0BAA0B;AAAA,QACvC;AAAA,MACF;AAGA,UAAI,iBAAmC,MAAM;AAC7C,UAAI,CAAC,kBAAkB,YAAY,MAAM,SAAS;AAChD,YAAI;AACF,gBAAM,eAAe,MAAM,KAAK,mBAAmB,UAAU,MAAM,OAAO;AAC1E,2BAAiB,gBAAgB;AACjC,cAAI,CAAC,gBAAgB;AACnB,mBAAO;AAAA,cACL,SAAS;AAAA,cACT,eAAe;AAAA,cACf,OAAO,IAAI,MAAM,mDAAmD;AAAA,YACtE;AAAA,UACF;AAAA,QACF,SAAS,OAAO;AACd,cAAI,MAAM,oCAAoC,KAAK;AACnD,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,eAAe;AAAA,YACf,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,0CAA0C;AAAA,UAC9F;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,eAAe;AAAA,UACb;AAAA,UACA,SAAS,MAAM;AAAA,UACf,OAAO,MAAM;AAAA,QACf;AAAA,QACA,OAAO;AAAA,MACT;AAAA,IACF;AAGA,QAAI,uBAAuB,gBAAgB;AACzC,UAAI,CAAC,MAAM,gBAAgB;AAEzB,YAAI,uBAAuB,OAAO,GAAG;AACnC,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,eAAe;AAAA,cACb,gBAAgB;AAAA,cAChB,SAAS,MAAM;AAAA,cACf,OAAO,MAAM;AAAA,YACf;AAAA,YACA,OAAO;AAAA,UACT;AAAA,QACF;AACA,eAAO;AAAA,UACL,SAAS;AAAA,UACT,eAAe;AAAA,UACf,OAAO,IAAI,iCAAiC;AAAA,QAC9C;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,eAAe;AAAA,UACb,gBAAgB,MAAM;AAAA,UACtB,SAAS,MAAM;AAAA;AAAA,UACf,OAAO,MAAM;AAAA,QACf;AAAA,QACA,OAAO;AAAA,MACT;AAAA,IACF;AAGA,WAAO;AAAA,MACL,SAAS;AAAA,MACT,eAAe;AAAA,MACf,OAAO,IAAI,MAAM,oBAAoB;AAAA,IACvC;AAAA,EACF;AAEF;","names":[]}

package/dist/chunk-DGUM43GV.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/chunk-E66EQZE6.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/hooks/useComponentPerformance.ts"],"sourcesContent":["\nimport { useEffect, useRef } from 'react';\nimport { createLogger } from '../utils/core/logger';\n\nconst log = createLogger('useComponentPerformance');\n\ninterface PerformanceConfig {\n  componentName: string;\n  enableLogging?: boolean;\n  threshold?: number;\n}\n\nexport function useComponentPerformance({ \n  componentName, \n  enableLogging = import.meta.env.MODE === 'development',\n  threshold = 16 // 60fps = 16ms per frame\n}: PerformanceConfig) {\n  const renderCount = useRef(0);\n  const lastRenderTime = useRef<number>(0);\n\n  useEffect(() => {\n    if (!enableLogging) return;\n\n    const now = performance.now();\n    const renderTime = now - lastRenderTime.current;\n    renderCount.current += 1;\n\n    if (renderCount.current > 1 && renderTime > threshold) {\n      log.warn(\n        `Performance warning: ${componentName} rendered in ${renderTime.toFixed(2)}ms ` +\n        `(render #${renderCount.current}). Consider optimizing.`\n      );\n    }\n\n    lastRenderTime.current = now;\n  });\n\n  return {\n    renderCount: renderCount.current,\n    componentName\n  };\n}\n"],"mappings":";;;;;AACA,SAAS,WAAW,cAAc;AAGlC,IAAM,MAAM,aAAa,yBAAyB;AAQ3C,SAAS,wBAAwB;AAAA,EACtC;AAAA,EACA,gBAAgB,YAAY,IAAI,SAAS;AAAA,EACzC,YAAY;AAAA;AACd,GAAsB;AACpB,QAAM,cAAc,OAAO,CAAC;AAC5B,QAAM,iBAAiB,OAAe,CAAC;AAEvC,YAAU,MAAM;AACd,QAAI,CAAC,cAAe;AAEpB,UAAM,MAAM,YAAY,IAAI;AAC5B,UAAM,aAAa,MAAM,eAAe;AACxC,gBAAY,WAAW;AAEvB,QAAI,YAAY,UAAU,KAAK,aAAa,WAAW;AACrD,UAAI;AAAA,QACF,wBAAwB,aAAa,gBAAgB,WAAW,QAAQ,CAAC,CAAC,eAC9D,YAAY,OAAO;AAAA,MACjC;AAAA,IACF;AAEA,mBAAe,UAAU;AAAA,EAC3B,CAAC;AAED,SAAO;AAAA,IACL,aAAa,YAAY;AAAA,IACzB;AAAA,EACF;AACF;","names":[]}