npm - @jmruthers/pace-core - Versions diffs - 0.6.5 → 0.6.7 - Mend

@jmruthers/pace-core 0.6.5 → 0.6.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (473) hide show

package/CHANGELOG.md +104 -0
package/README.md +5 -403
package/audit-tool/00-dependencies.cjs +394 -0
package/audit-tool/audits/01-pace-core-compliance.cjs +556 -0
package/audit-tool/audits/02-project-structure.cjs +255 -0
package/audit-tool/audits/03-architecture.cjs +196 -0
package/audit-tool/audits/04-code-quality.cjs +149 -0
package/audit-tool/audits/05-styling.cjs +224 -0
package/audit-tool/audits/06-security-rbac.cjs +544 -0
package/audit-tool/audits/07-api-tech-stack.cjs +301 -0
package/audit-tool/audits/08-testing-documentation.cjs +202 -0
package/audit-tool/audits/09-operations.cjs +208 -0
package/audit-tool/index.cjs +291 -0
package/audit-tool/utils/code-utils.cjs +218 -0
package/audit-tool/utils/file-utils.cjs +230 -0
package/audit-tool/utils/report-utils.cjs +241 -0
package/core-usage-manifest.json +93 -0
package/cursor-rules/00-standards-overview.mdc +156 -0
package/cursor-rules/01-pace-core-compliance.mdc +586 -0
package/cursor-rules/02-project-structure.mdc +42 -4
package/cursor-rules/{03-solid-principles.mdc → 03-architecture.mdc} +126 -10
package/cursor-rules/04-code-quality.mdc +419 -0
package/cursor-rules/{08-markup-quality.mdc → 05-styling.mdc} +104 -34
package/cursor-rules/06-security-rbac.mdc +518 -0
package/cursor-rules/07-api-tech-stack.mdc +377 -0
package/cursor-rules/08-testing-documentation.mdc +324 -0
package/cursor-rules/09-operations.mdc +365 -0
package/dist/{AuthService-Cb34EQs3.d.ts → AuthService-DmfO5rGS.d.ts} +10 -0
package/dist/DataTable-7PMH7XN7.js +15 -0
package/dist/{DataTable-BMRU8a1j.d.ts → DataTable-DRUIgtUH.d.ts} +1 -1
package/dist/{PublicPageProvider-QTFVrL-Z.d.ts → PublicPageProvider-DlsCaR5v.d.ts} +33 -72
package/dist/UnifiedAuthProvider-ZT6TIGM7.js +7 -0
package/dist/api-Y4MQWOFW.js +4 -0
package/dist/audit-MYQXYZFU.js +3 -0
package/dist/{chunk-DGUM43GV.js → chunk-3RG5ZIWI.js} +1 -4
package/dist/{chunk-QXHPKYJV.js → chunk-4SXLQIZO.js} +1 -26
package/dist/{chunk-UPPMRMYG.js → chunk-5X4QLXRG.js} +73 -151
package/dist/chunk-6F3IILHI.js +62 -0
package/dist/{chunk-E66EQZE6.js → chunk-6GLLNA6U.js} +3 -9
package/dist/{chunk-ZSAAAMVR.js → chunk-6QYDGKQY.js} +1 -4
package/dist/{chunk-FMUCXFII.js → chunk-7ILTDCL2.js} +9 -5
package/dist/{chunk-M43Y4SSO.js → chunk-A3W6LW53.js} +15 -13
package/dist/{chunk-63FOKYGO.js → chunk-AHU7G2R5.js} +2 -11
package/dist/{chunk-HU2C6SSC.js → chunk-BM4CQ5P3.js} +606 -559
package/dist/chunk-C7NSAPTL.js +1 -0
package/dist/{chunk-J36DSWQK.js → chunk-FEJLJNWA.js} +7 -41
package/dist/{chunk-IHB5DR3H.js → chunk-FTCRZOG2.js} +188 -387
package/dist/{chunk-G37KK66H.js → chunk-FYHN4DD5.js} +60 -19
package/dist/chunk-GHYHJTYV.js +994 -0
package/dist/{chunk-VBXEHIUJ.js → chunk-HF6O3O37.js} +6 -88
package/dist/{chunk-FFQEQTNW.js → chunk-IUBRCBSY.js} +134 -45
package/dist/{chunk-6COVEUS7.js → chunk-JGWDVX64.js} +983 -1034
package/dist/{chunk-RGAWHO7N.js → chunk-L4XMVJKY.js} +77 -222
package/dist/chunk-MBADTM7L.js +64 -0
package/dist/{chunk-M7MPQISP.js → chunk-OJ4SKRSV.js} +3 -16
package/dist/{chunk-IVOFDYWT.js → chunk-Q7Q7V5NV.js} +2109 -1604
package/dist/{chunk-JGRYX5UX.js → chunk-S7DKJPLT.js} +29 -58
package/dist/{chunk-PWLANIRT.js → chunk-TTRFSOKR.js} +1 -7
package/dist/{chunk-5DRSZLL2.js → chunk-UH3NTO3F.js} +1 -6
package/dist/{chunk-NTM7ZSB6.js → chunk-VBCS3DUA.js} +261 -168
package/dist/{chunk-EFN2EIMK.js → chunk-ZFYPMX46.js} +271 -87
package/dist/{chunk-L4OXEN46.js → chunk-ZKAWKYT4.js} +10 -24
package/dist/components.d.ts +7 -5
package/dist/components.js +46 -257
package/dist/{database.generated-CzIvgcPu.d.ts → database.generated-CcnC_DRc.d.ts} +4795 -3691
package/dist/eslint-rules/index.cjs +35 -0
package/{src/eslint-rules/pace-core-compliance.cjs → dist/eslint-rules/rules/01-pace-core-compliance.cjs} +234 -235
package/dist/eslint-rules/rules/04-code-quality.cjs +290 -0
package/dist/eslint-rules/rules/05-styling.cjs +61 -0
package/dist/eslint-rules/rules/06-security-rbac.cjs +806 -0
package/dist/eslint-rules/rules/07-api-tech-stack.cjs +263 -0
package/dist/eslint-rules/rules/08-testing.cjs +94 -0
package/dist/eslint-rules/utils/helpers.cjs +42 -0
package/dist/eslint-rules/utils/manifest-loader.cjs +75 -0
package/dist/hooks.d.ts +6 -6
package/dist/hooks.js +62 -172
package/dist/icons/index.d.ts +1 -0
package/dist/icons/index.js +1 -0
package/dist/index.d.ts +12 -11
package/dist/index.js +67 -660
package/dist/providers.d.ts +2 -2
package/dist/providers.js +8 -35
package/dist/rbac/eslint-rules.d.ts +46 -44
package/dist/rbac/eslint-rules.js +7 -4
package/dist/rbac/index.d.ts +109 -586
package/dist/rbac/index.js +14 -207
package/dist/styles/index.js +2 -12
package/dist/theming/runtime.d.ts +14 -1
package/dist/theming/runtime.js +3 -19
package/dist/{timezone-CHhWg6b4.d.ts → timezone-BZe_eUxx.d.ts} +175 -1
package/dist/{types-CkbwOr4Y.d.ts → types-DXstZpNI.d.ts} +4 -17
package/dist/types-t9H8qKRw.d.ts +55 -0
package/dist/types.d.ts +1 -1
package/dist/types.js +7 -94
package/dist/{usePublicRouteParams-ClnV4tnv.d.ts → usePublicRouteParams-MamNgwqe.d.ts} +20 -20
package/dist/utils.d.ts +24 -117
package/dist/utils.js +54 -392
package/docs/README.md +17 -7
package/docs/api/README.md +4 -402
package/docs/api/modules.md +301 -871
package/docs/api-reference/components.md +21 -21
package/docs/api-reference/deprecated.md +31 -6
package/docs/api-reference/hooks.md +80 -80
package/docs/api-reference/rpc-functions.md +78 -3
package/docs/api-reference/types.md +1 -1
package/docs/api-reference/utilities.md +1 -1
package/docs/architecture/README.md +1 -1
package/docs/core-concepts/events.md +3 -3
package/docs/core-concepts/organisations.md +6 -6
package/docs/core-concepts/permissions.md +6 -6
package/docs/documentation-index.md +12 -18
package/docs/getting-started/cursor-rules.md +3 -23
package/docs/getting-started/dependencies.md +650 -0
package/docs/getting-started/documentation-index.md +1 -1
package/docs/getting-started/examples/README.md +4 -4
package/docs/getting-started/examples/full-featured-app.md +1 -1
package/docs/getting-started/faq.md +2 -2
package/docs/getting-started/installation-guide.md +20 -7
package/docs/getting-started/quick-reference.md +4 -4
package/docs/getting-started/quick-start.md +23 -12
package/docs/implementation-guides/authentication.md +15 -15
package/docs/implementation-guides/component-styling.md +1 -1
package/docs/implementation-guides/data-tables.md +126 -33
package/docs/implementation-guides/datatable-rbac-usage.md +1 -1
package/docs/implementation-guides/dynamic-colors.md +3 -3
package/docs/implementation-guides/file-upload-storage.md +2 -2
package/docs/implementation-guides/hierarchical-datatable.md +40 -60
package/docs/implementation-guides/inactivity-tracking.md +3 -3
package/docs/implementation-guides/large-datasets.md +3 -2
package/docs/implementation-guides/organisation-security.md +2 -2
package/docs/implementation-guides/performance.md +2 -2
package/docs/implementation-guides/permission-enforcement.md +5 -1
package/docs/migration/V0.3.44_organisation-context-timing-fix.md +1 -1
package/docs/migration/V0.4.0_rbac-migration.md +6 -6
package/docs/rbac/MIGRATION_GUIDE.md +819 -0
package/docs/rbac/RBAC_CONTRACT.md +724 -0
package/docs/rbac/README.md +17 -8
package/docs/rbac/advanced-patterns.md +6 -6
package/docs/rbac/api-reference.md +20 -20
package/docs/rbac/edge-functions-guide.md +376 -0
package/docs/rbac/event-based-apps.md +3 -3
package/docs/rbac/examples.md +41 -41
package/docs/rbac/getting-started.md +37 -37
package/docs/rbac/performance.md +1 -1
package/docs/rbac/quick-start.md +52 -52
package/docs/rbac/secure-client-protection.md +1 -35
package/docs/rbac/troubleshooting.md +1 -1
package/docs/security/README.md +5 -5
package/docs/standards/0-standards-overview.md +220 -0
package/docs/standards/1-pace-core-compliance-standards.md +986 -0
package/docs/standards/2-project-structure-standards.md +949 -0
package/docs/standards/3-architecture-standards.md +606 -0
package/docs/standards/4-code-quality-standards.md +728 -0
package/docs/standards/5-styling-standards.md +348 -0
package/docs/standards/{07-rbac-and-rls-standard.md → 6-security-rbac-standards.md} +269 -66
package/docs/standards/7-api-tech-stack-standards.md +662 -0
package/docs/standards/8-testing-documentation-standards.md +401 -0
package/docs/standards/9-operations-standards.md +1102 -0
package/docs/standards/README.md +185 -57
package/docs/troubleshooting/README.md +4 -4
package/docs/troubleshooting/common-issues.md +2 -2
package/docs/troubleshooting/debugging.md +9 -9
package/docs/troubleshooting/migration.md +4 -4
package/docs/troubleshooting/organisation-context-setup.md +42 -19
package/eslint-config-pace-core.cjs +33 -6
package/package.json +35 -23
package/scripts/install-cursor-rules.cjs +25 -6
package/scripts/install-eslint-config.cjs +284 -0
package/src/__tests__/fixtures/supabase.ts +1 -1
package/src/__tests__/helpers/__tests__/component-test-utils.test.tsx +3 -3
package/src/__tests__/helpers/__tests__/optimized-test-setup.test.ts +1 -1
package/src/__tests__/helpers/__tests__/supabaseMock.test.ts +1 -1
package/src/__tests__/helpers/__tests__/test-providers.test.tsx +2 -2
package/src/__tests__/helpers/__tests__/test-utils.test.tsx +13 -13
package/src/__tests__/helpers/component-test-utils.tsx +1 -1
package/src/__tests__/helpers/supabaseMock.ts +2 -2
package/src/__tests__/integration/UserProfile.test.tsx +14 -14
package/src/__tests__/public-recipe-view.test.ts +38 -9
package/src/__tests__/rbac/PagePermissionGuard.test.tsx +6 -6
package/src/__tests__/templates/accessibility.test.template.tsx +9 -9
package/src/__tests__/templates/component.test.template.tsx +18 -15
package/src/components/Button/Button.tsx +5 -1
package/src/components/Calendar/Calendar.tsx +201 -47
package/src/components/ContextSelector/ContextSelector.tsx +106 -119
package/src/components/DataTable/AUDIT_REPORT.md +293 -0
package/src/components/DataTable/__tests__/DataTableCore.test.tsx +10 -2
package/src/components/DataTable/__tests__/a11y.basic.test.tsx +10 -4
package/src/components/DataTable/__tests__/test-utils/sharedTestUtils.tsx +9 -9
package/src/components/DataTable/components/ColumnFilter.tsx +63 -74
package/src/components/DataTable/components/ColumnVisibilityDropdown.tsx +43 -41
package/src/components/DataTable/components/DataTableCore.tsx +186 -13
package/src/components/DataTable/components/DataTableErrorBoundary.tsx +9 -11
package/src/components/DataTable/components/DataTableLayout.tsx +35 -21
package/src/components/DataTable/components/EditFields.tsx +23 -3
package/src/components/DataTable/components/EditableRow.tsx +12 -9
package/src/components/DataTable/components/EmptyState.tsx +10 -9
package/src/components/DataTable/components/FilterRow.tsx +2 -4
package/src/components/DataTable/components/ImportModal.tsx +124 -126
package/src/components/DataTable/components/LoadingState.tsx +5 -6
package/src/components/DataTable/components/RowComponent.tsx +12 -0
package/src/components/DataTable/components/SortIndicator.tsx +50 -0
package/src/components/DataTable/components/__tests__/COVERAGE_NOTE.md +4 -4
package/src/components/DataTable/components/__tests__/ColumnFilter.test.tsx +23 -82
package/src/components/DataTable/components/__tests__/DataTableErrorBoundary.test.tsx +37 -9
package/src/components/DataTable/components/__tests__/EmptyState.test.tsx +7 -4
package/src/components/DataTable/components/__tests__/FilterRow.test.tsx +12 -4
package/src/components/DataTable/components/__tests__/LoadingState.test.tsx +41 -27
package/src/components/DataTable/components/hooks/usePermissionTracking.ts +0 -4
package/src/components/DataTable/components/index.ts +2 -1
package/src/components/DataTable/hooks/__tests__/useDataTableState.test.ts +51 -47
package/src/components/DataTable/hooks/useDataTablePermissions.ts +24 -21
package/src/components/DataTable/hooks/useDataTableState.ts +125 -9
package/src/components/DataTable/hooks/useTableColumns.ts +40 -2
package/src/components/DataTable/hooks/useTableHandlers.ts +11 -0
package/src/components/DataTable/types.ts +5 -18
package/src/components/DataTable/utils/a11yUtils.ts +17 -0
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.test.tsx +2 -1
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.tsx +11 -15
package/src/components/DateTimeField/DateTimeField.tsx +10 -9
package/src/components/Dialog/Dialog.test.tsx +128 -104
package/src/components/Dialog/Dialog.tsx +742 -24
package/src/components/ErrorBoundary/ErrorBoundary.tsx +77 -79
package/src/components/FileDisplay/FileDisplay.test.tsx +4 -2
package/src/components/FileDisplay/FileDisplay.tsx +23 -17
package/src/components/FileUpload/FileUpload.test.tsx +52 -14
package/src/components/FileUpload/FileUpload.tsx +112 -130
package/src/components/Form/Form.test.tsx +6 -8
package/src/components/Form/Form.tsx +365 -4
package/src/components/NavigationMenu/NavigationMenu.test.tsx +14 -13
package/src/components/NavigationMenu/useNavigationFiltering.ts +11 -21
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +6 -4
package/src/components/PaceAppLayout/PaceAppLayout.tsx +11 -15
package/src/components/PaceLoginPage/PaceLoginPage.test.tsx +108 -61
package/src/components/PaceLoginPage/PaceLoginPage.tsx +27 -3
package/src/components/Progress/Progress.tsx +2 -4
package/src/components/ProtectedRoute/ProtectedRoute.tsx +8 -8
package/src/components/Select/Select.tsx +109 -98
package/src/components/Select/types.ts +4 -1
package/src/components/UserMenu/UserMenu.tsx +9 -6
package/src/hooks/__tests__/ServiceHooks.test.tsx +16 -16
package/src/hooks/__tests__/hooks.integration.test.tsx +55 -57
package/src/hooks/__tests__/useAppConfig.unit.test.ts +129 -67
package/src/hooks/__tests__/useFocusTrap.unit.test.tsx +97 -97
package/src/hooks/__tests__/usePublicEvent.simple.test.ts +149 -67
package/src/hooks/__tests__/usePublicEvent.test.ts +149 -79
package/src/hooks/__tests__/usePublicEvent.unit.test.ts +158 -109
package/src/hooks/__tests__/useSessionDraft.test.ts +163 -0
package/src/hooks/__tests__/useSessionRestoration.unit.test.tsx +10 -5
package/src/hooks/public/usePublicEvent.ts +67 -195
package/src/hooks/public/usePublicEventLogo.test.ts +70 -17
package/src/hooks/public/usePublicEventLogo.ts +24 -14
package/src/hooks/public/usePublicFileDisplay.ts +2 -2
package/src/hooks/public/usePublicRouteParams.ts +5 -5
package/src/hooks/useAppConfig.ts +28 -26
package/src/hooks/useEventTheme.test.ts +217 -239
package/src/hooks/useEventTheme.ts +16 -28
package/src/hooks/useFileDisplay.ts +2 -2
package/src/hooks/useOrganisationPermissions.ts +5 -7
package/src/hooks/useQueryCache.ts +0 -1
package/src/hooks/useSessionDraft.ts +380 -0
package/src/hooks/useSessionRestoration.ts +3 -1
package/src/icons/index.ts +27 -0
package/src/index.ts +5 -0
package/src/providers/OrganisationProvider.tsx +23 -14
package/src/providers/UnifiedAuthProvider.smoke.test.tsx +21 -21
package/src/providers/__tests__/AuthProvider.test.tsx +21 -21
package/src/providers/__tests__/EventProvider.test.tsx +61 -61
package/src/providers/__tests__/InactivityProvider.test.tsx +56 -56
package/src/providers/__tests__/OrganisationProvider.test.tsx +75 -75
package/src/providers/__tests__/ProviderLifecycle.test.tsx +37 -37
package/src/providers/__tests__/UnifiedAuthProvider.test.tsx +103 -103
package/src/providers/services/EventServiceProvider.tsx +1 -24
package/src/providers/services/UnifiedAuthProvider.tsx +5 -48
package/src/providers/services/__tests__/AuthServiceProvider.integration.test.tsx +7 -7
package/src/providers/services/__tests__/UnifiedAuthProvider.integration.test.tsx +13 -10
package/src/rbac/__tests__/adapters.comprehensive.test.tsx +7 -457
package/src/rbac/__tests__/auth-rbac.e2e.test.tsx +33 -7
package/src/rbac/adapters.tsx +7 -295
package/src/rbac/api.test.ts +44 -56
package/src/rbac/api.ts +10 -17
package/src/rbac/cache-invalidation.ts +0 -1
package/src/rbac/compliance/index.ts +10 -0
package/src/rbac/compliance/pattern-detector.ts +553 -0
package/src/rbac/compliance/runtime-compliance.ts +22 -0
package/src/rbac/components/AccessDenied.tsx +150 -0
package/src/rbac/components/NavigationGuard.tsx +12 -20
package/src/rbac/components/PagePermissionGuard.tsx +4 -24
package/src/rbac/components/__tests__/NavigationGuard.test.tsx +21 -8
package/src/rbac/components/index.ts +3 -41
package/src/rbac/eslint-rules.js +1 -1
package/src/rbac/hooks/index.ts +0 -3
package/src/rbac/hooks/permissions/index.ts +0 -3
package/src/rbac/hooks/permissions/useAccessLevel.ts +4 -8
package/src/rbac/hooks/usePermissions.ts +0 -3
package/src/rbac/hooks/useResolvedScope.test.ts +57 -47
package/src/rbac/hooks/useResolvedScope.ts +58 -140
package/src/rbac/hooks/useResourcePermissions.test.ts +124 -38
package/src/rbac/hooks/useResourcePermissions.ts +139 -48
package/src/rbac/hooks/useRoleManagement.test.ts +65 -22
package/src/rbac/hooks/useRoleManagement.ts +147 -19
package/src/rbac/hooks/useSecureSupabase.ts +4 -8
package/src/rbac/index.ts +7 -9
package/src/rbac/utils/contextValidator.ts +9 -7
package/src/services/AuthService.ts +130 -18
package/src/services/EventService.ts +4 -97
package/src/services/InactivityService.ts +16 -0
package/src/services/OrganisationService.ts +7 -44
package/src/services/__tests__/OrganisationService.test.ts +26 -8
package/src/services/base/BaseService.ts +0 -3
package/src/styles/core.css +7 -0
package/src/theming/__tests__/parseEventColours.test.ts +9 -3
package/src/theming/parseEventColours.ts +22 -10
package/src/types/database.generated.ts +4733 -3809
package/src/utils/__tests__/lazyLoad.unit.test.tsx +42 -39
package/src/utils/__tests__/organisationContext.unit.test.ts +9 -10
package/src/utils/context/organisationContext.test.ts +13 -28
package/src/utils/context/organisationContext.ts +21 -52
package/src/utils/dynamic/dynamicUtils.ts +1 -1
package/src/utils/file-reference/index.ts +39 -15
package/src/utils/formatting/formatDateTime.test.ts +3 -2
package/src/utils/google-places/loadGoogleMapsScript.ts +29 -4
package/src/utils/index.ts +4 -1
package/src/utils/persistence/__tests__/keyDerivation.test.ts +135 -0
package/src/utils/persistence/__tests__/sensitiveFieldDetection.test.ts +123 -0
package/src/utils/persistence/keyDerivation.ts +304 -0
package/src/utils/persistence/sensitiveFieldDetection.ts +212 -0
package/src/utils/security/secureStorage.ts +5 -5
package/src/utils/storage/README.md +1 -1
package/src/utils/storage/helpers.ts +3 -3
package/src/utils/supabase/createBaseClient.ts +147 -0
package/src/utils/timezone/timezone.test.ts +1 -2
package/src/utils/timezone/timezone.ts +1 -1
package/src/utils/validation/csrf.ts +4 -4
package/cursor-rules/00-pace-core-compliance.mdc +0 -331
package/cursor-rules/01-standards-compliance.mdc +0 -244
package/cursor-rules/04-testing-standards.mdc +0 -268
package/cursor-rules/05-bug-reports-and-features.mdc +0 -246
package/cursor-rules/06-code-quality.mdc +0 -309
package/cursor-rules/07-tech-stack-compliance.mdc +0 -214
package/cursor-rules/CHANGELOG.md +0 -119
package/cursor-rules/README.md +0 -192
package/dist/DataTable-AOVNCPTX.js +0 -175
package/dist/DataTable-AOVNCPTX.js.map +0 -1
package/dist/UnifiedAuthProvider-4SBX4LU5.js +0 -18
package/dist/UnifiedAuthProvider-4SBX4LU5.js.map +0 -1
package/dist/api-O6HTBX5Y.js +0 -52
package/dist/api-O6HTBX5Y.js.map +0 -1
package/dist/audit-V53FV5AG.js +0 -17
package/dist/audit-V53FV5AG.js.map +0 -1
package/dist/chunk-5DRSZLL2.js.map +0 -1
package/dist/chunk-63FOKYGO.js.map +0 -1
package/dist/chunk-6COVEUS7.js.map +0 -1
package/dist/chunk-AFVQODI2.js +0 -263
package/dist/chunk-AFVQODI2.js.map +0 -1
package/dist/chunk-DGUM43GV.js.map +0 -1
package/dist/chunk-E66EQZE6.js.map +0 -1
package/dist/chunk-EFN2EIMK.js.map +0 -1
package/dist/chunk-FFQEQTNW.js.map +0 -1
package/dist/chunk-FMUCXFII.js.map +0 -1
package/dist/chunk-G37KK66H.js.map +0 -1
package/dist/chunk-G7QEZTYQ.js +0 -2053
package/dist/chunk-G7QEZTYQ.js.map +0 -1
package/dist/chunk-HU2C6SSC.js.map +0 -1
package/dist/chunk-IHB5DR3H.js.map +0 -1
package/dist/chunk-IVOFDYWT.js.map +0 -1
package/dist/chunk-J36DSWQK.js.map +0 -1
package/dist/chunk-JGRYX5UX.js.map +0 -1
package/dist/chunk-KQCRWDSA.js +0 -1
package/dist/chunk-KQCRWDSA.js.map +0 -1
package/dist/chunk-L4OXEN46.js.map +0 -1
package/dist/chunk-LMC26NLJ.js +0 -84
package/dist/chunk-LMC26NLJ.js.map +0 -1
package/dist/chunk-M43Y4SSO.js.map +0 -1
package/dist/chunk-M7MPQISP.js.map +0 -1
package/dist/chunk-NTM7ZSB6.js.map +0 -1
package/dist/chunk-PWLANIRT.js.map +0 -1
package/dist/chunk-QXHPKYJV.js.map +0 -1
package/dist/chunk-RGAWHO7N.js.map +0 -1
package/dist/chunk-UPPMRMYG.js.map +0 -1
package/dist/chunk-VBXEHIUJ.js.map +0 -1
package/dist/chunk-ZSAAAMVR.js.map +0 -1
package/dist/components.js.map +0 -1
package/dist/contextValidator-5OGXSPKS.js +0 -9
package/dist/contextValidator-5OGXSPKS.js.map +0 -1
package/dist/eslint-rules/pace-core-compliance.cjs +0 -510
package/dist/hooks.js.map +0 -1
package/dist/index.js.map +0 -1
package/dist/providers.js.map +0 -1
package/dist/rbac/eslint-rules.js.map +0 -1
package/dist/rbac/index.js.map +0 -1
package/dist/styles/index.js.map +0 -1
package/dist/theming/runtime.js.map +0 -1
package/dist/types.js.map +0 -1
package/dist/utils.js.map +0 -1
package/docs/best-practices/README.md +0 -472
package/docs/best-practices/accessibility.md +0 -601
package/docs/best-practices/common-patterns.md +0 -516
package/docs/best-practices/deployment.md +0 -1103
package/docs/best-practices/performance.md +0 -1328
package/docs/best-practices/security.md +0 -940
package/docs/best-practices/testing.md +0 -1034
package/docs/rbac/compliance/compliance-guide.md +0 -544
package/docs/standards/01-architecture-standard.md +0 -44
package/docs/standards/02-api-and-rpc-standard.md +0 -39
package/docs/standards/03-component-standard.md +0 -32
package/docs/standards/04-code-style-standard.md +0 -32
package/docs/standards/05-security-standard.md +0 -44
package/docs/standards/06-testing-and-docs-standard.md +0 -29
package/docs/standards/pace-core-compliance.md +0 -432
package/scripts/audit/core/checks/accessibility.cjs +0 -197
package/scripts/audit/core/checks/api-usage.cjs +0 -191
package/scripts/audit/core/checks/bundle.cjs +0 -142
package/scripts/audit/core/checks/compliance.cjs +0 -2706
package/scripts/audit/core/checks/config.cjs +0 -54
package/scripts/audit/core/checks/coverage.cjs +0 -84
package/scripts/audit/core/checks/dependencies.cjs +0 -994
package/scripts/audit/core/checks/documentation.cjs +0 -268
package/scripts/audit/core/checks/environment.cjs +0 -116
package/scripts/audit/core/checks/error-handling.cjs +0 -340
package/scripts/audit/core/checks/forms.cjs +0 -172
package/scripts/audit/core/checks/heuristics.cjs +0 -68
package/scripts/audit/core/checks/hooks.cjs +0 -334
package/scripts/audit/core/checks/imports.cjs +0 -244
package/scripts/audit/core/checks/performance.cjs +0 -325
package/scripts/audit/core/checks/routes.cjs +0 -117
package/scripts/audit/core/checks/state.cjs +0 -130
package/scripts/audit/core/checks/structure.cjs +0 -65
package/scripts/audit/core/checks/style.cjs +0 -584
package/scripts/audit/core/checks/testing.cjs +0 -122
package/scripts/audit/core/checks/typescript.cjs +0 -61
package/scripts/audit/core/scanner.cjs +0 -199
package/scripts/audit/core/utils.cjs +0 -137
package/scripts/audit/index.cjs +0 -223
package/scripts/audit/reporters/console.cjs +0 -151
package/scripts/audit/reporters/json.cjs +0 -54
package/scripts/audit/reporters/markdown.cjs +0 -124
package/scripts/audit-consuming-app.cjs +0 -86
package/src/components/DataTable/components/DataTableBody.tsx +0 -454
package/src/components/DataTable/components/DraggableColumnHeader.tsx +0 -156
package/src/components/DataTable/components/ExpandButton.tsx +0 -113
package/src/components/DataTable/components/GroupHeader.tsx +0 -54
package/src/components/DataTable/components/ViewRowModal.tsx +0 -68
package/src/components/DataTable/components/VirtualizedDataTable.tsx +0 -525
package/src/components/DataTable/components/__tests__/ExpandButton.test.tsx +0 -462
package/src/components/DataTable/components/__tests__/GroupHeader.test.tsx +0 -393
package/src/components/DataTable/components/__tests__/ViewRowModal.test.tsx +0 -476
package/src/components/DataTable/components/__tests__/VirtualizedDataTable.test.tsx +0 -128
package/src/components/DataTable/core/DataTableContext.tsx +0 -216
package/src/components/DataTable/core/__tests__/DataTableContext.test.tsx +0 -136
package/src/components/DataTable/hooks/__tests__/useColumnReordering.test.ts +0 -570
package/src/components/DataTable/hooks/useColumnReordering.ts +0 -123
package/src/components/DataTable/utils/debugTools.ts +0 -514
package/src/eslint-rules/pace-core-compliance.js +0 -638
package/src/rbac/components/EnhancedNavigationMenu.test.tsx +0 -555
package/src/rbac/components/EnhancedNavigationMenu.tsx +0 -293
package/src/rbac/components/NavigationProvider.test.tsx +0 -481
package/src/rbac/components/NavigationProvider.tsx +0 -345
package/src/rbac/components/PagePermissionProvider.test.tsx +0 -476
package/src/rbac/components/PagePermissionProvider.tsx +0 -279
package/src/rbac/components/PermissionEnforcer.tsx +0 -312
package/src/rbac/components/RoleBasedRouter.tsx +0 -440
package/src/rbac/components/SecureDataProvider.test.tsx +0 -543
package/src/rbac/components/SecureDataProvider.tsx +0 -339
package/src/rbac/components/__tests__/EnhancedNavigationMenu.test.tsx +0 -620
package/src/rbac/components/__tests__/NavigationProvider.test.tsx +0 -726
package/src/rbac/components/__tests__/PagePermissionProvider.test.tsx +0 -661
package/src/rbac/components/__tests__/PermissionEnforcer.test.tsx +0 -881
package/src/rbac/components/__tests__/RoleBasedRouter.test.tsx +0 -783
package/src/rbac/components/__tests__/SecureDataProvider.fixed.test.tsx +0 -645
package/src/rbac/components/__tests__/SecureDataProvider.test.tsx +0 -659
package/src/rbac/hooks/permissions/useCachedPermissions.ts +0 -79
package/src/rbac/hooks/permissions/useHasAllPermissions.ts +0 -90
package/src/rbac/hooks/permissions/useHasAnyPermission.ts +0 -90

package/docs/rbac/RBAC_CONTRACT.md ADDED Viewed

@@ -0,0 +1,724 @@
+---
+lastUpdated: 2025-01-04T00:00:00+00:00
+version: 2.0.0
+reviewedBy: rbac-architecture-review
+---
+# RBAC Contract
+> **📋 The Definitive RBAC Contract** | [← Back to RBAC Documentation](./README.md) | [Quick Start](./quick-start.md) | [Migration Guide](./MIGRATION_GUIDE.md)
+This document defines the **mandatory contract** between `pace-core` and consuming applications for RBAC (Role-Based Access Control) integration. This contract is **enforced** by ESLint rules.
+**⚠️ CRITICAL**: This contract is **non-negotiable**. Violations will result in build errors.
+## Table of Contents
+1. [The Contract](#the-contract)
+2. [Architecture Boundary](#architecture-boundary)
+3. [Compliance Checklist](#compliance-checklist)
+4. [Anti-Patterns](#anti-patterns)
+5. [Enforcement](#enforcement)
+6. [enforcePermissions Configuration](#enforcepermissions-configuration)
+## The Contract
+### What Consuming Apps MUST Do
+#### 1. **MUST Use pace-core RBAC Components**
+**MUST use `PagePermissionGuard` for all protected pages:**
+```tsx
+// ✅ CORRECT
+import { PagePermissionGuard } from '@jmruthers/pace-core/rbac';
+function DashboardPage() {
+  return (
+    <PagePermissionGuard pageName="dashboard" operation="read">
+      <DashboardContent />
+    </PagePermissionGuard>
+  );
+}
+```
+**MUST use pace-core hooks for permission checks:**
+```tsx
+// ✅ CORRECT
+import { useCan, useResourcePermissions } from '@jmruthers/pace-core/rbac';
+function MyComponent() {
+  const canEdit = useCan('update:users');
+  const permissions = useResourcePermissions('users');
+  // ...
+}
+```
+**MUST use pace-core API functions for programmatic checks:**
+```tsx
+// ✅ CORRECT
+import { isPermitted } from '@jmruthers/pace-core/rbac';
+const hasAccess = await isPermitted({
+  permission: 'read:dashboard',
+  pageName: 'dashboard'
+});
+```
+#### 2. **MUST Use Standard AccessDenied Component**
+**MUST use `AccessDenied` from pace-core for all access denied scenarios:**
+```tsx
+// ✅ CORRECT
+import { AccessDenied } from '@jmruthers/pace-core/rbac';
+<PagePermissionGuard
+  pageName="dashboard"
+  operation="read"
+  fallback={<AccessDenied />}
+>
+  <DashboardContent />
+</PagePermissionGuard>
+```
+#### 3. **MUST Configure enforcePermissions Correctly**
+**For event-based apps (where pages handle their own checks):**
+```tsx
+// ✅ CORRECT - Event-based app pattern
+<PaceAppLayout
+  appName="MyApp"
+  enforcePermissions={false}  // Pages handle checks via PagePermissionGuard
+  // ...
+>
+```
+**For organisation-based apps (where layout handles checks):**
+```tsx
+// ✅ CORRECT - Organisation-based app pattern
+<PaceAppLayout
+  appName="MyApp"
+  enforcePermissions={true}  // Layout handles checks
+  defaultPermission="read"
+  // ...
+>
+```
+#### 4. **MUST Use useSecureSupabase for RBAC Table Queries**
+**If you must query RBAC tables (rare), MUST use `useSecureSupabase`:**
+```tsx
+// ✅ CORRECT - Using secure client
+import { useSecureSupabase } from '@jmruthers/pace-core/rbac';
+function MyComponent() {
+  const secureSupabase = useSecureSupabase(supabase);
+  const { data } = await secureSupabase
+    .from('rbac_user_profiles')  // Allowed through secure client
+    .select('*');
+}
+```
+### What Consuming Apps MUST NOT Do
+#### 1. **MUST NOT Create Wrapper Components**
+**MUST NOT create wrapper components around `PagePermissionGuard`:**
+```tsx
+// ❌ FORBIDDEN - Wrapper component
+function EventPageGuard({ pageName, children }) {
+  // Event validation logic...
+  return (
+    <PagePermissionGuard pageName={pageName}>
+      {children}
+    </PagePermissionGuard>
+  );
+}
+```
+**Instead, handle validation directly in page components:**
+```tsx
+// ✅ CORRECT - Direct usage
+function DashboardPage() {
+  const { selectedEvent } = useEvents();
+  if (!selectedEvent) {
+    return <EventSelectionPrompt />;
+  }
+  return (
+    <PagePermissionGuard pageName="dashboard" operation="read">
+      <DashboardContent />
+    </PagePermissionGuard>
+  );
+}
+```
+#### 2. **MUST NOT Query RBAC Tables Directly**
+**MUST NOT query RBAC tables without using `useSecureSupabase`:**
+```tsx
+// ❌ FORBIDDEN - Direct query
+const { data } = await supabase
+  .from('rbac_user_profiles')  // ERROR: Direct RBAC table query
+  .select('*');
+```
+**MUST NOT query these tables directly:**
+- `rbac_organisation_roles`
+- `rbac_event_app_roles`
+- `rbac_global_roles`
+- `rbac_apps`
+- `rbac_app_pages`
+- `rbac_page_permissions`
+- `rbac_user_profiles`
+#### 3. **MUST NOT Call RBAC RPC Functions Directly**
+**MUST NOT call `rbac_check_permission_simplified` directly:**
+```tsx
+// ❌ FORBIDDEN - Direct RPC call
+const { data } = await supabase.rpc('rbac_check_permission_simplified', {
+  p_user_id: userId,
+  p_permission: 'read:dashboard'
+});
+```
+**Instead, use pace-core API:**
+```tsx
+// ✅ CORRECT - Using pace-core API
+import { isPermitted } from '@jmruthers/pace-core/rbac';
+const hasAccess = await isPermitted({
+  permission: 'read:dashboard',
+  pageName: 'dashboard'
+});
+```
+#### 4. **MUST NOT Create Custom Access Denied Components**
+**MUST NOT create custom access denied components:**
+```tsx
+// ❌ FORBIDDEN - Custom component
+function CustomAccessDenied() {
+  return <div>Access Denied</div>;
+}
+```
+**MUST use standard component:**
+```tsx
+// ✅ CORRECT - Standard component
+import { AccessDenied } from '@jmruthers/pace-core/rbac';
+<AccessDenied />
+```
+#### 5. **MUST NOT Bypass PagePermissionGuard**
+**MUST NOT render protected content without `PagePermissionGuard`:**
+```tsx
+// ❌ FORBIDDEN - No guard
+function DashboardPage() {
+  return <DashboardContent />;  // ERROR: Unprotected page
+}
+```
+**MUST protect all pages:**
+```tsx
+// ✅ CORRECT - Protected page
+function DashboardPage() {
+  return (
+    <PagePermissionGuard pageName="dashboard" operation="read">
+      <DashboardContent />
+    </PagePermissionGuard>
+  );
+}
+```
+#### 6. **MUST NOT Implement Custom Permission Logic**
+**MUST NOT create custom permission checking functions:**
+```tsx
+// ❌ FORBIDDEN - Custom permission logic
+function checkPermission(userId, permission) {
+  // Custom logic...
+}
+```
+**MUST use pace-core functions:**
+```tsx
+// ✅ CORRECT - Using pace-core
+import { isPermitted } from '@jmruthers/pace-core/rbac';
+const hasAccess = await isPermitted({ permission: 'read:dashboard' });
+```
+#### 7. **MUST NOT Use Hardcoded Role Checks**
+**MUST NOT compare roles directly:**
+```tsx
+// ❌ FORBIDDEN - Hardcoded role check
+if (user.role === 'admin') {
+  // ...
+}
+```
+**MUST use pace-core hooks/APIs:**
+```tsx
+// ✅ CORRECT - Using pace-core
+import { useAccessLevel } from '@jmruthers/pace-core/rbac';
+const { accessLevel } = useAccessLevel();
+if (accessLevel === 'admin') {
+  // ...
+}
+```
+#### 8. **MUST NOT Use Resource Permission String Literals**
+**MUST NOT use string literals in `useResourcePermissions`:**
+```tsx
+// ❌ FORBIDDEN - String literal
+const { canCreate } = useResourcePermissions('journal');
+```
+**MUST use RESOURCE_NAMES constant:**
+```tsx
+// ✅ CORRECT - Using constant
+import { RESOURCE_NAMES } from '@/config/resource-names';
+const { canCreate } = useResourcePermissions(RESOURCE_NAMES.JOURNAL);
+```
+#### 9. **MUST NOT Create Permission Wrapper Functions**
+**MUST NOT create wrapper functions around permission checks:**
+```tsx
+// ❌ FORBIDDEN - Wrapper function
+const canEdit = (postId: string) => {
+  const hasPermission = canUpdate('journal');
+  const post = posts.find(p => p.id === postId);
+  return hasPermission && !!post;
+};
+```
+**MUST use pace-core hooks directly:**
+```tsx
+// ✅ CORRECT - Direct usage
+const { canUpdate } = useResourcePermissions(RESOURCE_NAMES.JOURNAL);
+// Use canUpdate directly in components
+```
+### What Consuming Apps MAY Do
+#### 1. **MAY Configure Navigation**
+**MAY define navigation configuration:**
+```tsx
+// ✅ ALLOWED - Navigation configuration
+const navItems = [
+  { label: 'Dashboard', path: '/dashboard' },
+  { label: 'Users', path: '/users' }
+];
+const routePermissions = {
+  '/dashboard': 'read:dashboard',
+  '/users': 'read:users'
+};
+```
+#### 2. **MAY Customize AccessDenied Props**
+**MAY customize `AccessDenied` component with props:**
+```tsx
+// ✅ ALLOWED - Customized AccessDenied
+<AccessDenied
+  message="You don't have permission to view this page."
+  onGoBack={() => navigate('/dashboard')}
+  showSignOut={true}
+/>
+```
+#### 3. **MAY Handle Event Context Validation**
+**MAY validate event context in page components:**
+```tsx
+// ✅ ALLOWED - Event context validation
+function DashboardPage() {
+  const { selectedEvent } = useEvents();
+  if (!selectedEvent) {
+    return <EventSelectionPrompt />;
+  }
+  return (
+    <PagePermissionGuard pageName="dashboard" operation="read">
+      <DashboardContent />
+    </PagePermissionGuard>
+  );
+}
+```
+## Architecture Boundary
+### What Lives in pace-core
+**Core Permission Logic:**
+- `RBACEngine.isPermitted` - Permission checking algorithm
+- Database RPC calls (`rbac_check_permission_simplified`)
+- Super admin detection
+- Scope resolution logic
+- Cache management
+**Components:**
+- `PagePermissionGuard` - Standard page protection (single canonical component)
+- `NavigationGuard` - Navigation item protection
+- `AccessDenied` - Standard access denied component
+**Hooks:**
+- `useCan` - Single permission check
+- `usePermissions` - Permission map retrieval
+- `useMultiplePermissions` - Multiple permission checks (covers any/all logic)
+- `useAccessLevel` - Access level checks
+- `useResourcePermissions` - Resource CRUD permissions
+- `useResolvedScope` - Scope resolution
+- `useSecureSupabase` - Secure Supabase client access
+**API Functions:**
+- `isPermitted` - Core permission check
+- `getRoleContext` - Role information
+- `setupRBAC` - Initialization
+**Types and Utilities:**
+- All RBAC types (`Permission`, `Scope`, `RBACRoleContext`)
+- Security validators
+- Cache utilities
+### What Lives in Consuming Apps
+**Configuration:**
+- Navigation configuration (`navItems`, `routePermissions`, `pageIdMapping`)
+- App-specific page names and constants
+**UI Integration:**
+- Permission-aware UI rendering (using pace-core hooks)
+- Custom styling of standard `AccessDenied` component (via props)
+- Event context validation (if needed)
+## Compliance Checklist
+Before deploying your application, verify:
+- [ ] All pages are wrapped with `PagePermissionGuard`
+- [ ] No direct queries to RBAC tables (except through `useSecureSupabase`)
+- [ ] No direct RPC calls to `rbac_check_permission_simplified`
+- [ ] No wrapper components around `PagePermissionGuard`
+- [ ] No custom access denied components
+- [ ] No hardcoded role checks (use `useAccessLevel` or `getRoleContext`)
+- [ ] No custom permission utility functions
+- [ ] No resource permission string literals (use `RESOURCE_NAMES` constants)
+- [ ] No permission wrapper functions (use pace-core hooks directly)
+- [ ] `enforcePermissions` configured correctly for your app type
+- [ ] All access denied scenarios use `AccessDenied` from pace-core
+- [ ] ESLint rules pass without errors
+## Anti-Patterns
+### Anti-Pattern 1: Wrapper Components
+```tsx
+// ❌ ANTI-PATTERN
+function EventPageGuard({ pageName, children }) {
+  const { selectedEvent } = useEvents();
+  if (!selectedEvent) return <EventSelectionPrompt />;
+  return <PagePermissionGuard pageName={pageName}>{children}</PagePermissionGuard>;
+}
+```
+**Why it's wrong:**
+- Decreases maintainability
+- Adds unnecessary abstraction
+- Duplicates logic that should be in pages
+**Correct pattern:**
+```tsx
+// ✅ CORRECT
+function DashboardPage() {
+  const { selectedEvent } = useEvents();
+  if (!selectedEvent) return <EventSelectionPrompt />;
+  return (
+    <PagePermissionGuard pageName="dashboard" operation="read">
+      <DashboardContent />
+    </PagePermissionGuard>
+  );
+}
+```
+### Anti-Pattern 2: Direct Database Queries
+```tsx
+// ❌ ANTI-PATTERN
+const { data } = await supabase
+  .from('rbac_user_profiles')
+  .select('*');
+```
+**Why it's wrong:**
+- Bypasses security controls
+- Violates architecture boundary
+- Not future-proof
+**Correct pattern:**
+```tsx
+// ✅ CORRECT
+import { useSecureSupabase } from '@jmruthers/pace-core/rbac';
+const secureSupabase = useSecureSupabase(supabase);
+const { data } = await secureSupabase
+  .from('rbac_user_profiles')
+  .select('*');
+```
+### Anti-Pattern 3: Custom Access Denied
+```tsx
+// ❌ ANTI-PATTERN
+function CustomAccessDenied() {
+  return <div>Access Denied</div>;
+}
+```
+**Why it's wrong:**
+- Inconsistent UX across apps
+- Duplicates standard functionality
+- Not maintainable
+**Correct pattern:**
+```tsx
+// ✅ CORRECT
+import { AccessDenied } from '@jmruthers/pace-core/rbac';
+<AccessDenied />
+```
+### Anti-Pattern 4: Hardcoded Role Checks
+```tsx
+// ❌ ANTI-PATTERN
+if (user.role === 'admin') {
+  // ...
+}
+```
+**Why it's wrong:**
+- Bypasses RBAC system
+- Not maintainable (role names can change)
+- Doesn't respect permission hierarchy
+**Correct pattern:**
+```tsx
+// ✅ CORRECT
+import { useAccessLevel } from '@jmruthers/pace-core/rbac';
+const { accessLevel } = useAccessLevel();
+if (accessLevel === 'admin') {
+  // ...
+}
+```
+### Anti-Pattern 5: Custom Permission Utilities
+```tsx
+// ❌ ANTI-PATTERN
+function checkPermission(userId, permission) {
+  // Custom logic...
+}
+```
+**Why it's wrong:**
+- Duplicates pace-core functionality
+- Bypasses centralized RBAC logic
+- Not future-proof
+**Correct pattern:**
+```tsx
+// ✅ CORRECT
+import { isPermitted } from '@jmruthers/pace-core/rbac';
+const hasAccess = await isPermitted({ permission: 'read:dashboard' });
+```
+### Anti-Pattern 6: Resource Permission String Literals
+```tsx
+// ❌ ANTI-PATTERN
+const { canCreate } = useResourcePermissions('journal');
+```
+**Why it's wrong:**
+- Not type-safe (typos possible)
+- No compile-time validation
+- Maintenance burden
+**Correct pattern:**
+```tsx
+// ✅ CORRECT
+import { RESOURCE_NAMES } from '@/config/resource-names';
+const { canCreate } = useResourcePermissions(RESOURCE_NAMES.JOURNAL);
+```
+### Anti-Pattern 7: Permission Wrapper Functions
+```tsx
+// ❌ ANTI-PATTERN
+const canEdit = (postId: string) => {
+  const hasPermission = canUpdate('journal');
+  const post = posts.find(p => p.id === postId);
+  return hasPermission && !!post;
+};
+```
+**Why it's wrong:**
+- Unnecessary abstraction layer
+- Encourages bypassing direct pace-core usage
+- Creates maintenance burden
+**Correct pattern:**
+```tsx
+// ✅ CORRECT
+const { canUpdate } = useResourcePermissions(RESOURCE_NAMES.JOURNAL);
+// Use canUpdate directly in components
+```
+## Enforcement
+### ESLint Rules
+The following ESLint rules enforce this contract (all as **ERROR** severity):
+1. **`no-direct-rbac-rpc`** - Detects direct calls to `rbac_check_permission_simplified`
+2. **`no-direct-rbac-tables`** - Detects direct queries to RBAC tables
+3. **`no-bypass-page-guard`** - Detects routes without `PagePermissionGuard`
+4. **`no-custom-access-denied`** - Detects custom access denied components
+5. **`no-hardcoded-role-checks`** - Detects hardcoded role comparisons
+6. **`no-custom-permission-utilities`** - Detects custom permission utility functions
+7. **`no-resource-permission-string-literals`** - Detects string literals in `useResourcePermissions` calls
+8. **`no-permission-wrapper-functions`** - Detects wrapper functions around pace-core permission hooks
+### Runtime Compliance
+Use runtime compliance checking in development:
+```tsx
+import { checkRuntimeCompliance } from '@jmruthers/pace-core/rbac/compliance';
+// In development mode
+if (import.meta.env.DEV) {
+  checkRuntimeCompliance();
+}
+```
+## enforcePermissions Configuration
+### When to Use `enforcePermissions={true}`
+**Use for organisation-based apps** where the layout handles permission checks:
+```tsx
+<PaceAppLayout
+  appName="MyApp"
+  enforcePermissions={true}  // Layout validates all routes
+  defaultPermission="read"
+  routePermissions={{
+    '/dashboard': 'read:dashboard',
+    '/users': 'read:users'
+  }}
+>
+```
+**Benefits:**
+- Automatic route protection
+- Safety net for forgotten permission checks
+- Centralized permission configuration
+### When to Use `enforcePermissions={false}`
+**Use for event-based apps** where pages handle their own checks:
+```tsx
+<PaceAppLayout
+  appName="MyApp"
+  enforcePermissions={false}  // Pages handle checks via PagePermissionGuard
+  showEvents={true}
+>
+  {/* Pages use PagePermissionGuard directly */}
+</PaceAppLayout>
+```
+**Why `false` for event-based apps:**
+- Pages need event context validation before permission checks
+- `PagePermissionGuard` handles both event validation and permission checks
+- Avoids redundant checks and timing issues
+**Pattern:**
+```tsx
+// Each page handles its own checks
+function DashboardPage() {
+  const { selectedEvent } = useEvents();
+  if (!selectedEvent) return <EventSelectionPrompt />;
+  return (
+    <PagePermissionGuard pageName="dashboard" operation="read">
+      <DashboardContent />
+    </PagePermissionGuard>
+  );
+}
+```
+## Related Documentation
+- [RBAC README](./README.md) - Overview and quick start
+- [Quick Start Guide](./quick-start.md) - Step-by-step setup
+- [Event-Based Apps](./event-based-apps.md) - Event-based app patterns
+- [Permission Enforcement](../implementation-guides/permission-enforcement.md) - Detailed enforcement patterns
+- [Migration Guide](./MIGRATION_GUIDE.md) - Migrating to this contract
+## Support
+If you have questions about this contract or need clarification:
+1. Review the [Troubleshooting Guide](./troubleshooting.md)
+2. Check [Examples](./examples.md) for common patterns
+3. Review [API Reference](./api-reference.md) for detailed API documentation
+---
+**Last Updated**: 2025-01-04
+**Version**: 2.0.0
+**Status**: Enforced