npm - @skylabs-digital/react-identity-access - Versions diffs - 2.20.0 → 2.21.0 - Mend

@skylabs-digital/react-identity-access 2.20.0 → 2.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.es.js +408 -385
package/dist/index.es.js.map +1 -1
package/dist/index.js +2 -2
package/dist/index.js.map +1 -1
package/dist/providers/AuthProvider.d.ts.map +1 -1
package/dist/services/SessionManager.d.ts +12 -0
package/dist/services/SessionManager.d.ts.map +1 -1
package/package.json +1 -1

package/dist/index.es.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { jsx as s, Fragment as _, jsxs as d } from "react/jsx-runtime";
-import { createContext as fe, useMemo as J, useState as T, useCallback as se, useEffect as ee, useContext as ae, useRef as Qe } from "react";
-import { useLocation as Te, Navigate as be, useNavigate as ft, useSearchParams as gt } from "react-router-dom";
-class le {
+import { createContext as fe, useMemo as Z, useState as T, useCallback as se, useEffect as ee, useContext as le, useRef as Ke } from "react";
+import { useLocation as ke, Navigate as Se, useNavigate as gt, useSearchParams as mt } from "react-router-dom";
+class ce {
   constructor(e, t = 1e4) {
     this.baseUrl = e.replace(/\/$/, ""), this.timeout = t;
   }
@@ -50,7 +50,7 @@ class le {
     return this.executeRequest("DELETE", e, void 0, t);
   }
 }
-class Oe {
+class ze {
   constructor(e, t) {
     this.httpService = e, this.sessionManager = t;
   }
@@ -109,9 +109,9 @@ class Oe {
     })).data;
   }
 }
-const Le = fe(null);
-function mr({ config: n, children: e }) {
-  const t = J(
+const Fe = fe(null);
+function yr({ config: n, children: e }) {
+  const t = Z(
     () => {
       var p, x, R;
       return {
@@ -132,7 +132,7 @@ function mr({ config: n, children: e }) {
     } catch {
       return null;
     }
-  }), [o, a] = T(!r), [f, g] = T(null), w = J(() => {
+  }), [o, a] = T(!r), [f, g] = T(null), w = Z(() => {
     const p = () => {
       c();
     };
@@ -150,7 +150,7 @@ function mr({ config: n, children: e }) {
       if (!(!p && t.enabled && r))
         try {
           a(!0), g(null);
-          const x = new le(n.baseUrl), F = await new Oe(x, {}).getPublicAppInfo(n.appId);
+          const x = new ce(n.baseUrl), F = await new ze(x, {}).getPublicAppInfo(n.appId);
           if (i(F), t.enabled)
             try {
               const E = {
@@ -177,7 +177,7 @@ function mr({ config: n, children: e }) {
         if (!p) return;
         const x = JSON.parse(p);
         if (Date.now() - x.timestamp > t.ttl * 0.5) {
-          const F = new le(n.baseUrl), A = await new Oe(F, {}).getPublicAppInfo(n.appId);
+          const F = new ce(n.baseUrl), A = await new ze(F, {}).getPublicAppInfo(n.appId);
           i(A);
           const u = {
             data: A,
@@ -192,18 +192,18 @@ function mr({ config: n, children: e }) {
   }, [n, t, r]);
   return ee(() => {
     r ? I() : c();
-  }, []), /* @__PURE__ */ s(Le.Provider, { value: w, children: e });
+  }, []), /* @__PURE__ */ s(Fe.Provider, { value: w, children: e });
 }
-function Se() {
-  const n = ae(Le);
+function ve() {
+  const n = le(Fe);
   if (!n)
     throw new Error("useApp must be used within an AppProvider");
   return n;
 }
 function Ze() {
-  return ae(Le);
+  return le(Fe);
 }
-const yr = Se;
+const wr = ve;
 class ie extends Error {
   constructor(e, t) {
     const r = {
@@ -214,22 +214,47 @@ class ie extends Error {
     super(t || r[e]), this.name = "SessionExpiredError", this.reason = e;
   }
 }
-class mt extends Error {
+class yt extends Error {
   constructor(e) {
     super(`Token refresh timed out after ${e}ms`), this.name = "TokenRefreshTimeoutError", this.timeoutMs = e;
   }
 }
-class yt extends Error {
+class wt extends Error {
   constructor(e, t) {
     super(
       `Token refresh failed after ${e} attempts: ${(t == null ? void 0 : t.message) || "Unknown error"}`
     ), this.name = "TokenRefreshError", this.attempts = e, this.lastError = t;
   }
 }
-class pe {
+const oe = class oe {
   constructor(e = {}) {
     this.refreshPromise = null, this.refreshQueue = [], this.proactiveTimerId = null, this.backgroundRetryTimerId = null, this.isDestroyed = !1, e.tenantSlug !== void 0 ? this.storageKey = e.tenantSlug ? `auth_tokens_${e.tenantSlug}` : "auth_tokens" : this.storageKey = e.storageKey || "auth_tokens", this.autoRefresh = e.autoRefresh ?? !0, this.refreshThreshold = e.refreshThreshold || 3e5, this.onRefreshFailed = e.onRefreshFailed, this.onSessionExpired = e.onSessionExpired, this.baseUrl = e.baseUrl || "", this.proactiveRefreshMargin = e.proactiveRefreshMargin ?? 6e4, this.refreshQueueTimeout = e.refreshQueueTimeout ?? 1e4, this.maxRefreshRetries = e.maxRefreshRetries ?? 3, this.retryBackoffBase = e.retryBackoffBase ?? 1e3, this.tokenStorage = e.tokenStorage || this.createTokenStorage(this.storageKey), this.scheduleProactiveRefresh();
   }
+  /**
+   * Get or create a SessionManager instance for the given config.
+   * Returns the same instance when called with the same storageKey/tenantSlug.
+   * Mutable config (callbacks, baseUrl) is updated on the existing instance.
+   */
+  static getInstance(e = {}) {
+    const t = oe.resolveStorageKey(e), r = oe.instances.get(t);
+    if (r)
+      return r.updateConfig(e), r;
+    const i = new oe(e);
+    return oe.instances.set(t, i), i;
+  }
+  /** Reset all singleton instances. For testing only. */
+  static resetAllInstances() {
+    for (const e of oe.instances.values())
+      e.destroy();
+    oe.instances.clear();
+  }
+  static resolveStorageKey(e) {
+    return e.storageKey ? e.storageKey : e.tenantSlug !== void 0 && e.tenantSlug ? `auth_tokens_${e.tenantSlug}` : "auth_tokens";
+  }
+  /** Update mutable config (callbacks, baseUrl) on an existing instance. */
+  updateConfig(e) {
+    e.onSessionExpired !== void 0 && (this.onSessionExpired = e.onSessionExpired), e.onRefreshFailed !== void 0 && (this.onRefreshFailed = e.onRefreshFailed), e.baseUrl && (this.baseUrl = e.baseUrl);
+  }
   // --- Storage helpers ---
   createTokenStorage(e) {
     return {
@@ -271,7 +296,7 @@ class pe {
     }
   }
   setTokens(e) {
-    const t = e.expiresAt || (e.expiresIn ? Date.now() + e.expiresIn * 1e3 : void 0) || pe.extractJwtExpiry(e.accessToken), r = {
+    const t = e.expiresAt || (e.expiresIn ? Date.now() + e.expiresIn * 1e3 : void 0) || oe.extractJwtExpiry(e.accessToken), r = {
       ...e,
       expiresAt: t
     };
@@ -281,7 +306,7 @@ class pe {
     const { accessToken: e, refreshToken: t, expiresAt: r, expiresIn: i, tokenType: o } = this.tokenStorage.get() || {};
     if (!e)
       return null;
-    const a = r || pe.extractJwtExpiry(e);
+    const a = r || oe.extractJwtExpiry(e);
     return {
       accessToken: e,
       refreshToken: t,
@@ -312,9 +337,7 @@ class pe {
     if (!(e != null && e.expiresAt) || !e.refreshToken) return;
     const r = e.expiresAt - this.proactiveRefreshMargin - Date.now();
     if (r <= 0) {
-      this.proactiveTimerId = setTimeout(() => {
-        this.backgroundRefresh();
-      }, 0);
+      this.backgroundRefresh();
       return;
     }
     this.proactiveTimerId = setTimeout(() => {
@@ -374,7 +397,7 @@ class pe {
     return new Promise((e, t) => {
       const r = setTimeout(() => {
         const i = this.refreshQueue.findIndex((o) => o.timeoutId === r);
-        i !== -1 && this.refreshQueue.splice(i, 1), t(new mt(this.refreshQueueTimeout));
+        i !== -1 && this.refreshQueue.splice(i, 1), t(new yt(this.refreshQueueTimeout));
       }, this.refreshQueueTimeout);
       this.refreshQueue.push({ resolve: e, reject: t, timeoutId: r });
     });
@@ -420,7 +443,7 @@ class pe {
           await this.sleep(a);
         }
       }
-    throw new yt(this.maxRefreshRetries + 1, t);
+    throw new wt(this.maxRefreshRetries + 1, t);
   }
   /**
    * Single refresh attempt with error classification.
@@ -486,7 +509,7 @@ class pe {
    * Cancels all timers and rejects pending queue entries.
    */
   destroy() {
-    this.isDestroyed = !0, this.cancelProactiveTimer();
+    this.isDestroyed = !0, oe.instances.delete(this.storageKey), this.cancelProactiveTimer();
     const e = new ie("token_invalid", "SessionManager destroyed");
     this.rejectQueue(e);
   }
@@ -524,8 +547,10 @@ class pe {
   sleep(e) {
     return new Promise((t) => setTimeout(t, e));
   }
-}
-class wt {
+};
+oe.instances = /* @__PURE__ */ new Map();
+let we = oe;
+class bt {
   constructor(e) {
     this.httpService = e;
   }
@@ -581,7 +606,7 @@ class wt {
     });
   }
 }
-class ze {
+class _e {
   constructor(e, t) {
     this.httpService = e, this.sessionManager = t;
   }
@@ -657,7 +682,7 @@ class ze {
     };
   }
 }
-class bt {
+class St {
   constructor(e, t) {
     this.httpService = e, this.sessionManager = t;
   }
@@ -697,7 +722,7 @@ class bt {
     });
   }
 }
-class we {
+class be {
   constructor(e, t, r) {
     this.httpService = e, this.appId = t, this.sessionManager = r;
   }
@@ -775,7 +800,7 @@ class we {
     )).data;
   }
 }
-function St(n, e) {
+function vt(n, e) {
   if (n === "localhost" || n.startsWith("127.") || n.startsWith("192.168."))
     return null;
   if (e) {
@@ -791,26 +816,26 @@ function St(n, e) {
   const r = n.split(".");
   return r.length >= 3 && r[0] !== "www" ? r[0] : null;
 }
-function vt(n, e = "tenant", t) {
+function Tt(n, e = "tenant", t) {
   const i = new URLSearchParams(n).get(e);
   return i ? (t && t.setItem("tenant", i), i) : t ? t.getItem("tenant") : null;
 }
-function Tt(n, e, t) {
+function kt(n, e, t) {
   const { tenantMode: r, baseDomain: i, selectorParam: o, fixedTenantSlug: a } = n;
-  return r === "fixed" ? a || null : r === "subdomain" ? St(e.hostname, i) : r === "selector" ? vt(e.search, o, t) : null;
+  return r === "fixed" ? a || null : r === "subdomain" ? vt(e.hostname, i) : r === "selector" ? Tt(e.search, o, t) : null;
 }
-function kt(n, e, t) {
+function xt(n, e, t) {
   if (t)
     return `${n}.${t}`;
   const r = e.split(".");
   return r.length === 2 ? `${n}.${e}` : r.length >= 3 ? (r[0] = n, r.join(".")) : null;
 }
-const he = "_auth";
-function _e(n) {
+const pe = "_auth";
+function We(n) {
   const e = JSON.stringify(n);
   return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
 }
-function xt(n) {
+function At(n) {
   try {
     let e = n.replace(/-/g, "+").replace(/_/g, "/");
     for (; e.length % 4; )
@@ -821,16 +846,16 @@ function xt(n) {
     return null;
   }
 }
-function At() {
+function Pt() {
   if (typeof window > "u")
     return console.log("[CrossDomainAuth] SSR environment, skipping URL token extraction"), null;
-  const e = new URLSearchParams(window.location.search).get(he);
+  const e = new URLSearchParams(window.location.search).get(pe);
   if (console.log("[CrossDomainAuth] extractAuthTokensFromUrl called", {
     hasAuthParam: !!e,
     searchParams: window.location.search,
     encodedLength: e == null ? void 0 : e.length
   }), !e) return null;
-  const t = xt(e);
+  const t = At(e);
   return console.log("[CrossDomainAuth] Token decode result:", {
     success: !!t,
     hasAccessToken: !!(t != null && t.accessToken),
@@ -838,17 +863,17 @@ function At() {
     expiresIn: t == null ? void 0 : t.expiresIn
   }), t;
 }
-function Pt() {
+function Rt() {
   if (typeof window > "u") return;
   const n = new URL(window.location.href);
-  n.searchParams.delete(he), console.log("[CrossDomainAuth] Clearing auth tokens from URL", {
+  n.searchParams.delete(pe), console.log("[CrossDomainAuth] Clearing auth tokens from URL", {
     oldUrl: window.location.href,
     newUrl: n.toString()
   }), window.history.replaceState({}, "", n.toString());
 }
-const Fe = fe(null);
-function wr({ config: n, children: e }) {
-  const { baseUrl: t, appInfo: r, appId: i } = Se(), o = se(() => typeof window > "u" ? null : Tt(
+const De = fe(null);
+function br({ config: n, children: e }) {
+  const { baseUrl: t, appInfo: r, appId: i } = ve(), o = se(() => typeof window > "u" ? null : kt(
     {
       tenantMode: n.tenantMode || "selector",
       baseDomain: n.baseDomain,
@@ -860,7 +885,7 @@ function wr({ config: n, children: e }) {
       search: window.location.search
     },
     window.localStorage
-  ), [n.tenantMode, n.baseDomain, n.selectorParam, n.fixedTenantSlug]), [a, f] = T(() => o()), g = J(
+  ), [n.tenantMode, n.baseDomain, n.selectorParam, n.fixedTenantSlug]), [a, f] = T(() => o()), g = Z(
     () => {
       var h, C, S;
       return {
@@ -893,7 +918,7 @@ function wr({ config: n, children: e }) {
       if (!(!C && g.enabled && w && w.domain === h))
         try {
           p(!0), R(null);
-          const S = new le(t), y = await new we(S, i).getPublicTenantInfo(h);
+          const S = new ce(t), y = await new be(S, i).getPublicTenantInfo(h);
           if (c(y), g.enabled)
             try {
               const v = {
@@ -920,7 +945,7 @@ function wr({ config: n, children: e }) {
         if (!h) return;
         const C = JSON.parse(h);
         if (Date.now() - C.timestamp > g.ttl * 0.5) {
-          const b = new le(t), v = await new we(b, i).getPublicTenantInfo(a);
+          const b = new ce(t), v = await new be(b, i).getPublicTenantInfo(a);
           c(v);
           const j = {
             data: v,
@@ -936,7 +961,7 @@ function wr({ config: n, children: e }) {
     if (w != null && w.id)
       try {
         u(!0), m(null);
-        const h = new le(t), S = await new we(h, w.appId).getTenantSettings(w.id);
+        const h = new ce(t), S = await new be(h, w.appId).getTenantSettings(w.id);
         E(S);
       } catch (h) {
         const C = h instanceof Error ? h : new Error("Failed to load tenant settings");
@@ -999,7 +1024,7 @@ function wr({ config: n, children: e }) {
         return;
       }
       if (localStorage.setItem("tenant", h), v === "subdomain") {
-        const j = window.location.hostname, Q = kt(
+        const j = window.location.hostname, Q = xt(
           h,
           j,
           n.baseDomain
@@ -1013,11 +1038,11 @@ function wr({ config: n, children: e }) {
         }
         const O = y || window.location.pathname, q = new URL(`${window.location.protocol}//${Q}${O}`);
         new URLSearchParams(window.location.search).forEach((B, X) => {
-          X !== he && q.searchParams.set(X, B);
-        }), b && q.searchParams.set(he, _e(b)), window.location.href = q.toString();
+          X !== pe && q.searchParams.set(X, B);
+        }), b && q.searchParams.set(pe, We(b)), window.location.href = q.toString();
       } else if (v === "selector") {
         const j = y || window.location.pathname, Q = new URLSearchParams(window.location.search);
-        if (Q.set(n.selectorParam || "tenant", h), Q.delete(he), b && Q.set(he, _e(b)), S === "reload") {
+        if (Q.set(n.selectorParam || "tenant", h), Q.delete(pe), b && Q.set(pe, We(b)), S === "reload") {
           const O = `${j}?${Q.toString()}${window.location.hash}`;
           window.location.href = O;
         } else {
@@ -1027,7 +1052,7 @@ function wr({ config: n, children: e }) {
       }
     },
     [n.tenantMode, n.selectorParam, n.baseDomain, L]
-  ), $ = J(() => ({
+  ), $ = Z(() => ({
     // Tenant info
     tenant: w,
     tenantSlug: a,
@@ -1059,19 +1084,19 @@ function wr({ config: n, children: e }) {
     N,
     l
   ]);
-  return /* @__PURE__ */ s(Fe.Provider, { value: $, children: e });
+  return /* @__PURE__ */ s(De.Provider, { value: $, children: e });
 }
 function ge() {
-  const n = ae(Fe);
+  const n = le(De);
   if (!n)
     throw new Error("useTenant must be used within a TenantProvider");
   return n;
 }
-function ke() {
-  return ae(Fe);
+function xe() {
+  return le(De);
 }
-const br = ge;
-function Sr() {
+const Sr = ge;
+function vr() {
   const { settings: n, settingsSchema: e, isSettingsLoading: t, settingsError: r, validateSettings: i } = ge();
   return {
     settings: n,
@@ -1091,35 +1116,35 @@ function me() {
     retry: i
   };
 }
-const De = fe(null);
-function vr({ config: n = {}, children: e }) {
-  const { appId: t, baseUrl: r } = Se(), { tenant: i, tenantSlug: o, switchTenant: a } = ge(), [f, g] = T(n.initialRoles || []), [w, c] = T(!n.initialRoles), [I, p] = T(null), [x, R] = T(!1), [F, E] = T(null), [A, u] = T(0), [k, m] = T(() => {
+const Ne = fe(null);
+function Tr({ config: n = {}, children: e }) {
+  const { appId: t, baseUrl: r } = ve(), { tenant: i, tenantSlug: o, switchTenant: a } = ge(), [f, g] = T(n.initialRoles || []), [w, c] = T(!n.initialRoles), [I, p] = T(null), [x, R] = T(!1), [F, E] = T(null), [A, u] = T(0), [k, m] = T(() => {
     try {
       const G = localStorage.getItem("userTenants");
       return G ? JSON.parse(G) : [];
     } catch {
       return [];
     }
-  }), [M, L] = T(!1), D = Qe({ done: !1, urlTokens: null });
-  D.current.done || (D.current.done = !0, D.current.urlTokens = At(), D.current.urlTokens && console.log(
+  }), [M, L] = T(!1), D = Ke({ done: !1, urlTokens: null });
+  D.current.done || (D.current.done = !0, D.current.urlTokens = Pt(), D.current.urlTokens && console.log(
     "[AuthProvider] SYNC: URL tokens found, will block isAuthReady until user loaded"
   ));
   const [P, U] = T(() => {
     const G = D.current.urlTokens !== null;
     return console.log("[AuthProvider] SYNC: isLoadingAfterUrlTokens initial:", G), G;
-  }), l = J(() => {
-    const G = new pe({
+  }), l = Z(() => {
+    const G = we.getInstance({
       tenantSlug: o,
       baseUrl: r,
       refreshQueueTimeout: n.refreshQueueTimeout,
       proactiveRefreshMargin: n.proactiveRefreshMargin,
-      onSessionExpired: (ue) => {
+      onSessionExpired: (he) => {
         p(null), E(null), m([]), L(!1);
         try {
           localStorage.removeItem("userTenants");
         } catch {
         }
-        n.onSessionExpired ? n.onSessionExpired(ue) : n.onRefreshFailed && n.onRefreshFailed();
+        n.onSessionExpired ? n.onSessionExpired(he) : n.onRefreshFailed && n.onRefreshFailed();
       }
     });
     return D.current.urlTokens && (console.log("[AuthProvider] SYNC: Saving URL tokens to session manager"), G.setTokens({
@@ -1127,10 +1152,10 @@ function vr({ config: n = {}, children: e }) {
       refreshToken: D.current.urlTokens.refreshToken,
       expiresIn: D.current.urlTokens.expiresIn
     }), console.log("[AuthProvider] SYNC: Session valid:", G.hasValidSession())), G;
-  }, [o, r, n.refreshQueueTimeout, n.proactiveRefreshMargin]), [N, $] = T(() => D.current.urlTokens ? !1 : l.hasValidSession()), h = D.current.done && !P && !N, C = J(() => {
-    const G = new le(r);
+  }, [o, r, n.refreshQueueTimeout, n.proactiveRefreshMargin]), [N, $] = T(() => D.current.urlTokens ? !1 : l.hasValidSession()), h = D.current.done && !P && !N, C = Z(() => {
+    const G = new ce(r);
     return G.setSessionManager(l), G;
-  }, [r, l]), S = J(() => new wt(new le(r)), [r]), b = J(() => new bt(C, l), [C, l]), y = J(() => new ze(new le(r)), [r]), v = J(() => I || l.getUser(), [I, l]), j = J(() => v != null && v.roleId && f.find((G) => G.id === v.roleId) || null, [v, f]), Q = J(() => (j == null ? void 0 : j.permissions) || [], [j]), O = J(() => l.hasValidSession() && I !== null, [l, I]), q = 5 * 60 * 1e3, W = J(() => {
+  }, [r, l]), S = Z(() => new bt(new ce(r)), [r]), b = Z(() => new St(C, l), [C, l]), y = Z(() => new _e(new ce(r)), [r]), v = Z(() => I || l.getUser(), [I, l]), j = Z(() => v != null && v.roleId && f.find((G) => G.id === v.roleId) || null, [v, f]), Q = Z(() => (j == null ? void 0 : j.permissions) || [], [j]), O = Z(() => l.hasValidSession() && I !== null, [l, I]), q = 5 * 60 * 1e3, W = Z(() => {
     const G = async (H = !1) => {
       try {
         if (!l.hasValidSession())
@@ -1144,112 +1169,112 @@ function vr({ config: n = {}, children: e }) {
           return;
         }
         R(!0), E(null);
-        const K = await b.getUserById(V);
-        p(K), l.setUser(K), u(Date.now());
+        const J = await b.getUserById(V);
+        p(J), l.setUser(J), u(Date.now());
       } catch (z) {
         const Y = z instanceof Error ? z : new Error("Failed to load user data");
         E(Y), console.error("[AuthProvider] Failed to load user data:", Y);
       } finally {
         R(!1);
       }
-    }, ue = async () => {
+    }, he = async () => {
       await G();
-    }, xe = async (H) => {
-      var Be;
-      const { username: z, password: Y, tenantSlug: V, redirectPath: K } = H;
+    }, Ae = async (H) => {
+      var qe;
+      const { username: z, password: Y, tenantSlug: V, redirectPath: J } = H;
       let te = i == null ? void 0 : i.id, re = o, ne = l;
-      V && (te = (await new we(C, t).getPublicTenantInfo(V)).id, re = V);
-      const Z = await S.login({
+      V && (te = (await new be(C, t).getPublicTenantInfo(V)).id, re = V);
+      const K = await S.login({
         username: z,
         password: Y,
         appId: t,
         tenantId: te
       }), ye = V && V !== o;
-      if (ye && (ne = new pe({
+      if (ye && (ne = new we({
         tenantSlug: re,
         baseUrl: r
       })), ne.setTokens({
-        accessToken: Z.accessToken,
-        refreshToken: Z.refreshToken,
-        expiresIn: Z.expiresIn
-      }), Z.user) {
-        ne.setUser(Z.user), p(Z.user);
+        accessToken: K.accessToken,
+        refreshToken: K.refreshToken,
+        expiresIn: K.expiresIn
+      }), K.user) {
+        ne.setUser(K.user), p(K.user);
         try {
           await G();
-        } catch (ve) {
-          console.warn("Failed to load complete user data after login:", ve);
+        } catch (Te) {
+          console.warn("Failed to load complete user data after login:", Te);
         }
       }
-      if (Z.tenants && Z.tenants.length > 0) {
-        m(Z.tenants);
+      if (K.tenants && K.tenants.length > 0) {
+        m(K.tenants);
         try {
-          localStorage.setItem("userTenants", JSON.stringify(Z.tenants));
+          localStorage.setItem("userTenants", JSON.stringify(K.tenants));
         } catch {
         }
       }
-      const Re = ((Be = Z.user) == null ? void 0 : Be.tenantId) !== null;
-      L(Re);
-      const Ie = {
-        accessToken: Z.accessToken,
-        refreshToken: Z.refreshToken,
-        expiresIn: Z.expiresIn
+      const Ie = ((qe = K.user) == null ? void 0 : qe.tenantId) !== null;
+      L(Ie);
+      const Ee = {
+        accessToken: K.accessToken,
+        refreshToken: K.refreshToken,
+        expiresIn: K.expiresIn
       };
       if (ye && re)
-        return a(re, { tokens: Ie, redirectPath: K }), Z;
-      if (K && K !== window.location.pathname)
-        return a(re || o || "", { tokens: Ie, redirectPath: K }), Z;
-      if (!Re && Z.tenants && Z.tenants.length > 0) {
-        const ve = H.autoSwitch !== !1 && n.autoSwitchSingleTenant !== !1;
-        if (Z.tenants.length === 1 && ve) {
-          const qe = Z.tenants[0];
-          return a(qe.subdomain, { tokens: Ie, redirectPath: K }), Z;
-        } else Z.tenants.length > 1 && n.onTenantSelectionRequired && n.onTenantSelectionRequired(Z.tenants);
+        return a(re, { tokens: Ee, redirectPath: J }), K;
+      if (J && J !== window.location.pathname)
+        return a(re || o || "", { tokens: Ee, redirectPath: J }), K;
+      if (!Ie && K.tenants && K.tenants.length > 0) {
+        const Te = H.autoSwitch !== !1 && n.autoSwitchSingleTenant !== !1;
+        if (K.tenants.length === 1 && Te) {
+          const Oe = K.tenants[0];
+          return a(Oe.subdomain, { tokens: Ee, redirectPath: J }), K;
+        } else K.tenants.length > 1 && n.onTenantSelectionRequired && n.onTenantSelectionRequired(K.tenants);
       }
-      return Z;
-    }, Ae = async (H) => {
-      const { email: z, phoneNumber: Y, name: V, password: K, lastName: te, tenantId: re } = H;
+      return K;
+    }, Pe = async (H) => {
+      const { email: z, phoneNumber: Y, name: V, password: J, lastName: te, tenantId: re } = H;
       if (!z && !Y)
         throw new Error("Either email or phoneNumber is required");
-      if (!V || !K)
+      if (!V || !J)
         throw new Error("Name and password are required");
       const ne = re ?? (i == null ? void 0 : i.id);
       return await S.signup({
         email: z,
         phoneNumber: Y,
         name: V,
-        password: K,
+        password: J,
         tenantId: ne,
         lastName: te,
         appId: t
       });
-    }, tt = async (H) => {
-      const { email: z, phoneNumber: Y, name: V, password: K, tenantName: te, lastName: re } = H;
+    }, rt = async (H) => {
+      const { email: z, phoneNumber: Y, name: V, password: J, tenantName: te, lastName: re } = H;
       if (!z && !Y)
         throw new Error("Either email or phoneNumber is required");
-      if (!V || !K || !te)
+      if (!V || !J || !te)
         throw new Error("Name, password, and tenantName are required");
       return await S.signupTenantAdmin({
         email: z,
         phoneNumber: Y,
         name: V,
-        password: K,
+        password: J,
         tenantName: te,
         appId: t,
         lastName: re
       });
-    }, rt = async (H) => {
+    }, nt = async (H) => {
       const { currentPassword: z, newPassword: Y } = H, V = await l.getAuthHeaders();
       await S.changePassword({ currentPassword: z, newPassword: Y }, V);
-    }, nt = async (H) => {
+    }, st = async (H) => {
       const { email: z, tenantId: Y } = H, V = Y ?? (i == null ? void 0 : i.id);
       if (!V)
         throw new Error("tenantId is required for password reset");
       await S.requestPasswordReset({ email: z, tenantId: V });
-    }, st = async (H) => {
+    }, it = async (H) => {
       const { token: z, newPassword: Y } = H;
       await S.confirmPasswordReset({ token: z, newPassword: Y });
-    }, it = async (H) => {
-      const { email: z, frontendUrl: Y, name: V, lastName: K, tenantId: te } = H, re = te ?? (i == null ? void 0 : i.id);
+    }, ot = async (H) => {
+      const { email: z, frontendUrl: Y, name: V, lastName: J, tenantId: te } = H, re = te ?? (i == null ? void 0 : i.id);
       if (!re)
         throw new Error("tenantId is required for magic link authentication");
       return await S.sendMagicLink({
@@ -1257,20 +1282,20 @@ function vr({ config: n = {}, children: e }) {
         tenantId: re,
         frontendUrl: Y,
         name: V,
-        lastName: K,
+        lastName: J,
         appId: t
       });
-    }, ot = async (H) => {
+    }, at = async (H) => {
       const { token: z, email: Y, tenantSlug: V } = H;
-      let K = i == null ? void 0 : i.id, te = o, re = l;
-      V && (K = (await new we(C, t).getPublicTenantInfo(V)).id, te = V);
+      let J = i == null ? void 0 : i.id, te = o, re = l;
+      V && (J = (await new be(C, t).getPublicTenantInfo(V)).id, te = V);
       const ne = await S.verifyMagicLink({
         token: z,
         email: Y,
         appId: t,
-        tenantId: K
-      }), Z = V && V !== o;
-      if (Z && (re = new pe({
+        tenantId: J
+      }), K = V && V !== o;
+      if (K && (re = new we({
         tenantSlug: te,
         baseUrl: r
       })), re.setTokens({
@@ -1285,14 +1310,14 @@ function vr({ config: n = {}, children: e }) {
           console.warn("Failed to load complete user data after magic link login:", ye);
         }
       }
-      return Z && te && te !== o && a(te, {
+      return K && te && te !== o && a(te, {
         tokens: {
           accessToken: ne.accessToken,
           refreshToken: ne.refreshToken,
           expiresIn: ne.expiresIn
         }
       }), ne;
-    }, at = async () => {
+    }, lt = async () => {
       const H = l.getTokens();
       if (!(H != null && H.refreshToken))
         throw new Error("No refresh token available");
@@ -1304,17 +1329,17 @@ function vr({ config: n = {}, children: e }) {
         refreshToken: z.refreshToken || H.refreshToken,
         expiresIn: z.expiresIn
       });
-    }, lt = () => {
+    }, ct = () => {
       l.clearSession(), p(null), E(null), m([]), L(!1);
       try {
         localStorage.removeItem("userTenants");
       } catch {
       }
-    }, ct = (H) => {
+    }, dt = (H) => {
       l.setTokens(H);
-    }, dt = () => l.hasValidSession(), ut = () => {
+    }, ut = () => l.hasValidSession(), ht = () => {
       l.clearSession(), p(null), E(null);
-    }, ht = async () => {
+    }, pt = async () => {
       if (t)
         try {
           c(!0);
@@ -1325,9 +1350,9 @@ function vr({ config: n = {}, children: e }) {
         } finally {
           c(!1);
         }
-    }, pt = async () => {
-      await ht();
-    }, Pe = (H) => {
+    }, ft = async () => {
+      await pt();
+    }, Re = (H) => {
       if (!Q || Q.length === 0)
         return !1;
       if (typeof H == "string")
@@ -1340,35 +1365,35 @@ function vr({ config: n = {}, children: e }) {
       isAuthenticated: O,
       sessionManager: l,
       authenticatedHttpService: C,
-      login: xe,
-      signup: Ae,
-      signupTenantAdmin: tt,
-      sendMagicLink: it,
-      verifyMagicLink: ot,
-      changePassword: rt,
-      requestPasswordReset: nt,
-      confirmPasswordReset: st,
-      refreshToken: at,
-      logout: lt,
-      setTokens: ct,
-      hasValidSession: dt,
-      clearSession: ut,
+      login: Ae,
+      signup: Pe,
+      signupTenantAdmin: rt,
+      sendMagicLink: ot,
+      verifyMagicLink: at,
+      changePassword: nt,
+      requestPasswordReset: st,
+      confirmPasswordReset: it,
+      refreshToken: lt,
+      logout: ct,
+      setTokens: dt,
+      hasValidSession: ut,
+      clearSession: ht,
       currentUser: I,
       isUserLoading: x,
       userError: F,
       loadUserData: G,
-      refreshUser: ue,
+      refreshUser: he,
       isAuthInitializing: !h,
       isAuthReady: h,
       userRole: j,
       userPermissions: Q,
       availableRoles: f,
       rolesLoading: w,
-      hasPermission: Pe,
-      hasAnyPermission: (H) => H.some((z) => Pe(z)),
-      hasAllPermissions: (H) => H.every((z) => Pe(z)),
+      hasPermission: Re,
+      hasAnyPermission: (H) => H.some((z) => Re(z)),
+      hasAllPermissions: (H) => H.every((z) => Re(z)),
       getUserPermissionStrings: () => Q || [],
-      refreshRoles: pt,
+      refreshRoles: ft,
       // RFC-004: Multi-tenant user membership
       userTenants: k,
       hasTenantContext: M,
@@ -1376,22 +1401,22 @@ function vr({ config: n = {}, children: e }) {
         const { redirectPath: Y } = z || {}, V = l.getTokens();
         if (!(V != null && V.refreshToken))
           throw new Error("No refresh token available for tenant switch");
-        const K = await S.switchTenant({
+        const J = await S.switchTenant({
           refreshToken: V.refreshToken,
           tenantId: H
         });
         l.setTokens({
-          accessToken: K.accessToken,
+          accessToken: J.accessToken,
           refreshToken: V.refreshToken,
           // Keep the same refresh token
-          expiresIn: K.expiresIn
-        }), p(K.user), l.setUser(K.user), L(!0);
+          expiresIn: J.expiresIn
+        }), p(J.user), l.setUser(J.user), L(!0);
         const te = k.find((re) => re.id === H);
         te && a(te.subdomain, {
           tokens: {
-            accessToken: K.accessToken,
+            accessToken: J.accessToken,
             refreshToken: V.refreshToken,
-            expiresIn: K.expiresIn
+            expiresIn: J.expiresIn
           },
           redirectPath: Y
         });
@@ -1429,16 +1454,14 @@ function vr({ config: n = {}, children: e }) {
     A,
     q
   ]);
-  ee(() => () => {
-    l.destroy();
-  }, [l]), ee(() => {
+  ee(() => {
     !n.initialRoles && t && (async () => {
       try {
         c(!0);
-        const ue = new le(r), xe = new ze(ue), { roles: Ae } = await xe.getRolesByApp(t);
-        g(Ae);
-      } catch (ue) {
-        console.error("Failed to fetch roles:", ue);
+        const he = new ce(r), Ae = new _e(he), { roles: Pe } = await Ae.getRolesByApp(t);
+        g(Pe);
+      } catch (he) {
+        console.error("Failed to fetch roles:", he);
       } finally {
         c(!1);
       }
@@ -1446,7 +1469,7 @@ function vr({ config: n = {}, children: e }) {
   }, [t, r, n.initialRoles]);
   const [B, X] = T(!1);
   return ee(() => {
-    B || (X(!0), D.current.urlTokens && (console.log("[AuthProvider] EFFECT: Cleaning up URL after sync token processing"), Pt(), U(!0), console.log("[AuthProvider] EFFECT: Loading user data (blocking isAuthReady)..."), W.loadUserData().catch((G) => {
+    B || (X(!0), D.current.urlTokens && (console.log("[AuthProvider] EFFECT: Cleaning up URL after sync token processing"), Rt(), U(!0), console.log("[AuthProvider] EFFECT: Loading user data (blocking isAuthReady)..."), W.loadUserData().catch((G) => {
       console.error("[AuthProvider] Failed to load user data:", G);
     }).finally(() => {
       console.log("[AuthProvider] EFFECT: User data loaded, releasing isAuthReady"), U(!1);
@@ -1467,18 +1490,18 @@ function vr({ config: n = {}, children: e }) {
       });
     }, q);
     return () => clearInterval(G);
-  }, [l, I, W, q]), /* @__PURE__ */ s(De.Provider, { value: W, children: e });
+  }, [l, I, W, q]), /* @__PURE__ */ s(Ne.Provider, { value: W, children: e });
 }
-function de() {
-  const n = ae(De);
+function ue() {
+  const n = le(Ne);
   if (!n)
     throw new Error("useAuth must be used within an AuthProvider");
   return n;
 }
-function Ne() {
-  return ae(De);
+function Ce() {
+  return le(Ne);
 }
-class Rt {
+class It {
   constructor(e, t) {
     this.httpService = e, this.sessionManager = t;
   }
@@ -1558,11 +1581,11 @@ class Rt {
     })).data;
   }
 }
-const Ce = fe(null);
-function Tr({ config: n = {}, children: e }) {
-  const t = Ze(), r = ke(), i = (t == null ? void 0 : t.baseUrl) ?? "", o = (t == null ? void 0 : t.appId) ?? "", a = (r == null ? void 0 : r.tenant) ?? null, [f, g] = T([]), [w, c] = T(!1), [I, p] = T(null), [x, R] = T(!1), F = J(() => {
-    const u = new le(i);
-    return new Rt(u);
+const Ue = fe(null);
+function kr({ config: n = {}, children: e }) {
+  const t = Ze(), r = xe(), i = (t == null ? void 0 : t.baseUrl) ?? "", o = (t == null ? void 0 : t.appId) ?? "", a = (r == null ? void 0 : r.tenant) ?? null, [f, g] = T([]), [w, c] = T(!1), [I, p] = T(null), [x, R] = T(!1), F = Z(() => {
+    const u = new ce(i);
+    return new It(u);
   }, [i]), E = async () => {
     if (!(a != null && a.id)) {
       g([]);
@@ -1585,7 +1608,7 @@ function Tr({ config: n = {}, children: e }) {
     const u = n.refreshInterval || 5 * 60 * 1e3, k = setInterval(E, u);
     return () => clearInterval(k);
   }, [a == null ? void 0 : a.id, i, o, n.refreshInterval]);
-  const A = J(() => {
+  const A = Z(() => {
     const u = (D) => {
       const P = f.find((U) => U.key === D);
       return (P == null ? void 0 : P.value) === !0;
@@ -1606,18 +1629,18 @@ function Tr({ config: n = {}, children: e }) {
       refresh: M
     };
   }, [f, w, I, i, o, a == null ? void 0 : a.id, x]);
-  return /* @__PURE__ */ s(Ce.Provider, { value: A, children: e });
+  return /* @__PURE__ */ s(Ue.Provider, { value: A, children: e });
 }
-function It() {
-  const n = ae(Ce);
+function Et() {
+  const n = le(Ue);
   if (!n)
     throw new Error("useFeatureFlags must be used within a FeatureFlagProvider");
   return n;
 }
 function Je() {
-  return ae(Ce);
+  return le(Ue);
 }
-class Et {
+class Mt {
   constructor(e, t) {
     this.httpService = e, this.sessionManager = t;
   }
@@ -1683,11 +1706,11 @@ class Et {
     )).data;
   }
 }
-const Ue = fe(void 0);
-function kr({ config: n = {}, children: e }) {
-  const t = Ze(), r = ke(), i = (t == null ? void 0 : t.baseUrl) ?? "", o = (r == null ? void 0 : r.tenant) ?? null, [a, f] = T(null), [g, w] = T(!1), [c, I] = T(null), [p, x] = T(!1), R = J(() => {
-    const A = new le(i);
-    return new Et(A);
+const $e = fe(void 0);
+function xr({ config: n = {}, children: e }) {
+  const t = Ze(), r = xe(), i = (t == null ? void 0 : t.baseUrl) ?? "", o = (r == null ? void 0 : r.tenant) ?? null, [a, f] = T(null), [g, w] = T(!1), [c, I] = T(null), [p, x] = T(!1), R = Z(() => {
+    const A = new ce(i);
+    return new Mt(A);
   }, [i]), F = async () => {
     if (!(o != null && o.id)) {
       f(null);
@@ -1709,7 +1732,7 @@ function kr({ config: n = {}, children: e }) {
     const A = n.refreshInterval || 10 * 60 * 1e3, u = setInterval(F, A);
     return () => clearInterval(u);
   }, [o == null ? void 0 : o.id, i, n.refreshInterval]);
-  const E = J(() => {
+  const E = Z(() => {
     const A = (a == null ? void 0 : a.features) || [], u = (P) => {
       const U = A.find((l) => l.key === P);
       return U ? U.type === "BOOLEAN" || U.type === "boolean" ? U.value === !0 : !!U.value : !1;
@@ -1732,19 +1755,19 @@ function kr({ config: n = {}, children: e }) {
       refresh: L
     };
   }, [a, g, c, i, o == null ? void 0 : o.id, p]);
-  return /* @__PURE__ */ s(Ue.Provider, { value: E, children: e });
+  return /* @__PURE__ */ s($e.Provider, { value: E, children: e });
 }
-function Mt() {
-  const n = ae(Ue);
+function Lt() {
+  const n = le($e);
   if (n === void 0)
     throw new Error("useSubscription must be used within a SubscriptionProvider");
   return n;
 }
-function Ke() {
-  return ae(Ue) ?? null;
+function Ye() {
+  return le($e) ?? null;
 }
-var oe = /* @__PURE__ */ ((n) => (n.SUPERUSER = "SUPERUSER", n.TENANT_ADMIN = "TENANT_ADMIN", n.USER = "USER", n))(oe || {});
-const $e = {
+var ae = /* @__PURE__ */ ((n) => (n.SUPERUSER = "SUPERUSER", n.TENANT_ADMIN = "TENANT_ADMIN", n.USER = "USER", n))(ae || {});
+const He = {
   publicGuest: "/",
   publicUser: "/account",
   publicAdmin: "/admin",
@@ -1752,7 +1775,7 @@ const $e = {
   tenantUser: "/dashboard",
   tenantAdmin: "/admin/dashboard",
   default: "/"
-}, Ye = {
+}, Xe = {
   // Public/Landing zones
   landing: { tenant: "forbidden", auth: "optional" },
   publicOnly: { tenant: "forbidden", auth: "forbidden" },
@@ -1765,18 +1788,18 @@ const $e = {
   tenantOpen: { tenant: "required", auth: "optional" },
   tenantAuth: { tenant: "required", auth: "required" },
   // User type zones
-  user: { tenant: "required", auth: "required", userType: oe.USER },
-  admin: { tenant: "required", auth: "required", userType: oe.TENANT_ADMIN },
+  user: { tenant: "required", auth: "required", userType: ae.USER },
+  admin: { tenant: "required", auth: "required", userType: ae.TENANT_ADMIN },
   // Fully open
   open: { tenant: "optional", auth: "optional" }
-}, He = fe(null);
-function xr({ config: n = {}, children: e }) {
-  const t = J(() => {
+}, Be = fe(null);
+function Ar({ config: n = {}, children: e }) {
+  const t = Z(() => {
     const r = {
-      ...$e,
+      ...He,
       ...n.zoneRoots
     }, i = {
-      ...Ye,
+      ...Xe,
       ...n.presets
     };
     return {
@@ -1789,19 +1812,19 @@ function xr({ config: n = {}, children: e }) {
       returnToStorage: n.returnToStorage ?? "url"
     };
   }, [n]);
-  return /* @__PURE__ */ s(He.Provider, { value: t, children: e });
+  return /* @__PURE__ */ s(Be.Provider, { value: t, children: e });
 }
-function Ar() {
-  const n = ae(He);
+function Pr() {
+  const n = le(Be);
   if (!n)
     throw new Error("useRouting must be used within a RoutingProvider");
   return n;
 }
-function Lt() {
-  const n = ae(He);
+function Ft() {
+  const n = le(Be);
   return n || {
-    zoneRoots: $e,
-    presets: Ye,
+    zoneRoots: He,
+    presets: Xe,
     loadingFallback: null,
     accessDeniedFallback: null,
     onAccessDenied: void 0,
@@ -1809,7 +1832,7 @@ function Lt() {
     returnToStorage: "url"
   };
 }
-const We = () => /* @__PURE__ */ d(
+const Ve = () => /* @__PURE__ */ d(
   "div",
   {
     style: {
@@ -1846,7 +1869,7 @@ const We = () => /* @__PURE__ */ d(
       )
     ]
   }
-), Ve = ({
+), je = ({
   userType: n,
   minUserType: e,
   missingPermissions: t
@@ -1887,36 +1910,36 @@ const We = () => /* @__PURE__ */ d(
       ] })
     ]
   }
-), Ft = (n, e) => {
+), Dt = (n, e) => {
   const t = {
-    [oe.USER]: 1,
-    [oe.TENANT_ADMIN]: 2,
-    [oe.SUPERUSER]: 3
+    [ae.USER]: 1,
+    [ae.TENANT_ADMIN]: 2,
+    [ae.SUPERUSER]: 3
   };
   return t[n] >= t[e];
 };
-function Pr({
+function Rr({
   children: n,
   fallback: e,
   minUserType: t,
   requiredPermissions: r,
   requireAllPermissions: i = !1
 }) {
-  const { hasValidSession: o, sessionManager: a, hasPermission: f, hasAnyPermission: g, hasAllPermissions: w } = de();
+  const { hasValidSession: o, sessionManager: a, hasPermission: f, hasAnyPermission: g, hasAllPermissions: w } = ue();
   if (!o())
-    return /* @__PURE__ */ s(_, { children: e || /* @__PURE__ */ s(We, {}) });
+    return /* @__PURE__ */ s(_, { children: e || /* @__PURE__ */ s(Ve, {}) });
   const c = a.getUser();
   if (!c)
-    return /* @__PURE__ */ s(_, { children: e || /* @__PURE__ */ s(We, {}) });
-  if (t && !Ft(c.userType, t))
-    return /* @__PURE__ */ s(Ve, { userType: c.userType, minUserType: t });
+    return /* @__PURE__ */ s(_, { children: e || /* @__PURE__ */ s(Ve, {}) });
+  if (t && !Dt(c.userType, t))
+    return /* @__PURE__ */ s(je, { userType: c.userType, minUserType: t });
   if (r && r.length > 0 && !(i ? w(r) : g(r))) {
     const p = r.filter((x) => !f(x)).map((x) => typeof x == "string" ? x : x.name);
-    return /* @__PURE__ */ s(Ve, { missingPermissions: p });
+    return /* @__PURE__ */ s(je, { missingPermissions: p });
   }
   return /* @__PURE__ */ s(_, { children: n });
 }
-const Dt = ({ redirectPath: n }) => /* @__PURE__ */ s(
+const Nt = ({ redirectPath: n }) => /* @__PURE__ */ s(
   "div",
   {
     style: {
@@ -1952,7 +1975,7 @@ const Dt = ({ redirectPath: n }) => /* @__PURE__ */ s(
       }
     )
   }
-), je = ({
+), Ge = ({
   userType: n,
   requiredUserType: e,
   missingPermissions: t
@@ -2003,8 +2026,8 @@ const Dt = ({ redirectPath: n }) => /* @__PURE__ */ s(
       }
     )
   }
-), Nt = (n, e) => n === e;
-function Rr({
+), Ct = (n, e) => n === e;
+function Ir({
   children: n,
   redirectTo: e = "/login",
   requiredUserType: t,
@@ -2012,22 +2035,22 @@ function Rr({
   requireAllPermissions: i = !1,
   fallback: o
 }) {
-  const { hasValidSession: a, sessionManager: f, hasPermission: g, hasAnyPermission: w, hasAllPermissions: c } = de(), I = Te();
+  const { hasValidSession: a, sessionManager: f, hasPermission: g, hasAnyPermission: w, hasAllPermissions: c } = ue(), I = ke();
   if (ee(() => {
     process.env.NODE_ENV === "development" && console.warn(
       "[react-identity-access] ProtectedRoute is deprecated. Use AuthenticatedZone or AdminZone from ZoneRoute instead."
     );
   }, []), !a())
     return o ? /* @__PURE__ */ s(_, { children: o }) : /* @__PURE__ */ d(_, { children: [
-      /* @__PURE__ */ s(Dt, { redirectPath: e }),
-      /* @__PURE__ */ s(be, { to: e, state: { from: I.pathname }, replace: !0 })
+      /* @__PURE__ */ s(Nt, { redirectPath: e }),
+      /* @__PURE__ */ s(Se, { to: e, state: { from: I.pathname }, replace: !0 })
     ] });
   const p = f.getUser();
   if (!p)
-    return /* @__PURE__ */ s(be, { to: e, state: { from: I.pathname }, replace: !0 });
-  if (t && !Nt(p.userType, t))
+    return /* @__PURE__ */ s(Se, { to: e, state: { from: I.pathname }, replace: !0 });
+  if (t && !Ct(p.userType, t))
     return /* @__PURE__ */ s(
-      je,
+      Ge,
       {
         userType: p.userType,
         requiredUserType: t
@@ -2035,11 +2058,11 @@ function Rr({
     );
   if (r && r.length > 0 && !(i ? c(r) : w(r))) {
     const R = r.filter((F) => !g(F)).map((F) => typeof F == "string" ? F : F.name);
-    return /* @__PURE__ */ s(je, { missingPermissions: R });
+    return /* @__PURE__ */ s(Ge, { missingPermissions: R });
   }
   return /* @__PURE__ */ s(_, { children: n });
 }
-const Ct = ({ redirectPath: n }) => /* @__PURE__ */ s(
+const Ut = ({ redirectPath: n }) => /* @__PURE__ */ s(
   "div",
   {
     style: {
@@ -2076,18 +2099,18 @@ const Ct = ({ redirectPath: n }) => /* @__PURE__ */ s(
     )
   }
 );
-function Ir({ children: n, redirectTo: e = "/", fallback: t }) {
-  const { tenant: r, isLoading: i, error: o } = me(), a = Te();
+function Er({ children: n, redirectTo: e = "/", fallback: t }) {
+  const { tenant: r, isLoading: i, error: o } = me(), a = ke();
   return ee(() => {
     process.env.NODE_ENV === "development" && console.warn(
       "[react-identity-access] TenantRoute is deprecated. Use TenantZone from ZoneRoute instead."
     );
   }, []), i || o ? null : r ? /* @__PURE__ */ s(_, { children: n }) : t ? /* @__PURE__ */ s(_, { children: t }) : /* @__PURE__ */ d(_, { children: [
-    /* @__PURE__ */ s(Ct, { redirectPath: e }),
-    /* @__PURE__ */ s(be, { to: e, state: { from: a.pathname }, replace: !0 })
+    /* @__PURE__ */ s(Ut, { redirectPath: e }),
+    /* @__PURE__ */ s(Se, { to: e, state: { from: a.pathname }, replace: !0 })
   ] });
 }
-const Ut = ({ redirectPath: n }) => /* @__PURE__ */ s(
+const $t = ({ redirectPath: n }) => /* @__PURE__ */ s(
   "div",
   {
     style: {
@@ -2124,41 +2147,41 @@ const Ut = ({ redirectPath: n }) => /* @__PURE__ */ s(
     )
   }
 );
-function Er({ children: n, redirectTo: e = "/dashboard", fallback: t }) {
-  const { tenant: r, isLoading: i, error: o } = me(), a = Te();
+function Mr({ children: n, redirectTo: e = "/dashboard", fallback: t }) {
+  const { tenant: r, isLoading: i, error: o } = me(), a = ke();
   return ee(() => {
     process.env.NODE_ENV === "development" && console.warn(
       "[react-identity-access] LandingRoute is deprecated. Use PublicZone from ZoneRoute instead."
     );
   }, []), i || o ? null : r ? t ? /* @__PURE__ */ s(_, { children: t }) : /* @__PURE__ */ d(_, { children: [
-    /* @__PURE__ */ s(Ut, { redirectPath: e }),
-    /* @__PURE__ */ s(be, { to: e, state: { from: a.pathname }, replace: !0 })
+    /* @__PURE__ */ s($t, { redirectPath: e }),
+    /* @__PURE__ */ s(Se, { to: e, state: { from: a.pathname }, replace: !0 })
   ] }) : /* @__PURE__ */ s(_, { children: n });
 }
-function $t(n, e) {
+function Ht(n, e) {
   return e ? n ? Array.isArray(e) ? e.includes(n) : n === e : !1 : !0;
 }
-function Ge(n, e) {
+function Qe(n, e) {
   return !n || n === "optional" ? "skip" : n === "required" ? e ? "pass" : "fail" : n === "forbidden" ? e ? "fail" : "pass" : "skip";
 }
-function Ht(n, e) {
-  return Ge(n.tenant, e.hasTenant) === "fail" ? e.hasTenant ? "has_tenant" : "no_tenant" : Ge(n.auth, e.isAuthenticated) === "fail" ? e.isAuthenticated ? "already_authenticated" : "not_authenticated" : n.userType && e.isAuthenticated && !$t(e.userType, n.userType) ? "wrong_user_type" : n.permissions && n.permissions.length > 0 && !(n.requireAllPermissions !== !1 ? (o) => o.every((a) => e.permissions.includes(a)) : (o) => o.some((a) => e.permissions.includes(a)))(n.permissions) ? "missing_permissions" : null;
-}
 function Bt(n, e) {
-  return n.hasTenant ? n.isAuthenticated ? n.userType === oe.TENANT_ADMIN ? e.tenantAdmin : e.tenantUser : e.tenantGuest : n.isAuthenticated ? n.userType === oe.TENANT_ADMIN ? e.publicAdmin : e.publicUser : e.publicGuest;
+  return Qe(n.tenant, e.hasTenant) === "fail" ? e.hasTenant ? "has_tenant" : "no_tenant" : Qe(n.auth, e.isAuthenticated) === "fail" ? e.isAuthenticated ? "already_authenticated" : "not_authenticated" : n.userType && e.isAuthenticated && !Ht(e.userType, n.userType) ? "wrong_user_type" : n.permissions && n.permissions.length > 0 && !(n.requireAllPermissions !== !1 ? (o) => o.every((a) => e.permissions.includes(a)) : (o) => o.some((a) => e.permissions.includes(a)))(n.permissions) ? "missing_permissions" : null;
 }
-function qt(n, e, t, r, i) {
+function qt(n, e) {
+  return n.hasTenant ? n.isAuthenticated ? n.userType === ae.TENANT_ADMIN ? e.tenantAdmin : e.tenantUser : e.tenantGuest : n.isAuthenticated ? n.userType === ae.TENANT_ADMIN ? e.publicAdmin : e.publicUser : e.publicGuest;
+}
+function Ot(n, e, t, r, i) {
   if (!e || i !== "url")
     return n;
   const o = typeof e == "string" ? e : t, a = n.includes("?") ? "&" : "?";
   return `${n}${a}${r}=${encodeURIComponent(o)}`;
 }
-function Ot(n, e, t) {
+function zt(n, e, t) {
   if (!n || t === "url") return;
   const r = typeof n == "string" ? n : e, i = "zone_return_to";
   t === "session" ? sessionStorage.setItem(i, r) : t === "local" && localStorage.setItem(i, r);
 }
-const ce = ({
+const de = ({
   children: n,
   preset: e,
   tenant: t,
@@ -2172,10 +2195,10 @@ const ce = ({
   loadingFallback: c,
   accessDeniedFallback: I
 }) => {
-  const p = Te(), { isAuthenticated: x, isAuthInitializing: R, currentUser: F, userPermissions: E } = de(), { tenant: A, isTenantLoading: u } = ge(), k = Lt(), m = J(() => {
+  const p = ke(), { isAuthenticated: x, isAuthInitializing: R, currentUser: F, userPermissions: E } = ue(), { tenant: A, isTenantLoading: u } = ge(), k = Ft(), m = Z(() => {
     if (e)
       return k.presets[e];
-  }, [e, k.presets]), M = J(
+  }, [e, k.presets]), M = Z(
     () => ({
       tenant: t ?? (m == null ? void 0 : m.tenant),
       auth: r ?? (m == null ? void 0 : m.auth),
@@ -2184,7 +2207,7 @@ const ce = ({
       requireAllPermissions: a
     }),
     [t, r, i, o, m, a]
-  ), L = J(
+  ), L = Z(
     () => ({
       hasTenant: !!A,
       isAuthenticated: x,
@@ -2200,7 +2223,7 @@ const ce = ({
       R,
       u
     ]
-  ), D = J(() => L.isLoading ? null : Ht(M, L), [M, L]), P = J(() => D ? w || Bt(L, k.zoneRoots) : null, [D, w, L, k.zoneRoots]), U = J(() => !D || !P ? null : {
+  ), D = Z(() => L.isLoading ? null : Bt(M, L), [M, L]), P = Z(() => D ? w || qt(L, k.zoneRoots) : null, [D, w, L, k.zoneRoots]), U = Z(() => !D || !P ? null : {
     type: D,
     required: {
       tenant: M.tenant,
@@ -2219,7 +2242,7 @@ const ce = ({
   if (ee(() => {
     U && (g ? g(U) : k.onAccessDenied && k.onAccessDenied(U));
   }, [U, g, k]), ee(() => {
-    U && f && Ot(f, p.pathname + p.search, k.returnToStorage);
+    U && f && zt(f, p.pathname + p.search, k.returnToStorage);
   }, [
     U,
     f,
@@ -2232,17 +2255,17 @@ const ce = ({
     const l = I ?? k.accessDeniedFallback;
     if (l)
       return /* @__PURE__ */ s(_, { children: l });
-    const N = qt(
+    const N = Ot(
       P,
       f,
       p.pathname + p.search,
       k.returnToParam,
       k.returnToStorage
     );
-    return /* @__PURE__ */ s(be, { to: N, replace: !0 });
+    return /* @__PURE__ */ s(Se, { to: N, replace: !0 });
   }
   return /* @__PURE__ */ s(_, { children: n });
-}, Mr = (n) => /* @__PURE__ */ s(ce, { tenant: "required", ...n }), Lr = (n) => /* @__PURE__ */ s(ce, { tenant: "forbidden", ...n }), Fr = (n) => /* @__PURE__ */ s(ce, { auth: "required", ...n }), Dr = (n) => /* @__PURE__ */ s(ce, { auth: "forbidden", ...n }), Nr = (n) => /* @__PURE__ */ s(ce, { auth: "required", userType: oe.TENANT_ADMIN, ...n }), Cr = (n) => /* @__PURE__ */ s(ce, { auth: "required", userType: oe.USER, ...n }), Ur = (n) => /* @__PURE__ */ s(ce, { tenant: "optional", auth: "optional", ...n }), $r = (n) => /* @__PURE__ */ s(ce, { tenant: "required", auth: "required", ...n }), Hr = (n) => /* @__PURE__ */ s(ce, { tenant: "required", auth: "optional", ...n }), Br = (n) => /* @__PURE__ */ s(ce, { tenant: "required", auth: "forbidden", ...n }), zt = () => /* @__PURE__ */ d(
+}, Lr = (n) => /* @__PURE__ */ s(de, { tenant: "required", ...n }), Fr = (n) => /* @__PURE__ */ s(de, { tenant: "forbidden", ...n }), Dr = (n) => /* @__PURE__ */ s(de, { auth: "required", ...n }), Nr = (n) => /* @__PURE__ */ s(de, { auth: "forbidden", ...n }), Cr = (n) => /* @__PURE__ */ s(de, { auth: "required", userType: ae.TENANT_ADMIN, ...n }), Ur = (n) => /* @__PURE__ */ s(de, { auth: "required", userType: ae.USER, ...n }), $r = (n) => /* @__PURE__ */ s(de, { tenant: "optional", auth: "optional", ...n }), Hr = (n) => /* @__PURE__ */ s(de, { tenant: "required", auth: "required", ...n }), Br = (n) => /* @__PURE__ */ s(de, { tenant: "required", auth: "optional", ...n }), qr = (n) => /* @__PURE__ */ s(de, { tenant: "required", auth: "forbidden", ...n }), _t = () => /* @__PURE__ */ d(
   "div",
   {
     style: {
@@ -2259,13 +2282,13 @@ const ce = ({
     ]
   }
 );
-function qr({
+function Or({
   children: n,
-  fallback: e = /* @__PURE__ */ s(zt, {}),
+  fallback: e = /* @__PURE__ */ s(_t, {}),
   allowedPlans: t,
   requiredFeature: r
 }) {
-  const { subscription: i, hasAllowedPlan: o, isFeatureEnabled: a, loading: f } = Mt();
+  const { subscription: i, hasAllowedPlan: o, isFeatureEnabled: a, loading: f } = Lt();
   return f ? /* @__PURE__ */ s(
     "div",
     {
@@ -2278,7 +2301,7 @@ function qr({
     }
   ) : i ? i.isActive ? t && t.length > 0 && !o(t) ? /* @__PURE__ */ s(_, { children: e }) : r && !a(r) ? /* @__PURE__ */ s(_, { children: e }) : /* @__PURE__ */ s(_, { children: n }) : /* @__PURE__ */ s(_, { children: e }) : /* @__PURE__ */ s(_, { children: e });
 }
-const _t = ({ flagName: n }) => /* @__PURE__ */ d(
+const Wt = ({ flagName: n }) => /* @__PURE__ */ d(
   "div",
   {
     style: {
@@ -2305,8 +2328,8 @@ const _t = ({ flagName: n }) => /* @__PURE__ */ d(
     ]
   }
 );
-function Or({ name: n, children: e, fallback: t }) {
-  const { isEnabled: r, loading: i } = It();
+function zr({ name: n, children: e, fallback: t }) {
+  const { isEnabled: r, loading: i } = Et();
   return i ? /* @__PURE__ */ s(
     "div",
     {
@@ -2320,9 +2343,9 @@ function Or({ name: n, children: e, fallback: t }) {
       },
       children: "Loading feature flags..."
     }
-  ) : r(n) ? /* @__PURE__ */ s(_, { children: e }) : /* @__PURE__ */ s(_, { children: t || /* @__PURE__ */ s(_t, { flagName: n }) });
+  ) : r(n) ? /* @__PURE__ */ s(_, { children: e }) : /* @__PURE__ */ s(_, { children: t || /* @__PURE__ */ s(Wt, { flagName: n }) });
 }
-const Wt = () => /* @__PURE__ */ d(
+const Vt = () => /* @__PURE__ */ d(
   "svg",
   {
     width: "16",
@@ -2339,7 +2362,7 @@ const Wt = () => /* @__PURE__ */ d(
       /* @__PURE__ */ s("circle", { cx: "12", cy: "12", r: "3" })
     ]
   }
-), Vt = () => /* @__PURE__ */ d(
+), jt = () => /* @__PURE__ */ d(
   "svg",
   {
     width: "16",
@@ -2356,10 +2379,10 @@ const Wt = () => /* @__PURE__ */ d(
       /* @__PURE__ */ s("line", { x1: "1", y1: "1", x2: "23", y2: "23" })
     ]
   }
-), jt = {
-  showPassword: /* @__PURE__ */ s(Wt, {}),
-  hidePassword: /* @__PURE__ */ s(Vt, {})
-}, Gt = {
+), Gt = {
+  showPassword: /* @__PURE__ */ s(Vt, {}),
+  hidePassword: /* @__PURE__ */ s(jt, {})
+}, Qt = {
   title: "Sign In",
   usernameLabel: "Email or Phone",
   usernamePlaceholder: "Enter your email or phone number",
@@ -2373,7 +2396,7 @@ const Wt = () => /* @__PURE__ */ d(
   magicLinkLink: "Use Magic Link",
   errorMessage: "Invalid credentials",
   loadingText: "Signing in..."
-}, Qt = {
+}, Kt = {
   container: {
     maxWidth: "400px",
     width: "100%",
@@ -2480,7 +2503,7 @@ const Wt = () => /* @__PURE__ */ d(
     fontSize: "0.875rem"
   }
 };
-function zr({
+function _r({
   copy: n = {},
   styles: e = {},
   icons: t = {},
@@ -2494,7 +2517,7 @@ function zr({
   showMagicLinkOption: c = !0,
   className: I
 }) {
-  const [p, x] = T(""), [R, F] = T(""), [E, A] = T(!1), [u, k] = T(!1), [m, M] = T(""), [L, D] = T({}), { login: P } = de(), { tenant: U } = me(), l = { ...Gt, ...n }, N = { ...Qt, ...e }, $ = { ...jt, ...t }, h = () => {
+  const [p, x] = T(""), [R, F] = T(""), [E, A] = T(!1), [u, k] = T(!1), [m, M] = T(""), [L, D] = T({}), { login: P } = ue(), { tenant: U } = me(), l = { ...Qt, ...n }, N = { ...Kt, ...e }, $ = { ...Gt, ...t }, h = () => {
     const y = {};
     return p.trim() || (y.username = !0), R.trim() || (y.password = !0), D(y), Object.keys(y).length === 0;
   }, C = async (y) => {
@@ -2731,7 +2754,7 @@ const Zt = {
     fontSize: "0.875rem"
   }
 };
-function _r({
+function Wr({
   copy: n = {},
   styles: e = {},
   signupType: t = "user",
@@ -2743,7 +2766,7 @@ function _r({
   showMagicLinkOption: g = !0,
   className: w
 }) {
-  const [c, I] = T(""), [p, x] = T(""), [R, F] = T(""), [E, A] = T(""), [u, k] = T(""), [m, M] = T(""), [L, D] = T(""), [P, U] = T(!1), [l, N] = T(""), [$, h] = T({}), { signup: C, signupTenantAdmin: S } = de(), { tenant: b } = me(), y = { ...Zt, ...n }, v = { ...Jt, ...e }, j = () => {
+  const [c, I] = T(""), [p, x] = T(""), [R, F] = T(""), [E, A] = T(""), [u, k] = T(""), [m, M] = T(""), [L, D] = T(""), [P, U] = T(!1), [l, N] = T(""), [$, h] = T({}), { signup: C, signupTenantAdmin: S } = ue(), { tenant: b } = me(), y = { ...Zt, ...n }, v = { ...Jt, ...e }, j = () => {
     const B = {};
     return c.trim() || (B.name = !0), !R.trim() && !E.trim() && (B.email = !0, B.phoneNumber = !0), u.trim() || (B.password = !0), m.trim() || (B.confirmPassword = !0), t === "tenant" && !L.trim() && (B.tenantName = !0), h(B), Object.keys(B).length === 0;
   }, Q = async (B) => {
@@ -2950,7 +2973,7 @@ function _r({
     ] })
   ] });
 }
-const Kt = {
+const Yt = {
   title: "Sign In with Magic Link",
   emailLabel: "Email",
   emailPlaceholder: "Enter your email",
@@ -2968,7 +2991,7 @@ const Kt = {
   loadingText: "Sending magic link...",
   verifyingText: "Verifying magic link...",
   description: "Enter your email to receive a magic link. If you don't have an account, we'll create one for you."
-}, Yt = {
+}, Xt = {
   container: {
     maxWidth: "400px",
     width: "100%",
@@ -3071,7 +3094,7 @@ const Kt = {
     fontSize: "0.875rem"
   }
 };
-function Wr({
+function Vr({
   copy: n = {},
   styles: e = {},
   onSuccess: t,
@@ -3083,7 +3106,7 @@ function Wr({
   verifyToken: g,
   frontendUrl: w
 }) {
-  const [c, I] = T(""), [p, x] = T(""), [R, F] = T(""), [E, A] = T(!1), [u, k] = T(!1), [m, M] = T(""), [L, D] = T(""), [P, U] = T({}), [l, N] = T(!1), { sendMagicLink: $, verifyMagicLink: h } = de(), { tenant: C } = me(), S = { ...Kt, ...n }, b = { ...Yt, ...e };
+  const [c, I] = T(""), [p, x] = T(""), [R, F] = T(""), [E, A] = T(!1), [u, k] = T(!1), [m, M] = T(""), [L, D] = T(""), [P, U] = T({}), [l, N] = T(!1), { sendMagicLink: $, verifyMagicLink: h } = ue(), { tenant: C } = me(), S = { ...Yt, ...n }, b = { ...Xt, ...e };
   ee(() => {
     g && y(g);
   }, [g]);
@@ -3258,7 +3281,7 @@ function Wr({
     ] })
   ] });
 }
-const Xt = {
+const er = {
   title: "Verifying Magic Link",
   verifyingMessage: "Please wait while we verify your magic link...",
   successMessage: "Magic link verified successfully! You are now logged in.",
@@ -3266,7 +3289,7 @@ const Xt = {
   redirectingMessage: "Redirecting you to the dashboard...",
   retryButton: "Try Again",
   backToLoginButton: "Back to Login"
-}, Xe = {
+}, et = {
   container: {
     maxWidth: "400px",
     width: "100%",
@@ -3353,7 +3376,7 @@ const Xt = {
     cursor: "pointer",
     transition: "all 0.15s ease-in-out"
   }
-}, er = () => /* @__PURE__ */ s("div", { style: Xe.spinner }), tr = () => /* @__PURE__ */ d(
+}, tr = () => /* @__PURE__ */ s("div", { style: et.spinner }), rr = () => /* @__PURE__ */ d(
   "svg",
   {
     width: "48",
@@ -3370,7 +3393,7 @@ const Xt = {
       /* @__PURE__ */ s("polyline", { points: "22,4 12,14.01 9,11.01" })
     ]
   }
-), rr = () => /* @__PURE__ */ d(
+), nr = () => /* @__PURE__ */ d(
   "svg",
   {
     width: "48",
@@ -3388,12 +3411,12 @@ const Xt = {
       /* @__PURE__ */ s("line", { x1: "9", y1: "9", x2: "15", y2: "15" })
     ]
   }
-), nr = {
-  loading: /* @__PURE__ */ s(er, {}),
-  success: /* @__PURE__ */ s(tr, {}),
-  error: /* @__PURE__ */ s(rr, {})
+), sr = {
+  loading: /* @__PURE__ */ s(tr, {}),
+  success: /* @__PURE__ */ s(rr, {}),
+  error: /* @__PURE__ */ s(nr, {})
 };
-function Vr({
+function jr({
   copy: n = {},
   styles: e = {},
   icons: t = {},
@@ -3408,7 +3431,7 @@ function Vr({
   tenantSlug: I,
   autoRedirectDelay: p = 3e3
 }) {
-  const [x, R] = T("verifying"), [F, E] = T(""), { verifyMagicLink: A } = de(), u = { ...Xt, ...n }, k = { ...Xe, ...e }, m = { ...nr, ...t }, M = () => {
+  const [x, R] = T("verifying"), [F, E] = T(""), { verifyMagicLink: A } = ue(), u = { ...er, ...n }, k = { ...et, ...e }, m = { ...sr, ...t }, M = () => {
     if (typeof window > "u") return {};
     const l = new URLSearchParams(window.location.search);
     return {
@@ -3510,7 +3533,7 @@ function Vr({
     U()
   ] });
 }
-const sr = {
+const ir = {
   title: "Reset Password",
   subtitle: "Enter your email address and we'll send you a link to reset your password.",
   emailLabel: "Email",
@@ -3532,7 +3555,7 @@ const sr = {
   resetLoadingText: "Resetting...",
   resetSuccessMessage: "Password reset successfully!",
   passwordMismatchError: "Passwords do not match"
-}, ir = {
+}, or = {
   container: {
     maxWidth: "400px",
     margin: "0 auto",
@@ -3624,7 +3647,7 @@ const sr = {
     cursor: "pointer"
   }
 };
-function jr({
+function Gr({
   copy: n = {},
   styles: e = {},
   mode: t = "request",
@@ -3635,7 +3658,7 @@ function jr({
   onModeChange: f,
   className: g
 }) {
-  const [w, c] = T(""), [I, p] = T(r), [x, R] = T(""), [F, E] = T(""), [A, u] = T(!1), [k, m] = T(""), [M, L] = T(""), [D, P] = T({}), { requestPasswordReset: U, confirmPasswordReset: l } = de(), { tenant: N } = me(), $ = { ...sr, ...n }, h = { ...ir, ...e }, C = () => {
+  const [w, c] = T(""), [I, p] = T(r), [x, R] = T(""), [F, E] = T(""), [A, u] = T(!1), [k, m] = T(""), [M, L] = T(""), [D, P] = T({}), { requestPasswordReset: U, confirmPasswordReset: l } = ue(), { tenant: N } = me(), $ = { ...ir, ...n }, h = { ...or, ...e }, C = () => {
     const O = {};
     return w.trim() || (O.email = !0), P(O), Object.keys(O).length === 0;
   }, S = () => {
@@ -3803,7 +3826,7 @@ function jr({
     ] })
   ] });
 }
-const or = () => /* @__PURE__ */ s(
+const ar = () => /* @__PURE__ */ s(
   "div",
   {
     style: {
@@ -3815,7 +3838,7 @@ const or = () => /* @__PURE__ */ s(
     },
     children: /* @__PURE__ */ s("div", { children: "Loading..." })
   }
-), ar = ({ error: n, retry: e }) => /* @__PURE__ */ d(
+), lr = ({ error: n, retry: e }) => /* @__PURE__ */ d(
   "div",
   {
     style: {
@@ -3849,26 +3872,26 @@ const or = () => /* @__PURE__ */ s(
     ]
   }
 );
-function Gr({
+function Qr({
   children: n,
   loadingFallback: e,
   errorFallback: t,
   requireTenant: r = !0
 }) {
-  const { isAppLoading: i, appError: o, retryApp: a } = Se(), f = ke(), g = Ne(), w = Je(), c = Ke(), I = (f == null ? void 0 : f.isTenantLoading) ?? !1, p = (f == null ? void 0 : f.tenantError) ?? null, x = (f == null ? void 0 : f.tenantSlug) ?? null, R = (f == null ? void 0 : f.retryTenant) ?? (() => {
+  const { isAppLoading: i, appError: o, retryApp: a } = ve(), f = xe(), g = Ce(), w = Je(), c = Ye(), I = (f == null ? void 0 : f.isTenantLoading) ?? !1, p = (f == null ? void 0 : f.tenantError) ?? null, x = (f == null ? void 0 : f.tenantSlug) ?? null, R = (f == null ? void 0 : f.retryTenant) ?? (() => {
   }), F = (g == null ? void 0 : g.isAuthReady) ?? !0, E = (w == null ? void 0 : w.isReady) ?? !0, A = (c == null ? void 0 : c.isReady) ?? !0, u = r && f && x, L = i || u && I || g && !F || w && !E || c && !A, D = o || (u ? p : null), P = () => {
     o && a(), p && f && R();
   };
   if (L)
-    return /* @__PURE__ */ s(_, { children: e || /* @__PURE__ */ s(or, {}) });
+    return /* @__PURE__ */ s(_, { children: e || /* @__PURE__ */ s(ar, {}) });
   if (D) {
-    const U = typeof t == "function" ? t(D, P) : t || /* @__PURE__ */ s(ar, { error: D, retry: P });
+    const U = typeof t == "function" ? t(D, P) : t || /* @__PURE__ */ s(lr, { error: D, retry: P });
     return /* @__PURE__ */ s(_, { children: U });
   }
   return /* @__PURE__ */ s(_, { children: n });
 }
-function Qr(n = !0) {
-  const { isAppLoading: e, appError: t, retryApp: r, appInfo: i } = Se(), o = ke(), a = Ne(), f = Je(), g = Ke(), w = (o == null ? void 0 : o.isTenantLoading) ?? !1, c = (o == null ? void 0 : o.tenantError) ?? null, I = (o == null ? void 0 : o.tenant) ?? null, p = (o == null ? void 0 : o.tenantSlug) ?? null, x = (o == null ? void 0 : o.retryTenant) ?? (() => {
+function Kr(n = !0) {
+  const { isAppLoading: e, appError: t, retryApp: r, appInfo: i } = ve(), o = xe(), a = Ce(), f = Je(), g = Ye(), w = (o == null ? void 0 : o.isTenantLoading) ?? !1, c = (o == null ? void 0 : o.tenantError) ?? null, I = (o == null ? void 0 : o.tenant) ?? null, p = (o == null ? void 0 : o.tenantSlug) ?? null, x = (o == null ? void 0 : o.retryTenant) ?? (() => {
   }), R = (a == null ? void 0 : a.isAuthReady) ?? !0, F = (f == null ? void 0 : f.isReady) ?? !0, E = (g == null ? void 0 : g.isReady) ?? !0, A = n && o && p, M = e || A && w || a && !R || f && !F || g && !E, L = t || (A ? c : null);
   return {
     isLoading: M,
@@ -3898,7 +3921,7 @@ function Zr({
   showCurrentTenant: w = !0
 }) {
   var k;
-  const c = Ne(), [I, p] = T(!1), x = Qe(null), R = n ?? (c == null ? void 0 : c.userTenants) ?? [], F = e ?? ((k = c == null ? void 0 : c.currentUser) == null ? void 0 : k.tenantId) ?? null, E = async (m) => {
+  const c = Ce(), [I, p] = T(!1), x = Ke(null), R = n ?? (c == null ? void 0 : c.userTenants) ?? [], F = e ?? ((k = c == null ? void 0 : c.currentUser) == null ? void 0 : k.tenantId) ?? null, E = async (m) => {
     p(!1), t ? t(m) : c != null && c.switchToTenant && await c.switchToTenant(m);
   };
   ee(() => {
@@ -4049,7 +4072,7 @@ class Jr {
     };
   }
 }
-class Kr {
+class Yr {
   constructor(e, t) {
     this.httpService = e, this.sessionManager = t;
   }
@@ -4100,7 +4123,7 @@ class Kr {
     });
   }
 }
-class Yr {
+class Xr {
   constructor(e) {
     this.httpService = e;
   }
@@ -4109,7 +4132,7 @@ class Yr {
     return await this.httpService.get("/health");
   }
 }
-class Xr {
+class en {
   // Date string to Date object
   static toDate(e) {
     return new Date(e);
@@ -4231,20 +4254,20 @@ class Xr {
     }), t;
   }
 }
-const et = "returnTo", Ee = "zone_return_to", Me = "zone_return_to";
-function en(n = {}) {
+const tt = "returnTo", Me = "zone_return_to", Le = "zone_return_to";
+function tn(n = {}) {
   const {
     zoneRoots: e = {},
-    returnToParam: t = et,
+    returnToParam: t = tt,
     returnToStorage: r = "url"
-  } = n, i = ft(), [o, a] = gt(), { isAuthenticated: f, currentUser: g } = de(), { tenant: w } = ge(), c = J(() => ({ ...$e, ...e }), [e]), I = !!w, p = g == null ? void 0 : g.userType, x = J(() => {
+  } = n, i = gt(), [o, a] = mt(), { isAuthenticated: f, currentUser: g } = ue(), { tenant: w } = ge(), c = Z(() => ({ ...He, ...e }), [e]), I = !!w, p = g == null ? void 0 : g.userType, x = Z(() => {
     switch (r) {
       case "url":
         return o.get(t);
       case "session":
-        return sessionStorage.getItem(Ee);
+        return sessionStorage.getItem(Me);
       case "local":
-        return localStorage.getItem(Me);
+        return localStorage.getItem(Le);
       default:
         return null;
     }
@@ -4256,10 +4279,10 @@ function en(n = {}) {
         break;
       }
       case "session":
-        sessionStorage.removeItem(Ee);
+        sessionStorage.removeItem(Me);
         break;
       case "local":
-        localStorage.removeItem(Me);
+        localStorage.removeItem(Le);
         break;
     }
   }, [r, o, t, a]), F = se(
@@ -4271,10 +4294,10 @@ function en(n = {}) {
           break;
         }
         case "session":
-          sessionStorage.setItem(Ee, u);
+          sessionStorage.setItem(Me, u);
           break;
         case "local":
-          localStorage.setItem(Me, u);
+          localStorage.setItem(Le, u);
           break;
       }
     },
@@ -4285,7 +4308,7 @@ function en(n = {}) {
       i(k);
     },
     [i, c]
-  ), A = se(() => I ? f ? p === oe.TENANT_ADMIN ? c.tenantAdmin : c.tenantUser : c.tenantGuest : f ? p === oe.TENANT_ADMIN ? c.publicAdmin : c.publicUser : c.publicGuest, [I, f, p, c]);
+  ), A = se(() => I ? f ? p === ae.TENANT_ADMIN ? c.tenantAdmin : c.tenantUser : c.tenantGuest : f ? p === ae.TENANT_ADMIN ? c.publicAdmin : c.publicUser : c.publicGuest, [I, f, p, c]);
   return {
     returnToUrl: x,
     clearReturnTo: R,
@@ -4294,76 +4317,76 @@ function en(n = {}) {
     getSmartRedirect: A
   };
 }
-function tn(n, e, t = et, r = "url") {
+function rn(n, e, t = tt, r = "url") {
   if (!e || r !== "url")
     return n;
   const i = new URL(n, window.location.origin);
   return i.searchParams.set(t, e), i.pathname + i.search;
 }
 export {
-  Nr as AdminZone,
-  Xr as ApiMappers,
-  Oe as AppApiService,
-  Gr as AppLoader,
-  mr as AppProvider,
-  wt as AuthApiService,
-  vr as AuthProvider,
-  Fr as AuthenticatedZone,
-  Ye as DEFAULT_ZONE_PRESETS,
-  $e as DEFAULT_ZONE_ROOTS,
-  Or as FeatureFlag,
-  Rt as FeatureFlagApiService,
-  Tr as FeatureFlagProvider,
-  Dr as GuestZone,
-  Yr as HealthApiService,
-  le as HttpService,
-  Er as LandingRoute,
-  zr as LoginForm,
-  Wr as MagicLinkForm,
-  Vr as MagicLinkVerify,
-  Ur as OpenZone,
-  jr as PasswordRecoveryForm,
+  Cr as AdminZone,
+  en as ApiMappers,
+  ze as AppApiService,
+  Qr as AppLoader,
+  yr as AppProvider,
+  bt as AuthApiService,
+  Tr as AuthProvider,
+  Dr as AuthenticatedZone,
+  Xe as DEFAULT_ZONE_PRESETS,
+  He as DEFAULT_ZONE_ROOTS,
+  zr as FeatureFlag,
+  It as FeatureFlagApiService,
+  kr as FeatureFlagProvider,
+  Nr as GuestZone,
+  Xr as HealthApiService,
+  ce as HttpService,
+  Mr as LandingRoute,
+  _r as LoginForm,
+  Vr as MagicLinkForm,
+  jr as MagicLinkVerify,
+  $r as OpenZone,
+  Gr as PasswordRecoveryForm,
   Jr as PermissionApiService,
-  Pr as Protected,
-  Rr as ProtectedRoute,
-  Lr as PublicZone,
-  ze as RoleApiService,
-  xr as RoutingProvider,
+  Rr as Protected,
+  Ir as ProtectedRoute,
+  Fr as PublicZone,
+  _e as RoleApiService,
+  Ar as RoutingProvider,
   ie as SessionExpiredError,
-  pe as SessionManager,
-  _r as SignupForm,
-  Et as SubscriptionApiService,
-  qr as SubscriptionGuard,
-  Kr as SubscriptionPlanApiService,
-  kr as SubscriptionProvider,
-  we as TenantApiService,
-  $r as TenantAuthenticatedZone,
-  Br as TenantGuestZone,
-  Hr as TenantOpenZone,
-  wr as TenantProvider,
-  Ir as TenantRoute,
+  we as SessionManager,
+  Wr as SignupForm,
+  Mt as SubscriptionApiService,
+  Or as SubscriptionGuard,
+  Yr as SubscriptionPlanApiService,
+  xr as SubscriptionProvider,
+  be as TenantApiService,
+  Hr as TenantAuthenticatedZone,
+  qr as TenantGuestZone,
+  Br as TenantOpenZone,
+  br as TenantProvider,
+  Er as TenantRoute,
   Zr as TenantSelector,
-  Mr as TenantZone,
-  yt as TokenRefreshError,
-  mt as TokenRefreshTimeoutError,
-  bt as UserApiService,
-  oe as UserType,
-  Cr as UserZone,
-  ce as ZoneRoute,
-  tn as buildRedirectUrl,
-  yr as useApi,
-  Se as useApp,
-  Qr as useAppLoaderState,
-  de as useAuth,
-  It as useFeatureFlags,
-  Ar as useRouting,
-  Lt as useRoutingOptional,
-  Sr as useSettings,
-  Mt as useSubscription,
+  Lr as TenantZone,
+  wt as TokenRefreshError,
+  yt as TokenRefreshTimeoutError,
+  St as UserApiService,
+  ae as UserType,
+  Ur as UserZone,
+  de as ZoneRoute,
+  rn as buildRedirectUrl,
+  wr as useApi,
+  ve as useApp,
+  Kr as useAppLoaderState,
+  ue as useAuth,
+  Et as useFeatureFlags,
+  Pr as useRouting,
+  Ft as useRoutingOptional,
+  vr as useSettings,
+  Lt as useSubscription,
   ge as useTenant,
   me as useTenantInfo,
-  ke as useTenantOptional,
-  br as useTenantSettings,
-  en as useZoneNavigation
+  xe as useTenantOptional,
+  Sr as useTenantSettings,
+  tn as useZoneNavigation
 };
 //# sourceMappingURL=index.es.js.map