npm - @skylabs-digital/react-identity-access - Versions diffs - 3.0.0 → 3.1.0 - Mend

@skylabs-digital/react-identity-access 3.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/README.md +439 -352
package/dist/errors/SessionErrors.d.ts +10 -0
package/dist/errors/SessionErrors.d.ts.map +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.es.js +1043 -899
package/dist/index.es.js.map +1 -1
package/dist/index.js +2 -2
package/dist/index.js.map +1 -1
package/dist/services/AuthApiService.d.ts +1 -0
package/dist/services/AuthApiService.d.ts.map +1 -1
package/dist/services/SessionManager.d.ts +10 -3
package/dist/services/SessionManager.d.ts.map +1 -1
package/dist/utils/configValidation.d.ts +39 -0
package/dist/utils/configValidation.d.ts.map +1 -0
package/dist/utils/jwt.d.ts +25 -0
package/dist/utils/jwt.d.ts.map +1 -0
package/package.json +15 -16

package/dist/index.es.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { jsx as s, Fragment as B, jsxs as f } from "react/jsx-runtime";
-import fe, { createContext as pe, useState as N, useRef as ke, useCallback as re, useMemo as q, useEffect as ne, useContext as se } from "react";
-import { useLocation as Se, Navigate as ge, useNavigate as pt, useSearchParams as ft } from "react-router-dom";
-class de {
+import me, { createContext as fe, useState as N, useRef as Ee, useCallback as te, useMemo as V, useEffect as re, useContext as ne } from "react";
+import { useLocation as xe, Navigate as be, useNavigate as wt, useSearchParams as vt } from "react-router-dom";
+class he {
   constructor(e, t = 1e4) {
     this.baseUrl = e.replace(/\/$/, ""), this.timeout = t;
   }
@@ -21,7 +21,7 @@ class de {
       const c = await this.sessionManager.getValidAccessToken();
       d = { ...d, Authorization: `Bearer ${c}` };
     }
-    const T = new AbortController(), P = setTimeout(() => T.abort(), l);
+    const T = new AbortController(), R = setTimeout(() => T.abort(), l);
     try {
       const c = await fetch(a, {
         method: e,
@@ -29,12 +29,12 @@ class de {
         body: n ? JSON.stringify(n) : void 0,
         signal: T.signal
       });
-      if (clearTimeout(P), !c.ok)
+      if (clearTimeout(R), !c.ok)
         throw new Error(`HTTP ${c.status}: ${c.statusText}`);
-      const k = c.headers.get("content-type");
-      return !k || !k.includes("application/json") ? {} : await c.json();
+      const S = c.headers.get("content-type");
+      return !S || !S.includes("application/json") ? {} : await c.json();
     } catch (c) {
-      throw clearTimeout(P), c instanceof Error && c.name === "AbortError" ? new Error(`Request timeout after ${l}ms`) : c;
+      throw clearTimeout(R), c instanceof Error && c.name === "AbortError" ? new Error(`Request timeout after ${l}ms`) : c;
     }
   }
   async get(e, t) {
@@ -50,7 +50,7 @@ class de {
     return this.executeRequest("DELETE", e, void 0, t);
   }
 }
-function le(r) {
+function ce(r) {
   if (!r) return "";
   const e = new URLSearchParams();
   for (const [n, i] of Object.entries(r))
@@ -58,7 +58,7 @@ function le(r) {
   const t = e.toString();
   return t ? `?${t}` : "";
 }
-class Ge {
+class Je {
   constructor(e) {
     this.httpService = e;
   }
@@ -67,7 +67,7 @@ class Ge {
   }
   async getApps(e) {
     const t = await this.httpService.get(
-      `/apps/${le(e)}`
+      `/apps/${ce(e)}`
     );
     return { apps: t.data, meta: t.meta };
   }
@@ -98,27 +98,27 @@ class Ge {
     return (await this.httpService.get(`/apps/${e}/export-config`)).data;
   }
 }
-const De = pe(null), mt = 5 * 60 * 1e3;
-function lr({ config: r, children: e }) {
-  var S, m, g;
-  const { appId: t, baseUrl: n } = r, i = ((S = r.cache) == null ? void 0 : S.enabled) ?? !0, a = ((m = r.cache) == null ? void 0 : m.ttl) ?? mt, l = ((g = r.cache) == null ? void 0 : g.storageKey) ?? `app_cache_${t}`, [d, T] = N(() => {
+const $e = fe(null), Tt = 5 * 60 * 1e3;
+function Sr({ config: r, children: e }) {
+  var k, m, g;
+  const { appId: t, baseUrl: n } = r, i = ((k = r.cache) == null ? void 0 : k.enabled) ?? !0, a = ((m = r.cache) == null ? void 0 : m.ttl) ?? Tt, l = ((g = r.cache) == null ? void 0 : g.storageKey) ?? `app_cache_${t}`, [d, T] = N(() => {
     if (!i) return null;
     try {
       const b = localStorage.getItem(l);
       if (!b) return null;
-      const D = JSON.parse(b);
-      return Date.now() - D.timestamp < a && D.appId === t ? D.data : (localStorage.removeItem(l), null);
+      const C = JSON.parse(b);
+      return Date.now() - C.timestamp < a && C.appId === t ? C.data : (localStorage.removeItem(l), null);
     } catch {
       return null;
     }
-  }), [P, c] = N(!d), [k, h] = N(null), E = ke(d);
-  E.current = d;
-  const R = re(
+  }), [R, c] = N(!d), [S, h] = N(null), x = Ee(d);
+  x.current = d;
+  const P = te(
     async (b = !1) => {
-      if (!(!b && i && E.current))
+      if (!(!b && i && x.current))
         try {
           c(!0), h(null);
-          const o = await new Ge(new de(n)).getPublicAppInfo(t);
+          const o = await new Je(new he(n)).getPublicAppInfo(t);
           if (T(o), i)
             try {
               const p = {
@@ -130,60 +130,60 @@ function lr({ config: r, children: e }) {
             } catch (p) {
               process.env.NODE_ENV === "development" && console.warn("[AppProvider] Failed to cache app info:", p);
             }
-        } catch (D) {
-          const o = D instanceof Error ? D : new Error("Failed to load app information");
+        } catch (C) {
+          const o = C instanceof Error ? C : new Error("Failed to load app information");
           h(o), T(null);
         } finally {
           c(!1);
         }
     },
     [n, t, i, l]
-  ), I = re(async () => {
-    if (!(!i || !E.current))
+  ), I = te(async () => {
+    if (!(!i || !x.current))
       try {
         const b = localStorage.getItem(l);
         if (!b) return;
-        const D = JSON.parse(b);
-        if (Date.now() - D.timestamp <= a * 0.5) return;
-        const p = await new Ge(new de(n)).getPublicAppInfo(t);
+        const C = JSON.parse(b);
+        if (Date.now() - C.timestamp <= a * 0.5) return;
+        const p = await new Je(new he(n)).getPublicAppInfo(t);
         T(p);
-        const x = {
+        const E = {
           data: p,
           timestamp: Date.now(),
           appId: t
         };
-        localStorage.setItem(l, JSON.stringify(x));
+        localStorage.setItem(l, JSON.stringify(E));
       } catch (b) {
         process.env.NODE_ENV === "development" && console.warn("[AppProvider] Background app refresh failed:", b);
       }
-  }, [n, t, i, a, l]), A = q(
+  }, [n, t, i, a, l]), A = V(
     () => ({
       appId: t,
       baseUrl: n,
       appInfo: d,
-      isAppLoading: P,
-      appError: k,
+      isAppLoading: R,
+      appError: S,
       retryApp: () => {
-        R(!0);
+        P(!0);
       }
     }),
-    [t, n, d, P, k, R]
+    [t, n, d, R, S, P]
   );
-  return ne(() => {
-    E.current ? I() : R();
-  }, []), /* @__PURE__ */ s(De.Provider, { value: A, children: e });
+  return re(() => {
+    x.current ? I() : P();
+  }, []), /* @__PURE__ */ s($e.Provider, { value: A, children: e });
 }
-function xe() {
-  const r = se(De);
+function Re() {
+  const r = ne($e);
   if (!r)
     throw new Error("useApp must be used within an AppProvider");
   return r;
 }
-function Ce() {
-  return se(De);
+function Ue() {
+  return ne($e);
 }
-const cr = xe;
-class te extends Error {
+const kr = Re;
+class ee extends Error {
   constructor(e, t) {
     const n = {
       token_expired: "Refresh token has expired",
@@ -193,21 +193,111 @@ class te extends Error {
     super(t || n[e]), this.name = "SessionExpiredError", this.reason = e;
   }
 }
-class gt extends Error {
+class St extends Error {
   constructor(e) {
     super(`Token refresh timed out after ${e}ms`), this.name = "TokenRefreshTimeoutError", this.timeoutMs = e;
   }
 }
-class yt extends Error {
+class kt extends Error {
   constructor(e, t) {
     super(
       `Token refresh failed after ${e} attempts: ${(t == null ? void 0 : t.message) || "Unknown error"}`
     ), this.name = "TokenRefreshError", this.attempts = e, this.lastError = t;
   }
 }
-const K = class K {
+class oe extends Error {
+  constructor(e, t, n) {
+    super(`Invalid configuration "${e}": ${n} (received: ${Et(t)})`), this.name = "ConfigurationError", this.field = e, this.received = t;
+  }
+}
+function Et(r) {
+  if (r === void 0) return "undefined";
+  try {
+    const e = JSON.stringify(r);
+    return e === void 0 ? typeof r : e.length > 50 ? `${e.slice(0, 47)}...` : e;
+  } catch {
+    return typeof r;
+  }
+}
+function Ze(r) {
+  return JSON.parse(atob(r.replace(/-/g, "+").replace(/_/g, "/")));
+}
+function Ae(r) {
+  const e = r.split(".");
+  if (e.length !== 3) return null;
+  try {
+    return { header: Ze(e[0]), payload: Ze(e[1]) };
+  } catch {
+    return null;
+  }
+}
+function Ke(r) {
+  const e = Ae(r), t = e == null ? void 0 : e.payload.exp;
+  return typeof t == "number" ? t * 1e3 : void 0;
+}
+function xt(r, e) {
+  var n;
+  const t = (n = Ae(r)) == null ? void 0 : n.payload[e];
+  return typeof t == "string" ? t : void 0;
+}
+const Rt = /^(javascript|data|vbscript|file):/i, At = /^https?:\/\//i;
+function Pt(r, e = "baseUrl") {
+  if (!(r == null || r === "")) {
+    if (typeof r != "string")
+      throw new oe(e, r, "must be a string");
+    if (Rt.test(r))
+      throw new oe(e, r, "dangerous URL scheme is not allowed");
+    if (!At.test(r))
+      throw new oe(e, r, "must start with http:// or https://");
+  }
+}
+function ge(r, e, t = {}) {
+  if (e === void 0) return;
+  if (typeof e != "number" || !Number.isFinite(e))
+    throw new oe(r, e, "must be a finite number");
+  const { min: n = 0, max: i = Number.MAX_SAFE_INTEGER } = t;
+  if (e < n)
+    throw new oe(r, e, `must be >= ${n}`);
+  if (e > i)
+    throw new oe(r, e, `must be <= ${i}`);
+}
+function Ye(r, e) {
+  if (e !== void 0 && typeof e != "boolean")
+    throw new oe(r, e, "must be a boolean");
+}
+function It(r, e = "accessToken") {
+  if (typeof r != "string" || r.length === 0)
+    throw new oe(e, r, "must be a non-empty string");
+  if (!r.includes(".")) return;
+  const t = r.split(".");
+  if (t.length !== 3)
+    throw new oe(
+      e,
+      `<${t.length}-segment token>`,
+      "JWT must have exactly 3 segments (header.payload.signature)"
+    );
+  if (Ae(r) === null)
+    throw new oe(
+      e,
+      "<malformed JWT>",
+      "JWT header or payload is not valid base64url-encoded JSON"
+    );
+}
+function Lt(r) {
+  if (r !== void 0 && (typeof r != "number" || !Number.isFinite(r) || r <= 0))
+    throw new oe("expiresIn", r, "must be a finite positive number (seconds)");
+}
+function Ft(r) {
+  if (r !== void 0 && (typeof r != "number" || !Number.isFinite(r) || r <= 0))
+    throw new oe(
+      "expiresAt",
+      r,
+      "must be a finite positive timestamp (ms since epoch)"
+    );
+}
+const ie = class ie {
   constructor(e = {}) {
-    this.refreshPromise = null, this.refreshQueue = [], this.proactiveTimerId = null, this.backgroundRetryTimerId = null, this.isDestroyed = !1, this.sessionGeneration = 0, this.consecutiveBackgroundFailures = 0, this.storageKey = e.storageKey || "auth_tokens", this.autoRefresh = e.autoRefresh ?? !0, this.refreshThreshold = e.refreshThreshold || 3e5, this.onRefreshFailed = e.onRefreshFailed, this.onSessionExpired = e.onSessionExpired, this.baseUrl = e.baseUrl || "", this.enableCookieSession = e.enableCookieSession ?? !1, this.proactiveRefreshMargin = e.proactiveRefreshMargin ?? 6e4, this.refreshQueueTimeout = e.refreshQueueTimeout ?? 1e4, this.maxRefreshRetries = e.maxRefreshRetries ?? 3, this.retryBackoffBase = e.retryBackoffBase ?? 1e3, this.tokenStorage = e.tokenStorage || this.createTokenStorage(this.storageKey), this.scheduleProactiveRefresh();
+    this.refreshPromise = null, this.refreshQueue = [], this.proactiveTimerId = null, this.backgroundRetryTimerId = null, this.isDestroyed = !1, this.sessionGeneration = 0, this.consecutiveBackgroundFailures = 0, this.memoryStore = null, this.visibilityListener = null, ie.validateConfig(e), this.storageKey = e.storageKey || "auth_tokens", this.autoRefresh = e.autoRefresh ?? !0, this.refreshThreshold = e.refreshThreshold || 3e5, this.onRefreshFailed = e.onRefreshFailed, this.onSessionExpired = e.onSessionExpired, this.baseUrl = e.baseUrl || "", this.enableCookieSession = e.enableCookieSession ?? !1, this.proactiveRefreshMargin = e.proactiveRefreshMargin ?? 6e4, this.refreshQueueTimeout = e.refreshQueueTimeout ?? 1e4, this.maxRefreshRetries = e.maxRefreshRetries ?? 3, this.retryBackoffBase = e.retryBackoffBase ?? 1e3, this.tokenStorage = e.tokenStorage || this.createTokenStorage(this.storageKey), this.attachVisibilityListener(), this.scheduleProactiveRefresh();
   }
   /**
    * Get or create a SessionManager instance for the given config.
@@ -215,69 +305,95 @@ const K = class K {
    * Mutable config (callbacks, baseUrl) is updated on the existing instance.
    */
   static getInstance(e = {}) {
-    const t = K.resolveStorageKey(e), n = K.instances.get(t);
+    const t = ie.resolveStorageKey(e), n = ie.instances.get(t);
     if (n)
       return n.updateConfig(e), n;
-    const i = new K(e);
-    return K.instances.set(t, i), i;
+    const i = new ie(e);
+    return ie.instances.set(t, i), i;
   }
   /** Reset all singleton instances. For testing only. */
   static resetAllInstances() {
-    for (const e of K.instances.values())
+    for (const e of ie.instances.values())
       e.destroy();
-    K.instances.clear();
+    ie.instances.clear();
   }
   static resolveStorageKey(e) {
     return e.storageKey || "auth_tokens";
   }
+  static validateConfig(e) {
+    Pt(e.baseUrl), Ye("enableCookieSession", e.enableCookieSession), Ye("autoRefresh", e.autoRefresh), ge("refreshThreshold", e.refreshThreshold, { min: 0 }), ge("proactiveRefreshMargin", e.proactiveRefreshMargin, { min: 0 }), ge("refreshQueueTimeout", e.refreshQueueTimeout, { min: 1 }), ge("maxRefreshRetries", e.maxRefreshRetries, { min: 0 }), ge("retryBackoffBase", e.retryBackoffBase, { min: 1 });
+  }
   /** Update mutable config (callbacks, baseUrl) on an existing instance. */
   updateConfig(e) {
     e.onSessionExpired !== void 0 && (this.onSessionExpired = e.onSessionExpired), e.onRefreshFailed !== void 0 && (this.onRefreshFailed = e.onRefreshFailed), e.baseUrl && (this.baseUrl = e.baseUrl), e.enableCookieSession !== void 0 && (this.enableCookieSession = e.enableCookieSession);
   }
-  // --- Storage helpers ---
   createTokenStorage(e) {
-    return {
+    return ie.probeLocalStorage() || this.activateMemoryFallback(), {
       get: () => {
+        const t = this.storageGet(e);
+        if (!t) return null;
         try {
-          const t = localStorage.getItem(e);
-          return t ? JSON.parse(t) : null;
+          return JSON.parse(t);
         } catch {
           return null;
         }
       },
       set: (t) => {
-        try {
-          localStorage.setItem(e, JSON.stringify(t));
-        } catch {
-        }
+        this.storageSet(e, JSON.stringify(t));
       },
       clear: () => {
-        try {
-          localStorage.removeItem(e);
-        } catch {
-        }
+        this.storageRemove(e);
       }
     };
   }
-  // --- Token CRUD ---
-  static decodeJwtPayload(e) {
+  static probeLocalStorage() {
+    if (typeof localStorage > "u") return !1;
     try {
-      const t = e.split(".");
-      return t.length !== 3 ? null : JSON.parse(atob(t[1].replace(/-/g, "+").replace(/_/g, "/")));
+      return localStorage.setItem("__sm_probe__", "1"), localStorage.removeItem("__sm_probe__"), !0;
     } catch {
-      return null;
+      return !1;
     }
   }
-  static extractJwtExpiry(e) {
-    const t = K.decodeJwtPayload(e);
-    return typeof (t == null ? void 0 : t.exp) == "number" ? t.exp * 1e3 : void 0;
+  activateMemoryFallback() {
+    return this.memoryStore || (this.memoryStore = /* @__PURE__ */ new Map(), process.env.NODE_ENV === "development" && console.warn(
+      "[SessionManager] localStorage unavailable — falling back to in-memory session. Cross-tab and reload persistence are lost."
+    )), this.memoryStore;
+  }
+  storageGet(e) {
+    if (this.memoryStore) return this.memoryStore.get(e) ?? null;
+    try {
+      return localStorage.getItem(e);
+    } catch {
+      return this.activateMemoryFallback().get(e) ?? null;
+    }
   }
-  static extractJwtClaim(e, t) {
-    const n = K.decodeJwtPayload(e), i = n == null ? void 0 : n[t];
-    return typeof i == "string" ? i : void 0;
+  storageSet(e, t) {
+    if (this.memoryStore) {
+      this.memoryStore.set(e, t);
+      return;
+    }
+    try {
+      localStorage.setItem(e, t);
+    } catch {
+      this.activateMemoryFallback().set(e, t);
+    }
   }
+  storageRemove(e) {
+    if (this.memoryStore) {
+      this.memoryStore.delete(e);
+      return;
+    }
+    try {
+      localStorage.removeItem(e);
+    } catch {
+    }
+  }
+  // --- Token CRUD ---
   setTokens(e) {
-    const t = e.expiresAt || (e.expiresIn ? Date.now() + e.expiresIn * 1e3 : void 0) || K.extractJwtExpiry(e.accessToken), n = {
+    if (It(e.accessToken, "accessToken"), e.refreshToken !== void 0 && typeof e.refreshToken != "string")
+      throw new oe("refreshToken", e.refreshToken, "must be a string");
+    Lt(e.expiresIn), Ft(e.expiresAt);
+    const t = e.expiresAt || (e.expiresIn ? Date.now() + e.expiresIn * 1e3 : void 0) || Ke(e.accessToken), n = {
       ...e,
       expiresAt: t
     }, i = this.tokenStorage.get() || {};
@@ -287,7 +403,7 @@ const K = class K {
     const { accessToken: e, refreshToken: t, expiresAt: n, expiresIn: i, tokenType: a } = this.tokenStorage.get() || {};
     if (!e)
       return null;
-    const l = n || K.extractJwtExpiry(e);
+    const l = n || Ke(e);
     return {
       accessToken: e,
       refreshToken: t,
@@ -328,6 +444,26 @@ const K = class K {
   cancelProactiveTimer() {
     this.proactiveTimerId !== null && (clearTimeout(this.proactiveTimerId), this.proactiveTimerId = null), this.backgroundRetryTimerId !== null && (clearTimeout(this.backgroundRetryTimerId), this.backgroundRetryTimerId = null);
   }
+  attachVisibilityListener() {
+    if (!this.visibilityListener && !(typeof document > "u" || typeof document.addEventListener != "function")) {
+      this.visibilityListener = () => {
+        document.visibilityState !== "visible" || this.isDestroyed || this.scheduleProactiveRefresh();
+      };
+      try {
+        document.addEventListener("visibilitychange", this.visibilityListener);
+      } catch {
+        this.visibilityListener = null;
+      }
+    }
+  }
+  detachVisibilityListener() {
+    if (this.visibilityListener && typeof document < "u")
+      try {
+        document.removeEventListener("visibilitychange", this.visibilityListener);
+      } catch {
+      }
+    this.visibilityListener = null;
+  }
   backgroundRefresh() {
     if (this.isDestroyed) return;
     const e = this.getTokens();
@@ -336,13 +472,13 @@ const K = class K {
     this.startRefreshAndResolveQueue(e.refreshToken).then(() => {
       this.consecutiveBackgroundFailures = 0;
     }).catch((n) => {
-      if (!(n instanceof te)) {
+      if (!(n instanceof ee)) {
         if (this.sessionGeneration === t) {
-          if (this.consecutiveBackgroundFailures++, this.consecutiveBackgroundFailures >= K.MAX_BACKGROUND_FAILURES) {
+          if (this.consecutiveBackgroundFailures++, this.consecutiveBackgroundFailures >= ie.MAX_BACKGROUND_FAILURES) {
             process.env.NODE_ENV === "development" && console.error(
               `[SessionManager] Background refresh failed ${this.consecutiveBackgroundFailures} consecutive times — expiring session`
             ), this.consecutiveBackgroundFailures = 0, this.handleSessionExpired(
-              new te("token_invalid", "Background refresh failed repeatedly")
+              new ee("token_invalid", "Background refresh failed repeatedly")
             );
             return;
           }
@@ -409,13 +545,13 @@ const K = class K {
   async getValidAccessToken() {
     const e = this.getTokens();
     if (!(e != null && e.accessToken)) {
-      const t = new te("token_invalid", "No tokens available");
+      const t = new ee("token_invalid", "No tokens available");
       throw this.handleSessionExpired(t), t;
     }
     if (!this.shouldRefreshToken(e) && !this.isTokenExpired(e))
       return e.accessToken;
     if (!e.refreshToken) {
-      const t = new te("token_invalid", "No refresh token available");
+      const t = new ee("token_invalid", "No refresh token available");
       throw this.handleSessionExpired(t), t;
     }
     return this.refreshPromise ? this.enqueueForToken() : this.startRefreshAndResolveQueue(e.refreshToken);
@@ -427,14 +563,14 @@ const K = class K {
     try {
       return { Authorization: `Bearer ${await this.getValidAccessToken()}` };
     } catch (e) {
-      return e instanceof te && this.onRefreshFailed && this.onRefreshFailed(), {};
+      return e instanceof ee && this.onRefreshFailed && this.onRefreshFailed(), {};
     }
   }
   enqueueForToken() {
     return new Promise((e, t) => {
       const n = setTimeout(() => {
         const i = this.refreshQueue.findIndex((a) => a.timeoutId === n);
-        i !== -1 && this.refreshQueue.splice(i, 1), t(new gt(this.refreshQueueTimeout));
+        i !== -1 && this.refreshQueue.splice(i, 1), t(new St(this.refreshQueueTimeout));
       }, this.refreshQueueTimeout);
       this.refreshQueue.push({ resolve: e, reject: t, timeoutId: n });
     });
@@ -447,7 +583,7 @@ const K = class K {
       return this.resolveQueue(n), n;
     } catch (t) {
       const n = t instanceof Error ? t : new Error("Token refresh failed");
-      throw n instanceof te ? (this.rejectQueue(n), this.handleSessionExpired(n)) : this.rejectQueue(n), n;
+      throw n instanceof ee ? (this.rejectQueue(n), this.handleSessionExpired(n)) : this.rejectQueue(n), n;
     } finally {
       this.refreshPromise = null;
     }
@@ -470,13 +606,13 @@ const K = class K {
     const n = this.sessionGeneration;
     for (let i = 0; i <= this.maxRefreshRetries; i++) {
       if (this.sessionGeneration !== n)
-        throw new te("token_invalid", "Session cleared during refresh");
+        throw new ee("token_invalid", "Session cleared during refresh");
       try {
         await this.performTokenRefresh(e, n);
         return;
       } catch (a) {
         const l = a instanceof Error ? a : new Error(String(a));
-        if (l instanceof te)
+        if (l instanceof ee)
           throw l;
         if (t = l, i < this.maxRefreshRetries) {
           const d = this.retryBackoffBase * Math.pow(2, i);
@@ -484,7 +620,7 @@ const K = class K {
         }
       }
     }
-    throw new yt(this.maxRefreshRetries + 1, t);
+    throw new kt(this.maxRefreshRetries + 1, t);
   }
   /**
    * Single refresh attempt with error classification.
@@ -503,7 +639,7 @@ const K = class K {
     const n = this.getTokens();
     if (n != null && n.accessToken && !this.isTokenExpired(n) && !this.shouldRefreshToken(n))
       return;
-    const i = (n == null ? void 0 : n.refreshToken) || e, a = `${this.baseUrl}/auth/refresh`, l = K.extractJwtClaim(i, "deviceId"), d = { refreshToken: i };
+    const i = (n == null ? void 0 : n.refreshToken) || e, a = `${this.baseUrl}/auth/refresh`, l = xt(i, "deviceId"), d = { refreshToken: i };
     l && (d.deviceId = l);
     let T;
     try {
@@ -519,20 +655,20 @@ const K = class K {
     if (!T.ok) {
       let c = "";
       try {
-        const k = await T.json();
-        c = (k.message || k.error || "").toLowerCase();
+        const S = await T.json();
+        c = (S.message || S.error || "").toLowerCase();
       } catch {
         c = T.statusText.toLowerCase();
       }
-      throw T.status === 401 ? c.includes("expired") ? new te("token_expired") : c.includes("invalid") ? new te("token_invalid") : new te("token_invalid", `Unauthorized: ${c}`) : T.status === 400 ? c.includes("inactive") ? new te("user_inactive") : c.includes("expired") || c.includes("invalid") ? new te("token_invalid", c) : c.includes("reuse") || c.includes("revoked") ? new te("token_invalid", c) : new Error(`Token refresh failed (400): ${c}`) : new Error(`Token refresh failed: ${T.status} ${c}`);
+      throw T.status === 401 ? c.includes("expired") ? new ee("token_expired") : c.includes("invalid") ? new ee("token_invalid") : new ee("token_invalid", `Unauthorized: ${c}`) : T.status === 400 ? c.includes("inactive") ? new ee("user_inactive") : c.includes("expired") || c.includes("invalid") ? new ee("token_invalid", c) : c.includes("reuse") || c.includes("revoked") ? new ee("token_invalid", c) : new Error(`Token refresh failed (400): ${c}`) : new Error(`Token refresh failed: ${T.status} ${c}`);
     }
     if (this.sessionGeneration !== t)
-      throw new te("token_invalid", "Session cleared during refresh");
-    const P = await T.json();
+      throw new ee("token_invalid", "Session cleared during refresh");
+    const R = await T.json();
     this.setTokens({
-      accessToken: P.accessToken,
-      refreshToken: P.refreshToken || i,
-      expiresIn: P.expiresIn
+      accessToken: R.accessToken,
+      refreshToken: R.refreshToken || i,
+      expiresIn: R.expiresIn
     });
   }
   // --- Session expiry handler ---
@@ -555,7 +691,7 @@ const K = class K {
   // --- Session lifecycle ---
   clearSession() {
     this.sessionGeneration++, this.cancelProactiveTimer(), this.clearTokens();
-    const e = new te("token_invalid", "Session cleared");
+    const e = new ee("token_invalid", "Session cleared");
     this.rejectQueue(e);
   }
   /**
@@ -563,15 +699,15 @@ const K = class K {
    * Cancels all timers and rejects pending queue entries.
    */
   destroy() {
-    this.isDestroyed = !0, K.instances.delete(this.storageKey), this.cancelProactiveTimer();
-    const e = new te("token_invalid", "SessionManager destroyed");
+    this.isDestroyed = !0, ie.instances.delete(this.storageKey), this.cancelProactiveTimer(), this.detachVisibilityListener();
+    const e = new ee("token_invalid", "SessionManager destroyed");
     this.rejectQueue(e);
   }
   // --- JWT helpers ---
   getTokenPayload() {
-    var t;
+    var t, n;
     const e = (t = this.getTokens()) == null ? void 0 : t.accessToken;
-    return e ? K.decodeJwtPayload(e) ?? null : null;
+    return e ? ((n = Ae(e)) == null ? void 0 : n.payload) ?? null : null;
   }
   /**
    * Get userId from token (source of truth) or fallback to stored user
@@ -591,11 +727,11 @@ const K = class K {
     return new Promise((t) => setTimeout(t, e));
   }
 };
-K.instances = /* @__PURE__ */ new Map(), K.MAX_BACKGROUND_FAILURES = 3;
-let Ne = K;
-class bt {
+ie.instances = /* @__PURE__ */ new Map(), ie.MAX_BACKGROUND_FAILURES = 3;
+let Me = ie;
+class Nt {
   constructor(e) {
-    this.httpService = e, this.pendingVerifications = /* @__PURE__ */ new Map();
+    this.httpService = e, this.pendingVerifications = /* @__PURE__ */ new Map(), this.pendingMagicLinks = /* @__PURE__ */ new Map();
   }
   // Public endpoints - no auth required
   async login(e) {
@@ -626,10 +762,17 @@ class bt {
     await this.httpService.post("/auth/password-reset/request", e);
   }
   async sendMagicLink(e) {
-    return await this.httpService.post(
-      "/auth/magic-link/send",
-      e
-    );
+    const t = JSON.stringify([
+      e.email,
+      e.tenantId,
+      e.appId ?? "",
+      e.frontendUrl ?? ""
+    ]), n = this.pendingMagicLinks.get(t);
+    if (n) return n;
+    const i = this.httpService.post("/auth/magic-link/send", e).finally(() => {
+      this.pendingMagicLinks.delete(t);
+    });
+    return this.pendingMagicLinks.set(t, i), i;
   }
   async verifyMagicLink(e) {
     const t = e.token, n = this.pendingVerifications.get(t);
@@ -646,7 +789,7 @@ class bt {
     await this.httpService.post("/auth/change-password", e);
   }
 }
-class wt {
+class Ct {
   constructor(e) {
     this.httpService = e;
   }
@@ -664,7 +807,7 @@ class wt {
   }
   async getRolesByApp(e, t) {
     const n = await this.httpService.get(
-      `/roles/app/${e}${le(t)}`,
+      `/roles/app/${e}${ce(t)}`,
       { skipAuth: !0 }
     );
     return { roles: n.data, meta: n.meta };
@@ -677,12 +820,12 @@ class wt {
   }
   async getUserRoles(e, t) {
     const n = await this.httpService.get(
-      `/roles/user/${e}${le(t)}`
+      `/roles/user/${e}${ce(t)}`
     );
     return { roles: n.data, meta: n.meta };
   }
 }
-class vt {
+class Dt {
   constructor(e) {
     this.httpService = e;
   }
@@ -691,7 +834,7 @@ class vt {
   }
   async getUsers(e) {
     const t = await this.httpService.get(
-      `/users/${le(e)}`
+      `/users/${ce(e)}`
     );
     return { users: t.data, meta: t.meta };
   }
@@ -705,7 +848,7 @@ class vt {
     await this.httpService.delete(`/users/${e}`);
   }
 }
-class me {
+class ye {
   constructor(e, t) {
     this.httpService = e, this.appId = t;
   }
@@ -714,7 +857,7 @@ class me {
   }
   async getTenants(e) {
     const t = await this.httpService.get(
-      `/tenants/${le(e)}`
+      `/tenants/${ce(e)}`
     );
     return { tenants: t.data, meta: t.meta };
   }
@@ -749,7 +892,7 @@ class me {
     )).data;
   }
 }
-function Tt(r, e) {
+function Mt(r, e) {
   if (r === "localhost" || r.startsWith("127.") || r.startsWith("192.168."))
     return null;
   if (e) {
@@ -765,24 +908,24 @@ function Tt(r, e) {
   const n = r.split(".");
   return n.length >= 3 && n[0] !== "www" ? n[0] : null;
 }
-function kt(r, e = "tenant", t) {
+function $t(r, e = "tenant", t) {
   const i = new URLSearchParams(r).get(e);
   return i ? (t && t.setItem("tenant", i), i) : t ? t.getItem("tenant") : null;
 }
-function St(r, e, t) {
+function Ut(r, e, t) {
   const { tenantMode: n, baseDomain: i, selectorParam: a, fixedTenantSlug: l } = r;
-  return n === "fixed" ? l || null : n === "subdomain" ? Tt(e.hostname, i) : n === "selector" ? kt(e.search, a, t) : null;
+  return n === "fixed" ? l || null : n === "subdomain" ? Mt(e.hostname, i) : n === "selector" ? $t(e.search, a, t) : null;
 }
-function xt(r, e, t) {
+function Bt(r, e, t) {
   if (t)
     return `${r}.${t}`;
   const n = e.split(".");
   return n.length === 2 ? `${r}.${e}` : n.length >= 3 ? (n[0] = r, n.join(".")) : null;
 }
-const Ue = pe(null);
-function ur({ config: r, children: e }) {
+const Be = fe(null);
+function Er({ config: r, children: e }) {
   var j, Z, $;
-  const { baseUrl: t, appInfo: n, appId: i } = xe(), a = re(() => typeof window > "u" ? null : St(
+  const { baseUrl: t, appInfo: n, appId: i } = Re(), a = te(() => typeof window > "u" ? null : Ut(
     {
       tenantMode: r.tenantMode || "selector",
       baseDomain: r.baseDomain,
@@ -794,111 +937,111 @@ function ur({ config: r, children: e }) {
       search: window.location.search
     },
     window.localStorage
-  ), [r.tenantMode, r.baseDomain, r.selectorParam, r.fixedTenantSlug]), [l, d] = N(() => a()), T = ((j = r.cache) == null ? void 0 : j.enabled) ?? !0, P = ((Z = r.cache) == null ? void 0 : Z.ttl) ?? 5 * 60 * 1e3, c = (($ = r.cache) == null ? void 0 : $.storageKey) ?? `tenant_cache_${l || "default"}`, k = q(
-    () => ({ enabled: T, ttl: P, storageKey: c }),
-    [T, P, c]
-  ), [h, E] = N(() => {
+  ), [r.tenantMode, r.baseDomain, r.selectorParam, r.fixedTenantSlug]), [l, d] = N(() => a()), T = ((j = r.cache) == null ? void 0 : j.enabled) ?? !0, R = ((Z = r.cache) == null ? void 0 : Z.ttl) ?? 5 * 60 * 1e3, c = (($ = r.cache) == null ? void 0 : $.storageKey) ?? `tenant_cache_${l || "default"}`, S = V(
+    () => ({ enabled: T, ttl: R, storageKey: c }),
+    [T, R, c]
+  ), [h, x] = N(() => {
     if (r.initialTenant) return r.initialTenant;
-    if (!k.enabled || !l) return null;
+    if (!S.enabled || !l) return null;
     try {
-      const M = localStorage.getItem(k.storageKey);
-      if (!M) return null;
-      const F = JSON.parse(M);
-      return Date.now() - F.timestamp < k.ttl && F.tenantSlug === l ? F.data : (localStorage.removeItem(k.storageKey), null);
+      const U = localStorage.getItem(S.storageKey);
+      if (!U) return null;
+      const L = JSON.parse(U);
+      return Date.now() - L.timestamp < S.ttl && L.tenantSlug === l ? L.data : (localStorage.removeItem(S.storageKey), null);
     } catch {
       return null;
     }
-  }), [R, I] = N(!h && !r.initialTenant), [A, S] = N(null), [m, g] = N(null), [b, D] = N(!1), [o, p] = N(null);
-  ne(() => {
+  }), [P, I] = N(!h && !r.initialTenant), [A, k] = N(null), [m, g] = N(null), [b, C] = N(!1), [o, p] = N(null);
+  re(() => {
     if (r.tenantMode === "fixed") return;
-    const M = a();
-    d(M);
+    const U = a();
+    d(U);
   }, [a, r.tenantMode]);
-  const x = (n == null ? void 0 : n.settingsSchema) || null, y = re(
-    async (M, F = !1) => {
-      if (!(!F && k.enabled && h && h.subdomain === M))
+  const E = (n == null ? void 0 : n.settingsSchema) || null, y = te(
+    async (U, L = !1) => {
+      if (!(!L && S.enabled && h && h.subdomain === U))
         try {
-          I(!0), S(null);
-          const V = new de(t), W = await new me(V, i).getPublicTenantInfo(M);
-          if (E(W), k.enabled)
+          I(!0), k(null);
+          const q = new he(t), W = await new ye(q, i).getPublicTenantInfo(U);
+          if (x(W), S.enabled)
             try {
-              const Y = {
+              const K = {
                 data: W,
                 timestamp: Date.now(),
-                tenantSlug: M
+                tenantSlug: U
               };
-              localStorage.setItem(k.storageKey, JSON.stringify(Y));
-            } catch (Y) {
-              process.env.NODE_ENV === "development" && console.warn("[TenantProvider] Failed to cache tenant info:", Y);
+              localStorage.setItem(S.storageKey, JSON.stringify(K));
+            } catch (K) {
+              process.env.NODE_ENV === "development" && console.warn("[TenantProvider] Failed to cache tenant info:", K);
             }
-        } catch (V) {
-          const O = V instanceof Error ? V : new Error("Failed to load tenant information");
-          S(O), E(null);
+        } catch (q) {
+          const _ = q instanceof Error ? q : new Error("Failed to load tenant information");
+          k(_), x(null);
         } finally {
           I(!1);
         }
     },
-    [t, i, k, h]
-  ), u = re(async () => {
-    if (!(!k.enabled || !h || !l))
+    [t, i, S, h]
+  ), u = te(async () => {
+    if (!(!S.enabled || !h || !l))
       try {
-        const M = localStorage.getItem(k.storageKey);
-        if (!M) return;
-        const F = JSON.parse(M);
-        if (Date.now() - F.timestamp > k.ttl * 0.5) {
-          const O = new de(t), Y = await new me(O, i).getPublicTenantInfo(l);
-          E(Y);
-          const X = {
-            data: Y,
+        const U = localStorage.getItem(S.storageKey);
+        if (!U) return;
+        const L = JSON.parse(U);
+        if (Date.now() - L.timestamp > S.ttl * 0.5) {
+          const _ = new he(t), K = await new ye(_, i).getPublicTenantInfo(l);
+          x(K);
+          const Y = {
+            data: K,
             timestamp: Date.now(),
             tenantSlug: l
           };
-          localStorage.setItem(k.storageKey, JSON.stringify(X));
+          localStorage.setItem(S.storageKey, JSON.stringify(Y));
         }
-      } catch (M) {
-        process.env.NODE_ENV === "development" && console.warn("[TenantProvider] Background tenant refresh failed:", M);
+      } catch (U) {
+        process.env.NODE_ENV === "development" && console.warn("[TenantProvider] Background tenant refresh failed:", U);
       }
-  }, [t, i, k, h, l]), v = re(async () => {
+  }, [t, i, S, h, l]), v = te(async () => {
     if (h != null && h.id)
       try {
-        D(!0), p(null);
-        const M = new de(t), V = await new me(M, h.appId).getTenantSettings(h.id);
-        g(V);
-      } catch (M) {
-        const F = M instanceof Error ? M : new Error("Failed to load tenant settings");
-        p(F), g(null);
+        C(!0), p(null);
+        const U = new he(t), q = await new ye(U, h.appId).getTenantSettings(h.id);
+        g(q);
+      } catch (U) {
+        const L = U instanceof Error ? U : new Error("Failed to load tenant settings");
+        p(L), g(null);
       } finally {
-        D(!1);
+        C(!1);
       }
-  }, [t, h]), C = re(() => {
+  }, [t, h]), D = te(() => {
     v();
-  }, [v]), ie = re(
-    (M) => {
-      if (!x)
+  }, [v]), se = te(
+    (U) => {
+      if (!E)
         return { isValid: !0, errors: [] };
-      const F = [];
+      const L = [];
       try {
-        return x.properties && Object.entries(x.properties).forEach(([V, O]) => {
-          var Y;
-          const W = M[V];
-          if ((Y = x.required) != null && Y.includes(V) && W == null) {
-            F.push(`Field '${V}' is required`);
+        return E.properties && Object.entries(E.properties).forEach(([q, _]) => {
+          var K;
+          const W = U[q];
+          if ((K = E.required) != null && K.includes(q) && W == null) {
+            L.push(`Field '${q}' is required`);
             return;
           }
           if (W != null) {
-            if (O.type) {
-              const X = O.type, ae = typeof W;
-              X === "string" && ae !== "string" ? F.push(`Field '${V}' must be a string`) : (X === "number" || X === "integer") && ae !== "number" ? F.push(`Field '${V}' must be a number`) : X === "boolean" && ae !== "boolean" ? F.push(`Field '${V}' must be a boolean`) : X === "array" && !Array.isArray(W) && F.push(`Field '${V}' must be an array`);
+            if (_.type) {
+              const Y = _.type, le = typeof W;
+              Y === "string" && le !== "string" ? L.push(`Field '${q}' must be a string`) : (Y === "number" || Y === "integer") && le !== "number" ? L.push(`Field '${q}' must be a number`) : Y === "boolean" && le !== "boolean" ? L.push(`Field '${q}' must be a boolean`) : Y === "array" && !Array.isArray(W) && L.push(`Field '${q}' must be an array`);
             }
-            O.minLength !== void 0 && typeof W == "string" && W.length < O.minLength && F.push(
-              `Field '${V}' must be at least ${O.minLength} characters long`
-            ), O.maxLength !== void 0 && typeof W == "string" && W.length > O.maxLength && F.push(
-              `Field '${V}' must be no more than ${O.maxLength} characters long`
-            ), O.minimum !== void 0 && typeof W == "number" && W < O.minimum && F.push(`Field '${V}' must be at least ${O.minimum}`), O.maximum !== void 0 && typeof W == "number" && W > O.maximum && F.push(`Field '${V}' must be no more than ${O.maximum}`), O.pattern && typeof W == "string" && (new RegExp(O.pattern).test(W) || F.push(`Field '${V}' does not match the required pattern`)), O.enum && !O.enum.includes(W) && F.push(`Field '${V}' must be one of: ${O.enum.join(", ")}`);
+            _.minLength !== void 0 && typeof W == "string" && W.length < _.minLength && L.push(
+              `Field '${q}' must be at least ${_.minLength} characters long`
+            ), _.maxLength !== void 0 && typeof W == "string" && W.length > _.maxLength && L.push(
+              `Field '${q}' must be no more than ${_.maxLength} characters long`
+            ), _.minimum !== void 0 && typeof W == "number" && W < _.minimum && L.push(`Field '${q}' must be at least ${_.minimum}`), _.maximum !== void 0 && typeof W == "number" && W > _.maximum && L.push(`Field '${q}' must be no more than ${_.maximum}`), _.pattern && typeof W == "string" && (new RegExp(_.pattern).test(W) || L.push(`Field '${q}' does not match the required pattern`)), _.enum && !_.enum.includes(W) && L.push(`Field '${q}' must be one of: ${_.enum.join(", ")}`);
           }
         }), {
-          isValid: F.length === 0,
-          errors: F
+          isValid: L.length === 0,
+          errors: L
         };
       } catch {
         return {
@@ -907,98 +1050,98 @@ function ur({ config: r, children: e }) {
         };
       }
     },
-    [x]
+    [E]
   );
-  ne(() => {
-    !r.initialTenant && l ? h ? u() : y(l) : !r.initialTenant && !l && (E(null), S(null), I(!1));
-  }, [r.initialTenant, l, h, y, u]), ne(() => {
-    h != null && h.id ? v() : (g(null), p(null), D(!1));
+  re(() => {
+    !r.initialTenant && l ? h ? u() : y(l) : !r.initialTenant && !l && (x(null), k(null), I(!1));
+  }, [r.initialTenant, l, h, y, u]), re(() => {
+    h != null && h.id ? v() : (g(null), p(null), C(!1));
   }, [h == null ? void 0 : h.id, v]);
-  const L = re(
-    (M, F) => {
-      const { mode: V = "reload", redirectPath: O } = F || {}, W = r.tenantMode || "selector";
+  const F = te(
+    (U, L) => {
+      const { mode: q = "reload", redirectPath: _ } = L || {}, W = r.tenantMode || "selector";
       if (W === "fixed") {
         process.env.NODE_ENV === "development" && console.warn(
           "[TenantProvider] switchTenant is a no-op in fixed mode. Tenant is always:",
           r.fixedTenantSlug
-        ), O && (window.location.href = O);
+        ), _ && (window.location.href = _);
         return;
       }
-      if (localStorage.setItem("tenant", M), W === "subdomain") {
-        const Y = window.location.hostname, X = xt(
-          M,
-          Y,
+      if (localStorage.setItem("tenant", U), W === "subdomain") {
+        const K = window.location.hostname, Y = Bt(
+          U,
+          K,
           r.baseDomain
         );
-        if (!X) {
+        if (!Y) {
           process.env.NODE_ENV === "development" && console.warn(
             "[TenantProvider] Cannot switch subdomain, invalid hostname:",
-            Y
+            K
           );
           return;
         }
-        const ae = O || window.location.pathname, we = new URL(`${window.location.protocol}//${X}${ae}`);
-        new URLSearchParams(window.location.search).forEach((Re, Ie) => {
-          we.searchParams.set(Ie, Re);
-        }), window.location.href = we.toString();
+        const le = _ || window.location.pathname, Te = new URL(`${window.location.protocol}//${Y}${le}`);
+        new URLSearchParams(window.location.search).forEach((Fe, Ne) => {
+          Te.searchParams.set(Ne, Fe);
+        }), window.location.href = Te.toString();
       } else if (W === "selector") {
-        const Y = O || window.location.pathname, X = new URLSearchParams(window.location.search);
-        if (X.set(r.selectorParam || "tenant", M), V === "reload") {
-          const ae = `${Y}?${X.toString()}${window.location.hash}`;
-          window.location.href = ae;
+        const K = _ || window.location.pathname, Y = new URLSearchParams(window.location.search);
+        if (Y.set(r.selectorParam || "tenant", U), q === "reload") {
+          const le = `${K}?${Y.toString()}${window.location.hash}`;
+          window.location.href = le;
         } else {
-          const ae = `${Y}?${X.toString()}${window.location.hash}`;
-          window.history.pushState({}, "", ae), d(M), y(M);
+          const le = `${K}?${Y.toString()}${window.location.hash}`;
+          window.history.pushState({}, "", le), d(U), y(U);
         }
       }
     },
     [r.tenantMode, r.selectorParam, r.baseDomain, r.fixedTenantSlug, y]
-  ), H = q(() => ({
+  ), H = V(() => ({
     // Tenant info
     tenant: h,
     tenantSlug: l,
-    isTenantLoading: R,
+    isTenantLoading: P,
     tenantError: A,
     retryTenant: () => {
       l && y(l);
     },
     // Settings
     settings: m,
-    settingsSchema: x,
+    settingsSchema: E,
     isSettingsLoading: b,
     settingsError: o,
     // Actions
-    refreshSettings: C,
-    switchTenant: L,
+    refreshSettings: D,
+    switchTenant: F,
     // Validation
-    validateSettings: ie
+    validateSettings: se
   }), [
     h,
     l,
-    R,
+    P,
     A,
     m,
-    x,
+    E,
     b,
     o,
-    C,
-    L,
-    ie
+    D,
+    F,
+    se
   ]);
-  return /* @__PURE__ */ s(Ue.Provider, { value: H, children: e });
+  return /* @__PURE__ */ s(Be.Provider, { value: H, children: e });
 }
-function be() {
-  const r = se(Ue);
+function ve() {
+  const r = ne(Be);
   if (!r)
     throw new Error("useTenant must be used within a TenantProvider");
   return r;
 }
-function he() {
-  return se(Ue);
+function pe() {
+  return ne(Be);
 }
-const dr = be;
-function hr() {
-  const { settings: r, settingsSchema: e, isSettingsLoading: t, settingsError: n, validateSettings: i } = be();
+const xr = ve;
+function Rr() {
+  const { settings: r, settingsSchema: e, isSettingsLoading: t, settingsError: n, validateSettings: i } = ve();
   return {
     settings: r,
     settingsSchema: e,
@@ -1007,8 +1150,8 @@ function hr() {
     validateSettings: i
   };
 }
-function et() {
-  const { tenant: r, tenantSlug: e, isTenantLoading: t, tenantError: n, retryTenant: i } = be();
+function ot() {
+  const { tenant: r, tenantSlug: e, isTenantLoading: t, tenantError: n, retryTenant: i } = ve();
   return {
     tenant: r,
     tenantSlug: e,
@@ -1017,265 +1160,265 @@ function et() {
     retry: i
   };
 }
-const $e = "userTenants";
-function Et() {
+const _e = "userTenants";
+function _t() {
   try {
-    const r = localStorage.getItem($e);
+    const r = localStorage.getItem(_e);
     return r ? JSON.parse(r) : [];
   } catch {
     return [];
   }
 }
-function He(r) {
+function Xe(r) {
   try {
-    localStorage.setItem($e, JSON.stringify(r));
+    localStorage.setItem(_e, JSON.stringify(r));
   } catch {
   }
 }
-function Qe() {
+function et() {
   try {
-    localStorage.removeItem($e);
+    localStorage.removeItem(_e);
   } catch {
   }
 }
-const Ee = pe(null), Pe = pe(null);
-function pr({ config: r = {}, children: e }) {
-  const t = Ce(), n = he(), i = (t == null ? void 0 : t.baseUrl) ?? r.baseUrl ?? "", a = (t == null ? void 0 : t.appId) ?? r.appId, l = (n == null ? void 0 : n.tenant) ?? null, d = (n == null ? void 0 : n.tenantSlug) ?? null, T = (n == null ? void 0 : n.switchTenant) ?? (() => {
+const Pe = fe(null), Ie = fe(null);
+function Ar({ config: r = {}, children: e }) {
+  const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? r.baseUrl ?? "", a = (t == null ? void 0 : t.appId) ?? r.appId, l = (n == null ? void 0 : n.tenant) ?? null, d = (n == null ? void 0 : n.tenantSlug) ?? null, T = (n == null ? void 0 : n.switchTenant) ?? (() => {
   });
   if (!i)
     throw new Error(
       "[AuthProvider] baseUrl is required. Provide it via AppProvider or AuthConfig.baseUrl."
     );
-  const [P, c] = N(r.initialRoles || []), [k, h] = N(!r.initialRoles), [E, R] = N(null), [I, A] = N(!1), [S, m] = N(null), [g, b] = N(() => Et()), D = ke({ done: !1 });
-  D.current.done || (D.current.done = !0);
-  const o = q(() => Ne.getInstance({
+  const [R, c] = N(r.initialRoles || []), [S, h] = N(!r.initialRoles), [x, P] = N(null), [I, A] = N(!1), [k, m] = N(null), [g, b] = N(() => _t()), C = Ee({ done: !1 });
+  C.current.done || (C.current.done = !0);
+  const o = V(() => Me.getInstance({
     baseUrl: i,
     enableCookieSession: r.enableCookieSession,
     refreshQueueTimeout: r.refreshQueueTimeout,
     proactiveRefreshMargin: r.proactiveRefreshMargin,
     onSessionExpired: (w) => {
-      R(null), m(null), b([]), Qe(), r.onSessionExpired ? r.onSessionExpired(w) : r.onRefreshFailed && r.onRefreshFailed();
+      P(null), m(null), b([]), et(), r.onSessionExpired ? r.onSessionExpired(w) : r.onRefreshFailed && r.onRefreshFailed();
     }
   }), [
     i,
     r.enableCookieSession,
     r.refreshQueueTimeout,
     r.proactiveRefreshMargin
-  ]), [p, x] = N(() => {
+  ]), [p, E] = N(() => {
     const w = o.getTokens();
     return w ? o.hasValidSession() || !!w.refreshToken : !!r.enableCookieSession;
-  }), y = D.current.done && !p, u = q(() => {
-    const w = new de(i);
+  }), y = C.current.done && !p, u = V(() => {
+    const w = new he(i);
     return w.setSessionManager(o), w;
-  }, [i, o]), v = q(
-    () => new bt(u),
+  }, [i, o]), v = V(
+    () => new Nt(u),
     [u]
-  ), C = q(
-    () => new vt(u),
+  ), D = V(
+    () => new Dt(u),
     [u]
-  ), ie = q(
-    () => new wt(u),
+  ), se = V(
+    () => new Ct(u),
     [u]
-  ), L = q(() => E != null && E.roleId && P.find((w) => w.id === E.roleId) || null, [E, P]), H = q(() => (L == null ? void 0 : L.permissions) || [], [L]), j = q(
-    () => o.hasValidSession() && E !== null,
-    [o, E]
-  ), Z = q(() => (E == null ? void 0 : E.tenantId) != null, [E]), $ = ke(null), M = async (w = !1) => {
+  ), F = V(() => x != null && x.roleId && R.find((w) => w.id === x.roleId) || null, [x, R]), H = V(() => (F == null ? void 0 : F.permissions) || [], [F]), j = V(
+    () => o.hasValidSession() && x !== null,
+    [o, x]
+  ), Z = V(() => (x == null ? void 0 : x.tenantId) != null, [x]), $ = Ee(null), U = async (w = !1) => {
     try {
-      if (!o.hasValidSession() || !w && E) return;
-      const U = o.getUserId();
-      if (!U) {
+      if (!o.hasValidSession() || !w && x) return;
+      const M = o.getUserId();
+      if (!M) {
         process.env.NODE_ENV === "development" && console.warn("[AuthProvider] No userId available in token or storage");
         return;
       }
       A(!0), m(null);
-      const z = await C.getUserById(U);
-      R(z), o.setUser(z);
-    } catch (U) {
-      const z = U instanceof Error ? U : new Error("Failed to load user data");
+      const z = await D.getUserById(M);
+      P(z), o.setUser(z);
+    } catch (M) {
+      const z = M instanceof Error ? M : new Error("Failed to load user data");
       m(z), process.env.NODE_ENV === "development" && console.error("[AuthProvider] Failed to load user data:", z);
     } finally {
       A(!1);
     }
-  }, F = async (w) => {
-    var je;
-    const { username: U, password: z, tenantSlug: _, redirectPath: Q } = w;
-    let ee = l == null ? void 0 : l.id, J = d;
-    _ && (ee = (await new me(u, a).getPublicTenantInfo(_)).id, J = _);
+  }, L = async (w) => {
+    var He;
+    const { username: M, password: z, tenantSlug: O, redirectPath: Q } = w;
+    let X = l == null ? void 0 : l.id, J = d;
+    O && (X = (await new ye(u, a).getPublicTenantInfo(O)).id, J = O);
     const G = await v.login({
-      username: U,
+      username: M,
       password: z,
       appId: a,
-      tenantId: ee
-    }), ve = _ && _ !== d;
+      tenantId: X
+    }), Se = O && O !== d;
     if (o.setTokens({
       accessToken: G.accessToken,
       refreshToken: G.refreshToken,
       expiresIn: G.expiresIn
     }), G.user) {
-      o.setUser(G.user), R(G.user);
+      o.setUser(G.user), P(G.user);
       try {
-        await M();
-      } catch (Te) {
-        process.env.NODE_ENV === "development" && console.warn("[AuthProvider] Failed to load complete user data after login:", Te);
+        await U();
+      } catch (ke) {
+        process.env.NODE_ENV === "development" && console.warn("[AuthProvider] Failed to load complete user data after login:", ke);
       }
     }
-    G.tenants && G.tenants.length > 0 && (b(G.tenants), He(G.tenants));
-    const ze = ((je = G.user) == null ? void 0 : je.tenantId) !== null;
-    if (ve && J)
+    G.tenants && G.tenants.length > 0 && (b(G.tenants), Xe(G.tenants));
+    const Ge = ((He = G.user) == null ? void 0 : He.tenantId) !== null;
+    if (Se && J)
       return T(J, { redirectPath: Q }), G;
     if (Q && Q !== window.location.pathname)
       return T(J || d || "", { redirectPath: Q }), G;
-    if (!ze && G.tenants && G.tenants.length > 0) {
-      const Te = w.autoSwitch !== !1 && r.autoSwitchSingleTenant !== !1;
-      if (G.tenants.length === 1 && Te) {
-        const We = G.tenants[0];
-        return T(We.subdomain, { redirectPath: Q }), G;
+    if (!Ge && G.tenants && G.tenants.length > 0) {
+      const ke = w.autoSwitch !== !1 && r.autoSwitchSingleTenant !== !1;
+      if (G.tenants.length === 1 && ke) {
+        const Qe = G.tenants[0];
+        return T(Qe.subdomain, { redirectPath: Q }), G;
       } else G.tenants.length > 1 && r.onTenantSelectionRequired && r.onTenantSelectionRequired(G.tenants);
     }
     return G;
-  }, V = async (w) => {
-    const { email: U, phoneNumber: z, name: _, password: Q, lastName: ee, tenantId: J } = w;
-    if (!U && !z)
+  }, q = async (w) => {
+    const { email: M, phoneNumber: z, name: O, password: Q, lastName: X, tenantId: J } = w;
+    if (!M && !z)
       throw new Error("Either email or phoneNumber is required");
-    if (!_ || !Q)
+    if (!O || !Q)
       throw new Error("Name and password are required");
     return v.signup({
-      email: U,
+      email: M,
       phoneNumber: z,
-      name: _,
+      name: O,
       password: Q,
       tenantId: J ?? (l == null ? void 0 : l.id),
-      lastName: ee,
+      lastName: X,
       appId: a
     });
-  }, O = async (w) => {
-    const { email: U, phoneNumber: z, name: _, password: Q, tenantName: ee, lastName: J } = w;
-    if (!U && !z)
+  }, _ = async (w) => {
+    const { email: M, phoneNumber: z, name: O, password: Q, tenantName: X, lastName: J } = w;
+    if (!M && !z)
       throw new Error("Either email or phoneNumber is required");
-    if (!_ || !Q || !ee)
+    if (!O || !Q || !X)
       throw new Error("Name, password, and tenantName are required");
     return v.signupTenantAdmin({
-      email: U,
+      email: M,
       phoneNumber: z,
-      name: _,
+      name: O,
       password: Q,
-      tenantName: ee,
+      tenantName: X,
       appId: a,
       lastName: J
     });
   }, W = async (w) => {
     await v.changePassword(w);
-  }, Y = async (w) => {
-    const { email: U, tenantId: z } = w, _ = z ?? (l == null ? void 0 : l.id);
-    if (!_)
+  }, K = async (w) => {
+    const { email: M, tenantId: z } = w, O = z ?? (l == null ? void 0 : l.id);
+    if (!O)
       throw new Error("tenantId is required for password reset");
-    await v.requestPasswordReset({ email: U, tenantId: _ });
-  }, X = async (w) => {
+    await v.requestPasswordReset({ email: M, tenantId: O });
+  }, Y = async (w) => {
     await v.confirmPasswordReset(w);
-  }, ae = async (w) => {
-    const { email: U, frontendUrl: z, name: _, lastName: Q, tenantId: ee } = w, J = ee ?? (l == null ? void 0 : l.id);
+  }, le = async (w) => {
+    const { email: M, frontendUrl: z, name: O, lastName: Q, tenantId: X } = w, J = X ?? (l == null ? void 0 : l.id);
     if (!J)
       throw new Error("tenantId is required for magic link authentication");
     return v.sendMagicLink({
-      email: U,
+      email: M,
       tenantId: J,
       frontendUrl: z,
-      name: _,
+      name: O,
       lastName: Q,
       appId: a
     });
-  }, we = async (w) => {
-    const { token: U, email: z, tenantSlug: _ } = w;
-    let Q = l == null ? void 0 : l.id, ee = d;
-    _ && (Q = (await new me(u, a).getPublicTenantInfo(_)).id, ee = _);
+  }, Te = async (w) => {
+    const { token: M, email: z, tenantSlug: O } = w;
+    let Q = l == null ? void 0 : l.id, X = d;
+    O && (Q = (await new ye(u, a).getPublicTenantInfo(O)).id, X = O);
     const J = await v.verifyMagicLink({
-      token: U,
+      token: M,
       email: z,
       appId: a,
       tenantId: Q
-    }), G = _ && _ !== d;
+    }), G = O && O !== d;
     if (o.setTokens({
       accessToken: J.accessToken,
       refreshToken: J.refreshToken,
       expiresIn: J.expiresIn
     }), J.user) {
-      o.setUser(J.user), R(J.user);
+      o.setUser(J.user), P(J.user);
       try {
-        await M();
-      } catch (ve) {
-        process.env.NODE_ENV === "development" && console.warn("[AuthProvider] Failed to load complete user data after magic link:", ve);
+        await U();
+      } catch (Se) {
+        process.env.NODE_ENV === "development" && console.warn("[AuthProvider] Failed to load complete user data after magic link:", Se);
       }
     }
-    return G && ee && ee !== d && T(ee), J;
-  }, Ve = async () => {
+    return G && X && X !== d && T(X), J;
+  }, We = async () => {
     const w = o.getTokens();
     if (!(w != null && w.refreshToken))
       throw new Error("No refresh token available");
-    const U = await v.refreshToken({
+    const M = await v.refreshToken({
       refreshToken: w.refreshToken
     });
     o.setTokens({
-      accessToken: U.accessToken,
-      refreshToken: U.refreshToken || w.refreshToken,
-      expiresIn: U.expiresIn
+      accessToken: M.accessToken,
+      refreshToken: M.refreshToken || w.refreshToken,
+      expiresIn: M.expiresIn
     });
-  }, Re = () => {
-    o.clearSession(), R(null), m(null), b([]), Qe();
-  }, Ie = (w) => {
+  }, Fe = () => {
+    o.clearSession(), P(null), m(null), b([]), et();
+  }, Ne = (w) => {
     o.setTokens(w);
-  }, ot = () => o.hasValidSession(), at = () => {
-    o.clearSession(), R(null), m(null);
-  }, lt = async () => {
+  }, ht = () => o.hasValidSession(), pt = () => {
+    o.clearSession(), P(null), m(null);
+  }, ft = async () => {
     if (a)
       try {
         h(!0);
-        const { roles: w } = await ie.getRolesByApp(a);
+        const { roles: w } = await se.getRolesByApp(a);
         c(w);
       } catch (w) {
         process.env.NODE_ENV === "development" && console.error("[AuthProvider] Failed to fetch roles:", w);
       } finally {
         h(!1);
       }
-  }, ct = async (w, U) => {
-    const { redirectPath: z } = U || {}, _ = o.getTokens();
-    if (!(_ != null && _.refreshToken))
+  }, mt = async (w, M) => {
+    const { redirectPath: z } = M || {}, O = o.getTokens();
+    if (!(O != null && O.refreshToken))
       throw new Error("No refresh token available for tenant switch");
     const Q = await v.switchTenant({
-      refreshToken: _.refreshToken,
+      refreshToken: O.refreshToken,
       tenantId: w
     });
     o.setTokens({
       accessToken: Q.accessToken,
-      refreshToken: _.refreshToken,
+      refreshToken: O.refreshToken,
       expiresIn: Q.expiresIn
-    }), R(Q.user), o.setUser(Q.user);
-    const ee = g.find((J) => J.id === w);
-    ee && T(ee.subdomain, { redirectPath: z });
-  }, ut = async () => {
+    }), P(Q.user), o.setUser(Q.user);
+    const X = g.find((J) => J.id === w);
+    X && T(X.subdomain, { redirectPath: z });
+  }, gt = async () => {
     const w = await v.getUserTenants();
-    return b(w), He(w), w;
+    return b(w), Xe(w), w;
   };
   $.current = {
-    login: F,
-    signup: V,
-    signupTenantAdmin: O,
-    sendMagicLink: ae,
-    verifyMagicLink: we,
+    login: L,
+    signup: q,
+    signupTenantAdmin: _,
+    sendMagicLink: le,
+    verifyMagicLink: Te,
     changePassword: W,
-    requestPasswordReset: Y,
-    confirmPasswordReset: X,
-    refreshToken: Ve,
-    logout: Re,
-    setTokens: Ie,
-    hasValidSession: ot,
-    clearSession: at,
-    loadUserData: M,
-    refreshUser: () => M(),
-    refreshRoles: lt,
-    switchToTenant: ct,
-    refreshUserTenants: ut
+    requestPasswordReset: K,
+    confirmPasswordReset: Y,
+    refreshToken: We,
+    logout: Fe,
+    setTokens: Ne,
+    hasValidSession: ht,
+    clearSession: pt,
+    loadUserData: U,
+    refreshUser: () => U(),
+    refreshRoles: ft,
+    switchToTenant: mt,
+    refreshUserTenants: gt
   };
-  const dt = q(
+  const yt = V(
     () => ({
       login: (w) => $.current.login(w),
       signup: (w) => $.current.signup(w),
@@ -1293,100 +1436,100 @@ function pr({ config: r = {}, children: e }) {
       loadUserData: (w) => $.current.loadUserData(w),
       refreshUser: () => $.current.refreshUser(),
       refreshRoles: () => $.current.refreshRoles(),
-      switchToTenant: (w, U) => $.current.switchToTenant(w, U),
+      switchToTenant: (w, M) => $.current.switchToTenant(w, M),
       refreshUserTenants: () => $.current.refreshUserTenants()
     }),
     []
-  ), ht = q(() => {
-    const w = (U) => !H || H.length === 0 ? !1 : typeof U == "string" ? H.includes(U) : H.includes(`${U.resource}.${U.action}`);
+  ), bt = V(() => {
+    const w = (M) => !H || H.length === 0 ? !1 : typeof M == "string" ? H.includes(M) : H.includes(`${M.resource}.${M.action}`);
     return {
       isAuthenticated: j,
       isAuthInitializing: !y,
       isAuthReady: y,
-      currentUser: E,
+      currentUser: x,
       isUserLoading: I,
-      userError: S,
-      userRole: L,
+      userError: k,
+      userRole: F,
       userPermissions: H,
-      availableRoles: P,
-      rolesLoading: k,
+      availableRoles: R,
+      rolesLoading: S,
       userTenants: g,
       hasTenantContext: Z,
       sessionManager: o,
       authenticatedHttpService: u,
       hasPermission: w,
-      hasAnyPermission: (U) => U.some((z) => w(z)),
-      hasAllPermissions: (U) => U.every((z) => w(z)),
+      hasAnyPermission: (M) => M.some((z) => w(z)),
+      hasAllPermissions: (M) => M.every((z) => w(z)),
       getUserPermissionStrings: () => H || []
     };
   }, [
     j,
     y,
-    E,
+    x,
     I,
-    S,
-    L,
-    H,
-    P,
     k,
+    F,
+    H,
+    R,
+    S,
     g,
     Z,
     o,
     u
   ]);
-  return ne(() => {
+  return re(() => {
     if (r.initialRoles || !a) return;
     let w = !1;
-    return h(!0), ie.getRolesByApp(a).then(({ roles: U }) => {
-      w || c(U);
-    }).catch((U) => {
-      process.env.NODE_ENV === "development" && console.error("[AuthProvider] Failed to fetch roles:", U);
+    return h(!0), se.getRolesByApp(a).then(({ roles: M }) => {
+      w || c(M);
+    }).catch((M) => {
+      process.env.NODE_ENV === "development" && console.error("[AuthProvider] Failed to fetch roles:", M);
     }).finally(() => {
       w || h(!1);
     }), () => {
       w = !0;
     };
-  }, [a, r.initialRoles, ie]), ne(() => {
+  }, [a, r.initialRoles, se]), re(() => {
     let w = !1;
     return (async () => {
-      var _;
-      if (!o.hasValidSession() && ((_ = o.getTokens()) != null && _.refreshToken) && await o.waitForPendingRefresh(), w || !o.hasValidSession() && !o.getTokens() && r.enableCookieSession && (await o.attemptCookieSessionRestore(), w))
+      var O;
+      if (!o.hasValidSession() && ((O = o.getTokens()) != null && O.refreshToken) && await o.waitForPendingRefresh(), w || !o.hasValidSession() && !o.getTokens() && r.enableCookieSession && (await o.attemptCookieSessionRestore(), w))
         return;
       const z = o.getUser();
-      z && o.hasValidSession() && R(z), x(!1);
+      z && o.hasValidSession() && P(z), E(!1);
     })(), () => {
       w = !0;
     };
-  }, [o, r.enableCookieSession]), ne(() => {
-    !E && !I && !S && o.hasValidSession() ? $.current.loadUserData().catch(() => {
+  }, [o, r.enableCookieSession]), re(() => {
+    !x && !I && !k && o.hasValidSession() ? $.current.loadUserData().catch(() => {
     }).finally(() => {
-      x(!1);
-    }) : x(!1);
-  }, [E, I, S, o]), /* @__PURE__ */ s(Pe.Provider, { value: dt, children: /* @__PURE__ */ s(Ee.Provider, { value: ht, children: e }) });
+      E(!1);
+    }) : E(!1);
+  }, [x, I, k, o]), /* @__PURE__ */ s(Ie.Provider, { value: yt, children: /* @__PURE__ */ s(Pe.Provider, { value: bt, children: e }) });
 }
-function fr() {
-  const r = se(Ee);
+function Pr() {
+  const r = ne(Pe);
   if (!r)
     throw new Error("useAuthState must be used within an AuthProvider");
   return r;
 }
-function mr() {
-  const r = se(Pe);
+function Ir() {
+  const r = ne(Ie);
   if (!r)
     throw new Error("useAuthActions must be used within an AuthProvider");
   return r;
 }
-function ue() {
-  const r = se(Ee), e = se(Pe);
+function de() {
+  const r = ne(Pe), e = ne(Ie);
   if (!r || !e)
     throw new Error("useAuth must be used within an AuthProvider");
-  return q(() => ({ ...r, ...e }), [r, e]);
+  return V(() => ({ ...r, ...e }), [r, e]);
 }
-function Me() {
-  const r = se(Ee), e = se(Pe);
-  return q(() => !r || !e ? null : { ...r, ...e }, [r, e]);
+function Oe() {
+  const r = ne(Pe), e = ne(Ie);
+  return V(() => !r || !e ? null : { ...r, ...e }, [r, e]);
 }
-class Pt {
+class Ot {
   constructor(e) {
     this.httpService = e;
   }
@@ -1398,7 +1541,7 @@ class Pt {
   }
   async getFeatureFlags(e) {
     const t = await this.httpService.get(
-      `/feature-flags/${le(e)}`
+      `/feature-flags/${ce(e)}`
     );
     return { featureFlags: t.data, meta: t.meta };
   }
@@ -1417,7 +1560,7 @@ class Pt {
   async getTenantFeatureFlags(e, t) {
     if (!e || !t)
       throw new Error("Tenant ID and App ID are required");
-    const n = le({ tenantId: e, appId: t });
+    const n = ce({ tenantId: e, appId: t });
     return (await this.httpService.get(
       `/tenant-feature-flags${n}`,
       { headers: { "X-Tenant-ID": e }, skipAuth: !0 }
@@ -1426,18 +1569,18 @@ class Pt {
   async getTenantFeatureFlag(e, t, n) {
     if (!e || !t || !n)
       throw new Error("Flag Key, Tenant ID and App ID are required");
-    const i = le({ tenantId: t, appId: n });
+    const i = ce({ tenantId: t, appId: n });
     return (await this.httpService.get(
       `/tenant-feature-flags/${e}${i}`,
       { headers: { "X-Tenant-ID": t }, skipAuth: !0 }
     )).data;
   }
 }
-const Be = pe(null);
-function gr({ config: r = {}, children: e }) {
-  const t = Ce(), n = he(), i = (t == null ? void 0 : t.baseUrl) ?? "", a = (t == null ? void 0 : t.appId) ?? "", l = (n == null ? void 0 : n.tenant) ?? null, [d, T] = N([]), [P, c] = N(!1), [k, h] = N(null), [E, R] = N(!1), I = q(() => {
-    const m = new de(i);
-    return new Pt(m);
+const Ve = fe(null);
+function Lr({ config: r = {}, children: e }) {
+  const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? "", a = (t == null ? void 0 : t.appId) ?? "", l = (n == null ? void 0 : n.tenant) ?? null, [d, T] = N([]), [R, c] = N(!1), [S, h] = N(null), [x, P] = N(!1), I = V(() => {
+    const m = new he(i);
+    return new Ot(m);
   }, [i]), A = async () => {
     if (!(l != null && l.id)) {
       T([]);
@@ -1454,45 +1597,45 @@ function gr({ config: r = {}, children: e }) {
       c(!1);
     }
   };
-  ne(() => {
+  re(() => {
     if (!i || !a) return;
-    A().finally(() => R(!0));
+    A().finally(() => P(!0));
     const m = r.refreshInterval || 5 * 60 * 1e3, g = setInterval(A, m);
     return () => clearInterval(g);
   }, [l == null ? void 0 : l.id, i, a, r.refreshInterval]);
-  const S = q(() => {
+  const k = V(() => {
     const m = (p) => {
-      const x = d.find((y) => y.key === p);
-      return (x == null ? void 0 : x.value) === !0;
-    }, g = (p) => d.find((x) => x.key === p), b = (p) => {
-      const x = d.find((y) => y.key === p);
-      return x ? x.value ? "enabled" : "disabled" : "not_found";
-    }, D = async () => {
+      const E = d.find((y) => y.key === p);
+      return (E == null ? void 0 : E.value) === !0;
+    }, g = (p) => d.find((E) => E.key === p), b = (p) => {
+      const E = d.find((y) => y.key === p);
+      return E ? E.value ? "enabled" : "disabled" : "not_found";
+    }, C = async () => {
       await A();
-    }, o = !!(i && a) && (E || !(l != null && l.id));
+    }, o = !!(i && a) && (x || !(l != null && l.id));
     return {
       featureFlags: d,
-      loading: P,
-      error: k,
+      loading: R,
+      error: S,
       isReady: o,
       isEnabled: m,
       getFlag: g,
       getFlagState: b,
-      refresh: D
+      refresh: C
     };
-  }, [d, P, k, i, a, l == null ? void 0 : l.id, E]);
-  return /* @__PURE__ */ s(Be.Provider, { value: S, children: e });
+  }, [d, R, S, i, a, l == null ? void 0 : l.id, x]);
+  return /* @__PURE__ */ s(Ve.Provider, { value: k, children: e });
 }
-function At() {
-  const r = se(Be);
+function Vt() {
+  const r = ne(Ve);
   if (!r)
     throw new Error("useFeatureFlags must be used within a FeatureFlagProvider");
   return r;
 }
-function tt() {
-  return se(Be);
+function at() {
+  return ne(Ve);
 }
-class Rt {
+class qt {
   constructor(e) {
     this.httpService = e;
   }
@@ -1532,68 +1675,68 @@ class Rt {
     )).data;
   }
 }
-const Oe = pe(void 0);
-function yr({ config: r = {}, children: e }) {
-  const t = Ce(), n = he(), i = (t == null ? void 0 : t.baseUrl) ?? "", a = (n == null ? void 0 : n.tenant) ?? null, [l, d] = N(null), [T, P] = N(!1), [c, k] = N(null), [h, E] = N(!1), R = q(() => {
-    const S = new de(i);
-    return new Rt(S);
+const qe = fe(void 0);
+function Fr({ config: r = {}, children: e }) {
+  const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? "", a = (n == null ? void 0 : n.tenant) ?? null, [l, d] = N(null), [T, R] = N(!1), [c, S] = N(null), [h, x] = N(!1), P = V(() => {
+    const k = new he(i);
+    return new qt(k);
   }, [i]), I = async () => {
     if (!(a != null && a.id)) {
       d(null);
       return;
     }
-    P(!0), k(null);
+    R(!0), S(null);
     try {
-      const S = await R.getTenantSubscriptionFeatures(a.id);
-      d(S);
-    } catch (S) {
-      const m = S instanceof Error ? S.message : "Failed to fetch subscription";
-      k(m), r.onError && r.onError(S instanceof Error ? S : new Error(m));
+      const k = await P.getTenantSubscriptionFeatures(a.id);
+      d(k);
+    } catch (k) {
+      const m = k instanceof Error ? k.message : "Failed to fetch subscription";
+      S(m), r.onError && r.onError(k instanceof Error ? k : new Error(m));
     } finally {
-      P(!1);
+      R(!1);
     }
   };
-  ne(() => {
-    if (!i || (I().finally(() => E(!0)), !r.refreshInterval)) return;
-    const S = r.refreshInterval || 10 * 60 * 1e3, m = setInterval(I, S);
+  re(() => {
+    if (!i || (I().finally(() => x(!0)), !r.refreshInterval)) return;
+    const k = r.refreshInterval || 10 * 60 * 1e3, m = setInterval(I, k);
     return () => clearInterval(m);
   }, [a == null ? void 0 : a.id, i, r.refreshInterval]);
-  const A = q(() => {
-    const S = (l == null ? void 0 : l.features) || [], m = (x) => {
-      const y = S.find((u) => u.key === x);
+  const A = V(() => {
+    const k = (l == null ? void 0 : l.features) || [], m = (E) => {
+      const y = k.find((u) => u.key === E);
       return y ? y.type === "BOOLEAN" || y.type === "boolean" ? y.value === !0 : !!y.value : !1;
-    }, g = (x) => S.find((y) => y.key === x), b = (x, y) => {
-      const u = S.find((v) => v.key === x);
+    }, g = (E) => k.find((y) => y.key === E), b = (E, y) => {
+      const u = k.find((v) => v.key === E);
       return u ? u.value : y;
-    }, D = (x) => !l || !l.isActive ? !1 : x.includes(l.planId), o = async () => {
+    }, C = (E) => !l || !l.isActive ? !1 : E.includes(l.planId), o = async () => {
       await I();
     }, p = !!i && (h || !(a != null && a.id));
     return {
       subscription: l,
-      features: S,
+      features: k,
       loading: T,
       error: c,
       isReady: p,
       isFeatureEnabled: m,
       getFeature: g,
       getFeatureValue: b,
-      hasAllowedPlan: D,
+      hasAllowedPlan: C,
       refresh: o
     };
   }, [l, T, c, i, a == null ? void 0 : a.id, h]);
-  return /* @__PURE__ */ s(Oe.Provider, { value: A, children: e });
+  return /* @__PURE__ */ s(qe.Provider, { value: A, children: e });
 }
-function It() {
-  const r = se(Oe);
+function zt() {
+  const r = ne(qe);
   if (r === void 0)
     throw new Error("useSubscription must be used within a SubscriptionProvider");
   return r;
 }
-function rt() {
-  return se(Oe) ?? null;
+function lt() {
+  return ne(qe) ?? null;
 }
-var oe = /* @__PURE__ */ ((r) => (r.SUPERUSER = "SUPERUSER", r.TENANT_ADMIN = "TENANT_ADMIN", r.USER = "USER", r))(oe || {});
-const _e = {
+var ae = /* @__PURE__ */ ((r) => (r.SUPERUSER = "SUPERUSER", r.TENANT_ADMIN = "TENANT_ADMIN", r.USER = "USER", r))(ae || {});
+const ze = {
   publicGuest: "/",
   publicUser: "/account",
   publicAdmin: "/admin",
@@ -1601,7 +1744,7 @@ const _e = {
   tenantUser: "/dashboard",
   tenantAdmin: "/admin/dashboard",
   default: "/"
-}, nt = {
+}, ct = {
   // Public/Landing zones
   landing: { tenant: "forbidden", auth: "optional" },
   publicOnly: { tenant: "forbidden", auth: "forbidden" },
@@ -1614,26 +1757,26 @@ const _e = {
   tenantOpen: { tenant: "required", auth: "optional" },
   tenantAuth: { tenant: "required", auth: "required" },
   // User type zones
-  user: { tenant: "required", auth: "required", userType: oe.USER },
-  admin: { tenant: "required", auth: "required", userType: oe.TENANT_ADMIN },
+  user: { tenant: "required", auth: "required", userType: ae.USER },
+  admin: { tenant: "required", auth: "required", userType: ae.TENANT_ADMIN },
   // Fully open
   open: { tenant: "optional", auth: "optional" }
-}, qe = pe(null), Ft = {
-  zoneRoots: _e,
-  presets: nt,
+}, je = fe(null), jt = {
+  zoneRoots: ze,
+  presets: ct,
   loadingFallback: null,
   accessDeniedFallback: null,
   onAccessDenied: void 0,
   returnToParam: "returnTo",
   returnToStorage: "url"
 };
-function br({ config: r = {}, children: e }) {
-  const t = q(() => {
+function Nr({ config: r = {}, children: e }) {
+  const t = V(() => {
     const n = {
-      ..._e,
+      ...ze,
       ...r.zoneRoots
     }, i = {
-      ...nt,
+      ...ct,
       ...r.presets
     };
     return {
@@ -1646,18 +1789,18 @@ function br({ config: r = {}, children: e }) {
       returnToStorage: r.returnToStorage ?? "url"
     };
   }, [r]);
-  return /* @__PURE__ */ s(qe.Provider, { value: t, children: e });
+  return /* @__PURE__ */ s(je.Provider, { value: t, children: e });
 }
-function wr() {
-  const r = se(qe);
+function Cr() {
+  const r = ne(je);
   if (!r)
     throw new Error("useRouting must be used within a RoutingProvider");
   return r;
 }
-function Lt() {
-  return se(qe) ?? Ft;
+function Wt() {
+  return ne(je) ?? jt;
 }
-const Je = () => /* @__PURE__ */ f(
+const tt = () => /* @__PURE__ */ f(
   "div",
   {
     style: {
@@ -1694,7 +1837,7 @@ const Je = () => /* @__PURE__ */ f(
       )
     ]
   }
-), Ze = ({
+), rt = ({
   userType: r,
   minUserType: e,
   missingPermissions: t
@@ -1735,36 +1878,36 @@ const Je = () => /* @__PURE__ */ f(
       ] })
     ]
   }
-), Nt = (r, e) => {
+), Gt = (r, e) => {
   const t = {
-    [oe.USER]: 1,
-    [oe.TENANT_ADMIN]: 2,
-    [oe.SUPERUSER]: 3
+    [ae.USER]: 1,
+    [ae.TENANT_ADMIN]: 2,
+    [ae.SUPERUSER]: 3
   };
   return t[r] >= t[e];
 };
-function vr({
+function Dr({
   children: r,
   fallback: e,
   minUserType: t,
   requiredPermissions: n,
   requireAllPermissions: i = !1
 }) {
-  const { hasValidSession: a, sessionManager: l, hasPermission: d, hasAnyPermission: T, hasAllPermissions: P } = ue();
+  const { hasValidSession: a, sessionManager: l, hasPermission: d, hasAnyPermission: T, hasAllPermissions: R } = de();
   if (!a())
-    return /* @__PURE__ */ s(B, { children: e || /* @__PURE__ */ s(Je, {}) });
+    return /* @__PURE__ */ s(B, { children: e || /* @__PURE__ */ s(tt, {}) });
   const c = l.getUser();
   if (!c)
-    return /* @__PURE__ */ s(B, { children: e || /* @__PURE__ */ s(Je, {}) });
-  if (t && !Nt(c.userType, t))
-    return /* @__PURE__ */ s(Ze, { userType: c.userType, minUserType: t });
-  if (n && n.length > 0 && !(i ? P(n) : T(n))) {
-    const h = n.filter((E) => !d(E)).map((E) => typeof E == "string" ? E : E.name);
-    return /* @__PURE__ */ s(Ze, { missingPermissions: h });
+    return /* @__PURE__ */ s(B, { children: e || /* @__PURE__ */ s(tt, {}) });
+  if (t && !Gt(c.userType, t))
+    return /* @__PURE__ */ s(rt, { userType: c.userType, minUserType: t });
+  if (n && n.length > 0 && !(i ? R(n) : T(n))) {
+    const h = n.filter((x) => !d(x)).map((x) => typeof x == "string" ? x : x.name);
+    return /* @__PURE__ */ s(rt, { missingPermissions: h });
   }
   return /* @__PURE__ */ s(B, { children: r });
 }
-const Dt = ({ redirectPath: r }) => /* @__PURE__ */ s(
+const Ht = ({ redirectPath: r }) => /* @__PURE__ */ s(
   "div",
   {
     style: {
@@ -1800,7 +1943,7 @@ const Dt = ({ redirectPath: r }) => /* @__PURE__ */ s(
       }
     )
   }
-), Ke = ({
+), nt = ({
   userType: r,
   requiredUserType: e,
   missingPermissions: t
@@ -1851,8 +1994,8 @@ const Dt = ({ redirectPath: r }) => /* @__PURE__ */ s(
       }
     )
   }
-), Ct = (r, e) => r === e;
-function Tr({
+), Qt = (r, e) => r === e;
+function Mr({
   children: r,
   redirectTo: e = "/login",
   requiredUserType: t,
@@ -1860,34 +2003,34 @@ function Tr({
   requireAllPermissions: i = !1,
   fallback: a
 }) {
-  const { hasValidSession: l, sessionManager: d, hasPermission: T, hasAnyPermission: P, hasAllPermissions: c } = ue(), k = Se();
-  if (ne(() => {
+  const { hasValidSession: l, sessionManager: d, hasPermission: T, hasAnyPermission: R, hasAllPermissions: c } = de(), S = xe();
+  if (re(() => {
     process.env.NODE_ENV === "development" && console.warn(
       "[react-identity-access] ProtectedRoute is deprecated. Use AuthenticatedZone or AdminZone from ZoneRoute instead."
     );
   }, []), !l())
     return a ? /* @__PURE__ */ s(B, { children: a }) : /* @__PURE__ */ f(B, { children: [
-      /* @__PURE__ */ s(Dt, { redirectPath: e }),
-      /* @__PURE__ */ s(ge, { to: e, state: { from: k.pathname }, replace: !0 })
+      /* @__PURE__ */ s(Ht, { redirectPath: e }),
+      /* @__PURE__ */ s(be, { to: e, state: { from: S.pathname }, replace: !0 })
     ] });
   const h = d.getUser();
   if (!h)
-    return /* @__PURE__ */ s(ge, { to: e, state: { from: k.pathname }, replace: !0 });
-  if (t && !Ct(h.userType, t))
+    return /* @__PURE__ */ s(be, { to: e, state: { from: S.pathname }, replace: !0 });
+  if (t && !Qt(h.userType, t))
     return /* @__PURE__ */ s(
-      Ke,
+      nt,
       {
         userType: h.userType,
         requiredUserType: t
       }
     );
-  if (n && n.length > 0 && !(i ? c(n) : P(n))) {
-    const R = n.filter((I) => !T(I)).map((I) => typeof I == "string" ? I : I.name);
-    return /* @__PURE__ */ s(Ke, { missingPermissions: R });
+  if (n && n.length > 0 && !(i ? c(n) : R(n))) {
+    const P = n.filter((I) => !T(I)).map((I) => typeof I == "string" ? I : I.name);
+    return /* @__PURE__ */ s(nt, { missingPermissions: P });
   }
   return /* @__PURE__ */ s(B, { children: r });
 }
-const Ut = ({ redirectPath: r }) => /* @__PURE__ */ s(
+const Jt = ({ redirectPath: r }) => /* @__PURE__ */ s(
   "div",
   {
     style: {
@@ -1924,18 +2067,18 @@ const Ut = ({ redirectPath: r }) => /* @__PURE__ */ s(
     )
   }
 );
-function kr({ children: r, redirectTo: e = "/", fallback: t }) {
-  const { tenant: n, isLoading: i, error: a } = et(), l = Se();
-  return ne(() => {
+function $r({ children: r, redirectTo: e = "/", fallback: t }) {
+  const { tenant: n, isLoading: i, error: a } = ot(), l = xe();
+  return re(() => {
     process.env.NODE_ENV === "development" && console.warn(
       "[react-identity-access] TenantRoute is deprecated. Use TenantZone from ZoneRoute instead."
     );
   }, []), i || a ? null : n ? /* @__PURE__ */ s(B, { children: r }) : t ? /* @__PURE__ */ s(B, { children: t }) : /* @__PURE__ */ f(B, { children: [
-    /* @__PURE__ */ s(Ut, { redirectPath: e }),
-    /* @__PURE__ */ s(ge, { to: e, state: { from: l.pathname }, replace: !0 })
+    /* @__PURE__ */ s(Jt, { redirectPath: e }),
+    /* @__PURE__ */ s(be, { to: e, state: { from: l.pathname }, replace: !0 })
   ] });
 }
-const $t = ({ redirectPath: r }) => /* @__PURE__ */ s(
+const Zt = ({ redirectPath: r }) => /* @__PURE__ */ s(
   "div",
   {
     style: {
@@ -1972,41 +2115,41 @@ const $t = ({ redirectPath: r }) => /* @__PURE__ */ s(
     )
   }
 );
-function Sr({ children: r, redirectTo: e = "/dashboard", fallback: t }) {
-  const { tenant: n, isLoading: i, error: a } = et(), l = Se();
-  return ne(() => {
+function Ur({ children: r, redirectTo: e = "/dashboard", fallback: t }) {
+  const { tenant: n, isLoading: i, error: a } = ot(), l = xe();
+  return re(() => {
     process.env.NODE_ENV === "development" && console.warn(
       "[react-identity-access] LandingRoute is deprecated. Use PublicZone from ZoneRoute instead."
     );
   }, []), i || a ? null : n ? t ? /* @__PURE__ */ s(B, { children: t }) : /* @__PURE__ */ f(B, { children: [
-    /* @__PURE__ */ s($t, { redirectPath: e }),
-    /* @__PURE__ */ s(ge, { to: e, state: { from: l.pathname }, replace: !0 })
+    /* @__PURE__ */ s(Zt, { redirectPath: e }),
+    /* @__PURE__ */ s(be, { to: e, state: { from: l.pathname }, replace: !0 })
   ] }) : /* @__PURE__ */ s(B, { children: r });
 }
-function Mt(r, e) {
+function Kt(r, e) {
   return e ? r ? Array.isArray(e) ? e.includes(r) : r === e : !1 : !0;
 }
-function Ye(r, e) {
+function st(r, e) {
   return !r || r === "optional" ? "skip" : r === "required" ? e ? "pass" : "fail" : r === "forbidden" ? e ? "fail" : "pass" : "skip";
 }
-function Bt(r, e) {
-  return Ye(r.tenant, e.hasTenant) === "fail" ? e.hasTenant ? "has_tenant" : "no_tenant" : Ye(r.auth, e.isAuthenticated) === "fail" ? e.isAuthenticated ? "already_authenticated" : "not_authenticated" : r.userType && e.isAuthenticated && !Mt(e.userType, r.userType) ? "wrong_user_type" : r.permissions && r.permissions.length > 0 && !(r.requireAllPermissions !== !1 ? (a) => a.every((l) => e.permissions.includes(l)) : (a) => a.some((l) => e.permissions.includes(l)))(r.permissions) ? "missing_permissions" : null;
+function Yt(r, e) {
+  return st(r.tenant, e.hasTenant) === "fail" ? e.hasTenant ? "has_tenant" : "no_tenant" : st(r.auth, e.isAuthenticated) === "fail" ? e.isAuthenticated ? "already_authenticated" : "not_authenticated" : r.userType && e.isAuthenticated && !Kt(e.userType, r.userType) ? "wrong_user_type" : r.permissions && r.permissions.length > 0 && !(r.requireAllPermissions !== !1 ? (a) => a.every((l) => e.permissions.includes(l)) : (a) => a.some((l) => e.permissions.includes(l)))(r.permissions) ? "missing_permissions" : null;
 }
-function Ot(r, e) {
-  return r.hasTenant ? r.isAuthenticated ? r.userType === oe.TENANT_ADMIN ? e.tenantAdmin : e.tenantUser : e.tenantGuest : r.isAuthenticated ? r.userType === oe.TENANT_ADMIN ? e.publicAdmin : e.publicUser : e.publicGuest;
+function Xt(r, e) {
+  return r.hasTenant ? r.isAuthenticated ? r.userType === ae.TENANT_ADMIN ? e.tenantAdmin : e.tenantUser : e.tenantGuest : r.isAuthenticated ? r.userType === ae.TENANT_ADMIN ? e.publicAdmin : e.publicUser : e.publicGuest;
 }
-function _t(r, e, t, n, i) {
+function er(r, e, t, n, i) {
   if (!e || i !== "url")
     return r;
   const a = typeof e == "string" ? e : t, l = r.includes("?") ? "&" : "?";
   return `${r}${l}${n}=${encodeURIComponent(a)}`;
 }
-function qt(r, e, t) {
+function tr(r, e, t) {
   if (!r || t === "url") return;
   const n = typeof r == "string" ? r : e, i = "zone_return_to";
   t === "session" ? sessionStorage.setItem(i, n) : t === "local" && localStorage.setItem(i, n);
 }
-const ce = ({
+const ue = ({
   children: r,
   preset: e,
   tenant: t,
@@ -2016,14 +2159,14 @@ const ce = ({
   requireAllPermissions: l = !0,
   returnTo: d,
   onAccessDenied: T,
-  redirectTo: P,
+  redirectTo: R,
   loadingFallback: c,
-  accessDeniedFallback: k
+  accessDeniedFallback: S
 }) => {
-  const h = Se(), { isAuthenticated: E, isAuthInitializing: R, currentUser: I, userPermissions: A } = ue(), { tenant: S, isTenantLoading: m } = be(), g = Lt(), b = q(() => {
+  const h = xe(), { isAuthenticated: x, isAuthInitializing: P, currentUser: I, userPermissions: A } = de(), { tenant: k, isTenantLoading: m } = ve(), g = Wt(), b = V(() => {
     if (e)
       return g.presets[e];
-  }, [e, g.presets]), D = q(
+  }, [e, g.presets]), C = V(
     () => ({
       tenant: t ?? (b == null ? void 0 : b.tenant),
       auth: n ?? (b == null ? void 0 : b.auth),
@@ -2032,29 +2175,29 @@ const ce = ({
       requireAllPermissions: l
     }),
     [t, n, i, a, b, l]
-  ), o = q(
+  ), o = V(
     () => ({
-      hasTenant: !!S,
-      isAuthenticated: E,
+      hasTenant: !!k,
+      isAuthenticated: x,
       userType: I == null ? void 0 : I.userType,
       permissions: A,
-      isLoading: R || m
+      isLoading: P || m
     }),
     [
-      S,
-      E,
+      k,
+      x,
       I == null ? void 0 : I.userType,
       A,
-      R,
+      P,
       m
     ]
-  ), p = q(() => o.isLoading ? null : Bt(D, o), [D, o]), x = q(() => p ? P || Ot(o, g.zoneRoots) : null, [p, P, o, g.zoneRoots]), y = q(() => !p || !x ? null : {
+  ), p = V(() => o.isLoading ? null : Yt(C, o), [C, o]), E = V(() => p ? R || Xt(o, g.zoneRoots) : null, [p, R, o, g.zoneRoots]), y = V(() => !p || !E ? null : {
     type: p,
     required: {
-      tenant: D.tenant,
-      auth: D.auth,
-      userType: D.userType,
-      permissions: D.permissions
+      tenant: C.tenant,
+      auth: C.auth,
+      userType: C.userType,
+      permissions: C.permissions
     },
     current: {
       hasTenant: o.hasTenant,
@@ -2062,12 +2205,12 @@ const ce = ({
       userType: o.userType,
       permissions: o.permissions
     },
-    redirectTo: x
-  }, [p, x, D, o]);
-  if (ne(() => {
+    redirectTo: E
+  }, [p, E, C, o]);
+  if (re(() => {
     y && (T ? T(y) : g.onAccessDenied && g.onAccessDenied(y));
-  }, [y, T, g]), ne(() => {
-    y && d && qt(d, h.pathname + h.search, g.returnToStorage);
+  }, [y, T, g]), re(() => {
+    y && d && tr(d, h.pathname + h.search, g.returnToStorage);
   }, [
     y,
     d,
@@ -2076,21 +2219,21 @@ const ce = ({
     g.returnToStorage
   ]), o.isLoading)
     return /* @__PURE__ */ s(B, { children: c ?? g.loadingFallback ?? null });
-  if (y && x) {
-    const u = k ?? g.accessDeniedFallback;
+  if (y && E) {
+    const u = S ?? g.accessDeniedFallback;
     if (u)
       return /* @__PURE__ */ s(B, { children: u });
-    const v = _t(
-      x,
+    const v = er(
+      E,
       d,
       h.pathname + h.search,
       g.returnToParam,
       g.returnToStorage
     );
-    return /* @__PURE__ */ s(ge, { to: v, replace: !0 });
+    return /* @__PURE__ */ s(be, { to: v, replace: !0 });
   }
   return /* @__PURE__ */ s(B, { children: r });
-}, xr = (r) => /* @__PURE__ */ s(ce, { tenant: "required", ...r }), Er = (r) => /* @__PURE__ */ s(ce, { tenant: "forbidden", ...r }), Pr = (r) => /* @__PURE__ */ s(ce, { auth: "required", ...r }), Ar = (r) => /* @__PURE__ */ s(ce, { auth: "forbidden", ...r }), Rr = (r) => /* @__PURE__ */ s(ce, { auth: "required", userType: oe.TENANT_ADMIN, ...r }), Ir = (r) => /* @__PURE__ */ s(ce, { auth: "required", userType: oe.USER, ...r }), Fr = (r) => /* @__PURE__ */ s(ce, { tenant: "optional", auth: "optional", ...r }), Lr = (r) => /* @__PURE__ */ s(ce, { tenant: "required", auth: "required", ...r }), Nr = (r) => /* @__PURE__ */ s(ce, { tenant: "required", auth: "optional", ...r }), Dr = (r) => /* @__PURE__ */ s(ce, { tenant: "required", auth: "forbidden", ...r }), Vt = () => /* @__PURE__ */ f(
+}, Br = (r) => /* @__PURE__ */ s(ue, { tenant: "required", ...r }), _r = (r) => /* @__PURE__ */ s(ue, { tenant: "forbidden", ...r }), Or = (r) => /* @__PURE__ */ s(ue, { auth: "required", ...r }), Vr = (r) => /* @__PURE__ */ s(ue, { auth: "forbidden", ...r }), qr = (r) => /* @__PURE__ */ s(ue, { auth: "required", userType: ae.TENANT_ADMIN, ...r }), zr = (r) => /* @__PURE__ */ s(ue, { auth: "required", userType: ae.USER, ...r }), jr = (r) => /* @__PURE__ */ s(ue, { tenant: "optional", auth: "optional", ...r }), Wr = (r) => /* @__PURE__ */ s(ue, { tenant: "required", auth: "required", ...r }), Gr = (r) => /* @__PURE__ */ s(ue, { tenant: "required", auth: "optional", ...r }), Hr = (r) => /* @__PURE__ */ s(ue, { tenant: "required", auth: "forbidden", ...r }), rr = () => /* @__PURE__ */ f(
   "div",
   {
     style: {
@@ -2107,13 +2250,13 @@ const ce = ({
     ]
   }
 );
-function Cr({
+function Qr({
   children: r,
-  fallback: e = /* @__PURE__ */ s(Vt, {}),
+  fallback: e = /* @__PURE__ */ s(rr, {}),
   allowedPlans: t,
   requiredFeature: n
 }) {
-  const { subscription: i, hasAllowedPlan: a, isFeatureEnabled: l, loading: d } = It();
+  const { subscription: i, hasAllowedPlan: a, isFeatureEnabled: l, loading: d } = zt();
   return d ? /* @__PURE__ */ s(
     "div",
     {
@@ -2126,7 +2269,7 @@ function Cr({
     }
   ) : i ? i.isActive ? t && t.length > 0 && !a(t) ? /* @__PURE__ */ s(B, { children: e }) : n && !l(n) ? /* @__PURE__ */ s(B, { children: e }) : /* @__PURE__ */ s(B, { children: r }) : /* @__PURE__ */ s(B, { children: e }) : /* @__PURE__ */ s(B, { children: e });
 }
-const zt = ({ flagName: r }) => /* @__PURE__ */ f(
+const nr = ({ flagName: r }) => /* @__PURE__ */ f(
   "div",
   {
     style: {
@@ -2153,8 +2296,8 @@ const zt = ({ flagName: r }) => /* @__PURE__ */ f(
     ]
   }
 );
-function Ur({ name: r, children: e, fallback: t }) {
-  const { isEnabled: n, loading: i } = At();
+function Jr({ name: r, children: e, fallback: t }) {
+  const { isEnabled: n, loading: i } = Vt();
   return i ? /* @__PURE__ */ s(
     "div",
     {
@@ -2168,29 +2311,29 @@ function Ur({ name: r, children: e, fallback: t }) {
       },
       children: "Loading feature flags..."
     }
-  ) : n(r) ? /* @__PURE__ */ s(B, { children: e }) : /* @__PURE__ */ s(B, { children: t || /* @__PURE__ */ s(zt, { flagName: r }) });
-}
-function ye(r) {
-  const { submit: e, defaultErrorMessage: t, validate: n, onSuccess: i, onError: a } = r, [l, d] = N(!1), [T, P] = N(""), [c, k] = N({}), h = re((A, S) => {
-    k((m) => ({ ...m, [A]: S }));
-  }, []), E = re((A) => {
-    k((S) => {
-      if (!S[A]) return S;
-      const m = { ...S };
+  ) : n(r) ? /* @__PURE__ */ s(B, { children: e }) : /* @__PURE__ */ s(B, { children: t || /* @__PURE__ */ s(nr, { flagName: r }) });
+}
+function we(r) {
+  const { submit: e, defaultErrorMessage: t, validate: n, onSuccess: i, onError: a } = r, [l, d] = N(!1), [T, R] = N(""), [c, S] = N({}), h = te((A, k) => {
+    S((m) => ({ ...m, [A]: k }));
+  }, []), x = te((A) => {
+    S((k) => {
+      if (!k[A]) return k;
+      const m = { ...k };
       return delete m[A], m;
     });
-  }, []), R = re(() => {
-    P(""), k({});
-  }, []), I = re(
+  }, []), P = te(() => {
+    R(""), S({});
+  }, []), I = te(
     async (A) => {
       if (A && A.preventDefault(), !(n && !n())) {
-        d(!0), P("");
+        d(!0), R("");
         try {
-          const S = await e();
-          return i == null || i(S), S;
-        } catch (S) {
-          const m = S instanceof Error ? S.message : t;
-          P(m), a == null || a(m);
+          const k = await e();
+          return i == null || i(k), k;
+        } catch (k) {
+          const m = k instanceof Error ? k.message : t;
+          R(m), a == null || a(m);
           return;
         } finally {
           d(!1);
@@ -2202,15 +2345,15 @@ function ye(r) {
   return {
     loading: l,
     error: T,
-    setError: P,
+    setError: R,
     fieldErrors: c,
     setFieldError: h,
-    clearFieldError: E,
-    resetErrors: R,
+    clearFieldError: x,
+    resetErrors: P,
     handleSubmit: I
   };
 }
-const Xe = {
+const it = {
   container: {
     maxWidth: "400px",
     width: "100%",
@@ -2374,18 +2517,18 @@ const Xe = {
     color: "#6b7280"
   }
 };
-function Ae(r, e) {
+function Le(r, e) {
   return {
-    ...Xe,
+    ...it,
     ...e,
     button: {
-      ...Xe.button,
+      ...it.button,
       backgroundColor: r,
       ...(e == null ? void 0 : e.button) || {}
     }
   };
 }
-const jt = () => fe.createElement(
+const sr = () => me.createElement(
   "svg",
   {
     width: "16",
@@ -2398,9 +2541,9 @@ const jt = () => fe.createElement(
     strokeLinejoin: "round",
     style: { flexShrink: 0 }
   },
-  fe.createElement("path", { d: "M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z" }),
-  fe.createElement("circle", { cx: "12", cy: "12", r: "3" })
-), Wt = () => fe.createElement(
+  me.createElement("path", { d: "M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z" }),
+  me.createElement("circle", { cx: "12", cy: "12", r: "3" })
+), ir = () => me.createElement(
   "svg",
   {
     width: "16",
@@ -2413,14 +2556,14 @@ const jt = () => fe.createElement(
     strokeLinejoin: "round",
     style: { flexShrink: 0 }
   },
-  fe.createElement("path", {
+  me.createElement("path", {
     d: "M17.94 17.94A10.07 10.07 0 0 1 12 20c-7 0-11-8-11-8a18.45 18.45 0 0 1 5.06-5.94M9.9 4.24A9.12 9.12 0 0 1 12 4c7 0 11 8 11 8a18.5 18.5 0 0 1-2.16 3.19m-6.72-1.07a3 3 0 1 1-4.24-4.24"
   }),
-  fe.createElement("line", { x1: "1", y1: "1", x2: "23", y2: "23" })
-), Gt = {
-  showPassword: /* @__PURE__ */ s(jt, {}),
-  hidePassword: /* @__PURE__ */ s(Wt, {})
-}, Ht = {
+  me.createElement("line", { x1: "1", y1: "1", x2: "23", y2: "23" })
+), or = {
+  showPassword: /* @__PURE__ */ s(sr, {}),
+  hidePassword: /* @__PURE__ */ s(ir, {})
+}, ar = {
   title: "Sign In",
   usernameLabel: "Email or Phone",
   usernamePlaceholder: "Enter your email or phone number",
@@ -2439,7 +2582,7 @@ const jt = () => fe.createElement(
   showPasswordAriaLabel: "Show password",
   hidePasswordAriaLabel: "Hide password"
 };
-function $r({
+function Zr({
   copy: r = {},
   styles: e = {},
   icons: t = {},
@@ -2449,28 +2592,28 @@ function $r({
   onSignupClick: l,
   onMagicLinkClick: d,
   showForgotPassword: T = !0,
-  showSignupLink: P = !0,
+  showSignupLink: R = !0,
   showMagicLinkOption: c = !0,
-  className: k
+  className: S
 }) {
-  const [h, E] = N(""), [R, I] = N(""), [A, S] = N(!1), { login: m } = ue(), g = { ...Ht, ...r }, b = Ae("#3b82f6", e), D = { ...Gt, ...t }, o = ye({
+  const [h, x] = N(""), [P, I] = N(""), [A, k] = N(!1), { login: m } = de(), g = { ...ar, ...r }, b = Le("#3b82f6", e), C = { ...or, ...t }, o = we({
     defaultErrorMessage: g.errorMessage,
     validate: () => {
       const u = [];
-      return h.trim() || u.push("username"), R.trim() || u.push("password"), u.forEach((v) => o.setFieldError(v, !0)), u.length === 0;
+      return h.trim() || u.push("username"), P.trim() || u.push("password"), u.forEach((v) => o.setFieldError(v, !0)), u.length === 0;
     },
-    submit: () => m({ username: h, password: R }),
+    submit: () => m({ username: h, password: P }),
     onSuccess: n,
     onError: i
   }), p = (u) => ({
     ...b.input,
     ...o.fieldErrors[u] ? b.inputError : {}
-  }), x = !h || !R || o.loading, y = {
+  }), E = !h || !P || o.loading, y = {
     ...b.button,
     ...o.loading ? b.buttonLoading : {},
-    ...x ? b.buttonDisabled : {}
+    ...E ? b.buttonDisabled : {}
   };
-  return /* @__PURE__ */ f("div", { className: k, style: b.container, children: [
+  return /* @__PURE__ */ f("div", { className: S, style: b.container, children: [
     /* @__PURE__ */ s("h2", { style: b.title, children: g.title }),
     /* @__PURE__ */ f("form", { onSubmit: o.handleSubmit, style: b.form, children: [
       /* @__PURE__ */ f("div", { style: b.fieldGroup, children: [
@@ -2483,7 +2626,7 @@ function $r({
             type: "text",
             value: h,
             onChange: (u) => {
-              E(u.target.value), o.clearFieldError("username");
+              x(u.target.value), o.clearFieldError("username");
             },
             placeholder: g.usernamePlaceholder,
             style: p("username"),
@@ -2500,7 +2643,7 @@ function $r({
               id: "password",
               name: "password",
               type: A ? "text" : "password",
-              value: R,
+              value: P,
               onChange: (u) => {
                 I(u.target.value), o.clearFieldError("password");
               },
@@ -2513,19 +2656,19 @@ function $r({
             "button",
             {
               type: "button",
-              onClick: () => S(!A),
+              onClick: () => k(!A),
               style: b.passwordToggle,
               disabled: o.loading,
               "aria-label": A ? g.hidePasswordAriaLabel : g.showPasswordAriaLabel,
-              children: A ? D.hidePassword : D.showPassword
+              children: A ? C.hidePassword : C.showPassword
             }
           )
         ] })
       ] }),
-      /* @__PURE__ */ s("button", { type: "submit", disabled: x, style: y, children: o.loading ? g.loadingText : g.submitButton }),
+      /* @__PURE__ */ s("button", { type: "submit", disabled: E, style: y, children: o.loading ? g.loadingText : g.submitButton }),
       o.error && /* @__PURE__ */ s("div", { style: b.errorText, children: o.error })
     ] }),
-    (T || P || c) && /* @__PURE__ */ f("div", { style: b.linkContainer, children: [
+    (T || R || c) && /* @__PURE__ */ f("div", { style: b.linkContainer, children: [
       c && /* @__PURE__ */ f("div", { children: [
         /* @__PURE__ */ f("span", { style: b.divider, children: [
           g.magicLinkText,
@@ -2533,10 +2676,10 @@ function $r({
         ] }),
         /* @__PURE__ */ s("a", { onClick: d, style: b.link, children: g.magicLinkLink })
       ] }),
-      c && (T || P) && /* @__PURE__ */ s("div", { style: b.divider, children: g.dividerBullet }),
+      c && (T || R) && /* @__PURE__ */ s("div", { style: b.divider, children: g.dividerBullet }),
       T && /* @__PURE__ */ s("a", { onClick: a, style: b.link, children: g.forgotPasswordLink }),
-      T && P && /* @__PURE__ */ s("div", { style: b.divider, children: g.dividerBullet }),
-      P && /* @__PURE__ */ f("div", { children: [
+      T && R && /* @__PURE__ */ s("div", { style: b.divider, children: g.dividerBullet }),
+      R && /* @__PURE__ */ f("div", { children: [
         /* @__PURE__ */ f("span", { style: b.divider, children: [
           g.signupText,
           " "
@@ -2546,7 +2689,7 @@ function $r({
     ] })
   ] });
 }
-const Qt = {
+const lr = {
   title: "Create Account",
   nameLabel: "First Name",
   namePlaceholder: "Enter your first name",
@@ -2576,7 +2719,7 @@ const Qt = {
   tenantNotFoundError: "Tenant not found",
   dividerBullet: "•"
 };
-function Mr({
+function Kr({
   copy: r = {},
   styles: e = {},
   signupType: t = "user",
@@ -2586,24 +2729,24 @@ function Mr({
   onMagicLinkClick: l,
   showLoginLink: d = !0,
   showMagicLinkOption: T = !0,
-  className: P
+  className: R
 }) {
-  var M;
-  const [c, k] = N(""), [h, E] = N(""), [R, I] = N(""), [A, S] = N(""), [m, g] = N(""), [b, D] = N(""), [o, p] = N(""), { signup: x, signupTenantAdmin: y } = ue(), u = ((M = he()) == null ? void 0 : M.tenant) ?? null, v = { ...Qt, ...r }, C = Ae("#10b981", e), ie = !!c && (!!R || !!A) && !!m && !!b && (t === "user" || !!o), L = ye({
+  var U;
+  const [c, S] = N(""), [h, x] = N(""), [P, I] = N(""), [A, k] = N(""), [m, g] = N(""), [b, C] = N(""), [o, p] = N(""), { signup: E, signupTenantAdmin: y } = de(), u = ((U = pe()) == null ? void 0 : U.tenant) ?? null, v = { ...lr, ...r }, D = Le("#10b981", e), se = !!c && (!!P || !!A) && !!m && !!b && (t === "user" || !!o), F = we({
     defaultErrorMessage: v.errorMessage,
     validate: () => {
-      const F = [];
-      return c.trim() || F.push("name"), !R.trim() && !A.trim() && (F.push("email"), F.push("phoneNumber")), m.trim() || F.push("password"), b.trim() || F.push("confirmPassword"), t === "tenant" && !o.trim() && F.push("tenantName"), F.forEach((V) => L.setFieldError(V, !0)), F.length > 0 ? !1 : m !== b ? (L.setError(v.passwordMismatchError), L.setFieldError("confirmPassword", !0), !1) : t === "user" && !(u != null && u.id) ? (L.setError(v.tenantNotFoundError), !1) : !0;
+      const L = [];
+      return c.trim() || L.push("name"), !P.trim() && !A.trim() && (L.push("email"), L.push("phoneNumber")), m.trim() || L.push("password"), b.trim() || L.push("confirmPassword"), t === "tenant" && !o.trim() && L.push("tenantName"), L.forEach((q) => F.setFieldError(q, !0)), L.length > 0 ? !1 : m !== b ? (F.setError(v.passwordMismatchError), F.setFieldError("confirmPassword", !0), !1) : t === "user" && !(u != null && u.id) ? (F.setError(v.tenantNotFoundError), !1) : !0;
     },
     submit: async () => t === "tenant" ? y({
-      email: R || void 0,
+      email: P || void 0,
       phoneNumber: A || void 0,
       name: c,
       password: m,
       tenantName: o,
       lastName: h || void 0
-    }) : x({
-      email: R || void 0,
+    }) : E({
+      email: P || void 0,
       phoneNumber: A || void 0,
       name: c,
       password: m,
@@ -2612,21 +2755,21 @@ function Mr({
     }),
     onSuccess: n,
     onError: i
-  }), H = (F) => ({
-    ...C.input,
-    ...L.fieldErrors[F] ? C.inputError : {}
-  }), j = !ie || L.loading, Z = {
-    ...C.button,
-    ...L.loading ? C.buttonLoading : {},
-    ...j ? C.buttonDisabled : {}
+  }), H = (L) => ({
+    ...D.input,
+    ...F.fieldErrors[L] ? D.inputError : {}
+  }), j = !se || F.loading, Z = {
+    ...D.button,
+    ...F.loading ? D.buttonLoading : {},
+    ...j ? D.buttonDisabled : {}
   }, $ = () => {
-    L.clearFieldError("email"), L.clearFieldError("phoneNumber");
+    F.clearFieldError("email"), F.clearFieldError("phoneNumber");
   };
-  return /* @__PURE__ */ f("div", { className: P, style: C.container, children: [
-    /* @__PURE__ */ s("h2", { style: C.title, children: v.title }),
-    /* @__PURE__ */ f("form", { onSubmit: L.handleSubmit, style: C.form, children: [
-      /* @__PURE__ */ f("div", { style: C.fieldGroup, children: [
-        /* @__PURE__ */ s("label", { style: C.label, children: v.nameLabel }),
+  return /* @__PURE__ */ f("div", { className: R, style: D.container, children: [
+    /* @__PURE__ */ s("h2", { style: D.title, children: v.title }),
+    /* @__PURE__ */ f("form", { onSubmit: F.handleSubmit, style: D.form, children: [
+      /* @__PURE__ */ f("div", { style: D.fieldGroup, children: [
+        /* @__PURE__ */ s("label", { style: D.label, children: v.nameLabel }),
         /* @__PURE__ */ s(
           "input",
           {
@@ -2634,17 +2777,17 @@ function Mr({
             name: "name",
             type: "text",
             value: c,
-            onChange: (F) => {
-              k(F.target.value), L.clearFieldError("name");
+            onChange: (L) => {
+              S(L.target.value), F.clearFieldError("name");
             },
             placeholder: v.namePlaceholder,
             style: H("name"),
-            disabled: L.loading
+            disabled: F.loading
           }
         )
       ] }),
-      /* @__PURE__ */ f("div", { style: C.fieldGroup, children: [
-        /* @__PURE__ */ s("label", { style: C.label, children: v.lastNameLabel }),
+      /* @__PURE__ */ f("div", { style: D.fieldGroup, children: [
+        /* @__PURE__ */ s("label", { style: D.label, children: v.lastNameLabel }),
         /* @__PURE__ */ s(
           "input",
           {
@@ -2652,33 +2795,33 @@ function Mr({
             name: "lastName",
             type: "text",
             value: h,
-            onChange: (F) => E(F.target.value),
+            onChange: (L) => x(L.target.value),
             placeholder: v.lastNamePlaceholder,
-            style: C.input,
-            disabled: L.loading
+            style: D.input,
+            disabled: F.loading
           }
         )
       ] }),
-      /* @__PURE__ */ f("div", { style: C.fieldGroup, children: [
-        /* @__PURE__ */ s("label", { style: C.label, children: v.emailLabel }),
+      /* @__PURE__ */ f("div", { style: D.fieldGroup, children: [
+        /* @__PURE__ */ s("label", { style: D.label, children: v.emailLabel }),
         /* @__PURE__ */ s(
           "input",
           {
             id: "email",
             name: "email",
             type: "email",
-            value: R,
-            onChange: (F) => {
-              I(F.target.value), $();
+            value: P,
+            onChange: (L) => {
+              I(L.target.value), $();
             },
             placeholder: v.emailPlaceholder,
             style: H("email"),
-            disabled: L.loading
+            disabled: F.loading
           }
         )
       ] }),
-      /* @__PURE__ */ f("div", { style: C.fieldGroup, children: [
-        /* @__PURE__ */ s("label", { style: C.label, children: v.phoneNumberLabel }),
+      /* @__PURE__ */ f("div", { style: D.fieldGroup, children: [
+        /* @__PURE__ */ s("label", { style: D.label, children: v.phoneNumberLabel }),
         /* @__PURE__ */ s(
           "input",
           {
@@ -2686,18 +2829,18 @@ function Mr({
             name: "phoneNumber",
             type: "tel",
             value: A,
-            onChange: (F) => {
-              S(F.target.value), $();
+            onChange: (L) => {
+              k(L.target.value), $();
             },
             placeholder: v.phoneNumberPlaceholder,
             style: H("phoneNumber"),
-            disabled: L.loading
+            disabled: F.loading
           }
         )
       ] }),
-      /* @__PURE__ */ s("div", { style: C.hintText, children: v.contactMethodHint }),
-      /* @__PURE__ */ f("div", { style: C.fieldGroup, children: [
-        /* @__PURE__ */ s("label", { style: C.label, children: v.passwordLabel }),
+      /* @__PURE__ */ s("div", { style: D.hintText, children: v.contactMethodHint }),
+      /* @__PURE__ */ f("div", { style: D.fieldGroup, children: [
+        /* @__PURE__ */ s("label", { style: D.label, children: v.passwordLabel }),
         /* @__PURE__ */ s(
           "input",
           {
@@ -2705,17 +2848,17 @@ function Mr({
             name: "password",
             type: "password",
             value: m,
-            onChange: (F) => {
-              g(F.target.value), L.clearFieldError("password");
+            onChange: (L) => {
+              g(L.target.value), F.clearFieldError("password");
             },
             placeholder: v.passwordPlaceholder,
             style: H("password"),
-            disabled: L.loading
+            disabled: F.loading
           }
         )
       ] }),
-      /* @__PURE__ */ f("div", { style: C.fieldGroup, children: [
-        /* @__PURE__ */ s("label", { style: C.label, children: v.confirmPasswordLabel }),
+      /* @__PURE__ */ f("div", { style: D.fieldGroup, children: [
+        /* @__PURE__ */ s("label", { style: D.label, children: v.confirmPasswordLabel }),
         /* @__PURE__ */ s(
           "input",
           {
@@ -2723,17 +2866,17 @@ function Mr({
             name: "confirmPassword",
             type: "password",
             value: b,
-            onChange: (F) => {
-              D(F.target.value), L.clearFieldError("confirmPassword"), L.error === v.passwordMismatchError && L.setError("");
+            onChange: (L) => {
+              C(L.target.value), F.clearFieldError("confirmPassword"), F.error === v.passwordMismatchError && F.setError("");
             },
             placeholder: v.confirmPasswordPlaceholder,
             style: H("confirmPassword"),
-            disabled: L.loading
+            disabled: F.loading
           }
         )
       ] }),
-      t === "tenant" && /* @__PURE__ */ f("div", { style: C.fieldGroup, children: [
-        /* @__PURE__ */ s("label", { style: C.label, children: v.tenantNameLabel }),
+      t === "tenant" && /* @__PURE__ */ f("div", { style: D.fieldGroup, children: [
+        /* @__PURE__ */ s("label", { style: D.label, children: v.tenantNameLabel }),
         /* @__PURE__ */ s(
           "input",
           {
@@ -2741,38 +2884,38 @@ function Mr({
             name: "tenantName",
             type: "text",
             value: o,
-            onChange: (F) => {
-              p(F.target.value), L.clearFieldError("tenantName");
+            onChange: (L) => {
+              p(L.target.value), F.clearFieldError("tenantName");
             },
             placeholder: v.tenantNamePlaceholder,
             style: H("tenantName"),
-            disabled: L.loading
+            disabled: F.loading
           }
         )
       ] }),
-      /* @__PURE__ */ s("button", { type: "submit", disabled: j, style: Z, children: L.loading ? v.loadingText : v.submitButton }),
-      L.error && /* @__PURE__ */ s("div", { style: C.errorText, children: L.error })
+      /* @__PURE__ */ s("button", { type: "submit", disabled: j, style: Z, children: F.loading ? v.loadingText : v.submitButton }),
+      F.error && /* @__PURE__ */ s("div", { style: D.errorText, children: F.error })
     ] }),
-    (d || T) && /* @__PURE__ */ f("div", { style: C.linkContainer, children: [
+    (d || T) && /* @__PURE__ */ f("div", { style: D.linkContainer, children: [
       T && /* @__PURE__ */ f("div", { children: [
-        /* @__PURE__ */ f("span", { style: C.divider, children: [
+        /* @__PURE__ */ f("span", { style: D.divider, children: [
           v.magicLinkText,
           " "
         ] }),
-        /* @__PURE__ */ s("a", { onClick: l, style: C.link, children: v.magicLinkLink })
+        /* @__PURE__ */ s("a", { onClick: l, style: D.link, children: v.magicLinkLink })
       ] }),
-      T && d && /* @__PURE__ */ s("div", { style: C.divider, children: v.dividerBullet }),
+      T && d && /* @__PURE__ */ s("div", { style: D.divider, children: v.dividerBullet }),
       d && /* @__PURE__ */ f("div", { children: [
-        /* @__PURE__ */ f("span", { style: C.divider, children: [
+        /* @__PURE__ */ f("span", { style: D.divider, children: [
           v.loginText,
           " "
         ] }),
-        /* @__PURE__ */ s("a", { onClick: a, style: C.link, children: v.loginLink })
+        /* @__PURE__ */ s("a", { onClick: a, style: D.link, children: v.loginLink })
       ] })
     ] })
   ] });
 }
-const Jt = {
+const cr = {
   title: "Sign In with Magic Link",
   emailLabel: "Email",
   emailPlaceholder: "Enter your email",
@@ -2797,7 +2940,7 @@ const Jt = {
   missingTenantOrEmailError: "Missing tenant or email",
   dividerBullet: "•"
 };
-function Br({
+function Yr({
   copy: r = {},
   styles: e = {},
   onSuccess: t,
@@ -2807,37 +2950,37 @@ function Br({
   showTraditionalLinks: l = !0,
   className: d,
   verifyToken: T,
-  frontendUrl: P
+  frontendUrl: R
 }) {
   var H;
-  const [c, k] = N(""), [h, E] = N(""), [R, I] = N(""), [A, S] = N(!1), [m, g] = N(""), [b, D] = N(!1), { sendMagicLink: o, verifyMagicLink: p } = ue(), x = ((H = he()) == null ? void 0 : H.tenant) ?? null, y = { ...Jt, ...r }, u = Ae("#3b82f6", e), v = ye({
+  const [c, S] = N(""), [h, x] = N(""), [P, I] = N(""), [A, k] = N(!1), [m, g] = N(""), [b, C] = N(!1), { sendMagicLink: o, verifyMagicLink: p } = de(), E = ((H = pe()) == null ? void 0 : H.tenant) ?? null, y = { ...cr, ...r }, u = Le("#3b82f6", e), v = we({
     defaultErrorMessage: y.errorMessage,
     validate: () => {
       const j = [];
-      return c.trim() || j.push("email"), b && !h.trim() && j.push("name"), j.forEach((Z) => v.setFieldError(Z, !0)), j.length > 0 ? !1 : x != null && x.id ? !0 : (v.setError(y.tenantNotFoundError), !1);
+      return c.trim() || j.push("email"), b && !h.trim() && j.push("name"), j.forEach((Z) => v.setFieldError(Z, !0)), j.length > 0 ? !1 : E != null && E.id ? !0 : (v.setError(y.tenantNotFoundError), !1);
     },
     submit: async () => {
       g("");
-      const j = P || (typeof window < "u" ? window.location.origin : ""), Z = await o({
+      const j = R || (typeof window < "u" ? window.location.origin : ""), Z = await o({
         email: c,
-        tenantId: x.id,
+        tenantId: E.id,
         frontendUrl: j,
         name: b ? h : void 0,
-        lastName: b ? R : void 0
+        lastName: b ? P : void 0
       });
       return g(y.successMessage), Z;
     },
     onSuccess: t,
     onError: n
   });
-  ne(() => {
+  re(() => {
     if (!T) return;
     (async () => {
-      if (!x || !c) {
+      if (!E || !c) {
         v.setError(y.missingTenantOrEmailError);
         return;
       }
-      S(!0), v.setError("");
+      k(!0), v.setError("");
       try {
         const Z = await p({ token: T, email: c });
         t == null || t(Z);
@@ -2845,17 +2988,17 @@ function Br({
         const $ = Z instanceof Error ? Z.message : "Failed to verify magic link";
         v.setError($), n == null || n($);
       } finally {
-        S(!1);
+        k(!1);
       }
     })();
   }, [T]);
-  const C = (j) => ({
+  const D = (j) => ({
     ...u.input,
     ...v.fieldErrors[j] ? u.inputError : {}
-  }), ie = !c || v.loading || A, L = {
+  }), se = !c || v.loading || A, F = {
     ...u.button,
     ...v.loading || A ? u.buttonLoading : {},
-    ...ie ? u.buttonDisabled : {}
+    ...se ? u.buttonDisabled : {}
   };
   return A ? /* @__PURE__ */ f("div", { className: d, style: u.container, children: [
     /* @__PURE__ */ s("h2", { style: u.title, children: y.verifyingText }),
@@ -2874,10 +3017,10 @@ function Br({
             type: "email",
             value: c,
             onChange: (j) => {
-              k(j.target.value), v.clearFieldError("email");
+              S(j.target.value), v.clearFieldError("email");
             },
             placeholder: y.emailPlaceholder,
-            style: C("email"),
+            style: D("email"),
             disabled: v.loading || A
           }
         )
@@ -2886,7 +3029,7 @@ function Br({
         "button",
         {
           type: "button",
-          onClick: () => D(!0),
+          onClick: () => C(!0),
           style: u.toggleLink,
           children: y.showNameToggle
         }
@@ -2902,10 +3045,10 @@ function Br({
               type: "text",
               value: h,
               onChange: (j) => {
-                E(j.target.value), v.clearFieldError("name");
+                x(j.target.value), v.clearFieldError("name");
               },
               placeholder: y.namePlaceholder,
-              style: C("name"),
+              style: D("name"),
               disabled: v.loading || A
             }
           )
@@ -2918,7 +3061,7 @@ function Br({
               id: "lastName",
               name: "lastName",
               type: "text",
-              value: R,
+              value: P,
               onChange: (j) => I(j.target.value),
               placeholder: y.lastNamePlaceholder,
               style: u.input,
@@ -2931,14 +3074,14 @@ function Br({
           {
             type: "button",
             onClick: () => {
-              D(!1), E(""), I("");
+              C(!1), x(""), I("");
             },
             style: u.toggleLink,
             children: y.hideNameToggle
           }
         ) })
       ] }),
-      /* @__PURE__ */ s("button", { type: "submit", disabled: ie, style: L, children: v.loading ? y.loadingText : y.submitButton }),
+      /* @__PURE__ */ s("button", { type: "submit", disabled: se, style: F, children: v.loading ? y.loadingText : y.submitButton }),
       v.error && /* @__PURE__ */ s("div", { style: u.errorText, children: v.error }),
       m && /* @__PURE__ */ s("div", { style: u.successText, children: m })
     ] }),
@@ -2961,7 +3104,7 @@ function Br({
     ] })
   ] });
 }
-const Zt = {
+const ur = {
   title: "Verifying Magic Link",
   verifyingMessage: "Please wait while we verify your magic link...",
   successMessage: "Magic link verified successfully! You are now logged in.",
@@ -2970,7 +3113,7 @@ const Zt = {
   retryButton: "Try Again",
   backToLoginButton: "Back to Login",
   missingParamsError: "Missing required parameters: token or email"
-}, st = {
+}, ut = {
   container: {
     maxWidth: "400px",
     width: "100%",
@@ -3063,7 +3206,7 @@ const Zt = {
   backButtonHover: {
     backgroundColor: "#e5e7eb"
   }
-}, Kt = () => /* @__PURE__ */ s("div", { style: st.spinner }), Yt = () => /* @__PURE__ */ f(
+}, dr = () => /* @__PURE__ */ s("div", { style: ut.spinner }), hr = () => /* @__PURE__ */ f(
   "svg",
   {
     width: "48",
@@ -3080,7 +3223,7 @@ const Zt = {
       /* @__PURE__ */ s("polyline", { points: "22,4 12,14.01 9,11.01" })
     ]
   }
-), Xt = () => /* @__PURE__ */ f(
+), pr = () => /* @__PURE__ */ f(
   "svg",
   {
     width: "48",
@@ -3098,12 +3241,12 @@ const Zt = {
       /* @__PURE__ */ s("line", { x1: "9", y1: "9", x2: "15", y2: "15" })
     ]
   }
-), er = {
-  loading: /* @__PURE__ */ s(Kt, {}),
-  success: /* @__PURE__ */ s(Yt, {}),
-  error: /* @__PURE__ */ s(Xt, {})
+), fr = {
+  loading: /* @__PURE__ */ s(dr, {}),
+  success: /* @__PURE__ */ s(hr, {}),
+  error: /* @__PURE__ */ s(pr, {})
 };
-function Or({
+function Xr({
   copy: r = {},
   styles: e = {},
   icons: t = {},
@@ -3113,48 +3256,48 @@ function Or({
   onBackToLogin: l,
   className: d,
   token: T,
-  email: P,
+  email: R,
   appId: c,
-  tenantSlug: k,
+  tenantSlug: S,
   autoRedirectDelay: h = 3e3
 }) {
-  const [E, R] = N("verifying"), [I, A] = N(""), { verifyMagicLink: S } = ue(), m = { ...Zt, ...r }, g = { ...st, ...e }, b = { ...er, ...t }, D = () => {
+  const [x, P] = N("verifying"), [I, A] = N(""), { verifyMagicLink: k } = de(), m = { ...ur, ...r }, g = { ...ut, ...e }, b = { ...fr, ...t }, C = () => {
     if (typeof window > "u") return {};
     const u = new URLSearchParams(window.location.search);
     return {
       token: T || u.get("token") || "",
-      email: P || u.get("email") || "",
+      email: R || u.get("email") || "",
       appId: c || u.get("appId") || "",
-      tenantSlug: k || u.get("tenantSlug") || void 0
+      tenantSlug: S || u.get("tenantSlug") || void 0
     };
   }, o = async () => {
-    R("verifying"), A("");
+    P("verifying"), A("");
     try {
-      const u = D();
+      const u = C();
       if (!u.token || !u.email)
         throw new Error(m.missingParamsError);
-      const v = await S({
+      const v = await k({
         token: u.token,
         email: u.email,
         tenantSlug: u.tenantSlug
       });
-      R("success"), n == null || n(v), h > 0 && setTimeout(() => {
-        R("redirecting");
+      P("success"), n == null || n(v), h > 0 && setTimeout(() => {
+        P("redirecting");
       }, h);
     } catch (u) {
       const v = u.message || m.errorMessage;
-      A(v), R("error"), i == null || i(v);
+      A(v), P("error"), i == null || i(v);
     }
   }, p = () => {
     a == null || a(), o();
-  }, x = () => {
+  }, E = () => {
     l == null || l();
   };
-  ne(() => {
+  re(() => {
     o();
   }, []);
   const y = () => {
-    switch (E) {
+    switch (x) {
       case "verifying":
         return /* @__PURE__ */ f("div", { style: g.message, children: [
           b.loading,
@@ -3185,8 +3328,8 @@ function Or({
                 },
                 onMouseOut: (u) => {
                   const v = g.retryButton || {};
-                  Object.keys(g.retryButtonHover || {}).forEach((C) => {
-                    u.currentTarget.style[C] = v[C] ?? "";
+                  Object.keys(g.retryButtonHover || {}).forEach((D) => {
+                    u.currentTarget.style[D] = v[D] ?? "";
                   });
                 },
                 children: m.retryButton
@@ -3195,15 +3338,15 @@ function Or({
             /* @__PURE__ */ s(
               "button",
               {
-                onClick: x,
+                onClick: E,
                 style: g.backButton,
                 onMouseOver: (u) => {
                   Object.assign(u.currentTarget.style, g.backButtonHover);
                 },
                 onMouseOut: (u) => {
                   const v = g.backButton || {};
-                  Object.keys(g.backButtonHover || {}).forEach((C) => {
-                    u.currentTarget.style[C] = v[C] ?? "";
+                  Object.keys(g.backButtonHover || {}).forEach((D) => {
+                    u.currentTarget.style[D] = v[D] ?? "";
                   });
                 },
                 children: m.backToLoginButton
@@ -3226,7 +3369,7 @@ function Or({
     y()
   ] });
 }
-const tr = {
+const mr = {
   title: "Reset Password",
   subtitle: "Enter your email address and we'll send you a link to reset your password.",
   emailLabel: "Email",
@@ -3253,7 +3396,7 @@ const tr = {
   tenantNotFoundError: "Tenant not found",
   dividerBullet: "•"
 };
-function _r({
+function en({
   copy: r = {},
   styles: e = {},
   mode: t = "request",
@@ -3264,32 +3407,32 @@ function _r({
   onModeChange: d,
   className: T
 }) {
-  var ie;
-  const [P, c] = N(""), [k, h] = N(n), [E, R] = N(""), [I, A] = N(""), [S, m] = N(""), { requestPasswordReset: g, confirmPasswordReset: b } = ue(), D = ((ie = he()) == null ? void 0 : ie.tenant) ?? null, o = { ...tr, ...r }, p = Ae("#f59e0b", e), x = ye({
+  var se;
+  const [R, c] = N(""), [S, h] = N(n), [x, P] = N(""), [I, A] = N(""), [k, m] = N(""), { requestPasswordReset: g, confirmPasswordReset: b } = de(), C = ((se = pe()) == null ? void 0 : se.tenant) ?? null, o = { ...mr, ...r }, p = Le("#f59e0b", e), E = we({
     defaultErrorMessage: o.errorMessage,
-    validate: () => P.trim() ? D != null && D.id ? !0 : (x.setError(o.tenantNotFoundError), !1) : (x.setFieldError("email", !0), !1),
+    validate: () => R.trim() ? C != null && C.id ? !0 : (E.setError(o.tenantNotFoundError), !1) : (E.setFieldError("email", !0), !1),
     submit: async () => {
-      m(""), await g({ email: P, tenantId: D.id }), m(o.successMessage);
+      m(""), await g({ email: R, tenantId: C.id }), m(o.successMessage);
     },
     onSuccess: () => i == null ? void 0 : i(),
     onError: a
-  }), y = ye({
+  }), y = we({
     defaultErrorMessage: o.errorMessage,
     validate: () => {
-      const L = [];
-      return k.trim() || L.push("token"), E.trim() || L.push("newPassword"), I.trim() || L.push("confirmPassword"), L.forEach((H) => y.setFieldError(H, !0)), L.length > 0 ? !1 : E !== I ? (y.setError(o.passwordMismatchError), y.setFieldError("confirmPassword", !0), !1) : !0;
+      const F = [];
+      return S.trim() || F.push("token"), x.trim() || F.push("newPassword"), I.trim() || F.push("confirmPassword"), F.forEach((H) => y.setFieldError(H, !0)), F.length > 0 ? !1 : x !== I ? (y.setError(o.passwordMismatchError), y.setFieldError("confirmPassword", !0), !1) : !0;
     },
     submit: async () => {
-      m(""), await b({ token: k, newPassword: E }), m(o.resetSuccessMessage);
+      m(""), await b({ token: S, newPassword: x }), m(o.resetSuccessMessage);
     },
     onSuccess: () => i == null ? void 0 : i(),
     onError: a
   });
   if (t === "reset") {
-    const L = ($) => ({
+    const F = ($) => ({
       ...p.input,
       ...y.fieldErrors[$] ? p.inputError : {}
-    }), j = !(!!k && !!E && !!I) || y.loading, Z = {
+    }), j = !(!!S && !!x && !!I) || y.loading, Z = {
       ...p.button,
       ...y.loading ? p.buttonLoading : {},
       ...j ? p.buttonDisabled : {}
@@ -3304,12 +3447,12 @@ function _r({
             "input",
             {
               type: "text",
-              value: k,
+              value: S,
               onChange: ($) => {
                 h($.target.value), y.clearFieldError("token");
               },
               placeholder: o.tokenPlaceholder,
-              style: L("token"),
+              style: F("token"),
               disabled: y.loading
             }
           )
@@ -3320,12 +3463,12 @@ function _r({
             "input",
             {
               type: "password",
-              value: E,
+              value: x,
               onChange: ($) => {
-                R($.target.value), y.clearFieldError("newPassword");
+                P($.target.value), y.clearFieldError("newPassword");
               },
               placeholder: o.newPasswordPlaceholder,
-              style: L("newPassword"),
+              style: F("newPassword"),
               disabled: y.loading
             }
           )
@@ -3341,14 +3484,14 @@ function _r({
                 A($.target.value), y.clearFieldError("confirmPassword"), y.error === o.passwordMismatchError && y.setError("");
               },
               placeholder: o.confirmPasswordPlaceholder,
-              style: L("confirmPassword"),
+              style: F("confirmPassword"),
               disabled: y.loading
             }
           )
         ] }),
         /* @__PURE__ */ s("button", { type: "submit", disabled: j, style: Z, children: y.loading ? o.resetLoadingText : o.resetSubmitButton }),
         y.error && /* @__PURE__ */ s("div", { style: p.errorText, children: y.error }),
-        S && /* @__PURE__ */ s("div", { style: p.successText, children: S })
+        k && /* @__PURE__ */ s("div", { style: p.successText, children: k })
       ] }),
       /* @__PURE__ */ f("div", { style: p.linkContainer, children: [
         /* @__PURE__ */ s("a", { onClick: l, style: p.link, children: o.backToLoginLink }),
@@ -3359,37 +3502,37 @@ function _r({
       ] })
     ] });
   }
-  const u = (L) => ({
+  const u = (F) => ({
     ...p.input,
-    ...x.fieldErrors[L] ? p.inputError : {}
-  }), v = !P || x.loading, C = {
+    ...E.fieldErrors[F] ? p.inputError : {}
+  }), v = !R || E.loading, D = {
     ...p.button,
-    ...x.loading ? p.buttonLoading : {},
+    ...E.loading ? p.buttonLoading : {},
     ...v ? p.buttonDisabled : {}
   };
   return /* @__PURE__ */ f("div", { className: T, style: p.container, children: [
     /* @__PURE__ */ s("h2", { style: p.title, children: o.title }),
     /* @__PURE__ */ s("p", { style: p.subtitle, children: o.subtitle }),
-    /* @__PURE__ */ f("form", { onSubmit: x.handleSubmit, style: p.form, children: [
+    /* @__PURE__ */ f("form", { onSubmit: E.handleSubmit, style: p.form, children: [
       /* @__PURE__ */ f("div", { style: p.fieldGroup, children: [
         /* @__PURE__ */ s("label", { style: p.label, children: o.emailLabel }),
         /* @__PURE__ */ s(
           "input",
           {
             type: "email",
-            value: P,
-            onChange: (L) => {
-              c(L.target.value), x.clearFieldError("email");
+            value: R,
+            onChange: (F) => {
+              c(F.target.value), E.clearFieldError("email");
             },
             placeholder: o.emailPlaceholder,
             style: u("email"),
-            disabled: x.loading
+            disabled: E.loading
           }
         )
       ] }),
-      /* @__PURE__ */ s("button", { type: "submit", disabled: v, style: C, children: x.loading ? o.loadingText : o.submitButton }),
-      x.error && /* @__PURE__ */ s("div", { style: p.errorText, children: x.error }),
-      S && /* @__PURE__ */ s("div", { style: p.successText, children: S })
+      /* @__PURE__ */ s("button", { type: "submit", disabled: v, style: D, children: E.loading ? o.loadingText : o.submitButton }),
+      E.error && /* @__PURE__ */ s("div", { style: p.errorText, children: E.error }),
+      k && /* @__PURE__ */ s("div", { style: p.successText, children: k })
     ] }),
     /* @__PURE__ */ f("div", { style: p.linkContainer, children: [
       /* @__PURE__ */ s("a", { onClick: l, style: p.link, children: o.backToLoginLink }),
@@ -3400,7 +3543,7 @@ function _r({
     ] })
   ] });
 }
-const rr = () => /* @__PURE__ */ s(
+const gr = () => /* @__PURE__ */ s(
   "div",
   {
     style: {
@@ -3412,7 +3555,7 @@ const rr = () => /* @__PURE__ */ s(
     },
     children: /* @__PURE__ */ s("div", { children: "Loading..." })
   }
-), nr = ({ error: r, retry: e }) => /* @__PURE__ */ f(
+), yr = ({ error: r, retry: e }) => /* @__PURE__ */ f(
   "div",
   {
     style: {
@@ -3446,43 +3589,43 @@ const rr = () => /* @__PURE__ */ s(
     ]
   }
 );
-function qr({
+function tn({
   children: r,
   loadingFallback: e,
   errorFallback: t,
   requireTenant: n = !0
 }) {
-  const { isAppLoading: i, appError: a, retryApp: l } = xe(), d = he(), T = Me(), P = tt(), c = rt(), k = (d == null ? void 0 : d.isTenantLoading) ?? !1, h = (d == null ? void 0 : d.tenantError) ?? null, E = (d == null ? void 0 : d.tenantSlug) ?? null, R = (d == null ? void 0 : d.retryTenant) ?? (() => {
-  }), I = (T == null ? void 0 : T.isAuthReady) ?? !0, A = (P == null ? void 0 : P.isReady) ?? !0, S = (c == null ? void 0 : c.isReady) ?? !0, m = n && d && E, o = i || m && k || T && !I || P && !A || c && !S, p = a || (m ? h : null), x = () => {
-    a && l(), h && d && R();
+  const { isAppLoading: i, appError: a, retryApp: l } = Re(), d = pe(), T = Oe(), R = at(), c = lt(), S = (d == null ? void 0 : d.isTenantLoading) ?? !1, h = (d == null ? void 0 : d.tenantError) ?? null, x = (d == null ? void 0 : d.tenantSlug) ?? null, P = (d == null ? void 0 : d.retryTenant) ?? (() => {
+  }), I = (T == null ? void 0 : T.isAuthReady) ?? !0, A = (R == null ? void 0 : R.isReady) ?? !0, k = (c == null ? void 0 : c.isReady) ?? !0, m = n && d && x, o = i || m && S || T && !I || R && !A || c && !k, p = a || (m ? h : null), E = () => {
+    a && l(), h && d && P();
   };
   if (o)
-    return /* @__PURE__ */ s(B, { children: e || /* @__PURE__ */ s(rr, {}) });
+    return /* @__PURE__ */ s(B, { children: e || /* @__PURE__ */ s(gr, {}) });
   if (p) {
-    const y = typeof t == "function" ? t(p, x) : t || /* @__PURE__ */ s(nr, { error: p, retry: x });
+    const y = typeof t == "function" ? t(p, E) : t || /* @__PURE__ */ s(yr, { error: p, retry: E });
     return /* @__PURE__ */ s(B, { children: y });
   }
   return /* @__PURE__ */ s(B, { children: r });
 }
-function Vr(r = !0) {
-  const { isAppLoading: e, appError: t, retryApp: n, appInfo: i } = xe(), a = he(), l = Me(), d = tt(), T = rt(), P = (a == null ? void 0 : a.isTenantLoading) ?? !1, c = (a == null ? void 0 : a.tenantError) ?? null, k = (a == null ? void 0 : a.tenant) ?? null, h = (a == null ? void 0 : a.tenantSlug) ?? null, E = (a == null ? void 0 : a.retryTenant) ?? (() => {
-  }), R = (l == null ? void 0 : l.isAuthReady) ?? !0, I = (d == null ? void 0 : d.isReady) ?? !0, A = (T == null ? void 0 : T.isReady) ?? !0, S = r && a && h, D = e || S && P || l && !R || d && !I || T && !A, o = t || (S ? c : null);
+function rn(r = !0) {
+  const { isAppLoading: e, appError: t, retryApp: n, appInfo: i } = Re(), a = pe(), l = Oe(), d = at(), T = lt(), R = (a == null ? void 0 : a.isTenantLoading) ?? !1, c = (a == null ? void 0 : a.tenantError) ?? null, S = (a == null ? void 0 : a.tenant) ?? null, h = (a == null ? void 0 : a.tenantSlug) ?? null, x = (a == null ? void 0 : a.retryTenant) ?? (() => {
+  }), P = (l == null ? void 0 : l.isAuthReady) ?? !0, I = (d == null ? void 0 : d.isReady) ?? !0, A = (T == null ? void 0 : T.isReady) ?? !0, k = r && a && h, C = e || k && R || l && !P || d && !I || T && !A, o = t || (k ? c : null);
   return {
-    isLoading: D,
+    isLoading: C,
     error: o,
-    isReady: !D && !o && i !== null && (!S || k !== null),
+    isReady: !C && !o && i !== null && (!k || S !== null),
     retry: () => {
-      t && n(), c && a && E();
+      t && n(), c && a && x();
     },
     // Individual states
     app: { isLoading: e, error: t, data: i },
-    tenant: a ? { isLoading: P, error: c, data: k } : null,
-    auth: l ? { isReady: R } : null,
+    tenant: a ? { isLoading: R, error: c, data: S } : null,
+    auth: l ? { isReady: P } : null,
     featureFlags: d ? { isReady: I } : null,
     subscription: T ? { isReady: A } : null
   };
 }
-const sr = {
+const br = {
   wrapper: {
     position: "relative"
   },
@@ -3526,7 +3669,7 @@ const sr = {
     marginLeft: 8
   }
 };
-function zr({
+function nn({
   tenants: r,
   currentTenantId: e,
   onSelect: t,
@@ -3536,68 +3679,68 @@ function zr({
   itemClassName: l = "",
   renderItem: d,
   placeholder: T = "Select tenant",
-  disabled: P = !1,
+  disabled: R = !1,
   showCurrentTenant: c = !0
 }) {
-  var D;
-  const k = { ...sr, ...n }, h = Me(), [E, R] = N(!1), I = ke(null), A = r ?? (h == null ? void 0 : h.userTenants) ?? [], S = e ?? ((D = h == null ? void 0 : h.currentUser) == null ? void 0 : D.tenantId) ?? null, m = async (o) => {
-    R(!1), t ? t(o) : h != null && h.switchToTenant && await h.switchToTenant(o);
+  var C;
+  const S = { ...br, ...n }, h = Oe(), [x, P] = N(!1), I = Ee(null), A = r ?? (h == null ? void 0 : h.userTenants) ?? [], k = e ?? ((C = h == null ? void 0 : h.currentUser) == null ? void 0 : C.tenantId) ?? null, m = async (o) => {
+    P(!1), t ? t(o) : h != null && h.switchToTenant && await h.switchToTenant(o);
   };
-  ne(() => {
+  re(() => {
     const o = (p) => {
-      I.current && !I.current.contains(p.target) && R(!1);
+      I.current && !I.current.contains(p.target) && P(!1);
     };
     return document.addEventListener("mousedown", o), () => document.removeEventListener("mousedown", o);
   }, []);
-  const g = A.find((o) => o.id === S);
+  const g = A.find((o) => o.id === k);
   if (A.length === 0)
     return null;
   if (A.length === 1 && c)
     return /* @__PURE__ */ s("div", { className: i, children: /* @__PURE__ */ s("span", { children: A[0].name }) });
   const b = (o, p) => /* @__PURE__ */ f("span", { style: { fontWeight: p ? "bold" : "normal" }, children: [
     o.name,
-    o.role && /* @__PURE__ */ f("span", { style: k.itemRole, children: [
+    o.role && /* @__PURE__ */ f("span", { style: S.itemRole, children: [
       "(",
       o.role,
       ")"
     ] })
   ] });
-  return /* @__PURE__ */ f("div", { ref: I, className: i, style: k.wrapper, children: [
+  return /* @__PURE__ */ f("div", { ref: I, className: i, style: S.wrapper, children: [
     /* @__PURE__ */ f(
       "button",
       {
         type: "button",
-        onClick: () => !P && R(!E),
-        disabled: P,
+        onClick: () => !R && P(!x),
+        disabled: R,
         style: {
-          ...k.button,
-          ...P ? k.buttonDisabled : {}
+          ...S.button,
+          ...R ? S.buttonDisabled : {}
         },
         children: [
           g ? g.name : T,
-          /* @__PURE__ */ s("span", { style: k.arrow, children: E ? "▲" : "▼" })
+          /* @__PURE__ */ s("span", { style: S.arrow, children: x ? "▲" : "▼" })
         ]
       }
     ),
-    E && /* @__PURE__ */ s("div", { className: a, style: k.dropdown, children: A.map((o) => {
-      const p = o.id === S;
+    x && /* @__PURE__ */ s("div", { className: a, style: S.dropdown, children: A.map((o) => {
+      const p = o.id === k;
       return /* @__PURE__ */ s(
         "div",
         {
           className: l,
           onClick: () => m(o.id),
           style: {
-            ...k.item,
-            ...p ? k.itemSelected : {}
+            ...S.item,
+            ...p ? S.itemSelected : {}
           },
-          onMouseEnter: (x) => {
-            p || Object.assign(x.currentTarget.style, k.itemHover);
+          onMouseEnter: (E) => {
+            p || Object.assign(E.currentTarget.style, S.itemHover);
           },
-          onMouseLeave: (x) => {
+          onMouseLeave: (E) => {
             if (!p) {
-              const y = k.item || {};
-              Object.keys(k.itemHover || {}).forEach((u) => {
-                x.currentTarget.style[u] = y[u] ?? "";
+              const y = S.item || {};
+              Object.keys(S.itemHover || {}).forEach((u) => {
+                E.currentTarget.style[u] = y[u] ?? "";
               });
             }
           },
@@ -3608,7 +3751,7 @@ function zr({
     }) })
   ] });
 }
-class jr {
+class sn {
   constructor(e) {
     this.httpService = e;
   }
@@ -3617,7 +3760,7 @@ class jr {
   }
   async getPermissions(e) {
     const t = await this.httpService.get(
-      `/permissions/${le(e)}`
+      `/permissions/${ce(e)}`
     );
     return { permissions: t.data, meta: t.meta };
   }
@@ -3635,13 +3778,13 @@ class jr {
   }
   async getAppPermissions(e, t) {
     const n = await this.httpService.get(
-      `/permissions/apps/${e}${le(t)}`,
+      `/permissions/apps/${e}${ce(t)}`,
       { skipAuth: !0 }
     );
     return { permissions: n.data, meta: n.meta };
   }
 }
-class Wr {
+class on {
   constructor(e) {
     this.httpService = e;
   }
@@ -3653,7 +3796,7 @@ class Wr {
   }
   async getSubscriptionPlans(e) {
     const t = await this.httpService.get(
-      `/subscription-plans/${le(e)}`
+      `/subscription-plans/${ce(e)}`
     );
     return { plans: t.data, meta: t.meta };
   }
@@ -3672,7 +3815,7 @@ class Wr {
     await this.httpService.delete(`/subscription-plans/${e}`);
   }
 }
-class Gr {
+class an {
   constructor(e) {
     this.httpService = e;
   }
@@ -3681,24 +3824,24 @@ class Gr {
     return await this.httpService.get("/health");
   }
 }
-const it = "returnTo", Fe = "zone_return_to", Le = "zone_return_to";
-function Hr(r = {}) {
+const dt = "returnTo", Ce = "zone_return_to", De = "zone_return_to";
+function ln(r = {}) {
   const {
     zoneRoots: e = {},
-    returnToParam: t = it,
+    returnToParam: t = dt,
     returnToStorage: n = "url"
-  } = r, i = pt(), [a, l] = ft(), { isAuthenticated: d, currentUser: T } = ue(), { tenant: P } = be(), c = q(() => ({ ..._e, ...e }), [e]), k = !!P, h = T == null ? void 0 : T.userType, E = q(() => {
+  } = r, i = wt(), [a, l] = vt(), { isAuthenticated: d, currentUser: T } = de(), { tenant: R } = ve(), c = V(() => ({ ...ze, ...e }), [e]), S = !!R, h = T == null ? void 0 : T.userType, x = V(() => {
     switch (n) {
       case "url":
         return a.get(t);
       case "session":
-        return sessionStorage.getItem(Fe);
+        return sessionStorage.getItem(Ce);
       case "local":
-        return localStorage.getItem(Le);
+        return localStorage.getItem(De);
       default:
         return null;
     }
-  }, [n, a, t]), R = re(() => {
+  }, [n, a, t]), P = te(() => {
     switch (n) {
       case "url": {
         const m = new URLSearchParams(a);
@@ -3706,13 +3849,13 @@ function Hr(r = {}) {
         break;
       }
       case "session":
-        sessionStorage.removeItem(Fe);
+        sessionStorage.removeItem(Ce);
         break;
       case "local":
-        localStorage.removeItem(Le);
+        localStorage.removeItem(De);
         break;
     }
-  }, [n, a, t, l]), I = re(
+  }, [n, a, t, l]), I = te(
     (m) => {
       switch (n) {
         case "url": {
@@ -3721,101 +3864,102 @@ function Hr(r = {}) {
           break;
         }
         case "session":
-          sessionStorage.setItem(Fe, m);
+          sessionStorage.setItem(Ce, m);
           break;
         case "local":
-          localStorage.setItem(Le, m);
+          localStorage.setItem(De, m);
           break;
       }
     },
     [n, a, t, l]
-  ), A = re(
+  ), A = te(
     (m) => {
       const g = c[m] || c.default;
       i(g);
     },
     [i, c]
-  ), S = re(() => k ? d ? h === oe.TENANT_ADMIN ? c.tenantAdmin : c.tenantUser : c.tenantGuest : d ? h === oe.TENANT_ADMIN ? c.publicAdmin : c.publicUser : c.publicGuest, [k, d, h, c]);
+  ), k = te(() => S ? d ? h === ae.TENANT_ADMIN ? c.tenantAdmin : c.tenantUser : c.tenantGuest : d ? h === ae.TENANT_ADMIN ? c.publicAdmin : c.publicUser : c.publicGuest, [S, d, h, c]);
   return {
-    returnToUrl: E,
-    clearReturnTo: R,
+    returnToUrl: x,
+    clearReturnTo: P,
     setReturnTo: I,
     navigateToZone: A,
-    getSmartRedirect: S
+    getSmartRedirect: k
   };
 }
-function Qr(r, e, t = it, n = "url") {
+function cn(r, e, t = dt, n = "url") {
   if (!e || n !== "url")
     return r;
   const i = new URL(r, window.location.origin);
   return i.searchParams.set(t, e), i.pathname + i.search;
 }
 export {
-  Rr as AdminZone,
-  Ge as AppApiService,
-  qr as AppLoader,
-  lr as AppProvider,
-  bt as AuthApiService,
-  pr as AuthProvider,
-  Pr as AuthenticatedZone,
-  nt as DEFAULT_ZONE_PRESETS,
-  _e as DEFAULT_ZONE_ROOTS,
-  Ur as FeatureFlag,
-  Pt as FeatureFlagApiService,
-  gr as FeatureFlagProvider,
-  Ar as GuestZone,
-  Gr as HealthApiService,
-  de as HttpService,
-  Sr as LandingRoute,
-  $r as LoginForm,
-  Br as MagicLinkForm,
-  Or as MagicLinkVerify,
-  Fr as OpenZone,
-  _r as PasswordRecoveryForm,
-  jr as PermissionApiService,
-  vr as Protected,
-  Tr as ProtectedRoute,
-  Er as PublicZone,
-  wt as RoleApiService,
-  br as RoutingProvider,
-  te as SessionExpiredError,
-  Ne as SessionManager,
-  Mr as SignupForm,
-  Rt as SubscriptionApiService,
-  Cr as SubscriptionGuard,
-  Wr as SubscriptionPlanApiService,
-  yr as SubscriptionProvider,
-  me as TenantApiService,
-  Lr as TenantAuthenticatedZone,
-  Dr as TenantGuestZone,
-  Nr as TenantOpenZone,
-  ur as TenantProvider,
-  kr as TenantRoute,
-  zr as TenantSelector,
-  xr as TenantZone,
-  yt as TokenRefreshError,
-  gt as TokenRefreshTimeoutError,
-  vt as UserApiService,
-  oe as UserType,
-  Ir as UserZone,
-  ce as ZoneRoute,
-  Qr as buildRedirectUrl,
-  cr as useApi,
-  xe as useApp,
-  Vr as useAppLoaderState,
-  ue as useAuth,
-  mr as useAuthActions,
-  Me as useAuthOptional,
-  fr as useAuthState,
-  At as useFeatureFlags,
-  wr as useRouting,
-  Lt as useRoutingOptional,
-  hr as useSettings,
-  It as useSubscription,
-  be as useTenant,
-  et as useTenantInfo,
-  he as useTenantOptional,
-  dr as useTenantSettings,
-  Hr as useZoneNavigation
+  qr as AdminZone,
+  Je as AppApiService,
+  tn as AppLoader,
+  Sr as AppProvider,
+  Nt as AuthApiService,
+  Ar as AuthProvider,
+  Or as AuthenticatedZone,
+  oe as ConfigurationError,
+  ct as DEFAULT_ZONE_PRESETS,
+  ze as DEFAULT_ZONE_ROOTS,
+  Jr as FeatureFlag,
+  Ot as FeatureFlagApiService,
+  Lr as FeatureFlagProvider,
+  Vr as GuestZone,
+  an as HealthApiService,
+  he as HttpService,
+  Ur as LandingRoute,
+  Zr as LoginForm,
+  Yr as MagicLinkForm,
+  Xr as MagicLinkVerify,
+  jr as OpenZone,
+  en as PasswordRecoveryForm,
+  sn as PermissionApiService,
+  Dr as Protected,
+  Mr as ProtectedRoute,
+  _r as PublicZone,
+  Ct as RoleApiService,
+  Nr as RoutingProvider,
+  ee as SessionExpiredError,
+  Me as SessionManager,
+  Kr as SignupForm,
+  qt as SubscriptionApiService,
+  Qr as SubscriptionGuard,
+  on as SubscriptionPlanApiService,
+  Fr as SubscriptionProvider,
+  ye as TenantApiService,
+  Wr as TenantAuthenticatedZone,
+  Hr as TenantGuestZone,
+  Gr as TenantOpenZone,
+  Er as TenantProvider,
+  $r as TenantRoute,
+  nn as TenantSelector,
+  Br as TenantZone,
+  kt as TokenRefreshError,
+  St as TokenRefreshTimeoutError,
+  Dt as UserApiService,
+  ae as UserType,
+  zr as UserZone,
+  ue as ZoneRoute,
+  cn as buildRedirectUrl,
+  kr as useApi,
+  Re as useApp,
+  rn as useAppLoaderState,
+  de as useAuth,
+  Ir as useAuthActions,
+  Oe as useAuthOptional,
+  Pr as useAuthState,
+  Vt as useFeatureFlags,
+  Cr as useRouting,
+  Wt as useRoutingOptional,
+  Rr as useSettings,
+  zt as useSubscription,
+  ve as useTenant,
+  ot as useTenantInfo,
+  pe as useTenantOptional,
+  xr as useTenantSettings,
+  ln as useZoneNavigation
 };
 //# sourceMappingURL=index.es.js.map