@skylabs-digital/react-identity-access 3.1.0 → 3.2.0

package/dist/index.es.js

@@ -21,7 +21,7 @@ class he {
       const c = await this.sessionManager.getValidAccessToken();
       d = { ...d, Authorization: `Bearer ${c}` };
     }
-    const T = new AbortController(), R = setTimeout(() => T.abort(), l);
+    const T = new AbortController(), A = setTimeout(() => T.abort(), l);
     try {
       const c = await fetch(a, {
         method: e,
@@ -29,12 +29,12 @@ class he {
         body: n ? JSON.stringify(n) : void 0,
         signal: T.signal
       });
-      if (clearTimeout(R), !c.ok)
+      if (clearTimeout(A), !c.ok)
         throw new Error(`HTTP ${c.status}: ${c.statusText}`);
       const S = c.headers.get("content-type");
       return !S || !S.includes("application/json") ? {} : await c.json();
     } catch (c) {
-      throw clearTimeout(R), c instanceof Error && c.name === "AbortError" ? new Error(`Request timeout after ${l}ms`) : c;
+      throw clearTimeout(A), c instanceof Error && c.name === "AbortError" ? new Error(`Request timeout after ${l}ms`) : c;
     }
   }
   async get(e, t) {
@@ -101,7 +101,7 @@ class Je {
 const $e = fe(null), Tt = 5 * 60 * 1e3;
 function Sr({ config: r, children: e }) {
   var k, m, g;
-  const { appId: t, baseUrl: n } = r, i = ((k = r.cache) == null ? void 0 : k.enabled) ?? !0, a = ((m = r.cache) == null ? void 0 : m.ttl) ?? Tt, l = ((g = r.cache) == null ? void 0 : g.storageKey) ?? `app_cache_${t}`, [d, T] = N(() => {
+  const { appId: t, baseUrl: n } = r, i = (((k = r.cache) == null ? void 0 : k.enabled) ?? !0) && !!t, a = ((m = r.cache) == null ? void 0 : m.ttl) ?? Tt, l = ((g = r.cache) == null ? void 0 : g.storageKey) ?? `app_cache_${t}`, [d, T] = N(() => {
     if (!i) return null;
     try {
       const b = localStorage.getItem(l);
@@ -111,10 +111,14 @@ function Sr({ config: r, children: e }) {
     } catch {
       return null;
     }
-  }), [R, c] = N(!d), [S, h] = N(null), x = Ee(d);
+  }), [A, c] = N(!!t && !d), [S, h] = N(null), x = Ee(d);
   x.current = d;
   const P = te(
     async (b = !1) => {
+      if (!t) {
+        c(!1), h(null);
+        return;
+      }
       if (!(!b && i && x.current))
         try {
           c(!0), h(null);
@@ -139,7 +143,7 @@ function Sr({ config: r, children: e }) {
     },
     [n, t, i, l]
   ), I = te(async () => {
-    if (!(!i || !x.current))
+    if (!(!t || !i || !x.current))
       try {
         const b = localStorage.getItem(l);
         if (!b) return;
@@ -156,24 +160,24 @@ function Sr({ config: r, children: e }) {
       } catch (b) {
         process.env.NODE_ENV === "development" && console.warn("[AppProvider] Background app refresh failed:", b);
       }
-  }, [n, t, i, a, l]), A = V(
+  }, [n, t, i, a, l]), R = V(
     () => ({
       appId: t,
       baseUrl: n,
       appInfo: d,
-      isAppLoading: R,
+      isAppLoading: A,
       appError: S,
       retryApp: () => {
         P(!0);
       }
     }),
-    [t, n, d, R, S, P]
+    [t, n, d, A, S, P]
   );
   return re(() => {
-    x.current ? I() : P();
-  }, []), /* @__PURE__ */ s($e.Provider, { value: A, children: e });
+    t && (x.current ? I() : P());
+  }, []), /* @__PURE__ */ s($e.Provider, { value: R, children: e });
 }
-function Re() {
+function Ae() {
   const r = ne($e);
   if (!r)
     throw new Error("useApp must be used within an AppProvider");
@@ -182,7 +186,7 @@ function Re() {
 function Ue() {
   return ne($e);
 }
-const kr = Re;
+const kr = Ae;
 class ee extends Error {
   constructor(e, t) {
     const n = {
@@ -222,7 +226,7 @@ function Et(r) {
 function Ze(r) {
   return JSON.parse(atob(r.replace(/-/g, "+").replace(/_/g, "/")));
 }
-function Ae(r) {
+function Re(r) {
   const e = r.split(".");
   if (e.length !== 3) return null;
   try {
@@ -232,22 +236,22 @@ function Ae(r) {
   }
 }
 function Ke(r) {
-  const e = Ae(r), t = e == null ? void 0 : e.payload.exp;
+  const e = Re(r), t = e == null ? void 0 : e.payload.exp;
   return typeof t == "number" ? t * 1e3 : void 0;
 }
 function xt(r, e) {
   var n;
-  const t = (n = Ae(r)) == null ? void 0 : n.payload[e];
+  const t = (n = Re(r)) == null ? void 0 : n.payload[e];
   return typeof t == "string" ? t : void 0;
 }
-const Rt = /^(javascript|data|vbscript|file):/i, At = /^https?:\/\//i;
+const At = /^(javascript|data|vbscript|file):/i, Rt = /^https?:\/\//i;
 function Pt(r, e = "baseUrl") {
   if (!(r == null || r === "")) {
     if (typeof r != "string")
       throw new oe(e, r, "must be a string");
-    if (Rt.test(r))
+    if (At.test(r))
       throw new oe(e, r, "dangerous URL scheme is not allowed");
-    if (!At.test(r))
+    if (!Rt.test(r))
       throw new oe(e, r, "must start with http:// or https://");
   }
 }
@@ -276,7 +280,7 @@ function It(r, e = "accessToken") {
       `<${t.length}-segment token>`,
       "JWT must have exactly 3 segments (header.payload.signature)"
     );
-  if (Ae(r) === null)
+  if (Re(r) === null)
     throw new oe(
       e,
       "<malformed JWT>",
@@ -664,11 +668,11 @@ const ie = class ie {
     }
     if (this.sessionGeneration !== t)
       throw new ee("token_invalid", "Session cleared during refresh");
-    const R = await T.json();
+    const A = await T.json();
     this.setTokens({
-      accessToken: R.accessToken,
-      refreshToken: R.refreshToken || i,
-      expiresIn: R.expiresIn
+      accessToken: A.accessToken,
+      refreshToken: A.refreshToken || i,
+      expiresIn: A.expiresIn
     });
   }
   // --- Session expiry handler ---
@@ -707,7 +711,7 @@ const ie = class ie {
   getTokenPayload() {
     var t, n;
     const e = (t = this.getTokens()) == null ? void 0 : t.accessToken;
-    return e ? ((n = Ae(e)) == null ? void 0 : n.payload) ?? null : null;
+    return e ? ((n = Re(e)) == null ? void 0 : n.payload) ?? null : null;
   }
   /**
    * Get userId from token (source of truth) or fallback to stored user
@@ -733,21 +737,26 @@ class Nt {
   constructor(e) {
     this.httpService = e, this.pendingVerifications = /* @__PURE__ */ new Map(), this.pendingMagicLinks = /* @__PURE__ */ new Map();
   }
-  // Public endpoints - no auth required
+  // Public endpoints - no auth required.
+  // Must pass `{ skipAuth: true }` so HttpService does NOT call
+  // SessionManager.getValidAccessToken (which throws when no tokens exist).
   async login(e) {
-    return await this.httpService.post("/auth/login", e);
+    return this.httpService.post("/auth/login", e, { skipAuth: !0 });
   }
   async signup(e) {
-    return await this.httpService.post("/auth/signup", e);
+    return this.httpService.post("/auth/signup", e, { skipAuth: !0 });
   }
   async signupTenantAdmin(e) {
-    return await this.httpService.post(
+    return this.httpService.post(
       "/auth/signup/tenant-admin",
-      e
+      e,
+      { skipAuth: !0 }
     );
   }
   async refreshToken(e) {
-    return await this.httpService.post("/auth/refresh", e);
+    return this.httpService.post("/auth/refresh", e, {
+      skipAuth: !0
+    });
   }
   async switchTenant(e) {
     return await this.httpService.post(
@@ -759,7 +768,7 @@ class Nt {
     return this.httpService.get("/auth/tenants");
   }
   async requestPasswordReset(e) {
-    await this.httpService.post("/auth/password-reset/request", e);
+    await this.httpService.post("/auth/password-reset/request", e, { skipAuth: !0 });
   }
   async sendMagicLink(e) {
     const t = JSON.stringify([
@@ -769,7 +778,7 @@ class Nt {
       e.frontendUrl ?? ""
     ]), n = this.pendingMagicLinks.get(t);
     if (n) return n;
-    const i = this.httpService.post("/auth/magic-link/send", e).finally(() => {
+    const i = this.httpService.post("/auth/magic-link/send", e, { skipAuth: !0 }).finally(() => {
       this.pendingMagicLinks.delete(t);
     });
     return this.pendingMagicLinks.set(t, i), i;
@@ -777,13 +786,13 @@ class Nt {
   async verifyMagicLink(e) {
     const t = e.token, n = this.pendingVerifications.get(t);
     if (n) return n;
-    const i = this.httpService.post("/auth/magic-link/verify", e).finally(() => {
+    const i = this.httpService.post("/auth/magic-link/verify", e, { skipAuth: !0 }).finally(() => {
       this.pendingVerifications.delete(t);
     });
     return this.pendingVerifications.set(t, i), i;
   }
   async confirmPasswordReset(e) {
-    await this.httpService.post("/auth/password-reset/confirm", e);
+    await this.httpService.post("/auth/password-reset/confirm", e, { skipAuth: !0 });
   }
   async changePassword(e) {
     await this.httpService.post("/auth/change-password", e);
@@ -925,7 +934,7 @@ function Bt(r, e, t) {
 const Be = fe(null);
 function Er({ config: r, children: e }) {
   var j, Z, $;
-  const { baseUrl: t, appInfo: n, appId: i } = Re(), a = te(() => typeof window > "u" ? null : Ut(
+  const { baseUrl: t, appInfo: n, appId: i } = Ae(), a = te(() => typeof window > "u" ? null : Ut(
     {
       tenantMode: r.tenantMode || "selector",
       baseDomain: r.baseDomain,
@@ -937,9 +946,9 @@ function Er({ config: r, children: e }) {
       search: window.location.search
     },
     window.localStorage
-  ), [r.tenantMode, r.baseDomain, r.selectorParam, r.fixedTenantSlug]), [l, d] = N(() => a()), T = ((j = r.cache) == null ? void 0 : j.enabled) ?? !0, R = ((Z = r.cache) == null ? void 0 : Z.ttl) ?? 5 * 60 * 1e3, c = (($ = r.cache) == null ? void 0 : $.storageKey) ?? `tenant_cache_${l || "default"}`, S = V(
-    () => ({ enabled: T, ttl: R, storageKey: c }),
-    [T, R, c]
+  ), [r.tenantMode, r.baseDomain, r.selectorParam, r.fixedTenantSlug]), [l, d] = N(() => a()), T = ((j = r.cache) == null ? void 0 : j.enabled) ?? !0, A = ((Z = r.cache) == null ? void 0 : Z.ttl) ?? 5 * 60 * 1e3, c = (($ = r.cache) == null ? void 0 : $.storageKey) ?? `tenant_cache_${l || "default"}`, S = V(
+    () => ({ enabled: T, ttl: A, storageKey: c }),
+    [T, A, c]
   ), [h, x] = N(() => {
     if (r.initialTenant) return r.initialTenant;
     if (!S.enabled || !l) return null;
@@ -951,7 +960,7 @@ function Er({ config: r, children: e }) {
     } catch {
       return null;
     }
-  }), [P, I] = N(!h && !r.initialTenant), [A, k] = N(null), [m, g] = N(null), [b, C] = N(!1), [o, p] = N(null);
+  }), [P, I] = N(!h && !r.initialTenant), [R, k] = N(null), [m, g] = N(null), [b, C] = N(!1), [o, p] = N(null);
   re(() => {
     if (r.tenantMode === "fixed") return;
     const U = a();
@@ -1101,7 +1110,7 @@ function Er({ config: r, children: e }) {
     tenant: h,
     tenantSlug: l,
     isTenantLoading: P,
-    tenantError: A,
+    tenantError: R,
     retryTenant: () => {
       l && y(l);
     },
@@ -1119,7 +1128,7 @@ function Er({ config: r, children: e }) {
     h,
     l,
     P,
-    A,
+    R,
     m,
     E,
     b,
@@ -1140,7 +1149,7 @@ function pe() {
   return ne(Be);
 }
 const xr = ve;
-function Rr() {
+function Ar() {
   const { settings: r, settingsSchema: e, isSettingsLoading: t, settingsError: n, validateSettings: i } = ve();
   return {
     settings: r,
@@ -1182,14 +1191,14 @@ function et() {
   }
 }
 const Pe = fe(null), Ie = fe(null);
-function Ar({ config: r = {}, children: e }) {
+function Rr({ config: r = {}, children: e }) {
   const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? r.baseUrl ?? "", a = (t == null ? void 0 : t.appId) ?? r.appId, l = (n == null ? void 0 : n.tenant) ?? null, d = (n == null ? void 0 : n.tenantSlug) ?? null, T = (n == null ? void 0 : n.switchTenant) ?? (() => {
   });
   if (!i)
     throw new Error(
       "[AuthProvider] baseUrl is required. Provide it via AppProvider or AuthConfig.baseUrl."
     );
-  const [R, c] = N(r.initialRoles || []), [S, h] = N(!r.initialRoles), [x, P] = N(null), [I, A] = N(!1), [k, m] = N(null), [g, b] = N(() => _t()), C = Ee({ done: !1 });
+  const [A, c] = N(r.initialRoles || []), [S, h] = N(!r.initialRoles), [x, P] = N(null), [I, R] = N(!1), [k, m] = N(null), [g, b] = N(() => _t()), C = Ee({ done: !1 });
   C.current.done || (C.current.done = !0);
   const o = V(() => Me.getInstance({
     baseUrl: i,
@@ -1219,7 +1228,7 @@ function Ar({ config: r = {}, children: e }) {
   ), se = V(
     () => new Ct(u),
     [u]
-  ), F = V(() => x != null && x.roleId && R.find((w) => w.id === x.roleId) || null, [x, R]), H = V(() => (F == null ? void 0 : F.permissions) || [], [F]), j = V(
+  ), F = V(() => x != null && x.roleId && A.find((w) => w.id === x.roleId) || null, [x, A]), H = V(() => (F == null ? void 0 : F.permissions) || [], [F]), j = V(
     () => o.hasValidSession() && x !== null,
     [o, x]
   ), Z = V(() => (x == null ? void 0 : x.tenantId) != null, [x]), $ = Ee(null), U = async (w = !1) => {
@@ -1230,14 +1239,14 @@ function Ar({ config: r = {}, children: e }) {
         process.env.NODE_ENV === "development" && console.warn("[AuthProvider] No userId available in token or storage");
         return;
       }
-      A(!0), m(null);
+      R(!0), m(null);
       const z = await D.getUserById(M);
       P(z), o.setUser(z);
     } catch (M) {
       const z = M instanceof Error ? M : new Error("Failed to load user data");
       m(z), process.env.NODE_ENV === "development" && console.error("[AuthProvider] Failed to load user data:", z);
     } finally {
-      A(!1);
+      R(!1);
     }
   }, L = async (w) => {
     var He;
@@ -1451,7 +1460,7 @@ function Ar({ config: r = {}, children: e }) {
       userError: k,
       userRole: F,
       userPermissions: H,
-      availableRoles: R,
+      availableRoles: A,
       rolesLoading: S,
       userTenants: g,
       hasTenantContext: Z,
@@ -1470,7 +1479,7 @@ function Ar({ config: r = {}, children: e }) {
     k,
     F,
     H,
-    R,
+    A,
     S,
     g,
     Z,
@@ -1578,10 +1587,10 @@ class Ot {
 }
 const Ve = fe(null);
 function Lr({ config: r = {}, children: e }) {
-  const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? "", a = (t == null ? void 0 : t.appId) ?? "", l = (n == null ? void 0 : n.tenant) ?? null, [d, T] = N([]), [R, c] = N(!1), [S, h] = N(null), [x, P] = N(!1), I = V(() => {
+  const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? "", a = (t == null ? void 0 : t.appId) ?? "", l = (n == null ? void 0 : n.tenant) ?? null, [d, T] = N([]), [A, c] = N(!1), [S, h] = N(null), [x, P] = N(!1), I = V(() => {
     const m = new he(i);
     return new Ot(m);
-  }, [i]), A = async () => {
+  }, [i]), R = async () => {
     if (!(l != null && l.id)) {
       T([]);
       return;
@@ -1599,8 +1608,8 @@ function Lr({ config: r = {}, children: e }) {
   };
   re(() => {
     if (!i || !a) return;
-    A().finally(() => P(!0));
-    const m = r.refreshInterval || 5 * 60 * 1e3, g = setInterval(A, m);
+    R().finally(() => P(!0));
+    const m = r.refreshInterval || 5 * 60 * 1e3, g = setInterval(R, m);
     return () => clearInterval(g);
   }, [l == null ? void 0 : l.id, i, a, r.refreshInterval]);
   const k = V(() => {
@@ -1611,11 +1620,11 @@ function Lr({ config: r = {}, children: e }) {
       const E = d.find((y) => y.key === p);
       return E ? E.value ? "enabled" : "disabled" : "not_found";
     }, C = async () => {
-      await A();
+      await R();
     }, o = !!(i && a) && (x || !(l != null && l.id));
     return {
       featureFlags: d,
-      loading: R,
+      loading: A,
       error: S,
       isReady: o,
       isEnabled: m,
@@ -1623,7 +1632,7 @@ function Lr({ config: r = {}, children: e }) {
       getFlagState: b,
       refresh: C
     };
-  }, [d, R, S, i, a, l == null ? void 0 : l.id, x]);
+  }, [d, A, S, i, a, l == null ? void 0 : l.id, x]);
   return /* @__PURE__ */ s(Ve.Provider, { value: k, children: e });
 }
 function Vt() {
@@ -1677,7 +1686,7 @@ class qt {
 }
 const qe = fe(void 0);
 function Fr({ config: r = {}, children: e }) {
-  const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? "", a = (n == null ? void 0 : n.tenant) ?? null, [l, d] = N(null), [T, R] = N(!1), [c, S] = N(null), [h, x] = N(!1), P = V(() => {
+  const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? "", a = (n == null ? void 0 : n.tenant) ?? null, [l, d] = N(null), [T, A] = N(!1), [c, S] = N(null), [h, x] = N(!1), P = V(() => {
     const k = new he(i);
     return new qt(k);
   }, [i]), I = async () => {
@@ -1685,7 +1694,7 @@ function Fr({ config: r = {}, children: e }) {
       d(null);
       return;
     }
-    R(!0), S(null);
+    A(!0), S(null);
     try {
       const k = await P.getTenantSubscriptionFeatures(a.id);
       d(k);
@@ -1693,7 +1702,7 @@ function Fr({ config: r = {}, children: e }) {
       const m = k instanceof Error ? k.message : "Failed to fetch subscription";
       S(m), r.onError && r.onError(k instanceof Error ? k : new Error(m));
     } finally {
-      R(!1);
+      A(!1);
     }
   };
   re(() => {
@@ -1701,7 +1710,7 @@ function Fr({ config: r = {}, children: e }) {
     const k = r.refreshInterval || 10 * 60 * 1e3, m = setInterval(I, k);
     return () => clearInterval(m);
   }, [a == null ? void 0 : a.id, i, r.refreshInterval]);
-  const A = V(() => {
+  const R = V(() => {
     const k = (l == null ? void 0 : l.features) || [], m = (E) => {
       const y = k.find((u) => u.key === E);
       return y ? y.type === "BOOLEAN" || y.type === "boolean" ? y.value === !0 : !!y.value : !1;
@@ -1724,7 +1733,7 @@ function Fr({ config: r = {}, children: e }) {
       refresh: o
     };
   }, [l, T, c, i, a == null ? void 0 : a.id, h]);
-  return /* @__PURE__ */ s(qe.Provider, { value: A, children: e });
+  return /* @__PURE__ */ s(qe.Provider, { value: R, children: e });
 }
 function zt() {
   const r = ne(qe);
@@ -1893,7 +1902,7 @@ function Dr({
   requiredPermissions: n,
   requireAllPermissions: i = !1
 }) {
-  const { hasValidSession: a, sessionManager: l, hasPermission: d, hasAnyPermission: T, hasAllPermissions: R } = de();
+  const { hasValidSession: a, sessionManager: l, hasPermission: d, hasAnyPermission: T, hasAllPermissions: A } = de();
   if (!a())
     return /* @__PURE__ */ s(B, { children: e || /* @__PURE__ */ s(tt, {}) });
   const c = l.getUser();
@@ -1901,7 +1910,7 @@ function Dr({
     return /* @__PURE__ */ s(B, { children: e || /* @__PURE__ */ s(tt, {}) });
   if (t && !Gt(c.userType, t))
     return /* @__PURE__ */ s(rt, { userType: c.userType, minUserType: t });
-  if (n && n.length > 0 && !(i ? R(n) : T(n))) {
+  if (n && n.length > 0 && !(i ? A(n) : T(n))) {
     const h = n.filter((x) => !d(x)).map((x) => typeof x == "string" ? x : x.name);
     return /* @__PURE__ */ s(rt, { missingPermissions: h });
   }
@@ -2003,7 +2012,7 @@ function Mr({
   requireAllPermissions: i = !1,
   fallback: a
 }) {
-  const { hasValidSession: l, sessionManager: d, hasPermission: T, hasAnyPermission: R, hasAllPermissions: c } = de(), S = xe();
+  const { hasValidSession: l, sessionManager: d, hasPermission: T, hasAnyPermission: A, hasAllPermissions: c } = de(), S = xe();
   if (re(() => {
     process.env.NODE_ENV === "development" && console.warn(
       "[react-identity-access] ProtectedRoute is deprecated. Use AuthenticatedZone or AdminZone from ZoneRoute instead."
@@ -2024,7 +2033,7 @@ function Mr({
         requiredUserType: t
       }
     );
-  if (n && n.length > 0 && !(i ? c(n) : R(n))) {
+  if (n && n.length > 0 && !(i ? c(n) : A(n))) {
     const P = n.filter((I) => !T(I)).map((I) => typeof I == "string" ? I : I.name);
     return /* @__PURE__ */ s(nt, { missingPermissions: P });
   }
@@ -2159,11 +2168,11 @@ const ue = ({
   requireAllPermissions: l = !0,
   returnTo: d,
   onAccessDenied: T,
-  redirectTo: R,
+  redirectTo: A,
   loadingFallback: c,
   accessDeniedFallback: S
 }) => {
-  const h = xe(), { isAuthenticated: x, isAuthInitializing: P, currentUser: I, userPermissions: A } = de(), { tenant: k, isTenantLoading: m } = ve(), g = Wt(), b = V(() => {
+  const h = xe(), { isAuthenticated: x, isAuthInitializing: P, currentUser: I, userPermissions: R } = de(), { tenant: k, isTenantLoading: m } = ve(), g = Wt(), b = V(() => {
     if (e)
       return g.presets[e];
   }, [e, g.presets]), C = V(
@@ -2180,18 +2189,18 @@ const ue = ({
       hasTenant: !!k,
       isAuthenticated: x,
       userType: I == null ? void 0 : I.userType,
-      permissions: A,
+      permissions: R,
       isLoading: P || m
     }),
     [
       k,
       x,
       I == null ? void 0 : I.userType,
-      A,
+      R,
       P,
       m
     ]
-  ), p = V(() => o.isLoading ? null : Yt(C, o), [C, o]), E = V(() => p ? R || Xt(o, g.zoneRoots) : null, [p, R, o, g.zoneRoots]), y = V(() => !p || !E ? null : {
+  ), p = V(() => o.isLoading ? null : Yt(C, o), [C, o]), E = V(() => p ? A || Xt(o, g.zoneRoots) : null, [p, A, o, g.zoneRoots]), y = V(() => !p || !E ? null : {
     type: p,
     required: {
       tenant: C.tenant,
@@ -2314,26 +2323,26 @@ function Jr({ name: r, children: e, fallback: t }) {
   ) : n(r) ? /* @__PURE__ */ s(B, { children: e }) : /* @__PURE__ */ s(B, { children: t || /* @__PURE__ */ s(nr, { flagName: r }) });
 }
 function we(r) {
-  const { submit: e, defaultErrorMessage: t, validate: n, onSuccess: i, onError: a } = r, [l, d] = N(!1), [T, R] = N(""), [c, S] = N({}), h = te((A, k) => {
-    S((m) => ({ ...m, [A]: k }));
-  }, []), x = te((A) => {
+  const { submit: e, defaultErrorMessage: t, validate: n, onSuccess: i, onError: a } = r, [l, d] = N(!1), [T, A] = N(""), [c, S] = N({}), h = te((R, k) => {
+    S((m) => ({ ...m, [R]: k }));
+  }, []), x = te((R) => {
     S((k) => {
-      if (!k[A]) return k;
+      if (!k[R]) return k;
       const m = { ...k };
-      return delete m[A], m;
+      return delete m[R], m;
     });
   }, []), P = te(() => {
-    R(""), S({});
+    A(""), S({});
   }, []), I = te(
-    async (A) => {
-      if (A && A.preventDefault(), !(n && !n())) {
-        d(!0), R("");
+    async (R) => {
+      if (R && R.preventDefault(), !(n && !n())) {
+        d(!0), A("");
         try {
           const k = await e();
           return i == null || i(k), k;
         } catch (k) {
           const m = k instanceof Error ? k.message : t;
-          R(m), a == null || a(m);
+          A(m), a == null || a(m);
           return;
         } finally {
           d(!1);
@@ -2345,7 +2354,7 @@ function we(r) {
   return {
     loading: l,
     error: T,
-    setError: R,
+    setError: A,
     fieldErrors: c,
     setFieldError: h,
     clearFieldError: x,
@@ -2592,11 +2601,11 @@ function Zr({
   onSignupClick: l,
   onMagicLinkClick: d,
   showForgotPassword: T = !0,
-  showSignupLink: R = !0,
+  showSignupLink: A = !0,
   showMagicLinkOption: c = !0,
   className: S
 }) {
-  const [h, x] = N(""), [P, I] = N(""), [A, k] = N(!1), { login: m } = de(), g = { ...ar, ...r }, b = Le("#3b82f6", e), C = { ...or, ...t }, o = we({
+  const [h, x] = N(""), [P, I] = N(""), [R, k] = N(!1), { login: m } = de(), g = { ...ar, ...r }, b = Le("#3b82f6", e), C = { ...or, ...t }, o = we({
     defaultErrorMessage: g.errorMessage,
     validate: () => {
       const u = [];
@@ -2642,7 +2651,7 @@ function Zr({
             {
               id: "password",
               name: "password",
-              type: A ? "text" : "password",
+              type: R ? "text" : "password",
               value: P,
               onChange: (u) => {
                 I(u.target.value), o.clearFieldError("password");
@@ -2656,11 +2665,11 @@ function Zr({
             "button",
             {
               type: "button",
-              onClick: () => k(!A),
+              onClick: () => k(!R),
               style: b.passwordToggle,
               disabled: o.loading,
-              "aria-label": A ? g.hidePasswordAriaLabel : g.showPasswordAriaLabel,
-              children: A ? C.hidePassword : C.showPassword
+              "aria-label": R ? g.hidePasswordAriaLabel : g.showPasswordAriaLabel,
+              children: R ? C.hidePassword : C.showPassword
             }
           )
         ] })
@@ -2668,7 +2677,7 @@ function Zr({
       /* @__PURE__ */ s("button", { type: "submit", disabled: E, style: y, children: o.loading ? g.loadingText : g.submitButton }),
       o.error && /* @__PURE__ */ s("div", { style: b.errorText, children: o.error })
     ] }),
-    (T || R || c) && /* @__PURE__ */ f("div", { style: b.linkContainer, children: [
+    (T || A || c) && /* @__PURE__ */ f("div", { style: b.linkContainer, children: [
       c && /* @__PURE__ */ f("div", { children: [
         /* @__PURE__ */ f("span", { style: b.divider, children: [
           g.magicLinkText,
@@ -2676,10 +2685,10 @@ function Zr({
         ] }),
         /* @__PURE__ */ s("a", { onClick: d, style: b.link, children: g.magicLinkLink })
       ] }),
-      c && (T || R) && /* @__PURE__ */ s("div", { style: b.divider, children: g.dividerBullet }),
+      c && (T || A) && /* @__PURE__ */ s("div", { style: b.divider, children: g.dividerBullet }),
       T && /* @__PURE__ */ s("a", { onClick: a, style: b.link, children: g.forgotPasswordLink }),
-      T && R && /* @__PURE__ */ s("div", { style: b.divider, children: g.dividerBullet }),
-      R && /* @__PURE__ */ f("div", { children: [
+      T && A && /* @__PURE__ */ s("div", { style: b.divider, children: g.dividerBullet }),
+      A && /* @__PURE__ */ f("div", { children: [
         /* @__PURE__ */ f("span", { style: b.divider, children: [
           g.signupText,
           " "
@@ -2729,25 +2738,25 @@ function Kr({
   onMagicLinkClick: l,
   showLoginLink: d = !0,
   showMagicLinkOption: T = !0,
-  className: R
+  className: A
 }) {
   var U;
-  const [c, S] = N(""), [h, x] = N(""), [P, I] = N(""), [A, k] = N(""), [m, g] = N(""), [b, C] = N(""), [o, p] = N(""), { signup: E, signupTenantAdmin: y } = de(), u = ((U = pe()) == null ? void 0 : U.tenant) ?? null, v = { ...lr, ...r }, D = Le("#10b981", e), se = !!c && (!!P || !!A) && !!m && !!b && (t === "user" || !!o), F = we({
+  const [c, S] = N(""), [h, x] = N(""), [P, I] = N(""), [R, k] = N(""), [m, g] = N(""), [b, C] = N(""), [o, p] = N(""), { signup: E, signupTenantAdmin: y } = de(), u = ((U = pe()) == null ? void 0 : U.tenant) ?? null, v = { ...lr, ...r }, D = Le("#10b981", e), se = !!c && (!!P || !!R) && !!m && !!b && (t === "user" || !!o), F = we({
     defaultErrorMessage: v.errorMessage,
     validate: () => {
       const L = [];
-      return c.trim() || L.push("name"), !P.trim() && !A.trim() && (L.push("email"), L.push("phoneNumber")), m.trim() || L.push("password"), b.trim() || L.push("confirmPassword"), t === "tenant" && !o.trim() && L.push("tenantName"), L.forEach((q) => F.setFieldError(q, !0)), L.length > 0 ? !1 : m !== b ? (F.setError(v.passwordMismatchError), F.setFieldError("confirmPassword", !0), !1) : t === "user" && !(u != null && u.id) ? (F.setError(v.tenantNotFoundError), !1) : !0;
+      return c.trim() || L.push("name"), !P.trim() && !R.trim() && (L.push("email"), L.push("phoneNumber")), m.trim() || L.push("password"), b.trim() || L.push("confirmPassword"), t === "tenant" && !o.trim() && L.push("tenantName"), L.forEach((q) => F.setFieldError(q, !0)), L.length > 0 ? !1 : m !== b ? (F.setError(v.passwordMismatchError), F.setFieldError("confirmPassword", !0), !1) : t === "user" && !(u != null && u.id) ? (F.setError(v.tenantNotFoundError), !1) : !0;
     },
     submit: async () => t === "tenant" ? y({
       email: P || void 0,
-      phoneNumber: A || void 0,
+      phoneNumber: R || void 0,
       name: c,
       password: m,
       tenantName: o,
       lastName: h || void 0
     }) : E({
       email: P || void 0,
-      phoneNumber: A || void 0,
+      phoneNumber: R || void 0,
       name: c,
       password: m,
       tenantId: u.id,
@@ -2765,7 +2774,7 @@ function Kr({
   }, $ = () => {
     F.clearFieldError("email"), F.clearFieldError("phoneNumber");
   };
-  return /* @__PURE__ */ f("div", { className: R, style: D.container, children: [
+  return /* @__PURE__ */ f("div", { className: A, style: D.container, children: [
     /* @__PURE__ */ s("h2", { style: D.title, children: v.title }),
     /* @__PURE__ */ f("form", { onSubmit: F.handleSubmit, style: D.form, children: [
       /* @__PURE__ */ f("div", { style: D.fieldGroup, children: [
@@ -2828,7 +2837,7 @@ function Kr({
             id: "phoneNumber",
             name: "phoneNumber",
             type: "tel",
-            value: A,
+            value: R,
             onChange: (L) => {
               k(L.target.value), $();
             },
@@ -2950,10 +2959,10 @@ function Yr({
   showTraditionalLinks: l = !0,
   className: d,
   verifyToken: T,
-  frontendUrl: R
+  frontendUrl: A
 }) {
   var H;
-  const [c, S] = N(""), [h, x] = N(""), [P, I] = N(""), [A, k] = N(!1), [m, g] = N(""), [b, C] = N(!1), { sendMagicLink: o, verifyMagicLink: p } = de(), E = ((H = pe()) == null ? void 0 : H.tenant) ?? null, y = { ...cr, ...r }, u = Le("#3b82f6", e), v = we({
+  const [c, S] = N(""), [h, x] = N(""), [P, I] = N(""), [R, k] = N(!1), [m, g] = N(""), [b, C] = N(!1), { sendMagicLink: o, verifyMagicLink: p } = de(), E = ((H = pe()) == null ? void 0 : H.tenant) ?? null, y = { ...cr, ...r }, u = Le("#3b82f6", e), v = we({
     defaultErrorMessage: y.errorMessage,
     validate: () => {
       const j = [];
@@ -2961,7 +2970,7 @@ function Yr({
     },
     submit: async () => {
       g("");
-      const j = R || (typeof window < "u" ? window.location.origin : ""), Z = await o({
+      const j = A || (typeof window < "u" ? window.location.origin : ""), Z = await o({
         email: c,
         tenantId: E.id,
         frontendUrl: j,
@@ -2995,12 +3004,12 @@ function Yr({
   const D = (j) => ({
     ...u.input,
     ...v.fieldErrors[j] ? u.inputError : {}
-  }), se = !c || v.loading || A, F = {
+  }), se = !c || v.loading || R, F = {
     ...u.button,
-    ...v.loading || A ? u.buttonLoading : {},
+    ...v.loading || R ? u.buttonLoading : {},
     ...se ? u.buttonDisabled : {}
   };
-  return A ? /* @__PURE__ */ f("div", { className: d, style: u.container, children: [
+  return R ? /* @__PURE__ */ f("div", { className: d, style: u.container, children: [
     /* @__PURE__ */ s("h2", { style: u.title, children: y.verifyingText }),
     /* @__PURE__ */ s("div", { style: u.verifyingContainer, children: /* @__PURE__ */ s("div", { style: u.verifyingText, children: y.verifyingDescription }) })
   ] }) : /* @__PURE__ */ f("div", { className: d, style: u.container, children: [
@@ -3021,7 +3030,7 @@ function Yr({
             },
             placeholder: y.emailPlaceholder,
             style: D("email"),
-            disabled: v.loading || A
+            disabled: v.loading || R
           }
         )
       ] }),
@@ -3049,7 +3058,7 @@ function Yr({
               },
               placeholder: y.namePlaceholder,
               style: D("name"),
-              disabled: v.loading || A
+              disabled: v.loading || R
             }
           )
         ] }),
@@ -3065,7 +3074,7 @@ function Yr({
               onChange: (j) => I(j.target.value),
               placeholder: y.lastNamePlaceholder,
               style: u.input,
-              disabled: v.loading || A
+              disabled: v.loading || R
             }
           )
         ] }),
@@ -3256,22 +3265,22 @@ function Xr({
   onBackToLogin: l,
   className: d,
   token: T,
-  email: R,
+  email: A,
   appId: c,
   tenantSlug: S,
   autoRedirectDelay: h = 3e3
 }) {
-  const [x, P] = N("verifying"), [I, A] = N(""), { verifyMagicLink: k } = de(), m = { ...ur, ...r }, g = { ...ut, ...e }, b = { ...fr, ...t }, C = () => {
+  const [x, P] = N("verifying"), [I, R] = N(""), { verifyMagicLink: k } = de(), m = { ...ur, ...r }, g = { ...ut, ...e }, b = { ...fr, ...t }, C = () => {
     if (typeof window > "u") return {};
     const u = new URLSearchParams(window.location.search);
     return {
       token: T || u.get("token") || "",
-      email: R || u.get("email") || "",
+      email: A || u.get("email") || "",
       appId: c || u.get("appId") || "",
       tenantSlug: S || u.get("tenantSlug") || void 0
     };
   }, o = async () => {
-    P("verifying"), A("");
+    P("verifying"), R("");
     try {
       const u = C();
       if (!u.token || !u.email)
@@ -3286,7 +3295,7 @@ function Xr({
       }, h);
     } catch (u) {
       const v = u.message || m.errorMessage;
-      A(v), P("error"), i == null || i(v);
+      R(v), P("error"), i == null || i(v);
     }
   }, p = () => {
     a == null || a(), o();
@@ -3408,11 +3417,11 @@ function en({
   className: T
 }) {
   var se;
-  const [R, c] = N(""), [S, h] = N(n), [x, P] = N(""), [I, A] = N(""), [k, m] = N(""), { requestPasswordReset: g, confirmPasswordReset: b } = de(), C = ((se = pe()) == null ? void 0 : se.tenant) ?? null, o = { ...mr, ...r }, p = Le("#f59e0b", e), E = we({
+  const [A, c] = N(""), [S, h] = N(n), [x, P] = N(""), [I, R] = N(""), [k, m] = N(""), { requestPasswordReset: g, confirmPasswordReset: b } = de(), C = ((se = pe()) == null ? void 0 : se.tenant) ?? null, o = { ...mr, ...r }, p = Le("#f59e0b", e), E = we({
     defaultErrorMessage: o.errorMessage,
-    validate: () => R.trim() ? C != null && C.id ? !0 : (E.setError(o.tenantNotFoundError), !1) : (E.setFieldError("email", !0), !1),
+    validate: () => A.trim() ? C != null && C.id ? !0 : (E.setError(o.tenantNotFoundError), !1) : (E.setFieldError("email", !0), !1),
     submit: async () => {
-      m(""), await g({ email: R, tenantId: C.id }), m(o.successMessage);
+      m(""), await g({ email: A, tenantId: C.id }), m(o.successMessage);
     },
     onSuccess: () => i == null ? void 0 : i(),
     onError: a
@@ -3481,7 +3490,7 @@ function en({
               type: "password",
               value: I,
               onChange: ($) => {
-                A($.target.value), y.clearFieldError("confirmPassword"), y.error === o.passwordMismatchError && y.setError("");
+                R($.target.value), y.clearFieldError("confirmPassword"), y.error === o.passwordMismatchError && y.setError("");
               },
               placeholder: o.confirmPasswordPlaceholder,
               style: F("confirmPassword"),
@@ -3505,7 +3514,7 @@ function en({
   const u = (F) => ({
     ...p.input,
     ...E.fieldErrors[F] ? p.inputError : {}
-  }), v = !R || E.loading, D = {
+  }), v = !A || E.loading, D = {
     ...p.button,
     ...E.loading ? p.buttonLoading : {},
     ...v ? p.buttonDisabled : {}
@@ -3520,7 +3529,7 @@ function en({
           "input",
           {
             type: "email",
-            value: R,
+            value: A,
             onChange: (F) => {
               c(F.target.value), E.clearFieldError("email");
             },
@@ -3595,8 +3604,8 @@ function tn({
   errorFallback: t,
   requireTenant: n = !0
 }) {
-  const { isAppLoading: i, appError: a, retryApp: l } = Re(), d = pe(), T = Oe(), R = at(), c = lt(), S = (d == null ? void 0 : d.isTenantLoading) ?? !1, h = (d == null ? void 0 : d.tenantError) ?? null, x = (d == null ? void 0 : d.tenantSlug) ?? null, P = (d == null ? void 0 : d.retryTenant) ?? (() => {
-  }), I = (T == null ? void 0 : T.isAuthReady) ?? !0, A = (R == null ? void 0 : R.isReady) ?? !0, k = (c == null ? void 0 : c.isReady) ?? !0, m = n && d && x, o = i || m && S || T && !I || R && !A || c && !k, p = a || (m ? h : null), E = () => {
+  const { isAppLoading: i, appError: a, retryApp: l } = Ae(), d = pe(), T = Oe(), A = at(), c = lt(), S = (d == null ? void 0 : d.isTenantLoading) ?? !1, h = (d == null ? void 0 : d.tenantError) ?? null, x = (d == null ? void 0 : d.tenantSlug) ?? null, P = (d == null ? void 0 : d.retryTenant) ?? (() => {
+  }), I = (T == null ? void 0 : T.isAuthReady) ?? !0, R = (A == null ? void 0 : A.isReady) ?? !0, k = (c == null ? void 0 : c.isReady) ?? !0, m = n && d && x, o = i || m && S || T && !I || A && !R || c && !k, p = a || (m ? h : null), E = () => {
     a && l(), h && d && P();
   };
   if (o)
@@ -3608,8 +3617,8 @@ function tn({
   return /* @__PURE__ */ s(B, { children: r });
 }
 function rn(r = !0) {
-  const { isAppLoading: e, appError: t, retryApp: n, appInfo: i } = Re(), a = pe(), l = Oe(), d = at(), T = lt(), R = (a == null ? void 0 : a.isTenantLoading) ?? !1, c = (a == null ? void 0 : a.tenantError) ?? null, S = (a == null ? void 0 : a.tenant) ?? null, h = (a == null ? void 0 : a.tenantSlug) ?? null, x = (a == null ? void 0 : a.retryTenant) ?? (() => {
-  }), P = (l == null ? void 0 : l.isAuthReady) ?? !0, I = (d == null ? void 0 : d.isReady) ?? !0, A = (T == null ? void 0 : T.isReady) ?? !0, k = r && a && h, C = e || k && R || l && !P || d && !I || T && !A, o = t || (k ? c : null);
+  const { isAppLoading: e, appError: t, retryApp: n, appInfo: i } = Ae(), a = pe(), l = Oe(), d = at(), T = lt(), A = (a == null ? void 0 : a.isTenantLoading) ?? !1, c = (a == null ? void 0 : a.tenantError) ?? null, S = (a == null ? void 0 : a.tenant) ?? null, h = (a == null ? void 0 : a.tenantSlug) ?? null, x = (a == null ? void 0 : a.retryTenant) ?? (() => {
+  }), P = (l == null ? void 0 : l.isAuthReady) ?? !0, I = (d == null ? void 0 : d.isReady) ?? !0, R = (T == null ? void 0 : T.isReady) ?? !0, k = r && a && h, C = e || k && A || l && !P || d && !I || T && !R, o = t || (k ? c : null);
   return {
     isLoading: C,
     error: o,
@@ -3619,10 +3628,10 @@ function rn(r = !0) {
     },
     // Individual states
     app: { isLoading: e, error: t, data: i },
-    tenant: a ? { isLoading: R, error: c, data: S } : null,
+    tenant: a ? { isLoading: A, error: c, data: S } : null,
     auth: l ? { isReady: P } : null,
     featureFlags: d ? { isReady: I } : null,
-    subscription: T ? { isReady: A } : null
+    subscription: T ? { isReady: R } : null
   };
 }
 const br = {
@@ -3679,11 +3688,11 @@ function nn({
   itemClassName: l = "",
   renderItem: d,
   placeholder: T = "Select tenant",
-  disabled: R = !1,
+  disabled: A = !1,
   showCurrentTenant: c = !0
 }) {
   var C;
-  const S = { ...br, ...n }, h = Oe(), [x, P] = N(!1), I = Ee(null), A = r ?? (h == null ? void 0 : h.userTenants) ?? [], k = e ?? ((C = h == null ? void 0 : h.currentUser) == null ? void 0 : C.tenantId) ?? null, m = async (o) => {
+  const S = { ...br, ...n }, h = Oe(), [x, P] = N(!1), I = Ee(null), R = r ?? (h == null ? void 0 : h.userTenants) ?? [], k = e ?? ((C = h == null ? void 0 : h.currentUser) == null ? void 0 : C.tenantId) ?? null, m = async (o) => {
     P(!1), t ? t(o) : h != null && h.switchToTenant && await h.switchToTenant(o);
   };
   re(() => {
@@ -3692,11 +3701,11 @@ function nn({
     };
     return document.addEventListener("mousedown", o), () => document.removeEventListener("mousedown", o);
   }, []);
-  const g = A.find((o) => o.id === k);
-  if (A.length === 0)
+  const g = R.find((o) => o.id === k);
+  if (R.length === 0)
     return null;
-  if (A.length === 1 && c)
-    return /* @__PURE__ */ s("div", { className: i, children: /* @__PURE__ */ s("span", { children: A[0].name }) });
+  if (R.length === 1 && c)
+    return /* @__PURE__ */ s("div", { className: i, children: /* @__PURE__ */ s("span", { children: R[0].name }) });
   const b = (o, p) => /* @__PURE__ */ f("span", { style: { fontWeight: p ? "bold" : "normal" }, children: [
     o.name,
     o.role && /* @__PURE__ */ f("span", { style: S.itemRole, children: [
@@ -3710,11 +3719,11 @@ function nn({
       "button",
       {
         type: "button",
-        onClick: () => !R && P(!x),
-        disabled: R,
+        onClick: () => !A && P(!x),
+        disabled: A,
         style: {
           ...S.button,
-          ...R ? S.buttonDisabled : {}
+          ...A ? S.buttonDisabled : {}
         },
         children: [
           g ? g.name : T,
@@ -3722,7 +3731,7 @@ function nn({
         ]
       }
     ),
-    x && /* @__PURE__ */ s("div", { className: a, style: S.dropdown, children: A.map((o) => {
+    x && /* @__PURE__ */ s("div", { className: a, style: S.dropdown, children: R.map((o) => {
       const p = o.id === k;
       return /* @__PURE__ */ s(
         "div",
@@ -3830,7 +3839,7 @@ function ln(r = {}) {
     zoneRoots: e = {},
     returnToParam: t = dt,
     returnToStorage: n = "url"
-  } = r, i = wt(), [a, l] = vt(), { isAuthenticated: d, currentUser: T } = de(), { tenant: R } = ve(), c = V(() => ({ ...ze, ...e }), [e]), S = !!R, h = T == null ? void 0 : T.userType, x = V(() => {
+  } = r, i = wt(), [a, l] = vt(), { isAuthenticated: d, currentUser: T } = de(), { tenant: A } = ve(), c = V(() => ({ ...ze, ...e }), [e]), S = !!A, h = T == null ? void 0 : T.userType, x = V(() => {
     switch (n) {
       case "url":
         return a.get(t);
@@ -3872,7 +3881,7 @@ function ln(r = {}) {
       }
     },
     [n, a, t, l]
-  ), A = te(
+  ), R = te(
     (m) => {
       const g = c[m] || c.default;
       i(g);
@@ -3883,7 +3892,7 @@ function ln(r = {}) {
     returnToUrl: x,
     clearReturnTo: P,
     setReturnTo: I,
-    navigateToZone: A,
+    navigateToZone: R,
     getSmartRedirect: k
   };
 }
@@ -3899,7 +3908,7 @@ export {
   tn as AppLoader,
   Sr as AppProvider,
   Nt as AuthApiService,
-  Ar as AuthProvider,
+  Rr as AuthProvider,
   Or as AuthenticatedZone,
   oe as ConfigurationError,
   ct as DEFAULT_ZONE_PRESETS,
@@ -3945,7 +3954,7 @@ export {
   ue as ZoneRoute,
   cn as buildRedirectUrl,
   kr as useApi,
-  Re as useApp,
+  Ae as useApp,
   rn as useAppLoaderState,
   de as useAuth,
   Ir as useAuthActions,
@@ -3954,7 +3963,7 @@ export {
   Vt as useFeatureFlags,
   Cr as useRouting,
   Wt as useRoutingOptional,
-  Rr as useSettings,
+  Ar as useSettings,
   zt as useSubscription,
   ve as useTenant,
   ot as useTenantInfo,