role-permission-engine 1.0.0

package/dist/index.esm.js

@@ -0,0 +1,2548 @@
+import require$$0, { createContext, useMemo, useContext } from 'react';
+
+var jsxRuntime = {exports: {}};
+
+var reactJsxRuntime_production_min = {};
+
+/**
+ * @license React
+ * react-jsx-runtime.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+var hasRequiredReactJsxRuntime_production_min;
+
+function requireReactJsxRuntime_production_min () {
+	if (hasRequiredReactJsxRuntime_production_min) return reactJsxRuntime_production_min;
+	hasRequiredReactJsxRuntime_production_min = 1;
+var f=require$$0,k=Symbol.for("react.element"),l=Symbol.for("react.fragment"),m=Object.prototype.hasOwnProperty,n=f.__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED.ReactCurrentOwner,p={key:true,ref:true,__self:true,__source:true};
+	function q(c,a,g){var b,d={},e=null,h=null;void 0!==g&&(e=""+g);void 0!==a.key&&(e=""+a.key);void 0!==a.ref&&(h=a.ref);for(b in a)m.call(a,b)&&!p.hasOwnProperty(b)&&(d[b]=a[b]);if(c&&c.defaultProps)for(b in a=c.defaultProps,a) void 0===d[b]&&(d[b]=a[b]);return {$$typeof:k,type:c,key:e,ref:h,props:d,_owner:n.current}}reactJsxRuntime_production_min.Fragment=l;reactJsxRuntime_production_min.jsx=q;reactJsxRuntime_production_min.jsxs=q;
+	return reactJsxRuntime_production_min;
+}
+
+var reactJsxRuntime_development = {};
+
+/**
+ * @license React
+ * react-jsx-runtime.development.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+var hasRequiredReactJsxRuntime_development;
+
+function requireReactJsxRuntime_development () {
+	if (hasRequiredReactJsxRuntime_development) return reactJsxRuntime_development;
+	hasRequiredReactJsxRuntime_development = 1;
+
+	if (process.env.NODE_ENV !== "production") {
+	  (function() {
+
+	var React = require$$0;
+
+	// ATTENTION
+	// When adding new symbols to this file,
+	// Please consider also adding to 'react-devtools-shared/src/backend/ReactSymbols'
+	// The Symbol used to tag the ReactElement-like types.
+	var REACT_ELEMENT_TYPE = Symbol.for('react.element');
+	var REACT_PORTAL_TYPE = Symbol.for('react.portal');
+	var REACT_FRAGMENT_TYPE = Symbol.for('react.fragment');
+	var REACT_STRICT_MODE_TYPE = Symbol.for('react.strict_mode');
+	var REACT_PROFILER_TYPE = Symbol.for('react.profiler');
+	var REACT_PROVIDER_TYPE = Symbol.for('react.provider');
+	var REACT_CONTEXT_TYPE = Symbol.for('react.context');
+	var REACT_FORWARD_REF_TYPE = Symbol.for('react.forward_ref');
+	var REACT_SUSPENSE_TYPE = Symbol.for('react.suspense');
+	var REACT_SUSPENSE_LIST_TYPE = Symbol.for('react.suspense_list');
+	var REACT_MEMO_TYPE = Symbol.for('react.memo');
+	var REACT_LAZY_TYPE = Symbol.for('react.lazy');
+	var REACT_OFFSCREEN_TYPE = Symbol.for('react.offscreen');
+	var MAYBE_ITERATOR_SYMBOL = Symbol.iterator;
+	var FAUX_ITERATOR_SYMBOL = '@@iterator';
+	function getIteratorFn(maybeIterable) {
+	  if (maybeIterable === null || typeof maybeIterable !== 'object') {
+	    return null;
+	  }
+
+	  var maybeIterator = MAYBE_ITERATOR_SYMBOL && maybeIterable[MAYBE_ITERATOR_SYMBOL] || maybeIterable[FAUX_ITERATOR_SYMBOL];
+
+	  if (typeof maybeIterator === 'function') {
+	    return maybeIterator;
+	  }
+
+	  return null;
+	}
+
+	var ReactSharedInternals = React.__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED;
+
+	function error(format) {
+	  {
+	    {
+	      for (var _len2 = arguments.length, args = new Array(_len2 > 1 ? _len2 - 1 : 0), _key2 = 1; _key2 < _len2; _key2++) {
+	        args[_key2 - 1] = arguments[_key2];
+	      }
+
+	      printWarning('error', format, args);
+	    }
+	  }
+	}
+
+	function printWarning(level, format, args) {
+	  // When changing this logic, you might want to also
+	  // update consoleWithStackDev.www.js as well.
+	  {
+	    var ReactDebugCurrentFrame = ReactSharedInternals.ReactDebugCurrentFrame;
+	    var stack = ReactDebugCurrentFrame.getStackAddendum();
+
+	    if (stack !== '') {
+	      format += '%s';
+	      args = args.concat([stack]);
+	    } // eslint-disable-next-line react-internal/safe-string-coercion
+
+
+	    var argsWithFormat = args.map(function (item) {
+	      return String(item);
+	    }); // Careful: RN currently depends on this prefix
+
+	    argsWithFormat.unshift('Warning: ' + format); // We intentionally don't use spread (or .apply) directly because it
+	    // breaks IE9: https://github.com/facebook/react/issues/13610
+	    // eslint-disable-next-line react-internal/no-production-logging
+
+	    Function.prototype.apply.call(console[level], console, argsWithFormat);
+	  }
+	}
+
+	// -----------------------------------------------------------------------------
+
+	var enableScopeAPI = false; // Experimental Create Event Handle API.
+	var enableCacheElement = false;
+	var enableTransitionTracing = false; // No known bugs, but needs performance testing
+
+	var enableLegacyHidden = false; // Enables unstable_avoidThisFallback feature in Fiber
+	// stuff. Intended to enable React core members to more easily debug scheduling
+	// issues in DEV builds.
+
+	var enableDebugTracing = false; // Track which Fiber(s) schedule render work.
+
+	var REACT_MODULE_REFERENCE;
+
+	{
+	  REACT_MODULE_REFERENCE = Symbol.for('react.module.reference');
+	}
+
+	function isValidElementType(type) {
+	  if (typeof type === 'string' || typeof type === 'function') {
+	    return true;
+	  } // Note: typeof might be other than 'symbol' or 'number' (e.g. if it's a polyfill).
+
+
+	  if (type === REACT_FRAGMENT_TYPE || type === REACT_PROFILER_TYPE || enableDebugTracing  || type === REACT_STRICT_MODE_TYPE || type === REACT_SUSPENSE_TYPE || type === REACT_SUSPENSE_LIST_TYPE || enableLegacyHidden  || type === REACT_OFFSCREEN_TYPE || enableScopeAPI  || enableCacheElement  || enableTransitionTracing ) {
+	    return true;
+	  }
+
+	  if (typeof type === 'object' && type !== null) {
+	    if (type.$$typeof === REACT_LAZY_TYPE || type.$$typeof === REACT_MEMO_TYPE || type.$$typeof === REACT_PROVIDER_TYPE || type.$$typeof === REACT_CONTEXT_TYPE || type.$$typeof === REACT_FORWARD_REF_TYPE || // This needs to include all possible module reference object
+	    // types supported by any Flight configuration anywhere since
+	    // we don't know which Flight build this will end up being used
+	    // with.
+	    type.$$typeof === REACT_MODULE_REFERENCE || type.getModuleId !== undefined) {
+	      return true;
+	    }
+	  }
+
+	  return false;
+	}
+
+	function getWrappedName(outerType, innerType, wrapperName) {
+	  var displayName = outerType.displayName;
+
+	  if (displayName) {
+	    return displayName;
+	  }
+
+	  var functionName = innerType.displayName || innerType.name || '';
+	  return functionName !== '' ? wrapperName + "(" + functionName + ")" : wrapperName;
+	} // Keep in sync with react-reconciler/getComponentNameFromFiber
+
+
+	function getContextName(type) {
+	  return type.displayName || 'Context';
+	} // Note that the reconciler package should generally prefer to use getComponentNameFromFiber() instead.
+
+
+	function getComponentNameFromType(type) {
+	  if (type == null) {
+	    // Host root, text node or just invalid type.
+	    return null;
+	  }
+
+	  {
+	    if (typeof type.tag === 'number') {
+	      error('Received an unexpected object in getComponentNameFromType(). ' + 'This is likely a bug in React. Please file an issue.');
+	    }
+	  }
+
+	  if (typeof type === 'function') {
+	    return type.displayName || type.name || null;
+	  }
+
+	  if (typeof type === 'string') {
+	    return type;
+	  }
+
+	  switch (type) {
+	    case REACT_FRAGMENT_TYPE:
+	      return 'Fragment';
+
+	    case REACT_PORTAL_TYPE:
+	      return 'Portal';
+
+	    case REACT_PROFILER_TYPE:
+	      return 'Profiler';
+
+	    case REACT_STRICT_MODE_TYPE:
+	      return 'StrictMode';
+
+	    case REACT_SUSPENSE_TYPE:
+	      return 'Suspense';
+
+	    case REACT_SUSPENSE_LIST_TYPE:
+	      return 'SuspenseList';
+
+	  }
+
+	  if (typeof type === 'object') {
+	    switch (type.$$typeof) {
+	      case REACT_CONTEXT_TYPE:
+	        var context = type;
+	        return getContextName(context) + '.Consumer';
+
+	      case REACT_PROVIDER_TYPE:
+	        var provider = type;
+	        return getContextName(provider._context) + '.Provider';
+
+	      case REACT_FORWARD_REF_TYPE:
+	        return getWrappedName(type, type.render, 'ForwardRef');
+
+	      case REACT_MEMO_TYPE:
+	        var outerName = type.displayName || null;
+
+	        if (outerName !== null) {
+	          return outerName;
+	        }
+
+	        return getComponentNameFromType(type.type) || 'Memo';
+
+	      case REACT_LAZY_TYPE:
+	        {
+	          var lazyComponent = type;
+	          var payload = lazyComponent._payload;
+	          var init = lazyComponent._init;
+
+	          try {
+	            return getComponentNameFromType(init(payload));
+	          } catch (x) {
+	            return null;
+	          }
+	        }
+
+	      // eslint-disable-next-line no-fallthrough
+	    }
+	  }
+
+	  return null;
+	}
+
+	var assign = Object.assign;
+
+	// Helpers to patch console.logs to avoid logging during side-effect free
+	// replaying on render function. This currently only patches the object
+	// lazily which won't cover if the log function was extracted eagerly.
+	// We could also eagerly patch the method.
+	var disabledDepth = 0;
+	var prevLog;
+	var prevInfo;
+	var prevWarn;
+	var prevError;
+	var prevGroup;
+	var prevGroupCollapsed;
+	var prevGroupEnd;
+
+	function disabledLog() {}
+
+	disabledLog.__reactDisabledLog = true;
+	function disableLogs() {
+	  {
+	    if (disabledDepth === 0) {
+	      /* eslint-disable react-internal/no-production-logging */
+	      prevLog = console.log;
+	      prevInfo = console.info;
+	      prevWarn = console.warn;
+	      prevError = console.error;
+	      prevGroup = console.group;
+	      prevGroupCollapsed = console.groupCollapsed;
+	      prevGroupEnd = console.groupEnd; // https://github.com/facebook/react/issues/19099
+
+	      var props = {
+	        configurable: true,
+	        enumerable: true,
+	        value: disabledLog,
+	        writable: true
+	      }; // $FlowFixMe Flow thinks console is immutable.
+
+	      Object.defineProperties(console, {
+	        info: props,
+	        log: props,
+	        warn: props,
+	        error: props,
+	        group: props,
+	        groupCollapsed: props,
+	        groupEnd: props
+	      });
+	      /* eslint-enable react-internal/no-production-logging */
+	    }
+
+	    disabledDepth++;
+	  }
+	}
+	function reenableLogs() {
+	  {
+	    disabledDepth--;
+
+	    if (disabledDepth === 0) {
+	      /* eslint-disable react-internal/no-production-logging */
+	      var props = {
+	        configurable: true,
+	        enumerable: true,
+	        writable: true
+	      }; // $FlowFixMe Flow thinks console is immutable.
+
+	      Object.defineProperties(console, {
+	        log: assign({}, props, {
+	          value: prevLog
+	        }),
+	        info: assign({}, props, {
+	          value: prevInfo
+	        }),
+	        warn: assign({}, props, {
+	          value: prevWarn
+	        }),
+	        error: assign({}, props, {
+	          value: prevError
+	        }),
+	        group: assign({}, props, {
+	          value: prevGroup
+	        }),
+	        groupCollapsed: assign({}, props, {
+	          value: prevGroupCollapsed
+	        }),
+	        groupEnd: assign({}, props, {
+	          value: prevGroupEnd
+	        })
+	      });
+	      /* eslint-enable react-internal/no-production-logging */
+	    }
+
+	    if (disabledDepth < 0) {
+	      error('disabledDepth fell below zero. ' + 'This is a bug in React. Please file an issue.');
+	    }
+	  }
+	}
+
+	var ReactCurrentDispatcher = ReactSharedInternals.ReactCurrentDispatcher;
+	var prefix;
+	function describeBuiltInComponentFrame(name, source, ownerFn) {
+	  {
+	    if (prefix === undefined) {
+	      // Extract the VM specific prefix used by each line.
+	      try {
+	        throw Error();
+	      } catch (x) {
+	        var match = x.stack.trim().match(/\n( *(at )?)/);
+	        prefix = match && match[1] || '';
+	      }
+	    } // We use the prefix to ensure our stacks line up with native stack frames.
+
+
+	    return '\n' + prefix + name;
+	  }
+	}
+	var reentry = false;
+	var componentFrameCache;
+
+	{
+	  var PossiblyWeakMap = typeof WeakMap === 'function' ? WeakMap : Map;
+	  componentFrameCache = new PossiblyWeakMap();
+	}
+
+	function describeNativeComponentFrame(fn, construct) {
+	  // If something asked for a stack inside a fake render, it should get ignored.
+	  if ( !fn || reentry) {
+	    return '';
+	  }
+
+	  {
+	    var frame = componentFrameCache.get(fn);
+
+	    if (frame !== undefined) {
+	      return frame;
+	    }
+	  }
+
+	  var control;
+	  reentry = true;
+	  var previousPrepareStackTrace = Error.prepareStackTrace; // $FlowFixMe It does accept undefined.
+
+	  Error.prepareStackTrace = undefined;
+	  var previousDispatcher;
+
+	  {
+	    previousDispatcher = ReactCurrentDispatcher.current; // Set the dispatcher in DEV because this might be call in the render function
+	    // for warnings.
+
+	    ReactCurrentDispatcher.current = null;
+	    disableLogs();
+	  }
+
+	  try {
+	    // This should throw.
+	    if (construct) {
+	      // Something should be setting the props in the constructor.
+	      var Fake = function () {
+	        throw Error();
+	      }; // $FlowFixMe
+
+
+	      Object.defineProperty(Fake.prototype, 'props', {
+	        set: function () {
+	          // We use a throwing setter instead of frozen or non-writable props
+	          // because that won't throw in a non-strict mode function.
+	          throw Error();
+	        }
+	      });
+
+	      if (typeof Reflect === 'object' && Reflect.construct) {
+	        // We construct a different control for this case to include any extra
+	        // frames added by the construct call.
+	        try {
+	          Reflect.construct(Fake, []);
+	        } catch (x) {
+	          control = x;
+	        }
+
+	        Reflect.construct(fn, [], Fake);
+	      } else {
+	        try {
+	          Fake.call();
+	        } catch (x) {
+	          control = x;
+	        }
+
+	        fn.call(Fake.prototype);
+	      }
+	    } else {
+	      try {
+	        throw Error();
+	      } catch (x) {
+	        control = x;
+	      }
+
+	      fn();
+	    }
+	  } catch (sample) {
+	    // This is inlined manually because closure doesn't do it for us.
+	    if (sample && control && typeof sample.stack === 'string') {
+	      // This extracts the first frame from the sample that isn't also in the control.
+	      // Skipping one frame that we assume is the frame that calls the two.
+	      var sampleLines = sample.stack.split('\n');
+	      var controlLines = control.stack.split('\n');
+	      var s = sampleLines.length - 1;
+	      var c = controlLines.length - 1;
+
+	      while (s >= 1 && c >= 0 && sampleLines[s] !== controlLines[c]) {
+	        // We expect at least one stack frame to be shared.
+	        // Typically this will be the root most one. However, stack frames may be
+	        // cut off due to maximum stack limits. In this case, one maybe cut off
+	        // earlier than the other. We assume that the sample is longer or the same
+	        // and there for cut off earlier. So we should find the root most frame in
+	        // the sample somewhere in the control.
+	        c--;
+	      }
+
+	      for (; s >= 1 && c >= 0; s--, c--) {
+	        // Next we find the first one that isn't the same which should be the
+	        // frame that called our sample function and the control.
+	        if (sampleLines[s] !== controlLines[c]) {
+	          // In V8, the first line is describing the message but other VMs don't.
+	          // If we're about to return the first line, and the control is also on the same
+	          // line, that's a pretty good indicator that our sample threw at same line as
+	          // the control. I.e. before we entered the sample frame. So we ignore this result.
+	          // This can happen if you passed a class to function component, or non-function.
+	          if (s !== 1 || c !== 1) {
+	            do {
+	              s--;
+	              c--; // We may still have similar intermediate frames from the construct call.
+	              // The next one that isn't the same should be our match though.
+
+	              if (c < 0 || sampleLines[s] !== controlLines[c]) {
+	                // V8 adds a "new" prefix for native classes. Let's remove it to make it prettier.
+	                var _frame = '\n' + sampleLines[s].replace(' at new ', ' at '); // If our component frame is labeled "<anonymous>"
+	                // but we have a user-provided "displayName"
+	                // splice it in to make the stack more readable.
+
+
+	                if (fn.displayName && _frame.includes('<anonymous>')) {
+	                  _frame = _frame.replace('<anonymous>', fn.displayName);
+	                }
+
+	                {
+	                  if (typeof fn === 'function') {
+	                    componentFrameCache.set(fn, _frame);
+	                  }
+	                } // Return the line we found.
+
+
+	                return _frame;
+	              }
+	            } while (s >= 1 && c >= 0);
+	          }
+
+	          break;
+	        }
+	      }
+	    }
+	  } finally {
+	    reentry = false;
+
+	    {
+	      ReactCurrentDispatcher.current = previousDispatcher;
+	      reenableLogs();
+	    }
+
+	    Error.prepareStackTrace = previousPrepareStackTrace;
+	  } // Fallback to just using the name if we couldn't make it throw.
+
+
+	  var name = fn ? fn.displayName || fn.name : '';
+	  var syntheticFrame = name ? describeBuiltInComponentFrame(name) : '';
+
+	  {
+	    if (typeof fn === 'function') {
+	      componentFrameCache.set(fn, syntheticFrame);
+	    }
+	  }
+
+	  return syntheticFrame;
+	}
+	function describeFunctionComponentFrame(fn, source, ownerFn) {
+	  {
+	    return describeNativeComponentFrame(fn, false);
+	  }
+	}
+
+	function shouldConstruct(Component) {
+	  var prototype = Component.prototype;
+	  return !!(prototype && prototype.isReactComponent);
+	}
+
+	function describeUnknownElementTypeFrameInDEV(type, source, ownerFn) {
+
+	  if (type == null) {
+	    return '';
+	  }
+
+	  if (typeof type === 'function') {
+	    {
+	      return describeNativeComponentFrame(type, shouldConstruct(type));
+	    }
+	  }
+
+	  if (typeof type === 'string') {
+	    return describeBuiltInComponentFrame(type);
+	  }
+
+	  switch (type) {
+	    case REACT_SUSPENSE_TYPE:
+	      return describeBuiltInComponentFrame('Suspense');
+
+	    case REACT_SUSPENSE_LIST_TYPE:
+	      return describeBuiltInComponentFrame('SuspenseList');
+	  }
+
+	  if (typeof type === 'object') {
+	    switch (type.$$typeof) {
+	      case REACT_FORWARD_REF_TYPE:
+	        return describeFunctionComponentFrame(type.render);
+
+	      case REACT_MEMO_TYPE:
+	        // Memo may contain any component type so we recursively resolve it.
+	        return describeUnknownElementTypeFrameInDEV(type.type, source, ownerFn);
+
+	      case REACT_LAZY_TYPE:
+	        {
+	          var lazyComponent = type;
+	          var payload = lazyComponent._payload;
+	          var init = lazyComponent._init;
+
+	          try {
+	            // Lazy may contain any component type so we recursively resolve it.
+	            return describeUnknownElementTypeFrameInDEV(init(payload), source, ownerFn);
+	          } catch (x) {}
+	        }
+	    }
+	  }
+
+	  return '';
+	}
+
+	var hasOwnProperty = Object.prototype.hasOwnProperty;
+
+	var loggedTypeFailures = {};
+	var ReactDebugCurrentFrame = ReactSharedInternals.ReactDebugCurrentFrame;
+
+	function setCurrentlyValidatingElement(element) {
+	  {
+	    if (element) {
+	      var owner = element._owner;
+	      var stack = describeUnknownElementTypeFrameInDEV(element.type, element._source, owner ? owner.type : null);
+	      ReactDebugCurrentFrame.setExtraStackFrame(stack);
+	    } else {
+	      ReactDebugCurrentFrame.setExtraStackFrame(null);
+	    }
+	  }
+	}
+
+	function checkPropTypes(typeSpecs, values, location, componentName, element) {
+	  {
+	    // $FlowFixMe This is okay but Flow doesn't know it.
+	    var has = Function.call.bind(hasOwnProperty);
+
+	    for (var typeSpecName in typeSpecs) {
+	      if (has(typeSpecs, typeSpecName)) {
+	        var error$1 = void 0; // Prop type validation may throw. In case they do, we don't want to
+	        // fail the render phase where it didn't fail before. So we log it.
+	        // After these have been cleaned up, we'll let them throw.
+
+	        try {
+	          // This is intentionally an invariant that gets caught. It's the same
+	          // behavior as without this statement except with a better message.
+	          if (typeof typeSpecs[typeSpecName] !== 'function') {
+	            // eslint-disable-next-line react-internal/prod-error-codes
+	            var err = Error((componentName || 'React class') + ': ' + location + ' type `' + typeSpecName + '` is invalid; ' + 'it must be a function, usually from the `prop-types` package, but received `' + typeof typeSpecs[typeSpecName] + '`.' + 'This often happens because of typos such as `PropTypes.function` instead of `PropTypes.func`.');
+	            err.name = 'Invariant Violation';
+	            throw err;
+	          }
+
+	          error$1 = typeSpecs[typeSpecName](values, typeSpecName, componentName, location, null, 'SECRET_DO_NOT_PASS_THIS_OR_YOU_WILL_BE_FIRED');
+	        } catch (ex) {
+	          error$1 = ex;
+	        }
+
+	        if (error$1 && !(error$1 instanceof Error)) {
+	          setCurrentlyValidatingElement(element);
+
+	          error('%s: type specification of %s' + ' `%s` is invalid; the type checker ' + 'function must return `null` or an `Error` but returned a %s. ' + 'You may have forgotten to pass an argument to the type checker ' + 'creator (arrayOf, instanceOf, objectOf, oneOf, oneOfType, and ' + 'shape all require an argument).', componentName || 'React class', location, typeSpecName, typeof error$1);
+
+	          setCurrentlyValidatingElement(null);
+	        }
+
+	        if (error$1 instanceof Error && !(error$1.message in loggedTypeFailures)) {
+	          // Only monitor this failure once because there tends to be a lot of the
+	          // same error.
+	          loggedTypeFailures[error$1.message] = true;
+	          setCurrentlyValidatingElement(element);
+
+	          error('Failed %s type: %s', location, error$1.message);
+
+	          setCurrentlyValidatingElement(null);
+	        }
+	      }
+	    }
+	  }
+	}
+
+	var isArrayImpl = Array.isArray; // eslint-disable-next-line no-redeclare
+
+	function isArray(a) {
+	  return isArrayImpl(a);
+	}
+
+	/*
+	 * The `'' + value` pattern (used in in perf-sensitive code) throws for Symbol
+	 * and Temporal.* types. See https://github.com/facebook/react/pull/22064.
+	 *
+	 * The functions in this module will throw an easier-to-understand,
+	 * easier-to-debug exception with a clear errors message message explaining the
+	 * problem. (Instead of a confusing exception thrown inside the implementation
+	 * of the `value` object).
+	 */
+	// $FlowFixMe only called in DEV, so void return is not possible.
+	function typeName(value) {
+	  {
+	    // toStringTag is needed for namespaced types like Temporal.Instant
+	    var hasToStringTag = typeof Symbol === 'function' && Symbol.toStringTag;
+	    var type = hasToStringTag && value[Symbol.toStringTag] || value.constructor.name || 'Object';
+	    return type;
+	  }
+	} // $FlowFixMe only called in DEV, so void return is not possible.
+
+
+	function willCoercionThrow(value) {
+	  {
+	    try {
+	      testStringCoercion(value);
+	      return false;
+	    } catch (e) {
+	      return true;
+	    }
+	  }
+	}
+
+	function testStringCoercion(value) {
+	  // If you ended up here by following an exception call stack, here's what's
+	  // happened: you supplied an object or symbol value to React (as a prop, key,
+	  // DOM attribute, CSS property, string ref, etc.) and when React tried to
+	  // coerce it to a string using `'' + value`, an exception was thrown.
+	  //
+	  // The most common types that will cause this exception are `Symbol` instances
+	  // and Temporal objects like `Temporal.Instant`. But any object that has a
+	  // `valueOf` or `[Symbol.toPrimitive]` method that throws will also cause this
+	  // exception. (Library authors do this to prevent users from using built-in
+	  // numeric operators like `+` or comparison operators like `>=` because custom
+	  // methods are needed to perform accurate arithmetic or comparison.)
+	  //
+	  // To fix the problem, coerce this object or symbol value to a string before
+	  // passing it to React. The most reliable way is usually `String(value)`.
+	  //
+	  // To find which value is throwing, check the browser or debugger console.
+	  // Before this exception was thrown, there should be `console.error` output
+	  // that shows the type (Symbol, Temporal.PlainDate, etc.) that caused the
+	  // problem and how that type was used: key, atrribute, input value prop, etc.
+	  // In most cases, this console output also shows the component and its
+	  // ancestor components where the exception happened.
+	  //
+	  // eslint-disable-next-line react-internal/safe-string-coercion
+	  return '' + value;
+	}
+	function checkKeyStringCoercion(value) {
+	  {
+	    if (willCoercionThrow(value)) {
+	      error('The provided key is an unsupported type %s.' + ' This value must be coerced to a string before before using it here.', typeName(value));
+
+	      return testStringCoercion(value); // throw (to help callers find troubleshooting comments)
+	    }
+	  }
+	}
+
+	var ReactCurrentOwner = ReactSharedInternals.ReactCurrentOwner;
+	var RESERVED_PROPS = {
+	  key: true,
+	  ref: true,
+	  __self: true,
+	  __source: true
+	};
+	var specialPropKeyWarningShown;
+	var specialPropRefWarningShown;
+
+	function hasValidRef(config) {
+	  {
+	    if (hasOwnProperty.call(config, 'ref')) {
+	      var getter = Object.getOwnPropertyDescriptor(config, 'ref').get;
+
+	      if (getter && getter.isReactWarning) {
+	        return false;
+	      }
+	    }
+	  }
+
+	  return config.ref !== undefined;
+	}
+
+	function hasValidKey(config) {
+	  {
+	    if (hasOwnProperty.call(config, 'key')) {
+	      var getter = Object.getOwnPropertyDescriptor(config, 'key').get;
+
+	      if (getter && getter.isReactWarning) {
+	        return false;
+	      }
+	    }
+	  }
+
+	  return config.key !== undefined;
+	}
+
+	function warnIfStringRefCannotBeAutoConverted(config, self) {
+	  {
+	    if (typeof config.ref === 'string' && ReactCurrentOwner.current && self) ;
+	  }
+	}
+
+	function defineKeyPropWarningGetter(props, displayName) {
+	  {
+	    var warnAboutAccessingKey = function () {
+	      if (!specialPropKeyWarningShown) {
+	        specialPropKeyWarningShown = true;
+
+	        error('%s: `key` is not a prop. Trying to access it will result ' + 'in `undefined` being returned. If you need to access the same ' + 'value within the child component, you should pass it as a different ' + 'prop. (https://reactjs.org/link/special-props)', displayName);
+	      }
+	    };
+
+	    warnAboutAccessingKey.isReactWarning = true;
+	    Object.defineProperty(props, 'key', {
+	      get: warnAboutAccessingKey,
+	      configurable: true
+	    });
+	  }
+	}
+
+	function defineRefPropWarningGetter(props, displayName) {
+	  {
+	    var warnAboutAccessingRef = function () {
+	      if (!specialPropRefWarningShown) {
+	        specialPropRefWarningShown = true;
+
+	        error('%s: `ref` is not a prop. Trying to access it will result ' + 'in `undefined` being returned. If you need to access the same ' + 'value within the child component, you should pass it as a different ' + 'prop. (https://reactjs.org/link/special-props)', displayName);
+	      }
+	    };
+
+	    warnAboutAccessingRef.isReactWarning = true;
+	    Object.defineProperty(props, 'ref', {
+	      get: warnAboutAccessingRef,
+	      configurable: true
+	    });
+	  }
+	}
+	/**
+	 * Factory method to create a new React element. This no longer adheres to
+	 * the class pattern, so do not use new to call it. Also, instanceof check
+	 * will not work. Instead test $$typeof field against Symbol.for('react.element') to check
+	 * if something is a React Element.
+	 *
+	 * @param {*} type
+	 * @param {*} props
+	 * @param {*} key
+	 * @param {string|object} ref
+	 * @param {*} owner
+	 * @param {*} self A *temporary* helper to detect places where `this` is
+	 * different from the `owner` when React.createElement is called, so that we
+	 * can warn. We want to get rid of owner and replace string `ref`s with arrow
+	 * functions, and as long as `this` and owner are the same, there will be no
+	 * change in behavior.
+	 * @param {*} source An annotation object (added by a transpiler or otherwise)
+	 * indicating filename, line number, and/or other information.
+	 * @internal
+	 */
+
+
+	var ReactElement = function (type, key, ref, self, source, owner, props) {
+	  var element = {
+	    // This tag allows us to uniquely identify this as a React Element
+	    $$typeof: REACT_ELEMENT_TYPE,
+	    // Built-in properties that belong on the element
+	    type: type,
+	    key: key,
+	    ref: ref,
+	    props: props,
+	    // Record the component responsible for creating this element.
+	    _owner: owner
+	  };
+
+	  {
+	    // The validation flag is currently mutative. We put it on
+	    // an external backing store so that we can freeze the whole object.
+	    // This can be replaced with a WeakMap once they are implemented in
+	    // commonly used development environments.
+	    element._store = {}; // To make comparing ReactElements easier for testing purposes, we make
+	    // the validation flag non-enumerable (where possible, which should
+	    // include every environment we run tests in), so the test framework
+	    // ignores it.
+
+	    Object.defineProperty(element._store, 'validated', {
+	      configurable: false,
+	      enumerable: false,
+	      writable: true,
+	      value: false
+	    }); // self and source are DEV only properties.
+
+	    Object.defineProperty(element, '_self', {
+	      configurable: false,
+	      enumerable: false,
+	      writable: false,
+	      value: self
+	    }); // Two elements created in two different places should be considered
+	    // equal for testing purposes and therefore we hide it from enumeration.
+
+	    Object.defineProperty(element, '_source', {
+	      configurable: false,
+	      enumerable: false,
+	      writable: false,
+	      value: source
+	    });
+
+	    if (Object.freeze) {
+	      Object.freeze(element.props);
+	      Object.freeze(element);
+	    }
+	  }
+
+	  return element;
+	};
+	/**
+	 * https://github.com/reactjs/rfcs/pull/107
+	 * @param {*} type
+	 * @param {object} props
+	 * @param {string} key
+	 */
+
+	function jsxDEV(type, config, maybeKey, source, self) {
+	  {
+	    var propName; // Reserved names are extracted
+
+	    var props = {};
+	    var key = null;
+	    var ref = null; // Currently, key can be spread in as a prop. This causes a potential
+	    // issue if key is also explicitly declared (ie. <div {...props} key="Hi" />
+	    // or <div key="Hi" {...props} /> ). We want to deprecate key spread,
+	    // but as an intermediary step, we will use jsxDEV for everything except
+	    // <div {...props} key="Hi" />, because we aren't currently able to tell if
+	    // key is explicitly declared to be undefined or not.
+
+	    if (maybeKey !== undefined) {
+	      {
+	        checkKeyStringCoercion(maybeKey);
+	      }
+
+	      key = '' + maybeKey;
+	    }
+
+	    if (hasValidKey(config)) {
+	      {
+	        checkKeyStringCoercion(config.key);
+	      }
+
+	      key = '' + config.key;
+	    }
+
+	    if (hasValidRef(config)) {
+	      ref = config.ref;
+	      warnIfStringRefCannotBeAutoConverted(config, self);
+	    } // Remaining properties are added to a new props object
+
+
+	    for (propName in config) {
+	      if (hasOwnProperty.call(config, propName) && !RESERVED_PROPS.hasOwnProperty(propName)) {
+	        props[propName] = config[propName];
+	      }
+	    } // Resolve default props
+
+
+	    if (type && type.defaultProps) {
+	      var defaultProps = type.defaultProps;
+
+	      for (propName in defaultProps) {
+	        if (props[propName] === undefined) {
+	          props[propName] = defaultProps[propName];
+	        }
+	      }
+	    }
+
+	    if (key || ref) {
+	      var displayName = typeof type === 'function' ? type.displayName || type.name || 'Unknown' : type;
+
+	      if (key) {
+	        defineKeyPropWarningGetter(props, displayName);
+	      }
+
+	      if (ref) {
+	        defineRefPropWarningGetter(props, displayName);
+	      }
+	    }
+
+	    return ReactElement(type, key, ref, self, source, ReactCurrentOwner.current, props);
+	  }
+	}
+
+	var ReactCurrentOwner$1 = ReactSharedInternals.ReactCurrentOwner;
+	var ReactDebugCurrentFrame$1 = ReactSharedInternals.ReactDebugCurrentFrame;
+
+	function setCurrentlyValidatingElement$1(element) {
+	  {
+	    if (element) {
+	      var owner = element._owner;
+	      var stack = describeUnknownElementTypeFrameInDEV(element.type, element._source, owner ? owner.type : null);
+	      ReactDebugCurrentFrame$1.setExtraStackFrame(stack);
+	    } else {
+	      ReactDebugCurrentFrame$1.setExtraStackFrame(null);
+	    }
+	  }
+	}
+
+	var propTypesMisspellWarningShown;
+
+	{
+	  propTypesMisspellWarningShown = false;
+	}
+	/**
+	 * Verifies the object is a ReactElement.
+	 * See https://reactjs.org/docs/react-api.html#isvalidelement
+	 * @param {?object} object
+	 * @return {boolean} True if `object` is a ReactElement.
+	 * @final
+	 */
+
+
+	function isValidElement(object) {
+	  {
+	    return typeof object === 'object' && object !== null && object.$$typeof === REACT_ELEMENT_TYPE;
+	  }
+	}
+
+	function getDeclarationErrorAddendum() {
+	  {
+	    if (ReactCurrentOwner$1.current) {
+	      var name = getComponentNameFromType(ReactCurrentOwner$1.current.type);
+
+	      if (name) {
+	        return '\n\nCheck the render method of `' + name + '`.';
+	      }
+	    }
+
+	    return '';
+	  }
+	}
+
+	function getSourceInfoErrorAddendum(source) {
+	  {
+
+	    return '';
+	  }
+	}
+	/**
+	 * Warn if there's no key explicitly set on dynamic arrays of children or
+	 * object keys are not valid. This allows us to keep track of children between
+	 * updates.
+	 */
+
+
+	var ownerHasKeyUseWarning = {};
+
+	function getCurrentComponentErrorInfo(parentType) {
+	  {
+	    var info = getDeclarationErrorAddendum();
+
+	    if (!info) {
+	      var parentName = typeof parentType === 'string' ? parentType : parentType.displayName || parentType.name;
+
+	      if (parentName) {
+	        info = "\n\nCheck the top-level render call using <" + parentName + ">.";
+	      }
+	    }
+
+	    return info;
+	  }
+	}
+	/**
+	 * Warn if the element doesn't have an explicit key assigned to it.
+	 * This element is in an array. The array could grow and shrink or be
+	 * reordered. All children that haven't already been validated are required to
+	 * have a "key" property assigned to it. Error statuses are cached so a warning
+	 * will only be shown once.
+	 *
+	 * @internal
+	 * @param {ReactElement} element Element that requires a key.
+	 * @param {*} parentType element's parent's type.
+	 */
+
+
+	function validateExplicitKey(element, parentType) {
+	  {
+	    if (!element._store || element._store.validated || element.key != null) {
+	      return;
+	    }
+
+	    element._store.validated = true;
+	    var currentComponentErrorInfo = getCurrentComponentErrorInfo(parentType);
+
+	    if (ownerHasKeyUseWarning[currentComponentErrorInfo]) {
+	      return;
+	    }
+
+	    ownerHasKeyUseWarning[currentComponentErrorInfo] = true; // Usually the current owner is the offender, but if it accepts children as a
+	    // property, it may be the creator of the child that's responsible for
+	    // assigning it a key.
+
+	    var childOwner = '';
+
+	    if (element && element._owner && element._owner !== ReactCurrentOwner$1.current) {
+	      // Give the component that originally created this child.
+	      childOwner = " It was passed a child from " + getComponentNameFromType(element._owner.type) + ".";
+	    }
+
+	    setCurrentlyValidatingElement$1(element);
+
+	    error('Each child in a list should have a unique "key" prop.' + '%s%s See https://reactjs.org/link/warning-keys for more information.', currentComponentErrorInfo, childOwner);
+
+	    setCurrentlyValidatingElement$1(null);
+	  }
+	}
+	/**
+	 * Ensure that every element either is passed in a static location, in an
+	 * array with an explicit keys property defined, or in an object literal
+	 * with valid key property.
+	 *
+	 * @internal
+	 * @param {ReactNode} node Statically passed child of any type.
+	 * @param {*} parentType node's parent's type.
+	 */
+
+
+	function validateChildKeys(node, parentType) {
+	  {
+	    if (typeof node !== 'object') {
+	      return;
+	    }
+
+	    if (isArray(node)) {
+	      for (var i = 0; i < node.length; i++) {
+	        var child = node[i];
+
+	        if (isValidElement(child)) {
+	          validateExplicitKey(child, parentType);
+	        }
+	      }
+	    } else if (isValidElement(node)) {
+	      // This element was passed in a valid location.
+	      if (node._store) {
+	        node._store.validated = true;
+	      }
+	    } else if (node) {
+	      var iteratorFn = getIteratorFn(node);
+
+	      if (typeof iteratorFn === 'function') {
+	        // Entry iterators used to provide implicit keys,
+	        // but now we print a separate warning for them later.
+	        if (iteratorFn !== node.entries) {
+	          var iterator = iteratorFn.call(node);
+	          var step;
+
+	          while (!(step = iterator.next()).done) {
+	            if (isValidElement(step.value)) {
+	              validateExplicitKey(step.value, parentType);
+	            }
+	          }
+	        }
+	      }
+	    }
+	  }
+	}
+	/**
+	 * Given an element, validate that its props follow the propTypes definition,
+	 * provided by the type.
+	 *
+	 * @param {ReactElement} element
+	 */
+
+
+	function validatePropTypes(element) {
+	  {
+	    var type = element.type;
+
+	    if (type === null || type === undefined || typeof type === 'string') {
+	      return;
+	    }
+
+	    var propTypes;
+
+	    if (typeof type === 'function') {
+	      propTypes = type.propTypes;
+	    } else if (typeof type === 'object' && (type.$$typeof === REACT_FORWARD_REF_TYPE || // Note: Memo only checks outer props here.
+	    // Inner props are checked in the reconciler.
+	    type.$$typeof === REACT_MEMO_TYPE)) {
+	      propTypes = type.propTypes;
+	    } else {
+	      return;
+	    }
+
+	    if (propTypes) {
+	      // Intentionally inside to avoid triggering lazy initializers:
+	      var name = getComponentNameFromType(type);
+	      checkPropTypes(propTypes, element.props, 'prop', name, element);
+	    } else if (type.PropTypes !== undefined && !propTypesMisspellWarningShown) {
+	      propTypesMisspellWarningShown = true; // Intentionally inside to avoid triggering lazy initializers:
+
+	      var _name = getComponentNameFromType(type);
+
+	      error('Component %s declared `PropTypes` instead of `propTypes`. Did you misspell the property assignment?', _name || 'Unknown');
+	    }
+
+	    if (typeof type.getDefaultProps === 'function' && !type.getDefaultProps.isReactClassApproved) {
+	      error('getDefaultProps is only used on classic React.createClass ' + 'definitions. Use a static property named `defaultProps` instead.');
+	    }
+	  }
+	}
+	/**
+	 * Given a fragment, validate that it can only be provided with fragment props
+	 * @param {ReactElement} fragment
+	 */
+
+
+	function validateFragmentProps(fragment) {
+	  {
+	    var keys = Object.keys(fragment.props);
+
+	    for (var i = 0; i < keys.length; i++) {
+	      var key = keys[i];
+
+	      if (key !== 'children' && key !== 'key') {
+	        setCurrentlyValidatingElement$1(fragment);
+
+	        error('Invalid prop `%s` supplied to `React.Fragment`. ' + 'React.Fragment can only have `key` and `children` props.', key);
+
+	        setCurrentlyValidatingElement$1(null);
+	        break;
+	      }
+	    }
+
+	    if (fragment.ref !== null) {
+	      setCurrentlyValidatingElement$1(fragment);
+
+	      error('Invalid attribute `ref` supplied to `React.Fragment`.');
+
+	      setCurrentlyValidatingElement$1(null);
+	    }
+	  }
+	}
+
+	var didWarnAboutKeySpread = {};
+	function jsxWithValidation(type, props, key, isStaticChildren, source, self) {
+	  {
+	    var validType = isValidElementType(type); // We warn in this case but don't throw. We expect the element creation to
+	    // succeed and there will likely be errors in render.
+
+	    if (!validType) {
+	      var info = '';
+
+	      if (type === undefined || typeof type === 'object' && type !== null && Object.keys(type).length === 0) {
+	        info += ' You likely forgot to export your component from the file ' + "it's defined in, or you might have mixed up default and named imports.";
+	      }
+
+	      var sourceInfo = getSourceInfoErrorAddendum();
+
+	      if (sourceInfo) {
+	        info += sourceInfo;
+	      } else {
+	        info += getDeclarationErrorAddendum();
+	      }
+
+	      var typeString;
+
+	      if (type === null) {
+	        typeString = 'null';
+	      } else if (isArray(type)) {
+	        typeString = 'array';
+	      } else if (type !== undefined && type.$$typeof === REACT_ELEMENT_TYPE) {
+	        typeString = "<" + (getComponentNameFromType(type.type) || 'Unknown') + " />";
+	        info = ' Did you accidentally export a JSX literal instead of a component?';
+	      } else {
+	        typeString = typeof type;
+	      }
+
+	      error('React.jsx: type is invalid -- expected a string (for ' + 'built-in components) or a class/function (for composite ' + 'components) but got: %s.%s', typeString, info);
+	    }
+
+	    var element = jsxDEV(type, props, key, source, self); // The result can be nullish if a mock or a custom function is used.
+	    // TODO: Drop this when these are no longer allowed as the type argument.
+
+	    if (element == null) {
+	      return element;
+	    } // Skip key warning if the type isn't valid since our key validation logic
+	    // doesn't expect a non-string/function type and can throw confusing errors.
+	    // We don't want exception behavior to differ between dev and prod.
+	    // (Rendering will throw with a helpful message and as soon as the type is
+	    // fixed, the key warnings will appear.)
+
+
+	    if (validType) {
+	      var children = props.children;
+
+	      if (children !== undefined) {
+	        if (isStaticChildren) {
+	          if (isArray(children)) {
+	            for (var i = 0; i < children.length; i++) {
+	              validateChildKeys(children[i], type);
+	            }
+
+	            if (Object.freeze) {
+	              Object.freeze(children);
+	            }
+	          } else {
+	            error('React.jsx: Static children should always be an array. ' + 'You are likely explicitly calling React.jsxs or React.jsxDEV. ' + 'Use the Babel transform instead.');
+	          }
+	        } else {
+	          validateChildKeys(children, type);
+	        }
+	      }
+	    }
+
+	    {
+	      if (hasOwnProperty.call(props, 'key')) {
+	        var componentName = getComponentNameFromType(type);
+	        var keys = Object.keys(props).filter(function (k) {
+	          return k !== 'key';
+	        });
+	        var beforeExample = keys.length > 0 ? '{key: someKey, ' + keys.join(': ..., ') + ': ...}' : '{key: someKey}';
+
+	        if (!didWarnAboutKeySpread[componentName + beforeExample]) {
+	          var afterExample = keys.length > 0 ? '{' + keys.join(': ..., ') + ': ...}' : '{}';
+
+	          error('A props object containing a "key" prop is being spread into JSX:\n' + '  let props = %s;\n' + '  <%s {...props} />\n' + 'React keys must be passed directly to JSX without using spread:\n' + '  let props = %s;\n' + '  <%s key={someKey} {...props} />', beforeExample, componentName, afterExample, componentName);
+
+	          didWarnAboutKeySpread[componentName + beforeExample] = true;
+	        }
+	      }
+	    }
+
+	    if (type === REACT_FRAGMENT_TYPE) {
+	      validateFragmentProps(element);
+	    } else {
+	      validatePropTypes(element);
+	    }
+
+	    return element;
+	  }
+	} // These two functions exist to still get child warnings in dev
+	// even with the prod transform. This means that jsxDEV is purely
+	// opt-in behavior for better messages but that we won't stop
+	// giving you warnings if you use production apis.
+
+	function jsxWithValidationStatic(type, props, key) {
+	  {
+	    return jsxWithValidation(type, props, key, true);
+	  }
+	}
+	function jsxWithValidationDynamic(type, props, key) {
+	  {
+	    return jsxWithValidation(type, props, key, false);
+	  }
+	}
+
+	var jsx =  jsxWithValidationDynamic ; // we may want to special case jsxs internally to take advantage of static children.
+	// for now we can ship identical prod functions
+
+	var jsxs =  jsxWithValidationStatic ;
+
+	reactJsxRuntime_development.Fragment = REACT_FRAGMENT_TYPE;
+	reactJsxRuntime_development.jsx = jsx;
+	reactJsxRuntime_development.jsxs = jsxs;
+	  })();
+	}
+	return reactJsxRuntime_development;
+}
+
+if (process.env.NODE_ENV === 'production') {
+  jsxRuntime.exports = requireReactJsxRuntime_production_min();
+} else {
+  jsxRuntime.exports = requireReactJsxRuntime_development();
+}
+
+var jsxRuntimeExports = jsxRuntime.exports;
+
+/**
+ * @fileoverview React context for providing permission state throughout the component tree.
+ *
+ * Wrap your application (or a sub-tree) with `PermissionProvider` to make
+ * the current user's roles, permissions, and identity available to all
+ * child components via `usePermissionContext()`.
+ *
+ * @module context/PermissionContext
+ */
+
+const PermissionContext = /*#__PURE__*/createContext(/** @type {PermissionContextValue} */{
+  roles: [],
+  permissions: [],
+  user: null,
+  isAuthenticated: false,
+  isLoading: false
+});
+PermissionContext.displayName = 'PermissionContext';
+
+// ─── Provider ─────────────────────────────────────────────────────────────────
+
+/**
+ * Provides permission state to the entire React subtree below it.
+ *
+ * Place this **once** near the root of your application (or around any
+ * subtree that needs access control). Every `BlockRoute`, `PermissionGate`,
+ * and `usePermission` call inside will automatically read from it.
+ *
+ * The provider is **memoized** — it only re-renders children when one of
+ * its props actually changes (roles, permissions, user, isAuthenticated, isLoading).
+ *
+ * @param {PermissionProviderProps} props - See {@link PermissionProviderProps} for full details.
+ * @returns {React.ReactElement}
+ *
+ * @example <caption>Basic setup at app root</caption>
+ * import { PermissionProvider } from 'role-permission-engine';
+ * import { BrowserRouter } from 'react-router-dom';
+ *
+ * function App() {
+ *   const { user } = useAuth(); // your own auth hook
+ *
+ *   return (
+ *     <PermissionProvider
+ *       roles={user?.roles ?? []}           // e.g. ['admin', 'editor']
+ *       permissions={user?.permissions ?? []} // e.g. ['read:users', 'write:posts']
+ *       user={user}                           // raw user object (any shape)
+ *       isAuthenticated={!!user}              // true when signed in
+ *       isLoading={false}                     // set true while fetching session
+ *     >
+ *       <BrowserRouter>
+ *         <AppRoutes />
+ *       </BrowserRouter>
+ *     </PermissionProvider>
+ *   );
+ * }
+ *
+ * @example <caption>With async auth — using isLoading to avoid premature redirects</caption>
+ * import { useState, useEffect } from 'react';
+ *
+ * function App() {
+ *   const [authState, setAuthState] = useState({ user: null, isLoading: true });
+ *
+ *   useEffect(() => {
+ *     fetchCurrentUser()
+ *       .then(user => setAuthState({ user, isLoading: false }))
+ *       .catch(() => setAuthState({ user: null, isLoading: false }));
+ *   }, []);
+ *
+ *   return (
+ *     <PermissionProvider
+ *       roles={authState.user?.roles ?? []}
+ *       permissions={authState.user?.permissions ?? []}
+ *       user={authState.user}
+ *       isAuthenticated={!!authState.user}
+ *       isLoading={authState.isLoading}  // <-- prevents flash of /unauthorized
+ *     >
+ *       <BrowserRouter><AppRoutes /></BrowserRouter>
+ *     </PermissionProvider>
+ *   );
+ * }
+ */
+function PermissionProvider({
+  roles = [],
+  permissions = [],
+  user = null,
+  isAuthenticated = false,
+  isLoading = false,
+  children
+}) {
+  const value = useMemo(() => ({
+    roles,
+    permissions,
+    user,
+    isAuthenticated,
+    isLoading
+  }), [roles, permissions, user, isAuthenticated, isLoading]);
+  return /*#__PURE__*/jsxRuntimeExports.jsx(PermissionContext.Provider, {
+    value: value,
+    children: children
+  });
+}
+
+// ─── Hook ─────────────────────────────────────────────────────────────────────
+
+/**
+ * Hook that returns the raw value from the nearest {@link PermissionProvider}.
+ *
+ * Use this when you need direct access to the user's roles, permissions,
+ * user object, or auth flags — without running an access check.
+ * For running actual permission checks, prefer `usePermission()`.
+ *
+ * @returns {PermissionContextValue}
+ *   An object with the following fields:
+ *
+ *   | Field             | Type        | Description                                    |
+ *   |-------------------|-------------|------------------------------------------------|
+ *   | `roles`           | `string[]`  | The user's current roles                       |
+ *   | `permissions`     | `string[]`  | The user's current permissions                 |
+ *   | `user`            | `object\|null` | The raw user object passed to the provider  |
+ *   | `isAuthenticated` | `boolean`   | Whether the user is signed in                  |
+ *   | `isLoading`       | `boolean`   | Whether auth state is still resolving          |
+ *
+ * @throws {Error}
+ *   Throws if called outside of a `<PermissionProvider>`. Check the tree
+ *   to ensure a provider wraps the component using this hook.
+ *
+ * @example <caption>Read user info for display purposes</caption>
+ * import { usePermissionContext } from 'role-permission-engine';
+ *
+ * function UserBadge() {
+ *   const { user, roles, isAuthenticated, isLoading } = usePermissionContext();
+ *
+ *   if (isLoading) return <span>Loading...</span>;
+ *   if (!isAuthenticated) return <span>Guest</span>;
+ *   return <span>{user?.name} — {roles.join(', ')}</span>;
+ * }
+ *
+ * @example <caption>Conditional render based on auth state</caption>
+ * function NavBar() {
+ *   const { isAuthenticated } = usePermissionContext();
+ *
+ *   return (
+ *     <nav>
+ *       <Logo />
+ *       {isAuthenticated ? <UserMenu /> : <LoginButton />}
+ *     </nav>
+ *   );
+ * }
+ */
+function usePermissionContext() {
+  const ctx = useContext(PermissionContext);
+  if (!ctx) {
+    throw new Error('[role-permission-engine] usePermissionContext must be used inside a <PermissionProvider>.');
+  }
+  return ctx;
+}
+
+/**
+ * @fileoverview Core permission-checking utility functions.
+ *
+ * These are pure, framework-agnostic functions that form the heart of
+ * the role-permission-engine. They have zero side effects and can be
+ * used independently of any React component.
+ *
+ * @module utils/checkPermission
+ */
+
+// ─── Type Definitions ────────────────────────────────────────────────────────
+
+/**
+ * The logical operator used when evaluating multiple roles or permissions.
+ *
+ * - `"any"` – The user must satisfy **at least one** of the required items (OR logic).
+ * - `"all"` – The user must satisfy **every** required item (AND logic).
+ *
+ * @typedef {"any" | "all"} LogicOperator
+ */
+
+/**
+ * A single role string, e.g. `"admin"`, `"editor"`, `"viewer"`.
+ *
+ * @typedef {string} Role
+ */
+
+/**
+ * A single permission string, typically in `"action:resource"` format,
+ * e.g. `"read:users"`, `"write:posts"`, `"delete:*"`.
+ *
+ * @typedef {string} Permission
+ */
+
+/**
+ * The result returned by permission-check functions.
+ *
+ * @typedef {Object} PermissionResult
+ * @property {boolean} allowed  - Whether the user is allowed access.
+ * @property {string}  reason   - A human-readable explanation of the result.
+ */
+
+// ─── Role Checking ────────────────────────────────────────────────────────────
+
+/**
+ * Checks whether a user's roles satisfy the required roles using
+ * the specified logic operator.
+ *
+ * This is a **pure utility** — it accepts any string as a role.
+ * You define what roles mean in your own application. Examples:
+ * `"admin"`, `"manager"`, `"superuser"`, `"read-only"`, `"tenant-owner"`, etc.
+ *
+ * @param {string[]} userRoles
+ *   Array of role strings currently assigned to the user.
+ *   - Comparison is **case-insensitive** and **trims whitespace**.
+ *   - Example: `['Admin', ' editor ']` is treated as `['admin', 'editor']`.
+ *   - Pass an empty array `[]` when the user has no roles.
+ *
+ * @param {string[]} requiredRoles
+ *   Array of role strings required to pass this check.
+ *   - If this array is **empty** (`[]`) or not provided, the check
+ *     is skipped and `allowed: true` is returned immediately.
+ *   - Example: `['admin', 'superuser']`
+ *
+ * @param {"any" | "all"} [logic="any"]
+ *   Controls how multiple `requiredRoles` are evaluated.
+ *
+ *   | Value   | Alias | Behaviour                                           | Example                                      |
+ *   |---------|-------|-----------------------------------------------------|----------------------------------------------|
+ *   | `"any"` | OR    | User needs **at least one** of the required roles   | `required: ['admin','editor']` → admin **or** editor is enough |
+ *   | `"all"` | AND   | User needs **every single** required role           | `required: ['admin','editor']` → must have **both** |
+ *
+ *   **Default:** `"any"` (OR logic).
+ *
+ *   ```js
+ *   // Default — no third argument needed for OR logic
+ *   hasRole(['editor'], ['admin', 'editor']);
+ *   // same as:
+ *   hasRole(['editor'], ['admin', 'editor'], 'any');
+ *   ```
+ *
+ * @returns {PermissionResult}
+ *   `{ allowed: boolean, reason: string }`
+ *
+ * @example <caption>OR logic (default) — user has at least one required role</caption>
+ * hasRole(['editor'], ['admin', 'editor']);
+ * // => { allowed: true, reason: 'User has at least one required role.' }
+ *
+ * @example <caption>OR logic — user has none of the required roles</caption>
+ * hasRole(['viewer'], ['admin', 'editor'], 'any');
+ * // => { allowed: false, reason: 'User does not have any of the required roles: admin, editor' }
+ *
+ * @example <caption>AND logic — user must have every required role</caption>
+ * hasRole(['admin', 'editor'], ['admin', 'editor'], 'all');
+ * // => { allowed: true, reason: 'User has all required roles.' }
+ *
+ * @example <caption>AND logic — user is missing one role</caption>
+ * hasRole(['editor'], ['admin', 'editor'], 'all');
+ * // => { allowed: false, reason: 'User is missing required roles: admin' }
+ *
+ * @example <caption>Empty required roles — always allowed</caption>
+ * hasRole([], []);
+ * // => { allowed: true, reason: 'No roles required — access granted.' }
+ */
+function hasRole(userRoles, requiredRoles, logic = "any") {
+  if (!Array.isArray(requiredRoles) || requiredRoles.length === 0) {
+    return {
+      allowed: true,
+      reason: "No roles required — access granted."
+    };
+  }
+  if (!Array.isArray(userRoles) || userRoles.length === 0) {
+    return {
+      allowed: false,
+      reason: "User has no roles assigned."
+    };
+  }
+  const normalizedUser = userRoles.map(r => r.toLowerCase().trim());
+  const normalizedRequired = requiredRoles.map(r => r.toLowerCase().trim());
+  if (logic === "all") {
+    const missing = normalizedRequired.filter(r => !normalizedUser.includes(r));
+    if (missing.length > 0) {
+      return {
+        allowed: false,
+        reason: `User is missing required roles: ${missing.join(", ")}`
+      };
+    }
+    return {
+      allowed: true,
+      reason: "User has all required roles."
+    };
+  }
+
+  // Default: "any" (OR logic)
+  const matched = normalizedRequired.filter(r => normalizedUser.includes(r));
+  if (matched.length === 0) {
+    return {
+      allowed: false,
+      reason: `User does not have any of the required roles: ${normalizedRequired.join(", ")}`
+    };
+  }
+  return {
+    allowed: true,
+    reason: "User has at least one required role."
+  };
+}
+
+// ─── Permission Checking ──────────────────────────────────────────────────────
+
+/**
+ * Checks whether a user's permissions satisfy the required permissions
+ * using the specified logic operator. Supports wildcard `"*"` permissions.
+ *
+ * This is a **pure utility** — it accepts any string as a permission.
+ * You define what permissions mean in your own application. A common
+ * convention is `"action:resource"` format (e.g. `"read:invoices"`,
+ * `"export:reports"`, `"delete:accounts"`), but any string works.
+ *
+ * **Wildcard rules:**
+ * | User permission | Matches                                      |
+ * |-----------------|----------------------------------------------|
+ * | `"*"`           | Every possible permission — full super-access |
+ * | `"read:*"`      | Any permission starting with `"read:"`        |
+ * | `"write:posts"` | Only `"write:posts"` exactly                 |
+ *
+ * @param {string[]} userPermissions
+ *   Array of permission strings the user currently holds.
+ *   - Comparison is **case-insensitive** and **trims whitespace**.
+ *   - Pass `['*']` to grant superuser access to all checks.
+ *   - Pass an empty array `[]` when the user has no permissions.
+ *
+ * @param {string[]} requiredPermissions
+ *   Array of permission strings required to pass this check.
+ *   - If this array is **empty** (`[]`) or not provided, the check
+ *     is skipped and `allowed: true` is returned immediately.
+ *
+ * @param {"any" | "all"} [logic="any"]
+ *   Controls how multiple `requiredPermissions` are evaluated.
+ *
+ *   | Value   | Alias | Behaviour                                                 | Example                                              |
+ *   |---------|-------|-----------------------------------------------------------|------------------------------------------------------|
+ *   | `"any"` | OR    | User needs **at least one** of the required permissions   | `required: ['read:x','write:x']` → read **or** write is enough |
+ *   | `"all"` | AND   | User needs **every single** required permission           | `required: ['read:x','write:x']` → must have **both** |
+ *
+ *   **Default:** `"any"` (OR logic).
+ *
+ *   ```js
+ *   // Default — OR logic, no third argument needed
+ *   hasPermission(['read:reports'], ['read:reports', 'write:reports']);
+ *   // same as:
+ *   hasPermission(['read:reports'], ['read:reports', 'write:reports'], 'any');
+ *   ```
+ *
+ * @returns {PermissionResult}
+ *   `{ allowed: boolean, reason: string }`
+ *
+ * @example <caption>OR logic (default) — user has one of the required permissions</caption>
+ * hasPermission(['read:invoices'], ['read:invoices', 'write:invoices']);
+ * // => { allowed: true, reason: 'User has at least one required permission.' }
+ *
+ * @example <caption>OR logic — user has none</caption>
+ * hasPermission(['read:posts'], ['write:posts', 'delete:posts'], 'any');
+ * // => { allowed: false, reason: 'User does not have any of the required permissions: ...' }
+ *
+ * @example <caption>AND logic — must have all required permissions</caption>
+ * hasPermission(['read:users', 'write:users'], ['read:users', 'write:users'], 'all');
+ * // => { allowed: true, reason: 'User has all required permissions.' }
+ *
+ * @example <caption>Full wildcard — grants everything</caption>
+ * hasPermission(['*'], ['read:users', 'delete:posts'], 'all');
+ * // => { allowed: true, reason: 'User has wildcard permission (*) — full access granted.' }
+ *
+ * @example <caption>Namespace wildcard — "read:*" satisfies any "read:" permission</caption>
+ * hasPermission(['read:*'], ['read:invoices', 'read:reports'], 'all');
+ * // => { allowed: true, reason: 'User has all required permissions.' }
+ */
+function hasPermission(userPermissions, requiredPermissions, logic = "any") {
+  if (!Array.isArray(requiredPermissions) || requiredPermissions.length === 0) {
+    return {
+      allowed: true,
+      reason: 'No permissions required — access granted.'
+    };
+  }
+  if (!Array.isArray(userPermissions) || userPermissions.length === 0) {
+    return {
+      allowed: false,
+      reason: 'User has no permissions assigned.'
+    };
+  }
+  const normalizedUser = userPermissions.map(p => p.toLowerCase().trim());
+  const normalizedRequired = requiredPermissions.map(p => p.toLowerCase().trim());
+
+  // Full wildcard check
+  if (normalizedUser.includes("*")) {
+    return {
+      allowed: true,
+      reason: "User has wildcard permission (*) — full access granted."
+    };
+  }
+
+  /**
+   * Checks if a single required permission is satisfied by the user's permission set,
+   * including namespace wildcard matching (e.g. "read:*" matches "read:users").
+   *
+   * @param {string} required - The required permission to satisfy.
+   * @returns {boolean} Whether the user satisfies this specific permission.
+   */
+  function isSatisfied(required) {
+    if (normalizedUser.includes(required)) return true;
+
+    // Namespace wildcard: "read:*" should satisfy "read:users"
+    const [requiredNamespace] = required.split(":");
+    return normalizedUser.includes(`${requiredNamespace}:*`);
+  }
+  if (logic === "all") {
+    const missing = normalizedRequired.filter(p => !isSatisfied(p));
+    if (missing.length > 0) {
+      return {
+        allowed: false,
+        reason: `User is missing required permissions: ${missing.join(", ")}`
+      };
+    }
+    return {
+      allowed: true,
+      reason: "User has all required permissions."
+    };
+  }
+
+  // Default: "any" (OR logic)
+  const matched = normalizedRequired.filter(p => isSatisfied(p));
+  if (matched.length === 0) {
+    return {
+      allowed: false,
+      reason: `User does not have any of the required permissions: ${normalizedRequired.join(", ")}`
+    };
+  }
+  return {
+    allowed: true,
+    reason: "User has at least one required permission."
+  };
+}
+
+// ─── Combined Check ───────────────────────────────────────────────────────────
+
+/**
+ * Performs a **combined** role AND permission check in a single call.
+ *
+ * Both the role check and the permission check must independently pass
+ * for `allowed` to be `true`. If a constraint array is empty or not
+ * provided, that constraint is automatically satisfied (open access).
+ *
+ * @param {Object} options
+ *
+ * @param {string[]} [options.userRoles=[]]
+ *   The roles currently held by the user. Any strings are accepted;
+ *   you define what roles mean in your app.
+ *
+ * @param {string[]} [options.userPermissions=[]]
+ *   The permissions currently held by the user. Supports wildcards:
+ *   `"*"` (all access) and `"namespace:*"` (all in namespace).
+ *
+ * @param {string[]} [options.requiredRoles=[]]
+ *   Roles the user must have to pass the role check.
+ *   Pass `[]` (default) to skip the role check entirely.
+ *
+ * @param {string[]} [options.requiredPermissions=[]]
+ *   Permissions the user must have to pass the permission check.
+ *   Pass `[]` (default) to skip the permission check entirely.
+ *
+ * @param {"any" | "all"} [options.roleLogic="any"]
+ *   Controls how `requiredRoles` are evaluated.
+ *
+ *   | Value   | Behaviour                                        | Default? |
+ *   |---------|--------------------------------------------------|----------|
+ *   | `"any"` | User needs **at least one** required role (OR)   | ✅ Yes   |
+ *   | `"all"` | User needs **every** required role (AND)         | No       |
+ *
+ *   ```js
+ *   // 'any' is the default — no need to specify it explicitly for OR logic
+ *   checkAccess({ requiredRoles: ['admin', 'editor'], roleLogic: 'any' });
+ *   ```
+ *
+ * @param {"any" | "all"} [options.permissionLogic="any"]
+ *   Controls how `requiredPermissions` are evaluated.
+ *
+ *   | Value   | Behaviour                                             | Default? |
+ *   |---------|-------------------------------------------------------|----------|
+ *   | `"any"` | User needs **at least one** required permission (OR)  | ✅ Yes   |
+ *   | `"all"` | User needs **every** required permission (AND)        | No       |
+ *
+ *   ```js
+ *   // Require the user to have ALL listed permissions (AND logic)
+ *   checkAccess({
+ *     requiredPermissions: ['read:report', 'export:report'],
+ *     permissionLogic: 'all',
+ *   });
+ *   ```
+ *
+ * @returns {PermissionResult}
+ *   `{ allowed: boolean, reason: string }` — `allowed` is `true` only
+ *   when **both** role and permission checks pass.
+ *
+ * @example <caption>Combined check — OR role logic + OR permission logic (both defaults)</caption>
+ * checkAccess({
+ *   userRoles: ['editor'],
+ *   userPermissions: ['write:posts'],
+ *   requiredRoles: ['editor', 'admin'],      // editor OR admin
+ *   requiredPermissions: ['write:posts'],    // write:posts required
+ * });
+ * // => { allowed: true, reason: 'Access granted.' }
+ *
+ * @example <caption>AND logic for permissions — user must have ALL listed permissions</caption>
+ * checkAccess({
+ *   userRoles: ['manager'],
+ *   userPermissions: ['approve:leaves'],
+ *   requiredRoles: ['manager'],
+ *   requiredPermissions: ['approve:leaves', 'view:team'],
+ *   permissionLogic: 'all',   // must have BOTH permissions
+ * });
+ * // => { allowed: false, reason: 'User is missing required permissions: view:team' }
+ *
+ * @example <caption>No constraints — always allowed</caption>
+ * checkAccess({ userRoles: ['guest'], userPermissions: [] });
+ * // => { allowed: true, reason: 'Access granted.' }
+ */
+function checkAccess({
+  userRoles = [],
+  userPermissions = [],
+  requiredRoles = [],
+  requiredPermissions = [],
+  roleLogic = "any",
+  permissionLogic = "any"
+}) {
+  const roleResult = hasRole(userRoles, requiredRoles, roleLogic);
+  if (!roleResult.allowed) return roleResult;
+  const permResult = hasPermission(userPermissions, requiredPermissions, permissionLogic);
+  if (!permResult.allowed) return permResult;
+  return {
+    allowed: true,
+    reason: "Access granted."
+  };
+}
+
+/**
+ * @fileoverview `usePermission` hook — programmatic permission checking.
+ *
+ * This hook reads the current user's roles and permissions from the nearest
+ * {@link PermissionProvider} and returns whether the user is allowed to
+ * access a given set of roles/permissions.
+ *
+ * @module hooks/usePermission
+ */
+
+
+// ─── Type Definitions ─────────────────────────────────────────────────────────
+
+/**
+ * Options accepted by the `usePermission` hook.
+ *
+ * All fields are optional. Omitting a field (or passing `[]`) skips that
+ * particular check and treats it as automatically satisfied.
+ *
+ * @typedef {Object} UsePermissionOptions
+ *
+ * @property {string[]} [roles=[]]
+ *   Role strings the user must have to be considered "allowed".
+ *   - Any strings are accepted — you define what roles mean in your app.
+ *   - Pass `[]` (default) to skip the role check entirely.
+ *   - Examples: `['admin']`, `['editor', 'manager']`
+ *
+ * @property {string[]} [permissions=[]]
+ *   Permission strings the user must have to be considered "allowed".
+ *   - Supports wildcards: `'*'` (all access), `'read:*'` (all read: perms).
+ *   - Pass `[]` (default) to skip the permission check entirely.
+ *   - Examples: `['write:posts']`, `['read:reports', 'export:reports']`
+ *
+ * @property {"any" | "all"} [roleLogic="any"]
+ *   Controls how multiple `roles` are evaluated.
+ *
+ *   | Value   | Alias | Behaviour                                      | Default? |
+ *   |---------|-------|------------------------------------------------|----------|
+ *   | `"any"` | OR    | User needs **at least one** required role      | ✅ Yes   |
+ *   | `"all"` | AND   | User needs **every** required role             | No       |
+ *
+ *   ```js
+ *   // OR logic (default) — no need to specify 'any' explicitly
+ *   usePermission({ roles: ['admin', 'editor'] });
+ *   // AND logic — user must be BOTH admin AND editor
+ *   usePermission({ roles: ['admin', 'editor'], roleLogic: 'all' });
+ *   ```
+ *
+ * @property {"any" | "all"} [permissionLogic="any"]
+ *   Controls how multiple `permissions` are evaluated.
+ *
+ *   | Value   | Alias | Behaviour                                           | Default? |
+ *   |---------|-------|-----------------------------------------------------|----------|
+ *   | `"any"` | OR    | User needs **at least one** required permission     | ✅ Yes   |
+ *   | `"all"` | AND   | User needs **every** required permission            | No       |
+ *
+ *   ```js
+ *   // AND logic — user must hold ALL listed permissions
+ *   usePermission({
+ *     permissions: ['read:reports', 'export:reports'],
+ *     permissionLogic: 'all',
+ *   });
+ *   ```
+ */
+
+/**
+ * The value returned by the `usePermission` hook.
+ *
+ * @typedef {Object} UsePermissionResult
+ *
+ * | Field             | Type      | Description                                              |
+ * |-------------------|-----------|----------------------------------------------------------|
+ * | `allowed`         | `boolean` | `true` when the user passes all role + permission checks |
+ * | `denied`          | `boolean` | Convenience inverse of `allowed` (`!allowed`)            |
+ * | `isLoading`       | `boolean` | `true` while the auth state is still resolving           |
+ * | `isAuthenticated` | `boolean` | `true` when the user is signed in                        |
+ * | `reason`          | `string`  | Human-readable explanation of the result                 |
+ *
+ * @property {boolean} allowed
+ *   `true` when the user passes all role + permission checks.
+ *   `false` while `isLoading` is `true` (to prevent premature rendering).
+ *
+ * @property {boolean} denied
+ *   Convenience inverse of `allowed`. Equivalent to `!allowed`.
+ *   Useful for inline conditional expressions: `if (denied) return <Forbidden />`.
+ *
+ * @property {boolean} isLoading
+ *   Mirrors `isLoading` from the nearest `PermissionProvider`.
+ *   While `true`, `allowed` is always `false` to prevent a flash of content.
+ *
+ * @property {boolean} isAuthenticated
+ *   Mirrors `isAuthenticated` from the nearest `PermissionProvider`.
+ *
+ * @property {string} reason
+ *   Human-readable explanation of why `allowed` is `true` or `false`.
+ *   Useful for debugging or showing contextual error messages.
+ *   Examples: `'User has at least one required role.'`, `'User is missing required permissions: write:posts'`
+ */
+
+// ─── Hook ─────────────────────────────────────────────────────────────────────
+
+/**
+ * Hook for **programmatic** permission checking inside React components.
+ *
+ * Reads the current user's roles and permissions from the nearest
+ * {@link PermissionProvider}, evaluates them against the provided
+ * requirements, and returns a stable result object that only re-computes
+ * when its inputs change (memoized with `useMemo`).
+ *
+ * Use this hook when you need access-check results in component logic
+ * (conditional rendering, redirects, disabling buttons). For declarative
+ * UI gates, prefer `<PermissionGate>`. For route blocking, prefer `<BlockRoute>`.
+ *
+ * @param {UsePermissionOptions} [options={}]
+ *   The permission requirements to evaluate. See {@link UsePermissionOptions}.
+ *   - Pass `{}` or nothing to get the raw auth state without any checks.
+ *   - All fields default to `[]` / `"any"` (open access).
+ *
+ * @returns {UsePermissionResult} See {@link UsePermissionResult} for the full
+ *   shape. Key fields:
+ *   - `allowed` / `denied` — result of the access check.
+ *   - `isLoading` — `true` while auth resolves (always `allowed: false`).
+ *   - `reason` — human-readable explanation string.
+ *
+ * @example <caption>Basic role check</caption>
+ * import { usePermission } from 'role-permission-engine';
+ *
+ * function DeleteButton() {
+ *   const { allowed } = usePermission({ roles: ['admin'] });
+ *
+ *   // denied is the inverse — both are available for readability
+ *   if (!allowed) return null;
+ *   return <button>Delete</button>;
+ * }
+ *
+ * @example <caption>Combined role + permission with AND logic</caption>
+ * function AdminPanel() {
+ *   const { allowed, isLoading, denied } = usePermission({
+ *     roles: ['admin', 'superadmin'],
+ *     permissions: ['read:users', 'write:users'],
+ *     roleLogic: 'any',       // admin OR superadmin is enough
+ *     permissionLogic: 'all', // must have BOTH read:users AND write:users
+ *   });
+ *
+ *   if (isLoading) return <Spinner />;
+ *   if (denied) return <p>Access denied.</p>;
+ *   return <AdminDashboard />;
+ * }
+ *
+ * @example <caption>Show reason string for debugging</caption>
+ * function SecretPage() {
+ *   const { allowed, isLoading, reason } = usePermission({
+ *     permissions: ['view:secrets'],
+ *   });
+ *
+ *   if (isLoading) return <div>Loading...</div>;
+ *   if (!allowed) return <div title={reason}>Not allowed.</div>;
+ *   return <SecretContent />;
+ * }
+ *
+ * @example <caption>No constraints — read raw auth state</caption>
+ * function NavBar() {
+ *   // Pass nothing to just read isAuthenticated / isLoading
+ *   const { isAuthenticated, isLoading } = usePermission();
+ *
+ *   if (isLoading) return <NavSkeleton />;
+ *   return isAuthenticated ? <UserMenu /> : <LoginButton />;
+ * }
+ */
+function usePermission({
+  roles: requiredRoles = [],
+  permissions: requiredPermissions = [],
+  roleLogic = 'any',
+  permissionLogic = 'any'
+} = {}) {
+  const {
+    roles: userRoles,
+    permissions: userPermissions,
+    isAuthenticated,
+    isLoading
+  } = usePermissionContext();
+  const result = useMemo(() => {
+    // While loading, treat as "not allowed" to avoid premature rendering
+    if (isLoading) {
+      return {
+        allowed: false,
+        reason: 'Auth state is loading.'
+      };
+    }
+
+    // If no requirements, always allow authenticated users
+    const hasRequirements = requiredRoles.length > 0 || requiredPermissions.length > 0;
+    if (!hasRequirements) {
+      return {
+        allowed: true,
+        reason: 'No constraints specified.'
+      };
+    }
+    return checkAccess({
+      userRoles,
+      userPermissions,
+      requiredRoles,
+      requiredPermissions,
+      roleLogic,
+      permissionLogic
+    });
+  }, [userRoles, userPermissions, requiredRoles, requiredPermissions, roleLogic, permissionLogic, isLoading]);
+  return {
+    allowed: result.allowed,
+    denied: !result.allowed,
+    isLoading,
+    isAuthenticated,
+    reason: result.reason
+  };
+}
+
+/**
+ * @fileoverview `BlockRoute` component — role and permission-based route guard.
+ *
+ * `BlockRoute` wraps your application's route content and redirects
+ * unauthorized users to a configurable URL. It is compatible with both
+ * **React Router v5** (using `<Redirect>`) and **React Router v6**
+ * (using `<Navigate>`), auto-detecting which version is installed.
+ *
+ * @module components/BlockRoute
+ */
+
+function RouterRedirect({
+  to,
+  replace = true,
+  state
+}) {
+  try {
+    // Try React Router v6 first
+    // eslint-disable-next-line import/no-extraneous-dependencies
+    const {
+      Navigate
+    } = require('react-router-dom');
+    if (Navigate) {
+      return /*#__PURE__*/jsxRuntimeExports.jsx(Navigate, {
+        to: to,
+        replace: replace,
+        state: state
+      });
+    }
+  } catch (_) {
+    // fall through
+  }
+  try {
+    // Fallback to React Router v5
+    // eslint-disable-next-line import/no-extraneous-dependencies
+    const {
+      Redirect
+    } = require('react-router-dom');
+    if (Redirect) {
+      return /*#__PURE__*/jsxRuntimeExports.jsx(Redirect, {
+        to: {
+          pathname: to,
+          state: state
+        },
+        push: !replace
+      });
+    }
+  } catch (_) {
+    // No react-router-dom installed
+  }
+
+  // Ultimate fallback — cannot redirect, warn the developer
+  if (process.env.NODE_ENV !== 'production') {
+    console.warn('[role-permission-engine] BlockRoute: react-router-dom is not installed or could not be detected. ' + 'Unable to redirect unauthorized user.');
+  }
+  return null;
+}
+
+// ─── Component ────────────────────────────────────────────────────────────────
+
+/**
+ * Route guard component that **blocks** unauthorized users from accessing
+ * a route and **redirects** them to a configurable path.
+ *
+ * `BlockRoute` reads the current user's roles and permissions from the
+ * nearest {@link PermissionProvider} in the tree. It calls {@link usePermission}
+ * internally to run the access check, then:
+ *
+ * - ✅ **Allowed** → renders `children` (the protected page).
+ * - ❌ **Denied**  → redirects to `redirectTo` (default: `"/unauthorized"`).
+ * - ⏳ **Loading** → renders `loadingComponent` (default: `null`).
+ *
+ * **React Router compatibility:**
+ * - **v6** (recommended) — uses `<Navigate>` internally.
+ * - **v5** — uses `<Redirect>` internally.
+ * - Auto-detected at runtime; no configuration needed.
+ *
+ * @param {BlockRouteProps} props - See {@link BlockRouteProps} for full prop reference.
+ * @returns {React.ReactElement|null}
+ *
+ * ---
+ *
+ * @example <caption>React Router v6 — basic role guard</caption>
+ * import { Routes, Route } from 'react-router-dom';
+ * import { BlockRoute } from 'role-permission-engine';
+ *
+ * // Only users whose roles include 'admin' can access /admin.
+ * // All others are sent to /unauthorized.
+ * <Routes>
+ *   <Route
+ *     path="/admin"
+ *     element={
+ *       <BlockRoute roles={['admin']}>
+ *         <AdminPage />
+ *       </BlockRoute>
+ *     }
+ *   />
+ * </Routes>
+ *
+ * @example <caption>React Router v5 — using render prop</caption>
+ * import { Switch, Route } from 'react-router-dom'; // v5
+ *
+ * <Switch>
+ *   <Route
+ *     path="/admin"
+ *     render={() => (
+ *       <BlockRoute roles={['admin']} redirectTo="/login">
+ *         <AdminPage />
+ *       </BlockRoute>
+ *     )}
+ *   />
+ * </Switch>
+ *
+ * @example <caption>AND permission logic — user must have ALL permissions</caption>
+ * <BlockRoute
+ *   permissions={['read:reports', 'export:reports']}
+ *   permissionLogic="all"
+ *   redirectTo="/access-denied"
+ * >
+ *   <ReportsPage />
+ * </BlockRoute>
+ *
+ * @example <caption>Combined roles + permissions with a loading spinner</caption>
+ * <BlockRoute
+ *   roles={['editor', 'admin']}
+ *   roleLogic="any"
+ *   permissions={['write:posts']}
+ *   redirectTo="/unauthorized"
+ *   loadingComponent={<FullScreenSpinner />}
+ * >
+ *   <EditPostPage />
+ * </BlockRoute>
+ *
+ * @example <caption>Preserve "from" location for post-login redirect (v6)</caption>
+ * import { useLocation } from 'react-router-dom';
+ *
+ * // After the user logs in, read location.state.from and redirect back.
+ * function AuthRequired({ children }) {
+ *   const location = useLocation();
+ *   return (
+ *     <BlockRoute
+ *       roles={['user']}
+ *       redirectTo="/login"
+ *       state={{ from: location }}
+ *     >
+ *       {children}
+ *     </BlockRoute>
+ *   );
+ * }
+ */
+function BlockRoute({
+  children,
+  roles = [],
+  permissions = [],
+  roleLogic = 'any',
+  permissionLogic = 'any',
+  redirectTo = '/unauthorized',
+  loadingComponent = null,
+  replace = true,
+  state
+}) {
+  const {
+    allowed,
+    isLoading
+  } = usePermission({
+    roles,
+    permissions,
+    roleLogic,
+    permissionLogic
+  });
+
+  // While auth is resolving, render the loading component (or null)
+  if (isLoading) {
+    return loadingComponent || null;
+  }
+
+  // Access denied — redirect
+  if (!allowed) {
+    return /*#__PURE__*/jsxRuntimeExports.jsx(RouterRedirect, {
+      to: redirectTo,
+      replace: replace,
+      state: state
+    });
+  }
+
+  // Access granted — render children
+  return children;
+}
+
+/**
+ * @fileoverview `PermissionGate` component — inline conditional rendering.
+ *
+ * Unlike `BlockRoute` (which redirects), `PermissionGate` simply shows or
+ * hides its `children` based on the user's roles/permissions. Use it for
+ * buttons, menu items, sections, or any UI element that should only be
+ * visible to certain users.
+ *
+ * @module components/PermissionGate
+ */
+
+
+// ─── Type Definitions ─────────────────────────────────────────────────────────
+
+/**
+ * Props accepted by the `PermissionGate` component.
+ *
+ * @typedef {Object} PermissionGateProps
+ *
+ * @property {React.ReactNode} children
+ *   **Required.** Content shown when access is **granted** (or when `negate=true`
+ *   and access is **denied**). Can be any renderable React node.
+ *
+ * @property {string[]} [roles=[]]
+ *   Role strings the user must have for the gate to open.
+ *   - Any strings are accepted — you define what roles mean in your app.
+ *   - Pass `[]` (default) to skip the role check entirely.
+ *   - Examples: `['admin']`, `['editor', 'manager']`
+ *
+ * @property {string[]} [permissions=[]]
+ *   Permission strings the user must have for the gate to open.
+ *   - Supports wildcards: `'*'` (all access), `'read:*'` (all read: perms).
+ *   - Pass `[]` (default) to skip the permission check entirely.
+ *   - Examples: `['write:posts']`, `['read:reports', 'export:reports']`
+ *
+ * @property {"any" | "all"} [roleLogic="any"]
+ *   Controls how multiple `roles` are evaluated.
+ *
+ *   | Value   | Alias | Behaviour                                      | Default? |
+ *   |---------|-------|------------------------------------------------|----------|
+ *   | `"any"` | OR    | User needs **at least one** required role      | ✅ Yes   |
+ *   | `"all"` | AND   | User needs **every** required role             | No       |
+ *
+ *   ```jsx
+ *   // OR logic (default) — admin OR editor can see the content
+ *   <PermissionGate roles={['admin', 'editor']}>
+ *
+ *   // AND logic — user must be BOTH admin AND editor
+ *   <PermissionGate roles={['admin', 'editor']} roleLogic="all">
+ *   ```
+ *
+ * @property {"any" | "all"} [permissionLogic="any"]
+ *   Controls how multiple `permissions` are evaluated.
+ *
+ *   | Value   | Alias | Behaviour                                           | Default? |
+ *   |---------|-------|-----------------------------------------------------|----------|
+ *   | `"any"` | OR    | User needs **at least one** required permission     | ✅ Yes   |
+ *   | `"all"` | AND   | User needs **every** required permission            | No       |
+ *
+ *   ```jsx
+ *   // AND logic — must have ALL listed permissions to see the content
+ *   <PermissionGate
+ *     permissions={['read:reports', 'export:reports']}
+ *     permissionLogic="all"
+ *   >
+ *   ```
+ *
+ * @property {React.ReactNode} [fallback=null]
+ *   What to render when access is **denied** (and `negate=false`).
+ *   - Default: `null` — renders nothing when the user lacks access.
+ *   - Use this to show a disabled state, a tooltip, or an upgrade prompt.
+ *   - Example: `fallback={<span className="disabled">No access</span>}`
+ *
+ * @property {React.ReactNode} [loadingComponent=null]
+ *   What to render while the auth state is being resolved (`isLoading=true`).
+ *   - Default: `null` — renders nothing during loading.
+ *   - Use a skeleton or spinner to avoid a flash of missing content.
+ *   - Example: `loadingComponent={<Skeleton />}`
+ *
+ * @property {boolean} [negate=false]
+ *   **Inverts** the access check result.
+ *
+ *   | Value   | Renders `children` when…                         | Default? |
+ *   |---------|--------------------------------------------------|----------|
+ *   | `false` | User **has** the required roles / permissions    | ✅ Yes   |
+ *   | `true`  | User **does NOT have** the roles / permissions   | No       |
+ *
+ *   Common use-cases for `negate`:
+ *   - Show a **Login button** only to unauthenticated users.
+ *   - Show a **"Free plan" banner** only to users without a `premium` role.
+ *
+ *   ```jsx
+ *   // Show upgrade prompt ONLY to users who do NOT have the 'premium' role
+ *   <PermissionGate roles={['premium']} negate>
+ *     <UpgradeBanner />
+ *   </PermissionGate>
+ *   ```
+ */
+
+// ─── Component ────────────────────────────────────────────────────────────────
+
+/**
+ * Conditionally **shows or hides** content based on the current user's
+ * roles and permissions — without ever redirecting.
+ *
+ * `PermissionGate` reads auth state from the nearest {@link PermissionProvider}
+ * and uses {@link usePermission} internally. Depending on the result:
+ *
+ * - ✅ **Allowed** → renders `children`.
+ * - ❌ **Denied**  → renders `fallback` (default: `null`, i.e. nothing).
+ * - ⏳ **Loading** → renders `loadingComponent` (default: `null`).
+ * - 🔄 **Negated** (`negate=true`) → swaps allowed ↔ denied before rendering.
+ *
+ * Unlike {@link BlockRoute}, this component **never redirects** the user.
+ * Use it for inline UI elements: buttons, menu items, banners, panels, etc.
+ *
+ * @param {PermissionGateProps} props - See {@link PermissionGateProps} for full prop reference.
+ * @returns {React.ReactElement|null}
+ *
+ * ---
+ *
+ * @example <caption>Basic role gate — hide element from non-admins</caption>
+ * // The delete button is invisible to anyone who is not an admin.
+ * // No fallback = renders nothing when denied.
+ * <PermissionGate roles={['admin']}>
+ *   <button onClick={handleDelete}>Delete User</button>
+ * </PermissionGate>
+ *
+ * @example <caption>With fallback — show read-only state to non-editors</caption>
+ * <PermissionGate
+ *   permissions={['write:posts']}
+ *   fallback={<span className="badge">Read-only</span>}
+ * >
+ *   <EditToolbar />
+ * </PermissionGate>
+ *
+ * @example <caption>negate — show content ONLY to users who lack the role</caption>
+ * // LoginButton is shown to guests (users who do NOT have 'user' or 'admin' role).
+ * <PermissionGate roles={['user', 'admin']} negate>
+ *   <LoginButton />
+ * </PermissionGate>
+ *
+ * @example <caption>AND permission logic — user must have ALL listed permissions</caption>
+ * <PermissionGate
+ *   roles={['manager']}
+ *   permissions={['approve:leaves', 'view:team']}
+ *   permissionLogic="all"
+ *   fallback={<p>Insufficient privileges.</p>}
+ * >
+ *   <TeamManagementPanel />
+ * </PermissionGate>
+ *
+ * @example <caption>Loading state — show skeleton while auth resolves</caption>
+ * <PermissionGate
+ *   permissions={['read:dashboard']}
+ *   loadingComponent={<DashboardSkeleton />}
+ * >
+ *   <Dashboard />
+ * </PermissionGate>
+ */
+function PermissionGate({
+  children,
+  roles = [],
+  permissions = [],
+  roleLogic = 'any',
+  permissionLogic = 'any',
+  fallback = null,
+  loadingComponent = null,
+  negate = false
+}) {
+  const {
+    allowed,
+    isLoading
+  } = usePermission({
+    roles,
+    permissions,
+    roleLogic,
+    permissionLogic
+  });
+  if (isLoading) {
+    return loadingComponent || null;
+  }
+
+  // Apply negation if requested
+  const shouldRender = negate ? !allowed : allowed;
+  return shouldRender ? children : fallback;
+}
+
+/**
+ * @fileoverview `withPermission` Higher Order Component (HOC).
+ *
+ * Wraps any React component with a permission gate, redirecting or hiding
+ * the component based on the current user's roles and permissions.
+ *
+ * Use `withPermission` when you prefer the HOC pattern over JSX composition,
+ * or when wrapping class-based components that cannot use hooks directly.
+ *
+ * @module components/withPermission
+ */
+
+function withPermission(WrappedComponent, options = {}) {
+  const {
+    roles = [],
+    permissions = [],
+    roleLogic = 'any',
+    permissionLogic = 'any',
+    fallback = null,
+    loadingComponent = null,
+    negate = false
+  } = options;
+
+  /**
+   * The inner component produced by `withPermission`.
+   *
+   * @param {object} props - All props are forwarded to `WrappedComponent`.
+   * @returns {React.ReactElement|null}
+   */
+  function WithPermissionWrapper(props) {
+    const {
+      allowed,
+      isLoading
+    } = usePermission({
+      roles,
+      permissions,
+      roleLogic,
+      permissionLogic
+    });
+    if (isLoading) {
+      return loadingComponent || null;
+    }
+    const shouldRender = negate ? !allowed : allowed;
+    if (!shouldRender) {
+      return fallback || null;
+    }
+    return /*#__PURE__*/jsxRuntimeExports.jsx(WrappedComponent, {
+      ...props
+    });
+  }
+
+  // Preserve a meaningful display name for React DevTools
+  WithPermissionWrapper.displayName = `withPermission(${WrappedComponent.displayName || WrappedComponent.name || 'Component'})`;
+  return WithPermissionWrapper;
+}
+
+export { BlockRoute, PermissionGate, PermissionProvider, checkAccess, hasPermission, hasRole, usePermission, usePermissionContext, withPermission };
+//# sourceMappingURL=index.esm.js.map