spine-framework 0.3.87 → 0.3.90

package/.framework/src/App.tsx

@@ -1,5 +1,5 @@
-import { Suspense, lazy } from 'react'
-import { Routes, Route, Navigate } from 'react-router-dom'
+import { Suspense, lazy, useEffect } from 'react'
+import { Routes, Route, Navigate, useNavigate, useLocation } from 'react-router-dom'
 import { useAuth } from './contexts/AuthContext'
 import { LoadingSpinner } from './components/ui/LoadingSpinner'
 import { LoginPage } from './pages/auth/LoginPage'
@@ -53,7 +53,25 @@ function App() {
 }
 
 function AuthenticatedRouter() {
+  const { user } = useAuth()
   const { routableApps: apps, loading } = useAppsRegistry()
+  const navigate = useNavigate()
+  const location = useLocation()
+
+  // Where to send an already-authenticated user who lands on /login or /register.
+  // System admins go to the framework admin namespace; everyone else goes to the
+  // first app they are allowed to access (routableApps is already role-filtered).
+  const defaultRedirect = user?.roles?.includes('system_admin')
+    ? '/spine-framework/admin'
+    : (apps[0]?.route_prefix || '/')
+
+  // Redirect away from auth pages once apps have loaded.
+  // This fires reliably after loading completes, regardless of render timing.
+  useEffect(() => {
+    if (!loading && ['/login', '/register'].includes(location.pathname)) {
+      navigate(defaultRedirect, { replace: true })
+    }
+  }, [loading, location.pathname, defaultRedirect, navigate])
 
   if (loading) {
     return (
@@ -77,6 +95,9 @@ function AuthenticatedRouter() {
       return (b.route_prefix?.length || 0) - (a.route_prefix?.length || 0)
     })
 
+  // Build a valid route path: prefix "/" must become "/*", not "//*"
+  const toRoutePath = (prefix: string) => prefix === '/' ? '/*' : `${prefix}/*`
+
   return (
     <Suspense fallback={<div className="min-h-screen flex items-center justify-center"><LoadingSpinner /></div>}>
       <Routes>
@@ -85,8 +106,8 @@ function AuthenticatedRouter() {
         <Route path="/spine-framework/api" element={<APIPage />} />
         <Route path="/spine-framework/cli" element={<CLIPage />} />
 
-        {/* Auth routes for already-authenticated users (LoginPage handles redirect) */}
-        <Route path="/login" element={<LoginPage />} />
+        {/* Auth routes: redirect handled by useEffect above, but keep as fallback */}
+        <Route path="/login" element={<Navigate to={defaultRedirect} replace />} />
         <Route path="/register" element={<RegisterPage />} />
 
         {/* Dynamic app routes — no framework opinions about / or /dashboard */}
@@ -97,7 +118,7 @@ function AuthenticatedRouter() {
             return (
               <Route
                 key={app.slug}
-                path={`${prefix}/*`}
+                path={toRoutePath(prefix)}
                 element={
                   <AppWrapper app={app}>
                     <CustomAppLoader slug={app.slug} />
@@ -111,7 +132,7 @@ function AuthenticatedRouter() {
             return (
               <Route
                 key={app.slug}
-                path={`${prefix}/*`}
+                path={toRoutePath(prefix)}
                 element={
                   <AppWrapper app={app}>
                     <GenericAppShell app={app} />

package/.framework/src/contexts/AppContext.tsx

@@ -116,10 +116,11 @@ export function AppsRegistryProvider({ children }: AppsRegistryProviderProps) {
     }
   }
 
-  // Fetch once when user changes (login/logout), not on every render
+  // Fetch when user identity or roles change (roles may update after registration)
+  const rolesKey = user?.roles?.join(',') || ''
   useEffect(() => {
     fetchApps()
-  }, [user?.id, user?.account_id])
+  }, [user?.id, user?.account_id, rolesKey])
 
   const routableApps = apps.filter(
     app => app.route_prefix != null && app.renderer !== 'none'

package/.framework/src/contexts/AuthContext.tsx

@@ -269,9 +269,20 @@ export function AuthProvider({ children }: AuthProviderProps) {
     // Check initial auth state
     const checkAuth = async () => {
       try {
-        // Early exit if user is already loaded
+        // If user is loaded from sessionStorage, skip the loading state but
+        // still refresh context in the background to pick up role changes
         if (user) {
-          console.log('User already loaded, skipping auth check:', user.id)
+          console.log('User already loaded, refreshing context in background:', user.id)
+          const { data: { session } } = await supabase.auth.getSession()
+          if (session?.user) {
+            const userContext = await fetchUserContext()
+            if (userContext) {
+              setUserWithStorage(userContext)
+              setAccountId(userContext.account_id)
+            }
+          }
+          setIsLoading(false)
+          console.log('Auth check completed, loading set to false')
           return
         }
         

package/.framework/src/pages/auth/RegisterPage.tsx

@@ -34,6 +34,7 @@
 import React, { useState, useEffect, useCallback } from 'react'
 import { Link, useNavigate, useSearchParams } from 'react-router-dom'
 import { LoadingSpinner } from '../../components/ui/LoadingSpinner'
+import { useAuth } from '../../contexts/AuthContext'
 import { supabase } from '../../lib/supabase'
 
 // ─── TYPES ────────────────────────────────────────────────────────────────────
@@ -132,6 +133,7 @@ function getPostRegistrationRedirect(
 export function RegisterPage() {
   const [searchParams] = useSearchParams()
   const navigate = useNavigate()
+  const { refreshUser } = useAuth()
   const inviteToken = searchParams.get('t')
 
   // Registration config
@@ -342,6 +344,10 @@ export function RegisterPage() {
         return
       }
 
+      // Re-fetch user context so roles are populated (complete-registration
+      // sets role_id, but the initial auth fetch may have raced ahead of it)
+      await refreshUser()
+
       // Navigate to configured post-registration destination
       const redirectPath = getPostRegistrationRedirect(regConfig, searchParams, false)
       navigate(redirectPath, { replace: true })

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "spine-framework",
-  "version": "0.3.87",
+  "version": "0.3.90",
   "description": "Multi-tenant, modular application platform for modern SaaS systems",
   "type": "module",
   "bin": {
@@ -84,9 +84,6 @@
     "docs": "typedoc --entryPoints .framework/functions/_shared/index.ts --out docs/generated"
   },
   "dependencies": {
-    "tsx": "^4.21.0",
-    "ws": "^8.18.0",
-    "pg": "^8.13.0",
     "@base-ui/react": "^1.4.1",
     "@fontsource-variable/inter": "^5.2.8",
     "@heroicons/react": "^2.2.0",
@@ -138,6 +135,7 @@
     "marked": "^17.0.3",
     "mermaid": "^11.12.3",
     "next-themes": "^0.4.6",
+    "pg": "^8.13.0",
     "radix-ui": "^1.4.3",
     "react": "^18.3.1",
     "react-day-picker": "^10.0.0",
@@ -155,11 +153,14 @@
     "remark-gfm": "^4.0.1",
     "shadcn": "^4.7.0",
     "sonner": "^2.0.7",
+    "spine-framework-cortex": "^0.2.12",
     "tailwind-merge": "^3.5.0",
     "tailwindcss-animate": "^1.0.7",
     "tiptap-markdown": "^0.9.0",
+    "tsx": "^4.21.0",
     "tw-animate-css": "^1.4.0",
-    "vaul": "^1.1.2"
+    "vaul": "^1.1.2",
+    "ws": "^8.18.0"
   },
   "devDependencies": {
     "@netlify/functions": "^2.8.2",

package/spine.config.json

@@ -6,14 +6,19 @@
     "allow_url_override": true,
     "apps": {
       "portal": {
-        "roles": ["member"],
+        "roles": [
+          "member"
+        ],
         "default_role": "member",
         "path": "/portal",
         "enabled": true,
         "account_strategy": "new"
       },
       "cortex": {
-        "roles": ["support", "support_admin"],
+        "roles": [
+          "support",
+          "support_admin"
+        ],
         "default_role": "support",
         "path": "/cortex",
         "enabled": true,