src/contexts/AuthContext.tsx

import { createContext, useContext, useState, useEffect, useCallback, ReactNode } from 'react';
import { useNavigate } from 'react-router-dom';
import { api, User, ApiError, tokenManager, MfaComplianceSummary } from '@/lib/api';

interface LoginResult {
  requiresTotp: boolean;
  requiresWebAuthn: boolean;
  requiresMfaEnrollment?: boolean;
}

interface AuthContextType {
  user: User | null;
  isLoading: boolean;
  isAuthenticated: boolean;
  isOrgAdmin: boolean;
  isOrgMember: boolean;
  mfaCompliance: MfaComplianceSummary | null;
  requiresMfaEnrollment: boolean;
  login: (email: string, password: string, rememberMe?: boolean, skipNavigate?: boolean) => Promise<LoginResult>;
  verifyTotp: (code: string, isBackupCode?: boolean, skipNavigate?: boolean) => Promise<void>;
  verifyWebAuthn: () => Promise<void>;
  logout: () => Promise<void>;
  refreshUser: () => Promise<void>;
  refreshCompliance: () => Promise<void>;
}

const AuthContext = createContext<AuthContextType | null>(null);

// LocalStorage key for MFA compliance persistence
const MFA_COMPLIANCE_KEY = 'gatehouse_mfa_compliance';

// Helper to persist MFA compliance to localStorage
function persistMfaCompliance(compliance: MfaComplianceSummary | null): void {
  if (compliance) {
    localStorage.setItem(MFA_COMPLIANCE_KEY, JSON.stringify(compliance));
  } else {
    localStorage.removeItem(MFA_COMPLIANCE_KEY);
  }
}

// Helper to load MFA compliance from localStorage
function loadMfaCompliance(): MfaComplianceSummary | null {
  try {
    const stored = localStorage.getItem(MFA_COMPLIANCE_KEY);
    if (!stored) return null;

    const parsed = JSON.parse(stored);

    // Handle both direct format and legacy double-nested format
    // Legacy format: { mfa_compliance: { ... } }
    // Current format: { ... }
    let compliance: Record<string, unknown>;
    if (parsed.mfa_compliance && typeof parsed.mfa_compliance === 'object') {
      compliance = parsed.mfa_compliance as Record<string, unknown>;
    } else {
      compliance = parsed;
    }

    // Validate that the stored data has the required fields
    if (!compliance || typeof compliance !== 'object') return null;
    if (!Array.isArray(compliance.orgs)) return null;

    // Check if at least one org has effective_mode (new field from API)
    // If not, treat as stale data and return null to fetch fresh data
    const hasEffectiveMode = compliance.orgs.some((org: Record<string, unknown>) =>
      typeof org.effective_mode === 'string'
    );
    if (!hasEffectiveMode) return null;

    return compliance as unknown as MfaComplianceSummary;
  } catch {
    return null;
  }
}

export function AuthProvider({ children }: { children: ReactNode }) {
  const [user, setUser] = useState<User | null>(null);
  const [isOrgAdmin, setIsOrgAdmin] = useState(false);
  const [isOrgMember, setIsOrgMember] = useState(false);
  const [mfaCompliance, setMfaCompliance] = useState<MfaComplianceSummary | null>(loadMfaCompliance);
  const [requiresMfaEnrollment, setRequiresMfaEnrollment] = useState(false);
  const [isLoading, setIsLoading] = useState(true);
  const navigate = useNavigate();

  // Helper to check if user is admin/owner in any org
  const checkOrgAdmin = useCallback(async () => {
    try {
      const data = await api.users.organizations();
      const admin = data.organizations.some(
        (org) => org.role === 'owner' || org.role === 'admin'
      );
      setIsOrgAdmin(admin);
      setIsOrgMember(data.organizations.length > 0);
    } catch {
      setIsOrgAdmin(false);
      setIsOrgMember(false);
    }
  }, []);

  const refreshCompliance = useCallback(async () => {
    try {
      const compliance = await api.policies.getMyCompliance();
      setMfaCompliance(compliance);
      persistMfaCompliance(compliance);
      
      // Check if user is now compliant
      if (compliance.overall_status === 'compliant' && requiresMfaEnrollment) {
        setRequiresMfaEnrollment(false);
        navigate('/profile');
      }
    } catch (error) {
      console.error('[AuthContext] Failed to refresh compliance:', error);
    }
  }, [requiresMfaEnrollment, navigate]);

  const refreshUser = useCallback(async () => {
    try {
      const response = await api.users.me();
      setUser(response.user);
    } catch (error) {
      if (error instanceof ApiError && error.code === 401) {
        setUser(null);
        setMfaCompliance(null);
        persistMfaCompliance(null);
        setRequiresMfaEnrollment(false);
      }
      // Silently fail for other errors during refresh
    }
  }, []);

  // Check for existing token on mount
  useEffect(() => {
    const checkAuth = async () => {
      // Only attempt to fetch user if we have a valid token
      if (!tokenManager.hasValidToken()) {
        setUser(null);
        setMfaCompliance(null);
        persistMfaCompliance(null);
        setRequiresMfaEnrollment(false);
        setIsLoading(false);
        return;
      }

      try {
        const response = await api.users.me();
        setUser(response.user);
        
        // Also fetch compliance status and org role
        try {
          const compliance = await api.policies.getMyCompliance();
          setMfaCompliance(compliance);
          persistMfaCompliance(compliance);
          setRequiresMfaEnrollment(compliance.overall_status === 'suspended');
        } catch {
          // Compliance fetch failed, continue without it
          setMfaCompliance(null);
          persistMfaCompliance(null);
        }
        // Check org admin status
        await checkOrgAdmin();
      } catch {
        setUser(null);
        setIsOrgAdmin(false);
        setIsOrgMember(false);
        setMfaCompliance(null);
        persistMfaCompliance(null);
        setRequiresMfaEnrollment(false);
      } finally {
        setIsLoading(false);
      }
    };

    checkAuth();
  }, []);

  const login = useCallback(async (email: string, password: string, rememberMe = false, skipNavigate = false): Promise<LoginResult> => {
    const response = await api.auth.login(email, password, rememberMe);

    // If WebAuthn is required, don't set user yet - wait for WebAuthn verification
    if (response.requires_webauthn) {
      return { requiresTotp: false, requiresWebAuthn: true };
    }

    // If TOTP is required, don't set user yet - wait for TOTP verification
    if (response.requires_totp) {
      return { requiresTotp: true, requiresWebAuthn: false };
    }

    // If MFA enrollment is required (past deadline), set compliance state
    if (response.requires_mfa_enrollment) {
      if (response.token) {
        tokenManager.setToken(response.token, response.expires_at ?? null);
      }
      if (response.user) {
        setUser(response.user);
      }
      if (response.mfa_compliance) {
        setMfaCompliance(response.mfa_compliance);
        persistMfaCompliance(response.mfa_compliance);
      }
      setRequiresMfaEnrollment(true);
      return { requiresTotp: false, requiresWebAuthn: false, requiresMfaEnrollment: true };
    }

    if (response.token) {
      tokenManager.setToken(response.token, response.expires_at ?? null);
    }

    if (response.user) {
      setUser(response.user);
      if (response.mfa_compliance) {
        setMfaCompliance(response.mfa_compliance);
        persistMfaCompliance(response.mfa_compliance);
      }
      setRequiresMfaEnrollment(false);
      await checkOrgAdmin();
      if (!skipNavigate) {
        navigate('/profile');
      }
    }
    return { requiresTotp: false, requiresWebAuthn: false };
  }, [navigate, checkOrgAdmin]);

  const verifyWebAuthn = useCallback(async () => {
    // WebAuthn verification is handled directly in the LoginPage component
  }, []);

  const verifyTotp = useCallback(async (code: string, isBackupCode = false, skipNavigate = false) => {
    const response = await api.totp.verify(code, isBackupCode);
    
    if (response.token) {
      tokenManager.setToken(response.token, response.expires_at ?? null);
    }
    
    setUser(response.user);
    
    try {
      const compliance = await api.policies.getMyCompliance();
      setMfaCompliance(compliance);
      persistMfaCompliance(compliance);
      setRequiresMfaEnrollment(compliance.overall_status === 'suspended');
    } catch {
      setMfaCompliance(null);
      persistMfaCompliance(null);
    }
    
    await checkOrgAdmin();
    if (!skipNavigate) {
      navigate('/profile');
    }
  }, [navigate, checkOrgAdmin]);

  const logout = useCallback(async () => {
    try {
      await api.auth.logout();
    } finally {
      setUser(null);
      setIsOrgAdmin(false);
      setIsOrgMember(false);
      setMfaCompliance(null);
      persistMfaCompliance(null);
      setRequiresMfaEnrollment(false);
      navigate('/login');
    }
  }, [navigate]);

  return (
    <AuthContext.Provider
      value={{
        user,
        isLoading,
        isAuthenticated: !!user,
        isOrgAdmin,
        isOrgMember,
        mfaCompliance,
        requiresMfaEnrollment,
        login,
        verifyTotp,
        verifyWebAuthn,
        logout,
        refreshUser,
        refreshCompliance,
      }}
    >
      {children}
    </AuthContext.Provider>
  );
}

export function useAuth() {
  const context = useContext(AuthContext);
  if (!context) {
    throw new Error('useAuth must be used within an AuthProvider');
  }
  return context;
}
Changes 2026-01-06 15:33:03 +00:00			`import { createContext, useContext, useState, useEffect, useCallback, ReactNode } from 'react';`
			`import { useNavigate } from 'react-router-dom';`
enabled policies 2026-01-16 17:31:25 +10:30			`import { api, User, ApiError, tokenManager, MfaComplianceSummary } from '@/lib/api';`
Changes 2026-01-06 15:33:03 +00:00
Changes 2026-01-14 07:21:55 +00:00			`interface LoginResult {`
			`requiresTotp: boolean;`
Force mfa if enabled at login 2026-01-16 17:50:56 +10:30			`requiresWebAuthn: boolean;`
enabled policies 2026-01-16 17:31:25 +10:30			`requiresMfaEnrollment?: boolean;`
Changes 2026-01-14 07:21:55 +00:00			`}`

Changes 2026-01-06 15:33:03 +00:00			`interface AuthContextType {`
			`user: User \| null;`
			`isLoading: boolean;`
			`isAuthenticated: boolean;`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`isOrgAdmin: boolean;`
			`isOrgMember: boolean;`
enabled policies 2026-01-16 17:31:25 +10:30			`mfaCompliance: MfaComplianceSummary \| null;`
			`requiresMfaEnrollment: boolean;`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`login: (email: string, password: string, rememberMe?: boolean, skipNavigate?: boolean) => Promise<LoginResult>;`
			`verifyTotp: (code: string, isBackupCode?: boolean, skipNavigate?: boolean) => Promise<void>;`
Force mfa if enabled at login 2026-01-16 17:50:56 +10:30			`verifyWebAuthn: () => Promise<void>;`
Changes 2026-01-06 15:33:03 +00:00			`logout: () => Promise<void>;`
			`refreshUser: () => Promise<void>;`
enabled policies 2026-01-16 17:31:25 +10:30			`refreshCompliance: () => Promise<void>;`
Changes 2026-01-06 15:33:03 +00:00			`}`

			`const AuthContext = createContext<AuthContextType \| null>(null);`

enabled policies 2026-01-16 17:31:25 +10:30			`// LocalStorage key for MFA compliance persistence`
			`const MFA_COMPLIANCE_KEY = 'gatehouse_mfa_compliance';`

			`// Helper to persist MFA compliance to localStorage`
			`function persistMfaCompliance(compliance: MfaComplianceSummary \| null): void {`
			`if (compliance) {`
			`localStorage.setItem(MFA_COMPLIANCE_KEY, JSON.stringify(compliance));`
			`} else {`
			`localStorage.removeItem(MFA_COMPLIANCE_KEY);`
			`}`
			`}`

			`// Helper to load MFA compliance from localStorage`
			`function loadMfaCompliance(): MfaComplianceSummary \| null {`
			`try {`
			`const stored = localStorage.getItem(MFA_COMPLIANCE_KEY);`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`if (!stored) return null;`

Force mfa if enabled at login 2026-01-16 17:50:56 +10:30			`const parsed = JSON.parse(stored);`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45
Force mfa if enabled at login 2026-01-16 17:50:56 +10:30			`// Handle both direct format and legacy double-nested format`
			`// Legacy format: { mfa_compliance: { ... } }`
			`// Current format: { ... }`
			`let compliance: Record<string, unknown>;`
			`if (parsed.mfa_compliance && typeof parsed.mfa_compliance === 'object') {`
			`compliance = parsed.mfa_compliance as Record<string, unknown>;`
			`} else {`
			`compliance = parsed;`
			`}`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45
enabled policies 2026-01-16 17:31:25 +10:30			`// Validate that the stored data has the required fields`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`if (!compliance \|\| typeof compliance !== 'object') return null;`
			`if (!Array.isArray(compliance.orgs)) return null;`

enabled policies 2026-01-16 17:31:25 +10:30			`// Check if at least one org has effective_mode (new field from API)`
			`// If not, treat as stale data and return null to fetch fresh data`
			`const hasEffectiveMode = compliance.orgs.some((org: Record<string, unknown>) =>`
			`typeof org.effective_mode === 'string'`
			`);`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`if (!hasEffectiveMode) return null;`

Force mfa if enabled at login 2026-01-16 17:50:56 +10:30			`return compliance as unknown as MfaComplianceSummary;`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`} catch {`
enabled policies 2026-01-16 17:31:25 +10:30			`return null;`
			`}`
			`}`

Changes 2026-01-06 15:33:03 +00:00			`export function AuthProvider({ children }: { children: ReactNode }) {`
			`const [user, setUser] = useState<User \| null>(null);`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`const [isOrgAdmin, setIsOrgAdmin] = useState(false);`
			`const [isOrgMember, setIsOrgMember] = useState(false);`
enabled policies 2026-01-16 17:31:25 +10:30			`const [mfaCompliance, setMfaCompliance] = useState<MfaComplianceSummary \| null>(loadMfaCompliance);`
			`const [requiresMfaEnrollment, setRequiresMfaEnrollment] = useState(false);`
Changes 2026-01-06 15:33:03 +00:00			`const [isLoading, setIsLoading] = useState(true);`
			`const navigate = useNavigate();`

Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`// Helper to check if user is admin/owner in any org`
			`const checkOrgAdmin = useCallback(async () => {`
			`try {`
			`const data = await api.users.organizations();`
			`const admin = data.organizations.some(`
			`(org) => org.role === 'owner' \|\| org.role === 'admin'`
			`);`
			`setIsOrgAdmin(admin);`
			`setIsOrgMember(data.organizations.length > 0);`
			`} catch {`
			`setIsOrgAdmin(false);`
			`setIsOrgMember(false);`
			`}`
			`}, []);`

enabled policies 2026-01-16 17:31:25 +10:30			`const refreshCompliance = useCallback(async () => {`
			`try {`
			`const compliance = await api.policies.getMyCompliance();`
			`setMfaCompliance(compliance);`
			`persistMfaCompliance(compliance);`

			`// Check if user is now compliant`
			`if (compliance.overall_status === 'compliant' && requiresMfaEnrollment) {`
			`setRequiresMfaEnrollment(false);`
			`navigate('/profile');`
			`}`
			`} catch (error) {`
			`console.error('[AuthContext] Failed to refresh compliance:', error);`
			`}`
			`}, [requiresMfaEnrollment, navigate]);`

Changes 2026-01-06 15:33:03 +00:00			`const refreshUser = useCallback(async () => {`
			`try {`
			`const response = await api.users.me();`
			`setUser(response.user);`
			`} catch (error) {`
			`if (error instanceof ApiError && error.code === 401) {`
			`setUser(null);`
enabled policies 2026-01-16 17:31:25 +10:30			`setMfaCompliance(null);`
			`persistMfaCompliance(null);`
			`setRequiresMfaEnrollment(false);`
Changes 2026-01-06 15:33:03 +00:00			`}`
			`// Silently fail for other errors during refresh`
			`}`
			`}, []);`

Changes 2026-01-07 14:29:40 +00:00			`// Check for existing token on mount`
Changes 2026-01-06 15:33:03 +00:00			`useEffect(() => {`
Changes 2026-01-07 14:29:40 +00:00			`const checkAuth = async () => {`
			`// Only attempt to fetch user if we have a valid token`
			`if (!tokenManager.hasValidToken()) {`
			`setUser(null);`
enabled policies 2026-01-16 17:31:25 +10:30			`setMfaCompliance(null);`
			`persistMfaCompliance(null);`
			`setRequiresMfaEnrollment(false);`
Changes 2026-01-07 14:29:40 +00:00			`setIsLoading(false);`
			`return;`
			`}`

Changes 2026-01-06 15:33:03 +00:00			`try {`
			`const response = await api.users.me();`
			`setUser(response.user);`
enabled policies 2026-01-16 17:31:25 +10:30
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`// Also fetch compliance status and org role`
enabled policies 2026-01-16 17:31:25 +10:30			`try {`
			`const compliance = await api.policies.getMyCompliance();`
			`setMfaCompliance(compliance);`
			`persistMfaCompliance(compliance);`
			`setRequiresMfaEnrollment(compliance.overall_status === 'suspended');`
			`} catch {`
			`// Compliance fetch failed, continue without it`
			`setMfaCompliance(null);`
			`persistMfaCompliance(null);`
			`}`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`// Check org admin status`
			`await checkOrgAdmin();`
Changes 2026-01-06 15:33:03 +00:00			`} catch {`
			`setUser(null);`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`setIsOrgAdmin(false);`
			`setIsOrgMember(false);`
enabled policies 2026-01-16 17:31:25 +10:30			`setMfaCompliance(null);`
			`persistMfaCompliance(null);`
			`setRequiresMfaEnrollment(false);`
Changes 2026-01-06 15:33:03 +00:00			`} finally {`
			`setIsLoading(false);`
			`}`
			`};`

Changes 2026-01-07 14:29:40 +00:00			`checkAuth();`
Changes 2026-01-06 15:33:03 +00:00			`}, []);`

Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`const login = useCallback(async (email: string, password: string, rememberMe = false, skipNavigate = false): Promise<LoginResult> => {`
Changes 2026-01-06 15:33:03 +00:00			`const response = await api.auth.login(email, password, rememberMe);`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45
Force mfa if enabled at login 2026-01-16 17:50:56 +10:30			`// If WebAuthn is required, don't set user yet - wait for WebAuthn verification`
			`if (response.requires_webauthn) {`
			`return { requiresTotp: false, requiresWebAuthn: true };`
			`}`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45
Changes 2026-01-14 07:21:55 +00:00			`// If TOTP is required, don't set user yet - wait for TOTP verification`
			`if (response.requires_totp) {`
Force mfa if enabled at login 2026-01-16 17:50:56 +10:30			`return { requiresTotp: true, requiresWebAuthn: false };`
Changes 2026-01-14 07:21:55 +00:00			`}`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45
enabled policies 2026-01-16 17:31:25 +10:30			`// If MFA enrollment is required (past deadline), set compliance state`
			`if (response.requires_mfa_enrollment) {`
			`if (response.token) {`
			`tokenManager.setToken(response.token, response.expires_at ?? null);`
			`}`
			`if (response.user) {`
			`setUser(response.user);`
			`}`
			`if (response.mfa_compliance) {`
			`setMfaCompliance(response.mfa_compliance);`
			`persistMfaCompliance(response.mfa_compliance);`
			`}`
			`setRequiresMfaEnrollment(true);`
Force mfa if enabled at login 2026-01-16 17:50:56 +10:30			`return { requiresTotp: false, requiresWebAuthn: false, requiresMfaEnrollment: true };`
enabled policies 2026-01-16 17:31:25 +10:30			`}`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45
fix(auth): ensure token storage before user state updates 2026-01-16 11:35:21 +10:30			`if (response.token) {`
			`tokenManager.setToken(response.token, response.expires_at ?? null);`
			`}`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45
Changes 2026-01-14 07:21:55 +00:00			`if (response.user) {`
			`setUser(response.user);`
enabled policies 2026-01-16 17:31:25 +10:30			`if (response.mfa_compliance) {`
			`setMfaCompliance(response.mfa_compliance);`
			`persistMfaCompliance(response.mfa_compliance);`
			`}`
			`setRequiresMfaEnrollment(false);`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`await checkOrgAdmin();`
			`if (!skipNavigate) {`
			`navigate('/profile');`
			`}`
Changes 2026-01-14 07:21:55 +00:00			`}`
Force mfa if enabled at login 2026-01-16 17:50:56 +10:30			`return { requiresTotp: false, requiresWebAuthn: false };`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`}, [navigate, checkOrgAdmin]);`
Changes 2026-01-14 07:21:55 +00:00
Force mfa if enabled at login 2026-01-16 17:50:56 +10:30			`const verifyWebAuthn = useCallback(async () => {`
			`// WebAuthn verification is handled directly in the LoginPage component`
			`}, []);`

Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`const verifyTotp = useCallback(async (code: string, isBackupCode = false, skipNavigate = false) => {`
Changes 2026-01-14 07:21:55 +00:00			`const response = await api.totp.verify(code, isBackupCode);`
fix(auth): ensure token storage before user state updates 2026-01-16 11:35:21 +10:30
			`if (response.token) {`
			`tokenManager.setToken(response.token, response.expires_at ?? null);`
			`}`

Changes 2026-01-06 15:33:03 +00:00			`setUser(response.user);`
enabled policies 2026-01-16 17:31:25 +10:30
			`try {`
			`const compliance = await api.policies.getMyCompliance();`
			`setMfaCompliance(compliance);`
			`persistMfaCompliance(compliance);`
			`setRequiresMfaEnrollment(compliance.overall_status === 'suspended');`
			`} catch {`
			`setMfaCompliance(null);`
			`persistMfaCompliance(null);`
			`}`

Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`await checkOrgAdmin();`
			`if (!skipNavigate) {`
			`navigate('/profile');`
			`}`
			`}, [navigate, checkOrgAdmin]);`
Changes 2026-01-06 15:33:03 +00:00
			`const logout = useCallback(async () => {`
			`try {`
			`await api.auth.logout();`
			`} finally {`
			`setUser(null);`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`setIsOrgAdmin(false);`
			`setIsOrgMember(false);`
enabled policies 2026-01-16 17:31:25 +10:30			`setMfaCompliance(null);`
			`persistMfaCompliance(null);`
			`setRequiresMfaEnrollment(false);`
Changes 2026-01-06 15:33:03 +00:00			`navigate('/login');`
			`}`
			`}, [navigate]);`

			`return (`
			`<AuthContext.Provider`
			`value={{`
			`user,`
			`isLoading,`
			`isAuthenticated: !!user,`
Feat: RBAC, Keys Extension, Invites 2026-03-01 16:50:19 +05:45			`isOrgAdmin,`
			`isOrgMember,`
enabled policies 2026-01-16 17:31:25 +10:30			`mfaCompliance,`
			`requiresMfaEnrollment,`
Changes 2026-01-06 15:33:03 +00:00			`login,`
Changes 2026-01-14 07:21:55 +00:00			`verifyTotp,`
Force mfa if enabled at login 2026-01-16 17:50:56 +10:30			`verifyWebAuthn,`
Changes 2026-01-06 15:33:03 +00:00			`logout,`
			`refreshUser,`
enabled policies 2026-01-16 17:31:25 +10:30			`refreshCompliance,`
Changes 2026-01-06 15:33:03 +00:00			`}}`
			`>`
			`{children}`
			`</AuthContext.Provider>`
			`);`
			`}`

			`export function useAuth() {`
			`const context = useContext(AuthContext);`
			`if (!context) {`
			`throw new Error('useAuth must be used within an AuthProvider');`
			`}`
			`return context;`
			`}`