@mastra/auth-auth0 0.0.0-gl-test-20250917080133 → 0.0.0-jail-fs-20260105160110

package/CHANGELOG.md

@@ -1,6 +1,64 @@
 # @mastra/auth-auth0
 
-## 0.0.0-gl-test-20250917080133
+## 0.0.0-jail-fs-20260105160110
+
+### Major Changes
+
+- Bump minimum required Node.js version to 22.13.0 ([#9706](https://github.com/mastra-ai/mastra/pull/9706))
+
+- Experimental auth -> auth ([#9660](https://github.com/mastra-ai/mastra/pull/9660))
+
+- This change introduces **three major breaking changes** to the Auth0 authentication provider. These updates make token verification safer, prevent server crashes, and ensure proper authorization checks. ([#10632](https://github.com/mastra-ai/mastra/pull/10632))
+  - `authenticateToken()` now fails safely instead of throwing
+  - Empty or invalid tokens are now rejected early
+  - `authorizeUser()` now performs meaningful security checks
+
+  These changes improve stability, prevent runtime crashes, and enforce safer authentication & authorization behavior throughout the system.
+
+- Mark as stable ([`83d5942`](https://github.com/mastra-ai/mastra/commit/83d5942669ce7bba4a6ca4fd4da697a10eb5ebdc))
+
+### Patch Changes
+
+- dependencies updates: ([#10132](https://github.com/mastra-ai/mastra/pull/10132))
+  - Updated dependency [`jose@^6.1.1` ↗︎](https://www.npmjs.com/package/jose/v/6.1.1) (from `^6.0.12`, in `dependencies`)
+
+- Allow provider to pass through options to the auth config ([#10284](https://github.com/mastra-ai/mastra/pull/10284))
+
+## 1.0.0-beta.3
+
+### Major Changes
+
+- This change introduces **three major breaking changes** to the Auth0 authentication provider. These updates make token verification safer, prevent server crashes, and ensure proper authorization checks. ([#10632](https://github.com/mastra-ai/mastra/pull/10632))
+  - `authenticateToken()` now fails safely instead of throwing
+  - Empty or invalid tokens are now rejected early
+  - `authorizeUser()` now performs meaningful security checks
+
+  These changes improve stability, prevent runtime crashes, and enforce safer authentication & authorization behavior throughout the system.
+
+## 1.0.0-beta.2
+
+### Patch Changes
+
+- Allow provider to pass through options to the auth config ([#10284](https://github.com/mastra-ai/mastra/pull/10284))
+
+## 1.0.0-beta.1
+
+### Patch Changes
+
+- dependencies updates: ([#10132](https://github.com/mastra-ai/mastra/pull/10132))
+  - Updated dependency [`jose@^6.1.1` ↗︎](https://www.npmjs.com/package/jose/v/6.1.1) (from `^6.0.12`, in `dependencies`)
+
+## 1.0.0-beta.0
+
+### Major Changes
+
+- Bump minimum required Node.js version to 22.13.0 ([#9706](https://github.com/mastra-ai/mastra/pull/9706))
+
+- Experimental auth -> auth ([#9660](https://github.com/mastra-ai/mastra/pull/9660))
+
+- Mark as stable ([`83d5942`](https://github.com/mastra-ai/mastra/commit/83d5942669ce7bba4a6ca4fd4da697a10eb5ebdc))
+
+## 0.10.5
 
 ### Patch Changes
 

package/README.md

@@ -15,7 +15,7 @@ pnpm add @mastra/auth-auth0
 ## Usage
 
 ```typescript
-import { Mastra } from '@mastra/core';
+import { Mastra } from '@mastra/core/mastra';
 import { MastraAuthAuth0 } from '@mastra/auth-auth0';
 
 // Initialize with options
@@ -31,7 +31,7 @@ const auth0Provider = new MastraAuthAuth0();
 const mastra = new Mastra({
   ...
   server: {
-    experimental_auth: auth0Provider,
+    auth: auth0Provider,
   },
 });
 ```

package/dist/index.cjs

@@ -1,216 +1,8 @@
 'use strict';
 
-var chunkFID6GZ7C_cjs = require('./chunk-FID6GZ7C.cjs');
 var jose = require('jose');
 
-// ../../packages/core/dist/chunk-TLJPVRO5.js
-function hasActiveTelemetry(tracerName = "default-tracer") {
-  try {
-    return !!chunkFID6GZ7C_cjs.trace.getTracer(tracerName);
-  } catch {
-    return false;
-  }
-}
-function getBaggageValues(ctx) {
-  const currentBaggage = chunkFID6GZ7C_cjs.propagation.getBaggage(ctx);
-  const requestId = currentBaggage?.getEntry("http.request_id")?.value;
-  const componentName = currentBaggage?.getEntry("componentName")?.value;
-  const runId = currentBaggage?.getEntry("runId")?.value;
-  const threadId = currentBaggage?.getEntry("threadId")?.value;
-  const resourceId = currentBaggage?.getEntry("resourceId")?.value;
-  return {
-    requestId,
-    componentName,
-    runId,
-    threadId,
-    resourceId
-  };
-}
-function isStreamingResult(result, methodName) {
-  if (methodName === "stream" || methodName === "streamVNext") {
-    return true;
-  }
-  if (result && typeof result === "object" && result !== null) {
-    const obj = result;
-    return "textStream" in obj || "objectStream" in obj || "usagePromise" in obj || "finishReasonPromise" in obj;
-  }
-  return false;
-}
-function enhanceStreamingArgumentsWithTelemetry(args, span, spanName, methodName) {
-  if (methodName === "stream" || methodName === "streamVNext") {
-    const enhancedArgs = [...args];
-    const streamOptions = enhancedArgs.length > 1 && enhancedArgs[1] || {};
-    const enhancedStreamOptions = { ...streamOptions };
-    const originalOnFinish = enhancedStreamOptions.onFinish;
-    enhancedStreamOptions.onFinish = async (finishData) => {
-      try {
-        const telemetryData = {
-          text: finishData.text,
-          usage: finishData.usage,
-          finishReason: finishData.finishReason,
-          toolCalls: finishData.toolCalls,
-          toolResults: finishData.toolResults,
-          warnings: finishData.warnings,
-          ...finishData.object !== void 0 && { object: finishData.object }
-        };
-        span.setAttribute(`${spanName}.result`, JSON.stringify(telemetryData));
-        span.setStatus({ code: chunkFID6GZ7C_cjs.SpanStatusCode.OK });
-        span.end();
-      } catch (error) {
-        debugger;
-        console.warn("Telemetry capture failed:", error);
-        span.setAttribute(`${spanName}.result`, "[Telemetry Capture Error]");
-        span.setStatus({ code: chunkFID6GZ7C_cjs.SpanStatusCode.ERROR });
-        span.end();
-      }
-      if (originalOnFinish) {
-        return await originalOnFinish(finishData);
-      }
-    };
-    enhancedStreamOptions.onFinish.__hasOriginalOnFinish = !!originalOnFinish;
-    enhancedArgs[1] = enhancedStreamOptions;
-    span.__mastraStreamingSpan = true;
-    return enhancedArgs;
-  }
-  return args;
-}
-function withSpan(options) {
-  return function(_target, propertyKey, descriptor) {
-    if (!descriptor || typeof descriptor === "number") return;
-    const originalMethod = descriptor.value;
-    const methodName = String(propertyKey);
-    descriptor.value = function(...args) {
-      if (options?.skipIfNoTelemetry && !hasActiveTelemetry(options?.tracerName)) {
-        return originalMethod.apply(this, args);
-      }
-      const tracer = chunkFID6GZ7C_cjs.trace.getTracer(options?.tracerName ?? "default-tracer");
-      let spanName;
-      let spanKind;
-      if (typeof options === "string") {
-        spanName = options;
-      } else if (options) {
-        spanName = options.spanName || methodName;
-        spanKind = options.spanKind;
-      } else {
-        spanName = methodName;
-      }
-      const span = tracer.startSpan(spanName, { kind: spanKind });
-      let ctx = chunkFID6GZ7C_cjs.trace.setSpan(chunkFID6GZ7C_cjs.context.active(), span);
-      args.forEach((arg, index) => {
-        try {
-          span.setAttribute(`${spanName}.argument.${index}`, JSON.stringify(arg));
-        } catch {
-          span.setAttribute(`${spanName}.argument.${index}`, "[Not Serializable]");
-        }
-      });
-      const { requestId, componentName, runId, threadId, resourceId } = getBaggageValues(ctx);
-      if (requestId) {
-        span.setAttribute("http.request_id", requestId);
-      }
-      if (threadId) {
-        span.setAttribute("threadId", threadId);
-      }
-      if (resourceId) {
-        span.setAttribute("resourceId", resourceId);
-      }
-      if (componentName) {
-        span.setAttribute("componentName", componentName);
-        span.setAttribute("runId", runId);
-      } else if (this && typeof this === "object" && "name" in this) {
-        const contextObj = this;
-        span.setAttribute("componentName", contextObj.name);
-        if (contextObj.runId) {
-          span.setAttribute("runId", contextObj.runId);
-        }
-        ctx = chunkFID6GZ7C_cjs.propagation.setBaggage(
-          ctx,
-          chunkFID6GZ7C_cjs.propagation.createBaggage({
-            // @ts-ignore
-            componentName: { value: this.name },
-            // @ts-ignore
-            runId: { value: this.runId },
-            // @ts-ignore
-            "http.request_id": { value: requestId },
-            // @ts-ignore
-            threadId: { value: threadId },
-            // @ts-ignore
-            resourceId: { value: resourceId }
-          })
-        );
-      }
-      let result;
-      try {
-        const enhancedArgs = isStreamingResult(result, methodName) ? enhanceStreamingArgumentsWithTelemetry(args, span, spanName, methodName) : args;
-        result = chunkFID6GZ7C_cjs.context.with(ctx, () => originalMethod.apply(this, enhancedArgs));
-        if (result instanceof Promise) {
-          return result.then((resolvedValue) => {
-            if (isStreamingResult(resolvedValue, methodName)) {
-              return resolvedValue;
-            } else {
-              try {
-                span.setAttribute(`${spanName}.result`, JSON.stringify(resolvedValue));
-              } catch {
-                span.setAttribute(`${spanName}.result`, "[Not Serializable]");
-              }
-              return resolvedValue;
-            }
-          }).finally(() => {
-            if (!span.__mastraStreamingSpan) {
-              span.end();
-            }
-          });
-        }
-        if (!isStreamingResult(result, methodName)) {
-          try {
-            span.setAttribute(`${spanName}.result`, JSON.stringify(result));
-          } catch {
-            span.setAttribute(`${spanName}.result`, "[Not Serializable]");
-          }
-        }
-        return result;
-      } catch (error) {
-        span.setStatus({
-          code: chunkFID6GZ7C_cjs.SpanStatusCode.ERROR,
-          message: error instanceof Error ? error.message : "Unknown error"
-        });
-        if (error instanceof Error) {
-          span.recordException(error);
-        }
-        throw error;
-      } finally {
-        if (!(result instanceof Promise) && !isStreamingResult(result, methodName)) {
-          span.end();
-        }
-      }
-    };
-    return descriptor;
-  };
-}
-function InstrumentClass(options) {
-  return function(target) {
-    const methods = Object.getOwnPropertyNames(target.prototype);
-    methods.forEach((method) => {
-      if (options?.excludeMethods?.includes(method) || method === "constructor") return;
-      if (options?.methodFilter && !options.methodFilter(method)) return;
-      const descriptor = Object.getOwnPropertyDescriptor(target.prototype, method);
-      if (descriptor && typeof descriptor.value === "function") {
-        Object.defineProperty(
-          target.prototype,
-          method,
-          withSpan({
-            spanName: options?.prefix ? `${options.prefix}.${method}` : method,
-            skipIfNoTelemetry: true,
-            spanKind: options?.spanKind || chunkFID6GZ7C_cjs.SpanKind.INTERNAL,
-            tracerName: options?.tracerName
-          })(target, method, descriptor)
-        );
-      }
-    });
-    return target;
-  };
-}
-
-// ../../packages/core/dist/chunk-X3GXU6TZ.js
+// ../../packages/core/dist/chunk-NRUZYMHE.js
 var RegisteredLogger = {
   LLM: "LLM"};
 var LogLevel = {
@@ -232,11 +24,11 @@ var MastraLogger = class {
   }
   trackException(_error) {
   }
-  async getLogs(transportId, params) {
+  async listLogs(transportId, params) {
     if (!transportId || !this.transports.has(transportId)) {
       return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };
     }
-    return this.transports.get(transportId).getLogs(params) ?? {
+    return this.transports.get(transportId).listLogs(params) ?? {
       logs: [],
       total: 0,
       page: params?.page ?? 1,
@@ -244,7 +36,7 @@ var MastraLogger = class {
       hasMore: false
     };
   }
-  async getLogsByRunId({
+  async listLogsByRunId({
     transportId,
     runId,
     fromDate,
@@ -257,7 +49,7 @@ var MastraLogger = class {
     if (!transportId || !this.transports.has(transportId) || !runId) {
       return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };
     }
-    return this.transports.get(transportId).getLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {
+    return this.transports.get(transportId).listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {
       logs: [],
       total: 0,
       page: page ?? 1,
@@ -272,7 +64,7 @@ var ConsoleLogger = class extends MastraLogger {
   }
   debug(message, ...args) {
     if (this.level === LogLevel.DEBUG) {
-      console.debug(message, ...args);
+      console.info(message, ...args);
     }
   }
   info(message, ...args) {
@@ -282,7 +74,7 @@ var ConsoleLogger = class extends MastraLogger {
   }
   warn(message, ...args) {
     if (this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
-      console.warn(message, ...args);
+      console.info(message, ...args);
     }
   }
   error(message, ...args) {
@@ -290,20 +82,19 @@ var ConsoleLogger = class extends MastraLogger {
       console.error(message, ...args);
     }
   }
-  async getLogs(_transportId, _params) {
+  async listLogs(_transportId, _params) {
     return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };
   }
-  async getLogsByRunId(_args) {
+  async listLogsByRunId(_args) {
     return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };
   }
 };
 
-// ../../packages/core/dist/chunk-6GF5M4GX.js
+// ../../packages/core/dist/chunk-LSHPJWM5.js
 var MastraBase = class {
   component = RegisteredLogger.LLM;
   logger;
   name;
-  telemetry;
   constructor({ component, name }) {
     this.component = component || RegisteredLogger.LLM;
     this.name = name;
@@ -319,111 +110,32 @@ var MastraBase = class {
       this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);
     }
   }
-  /**
-   * Set the telemetry for the
-   * @param telemetry
-   */
-  __setTelemetry(telemetry) {
-    this.telemetry = telemetry;
-    if (this.component !== RegisteredLogger.LLM) {
-      this.logger.debug(`Telemetry updated [component=${this.component}] [name=${this.telemetry.name}]`);
-    }
-  }
-  /**
-   * Get the telemetry on the vector
-   * @returns telemetry
-   */
-  __getTelemetry() {
-    return this.telemetry;
-  }
-  /* 
-    get experimental_telemetry config
-    */
-  get experimental_telemetry() {
-    return this.telemetry ? {
-      // tracer: this.telemetry.tracer,
-      tracer: this.telemetry.getBaggageTracer(),
-      isEnabled: !!this.telemetry.tracer
-    } : void 0;
-  }
-};
-
-// ../../packages/core/dist/chunk-3HXBPDKN.js
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __knownSymbol = (name, symbol) => (symbol = Symbol[name]) ? symbol : Symbol.for("Symbol." + name);
-var __typeError = (msg) => {
-  throw TypeError(msg);
-};
-var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, {
-  enumerable: true,
-  configurable: true,
-  writable: true,
-  value
-}) : obj[key] = value;
-var __name = (target, value) => __defProp(target, "name", {
-  value,
-  configurable: true
-});
-var __decoratorStart = (base) => [, , , __create(base?.[__knownSymbol("metadata")] ?? null)];
-var __decoratorStrings = ["class", "method", "getter", "setter", "accessor", "field", "value", "get", "set"];
-var __expectFn = (fn) => fn !== void 0 && typeof fn !== "function" ? __typeError("Function expected") : fn;
-var __decoratorContext = (kind, name, done, metadata, fns) => ({
-  kind: __decoratorStrings[kind],
-  name,
-  metadata,
-  addInitializer: (fn) => done._ ? __typeError("Already initialized") : fns.push(__expectFn(fn || null))
-});
-var __decoratorMetadata = (array, target) => __defNormalProp(target, __knownSymbol("metadata"), array[3]);
-var __runInitializers = (array, flags, self, value) => {
-  for (var i = 0, fns = array[flags >> 1], n = fns && fns.length; i < n; i++) fns[i].call(self) ;
-  return value;
-};
-var __decorateElement = (array, flags, name, decorators, target, extra) => {
-  var it, done, ctx, k = flags & 7, p = false;
-  var j = 0;
-  var extraInitializers = array[j] || (array[j] = []);
-  var desc = k && ((target = target.prototype), k < 5 && (k > 3 || !p) && __getOwnPropDesc(target , name));
-  __name(target, name);
-  for (var i = decorators.length - 1; i >= 0; i--) {
-    ctx = __decoratorContext(k, name, done = {}, array[3], extraInitializers);
-    it = (0, decorators[i])(target, ctx), done._ = 1;
-    __expectFn(it) && (target = it);
-  }
-  return __decoratorMetadata(array, target), desc && __defProp(target, name, desc), p ? k ^ 4 ? extra : desc : target;
 };
 
 // ../../packages/core/dist/server/index.js
-var _MastraAuthProvider_decorators;
-var _init;
-var _a;
-_MastraAuthProvider_decorators = [InstrumentClass({
-  prefix: "auth",
-  excludeMethods: ["__setTools", "__setLogger", "__setTelemetry", "#log"]
-})];
-var MastraAuthProvider = class extends (_a = MastraBase) {
+var MastraAuthProvider = class extends MastraBase {
+  protected;
+  public;
   constructor(options) {
-    super({
-      component: "AUTH",
-      name: options?.name
-    });
+    super({ component: "AUTH", name: options?.name });
     if (options?.authorizeUser) {
       this.authorizeUser = options.authorizeUser.bind(this);
     }
+    this.protected = options?.protected;
+    this.public = options?.public;
   }
   registerOptions(opts) {
     if (opts?.authorizeUser) {
       this.authorizeUser = opts.authorizeUser.bind(this);
     }
+    if (opts?.protected) {
+      this.protected = opts.protected;
+    }
+    if (opts?.public) {
+      this.public = opts.public;
+    }
   }
 };
-MastraAuthProvider = /* @__PURE__ */ ((_) => {
-  _init = __decoratorStart(_a);
-  MastraAuthProvider = __decorateElement(_init, 0, "MastraAuthProvider", _MastraAuthProvider_decorators, MastraAuthProvider);
-  __runInitializers(_init, 1, MastraAuthProvider);
-  return MastraAuthProvider;
-})();
 var MastraAuthAuth0 = class extends MastraAuthProvider {
   domain;
   audience;
@@ -441,15 +153,27 @@ var MastraAuthAuth0 = class extends MastraAuthProvider {
     this.registerOptions(options);
   }
   async authenticateToken(token) {
-    const JWKS = jose.createRemoteJWKSet(new URL(`https://${this.domain}/.well-known/jwks.json`));
-    const { payload } = await jose.jwtVerify(token, JWKS, {
-      issuer: `https://${this.domain}/`,
-      audience: this.audience
-    });
-    return payload;
+    if (!token || typeof token !== "string") {
+      return null;
+    }
+    try {
+      const JWKS = jose.createRemoteJWKSet(new URL(`https://${this.domain}/.well-known/jwks.json`));
+      const { payload } = await jose.jwtVerify(token, JWKS, {
+        issuer: `https://${this.domain}/`,
+        audience: this.audience
+      });
+      return payload;
+    } catch (err) {
+      console.error("Auth0 token verification failed:", err);
+      return null;
+    }
   }
   async authorizeUser(user) {
-    return !!user;
+    if (!user || !user.sub) return false;
+    if (user.exp && user.exp * 1e3 < Date.now()) {
+      return false;
+    }
+    return true;
   }
 };