@mastra/auth-workos 1.2.0-alpha.0 → 1.3.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/CHANGELOG.md +70 -0
  2. package/dist/index.cjs +17 -0
  3. package/dist/index.cjs.map +1 -1
  4. package/dist/index.js +17 -0
  5. package/dist/index.js.map +1 -1
  6. package/dist/rbac-provider.d.ts +16 -0
  7. package/dist/rbac-provider.d.ts.map +1 -1
  8. package/package.json +4 -4
package/CHANGELOG.md CHANGED
@@ -1,5 +1,75 @@
1
1
  # @mastra/auth-workos
2
2
 
3
+ ## 1.3.0-alpha.0
4
+
5
+ ### Minor Changes
6
+
7
+ - Added optional `getAvailableRoles` and `getPermissionsForRole` methods to the WorkOS RBAC provider, so consumers can list configured roles and inspect their permissions through `@mastra/auth-workos`. ([#16578](https://github.com/mastra-ai/mastra/pull/16578))
8
+
9
+ ```typescript
10
+ import { MastraRBACWorkos } from '@mastra/auth-workos';
11
+
12
+ const rbac = new MastraRBACWorkos({
13
+ /* config */
14
+ });
15
+
16
+ // List all available roles
17
+ const roles = await rbac.getAvailableRoles();
18
+ // [{ id: 'admin', name: 'Admin' }, { id: 'member', name: 'Member' }]
19
+
20
+ // Get permissions for a specific role
21
+ const permissions = await rbac.getPermissionsForRole('member');
22
+ // ['agents:read', 'workflows:read']
23
+ ```
24
+
25
+ ### Patch Changes
26
+
27
+ - Updated dependencies [[`090a647`](https://github.com/mastra-ai/mastra/commit/090a647ba5a66d36f203f9f49457e03a1ff4e6fb), [`090a647`](https://github.com/mastra-ai/mastra/commit/090a647ba5a66d36f203f9f49457e03a1ff4e6fb), [`f84447d`](https://github.com/mastra-ai/mastra/commit/f84447d6c80f3471836a9b300d246b331fb47e0d), [`a1a5b3e`](https://github.com/mastra-ai/mastra/commit/a1a5b3e42ab2ca5161ea21db59ebf28442680fa7), [`af84f57`](https://github.com/mastra-ai/mastra/commit/af84f571ed762e92e8e61c5f9a72363520914274), [`8b3c6f9`](https://github.com/mastra-ai/mastra/commit/8b3c6f90f7879833ba7d1bc70937e1d8f69d0804)]:
28
+ - @mastra/core@1.34.0-alpha.3
29
+ - @mastra/auth@1.0.2
30
+
31
+ ## 1.2.0
32
+
33
+ ### Minor Changes
34
+
35
+ - Added `MastraFGAWorkos` provider for Fine-Grained Authorization using the WorkOS Authorization API. Implements `IFGAManager` interface with support for: ([#15410](https://github.com/mastra-ai/mastra/pull/15410))
36
+ - Authorization checks (`check()`, `require()`, `filterAccessible()`)
37
+ - Resource management (`createResource()`, `getResource()`, `listResources()`, `updateResource()`, `deleteResource()`)
38
+ - Role assignments (`assignRole()`, `removeRole()`, `listRoleAssignments()`)
39
+ - `resourceMapping` and `permissionMapping` for translating Mastra resource types and permissions to WorkOS resource type slugs and permission slugs
40
+ - Organization scoping that denies access when the user is not a member of the configured organization
41
+ - Bearer-token / verified JWT support that carries service-token FGA context such as organization membership IDs, while ignoring JWT-derived memberships unless organization claims are trusted
42
+ - Membership caching and batched accessible-resource discovery for lower per-request latency
43
+ - Tenant inference and parent-resource filtering for scoped access checks
44
+ - Paginated organization membership lookup and limited concurrent FGA checks when filtering accessible resources
45
+ - Typed permission constants accepted in `permissionMapping`
46
+
47
+ ```typescript
48
+ import { MastraFGAWorkos } from '@mastra/auth-workos';
49
+
50
+ const fga = new MastraFGAWorkos({
51
+ organizationId: 'org_abc123',
52
+ resourceMapping: {
53
+ agent: { fgaResourceType: 'team', deriveId: ctx => ctx.user.teamId },
54
+ },
55
+ permissionMapping: {
56
+ 'agents:execute': 'manage-workflows',
57
+ },
58
+ });
59
+
60
+ // Check whether a user can execute an agent
61
+ const allowed = await fga.check(user, {
62
+ resource: { type: 'agent', id: 'my-agent' },
63
+ permission: 'agents:execute',
64
+ });
65
+ ```
66
+
67
+ ### Patch Changes
68
+
69
+ - Updated dependencies [[`6dcd65f`](https://github.com/mastra-ai/mastra/commit/6dcd65f2a34069e6dc43ba35f1d11119b9b40bef), [`86c0298`](https://github.com/mastra-ai/mastra/commit/86c0298e647306423c842f9d5ac827bd616bd13d), [`c05c9a1`](https://github.com/mastra-ai/mastra/commit/c05c9a13230988cef6d438a62f37760f31927bc7), [`ca28c23`](https://github.com/mastra-ai/mastra/commit/ca28c232a2f18801a6cf20fe053479237b4d4fb0), [`e24aacb`](https://github.com/mastra-ai/mastra/commit/e24aacba07bd66f5d95b636dc24016fca26b52cf), [`7679a63`](https://github.com/mastra-ai/mastra/commit/7679a634eae8e8ca459fd87538fdf72b4389b07f), [`7fce309`](https://github.com/mastra-ai/mastra/commit/7fce30912b14170bfc41f0ac736cca0f39fe0cd4), [`1d64a76`](https://github.com/mastra-ai/mastra/commit/1d64a765861a0772ea187bab76e5ed37bf82d042), [`1c2dda8`](https://github.com/mastra-ai/mastra/commit/1c2dda805fbfccc0abf55d4cb20cc34402dc3f0c), [`c721164`](https://github.com/mastra-ai/mastra/commit/c7211643f7ac861f83b19a3757cc921487fc9d75), [`1b55954`](https://github.com/mastra-ai/mastra/commit/1b559541c1e08a10e49d01ffc51a634dfc37a286), [`7997c2e`](https://github.com/mastra-ai/mastra/commit/7997c2e55ddd121562a4098cd8d2b89c68433bf1), [`5adc55e`](https://github.com/mastra-ai/mastra/commit/5adc55e63407be8ee977914957d68bcc2a075ceb), [`7679a63`](https://github.com/mastra-ai/mastra/commit/7679a634eae8e8ca459fd87538fdf72b4389b07f), [`a0d9b6d`](https://github.com/mastra-ai/mastra/commit/a0d9b6d6b810aeaa9e177a0dcc99a4402e609634), [`e97ccb9`](https://github.com/mastra-ai/mastra/commit/e97ccb900f8b7a390ce82c9f8eb8d6eb2c5e3777), [`c5daf48`](https://github.com/mastra-ai/mastra/commit/c5daf48556e98c46ae06caf00f92c249912007e9), [`70017d7`](https://github.com/mastra-ai/mastra/commit/70017d72ab741b5d7040e2a15c251a317782e39e), [`cd96779`](https://github.com/mastra-ai/mastra/commit/cd9677937f113b2856dc8b9f3d4bdabcee58bb2e), [`b0c7022`](https://github.com/mastra-ai/mastra/commit/b0c70224f80dad7c0cdbfb22cbff22e0f75c064f), [`e4942bc`](https://github.com/mastra-ai/mastra/commit/e4942bc7fdc903572f7d84f26d5e15f9d39c763d)]:
70
+ - @mastra/core@1.32.0
71
+ - @mastra/auth@1.0.2
72
+
3
73
  ## 1.2.0-alpha.0
4
74
 
5
75
  ### Minor Changes
package/dist/index.cjs CHANGED
@@ -724,6 +724,23 @@ var MastraRBACWorkos = class {
724
724
  const userPermissions = await this.getPermissions(user);
725
725
  return permissions.some((required) => userPermissions.some((p) => ee.matchesPermission(p, required)));
726
726
  }
727
+ /**
728
+ * Get all available roles defined in the role mapping.
729
+ *
730
+ * Returns role IDs and names derived from the roleMapping keys,
731
+ * excluding the `_default` fallback entry.
732
+ */
733
+ async getAvailableRoles() {
734
+ return Object.keys(this.options.roleMapping).filter((key) => key !== "_default").map((key) => ({ id: key, name: key.charAt(0).toUpperCase() + key.slice(1) }));
735
+ }
736
+ /**
737
+ * Get resolved permissions for a specific role.
738
+ *
739
+ * Looks up the role in the roleMapping and returns its permissions.
740
+ */
741
+ async getPermissionsForRole(roleId) {
742
+ return ee.resolvePermissionsFromMapping([roleId], this.options.roleMapping);
743
+ }
727
744
  /**
728
745
  * Clear the roles cache.
729
746
  *