npm - @mastra/auth - Versions diffs - 1.0.0 → 1.0.1 - Mend

@mastra/auth 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/CHANGELOG.md +20 -0
package/LICENSE.md +15 -0
package/dist/docs/SKILL.md +16 -21
package/dist/docs/{SOURCE_MAP.json → assets/SOURCE_MAP.json} +1 -1
package/dist/docs/references/docs-server-auth-custom-auth-provider.md +513 -0
package/dist/docs/{server/02-jwt.md → references/docs-server-auth-jwt.md} +52 -41
package/dist/docs/references/docs-server-auth.md +38 -0
package/dist/docs/references/reference-auth-jwt.md +26 -0
package/dist/index.cjs +23 -3
package/dist/index.cjs.map +1 -1
package/dist/index.js +23 -3
package/dist/index.js.map +1 -1
package/package.json +11 -12
package/dist/docs/README.md +0 -32
package/dist/docs/auth/01-reference.md +0 -33
package/dist/docs/server/01-index.md +0 -16

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,25 @@
 # @mastra/auth
+## 1.0.1
+### Patch Changes
+- dependencies updates: ([#13134](https://github.com/mastra-ai/mastra/pull/13134))
+  - Updated dependency [`jsonwebtoken@^9.0.3` ↗︎](https://www.npmjs.com/package/jsonwebtoken/v/9.0.3) (from `^9.0.2`, in `dependencies`)
+- dependencies updates: ([#13135](https://github.com/mastra-ai/mastra/pull/13135))
+  - Updated dependency [`jwks-rsa@^3.2.2` ↗︎](https://www.npmjs.com/package/jwks-rsa/v/3.2.2) (from `^3.2.0`, in `dependencies`)
+## 1.0.1-alpha.0
+### Patch Changes
+- dependencies updates: ([#13134](https://github.com/mastra-ai/mastra/pull/13134))
+  - Updated dependency [`jsonwebtoken@^9.0.3` ↗︎](https://www.npmjs.com/package/jsonwebtoken/v/9.0.3) (from `^9.0.2`, in `dependencies`)
+- dependencies updates: ([#13135](https://github.com/mastra-ai/mastra/pull/13135))
+  - Updated dependency [`jwks-rsa@^3.2.2` ↗︎](https://www.npmjs.com/package/jwks-rsa/v/3.2.2) (from `^3.2.0`, in `dependencies`)
 ## 1.0.0
 ### Major Changes

package/LICENSE.md CHANGED Viewed

@@ -1,3 +1,18 @@
+Portions of this software are licensed as follows:
+- All content that resides under any directory named "ee/" within this
+  repository, including but not limited to:
+  - `packages/core/src/auth/ee/`
+  - `packages/server/src/server/auth/ee/`
+    is licensed under the license defined in `ee/LICENSE`.
+- All third-party components incorporated into the Mastra Software are
+  licensed under the original license provided by the owner of the
+  applicable component.
+- Content outside of the above-mentioned directories or restrictions is
+  available under the "Apache License 2.0" as defined below.
 # Apache License 2.0
 Copyright (c) 2025 Kepler Software, Inc.

package/dist/docs/SKILL.md CHANGED Viewed

@@ -1,33 +1,28 @@
 ---
-name: mastra-auth-docs
-description: Documentation for @mastra/auth. Includes links to type definitions and readable implementation code in dist/.
+name: mastra-auth
+description: Documentation for @mastra/auth. Use when working with @mastra/auth APIs, configuration, or implementation.
+metadata:
+  package: "@mastra/auth"
+  version: "1.0.1"
 ---
-# @mastra/auth Documentation
+## When to use
-> **Version**: 1.0.0
-> **Package**: @mastra/auth
+Use this skill whenever you are working with @mastra/auth to obtain the domain-specific knowledge.
-## Quick Navigation
+## How to use
-Use SOURCE_MAP.json to find any export:
+Read the individual reference documents for detailed explanations and code examples.
-```bash
-cat docs/SOURCE_MAP.json
-```
+### Docs
-Each export maps to:
-- **types**: `.d.ts` file with JSDoc and API signatures
-- **implementation**: `.js` chunk file with readable source
-- **docs**: Conceptual documentation in `docs/`
+- [Auth Overview](references/docs-server-auth.md) - Learn about different Auth options for your Mastra applications
+- [Custom Auth Provider](references/docs-server-auth-custom-auth-provider.md) - Create custom authentication providers for specialized identity systems
+- [MastraJwtAuth Class](references/docs-server-auth-jwt.md) - Documentation for the MastraJwtAuth class, which authenticates Mastra applications using JSON Web Tokens.
-## Top Exports
+### Reference
+- [Reference: MastraJwtAuth Class](references/reference-auth-jwt.md) - API reference for the MastraJwtAuth class, which authenticates Mastra applications using JSON Web Tokens.
-See SOURCE_MAP.json for the complete list.
-## Available Topics
-- [Auth](auth/) - 1 file(s)
-- [Server](server/) - 2 file(s)
+Read [assets/SOURCE_MAP.json](assets/SOURCE_MAP.json) for source code references.

package/dist/docs/{SOURCE_MAP.json → assets/SOURCE_MAP.json} RENAMED Viewed

@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0",
+  "version": "1.0.1",
   "package": "@mastra/auth",
   "exports": {},
   "modules": {}

package/dist/docs/references/docs-server-auth-custom-auth-provider.md ADDED Viewed

@@ -0,0 +1,513 @@
+# Custom Auth Providers
+Custom auth providers allow you to implement authentication for identity systems that aren't covered by the built-in providers. Extend the `MastraAuthProvider` base class to integrate with any authentication system.
+## Overview
+Auth providers handle authentication and authorization for incoming requests:
+- Token verification and user extraction
+- User authorization logic
+- Path-based access control (public/protected routes)
+Create custom auth providers to support:
+- Self-hosted identity systems
+- Custom token formats or verification logic
+- Specialized authorization rules
+- Enterprise SSO integrations
+## Creating a Custom Auth Provider
+Extend the `MastraAuthProvider` class and implement the required methods:
+```typescript
+import { MastraAuthProvider } from '@mastra/core/server'
+import type { MastraAuthProviderOptions } from '@mastra/core/server'
+import type { HonoRequest } from 'hono'
+// Define your user type
+type MyUser = {
+  id: string
+  email: string
+  roles: string[]
+}
+// Define options for your provider
+interface MyAuthOptions extends MastraAuthProviderOptions<MyUser> {
+  apiUrl?: string
+  apiKey?: string
+}
+export class MyAuthProvider extends MastraAuthProvider<MyUser> {
+  protected apiUrl: string
+  protected apiKey: string
+  constructor(options?: MyAuthOptions) {
+    // Call super with a name for logging/debugging
+    super({ name: options?.name ?? 'my-auth' })
+    const apiUrl = options?.apiUrl ?? process.env.MY_AUTH_API_URL
+    const apiKey = options?.apiKey ?? process.env.MY_AUTH_API_KEY
+    if (!apiUrl || !apiKey) {
+      throw new Error(
+        'Auth API URL and API key are required. Provide them in options or set MY_AUTH_API_URL and MY_AUTH_API_KEY environment variables.',
+      )
+    }
+    this.apiUrl = apiUrl
+    this.apiKey = apiKey
+    // Register any custom options (authorizeUser override, public/protected paths)
+    this.registerOptions(options)
+  }
+  /**
+   * Verify the token and return the user
+   * Return null if authentication fails
+   */
+  async authenticateToken(token: string, request: HonoRequest): Promise<MyUser | null> {
+    try {
+      const response = await fetch(`${this.apiUrl}/verify`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-API-Key': this.apiKey,
+        },
+        body: JSON.stringify({ token }),
+      })
+      if (!response.ok) {
+        return null
+      }
+      const user = await response.json()
+      return user
+    } catch (error) {
+      console.error('Token verification failed:', error)
+      return null
+    }
+  }
+  /**
+   * Check if the authenticated user is authorized
+   * Return true to allow access, false to deny
+   */
+  async authorizeUser(user: MyUser, request: HonoRequest): Promise<boolean> {
+    // Basic authorization: user must exist and have an ID
+    return !!user?.id
+  }
+}
+```
+## Required Methods
+### authenticateToken()
+Verify the incoming token and return the user object if valid, or `null` if authentication fails.
+```typescript
+async authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>
+```
+| Parameter | Type          | Description                                                 |
+| --------- | ------------- | ----------------------------------------------------------- |
+| `token`   | `string`      | The bearer token extracted from the `Authorization` header  |
+| `request` | `HonoRequest` | The incoming request object (access headers, cookies, etc.) |
+**Returns**: The user object if authentication succeeds, or `null` if it fails.
+The token is automatically extracted from the `Authorization: Bearer <token>` header. If you need to access other headers or cookies, use the `request` parameter.
+### authorizeUser()
+Determine if the authenticated user is allowed to access the resource.
+```typescript
+async authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> | boolean
+```
+| Parameter | Type          | Description                                     |
+| --------- | ------------- | ----------------------------------------------- |
+| `user`    | `TUser`       | The user object returned by `authenticateToken` |
+| `request` | `HonoRequest` | The incoming request object                     |
+**Returns**: `true` to allow access, `false` to deny (returns 403 Forbidden).
+## Configuration Options
+The `MastraAuthProviderOptions` interface supports these options:
+| Option          | Type                                                     | Description                         |
+| --------------- | -------------------------------------------------------- | ----------------------------------- |
+| `name`          | `string`                                                 | Provider name for logging/debugging |
+| `authorizeUser` | `(user, request) => Promise<boolean> \| boolean`         | Custom authorization function       |
+| `protected`     | `(RegExp \| string \| [string, Methods \| Methods[]])[]` | Paths that require authentication   |
+| `public`        | `(RegExp \| string \| [string, Methods \| Methods[]])[]` | Paths that bypass authentication    |
+### Path Patterns
+Configure which paths require authentication using pattern matching:
+```typescript
+const auth = new MyAuthProvider({
+  // Paths that require authentication
+  protected: [
+    '/api/*', // Wildcard: all /api routes
+    '/admin/*', // Wildcard: all /admin routes
+    /^\/secure\/.*/, // Regex pattern
+  ],
+  // Paths that bypass authentication
+  public: [
+    '/health', // Exact match
+    '/api/status', // Exact match
+    ['/api/webhook', 'POST'], // Only POST requests to /api/webhook
+  ],
+})
+```
+## Using Your Auth Provider
+Register your custom auth provider with the Mastra instance:
+```typescript
+import { Mastra } from '@mastra/core'
+import { MyAuthProvider } from './my-auth-provider'
+export const mastra = new Mastra({
+  server: {
+    auth: new MyAuthProvider({
+      apiUrl: process.env.MY_AUTH_API_URL,
+      apiKey: process.env.MY_AUTH_API_KEY,
+    }),
+  },
+})
+```
+## Helper Utilities
+The `@mastra/auth` package provides utilities for common token verification patterns:
+### JWT Verification
+```typescript
+import { verifyHmac, verifyJwks, decodeToken, getTokenIssuer } from '@mastra/auth'
+// Verify HMAC-signed JWT
+const payload = await verifyHmac(token, 'your-secret-key')
+// Verify with JWKS (for OAuth providers)
+const payload = await verifyJwks(token, 'https://provider.com/.well-known/jwks.json')
+// Decode without verification (for inspection)
+const decoded = await decodeToken(token)
+// Get the issuer from a decoded token
+const issuer = getTokenIssuer(decoded)
+```
+### Example: JWKS-based Provider
+```typescript
+import { MastraAuthProvider } from '@mastra/core/server'
+import type { MastraAuthProviderOptions } from '@mastra/core/server'
+import { verifyJwks } from '@mastra/auth'
+import type { JwtPayload } from '@mastra/auth'
+type MyUser = JwtPayload
+interface MyJwksAuthOptions extends MastraAuthProviderOptions<MyUser> {
+  jwksUri?: string
+  issuer?: string
+}
+export class MyJwksAuth extends MastraAuthProvider<MyUser> {
+  protected jwksUri: string
+  protected issuer: string
+  constructor(options?: MyJwksAuthOptions) {
+    super({ name: options?.name ?? 'my-jwks-auth' })
+    const jwksUri = options?.jwksUri ?? process.env.MY_JWKS_URI
+    const issuer = options?.issuer ?? process.env.MY_AUTH_ISSUER
+    if (!jwksUri) {
+      throw new Error('JWKS URI is required')
+    }
+    this.jwksUri = jwksUri
+    this.issuer = issuer ?? ''
+    this.registerOptions(options)
+  }
+  async authenticateToken(token: string): Promise<MyUser | null> {
+    try {
+      const payload = await verifyJwks(token, this.jwksUri)
+      // Optionally validate issuer
+      if (this.issuer && payload.iss !== this.issuer) {
+        return null
+      }
+      return payload
+    } catch {
+      return null
+    }
+  }
+  async authorizeUser(user: MyUser): Promise<boolean> {
+    // Check token hasn't expired
+    if (user.exp && user.exp * 1000 < Date.now()) {
+      return false
+    }
+    return !!user.sub
+  }
+}
+```
+## Custom Authorization Logic
+Override the default authorization by providing a custom `authorizeUser` function:
+```typescript
+const auth = new MyAuthProvider({
+  apiUrl: process.env.MY_AUTH_API_URL,
+  apiKey: process.env.MY_AUTH_API_KEY,
+  // Custom authorization: require admin role for all requests
+  async authorizeUser(user, request) {
+    return user.roles.includes('admin')
+  },
+})
+```
+### Role-based Authorization
+```typescript
+const auth = new MyAuthProvider({
+  async authorizeUser(user, request) {
+    const path = request.url
+    const method = request.method
+    // Admin routes require admin role
+    if (path.startsWith('/admin/')) {
+      return user.roles.includes('admin')
+    }
+    // Write operations require write role
+    if (['POST', 'PUT', 'PATCH', 'DELETE'].includes(method)) {
+      return user.roles.includes('write') || user.roles.includes('admin')
+    }
+    // Read operations allowed for all authenticated users
+    return true
+  },
+})
+```
+## Testing Custom Auth Providers
+Example test structure using Vitest:
+```typescript
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+import { MyAuthProvider } from './my-auth-provider'
+// Mock fetch for API calls
+global.fetch = vi.fn()
+describe('MyAuthProvider', () => {
+  const mockOptions = {
+    apiUrl: 'https://auth.example.com',
+    apiKey: 'test-api-key',
+  }
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+  describe('initialization', () => {
+    it('should initialize with provided options', () => {
+      const auth = new MyAuthProvider(mockOptions)
+      expect(auth).toBeInstanceOf(MyAuthProvider)
+    })
+    it('should throw error when required options are missing', () => {
+      expect(() => new MyAuthProvider({})).toThrow('Auth API URL and API key are required')
+    })
+  })
+  describe('authenticateToken', () => {
+    it('should return user when token is valid', async () => {
+      const mockUser = { id: 'user123', email: 'test@example.com', roles: ['read'] }
+      ;(fetch as any).mockResolvedValue({
+        ok: true,
+        json: () => Promise.resolve(mockUser),
+      })
+      const auth = new MyAuthProvider(mockOptions)
+      const result = await auth.authenticateToken('valid-token', {} as any)
+      expect(fetch).toHaveBeenCalledWith(
+        'https://auth.example.com/verify',
+        expect.objectContaining({
+          method: 'POST',
+          body: JSON.stringify({ token: 'valid-token' }),
+        }),
+      )
+      expect(result).toEqual(mockUser)
+    })
+    it('should return null when token is invalid', async () => {
+      ;(fetch as any).mockResolvedValue({ ok: false })
+      const auth = new MyAuthProvider(mockOptions)
+      const result = await auth.authenticateToken('invalid-token', {} as any)
+      expect(result).toBeNull()
+    })
+  })
+  describe('authorizeUser', () => {
+    it('should return true when user has valid id', async () => {
+      const auth = new MyAuthProvider(mockOptions)
+      const result = await auth.authorizeUser(
+        { id: 'user123', email: 'test@example.com', roles: [] },
+        {} as any,
+      )
+      expect(result).toBe(true)
+    })
+    it('should return false when user has no id', async () => {
+      const auth = new MyAuthProvider(mockOptions)
+      const result = await auth.authorizeUser(
+        { id: '', email: 'test@example.com', roles: [] },
+        {} as any,
+      )
+      expect(result).toBe(false)
+    })
+  })
+  describe('custom authorization', () => {
+    it('should use custom authorizeUser when provided', async () => {
+      const auth = new MyAuthProvider({
+        ...mockOptions,
+        authorizeUser: user => user.roles.includes('admin'),
+      })
+      const adminUser = { id: 'user123', email: 'admin@example.com', roles: ['admin'] }
+      const regularUser = { id: 'user456', email: 'user@example.com', roles: ['read'] }
+      expect(await auth.authorizeUser(adminUser, {} as any)).toBe(true)
+      expect(await auth.authorizeUser(regularUser, {} as any)).toBe(false)
+    })
+  })
+  describe('route configuration', () => {
+    it('should store public routes configuration', () => {
+      const publicRoutes = ['/health', '/api/status']
+      const auth = new MyAuthProvider({
+        ...mockOptions,
+        public: publicRoutes,
+      })
+      expect(auth.public).toEqual(publicRoutes)
+    })
+    it('should store protected routes configuration', () => {
+      const protectedRoutes = ['/api/*', '/admin/*']
+      const auth = new MyAuthProvider({
+        ...mockOptions,
+        protected: protectedRoutes,
+      })
+      expect(auth.protected).toEqual(protectedRoutes)
+    })
+  })
+})
+```
+## Error Handling
+Provide descriptive errors for common failure scenarios:
+```typescript
+export class MyAuthProvider extends MastraAuthProvider<MyUser> {
+  constructor(options?: MyAuthOptions) {
+    super({ name: options?.name ?? 'my-auth' })
+    const apiUrl = options?.apiUrl ?? process.env.MY_AUTH_API_URL
+    const apiKey = options?.apiKey ?? process.env.MY_AUTH_API_KEY
+    if (!apiUrl) {
+      throw new Error(
+        'Missing MY_AUTH_API_URL. Set the environment variable or pass apiUrl in options.',
+      )
+    }
+    if (!apiKey) {
+      throw new Error(
+        'Missing MY_AUTH_API_KEY. Set the environment variable or pass apiKey in options.',
+      )
+    }
+    this.apiUrl = apiUrl
+    this.apiKey = apiKey
+    this.registerOptions(options)
+  }
+  async authenticateToken(token: string): Promise<MyUser | null> {
+    if (!token || typeof token !== 'string') {
+      return null // Immediate safe fail
+    }
+    try {
+      const response = await fetch(`${this.apiUrl}/verify`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-API-Key': this.apiKey,
+        },
+        body: JSON.stringify({ token }),
+      })
+      if (!response.ok) {
+        return null
+      }
+      return await response.json()
+    } catch (error) {
+      // Log error for debugging, but don't expose details to client
+      console.error('Auth verification error:', error)
+      return null
+    }
+  }
+}
+```
+## Built-in Providers
+Mastra includes these auth providers as reference implementations:
+- **MastraJwtAuth**: Simple JWT verification with HMAC secrets (`@mastra/auth`)
+- **MastraAuthClerk**: Clerk authentication (`@mastra/auth-clerk`)
+- **MastraAuthAuth0**: Auth0 authentication (`@mastra/auth-auth0`)
+- **MastraAuthSupabase**: Supabase authentication (`@mastra/auth-supabase`)
+- **MastraAuthFirebase**: Firebase authentication (`@mastra/auth-firebase`)
+- **MastraAuthWorkOS**: WorkOS authentication (`@mastra/auth-workos`)
+- **MastraAuthBetterAuth**: Better Auth integration (`@mastra/auth-better-auth`)
+- **SimpleAuth**: Token-to-user mapping for development (`@mastra/core/server`)
+See the [source code](https://github.com/mastra-ai/mastra/tree/main/auth) for implementation details.
+## Related
+- [Auth Overview](https://mastra.ai/docs/server/auth) - Authentication concepts and configuration
+- [JWT Auth](https://mastra.ai/docs/server/auth/jwt) - Simple JWT authentication
+- [Clerk Auth](https://mastra.ai/docs/server/auth/clerk) - Clerk integration
+- [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes) - Controlling authentication on custom endpoints

package/dist/docs/{server/02-jwt.md → references/docs-server-auth-jwt.md} RENAMED Viewed

@@ -1,5 +1,3 @@
-> Documentation for the MastraJwtAuth class, which authenticates Mastra applications using JSON Web Tokens.
 # MastraJwtAuth Class
 The `MastraJwtAuth` class provides a lightweight authentication mechanism for Mastra using JSON Web Tokens (JWTs). It verifies incoming requests based on a shared secret and integrates with the Mastra server using the `auth` option.
@@ -8,15 +6,35 @@ The `MastraJwtAuth` class provides a lightweight authentication mechanism for Ma
 Before you can use the `MastraJwtAuth` class you have to install the `@mastra/auth` package.
+**npm**:
+```bash
+npm install @mastra/auth@latest
+```
+**pnpm**:
+```bash
+pnpm add @mastra/auth@latest
+```
+**Yarn**:
 ```bash
-npm install @mastra/auth@beta
+yarn add @mastra/auth@latest
+```
+**Bun**:
+```bash
+bun add @mastra/auth@latest
 ```
 ## Usage example
-```typescript {2,6-8} title="src/mastra/index.ts"
-import { Mastra } from "@mastra/core";
-import { MastraJwtAuth } from "@mastra/auth";
+```typescript
+import { Mastra } from '@mastra/core'
+import { MastraJwtAuth } from '@mastra/auth'
 export const mastra = new Mastra({
   server: {
@@ -24,67 +42,60 @@ export const mastra = new Mastra({
       secret: process.env.MASTRA_JWT_SECRET,
     }),
   },
-});
+})
 ```
-> **Note:**
-Visit [MastraJwtAuth](https://mastra.ai/reference/v1/auth/jwt) for all available configuration options.
+> **Info:** Visit [MastraJwtAuth](https://mastra.ai/reference/auth/jwt) for all available configuration options.
 ## Configuring `MastraClient`
 When `auth` is enabled, all requests made with `MastraClient` must include a valid JWT in the `Authorization` header:
-```typescript {6} title="lib/mastra/mastra-client.ts"
-import { MastraClient } from "@mastra/client-js";
+```typescript
+import { MastraClient } from '@mastra/client-js'
 export const mastraClient = new MastraClient({
-  baseUrl: "https://<mastra-api-url>",
+  baseUrl: 'https://<mastra-api-url>',
   headers: {
     Authorization: `Bearer ${process.env.MASTRA_JWT_TOKEN}`,
   },
-});
+})
 ```
-> **Note:**
-Visit [Mastra Client SDK](https://mastra.ai/docs/v1/server/mastra-client) for more configuration options.
+> **Info:** Visit [Mastra Client SDK](https://mastra.ai/docs/server/mastra-client) for more configuration options.
 ### Making authenticated requests
 Once `MastraClient` is configured, you can send authenticated requests from your frontend application, or use `curl` for quick local testing:
-  **react:**
-    ```tsx title="src/components/test-agent.tsx" copy
-    import { mastraClient } from "../../lib/mastra-client";
+**React**:
-    export const TestAgent = () => {
-      async function handleClick() {
-        const agent = mastraClient.getAgent("weatherAgent");
+```tsx
+import { mastraClient } from '../../lib/mastra-client'
-        const response = await agent.generate("Weather in London");
+export const TestAgent = () => {
+  async function handleClick() {
+    const agent = mastraClient.getAgent('weatherAgent')
-        console.log(response);
-      }
+    const response = await agent.generate('Weather in London')
-      return <button onClick={handleClick}>Test Agent</button>;
-    };
-    ```
+    console.log(response)
+  }
-  **curl:**
+  return <button onClick={handleClick}>Test Agent</button>
+}
+```
-    ```bash
-    curl -X POST http://localhost:4111/api/agents/weatherAgent/generate \
-      -H "Content-Type: application/json" \
-      -H "Authorization: Bearer <your-jwt>" \
-      -d '{
-        "messages": "Weather in London"
-      }'
-    ```
+**cURL**:
+```bash
+curl -X POST http://localhost:4111/api/agents/weatherAgent/generate \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer <your-jwt>" \
+  -d '{
+    "messages": "Weather in London"
+  }'
+```
 ## Creating a JWT

package/dist/docs/references/docs-server-auth.md ADDED Viewed

@@ -0,0 +1,38 @@
+# Auth Overview
+Mastra lets you choose how you handle authentication, so you can secure access to your application's endpoints using the identity system that fits your stack.
+You can start with simple shared secret JWT authentication and switch to providers like Supabase, Firebase Auth, Auth0, Clerk, or WorkOS when you need more advanced identity features.
+## Default behavior
+Authentication is optional in Mastra. When you configure authentication:
+- **All built-in API routes** (`/api/agents/*`, `/api/workflows/*`, etc.) require authentication by default
+- **Custom API routes** also require authentication by default
+- **Public access** can be enabled on custom routes using `requiresAuth: false`
+If no authentication is configured, all routes are publicly accessible.
+See [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes) for controlling authentication on custom endpoints.
+## Available providers
+### Built-in
+- [Simple Auth](https://mastra.ai/docs/server/auth/simple-auth) - Token-to-user mapping for development and API keys
+- [JSON Web Token (JWT)](https://mastra.ai/docs/server/auth/jwt) - HMAC-signed JWT verification
+### Third-party integrations
+- [Auth0](https://mastra.ai/docs/server/auth/auth0)
+- [Better Auth](https://mastra.ai/docs/server/auth/better-auth)
+- [Clerk](https://mastra.ai/docs/server/auth/clerk)
+- [Firebase](https://mastra.ai/docs/server/auth/firebase)
+- [Supabase](https://mastra.ai/docs/server/auth/supabase)
+- [WorkOS](https://mastra.ai/docs/server/auth/workos)
+### Advanced
+- [Composite Auth](https://mastra.ai/docs/server/auth/composite-auth) - Combine multiple auth providers
+- [Custom Auth Provider](https://mastra.ai/docs/server/auth/custom-auth-provider) - Build your own provider

package/dist/docs/references/reference-auth-jwt.md ADDED Viewed

@@ -0,0 +1,26 @@
+# MastraJwtAuth Class
+The `MastraJwtAuth` class provides a lightweight authentication mechanism for Mastra using JSON Web Tokens (JWTs). It verifies incoming requests based on a shared secret and integrates with the Mastra server using the `auth` option.
+## Usage example
+```typescript
+import { Mastra } from '@mastra/core'
+import { MastraJwtAuth } from '@mastra/auth'
+export const mastra = new Mastra({
+  server: {
+    auth: new MastraJwtAuth({
+      secret: '<your-secret>',
+    }),
+  },
+})
+```
+## Constructor parameters
+**secret** (`string`): A unique string used to sign and verify JSON Web Tokens (JWTs) for authenticating incoming requests.
+## Related
+[MastraJwtAuth](https://mastra.ai/docs/server/auth/jwt)

package/dist/index.cjs CHANGED Viewed

@@ -33,7 +33,7 @@ async function verifyJwks(accessToken, jwksUri) {
   return jwt__default.default.verify(accessToken, signingKey);
 }
-// ../core/dist/chunk-NRUZYMHE.js
+// ../core/dist/chunk-X2WMFSPB.js
 var RegisteredLogger = {
   LLM: "LLM"};
 var LogLevel = {
@@ -121,16 +121,36 @@ var ConsoleLogger = class extends MastraLogger {
   }
 };
-// ../core/dist/chunk-LSHPJWM5.js
+// ../core/dist/chunk-WCAFTXGK.js
 var MastraBase = class {
   component = RegisteredLogger.LLM;
   logger;
   name;
-  constructor({ component, name }) {
+  #rawConfig;
+  constructor({
+    component,
+    name,
+    rawConfig
+  }) {
     this.component = component || RegisteredLogger.LLM;
     this.name = name;
+    this.#rawConfig = rawConfig;
     this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });
   }
+  /**
+   * Returns the raw storage configuration this primitive was created from,
+   * or undefined if it was created from code.
+   */
+  toRawConfig() {
+    return this.#rawConfig;
+  }
+  /**
+   * Sets the raw storage configuration for this primitive.
+   * @internal
+   */
+  __setRawConfig(rawConfig) {
+    this.#rawConfig = rawConfig;
+  }
   /**
    * Set the logger for the agent
    * @param logger

package/dist/index.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/utils.ts","../../core/src/logger/constants.ts","../../core/src/logger/logger.ts","../../core/src/logger/default-logger.ts","../../core/src/base.ts","../../core/src/server/auth.ts","../src/jwt.ts"],"names":["jwt","jwksClient"],"mappings":";;;;;;;;;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAASC,2BAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAOD,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;;;ACjCO,IAAM,gBAAA,GAAmB;EAM9B,GAAA,EAAK,KAYP,CAAA;AAIO,IAAM,QAAA,GAAW;EACtB,KAAA,EAAO,OAAA;EACP,IAAA,EAAM,MAAA;EACN,IAAA,EAAM,MAAA;EACN,KAAA,EAAO,OAET,CAAA;ACMO,IAAe,eAAf,MAAqD;AAChD,EAAA,IAAA;AACA,EAAA,KAAA;AACA,EAAA,UAAA;EAEV,WAAA,CACE,OAAA,GAII,EAAA,EACJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,QAAA;AAC5B,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,QAAA,CAAS,KAAA;AACvC,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,GAAA,CAAI,MAAA,CAAO,QAAQ,OAAA,CAAQ,UAAA,IAAc,EAAE,CAAC,CAAA;AACpE,EAAA;EAOA,aAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;AAEA,EAAA,cAAA,CAAe,MAAA,EAAqB;AAAC,EAAA;EAErC,MAAM,QAAA,CACJ,aACA,MAAA,EAQA;AACA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,EAAG;AACrD,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,MAAA,EAAQ,IAAA,IAAQ,GAAG,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClG,IAAA;AAEA,IAAA,OACE,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,CAAG,QAAA,CAAS,MAAM,CAAA,IAAK;AACpD,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,QAAQ,IAAA,IAAQ,CAAA;AACtB,MAAA,OAAA,EAAS,QAAQ,OAAA,IAAW,GAAA;MAC5B,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AAEA,EAAA,MAAM,eAAA,CAAgB;AACpB,IAAA,WAAA;AACA,IAAA,KAAA;AACA,IAAA,QAAA;AACA,IAAA,MAAA;AACA,IAAA,QAAA;AACA,IAAA,OAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAUC;AACD,IAAA,IAAI,CAAC,eAAe,CAAC,IAAA,CAAK,WAAW,GAAA,CAAI,WAAW,CAAA,IAAK,CAAC,KAAA,EAAO;AAC/D,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,KAAA,EAAO,CAAA,EAAG,IAAA,EAAM,IAAA,IAAQ,CAAA,EAAG,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClF,IAAA;AAEA,IAAA,OACE,IAAA,CAAK,UAAA,CACF,GAAA,CAAI,WAAW,EACf,eAAA,CAAgB,EAAE,KAAA,EAAO,QAAA,EAAU,QAAQ,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,CAAA,IAAK;AACnF,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,IAAA,IAAQ,CAAA;AACd,MAAA,OAAA,EAAS,OAAA,IAAW,GAAA;MACpB,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AACF,CAAA;AC5GO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;EAC9C,WAAA,CACE,OAAA,GAGI,EAAA,EACJ;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACf,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjC,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,KAAK,KAAA,KAAU,QAAA,CAAS,QAAQ,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EAAO;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjG,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IACE,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,IACxB,KAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,UAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EACxB;AACA,MAAA,OAAA,CAAQ,KAAA,CAAM,OAAA,EAAS,GAAG,IAAI,CAAA;AAChC,IAAA;AACF,EAAA;EAEA,MAAM,QAAA,CACJ,cACA,OAAA,EAQA;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,GAAG,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AACpG,EAAA;AAEA,EAAA,MAAM,gBAAgB,KAAA,EASnB;AACD,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,GAAG,OAAA,EAAS,KAAA,CAAM,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAC9F,EAAA;AACF,CAAA;;;AC7EO,IAAM,aAAN,MAAiB;AACtB,EAAA,SAAA,GAA8B,gBAAA,CAAiB,GAAA;AACrC,EAAA,MAAA;AACV,EAAA,IAAA;EAEA,WAAA,CAAY,EAAE,SAAA,EAAW,IAAA,EAAA,EAAyD;AAChF,IAAA,IAAA,CAAK,SAAA,GAAY,aAAa,gBAAA,CAAiB,GAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,aAAA,CAAc,EAAE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,GAAA,EAAM,IAAA,CAAK,IAAI,CAAA,CAAA,EAAI,CAAA;AAC9E,EAAA;;;;;AAMA,EAAA,WAAA,CAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,IAAI,IAAA,CAAK,SAAA,KAAc,gBAAA,CAAiB,GAAA,EAAK;AAC3C,MAAA,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,0BAAA,EAA6B,IAAA,CAAK,SAAS,CAAA,QAAA,EAAW,IAAA,CAAK,IAAI,CAAA,CAAA,CAAG,CAAA;AACtF,IAAA;AACF,EAAA;AACF,CAAA;;;ACTO,IAAe,kBAAA,GAAf,cAA2D,UAAA,CAAW;AACpE,EAAA,SAAA;AACA,EAAA,MAAA;AAEP,EAAA,WAAA,CAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACtD,IAAA;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACzB,EAAA;AAkBU,EAAA,eAAA,CAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACnD,IAAA;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACxB,IAAA;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACrB,IAAA;AACF,EAAA;AACF,CAAA;AChDO,IAAM,aAAA,GAAN,cAA4B,kBAAA,CAA4B;AAAA,EACnD,MAAA;AAAA,EAEV,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOA,oBAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AACF","file":"index.cjs","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload \| null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload \|\| typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","// Constants and Types (keeping from original implementation)\nexport const RegisteredLogger = {\n AGENT: 'AGENT',\n OBSERVABILITY: 'OBSERVABILITY',\n AUTH: 'AUTH',\n NETWORK: 'NETWORK',\n WORKFLOW: 'WORKFLOW',\n LLM: 'LLM',\n TTS: 'TTS',\n VOICE: 'VOICE',\n VECTOR: 'VECTOR',\n BUNDLER: 'BUNDLER',\n DEPLOYER: 'DEPLOYER',\n MEMORY: 'MEMORY',\n STORAGE: 'STORAGE',\n EMBEDDINGS: 'EMBEDDINGS',\n MCP_SERVER: 'MCP_SERVER',\n SERVER_CACHE: 'SERVER_CACHE',\n SERVER: 'SERVER',\n} as const;\n\nexport type RegisteredLogger = (typeof RegisteredLogger)[keyof typeof RegisteredLogger];\n\nexport const LogLevel = {\n DEBUG: 'debug',\n INFO: 'info',\n WARN: 'warn',\n ERROR: 'error',\n NONE: 'silent',\n} as const;\n\nexport type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];\n","import type { MastraError } from '../error';\nimport { LogLevel } from './constants';\nimport type { BaseLogMessage, LoggerTransport } from './transport';\n\nexport interface IMastraLogger {\n debug(message: string, ...args: any[]): void;\n info(message: string, ...args: any[]): void;\n warn(message: string, ...args: any[]): void;\n error(message: string, ...args: any[]): void;\n trackException(error: MastraError): void;\n\n getTransports(): Map<string, LoggerTransport>;\n listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n}\n\nexport abstract class MastraLogger implements IMastraLogger {\n protected name: string;\n protected level: LogLevel;\n protected transports: Map<string, LoggerTransport>;\n\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n } = {},\n ) {\n this.name = options.name \|\| 'Mastra';\n this.level = options.level \|\| LogLevel.ERROR;\n this.transports = new Map(Object.entries(options.transports \|\| {}));\n }\n\n abstract debug(message: string, ...args: any[]): void;\n abstract info(message: string, ...args: any[]): void;\n abstract warn(message: string, ...args: any[]): void;\n abstract error(message: string, ...args: any[]): void;\n\n getTransports() {\n return this.transports;\n }\n\n trackException(_error: MastraError) {}\n\n async listLogs(\n transportId: string,\n params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n if (!transportId \|\| !this.transports.has(transportId)) {\n return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports.get(transportId)!.listLogs(params) ?? {\n logs: [],\n total: 0,\n page: params?.page ?? 1,\n perPage: params?.perPage ?? 100,\n hasMore: false,\n }\n );\n }\n\n async listLogsByRunId({\n transportId,\n runId,\n fromDate,\n toDate,\n logLevel,\n filters,\n page,\n perPage,\n }: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n if (!transportId \|\| !this.transports.has(transportId) \|\| !runId) {\n return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports\n .get(transportId)!\n .listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {\n logs: [],\n total: 0,\n page: page ?? 1,\n perPage: perPage ?? 100,\n hasMore: false,\n }\n );\n }\n}\n","import { LogLevel } from './constants';\nimport { MastraLogger } from './logger';\nimport type { LoggerTransport } from './transport';\n\nexport const createLogger = (options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n}) => {\n const logger = new ConsoleLogger(options);\n\n logger.warn(`createLogger is deprecated. Please use \"new ConsoleLogger()\" from \"@mastra/core/logger\" instead.`);\n\n return logger;\n};\n\nexport class ConsoleLogger extends MastraLogger {\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n } = {},\n ) {\n super(options);\n }\n\n debug(message: string, ...args: any[]): void {\n if (this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n info(message: string, ...args: any[]): void {\n if (this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n warn(message: string, ...args: any[]): void {\n if (this.level === LogLevel.WARN \|\| this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n error(message: string, ...args: any[]): void {\n if (\n this.level === LogLevel.ERROR \|\|\n this.level === LogLevel.WARN \|\|\n this.level === LogLevel.INFO \|\|\n this.level === LogLevel.DEBUG\n ) {\n console.error(message, ...args);\n }\n }\n\n async listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };\n }\n\n async listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };\n }\n}\n","import type { IMastraLogger } from './logger';\nimport { RegisteredLogger } from './logger/constants';\nimport { ConsoleLogger } from './logger/default-logger';\n\nexport class MastraBase {\n component: RegisteredLogger = RegisteredLogger.LLM;\n protected logger: IMastraLogger;\n name?: string;\n\n constructor({ component, name }: { component?: RegisteredLogger; name?: string }) {\n this.component = component \|\| RegisteredLogger.LLM;\n this.name = name;\n this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });\n }\n\n /*\n Set the logger for the agent\n * @param logger\n /\n __setLogger(logger: IMastraLogger) {\n this.logger = logger;\n\n if (this.component !== RegisteredLogger.LLM) {\n this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);\n }\n }\n}\n\nexport from './types';\n","import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> \| boolean;\n /*\n Protected paths for the auth provider\n /\n protected?: MastraAuthConfig['protected'];\n /\n Public paths for the auth provider\n /\n public?: MastraAuthConfig['public'];\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n }\n\n /\n Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n /\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser \| null>;\n\n /\n Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> \| boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> {\n protected secret: string;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n}\n"]}
1	+ {"version":3,"sources":["../src/utils.ts","../../core/src/logger/constants.ts","../../core/src/logger/logger.ts","../../core/src/logger/default-logger.ts","../../core/src/base.ts","../../core/src/server/auth.ts","../src/jwt.ts"],"names":["jwt","jwksClient"],"mappings":";;;;;;;;;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAASC,2BAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAOD,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;;;ACjCO,IAAM,gBAAA,GAAmB;EAM9B,GAAA,EAAK,KAaP,CAAA;AAIO,IAAM,QAAA,GAAW;EACtB,KAAA,EAAO,OAAA;EACP,IAAA,EAAM,MAAA;EACN,IAAA,EAAM,MAAA;EACN,KAAA,EAAO,OAET,CAAA;ACKO,IAAe,eAAf,MAAqD;AAChD,EAAA,IAAA;AACA,EAAA,KAAA;AACA,EAAA,UAAA;EAEV,WAAA,CACE,OAAA,GAII,EAAA,EACJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,QAAA;AAC5B,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,QAAA,CAAS,KAAA;AACvC,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,GAAA,CAAI,MAAA,CAAO,QAAQ,OAAA,CAAQ,UAAA,IAAc,EAAE,CAAC,CAAA;AACpE,EAAA;EAOA,aAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;AAEA,EAAA,cAAA,CAAe,MAAA,EAAqB;AAAC,EAAA;EAErC,MAAM,QAAA,CACJ,aACA,MAAA,EAQA;AACA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,EAAG;AACrD,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,MAAA,EAAQ,IAAA,IAAQ,GAAG,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClG,IAAA;AAEA,IAAA,OACE,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,CAAG,QAAA,CAAS,MAAM,CAAA,IAAK;AACpD,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,QAAQ,IAAA,IAAQ,CAAA;AACtB,MAAA,OAAA,EAAS,QAAQ,OAAA,IAAW,GAAA;MAC5B,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AAEA,EAAA,MAAM,eAAA,CAAgB;AACpB,IAAA,WAAA;AACA,IAAA,KAAA;AACA,IAAA,QAAA;AACA,IAAA,MAAA;AACA,IAAA,QAAA;AACA,IAAA,OAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAUC;AACD,IAAA,IAAI,CAAC,eAAe,CAAC,IAAA,CAAK,WAAW,GAAA,CAAI,WAAW,CAAA,IAAK,CAAC,KAAA,EAAO;AAC/D,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,KAAA,EAAO,CAAA,EAAG,IAAA,EAAM,IAAA,IAAQ,CAAA,EAAG,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClF,IAAA;AAEA,IAAA,OACE,IAAA,CAAK,UAAA,CACF,GAAA,CAAI,WAAW,EACf,eAAA,CAAgB,EAAE,KAAA,EAAO,QAAA,EAAU,QAAQ,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,CAAA,IAAK;AACnF,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,IAAA,IAAQ,CAAA;AACd,MAAA,OAAA,EAAS,OAAA,IAAW,GAAA;MACpB,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AACF,CAAA;AC5GO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;EAC9C,WAAA,CACE,OAAA,GAGI,EAAA,EACJ;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACf,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjC,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,KAAK,KAAA,KAAU,QAAA,CAAS,QAAQ,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EAAO;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjG,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IACE,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,IACxB,KAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,UAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EACxB;AACA,MAAA,OAAA,CAAQ,KAAA,CAAM,OAAA,EAAS,GAAG,IAAI,CAAA;AAChC,IAAA;AACF,EAAA;EAEA,MAAM,QAAA,CACJ,cACA,OAAA,EAQA;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,GAAG,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AACpG,EAAA;AAEA,EAAA,MAAM,gBAAgB,KAAA,EASnB;AACD,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,GAAG,OAAA,EAAS,KAAA,CAAM,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAC9F,EAAA;AACF,CAAA;;;AC7EO,IAAM,aAAN,MAAiB;AACtB,EAAA,SAAA,GAA8B,gBAAA,CAAiB,GAAA;AACrC,EAAA,MAAA;AACV,EAAA,IAAA;AACA,EAAA,UAAA;EAEA,WAAA,CAAY;AACV,IAAA,SAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAKC;AACD,IAAA,IAAA,CAAK,SAAA,GAAY,aAAa,gBAAA,CAAiB,GAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AAClB,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,aAAA,CAAc,EAAE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,GAAA,EAAM,IAAA,CAAK,IAAI,CAAA,CAAA,EAAI,CAAA;AAC9E,EAAA;;;;;EAMA,WAAA,GAAmD;AACjD,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;;;;;AAMA,EAAA,cAAA,CAAe,SAAA,EAA0C;AACvD,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AACpB,EAAA;;;;;AAMA,EAAA,WAAA,CAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,IAAI,IAAA,CAAK,SAAA,KAAc,gBAAA,CAAiB,GAAA,EAAK;AAC3C,MAAA,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,0BAAA,EAA6B,IAAA,CAAK,SAAS,CAAA,QAAA,EAAW,IAAA,CAAK,IAAI,CAAA,CAAA,CAAG,CAAA;AACtF,IAAA;AACF,EAAA;AACF,CAAA;;;ACnCO,IAAe,kBAAA,GAAf,cAA2D,UAAA,CAAW;AACpE,EAAA,SAAA;AACA,EAAA,MAAA;AAEP,EAAA,WAAA,CAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACtD,IAAA;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACzB,EAAA;AAkBU,EAAA,eAAA,CAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACnD,IAAA;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACxB,IAAA;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACrB,IAAA;AACF,EAAA;AACF,CAAA;AChDO,IAAM,aAAA,GAAN,cAA4B,kBAAA,CAA4B;AAAA,EACnD,MAAA;AAAA,EAEV,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOA,oBAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AACF","file":"index.cjs","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload \| null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload \|\| typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","// Constants and Types (keeping from original implementation)\nexport const RegisteredLogger = {\n AGENT: 'AGENT',\n OBSERVABILITY: 'OBSERVABILITY',\n AUTH: 'AUTH',\n NETWORK: 'NETWORK',\n WORKFLOW: 'WORKFLOW',\n LLM: 'LLM',\n TTS: 'TTS',\n VOICE: 'VOICE',\n VECTOR: 'VECTOR',\n BUNDLER: 'BUNDLER',\n DEPLOYER: 'DEPLOYER',\n MEMORY: 'MEMORY',\n STORAGE: 'STORAGE',\n EMBEDDINGS: 'EMBEDDINGS',\n MCP_SERVER: 'MCP_SERVER',\n SERVER_CACHE: 'SERVER_CACHE',\n SERVER: 'SERVER',\n WORKSPACE: 'WORKSPACE',\n} as const;\n\nexport type RegisteredLogger = (typeof RegisteredLogger)[keyof typeof RegisteredLogger];\n\nexport const LogLevel = {\n DEBUG: 'debug',\n INFO: 'info',\n WARN: 'warn',\n ERROR: 'error',\n NONE: 'silent',\n} as const;\n\nexport type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];\n","import type { MastraError } from '../error';\nimport { LogLevel } from './constants';\nimport type { BaseLogMessage, LoggerTransport } from './transport';\n\nexport interface IMastraLogger {\n debug(message: string, ...args: any[]): void;\n info(message: string, ...args: any[]): void;\n warn(message: string, ...args: any[]): void;\n error(message: string, ...args: any[]): void;\n trackException(error: MastraError): void;\n\n getTransports(): Map<string, LoggerTransport>;\n listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n}\n\nexport abstract class MastraLogger implements IMastraLogger {\n protected name: string;\n protected level: LogLevel;\n protected transports: Map<string, LoggerTransport>;\n\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n } = {},\n ) {\n this.name = options.name \|\| 'Mastra';\n this.level = options.level \|\| LogLevel.ERROR;\n this.transports = new Map(Object.entries(options.transports \|\| {}));\n }\n\n abstract debug(message: string, ...args: any[]): void;\n abstract info(message: string, ...args: any[]): void;\n abstract warn(message: string, ...args: any[]): void;\n abstract error(message: string, ...args: any[]): void;\n\n getTransports() {\n return this.transports;\n }\n\n trackException(_error: MastraError) {}\n\n async listLogs(\n transportId: string,\n params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n if (!transportId \|\| !this.transports.has(transportId)) {\n return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports.get(transportId)!.listLogs(params) ?? {\n logs: [],\n total: 0,\n page: params?.page ?? 1,\n perPage: params?.perPage ?? 100,\n hasMore: false,\n }\n );\n }\n\n async listLogsByRunId({\n transportId,\n runId,\n fromDate,\n toDate,\n logLevel,\n filters,\n page,\n perPage,\n }: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n if (!transportId \|\| !this.transports.has(transportId) \|\| !runId) {\n return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports\n .get(transportId)!\n .listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {\n logs: [],\n total: 0,\n page: page ?? 1,\n perPage: perPage ?? 100,\n hasMore: false,\n }\n );\n }\n}\n","import { LogLevel } from './constants';\nimport { MastraLogger } from './logger';\nimport type { LoggerTransport } from './transport';\n\nexport const createLogger = (options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n}) => {\n const logger = new ConsoleLogger(options);\n\n logger.warn(`createLogger is deprecated. Please use \"new ConsoleLogger()\" from \"@mastra/core/logger\" instead.`);\n\n return logger;\n};\n\nexport class ConsoleLogger extends MastraLogger {\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n } = {},\n ) {\n super(options);\n }\n\n debug(message: string, ...args: any[]): void {\n if (this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n info(message: string, ...args: any[]): void {\n if (this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n warn(message: string, ...args: any[]): void {\n if (this.level === LogLevel.WARN \|\| this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n error(message: string, ...args: any[]): void {\n if (\n this.level === LogLevel.ERROR \|\|\n this.level === LogLevel.WARN \|\|\n this.level === LogLevel.INFO \|\|\n this.level === LogLevel.DEBUG\n ) {\n console.error(message, ...args);\n }\n }\n\n async listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };\n }\n\n async listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };\n }\n}\n","import type { IMastraLogger } from './logger';\nimport { RegisteredLogger } from './logger/constants';\nimport { ConsoleLogger } from './logger/default-logger';\n\nexport class MastraBase {\n component: RegisteredLogger = RegisteredLogger.LLM;\n protected logger: IMastraLogger;\n name?: string;\n #rawConfig?: Record<string, unknown>;\n\n constructor({\n component,\n name,\n rawConfig,\n }: {\n component?: RegisteredLogger;\n name?: string;\n rawConfig?: Record<string, unknown>;\n }) {\n this.component = component \|\| RegisteredLogger.LLM;\n this.name = name;\n this.#rawConfig = rawConfig;\n this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });\n }\n\n /*\n Returns the raw storage configuration this primitive was created from,\n * or undefined if it was created from code.\n /\n toRawConfig(): Record<string, unknown> \| undefined {\n return this.#rawConfig;\n }\n\n /\n Sets the raw storage configuration for this primitive.\n * @internal\n /\n __setRawConfig(rawConfig: Record<string, unknown>): void {\n this.#rawConfig = rawConfig;\n }\n\n /\n Set the logger for the agent\n * @param logger\n /\n __setLogger(logger: IMastraLogger) {\n this.logger = logger;\n\n if (this.component !== RegisteredLogger.LLM) {\n this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);\n }\n }\n}\n\nexport from './types';\n","import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> \| boolean;\n /*\n Protected paths for the auth provider\n /\n protected?: MastraAuthConfig['protected'];\n /\n Public paths for the auth provider\n /\n public?: MastraAuthConfig['public'];\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n }\n\n /\n Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n /\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser \| null>;\n\n /\n Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> \| boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> {\n protected secret: string;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n}\n"]}

package/dist/index.js CHANGED Viewed

@@ -26,7 +26,7 @@ async function verifyJwks(accessToken, jwksUri) {
   return jwt.verify(accessToken, signingKey);
 }
-// ../core/dist/chunk-NRUZYMHE.js
+// ../core/dist/chunk-X2WMFSPB.js
 var RegisteredLogger = {
   LLM: "LLM"};
 var LogLevel = {
@@ -114,16 +114,36 @@ var ConsoleLogger = class extends MastraLogger {
   }
 };
-// ../core/dist/chunk-LSHPJWM5.js
+// ../core/dist/chunk-WCAFTXGK.js
 var MastraBase = class {
   component = RegisteredLogger.LLM;
   logger;
   name;
-  constructor({ component, name }) {
+  #rawConfig;
+  constructor({
+    component,
+    name,
+    rawConfig
+  }) {
     this.component = component || RegisteredLogger.LLM;
     this.name = name;
+    this.#rawConfig = rawConfig;
     this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });
   }
+  /**
+   * Returns the raw storage configuration this primitive was created from,
+   * or undefined if it was created from code.
+   */
+  toRawConfig() {
+    return this.#rawConfig;
+  }
+  /**
+   * Sets the raw storage configuration for this primitive.
+   * @internal
+   */
+  __setRawConfig(rawConfig) {
+    this.#rawConfig = rawConfig;
+  }
   /**
    * Set the logger for the agent
    * @param logger

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/utils.ts","../../core/src/logger/constants.ts","../../core/src/logger/logger.ts","../../core/src/logger/default-logger.ts","../../core/src/base.ts","../../core/src/server/auth.ts","../src/jwt.ts"],"names":["jwt"],"mappings":";;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;;;ACjCO,IAAM,gBAAA,GAAmB;EAM9B,GAAA,EAAK,KAYP,CAAA;AAIO,IAAM,QAAA,GAAW;EACtB,KAAA,EAAO,OAAA;EACP,IAAA,EAAM,MAAA;EACN,IAAA,EAAM,MAAA;EACN,KAAA,EAAO,OAET,CAAA;ACMO,IAAe,eAAf,MAAqD;AAChD,EAAA,IAAA;AACA,EAAA,KAAA;AACA,EAAA,UAAA;EAEV,WAAA,CACE,OAAA,GAII,EAAA,EACJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,QAAA;AAC5B,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,QAAA,CAAS,KAAA;AACvC,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,GAAA,CAAI,MAAA,CAAO,QAAQ,OAAA,CAAQ,UAAA,IAAc,EAAE,CAAC,CAAA;AACpE,EAAA;EAOA,aAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;AAEA,EAAA,cAAA,CAAe,MAAA,EAAqB;AAAC,EAAA;EAErC,MAAM,QAAA,CACJ,aACA,MAAA,EAQA;AACA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,EAAG;AACrD,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,MAAA,EAAQ,IAAA,IAAQ,GAAG,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClG,IAAA;AAEA,IAAA,OACE,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,CAAG,QAAA,CAAS,MAAM,CAAA,IAAK;AACpD,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,QAAQ,IAAA,IAAQ,CAAA;AACtB,MAAA,OAAA,EAAS,QAAQ,OAAA,IAAW,GAAA;MAC5B,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AAEA,EAAA,MAAM,eAAA,CAAgB;AACpB,IAAA,WAAA;AACA,IAAA,KAAA;AACA,IAAA,QAAA;AACA,IAAA,MAAA;AACA,IAAA,QAAA;AACA,IAAA,OAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAUC;AACD,IAAA,IAAI,CAAC,eAAe,CAAC,IAAA,CAAK,WAAW,GAAA,CAAI,WAAW,CAAA,IAAK,CAAC,KAAA,EAAO;AAC/D,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,KAAA,EAAO,CAAA,EAAG,IAAA,EAAM,IAAA,IAAQ,CAAA,EAAG,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClF,IAAA;AAEA,IAAA,OACE,IAAA,CAAK,UAAA,CACF,GAAA,CAAI,WAAW,EACf,eAAA,CAAgB,EAAE,KAAA,EAAO,QAAA,EAAU,QAAQ,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,CAAA,IAAK;AACnF,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,IAAA,IAAQ,CAAA;AACd,MAAA,OAAA,EAAS,OAAA,IAAW,GAAA;MACpB,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AACF,CAAA;AC5GO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;EAC9C,WAAA,CACE,OAAA,GAGI,EAAA,EACJ;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACf,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjC,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,KAAK,KAAA,KAAU,QAAA,CAAS,QAAQ,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EAAO;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjG,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IACE,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,IACxB,KAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,UAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EACxB;AACA,MAAA,OAAA,CAAQ,KAAA,CAAM,OAAA,EAAS,GAAG,IAAI,CAAA;AAChC,IAAA;AACF,EAAA;EAEA,MAAM,QAAA,CACJ,cACA,OAAA,EAQA;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,GAAG,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AACpG,EAAA;AAEA,EAAA,MAAM,gBAAgB,KAAA,EASnB;AACD,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,GAAG,OAAA,EAAS,KAAA,CAAM,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAC9F,EAAA;AACF,CAAA;;;AC7EO,IAAM,aAAN,MAAiB;AACtB,EAAA,SAAA,GAA8B,gBAAA,CAAiB,GAAA;AACrC,EAAA,MAAA;AACV,EAAA,IAAA;EAEA,WAAA,CAAY,EAAE,SAAA,EAAW,IAAA,EAAA,EAAyD;AAChF,IAAA,IAAA,CAAK,SAAA,GAAY,aAAa,gBAAA,CAAiB,GAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,aAAA,CAAc,EAAE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,GAAA,EAAM,IAAA,CAAK,IAAI,CAAA,CAAA,EAAI,CAAA;AAC9E,EAAA;;;;;AAMA,EAAA,WAAA,CAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,IAAI,IAAA,CAAK,SAAA,KAAc,gBAAA,CAAiB,GAAA,EAAK;AAC3C,MAAA,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,0BAAA,EAA6B,IAAA,CAAK,SAAS,CAAA,QAAA,EAAW,IAAA,CAAK,IAAI,CAAA,CAAA,CAAG,CAAA;AACtF,IAAA;AACF,EAAA;AACF,CAAA;;;ACTO,IAAe,kBAAA,GAAf,cAA2D,UAAA,CAAW;AACpE,EAAA,SAAA;AACA,EAAA,MAAA;AAEP,EAAA,WAAA,CAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACtD,IAAA;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACzB,EAAA;AAkBU,EAAA,eAAA,CAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACnD,IAAA;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACxB,IAAA;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACrB,IAAA;AACF,EAAA;AACF,CAAA;AChDO,IAAM,aAAA,GAAN,cAA4B,kBAAA,CAA4B;AAAA,EACnD,MAAA;AAAA,EAEV,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOA,GAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AACF","file":"index.js","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload \| null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload \|\| typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","// Constants and Types (keeping from original implementation)\nexport const RegisteredLogger = {\n AGENT: 'AGENT',\n OBSERVABILITY: 'OBSERVABILITY',\n AUTH: 'AUTH',\n NETWORK: 'NETWORK',\n WORKFLOW: 'WORKFLOW',\n LLM: 'LLM',\n TTS: 'TTS',\n VOICE: 'VOICE',\n VECTOR: 'VECTOR',\n BUNDLER: 'BUNDLER',\n DEPLOYER: 'DEPLOYER',\n MEMORY: 'MEMORY',\n STORAGE: 'STORAGE',\n EMBEDDINGS: 'EMBEDDINGS',\n MCP_SERVER: 'MCP_SERVER',\n SERVER_CACHE: 'SERVER_CACHE',\n SERVER: 'SERVER',\n} as const;\n\nexport type RegisteredLogger = (typeof RegisteredLogger)[keyof typeof RegisteredLogger];\n\nexport const LogLevel = {\n DEBUG: 'debug',\n INFO: 'info',\n WARN: 'warn',\n ERROR: 'error',\n NONE: 'silent',\n} as const;\n\nexport type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];\n","import type { MastraError } from '../error';\nimport { LogLevel } from './constants';\nimport type { BaseLogMessage, LoggerTransport } from './transport';\n\nexport interface IMastraLogger {\n debug(message: string, ...args: any[]): void;\n info(message: string, ...args: any[]): void;\n warn(message: string, ...args: any[]): void;\n error(message: string, ...args: any[]): void;\n trackException(error: MastraError): void;\n\n getTransports(): Map<string, LoggerTransport>;\n listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n}\n\nexport abstract class MastraLogger implements IMastraLogger {\n protected name: string;\n protected level: LogLevel;\n protected transports: Map<string, LoggerTransport>;\n\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n } = {},\n ) {\n this.name = options.name \|\| 'Mastra';\n this.level = options.level \|\| LogLevel.ERROR;\n this.transports = new Map(Object.entries(options.transports \|\| {}));\n }\n\n abstract debug(message: string, ...args: any[]): void;\n abstract info(message: string, ...args: any[]): void;\n abstract warn(message: string, ...args: any[]): void;\n abstract error(message: string, ...args: any[]): void;\n\n getTransports() {\n return this.transports;\n }\n\n trackException(_error: MastraError) {}\n\n async listLogs(\n transportId: string,\n params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n if (!transportId \|\| !this.transports.has(transportId)) {\n return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports.get(transportId)!.listLogs(params) ?? {\n logs: [],\n total: 0,\n page: params?.page ?? 1,\n perPage: params?.perPage ?? 100,\n hasMore: false,\n }\n );\n }\n\n async listLogsByRunId({\n transportId,\n runId,\n fromDate,\n toDate,\n logLevel,\n filters,\n page,\n perPage,\n }: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n if (!transportId \|\| !this.transports.has(transportId) \|\| !runId) {\n return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports\n .get(transportId)!\n .listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {\n logs: [],\n total: 0,\n page: page ?? 1,\n perPage: perPage ?? 100,\n hasMore: false,\n }\n );\n }\n}\n","import { LogLevel } from './constants';\nimport { MastraLogger } from './logger';\nimport type { LoggerTransport } from './transport';\n\nexport const createLogger = (options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n}) => {\n const logger = new ConsoleLogger(options);\n\n logger.warn(`createLogger is deprecated. Please use \"new ConsoleLogger()\" from \"@mastra/core/logger\" instead.`);\n\n return logger;\n};\n\nexport class ConsoleLogger extends MastraLogger {\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n } = {},\n ) {\n super(options);\n }\n\n debug(message: string, ...args: any[]): void {\n if (this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n info(message: string, ...args: any[]): void {\n if (this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n warn(message: string, ...args: any[]): void {\n if (this.level === LogLevel.WARN \|\| this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n error(message: string, ...args: any[]): void {\n if (\n this.level === LogLevel.ERROR \|\|\n this.level === LogLevel.WARN \|\|\n this.level === LogLevel.INFO \|\|\n this.level === LogLevel.DEBUG\n ) {\n console.error(message, ...args);\n }\n }\n\n async listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };\n }\n\n async listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };\n }\n}\n","import type { IMastraLogger } from './logger';\nimport { RegisteredLogger } from './logger/constants';\nimport { ConsoleLogger } from './logger/default-logger';\n\nexport class MastraBase {\n component: RegisteredLogger = RegisteredLogger.LLM;\n protected logger: IMastraLogger;\n name?: string;\n\n constructor({ component, name }: { component?: RegisteredLogger; name?: string }) {\n this.component = component \|\| RegisteredLogger.LLM;\n this.name = name;\n this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });\n }\n\n /*\n Set the logger for the agent\n * @param logger\n /\n __setLogger(logger: IMastraLogger) {\n this.logger = logger;\n\n if (this.component !== RegisteredLogger.LLM) {\n this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);\n }\n }\n}\n\nexport from './types';\n","import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> \| boolean;\n /*\n Protected paths for the auth provider\n /\n protected?: MastraAuthConfig['protected'];\n /\n Public paths for the auth provider\n /\n public?: MastraAuthConfig['public'];\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n }\n\n /\n Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n /\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser \| null>;\n\n /\n Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> \| boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> {\n protected secret: string;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n}\n"]}
1	+ {"version":3,"sources":["../src/utils.ts","../../core/src/logger/constants.ts","../../core/src/logger/logger.ts","../../core/src/logger/default-logger.ts","../../core/src/base.ts","../../core/src/server/auth.ts","../src/jwt.ts"],"names":["jwt"],"mappings":";;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;;;ACjCO,IAAM,gBAAA,GAAmB;EAM9B,GAAA,EAAK,KAaP,CAAA;AAIO,IAAM,QAAA,GAAW;EACtB,KAAA,EAAO,OAAA;EACP,IAAA,EAAM,MAAA;EACN,IAAA,EAAM,MAAA;EACN,KAAA,EAAO,OAET,CAAA;ACKO,IAAe,eAAf,MAAqD;AAChD,EAAA,IAAA;AACA,EAAA,KAAA;AACA,EAAA,UAAA;EAEV,WAAA,CACE,OAAA,GAII,EAAA,EACJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,QAAA;AAC5B,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,QAAA,CAAS,KAAA;AACvC,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,GAAA,CAAI,MAAA,CAAO,QAAQ,OAAA,CAAQ,UAAA,IAAc,EAAE,CAAC,CAAA;AACpE,EAAA;EAOA,aAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;AAEA,EAAA,cAAA,CAAe,MAAA,EAAqB;AAAC,EAAA;EAErC,MAAM,QAAA,CACJ,aACA,MAAA,EAQA;AACA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,EAAG;AACrD,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,MAAA,EAAQ,IAAA,IAAQ,GAAG,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClG,IAAA;AAEA,IAAA,OACE,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,CAAG,QAAA,CAAS,MAAM,CAAA,IAAK;AACpD,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,QAAQ,IAAA,IAAQ,CAAA;AACtB,MAAA,OAAA,EAAS,QAAQ,OAAA,IAAW,GAAA;MAC5B,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AAEA,EAAA,MAAM,eAAA,CAAgB;AACpB,IAAA,WAAA;AACA,IAAA,KAAA;AACA,IAAA,QAAA;AACA,IAAA,MAAA;AACA,IAAA,QAAA;AACA,IAAA,OAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAUC;AACD,IAAA,IAAI,CAAC,eAAe,CAAC,IAAA,CAAK,WAAW,GAAA,CAAI,WAAW,CAAA,IAAK,CAAC,KAAA,EAAO;AAC/D,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,KAAA,EAAO,CAAA,EAAG,IAAA,EAAM,IAAA,IAAQ,CAAA,EAAG,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClF,IAAA;AAEA,IAAA,OACE,IAAA,CAAK,UAAA,CACF,GAAA,CAAI,WAAW,EACf,eAAA,CAAgB,EAAE,KAAA,EAAO,QAAA,EAAU,QAAQ,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,CAAA,IAAK;AACnF,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,IAAA,IAAQ,CAAA;AACd,MAAA,OAAA,EAAS,OAAA,IAAW,GAAA;MACpB,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AACF,CAAA;AC5GO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;EAC9C,WAAA,CACE,OAAA,GAGI,EAAA,EACJ;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACf,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjC,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,KAAK,KAAA,KAAU,QAAA,CAAS,QAAQ,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EAAO;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjG,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IACE,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,IACxB,KAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,UAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EACxB;AACA,MAAA,OAAA,CAAQ,KAAA,CAAM,OAAA,EAAS,GAAG,IAAI,CAAA;AAChC,IAAA;AACF,EAAA;EAEA,MAAM,QAAA,CACJ,cACA,OAAA,EAQA;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,GAAG,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AACpG,EAAA;AAEA,EAAA,MAAM,gBAAgB,KAAA,EASnB;AACD,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,GAAG,OAAA,EAAS,KAAA,CAAM,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAC9F,EAAA;AACF,CAAA;;;AC7EO,IAAM,aAAN,MAAiB;AACtB,EAAA,SAAA,GAA8B,gBAAA,CAAiB,GAAA;AACrC,EAAA,MAAA;AACV,EAAA,IAAA;AACA,EAAA,UAAA;EAEA,WAAA,CAAY;AACV,IAAA,SAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAKC;AACD,IAAA,IAAA,CAAK,SAAA,GAAY,aAAa,gBAAA,CAAiB,GAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AAClB,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,aAAA,CAAc,EAAE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,GAAA,EAAM,IAAA,CAAK,IAAI,CAAA,CAAA,EAAI,CAAA;AAC9E,EAAA;;;;;EAMA,WAAA,GAAmD;AACjD,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;;;;;AAMA,EAAA,cAAA,CAAe,SAAA,EAA0C;AACvD,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AACpB,EAAA;;;;;AAMA,EAAA,WAAA,CAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,IAAI,IAAA,CAAK,SAAA,KAAc,gBAAA,CAAiB,GAAA,EAAK;AAC3C,MAAA,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,0BAAA,EAA6B,IAAA,CAAK,SAAS,CAAA,QAAA,EAAW,IAAA,CAAK,IAAI,CAAA,CAAA,CAAG,CAAA;AACtF,IAAA;AACF,EAAA;AACF,CAAA;;;ACnCO,IAAe,kBAAA,GAAf,cAA2D,UAAA,CAAW;AACpE,EAAA,SAAA;AACA,EAAA,MAAA;AAEP,EAAA,WAAA,CAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACtD,IAAA;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACzB,EAAA;AAkBU,EAAA,eAAA,CAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACnD,IAAA;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACxB,IAAA;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACrB,IAAA;AACF,EAAA;AACF,CAAA;AChDO,IAAM,aAAA,GAAN,cAA4B,kBAAA,CAA4B;AAAA,EACnD,MAAA;AAAA,EAEV,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOA,GAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AACF","file":"index.js","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload \| null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload \|\| typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","// Constants and Types (keeping from original implementation)\nexport const RegisteredLogger = {\n AGENT: 'AGENT',\n OBSERVABILITY: 'OBSERVABILITY',\n AUTH: 'AUTH',\n NETWORK: 'NETWORK',\n WORKFLOW: 'WORKFLOW',\n LLM: 'LLM',\n TTS: 'TTS',\n VOICE: 'VOICE',\n VECTOR: 'VECTOR',\n BUNDLER: 'BUNDLER',\n DEPLOYER: 'DEPLOYER',\n MEMORY: 'MEMORY',\n STORAGE: 'STORAGE',\n EMBEDDINGS: 'EMBEDDINGS',\n MCP_SERVER: 'MCP_SERVER',\n SERVER_CACHE: 'SERVER_CACHE',\n SERVER: 'SERVER',\n WORKSPACE: 'WORKSPACE',\n} as const;\n\nexport type RegisteredLogger = (typeof RegisteredLogger)[keyof typeof RegisteredLogger];\n\nexport const LogLevel = {\n DEBUG: 'debug',\n INFO: 'info',\n WARN: 'warn',\n ERROR: 'error',\n NONE: 'silent',\n} as const;\n\nexport type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];\n","import type { MastraError } from '../error';\nimport { LogLevel } from './constants';\nimport type { BaseLogMessage, LoggerTransport } from './transport';\n\nexport interface IMastraLogger {\n debug(message: string, ...args: any[]): void;\n info(message: string, ...args: any[]): void;\n warn(message: string, ...args: any[]): void;\n error(message: string, ...args: any[]): void;\n trackException(error: MastraError): void;\n\n getTransports(): Map<string, LoggerTransport>;\n listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n}\n\nexport abstract class MastraLogger implements IMastraLogger {\n protected name: string;\n protected level: LogLevel;\n protected transports: Map<string, LoggerTransport>;\n\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n } = {},\n ) {\n this.name = options.name \|\| 'Mastra';\n this.level = options.level \|\| LogLevel.ERROR;\n this.transports = new Map(Object.entries(options.transports \|\| {}));\n }\n\n abstract debug(message: string, ...args: any[]): void;\n abstract info(message: string, ...args: any[]): void;\n abstract warn(message: string, ...args: any[]): void;\n abstract error(message: string, ...args: any[]): void;\n\n getTransports() {\n return this.transports;\n }\n\n trackException(_error: MastraError) {}\n\n async listLogs(\n transportId: string,\n params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n if (!transportId \|\| !this.transports.has(transportId)) {\n return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports.get(transportId)!.listLogs(params) ?? {\n logs: [],\n total: 0,\n page: params?.page ?? 1,\n perPage: params?.perPage ?? 100,\n hasMore: false,\n }\n );\n }\n\n async listLogsByRunId({\n transportId,\n runId,\n fromDate,\n toDate,\n logLevel,\n filters,\n page,\n perPage,\n }: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n if (!transportId \|\| !this.transports.has(transportId) \|\| !runId) {\n return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports\n .get(transportId)!\n .listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {\n logs: [],\n total: 0,\n page: page ?? 1,\n perPage: perPage ?? 100,\n hasMore: false,\n }\n );\n }\n}\n","import { LogLevel } from './constants';\nimport { MastraLogger } from './logger';\nimport type { LoggerTransport } from './transport';\n\nexport const createLogger = (options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n}) => {\n const logger = new ConsoleLogger(options);\n\n logger.warn(`createLogger is deprecated. Please use \"new ConsoleLogger()\" from \"@mastra/core/logger\" instead.`);\n\n return logger;\n};\n\nexport class ConsoleLogger extends MastraLogger {\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n } = {},\n ) {\n super(options);\n }\n\n debug(message: string, ...args: any[]): void {\n if (this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n info(message: string, ...args: any[]): void {\n if (this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n warn(message: string, ...args: any[]): void {\n if (this.level === LogLevel.WARN \|\| this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n error(message: string, ...args: any[]): void {\n if (\n this.level === LogLevel.ERROR \|\|\n this.level === LogLevel.WARN \|\|\n this.level === LogLevel.INFO \|\|\n this.level === LogLevel.DEBUG\n ) {\n console.error(message, ...args);\n }\n }\n\n async listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };\n }\n\n async listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };\n }\n}\n","import type { IMastraLogger } from './logger';\nimport { RegisteredLogger } from './logger/constants';\nimport { ConsoleLogger } from './logger/default-logger';\n\nexport class MastraBase {\n component: RegisteredLogger = RegisteredLogger.LLM;\n protected logger: IMastraLogger;\n name?: string;\n #rawConfig?: Record<string, unknown>;\n\n constructor({\n component,\n name,\n rawConfig,\n }: {\n component?: RegisteredLogger;\n name?: string;\n rawConfig?: Record<string, unknown>;\n }) {\n this.component = component \|\| RegisteredLogger.LLM;\n this.name = name;\n this.#rawConfig = rawConfig;\n this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });\n }\n\n /*\n Returns the raw storage configuration this primitive was created from,\n * or undefined if it was created from code.\n /\n toRawConfig(): Record<string, unknown> \| undefined {\n return this.#rawConfig;\n }\n\n /\n Sets the raw storage configuration for this primitive.\n * @internal\n /\n __setRawConfig(rawConfig: Record<string, unknown>): void {\n this.#rawConfig = rawConfig;\n }\n\n /\n Set the logger for the agent\n * @param logger\n /\n __setLogger(logger: IMastraLogger) {\n this.logger = logger;\n\n if (this.component !== RegisteredLogger.LLM) {\n this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);\n }\n }\n}\n\nexport from './types';\n","import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> \| boolean;\n /*\n Protected paths for the auth provider\n /\n protected?: MastraAuthConfig['protected'];\n /\n Public paths for the auth provider\n /\n public?: MastraAuthConfig['public'];\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n }\n\n /\n Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n /\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser \| null>;\n\n /\n Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> \| boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> {\n protected secret: string;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mastra/auth",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "",
   "type": "module",
   "files": [
@@ -25,21 +25,21 @@
   "author": "",
   "license": "Apache-2.0",
   "dependencies": {
-    "jsonwebtoken": "^9.0.2",
-    "jwks-rsa": "^3.2.0"
+    "jsonwebtoken": "^9.0.3",
+    "jwks-rsa": "^3.2.2"
   },
   "devDependencies": {
     "@types/jsonwebtoken": "^9.0.10",
-    "@types/node": "22.13.17",
-    "@vitest/coverage-v8": "4.0.12",
-    "@vitest/ui": "4.0.12",
+    "@types/node": "22.19.7",
+    "@vitest/coverage-v8": "4.0.18",
+    "@vitest/ui": "4.0.18",
     "eslint": "^9.37.0",
-    "tsup": "^8.5.0",
+    "tsup": "^8.5.1",
     "typescript": "^5.9.3",
-    "vitest": "4.0.16",
-    "@internal/lint": "0.0.54",
-    "@internal/types-builder": "0.0.29",
-    "@mastra/core": "1.0.0"
+    "vitest": "4.0.18",
+    "@mastra/core": "1.10.0",
+    "@internal/lint": "0.0.66",
+    "@internal/types-builder": "0.0.41"
   },
   "homepage": "https://mastra.ai",
   "repository": {
@@ -55,7 +55,6 @@
   },
   "scripts": {
     "build:lib": "tsup --silent --config tsup.config.ts",
-    "build:docs": "pnpx tsx ../../scripts/generate-package-docs.ts packages/auth",
     "build:watch": "tsup --watch --silent --config tsup.config.ts",
     "test": "vitest run",
     "lint": "eslint ."

package/dist/docs/README.md DELETED Viewed

@@ -1,32 +0,0 @@
-# @mastra/auth Documentation
-> Embedded documentation for coding agents
-## Quick Start
-```bash
-# Read the skill overview
-cat docs/SKILL.md
-# Get the source map
-cat docs/SOURCE_MAP.json
-# Read topic documentation
-cat docs/<topic>/01-overview.md
-```
-## Structure
-```
-docs/
-├── SKILL.md           # Entry point
-├── README.md          # This file
-├── SOURCE_MAP.json    # Export index
-├── auth/ (1 files)
-├── server/ (2 files)
-```
-## Version
-Package: @mastra/auth
-Version: 1.0.0

package/dist/docs/auth/01-reference.md DELETED Viewed

@@ -1,33 +0,0 @@
-# Auth API Reference
-> API reference for auth - 1 entries
----
-## Reference: MastraJwtAuth Class
-> API reference for the MastraJwtAuth class, which authenticates Mastra applications using JSON Web Tokens.
-The `MastraJwtAuth` class provides a lightweight authentication mechanism for Mastra using JSON Web Tokens (JWTs). It verifies incoming requests based on a shared secret and integrates with the Mastra server using the `auth` option.
-## Usage example
-```typescript title="src/mastra/index.ts"
-import { Mastra } from "@mastra/core";
-import { MastraJwtAuth } from "@mastra/auth";
-export const mastra = new Mastra({
-  server: {
-    auth: new MastraJwtAuth({
-      secret: "<your-secret>",
-    }),
-  },
-});
-```
-## Constructor parameters
-## Related
-[MastraJwtAuth](https://mastra.ai/docs/v1/server/auth/jwt)

package/dist/docs/server/01-index.md DELETED Viewed

@@ -1,16 +0,0 @@
-> Learn about different Auth options for your Mastra applications
-# Auth Overview
-Mastra lets you choose how you handle authentication, so you can secure access to your application's endpoints using the identity system that fits your stack.
-You can start with simple shared secret JWT authentication and switch to providers like Supabase, Firebase Auth, Auth0, Clerk, or WorkOS when you need more advanced identity features.
-## Available providers
-- [JSON Web Token (JWT)](https://mastra.ai/docs/v1/server/auth/jwt)
-- [Clerk](https://mastra.ai/docs/v1/server/auth/clerk)
-- [Supabase](https://mastra.ai/docs/v1/server/auth/supabase)
-- [Firebase](https://mastra.ai/docs/v1/server/auth/firebase)
-- [WorkOS](https://mastra.ai/docs/v1/server/auth/workos)
-- [Auth0](https://mastra.ai/docs/v1/server/auth/auth0)