@mastra/auth 1.0.2 → 1.1.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/CHANGELOG.md +29 -0
  2. package/dist/docs/SKILL.md +2 -2
  3. package/dist/docs/assets/SOURCE_MAP.json +1 -1
  4. package/dist/docs/references/docs-server-auth-custom-auth-provider.md +3 -5
  5. package/dist/docs/references/docs-server-auth-jwt.md +18 -14
  6. package/dist/docs/references/docs-server-auth.md +10 -7
  7. package/dist/docs/references/reference-auth-jwt.md +1 -1
  8. package/dist/index.cjs +2 -156
  9. package/dist/index.cjs.map +1 -1
  10. package/dist/index.js +1 -155
  11. package/dist/index.js.map +1 -1
  12. package/package.json +14 -10
package/CHANGELOG.md CHANGED
@@ -1,5 +1,34 @@
1
1
  # @mastra/auth
2
2
 
3
+ ## 1.1.0-alpha.0
4
+
5
+ ### Minor Changes
6
+
7
+ - Random bump ([#18178](https://github.com/mastra-ai/mastra/pull/18178))
8
+
9
+ ### Patch Changes
10
+
11
+ - Updated dependencies [[`7c0d868`](https://github.com/mastra-ai/mastra/commit/7c0d868d97d0fdbc04c14d0166dbf44d4c5a4a62), [`d9d2273`](https://github.com/mastra-ai/mastra/commit/d9d2273c702690c9a26eab2aebea879701d4355a), [`b04369d`](https://github.com/mastra-ai/mastra/commit/b04369d6b167c698ef103981171a8bf92808e756), [`8f3c262`](https://github.com/mastra-ai/mastra/commit/8f3c262587b335588a02d96b17fd6aca34c885b3)]:
12
+ - @mastra/core@1.45.0-alpha.0
13
+
14
+ ## 1.0.3
15
+
16
+ ### Patch Changes
17
+
18
+ - Security remediation for the 2026-06-17 "easy-day-js" supply-chain incident. Patch bump to publish clean versions and move the `latest` dist-tag forward, superseding the compromised versions that declared the malicious `easy-day-js` dependency. ([#18056](https://github.com/mastra-ai/mastra/pull/18056))
19
+
20
+ - Updated dependencies [[`339c57c`](https://github.com/mastra-ai/mastra/commit/339c57c5b2c6dbe75a125e138228e0556528976f), [`1dd4117`](https://github.com/mastra-ai/mastra/commit/1dd4117dcbd8e031ede9f0489436bfbc6f0315b8), [`2b11d1f`](https://github.com/mastra-ai/mastra/commit/2b11d1f6ac7024c5dd2b2dd12a48a956ac9d63bd), [`77a2351`](https://github.com/mastra-ai/mastra/commit/77a2351ee79296e360bce822cb3391f7cfd6489d), [`b7dff0a`](https://github.com/mastra-ai/mastra/commit/b7dff0a3d1022eb6868f48dc40a2b1febd5c277f), [`02087e1`](https://github.com/mastra-ai/mastra/commit/02087e1fbc54aa07f3071f7a200df1bf5be601a8), [`49af8df`](https://github.com/mastra-ai/mastra/commit/49af8df589c4ff71a5015a4553b377b32704b691), [`30ce559`](https://github.com/mastra-ai/mastra/commit/30ce55902ecf819b8ab8697398dd68b108228063), [`c241b92`](https://github.com/mastra-ai/mastra/commit/c241b929dc8c8d6a7b7219c99ed13ac1f3124a77), [`7d6ff70`](https://github.com/mastra-ai/mastra/commit/7d6ff708727297a0526ca0e26e93eeb5bbaaa187), [`ab975d4`](https://github.com/mastra-ai/mastra/commit/ab975d4dd9488752f05bda7afa03166d207e3e2a), [`9d6aa1b`](https://github.com/mastra-ai/mastra/commit/9d6aa1bae407e2afa6a089abc2a6accbbcb287b8)]:
21
+ - @mastra/core@1.44.0
22
+
23
+ ## 1.0.3-alpha.0
24
+
25
+ ### Patch Changes
26
+
27
+ - Security remediation for the 2026-06-17 "easy-day-js" supply-chain incident. Patch bump to publish clean versions and move the `latest` dist-tag forward, superseding the compromised versions that declared the malicious `easy-day-js` dependency. ([#18056](https://github.com/mastra-ai/mastra/pull/18056))
28
+
29
+ - Updated dependencies [[`77a2351`](https://github.com/mastra-ai/mastra/commit/77a2351ee79296e360bce822cb3391f7cfd6489d)]:
30
+ - @mastra/core@1.43.1-alpha.0
31
+
3
32
  ## 1.0.2
4
33
 
5
34
  ### Patch Changes
package/dist/docs/SKILL.md CHANGED
@@ -3,7 +3,7 @@ name: mastra-auth
3
3
  description: Documentation for @mastra/auth. Use when working with @mastra/auth APIs, configuration, or implementation.
4
4
  metadata:
5
5
  package: "@mastra/auth"
6
- version: "1.0.2"
6
+ version: "1.1.0-alpha.0"
7
7
  ---
8
8
 
9
9
  ## When to use
@@ -18,7 +18,7 @@ Read the individual reference documents for detailed explanations and code examp
18
18
 
19
19
  - [Auth overview](references/docs-server-auth.md) - Learn about different auth options for securing your Mastra API and Studio.
20
20
  - [Custom auth provider](references/docs-server-auth-custom-auth-provider.md) - Create custom authentication providers for specialized identity systems
21
- - [MastraJwtAuth class](references/docs-server-auth-jwt.md) - Documentation for the MastraJwtAuth class, which authenticates Mastra applications using JSON Web Tokens.
21
+ - [JSON Web Token](references/docs-server-auth-jwt.md) - Documentation for JSON Web Token usage inside Mastra.
22
22
 
23
23
  ### Reference
24
24
 
package/dist/docs/assets/SOURCE_MAP.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "1.0.2",
2
+ "version": "1.1.0-alpha.0",
3
3
  "package": "@mastra/auth",
4
4
  "exports": {},
5
5
  "modules": {}
package/dist/docs/references/docs-server-auth-custom-auth-provider.md CHANGED
@@ -1,4 +1,4 @@
1
- # Custom auth providers
1
+ # Custom auth provider
2
2
 
3
3
  Custom auth providers allow you to implement authentication for identity systems that aren't covered by the built-in providers. Extend the `MastraAuthProvider` base class to integrate with any authentication system.
4
4
 
@@ -507,7 +507,5 @@ See the [source code](https://github.com/mastra-ai/mastra/tree/main/auth) for im
507
507
 
508
508
  ## Related
509
509
 
510
- - [Auth Overview](https://mastra.ai/docs/server/auth) - Authentication concepts and configuration
511
- - [JWT Auth](https://mastra.ai/docs/server/auth/jwt) - Simple JWT authentication
512
- - [Clerk Auth](https://mastra.ai/docs/server/auth/clerk) - Clerk integration
513
- - [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes) - Controlling authentication on custom endpoints
510
+ - [Auth Overview](https://mastra.ai/docs/server/auth): Authentication concepts and configuration
511
+ - [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes): Controlling authentication on custom endpoints
package/dist/docs/references/docs-server-auth-jwt.md CHANGED
@@ -1,4 +1,4 @@
1
- # MastraJwtAuth class
1
+ # JSON Web Token
2
2
 
3
3
  The `MastraJwtAuth` class provides a lightweight authentication mechanism for Mastra using JSON Web Tokens (JWTs). It verifies incoming requests based on a shared secret and integrates with the Mastra server using the `auth` option.
4
4
 
@@ -30,8 +30,22 @@ yarn add @mastra/auth@latest
30
30
  bun add @mastra/auth@latest
31
31
  ```
32
32
 
33
+ ## Creating a JWT
34
+
35
+ To authenticate requests to your Mastra server, you'll need a valid JSON Web Token (JWT) signed with your `MASTRA_JWT_SECRET`.
36
+
37
+ The easiest way to generate one is using [jwt.io](https://www.jwt.io/):
38
+
39
+ 1. Select **JWT Encoder**.
40
+ 2. Scroll down to the **Sign JWT: Secret** section.
41
+ 3. Enter your secret (for example: `supersecretdevkeythatishs256safe!`).
42
+ 4. Click **Generate example** to create a valid JWT.
43
+ 5. Copy the generated token and set it as `MASTRA_JWT_TOKEN` in your `.env` file.
44
+
33
45
  ## Usage example
34
46
 
47
+ Take your generated JWT and use it to configure `MastraJwtAuth` in your Mastra server:
48
+
35
49
  ```typescript
36
50
  import { Mastra } from '@mastra/core'
37
51
  import { MastraJwtAuth } from '@mastra/auth'
@@ -47,6 +61,8 @@ export const mastra = new Mastra({
47
61
 
48
62
  > **Info:** Visit [MastraJwtAuth](https://mastra.ai/reference/auth/jwt) for all available configuration options.
49
63
 
64
+ Inside [Studio](https://mastra.ai/docs/studio/overview), go to **Settings** and under **Headers** select the **"Add Header"** button. Enter `Authorization` as the header name and `Bearer <your-jwt>` as the value.
65
+
50
66
  ## Configuring `MastraClient`
51
67
 
52
68
  When `auth` is enabled, all requests made with `MastraClient` must include a valid JWT in the `Authorization` header:
@@ -95,16 +111,4 @@ curl -X POST http://localhost:4111/api/agents/weatherAgent/generate \
95
111
  -d '{
96
112
  "messages": "Weather in London"
97
113
  }'
98
- ```
99
-
100
- ## Creating a JWT
101
-
102
- To authenticate requests to your Mastra server, you'll need a valid JSON Web Token (JWT) signed with your `MASTRA_JWT_SECRET`.
103
-
104
- The easiest way to generate one is using [jwt.io](https://www.jwt.io/):
105
-
106
- 1. Select **JWT Encoder**.
107
- 2. Scroll down to the **Sign JWT: Secret** section.
108
- 3. Enter your secret (for example: `supersecretdevkeythatishs256safe!`).
109
- 4. Click **Generate example** to create a valid JWT.
110
- 5. Copy the generated token and set it as `MASTRA_JWT_TOKEN` in your `.env` file.
114
+ ```
package/dist/docs/references/docs-server-auth.md CHANGED
@@ -1,8 +1,8 @@
1
1
  # Auth overview
2
2
 
3
- Mastra lets you choose how you handle authentication, so you can secure access to your API and [Studio](https://mastra.ai/docs/getting-started/studio) using the identity system that fits your stack.
3
+ Mastra lets you choose how you handle authentication, so you can secure access to your API and [Studio](https://mastra.ai/docs/studio/overview) using the identity system that fits your stack.
4
4
 
5
- You can start with basic shared secret JWT authentication and switch to providers like Supabase, Firebase Auth, Auth0, Clerk, or WorkOS when you need more advanced identity features.
5
+ You can start with basic shared secret JWT authentication and switch to known providers when you need more advanced identity features.
6
6
 
7
7
  ## What auth secures
8
8
 
@@ -13,14 +13,16 @@ Configuring authentication locks down two things at once:
13
13
 
14
14
  Authentication is optional. If no auth is configured, all routes and Studio are publicly accessible. Public access can be enabled on individual custom routes using `requiresAuth: false`.
15
15
 
16
- See [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes) for controlling authentication on custom endpoints.
16
+ See [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes) for controlling authentication on custom endpoints. Visit the [Studio Auth docs](https://mastra.ai/docs/studio/auth) for more on securing your Studio deployment.
17
+
18
+ > **Note:** Authentication for Studio is currently supported by the following providers: Simple Auth, JWT, WorkOS, and Better Auth.
17
19
 
18
20
  ## Available providers
19
21
 
20
22
  ### Built-in
21
23
 
22
- - [Simple Auth](https://mastra.ai/docs/server/auth/simple-auth) - Token-to-user mapping for development and API keys
23
- - [JSON Web Token (JWT)](https://mastra.ai/docs/server/auth/jwt) - HMAC-signed JWT verification
24
+ - [Simple Auth](https://mastra.ai/docs/server/auth/simple-auth): Token-to-user mapping for development and API keys
25
+ - [JSON Web Token (JWT)](https://mastra.ai/docs/server/auth/jwt): HMAC-signed JWT verification
24
26
 
25
27
  ### Third-party integrations
26
28
 
@@ -28,10 +30,11 @@ See [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes) for con
28
30
  - [Better Auth](https://mastra.ai/docs/server/auth/better-auth)
29
31
  - [Clerk](https://mastra.ai/docs/server/auth/clerk)
30
32
  - [Firebase](https://mastra.ai/docs/server/auth/firebase)
33
+ - [Okta](https://mastra.ai/docs/server/auth/okta)
31
34
  - [Supabase](https://mastra.ai/docs/server/auth/supabase)
32
35
  - [WorkOS](https://mastra.ai/docs/server/auth/workos)
33
36
 
34
37
  ### Advanced
35
38
 
36
- - [Composite Auth](https://mastra.ai/docs/server/auth/composite-auth) - Combine multiple auth providers
37
- - [Custom Auth Provider](https://mastra.ai/docs/server/auth/custom-auth-provider) - Build your own provider
39
+ - [Composite Auth](https://mastra.ai/docs/server/auth/composite-auth): Combine multiple auth providers
40
+ - [Custom Auth Provider](https://mastra.ai/docs/server/auth/custom-auth-provider): Build your own provider
package/dist/docs/references/reference-auth-jwt.md CHANGED
@@ -23,4 +23,4 @@ export const mastra = new Mastra({
23
23
 
24
24
  ## Related
25
25
 
26
- [MastraJwtAuth](https://mastra.ai/docs/server/auth/jwt)
26
+ - [JSON Web Token](https://mastra.ai/docs/server/auth/jwt)
package/dist/index.cjs CHANGED
@@ -2,6 +2,7 @@
2
2
 
3
3
  var jwt = require('jsonwebtoken');
4
4
  var jwksClient = require('jwks-rsa');
5
+ var server = require('@mastra/core/server');
5
6
 
6
7
  function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
7
8
 
@@ -32,161 +33,6 @@ async function verifyJwks(accessToken, jwksUri) {
32
33
  const signingKey = key.getPublicKey();
33
34
  return jwt__default.default.verify(accessToken, signingKey);
34
35
  }
35
-
36
- // ../core/dist/chunk-X2WMFSPB.js
37
- var RegisteredLogger = {
38
- LLM: "LLM"};
39
- var LogLevel = {
40
- DEBUG: "debug",
41
- INFO: "info",
42
- WARN: "warn",
43
- ERROR: "error"};
44
- var MastraLogger = class {
45
- name;
46
- level;
47
- transports;
48
- constructor(options = {}) {
49
- this.name = options.name || "Mastra";
50
- this.level = options.level || LogLevel.ERROR;
51
- this.transports = new Map(Object.entries(options.transports || {}));
52
- }
53
- getTransports() {
54
- return this.transports;
55
- }
56
- trackException(_error) {
57
- }
58
- async listLogs(transportId, params) {
59
- if (!transportId || !this.transports.has(transportId)) {
60
- return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };
61
- }
62
- return this.transports.get(transportId).listLogs(params) ?? {
63
- logs: [],
64
- total: 0,
65
- page: params?.page ?? 1,
66
- perPage: params?.perPage ?? 100,
67
- hasMore: false
68
- };
69
- }
70
- async listLogsByRunId({
71
- transportId,
72
- runId,
73
- fromDate,
74
- toDate,
75
- logLevel,
76
- filters,
77
- page,
78
- perPage
79
- }) {
80
- if (!transportId || !this.transports.has(transportId) || !runId) {
81
- return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };
82
- }
83
- return this.transports.get(transportId).listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {
84
- logs: [],
85
- total: 0,
86
- page: page ?? 1,
87
- perPage: perPage ?? 100,
88
- hasMore: false
89
- };
90
- }
91
- };
92
- var ConsoleLogger = class extends MastraLogger {
93
- constructor(options = {}) {
94
- super(options);
95
- }
96
- debug(message, ...args) {
97
- if (this.level === LogLevel.DEBUG) {
98
- console.info(message, ...args);
99
- }
100
- }
101
- info(message, ...args) {
102
- if (this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
103
- console.info(message, ...args);
104
- }
105
- }
106
- warn(message, ...args) {
107
- if (this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
108
- console.info(message, ...args);
109
- }
110
- }
111
- error(message, ...args) {
112
- if (this.level === LogLevel.ERROR || this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
113
- console.error(message, ...args);
114
- }
115
- }
116
- async listLogs(_transportId, _params) {
117
- return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };
118
- }
119
- async listLogsByRunId(_args) {
120
- return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };
121
- }
122
- };
123
-
124
- // ../core/dist/chunk-WCAFTXGK.js
125
- var MastraBase = class {
126
- component = RegisteredLogger.LLM;
127
- logger;
128
- name;
129
- #rawConfig;
130
- constructor({
131
- component,
132
- name,
133
- rawConfig
134
- }) {
135
- this.component = component || RegisteredLogger.LLM;
136
- this.name = name;
137
- this.#rawConfig = rawConfig;
138
- this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });
139
- }
140
- /**
141
- * Returns the raw storage configuration this primitive was created from,
142
- * or undefined if it was created from code.
143
- */
144
- toRawConfig() {
145
- return this.#rawConfig;
146
- }
147
- /**
148
- * Sets the raw storage configuration for this primitive.
149
- * @internal
150
- */
151
- __setRawConfig(rawConfig) {
152
- this.#rawConfig = rawConfig;
153
- }
154
- /**
155
- * Set the logger for the agent
156
- * @param logger
157
- */
158
- __setLogger(logger) {
159
- this.logger = logger;
160
- if (this.component !== RegisteredLogger.LLM) {
161
- this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);
162
- }
163
- }
164
- };
165
-
166
- // ../core/dist/server/index.js
167
- var MastraAuthProvider = class extends MastraBase {
168
- protected;
169
- public;
170
- constructor(options) {
171
- super({ component: "AUTH", name: options?.name });
172
- if (options?.authorizeUser) {
173
- this.authorizeUser = options.authorizeUser.bind(this);
174
- }
175
- this.protected = options?.protected;
176
- this.public = options?.public;
177
- }
178
- registerOptions(opts) {
179
- if (opts?.authorizeUser) {
180
- this.authorizeUser = opts.authorizeUser.bind(this);
181
- }
182
- if (opts?.protected) {
183
- this.protected = opts.protected;
184
- }
185
- if (opts?.public) {
186
- this.public = opts.public;
187
- }
188
- }
189
- };
190
36
  function str(value) {
191
37
  return typeof value === "string" ? value : void 0;
192
38
  }
@@ -202,7 +48,7 @@ function defaultMapUser(payload) {
202
48
  avatarUrl: str(payload.avatarUrl) || str(payload.avatar_url) || str(payload.picture)
203
49
  };
204
50
  }
205
- var MastraJwtAuth = class extends MastraAuthProvider {
51
+ var MastraJwtAuth = class extends server.MastraAuthProvider {
206
52
  secret;
207
53
  mapUser;
208
54
  constructor(options) {
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/utils.ts","../../core/src/logger/constants.ts","../../core/src/logger/logger.ts","../../core/src/logger/default-logger.ts","../../core/src/base.ts","../../core/src/server/auth.ts","../src/jwt.ts"],"names":["jwt","jwksClient"],"mappings":";;;;;;;;;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAASC,2BAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAOD,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;;;ACjCO,IAAM,gBAAA,GAAmB;EAM9B,GAAA,EAAK,KAaP,CAAA;AAIO,IAAM,QAAA,GAAW;EACtB,KAAA,EAAO,OAAA;EACP,IAAA,EAAM,MAAA;EACN,IAAA,EAAM,MAAA;EACN,KAAA,EAAO,OAET,CAAA;ACKO,IAAe,eAAf,MAAqD;AAChD,EAAA,IAAA;AACA,EAAA,KAAA;AACA,EAAA,UAAA;EAEV,WAAA,CACE,OAAA,GAII,EAAA,EACJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,QAAA;AAC5B,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,QAAA,CAAS,KAAA;AACvC,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,GAAA,CAAI,MAAA,CAAO,QAAQ,OAAA,CAAQ,UAAA,IAAc,EAAE,CAAC,CAAA;AACpE,EAAA;EAOA,aAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;AAEA,EAAA,cAAA,CAAe,MAAA,EAAqB;AAAC,EAAA;EAErC,MAAM,QAAA,CACJ,aACA,MAAA,EAQA;AACA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,EAAG;AACrD,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,MAAA,EAAQ,IAAA,IAAQ,GAAG,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClG,IAAA;AAEA,IAAA,OACE,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,CAAG,QAAA,CAAS,MAAM,CAAA,IAAK;AACpD,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,QAAQ,IAAA,IAAQ,CAAA;AACtB,MAAA,OAAA,EAAS,QAAQ,OAAA,IAAW,GAAA;MAC5B,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AAEA,EAAA,MAAM,eAAA,CAAgB;AACpB,IAAA,WAAA;AACA,IAAA,KAAA;AACA,IAAA,QAAA;AACA,IAAA,MAAA;AACA,IAAA,QAAA;AACA,IAAA,OAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAUC;AACD,IAAA,IAAI,CAAC,eAAe,CAAC,IAAA,CAAK,WAAW,GAAA,CAAI,WAAW,CAAA,IAAK,CAAC,KAAA,EAAO;AAC/D,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,KAAA,EAAO,CAAA,EAAG,IAAA,EAAM,IAAA,IAAQ,CAAA,EAAG,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClF,IAAA;AAEA,IAAA,OACE,IAAA,CAAK,UAAA,CACF,GAAA,CAAI,WAAW,EACf,eAAA,CAAgB,EAAE,KAAA,EAAO,QAAA,EAAU,QAAQ,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,CAAA,IAAK;AACnF,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,IAAA,IAAQ,CAAA;AACd,MAAA,OAAA,EAAS,OAAA,IAAW,GAAA;MACpB,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AACF,CAAA;AC5GO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;EAC9C,WAAA,CACE,OAAA,GAGI,EAAA,EACJ;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACf,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjC,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,KAAK,KAAA,KAAU,QAAA,CAAS,QAAQ,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EAAO;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjG,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IACE,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,IACxB,KAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,UAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EACxB;AACA,MAAA,OAAA,CAAQ,KAAA,CAAM,OAAA,EAAS,GAAG,IAAI,CAAA;AAChC,IAAA;AACF,EAAA;EAEA,MAAM,QAAA,CACJ,cACA,OAAA,EAQA;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,GAAG,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AACpG,EAAA;AAEA,EAAA,MAAM,gBAAgB,KAAA,EASnB;AACD,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,GAAG,OAAA,EAAS,KAAA,CAAM,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAC9F,EAAA;AACF,CAAA;;;AC7EO,IAAM,aAAN,MAAiB;AACtB,EAAA,SAAA,GAA8B,gBAAA,CAAiB,GAAA;AACrC,EAAA,MAAA;AACV,EAAA,IAAA;AACA,EAAA,UAAA;EAEA,WAAA,CAAY;AACV,IAAA,SAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAKC;AACD,IAAA,IAAA,CAAK,SAAA,GAAY,aAAa,gBAAA,CAAiB,GAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AAClB,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,aAAA,CAAc,EAAE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,GAAA,EAAM,IAAA,CAAK,IAAI,CAAA,CAAA,EAAI,CAAA;AAC9E,EAAA;;;;;EAMA,WAAA,GAAmD;AACjD,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;;;;;AAMA,EAAA,cAAA,CAAe,SAAA,EAA0C;AACvD,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AACpB,EAAA;;;;;AAMA,EAAA,WAAA,CAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,IAAI,IAAA,CAAK,SAAA,KAAc,gBAAA,CAAiB,GAAA,EAAK;AAC3C,MAAA,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,0BAAA,EAA6B,IAAA,CAAK,SAAS,CAAA,QAAA,EAAW,IAAA,CAAK,IAAI,CAAA,CAAA,CAAG,CAAA;AACtF,IAAA;AACF,EAAA;AACF,CAAA;;;ACnCO,IAAe,kBAAA,GAAf,cAA2D,UAAA,CAAW;AACpE,EAAA,SAAA;AACA,EAAA,MAAA;AAEP,EAAA,WAAA,CAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACtD,IAAA;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACzB,EAAA;AAkBU,EAAA,eAAA,CAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACnD,IAAA;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACxB,IAAA;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACrB,IAAA;AACF,EAAA;AACF,CAAA;AC9CA,SAAS,IAAI,KAAA,EAAoC;AAC/C,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,GAAW,KAAA,GAAQ,MAAA;AAC7C;AAEA,SAAS,eAAe,OAAA,EAA+B;AACrD,EAAA,MAAM,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,EAAA;AAAA,IACA,KAAA,EAAO,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA;AAAA,IACxB,IAAA,EAAM,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA;AAAA,IACtB,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,UAAU,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,OAAO;AAAA,GACrF;AACF;AAEO,IAAM,aAAA,GAAN,cAA4B,kBAAA,CAAqD;AAAA,EAC5E,MAAA;AAAA,EACF,OAAA;AAAA,EAER,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,SAAS,OAAA,IAAW,cAAA;AACnC,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOA,oBAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AAAA,EAEA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,IAAA,MAAM,KAAA,GAAQ,UAAA,EAAY,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,GAAI,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK,GAAI,IAAA;AAC7F,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAClD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAChD,MAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,MAAA,OAAO,IAAA,CAAK,QAAQ,OAAO,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,OAAA,EAAuC;AACnD,IAAA,OAAO,IAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload | null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload || typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","// Constants and Types (keeping from original implementation)\nexport const RegisteredLogger = {\n AGENT: 'AGENT',\n OBSERVABILITY: 'OBSERVABILITY',\n AUTH: 'AUTH',\n NETWORK: 'NETWORK',\n WORKFLOW: 'WORKFLOW',\n LLM: 'LLM',\n TTS: 'TTS',\n VOICE: 'VOICE',\n VECTOR: 'VECTOR',\n BUNDLER: 'BUNDLER',\n DEPLOYER: 'DEPLOYER',\n MEMORY: 'MEMORY',\n STORAGE: 'STORAGE',\n EMBEDDINGS: 'EMBEDDINGS',\n MCP_SERVER: 'MCP_SERVER',\n SERVER_CACHE: 'SERVER_CACHE',\n SERVER: 'SERVER',\n WORKSPACE: 'WORKSPACE',\n} as const;\n\nexport type RegisteredLogger = (typeof RegisteredLogger)[keyof typeof RegisteredLogger];\n\nexport const LogLevel = {\n DEBUG: 'debug',\n INFO: 'info',\n WARN: 'warn',\n ERROR: 'error',\n NONE: 'silent',\n} as const;\n\nexport type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];\n","import type { MastraError } from '../error';\nimport { LogLevel } from './constants';\nimport type { BaseLogMessage, LoggerTransport } from './transport';\n\nexport interface IMastraLogger {\n debug(message: string, ...args: any[]): void;\n info(message: string, ...args: any[]): void;\n warn(message: string, ...args: any[]): void;\n error(message: string, ...args: any[]): void;\n trackException(error: MastraError): void;\n\n getTransports(): Map<string, LoggerTransport>;\n listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n}\n\nexport abstract class MastraLogger implements IMastraLogger {\n protected name: string;\n protected level: LogLevel;\n protected transports: Map<string, LoggerTransport>;\n\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n } = {},\n ) {\n this.name = options.name || 'Mastra';\n this.level = options.level || LogLevel.ERROR;\n this.transports = new Map(Object.entries(options.transports || {}));\n }\n\n abstract debug(message: string, ...args: any[]): void;\n abstract info(message: string, ...args: any[]): void;\n abstract warn(message: string, ...args: any[]): void;\n abstract error(message: string, ...args: any[]): void;\n\n getTransports() {\n return this.transports;\n }\n\n trackException(_error: MastraError) {}\n\n async listLogs(\n transportId: string,\n params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n if (!transportId || !this.transports.has(transportId)) {\n return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports.get(transportId)!.listLogs(params) ?? {\n logs: [],\n total: 0,\n page: params?.page ?? 1,\n perPage: params?.perPage ?? 100,\n hasMore: false,\n }\n );\n }\n\n async listLogsByRunId({\n transportId,\n runId,\n fromDate,\n toDate,\n logLevel,\n filters,\n page,\n perPage,\n }: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n if (!transportId || !this.transports.has(transportId) || !runId) {\n return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports\n .get(transportId)!\n .listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {\n logs: [],\n total: 0,\n page: page ?? 1,\n perPage: perPage ?? 100,\n hasMore: false,\n }\n );\n }\n}\n","import { LogLevel } from './constants';\nimport { MastraLogger } from './logger';\nimport type { LoggerTransport } from './transport';\n\nexport const createLogger = (options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n}) => {\n const logger = new ConsoleLogger(options);\n\n logger.warn(`createLogger is deprecated. Please use \"new ConsoleLogger()\" from \"@mastra/core/logger\" instead.`);\n\n return logger;\n};\n\nexport class ConsoleLogger extends MastraLogger {\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n } = {},\n ) {\n super(options);\n }\n\n debug(message: string, ...args: any[]): void {\n if (this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n info(message: string, ...args: any[]): void {\n if (this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n warn(message: string, ...args: any[]): void {\n if (this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n error(message: string, ...args: any[]): void {\n if (\n this.level === LogLevel.ERROR ||\n this.level === LogLevel.WARN ||\n this.level === LogLevel.INFO ||\n this.level === LogLevel.DEBUG\n ) {\n console.error(message, ...args);\n }\n }\n\n async listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };\n }\n\n async listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };\n }\n}\n","import type { IMastraLogger } from './logger';\nimport { RegisteredLogger } from './logger/constants';\nimport { ConsoleLogger } from './logger/default-logger';\n\nexport class MastraBase {\n component: RegisteredLogger = RegisteredLogger.LLM;\n protected logger: IMastraLogger;\n name?: string;\n #rawConfig?: Record<string, unknown>;\n\n constructor({\n component,\n name,\n rawConfig,\n }: {\n component?: RegisteredLogger;\n name?: string;\n rawConfig?: Record<string, unknown>;\n }) {\n this.component = component || RegisteredLogger.LLM;\n this.name = name;\n this.#rawConfig = rawConfig;\n this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });\n }\n\n /**\n * Returns the raw storage configuration this primitive was created from,\n * or undefined if it was created from code.\n */\n toRawConfig(): Record<string, unknown> | undefined {\n return this.#rawConfig;\n }\n\n /**\n * Sets the raw storage configuration for this primitive.\n * @internal\n */\n __setRawConfig(rawConfig: Record<string, unknown>): void {\n this.#rawConfig = rawConfig;\n }\n\n /**\n * Set the logger for the agent\n * @param logger\n */\n __setLogger(logger: IMastraLogger) {\n this.logger = logger;\n\n if (this.component !== RegisteredLogger.LLM) {\n this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);\n }\n }\n}\n\nexport * from './types';\n","import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> | boolean;\n /**\n * Protected paths for the auth provider\n */\n protected?: MastraAuthConfig['protected'];\n /**\n * Public paths for the auth provider\n */\n public?: MastraAuthConfig['public'];\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n }\n\n /**\n * Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n */\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>;\n\n /**\n * Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> | boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import type { User, IUserProvider } from '@mastra/core/auth';\nimport { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n mapUser?: (payload: JwtUser) => User | null;\n}\n\nfunction str(value: unknown): string | undefined {\n return typeof value === 'string' ? value : undefined;\n}\n\nfunction defaultMapUser(payload: JwtUser): User | null {\n const id = str(payload.sub) || str(payload.id);\n if (!id) {\n return null;\n }\n return {\n id,\n email: str(payload.email),\n name: str(payload.name),\n avatarUrl: str(payload.avatarUrl) || str(payload.avatar_url) || str(payload.picture),\n };\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> implements IUserProvider {\n protected secret: string;\n private mapUser: (payload: JwtUser) => User | null;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.mapUser = options?.mapUser ?? defaultMapUser;\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n\n async getCurrentUser(request: Request): Promise<User | null> {\n const authHeader = request.headers.get('authorization');\n const token = authHeader?.toLowerCase().startsWith('bearer ') ? authHeader.slice(7).trim() : null;\n if (!token) return null;\n\n try {\n const payload = await this.authenticateToken(token);\n const allowed = await this.authorizeUser(payload);\n if (!allowed) return null;\n return this.mapUser(payload);\n } catch {\n return null;\n }\n }\n\n async getUser(_userId: string): Promise<User | null> {\n return null;\n }\n}\n"]}
1
+ {"version":3,"sources":["../src/utils.ts","../src/jwt.ts"],"names":["jwt","jwksClient","MastraAuthProvider"],"mappings":";;;;;;;;;;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAASC,2BAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAOD,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;ACrBA,SAAS,IAAI,KAAA,EAAoC;AAC/C,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,GAAW,KAAA,GAAQ,MAAA;AAC7C;AAEA,SAAS,eAAe,OAAA,EAA+B;AACrD,EAAA,MAAM,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,EAAA;AAAA,IACA,KAAA,EAAO,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA;AAAA,IACxB,IAAA,EAAM,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA;AAAA,IACtB,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,UAAU,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,OAAO;AAAA,GACrF;AACF;AAEO,IAAM,aAAA,GAAN,cAA4BE,yBAAA,CAAqD;AAAA,EAC5E,MAAA;AAAA,EACF,OAAA;AAAA,EAER,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,SAAS,OAAA,IAAW,cAAA;AACnC,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOF,oBAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AAAA,EAEA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,IAAA,MAAM,KAAA,GAAQ,UAAA,EAAY,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,GAAI,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK,GAAI,IAAA;AAC7F,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAClD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAChD,MAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,MAAA,OAAO,IAAA,CAAK,QAAQ,OAAO,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,OAAA,EAAuC;AACnD,IAAA,OAAO,IAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload | null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload || typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","import type { User, IUserProvider } from '@mastra/core/auth';\nimport { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n mapUser?: (payload: JwtUser) => User | null;\n}\n\nfunction str(value: unknown): string | undefined {\n return typeof value === 'string' ? value : undefined;\n}\n\nfunction defaultMapUser(payload: JwtUser): User | null {\n const id = str(payload.sub) || str(payload.id);\n if (!id) {\n return null;\n }\n return {\n id,\n email: str(payload.email),\n name: str(payload.name),\n avatarUrl: str(payload.avatarUrl) || str(payload.avatar_url) || str(payload.picture),\n };\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> implements IUserProvider {\n protected secret: string;\n private mapUser: (payload: JwtUser) => User | null;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.mapUser = options?.mapUser ?? defaultMapUser;\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n\n async getCurrentUser(request: Request): Promise<User | null> {\n const authHeader = request.headers.get('authorization');\n const token = authHeader?.toLowerCase().startsWith('bearer ') ? authHeader.slice(7).trim() : null;\n if (!token) return null;\n\n try {\n const payload = await this.authenticateToken(token);\n const allowed = await this.authorizeUser(payload);\n if (!allowed) return null;\n return this.mapUser(payload);\n } catch {\n return null;\n }\n }\n\n async getUser(_userId: string): Promise<User | null> {\n return null;\n }\n}\n"]}
package/dist/index.js CHANGED
@@ -1,5 +1,6 @@
1
1
  import jwt from 'jsonwebtoken';
2
2
  import jwksClient from 'jwks-rsa';
3
+ import { MastraAuthProvider } from '@mastra/core/server';
3
4
 
4
5
  // src/utils.ts
5
6
  async function decodeToken(accessToken) {
@@ -25,161 +26,6 @@ async function verifyJwks(accessToken, jwksUri) {
25
26
  const signingKey = key.getPublicKey();
26
27
  return jwt.verify(accessToken, signingKey);
27
28
  }
28
-
29
- // ../core/dist/chunk-X2WMFSPB.js
30
- var RegisteredLogger = {
31
- LLM: "LLM"};
32
- var LogLevel = {
33
- DEBUG: "debug",
34
- INFO: "info",
35
- WARN: "warn",
36
- ERROR: "error"};
37
- var MastraLogger = class {
38
- name;
39
- level;
40
- transports;
41
- constructor(options = {}) {
42
- this.name = options.name || "Mastra";
43
- this.level = options.level || LogLevel.ERROR;
44
- this.transports = new Map(Object.entries(options.transports || {}));
45
- }
46
- getTransports() {
47
- return this.transports;
48
- }
49
- trackException(_error) {
50
- }
51
- async listLogs(transportId, params) {
52
- if (!transportId || !this.transports.has(transportId)) {
53
- return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };
54
- }
55
- return this.transports.get(transportId).listLogs(params) ?? {
56
- logs: [],
57
- total: 0,
58
- page: params?.page ?? 1,
59
- perPage: params?.perPage ?? 100,
60
- hasMore: false
61
- };
62
- }
63
- async listLogsByRunId({
64
- transportId,
65
- runId,
66
- fromDate,
67
- toDate,
68
- logLevel,
69
- filters,
70
- page,
71
- perPage
72
- }) {
73
- if (!transportId || !this.transports.has(transportId) || !runId) {
74
- return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };
75
- }
76
- return this.transports.get(transportId).listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {
77
- logs: [],
78
- total: 0,
79
- page: page ?? 1,
80
- perPage: perPage ?? 100,
81
- hasMore: false
82
- };
83
- }
84
- };
85
- var ConsoleLogger = class extends MastraLogger {
86
- constructor(options = {}) {
87
- super(options);
88
- }
89
- debug(message, ...args) {
90
- if (this.level === LogLevel.DEBUG) {
91
- console.info(message, ...args);
92
- }
93
- }
94
- info(message, ...args) {
95
- if (this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
96
- console.info(message, ...args);
97
- }
98
- }
99
- warn(message, ...args) {
100
- if (this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
101
- console.info(message, ...args);
102
- }
103
- }
104
- error(message, ...args) {
105
- if (this.level === LogLevel.ERROR || this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
106
- console.error(message, ...args);
107
- }
108
- }
109
- async listLogs(_transportId, _params) {
110
- return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };
111
- }
112
- async listLogsByRunId(_args) {
113
- return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };
114
- }
115
- };
116
-
117
- // ../core/dist/chunk-WCAFTXGK.js
118
- var MastraBase = class {
119
- component = RegisteredLogger.LLM;
120
- logger;
121
- name;
122
- #rawConfig;
123
- constructor({
124
- component,
125
- name,
126
- rawConfig
127
- }) {
128
- this.component = component || RegisteredLogger.LLM;
129
- this.name = name;
130
- this.#rawConfig = rawConfig;
131
- this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });
132
- }
133
- /**
134
- * Returns the raw storage configuration this primitive was created from,
135
- * or undefined if it was created from code.
136
- */
137
- toRawConfig() {
138
- return this.#rawConfig;
139
- }
140
- /**
141
- * Sets the raw storage configuration for this primitive.
142
- * @internal
143
- */
144
- __setRawConfig(rawConfig) {
145
- this.#rawConfig = rawConfig;
146
- }
147
- /**
148
- * Set the logger for the agent
149
- * @param logger
150
- */
151
- __setLogger(logger) {
152
- this.logger = logger;
153
- if (this.component !== RegisteredLogger.LLM) {
154
- this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);
155
- }
156
- }
157
- };
158
-
159
- // ../core/dist/server/index.js
160
- var MastraAuthProvider = class extends MastraBase {
161
- protected;
162
- public;
163
- constructor(options) {
164
- super({ component: "AUTH", name: options?.name });
165
- if (options?.authorizeUser) {
166
- this.authorizeUser = options.authorizeUser.bind(this);
167
- }
168
- this.protected = options?.protected;
169
- this.public = options?.public;
170
- }
171
- registerOptions(opts) {
172
- if (opts?.authorizeUser) {
173
- this.authorizeUser = opts.authorizeUser.bind(this);
174
- }
175
- if (opts?.protected) {
176
- this.protected = opts.protected;
177
- }
178
- if (opts?.public) {
179
- this.public = opts.public;
180
- }
181
- }
182
- };
183
29
  function str(value) {
184
30
  return typeof value === "string" ? value : void 0;
185
31
  }
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/utils.ts","../../core/src/logger/constants.ts","../../core/src/logger/logger.ts","../../core/src/logger/default-logger.ts","../../core/src/base.ts","../../core/src/server/auth.ts","../src/jwt.ts"],"names":["jwt"],"mappings":";;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;;;ACjCO,IAAM,gBAAA,GAAmB;EAM9B,GAAA,EAAK,KAaP,CAAA;AAIO,IAAM,QAAA,GAAW;EACtB,KAAA,EAAO,OAAA;EACP,IAAA,EAAM,MAAA;EACN,IAAA,EAAM,MAAA;EACN,KAAA,EAAO,OAET,CAAA;ACKO,IAAe,eAAf,MAAqD;AAChD,EAAA,IAAA;AACA,EAAA,KAAA;AACA,EAAA,UAAA;EAEV,WAAA,CACE,OAAA,GAII,EAAA,EACJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,QAAA;AAC5B,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,QAAA,CAAS,KAAA;AACvC,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,GAAA,CAAI,MAAA,CAAO,QAAQ,OAAA,CAAQ,UAAA,IAAc,EAAE,CAAC,CAAA;AACpE,EAAA;EAOA,aAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;AAEA,EAAA,cAAA,CAAe,MAAA,EAAqB;AAAC,EAAA;EAErC,MAAM,QAAA,CACJ,aACA,MAAA,EAQA;AACA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,EAAG;AACrD,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,MAAA,EAAQ,IAAA,IAAQ,GAAG,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClG,IAAA;AAEA,IAAA,OACE,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,CAAG,QAAA,CAAS,MAAM,CAAA,IAAK;AACpD,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,QAAQ,IAAA,IAAQ,CAAA;AACtB,MAAA,OAAA,EAAS,QAAQ,OAAA,IAAW,GAAA;MAC5B,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AAEA,EAAA,MAAM,eAAA,CAAgB;AACpB,IAAA,WAAA;AACA,IAAA,KAAA;AACA,IAAA,QAAA;AACA,IAAA,MAAA;AACA,IAAA,QAAA;AACA,IAAA,OAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAUC;AACD,IAAA,IAAI,CAAC,eAAe,CAAC,IAAA,CAAK,WAAW,GAAA,CAAI,WAAW,CAAA,IAAK,CAAC,KAAA,EAAO;AAC/D,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,KAAA,EAAO,CAAA,EAAG,IAAA,EAAM,IAAA,IAAQ,CAAA,EAAG,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClF,IAAA;AAEA,IAAA,OACE,IAAA,CAAK,UAAA,CACF,GAAA,CAAI,WAAW,EACf,eAAA,CAAgB,EAAE,KAAA,EAAO,QAAA,EAAU,QAAQ,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,CAAA,IAAK;AACnF,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,IAAA,IAAQ,CAAA;AACd,MAAA,OAAA,EAAS,OAAA,IAAW,GAAA;MACpB,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AACF,CAAA;AC5GO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;EAC9C,WAAA,CACE,OAAA,GAGI,EAAA,EACJ;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACf,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjC,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,KAAK,KAAA,KAAU,QAAA,CAAS,QAAQ,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EAAO;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjG,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IACE,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,IACxB,KAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,UAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EACxB;AACA,MAAA,OAAA,CAAQ,KAAA,CAAM,OAAA,EAAS,GAAG,IAAI,CAAA;AAChC,IAAA;AACF,EAAA;EAEA,MAAM,QAAA,CACJ,cACA,OAAA,EAQA;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,GAAG,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AACpG,EAAA;AAEA,EAAA,MAAM,gBAAgB,KAAA,EASnB;AACD,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,GAAG,OAAA,EAAS,KAAA,CAAM,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAC9F,EAAA;AACF,CAAA;;;AC7EO,IAAM,aAAN,MAAiB;AACtB,EAAA,SAAA,GAA8B,gBAAA,CAAiB,GAAA;AACrC,EAAA,MAAA;AACV,EAAA,IAAA;AACA,EAAA,UAAA;EAEA,WAAA,CAAY;AACV,IAAA,SAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAKC;AACD,IAAA,IAAA,CAAK,SAAA,GAAY,aAAa,gBAAA,CAAiB,GAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AAClB,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,aAAA,CAAc,EAAE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,GAAA,EAAM,IAAA,CAAK,IAAI,CAAA,CAAA,EAAI,CAAA;AAC9E,EAAA;;;;;EAMA,WAAA,GAAmD;AACjD,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;;;;;AAMA,EAAA,cAAA,CAAe,SAAA,EAA0C;AACvD,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AACpB,EAAA;;;;;AAMA,EAAA,WAAA,CAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,IAAI,IAAA,CAAK,SAAA,KAAc,gBAAA,CAAiB,GAAA,EAAK;AAC3C,MAAA,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,0BAAA,EAA6B,IAAA,CAAK,SAAS,CAAA,QAAA,EAAW,IAAA,CAAK,IAAI,CAAA,CAAA,CAAG,CAAA;AACtF,IAAA;AACF,EAAA;AACF,CAAA;;;ACnCO,IAAe,kBAAA,GAAf,cAA2D,UAAA,CAAW;AACpE,EAAA,SAAA;AACA,EAAA,MAAA;AAEP,EAAA,WAAA,CAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACtD,IAAA;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACzB,EAAA;AAkBU,EAAA,eAAA,CAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACnD,IAAA;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACxB,IAAA;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACrB,IAAA;AACF,EAAA;AACF,CAAA;AC9CA,SAAS,IAAI,KAAA,EAAoC;AAC/C,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,GAAW,KAAA,GAAQ,MAAA;AAC7C;AAEA,SAAS,eAAe,OAAA,EAA+B;AACrD,EAAA,MAAM,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,EAAA;AAAA,IACA,KAAA,EAAO,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA;AAAA,IACxB,IAAA,EAAM,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA;AAAA,IACtB,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,UAAU,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,OAAO;AAAA,GACrF;AACF;AAEO,IAAM,aAAA,GAAN,cAA4B,kBAAA,CAAqD;AAAA,EAC5E,MAAA;AAAA,EACF,OAAA;AAAA,EAER,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,SAAS,OAAA,IAAW,cAAA;AACnC,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOA,GAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AAAA,EAEA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,IAAA,MAAM,KAAA,GAAQ,UAAA,EAAY,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,GAAI,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK,GAAI,IAAA;AAC7F,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAClD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAChD,MAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,MAAA,OAAO,IAAA,CAAK,QAAQ,OAAO,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,OAAA,EAAuC;AACnD,IAAA,OAAO,IAAA;AAAA,EACT;AACF","file":"index.js","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload | null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload || typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","// Constants and Types (keeping from original implementation)\nexport const RegisteredLogger = {\n AGENT: 'AGENT',\n OBSERVABILITY: 'OBSERVABILITY',\n AUTH: 'AUTH',\n NETWORK: 'NETWORK',\n WORKFLOW: 'WORKFLOW',\n LLM: 'LLM',\n TTS: 'TTS',\n VOICE: 'VOICE',\n VECTOR: 'VECTOR',\n BUNDLER: 'BUNDLER',\n DEPLOYER: 'DEPLOYER',\n MEMORY: 'MEMORY',\n STORAGE: 'STORAGE',\n EMBEDDINGS: 'EMBEDDINGS',\n MCP_SERVER: 'MCP_SERVER',\n SERVER_CACHE: 'SERVER_CACHE',\n SERVER: 'SERVER',\n WORKSPACE: 'WORKSPACE',\n} as const;\n\nexport type RegisteredLogger = (typeof RegisteredLogger)[keyof typeof RegisteredLogger];\n\nexport const LogLevel = {\n DEBUG: 'debug',\n INFO: 'info',\n WARN: 'warn',\n ERROR: 'error',\n NONE: 'silent',\n} as const;\n\nexport type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];\n","import type { MastraError } from '../error';\nimport { LogLevel } from './constants';\nimport type { BaseLogMessage, LoggerTransport } from './transport';\n\nexport interface IMastraLogger {\n debug(message: string, ...args: any[]): void;\n info(message: string, ...args: any[]): void;\n warn(message: string, ...args: any[]): void;\n error(message: string, ...args: any[]): void;\n trackException(error: MastraError): void;\n\n getTransports(): Map<string, LoggerTransport>;\n listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n}\n\nexport abstract class MastraLogger implements IMastraLogger {\n protected name: string;\n protected level: LogLevel;\n protected transports: Map<string, LoggerTransport>;\n\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n } = {},\n ) {\n this.name = options.name || 'Mastra';\n this.level = options.level || LogLevel.ERROR;\n this.transports = new Map(Object.entries(options.transports || {}));\n }\n\n abstract debug(message: string, ...args: any[]): void;\n abstract info(message: string, ...args: any[]): void;\n abstract warn(message: string, ...args: any[]): void;\n abstract error(message: string, ...args: any[]): void;\n\n getTransports() {\n return this.transports;\n }\n\n trackException(_error: MastraError) {}\n\n async listLogs(\n transportId: string,\n params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n if (!transportId || !this.transports.has(transportId)) {\n return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports.get(transportId)!.listLogs(params) ?? {\n logs: [],\n total: 0,\n page: params?.page ?? 1,\n perPage: params?.perPage ?? 100,\n hasMore: false,\n }\n );\n }\n\n async listLogsByRunId({\n transportId,\n runId,\n fromDate,\n toDate,\n logLevel,\n filters,\n page,\n perPage,\n }: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n if (!transportId || !this.transports.has(transportId) || !runId) {\n return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports\n .get(transportId)!\n .listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {\n logs: [],\n total: 0,\n page: page ?? 1,\n perPage: perPage ?? 100,\n hasMore: false,\n }\n );\n }\n}\n","import { LogLevel } from './constants';\nimport { MastraLogger } from './logger';\nimport type { LoggerTransport } from './transport';\n\nexport const createLogger = (options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n}) => {\n const logger = new ConsoleLogger(options);\n\n logger.warn(`createLogger is deprecated. Please use \"new ConsoleLogger()\" from \"@mastra/core/logger\" instead.`);\n\n return logger;\n};\n\nexport class ConsoleLogger extends MastraLogger {\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n } = {},\n ) {\n super(options);\n }\n\n debug(message: string, ...args: any[]): void {\n if (this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n info(message: string, ...args: any[]): void {\n if (this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n warn(message: string, ...args: any[]): void {\n if (this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n error(message: string, ...args: any[]): void {\n if (\n this.level === LogLevel.ERROR ||\n this.level === LogLevel.WARN ||\n this.level === LogLevel.INFO ||\n this.level === LogLevel.DEBUG\n ) {\n console.error(message, ...args);\n }\n }\n\n async listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };\n }\n\n async listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };\n }\n}\n","import type { IMastraLogger } from './logger';\nimport { RegisteredLogger } from './logger/constants';\nimport { ConsoleLogger } from './logger/default-logger';\n\nexport class MastraBase {\n component: RegisteredLogger = RegisteredLogger.LLM;\n protected logger: IMastraLogger;\n name?: string;\n #rawConfig?: Record<string, unknown>;\n\n constructor({\n component,\n name,\n rawConfig,\n }: {\n component?: RegisteredLogger;\n name?: string;\n rawConfig?: Record<string, unknown>;\n }) {\n this.component = component || RegisteredLogger.LLM;\n this.name = name;\n this.#rawConfig = rawConfig;\n this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });\n }\n\n /**\n * Returns the raw storage configuration this primitive was created from,\n * or undefined if it was created from code.\n */\n toRawConfig(): Record<string, unknown> | undefined {\n return this.#rawConfig;\n }\n\n /**\n * Sets the raw storage configuration for this primitive.\n * @internal\n */\n __setRawConfig(rawConfig: Record<string, unknown>): void {\n this.#rawConfig = rawConfig;\n }\n\n /**\n * Set the logger for the agent\n * @param logger\n */\n __setLogger(logger: IMastraLogger) {\n this.logger = logger;\n\n if (this.component !== RegisteredLogger.LLM) {\n this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);\n }\n }\n}\n\nexport * from './types';\n","import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> | boolean;\n /**\n * Protected paths for the auth provider\n */\n protected?: MastraAuthConfig['protected'];\n /**\n * Public paths for the auth provider\n */\n public?: MastraAuthConfig['public'];\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n }\n\n /**\n * Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n */\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>;\n\n /**\n * Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> | boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import type { User, IUserProvider } from '@mastra/core/auth';\nimport { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n mapUser?: (payload: JwtUser) => User | null;\n}\n\nfunction str(value: unknown): string | undefined {\n return typeof value === 'string' ? value : undefined;\n}\n\nfunction defaultMapUser(payload: JwtUser): User | null {\n const id = str(payload.sub) || str(payload.id);\n if (!id) {\n return null;\n }\n return {\n id,\n email: str(payload.email),\n name: str(payload.name),\n avatarUrl: str(payload.avatarUrl) || str(payload.avatar_url) || str(payload.picture),\n };\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> implements IUserProvider {\n protected secret: string;\n private mapUser: (payload: JwtUser) => User | null;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.mapUser = options?.mapUser ?? defaultMapUser;\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n\n async getCurrentUser(request: Request): Promise<User | null> {\n const authHeader = request.headers.get('authorization');\n const token = authHeader?.toLowerCase().startsWith('bearer ') ? authHeader.slice(7).trim() : null;\n if (!token) return null;\n\n try {\n const payload = await this.authenticateToken(token);\n const allowed = await this.authorizeUser(payload);\n if (!allowed) return null;\n return this.mapUser(payload);\n } catch {\n return null;\n }\n }\n\n async getUser(_userId: string): Promise<User | null> {\n return null;\n }\n}\n"]}
1
+ {"version":3,"sources":["../src/utils.ts","../src/jwt.ts"],"names":["jwt"],"mappings":";;;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;ACrBA,SAAS,IAAI,KAAA,EAAoC;AAC/C,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,GAAW,KAAA,GAAQ,MAAA;AAC7C;AAEA,SAAS,eAAe,OAAA,EAA+B;AACrD,EAAA,MAAM,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,EAAA;AAAA,IACA,KAAA,EAAO,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA;AAAA,IACxB,IAAA,EAAM,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA;AAAA,IACtB,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,UAAU,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,OAAO;AAAA,GACrF;AACF;AAEO,IAAM,aAAA,GAAN,cAA4B,kBAAA,CAAqD;AAAA,EAC5E,MAAA;AAAA,EACF,OAAA;AAAA,EAER,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,SAAS,OAAA,IAAW,cAAA;AACnC,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOA,GAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AAAA,EAEA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,IAAA,MAAM,KAAA,GAAQ,UAAA,EAAY,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,GAAI,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK,GAAI,IAAA;AAC7F,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAClD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAChD,MAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,MAAA,OAAO,IAAA,CAAK,QAAQ,OAAO,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,OAAA,EAAuC;AACnD,IAAA,OAAO,IAAA;AAAA,EACT;AACF","file":"index.js","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload | null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload || typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","import type { User, IUserProvider } from '@mastra/core/auth';\nimport { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n mapUser?: (payload: JwtUser) => User | null;\n}\n\nfunction str(value: unknown): string | undefined {\n return typeof value === 'string' ? value : undefined;\n}\n\nfunction defaultMapUser(payload: JwtUser): User | null {\n const id = str(payload.sub) || str(payload.id);\n if (!id) {\n return null;\n }\n return {\n id,\n email: str(payload.email),\n name: str(payload.name),\n avatarUrl: str(payload.avatarUrl) || str(payload.avatar_url) || str(payload.picture),\n };\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> implements IUserProvider {\n protected secret: string;\n private mapUser: (payload: JwtUser) => User | null;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.mapUser = options?.mapUser ?? defaultMapUser;\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n\n async getCurrentUser(request: Request): Promise<User | null> {\n const authHeader = request.headers.get('authorization');\n const token = authHeader?.toLowerCase().startsWith('bearer ') ? authHeader.slice(7).trim() : null;\n if (!token) return null;\n\n try {\n const payload = await this.authenticateToken(token);\n const allowed = await this.authorizeUser(payload);\n if (!allowed) return null;\n return this.mapUser(payload);\n } catch {\n return null;\n }\n }\n\n async getUser(_userId: string): Promise<User | null> {\n return null;\n }\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mastra/auth",
3
- "version": "1.0.2",
3
+ "version": "1.1.0-alpha.0",
4
4
  "description": "",
5
5
  "type": "module",
6
6
  "files": [
@@ -30,16 +30,17 @@
30
30
  },
31
31
  "devDependencies": {
32
32
  "@types/jsonwebtoken": "^9.0.10",
33
- "@types/node": "22.19.15",
34
- "@vitest/coverage-v8": "4.0.18",
35
- "@vitest/ui": "4.0.18",
36
- "eslint": "^9.39.4",
33
+ "@types/node": "22.19.21",
34
+ "@vitest/coverage-v8": "4.1.8",
35
+ "@vitest/ui": "4.1.8",
36
+ "eslint": "^10.4.1",
37
37
  "tsup": "^8.5.1",
38
- "typescript": "^5.9.3",
39
- "vitest": "4.0.18",
40
- "@mastra/core": "1.14.0",
41
- "@internal/types-builder": "0.0.47",
42
- "@internal/lint": "0.0.72"
38
+ "tsx": "^4.22.4",
39
+ "typescript": "^6.0.3",
40
+ "vitest": "4.1.8",
41
+ "@internal/lint": "0.0.106",
42
+ "@internal/types-builder": "0.0.81",
43
+ "@mastra/core": "1.45.0-alpha.0"
43
44
  },
44
45
  "homepage": "https://mastra.ai",
45
46
  "repository": {
@@ -53,6 +54,9 @@
53
54
  "engines": {
54
55
  "node": ">=22.13.0"
55
56
  },
57
+ "peerDependencies": {
58
+ "@mastra/core": ">=1.32.0-0 <2.0.0-0"
59
+ },
56
60
  "scripts": {
57
61
  "build:lib": "tsup --silent --config tsup.config.ts",
58
62
  "build:watch": "tsup --watch --silent --config tsup.config.ts",