@mastra/client-js 1.17.0-alpha.1 → 1.17.0-alpha.2

package/CHANGELOG.md

@@ -1,5 +1,16 @@
 # @mastra/client-js
 
+## 1.17.0-alpha.2
+
+### Patch Changes
+
+- Fixed client stream handling for step completion and finish chunks that omit step result details. ([#9146](https://github.com/mastra-ai/mastra/pull/9146))
+
+- Added server-generated route contract types for the JavaScript client SDK and updated the SDK to use those generated request and response types. ([#15519](https://github.com/mastra-ai/mastra/pull/15519))
+
+- Updated dependencies [[`86c0298`](https://github.com/mastra-ai/mastra/commit/86c0298e647306423c842f9d5ac827bd616bd13d), [`7fce309`](https://github.com/mastra-ai/mastra/commit/7fce30912b14170bfc41f0ac736cca0f39fe0cd4), [`7997c2e`](https://github.com/mastra-ai/mastra/commit/7997c2e55ddd121562a4098cd8d2b89c68433bf1), [`e97ccb9`](https://github.com/mastra-ai/mastra/commit/e97ccb900f8b7a390ce82c9f8eb8d6eb2c5e3777), [`c5daf48`](https://github.com/mastra-ai/mastra/commit/c5daf48556e98c46ae06caf00f92c249912007e9), [`cd96779`](https://github.com/mastra-ai/mastra/commit/cd9677937f113b2856dc8b9f3d4bdabcee58bb2e)]:
+  - @mastra/core@1.32.0-alpha.2
+
 ## 1.17.0-alpha.1
 
 ### Minor Changes

package/dist/docs/SKILL.md

@@ -3,7 +3,7 @@ name: mastra-client-js
 description: Documentation for @mastra/client-js. Use when working with @mastra/client-js APIs, configuration, or implementation.
 metadata:
   package: "@mastra/client-js"
-  version: "1.17.0-alpha.1"
+  version: "1.17.0-alpha.2"
 ---
 
 ## When to use

package/dist/docs/assets/SOURCE_MAP.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.17.0-alpha.1",
+  "version": "1.17.0-alpha.2",
   "package": "@mastra/client-js",
   "exports": {
     "RequestContext": {

package/dist/docs/references/docs-server-auth-workos.md

@@ -81,16 +81,34 @@ export const mastra = new Mastra({
 
 ## Configuration
 
-### User Authorization
+### Default authorization
 
-By default, `MastraAuthWorkos` checks whether the authenticated user has an 'admin' role in any of their organization memberships. The authorization process:
+By default, `MastraAuthWorkos` grants access to any authenticated WorkOS user. The authorization check succeeds when the resolved user object contains both a Mastra user ID and a WorkOS user ID.
 
-1. Retrieves the user's organization memberships using their user ID
-2. Extracts all roles from their memberships
-3. Checks if any role has the slug 'admin'
-4. Grants access only if the user has admin role in at least one organization
+### FGA membership loading
 
-To customize user authorization, provide a custom `authorizeUser` function:
+Set `fetchMemberships: true` when you use [`MastraFGAWorkos`](https://mastra.ai/docs/server/auth/fga). This tells the auth provider to load the user's WorkOS organization memberships during authentication so FGA checks can resolve the correct organization membership ID.
+
+```typescript
+import { MastraAuthWorkos, MastraFGAWorkos } from '@mastra/auth-workos'
+
+const workosAuth = new MastraAuthWorkos({
+  apiKey: process.env.WORKOS_API_KEY,
+  clientId: process.env.WORKOS_CLIENT_ID,
+  fetchMemberships: true,
+})
+
+const workosFga = new MastraFGAWorkos({
+  apiKey: process.env.WORKOS_API_KEY,
+  clientId: process.env.WORKOS_CLIENT_ID,
+})
+```
+
+When `fetchMemberships` is `false`, Mastra skips the extra WorkOS `listOrganizationMemberships()` call on each authenticated request.
+
+### Service tokens and custom JWT templates
+
+For machine-to-machine or service-account access, you can configure `MastraAuthWorkos` to trust verified bearer-token claims from a WorkOS custom JWT template.
 
 ```typescript
 import { MastraAuthWorkos } from '@mastra/auth-workos'
@@ -98,12 +116,37 @@ import { MastraAuthWorkos } from '@mastra/auth-workos'
 const workosAuth = new MastraAuthWorkos({
   apiKey: process.env.WORKOS_API_KEY,
   clientId: process.env.WORKOS_CLIENT_ID,
-  authorizeUser: async user => {
-    return !!user
+  redirectUri: process.env.WORKOS_REDIRECT_URI,
+  trustJwtClaims: true,
+  jwtClaims: {
+    organizationId: 'org_id',
+    organizationMembershipId: 'urn:mastra:organization_membership_id',
   },
 })
 ```
 
+This is useful when your JWT template already includes the exact FGA context Mastra needs, such as `organizationMembershipId`, tenant IDs, or service-principal identifiers. When `trustJwtClaims` is enabled, Mastra can fall back to those verified claims if a bearer token is not meant to round-trip through `workos.userManagement.getUser()`.
+
+### Custom authorization
+
+If you need stricter authorization, subclass `MastraAuthWorkos` and override `authorizeUser()`:
+
+```typescript
+import { MastraAuthWorkos } from '@mastra/auth-workos'
+import type { HonoRequest } from 'hono'
+
+class AdminOnlyWorkosAuth extends MastraAuthWorkos {
+  async authorizeUser(user: any, _request: HonoRequest): Promise<boolean> {
+    return user?.metadata?.role === 'admin'
+  }
+}
+
+const workosAuth = new AdminOnlyWorkosAuth({
+  apiKey: process.env.WORKOS_API_KEY,
+  clientId: process.env.WORKOS_CLIENT_ID,
+})
+```
+
 > **Info:** Visit [MastraAuthWorkos](https://mastra.ai/reference/auth/workos) for all available configuration options.
 
 ## Client-side setup

package/dist/index.cjs

@@ -1188,15 +1188,15 @@ var Agent = class extends BaseResource {
           }
           case "step-finish": {
             step += 1;
-            currentTextPart = chunk.payload.stepResult.isContinued ? currentTextPart : void 0;
+            currentTextPart = chunk.payload?.stepResult?.isContinued ? currentTextPart : void 0;
             currentReasoningPart = void 0;
             currentReasoningTextDetail = void 0;
             execUpdate();
             break;
           }
           case "finish": {
-            finishReason = chunk.payload.stepResult.reason;
-            if (chunk.payload.usage != null) {
+            finishReason = chunk.payload?.stepResult?.reason ?? finishReason;
+            if (chunk.payload?.usage != null) {
               usage = chunk.payload.usage;
             }
             break;