@mastra/core 0.24.5 → 0.24.6

package/dist/{registry-generator-6WVOHM2L.cjs → registry-generator-DL42NMBM.cjs}

@@ -8,6 +8,20 @@ function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 var fs__default = /*#__PURE__*/_interopDefault(fs);
 var path__default = /*#__PURE__*/_interopDefault(path);
 
+async function atomicWriteFile(filePath, content, encoding = "utf-8") {
+  const randomSuffix = Math.random().toString(36).substring(2, 15);
+  const tempPath = `${filePath}.${process.pid}.${Date.now()}.${randomSuffix}.tmp`;
+  try {
+    await fs__default.default.writeFile(tempPath, content, encoding);
+    await fs__default.default.rename(tempPath, filePath);
+  } catch (error) {
+    try {
+      await fs__default.default.unlink(tempPath);
+    } catch {
+    }
+    throw error;
+  }
+}
 async function fetchProvidersFromGateways(gateways) {
   const allProviders = {};
   const allModels = {};
@@ -17,9 +31,11 @@ async function fetchProvidersFromGateways(gateways) {
     for (let attempt = 1; attempt <= maxRetries; attempt++) {
       try {
         const providers = await gateway.fetchProviders();
+        const isProviderRegistry = gateway.id === "models.dev";
         for (const [providerId, config] of Object.entries(providers)) {
-          allProviders[providerId] = config;
-          allModels[providerId] = config.models.sort();
+          const typeProviderId = isProviderRegistry ? providerId : providerId === gateway.id ? gateway.id : `${gateway.id}/${providerId}`;
+          allProviders[typeProviderId] = config;
+          allModels[typeProviderId] = config.models.sort();
         }
         lastError = null;
         break;
@@ -105,13 +121,14 @@ async function writeRegistryFiles(jsonPath, typesPath, providers, models) {
     models,
     version: "1.0.0"
   };
-  await fs__default.default.writeFile(jsonPath, JSON.stringify(registryData, null, 2), "utf-8");
+  await atomicWriteFile(jsonPath, JSON.stringify(registryData, null, 2), "utf-8");
   const typeContent = generateTypesContent(models);
-  await fs__default.default.writeFile(typesPath, typeContent, "utf-8");
+  await atomicWriteFile(typesPath, typeContent, "utf-8");
 }
 
+exports.atomicWriteFile = atomicWriteFile;
 exports.fetchProvidersFromGateways = fetchProvidersFromGateways;
 exports.generateTypesContent = generateTypesContent;
 exports.writeRegistryFiles = writeRegistryFiles;
-//# sourceMappingURL=registry-generator-6WVOHM2L.cjs.map
-//# sourceMappingURL=registry-generator-6WVOHM2L.cjs.map
+//# sourceMappingURL=registry-generator-DL42NMBM.cjs.map
+//# sourceMappingURL=registry-generator-DL42NMBM.cjs.map

package/dist/registry-generator-DL42NMBM.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/llm/model/registry-generator.ts"],"names":["fs","path"],"mappings":";;;;;;;;;;AAoBA,eAAsB,eAAA,CACpB,QAAA,EACA,OAAA,EACA,QAAA,GAA2B,OAAA,EACZ;AAEf,EAAA,MAAM,YAAA,GAAe,KAAK,MAAA,EAAO,CAAE,SAAS,EAAE,CAAA,CAAE,SAAA,CAAU,CAAA,EAAG,EAAE,CAAA;AAC/D,EAAA,MAAM,QAAA,GAAW,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,OAAA,CAAQ,GAAG,CAAA,CAAA,EAAI,IAAA,CAAK,GAAA,EAAK,CAAA,CAAA,EAAI,YAAY,CAAA,IAAA,CAAA;AAEzE,EAAA,IAAI;AAEF,IAAA,MAAMA,mBAAA,CAAG,SAAA,CAAU,QAAA,EAAU,OAAA,EAAS,QAAQ,CAAA;AAI9C,IAAA,MAAMA,mBAAA,CAAG,MAAA,CAAO,QAAA,EAAU,QAAQ,CAAA;AAAA,EACpC,SAAS,KAAA,EAAO;AAEd,IAAA,IAAI;AACF,MAAA,MAAMA,mBAAA,CAAG,OAAO,QAAQ,CAAA;AAAA,IAC1B,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,MAAM,KAAA;AAAA,EACR;AACF;AAOA,eAAsB,2BACpB,QAAA,EAC0F;AAC1F,EAAA,MAAM,eAA+C,EAAC;AACtD,EAAA,MAAM,YAAsC,EAAC;AAE7C,EAAA,MAAM,UAAA,GAAa,CAAA;AAEnB,EAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,IAAA,IAAI,SAAA,GAA0B,IAAA;AAE9B,IAAA,KAAA,IAAS,OAAA,GAAU,CAAA,EAAG,OAAA,IAAW,UAAA,EAAY,OAAA,EAAA,EAAW;AACtD,MAAA,IAAI;AACF,QAAA,MAAM,SAAA,GAAY,MAAM,OAAA,CAAQ,cAAA,EAAe;AAG/C,QAAA,MAAM,kBAAA,GAAqB,QAAQ,EAAA,KAAO,YAAA;AAE1C,QAAA,KAAA,MAAW,CAAC,UAAA,EAAY,MAAM,KAAK,MAAA,CAAO,OAAA,CAAQ,SAAS,CAAA,EAAG;AAI5D,UAAA,MAAM,cAAA,GAAiB,kBAAA,GACnB,UAAA,GACA,UAAA,KAAe,OAAA,CAAQ,EAAA,GACrB,OAAA,CAAQ,EAAA,GACR,CAAA,EAAG,OAAA,CAAQ,EAAE,CAAA,CAAA,EAAI,UAAU,CAAA,CAAA;AAEjC,UAAA,YAAA,CAAa,cAAc,CAAA,GAAI,MAAA;AAE/B,UAAA,SAAA,CAAU,cAAc,CAAA,GAAI,MAAA,CAAO,MAAA,CAAO,IAAA,EAAK;AAAA,QACjD;AAEA,QAAA,SAAA,GAAY,IAAA;AACZ,QAAA;AAAA,MACF,SAAS,KAAA,EAAO;AACd,QAAA,SAAA,GAAY,iBAAiB,KAAA,GAAQ,KAAA,GAAQ,IAAI,KAAA,CAAM,MAAA,CAAO,KAAK,CAAC,CAAA;AAEpE,QAAA,IAAI,UAAU,UAAA,EAAY;AAExB,UAAA,MAAM,OAAA,GAAU,IAAA,CAAK,GAAA,CAAI,GAAA,GAAO,IAAA,CAAK,IAAI,CAAA,EAAG,OAAA,GAAU,CAAC,CAAA,EAAG,GAAI,CAAA;AAC9D,UAAA,MAAM,IAAI,OAAA,CAAQ,CAAA,OAAA,KAAW,UAAA,CAAW,OAAA,EAAS,OAAO,CAAC,CAAA;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,MAAM,SAAA;AAAA,IACR;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,SAAA,EAAW,YAAA,EAAc,MAAA,EAAQ,SAAA,EAAU;AACtD;AAOO,SAAS,qBAAqB,MAAA,EAA0C;AAC7E,EAAA,MAAM,qBAAA,GAAwB,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAChD,IAAI,CAAC,CAAC,QAAA,EAAU,SAAS,CAAA,KAAM;AAC9B,IAAA,MAAM,aAAa,SAAA,CAAU,GAAA,CAAI,CAAA,CAAA,KAAK,CAAA,CAAA,EAAI,CAAC,CAAA,CAAA,CAAG,CAAA;AAG9C,IAAA,MAAM,WAAA,GAAc,gBAAA,CAAiB,IAAA,CAAK,QAAQ,CAAA;AAClD,IAAA,MAAM,WAAA,GAAc,WAAA,GAAc,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA,CAAA,GAAM,QAAA;AAGpD,IAAA,MAAM,aAAa,CAAA,WAAA,EAAc,WAAW,eAAe,UAAA,CAAW,IAAA,CAAK,IAAI,CAAC,CAAA,EAAA,CAAA;AAGhF,IAAA,IAAI,UAAA,CAAW,SAAS,GAAA,EAAK;AAC3B,MAAA,MAAM,eAAA,GAAkB,UAAU,GAAA,CAAI,CAAA,CAAA,KAAK,QAAQ,CAAC,CAAA,EAAA,CAAI,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA;AACnE,MAAA,OAAO,cAAc,WAAW,CAAA;AAAA,EAAiB,eAAe;AAAA,IAAA,CAAA;AAAA,IAClE;AAEA,IAAA,OAAO,UAAA;AAAA,EACT,CAAC,CAAA,CACA,IAAA,CAAK,IAAI,CAAA;AAEZ,EAAA,OAAO,CAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUP,qBAAqB;AAAA;;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA;AAiCvB;AASA,eAAsB,kBAAA,CACpB,QAAA,EACA,SAAA,EACA,SAAA,EACA,MAAA,EACe;AAEf,EAAA,MAAM,OAAA,GAAUC,qBAAA,CAAK,OAAA,CAAQ,QAAQ,CAAA;AACrC,EAAA,MAAM,QAAA,GAAWA,qBAAA,CAAK,OAAA,CAAQ,SAAS,CAAA;AACvC,EAAA,MAAMD,oBAAG,KAAA,CAAM,OAAA,EAAS,EAAE,SAAA,EAAW,MAAM,CAAA;AAC3C,EAAA,MAAMA,oBAAG,KAAA,CAAM,QAAA,EAAU,EAAE,SAAA,EAAW,MAAM,CAAA;AAG5C,EAAA,MAAM,YAAA,GAAe;AAAA,IACnB,SAAA;AAAA,IACA,MAAA;AAAA,IACA,OAAA,EAAS;AAAA,GACX;AAEA,EAAA,MAAM,eAAA,CAAgB,UAAU,IAAA,CAAK,SAAA,CAAU,cAAc,IAAA,EAAM,CAAC,GAAG,OAAO,CAAA;AAG9E,EAAA,MAAM,WAAA,GAAc,qBAAqB,MAAM,CAAA;AAC/C,EAAA,MAAM,eAAA,CAAgB,SAAA,EAAW,WAAA,EAAa,OAAO,CAAA;AACvD","file":"registry-generator-DL42NMBM.cjs","sourcesContent":["/**\n * Shared provider registry generation logic\n * Used by both the CLI generation script and runtime refresh\n */\n\nimport fs from 'fs/promises';\nimport path from 'path';\nimport type { MastraModelGateway, ProviderConfig } from './gateways/base.js';\n\n/**\n * Write a file atomically using the write-to-temp-then-rename pattern.\n * This prevents file corruption when multiple processes write to the same file concurrently.\n *\n * The rename operation is atomic on POSIX systems when source and destination\n * are on the same filesystem.\n *\n * @param filePath - The target file path\n * @param content - The content to write\n * @param encoding - The encoding to use (default: 'utf-8')\n */\nexport async function atomicWriteFile(\n  filePath: string,\n  content: string,\n  encoding: BufferEncoding = 'utf-8',\n): Promise<void> {\n  // Create a unique temp file name using PID, timestamp, and random suffix to avoid collisions\n  const randomSuffix = Math.random().toString(36).substring(2, 15);\n  const tempPath = `${filePath}.${process.pid}.${Date.now()}.${randomSuffix}.tmp`;\n\n  try {\n    // Write to temp file first\n    await fs.writeFile(tempPath, content, encoding);\n\n    // Atomically rename temp file to target path\n    // This is atomic on POSIX when both paths are on the same filesystem\n    await fs.rename(tempPath, filePath);\n  } catch (error) {\n    // Clean up temp file if it exists\n    try {\n      await fs.unlink(tempPath);\n    } catch {\n      // Ignore cleanup errors\n    }\n    throw error;\n  }\n}\n\n/**\n * Fetch providers from all gateways with retry logic\n * @param gateways - Array of gateway instances to fetch from\n * @returns Object containing providers and models records\n */\nexport async function fetchProvidersFromGateways(\n  gateways: MastraModelGateway[],\n): Promise<{ providers: Record<string, ProviderConfig>; models: Record<string, string[]> }> {\n  const allProviders: Record<string, ProviderConfig> = {};\n  const allModels: Record<string, string[]> = {};\n\n  const maxRetries = 3;\n\n  for (const gateway of gateways) {\n    let lastError: Error | null = null;\n\n    for (let attempt = 1; attempt <= maxRetries; attempt++) {\n      try {\n        const providers = await gateway.fetchProviders();\n\n        // models.dev is a provider registry, not a true gateway - don't prefix its providers\n        const isProviderRegistry = gateway.id === 'models.dev';\n\n        for (const [providerId, config] of Object.entries(providers)) {\n          // For true gateways, use gateway.id as prefix (e.g., \"netlify/anthropic\")\n          // Special case: if providerId matches gateway.id, it's a unified gateway (e.g., netlify returning {netlify: {...}})\n          // In this case, use just the gateway ID to avoid duplication (netlify, not netlify/netlify)\n          const typeProviderId = isProviderRegistry\n            ? providerId\n            : providerId === gateway.id\n              ? gateway.id\n              : `${gateway.id}/${providerId}`;\n\n          allProviders[typeProviderId] = config;\n          // Sort models alphabetically for consistent ordering\n          allModels[typeProviderId] = config.models.sort();\n        }\n\n        lastError = null;\n        break; // Success, exit retry loop\n      } catch (error) {\n        lastError = error instanceof Error ? error : new Error(String(error));\n\n        if (attempt < maxRetries) {\n          // Wait before retrying (exponential backoff)\n          const delayMs = Math.min(1000 * Math.pow(2, attempt - 1), 5000);\n          await new Promise(resolve => setTimeout(resolve, delayMs));\n        }\n      }\n    }\n\n    // If all retries failed, throw the last error\n    if (lastError) {\n      throw lastError;\n    }\n  }\n\n  return { providers: allProviders, models: allModels };\n}\n\n/**\n * Generate TypeScript type definitions content\n * @param models - Record of provider IDs to model arrays\n * @returns Generated TypeScript type definitions as a string\n */\nexport function generateTypesContent(models: Record<string, string[]>): string {\n  const providerModelsEntries = Object.entries(models)\n    .map(([provider, modelList]) => {\n      const modelsList = modelList.map(m => `'${m}'`);\n\n      // Only quote provider key if it contains special characters (like dashes)\n      const needsQuotes = /[^a-zA-Z0-9_$]/.test(provider);\n      const providerKey = needsQuotes ? `'${provider}'` : provider;\n\n      // Format array based on length (prettier printWidth: 120)\n      const singleLine = `  readonly ${providerKey}: readonly [${modelsList.join(', ')}];`;\n\n      // If single line exceeds 120 chars, format as multi-line\n      if (singleLine.length > 120) {\n        const formattedModels = modelList.map(m => `    '${m}',`).join('\\n');\n        return `  readonly ${providerKey}: readonly [\\n${formattedModels}\\n  ];`;\n      }\n\n      return singleLine;\n    })\n    .join('\\n');\n\n  return `/**\n * THIS FILE IS AUTO-GENERATED - DO NOT EDIT\n * Generated from model gateway providers\n */\n\n/**\n * Provider models mapping type\n * This is derived from the JSON data and provides type-safe access\n */\nexport type ProviderModelsMap = {\n${providerModelsEntries}\n};\n\n/**\n * Union type of all registered provider IDs\n */\nexport type Provider = keyof ProviderModelsMap;\n\n/**\n * Provider models mapping interface\n */\nexport interface ProviderModels {\n  [key: string]: string[];\n}\n\n/**\n * OpenAI-compatible model ID type\n * Dynamically derived from ProviderModelsMap\n * Full provider/model paths (e.g., \"openai/gpt-4o\", \"anthropic/claude-3-5-sonnet-20241022\")\n */\nexport type ModelRouterModelId =\n  | {\n      [P in Provider]: \\`\\${P}/\\${ProviderModelsMap[P][number]}\\`;\n    }[Provider]\n  | (string & {});\n\n/**\n * Extract the model part from a ModelRouterModelId for a specific provider\n * Dynamically derived from ProviderModelsMap\n * Example: ModelForProvider<'openai'> = 'gpt-4o' | 'gpt-4-turbo' | ...\n */\nexport type ModelForProvider<P extends Provider> = ProviderModelsMap[P][number];\n`;\n}\n\n/**\n * Write registry files to disk (JSON and .d.ts)\n * @param jsonPath - Path to write the JSON file\n * @param typesPath - Path to write the .d.ts file\n * @param providers - Provider configurations\n * @param models - Model lists by provider\n */\nexport async function writeRegistryFiles(\n  jsonPath: string,\n  typesPath: string,\n  providers: Record<string, ProviderConfig>,\n  models: Record<string, string[]>,\n): Promise<void> {\n  // 0. Ensure directories exist\n  const jsonDir = path.dirname(jsonPath);\n  const typesDir = path.dirname(typesPath);\n  await fs.mkdir(jsonDir, { recursive: true });\n  await fs.mkdir(typesDir, { recursive: true });\n\n  // 1. Write JSON file atomically to prevent corruption from concurrent writes\n  const registryData = {\n    providers,\n    models,\n    version: '1.0.0',\n  };\n\n  await atomicWriteFile(jsonPath, JSON.stringify(registryData, null, 2), 'utf-8');\n\n  // 2. Generate .d.ts file with type-only declarations (also atomic)\n  const typeContent = generateTypesContent(models);\n  await atomicWriteFile(typesPath, typeContent, 'utf-8');\n}\n"]}

package/dist/{registry-generator-DXRSYYYT.js → registry-generator-I6S4ARS6.js}

@@ -1,6 +1,20 @@
 import fs from 'fs/promises';
 import path from 'path';
 
+async function atomicWriteFile(filePath, content, encoding = "utf-8") {
+  const randomSuffix = Math.random().toString(36).substring(2, 15);
+  const tempPath = `${filePath}.${process.pid}.${Date.now()}.${randomSuffix}.tmp`;
+  try {
+    await fs.writeFile(tempPath, content, encoding);
+    await fs.rename(tempPath, filePath);
+  } catch (error) {
+    try {
+      await fs.unlink(tempPath);
+    } catch {
+    }
+    throw error;
+  }
+}
 async function fetchProvidersFromGateways(gateways) {
   const allProviders = {};
   const allModels = {};
@@ -10,9 +24,11 @@ async function fetchProvidersFromGateways(gateways) {
     for (let attempt = 1; attempt <= maxRetries; attempt++) {
       try {
         const providers = await gateway.fetchProviders();
+        const isProviderRegistry = gateway.id === "models.dev";
         for (const [providerId, config] of Object.entries(providers)) {
-          allProviders[providerId] = config;
-          allModels[providerId] = config.models.sort();
+          const typeProviderId = isProviderRegistry ? providerId : providerId === gateway.id ? gateway.id : `${gateway.id}/${providerId}`;
+          allProviders[typeProviderId] = config;
+          allModels[typeProviderId] = config.models.sort();
         }
         lastError = null;
         break;
@@ -98,11 +114,11 @@ async function writeRegistryFiles(jsonPath, typesPath, providers, models) {
     models,
     version: "1.0.0"
   };
-  await fs.writeFile(jsonPath, JSON.stringify(registryData, null, 2), "utf-8");
+  await atomicWriteFile(jsonPath, JSON.stringify(registryData, null, 2), "utf-8");
   const typeContent = generateTypesContent(models);
-  await fs.writeFile(typesPath, typeContent, "utf-8");
+  await atomicWriteFile(typesPath, typeContent, "utf-8");
 }
 
-export { fetchProvidersFromGateways, generateTypesContent, writeRegistryFiles };
-//# sourceMappingURL=registry-generator-DXRSYYYT.js.map
-//# sourceMappingURL=registry-generator-DXRSYYYT.js.map
+export { atomicWriteFile, fetchProvidersFromGateways, generateTypesContent, writeRegistryFiles };
+//# sourceMappingURL=registry-generator-I6S4ARS6.js.map
+//# sourceMappingURL=registry-generator-I6S4ARS6.js.map

package/dist/registry-generator-I6S4ARS6.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/llm/model/registry-generator.ts"],"names":[],"mappings":";;;AAoBA,eAAsB,eAAA,CACpB,QAAA,EACA,OAAA,EACA,QAAA,GAA2B,OAAA,EACZ;AAEf,EAAA,MAAM,YAAA,GAAe,KAAK,MAAA,EAAO,CAAE,SAAS,EAAE,CAAA,CAAE,SAAA,CAAU,CAAA,EAAG,EAAE,CAAA;AAC/D,EAAA,MAAM,QAAA,GAAW,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,OAAA,CAAQ,GAAG,CAAA,CAAA,EAAI,IAAA,CAAK,GAAA,EAAK,CAAA,CAAA,EAAI,YAAY,CAAA,IAAA,CAAA;AAEzE,EAAA,IAAI;AAEF,IAAA,MAAM,EAAA,CAAG,SAAA,CAAU,QAAA,EAAU,OAAA,EAAS,QAAQ,CAAA;AAI9C,IAAA,MAAM,EAAA,CAAG,MAAA,CAAO,QAAA,EAAU,QAAQ,CAAA;AAAA,EACpC,SAAS,KAAA,EAAO;AAEd,IAAA,IAAI;AACF,MAAA,MAAM,EAAA,CAAG,OAAO,QAAQ,CAAA;AAAA,IAC1B,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,MAAM,KAAA;AAAA,EACR;AACF;AAOA,eAAsB,2BACpB,QAAA,EAC0F;AAC1F,EAAA,MAAM,eAA+C,EAAC;AACtD,EAAA,MAAM,YAAsC,EAAC;AAE7C,EAAA,MAAM,UAAA,GAAa,CAAA;AAEnB,EAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,IAAA,IAAI,SAAA,GAA0B,IAAA;AAE9B,IAAA,KAAA,IAAS,OAAA,GAAU,CAAA,EAAG,OAAA,IAAW,UAAA,EAAY,OAAA,EAAA,EAAW;AACtD,MAAA,IAAI;AACF,QAAA,MAAM,SAAA,GAAY,MAAM,OAAA,CAAQ,cAAA,EAAe;AAG/C,QAAA,MAAM,kBAAA,GAAqB,QAAQ,EAAA,KAAO,YAAA;AAE1C,QAAA,KAAA,MAAW,CAAC,UAAA,EAAY,MAAM,KAAK,MAAA,CAAO,OAAA,CAAQ,SAAS,CAAA,EAAG;AAI5D,UAAA,MAAM,cAAA,GAAiB,kBAAA,GACnB,UAAA,GACA,UAAA,KAAe,OAAA,CAAQ,EAAA,GACrB,OAAA,CAAQ,EAAA,GACR,CAAA,EAAG,OAAA,CAAQ,EAAE,CAAA,CAAA,EAAI,UAAU,CAAA,CAAA;AAEjC,UAAA,YAAA,CAAa,cAAc,CAAA,GAAI,MAAA;AAE/B,UAAA,SAAA,CAAU,cAAc,CAAA,GAAI,MAAA,CAAO,MAAA,CAAO,IAAA,EAAK;AAAA,QACjD;AAEA,QAAA,SAAA,GAAY,IAAA;AACZ,QAAA;AAAA,MACF,SAAS,KAAA,EAAO;AACd,QAAA,SAAA,GAAY,iBAAiB,KAAA,GAAQ,KAAA,GAAQ,IAAI,KAAA,CAAM,MAAA,CAAO,KAAK,CAAC,CAAA;AAEpE,QAAA,IAAI,UAAU,UAAA,EAAY;AAExB,UAAA,MAAM,OAAA,GAAU,IAAA,CAAK,GAAA,CAAI,GAAA,GAAO,IAAA,CAAK,IAAI,CAAA,EAAG,OAAA,GAAU,CAAC,CAAA,EAAG,GAAI,CAAA;AAC9D,UAAA,MAAM,IAAI,OAAA,CAAQ,CAAA,OAAA,KAAW,UAAA,CAAW,OAAA,EAAS,OAAO,CAAC,CAAA;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,MAAM,SAAA;AAAA,IACR;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,SAAA,EAAW,YAAA,EAAc,MAAA,EAAQ,SAAA,EAAU;AACtD;AAOO,SAAS,qBAAqB,MAAA,EAA0C;AAC7E,EAAA,MAAM,qBAAA,GAAwB,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAChD,IAAI,CAAC,CAAC,QAAA,EAAU,SAAS,CAAA,KAAM;AAC9B,IAAA,MAAM,aAAa,SAAA,CAAU,GAAA,CAAI,CAAA,CAAA,KAAK,CAAA,CAAA,EAAI,CAAC,CAAA,CAAA,CAAG,CAAA;AAG9C,IAAA,MAAM,WAAA,GAAc,gBAAA,CAAiB,IAAA,CAAK,QAAQ,CAAA;AAClD,IAAA,MAAM,WAAA,GAAc,WAAA,GAAc,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA,CAAA,GAAM,QAAA;AAGpD,IAAA,MAAM,aAAa,CAAA,WAAA,EAAc,WAAW,eAAe,UAAA,CAAW,IAAA,CAAK,IAAI,CAAC,CAAA,EAAA,CAAA;AAGhF,IAAA,IAAI,UAAA,CAAW,SAAS,GAAA,EAAK;AAC3B,MAAA,MAAM,eAAA,GAAkB,UAAU,GAAA,CAAI,CAAA,CAAA,KAAK,QAAQ,CAAC,CAAA,EAAA,CAAI,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA;AACnE,MAAA,OAAO,cAAc,WAAW,CAAA;AAAA,EAAiB,eAAe;AAAA,IAAA,CAAA;AAAA,IAClE;AAEA,IAAA,OAAO,UAAA;AAAA,EACT,CAAC,CAAA,CACA,IAAA,CAAK,IAAI,CAAA;AAEZ,EAAA,OAAO,CAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUP,qBAAqB;AAAA;;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA;AAiCvB;AASA,eAAsB,kBAAA,CACpB,QAAA,EACA,SAAA,EACA,SAAA,EACA,MAAA,EACe;AAEf,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,OAAA,CAAQ,QAAQ,CAAA;AACrC,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,OAAA,CAAQ,SAAS,CAAA;AACvC,EAAA,MAAM,GAAG,KAAA,CAAM,OAAA,EAAS,EAAE,SAAA,EAAW,MAAM,CAAA;AAC3C,EAAA,MAAM,GAAG,KAAA,CAAM,QAAA,EAAU,EAAE,SAAA,EAAW,MAAM,CAAA;AAG5C,EAAA,MAAM,YAAA,GAAe;AAAA,IACnB,SAAA;AAAA,IACA,MAAA;AAAA,IACA,OAAA,EAAS;AAAA,GACX;AAEA,EAAA,MAAM,eAAA,CAAgB,UAAU,IAAA,CAAK,SAAA,CAAU,cAAc,IAAA,EAAM,CAAC,GAAG,OAAO,CAAA;AAG9E,EAAA,MAAM,WAAA,GAAc,qBAAqB,MAAM,CAAA;AAC/C,EAAA,MAAM,eAAA,CAAgB,SAAA,EAAW,WAAA,EAAa,OAAO,CAAA;AACvD","file":"registry-generator-I6S4ARS6.js","sourcesContent":["/**\n * Shared provider registry generation logic\n * Used by both the CLI generation script and runtime refresh\n */\n\nimport fs from 'fs/promises';\nimport path from 'path';\nimport type { MastraModelGateway, ProviderConfig } from './gateways/base.js';\n\n/**\n * Write a file atomically using the write-to-temp-then-rename pattern.\n * This prevents file corruption when multiple processes write to the same file concurrently.\n *\n * The rename operation is atomic on POSIX systems when source and destination\n * are on the same filesystem.\n *\n * @param filePath - The target file path\n * @param content - The content to write\n * @param encoding - The encoding to use (default: 'utf-8')\n */\nexport async function atomicWriteFile(\n  filePath: string,\n  content: string,\n  encoding: BufferEncoding = 'utf-8',\n): Promise<void> {\n  // Create a unique temp file name using PID, timestamp, and random suffix to avoid collisions\n  const randomSuffix = Math.random().toString(36).substring(2, 15);\n  const tempPath = `${filePath}.${process.pid}.${Date.now()}.${randomSuffix}.tmp`;\n\n  try {\n    // Write to temp file first\n    await fs.writeFile(tempPath, content, encoding);\n\n    // Atomically rename temp file to target path\n    // This is atomic on POSIX when both paths are on the same filesystem\n    await fs.rename(tempPath, filePath);\n  } catch (error) {\n    // Clean up temp file if it exists\n    try {\n      await fs.unlink(tempPath);\n    } catch {\n      // Ignore cleanup errors\n    }\n    throw error;\n  }\n}\n\n/**\n * Fetch providers from all gateways with retry logic\n * @param gateways - Array of gateway instances to fetch from\n * @returns Object containing providers and models records\n */\nexport async function fetchProvidersFromGateways(\n  gateways: MastraModelGateway[],\n): Promise<{ providers: Record<string, ProviderConfig>; models: Record<string, string[]> }> {\n  const allProviders: Record<string, ProviderConfig> = {};\n  const allModels: Record<string, string[]> = {};\n\n  const maxRetries = 3;\n\n  for (const gateway of gateways) {\n    let lastError: Error | null = null;\n\n    for (let attempt = 1; attempt <= maxRetries; attempt++) {\n      try {\n        const providers = await gateway.fetchProviders();\n\n        // models.dev is a provider registry, not a true gateway - don't prefix its providers\n        const isProviderRegistry = gateway.id === 'models.dev';\n\n        for (const [providerId, config] of Object.entries(providers)) {\n          // For true gateways, use gateway.id as prefix (e.g., \"netlify/anthropic\")\n          // Special case: if providerId matches gateway.id, it's a unified gateway (e.g., netlify returning {netlify: {...}})\n          // In this case, use just the gateway ID to avoid duplication (netlify, not netlify/netlify)\n          const typeProviderId = isProviderRegistry\n            ? providerId\n            : providerId === gateway.id\n              ? gateway.id\n              : `${gateway.id}/${providerId}`;\n\n          allProviders[typeProviderId] = config;\n          // Sort models alphabetically for consistent ordering\n          allModels[typeProviderId] = config.models.sort();\n        }\n\n        lastError = null;\n        break; // Success, exit retry loop\n      } catch (error) {\n        lastError = error instanceof Error ? error : new Error(String(error));\n\n        if (attempt < maxRetries) {\n          // Wait before retrying (exponential backoff)\n          const delayMs = Math.min(1000 * Math.pow(2, attempt - 1), 5000);\n          await new Promise(resolve => setTimeout(resolve, delayMs));\n        }\n      }\n    }\n\n    // If all retries failed, throw the last error\n    if (lastError) {\n      throw lastError;\n    }\n  }\n\n  return { providers: allProviders, models: allModels };\n}\n\n/**\n * Generate TypeScript type definitions content\n * @param models - Record of provider IDs to model arrays\n * @returns Generated TypeScript type definitions as a string\n */\nexport function generateTypesContent(models: Record<string, string[]>): string {\n  const providerModelsEntries = Object.entries(models)\n    .map(([provider, modelList]) => {\n      const modelsList = modelList.map(m => `'${m}'`);\n\n      // Only quote provider key if it contains special characters (like dashes)\n      const needsQuotes = /[^a-zA-Z0-9_$]/.test(provider);\n      const providerKey = needsQuotes ? `'${provider}'` : provider;\n\n      // Format array based on length (prettier printWidth: 120)\n      const singleLine = `  readonly ${providerKey}: readonly [${modelsList.join(', ')}];`;\n\n      // If single line exceeds 120 chars, format as multi-line\n      if (singleLine.length > 120) {\n        const formattedModels = modelList.map(m => `    '${m}',`).join('\\n');\n        return `  readonly ${providerKey}: readonly [\\n${formattedModels}\\n  ];`;\n      }\n\n      return singleLine;\n    })\n    .join('\\n');\n\n  return `/**\n * THIS FILE IS AUTO-GENERATED - DO NOT EDIT\n * Generated from model gateway providers\n */\n\n/**\n * Provider models mapping type\n * This is derived from the JSON data and provides type-safe access\n */\nexport type ProviderModelsMap = {\n${providerModelsEntries}\n};\n\n/**\n * Union type of all registered provider IDs\n */\nexport type Provider = keyof ProviderModelsMap;\n\n/**\n * Provider models mapping interface\n */\nexport interface ProviderModels {\n  [key: string]: string[];\n}\n\n/**\n * OpenAI-compatible model ID type\n * Dynamically derived from ProviderModelsMap\n * Full provider/model paths (e.g., \"openai/gpt-4o\", \"anthropic/claude-3-5-sonnet-20241022\")\n */\nexport type ModelRouterModelId =\n  | {\n      [P in Provider]: \\`\\${P}/\\${ProviderModelsMap[P][number]}\\`;\n    }[Provider]\n  | (string & {});\n\n/**\n * Extract the model part from a ModelRouterModelId for a specific provider\n * Dynamically derived from ProviderModelsMap\n * Example: ModelForProvider<'openai'> = 'gpt-4o' | 'gpt-4-turbo' | ...\n */\nexport type ModelForProvider<P extends Provider> = ProviderModelsMap[P][number];\n`;\n}\n\n/**\n * Write registry files to disk (JSON and .d.ts)\n * @param jsonPath - Path to write the JSON file\n * @param typesPath - Path to write the .d.ts file\n * @param providers - Provider configurations\n * @param models - Model lists by provider\n */\nexport async function writeRegistryFiles(\n  jsonPath: string,\n  typesPath: string,\n  providers: Record<string, ProviderConfig>,\n  models: Record<string, string[]>,\n): Promise<void> {\n  // 0. Ensure directories exist\n  const jsonDir = path.dirname(jsonPath);\n  const typesDir = path.dirname(typesPath);\n  await fs.mkdir(jsonDir, { recursive: true });\n  await fs.mkdir(typesDir, { recursive: true });\n\n  // 1. Write JSON file atomically to prevent corruption from concurrent writes\n  const registryData = {\n    providers,\n    models,\n    version: '1.0.0',\n  };\n\n  await atomicWriteFile(jsonPath, JSON.stringify(registryData, null, 2), 'utf-8');\n\n  // 2. Generate .d.ts file with type-only declarations (also atomic)\n  const typeContent = generateTypesContent(models);\n  await atomicWriteFile(typesPath, typeContent, 'utf-8');\n}\n"]}

package/dist/relevance/index.cjs

@@ -1,20 +1,20 @@
 'use strict';
 
-var chunk4UOIJRD6_cjs = require('../chunk-4UOIJRD6.cjs');
+var chunkGZDIHQDK_cjs = require('../chunk-GZDIHQDK.cjs');
 
 
 
 Object.defineProperty(exports, "CohereRelevanceScorer", {
   enumerable: true,
-  get: function () { return chunk4UOIJRD6_cjs.CohereRelevanceScorer; }
+  get: function () { return chunkGZDIHQDK_cjs.CohereRelevanceScorer; }
 });
 Object.defineProperty(exports, "MastraAgentRelevanceScorer", {
   enumerable: true,
-  get: function () { return chunk4UOIJRD6_cjs.MastraAgentRelevanceScorer; }
+  get: function () { return chunkGZDIHQDK_cjs.MastraAgentRelevanceScorer; }
 });
 Object.defineProperty(exports, "createSimilarityPrompt", {
   enumerable: true,
-  get: function () { return chunk4UOIJRD6_cjs.createSimilarityPrompt; }
+  get: function () { return chunkGZDIHQDK_cjs.createSimilarityPrompt; }
 });
 //# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map

package/dist/relevance/index.js

@@ -1,3 +1,3 @@
-export { CohereRelevanceScorer, MastraAgentRelevanceScorer, createSimilarityPrompt } from '../chunk-FCJ5INK7.js';
+export { CohereRelevanceScorer, MastraAgentRelevanceScorer, createSimilarityPrompt } from '../chunk-DHLW4AP7.js';
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/scores/index.cjs

@@ -1,37 +1,37 @@
 'use strict';
 
-var chunk3KVI2HLS_cjs = require('../chunk-3KVI2HLS.cjs');
-var chunkUD7DS7OY_cjs = require('../chunk-UD7DS7OY.cjs');
+var chunkKWF3J2Q4_cjs = require('../chunk-KWF3J2Q4.cjs');
+var chunk46XGIEXM_cjs = require('../chunk-46XGIEXM.cjs');
 
 
 
 Object.defineProperty(exports, "MastraScorer", {
   enumerable: true,
-  get: function () { return chunk3KVI2HLS_cjs.MastraScorer; }
+  get: function () { return chunkKWF3J2Q4_cjs.MastraScorer; }
 });
 Object.defineProperty(exports, "createScorer", {
   enumerable: true,
-  get: function () { return chunk3KVI2HLS_cjs.createScorer; }
+  get: function () { return chunkKWF3J2Q4_cjs.createScorer; }
 });
 Object.defineProperty(exports, "runExperiment", {
   enumerable: true,
-  get: function () { return chunk3KVI2HLS_cjs.runExperiment; }
+  get: function () { return chunkKWF3J2Q4_cjs.runExperiment; }
 });
 Object.defineProperty(exports, "saveScorePayloadSchema", {
   enumerable: true,
-  get: function () { return chunkUD7DS7OY_cjs.saveScorePayloadSchema; }
+  get: function () { return chunk46XGIEXM_cjs.saveScorePayloadSchema; }
 });
 Object.defineProperty(exports, "scoreResultSchema", {
   enumerable: true,
-  get: function () { return chunkUD7DS7OY_cjs.scoreResultSchema; }
+  get: function () { return chunk46XGIEXM_cjs.scoreResultSchema; }
 });
 Object.defineProperty(exports, "scoringExtractStepResultSchema", {
   enumerable: true,
-  get: function () { return chunkUD7DS7OY_cjs.scoringExtractStepResultSchema; }
+  get: function () { return chunk46XGIEXM_cjs.scoringExtractStepResultSchema; }
 });
 Object.defineProperty(exports, "scoringValueSchema", {
   enumerable: true,
-  get: function () { return chunkUD7DS7OY_cjs.scoringValueSchema; }
+  get: function () { return chunk46XGIEXM_cjs.scoringValueSchema; }
 });
 //# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map

package/dist/scores/index.js

@@ -1,4 +1,4 @@
-export { MastraScorer, createScorer, runExperiment } from '../chunk-EUNOQ7HN.js';
-export { saveScorePayloadSchema, scoreResultSchema, scoringExtractStepResultSchema, scoringValueSchema } from '../chunk-K7MEUZ3O.js';
+export { MastraScorer, createScorer, runExperiment } from '../chunk-MRSBLBQ5.js';
+export { saveScorePayloadSchema, scoreResultSchema, scoringExtractStepResultSchema, scoringValueSchema } from '../chunk-UWTYVVVZ.js';
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/scores/scoreTraces/index.cjs

@@ -1,8 +1,8 @@
 'use strict';
 
-var chunkDOLSYVNJ_cjs = require('../../chunk-DOLSYVNJ.cjs');
-var chunkUD7DS7OY_cjs = require('../../chunk-UD7DS7OY.cjs');
-var chunkXHKMGOON_cjs = require('../../chunk-XHKMGOON.cjs');
+var chunkPIH5FBNQ_cjs = require('../../chunk-PIH5FBNQ.cjs');
+var chunk46XGIEXM_cjs = require('../../chunk-46XGIEXM.cjs');
+var chunk42RUESSD_cjs = require('../../chunk-42RUESSD.cjs');
 var chunk5NTO7S5I_cjs = require('../../chunk-5NTO7S5I.cjs');
 var pMap = require('p-map');
 var z = require('zod');
@@ -76,7 +76,7 @@ function normalizeMessageContent(content) {
     role: "user",
     parts: content.map((part) => ({ type: part.type, text: part.text }))
   };
-  const converted = chunkXHKMGOON_cjs.convertMessages(tempMessage).to("AIV4.UI");
+  const converted = chunk42RUESSD_cjs.convertMessages(tempMessage).to("AIV4.UI");
   return converted[0]?.content || "";
 }
 function convertToUIMessage(message, createdAt) {
@@ -94,7 +94,7 @@ function convertToUIMessage(message, createdAt) {
       parts: message.content.map((part) => ({ type: part.type, text: part.text }))
     };
   }
-  const converted = chunkXHKMGOON_cjs.convertMessages(messageInput).to("AIV4.UI");
+  const converted = chunk42RUESSD_cjs.convertMessages(messageInput).to("AIV4.UI");
   const result = converted[0];
   if (!result) {
     throw new Error("Failed to convert message");
@@ -234,7 +234,7 @@ function transformTraceToScorerInputAndOutput(trace) {
 }
 
 // src/scores/scoreTraces/scoreTracesWorkflow.ts
-var getTraceStep = chunkDOLSYVNJ_cjs.createStep({
+var getTraceStep = chunkPIH5FBNQ_cjs.createStep({
   id: "__process-trace-scoring",
   inputSchema: z__default.default.object({
     targets: z__default.default.array(
@@ -362,7 +362,7 @@ async function runScorerOnTarget({
   await attachScoreToSpan({ storage, span, scoreRecord: savedScoreRecord });
 }
 async function validateAndSaveScore({ storage, scorerResult }) {
-  const payloadToSave = chunkUD7DS7OY_cjs.saveScorePayloadSchema.parse(scorerResult);
+  const payloadToSave = chunk46XGIEXM_cjs.saveScorePayloadSchema.parse(scorerResult);
   const result = await storage.saveScore(payloadToSave);
   return result.score;
 }
@@ -404,7 +404,7 @@ async function attachScoreToSpan({
     updates: { links: [...existingLinks, link] }
   });
 }
-var scoreTracesWorkflow = chunkDOLSYVNJ_cjs.createWorkflow({
+var scoreTracesWorkflow = chunkPIH5FBNQ_cjs.createWorkflow({
   id: "__batch-scoring-traces",
   inputSchema: z__default.default.object({
     targets: z__default.default.array(

package/dist/scores/scoreTraces/index.js

@@ -1,6 +1,6 @@
-import { createStep, createWorkflow } from '../../chunk-FZXAPBVV.js';
-import { saveScorePayloadSchema } from '../../chunk-K7MEUZ3O.js';
-import { convertMessages } from '../../chunk-4SXWN3RR.js';
+import { createStep, createWorkflow } from '../../chunk-Z6QCWTTO.js';
+import { saveScorePayloadSchema } from '../../chunk-UWTYVVVZ.js';
+import { convertMessages } from '../../chunk-Q6LWNLAJ.js';
 import { MastraError } from '../../chunk-PZUZNPFM.js';
 import pMap from 'p-map';
 import z from 'zod';

package/dist/server/composite-auth.d.ts

@@ -0,0 +1,9 @@
+import type { HonoRequest } from 'hono';
+import { MastraAuthProvider } from './auth.js';
+export declare class CompositeAuth extends MastraAuthProvider {
+    private providers;
+    constructor(providers: MastraAuthProvider[]);
+    authenticateToken(token: string, request: HonoRequest): Promise<unknown | null>;
+    authorizeUser(user: unknown, request: HonoRequest): Promise<boolean>;
+}
+//# sourceMappingURL=composite-auth.d.ts.map

package/dist/server/composite-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"composite-auth.d.ts","sourceRoot":"","sources":["../../src/server/composite-auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,QAAQ,CAAC;AAE5C,qBAAa,aAAc,SAAQ,kBAAkB;IACnD,OAAO,CAAC,SAAS,CAAuB;gBAE5B,SAAS,EAAE,kBAAkB,EAAE;IAKrC,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAc/E,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC;CAS3E"}

package/dist/server/index.cjs

@@ -42,9 +42,89 @@ exports.MastraAuthProvider = /*@__PURE__*/(_ => {
   exports.MastraAuthProvider = chunkEBVYYC2Q_cjs.__decorateElement(_init, 0, "MastraAuthProvider", _MastraAuthProvider_decorators, exports.MastraAuthProvider);
   chunkEBVYYC2Q_cjs.__runInitializers(_init, 1, exports.MastraAuthProvider);
 
-  // src/server/index.ts
+  // src/server/composite-auth.ts
   return exports.MastraAuthProvider;
 })();
+// src/server/composite-auth.ts
+var CompositeAuth = class extends exports.MastraAuthProvider {
+  providers;
+  constructor(providers) {
+    super();
+    this.providers = providers;
+  }
+  async authenticateToken(token, request) {
+    for (const provider of this.providers) {
+      try {
+        const user = await provider.authenticateToken(token, request);
+        if (user) {
+          return user;
+        }
+      } catch {}
+    }
+    return null;
+  }
+  async authorizeUser(user, request) {
+    for (const provider of this.providers) {
+      const authorized = await provider.authorizeUser(user, request);
+      if (authorized) {
+        return true;
+      }
+    }
+    return false;
+  }
+};
+
+// src/server/simple-auth.ts
+var SimpleAuth = class extends exports.MastraAuthProvider {
+  tokens;
+  headerNames;
+  authenticatedUsers;
+  constructor(options) {
+    super(options);
+    this.tokens = options.tokens;
+    this.headerNames = this.normalizeHeaders(options.headers);
+    this.authenticatedUsers = new Set(Object.values(this.tokens));
+  }
+  normalizeHeaders(headers) {
+    if (!headers) {
+      return ["Authorization"];
+    }
+    return Array.isArray(headers) ? headers : [headers];
+  }
+  extractBearerToken(value) {
+    if (value.startsWith("Bearer ")) {
+      return value.slice(7);
+    }
+    return value;
+  }
+  findTokenInHeaders(request) {
+    for (const headerName of this.headerNames) {
+      const headerValue = request.header(headerName);
+      if (headerValue) {
+        if (headerName.toLowerCase() === "authorization") {
+          return this.extractBearerToken(headerValue);
+        }
+        return headerValue;
+      }
+    }
+    return null;
+  }
+  async authenticateToken(token, request) {
+    const directToken = this.extractBearerToken(token);
+    if (directToken in this.tokens) {
+      return this.tokens[directToken];
+    }
+    const headerToken = this.findTokenInHeaders(request);
+    if (headerToken && headerToken in this.tokens) {
+      return this.tokens[headerToken];
+    }
+    return null;
+  }
+  async authorizeUser(user, _request) {
+    return this.authenticatedUsers.has(user);
+  }
+};
+
 // src/server/index.ts
 function validateOptions(path, options) {
   const opts = options;
@@ -97,6 +177,8 @@ function defineAuth(config) {
   return config;
 }
 
+exports.CompositeAuth = CompositeAuth;
+exports.SimpleAuth = SimpleAuth;
 exports.defineAuth = defineAuth;
 exports.registerApiRoute = registerApiRoute;
 //# sourceMappingURL=index.cjs.map

package/dist/server/index.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/server/auth.ts","../../src/server/index.ts"],"names":["MastraAuthProvider","__decoratorStart","__decorateElement","__runInitializers","MastraError"],"mappings":";;;;;;;;;;;;;;;;;;AAAA,MAAA,SAAA,EAAA,MAAA;AAkBA,MAAA,IAAA,EAAA,OAAA,EAAA;AAAiB,KACf,CAAA;AAAQ,IACR,IAAA,OAAA,EAAA,aAAiB,EAAA;AACnB,MAAC,IAAA,CAAA,aAAA,GAAA,OAAA,CAAA,aAAA,CAAA,IAAA,CAAA,IAAA,CAAA;AACM,IAAe;AAAuD,IACpE,IAAA,CAAA,SAAA,GAAA,OAAA,EAAA,SAAA;AAAA,IACA,IAAA,CAAA,MAAA,GAAA,OAAA,EAAA,MAAA;AAAA,EAEP;AACE,EAAA,eAAQ,CAAA,IAAA,EAAW;AAEnB,IAAA,IAAI,mBAAS,EAAA;AACX,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAA,aAAQ,CAAA,IAAc,CAAA,IAAK,CAAA;AAAI,IACtD;AAEA,IAAA,IAAA,eAAiB,EAAA;AACjB,MAAA,cAAc,GAAA,IAAS,CAAA,SAAA;AAAA,IACzB;AAAA,oBAkB0B,EAAA;AACxB,MAAA,WAAU,GAAA,IAAA,CAAA,MAAe;AACvB,IAAA;AAAiD,EAAA;AAEnD;AACEA,0CAAsB,CAAA,CAAA,IAAA;AAAA,EAAA,KACxB,GAAAC,kCAAA,CAAA,EAAA,CAAA;AACA,EAAAD,0BAAU,GAAQE,mCAAA,CAAA,KAAA,EAAA,CAAA,EAAA,oBAAA,EAAA,8BAAA,EAAAF,0BAAA,CAAA;AAChB,EAAAG,oCAAc,KAAK,EAAA,CAAA,EAAAH,0BAAA,CAAA;;AACrB;AAEJ,EAAA,OAAAA,0BAAA;AA1CO,CAAA,EAAA;AAAe;AAAf,SAAA,eAAA,CAAA,IAAe,EAAA,OAAA,EAAA;;;AC2BtB,IAAA,MAAS,IAAAI,6BACP;AAGA,MAAA,EAAM,EAAA,yCAAO;AAEb,MAAI,IAAA,8BAA2B,EAAA,IAAA,CAAA,4BAAA,CAAA;AAC7B,MAAA,QAAU,eAAY;AAAA,MACpB,QAAI,EAAA,MAAA;AAAA,KAAA,CACJ;AAAwC,EAAA;AACxC,EAAA,IACA,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IACF,MAAC,IAAAA,6BAAA,CAAA;AAAA,MACH,EAAA,EAAA,yCAAA;AAEA,MAAI,IAAA,EAAK,CAAA,4FAA2D,CAAA;AAClE,MAAA,QAAU,eAAY;AAAA,MACpB,QAAI,EAAA,MAAA;AAAA,KAAA,CACJ;AAAwC,EAAA;AACxC,EAAA,IACA,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IACF,MAAC,IAAAA,6BAAA,CAAA;AAAA,MACH,EAAA,EAAA,yCAAA;AAEA,MAAI,IAAA,EAAK,CAAA,sHAA2D,CAAA;AAClE,MAAA,QAAU,eAAY;AAAA,MACpB,QAAI,EAAA,MAAA;AAAA,KAAA,CACJ;AAAwC,EAAA;AACxC;AACA,SACD,gBAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AAAA,EACH,IAAA,IAAA,CAAA,UAAA,CAAA,OAAA,CAAA,EAAA;AACF,IAAA,MAAA,IAAAA,6BAAA,CAAA;AAEO,MAAA,EAAA,EAAS,iCAGa;AAC3B,MAAI,IAAA,EAAK,CAAA,sEAAqB,CAAA;AAC5B,MAAA,QAAU,eAAY;AAAA,MACpB,QAAI,EAAA,MAAA;AAAA,KAAA,CACJ;AAAM,EAAA;AACN,EAAA,eACA,CAAA,IAAA,EAAA,OAAA,CAAA;AAAA,EAAA,OACD;AAAA,IACH,IAAA;AAEA,IAAA,MAAA,EAAA,cAAsB;AAEtB,IAAA,OAAO,EAAA,OAAA,CAAA,OAAA;AAAA,IACL,aAAA,EAAA,OAAA,CAAA,aAAA;AAAA,IACA,SAAQ,OAAQ,CAAA,OAAA;AAAA,IAChB,UAAS,EAAA,OAAQ,CAAA,UAAA;AAAA,IACjB,qBAAe,CAAA;AAAQ,GAAA;AACN;AACG,mBACN,CAAA,MAAQ,EAAA;AAAA,EACxB,OAAA,MAAA;AACF","file":"index.cjs","sourcesContent":["import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport { InstrumentClass } from '../telemetry';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n  name?: string;\n  authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> | boolean;\n  /**\n   * Protected paths for the auth provider\n   */\n  protected?: MastraAuthConfig['protected'];\n  /**\n   * Public paths for the auth provider\n   */\n  public?: MastraAuthConfig['public'];\n}\n\n@InstrumentClass({\n  prefix: 'auth',\n  excludeMethods: ['__setTools', '__setLogger', '__setTelemetry', '#log'],\n})\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n  public protected?: MastraAuthConfig['protected'];\n  public public?: MastraAuthConfig['public'];\n\n  constructor(options?: MastraAuthProviderOptions<TUser>) {\n    super({ component: 'AUTH', name: options?.name });\n\n    if (options?.authorizeUser) {\n      this.authorizeUser = options.authorizeUser.bind(this);\n    }\n\n    this.protected = options?.protected;\n    this.public = options?.public;\n  }\n\n  /**\n   * Authenticate a token and return the payload\n   * @param token - The token to authenticate\n   * @param request - The request\n   * @returns The payload\n   */\n  abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>;\n\n  /**\n   * Authorize a user for a path and method\n   * @param user - The user to authorize\n   * @param request - The request\n   * @returns The authorization result\n   */\n  abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> | boolean;\n\n  protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n    if (opts?.authorizeUser) {\n      this.authorizeUser = opts.authorizeUser.bind(this);\n    }\n    if (opts?.protected) {\n      this.protected = opts.protected;\n    }\n    if (opts?.public) {\n      this.public = opts.public;\n    }\n  }\n}\n","import type { Context, Handler, MiddlewareHandler } from 'hono';\nimport type { DescribeRouteOptions } from 'hono-openapi';\nimport { MastraError, ErrorDomain, ErrorCategory } from '../error';\nimport type { Mastra } from '../mastra';\nimport type { ApiRoute, MastraAuthConfig, Methods } from './types';\n\nexport type { MastraAuthConfig, ContextWithMastra, ApiRoute } from './types';\nexport { MastraAuthProvider } from './auth';\nexport type { MastraAuthProviderOptions } from './auth';\n\n// Helper type for inferring parameters from a path\n// Thank you Claude!\ntype ParamsFromPath<P extends string> = {\n  [K in P extends `${string}:${infer Param}/${string}` | `${string}:${infer Param}` ? Param : never]: string;\n};\n\ntype RegisterApiRoutePathError = `Param 'path' must not start with '/api', it is reserved for internal API routes.`;\ntype ValidatePath<P extends string, T> = P extends `/api/${string}` ? RegisterApiRoutePathError : T;\n\ntype RegisterApiRouteOptions<P extends string> = {\n  method: Methods;\n  openapi?: DescribeRouteOptions;\n  handler?: Handler<\n    {\n      Variables: {\n        mastra: Mastra;\n      };\n    },\n    P,\n    ParamsFromPath<P>\n  >;\n  createHandler?: (c: Context) => Promise<\n    Handler<\n      {\n        Variables: {\n          mastra: Mastra;\n        };\n      },\n      P,\n      ParamsFromPath<P>\n    >\n  >;\n  middleware?: MiddlewareHandler | MiddlewareHandler[];\n  /**\n   * When false, skips Mastra auth for this route (defaults to true)\n   */\n  requiresAuth?: boolean;\n};\n\nfunction validateOptions<P extends string>(\n  path: P,\n  options: RegisterApiRoutePathError | RegisterApiRouteOptions<P>,\n): asserts options is RegisterApiRouteOptions<P> {\n  const opts = options as RegisterApiRouteOptions<P>;\n\n  if (opts.method === undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", missing \"method\" property`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  if (opts.handler === undefined && opts.createHandler === undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", you must define a \"handler\" or \"createHandler\" property`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  if (opts.handler !== undefined && opts.createHandler !== undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", you can only define one of the following properties: \"handler\" or \"createHandler\"`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n}\n\nexport function registerApiRoute<P extends string>(\n  path: P,\n  options: ValidatePath<P, RegisterApiRouteOptions<P>>,\n): ValidatePath<P, ApiRoute> {\n  if (path.startsWith('/api/')) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_PATH_RESERVED',\n      text: 'Path must not start with \"/api\", it\\'s reserved for internal API routes',\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  validateOptions(path, options);\n\n  return {\n    path,\n    method: options.method,\n    handler: options.handler,\n    createHandler: options.createHandler,\n    openapi: options.openapi,\n    middleware: options.middleware,\n    requiresAuth: options.requiresAuth,\n  } as unknown as ValidatePath<P, ApiRoute>;\n}\n\nexport function defineAuth<TUser>(config: MastraAuthConfig<TUser>): MastraAuthConfig<TUser> {\n  return config;\n}\n"]}
+{"version":3,"sources":["../../src/server/auth.ts","../../src/server/composite-auth.ts","../../src/server/simple-auth.ts","../../src/server/index.ts"],"names":["MastraAuthProvider","__decoratorStart","__decorateElement","__runInitializers","MastraError"],"mappings":";;;;;;;;;;;;;;;;;;AAAA,MAAA,SAAA,EAAA,MAAA;AAkBA,MAAA,IAAA,EAAA,OAAA,EAAA;AAAiB,KACf,CAAA;AAAQ,IACR,IAAA,OAAA,EAAA,aAAiB,EAAA;AACnB,MAAC,IAAA,CAAA,aAAA,GAAA,OAAA,CAAA,aAAA,CAAA,IAAA,CAAA,IAAA,CAAA;AACM,IAAe;AAAuD,IACpE,IAAA,CAAA,SAAA,GAAA,OAAA,EAAA,SAAA;AAAA,IACA,IAAA,CAAA,MAAA,GAAA,OAAA,EAAA,MAAA;AAAA,EAEP;AACE,EAAA,eAAQ,CAAA,IAAA,EAAW;AAEnB,IAAA,IAAI,mBAAS,EAAA;AACX,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAA,aAAQ,CAAA,IAAc,CAAA,IAAK,CAAA;AAAI,IACtD;AAEA,IAAA,IAAA,eAAiB,EAAA;AACjB,MAAA,cAAc,GAAA,IAAS,CAAA,SAAA;AAAA,IACzB;AAAA,oBAkB0B,EAAA;AACxB,MAAA,WAAU,GAAA,IAAA,CAAA,MAAe;AACvB,IAAA;AAAiD,EAAA;AAEnD;AACEA,0CAAsB,CAAA,CAAA,IAAA;AAAA,EAAA,KACxB,GAAAC,kCAAA,CAAA,EAAA,CAAA;AACA,EAAAD,0BAAU,GAAQE,mCAAA,CAAA,KAAA,EAAA,CAAA,EAAA,oBAAA,EAAA,8BAAA,EAAAF,0BAAA,CAAA;AAChB,EAAAG,oCAAc,KAAK,EAAA,CAAA,EAAAH,0BAAA,CAAA;;AACrB;AAEJ,EAAA,OAAAA,0BAAA;AA1CO,CAAA,EAAA;AAAe;AAAf,IAAA,aAAA,GAAA,cAAeA,0BAAA,CAAA;;;ACnBf,IAAM,KAAA,EAAA;AAAyC,IAC5C,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAER;AACE,EAAA,MAAA,iBAAM,CAAA,KAAA,EAAA,OAAA,EAAA;AACN,IAAA,KAAK,MAAA,QAAY,IAAA,IAAA,CAAA,SAAA,EAAA;AAAA,MACnB,IAAA;AAAA,QAEM,MAAA,IAAA,GAAA,MAAkB,QAAe,CAAA,iBAA+C,CAAA,KAAA,EAAA,OAAA,CAAA;AACpF,QAAA,IAAA,IAAW,EAAA;AACT,UAAI,OAAA,IAAA;AACF,QAAA;AACA,MAAA,CAAA,CAAA,MAAI,CAAA;AACF,IAAA;AAAO,IAAA,OACT,IAAA;AAAA,EAAA;AACM,EAAA,MAER,aAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AAAA,IACF,KAAA,MAAA,QAAA,IAAA,IAAA,CAAA,SAAA,EAAA;AACA,MAAA,MAAO,UAAA,GAAA,MAAA,QAAA,CAAA,aAAA,CAAA,IAAA,EAAA,OAAA,CAAA;AAAA,MACT,IAAA,UAAA,EAAA;AAAA,QAEM,OAAA,IAAA;AACJ,MAAA;AACE,IAAA;AACA,IAAA,OAAI,KAAA;AACF,EAAA;AAAO;;AAGX;AACF,IAAA,UAAA,GAAA,cAAAA,0BAAA,CAAA;AACF,EAAA,MAAA;;;ACZO,EAAA,WAAM,CAAA;AAA8D,IACjE,KAAA,CAAA,OAAA,CAAA;AAAA,IACA,IAAA,CAAA,MAAA,GAAA,OAAA,CAAA,MAAA;AAAA,IACA,IAAA,CAAA,WAAA,GAAA,IAAA,CAAA,gBAAA,CAAA,OAAA,CAAA,OAAA,CAAA;AAAA,2BAEuC,GAAA,IAAA,GAAA,CAAA,MAAA,CAAA,MAAA,CAAA,IAAA,CAAA,MAAA,CAAA,CAAA;AAC7C,EAAA;AACA,EAAA,gBAAc,CAAA,OAAQ,EAAA;AACtB,IAAA,IAAA,CAAK,OAAA,EAAA;AAEL,MAAA,wBAA0B;AAAkC,IAC9D;AAAA,wBAEyB,CAAA,OAAuC,CAAA,GAAA,OAAA,GAAA,CAAA,OAAA,CAAA;AAC9D,EAAA;AACE,EAAA,kBAAQ,CAAA,KAAA,EAAA;AAAe,IACzB,IAAA,KAAA,CAAA,UAAA,CAAA,SAAA,CAAA,EAAA;AACA,MAAA,YAAa,CAAA,KAAA,CAAQ,CAAA,CAAA;AAA6B,IACpD;AAAA;AAGE,EAAA;AACE,EAAA,0BAAoB,EAAA;AAAA,IACtB,KAAA,MAAA,UAAA,IAAA,IAAA,CAAA,WAAA,EAAA;AACA,MAAA,MAAO,WAAA,GAAA,OAAA,CAAA,MAAA,CAAA,UAAA,CAAA;AAAA,MACT,IAAA,WAAA,EAAA;AAAA,sBAE2B,CAAA,WAAqC,EAAA,KAAA,eAAA,EAAA;AAC9D,UAAA,OAAW,IAAA,CAAA,kBAAmB,CAAA,WAAa,CAAA;AACzC,QAAA;AACA,QAAA,OAAI,WAAa;AAEf,MAAA;AACE,IAAA;AAA0C,IAAA,OAC5C,IAAA;AACA,EAAA;AAAO,EAAA,MACT,iBAAA,CAAA,KAAA,EAAA,OAAA,EAAA;AAAA,IACF,MAAA,WAAA,GAAA,IAAA,CAAA,kBAAA,CAAA,KAAA,CAAA;AACA,IAAA,IAAA,WAAO,IAAA,IAAA,CAAA,MAAA,EAAA;AAAA,MACT,OAAA,IAAA,CAAA,MAAA,CAAA,WAAA,CAAA;AAAA,IAEA;AAEE,IAAA,MAAM,WAAA,GAAc,IAAA,CAAK,kBAAA,CAAmB,OAAK,CAAA;AACjD,IAAA,IAAI,WAAA,IAAe,WAAK,IAAQ,IAAA,CAAA,MAAA,EAAA;AAC9B,MAAA,OAAO,IAAA,CAAK,OAAO,WAAW,CAAA;AAAA,IAChC;AAGA,IAAA,OAAM,IAAA;AACN,EAAA;AACE,EAAA,MAAA,kBAAmB,EAAA,QAAW,EAAA;AAAA,IAChC,OAAA,IAAA,CAAA,kBAAA,CAAA,GAAA,CAAA,IAAA,CAAA;AAEA,EAAA;AAAO;;AAKP;AAAuC,SACzC,eAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AACF,EAAA,MAAA,IAAA,GAAA,OAAA;;;AC/BA,MAAA,EAAA,EAAS,yCAGwC;AAC/C,MAAA,IAAM,EAAA,CAAA,2BAAO,EAAA,IAAA,CAAA,4BAAA,CAAA;AAEb,MAAI,uBAAgB;AAClB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC,EAAA,IACxC,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IAAA,MACA,IAAAI,6BAAA,CAAA;AAAA,MACD,EAAA,EAAA,yCAAA;AAAA,MACH,IAAA,EAAA,CAAA,2BAAA,EAAA,IAAA,CAAA,0DAAA,CAAA;AAEA,MAAI,MAAK,EAAA,eAAY;AACnB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC,EAAA,IACxC,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IAAA,MACA,IAAAA,6BAAA,CAAA;AAAA,MACD,EAAA,EAAA,yCAAA;AAAA,MACH,IAAA,EAAA,CAAA,2BAAA,EAAA,IAAA,CAAA,oFAAA,CAAA;AAEA,MAAI,MAAK,EAAA,eAAY;AACnB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC;AACxC,SACA,gBAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AAAA,EAAA,IACD,IAAA,CAAA,UAAA,CAAA,OAAA,CAAA,EAAA;AAAA,IACH,MAAA,IAAAA,6BAAA,CAAA;AACF,MAAA,EAAA,EAAA,iCAAA;AAEO,MAAA,IAAS,EAAA,CAAA,sEAGa,CAAA;AAC3B,MAAI,MAAK,EAAA,eAAkB;AACzB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACE,EAAA,eACN,CAAA,IAAA,EAAA,OAAA,CAAA;AAAA,EAAA,OACA;AAAA,IACF,IAAC;AAAA,IACH,MAAA,EAAA,OAAA,CAAA,MAAA;AAEA,IAAA,OAAA,EAAA,eAAsB;AAEtB,IAAA,aAAO,EAAA,OAAA,CAAA,aAAA;AAAA,IACL,OAAA,EAAA,OAAA,CAAA,OAAA;AAAA,IACA,UAAQ,EAAA,OAAQ,CAAA,UAAA;AAAA,IAChB,YAAS,EAAA,OAAQ,CAAA;AAAA,GAAA;AACM;AACN,mBACL,CAAA,MAAQ,EAAA;AAAA,EAAA;AACE","file":"index.cjs","sourcesContent":["import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport { InstrumentClass } from '../telemetry';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n  name?: string;\n  authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> | boolean;\n  /**\n   * Protected paths for the auth provider\n   */\n  protected?: MastraAuthConfig['protected'];\n  /**\n   * Public paths for the auth provider\n   */\n  public?: MastraAuthConfig['public'];\n}\n\n@InstrumentClass({\n  prefix: 'auth',\n  excludeMethods: ['__setTools', '__setLogger', '__setTelemetry', '#log'],\n})\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n  public protected?: MastraAuthConfig['protected'];\n  public public?: MastraAuthConfig['public'];\n\n  constructor(options?: MastraAuthProviderOptions<TUser>) {\n    super({ component: 'AUTH', name: options?.name });\n\n    if (options?.authorizeUser) {\n      this.authorizeUser = options.authorizeUser.bind(this);\n    }\n\n    this.protected = options?.protected;\n    this.public = options?.public;\n  }\n\n  /**\n   * Authenticate a token and return the payload\n   * @param token - The token to authenticate\n   * @param request - The request\n   * @returns The payload\n   */\n  abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>;\n\n  /**\n   * Authorize a user for a path and method\n   * @param user - The user to authorize\n   * @param request - The request\n   * @returns The authorization result\n   */\n  abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> | boolean;\n\n  protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n    if (opts?.authorizeUser) {\n      this.authorizeUser = opts.authorizeUser.bind(this);\n    }\n    if (opts?.protected) {\n      this.protected = opts.protected;\n    }\n    if (opts?.public) {\n      this.public = opts.public;\n    }\n  }\n}\n","import type { HonoRequest } from 'hono';\nimport { MastraAuthProvider } from './auth';\n\nexport class CompositeAuth extends MastraAuthProvider {\n  private providers: MastraAuthProvider[];\n\n  constructor(providers: MastraAuthProvider[]) {\n    super();\n    this.providers = providers;\n  }\n\n  async authenticateToken(token: string, request: HonoRequest): Promise<unknown | null> {\n    for (const provider of this.providers) {\n      try {\n        const user = await provider.authenticateToken(token, request);\n        if (user) {\n          return user;\n        }\n      } catch {\n        // ignore error, try next provider\n      }\n    }\n    return null;\n  }\n\n  async authorizeUser(user: unknown, request: HonoRequest): Promise<boolean> {\n    for (const provider of this.providers) {\n      const authorized = await provider.authorizeUser(user, request);\n      if (authorized) {\n        return true;\n      }\n    }\n    return false;\n  }\n}\n","import type { HonoRequest } from 'hono';\nimport { MastraAuthProvider } from './auth';\nimport type { MastraAuthProviderOptions } from './auth';\n\nexport interface SimpleAuthOptions<TUser = unknown> extends MastraAuthProviderOptions<TUser> {\n  /**\n   * A map of tokens to users.\n   * When a token is provided, it will be looked up in this map.\n   */\n  tokens: Record<string, TUser>;\n  /**\n   * Headers to check for the token.\n   * Defaults to 'Authorization' with Bearer token extraction.\n   * Can be a string or array of strings for custom header names.\n   */\n  headers?: string | string[];\n}\n\n/**\n * SimpleAuth is a basic token-based authentication provider.\n * It validates tokens against a predefined map of tokens to users.\n */\nexport class SimpleAuth<TUser = unknown> extends MastraAuthProvider<TUser> {\n  private tokens: Record<string, TUser>;\n  private headerNames: string[];\n  private authenticatedUsers: Set<TUser>;\n\n  constructor(options: SimpleAuthOptions<TUser>) {\n    super(options);\n    this.tokens = options.tokens;\n    this.headerNames = this.normalizeHeaders(options.headers);\n    // Store reference to all valid users for authorization\n    this.authenticatedUsers = new Set(Object.values(this.tokens));\n  }\n\n  private normalizeHeaders(headers?: string | string[]): string[] {\n    if (!headers) {\n      return ['Authorization'];\n    }\n    return Array.isArray(headers) ? headers : [headers];\n  }\n\n  private extractBearerToken(value: string): string {\n    if (value.startsWith('Bearer ')) {\n      return value.slice(7);\n    }\n    return value;\n  }\n\n  private findTokenInHeaders(request: HonoRequest): string | null {\n    for (const headerName of this.headerNames) {\n      const headerValue = request.header(headerName);\n      if (headerValue) {\n        // For Authorization header, extract Bearer token\n        if (headerName.toLowerCase() === 'authorization') {\n          return this.extractBearerToken(headerValue);\n        }\n        return headerValue;\n      }\n    }\n    return null;\n  }\n\n  async authenticateToken(token: string, request: HonoRequest): Promise<TUser | null> {\n    // First, try the direct token\n    const directToken = this.extractBearerToken(token);\n    if (directToken in this.tokens) {\n      return this.tokens[directToken]!;\n    }\n\n    // Then, try to find token in headers\n    const headerToken = this.findTokenInHeaders(request);\n    if (headerToken && headerToken in this.tokens) {\n      return this.tokens[headerToken]!;\n    }\n\n    return null;\n  }\n\n  async authorizeUser(user: TUser, _request: HonoRequest): Promise<boolean> {\n    // Check if this user was authenticated through our tokens\n    return this.authenticatedUsers.has(user);\n  }\n}\n","import type { Context, Handler, MiddlewareHandler } from 'hono';\nimport type { DescribeRouteOptions } from 'hono-openapi';\nimport { MastraError, ErrorDomain, ErrorCategory } from '../error';\nimport type { Mastra } from '../mastra';\nimport type { ApiRoute, MastraAuthConfig, Methods } from './types';\n\nexport type { MastraAuthConfig, ContextWithMastra, ApiRoute } from './types';\nexport { MastraAuthProvider } from './auth';\nexport type { MastraAuthProviderOptions } from './auth';\nexport { CompositeAuth } from './composite-auth';\nexport { SimpleAuth } from './simple-auth';\nexport type { SimpleAuthOptions } from './simple-auth';\n\n// Helper type for inferring parameters from a path\n// Thank you Claude!\ntype ParamsFromPath<P extends string> = {\n  [K in P extends `${string}:${infer Param}/${string}` | `${string}:${infer Param}` ? Param : never]: string;\n};\n\ntype RegisterApiRoutePathError = `Param 'path' must not start with '/api', it is reserved for internal API routes.`;\ntype ValidatePath<P extends string, T> = P extends `/api/${string}` ? RegisterApiRoutePathError : T;\n\ntype RegisterApiRouteOptions<P extends string> = {\n  method: Methods;\n  openapi?: DescribeRouteOptions;\n  handler?: Handler<\n    {\n      Variables: {\n        mastra: Mastra;\n      };\n    },\n    P,\n    ParamsFromPath<P>\n  >;\n  createHandler?: (c: Context) => Promise<\n    Handler<\n      {\n        Variables: {\n          mastra: Mastra;\n        };\n      },\n      P,\n      ParamsFromPath<P>\n    >\n  >;\n  middleware?: MiddlewareHandler | MiddlewareHandler[];\n  /**\n   * When false, skips Mastra auth for this route (defaults to true)\n   */\n  requiresAuth?: boolean;\n};\n\nfunction validateOptions<P extends string>(\n  path: P,\n  options: RegisterApiRoutePathError | RegisterApiRouteOptions<P>,\n): asserts options is RegisterApiRouteOptions<P> {\n  const opts = options as RegisterApiRouteOptions<P>;\n\n  if (opts.method === undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", missing \"method\" property`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  if (opts.handler === undefined && opts.createHandler === undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", you must define a \"handler\" or \"createHandler\" property`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  if (opts.handler !== undefined && opts.createHandler !== undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", you can only define one of the following properties: \"handler\" or \"createHandler\"`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n}\n\nexport function registerApiRoute<P extends string>(\n  path: P,\n  options: ValidatePath<P, RegisterApiRouteOptions<P>>,\n): ValidatePath<P, ApiRoute> {\n  if (path.startsWith('/api/')) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_PATH_RESERVED',\n      text: 'Path must not start with \"/api\", it\\'s reserved for internal API routes',\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  validateOptions(path, options);\n\n  return {\n    path,\n    method: options.method,\n    handler: options.handler,\n    createHandler: options.createHandler,\n    openapi: options.openapi,\n    middleware: options.middleware,\n    requiresAuth: options.requiresAuth,\n  } as unknown as ValidatePath<P, ApiRoute>;\n}\n\nexport function defineAuth<TUser>(config: MastraAuthConfig<TUser>): MastraAuthConfig<TUser> {\n  return config;\n}\n"]}

package/dist/server/index.d.ts

@@ -5,6 +5,9 @@ import type { ApiRoute, MastraAuthConfig, Methods } from './types.js';
 export type { MastraAuthConfig, ContextWithMastra, ApiRoute } from './types.js';
 export { MastraAuthProvider } from './auth.js';
 export type { MastraAuthProviderOptions } from './auth.js';
+export { CompositeAuth } from './composite-auth.js';
+export { SimpleAuth } from './simple-auth.js';
+export type { SimpleAuthOptions } from './simple-auth.js';
 type ParamsFromPath<P extends string> = {
     [K in P extends `${string}:${infer Param}/${string}` | `${string}:${infer Param}` ? Param : never]: string;
 };

package/dist/server/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAChE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEzD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,KAAK,EAAE,QAAQ,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAEnE,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,kBAAkB,EAAE,MAAM,QAAQ,CAAC;AAC5C,YAAY,EAAE,yBAAyB,EAAE,MAAM,QAAQ,CAAC;AAIxD,KAAK,cAAc,CAAC,CAAC,SAAS,MAAM,IAAI;KACrC,CAAC,IAAI,CAAC,SAAS,GAAG,MAAM,IAAI,MAAM,KAAK,IAAI,MAAM,EAAE,GAAG,GAAG,MAAM,IAAI,MAAM,KAAK,EAAE,GAAG,KAAK,GAAG,KAAK,GAAG,MAAM;CAC3G,CAAC;AAEF,KAAK,yBAAyB,GAAG,kFAAkF,CAAC;AACpH,KAAK,YAAY,CAAC,CAAC,SAAS,MAAM,EAAE,CAAC,IAAI,CAAC,SAAS,QAAQ,MAAM,EAAE,GAAG,yBAAyB,GAAG,CAAC,CAAC;AAEpG,KAAK,uBAAuB,CAAC,CAAC,SAAS,MAAM,IAAI;IAC/C,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,oBAAoB,CAAC;IAC/B,OAAO,CAAC,EAAE,OAAO,CACf;QACE,SAAS,EAAE;YACT,MAAM,EAAE,MAAM,CAAC;SAChB,CAAC;KACH,EACD,CAAC,EACD,cAAc,CAAC,CAAC,CAAC,CAClB,CAAC;IACF,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,OAAO,CACrC,OAAO,CACL;QACE,SAAS,EAAE;YACT,MAAM,EAAE,MAAM,CAAC;SAChB,CAAC;KACH,EACD,CAAC,EACD,cAAc,CAAC,CAAC,CAAC,CAClB,CACF,CAAC;IACF,UAAU,CAAC,EAAE,iBAAiB,GAAG,iBAAiB,EAAE,CAAC;IACrD;;OAEG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB,CAAC;AAoCF,wBAAgB,gBAAgB,CAAC,CAAC,SAAS,MAAM,EAC/C,IAAI,EAAE,CAAC,EACP,OAAO,EAAE,YAAY,CAAC,CAAC,EAAE,uBAAuB,CAAC,CAAC,CAAC,CAAC,GACnD,YAAY,CAAC,CAAC,EAAE,QAAQ,CAAC,CAqB3B;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,gBAAgB,CAAC,KAAK,CAAC,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAE1F"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAChE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEzD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,KAAK,EAAE,QAAQ,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAEnE,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,kBAAkB,EAAE,MAAM,QAAQ,CAAC;AAC5C,YAAY,EAAE,yBAAyB,EAAE,MAAM,QAAQ,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,YAAY,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAIvD,KAAK,cAAc,CAAC,CAAC,SAAS,MAAM,IAAI;KACrC,CAAC,IAAI,CAAC,SAAS,GAAG,MAAM,IAAI,MAAM,KAAK,IAAI,MAAM,EAAE,GAAG,GAAG,MAAM,IAAI,MAAM,KAAK,EAAE,GAAG,KAAK,GAAG,KAAK,GAAG,MAAM;CAC3G,CAAC;AAEF,KAAK,yBAAyB,GAAG,kFAAkF,CAAC;AACpH,KAAK,YAAY,CAAC,CAAC,SAAS,MAAM,EAAE,CAAC,IAAI,CAAC,SAAS,QAAQ,MAAM,EAAE,GAAG,yBAAyB,GAAG,CAAC,CAAC;AAEpG,KAAK,uBAAuB,CAAC,CAAC,SAAS,MAAM,IAAI;IAC/C,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,oBAAoB,CAAC;IAC/B,OAAO,CAAC,EAAE,OAAO,CACf;QACE,SAAS,EAAE;YACT,MAAM,EAAE,MAAM,CAAC;SAChB,CAAC;KACH,EACD,CAAC,EACD,cAAc,CAAC,CAAC,CAAC,CAClB,CAAC;IACF,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,OAAO,CACrC,OAAO,CACL;QACE,SAAS,EAAE;YACT,MAAM,EAAE,MAAM,CAAC;SAChB,CAAC;KACH,EACD,CAAC,EACD,cAAc,CAAC,CAAC,CAAC,CAClB,CACF,CAAC;IACF,UAAU,CAAC,EAAE,iBAAiB,GAAG,iBAAiB,EAAE,CAAC;IACrD;;OAEG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB,CAAC;AAoCF,wBAAgB,gBAAgB,CAAC,CAAC,SAAS,MAAM,EAC/C,IAAI,EAAE,CAAC,EACP,OAAO,EAAE,YAAY,CAAC,CAAC,EAAE,uBAAuB,CAAC,CAAC,CAAC,CAAC,GACnD,YAAY,CAAC,CAAC,EAAE,QAAQ,CAAC,CAqB3B;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,gBAAgB,CAAC,KAAK,CAAC,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAE1F"}

package/dist/server/index.js

@@ -40,9 +40,89 @@ MastraAuthProvider = /*@__PURE__*/(_ => {
   MastraAuthProvider = __decorateElement(_init, 0, "MastraAuthProvider", _MastraAuthProvider_decorators, MastraAuthProvider);
   __runInitializers(_init, 1, MastraAuthProvider);
 
-  // src/server/index.ts
+  // src/server/composite-auth.ts
   return MastraAuthProvider;
 })();
+// src/server/composite-auth.ts
+var CompositeAuth = class extends MastraAuthProvider {
+  providers;
+  constructor(providers) {
+    super();
+    this.providers = providers;
+  }
+  async authenticateToken(token, request) {
+    for (const provider of this.providers) {
+      try {
+        const user = await provider.authenticateToken(token, request);
+        if (user) {
+          return user;
+        }
+      } catch {}
+    }
+    return null;
+  }
+  async authorizeUser(user, request) {
+    for (const provider of this.providers) {
+      const authorized = await provider.authorizeUser(user, request);
+      if (authorized) {
+        return true;
+      }
+    }
+    return false;
+  }
+};
+
+// src/server/simple-auth.ts
+var SimpleAuth = class extends MastraAuthProvider {
+  tokens;
+  headerNames;
+  authenticatedUsers;
+  constructor(options) {
+    super(options);
+    this.tokens = options.tokens;
+    this.headerNames = this.normalizeHeaders(options.headers);
+    this.authenticatedUsers = new Set(Object.values(this.tokens));
+  }
+  normalizeHeaders(headers) {
+    if (!headers) {
+      return ["Authorization"];
+    }
+    return Array.isArray(headers) ? headers : [headers];
+  }
+  extractBearerToken(value) {
+    if (value.startsWith("Bearer ")) {
+      return value.slice(7);
+    }
+    return value;
+  }
+  findTokenInHeaders(request) {
+    for (const headerName of this.headerNames) {
+      const headerValue = request.header(headerName);
+      if (headerValue) {
+        if (headerName.toLowerCase() === "authorization") {
+          return this.extractBearerToken(headerValue);
+        }
+        return headerValue;
+      }
+    }
+    return null;
+  }
+  async authenticateToken(token, request) {
+    const directToken = this.extractBearerToken(token);
+    if (directToken in this.tokens) {
+      return this.tokens[directToken];
+    }
+    const headerToken = this.findTokenInHeaders(request);
+    if (headerToken && headerToken in this.tokens) {
+      return this.tokens[headerToken];
+    }
+    return null;
+  }
+  async authorizeUser(user, _request) {
+    return this.authenticatedUsers.has(user);
+  }
+};
+
 // src/server/index.ts
 function validateOptions(path, options) {
   const opts = options;
@@ -95,6 +175,6 @@ function defineAuth(config) {
   return config;
 }
 
-export { MastraAuthProvider, defineAuth, registerApiRoute };
+export { CompositeAuth, MastraAuthProvider, SimpleAuth, defineAuth, registerApiRoute };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map