@mastra/core 0.24.6 → 0.24.7-alpha.1

package/dist/processors/index.cjs

@@ -1,48 +1,48 @@
 'use strict';
 
-var chunkXDMQQZNX_cjs = require('../chunk-XDMQQZNX.cjs');
+var chunkAHQOJZT2_cjs = require('../chunk-AHQOJZT2.cjs');
 
 
 
 Object.defineProperty(exports, "BatchPartsProcessor", {
   enumerable: true,
-  get: function () { return chunkXDMQQZNX_cjs.BatchPartsProcessor; }
+  get: function () { return chunkAHQOJZT2_cjs.BatchPartsProcessor; }
 });
 Object.defineProperty(exports, "LanguageDetector", {
   enumerable: true,
-  get: function () { return chunkXDMQQZNX_cjs.LanguageDetector; }
+  get: function () { return chunkAHQOJZT2_cjs.LanguageDetector; }
 });
 Object.defineProperty(exports, "ModerationProcessor", {
   enumerable: true,
-  get: function () { return chunkXDMQQZNX_cjs.ModerationProcessor; }
+  get: function () { return chunkAHQOJZT2_cjs.ModerationProcessor; }
 });
 Object.defineProperty(exports, "PIIDetector", {
   enumerable: true,
-  get: function () { return chunkXDMQQZNX_cjs.PIIDetector; }
+  get: function () { return chunkAHQOJZT2_cjs.PIIDetector; }
 });
 Object.defineProperty(exports, "ProcessorState", {
   enumerable: true,
-  get: function () { return chunkXDMQQZNX_cjs.ProcessorState; }
+  get: function () { return chunkAHQOJZT2_cjs.ProcessorState; }
 });
 Object.defineProperty(exports, "PromptInjectionDetector", {
   enumerable: true,
-  get: function () { return chunkXDMQQZNX_cjs.PromptInjectionDetector; }
+  get: function () { return chunkAHQOJZT2_cjs.PromptInjectionDetector; }
 });
 Object.defineProperty(exports, "StructuredOutputProcessor", {
   enumerable: true,
-  get: function () { return chunkXDMQQZNX_cjs.StructuredOutputProcessor; }
+  get: function () { return chunkAHQOJZT2_cjs.StructuredOutputProcessor; }
 });
 Object.defineProperty(exports, "SystemPromptScrubber", {
   enumerable: true,
-  get: function () { return chunkXDMQQZNX_cjs.SystemPromptScrubber; }
+  get: function () { return chunkAHQOJZT2_cjs.SystemPromptScrubber; }
 });
 Object.defineProperty(exports, "TokenLimiterProcessor", {
   enumerable: true,
-  get: function () { return chunkXDMQQZNX_cjs.TokenLimiterProcessor; }
+  get: function () { return chunkAHQOJZT2_cjs.TokenLimiterProcessor; }
 });
 Object.defineProperty(exports, "UnicodeNormalizer", {
   enumerable: true,
-  get: function () { return chunkXDMQQZNX_cjs.UnicodeNormalizer; }
+  get: function () { return chunkAHQOJZT2_cjs.UnicodeNormalizer; }
 });
 //# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map

package/dist/processors/index.js

@@ -1,3 +1,3 @@
-export { BatchPartsProcessor, LanguageDetector, ModerationProcessor, PIIDetector, ProcessorState, PromptInjectionDetector, StructuredOutputProcessor, SystemPromptScrubber, TokenLimiterProcessor, UnicodeNormalizer } from '../chunk-LAQQETGP.js';
+export { BatchPartsProcessor, LanguageDetector, ModerationProcessor, PIIDetector, ProcessorState, PromptInjectionDetector, StructuredOutputProcessor, SystemPromptScrubber, TokenLimiterProcessor, UnicodeNormalizer } from '../chunk-5UWR4YYL.js';
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/provider-registry-254GJGUL.cjs

@@ -0,0 +1,40 @@
+'use strict';
+
+var chunk6DFSLVVY_cjs = require('./chunk-6DFSLVVY.cjs');
+
+
+
+Object.defineProperty(exports, "GatewayRegistry", {
+  enumerable: true,
+  get: function () { return chunk6DFSLVVY_cjs.GatewayRegistry; }
+});
+Object.defineProperty(exports, "PROVIDER_MODELS", {
+  enumerable: true,
+  get: function () { return chunk6DFSLVVY_cjs.PROVIDER_MODELS; }
+});
+Object.defineProperty(exports, "PROVIDER_REGISTRY", {
+  enumerable: true,
+  get: function () { return chunk6DFSLVVY_cjs.PROVIDER_REGISTRY; }
+});
+Object.defineProperty(exports, "getProviderConfig", {
+  enumerable: true,
+  get: function () { return chunk6DFSLVVY_cjs.getProviderConfig; }
+});
+Object.defineProperty(exports, "getRegisteredProviders", {
+  enumerable: true,
+  get: function () { return chunk6DFSLVVY_cjs.getRegisteredProviders; }
+});
+Object.defineProperty(exports, "isProviderRegistered", {
+  enumerable: true,
+  get: function () { return chunk6DFSLVVY_cjs.isProviderRegistered; }
+});
+Object.defineProperty(exports, "isValidModelId", {
+  enumerable: true,
+  get: function () { return chunk6DFSLVVY_cjs.isValidModelId; }
+});
+Object.defineProperty(exports, "parseModelString", {
+  enumerable: true,
+  get: function () { return chunk6DFSLVVY_cjs.parseModelString; }
+});
+//# sourceMappingURL=provider-registry-254GJGUL.cjs.map
+//# sourceMappingURL=provider-registry-254GJGUL.cjs.map

package/dist/{provider-registry-RUDYHG7J.cjs.map → provider-registry-254GJGUL.cjs.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"provider-registry-RUDYHG7J.cjs"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"provider-registry-254GJGUL.cjs"}

package/dist/provider-registry-7BUYRBGO.js

@@ -0,0 +1,3 @@
+export { GatewayRegistry, PROVIDER_MODELS, PROVIDER_REGISTRY, getProviderConfig, getRegisteredProviders, isProviderRegistered, isValidModelId, parseModelString } from './chunk-PHSTPDWR.js';
+//# sourceMappingURL=provider-registry-7BUYRBGO.js.map
+//# sourceMappingURL=provider-registry-7BUYRBGO.js.map

package/dist/{provider-registry-THITZUJ7.js.map → provider-registry-7BUYRBGO.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"provider-registry-THITZUJ7.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"provider-registry-7BUYRBGO.js"}

package/dist/relevance/index.cjs

@@ -1,20 +1,20 @@
 'use strict';
 
-var chunkGZDIHQDK_cjs = require('../chunk-GZDIHQDK.cjs');
+var chunkGWA56ELO_cjs = require('../chunk-GWA56ELO.cjs');
 
 
 
 Object.defineProperty(exports, "CohereRelevanceScorer", {
   enumerable: true,
-  get: function () { return chunkGZDIHQDK_cjs.CohereRelevanceScorer; }
+  get: function () { return chunkGWA56ELO_cjs.CohereRelevanceScorer; }
 });
 Object.defineProperty(exports, "MastraAgentRelevanceScorer", {
   enumerable: true,
-  get: function () { return chunkGZDIHQDK_cjs.MastraAgentRelevanceScorer; }
+  get: function () { return chunkGWA56ELO_cjs.MastraAgentRelevanceScorer; }
 });
 Object.defineProperty(exports, "createSimilarityPrompt", {
   enumerable: true,
-  get: function () { return chunkGZDIHQDK_cjs.createSimilarityPrompt; }
+  get: function () { return chunkGWA56ELO_cjs.createSimilarityPrompt; }
 });
 //# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map

package/dist/relevance/index.js

@@ -1,3 +1,3 @@
-export { CohereRelevanceScorer, MastraAgentRelevanceScorer, createSimilarityPrompt } from '../chunk-DHLW4AP7.js';
+export { CohereRelevanceScorer, MastraAgentRelevanceScorer, createSimilarityPrompt } from '../chunk-GOEAJJED.js';
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/scores/index.cjs

@@ -1,37 +1,37 @@
 'use strict';
 
-var chunkKWF3J2Q4_cjs = require('../chunk-KWF3J2Q4.cjs');
-var chunk46XGIEXM_cjs = require('../chunk-46XGIEXM.cjs');
+var chunkSJ3PJ5D6_cjs = require('../chunk-SJ3PJ5D6.cjs');
+var chunkRWPKCFZT_cjs = require('../chunk-RWPKCFZT.cjs');
 
 
 
 Object.defineProperty(exports, "MastraScorer", {
   enumerable: true,
-  get: function () { return chunkKWF3J2Q4_cjs.MastraScorer; }
+  get: function () { return chunkSJ3PJ5D6_cjs.MastraScorer; }
 });
 Object.defineProperty(exports, "createScorer", {
   enumerable: true,
-  get: function () { return chunkKWF3J2Q4_cjs.createScorer; }
+  get: function () { return chunkSJ3PJ5D6_cjs.createScorer; }
 });
 Object.defineProperty(exports, "runExperiment", {
   enumerable: true,
-  get: function () { return chunkKWF3J2Q4_cjs.runExperiment; }
+  get: function () { return chunkSJ3PJ5D6_cjs.runExperiment; }
 });
 Object.defineProperty(exports, "saveScorePayloadSchema", {
   enumerable: true,
-  get: function () { return chunk46XGIEXM_cjs.saveScorePayloadSchema; }
+  get: function () { return chunkRWPKCFZT_cjs.saveScorePayloadSchema; }
 });
 Object.defineProperty(exports, "scoreResultSchema", {
   enumerable: true,
-  get: function () { return chunk46XGIEXM_cjs.scoreResultSchema; }
+  get: function () { return chunkRWPKCFZT_cjs.scoreResultSchema; }
 });
 Object.defineProperty(exports, "scoringExtractStepResultSchema", {
   enumerable: true,
-  get: function () { return chunk46XGIEXM_cjs.scoringExtractStepResultSchema; }
+  get: function () { return chunkRWPKCFZT_cjs.scoringExtractStepResultSchema; }
 });
 Object.defineProperty(exports, "scoringValueSchema", {
   enumerable: true,
-  get: function () { return chunk46XGIEXM_cjs.scoringValueSchema; }
+  get: function () { return chunkRWPKCFZT_cjs.scoringValueSchema; }
 });
 //# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map

package/dist/scores/index.js

@@ -1,4 +1,4 @@
-export { MastraScorer, createScorer, runExperiment } from '../chunk-MRSBLBQ5.js';
-export { saveScorePayloadSchema, scoreResultSchema, scoringExtractStepResultSchema, scoringValueSchema } from '../chunk-UWTYVVVZ.js';
+export { MastraScorer, createScorer, runExperiment } from '../chunk-ZOQ6Q5Q3.js';
+export { saveScorePayloadSchema, scoreResultSchema, scoringExtractStepResultSchema, scoringValueSchema } from '../chunk-RLYWCJQ6.js';
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/scores/scoreTraces/index.cjs

@@ -1,8 +1,8 @@
 'use strict';
 
-var chunkPIH5FBNQ_cjs = require('../../chunk-PIH5FBNQ.cjs');
-var chunk46XGIEXM_cjs = require('../../chunk-46XGIEXM.cjs');
-var chunk42RUESSD_cjs = require('../../chunk-42RUESSD.cjs');
+var chunkU57JN7JY_cjs = require('../../chunk-U57JN7JY.cjs');
+var chunkRWPKCFZT_cjs = require('../../chunk-RWPKCFZT.cjs');
+var chunk4YYPQOP7_cjs = require('../../chunk-4YYPQOP7.cjs');
 var chunk5NTO7S5I_cjs = require('../../chunk-5NTO7S5I.cjs');
 var pMap = require('p-map');
 var z = require('zod');
@@ -76,7 +76,7 @@ function normalizeMessageContent(content) {
     role: "user",
     parts: content.map((part) => ({ type: part.type, text: part.text }))
   };
-  const converted = chunk42RUESSD_cjs.convertMessages(tempMessage).to("AIV4.UI");
+  const converted = chunk4YYPQOP7_cjs.convertMessages(tempMessage).to("AIV4.UI");
   return converted[0]?.content || "";
 }
 function convertToUIMessage(message, createdAt) {
@@ -94,7 +94,7 @@ function convertToUIMessage(message, createdAt) {
       parts: message.content.map((part) => ({ type: part.type, text: part.text }))
     };
   }
-  const converted = chunk42RUESSD_cjs.convertMessages(messageInput).to("AIV4.UI");
+  const converted = chunk4YYPQOP7_cjs.convertMessages(messageInput).to("AIV4.UI");
   const result = converted[0];
   if (!result) {
     throw new Error("Failed to convert message");
@@ -234,7 +234,7 @@ function transformTraceToScorerInputAndOutput(trace) {
 }
 
 // src/scores/scoreTraces/scoreTracesWorkflow.ts
-var getTraceStep = chunkPIH5FBNQ_cjs.createStep({
+var getTraceStep = chunkU57JN7JY_cjs.createStep({
   id: "__process-trace-scoring",
   inputSchema: z__default.default.object({
     targets: z__default.default.array(
@@ -362,7 +362,7 @@ async function runScorerOnTarget({
   await attachScoreToSpan({ storage, span, scoreRecord: savedScoreRecord });
 }
 async function validateAndSaveScore({ storage, scorerResult }) {
-  const payloadToSave = chunk46XGIEXM_cjs.saveScorePayloadSchema.parse(scorerResult);
+  const payloadToSave = chunkRWPKCFZT_cjs.saveScorePayloadSchema.parse(scorerResult);
   const result = await storage.saveScore(payloadToSave);
   return result.score;
 }
@@ -404,7 +404,7 @@ async function attachScoreToSpan({
     updates: { links: [...existingLinks, link] }
   });
 }
-var scoreTracesWorkflow = chunkPIH5FBNQ_cjs.createWorkflow({
+var scoreTracesWorkflow = chunkU57JN7JY_cjs.createWorkflow({
   id: "__batch-scoring-traces",
   inputSchema: z__default.default.object({
     targets: z__default.default.array(

package/dist/scores/scoreTraces/index.js

@@ -1,6 +1,6 @@
-import { createStep, createWorkflow } from '../../chunk-Z6QCWTTO.js';
-import { saveScorePayloadSchema } from '../../chunk-UWTYVVVZ.js';
-import { convertMessages } from '../../chunk-Q6LWNLAJ.js';
+import { createStep, createWorkflow } from '../../chunk-KQGP7VMN.js';
+import { saveScorePayloadSchema } from '../../chunk-RLYWCJQ6.js';
+import { convertMessages } from '../../chunk-GIK7MM2K.js';
 import { MastraError } from '../../chunk-PZUZNPFM.js';
 import pMap from 'p-map';
 import z from 'zod';

package/dist/server/index.cjs

@@ -1,13 +1,13 @@
 'use strict';
 
-var chunkAQGLVU53_cjs = require('../chunk-AQGLVU53.cjs');
+var chunk5PSD3IKG_cjs = require('../chunk-5PSD3IKG.cjs');
 var chunk5NTO7S5I_cjs = require('../chunk-5NTO7S5I.cjs');
 var chunk6VOPKVYH_cjs = require('../chunk-6VOPKVYH.cjs');
 var chunkEBVYYC2Q_cjs = require('../chunk-EBVYYC2Q.cjs');
 
 // src/server/auth.ts
 var _MastraAuthProvider_decorators, _init, _a;
-_MastraAuthProvider_decorators = [chunkAQGLVU53_cjs.InstrumentClass({
+_MastraAuthProvider_decorators = [chunk5PSD3IKG_cjs.InstrumentClass({
   prefix: "auth",
   excludeMethods: ["__setTools", "__setLogger", "__setTelemetry", "#log"]
 })];
@@ -75,53 +75,42 @@ var CompositeAuth = class extends exports.MastraAuthProvider {
 };
 
 // src/server/simple-auth.ts
+var DEFAULT_HEADERS = ["Authorization", "X-Playground-Access"];
 var SimpleAuth = class extends exports.MastraAuthProvider {
   tokens;
-  headerNames;
-  authenticatedUsers;
+  headers;
+  users;
   constructor(options) {
     super(options);
     this.tokens = options.tokens;
-    this.headerNames = this.normalizeHeaders(options.headers);
-    this.authenticatedUsers = new Set(Object.values(this.tokens));
+    this.users = Object.values(this.tokens);
+    this.headers = [...DEFAULT_HEADERS].concat(options.headers || []);
   }
-  normalizeHeaders(headers) {
-    if (!headers) {
-      return ["Authorization"];
+  async authenticateToken(token, request) {
+    const requestTokens = this.getTokensFromHeaders(token, request);
+    for (const requestToken of requestTokens) {
+      const tokenToUser = this.tokens[requestToken];
+      if (tokenToUser) {
+        return tokenToUser;
+      }
     }
-    return Array.isArray(headers) ? headers : [headers];
+    return null;
   }
-  extractBearerToken(value) {
-    if (value.startsWith("Bearer ")) {
-      return value.slice(7);
-    }
-    return value;
+  async authorizeUser(user, _request) {
+    return this.users.includes(user);
+  }
+  stripBearerPrefix(token) {
+    return token.startsWith("Bearer ") ? token.slice(7) : token;
   }
-  findTokenInHeaders(request) {
-    for (const headerName of this.headerNames) {
+  getTokensFromHeaders(token, request) {
+    const tokens = [token];
+    for (const headerName of this.headers) {
       const headerValue = request.header(headerName);
       if (headerValue) {
-        if (headerName.toLowerCase() === "authorization") {
-          return this.extractBearerToken(headerValue);
-        }
-        return headerValue;
+        tokens.push(this.stripBearerPrefix(headerValue));
       }
     }
-    return null;
-  }
-  async authenticateToken(token, request) {
-    const directToken = this.extractBearerToken(token);
-    if (directToken in this.tokens) {
-      return this.tokens[directToken];
-    }
-    const headerToken = this.findTokenInHeaders(request);
-    if (headerToken && headerToken in this.tokens) {
-      return this.tokens[headerToken];
-    }
-    return null;
-  }
-  async authorizeUser(user, _request) {
-    return this.authenticatedUsers.has(user);
+    return tokens;
   }
 };
 

package/dist/server/index.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/server/auth.ts","../../src/server/composite-auth.ts","../../src/server/simple-auth.ts","../../src/server/index.ts"],"names":["MastraAuthProvider","__decoratorStart","__decorateElement","__runInitializers","MastraError"],"mappings":";;;;;;;;;;;;;;;;;;AAAA,MAAA,SAAA,EAAA,MAAA;AAkBA,MAAA,IAAA,EAAA,OAAA,EAAA;AAAiB,KACf,CAAA;AAAQ,IACR,IAAA,OAAA,EAAA,aAAiB,EAAA;AACnB,MAAC,IAAA,CAAA,aAAA,GAAA,OAAA,CAAA,aAAA,CAAA,IAAA,CAAA,IAAA,CAAA;AACM,IAAe;AAAuD,IACpE,IAAA,CAAA,SAAA,GAAA,OAAA,EAAA,SAAA;AAAA,IACA,IAAA,CAAA,MAAA,GAAA,OAAA,EAAA,MAAA;AAAA,EAEP;AACE,EAAA,eAAQ,CAAA,IAAA,EAAW;AAEnB,IAAA,IAAI,mBAAS,EAAA;AACX,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAA,aAAQ,CAAA,IAAc,CAAA,IAAK,CAAA;AAAI,IACtD;AAEA,IAAA,IAAA,eAAiB,EAAA;AACjB,MAAA,cAAc,GAAA,IAAS,CAAA,SAAA;AAAA,IACzB;AAAA,oBAkB0B,EAAA;AACxB,MAAA,WAAU,GAAA,IAAA,CAAA,MAAe;AACvB,IAAA;AAAiD,EAAA;AAEnD;AACEA,0CAAsB,CAAA,CAAA,IAAA;AAAA,EAAA,KACxB,GAAAC,kCAAA,CAAA,EAAA,CAAA;AACA,EAAAD,0BAAU,GAAQE,mCAAA,CAAA,KAAA,EAAA,CAAA,EAAA,oBAAA,EAAA,8BAAA,EAAAF,0BAAA,CAAA;AAChB,EAAAG,oCAAc,KAAK,EAAA,CAAA,EAAAH,0BAAA,CAAA;;AACrB;AAEJ,EAAA,OAAAA,0BAAA;AA1CO,CAAA,EAAA;AAAe;AAAf,IAAA,aAAA,GAAA,cAAeA,0BAAA,CAAA;;;ACnBf,IAAM,KAAA,EAAA;AAAyC,IAC5C,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAER;AACE,EAAA,MAAA,iBAAM,CAAA,KAAA,EAAA,OAAA,EAAA;AACN,IAAA,KAAK,MAAA,QAAY,IAAA,IAAA,CAAA,SAAA,EAAA;AAAA,MACnB,IAAA;AAAA,QAEM,MAAA,IAAA,GAAA,MAAkB,QAAe,CAAA,iBAA+C,CAAA,KAAA,EAAA,OAAA,CAAA;AACpF,QAAA,IAAA,IAAW,EAAA;AACT,UAAI,OAAA,IAAA;AACF,QAAA;AACA,MAAA,CAAA,CAAA,MAAI,CAAA;AACF,IAAA;AAAO,IAAA,OACT,IAAA;AAAA,EAAA;AACM,EAAA,MAER,aAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AAAA,IACF,KAAA,MAAA,QAAA,IAAA,IAAA,CAAA,SAAA,EAAA;AACA,MAAA,MAAO,UAAA,GAAA,MAAA,QAAA,CAAA,aAAA,CAAA,IAAA,EAAA,OAAA,CAAA;AAAA,MACT,IAAA,UAAA,EAAA;AAAA,QAEM,OAAA,IAAA;AACJ,MAAA;AACE,IAAA;AACA,IAAA,OAAI,KAAA;AACF,EAAA;AAAO;;AAGX;AACF,IAAA,UAAA,GAAA,cAAAA,0BAAA,CAAA;AACF,EAAA,MAAA;;;ACZO,EAAA,WAAM,CAAA;AAA8D,IACjE,KAAA,CAAA,OAAA,CAAA;AAAA,IACA,IAAA,CAAA,MAAA,GAAA,OAAA,CAAA,MAAA;AAAA,IACA,IAAA,CAAA,WAAA,GAAA,IAAA,CAAA,gBAAA,CAAA,OAAA,CAAA,OAAA,CAAA;AAAA,2BAEuC,GAAA,IAAA,GAAA,CAAA,MAAA,CAAA,MAAA,CAAA,IAAA,CAAA,MAAA,CAAA,CAAA;AAC7C,EAAA;AACA,EAAA,gBAAc,CAAA,OAAQ,EAAA;AACtB,IAAA,IAAA,CAAK,OAAA,EAAA;AAEL,MAAA,wBAA0B;AAAkC,IAC9D;AAAA,wBAEyB,CAAA,OAAuC,CAAA,GAAA,OAAA,GAAA,CAAA,OAAA,CAAA;AAC9D,EAAA;AACE,EAAA,kBAAQ,CAAA,KAAA,EAAA;AAAe,IACzB,IAAA,KAAA,CAAA,UAAA,CAAA,SAAA,CAAA,EAAA;AACA,MAAA,YAAa,CAAA,KAAA,CAAQ,CAAA,CAAA;AAA6B,IACpD;AAAA;AAGE,EAAA;AACE,EAAA,0BAAoB,EAAA;AAAA,IACtB,KAAA,MAAA,UAAA,IAAA,IAAA,CAAA,WAAA,EAAA;AACA,MAAA,MAAO,WAAA,GAAA,OAAA,CAAA,MAAA,CAAA,UAAA,CAAA;AAAA,MACT,IAAA,WAAA,EAAA;AAAA,sBAE2B,CAAA,WAAqC,EAAA,KAAA,eAAA,EAAA;AAC9D,UAAA,OAAW,IAAA,CAAA,kBAAmB,CAAA,WAAa,CAAA;AACzC,QAAA;AACA,QAAA,OAAI,WAAa;AAEf,MAAA;AACE,IAAA;AAA0C,IAAA,OAC5C,IAAA;AACA,EAAA;AAAO,EAAA,MACT,iBAAA,CAAA,KAAA,EAAA,OAAA,EAAA;AAAA,IACF,MAAA,WAAA,GAAA,IAAA,CAAA,kBAAA,CAAA,KAAA,CAAA;AACA,IAAA,IAAA,WAAO,IAAA,IAAA,CAAA,MAAA,EAAA;AAAA,MACT,OAAA,IAAA,CAAA,MAAA,CAAA,WAAA,CAAA;AAAA,IAEA;AAEE,IAAA,MAAM,WAAA,GAAc,IAAA,CAAK,kBAAA,CAAmB,OAAK,CAAA;AACjD,IAAA,IAAI,WAAA,IAAe,WAAK,IAAQ,IAAA,CAAA,MAAA,EAAA;AAC9B,MAAA,OAAO,IAAA,CAAK,OAAO,WAAW,CAAA;AAAA,IAChC;AAGA,IAAA,OAAM,IAAA;AACN,EAAA;AACE,EAAA,MAAA,kBAAmB,EAAA,QAAW,EAAA;AAAA,IAChC,OAAA,IAAA,CAAA,kBAAA,CAAA,GAAA,CAAA,IAAA,CAAA;AAEA,EAAA;AAAO;;AAKP;AAAuC,SACzC,eAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AACF,EAAA,MAAA,IAAA,GAAA,OAAA;;;AC/BA,MAAA,EAAA,EAAS,yCAGwC;AAC/C,MAAA,IAAM,EAAA,CAAA,2BAAO,EAAA,IAAA,CAAA,4BAAA,CAAA;AAEb,MAAI,uBAAgB;AAClB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC,EAAA,IACxC,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IAAA,MACA,IAAAI,6BAAA,CAAA;AAAA,MACD,EAAA,EAAA,yCAAA;AAAA,MACH,IAAA,EAAA,CAAA,2BAAA,EAAA,IAAA,CAAA,0DAAA,CAAA;AAEA,MAAI,MAAK,EAAA,eAAY;AACnB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC,EAAA,IACxC,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IAAA,MACA,IAAAA,6BAAA,CAAA;AAAA,MACD,EAAA,EAAA,yCAAA;AAAA,MACH,IAAA,EAAA,CAAA,2BAAA,EAAA,IAAA,CAAA,oFAAA,CAAA;AAEA,MAAI,MAAK,EAAA,eAAY;AACnB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC;AACxC,SACA,gBAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AAAA,EAAA,IACD,IAAA,CAAA,UAAA,CAAA,OAAA,CAAA,EAAA;AAAA,IACH,MAAA,IAAAA,6BAAA,CAAA;AACF,MAAA,EAAA,EAAA,iCAAA;AAEO,MAAA,IAAS,EAAA,CAAA,sEAGa,CAAA;AAC3B,MAAI,MAAK,EAAA,eAAkB;AACzB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACE,EAAA,eACN,CAAA,IAAA,EAAA,OAAA,CAAA;AAAA,EAAA,OACA;AAAA,IACF,IAAC;AAAA,IACH,MAAA,EAAA,OAAA,CAAA,MAAA;AAEA,IAAA,OAAA,EAAA,eAAsB;AAEtB,IAAA,aAAO,EAAA,OAAA,CAAA,aAAA;AAAA,IACL,OAAA,EAAA,OAAA,CAAA,OAAA;AAAA,IACA,UAAQ,EAAA,OAAQ,CAAA,UAAA;AAAA,IAChB,YAAS,EAAA,OAAQ,CAAA;AAAA,GAAA;AACM;AACN,mBACL,CAAA,MAAQ,EAAA;AAAA,EAAA;AACE","file":"index.cjs","sourcesContent":["import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport { InstrumentClass } from '../telemetry';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n  name?: string;\n  authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> | boolean;\n  /**\n   * Protected paths for the auth provider\n   */\n  protected?: MastraAuthConfig['protected'];\n  /**\n   * Public paths for the auth provider\n   */\n  public?: MastraAuthConfig['public'];\n}\n\n@InstrumentClass({\n  prefix: 'auth',\n  excludeMethods: ['__setTools', '__setLogger', '__setTelemetry', '#log'],\n})\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n  public protected?: MastraAuthConfig['protected'];\n  public public?: MastraAuthConfig['public'];\n\n  constructor(options?: MastraAuthProviderOptions<TUser>) {\n    super({ component: 'AUTH', name: options?.name });\n\n    if (options?.authorizeUser) {\n      this.authorizeUser = options.authorizeUser.bind(this);\n    }\n\n    this.protected = options?.protected;\n    this.public = options?.public;\n  }\n\n  /**\n   * Authenticate a token and return the payload\n   * @param token - The token to authenticate\n   * @param request - The request\n   * @returns The payload\n   */\n  abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>;\n\n  /**\n   * Authorize a user for a path and method\n   * @param user - The user to authorize\n   * @param request - The request\n   * @returns The authorization result\n   */\n  abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> | boolean;\n\n  protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n    if (opts?.authorizeUser) {\n      this.authorizeUser = opts.authorizeUser.bind(this);\n    }\n    if (opts?.protected) {\n      this.protected = opts.protected;\n    }\n    if (opts?.public) {\n      this.public = opts.public;\n    }\n  }\n}\n","import type { HonoRequest } from 'hono';\nimport { MastraAuthProvider } from './auth';\n\nexport class CompositeAuth extends MastraAuthProvider {\n  private providers: MastraAuthProvider[];\n\n  constructor(providers: MastraAuthProvider[]) {\n    super();\n    this.providers = providers;\n  }\n\n  async authenticateToken(token: string, request: HonoRequest): Promise<unknown | null> {\n    for (const provider of this.providers) {\n      try {\n        const user = await provider.authenticateToken(token, request);\n        if (user) {\n          return user;\n        }\n      } catch {\n        // ignore error, try next provider\n      }\n    }\n    return null;\n  }\n\n  async authorizeUser(user: unknown, request: HonoRequest): Promise<boolean> {\n    for (const provider of this.providers) {\n      const authorized = await provider.authorizeUser(user, request);\n      if (authorized) {\n        return true;\n      }\n    }\n    return false;\n  }\n}\n","import type { HonoRequest } from 'hono';\nimport { MastraAuthProvider } from './auth';\nimport type { MastraAuthProviderOptions } from './auth';\n\nexport interface SimpleAuthOptions<TUser = unknown> extends MastraAuthProviderOptions<TUser> {\n  /**\n   * A map of tokens to users.\n   * When a token is provided, it will be looked up in this map.\n   */\n  tokens: Record<string, TUser>;\n  /**\n   * Headers to check for the token.\n   * Defaults to 'Authorization' with Bearer token extraction.\n   * Can be a string or array of strings for custom header names.\n   */\n  headers?: string | string[];\n}\n\n/**\n * SimpleAuth is a basic token-based authentication provider.\n * It validates tokens against a predefined map of tokens to users.\n */\nexport class SimpleAuth<TUser = unknown> extends MastraAuthProvider<TUser> {\n  private tokens: Record<string, TUser>;\n  private headerNames: string[];\n  private authenticatedUsers: Set<TUser>;\n\n  constructor(options: SimpleAuthOptions<TUser>) {\n    super(options);\n    this.tokens = options.tokens;\n    this.headerNames = this.normalizeHeaders(options.headers);\n    // Store reference to all valid users for authorization\n    this.authenticatedUsers = new Set(Object.values(this.tokens));\n  }\n\n  private normalizeHeaders(headers?: string | string[]): string[] {\n    if (!headers) {\n      return ['Authorization'];\n    }\n    return Array.isArray(headers) ? headers : [headers];\n  }\n\n  private extractBearerToken(value: string): string {\n    if (value.startsWith('Bearer ')) {\n      return value.slice(7);\n    }\n    return value;\n  }\n\n  private findTokenInHeaders(request: HonoRequest): string | null {\n    for (const headerName of this.headerNames) {\n      const headerValue = request.header(headerName);\n      if (headerValue) {\n        // For Authorization header, extract Bearer token\n        if (headerName.toLowerCase() === 'authorization') {\n          return this.extractBearerToken(headerValue);\n        }\n        return headerValue;\n      }\n    }\n    return null;\n  }\n\n  async authenticateToken(token: string, request: HonoRequest): Promise<TUser | null> {\n    // First, try the direct token\n    const directToken = this.extractBearerToken(token);\n    if (directToken in this.tokens) {\n      return this.tokens[directToken]!;\n    }\n\n    // Then, try to find token in headers\n    const headerToken = this.findTokenInHeaders(request);\n    if (headerToken && headerToken in this.tokens) {\n      return this.tokens[headerToken]!;\n    }\n\n    return null;\n  }\n\n  async authorizeUser(user: TUser, _request: HonoRequest): Promise<boolean> {\n    // Check if this user was authenticated through our tokens\n    return this.authenticatedUsers.has(user);\n  }\n}\n","import type { Context, Handler, MiddlewareHandler } from 'hono';\nimport type { DescribeRouteOptions } from 'hono-openapi';\nimport { MastraError, ErrorDomain, ErrorCategory } from '../error';\nimport type { Mastra } from '../mastra';\nimport type { ApiRoute, MastraAuthConfig, Methods } from './types';\n\nexport type { MastraAuthConfig, ContextWithMastra, ApiRoute } from './types';\nexport { MastraAuthProvider } from './auth';\nexport type { MastraAuthProviderOptions } from './auth';\nexport { CompositeAuth } from './composite-auth';\nexport { SimpleAuth } from './simple-auth';\nexport type { SimpleAuthOptions } from './simple-auth';\n\n// Helper type for inferring parameters from a path\n// Thank you Claude!\ntype ParamsFromPath<P extends string> = {\n  [K in P extends `${string}:${infer Param}/${string}` | `${string}:${infer Param}` ? Param : never]: string;\n};\n\ntype RegisterApiRoutePathError = `Param 'path' must not start with '/api', it is reserved for internal API routes.`;\ntype ValidatePath<P extends string, T> = P extends `/api/${string}` ? RegisterApiRoutePathError : T;\n\ntype RegisterApiRouteOptions<P extends string> = {\n  method: Methods;\n  openapi?: DescribeRouteOptions;\n  handler?: Handler<\n    {\n      Variables: {\n        mastra: Mastra;\n      };\n    },\n    P,\n    ParamsFromPath<P>\n  >;\n  createHandler?: (c: Context) => Promise<\n    Handler<\n      {\n        Variables: {\n          mastra: Mastra;\n        };\n      },\n      P,\n      ParamsFromPath<P>\n    >\n  >;\n  middleware?: MiddlewareHandler | MiddlewareHandler[];\n  /**\n   * When false, skips Mastra auth for this route (defaults to true)\n   */\n  requiresAuth?: boolean;\n};\n\nfunction validateOptions<P extends string>(\n  path: P,\n  options: RegisterApiRoutePathError | RegisterApiRouteOptions<P>,\n): asserts options is RegisterApiRouteOptions<P> {\n  const opts = options as RegisterApiRouteOptions<P>;\n\n  if (opts.method === undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", missing \"method\" property`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  if (opts.handler === undefined && opts.createHandler === undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", you must define a \"handler\" or \"createHandler\" property`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  if (opts.handler !== undefined && opts.createHandler !== undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", you can only define one of the following properties: \"handler\" or \"createHandler\"`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n}\n\nexport function registerApiRoute<P extends string>(\n  path: P,\n  options: ValidatePath<P, RegisterApiRouteOptions<P>>,\n): ValidatePath<P, ApiRoute> {\n  if (path.startsWith('/api/')) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_PATH_RESERVED',\n      text: 'Path must not start with \"/api\", it\\'s reserved for internal API routes',\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  validateOptions(path, options);\n\n  return {\n    path,\n    method: options.method,\n    handler: options.handler,\n    createHandler: options.createHandler,\n    openapi: options.openapi,\n    middleware: options.middleware,\n    requiresAuth: options.requiresAuth,\n  } as unknown as ValidatePath<P, ApiRoute>;\n}\n\nexport function defineAuth<TUser>(config: MastraAuthConfig<TUser>): MastraAuthConfig<TUser> {\n  return config;\n}\n"]}
+{"version":3,"sources":["../../src/server/auth.ts","../../src/server/composite-auth.ts","../../src/server/simple-auth.ts","../../src/server/index.ts"],"names":["MastraAuthProvider","__decoratorStart","__decorateElement","__runInitializers","MastraError"],"mappings":";;;;;;;;;;;;;;;;;;AAAA,MAAA,SAAA,EAAA,MAAA;AAkBA,MAAA,IAAA,EAAA,OAAA,EAAA;AAAiB,KACf,CAAA;AAAQ,IACR,IAAA,OAAA,EAAA,aAAiB,EAAA;AACnB,MAAC,IAAA,CAAA,aAAA,GAAA,OAAA,CAAA,aAAA,CAAA,IAAA,CAAA,IAAA,CAAA;AACM,IAAe;AAAuD,IACpE,IAAA,CAAA,SAAA,GAAA,OAAA,EAAA,SAAA;AAAA,IACA,IAAA,CAAA,MAAA,GAAA,OAAA,EAAA,MAAA;AAAA,EAEP;AACE,EAAA,eAAQ,CAAA,IAAA,EAAW;AAEnB,IAAA,IAAI,mBAAS,EAAA;AACX,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAA,aAAQ,CAAA,IAAc,CAAA,IAAK,CAAA;AAAI,IACtD;AAEA,IAAA,IAAA,eAAiB,EAAA;AACjB,MAAA,cAAc,GAAA,IAAS,CAAA,SAAA;AAAA,IACzB;AAAA,oBAkB0B,EAAA;AACxB,MAAA,WAAU,GAAA,IAAA,CAAA,MAAe;AACvB,IAAA;AAAiD,EAAA;AAEnD;AACEA,0CAAsB,CAAA,CAAA,IAAA;AAAA,EAAA,KACxB,GAAAC,kCAAA,CAAA,EAAA,CAAA;AACA,EAAAD,0BAAU,GAAQE,mCAAA,CAAA,KAAA,EAAA,CAAA,EAAA,oBAAA,EAAA,8BAAA,EAAAF,0BAAA,CAAA;AAChB,EAAAG,oCAAc,KAAK,EAAA,CAAA,EAAAH,0BAAA,CAAA;;AACrB;AAEJ,EAAA,OAAAA,0BAAA;AA1CO,CAAA,EAAA;AAAe;AAAf,IAAA,aAAA,GAAA,cAAeA,0BAAA,CAAA;;;ACnBf,IAAM,KAAA,EAAA;AAAyC,IAC5C,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAER;AACE,EAAA,MAAA,iBAAM,CAAA,KAAA,EAAA,OAAA,EAAA;AACN,IAAA,KAAK,MAAA,QAAY,IAAA,IAAA,CAAA,SAAA,EAAA;AAAA,MACnB,IAAA;AAAA,QAEM,MAAA,IAAA,GAAA,MAAkB,QAAe,CAAA,iBAA+C,CAAA,KAAA,EAAA,OAAA,CAAA;AACpF,QAAA,IAAA,IAAW,EAAA;AACT,UAAI,OAAA,IAAA;AACF,QAAA;AACA,MAAA,CAAA,CAAA,MAAI,CAAA;AACF,IAAA;AAAO,IAAA,OACT,IAAA;AAAA,EAAA;AACM,EAAA,MAER,aAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AAAA,IACF,KAAA,MAAA,QAAA,IAAA,IAAA,CAAA,SAAA,EAAA;AACA,MAAA,MAAO,UAAA,GAAA,MAAA,QAAA,CAAA,aAAA,CAAA,IAAA,EAAA,OAAA,CAAA;AAAA,MACT,IAAA,UAAA,EAAA;AAAA,QAEM,OAAA,IAAA;AACJ,MAAA;AACE,IAAA;AACA,IAAA,OAAI,KAAA;AACF,EAAA;AAAO;;AAGX;AAAO,IACT,eAAA,GAAA,CAAA,eAAA,EAAA,qBAAA,CAAA;AACF,IAAA,UAAA,GAAA,cAAAA,0BAAA,CAAA;;;AC9BA,EAAA,KAAM;AAgBC,EAAA,WAAM,CAAA;AAAoD,IACvD,KAAA,CAAA,OAAA,CAAA;AAAA,IACA,IAAA,CAAA,MAAA,GAAA,OAAA,CAAA,MAAA;AAAA,IACA,IAAA,CAAA,KAAA,GAAA,MAAA,CAAA,MAAA,CAAA,IAAA,CAAA,MAAA,CAAA;AAAA,gBAEI,GAAA,CAAA,GAAmC,eAAA,CAAA,CAAA,MAAA,CAAA,OAAA,CAAA,OAAA,IAAA,EAAA,CAAA;AAC7C,EAAA;AACA,EAAA,MAAA,iBAAc,CAAQ,KAAA,EAAA,OAAA,EAAA;AACtB,IAAA,MAAK,aAAQ,GAAO,IAAA,CAAO,oBAAW,CAAA,KAAA,EAAA,OAAA,CAAA;AACtC,IAAA,KAAK,MAAA,YAAc,IAAA,aAAiB,EAAA;AAA4B,MAClE,MAAA,WAAA,GAAA,IAAA,CAAA,MAAA,CAAA,YAAA,CAAA;AAAA,MAEA,IAAM,WAAA,EAAA;AACJ,QAAA,OAAM,WAAgB;AAEtB,MAAA;AACE,IAAA;AACA,IAAA,OAAI,IAAA;AACF,EAAA;AAAO,EAAA,MACT,aAAA,CAAA,IAAA,EAAA,QAAA,EAAA;AAAA,IACF,OAAA,IAAA,CAAA,KAAA,CAAA,QAAA,CAAA,IAAA,CAAA;AAEA,EAAA;AAAO,EACT,iBAAA,CAAA,KAAA,EAAA;AAAA,IAEA,OAAM,KAAA,CAAA,UAAc,CAAa,SAAA,CAAyC,GAAA,KAAA,CAAA,KAAA,CAAA,CAAA,CAAA,GAAA,KAAA;AACxE,EAAA;AAA+B,EACjC,oBAAA,CAAA,KAAA,EAAA,OAAA,EAAA;AAAA,oBAE0B,KAAA,CAAA;AACxB,IAAA,KAAA,gBAAa,IAAW,IAAA,CAAA,OAAa,EAAA;AAAiB,MACxD,MAAA,WAAA,GAAA,OAAA,CAAA,MAAA,CAAA,UAAA,CAAA;AAAA,MAEQ,IAAA,WAAA,EAAqB;AAC3B,QAAA,MAAM,CAAA,IAAS,CAAC,IAAA,CAAK,iBAAA,CAAA,WAAA,CAAA,CAAA;AACrB,MAAA;AACE,IAAA;AACA,IAAA,OAAI,MAAA;AACF,EAAA;AAA+C;;AAGnD;AAAO,SACT,eAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AACF,EAAA,MAAA,IAAA,GAAA,OAAA;;;ACXA,MAAA,EAAA,EAAS,yCAGwC;AAC/C,MAAA,IAAM,EAAA,CAAA,2BAAO,EAAA,IAAA,CAAA,4BAAA,CAAA;AAEb,MAAI,uBAAgB;AAClB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC,EAAA,IACxC,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IAAA,MACA,IAAAI,6BAAA,CAAA;AAAA,MACD,EAAA,EAAA,yCAAA;AAAA,MACH,IAAA,EAAA,CAAA,2BAAA,EAAA,IAAA,CAAA,0DAAA,CAAA;AAEA,MAAI,MAAK,EAAA,eAAY;AACnB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC,EAAA,IACxC,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IAAA,MACA,IAAAA,6BAAA,CAAA;AAAA,MACD,EAAA,EAAA,yCAAA;AAAA,MACH,IAAA,EAAA,CAAA,2BAAA,EAAA,IAAA,CAAA,oFAAA,CAAA;AAEA,MAAI,MAAK,EAAA,eAAY;AACnB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC;AACxC,SACA,gBAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AAAA,EAAA,IACD,IAAA,CAAA,UAAA,CAAA,OAAA,CAAA,EAAA;AAAA,IACH,MAAA,IAAAA,6BAAA,CAAA;AACF,MAAA,EAAA,EAAA,iCAAA;AAEO,MAAA,IAAS,EAAA,CAAA,sEAGa,CAAA;AAC3B,MAAI,MAAK,EAAA,eAAkB;AACzB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACE,EAAA,eACN,CAAA,IAAA,EAAA,OAAA,CAAA;AAAA,EAAA,OACA;AAAA,IACF,IAAC;AAAA,IACH,MAAA,EAAA,OAAA,CAAA,MAAA;AAEA,IAAA,OAAA,EAAA,eAAsB;AAEtB,IAAA,aAAO,EAAA,OAAA,CAAA,aAAA;AAAA,IACL,OAAA,EAAA,OAAA,CAAA,OAAA;AAAA,IACA,UAAQ,EAAA,OAAQ,CAAA,UAAA;AAAA,IAChB,YAAS,EAAA,OAAQ,CAAA;AAAA,GAAA;AACM;AACN,mBACL,CAAA,MAAQ,EAAA;AAAA,EAAA;AACE","file":"index.cjs","sourcesContent":["import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport { InstrumentClass } from '../telemetry';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n  name?: string;\n  authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> | boolean;\n  /**\n   * Protected paths for the auth provider\n   */\n  protected?: MastraAuthConfig['protected'];\n  /**\n   * Public paths for the auth provider\n   */\n  public?: MastraAuthConfig['public'];\n}\n\n@InstrumentClass({\n  prefix: 'auth',\n  excludeMethods: ['__setTools', '__setLogger', '__setTelemetry', '#log'],\n})\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n  public protected?: MastraAuthConfig['protected'];\n  public public?: MastraAuthConfig['public'];\n\n  constructor(options?: MastraAuthProviderOptions<TUser>) {\n    super({ component: 'AUTH', name: options?.name });\n\n    if (options?.authorizeUser) {\n      this.authorizeUser = options.authorizeUser.bind(this);\n    }\n\n    this.protected = options?.protected;\n    this.public = options?.public;\n  }\n\n  /**\n   * Authenticate a token and return the payload\n   * @param token - The token to authenticate\n   * @param request - The request\n   * @returns The payload\n   */\n  abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>;\n\n  /**\n   * Authorize a user for a path and method\n   * @param user - The user to authorize\n   * @param request - The request\n   * @returns The authorization result\n   */\n  abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> | boolean;\n\n  protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n    if (opts?.authorizeUser) {\n      this.authorizeUser = opts.authorizeUser.bind(this);\n    }\n    if (opts?.protected) {\n      this.protected = opts.protected;\n    }\n    if (opts?.public) {\n      this.public = opts.public;\n    }\n  }\n}\n","import type { HonoRequest } from 'hono';\nimport { MastraAuthProvider } from './auth';\n\nexport class CompositeAuth extends MastraAuthProvider {\n  private providers: MastraAuthProvider[];\n\n  constructor(providers: MastraAuthProvider[]) {\n    super();\n    this.providers = providers;\n  }\n\n  async authenticateToken(token: string, request: HonoRequest): Promise<unknown | null> {\n    for (const provider of this.providers) {\n      try {\n        const user = await provider.authenticateToken(token, request);\n        if (user) {\n          return user;\n        }\n      } catch {\n        // ignore error, try next provider\n      }\n    }\n    return null;\n  }\n\n  async authorizeUser(user: unknown, request: HonoRequest): Promise<boolean> {\n    for (const provider of this.providers) {\n      const authorized = await provider.authorizeUser(user, request);\n      if (authorized) {\n        return true;\n      }\n    }\n    return false;\n  }\n}\n","import type { HonoRequest } from 'hono';\nimport type { MastraAuthProviderOptions } from './auth';\nimport { MastraAuthProvider } from './auth';\n\nconst DEFAULT_HEADERS = ['Authorization', 'X-Playground-Access'];\n\ntype TokenToUser<TUser> = Record<string, TUser>;\n\nexport interface SimpleAuthOptions<TUser> extends MastraAuthProviderOptions<TUser> {\n  /**\n   * Valid tokens to authenticate against\n   */\n  tokens: TokenToUser<TUser>;\n  /**\n   * Headers to check for authentication\n   * @default ['Authorization', 'X-Playground-Access']\n   */\n  headers?: string | string[];\n}\n\nexport class SimpleAuth<TUser> extends MastraAuthProvider<TUser> {\n  private tokens: TokenToUser<TUser>;\n  private headers: string[];\n  private users: TUser[];\n\n  constructor(options: SimpleAuthOptions<TUser>) {\n    super(options);\n    this.tokens = options.tokens;\n    this.users = Object.values(this.tokens);\n    this.headers = [...DEFAULT_HEADERS].concat(options.headers || []);\n  }\n\n  async authenticateToken(token: string, request: HonoRequest): Promise<TUser | null> {\n    const requestTokens = this.getTokensFromHeaders(token, request);\n\n    for (const requestToken of requestTokens) {\n      const tokenToUser = this.tokens[requestToken];\n      if (tokenToUser) {\n        return tokenToUser;\n      }\n    }\n\n    return null;\n  }\n\n  async authorizeUser(user: TUser, _request: HonoRequest): Promise<boolean> {\n    return this.users.includes(user);\n  }\n\n  private stripBearerPrefix(token: string): string {\n    return token.startsWith('Bearer ') ? token.slice(7) : token;\n  }\n\n  private getTokensFromHeaders(token: string, request: HonoRequest): string[] {\n    const tokens = [token];\n    for (const headerName of this.headers) {\n      const headerValue = request.header(headerName);\n      if (headerValue) {\n        tokens.push(this.stripBearerPrefix(headerValue));\n      }\n    }\n    return tokens;\n  }\n}\n","import type { Context, Handler, MiddlewareHandler } from 'hono';\nimport type { DescribeRouteOptions } from 'hono-openapi';\nimport { MastraError, ErrorDomain, ErrorCategory } from '../error';\nimport type { Mastra } from '../mastra';\nimport type { ApiRoute, MastraAuthConfig, Methods } from './types';\n\nexport type { MastraAuthConfig, ContextWithMastra, ApiRoute } from './types';\nexport { MastraAuthProvider } from './auth';\nexport type { MastraAuthProviderOptions } from './auth';\nexport { CompositeAuth } from './composite-auth';\nexport { SimpleAuth } from './simple-auth';\nexport type { SimpleAuthOptions } from './simple-auth';\n\n// Helper type for inferring parameters from a path\n// Thank you Claude!\ntype ParamsFromPath<P extends string> = {\n  [K in P extends `${string}:${infer Param}/${string}` | `${string}:${infer Param}` ? Param : never]: string;\n};\n\ntype RegisterApiRoutePathError = `Param 'path' must not start with '/api', it is reserved for internal API routes.`;\ntype ValidatePath<P extends string, T> = P extends `/api/${string}` ? RegisterApiRoutePathError : T;\n\ntype RegisterApiRouteOptions<P extends string> = {\n  method: Methods;\n  openapi?: DescribeRouteOptions;\n  handler?: Handler<\n    {\n      Variables: {\n        mastra: Mastra;\n      };\n    },\n    P,\n    ParamsFromPath<P>\n  >;\n  createHandler?: (c: Context) => Promise<\n    Handler<\n      {\n        Variables: {\n          mastra: Mastra;\n        };\n      },\n      P,\n      ParamsFromPath<P>\n    >\n  >;\n  middleware?: MiddlewareHandler | MiddlewareHandler[];\n  /**\n   * When false, skips Mastra auth for this route (defaults to true)\n   */\n  requiresAuth?: boolean;\n};\n\nfunction validateOptions<P extends string>(\n  path: P,\n  options: RegisterApiRoutePathError | RegisterApiRouteOptions<P>,\n): asserts options is RegisterApiRouteOptions<P> {\n  const opts = options as RegisterApiRouteOptions<P>;\n\n  if (opts.method === undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", missing \"method\" property`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  if (opts.handler === undefined && opts.createHandler === undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", you must define a \"handler\" or \"createHandler\" property`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  if (opts.handler !== undefined && opts.createHandler !== undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", you can only define one of the following properties: \"handler\" or \"createHandler\"`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n}\n\nexport function registerApiRoute<P extends string>(\n  path: P,\n  options: ValidatePath<P, RegisterApiRouteOptions<P>>,\n): ValidatePath<P, ApiRoute> {\n  if (path.startsWith('/api/')) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_PATH_RESERVED',\n      text: 'Path must not start with \"/api\", it\\'s reserved for internal API routes',\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  validateOptions(path, options);\n\n  return {\n    path,\n    method: options.method,\n    handler: options.handler,\n    createHandler: options.createHandler,\n    openapi: options.openapi,\n    middleware: options.middleware,\n    requiresAuth: options.requiresAuth,\n  } as unknown as ValidatePath<P, ApiRoute>;\n}\n\nexport function defineAuth<TUser>(config: MastraAuthConfig<TUser>): MastraAuthConfig<TUser> {\n  return config;\n}\n"]}

package/dist/server/index.js

@@ -1,4 +1,4 @@
-import { InstrumentClass } from '../chunk-BLUDYAPI.js';
+import { InstrumentClass } from '../chunk-DSUKMFZY.js';
 import { MastraError } from '../chunk-PZUZNPFM.js';
 import { MastraBase } from '../chunk-VQASQG5D.js';
 import { __decoratorStart, __decorateElement, __runInitializers } from '../chunk-3HXBPDKN.js';
@@ -73,53 +73,42 @@ var CompositeAuth = class extends MastraAuthProvider {
 };
 
 // src/server/simple-auth.ts
+var DEFAULT_HEADERS = ["Authorization", "X-Playground-Access"];
 var SimpleAuth = class extends MastraAuthProvider {
   tokens;
-  headerNames;
-  authenticatedUsers;
+  headers;
+  users;
   constructor(options) {
     super(options);
     this.tokens = options.tokens;
-    this.headerNames = this.normalizeHeaders(options.headers);
-    this.authenticatedUsers = new Set(Object.values(this.tokens));
+    this.users = Object.values(this.tokens);
+    this.headers = [...DEFAULT_HEADERS].concat(options.headers || []);
   }
-  normalizeHeaders(headers) {
-    if (!headers) {
-      return ["Authorization"];
+  async authenticateToken(token, request) {
+    const requestTokens = this.getTokensFromHeaders(token, request);
+    for (const requestToken of requestTokens) {
+      const tokenToUser = this.tokens[requestToken];
+      if (tokenToUser) {
+        return tokenToUser;
+      }
     }
-    return Array.isArray(headers) ? headers : [headers];
+    return null;
   }
-  extractBearerToken(value) {
-    if (value.startsWith("Bearer ")) {
-      return value.slice(7);
-    }
-    return value;
+  async authorizeUser(user, _request) {
+    return this.users.includes(user);
+  }
+  stripBearerPrefix(token) {
+    return token.startsWith("Bearer ") ? token.slice(7) : token;
   }
-  findTokenInHeaders(request) {
-    for (const headerName of this.headerNames) {
+  getTokensFromHeaders(token, request) {
+    const tokens = [token];
+    for (const headerName of this.headers) {
       const headerValue = request.header(headerName);
       if (headerValue) {
-        if (headerName.toLowerCase() === "authorization") {
-          return this.extractBearerToken(headerValue);
-        }
-        return headerValue;
+        tokens.push(this.stripBearerPrefix(headerValue));
       }
     }
-    return null;
-  }
-  async authenticateToken(token, request) {
-    const directToken = this.extractBearerToken(token);
-    if (directToken in this.tokens) {
-      return this.tokens[directToken];
-    }
-    const headerToken = this.findTokenInHeaders(request);
-    if (headerToken && headerToken in this.tokens) {
-      return this.tokens[headerToken];
-    }
-    return null;
-  }
-  async authorizeUser(user, _request) {
-    return this.authenticatedUsers.has(user);
+    return tokens;
   }
 };
 

package/dist/server/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/server/auth.ts","../../src/server/composite-auth.ts","../../src/server/simple-auth.ts","../../src/server/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,MAAA,SAAA,EAAA,MAAA;AAkBA,MAAA,IAAA,EAAA,OAAA,EAAA;AAAiB,KACf,CAAA;AAAQ,IACR,IAAA,OAAA,EAAA,aAAiB,EAAA;AACnB,MAAC,IAAA,CAAA,aAAA,GAAA,OAAA,CAAA,aAAA,CAAA,IAAA,CAAA,IAAA,CAAA;AACM,IAAe;AAAuD,IACpE,IAAA,CAAA,SAAA,GAAA,OAAA,EAAA,SAAA;AAAA,IACA,IAAA,CAAA,MAAA,GAAA,OAAA,EAAA,MAAA;AAAA,EAEP;AACE,EAAA,eAAQ,CAAA,IAAA,EAAW;AAEnB,IAAA,IAAI,mBAAS,EAAA;AACX,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAA,aAAQ,CAAA,IAAc,CAAA,IAAK,CAAA;AAAI,IACtD;AAEA,IAAA,IAAA,eAAiB,EAAA;AACjB,MAAA,cAAc,GAAA,IAAS,CAAA,SAAA;AAAA,IACzB;AAAA,oBAkB0B,EAAA;AACxB,MAAA,WAAU,GAAA,IAAA,CAAA,MAAe;AACvB,IAAA;AAAiD,EAAA;AAEnD;AACE,kCAAsB,CAAA,CAAA,IAAA;AAAA,EAAA,KACxB,GAAA,gBAAA,CAAA,EAAA,CAAA;AACA,EAAA,kBAAU,GAAQ,iBAAA,CAAA,KAAA,EAAA,CAAA,EAAA,oBAAA,EAAA,8BAAA,EAAA,kBAAA,CAAA;AAChB,EAAA,kBAAc,KAAK,EAAA,CAAA,EAAA,kBAAA,CAAA;;AACrB;AAEJ,EAAA,OAAA,kBAAA;AA1CO,CAAA,EAAA;AAAe;AAAf,IAAA,aAAA,GAAA,cAAe,kBAAA,CAAA;;;ACnBf,IAAM,KAAA,EAAA;AAAyC,IAC5C,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAER;AACE,EAAA,MAAA,iBAAM,CAAA,KAAA,EAAA,OAAA,EAAA;AACN,IAAA,KAAK,MAAA,QAAY,IAAA,IAAA,CAAA,SAAA,EAAA;AAAA,MACnB,IAAA;AAAA,QAEM,MAAA,IAAA,GAAA,MAAkB,QAAe,CAAA,iBAA+C,CAAA,KAAA,EAAA,OAAA,CAAA;AACpF,QAAA,IAAA,IAAW,EAAA;AACT,UAAI,OAAA,IAAA;AACF,QAAA;AACA,MAAA,CAAA,CAAA,MAAI,CAAA;AACF,IAAA;AAAO,IAAA,OACT,IAAA;AAAA,EAAA;AACM,EAAA,MAER,aAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AAAA,IACF,KAAA,MAAA,QAAA,IAAA,IAAA,CAAA,SAAA,EAAA;AACA,MAAA,MAAO,UAAA,GAAA,MAAA,QAAA,CAAA,aAAA,CAAA,IAAA,EAAA,OAAA,CAAA;AAAA,MACT,IAAA,UAAA,EAAA;AAAA,QAEM,OAAA,IAAA;AACJ,MAAA;AACE,IAAA;AACA,IAAA,OAAI,KAAA;AACF,EAAA;AAAO;;AAGX;AACF,IAAA,UAAA,GAAA,cAAA,kBAAA,CAAA;AACF,EAAA,MAAA;;;ACZO,EAAA,WAAM,CAAA;AAA8D,IACjE,KAAA,CAAA,OAAA,CAAA;AAAA,IACA,IAAA,CAAA,MAAA,GAAA,OAAA,CAAA,MAAA;AAAA,IACA,IAAA,CAAA,WAAA,GAAA,IAAA,CAAA,gBAAA,CAAA,OAAA,CAAA,OAAA,CAAA;AAAA,2BAEuC,GAAA,IAAA,GAAA,CAAA,MAAA,CAAA,MAAA,CAAA,IAAA,CAAA,MAAA,CAAA,CAAA;AAC7C,EAAA;AACA,EAAA,gBAAc,CAAA,OAAQ,EAAA;AACtB,IAAA,IAAA,CAAK,OAAA,EAAA;AAEL,MAAA,wBAA0B;AAAkC,IAC9D;AAAA,wBAEyB,CAAA,OAAuC,CAAA,GAAA,OAAA,GAAA,CAAA,OAAA,CAAA;AAC9D,EAAA;AACE,EAAA,kBAAQ,CAAA,KAAA,EAAA;AAAe,IACzB,IAAA,KAAA,CAAA,UAAA,CAAA,SAAA,CAAA,EAAA;AACA,MAAA,YAAa,CAAA,KAAA,CAAQ,CAAA,CAAA;AAA6B,IACpD;AAAA;AAGE,EAAA;AACE,EAAA,0BAAoB,EAAA;AAAA,IACtB,KAAA,MAAA,UAAA,IAAA,IAAA,CAAA,WAAA,EAAA;AACA,MAAA,MAAO,WAAA,GAAA,OAAA,CAAA,MAAA,CAAA,UAAA,CAAA;AAAA,MACT,IAAA,WAAA,EAAA;AAAA,sBAE2B,CAAA,WAAqC,EAAA,KAAA,eAAA,EAAA;AAC9D,UAAA,OAAW,IAAA,CAAA,kBAAmB,CAAA,WAAa,CAAA;AACzC,QAAA;AACA,QAAA,OAAI,WAAa;AAEf,MAAA;AACE,IAAA;AAA0C,IAAA,OAC5C,IAAA;AACA,EAAA;AAAO,EAAA,MACT,iBAAA,CAAA,KAAA,EAAA,OAAA,EAAA;AAAA,IACF,MAAA,WAAA,GAAA,IAAA,CAAA,kBAAA,CAAA,KAAA,CAAA;AACA,IAAA,IAAA,WAAO,IAAA,IAAA,CAAA,MAAA,EAAA;AAAA,MACT,OAAA,IAAA,CAAA,MAAA,CAAA,WAAA,CAAA;AAAA,IAEA;AAEE,IAAA,MAAM,WAAA,GAAc,IAAA,CAAK,kBAAA,CAAmB,OAAK,CAAA;AACjD,IAAA,IAAI,WAAA,IAAe,WAAK,IAAQ,IAAA,CAAA,MAAA,EAAA;AAC9B,MAAA,OAAO,IAAA,CAAK,OAAO,WAAW,CAAA;AAAA,IAChC;AAGA,IAAA,OAAM,IAAA;AACN,EAAA;AACE,EAAA,MAAA,kBAAmB,EAAA,QAAW,EAAA;AAAA,IAChC,OAAA,IAAA,CAAA,kBAAA,CAAA,GAAA,CAAA,IAAA,CAAA;AAEA,EAAA;AAAO;;AAKP;AAAuC,SACzC,eAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AACF,EAAA,MAAA,IAAA,GAAA,OAAA;;;AC/BA,MAAA,EAAA,EAAS,yCAGwC;AAC/C,MAAA,IAAM,EAAA,CAAA,2BAAO,EAAA,IAAA,CAAA,4BAAA,CAAA;AAEb,MAAI,uBAAgB;AAClB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC,EAAA,IACxC,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IAAA,MACA,IAAA,WAAA,CAAA;AAAA,MACD,EAAA,EAAA,yCAAA;AAAA,MACH,IAAA,EAAA,CAAA,2BAAA,EAAA,IAAA,CAAA,0DAAA,CAAA;AAEA,MAAI,MAAK,EAAA,eAAY;AACnB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC,EAAA,IACxC,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IAAA,MACA,IAAA,WAAA,CAAA;AAAA,MACD,EAAA,EAAA,yCAAA;AAAA,MACH,IAAA,EAAA,CAAA,2BAAA,EAAA,IAAA,CAAA,oFAAA,CAAA;AAEA,MAAI,MAAK,EAAA,eAAY;AACnB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC;AACxC,SACA,gBAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AAAA,EAAA,IACD,IAAA,CAAA,UAAA,CAAA,OAAA,CAAA,EAAA;AAAA,IACH,MAAA,IAAA,WAAA,CAAA;AACF,MAAA,EAAA,EAAA,iCAAA;AAEO,MAAA,IAAS,EAAA,CAAA,sEAGa,CAAA;AAC3B,MAAI,MAAK,EAAA,eAAkB;AACzB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACE,EAAA,eACN,CAAA,IAAA,EAAA,OAAA,CAAA;AAAA,EAAA,OACA;AAAA,IACF,IAAC;AAAA,IACH,MAAA,EAAA,OAAA,CAAA,MAAA;AAEA,IAAA,OAAA,EAAA,eAAsB;AAEtB,IAAA,aAAO,EAAA,OAAA,CAAA,aAAA;AAAA,IACL,OAAA,EAAA,OAAA,CAAA,OAAA;AAAA,IACA,UAAQ,EAAA,OAAQ,CAAA,UAAA;AAAA,IAChB,YAAS,EAAA,OAAQ,CAAA;AAAA,GAAA;AACM;AACN,mBACL,CAAA,MAAQ,EAAA;AAAA,EAAA;AACE","file":"index.js","sourcesContent":["import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport { InstrumentClass } from '../telemetry';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n  name?: string;\n  authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> | boolean;\n  /**\n   * Protected paths for the auth provider\n   */\n  protected?: MastraAuthConfig['protected'];\n  /**\n   * Public paths for the auth provider\n   */\n  public?: MastraAuthConfig['public'];\n}\n\n@InstrumentClass({\n  prefix: 'auth',\n  excludeMethods: ['__setTools', '__setLogger', '__setTelemetry', '#log'],\n})\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n  public protected?: MastraAuthConfig['protected'];\n  public public?: MastraAuthConfig['public'];\n\n  constructor(options?: MastraAuthProviderOptions<TUser>) {\n    super({ component: 'AUTH', name: options?.name });\n\n    if (options?.authorizeUser) {\n      this.authorizeUser = options.authorizeUser.bind(this);\n    }\n\n    this.protected = options?.protected;\n    this.public = options?.public;\n  }\n\n  /**\n   * Authenticate a token and return the payload\n   * @param token - The token to authenticate\n   * @param request - The request\n   * @returns The payload\n   */\n  abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>;\n\n  /**\n   * Authorize a user for a path and method\n   * @param user - The user to authorize\n   * @param request - The request\n   * @returns The authorization result\n   */\n  abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> | boolean;\n\n  protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n    if (opts?.authorizeUser) {\n      this.authorizeUser = opts.authorizeUser.bind(this);\n    }\n    if (opts?.protected) {\n      this.protected = opts.protected;\n    }\n    if (opts?.public) {\n      this.public = opts.public;\n    }\n  }\n}\n","import type { HonoRequest } from 'hono';\nimport { MastraAuthProvider } from './auth';\n\nexport class CompositeAuth extends MastraAuthProvider {\n  private providers: MastraAuthProvider[];\n\n  constructor(providers: MastraAuthProvider[]) {\n    super();\n    this.providers = providers;\n  }\n\n  async authenticateToken(token: string, request: HonoRequest): Promise<unknown | null> {\n    for (const provider of this.providers) {\n      try {\n        const user = await provider.authenticateToken(token, request);\n        if (user) {\n          return user;\n        }\n      } catch {\n        // ignore error, try next provider\n      }\n    }\n    return null;\n  }\n\n  async authorizeUser(user: unknown, request: HonoRequest): Promise<boolean> {\n    for (const provider of this.providers) {\n      const authorized = await provider.authorizeUser(user, request);\n      if (authorized) {\n        return true;\n      }\n    }\n    return false;\n  }\n}\n","import type { HonoRequest } from 'hono';\nimport { MastraAuthProvider } from './auth';\nimport type { MastraAuthProviderOptions } from './auth';\n\nexport interface SimpleAuthOptions<TUser = unknown> extends MastraAuthProviderOptions<TUser> {\n  /**\n   * A map of tokens to users.\n   * When a token is provided, it will be looked up in this map.\n   */\n  tokens: Record<string, TUser>;\n  /**\n   * Headers to check for the token.\n   * Defaults to 'Authorization' with Bearer token extraction.\n   * Can be a string or array of strings for custom header names.\n   */\n  headers?: string | string[];\n}\n\n/**\n * SimpleAuth is a basic token-based authentication provider.\n * It validates tokens against a predefined map of tokens to users.\n */\nexport class SimpleAuth<TUser = unknown> extends MastraAuthProvider<TUser> {\n  private tokens: Record<string, TUser>;\n  private headerNames: string[];\n  private authenticatedUsers: Set<TUser>;\n\n  constructor(options: SimpleAuthOptions<TUser>) {\n    super(options);\n    this.tokens = options.tokens;\n    this.headerNames = this.normalizeHeaders(options.headers);\n    // Store reference to all valid users for authorization\n    this.authenticatedUsers = new Set(Object.values(this.tokens));\n  }\n\n  private normalizeHeaders(headers?: string | string[]): string[] {\n    if (!headers) {\n      return ['Authorization'];\n    }\n    return Array.isArray(headers) ? headers : [headers];\n  }\n\n  private extractBearerToken(value: string): string {\n    if (value.startsWith('Bearer ')) {\n      return value.slice(7);\n    }\n    return value;\n  }\n\n  private findTokenInHeaders(request: HonoRequest): string | null {\n    for (const headerName of this.headerNames) {\n      const headerValue = request.header(headerName);\n      if (headerValue) {\n        // For Authorization header, extract Bearer token\n        if (headerName.toLowerCase() === 'authorization') {\n          return this.extractBearerToken(headerValue);\n        }\n        return headerValue;\n      }\n    }\n    return null;\n  }\n\n  async authenticateToken(token: string, request: HonoRequest): Promise<TUser | null> {\n    // First, try the direct token\n    const directToken = this.extractBearerToken(token);\n    if (directToken in this.tokens) {\n      return this.tokens[directToken]!;\n    }\n\n    // Then, try to find token in headers\n    const headerToken = this.findTokenInHeaders(request);\n    if (headerToken && headerToken in this.tokens) {\n      return this.tokens[headerToken]!;\n    }\n\n    return null;\n  }\n\n  async authorizeUser(user: TUser, _request: HonoRequest): Promise<boolean> {\n    // Check if this user was authenticated through our tokens\n    return this.authenticatedUsers.has(user);\n  }\n}\n","import type { Context, Handler, MiddlewareHandler } from 'hono';\nimport type { DescribeRouteOptions } from 'hono-openapi';\nimport { MastraError, ErrorDomain, ErrorCategory } from '../error';\nimport type { Mastra } from '../mastra';\nimport type { ApiRoute, MastraAuthConfig, Methods } from './types';\n\nexport type { MastraAuthConfig, ContextWithMastra, ApiRoute } from './types';\nexport { MastraAuthProvider } from './auth';\nexport type { MastraAuthProviderOptions } from './auth';\nexport { CompositeAuth } from './composite-auth';\nexport { SimpleAuth } from './simple-auth';\nexport type { SimpleAuthOptions } from './simple-auth';\n\n// Helper type for inferring parameters from a path\n// Thank you Claude!\ntype ParamsFromPath<P extends string> = {\n  [K in P extends `${string}:${infer Param}/${string}` | `${string}:${infer Param}` ? Param : never]: string;\n};\n\ntype RegisterApiRoutePathError = `Param 'path' must not start with '/api', it is reserved for internal API routes.`;\ntype ValidatePath<P extends string, T> = P extends `/api/${string}` ? RegisterApiRoutePathError : T;\n\ntype RegisterApiRouteOptions<P extends string> = {\n  method: Methods;\n  openapi?: DescribeRouteOptions;\n  handler?: Handler<\n    {\n      Variables: {\n        mastra: Mastra;\n      };\n    },\n    P,\n    ParamsFromPath<P>\n  >;\n  createHandler?: (c: Context) => Promise<\n    Handler<\n      {\n        Variables: {\n          mastra: Mastra;\n        };\n      },\n      P,\n      ParamsFromPath<P>\n    >\n  >;\n  middleware?: MiddlewareHandler | MiddlewareHandler[];\n  /**\n   * When false, skips Mastra auth for this route (defaults to true)\n   */\n  requiresAuth?: boolean;\n};\n\nfunction validateOptions<P extends string>(\n  path: P,\n  options: RegisterApiRoutePathError | RegisterApiRouteOptions<P>,\n): asserts options is RegisterApiRouteOptions<P> {\n  const opts = options as RegisterApiRouteOptions<P>;\n\n  if (opts.method === undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", missing \"method\" property`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  if (opts.handler === undefined && opts.createHandler === undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", you must define a \"handler\" or \"createHandler\" property`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  if (opts.handler !== undefined && opts.createHandler !== undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", you can only define one of the following properties: \"handler\" or \"createHandler\"`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n}\n\nexport function registerApiRoute<P extends string>(\n  path: P,\n  options: ValidatePath<P, RegisterApiRouteOptions<P>>,\n): ValidatePath<P, ApiRoute> {\n  if (path.startsWith('/api/')) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_PATH_RESERVED',\n      text: 'Path must not start with \"/api\", it\\'s reserved for internal API routes',\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  validateOptions(path, options);\n\n  return {\n    path,\n    method: options.method,\n    handler: options.handler,\n    createHandler: options.createHandler,\n    openapi: options.openapi,\n    middleware: options.middleware,\n    requiresAuth: options.requiresAuth,\n  } as unknown as ValidatePath<P, ApiRoute>;\n}\n\nexport function defineAuth<TUser>(config: MastraAuthConfig<TUser>): MastraAuthConfig<TUser> {\n  return config;\n}\n"]}
+{"version":3,"sources":["../../src/server/auth.ts","../../src/server/composite-auth.ts","../../src/server/simple-auth.ts","../../src/server/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,MAAA,SAAA,EAAA,MAAA;AAkBA,MAAA,IAAA,EAAA,OAAA,EAAA;AAAiB,KACf,CAAA;AAAQ,IACR,IAAA,OAAA,EAAA,aAAiB,EAAA;AACnB,MAAC,IAAA,CAAA,aAAA,GAAA,OAAA,CAAA,aAAA,CAAA,IAAA,CAAA,IAAA,CAAA;AACM,IAAe;AAAuD,IACpE,IAAA,CAAA,SAAA,GAAA,OAAA,EAAA,SAAA;AAAA,IACA,IAAA,CAAA,MAAA,GAAA,OAAA,EAAA,MAAA;AAAA,EAEP;AACE,EAAA,eAAQ,CAAA,IAAA,EAAW;AAEnB,IAAA,IAAI,mBAAS,EAAA;AACX,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAA,aAAQ,CAAA,IAAc,CAAA,IAAK,CAAA;AAAI,IACtD;AAEA,IAAA,IAAA,eAAiB,EAAA;AACjB,MAAA,cAAc,GAAA,IAAS,CAAA,SAAA;AAAA,IACzB;AAAA,oBAkB0B,EAAA;AACxB,MAAA,WAAU,GAAA,IAAA,CAAA,MAAe;AACvB,IAAA;AAAiD,EAAA;AAEnD;AACE,kCAAsB,CAAA,CAAA,IAAA;AAAA,EAAA,KACxB,GAAA,gBAAA,CAAA,EAAA,CAAA;AACA,EAAA,kBAAU,GAAQ,iBAAA,CAAA,KAAA,EAAA,CAAA,EAAA,oBAAA,EAAA,8BAAA,EAAA,kBAAA,CAAA;AAChB,EAAA,kBAAc,KAAK,EAAA,CAAA,EAAA,kBAAA,CAAA;;AACrB;AAEJ,EAAA,OAAA,kBAAA;AA1CO,CAAA,EAAA;AAAe;AAAf,IAAA,aAAA,GAAA,cAAe,kBAAA,CAAA;;;ACnBf,IAAM,KAAA,EAAA;AAAyC,IAC5C,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAER;AACE,EAAA,MAAA,iBAAM,CAAA,KAAA,EAAA,OAAA,EAAA;AACN,IAAA,KAAK,MAAA,QAAY,IAAA,IAAA,CAAA,SAAA,EAAA;AAAA,MACnB,IAAA;AAAA,QAEM,MAAA,IAAA,GAAA,MAAkB,QAAe,CAAA,iBAA+C,CAAA,KAAA,EAAA,OAAA,CAAA;AACpF,QAAA,IAAA,IAAW,EAAA;AACT,UAAI,OAAA,IAAA;AACF,QAAA;AACA,MAAA,CAAA,CAAA,MAAI,CAAA;AACF,IAAA;AAAO,IAAA,OACT,IAAA;AAAA,EAAA;AACM,EAAA,MAER,aAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AAAA,IACF,KAAA,MAAA,QAAA,IAAA,IAAA,CAAA,SAAA,EAAA;AACA,MAAA,MAAO,UAAA,GAAA,MAAA,QAAA,CAAA,aAAA,CAAA,IAAA,EAAA,OAAA,CAAA;AAAA,MACT,IAAA,UAAA,EAAA;AAAA,QAEM,OAAA,IAAA;AACJ,MAAA;AACE,IAAA;AACA,IAAA,OAAI,KAAA;AACF,EAAA;AAAO;;AAGX;AAAO,IACT,eAAA,GAAA,CAAA,eAAA,EAAA,qBAAA,CAAA;AACF,IAAA,UAAA,GAAA,cAAA,kBAAA,CAAA;;;AC9BA,EAAA,KAAM;AAgBC,EAAA,WAAM,CAAA;AAAoD,IACvD,KAAA,CAAA,OAAA,CAAA;AAAA,IACA,IAAA,CAAA,MAAA,GAAA,OAAA,CAAA,MAAA;AAAA,IACA,IAAA,CAAA,KAAA,GAAA,MAAA,CAAA,MAAA,CAAA,IAAA,CAAA,MAAA,CAAA;AAAA,gBAEI,GAAA,CAAA,GAAmC,eAAA,CAAA,CAAA,MAAA,CAAA,OAAA,CAAA,OAAA,IAAA,EAAA,CAAA;AAC7C,EAAA;AACA,EAAA,MAAA,iBAAc,CAAQ,KAAA,EAAA,OAAA,EAAA;AACtB,IAAA,MAAK,aAAQ,GAAO,IAAA,CAAO,oBAAW,CAAA,KAAA,EAAA,OAAA,CAAA;AACtC,IAAA,KAAK,MAAA,YAAc,IAAA,aAAiB,EAAA;AAA4B,MAClE,MAAA,WAAA,GAAA,IAAA,CAAA,MAAA,CAAA,YAAA,CAAA;AAAA,MAEA,IAAM,WAAA,EAAA;AACJ,QAAA,OAAM,WAAgB;AAEtB,MAAA;AACE,IAAA;AACA,IAAA,OAAI,IAAA;AACF,EAAA;AAAO,EAAA,MACT,aAAA,CAAA,IAAA,EAAA,QAAA,EAAA;AAAA,IACF,OAAA,IAAA,CAAA,KAAA,CAAA,QAAA,CAAA,IAAA,CAAA;AAEA,EAAA;AAAO,EACT,iBAAA,CAAA,KAAA,EAAA;AAAA,IAEA,OAAM,KAAA,CAAA,UAAc,CAAa,SAAA,CAAyC,GAAA,KAAA,CAAA,KAAA,CAAA,CAAA,CAAA,GAAA,KAAA;AACxE,EAAA;AAA+B,EACjC,oBAAA,CAAA,KAAA,EAAA,OAAA,EAAA;AAAA,oBAE0B,KAAA,CAAA;AACxB,IAAA,KAAA,gBAAa,IAAW,IAAA,CAAA,OAAa,EAAA;AAAiB,MACxD,MAAA,WAAA,GAAA,OAAA,CAAA,MAAA,CAAA,UAAA,CAAA;AAAA,MAEQ,IAAA,WAAA,EAAqB;AAC3B,QAAA,MAAM,CAAA,IAAS,CAAC,IAAA,CAAK,iBAAA,CAAA,WAAA,CAAA,CAAA;AACrB,MAAA;AACE,IAAA;AACA,IAAA,OAAI,MAAA;AACF,EAAA;AAA+C;;AAGnD;AAAO,SACT,eAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AACF,EAAA,MAAA,IAAA,GAAA,OAAA;;;ACXA,MAAA,EAAA,EAAS,yCAGwC;AAC/C,MAAA,IAAM,EAAA,CAAA,2BAAO,EAAA,IAAA,CAAA,4BAAA,CAAA;AAEb,MAAI,uBAAgB;AAClB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC,EAAA,IACxC,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IAAA,MACA,IAAA,WAAA,CAAA;AAAA,MACD,EAAA,EAAA,yCAAA;AAAA,MACH,IAAA,EAAA,CAAA,2BAAA,EAAA,IAAA,CAAA,0DAAA,CAAA;AAEA,MAAI,MAAK,EAAA,eAAY;AACnB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC,EAAA,IACxC,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IAAA,MACA,IAAA,WAAA,CAAA;AAAA,MACD,EAAA,EAAA,yCAAA;AAAA,MACH,IAAA,EAAA,CAAA,2BAAA,EAAA,IAAA,CAAA,oFAAA,CAAA;AAEA,MAAI,MAAK,EAAA,eAAY;AACnB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC;AACxC,SACA,gBAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AAAA,EAAA,IACD,IAAA,CAAA,UAAA,CAAA,OAAA,CAAA,EAAA;AAAA,IACH,MAAA,IAAA,WAAA,CAAA;AACF,MAAA,EAAA,EAAA,iCAAA;AAEO,MAAA,IAAS,EAAA,CAAA,sEAGa,CAAA;AAC3B,MAAI,MAAK,EAAA,eAAkB;AACzB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACE,EAAA,eACN,CAAA,IAAA,EAAA,OAAA,CAAA;AAAA,EAAA,OACA;AAAA,IACF,IAAC;AAAA,IACH,MAAA,EAAA,OAAA,CAAA,MAAA;AAEA,IAAA,OAAA,EAAA,eAAsB;AAEtB,IAAA,aAAO,EAAA,OAAA,CAAA,aAAA;AAAA,IACL,OAAA,EAAA,OAAA,CAAA,OAAA;AAAA,IACA,UAAQ,EAAA,OAAQ,CAAA,UAAA;AAAA,IAChB,YAAS,EAAA,OAAQ,CAAA;AAAA,GAAA;AACM;AACN,mBACL,CAAA,MAAQ,EAAA;AAAA,EAAA;AACE","file":"index.js","sourcesContent":["import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport { InstrumentClass } from '../telemetry';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n  name?: string;\n  authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> | boolean;\n  /**\n   * Protected paths for the auth provider\n   */\n  protected?: MastraAuthConfig['protected'];\n  /**\n   * Public paths for the auth provider\n   */\n  public?: MastraAuthConfig['public'];\n}\n\n@InstrumentClass({\n  prefix: 'auth',\n  excludeMethods: ['__setTools', '__setLogger', '__setTelemetry', '#log'],\n})\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n  public protected?: MastraAuthConfig['protected'];\n  public public?: MastraAuthConfig['public'];\n\n  constructor(options?: MastraAuthProviderOptions<TUser>) {\n    super({ component: 'AUTH', name: options?.name });\n\n    if (options?.authorizeUser) {\n      this.authorizeUser = options.authorizeUser.bind(this);\n    }\n\n    this.protected = options?.protected;\n    this.public = options?.public;\n  }\n\n  /**\n   * Authenticate a token and return the payload\n   * @param token - The token to authenticate\n   * @param request - The request\n   * @returns The payload\n   */\n  abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>;\n\n  /**\n   * Authorize a user for a path and method\n   * @param user - The user to authorize\n   * @param request - The request\n   * @returns The authorization result\n   */\n  abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> | boolean;\n\n  protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n    if (opts?.authorizeUser) {\n      this.authorizeUser = opts.authorizeUser.bind(this);\n    }\n    if (opts?.protected) {\n      this.protected = opts.protected;\n    }\n    if (opts?.public) {\n      this.public = opts.public;\n    }\n  }\n}\n","import type { HonoRequest } from 'hono';\nimport { MastraAuthProvider } from './auth';\n\nexport class CompositeAuth extends MastraAuthProvider {\n  private providers: MastraAuthProvider[];\n\n  constructor(providers: MastraAuthProvider[]) {\n    super();\n    this.providers = providers;\n  }\n\n  async authenticateToken(token: string, request: HonoRequest): Promise<unknown | null> {\n    for (const provider of this.providers) {\n      try {\n        const user = await provider.authenticateToken(token, request);\n        if (user) {\n          return user;\n        }\n      } catch {\n        // ignore error, try next provider\n      }\n    }\n    return null;\n  }\n\n  async authorizeUser(user: unknown, request: HonoRequest): Promise<boolean> {\n    for (const provider of this.providers) {\n      const authorized = await provider.authorizeUser(user, request);\n      if (authorized) {\n        return true;\n      }\n    }\n    return false;\n  }\n}\n","import type { HonoRequest } from 'hono';\nimport type { MastraAuthProviderOptions } from './auth';\nimport { MastraAuthProvider } from './auth';\n\nconst DEFAULT_HEADERS = ['Authorization', 'X-Playground-Access'];\n\ntype TokenToUser<TUser> = Record<string, TUser>;\n\nexport interface SimpleAuthOptions<TUser> extends MastraAuthProviderOptions<TUser> {\n  /**\n   * Valid tokens to authenticate against\n   */\n  tokens: TokenToUser<TUser>;\n  /**\n   * Headers to check for authentication\n   * @default ['Authorization', 'X-Playground-Access']\n   */\n  headers?: string | string[];\n}\n\nexport class SimpleAuth<TUser> extends MastraAuthProvider<TUser> {\n  private tokens: TokenToUser<TUser>;\n  private headers: string[];\n  private users: TUser[];\n\n  constructor(options: SimpleAuthOptions<TUser>) {\n    super(options);\n    this.tokens = options.tokens;\n    this.users = Object.values(this.tokens);\n    this.headers = [...DEFAULT_HEADERS].concat(options.headers || []);\n  }\n\n  async authenticateToken(token: string, request: HonoRequest): Promise<TUser | null> {\n    const requestTokens = this.getTokensFromHeaders(token, request);\n\n    for (const requestToken of requestTokens) {\n      const tokenToUser = this.tokens[requestToken];\n      if (tokenToUser) {\n        return tokenToUser;\n      }\n    }\n\n    return null;\n  }\n\n  async authorizeUser(user: TUser, _request: HonoRequest): Promise<boolean> {\n    return this.users.includes(user);\n  }\n\n  private stripBearerPrefix(token: string): string {\n    return token.startsWith('Bearer ') ? token.slice(7) : token;\n  }\n\n  private getTokensFromHeaders(token: string, request: HonoRequest): string[] {\n    const tokens = [token];\n    for (const headerName of this.headers) {\n      const headerValue = request.header(headerName);\n      if (headerValue) {\n        tokens.push(this.stripBearerPrefix(headerValue));\n      }\n    }\n    return tokens;\n  }\n}\n","import type { Context, Handler, MiddlewareHandler } from 'hono';\nimport type { DescribeRouteOptions } from 'hono-openapi';\nimport { MastraError, ErrorDomain, ErrorCategory } from '../error';\nimport type { Mastra } from '../mastra';\nimport type { ApiRoute, MastraAuthConfig, Methods } from './types';\n\nexport type { MastraAuthConfig, ContextWithMastra, ApiRoute } from './types';\nexport { MastraAuthProvider } from './auth';\nexport type { MastraAuthProviderOptions } from './auth';\nexport { CompositeAuth } from './composite-auth';\nexport { SimpleAuth } from './simple-auth';\nexport type { SimpleAuthOptions } from './simple-auth';\n\n// Helper type for inferring parameters from a path\n// Thank you Claude!\ntype ParamsFromPath<P extends string> = {\n  [K in P extends `${string}:${infer Param}/${string}` | `${string}:${infer Param}` ? Param : never]: string;\n};\n\ntype RegisterApiRoutePathError = `Param 'path' must not start with '/api', it is reserved for internal API routes.`;\ntype ValidatePath<P extends string, T> = P extends `/api/${string}` ? RegisterApiRoutePathError : T;\n\ntype RegisterApiRouteOptions<P extends string> = {\n  method: Methods;\n  openapi?: DescribeRouteOptions;\n  handler?: Handler<\n    {\n      Variables: {\n        mastra: Mastra;\n      };\n    },\n    P,\n    ParamsFromPath<P>\n  >;\n  createHandler?: (c: Context) => Promise<\n    Handler<\n      {\n        Variables: {\n          mastra: Mastra;\n        };\n      },\n      P,\n      ParamsFromPath<P>\n    >\n  >;\n  middleware?: MiddlewareHandler | MiddlewareHandler[];\n  /**\n   * When false, skips Mastra auth for this route (defaults to true)\n   */\n  requiresAuth?: boolean;\n};\n\nfunction validateOptions<P extends string>(\n  path: P,\n  options: RegisterApiRoutePathError | RegisterApiRouteOptions<P>,\n): asserts options is RegisterApiRouteOptions<P> {\n  const opts = options as RegisterApiRouteOptions<P>;\n\n  if (opts.method === undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", missing \"method\" property`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  if (opts.handler === undefined && opts.createHandler === undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", you must define a \"handler\" or \"createHandler\" property`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  if (opts.handler !== undefined && opts.createHandler !== undefined) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n      text: `Invalid options for route \"${path}\", you can only define one of the following properties: \"handler\" or \"createHandler\"`,\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n}\n\nexport function registerApiRoute<P extends string>(\n  path: P,\n  options: ValidatePath<P, RegisterApiRouteOptions<P>>,\n): ValidatePath<P, ApiRoute> {\n  if (path.startsWith('/api/')) {\n    throw new MastraError({\n      id: 'MASTRA_SERVER_API_PATH_RESERVED',\n      text: 'Path must not start with \"/api\", it\\'s reserved for internal API routes',\n      domain: ErrorDomain.MASTRA_SERVER,\n      category: ErrorCategory.USER,\n    });\n  }\n\n  validateOptions(path, options);\n\n  return {\n    path,\n    method: options.method,\n    handler: options.handler,\n    createHandler: options.createHandler,\n    openapi: options.openapi,\n    middleware: options.middleware,\n    requiresAuth: options.requiresAuth,\n  } as unknown as ValidatePath<P, ApiRoute>;\n}\n\nexport function defineAuth<TUser>(config: MastraAuthConfig<TUser>): MastraAuthConfig<TUser> {\n  return config;\n}\n"]}