@mastra/deployer 1.0.0-beta.5 → 1.0.0-beta.7

package/dist/server/index.js

@@ -10,29 +10,28 @@ import { existsSync, createReadStream, lstatSync } from 'fs';
 import { join as join$1 } from 'path';
 import { html } from 'hono/html';
 import { Tool } from '@mastra/core/tools';
+import { MastraServer as MastraServer$1, redactStreamChunk } from '@mastra/server/server-adapter';
+import util from 'util';
+import { Buffer as Buffer$1 } from 'buffer';
+import { isDevPlaygroundRequest, isProtectedPath, canAccessPublicly, checkRules, defaultAuthConfig } from '@mastra/server/auth';
 import { InMemoryTaskStore } from '@mastra/server/a2a/store';
-import { createRoute, MastraServerAdapter } from '@mastra/server/server-adapter';
 import { Hono } from 'hono';
 import { cors } from 'hono/cors';
 import { logger } from 'hono/logger';
 import { timeout } from 'hono/timeout';
 import { HTTPException as HTTPException$1 } from 'hono/http-exception';
-import util from 'util';
-import { Buffer as Buffer$1 } from 'buffer';
-import { z } from 'zod';
 
-// src/server/index.ts
 var RequestError = class extends Error {
   constructor(message, options) {
     super(message, options);
     this.name = "RequestError";
   }
 };
-var toRequestError = (e2) => {
-  if (e2 instanceof RequestError) {
-    return e2;
+var toRequestError = (e) => {
+  if (e instanceof RequestError) {
+    return e;
   }
-  return new RequestError(e2.message, { cause: e2 });
+  return new RequestError(e.message, { cause: e });
 };
 var GlobalRequest = global.Request;
 var Request2 = class extends GlobalRequest {
@@ -178,8 +177,8 @@ var newRequest = (incoming, defaultHostname) => {
     try {
       const url2 = new URL(incomingUrl);
       req[urlKey] = url2.href;
-    } catch (e2) {
-      throw new RequestError("Invalid absolute URL", { cause: e2 });
+    } catch (e) {
+      throw new RequestError("Invalid absolute URL", { cause: e });
     }
     return req;
   }
@@ -301,8 +300,8 @@ function writeFromReadableStreamDefaultReader(reader, writable, currentReadPromi
       } else {
         return reader.read().then(flow, handleStreamError);
       }
-    } catch (e2) {
-      handleStreamError(e2);
+    } catch (e) {
+      handleStreamError(e);
     }
   }
 }
@@ -351,15 +350,15 @@ var outgoingEnded = Symbol("outgoingEnded");
 var handleRequestError = () => new Response(null, {
   status: 400
 });
-var handleFetchError = (e2) => new Response(null, {
-  status: e2 instanceof Error && (e2.name === "TimeoutError" || e2.constructor.name === "TimeoutError") ? 504 : 500
+var handleFetchError = (e) => new Response(null, {
+  status: e instanceof Error && (e.name === "TimeoutError" || e.constructor.name === "TimeoutError") ? 504 : 500
 });
-var handleResponseError = (e2, outgoing) => {
-  const err = e2 instanceof Error ? e2 : new Error("unknown error", { cause: e2 });
+var handleResponseError = (e, outgoing) => {
+  const err = e instanceof Error ? e : new Error("unknown error", { cause: e });
   if (err.code === "ERR_STREAM_PREMATURE_CLOSE") {
     console.info("The user aborted a request.");
   } else {
-    console.error(e2);
+    console.error(e);
     if (!outgoing.headersSent) {
       outgoing.writeHead(500, { "Content-Type": "text/plain" });
     }
@@ -392,7 +391,7 @@ var responseViaCache = async (res, outgoing) => {
   } else {
     flushHeaders(outgoing);
     await writeFromReadableStream(body, outgoing)?.catch(
-      (e2) => handleResponseError(e2, outgoing)
+      (e) => handleResponseError(e, outgoing)
     );
   }
   outgoing[outgoingEnded]?.();
@@ -427,8 +426,8 @@ var responseViaResponseObject = async (res, outgoing, options = {}) => {
       let maxReadCount = 2;
       for (let i = 0; i < maxReadCount; i++) {
         currentReadPromise ||= reader.read();
-        const chunk = await readWithoutBlocking(currentReadPromise).catch((e2) => {
-          console.error(e2);
+        const chunk = await readWithoutBlocking(currentReadPromise).catch((e) => {
+          console.error(e);
           done = true;
         });
         if (!chunk) {
@@ -528,26 +527,26 @@ var getRequestListener = (fetchCallback, options = {}) => {
       if (cacheKey in res) {
         return responseViaCache(res, outgoing);
       }
-    } catch (e2) {
+    } catch (e) {
       if (!res) {
         if (options.errorHandler) {
-          res = await options.errorHandler(req ? e2 : toRequestError(e2));
+          res = await options.errorHandler(req ? e : toRequestError(e));
           if (!res) {
             return;
           }
         } else if (!req) {
           res = handleRequestError();
         } else {
-          res = handleFetchError(e2);
+          res = handleFetchError(e);
         }
       } else {
-        return handleResponseError(e2, outgoing);
+        return handleResponseError(e, outgoing);
       }
     }
     try {
       return await responseViaResponseObject(res, outgoing, options);
-    } catch (e2) {
-      return handleResponseError(e2, outgoing);
+    } catch (e) {
+      return handleResponseError(e, outgoing);
     }
   };
 };
@@ -808,1123 +807,412 @@ var middleware = (options) => async (c) => {
     `
   );
 };
-var HTTPException = class extends Error {
-  res;
-  status;
-  constructor(status = 500, options) {
-    super(options?.message, { cause: options?.cause });
-    this.res = options?.res;
-    this.status = status;
+var classRegExp = /^([A-Z][a-z0-9]*)+$/;
+var kTypes = [
+  "string",
+  "function",
+  "number",
+  "object",
+  // Accept 'Function' and 'Object' as alternative to the lower cased version.
+  "Function",
+  "Object",
+  "boolean",
+  "bigint",
+  "symbol"
+];
+function determineSpecificType(value) {
+  if (value == null) {
+    return "" + value;
   }
-  getResponse() {
-    if (this.res) {
-      const newResponse = new Response(this.res.body, {
-        status: this.status,
-        headers: this.res.headers
-      });
-      return newResponse;
+  if (typeof value === "function" && value.name) {
+    return `function ${value.name}`;
+  }
+  if (typeof value === "object") {
+    if (value.constructor?.name) {
+      return `an instance of ${value.constructor.name}`;
     }
-    return new Response(this.message, {
-      status: this.status
-    });
+    return `${util.inspect(value, { depth: -1 })}`;
   }
-};
-var ERROR_MESSAGE = "Payload Too Large";
-var BodyLimitError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "BodyLimitError";
+  let inspected = util.inspect(value, { colors: false });
+  if (inspected.length > 28) {
+    inspected = `${inspected.slice(0, 25)}...`;
+  }
+  return `type ${typeof value} (${inspected})`;
+}
+var ERR_HTTP_BODY_NOT_ALLOWED = class extends Error {
+  constructor() {
+    super("Adding content for this request method or response status is not allowed.");
   }
 };
-var bodyLimit = (options) => {
-  const onError3 = options.onError || (() => {
-    const res = new Response(ERROR_MESSAGE, {
-      status: 413
-    });
-    throw new HTTPException(413, { res });
-  });
-  const maxSize = options.maxSize;
-  return async function bodyLimit2(c, next) {
-    if (!c.req.raw.body) {
-      return next();
-    }
-    const hasTransferEncoding = c.req.raw.headers.has("transfer-encoding");
-    const hasContentLength = c.req.raw.headers.has("content-length");
-    if (hasContentLength && !hasTransferEncoding) {
-      const contentLength = parseInt(c.req.raw.headers.get("content-length") || "0", 10);
-      return contentLength > maxSize ? onError3(c) : next();
-    }
-    let size = 0;
-    const rawReader = c.req.raw.body.getReader();
-    const reader = new ReadableStream({
-      async start(controller) {
-        try {
-          for (; ; ) {
-            const { done, value } = await rawReader.read();
-            if (done) {
-              break;
-            }
-            size += value.length;
-            if (size > maxSize) {
-              controller.error(new BodyLimitError(ERROR_MESSAGE));
-              break;
-            }
-            controller.enqueue(value);
-          }
-        } finally {
-          controller.close();
-        }
-      }
-    });
-    const requestInit = { body: reader, duplex: "half" };
-    c.req.raw = new Request(c.req.raw, requestInit);
-    await next();
-    if (c.error instanceof BodyLimitError) {
-      c.res = await onError3(c);
-    }
-  };
+var ERR_HTTP_CONTENT_LENGTH_MISMATCH = class extends Error {
+  constructor(actual, expected) {
+    super(`Response body's content-length of ${actual} byte(s) does not match the content-length of ${expected} byte(s) set in header`);
+  }
 };
-var StreamingApi = class {
-  writer;
-  encoder;
-  writable;
-  abortSubscribers = [];
-  responseReadable;
-  aborted = false;
-  closed = false;
-  constructor(writable, _readable) {
-    this.writable = writable;
-    this.writer = writable.getWriter();
-    this.encoder = new TextEncoder();
-    const reader = _readable.getReader();
-    this.abortSubscribers.push(async () => {
-      await reader.cancel();
-    });
-    this.responseReadable = new ReadableStream({
-      async pull(controller) {
-        const { done, value } = await reader.read();
-        done ? controller.close() : controller.enqueue(value);
-      },
-      cancel: () => {
-        this.abort();
-      }
-    });
+var ERR_HTTP_HEADERS_SENT = class extends Error {
+  constructor(arg) {
+    super(`Cannot ${arg} headers after they are sent to the client`);
   }
-  async write(input) {
-    try {
-      if (typeof input === "string") {
-        input = this.encoder.encode(input);
-      }
-      await this.writer.write(input);
-    } catch {
+};
+var ERR_INVALID_ARG_VALUE = class extends TypeError {
+  constructor(name, value, reason = "is invalid") {
+    let inspected = util.inspect(value);
+    if (inspected.length > 128) {
+      inspected = `${inspected.slice(0, 128)}...`;
     }
-    return this;
-  }
-  async writeln(input) {
-    await this.write(input + "\n");
-    return this;
-  }
-  sleep(ms) {
-    return new Promise((res) => setTimeout(res, ms));
+    const type = name.includes(".") ? "property" : "argument";
+    super(`The ${type} '${name}' ${reason}. Received ${inspected}`);
   }
-  async close() {
-    try {
-      await this.writer.close();
-    } catch {
+};
+var ERR_INVALID_CHAR = class extends TypeError {
+  constructor(name, field) {
+    let msg = `Invalid character in ${name}`;
+    if (field !== void 0) {
+      msg += ` ["${field}"]`;
     }
-    this.closed = true;
-  }
-  async pipe(body) {
-    this.writer.releaseLock();
-    await body.pipeTo(this.writable, { preventClose: true });
-    this.writer = this.writable.getWriter();
-  }
-  onAbort(listener) {
-    this.abortSubscribers.push(listener);
+    super(msg);
   }
-  abort() {
-    if (!this.aborted) {
-      this.aborted = true;
-      this.abortSubscribers.forEach((subscriber) => subscriber());
-    }
+};
+var ERR_HTTP_INVALID_HEADER_VALUE = class extends TypeError {
+  constructor(value, name) {
+    super(`Invalid value "${value}" for header "${name}"`);
   }
 };
-var isOldBunVersion = () => {
-  const version = typeof Bun !== "undefined" ? Bun.version : void 0;
-  if (version === void 0) {
-    return false;
+var ERR_HTTP_INVALID_STATUS_CODE = class extends RangeError {
+  originalStatusCode;
+  constructor(originalStatusCode) {
+    super(`Invalid status code: ${originalStatusCode}`);
+    this.originalStatusCode = originalStatusCode;
   }
-  const result = version.startsWith("1.1") || version.startsWith("1.0") || version.startsWith("0.");
-  isOldBunVersion = () => result;
-  return result;
 };
-var contextStash = /* @__PURE__ */ new WeakMap();
-var stream = (c, cb, onError3) => {
-  const { readable, writable } = new TransformStream();
-  const stream2 = new StreamingApi(writable, readable);
-  if (isOldBunVersion()) {
-    c.req.raw.signal.addEventListener("abort", () => {
-      if (!stream2.closed) {
-        stream2.abort();
-      }
-    });
+var ERR_HTTP_TRAILER_INVALID = class extends Error {
+  constructor() {
+    super(`Trailers are invalid with this transfer encoding`);
   }
-  contextStash.set(stream2.responseReadable, c);
-  (async () => {
-    try {
-      await cb(stream2);
-    } catch (e2) {
-      if (e2 === void 0) ;
-      else if (e2 instanceof Error && onError3) {
-        await onError3(e2, stream2);
+};
+var ERR_INVALID_ARG_TYPE = class extends TypeError {
+  constructor(name, expected, actual) {
+    if (!Array.isArray(expected)) {
+      expected = [expected];
+    }
+    let msg = "The ";
+    if (name.endsWith(" argument")) {
+      msg += `${name} `;
+    } else {
+      const type = name.includes(".") ? "property" : "argument";
+      msg += `"${name}" ${type} `;
+    }
+    msg += "must be ";
+    const types = [];
+    const instances = [];
+    const other = [];
+    for (const value of expected) {
+      if (kTypes.includes(value)) {
+        types.push(value.toLowerCase());
+      } else if (classRegExp.exec(value) !== null) {
+        instances.push(value);
       } else {
-        console.error(e2);
+        other.push(value);
       }
-    } finally {
-      stream2.close();
     }
-  })();
-  return c.newResponse(stream2.responseReadable);
-};
-var HonoServerAdapter = class extends MastraServerAdapter {
-  taskStore;
-  customRouteAuthConfig;
-  playground;
-  isDev;
-  constructor({
-    mastra,
-    tools,
-    taskStore,
-    customRouteAuthConfig,
-    playground,
-    isDev,
-    bodyLimitOptions
-  }) {
-    super({ mastra, bodyLimitOptions, tools });
-    this.taskStore = taskStore || new InMemoryTaskStore();
-    this.customRouteAuthConfig = customRouteAuthConfig;
-    this.playground = playground;
-    this.isDev = isDev;
-  }
-  createContextMiddleware() {
-    return async (c, next) => {
-      let bodyRequestContext;
-      let paramsRequestContext;
-      if (c.req.method === "POST" || c.req.method === "PUT") {
-        const contentType = c.req.header("content-type");
-        if (contentType?.includes("application/json")) {
-          try {
-            const clonedReq = c.req.raw.clone();
-            const body = await clonedReq.json();
-            if (body.requestContext) {
-              bodyRequestContext = body.requestContext;
-            }
-          } catch {
-          }
-        }
-      }
-      if (c.req.method === "GET") {
-        try {
-          const encodedRequestContext = c.req.query("requestContext");
-          if (encodedRequestContext) {
-            try {
-              paramsRequestContext = JSON.parse(encodedRequestContext);
-            } catch {
-              try {
-                const json = Buffer.from(encodedRequestContext, "base64").toString("utf-8");
-                paramsRequestContext = JSON.parse(json);
-              } catch {
-              }
-            }
-          }
-        } catch {
-        }
-      }
-      const requestContext = this.mergeRequestContext({ paramsRequestContext, bodyRequestContext });
-      c.set("requestContext", requestContext);
-      c.set("mastra", this.mastra);
-      c.set("tools", this.tools || {});
-      c.set("taskStore", this.taskStore);
-      c.set("playground", this.playground === true);
-      c.set("isDev", this.isDev === true);
-      c.set("customRouteAuthConfig", this.customRouteAuthConfig);
-      c.set("abortSignal", c.req.raw.signal);
-      return next();
-    };
-  }
-  async stream(route, res, result) {
-    res.header("Content-Type", "text/plain");
-    res.header("Transfer-Encoding", "chunked");
-    const streamFormat = route.streamFormat || "stream";
-    return stream(
-      res,
-      async (stream2) => {
-        const readableStream = result instanceof ReadableStream ? result : result.fullStream;
-        const reader = readableStream.getReader();
-        stream2.onAbort(() => {
-          void reader.cancel("request aborted");
-        });
-        try {
-          while (true) {
-            const { done, value } = await reader.read();
-            if (done) break;
-            if (value) {
-              if (streamFormat === "sse") {
-                await stream2.write(`data: ${JSON.stringify(value)}
-
-`);
-              } else {
-                await stream2.write(JSON.stringify(value) + "");
-              }
-            }
-          }
-          await stream2.write("data: [DONE]\n\n");
-        } catch (error) {
-          console.error(error);
-        } finally {
-          await stream2.close();
-        }
-      },
-      async (err) => {
-        console.error(err);
-      }
-    );
-  }
-  async getParams(route, request) {
-    const urlParams = request.param();
-    const queryParams = request.query();
-    let body;
-    if (route.method === "POST" || route.method === "PUT" || route.method === "PATCH") {
-      try {
-        body = await request.json();
-      } catch {
+    if (instances.length > 0) {
+      const pos = types.indexOf("object");
+      if (pos !== -1) {
+        types.splice(pos, 1);
+        instances.push("Object");
       }
     }
-    return { urlParams, queryParams, body };
-  }
-  async sendResponse(route, response, result) {
-    if (route.responseType === "json") {
-      return response.json(result, 200);
-    } else if (route.responseType === "stream") {
-      return this.stream(route, response, result);
-    } else if (route.responseType === "datastream-response") {
-      const fetchResponse = result;
-      return fetchResponse;
-    } else {
-      return response.status(500);
-    }
-  }
-  async registerRoute(app, route, { prefix }) {
-    const shouldApplyBodyLimit = this.bodyLimitOptions && ["POST", "PUT", "PATCH"].includes(route.method.toUpperCase());
-    const maxSize = route.maxBodySize ?? this.bodyLimitOptions?.maxSize;
-    const middlewares = [];
-    if (shouldApplyBodyLimit && maxSize && this.bodyLimitOptions) {
-      middlewares.push(
-        bodyLimit({
-          maxSize,
-          onError: this.bodyLimitOptions.onError
-        })
-      );
-    }
-    app[route.method.toLowerCase()](
-      `${prefix}${route.path}`,
-      ...middlewares,
-      async (c) => {
-        const params = await this.getParams(route, c.req);
-        if (params.queryParams) {
-          try {
-            params.queryParams = await this.parseQueryParams(route, params.queryParams);
-          } catch (error) {
-            console.error("Error parsing query params", error);
-            return c.json(
-              {
-                error: "Invalid query parameters",
-                details: error instanceof Error ? error.message : "Unknown error"
-              },
-              400
-            );
-          }
-        }
-        if (params.body) {
-          try {
-            params.body = await this.parseBody(route, params.body);
-          } catch (error) {
-            console.error("Error parsing body", error);
-            return c.json(
-              {
-                error: "Invalid request body",
-                details: error instanceof Error ? error.message : "Unknown error"
-              },
-              400
-            );
-          }
-        }
-        const handlerParams = {
-          ...params.urlParams,
-          ...params.queryParams,
-          ...typeof params.body === "object" ? params.body : {},
-          requestContext: c.get("requestContext"),
-          mastra: this.mastra,
-          tools: c.get("tools"),
-          taskStore: c.get("taskStore"),
-          abortSignal: c.get("abortSignal")
-        };
-        try {
-          const result = await route.handler(handlerParams);
-          return this.sendResponse(route, c, result);
-        } catch (error) {
-          console.error("Error calling handler", error);
-          if (error && typeof error === "object") {
-            if ("status" in error) {
-              const status = error.status;
-              return c.json({ error: error instanceof Error ? error.message : "Unknown error" }, status);
-            }
-            if ("details" in error && error.details && typeof error.details === "object" && "status" in error.details) {
-              const status = error.details.status;
-              return c.json({ error: error instanceof Error ? error.message : "Unknown error" }, status);
-            }
-          }
-          return c.json({ error: error instanceof Error ? error.message : "Unknown error" }, 500);
-        }
+    if (types.length > 0) {
+      if (types.length > 2) {
+        const last = types.pop();
+        msg += `one of type ${types.join(", ")}, or ${last}`;
+      } else if (types.length === 2) {
+        msg += `one of type ${types[0]} or ${types[1]}`;
+      } else {
+        msg += `of type ${types[0]}`;
       }
-    );
-  }
-  registerContextMiddleware(app) {
-    app.use("*", this.createContextMiddleware());
-  }
-  async registerRoutes(app, { prefix, openapiPath }) {
-    await super.registerRoutes(app, { prefix, openapiPath });
-  }
-};
-
-// ../../node_modules/.pnpm/hono-openapi@0.4.8_hono@4.10.6_openapi-types@12.1.3_zod@3.25.76/node_modules/hono-openapi/utils.js
-var e = Symbol("openapi");
-function w(n) {
-  const { validateResponse: s2, ...o } = n;
-  return Object.assign((async (e2, o2) => {
-    if (await o2(), s2 && n.responses) {
-      const o3 = e2.res.status, a = e2.res.headers.get("content-type");
-      if (o3 && a) {
-        const r = n.responses[o3];
-        if (r && "content" in r && r.content) {
-          const n2 = a.split(";")[0], o4 = r.content[n2];
-          if (o4?.schema && "validator" in o4.schema) try {
-            let t2;
-            const s3 = e2.res.clone();
-            if ("application/json" === n2 ? t2 = await s3.json() : "text/plain" === n2 && (t2 = await s3.text()), !t2) throw new Error("No data to validate!");
-            await o4.schema.validator(t2);
-          } catch (e3) {
-            let n3 = { status: 500, message: "Response validation failed!" };
-            throw "object" == typeof s2 && (n3 = { ...n3, ...s2 }), new HTTPException$1(n3.status, { message: n3.message, cause: e3 });
-          }
+      if (instances.length > 0 || other.length > 0)
+        msg += " or ";
+    }
+    if (instances.length > 0) {
+      if (instances.length > 2) {
+        const last = instances.pop();
+        msg += `an instance of ${instances.join(", ")}, or ${last}`;
+      } else {
+        msg += `an instance of ${instances[0]}`;
+        if (instances.length === 2) {
+          msg += ` or ${instances[1]}`;
         }
       }
+      if (other.length > 0)
+        msg += " or ";
     }
-  }), { [e]: { resolver: (e2, t2) => x(e2, o, t2) } });
-}
-async function x(e2, t2, n = {}) {
-  let s2 = {};
-  const o = { ...n, ...t2, responses: { ...n?.responses, ...t2.responses } };
-  if (o.responses) for (const t3 of Object.keys(o.responses)) {
-    const n2 = o.responses[t3];
-    if (n2 && "content" in n2) for (const t4 of Object.keys(n2.content ?? {})) {
-      const o2 = n2.content?.[t4];
-      if (o2 && (o2.schema && "builder" in o2.schema)) {
-        const t5 = await o2.schema.builder(e2);
-        o2.schema = t5.schema, t5.components && (s2 = { ...s2, ...t5.components });
+    if (other.length > 0) {
+      if (other.length > 2) {
+        const last = other.pop();
+        msg += `one of ${other.join(", ")}, or ${last}`;
+      } else if (other.length === 2) {
+        msg += `one of ${other[0]} or ${other[1]}`;
+      } else {
+        if (other[0].toLowerCase() !== other[0])
+          msg += "an ";
+        msg += `${other[0]}`;
       }
     }
+    msg += `. Received ${determineSpecificType(actual)}`;
+    super(msg);
   }
-  return { docs: o, components: s2 };
-}
-
-// src/server/handlers/auth/defaults.ts
-var defaultAuthConfig = {
-  protected: ["/api/*"],
-  public: ["/api"],
-  // Simple rule system
-  rules: [
-    // Admin users can do anything
-    {
-      condition: (user) => {
-        if (typeof user === "object" && user !== null) {
-          if ("isAdmin" in user) {
-            return !!user.isAdmin;
-          }
-          if ("role" in user) {
-            return user.role === "admin";
-          }
-        }
-        return false;
-      },
-      allow: true
-    }
-  ]
-};
-
-// src/server/handlers/auth/helpers.ts
-var isDevPlaygroundRequest = (req) => {
-  return req.header("x-mastra-dev-playground") === "true" && process.env.MASTRA_DEV === "true";
 };
-var isCustomRoutePublic = (path, method, customRouteAuthConfig) => {
-  if (!customRouteAuthConfig) {
-    return false;
-  }
-  const routeKey = `${method}:${path}`;
-  if (customRouteAuthConfig.has(routeKey)) {
-    return !customRouteAuthConfig.get(routeKey);
-  }
-  const allRouteKey = `ALL:${path}`;
-  if (customRouteAuthConfig.has(allRouteKey)) {
-    return !customRouteAuthConfig.get(allRouteKey);
+var ERR_INVALID_HTTP_TOKEN = class extends TypeError {
+  constructor(name, field) {
+    super(`${name} must be a valid HTTP token ["${field}"]`);
   }
-  return false;
-};
-var isProtectedPath = (path, method, authConfig, customRouteAuthConfig) => {
-  const protectedAccess = [...defaultAuthConfig.protected || [], ...authConfig.protected || []];
-  return isAnyMatch(path, method, protectedAccess) || !isCustomRoutePublic(path, method, customRouteAuthConfig);
 };
-var canAccessPublicly = (path, method, authConfig) => {
-  const publicAccess = [...defaultAuthConfig.public || [], ...authConfig.public || []];
-  return isAnyMatch(path, method, publicAccess);
-};
-var isAnyMatch = (path, method, patterns) => {
-  if (!patterns) {
-    return false;
-  }
-  for (const patternPathOrMethod of patterns) {
-    if (patternPathOrMethod instanceof RegExp) {
-      if (patternPathOrMethod.test(path)) {
-        return true;
-      }
-    }
-    if (typeof patternPathOrMethod === "string" && pathMatchesPattern(path, patternPathOrMethod)) {
-      return true;
-    }
-    if (Array.isArray(patternPathOrMethod) && patternPathOrMethod.length === 2) {
-      const [pattern, methodOrMethods] = patternPathOrMethod;
-      if (pathMatchesPattern(path, pattern) && matchesOrIncludes(methodOrMethods, method)) {
-        return true;
-      }
-    }
+var ERR_METHOD_NOT_IMPLEMENTED = class extends Error {
+  constructor(methodName) {
+    super(`The ${methodName} method is not implemented`);
   }
-  return false;
 };
-var pathMatchesPattern = (path, pattern) => {
-  if (pattern.endsWith("*")) {
-    const prefix = pattern.slice(0, -1);
-    return path.startsWith(prefix);
+var ERR_STREAM_ALREADY_FINISHED = class extends Error {
+  constructor(methodName) {
+    super(`Cannot call ${methodName} after a stream was finished`);
   }
-  return path === pattern;
 };
-var pathMatchesRule = (path, rulePath) => {
-  if (!rulePath) return true;
-  if (typeof rulePath === "string") {
-    return pathMatchesPattern(path, rulePath);
-  }
-  if (rulePath instanceof RegExp) {
-    return rulePath.test(path);
-  }
-  if (Array.isArray(rulePath)) {
-    return rulePath.some((p) => pathMatchesPattern(path, p));
+var ERR_STREAM_CANNOT_PIPE = class extends Error {
+  constructor() {
+    super(`Cannot pipe, not readable`);
   }
-  return false;
 };
-var matchesOrIncludes = (values, value) => {
-  if (typeof values === "string") {
-    return values === value;
-  }
-  if (Array.isArray(values)) {
-    return values.includes(value);
+var ERR_STREAM_DESTROYED = class extends Error {
+  constructor(methodName) {
+    super(`Cannot call ${methodName} after a stream was destroyed`);
   }
-  return false;
 };
-var checkRules = async (rules, path, method, user) => {
-  for (const i in rules || []) {
-    const rule = rules?.[i];
-    if (!pathMatchesRule(path, rule.path)) {
-      continue;
-    }
-    if (rule.methods && !matchesOrIncludes(rule.methods, method)) {
-      continue;
-    }
-    const condition = rule.condition;
-    if (typeof condition === "function") {
-      const allowed = await Promise.resolve().then(() => condition(user)).catch(() => false);
-      if (allowed) {
-        return true;
-      }
-    } else if (rule.allow) {
-      return true;
-    }
+var ERR_STREAM_NULL_VALUES = class extends TypeError {
+  constructor() {
+    super(`May not write null values to stream`);
   }
-  return false;
 };
-
-// src/server/handlers/auth/index.ts
-var authenticationMiddleware = async (c, next) => {
-  const mastra = c.get("mastra");
-  const authConfig = mastra.getServer()?.auth;
-  const customRouteAuthConfig = c.get("customRouteAuthConfig");
-  if (!authConfig) {
-    return next();
+var ERR_STREAM_WRITE_AFTER_END = class extends Error {
+  constructor() {
+    super(`write after end`);
   }
-  if (isDevPlaygroundRequest(c.req)) {
-    return next();
+};
+
+// ../../node_modules/.pnpm/fetch-to-node@2.1.0/node_modules/fetch-to-node/dist/fetch-to-node/http-incoming.js
+var kHeaders = Symbol("kHeaders");
+var kHeadersDistinct = Symbol("kHeadersDistinct");
+var kHeadersCount = Symbol("kHeadersCount");
+var kTrailers = Symbol("kTrailers");
+var kTrailersDistinct = Symbol("kTrailersDistinct");
+var kTrailersCount = Symbol("kTrailersCount");
+var FetchIncomingMessage = class extends Readable {
+  get socket() {
+    return null;
   }
-  if (!isProtectedPath(c.req.path, c.req.method, authConfig, customRouteAuthConfig)) {
-    return next();
+  set socket(_val) {
+    throw new ERR_METHOD_NOT_IMPLEMENTED("socket");
   }
-  if (canAccessPublicly(c.req.path, c.req.method, authConfig)) {
-    return next();
+  httpVersionMajor;
+  httpVersionMinor;
+  httpVersion;
+  complete = false;
+  [kHeaders] = null;
+  [kHeadersDistinct] = null;
+  [kHeadersCount] = 0;
+  rawHeaders = [];
+  [kTrailers] = null;
+  [kTrailersDistinct] = null;
+  [kTrailersCount] = 0;
+  rawTrailers = [];
+  joinDuplicateHeaders = false;
+  aborted = false;
+  upgrade = false;
+  // request (server) only
+  url = "";
+  method;
+  // TODO: Support ClientRequest
+  // statusCode = null;
+  // statusMessage = null;
+  // client = socket;
+  _consuming;
+  _dumped;
+  // The underlying ReadableStream
+  _stream = null;
+  constructor() {
+    const streamOptions = {};
+    super(streamOptions);
+    this._readableState.readingMore = true;
+    this._consuming = false;
+    this._dumped = false;
   }
-  const authHeader = c.req.header("Authorization");
-  let token = authHeader ? authHeader.replace("Bearer ", "") : null;
-  if (!token && c.req.query("apiKey")) {
-    token = c.req.query("apiKey") || null;
+  get connection() {
+    return null;
   }
-  if (!token) {
-    return c.json({ error: "Authentication required" }, 401);
+  set connection(_socket) {
+    console.error("No support for IncomingMessage.connection");
   }
-  try {
-    let user;
-    if (typeof authConfig.authenticateToken === "function") {
-      user = await authConfig.authenticateToken(token, c.req);
-    } else {
-      throw new Error("No token verification method configured");
-    }
-    if (!user) {
-      return c.json({ error: "Invalid or expired token" }, 401);
+  get headers() {
+    if (!this[kHeaders]) {
+      this[kHeaders] = {};
+      const src = this.rawHeaders;
+      const dst = this[kHeaders];
+      for (let n = 0; n < this[kHeadersCount]; n += 2) {
+        this._addHeaderLine(src[n], src[n + 1], dst);
+      }
     }
-    c.get("requestContext").set("user", user);
-    return next();
-  } catch (err) {
-    console.error(err);
-    return c.json({ error: "Invalid or expired token" }, 401);
-  }
-};
-var authorizationMiddleware = async (c, next) => {
-  const mastra = c.get("mastra");
-  const authConfig = mastra.getServer()?.auth;
-  const customRouteAuthConfig = c.get("customRouteAuthConfig");
-  if (!authConfig) {
-    return next();
+    return this[kHeaders];
   }
-  const path = c.req.path;
-  const method = c.req.method;
-  if (isDevPlaygroundRequest(c.req)) {
-    return next();
+  set headers(val) {
+    this[kHeaders] = val;
   }
-  if (!isProtectedPath(c.req.path, c.req.method, authConfig, customRouteAuthConfig)) {
-    return next();
+  get headersDistinct() {
+    if (!this[kHeadersDistinct]) {
+      this[kHeadersDistinct] = {};
+      const src = this.rawHeaders;
+      const dst = this[kHeadersDistinct];
+      for (let n = 0; n < this[kHeadersCount]; n += 2) {
+        this._addHeaderLineDistinct(src[n], src[n + 1], dst);
+      }
+    }
+    return this[kHeadersDistinct];
   }
-  if (canAccessPublicly(path, method, authConfig)) {
-    return next();
+  set headersDistinct(val) {
+    this[kHeadersDistinct] = val;
   }
-  const user = c.get("requestContext").get("user");
-  if ("authorizeUser" in authConfig && typeof authConfig.authorizeUser === "function") {
-    try {
-      const isAuthorized = await authConfig.authorizeUser(user, c.req);
-      if (isAuthorized) {
-        return next();
+  get trailers() {
+    if (!this[kTrailers]) {
+      this[kTrailers] = {};
+      const src = this.rawTrailers;
+      const dst = this[kTrailers];
+      for (let n = 0; n < this[kTrailersCount]; n += 2) {
+        this._addHeaderLine(src[n], src[n + 1], dst);
       }
-      return c.json({ error: "Access denied" }, 403);
-    } catch (err) {
-      console.error(err);
-      return c.json({ error: "Authorization error" }, 500);
     }
+    return this[kTrailers];
   }
-  if ("authorize" in authConfig && typeof authConfig.authorize === "function") {
-    try {
-      const isAuthorized = await authConfig.authorize(path, method, user, c);
-      if (isAuthorized) {
-        return next();
+  set trailers(val) {
+    this[kTrailers] = val;
+  }
+  get trailersDistinct() {
+    if (!this[kTrailersDistinct]) {
+      this[kTrailersDistinct] = {};
+      const src = this.rawTrailers;
+      const dst = this[kTrailersDistinct];
+      for (let n = 0; n < this[kTrailersCount]; n += 2) {
+        this._addHeaderLineDistinct(src[n], src[n + 1], dst);
       }
-      return c.json({ error: "Access denied" }, 403);
-    } catch (err) {
-      console.error(err);
-      return c.json({ error: "Authorization error" }, 500);
     }
+    return this[kTrailersDistinct];
   }
-  if ("rules" in authConfig && authConfig.rules && authConfig.rules.length > 0) {
-    const isAuthorized = await checkRules(authConfig.rules, path, method, user);
-    if (isAuthorized) {
-      return next();
-    }
-    return c.json({ error: "Access denied" }, 403);
+  set trailersDistinct(val) {
+    this[kTrailersDistinct] = val;
   }
-  if (defaultAuthConfig.rules && defaultAuthConfig.rules.length > 0) {
-    const isAuthorized = await checkRules(defaultAuthConfig.rules, path, method, user);
-    if (isAuthorized) {
-      return next();
-    }
+  setTimeout(msecs, callback) {
+    return this;
   }
-  return c.json({ error: "Access denied" }, 403);
-};
-
-// src/server/handlers/client.ts
-var clients = /* @__PURE__ */ new Set();
-var hotReloadDisabled = false;
-function handleClientsRefresh(c) {
-  const stream2 = new ReadableStream({
-    start(controller) {
-      clients.add(controller);
-      controller.enqueue("data: connected\n\n");
-      c.req.raw.signal.addEventListener("abort", () => {
-        clients.delete(controller);
-      });
+  async _read(n) {
+    if (!this._consuming) {
+      this._readableState.readingMore = false;
+      this._consuming = true;
     }
-  });
-  return new Response(stream2, {
-    headers: {
-      "Content-Type": "text/event-stream",
-      "Cache-Control": "no-cache",
-      Connection: "keep-alive",
-      "Access-Control-Allow-Origin": "*"
+    if (this._stream == null) {
+      this.complete = true;
+      this.push(null);
+      return;
     }
-  });
-}
-function handleTriggerClientsRefresh(c) {
-  clients.forEach((controller) => {
+    const reader = this._stream.getReader();
     try {
-      controller.enqueue("data: refresh\n\n");
-    } catch {
-      clients.delete(controller);
+      const data = await reader.read();
+      if (data.done) {
+        this.complete = true;
+        this.push(null);
+      } else {
+        this.push(data.value);
+      }
+    } catch (e) {
+      this.destroy(e);
+    } finally {
+      reader.releaseLock();
     }
-  });
-  return c.json({ success: true, clients: clients.size });
-}
-function isHotReloadDisabled() {
-  return hotReloadDisabled;
-}
-function handleError(error, defaultMessage) {
-  const apiError = error;
-  throw new HTTPException$1(apiError.status || 500, {
-    message: apiError.message || defaultMessage,
-    cause: apiError.cause
-  });
-}
-function errorHandler(err, c, isDev) {
-  if (err instanceof HTTPException$1) {
-    if (isDev) {
-      return c.json({ error: err.message, cause: err.cause, stack: err.stack }, err.status);
+  }
+  _destroy(err, cb) {
+    if (!this.readableEnded || !this.complete) {
+      this.aborted = true;
+      this.emit("aborted");
     }
-    return c.json({ error: err.message }, err.status);
+    setTimeout(onError, 0, this, err, cb);
   }
-  c.get("mastra").getLogger().error(err);
-  return c.json({ error: "Internal Server Error" }, 500);
-}
-
-// src/server/handlers/health.ts
-async function healthHandler(c) {
-  return c.json({ success: true }, 200);
-}
-var classRegExp = /^([A-Z][a-z0-9]*)+$/;
-var kTypes = [
-  "string",
-  "function",
-  "number",
-  "object",
-  // Accept 'Function' and 'Object' as alternative to the lower cased version.
-  "Function",
-  "Object",
-  "boolean",
-  "bigint",
-  "symbol"
-];
-function determineSpecificType(value) {
-  if (value == null) {
-    return "" + value;
-  }
-  if (typeof value === "function" && value.name) {
-    return `function ${value.name}`;
-  }
-  if (typeof value === "object") {
-    if (value.constructor?.name) {
-      return `an instance of ${value.constructor.name}`;
-    }
-    return `${util.inspect(value, { depth: -1 })}`;
-  }
-  let inspected = util.inspect(value, { colors: false });
-  if (inspected.length > 28) {
-    inspected = `${inspected.slice(0, 25)}...`;
-  }
-  return `type ${typeof value} (${inspected})`;
-}
-var ERR_HTTP_BODY_NOT_ALLOWED = class extends Error {
-  constructor() {
-    super("Adding content for this request method or response status is not allowed.");
-  }
-};
-var ERR_HTTP_CONTENT_LENGTH_MISMATCH = class extends Error {
-  constructor(actual, expected) {
-    super(`Response body's content-length of ${actual} byte(s) does not match the content-length of ${expected} byte(s) set in header`);
-  }
-};
-var ERR_HTTP_HEADERS_SENT = class extends Error {
-  constructor(arg) {
-    super(`Cannot ${arg} headers after they are sent to the client`);
-  }
-};
-var ERR_INVALID_ARG_VALUE = class extends TypeError {
-  constructor(name, value, reason = "is invalid") {
-    let inspected = util.inspect(value);
-    if (inspected.length > 128) {
-      inspected = `${inspected.slice(0, 128)}...`;
-    }
-    const type = name.includes(".") ? "property" : "argument";
-    super(`The ${type} '${name}' ${reason}. Received ${inspected}`);
-  }
-};
-var ERR_INVALID_CHAR = class extends TypeError {
-  constructor(name, field) {
-    let msg = `Invalid character in ${name}`;
-    if (field !== void 0) {
-      msg += ` ["${field}"]`;
-    }
-    super(msg);
-  }
-};
-var ERR_HTTP_INVALID_HEADER_VALUE = class extends TypeError {
-  constructor(value, name) {
-    super(`Invalid value "${value}" for header "${name}"`);
-  }
-};
-var ERR_HTTP_INVALID_STATUS_CODE = class extends RangeError {
-  originalStatusCode;
-  constructor(originalStatusCode) {
-    super(`Invalid status code: ${originalStatusCode}`);
-    this.originalStatusCode = originalStatusCode;
-  }
-};
-var ERR_HTTP_TRAILER_INVALID = class extends Error {
-  constructor() {
-    super(`Trailers are invalid with this transfer encoding`);
-  }
-};
-var ERR_INVALID_ARG_TYPE = class extends TypeError {
-  constructor(name, expected, actual) {
-    if (!Array.isArray(expected)) {
-      expected = [expected];
-    }
-    let msg = "The ";
-    if (name.endsWith(" argument")) {
-      msg += `${name} `;
-    } else {
-      const type = name.includes(".") ? "property" : "argument";
-      msg += `"${name}" ${type} `;
-    }
-    msg += "must be ";
-    const types = [];
-    const instances = [];
-    const other = [];
-    for (const value of expected) {
-      if (kTypes.includes(value)) {
-        types.push(value.toLowerCase());
-      } else if (classRegExp.exec(value) !== null) {
-        instances.push(value);
+  _addHeaderLines(headers, n) {
+    if (headers?.length) {
+      let dest;
+      if (this.complete) {
+        this.rawTrailers = headers;
+        this[kTrailersCount] = n;
+        dest = this[kTrailers];
       } else {
-        other.push(value);
+        this.rawHeaders = headers;
+        this[kHeadersCount] = n;
+        dest = this[kHeaders];
       }
-    }
-    if (instances.length > 0) {
-      const pos = types.indexOf("object");
-      if (pos !== -1) {
-        types.splice(pos, 1);
-        instances.push("Object");
+      if (dest) {
+        for (let i = 0; i < n; i += 2) {
+          this._addHeaderLine(headers[i], headers[i + 1], dest);
+        }
       }
     }
-    if (types.length > 0) {
-      if (types.length > 2) {
-        const last = types.pop();
-        msg += `one of type ${types.join(", ")}, or ${last}`;
-      } else if (types.length === 2) {
-        msg += `one of type ${types[0]} or ${types[1]}`;
+  }
+  // Add the given (field, value) pair to the message
+  //
+  // Per RFC2616, section 4.2 it is acceptable to join multiple instances of the
+  // same header with a ', ' if the header in question supports specification of
+  // multiple values this way. The one exception to this is the Cookie header,
+  // which has multiple values joined with a '; ' instead. If a header's values
+  // cannot be joined in either of these ways, we declare the first instance the
+  // winner and drop the second. Extended header fields (those beginning with
+  // 'x-') are always joined.
+  _addHeaderLine(field, value, dest) {
+    field = matchKnownFields(field);
+    const flag = field.charCodeAt(0);
+    if (flag === 0 || flag === 2) {
+      field = field.slice(1);
+      if (typeof dest[field] === "string") {
+        dest[field] += (flag === 0 ? ", " : "; ") + value;
       } else {
-        msg += `of type ${types[0]}`;
+        dest[field] = value;
       }
-      if (instances.length > 0 || other.length > 0)
-        msg += " or ";
-    }
-    if (instances.length > 0) {
-      if (instances.length > 2) {
-        const last = instances.pop();
-        msg += `an instance of ${instances.join(", ")}, or ${last}`;
+    } else if (flag === 1) {
+      if (dest["set-cookie"] !== void 0) {
+        dest["set-cookie"].push(value);
       } else {
-        msg += `an instance of ${instances[0]}`;
-        if (instances.length === 2) {
-          msg += ` or ${instances[1]}`;
-        }
+        dest["set-cookie"] = [value];
       }
-      if (other.length > 0)
-        msg += " or ";
-    }
-    if (other.length > 0) {
-      if (other.length > 2) {
-        const last = other.pop();
-        msg += `one of ${other.join(", ")}, or ${last}`;
-      } else if (other.length === 2) {
-        msg += `one of ${other[0]} or ${other[1]}`;
+    } else if (this.joinDuplicateHeaders) {
+      if (dest[field] === void 0) {
+        dest[field] = value;
       } else {
-        if (other[0].toLowerCase() !== other[0])
-          msg += "an ";
-        msg += `${other[0]}`;
+        dest[field] += ", " + value;
       }
+    } else if (dest[field] === void 0) {
+      dest[field] = value;
     }
-    msg += `. Received ${determineSpecificType(actual)}`;
-    super(msg);
-  }
-};
-var ERR_INVALID_HTTP_TOKEN = class extends TypeError {
-  constructor(name, field) {
-    super(`${name} must be a valid HTTP token ["${field}"]`);
-  }
-};
-var ERR_METHOD_NOT_IMPLEMENTED = class extends Error {
-  constructor(methodName) {
-    super(`The ${methodName} method is not implemented`);
-  }
-};
-var ERR_STREAM_ALREADY_FINISHED = class extends Error {
-  constructor(methodName) {
-    super(`Cannot call ${methodName} after a stream was finished`);
-  }
-};
-var ERR_STREAM_CANNOT_PIPE = class extends Error {
-  constructor() {
-    super(`Cannot pipe, not readable`);
   }
-};
-var ERR_STREAM_DESTROYED = class extends Error {
-  constructor(methodName) {
-    super(`Cannot call ${methodName} after a stream was destroyed`);
-  }
-};
-var ERR_STREAM_NULL_VALUES = class extends TypeError {
-  constructor() {
-    super(`May not write null values to stream`);
+  _addHeaderLineDistinct(field, value, dest) {
+    field = field.toLowerCase();
+    if (!dest[field]) {
+      dest[field] = [value];
+    } else {
+      dest[field].push(value);
+    }
   }
-};
-var ERR_STREAM_WRITE_AFTER_END = class extends Error {
-  constructor() {
-    super(`write after end`);
-  }
-};
-
-// ../../node_modules/.pnpm/fetch-to-node@2.1.0/node_modules/fetch-to-node/dist/fetch-to-node/http-incoming.js
-var kHeaders = Symbol("kHeaders");
-var kHeadersDistinct = Symbol("kHeadersDistinct");
-var kHeadersCount = Symbol("kHeadersCount");
-var kTrailers = Symbol("kTrailers");
-var kTrailersDistinct = Symbol("kTrailersDistinct");
-var kTrailersCount = Symbol("kTrailersCount");
-var FetchIncomingMessage = class extends Readable {
-  get socket() {
-    return null;
-  }
-  set socket(_val) {
-    throw new ERR_METHOD_NOT_IMPLEMENTED("socket");
-  }
-  httpVersionMajor;
-  httpVersionMinor;
-  httpVersion;
-  complete = false;
-  [kHeaders] = null;
-  [kHeadersDistinct] = null;
-  [kHeadersCount] = 0;
-  rawHeaders = [];
-  [kTrailers] = null;
-  [kTrailersDistinct] = null;
-  [kTrailersCount] = 0;
-  rawTrailers = [];
-  joinDuplicateHeaders = false;
-  aborted = false;
-  upgrade = false;
-  // request (server) only
-  url = "";
-  method;
-  // TODO: Support ClientRequest
-  // statusCode = null;
-  // statusMessage = null;
-  // client = socket;
-  _consuming;
-  _dumped;
-  // The underlying ReadableStream
-  _stream = null;
-  constructor() {
-    const streamOptions = {};
-    super(streamOptions);
-    this._readableState.readingMore = true;
-    this._consuming = false;
-    this._dumped = false;
-  }
-  get connection() {
-    return null;
-  }
-  set connection(_socket) {
-    console.error("No support for IncomingMessage.connection");
-  }
-  get headers() {
-    if (!this[kHeaders]) {
-      this[kHeaders] = {};
-      const src = this.rawHeaders;
-      const dst = this[kHeaders];
-      for (let n = 0; n < this[kHeadersCount]; n += 2) {
-        this._addHeaderLine(src[n], src[n + 1], dst);
-      }
-    }
-    return this[kHeaders];
-  }
-  set headers(val) {
-    this[kHeaders] = val;
-  }
-  get headersDistinct() {
-    if (!this[kHeadersDistinct]) {
-      this[kHeadersDistinct] = {};
-      const src = this.rawHeaders;
-      const dst = this[kHeadersDistinct];
-      for (let n = 0; n < this[kHeadersCount]; n += 2) {
-        this._addHeaderLineDistinct(src[n], src[n + 1], dst);
-      }
-    }
-    return this[kHeadersDistinct];
-  }
-  set headersDistinct(val) {
-    this[kHeadersDistinct] = val;
-  }
-  get trailers() {
-    if (!this[kTrailers]) {
-      this[kTrailers] = {};
-      const src = this.rawTrailers;
-      const dst = this[kTrailers];
-      for (let n = 0; n < this[kTrailersCount]; n += 2) {
-        this._addHeaderLine(src[n], src[n + 1], dst);
-      }
-    }
-    return this[kTrailers];
-  }
-  set trailers(val) {
-    this[kTrailers] = val;
-  }
-  get trailersDistinct() {
-    if (!this[kTrailersDistinct]) {
-      this[kTrailersDistinct] = {};
-      const src = this.rawTrailers;
-      const dst = this[kTrailersDistinct];
-      for (let n = 0; n < this[kTrailersCount]; n += 2) {
-        this._addHeaderLineDistinct(src[n], src[n + 1], dst);
-      }
-    }
-    return this[kTrailersDistinct];
-  }
-  set trailersDistinct(val) {
-    this[kTrailersDistinct] = val;
-  }
-  setTimeout(msecs, callback) {
-    return this;
-  }
-  async _read(n) {
-    if (!this._consuming) {
-      this._readableState.readingMore = false;
-      this._consuming = true;
-    }
-    if (this._stream == null) {
-      this.complete = true;
-      this.push(null);
-      return;
-    }
-    const reader = this._stream.getReader();
-    try {
-      const data = await reader.read();
-      if (data.done) {
-        this.complete = true;
-        this.push(null);
-      } else {
-        this.push(data.value);
-      }
-    } catch (e2) {
-      this.destroy(e2);
-    } finally {
-      reader.releaseLock();
-    }
-  }
-  _destroy(err, cb) {
-    if (!this.readableEnded || !this.complete) {
-      this.aborted = true;
-      this.emit("aborted");
-    }
-    setTimeout(onError, 0, this, err, cb);
-  }
-  _addHeaderLines(headers, n) {
-    if (headers?.length) {
-      let dest;
-      if (this.complete) {
-        this.rawTrailers = headers;
-        this[kTrailersCount] = n;
-        dest = this[kTrailers];
-      } else {
-        this.rawHeaders = headers;
-        this[kHeadersCount] = n;
-        dest = this[kHeaders];
-      }
-      if (dest) {
-        for (let i = 0; i < n; i += 2) {
-          this._addHeaderLine(headers[i], headers[i + 1], dest);
-        }
-      }
-    }
-  }
-  // Add the given (field, value) pair to the message
-  //
-  // Per RFC2616, section 4.2 it is acceptable to join multiple instances of the
-  // same header with a ', ' if the header in question supports specification of
-  // multiple values this way. The one exception to this is the Cookie header,
-  // which has multiple values joined with a '; ' instead. If a header's values
-  // cannot be joined in either of these ways, we declare the first instance the
-  // winner and drop the second. Extended header fields (those beginning with
-  // 'x-') are always joined.
-  _addHeaderLine(field, value, dest) {
-    field = matchKnownFields(field);
-    const flag = field.charCodeAt(0);
-    if (flag === 0 || flag === 2) {
-      field = field.slice(1);
-      if (typeof dest[field] === "string") {
-        dest[field] += (flag === 0 ? ", " : "; ") + value;
-      } else {
-        dest[field] = value;
-      }
-    } else if (flag === 1) {
-      if (dest["set-cookie"] !== void 0) {
-        dest["set-cookie"].push(value);
-      } else {
-        dest["set-cookie"] = [value];
-      }
-    } else if (this.joinDuplicateHeaders) {
-      if (dest[field] === void 0) {
-        dest[field] = value;
-      } else {
-        dest[field] += ", " + value;
-      }
-    } else if (dest[field] === void 0) {
-      dest[field] = value;
-    }
-  }
-  _addHeaderLineDistinct(field, value, dest) {
-    field = field.toLowerCase();
-    if (!dest[field]) {
-      dest[field] = [value];
-    } else {
-      dest[field].push(value);
-    }
-  }
-  // Call this instead of resume() if we want to just
-  // dump all the data to /dev/null
-  _dump() {
-    if (!this._dumped) {
-      this._dumped = true;
-      this.removeAllListeners("data");
-      this.resume();
-    }
+  // Call this instead of resume() if we want to just
+  // dump all the data to /dev/null
+  _dump() {
+    if (!this._dumped) {
+      this._dumped = true;
+      this.removeAllListeners("data");
+      this.resume();
+    }
   }
 };
 function matchKnownFields(field, lowercased = false) {
@@ -2115,11 +1403,11 @@ var kRejectNonStandardBodyWrites = Symbol("kRejectNonStandardBodyWrites");
 var nop = () => {
 };
 var RE_CONN_CLOSE = /(?:^|\W)close(?:$|\W)/i;
-function isCookieField(s2) {
-  return s2.length === 6 && s2.toLowerCase() === "cookie";
+function isCookieField(s) {
+  return s.length === 6 && s.toLowerCase() === "cookie";
 }
-function isContentDispositionField(s2) {
-  return s2.length === 19 && s2.toLowerCase() === "content-disposition";
+function isContentDispositionField(s) {
+  return s.length === 19 && s.toLowerCase() === "content-disposition";
 }
 var WrittenDataBuffer = class {
   [kCorked] = 0;
@@ -3169,22 +2457,22 @@ var FetchServerResponse = class _FetchServerResponse extends FetchOutgoingMessag
         finished = true;
       });
       const initialDataChunks = [];
-      const initialDataWrittenHandler = (e2) => {
+      const initialDataWrittenHandler = (e) => {
         if (finished) {
           return;
         }
-        initialDataChunks[e2.index] = this.dataFromDataWrittenEvent(e2);
+        initialDataChunks[e.index] = this.dataFromDataWrittenEvent(e);
       };
       this.on("_dataWritten", initialDataWrittenHandler);
-      this.on("_headersSent", (e2) => {
+      this.on("_headersSent", (e) => {
         this.off("_dataWritten", initialDataWrittenHandler);
-        const { statusCode, statusMessage, headers } = e2;
+        const { statusCode, statusMessage, headers } = e;
         resolve(this._toFetchResponse(statusCode, statusMessage, headers, initialDataChunks, finished));
       });
     });
   }
-  dataFromDataWrittenEvent(e2) {
-    const { index, entry } = e2;
+  dataFromDataWrittenEvent(e) {
+    const { index, entry } = e;
     let { data, encoding } = entry;
     if (index === 0) {
       if (typeof data !== "string") {
@@ -3197,449 +2485,771 @@ var FetchServerResponse = class _FetchServerResponse extends FetchOutgoingMessag
       if (encoding === void 0 || encoding === "utf8" || encoding === "utf-8") {
         data = _FetchServerResponse.encoder.encode(data);
       } else {
-        data = Buffer$1.from(data, encoding ?? void 0);
+        data = Buffer$1.from(data, encoding ?? void 0);
+      }
+    }
+    return data ?? Buffer$1.from([]);
+  }
+  _finish() {
+    super._finish();
+  }
+  assignSocket(socket) {
+    throw new ERR_METHOD_NOT_IMPLEMENTED("assignSocket");
+  }
+  detachSocket(socket) {
+    throw new ERR_METHOD_NOT_IMPLEMENTED("detachSocket");
+  }
+  writeContinue(callback) {
+    this._writeRaw("HTTP/1.1 100 Continue\r\n\r\n", "ascii", callback);
+    this._sent100 = true;
+  }
+  writeProcessing(callback) {
+    this._writeRaw("HTTP/1.1 102 Processing\r\n\r\n", "ascii", callback);
+  }
+  writeEarlyHints(hints, callback) {
+    let head = "HTTP/1.1 103 Early Hints\r\n";
+    if (hints.link === null || hints.link === void 0) {
+      return;
+    }
+    const link = validateLinkHeaderValue(hints.link);
+    if (link.length === 0) {
+      return;
+    }
+    head += "Link: " + link + "\r\n";
+    for (const key of Object.keys(hints)) {
+      if (key !== "link") {
+        head += key + ": " + hints[key] + "\r\n";
+      }
+    }
+    head += "\r\n";
+    this._writeRaw(head, "ascii", callback);
+  }
+  _implicitHeader() {
+    this.writeHead(this.statusCode);
+  }
+  writeHead(statusCode, reason, obj) {
+    if (this._header) {
+      throw new ERR_HTTP_HEADERS_SENT("write");
+    }
+    const originalStatusCode = statusCode;
+    statusCode |= 0;
+    if (statusCode < 100 || statusCode > 999) {
+      throw new ERR_HTTP_INVALID_STATUS_CODE(originalStatusCode);
+    }
+    if (typeof reason === "string") {
+      this.statusMessage = reason;
+    } else {
+      this.statusMessage ||= STATUS_CODES[statusCode] || "unknown";
+      obj ??= reason;
+    }
+    this.statusCode = statusCode;
+    let headers;
+    if (this[kOutHeaders]) {
+      let k;
+      if (Array.isArray(obj)) {
+        if (obj.length % 2 !== 0) {
+          throw new ERR_INVALID_ARG_VALUE("headers", obj);
+        }
+        for (let n = 0; n < obj.length; n += 2) {
+          k = obj[n + 0];
+          this.removeHeader(String(k));
+        }
+        for (let n = 0; n < obj.length; n += 2) {
+          k = obj[n];
+          if (k) {
+            this.appendHeader(String(k), obj[n + 1]);
+          }
+        }
+      } else if (obj) {
+        const keys = Object.keys(obj);
+        for (let i = 0; i < keys.length; i++) {
+          k = keys[i];
+          if (k) {
+            this.setHeader(k, obj[k]);
+          }
+        }
+      }
+      headers = this[kOutHeaders];
+    } else {
+      headers = obj;
+    }
+    if (checkInvalidHeaderChar2(this.statusMessage)) {
+      throw new ERR_INVALID_CHAR("statusMessage");
+    }
+    const statusLine = `HTTP/1.1 ${statusCode} ${this.statusMessage}\r
+`;
+    if (statusCode === 204 || statusCode === 304 || statusCode >= 100 && statusCode <= 199) {
+      this._hasBody = false;
+    }
+    if (this._expect_continue && !this._sent100) {
+      this.shouldKeepAlive = false;
+    }
+    const convertedHeaders = headers && !Array.isArray(headers) ? headers : headers;
+    this._storeHeader(statusLine, convertedHeaders ?? null);
+    return this;
+  }
+  // Docs-only deprecated: DEP0063
+  writeHeader = this.writeHead;
+  fetchResponse;
+  _toFetchResponse(status, statusText, sentHeaders, initialDataChunks, finished) {
+    const headers = new Headers();
+    for (const [header, value] of sentHeaders) {
+      headers.append(header, value);
+    }
+    const _this = this;
+    let body = this._hasBody ? new ReadableStream({
+      start(controller) {
+        for (const dataChunk of initialDataChunks) {
+          controller.enqueue(dataChunk);
+        }
+        if (finished) {
+          controller.close();
+        } else {
+          _this.on("finish", () => {
+            finished = true;
+            controller.close();
+          });
+          _this.on("_dataWritten", (e) => {
+            if (finished) {
+              return;
+            }
+            const data = _this.dataFromDataWrittenEvent(e);
+            controller.enqueue(data);
+          });
+        }
+      }
+    }) : null;
+    if (body != null && typeof FixedLengthStream !== "undefined") {
+      const contentLength = parseInt(headers.get("content-length") ?? "", 10);
+      if (contentLength >= 0) {
+        body = body.pipeThrough(new FixedLengthStream(contentLength));
+      }
+    }
+    return new Response(body, {
+      status,
+      statusText,
+      headers
+    });
+  }
+};
+function toReqRes(req, options) {
+  const { createIncomingMessage = () => new FetchIncomingMessage(), createServerResponse = (incoming2) => new FetchServerResponse(incoming2), ctx } = {};
+  const incoming = createIncomingMessage(ctx);
+  const serverResponse = createServerResponse(incoming, ctx);
+  const reqUrl = new URL(req.url);
+  const versionMajor = 1;
+  const versionMinor = 1;
+  incoming.httpVersionMajor = versionMajor;
+  incoming.httpVersionMinor = versionMinor;
+  incoming.httpVersion = `${versionMajor}.${versionMinor}`;
+  incoming.url = reqUrl.pathname + reqUrl.search;
+  incoming.upgrade = false;
+  const headers = [];
+  for (const [headerName, headerValue] of req.headers) {
+    headers.push(headerName);
+    headers.push(headerValue);
+  }
+  incoming._addHeaderLines(headers, headers.length);
+  incoming.method = req.method;
+  incoming._stream = req.body;
+  return {
+    req: incoming,
+    res: serverResponse
+  };
+}
+function toFetchResponse(res) {
+  if (!(res instanceof FetchServerResponse)) {
+    throw new Error("toFetchResponse must be called on a ServerResponse generated by toReqRes");
+  }
+  return res.fetchResponse;
+}
+var HTTPException = class extends Error {
+  res;
+  status;
+  constructor(status = 500, options) {
+    super(options?.message, { cause: options?.cause });
+    this.res = options?.res;
+    this.status = status;
+  }
+  getResponse() {
+    if (this.res) {
+      const newResponse = new Response(this.res.body, {
+        status: this.status,
+        headers: this.res.headers
+      });
+      return newResponse;
+    }
+    return new Response(this.message, {
+      status: this.status
+    });
+  }
+};
+var ERROR_MESSAGE = "Payload Too Large";
+var BodyLimitError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "BodyLimitError";
+  }
+};
+var bodyLimit = (options) => {
+  const onError3 = options.onError || (() => {
+    const res = new Response(ERROR_MESSAGE, {
+      status: 413
+    });
+    throw new HTTPException(413, { res });
+  });
+  const maxSize = options.maxSize;
+  return async function bodyLimit2(c, next) {
+    if (!c.req.raw.body) {
+      return next();
+    }
+    const hasTransferEncoding = c.req.raw.headers.has("transfer-encoding");
+    const hasContentLength = c.req.raw.headers.has("content-length");
+    if (hasContentLength && !hasTransferEncoding) {
+      const contentLength = parseInt(c.req.raw.headers.get("content-length") || "0", 10);
+      return contentLength > maxSize ? onError3(c) : next();
+    }
+    let size = 0;
+    const rawReader = c.req.raw.body.getReader();
+    const reader = new ReadableStream({
+      async start(controller) {
+        try {
+          for (; ; ) {
+            const { done, value } = await rawReader.read();
+            if (done) {
+              break;
+            }
+            size += value.length;
+            if (size > maxSize) {
+              controller.error(new BodyLimitError(ERROR_MESSAGE));
+              break;
+            }
+            controller.enqueue(value);
+          }
+        } finally {
+          controller.close();
+        }
+      }
+    });
+    const requestInit = { body: reader, duplex: "half" };
+    c.req.raw = new Request(c.req.raw, requestInit);
+    await next();
+    if (c.error instanceof BodyLimitError) {
+      c.res = await onError3(c);
+    }
+  };
+};
+var StreamingApi = class {
+  writer;
+  encoder;
+  writable;
+  abortSubscribers = [];
+  responseReadable;
+  aborted = false;
+  closed = false;
+  constructor(writable, _readable) {
+    this.writable = writable;
+    this.writer = writable.getWriter();
+    this.encoder = new TextEncoder();
+    const reader = _readable.getReader();
+    this.abortSubscribers.push(async () => {
+      await reader.cancel();
+    });
+    this.responseReadable = new ReadableStream({
+      async pull(controller) {
+        const { done, value } = await reader.read();
+        done ? controller.close() : controller.enqueue(value);
+      },
+      cancel: () => {
+        this.abort();
+      }
+    });
+  }
+  async write(input) {
+    try {
+      if (typeof input === "string") {
+        input = this.encoder.encode(input);
+      }
+      await this.writer.write(input);
+    } catch {
+    }
+    return this;
+  }
+  async writeln(input) {
+    await this.write(input + "\n");
+    return this;
+  }
+  sleep(ms) {
+    return new Promise((res) => setTimeout(res, ms));
+  }
+  async close() {
+    try {
+      await this.writer.close();
+    } catch {
+    }
+    this.closed = true;
+  }
+  async pipe(body) {
+    this.writer.releaseLock();
+    await body.pipeTo(this.writable, { preventClose: true });
+    this.writer = this.writable.getWriter();
+  }
+  onAbort(listener) {
+    this.abortSubscribers.push(listener);
+  }
+  abort() {
+    if (!this.aborted) {
+      this.aborted = true;
+      this.abortSubscribers.forEach((subscriber) => subscriber());
+    }
+  }
+};
+var isOldBunVersion = () => {
+  const version = typeof Bun !== "undefined" ? Bun.version : void 0;
+  if (version === void 0) {
+    return false;
+  }
+  const result = version.startsWith("1.1") || version.startsWith("1.0") || version.startsWith("0.");
+  isOldBunVersion = () => result;
+  return result;
+};
+var contextStash = /* @__PURE__ */ new WeakMap();
+var stream = (c, cb, onError3) => {
+  const { readable, writable } = new TransformStream();
+  const stream2 = new StreamingApi(writable, readable);
+  if (isOldBunVersion()) {
+    c.req.raw.signal.addEventListener("abort", () => {
+      if (!stream2.closed) {
+        stream2.abort();
+      }
+    });
+  }
+  contextStash.set(stream2.responseReadable, c);
+  (async () => {
+    try {
+      await cb(stream2);
+    } catch (e) {
+      if (e === void 0) ;
+      else if (e instanceof Error && onError3) {
+        await onError3(e, stream2);
+      } else {
+        console.error(e);
       }
+    } finally {
+      stream2.close();
     }
-    return data ?? Buffer$1.from([]);
+  })();
+  return c.newResponse(stream2.responseReadable);
+};
+var authenticationMiddleware = async (c, next) => {
+  const mastra = c.get("mastra");
+  const authConfig = mastra.getServer()?.auth;
+  const customRouteAuthConfig = c.get("customRouteAuthConfig");
+  if (!authConfig) {
+    return next();
   }
-  _finish() {
-    super._finish();
+  const path = c.req.path;
+  const method = c.req.method;
+  const getHeader = (name) => c.req.header(name);
+  if (isDevPlaygroundRequest(path, method, getHeader, authConfig)) {
+    return next();
   }
-  assignSocket(socket) {
-    throw new ERR_METHOD_NOT_IMPLEMENTED("assignSocket");
+  if (!isProtectedPath(c.req.path, c.req.method, authConfig, customRouteAuthConfig)) {
+    return next();
   }
-  detachSocket(socket) {
-    throw new ERR_METHOD_NOT_IMPLEMENTED("detachSocket");
+  if (canAccessPublicly(c.req.path, c.req.method, authConfig)) {
+    return next();
   }
-  writeContinue(callback) {
-    this._writeRaw("HTTP/1.1 100 Continue\r\n\r\n", "ascii", callback);
-    this._sent100 = true;
+  const authHeader = c.req.header("Authorization");
+  let token = authHeader ? authHeader.replace("Bearer ", "") : null;
+  if (!token && c.req.query("apiKey")) {
+    token = c.req.query("apiKey") || null;
   }
-  writeProcessing(callback) {
-    this._writeRaw("HTTP/1.1 102 Processing\r\n\r\n", "ascii", callback);
+  if (!token) {
+    return c.json({ error: "Authentication required" }, 401);
   }
-  writeEarlyHints(hints, callback) {
-    let head = "HTTP/1.1 103 Early Hints\r\n";
-    if (hints.link === null || hints.link === void 0) {
-      return;
+  try {
+    let user;
+    if (typeof authConfig.authenticateToken === "function") {
+      user = await authConfig.authenticateToken(token, c.req);
+    } else {
+      throw new Error("No token verification method configured");
     }
-    const link = validateLinkHeaderValue(hints.link);
-    if (link.length === 0) {
-      return;
+    if (!user) {
+      return c.json({ error: "Invalid or expired token" }, 401);
     }
-    head += "Link: " + link + "\r\n";
-    for (const key of Object.keys(hints)) {
-      if (key !== "link") {
-        head += key + ": " + hints[key] + "\r\n";
+    c.get("requestContext").set("user", user);
+    return next();
+  } catch (err) {
+    console.error(err);
+    return c.json({ error: "Invalid or expired token" }, 401);
+  }
+};
+var authorizationMiddleware = async (c, next) => {
+  const mastra = c.get("mastra");
+  const authConfig = mastra.getServer()?.auth;
+  const customRouteAuthConfig = c.get("customRouteAuthConfig");
+  if (!authConfig) {
+    return next();
+  }
+  const path = c.req.path;
+  const method = c.req.method;
+  const getHeader = (name) => c.req.header(name);
+  if (isDevPlaygroundRequest(path, method, getHeader, authConfig)) {
+    return next();
+  }
+  if (!isProtectedPath(c.req.path, c.req.method, authConfig, customRouteAuthConfig)) {
+    return next();
+  }
+  if (canAccessPublicly(path, method, authConfig)) {
+    return next();
+  }
+  const user = c.get("requestContext").get("user");
+  if ("authorizeUser" in authConfig && typeof authConfig.authorizeUser === "function") {
+    try {
+      const isAuthorized = await authConfig.authorizeUser(user, c.req);
+      if (isAuthorized) {
+        return next();
       }
+      return c.json({ error: "Access denied" }, 403);
+    } catch (err) {
+      console.error(err);
+      return c.json({ error: "Authorization error" }, 500);
     }
-    head += "\r\n";
-    this._writeRaw(head, "ascii", callback);
-  }
-  _implicitHeader() {
-    this.writeHead(this.statusCode);
   }
-  writeHead(statusCode, reason, obj) {
-    if (this._header) {
-      throw new ERR_HTTP_HEADERS_SENT("write");
+  if ("authorize" in authConfig && typeof authConfig.authorize === "function") {
+    try {
+      const isAuthorized = await authConfig.authorize(path, method, user, c);
+      if (isAuthorized) {
+        return next();
+      }
+      return c.json({ error: "Access denied" }, 403);
+    } catch (err) {
+      console.error(err);
+      return c.json({ error: "Authorization error" }, 500);
     }
-    const originalStatusCode = statusCode;
-    statusCode |= 0;
-    if (statusCode < 100 || statusCode > 999) {
-      throw new ERR_HTTP_INVALID_STATUS_CODE(originalStatusCode);
+  }
+  if ("rules" in authConfig && authConfig.rules && authConfig.rules.length > 0) {
+    const isAuthorized = await checkRules(authConfig.rules, path, method, user);
+    if (isAuthorized) {
+      return next();
     }
-    if (typeof reason === "string") {
-      this.statusMessage = reason;
-    } else {
-      this.statusMessage ||= STATUS_CODES[statusCode] || "unknown";
-      obj ??= reason;
+    return c.json({ error: "Access denied" }, 403);
+  }
+  if (defaultAuthConfig.rules && defaultAuthConfig.rules.length > 0) {
+    const isAuthorized = await checkRules(defaultAuthConfig.rules, path, method, user);
+    if (isAuthorized) {
+      return next();
     }
-    this.statusCode = statusCode;
-    let headers;
-    if (this[kOutHeaders]) {
-      let k;
-      if (Array.isArray(obj)) {
-        if (obj.length % 2 !== 0) {
-          throw new ERR_INVALID_ARG_VALUE("headers", obj);
-        }
-        for (let n = 0; n < obj.length; n += 2) {
-          k = obj[n + 0];
-          this.removeHeader(String(k));
+  }
+  return c.json({ error: "Access denied" }, 403);
+};
+var MastraServer = class extends MastraServer$1 {
+  createContextMiddleware() {
+    return async (c, next) => {
+      let bodyRequestContext;
+      let paramsRequestContext;
+      if (c.req.method === "POST" || c.req.method === "PUT") {
+        const contentType = c.req.header("content-type");
+        if (contentType?.includes("application/json")) {
+          try {
+            const clonedReq = c.req.raw.clone();
+            const body = await clonedReq.json();
+            if (body.requestContext) {
+              bodyRequestContext = body.requestContext;
+            }
+          } catch {
+          }
         }
-        for (let n = 0; n < obj.length; n += 2) {
-          k = obj[n];
-          if (k) {
-            this.appendHeader(String(k), obj[n + 1]);
+      }
+      if (c.req.method === "GET") {
+        try {
+          const encodedRequestContext = c.req.query("requestContext");
+          if (encodedRequestContext) {
+            try {
+              paramsRequestContext = JSON.parse(encodedRequestContext);
+            } catch {
+              try {
+                const json = Buffer.from(encodedRequestContext, "base64").toString("utf-8");
+                paramsRequestContext = JSON.parse(json);
+              } catch {
+              }
+            }
           }
+        } catch {
         }
-      } else if (obj) {
-        const keys = Object.keys(obj);
-        for (let i = 0; i < keys.length; i++) {
-          k = keys[i];
-          if (k) {
-            this.setHeader(k, obj[k]);
+      }
+      const requestContext = this.mergeRequestContext({ paramsRequestContext, bodyRequestContext });
+      c.set("requestContext", requestContext);
+      c.set("mastra", this.mastra);
+      c.set("tools", this.tools || {});
+      c.set("taskStore", this.taskStore);
+      c.set("playground", this.playground === true);
+      c.set("isDev", this.isDev === true);
+      c.set("abortSignal", c.req.raw.signal);
+      c.set("customRouteAuthConfig", this.customRouteAuthConfig);
+      return next();
+    };
+  }
+  async stream(route, res, result) {
+    res.header("Content-Type", "text/plain");
+    res.header("Transfer-Encoding", "chunked");
+    const streamFormat = route.streamFormat || "stream";
+    return stream(
+      res,
+      async (stream2) => {
+        const readableStream = result instanceof ReadableStream ? result : result.fullStream;
+        const reader = readableStream.getReader();
+        stream2.onAbort(() => {
+          void reader.cancel("request aborted");
+        });
+        try {
+          while (true) {
+            const { done, value } = await reader.read();
+            if (done) break;
+            if (value) {
+              const shouldRedact = this.streamOptions?.redact ?? true;
+              const outputValue = shouldRedact ? redactStreamChunk(value) : value;
+              if (streamFormat === "sse") {
+                await stream2.write(`data: ${JSON.stringify(outputValue)}
+
+`);
+              } else {
+                await stream2.write(JSON.stringify(outputValue) + "");
+              }
+            }
           }
+          await stream2.write("data: [DONE]\n\n");
+        } catch (error) {
+          console.error(error);
+        } finally {
+          await stream2.close();
+        }
+      },
+      async (err) => {
+        console.error(err);
+      }
+    );
+  }
+  async getParams(route, request) {
+    const urlParams = request.param();
+    const queryParams = request.query();
+    let body;
+    if (route.method === "POST" || route.method === "PUT" || route.method === "PATCH") {
+      try {
+        body = await request.json();
+      } catch {
+      }
+    }
+    return { urlParams, queryParams, body };
+  }
+  async sendResponse(route, response, result) {
+    if (route.responseType === "json") {
+      return response.json(result, 200);
+    } else if (route.responseType === "stream") {
+      return this.stream(route, response, result);
+    } else if (route.responseType === "datastream-response") {
+      const fetchResponse = result;
+      return fetchResponse;
+    } else if (route.responseType === "mcp-http") {
+      const { server, httpPath } = result;
+      const { req, res } = toReqRes(response.req.raw);
+      try {
+        await server.startHTTP({
+          url: new URL(response.req.url),
+          httpPath,
+          req,
+          res
+        });
+        return await toFetchResponse(res);
+      } catch {
+        if (!res.headersSent) {
+          res.writeHead(500, { "Content-Type": "application/json" });
+          res.end(
+            JSON.stringify({
+              jsonrpc: "2.0",
+              error: { code: -32603, message: "Internal server error" },
+              id: null
+            })
+          );
+          return await toFetchResponse(res);
         }
+        return await toFetchResponse(res);
+      }
+    } else if (route.responseType === "mcp-sse") {
+      const { server, ssePath, messagePath } = result;
+      try {
+        return await server.startHonoSSE({
+          url: new URL(response.req.url),
+          ssePath,
+          messagePath,
+          context: response
+        });
+      } catch {
+        return response.json({ error: "Error handling MCP SSE request" }, 500);
       }
-      headers = this[kOutHeaders];
     } else {
-      headers = obj;
-    }
-    if (checkInvalidHeaderChar2(this.statusMessage)) {
-      throw new ERR_INVALID_CHAR("statusMessage");
-    }
-    const statusLine = `HTTP/1.1 ${statusCode} ${this.statusMessage}\r
-`;
-    if (statusCode === 204 || statusCode === 304 || statusCode >= 100 && statusCode <= 199) {
-      this._hasBody = false;
-    }
-    if (this._expect_continue && !this._sent100) {
-      this.shouldKeepAlive = false;
+      return response.status(500);
     }
-    const convertedHeaders = headers && !Array.isArray(headers) ? headers : headers;
-    this._storeHeader(statusLine, convertedHeaders ?? null);
-    return this;
   }
-  // Docs-only deprecated: DEP0063
-  writeHeader = this.writeHead;
-  fetchResponse;
-  _toFetchResponse(status, statusText, sentHeaders, initialDataChunks, finished) {
-    const headers = new Headers();
-    for (const [header, value] of sentHeaders) {
-      headers.append(header, value);
+  async registerRoute(app, route, { prefix }) {
+    const shouldApplyBodyLimit = this.bodyLimitOptions && ["POST", "PUT", "PATCH"].includes(route.method.toUpperCase());
+    const maxSize = route.maxBodySize ?? this.bodyLimitOptions?.maxSize;
+    const middlewares = [];
+    if (shouldApplyBodyLimit && maxSize && this.bodyLimitOptions) {
+      middlewares.push(
+        bodyLimit({
+          maxSize,
+          onError: this.bodyLimitOptions.onError
+        })
+      );
     }
-    const _this = this;
-    let body = this._hasBody ? new ReadableStream({
-      start(controller) {
-        for (const dataChunk of initialDataChunks) {
-          controller.enqueue(dataChunk);
+    app[route.method.toLowerCase()](
+      `${prefix}${route.path}`,
+      ...middlewares,
+      async (c) => {
+        const params = await this.getParams(route, c.req);
+        if (params.queryParams) {
+          try {
+            params.queryParams = await this.parseQueryParams(route, params.queryParams);
+          } catch (error) {
+            console.error("Error parsing query params", error);
+            return c.json(
+              {
+                error: "Invalid query parameters",
+                details: error instanceof Error ? error.message : "Unknown error"
+              },
+              400
+            );
+          }
         }
-        if (finished) {
-          controller.close();
-        } else {
-          _this.on("finish", () => {
-            finished = true;
-            controller.close();
-          });
-          _this.on("_dataWritten", (e2) => {
-            if (finished) {
-              return;
+        if (params.body) {
+          try {
+            params.body = await this.parseBody(route, params.body);
+          } catch (error) {
+            console.error("Error parsing body:", error instanceof Error ? error.message : String(error));
+            return c.json(
+              {
+                error: "Invalid request body",
+                details: error instanceof Error ? error.message : "Unknown error"
+              },
+              400
+            );
+          }
+        }
+        const handlerParams = {
+          ...params.urlParams,
+          ...params.queryParams,
+          ...typeof params.body === "object" ? params.body : {},
+          requestContext: c.get("requestContext"),
+          mastra: this.mastra,
+          tools: c.get("tools"),
+          taskStore: c.get("taskStore"),
+          abortSignal: c.get("abortSignal")
+        };
+        try {
+          const result = await route.handler(handlerParams);
+          return this.sendResponse(route, c, result);
+        } catch (error) {
+          console.error("Error calling handler", error);
+          if (error && typeof error === "object") {
+            if ("status" in error) {
+              const status = error.status;
+              return c.json({ error: error instanceof Error ? error.message : "Unknown error" }, status);
             }
-            const data = _this.dataFromDataWrittenEvent(e2);
-            controller.enqueue(data);
-          });
+            if ("details" in error && error.details && typeof error.details === "object" && "status" in error.details) {
+              const status = error.details.status;
+              return c.json({ error: error instanceof Error ? error.message : "Unknown error" }, status);
+            }
+          }
+          return c.json({ error: error instanceof Error ? error.message : "Unknown error" }, 500);
         }
       }
-    }) : null;
-    if (body != null && typeof FixedLengthStream !== "undefined") {
-      const contentLength = parseInt(headers.get("content-length") ?? "", 10);
-      if (contentLength >= 0) {
-        body = body.pipeThrough(new FixedLengthStream(contentLength));
-      }
+    );
+  }
+  registerContextMiddleware() {
+    this.app.use("*", this.createContextMiddleware());
+  }
+  registerAuthMiddleware() {
+    const authConfig = this.mastra.getServer()?.auth;
+    if (!authConfig) {
+      return;
     }
-    return new Response(body, {
-      status,
-      statusText,
-      headers
-    });
+    this.app.use("*", authenticationMiddleware);
+    this.app.use("*", authorizationMiddleware);
   }
 };
-function toReqRes(req, options) {
-  const { createIncomingMessage = () => new FetchIncomingMessage(), createServerResponse = (incoming2) => new FetchServerResponse(incoming2), ctx } = {};
-  const incoming = createIncomingMessage(ctx);
-  const serverResponse = createServerResponse(incoming, ctx);
-  const reqUrl = new URL(req.url);
-  const versionMajor = 1;
-  const versionMinor = 1;
-  incoming.httpVersionMajor = versionMajor;
-  incoming.httpVersionMinor = versionMinor;
-  incoming.httpVersion = `${versionMajor}.${versionMinor}`;
-  incoming.url = reqUrl.pathname + reqUrl.search;
-  incoming.upgrade = false;
-  const headers = [];
-  for (const [headerName, headerValue] of req.headers) {
-    headers.push(headerName);
-    headers.push(headerValue);
-  }
-  incoming._addHeaderLines(headers, headers.length);
-  incoming.method = req.method;
-  incoming._stream = req.body;
-  return {
-    req: incoming,
-    res: serverResponse
+
+// ../../node_modules/.pnpm/hono-openapi@1.1.1_@hono+standard-validator@0.2.0_@standard-schema+spec@1.0.0_hono@4.10_dee62e986c04f5a510cb45dc6cf3f0e3/node_modules/hono-openapi/dist/index.js
+var uniqueSymbol = Symbol("openapi");
+function describeRoute(spec) {
+  const middleware2 = async (_c, next) => {
+    await next();
   };
+  return Object.assign(middleware2, {
+    [uniqueSymbol]: {
+      spec
+    }
+  });
 }
-function toFetchResponse(res) {
-  if (!(res instanceof FetchServerResponse)) {
-    throw new Error("toFetchResponse must be called on a ServerResponse generated by toReqRes");
-  }
-  return res.fetchResponse;
-}
-var mcpServerIdPathParams = z.object({
-  serverId: z.string().describe("MCP server ID")
-});
-var mcpServerDetailPathParams = z.object({
-  id: z.string().describe("MCP server ID")
-});
-var mcpServerToolPathParams = z.object({
-  serverId: z.string().describe("MCP server ID"),
-  toolId: z.string().describe("Tool ID")
-});
-var executeToolBodySchema = z.object({
-  data: z.unknown().optional()
-});
-var listMcpServersQuerySchema = z.object({
-  limit: z.coerce.number().optional(),
-  offset: z.coerce.number().optional()
-});
-var getMcpServerDetailQuerySchema = z.object({
-  version: z.string().optional()
-});
-var versionDetailSchema = z.object({
-  version: z.string(),
-  release_date: z.string(),
-  is_latest: z.boolean()
-});
-var serverInfoSchema = z.object({
-  id: z.string(),
-  name: z.string(),
-  version_detail: versionDetailSchema
-});
-var listMcpServersResponseSchema = z.object({
-  servers: z.array(serverInfoSchema),
-  total_count: z.number(),
-  next: z.string().nullable()
-});
-var serverDetailSchema = z.object({
-  id: z.string(),
-  name: z.string(),
-  description: z.string().optional(),
-  version_detail: versionDetailSchema,
-  package_canonical: z.string().optional(),
-  packages: z.array(z.unknown()).optional(),
-  remotes: z.array(z.unknown()).optional()
-});
-z.object({
-  jsonrpc: z.literal("2.0"),
-  error: z.object({
-    code: z.number(),
-    message: z.string()
-  }),
-  id: z.null()
-});
 
-// src/server/handlers/mcp.ts
-var getMastra = (c) => c.get("mastra");
-var getMcpServerMessageHandler = async (c) => {
-  const mastra = getMastra(c);
-  const serverId = c.req.param("serverId");
-  const { req, res } = toReqRes(c.req.raw);
-  const server = mastra.getMCPServerById(serverId);
-  if (!server) {
-    res.writeHead(404, { "Content-Type": "application/json" });
-    res.end(JSON.stringify({ error: `MCP server '${serverId}' not found` }));
-    return await toFetchResponse(res);
-  }
-  try {
-    await server.startHTTP({
-      url: new URL(c.req.url),
-      httpPath: `/api/mcp/${serverId}/mcp`,
-      req,
-      res
-    });
-    return await toFetchResponse(res);
-  } catch (error) {
-    if (!res.headersSent) {
-      res.writeHead(500, { "Content-Type": "application/json" });
-      res.end(
-        JSON.stringify({
-          jsonrpc: "2.0",
-          error: {
-            code: -32603,
-            message: "Internal server error"
-          },
-          id: null
-          // Cannot determine original request ID in catch
-        })
-      );
-      return await toFetchResponse(res);
-    } else {
-      c.get("logger")?.error("Error after headers sent:", error);
-      return await toFetchResponse(res);
-    }
-  }
-};
-var getMcpServerSseHandler = async (c) => {
-  const mastra = getMastra(c);
-  const serverId = c.req.param("serverId");
-  const server = mastra.getMCPServerById(serverId);
-  if (!server) {
-    return c.json({ error: `MCP server '${serverId}' not found` }, 404);
-  }
-  const requestUrl = new URL(c.req.url);
-  const sseConnectionPath = `/api/mcp/${serverId}/sse`;
-  const sseMessagePath = `/api/mcp/${serverId}/messages`;
-  try {
-    return await server.startHonoSSE({
-      url: requestUrl,
-      ssePath: sseConnectionPath,
-      messagePath: sseMessagePath,
-      context: c
-    });
-  } catch (error) {
-    c.get("logger")?.error({ err: error, serverId, path: requestUrl.pathname }, "Error in MCP SSE route handler");
-    return c.json({ error: "Error handling MCP SSE request" }, 500);
-  }
-};
-var LIST_MCP_SERVERS_ROUTE = createRoute({
-  method: "GET",
-  path: "/api/mcp/v0/servers",
-  responseType: "json",
-  queryParamSchema: listMcpServersQuerySchema,
-  responseSchema: listMcpServersResponseSchema,
-  summary: "List MCP servers",
-  description: "Returns a list of registered MCP servers with pagination support",
-  tags: ["MCP"],
-  handler: async ({ mastra, limit, offset }) => {
-    if (!mastra || typeof mastra.listMCPServers !== "function") {
-      throw new HTTPException$1(500, { message: "Mastra instance or listMCPServers method not available" });
-    }
-    const servers = mastra.listMCPServers();
-    if (!servers) {
-      return { servers: [], total_count: 0, next: null };
-    }
-    const serverList = Object.values(servers);
-    const totalCount = serverList.length;
-    const actualOffset = offset ?? 0;
-    let paginatedServers = serverList;
-    let nextUrl = null;
-    if (limit !== void 0) {
-      paginatedServers = serverList.slice(actualOffset, actualOffset + limit);
-      if (actualOffset + limit < totalCount) {
-        nextUrl = `/api/mcp/v0/servers?limit=${limit}&offset=${actualOffset + limit}`;
-      }
-    }
-    const serverInfoList = paginatedServers.map((server) => server.getServerInfo());
-    return {
-      servers: serverInfoList,
-      total_count: totalCount,
-      next: nextUrl
-    };
-  }
-});
-var GET_MCP_SERVER_DETAIL_ROUTE = createRoute({
-  method: "GET",
-  path: "/api/mcp/v0/servers/:id",
-  responseType: "json",
-  pathParamSchema: mcpServerDetailPathParams,
-  queryParamSchema: getMcpServerDetailQuerySchema,
-  responseSchema: serverDetailSchema,
-  summary: "Get MCP server details",
-  description: "Returns detailed information about a specific MCP server",
-  tags: ["MCP"],
-  handler: async ({ mastra, id, version }) => {
-    if (!mastra || typeof mastra.getMCPServerById !== "function") {
-      throw new HTTPException$1(500, { message: "Mastra instance or getMCPServerById method not available" });
-    }
-    const server = mastra.getMCPServerById(id);
-    if (!server) {
-      throw new HTTPException$1(404, { message: `MCP server with ID '${id}' not found` });
-    }
-    const serverDetail = server.getServerDetail();
-    if (version && serverDetail.version_detail.version !== version) {
-      throw new HTTPException$1(404, {
-        message: `MCP server with ID '${id}' found, but not version '${version}'. Available version: ${serverDetail.version_detail.version}`
+// src/server/handlers/client.ts
+var clients = /* @__PURE__ */ new Set();
+var hotReloadDisabled = false;
+function handleClientsRefresh(c) {
+  const stream2 = new ReadableStream({
+    start(controller) {
+      clients.add(controller);
+      controller.enqueue("data: connected\n\n");
+      c.req.raw.signal.addEventListener("abort", () => {
+        clients.delete(controller);
       });
     }
-    return serverDetail;
-  }
-});
-var LIST_MCP_SERVER_TOOLS_ROUTE = createRoute({
-  method: "GET",
-  path: "/api/mcp/:serverId/tools",
-  responseType: "json",
-  pathParamSchema: mcpServerIdPathParams,
-  summary: "List MCP server tools",
-  description: "Returns a list of tools available on the specified MCP server",
-  tags: ["MCP"],
-  handler: async ({ mastra, serverId }) => {
-    if (!mastra || typeof mastra.getMCPServerById !== "function") {
-      throw new HTTPException$1(500, { message: "Mastra instance or getMCPServerById method not available" });
-    }
-    const server = mastra.getMCPServerById(serverId);
-    if (!server) {
-      throw new HTTPException$1(404, { message: `MCP server with ID '${serverId}' not found` });
-    }
-    if (typeof server.getToolListInfo !== "function") {
-      throw new HTTPException$1(501, { message: `Server '${serverId}' cannot list tools in this way.` });
-    }
-    return server.getToolListInfo();
-  }
-});
-var GET_MCP_SERVER_TOOL_DETAIL_ROUTE = createRoute({
-  method: "GET",
-  path: "/api/mcp/:serverId/tools/:toolId",
-  responseType: "json",
-  pathParamSchema: mcpServerToolPathParams,
-  summary: "Get MCP server tool details",
-  description: "Returns detailed information about a specific tool on the MCP server",
-  tags: ["MCP"],
-  handler: async ({ mastra, serverId, toolId }) => {
-    if (!mastra || typeof mastra.getMCPServerById !== "function") {
-      throw new HTTPException$1(500, { message: "Mastra instance or getMCPServerById method not available" });
-    }
-    const server = mastra.getMCPServerById(serverId);
-    if (!server) {
-      throw new HTTPException$1(404, { message: `MCP server with ID '${serverId}' not found` });
-    }
-    if (typeof server.getToolInfo !== "function") {
-      throw new HTTPException$1(501, { message: `Server '${serverId}' cannot provide tool details in this way.` });
-    }
-    const toolInfo = server.getToolInfo(toolId);
-    if (!toolInfo) {
-      throw new HTTPException$1(404, { message: `Tool with ID '${toolId}' not found on MCP server '${serverId}'` });
-    }
-    return toolInfo;
-  }
-});
-var EXECUTE_MCP_SERVER_TOOL_ROUTE = createRoute({
-  method: "POST",
-  path: "/api/mcp/:serverId/tools/:toolId/execute",
-  responseType: "json",
-  pathParamSchema: mcpServerToolPathParams,
-  bodySchema: executeToolBodySchema,
-  summary: "Execute MCP server tool",
-  description: "Executes a tool on the specified MCP server with the provided arguments",
-  tags: ["MCP"],
-  handler: async ({
-    mastra,
-    serverId,
-    toolId,
-    data
-  }) => {
-    if (!mastra || typeof mastra.getMCPServerById !== "function") {
-      throw new HTTPException$1(500, { message: "Mastra instance or getMCPServerById method not available" });
+  });
+  return new Response(stream2, {
+    headers: {
+      "Content-Type": "text/event-stream",
+      "Cache-Control": "no-cache",
+      Connection: "keep-alive",
+      "Access-Control-Allow-Origin": "*"
     }
-    const server = mastra.getMCPServerById(serverId);
-    if (!server) {
-      throw new HTTPException$1(404, { message: `MCP server with ID '${serverId}' not found` });
+  });
+}
+function handleTriggerClientsRefresh(c) {
+  clients.forEach((controller) => {
+    try {
+      controller.enqueue("data: refresh\n\n");
+    } catch {
+      clients.delete(controller);
     }
-    if (typeof server.executeTool !== "function") {
-      throw new HTTPException$1(501, { message: `Server '${serverId}' cannot execute tools in this way.` });
+  });
+  return c.json({ success: true, clients: clients.size });
+}
+function isHotReloadDisabled() {
+  return hotReloadDisabled;
+}
+function handleError(error, defaultMessage) {
+  const apiError = error;
+  throw new HTTPException$1(apiError.status || 500, {
+    message: apiError.message || defaultMessage,
+    cause: apiError.cause
+  });
+}
+function errorHandler(err, c, isDev) {
+  if (err instanceof HTTPException$1) {
+    if (isDev) {
+      return c.json({ error: err.message, cause: err.cause, stack: err.stack }, err.status);
     }
-    const result = await server.executeTool(toolId, data);
-    return { result };
+    return c.json({ error: err.message }, err.status);
   }
-});
-var MCP_ROUTES = [
-  LIST_MCP_SERVERS_ROUTE,
-  GET_MCP_SERVER_DETAIL_ROUTE,
-  LIST_MCP_SERVER_TOOLS_ROUTE,
-  GET_MCP_SERVER_TOOL_DETAIL_ROUTE,
-  EXECUTE_MCP_SERVER_TOOL_ROUTE
-  // Note: getMcpServerMessageHandler and getMcpServerSseHandler are not included here
-  // because they require direct access to raw Hono context.
-];
+  c.get("mastra").getLogger().error(err);
+  return c.json({ error: "Internal Server Error" }, 500);
+}
+
+// src/server/handlers/health.ts
+async function healthHandler(c) {
+  return c.json({ success: true }, 200);
+}
 
 // src/server/handlers/restart-active-runs.ts
 async function restartAllActiveWorkflowRunsHandler(c) {
@@ -3801,16 +3411,18 @@ async function createHonoServer(mastra, options = {
     // 4.5 MB,
     onError: () => ({ error: "Request body too large" })
   };
-  const honoServerAdapter = new HonoServerAdapter({
+  const honoServerAdapter = new MastraServer({
+    app,
     mastra,
     tools: options.tools,
     taskStore: a2aTaskStore,
-    customRouteAuthConfig,
     playground: options.playground,
     isDev: options.isDev,
-    bodyLimitOptions
+    bodyLimitOptions,
+    openapiPath: "/openapi.json",
+    customRouteAuthConfig
   });
-  honoServerAdapter.registerContextMiddleware(app);
+  honoServerAdapter.registerContextMiddleware();
   const serverMiddleware = mastra.getServerMiddleware?.();
   if (serverMiddleware && serverMiddleware.length > 0) {
     for (const m of serverMiddleware) {
@@ -3833,7 +3445,7 @@ async function createHonoServer(mastra, options = {
   }
   app.get(
     "/health",
-    w({
+    describeRoute({
       description: "Health check endpoint",
       tags: ["system"],
       responses: {
@@ -3844,8 +3456,7 @@ async function createHonoServer(mastra, options = {
     }),
     healthHandler
   );
-  app.use("*", authenticationMiddleware);
-  app.use("*", authorizationMiddleware);
+  honoServerAdapter.registerAuthMiddleware();
   if (server?.middleware) {
     const normalizedMiddlewares = Array.isArray(server.middleware) ? server.middleware : [server.middleware];
     const middlewares = normalizedMiddlewares.map((middleware2) => {
@@ -3868,7 +3479,7 @@ async function createHonoServer(mastra, options = {
         middlewares.push(...Array.isArray(route.middleware) ? route.middleware : [route.middleware]);
       }
       if (route.openapi) {
-        middlewares.push(w(route.openapi));
+        middlewares.push(describeRoute(route.openapi));
       }
       const handler = "handler" in route ? route.handler : await route.createHandler({ mastra });
       if (route.method === "GET") {
@@ -3889,17 +3500,11 @@ async function createHonoServer(mastra, options = {
   if (server?.build?.apiReqLogs) {
     app.use(logger());
   }
-  await honoServerAdapter.registerRoutes(app, { openapiPath: "/openapi.json" });
-  for (const route of MCP_ROUTES) {
-    await honoServerAdapter.registerRoute(app, route, { prefix: "" });
-  }
-  app.all("/api/mcp/:serverId/mcp", getMcpServerMessageHandler);
-  app.get("/api/mcp/:serverId/sse", getMcpServerSseHandler);
-  app.post("/api/mcp/:serverId/messages", getMcpServerSseHandler);
+  await honoServerAdapter.registerRoutes();
   if (options?.isDev || server?.build?.swaggerUI) {
     app.get(
       "/swagger-ui",
-      w({
+      describeRoute({
         hide: true
       }),
       middleware({ url: "/openapi.json" })
@@ -3908,7 +3513,7 @@ async function createHonoServer(mastra, options = {
   if (options?.isDev) {
     app.post(
       "/__restart-active-workflow-runs",
-      w({
+      describeRoute({
         hide: true
       }),
       restartAllActiveWorkflowRunsHandler
@@ -3917,21 +3522,21 @@ async function createHonoServer(mastra, options = {
   if (options?.playground) {
     app.get(
       "/refresh-events",
-      w({
+      describeRoute({
         hide: true
       }),
       handleClientsRefresh
     );
     app.post(
       "/__refresh",
-      w({
+      describeRoute({
         hide: true
       }),
       handleTriggerClientsRefresh
     );
     app.get(
       "/__hot-reload-status",
-      w({
+      describeRoute({
         hide: true
       }),
       (c) => {