@mastra/deployer 1.36.0-alpha.0 → 1.36.0-alpha.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/CHANGELOG.md +133 -0
  2. package/dist/docs/SKILL.md +1 -1
  3. package/dist/docs/assets/SOURCE_MAP.json +1 -1
  4. package/dist/server/index.cjs +71 -34
  5. package/dist/server/index.cjs.map +1 -1
  6. package/dist/server/index.d.ts.map +1 -1
  7. package/dist/server/index.js +71 -34
  8. package/dist/server/index.js.map +1 -1
  9. package/package.json +8 -8
package/dist/server/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAGlD,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAGhE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAY5B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAoBnD,KAAK,QAAQ,GAAG,YAAY,CAAC;AAE7B,KAAK,SAAS,GAAG,aAAa,GAAG;IAC/B,OAAO,EAAE,GAAG,CAAC;QAAE,UAAU,EAAE,+BAA+B,CAAA;KAAE,CAAC,CAAC;CAC/D,CAAC;AAEF,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,wCAmB/D;AAED,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,mBAER;cAegC,QAAQ;eAAa,SAAS;2CAkZhE;AAED,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,mBAAmC,mDAyElG"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAIlD,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAIhE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAY5B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAoBnD,KAAK,QAAQ,GAAG,YAAY,CAAC;AAE7B,KAAK,SAAS,GAAG,aAAa,GAAG;IAC/B,OAAO,EAAE,GAAG,CAAC;QAAE,UAAU,EAAE,+BAA+B,CAAA;KAAE,CAAC,CAAC;CAC/D,CAAC;AAgCF,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,wCAmB/D;AAED,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,mBAER;cAegC,QAAQ;eAAa,SAAS;2CAmZhE;AAED,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,mBAAmC,mDAyElG"}
package/dist/server/index.js CHANGED
@@ -15,6 +15,7 @@ import { Tool } from '@mastra/core/tools';
15
15
  import { MastraServer as MastraServer$1, normalizeQueryParams, checkRouteFGA, redactStreamChunk } from '@mastra/server/server-adapter';
16
16
  import util from 'util';
17
17
  import { Buffer as Buffer$1 } from 'buffer';
18
+ import { findMatchingCustomRoute } from '@mastra/server/auth';
18
19
  import { ViewerRegistry, handleInputMessage } from '@mastra/server/browser-stream';
19
20
  import { InMemoryTaskStore } from '@mastra/server/a2a/store';
20
21
  import { Hono } from 'hono';
@@ -3156,6 +3157,9 @@ async function setupBrowserStream(app, config2) {
3156
3157
  }
3157
3158
  const { injectWebSocket, upgradeWebSocket } = createNodeWebSocket({ app });
3158
3159
  const registry2 = new ViewerRegistry();
3160
+ const rawPrefix = config2.apiPrefix ?? "/api";
3161
+ const trimmed = rawPrefix.endsWith("/") ? rawPrefix.slice(0, -1) : rawPrefix;
3162
+ const apiPrefix = trimmed || "/api";
3159
3163
  app.get(
3160
3164
  "/browser/:agentId/stream",
3161
3165
  upgradeWebSocket((c) => {
@@ -3170,7 +3174,7 @@ async function setupBrowserStream(app, config2) {
3170
3174
  onMessage(event, _ws) {
3171
3175
  const data = typeof event.data === "string" ? event.data : null;
3172
3176
  if (data) {
3173
- handleInputMessage(data, config2.getToolset, agentId, threadId);
3177
+ void handleInputMessage(data, config2.getToolset, agentId, threadId);
3174
3178
  }
3175
3179
  },
3176
3180
  onClose(_event, ws) {
@@ -3183,12 +3187,25 @@ async function setupBrowserStream(app, config2) {
3183
3187
  };
3184
3188
  })
3185
3189
  );
3186
- app.post("/api/agents/:agentId/browser/close", async (c) => {
3190
+ app.get(`${apiPrefix}/agents/:agentId/browser/session`, async (c) => {
3187
3191
  const agentId = c.req.param("agentId");
3188
3192
  if (!agentId) {
3189
3193
  return c.json({ error: "Agent ID is required" }, 400);
3190
3194
  }
3191
- const toolset = config2.getToolset(agentId);
3195
+ const threadId = c.req.query("threadId");
3196
+ const toolset = await config2.getToolset(agentId);
3197
+ if (!toolset) {
3198
+ return c.json({ hasSession: false, screencastAvailable: true });
3199
+ }
3200
+ const hasSession = threadId ? toolset.hasThreadSession(threadId) : false;
3201
+ return c.json({ hasSession, screencastAvailable: true });
3202
+ });
3203
+ app.post(`${apiPrefix}/agents/:agentId/browser/close`, async (c) => {
3204
+ const agentId = c.req.param("agentId");
3205
+ if (!agentId) {
3206
+ return c.json({ error: "Agent ID is required" }, 400);
3207
+ }
3208
+ const toolset = await config2.getToolset(agentId);
3192
3209
  if (!toolset) {
3193
3210
  return c.json({ error: "No browser session for this agent" }, 404);
3194
3211
  }
@@ -3589,7 +3606,7 @@ var MastraServer = class extends MastraServer$1 {
3589
3606
  if (authConfig) {
3590
3607
  const hasPermission = await loadHasPermission();
3591
3608
  if (hasPermission) {
3592
- const userPermissions = c.get("requestContext").get("userPermissions");
3609
+ const userPermissions = c.get("requestContext").get("mastra__userPermissions");
3593
3610
  const permissionError = this.checkRoutePermission(route, userPermissions, hasPermission);
3594
3611
  if (permissionError) {
3595
3612
  return c.json(
@@ -3686,7 +3703,7 @@ var MastraServer = class extends MastraServer$1 {
3686
3703
  if (authConfig) {
3687
3704
  const hasPermission = await loadHasPermission();
3688
3705
  if (hasPermission) {
3689
- const userPermissions = c.get("requestContext").get("userPermissions");
3706
+ const userPermissions = c.get("requestContext").get("mastra__userPermissions");
3690
3707
  const permissionError = this.checkRoutePermission(serverRoute, userPermissions, hasPermission);
3691
3708
  if (permissionError) {
3692
3709
  return c.json(
@@ -4420,6 +4437,27 @@ var getStudioPath = () => {
4420
4437
  const studioPath = process.env.MASTRA_STUDIO_PATH || join(__dirname, "studio");
4421
4438
  return studioPath;
4422
4439
  };
4440
+ var DEFAULT_CORS_ALLOW_METHODS = ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"];
4441
+ var DEFAULT_CORS_ALLOW_HEADERS = ["Content-Type", "Authorization", "x-mastra-client-type", "x-mastra-dev-playground"];
4442
+ var DEFAULT_CORS_EXPOSE_HEADERS = ["Content-Length", "X-Requested-With"];
4443
+ function getCorsConfig(serverCors, credentialsDefault) {
4444
+ const userCors = serverCors && typeof serverCors === "object" ? serverCors : void 0;
4445
+ const origin = userCors && "origin" in userCors && userCors.origin ? userCors.origin : credentialsDefault ? (requestOrigin) => requestOrigin || void 0 : "*";
4446
+ const credentials = userCors && "credentials" in userCors ? userCors.credentials : credentialsDefault;
4447
+ return {
4448
+ origin,
4449
+ allowMethods: DEFAULT_CORS_ALLOW_METHODS,
4450
+ credentials,
4451
+ maxAge: 3600,
4452
+ ...userCors,
4453
+ allowHeaders: [...DEFAULT_CORS_ALLOW_HEADERS, ...userCors?.allowHeaders ?? []],
4454
+ exposeHeaders: [...DEFAULT_CORS_EXPOSE_HEADERS, ...userCors?.exposeHeaders ?? []]
4455
+ };
4456
+ }
4457
+ function getRouteCorsConfig(apiRoutes, pathname, method) {
4458
+ const route = findMatchingCustomRoute(pathname, method, apiRoutes)?.route;
4459
+ return route?.cors;
4460
+ }
4423
4461
  function getToolExports(tools) {
4424
4462
  try {
4425
4463
  return tools.reduce((acc, toolModule) => {
@@ -4503,40 +4541,39 @@ async function createHonoServer(mastra, options = {
4503
4541
  }
4504
4542
  }
4505
4543
  const browserStreamSetup = await setupBrowserStream(app, {
4506
- getToolset: (agentId) => {
4507
- const agent = mastra.getAgentById(agentId);
4508
- return agent?.browser;
4509
- }
4544
+ getToolset: async (agentId) => {
4545
+ try {
4546
+ const runtimeAgent = mastra.getAgentById(agentId);
4547
+ if (runtimeAgent) {
4548
+ return runtimeAgent.browser;
4549
+ }
4550
+ } catch {
4551
+ }
4552
+ try {
4553
+ const storedAgent = await mastra.getEditor?.()?.agent.getById(agentId);
4554
+ return storedAgent?.browser;
4555
+ } catch {
4556
+ return void 0;
4557
+ }
4558
+ },
4559
+ apiPrefix
4510
4560
  });
4561
+ if (!browserStreamSetup) {
4562
+ app.get(
4563
+ `${apiPrefix}/agents/:agentId/browser/session`,
4564
+ (c) => c.json({ hasSession: false, screencastAvailable: false })
4565
+ );
4566
+ }
4511
4567
  if (server?.cors === false) {
4512
4568
  app.use("*", timeout(server?.timeout ?? 3 * 60 * 1e3));
4513
4569
  } else {
4514
4570
  const hasAuth = !!server?.auth;
4515
- let corsOrigin;
4516
- if (server?.cors && typeof server.cors === "object" && "origin" in server.cors && server.cors.origin) {
4517
- corsOrigin = server.cors.origin;
4518
- } else if (hasAuth) {
4519
- corsOrigin = (origin) => origin || void 0;
4520
- } else {
4521
- corsOrigin = "*";
4522
- }
4523
- const corsConfig = {
4524
- origin: corsOrigin,
4525
- allowMethods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
4526
- // Enable credentials for cookie-based auth (e.g., Better Auth sessions)
4527
- credentials: hasAuth ? true : false,
4528
- maxAge: 3600,
4529
- ...server?.cors,
4530
- allowHeaders: [
4531
- "Content-Type",
4532
- "Authorization",
4533
- "x-mastra-client-type",
4534
- "x-mastra-dev-playground",
4535
- ...server?.cors?.allowHeaders ?? []
4536
- ],
4537
- exposeHeaders: ["Content-Length", "X-Requested-With", ...server?.cors?.exposeHeaders ?? []]
4538
- };
4539
- app.use("*", timeout(server?.timeout ?? 3 * 60 * 1e3), cors(corsConfig));
4571
+ app.use("*", timeout(server?.timeout ?? 3 * 60 * 1e3), async (c, next) => {
4572
+ const pathname = new URL(c.req.url).pathname;
4573
+ const method = c.req.method === "OPTIONS" ? c.req.header("Access-Control-Request-Method") ?? c.req.method : c.req.method;
4574
+ const routeCors = getRouteCorsConfig(processedRoutes, pathname, method);
4575
+ return cors(routeCors ? getCorsConfig(routeCors, false) : getCorsConfig(server?.cors, hasAuth))(c, next);
4576
+ });
4540
4577
  }
4541
4578
  app.get(
4542
4579
  "/health",