@mastra/deployer 1.36.0-alpha.0 → 1.36.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/CHANGELOG.md +67 -0
  2. package/dist/docs/SKILL.md +1 -1
  3. package/dist/docs/assets/SOURCE_MAP.json +1 -1
  4. package/dist/server/index.cjs +55 -29
  5. package/dist/server/index.cjs.map +1 -1
  6. package/dist/server/index.d.ts.map +1 -1
  7. package/dist/server/index.js +55 -29
  8. package/dist/server/index.js.map +1 -1
  9. package/package.json +7 -7
package/dist/server/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAGlD,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAGhE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAY5B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAoBnD,KAAK,QAAQ,GAAG,YAAY,CAAC;AAE7B,KAAK,SAAS,GAAG,aAAa,GAAG;IAC/B,OAAO,EAAE,GAAG,CAAC;QAAE,UAAU,EAAE,+BAA+B,CAAA;KAAE,CAAC,CAAC;CAC/D,CAAC;AAEF,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,wCAmB/D;AAED,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,mBAER;cAegC,QAAQ;eAAa,SAAS;2CAkZhE;AAED,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,mBAAmC,mDAyElG"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAIlD,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAIhE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAY5B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAoBnD,KAAK,QAAQ,GAAG,YAAY,CAAC;AAE7B,KAAK,SAAS,GAAG,aAAa,GAAG;IAC/B,OAAO,EAAE,GAAG,CAAC;QAAE,UAAU,EAAE,+BAA+B,CAAA;KAAE,CAAC,CAAC;CAC/D,CAAC;AAgCF,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,wCAmB/D;AAED,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,mBAER;cAegC,QAAQ;eAAa,SAAS;2CAoYhE;AAED,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,mBAAmC,mDAyElG"}
package/dist/server/index.js CHANGED
@@ -15,6 +15,7 @@ import { Tool } from '@mastra/core/tools';
15
15
  import { MastraServer as MastraServer$1, normalizeQueryParams, checkRouteFGA, redactStreamChunk } from '@mastra/server/server-adapter';
16
16
  import util from 'util';
17
17
  import { Buffer as Buffer$1 } from 'buffer';
18
+ import { findMatchingCustomRoute } from '@mastra/server/auth';
18
19
  import { ViewerRegistry, handleInputMessage } from '@mastra/server/browser-stream';
19
20
  import { InMemoryTaskStore } from '@mastra/server/a2a/store';
20
21
  import { Hono } from 'hono';
@@ -3156,6 +3157,9 @@ async function setupBrowserStream(app, config2) {
3156
3157
  }
3157
3158
  const { injectWebSocket, upgradeWebSocket } = createNodeWebSocket({ app });
3158
3159
  const registry2 = new ViewerRegistry();
3160
+ const rawPrefix = config2.apiPrefix ?? "/api";
3161
+ const trimmed = rawPrefix.endsWith("/") ? rawPrefix.slice(0, -1) : rawPrefix;
3162
+ const apiPrefix = trimmed || "/api";
3159
3163
  app.get(
3160
3164
  "/browser/:agentId/stream",
3161
3165
  upgradeWebSocket((c) => {
@@ -3183,7 +3187,20 @@ async function setupBrowserStream(app, config2) {
3183
3187
  };
3184
3188
  })
3185
3189
  );
3186
- app.post("/api/agents/:agentId/browser/close", async (c) => {
3190
+ app.get(`${apiPrefix}/agents/:agentId/browser/session`, (c) => {
3191
+ const agentId = c.req.param("agentId");
3192
+ if (!agentId) {
3193
+ return c.json({ error: "Agent ID is required" }, 400);
3194
+ }
3195
+ const threadId = c.req.query("threadId");
3196
+ const toolset = config2.getToolset(agentId);
3197
+ if (!toolset) {
3198
+ return c.json({ hasSession: false, screencastAvailable: true });
3199
+ }
3200
+ const hasSession = threadId ? toolset.hasThreadSession(threadId) : false;
3201
+ return c.json({ hasSession, screencastAvailable: true });
3202
+ });
3203
+ app.post(`${apiPrefix}/agents/:agentId/browser/close`, async (c) => {
3187
3204
  const agentId = c.req.param("agentId");
3188
3205
  if (!agentId) {
3189
3206
  return c.json({ error: "Agent ID is required" }, 400);
@@ -3589,7 +3606,7 @@ var MastraServer = class extends MastraServer$1 {
3589
3606
  if (authConfig) {
3590
3607
  const hasPermission = await loadHasPermission();
3591
3608
  if (hasPermission) {
3592
- const userPermissions = c.get("requestContext").get("userPermissions");
3609
+ const userPermissions = c.get("requestContext").get("mastra__userPermissions");
3593
3610
  const permissionError = this.checkRoutePermission(route, userPermissions, hasPermission);
3594
3611
  if (permissionError) {
3595
3612
  return c.json(
@@ -3686,7 +3703,7 @@ var MastraServer = class extends MastraServer$1 {
3686
3703
  if (authConfig) {
3687
3704
  const hasPermission = await loadHasPermission();
3688
3705
  if (hasPermission) {
3689
- const userPermissions = c.get("requestContext").get("userPermissions");
3706
+ const userPermissions = c.get("requestContext").get("mastra__userPermissions");
3690
3707
  const permissionError = this.checkRoutePermission(serverRoute, userPermissions, hasPermission);
3691
3708
  if (permissionError) {
3692
3709
  return c.json(
@@ -4420,6 +4437,27 @@ var getStudioPath = () => {
4420
4437
  const studioPath = process.env.MASTRA_STUDIO_PATH || join(__dirname, "studio");
4421
4438
  return studioPath;
4422
4439
  };
4440
+ var DEFAULT_CORS_ALLOW_METHODS = ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"];
4441
+ var DEFAULT_CORS_ALLOW_HEADERS = ["Content-Type", "Authorization", "x-mastra-client-type", "x-mastra-dev-playground"];
4442
+ var DEFAULT_CORS_EXPOSE_HEADERS = ["Content-Length", "X-Requested-With"];
4443
+ function getCorsConfig(serverCors, credentialsDefault) {
4444
+ const userCors = serverCors && typeof serverCors === "object" ? serverCors : void 0;
4445
+ const origin = userCors && "origin" in userCors && userCors.origin ? userCors.origin : credentialsDefault ? (requestOrigin) => requestOrigin || void 0 : "*";
4446
+ const credentials = userCors && "credentials" in userCors ? userCors.credentials : credentialsDefault;
4447
+ return {
4448
+ origin,
4449
+ allowMethods: DEFAULT_CORS_ALLOW_METHODS,
4450
+ credentials,
4451
+ maxAge: 3600,
4452
+ ...userCors,
4453
+ allowHeaders: [...DEFAULT_CORS_ALLOW_HEADERS, ...userCors?.allowHeaders ?? []],
4454
+ exposeHeaders: [...DEFAULT_CORS_EXPOSE_HEADERS, ...userCors?.exposeHeaders ?? []]
4455
+ };
4456
+ }
4457
+ function getRouteCorsConfig(apiRoutes, pathname, method) {
4458
+ const route = findMatchingCustomRoute(pathname, method, apiRoutes)?.route;
4459
+ return route?.cors;
4460
+ }
4423
4461
  function getToolExports(tools) {
4424
4462
  try {
4425
4463
  return tools.reduce((acc, toolModule) => {
@@ -4506,37 +4544,25 @@ async function createHonoServer(mastra, options = {
4506
4544
  getToolset: (agentId) => {
4507
4545
  const agent = mastra.getAgentById(agentId);
4508
4546
  return agent?.browser;
4509
- }
4547
+ },
4548
+ apiPrefix
4510
4549
  });
4550
+ if (!browserStreamSetup) {
4551
+ app.get(
4552
+ `${apiPrefix}/agents/:agentId/browser/session`,
4553
+ (c) => c.json({ hasSession: false, screencastAvailable: false })
4554
+ );
4555
+ }
4511
4556
  if (server?.cors === false) {
4512
4557
  app.use("*", timeout(server?.timeout ?? 3 * 60 * 1e3));
4513
4558
  } else {
4514
4559
  const hasAuth = !!server?.auth;
4515
- let corsOrigin;
4516
- if (server?.cors && typeof server.cors === "object" && "origin" in server.cors && server.cors.origin) {
4517
- corsOrigin = server.cors.origin;
4518
- } else if (hasAuth) {
4519
- corsOrigin = (origin) => origin || void 0;
4520
- } else {
4521
- corsOrigin = "*";
4522
- }
4523
- const corsConfig = {
4524
- origin: corsOrigin,
4525
- allowMethods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
4526
- // Enable credentials for cookie-based auth (e.g., Better Auth sessions)
4527
- credentials: hasAuth ? true : false,
4528
- maxAge: 3600,
4529
- ...server?.cors,
4530
- allowHeaders: [
4531
- "Content-Type",
4532
- "Authorization",
4533
- "x-mastra-client-type",
4534
- "x-mastra-dev-playground",
4535
- ...server?.cors?.allowHeaders ?? []
4536
- ],
4537
- exposeHeaders: ["Content-Length", "X-Requested-With", ...server?.cors?.exposeHeaders ?? []]
4538
- };
4539
- app.use("*", timeout(server?.timeout ?? 3 * 60 * 1e3), cors(corsConfig));
4560
+ app.use("*", timeout(server?.timeout ?? 3 * 60 * 1e3), async (c, next) => {
4561
+ const pathname = new URL(c.req.url).pathname;
4562
+ const method = c.req.method === "OPTIONS" ? c.req.header("Access-Control-Request-Method") ?? c.req.method : c.req.method;
4563
+ const routeCors = getRouteCorsConfig(processedRoutes, pathname, method);
4564
+ return cors(routeCors ? getCorsConfig(routeCors, false) : getCorsConfig(server?.cors, hasAuth))(c, next);
4565
+ });
4540
4566
  }
4541
4567
  app.get(
4542
4568
  "/health",