@mastra/mcp 1.9.0-alpha.0 → 1.9.0

package/dist/index.js

@@ -2776,6 +2776,7 @@ var MCPServer = class extends MCPServerBase {
   definedPrompts;
   promptOptions;
   jsonSchemaValidator;
+  mapAuthInfoToUser;
   subscriptions = /* @__PURE__ */ new Set();
   currentLoggingLevel;
   /**
@@ -2877,6 +2878,7 @@ var MCPServer = class extends MCPServerBase {
    * @param opts.prompts - Optional prompt configuration for exposing reusable templates
    * @param opts.id - Optional unique identifier (generated if not provided)
    * @param opts.description - Optional description of what the server does
+   * @param opts.mapAuthInfoToUser - Optional mapper from MCP `extra.authInfo` to the FGA user context
    *
    * @example
    * ```typescript
@@ -2913,6 +2915,7 @@ var MCPServer = class extends MCPServerBase {
     this.resourceOptions = this.mergeAppResources(opts.resources, opts.appResources);
     this.promptOptions = opts.prompts;
     this.jsonSchemaValidator = opts.jsonSchemaValidator;
+    this.mapAuthInfoToUser = opts.mapAuthInfoToUser;
     const capabilities = {
       tools: {},
       logging: { enabled: true }
@@ -3149,7 +3152,7 @@ var MCPServer = class extends MCPServerBase {
    */
   registerHandlersOnServer(serverInstance) {
     serverInstance.setRequestHandler(ListToolsRequestSchema, async (_request, extra) => {
-      const proxiedContext = this.createProxiedRequestContext(extra);
+      const proxiedContext = await this.createProxiedRequestContext(extra);
       const tools = await this.getAuthorizedConvertedToolEntries(proxiedContext);
       return {
         tools: tools.map(([, tool]) => {
@@ -3229,12 +3232,7 @@ Provided arguments: ${JSON.stringify(request.params.arguments, null, 2)}`
             return this.handleElicitationRequest(request2, serverInstance, options);
           }
         };
-        const proxiedContext = new RequestContext();
-        if (extra) {
-          Object.entries(extra).forEach(([key, value]) => {
-            proxiedContext.set(key, value);
-          });
-        }
+        const proxiedContext = await this.createProxiedRequestContext(extra);
         const mcpOptions = {
           messages: [],
           toolCallId: "",
@@ -4513,22 +4511,50 @@ Provided arguments: ${JSON.stringify(request.params.arguments, null, 2)}`
       _meta: withMastraToolStrictMeta(tool.mcp?._meta, tool.strict)
     };
   }
-  createProxiedRequestContext(extra) {
+  async createProxiedRequestContext(extra) {
     const proxiedContext = new RequestContext();
+    let extraRecord;
     if (extra && typeof extra === "object") {
-      Object.entries(extra).forEach(([key, value]) => {
+      extraRecord = extra;
+      Object.entries(extraRecord).forEach(([key, value]) => {
         proxiedContext.set(key, value);
       });
     }
+    await this.resolveMappedFGAUser(proxiedContext, extraRecord);
     return proxiedContext;
   }
+  async resolveMappedFGAUser(requestContext, extra) {
+    if (!requestContext) {
+      return void 0;
+    }
+    const existingUser = requestContext.get("user");
+    if (existingUser) {
+      return existingUser;
+    }
+    if (!this.mapAuthInfoToUser) {
+      return void 0;
+    }
+    const authInfo = extra && "authInfo" in extra ? extra.authInfo : requestContext.get("authInfo");
+    if (!authInfo) {
+      return void 0;
+    }
+    const user = await this.mapAuthInfoToUser({
+      authInfo,
+      extra: extra ?? { authInfo },
+      requestContext
+    });
+    if (user) {
+      requestContext.set("user", user);
+    }
+    return user;
+  }
   async getAuthorizedConvertedToolEntries(requestContext) {
     const entries = Object.entries(this.convertedTools);
     const fgaProvider = this.mastra?.getServer?.()?.fga;
     if (!fgaProvider) {
       return entries;
     }
-    const user = requestContext.get("user");
+    const user = await this.resolveMappedFGAUser(requestContext);
     if (!user) {
       return [];
     }
@@ -4552,17 +4578,26 @@ Provided arguments: ${JSON.stringify(request.params.arguments, null, 2)}`
     if (!fgaProvider) {
       return;
     }
-    const { checkFGA, FGADeniedError, MastraFGAPermissions } = await import('@mastra/core/auth/ee');
-    const resourceId = JSON.stringify([this.id, toolId]);
-    const user = requestContext?.get("user");
+    const { getMCPToolFGAResourceId, requireFGA, FGADeniedError, MastraFGAPermissions } = await import('@mastra/core/auth/ee');
+    const resourceId = getMCPToolFGAResourceId(this.id, toolId);
+    const user = await this.resolveMappedFGAUser(requestContext);
     if (!user) {
       throw new FGADeniedError({ id: "unknown" }, { type: "tool", id: resourceId }, MastraFGAPermissions.TOOLS_EXECUTE);
     }
-    await checkFGA({
+    await requireFGA({
       fgaProvider,
       user,
       resource: { type: "tool", id: resourceId },
-      permission: MastraFGAPermissions.TOOLS_EXECUTE
+      permission: MastraFGAPermissions.TOOLS_EXECUTE,
+      requestContext,
+      context: {
+        resourceId
+      },
+      metadata: {
+        mcpServerId: this.id,
+        mcpServerName: this.name,
+        toolId
+      }
     });
   }
   /**