@mastra/server 1.0.0-beta.4 → 1.0.0-beta.6

package/dist/chunk-Z4GN2JAO.cjs

@@ -0,0 +1,211 @@
+'use strict';
+
+var chunk5W4RPVTK_cjs = require('./chunk-5W4RPVTK.cjs');
+var chunkMWQQRVQC_cjs = require('./chunk-MWQQRVQC.cjs');
+var chunk2NW6POYK_cjs = require('./chunk-2NW6POYK.cjs');
+var chunkGU4EWMZB_cjs = require('./chunk-GU4EWMZB.cjs');
+var chunkH2RMXG2Q_cjs = require('./chunk-H2RMXG2Q.cjs');
+var chunkV5WWQN7P_cjs = require('./chunk-V5WWQN7P.cjs');
+var chunk64ITUOXI_cjs = require('./chunk-64ITUOXI.cjs');
+var chunkO7I5CWRX_cjs = require('./chunk-O7I5CWRX.cjs');
+var tools = require('@mastra/core/tools');
+var zodToJson = require('@mastra/core/utils/zod-to-json');
+
+// src/server/handlers/tools.ts
+var tools_exports = {};
+chunkO7I5CWRX_cjs.__export(tools_exports, {
+  EXECUTE_AGENT_TOOL_ROUTE: () => EXECUTE_AGENT_TOOL_ROUTE,
+  EXECUTE_TOOL_ROUTE: () => EXECUTE_TOOL_ROUTE,
+  GET_AGENT_TOOL_ROUTE: () => GET_AGENT_TOOL_ROUTE,
+  GET_TOOL_BY_ID_ROUTE: () => GET_TOOL_BY_ID_ROUTE,
+  LIST_TOOLS_ROUTE: () => LIST_TOOLS_ROUTE
+});
+var LIST_TOOLS_ROUTE = chunkH2RMXG2Q_cjs.createRoute({
+  method: "GET",
+  path: "/api/tools",
+  responseType: "json",
+  responseSchema: chunkMWQQRVQC_cjs.listToolsResponseSchema,
+  summary: "List all tools",
+  description: "Returns a list of all available tools in the system",
+  tags: ["Tools"],
+  handler: async ({ mastra, tools }) => {
+    try {
+      const allTools = tools || mastra.listTools() || {};
+      const serializedTools = Object.entries(allTools).reduce(
+        (acc, [id, _tool]) => {
+          const tool = _tool;
+          acc[id] = {
+            ...tool,
+            inputSchema: tool.inputSchema ? chunkGU4EWMZB_cjs.stringify(zodToJson.zodToJsonSchema(tool.inputSchema)) : void 0,
+            outputSchema: tool.outputSchema ? chunkGU4EWMZB_cjs.stringify(zodToJson.zodToJsonSchema(tool.outputSchema)) : void 0
+          };
+          return acc;
+        },
+        {}
+      );
+      return serializedTools;
+    } catch (error) {
+      return chunkV5WWQN7P_cjs.handleError(error, "Error getting tools");
+    }
+  }
+});
+var GET_TOOL_BY_ID_ROUTE = chunkH2RMXG2Q_cjs.createRoute({
+  method: "GET",
+  path: "/api/tools/:toolId",
+  responseType: "json",
+  pathParamSchema: chunkMWQQRVQC_cjs.toolIdPathParams,
+  responseSchema: chunkMWQQRVQC_cjs.serializedToolSchema,
+  summary: "Get tool by ID",
+  description: "Returns details for a specific tool including its schema and configuration",
+  tags: ["Tools"],
+  handler: async ({ mastra, tools, toolId }) => {
+    try {
+      let tool;
+      if (tools && Object.keys(tools).length > 0) {
+        tool = Object.values(tools).find((t) => t.id === toolId);
+      } else {
+        tool = mastra.getToolById(toolId);
+      }
+      if (!tool) {
+        throw new chunk64ITUOXI_cjs.HTTPException(404, { message: "Tool not found" });
+      }
+      const serializedTool = {
+        ...tool,
+        inputSchema: tool.inputSchema ? chunkGU4EWMZB_cjs.stringify(zodToJson.zodToJsonSchema(tool.inputSchema)) : void 0,
+        outputSchema: tool.outputSchema ? chunkGU4EWMZB_cjs.stringify(zodToJson.zodToJsonSchema(tool.outputSchema)) : void 0
+      };
+      return serializedTool;
+    } catch (error) {
+      return chunkV5WWQN7P_cjs.handleError(error, "Error getting tool");
+    }
+  }
+});
+var EXECUTE_TOOL_ROUTE = chunkH2RMXG2Q_cjs.createRoute({
+  method: "POST",
+  path: "/api/tools/:toolId/execute",
+  responseType: "json",
+  pathParamSchema: chunkMWQQRVQC_cjs.toolIdPathParams,
+  queryParamSchema: chunk2NW6POYK_cjs.optionalRunIdSchema,
+  bodySchema: chunkMWQQRVQC_cjs.executeToolContextBodySchema,
+  responseSchema: chunkMWQQRVQC_cjs.executeToolResponseSchema,
+  summary: "Execute tool",
+  description: "Executes a specific tool with the provided input data",
+  tags: ["Tools"],
+  handler: async ({ mastra, runId, toolId, tools: tools$1, requestContext, ...bodyParams }) => {
+    try {
+      if (!toolId) {
+        throw new chunk64ITUOXI_cjs.HTTPException(400, { message: "Tool ID is required" });
+      }
+      let tool;
+      if (tools$1 && Object.keys(tools$1).length > 0) {
+        tool = Object.values(tools$1).find((t) => t.id === toolId);
+      } else {
+        tool = mastra.getToolById(toolId);
+      }
+      if (!tool) {
+        throw new chunk64ITUOXI_cjs.HTTPException(404, { message: "Tool not found" });
+      }
+      if (!tool?.execute) {
+        throw new chunk64ITUOXI_cjs.HTTPException(400, { message: "Tool is not executable" });
+      }
+      const { data } = bodyParams;
+      chunk5W4RPVTK_cjs.validateBody({ data });
+      if (tools.isVercelTool(tool)) {
+        const result2 = await tool.execute(data);
+        return result2;
+      }
+      const result = await tool.execute(data, {
+        mastra,
+        requestContext,
+        // TODO: Pass proper tracing context when server API supports tracing
+        tracingContext: { currentSpan: void 0 },
+        ...runId ? {
+          workflow: {
+            runId,
+            suspend: async () => {
+            }
+          }
+        } : {}
+      });
+      return result;
+    } catch (error) {
+      return chunkV5WWQN7P_cjs.handleError(error, "Error executing tool");
+    }
+  }
+});
+var GET_AGENT_TOOL_ROUTE = chunkH2RMXG2Q_cjs.createRoute({
+  method: "GET",
+  path: "/api/agents/:agentId/tools/:toolId",
+  responseType: "json",
+  pathParamSchema: chunkMWQQRVQC_cjs.agentToolPathParams,
+  responseSchema: chunkMWQQRVQC_cjs.serializedToolSchema,
+  summary: "Get agent tool",
+  description: "Returns details for a specific tool assigned to the agent",
+  tags: ["Agents", "Tools"],
+  handler: async ({ mastra, agentId, toolId, requestContext }) => {
+    try {
+      const agent = agentId ? mastra.getAgentById(agentId) : null;
+      if (!agent) {
+        throw new chunk64ITUOXI_cjs.HTTPException(404, { message: "Agent not found" });
+      }
+      const agentTools = await agent.listTools({ requestContext });
+      const tool = Object.values(agentTools || {}).find((tool2) => tool2.id === toolId);
+      if (!tool) {
+        throw new chunk64ITUOXI_cjs.HTTPException(404, { message: "Tool not found" });
+      }
+      const serializedTool = {
+        ...tool,
+        inputSchema: tool.inputSchema ? chunkGU4EWMZB_cjs.stringify(zodToJson.zodToJsonSchema(tool.inputSchema)) : void 0,
+        outputSchema: tool.outputSchema ? chunkGU4EWMZB_cjs.stringify(zodToJson.zodToJsonSchema(tool.outputSchema)) : void 0
+      };
+      return serializedTool;
+    } catch (error) {
+      return chunkV5WWQN7P_cjs.handleError(error, "Error getting agent tool");
+    }
+  }
+});
+var EXECUTE_AGENT_TOOL_ROUTE = chunkH2RMXG2Q_cjs.createRoute({
+  method: "POST",
+  path: "/api/agents/:agentId/tools/:toolId/execute",
+  responseType: "json",
+  pathParamSchema: chunkMWQQRVQC_cjs.agentToolPathParams,
+  bodySchema: chunkMWQQRVQC_cjs.executeToolBodySchema,
+  responseSchema: chunkMWQQRVQC_cjs.executeToolResponseSchema,
+  summary: "Execute agent tool",
+  description: "Executes a specific tool assigned to the agent with the provided input data",
+  tags: ["Agents", "Tools"],
+  handler: async ({ mastra, agentId, toolId, data, requestContext }) => {
+    try {
+      const agent = agentId ? mastra.getAgentById(agentId) : null;
+      if (!agent) {
+        throw new chunk64ITUOXI_cjs.HTTPException(404, { message: "Tool not found" });
+      }
+      const agentTools = await agent.listTools({ requestContext });
+      const tool = Object.values(agentTools || {}).find((tool2) => tool2.id === toolId);
+      if (!tool) {
+        throw new chunk64ITUOXI_cjs.HTTPException(404, { message: "Tool not found" });
+      }
+      if (!tool?.execute) {
+        throw new chunk64ITUOXI_cjs.HTTPException(400, { message: "Tool is not executable" });
+      }
+      const result = await tool.execute(data, {
+        mastra,
+        requestContext,
+        // TODO: Pass proper tracing context when server API supports tracing
+        tracingContext: { currentSpan: void 0 }
+      });
+      return result;
+    } catch (error) {
+      return chunkV5WWQN7P_cjs.handleError(error, "Error executing agent tool");
+    }
+  }
+});
+
+exports.EXECUTE_AGENT_TOOL_ROUTE = EXECUTE_AGENT_TOOL_ROUTE;
+exports.EXECUTE_TOOL_ROUTE = EXECUTE_TOOL_ROUTE;
+exports.GET_AGENT_TOOL_ROUTE = GET_AGENT_TOOL_ROUTE;
+exports.GET_TOOL_BY_ID_ROUTE = GET_TOOL_BY_ID_ROUTE;
+exports.LIST_TOOLS_ROUTE = LIST_TOOLS_ROUTE;
+exports.tools_exports = tools_exports;
+//# sourceMappingURL=chunk-Z4GN2JAO.cjs.map
+//# sourceMappingURL=chunk-Z4GN2JAO.cjs.map

package/dist/chunk-Z4GN2JAO.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server/handlers/tools.ts"],"names":["__export","createRoute","listToolsResponseSchema","stringify","zodToJsonSchema","handleError","toolIdPathParams","serializedToolSchema","HTTPException","optionalRunIdSchema","executeToolContextBodySchema","executeToolResponseSchema","tools","validateBody","isVercelTool","result","agentToolPathParams","tool","executeToolBodySchema"],"mappings":";;;;;;;;;;;;;;AAAA,IAAA,aAAA,GAAA;AAAAA,0BAAA,CAAA,aAAA,EAAA;AAAA,EAAA,wBAAA,EAAA,MAAA,wBAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,oBAAA,EAAA,MAAA,oBAAA;AAAA,EAAA,oBAAA,EAAA,MAAA,oBAAA;AAAA,EAAA,gBAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAuBO,IAAM,mBAAmBC,6BAAA,CAAY;AAAA,EAC1C,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,YAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgBC,yCAAA;AAAA,EAChB,OAAA,EAAS,gBAAA;AAAA,EACT,WAAA,EAAa,qDAAA;AAAA,EACb,IAAA,EAAM,CAAC,OAAO,CAAA;AAAA,EACd,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,OAAM,KAAM;AACpC,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,KAAA,IAAS,MAAA,CAAO,SAAA,MAAe,EAAC;AAEjD,MAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,OAAA,CAAQ,QAAQ,CAAA,CAAE,MAAA;AAAA,QAC/C,CAAC,GAAA,EAAK,CAAC,EAAA,EAAI,KAAK,CAAA,KAAM;AACpB,UAAA,MAAM,IAAA,GAAO,KAAA;AACb,UAAA,GAAA,CAAI,EAAE,CAAA,GAAI;AAAA,YACR,GAAG,IAAA;AAAA,YACH,WAAA,EAAa,KAAK,WAAA,GAAcC,2BAAA,CAAUC,0BAAgB,IAAA,CAAK,WAAW,CAAC,CAAA,GAAI,MAAA;AAAA,YAC/E,YAAA,EAAc,KAAK,YAAA,GAAeD,2BAAA,CAAUC,0BAAgB,IAAA,CAAK,YAAY,CAAC,CAAA,GAAI;AAAA,WACpF;AACA,UAAA,OAAO,GAAA;AAAA,QACT,CAAA;AAAA,QACA;AAAC,OACH;AAEA,MAAA,OAAO,eAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,qBAAqB,CAAA;AAAA,IACjD;AAAA,EACF;AACF,CAAC;AAEM,IAAM,uBAAuBJ,6BAAA,CAAY;AAAA,EAC9C,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBK,kCAAA;AAAA,EACjB,cAAA,EAAgBC,sCAAA;AAAA,EAChB,OAAA,EAAS,gBAAA;AAAA,EACT,WAAA,EAAa,4EAAA;AAAA,EACb,IAAA,EAAM,CAAC,OAAO,CAAA;AAAA,EACd,SAAS,OAAO,EAAE,MAAA,EAAQ,KAAA,EAAO,QAAO,KAAM;AAC5C,IAAA,IAAI;AACF,MAAA,IAAI,IAAA;AAGJ,MAAA,IAAI,SAAS,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,SAAS,CAAA,EAAG;AAC1C,QAAA,IAAA,GAAO,MAAA,CAAO,OAAO,KAAK,CAAA,CAAE,KAAK,CAAC,CAAA,KAAW,CAAA,CAAE,EAAA,KAAO,MAAM,CAAA;AAAA,MAC9D,CAAA,MAAO;AACL,QAAA,IAAA,GAAO,MAAA,CAAO,YAAY,MAAM,CAAA;AAAA,MAClC;AAEA,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,MAAM,IAAIC,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,kBAAkB,CAAA;AAAA,MAC5D;AAEA,MAAA,MAAM,cAAA,GAAiB;AAAA,QACrB,GAAG,IAAA;AAAA,QACH,WAAA,EAAa,KAAK,WAAA,GAAcL,2BAAA,CAAUC,0BAAgB,IAAA,CAAK,WAAW,CAAC,CAAA,GAAI,MAAA;AAAA,QAC/E,YAAA,EAAc,KAAK,YAAA,GAAeD,2BAAA,CAAUC,0BAAgB,IAAA,CAAK,YAAY,CAAC,CAAA,GAAI;AAAA,OACpF;AAEA,MAAA,OAAO,cAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,oBAAoB,CAAA;AAAA,IAChD;AAAA,EACF;AACF,CAAC;AAEM,IAAM,qBAAqBJ,6BAAA,CAAY;AAAA,EAC5C,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,4BAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBK,kCAAA;AAAA,EACjB,gBAAA,EAAkBG,qCAAA;AAAA,EAClB,UAAA,EAAYC,8CAAA;AAAA,EACZ,cAAA,EAAgBC,2CAAA;AAAA,EAChB,OAAA,EAAS,cAAA;AAAA,EACT,WAAA,EAAa,uDAAA;AAAA,EACb,IAAA,EAAM,CAAC,OAAO,CAAA;AAAA,EACd,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,KAAA,EAAO,eAAQC,OAAA,EAAO,cAAA,EAAgB,GAAG,UAAA,EAAW,KAAM;AAClF,IAAA,IAAI;AACF,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,MAAM,IAAIJ,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,uBAAuB,CAAA;AAAA,MACjE;AAEA,MAAA,IAAI,IAAA;AAGJ,MAAA,IAAII,WAAS,MAAA,CAAO,IAAA,CAAKA,OAAK,CAAA,CAAE,SAAS,CAAA,EAAG;AAC1C,QAAA,IAAA,GAAO,MAAA,CAAO,OAAOA,OAAK,CAAA,CAAE,KAAK,CAAC,CAAA,KAAW,CAAA,CAAE,EAAA,KAAO,MAAM,CAAA;AAAA,MAC9D,CAAA,MAAO;AACL,QAAA,IAAA,GAAO,MAAA,CAAO,YAAY,MAAM,CAAA;AAAA,MAClC;AAEA,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,MAAM,IAAIJ,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,kBAAkB,CAAA;AAAA,MAC5D;AAEA,MAAA,IAAI,CAAC,MAAM,OAAA,EAAS;AAClB,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,0BAA0B,CAAA;AAAA,MACpE;AAEA,MAAA,MAAM,EAAE,MAAK,GAAI,UAAA;AAEjB,MAAAK,8BAAA,CAAa,EAAE,MAAM,CAAA;AAErB,MAAA,IAAIC,kBAAA,CAAa,IAAI,CAAA,EAAG;AACtB,QAAA,MAAMC,OAAAA,GAAS,MAAO,IAAA,CAAa,OAAA,CAAQ,IAAI,CAAA;AAC/C,QAAA,OAAOA,OAAAA;AAAA,MACT;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAO;AAAA,QACvC,MAAA;AAAA,QACA,cAAA;AAAA;AAAA,QAEA,cAAA,EAAgB,EAAE,WAAA,EAAa,MAAA,EAAU;AAAA,QACzC,GAAI,KAAA,GACA;AAAA,UACE,QAAA,EAAU;AAAA,YACR,KAAA;AAAA,YACA,SAAS,YAAY;AAAA,YAAC;AAAA;AACxB,YAEF;AAAC,OACN,CAAA;AACD,MAAA,OAAO,MAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAOV,6BAAA,CAAY,OAAO,sBAAsB,CAAA;AAAA,IAClD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,uBAAuBJ,6BAAA,CAAY;AAAA,EAC9C,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBe,qCAAA;AAAA,EACjB,cAAA,EAAgBT,sCAAA;AAAA,EAChB,OAAA,EAAS,gBAAA;AAAA,EACT,WAAA,EAAa,2DAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAA,EAAU,OAAO,CAAA;AAAA,EACxB,SAAS,OAAO,EAAE,QAAQ,OAAA,EAAS,MAAA,EAAQ,gBAAe,KAAM;AAC9D,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,GAAQ,OAAA,GAAU,MAAA,CAAO,YAAA,CAAa,OAAO,CAAA,GAAI,IAAA;AACvD,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAIC,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,mBAAmB,CAAA;AAAA,MAC7D;AAEA,MAAA,MAAM,aAAa,MAAM,KAAA,CAAM,SAAA,CAAU,EAAE,gBAAgB,CAAA;AAE3D,MAAA,MAAM,IAAA,GAAO,MAAA,CAAO,MAAA,CAAO,UAAA,IAAc,EAAE,CAAA,CAAE,IAAA,CAAK,CAACS,KAAAA,KAAcA,KAAAA,CAAK,EAAA,KAAO,MAAM,CAAA;AAEnF,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,MAAM,IAAIT,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,kBAAkB,CAAA;AAAA,MAC5D;AAEA,MAAA,MAAM,cAAA,GAAiB;AAAA,QACrB,GAAG,IAAA;AAAA,QACH,WAAA,EAAa,KAAK,WAAA,GAAcL,2BAAA,CAAUC,0BAAgB,IAAA,CAAK,WAAW,CAAC,CAAA,GAAI,MAAA;AAAA,QAC/E,YAAA,EAAc,KAAK,YAAA,GAAeD,2BAAA,CAAUC,0BAAgB,IAAA,CAAK,YAAY,CAAC,CAAA,GAAI;AAAA,OACpF;AAEA,MAAA,OAAO,cAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,0BAA0B,CAAA;AAAA,IACtD;AAAA,EACF;AACF,CAAC;AAEM,IAAM,2BAA2BJ,6BAAA,CAAY;AAAA,EAClD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,4CAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBe,qCAAA;AAAA,EACjB,UAAA,EAAYE,uCAAA;AAAA,EACZ,cAAA,EAAgBP,2CAAA;AAAA,EAChB,OAAA,EAAS,oBAAA;AAAA,EACT,WAAA,EAAa,6EAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAA,EAAU,OAAO,CAAA;AAAA,EACxB,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,SAAS,MAAA,EAAQ,IAAA,EAAM,gBAAe,KAAM;AACpE,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,GAAQ,OAAA,GAAU,MAAA,CAAO,YAAA,CAAa,OAAO,CAAA,GAAI,IAAA;AACvD,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAIH,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,kBAAkB,CAAA;AAAA,MAC5D;AAEA,MAAA,MAAM,aAAa,MAAM,KAAA,CAAM,SAAA,CAAU,EAAE,gBAAgB,CAAA;AAE3D,MAAA,MAAM,IAAA,GAAO,MAAA,CAAO,MAAA,CAAO,UAAA,IAAc,EAAE,CAAA,CAAE,IAAA,CAAK,CAACS,KAAAA,KAAcA,KAAAA,CAAK,EAAA,KAAO,MAAM,CAAA;AAEnF,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,MAAM,IAAIT,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,kBAAkB,CAAA;AAAA,MAC5D;AAEA,MAAA,IAAI,CAAC,MAAM,OAAA,EAAS;AAClB,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,0BAA0B,CAAA;AAAA,MACpE;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAM;AAAA,QACtC,MAAA;AAAA,QACA,cAAA;AAAA;AAAA,QAEA,cAAA,EAAgB,EAAE,WAAA,EAAa,MAAA;AAAU,OAC1C,CAAA;AAED,MAAA,OAAO,MAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAOH,6BAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC","file":"chunk-Z4GN2JAO.cjs","sourcesContent":["import { isVercelTool } from '@mastra/core/tools';\nimport { zodToJsonSchema } from '@mastra/core/utils/zod-to-json';\nimport { stringify } from 'superjson';\nimport { HTTPException } from '../http-exception';\nimport {\n  executeToolContextBodySchema,\n  executeToolResponseSchema,\n  listToolsResponseSchema,\n  serializedToolSchema,\n  toolIdPathParams,\n  agentToolPathParams,\n  executeToolBodySchema,\n} from '../schemas/agents';\nimport { optionalRunIdSchema } from '../schemas/common';\nimport { createRoute } from '../server-adapter/routes/route-builder';\n\nimport { handleError } from './error';\nimport { validateBody } from './utils';\n\n// ============================================================================\n// Route Definitions (new pattern - handlers defined inline with createRoute)\n// ============================================================================\n\nexport const LIST_TOOLS_ROUTE = createRoute({\n  method: 'GET',\n  path: '/api/tools',\n  responseType: 'json',\n  responseSchema: listToolsResponseSchema,\n  summary: 'List all tools',\n  description: 'Returns a list of all available tools in the system',\n  tags: ['Tools'],\n  handler: async ({ mastra, tools }) => {\n    try {\n      const allTools = tools || mastra.listTools() || {};\n\n      const serializedTools = Object.entries(allTools).reduce(\n        (acc, [id, _tool]) => {\n          const tool = _tool;\n          acc[id] = {\n            ...tool,\n            inputSchema: tool.inputSchema ? stringify(zodToJsonSchema(tool.inputSchema)) : undefined,\n            outputSchema: tool.outputSchema ? stringify(zodToJsonSchema(tool.outputSchema)) : undefined,\n          };\n          return acc;\n        },\n        {} as Record<string, any>,\n      );\n\n      return serializedTools;\n    } catch (error) {\n      return handleError(error, 'Error getting tools');\n    }\n  },\n});\n\nexport const GET_TOOL_BY_ID_ROUTE = createRoute({\n  method: 'GET',\n  path: '/api/tools/:toolId',\n  responseType: 'json',\n  pathParamSchema: toolIdPathParams,\n  responseSchema: serializedToolSchema,\n  summary: 'Get tool by ID',\n  description: 'Returns details for a specific tool including its schema and configuration',\n  tags: ['Tools'],\n  handler: async ({ mastra, tools, toolId }) => {\n    try {\n      let tool: any;\n\n      // Try explicit tools first, then fallback to mastra\n      if (tools && Object.keys(tools).length > 0) {\n        tool = Object.values(tools).find((t: any) => t.id === toolId);\n      } else {\n        tool = mastra.getToolById(toolId);\n      }\n\n      if (!tool) {\n        throw new HTTPException(404, { message: 'Tool not found' });\n      }\n\n      const serializedTool = {\n        ...tool,\n        inputSchema: tool.inputSchema ? stringify(zodToJsonSchema(tool.inputSchema)) : undefined,\n        outputSchema: tool.outputSchema ? stringify(zodToJsonSchema(tool.outputSchema)) : undefined,\n      };\n\n      return serializedTool;\n    } catch (error) {\n      return handleError(error, 'Error getting tool');\n    }\n  },\n});\n\nexport const EXECUTE_TOOL_ROUTE = createRoute({\n  method: 'POST',\n  path: '/api/tools/:toolId/execute',\n  responseType: 'json',\n  pathParamSchema: toolIdPathParams,\n  queryParamSchema: optionalRunIdSchema,\n  bodySchema: executeToolContextBodySchema,\n  responseSchema: executeToolResponseSchema,\n  summary: 'Execute tool',\n  description: 'Executes a specific tool with the provided input data',\n  tags: ['Tools'],\n  handler: async ({ mastra, runId, toolId, tools, requestContext, ...bodyParams }) => {\n    try {\n      if (!toolId) {\n        throw new HTTPException(400, { message: 'Tool ID is required' });\n      }\n\n      let tool: any;\n\n      // Try explicit tools first, then fallback to mastra\n      if (tools && Object.keys(tools).length > 0) {\n        tool = Object.values(tools).find((t: any) => t.id === toolId);\n      } else {\n        tool = mastra.getToolById(toolId);\n      }\n\n      if (!tool) {\n        throw new HTTPException(404, { message: 'Tool not found' });\n      }\n\n      if (!tool?.execute) {\n        throw new HTTPException(400, { message: 'Tool is not executable' });\n      }\n\n      const { data } = bodyParams;\n\n      validateBody({ data });\n\n      if (isVercelTool(tool)) {\n        const result = await (tool as any).execute(data);\n        return result;\n      }\n\n      const result = await tool.execute(data!, {\n        mastra,\n        requestContext,\n        // TODO: Pass proper tracing context when server API supports tracing\n        tracingContext: { currentSpan: undefined },\n        ...(runId\n          ? {\n              workflow: {\n                runId,\n                suspend: async () => {},\n              },\n            }\n          : {}),\n      });\n      return result;\n    } catch (error) {\n      return handleError(error, 'Error executing tool');\n    }\n  },\n});\n\n// ============================================================================\n// Agent Tool Routes\n// ============================================================================\n\nexport const GET_AGENT_TOOL_ROUTE = createRoute({\n  method: 'GET',\n  path: '/api/agents/:agentId/tools/:toolId',\n  responseType: 'json',\n  pathParamSchema: agentToolPathParams,\n  responseSchema: serializedToolSchema,\n  summary: 'Get agent tool',\n  description: 'Returns details for a specific tool assigned to the agent',\n  tags: ['Agents', 'Tools'],\n  handler: async ({ mastra, agentId, toolId, requestContext }) => {\n    try {\n      const agent = agentId ? mastra.getAgentById(agentId) : null;\n      if (!agent) {\n        throw new HTTPException(404, { message: 'Agent not found' });\n      }\n\n      const agentTools = await agent.listTools({ requestContext });\n\n      const tool = Object.values(agentTools || {}).find((tool: any) => tool.id === toolId) as any;\n\n      if (!tool) {\n        throw new HTTPException(404, { message: 'Tool not found' });\n      }\n\n      const serializedTool = {\n        ...tool,\n        inputSchema: tool.inputSchema ? stringify(zodToJsonSchema(tool.inputSchema)) : undefined,\n        outputSchema: tool.outputSchema ? stringify(zodToJsonSchema(tool.outputSchema)) : undefined,\n      };\n\n      return serializedTool;\n    } catch (error) {\n      return handleError(error, 'Error getting agent tool');\n    }\n  },\n});\n\nexport const EXECUTE_AGENT_TOOL_ROUTE = createRoute({\n  method: 'POST',\n  path: '/api/agents/:agentId/tools/:toolId/execute',\n  responseType: 'json',\n  pathParamSchema: agentToolPathParams,\n  bodySchema: executeToolBodySchema,\n  responseSchema: executeToolResponseSchema,\n  summary: 'Execute agent tool',\n  description: 'Executes a specific tool assigned to the agent with the provided input data',\n  tags: ['Agents', 'Tools'],\n  handler: async ({ mastra, agentId, toolId, data, requestContext }) => {\n    try {\n      const agent = agentId ? mastra.getAgentById(agentId) : null;\n      if (!agent) {\n        throw new HTTPException(404, { message: 'Tool not found' });\n      }\n\n      const agentTools = await agent.listTools({ requestContext });\n\n      const tool = Object.values(agentTools || {}).find((tool: any) => tool.id === toolId) as any;\n\n      if (!tool) {\n        throw new HTTPException(404, { message: 'Tool not found' });\n      }\n\n      if (!tool?.execute) {\n        throw new HTTPException(400, { message: 'Tool is not executable' });\n      }\n\n      const result = await tool.execute(data, {\n        mastra,\n        requestContext,\n        // TODO: Pass proper tracing context when server API supports tracing\n        tracingContext: { currentSpan: undefined },\n      });\n\n      return result;\n    } catch (error) {\n      return handleError(error, 'Error executing agent tool');\n    }\n  },\n});\n"]}

package/dist/server/auth/defaults.d.ts

@@ -0,0 +1,3 @@
+import type { MastraAuthConfig } from '@mastra/core/server';
+export declare const defaultAuthConfig: MastraAuthConfig;
+//# sourceMappingURL=defaults.d.ts.map

package/dist/server/auth/defaults.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"defaults.d.ts","sourceRoot":"","sources":["../../../src/server/auth/defaults.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAG5D,eAAO,MAAM,iBAAiB,EAAE,gBAsB/B,CAAC"}

package/dist/server/auth/helpers.d.ts

@@ -0,0 +1,14 @@
+import type { MastraAuthConfig } from '@mastra/core/server';
+/**
+ * Check if request is from dev playground
+ * @param getHeader - Function to get header value from request
+ */
+export declare const isDevPlaygroundRequest: (path: string, method: string, getHeader: (name: string) => string | undefined, authConfig: MastraAuthConfig) => boolean;
+export declare const isCustomRoutePublic: (path: string, method: string, customRouteAuthConfig?: Map<string, boolean>) => boolean;
+export declare const isProtectedPath: (path: string, method: string, authConfig: MastraAuthConfig, customRouteAuthConfig?: Map<string, boolean>) => boolean;
+export declare const canAccessPublicly: (path: string, method: string, authConfig: MastraAuthConfig) => boolean;
+export declare const pathMatchesPattern: (path: string, pattern: string) => boolean;
+export declare const pathMatchesRule: (path: string, rulePath: string | RegExp | string[] | undefined) => boolean;
+export declare const matchesOrIncludes: (values: string | string[], value: string) => boolean;
+export declare const checkRules: (rules: MastraAuthConfig["rules"], path: string, method: string, user: unknown) => Promise<boolean>;
+//# sourceMappingURL=helpers.d.ts.map

package/dist/server/auth/helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../../src/server/auth/helpers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAI5D;;;GAGG;AACH,eAAO,MAAM,sBAAsB,GACjC,MAAM,MAAM,EACZ,QAAQ,MAAM,EACd,WAAW,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,EAC/C,YAAY,gBAAgB,KAC3B,OAMF,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC9B,MAAM,MAAM,EACZ,QAAQ,MAAM,EACd,wBAAwB,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,KAC3C,OAkBF,CAAC;AAEF,eAAO,MAAM,eAAe,GAC1B,MAAM,MAAM,EACZ,QAAQ,MAAM,EACd,YAAY,gBAAgB,EAC5B,wBAAwB,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,KAC3C,OAGF,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,EAAE,QAAQ,MAAM,EAAE,YAAY,gBAAgB,KAAG,OAK9F,CAAC;AAiCF,eAAO,MAAM,kBAAkB,GAAI,MAAM,MAAM,EAAE,SAAS,MAAM,KAAG,OAQlE,CAAC;AAEF,eAAO,MAAM,eAAe,GAAI,MAAM,MAAM,EAAE,UAAU,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,KAAG,OAgBhG,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAI,QAAQ,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,MAAM,KAAG,OAU5E,CAAC;AAGF,eAAO,MAAM,UAAU,GACrB,OAAO,gBAAgB,CAAC,OAAO,CAAC,EAChC,MAAM,MAAM,EACZ,QAAQ,MAAM,EACd,MAAM,OAAO,KACZ,OAAO,CAAC,OAAO,CA+BjB,CAAC"}

package/dist/server/auth/index.cjs

@@ -0,0 +1,137 @@
+'use strict';
+
+// src/server/auth/defaults.ts
+var defaultAuthConfig = {
+  protected: ["/api/*"],
+  public: ["/api"],
+  // Simple rule system
+  rules: [
+    // Admin users can do anything
+    {
+      condition: (user) => {
+        if (typeof user === "object" && user !== null) {
+          if ("isAdmin" in user) {
+            return !!user.isAdmin;
+          }
+          if ("role" in user) {
+            return user.role === "admin";
+          }
+        }
+        return false;
+      },
+      allow: true
+    }
+  ]
+};
+
+// src/server/auth/helpers.ts
+var isDevPlaygroundRequest = (path, method, getHeader, authConfig) => {
+  const protectedAccess = [...defaultAuthConfig.protected || [], ...authConfig.protected || []];
+  return process.env.MASTRA_DEV === "true" && (!isAnyMatch(path, method, protectedAccess) || getHeader("x-mastra-dev-playground") === "true");
+};
+var isCustomRoutePublic = (path, method, customRouteAuthConfig) => {
+  if (!customRouteAuthConfig) {
+    return false;
+  }
+  const routeKey = `${method}:${path}`;
+  if (customRouteAuthConfig.has(routeKey)) {
+    return !customRouteAuthConfig.get(routeKey);
+  }
+  const allRouteKey = `ALL:${path}`;
+  if (customRouteAuthConfig.has(allRouteKey)) {
+    return !customRouteAuthConfig.get(allRouteKey);
+  }
+  return false;
+};
+var isProtectedPath = (path, method, authConfig, customRouteAuthConfig) => {
+  const protectedAccess = [...defaultAuthConfig.protected || [], ...authConfig.protected || []];
+  return isAnyMatch(path, method, protectedAccess) || !isCustomRoutePublic(path, method, customRouteAuthConfig);
+};
+var canAccessPublicly = (path, method, authConfig) => {
+  const publicAccess = [...defaultAuthConfig.public || [], ...authConfig.public || []];
+  return isAnyMatch(path, method, publicAccess);
+};
+var isAnyMatch = (path, method, patterns) => {
+  if (!patterns) {
+    return false;
+  }
+  for (const patternPathOrMethod of patterns) {
+    if (patternPathOrMethod instanceof RegExp) {
+      if (patternPathOrMethod.test(path)) {
+        return true;
+      }
+    }
+    if (typeof patternPathOrMethod === "string" && pathMatchesPattern(path, patternPathOrMethod)) {
+      return true;
+    }
+    if (Array.isArray(patternPathOrMethod) && patternPathOrMethod.length === 2) {
+      const [pattern, methodOrMethods] = patternPathOrMethod;
+      if (pathMatchesPattern(path, pattern) && matchesOrIncludes(methodOrMethods, method)) {
+        return true;
+      }
+    }
+  }
+  return false;
+};
+var pathMatchesPattern = (path, pattern) => {
+  if (pattern.endsWith("*")) {
+    const prefix = pattern.slice(0, -1);
+    return path.startsWith(prefix);
+  }
+  return path === pattern;
+};
+var pathMatchesRule = (path, rulePath) => {
+  if (!rulePath) return true;
+  if (typeof rulePath === "string") {
+    return pathMatchesPattern(path, rulePath);
+  }
+  if (rulePath instanceof RegExp) {
+    return rulePath.test(path);
+  }
+  if (Array.isArray(rulePath)) {
+    return rulePath.some((p) => pathMatchesPattern(path, p));
+  }
+  return false;
+};
+var matchesOrIncludes = (values, value) => {
+  if (typeof values === "string") {
+    return values === value;
+  }
+  if (Array.isArray(values)) {
+    return values.includes(value);
+  }
+  return false;
+};
+var checkRules = async (rules, path, method, user) => {
+  for (const i in rules || []) {
+    const rule = rules?.[i];
+    if (!pathMatchesRule(path, rule.path)) {
+      continue;
+    }
+    if (rule.methods && !matchesOrIncludes(rule.methods, method)) {
+      continue;
+    }
+    const condition = rule.condition;
+    if (typeof condition === "function") {
+      const allowed = await Promise.resolve().then(() => condition(user)).catch(() => false);
+      if (allowed) {
+        return true;
+      }
+    } else if (rule.allow) {
+      return true;
+    }
+  }
+  return false;
+};
+
+exports.canAccessPublicly = canAccessPublicly;
+exports.checkRules = checkRules;
+exports.defaultAuthConfig = defaultAuthConfig;
+exports.isCustomRoutePublic = isCustomRoutePublic;
+exports.isDevPlaygroundRequest = isDevPlaygroundRequest;
+exports.isProtectedPath = isProtectedPath;
+exports.matchesOrIncludes = matchesOrIncludes;
+exports.pathMatchesPattern = pathMatchesPattern;
+exports.pathMatchesRule = pathMatchesRule;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/server/auth/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/auth/defaults.ts","../../../src/server/auth/helpers.ts"],"names":[],"mappings":";;;AAGO,IAAM,iBAAA,GAAsC;AAAA,EACjD,SAAA,EAAW,CAAC,QAAQ,CAAA;AAAA,EACpB,MAAA,EAAQ,CAAC,MAAM,CAAA;AAAA;AAAA,EAEf,KAAA,EAAO;AAAA;AAAA,IAEL;AAAA,MACE,WAAW,CAAA,IAAA,KAAQ;AACjB,QAAA,IAAI,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,EAAM;AAC7C,UAAA,IAAI,aAAa,IAAA,EAAM;AACrB,YAAA,OAAO,CAAC,CAAC,IAAA,CAAK,OAAA;AAAA,UAChB;AAEA,UAAA,IAAI,UAAU,IAAA,EAAM;AAClB,YAAA,OAAO,KAAK,IAAA,KAAS,OAAA;AAAA,UACvB;AAAA,QACF;AACA,QAAA,OAAO,KAAA;AAAA,MACT,CAAA;AAAA,MACA,KAAA,EAAO;AAAA;AACT;AAEJ;;;ACjBO,IAAM,sBAAA,GAAyB,CACpC,IAAA,EACA,MAAA,EACA,WACA,UAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OACE,OAAA,CAAQ,GAAA,CAAI,UAAA,KAAe,MAAA,KAC1B,CAAC,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,eAAe,CAAA,IAAK,SAAA,CAAU,yBAAyB,CAAA,KAAM,MAAA,CAAA;AAE5F;AAEO,IAAM,mBAAA,GAAsB,CACjC,IAAA,EACA,MAAA,EACA,qBAAA,KACY;AACZ,EAAA,IAAI,CAAC,qBAAA,EAAuB;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,QAAA,GAAW,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AAClC,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,QAAQ,CAAA,EAAG;AACvC,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,QAAQ,CAAA;AAAA,EAC5C;AAGA,EAAA,MAAM,WAAA,GAAc,OAAO,IAAI,CAAA,CAAA;AAC/B,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA,EAAG;AAC1C,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA;AAAA,EAC/C;AAEA,EAAA,OAAO,KAAA;AACT;AAEO,IAAM,eAAA,GAAkB,CAC7B,IAAA,EACA,MAAA,EACA,YACA,qBAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OAAO,UAAA,CAAW,MAAM,MAAA,EAAQ,eAAe,KAAK,CAAC,mBAAA,CAAoB,IAAA,EAAM,MAAA,EAAQ,qBAAqB,CAAA;AAC9G;AAEO,IAAM,iBAAA,GAAoB,CAAC,IAAA,EAAc,MAAA,EAAgB,UAAA,KAA0C;AAExG,EAAA,MAAM,YAAA,GAAe,CAAC,GAAI,iBAAA,CAAkB,MAAA,IAAU,EAAC,EAAI,GAAI,UAAA,CAAW,MAAA,IAAU,EAAG,CAAA;AAEvF,EAAA,OAAO,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,YAAY,CAAA;AAC9C;AAEA,IAAM,UAAA,GAAa,CACjB,IAAA,EACA,MAAA,EACA,QAAA,KACY;AACZ,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,KAAA,MAAW,uBAAuB,QAAA,EAAU;AAC1C,IAAA,IAAI,+BAA+B,MAAA,EAAQ;AACzC,MAAA,IAAI,mBAAA,CAAoB,IAAA,CAAK,IAAI,CAAA,EAAG;AAClC,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,IAAI,OAAO,mBAAA,KAAwB,QAAA,IAAY,kBAAA,CAAmB,IAAA,EAAM,mBAAmB,CAAA,EAAG;AAC5F,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,MAAM,OAAA,CAAQ,mBAAmB,CAAA,IAAK,mBAAA,CAAoB,WAAW,CAAA,EAAG;AAC1E,MAAA,MAAM,CAAC,OAAA,EAAS,eAAe,CAAA,GAAI,mBAAA;AACnC,MAAA,IAAI,mBAAmB,IAAA,EAAM,OAAO,KAAK,iBAAA,CAAkB,eAAA,EAAiB,MAAM,CAAA,EAAG;AACnF,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT,CAAA;AAEO,IAAM,kBAAA,GAAqB,CAAC,IAAA,EAAc,OAAA,KAA6B;AAG5E,EAAA,IAAI,OAAA,CAAQ,QAAA,CAAS,GAAG,CAAA,EAAG;AACzB,IAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAClC,IAAA,OAAO,IAAA,CAAK,WAAW,MAAM,CAAA;AAAA,EAC/B;AACA,EAAA,OAAO,IAAA,KAAS,OAAA;AAClB;AAEO,IAAM,eAAA,GAAkB,CAAC,IAAA,EAAc,QAAA,KAA8D;AAC1G,EAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,EAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,IAAA,OAAO,kBAAA,CAAmB,MAAM,QAAQ,CAAA;AAAA,EAC1C;AAEA,EAAA,IAAI,oBAAoB,MAAA,EAAQ;AAC9B,IAAA,OAAO,QAAA,CAAS,KAAK,IAAI,CAAA;AAAA,EAC3B;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAC3B,IAAA,OAAO,SAAS,IAAA,CAAK,CAAA,CAAA,KAAK,kBAAA,CAAmB,IAAA,EAAM,CAAC,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,OAAO,KAAA;AACT;AAEO,IAAM,iBAAA,GAAoB,CAAC,MAAA,EAA2B,KAAA,KAA2B;AACtF,EAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAO,MAAA,KAAW,KAAA;AAAA,EACpB;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AACzB,IAAA,OAAO,MAAA,CAAO,SAAS,KAAK,CAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,KAAA;AACT;AAGO,IAAM,UAAA,GAAa,OACxB,KAAA,EACA,IAAA,EACA,QACA,IAAA,KACqB;AAErB,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,IAAS,EAAC,EAAG;AAC3B,IAAA,MAAM,IAAA,GAAO,QAAQ,CAAC,CAAA;AAEtB,IAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,EAAM,IAAA,CAAK,IAAI,CAAA,EAAG;AACrC,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,KAAK,OAAA,IAAW,CAAC,kBAAkB,IAAA,CAAK,OAAA,EAAS,MAAM,CAAA,EAAG;AAC5D,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,YAAY,IAAA,CAAK,SAAA;AACvB,IAAA,IAAI,OAAO,cAAc,UAAA,EAAY;AACnC,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,OAAA,EAAQ,CACnC,IAAA,CAAK,MAAM,SAAA,CAAU,IAAI,CAAC,CAAA,CAC1B,KAAA,CAAM,MAAM,KAAK,CAAA;AAEpB,MAAA,IAAI,OAAA,EAAS;AACX,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF,CAAA,MAAA,IAAW,KAAK,KAAA,EAAO;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAGA,EAAA,OAAO,KAAA;AACT","file":"index.cjs","sourcesContent":["import type { MastraAuthConfig } from '@mastra/core/server';\n\n// Default configuration that can be extended by clients\nexport const defaultAuthConfig: MastraAuthConfig = {\n  protected: ['/api/*'],\n  public: ['/api'],\n  // Simple rule system\n  rules: [\n    // Admin users can do anything\n    {\n      condition: user => {\n        if (typeof user === 'object' && user !== null) {\n          if ('isAdmin' in user) {\n            return !!user.isAdmin;\n          }\n\n          if ('role' in user) {\n            return user.role === 'admin';\n          }\n        }\n        return false;\n      },\n      allow: true,\n    },\n  ],\n};\n","import type { MastraAuthConfig } from '@mastra/core/server';\n\nimport { defaultAuthConfig } from './defaults';\n\n/**\n * Check if request is from dev playground\n * @param getHeader - Function to get header value from request\n */\nexport const isDevPlaygroundRequest = (\n  path: string,\n  method: string,\n  getHeader: (name: string) => string | undefined,\n  authConfig: MastraAuthConfig,\n): boolean => {\n  const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n  return (\n    process.env.MASTRA_DEV === 'true' &&\n    (!isAnyMatch(path, method, protectedAccess) || getHeader('x-mastra-dev-playground') === 'true')\n  );\n};\n\nexport const isCustomRoutePublic = (\n  path: string,\n  method: string,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  if (!customRouteAuthConfig) {\n    return false;\n  }\n\n  // Check exact match first\n  const routeKey = `${method}:${path}`;\n  if (customRouteAuthConfig.has(routeKey)) {\n    return !customRouteAuthConfig.get(routeKey); // True when route opts out of auth\n  }\n\n  // Check ALL method\n  const allRouteKey = `ALL:${path}`;\n  if (customRouteAuthConfig.has(allRouteKey)) {\n    return !customRouteAuthConfig.get(allRouteKey);\n  }\n\n  return false;\n};\n\nexport const isProtectedPath = (\n  path: string,\n  method: string,\n  authConfig: MastraAuthConfig,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n  return isAnyMatch(path, method, protectedAccess) || !isCustomRoutePublic(path, method, customRouteAuthConfig);\n};\n\nexport const canAccessPublicly = (path: string, method: string, authConfig: MastraAuthConfig): boolean => {\n  // Check if this path+method combination is publicly accessible\n  const publicAccess = [...(defaultAuthConfig.public || []), ...(authConfig.public || [])];\n\n  return isAnyMatch(path, method, publicAccess);\n};\n\nconst isAnyMatch = (\n  path: string,\n  method: string,\n  patterns: MastraAuthConfig['protected'] | MastraAuthConfig['public'],\n): boolean => {\n  if (!patterns) {\n    return false;\n  }\n\n  for (const patternPathOrMethod of patterns) {\n    if (patternPathOrMethod instanceof RegExp) {\n      if (patternPathOrMethod.test(path)) {\n        return true;\n      }\n    }\n\n    if (typeof patternPathOrMethod === 'string' && pathMatchesPattern(path, patternPathOrMethod)) {\n      return true;\n    }\n\n    if (Array.isArray(patternPathOrMethod) && patternPathOrMethod.length === 2) {\n      const [pattern, methodOrMethods] = patternPathOrMethod;\n      if (pathMatchesPattern(path, pattern) && matchesOrIncludes(methodOrMethods, method)) {\n        return true;\n      }\n    }\n  }\n\n  return false;\n};\n\nexport const pathMatchesPattern = (path: string, pattern: string): boolean => {\n  // Simple pattern matching that supports wildcards\n  // e.g., '/api/agents/*' matches '/api/agents/123'\n  if (pattern.endsWith('*')) {\n    const prefix = pattern.slice(0, -1);\n    return path.startsWith(prefix);\n  }\n  return path === pattern;\n};\n\nexport const pathMatchesRule = (path: string, rulePath: string | RegExp | string[] | undefined): boolean => {\n  if (!rulePath) return true; // No path specified means all paths\n\n  if (typeof rulePath === 'string') {\n    return pathMatchesPattern(path, rulePath);\n  }\n\n  if (rulePath instanceof RegExp) {\n    return rulePath.test(path);\n  }\n\n  if (Array.isArray(rulePath)) {\n    return rulePath.some(p => pathMatchesPattern(path, p));\n  }\n\n  return false;\n};\n\nexport const matchesOrIncludes = (values: string | string[], value: string): boolean => {\n  if (typeof values === 'string') {\n    return values === value;\n  }\n\n  if (Array.isArray(values)) {\n    return values.includes(value);\n  }\n\n  return false;\n};\n\n// Check authorization rules\nexport const checkRules = async (\n  rules: MastraAuthConfig['rules'],\n  path: string,\n  method: string,\n  user: unknown,\n): Promise<boolean> => {\n  // Go through rules in order (first match wins)\n  for (const i in rules || []) {\n    const rule = rules?.[i]!;\n    // Check if rule applies to this path\n    if (!pathMatchesRule(path, rule.path)) {\n      continue;\n    }\n\n    // Check if rule applies to this method\n    if (rule.methods && !matchesOrIncludes(rule.methods, method)) {\n      continue;\n    }\n\n    // Rule matches, check conditions\n    const condition = rule.condition;\n    if (typeof condition === 'function') {\n      const allowed = await Promise.resolve()\n        .then(() => condition(user))\n        .catch(() => false);\n\n      if (allowed) {\n        return true;\n      }\n    } else if (rule.allow) {\n      return true;\n    }\n  }\n\n  // No matching rules, deny by default\n  return false;\n};\n"]}

package/dist/server/auth/index.d.ts

@@ -0,0 +1,3 @@
+export * from './helpers.js';
+export * from './defaults.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/server/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC"}

package/dist/server/auth/index.js

@@ -0,0 +1,127 @@
+// src/server/auth/defaults.ts
+var defaultAuthConfig = {
+  protected: ["/api/*"],
+  public: ["/api"],
+  // Simple rule system
+  rules: [
+    // Admin users can do anything
+    {
+      condition: (user) => {
+        if (typeof user === "object" && user !== null) {
+          if ("isAdmin" in user) {
+            return !!user.isAdmin;
+          }
+          if ("role" in user) {
+            return user.role === "admin";
+          }
+        }
+        return false;
+      },
+      allow: true
+    }
+  ]
+};
+
+// src/server/auth/helpers.ts
+var isDevPlaygroundRequest = (path, method, getHeader, authConfig) => {
+  const protectedAccess = [...defaultAuthConfig.protected || [], ...authConfig.protected || []];
+  return process.env.MASTRA_DEV === "true" && (!isAnyMatch(path, method, protectedAccess) || getHeader("x-mastra-dev-playground") === "true");
+};
+var isCustomRoutePublic = (path, method, customRouteAuthConfig) => {
+  if (!customRouteAuthConfig) {
+    return false;
+  }
+  const routeKey = `${method}:${path}`;
+  if (customRouteAuthConfig.has(routeKey)) {
+    return !customRouteAuthConfig.get(routeKey);
+  }
+  const allRouteKey = `ALL:${path}`;
+  if (customRouteAuthConfig.has(allRouteKey)) {
+    return !customRouteAuthConfig.get(allRouteKey);
+  }
+  return false;
+};
+var isProtectedPath = (path, method, authConfig, customRouteAuthConfig) => {
+  const protectedAccess = [...defaultAuthConfig.protected || [], ...authConfig.protected || []];
+  return isAnyMatch(path, method, protectedAccess) || !isCustomRoutePublic(path, method, customRouteAuthConfig);
+};
+var canAccessPublicly = (path, method, authConfig) => {
+  const publicAccess = [...defaultAuthConfig.public || [], ...authConfig.public || []];
+  return isAnyMatch(path, method, publicAccess);
+};
+var isAnyMatch = (path, method, patterns) => {
+  if (!patterns) {
+    return false;
+  }
+  for (const patternPathOrMethod of patterns) {
+    if (patternPathOrMethod instanceof RegExp) {
+      if (patternPathOrMethod.test(path)) {
+        return true;
+      }
+    }
+    if (typeof patternPathOrMethod === "string" && pathMatchesPattern(path, patternPathOrMethod)) {
+      return true;
+    }
+    if (Array.isArray(patternPathOrMethod) && patternPathOrMethod.length === 2) {
+      const [pattern, methodOrMethods] = patternPathOrMethod;
+      if (pathMatchesPattern(path, pattern) && matchesOrIncludes(methodOrMethods, method)) {
+        return true;
+      }
+    }
+  }
+  return false;
+};
+var pathMatchesPattern = (path, pattern) => {
+  if (pattern.endsWith("*")) {
+    const prefix = pattern.slice(0, -1);
+    return path.startsWith(prefix);
+  }
+  return path === pattern;
+};
+var pathMatchesRule = (path, rulePath) => {
+  if (!rulePath) return true;
+  if (typeof rulePath === "string") {
+    return pathMatchesPattern(path, rulePath);
+  }
+  if (rulePath instanceof RegExp) {
+    return rulePath.test(path);
+  }
+  if (Array.isArray(rulePath)) {
+    return rulePath.some((p) => pathMatchesPattern(path, p));
+  }
+  return false;
+};
+var matchesOrIncludes = (values, value) => {
+  if (typeof values === "string") {
+    return values === value;
+  }
+  if (Array.isArray(values)) {
+    return values.includes(value);
+  }
+  return false;
+};
+var checkRules = async (rules, path, method, user) => {
+  for (const i in rules || []) {
+    const rule = rules?.[i];
+    if (!pathMatchesRule(path, rule.path)) {
+      continue;
+    }
+    if (rule.methods && !matchesOrIncludes(rule.methods, method)) {
+      continue;
+    }
+    const condition = rule.condition;
+    if (typeof condition === "function") {
+      const allowed = await Promise.resolve().then(() => condition(user)).catch(() => false);
+      if (allowed) {
+        return true;
+      }
+    } else if (rule.allow) {
+      return true;
+    }
+  }
+  return false;
+};
+
+export { canAccessPublicly, checkRules, defaultAuthConfig, isCustomRoutePublic, isDevPlaygroundRequest, isProtectedPath, matchesOrIncludes, pathMatchesPattern, pathMatchesRule };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/server/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/auth/defaults.ts","../../../src/server/auth/helpers.ts"],"names":[],"mappings":";AAGO,IAAM,iBAAA,GAAsC;AAAA,EACjD,SAAA,EAAW,CAAC,QAAQ,CAAA;AAAA,EACpB,MAAA,EAAQ,CAAC,MAAM,CAAA;AAAA;AAAA,EAEf,KAAA,EAAO;AAAA;AAAA,IAEL;AAAA,MACE,WAAW,CAAA,IAAA,KAAQ;AACjB,QAAA,IAAI,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,EAAM;AAC7C,UAAA,IAAI,aAAa,IAAA,EAAM;AACrB,YAAA,OAAO,CAAC,CAAC,IAAA,CAAK,OAAA;AAAA,UAChB;AAEA,UAAA,IAAI,UAAU,IAAA,EAAM;AAClB,YAAA,OAAO,KAAK,IAAA,KAAS,OAAA;AAAA,UACvB;AAAA,QACF;AACA,QAAA,OAAO,KAAA;AAAA,MACT,CAAA;AAAA,MACA,KAAA,EAAO;AAAA;AACT;AAEJ;;;ACjBO,IAAM,sBAAA,GAAyB,CACpC,IAAA,EACA,MAAA,EACA,WACA,UAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OACE,OAAA,CAAQ,GAAA,CAAI,UAAA,KAAe,MAAA,KAC1B,CAAC,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,eAAe,CAAA,IAAK,SAAA,CAAU,yBAAyB,CAAA,KAAM,MAAA,CAAA;AAE5F;AAEO,IAAM,mBAAA,GAAsB,CACjC,IAAA,EACA,MAAA,EACA,qBAAA,KACY;AACZ,EAAA,IAAI,CAAC,qBAAA,EAAuB;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,QAAA,GAAW,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AAClC,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,QAAQ,CAAA,EAAG;AACvC,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,QAAQ,CAAA;AAAA,EAC5C;AAGA,EAAA,MAAM,WAAA,GAAc,OAAO,IAAI,CAAA,CAAA;AAC/B,EAAA,IAAI,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA,EAAG;AAC1C,IAAA,OAAO,CAAC,qBAAA,CAAsB,GAAA,CAAI,WAAW,CAAA;AAAA,EAC/C;AAEA,EAAA,OAAO,KAAA;AACT;AAEO,IAAM,eAAA,GAAkB,CAC7B,IAAA,EACA,MAAA,EACA,YACA,qBAAA,KACY;AACZ,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAI,iBAAA,CAAkB,SAAA,IAAa,EAAC,EAAI,GAAI,UAAA,CAAW,SAAA,IAAa,EAAG,CAAA;AAChG,EAAA,OAAO,UAAA,CAAW,MAAM,MAAA,EAAQ,eAAe,KAAK,CAAC,mBAAA,CAAoB,IAAA,EAAM,MAAA,EAAQ,qBAAqB,CAAA;AAC9G;AAEO,IAAM,iBAAA,GAAoB,CAAC,IAAA,EAAc,MAAA,EAAgB,UAAA,KAA0C;AAExG,EAAA,MAAM,YAAA,GAAe,CAAC,GAAI,iBAAA,CAAkB,MAAA,IAAU,EAAC,EAAI,GAAI,UAAA,CAAW,MAAA,IAAU,EAAG,CAAA;AAEvF,EAAA,OAAO,UAAA,CAAW,IAAA,EAAM,MAAA,EAAQ,YAAY,CAAA;AAC9C;AAEA,IAAM,UAAA,GAAa,CACjB,IAAA,EACA,MAAA,EACA,QAAA,KACY;AACZ,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,KAAA,MAAW,uBAAuB,QAAA,EAAU;AAC1C,IAAA,IAAI,+BAA+B,MAAA,EAAQ;AACzC,MAAA,IAAI,mBAAA,CAAoB,IAAA,CAAK,IAAI,CAAA,EAAG;AAClC,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,IAAI,OAAO,mBAAA,KAAwB,QAAA,IAAY,kBAAA,CAAmB,IAAA,EAAM,mBAAmB,CAAA,EAAG;AAC5F,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,MAAM,OAAA,CAAQ,mBAAmB,CAAA,IAAK,mBAAA,CAAoB,WAAW,CAAA,EAAG;AAC1E,MAAA,MAAM,CAAC,OAAA,EAAS,eAAe,CAAA,GAAI,mBAAA;AACnC,MAAA,IAAI,mBAAmB,IAAA,EAAM,OAAO,KAAK,iBAAA,CAAkB,eAAA,EAAiB,MAAM,CAAA,EAAG;AACnF,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT,CAAA;AAEO,IAAM,kBAAA,GAAqB,CAAC,IAAA,EAAc,OAAA,KAA6B;AAG5E,EAAA,IAAI,OAAA,CAAQ,QAAA,CAAS,GAAG,CAAA,EAAG;AACzB,IAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAClC,IAAA,OAAO,IAAA,CAAK,WAAW,MAAM,CAAA;AAAA,EAC/B;AACA,EAAA,OAAO,IAAA,KAAS,OAAA;AAClB;AAEO,IAAM,eAAA,GAAkB,CAAC,IAAA,EAAc,QAAA,KAA8D;AAC1G,EAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,EAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,IAAA,OAAO,kBAAA,CAAmB,MAAM,QAAQ,CAAA;AAAA,EAC1C;AAEA,EAAA,IAAI,oBAAoB,MAAA,EAAQ;AAC9B,IAAA,OAAO,QAAA,CAAS,KAAK,IAAI,CAAA;AAAA,EAC3B;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAC3B,IAAA,OAAO,SAAS,IAAA,CAAK,CAAA,CAAA,KAAK,kBAAA,CAAmB,IAAA,EAAM,CAAC,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,OAAO,KAAA;AACT;AAEO,IAAM,iBAAA,GAAoB,CAAC,MAAA,EAA2B,KAAA,KAA2B;AACtF,EAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAO,MAAA,KAAW,KAAA;AAAA,EACpB;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AACzB,IAAA,OAAO,MAAA,CAAO,SAAS,KAAK,CAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,KAAA;AACT;AAGO,IAAM,UAAA,GAAa,OACxB,KAAA,EACA,IAAA,EACA,QACA,IAAA,KACqB;AAErB,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,IAAS,EAAC,EAAG;AAC3B,IAAA,MAAM,IAAA,GAAO,QAAQ,CAAC,CAAA;AAEtB,IAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,EAAM,IAAA,CAAK,IAAI,CAAA,EAAG;AACrC,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,KAAK,OAAA,IAAW,CAAC,kBAAkB,IAAA,CAAK,OAAA,EAAS,MAAM,CAAA,EAAG;AAC5D,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,YAAY,IAAA,CAAK,SAAA;AACvB,IAAA,IAAI,OAAO,cAAc,UAAA,EAAY;AACnC,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,OAAA,EAAQ,CACnC,IAAA,CAAK,MAAM,SAAA,CAAU,IAAI,CAAC,CAAA,CAC1B,KAAA,CAAM,MAAM,KAAK,CAAA;AAEpB,MAAA,IAAI,OAAA,EAAS;AACX,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF,CAAA,MAAA,IAAW,KAAK,KAAA,EAAO;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAGA,EAAA,OAAO,KAAA;AACT","file":"index.js","sourcesContent":["import type { MastraAuthConfig } from '@mastra/core/server';\n\n// Default configuration that can be extended by clients\nexport const defaultAuthConfig: MastraAuthConfig = {\n  protected: ['/api/*'],\n  public: ['/api'],\n  // Simple rule system\n  rules: [\n    // Admin users can do anything\n    {\n      condition: user => {\n        if (typeof user === 'object' && user !== null) {\n          if ('isAdmin' in user) {\n            return !!user.isAdmin;\n          }\n\n          if ('role' in user) {\n            return user.role === 'admin';\n          }\n        }\n        return false;\n      },\n      allow: true,\n    },\n  ],\n};\n","import type { MastraAuthConfig } from '@mastra/core/server';\n\nimport { defaultAuthConfig } from './defaults';\n\n/**\n * Check if request is from dev playground\n * @param getHeader - Function to get header value from request\n */\nexport const isDevPlaygroundRequest = (\n  path: string,\n  method: string,\n  getHeader: (name: string) => string | undefined,\n  authConfig: MastraAuthConfig,\n): boolean => {\n  const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n  return (\n    process.env.MASTRA_DEV === 'true' &&\n    (!isAnyMatch(path, method, protectedAccess) || getHeader('x-mastra-dev-playground') === 'true')\n  );\n};\n\nexport const isCustomRoutePublic = (\n  path: string,\n  method: string,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  if (!customRouteAuthConfig) {\n    return false;\n  }\n\n  // Check exact match first\n  const routeKey = `${method}:${path}`;\n  if (customRouteAuthConfig.has(routeKey)) {\n    return !customRouteAuthConfig.get(routeKey); // True when route opts out of auth\n  }\n\n  // Check ALL method\n  const allRouteKey = `ALL:${path}`;\n  if (customRouteAuthConfig.has(allRouteKey)) {\n    return !customRouteAuthConfig.get(allRouteKey);\n  }\n\n  return false;\n};\n\nexport const isProtectedPath = (\n  path: string,\n  method: string,\n  authConfig: MastraAuthConfig,\n  customRouteAuthConfig?: Map<string, boolean>,\n): boolean => {\n  const protectedAccess = [...(defaultAuthConfig.protected || []), ...(authConfig.protected || [])];\n  return isAnyMatch(path, method, protectedAccess) || !isCustomRoutePublic(path, method, customRouteAuthConfig);\n};\n\nexport const canAccessPublicly = (path: string, method: string, authConfig: MastraAuthConfig): boolean => {\n  // Check if this path+method combination is publicly accessible\n  const publicAccess = [...(defaultAuthConfig.public || []), ...(authConfig.public || [])];\n\n  return isAnyMatch(path, method, publicAccess);\n};\n\nconst isAnyMatch = (\n  path: string,\n  method: string,\n  patterns: MastraAuthConfig['protected'] | MastraAuthConfig['public'],\n): boolean => {\n  if (!patterns) {\n    return false;\n  }\n\n  for (const patternPathOrMethod of patterns) {\n    if (patternPathOrMethod instanceof RegExp) {\n      if (patternPathOrMethod.test(path)) {\n        return true;\n      }\n    }\n\n    if (typeof patternPathOrMethod === 'string' && pathMatchesPattern(path, patternPathOrMethod)) {\n      return true;\n    }\n\n    if (Array.isArray(patternPathOrMethod) && patternPathOrMethod.length === 2) {\n      const [pattern, methodOrMethods] = patternPathOrMethod;\n      if (pathMatchesPattern(path, pattern) && matchesOrIncludes(methodOrMethods, method)) {\n        return true;\n      }\n    }\n  }\n\n  return false;\n};\n\nexport const pathMatchesPattern = (path: string, pattern: string): boolean => {\n  // Simple pattern matching that supports wildcards\n  // e.g., '/api/agents/*' matches '/api/agents/123'\n  if (pattern.endsWith('*')) {\n    const prefix = pattern.slice(0, -1);\n    return path.startsWith(prefix);\n  }\n  return path === pattern;\n};\n\nexport const pathMatchesRule = (path: string, rulePath: string | RegExp | string[] | undefined): boolean => {\n  if (!rulePath) return true; // No path specified means all paths\n\n  if (typeof rulePath === 'string') {\n    return pathMatchesPattern(path, rulePath);\n  }\n\n  if (rulePath instanceof RegExp) {\n    return rulePath.test(path);\n  }\n\n  if (Array.isArray(rulePath)) {\n    return rulePath.some(p => pathMatchesPattern(path, p));\n  }\n\n  return false;\n};\n\nexport const matchesOrIncludes = (values: string | string[], value: string): boolean => {\n  if (typeof values === 'string') {\n    return values === value;\n  }\n\n  if (Array.isArray(values)) {\n    return values.includes(value);\n  }\n\n  return false;\n};\n\n// Check authorization rules\nexport const checkRules = async (\n  rules: MastraAuthConfig['rules'],\n  path: string,\n  method: string,\n  user: unknown,\n): Promise<boolean> => {\n  // Go through rules in order (first match wins)\n  for (const i in rules || []) {\n    const rule = rules?.[i]!;\n    // Check if rule applies to this path\n    if (!pathMatchesRule(path, rule.path)) {\n      continue;\n    }\n\n    // Check if rule applies to this method\n    if (rule.methods && !matchesOrIncludes(rule.methods, method)) {\n      continue;\n    }\n\n    // Rule matches, check conditions\n    const condition = rule.condition;\n    if (typeof condition === 'function') {\n      const allowed = await Promise.resolve()\n        .then(() => condition(user))\n        .catch(() => false);\n\n      if (allowed) {\n        return true;\n      }\n    } else if (rule.allow) {\n      return true;\n    }\n  }\n\n  // No matching rules, deny by default\n  return false;\n};\n"]}

package/dist/server/handlers/a2a.cjs

@@ -1,32 +1,40 @@
 'use strict';
 
-var chunkKJIDZQRA_cjs = require('../../chunk-KJIDZQRA.cjs');
+var chunkSNPELBJA_cjs = require('../../chunk-SNPELBJA.cjs');
 
 
 
+Object.defineProperty(exports, "AGENT_EXECUTION_ROUTE", {
+  enumerable: true,
+  get: function () { return chunkSNPELBJA_cjs.AGENT_EXECUTION_ROUTE; }
+});
+Object.defineProperty(exports, "GET_AGENT_CARD_ROUTE", {
+  enumerable: true,
+  get: function () { return chunkSNPELBJA_cjs.GET_AGENT_CARD_ROUTE; }
+});
 Object.defineProperty(exports, "getAgentCardByIdHandler", {
   enumerable: true,
-  get: function () { return chunkKJIDZQRA_cjs.getAgentCardByIdHandler; }
+  get: function () { return chunkSNPELBJA_cjs.getAgentCardByIdHandler; }
 });
 Object.defineProperty(exports, "getAgentExecutionHandler", {
   enumerable: true,
-  get: function () { return chunkKJIDZQRA_cjs.getAgentExecutionHandler; }
+  get: function () { return chunkSNPELBJA_cjs.getAgentExecutionHandler; }
 });
 Object.defineProperty(exports, "handleMessageSend", {
   enumerable: true,
-  get: function () { return chunkKJIDZQRA_cjs.handleMessageSend; }
+  get: function () { return chunkSNPELBJA_cjs.handleMessageSend; }
 });
 Object.defineProperty(exports, "handleMessageStream", {
   enumerable: true,
-  get: function () { return chunkKJIDZQRA_cjs.handleMessageStream; }
+  get: function () { return chunkSNPELBJA_cjs.handleMessageStream; }
 });
 Object.defineProperty(exports, "handleTaskCancel", {
   enumerable: true,
-  get: function () { return chunkKJIDZQRA_cjs.handleTaskCancel; }
+  get: function () { return chunkSNPELBJA_cjs.handleTaskCancel; }
 });
 Object.defineProperty(exports, "handleTaskGet", {
   enumerable: true,
-  get: function () { return chunkKJIDZQRA_cjs.handleTaskGet; }
+  get: function () { return chunkSNPELBJA_cjs.handleTaskGet; }
 });
 //# sourceMappingURL=a2a.cjs.map
 //# sourceMappingURL=a2a.cjs.map